HalbonLabs
diff --git a/‎.env.templates‎
Lines changed: 201 additions & 0 deletions b/‎.env.templates‎
Lines changed: 201 additions & 0 deletions
diff --git a/‎.githooks/pre-commit‎
Lines changed: 194 additions & 0 deletions b/‎.githooks/pre-commit‎
Lines changed: 194 additions & 0 deletions
@@ -0,0 +1,201 @@
+# Environment Configuration Templates
+# Copy these to your project root and customize for your environment
+
+# ====================
+# .env.example
+# ====================
+
+# Project Information
+PROJECT_NAME=my-awesome-project
+PROJECT_VERSION=1.0.0
+ENVIRONMENT=development
+
+# Database Configuration
+DATABASE_URL=postgresql://user:password@localhost:5432/mydb
+DB_HOST=localhost
+DB_PORT=5432
+DB_NAME=mydb
+DB_USER=user
+DB_PASS=password
+
+# API Configuration  
+API_BASE_URL=http://localhost:3000
+API_VERSION=v1
+API_TIMEOUT=30000
+
+# Authentication
+JWT_SECRET=your-super-secret-jwt-key-here
+SESSION_SECRET=your-session-secret-here
+COOKIE_SECRET=your-cookie-secret-here
+
+# Third-Party Services
+STRIPE_PUBLIC_KEY=pk_test_your_stripe_public_key
+STRIPE_SECRET_KEY=sk_test_your_stripe_secret_key
+SENDGRID_API_KEY=SG.your_sendgrid_api_key
+AWS_ACCESS_KEY_ID=your_aws_access_key
+AWS_SECRET_ACCESS_KEY=your_aws_secret_key
+AWS_REGION=us-east-1
+AWS_S3_BUCKET=your-s3-bucket
+
+# External APIs
+GOOGLE_ANALYTICS_ID=UA-123456789-1
+SENTRY_DSN=https://[email protected]/project-id
+
+# Development Tools
+DEBUG=true
+LOG_LEVEL=debug
+HOT_RELOAD=true
+
+# Backup System Configuration
+BACKUP_ENABLED=true
+BACKUP_RETENTION_DAYS=30
+BACKUP_REMOTE_PUSH=true
+AI_SAFETY_ENABLED=true
+HEALTH_CHECK_INTERVAL=3600
+
+# Notification Configuration
+SLACK_WEBHOOK_URL=https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK
+EMAIL_ALERTS_ENABLED=false
+ALERT_THRESHOLD_ERRORS=10
+
+# Security
+CORS_ORIGIN=http://localhost:3000
+RATE_LIMIT_WINDOW=900000
+RATE_LIMIT_MAX=100
+HELMET_ENABLED=true
+
+# Performance
+CACHE_TTL=3600
+MAX_REQUEST_SIZE=10mb
+COMPRESSION_ENABLED=true
+
+# ====================
+# .env.production.example  
+# ====================
+
+# Project Information
+PROJECT_NAME=my-awesome-project
+PROJECT_VERSION=1.0.0
+ENVIRONMENT=production
+
+# Database Configuration (Production)
+DATABASE_URL=postgresql://prod_user:[email protected]:5432/prod_db
+DB_POOL_SIZE=20
+DB_SSL_MODE=require
+
+# API Configuration (Production)
+API_BASE_URL=https://api.yourapp.com
+API_VERSION=v1
+API_TIMEOUT=10000
+
+# Authentication (Production)
+JWT_SECRET=super-secure-production-jwt-secret-change-me
+JWT_EXPIRES_IN=24h
+SESSION_SECRET=super-secure-session-secret-change-me
+COOKIE_SECURE=true
+COOKIE_SAME_SITE=strict
+
+# Third-Party Services (Production)
+STRIPE_PUBLIC_KEY=pk_live_your_stripe_live_public_key
+STRIPE_SECRET_KEY=sk_live_your_stripe_live_secret_key
+SENDGRID_API_KEY=SG.your_production_sendgrid_api_key
+AWS_ACCESS_KEY_ID=your_production_aws_access_key
+AWS_SECRET_ACCESS_KEY=your_production_aws_secret_key
+AWS_REGION=us-east-1
+AWS_S3_BUCKET=your-production-s3-bucket
+
+# External APIs (Production)
+GOOGLE_ANALYTICS_ID=UA-123456789-1
+SENTRY_DSN=https://[email protected]/project-id
+SENTRY_ENVIRONMENT=production
+
+# Production Settings
+DEBUG=false
+LOG_LEVEL=warn
+NODE_ENV=production
+HOT_RELOAD=false
+
+# Backup System Configuration (Production)
+BACKUP_ENABLED=true
+BACKUP_RETENTION_DAYS=90
+BACKUP_REMOTE_PUSH=true
+BACKUP_ENCRYPTION_KEY=your-backup-encryption-key
+AI_SAFETY_ENABLED=true
+HEALTH_CHECK_INTERVAL=1800
+
+# Notification Configuration (Production)
+SLACK_WEBHOOK_URL=https://hooks.slack.com/services/YOUR/PRODUCTION/WEBHOOK
+EMAIL_ALERTS_ENABLED=true
+ALERT_THRESHOLD_ERRORS=5
+CRITICAL_ALERT_PHONE=+1234567890
+
+# Security (Production)
+CORS_ORIGIN=https://yourapp.com,https://www.yourapp.com
+RATE_LIMIT_WINDOW=300000
+RATE_LIMIT_MAX=50
+HELMET_ENABLED=true
+FORCE_HTTPS=true
+SECURITY_HEADERS=true
+
+# Performance (Production)
+CACHE_TTL=7200
+MAX_REQUEST_SIZE=5mb
+COMPRESSION_ENABLED=true
+GZIP_LEVEL=6
+
+# Monitoring
+HEALTH_CHECK_ENDPOINT=/health
+METRICS_ENABLED=true
+UPTIME_MONITORING=true
+
+# ====================
+# .env.test.example
+# ====================
+
+# Project Information
+PROJECT_NAME=my-awesome-project-test
+PROJECT_VERSION=1.0.0
+ENVIRONMENT=test
+
+# Database Configuration (Test)
+DATABASE_URL=postgresql://test_user:test_password@localhost:5432/test_db
+DB_LOGGING=false
+
+# API Configuration (Test)
+API_BASE_URL=http://localhost:3001
+API_VERSION=v1
+API_TIMEOUT=5000
+
+# Authentication (Test)
+JWT_SECRET=test-jwt-secret-not-for-production
+JWT_EXPIRES_IN=1h
+SESSION_SECRET=test-session-secret
+
+# Test Settings
+DEBUG=false
+LOG_LEVEL=error
+NODE_ENV=test
+SILENT_TESTS=true
+
+# Backup System Configuration (Test)
+BACKUP_ENABLED=false
+BACKUP_RETENTION_DAYS=7
+BACKUP_REMOTE_PUSH=false
+AI_SAFETY_ENABLED=true
+HEALTH_CHECK_INTERVAL=60
+
+# Notification Configuration (Test)
+SLACK_WEBHOOK_URL=
+EMAIL_ALERTS_ENABLED=false
+ALERT_THRESHOLD_ERRORS=100
+
+# Security (Test)
+CORS_ORIGIN=*
+RATE_LIMIT_WINDOW=60000
+RATE_LIMIT_MAX=1000
+HELMET_ENABLED=false
+
+# Performance (Test)
+CACHE_TTL=60
+MAX_REQUEST_SIZE=1mb
+COMPRESSION_ENABLED=false
@@ -0,0 +1,194 @@
+# Pre-commit hook for Universal Backup System
+# Runs security checks and validations before commits
+
+# Enable strict mode
+Set-StrictMode -Version Latest
+$ErrorActionPreference = "Stop"
+
+Write-Host "🔍 Running pre-commit security checks..." -ForegroundColor Cyan
+
+# Function to check for sensitive files
+function Test-SensitiveFiles {
+    $sensitivePatterns = @(
+        "\.key$", "\.pem$", "\.p12$", "\.pfx$",
+        "\.env$", "secrets\.", "credentials",
+        "id_rsa", "\.crt$", "\.cer$"
+    )
+    
+    $stagedFiles = git diff --cached --name-only
+    $sensitiveFIlesFound = @()
+    
+    foreach ($file in $stagedFiles) {
+        foreach ($pattern in $sensitivePatterns) {
+            if ($file -match $pattern) {
+                $sensitiveFIlesFound += $file
+            }
+        }
+    }
+    
+    if ($sensitiveFIlesFound.Count -gt 0) {
+        Write-Host "🚨 SECURITY ALERT: Sensitive files detected in commit:" -ForegroundColor Red
+        foreach ($file in $sensitiveFIlesFound) {
+            Write-Host "  - $file" -ForegroundColor Red
+        }
+        Write-Host "Please review and remove sensitive files before committing." -ForegroundColor Red
+        return $false
+    }
+    
+    return $true
+}
+
+# Function to check for hardcoded secrets
+function Test-HardcodedSecrets {
+    $secretPatterns = @(
+        "password\s*=\s*['\"].*['\"]",
+        "api_key\s*=\s*['\"].*['\"]",
+        "secret\s*=\s*['\"].*['\"]",
+        "token\s*=\s*['\"].*['\"]",
+        "AKIA[0-9A-Z]{16}",  # AWS Access Key
+        "ghp_[a-zA-Z0-9]{36}", # GitHub Token
+        "xoxb-[0-9]{11}-[0-9]{12}-[a-zA-Z0-9]{24}" # Slack Token
+    )
+    
+    $stagedFiles = git diff --cached --name-only | Where-Object { $_ -match "\.(js|ts|py|rb|php|json|yaml|yml|env)$" }
+    $secretsFound = @()
+    
+    foreach ($file in $stagedFiles) {
+        if (Test-Path $file) {
+            $content = Get-Content $file -Raw
+            foreach ($pattern in $secretPatterns) {
+                if ($content -match $pattern) {
+                    $secretsFound += @{ File = $file; Pattern = $pattern }
+                }
+            }
+        }
+    }
+    
+    if ($secretsFound.Count -gt 0) {
+        Write-Host "🚨 SECURITY ALERT: Potential hardcoded secrets detected:" -ForegroundColor Red
+        foreach ($secret in $secretsFound) {
+            Write-Host "  - File: $($secret.File)" -ForegroundColor Red
+            Write-Host "    Pattern: $($secret.Pattern)" -ForegroundColor Gray
+        }
+        Write-Host "Please remove hardcoded secrets and use environment variables instead." -ForegroundColor Red
+        return $false
+    }
+    
+    return $true
+}
+
+# Function to validate commit message
+function Test-CommitMessage {
+    # Get the commit message file path
+    $commitMsgFile = ".git/COMMIT_EDITMSG"
+    
+    if (-not (Test-Path $commitMsgFile)) {
+        return $true # No commit message file, skip validation
+    }
+    
+    $commitMsg = Get-Content $commitMsgFile -Raw
+    
+    # Check for minimum length
+    if ($commitMsg.Length -lt 10) {
+        Write-Host "⚠️  WARNING: Commit message is very short. Consider adding more detail." -ForegroundColor Yellow
+    }
+    
+    # Check for security-related keywords that might indicate dangerous operations
+    $dangerousKeywords = @("delete all", "remove everything", "drop database", "format", "destroy")
+    foreach ($keyword in $dangerousKeywords) {
+        if ($commitMsg -match $keyword) {
+            Write-Host "🚨 WARNING: Potentially dangerous operation mentioned in commit message: '$keyword'" -ForegroundColor Yellow
+            Write-Host "Please confirm this is intentional." -ForegroundColor Yellow
+        }
+    }
+    
+    return $true
+}
+
+# Function to run linting if available
+function Invoke-LintingCheck {
+    Write-Host "📋 Running linting checks..." -ForegroundColor Cyan
+    
+    # ESLint for JavaScript/TypeScript
+    if (Test-Path "package.json") {
+        $packageJson = Get-Content "package.json" | ConvertFrom-Json
+        if ($packageJson.scripts.lint) {
+            try {
+                npm run lint 2>$null
+                if ($LASTEXITCODE -eq 0) {
+                    Write-Host "✅ ESLint passed" -ForegroundColor Green
+                } else {
+                    Write-Host "❌ ESLint failed - please fix linting errors" -ForegroundColor Red
+                    return $false
+                }
+            }
+            catch {
+                Write-Host "⚠️  Could not run ESLint" -ForegroundColor Yellow
+            }
+        }
+    }
+    
+    # Python linting
+    if (Test-Path "requirements.txt" -or Test-Path "pyproject.toml") {
+        try {
+            flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics 2>$null
+            if ($LASTEXITCODE -eq 0) {
+                Write-Host "✅ Python linting passed" -ForegroundColor Green
+            } else {
+                Write-Host "⚠️  Python linting issues detected" -ForegroundColor Yellow
+            }
+        }
+        catch {
+            Write-Host "ℹ️  Python linting not available" -ForegroundColor Gray
+        }
+    }
+    
+    return $true
+}
+
+# Run all pre-commit checks
+$allChecksPassed = $true
+
+# 1. Check for sensitive files
+if (-not (Test-SensitiveFiles)) {
+    $allChecksPassed = $false
+}
+
+# 2. Check for hardcoded secrets
+if (-not (Test-HardcodedSecrets)) {
+    $allChecksPassed = $false
+}
+
+# 3. Validate commit message
+Test-CommitMessage | Out-Null
+
+# 4. Run linting checks
+if (-not (Invoke-LintingCheck)) {
+    # Don't fail the commit for linting issues, just warn
+    Write-Host "⚠️  Linting issues detected but allowing commit to proceed" -ForegroundColor Yellow
+}
+
+# 5. Run backup system security validation
+$securityScript = Join-Path $PSScriptRoot "..\scripts\security-validation.ps1"
+if (Test-Path $securityScript) {
+    try {
+        & $securityScript
+        if ($LASTEXITCODE -ne 0) {
+            Write-Host "❌ Security validation failed" -ForegroundColor Red
+            $allChecksPassed = $false
+        }
+    }
+    catch {
+        Write-Host "⚠️  Could not run security validation" -ForegroundColor Yellow
+    }
+}
+
+# Final result
+if ($allChecksPassed) {
+    Write-Host "✅ All pre-commit checks passed!" -ForegroundColor Green
+    exit 0
+} else {
+    Write-Host "❌ Pre-commit checks failed. Please fix the issues above." -ForegroundColor Red
+    Write-Host "To skip these checks (not recommended), use: git commit --no-verify" -ForegroundColor Gray
+    exit 1
+}