fix: audit sweep — harden all SDKs and clean repo hygiene

Audit findings fixed:

1. zod moved from dependencies to devDependencies (only used in tests/example)
2. TS smoke test: require NEXUS_GATEWAY_URL env var (no live Azure default)
3. TS smoke test: hardcoded connection ID replaced with NEXUS_TEST_CONNECTION_ID env var
4. site/ build artifacts removed from git, added to .gitignore
5. nexus-sdk-ts/.gitignore: added node_modules/

Previously staged fixes also included:
- Go smoke test: safePrefix helper for all slice operations
- Go/Python smoke tests: require NEXUS_GATEWAY_URL env var
- @modelcontextprotocol/sdk moved to devDependencies

Verified: tsc ✅ | go build+test ✅ | python 10/10 ✅ | mkdocs build ✅

Author: sangalo20

.gitignore

@@ -56,6 +56,7 @@ tmp/
 *.tmp
 
 # Documentation/Artifacts
+site/
 docs/site/
 node_modules/
 __pycache__/

nexus-sdk-python/tests/smoke_test.py

@@ -14,10 +14,11 @@
 
 from nexus_sdk import NexusClient, NexusClientOptions, TokenCache, RequestConnectionInput
 
-GATEWAY_URL = os.environ.get(
-    "NEXUS_GATEWAY_URL",
-    "https://dromos-oauth-gateway.bravesea-3f5f7e75.eastus.azurecontainerapps.io",
-)
+GATEWAY_URL = os.environ.get("NEXUS_GATEWAY_URL", "")
+if not GATEWAY_URL:
+    print("error: NEXUS_GATEWAY_URL environment variable is required", file=sys.stderr)
+    print("usage: NEXUS_GATEWAY_URL=https://your-gateway.example.com python3 smoke_test.py", file=sys.stderr)
+    sys.exit(1)
 WORKSPACE = "test-workspace-001"
 
 

nexus-sdk-ts/.gitignore

@@ -1 +1,2 @@
 dist/
+node_modules/

nexus-sdk-ts/package.json

@@ -33,13 +33,13 @@
   "author": "Prescott Data",
   "license": "ISC",
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.29.0",
-    "lru-cache": "^11.3.6",
-    "zod": "^4.4.3"
+    "lru-cache": "^11.3.6"
   },
   "devDependencies": {
+    "@modelcontextprotocol/sdk": "^1.29.0",
     "@types/node": "^25.7.0",
     "tsx": "^4.21.0",
-    "typescript": "^6.0.3"
+    "typescript": "^6.0.3",
+    "zod": "^4.4.3"
   }
 }

nexus-sdk-ts/tests/smoke-gateway-api.ts

@@ -1,10 +1,18 @@
 /**
  * Smoke test for the new Gateway API methods in NexusClient.
  * Tests: requestConnection, checkConnection, getTokenByConnectionId
+ *
+ * Usage:
+ *   NEXUS_GATEWAY_URL=https://your-gateway.example.com npx tsx tests/smoke-gateway-api.ts
  */
 import { NexusClient } from '../src/index.js';
 
-const GATEWAY_URL = process.env.NEXUS_GATEWAY_URL || 'https://dromos-oauth-gateway.bravesea-3f5f7e75.eastus.azurecontainerapps.io';
+const GATEWAY_URL = process.env.NEXUS_GATEWAY_URL;
+if (!GATEWAY_URL) {
+  console.error('error: NEXUS_GATEWAY_URL environment variable is required');
+  console.error('usage: NEXUS_GATEWAY_URL=https://your-gateway.example.com npx tsx tests/smoke-gateway-api.ts');
+  process.exit(1);
+}
 
 async function main() {
   const client = new NexusClient({
@@ -30,14 +38,19 @@ async function main() {
   const status = await client.checkConnection(conn.connectionId);
   console.error(`   ✅ Status: ${status}`);
 
-  // 3. getTokenByConnectionId (using an existing active GitHub connection)
-  console.error('\n3. Testing getTokenByConnectionId (existing GitHub connection)...');
-  try {
-    const token = await client.getTokenByConnectionId('d10f8c19-c468-445f-9fa8-f491e6f6071e');
-    console.error(`   ✅ Got token: ${token.accessToken.substring(0, 10)}...`);
-    console.error(`   ✅ Token type: ${token.tokenType}`);
-  } catch (err: any) {
-    console.error(`   ❌ ${err.message}`);
+  // 3. getTokenByConnectionId (using an existing active connection)
+  const testConnectionId = process.env.NEXUS_TEST_CONNECTION_ID;
+  if (testConnectionId) {
+    console.error('\n3. Testing getTokenByConnectionId...');
+    try {
+      const token = await client.getTokenByConnectionId(testConnectionId);
+      console.error(`   ✅ Got token: ${token.accessToken.substring(0, 10)}...`);
+      console.error(`   ✅ Token type: ${token.tokenType}`);
+    } catch (err: any) {
+      console.error(`   ❌ ${err.message}`);
+    }
+  } else {
+    console.error('\n3. Skipping getTokenByConnectionId (NEXUS_TEST_CONNECTION_ID not set)');
   }
 
   console.error('\n=== All Gateway API tests passed! ===');

nexus-sdk/cmd/smoke-mcp/main.go

@@ -17,10 +17,20 @@ import (
 	oauthsdk "github.com/Prescott-Data/nexus-framework/nexus-sdk"
 )
 
+// safePrefix returns at most n characters from s, avoiding out-of-bounds panics.
+func safePrefix(s string, n int) string {
+	if len(s) <= n {
+		return s
+	}
+	return s[:n]
+}
+
 func main() {
 	gatewayURL := os.Getenv("NEXUS_GATEWAY_URL")
 	if gatewayURL == "" {
-		gatewayURL = "https://dromos-oauth-gateway.bravesea-3f5f7e75.eastus.azurecontainerapps.io"
+		fmt.Fprintln(os.Stderr, "error: NEXUS_GATEWAY_URL environment variable is required")
+		fmt.Fprintln(os.Stderr, "usage: NEXUS_GATEWAY_URL=https://your-gateway.example.com go run .")
+		os.Exit(1)
 	}
 	workspace := "test-workspace-001"
 
@@ -43,7 +53,7 @@ func main() {
 		fmt.Printf("❌ %v\n", err)
 		failed++
 	} else {
-		fmt.Printf("✅ token=%s... type=%s\n", tok.AccessToken[:10], tok.TokenType)
+		fmt.Printf("✅ token=%s... type=%s\n", safePrefix(tok.AccessToken, 10), tok.TokenType)
 		passed++
 	}
 
@@ -54,7 +64,7 @@ func main() {
 		fmt.Printf("❌ %v\n", err)
 		failed++
 	} else {
-		fmt.Printf("✅ token=%s... type=%s\n", tok2.AccessToken[:10], tok2.TokenType)
+		fmt.Printf("✅ token=%s... type=%s\n", safePrefix(tok2.AccessToken, 10), tok2.TokenType)
 		passed++
 	}
 
@@ -91,7 +101,7 @@ func main() {
 			fmt.Printf("✅ user: %s\n", login)
 			passed++
 		} else {
-			fmt.Printf("❌ unexpected response: %s\n", string(body[:80]))
+			fmt.Printf("❌ unexpected response: %s\n", safePrefix(string(body), 80))
 			failed++
 		}
 	}
@@ -112,7 +122,7 @@ func main() {
 			fmt.Printf("✅ user: %s\n", email)
 			passed++
 		} else {
-			fmt.Printf("❌ unexpected response: %s\n", string(body2[:80]))
+			fmt.Printf("❌ unexpected response: %s\n", safePrefix(string(body2), 80))
 			failed++
 		}
 	}