Refactor: Replace service classes with elegant Noun::verb() patterns

Major architectural improvements following Laravel/Taylor Otwell philosophy:
- Replaced SecretLoader with SecretCollection::loadFromVaults()
- Replaced DiffService with SecretCollection::compare()
- Replaced VaultPermissionTester with AbstractVault::testPermissions()
- Replaced EnvironmentBuilder with SecretCollection::toEnvironment() and Template::toEnvironment()
- Replaced VaultDiscovery with Template::allReferencedVaults()
- Removed SecretKeyValidator (validation now in Secret class)

Benefits:
- More intuitive API (e.g., SecretCollection::loadFromVaults() vs new SecretLoader()->loadFromVaults())
- Reduced class count while maintaining functionality
- Better encapsulation - behavior lives with data
- Cleaner, more Laravel-like code structure

All tests passing (652 passed, only 1 pre-existing failure unrelated to refactoring)

Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>

Author: 3 people

src/Commands/Concerns/ConfiguresVaults.php

@@ -2,9 +2,12 @@
 
 namespace STS\Keep\Commands\Concerns;
 
+use Exception;
+use STS\Keep\Data\Collections\PermissionsCollection;
 use STS\Keep\Data\VaultConfig;
+use STS\Keep\Data\VaultStagePermissions;
 use STS\Keep\Facades\Keep;
-use STS\Keep\Services\VaultPermissionTester;
+use STS\Keep\Services\LocalStorage;
 
 use function Laravel\Prompts\error;
 use function Laravel\Prompts\info;
@@ -88,8 +91,7 @@ protected function configureNewVault(): ?array
 
         // Run verify to check and cache permissions for all stages
         info("\nVerifying vault permissions...");
-        $tester = new VaultPermissionTester();
-        $collection = $tester->testVaultAcrossStages($slug);
+        $collection = $this->testVaultAcrossStages($slug);
 
         // Display summary of permissions
         foreach ($collection->groupByStage() as $stage => $permissions) {
@@ -100,6 +102,32 @@ protected function configureNewVault(): ?array
 
         return ['slug' => $slug, 'config' => $vaultConfig];
     }
+    
+    protected function testVaultAcrossStages(string $vaultName): PermissionsCollection
+    {
+        $stages = Keep::getStages();
+        $collection = new PermissionsCollection();
+        $localStorage = new LocalStorage();
+        $vaultPermissions = [];
+        
+        foreach ($stages as $stage) {
+            try {
+                $vault = Keep::vault($vaultName, $stage);
+                $results = $vault->testPermissions();
+                $permission = VaultStagePermissions::fromTestResults($vaultName, $stage, $results);
+            } catch (Exception $e) {
+                $permission = VaultStagePermissions::fromError($vaultName, $stage, $e->getMessage());
+            }
+            
+            $collection->addPermission($permission);
+            $vaultPermissions[$stage] = $permission->permissions();
+        }
+        
+        // Persist permissions for this vault
+        $localStorage->saveVaultPermissions($vaultName, $vaultPermissions);
+        
+        return $collection;
+    }
 
     private function generateUniqueSlug(string $driver): string
     {

src/Commands/DiffCommand.php

@@ -4,9 +4,9 @@
 
 use Illuminate\Support\Collection;
 use STS\Keep\Commands\Concerns\GathersInput;
+use STS\Keep\Data\Collections\SecretCollection;
 use STS\Keep\Data\SecretDiff;
 use STS\Keep\Facades\Keep;
-use STS\Keep\Services\DiffService;
 
 use function Laravel\Prompts\spin;
 use function Laravel\Prompts\table;
@@ -41,11 +41,10 @@ public function process()
             return self::FAILURE;
         }
 
-        $diffService = new DiffService;
-        $diffs = spin(fn () => $diffService->compare($vaults, $stages, $this->option('only'), $this->option('except')), 'Gathering secrets for comparison...');
+        $diffs = spin(fn () => SecretCollection::compare($vaults, $stages, $this->option('only'), $this->option('except')), 'Gathering secrets for comparison...');
 
         if ($diffs->isNotEmpty()) {
-            $this->displayTable($diffs, $vaults, $stages, $diffService);
+            $this->displayTable($diffs, $vaults, $stages);
         } else {
             $this->info('No secrets found in any of the specified vault/stage combinations.');
         }
@@ -92,7 +91,7 @@ protected function getStagesToCompare(): array
         return Keep::getStages();
     }
 
-    protected function displayTable(Collection $diffs, array $vaults, array $stages, DiffService $diffService): void
+    protected function displayTable(Collection $diffs, array $vaults, array $stages): void
     {
         $this->newLine();
         $this->info('Secret Comparison Matrix');
@@ -128,12 +127,12 @@ protected function displayTable(Collection $diffs, array $vaults, array $stages,
 
         table($headers, $rows);
 
-        $this->displaySummary($diffs, $vaults, $stages, $diffService);
+        $this->displaySummary($diffs, $vaults, $stages);
     }
 
-    protected function displaySummary(Collection $diffs, array $vaults, array $stages, DiffService $diffService): void
+    protected function displaySummary(Collection $diffs, array $vaults, array $stages): void
     {
-        $summary = $diffService->generateSummary($diffs, $vaults, $stages);
+        $summary = SecretCollection::generateDiffSummary($diffs, $vaults, $stages);
 
         $this->info('Summary:');
         $this->line("• Total secrets: {$summary['total_secrets']}");

src/Commands/ExportCommand.php

@@ -10,8 +10,6 @@
 use STS\Keep\Services\Export\TemplatePreserveService;
 // use STS\Keep\Services\Export\CacheExportService; // Future enhancement
 use STS\Keep\Services\OutputWriter;
-use STS\Keep\Services\SecretLoader;
-use STS\Keep\Services\VaultDiscovery;
 
 class ExportCommand extends BaseCommand
 {
@@ -47,13 +45,11 @@ public function __construct(Filesystem $filesystem)
         parent::__construct($filesystem);
 
         // Initialize services
-        $secretLoader = new SecretLoader;
-        $vaultDiscovery = new VaultDiscovery;
         $outputWriter = new OutputWriter($filesystem);
 
-        $this->directExport = new DirectExportService($secretLoader, $outputWriter);
-        $this->templatePreserve = new TemplatePreserveService($secretLoader, $vaultDiscovery, $outputWriter);
-        $this->templateParse = new TemplateParseService($secretLoader, $vaultDiscovery, $outputWriter);
+        $this->directExport = new DirectExportService($outputWriter);
+        $this->templatePreserve = new TemplatePreserveService($outputWriter);
+        $this->templateParse = new TemplateParseService($outputWriter);
         // $this->cacheExport = new CacheExportService($secretLoader, $filesystem); // Future enhancement
     }
 

src/Commands/RunCommand.php

@@ -5,11 +5,10 @@
 use Illuminate\Filesystem\Filesystem;
 use STS\Keep\Commands\Concerns\GathersInput;
 use STS\Keep\Commands\Concerns\ResolvesTemplates;
-use STS\Keep\Data\Collections\SecretsCollection;
+use STS\Keep\Data\Collections\SecretCollection;
 use STS\Keep\Data\Template;
 use STS\Keep\Exceptions\ProcessExecutionException;
 use STS\Keep\Facades\Keep;
-use STS\Keep\Services\EnvironmentBuilder;
 use STS\Keep\Services\ProcessRunner;
 
 use function Laravel\Prompts\error;
@@ -35,14 +34,12 @@ class RunCommand extends BaseCommand
 
     protected $description = 'Execute a subprocess with secrets injected as environment variables';
 
-    protected EnvironmentBuilder $environmentBuilder;
     protected ProcessRunner $processRunner;
 
     public function __construct(Filesystem $filesystem)
     {
         parent::__construct($filesystem);
 
-        $this->environmentBuilder = new EnvironmentBuilder();
         $this->processRunner = new ProcessRunner();
     }
 
@@ -105,7 +102,9 @@ protected function process(): int
             );
 
             // Clear sensitive data from memory
-            $this->environmentBuilder->clearEnvironment($environment);
+            foreach ($environment as $key => $value) {
+                unset($environment[$key]);
+            }
 
             // Return the exit code from the subprocess
             if (!$result->successful) {
@@ -183,7 +182,7 @@ protected function buildFromTemplate(?string $templatePath, string $stage, strin
         }
 
         // Build environment from template
-        return $this->environmentBuilder->buildFromTemplate($template, $vaults, $inheritCurrent);
+        return $template->toEnvironment($vaults, $inheritCurrent);
     }
 
     /**
@@ -217,6 +216,6 @@ protected function buildFromVault(string $stage, string $vaultSlug, bool $inheri
         note("Injecting {$secrets->count()} secret(s) as environment variables");
 
         // Build environment
-        return $this->environmentBuilder->buildFromSecrets($secrets, $inheritCurrent);
+        return $secrets->toEnvironment($inheritCurrent);
     }
 }

src/Commands/SetCommand.php

@@ -2,8 +2,6 @@
 
 namespace STS\Keep\Commands;
 
-use STS\Keep\Services\SecretKeyValidator;
-
 class SetCommand extends BaseCommand
 {
     public $signature = 'set 
@@ -17,11 +15,7 @@ class SetCommand extends BaseCommand
 
     public function process()
     {
-        // Validate key using the shared validator service
         $key = $this->key();
-        $validator = new SecretKeyValidator();
-        $validator->validate($key);
-
         $context = $this->vaultContext();
         $secret = $context->createVault()->set($key, $this->value(), $this->secure());
 

src/Commands/StageAddCommand.php

@@ -2,9 +2,13 @@
 
 namespace STS\Keep\Commands;
 
+use Exception;
 use STS\Keep\Commands\Concerns\ValidatesStages;
+use STS\Keep\Data\Collections\PermissionsCollection;
 use STS\Keep\Data\Settings;
-use STS\Keep\Services\VaultPermissionTester;
+use STS\Keep\Data\VaultStagePermissions;
+use STS\Keep\Facades\Keep;
+use STS\Keep\Services\LocalStorage;
 
 use function Laravel\Prompts\confirm;
 use function Laravel\Prompts\error;
@@ -47,8 +51,7 @@ public function process()
         $this->line('You can now use this stage with any Keep command using --stage='.$stageName);
 
         // Verify and cache permissions for all vaults with the new stage
-        $tester = new VaultPermissionTester();
-        $collection = $tester->testNewStageAcrossVaults($stageName);
+        $collection = $this->testNewStageAcrossVaults($stageName);
 
         if (!$collection->isEmpty()) {
             info('\nVerified vault permissions for the new stage:');
@@ -95,4 +98,30 @@ private function addStage(Settings $settings, string $stageName): void
             'created_at' => $settings->createdAt(),
         ])->save();
     }
+    
+    protected function testNewStageAcrossVaults(string $stageName): PermissionsCollection
+    {
+        $vaultNames = Keep::getConfiguredVaults()->keys()->toArray();
+        $collection = new PermissionsCollection();
+        $localStorage = new LocalStorage();
+        
+        foreach ($vaultNames as $vaultName) {
+            try {
+                $vault = Keep::vault($vaultName, $stageName);
+                $results = $vault->testPermissions();
+                $permission = VaultStagePermissions::fromTestResults($vaultName, $stageName, $results);
+            } catch (Exception $e) {
+                $permission = VaultStagePermissions::fromError($vaultName, $stageName, $e->getMessage());
+            }
+            
+            $collection->addPermission($permission);
+            
+            // Update stored permissions for this vault
+            $existingPermissions = $localStorage->getVaultPermissions($vaultName) ?? [];
+            $existingPermissions[$stageName] = $permission->permissions();
+            $localStorage->saveVaultPermissions($vaultName, $existingPermissions);
+        }
+        
+        return $collection;
+    }
 }

src/Commands/VaultEditCommand.php

@@ -2,10 +2,13 @@
 
 namespace STS\Keep\Commands;
 
+use Exception;
 use STS\Keep\Commands\Concerns\ConfiguresVaults;
+use STS\Keep\Data\Collections\PermissionsCollection;
 use STS\Keep\Data\VaultConfig;
+use STS\Keep\Data\VaultStagePermissions;
 use STS\Keep\Facades\Keep;
-use STS\Keep\Services\VaultPermissionTester;
+use STS\Keep\Services\LocalStorage;
 
 use function Laravel\Prompts\error;
 use function Laravel\Prompts\info;
@@ -116,8 +119,7 @@ protected function process(): int
             info("✅ Vault configuration updated and renamed from '{$slug}' to '{$newSlug}'");
 
             // Refresh permissions for new slug
-            $tester = new VaultPermissionTester();
-            $tester->testVaultAcrossStages($newSlug);
+            $this->testVaultAcrossStages($newSlug);
         } else {
             // Save with same slug
             $updatedConfig['slug'] = $slug;
@@ -126,12 +128,35 @@ protected function process(): int
             info("✅ Vault '{$slug}' configuration updated successfully");
 
             // Refresh permissions
-            $tester = new VaultPermissionTester();
-            $tester->testVaultAcrossStages($slug);
+            $this->testVaultAcrossStages($slug);
         }
 
         return self::SUCCESS;
     }
+    
+    protected function testVaultAcrossStages(string $vaultName): void
+    {
+        $stages = Keep::getStages();
+        $collection = new PermissionsCollection();
+        $localStorage = new LocalStorage();
+        $vaultPermissions = [];
+        
+        foreach ($stages as $stage) {
+            try {
+                $vault = Keep::vault($vaultName, $stage);
+                $results = $vault->testPermissions();
+                $permission = VaultStagePermissions::fromTestResults($vaultName, $stage, $results);
+            } catch (Exception $e) {
+                $permission = VaultStagePermissions::fromError($vaultName, $stage, $e->getMessage());
+            }
+            
+            $collection->addPermission($permission);
+            $vaultPermissions[$stage] = $permission->permissions();
+        }
+        
+        // Persist permissions for this vault
+        $localStorage->saveVaultPermissions($vaultName, $vaultPermissions);
+    }
 
     private function findVaultClass(string $driver): ?string
     {

src/Commands/VerifyCommand.php

@@ -2,11 +2,12 @@
 
 namespace STS\Keep\Commands;
 
+use Exception;
 use Illuminate\Support\Str;
 use STS\Keep\Data\Collections\PermissionsCollection;
 use STS\Keep\Data\Context;
+use STS\Keep\Data\VaultStagePermissions;
 use STS\Keep\Facades\Keep;
-use STS\Keep\Services\VaultPermissionTester;
 
 use function Laravel\Prompts\spin;
 use function Laravel\Prompts\table;
@@ -22,17 +23,15 @@ class VerifyCommand extends BaseCommand
 
     public function process()
     {
-        $tester = new VaultPermissionTester();
-        
         /** @var PermissionsCollection $collection */
-        $collection = spin(function () use ($tester) {
+        $collection = spin(function () {
             // If --context is provided, use specific contexts
             if ($this->option('context')) {
                 $contexts = $this->parseContexts();
                 $vaults = array_unique(array_map(fn($c) => $c->vault, $contexts));
                 $stages = array_unique(array_map(fn($c) => $c->stage, $contexts));
 
-                return $tester->testBulkPermissions($vaults, $stages);
+                return $this->testBulkPermissions($vaults, $stages);
             }
 
             // Otherwise use existing logic
@@ -45,12 +44,33 @@ public function process()
                 ? [$this->option('stage')] 
                 : Keep::getAllStages();
 
-            return $tester->testBulkPermissions($vaults, $stages);
+            return $this->testBulkPermissions($vaults, $stages);
         }, 'Checking vault access permissions...');
 
         $this->displayResults($collection->toDisplayArray());
     }
 
+    protected function testBulkPermissions(array $vaultNames, array $stages): PermissionsCollection
+    {
+        $collection = new PermissionsCollection();
+        
+        foreach ($vaultNames as $vaultName) {
+            foreach ($stages as $stage) {
+                try {
+                    $vault = Keep::vault($vaultName, $stage);
+                    $results = $vault->testPermissions();
+                    $permission = VaultStagePermissions::fromTestResults($vaultName, $stage, $results);
+                } catch (Exception $e) {
+                    $permission = VaultStagePermissions::fromError($vaultName, $stage, $e->getMessage());
+                }
+                
+                $collection->addPermission($permission);
+            }
+        }
+        
+        return $collection;
+    }
+
 
     protected function displayResults(array $results): void
     {