@marcusrbrown/infra 0.4.9 → 0.4.11

package/src/commands/gateway/logs.test.ts

@@ -0,0 +1,222 @@
+import {afterEach, beforeEach, describe, expect, it} from 'bun:test'
+
+import {VALID_SERVICES, validateService} from './logs'
+
+// ─── validateService ─────────────────────────────────────────────────────────
+
+describe('validateService', () => {
+  it('accepts gateway as a valid service', () => {
+    expect(() => validateService('gateway')).not.toThrow()
+  })
+
+  it('accepts workspace as a valid service', () => {
+    expect(() => validateService('workspace')).not.toThrow()
+  })
+
+  it('accepts mitmproxy as a valid service', () => {
+    expect(() => validateService('mitmproxy')).not.toThrow()
+  })
+
+  it('rejects an unknown service name with a message listing valid services', () => {
+    expect(() => validateService('frobnicator')).toThrow(VALID_SERVICES.join(', '))
+  })
+})
+
+// ─── streamGatewayLogs — host validation (SEC1) ───────────────────────────────
+
+describe('streamGatewayLogs — host validation (SEC1)', () => {
+  it('rejects a leading-hyphen host and does not invoke ssh', async () => {
+    delete process.env.CI
+
+    const {streamGatewayLogs} = await import('./logs')
+
+    const neverSpawn: SpawnFn = () => {
+      throw new Error('spawn must not be called for an invalid host')
+    }
+
+    await expect(
+      streamGatewayLogs({host: '-oProxyCommand=evil', service: 'gateway', tail: 100, allowCi: false}, neverSpawn),
+    ).rejects.toThrow('Invalid GATEWAY_HOST')
+  })
+
+  it('rejects a host with shell metacharacters and does not invoke ssh', async () => {
+    delete process.env.CI
+
+    const {streamGatewayLogs} = await import('./logs')
+
+    const neverSpawn: SpawnFn = () => {
+      throw new Error('spawn must not be called for an invalid host')
+    }
+
+    await expect(
+      streamGatewayLogs(
+        {host: 'gateway.example.com;rm -rf', service: 'gateway', tail: 100, allowCi: false},
+        neverSpawn,
+      ),
+    ).rejects.toThrow('Invalid GATEWAY_HOST')
+  })
+
+  it('rejects an empty host and does not invoke ssh', async () => {
+    delete process.env.CI
+
+    const {streamGatewayLogs} = await import('./logs')
+
+    const neverSpawn: SpawnFn = () => {
+      throw new Error('spawn must not be called for an invalid host')
+    }
+
+    await expect(
+      streamGatewayLogs({host: '', service: 'gateway', tail: 100, allowCi: false}, neverSpawn),
+    ).rejects.toThrow('Invalid GATEWAY_HOST')
+  })
+
+  it('accepts a valid FQDN and invokes ssh normally', async () => {
+    delete process.env.CI
+
+    const {streamGatewayLogs} = await import('./logs')
+
+    const result = await streamGatewayLogs(
+      {host: 'gateway.example.com', service: 'gateway', tail: 100, allowCi: false},
+      makeSpawnOk(),
+    )
+
+    expect(result.refused).toBe(false)
+  })
+
+  it('accepts localhost as a valid host', async () => {
+    delete process.env.CI
+
+    const {streamGatewayLogs} = await import('./logs')
+
+    const result = await streamGatewayLogs(
+      {host: 'localhost', service: 'gateway', tail: 100, allowCi: false},
+      makeSpawnOk(),
+    )
+
+    expect(result.refused).toBe(false)
+  })
+
+  it('accepts an IPv4 address as a valid host', async () => {
+    delete process.env.CI
+
+    const {streamGatewayLogs} = await import('./logs')
+
+    const result = await streamGatewayLogs(
+      {host: '147.182.133.210', service: 'gateway', tail: 100, allowCi: false},
+      makeSpawnOk(),
+    )
+
+    expect(result.refused).toBe(false)
+  })
+})
+
+// ─── CI guard ────────────────────────────────────────────────────────────────
+
+type SpawnFn = (
+  cmd: string[],
+  opts: {env: Record<string, string>; stdout: 'inherit'; stderr: 'inherit'},
+) => {
+  exited: Promise<number>
+}
+
+function makeNeverSpawn(): SpawnFn {
+  return () => {
+    throw new Error('spawn should not have been called')
+  }
+}
+
+function makeSpawnOk(): SpawnFn {
+  return (_cmd, _opts) => ({exited: Promise.resolve(0)})
+}
+
+describe('CI guard', () => {
+  let originalCI: string | undefined
+
+  beforeEach(() => {
+    originalCI = process.env.CI
+  })
+
+  afterEach(() => {
+    if (originalCI === undefined) {
+      delete process.env.CI
+    } else {
+      process.env.CI = originalCI
+    }
+  })
+
+  it('refuses to stream logs in CI without --allow-ci', async () => {
+    process.env.CI = 'true'
+
+    const {streamGatewayLogs} = await import('./logs')
+
+    const messages: string[] = []
+    const result = await streamGatewayLogs(
+      {host: 'gateway.example.com', service: 'gateway', tail: 100, allowCi: false},
+      makeNeverSpawn(),
+      (msg: string) => {
+        messages.push(msg)
+      },
+    )
+
+    expect(result.refused).toBe(true)
+    expect(messages.some(m => m.includes('--allow-ci'))).toBe(true)
+  })
+
+  it('streams logs in CI when --allow-ci is set, printing stderr warning first', async () => {
+    process.env.CI = 'true'
+
+    const {streamGatewayLogs} = await import('./logs')
+
+    const warnings: string[] = []
+    const result = await streamGatewayLogs(
+      {host: 'gateway.example.com', service: 'gateway', tail: 100, allowCi: true},
+      makeSpawnOk(),
+      undefined,
+      (msg: string) => {
+        warnings.push(msg)
+      },
+    )
+
+    expect(result.refused).toBe(false)
+    expect(warnings.some(w => w.includes('Discord tokens'))).toBe(true)
+  })
+
+  it('streams logs in non-CI context, printing stderr warning first', async () => {
+    delete process.env.CI
+
+    const {streamGatewayLogs} = await import('./logs')
+
+    const warnings: string[] = []
+    const result = await streamGatewayLogs(
+      {host: 'gateway.example.com', service: 'gateway', tail: 100, allowCi: false},
+      makeSpawnOk(),
+      undefined,
+      (msg: string) => {
+        warnings.push(msg)
+      },
+    )
+
+    expect(result.refused).toBe(false)
+    expect(warnings.some(w => w.includes('Discord tokens'))).toBe(true)
+  })
+})
+
+// ─── --tail forwarding ───────────────────────────────────────────────────────
+
+describe('tail forwarding', () => {
+  it('forwards --tail N to docker compose logs command', async () => {
+    delete process.env.CI
+
+    const {streamGatewayLogs} = await import('./logs')
+
+    let capturedCmd: string[] = []
+    const spawnCapture: SpawnFn = (cmd, _opts) => {
+      capturedCmd = cmd
+      return {exited: Promise.resolve(0)}
+    }
+
+    await streamGatewayLogs({host: 'gateway.example.com', service: 'gateway', tail: 25, allowCi: false}, spawnCapture)
+
+    expect(capturedCmd.join(' ')).toContain('--tail=25')
+  })
+})

package/src/commands/gateway/logs.ts

@@ -0,0 +1,158 @@
+import type {goke} from 'goke'
+
+import {z} from 'zod'
+
+import {validateGatewayHost} from './host'
+
+declare const process: {
+  env: Record<string, string | undefined>
+  exitCode?: number
+  stderr: {write: (msg: string) => void}
+}
+
+const COMPOSE_PROJECT_DIR = '/opt/gateway/deploy'
+const SENSITIVE_WARNING =
+  'Warning: Logs may contain Discord tokens, S3 credentials, or user data. Treat output as sensitive; do not capture in shared logs or chat.'
+
+export const VALID_SERVICES = ['gateway', 'workspace', 'mitmproxy'] as const
+
+export type ValidService = (typeof VALID_SERVICES)[number]
+
+// ─── Pure helpers ─────────────────────────────────────────────────────────────
+
+export function validateService(service: string): asserts service is ValidService {
+  if (!VALID_SERVICES.includes(service as ValidService)) {
+    throw new Error(`Invalid service "${service}". Valid services: ${VALID_SERVICES.join(', ')}`)
+  }
+}
+
+// ─── Injectable spawn type ────────────────────────────────────────────────────
+
+export type LogsSpawnFn = (
+  cmd: string[],
+  opts: {env: Record<string, string>; stdout: 'inherit'; stderr: 'inherit'},
+) => {
+  exited: Promise<number>
+}
+
+export interface StreamLogsOpts {
+  host: string
+  service: string
+  tail: number
+  allowCi: boolean
+}
+
+export interface StreamLogsResult {
+  refused: boolean
+  exitCode?: number
+}
+
+function defaultLogsSpawn(
+  cmd: string[],
+  opts: {env: Record<string, string>; stdout: 'inherit'; stderr: 'inherit'},
+): {exited: Promise<number>} {
+  return Bun.spawn(cmd, opts)
+}
+
+export async function streamGatewayLogs(
+  opts: StreamLogsOpts,
+  spawn: LogsSpawnFn = defaultLogsSpawn,
+  printOut?: (msg: string) => void,
+  printErr?: (msg: string) => void,
+): Promise<StreamLogsResult> {
+  const isCI = process.env.CI === 'true'
+
+  if (isCI && !opts.allowCi) {
+    const msg = 'Refusing to stream logs in CI without --allow-ci. Logs may contain sensitive tokens or user data.'
+    if (printOut) {
+      printOut(msg)
+    } else {
+      console.log(msg)
+    }
+
+    return {refused: true}
+  }
+
+  // Warn on every run — logs are sensitive regardless of context
+  if (printErr) {
+    printErr(SENSITIVE_WARNING)
+  } else {
+    console.error(SENSITIVE_WARNING)
+  }
+
+  validateGatewayHost(opts.host)
+
+  const sshCmd = [
+    'ssh',
+    '-o',
+    'BatchMode=yes',
+    '-o',
+    'StrictHostKeyChecking=yes',
+    `root@${opts.host}`,
+    `docker compose --project-directory ${COMPOSE_PROJECT_DIR} logs --no-color --tail=${opts.tail} ${opts.service}`,
+  ]
+
+  const env: Record<string, string> = {
+    PATH: process.env.PATH ?? '/usr/bin:/bin',
+    HOME: process.env.HOME ?? '/tmp',
+    ...(process.env.SSH_AUTH_SOCK ? {SSH_AUTH_SOCK: process.env.SSH_AUTH_SOCK} : {}),
+  }
+
+  const child = spawn(sshCmd, {env, stdout: 'inherit', stderr: 'inherit'})
+  const exitCode = await child.exited
+
+  return {refused: false, exitCode}
+}
+
+// ─── Command registration ─────────────────────────────────────────────────────
+
+export function registerGatewayLogs(cli: ReturnType<typeof goke>): void {
+  cli
+    .command('gateway logs [service]', 'Stream logs from a gateway service via SSH and docker compose.')
+    .option('--tail [n]', z.number().default(100).describe('Number of log lines to tail from each service.'))
+    .option(
+      '--allow-ci',
+      z
+        .boolean()
+        .default(false)
+        .describe('Allow log streaming in CI environments. Logs may contain sensitive credentials.'),
+    )
+    .option(
+      '--key [key]',
+      z.string().describe('Environment variable name holding the SSH host. Falls back to GATEWAY_HOST when omitted.'),
+    )
+    .action(async (service, options) => {
+      const targetService = (service as string | undefined) ?? 'gateway'
+
+      try {
+        validateService(targetService)
+      } catch (error) {
+        console.error(error instanceof Error ? error.message : String(error))
+        process.exitCode = 1
+        return
+      }
+
+      const hostEnvKey = options.key ?? 'GATEWAY_HOST'
+      const host = process.env[hostEnvKey]
+
+      if (!host) {
+        console.error(`Gateway host not set. Export ${hostEnvKey} or pass --key <env-name> pointing to a set variable.`)
+        process.exitCode = 1
+        return
+      }
+
+      const tail = typeof options.tail === 'number' ? options.tail : 100
+      const allowCi = options.allowCi === true
+
+      const result = await streamGatewayLogs({host, service: targetService, tail, allowCi})
+
+      if (result.refused) {
+        process.exitCode = 1
+        return
+      }
+
+      if (result.exitCode !== 0) {
+        process.exitCode = result.exitCode ?? 1
+      }
+    })
+}