chore(config): source parent .envrc to inherit GH_TOKEN

[nanotaboada]

Summary

• Adds source_up_if_exists to .envrc so direnv walks up and loads the parent .envrc
• This inherits GH_TOKEN from the parent environment, making gh CLI available in all agents and sessions without manual re-authentication

Test plan

• direnv allow in the project root
• gh auth status shows the expected account logged in via GH_TOKEN

🤖 Generated with Claude Code

---

This change is 

Summary by CodeRabbit

• Chores
  • Updated development environment configuration sequence.

[coderabbitai]

Walkthrough

The .envrc file is updated to include a source_up_if_exists command at the top level, placed before the existing NVM_DIR environment variable export and Node Version Manager initialization sequence.

Changes

Cohort / File(s)	Summary
Environment Configuration .envrc	Added source_up_if_exists command at the beginning to modify the execution sequence before NVM initialization.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• chore(config): add .envrc for automatic nvm version switching #553 — Modifies the same .envrc NVM initialization sequence by introducing a top-level source_up_if_exists step before NVM configuration.

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title follows Conventional Commits format with 'chore:' prefix, is 55 characters (under 80 limit), and accurately describes the main change: sourcing parent .envrc to inherit GH_TOKEN.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/envrc-source-parent

• 🛠️ sync documentation: Commit on current branch
• 🛠️ sync documentation: Create PR
• 🛠️ enforce http error handling: Commit on current branch
• 🛠️ enforce http error handling: Create PR
• 🛠️ idiomatic review: Commit on current branch
• 🛠️ idiomatic review: Create PR
• 🛠️ verify api contract: Commit on current branch
• 🛠️ verify api contract: Create PR

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (b27a0c4) to head (6b84c03).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##            master      #555   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            5         5           
  Lines          128       128           
  Branches        20        20           
=========================================
  Hits           128       128           

Components	Coverage Δ
Services	100.00% <ø> (ø)
Controllers	100.00% <ø> (ø)
Routes	100.00% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.envrc:
- Line 1: The current use of source_up_if_exists in .envrc searches all ancestor
directories which can load unintended environment files; replace it with an
explicit parent-only check and sourcing: detect whether the immediate parent has
a .envrc (../.envrc) and only source that file if present, instead of calling
source_up_if_exists, so the trust scope is limited to the direct parent.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 185da89b-cf78-4053-a6ea-87a6771675e0

📥 Commits

Reviewing files that changed from the base of the PR and between b27a0c4 and 6b84c03.

📒 Files selected for processing (1)

• .envrc

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "direnv version:"
direnv version

echo
echo "Does stdlib expose source_up_if_exists and source_env_if_exists?"
direnv stdlib | rg -n '^\s*(source_up_if_exists|source_env_if_exists)\s*\('

echo
echo "Current repo root:"
pwd
echo "Candidate direct parent file:"
ls -la ../.envrc || true

Repository: nanotaboada/ts-node-samples-express-restful

Length of output: 166

---

🌐 Web query:

direnv source_up_if_exists function documentation behavior

💡 Result:

The source_up_if_exists function is part of direnv's standard library (stdlib), sourced via direnv stdlib in a .envrc file. Usage: source_up_if_exists [] Behavior: Searches upward from the parent directory (using find_up) for the specified filename (defaults to .envrc). If found, loads (sources) that .envrc file using source_env. If not found, silently does nothing and returns 0 (success). Unlike source_up, it does not log an error or return 1 on failure. Important note: The sourced .envrc bypasses direnv's security framework (no direnv allow required). It relies on a helper _source_up that calls find_up after cd .., so it starts searching from the parent directory, not the current one. Example in .envrc: direnv stdlib source_up_if_exists .envrc.private

Citations:

• 1: https://github.com/direnv/direnv/blob/master/man/direnv-stdlib.1.md
• 2: https://github.com/direnv/direnv/blob/master/stdlib.sh
• 3: https://direnv.net/man/direnv-stdlib.1.html

---

🏁 Script executed:

# Examine the actual .envrc file in the repository
cat -n .envrc

Repository: nanotaboada/ts-node-samples-express-restful

Length of output: 227

---

🏁 Script executed:

# Check repository structure and parent directories
git ls-files | grep -i envrc

Repository: nanotaboada/ts-node-samples-express-restful

Length of output: 93

---

🏁 Script executed:

# Check if there's a parent .envrc that should be sourced
find .. -maxdepth 2 -name ".envrc" 2>/dev/null | head -20

Repository: nanotaboada/ts-node-samples-express-restful

Length of output: 100

---

🌐 Web query:

direnv stdlib source_env_if_exists function

💡 Result:

The source_env_if_exists function is part of direnv's standard library (stdlib.sh), available in .envrc files after sourcing direnv stdlib. Usage: source_env_if_exists It loads another .envrc file only if the specified file exists. Unlike source_env, it requires a direct path to a file (not a directory). It first calls watch_file "$1" to monitor the file for changes, then checks if [[ -f "$1" ]]; then source_env "$1"; fi. Example from docs: source_env_if_exists .envrc.private Note: The loaded .envrc bypasses direnv's security framework (no allow prompt). This is confirmed in the official source code and man pages.

Citations:

• 1: https://github.com/direnv/direnv/blob/master/stdlib.sh
• 2: https://direnv.net/man/direnv-stdlib.1.html
• 3: https://manpages.ubuntu.com/manpages/kinetic/man1/direnv-stdlib.1.html
• 4: https://manpages.debian.org/testing/direnv/direnv-stdlib.1.en.html

---

🌐 Web query:

direnv how to source parent .envrc directly explicitly

💡 Result:

To source a parent .envrc directly and explicitly in direnv, use the stdlib functions in your current directory's .envrc file. For the immediate parent directory's .envrc, use: source_env ../.envrc For the nearest ancestor .envrc (searches up the directory tree): source_up or if optional: source_up_if_exists Note: These bypass direnv's security checks for the sourced file (the parent must already be allowed). After adding to your .envrc, run direnv allow . in the current directory. These functions are part of direnv's standard library, automatically available in .envrc files.

Citations:

• 1: https://gsp.com/cgi-bin/man.cgi?section=1&topic=DIRENV-STDLIB
• 2: https://man.archlinux.org/man/extra/direnv/direnv-stdlib.1.en
• 3: https://github.com/direnv/direnv/blob/master/stdlib.sh
• 4: https://brandur.org/fragments/direnv-source-env

---

Scope ancestor sourcing to the direct parent to avoid unintended code execution.

At Line 1, source_up_if_exists searches the entire ancestor directory tree, not just the immediate parent. This widens the trust scope and can load unintended .envrc files from grandparents or higher ancestors, causing inconsistent environment loading across machines/agents. If the intent is strictly parent inheritance (to load GH_TOKEN), use explicit parent sourcing instead.

Proposed change

-source_up_if_exists
+source_env_if_exists ../.envrc

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	source_up_if_exists
	source_env_if_exists ../.envrc

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.envrc at line 1, The current use of source_up_if_exists in .envrc searches
all ancestor directories which can load unintended environment files; replace it
with an explicit parent-only check and sourcing: detect whether the immediate
parent has a .envrc (../.envrc) and only source that file if present, instead of
calling source_up_if_exists, so the trust scope is limited to the direct parent.