@insureco/cli 0.1.1 → 0.1.4

package/dist/templates/api/src/index.ts

@@ -0,0 +1,61 @@
+import express, { type Request, type Response, type NextFunction } from 'express'
+import cors from 'cors'
+import helmet from 'helmet'
+import { itemsRouter } from './routes/example.js'
+
+const app = express()
+const PORT = process.env.PORT || 3000
+
+// Middleware
+app.use(helmet())
+app.use(cors())
+app.use(express.json())
+
+// Request logging
+app.use((req: Request, _res: Response, next: NextFunction) => {
+  const timestamp = new Date().toISOString()
+  process.stdout.write(`[${timestamp}] ${req.method} ${req.path}\n`)
+  next()
+})
+
+// Health check endpoint
+app.get('/health', (_req: Request, res: Response) => {
+  res.json({
+    status: 'healthy',
+    service: '{{name}}',
+    timestamp: new Date().toISOString(),
+    uptime: process.uptime(),
+  })
+})
+
+// API routes
+app.use('/api/items', itemsRouter)
+
+// 404 handler
+app.use((_req: Request, res: Response) => {
+  res.status(404).json({
+    success: false,
+    error: {
+      code: 'NOT_FOUND',
+      message: 'The requested resource was not found',
+    },
+  })
+})
+
+// Error handler
+app.use((err: Error, _req: Request, res: Response, _next: NextFunction) => {
+  process.stderr.write(`Error: ${err.message}\n`)
+  res.status(500).json({
+    success: false,
+    error: {
+      code: 'INTERNAL_ERROR',
+      message: process.env.NODE_ENV === 'production'
+        ? 'An internal error occurred'
+        : err.message,
+    },
+  })
+})
+
+app.listen(PORT, () => {
+  process.stdout.write(`{{name}} listening on port ${PORT}\n`)
+})

package/dist/templates/api/src/routes/example.ts

@@ -0,0 +1,162 @@
+import { Router, type Request, type Response } from 'express'
+import { z } from 'zod'
+
+const router = Router()
+
+// In-memory storage for demo purposes
+interface Item {
+  id: string
+  name: string
+  description: string
+  createdAt: string
+  updatedAt: string
+}
+
+const items: Map<string, Item> = new Map()
+
+// Validation schemas
+const CreateItemSchema = z.object({
+  name: z.string().min(1).max(100),
+  description: z.string().max(500).optional().default(''),
+})
+
+const UpdateItemSchema = z.object({
+  name: z.string().min(1).max(100).optional(),
+  description: z.string().max(500).optional(),
+})
+
+// Generate unique ID
+function generateId(): string {
+  return Date.now().toString(36) + Math.random().toString(36).substring(2)
+}
+
+// List all items
+router.get('/', (_req: Request, res: Response) => {
+  const itemList = Array.from(items.values())
+  res.json({
+    success: true,
+    data: itemList,
+    meta: {
+      total: itemList.length,
+      timestamp: new Date().toISOString(),
+    },
+  })
+})
+
+// Get single item
+router.get('/:id', (req: Request, res: Response) => {
+  const item = items.get(req.params.id)
+
+  if (!item) {
+    res.status(404).json({
+      success: false,
+      error: {
+        code: 'NOT_FOUND',
+        message: 'Item not found',
+      },
+    })
+    return
+  }
+
+  res.json({
+    success: true,
+    data: item,
+  })
+})
+
+// Create item
+router.post('/', (req: Request, res: Response) => {
+  const result = CreateItemSchema.safeParse(req.body)
+
+  if (!result.success) {
+    res.status(400).json({
+      success: false,
+      error: {
+        code: 'VALIDATION_ERROR',
+        message: 'Invalid request body',
+        details: result.error.flatten(),
+      },
+    })
+    return
+  }
+
+  const now = new Date().toISOString()
+  const item: Item = {
+    id: generateId(),
+    name: result.data.name,
+    description: result.data.description,
+    createdAt: now,
+    updatedAt: now,
+  }
+
+  items.set(item.id, item)
+
+  res.status(201).json({
+    success: true,
+    data: item,
+  })
+})
+
+// Update item
+router.put('/:id', (req: Request, res: Response) => {
+  const existing = items.get(req.params.id)
+
+  if (!existing) {
+    res.status(404).json({
+      success: false,
+      error: {
+        code: 'NOT_FOUND',
+        message: 'Item not found',
+      },
+    })
+    return
+  }
+
+  const result = UpdateItemSchema.safeParse(req.body)
+
+  if (!result.success) {
+    res.status(400).json({
+      success: false,
+      error: {
+        code: 'VALIDATION_ERROR',
+        message: 'Invalid request body',
+        details: result.error.flatten(),
+      },
+    })
+    return
+  }
+
+  const updated: Item = {
+    ...existing,
+    name: result.data.name ?? existing.name,
+    description: result.data.description ?? existing.description,
+    updatedAt: new Date().toISOString(),
+  }
+
+  items.set(updated.id, updated)
+
+  res.json({
+    success: true,
+    data: updated,
+  })
+})
+
+// Delete item
+router.delete('/:id', (req: Request, res: Response) => {
+  const existed = items.delete(req.params.id)
+
+  if (!existed) {
+    res.status(404).json({
+      success: false,
+      error: {
+        code: 'NOT_FOUND',
+        message: 'Item not found',
+      },
+    })
+    return
+  }
+
+  res.status(204).send()
+})
+
+export { router as itemsRouter }

package/dist/templates/api/tsconfig.json

@@ -0,0 +1,18 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "declaration": true,
+    "declarationMap": true,
+    "sourceMap": true
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist"]
+}

package/dist/templates/crosspod/README.md

@@ -0,0 +1,87 @@
+# {{name}} - Pod-to-Pod Communication Demo
+
+This template demonstrates service-to-service (pod-to-pod) communication within the Tawa platform.
+
+## Architecture
+
+```
+                    ┌─────────────────┐
+                    │     Client      │
+                    └────────┬────────┘
+                             │
+                    ┌────────▼────────┐
+                    │    Janus API    │
+                    │     Gateway     │
+                    └────────┬────────┘
+                             │
+         ┌───────────────────┼───────────────────┐
+         │                   │                   │
+┌────────▼────────┐ ┌────────▼────────┐         │
+│   service-a     │ │   service-b     │         │
+│   (Provider)    │ │   (Consumer)    │         │
+│                 │ │                 │         │
+│ Exposes data    │ │ Calls service-a │         │
+│ via REST API    │ │ internally      │         │
+└─────────────────┘ └────────┬────────┘         │
+                             │                   │
+                    ┌────────▼────────┐         │
+                    │   Internal K8s  │◄────────┘
+                    │   Service DNS   │
+                    └─────────────────┘
+```
+
+## Services
+
+### service-a (Provider)
+
+- Exposes data via REST API
+- Routes configured with `auth: service` for internal-only access
+- Accessible at `http://{{name}}-service-a:3000` within the cluster
+
+### service-b (Consumer)
+
+- Calls service-a to retrieve and process data
+- Uses internal Kubernetes DNS for service discovery
+- Demonstrates service-to-service authentication
+
+## Pod-to-Pod Authentication
+
+When `auth: service` is set on a route in `catalog-info.yaml`:
+
+1. Requests must include service credentials
+2. Janus validates the calling service identity
+3. Only registered services can access protected endpoints
+
+### Example catalog-info.yaml configuration:
+
+```yaml
+spec:
+  routes:
+    - path: /api/internal/*
+      methods: [GET, POST]
+      auth: service  # Only other services can call this
+      scopes:
+        - read:data
+```
+
+## Deployment
+
+Deploy both services:
+
+```bash
+cd {{name}}/service-a
+iec link && iec deploy
+
+cd ../service-b
+iec link && iec deploy
+```
+
+## Testing
+
+1. Deploy both services to sandbox
+2. Call service-b's `/api/data` endpoint
+3. service-b will internally call service-a and return combined data
+
+```bash
+curl https://{{name}}-service-b.sandbox.tawa.insureco.io/api/data
+```

package/dist/templates/crosspod/service-a/Dockerfile

@@ -0,0 +1,27 @@
+FROM node:22-alpine AS builder
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci
+COPY . .
+RUN npm run build
+
+FROM node:22-alpine
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci --production && npm cache clean --force
+COPY --from=builder /app/dist ./dist
+
+ENV NODE_ENV=production
+ENV PORT=3000
+
+RUN addgroup -g 1001 -S nodejs && \
+    adduser -S nodejs -u 1001 && \
+    chown -R nodejs:nodejs /app
+
+USER nodejs
+EXPOSE 3000
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+  CMD wget --no-verbose --tries=1 --spider http://localhost:3000/health || exit 1
+
+CMD ["node", "dist/index.js"]

package/dist/templates/crosspod/service-a/catalog-info.yaml

@@ -0,0 +1,54 @@
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: {{name}}-service-a
+  description: Provider service for {{name}} - exposes internal data API
+  tags:
+    - tawa
+    - api
+    - provider
+  annotations:
+    insureco.io/framework: express
+    insureco.io/language: typescript
+spec:
+  type: service
+  lifecycle: experimental
+  owner: team-platform
+  providesApis:
+    - {{name}}-service-a-api
+  routes:
+    - path: /health
+      methods: [GET]
+      auth: none
+      description: Health check endpoint
+    - path: /api/internal/*
+      methods: [GET, POST]
+      auth: service
+      scopes:
+        - read:data
+        - write:data
+      description: Internal API - service-to-service only
+---
+apiVersion: backstage.io/v1alpha1
+kind: API
+metadata:
+  name: {{name}}-service-a-api
+  description: Internal data API for {{name}}
+spec:
+  type: openapi
+  lifecycle: experimental
+  owner: team-platform
+  definition: |
+    openapi: 3.0.0
+    info:
+      title: {{name}} Service A API
+      version: 1.0.0
+    paths:
+      /api/internal/items:
+        get:
+          summary: Get all items (service-to-service only)
+          security:
+            - serviceAuth: []
+          responses:
+            '200':
+              description: List of items

package/dist/templates/crosspod/service-a/helm/{{name}}-service-a/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: {{name}}-service-a
+description: Provider service Helm chart
+type: application
+version: 0.1.0
+appVersion: "0.1.0"

package/dist/templates/crosspod/service-a/helm/{{name}}-service-a/values.yaml

@@ -0,0 +1,35 @@
+replicaCount: 1
+
+image:
+  repository: registry.digitalocean.com/insureco/{{name}}-service-a
+  tag: latest
+  pullPolicy: IfNotPresent
+
+imagePullSecrets:
+  - name: do-registry
+
+service:
+  type: ClusterIP
+  port: 3000
+
+resources:
+  limits:
+    cpu: 200m
+    memory: 256Mi
+  requests:
+    cpu: 50m
+    memory: 64Mi
+
+livenessProbe:
+  httpGet:
+    path: /health
+    port: 3000
+  initialDelaySeconds: 10
+  periodSeconds: 10
+
+readinessProbe:
+  httpGet:
+    path: /health
+    port: 3000
+  initialDelaySeconds: 5
+  periodSeconds: 5

package/dist/templates/crosspod/service-a/package.json

@@ -0,0 +1,29 @@
+{
+  "name": "{{name}}-service-a",
+  "version": "0.1.0",
+  "description": "Provider service - exposes internal data API",
+  "type": "module",
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx watch src/index.ts",
+    "start": "node dist/index.js",
+    "lint": "eslint src --ext .ts",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "express": "^4.21.0",
+    "cors": "^2.8.5",
+    "helmet": "^8.0.0",
+    "zod": "^3.24.0"
+  },
+  "devDependencies": {
+    "@types/cors": "^2.8.17",
+    "@types/express": "^5.0.0",
+    "@types/node": "^22.0.0",
+    "tsx": "^4.0.0",
+    "typescript": "^5.7.0"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  }
+}

package/dist/templates/crosspod/service-a/src/index.ts

@@ -0,0 +1,89 @@
+import express, { type Request, type Response, type NextFunction } from 'express'
+import helmet from 'helmet'
+
+const app = express()
+const PORT = process.env.PORT || 3000
+const SERVICE_NAME = '{{name}}-service-a'
+
+// Middleware
+app.use(helmet())
+app.use(express.json())
+
+// Sample data store
+interface Item {
+  id: string
+  name: string
+  value: number
+  source: string
+}
+
+const items: Item[] = [
+  { id: '1', name: 'Widget A', value: 100, source: SERVICE_NAME },
+  { id: '2', name: 'Widget B', value: 200, source: SERVICE_NAME },
+  { id: '3', name: 'Widget C', value: 300, source: SERVICE_NAME },
+]
+
+// Request logging with caller identification
+app.use((req: Request, _res: Response, next: NextFunction) => {
+  const caller = req.headers['x-service-name'] || 'unknown'
+  const timestamp = new Date().toISOString()
+  process.stdout.write(`[${timestamp}] ${req.method} ${req.path} (caller: ${caller})\n`)
+  next()
+})
+
+// Health check - public
+app.get('/health', (_req: Request, res: Response) => {
+  res.json({
+    status: 'healthy',
+    service: SERVICE_NAME,
+    timestamp: new Date().toISOString(),
+  })
+})
+
+// Internal API - service-to-service only
+// In production, Janus validates the auth: service requirement
+app.get('/api/internal/items', (req: Request, res: Response) => {
+  // Log the service-to-service call
+  const callerService = req.headers['x-service-name'] as string
+  process.stdout.write(`Internal API called by: ${callerService || 'direct'}\n`)
+
+  res.json({
+    success: true,
+    data: items,
+    meta: {
+      source: SERVICE_NAME,
+      timestamp: new Date().toISOString(),
+    },
+  })
+})
+
+app.get('/api/internal/items/:id', (req: Request, res: Response) => {
+  const item = items.find(i => i.id === req.params.id)
+
+  if (!item) {
+    res.status(404).json({
+      success: false,
+      error: { code: 'NOT_FOUND', message: 'Item not found' },
+    })
+    return
+  }
+
+  res.json({
+    success: true,
+    data: item,
+  })
+})
+
+// Error handler
+app.use((err: Error, _req: Request, res: Response, _next: NextFunction) => {
+  process.stderr.write(`Error: ${err.message}\n`)
+  res.status(500).json({
+    success: false,
+    error: { code: 'INTERNAL_ERROR', message: 'Internal error' },
+  })
+})
+
+app.listen(PORT, () => {
+  process.stdout.write(`${SERVICE_NAME} listening on port ${PORT}\n`)
+  process.stdout.write(`This service exposes internal APIs for service-to-service communication\n`)
+})

package/dist/templates/crosspod/service-a/tsconfig.json

@@ -0,0 +1,14 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist"]
+}

package/dist/templates/crosspod/service-b/Dockerfile

@@ -0,0 +1,27 @@
+FROM node:22-alpine AS builder
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci
+COPY . .
+RUN npm run build
+
+FROM node:22-alpine
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci --production && npm cache clean --force
+COPY --from=builder /app/dist ./dist
+
+ENV NODE_ENV=production
+ENV PORT=3000
+
+RUN addgroup -g 1001 -S nodejs && \
+    adduser -S nodejs -u 1001 && \
+    chown -R nodejs:nodejs /app
+
+USER nodejs
+EXPOSE 3000
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+  CMD wget --no-verbose --tries=1 --spider http://localhost:3000/health || exit 1
+
+CMD ["node", "dist/index.js"]

package/dist/templates/crosspod/service-b/catalog-info.yaml

@@ -0,0 +1,27 @@
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: {{name}}-service-b
+  description: Consumer service for {{name}} - calls service-a internally
+  tags:
+    - tawa
+    - api
+    - consumer
+  annotations:
+    insureco.io/framework: express
+    insureco.io/language: typescript
+spec:
+  type: service
+  lifecycle: experimental
+  owner: team-platform
+  consumesApis:
+    - {{name}}-service-a-api
+  routes:
+    - path: /health
+      methods: [GET]
+      auth: none
+      description: Health check endpoint
+    - path: /api/*
+      methods: [GET, POST]
+      auth: required
+      description: Public API that aggregates data from service-a

package/dist/templates/crosspod/service-b/helm/{{name}}-service-b/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: {{name}}-service-b
+description: Consumer service Helm chart
+type: application
+version: 0.1.0
+appVersion: "0.1.0"

package/dist/templates/crosspod/service-b/helm/{{name}}-service-b/values.yaml

@@ -0,0 +1,38 @@
+replicaCount: 1
+
+image:
+  repository: registry.digitalocean.com/insureco/{{name}}-service-b
+  tag: latest
+  pullPolicy: IfNotPresent
+
+imagePullSecrets:
+  - name: do-registry
+
+service:
+  type: ClusterIP
+  port: 3000
+
+resources:
+  limits:
+    cpu: 200m
+    memory: 256Mi
+  requests:
+    cpu: 50m
+    memory: 64Mi
+
+env:
+  SERVICE_A_URL: "http://{{name}}-service-a:3000"
+
+livenessProbe:
+  httpGet:
+    path: /health
+    port: 3000
+  initialDelaySeconds: 10
+  periodSeconds: 10
+
+readinessProbe:
+  httpGet:
+    path: /health
+    port: 3000
+  initialDelaySeconds: 5
+  periodSeconds: 5