@hyperdrive.bot/cli 1.0.6 → 1.0.8

package/dist/services/hyperdrive-sigv4.js

@@ -1,72 +1,45 @@
-import { Sha256 } from '@aws-crypto/sha256-js';
-import { HttpRequest } from '@smithy/protocol-http';
-import { SignatureV4 } from '@smithy/signature-v4';
-import axios from 'axios';
+/**
+ * Hyperdrive API Service with AWS SigV4 authentication
+ *
+ * This service extends @devsquad/cli-auth SigV4ApiClient to provide
+ * hyperdrive-specific API methods with AWS Signature V4 signing.
+ */
+import { SigV4ApiClient, } from '@hyperdrive.bot/cli-auth';
 import { readFileSync } from 'fs';
 import { dirname, join } from 'path';
 import { fileURLToPath } from 'url';
-import { AuthService } from './auth-service.js';
+import { HYPERDRIVE_AUTH_CONFIG } from './auth-service.js';
 // Get CLI version from package.json
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 const packageJson = JSON.parse(readFileSync(join(__dirname, '../../package.json'), 'utf-8'));
 const CLI_VERSION = packageJson.version;
-// Type guards
-function isOutdatedCLIError(data) {
-    return (data &&
-        data.code === 'OUTDATED_CLI_VERSION' &&
-        data.data &&
-        typeof data.data.currentVersion === 'string' &&
-        typeof data.data.requiredVersion === 'string' &&
-        typeof data.data.updateCommand === 'string');
-}
-function isOutdatedRoleError(data) {
-    return (data &&
-        data.code === 'OUTDATED_ROLE_VERSION' &&
-        data.data &&
-        typeof data.data.accountId === 'string' &&
-        typeof data.data.currentVersion === 'string' &&
-        typeof data.data.requiredVersion === 'string' &&
-        typeof data.data.quickCreateUrl === 'string');
-}
 /**
  * Hyperdrive API Service with AWS SigV4 authentication
- *
- * This service signs all API requests using AWS Signature Version 4,
- * which allows both CLI and web frontend to use the same endpoints
- * with unified AWS IAM authentication via Cognito.
  */
-export class HyperdriveSigV4Service {
-    apiUrl;
-    authService;
-    region;
-    tenantDomain;
+export class HyperdriveSigV4Service extends SigV4ApiClient {
+    userGroupsApiUrl;
     constructor(domain) {
-        this.authService = new AuthService(domain);
-        // Load credentials to get API URL and region
-        const credentials = this.authService.loadCredentials();
-        if (!credentials) {
-            const domainMsg = domain ? ` for domain "${domain}"` : '';
-            throw new Error(`Not authenticated${domainMsg}. Please run "hd auth login${domain ? ' --domain ' + domain : ''}" first.`);
-        }
-        // Use environment variable override if set, otherwise use from credentials
-        this.apiUrl = process.env.HYPERDRIVE_API_URL || credentials.apiUrl;
-        this.region = process.env.HYPERDRIVE_AWS_REGION || credentials.region;
-        this.tenantDomain = credentials.tenantDomain;
-        if (!this.apiUrl) {
-            throw new Error('Hyperdrive API URL not configured.\n' +
-                'Please re-authenticate with "hd auth login".');
-        }
+        super({
+            authConfig: HYPERDRIVE_AUTH_CONFIG,
+            domain,
+            cliName: 'hyperdrive-cli',
+            cliVersion: CLI_VERSION,
+            apiUrlOverride: process.env.HYPERDRIVE_API_URL,
+            regionOverride: process.env.HYPERDRIVE_AWS_REGION,
+        });
+        // Get user groups API URL from credentials
+        this.userGroupsApiUrl = this.getAdditionalApiUrl('userGroupsApiUrl');
     }
+    // ============================================================================
+    // AWS Account Methods
+    // ============================================================================
     async accountAdd(params) {
         return this.makeSignedRequest('POST', '/cloud-account/aws/account', params);
     }
     async accountGet(params) {
         return this.makeSignedRequest('GET', `/cloud-account/aws/account/${params.accountId}`);
     }
-    // ============================================================================
-    // Public API Methods
-    // ============================================================================
     async accountList() {
         return this.makeSignedRequest('GET', '/cloud-account/aws/accounts');
     }
@@ -76,6 +49,9 @@ export class HyperdriveSigV4Service {
     async accountVerify(params) {
         return this.makeSignedRequest('POST', `/cloud-account/aws/account/${params.accountId}/verify`);
     }
+    // ============================================================================
+    // CI Account Methods
+    // ============================================================================
     async ciAccountCreate(params) {
         return this.makeSignedRequest('POST', '/ci/accounts', params);
     }
@@ -85,6 +61,9 @@ export class HyperdriveSigV4Service {
     async ciAccountList() {
         return this.makeSignedRequest('GET', '/ci/accounts');
     }
+    // ============================================================================
+    // Deployment Methods
+    // ============================================================================
     async deploymentCheck(params) {
         return this.makeSignedRequest('POST', '/deployments/check', params);
     }
@@ -97,6 +76,9 @@ export class HyperdriveSigV4Service {
     async deploymentList(params) {
         return this.makeSignedRequest('GET', `/deployments?projectSlug=${params.projectSlug}&stage=${params.stage}`);
     }
+    // ============================================================================
+    // Git Integration Methods
+    // ============================================================================
     async gitAuthInitiate(provider) {
         return this.makeSignedRequest('POST', `/git/${provider}/auth/initiate`);
     }
@@ -119,12 +101,60 @@ export class HyperdriveSigV4Service {
         });
         return this.makeSignedRequest('GET', `/git/repos?${queryParams}`);
     }
+    // ============================================================================
+    // Hook Methods
+    // ============================================================================
+    async hookCreate(projectId, body) {
+        return this.makeSignedRequest('POST', `/hyperdrive/projects/${encodeURIComponent(projectId)}/hooks`, body);
+    }
+    async hookDelete(projectId, hookId) {
+        return this.makeSignedRequest('DELETE', `/hyperdrive/projects/${encodeURIComponent(projectId)}/hooks/${encodeURIComponent(hookId)}`);
+    }
+    async hookList(projectId) {
+        return this.makeSignedRequest('GET', `/hyperdrive/projects/${encodeURIComponent(projectId)}/hooks`);
+    }
+    async hookUpdate(projectId, hookId, body) {
+        return this.makeSignedRequest('PATCH', `/hyperdrive/projects/${encodeURIComponent(projectId)}/hooks/${encodeURIComponent(hookId)}`, body);
+    }
+    async projectGetJiraStatuses(projectId) {
+        return this.makeSignedRequest('GET', `/hyperdrive/projects/${encodeURIComponent(projectId)}/jira/statuses`);
+    }
+    // ============================================================================
+    // Jira Integration Methods
+    // ============================================================================
+    async jiraGetProjectStatuses(jiraProjectKey) {
+        return this.makeSignedRequest('GET', `/hyperdrive/jira/projects/${encodeURIComponent(jiraProjectKey)}/statuses`);
+    }
     async jiraPreRegister(params) {
         return this.makeSignedRequest('POST', '/hyperdrive/jira/pre-register', params);
     }
-    /**
-     * Test API connection
-     */
+    // ============================================================================
+    // Hyperdrive Project Methods
+    // ============================================================================
+    async projectAddRepo(projectId, repo) {
+        return this.makeSignedRequest('POST', `/hyperdrive/projects/${encodeURIComponent(projectId)}/repos`, repo);
+    }
+    async projectFindByJiraKey(jiraProjectKey) {
+        return this.makeSignedRequest('GET', `/hyperdrive/projects/by-jira-key/${encodeURIComponent(jiraProjectKey)}`);
+    }
+    async projectGetJiraConfig(projectId) {
+        return this.makeSignedRequest('GET', `/hyperdrive/projects/${encodeURIComponent(projectId)}/jira-config`);
+    }
+    async projectListRepos(projectId) {
+        return this.makeSignedRequest('GET', `/hyperdrive/projects/${encodeURIComponent(projectId)}/repos`);
+    }
+    async projectSetJiraConfig(projectId, config) {
+        return this.makeSignedRequest('PUT', `/hyperdrive/projects/${encodeURIComponent(projectId)}/jira-config`, config);
+    }
+    async projectUpdateRepo(projectId, repoId, updateData) {
+        return this.makeSignedRequest('PATCH', `/hyperdrive/projects/${encodeURIComponent(projectId)}/repos/${encodeURIComponent(repoId)}`, updateData);
+    }
+    async projectUpdateEntities(projectId, repoId, entities) {
+        return this.makeSignedRequest('PUT', `/hyperdrive/projects/${encodeURIComponent(projectId)}/repos/${encodeURIComponent(repoId)}/entities`, entities);
+    }
+    // ============================================================================
+    // Module Methods
+    // ============================================================================
     async makeTestRequest() {
         return this.makeSignedRequest('GET', '/');
     }
@@ -145,16 +175,12 @@ export class HyperdriveSigV4Service {
             return await this.makeSignedRequest('GET', `/modules/${slug}/dockerfile`);
         }
         catch (error) {
-            // Return null if 404 (not found)
             if (error?.response?.status === 404) {
                 return null;
             }
             throw error;
         }
     }
-    // ============================================================================
-    // AWS Account Methods
-    // ============================================================================
     async moduleLink(params) {
         return this.makeSignedRequest('POST', '/modules/link', params);
     }
@@ -168,12 +194,12 @@ export class HyperdriveSigV4Service {
         const { slug, ...updateData } = params;
         return this.makeSignedRequest('PUT', `/modules/${slug}`, updateData);
     }
+    // ============================================================================
+    // Parameter Methods
+    // ============================================================================
     async parameterAdd(params) {
         return this.makeSignedRequest('POST', '/parameters', params);
     }
-    // ============================================================================
-    // Git Integration Methods
-    // ============================================================================
     async parameterBackfill(params) {
         return this.makeSignedRequest('POST', '/parameters/backfill', params);
     }
@@ -189,15 +215,9 @@ export class HyperdriveSigV4Service {
     async parameterSync(params) {
         return this.makeSignedRequest('POST', '/parameters/sync', params);
     }
-    // ============================================================================
-    // Jira Integration Methods
-    // ============================================================================
     async parameterSyncStatus(params) {
         return this.makeSignedRequest('GET', `/parameters/sync/${params.taskId}`);
     }
-    // ============================================================================
-    // CI Account Methods
-    // ============================================================================
     async parameterUpdate(params) {
         return this.makeSignedRequest('PUT', `/parameters/${params.key}`, {
             accountId: params.accountId,
@@ -207,59 +227,39 @@ export class HyperdriveSigV4Service {
             stage: params.stage
         });
     }
+    // ============================================================================
+    // Stage Methods
+    // ============================================================================
     async stageCreate(params) {
         return this.makeSignedRequest('POST', '/stages', params);
     }
     async stageGet(params) {
         return this.makeSignedRequest('GET', `/stages/${params.name}`);
     }
-    // ============================================================================
-    // Dockerfile Discovery Methods
-    // ============================================================================
     async stageList() {
         return this.makeSignedRequest('GET', '/stages');
     }
-    async handleError(error) {
-        const axiosError = error;
-        if (axiosError.response) {
-            const data = axiosError.response.data;
-            // Handle outdated CLI version error with type safety
-            if (axiosError.response.status === 426 && isOutdatedCLIError(data)) {
-                await this.handleOutdatedCLI(data);
-            }
-            // Handle outdated role version error with type safety
-            if (axiosError.response.status === 426 && isOutdatedRoleError(data)) {
-                await this.handleOutdatedRole(data);
-            }
-            console.error('Error response:', axiosError.response.data);
-            console.error('Error status:', axiosError.response.status);
-            console.error('Error headers:', axiosError.response.headers);
-        }
-        else if (axiosError.request) {
-            console.error('Error request:', axiosError.request);
-        }
-        else {
-            console.error('Error message:', axiosError.message);
-        }
-        throw axiosError;
+    // ============================================================================
+    // Stage Access Methods
+    // ============================================================================
+    async stageAccessGet(stageName) {
+        return this.makeSignedRequest('GET', `/stages/${stageName}/access`);
     }
-    async handleOutdatedCLI(errorData) {
-        const { data } = errorData;
-        console.error('\n❌ Your Hyperdrive CLI is outdated\n');
-        console.error(`Current version: ${data.currentVersion}`);
-        console.error(`Required version: ${data.requiredVersion}\n`);
-        console.error('To update:');
-        console.error('  npm install -g hyperdrive.bot@latest');
-        console.error('  # or');
-        console.error('  hd update\n');
-        // Throw error to be caught by top-level handler
-        const error = new Error('CLI_OUTDATED');
-        error.code = 'OUTDATED_CLI_VERSION';
-        error.data = data;
-        throw error;
+    async stageAccessGrant(stageName, access) {
+        return this.makeSignedRequest('PUT', `/stages/${stageName}/access`, { access });
     }
+    async stageAccessRevoke(stageName, targetType, targetId) {
+        return this.makeSignedRequest('DELETE', `/stages/${stageName}/access/${targetType}/${targetId}`);
+    }
+    // ============================================================================
+    // User Groups Methods
     // ============================================================================
-    // Helper Methods
+    async groupList() {
+        const response = await this.makeSignedRequest('GET', '/groups', undefined, this.userGroupsApiUrl);
+        return Array.isArray(response) ? response : [];
+    }
+    // ============================================================================
+    // Override error handling for hyperdrive-specific behavior
     // ============================================================================
     async handleOutdatedRole(errorData) {
         const { data } = errorData;
@@ -284,92 +284,6 @@ export class HyperdriveSigV4Service {
             console.error('\nUpdate URL (copy and paste):');
             console.error(`  ${data.quickCreateUrl}\n`);
         }
-        // Exit gracefully - user needs to update their role first
         process.exit(1);
     }
-    handleResponse(response) {
-        return response.data;
-    }
-    /**
-     * Make a signed API request
-     */
-    async makeSignedRequest(method, path, data) {
-        try {
-            // Ensure we have valid credentials (auto-refreshes if needed)
-            const credentials = await this.authService.ensureValidCredentials();
-            // Sign the request
-            const signedRequest = await this.signRequest(method, path, credentials.awsCredentials, data);
-            // Convert signed request to axios config
-            // Build URL with query string if present
-            let url = `${signedRequest.protocol}//${signedRequest.hostname}${signedRequest.path}`;
-            if (signedRequest.query && Object.keys(signedRequest.query).length > 0) {
-                const queryString = new URLSearchParams(signedRequest.query).toString();
-                url += `?${queryString}`;
-            }
-            const response = await axios({
-                data: signedRequest.body,
-                headers: signedRequest.headers,
-                method: signedRequest.method,
-                url,
-            });
-            return this.handleResponse(response);
-        }
-        catch (error) {
-            return this.handleError(error);
-        }
-    }
-    /**
-     * Sign an HTTP request using AWS Signature V4
-     */
-    async signRequest(method, path, credentials, body) {
-        // Parse API URL
-        const url = new URL(this.apiUrl);
-        const hostname = url.hostname;
-        const protocol = url.protocol.replace(':', '');
-        const basePath = url.pathname.replace(/\/$/, ''); // Remove trailing slash
-        // Parse query string from path if present
-        let pathWithoutQuery = path;
-        let query;
-        const queryIndex = path.indexOf('?');
-        if (queryIndex !== -1) {
-            pathWithoutQuery = path.substring(0, queryIndex);
-            const queryString = path.substring(queryIndex + 1);
-            query = {};
-            const params = new URLSearchParams(queryString);
-            for (const [key, value] of params) {
-                query[key] = value;
-            }
-        }
-        // Combine base path with request path (without query string)
-        const fullPath = basePath + pathWithoutQuery;
-        // Create signer
-        const signer = new SignatureV4({
-            credentials: {
-                accessKeyId: credentials.accessKeyId,
-                secretAccessKey: credentials.secretAccessKey,
-                sessionToken: credentials.sessionToken,
-            },
-            region: this.region,
-            service: 'execute-api',
-            sha256: Sha256,
-        });
-        // Prepare request
-        const request = new HttpRequest({
-            body: body ? JSON.stringify(body) : undefined,
-            headers: {
-                'Content-Type': 'application/json',
-                'User-Agent': `hyperdrive-cli/${CLI_VERSION}`,
-                'X-Tenant-Domain': this.tenantDomain,
-                host: hostname,
-            },
-            hostname,
-            method: method.toUpperCase(),
-            path: fullPath,
-            protocol,
-            query,
-        });
-        // Sign the request
-        const signedRequest = await signer.sign(request);
-        return signedRequest;
-    }
 }

package/dist/services/tenant-service.d.ts

@@ -8,6 +8,7 @@ export interface TenantConfig {
     region: string;
     tenantDomain: string;
     tenantId: string;
+    userGroupsApiUrl?: string;
 }
 export interface CLIConfig {
     apiUrl?: string;
@@ -87,6 +88,11 @@ export declare class TenantService {
      * Get API URL for a region
      */
     private getApiUrl;
+    /**
+     * Get User Groups API URL from bootstrap config
+     * Returns undefined if not available (optional module)
+     */
+    private getUserGroupsApiUrl;
     /**
      * Get bootstrap URL with fallback chain:
      * 1. Environment variable

package/dist/services/tenant-service.js

@@ -85,6 +85,7 @@ export class TenantService {
                 region,
                 tenantDomain: domain,
                 tenantId: bootstrap.tenantId,
+                userGroupsApiUrl: this.getUserGroupsApiUrl(bootstrap.amplifyConfig.API),
             };
             // Cache the tenant domain for future use
             this.saveTenantDomainToConfig(domain);
@@ -269,6 +270,18 @@ export class TenantService {
             chalk.yellow('This tenant does not have access to Hyperdrive.\n') +
             chalk.gray('Please contact your administrator to enable the Hyperdrive module.'));
     }
+    /**
+     * Get User Groups API URL from bootstrap config
+     * Returns undefined if not available (optional module)
+     */
+    getUserGroupsApiUrl(apiConfig) {
+        // Check for user-groups endpoint in bootstrap
+        if (apiConfig?.REST?.['user-groups']?.endpoint) {
+            console.log(chalk.gray(`✓ Using user-groups API endpoint from bootstrap: ${apiConfig.REST['user-groups'].endpoint}`));
+            return apiConfig.REST['user-groups'].endpoint;
+        }
+        return undefined;
+    }
     /**
      * Get bootstrap URL with fallback chain:
      * 1. Environment variable

package/dist/utils/account-flow.d.ts

@@ -42,7 +42,7 @@ export declare function promptAccountDetails(existingData?: Partial<AccountAddDa
  * @param accountData - Account details to register
  * @returns AccountResult indicating success or failure
  */
-export declare function registerAccount(accountData: AccountAddData): Promise<AccountResult>;
+export declare function registerAccount(accountData: AccountAddData, tenantDomain?: string): Promise<AccountResult>;
 /**
  * Execute the AWS account add flow
  *
@@ -68,7 +68,7 @@ export declare function promptOpenCloudFormation(quickCreateUrl: string): Promis
 /**
  * Wait for role verification with polling
  */
-export declare function waitForRoleVerification(accountId: string, onProgress?: (message: string) => void): Promise<{
+export declare function waitForRoleVerification(accountId: string, onProgress?: (message: string) => void, tenantDomain?: string): Promise<{
     message?: string;
     verified: boolean;
 }>;

package/dist/utils/account-flow.js

@@ -97,10 +97,10 @@ export async function promptAccountDetails(existingData) {
  * @param accountData - Account details to register
  * @returns AccountResult indicating success or failure
  */
-export async function registerAccount(accountData) {
+export async function registerAccount(accountData, tenantDomain) {
     try {
         // Initialize API service
-        const service = new HyperdriveSigV4Service();
+        const service = new HyperdriveSigV4Service(tenantDomain);
         // Make API call to add account
         const result = await service.accountAdd({
             accountId: accountData.accountId,
@@ -190,8 +190,8 @@ const VERIFY_TIMEOUT = 300000; // 5 minutes
 /**
  * Wait for role verification with polling
  */
-export async function waitForRoleVerification(accountId, onProgress) {
-    const service = new HyperdriveSigV4Service();
+export async function waitForRoleVerification(accountId, onProgress, tenantDomain) {
+    const service = new HyperdriveSigV4Service(tenantDomain);
     const startTime = Date.now();
     let attemptCount = 0;
     while (Date.now() - startTime < VERIFY_TIMEOUT) {

package/dist/utils/auth-flow.d.ts

@@ -55,6 +55,7 @@ export interface StoredCredentials extends CognitoTokens {
     region: string;
     tenantDomain: string;
     tenantId: string;
+    userGroupsApiUrl?: string;
 }
 /**
  * Generate PKCE code verifier (random base64url string)

package/dist/utils/auth-flow.js

@@ -333,6 +333,7 @@ export async function executeAuthFlow(options) {
             region: tenantConfig.region,
             tenantDomain: tenantConfig.tenantDomain,
             tenantId: tenantConfig.tenantId,
+            userGroupsApiUrl: tenantConfig.userGroupsApiUrl,
         }, tenantConfig.tenantDomain);
         return { success: true };
     }
@@ -420,6 +421,7 @@ export async function executeCIAuthFlow(options) {
             tenantDomain: tenantConfig.tenantDomain,
             tenantId: tenantConfig.tenantId,
             token_type: authResult.TokenType || 'Bearer',
+            userGroupsApiUrl: tenantConfig.userGroupsApiUrl,
         }, tenantConfig.tenantDomain);
         return { success: true };
     }

package/dist/utils/git-flow.d.ts

@@ -3,6 +3,7 @@
  */
 export interface GitConnectOptions {
     callbackPort?: number;
+    domain?: string;
     logger?: (message: string) => void;
     provider?: 'github' | 'gitlab';
     timeout?: number;

package/dist/utils/git-flow.js

@@ -159,7 +159,7 @@ export function waitForCallback(expectedState, port = 8765, timeout = 5 * 60 * 1
  * @returns GitConnectResult indicating success or failure
  */
 export async function executeGitConnect(options = {}) {
-    const { callbackPort = 8765, logger = () => { }, // No-op by default
+    const { callbackPort = 8765, domain, logger = () => { }, // No-op by default
     provider: initialProvider, timeout = 5 * 60 * 1000, } = options;
     try {
         // Step 1: Determine provider (prompt if not specified)
@@ -175,7 +175,7 @@ export async function executeGitConnect(options = {}) {
             provider = selected;
         }
         // Step 2: Initialize API service
-        const service = new HyperdriveSigV4Service();
+        const service = new HyperdriveSigV4Service(domain);
         // Step 3: Initiate OAuth flow via API
         const authResponse = await service.gitAuthInitiate(provider);
         logger(`Opening browser for ${provider === 'github' ? 'GitHub' : 'GitLab'} authorization...`);

package/dist/utils/hook-flow.d.ts

@@ -0,0 +1,21 @@
+import type { HookActionType, HookResponse } from '../services/hyperdrive-sigv4.js';
+/**
+ * Prompt user to select a trigger status from available Jira statuses
+ */
+export declare function promptTriggerStatus(statuses: string[]): Promise<string>;
+/**
+ * Prompt user to select an action type
+ */
+export declare function promptActionType(): Promise<HookActionType>;
+/**
+ * Prompt for action-specific configuration based on action type
+ */
+export declare function promptActionConfig(actionType: HookActionType): Promise<Record<string, unknown>>;
+/**
+ * Prompt user to select a hook from a list
+ */
+export declare function promptSelectHook(hooks: HookResponse[]): Promise<HookResponse>;
+/**
+ * Prompt user to confirm hook deletion
+ */
+export declare function promptConfirmDelete(hook: HookResponse): Promise<boolean>;