keyway_validate

Instructions

Implementation Reference

• src/tools/validate.ts:204-314 (handler)

  The `validate` function implements the core logic for the 'keyway_validate' tool, which scans for environment variable references and checks if they exist in a repository environment.

  export async function validate(args: ValidateArgs): Promise<CallToolResult> {
    const { environment, required = [], autoDetect = false, path = process.cwd() } = args;
  
    if (!environment) {
      return {
        content: [{ type: 'text', text: 'Error: Environment is required' }],
        isError: true,
      };
    }
  
    try {
      const token = await getToken();
      const repository = getRepository();
  
      // Get required secrets list
      let requiredSecrets: string[] = [...required];
  
      // Auto-detect from codebase if requested
      if (autoDetect) {
        const detected = scanDirectoryForEnvVars(path);
        const filtered = filterNonSecrets(detected);
        requiredSecrets = [...new Set([...requiredSecrets, ...filtered])];
      }
  
      if (requiredSecrets.length === 0) {
        return {
          content: [
            {
              type: 'text',
              text: 'Error: No required secrets specified. Provide a "required" array or set "autoDetect: true"',
            },
          ],
          isError: true,
        };
      }
  
      // Pull existing secrets
      let existingSecrets: Record<string, string> = {};
      try {
        const content = await pullSecrets(repository, environment, token);
        existingSecrets = parseEnvContent(content);
      } catch {
        // Environment might not exist
      }
  
      const existingKeys = new Set(Object.keys(existingSecrets));
  
      // Categorize secrets
      const missing: string[] = [];
      const present: string[] = [];
  
      for (const secret of requiredSecrets) {
        if (existingKeys.has(secret)) {
          present.push(secret);
        } else {
          missing.push(secret);
        }
      }
  
      // Find extra secrets (in vault but not required)
      const requiredSet = new Set(requiredSecrets);
      const extra = Array.from(existingKeys)
        .filter((k) => !requiredSet.has(k))
        .sort();
  
      const coverage =
        requiredSecrets.length > 0
          ? ((present.length / requiredSecrets.length) * 100).toFixed(1)
          : '100.0';
  
      const result: ValidationResult = {
        valid: missing.length === 0,
        environment,
        repository,
        required: requiredSecrets.sort(),
        missing: missing.sort(),
        present: present.sort(),
        extra,
        stats: {
          requiredCount: requiredSecrets.length,
          presentCount: present.length,
          missingCount: missing.length,
          coverage: `${coverage}%`,
        },
      };
  
      // Add helpful message
      let message: string;
      if (result.valid) {
        message = `✓ All ${requiredSecrets.length} required secrets are present in "${environment}"`;
      } else {
        message = `✗ Missing ${missing.length} required secret${missing.length > 1 ? 's' : ''} in "${environment}": ${missing.join(', ')}`;
      }
  
      const response = {
        ...result,
        message,
      };
  
      return {
        content: [{ type: 'text', text: JSON.stringify(response, null, 2) }],
        isError: false,
      };
    } catch (error) {
      const errorMessage = error instanceof Error ? error.message : 'Unknown error';
      return {
        content: [{ type: 'text', text: `Error validating secrets: ${errorMessage}` }],
        isError: true,
      };
    }
  }

• src/tools/validate.ts:15-20 (schema)

  Schema definition for the arguments expected by the 'keyway_validate' tool.

  interface ValidateArgs {
    environment: string;
    required?: string[];
    autoDetect?: boolean;
    path?: string;
  }