@fenwave/agent 1.1.0

package/store/setupState.js

@@ -0,0 +1,147 @@
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+
+const FENWAVE_DIR = path.join(os.homedir(), '.fenwave');
+const SETUP_DIR = path.join(FENWAVE_DIR, 'setup');
+const STATE_FILE = path.join(SETUP_DIR, 'state.json');
+
+/**
+ * Setup steps enum
+ */
+const SetupStep = {
+  PREREQUISITES: 'prerequisites',
+  REGISTRATION: 'registration',
+  DOCKER_REGISTRY: 'docker_registry',
+  PULL_IMAGE: 'pull_image',
+  NPM_CONFIG: 'npm_config',
+  START_AGENT: 'start_agent',
+  COMPLETE: 'complete',
+};
+
+/**
+ * Ensure setup directory exists
+ */
+function ensureSetupDir() {
+  if (!fs.existsSync(FENWAVE_DIR)) {
+    fs.mkdirSync(FENWAVE_DIR, { recursive: true, mode: 0o700 });
+  }
+  if (!fs.existsSync(SETUP_DIR)) {
+    fs.mkdirSync(SETUP_DIR, { recursive: true, mode: 0o700 });
+  }
+}
+
+/**
+ * Save setup progress
+ *
+ * @param {string} step - Current step
+ * @param {Object} data - Step data
+ */
+function saveSetupProgress(step, data = {}) {
+  ensureSetupDir();
+
+  const state = loadSetupProgress() || {
+    startedAt: new Date().toISOString(),
+    steps: {},
+  };
+
+  state.steps[step] = {
+    completedAt: new Date().toISOString(),
+    data,
+  };
+
+  state.currentStep = step;
+  state.updatedAt = new Date().toISOString();
+
+  fs.writeFileSync(STATE_FILE, JSON.stringify(state, null, 2), {
+    mode: 0o600,
+  });
+}
+
+/**
+ * Load setup progress
+ *
+ * @returns {Object|null} Setup state or null if not found
+ */
+function loadSetupProgress() {
+  if (!fs.existsSync(STATE_FILE)) {
+    return null;
+  }
+
+  try {
+    return JSON.parse(fs.readFileSync(STATE_FILE, 'utf8'));
+  } catch (error) {
+    console.error('Failed to load setup progress:', error.message);
+    return null;
+  }
+}
+
+/**
+ * Mark step as complete
+ *
+ * @param {string} step - Step to mark as complete
+ */
+function markStepComplete(step) {
+  saveSetupProgress(step);
+}
+
+/**
+ * Check if step is complete
+ *
+ * @param {string} step - Step to check
+ * @returns {boolean} True if step is complete
+ */
+function isStepComplete(step) {
+  const state = loadSetupProgress();
+  return state?.steps?.[step] !== undefined;
+}
+
+/**
+ * Get current step
+ *
+ * @returns {string|null} Current step or null
+ */
+function getCurrentStep() {
+  const state = loadSetupProgress();
+  return state?.currentStep || null;
+}
+
+/**
+ * Clear setup state
+ */
+function clearSetupState() {
+  if (fs.existsSync(STATE_FILE)) {
+    fs.unlinkSync(STATE_FILE);
+  }
+}
+
+/**
+ * Check if setup is in progress
+ *
+ * @returns {boolean} True if setup state exists
+ */
+function isSetupInProgress() {
+  return fs.existsSync(STATE_FILE);
+}
+
+/**
+ * Get completed steps
+ *
+ * @returns {Array<string>} List of completed step names
+ */
+function getCompletedSteps() {
+  const state = loadSetupProgress();
+  return state?.steps ? Object.keys(state.steps) : [];
+}
+
+export {
+  SetupStep,
+  saveSetupProgress,
+  loadSetupProgress,
+  markStepComplete,
+  isStepComplete,
+  getCurrentStep,
+  clearSetupState,
+  isSetupInProgress,
+  getCompletedSteps,
+};

package/utils/deviceInfo.js

@@ -0,0 +1,98 @@
+import os from 'os';
+import { execSync } from 'child_process';
+import packageJson from '../package.json' with { type: 'json' };
+
+/**
+ * Collect device information for registration
+ *
+ * @returns {Object} Device information
+ */
+export function collectDeviceInfo() {
+  const platform = os.platform(); // darwin, linux, win32
+  const hostname = os.hostname();
+  const arch = os.arch(); // x64, arm64, etc.
+  const cpus = os.cpus();
+  const totalMemory = os.totalmem();
+  const osVersion = os.release();
+
+  // Get Docker version if available
+  let dockerVersion = null;
+  try {
+    dockerVersion = execSync('docker --version', { encoding: 'utf8' }).trim();
+  } catch (error) {
+    // Docker not installed or not available
+    dockerVersion = 'Not available';
+  }
+
+  // Get agent version from package.json
+  const agentVersion = packageJson.version;
+
+  return {
+    hostname,
+    platform,
+    arch,
+    osVersion,
+    cpuCount: cpus.length,
+    totalMemory: Math.round(totalMemory / (1024 * 1024 * 1024)), // Convert to GB
+    dockerVersion,
+    agentVersion,
+  };
+}
+
+/**
+ * Generate a human-readable device name
+ *
+ * @returns {string} Device name (e.g., "johns-macbook-darwin")
+ */
+export function generateDeviceName() {
+  const hostname = os.hostname()
+    .toLowerCase()
+    .replace(/[^a-z0-9-]/g, '-') // Replace non-alphanumeric with dash
+    .replace(/-+/g, '-') // Replace multiple dashes with single dash
+    .replace(/^-|-$/g, ''); // Remove leading/trailing dashes
+
+  const platform = os.platform();
+
+  return `${hostname}-${platform}`;
+}
+
+/**
+ * Get device metadata for storage
+ *
+ * @returns {Object} Complete device metadata
+ */
+export async function getDeviceMetadata() {
+  const info = collectDeviceInfo();
+  const deviceName = generateDeviceName();
+
+  return {
+    deviceName,
+    platform: info.platform,
+    osVersion: info.osVersion,
+    agentVersion: info.agentVersion,
+    metadata: {
+      hostname: info.hostname,
+      arch: info.arch,
+      cpuCount: info.cpuCount,
+      totalMemoryGB: info.totalMemory,
+      dockerVersion: info.dockerVersion,
+    },
+  };
+}
+
+/**
+ * Display device information in a formatted way
+ *
+ * @param {Object} deviceInfo - Device information object
+ */
+export function displayDeviceInfo(deviceInfo) {
+  console.log('\n📱 Device Information:');
+  console.log(`   Name: ${deviceInfo.deviceName || 'N/A'}`);
+  console.log(`   Platform: ${deviceInfo.platform}`);
+  console.log(`   OS Version: ${deviceInfo.osVersion || 'N/A'}`);
+  console.log(`   Architecture: ${deviceInfo.metadata?.arch || 'N/A'}`);
+  console.log(`   CPUs: ${deviceInfo.metadata?.cpuCount || 'N/A'}`);
+  console.log(`   Memory: ${deviceInfo.metadata?.totalMemoryGB || 'N/A'} GB`);
+  console.log(`   Docker: ${deviceInfo.metadata?.dockerVersion || 'N/A'}`);
+  console.log(`   Agent Version: ${deviceInfo.agentVersion || 'N/A'}\n`);
+}

package/utils/ecrAuth.js

@@ -0,0 +1,225 @@
+/**
+ * ECR Authentication Utility
+ *
+ * Handles requesting temporary AWS ECR credentials from Backstage
+ * and authenticating Docker with ECR.
+ */
+
+import { loadDeviceCredential } from '../store/deviceCredentialStore.js';
+import { execSync } from 'child_process';
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+
+/**
+ * Request temporary ECR credentials from Backstage
+ *
+ * @param {string} backstageUrl - Backstage backend URL
+ * @returns {Promise<Object>} ECR credentials object
+ */
+export async function requestECRCredentials(backstageUrl) {
+  try {
+    // Load device credentials
+    const deviceCreds = await loadDeviceCredential();
+
+    if (!deviceCreds || !deviceCreds.deviceId || !deviceCreds.deviceCredential) {
+      throw new Error('Device not registered. Please run: fenwave init');
+    }
+
+    // Request credentials from Backstage
+    const url = new URL('/api/agent-cli/ecr-credentials', backstageUrl);
+    url.searchParams.append('deviceId', deviceCreds.deviceId);
+    url.searchParams.append('deviceCredential', deviceCreds.deviceCredential);
+
+    const response = await fetch(url.toString());
+
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ error: 'Unknown error' }));
+      throw new Error(`Failed to get ECR credentials: ${error.error || response.statusText}`);
+    }
+
+    const credentials = await response.json();
+
+    return credentials;
+  } catch (error) {
+    throw new Error(`Failed to request ECR credentials: ${error.message}`);
+  }
+}
+
+/**
+ * Set AWS environment variables for temporary credentials
+ *
+ * @param {Object} credentials - ECR credentials object
+ */
+export function setAWSCredentials(credentials) {
+  process.env.AWS_ACCESS_KEY_ID = credentials.accessKeyId;
+  process.env.AWS_SECRET_ACCESS_KEY = credentials.secretAccessKey;
+  process.env.AWS_SESSION_TOKEN = credentials.sessionToken;
+  process.env.AWS_DEFAULT_REGION = credentials.region;
+}
+
+/**
+ * Clear AWS environment variables
+ */
+export function clearAWSCredentials() {
+  delete process.env.AWS_ACCESS_KEY_ID;
+  delete process.env.AWS_SECRET_ACCESS_KEY;
+  delete process.env.AWS_SESSION_TOKEN;
+  delete process.env.AWS_DEFAULT_REGION;
+}
+
+/**
+ * Authenticate Docker with ECR using temporary credentials
+ *
+ * @param {string} backstageUrl - Backstage backend URL
+ * @returns {Promise<Object>} Authentication result with registry info
+ */
+export async function authenticateDockerWithECR(backstageUrl) {
+  try {
+    console.log('🔐 Requesting temporary ECR credentials from Backstage...');
+
+    // Request credentials
+    const credentials = await requestECRCredentials(backstageUrl);
+
+    console.log(`✅ Received temporary credentials (expires: ${credentials.expiration})`);
+
+    // Set AWS environment variables
+    setAWSCredentials(credentials);
+
+    // Authenticate with ECR
+    const ecrUri = `${credentials.accountId}.dkr.ecr.${credentials.region}.amazonaws.com`;
+    console.log(`🔑 Authenticating Docker with ECR: ${ecrUri}...`);
+
+    try {
+      // Get ECR login password
+      const loginPassword = execSync(
+        `aws ecr get-login-password --region ${credentials.region}`,
+        { encoding: 'utf-8' }
+      ).trim();
+
+      // Login to Docker
+      execSync(
+        `echo "${loginPassword}" | docker login --username AWS --password-stdin ${ecrUri}`,
+        { stdio: 'pipe' }
+      );
+
+      console.log('✅ Successfully authenticated with ECR');
+
+      // Return registry information
+      return {
+        success: true,
+        registryUri: ecrUri,
+        dockerImage: `${ecrUri}/${credentials.ecrRepository}:latest`,
+        region: credentials.region,
+        accountId: credentials.accountId,
+        repository: credentials.ecrRepository,
+        expiration: credentials.expiration,
+      };
+    } catch (dockerError) {
+      clearAWSCredentials();
+      throw new Error(`Docker authentication failed: ${dockerError.message}`);
+    }
+  } catch (error) {
+    clearAWSCredentials();
+    throw error;
+  }
+}
+
+/**
+ * Pull Docker image from ECR with authentication
+ *
+ * @param {string} backstageUrl - Backstage backend URL
+ * @returns {Promise<Object>} Pull result with image info
+ */
+export async function pullDockerImageFromECR(backstageUrl) {
+  try {
+    // Authenticate with ECR
+    const authResult = await authenticateDockerWithECR(backstageUrl);
+
+    console.log(`📥 Pulling Docker image: ${authResult.dockerImage}...`);
+
+    // Pull the image
+    execSync(`docker pull ${authResult.dockerImage}`, { stdio: 'inherit' });
+
+    console.log('✅ Docker image pulled successfully');
+
+    // Clear credentials after use
+    clearAWSCredentials();
+
+    return {
+      success: true,
+      dockerImage: authResult.dockerImage,
+      registryUri: authResult.registryUri,
+    };
+  } catch (error) {
+    clearAWSCredentials();
+    throw new Error(`Failed to pull Docker image: ${error.message}`);
+  }
+}
+
+/**
+ * Check if credentials are expired or about to expire
+ *
+ * @param {string} expirationISO - ISO 8601 expiration timestamp
+ * @param {number} bufferMinutes - Minutes before expiration to consider expired (default: 5)
+ * @returns {boolean} True if credentials are expired or expiring soon
+ */
+export function areCredentialsExpired(expirationISO, bufferMinutes = 5) {
+  const expirationTime = new Date(expirationISO).getTime();
+  const bufferMs = bufferMinutes * 60 * 1000;
+  const now = Date.now();
+
+  return now >= (expirationTime - bufferMs);
+}
+
+/**
+ * Cache credentials to disk (optional, for future use)
+ *
+ * @param {Object} credentials - ECR credentials object
+ */
+export async function cacheCredentials(credentials) {
+  const cacheDir = path.join(os.homedir(), '.fenwave', 'cache');
+  const cacheFile = path.join(cacheDir, 'ecr-credentials.json');
+
+  try {
+    // Create cache directory if it doesn't exist
+    if (!fs.existsSync(cacheDir)) {
+      fs.mkdirSync(cacheDir, { recursive: true });
+    }
+
+    // Write credentials to cache
+    fs.writeFileSync(cacheFile, JSON.stringify(credentials, null, 2), 'utf-8');
+  } catch (error) {
+    // Ignore cache errors - not critical
+    console.warn('⚠️  Failed to cache credentials:', error.message);
+  }
+}
+
+/**
+ * Load cached credentials (optional, for future use)
+ *
+ * @returns {Object|null} Cached credentials or null if not found/expired
+ */
+export async function loadCachedCredentials() {
+  const cacheFile = path.join(os.homedir(), '.fenwave', 'cache', 'ecr-credentials.json');
+
+  try {
+    if (!fs.existsSync(cacheFile)) {
+      return null;
+    }
+
+    const cached = JSON.parse(fs.readFileSync(cacheFile, 'utf-8'));
+
+    // Check if credentials are expired
+    if (areCredentialsExpired(cached.expiration)) {
+      // Delete expired cache
+      fs.unlinkSync(cacheFile);
+      return null;
+    }
+
+    return cached;
+  } catch (error) {
+    // Ignore cache errors
+    return null;
+  }
+}

package/utils/encryption.js

@@ -0,0 +1,112 @@
+import crypto from 'crypto';
+import os from 'os';
+import { networkInterfaces } from 'os';
+
+/**
+ * Generate a machine-specific encryption key
+ * Uses hostname and MAC address to create a unique key for this machine
+ *
+ * @returns {Buffer} Encryption key
+ */
+function getMachineKey() {
+  const hostname = os.hostname();
+
+  // Get first MAC address
+  const interfaces = networkInterfaces();
+  let macAddress = 'default-mac';
+
+  for (const name of Object.keys(interfaces)) {
+    const iface = interfaces[name];
+    if (iface) {
+      for (const addr of iface) {
+        if (!addr.internal && addr.mac && addr.mac !== '00:00:00:00:00:00') {
+          macAddress = addr.mac;
+          break;
+        }
+      }
+    }
+    if (macAddress !== 'default-mac') break;
+  }
+
+  // Create key from hostname + MAC address
+  const keyMaterial = `${hostname}-${macAddress}`;
+
+  // Derive a 32-byte key using SHA-256
+  return crypto.createHash('sha256').update(keyMaterial).digest();
+}
+
+/**
+ * Encrypt data using AES-256-GCM with machine-specific key
+ *
+ * @param {string} plaintext - Data to encrypt
+ * @returns {string} Encrypted data (base64 encoded with IV and auth tag)
+ */
+export function encrypt(plaintext) {
+  const key = getMachineKey();
+  const iv = crypto.randomBytes(16); // 128-bit IV for GCM
+
+  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
+
+  let encrypted = cipher.update(plaintext, 'utf8', 'base64');
+  encrypted += cipher.final('base64');
+
+  const authTag = cipher.getAuthTag();
+
+  // Combine IV + authTag + encrypted data
+  const combined = Buffer.concat([
+    iv,
+    authTag,
+    Buffer.from(encrypted, 'base64'),
+  ]);
+
+  return combined.toString('base64');
+}
+
+/**
+ * Decrypt data using AES-256-GCM with machine-specific key
+ *
+ * @param {string} encryptedData - Encrypted data (base64 encoded)
+ * @returns {string} Decrypted plaintext
+ */
+export function decrypt(encryptedData) {
+  const key = getMachineKey();
+  const combined = Buffer.from(encryptedData, 'base64');
+
+  // Extract IV (first 16 bytes), authTag (next 16 bytes), and encrypted data
+  const iv = combined.slice(0, 16);
+  const authTag = combined.slice(16, 32);
+  const encrypted = combined.slice(32);
+
+  const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);
+  decipher.setAuthTag(authTag);
+
+  let decrypted = decipher.update(encrypted, undefined, 'utf8');
+  decrypted += decipher.final('utf8');
+
+  return decrypted;
+}
+
+/**
+ * Simple hash function for data integrity
+ *
+ * @param {string} data - Data to hash
+ * @returns {string} SHA-256 hash (hex)
+ */
+export function hash(data) {
+  return crypto.createHash('sha256').update(data).digest('hex');
+}
+
+/**
+ * Verify if encrypted data can be decrypted (test encryption key)
+ *
+ * @param {string} encryptedData - Encrypted data to test
+ * @returns {boolean} True if decryption succeeds
+ */
+export function canDecrypt(encryptedData) {
+  try {
+    decrypt(encryptedData);
+    return true;
+  } catch (error) {
+    return false;
+  }
+}

package/utils/envSetup.js

@@ -0,0 +1,54 @@
+import fs from "fs";
+import path from "path";
+import chalk from "chalk";
+
+/**
+ * Ensures environment files exist with default values
+ * @param {string} agentDir - Path to the agent directory
+ * @param {boolean} showFoundMessages - Whether to show messages when files already exist (default: false)
+ */
+export function ensureEnvironmentFiles(agentDir, showFoundMessages = false) {
+  // Check and create .env.agent for agent if not exists
+  const agentEnvPath = path.join(agentDir, ".env.agent");
+  if (!fs.existsSync(agentEnvPath)) {
+    const defaultAgentEnv = `BACKEND_URL=http://localhost:7007
+FRONTEND_URL=http://localhost:3000
+WS_PORT=3001
+CONTAINER_PORT=3003
+AGENT_ROOT_DIR=.fenwave
+REGISTRIES_DIR=registries
+AWS_REGION=eu-west-1
+AUTH_TIMEOUT_MS=60000
+`;
+    fs.writeFileSync(agentEnvPath, defaultAgentEnv);
+    console.log(chalk.green("📄 Created .env.agent with default values"));
+  } else if (showFoundMessages) {
+    console.log(chalk.green("📄 Found existing .env.agent file"));
+  }
+
+  // Check and create ../.env for devapp if not exists
+  const appEnvPath = path.join(agentDir, "../fenwave-developer-app", ".env");
+  if (!fs.existsSync(appEnvPath)) {
+    const defaultAppEnv = `NEXT_PUBLIC_PORT=3001
+NEXT_PUBLIC_WS_URL=http://localhost:3001
+NEXT_PUBLIC_FRONTEND_URL=http://localhost:3000
+NEXT_PUBLIC_TOAST_LIMIT=4
+NEXT_PUBLIC_TOAST_REMOVE_DELAY=5000
+NEXT_PUBLIC_AGENT_ROOT_DIR=.fw
+NEXT_PUBLIC_REGISTRIES_DIR=registries
+NEXT_PUBLIC_REGISTRIES_FILE=credentials.json
+`;
+    fs.writeFileSync(appEnvPath, defaultAppEnv);
+    console.log(
+      chalk.green(
+        "📄 Created ../fenwave-developer-app/.env with default values"
+      )
+    );
+  } else if (showFoundMessages) {
+    console.log(
+      chalk.green("📄 Found existing ../fenwave-developer-app/.env file")
+    );
+  }
+
+  return agentEnvPath;
+}