Skip to content

feat(types,build-scripts): add env var resolution for integration secrets (#245)#346

Closed
perasperaactual wants to merge 11 commits into
mainfrom
dev
Closed

feat(types,build-scripts): add env var resolution for integration secrets (#245)#346
perasperaactual wants to merge 11 commits into
mainfrom
dev

Conversation

@perasperaactual
Copy link
Copy Markdown
Contributor

@perasperaactual perasperaactual commented Apr 13, 2026

Summary

This PR introduces support for referencing secrets from environment variables in integration configurations.

Changes

  • @stackwright/types: New type and utilities for runtime secret validation
  • @stackwright/build-scripts: Prebuild script updates for env var substitution

Files Changed

  • (new)
  • (new)

Closes #245

perasperaactual and others added 11 commits April 10, 2026 11:27
@perasperaactual
fix(deploy): enable static export for R2 bucket hosting (#332)
a3436bf 
Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
@perasperaactual
fix(deploy): add trailing slash support for R2 static hosting (#334)
6353011 
Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
@perasperaactual
Merge branch 'main' into dev
facb5c4
@perasperaactual
fix(deploy): migrate from R2 to Cloudflare Pages (#336)
cb7679e 
Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
@perasperaactual
Fix/cloudflare pages (#337)
abce1d7 
* fix(deploy): migrate from R2 to Cloudflare Pages

* fix(deploy): use env vars for deployment variables

---------

Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
@perasperaactual
feat(hooks): add @stackwright/hooks-registry for cross-module singlet…
5fb4e1b 
…on (#341)

* feat(hooks): add @stackwright/hooks-registry for cross-module singleton

- Create new @stackwright/hooks-registry package using Symbol.for() pattern
- Update @stackwright/scaffold-core to re-export from shared registry
- Fix fallback:'blocking' + output:'export' incompatibility in template
- Update E2E config to serve static out/ directory

Fixes module isolation where Pro packages' hooks weren't visible to CLI.

* fix(hooks): add resetForTesting export and improve singleton tests

* fix: address lint warnings for PR #341

* chore: update visual regression baselines and SBOM files

* fix(deps): pin undici to ^7.0.0 for jsdom compatibility

---------

Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
@perasperaactual
docs: document shared validation module architecture (fixes #338) (#342)
3a364fe 
* feat(hooks): add @stackwright/hooks-registry for cross-module singleton

- Create new @stackwright/hooks-registry package using Symbol.for() pattern
- Update @stackwright/scaffold-core to re-export from shared registry
- Fix fallback:'blocking' + output:'export' incompatibility in template
- Update E2E config to serve static out/ directory

Fixes module isolation where Pro packages' hooks weren't visible to CLI.

* fix(hooks): add resetForTesting export and improve singleton tests

* fix: address lint warnings for PR #341

* chore: update visual regression baselines and SBOM files

* fix(deps): pin undici to ^7.0.0 for jsdom compatibility

* docs: add ADR 006 for shared validation module (fixes #338)

---------

Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
@perasperaactual
fix(core): resolve theme tokens in icon color prop (fixes #339) (#343)
eb9a86e 
* fix(core): resolve theme tokens in icon color prop (fixes #339)

* chore: add changeset for #339 fix

* fix(core): map background token to --sw-color-bg (fixes #343 review)

---------

Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
@perasperaactual
feat(security): add secrets scanning and plugin security guidelines (#…
79b6c0c 
…345)

* feat(security): add secrets scanning and plugin security guidelines (fixes #244, #246)

* fix(security): use gitleaks v1 (MIT) and fix workflow configuration

* refactor(security): use gitleaks CLI instead of GitHub Action

- Replace gitleaks-action with direct CLI invocation
- CLI is MIT licensed, no license key required
- Exit code 1 = leaks found (fails CI), 0 = clean (passes)
- Add Go setup step to install gitleaks v9

* fix(security): use --filter for pnpm audit to avoid workspace conflicts

---------

Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
feat(types,build-scripts): add env var resolution for integration sec…
83ce57d 
…rets (#245)
chore: add changeset for #245
bbf58ef
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 13, 2026

🧪 Coverage Report\n\n### Overall Coverage\n\n| Metric | Coverage |\n|--------|----------|\n| Lines | ⚠️ 74.24% |\n| Statements | ⚠️ 73.20% |\n| Functions | ⚠️ 74.72% |\n| Branches | ⚠️ 63.81% |\n\n### Coverage by Package\n\n| Package | Lines | Statements | Functions | Branches |\n|---------|-------|-----------|-----------|----------|\n| @stackwright/build-scripts | 83.99% | 82.68% | 84.61% | 75.00% |\n| @stackwright/cli | 54.85% | 54.60% | 52.11% | 55.10% |\n| @stackwright/collections | 100.00% | 92.85% | 100.00% | 85.71% |\n| @stackwright/core | 79.46% | 78.10% | 77.20% | 61.74% |\n| @stackwright/icons | 100.00% | 100.00% | 100.00% | 100.00% |\n| @stackwright/mcp | 86.89% | 84.71% | 78.43% | 66.07% |\n| @stackwright/nextjs | 87.23% | 87.23% | 84.61% | 79.71% |\n| @stackwright/themes | 98.85% | 93.68% | 96.15% | 82.35% |\n| @stackwright/types | 83.33% | 82.89% | 86.48% | 63.87% |\n\n---\n📊 Full HTML report available in workflow artifacts\n

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 13, 2026

⚡ Performance Benchmark Results

✅ Build Time Benchmarks: PASSED

❌ Bundle Size Benchmarks: FAILED

❌ Runtime Vitals Benchmarks: FAILED

📝 Note: Detailed results are available in the job logs.

🎯 Performance Budgets:

  • Build time: <70s total
  • First-load JS: <100KB gzipped
  • FCP: <1.5s, LCP: <2.5s, TTI: <3s

Updated: 2026-04-13T14:31:48.463Z

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 13, 2026

✅ Visual Regression Test Results

Status: ✅ All visual tests passed!

All screenshots match the baseline. No visual regressions detected! 🎉

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 13, 2026

♿ Accessibility Test Results

Overall Status: ✅ 0/0 tests passed

🦮 WCAG 2.1 AA Compliance

No WCAG test results available

⌨️ Keyboard Navigation

No keyboard navigation test results available

⚠️ No accessibility tests were executed. Check the workflow logs for setup issues.

📊 Detailed Report

Download the full HTML accessibility report from the workflow artifacts for:

  • Detailed WCAG violation descriptions
  • Specific element selectors and fixes
  • Color contrast issues
  • Keyboard navigation flow analysis

🔍 Testing Checklist

Our accessibility tests verify:

  • ✅ WCAG 2.1 Level AA compliance
  • ✅ Color contrast in light and dark modes
  • ✅ Tab key navigation through all interactive elements
  • ✅ Focus indicators are visible
  • ✅ No keyboard traps
  • ✅ Skip links and ARIA landmarks
  • ✅ Screen reader compatibility

Powered by @axe-core/playwright and Playwright

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@perasperaactual