@fyresmith/hive-server 1.0.1-3

package/cli/output.js

@@ -0,0 +1,21 @@
+import chalk from 'chalk';
+
+export function section(title) {
+  console.log(`\n${chalk.bold.cyan(title)}`);
+}
+
+export function info(msg) {
+  console.log(chalk.cyan(`→ ${msg}`));
+}
+
+export function success(msg) {
+  console.log(chalk.green(`✓ ${msg}`));
+}
+
+export function warn(msg) {
+  console.log(chalk.yellow(`! ${msg}`));
+}
+
+export function fail(msg) {
+  console.error(chalk.red(`✗ ${msg}`));
+}

package/cli/service.js

@@ -0,0 +1,360 @@
+import { existsSync } from 'fs';
+import { access, mkdir, readFile, rm, writeFile } from 'fs/promises';
+import { constants as fsConstants } from 'fs';
+import { dirname, join } from 'path';
+import { fileURLToPath } from 'url';
+import { homedir } from 'os';
+import prompts from 'prompts';
+import { CliError } from './errors.js';
+import { EXIT, HIVE_HOME } from './constants.js';
+import { run, runInherit } from './exec.js';
+
+const MAC_SERVICE_NAME = 'com.hive.server';
+const LINUX_SERVICE_NAME = 'hive-server';
+
+function detectPlatform() {
+  if (process.platform === 'darwin') return 'launchd';
+  if (process.platform === 'linux') return 'systemd';
+  throw new CliError(`Unsupported OS for service management: ${process.platform}`, EXIT.PREREQ);
+}
+
+function getUid() {
+  return process.env.UID || String(process.getuid?.() ?? '');
+}
+
+export function getServiceDefaults() {
+  const servicePlatform = detectPlatform();
+  const serviceName = servicePlatform === 'launchd' ? MAC_SERVICE_NAME : LINUX_SERVICE_NAME;
+  return { servicePlatform, serviceName };
+}
+
+function getHiveBinPath() {
+  return fileURLToPath(new URL('../bin/hive.js', import.meta.url));
+}
+
+function getLaunchAgentPath(serviceName) {
+  return join(homedir(), 'Library', 'LaunchAgents', `${serviceName}.plist`);
+}
+
+function getLaunchdTarget(serviceName) {
+  const uid = getUid();
+  if (!uid) {
+    throw new CliError('Could not resolve UID for launchctl', EXIT.FAIL);
+  }
+  return `gui/${uid}/${serviceName}`;
+}
+
+function getLaunchdLogsDir() {
+  return join(HIVE_HOME, 'logs');
+}
+
+function xmlEscape(input) {
+  return String(input)
+    .replaceAll('&', '&')
+    .replaceAll('<', '&lt;')
+    .replaceAll('>', '&gt;')
+    .replaceAll('"', '&quot;')
+    .replaceAll("'", '&apos;');
+}
+
+function buildLaunchdPlist({
+  serviceName,
+  nodePath,
+  hiveBinPath,
+  envFile,
+  stdoutPath,
+  stderrPath,
+}) {
+  const args = [nodePath, hiveBinPath, 'run', '--env-file', envFile, '--quiet']
+    .map((arg) => `    <string>${xmlEscape(arg)}</string>`)
+    .join('\n');
+
+  return `<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 
+<plist version="1.0">
+<dict>
+  <key>Label</key>
+  <string>${xmlEscape(serviceName)}</string>
+  <key>ProgramArguments</key>
+  <array>
+${args}
+  </array>
+  <key>RunAtLoad</key>
+  <true/>
+  <key>KeepAlive</key>
+  <true/>
+  <key>WorkingDirectory</key>
+  <string>${xmlEscape(HIVE_HOME)}</string>
+  <key>StandardOutPath</key>
+  <string>${xmlEscape(stdoutPath)}</string>
+  <key>StandardErrorPath</key>
+  <string>${xmlEscape(stderrPath)}</string>
+</dict>
+</plist>
+`;
+}
+
+function buildSystemdUnit({
+  serviceName,
+  nodePath,
+  hiveBinPath,
+  envFile,
+  user,
+}) {
+  const execStart = `${nodePath} ${hiveBinPath} run --env-file ${envFile} --quiet`;
+  return `[Unit]
+Description=Hive Collaborative Vault Server
+After=network.target
+
+[Service]
+Type=simple
+User=${user}
+WorkingDirectory=${HIVE_HOME}
+ExecStart=${execStart}
+Restart=on-failure
+RestartSec=5s
+NoNewPrivileges=true
+PrivateTmp=true
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=${serviceName}
+
+[Install]
+WantedBy=multi-user.target
+`;
+}
+
+async function installLaunchdService({ serviceName, envFile }) {
+  const plistPath = getLaunchAgentPath(serviceName);
+  const target = getLaunchdTarget(serviceName);
+  const logsDir = getLaunchdLogsDir();
+  const stdoutPath = join(logsDir, 'hive-server.out.log');
+  const stderrPath = join(logsDir, 'hive-server.err.log');
+
+  await mkdir(dirname(plistPath), { recursive: true });
+  await mkdir(logsDir, { recursive: true });
+  await mkdir(HIVE_HOME, { recursive: true });
+
+  const plist = buildLaunchdPlist({
+    serviceName,
+    nodePath: process.execPath,
+    hiveBinPath: getHiveBinPath(),
+    envFile,
+    stdoutPath,
+    stderrPath,
+  });
+  await writeFile(plistPath, plist, 'utf-8');
+
+  await run('launchctl', ['bootout', target]).catch(() => {});
+  await runInherit('launchctl', ['bootstrap', `gui/${getUid()}`, plistPath]);
+  await runInherit('launchctl', ['enable', target]);
+  await runInherit('launchctl', ['kickstart', '-k', target]);
+
+  return {
+    servicePlatform: 'launchd',
+    serviceName,
+    serviceFile: plistPath,
+    logs: { stdoutPath, stderrPath },
+  };
+}
+
+async function installSystemdService({ serviceName, envFile }) {
+  const unitFile = `/etc/systemd/system/${serviceName}.service`;
+  const tmpFile = join('/tmp', `${serviceName}.service`);
+  const user = process.env.SUDO_USER || process.env.USER;
+  if (!user) {
+    throw new CliError('Could not resolve current user for systemd unit', EXIT.FAIL);
+  }
+
+  await mkdir(HIVE_HOME, { recursive: true });
+
+  const unit = buildSystemdUnit({
+    serviceName,
+    nodePath: process.execPath,
+    hiveBinPath: getHiveBinPath(),
+    envFile,
+    user,
+  });
+
+  await writeFile(tmpFile, unit, 'utf-8');
+  await runInherit('sudo', ['cp', tmpFile, unitFile]);
+  await runInherit('sudo', ['chmod', '644', unitFile]);
+  await runInherit('sudo', ['systemctl', 'daemon-reload']);
+  await runInherit('sudo', ['systemctl', 'enable', '--now', serviceName]);
+
+  return {
+    servicePlatform: 'systemd',
+    serviceName,
+    serviceFile: unitFile,
+  };
+}
+
+async function shouldProceed({ message, yes }) {
+  if (yes) return true;
+  const answer = await prompts({
+    type: 'confirm',
+    name: 'ok',
+    message,
+    initial: true,
+  });
+  return Boolean(answer.ok);
+}
+
+export async function installHiveService({ envFile, yes = false, serviceName }) {
+  const defaults = getServiceDefaults();
+  const resolvedServiceName = serviceName || defaults.serviceName;
+  const servicePlatform = defaults.servicePlatform;
+
+  if (!(await shouldProceed({ yes, message: `Install Hive as a ${servicePlatform} service?` }))) {
+    throw new CliError('Service install cancelled', EXIT.FAIL);
+  }
+
+  if (servicePlatform === 'launchd') {
+    return installLaunchdService({ serviceName: resolvedServiceName, envFile });
+  }
+  return installSystemdService({ serviceName: resolvedServiceName, envFile });
+}
+
+export async function startHiveService({ servicePlatform, serviceName }) {
+  if (servicePlatform === 'launchd') {
+    await runInherit('launchctl', ['kickstart', '-k', getLaunchdTarget(serviceName)]);
+    return;
+  }
+  await runInherit('sudo', ['systemctl', 'start', serviceName]);
+}
+
+export async function stopHiveService({ servicePlatform, serviceName }) {
+  if (servicePlatform === 'launchd') {
+    await runInherit('launchctl', ['bootout', getLaunchdTarget(serviceName)]);
+    return;
+  }
+  await runInherit('sudo', ['systemctl', 'stop', serviceName]);
+}
+
+export async function restartHiveService({ servicePlatform, serviceName }) {
+  if (servicePlatform === 'launchd') {
+    await runInherit('launchctl', ['kickstart', '-k', getLaunchdTarget(serviceName)]);
+    return;
+  }
+  await runInherit('sudo', ['systemctl', 'restart', serviceName]);
+}
+
+export async function getHiveServiceStatus({ servicePlatform, serviceName }) {
+  if (servicePlatform === 'launchd') {
+    const target = getLaunchdTarget(serviceName);
+    const { stdout } = await run('launchctl', ['print', target]).catch(() => ({ stdout: '' }));
+    return {
+      active: stdout.includes('state = running') || stdout.includes('last exit code = 0'),
+      detail: stdout || 'No launchd service output found',
+    };
+  }
+
+  const activeCmd = await run('sudo', ['systemctl', 'is-active', serviceName]).catch(() => ({ stdout: 'inactive' }));
+  const statusCmd = await run('sudo', ['systemctl', 'status', serviceName, '--no-pager', '--lines', '30']).catch(() => ({ stdout: '' }));
+  return {
+    active: activeCmd.stdout.trim() === 'active',
+    detail: statusCmd.stdout || activeCmd.stdout,
+  };
+}
+
+export async function streamHiveServiceLogs({ servicePlatform, serviceName, follow = true, lines = 80 }) {
+  if (servicePlatform === 'launchd') {
+    const logsDir = getLaunchdLogsDir();
+    const stdoutPath = join(logsDir, 'hive-server.out.log');
+    const stderrPath = join(logsDir, 'hive-server.err.log');
+
+    await mkdir(logsDir, { recursive: true });
+    if (!existsSync(stdoutPath)) await writeFile(stdoutPath, '', 'utf-8');
+    if (!existsSync(stderrPath)) await writeFile(stderrPath, '', 'utf-8');
+
+    const args = follow ? ['-n', String(lines), '-f', stdoutPath, stderrPath] : ['-n', String(lines), stdoutPath, stderrPath];
+    await runInherit('tail', args);
+    return;
+  }
+
+  const args = ['journalctl', '-u', serviceName, '--no-pager', '-n', String(lines)];
+  if (follow) args.push('-f');
+  await runInherit('sudo', args);
+}
+
+async function ensureFileWritable(path) {
+  try {
+    await access(path, fsConstants.W_OK);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+export async function uninstallHiveService({ servicePlatform, serviceName, yes = false }) {
+  if (!(await shouldProceed({ yes, message: `Uninstall Hive service '${serviceName}'?` }))) {
+    throw new CliError('Service uninstall cancelled', EXIT.FAIL);
+  }
+
+  if (servicePlatform === 'launchd') {
+    const target = getLaunchdTarget(serviceName);
+    const plistPath = getLaunchAgentPath(serviceName);
+    await run('launchctl', ['bootout', target]).catch(() => {});
+    if (existsSync(plistPath) && await ensureFileWritable(plistPath)) {
+      await rm(plistPath, { force: true });
+    }
+    return;
+  }
+
+  const unitFile = `/etc/systemd/system/${serviceName}.service`;
+  await run('sudo', ['systemctl', 'disable', '--now', serviceName]).catch(() => {});
+  if (existsSync(unitFile)) {
+    await runInherit('sudo', ['rm', '-f', unitFile]);
+  }
+  await runInherit('sudo', ['systemctl', 'daemon-reload']);
+}
+
+export async function cloudflaredServiceStatus() {
+  if (process.platform === 'darwin') {
+    const { stdout } = await run('launchctl', ['list']).catch(() => ({ stdout: '' }));
+    return stdout.includes('cloudflared');
+  }
+  const { stdout } = await run('sudo', ['systemctl', 'is-active', 'cloudflared']).catch(() => ({ stdout: 'inactive' }));
+  return stdout.trim() === 'active';
+}
+
+export async function serviceStatusSummary({ servicePlatform, serviceName }) {
+  const service = await getHiveServiceStatus({ servicePlatform, serviceName });
+  const tunnelServiceActive = await cloudflaredServiceStatus().catch(() => false);
+  return {
+    ...service,
+    tunnelServiceActive,
+  };
+}
+
+export async function previewServiceDefinition({ servicePlatform, serviceName, envFile }) {
+  if (servicePlatform === 'launchd') {
+    return buildLaunchdPlist({
+      serviceName,
+      nodePath: process.execPath,
+      hiveBinPath: getHiveBinPath(),
+      envFile,
+      stdoutPath: join(getLaunchdLogsDir(), 'hive-server.out.log'),
+      stderrPath: join(getLaunchdLogsDir(), 'hive-server.err.log'),
+    });
+  }
+  const user = process.env.SUDO_USER || process.env.USER || 'unknown';
+  return buildSystemdUnit({
+    serviceName,
+    nodePath: process.execPath,
+    hiveBinPath: getHiveBinPath(),
+    envFile,
+    user,
+  });
+}
+
+export async function readServiceFile({ servicePlatform, serviceName }) {
+  if (servicePlatform === 'launchd') {
+    const path = getLaunchAgentPath(serviceName);
+    if (!existsSync(path)) return null;
+    return readFile(path, 'utf-8');
+  }
+  const path = `/etc/systemd/system/${serviceName}.service`;
+  if (!existsSync(path)) return null;
+  return run('sudo', ['cat', path]).then((r) => r.stdout);
+}

package/cli/tunnel.js

@@ -0,0 +1,238 @@
+import { existsSync } from 'fs';
+import { mkdir, readFile, writeFile } from 'fs/promises';
+import { dirname, join } from 'path';
+import { homedir } from 'os';
+import which from 'which';
+import prompts from 'prompts';
+import { CliError } from './errors.js';
+import { EXIT } from './constants.js';
+import { run, runInherit } from './exec.js';
+import { info, success, warn } from './output.js';
+
+const UUID_RE = /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/i;
+
+export function detectPlatform() {
+  if (process.platform === 'darwin') return 'darwin';
+  if (process.platform === 'linux') return 'linux';
+  throw new CliError(`Unsupported OS: ${process.platform}`, EXIT.PREREQ);
+}
+
+export function getCloudflaredPath() {
+  try {
+    return which.sync('cloudflared');
+  } catch {
+    return null;
+  }
+}
+
+export async function ensureCloudflaredInstalled({ yes = false } = {}) {
+  const existing = getCloudflaredPath();
+  if (existing) return existing;
+
+  const platform = detectPlatform();
+  let install = yes;
+  if (!yes) {
+    const answer = await prompts({
+      type: 'confirm',
+      name: 'ok',
+      message: 'cloudflared is missing. Install now?',
+      initial: true,
+    });
+    install = Boolean(answer.ok);
+  }
+
+  if (!install) {
+    throw new CliError('cloudflared is required', EXIT.PREREQ);
+  }
+
+  if (platform === 'darwin') {
+    if (!which.sync('brew', { nothrow: true })) {
+      throw new CliError('Homebrew not found. Install brew first: https://brew.sh', EXIT.PREREQ);
+    }
+    await runInherit('brew', ['install', 'cloudflared']);
+  } else {
+    if (!which.sync('apt-get', { nothrow: true })) {
+      throw new CliError('Unsupported Linux package manager. Install cloudflared manually.', EXIT.PREREQ);
+    }
+    await runInherit('sudo', ['mkdir', '-p', '/usr/share/keyrings']);
+    await runInherit('bash', ['-lc', 'curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null']);
+    await runInherit('bash', ['-lc', "echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared any main' | sudo tee /etc/apt/sources.list.d/cloudflared.list >/dev/null"]);
+    await runInherit('sudo', ['apt-get', 'update', '-q']);
+    await runInherit('sudo', ['apt-get', 'install', '-y', 'cloudflared']);
+  }
+
+  const after = getCloudflaredPath();
+  if (!after) {
+    throw new CliError('Failed to install cloudflared', EXIT.PREREQ);
+  }
+  return after;
+}
+
+export async function ensureCloudflaredLogin({ certPath, yes = false }) {
+  if (existsSync(certPath)) {
+    success(`Cloudflare auth cert found: ${certPath}`);
+    return;
+  }
+
+  if (!yes) {
+    warn('A browser window will open for Cloudflare login.');
+    const answer = await prompts({
+      type: 'confirm',
+      name: 'ok',
+      message: 'Continue with cloudflared login?',
+      initial: true,
+    });
+    if (!answer.ok) throw new CliError('Cloudflare login cancelled', EXIT.FAIL);
+  }
+
+  await runInherit('cloudflared', ['tunnel', 'login']);
+
+  if (!existsSync(certPath)) {
+    throw new CliError(`Cloudflare login did not create cert at ${certPath}`, EXIT.PREREQ);
+  }
+}
+
+export async function listTunnels() {
+  try {
+    const { stdout } = await run('cloudflared', ['tunnel', 'list', '--output', 'json']);
+    return JSON.parse(stdout);
+  } catch {
+    const { stdout } = await run('cloudflared', ['tunnel', 'list']);
+    const lines = stdout.split('\n').slice(1).filter(Boolean);
+    return lines.map((line) => {
+      const parts = line.trim().split(/\s+/);
+      return { id: parts[0], name: parts[1] };
+    });
+  }
+}
+
+export async function ensureTunnel({ tunnelName }) {
+  const tunnels = await listTunnels();
+  const existing = tunnels.find((t) => t.name === tunnelName);
+  if (existing?.id) {
+    success(`Using existing tunnel '${tunnelName}' (${existing.id})`);
+    return existing.id;
+  }
+
+  const { stdout, stderr } = await run('cloudflared', ['tunnel', 'create', tunnelName]);
+  const combined = `${stdout}\n${stderr}`;
+  const match = combined.match(UUID_RE);
+  if (!match) {
+    throw new CliError(`Could not parse tunnel ID from output:\n${combined}`);
+  }
+  const tunnelId = match[0];
+  success(`Created tunnel '${tunnelName}' (${tunnelId})`);
+  return tunnelId;
+}
+
+export function getTunnelCredentialsFile(tunnelId) {
+  return join(homedir(), '.cloudflared', `${tunnelId}.json`);
+}
+
+export async function writeCloudflaredConfig({
+  configFile,
+  tunnelId,
+  credentialsFile,
+  domain,
+  port,
+  yjsPort,
+}) {
+  await mkdir(dirname(configFile), { recursive: true });
+  const yaml = `tunnel: ${tunnelId}\ncredentials-file: ${credentialsFile}\n\ningress:\n  - hostname: ${domain}\n    path: /yjs/*\n    service: http://localhost:${yjsPort}\n\n  - hostname: ${domain}\n    service: http://localhost:${port}\n\n  - service: http_status:404\n`;
+  await writeFile(configFile, yaml, 'utf-8');
+  return yaml;
+}
+
+export async function ensureDnsRoute({ tunnelName, domain }) {
+  try {
+    await runInherit('cloudflared', ['tunnel', 'route', 'dns', tunnelName, domain]);
+  } catch (err) {
+    const output = `${err?.stdout ?? ''}\n${err?.stderr ?? ''}`;
+    if (output.includes('already exists')) {
+      warn(`DNS route already exists for ${domain}`);
+      return;
+    }
+    throw err;
+  }
+}
+
+export async function installCloudflaredService() {
+  await runInherit('sudo', ['cloudflared', 'service', 'install']);
+}
+
+export async function cloudflaredServiceStatus() {
+  const platform = detectPlatform();
+  if (platform === 'darwin') {
+    const { stdout } = await run('launchctl', ['list']);
+    return stdout.includes('cloudflared');
+  }
+  const { stdout } = await run('systemctl', ['is-active', 'cloudflared']);
+  return stdout.trim() === 'active';
+}
+
+export async function runTunnelForeground({ tunnelName }) {
+  await runInherit('cloudflared', ['tunnel', 'run', tunnelName]);
+}
+
+export async function tunnelStatus({ tunnelName, configFile }) {
+  const tunnels = await listTunnels();
+  const tunnel = tunnels.find((t) => t.name === tunnelName);
+  const configExists = existsSync(configFile);
+  let configPreview = '';
+  if (configExists) {
+    configPreview = await readFile(configFile, 'utf-8');
+  }
+  return {
+    tunnel,
+    configExists,
+    configFile,
+    configPreview,
+  };
+}
+
+export async function setupTunnel({
+  tunnelName,
+  domain,
+  configFile,
+  certPath,
+  port,
+  yjsPort,
+  yes = false,
+  installService = false,
+}) {
+  info('Ensuring cloudflared is installed');
+  await ensureCloudflaredInstalled({ yes });
+
+  info('Ensuring cloudflared is authenticated');
+  await ensureCloudflaredLogin({ certPath, yes });
+
+  info(`Ensuring tunnel '${tunnelName}' exists`);
+  const tunnelId = await ensureTunnel({ tunnelName });
+  const credentialsFile = getTunnelCredentialsFile(tunnelId);
+
+  info(`Writing cloudflared config at ${configFile}`);
+  await writeCloudflaredConfig({
+    configFile,
+    tunnelId,
+    credentialsFile,
+    domain,
+    port,
+    yjsPort,
+  });
+
+  info(`Ensuring DNS route for ${domain}`);
+  await ensureDnsRoute({ tunnelName, domain });
+
+  if (installService) {
+    info('Installing cloudflared as a system service');
+    await installCloudflaredService();
+  }
+
+  success('Tunnel setup complete');
+
+  return {
+    tunnelId,
+    credentialsFile,
+    configFile,
+  };
+}