@appfleet-cli/cli 0.1.0

package/dist/audit.d.ts

@@ -0,0 +1,10 @@
+export type AuditCommandResult = {
+    exitCode: number;
+    stdout: string;
+    stderr: string;
+};
+export declare function runAuditCommand(argv: string[], options?: {
+    auditPath?: string;
+    syncPath?: string;
+    projectRoot?: string;
+}): Promise<AuditCommandResult>;

package/dist/audit.js

@@ -0,0 +1,85 @@
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+import { dirname, join } from "node:path";
+import { createCloudAuditMetadataFromLocalEvent, createLocalSensitiveAuditEvent, } from "@appfleet/domain";
+export async function runAuditCommand(argv, options = {}) {
+    const normalizedArgv = argv[0] === "--" ? argv.slice(1) : argv;
+    if (normalizedArgv[0] !== "audit" || normalizedArgv[1] !== "sync") {
+        return {
+            exitCode: 1,
+            stdout: "",
+            stderr: "AppFleet audit failed: usage: audit sync [--workspace <workspace-id>] [--json]\n",
+        };
+    }
+    const workspaceId = readFlag(normalizedArgv, "--workspace") ?? "workspace_local";
+    const projectRoot = options.projectRoot ?? process.cwd();
+    const auditPath = options.auditPath ?? process.env.APPFLEET_AUDIT_PATH ?? join(projectRoot, ".appfleet", "vault-audit.jsonl");
+    const syncPath = options.syncPath ?? process.env.APPFLEET_CLOUD_AUDIT_SYNC_PATH ?? join(projectRoot, ".appfleet", "cloud-audit-sync.json");
+    const events = await readLocalAuditEvents(auditPath);
+    const auditMetadata = events
+        .filter((event) => event.workspaceId === workspaceId)
+        .map(createCloudAuditMetadataFromLocalEvent);
+    const document = {
+        type: "cloud_audit_sync_metadata_result",
+        version: 1,
+        workspaceId,
+        auditPath,
+        syncPath,
+        syncedAuditIds: auditMetadata.map((metadata) => metadata.id),
+        auditMetadata,
+        localTestPersistenceImplemented: true,
+        productionCloudPersistenceImplemented: false,
+        acceptsPlaintextSecrets: false,
+        includesCommandOutput: false,
+        includesEncryptedBlobIds: false,
+        providerApiCallsMade: false,
+        trustBoundary: [
+            "Cloud audit sync stores local audit shadow metadata only.",
+            "It omits command output, plaintext secrets, encrypted blob ids, provider payloads, and key material.",
+            "It does not call provider APIs.",
+        ],
+    };
+    await mkdir(dirname(syncPath), { recursive: true });
+    await writeFile(syncPath, `${JSON.stringify(document, null, 2)}\n`, {
+        mode: 0o600,
+    });
+    return {
+        exitCode: 0,
+        stdout: normalizedArgv.includes("--json")
+            ? `${JSON.stringify(document, null, 2)}\n`
+            : `${[
+                "AppFleet audit sync: cloud-safe audit metadata persisted locally.",
+                `workspaceId=${workspaceId}`,
+                `auditPath=${auditPath}`,
+                `syncPath=${syncPath}`,
+                `auditCount=${auditMetadata.length}`,
+                `syncedAuditIds=${auditMetadata.map((metadata) => metadata.id).join(", ")}`,
+                "productionCloudPersistence=false",
+                "includesCommandOutput=false",
+                "includesEncryptedBlobIds=false",
+            ].join("\n")}\n`,
+        stderr: "",
+    };
+}
+async function readLocalAuditEvents(path) {
+    try {
+        const raw = await readFile(path, "utf8");
+        return raw
+            .split("\n")
+            .map((line) => line.trim())
+            .filter(Boolean)
+            .map((line) => createLocalSensitiveAuditEvent(JSON.parse(line)));
+    }
+    catch (error) {
+        if (error.code === "ENOENT") {
+            return [];
+        }
+        throw error;
+    }
+}
+function readFlag(argv, flag) {
+    const index = argv.indexOf(flag);
+    if (index === -1) {
+        return undefined;
+    }
+    return argv[index + 1];
+}

package/dist/billing-cost.d.ts

@@ -0,0 +1,8 @@
+export type BillingCostCommandResult = {
+    exitCode: number;
+    stdout: string;
+    stderr: string;
+};
+export declare function runBillingCostCommand(argv: string[], options?: {
+    now?: () => Date;
+}): BillingCostCommandResult;

package/dist/billing-cost.js

@@ -0,0 +1,186 @@
+import { createBillingAccountMetadata, createBillingPaymentFailureDetection, createCostUsageRecordMetadata, createCustomerManagedKmsMetadata, } from "@appfleet/domain";
+export function runBillingCostCommand(argv, options = {}) {
+    const now = options.now ?? (() => new Date());
+    const normalizedArgv = argv[0] === "--" ? argv.slice(1) : argv;
+    const namespace = normalizedArgv[0];
+    const action = normalizedArgv[1];
+    const outputFormat = normalizedArgv.includes("--json") ? "json" : "human";
+    const workspaceId = readFlag(normalizedArgv, "--workspace") ?? "workspace_local";
+    const checkedAt = now().toISOString();
+    try {
+        if (namespace === "billing" && action === "plan") {
+            const result = createBillingAccountMetadata({
+                type: "billing_account_metadata",
+                version: 1,
+                workspaceId,
+                plan: readBillingPlan(normalizedArgv),
+                billingStatus: "provider_credentials_missing",
+                createdAt: checkedAt,
+                updatedAt: checkedAt,
+                productionReady: false,
+                productionReadiness: "local_test_metadata_persistence",
+                stripeReady: true,
+                providerApiCallsMade: false,
+                failClosedWithoutProviderCredentials: true,
+                containsPaymentMethodDetails: false,
+                containsProviderPayload: false,
+                containsCredentialValues: false,
+                storesDecryptedMaterial: false,
+            });
+            return ok(outputFormat, result, [
+                `AppFleet billing plan: ${result.plan}`,
+                `workspace=${result.workspaceId}`,
+                `status=${result.billingStatus}`,
+                "stripeReady=true",
+                "providerApiCallsMade=false",
+            ]);
+        }
+        if (namespace === "billing" && action === "status") {
+            const result = {
+                type: "billing_status_report",
+                version: 1,
+                workspaceId,
+                checkedAt,
+                status: "provider_credentials_missing",
+                stripeReady: true,
+                canCallStripe: false,
+                providerApiCallsMade: false,
+                containsPaymentMethodDetails: false,
+                containsProviderPayload: false,
+                containsCredentialValues: false,
+                storesDecryptedMaterial: false,
+            };
+            return ok(outputFormat, result, [
+                "AppFleet billing status.",
+                `workspace=${workspaceId}`,
+                "status=provider_credentials_missing",
+                "canCallStripe=false",
+            ]);
+        }
+        if (namespace === "billing" && action === "failures") {
+            const result = createBillingPaymentFailureDetection({
+                id: `billing_failure_${workspaceId}_${checkedAt.replace(/[^0-9]/g, "")}`,
+                workspaceId,
+                detectedAt: checkedAt,
+            });
+            return ok(outputFormat, result, [
+                "AppFleet billing failure detection.",
+                `workspace=${workspaceId}`,
+                `reason=${result.reason}`,
+                `nextAction=${result.nextAction}`,
+                "providerApiCallsMade=false",
+            ]);
+        }
+        if (namespace === "cost" && action === "summary") {
+            const result = {
+                type: "cost_summary_report",
+                version: 1,
+                workspaceId,
+                checkedAt,
+                records: [
+                    createCostUsageRecordMetadata({
+                        type: "cost_usage_record_metadata",
+                        version: 1,
+                        id: `cost_${workspaceId}_${checkedAt.replace(/[^0-9]/g, "")}`,
+                        workspaceId,
+                        source: "manual_metadata",
+                        category: "other",
+                        quantity: 0,
+                        unit: "usd_cent",
+                        amountCents: 0,
+                        currency: "usd",
+                        usageStartedAt: checkedAt,
+                        usageEndedAt: checkedAt,
+                        recordedAt: checkedAt,
+                        productionReady: false,
+                        productionReadiness: "local_test_metadata_persistence",
+                        providerApiCallsMade: false,
+                        containsPaymentMethodDetails: false,
+                        containsProviderPayload: false,
+                        containsCredentialValues: false,
+                        storesDecryptedMaterial: false,
+                    }),
+                ],
+                totalCents: 0,
+                currency: "usd",
+                providerApiCallsMade: false,
+                containsPaymentMethodDetails: false,
+                containsProviderPayload: false,
+            };
+            return ok(outputFormat, result, [
+                "AppFleet cost summary.",
+                `workspace=${workspaceId}`,
+                "totalUsd=0.00",
+                "providerApiCallsMade=false",
+            ]);
+        }
+        if (namespace === "billing" && action === "kms") {
+            const result = createCustomerManagedKmsMetadata({
+                type: "customer_managed_kms_metadata",
+                version: 1,
+                id: `kms_${workspaceId}`,
+                workspaceId,
+                provider: "external_key_manager",
+                keyReferenceLabel: "customer-managed-key",
+                status: "not_configured",
+                createdAt: checkedAt,
+                updatedAt: checkedAt,
+                productionReady: false,
+                productionReadiness: "local_test_metadata_persistence",
+                customerManaged: true,
+                providerApiCallsMade: false,
+                failClosedWithoutProviderCredentials: true,
+                containsPlaintextKeyMaterial: false,
+                containsCredentialValues: false,
+                containsProviderPayload: false,
+                storesDecryptedMaterial: false,
+            });
+            return ok(outputFormat, result, [
+                "AppFleet customer-managed KMS.",
+                `workspace=${workspaceId}`,
+                `status=${result.status}`,
+                "providerApiCallsMade=false",
+                "containsPlaintextKeyMaterial=false",
+            ]);
+        }
+    }
+    catch (error) {
+        return {
+            exitCode: 1,
+            stdout: "",
+            stderr: `AppFleet billing/cost failed: ${errorMessage(error)}\n`,
+        };
+    }
+    return {
+        exitCode: 1,
+        stdout: "",
+        stderr: "AppFleet billing/cost failed: usage: billing <plan|status|failures|kms> or cost summary\n",
+    };
+}
+function readBillingPlan(argv) {
+    const value = readFlag(argv, "--plan") ?? "free";
+    if (value === "free" || value === "team" || value === "business") {
+        return value;
+    }
+    throw new Error(`unsupported billing plan "${value}"`);
+}
+function readFlag(argv, flag) {
+    const index = argv.indexOf(flag);
+    if (index === -1) {
+        return undefined;
+    }
+    const value = argv[index + 1];
+    return value && !value.startsWith("--") ? value : undefined;
+}
+function ok(outputFormat, value, humanLines) {
+    return {
+        exitCode: 0,
+        stdout: outputFormat === "json"
+            ? `${JSON.stringify(value, null, 2)}\n`
+            : `${humanLines.join("\n")}\n`,
+        stderr: "",
+    };
+}
+function errorMessage(error) {
+    return error instanceof Error ? error.message : String(error);
+}

package/dist/cloud-session.d.ts

@@ -0,0 +1,124 @@
+import { type AppProjectMemory } from "@appfleet/domain";
+export type CloudSessionCommandResult = {
+    exitCode: number;
+    stdout: string;
+    stderr: string;
+};
+export type CloudSessionCommandOptions = {
+    sessionPath?: string;
+    projectMemoryStorePath?: string;
+    metadataSyncStorePath?: string;
+    projectRoot?: string;
+    env?: NodeJS.ProcessEnv;
+    transport?: ProductionCloudTransport;
+    hostedAuthTransport?: HostedAuthTransport;
+    now?: () => Date;
+    productionSyncMaxRetries?: number;
+    hostedAuthTimeoutMs?: number;
+};
+type CloudMode = "local-test" | "production";
+type ProductionCloudConfig = {
+    enabled: boolean;
+    apiBaseUrl?: string;
+    authToken?: string;
+    databaseDsn?: string;
+    sources: {
+        enabled: "flag" | "env" | "default";
+        apiBaseUrl: "flag" | "env" | "missing";
+        authToken: "env" | "device_store" | "missing";
+        databaseDsn: "env" | "missing";
+    };
+};
+type RedactedCloudConfigReport = {
+    type: "cloud_config_report";
+    mode: CloudMode;
+    productionCloudEnabled: boolean;
+    api: {
+        baseUrl: string | undefined;
+        source: ProductionCloudConfig["sources"]["apiBaseUrl"];
+        auth: {
+            bearerToken: "configured_redacted" | "missing";
+            source: ProductionCloudConfig["sources"]["authToken"];
+        };
+    };
+    database: {
+        dsn: "configured_redacted" | "missing";
+        source: ProductionCloudConfig["sources"]["databaseDsn"];
+    };
+    redaction: {
+        tokens: "redacted";
+        cookies: "redacted";
+        dsns: "redacted";
+        secrets: "redacted";
+        commandOutput: "omitted";
+        encryptedBlobIds: "omitted";
+        keyManagementMaterial: "omitted";
+    };
+};
+export type ProductionCloudMetadataSyncHttpRequest = {
+    method: "POST";
+    url: string;
+    headers: {
+        accept: "application/json";
+        contentType: "application/json";
+        authorization: "bearer_env_redacted";
+        idempotencyKey: string;
+    };
+    body: {
+        idempotencyKey: string;
+        workspaceId: string;
+        createdAt: string;
+        envelopes: Array<{
+            type: "project_memory_sync";
+            version: 1;
+            workspaceId: string;
+            projectId: string;
+            createdAt: string;
+            memory: AppProjectMemory;
+        }>;
+    };
+    redaction: RedactedCloudConfigReport["redaction"];
+};
+export type ProductionCloudTransport = (request: ProductionCloudMetadataSyncHttpRequest, context: {
+    authToken: string;
+    configReport: RedactedCloudConfigReport;
+}) => Promise<{
+    acceptedProjectIds: string[];
+    rejectedProjectIds: string[];
+}>;
+type HostedAuthHttpRequest = {
+    method: "POST";
+    url: string;
+    headers: {
+        accept: "application/json";
+        contentType: "application/json";
+    };
+    body: {
+        workspaceId?: string;
+        email?: string;
+        sessionId?: string;
+    };
+    redaction: RedactedCloudConfigReport["redaction"];
+};
+export type HostedAuthTransport = (request: HostedAuthHttpRequest, context: {
+    configReport: RedactedCloudConfigReport;
+    action: "login" | "logout";
+    timeoutMs: number;
+}) => Promise<{
+    sessionId?: string;
+    workspaceId?: string;
+    userId?: string;
+    email?: string;
+    expiresAt?: string;
+    revoked?: boolean;
+    authToken?: string;
+}>;
+export declare function runCloudSessionCommand(argv: string[], options?: CloudSessionCommandOptions): Promise<CloudSessionCommandResult>;
+export declare function buildProductionCloudMetadataSyncRequest(input: {
+    apiBaseUrl: string;
+    workspaceId: string;
+    createdAt: string;
+    memories: AppProjectMemory[];
+    idempotencyKey?: string;
+}): ProductionCloudMetadataSyncHttpRequest;
+export {};