safelaunch 1.0.23 → 1.0.25

package/README.md

@@ -1,10 +1,9 @@
 # safelaunch
-
-> The pre-deploy safety check for JavaScript projects.
+> The pre-deploy guardrail for JavaScript projects.
 
 [![npm version](https://badge.fury.io/js/safelaunch.svg)](https://www.npmjs.com/package/safelaunch)
 
-Run one command before you deploy. safelaunch scans your entire project and tells you exactly what will break — before it breaks in production.
+One command turns safelaunch into a system that blocks bad pushes automatically — forever.
 
 Works with **Node.js, Next.js, Vite, and Create React App**.
 
@@ -12,158 +11,126 @@ Works with **Node.js, Next.js, Vite, and Create React App**.
 
 ---
 
-## Try it now — zero setup
+## Get protected in one command
 
 ```bash
-npx safelaunch scan
+npx safelaunch setup
 ```
 
-No installation. No config. Just run it in any JavaScript project.
-
-```
-Scanning your project...
-Detected: Next.js
-
-🚨 Safelaunch Scan Report
-
-This project is NOT safe to deploy
-
-3 issues found
-2 critical · 1 warning
-
-────────────────────────────
-
-🚨 CRITICAL (will break your app)
-
-1. DATABASE_URL is missing
+No installation. No config. Run it once in any JavaScript project.
 
-   Impact:
-   Your app cannot use DATABASE_URL
-   → Will crash or behave incorrectly at runtime
+safelaunch scans your project, shows you exactly what would break your next deploy, generates your environment manifest, and installs a git hook that **blocks bad pushes automatically from now on**.
 
 ---
 
-2. STRIPE_SECRET_KEY is missing
+## What happens when you push
 
-   Impact:
-   Your app cannot use STRIPE_SECRET_KEY
-   → Will crash or behave incorrectly at runtime
+**If something will break production:**
 
-────────────────────────────
-
-⚠️  WARNINGS (may cause issues)
-
-3. .env is not in .gitignore
-
-   Impact:
-   .env is not in your .gitignore
-   → You are one git add away from leaking your secrets
-
-────────────────────────────
+```
+✗  PUSH BLOCKED — 2 issues will break production
+   Fix all blockers before this code ships.
 
-✅ What's working (5 checks passed)
+✗  STRIPE_SECRET_KEY is missing
+   Impact: Any code that reads process.env.STRIPE_SECRET_KEY will get undefined. This silently breaks at runtime.
+   → Add STRIPE_SECRET_KEY to your .env file.
 
-- Environment file detected
-- No hardcoded secrets found
-- Dependencies installed
-- No duplicate variables
-- NODE_ENV configured
+✗  DATABASE_URL is missing
+   Impact: Any code that reads process.env.DATABASE_URL will get undefined. This silently breaks at runtime.
+   → Add DATABASE_URL to your .env file.
 
-────────────────────────────
+─────────────────────────────────────────────────
+2 blockers  ·  push aborted
 
-💡 Next step
+To skip (not recommended):  git push --no-verify
+```
 
-   Run:
-   safelaunch init
+**If everything is clean:**
 
-   Lock this configuration and prevent future breakage
 ```
+✓ All checks passed (0.4s)
+```
+
+Nothing else. Your push goes through.
 
 ---
 
 ## What safelaunch checks
 
 ### Environment
-- Missing variables
-- Empty variables
-- Duplicate variables
-- `VITE_` prefix validation
-- `REACT_APP_` prefix validation
-- `.env.example` out of sync
+- Missing required variables
+- Empty variable values
+- Duplicate variable definitions
+- `VITE_` prefix validation (Vite projects)
+- `REACT_APP_` prefix validation (CRA projects)
+- `.env.example` gaps
 
 ### Secrets & Security
-- `.env` committed to git
+- Secrets committed to staged files
 - `.env` not in `.gitignore`
-- Hardcoded secrets in source files
 
 ### Dependencies
 - `node_modules` not installed
 - Packages in `package.json` but not installed
-- Lockfile missing
+- Lockfile out of sync with `package.json`
 
 ### Build Readiness
-- Build script missing
-- Required config files missing (next.config.js, vite.config.js)
-- TypeScript errors
+- TypeScript errors (`tsc --noEmit`)
+- Critical npm vulnerabilities
 
-### Git State
-- Uncommitted changes before deploy
-- Unpushed commits
+### Runtime
+- Node.js version mismatch (`.nvmrc`)
 
 ---
 
-## Installation
+## Commands
 
 ```bash
-npm install -g safelaunch
+npx safelaunch setup        # Scan + generate manifest + install git hook
+safelaunch scan             # Run all checks
+safelaunch init             # Generate env.manifest.json from your .env
+safelaunch validate         # Validate current env against manifest
+safelaunch hook install     # Install the git hook manually
+safelaunch hook uninstall   # Remove the git hook
+safelaunch hook status      # Check if the hook is active
 ```
 
 ---
 
-## Lock it in permanently
+## How the hook stays active
 
-Once scan shows you what's broken, lock your configuration so it never breaks again.
+Once installed, the hook runs before every `git push`. If it ever goes missing, `safelaunch validate` detects and reinstalls it automatically.
 
-**Step 1 — Generate your environment manifest**
-
-```bash
-safelaunch init
-```
-
-Scans your codebase and creates an `env.manifest.json` — a contract file that defines exactly what your app needs to run.
-
-**Step 2 — Validate before every deploy**
-
-```bash
-safelaunch validate
-```
-
-Checks your live environment against the manifest and tells you exactly what will break before it does.
+New team members get the hook installed automatically via the `postinstall` script when they run `npm install`.
 
 ---
 
-## Never think about it again
+## CI Integration
 
-```bash
-safelaunch hook install
+```yaml
+- name: Validate environment
+  run: npx safelaunch validate
 ```
 
-Installs a git hook that blocks `git push` automatically if validation fails. Set it once, forget about it.
+Blocks the pipeline if required variables are missing or misconfigured.
 
 ---
 
-## CI Integration
+## env.manifest.json
 
-```yaml
-- name: Install safelaunch
-  run: npm install -g safelaunch
+`safelaunch setup` generates an `env.manifest.json` — a contract that locks which variables your project requires. Commit this file. Every push is validated against it.
 
-- name: Validate environment
-  run: safelaunch validate
+```json
+{
+  "version": "1.0.0",
+  "required": [
+    "DATABASE_URL",
+    "STRIPE_SECRET_KEY",
+    "NEXTAUTH_SECRET"
+  ]
+}
 ```
 
-Blocks deployments automatically if anything is missing or misconfigured.
-
 ---
 
 ## Privacy & Security

package/bin/safelaunch.js

@@ -0,0 +1,126 @@
+#!/usr/bin/env node
+
+const { runScan }         = require("../src/scan");
+const { installHook, uninstallHook, verifyHook, hookStatus, handleHookCommand } = require("../src/hook");
+const setup    = require("../src/setup");
+const init     = require("../src/init");
+const validate = require("../src/validate");
+
+// ─── Colours ─────────────────────────────────────────────────────────────────
+const c = {
+  reset: "\x1b[0m", bold: "\x1b[1m", dim: "\x1b[2m",
+  green: "\x1b[32m", cyan: "\x1b[36m", gray: "\x1b[90m",
+};
+const green = (s) => `${c.green}${c.bold}${s}${c.reset}`;
+const cyan  = (s) => `${c.cyan}${s}${c.reset}`;
+const gray  = (s) => `${c.gray}${s}${c.reset}`;
+const dim   = (s) => `${c.dim}${s}${c.reset}`;
+const bold  = (s) => `${c.bold}${s}${c.reset}`;
+
+// ─── Version ──────────────────────────────────────────────────────────────────
+let version = "1.0.24";
+try {
+  version = require("../package.json").version;
+} catch {}
+
+// ─── Help text ────────────────────────────────────────────────────────────────
+function printHelp() {
+  console.log(`
+${bold("safelaunch")} ${gray(`v${version}`)} — pre-deploy guardrail for JavaScript projects
+
+${bold("USAGE")}
+  ${cyan("npx safelaunch setup")}         Scan, generate env.manifest.json, install git hook
+  ${cyan("safelaunch scan")}              Run all checks and show issues
+  ${cyan("safelaunch init")}              Generate env.manifest.json from current .env
+  ${cyan("safelaunch validate")}          Validate current env against env.manifest.json
+  ${cyan("safelaunch hook install")}      Install the pre-push git hook manually
+  ${cyan("safelaunch hook uninstall")}    Remove the pre-push git hook
+  ${cyan("safelaunch hook status")}       Check whether the hook is active
+
+${bold("FLAGS")}
+  ${cyan("--hook")}                       Used internally by the git hook (tighter output)
+  ${cyan("--force")}                      Force-replace an existing hook from another tool
+  ${cyan("--version")}                    Print version and exit
+  ${cyan("--help")}                       Print this help
+
+${bold("HOW IT WORKS")}
+  Run ${cyan("npx safelaunch setup")} once in your project.
+  From then on, every ${cyan("git push")} is scanned automatically.
+  Issues that will break production are blocked. Clean pushes pass silently.
+`);
+}
+
+// ─── Parse flags ─────────────────────────────────────────────────────────────
+const args  = process.argv.slice(2);
+const cmd   = args.find((a) => !a.startsWith("-"));
+const flags = {};
+for (const a of args) {
+  if (a.startsWith("--")) flags[a] = true;
+}
+const hookMode = flags["--hook"] === true;
+const silent   = flags["--silent"] === true;
+
+// ─── Dispatch ─────────────────────────────────────────────────────────────────
+(async () => {
+  if (flags["--version"] || flags["-v"]) {
+    console.log(version);
+    process.exit(0);
+  }
+
+  if (flags["--help"] || flags["-h"]) {
+    printHelp();
+    process.exit(0);
+  }
+
+  switch (cmd) {
+    // ── setup: scan + init + hook install in one shot ──────────────────────
+    case "setup":
+    case undefined: {
+      // When called with no args and no --hook flag, run setup
+      if (!hookMode) {
+        await setup.run({ cwd: process.cwd() });
+      } else {
+        // --hook with no command: run scan in hook mode
+        const { blockers } = await runScan({ hookMode: true, cwd: process.cwd() });
+        process.exit(blockers.length > 0 ? 1 : 0);
+      }
+      break;
+    }
+
+    // ── scan ────────────────────────────────────────────────────────────────
+    case "scan": {
+      if (!hookMode && !silent) {
+        process.stdout.write(gray(`safelaunch v${version} — scanning...\n\n`));
+      }
+      const { blockers } = await runScan({ hookMode, cwd: process.cwd() });
+      process.exit(blockers.length > 0 ? 1 : 0);
+    }
+
+    // ── init ────────────────────────────────────────────────────────────────
+    case "init": {
+      await init.run({ cwd: process.cwd() });
+      break;
+    }
+
+    // ── validate ─────────────────────────────────────────────────────────────
+    case "validate": {
+      // Also verify the hook is still present
+      verifyHook({ silent: false, autoInstall: true, cwd: process.cwd() });
+      await validate.run({ cwd: process.cwd() });
+      break;
+    }
+
+    // ── hook ─────────────────────────────────────────────────────────────────
+    case "hook": {
+      const subcommand = args[args.indexOf("hook") + 1];
+      handleHookCommand(subcommand, flags);
+      break;
+    }
+
+    default: {
+      console.error(`\nUnknown command: ${cmd}\n`);
+      printHelp();
+      process.exit(1);
+    }
+  }
+})();

package/deploycheck-vscode/.vscode/launch.json

@@ -0,0 +1,15 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "type": "chrome",
+            "request": "launch",
+            "name": "Launch Chrome against localhost",
+            "url": "http://localhost:8080",
+            "webRoot": "${workspaceFolder}"
+        }
+    ]
+}

package/deploycheck-vscode/README.md

@@ -0,0 +1,71 @@
+# deploycheck
+> Catch what breaks production before it breaks.
+
+Real time environment validation inside VS Code. deploycheck runs 11 checks on your environment before you push to production.
+
+Works with Node.js, Next.js, Vite, and Create React App. Automatically detects your project type.
+
+## Commands
+
+Open the Command Palette with Ctrl+Shift+P and run:
+
+**deploycheck: Generate env.manifest.json**
+
+Scans your entire project for environment variables and automatically generates env.manifest.json.
+
+Works with:
+- process.env for Node.js and Next.js projects
+- import.meta.env for Vite projects
+- REACT_APP_ variables for Create React App
+
+**deploycheck: Validate Environment**
+
+Runs 11 checks on your environment and tells you exactly what will break before you push.
+
+## What deploycheck checks
+
+1. Missing required environment variables
+2. Empty required environment variables
+3. Runtime version mismatch (Node version)
+4. Duplicate variables in .env
+5. Dependencies not installed
+6. Dependency drift (in package.json but not installed)
+7. Variables in .env.example but missing from .env
+8. VITE_ prefix warning (Vite projects — variables without VITE_ won't be exposed to the client)
+9. REACT_APP_ prefix warning (CRA projects — variables without REACT_APP_ won't be exposed to the client)
+10. NEXT_PUBLIC_ prefix awareness (Next.js — flags variables intended for the client)
+11. .env file priority conflicts (Next.js — warns when .env.local overrides .env silently)
+
+## Supported project types
+
+deploycheck automatically detects your project type.
+
+- Node.js       scans process.env
+- Next.js       scans process.env, checks NEXT_PUBLIC_ and .env priority
+- Vite          scans import.meta.env, checks VITE_ prefix
+- React CRA     scans REACT_APP_ variables, checks REACT_APP_ prefix
+
+## How it works
+
+Step 1: Open your project in VS Code
+Step 2: Press Ctrl+Shift+P
+Step 3: Type deploycheck
+Step 4: Run Generate to create your manifest
+Step 5: Run Validate before every push
+
+## CLI Version
+
+For terminal and CI use install the CLI:
+
+npm install -g safelaunch
+
+safelaunch init
+
+safelaunch validate
+
+## Built by Orches
+
+JavaScript Reliability Infrastructure.
+
+GitHub: https://github.com/karthicedric7-cloud/safelaunch
+npm: https://www.npmjs.com/package/safelaunch

package/deploycheck-vscode/init.js

@@ -0,0 +1,54 @@
+const fs = require('fs');
+const path = require('path');
+
+function scanFiles(dir, extensions, found = new Set()) {
+  const items = fs.readdirSync(dir);
+  for (const item of items) {
+    if (item === 'node_modules' || item === '.git') continue;
+    const full = path.join(dir, item);
+    const stat = fs.statSync(full);
+    if (stat.isDirectory()) {
+      scanFiles(full, extensions, found);
+    } else if (extensions.some(ext => item.endsWith(ext))) {
+      const content = fs.readFileSync(full, 'utf8');
+      const matches = content.matchAll(/process\.env\.([A-Z_][A-Z0-9_]*)/g);
+      for (const match of matches) {
+        found.add(match[1]);
+      }
+    }
+  }
+  return found;
+}
+
+function init() {
+  console.log('\nscanning project for environment variables...\n');
+  const cwd = process.cwd();
+  const extensions = ['.js', '.ts', '.jsx', '.tsx'];
+  const found = scanFiles(cwd, extensions);
+  if (found.size === 0) {
+    console.log('no process.env references found.\n');
+    return;
+  }
+  const variables = {};
+  for (const key of [...found].sort()) {
+    variables[key] = { required: true, description: '' };
+  }
+  const manifest = {
+    version: '1',
+    runtime: { node: process.version.replace('v', '').split('.')[0] },
+    variables
+  };
+  const manifestPath = path.join(cwd, 'env.manifest.json');
+  if (fs.existsSync(manifestPath)) {
+    console.log('env.manifest.json already exists. delete it first.\n');
+    return;
+  }
+  fs.writeFileSync(manifestPath, JSON.stringify(manifest, null, 2));
+  console.log('found ' + found.size + ' environment variables:\n');
+  for (const key of [...found].sort()) {
+    console.log('  ' + key);
+  }
+  console.log('\ncreated env.manifest.json\n');
+}
+
+init();

package/deploycheck-vscode/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "deploycheck-vscode",
+  "displayName": "deploycheck",
+  "description": "Catch what breaks production before it breaks. Real time environment validation inside VS Code.",
+  "version": "0.0.10",
+  "publisher": "Orches",
+  "engines": {
+    "vscode": "^1.74.0"
+  },
+  "categories": [
+    "Linters"
+  ],
+  "activationEvents": [
+    "*"
+  ],
+  "main": "./src/extension.js",
+  "contributes": {
+    "commands": [
+      {
+        "command": "deploycheck.init",
+        "title": "deploycheck: Generate env.manifest.json"
+      },
+      {
+        "command": "deploycheck.validate",
+        "title": "deploycheck: Validate Environment"
+      }
+    ]
+  },
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "devDependencies": {
+    "@types/vscode": "^1.74.0"
+  }
+}