@agentuity/cli 1.0.28 → 1.0.30

package/src/cmd/cloud/storage/config.ts

@@ -0,0 +1,238 @@
+import { z } from 'zod';
+import {
+	getBucketConfig,
+	updateBucketConfig,
+	deleteBucketConfig,
+	BucketConfigResponseError,
+	listOrgResources,
+	type BucketConfigUpdate,
+	type BucketConfig,
+	StorageTierSchema,
+} from '@agentuity/server';
+import { createSubcommand } from '../../../types';
+import * as tui from '../../../tui';
+import { getCatalystAPIClient, getGlobalCatalystAPIClient } from '../../../config';
+import { getCommand } from '../../../command-prefix';
+import { getResourceInfo, setResourceInfo } from '../../../cache';
+
+function displayConfig(config: BucketConfig) {
+	tui.newline();
+	console.log(tui.bold('Bucket:          ') + config.bucket_name);
+	console.log(
+		tui.bold('Storage Tier:    ') + (config.storage_tier ?? tui.muted('default'))
+	);
+	console.log(
+		tui.bold('TTL:             ') +
+			(config.ttl != null ? `${config.ttl}s` : tui.muted('default'))
+	);
+	console.log(
+		tui.bold('Public:          ') +
+			(config.public != null ? String(config.public) : tui.muted('default'))
+	);
+	console.log(
+		tui.bold('Cache Control:   ') + (config.cache_control ?? tui.muted('default'))
+	);
+
+	if (config.cors) {
+		console.log(tui.bold('CORS:'));
+		if (config.cors.allowed_origins?.length) {
+			console.log('  Origins: ' + config.cors.allowed_origins.join(', '));
+		}
+		if (config.cors.allowed_methods?.length) {
+			console.log('  Methods: ' + config.cors.allowed_methods.join(', '));
+		}
+		if (config.cors.allowed_headers?.length) {
+			console.log('  Headers: ' + config.cors.allowed_headers.join(', '));
+		}
+		if (config.cors.expose_headers?.length) {
+			console.log('  Expose:  ' + config.cors.expose_headers.join(', '));
+		}
+		if (config.cors.max_age_seconds != null) {
+			console.log('  Max Age: ' + config.cors.max_age_seconds + 's');
+		}
+	} else {
+		console.log(tui.bold('CORS:            ') + tui.muted('default'));
+	}
+
+	if (config.additional_headers && Object.keys(config.additional_headers).length > 0) {
+		console.log(tui.bold('Headers:'));
+		for (const [key, value] of Object.entries(config.additional_headers)) {
+			console.log(`  ${key}: ${value}`);
+		}
+	} else {
+		console.log(tui.bold('Headers:         ') + tui.muted('default'));
+	}
+	tui.newline();
+}
+
+export const configSubcommand = createSubcommand({
+	name: 'config',
+	description: 'View or update bucket configuration',
+	tags: ['slow', 'requires-auth'],
+	requires: { auth: true },
+	optional: { org: true },
+	idempotent: true,
+	examples: [
+		{
+			command: `${getCommand('cloud storage config')} my-bucket`,
+			description: 'View bucket configuration',
+		},
+		{
+			command: `${getCommand('cloud storage config')} my-bucket --ttl 3600 --public`,
+			description: 'Update bucket TTL and make it public',
+		},
+		{
+			command: `${getCommand('cloud storage config')} my-bucket --storage-tier ARCHIVE`,
+			description: 'Change the storage tier',
+		},
+		{
+			command: `${getCommand('cloud storage config')} my-bucket --reset`,
+			description: 'Reset all configuration to system defaults',
+		},
+	],
+	schema: {
+		args: z.object({
+			name: z.string().describe('The name of the storage bucket'),
+		}),
+		options: z.object({
+			reset: z.boolean().optional().describe('Reset all configuration to system defaults'),
+			storageTier: StorageTierSchema.optional().describe('Storage tier'),
+			ttl: z.coerce.number().optional().describe('Object TTL in seconds (0 to clear)'),
+			public: z.boolean().optional().describe('Make bucket publicly accessible'),
+			cacheControl: z.string().optional().describe('Cache-Control header value'),
+			cors: z.string().optional().describe('CORS configuration as JSON string'),
+			additionalHeaders: z
+				.string()
+				.optional()
+				.describe('Additional headers as JSON key-value pairs'),
+		}),
+		response: z.object({
+			bucket_name: z.string(),
+			storage_tier: z.string().nullable().optional(),
+			ttl: z.number().nullable().optional(),
+			public: z.boolean().nullable().optional(),
+			cache_control: z.string().nullable().optional(),
+			cors: z.any().nullable().optional(),
+			additional_headers: z.record(z.string(), z.string()).nullable().optional(),
+		}),
+	},
+
+	async handler(ctx) {
+		const { logger, args, opts, options, auth, config } = ctx;
+		const { name: bucketName } = args;
+
+		const profileName = config?.name ?? 'production';
+		const catalystClient = await getGlobalCatalystAPIClient(logger, auth, profileName);
+
+		// Look up bucket to get cloud_region
+		const cachedInfo = await getResourceInfo('bucket', profileName, bucketName);
+		const orgId = ctx.orgId ?? cachedInfo?.orgId;
+
+		const resources = await tui.spinner({
+			message: 'Looking up bucket...',
+			clearOnSuccess: true,
+			callback: () => listOrgResources(catalystClient, { type: 's3', orgId }),
+		});
+
+		const bucket = resources.s3.find((s3) => s3.bucket_name === bucketName);
+		if (!bucket) {
+			throw new BucketConfigResponseError({ message: `Bucket "${bucketName}" not found` });
+		}
+
+		// Cache the bucket info for future lookups
+		if (bucket.cloud_region && bucket.org_id) {
+			await setResourceInfo(
+				'bucket',
+				profileName,
+				bucket.bucket_name,
+				bucket.cloud_region,
+				bucket.org_id
+			);
+		}
+
+		if (!bucket.cloud_region) {
+			throw new BucketConfigResponseError({
+				message: `Bucket "${bucketName}" is missing region information`,
+			});
+		}
+
+		// Create regional client for bucket config operations (orgId required for CLI auth)
+		const regionalClient = getCatalystAPIClient(logger, auth, bucket.cloud_region, bucket.org_id);
+
+		// Handle --reset flag (DELETE)
+		if (opts.reset) {
+			await tui.spinner({
+				message: 'Resetting bucket configuration...',
+				clearOnSuccess: true,
+				callback: () => deleteBucketConfig(regionalClient, bucketName),
+			});
+			if (!options.json) {
+				tui.success(`Configuration reset to defaults for bucket "${bucketName}"`);
+			}
+			return { bucket_name: bucketName };
+		}
+
+		// Check if any update flags are present
+		const hasUpdateFlags =
+			opts.storageTier !== undefined ||
+			opts.ttl !== undefined ||
+			opts.public !== undefined ||
+			opts.cacheControl !== undefined ||
+			opts.cors !== undefined ||
+			opts.additionalHeaders !== undefined;
+
+		if (hasUpdateFlags) {
+			// Build update payload
+			const update: BucketConfigUpdate = {};
+
+			if (opts.storageTier !== undefined) update.storage_tier = opts.storageTier;
+			if (opts.ttl !== undefined) update.ttl = opts.ttl === 0 ? null : opts.ttl;
+			if (opts.public !== undefined) update.public = opts.public;
+			if (opts.cacheControl !== undefined) update.cache_control = opts.cacheControl;
+
+			// Parse JSON flags
+			if (opts.cors !== undefined) {
+				try {
+					update.cors = JSON.parse(opts.cors);
+				} catch {
+					throw new BucketConfigResponseError({
+						message: 'Invalid JSON for --cors flag',
+					});
+				}
+			}
+			if (opts.additionalHeaders !== undefined) {
+				try {
+					update.additional_headers = JSON.parse(opts.additionalHeaders);
+				} catch {
+					throw new BucketConfigResponseError({
+						message: 'Invalid JSON for --additionalHeaders flag',
+					});
+				}
+			}
+
+			const result = await tui.spinner({
+				message: 'Updating bucket configuration...',
+				clearOnSuccess: true,
+				callback: () => updateBucketConfig(regionalClient, bucketName, update),
+			});
+
+			if (!options.json) {
+				displayConfig(result);
+				tui.success(`Configuration updated for bucket "${bucketName}"`);
+			}
+			return result;
+		}
+
+		// No update flags — GET and display
+		const getResult = await tui.spinner({
+			message: 'Fetching bucket configuration...',
+			clearOnSuccess: true,
+			callback: () => getBucketConfig(regionalClient, bucketName),
+		});
+
+		if (!options.json) {
+			displayConfig(getResult);
+		}
+		return getResult;
+	},
+});

package/src/cmd/cloud/storage/index.ts

@@ -1,4 +1,5 @@
 import { createCommand } from '../../../types';
+import { configSubcommand } from './config';
 import { createSubcommand } from './create';
 import { listSubcommand } from './list';
 import { deleteSubcommand } from './delete';
@@ -20,6 +21,7 @@ export const storageCommand = createCommand({
 		},
 	],
 	subcommands: [
+		configSubcommand,
 		createSubcommand,
 		listSubcommand,
 		getSubcommand,

package/src/cmd/cloud/storage/list.ts

@@ -23,6 +23,9 @@ const StorageListResponseSchema = z.object({
 				bucket_type: z.string().optional().describe('Bucket type (user or snapshots)'),
 				internal: z.boolean().optional().describe('Whether this is a system-managed bucket'),
 				description: z.string().optional().describe('Optional description of the bucket'),
+				object_count: z.number().int().optional().describe('Number of objects in this bucket'),
+				total_size: z.number().int().optional().describe('Total size of objects in bytes'),
+				last_event_at: z.string().optional().describe('Last activity timestamp'),
 			})
 		)
 		.optional()
@@ -256,6 +259,18 @@ export const listSubcommand = createSubcommand({
 					}
 					if (s3.region) console.log(` Region:     ${tui.muted(s3.region)}`);
 					if (s3.endpoint) console.log(` Endpoint:   ${tui.muted(s3.endpoint)}`);
+					if (s3.object_count != null) {
+						const sizeStr = s3.total_size != null ? tui.formatBytes(s3.total_size) : 'unknown';
+						console.log(` Objects:    ${tui.muted(`${s3.object_count.toLocaleString()} (${sizeStr})`)}`);
+					}
+					if (s3.last_event_at) {
+						const date = new Date(s3.last_event_at);
+						if (Number.isNaN(date.getTime())) {
+							console.log(` Activity:   ${tui.muted('unknown')}`);
+						} else {
+							console.log(` Activity:   ${tui.muted(date.toLocaleDateString('en-US', { month: 'short', day: 'numeric', year: 'numeric', hour: '2-digit', minute: '2-digit' }))}`);
+						}
+					}
 					tui.newline();
 				}
 			}
@@ -274,6 +289,9 @@ export const listSubcommand = createSubcommand({
 				bucket_type: s3.bucket_type,
 				internal: s3.internal,
 				description: s3.description ?? undefined,
+				object_count: s3.object_count ?? undefined,
+				total_size: s3.total_size ?? undefined,
+				last_event_at: s3.last_event_at ?? undefined,
 			})),
 		};
 	},

package/src/cmd/project/template-flow.ts

@@ -11,6 +11,7 @@ import {
 	APIClient as ServerAPIClient,
 	createResources,
 	validateDatabaseName,
+	validateBucketName,
 } from '@agentuity/server';
 import type { Logger } from '@agentuity/core';
 import * as tui from '../../tui';
@@ -440,11 +441,40 @@ export async function runCreateFlow(options: CreateFlowOptions): Promise<CreateF
 		// Process storage action
 		switch (s3_action) {
 			case 'Create New': {
+				let bucketName: string | undefined;
+				let bucketDescription: string | undefined;
+
+				// Only prompt for name/description in interactive mode
+				if (isInteractive) {
+					const bucketNameInput = await prompt.text({
+						message: 'Bucket name',
+						hint: 'Optional - lowercase letters, digits, hyphens only',
+						validate: (value: string) => {
+							const trimmed = value.trim();
+							if (trimmed === '') return true;
+							const result = validateBucketName(trimmed);
+							return result.valid ? true : result.error!;
+						},
+					});
+					bucketName = bucketNameInput.trim() || undefined;
+					bucketDescription =
+						(await prompt.text({
+							message: 'Bucket description',
+							hint: 'Optional - press Enter to skip',
+						})) || undefined;
+				}
+
 				const created = await tui.spinner({
 					message: 'Provisioning New Bucket',
 					clearOnSuccess: true,
 					callback: async () => {
-						return createResources(catalystClient!, orgId!, region!, [{ type: 's3' }]);
+						return createResources(catalystClient!, orgId!, region!, [
+							{
+								type: 's3',
+								name: bucketName,
+								description: bucketDescription,
+							},
+						]);
 					},
 				});
 				// Collect env vars from newly created resource

package/src/domain.ts

@@ -95,6 +95,30 @@ async function fetchDNSRecord(name: string, type: string): Promise<string | null
 	return records[0] ?? null;
 }
 
+/**
+ * Check if a domain has a valid TLS certificate by making a HEAD request.
+ * This also triggers Let's Encrypt certificate provisioning on first access.
+ * Returns true if the TLS certificate is valid (any HTTP status code received).
+ * Returns false if the certificate is not yet provisioned (timeout or TLS error).
+ */
+async function checkTLSCertificate(domain: string): Promise<boolean> {
+	try {
+		await fetch(`https://${domain}`, {
+			method: 'HEAD',
+			signal: AbortSignal.timeout(timeoutMs),
+			redirect: 'manual',
+			// @ts-expect-error - cache is supported by Bun's fetch at runtime but missing from type definitions
+			cache: 'no-store',
+		});
+		// Any HTTP response means TLS handshake succeeded and certificate is valid
+		return true;
+	} catch {
+		// Timeout, TLS certificate error, connection refused, etc.
+		// All indicate the certificate is not yet provisioned
+		return false;
+	}
+}
+
 const LOCAL_DNS = 'agentuity.io';
 const PRODUCTION_DNS = 'agentuity.run';
 
@@ -171,15 +195,27 @@ export async function checkCustomDomainForDNS(
 					if (timeoutId) clearTimeout(timeoutId);
 				});
 
-				if (result) {
-					if (result === proxy) {
+			if (result) {
+				if (result === proxy) {
+						// DNS is correct — verify TLS certificate (also triggers Let's Encrypt provisioning)
+						const tlsValid = await checkTLSCertificate(domain);
+						if (tlsValid) {
+							return {
+								domain,
+								target: proxy,
+								aRecordTarget,
+								recordType: 'CNAME',
+								success: true,
+							} as DNSSuccess;
+						}
 						return {
 							domain,
 							target: proxy,
 							aRecordTarget,
 							recordType: 'CNAME',
 							success: true,
-						} as DNSSuccess;
+							pending: true,
+						} as DNSPending;
 					}
 					return {
 						domain,
@@ -242,13 +278,25 @@ export async function checkCustomDomainForDNS(
 					if (domainARecords.length > 0) {
 						const matching = domainARecords.some((a) => ionIPs.includes(a));
 						if (matching) {
+							// DNS is correct — verify TLS certificate (also triggers Let's Encrypt provisioning)
+							const tlsValid = await checkTLSCertificate(domain);
+							if (tlsValid) {
+								return {
+									domain,
+									target: proxy,
+									aRecordTarget,
+									recordType: 'A',
+									success: true,
+								} as DNSSuccess;
+							}
 							return {
 								domain,
 								target: proxy,
 								aRecordTarget,
 								recordType: 'A',
 								success: true,
-							} as DNSSuccess;
+								pending: true,
+							} as DNSPending;
 						}
 						return {
 							domain,

package/src/tui.ts

@@ -2235,7 +2235,8 @@ export function formatBytes(bytes: number): string {
 	if (bytes < 1024) return `${bytes} B`;
 	if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(2)} KB`;
 	if (bytes < 1024 * 1024 * 1024) return `${(bytes / (1024 * 1024)).toFixed(2)} MB`;
-	return `${(bytes / (1024 * 1024 * 1024)).toFixed(2)} GB`;
+	if (bytes < 1024 * 1024 * 1024 * 1024) return `${(bytes / (1024 * 1024 * 1024)).toFixed(2)} GB`;
+	return `${(bytes / (1024 * 1024 * 1024 * 1024)).toFixed(2)} TB`;
 }
 
 export function clearLastLines(n: number, s?: (v: string) => void) {