@everystack/cli 0.1.0

package/src/schema.ts

@@ -0,0 +1,245 @@
+/**
+ * CLI schema — everyschema ops.opsItems + ops.buildArtifacts + ops.runs
+ *
+ * OTA update pipeline mapped to everyschema:
+ *   updateBranches  → eliminated (branch name in runs.data.branchRef)
+ *   updateChannels  → opsItems (type='release_channel')
+ *   updateGroups    → runs (type='release')
+ *   updateReleases  → buildArtifacts (type='ota')
+ *   updateAssets    → buildArtifacts (type='ota_asset')
+ *
+ * All table definitions copied locally to avoid TS6059 rootDir issues
+ * with cross-package re-exports during ts-jest compilation.
+ *
+ * @see everyschema — canonical schema definitions
+ */
+
+import {
+  pgSchema,
+  text,
+  timestamp,
+  uuid,
+  integer,
+  bigint,
+  index,
+  uniqueIndex,
+  jsonb,
+} from 'drizzle-orm/pg-core';
+import { sql } from 'drizzle-orm';
+
+const opsSchema = pgSchema('ops');
+
+// =============================================================================
+// RUNS (STI: script | test | job | worker | release)
+// =============================================================================
+
+/**
+ * Copied from @everystack/jobs/schema to avoid TS6059 rootDir errors.
+ * Canonical definition lives in jobs package.
+ */
+export const runs = opsSchema.table(
+  'runs',
+  {
+    id: uuid('id').primaryKey().defaultRandom(),
+    type: text('type').notNull(), // 'script' | 'test' | 'job' | 'worker' | 'release'
+    repositoryId: uuid('repository_id'),
+    userId: uuid('user_id'),
+    accountId: uuid('account_id'),
+
+    // Naming
+    name: text('name'),
+
+    // Status
+    status: text('status').notNull(),
+    priority: integer('priority').default(0),
+    exitCode: integer('exit_code'),
+    errorMessage: text('error_message'),
+
+    // Output
+    stdout: text('stdout'),
+    stderr: text('stderr'),
+
+    // Duration
+    durationMs: integer('duration_ms'),
+
+    // Lifecycle
+    queuedAt: timestamp('queued_at', { withTimezone: true }).notNull(),
+    startedAt: timestamp('started_at', { withTimezone: true }),
+    completedAt: timestamp('completed_at', { withTimezone: true }),
+    timeoutMs: integer('timeout_ms'),
+
+    // Context
+    triggeredBy: text('triggered_by'),
+    sessionId: text('session_id'),
+
+    // DAG support (parallel builds)
+    parentId: uuid('parent_id'),
+    dependsOn: uuid('depends_on').array(),
+    matrix: jsonb('matrix').$type<Record<string, string>>(),
+
+    // Type-specific data
+    data: jsonb('data'),
+  },
+  (table) => ({
+    typeIdx: index('runs_type_idx').on(table.type),
+    statusIdx: index('runs_status_idx').on(table.status),
+    repoIdx: index('runs_repo_idx').on(table.repositoryId),
+    typeStatusIdx: index('runs_type_status_idx').on(table.type, table.status),
+    queuedIdx: index('runs_queued_idx').on(table.queuedAt),
+    sessionIdx: index('runs_session_idx').on(table.sessionId),
+    accountIdx: index('runs_account_idx').on(table.accountId),
+    parentIdx: index('runs_parent_idx').on(table.parentId),
+  })
+);
+
+// =============================================================================
+// OPS ITEMS (STI: certificate | domain_verification | acme_account | release_channel)
+// =============================================================================
+
+/**
+ * Infrastructure and operational state items using Single Table Inheritance.
+ *
+ * type='release_channel': OTA/deploy channel → branch routing
+ *   - name: channel identifier (e.g. 'production', 'staging')
+ *   - data: { branchRef }
+ */
+export const opsItems = opsSchema.table(
+  'items',
+  {
+    id: uuid('id').primaryKey().defaultRandom(),
+    type: text('type').notNull(), // certificate | domain_verification | acme_account | release_channel
+
+    // Ownership
+    tenantId: uuid('tenant_id'),
+    repositoryId: uuid('repository_id'),
+
+    // Shared columns
+    name: text('name'),
+    status: text('status').notNull().default('pending'),
+    expiresAt: timestamp('expires_at', { withTimezone: true }),
+
+    // Crypto reference
+    secretId: uuid('secret_id'),
+
+    // Promoted for indexing (queried on every TLS handshake)
+    domainPattern: text('domain_pattern'),
+
+    // Type-specific data
+    data: jsonb('data'),
+
+    // Lifecycle
+    createdAt: timestamp('created_at', { withTimezone: true }).defaultNow().notNull(),
+    updatedAt: timestamp('updated_at', { withTimezone: true }).defaultNow().notNull(),
+  },
+  (table) => ({
+    typeIdx: index('items_type_idx').on(table.type),
+    nameIdx: index('items_name_idx').on(table.name),
+    statusIdx: index('items_status_idx').on(table.status),
+    tenantIdx: index('items_tenant_idx').on(table.tenantId),
+    repoIdx: index('items_repo_idx').on(table.repositoryId),
+    expiresIdx: index('items_expires_idx').on(table.expiresAt),
+    domainPatternIdx: index('items_domain_pattern_idx')
+      .on(table.domainPattern)
+      .where(sql`${table.type} = 'certificate'`),
+    certSyncIdx: index('items_cert_sync_idx')
+      .on(table.status, table.updatedAt)
+      .where(sql`${table.type} = 'certificate'`),
+    certRenewalIdx: index('items_cert_renewal_idx')
+      .on(table.expiresAt)
+      .where(sql`${table.type} = 'certificate' AND ${table.status} = 'active'`),
+  })
+);
+
+// =============================================================================
+// BUILD ARTIFACTS (STI: index | ci_artifact | image | cache | ota | ota_asset)
+// =============================================================================
+
+/**
+ * Unified build artifacts table
+ *
+ * OTA-specific types:
+ *   type='ota'       — OTA release manifests (Expo/EAS)
+ *     s3Key=storagePrefix, runId=releaseRunId, platform, runtimeVersion,
+ *     data: { updateId, expoConfig, metadata, isRollback }
+ *
+ *   type='ota_asset' — Individual OTA assets (JS bundles, images)
+ *     s3Key=storageKey, contentHash=hash, filename=key, mimeType=contentType,
+ *     data: { fileExtension, isLaunchAsset }
+ *
+ * Uses partial composite index for EAS update lookups:
+ *   build_artifacts_ota_lookup_idx (repositoryId, platform, runtimeVersion) WHERE type = 'ota'
+ */
+export const buildArtifacts = opsSchema.table(
+  'build_artifacts',
+  {
+    id: uuid('id').primaryKey().defaultRandom(),
+    type: text('type').notNull().default('index'),
+    repositoryId: uuid('repository_id'),
+    userId: uuid('user_id'),
+
+    // Naming (shared)
+    name: text('name'),
+    path: text('path'),
+    filename: text('filename'),
+    tag: text('tag'),
+
+    // Content identity
+    contentHash: text('content_hash'),
+    digest: text('digest'),
+    sizeBytes: bigint('size_bytes', { mode: 'number' }),
+
+    // Build target
+    platform: text('platform'),
+    runtimeVersion: text('runtime_version'),
+
+    // Index-specific
+    contentText: text('content_text'),
+    lineCount: integer('line_count'),
+    language: text('language'),
+    extension: text('extension'),
+    buildDirectory: text('build_directory'),
+    buildType: text('build_type'),
+
+    // Storage
+    s3Key: text('s3_key'),
+    ecrUri: text('ecr_uri'),
+    mimeType: text('mime_type'),
+
+    // Cache-specific
+    cacheKey: text('cache_key'),
+    accessCount: integer('access_count').default(0),
+
+    // References
+    runId: uuid('run_id'),
+
+    // Lifecycle
+    fileModifiedAt: timestamp('file_modified_at', { withTimezone: true }),
+    lastAccessedAt: timestamp('last_accessed_at', { withTimezone: true }),
+    expiresAt: timestamp('expires_at', { withTimezone: true }),
+    indexedAt: timestamp('indexed_at', { withTimezone: true }).defaultNow().notNull(),
+
+    // Type-specific overflow
+    data: jsonb('data'),
+  },
+  (table) => ({
+    typeIdx: index('build_artifacts_type_idx').on(table.type),
+    repoTypeIdx: index('build_artifacts_repo_type_idx').on(table.repositoryId, table.type),
+    repoPathIdx: uniqueIndex('build_artifacts_repo_path_idx').on(table.repositoryId, table.path),
+    buildDirIdx: index('build_artifacts_build_dir_idx').on(
+      table.repositoryId,
+      table.buildDirectory
+    ),
+    extensionIdx: index('build_artifacts_extension_idx').on(table.extension),
+    languageIdx: index('build_artifacts_language_idx').on(table.language),
+    contentHashIdx: index('build_artifacts_content_hash_idx').on(table.contentHash),
+    filenameIdx: index('build_artifacts_filename_idx').on(table.filename),
+    cacheKeyIdx: index('build_artifacts_cache_key_idx').on(table.cacheKey),
+    runIdx: index('build_artifacts_run_idx').on(table.runId),
+    expiresIdx: index('build_artifacts_expires_idx').on(table.expiresAt),
+    platformIdx: index('build_artifacts_platform_idx').on(table.platform),
+    runtimeVersionIdx: index('build_artifacts_runtime_version_idx').on(table.runtimeVersion),
+    otaLookupIdx: index('build_artifacts_ota_lookup_idx')
+      .on(table.repositoryId, table.platform, table.runtimeVersion)
+      .where(sql`${table.type} = 'ota'`),
+  })
+);

package/src/storage/filesystem.ts

@@ -0,0 +1,103 @@
+import fs from 'fs/promises';
+import path from 'path';
+import type { StorageAdapter } from './index';
+
+export class FilesystemStorageAdapter implements StorageAdapter {
+  private directory: string;
+
+  constructor(directory: string) {
+    this.directory = directory;
+  }
+
+  private resolvePath(key: string): string {
+    return path.join(this.directory, key);
+  }
+
+  async put(key: string, data: Buffer | Uint8Array, _contentType?: string): Promise<void> {
+    const filePath = this.resolvePath(key);
+    await fs.mkdir(path.dirname(filePath), { recursive: true });
+    await fs.writeFile(filePath, data);
+  }
+
+  async get(key: string): Promise<{ data: Buffer; contentType: string } | null> {
+    const filePath = this.resolvePath(key);
+    try {
+      const data = await fs.readFile(filePath);
+      const ext = path.extname(key).slice(1);
+      const contentType = mimeFromExtension(ext);
+      return { data, contentType };
+    } catch (err: any) {
+      if (err.code === 'ENOENT') return null;
+      throw err;
+    }
+  }
+
+  async exists(key: string): Promise<boolean> {
+    const meta = await this.head(key);
+    return meta !== null;
+  }
+
+  async head(key: string): Promise<{ etag: string; size?: number } | null> {
+    const filePath = this.resolvePath(key);
+    try {
+      const stat = await fs.stat(filePath);
+      return {
+        etag: `${stat.size}-${stat.mtimeMs}`,
+        size: stat.size,
+      };
+    } catch (err: any) {
+      if (err.code === 'ENOENT') return null;
+      throw err;
+    }
+  }
+
+  async list(prefix: string): Promise<string[]> {
+    const dirPath = this.resolvePath(prefix);
+    try {
+      const entries = (await fs.readdir(dirPath, { recursive: true })) as string[];
+      const results: string[] = [];
+      for (const entry of entries) {
+        const fullKey = prefix ? `${prefix}/${entry}` : entry;
+        const fullPath = this.resolvePath(fullKey);
+        const stat = await fs.stat(fullPath);
+        if (stat.isFile()) {
+          results.push(fullKey);
+        }
+      }
+      return results.sort();
+    } catch (err: any) {
+      if (err.code === 'ENOENT') return [];
+      throw err;
+    }
+  }
+
+  async delete(key: string): Promise<void> {
+    const filePath = this.resolvePath(key);
+    try {
+      await fs.unlink(filePath);
+    } catch (err: any) {
+      if (err.code === 'ENOENT') return;
+      throw err;
+    }
+  }
+}
+
+function mimeFromExtension(ext: string): string {
+  const mimeMap: Record<string, string> = {
+    js: 'application/javascript',
+    json: 'application/json',
+    png: 'image/png',
+    jpg: 'image/jpeg',
+    jpeg: 'image/jpeg',
+    gif: 'image/gif',
+    svg: 'image/svg+xml',
+    ttf: 'font/ttf',
+    otf: 'font/otf',
+    woff: 'font/woff',
+    woff2: 'font/woff2',
+    html: 'text/html',
+    css: 'text/css',
+    bundle: 'application/javascript',
+  };
+  return mimeMap[ext] || 'application/octet-stream';
+}

package/src/storage/index.ts

@@ -0,0 +1,27 @@
+export interface StorageAdapter {
+  put(key: string, data: Buffer | Uint8Array, contentType?: string): Promise<void>;
+  get(key: string): Promise<{ data: Buffer; contentType: string } | null>;
+  exists(key: string): Promise<boolean>;
+  /** Returns object metadata (ETag, size), or null if not found. */
+  head(key: string): Promise<{ etag: string; size?: number } | null>;
+  list(prefix: string): Promise<string[]>;
+  delete(key: string): Promise<void>;
+  /** Generate a presigned PUT URL. S3-only — returns null for other backends. */
+  presignPut?(key: string, contentType: string, expiresIn?: number): Promise<string>;
+}
+
+export type StorageOptions =
+  | { type: 'filesystem'; directory: string }
+  | { type: 's3'; bucket: string; region?: string; endpoint?: string };
+
+export function createStorage(options: StorageOptions): StorageAdapter {
+  if (options.type === 'filesystem') {
+    const { FilesystemStorageAdapter } = require('./filesystem') as typeof import('./filesystem');
+    return new FilesystemStorageAdapter(options.directory);
+  }
+  const { S3StorageAdapter } = require('./s3') as typeof import('./s3');
+  return new S3StorageAdapter(options.bucket, options.region, options.endpoint);
+}
+
+export { FilesystemStorageAdapter } from './filesystem';
+export { S3StorageAdapter } from './s3';

package/src/storage/s3.ts

@@ -0,0 +1,125 @@
+import type { StorageAdapter } from './index';
+
+export class S3StorageAdapter implements StorageAdapter {
+  private bucket: string;
+  private region: string;
+  private endpoint?: string;
+  private client: any;
+
+  constructor(bucket: string, region?: string, endpoint?: string) {
+    this.bucket = bucket;
+    this.region = region || 'us-east-1';
+    this.endpoint = endpoint;
+  }
+
+  private async getClient(): Promise<any> {
+    if (!this.client) {
+      const { S3Client } = await import('@aws-sdk/client-s3');
+      this.client = new S3Client({
+        region: this.region,
+        ...(this.endpoint ? { endpoint: this.endpoint, forcePathStyle: true } : {}),
+      });
+    }
+    return this.client;
+  }
+
+  async put(key: string, data: Buffer | Uint8Array, contentType?: string): Promise<void> {
+    const { PutObjectCommand } = await import('@aws-sdk/client-s3');
+    const client = await this.getClient();
+    await client.send(new PutObjectCommand({
+      Bucket: this.bucket,
+      Key: key,
+      Body: data,
+      ContentType: contentType || 'application/octet-stream',
+    }));
+  }
+
+  async get(key: string): Promise<{ data: Buffer; contentType: string } | null> {
+    const { GetObjectCommand } = await import('@aws-sdk/client-s3');
+    const client = await this.getClient();
+    try {
+      const response = await client.send(new GetObjectCommand({
+        Bucket: this.bucket,
+        Key: key,
+      }));
+      const bodyBytes = await response.Body!.transformToByteArray();
+      return {
+        data: Buffer.from(bodyBytes),
+        contentType: response.ContentType || 'application/octet-stream',
+      };
+    } catch (err: any) {
+      if (err.name === 'NoSuchKey' || err.$metadata?.httpStatusCode === 404) {
+        return null;
+      }
+      throw err;
+    }
+  }
+
+  async exists(key: string): Promise<boolean> {
+    const meta = await this.head(key);
+    return meta !== null;
+  }
+
+  async head(key: string): Promise<{ etag: string; size?: number } | null> {
+    const { HeadObjectCommand } = await import('@aws-sdk/client-s3');
+    const client = await this.getClient();
+    try {
+      const response = await client.send(new HeadObjectCommand({
+        Bucket: this.bucket,
+        Key: key,
+      }));
+      return {
+        etag: response.ETag || '',
+        size: response.ContentLength,
+      };
+    } catch (err: any) {
+      if (err.name === 'NotFound' || err.$metadata?.httpStatusCode === 404) {
+        return null;
+      }
+      throw err;
+    }
+  }
+
+  async list(prefix: string): Promise<string[]> {
+    const { ListObjectsV2Command } = await import('@aws-sdk/client-s3');
+    const client = await this.getClient();
+    const keys: string[] = [];
+    let continuationToken: string | undefined;
+
+    do {
+      const response = await client.send(new ListObjectsV2Command({
+        Bucket: this.bucket,
+        Prefix: prefix,
+        ContinuationToken: continuationToken,
+      }));
+      if (response.Contents) {
+        for (const obj of response.Contents) {
+          if (obj.Key) keys.push(obj.Key);
+        }
+      }
+      continuationToken = response.IsTruncated ? response.NextContinuationToken : undefined;
+    } while (continuationToken);
+
+    return keys;
+  }
+
+  async delete(key: string): Promise<void> {
+    const { DeleteObjectCommand } = await import('@aws-sdk/client-s3');
+    const client = await this.getClient();
+    await client.send(new DeleteObjectCommand({
+      Bucket: this.bucket,
+      Key: key,
+    }));
+  }
+
+  async presignPut(key: string, contentType: string, expiresIn: number = 3600): Promise<string> {
+    const { PutObjectCommand } = await import('@aws-sdk/client-s3');
+    const { getSignedUrl } = await import('@aws-sdk/s3-request-presigner');
+    const client = await this.getClient();
+    return getSignedUrl(client, new PutObjectCommand({
+      Bucket: this.bucket,
+      Key: key,
+      ContentType: contentType,
+    }), { expiresIn });
+  }
+}