pipeline {
  agent any

  environment {
    SECURE_ENV_KEY = credentials('secure-env-key')
  }

  stages {
    stage('Validate Secrets') {
      steps {
        sh 'npm ci'
        sh 'npx secure-env validate --strict'
        sh 'npx secure-env report --compliance'
      }
    }
  }
}
