@enspirit/emb 0.15.0 → 0.17.5

package/bin/release

@@ -0,0 +1,122 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+error() {
+  echo -e "${RED}Error: $1${NC}" >&2
+  exit 1
+}
+
+info() {
+  echo -e "${GREEN}$1${NC}"
+}
+
+warn() {
+  echo -e "${YELLOW}$1${NC}"
+}
+
+# Check argument
+if [ $# -ne 1 ]; then
+  echo "Usage: $0 <patch|minor|major>"
+  echo ""
+  echo "Examples:"
+  echo "  $0 patch   # 0.17.0 -> 0.17.1"
+  echo "  $0 minor   # 0.17.0 -> 0.18.0"
+  echo "  $0 major   # 0.17.0 -> 1.0.0"
+  exit 1
+fi
+
+BUMP_TYPE="$1"
+
+if [[ "$BUMP_TYPE" != "patch" && "$BUMP_TYPE" != "minor" && "$BUMP_TYPE" != "major" ]]; then
+  error "Invalid bump type: $BUMP_TYPE. Must be one of: patch, minor, major"
+fi
+
+# Check we're on master branch
+CURRENT_BRANCH=$(git branch --show-current)
+if [ "$CURRENT_BRANCH" != "master" ]; then
+  error "Must be on master branch (currently on: $CURRENT_BRANCH)"
+fi
+
+# Check for pristine git status
+if [ -n "$(git status --porcelain)" ]; then
+  error "Working directory is not clean. Commit or stash your changes first.\n$(git status --short)"
+fi
+
+# Check we're up to date with remote
+git fetch origin master --quiet
+LOCAL=$(git rev-parse HEAD)
+REMOTE=$(git rev-parse origin/master)
+if [ "$LOCAL" != "$REMOTE" ]; then
+  error "Local master is not up to date with origin/master. Run 'git pull' first."
+fi
+
+# Get current version
+CURRENT_VERSION=$(node -p "require('./package.json').version")
+info "Current version: $CURRENT_VERSION"
+
+# Calculate new version
+IFS='.' read -r MAJOR MINOR PATCH <<< "$CURRENT_VERSION"
+
+case "$BUMP_TYPE" in
+  major)
+    NEW_VERSION="$((MAJOR + 1)).0.0"
+    ;;
+  minor)
+    NEW_VERSION="${MAJOR}.$((MINOR + 1)).0"
+    ;;
+  patch)
+    NEW_VERSION="${MAJOR}.${MINOR}.$((PATCH + 1))"
+    ;;
+esac
+
+info "New version: $NEW_VERSION"
+
+# Check tag doesn't already exist
+if git rev-parse "$NEW_VERSION" >/dev/null 2>&1; then
+  error "Tag $NEW_VERSION already exists"
+fi
+
+# Confirm with user
+echo ""
+warn "This will:"
+echo "  1. Update package.json version to $NEW_VERSION"
+echo "  2. Commit the change"
+echo "  3. Create tag $NEW_VERSION"
+echo "  4. Push to origin (commit + tag)"
+echo ""
+read -p "Continue? [y/N] " -n 1 -r
+echo ""
+
+if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+  echo "Aborted."
+  exit 0
+fi
+
+# Update package.json version
+info "Updating package.json..."
+npm version "$NEW_VERSION" --no-git-tag-version --allow-same-version
+
+# Commit
+info "Committing..."
+git add package.json
+git commit -m "Bump to $NEW_VERSION"
+
+# Create tag
+info "Creating tag $NEW_VERSION..."
+git tag "$NEW_VERSION"
+
+# Push
+info "Pushing to origin..."
+git push origin master
+git push origin "$NEW_VERSION"
+
+echo ""
+info "Release $NEW_VERSION complete!"
+echo "GitHub Actions will now build, test, and publish to npm."
+echo "Monitor the release at: https://github.com/enspirit/emb/actions"

package/dist/src/cli/abstract/BaseCommand.d.ts

@@ -4,6 +4,7 @@ export declare abstract class BaseCommand extends Command {
     protected context: EmbContext;
     static baseFlags: {
         verbose: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        root: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
     };
     init(): Promise<void>;
 }

package/dist/src/cli/abstract/BaseCommand.js

@@ -1,9 +1,10 @@
-import { DockerComposeClient, getContext, setContext } from '../../index.js';
+import { DockerComposeClient, getContext, isContextStale, resetContext, setContext, } from '../../index.js';
 import { Command, Flags } from '@oclif/core';
 import Dockerode from 'dockerode';
 import { loadConfig } from '../../config/index.js';
 import { createKubernetesClient } from '../../kubernetes/client.js';
 import { Monorepo } from '../../monorepo/monorepo.js';
+import { SecretManager } from '../../secrets/index.js';
 import { withMarker } from '../utils.js';
 export class BaseCommand extends Command {
     context;
@@ -12,15 +13,34 @@ export class BaseCommand extends Command {
             name: 'verbose',
             allowNo: true,
         }),
+        root: Flags.string({
+            char: 'C',
+            description: 'Run as if emb was started in <path>. Can also be set via EMB_ROOT env var.',
+            name: 'root',
+            required: false,
+        }),
     };
     async init() {
         const { flags } = await this.parse();
         await super.init();
+        // Reset context if EMB_ROOT changed (e.g., in tests switching between examples)
+        if (isContextStale()) {
+            resetContext();
+        }
         if (getContext()) {
             return;
         }
         try {
-            const { rootDir, config } = await withMarker('emb:config', 'load', () => loadConfig());
+            const { rootDir, config } = await withMarker('emb:config', 'load', () => loadConfig({ root: flags.root }));
+            // Create SecretManager early so plugins can register providers during init
+            const secrets = new SecretManager();
+            // Set a partial context before monorepo init so plugins can access secrets
+            const partialContext = {
+                docker: new Dockerode(),
+                kubernetes: createKubernetesClient(),
+                secrets,
+            };
+            setContext(partialContext);
             const monorepo = await withMarker('emb:monorepo', 'init', () => {
                 return new Monorepo(config, rootDir).init();
             });
@@ -29,10 +49,9 @@ export class BaseCommand extends Command {
             }
             const compose = new DockerComposeClient(monorepo);
             this.context = setContext({
-                docker: new Dockerode(),
+                ...partialContext,
                 monorepo,
                 compose,
-                kubernetes: createKubernetesClient(),
             });
         }
         catch (error) {

package/dist/src/cli/abstract/FlavouredCommand.d.ts

@@ -6,6 +6,7 @@ export declare abstract class FlavoredCommand<T extends typeof Command> extends
     static baseFlags: {
         flavor: Interfaces.OptionFlag<string | undefined, Interfaces.CustomOptions>;
         verbose: Interfaces.BooleanFlag<boolean>;
+        root: Interfaces.OptionFlag<string | undefined, Interfaces.CustomOptions>;
     };
     static enableJsonFlag: boolean;
     protected args: Args<T>;

package/dist/src/cli/abstract/KubernetesCommand.d.ts

@@ -3,5 +3,6 @@ export declare abstract class KubernetesCommand extends BaseCommand {
     static baseFlags: {
         namespace: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
         verbose: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        root: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
     };
 }

package/dist/src/cli/commands/components/logs.d.ts

@@ -4,11 +4,12 @@ export default class ComponentsLogs extends BaseCommand {
     static description: string;
     static enableJsonFlag: boolean;
     static examples: string[];
+    static strict: boolean;
     static flags: {
         follow: import("@oclif/core/interfaces").BooleanFlag<boolean>;
     };
     static args: {
-        component: import("@oclif/core/interfaces").Arg<string, Record<string, unknown>>;
+        component: import("@oclif/core/interfaces").Arg<string | undefined, Record<string, unknown>>;
     };
     run(): Promise<void>;
 }

package/dist/src/cli/commands/components/logs.js

@@ -1,10 +1,17 @@
 import { Args, Flags } from '@oclif/core';
 import { BaseCommand, getContext } from '../../index.js';
+import { ComposeLogsOperation } from '../../../docker/index.js';
 export default class ComponentsLogs extends BaseCommand {
     static aliases = ['logs'];
     static description = 'Get components logs.';
     static enableJsonFlag = false;
-    static examples = ['<%= config.bin %> <%= command.id %>'];
+    static examples = [
+        '<%= config.bin %> <%= command.id %>',
+        '<%= config.bin %> <%= command.id %> backend',
+        '<%= config.bin %> <%= command.id %> backend frontend',
+        '<%= config.bin %> <%= command.id %> --no-follow backend',
+    ];
+    static strict = false;
     static flags = {
         follow: Flags.boolean({
             name: 'follow',
@@ -17,32 +24,22 @@ export default class ComponentsLogs extends BaseCommand {
     static args = {
         component: Args.string({
             name: 'component',
-            description: 'The component you want to see the logs of',
-            required: true,
+            description: 'The component(s) you want to see the logs of (all if omitted)',
+            required: false,
         }),
     };
     async run() {
-        const { flags, args } = await this.parse(ComponentsLogs);
-        const { monorepo, docker, compose } = await getContext();
-        const component = monorepo.component(args.component);
-        const containerId = await compose.getContainer(component.name, {
-            mustBeRunning: false,
+        const { flags, argv } = await this.parse(ComponentsLogs);
+        const { monorepo } = await getContext();
+        const componentNames = argv;
+        // Validate that all specified components exist
+        const services = componentNames.map((name) => {
+            const component = monorepo.component(name);
+            return component.name;
+        });
+        await monorepo.run(new ComposeLogsOperation(), {
+            services: services.length > 0 ? services : undefined,
+            follow: flags.follow,
         });
-        const container = await docker.getContainer(containerId);
-        if (flags.follow) {
-            const stream = await container.logs({
-                follow: true,
-                stderr: true,
-                stdout: true,
-            });
-            docker.modem.demuxStream(stream, process.stdout, process.stderr);
-        }
-        else {
-            const res = await container.logs({
-                stderr: true,
-                stdout: true,
-            });
-            this.log(res.toString());
-        }
     }
 }

package/dist/src/cli/commands/secrets/index.d.ts

@@ -0,0 +1,14 @@
+import { FlavoredCommand } from '../../index.js';
+export interface SecretInfo {
+    component?: string;
+    key?: string;
+    path: string;
+    provider: string;
+    usageCount: number;
+}
+export default class SecretsIndex extends FlavoredCommand<typeof SecretsIndex> {
+    static description: string;
+    static enableJsonFlag: boolean;
+    static examples: string[];
+    run(): Promise<SecretInfo[]>;
+}

package/dist/src/cli/commands/secrets/index.js

@@ -0,0 +1,71 @@
+import { getContext } from '../../../index.js';
+import { printTable } from '@oclif/table';
+import { FlavoredCommand, TABLE_DEFAULTS } from '../../index.js';
+import { aggregateSecrets, discoverSecrets, } from '../../../secrets/SecretDiscovery.js';
+export default class SecretsIndex extends FlavoredCommand {
+    static description = 'List all secret references in the configuration.';
+    static enableJsonFlag = true;
+    static examples = [
+        '<%= config.bin %> <%= command.id %>',
+        '<%= config.bin %> <%= command.id %> --json',
+    ];
+    async run() {
+        const { flags } = await this.parse(SecretsIndex);
+        const context = getContext();
+        const { monorepo, secrets } = context;
+        // Get registered secret providers dynamically
+        const secretProviders = new Set(secrets.getProviderNames());
+        // Collect secrets from all configuration sources
+        const allSecrets = [];
+        // Scan monorepo-level config (env, vars, tasks, defaults, flavors)
+        allSecrets.push(...discoverSecrets({
+            env: monorepo.config.env,
+            vars: monorepo.config.vars,
+            tasks: monorepo.config.tasks,
+            defaults: monorepo.config.defaults,
+            flavors: monorepo.config.flavors,
+        }, { file: '.emb.yml' }, secretProviders));
+        // Scan each component's config
+        for (const component of monorepo.components) {
+            allSecrets.push(...discoverSecrets({
+                tasks: component.config.tasks,
+                resources: component.config.resources,
+            }, {
+                file: `${component.name}/Embfile.yml`,
+                component: component.name,
+            }, secretProviders));
+        }
+        // Aggregate by unique secret reference
+        const aggregated = aggregateSecrets(allSecrets);
+        // Convert to output format
+        const result = aggregated.map((secret) => ({
+            provider: secret.provider,
+            path: secret.path,
+            key: secret.key,
+            component: secret.locations
+                .map((l) => l.component)
+                .filter(Boolean)
+                .join(', ') || undefined,
+            usageCount: secret.locations.length,
+        }));
+        if (!flags.json) {
+            if (result.length === 0) {
+                this.log('No secret references found in configuration.');
+            }
+            else {
+                printTable({
+                    ...TABLE_DEFAULTS,
+                    columns: ['provider', 'path', 'key', 'component', 'usageCount'],
+                    data: result.map((r) => ({
+                        ...r,
+                        key: r.key || '-',
+                        component: r.component || '-',
+                    })),
+                });
+                const providerCount = new Set(result.map((r) => r.provider)).size;
+                this.log(`\nFound ${result.length} secret reference(s) using ${providerCount} provider(s).`);
+            }
+        }
+        return result;
+    }
+}

package/dist/src/cli/commands/secrets/providers.d.ts

@@ -0,0 +1,12 @@
+import { FlavoredCommand } from '../../index.js';
+export interface ProviderInfo {
+    name: string;
+    status: 'connected' | 'not_configured';
+    type: string;
+}
+export default class SecretsProviders extends FlavoredCommand<typeof SecretsProviders> {
+    static description: string;
+    static enableJsonFlag: boolean;
+    static examples: string[];
+    run(): Promise<ProviderInfo[]>;
+}

package/dist/src/cli/commands/secrets/providers.js

@@ -0,0 +1,50 @@
+import { getContext } from '../../../index.js';
+import { printTable } from '@oclif/table';
+import { FlavoredCommand, TABLE_DEFAULTS } from '../../index.js';
+export default class SecretsProviders extends FlavoredCommand {
+    static description = 'Show configured secret providers and their status.';
+    static enableJsonFlag = true;
+    static examples = ['<%= config.bin %> <%= command.id %>'];
+    async run() {
+        const { flags } = await this.parse(SecretsProviders);
+        const context = getContext();
+        const { secrets } = context;
+        const providerNames = secrets.getProviderNames();
+        if (providerNames.length === 0) {
+            if (!flags.json) {
+                this.log('No secret providers configured.');
+                this.log('\nTo configure a provider, add it to your .emb.yml:');
+                this.log(`
+plugins:
+  - name: vault
+    config:
+      address: https://vault.example.com
+      auth:
+        method: oidc
+`);
+            }
+            return [];
+        }
+        const results = providerNames.map((name) => {
+            const provider = secrets.get(name);
+            return {
+                name,
+                type: provider?.constructor.name || 'Unknown',
+                status: provider ? 'connected' : 'not_configured',
+            };
+        });
+        if (!flags.json) {
+            printTable({
+                ...TABLE_DEFAULTS,
+                columns: ['name', 'type', 'status'],
+                data: results.map((r) => ({
+                    name: r.name,
+                    type: r.type,
+                    status: r.status === 'connected' ? '✔ Connected' : '✖ Not configured',
+                })),
+            });
+            this.log(`\n${results.length} provider(s) configured.`);
+        }
+        return results;
+    }
+}

package/dist/src/cli/commands/secrets/validate.d.ts

@@ -0,0 +1,18 @@
+import { FlavoredCommand } from '../../index.js';
+export interface ValidationResult {
+    error?: string;
+    key?: string;
+    path: string;
+    provider: string;
+    status: 'error' | 'ok';
+}
+export default class SecretsValidate extends FlavoredCommand<typeof SecretsValidate> {
+    static description: string;
+    static enableJsonFlag: boolean;
+    static examples: string[];
+    static flags: {
+        'fail-fast': import("@oclif/core/interfaces").BooleanFlag<boolean>;
+    };
+    run(): Promise<ValidationResult[]>;
+    private validateSecret;
+}

package/dist/src/cli/commands/secrets/validate.js

@@ -0,0 +1,145 @@
+import { getContext } from '../../../index.js';
+import { Flags } from '@oclif/core';
+import { printTable } from '@oclif/table';
+import { FlavoredCommand, TABLE_DEFAULTS } from '../../index.js';
+import { aggregateSecrets, discoverSecrets, } from '../../../secrets/SecretDiscovery.js';
+export default class SecretsValidate extends FlavoredCommand {
+    static description = 'Validate that all secret references can be resolved (without showing values).';
+    static enableJsonFlag = true;
+    static examples = [
+        '<%= config.bin %> <%= command.id %>',
+        '<%= config.bin %> <%= command.id %> --fail-fast',
+        '<%= config.bin %> <%= command.id %> --json',
+    ];
+    static flags = {
+        'fail-fast': Flags.boolean({
+            default: false,
+            description: 'Stop on first validation error',
+        }),
+    };
+    async run() {
+        const { flags } = await this.parse(SecretsValidate);
+        const context = getContext();
+        const { monorepo, secrets } = context;
+        // Get registered secret providers dynamically
+        const secretProviders = new Set(secrets.getProviderNames());
+        // Collect secrets from all configuration sources
+        const allSecrets = [];
+        // Scan monorepo-level config (env, vars, tasks, defaults, flavors)
+        allSecrets.push(...discoverSecrets({
+            env: monorepo.config.env,
+            vars: monorepo.config.vars,
+            tasks: monorepo.config.tasks,
+            defaults: monorepo.config.defaults,
+            flavors: monorepo.config.flavors,
+        }, { file: '.emb.yml' }, secretProviders));
+        // Scan each component's config
+        for (const component of monorepo.components) {
+            allSecrets.push(...discoverSecrets({
+                tasks: component.config.tasks,
+                resources: component.config.resources,
+            }, {
+                file: `${component.name}/Embfile.yml`,
+                component: component.name,
+            }, secretProviders));
+        }
+        // Aggregate by unique secret reference
+        const aggregated = aggregateSecrets(allSecrets);
+        if (aggregated.length === 0) {
+            if (!flags.json) {
+                this.log('No secret references found in configuration.');
+            }
+            return [];
+        }
+        // Validate each secret
+        const results = [];
+        let hasErrors = false;
+        for (const secret of aggregated) {
+            // Sequential validation is intentional for fail-fast support
+            // eslint-disable-next-line no-await-in-loop
+            const result = await this.validateSecret(secret, secrets);
+            results.push(result);
+            if (result.status === 'error') {
+                hasErrors = true;
+                if (flags['fail-fast']) {
+                    break;
+                }
+            }
+        }
+        if (!flags.json) {
+            printTable({
+                ...TABLE_DEFAULTS,
+                columns: ['status', 'provider', 'path', 'key'],
+                data: results.map((r) => ({
+                    status: r.status === 'ok' ? '✔' : '✖',
+                    provider: r.provider,
+                    path: r.path,
+                    key: r.key || '-',
+                })),
+            });
+            const passed = results.filter((r) => r.status === 'ok').length;
+            const failed = results.filter((r) => r.status === 'error').length;
+            this.log(`\nValidation: ${passed} passed, ${failed} failed`);
+            // Show error details
+            const errors = results.filter((r) => r.status === 'error');
+            if (errors.length > 0) {
+                this.log('\nError details:');
+                for (const error of errors) {
+                    const ref = error.key
+                        ? `${error.provider}:${error.path}#${error.key}`
+                        : `${error.provider}:${error.path}`;
+                    this.log(`  - ${ref}: ${error.error}`);
+                }
+            }
+        }
+        // Exit with error code if validation failed
+        if (hasErrors) {
+            this.exit(1);
+        }
+        return results;
+    }
+    async validateSecret(secret, secrets) {
+        const provider = secrets.get(secret.provider);
+        if (!provider) {
+            return {
+                provider: secret.provider,
+                path: secret.path,
+                key: secret.key,
+                status: 'error',
+                error: `Provider '${secret.provider}' not configured`,
+            };
+        }
+        try {
+            // Actually fetch the secret to verify access
+            const result = await provider.get({
+                path: secret.path,
+                key: secret.key,
+            });
+            // If a key was specified, verify it exists
+            if (secret.key && result === undefined) {
+                return {
+                    provider: secret.provider,
+                    path: secret.path,
+                    key: secret.key,
+                    status: 'error',
+                    error: `Key '${secret.key}' not found in secret`,
+                };
+            }
+            return {
+                provider: secret.provider,
+                path: secret.path,
+                key: secret.key,
+                status: 'ok',
+            };
+        }
+        catch (error) {
+            return {
+                provider: secret.provider,
+                path: secret.path,
+                key: secret.key,
+                status: 'error',
+                error: error instanceof Error ? error.message : String(error),
+            };
+        }
+    }
+}

package/dist/src/cli/commands/tasks/run.js

@@ -1,4 +1,4 @@
-import { AmbiguousReferenceError, getContext, UnkownReferenceError } from '../../../index.js';
+import { AmbiguousReferenceError, CommandExecError, getContext, UnkownReferenceError, } from '../../../index.js';
 import { Args, Flags } from '@oclif/core';
 import { BaseCommand } from '../../index.js';
 import { ExecutorType, RunTasksOperation } from '../../../monorepo/index.js';
@@ -51,6 +51,11 @@ export default class RunTask extends BaseCommand {
                     `Check the list of tasks available by running: \`emb tasks\``,
                 ]);
             }
+            if (error instanceof CommandExecError) {
+                throw error.toCliError([
+                    `Task command exited with code ${error.exitCode}`,
+                ]);
+            }
             throw error;
         }
     }

package/dist/src/cli/hooks/init.js

@@ -1,2 +1,8 @@
-const hook = async function (_options) { };
+import { settings } from '@oclif/core';
+const hook = async function (_options) {
+    // Disable oclif's auto-transpilation to avoid spurious warnings when npm-linked.
+    // We always run from compiled JS in dist/, so auto-transpilation is not needed.
+    // This prevents a double tsPath() call that produces "Could not find source" warnings.
+    settings.enableAutoTranspile = false;
+};
 export default hook;

package/dist/src/config/index.d.ts

@@ -1,6 +1,15 @@
 export * from './types.js';
 export * from './validation.js';
-export declare const loadConfig: () => Promise<{
+export interface LoadConfigOptions {
+    /**
+     * Explicit root directory path. Takes precedence over EMB_ROOT env var.
+     * Can be either:
+     * - A directory containing .emb.yml
+     * - A direct path to a .emb.yml file
+     */
+    root?: string;
+}
+export declare const loadConfig: (options?: LoadConfigOptions) => Promise<{
     rootDir: string;
     config: import("./schema.js").EMBConfig;
 }>;