@kitecd/cli 1.1.0 → 1.2.0

package/dist/ops.js

@@ -0,0 +1,338 @@
+import chalk from 'chalk';
+import readline from 'readline/promises';
+import { stdin as input, stdout as output } from 'process';
+import { randomUUID } from 'crypto';
+import { readGlobalConfig, readLocalEnv, resolveProjectConfig, envTokenKey, listProjectEnvs, } from './home.js';
+export function resolveOpsAuth(opts = {}) {
+    const globalCfg = readGlobalConfig();
+    const localEnv = readLocalEnv();
+    const serverUrl = opts.server ||
+        process.env.KITE_SERVER_URL ||
+        localEnv.KITE_SERVER_URL ||
+        globalCfg.serverUrl;
+    if (!serverUrl) {
+        throw new Error('Server URL not configured. Use --server <url> or run `kite config:set serverUrl <url> --global`.');
+    }
+    if (opts.token) {
+        return { serverUrl, token: opts.token, source: 'cli flag' };
+    }
+    if (opts.requireAdmin) {
+        const adminTok = process.env.KITE_TOKEN || globalCfg.token;
+        if (!adminTok) {
+            throw new Error('Admin token required. Run `kite config:set token <admin> --global` or pass --token.');
+        }
+        return { serverUrl, token: adminTok, source: 'global admin token' };
+    }
+    const envTok = process.env.KITE_TOKEN || process.env.KITE_DEPLOY_TOKEN || localEnv.KITE_TOKEN || localEnv.KITE_DEPLOY_TOKEN;
+    if (envTok)
+        return { serverUrl, token: envTok, source: 'env var' };
+    const allEnvs = listProjectEnvs();
+    let resolved = null;
+    if (opts.env) {
+        resolved = resolveProjectConfig(opts.env);
+    }
+    else if (allEnvs.length === 1) {
+        resolved = allEnvs[0];
+    }
+    if (resolved?.config?.projectId) {
+        const key = envTokenKey(resolved.config.projectId, resolved.env);
+        const projTok = globalCfg.projectToken?.[key];
+        if (projTok)
+            return { serverUrl, token: projTok, source: `project token (${key})` };
+    }
+    if (globalCfg.token) {
+        return { serverUrl, token: globalCfg.token, source: 'global admin token' };
+    }
+    throw new Error('Token not found. Configure via `kite config:set token <value>` (project) or `kite config:set token <admin> --global`.');
+}
+async function readJson(res) {
+    const text = await res.text();
+    try {
+        return JSON.parse(text);
+    }
+    catch {
+        return { error: text };
+    }
+}
+async function expectOk(res, label) {
+    if (res.status === 401)
+        throw new Error(`Unauthorized: invalid token (${label})`);
+    if (res.status === 404) {
+        const body = await readJson(res);
+        throw new Error(`Not found: ${body.error || label}`);
+    }
+    if (!res.ok) {
+        const body = await readJson(res);
+        throw new Error(`[${res.status}] ${body.error || label}`);
+    }
+    return readJson(res);
+}
+function statusColor(status) {
+    switch (status) {
+        case 'success': return chalk.green(status);
+        case 'failed': return chalk.red(status);
+        case 'running': return chalk.yellow(status);
+        case 'idle': return chalk.gray(status);
+        default: return chalk.gray(status || '-');
+    }
+}
+function padCell(text, width) {
+    const visible = text.replace(/\x1b\[[0-9;]*m/g, '');
+    if (visible.length >= width)
+        return text;
+    return text + ' '.repeat(width - visible.length);
+}
+function printTable(rows, headers) {
+    const cols = headers.length;
+    const widths = new Array(cols).fill(0);
+    for (const r of [headers, ...rows]) {
+        for (let i = 0; i < cols; i++) {
+            const visible = (r[i] || '').replace(/\x1b\[[0-9;]*m/g, '');
+            if (visible.length > widths[i])
+                widths[i] = visible.length;
+        }
+    }
+    const headerLine = headers.map((h, i) => padCell(chalk.bold(h), widths[i])).join('  ');
+    console.log(headerLine);
+    console.log(chalk.gray(widths.map((w) => '-'.repeat(w)).join('  ')));
+    for (const r of rows) {
+        console.log(r.map((c, i) => padCell(c, widths[i])).join('  '));
+    }
+}
+export async function runList(opts) {
+    const auth = resolveOpsAuth({ ...opts, requireAdmin: true });
+    const res = await fetch(`${auth.serverUrl.replace(/\/$/, '')}/api/projects`, {
+        headers: { Authorization: `Bearer ${auth.token}` },
+    });
+    const projects = await expectOk(res, 'GET /api/projects');
+    let filtered = projects;
+    if (opts.env)
+        filtered = projects.filter((p) => (p.env || '') === opts.env);
+    if (opts.json) {
+        process.stdout.write(JSON.stringify(filtered, null, 2) + '\n');
+        return 0;
+    }
+    if (filtered.length === 0) {
+        console.log(chalk.gray('No projects found.'));
+        return 0;
+    }
+    const rows = filtered.map((p) => [
+        p.id,
+        p.name,
+        p.env || chalk.gray('-'),
+        statusColor(p.status),
+        chalk.gray(p.updatedAt ? new Date(p.updatedAt).toISOString().slice(0, 19).replace('T', ' ') : '-'),
+    ]);
+    printTable(rows, ['ID', 'NAME', 'ENV', 'STATUS', 'UPDATED']);
+    console.log(chalk.gray(`\n${filtered.length} project(s)`));
+    return 0;
+}
+export async function runStatus(projectIdArg, opts) {
+    const auth = resolveOpsAuth({ ...opts, requireAdmin: true });
+    const limit = Math.min(Math.max(Number(opts.limit) || 5, 1), 50);
+    let projectId = projectIdArg;
+    if (!projectId) {
+        const all = listProjectEnvs();
+        const resolved = opts.env ? resolveProjectConfig(opts.env) : (all.length === 1 ? all[0] : null);
+        if (resolved?.config?.projectId) {
+            projectId = resolved.config.projectId;
+        }
+    }
+    if (!projectId) {
+        throw new Error('projectId required. Pass <projectId> or run inside a project directory with kite.config*.json');
+    }
+    const base = auth.serverUrl.replace(/\/$/, '');
+    const [projectRes, logsRes] = await Promise.all([
+        fetch(`${base}/api/projects/${projectId}`, { headers: { Authorization: `Bearer ${auth.token}` } }),
+        fetch(`${base}/api/logs`, { headers: { Authorization: `Bearer ${auth.token}` } }),
+    ]);
+    const project = await expectOk(projectRes, `GET /api/projects/${projectId}`);
+    const logs = await expectOk(logsRes, 'GET /api/logs');
+    const projectLogs = logs
+        .filter((l) => l.projectId === projectId)
+        .sort((a, b) => (b.startTime || '').localeCompare(a.startTime || ''))
+        .slice(0, limit);
+    if (opts.json) {
+        process.stdout.write(JSON.stringify({ project, deployments: projectLogs }, null, 2) + '\n');
+        return 0;
+    }
+    console.log(chalk.bold(`Project: ${project.name}`) + chalk.gray(`  (${project.id})`));
+    console.log(chalk.gray(`Status: `) + statusColor(project.status));
+    console.log('');
+    if (projectLogs.length === 0) {
+        console.log(chalk.gray('No deployments yet.'));
+        return 0;
+    }
+    const rows = projectLogs.map((d) => [
+        d.id.slice(0, 12),
+        statusColor(d.status),
+        d.triggerSource,
+        chalk.gray(d.startTime ? d.startTime.slice(0, 19).replace('T', ' ') : '-'),
+        d.duration || chalk.gray('-'),
+        d.rollbackOf ? chalk.gray(`← ${d.rollbackOf.slice(0, 8)}`) : '',
+    ]);
+    printTable(rows, ['DEPLOY ID', 'STATUS', 'TRIGGER', 'STARTED', 'DURATION', 'ROLLBACK OF']);
+    return 0;
+}
+const STATUS_EXIT = { success: 0, failed: 1, running: 0 };
+export async function runLogs(deployId, opts) {
+    const auth = resolveOpsAuth({ ...opts, requireAdmin: true });
+    const base = auth.serverUrl.replace(/\/$/, '');
+    if (!opts.follow) {
+        const res = await fetch(`${base}/api/logs/${deployId}`, {
+            headers: { Authorization: `Bearer ${auth.token}` },
+        });
+        const log = await expectOk(res, `GET /api/logs/${deployId}`);
+        if (opts.json) {
+            process.stdout.write(JSON.stringify(log, null, 2) + '\n');
+            return STATUS_EXIT[log.status] ?? 1;
+        }
+        console.log(chalk.bold(`Deployment ${log.id.slice(0, 12)}`) + chalk.gray(`  (${log.projectName})`));
+        console.log(chalk.gray('Status: ') + statusColor(log.status) + chalk.gray(`  duration=${log.duration || '-'}  trigger=${log.triggerSource}`));
+        console.log('');
+        if (log.output)
+            process.stdout.write(log.output);
+        if (!log.output?.endsWith('\n'))
+            process.stdout.write('\n');
+        return STATUS_EXIT[log.status] ?? 1;
+    }
+    const res = await fetch(`${base}/api/logs/${deployId}/stream`, {
+        headers: {
+            Authorization: `Bearer ${auth.token}`,
+            Accept: 'text/event-stream',
+        },
+    });
+    if (res.status === 401)
+        throw new Error('Unauthorized: invalid token');
+    if (res.status === 404)
+        throw new Error('Deployment not found');
+    if (!res.ok || !res.body)
+        throw new Error(`SSE failed: HTTP ${res.status}`);
+    const reader = res.body.getReader();
+    const decoder = new TextDecoder();
+    let buffer = '';
+    let lastStatus = null;
+    let printedOutputLen = 0;
+    while (true) {
+        const { done, value } = await reader.read();
+        if (done)
+            break;
+        buffer += decoder.decode(value, { stream: true });
+        const events = buffer.split('\n\n');
+        buffer = events.pop();
+        for (const block of events) {
+            if (!block.trim())
+                continue;
+            let event = 'message';
+            let data = '';
+            for (const line of block.split('\n')) {
+                if (line.startsWith('event: '))
+                    event = line.slice(7).trim();
+                else if (line.startsWith('data: '))
+                    data += line.slice(6);
+            }
+            let parsed = data;
+            try {
+                parsed = JSON.parse(data);
+            }
+            catch { }
+            if (event === 'log') {
+                // First log event from server contains the full historical output.
+                // Subsequent events are incremental lines.
+                if (printedOutputLen === 0 && typeof parsed === 'string' && parsed.includes('\n')) {
+                    process.stdout.write(parsed);
+                    if (!parsed.endsWith('\n'))
+                        process.stdout.write('\n');
+                    printedOutputLen = parsed.length;
+                }
+                else {
+                    process.stdout.write(parsed + '\n');
+                }
+            }
+            else if (event === 'status') {
+                let payload = parsed;
+                if (typeof payload === 'string') {
+                    try {
+                        payload = JSON.parse(payload);
+                    }
+                    catch { }
+                }
+                lastStatus = payload?.status || null;
+                const dur = payload?.duration || '-';
+                console.log(chalk.gray(`\n[Kite Logs] Deployment finished: `) + statusColor(lastStatus) + chalk.gray(`  duration=${dur}`));
+                try {
+                    reader.cancel();
+                }
+                catch { }
+                break;
+            }
+        }
+        if (lastStatus)
+            break;
+    }
+    return STATUS_EXIT[lastStatus || ''] ?? 0;
+}
+export async function runRollback(projectIdArg, opts) {
+    const auth = resolveOpsAuth({ ...opts, requireAdmin: true });
+    const base = auth.serverUrl.replace(/\/$/, '');
+    let projectId = projectIdArg;
+    if (!projectId) {
+        const all = listProjectEnvs();
+        const resolved = opts.env ? resolveProjectConfig(opts.env) : (all.length === 1 ? all[0] : null);
+        if (resolved?.config?.projectId)
+            projectId = resolved.config.projectId;
+    }
+    if (!projectId)
+        throw new Error('projectId required for rollback.');
+    let targetDeployId = opts.to;
+    if (!targetDeployId) {
+        const logsRes = await fetch(`${base}/api/logs`, { headers: { Authorization: `Bearer ${auth.token}` } });
+        const logs = await expectOk(logsRes, 'GET /api/logs');
+        const candidates = logs
+            .filter((l) => l.projectId === projectId && l.status === 'success' && !!l.artifactPath && l.triggerSource !== 'rollback')
+            .sort((a, b) => (b.startTime || '').localeCompare(a.startTime || ''));
+        if (candidates.length === 0) {
+            throw new Error('No successful deployment with archived artifact found. Pass --to <deployId> explicitly.');
+        }
+        targetDeployId = candidates[0].id;
+        console.log(chalk.gray(`Selected latest success deploy: ${targetDeployId.slice(0, 12)}  (${candidates[0].startTime.slice(0, 19).replace('T', ' ')})`));
+    }
+    if (!opts.yes) {
+        if (!process.stdin.isTTY) {
+            throw new Error('Refusing to rollback in non-TTY mode without --yes. Add --yes to confirm.');
+        }
+        const rl = readline.createInterface({ input, output });
+        const answer = await rl.question(chalk.yellow(`About to rollback project ${projectId} to deploy ${targetDeployId.slice(0, 12)}. Proceed? [y/N] `));
+        rl.close();
+        if (!/^y(es)?$/i.test(answer.trim())) {
+            console.log(chalk.gray('Rollback cancelled.'));
+            return 1;
+        }
+    }
+    const traceId = randomUUID();
+    const res = await fetch(`${base}/api/deployments/${targetDeployId}/rollback`, {
+        method: 'POST',
+        headers: {
+            Authorization: `Bearer ${auth.token}`,
+            'X-Kite-Trace-Id': traceId,
+        },
+    });
+    const body = await readJson(res);
+    if (res.status === 401)
+        throw new Error('Unauthorized: invalid token');
+    if (res.status === 404)
+        throw new Error(body?.error || 'Deployment or artifact not found');
+    if (!res.ok || !body?.success) {
+        throw new Error(body?.error || `Rollback failed: HTTP ${res.status}`);
+    }
+    if (opts.json) {
+        process.stdout.write(JSON.stringify(body, null, 2) + '\n');
+        return 0;
+    }
+    console.log(chalk.green(`Rollback succeeded.`));
+    console.log(chalk.gray(`  new deployId : ${body.deployId}`));
+    console.log(chalk.gray(`  rolled back  : ${body.rollbackOf}`));
+    console.log(chalk.gray(`  duration     : ${body.duration}`));
+    console.log(chalk.gray(`  traceId      : ${body.traceId}`));
+    return 0;
+}

package/dist/pack.js

@@ -1,7 +1,7 @@
 import archiver from 'archiver';
 import fs from 'fs';
 import path from 'path';
-const IGNORED = ['node_modules/**', '.git/**', '*.zip', '.env*'];
+import { mergeIgnore } from './ignore.js';
 /**
  * 将路径列表折叠：如果一个目录下的所有文件都在列表中，则只展示目录
  */
@@ -78,9 +78,19 @@ function collapseEntries(rawEntries) {
  * 将指定目录或文件打包为 zip 文件
  * @param sourceDir 要打包的源目录
  * @param destZip 目标 zip 文件的路径
- * @param files 允许上传的特定文件或目录列表（可选，如果提供则仅打包这些内容）
+ * @param filesOrOptions 兼容旧签名 string[]，或新版 PackOptions
+ *
+ * 忽略规则语义：
+ *   - 显式 files 条目命中真实路径（archive.file / archive.directory）→ 不应用 ignore，
+ *     用户明确指定即表示需要。
+ *   - glob 通配（archive.glob 含默认全量）→ 应用 mergeIgnore({ custom, ignoreBuiltin })。
  */
-export async function packProject(sourceDir, destZip, files) {
+export async function packProject(sourceDir, destZip, filesOrOptions) {
+    const opts = Array.isArray(filesOrOptions)
+        ? { files: filesOrOptions }
+        : (filesOrOptions || {});
+    const files = opts.files;
+    const ignoreList = mergeIgnore({ custom: opts.ignore, ignoreBuiltin: opts.ignoreBuiltin });
     return new Promise((resolve, reject) => {
         const output = fs.createWriteStream(destZip);
         const archive = archiver('zip', {
@@ -125,12 +135,12 @@ export async function packProject(sourceDir, destZip, files) {
                     }
                 }
                 else {
-                    archive.glob(pattern, { cwd: sourceDir, ignore: IGNORED });
+                    archive.glob(pattern, { cwd: sourceDir, ignore: ignoreList });
                 }
             });
         }
         else {
-            archive.glob('**/*', { cwd: sourceDir, ignore: IGNORED });
+            archive.glob('**/*', { cwd: sourceDir, ignore: ignoreList });
         }
         archive.finalize();
     });

package/dist/serve.js

@@ -34,6 +34,17 @@ function detectRuntime(preferred) {
         process.exit(1);
     });
 }
+function isWeakAdminToken(token) {
+    if (typeof token !== 'string')
+        return { weak: true, reason: 'token 必须是字符串' };
+    if (token.length < 24)
+        return { weak: true, reason: '长度不足 24' };
+    if (!/[A-Za-z]/.test(token) || !/[0-9]/.test(token))
+        return { weak: true, reason: '需同时包含字母和数字' };
+    if (new Set(token).size < 8)
+        return { weak: true, reason: '字符多样性不足（去重 < 8）' };
+    return { weak: false };
+}
 function ensureAdminToken() {
     const localEnv = readLocalEnv();
     if (localEnv.KITE_DEPLOY_TOKEN) {
@@ -46,7 +57,12 @@ function ensureAdminToken() {
         const content = fs.readFileSync(envPath, 'utf-8');
         const match = content.match(/^ADMIN_TOKEN=(.+)$/m);
         if (match) {
-            return match[1].replace(/^['"]|['"]$/g, '');
+            const existing = match[1].replace(/^['"]|['"]$/g, '');
+            const check = isWeakAdminToken(existing);
+            if (check.weak) {
+                console.warn(chalk.yellow(`[warn] 当前 ADMIN_TOKEN 强度不足（${check.reason}），建议执行 kite rotate-token 或在 .env.local 中替换为长度 ≥ 24 且包含字母和数字、去重字符 ≥ 8 的随机字符串。`));
+            }
+            return existing;
         }
     }
     // Generate a new admin token
@@ -66,6 +82,14 @@ function buildServerEnv(options, adminToken) {
         KITE_SERVER_VERSION: cliPkg.version || '1.0.0',
     };
 }
+function isLocalHost(host) {
+    return host === '127.0.0.1' || host === 'localhost' || host === '::1';
+}
+function warnRemoteHost(host) {
+    if (!isLocalHost(host)) {
+        console.warn(chalk.yellow(`[warn] 当前监听 host=${host}，将对外网络暴露 Kite 管理端。请确保已在前置代理（Nginx/Caddy）配置 TLS 与限速，否则建议使用 --host 127.0.0.1。`));
+    }
+}
 function startForeground(options, env, runtime) {
     const bundlePath = getServerBundlePath();
     if (!fs.existsSync(bundlePath)) {
@@ -81,6 +105,7 @@ function startForeground(options, env, runtime) {
     console.log(chalk.gray(`  DB Dir: ${env.KITE_DB_DIR}`));
     console.log(chalk.yellow(`  Admin Token: ${env.ADMIN_TOKEN}`));
     console.log();
+    warnRemoteHost(options.host);
     const args = runtime.name === 'bun' ? ['run', bundlePath] : [bundlePath];
     const child = spawn(runtime.name, args, {
         stdio: 'inherit',
@@ -181,6 +206,7 @@ function startPm2(options, env, runtime) {
     console.log(chalk.gray('  pm2 logs kite-server    # View logs'));
     console.log(chalk.gray('  pm2 status              # Check status'));
     console.log(chalk.gray('  kite serve --pm2 stop   # Stop server'));
+    warnRemoteHost(options.host);
 }
 function stopPm2() {
     const result = spawnSync('pm2', ['delete', 'kite-server'], { stdio: 'inherit' });