@enspirit/emb 0.15.0 → 0.17.0

package/dist/src/cli/commands/components/logs.js

@@ -1,10 +1,17 @@
 import { Args, Flags } from '@oclif/core';
 import { BaseCommand, getContext } from '../../index.js';
+import { ComposeLogsOperation } from '../../../docker/index.js';
 export default class ComponentsLogs extends BaseCommand {
     static aliases = ['logs'];
     static description = 'Get components logs.';
     static enableJsonFlag = false;
-    static examples = ['<%= config.bin %> <%= command.id %>'];
+    static examples = [
+        '<%= config.bin %> <%= command.id %>',
+        '<%= config.bin %> <%= command.id %> backend',
+        '<%= config.bin %> <%= command.id %> backend frontend',
+        '<%= config.bin %> <%= command.id %> --no-follow backend',
+    ];
+    static strict = false;
     static flags = {
         follow: Flags.boolean({
             name: 'follow',
@@ -17,32 +24,22 @@ export default class ComponentsLogs extends BaseCommand {
     static args = {
         component: Args.string({
             name: 'component',
-            description: 'The component you want to see the logs of',
-            required: true,
+            description: 'The component(s) you want to see the logs of (all if omitted)',
+            required: false,
         }),
     };
     async run() {
-        const { flags, args } = await this.parse(ComponentsLogs);
-        const { monorepo, docker, compose } = await getContext();
-        const component = monorepo.component(args.component);
-        const containerId = await compose.getContainer(component.name, {
-            mustBeRunning: false,
+        const { flags, argv } = await this.parse(ComponentsLogs);
+        const { monorepo } = await getContext();
+        const componentNames = argv;
+        // Validate that all specified components exist
+        const services = componentNames.map((name) => {
+            const component = monorepo.component(name);
+            return component.name;
+        });
+        await monorepo.run(new ComposeLogsOperation(), {
+            services: services.length > 0 ? services : undefined,
+            follow: flags.follow,
         });
-        const container = await docker.getContainer(containerId);
-        if (flags.follow) {
-            const stream = await container.logs({
-                follow: true,
-                stderr: true,
-                stdout: true,
-            });
-            docker.modem.demuxStream(stream, process.stdout, process.stderr);
-        }
-        else {
-            const res = await container.logs({
-                stderr: true,
-                stdout: true,
-            });
-            this.log(res.toString());
-        }
     }
 }

package/dist/src/cli/commands/secrets/index.d.ts

@@ -0,0 +1,14 @@
+import { FlavoredCommand } from '../../index.js';
+export interface SecretInfo {
+    component?: string;
+    key?: string;
+    path: string;
+    provider: string;
+    usageCount: number;
+}
+export default class SecretsIndex extends FlavoredCommand<typeof SecretsIndex> {
+    static description: string;
+    static enableJsonFlag: boolean;
+    static examples: string[];
+    run(): Promise<SecretInfo[]>;
+}

package/dist/src/cli/commands/secrets/index.js

@@ -0,0 +1,71 @@
+import { getContext } from '../../../index.js';
+import { printTable } from '@oclif/table';
+import { FlavoredCommand, TABLE_DEFAULTS } from '../../index.js';
+import { aggregateSecrets, discoverSecrets, } from '../../../secrets/SecretDiscovery.js';
+export default class SecretsIndex extends FlavoredCommand {
+    static description = 'List all secret references in the configuration.';
+    static enableJsonFlag = true;
+    static examples = [
+        '<%= config.bin %> <%= command.id %>',
+        '<%= config.bin %> <%= command.id %> --json',
+    ];
+    async run() {
+        const { flags } = await this.parse(SecretsIndex);
+        const context = getContext();
+        const { monorepo, secrets } = context;
+        // Get registered secret providers dynamically
+        const secretProviders = new Set(secrets.getProviderNames());
+        // Collect secrets from all configuration sources
+        const allSecrets = [];
+        // Scan monorepo-level config (env, vars, tasks, defaults, flavors)
+        allSecrets.push(...discoverSecrets({
+            env: monorepo.config.env,
+            vars: monorepo.config.vars,
+            tasks: monorepo.config.tasks,
+            defaults: monorepo.config.defaults,
+            flavors: monorepo.config.flavors,
+        }, { file: '.emb.yml' }, secretProviders));
+        // Scan each component's config
+        for (const component of monorepo.components) {
+            allSecrets.push(...discoverSecrets({
+                tasks: component.config.tasks,
+                resources: component.config.resources,
+            }, {
+                file: `${component.name}/Embfile.yml`,
+                component: component.name,
+            }, secretProviders));
+        }
+        // Aggregate by unique secret reference
+        const aggregated = aggregateSecrets(allSecrets);
+        // Convert to output format
+        const result = aggregated.map((secret) => ({
+            provider: secret.provider,
+            path: secret.path,
+            key: secret.key,
+            component: secret.locations
+                .map((l) => l.component)
+                .filter(Boolean)
+                .join(', ') || undefined,
+            usageCount: secret.locations.length,
+        }));
+        if (!flags.json) {
+            if (result.length === 0) {
+                this.log('No secret references found in configuration.');
+            }
+            else {
+                printTable({
+                    ...TABLE_DEFAULTS,
+                    columns: ['provider', 'path', 'key', 'component', 'usageCount'],
+                    data: result.map((r) => ({
+                        ...r,
+                        key: r.key || '-',
+                        component: r.component || '-',
+                    })),
+                });
+                const providerCount = new Set(result.map((r) => r.provider)).size;
+                this.log(`\nFound ${result.length} secret reference(s) using ${providerCount} provider(s).`);
+            }
+        }
+        return result;
+    }
+}

package/dist/src/cli/commands/secrets/providers.d.ts

@@ -0,0 +1,12 @@
+import { FlavoredCommand } from '../../index.js';
+export interface ProviderInfo {
+    name: string;
+    status: 'connected' | 'not_configured';
+    type: string;
+}
+export default class SecretsProviders extends FlavoredCommand<typeof SecretsProviders> {
+    static description: string;
+    static enableJsonFlag: boolean;
+    static examples: string[];
+    run(): Promise<ProviderInfo[]>;
+}

package/dist/src/cli/commands/secrets/providers.js

@@ -0,0 +1,50 @@
+import { getContext } from '../../../index.js';
+import { printTable } from '@oclif/table';
+import { FlavoredCommand, TABLE_DEFAULTS } from '../../index.js';
+export default class SecretsProviders extends FlavoredCommand {
+    static description = 'Show configured secret providers and their status.';
+    static enableJsonFlag = true;
+    static examples = ['<%= config.bin %> <%= command.id %>'];
+    async run() {
+        const { flags } = await this.parse(SecretsProviders);
+        const context = getContext();
+        const { secrets } = context;
+        const providerNames = secrets.getProviderNames();
+        if (providerNames.length === 0) {
+            if (!flags.json) {
+                this.log('No secret providers configured.');
+                this.log('\nTo configure a provider, add it to your .emb.yml:');
+                this.log(`
+plugins:
+  - name: vault
+    config:
+      address: https://vault.example.com
+      auth:
+        method: oidc
+`);
+            }
+            return [];
+        }
+        const results = providerNames.map((name) => {
+            const provider = secrets.get(name);
+            return {
+                name,
+                type: provider?.constructor.name || 'Unknown',
+                status: provider ? 'connected' : 'not_configured',
+            };
+        });
+        if (!flags.json) {
+            printTable({
+                ...TABLE_DEFAULTS,
+                columns: ['name', 'type', 'status'],
+                data: results.map((r) => ({
+                    name: r.name,
+                    type: r.type,
+                    status: r.status === 'connected' ? '✔ Connected' : '✖ Not configured',
+                })),
+            });
+            this.log(`\n${results.length} provider(s) configured.`);
+        }
+        return results;
+    }
+}

package/dist/src/cli/commands/secrets/validate.d.ts

@@ -0,0 +1,18 @@
+import { FlavoredCommand } from '../../index.js';
+export interface ValidationResult {
+    error?: string;
+    key?: string;
+    path: string;
+    provider: string;
+    status: 'error' | 'ok';
+}
+export default class SecretsValidate extends FlavoredCommand<typeof SecretsValidate> {
+    static description: string;
+    static enableJsonFlag: boolean;
+    static examples: string[];
+    static flags: {
+        'fail-fast': import("@oclif/core/interfaces").BooleanFlag<boolean>;
+    };
+    run(): Promise<ValidationResult[]>;
+    private validateSecret;
+}

package/dist/src/cli/commands/secrets/validate.js

@@ -0,0 +1,145 @@
+import { getContext } from '../../../index.js';
+import { Flags } from '@oclif/core';
+import { printTable } from '@oclif/table';
+import { FlavoredCommand, TABLE_DEFAULTS } from '../../index.js';
+import { aggregateSecrets, discoverSecrets, } from '../../../secrets/SecretDiscovery.js';
+export default class SecretsValidate extends FlavoredCommand {
+    static description = 'Validate that all secret references can be resolved (without showing values).';
+    static enableJsonFlag = true;
+    static examples = [
+        '<%= config.bin %> <%= command.id %>',
+        '<%= config.bin %> <%= command.id %> --fail-fast',
+        '<%= config.bin %> <%= command.id %> --json',
+    ];
+    static flags = {
+        'fail-fast': Flags.boolean({
+            default: false,
+            description: 'Stop on first validation error',
+        }),
+    };
+    async run() {
+        const { flags } = await this.parse(SecretsValidate);
+        const context = getContext();
+        const { monorepo, secrets } = context;
+        // Get registered secret providers dynamically
+        const secretProviders = new Set(secrets.getProviderNames());
+        // Collect secrets from all configuration sources
+        const allSecrets = [];
+        // Scan monorepo-level config (env, vars, tasks, defaults, flavors)
+        allSecrets.push(...discoverSecrets({
+            env: monorepo.config.env,
+            vars: monorepo.config.vars,
+            tasks: monorepo.config.tasks,
+            defaults: monorepo.config.defaults,
+            flavors: monorepo.config.flavors,
+        }, { file: '.emb.yml' }, secretProviders));
+        // Scan each component's config
+        for (const component of monorepo.components) {
+            allSecrets.push(...discoverSecrets({
+                tasks: component.config.tasks,
+                resources: component.config.resources,
+            }, {
+                file: `${component.name}/Embfile.yml`,
+                component: component.name,
+            }, secretProviders));
+        }
+        // Aggregate by unique secret reference
+        const aggregated = aggregateSecrets(allSecrets);
+        if (aggregated.length === 0) {
+            if (!flags.json) {
+                this.log('No secret references found in configuration.');
+            }
+            return [];
+        }
+        // Validate each secret
+        const results = [];
+        let hasErrors = false;
+        for (const secret of aggregated) {
+            // Sequential validation is intentional for fail-fast support
+            // eslint-disable-next-line no-await-in-loop
+            const result = await this.validateSecret(secret, secrets);
+            results.push(result);
+            if (result.status === 'error') {
+                hasErrors = true;
+                if (flags['fail-fast']) {
+                    break;
+                }
+            }
+        }
+        if (!flags.json) {
+            printTable({
+                ...TABLE_DEFAULTS,
+                columns: ['status', 'provider', 'path', 'key'],
+                data: results.map((r) => ({
+                    status: r.status === 'ok' ? '✔' : '✖',
+                    provider: r.provider,
+                    path: r.path,
+                    key: r.key || '-',
+                })),
+            });
+            const passed = results.filter((r) => r.status === 'ok').length;
+            const failed = results.filter((r) => r.status === 'error').length;
+            this.log(`\nValidation: ${passed} passed, ${failed} failed`);
+            // Show error details
+            const errors = results.filter((r) => r.status === 'error');
+            if (errors.length > 0) {
+                this.log('\nError details:');
+                for (const error of errors) {
+                    const ref = error.key
+                        ? `${error.provider}:${error.path}#${error.key}`
+                        : `${error.provider}:${error.path}`;
+                    this.log(`  - ${ref}: ${error.error}`);
+                }
+            }
+        }
+        // Exit with error code if validation failed
+        if (hasErrors) {
+            this.exit(1);
+        }
+        return results;
+    }
+    async validateSecret(secret, secrets) {
+        const provider = secrets.get(secret.provider);
+        if (!provider) {
+            return {
+                provider: secret.provider,
+                path: secret.path,
+                key: secret.key,
+                status: 'error',
+                error: `Provider '${secret.provider}' not configured`,
+            };
+        }
+        try {
+            // Actually fetch the secret to verify access
+            const result = await provider.get({
+                path: secret.path,
+                key: secret.key,
+            });
+            // If a key was specified, verify it exists
+            if (secret.key && result === undefined) {
+                return {
+                    provider: secret.provider,
+                    path: secret.path,
+                    key: secret.key,
+                    status: 'error',
+                    error: `Key '${secret.key}' not found in secret`,
+                };
+            }
+            return {
+                provider: secret.provider,
+                path: secret.path,
+                key: secret.key,
+                status: 'ok',
+            };
+        }
+        catch (error) {
+            return {
+                provider: secret.provider,
+                path: secret.path,
+                key: secret.key,
+                status: 'error',
+                error: error instanceof Error ? error.message : String(error),
+            };
+        }
+    }
+}

package/dist/src/cli/hooks/init.js

@@ -1,2 +1,8 @@
-const hook = async function (_options) { };
+import { settings } from '@oclif/core';
+const hook = async function (_options) {
+    // Disable oclif's auto-transpilation to avoid spurious warnings when npm-linked.
+    // We always run from compiled JS in dist/, so auto-transpilation is not needed.
+    // This prevents a double tsPath() call that produces "Could not find source" warnings.
+    settings.enableAutoTranspile = false;
+};
 export default hook;

package/dist/src/config/index.d.ts

@@ -1,6 +1,15 @@
 export * from './types.js';
 export * from './validation.js';
-export declare const loadConfig: () => Promise<{
+export interface LoadConfigOptions {
+    /**
+     * Explicit root directory path. Takes precedence over EMB_ROOT env var.
+     * Can be either:
+     * - A directory containing .emb.yml
+     * - A direct path to a .emb.yml file
+     */
+    root?: string;
+}
+export declare const loadConfig: (options?: LoadConfigOptions) => Promise<{
     rootDir: string;
     config: import("./schema.js").EMBConfig;
 }>;

package/dist/src/config/index.js

@@ -1,10 +1,35 @@
 import { findUp } from 'find-up';
-import { dirname } from 'node:path';
+import { existsSync } from 'node:fs';
+import { dirname, join, resolve } from 'node:path';
 import { validateUserConfig } from './validation.js';
 export * from './types.js';
 export * from './validation.js';
-export const loadConfig = async () => {
-    const path = await findUp('.emb.yml');
+export const loadConfig = async (options = {}) => {
+    let path;
+    // Priority 1: Explicit root option (from --root/-C flag)
+    // Priority 2: EMB_ROOT environment variable
+    // Priority 3: Walk up to find .emb.yml (original behavior)
+    const explicitRoot = options.root || process.env.EMB_ROOT;
+    if (explicitRoot) {
+        const resolved = resolve(explicitRoot);
+        // Check if it's a direct path to a config file
+        if (resolved.endsWith('.emb.yml') && existsSync(resolved)) {
+            path = resolved;
+        }
+        else {
+            // Assume it's a directory, look for .emb.yml inside
+            const configPath = join(resolved, '.emb.yml');
+            if (existsSync(configPath)) {
+                path = configPath;
+            }
+            else {
+                throw new Error(`Could not find .emb.yml in specified root: ${explicitRoot}`);
+            }
+        }
+    }
+    else {
+        path = await findUp('.emb.yml');
+    }
     if (!path) {
         throw new Error('Could not find EMB config anywhere');
     }

package/dist/src/config/schema.d.ts

@@ -3,6 +3,12 @@
  * DO NOT MODIFY IT BY HAND. Instead, modify the source JSONSchema file,
  * and run json-schema-to-typescript to regenerate this file.
  */
+export type PluginConfigItem = {
+    [k: string]: unknown;
+} & {
+    name: Identifier;
+    config?: unknown;
+};
 export type Identifier = string;
 export type TaskConfig = TaskConfig1 & {
     description?: string;
@@ -55,10 +61,7 @@ export interface EMBConfig {
          */
         rootDir?: string;
     };
-    plugins?: {
-        name: Identifier;
-        config?: unknown;
-    }[];
+    plugins?: PluginConfigItem[];
     /**
      * Variables to install on the environment
      */

package/dist/src/config/schema.json

@@ -24,15 +24,7 @@
         "plugins": {
             "type": "array",
             "items": {
-                "type": "object",
-                "required": ["name"],
-                "properties": {
-                    "name": {
-                        "$ref": "#/definitions/Identifier"
-                    },
-                    "config": {}
-                },
-                "additionalProperties": false
+                "$ref": "#/definitions/PluginConfigItem"
             }
         },
         "env": {
@@ -376,6 +368,178 @@
                 { "$ref": "#/definitions/JsonPatchMoveOperation" },
                 { "$ref": "#/definitions/JsonPatchCopyOperation" }
             ]
+        },
+        "VaultTokenAuth": {
+            "type": "object",
+            "required": ["method", "token"],
+            "properties": {
+                "method": { "const": "token" },
+                "token": { "type": "string", "description": "Vault token for authentication" }
+            },
+            "additionalProperties": false
+        },
+        "VaultAppRoleAuth": {
+            "type": "object",
+            "required": ["method", "roleId", "secretId"],
+            "properties": {
+                "method": { "const": "approle" },
+                "roleId": { "type": "string", "description": "AppRole role ID" },
+                "secretId": { "type": "string", "description": "AppRole secret ID" }
+            },
+            "additionalProperties": false
+        },
+        "VaultKubernetesAuth": {
+            "type": "object",
+            "required": ["method", "role"],
+            "properties": {
+                "method": { "const": "kubernetes" },
+                "role": { "type": "string", "description": "Kubernetes auth role name" }
+            },
+            "additionalProperties": false
+        },
+        "VaultJwtAuth": {
+            "type": "object",
+            "required": ["method", "role", "jwt"],
+            "properties": {
+                "method": { "const": "jwt" },
+                "role": { "type": "string", "description": "JWT auth role name" },
+                "jwt": { "type": "string", "description": "JWT token for authentication" }
+            },
+            "additionalProperties": false
+        },
+        "VaultOidcAuth": {
+            "type": "object",
+            "required": ["method"],
+            "properties": {
+                "method": { "const": "oidc" },
+                "role": { "type": "string", "description": "OIDC auth role name" },
+                "port": { "type": "integer", "description": "Local port for OIDC callback" }
+            },
+            "additionalProperties": false
+        },
+        "VaultAuthConfig": {
+            "description": "Authentication configuration for HashiCorp Vault",
+            "oneOf": [
+                { "$ref": "#/definitions/VaultTokenAuth" },
+                { "$ref": "#/definitions/VaultAppRoleAuth" },
+                { "$ref": "#/definitions/VaultKubernetesAuth" },
+                { "$ref": "#/definitions/VaultJwtAuth" },
+                { "$ref": "#/definitions/VaultOidcAuth" }
+            ]
+        },
+        "VaultPluginConfig": {
+            "type": "object",
+            "description": "Configuration for the HashiCorp Vault plugin",
+            "properties": {
+                "address": {
+                    "type": "string",
+                    "description": "Vault server address. Defaults to VAULT_ADDR env var."
+                },
+                "namespace": {
+                    "type": "string",
+                    "description": "Vault namespace. Defaults to VAULT_NAMESPACE env var."
+                },
+                "auth": {
+                    "$ref": "#/definitions/VaultAuthConfig"
+                }
+            },
+            "additionalProperties": false
+        },
+        "AutoDockerPluginConfig": {
+            "type": "object",
+            "description": "Configuration for the AutoDocker plugin",
+            "properties": {
+                "glob": {
+                    "type": "string",
+                    "description": "Glob pattern to find Dockerfiles. Defaults to '*/Dockerfile'."
+                },
+                "ignore": {
+                    "oneOf": [
+                        { "type": "string" },
+                        { "type": "array", "items": { "type": "string" } }
+                    ],
+                    "description": "Patterns to ignore when searching for Dockerfiles."
+                }
+            },
+            "additionalProperties": false
+        },
+        "DotEnvPluginConfig": {
+            "type": "array",
+            "description": "Array of .env file paths to load",
+            "items": {
+                "type": "string"
+            }
+        },
+        "EmbfilesPluginConfig": {
+            "type": "object",
+            "description": "Configuration for the Embfiles loader plugin",
+            "properties": {
+                "glob": {
+                    "oneOf": [
+                        { "type": "string" },
+                        { "type": "array", "items": { "type": "string" } }
+                    ],
+                    "description": "Glob pattern(s) to find Embfiles. Defaults to '*/Embfile.{yaml,yml}'."
+                }
+            },
+            "additionalProperties": false
+        },
+        "PluginConfigItem": {
+            "type": "object",
+            "required": ["name"],
+            "properties": {
+                "name": {
+                    "$ref": "#/definitions/Identifier"
+                },
+                "config": {}
+            },
+            "additionalProperties": false,
+            "allOf": [
+                {
+                    "if": {
+                        "properties": { "name": { "const": "vault" } },
+                        "required": ["name"]
+                    },
+                    "then": {
+                        "properties": {
+                            "config": { "$ref": "#/definitions/VaultPluginConfig" }
+                        }
+                    }
+                },
+                {
+                    "if": {
+                        "properties": { "name": { "const": "autodocker" } },
+                        "required": ["name"]
+                    },
+                    "then": {
+                        "properties": {
+                            "config": { "$ref": "#/definitions/AutoDockerPluginConfig" }
+                        }
+                    }
+                },
+                {
+                    "if": {
+                        "properties": { "name": { "const": "dotenv" } },
+                        "required": ["name"]
+                    },
+                    "then": {
+                        "properties": {
+                            "config": { "$ref": "#/definitions/DotEnvPluginConfig" }
+                        }
+                    }
+                },
+                {
+                    "if": {
+                        "properties": { "name": { "const": "embfiles" } },
+                        "required": ["name"]
+                    },
+                    "then": {
+                        "properties": {
+                            "config": { "$ref": "#/definitions/EmbfilesPluginConfig" }
+                        }
+                    }
+                }
+            ]
         }
     }
 }