@marcusrbrown/infra 0.8.0 → 0.9.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@marcusrbrown/infra",
-  "version": "0.8.0",
+  "version": "0.9.0",
   "description": "Infrastructure management CLI — deploy automation, health checks, and MCP bridge",
   "keywords": [
     "infra",

package/src/__snapshots__/cli.test.ts.snap

@@ -125,9 +125,27 @@ Commands:
     --include-ca                       Restore the mitmproxy CA certificate and private key. Currently the only supported restore target. (default: true)
 
 
+  umami status                         Show operational health of the Umami analytics deployment via docker compose ps.
+
+    --key [key]                        Environment variable name holding the SSH host. Falls back to UMAMI_DOMAIN when omitted.
+
+
+  umami deploy                         Deploy Umami analytics. Default mode triggers the GitHub Deploy Umami workflow, while --local runs apps/umami deploy directly with Bun.
+
+    --local                            Run local deployment with Bun using apps/umami instead of triggering GitHub Actions. (default: false)
+    --dry-run                          Validate deploy prerequisites and print planned actions without executing local deploy or dispatching workflow. (default: false)
+
+
+  umami logs [service]                 Stream logs from an Umami service via SSH and docker compose.
+
+    --tail [n]                         Number of log lines to tail from each service. (default: 100)
+    --allow-ci                         Allow log streaming in CI environments. Logs may contain sensitive credentials. (default: false)
+    --key [key]                        Environment variable name holding the SSH host. Falls back to UMAMI_DOMAIN when omitted.
+
+
   status                               Show status of all deployments
 
-    --json                             Output machine-readable JSON with keeweb, cliproxy, and gateway summary objects.
+    --json                             Output machine-readable JSON with keeweb, cliproxy, gateway, and umami summary objects.
     --verbose                          Include verbose per-app health check details when building the summary rows.
 
 

package/src/cli.ts

@@ -7,6 +7,7 @@ import {registerGatewayCommands} from './commands/gateway'
 import {registerKeewebCommands} from './commands/keeweb'
 import {registerMcp} from './commands/mcp'
 import {registerStatus} from './commands/status'
+import {registerUmamiCommands} from './commands/umami'
 
 declare const process: {
   argv: string[]
@@ -20,6 +21,7 @@ cli.option('--verbose', 'Enable verbose output for all commands')
 registerKeewebCommands(cli)
 registerCliproxyCommands(cli)
 registerGatewayCommands(cli)
+registerUmamiCommands(cli)
 registerStatus(cli)
 registerMcp(cli)
 

package/src/commands/cliproxy/setup/providers.test.ts

@@ -1,9 +1,23 @@
 /// <reference types="bun" />
 
+import type {MultiSelectOptions, TextOptions} from '@clack/prompts'
 import {describe, expect, it, spyOn} from 'bun:test'
 
 import {parseProviders, promptForModel, promptForProviders} from './providers'
 
+// Type helper: cast a concrete-typed clack implementation to the generic spy type.
+// clack's multiselect/text/select are generic functions; Bun's spyOn preserves the
+// generic signature, so mockImplementation requires the same generic. We provide a
+// concrete instantiation and widen through `unknown` — this is safe because the
+// concrete type is a structural subtype of the generic at the call site.
+function asMultiselectImpl<V>(fn: (opts: MultiSelectOptions<V>) => Promise<V[] | symbol>) {
+  return fn as unknown as <Value>(opts: MultiSelectOptions<Value>) => Promise<Value[] | symbol>
+}
+
+function asTextImpl(fn: (opts: TextOptions) => Promise<string | symbol>) {
+  return fn as unknown as (opts: TextOptions) => Promise<string | symbol>
+}
+
 describe('option parsing', () => {
   describe('parseProviders', () => {
     it("parses \"anthropic,openai\" to ['anthropic', 'openai']", () => {
@@ -40,7 +54,6 @@ describe('option parsing', () => {
   })
 })
 
-/* eslint-disable @typescript-eslint/no-explicit-any -- spyOn mock return values require `any` casts */
 describe('interactive provider/model prompts', () => {
   // We spy on @clack/prompts functions directly since Bun's mock.module
   // requires static hoisting. Instead we use spyOn on the imported module.
@@ -60,7 +73,8 @@ describe('interactive provider/model prompts', () => {
   describe('promptForProviders', () => {
     it('happy path: anthropic-only selection returns [anthropic]', async () => {
       const clack = await import('@clack/prompts')
-      const multiselectSpy = spyOn(clack, 'multiselect').mockResolvedValue(['anthropic'] as any)
+      // multiselect<Value> returns Promise<Value[] | symbol>; resolved value is string[] | symbol
+      const multiselectSpy = spyOn(clack, 'multiselect').mockResolvedValue(['anthropic'])
 
       const result = await promptForProviders()
 
@@ -72,7 +86,7 @@ describe('interactive provider/model prompts', () => {
 
     it('happy path: both providers selected returns [anthropic, openai]', async () => {
       const clack = await import('@clack/prompts')
-      const multiselectSpy = spyOn(clack, 'multiselect').mockResolvedValue(['anthropic', 'openai'] as any)
+      const multiselectSpy = spyOn(clack, 'multiselect').mockResolvedValue(['anthropic', 'openai'])
 
       const result = await promptForProviders()
 
@@ -84,11 +98,13 @@ describe('interactive provider/model prompts', () => {
     it('edge case: empty selection re-prompts; multiselect called exactly twice', async () => {
       const clack = await import('@clack/prompts')
       let callCount = 0
-      const multiselectSpy = spyOn(clack, 'multiselect').mockImplementation(async () => {
-        callCount++
-        if (callCount === 1) return [] as any
-        return ['anthropic'] as any
-      })
+      const multiselectSpy = spyOn(clack, 'multiselect').mockImplementation(
+        asMultiselectImpl<string>(async () => {
+          callCount++
+          if (callCount === 1) return []
+          return ['anthropic']
+        }),
+      )
 
       const result = await promptForProviders()
 
@@ -101,12 +117,12 @@ describe('interactive provider/model prompts', () => {
     it('edge case: cancel mid-flow causes process.exit(0)', async () => {
       const clack = await import('@clack/prompts')
       const cancelSymbol = Symbol('cancel')
-      const multiselectSpy = spyOn(clack, 'multiselect').mockResolvedValue(cancelSymbol as any)
+      const multiselectSpy = spyOn(clack, 'multiselect').mockResolvedValue(cancelSymbol)
       const isCancelSpy = spyOn(clack, 'isCancel').mockImplementation(v => v === cancelSymbol)
       const cancelSpy = spyOn(clack, 'cancel').mockImplementation(() => {})
-      const exitSpy = spyOn(process, 'exit').mockImplementation((() => {
+      const exitSpy = spyOn(process, 'exit').mockImplementation((_code?: number): never => {
         throw new Error('process.exit called')
-      }) as any)
+      })
 
       await expect(promptForProviders()).rejects.toThrow('process.exit called')
 
@@ -144,7 +160,7 @@ describe('interactive provider/model prompts', () => {
 
     it('happy path: both providers, operator picks openai/gpt-5.4-mini from select', async () => {
       const clack = await import('@clack/prompts')
-      const selectSpy = spyOn(clack, 'select').mockResolvedValue('openai/gpt-5.4-mini' as any)
+      const selectSpy = spyOn(clack, 'select').mockResolvedValue('openai/gpt-5.4-mini')
 
       const result = await promptForModel(['anthropic', 'openai'])
 
@@ -156,7 +172,7 @@ describe('interactive provider/model prompts', () => {
 
     it('happy path: both providers, operator picks anthropic/claude-sonnet-4-6 from select', async () => {
       const clack = await import('@clack/prompts')
-      const selectSpy = spyOn(clack, 'select').mockResolvedValue('anthropic/claude-sonnet-4-6' as any)
+      const selectSpy = spyOn(clack, 'select').mockResolvedValue('anthropic/claude-sonnet-4-6')
 
       const result = await promptForModel(['anthropic', 'openai'])
 
@@ -167,8 +183,8 @@ describe('interactive provider/model prompts', () => {
 
     it('happy path: operator picks "enter custom..." then types openai/gpt-5.4-mini', async () => {
       const clack = await import('@clack/prompts')
-      const selectSpy = spyOn(clack, 'select').mockResolvedValue('__custom__' as any)
-      const textSpy = spyOn(clack, 'text').mockResolvedValue('openai/gpt-5.4-mini' as any)
+      const selectSpy = spyOn(clack, 'select').mockResolvedValue('__custom__')
+      const textSpy = spyOn(clack, 'text').mockResolvedValue('openai/gpt-5.4-mini')
 
       const result = await promptForModel(['anthropic', 'openai'])
 
@@ -181,21 +197,23 @@ describe('interactive provider/model prompts', () => {
 
     it('edge case: custom model entry fails regex then succeeds on second attempt', async () => {
       const clack = await import('@clack/prompts')
-      const selectSpy = spyOn(clack, 'select').mockResolvedValue('__custom__' as any)
+      const selectSpy = spyOn(clack, 'select').mockResolvedValue('__custom__')
       let textCallCount = 0
-      const textSpy = spyOn(clack, 'text').mockImplementation(async (_opts: any) => {
-        textCallCount++
-        // Simulate the validate function being called inline by the mock
-        // The real clack text prompt calls validate internally; here we just
-        // return the value and let the helper's validate logic re-prompt.
-        // Since we can't simulate clack's internal validate loop, we test
-        // that the helper's validate function rejects bad input.
-        if (textCallCount === 1) {
-          // Return a bad value — the helper should detect this and re-prompt
-          return 'bad-model' as any
-        }
-        return 'openai/gpt-5.4-mini' as any
-      })
+      const textSpy = spyOn(clack, 'text').mockImplementation(
+        asTextImpl(async () => {
+          textCallCount++
+          // Simulate the validate function being called inline by the mock
+          // The real clack text prompt calls validate internally; here we just
+          // return the value and let the helper's validate logic re-prompt.
+          // Since we can't simulate clack's internal validate loop, we test
+          // that the helper's validate function rejects bad input.
+          if (textCallCount === 1) {
+            // Return a bad value — the helper should detect this and re-prompt
+            return 'bad-model'
+          }
+          return 'openai/gpt-5.4-mini'
+        }),
+      )
 
       const result = await promptForModel(['anthropic', 'openai'])
 
@@ -209,12 +227,12 @@ describe('interactive provider/model prompts', () => {
     it('edge case: cancel during model select causes process.exit(0)', async () => {
       const clack = await import('@clack/prompts')
       const cancelSymbol = Symbol('cancel')
-      const selectSpy = spyOn(clack, 'select').mockResolvedValue(cancelSymbol as any)
+      const selectSpy = spyOn(clack, 'select').mockResolvedValue(cancelSymbol)
       const isCancelSpy = spyOn(clack, 'isCancel').mockImplementation(v => v === cancelSymbol)
       const cancelSpy = spyOn(clack, 'cancel').mockImplementation(() => {})
-      const exitSpy = spyOn(process, 'exit').mockImplementation((() => {
+      const exitSpy = spyOn(process, 'exit').mockImplementation((_code?: number): never => {
         throw new Error('process.exit called')
-      }) as any)
+      })
 
       await expect(promptForModel(['anthropic', 'openai'])).rejects.toThrow('process.exit called')
 
@@ -225,4 +243,3 @@ describe('interactive provider/model prompts', () => {
     })
   })
 })
-/* eslint-enable @typescript-eslint/no-explicit-any */

package/src/commands/cliproxy/setup/smoke-test.test.ts

@@ -640,4 +640,182 @@ describe('smoke test runner', () => {
     expect(result.kind).toBe('pass')
     expect(result.runUrl).toBe('https://github.com/owner/test-repo/actions/runs/105')
   })
+
+  // ── Zod schema validation hardening ──────────────────────────────────────
+
+  it('poll JSON validation — non-array response degrades to unverified without throwing', async () => {
+    const triggerTime = new Date('2026-05-25T10:00:00Z')
+
+    let callIndex = 0
+    spawnSpy = spyOn(Bun, 'spawn').mockImplementation((..._args: unknown[]) => {
+      callIndex++
+      if (callIndex === 1) {
+        // baseline: valid empty list
+        return makeSmokeChild('[]', '', 0)
+      }
+      if (callIndex === 2) {
+        // trigger succeeds
+        return makeSmokeChild('', '', 0)
+      }
+      // poll returns a non-array object instead of an array — schema rejects it
+      return makeSmokeChild('{"error":"unexpected"}', '', 0)
+    })
+
+    const result = await runSmokeTest(REPO, MODEL, {_testDelayMs: 0, _testTriggerTime: triggerTime})
+
+    // Schema validation fails → pollRuns stays [] → no candidates → all polls exhaust → unverified
+    expect(result.kind).toBe('unverified')
+  })
+
+  it('poll JSON validation — missing required databaseId field degrades gracefully', async () => {
+    const triggerTime = new Date('2026-05-25T10:00:00Z')
+
+    let callIndex = 0
+    spawnSpy = spyOn(Bun, 'spawn').mockImplementation((..._args: unknown[]) => {
+      callIndex++
+      if (callIndex === 1) {
+        return makeSmokeChild('[]', '', 0)
+      }
+      if (callIndex === 2) {
+        return makeSmokeChild('', '', 0)
+      }
+      // poll returns array entries missing databaseId — schema rejects it
+      return makeSmokeChild(
+        '[{"status":"completed","conclusion":"success","url":"https://x","createdAt":"2026-05-25T10:00:05Z"}]',
+        '',
+        0,
+      )
+    })
+
+    const result = await runSmokeTest(REPO, MODEL, {_testDelayMs: 0, _testTriggerTime: triggerTime})
+
+    expect(result.kind).toBe('unverified')
+  })
+
+  it('poll JSON validation — wrong type for databaseId (string instead of number) degrades gracefully', async () => {
+    const triggerTime = new Date('2026-05-25T10:00:00Z')
+
+    let callIndex = 0
+    spawnSpy = spyOn(Bun, 'spawn').mockImplementation((..._args: unknown[]) => {
+      callIndex++
+      if (callIndex === 1) {
+        return makeSmokeChild('[]', '', 0)
+      }
+      if (callIndex === 2) {
+        return makeSmokeChild('', '', 0)
+      }
+      // databaseId is a string, not a number — schema rejects it
+      return makeSmokeChild(
+        '[{"databaseId":"not-a-number","status":"completed","conclusion":"success","url":"https://x","createdAt":"2026-05-25T10:00:05Z"}]',
+        '',
+        0,
+      )
+    })
+
+    const result = await runSmokeTest(REPO, MODEL, {_testDelayMs: 0, _testTriggerTime: triggerTime})
+
+    expect(result.kind).toBe('unverified')
+  })
+
+  it('poll JSON validation — one malformed entry does not discard a valid matching run', async () => {
+    const triggerTime = new Date('2026-05-25T10:00:00Z')
+    const createdAt = new Date(triggerTime.getTime() + 5000).toISOString()
+
+    let callIndex = 0
+    spawnSpy = spyOn(Bun, 'spawn').mockImplementation((..._args: unknown[]) => {
+      callIndex++
+      if (callIndex === 1) {
+        // baseline: valid empty list → createdAt heuristic
+        return makeSmokeChild('[]', '', 0)
+      }
+      if (callIndex === 2) {
+        // trigger succeeds
+        return makeSmokeChild('', '', 0)
+      }
+      if (callIndex === 3) {
+        // poll: one malformed entry (databaseId is a string) PLUS one valid matching
+        // completed-success run. Per-entry validation must drop only the bad row and
+        // keep the good one — whole-batch rejection would lose our run.
+        return makeSmokeChild(
+          `[{"databaseId":"bad","status":"completed","conclusion":"success","url":"https://x","createdAt":"${
+            createdAt
+          }"},{"databaseId":105,"status":"completed","conclusion":"success","url":"${RUN_URL}","createdAt":"${
+            createdAt
+          }"}]`,
+          '',
+          0,
+        )
+      }
+      // log view for the matched run → contains "ack"
+      return makeSmokeChild('some log output with ack in it', '', 0)
+    })
+
+    const result = await runSmokeTest(REPO, MODEL, {_testDelayMs: 0, _testTriggerTime: triggerTime})
+
+    // The valid entry survives per-entry validation and is matched → pass.
+    expect(result.kind).toBe('pass')
+    expect(result.runUrl).toBe(RUN_URL)
+  })
+
+  it('baseline JSON validation — non-array baseline falls back to createdAt heuristic', async () => {
+    const triggerTime = new Date('2026-05-25T10:00:00Z')
+    const createdAt = new Date(triggerTime.getTime() + 5000).toISOString()
+
+    let callIndex = 0
+    spawnSpy = spyOn(Bun, 'spawn').mockImplementation((..._args: unknown[]) => {
+      callIndex++
+      if (callIndex === 1) {
+        // baseline returns a non-array object — schema rejects it, baselineId stays null
+        return makeSmokeChild('{"databaseId":100}', '', 0)
+      }
+      if (callIndex === 2) {
+        return makeSmokeChild('', '', 0)
+      }
+      if (callIndex === 3) {
+        return makeSmokeChild(
+          makeSmokeRunList([{databaseId: 1, status: 'completed', conclusion: 'success', url: RUN_URL, createdAt}]),
+          '',
+          0,
+        )
+      }
+      return makeSmokeChild('ack', '', 0)
+    })
+
+    const result = await runSmokeTest(REPO, MODEL, {_testDelayMs: 0, _testTriggerTime: triggerTime})
+
+    // Schema rejects non-array → baselineId stays null → createdAt heuristic → run found → pass
+    expect(result.kind).toBe('pass')
+    expect(result.runUrl).toBe(RUN_URL)
+  })
+
+  it('baseline JSON validation — missing databaseId in baseline entry falls back to createdAt heuristic', async () => {
+    const triggerTime = new Date('2026-05-25T10:00:00Z')
+    const createdAt = new Date(triggerTime.getTime() + 5000).toISOString()
+
+    let callIndex = 0
+    spawnSpy = spyOn(Bun, 'spawn').mockImplementation((..._args: unknown[]) => {
+      callIndex++
+      if (callIndex === 1) {
+        // baseline entry missing databaseId — schema rejects it, baselineId stays null
+        return makeSmokeChild('[{"id":100}]', '', 0)
+      }
+      if (callIndex === 2) {
+        return makeSmokeChild('', '', 0)
+      }
+      if (callIndex === 3) {
+        return makeSmokeChild(
+          makeSmokeRunList([{databaseId: 1, status: 'completed', conclusion: 'success', url: RUN_URL, createdAt}]),
+          '',
+          0,
+        )
+      }
+      return makeSmokeChild('ack', '', 0)
+    })
+
+    const result = await runSmokeTest(REPO, MODEL, {_testDelayMs: 0, _testTriggerTime: triggerTime})
+
+    // Schema rejects missing databaseId → baselineId stays null → createdAt heuristic → run found → pass
+    expect(result.kind).toBe('pass')
+    expect(result.runUrl).toBe(RUN_URL)
+  })
 })

package/src/commands/cliproxy/setup/smoke-test.ts

@@ -1,18 +1,25 @@
 /// <reference types="bun" />
 
+import {z} from 'zod'
+
 export type SmokeResult =
   | {kind: 'pass'; message: string; runUrl: string}
   | {kind: 'fail'; message: string; runUrl: string}
   | {kind: 'unverified'; message: string; runUrl?: string}
 
+// Zod schemas for gh CLI JSON output — single source of truth.
+const baselineRunSchema = z.array(z.object({databaseId: z.number()}))
+
+const ghRunEntrySchema = z.object({
+  databaseId: z.number(),
+  status: z.string(),
+  conclusion: z.string().nullable(),
+  url: z.string(),
+  createdAt: z.string(),
+})
+
 // Exported for tests only.
-export interface GhRunEntry {
-  databaseId: number
-  status: string
-  conclusion: string | null
-  url: string
-  createdAt: string
-}
+export type GhRunEntry = z.infer<typeof ghRunEntrySchema>
 
 // Exported for tests only. Override poll delays and trigger time.
 export interface SmokeTestInternals {
@@ -66,10 +73,11 @@ export async function runSmokeTest(
       baselineChild.exited,
     ])
     if (baselineExit === 0) {
-      const parsed = JSON.parse(baselineStdout) as {databaseId: number}[]
-      if (parsed.length > 0 && parsed[0]) {
-        baselineId = parsed[0].databaseId
+      const parseResult = baselineRunSchema.safeParse(JSON.parse(baselineStdout))
+      if (parseResult.success && parseResult.data.length > 0 && parseResult.data[0]) {
+        baselineId = parseResult.data[0].databaseId
       }
+      // If schema validation fails, baselineId stays null — we'll use createdAt heuristic
     }
     // If baseline call fails, baselineId stays null — we'll use createdAt heuristic
   } catch {
@@ -123,7 +131,17 @@ export async function runSmokeTest(
         pollChild.exited,
       ])
       if (pollExit === 0) {
-        pollRuns = JSON.parse(pollStdout) as GhRunEntry[]
+        const rawParsed: unknown = JSON.parse(pollStdout)
+        if (Array.isArray(rawParsed)) {
+          // Validate each entry independently so a single malformed row does not
+          // discard the whole batch — dropping a legitimate matching run would be
+          // worse than skipping the bad entry.
+          pollRuns = rawParsed.flatMap(entry => {
+            const entryResult = ghRunEntrySchema.safeParse(entry)
+            return entryResult.success ? [entryResult.data] : []
+          })
+        }
+        // Non-array payload or all entries malformed → pollRuns stays [] — retry on next poll
       }
     } catch {
       // Parse/network error — retry on next poll