Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR removes the legacy ProKeypair integration and starts wiring key lookup behavior toward dotenvx-ops, alongside updating related CLI/test messaging and help text.
Changes:
- Remove
ProKeypairhelper + tests and simplifyfindPublicKey/findPrivateKeyto no longer depend on it. - Add
Ops.keypair()and extendfindPrivateKeyto optionally fetch a private key viadotenvx-opsusing a public key. - Update CLI/tests: rename “radar” output to “ops”, add an
encrypt--ops-offoption, and remove the “ops backup” guidance from output/templates.
Reviewed changes
Copilot reviewed 25 out of 25 changed files in this pull request and generated 12 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/lib/services/sets.test.js | Removes ProKeypair stubbing from Sets encryption tests. |
| tests/lib/services/ops.test.js | Updates “radar” text to “ops” and adds unit tests for Ops.keypair(). |
| tests/lib/services/encrypt.test.js | Adds coverage for encrypt behavior with ops disabled. |
| tests/lib/main.test.js | Removes assertion for “ops backup” help message. |
| tests/lib/helpers/proKeypair.test.js | Deletes ProKeypair tests. |
| tests/lib/helpers/findPrivateKey.test.js | Adds tests for ops-backed private key lookup and fallback behavior. |
| tests/e2e/encrypt.test.js | Updates CLI invocation/output expectations for ops-off + help text removal. |
| tests/cli/actions/set.test.js | Removes assertion for “ops backup” help message. |
| tests/cli/actions/rotate.test.js | Removes assertion for “ops backup” help message. |
| tests/cli/actions/encrypt.test.js | Removes assertion for “ops backup” help message. |
| src/lib/services/sets.js | Passes public key into private-key lookup; removes ops backup header line (commented out). |
| src/lib/services/run.js | Threads public key into findPrivateKey for ops lookup support. |
| src/lib/services/rotate.js | Passes public key into private-key lookup. |
| src/lib/services/ops.js | Renames user-facing log label and adds keypair() subprocess integration. |
| src/lib/services/encrypt.js | Adds opsOn plumbing and uses ops-aware private key lookup; removes ops backup header line (commented out). |
| src/lib/services/decrypt.js | Threads public key into findPrivateKey. |
| src/lib/main.js | Removes “ops backup” help message (commented out). |
| src/lib/helpers/proKeypair.js | Deletes ProKeypair implementation. |
| src/lib/helpers/findPublicKey.js | Removes ProKeypair usage; resolves only via Keypair. |
| src/lib/helpers/findPrivateKey.js | Replaces ProKeypair behavior with optional ops key lookup + local fallback. |
| src/cli/dotenvx.js | Adds boolean parsing helper and introduces encrypt --ops-off <boolean>. |
| src/cli/actions/set.js | Removes “ops backup” help message (commented out). |
| src/cli/actions/rotate.js | Removes “ops backup” help message (commented out). |
| src/cli/actions/encrypt.js | Plumbs opsOn into Encrypt and removes “ops backup” help message (commented out). |
| CHANGELOG.md | Notes removal of ProKeypair. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if (processedEnv.privateKeyAdded) { | ||
| logger.success(`✔ key added to ${processedEnv.envKeysFilepath} (${processedEnv.privateKeyName})`) | ||
| logger.help('⮕ optional: [dotenvx ops backup] to securely backup private key') | ||
| // logger.help('⮕ optional: [dotenvx ops backup] to securely backup private key') |
| if (processedEnv.privateKeyAdded) { | ||
| logger.success(`✔ key added to ${processedEnv.envKeysFilepath} (${processedEnv.privateKeyName})`) | ||
| logger.help('⮕ optional: [dotenvx ops backup] to securely backup private key') | ||
| // logger.help('⮕ optional: [dotenvx ops backup] to securely backup private key') |
| envSrc = `${firstLinePreserved}${prependPublicKey}\n${envSrc}` | ||
| } | ||
| } else if (existingPublicKey) { | ||
| // throw new Error('implement for remote Ops existingPrivateKey') |
Comment on lines
+38
to
+56
| const stub = sinon.stub(Ops.prototype, 'keypair').returns('remote-private') | ||
|
|
||
| const envFilepath = 'tests/monorepo/apps/encrypted/.env' | ||
| const privateKey = findPrivateKey(envFilepath, null, true, 'pub') | ||
|
|
||
| t.equal(privateKey, 'remote-private') | ||
| t.ok(stub.calledOnceWith('pub'), 'Ops.keypair called with public key') | ||
|
|
||
| ct.end() | ||
| }) | ||
|
|
||
| t.test('#findPrivateKey falls back to local when ops lookup fails', ct => { | ||
| const stub = sinon.stub(Ops.prototype, 'keypair').returns(null) | ||
|
|
||
| const envFilepath = 'tests/monorepo/apps/encrypted/.env' | ||
| const privateKey = findPrivateKey(envFilepath, null, true, 'pub') | ||
|
|
||
| t.equal(privateKey, 'ec9e80073d7ace817d35acb8b7293cbf8e5981b4d2f5708ee5be405122993cd1') | ||
| t.ok(stub.calledOnceWith('pub'), 'Ops keypair attempted once') |
| const relativeFilepath = path.relative(path.dirname(filepath), envKeysFilepath) | ||
|
|
||
| if (existingPrivateKey) { | ||
| // throw new Error('implement for remote Ops existingPrivateKey') |
| '#/ private decryption keys. DO NOT commit to source control /', | ||
| '#/ [how it works](https://dotenvx.com/encryption) /', | ||
| '#/ backup with: `dotenvx ops backup` /', | ||
| // '#/ backup with: `dotenvx ops backup` /', |
| '#/ private decryption keys. DO NOT commit to source control /', | ||
| '#/ [how it works](https://dotenvx.com/encryption) /', | ||
| '#/ backup with: `dotenvx ops backup` /', | ||
| // '#/ backup with: `dotenvx ops backup` /', |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.