refactor: unify provider parsing logic in init command

- Add reflect() method to Provider trait with default error implementation
- Move DotEnvProvider's reflect implementation to Provider trait impl
- Update init --from to use Box<dyn Provider>::try_from() for consistency
- Now supports all provider formats: "dotenv", "dotenv:.env", "dotenv://.env"
- Add integration tests for init --from with various provider formats
- Add unit test for default reflect() error behavior

This ensures consistent provider specification parsing across all CLI commands.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: domenkozar

CHANGELOG.md

@@ -9,9 +9,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 - Integrate `secrecy` crate for secure secret handling with automatic memory zeroing
+- Add `reflect()` method to Provider trait for provider introspection
 
 ### Changed
 - Made keyring provider optional via `keyring` feature flag (enabled by default)
+- Unified provider parsing logic in init command to support all provider formats consistently
 
 ## [0.2.0] - 2025-07-17
 

secretspec/src/cli/mod.rs

@@ -1,4 +1,4 @@
-use crate::provider::{dotenv::DotEnvProvider, providers};
+use crate::provider::{Provider, providers};
 use crate::{Config, GlobalConfig, GlobalDefaults, Profile, Project, Secrets};
 use clap::{Parser, Subcommand};
 use miette::{IntoDiagnostic, Result, WrapErr, miette};
@@ -206,26 +206,20 @@ pub fn main() -> Result<()> {
                 }
             }
 
-            // Parse the provider URL
-            let uri = from
-                .parse::<url::Url>()
-                .map_err(|e| miette!("Invalid provider URL '{}': {}", from, e))?;
+            // Create provider from the specification string
+            // This handles various formats like "dotenv", "dotenv:.env", "dotenv://.env.production"
+            let provider: Box<dyn Provider> = from.as_str().try_into().into_diagnostic()?;
 
-            // Extract scheme from URI to validate provider
-            let scheme = uri.scheme();
-
-            // Currently only support dotenv provider
-            if scheme != "dotenv" {
+            // Check if it's a dotenv provider
+            if provider.name() != "dotenv" {
                 return Err(miette!(
-                    "Only 'dotenv://' provider URLs are currently supported for init --from. Got: {}",
-                    from
+                    "Only 'dotenv' provider is currently supported for init --from. Got provider: {}",
+                    provider.name()
                 ));
             }
 
-            // Create dotenv provider and reflect secrets
-            let dotenv_config = (&uri).try_into().into_diagnostic()?;
-            let dotenv_provider = DotEnvProvider::new(dotenv_config);
-            let secrets = dotenv_provider.reflect().into_diagnostic()?;
+            // Reflect secrets from the provider
+            let secrets = provider.reflect().into_diagnostic()?;
 
             // Create a new project config
             let mut profiles = HashMap::new();
@@ -267,6 +261,13 @@ pub fn main() -> Result<()> {
                 .sum::<usize>();
             println!("✓ Created secretspec.toml with {} secrets", secret_count);
 
+            // If we imported from a provider, suggest migration
+            if provider.name() == "dotenv" && secret_count > 0 {
+                println!("\nTo migrate your secrets from {}:", from);
+                println!("  1. Review secretspec.toml and adjust as needed");
+                println!("  2. secretspec import {}    # Import secret values", from);
+            }
+
             println!("\nNext steps:");
             println!("  1. secretspec config init    # Set up user configuration");
             println!("  2. secretspec check          # Verify all secrets and set them");

secretspec/src/provider/dotenv.rs

@@ -156,63 +156,6 @@ impl DotEnvProvider {
     pub fn new(config: DotEnvConfig) -> Self {
         Self { config }
     }
-
-    /// Reflects all secrets available in the .env file as Secret entries.
-    ///
-    /// This method reads the .env file and returns all environment variables
-    /// as Secret entries with default descriptions and all marked as required.
-    /// If the file doesn't exist, returns an empty HashMap.
-    ///
-    /// # Returns
-    ///
-    /// * `Ok(HashMap<String, Secret>)` - All environment variables as Secret
-    /// * `Err(SecretSpecError)` - If reading the file fails
-    ///
-    /// # Examples
-    ///
-    /// ```ignore
-    /// use secretspec::provider::dotenv::{DotEnvProvider, DotEnvConfig};
-    ///
-    /// let provider = DotEnvProvider::new(DotEnvConfig::default());
-    /// let secrets = provider.reflect().unwrap();
-    /// for (key, config) in secrets {
-    ///     println!("Found secret: {} - {}", key, config.description);
-    /// }
-    /// ```
-    pub fn reflect(&self) -> Result<HashMap<String, crate::config::Secret>> {
-        use crate::config::Secret;
-
-        if !self.config.path.exists() {
-            return Ok(HashMap::new());
-        }
-
-        // Check if path is a directory
-        if self.config.path.is_dir() {
-            return Err(SecretSpecError::Io(std::io::Error::new(
-                std::io::ErrorKind::IsADirectory,
-                format!(
-                    "Expected file but found directory: {}",
-                    self.config.path.display()
-                ),
-            )));
-        }
-
-        let mut secrets = HashMap::new();
-        let env_vars = dotenvy::from_path_iter(&self.config.path)?;
-        for item in env_vars {
-            let (key, _value) = item?;
-            secrets.insert(
-                key.clone(),
-                Secret {
-                    description: Some(format!("{} secret", key)),
-                    required: true,
-                    default: None,
-                },
-            );
-        }
-
-        Ok(secrets)
-    }
 }
 
 impl Provider for DotEnvProvider {
@@ -306,6 +249,41 @@ impl Provider for DotEnvProvider {
         fs::write(&self.config.path, content)?;
         Ok(())
     }
+
+    fn reflect(&self) -> Result<HashMap<String, crate::config::Secret>> {
+        use crate::config::Secret;
+
+        if !self.config.path.exists() {
+            return Ok(HashMap::new());
+        }
+
+        // Check if path is a directory
+        if self.config.path.is_dir() {
+            return Err(SecretSpecError::Io(std::io::Error::new(
+                std::io::ErrorKind::IsADirectory,
+                format!(
+                    "Expected file but found directory: {}",
+                    self.config.path.display()
+                ),
+            )));
+        }
+
+        let mut secrets = HashMap::new();
+        let env_vars = dotenvy::from_path_iter(&self.config.path)?;
+        for item in env_vars {
+            let (key, _value) = item?;
+            secrets.insert(
+                key.clone(),
+                Secret {
+                    description: Some(format!("{} secret", key)),
+                    required: true,
+                    default: None,
+                },
+            );
+        }
+
+        Ok(secrets)
+    }
 }
 
 #[cfg(test)]

secretspec/src/provider/mod.rs

@@ -52,6 +52,7 @@
 
 use crate::{Result, SecretSpecError};
 use secrecy::SecretString;
+use std::collections::HashMap;
 use std::convert::TryFrom;
 use url::Url;
 
@@ -234,6 +235,32 @@ pub trait Provider: Send + Sync {
     ///
     /// This should match the name registered with the provider macro.
     fn name(&self) -> &'static str;
+
+    /// Discovers and returns all secrets available in this provider.
+    ///
+    /// This method is used to introspect the provider and find all available secrets.
+    /// It's particularly useful for importing secrets from external sources.
+    ///
+    /// # Returns
+    ///
+    /// A HashMap where keys are secret names and values are `Secret` configurations.
+    /// The default implementation returns an empty map, indicating the provider
+    /// doesn't support reflection.
+    ///
+    /// # Example
+    ///
+    /// ```rust,ignore
+    /// let secrets = provider.reflect()?;
+    /// for (name, secret) in secrets {
+    ///     println!("Found secret: {} = {:?}", name, secret);
+    /// }
+    /// ```
+    fn reflect(&self) -> Result<HashMap<String, crate::config::Secret>> {
+        Err(SecretSpecError::ProviderOperationFailed(format!(
+            "Provider '{}' does not support reflection",
+            self.name()
+        )))
+    }
 }
 
 impl TryFrom<String> for Box<dyn Provider> {

secretspec/src/provider/tests.rs

@@ -405,4 +405,22 @@ mod integration_tests {
             }
         }
     }
+
+    #[test]
+    fn test_default_reflect_returns_error() {
+        // Test that the default reflect implementation returns an error
+        let provider = MockProvider::new();
+        let result = provider.reflect();
+        assert!(
+            result.is_err(),
+            "Default reflect implementation should return an error"
+        );
+
+        let error = result.unwrap_err();
+        let error_msg = error.to_string();
+        assert!(
+            error_msg.contains("does not support reflection"),
+            "Error message should indicate reflection is not supported"
+        );
+    }
 }

tests/cli-integration.sh

@@ -149,7 +149,33 @@ check_success "Set secret in production profile"
 secretspec config show > /dev/null
 check_success "Config show command works"
 
-# Test 11: Default value handling
+# Test 11: Init from provider
+# Create a .env file to import from
+cat > .env.source << EOF
+API_KEY=test-api-key
+DATABASE_URL=postgres://localhost/test
+EOF
+
+# Test init with bare provider name
+rm -f secretspec.toml
+secretspec init --from dotenv:.env.source
+check_success "Init from dotenv provider with path"
+
+# Verify secrets were imported
+grep -q "API_KEY" secretspec.toml && grep -q "DATABASE_URL" secretspec.toml
+check_success "Init imported secrets from .env file"
+
+# Test init with bare provider name (should use default .env)
+echo "DEFAULT_KEY=default-value" > .env
+rm -f secretspec.toml
+secretspec init --from dotenv
+check_success "Init from dotenv provider (bare name)"
+
+# Verify it found the default .env
+grep -q "DEFAULT_KEY" secretspec.toml
+check_success "Init found default .env file"
+
+# Test 12: Default value handling
 cat > secretspec.toml << EOF
 [project]
 name = "test-app"