@marcusrbrown/infra 0.2.0 → 0.3.0

package/src/commands/cliproxy-deploy.ts

@@ -0,0 +1,145 @@
+import type {goke} from 'goke'
+
+import {existsSync} from 'node:fs'
+import {resolve} from 'node:path'
+import {z} from 'zod'
+
+const REPO = 'marcusrbrown/infra'
+const WORKFLOW_NAME = 'Deploy'
+const WORKFLOW_URL = 'https://github.com/marcusrbrown/infra/actions/workflows/deploy.yaml'
+
+type CliInstance = ReturnType<typeof goke>
+
+export function resolveLocalDeployScriptPath(): string {
+  const primary = resolve(import.meta.dir, '../../../../apps/cliproxy/src/deploy.ts')
+  if (existsSync(primary)) {
+    return primary
+  }
+
+  return resolve(import.meta.dir, '../../../apps/cliproxy/src/deploy.ts')
+}
+
+export function getLocalDeployEnv(): Record<string, string> {
+  const path = process.env.PATH
+  const home = process.env.HOME
+  const sshAuthSock = process.env.SSH_AUTH_SOCK
+
+  if (!path) {
+    throw new Error('PATH is required for local deploy')
+  }
+
+  if (!home) {
+    throw new Error('HOME is required for local deploy')
+  }
+
+  if (!sshAuthSock) {
+    throw new Error('SSH_AUTH_SOCK is required for local deploy. Start ssh-agent and load your deploy key first.')
+  }
+
+  return {
+    PATH: path,
+    HOME: home,
+    SSH_AUTH_SOCK: sshAuthSock,
+    CLIPROXY_DOMAIN: process.env.CLIPROXY_DOMAIN ?? '',
+    CLIPROXY_MANAGEMENT_KEY: process.env.CLIPROXY_MANAGEMENT_KEY ?? '',
+  }
+}
+
+export function validateLocalPreconditions(): {deployScriptPath: string} {
+  const deployScriptPath = resolveLocalDeployScriptPath()
+  if (!existsSync(deployScriptPath)) {
+    throw new Error(`Local deploy script not found at expected path: ${deployScriptPath}`)
+  }
+
+  getLocalDeployEnv()
+
+  return {deployScriptPath}
+}
+
+export function validateRemotePreconditions(): void {
+  if (!Bun.which('gh')) {
+    throw new Error('gh CLI is required for remote deploy. Install gh and run `gh auth login`.')
+  }
+}
+
+export function registerCliproxyDeploy(cli: CliInstance): void {
+  cli
+    .command(
+      'cliproxy deploy',
+      'Deploy CLIProxyAPI. Default mode triggers the GitHub Deploy workflow, while --local runs apps/cliproxy/src/deploy.ts directly with Bun.',
+    )
+    .option(
+      '--local',
+      z
+        .boolean()
+        .default(false)
+        .describe(
+          'Run local deployment with Bun using apps/cliproxy/src/deploy.ts instead of triggering GitHub Actions.',
+        ),
+    )
+    .option(
+      '--dry-run',
+      z
+        .boolean()
+        .default(false)
+        .describe(
+          'Validate deploy prerequisites and print planned actions without executing local deploy or dispatching workflow.',
+        ),
+    )
+    .example('# Trigger remote GitHub Actions deploy (default mode)')
+    .example('infra cliproxy deploy')
+    .example('# Validate local deploy preconditions and planned command')
+    .example('infra cliproxy deploy --local --dry-run')
+    .example('# Run local deploy with explicit SSH agent context')
+    .example('infra cliproxy deploy --local')
+    .action(async options => {
+      if (options.local) {
+        const {deployScriptPath} = validateLocalPreconditions()
+        const env = getLocalDeployEnv()
+        const command = ['bun', deployScriptPath]
+
+        if (options.dryRun) {
+          console.log('Dry run: local CLIProxyAPI deploy')
+          console.log(`- deploy script: ${deployScriptPath}`)
+          console.log(`- command: ${command.join(' ')}`)
+          console.log(`- CLIPROXY_DOMAIN=${env.CLIPROXY_DOMAIN || '(unset)'}`)
+          return
+        }
+
+        const child = Bun.spawn(command, {
+          env,
+          stdout: 'inherit',
+          stderr: 'inherit',
+        })
+
+        const exitCode = await child.exited
+        if (exitCode !== 0) {
+          throw new Error(`Local deploy failed with exit code ${exitCode}`)
+        }
+
+        return
+      }
+
+      validateRemotePreconditions()
+
+      if (options.dryRun) {
+        console.log('Dry run: remote CLIProxyAPI deploy')
+        console.log(`- command: gh workflow run ${WORKFLOW_NAME} --repo ${REPO}`)
+        console.log(`- workflow URL: ${WORKFLOW_URL}`)
+        return
+      }
+
+      const child = Bun.spawn(['gh', 'workflow', 'run', WORKFLOW_NAME, '--repo', REPO], {
+        stdout: 'inherit',
+        stderr: 'inherit',
+      })
+
+      const exitCode = await child.exited
+      if (exitCode !== 0) {
+        throw new Error(`Failed to trigger ${WORKFLOW_NAME} workflow (exit code ${exitCode})`)
+      }
+
+      console.log(`Workflow triggered: ${WORKFLOW_URL}`)
+      console.log('Approve the production environment deployment in GitHub Actions to continue.')
+    })
+}

package/src/commands/cliproxy-keys.ts

@@ -0,0 +1,168 @@
+import type {goke} from 'goke'
+
+import {z} from 'zod'
+
+const DEFAULT_CLIPROXY_URL = 'https://cliproxy.fro.bot'
+const HTTP_TIMEOUT_MS = 10_000
+
+function stripTrailingSlash(value: string): string {
+  return value.endsWith('/') ? value.slice(0, -1) : value
+}
+
+function resolveBaseUrl(input?: string): string {
+  return stripTrailingSlash(input ?? process.env.CLIPROXY_URL ?? DEFAULT_CLIPROXY_URL)
+}
+
+function resolveManagementKey(input?: string): string {
+  const key = input ?? process.env.CLIPROXY_MANAGEMENT_KEY
+
+  if (!key) {
+    throw new Error('Management API key is required. Pass --key or set CLIPROXY_MANAGEMENT_KEY.')
+  }
+
+  return key
+}
+
+function managementHeaders(key: string): Headers {
+  const headers = new Headers()
+  headers.set('authorization', `Bearer ${key}`)
+  headers.set('x-management-key', key)
+  headers.set('content-type', 'application/json')
+  return headers
+}
+
+async function requestJson(endpoint: string, init: RequestInit): Promise<unknown> {
+  const response = await fetch(endpoint, {
+    ...init,
+    signal: AbortSignal.timeout(HTTP_TIMEOUT_MS),
+  })
+
+  if (!response.ok) {
+    const body = await response.text()
+    throw new Error(`${init.method ?? 'GET'} ${endpoint} failed with HTTP ${response.status}: ${body}`)
+  }
+
+  try {
+    return await response.json()
+  } catch {
+    return null
+  }
+}
+
+export function toStringArray(payload: unknown): string[] {
+  if (Array.isArray(payload)) {
+    return payload.filter(item => typeof item === 'string')
+  }
+
+  if (payload && typeof payload === 'object') {
+    const value = (payload as Record<string, unknown>).api_keys
+    if (Array.isArray(value)) {
+      return value.filter(item => typeof item === 'string')
+    }
+  }
+
+  return []
+}
+
+export function registerCliproxyKeys(cli: ReturnType<typeof goke>): void {
+  cli
+    .command('cliproxy keys list', 'List CLIProxyAPI API keys from the management API.')
+    .option(
+      '--url [url]',
+      z
+        .string()
+        .describe(
+          'Base URL for CLIProxyAPI management requests. Falls back to CLIPROXY_URL or https://cliproxy.fro.bot.',
+        ),
+    )
+    .option(
+      '--key [key]',
+      z.string().describe('Management API bearer token. Falls back to CLIPROXY_MANAGEMENT_KEY when omitted.'),
+    )
+    .action(async options => {
+      const baseUrl = resolveBaseUrl(options.url)
+      const managementKey = resolveManagementKey(options.key)
+      const endpoint = `${baseUrl}/v0/management/api-keys`
+      const payload = await requestJson(endpoint, {
+        method: 'GET',
+        headers: managementHeaders(managementKey),
+      })
+
+      console.log(JSON.stringify(toStringArray(payload), null, 2))
+    })
+
+  cli
+    .command(
+      'cliproxy keys add <key>',
+      'Add an API key by fetching current keys, appending the value, and replacing full key set.',
+    )
+    .option(
+      '--url [url]',
+      z
+        .string()
+        .describe(
+          'Base URL for CLIProxyAPI management requests. Falls back to CLIPROXY_URL or https://cliproxy.fro.bot.',
+        ),
+    )
+    .option(
+      '--key [key]',
+      z.string().describe('Management API bearer token. Falls back to CLIPROXY_MANAGEMENT_KEY when omitted.'),
+    )
+    .example('# Add a new API key to the current key set')
+    .example('infra cliproxy keys add sk-live-123')
+    .action(async (apiKeyToAdd, options) => {
+      const baseUrl = resolveBaseUrl(options.url)
+      const managementKey = resolveManagementKey(options.key)
+      const endpoint = `${baseUrl}/v0/management/api-keys`
+
+      const currentPayload = await requestJson(endpoint, {
+        method: 'GET',
+        headers: managementHeaders(managementKey),
+      })
+      const currentKeys = toStringArray(currentPayload)
+
+      if (currentKeys.includes(apiKeyToAdd)) {
+        console.log('Key already present; no update required.')
+        return
+      }
+
+      const nextKeys = [...currentKeys, apiKeyToAdd]
+      const updatedPayload = await requestJson(endpoint, {
+        method: 'PUT',
+        headers: managementHeaders(managementKey),
+        body: JSON.stringify({api_keys: nextKeys}),
+      })
+
+      console.log(JSON.stringify(updatedPayload ?? {api_keys: nextKeys}, null, 2))
+    })
+
+  cli
+    .command('cliproxy keys remove <key>', 'Remove an API key via management API endpoint query parameter.')
+    .option(
+      '--url [url]',
+      z
+        .string()
+        .describe(
+          'Base URL for CLIProxyAPI management requests. Falls back to CLIPROXY_URL or https://cliproxy.fro.bot.',
+        ),
+    )
+    .option(
+      '--key [key]',
+      z.string().describe('Management API bearer token. Falls back to CLIPROXY_MANAGEMENT_KEY when omitted.'),
+    )
+    .example('# Remove an API key from CLIProxyAPI')
+    .example('infra cliproxy keys remove sk-live-123')
+    .action(async (apiKeyToRemove, options) => {
+      const baseUrl = resolveBaseUrl(options.url)
+      const managementKey = resolveManagementKey(options.key)
+      const params = new URLSearchParams({value: apiKeyToRemove})
+      const endpoint = `${baseUrl}/v0/management/api-keys?${params.toString()}`
+
+      const payload = await requestJson(endpoint, {
+        method: 'DELETE',
+        headers: managementHeaders(managementKey),
+      })
+
+      console.log(JSON.stringify(payload, null, 2))
+    })
+}

package/src/commands/cliproxy-login.ts

@@ -0,0 +1,81 @@
+import type {goke} from 'goke'
+
+import {z} from 'zod'
+
+const DEFAULT_HOST = 'cliproxy.fro.bot'
+const DEFAULT_REMOTE_USER = 'root'
+
+export function resolveHost(input?: string): string {
+  const host = input ?? process.env.CLIPROXY_DOMAIN ?? DEFAULT_HOST
+
+  if (!host) {
+    throw new Error('CLIPROXY_DOMAIN is required. Pass --host or set CLIPROXY_DOMAIN.')
+  }
+
+  return host
+}
+
+export function requireSshAuthSock(): string {
+  const sshAuthSock = process.env.SSH_AUTH_SOCK
+  if (!sshAuthSock) {
+    throw new Error('SSH_AUTH_SOCK is required. Start ssh-agent and load your SSH key before running cliproxy login.')
+  }
+
+  return sshAuthSock
+}
+
+export function registerCliproxyLogin(cli: ReturnType<typeof goke>): void {
+  cli
+    .command(
+      'cliproxy login <provider>',
+      'Run provider login on the remote CLIProxyAPI host and print OAuth URL output.',
+    )
+    .option(
+      '--host [host]',
+      z
+        .string()
+        .describe('CLIProxyAPI droplet host for SSH execution. Falls back to CLIPROXY_DOMAIN or cliproxy.fro.bot.'),
+    )
+    .example('# Start Claude login flow on remote CLIProxyAPI instance')
+    .example('infra cliproxy login claude')
+    .action(async (provider, options) => {
+      if (provider !== 'claude') {
+        throw new Error(`Unsupported provider "${provider}". Currently only "claude" is supported.`)
+      }
+
+      const host = resolveHost(options.host)
+      const sshAuthSock = requireSshAuthSock()
+      const path = process.env.PATH
+      const home = process.env.HOME
+
+      if (!path) {
+        throw new Error('PATH is required to invoke ssh')
+      }
+
+      if (!home) {
+        throw new Error('HOME is required to invoke ssh')
+      }
+
+      const remoteCommand = 'docker compose exec cli-proxy-api /CLIProxyAPI/CLIProxyAPI --no-browser --claude-login'
+
+      const child = Bun.spawn(
+        ['ssh', '-o', 'BatchMode=yes', '-o', 'ConnectTimeout=10', `${DEFAULT_REMOTE_USER}@${host}`, remoteCommand],
+        {
+          env: {
+            PATH: path,
+            HOME: home,
+            SSH_AUTH_SOCK: sshAuthSock,
+          },
+          stdout: 'inherit',
+          stderr: 'inherit',
+        },
+      )
+
+      const exitCode = await child.exited
+      if (exitCode !== 0) {
+        throw new Error(`Remote login command failed with exit code ${exitCode}`)
+      }
+
+      console.log('If an OAuth URL was printed above, open it in your browser to complete login.')
+    })
+}

package/src/commands/cliproxy-status.test.ts

@@ -0,0 +1,271 @@
+import {afterEach, beforeEach, describe, expect, it} from 'bun:test'
+
+import {
+  checkHttpReachability,
+  checkUsageStats,
+  checkVersion,
+  formatDurationMs,
+  levelLabel,
+  stripTrailingSlash,
+  toNumber,
+} from './cliproxy-status'
+
+const originalFetch = globalThis.fetch
+
+type FetchReplacement = (url: string, init?: RequestInit) => Promise<Response>
+
+function createFetchImplementation(handler: FetchReplacement): typeof fetch {
+  return Object.assign(
+    (input: string | URL | Request, init?: RequestInit) => {
+      if (typeof input !== 'string') {
+        throw new TypeError(`Unexpected non-string fetch input: ${String(input)}`)
+      }
+
+      return handler(input, init)
+    },
+    {preconnect: originalFetch.preconnect},
+  )
+}
+
+describe('cliproxy status helpers', () => {
+  beforeEach(() => {
+    globalThis.fetch = createFetchImplementation(async () => {
+      throw new Error('Unexpected fetch call')
+    })
+  })
+
+  afterEach(() => {
+    globalThis.fetch = originalFetch
+  })
+
+  describe('levelLabel', () => {
+    it('returns OK for ok', () => {
+      expect(levelLabel('ok')).toBe('OK')
+    })
+
+    it('returns WARN for warning', () => {
+      expect(levelLabel('warning')).toBe('WARN')
+    })
+
+    it('returns ERROR for error', () => {
+      expect(levelLabel('error')).toBe('ERROR')
+    })
+  })
+
+  describe('formatDurationMs', () => {
+    it('formats positive durations', () => {
+      expect(formatDurationMs(150)).toBe('150ms')
+    })
+
+    it('formats zero duration', () => {
+      expect(formatDurationMs(0)).toBe('0ms')
+    })
+
+    it('clamps negative durations to zero', () => {
+      expect(formatDurationMs(-5)).toBe('0ms')
+    })
+  })
+
+  describe('stripTrailingSlash', () => {
+    it('removes a trailing slash', () => {
+      expect(stripTrailingSlash('https://example.com/')).toBe('https://example.com')
+    })
+
+    it('does nothing when there is no trailing slash', () => {
+      expect(stripTrailingSlash('https://example.com')).toBe('https://example.com')
+    })
+  })
+
+  describe('toNumber', () => {
+    it('returns finite numbers as-is', () => {
+      expect(toNumber(42)).toBe(42)
+    })
+
+    it('returns null for non-numbers', () => {
+      expect(toNumber('not a number')).toBeNull()
+    })
+
+    it('returns null for NaN', () => {
+      expect(toNumber(Number.NaN)).toBeNull()
+    })
+
+    it('returns null for infinity', () => {
+      expect(toNumber(Number.POSITIVE_INFINITY)).toBeNull()
+    })
+  })
+
+  describe('checkHttpReachability', () => {
+    it('returns ok for HTTP 200', async () => {
+      globalThis.fetch = createFetchImplementation(async () => new Response('ok', {status: 200}))
+
+      const result = await checkHttpReachability('https://cliproxy.example.com', false)
+
+      expect(result.level).toBe('ok')
+      expect(result.summary).toContain('GET https://cliproxy.example.com → 200')
+      expect(result.summary).toContain('ms')
+    })
+
+    it('returns error for HTTP 500', async () => {
+      globalThis.fetch = createFetchImplementation(async () => new Response('error', {status: 500}))
+
+      const result = await checkHttpReachability('https://cliproxy.example.com', false)
+
+      expect(result.level).toBe('error')
+      expect(result.summary).toContain('GET https://cliproxy.example.com → 500')
+    })
+
+    it('returns error details for network failures', async () => {
+      globalThis.fetch = createFetchImplementation(async () => {
+        throw new Error('Network timeout')
+      })
+
+      const result = await checkHttpReachability('https://cliproxy.example.com', true)
+
+      expect(result.level).toBe('error')
+      expect(result.summary).toContain('Network timeout')
+      expect(result.details).toEqual(['URL: https://cliproxy.example.com', 'Timeout: 10000ms'])
+    })
+  })
+
+  describe('checkUsageStats', () => {
+    it('returns ok when failures are zero', async () => {
+      globalThis.fetch = createFetchImplementation(
+        async () =>
+          new Response(JSON.stringify({total_requests: 10, failure_count: 0}), {
+            status: 200,
+            headers: {'content-type': 'application/json'},
+          }),
+      )
+
+      const result = await checkUsageStats('https://cliproxy.example.com', 'secret')
+
+      expect(result.level).toBe('ok')
+      expect(result.summary).toBe('total_requests=10, failure_count=0')
+    })
+
+    it('returns warning when token refresh is likely needed', async () => {
+      globalThis.fetch = createFetchImplementation(
+        async () =>
+          new Response(JSON.stringify({total_requests: 10, failure_count: 3}), {
+            status: 200,
+            headers: {'content-type': 'application/json'},
+          }),
+      )
+
+      const result = await checkUsageStats('https://cliproxy.example.com', 'secret')
+
+      expect(result.level).toBe('warning')
+      expect(result.summary).toContain('total_requests=10, failure_count=3')
+      expect(result.summary).toContain('token refresh likely needed')
+    })
+
+    it('returns warning when rate limited', async () => {
+      globalThis.fetch = createFetchImplementation(async () => new Response('rate limited', {status: 429}))
+
+      const result = await checkUsageStats('https://cliproxy.example.com', 'secret')
+
+      expect(result.level).toBe('warning')
+      expect(result.summary).toContain('Rate limited')
+    })
+
+    it('returns error for non-200 responses', async () => {
+      globalThis.fetch = createFetchImplementation(async () => new Response('boom', {status: 500}))
+
+      const result = await checkUsageStats('https://cliproxy.example.com', 'secret')
+
+      expect(result.level).toBe('error')
+      expect(result.summary).toContain('HTTP 500')
+    })
+
+    it('returns error for network failures', async () => {
+      globalThis.fetch = createFetchImplementation(async () => {
+        throw new Error('socket hang up')
+      })
+
+      const result = await checkUsageStats('https://cliproxy.example.com', 'secret')
+
+      expect(result.level).toBe('error')
+      expect(result.summary).toContain('Unable to read usage stats: socket hang up')
+    })
+  })
+
+  describe('checkVersion', () => {
+    it('returns ok for JSON string payloads', async () => {
+      globalThis.fetch = createFetchImplementation(
+        async () =>
+          new Response(JSON.stringify('1.2.3'), {
+            status: 200,
+            headers: {'content-type': 'application/json'},
+          }),
+      )
+
+      const result = await checkVersion('https://cliproxy.example.com', 'secret')
+
+      expect(result.level).toBe('ok')
+      expect(result.summary).toBe('1.2.3')
+    })
+
+    it('returns ok for object payloads with version', async () => {
+      globalThis.fetch = createFetchImplementation(
+        async () =>
+          new Response(JSON.stringify({version: '1.2.3'}), {
+            status: 200,
+            headers: {'content-type': 'application/json'},
+          }),
+      )
+
+      const result = await checkVersion('https://cliproxy.example.com', 'secret')
+
+      expect(result.level).toBe('ok')
+      expect(result.summary).toBe('1.2.3')
+    })
+
+    it('returns warning for empty version strings', async () => {
+      globalThis.fetch = createFetchImplementation(
+        async () =>
+          new Response(JSON.stringify({version: ''}), {
+            status: 200,
+            headers: {'content-type': 'application/json'},
+          }),
+      )
+
+      const result = await checkVersion('https://cliproxy.example.com', 'secret')
+
+      expect(result.level).toBe('warning')
+      expect(result.summary).toContain('did not include a usable version string')
+    })
+
+    it('returns warning for missing version fields', async () => {
+      globalThis.fetch = createFetchImplementation(
+        async () =>
+          new Response(JSON.stringify({}), {
+            status: 200,
+            headers: {'content-type': 'application/json'},
+          }),
+      )
+
+      const result = await checkVersion('https://cliproxy.example.com', 'secret')
+
+      expect(result.level).toBe('warning')
+      expect(result.summary).toContain('did not include a usable version string')
+    })
+
+    it('returns warning when rate limited', async () => {
+      globalThis.fetch = createFetchImplementation(async () => new Response('rate limited', {status: 429}))
+
+      const result = await checkVersion('https://cliproxy.example.com', 'secret')
+
+      expect(result.level).toBe('warning')
+      expect(result.summary).toContain('Rate limited')
+    })
+
+    it('returns error for non-200 responses', async () => {
+      globalThis.fetch = createFetchImplementation(async () => new Response('boom', {status: 500}))
+
+      const result = await checkVersion('https://cliproxy.example.com', 'secret')
+
+      expect(result.level).toBe('error')
+      expect(result.summary).toContain('HTTP 500')
+    })
+  })
+})