ln-733-env-configurator
L3 Worker - Configures environment variables and secrets protection
Main Workflow (4 Phases)
stateDiagram-v2
[*] --> Discover: Receive Config from ln-730
state Discover {
[*] --> ScanExisting
ScanExisting --> SearchCode: Check .env files
SearchCode --> IdentifyVars: Find env usage
IdentifyVars --> [*]
}
Discover --> Classify: Variables Found
state Classify {
[*] --> Database
Database --> APIConfig: DATABASE_*, POSTGRES_*
APIConfig --> Security: API_PORT, LOG_LEVEL
Security --> External: JWT_*, CORS_*
External --> [*]: REDIS_*, SMTP_*
}
Classify --> Generate: Classified
state Generate {
[*] --> EnvExample
EnvExample --> EnvDev: .env.example
EnvDev --> EnvProd: .env.development
EnvProd --> [*]: .env.production
}
Generate --> Gitignore: Files Created
state Gitignore {
[*] --> ReadExisting
ReadExisting --> CheckPatterns
CheckPatterns --> AppendMissing: Patterns missing
CheckPatterns --> Skip: Already protected
AppendMissing --> [*]
Skip --> [*]
}
Gitignore --> [*]: Complete
Variable Classification
flowchart TB
Input([Discovered Variables]) --> Type{Variable Type?}
Type -->|DATABASE_URL| DB[Database]
Type -->|POSTGRES_*| DB
Type -->|API_PORT| API[API Config]
Type -->|LOG_LEVEL| API
Type -->|JWT_SECRET| SEC[Security]
Type -->|CORS_*| SEC
Type -->|REDIS_URL| EXT[External]
Type -->|SMTP_*| EXT
DB --> Treatment1[Auto-generate with project name]
API --> Treatment2[Use detected or defaults]
SEC --> Treatment3[Placeholder with warning]
EXT --> Treatment4[Comment out as optional]
Treatment1 --> Output([Classified Variables])
Treatment2 --> Output
Treatment3 --> Output
Treatment4 --> Output
classDef category fill:#E3F2FD
classDef treatment fill:#C8E6C9
class DB,API,SEC,EXT category
class Treatment1,Treatment2,Treatment3,Treatment4 treatment
Generated Files
flowchart LR
subgraph Templates["Reference Templates"]
T1[env_example.template]
T2[env_development.template]
T3[env_production.template]
T4[gitignore_secrets.template]
end
subgraph Generated["Generated Files"]
F1[.env.example]
F2[.env.development]
F3[.env.production]
F4[.gitignore updates]
end
T1 -->|substitute| F1
T2 -->|substitute| F2
T3 -->|substitute| F3
T4 -->|append| F4
subgraph Git["Git Status"]
Tracked[.env.example
Tracked]
Ignored[.env.*
Ignored]
end
F1 --> Tracked
F2 --> Ignored
F3 --> Ignored
classDef safe fill:#C8E6C9
classDef protected fill:#FFCDD2
class Tracked safe
class Ignored protected
Security Protection Flow
flowchart TB
subgraph Gitignore[".gitignore Protection"]
G1[.env]
G2[.env.local]
G3[.env.*.local]
G4[.env.development]
G5[.env.production]
G6[*.pem, *.key]
G7[secrets/]
end
subgraph Safe["Safe to Commit"]
S1[.env.example]
end
subgraph Blocked["Blocked from Commit"]
B1[Real passwords]
B2[API keys]
B3[JWT secrets]
B4[Certificates]
end
G1 & G2 & G3 & G4 & G5 --> Blocked
G6 & G7 --> Blocked
S1 --> Commit([git commit])
classDef blocked fill:#FFCDD2
classDef safe fill:#C8E6C9
class Blocked,B1,B2,B3,B4 blocked
class Safe,S1,Commit safe