@hyperdrive.bot/cli 1.0.2

package/dist/services/hyperdrive-sigv4.js

@@ -0,0 +1,375 @@
+import { Sha256 } from '@aws-crypto/sha256-js';
+import { HttpRequest } from '@smithy/protocol-http';
+import { SignatureV4 } from '@smithy/signature-v4';
+import axios from 'axios';
+import { readFileSync } from 'fs';
+import { dirname, join } from 'path';
+import { fileURLToPath } from 'url';
+import { AuthService } from './auth-service.js';
+// Get CLI version from package.json
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+const packageJson = JSON.parse(readFileSync(join(__dirname, '../../package.json'), 'utf-8'));
+const CLI_VERSION = packageJson.version;
+// Type guards
+function isOutdatedCLIError(data) {
+    return (data &&
+        data.code === 'OUTDATED_CLI_VERSION' &&
+        data.data &&
+        typeof data.data.currentVersion === 'string' &&
+        typeof data.data.requiredVersion === 'string' &&
+        typeof data.data.updateCommand === 'string');
+}
+function isOutdatedRoleError(data) {
+    return (data &&
+        data.code === 'OUTDATED_ROLE_VERSION' &&
+        data.data &&
+        typeof data.data.accountId === 'string' &&
+        typeof data.data.currentVersion === 'string' &&
+        typeof data.data.requiredVersion === 'string' &&
+        typeof data.data.quickCreateUrl === 'string');
+}
+/**
+ * Hyperdrive API Service with AWS SigV4 authentication
+ *
+ * This service signs all API requests using AWS Signature Version 4,
+ * which allows both CLI and web frontend to use the same endpoints
+ * with unified AWS IAM authentication via Cognito.
+ */
+export class HyperdriveSigV4Service {
+    apiUrl;
+    authService;
+    region;
+    tenantDomain;
+    constructor(domain) {
+        this.authService = new AuthService(domain);
+        // Load credentials to get API URL and region
+        const credentials = this.authService.loadCredentials();
+        if (!credentials) {
+            const domainMsg = domain ? ` for domain "${domain}"` : '';
+            throw new Error(`Not authenticated${domainMsg}. Please run "hd auth login${domain ? ' --domain ' + domain : ''}" first.`);
+        }
+        // Use environment variable override if set, otherwise use from credentials
+        this.apiUrl = process.env.HYPERDRIVE_API_URL || credentials.apiUrl;
+        this.region = process.env.HYPERDRIVE_AWS_REGION || credentials.region;
+        this.tenantDomain = credentials.tenantDomain;
+        if (!this.apiUrl) {
+            throw new Error('Hyperdrive API URL not configured.\n' +
+                'Please re-authenticate with "hd auth login".');
+        }
+    }
+    async accountAdd(params) {
+        return this.makeSignedRequest('POST', '/cloud-account/aws/account', params);
+    }
+    async accountGet(params) {
+        return this.makeSignedRequest('GET', `/cloud-account/aws/account/${params.accountId}`);
+    }
+    // ============================================================================
+    // Public API Methods
+    // ============================================================================
+    async accountList() {
+        return this.makeSignedRequest('GET', '/cloud-account/aws/accounts');
+    }
+    async accountRemove(params) {
+        return this.makeSignedRequest('DELETE', `/cloud-account/aws/account/${params.accountId}`);
+    }
+    async accountVerify(params) {
+        return this.makeSignedRequest('POST', `/cloud-account/aws/account/${params.accountId}/verify`);
+    }
+    async ciAccountCreate(params) {
+        return this.makeSignedRequest('POST', '/ci/accounts', params);
+    }
+    async ciAccountDelete(accountId) {
+        return this.makeSignedRequest('DELETE', `/ci/accounts/${accountId}`);
+    }
+    async ciAccountList() {
+        return this.makeSignedRequest('GET', '/ci/accounts');
+    }
+    async deploymentCheck(params) {
+        return this.makeSignedRequest('POST', '/deployments/check', params);
+    }
+    async deploymentCreate(params) {
+        return this.makeSignedRequest('POST', '/deployments', params);
+    }
+    async deploymentLaunch(params) {
+        return this.makeSignedRequest('POST', '/deployments/launch', params);
+    }
+    async deploymentList(params) {
+        return this.makeSignedRequest('GET', `/deployments?projectSlug=${params.projectSlug}&stage=${params.stage}`);
+    }
+    async gitAuthInitiate(provider) {
+        return this.makeSignedRequest('POST', `/git/${provider}/auth/initiate`);
+    }
+    async gitCheckRepoAccess(params) {
+        return this.makeSignedRequest('POST', '/git/repos/check-access', params);
+    }
+    async gitDeleteInstallation(provider, installationId) {
+        return this.makeSignedRequest('DELETE', `/git/installations/${provider}/${installationId}`);
+    }
+    async gitListInstallations(provider) {
+        const query = provider ? `?provider=${provider}` : '';
+        return this.makeSignedRequest('GET', `/git/installations${query}`);
+    }
+    async gitListRepos(params) {
+        const queryParams = new URLSearchParams({
+            installationId: params.installationId,
+            provider: params.provider,
+            ...(params.page && { page: String(params.page) }),
+            ...(params.perPage && { perPage: String(params.perPage) }),
+        });
+        return this.makeSignedRequest('GET', `/git/repos?${queryParams}`);
+    }
+    async jiraPreRegister(params) {
+        return this.makeSignedRequest('POST', '/hyperdrive/jira/pre-register', params);
+    }
+    /**
+     * Test API connection
+     */
+    async makeTestRequest() {
+        return this.makeSignedRequest('GET', '/');
+    }
+    async moduleAnalyze(slug) {
+        return this.makeSignedRequest('POST', `/modules/${slug}/analyze`);
+    }
+    async moduleCreate(module) {
+        return this.makeSignedRequest('POST', '/modules', module);
+    }
+    async moduleDestroy(params) {
+        return this.makeSignedRequest('DELETE', `/modules/${params.slug}`);
+    }
+    async moduleGet(params) {
+        return this.makeSignedRequest('GET', `/modules/${params.slug}`);
+    }
+    async moduleGetDockerfile(slug) {
+        try {
+            return await this.makeSignedRequest('GET', `/modules/${slug}/dockerfile`);
+        }
+        catch (error) {
+            // Return null if 404 (not found)
+            if (error?.response?.status === 404) {
+                return null;
+            }
+            throw error;
+        }
+    }
+    // ============================================================================
+    // AWS Account Methods
+    // ============================================================================
+    async moduleLink(params) {
+        return this.makeSignedRequest('POST', '/modules/link', params);
+    }
+    async moduleList() {
+        return this.makeSignedRequest('GET', '/modules');
+    }
+    async moduleReanalyze(slug, userPrompt) {
+        return this.makeSignedRequest('POST', `/modules/${slug}/reanalyze`, { userPrompt });
+    }
+    async moduleUpdate(params) {
+        const { slug, ...updateData } = params;
+        return this.makeSignedRequest('PUT', `/modules/${slug}`, updateData);
+    }
+    async parameterAdd(params) {
+        return this.makeSignedRequest('POST', '/parameters', params);
+    }
+    // ============================================================================
+    // Git Integration Methods
+    // ============================================================================
+    async parameterBackfill(params) {
+        return this.makeSignedRequest('POST', '/parameters/backfill', params);
+    }
+    async parameterClear(params) {
+        return this.makeSignedRequest('POST', '/parameters/clear', params);
+    }
+    async parameterList(params) {
+        return this.makeSignedRequest('GET', `/parameters?accountId=${params.accountId}&projectSlug=${params.projectSlug}&specific=${params.specific}&stage=${params.stage}`);
+    }
+    async parameterRemove(params) {
+        return this.makeSignedRequest('DELETE', `/parameters/${params.key}?accountId=${params.accountId}&projectSlug=${params.projectSlug}&specific=${params.specific}&stage=${params.stage}`);
+    }
+    async parameterSync(params) {
+        return this.makeSignedRequest('POST', '/parameters/sync', params);
+    }
+    // ============================================================================
+    // Jira Integration Methods
+    // ============================================================================
+    async parameterSyncStatus(params) {
+        return this.makeSignedRequest('GET', `/parameters/sync/${params.taskId}`);
+    }
+    // ============================================================================
+    // CI Account Methods
+    // ============================================================================
+    async parameterUpdate(params) {
+        return this.makeSignedRequest('PUT', `/parameters/${params.key}`, {
+            accountId: params.accountId,
+            encodedContent: params.encodedContent,
+            projectSlug: params.projectSlug,
+            specific: params.specific,
+            stage: params.stage
+        });
+    }
+    async stageCreate(params) {
+        return this.makeSignedRequest('POST', '/stages', params);
+    }
+    async stageGet(params) {
+        return this.makeSignedRequest('GET', `/stages/${params.name}`);
+    }
+    // ============================================================================
+    // Dockerfile Discovery Methods
+    // ============================================================================
+    async stageList() {
+        return this.makeSignedRequest('GET', '/stages');
+    }
+    async handleError(error) {
+        const axiosError = error;
+        if (axiosError.response) {
+            const data = axiosError.response.data;
+            // Handle outdated CLI version error with type safety
+            if (axiosError.response.status === 426 && isOutdatedCLIError(data)) {
+                await this.handleOutdatedCLI(data);
+            }
+            // Handle outdated role version error with type safety
+            if (axiosError.response.status === 426 && isOutdatedRoleError(data)) {
+                await this.handleOutdatedRole(data);
+            }
+            console.error('Error response:', axiosError.response.data);
+            console.error('Error status:', axiosError.response.status);
+            console.error('Error headers:', axiosError.response.headers);
+        }
+        else if (axiosError.request) {
+            console.error('Error request:', axiosError.request);
+        }
+        else {
+            console.error('Error message:', axiosError.message);
+        }
+        throw axiosError;
+    }
+    async handleOutdatedCLI(errorData) {
+        const { data } = errorData;
+        console.error('\n❌ Your Hyperdrive CLI is outdated\n');
+        console.error(`Current version: ${data.currentVersion}`);
+        console.error(`Required version: ${data.requiredVersion}\n`);
+        console.error('To update:');
+        console.error('  npm install -g hyperdrive.bot@latest');
+        console.error('  # or');
+        console.error('  hd update\n');
+        // Throw error to be caught by top-level handler
+        const error = new Error('CLI_OUTDATED');
+        error.code = 'OUTDATED_CLI_VERSION';
+        error.data = data;
+        throw error;
+    }
+    // ============================================================================
+    // Helper Methods
+    // ============================================================================
+    async handleOutdatedRole(errorData) {
+        const { data } = errorData;
+        const inquirer = (await import('inquirer')).default;
+        const open = (await import('open')).default;
+        console.error('\n❌ Your cross-account IAM role needs an update\n');
+        console.error(`Current version: ${data.currentVersion || 'unknown'}`);
+        console.error(`Required version: ${data.requiredVersion}\n`);
+        console.error('Update steps:');
+        data.instructions?.forEach((step) => console.error(`  ${step}`));
+        const { openBrowser } = await inquirer.prompt([{
+                default: true,
+                message: '\nOpen CloudFormation console to update?',
+                name: 'openBrowser',
+                type: 'confirm'
+            }]);
+        if (openBrowser) {
+            await open(data.quickCreateUrl);
+            console.log('\n✓ Browser opened. After updating, retry your command.\n');
+        }
+        else {
+            console.error('\nUpdate URL (copy and paste):');
+            console.error(`  ${data.quickCreateUrl}\n`);
+        }
+        // Exit gracefully - user needs to update their role first
+        process.exit(1);
+    }
+    handleResponse(response) {
+        return response.data;
+    }
+    /**
+     * Make a signed API request
+     */
+    async makeSignedRequest(method, path, data) {
+        try {
+            // Ensure we have valid credentials (auto-refreshes if needed)
+            const credentials = await this.authService.ensureValidCredentials();
+            // Sign the request
+            const signedRequest = await this.signRequest(method, path, credentials.awsCredentials, data);
+            // Convert signed request to axios config
+            // Build URL with query string if present
+            let url = `${signedRequest.protocol}//${signedRequest.hostname}${signedRequest.path}`;
+            if (signedRequest.query && Object.keys(signedRequest.query).length > 0) {
+                const queryString = new URLSearchParams(signedRequest.query).toString();
+                url += `?${queryString}`;
+            }
+            const response = await axios({
+                data: signedRequest.body,
+                headers: signedRequest.headers,
+                method: signedRequest.method,
+                url,
+            });
+            return this.handleResponse(response);
+        }
+        catch (error) {
+            return this.handleError(error);
+        }
+    }
+    /**
+     * Sign an HTTP request using AWS Signature V4
+     */
+    async signRequest(method, path, credentials, body) {
+        // Parse API URL
+        const url = new URL(this.apiUrl);
+        const hostname = url.hostname;
+        const protocol = url.protocol.replace(':', '');
+        const basePath = url.pathname.replace(/\/$/, ''); // Remove trailing slash
+        // Parse query string from path if present
+        let pathWithoutQuery = path;
+        let query;
+        const queryIndex = path.indexOf('?');
+        if (queryIndex !== -1) {
+            pathWithoutQuery = path.substring(0, queryIndex);
+            const queryString = path.substring(queryIndex + 1);
+            query = {};
+            const params = new URLSearchParams(queryString);
+            for (const [key, value] of params) {
+                query[key] = value;
+            }
+        }
+        // Combine base path with request path (without query string)
+        const fullPath = basePath + pathWithoutQuery;
+        // Create signer
+        const signer = new SignatureV4({
+            credentials: {
+                accessKeyId: credentials.accessKeyId,
+                secretAccessKey: credentials.secretAccessKey,
+                sessionToken: credentials.sessionToken,
+            },
+            region: this.region,
+            service: 'execute-api',
+            sha256: Sha256,
+        });
+        // Prepare request
+        const request = new HttpRequest({
+            body: body ? JSON.stringify(body) : undefined,
+            headers: {
+                'Content-Type': 'application/json',
+                'User-Agent': `hyperdrive-cli/${CLI_VERSION}`,
+                'X-Tenant-Domain': this.tenantDomain,
+                host: hostname,
+            },
+            hostname,
+            method: method.toUpperCase(),
+            path: fullPath,
+            protocol,
+            query,
+        });
+        // Sign the request
+        const signedRequest = await signer.sign(request);
+        return signedRequest;
+    }
+}

package/dist/services/hyperdrive.d.ts

@@ -0,0 +1,87 @@
+interface DeploymentCheckResponse {
+    [key: string]: unknown;
+    status: string;
+}
+interface DeploymentResponse {
+    [key: string]: unknown;
+}
+interface ModuleResponse {
+    [key: string]: unknown;
+}
+interface ParameterSyncResponse {
+    [key: string]: unknown;
+    errors?: string[];
+}
+interface StageResponse {
+    [key: string]: unknown;
+}
+export declare class HyperdriveService {
+    deploymentCheck({ name, projectSlug, stage, token }: {
+        name: string;
+        projectSlug: string;
+        stage: string;
+        token: string;
+    }): Promise<DeploymentCheckResponse>;
+    deploymentCreate({ commit, launch, name, projectSlug, regions, stage, token }: {
+        commit: string;
+        launch: boolean;
+        name: string;
+        projectSlug: string;
+        regions: string[];
+        stage: string;
+        token: string;
+    }): Promise<DeploymentResponse>;
+    deploymentLaunch({ name, projectSlug, region, stage, token }: {
+        name: string;
+        projectSlug: string;
+        region?: string;
+        stage: string;
+        token: string;
+    }): Promise<DeploymentResponse>;
+    moduleCreate(module: {
+        buildCommand: string;
+        buildFolder: string;
+        ciService: string;
+        framework: string;
+        installCommand: string;
+        name: string;
+        runCommand: string;
+        slug: string;
+        sourceLocation: string;
+        token: string;
+    }): Promise<ModuleResponse>;
+    moduleLink({ originSlug, parameter: parameters, targetSlug, token }: {
+        originSlug: string;
+        parameter: string[];
+        targetSlug: string;
+        token: string;
+    }): Promise<ModuleResponse>;
+    parameterSync({ accountId, encodedContent, projectSlug, specific, stage, token }: {
+        accountId: string;
+        encodedContent: string;
+        projectSlug?: string;
+        specific: boolean;
+        stage?: string;
+        token: string;
+    }): Promise<ParameterSyncResponse>;
+    stageCreate({ accountId, branchName, defaultStage, deletionProtection, name, production, project: projects, provider, region: regions, token }: {
+        accountId?: string;
+        branchName: string;
+        defaultStage: boolean;
+        deletionProtection: boolean;
+        name: string;
+        production: boolean;
+        project: string[];
+        provider?: string;
+        region: string[];
+        token: string;
+    }): Promise<StageResponse>;
+    stageGet({ name, token }: {
+        name: string;
+        token: string;
+    }): Promise<StageResponse>;
+    private handleError;
+    private handleRequest;
+    private handleResponse;
+}
+export {};

package/dist/services/hyperdrive.js

@@ -0,0 +1,108 @@
+import axios from 'axios';
+export class HyperdriveService {
+    async deploymentCheck({ name, projectSlug, stage, token }) {
+        return this.handleRequest({
+            data: { name, projectSlug, stage },
+            method: 'post',
+            token,
+            url: `${process.env.HYPERDRIVE_API_URL}/deployment/check`,
+        });
+    }
+    async deploymentCreate({ commit, launch, name, projectSlug, regions, stage, token }) {
+        return this.handleRequest({
+            data: {
+                commit, launch, name, projectSlug, regions, stage,
+            },
+            method: 'post',
+            token,
+            url: `${process.env.HYPERDRIVE_API_URL}/deployment`,
+        });
+    }
+    async deploymentLaunch({ name, projectSlug, region, stage, token }) {
+        return this.handleRequest({
+            data: {
+                name, projectSlug, region, stage,
+            },
+            method: 'post',
+            token,
+            url: `${process.env.HYPERDRIVE_API_URL}/deployment/${name}/launch`,
+        });
+    }
+    async moduleCreate(module) {
+        return this.handleRequest({
+            data: module,
+            method: 'post',
+            token: module.token,
+            url: `${process.env.HYPERDRIVE_API_URL}/module`,
+        });
+    }
+    async moduleLink({ originSlug, parameter: parameters, targetSlug, token }) {
+        return this.handleRequest({
+            data: { originSlug, parameters, targetSlug },
+            method: 'post',
+            token,
+            url: `${process.env.HYPERDRIVE_API_URL}/module/link`,
+        });
+    }
+    async parameterSync({ accountId, encodedContent, projectSlug, specific, stage, token }) {
+        return this.handleRequest({
+            data: {
+                accountId, encodedContent, projectSlug, specific, stage,
+            },
+            method: 'post',
+            token,
+            url: `${process.env.HYPERDRIVE_API_URL}/parameter/sync`,
+        });
+    }
+    async stageCreate({ accountId, branchName, defaultStage, deletionProtection, name, production, project: projects, provider, region: regions, token }) {
+        return this.handleRequest({
+            data: {
+                accountId, branchName, defaultStage, deletionProtection, name, production, projects, provider, regions,
+            },
+            method: 'post',
+            token,
+            url: `${process.env.HYPERDRIVE_API_URL}/stage`,
+        });
+    }
+    async stageGet({ name, token }) {
+        return this.handleRequest({
+            method: 'get',
+            token,
+            url: `${process.env.HYPERDRIVE_API_URL}/stage/${name}`,
+        });
+    }
+    handleError(error) {
+        const axiosError = error;
+        if (axiosError.response) {
+            console.error('Error response:', axiosError.response.data);
+            console.error('Error status:', axiosError.response.status);
+            console.error('Error headers:', axiosError.response.headers);
+        }
+        else if (axiosError.request) {
+            console.error('Error request:', axiosError.request);
+        }
+        else {
+            console.error('Error message:', axiosError.message);
+        }
+        throw axiosError;
+    }
+    async handleRequest({ data, method, token, url }) {
+        try {
+            const response = await axios({
+                data: method === 'post' ? data : undefined,
+                headers: {
+                    Authorization: `Bearer ${token}`,
+                },
+                method,
+                url,
+            });
+            return this.handleResponse(response);
+        }
+        catch (error) {
+            return this.handleError(error);
+        }
+    }
+    handleResponse(response) {
+        return response.data;
+    }
+}

package/dist/services/log-tailer.d.ts

@@ -0,0 +1,95 @@
+/**
+ * CloudWatch Log Tailer Service
+ *
+ * Provides real-time log streaming from CloudWatch for deployment feedback.
+ * Uses scoped temporary credentials provided by the API for least-privilege access.
+ */
+/**
+ * Scoped AWS credentials returned by the API
+ */
+export interface ScopedCredentials {
+    accessKeyId: string;
+    expiration: string;
+    secretAccessKey: string;
+    sessionToken: string;
+}
+/**
+ * Logging configuration returned by the API
+ */
+export interface LoggingConfig {
+    credentials: ScopedCredentials;
+    logGroup: string;
+    logStream: string;
+    region: string;
+}
+/**
+ * Tailer options
+ */
+export interface TailerOptions {
+    pollInterval?: number;
+    showDebug?: boolean;
+    verbose?: boolean;
+}
+/**
+ * Tailer result
+ */
+export interface TailerResult {
+    details?: Record<string, unknown>;
+    message: string;
+    success: boolean;
+}
+/**
+ * CloudWatch Log Tailer
+ *
+ * Streams deployment logs in real-time and displays progress to the user.
+ */
+export declare class CloudWatchLogTailer {
+    private client;
+    private config;
+    private currentStage;
+    private isComplete;
+    private lastEventTime;
+    private options;
+    private spinner;
+    constructor(config: LoggingConfig, options?: TailerOptions);
+    /**
+     * Start tailing logs until deployment completes or fails
+     */
+    tail(): Promise<TailerResult>;
+    /**
+     * Fetch new events from CloudWatch
+     */
+    private fetchNewEvents;
+    /**
+     * Format duration in human-readable form
+     */
+    private formatDuration;
+    /**
+     * Get color function for log level
+     */
+    private getLevelColor;
+    /**
+     * Handle a log line event
+     */
+    private handleLogEvent;
+    /**
+     * Handle a stage transition event
+     */
+    private handleStageEvent;
+    /**
+     * Check if credentials are still valid
+     */
+    private isCredentialsValid;
+    /**
+     * Process a single event
+     */
+    private processEvent;
+    /**
+     * Render a progress bar
+     */
+    private renderProgressBar;
+    /**
+     * Sleep for specified milliseconds
+     */
+    private sleep;
+}