stack/apps/internal-tool/scripts/spacetime-token.mjs
Bilal Godil 178b5c5a8c chore: rename STACK_* env vars to HEXCLAVE_* in env templates, with legacy dual-read
Renames every STACK_*-prefixed variable (including NEXT_PUBLIC_STACK_*) to
HEXCLAVE_* across all checked-in .env, .env.development, and .env.example
files, completing the env-var side of the Hexclave rebrand. Legacy STACK_*
names keep working everywhere so existing deployments, .env.local files, and
self-hosted setups don't need immediate migration:

- getEnvVariable already prefers HEXCLAVE_* with STACK_* fallback; fix it to
  treat empty-string values as unset so the empty HEXCLAVE_* placeholders in
  the checked-in templates can't shadow a real value under the legacy name.
- Apply the same empty-as-unset rule (|| instead of ??) to all literal
  process.env dual-reads (dashboard inline env, docs, examples, CLI) and to
  the generated SDK env getter chains via packages/template generate-env.ts.
- Add explicit HEXCLAVE_* || STACK_* dual-reads to direct process.env readers
  fed by the renamed files: prisma seed, e2e tests/helpers, internal-tool
  scripts and app, demo/convex examples.
- docker/server/entrypoint.sh: add a generic two-way HEXCLAVE_/STACK_ env
  mirror (run at startup and again before sentinel replacement), replacing the
  previous URL-trio-only mirror; accept legacy NEXT_PUBLIC_STACK_PORT_PREFIX;
  rotate-secrets.sh falls back to HEXCLAVE_DATABASE_CONNECTION_STRING.
- e2e cross-domain-auth and the internal-feedback-emails in-source test now
  override the canonical HEXCLAVE_* names (the legacy override would be
  shadowed by the renamed env files).
- docs/code-examples snippets renamed outright to the canonical names.
2026-06-11 16:23:50 -07:00

35 lines
1.2 KiB
JavaScript

#!/usr/bin/env node
// Cross-platform token injection/restoration for SpacetimeDB publish.
// Replaces the Unix-only sed/mv scripts so pnpm dev works on Windows too.
import { readFileSync, writeFileSync, existsSync, renameSync, unlinkSync } from "node:fs";
import { resolve } from "node:path";
const TARGET = resolve("spacetimedb/src/index.ts");
const BACKUP = TARGET + ".bak";
const PLACEHOLDER = "__SPACETIMEDB_LOG_TOKEN__";
const action = process.argv[2];
if (action === "inject") {
const token = (process.env.HEXCLAVE_MCP_LOG_TOKEN || process.env.STACK_MCP_LOG_TOKEN) || "change-me";
if (existsSync(BACKUP)) {
console.error("Refusing to inject: backup already exists. Run restore first.");
process.exit(1);
}
const content = readFileSync(TARGET, "utf8");
writeFileSync(BACKUP, content, "utf8");
const escapedToken = JSON.stringify(token).slice(1, -1);
writeFileSync(TARGET, content.replaceAll(PLACEHOLDER, escapedToken), "utf8");
} else if (action === "restore") {
if (existsSync(BACKUP)) {
if (existsSync(TARGET)) {
unlinkSync(TARGET);
}
renameSync(BACKUP, TARGET);
}
} else {
console.error("Usage: node scripts/spacetime-token.mjs <inject|restore>");
process.exit(1);
}