npm - norn-cli - Versions diffs - 1.5.2 → 1.5.3 - Mend

norn-cli 1.5.2 → 1.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/.norn-cache/secret-keys.json +9 -0
package/.norn-cache/swagger-body-intellisense.json +1 -1
package/.norn-cache/validation-results.json +14 -0
package/CHANGELOG.md +24 -0
package/README.md +54 -14
package/dist/cli.js +1205 -322
package/package.json +43 -1

package/.norn-cache/secret-keys.json ADDED Viewed

@@ -0,0 +1,9 @@
+{
+  "version": 1,
+  "keys": {
+    "regression-shared": {
+      "value": "regression-shared-key",
+      "updatedAt": "2026-03-01T23:36:28.893Z"
+    }
+  }
+}

package/.norn-cache/swagger-body-intellisense.json CHANGED Viewed

@@ -3,7 +3,7 @@
   "urls": {
     "https://petstore.swagger.io/v2/swagger.json": {
       "baseUrl": "https://petstore.swagger.io/v2",
-      "fetchedAt": "2026-02-28T21:26:57.174Z",
+      "fetchedAt": "2026-03-02T17:50:37.440Z",
       "schemas": [
         {
           "operationId": "AddPet",

package/.norn-cache/validation-results.json CHANGED Viewed

@@ -28,6 +28,20 @@
       "assertionLine": 39,
       "status": "pass",
       "lastRunTime": "2026-02-08T20:17:12.506Z"
+    },
+    "tests/Regression/04-sequences.norn:43": {
+      "schemaPath": "tests/Regression/schemas/GET-users-1.schema.json",
+      "sourceFile": "tests/Regression/04-sequences.norn",
+      "assertionLine": 43,
+      "status": "pass",
+      "lastRunTime": "2026-02-28T22:28:46.376Z"
+    },
+    "tests/Regression/04-sequences.norn:51": {
+      "schemaPath": "tests/Regression/schemas/GET-users-1.schema.json",
+      "sourceFile": "tests/Regression/04-sequences.norn",
+      "assertionLine": 51,
+      "status": "pass",
+      "lastRunTime": "2026-02-28T22:28:03.470Z"
     }
   }
 }

package/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,30 @@
 All notable changes to the "Norn" extension will be documented in this file.
+## [Unreleased]
+## [1.5.3] - 2026-03-02
+### Added
+- **Native Encrypted `.nornenv` Secrets (Extension + CLI)**:
+  - Added encrypted secret format support: `secret name = ENC[NORN_AGE_V1:kid=<id>:<payload>]`.
+  - Added automatic secret decryption during environment resolution for both VS Code execution and CLI runs.
+  - Added `norn secrets` command group: `keygen`, `import-key`, `encrypt`, `rotate`, `rekey`, `audit`, `keys`, `forget`.
+  - Added `.nornenv` CodeLens actions: `Encrypt Secret`, `View Decrypted`, `Rotate Secret`, `Delete Secret`.
+  - Added encrypted environment regression coverage with chained `.nornenv` imports.
+- **TLS Certificate Verification Toggle (Extension + CLI)**:
+  - Added VS Code setting `norn.security.verifyTlsCertificates` (default `true`) to control TLS certificate verification for HTTPS requests and Swagger/OpenAPI fetches.
+  - Added CLI flag `--insecure` to disable TLS certificate verification for local/self-signed development environments.
+  - Wired shared runtime TLS behavior so extension request execution, CLI execution, Swagger imports, schema extraction, coverage refresh, and chat Swagger fetches use the same verification mode.
+### Improved
+- **Secrets UX and Safety**:
+  - Added known `kid` picker so users can select previously used key IDs instead of typing each time.
+  - Added first-time encryption flow to generate a new shared key once (or use an existing key from vault), then cache locally.
+  - Improved decrypted secret display to a secure modal flow with masked preview, explicit reveal, and copy action (no plaintext editor tab).
+  - Added best-effort auto-ignore for `.norn-cache/` in repo `.gitignore` when secret keys are first cached.
 ## [1.5.2] - 2026-02-28
 ### Improved

package/README.md CHANGED Viewed

@@ -279,19 +279,19 @@ end sequence
 ```bash
 # Run sequences tagged @smoke
-npx norn tests/ --tag smoke
+norn tests/ --tag smoke
 # AND logic: must have BOTH tags
-npx norn tests/ --tag smoke --tag auth
+norn tests/ --tag smoke --tag auth
 # OR logic: match ANY tag
-npx norn tests/ --tags smoke,regression
+norn tests/ --tags smoke,regression
 # Key-value exact match
-npx norn tests/ --tag team(CustomerExp)
+norn tests/ --tag team(CustomerExp)
 # Combine with environment
-npx norn tests/ --env staging --tag smoke
+norn tests/ --env staging --tag smoke
 ```
 **Behavior:**
@@ -532,6 +532,36 @@ var apiKey = prod-key-789
 Select the active environment from the VS Code status bar. Environment variables override common variables.
+#### Encrypted Secrets in `.nornenv`
+Use `secret` declarations with encrypted values so `.nornenv` can be committed safely:
+```nornenv
+[env:prelive]
+secret apiKey = ENC[NORN_AGE_V1:kid=team-main:...]
+```
+Key flow:
+```bash
+# Generate and cache a shared key once
+norn secrets keygen --name team-main
+# Teammates import the shared key from your vault
+norn secrets import-key --kid team-main
+# Encrypt plaintext secrets already in .nornenv
+norn secrets encrypt --file .nornenv --env prelive --var apiKey --kid team-main
+# Rotate an existing encrypted value
+norn secrets rotate --file .nornenv --env prelive --var apiKey
+# CI guardrail: fail on plaintext secrets
+norn secrets audit .
+```
+When Norn detects a locked secret with a missing key id (`kid`), it prompts once, then stores the key in `.norn-cache/secret-keys.json` (gitignored).
 ### Named Requests
 Define reusable requests and call them from sequences:
@@ -784,28 +814,31 @@ Run tests from the command line for CI/CD pipelines. Only sequences marked with
 ```bash
 # Run all test sequences in a file
-npx norn api-tests.norn
+norn api-tests.norn
 # Run all test sequences in a directory (recursive)
-npx norn tests/
+norn tests/
 # Run a specific sequence
-npx norn api-tests.norn --sequence AuthFlow
+norn api-tests.norn --sequence AuthFlow
 # Run with a specific environment
-npx norn api-tests.norn --env staging
+norn api-tests.norn --env staging
+# Run against local/self-signed TLS endpoints (dev only)
+norn api-tests.norn --insecure
 # Generate JUnit XML report for CI/CD
-npx norn tests/ --junit --output-dir ./reports
+norn tests/ --junit --output-dir ./reports
 # Generate HTML report
-npx norn tests/ --html --output-dir ./reports
+norn tests/ --html --output-dir ./reports
 # Verbose output with colors
-npx norn api-tests.norn -v
+norn api-tests.norn -v
 # Show help
-npx norn --help
+norn --help
 ```
 ### CLI Options
@@ -814,6 +847,7 @@ npx norn --help
 |--------|-------------|
 | `-s, --sequence <name>` | Run a specific sequence by name |
 | `-e, --env <name>` | Use a specific environment from .nornenv |
+| `--insecure` | Disable TLS certificate verification (dev/self-signed endpoints only) |
 | `--tag <name>` | Filter by tag (AND logic, can repeat) |
 | `--tags <list>` | Filter by comma-separated tags (OR logic) |
 | `-j, --json` | Output results as JSON |
@@ -824,6 +858,8 @@ npx norn --help
 | `--no-fail` | Don't exit with error code on failed tests |
 | `-h, --help` | Show help message |
+Security note: `--insecure` should only be used for local development or trusted internal test environments. Keep TLS verification enabled for staging/production endpoints.
 ## Test Explorer
 Run tests directly from VS Code's Testing sidebar:
@@ -898,7 +934,7 @@ jobs:
           node-version: '20'
       - name: Run API Tests
-        run: npx norn ./tests/ --junit --output-dir ./reports
+        run: norn ./tests/ --junit --output-dir ./reports
       - name: Upload Test Results
         uses: actions/upload-artifact@v4
@@ -1050,6 +1086,10 @@ end sequence
 - `Norn: Clear Cookies` - Clear all stored cookies
 - `Norn: Show Stored Cookies` - Display cookies in output
+## Extension Settings
+- `norn.security.verifyTlsCertificates` (default: `true`) - Verify TLS certificates for HTTPS requests and Swagger/OpenAPI fetches. Disable only when testing local endpoints with self-signed certificates.
 ## Requirements
 - VS Code 1.108.1 or higher