Merge remote-tracking branch 'origin/main' into t/commerce/W-20926594/refactor-fix-lookup-config

Author: yhsieh1

.changeset/add-setup-config-command.md

@@ -0,0 +1,7 @@
+---
+'@salesforce/b2c-cli': minor
+---
+
+Add `setup config` command to display resolved configuration with source tracking.
+
+Shows all configuration values organized by category (Instance, Authentication, SCAPI, MRT) and indicates which source file or environment variable provided each value. Sensitive values are masked by default; use `--unmask` to reveal them.

docs/cli/setup.md

@@ -1,10 +1,107 @@
 ---
-description: Commands for installing AI agent skills for Claude Code, Cursor, Windsurf, and other agentic IDEs.
+description: Commands for viewing configuration, installing AI agent skills, and setting up the development environment.
 ---
 
 # Setup Commands
 
-Commands for setting up the development environment with AI agent skills.
+Commands for viewing configuration and setting up the development environment.
+
+## b2c setup config
+
+Display the resolved configuration from all sources, showing which values are set and where they came from. Useful for debugging configuration issues.
+
+### Usage
+
+```bash
+b2c setup config [FLAGS]
+```
+
+### Flags
+
+| Flag | Description | Default |
+|------|-------------|---------|
+| `--unmask` | Show sensitive values unmasked (passwords, secrets, API keys) | `false` |
+| `--json` | Output results as JSON | `false` |
+
+### Examples
+
+```bash
+# Display resolved configuration (sensitive values masked)
+b2c setup config
+
+# Display configuration with sensitive values unmasked
+b2c setup config --unmask
+
+# Output as JSON for scripting
+b2c setup config --json
+
+# Debug configuration with a specific instance
+b2c setup config -i staging
+```
+
+### Output
+
+The command displays configuration organized by category:
+
+- **Instance**: hostname, webdavHostname, codeVersion
+- **Authentication (Basic)**: username, password
+- **Authentication (OAuth)**: clientId, clientSecret, scopes, authMethods, accountManagerHost
+- **SCAPI**: shortCode
+- **Managed Runtime (MRT)**: mrtProject, mrtEnvironment, mrtApiKey, mrtOrigin
+- **Metadata**: instanceName
+- **Sources**: List of configuration sources that contributed values
+
+Each value shows its source in brackets (e.g., `[dw.json]`, `[SFCC_CLIENT_ID]`, `[~/.mobify]`).
+
+Example output:
+
+```
+Configuration
+────────────────────────────────────────────────────────────
+
+Instance
+  hostname              my-sandbox.dx.commercecloud.salesforce.com  [DwJsonSource]
+  webdavHostname        -
+  codeVersion           version1                                     [DwJsonSource]
+
+Authentication (Basic)
+  username              admin                                        [DwJsonSource]
+  password              admi...REDACTED                              [DwJsonSource]
+
+Authentication (OAuth)
+  clientId              my-client-id                                 [password-store]
+  clientSecret          my-c...REDACTED                              [password-store]
+  scopes                -
+  authMethods           -
+  accountManagerHost    -
+
+SCAPI
+  shortCode             abc123                                       [DwJsonSource]
+
+Managed Runtime (MRT)
+  mrtProject            my-project                                   [MobifySource]
+  mrtApiKey             mrtk...REDACTED                              [MobifySource]
+
+Sources
+────────────────────────────────────────────────────────────
+  1. DwJsonSource         /path/to/project/dw.json
+  2. MobifySource         /Users/user/.mobify
+  3. password-store       pass:b2c-cli/_default
+```
+
+### Sensitive Values
+
+By default, sensitive fields are masked to prevent accidental exposure:
+
+- `password` - Basic auth access key
+- `clientSecret` - OAuth client secret
+- `mrtApiKey` - MRT API key
+
+Use `--unmask` to reveal the actual values when needed for debugging.
+
+### See Also
+
+- [Configuration Guide](/guide/configuration) - How to configure the CLI
 
 ## b2c setup skills
 

docs/guide/configuration.md

@@ -264,6 +264,29 @@ SFCC_AUTH_METHODS=client-credentials,implicit b2c code deploy
 
 The CLI will try each method in order until one succeeds.
 
+## Debugging Configuration
+
+Use `b2c setup config` to view the resolved configuration and see which source provided each value:
+
+```bash
+# Display resolved configuration (sensitive values masked)
+b2c setup config
+
+# Show actual sensitive values
+b2c setup config --unmask
+
+# Output as JSON
+b2c setup config --json
+```
+
+This command helps troubleshoot issues like:
+- Verifying which configuration file is being used
+- Checking if environment variables are being read
+- Understanding credential source priority
+- Identifying hostname mismatch protection triggers
+
+See [setup config](/cli/setup#b2c-setup-config) for full documentation.
+
 ## Next Steps
 
 - [CLI Reference](/cli/) - Browse available commands

packages/b2c-cli/.mocharc.json

@@ -6,6 +6,7 @@
   "reporter": "spec",
   "timeout": 60000,
   "node-option": [
-    "import=tsx"
+    "import=tsx",
+    "conditions=development"
   ]
 }

packages/b2c-cli/eslint.config.mjs

@@ -9,7 +9,7 @@ import headerPlugin from 'eslint-plugin-header';
 import path from 'node:path';
 import {fileURLToPath} from 'node:url';
 
-import {copyrightHeader, sharedRules, oclifRules, prettierPlugin} from '../../eslint.config.mjs';
+import {copyrightHeader, sharedRules, oclifRules, chaiTestRules, prettierPlugin} from '../../eslint.config.mjs';
 
 const gitignorePath = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '.gitignore');
 headerPlugin.rules.header.meta.schema = false;
@@ -19,7 +19,7 @@ export default [
   // node_modules must be explicitly ignored because the .gitignore pattern only covers
   // packages/b2c-cli/node_modules, not the monorepo root node_modules
   {
-    ignores: ['**/node_modules/**', 'test/functional/fixtures/**/*.js'],
+    ignores: ['**/node_modules/**', 'test/functional/fixtures/**/*.js', '**/node_modules/marked-terminal/**'],
   },
   includeIgnoreFile(gitignorePath),
   ...oclif,
@@ -39,4 +39,29 @@ export default [
       ...oclifRules,
     },
   },
+  {
+    files: ['test/**/*.ts'],
+    rules: {
+      ...chaiTestRules,
+      // Tests use stubbing patterns that intentionally return undefined
+      'unicorn/no-useless-undefined': 'off',
+      // Some tests use void 0 to satisfy TS stub typings; allow it in tests
+      'no-void': 'off',
+      // Command tests frequently use `any` to avoid over-typing oclif command internals
+      '@typescript-eslint/no-explicit-any': 'off',
+      // Helper functions in tests are commonly declared within suites for clarity
+      'unicorn/consistent-function-scoping': 'off',
+      // Sinon default import is intentional and idiomatic in tests
+      'import/no-named-as-default-member': 'off',
+      // import/namespace behaves inconsistently across environments when parsing CJS modules like marked-terminal
+      'import/namespace': 'off',
+    },
+  },
+  {
+    files: ['src/commands/docs/**/*.ts'],
+    rules: {
+      // marked-terminal is CJS and breaks import/namespace static analysis
+      'import/namespace': 'off',
+    },
+  },
 ];

packages/b2c-cli/package.json

@@ -45,6 +45,7 @@
     "oclif": "^4",
     "prettier": "^3.6.2",
     "shx": "^0.3.3",
+    "sinon": "^21.0.1",
     "tsx": "^4.20.6",
     "typescript": "^5"
   },

packages/b2c-cli/src/commands/code/delete.ts

@@ -51,6 +51,11 @@ export default class CodeDelete extends InstanceCommand<typeof CodeDelete> {
     }),
   };
 
+  protected operations = {
+    confirm,
+    deleteCodeVersion,
+  };
+
   async run(): Promise<void> {
     this.requireOAuthCredentials();
 
@@ -59,7 +64,7 @@ export default class CodeDelete extends InstanceCommand<typeof CodeDelete> {
 
     // Confirm deletion unless --force is used
     if (!this.flags.force) {
-      const confirmed = await confirm(
+      const confirmed = await this.operations.confirm(
         t(
           'commands.code.delete.confirm',
           'Are you sure you want to delete code version "{{codeVersion}}" on {{hostname}}? (y/n)',
@@ -80,7 +85,7 @@ export default class CodeDelete extends InstanceCommand<typeof CodeDelete> {
       }),
     );
 
-    await deleteCodeVersion(this.instance, codeVersion);
+    await this.operations.deleteCodeVersion(this.instance, codeVersion);
     this.log(t('commands.code.delete.deleted', 'Code version {{codeVersion}} deleted successfully', {codeVersion}));
   }
 }

packages/b2c-cli/src/commands/code/deploy.ts

@@ -47,6 +47,13 @@ export default class CodeDeploy extends CartridgeCommand<typeof CodeDeploy> {
     }),
   };
 
+  protected operations = {
+    uploadCartridges,
+    deleteCartridges,
+    getActiveCodeVersion,
+    reloadCodeVersion,
+  };
+
   async run(): Promise<DeployResult> {
     this.requireWebDavCredentials();
     this.requireOAuthCredentials();
@@ -59,7 +66,7 @@ export default class CodeDeploy extends CartridgeCommand<typeof CodeDeploy> {
       this.warn(
         t('commands.code.deploy.noCodeVersion', 'No code version specified, discovering active code version...'),
       );
-      const activeVersion = await getActiveCodeVersion(this.instance);
+      const activeVersion = await this.operations.getActiveCodeVersion(this.instance);
       if (!activeVersion?.id) {
         this.error(
           t('commands.code.deploy.noActiveVersion', 'No active code version found. Specify one with --code-version.'),
@@ -119,17 +126,17 @@ export default class CodeDeploy extends CartridgeCommand<typeof CodeDeploy> {
     try {
       // Optionally delete existing cartridges first
       if (this.flags.delete) {
-        await deleteCartridges(this.instance, cartridges);
+        await this.operations.deleteCartridges(this.instance, cartridges);
       }
 
       // Upload cartridges
-      await uploadCartridges(this.instance, cartridges);
+      await this.operations.uploadCartridges(this.instance, cartridges);
 
       // Optionally reload code version
       let reloaded = false;
       if (this.flags.reload) {
         try {
-          await reloadCodeVersion(this.instance, version);
+          await this.operations.reloadCodeVersion(this.instance, version);
           reloaded = true;
         } catch (error) {
           this.logger?.debug(`Could not reload code version: ${error instanceof Error ? error.message : error}`);

packages/b2c-cli/src/commands/code/watch.ts

@@ -27,6 +27,10 @@ export default class CodeWatch extends CartridgeCommand<typeof CodeWatch> {
     ...CartridgeCommand.cartridgeFlags,
   };
 
+  protected operations = {
+    watchCartridges,
+  };
+
   async run(): Promise<void> {
     this.requireWebDavCredentials();
     this.requireOAuthCredentials();
@@ -41,7 +45,7 @@ export default class CodeWatch extends CartridgeCommand<typeof CodeWatch> {
     }
 
     try {
-      const result = await watchCartridges(this.instance, this.cartridgePath, {
+      const result = await this.operations.watchCartridges(this.instance, this.cartridgePath, {
         ...this.cartridgeOptions,
         onUpload: (files) => {
           this.log(t('commands.code.watch.uploaded', '[UPLOAD] {{count}} file(s)', {count: files.length}));

packages/b2c-cli/src/commands/docs/download.ts

@@ -37,6 +37,10 @@ export default class DocsDownload extends InstanceCommand<typeof DocsDownload> {
     }),
   };
 
+  protected operations = {
+    downloadDocs,
+  };
+
   async run(): Promise<DownloadDocsResult> {
     this.requireServer();
     this.requireWebDavCredentials();
@@ -50,7 +54,7 @@ export default class DocsDownload extends InstanceCommand<typeof DocsDownload> {
       }),
     );
 
-    const result = await downloadDocs(this.instance, {
+    const result = await this.operations.downloadDocs(this.instance, {
       outputDir,
       keepArchive,
     });