diff --git a/.changeset/allow-third-party-plugins.md b/.changeset/allow-third-party-plugins.md deleted file mode 100644 index 67cd4a30..00000000 --- a/.changeset/allow-third-party-plugins.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -"varlock": patch ---- - -feat: allow 3rd party plugins - -Third-party (non-`@varlock/*`) plugins are now supported: - -- **JavaScript projects**: Any plugin installed in `node_modules` via `package.json` is automatically trusted and can be used without restriction. -- **Standalone binary**: When downloading a third-party plugin from npm for the first time, Varlock will prompt for interactive confirmation. Once confirmed and cached, subsequent runs skip the prompt. Non-interactive environments (CI/piped) will receive a clear error message instructing the user to confirm interactively or install via `package.json`. diff --git a/.changeset/binary-version-mismatch-check.md b/.changeset/binary-version-mismatch-check.md deleted file mode 100644 index 8f30b284..00000000 --- a/.changeset/binary-version-mismatch-check.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -"varlock": patch ---- - -Add version mismatch detection between standalone binary and local node_modules install - -When running the standalone binary (installed via homebrew/curl), varlock now checks if a different version is installed in the project's node_modules. If a version mismatch is detected, a warning is displayed suggesting users update the binary or use the locally installed version instead. This helps prevent confusing errors caused by running mismatched versions. diff --git a/.changeset/brave-doors-connect.md b/.changeset/brave-doors-connect.md deleted file mode 100644 index 0cc0e994..00000000 --- a/.changeset/brave-doors-connect.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -"@varlock/1password-plugin": patch ---- - -Add support for 1Password Connect server (self-hosted) - -- New auth mode: `connectHost` + `connectToken` parameters in `@initOp()` for connecting to self-hosted 1Password Connect servers -- Direct REST API integration — no `op` CLI or 1Password SDK required for Connect server usage -- New `opConnectToken` data type for Connect server API tokens -- Parses standard `op://vault/item/[section/]field` references and resolves them via the Connect API -- Caches vault and item ID lookups within a session for efficiency -- Clear error when `opLoadEnvironment()` is used with Connect (not supported by the Connect API) -- Updated error messages and tips to include Connect server as an auth option diff --git a/.changeset/cli-explain-and-override-indicator.md b/.changeset/cli-explain-and-override-indicator.md deleted file mode 100644 index 9c967440..00000000 --- a/.changeset/cli-explain-and-override-indicator.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -"varlock": patch ---- - -Add `varlock explain ITEM_KEY` command and override indicators in `varlock load` output. - -**Override indicators**: When a config item's value comes from a `process.env` override rather than its file-based definitions, `varlock load` now shows a yellow indicator on that item. This helps users understand why their resolver functions (e.g. `op()`) are not being called. - -**`varlock explain` command**: Shows detailed information about how a single config item is resolved, including all definitions and sources in priority order, which source is active, whether a process.env override is in effect (and what would be used without it), decorators, type info, and documentation links. diff --git a/.changeset/fix-diamond-dependency-double-import.md b/.changeset/fix-diamond-dependency-double-import.md deleted file mode 100644 index 68ca9b14..00000000 --- a/.changeset/fix-diamond-dependency-double-import.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -"varlock": patch -"@varlock/nextjs-integration": patch ---- - -Fix diamond dependency handling when the same schema is imported via multiple paths. Previously, duplicate imports caused plugin init decorators to run twice ("Instance already initialized" error). Now, duplicate imports create lightweight `ImportAliasSource` nodes that appear at the correct precedence position without re-initializing the source. This correctly handles different importKeys subsets across import sites and preserves override semantics matching non-deduplicated behavior. Also adds `type` field to serialized source entries for easier filtering. diff --git a/.changeset/fix-git-boundary-lockfile-detection.md b/.changeset/fix-git-boundary-lockfile-detection.md deleted file mode 100644 index 9f13ed36..00000000 --- a/.changeset/fix-git-boundary-lockfile-detection.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -"varlock": patch ---- - -Fix plugin resolution failure in monorepo workspaces where `.git` and the lockfile coexist in the same directory. - -`detectWorkspaceInfo()` was checking for a `.git` directory **after** moving to the parent, so in the standard monorepo layout (`monorepo-root/.git` + `monorepo-root/bun.lock`) the root was never scanned and the lockfile was never found. Moving the `.git` boundary check to **before** moving up ensures the git-root directory is always scanned first. diff --git a/.changeset/fix-monorepo-binary-resolution.md b/.changeset/fix-monorepo-binary-resolution.md deleted file mode 100644 index 21c7b16e..00000000 --- a/.changeset/fix-monorepo-binary-resolution.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -"varlock": patch ---- - -Fix binary resolution in monorepos when `cwd` differs from the package root. - -When importing `varlock/auto-load` (e.g. from a `playwright.config.ts` in a monorepo sub-package), VS Code and similar tools may set `process.cwd()` to the workspace root rather than the sub-package directory. This caused `execSyncVarlock` to search for the `varlock` binary starting at the workspace root and fail to find it when it was only installed in a sub-package's `node_modules/.bin`. - -Two fixes are applied: - -1. `execSyncVarlock` now accepts a `callerDir` option. When provided, the binary search walks up from `callerDir` before falling back to `process.cwd()`. `auto-load.ts` passes `import.meta.dirname` so the search always starts from inside the varlock package itself, which is already in the correct sub-package's `node_modules`. - -2. The walk-up logic no longer throws immediately when it finds a `node_modules/.bin` directory that does not contain varlock. It now continues walking up, allowing the search to find varlock installed at a higher or lower level of a monorepo. diff --git a/.changeset/fix-monorepo-vitest.md b/.changeset/fix-monorepo-vitest.md deleted file mode 100644 index 5805bcbb..00000000 --- a/.changeset/fix-monorepo-vitest.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -"varlock": patch -"@varlock/vite-integration": patch ---- - -Fix Vitest workspace projects in monorepos: when running Vitest from the monorepo root using the `projects` config, varlock now correctly resolves `.env.schema` and `.env` files from each child package's directory instead of only looking in the monorepo root. diff --git a/.changeset/fix-typegen-custom-path-env-specific.md b/.changeset/fix-typegen-custom-path-env-specific.md deleted file mode 100644 index 3c751991..00000000 --- a/.changeset/fix-typegen-custom-path-env-specific.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -"varlock": patch ---- - -Fix `@generateTypes` not creating variables when using a custom path with `varlock typegen --path ` - -When a schema file with an environment-qualifier-like name (e.g. `.env.infra.schema`) was passed as the explicit entry point via `--path`, its variables were being excluded from type generation. The filename was parsed such that `infra` was treated as an environment name (`applyForEnv='infra'`), causing the data source to be marked as environment-specific and all its variables to be filtered out. - -The fix ensures that a file loaded as the root entry point (no parent data source) is never treated as environment-specific, even if its filename contains an environment qualifier. diff --git a/packages/integrations/nextjs/CHANGELOG.md b/packages/integrations/nextjs/CHANGELOG.md index 8e8e7836..a336209c 100644 --- a/packages/integrations/nextjs/CHANGELOG.md +++ b/packages/integrations/nextjs/CHANGELOG.md @@ -1,5 +1,14 @@ # @varlock/nextjs-integration +## 0.3.3 + +### Patch Changes + +- [#553](https://github.com/dmno-dev/varlock/pull/553) [`6ab2d31`](https://github.com/dmno-dev/varlock/commit/6ab2d31903b80ab4d8ec0eb826a18789e73e8f11) - Fix diamond dependency handling when the same schema is imported via multiple paths. Previously, duplicate imports caused plugin init decorators to run twice ("Instance already initialized" error). Now, duplicate imports create lightweight `ImportAliasSource` nodes that appear at the correct precedence position without re-initializing the source. This correctly handles different importKeys subsets across import sites and preserves override semantics matching non-deduplicated behavior. Also adds `type` field to serialized source entries for easier filtering. + +- Updated dependencies [[`2022ef7`](https://github.com/dmno-dev/varlock/commit/2022ef7c8b2070f40c0cd787f0cc75a595a679e4), [`74752a3`](https://github.com/dmno-dev/varlock/commit/74752a3db9459538b8ef7d984737f5bb55de17ae), [`0ea6641`](https://github.com/dmno-dev/varlock/commit/0ea66411604966f744e311fdf59df71d5a3da127), [`6ab2d31`](https://github.com/dmno-dev/varlock/commit/6ab2d31903b80ab4d8ec0eb826a18789e73e8f11), [`01c9a6a`](https://github.com/dmno-dev/varlock/commit/01c9a6a5398d31d3818953dd757d3263e0cf3a36), [`1a4b0cf`](https://github.com/dmno-dev/varlock/commit/1a4b0cf4185c4152be4b39c70755316f1a8be25d), [`02e82d0`](https://github.com/dmno-dev/varlock/commit/02e82d07b4b9d810dba8d1925a27d9fd2c0abab3), [`0c27ed1`](https://github.com/dmno-dev/varlock/commit/0c27ed10b3b77571848974a3703d77e1eabb8abd)]: + - varlock@0.7.2 + ## 0.3.2 ### Patch Changes diff --git a/packages/integrations/nextjs/package.json b/packages/integrations/nextjs/package.json index f35a9991..3182b657 100644 --- a/packages/integrations/nextjs/package.json +++ b/packages/integrations/nextjs/package.json @@ -1,7 +1,7 @@ { "name": "@varlock/nextjs-integration", "description": "drop-in replacement for @next/env that uses varlock to load .env files with validation and extra security features", - "version": "0.3.2", + "version": "0.3.3", "repository": { "type": "git", "url": "https://github.com/dmno-dev/varlock.git", diff --git a/packages/integrations/vite/CHANGELOG.md b/packages/integrations/vite/CHANGELOG.md index 6b992e6e..872daa2b 100644 --- a/packages/integrations/vite/CHANGELOG.md +++ b/packages/integrations/vite/CHANGELOG.md @@ -1,5 +1,14 @@ # @varlock/vite-integration +## 0.2.10 + +### Patch Changes + +- [#542](https://github.com/dmno-dev/varlock/pull/542) [`02e82d0`](https://github.com/dmno-dev/varlock/commit/02e82d07b4b9d810dba8d1925a27d9fd2c0abab3) - Fix Vitest workspace projects in monorepos: when running Vitest from the monorepo root using the `projects` config, varlock now correctly resolves `.env.schema` and `.env` files from each child package's directory instead of only looking in the monorepo root. + +- Updated dependencies [[`2022ef7`](https://github.com/dmno-dev/varlock/commit/2022ef7c8b2070f40c0cd787f0cc75a595a679e4), [`74752a3`](https://github.com/dmno-dev/varlock/commit/74752a3db9459538b8ef7d984737f5bb55de17ae), [`0ea6641`](https://github.com/dmno-dev/varlock/commit/0ea66411604966f744e311fdf59df71d5a3da127), [`6ab2d31`](https://github.com/dmno-dev/varlock/commit/6ab2d31903b80ab4d8ec0eb826a18789e73e8f11), [`01c9a6a`](https://github.com/dmno-dev/varlock/commit/01c9a6a5398d31d3818953dd757d3263e0cf3a36), [`1a4b0cf`](https://github.com/dmno-dev/varlock/commit/1a4b0cf4185c4152be4b39c70755316f1a8be25d), [`02e82d0`](https://github.com/dmno-dev/varlock/commit/02e82d07b4b9d810dba8d1925a27d9fd2c0abab3), [`0c27ed1`](https://github.com/dmno-dev/varlock/commit/0c27ed10b3b77571848974a3703d77e1eabb8abd)]: + - varlock@0.7.2 + ## 0.2.9 ### Patch Changes diff --git a/packages/integrations/vite/package.json b/packages/integrations/vite/package.json index aa591454..fce49b77 100644 --- a/packages/integrations/vite/package.json +++ b/packages/integrations/vite/package.json @@ -1,7 +1,7 @@ { "name": "@varlock/vite-integration", "description": "Vite plugin to use varlock for .env file loading - adds validation, type-safety, and extra security features", - "version": "0.2.9", + "version": "0.2.10", "repository": { "type": "git", "url": "https://github.com/dmno-dev/varlock.git", diff --git a/packages/plugins/1password/CHANGELOG.md b/packages/plugins/1password/CHANGELOG.md index c56d8a13..e081620b 100644 --- a/packages/plugins/1password/CHANGELOG.md +++ b/packages/plugins/1password/CHANGELOG.md @@ -1,5 +1,22 @@ # @varlock/1password-plugin +## 0.3.3 + +### Patch Changes + +- [#533](https://github.com/dmno-dev/varlock/pull/533) [`0b6b2c0`](https://github.com/dmno-dev/varlock/commit/0b6b2c03ea5170f2ad1fbfa536b1b94ccf1de500) - Add support for 1Password Connect server (self-hosted) + + - New auth mode: `connectHost` + `connectToken` parameters in `@initOp()` for connecting to self-hosted 1Password Connect servers + - Direct REST API integration — no `op` CLI or 1Password SDK required for Connect server usage + - New `opConnectToken` data type for Connect server API tokens + - Parses standard `op://vault/item/[section/]field` references and resolves them via the Connect API + - Caches vault and item ID lookups within a session for efficiency + - Clear error when `opLoadEnvironment()` is used with Connect (not supported by the Connect API) + - Updated error messages and tips to include Connect server as an auth option + +- Updated dependencies [[`2022ef7`](https://github.com/dmno-dev/varlock/commit/2022ef7c8b2070f40c0cd787f0cc75a595a679e4), [`74752a3`](https://github.com/dmno-dev/varlock/commit/74752a3db9459538b8ef7d984737f5bb55de17ae), [`0ea6641`](https://github.com/dmno-dev/varlock/commit/0ea66411604966f744e311fdf59df71d5a3da127), [`6ab2d31`](https://github.com/dmno-dev/varlock/commit/6ab2d31903b80ab4d8ec0eb826a18789e73e8f11), [`01c9a6a`](https://github.com/dmno-dev/varlock/commit/01c9a6a5398d31d3818953dd757d3263e0cf3a36), [`1a4b0cf`](https://github.com/dmno-dev/varlock/commit/1a4b0cf4185c4152be4b39c70755316f1a8be25d), [`02e82d0`](https://github.com/dmno-dev/varlock/commit/02e82d07b4b9d810dba8d1925a27d9fd2c0abab3), [`0c27ed1`](https://github.com/dmno-dev/varlock/commit/0c27ed10b3b77571848974a3703d77e1eabb8abd)]: + - varlock@0.7.2 + ## 0.3.2 ### Patch Changes diff --git a/packages/plugins/1password/package.json b/packages/plugins/1password/package.json index 3cbb516a..3e0298ee 100644 --- a/packages/plugins/1password/package.json +++ b/packages/plugins/1password/package.json @@ -1,7 +1,7 @@ { "name": "@varlock/1password-plugin", "description": "Varlock plugin to load data from 1Password vaults", - "version": "0.3.2", + "version": "0.3.3", "type": "module", "homepage": "https://varlock.dev/plugins/1password/", "bugs": "https://github.com/dmno-dev/varlock/issues", diff --git a/packages/varlock/CHANGELOG.md b/packages/varlock/CHANGELOG.md index bd94c22e..3ca92666 100644 --- a/packages/varlock/CHANGELOG.md +++ b/packages/varlock/CHANGELOG.md @@ -1,5 +1,50 @@ # varlock +## 0.7.2 + +### Patch Changes + +- [#538](https://github.com/dmno-dev/varlock/pull/538) [`2022ef7`](https://github.com/dmno-dev/varlock/commit/2022ef7c8b2070f40c0cd787f0cc75a595a679e4) - feat: allow 3rd party plugins + + Third-party (non-`@varlock/*`) plugins are now supported: + + - **JavaScript projects**: Any plugin installed in `node_modules` via `package.json` is automatically trusted and can be used without restriction. + - **Standalone binary**: When downloading a third-party plugin from npm for the first time, Varlock will prompt for interactive confirmation. Once confirmed and cached, subsequent runs skip the prompt. Non-interactive environments (CI/piped) will receive a clear error message instructing the user to confirm interactively or install via `package.json`. + +- [#534](https://github.com/dmno-dev/varlock/pull/534) [`74752a3`](https://github.com/dmno-dev/varlock/commit/74752a3db9459538b8ef7d984737f5bb55de17ae) - Add version mismatch detection between standalone binary and local node_modules install + + When running the standalone binary (installed via homebrew/curl), varlock now checks if a different version is installed in the project's node_modules. If a version mismatch is detected, a warning is displayed suggesting users update the binary or use the locally installed version instead. This helps prevent confusing errors caused by running mismatched versions. + +- [#560](https://github.com/dmno-dev/varlock/pull/560) [`0ea6641`](https://github.com/dmno-dev/varlock/commit/0ea66411604966f744e311fdf59df71d5a3da127) - Add `varlock explain ITEM_KEY` command and override indicators in `varlock load` output. + + **Override indicators**: When a config item's value comes from a `process.env` override rather than its file-based definitions, `varlock load` now shows a yellow indicator on that item. This helps users understand why their resolver functions (e.g. `op()`) are not being called. + + **`varlock explain` command**: Shows detailed information about how a single config item is resolved, including all definitions and sources in priority order, which source is active, whether a process.env override is in effect (and what would be used without it), decorators, type info, and documentation links. + +- [#553](https://github.com/dmno-dev/varlock/pull/553) [`6ab2d31`](https://github.com/dmno-dev/varlock/commit/6ab2d31903b80ab4d8ec0eb826a18789e73e8f11) - Fix diamond dependency handling when the same schema is imported via multiple paths. Previously, duplicate imports caused plugin init decorators to run twice ("Instance already initialized" error). Now, duplicate imports create lightweight `ImportAliasSource` nodes that appear at the correct precedence position without re-initializing the source. This correctly handles different importKeys subsets across import sites and preserves override semantics matching non-deduplicated behavior. Also adds `type` field to serialized source entries for easier filtering. + +- [#558](https://github.com/dmno-dev/varlock/pull/558) [`01c9a6a`](https://github.com/dmno-dev/varlock/commit/01c9a6a5398d31d3818953dd757d3263e0cf3a36) - Fix plugin resolution failure in monorepo workspaces where `.git` and the lockfile coexist in the same directory. + + `detectWorkspaceInfo()` was checking for a `.git` directory **after** moving to the parent, so in the standard monorepo layout (`monorepo-root/.git` + `monorepo-root/bun.lock`) the root was never scanned and the lockfile was never found. Moving the `.git` boundary check to **before** moving up ensures the git-root directory is always scanned first. + +- [#547](https://github.com/dmno-dev/varlock/pull/547) [`1a4b0cf`](https://github.com/dmno-dev/varlock/commit/1a4b0cf4185c4152be4b39c70755316f1a8be25d) - Fix binary resolution in monorepos when `cwd` differs from the package root. + + When importing `varlock/auto-load` (e.g. from a `playwright.config.ts` in a monorepo sub-package), VS Code and similar tools may set `process.cwd()` to the workspace root rather than the sub-package directory. This caused `execSyncVarlock` to search for the `varlock` binary starting at the workspace root and fail to find it when it was only installed in a sub-package's `node_modules/.bin`. + + Two fixes are applied: + + 1. `execSyncVarlock` now accepts a `callerDir` option. When provided, the binary search walks up from `callerDir` before falling back to `process.cwd()`. `auto-load.ts` passes `import.meta.dirname` so the search always starts from inside the varlock package itself, which is already in the correct sub-package's `node_modules`. + + 2. The walk-up logic no longer throws immediately when it finds a `node_modules/.bin` directory that does not contain varlock. It now continues walking up, allowing the search to find varlock installed at a higher or lower level of a monorepo. + +- [#542](https://github.com/dmno-dev/varlock/pull/542) [`02e82d0`](https://github.com/dmno-dev/varlock/commit/02e82d07b4b9d810dba8d1925a27d9fd2c0abab3) - Fix Vitest workspace projects in monorepos: when running Vitest from the monorepo root using the `projects` config, varlock now correctly resolves `.env.schema` and `.env` files from each child package's directory instead of only looking in the monorepo root. + +- [#550](https://github.com/dmno-dev/varlock/pull/550) [`0c27ed1`](https://github.com/dmno-dev/varlock/commit/0c27ed10b3b77571848974a3703d77e1eabb8abd) - Fix `@generateTypes` not creating variables when using a custom path with `varlock typegen --path ` + + When a schema file with an environment-qualifier-like name (e.g. `.env.infra.schema`) was passed as the explicit entry point via `--path`, its variables were being excluded from type generation. The filename was parsed such that `infra` was treated as an environment name (`applyForEnv='infra'`), causing the data source to be marked as environment-specific and all its variables to be filtered out. + + The fix ensures that a file loaded as the root entry point (no parent data source) is never treated as environment-specific, even if its filename contains an environment qualifier. + ## 0.7.1 ### Patch Changes diff --git a/packages/varlock/package.json b/packages/varlock/package.json index 1712442d..cf0df48a 100644 --- a/packages/varlock/package.json +++ b/packages/varlock/package.json @@ -1,6 +1,6 @@ { "name": "varlock", - "version": "0.7.1", + "version": "0.7.2", "description": "AI-safe .env files: Schemas for agents, Secrets for humans.", "main": "index.js", "type": "module",