@marcusrbrown/infra 0.8.1 → 0.9.0

package/src/commands/umami/index.ts

@@ -0,0 +1,13 @@
+import type {goke} from 'goke'
+
+import {registerUmamiDeploy} from './deploy'
+import {registerUmamiLogs} from './logs'
+import {registerUmamiStatus} from './status'
+
+export {getUmamiStatusSummary} from './status'
+
+export function registerUmamiCommands(cli: ReturnType<typeof goke>): void {
+  registerUmamiStatus(cli)
+  registerUmamiDeploy(cli)
+  registerUmamiLogs(cli)
+}

package/src/commands/umami/logs.test.ts

@@ -0,0 +1,154 @@
+import {afterEach, beforeEach, describe, expect, it} from 'bun:test'
+
+import {streamUmamiLogs, type LogsSpawnFn, type StreamLogsOpts} from './logs'
+
+// ─── streamUmamiLogs ─────────────────────────────────────────────────────────
+
+function makeLogsSpawn(exitCode = 0): LogsSpawnFn {
+  return (_cmd, _opts) => ({exited: Promise.resolve(exitCode)})
+}
+
+describe('logs command', () => {
+  let originalCI: string | undefined
+  let originalUmamiDomain: string | undefined
+
+  beforeEach(() => {
+    originalCI = process.env.CI
+    originalUmamiDomain = process.env.UMAMI_DOMAIN
+  })
+
+  afterEach(() => {
+    if (originalCI === undefined) {
+      delete process.env.CI
+    } else {
+      process.env.CI = originalCI
+    }
+
+    if (originalUmamiDomain === undefined) {
+      delete process.env.UMAMI_DOMAIN
+    } else {
+      process.env.UMAMI_DOMAIN = originalUmamiDomain
+    }
+  })
+
+  it('refuses to stream logs in CI without --allow-ci', async () => {
+    process.env.CI = 'true'
+
+    const opts: StreamLogsOpts = {
+      host: 'metrics.fro.bot',
+      service: 'umami',
+      tail: 100,
+      allowCi: false,
+    }
+
+    const messages: string[] = []
+    const result = await streamUmamiLogs(opts, makeLogsSpawn(), msg => messages.push(msg))
+
+    expect(result.refused).toBe(true)
+    expect(messages.join('')).toContain('Refusing to stream logs in CI')
+  })
+
+  it('proceeds in CI when --allow-ci is set', async () => {
+    process.env.CI = 'true'
+
+    const opts: StreamLogsOpts = {
+      host: 'metrics.fro.bot',
+      service: 'umami',
+      tail: 100,
+      allowCi: true,
+    }
+
+    const warnings: string[] = []
+    const result = await streamUmamiLogs(opts, makeLogsSpawn(), undefined, msg => warnings.push(msg))
+
+    expect(result.refused).toBe(false)
+    expect(result.exitCode).toBe(0)
+  })
+
+  it('always emits a sensitive-data warning to stderr', async () => {
+    delete process.env.CI
+
+    const opts: StreamLogsOpts = {
+      host: 'metrics.fro.bot',
+      service: 'umami',
+      tail: 100,
+      allowCi: false,
+    }
+
+    const warnings: string[] = []
+    await streamUmamiLogs(opts, makeLogsSpawn(), undefined, msg => warnings.push(msg))
+
+    expect(warnings.join('')).toContain('sensitive')
+  })
+
+  it('rejects invalid host before spawning SSH', async () => {
+    delete process.env.CI
+
+    const opts: StreamLogsOpts = {
+      host: '-oProxyCommand=evil',
+      service: 'umami',
+      tail: 100,
+      allowCi: false,
+    }
+
+    let spawnCalled = false
+    const spy: LogsSpawnFn = (_cmd, _opts) => {
+      spawnCalled = true
+      return {exited: Promise.resolve(0)}
+    }
+
+    await expect(streamUmamiLogs(opts, spy)).rejects.toThrow('Invalid UMAMI_DOMAIN')
+    expect(spawnCalled).toBe(false)
+  })
+
+  it('returns exitCode from the SSH subprocess', async () => {
+    delete process.env.CI
+
+    const opts: StreamLogsOpts = {
+      host: 'metrics.fro.bot',
+      service: 'umami',
+      tail: 50,
+      allowCi: false,
+    }
+
+    const result = await streamUmamiLogs(opts, makeLogsSpawn(42))
+
+    expect(result.refused).toBe(false)
+    expect(result.exitCode).toBe(42)
+  })
+
+  it('accepts caddy as a valid service', async () => {
+    delete process.env.CI
+
+    const opts: StreamLogsOpts = {
+      host: 'metrics.fro.bot',
+      service: 'caddy',
+      tail: 100,
+      allowCi: false,
+    }
+
+    const result = await streamUmamiLogs(opts, makeLogsSpawn(0))
+    expect(result.refused).toBe(false)
+    expect(result.exitCode).toBe(0)
+  })
+
+  it('rejects an unknown service when called directly (bypassing the CLI action)', async () => {
+    delete process.env.CI
+
+    const opts: StreamLogsOpts = {
+      host: 'metrics.fro.bot',
+      service: 'notaservice',
+      tail: 100,
+      allowCi: false,
+    }
+
+    let spawnCalled = false
+    const spy: LogsSpawnFn = (_cmd, _opts) => {
+      spawnCalled = true
+      return {exited: Promise.resolve(0)}
+    }
+
+    await expect(streamUmamiLogs(opts, spy)).rejects.toThrow(/Invalid service/)
+    expect(spawnCalled).toBe(false)
+  })
+})

package/src/commands/umami/logs.ts

@@ -0,0 +1,161 @@
+import type {goke} from 'goke'
+
+import {z} from 'zod'
+
+import {validateUmamiHost} from './host'
+
+declare const process: {
+  env: Record<string, string | undefined>
+  exitCode?: number
+  stderr: {write: (msg: string) => void}
+}
+
+const COMPOSE_PROJECT_DIR = '/opt/umami'
+const SENSITIVE_WARNING =
+  'Warning: Logs may contain database passwords, app secrets, or user data. Treat output as sensitive; do not capture in shared logs or chat.'
+
+export const VALID_SERVICES = ['umami', 'db', 'caddy'] as const
+
+export type ValidService = (typeof VALID_SERVICES)[number]
+
+// ─── Pure helpers ─────────────────────────────────────────────────────────────
+
+export function validateService(service: string): asserts service is ValidService {
+  if (!VALID_SERVICES.includes(service as ValidService)) {
+    throw new Error(`Invalid service "${service}". Valid services: ${VALID_SERVICES.join(', ')}`)
+  }
+}
+
+// ─── Injectable spawn type ────────────────────────────────────────────────────
+
+export type LogsSpawnFn = (
+  cmd: string[],
+  opts: {env: Record<string, string>; stdout: 'inherit'; stderr: 'inherit'},
+) => {
+  exited: Promise<number>
+}
+
+export interface StreamLogsOpts {
+  host: string
+  service: string
+  tail: number
+  allowCi: boolean
+}
+
+export interface StreamLogsResult {
+  refused: boolean
+  exitCode?: number
+}
+
+function defaultLogsSpawn(
+  cmd: string[],
+  opts: {env: Record<string, string>; stdout: 'inherit'; stderr: 'inherit'},
+): {exited: Promise<number>} {
+  return Bun.spawn(cmd, opts)
+}
+
+export async function streamUmamiLogs(
+  opts: StreamLogsOpts,
+  spawn: LogsSpawnFn = defaultLogsSpawn,
+  printOut?: (msg: string) => void,
+  printErr?: (msg: string) => void,
+): Promise<StreamLogsResult> {
+  // Validate service at the top so direct callers cannot bypass the guard.
+  validateService(opts.service)
+
+  const isCI = process.env.CI === 'true'
+
+  if (isCI && !opts.allowCi) {
+    const msg = 'Refusing to stream logs in CI without --allow-ci. Logs may contain sensitive credentials or user data.'
+    if (printOut) {
+      printOut(msg)
+    } else {
+      console.log(msg)
+    }
+
+    return {refused: true}
+  }
+
+  // Warn on every run — logs are sensitive regardless of context
+  if (printErr) {
+    printErr(SENSITIVE_WARNING)
+  } else {
+    console.error(SENSITIVE_WARNING)
+  }
+
+  validateUmamiHost(opts.host)
+
+  const sshCmd = [
+    'ssh',
+    '-o',
+    'BatchMode=yes',
+    '-o',
+    'StrictHostKeyChecking=yes',
+    `root@${opts.host}`,
+    `docker compose --project-directory ${COMPOSE_PROJECT_DIR} logs --no-color --tail=${opts.tail} ${opts.service}`,
+  ]
+
+  const env: Record<string, string> = {
+    PATH: process.env.PATH ?? '/usr/bin:/bin',
+    HOME: process.env.HOME ?? '/tmp',
+    ...(process.env.SSH_AUTH_SOCK ? {SSH_AUTH_SOCK: process.env.SSH_AUTH_SOCK} : {}),
+  }
+
+  const child = spawn(sshCmd, {env, stdout: 'inherit', stderr: 'inherit'})
+  const exitCode = await child.exited
+
+  return {refused: false, exitCode}
+}
+
+// ─── Command registration ─────────────────────────────────────────────────────
+
+export function registerUmamiLogs(cli: ReturnType<typeof goke>): void {
+  cli
+    .command('umami logs [service]', 'Stream logs from an Umami service via SSH and docker compose.')
+    .option('--tail [n]', z.number().default(100).describe('Number of log lines to tail from each service.'))
+    .option(
+      '--allow-ci',
+      z
+        .boolean()
+        .default(false)
+        .describe('Allow log streaming in CI environments. Logs may contain sensitive credentials.'),
+    )
+    .option(
+      '--key [key]',
+      z.string().describe('Environment variable name holding the SSH host. Falls back to UMAMI_DOMAIN when omitted.'),
+    )
+    .action(async (service, options) => {
+      const targetService = (service as string | undefined) ?? 'umami'
+
+      try {
+        validateService(targetService)
+      } catch (error) {
+        console.error(error instanceof Error ? error.message : String(error))
+        process.exitCode = 1
+        return
+      }
+
+      const hostEnvKey = options.key ?? 'UMAMI_DOMAIN'
+      const host = process.env[hostEnvKey]
+
+      if (!host) {
+        console.error('Umami host not set. Export UMAMI_DOMAIN or pass --key <env-name> pointing to a set variable.')
+        process.exitCode = 1
+        return
+      }
+
+      const tail = typeof options.tail === 'number' ? options.tail : 100
+      const allowCi = options.allowCi === true
+
+      const result = await streamUmamiLogs({host, service: targetService, tail, allowCi})
+
+      if (result.refused) {
+        process.exitCode = 1
+        return
+      }
+
+      if (result.exitCode !== 0) {
+        process.exitCode = result.exitCode ?? 1
+      }
+    })
+}