Merge pull request #1 from DevKaliper/feat/development

Feat/development

Author: DevKaliper

.eslintrc.json

@@ -0,0 +1,30 @@
+{
+  "root": true,
+  "parser": "@typescript-eslint/parser",
+  "parserOptions": {
+    "ecmaVersion": 2022,
+    "sourceType": "module",
+    "project": "./tsconfig.json"
+  },
+  "plugins": ["@typescript-eslint"],
+  "extends": [
+    "eslint:recommended",
+    "plugin:@typescript-eslint/recommended",
+    "plugin:@typescript-eslint/recommended-requiring-type-checking",
+    "prettier"
+  ],
+  "rules": {
+    "@typescript-eslint/no-explicit-any": "error",
+    "@typescript-eslint/explicit-function-return-type": "off",
+    "@typescript-eslint/explicit-module-boundary-types": "off",
+    "@typescript-eslint/no-unused-vars": [
+      "error",
+      { "argsIgnorePattern": "^_" }
+    ],
+    "no-console": "off"
+  },
+  "env": {
+    "node": true,
+    "es2022": true
+  }
+}

.gitignore

@@ -0,0 +1,13 @@
+
+node_modules/
+dist/
+build/
+coverage/
+.env
+.env.local
+.env.*.local
+.idea/
+.vscode/
+.DS_Store
+*.log
+*.tmp

.npmignore

@@ -0,0 +1,11 @@
+node_modules
+src
+__tests__
+tsconfig.json
+.eslintrc.json
+.prettierrc.json
+vitest.config.ts
+*.test.ts
+*.spec.ts
+.gitignore
+.github

.prettierrc.json

@@ -0,0 +1,8 @@
+{
+  "semi": false,
+  "singleQuote": true,
+  "trailingComma": "es5",
+  "tabWidth": 2,
+  "printWidth": 100,
+  "arrowParens": "always"
+}

CHANGELOG.md

@@ -0,0 +1,79 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.0.0] - 2026-02-17
+
+### Added
+
+#### Core Features
+- `diff` command - Compare environment variables between two sources
+- `check` command - Validate environment against baseline (e.g., .env.example)
+- `audit` command - Detect security issues and suspicious values
+
+#### Parsers
+- `.env` file parser with support for standard dotenv format
+- `.env.example` parser that extracts variable names even without values
+- Docker Compose parser that extracts environment variables from all services
+- Vercel configuration parser (vercel.json)
+- Railway configuration parser (railway.toml)
+- Git integration - load .env files from any git reference (branches, commits)
+
+#### Audit Rules
+- `SECRET_IN_PLAIN` - Detects plaintext passwords and weak secrets (error)
+- `LOCALHOST_IN_PROD` - Flags localhost/127.0.0.1 in production variables (warn)
+- `EMPTY_SECRET` - Identifies secret variables with empty values (error)
+- `WEAK_DEFAULT` - Catches common weak defaults like "password", "changeme" (warn)
+- `MISSING_REQUIRED` - Reports variables present in baseline but missing in target (error)
+
+#### Output Formats
+- Plain text output with optional color support
+- JSON output for programmatic consumption
+- Markdown output for documentation and reports
+- Value masking option (--no-values) for sensitive information
+
+#### CLI Options
+- `--format` - Choose output format (text, json, markdown)
+- `--only-missing` - Show only added/removed variables
+- `--only-changed` - Show only changed variables
+- `--no-values` - Mask variable values in output
+- `--baseline` - Specify custom baseline file for check command
+- `--severity` - Filter audit results by severity (warn, error)
+
+#### Integration Sources
+- File paths: `./path/to/.env`
+- Git references: `main:.env`, `HEAD~1:.env`
+- Docker Compose: `compose:./docker-compose.yml`
+- Vercel: `vercel:./vercel.json`
+- Railway: `railway:./railway.toml`
+
+#### Developer Experience
+- TypeScript strict mode
+- Comprehensive unit tests (31 tests across 6 test suites)
+- ESLint + Prettier configuration
+- Vitest for fast testing
+- Full code coverage tracking
+- Example fixtures for testing
+- Demo script showcasing all features
+
+#### Documentation
+- Comprehensive README with usage examples
+- EXAMPLES.md with real-world use cases
+- CONTRIBUTING.md with development guidelines
+- Inline code documentation
+- MIT License
+
+### Technical Details
+- Node.js 20+ required
+- TypeScript 5.3+
+- ES2022 modules
+- Functional programming style
+- Named exports only
+- No default exports
+- Zero external API dependencies
+- Fast execution with minimal overhead
+
+[1.0.0]: https://github.com/DevKaliper/env-diff-cli/releases/tag/v1.0.0

CONTRIBUTING.md

@@ -0,0 +1,223 @@
+# Contributing to envdiff
+
+Thank you for considering contributing to envdiff! This document provides guidelines and instructions for contributing.
+
+## Development Setup
+
+1. **Fork and clone the repository**
+   ```bash
+   git clone https://github.com/YOUR_USERNAME/env-diff-cli.git
+   cd env-diff-cli
+   ```
+
+2. **Install dependencies**
+   ```bash
+   npm install
+   ```
+
+3. **Build the project**
+   ```bash
+   npm run build
+   ```
+
+4. **Run tests**
+   ```bash
+   npm test
+   ```
+
+## Project Structure
+
+```
+src/
+  cli.ts           # Commander setup, command registration
+  commands/
+    diff.ts        # diff two env sources
+    check.ts       # validate against a baseline
+    audit.ts       # suspicious value detection
+  parsers/
+    dotenv.ts      # .env and .env.example
+    compose.ts     # docker-compose.yml environment blocks
+    vercel.ts      # vercel.json + .vercel/output
+    railway.ts     # railway.toml
+  core/
+    differ.ts      # diff logic, set operations on variable maps
+    auditor.ts     # suspicious value rules
+    reporter.ts    # format output (text | json | markdown)
+  types.ts         # shared types
+  __tests__/       # unit tests
+    fixtures/      # test data
+```
+
+## Code Style
+
+- **TypeScript strict mode** - All code must pass strict type checking
+- **Functional style** - Prefer pure functions over classes
+- **Named exports only** - No default exports
+- **Async/await** - Use async functions for all I/O operations
+- **No `any` type** - Use `unknown` and narrow explicitly
+- **ESLint + Prettier** - Code must pass linting and formatting checks
+
+Run formatting and linting:
+```bash
+npm run format
+npm run lint
+```
+
+## Adding New Features
+
+### Adding a New Parser
+
+To add support for a new configuration format:
+
+1. Create a new parser in `src/parsers/yourformat.ts`
+2. Implement the parser function that returns `Promise<EnvMap>`
+3. Add test fixtures in `src/__tests__/fixtures/`
+4. Write unit tests in `src/__tests__/yourformat.test.ts`
+5. Update the `loadSource` function in `src/commands/diff.ts`
+6. Update README.md and EXAMPLES.md with usage examples
+
+Example parser structure:
+```typescript
+import { readFile } from 'fs/promises'
+import type { EnvMap } from '../types.js'
+import { ParseError } from '../types.js'
+
+export async function parseYourFormat(filePath: string): Promise<EnvMap> {
+  try {
+    const content = await readFile(filePath, 'utf-8')
+    // Parse content and return EnvMap
+    return {}
+  } catch (error) {
+    if ((error as NodeJS.ErrnoException).code === 'ENOENT') {
+      return {}
+    }
+    throw new ParseError(`Failed to parse: ${filePath}`)
+  }
+}
+```
+
+### Adding a New Audit Rule
+
+To add a new security audit rule:
+
+1. Add the rule to the `rules` array in `src/core/auditor.ts`
+2. Write tests in `src/__tests__/auditor.test.ts` (positive and negative cases)
+3. Update README.md with the new rule description
+
+Example rule:
+```typescript
+{
+  id: 'YOUR_RULE_ID',
+  severity: 'warn' | 'error',
+  match: (key: string, value: string) => {
+    // Return true if the rule should trigger
+    return false
+  }
+}
+```
+
+## Testing
+
+### Running Tests
+
+```bash
+# Run all tests
+npm test
+
+# Run tests once (no watch mode)
+npm run test:run
+
+# Run with coverage
+npm run test:coverage
+```
+
+### Writing Tests
+
+- Place tests in `src/__tests__/`
+- Use descriptive test names
+- Test both positive and negative cases
+- Use fixtures in `src/__tests__/fixtures/` for test data
+- Avoid mocking the filesystem - use real files in temp directories
+
+Example test:
+```typescript
+import { describe, it, expect } from 'vitest'
+import { yourFunction } from '../your-module.js'
+
+describe('yourFunction', () => {
+  it('should handle valid input', () => {
+    const result = yourFunction('input')
+    expect(result).toBe('expected')
+  })
+  
+  it('should throw on invalid input', () => {
+    expect(() => yourFunction('')).toThrow()
+  })
+})
+```
+
+## Pull Request Process
+
+1. **Create a feature branch**
+   ```bash
+   git checkout -b feature/your-feature-name
+   ```
+
+2. **Make your changes**
+   - Write clean, well-documented code
+   - Add tests for new functionality
+   - Update documentation as needed
+
+3. **Test your changes**
+   ```bash
+   npm run lint
+   npm run format:check
+   npm run test:run
+   npm run build
+   ```
+
+4. **Commit your changes**
+   ```bash
+   git add .
+   git commit -m "feat: add your feature description"
+   ```
+
+5. **Push to your fork**
+   ```bash
+   git push origin feature/your-feature-name
+   ```
+
+6. **Create a Pull Request**
+   - Provide a clear description of the changes
+   - Link to any related issues
+   - Ensure all CI checks pass
+
+## Commit Message Convention
+
+Follow conventional commits:
+
+- `feat:` - New feature
+- `fix:` - Bug fix
+- `docs:` - Documentation changes
+- `test:` - Adding or updating tests
+- `refactor:` - Code refactoring
+- `perf:` - Performance improvements
+- `chore:` - Maintenance tasks
+
+Examples:
+```
+feat: add support for Kubernetes ConfigMaps
+fix: handle empty environment files correctly
+docs: update installation instructions
+test: add tests for audit rules
+```
+
+## Questions or Issues?
+
+- Open an issue for bugs or feature requests
+- Start a discussion for questions or ideas
+- Check existing issues before creating new ones
+
+## License
+
+By contributing, you agree that your contributions will be licensed under the MIT License.