Fix ATXP-654: Include hidden files in subdirectories during deploy

.github/workflows/test-deploy.yml

@@ -0,0 +1,40 @@
+name: Test Deploy Command
+
+on:
+  push:
+    branches: [ main ]
+    paths:
+      - 'cloud/commands/deploy.md'
+      - 'cloud/tests/**'
+      - '.github/workflows/test-deploy.yml'
+  pull_request:
+    branches: [ main ]
+    paths:
+      - 'cloud/commands/deploy.md'
+      - 'cloud/tests/**'
+      - '.github/workflows/test-deploy.yml'
+
+jobs:
+  test-deploy-exclusions:
+    name: Test Deploy File Exclusions
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Run deploy exclusion tests
+      run: |
+        cd cloud
+        chmod +x tests/test-deploy-exclusions.sh
+        ./tests/test-deploy-exclusions.sh
+
+    - name: Test results summary
+      if: always()
+      run: |
+        if [ $? -eq 0 ]; then
+          echo "✅ All deploy exclusion tests passed"
+        else
+          echo "❌ Some deploy exclusion tests failed"
+          exit 1
+        fi

cloud/commands/deploy.md

@@ -34,17 +34,38 @@ fi
 ### 2. Create a zip file of the current directory
 
 ```bash
-# Create a temporary zip file
-ZIP_FILE=$(mktemp /tmp/deploy-XXXXXX.zip)
+# Create a temporary zip file (using mktemp for security)
+TEMP_BASE=$(mktemp /tmp/deploy-XXXXXX)
+ZIP_FILE="${TEMP_BASE}.zip"
+rm "$TEMP_BASE"  # Remove the temporary placeholder
 echo "Creating deployment package..."
 
-# Zip the current directory, excluding common files
+# Zip the current directory, excluding common files and sensitive data
 zip -r "$ZIP_FILE" . \
-  -x "*.git/*" \
+  -x ".git/*" \
   -x "node_modules/*" \
+  -x "*/node_modules/*" \
   -x ".atxp-instance" \
-  -x "*.DS_Store" \
-  -x "*/.*" \
+  -x ".DS_Store" \
+  -x "*/.DS_Store" \
+  -x ".env.local" \
+  -x ".env.*.local" \
+  -x "*/.env.local" \
+  -x "*/.env.*.local" \
+  -x ".env.development" \
+  -x "*/.env.development" \
+  -x ".env.test" \
+  -x "*/.env.test" \
+  -x ".npmrc" \
+  -x "*/.npmrc" \
+  -x ".netrc" \
+  -x "*/.netrc" \
+  -x ".aws/*" \
+  -x "*/.aws/*" \
+  -x "*.pem" \
+  -x "*.key" \
+  -x "*.p12" \
+  -x "*.pfx" \
   > /dev/null
 
 echo "Package created: $(du -h "$ZIP_FILE" | cut -f1)"
@@ -138,15 +159,36 @@ if [ -z "$CONNECTION_TOKEN" ]; then
   exit 1
 fi
 
-# Create zip file
-ZIP_FILE=$(mktemp /tmp/deploy-XXXXXX.zip)
+# Create zip file (using mktemp for security)
+TEMP_BASE=$(mktemp /tmp/deploy-XXXXXX)
+ZIP_FILE="${TEMP_BASE}.zip"
+rm "$TEMP_BASE"  # Remove the temporary placeholder
 echo "Creating deployment package..."
 zip -r "$ZIP_FILE" . \
-  -x "*.git/*" \
+  -x ".git/*" \
   -x "node_modules/*" \
+  -x "*/node_modules/*" \
   -x ".atxp-instance" \
-  -x "*.DS_Store" \
-  -x "*/.*" \
+  -x ".DS_Store" \
+  -x "*/.DS_Store" \
+  -x ".env.local" \
+  -x ".env.*.local" \
+  -x "*/.env.local" \
+  -x "*/.env.*.local" \
+  -x ".env.development" \
+  -x "*/.env.development" \
+  -x ".env.test" \
+  -x "*/.env.test" \
+  -x ".npmrc" \
+  -x "*/.npmrc" \
+  -x ".netrc" \
+  -x "*/.netrc" \
+  -x ".aws/*" \
+  -x "*/.aws/*" \
+  -x "*.pem" \
+  -x "*.key" \
+  -x "*.p12" \
+  -x "*.pfx" \
   > /dev/null
 echo "Package created: $(du -h "$ZIP_FILE" | cut -f1)"
 

cloud/tests/README.md

@@ -0,0 +1,46 @@
+# Deploy Command Tests
+
+Automated tests for the `/deploy` command to ensure file exclusions work correctly.
+
+## Running Tests
+
+```bash
+./tests/test-deploy-exclusions.sh
+```
+
+## What It Tests
+
+The test suite creates a comprehensive test project with various file types and verifies that:
+
+### Files Included ✅
+- `.atxp/.env.production` - Production environment variables (needed for sandbox)
+- `config/.env` - Application configuration
+- Application code files (`index.js`, `src/app.js`)
+
+### Files Excluded 🔒
+- **Environment files**: `.env.local`, `.env.production.local`, `.env.development`, `.env.test`
+- **Credentials**: `.npmrc`, `.netrc`, `.aws/credentials`
+- **Certificates**: `*.pem`, `*.key`, `*.p12`, `*.pfx`
+- **Git files**: `.git/*`
+- **Dependencies**: `node_modules/*`, `*/node_modules/*` (nested)
+- **macOS metadata**: `.DS_Store` files
+- **Instance tracking**: `.atxp-instance`
+
+## Exit Codes
+
+- `0` - All tests passed
+- `1` - One or more tests failed
+
+## CI/CD Integration
+
+This test can be run as part of CI/CD pipelines to ensure deploy exclusions remain correct:
+
+```yaml
+# Example GitHub Actions
+- name: Test deploy exclusions
+  run: ./cloud/tests/test-deploy-exclusions.sh
+```
+
+## Test Output
+
+The script provides colored output with clear pass/fail indicators and a summary of all tests run.