@edgible-team/cli 1.0.1

package/dist/services/aws.js

@@ -0,0 +1,644 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AWSService = void 0;
+const client_ec2_1 = require("@aws-sdk/client-ec2");
+const client_s3_1 = require("@aws-sdk/client-s3");
+const client_ssm_1 = require("@aws-sdk/client-ssm");
+const credential_provider_node_1 = require("@aws-sdk/credential-provider-node");
+const ssh2_1 = require("ssh2");
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const chalk_1 = __importDefault(require("chalk"));
+class AWSService {
+    constructor(profile, region = 'us-east-1') {
+        this.profile = profile || 'default';
+        this.region = region;
+        const credentials = (0, credential_provider_node_1.defaultProvider)({
+            profile: this.profile
+        });
+        this.ec2Client = new client_ec2_1.EC2Client({
+            region: this.region,
+            credentials
+        });
+        this.s3Client = new client_s3_1.S3Client({
+            region: this.region,
+            credentials
+        });
+        this.ssmClient = new client_ssm_1.SSMClient({
+            region: this.region,
+            credentials
+        });
+    }
+    /**
+     * Check if AWS CLI is available and get available profiles
+     */
+    async checkAWSCLI() {
+        try {
+            const { execSync } = require('child_process');
+            const output = execSync('aws configure list-profiles', { encoding: 'utf8', timeout: 5000 });
+            const profiles = output.trim().split('\n').filter((p) => p.trim());
+            return { available: true, profiles };
+        }
+        catch (error) {
+            return { available: false, profiles: [] };
+        }
+    }
+    /**
+     * Validate AWS credentials for a profile
+     */
+    async validateCredentials(profile) {
+        try {
+            const testClient = new client_ec2_1.EC2Client({
+                region: this.region,
+                credentials: (0, credential_provider_node_1.defaultProvider)({
+                    profile: profile || this.profile
+                })
+            });
+            await testClient.send(new client_ec2_1.DescribeInstancesCommand({ MaxResults: 5 }));
+            return true;
+        }
+        catch (error) {
+            console.error(chalk_1.default.red('AWS credentials validation failed:'), error);
+            return false;
+        }
+    }
+    /**
+     * Create a key pair for EC2 instance
+     */
+    async createKeyPair(keyName) {
+        try {
+            const command = new client_ec2_1.CreateKeyPairCommand({
+                KeyName: keyName,
+                TagSpecifications: [{
+                        ResourceType: 'key-pair',
+                        Tags: [{
+                                Key: 'Purpose',
+                                Value: 'Edgible-Gateway'
+                            }]
+                    }]
+            });
+            const response = await this.ec2Client.send(command);
+            if (!response.KeyMaterial) {
+                throw new Error('Key material not returned from AWS');
+            }
+            return {
+                keyName: response.KeyName,
+                keyFingerprint: response.KeyFingerprint,
+                privateKey: response.KeyMaterial,
+                publicKey: '' // Will be generated from private key if needed
+            };
+        }
+        catch (error) {
+            console.error(chalk_1.default.red('Error creating key pair:'), error);
+            throw error;
+        }
+    }
+    /**
+     * Check if key pair exists
+     */
+    async keyPairExists(keyName) {
+        try {
+            const command = new client_ec2_1.DescribeKeyPairsCommand({
+                KeyNames: [keyName]
+            });
+            await this.ec2Client.send(command);
+            return true;
+        }
+        catch (error) {
+            return false;
+        }
+    }
+    /**
+     * Create EC2 instance for gateway
+     */
+    async createEC2Instance(config) {
+        try {
+            const userData = config.userData || this.generateUserData();
+            // Get or create security group with SSH access
+            const securityGroupId = await this.getOrCreateSSHSecurityGroup();
+            const command = new client_ec2_1.RunInstancesCommand({
+                ImageId: 'ami-0c462b53550d4fca8', // Amazon Linux 2 AMI for ap-southeast-2
+                MinCount: 1,
+                MaxCount: 1,
+                InstanceType: (config.instanceType || 't3.micro'),
+                KeyName: config.keyPairName,
+                SecurityGroupIds: config.securityGroupIds || [securityGroupId],
+                SubnetId: config.subnetId,
+                UserData: Buffer.from(userData).toString('base64'),
+                TagSpecifications: [{
+                        ResourceType: 'instance',
+                        Tags: [{
+                                Key: 'Name',
+                                Value: config.name
+                            }, {
+                                Key: 'Purpose',
+                                Value: 'Edgible-Gateway'
+                            }]
+                    }]
+            });
+            const response = await this.ec2Client.send(command);
+            const instance = response.Instances?.[0];
+            if (!instance?.InstanceId) {
+                throw new Error('Failed to create EC2 instance');
+            }
+            // Wait for instance to be running
+            await this.waitForInstanceRunning(instance.InstanceId);
+            // Get instance details
+            const instanceDetails = await this.getInstanceDetails(instance.InstanceId);
+            return {
+                instanceId: instance.InstanceId,
+                publicIp: instanceDetails.publicIp,
+                privateIp: instanceDetails.privateIp,
+                state: instanceDetails.state,
+                keyPairName: config.keyPairName,
+                region: this.region,
+                launchTime: instance.LaunchTime || new Date()
+            };
+        }
+        catch (error) {
+            console.error(chalk_1.default.red('Error creating EC2 instance:'), error);
+            throw error;
+        }
+    }
+    /**
+     * Get instance details
+     */
+    async getInstanceDetails(instanceId) {
+        const command = new client_ec2_1.DescribeInstancesCommand({
+            InstanceIds: [instanceId]
+        });
+        const response = await this.ec2Client.send(command);
+        const instance = response.Reservations?.[0]?.Instances?.[0];
+        if (!instance) {
+            throw new Error('Instance not found');
+        }
+        return {
+            publicIp: instance.PublicIpAddress || '',
+            privateIp: instance.PrivateIpAddress || '',
+            state: instance.State?.Name || 'unknown'
+        };
+    }
+    /**
+     * Wait for instance to be running
+     */
+    async waitForInstanceRunning(instanceId, maxWaitTime = 300000) {
+        const startTime = Date.now();
+        while (Date.now() - startTime < maxWaitTime) {
+            try {
+                const details = await this.getInstanceDetails(instanceId);
+                if (details.state === 'running') {
+                    return;
+                }
+                await new Promise(resolve => setTimeout(resolve, 10000)); // Wait 10 seconds
+            }
+            catch (error) {
+                await new Promise(resolve => setTimeout(resolve, 10000));
+            }
+        }
+        throw new Error('Instance did not start within expected time');
+    }
+    /**
+     * Terminate EC2 instance
+     */
+    async terminateInstance(instanceId) {
+        try {
+            const command = new client_ec2_1.TerminateInstancesCommand({
+                InstanceIds: [instanceId]
+            });
+            await this.ec2Client.send(command);
+        }
+        catch (error) {
+            console.error(chalk_1.default.red('Error terminating instance:'), error);
+            throw error;
+        }
+    }
+    /**
+     * Check if instance is ready for SSH connections
+     */
+    async waitForSSHReady(instanceId, maxWaitTime = 300) {
+        console.log(chalk_1.default.gray('Waiting for instance to be ready for SSH...'));
+        const startTime = Date.now();
+        while (Date.now() - startTime < maxWaitTime * 1000) {
+            try {
+                const instanceDetails = await this.getInstanceDetails(instanceId);
+                if (instanceDetails.state === 'running' && instanceDetails.publicIp) {
+                    console.log(chalk_1.default.green(`✓ Instance ready: ${instanceDetails.publicIp}`));
+                    return true;
+                }
+            }
+            catch (error) {
+                // Continue waiting
+            }
+            await new Promise(resolve => setTimeout(resolve, 5000)); // Wait 5 seconds
+        }
+        return false;
+    }
+    /**
+     * Create or get security group with SSH access
+     */
+    async getOrCreateSSHSecurityGroup() {
+        const groupName = 'edgible-gateway-ssh';
+        try {
+            // Check if security group already exists
+            const describeCommand = new client_ec2_1.DescribeSecurityGroupsCommand({
+                GroupNames: [groupName]
+            });
+            const describeResponse = await this.ec2Client.send(describeCommand);
+            if (describeResponse.SecurityGroups && describeResponse.SecurityGroups.length > 0) {
+                const groupId = describeResponse.SecurityGroups[0].GroupId;
+                console.log(chalk_1.default.gray(`Using existing security group: ${groupId}`));
+                return groupId;
+            }
+        }
+        catch (error) {
+            // Security group doesn't exist, create it
+        }
+        // Create security group
+        console.log(chalk_1.default.gray('Creating security group with SSH access...'));
+        const createCommand = new client_ec2_1.CreateSecurityGroupCommand({
+            GroupName: groupName,
+            Description: 'Security group for Edgible Gateway with SSH access'
+        });
+        const createResponse = await this.ec2Client.send(createCommand);
+        const groupId = createResponse.GroupId;
+        if (!groupId) {
+            throw new Error('Failed to create security group');
+        }
+        // Add SSH rule
+        const authorizeCommand = new client_ec2_1.AuthorizeSecurityGroupIngressCommand({
+            GroupId: groupId,
+            IpPermissions: [{
+                    IpProtocol: 'tcp',
+                    FromPort: 22,
+                    ToPort: 22,
+                    IpRanges: [{ CidrIp: '0.0.0.0/0' }]
+                }]
+        });
+        await this.ec2Client.send(authorizeCommand);
+        console.log(chalk_1.default.green(`✓ Security group created: ${groupId}`));
+        return groupId;
+    }
+    /**
+     * Delete key pair
+     */
+    async deleteKeyPair(keyName) {
+        try {
+            const command = new client_ec2_1.DeleteKeyPairCommand({
+                KeyName: keyName
+            });
+            await this.ec2Client.send(command);
+        }
+        catch (error) {
+            console.error(chalk_1.default.red('Error deleting key pair:'), error);
+            throw error;
+        }
+    }
+    /**
+     * Execute SSH command on instance
+     */
+    async executeSSHCommand(connection, command, timeout = 600000) {
+        return new Promise((resolve, reject) => {
+            const conn = new ssh2_1.Client();
+            let commandExecuted = false;
+            // Set overall timeout for command execution (default 10 minutes)
+            const timeoutId = setTimeout(() => {
+                if (!commandExecuted) {
+                    conn.end();
+                    reject(new Error(`Command execution timeout after ${timeout / 1000} seconds`));
+                }
+            }, timeout);
+            conn.on('ready', () => {
+                conn.exec(command, (err, stream) => {
+                    if (err) {
+                        clearTimeout(timeoutId);
+                        conn.end();
+                        reject(err);
+                        return;
+                    }
+                    let stdout = '';
+                    let stderr = '';
+                    stream.on('close', (code) => {
+                        commandExecuted = true;
+                        clearTimeout(timeoutId);
+                        conn.end();
+                        resolve({ stdout, stderr, exitCode: code });
+                    });
+                    stream.on('data', (data) => {
+                        stdout += data.toString();
+                    });
+                    stream.stderr.on('data', (data) => {
+                        stderr += data.toString();
+                    });
+                });
+            });
+            conn.on('error', (err) => {
+                clearTimeout(timeoutId);
+                reject(err);
+            });
+            conn.connect({
+                host: connection.host,
+                port: connection.port,
+                username: connection.username,
+                privateKey: connection.privateKey,
+                readyTimeout: 30000, // 30 seconds
+                keepaliveInterval: 10000, // 10 seconds
+                keepaliveCountMax: 3
+            });
+        });
+    }
+    /**
+     * Upload file via SSH
+     */
+    async uploadFile(connection, localPath, remotePath) {
+        return new Promise((resolve, reject) => {
+            // Verify local file exists before attempting upload
+            if (!require('fs').existsSync(localPath)) {
+                reject(new Error(`Local file does not exist: ${localPath}`));
+                return;
+            }
+            const fs = require('fs');
+            const stats = fs.statSync(localPath);
+            const fileSizeMB = (stats.size / (1024 * 1024)).toFixed(2);
+            const conn = new ssh2_1.Client();
+            let sftpConnected = false;
+            let uploadStarted = false;
+            conn.on('ready', () => {
+                conn.sftp((err, sftp) => {
+                    if (err) {
+                        conn.end();
+                        reject(new Error(`SFTP connection failed: ${err.message || String(err)}`));
+                        return;
+                    }
+                    sftpConnected = true;
+                    // Check if remote directory exists and is writable
+                    const remoteDir = require('path').dirname(remotePath);
+                    sftp.stat(remoteDir, (statErr) => {
+                        if (statErr) {
+                            conn.end();
+                            reject(new Error(`Remote directory does not exist or is not accessible: ${remoteDir} (Error: ${statErr.message || String(statErr)}, Code: ${statErr.code || 'unknown'})`));
+                            return;
+                        }
+                        uploadStarted = true;
+                        // Attempt the upload with detailed error handling
+                        sftp.fastPut(localPath, remotePath, (uploadErr) => {
+                            conn.end();
+                            if (uploadErr) {
+                                const errorMessage = `SFTP upload failed: ${uploadErr.message || String(uploadErr)}`;
+                                const errorCode = uploadErr.code ? ` (Code: ${uploadErr.code})` : '';
+                                const contextInfo = `\n  Local: ${localPath} (${fileSizeMB} MB)\n  Remote: ${remotePath}\n  User: ${connection.username}\n  Host: ${connection.host}`;
+                                reject(new Error(`${errorMessage}${errorCode}${contextInfo}`));
+                            }
+                            else {
+                                resolve();
+                            }
+                        });
+                    });
+                });
+            });
+            conn.on('error', (err) => {
+                reject(new Error(`SSH connection error: ${err.message || String(err)}`));
+            });
+            // Set a timeout for the entire operation
+            const timeout = setTimeout(() => {
+                if (!sftpConnected) {
+                    conn.end();
+                    reject(new Error(`SFTP connection timeout after 30 seconds. Upload may be too large (${fileSizeMB} MB)`));
+                }
+                else if (!uploadStarted) {
+                    conn.end();
+                    reject(new Error(`SFTP upload start timeout. Remote directory may be inaccessible: ${require('path').dirname(remotePath)}`));
+                }
+            }, 60000); // 60 second timeout
+            conn.on('close', () => {
+                clearTimeout(timeout);
+            });
+            conn.connect({
+                host: connection.host,
+                port: connection.port,
+                username: connection.username,
+                privateKey: connection.privateKey,
+                readyTimeout: 30000, // 30 seconds
+                keepaliveInterval: 10000, // 10 seconds
+                keepaliveCountMax: 3
+            });
+        });
+    }
+    /**
+     * Generate user data script for EC2 instance
+     */
+    generateUserData() {
+        return `#!/bin/bash
+# Update system
+yum update -y
+
+# Install Node.js
+curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash
+export NVM_DIR="$HOME/.nvm"
+[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
+nvm install 18
+nvm use 18
+
+# Create system-wide symlink for Node.js (so root can access it)
+NODE_VERSION=$(nvm list | grep -oE 'v18\.[0-9]+\.[0-9]+' | head -1)
+if [ -n "$NODE_VERSION" ]; then
+  sudo ln -sf "/home/ec2-user/.nvm/versions/node/$NODE_VERSION/bin/node" /usr/local/bin/node
+  sudo ln -sf "/home/ec2-user/.nvm/versions/node/$NODE_VERSION/bin/npm" /usr/local/bin/npm
+fi
+
+# Install PM2 for process management (install globally for root as well)
+npm install -g pm2
+sudo npm install -g pm2 || true
+
+# Create directory for agent (owned by root)
+sudo mkdir -p /opt/edgible-agent
+cd /opt/edgible-agent
+sudo chown root:root /opt/edgible-agent
+
+# Note: Agent code will be uploaded by CLI
+echo "Agent directory created. Waiting for agent code upload..."
+
+# Set up systemd service for agent (running as root)
+cat > /tmp/edgible-agent.service << 'EOF'
+[Unit]
+Description=Edgible Agent
+After=network.target
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/opt/edgible-agent
+ExecStart=/usr/local/bin/node /opt/edgible-agent/index.js start -c /opt/edgible-agent/agent.config.json
+Restart=always
+RestartSec=10
+Environment=NODE_ENV=production
+Environment=EDGIBLE_CONFIG_PATH=/opt/edgible-agent/.edgible/agent
+Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+[Install]
+WantedBy=multi-user.target
+EOF
+sudo mv /tmp/edgible-agent.service /etc/systemd/system/edgible-agent.service
+
+# Enable service (but don't start until agent is uploaded)
+systemctl enable edgible-agent.service
+
+echo "Edgible Agent setup complete"
+`;
+    }
+    /**
+     * Save SSH key to file
+     */
+    saveSSHKey(keyPair, keyName) {
+        const sshDir = path.join(os.homedir(), '.ssh');
+        const keyPath = path.join(sshDir, `${keyName}.pem`);
+        // Ensure .ssh directory exists
+        if (!fs.existsSync(sshDir)) {
+            fs.mkdirSync(sshDir, { mode: 0o700 });
+        }
+        // Save private key
+        fs.writeFileSync(keyPath, keyPair.privateKey, { mode: 0o600 });
+        return keyPath;
+    }
+    /**
+     * Load SSH key from file
+     */
+    loadSSHKey(keyPath) {
+        if (!fs.existsSync(keyPath)) {
+            throw new Error(`SSH key file not found: ${keyPath}`);
+        }
+        return fs.readFileSync(keyPath, 'utf8');
+    }
+    /**
+     * Download agent from S3 bucket
+     * @param bucketName S3 bucket name
+     * @param keyPath S3 object key (path within bucket)
+     * @param destinationPath Local file path to save the downloaded file
+     * @param useCloudFront Whether to use CloudFront URL instead of direct S3
+     * @param cloudFrontUrl CloudFront distribution URL (e.g., https://distribution.edgible.com)
+     */
+    async downloadAgentFromS3(bucketName, keyPath, destinationPath, useCloudFront = false, cloudFrontUrl) {
+        try {
+            if (useCloudFront && cloudFrontUrl) {
+                // Use CloudFront URL for download (public access)
+                const url = `${cloudFrontUrl}/${keyPath}`;
+                console.log(chalk_1.default.gray(`Downloading from CloudFront: ${url}`));
+                const response = await fetch(url);
+                if (!response.ok) {
+                    // Provide specific error messages for common issues
+                    let errorMessage = `Failed to download from CloudFront: ${response.status} ${response.statusText}`;
+                    if (response.status === 404) {
+                        errorMessage = `Agent version not found at ${url}\n\n` +
+                            `The agent may not have been deployed to S3 yet.\n` +
+                            `To deploy the agent:\n` +
+                            `  1. Navigate to agent-v2 directory\n` +
+                            `  2. Run: npm run build\n` +
+                            `  3. Run: ./scripts/deploy-to-s3.sh --env production\n\n` +
+                            `Expected S3 path: s3://${bucketName}/${keyPath}\n` +
+                            `Current environment: ${keyPath.split('/')[0] || 'unknown'}`;
+                    }
+                    else if (response.status === 403) {
+                        errorMessage = `Access denied to ${url}\n\n` +
+                            `This usually means one of:\n` +
+                            `  1. Agent not deployed: The file doesn't exist at s3://${bucketName}/${keyPath}\n` +
+                            `     → Deploy agent: cd agent-v2 && ./scripts/deploy-to-s3.sh --env production\n\n` +
+                            `  2. CloudFront misconfiguration: OAC or bucket policy issue\n` +
+                            `     → Check backend Pulumi outputs for distribution status\n\n` +
+                            `  3. Wrong bucket: Using bucket "${bucketName}" but file may be in different bucket\n` +
+                            `     → Check Pulumi output: AgentDistributionBucket\n\n` +
+                            `To verify file exists:\n` +
+                            `  aws s3 ls s3://${bucketName}/${keyPath} --profile edgible`;
+                    }
+                    throw new Error(errorMessage);
+                }
+                const buffer = await response.arrayBuffer();
+                fs.writeFileSync(destinationPath, Buffer.from(buffer));
+                console.log(chalk_1.default.green(`✓ Downloaded to ${destinationPath}`));
+            }
+            else {
+                // Use S3 SDK for direct download
+                console.log(chalk_1.default.gray(`Downloading from S3: s3://${bucketName}/${keyPath}`));
+                const command = new client_s3_1.GetObjectCommand({
+                    Bucket: bucketName,
+                    Key: keyPath
+                });
+                const response = await this.s3Client.send(command);
+                if (!response.Body) {
+                    throw new Error('No data returned from S3');
+                }
+                // Ensure destination directory exists
+                const destDir = path.dirname(destinationPath);
+                if (!fs.existsSync(destDir)) {
+                    fs.mkdirSync(destDir, { recursive: true });
+                }
+                // Convert stream to buffer and write to file
+                const chunks = [];
+                for await (const chunk of response.Body) {
+                    chunks.push(chunk);
+                }
+                const buffer = Buffer.concat(chunks);
+                fs.writeFileSync(destinationPath, buffer);
+                console.log(chalk_1.default.green(`✓ Downloaded to ${destinationPath}`));
+            }
+        }
+        catch (error) {
+            console.error(chalk_1.default.red('Error downloading from S3:'), error);
+            throw error;
+        }
+    }
+    /**
+     * Get S3 download URL (for use in SSH commands on remote server)
+     * @param bucketName S3 bucket name
+     * @param keyPath S3 object key
+     * @param useCloudFront Whether to use CloudFront URL
+     * @param cloudFrontUrl CloudFront distribution URL
+     * @returns URL string for downloading
+     */
+    getS3DownloadUrl(bucketName, keyPath, useCloudFront = false, cloudFrontUrl) {
+        if (useCloudFront && cloudFrontUrl) {
+            return `${cloudFrontUrl}/${keyPath}`;
+        }
+        else {
+            // Return S3 public URL (requires bucket to be public or presigned URL)
+            return `https://${bucketName}.s3.${this.region}.amazonaws.com/${keyPath}`;
+        }
+    }
+}
+exports.AWSService = AWSService;
+//# sourceMappingURL=aws.js.map