@ebowwa/seedinstallation 0.2.4

package/dist/device-auth.d.ts

@@ -0,0 +1,85 @@
+/**
+ * Generic device-code authentication flow polling.
+ * Handles CLI tools that use device-code auth (Doppler, GitHub, Tailscale, etc.).
+ * Works with both local and SSH contexts via ExecContext from sudo.ts.
+ */
+import type { SudoOptions } from "./sudo.js";
+export interface DeviceAuthConfig {
+    /** CLI command name (e.g. "doppler", "gh", "tailscale") */
+    cli: string;
+    /** Login command (default: "{cli} login" or "{cli} login --device-code") */
+    loginCmd?: string;
+    /** Status check command (default: "{cli} status") */
+    statusCmd?: string;
+    /** Patterns to extract auth URL and code from login output */
+    patterns: {
+        /** Regex to find the auth URL (first capture group) */
+        url: RegExp;
+        /** Regex to find the auth code (first capture group) */
+        code: RegExp;
+        /** Regex to detect successful login in status output */
+        success: RegExp;
+    };
+    /** Log file where background login writes output (e.g. "/tmp/doppler-login.log") */
+    logFile: string;
+    /** PID file for the background login process */
+    pidFile?: string;
+    /** Extra flags for status command */
+    statusFlags?: string[];
+}
+export interface DeviceAuthResult {
+    /** Whether login was successful */
+    success: boolean;
+    /** Auth URL for the user to visit */
+    url?: string;
+    /** Auth code to enter */
+    code?: string;
+    /** Status output from the CLI */
+    status?: string;
+    /** Error message if failed */
+    error?: string;
+}
+export interface DeviceAuthPollOptions {
+    /** Execution context for running commands */
+    context: SudoOptions["context"];
+    /** Max poll attempts (default: 60) */
+    maxAttempts?: number;
+    /** Poll interval in ms (default: 2000) */
+    intervalMs?: number;
+    /** Callback called on each poll attempt */
+    onPoll?: (attempt: number, result: DeviceAuthResult) => void;
+}
+/** Remove ANSI escape codes from a string. */
+export declare function stripAnsi(text: string): string;
+/**
+ * Initiate device-code authentication and poll for completion.
+ *
+ * @example
+ * const result = await deviceAuth(
+ *   {
+ *     cli: "doppler",
+ *     patterns: {
+ *       url: /Go to:\s+(https:\/\/[^\s]+)/,
+ *       code: /code:\s+([A-Z0-9-]+)/,
+ *       success: /Status:\s*authenticated/i,
+ *     },
+ *     logFile: "/tmp/doppler-login.log",
+ *   },
+ *   { context: { type: "ssh", host: "1.2.3.4" } }
+ * );
+ */
+export declare function deviceAuth(config: DeviceAuthConfig, opts: DeviceAuthPollOptions): Promise<DeviceAuthResult>;
+/**
+ * Check if a CLI is already authenticated.
+ */
+export declare function isAuthed(config: Pick<DeviceAuthConfig, "cli" | "statusCmd" | "patterns">, opts: SudoOptions): Promise<boolean>;
+/**
+ * Kill the background login process and clean up files.
+ */
+export declare function cleanupDeviceAuth(config: Pick<DeviceAuthConfig, "logFile" | "pidFile">, opts: SudoOptions): Promise<void>;
+/** Doppler CLI device-auth config */
+export declare const dopplerConfig: DeviceAuthConfig;
+/** GitHub CLI (gh) device-auth config */
+export declare const githubConfig: DeviceAuthConfig;
+/** Tailscale CLI device-auth config */
+export declare const tailscaleConfig: DeviceAuthConfig;

package/dist/device-auth.js

@@ -0,0 +1,176 @@
+/**
+ * Generic device-code authentication flow polling.
+ * Handles CLI tools that use device-code auth (Doppler, GitHub, Tailscale, etc.).
+ * Works with both local and SSH contexts via ExecContext from sudo.ts.
+ */
+// Re-export helpers
+async function exec(args, opts) {
+    const { sudo } = await import("./sudo.js");
+    return sudo(args, opts);
+}
+// ---------------------------------------------------------------------------
+// ANSI stripping
+// ---------------------------------------------------------------------------
+/** Remove ANSI escape codes from a string. */
+export function stripAnsi(text) {
+    return text.replace(/[\u001b\u009b][[()#;?]*(?:[0-9]{1,4}(?:;[0-9]{0,4})*)?[0-9A-ORZcf-nqry=><]/g, "");
+}
+// ---------------------------------------------------------------------------
+// Device-code auth flow
+// ---------------------------------------------------------------------------
+/**
+ * Initiate device-code authentication and poll for completion.
+ *
+ * @example
+ * const result = await deviceAuth(
+ *   {
+ *     cli: "doppler",
+ *     patterns: {
+ *       url: /Go to:\s+(https:\/\/[^\s]+)/,
+ *       code: /code:\s+([A-Z0-9-]+)/,
+ *       success: /Status:\s*authenticated/i,
+ *     },
+ *     logFile: "/tmp/doppler-login.log",
+ *   },
+ *   { context: { type: "ssh", host: "1.2.3.4" } }
+ * );
+ */
+export async function deviceAuth(config, opts) {
+    const { cli, loginCmd, statusCmd, patterns, logFile, pidFile, statusFlags, } = config;
+    const maxAttempts = opts.maxAttempts ?? 60;
+    const intervalMs = opts.intervalMs ?? 2000;
+    // Step 1: Start login in background
+    const loginCmdStr = loginCmd ?? `${cli} login`;
+    const startResult = await exec([`bash`, `-lc`, `nohup ${loginCmdStr} > ${logFile} 2>&1 & echo $!`], opts);
+    if (!startResult.ok) {
+        return { success: false, error: `Failed to start login: ${startResult.stderr}` };
+    }
+    const pid = startResult.stdout.trim();
+    // Save PID if configured
+    if (pidFile) {
+        await exec(["bash", `-lc`, `echo ${pid} > ${pidFile}`], opts);
+    }
+    // Step 2: Wait a moment for log file to populate
+    await sleep(1000);
+    // Step 3: Extract URL and code from log file
+    const extractResult = await exec(["cat", logFile], { ...opts, quiet: false });
+    const logContent = stripAnsi(extractResult.stdout);
+    const urlMatch = patterns.url.exec(logContent);
+    const codeMatch = patterns.code.exec(logContent);
+    const url = urlMatch?.[1];
+    const code = codeMatch?.[1];
+    if (!url || !code) {
+        return {
+            success: false,
+            error: `Could not extract auth URL/code from log output. Log content:\n${logContent}`,
+        };
+    }
+    // Step 4: Poll for completion
+    for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+        const statusCmdStr = statusCmd ?? `${cli} status`;
+        const statusArgs = ["bash", "-lc", statusCmdStr];
+        if (statusFlags?.length)
+            statusArgs.push(...statusFlags);
+        const statusResult = await exec(statusArgs, { ...opts, quiet: false });
+        const statusOutput = stripAnsi(statusResult.stdout);
+        if (patterns.success.test(statusOutput)) {
+            return {
+                success: true,
+                url,
+                code,
+                status: statusOutput,
+            };
+        }
+        opts.onPoll?.(attempt, { success: false, url, code, status: statusOutput });
+        await sleep(intervalMs);
+    }
+    return {
+        success: false,
+        url,
+        code,
+        error: `Login did not complete after ${maxAttempts} attempts. Last status: ${await getStatusOutput(config, opts)}`,
+    };
+}
+async function getStatusOutput(config, opts) {
+    const statusCmdStr = config.statusCmd ?? `${config.cli} status`;
+    const result = await exec(["bash", "-lc", statusCmdStr], { ...opts, quiet: false });
+    return stripAnsi(result.stdout);
+}
+// ---------------------------------------------------------------------------
+// Status check
+// ---------------------------------------------------------------------------
+/**
+ * Check if a CLI is already authenticated.
+ */
+export async function isAuthed(config, opts) {
+    const statusCmdStr = config.statusCmd ?? `${config.cli} status`;
+    const result = await exec(["bash", "-lc", statusCmdStr], { ...opts, quiet: false });
+    const output = stripAnsi(result.stdout);
+    return config.patterns.success.test(output);
+}
+// ---------------------------------------------------------------------------
+// Cleanup
+// ---------------------------------------------------------------------------
+/**
+ * Kill the background login process and clean up files.
+ */
+export async function cleanupDeviceAuth(config, opts) {
+    if (config.pidFile) {
+        // Read PID and kill process
+        const pidResult = await exec(["cat", config.pidFile], { ...opts, quiet: true });
+        if (pidResult.ok) {
+            const pid = pidResult.stdout.trim();
+            await exec(["kill", pid], { ...opts, quiet: true });
+        }
+        await exec(["rm", "-f", config.pidFile], { ...opts, quiet: true });
+    }
+    // Remove log file
+    await exec(["rm", "-f", config.logFile], { ...opts, quiet: true });
+}
+// ---------------------------------------------------------------------------
+// Common CLI presets
+// ---------------------------------------------------------------------------
+/** Doppler CLI device-auth config */
+export const dopplerConfig = {
+    cli: "doppler",
+    loginCmd: "doppler login -y",
+    statusCmd: "doppler configure get token --scope /",
+    patterns: {
+        url: /https:\/\/(?:cli|dashboard)\.doppler\.com\/[a-z\-\/]+/i,
+        code: /(?:Your authentication code is:|Your auth code is:)\s*([A-Z0-9_]+(?:-[A-Z0-9_]+)*)/i,
+        success: /.{10,}/, // Any output >10 chars means token exists (authenticated)
+    },
+    logFile: "/tmp/doppler-login.log",
+    pidFile: "/tmp/doppler-login.pid",
+};
+/** GitHub CLI (gh) device-auth config */
+export const githubConfig = {
+    cli: "gh",
+    loginCmd: "GH_BROWSER=echo sh -c 'gh auth login -p https -h github.com < /dev/null'",
+    statusCmd: "gh auth status",
+    patterns: {
+        url: /(https:\/\/github\.com\/login\/device)/i,
+        code: /one-time code:\s*([A-Z0-9]{4}-[A-Z0-9]{4})/i,
+        success: /Logged in (?:as|to)/i,
+    },
+    logFile: "/tmp/gh-login.log",
+    pidFile: "/tmp/gh-login.pid",
+};
+/** Tailscale CLI device-auth config */
+export const tailscaleConfig = {
+    cli: "tailscale",
+    loginCmd: "tailscale up --authkey",
+    patterns: {
+        url: /https:\/\/login\.tailscale\.com\/[a-z0-9\/]+/,
+        code: /https:\/\/login\.tailscale\.com\/[a-z0-9\/]+/,
+        success: /Tailscale is running/i,
+    },
+    logFile: "/tmp/tailscale-login.log",
+    pidFile: "/tmp/tailscale-login.pid",
+};
+// ---------------------------------------------------------------------------
+// Utilities
+// ---------------------------------------------------------------------------
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+export { clone } from "./clone.js";
+export type { CloneOptions, CloneResult } from "./clone.js";
+export { sudo, pkgInstall, writeFile, service, serviceEnable } from "./sudo.js";
+export type { ExecContext, SudoOptions, ExecResult, PkgOptions, PackageManager, WriteFileOptions, ServiceAction, } from "./sudo.js";
+export { installBun, addSystemPath, symlink, linkBinaries, getBunVersion, commandExists, } from "./runtime.js";
+export type { InstallBunOptions, PathOptions, SymlinkOptions, } from "./runtime.js";
+export { generateServiceUnit, createServiceUnit, enableService, disableService, startService, stopService, restartService, reloadService, getServiceStatus, enableAndStartService, serviceExists, getServiceLogs, } from "./systemd.js";
+export type { ServiceUnitOptions, ServiceResult, ServiceStatus, } from "./systemd.js";
+export { deviceAuth, isAuthed, cleanupDeviceAuth, stripAnsi, dopplerConfig, githubConfig, tailscaleConfig, } from "./device-auth.js";
+export type { DeviceAuthConfig, DeviceAuthResult, DeviceAuthPollOptions, } from "./device-auth.js";
+export { getBootstrapStatus, parseBootstrapStatus, initBootstrap, startPhase, completePhase, failPhase, completeBootstrap, failBootstrap, checkMarker, setMarker, removeMarker, waitForBootstrap, waitForMarker, } from "./bootstrap.js";
+export type { BootstrapPhase, BootstrapStatus, BootstrapPollOptions, } from "./bootstrap.js";

package/dist/index.js

@@ -0,0 +1,10 @@
+export { clone } from "./clone.js";
+export { sudo, pkgInstall, writeFile, service, serviceEnable } from "./sudo.js";
+// Runtime installation (Bun, Node, PATH, symlinks)
+export { installBun, addSystemPath, symlink, linkBinaries, getBunVersion, commandExists, } from "./runtime.js";
+// Systemd service management
+export { generateServiceUnit, createServiceUnit, enableService, disableService, startService, stopService, restartService, reloadService, getServiceStatus, enableAndStartService, serviceExists, getServiceLogs, } from "./systemd.js";
+// Device-code authentication flow (Doppler, GitHub, Tailscale)
+export { deviceAuth, isAuthed, cleanupDeviceAuth, stripAnsi, dopplerConfig, githubConfig, tailscaleConfig, } from "./device-auth.js";
+// Bootstrap status tracking and polling
+export { getBootstrapStatus, parseBootstrapStatus, initBootstrap, startPhase, completePhase, failPhase, completeBootstrap, failBootstrap, checkMarker, setMarker, removeMarker, waitForBootstrap, waitForMarker, } from "./bootstrap.js";

package/dist/runtime.d.ts

@@ -0,0 +1,60 @@
+/**
+ * Runtime installation and PATH management for edge servers.
+ * Works with both local and SSH contexts via ExecContext from sudo.ts.
+ */
+import type { SudoOptions } from "./sudo.js";
+export declare function exec(args: string[], opts: SudoOptions): Promise<{
+    stdout: string;
+    stderr: string;
+    ok: boolean;
+}>;
+export interface InstallBunOptions {
+    /** Execution context for running commands */
+    context: SudoOptions["context"];
+    /** Bun version to install (default: latest) */
+    version?: string;
+    /** Add bun to /etc/environment for all users */
+    systemWide?: boolean;
+    /** Installation directory (default: /root/.bun) */
+    installDir?: string;
+}
+/**
+ * Install Bun runtime via the official install script.
+ * Works on Debian/Ubuntu, Alpine, and Fedora-based systems.
+ */
+export declare function installBun(opts: InstallBunOptions): Promise<void>;
+export interface PathOptions {
+    /** Execution context for running commands */
+    context: SudoOptions["context"];
+    /** Target file (/etc/environment for system-wide, ~/.bashrc for user) */
+    target?: "system" | "user";
+    /** Prepend or append to PATH */
+    position?: "prepend" | "append";
+}
+/**
+ * Add a directory to PATH in /etc/environment (system) or ~/.bashrc (user).
+ * Checks for duplicates before adding.
+ */
+export declare function addSystemPath(dir: string, opts: PathOptions): Promise<void>;
+export interface SymlinkOptions {
+    /** Execution context for running commands */
+    context: SudoOptions["context"];
+    /** Force overwrite if target exists */
+    force?: boolean;
+}
+/**
+ * Create a symlink from source to target.
+ */
+export declare function symlink(source: string, target: string, opts: SymlinkOptions): Promise<void>;
+/**
+ * Create symlinks for all binaries in a bin directory to /usr/local/bin.
+ */
+export declare function linkBinaries(sourceDir: string, opts: SymlinkOptions): Promise<void>;
+/**
+ * Get the currently installed Bun version.
+ */
+export declare function getBunVersion(opts: SudoOptions): Promise<string | null>;
+/**
+ * Check if a command is available in PATH.
+ */
+export declare function commandExists(cmd: string, opts: SudoOptions): Promise<boolean>;

package/dist/runtime.js

@@ -0,0 +1,122 @@
+/**
+ * Runtime installation and PATH management for edge servers.
+ * Works with both local and SSH contexts via ExecContext from sudo.ts.
+ */
+// Re-export sudo helper for runtime use
+export async function exec(args, opts) {
+    const sudo = await import("./sudo.js").then((m) => m.sudo);
+    return sudo(args, opts);
+}
+/**
+ * Install Bun runtime via the official install script.
+ * Works on Debian/Ubuntu, Alpine, and Fedora-based systems.
+ */
+export async function installBun(opts) {
+    const installCmd = opts.version
+        ? `curl -fsSL https://bun.sh/install | bash -s "bun-${opts.version}"`
+        : `curl -fsSL https://bun.sh/install | bash`;
+    await execShell(installCmd, opts);
+    if (opts.systemWide) {
+        const bunPath = opts.installDir ?? "/root/.bun";
+        await addSystemPath(`${bunPath}/bin`, { context: opts.context });
+    }
+}
+/**
+ * Add a directory to PATH in /etc/environment (system) or ~/.bashrc (user).
+ * Checks for duplicates before adding.
+ */
+export async function addSystemPath(dir, opts) {
+    const { writeFile } = await import("./sudo.js");
+    const target = opts.target ?? "system";
+    const position = opts.position ?? "prepend";
+    // Read existing PATH
+    const existingPath = target === "system"
+        ? await getSystemPath(opts)
+        : await getUserPath(opts);
+    // Check if already in PATH
+    const paths = existingPath.split(":");
+    if (paths.includes(dir)) {
+        return; // Already present
+    }
+    // Add to PATH
+    const newPath = position === "prepend"
+        ? `${dir}:${existingPath}`
+        : `${existingPath}:${dir}`;
+    if (target === "system") {
+        // Write to /etc/environment
+        const content = `PATH="${newPath}"\n`;
+        await writeFile("/etc/environment", content, { ...opts, append: false });
+    }
+    else {
+        // Append to ~/.bashrc
+        const exportLine = `\nexport PATH="${newPath}"\n`;
+        await writeFile("/root/.bashrc", exportLine, { ...opts, append: true });
+    }
+}
+async function getSystemPath(opts) {
+    const result = await exec(["grep", "^PATH=", "/etc/environment"], { ...opts, quiet: true });
+    if (result.ok && result.stdout) {
+        const match = result.stdout.match(/^PATH="([^"]+)"/);
+        if (match?.[1])
+            return match[1];
+    }
+    return "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"; // default
+}
+async function getUserPath(opts) {
+    const result = await exec(["bash", "-lc", "echo $PATH"], { ...opts, quiet: true });
+    return result.stdout.trim();
+}
+/**
+ * Create a symlink from source to target.
+ */
+export async function symlink(source, target, opts) {
+    const args = ["ln", "-s"];
+    if (opts.force)
+        args.push("-f");
+    args.push(source, target);
+    await exec(args, opts);
+}
+/**
+ * Create symlinks for all binaries in a bin directory to /usr/local/bin.
+ */
+export async function linkBinaries(sourceDir, opts) {
+    // List binaries in source dir
+    const result = await exec(["ls", "-1", sourceDir], { ...opts, quiet: true });
+    if (!result.ok)
+        return;
+    const binaries = result.stdout.trim().split("\n").filter(Boolean);
+    for (const bin of binaries) {
+        const source = `${sourceDir}/${bin}`;
+        const target = `/usr/local/bin/${bin}`;
+        await symlink(source, target, { ...opts, force: true });
+    }
+}
+// ---------------------------------------------------------------------------
+// Version detection
+// ---------------------------------------------------------------------------
+/**
+ * Get the currently installed Bun version.
+ */
+export async function getBunVersion(opts) {
+    const result = await exec(["bash", "-lc", "bun --version"], { ...opts, quiet: true });
+    if (result.ok) {
+        return result.stdout.trim();
+    }
+    return null;
+}
+/**
+ * Check if a command is available in PATH.
+ */
+export async function commandExists(cmd, opts) {
+    const result = await exec(["which", cmd], { ...opts, quiet: true });
+    return result.ok;
+}
+// ---------------------------------------------------------------------------
+// Internals
+// ---------------------------------------------------------------------------
+async function execShell(cmd, opts) {
+    const result = await exec(["bash", "-lc", cmd], opts);
+    if (!result.ok) {
+        throw new Error(`Shell command failed: ${result.stderr}`);
+    }
+}

package/dist/sudo.d.ts

@@ -0,0 +1,57 @@
+/**
+ * Composable sudo command runner for local and remote (SSH) contexts.
+ * Supports arbitrary commands, package installs, file writes, and service management.
+ */
+export type ExecContext = {
+    type: "local";
+} | {
+    type: "ssh";
+    host: string;
+    user?: string;
+    keyPath?: string;
+    key?: string;
+    port?: number;
+};
+export interface SudoOptions {
+    /** Where to run: locally or over SSH */
+    context: ExecContext;
+    /** Environment variables to pass through sudo */
+    env?: Record<string, string>;
+    /** Timeout in ms (default: 30_000) */
+    timeout?: number;
+    /** Suppress stdout in result (default: false) */
+    quiet?: boolean;
+}
+export interface ExecResult {
+    stdout: string;
+    stderr: string;
+    exitCode: number;
+    ok: boolean;
+}
+/** Run an arbitrary command with sudo. */
+export declare function sudo(cmd: string | string[], opts: SudoOptions): Promise<ExecResult>;
+export type PackageManager = "apt" | "dnf" | "apk";
+export interface PkgOptions extends SudoOptions {
+    /** Package manager to use (default: "apt") */
+    pm?: PackageManager;
+    /** Run non-interactively (default: true) */
+    nonInteractive?: boolean;
+}
+/** Install one or more system packages. */
+export declare function pkgInstall(packages: string[], opts: PkgOptions): Promise<ExecResult>;
+export interface WriteFileOptions extends SudoOptions {
+    /** File permissions (e.g. "644", "755") */
+    mode?: string;
+    /** File owner (e.g. "root:root") */
+    owner?: string;
+    /** Append instead of overwrite */
+    append?: boolean;
+}
+/** Write content to a privileged file path using tee. */
+export declare function writeFile(path: string, content: string, opts: WriteFileOptions): Promise<ExecResult>;
+export type ServiceAction = "start" | "stop" | "restart" | "enable" | "disable" | "status";
+/** Manage a systemd service. */
+export declare function service(name: string, action: ServiceAction, opts: SudoOptions): Promise<ExecResult>;
+/** Enable and start a service in one call. */
+export declare function serviceEnable(name: string, opts: SudoOptions): Promise<ExecResult>;
+export declare function exec(args: string[], opts: SudoOptions): Promise<ExecResult>;