@build-astron-co/nimbus 0.2.0 → 0.4.0

package/dist/src/utils/service-auth.js

@@ -0,0 +1,36 @@
+import { logger } from './logger';
+const SERVICE_TOKEN_HEADER = 'x-internal-service-token';
+export function validateServiceToken(req) {
+    const expectedToken = process.env.INTERNAL_SERVICE_TOKEN;
+    if (!expectedToken) {
+        return true;
+    }
+    const providedToken = req.headers.get(SERVICE_TOKEN_HEADER);
+    return providedToken === expectedToken;
+}
+export function serviceAuthMiddleware(req) {
+    const expectedToken = process.env.INTERNAL_SERVICE_TOKEN;
+    if (!expectedToken) {
+        return null;
+    }
+    const url = new URL(req.url);
+    const path = url.pathname;
+    if (path === '/health' || path.startsWith('/swagger') || path === '/api/openapi.json') {
+        return null;
+    }
+    if (!path.startsWith('/api/')) {
+        return null;
+    }
+    if (!validateServiceToken(req)) {
+        logger.warn(`Unauthorized service request to ${path}`);
+        return Response.json({ success: false, error: 'Unauthorized: invalid or missing service token' }, { status: 401 });
+    }
+    return null;
+}
+export function getServiceAuthHeaders() {
+    const token = process.env.INTERNAL_SERVICE_TOKEN;
+    if (!token) {
+        return {};
+    }
+    return { [SERVICE_TOKEN_HEADER]: token };
+}

package/dist/src/utils/validation.js

@@ -0,0 +1,39 @@
+import { ValidationError } from './errors';
+export function validateRequired(value, fieldName, service) {
+    if (value === undefined || value === null || value === '') {
+        throw new ValidationError(`Field '${fieldName}' is required`, service, { field: fieldName });
+    }
+}
+export function validateString(value, fieldName, service) {
+    if (typeof value !== 'string') {
+        throw new ValidationError(`Field '${fieldName}' must be a string`, service, {
+            field: fieldName,
+            received: typeof value,
+        });
+    }
+    return value;
+}
+export function validateNumber(value, fieldName, service) {
+    if (typeof value !== 'number' || isNaN(value)) {
+        throw new ValidationError(`Field '${fieldName}' must be a number`, service, {
+            field: fieldName,
+            received: typeof value,
+        });
+    }
+    return value;
+}
+export function validateBoolean(value, fieldName, service) {
+    if (typeof value !== 'boolean') {
+        throw new ValidationError(`Field '${fieldName}' must be a boolean`, service, {
+            field: fieldName,
+            received: typeof value,
+        });
+    }
+    return value;
+}
+export function validateEnum(value, fieldName, allowedValues, service) {
+    if (typeof value !== 'string' || !allowedValues.includes(value)) {
+        throw new ValidationError(`Field '${fieldName}' must be one of: ${allowedValues.join(', ')}`, service, { field: fieldName, received: value, allowed: allowedValues });
+    }
+    return value;
+}

package/dist/src/version.js

@@ -0,0 +1,3 @@
+export const VERSION = '0.4.0';
+const _RAW_BUILD_DATE = '__BUILD_DATE__';
+export const BUILD_DATE = _RAW_BUILD_DATE.startsWith('__') ? 'dev' : _RAW_BUILD_DATE;

package/dist/src/watcher/index.js

@@ -0,0 +1,192 @@
+/**
+ * Filesystem Watcher
+ *
+ * Watches the project directory for file changes and emits events
+ * that the agent loop can respond to (e.g., re-reading modified files).
+ */
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { EventEmitter } from 'node:events';
+export class FileWatcher extends EventEmitter {
+    rootDir;
+    watcher = null;
+    /** Circular ring buffer for file-change events (avoids O(n) shift on cap). */
+    changesBuffer;
+    changesHead = 0; // index of the next write slot
+    changesSize = 0; // number of valid entries currently stored
+    maxChanges = 100;
+    ignorePatterns = [
+        'node_modules',
+        '.git',
+        'dist',
+        'coverage',
+        '.nimbus',
+        '__pycache__',
+        '.terraform',
+    ];
+    constructor(rootDir) {
+        super();
+        this.rootDir = rootDir;
+        this.changesBuffer = new Array(this.maxChanges);
+    }
+    /** Push a change event into the ring buffer (O(1)). */
+    pushChange(event) {
+        this.changesBuffer[this.changesHead] = event;
+        this.changesHead = (this.changesHead + 1) % this.maxChanges;
+        if (this.changesSize < this.maxChanges) {
+            this.changesSize++;
+        }
+    }
+    /** Return all stored change events in chronological order. */
+    getOrderedChanges() {
+        if (this.changesSize === 0)
+            return [];
+        const start = this.changesSize < this.maxChanges
+            ? 0
+            : this.changesHead; // oldest slot when buffer is full
+        const result = new Array(this.changesSize);
+        for (let i = 0; i < this.changesSize; i++) {
+            result[i] = this.changesBuffer[(start + i) % this.maxChanges];
+        }
+        return result;
+    }
+    /**
+     * Start watching the project directory.
+     */
+    start() {
+        if (this.watcher) {
+            return;
+        }
+        try {
+            this.watcher = fs.watch(this.rootDir, { recursive: true }, (eventType, filename) => {
+                if (!filename) {
+                    return;
+                }
+                // Skip ignored paths
+                const parts = filename.split(path.sep);
+                if (parts.some(p => this.ignorePatterns.includes(p))) {
+                    return;
+                }
+                // Skip hidden files
+                if (parts.some(p => p.startsWith('.') && p !== '.env')) {
+                    return;
+                }
+                const event = {
+                    type: eventType,
+                    path: path.join(this.rootDir, filename),
+                    timestamp: Date.now(),
+                };
+                this.pushChange(event);
+                this.emit('change', event);
+            });
+            // recursive:true is only supported on macOS and Windows.
+            // On Linux, fs.watch silently ignores the flag and only watches the root dir.
+            if (process.platform === 'linux') {
+                // Watch key subdirectories individually as a workaround
+                const subdirs = ['src', 'lib', 'app', 'packages', 'services', 'test', 'tests', 'scripts'];
+                for (const sub of subdirs) {
+                    const subPath = path.join(this.rootDir, sub);
+                    try {
+                        if (fs.existsSync(subPath) && fs.statSync(subPath).isDirectory()) {
+                            fs.watch(subPath, { recursive: false }, (eventType, filename) => {
+                                if (!filename) {
+                                    return;
+                                }
+                                const fullPath = path.join(subPath, filename);
+                                const relParts = path.relative(this.rootDir, fullPath).split(path.sep);
+                                if (relParts.some(p => this.ignorePatterns.includes(p))) {
+                                    return;
+                                }
+                                if (relParts.some(p => p.startsWith('.') && p !== '.env')) {
+                                    return;
+                                }
+                                const event = {
+                                    type: eventType,
+                                    path: fullPath,
+                                    timestamp: Date.now(),
+                                };
+                                this.pushChange(event);
+                                this.emit('change', event);
+                            });
+                        }
+                    }
+                    catch {
+                        /* non-critical */
+                    }
+                }
+            }
+        }
+        catch {
+            // Watching is non-critical -- some systems don't support recursive watch
+        }
+    }
+    /**
+     * Stop watching.
+     */
+    stop() {
+        if (this.watcher) {
+            this.watcher.close();
+            this.watcher = null;
+        }
+    }
+    /**
+     * Get recent changes since a timestamp.
+     */
+    getChangesSince(timestamp) {
+        return this.getOrderedChanges().filter(c => c.timestamp > timestamp);
+    }
+    /**
+     * Get a summary of recent changes for the agent context.
+     * When `devopsOnly` is true, filters to DevOps-relevant files only:
+     * .tf, .yaml, .yml, Dockerfile, docker-compose.*, Jenkinsfile, .github/workflows/*.
+     */
+    getSummary(since, devopsOnly = false) {
+        const relevant = since ? this.getChangesSince(since) : this.getOrderedChanges();
+        if (relevant.length === 0) {
+            return '';
+        }
+        const filtered = devopsOnly
+            ? relevant.filter(c => {
+                const f = c.path.toLowerCase();
+                const base = path.basename(f);
+                return (f.endsWith('.tf') ||
+                    f.endsWith('.tfvars') ||
+                    f.endsWith('.yaml') ||
+                    f.endsWith('.yml') ||
+                    base === 'dockerfile' ||
+                    base.startsWith('dockerfile.') ||
+                    base.startsWith('docker-compose') ||
+                    base === 'jenkinsfile' ||
+                    f.includes('.github/workflows'));
+            })
+            : relevant;
+        if (filtered.length === 0) {
+            return '';
+        }
+        const uniquePaths = [...new Set(filtered.map(c => c.path))];
+        const lines = uniquePaths.slice(-20).map(p => {
+            const rel = path.relative(this.rootDir, p);
+            // Categorize for DevOps context
+            let category = '';
+            const lower = rel.toLowerCase();
+            if (lower.endsWith('.tf') || lower.endsWith('.tfvars'))
+                category = ' [terraform]';
+            else if (lower.endsWith('.yaml') || lower.endsWith('.yml'))
+                category = ' [yaml/k8s]';
+            else if (lower.includes('dockerfile'))
+                category = ' [docker]';
+            return `  - ${rel}${category}`;
+        });
+        return `Files changed externally:\n${lines.join('\n')}`;
+    }
+    /**
+     * Clear the change history.
+     */
+    clearChanges() {
+        this.changesHead = 0;
+        this.changesSize = 0;
+    }
+    get isWatching() {
+        return this.watcher !== null;
+    }
+}

package/dist/src/wizard/approval.js

@@ -0,0 +1,275 @@
+/**
+ * Approval Workflow Component
+ *
+ * Displays approval prompts for risky operations
+ */
+import { ui } from './ui';
+import { confirm, input } from './prompts';
+/**
+ * Display an approval prompt and return the result
+ */
+export async function promptForApproval(config) {
+    ui.newLine();
+    // Draw approval box
+    drawApprovalBox(config);
+    // Display risks
+    displayRisks(config.risks);
+    // Display affected resources if any
+    if (config.affectedResources && config.affectedResources.length > 0) {
+        displayAffectedResources(config.affectedResources);
+    }
+    // Display estimated cost if available
+    if (config.estimatedCost !== undefined) {
+        displayEstimatedCost(config.estimatedCost);
+    }
+    ui.newLine();
+    // Require confirmation for critical operations
+    const hasCritical = config.risks.some(r => r.severity === 'critical');
+    const hasDestructive = config.operation.toLowerCase().includes('destroy') ||
+        config.operation.toLowerCase().includes('delete');
+    if (hasCritical || hasDestructive || config.requireConfirmation) {
+        const confirmWord = config.confirmationWord || 'yes';
+        const userInput = await input({
+            message: `Type "${confirmWord}" to confirm:`,
+            defaultValue: '',
+        });
+        if (userInput.toLowerCase() !== confirmWord.toLowerCase()) {
+            ui.newLine();
+            ui.warning('Operation cancelled - confirmation word did not match');
+            return {
+                approved: false,
+                reason: 'Confirmation word mismatch',
+                timestamp: new Date(),
+            };
+        }
+    }
+    else {
+        // Simple confirmation
+        const proceed = await confirm({
+            message: 'Do you want to proceed with this operation?',
+            defaultValue: false,
+        });
+        if (!proceed) {
+            ui.newLine();
+            ui.info('Operation cancelled by user');
+            return {
+                approved: false,
+                reason: 'User declined',
+                timestamp: new Date(),
+            };
+        }
+    }
+    ui.newLine();
+    ui.success('Operation approved');
+    return {
+        approved: true,
+        approvedBy: process.env.USER || 'unknown',
+        timestamp: new Date(),
+    };
+}
+/**
+ * Draw the approval box header
+ */
+function drawApprovalBox(config) {
+    const width = 60;
+    const borderColor = getSeverityColor(getHighestSeverity(config.risks));
+    ui.print(ui.color(`╔${'═'.repeat(width - 2)}╗`, borderColor));
+    // Title
+    const titleLine = ` APPROVAL REQUIRED `;
+    const padding = Math.floor((width - 2 - titleLine.length) / 2);
+    ui.print(ui.color('║', borderColor) +
+        ' '.repeat(padding) +
+        ui.bold(ui.color(titleLine, 'yellow')) +
+        ' '.repeat(width - 2 - padding - titleLine.length) +
+        ui.color('║', borderColor));
+    ui.print(ui.color(`╠${'═'.repeat(width - 2)}╣`, borderColor));
+    // Operation
+    const opLine = `  Operation: ${config.operation}`;
+    ui.print(ui.color('║', borderColor) + opLine.padEnd(width - 2) + ui.color('║', borderColor));
+    // Environment if available
+    if (config.environment) {
+        const envLine = `  Environment: ${config.environment}`;
+        ui.print(ui.color('║', borderColor) +
+            ui.color(envLine.padEnd(width - 2), 'yellow') +
+            ui.color('║', borderColor));
+    }
+    ui.print(ui.color(`╚${'═'.repeat(width - 2)}╝`, borderColor));
+}
+/**
+ * Display the list of risks
+ */
+function displayRisks(risks) {
+    if (risks.length === 0) {
+        return;
+    }
+    ui.newLine();
+    ui.print(ui.bold('  Identified Risks:'));
+    ui.newLine();
+    // Sort by severity
+    const sortedRisks = [...risks].sort((a, b) => {
+        const order = { critical: 0, high: 1, medium: 2, low: 3 };
+        return order[a.severity] - order[b.severity];
+    });
+    for (const risk of sortedRisks) {
+        const icon = getSeverityIcon(risk.severity);
+        const color = getSeverityColor(risk.severity);
+        const label = `[${risk.severity.toUpperCase()}]`.padEnd(10);
+        ui.print(`    ${icon} ${ui.color(label, color)} ${risk.message}`);
+        // Show details if available
+        if (risk.details) {
+            for (const [key, value] of Object.entries(risk.details)) {
+                ui.print(ui.dim(`       ${key}: ${value}`));
+            }
+        }
+    }
+}
+/**
+ * Display affected resources
+ */
+function displayAffectedResources(resources) {
+    ui.newLine();
+    ui.print(ui.bold('  Affected Resources:'));
+    ui.newLine();
+    const maxDisplay = 10;
+    const displayResources = resources.slice(0, maxDisplay);
+    for (const resource of displayResources) {
+        ui.print(`    ${ui.color('•', 'cyan')} ${resource}`);
+    }
+    if (resources.length > maxDisplay) {
+        ui.print(ui.dim(`    ... and ${resources.length - maxDisplay} more`));
+    }
+}
+/**
+ * Display estimated cost
+ */
+function displayEstimatedCost(cost) {
+    ui.newLine();
+    ui.print(ui.bold('  Estimated Cost:'));
+    ui.newLine();
+    const costStr = `$${cost.toFixed(2)}/month`;
+    const color = cost > 1000 ? 'red' : cost > 500 ? 'yellow' : 'green';
+    ui.print(`    ${ui.color(costStr, color)}`);
+}
+/**
+ * Get the highest severity from a list of risks
+ */
+function getHighestSeverity(risks) {
+    const order = ['critical', 'high', 'medium', 'low'];
+    for (const severity of order) {
+        if (risks.some(r => r.severity === severity)) {
+            return severity;
+        }
+    }
+    return 'low';
+}
+/**
+ * Get icon for severity level
+ */
+function getSeverityIcon(severity) {
+    switch (severity) {
+        case 'critical':
+            return '🔴';
+        case 'high':
+            return '🟠';
+        case 'medium':
+            return '🟡';
+        case 'low':
+            return '🔵';
+        default:
+            return '⚪';
+    }
+}
+/**
+ * Get color for severity level
+ */
+function getSeverityColor(severity) {
+    switch (severity) {
+        case 'critical':
+            return 'red';
+        case 'high':
+            return 'yellow';
+        case 'medium':
+            return 'cyan';
+        case 'low':
+            return 'blue';
+        default:
+            return 'white';
+    }
+}
+/**
+ * Quick approval check without full prompt
+ * Returns true if the operation should proceed based on policy
+ */
+export function shouldAutoApprove(operation, risks) {
+    // Never auto-approve if there are critical risks
+    if (risks.some(r => r.severity === 'critical')) {
+        return false;
+    }
+    // Never auto-approve destructive operations
+    if (['destroy', 'delete', 'terminate'].some(op => operation.toLowerCase().includes(op))) {
+        return false;
+    }
+    // Auto-approve if all risks are low severity
+    if (risks.every(r => r.severity === 'low')) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Confirm a destructive operation by requiring the user to type the resource name.
+ * Returns true only if the typed name matches exactly.
+ */
+export async function confirmWithResourceName(resourceName, resourceType) {
+    ui.newLine();
+    // Display warning box
+    const width = 60;
+    ui.print(ui.color(`╔${'═'.repeat(width - 2)}╗`, 'red'));
+    const titleLine = ' DESTRUCTIVE OPERATION ';
+    const padding = Math.floor((width - 2 - titleLine.length) / 2);
+    ui.print(ui.color('║', 'red') +
+        ' '.repeat(padding) +
+        ui.bold(ui.color(titleLine, 'yellow')) +
+        ' '.repeat(width - 2 - padding - titleLine.length) +
+        ui.color('║', 'red'));
+    ui.print(ui.color(`╠${'═'.repeat(width - 2)}╣`, 'red'));
+    const typeLine = `  Resource type: ${resourceType}`;
+    ui.print(ui.color('║', 'red') + typeLine.padEnd(width - 2) + ui.color('║', 'red'));
+    const nameLine = `  Resource name: ${resourceName}`;
+    ui.print(ui.color('║', 'red') + ui.color(nameLine.padEnd(width - 2), 'yellow') + ui.color('║', 'red'));
+    const warnLine = '  This action CANNOT be undone.';
+    ui.print(ui.color('║', 'red') + ui.color(warnLine.padEnd(width - 2), 'red') + ui.color('║', 'red'));
+    ui.print(ui.color(`╚${'═'.repeat(width - 2)}╝`, 'red'));
+    ui.newLine();
+    const userInput = await input({
+        message: `Type '${resourceName}' to confirm deletion:`,
+        defaultValue: '',
+    });
+    if (userInput !== resourceName) {
+        ui.newLine();
+        ui.warning('Operation cancelled - resource name did not match');
+        return false;
+    }
+    ui.newLine();
+    ui.success('Deletion confirmed');
+    return true;
+}
+/**
+ * Display a safety summary without approval prompt
+ */
+export function displaySafetySummary(config) {
+    if (config.risks.length === 0) {
+        ui.success(`Safety check passed for: ${config.operation}`);
+        return;
+    }
+    ui.newLine();
+    ui.print(ui.bold('  Safety Check Summary:'));
+    ui.newLine();
+    displayRisks(config.risks);
+    ui.newLine();
+    if (config.passed) {
+        ui.success('All safety checks passed');
+    }
+    else {
+        ui.error('Safety checks failed - operation blocked');
+    }
+}

package/dist/src/wizard/index.js

@@ -0,0 +1,13 @@
+/**
+ * Interactive Wizard Framework
+ *
+ * Exports all wizard-related functionality
+ */
+// Types
+export * from './types';
+// UI utilities
+export { WizardUI, ui } from './ui';
+// Prompt utilities
+export { select, multiSelect, confirm, input, pathInput, pressEnter, actionSelect, } from './prompts';
+// Wizard framework
+export { Wizard, createWizard, stepBuilders } from './wizard';