@bizone-ai/cli 0.1.0

package/src/containers/resources-job.js

@@ -0,0 +1,8 @@
+export const RESOURCES_JOB = {
+    type: "resources",
+    image: "699453144787.dkr.ecr.us-east-1.amazonaws.com/bizone-resources:latest",
+    containerName: "bizone-resources",
+    defaultEnv: {
+        RESOURCE_MANAGER_URL: "http://bizone-res-manager",
+    }
+}

package/src/containers/state-store.js

@@ -0,0 +1,28 @@
+import {BIZONE_SERVICE_ENV} from "./_commons.js";
+
+export const STATE_STORE_SERVICE = {
+    type: 'state-store',
+    image: `699453144787.dkr.ecr.us-east-1.amazonaws.com/state-store:latest`,
+    containerName: 'state-store',
+    containerPort: 80,
+    portKey: 'state_store_port',
+    defaultPort: '8088',
+    enableKey: 'state_store_enable',
+    readyPath: '/.system/status',
+    readyCheck: 'systemStatusOk',
+    defaultEnv: {
+        "http.port": "80",
+        "transport.config.endpoint": "http://bizone-res-manager/",
+
+        'storage.type': 'mysql',
+        "storage.supported": "memory,mysql",
+
+        'mysql.storage': 'jdbc:mysql://bizone-mysql:3306',
+        'mysql.storage.user': 'root',
+        'mysql.storage.password.secret': 'mysql/password',
+
+        'secret.mysql.password': 'root',
+
+        ...BIZONE_SERVICE_ENV
+    }
+};

package/src/containers/ui.js

@@ -0,0 +1,15 @@
+export const UI_SERVICE = {
+    type: 'ui',
+    image: "699453144787.dkr.ecr.us-east-1.amazonaws.com/bizone-ui:latest",
+    containerName: 'bizone-ui',
+    containerPort: 7006,
+    portKey: 'ui_port',
+    defaultPort: '7006',
+    enableKey: null,
+    readyPath: '/actuator/health/readiness',
+    readyCheck: 'uiReadinessUp',
+    defaultEnv: {
+        "resource-manager.url": "http://bizone-res-manager/",
+        "auth.type": "none"
+    }
+}

package/src/defaults.js

@@ -0,0 +1,64 @@
+// Static defaults and platform topology for the Bizone CLI.
+
+import {ORCHESTRATOR_SERVICE} from "./containers/orchestrator.js";
+import {RESOURCE_MANAGER_SERVICE} from "./containers/resource-manager.js";
+import {STATE_STORE_SERVICE} from "./containers/state-store.js";
+import {MYSQL_SERVICE} from "./containers/mysql.js";
+import {CLOUD_TOOLS_SERVICE} from "./containers/cloud-tools.js";
+import {UI_SERVICE} from "./containers/ui.js";
+import {RESOURCES_JOB} from "./containers/resources-job.js";
+
+export const CONTAINERS = {
+  mysql: MYSQL_SERVICE,
+  'resource-manager': RESOURCE_MANAGER_SERVICE,
+  orchestrator: ORCHESTRATOR_SERVICE,
+  'state-store': STATE_STORE_SERVICE,
+  'cloud-tools': CLOUD_TOOLS_SERVICE,
+  ui: UI_SERVICE,
+  resources: RESOURCES_JOB
+};
+
+// Valid image / environment "types" (a.k.a. container types).
+export const IMAGE_TYPES = Object.keys(CONTAINERS);
+
+export function defaultEnvFor(type) {
+  return CONTAINERS[type]?.defaultEnv ?? {};
+}
+
+// Shared docker network name (default; overridable via the `network_name` config key).
+export const NETWORK_NAME = 'bizone-local';
+
+// Defaults for general `config` keys.
+export const DEFAULT_CONFIG = {
+  forward_aws_env: 'true',
+  network_name: NETWORK_NAME,
+  mysql_port: CONTAINERS.mysql.defaultPort,
+  orchestrator_port: CONTAINERS.orchestrator.defaultPort,
+  resource_manager_port: CONTAINERS["resource-manager"].defaultPort,
+  state_store_port: CONTAINERS["state-store"].defaultPort,
+  state_store_enable: 'true',
+  cloud_tools_port: CONTAINERS["cloud-tools"].defaultPort,
+  cloud_tools_enable: 'false',
+  ui_port: CONTAINERS.ui.defaultPort,
+  timeout_sec: '300',
+};
+
+// Known config keys (used for validation / help).
+export const CONFIG_KEYS = Object.keys(DEFAULT_CONFIG);
+
+// AWS env vars forwarded into the orchestrator runtime when forward_aws_env=true.
+export const AWS_ENV_VARS = ['AWS_REGION', 'AWS_ACCESS_KEY_ID', 'AWS_SECRET_ACCESS_KEY'];
+
+// Predefined secret env-var names. When showing env (`environment get`),
+// values for these keys are masked. Matching is case-insensitive and also
+// triggers on any key containing one of the SECRET_KEY_SUBSTRINGS below.
+export const SECRET_ENV_KEYS = [
+  'AWS_SECRET_ACCESS_KEY',
+  'AWS_ACCESS_KEY_ID',
+];
+
+export const SECRET_KEY_SUBSTRINGS = ['password', 'secret', 'token', 'apikey', 'api_key'];
+
+// Importing procedure constants.
+export const IMPORT_USER = 'bizone-cli';
+export const IMPORT_MESSAGE = 'resource initialization';

package/src/docker.js

@@ -0,0 +1,190 @@
+// Docker helpers. All commands shell out to the local `docker` binary.
+
+import { spawnSync, spawn } from 'node:child_process';
+
+function run(args, opts = {}) {
+  return spawnSync('docker', args, { encoding: 'utf8', ...opts });
+}
+
+// --- AWS ECR auto-login ---------------------------------------------------
+
+// Matches an AWS ECR registry host and captures (registry, region):
+//   {account}.dkr.ecr.{region}.amazonaws.com/{repo}:{tag}
+const ECR_RE = /^([0-9]+\.dkr\.ecr\.([a-z0-9-]+)\.amazonaws\.com)\//;
+
+// Error fragments that indicate a missing/expired registry authorization.
+// ECR returns "403 Forbidden" on the manifest HEAD when not authenticated.
+const AUTH_ERR_RE =
+  /(pull access denied|not authorized|no basic auth credentials|authentication required|denied|unauthorized|forbidden|\b401\b|\b403\b)/i;
+
+// Registries we have already logged into during this process.
+const loggedInRegistries = new Set();
+
+function parseEcr(image) {
+  const m = String(image).match(ECR_RE);
+  if (!m) return null;
+  return { registry: m[1], region: m[2] };
+}
+
+// Authenticate docker to the ECR registry backing `image`, using the AWS CLI.
+// No-op (returns false) for non-ECR images. Throws on failure.
+function ecrLogin(ecr) {
+  if (!ecr) return false;
+  if (loggedInRegistries.has(ecr.registry)) return true;
+
+  const pw = spawnSync('aws', ['ecr', 'get-login-password', '--region', ecr.region], {
+    encoding: 'utf8',
+  });
+  if (pw.status !== 0) {
+    throw new Error(
+      `Failed to obtain ECR password (aws ecr get-login-password --region ${ecr.region}): ` +
+        `${(pw.stderr || pw.error?.message || '').trim()}. Is the AWS CLI installed and configured?`,
+    );
+  }
+
+  const login = spawnSync(
+    'docker',
+    ['login', '--username', 'AWS', '--password-stdin', ecr.registry],
+    { input: pw.stdout.trim(), encoding: 'utf8' },
+  );
+  if (login.status !== 0) {
+    throw new Error(`docker login to ${ecr.registry} failed: ${(login.stderr || '').trim()}`);
+  }
+
+  loggedInRegistries.add(ecr.registry);
+  return true;
+}
+
+// Ensure `image` is pullable. Tries `docker pull`; on an authorization error
+// against an ECR image, logs in and retries once. Non-auth pull failures are
+// ignored here (the image may already exist locally) and surfaced later by the
+// actual `docker run`.
+export function ensureImage(image, { onBeforePull, onBeforeLogin } = {}) {
+  if (onBeforePull) onBeforePull(image);
+  let r = run(['pull', image]);
+  if (r.status === 0) return;
+
+  const out = `${r.stdout || ''}${r.stderr || ''}`;
+  if (AUTH_ERR_RE.test(out)) {
+    const ecr = parseEcr(image);
+    if (ecr) {
+      if (onBeforeLogin) onBeforeLogin(ecr.registry);
+      ecrLogin(ecr);
+      if (onBeforePull) onBeforePull(image);
+      r = run(['pull', image]);
+      if (r.status !== 0) {
+        throw new Error(`docker pull ${image} failed after ECR login: ${(r.stderr || '').trim()}`);
+      }
+    }
+  }
+}
+
+export function dockerAvailable() {
+  const r = run(['version', '--format', '{{.Server.Version}}']);
+  return r.status === 0;
+}
+
+// Create the shared network if it does not already exist. Never fails if present.
+export function ensureNetwork(network) {
+  const ls = run(['network', 'ls', '--filter', `name=^${network}$`, '--format', '{{.Name}}']);
+  if (ls.status === 0 && ls.stdout.split('\n').includes(network)) {
+    return false; // already existed
+  }
+  const create = run(['network', 'create', network]);
+  if (create.status !== 0 && !/already exists/i.test(create.stderr || '')) {
+    throw new Error(`Failed to create network ${network}: ${create.stderr.trim()}`);
+  }
+  return true; // created
+}
+
+// Run a container detached. Returns the full container id.
+export function runDetached({ name, hostPort, containerPort, image, env = {}, volume = null, network }) {
+  const args = ['run', '-d', '--name', name, '-h', name, '--network', network, '--network-alias', name];
+  if (hostPort != null && containerPort != null) {
+    args.push('-p', `${hostPort}:${containerPort}`);
+  }
+  if (volume && volume.name && volume.mount) {
+    args.push('-v', `${volume.name}:${volume.mount}`);
+  }
+  for (const [k, v] of Object.entries(env)) {
+    if (v === undefined || v === null || v === '') continue;
+    args.push('-e', `${k}=${v}`);
+  }
+  args.push(image);
+
+  const r = run(args);
+  if (r.status !== 0) {
+    throw new Error(`docker run ${name} failed: ${(r.stderr || '').trim()}`);
+  }
+  return r.stdout.trim();
+}
+
+// Run a container in the foreground (blocking), removing it on exit.
+export function runBlocking({ name, image, env = {}, network }) {
+  return new Promise((resolve, reject) => {
+    const args = ['run', '--rm', '--name', name, '--network', network];
+    for (const [k, v] of Object.entries(env)) {
+      if (v === undefined || v === null || v === '') continue;
+      args.push('-e', `${k}=${v}`);
+    }
+    args.push(image);
+
+    const child = spawn('docker', args, { stdio: 'inherit' });
+    child.on('error', reject);
+    child.on('close', (code) => {
+      if (code === 0) resolve();
+      else reject(new Error(`Resources init job (${name}) exited with code ${code}`));
+    });
+  });
+}
+
+// Return the set of running container ids (full ids).
+export function runningContainerIds() {
+  const r = run(['ps', '--no-trunc', '--format', '{{.ID}}']);
+  if (r.status !== 0) return new Set();
+  return new Set(r.stdout.split('\n').map((s) => s.trim()).filter(Boolean));
+}
+
+// Return the set of running container names.
+export function runningContainerNames() {
+  const r = run(['ps', '--format', '{{.Names}}']);
+  if (r.status !== 0) return new Set();
+  return new Set(r.stdout.split('\n').map((s) => s.trim()).filter(Boolean));
+}
+
+export function isContainerRunning(name) {
+  return runningContainerNames().has(name);
+}
+
+// Remove a named docker volume. Returns true on success.
+export function removeVolume(name) {
+  return run(['volume', 'rm', name]).status === 0;
+}
+
+// Stop & remove a container by id or name. Ignores "no such container".
+export function stopContainer(idOrName) {
+  const stop = run(['stop', idOrName]);
+  run(['rm', '-f', idOrName]); // best-effort cleanup
+  return stop.status === 0;
+}
+
+// Remove a container if it already exists (cleanup before re-running).
+export function removeIfExists(name) {
+  run(['rm', '-f', name]);
+}
+
+// Whether the MySQL server inside a container accepts connections.
+export function mysqlReady(containerName, { user = 'root', password = 'root' } = {}) {
+  const r = run([
+    'exec',
+    containerName,
+    'mysqladmin',
+    'ping',
+    '-h',
+    '127.0.0.1',
+    `-u${user}`,
+    `-p${password}`,
+    '--silent',
+  ]);
+  return r.status === 0;
+}

package/src/http.js

@@ -0,0 +1,60 @@
+// HTTP helpers: generic readiness waiting + resource import.
+
+import { IMPORT_USER, IMPORT_MESSAGE } from './defaults.js';
+
+const sleep = (ms) => new Promise((r) => setTimeout(r, ms));
+
+// Readiness predicates keyed by name (see SERVICES[].readyCheck).
+const CHECKS = {
+  systemStatusOk: (body) => body && body.status === 'OK',
+  uiReadinessUp: (body) => body && body.status && body.status.code === 'UP',
+};
+
+async function probe(url) {
+  try {
+    const res = await fetch(url, { method: 'GET' });
+    if (!res.ok) return null;
+    const text = await res.text();
+    try {
+      return JSON.parse(text);
+    } catch {
+      return null;
+    }
+  } catch {
+    return null; // connection refused / not up yet
+  }
+}
+
+// Generic wait-for-ready. Polls `url`, applying the named check, until it
+// passes or the timeout elapses. Returns true on success, throws on timeout.
+export async function waitForReady({ url, checkName, timeoutSec, label, onTick }) {
+  const check = CHECKS[checkName];
+  if (!check) throw new Error(`Unknown readiness check: ${checkName}`);
+
+  const deadline = Date.now() + timeoutSec * 1000;
+  let attempt = 0;
+  while (Date.now() < deadline) {
+    attempt += 1;
+    const body = await probe(url);
+    if (body && check(body)) return true;
+    if (onTick) onTick(attempt);
+    await sleep(1500);
+  }
+  throw new Error(`Timed out waiting for ${label || url} to become ready (${timeoutSec}s)`);
+}
+
+// Import a set of items into a resource-manager namespace.
+export async function importNamespace({ port, namespace, items }) {
+  const url = `http://localhost:${port}/admin/${namespace}/status`;
+  const payload = { user: IMPORT_USER, message: IMPORT_MESSAGE, items };
+  const res = await fetch(url, {
+    method: 'POST',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify(payload),
+  });
+  if (!res.ok) {
+    const body = await res.text().catch(() => '');
+    throw new Error(`Import of namespace "${namespace}" failed: HTTP ${res.status} ${body}`);
+  }
+  return true;
+}

package/src/resources-loader.js

@@ -0,0 +1,50 @@
+// Reads resource definitions from a file or a folder into an "items" array,
+// following the importing procedure rules:
+//
+//   - folder: recursively collect every *.json file's contents as items
+//   - single file with an "items" field: use that array
+//   - single file otherwise: the file contents become the sole item
+
+import { readFileSync, statSync, readdirSync } from 'node:fs';
+import { join, isAbsolute, resolve } from 'node:path';
+
+import { BIZONE_DIR } from './config.js';
+
+function readJson(path) {
+  const raw = readFileSync(path, 'utf8');
+  return JSON.parse(raw);
+}
+
+function collectJsonFiles(dir, out = []) {
+  for (const entry of readdirSync(dir, { withFileTypes: true })) {
+    const full = join(dir, entry.name);
+    if (entry.isDirectory()) {
+      collectJsonFiles(full, out);
+    } else if (entry.isFile() && entry.name.toLowerCase().endsWith('.json')) {
+      out.push(full);
+    }
+  }
+  return out;
+}
+
+// Resolve a configured path. Relative paths resolve against the .bizone dir
+// (where config.json lives) for stable behavior regardless of cwd.
+export function resolveResourcePath(p) {
+  return isAbsolute(p) ? p : resolve(BIZONE_DIR, p);
+}
+
+export function loadItems(configuredPath) {
+  const path = resolveResourcePath(configuredPath);
+  const st = statSync(path);
+
+  if (st.isDirectory()) {
+    const files = collectJsonFiles(path);
+    return files.map((f) => readJson(f));
+  }
+
+  const content = readJson(path);
+  if (content && typeof content === 'object' && Array.isArray(content.items)) {
+    return content.items;
+  }
+  return [content];
+}