@hyperdrive.bot/cli 1.0.2

package/dist/services/log-tailer.js

@@ -0,0 +1,242 @@
+/**
+ * CloudWatch Log Tailer Service
+ *
+ * Provides real-time log streaming from CloudWatch for deployment feedback.
+ * Uses scoped temporary credentials provided by the API for least-privilege access.
+ */
+import { CloudWatchLogsClient, FilterLogEventsCommand, } from '@aws-sdk/client-cloudwatch-logs';
+import chalk from 'chalk';
+import ora from 'ora';
+/**
+ * CloudWatch Log Tailer
+ *
+ * Streams deployment logs in real-time and displays progress to the user.
+ */
+export class CloudWatchLogTailer {
+    client;
+    config;
+    currentStage = '';
+    isComplete = false;
+    lastEventTime = 0;
+    options;
+    spinner;
+    constructor(config, options = {}) {
+        this.config = config;
+        this.options = {
+            pollInterval: options.pollInterval ?? 1000,
+            showDebug: options.showDebug ?? false,
+            verbose: options.verbose ?? false,
+        };
+        // Create CloudWatch client with scoped credentials
+        this.client = new CloudWatchLogsClient({
+            credentials: {
+                accessKeyId: config.credentials.accessKeyId,
+                secretAccessKey: config.credentials.secretAccessKey,
+                sessionToken: config.credentials.sessionToken,
+            },
+            region: config.region,
+        });
+        this.spinner = ora({ spinner: 'dots' });
+    }
+    /**
+     * Start tailing logs until deployment completes or fails
+     */
+    async tail() {
+        this.spinner.start(chalk.gray('Connecting to deployment logs...'));
+        const startTime = Date.now();
+        const timeout = 30 * 60 * 1000; // 30 min timeout
+        let retryCount = 0;
+        const maxRetries = 60; // 60 retries * 2s = 2 minutes waiting for logs to appear
+        let lastActivityTime = Date.now();
+        while (!this.isComplete) {
+            // Check credentials validity
+            if (!this.isCredentialsValid()) {
+                this.spinner.fail(chalk.red('Log streaming credentials expired'));
+                return {
+                    message: 'Credentials expired. Deployment may still be running.',
+                    success: false,
+                };
+            }
+            try {
+                const events = await this.fetchNewEvents();
+                if (events.length > 0) {
+                    retryCount = 0; // Reset retry count on successful fetch
+                    lastActivityTime = Date.now();
+                    for (const event of events) {
+                        this.processEvent(event);
+                    }
+                }
+                // Check for timeout
+                if (Date.now() - startTime > timeout) {
+                    this.spinner.fail(chalk.red('Deployment timed out after 30 minutes'));
+                    return { message: 'Timeout', success: false };
+                }
+                // Warn if no activity for 5 minutes
+                if (Date.now() - lastActivityTime > 5 * 60 * 1000 && !this.isComplete) {
+                    this.spinner.text = chalk.yellow('No activity for 5 minutes, still waiting...');
+                }
+                await this.sleep(this.options.pollInterval);
+            }
+            catch (error) {
+                const err = error;
+                // Log stream may not have events yet
+                if (err.name === 'ResourceNotFoundException') {
+                    retryCount++;
+                    if (retryCount > maxRetries) {
+                        this.spinner.fail(chalk.red('Log stream not found after waiting'));
+                        return { message: 'Log stream unavailable', success: false };
+                    }
+                    this.spinner.text = chalk.gray(`Waiting for deployment to start... (${retryCount}/${maxRetries})`);
+                    await this.sleep(2000);
+                    continue;
+                }
+                // Access denied = credentials issue
+                if (err.name === 'AccessDeniedException') {
+                    this.spinner.fail(chalk.red('Access denied to log stream'));
+                    return { message: 'Access denied', success: false };
+                }
+                // Unknown error
+                this.spinner.fail(chalk.red(`Error: ${err.message}`));
+                throw error;
+            }
+        }
+        return {
+            message: this.currentStage === 'completed'
+                ? 'Deployment complete!'
+                : 'Deployment failed',
+            success: this.currentStage === 'completed',
+        };
+    }
+    /**
+     * Fetch new events from CloudWatch
+     */
+    async fetchNewEvents() {
+        const command = new FilterLogEventsCommand({
+            logGroupName: this.config.logGroup,
+            logStreamNames: [this.config.logStream],
+            startTime: this.lastEventTime + 1, // Exclude already-seen events
+        });
+        const response = await this.client.send(command);
+        return (response.events || [])
+            .map((e) => {
+            // Update last event time
+            if (e.timestamp && e.timestamp > this.lastEventTime) {
+                this.lastEventTime = e.timestamp;
+            }
+            try {
+                return JSON.parse(e.message || '{}');
+            }
+            catch {
+                return null;
+            }
+        })
+            .filter((e) => e !== null);
+    }
+    /**
+     * Format duration in human-readable form
+     */
+    formatDuration(ms) {
+        const seconds = Math.floor(ms / 1000);
+        if (seconds < 60)
+            return `${seconds}s`;
+        const minutes = Math.floor(seconds / 60);
+        const secs = seconds % 60;
+        return `${minutes}m ${secs}s`;
+    }
+    /**
+     * Get color function for log level
+     */
+    getLevelColor(level) {
+        switch (level) {
+            case 'debug':
+                return chalk.gray;
+            case 'error':
+                return chalk.red;
+            case 'info':
+                return chalk.white;
+            case 'warn':
+                return chalk.yellow;
+            default:
+                return chalk.white;
+        }
+    }
+    /**
+     * Handle a log line event
+     */
+    handleLogEvent(event) {
+        if (!this.options.verbose)
+            return;
+        if (event.level === 'debug' && !this.options.showDebug)
+            return;
+        const levelColor = this.getLevelColor(event.level);
+        const sourceTag = chalk.dim(`[${event.source}]`);
+        const line = levelColor(event.line || '');
+        // Temporarily hide spinner, print log, restore
+        this.spinner.clear();
+        console.log(`  ${sourceTag} ${line}`);
+        this.spinner.render();
+    }
+    /**
+     * Handle a stage transition event
+     */
+    handleStageEvent(event) {
+        this.currentStage = event.stage || '';
+        const { icon, message, progress, stage, totalDuration } = event;
+        if (stage === 'completed') {
+            const duration = totalDuration ? ` in ${this.formatDuration(totalDuration)}` : '';
+            this.spinner.succeed(chalk.green(`${icon || '🎉'} ${message}${duration}`));
+            this.isComplete = true;
+        }
+        else if (stage === 'failed') {
+            this.spinner.fail(chalk.red(`${icon || '❌'} ${message}`));
+            this.isComplete = true;
+        }
+        else {
+            const bar = this.renderProgressBar(progress || 0);
+            const time = totalDuration
+                ? chalk.dim(` (${this.formatDuration(totalDuration)})`)
+                : '';
+            this.spinner.text = `${bar} ${icon || '•'} ${chalk.cyan(message)}${time}`;
+        }
+    }
+    /**
+     * Check if credentials are still valid
+     */
+    isCredentialsValid() {
+        const expiration = new Date(this.config.credentials.expiration);
+        const now = new Date();
+        // Add 60 second buffer
+        return expiration.getTime() - now.getTime() > 60_000;
+    }
+    /**
+     * Process a single event
+     */
+    processEvent(event) {
+        if (event.type === 'stage') {
+            this.handleStageEvent(event);
+        }
+        else if (event.type === 'log') {
+            this.handleLogEvent(event);
+        }
+    }
+    /**
+     * Render a progress bar
+     */
+    renderProgressBar(progress) {
+        if (progress < 0)
+            return chalk.red('[FAILED]');
+        const width = 20;
+        const filled = Math.round((progress / 100) * width);
+        const bar = '█'.repeat(filled) + '░'.repeat(width - filled);
+        const pct = progress.toString().padStart(3);
+        return chalk.blue(`[${bar}] ${pct}%`);
+    }
+    /**
+     * Sleep for specified milliseconds
+     */
+    sleep(ms) {
+        return new Promise((resolve) => {
+            setTimeout(resolve, ms);
+        });
+    }
+}

package/dist/services/tenant-service.d.ts

@@ -0,0 +1,106 @@
+export interface TenantConfig {
+    apiUrl: string;
+    cognitoClientId: string;
+    cognitoDomain: string;
+    cognitoIdentityPoolId: string;
+    cognitoUserPoolId: string;
+    displayName: string;
+    region: string;
+    tenantDomain: string;
+    tenantId: string;
+}
+export interface CLIConfig {
+    apiUrl?: string;
+    bootstrapUrl?: string;
+    domains?: Record<string, {
+        apiUrl?: string;
+        bootstrapUrl?: string;
+        region?: string;
+    }>;
+    region?: string;
+    tenantDomain?: string;
+}
+/**
+ * Tenant Service for CLI
+ *
+ * Handles tenant resolution and Cognito configuration discovery via bootstrap endpoint.
+ * Supports environment variables and config file overrides.
+ */
+export declare class TenantService {
+    private readonly configDir;
+    private readonly configPath;
+    private readonly defaultBootstrapUrl;
+    private readonly defaultDomainPath;
+    private readonly domain?;
+    constructor(domain?: string);
+    /**
+     * Clear cached tenant configuration
+     */
+    clearCache(): void;
+    /**
+     * Fetch tenant configuration from bootstrap endpoint
+     */
+    fetchTenantConfig(tenantDomain?: string): Promise<TenantConfig>;
+    /**
+     * Get all configured domains
+     */
+    getConfiguredDomains(): string[];
+    /**
+     * Get current tenant configuration (from cache or fetch)
+     */
+    getCurrentTenant(): Promise<TenantConfig>;
+    /**
+     * Get default domain from file
+     */
+    getDefaultDomain(): null | string;
+    /**
+     * Get tenant domain with fallback chain:
+     * 1. Constructor domain parameter (from --domain flag)
+     * 2. Environment variable
+     * 3. Default domain file
+     * 4. Legacy single domain from config
+     * 5. Return null (caller should prompt user interactively)
+     */
+    getTenantDomain(): null | string;
+    /**
+     * Save CLI configuration to file
+     */
+    saveConfig(config: CLIConfig): void;
+    /**
+     * Set default domain
+     */
+    setDefaultDomain(domain: string): void;
+    /**
+     * Set tenant domain in config file
+     *
+     * Public method for init wizard to persist tenant domain configuration.
+     * Creates config directory if needed and applies 0o600 permissions.
+     *
+     * @param domain - The tenant domain to save
+     */
+    setTenantDomain(domain: string): void;
+    /**
+     * Display current configuration
+     */
+    showConfig(): void;
+    /**
+     * Get API URL for a region
+     */
+    private getApiUrl;
+    /**
+     * Get bootstrap URL with fallback chain:
+     * 1. Environment variable
+     * 2. Config file
+     * 3. Construct from tenant domain
+     * 4. Default URL
+     */
+    private getBootstrapUrl;
+    /**
+     * Load CLI configuration from file
+     */
+    private loadConfigFile;
+    /**
+     * Save tenant domain to config file for future use
+     */
+    private saveTenantDomainToConfig;
+}

package/dist/services/tenant-service.js

@@ -0,0 +1,332 @@
+import axios from 'axios';
+import chalk from 'chalk';
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'fs';
+import { homedir } from 'os';
+import { join } from 'path';
+/**
+ * Tenant Service for CLI
+ *
+ * Handles tenant resolution and Cognito configuration discovery via bootstrap endpoint.
+ * Supports environment variables and config file overrides.
+ */
+export class TenantService {
+    configDir;
+    configPath;
+    defaultBootstrapUrl = 'https://api.hyperdrive.bot/tenant/bootstrap';
+    defaultDomainPath;
+    domain;
+    constructor(domain) {
+        this.configDir = join(homedir(), '.hyperdrive');
+        this.configPath = join(this.configDir, 'config.json');
+        this.defaultDomainPath = join(this.configDir, 'default-domain');
+        this.domain = domain;
+    }
+    /**
+     * Clear cached tenant configuration
+     */
+    clearCache() {
+        const config = this.loadConfigFile();
+        if (config) {
+            // Remove tenant-specific settings but keep custom URLs
+            const { tenantDomain, ...rest } = config;
+            this.saveConfig(rest);
+        }
+    }
+    /**
+     * Fetch tenant configuration from bootstrap endpoint
+     */
+    async fetchTenantConfig(tenantDomain) {
+        const domain = tenantDomain || this.getTenantDomain();
+        if (!domain) {
+            throw new Error('Tenant not configured. Run `hd init` to set up your environment.');
+        }
+        const bootstrapUrl = this.getBootstrapUrl();
+        try {
+            console.log(chalk.gray(`🔗 Fetching tenant config for: ${domain}`));
+            console.log(chalk.gray(`📍 Using bootstrap endpoint: ${bootstrapUrl}`));
+            const response = await axios.get(bootstrapUrl, {
+                headers: {
+                    'Accept': 'application/json',
+                    'X-Tenant-Domain': domain,
+                },
+            });
+            const bootstrap = response.data;
+            if (!bootstrap.amplifyConfig) {
+                throw new Error('Tenant authentication not configured');
+            }
+            const { Cognito } = bootstrap.amplifyConfig.Auth;
+            const region = Cognito.region;
+            // Extract Cognito domain from OAuth config or construct from tenant ID
+            // The bootstrap response may provide either:
+            // - Just the prefix (e.g., "api-tenants-dev-semana-43-a1c4ea06")
+            // - Full domain (e.g., "api-tenants-dev-devsquad-804677f8.auth.sa-east-1.amazoncognito.com")
+            let cognitoDomain;
+            if (Cognito.loginWith?.oauth?.domain) {
+                const oauthDomain = Cognito.loginWith.oauth.domain;
+                // Check if domain already includes amazoncognito.com (full domain provided)
+                if (oauthDomain.includes('.amazoncognito.com')) {
+                    cognitoDomain = oauthDomain;
+                }
+                else {
+                    cognitoDomain = `${oauthDomain}.auth.${region}.amazoncognito.com`;
+                }
+            }
+            else {
+                // Fallback: construct from tenant ID
+                cognitoDomain = `${bootstrap.tenantId}.auth.${region}.amazoncognito.com`;
+            }
+            const config = {
+                apiUrl: this.getApiUrl(region, bootstrap.amplifyConfig.API, domain),
+                cognitoClientId: Cognito.userPoolClientId,
+                cognitoDomain,
+                cognitoIdentityPoolId: Cognito.identityPoolId || '',
+                cognitoUserPoolId: Cognito.userPoolId,
+                displayName: bootstrap.displayName,
+                region,
+                tenantDomain: domain,
+                tenantId: bootstrap.tenantId,
+            };
+            // Cache the tenant domain for future use
+            this.saveTenantDomainToConfig(domain);
+            // Set as default domain if no default exists
+            if (!this.getDefaultDomain()) {
+                this.setDefaultDomain(domain);
+            }
+            return config;
+        }
+        catch (error) {
+            if (axios.isAxiosError(error)) {
+                if (error.response?.status === 404) {
+                    throw new Error(`Tenant not found: ${domain}`);
+                }
+                throw new Error(`Failed to fetch tenant config: ${error.response?.data?.message || error.message}`);
+            }
+            throw error;
+        }
+    }
+    /**
+     * Get all configured domains
+     */
+    getConfiguredDomains() {
+        const config = this.loadConfigFile();
+        const domains = new Set();
+        // Add legacy single domain if exists
+        if (config?.tenantDomain) {
+            domains.add(config.tenantDomain);
+        }
+        // Add multi-domain entries
+        if (config?.domains) {
+            Object.keys(config.domains).forEach(d => domains.add(d));
+        }
+        return Array.from(domains);
+    }
+    /**
+     * Get current tenant configuration (from cache or fetch)
+     */
+    async getCurrentTenant() {
+        return this.fetchTenantConfig();
+    }
+    /**
+     * Get default domain from file
+     */
+    getDefaultDomain() {
+        try {
+            if (!existsSync(this.defaultDomainPath)) {
+                return null;
+            }
+            return readFileSync(this.defaultDomainPath, 'utf8').trim();
+        }
+        catch (error) {
+            return null;
+        }
+    }
+    /**
+     * Get tenant domain with fallback chain:
+     * 1. Constructor domain parameter (from --domain flag)
+     * 2. Environment variable
+     * 3. Default domain file
+     * 4. Legacy single domain from config
+     * 5. Return null (caller should prompt user interactively)
+     */
+    getTenantDomain() {
+        // Priority 1: Explicit domain parameter (from --domain flag)
+        if (this.domain) {
+            return this.domain;
+        }
+        // Priority 2: Environment variable
+        if (process.env.HYPERDRIVE_TENANT_DOMAIN) {
+            return process.env.HYPERDRIVE_TENANT_DOMAIN;
+        }
+        // Priority 3: Default domain file
+        const defaultDomain = this.getDefaultDomain();
+        if (defaultDomain) {
+            return defaultDomain;
+        }
+        // Priority 4: Legacy single domain from config file
+        const config = this.loadConfigFile();
+        if (config?.tenantDomain) {
+            return config.tenantDomain;
+        }
+        // Priority 5: Return null to trigger interactive prompt
+        return null;
+    }
+    /**
+     * Save CLI configuration to file
+     */
+    saveConfig(config) {
+        try {
+            if (!existsSync(this.configDir)) {
+                mkdirSync(this.configDir, { recursive: true });
+            }
+            writeFileSync(this.configPath, JSON.stringify(config, null, 2), { mode: 0o600 });
+            console.log(chalk.gray(`✓ Configuration saved to ${this.configPath}`));
+        }
+        catch (error) {
+            console.error(chalk.red('Failed to save configuration:'), error);
+        }
+    }
+    /**
+     * Set default domain
+     */
+    setDefaultDomain(domain) {
+        try {
+            if (!existsSync(this.configDir)) {
+                mkdirSync(this.configDir, { recursive: true });
+            }
+            writeFileSync(this.defaultDomainPath, domain, { mode: 0o600 });
+            console.log(chalk.gray(`✓ Default domain set to ${domain}`));
+        }
+        catch (error) {
+            console.error(chalk.red('Failed to set default domain:'), error);
+        }
+    }
+    /**
+     * Set tenant domain in config file
+     *
+     * Public method for init wizard to persist tenant domain configuration.
+     * Creates config directory if needed and applies 0o600 permissions.
+     *
+     * @param domain - The tenant domain to save
+     */
+    setTenantDomain(domain) {
+        this.saveTenantDomainToConfig(domain);
+    }
+    /**
+     * Display current configuration
+     */
+    showConfig() {
+        const config = this.loadConfigFile();
+        const tenantDomain = this.getTenantDomain();
+        const bootstrapUrl = this.getBootstrapUrl();
+        console.log(chalk.blue('🔧 Current Configuration'));
+        console.log('');
+        console.log(chalk.white('Bootstrap URL:'), chalk.cyan(bootstrapUrl));
+        console.log(chalk.white('Source:'), process.env.HYPERDRIVE_BOOTSTRAP_URL
+            ? chalk.yellow('ENV')
+            : config?.bootstrapUrl
+                ? chalk.green('Config File')
+                : chalk.gray('Default'));
+        console.log('');
+        console.log(chalk.white('Tenant Domain:'), tenantDomain ? chalk.cyan(tenantDomain) : chalk.gray('Not set'));
+        if (tenantDomain) {
+            console.log(chalk.white('Source:'), process.env.HYPERDRIVE_TENANT_DOMAIN
+                ? chalk.yellow('ENV')
+                : config?.tenantDomain
+                    ? chalk.green('Config File')
+                    : chalk.gray('Unknown'));
+        }
+        console.log('');
+        console.log(chalk.gray('Config file: ' + this.configPath));
+    }
+    /**
+     * Get API URL for a region
+     */
+    getApiUrl(region, apiConfig, domain) {
+        // Priority 1: Environment variable (for testing/override)
+        if (process.env.HYPERDRIVE_API_URL) {
+            console.log(chalk.gray(`✓ Using API endpoint from environment: ${process.env.HYPERDRIVE_API_URL}`));
+            return process.env.HYPERDRIVE_API_URL;
+        }
+        // Priority 2: Domain-specific config (for multi-domain setups)
+        const config = this.loadConfigFile();
+        if (domain && config?.domains?.[domain]?.apiUrl) {
+            const domainApiUrl = config.domains[domain].apiUrl;
+            console.log(chalk.gray(`✓ Using API endpoint from domain config: ${domainApiUrl}`));
+            return domainApiUrl;
+        }
+        // Priority 3: Legacy global config file (for manual override)
+        if (config?.apiUrl) {
+            console.log(chalk.gray(`✓ Using API endpoint from config: ${config.apiUrl}`));
+            return config.apiUrl;
+        }
+        // Priority 4: From bootstrap API config (REQUIRED - no fallback)
+        if (apiConfig?.REST?.hyperdrive?.endpoint) {
+            console.log(chalk.gray(`✓ Using API endpoint from bootstrap: ${apiConfig.REST.hyperdrive.endpoint}`));
+            return apiConfig.REST.hyperdrive.endpoint;
+        }
+        // No hyperdrive endpoint found - user doesn't have access
+        throw new Error('Hyperdrive API not available for this tenant.\n\n' +
+            chalk.yellow('This tenant does not have access to Hyperdrive.\n') +
+            chalk.gray('Please contact your administrator to enable the Hyperdrive module.'));
+    }
+    /**
+     * Get bootstrap URL with fallback chain:
+     * 1. Environment variable
+     * 2. Config file
+     * 3. Construct from tenant domain
+     * 4. Default URL
+     */
+    getBootstrapUrl() {
+        // Priority 1: Environment variable
+        if (process.env.HYPERDRIVE_BOOTSTRAP_URL) {
+            return process.env.HYPERDRIVE_BOOTSTRAP_URL;
+        }
+        // Priority 2: Config file
+        const config = this.loadConfigFile();
+        if (config?.bootstrapUrl) {
+            return config.bootstrapUrl;
+        }
+        // Priority 3: Construct from tenant domain if configured
+        const tenantDomain = this.getTenantDomain();
+        if (tenantDomain) {
+            return `https://${tenantDomain}/tenant/bootstrap`;
+        }
+        // Priority 4: Default
+        return this.defaultBootstrapUrl;
+    }
+    /**
+     * Load CLI configuration from file
+     */
+    loadConfigFile() {
+        try {
+            if (!existsSync(this.configPath)) {
+                return null;
+            }
+            const data = readFileSync(this.configPath, 'utf8');
+            return JSON.parse(data);
+        }
+        catch (error) {
+            console.error(chalk.yellow('⚠️  Failed to load config file, using defaults'));
+            return null;
+        }
+    }
+    /**
+     * Save tenant domain to config file for future use
+     */
+    saveTenantDomainToConfig(tenantDomain) {
+        const existingConfig = this.loadConfigFile() || {};
+        // Initialize domains object if it doesn't exist
+        if (!existingConfig.domains) {
+            existingConfig.domains = {};
+        }
+        // Add this domain to the domains map (even if just an empty object for now)
+        if (!existingConfig.domains[tenantDomain]) {
+            existingConfig.domains[tenantDomain] = {};
+        }
+        // Also keep legacy tenantDomain for backward compatibility
+        this.saveConfig({
+            ...existingConfig,
+            tenantDomain,
+        });
+    }
+}