@enspirit/emb 0.15.0 → 0.17.5

package/dist/src/config/index.js

@@ -1,10 +1,35 @@
 import { findUp } from 'find-up';
-import { dirname } from 'node:path';
+import { existsSync } from 'node:fs';
+import { dirname, join, resolve } from 'node:path';
 import { validateUserConfig } from './validation.js';
 export * from './types.js';
 export * from './validation.js';
-export const loadConfig = async () => {
-    const path = await findUp('.emb.yml');
+export const loadConfig = async (options = {}) => {
+    let path;
+    // Priority 1: Explicit root option (from --root/-C flag)
+    // Priority 2: EMB_ROOT environment variable
+    // Priority 3: Walk up to find .emb.yml (original behavior)
+    const explicitRoot = options.root || process.env.EMB_ROOT;
+    if (explicitRoot) {
+        const resolved = resolve(explicitRoot);
+        // Check if it's a direct path to a config file
+        if (resolved.endsWith('.emb.yml') && existsSync(resolved)) {
+            path = resolved;
+        }
+        else {
+            // Assume it's a directory, look for .emb.yml inside
+            const configPath = join(resolved, '.emb.yml');
+            if (existsSync(configPath)) {
+                path = configPath;
+            }
+            else {
+                throw new Error(`Could not find .emb.yml in specified root: ${explicitRoot}`);
+            }
+        }
+    }
+    else {
+        path = await findUp('.emb.yml');
+    }
     if (!path) {
         throw new Error('Could not find EMB config anywhere');
     }

package/dist/src/config/schema.d.ts

@@ -3,6 +3,12 @@
  * DO NOT MODIFY IT BY HAND. Instead, modify the source JSONSchema file,
  * and run json-schema-to-typescript to regenerate this file.
  */
+export type PluginConfigItem = {
+    [k: string]: unknown;
+} & {
+    name: Identifier;
+    config?: unknown;
+};
 export type Identifier = string;
 export type TaskConfig = TaskConfig1 & {
     description?: string;
@@ -55,10 +61,7 @@ export interface EMBConfig {
          */
         rootDir?: string;
     };
-    plugins?: {
-        name: Identifier;
-        config?: unknown;
-    }[];
+    plugins?: PluginConfigItem[];
     /**
      * Variables to install on the environment
      */

package/dist/src/config/schema.json

@@ -24,15 +24,7 @@
         "plugins": {
             "type": "array",
             "items": {
-                "type": "object",
-                "required": ["name"],
-                "properties": {
-                    "name": {
-                        "$ref": "#/definitions/Identifier"
-                    },
-                    "config": {}
-                },
-                "additionalProperties": false
+                "$ref": "#/definitions/PluginConfigItem"
             }
         },
         "env": {
@@ -376,6 +368,178 @@
                 { "$ref": "#/definitions/JsonPatchMoveOperation" },
                 { "$ref": "#/definitions/JsonPatchCopyOperation" }
             ]
+        },
+        "VaultTokenAuth": {
+            "type": "object",
+            "required": ["method", "token"],
+            "properties": {
+                "method": { "const": "token" },
+                "token": { "type": "string", "description": "Vault token for authentication" }
+            },
+            "additionalProperties": false
+        },
+        "VaultAppRoleAuth": {
+            "type": "object",
+            "required": ["method", "roleId", "secretId"],
+            "properties": {
+                "method": { "const": "approle" },
+                "roleId": { "type": "string", "description": "AppRole role ID" },
+                "secretId": { "type": "string", "description": "AppRole secret ID" }
+            },
+            "additionalProperties": false
+        },
+        "VaultKubernetesAuth": {
+            "type": "object",
+            "required": ["method", "role"],
+            "properties": {
+                "method": { "const": "kubernetes" },
+                "role": { "type": "string", "description": "Kubernetes auth role name" }
+            },
+            "additionalProperties": false
+        },
+        "VaultJwtAuth": {
+            "type": "object",
+            "required": ["method", "role", "jwt"],
+            "properties": {
+                "method": { "const": "jwt" },
+                "role": { "type": "string", "description": "JWT auth role name" },
+                "jwt": { "type": "string", "description": "JWT token for authentication" }
+            },
+            "additionalProperties": false
+        },
+        "VaultOidcAuth": {
+            "type": "object",
+            "required": ["method"],
+            "properties": {
+                "method": { "const": "oidc" },
+                "role": { "type": "string", "description": "OIDC auth role name" },
+                "port": { "type": "integer", "description": "Local port for OIDC callback" }
+            },
+            "additionalProperties": false
+        },
+        "VaultAuthConfig": {
+            "description": "Authentication configuration for HashiCorp Vault",
+            "oneOf": [
+                { "$ref": "#/definitions/VaultTokenAuth" },
+                { "$ref": "#/definitions/VaultAppRoleAuth" },
+                { "$ref": "#/definitions/VaultKubernetesAuth" },
+                { "$ref": "#/definitions/VaultJwtAuth" },
+                { "$ref": "#/definitions/VaultOidcAuth" }
+            ]
+        },
+        "VaultPluginConfig": {
+            "type": "object",
+            "description": "Configuration for the HashiCorp Vault plugin",
+            "properties": {
+                "address": {
+                    "type": "string",
+                    "description": "Vault server address. Defaults to VAULT_ADDR env var."
+                },
+                "namespace": {
+                    "type": "string",
+                    "description": "Vault namespace. Defaults to VAULT_NAMESPACE env var."
+                },
+                "auth": {
+                    "$ref": "#/definitions/VaultAuthConfig"
+                }
+            },
+            "additionalProperties": false
+        },
+        "AutoDockerPluginConfig": {
+            "type": "object",
+            "description": "Configuration for the AutoDocker plugin",
+            "properties": {
+                "glob": {
+                    "type": "string",
+                    "description": "Glob pattern to find Dockerfiles. Defaults to '*/Dockerfile'."
+                },
+                "ignore": {
+                    "oneOf": [
+                        { "type": "string" },
+                        { "type": "array", "items": { "type": "string" } }
+                    ],
+                    "description": "Patterns to ignore when searching for Dockerfiles."
+                }
+            },
+            "additionalProperties": false
+        },
+        "DotEnvPluginConfig": {
+            "type": "array",
+            "description": "Array of .env file paths to load",
+            "items": {
+                "type": "string"
+            }
+        },
+        "EmbfilesPluginConfig": {
+            "type": "object",
+            "description": "Configuration for the Embfiles loader plugin",
+            "properties": {
+                "glob": {
+                    "oneOf": [
+                        { "type": "string" },
+                        { "type": "array", "items": { "type": "string" } }
+                    ],
+                    "description": "Glob pattern(s) to find Embfiles. Defaults to '*/Embfile.{yaml,yml}'."
+                }
+            },
+            "additionalProperties": false
+        },
+        "PluginConfigItem": {
+            "type": "object",
+            "required": ["name"],
+            "properties": {
+                "name": {
+                    "$ref": "#/definitions/Identifier"
+                },
+                "config": {}
+            },
+            "additionalProperties": false,
+            "allOf": [
+                {
+                    "if": {
+                        "properties": { "name": { "const": "vault" } },
+                        "required": ["name"]
+                    },
+                    "then": {
+                        "properties": {
+                            "config": { "$ref": "#/definitions/VaultPluginConfig" }
+                        }
+                    }
+                },
+                {
+                    "if": {
+                        "properties": { "name": { "const": "autodocker" } },
+                        "required": ["name"]
+                    },
+                    "then": {
+                        "properties": {
+                            "config": { "$ref": "#/definitions/AutoDockerPluginConfig" }
+                        }
+                    }
+                },
+                {
+                    "if": {
+                        "properties": { "name": { "const": "dotenv" } },
+                        "required": ["name"]
+                    },
+                    "then": {
+                        "properties": {
+                            "config": { "$ref": "#/definitions/DotEnvPluginConfig" }
+                        }
+                    }
+                },
+                {
+                    "if": {
+                        "properties": { "name": { "const": "embfiles" } },
+                        "required": ["name"]
+                    },
+                    "then": {
+                        "properties": {
+                            "config": { "$ref": "#/definitions/EmbfilesPluginConfig" }
+                        }
+                    }
+                }
+            ]
         }
     }
 }

package/dist/src/context.d.ts

@@ -1,3 +1,12 @@
 import { EmbContext } from './types.js';
 export declare const getContext: () => EmbContext;
 export declare const setContext: (ctx: EmbContext) => EmbContext;
+/**
+ * Check if the context's EMB_ROOT matches the current environment.
+ * Used to detect when tests switch between different example monorepos.
+ */
+export declare const isContextStale: () => boolean;
+/**
+ * Reset the context. Used in testing to ensure a fresh context for each test suite.
+ */
+export declare const resetContext: () => void;

package/dist/src/context.js

@@ -1,8 +1,27 @@
 let context;
+let contextEmbRoot;
 export const getContext = () => {
     return context;
 };
 export const setContext = (ctx) => {
     context = ctx;
+    contextEmbRoot = process.env.EMB_ROOT;
     return ctx;
 };
+/**
+ * Check if the context's EMB_ROOT matches the current environment.
+ * Used to detect when tests switch between different example monorepos.
+ */
+export const isContextStale = () => {
+    if (!context) {
+        return false;
+    }
+    return contextEmbRoot !== process.env.EMB_ROOT;
+};
+/**
+ * Reset the context. Used in testing to ensure a fresh context for each test suite.
+ */
+export const resetContext = () => {
+    context = undefined;
+    contextEmbRoot = undefined;
+};

package/dist/src/docker/compose/operations/ComposeLogsOperation.d.ts

@@ -0,0 +1,21 @@
+import { Writable } from 'node:stream';
+import * as z from 'zod';
+import { AbstractOperation } from '../../../operations/index.js';
+/**
+ * https://docs.docker.com/reference/cli/docker/compose/logs/
+ */
+export declare const ComposeLogsOperationInputSchema: z.ZodOptional<z.ZodObject<{
+    services: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    follow: z.ZodOptional<z.ZodBoolean>;
+    timestamps: z.ZodOptional<z.ZodBoolean>;
+    tail: z.ZodOptional<z.ZodNumber>;
+}, z.core.$strip>>;
+export declare class ComposeLogsOperation extends AbstractOperation<typeof ComposeLogsOperationInputSchema, void> {
+    protected out?: Writable | undefined;
+    /**
+     * @param out Optional writable stream to capture output. If not provided,
+     *            output is streamed directly to the terminal (stdio: 'inherit').
+     */
+    constructor(out?: Writable | undefined);
+    protected _run(input: z.input<typeof ComposeLogsOperationInputSchema>): Promise<void>;
+}

package/dist/src/docker/compose/operations/ComposeLogsOperation.js

@@ -0,0 +1,85 @@
+import { spawn } from 'node:child_process';
+import * as z from 'zod';
+import { AbstractOperation } from '../../../operations/index.js';
+/**
+ * https://docs.docker.com/reference/cli/docker/compose/logs/
+ */
+export const ComposeLogsOperationInputSchema = z
+    .object({
+    services: z
+        .array(z.string())
+        .optional()
+        .describe('The list of services to show logs for (all if omitted)'),
+    follow: z.boolean().optional().describe('Follow log output'),
+    timestamps: z.boolean().optional().describe('Show timestamps'),
+    tail: z
+        .number()
+        .optional()
+        .describe('Number of lines to show from the end'),
+})
+    .optional();
+export class ComposeLogsOperation extends AbstractOperation {
+    out;
+    /**
+     * @param out Optional writable stream to capture output. If not provided,
+     *            output is streamed directly to the terminal (stdio: 'inherit').
+     */
+    constructor(out) {
+        super(ComposeLogsOperationInputSchema);
+        this.out = out;
+    }
+    async _run(input) {
+        const { monorepo } = this.context;
+        const cmd = 'docker';
+        const args = ['compose', 'logs'];
+        const follow = input?.follow ?? true;
+        if (follow) {
+            args.push('-f');
+        }
+        if (input?.timestamps) {
+            args.push('-t');
+        }
+        if (input?.tail !== undefined) {
+            args.push('--tail', String(input.tail));
+        }
+        if (input?.services && input.services.length > 0) {
+            args.push(...input.services);
+        }
+        const child = spawn(cmd, args, {
+            stdio: this.out ? 'pipe' : 'inherit',
+            cwd: monorepo.rootDir,
+        });
+        if (this.out && child.stdout && child.stderr) {
+            child.stdout.pipe(this.out, { end: false });
+            child.stderr.pipe(this.out, { end: false });
+        }
+        const forward = (sig) => {
+            try {
+                child.kill(sig);
+            }
+            catch { }
+        };
+        const signals = [
+            'SIGINT',
+            'SIGTERM',
+            'SIGHUP',
+            'SIGQUIT',
+        ];
+        signals.forEach((sig) => {
+            process.on(sig, () => forward(sig));
+        });
+        return new Promise((resolve, reject) => {
+            child.on('error', (err) => {
+                reject(new Error(`Failed to execute docker compose logs: ${err.message}`));
+            });
+            child.on('exit', (code) => {
+                if (code !== null && code !== 0) {
+                    reject(new Error(`docker compose logs exited with code ${code}`));
+                }
+                else {
+                    resolve();
+                }
+            });
+        });
+    }
+}

package/dist/src/docker/compose/operations/index.d.ts

@@ -1,6 +1,7 @@
 export * from './ComposeDownOperation.js';
 export * from './ComposeExecOperation.js';
 export * from './ComposeExecShellOperation.js';
+export * from './ComposeLogsOperation.js';
 export * from './ComposePsOperation.js';
 export * from './ComposeRestartOperation.js';
 export * from './ComposeStartOperation.js';

package/dist/src/docker/compose/operations/index.js

@@ -1,6 +1,7 @@
 export * from './ComposeDownOperation.js';
 export * from './ComposeExecOperation.js';
 export * from './ComposeExecShellOperation.js';
+export * from './ComposeLogsOperation.js';
 export * from './ComposePsOperation.js';
 export * from './ComposeRestartOperation.js';
 export * from './ComposeStartOperation.js';

package/dist/src/index.d.ts

@@ -2,5 +2,6 @@ export * from './context.js';
 export * from './docker/index.js';
 export * from './errors.js';
 export * from './monorepo/index.js';
+export * from './secrets/index.js';
 export * from './types.js';
 export { run } from '@oclif/core';

package/dist/src/index.js

@@ -2,5 +2,6 @@ export * from './context.js';
 export * from './docker/index.js';
 export * from './errors.js';
 export * from './monorepo/index.js';
+export * from './secrets/index.js';
 export * from './types.js';
 export { run } from '@oclif/core';

package/dist/src/monorepo/monorepo.js

@@ -1,4 +1,4 @@
-import { TaskManagerFactory } from '../index.js';
+import { getContext, TaskManagerFactory } from '../index.js';
 import jsonpatch from 'fast-json-patch';
 import { join } from 'node:path';
 import { TemplateExpander } from '../utils/index.js';
@@ -106,12 +106,20 @@ export class Monorepo {
     }
     // Helper to expand a record of strings
     async expand(toExpand, vars, expander = new TemplateExpander()) {
+        const secrets = getContext()?.secrets;
+        const sources = {
+            env: process.env,
+            vars: vars || this.vars,
+        };
+        // Add all registered secret providers as sources
+        if (secrets) {
+            for (const providerName of secrets.getProviderNames()) {
+                sources[providerName] = secrets.createSource(providerName);
+            }
+        }
         const options = {
             default: 'vars',
-            sources: {
-                env: process.env,
-                vars: vars || this.vars,
-            },
+            sources,
         };
         return expander.expandRecord(toExpand, options);
     }

package/dist/src/monorepo/operations/shell/ExecuteLocalCommandOperation.js

@@ -1,6 +1,12 @@
+import { CommandExecError } from '../../../index.js';
 import { execa } from 'execa';
+import { Readable } from 'node:stream';
 import * as z from 'zod';
 import { AbstractOperation } from '../../../operations/index.js';
+// Type guard for execa error objects
+function isExecaError(error) {
+    return error instanceof Error && 'exitCode' in error;
+}
 /**
  * https://docs.docker.com/reference/api/engine/version/v1.37/#tag/Exec/operation/ContainerExec
  */
@@ -27,20 +33,44 @@ export class ExecuteLocalCommandOperation extends AbstractOperation {
         this.out = out;
     }
     async _run(input) {
-        const proc = input.interactive
-            ? execa(input.script, {
-                cwd: input.workingDir,
-                shell: true,
-                env: input.env,
-                stdin: 'inherit',
-            })
-            : execa(input.script, {
+        try {
+            if (input.interactive) {
+                // For interactive mode, inherit all stdio streams so the child process
+                // has direct access to the terminal TTY. This allows interactive CLI tools
+                // (like ionic, npm, etc.) to detect TTY and show prompts.
+                await execa(input.script, {
+                    cwd: input.workingDir,
+                    shell: true,
+                    env: input.env,
+                    stdio: 'inherit',
+                });
+                // Return an empty stream for type compatibility - the caller won't use it
+                // since interactive mode outputs directly to the terminal
+                return new Readable({
+                    read() {
+                        this.push(null);
+                    },
+                });
+            }
+            // Non-interactive mode: capture output
+            const proc = execa(input.script, {
                 all: true,
                 cwd: input.workingDir,
                 shell: true,
                 env: input.env,
             });
-        proc.all?.pipe(this.out || process.stdout);
-        return proc.all || proc.stdout;
+            // With all: true, proc.all is always defined
+            proc.all.pipe(this.out || process.stdout);
+            await proc;
+            return proc.all;
+        }
+        catch (error) {
+            if (isExecaError(error)) {
+                const stderr = error.stderr?.trim();
+                const message = stderr || error.shortMessage || error.message;
+                throw new CommandExecError(message, error.exitCode ?? 1, error.signal);
+            }
+            throw error;
+        }
     }
 }

package/dist/src/monorepo/operations/tasks/RunTasksOperation.d.ts

@@ -21,7 +21,7 @@ export type TaskWithScriptAndComponent = TaskInfo & {
 export declare class RunTasksOperation implements IOperation<RunTasksOperationParams, Array<TaskInfo>> {
     run(params: RunTasksOperationParams): Promise<Array<TaskInfo>>;
     protected runDocker(task: TaskWithScriptAndComponent, out?: Writable): Promise<void>;
-    protected runLocal(task: TaskWithScript, out: Writable): Promise<import("stream").Readable>;
+    protected runLocal(task: TaskWithScript, _out: Writable): Promise<import("stream").Readable>;
     private defaultExecutorFor;
     private ensureExecutorValid;
     private availableExecutorsFor;

package/dist/src/monorepo/operations/tasks/RunTasksOperation.js

@@ -82,7 +82,7 @@ export class RunTasksOperation {
             env: await monorepo.expand(task.vars || {}),
         });
     }
-    async runLocal(task, out) {
+    async runLocal(task, _out) {
         const { monorepo } = getContext();
         const cwd = task.component
             ? monorepo.join(monorepo.component(task.component).rootDir)

package/dist/src/monorepo/plugins/VaultPlugin.d.ts

@@ -0,0 +1,46 @@
+import { VaultAuthConfig } from '../../secrets/providers/VaultProvider.js';
+import { AbstractPlugin } from './plugin.js';
+/**
+ * Configuration for the Vault plugin in .emb.yml
+ */
+export interface VaultPluginConfig {
+    /** Vault server address. Defaults to VAULT_ADDR env var. */
+    address?: string;
+    /** Authentication configuration */
+    auth?: VaultAuthConfig;
+    /** Vault namespace. Defaults to VAULT_NAMESPACE env var. */
+    namespace?: string;
+}
+/**
+ * Plugin that integrates HashiCorp Vault with EMB.
+ *
+ * Usage in .emb.yml:
+ * ```yaml
+ * plugins:
+ *   - name: vault
+ *     config:
+ *       address: ${env:VAULT_ADDR:-http://localhost:8200}
+ *       auth:
+ *         method: token
+ *         token: ${env:VAULT_TOKEN}
+ * ```
+ *
+ * Then use secrets in templates:
+ * ```yaml
+ * env:
+ *   DB_PASSWORD: ${vault:secret/myapp/db#password}
+ * ```
+ */
+export declare class VaultPlugin extends AbstractPlugin<VaultPluginConfig> {
+    static name: string;
+    private provider;
+    init(): Promise<void>;
+    /**
+     * Resolve the plugin configuration, filling in defaults from env vars.
+     */
+    private resolveConfig;
+    /**
+     * Resolve authentication configuration.
+     */
+    private resolveAuth;
+}