@aifabrix/server-setup 1.3.0 → 1.5.2

package/dist/install-ssh.spec.js

@@ -0,0 +1,55 @@
+/**
+ * Tests for install-ssh: remote (mocked SSH) and local (mocked execSync).
+ */
+const mockConn = {};
+const mockExec = jest.fn();
+const mockClose = jest.fn();
+jest.mock('child_process', () => ({ execSync: jest.fn(() => Buffer.from('')) }));
+jest.mock('./ssh.js', () => ({
+    createSSHClient: jest.fn(() => Promise.resolve(mockConn)),
+    exec: jest.fn((...args) => mockExec(...args)),
+    close: jest.fn((...args) => mockClose(...args)),
+}));
+import { execSync } from 'child_process';
+import { runInstallSsh, runInstallSshLocal } from './install-ssh.js';
+describe('install-ssh', () => {
+    beforeEach(() => {
+        jest.clearAllMocks();
+        mockExec.mockResolvedValue({ stdout: '', stderr: '', code: 0 });
+        jest.spyOn(console, 'log').mockImplementation(() => { });
+    });
+    afterEach(() => {
+        console.log.mockRestore();
+    });
+    describe('runInstallSsh', () => {
+        it('connects, runs sudo apt install openssh-server and systemctl enable/start ssh, then closes', async () => {
+            await runInstallSsh({ target: 'user@host' });
+            expect(mockExec).toHaveBeenCalledTimes(1);
+            const cmd = mockExec.mock.calls[0][1];
+            expect(cmd).toContain('sudo');
+            expect(cmd).toContain('openssh-server');
+            expect(cmd).toContain('systemctl enable ssh');
+            expect(cmd).toContain('systemctl start ssh');
+            expect(mockClose).toHaveBeenCalledWith(mockConn);
+            expect(console.log).toHaveBeenCalledWith(expect.stringContaining('SSH server is enabled and running'));
+        });
+        it('throws when script exits non-zero', async () => {
+            mockExec.mockResolvedValueOnce({ stdout: '', stderr: 'E: Unable to locate package', code: 100 });
+            await expect(runInstallSsh({ target: 'user@host' })).rejects.toThrow(/install-ssh exited with code 100/);
+            expect(mockClose).toHaveBeenCalledWith(mockConn);
+        });
+    });
+    describe('runInstallSshLocal', () => {
+        it('calls execSync with sudo and install script', () => {
+            execSync.mockClear();
+            runInstallSshLocal();
+            expect(execSync).toHaveBeenCalledTimes(1);
+            const cmd = execSync.mock.calls[0][0];
+            expect(cmd).toContain('sudo');
+            expect(cmd).toContain('openssh-server');
+            expect(cmd).toContain('systemctl enable ssh');
+            expect(cmd).toContain('systemctl start ssh');
+            expect(console.log).toHaveBeenCalledWith(expect.stringContaining('SSH server is enabled and running'));
+        });
+    });
+});

package/dist/install.d.ts

@@ -17,3 +17,6 @@ export interface InstallLocalOptions {
 export declare function runInstall(options: InstallOptions): Promise<void>;
 /** Run setup script locally (no SSH). Call requireUbuntu() before this. */
 export declare function runInstallLocal(options?: InstallLocalOptions): void;
+export declare function runInstallServer(options: InstallOptions): Promise<void>;
+/** Run server phase locally (nginx vhost, builder-server container, Docker TLS). Call requireUbuntu() before this. */
+export declare function runInstallServerLocal(options?: InstallLocalOptions): void;

package/dist/install.js

@@ -8,13 +8,17 @@ import { fileURLToPath } from 'url';
 import { createSSHClient, exec, writeFile, close, } from './ssh.js';
 const scriptDir = path.dirname(fileURLToPath(import.meta.url));
 const ASSETS_DIR = path.resolve(scriptDir, '..', 'assets');
+/** Normalize to Unix LF so shebang and scripts run on Linux (avoids "No such file or directory" when CRLF). */
+function toUnixLf(s) {
+    return s.replace(/\r\n/g, '\n').replace(/\r/g, '\n');
+}
 function getSetupScript() {
     const p = path.join(ASSETS_DIR, 'setup-dev-server-no-node.sh');
-    return fs.readFileSync(p, 'utf8');
+    return toUnixLf(fs.readFileSync(p, 'utf8'));
 }
 function getNginxTemplate() {
     const p = path.join(ASSETS_DIR, 'builder', 'builder-server', 'nginx-builder-server.conf.template');
-    return fs.readFileSync(p, 'utf8');
+    return toUnixLf(fs.readFileSync(p, 'utf8'));
 }
 export async function runInstall(options) {
     const dataDir = options.dataDir ?? '/opt/aifabrix/builder-server/data';
@@ -31,12 +35,15 @@ export async function runInstall(options) {
         await writeFile(conn, `${tmpDir}/setup.sh`, setupScript);
         await writeFile(conn, `${tmpDir}/builder/builder-server/nginx-builder-server.conf.template`, nginxTemplate);
         await exec(conn, `chmod +x ${tmpDir}/setup.sh`);
+        /** Quote for remote shell so paths with spaces (e.g. Git Bash expanding /opt on Windows) don't break sudo. */
+        const q = (v) => `'${String(v).replace(/'/g, "'\\''")}'`;
         const env = [
-            `REPO_ROOT=${tmpDir}`,
-            `DATA_DIR=${dataDir}`,
-            `DEV_DOMAIN=${devDomain}`,
-            `SSL_DIR=${sslDir}`,
-            `BUILDER_SERVER_PORT=${builderServerPort}`,
+            `REPO_ROOT=${q(tmpDir)}`,
+            `INSTALL_PHASE=infra`,
+            `DATA_DIR=${q(dataDir)}`,
+            `DEV_DOMAIN=${q(devDomain)}`,
+            `SSL_DIR=${q(sslDir)}`,
+            `BUILDER_SERVER_PORT=${q(String(builderServerPort))}`,
         ].join(' ');
         const cmd = `sudo ${env} ${tmpDir}/setup.sh`;
         const result = await exec(conn, cmd);
@@ -65,7 +72,65 @@ export function runInstallLocal(options = {}) {
     try {
         fs.writeFileSync(path.join(tmpDir, 'setup.sh'), getSetupScript(), { mode: 0o755 });
         fs.writeFileSync(path.join(builderSubdir, 'nginx-builder-server.conf.template'), getNginxTemplate());
-        const env = [`REPO_ROOT=${tmpDir}`, `DATA_DIR=${dataDir}`, `DEV_DOMAIN=${devDomain}`, `SSL_DIR=${sslDir}`, `BUILDER_SERVER_PORT=${builderServerPort}`].join(' ');
+        const env = [`REPO_ROOT=${tmpDir}`, `INSTALL_PHASE=infra`, `DATA_DIR=${dataDir}`, `DEV_DOMAIN=${devDomain}`, `SSL_DIR=${sslDir}`, `BUILDER_SERVER_PORT=${builderServerPort}`].join(' ');
+        execSync(`sudo ${env} ${tmpDir}/setup.sh`, { stdio: 'inherit' });
+    }
+    finally {
+        fs.rmSync(tmpDir, { recursive: true, force: true });
+    }
+}
+export async function runInstallServer(options) {
+    const dataDir = options.dataDir ?? '/opt/aifabrix/builder-server/data';
+    const devDomain = options.devDomain ?? 'builder01.aifabrix.dev';
+    const sslDir = options.sslDir ?? '/opt/aifabrix/ssl';
+    const builderServerPort = options.builderServerPort ?? 3000;
+    const conn = await createSSHClient(options);
+    try {
+        const tmpDir = `/tmp/aifabrix-setup-${Date.now()}`;
+        await exec(conn, `mkdir -p ${tmpDir}/builder/builder-server`);
+        await exec(conn, `chmod 755 ${tmpDir}`);
+        const setupScript = getSetupScript();
+        const nginxTemplate = getNginxTemplate();
+        await writeFile(conn, `${tmpDir}/setup.sh`, setupScript);
+        await writeFile(conn, `${tmpDir}/builder/builder-server/nginx-builder-server.conf.template`, nginxTemplate);
+        await exec(conn, `chmod +x ${tmpDir}/setup.sh`);
+        const q = (v) => `'${String(v).replace(/'/g, "'\\''")}'`;
+        const env = [
+            `REPO_ROOT=${q(tmpDir)}`,
+            `INSTALL_PHASE=server`,
+            `DATA_DIR=${q(dataDir)}`,
+            `DEV_DOMAIN=${q(devDomain)}`,
+            `SSL_DIR=${q(sslDir)}`,
+            `BUILDER_SERVER_PORT=${q(String(builderServerPort))}`,
+        ].join(' ');
+        const cmd = `sudo ${env} ${tmpDir}/setup.sh`;
+        const result = await exec(conn, cmd);
+        if (result.stderr)
+            process.stderr.write(result.stderr);
+        if (result.stdout)
+            process.stdout.write(result.stdout);
+        if (result.code !== 0) {
+            throw new Error(`Install-server script exited with code ${result.code}`);
+        }
+        await exec(conn, `rm -rf ${tmpDir}`);
+    }
+    finally {
+        close(conn);
+    }
+}
+/** Run server phase locally (nginx vhost, builder-server container, Docker TLS). Call requireUbuntu() before this. */
+export function runInstallServerLocal(options = {}) {
+    const dataDir = options.dataDir ?? '/opt/aifabrix/builder-server/data';
+    const devDomain = options.devDomain ?? 'builder01.aifabrix.dev';
+    const sslDir = options.sslDir ?? '/opt/aifabrix/ssl';
+    const builderServerPort = options.builderServerPort ?? 3000;
+    const tmpDir = `/tmp/aifabrix-setup-${Date.now()}`;
+    const builderSubdir = path.join(tmpDir, 'builder', 'builder-server');
+    fs.mkdirSync(builderSubdir, { recursive: true });
+    try {
+        fs.writeFileSync(path.join(tmpDir, 'setup.sh'), getSetupScript(), { mode: 0o755 });
+        fs.writeFileSync(path.join(builderSubdir, 'nginx-builder-server.conf.template'), getNginxTemplate());
+        const env = [`REPO_ROOT=${tmpDir}`, `INSTALL_PHASE=server`, `DATA_DIR=${dataDir}`, `DEV_DOMAIN=${devDomain}`, `SSL_DIR=${sslDir}`, `BUILDER_SERVER_PORT=${builderServerPort}`].join(' ');
         execSync(`sudo ${env} ${tmpDir}/setup.sh`, { stdio: 'inherit' });
     }
     finally {

package/dist/install.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/install.spec.js

@@ -0,0 +1,23 @@
+/**
+ * Tests for install: runInstall (infra phase) and runInstallServer / runInstallServerLocal (server phase).
+ * install.ts uses import.meta.url; Jest (CJS) fails to load it. Unit tests for runInstall* are skipped; we test script content.
+ */
+import * as fs from 'fs';
+import * as path from 'path';
+const ASSETS_DIR = path.resolve(__dirname, '..', 'assets');
+const SETUP_SCRIPT = path.join(ASSETS_DIR, 'setup-dev-server-no-node.sh');
+describe('install script (setup-dev-server-no-node.sh)', () => {
+    it('defines INSTALL_PHASE and infra/server phase blocks', () => {
+        const content = fs.readFileSync(SETUP_SCRIPT, 'utf8');
+        expect(content).toContain('INSTALL_PHASE="${INSTALL_PHASE:-full}"');
+        expect(content).toContain('"$INSTALL_PHASE" = "infra"');
+        expect(content).toContain('"$INSTALL_PHASE" = "server"');
+        expect(content).toContain('End infra phase');
+        expect(content).toContain('End server phase');
+    });
+});
+describe.skip('install (runInstall* unit tests)', () => {
+    it('placeholder until Jest supports import.meta in transformed modules', () => {
+        expect(true).toBe(true);
+    });
+});

package/dist/ssh.d.ts

@@ -1,6 +1,7 @@
 /**
  * SSH client wrapper using ssh2. Used for install, backup, restore.
  * Never log private keys or sensitive data.
+ * When no private key is given, prompts for password via keyboard-interactive.
  */
 import { Client } from 'ssh2';
 export interface SSHConnectionOptions {

package/dist/ssh.js

@@ -1,10 +1,14 @@
 /**
  * SSH client wrapper using ssh2. Used for install, backup, restore.
  * Never log private keys or sensitive data.
+ * When no private key is given, prompts for password via keyboard-interactive.
  */
 import { Client } from 'ssh2';
 import * as fs from 'fs';
+import * as os from 'os';
 import * as path from 'path';
+import read from 'read';
+const DEFAULT_KEY_NAMES = ['id_ed25519', 'id_rsa'];
 export function parseTarget(target) {
     const at = target.lastIndexOf('@');
     if (at <= 0 || at === target.length - 1) {
@@ -26,18 +30,107 @@ export function createSSHClient(options) {
         }
         privateKey = fs.readFileSync(resolved, 'utf8');
     }
+    else {
+        const sshDir = path.join(os.homedir(), '.ssh');
+        for (const name of DEFAULT_KEY_NAMES) {
+            const keyPath = path.join(sshDir, name);
+            if (fs.existsSync(keyPath)) {
+                try {
+                    privateKey = fs.readFileSync(keyPath, 'utf8');
+                    break;
+                }
+                catch {
+                    // skip unreadable key, try next
+                }
+            }
+        }
+    }
+    const usedDefaultKey = !options.privateKeyPath && !options.privateKey && !!privateKey;
+    function isAuthError(err) {
+        const msg = err.message || '';
+        return (msg.includes('All configured authentication methods failed') ||
+            msg.includes('authentication') ||
+            err.level === 'client-authentication');
+    }
     return new Promise((resolve, reject) => {
-        const conn = new Client();
-        conn
-            .on('ready', () => resolve(conn))
-            .on('error', (err) => reject(err))
-            .connect({
-            host,
-            port,
-            username: user,
-            privateKey: privateKey || undefined,
-            tryKeyboard: !privateKey,
-        });
+        const doConnect = (password, useKey = true) => {
+            const keyForThisConnection = useKey ? privateKey : undefined;
+            const conn = new Client();
+            if (!keyForThisConnection && password !== undefined) {
+                conn.on('keyboard-interactive', (_name, _instructions, _lang, prompts, finish) => {
+                    if (prompts.length === 0) {
+                        finish([]);
+                        return;
+                    }
+                    finish(prompts.map(() => password));
+                });
+            }
+            else if (!keyForThisConnection) {
+                const onKeyboardInteractive = (_name, _instructions, _lang, prompts, finish) => {
+                    if (prompts.length === 0) {
+                        finish([]);
+                        return;
+                    }
+                    const next = (index, answers) => {
+                        if (index >= prompts.length) {
+                            finish(answers);
+                            return;
+                        }
+                        const p = prompts[index];
+                        read({
+                            prompt: p.prompt || (p.echo ? 'Response: ' : 'Password: '),
+                            silent: !p.echo,
+                        }, (err, value) => {
+                            if (err) {
+                                finish(answers);
+                                return;
+                            }
+                            next(index + 1, answers.concat(value || ''));
+                        });
+                    };
+                    next(0, []);
+                };
+                conn.on('keyboard-interactive', onKeyboardInteractive);
+            }
+            conn
+                .on('ready', () => resolve(conn))
+                .on('error', (err) => {
+                if (usedDefaultKey &&
+                    useKey &&
+                    isAuthError(err)) {
+                    read({ prompt: 'Password: ', silent: true }, (errRead, value) => {
+                        if (errRead) {
+                            reject(errRead);
+                            return;
+                        }
+                        doConnect(value || '', false);
+                    });
+                }
+                else {
+                    reject(err);
+                }
+            })
+                .connect({
+                host,
+                port,
+                username: user,
+                privateKey: keyForThisConnection || undefined,
+                password: !keyForThisConnection ? password : undefined,
+                tryKeyboard: !keyForThisConnection,
+            });
+        };
+        if (!privateKey) {
+            read({ prompt: 'Password: ', silent: true }, (err, value) => {
+                if (err) {
+                    reject(err);
+                    return;
+                }
+                doConnect(value || '');
+            });
+        }
+        else {
+            doConnect(undefined);
+        }
     });
 }
 export function exec(conn, command) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aifabrix/server-setup",
-  "version": "1.3.0",
+  "version": "1.5.2",
   "description": "CLI to install, backup, and restore AI Fabrix builder-server (config + DB) over SSH",
   "type": "module",
   "main": "dist/cli.js",
@@ -24,6 +24,7 @@
     "better-sqlite3": "^11.6.0",
     "commander": "^12.1.0",
     "extract-zip": "^2.0.1",
+    "read": "^1.0.7",
     "ssh2": "^1.15.0"
   },
   "devDependencies": {
@@ -32,6 +33,7 @@
     "@types/better-sqlite3": "^7.6.11",
     "@types/jest": "^29.5.14",
     "@types/node": "^22.10.2",
+    "@types/read": "^0.0.32",
     "@types/ssh2": "^1.15.5",
     "@typescript-eslint/eslint-plugin": "^8.17.0",
     "@typescript-eslint/parser": "^8.17.0",
@@ -44,5 +46,10 @@
   "files": [
     "dist",
     "assets"
-  ]
+  ],
+  "pnpm": {
+    "onlyBuiltDependencies": [
+      "better-sqlite3"
+    ]
+  }
 }