@marcusrbrown/infra 0.8.1 → 0.9.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@marcusrbrown/infra",
-  "version": "0.8.1",
+  "version": "0.9.1",
   "description": "Infrastructure management CLI — deploy automation, health checks, and MCP bridge",
   "keywords": [
     "infra",

package/src/__snapshots__/cli.test.ts.snap

@@ -125,9 +125,27 @@ Commands:
     --include-ca                       Restore the mitmproxy CA certificate and private key. Currently the only supported restore target. (default: true)
 
 
+  umami status                         Show operational health of the Umami analytics deployment via docker compose ps.
+
+    --key [key]                        Environment variable name holding the SSH host. Falls back to UMAMI_DOMAIN when omitted.
+
+
+  umami deploy                         Deploy Umami analytics. Default mode triggers the GitHub Deploy Umami workflow, while --local runs apps/umami deploy directly with Bun.
+
+    --local                            Run local deployment with Bun using apps/umami instead of triggering GitHub Actions. (default: false)
+    --dry-run                          Validate deploy prerequisites and print planned actions without executing local deploy or dispatching workflow. (default: false)
+
+
+  umami logs [service]                 Stream logs from an Umami service via SSH and docker compose.
+
+    --tail [n]                         Number of log lines to tail from each service. (default: 100)
+    --allow-ci                         Allow log streaming in CI environments. Logs may contain sensitive credentials. (default: false)
+    --key [key]                        Environment variable name holding the SSH host. Falls back to UMAMI_DOMAIN when omitted.
+
+
   status                               Show status of all deployments
 
-    --json                             Output machine-readable JSON with keeweb, cliproxy, and gateway summary objects.
+    --json                             Output machine-readable JSON with keeweb, cliproxy, gateway, and umami summary objects.
     --verbose                          Include verbose per-app health check details when building the summary rows.
 
 

package/src/cli.ts

@@ -7,6 +7,7 @@ import {registerGatewayCommands} from './commands/gateway'
 import {registerKeewebCommands} from './commands/keeweb'
 import {registerMcp} from './commands/mcp'
 import {registerStatus} from './commands/status'
+import {registerUmamiCommands} from './commands/umami'
 
 declare const process: {
   argv: string[]
@@ -20,6 +21,7 @@ cli.option('--verbose', 'Enable verbose output for all commands')
 registerKeewebCommands(cli)
 registerCliproxyCommands(cli)
 registerGatewayCommands(cli)
+registerUmamiCommands(cli)
 registerStatus(cli)
 registerMcp(cli)
 

package/src/commands/cliproxy/setup/validation.test.ts

@@ -251,6 +251,73 @@ describe('verifyModelsAvailable', () => {
     await expect(verifyModelsAvailable(BASE_URL, KEY, ['openai'], 'openai/gpt-5.4-mini')).resolves.toBeUndefined()
   })
 
+  it('regression: entries WITH owned_by openai still parse and are detected as OpenAI', async () => {
+    const fixture = {
+      data: [
+        {id: 'claude-sonnet-4-6', owned_by: 'anthropic'},
+        {id: 'gpt-5.4-mini', owned_by: 'openai'},
+      ],
+      object: 'list',
+    }
+    globalThis.fetch = mock(async () => new Response(JSON.stringify(fixture))) as unknown as typeof fetch
+
+    await expect(verifyModelsAvailable(BASE_URL, KEY, ['openai'], 'openai/gpt-5.4-mini')).resolves.toBeUndefined()
+  })
+
+  it('v7 compatibility: entries omitting owned_by parse without error and OpenAI is detected via id prefix', async () => {
+    // CLIProxyAPI v7 may return entries without owned_by — these must not fail Zod parse,
+    // and an entry like {id: 'openai/gpt-5.4-mini'} should be detected as an OpenAI model.
+    const v7Fixture = {
+      data: [
+        {id: 'openai/gpt-5.4-mini', object: 'model'},
+        {id: 'anthropic/claude-sonnet-4-6', object: 'model'},
+      ],
+      object: 'list',
+    }
+    globalThis.fetch = mock(async () => new Response(JSON.stringify(v7Fixture))) as unknown as typeof fetch
+
+    // Requesting a model that doesn't exist so we can observe which check throws.
+    // The error must be "not found on proxy" — not a Zod parse error or "No OpenAI models on proxy".
+    await expect(verifyModelsAvailable(BASE_URL, KEY, ['openai'], 'openai/nonexistent-model')).rejects.toThrow(
+      'not found on proxy',
+    )
+  })
+
+  it('v7 compatibility: mixed entries (some with owned_by, some without) resolve correctly', async () => {
+    const mixedFixture = {
+      data: [
+        {id: 'claude-sonnet-4-6', owned_by: 'anthropic'},
+        // v7-style OpenAI entry — no owned_by, id has openai/ prefix
+        {id: 'openai/gpt-5.4-mini', object: 'model'},
+      ],
+      object: 'list',
+    }
+    globalThis.fetch = mock(async () => new Response(JSON.stringify(mixedFixture))) as unknown as typeof fetch
+
+    // Should detect OpenAI via id inference and pass the OpenAI presence check.
+    // The error must be "not found on proxy" — not a Zod parse error or "No OpenAI models on proxy".
+    await expect(
+      verifyModelsAvailable(BASE_URL, KEY, ['anthropic', 'openai'], 'openai/nonexistent-model'),
+    ).rejects.toThrow('not found on proxy')
+  })
+
+  it('v7 compatibility: entry with unrecognizable id and no owned_by does not crash (falls through as non-OpenAI)', async () => {
+    const unknownIdFixture = {
+      data: [
+        // No owned_by, id doesn't map to any known provider
+        {id: 'some-unknown-model', object: 'model'},
+        // A real OpenAI entry with owned_by — detection should succeed via this entry
+        {id: 'gpt-5.4-mini', owned_by: 'openai'},
+      ],
+      object: 'list',
+    }
+    globalThis.fetch = mock(async () => new Response(JSON.stringify(unknownIdFixture))) as unknown as typeof fetch
+
+    // Should still pass — openai is detected via owned_by on the second entry,
+    // and the unknown entry does not cause a crash.
+    await expect(verifyModelsAvailable(BASE_URL, KEY, ['openai'], 'openai/gpt-5.4-mini')).resolves.toBeUndefined()
+  })
+
   it('error path: dual providers, no owned_by=openai entries — throws no-openai-models message', async () => {
     const anthropicOnlyData = {
       data: [
@@ -337,6 +404,94 @@ describe('validateSetupOptions — providers/model validation', () => {
   })
 })
 
+// ── FIX 1: owned_by:'' falls back to id inference ────────────────────────────
+
+describe('verifyModelsAvailable — owned_by empty string falls back to id inference', () => {
+  let originalFetch: typeof globalThis.fetch
+  afterEach(() => {
+    globalThis.fetch = originalFetch
+  })
+  originalFetch = globalThis.fetch
+
+  it('entry with owned_by:"" and id "openai/gpt-5.4-mini" is detected as OpenAI (does not throw no-openai-models)', async () => {
+    const fixture = {
+      data: [{id: 'openai/gpt-5.4-mini', owned_by: ''}],
+    }
+    globalThis.fetch = mock(async () => new Response(JSON.stringify(fixture))) as unknown as typeof fetch
+
+    // Must resolve — empty owned_by should fall back to id prefix inference
+    await expect(
+      verifyModelsAvailable('https://cliproxy.fro.bot', 'sk-test-key', ['openai'], 'openai/gpt-5.4-mini'),
+    ).resolves.toBeUndefined()
+  })
+})
+
+// ── FIX 2: v7-prefixed model presence ────────────────────────────────────────
+
+describe('verifyModelsAvailable — v7-prefixed model id matched without owned_by', () => {
+  let originalFetch: typeof globalThis.fetch
+  afterEach(() => {
+    globalThis.fetch = originalFetch
+  })
+  originalFetch = globalThis.fetch
+
+  it('entry with id "openai/gpt-5.4-mini" (no owned_by) resolves when requesting "openai/gpt-5.4-mini"', async () => {
+    const fixture = {
+      data: [{id: 'openai/gpt-5.4-mini'}],
+    }
+    globalThis.fetch = mock(async () => new Response(JSON.stringify(fixture))) as unknown as typeof fetch
+
+    await expect(
+      verifyModelsAvailable('https://cliproxy.fro.bot', 'sk-test-key', ['openai'], 'openai/gpt-5.4-mini'),
+    ).resolves.toBeUndefined()
+  })
+
+  it('model not found error lists requested model and available openai id but not anthropic ids', async () => {
+    const fixture = {
+      data: [{id: 'openai/gpt-5.4-mini'}, {id: 'anthropic/claude-sonnet-4-6'}],
+    }
+    globalThis.fetch = mock(async () => new Response(JSON.stringify(fixture))) as unknown as typeof fetch
+
+    let errorMessage = ''
+    try {
+      await verifyModelsAvailable('https://cliproxy.fro.bot', 'sk-test-key', ['openai'], 'openai/nonexistent')
+    } catch (error) {
+      errorMessage = error instanceof Error ? error.message : String(error)
+    }
+
+    expect(errorMessage).toContain('nonexistent')
+    expect(errorMessage).toContain('openai/gpt-5.4-mini')
+    expect(errorMessage).not.toContain('anthropic')
+    expect(errorMessage).not.toContain('claude')
+  })
+})
+
+// ── FIX 3: exact key redacted in /v1/models error body ───────────────────────
+
+describe('verifyModelsAvailable — exact key redacted in error body', () => {
+  let originalFetch: typeof globalThis.fetch
+  afterEach(() => {
+    globalThis.fetch = originalFetch
+  })
+  originalFetch = globalThis.fetch
+
+  it('500 response body containing the raw key does not expose the key in thrown message', async () => {
+    const rawKey = 'my-plain-key-no-bearer-prefix'
+    const body = `Internal error: key=${rawKey} was invalid`
+    globalThis.fetch = mock(async () => new Response(body, {status: 500})) as unknown as typeof fetch
+
+    let errorMessage = ''
+    try {
+      await verifyModelsAvailable('https://cliproxy.fro.bot', rawKey, ['openai'], 'openai/gpt-5.4-mini')
+    } catch (error) {
+      errorMessage = error instanceof Error ? error.message : String(error)
+    }
+
+    expect(errorMessage).toContain('500')
+    expect(errorMessage).not.toContain(rawKey)
+  })
+})
+
 // ── assertProxyReachable (new TDD tests) ──────────────────────────────────────
 
 describe('assertProxyReachable', () => {
@@ -366,6 +521,19 @@ describe('assertProxyReachable', () => {
 
     await expect(assertProxyReachable('https://bad.example')).rejects.toThrow(/Proxy check failed/)
   })
+
+  it('probes /healthz: resolves when /healthz returns 200 and bare base returns 404', async () => {
+    const BASE = 'https://proxy.example'
+    let fetchedUrl: string | undefined
+    globalThis.fetch = mock(async (url: string) => {
+      fetchedUrl = url
+      if (url === `${BASE}/healthz`) return new Response('{"status":"ok"}', {status: 200})
+      return new Response('Not Found', {status: 404})
+    }) as unknown as typeof fetch
+
+    await expect(assertProxyReachable(BASE)).resolves.toBeUndefined()
+    expect(fetchedUrl).toBe(`${BASE}/healthz`)
+  })
 })
 
 // ── assertProxyKeyWorks (new TDD tests) ───────────────────────────────────────

package/src/commands/cliproxy/setup/validation.ts

@@ -4,11 +4,12 @@ import {z} from 'zod'
 
 import {parseProviders, type ProviderId} from './providers'
 
-// Permissive schema: unknown fields preserved via passthrough()
+// Permissive schema: unknown fields preserved via passthrough().
+// owned_by is optional — CLIProxyAPI v7 may omit it; provider is inferred from id instead.
 const modelEntrySchema = z
   .object({
     id: z.string(),
-    owned_by: z.string(),
+    owned_by: z.string().optional(),
   })
   .passthrough()
 
@@ -22,6 +23,32 @@ export const MODEL_ID_RE = /^(?:anthropic|openai)\/[a-z\d](?:[a-z\d.\-]*[a-z\d])
 
 const HTTP_TIMEOUT_MS = 10_000
 
+type ModelEntry = z.infer<typeof modelEntrySchema>
+
+// Known bare-id patterns per provider, used only when owned_by is absent
+// (e.g. CLIProxyAPI v7 omits owned_by from /v1/models entries).
+const PROVIDER_ID_PATTERNS: Record<string, RegExp> = {
+  openai: /^(?:gpt-|o1-|o3-|codex)/i,
+  anthropic: /^claude-/i,
+}
+
+/**
+ * Decides whether a /v1/models entry belongs to a provider.
+ * Prefers owned_by when present; falls back to id prefix / known bare-id
+ * patterns when absent. Display/validation-only — never an auth or trust signal.
+ */
+function entryMatchesProvider(entry: ModelEntry, provider: string): boolean {
+  if (entry.owned_by !== undefined && entry.owned_by.trim() !== '') {
+    return entry.owned_by === provider
+  }
+  const id = entry.id ?? ''
+  if (id.startsWith(`${provider}/`)) {
+    return true
+  }
+  const pattern = PROVIDER_ID_PATTERNS[provider]
+  return pattern === undefined ? false : pattern.test(id)
+}
+
 /** Local copy — avoids a circular import with setup.ts (validation → setup → validation). */
 function extractErrorMessage(error: unknown): string {
   return error instanceof Error ? error.message : String(error)
@@ -97,8 +124,8 @@ export async function verifyModelsAvailable(
 
   if (!response.ok) {
     const rawBody = await response.text()
-    // Redact any Authorization headers or sk-* token-shaped strings that the server might echo
-    const redacted = rawBody
+    // Redact the literal key value, Authorization headers, and sk-* shaped tokens
+    const redacted = (key.length > 0 ? rawBody.replaceAll(key, '<redacted>') : rawBody)
       .replaceAll(/Bearer\s+[^\s"]+/g, 'Bearer <redacted>')
       .replaceAll(/sk-[\w.-]{8,}/g, 'sk-<redacted>')
     const excerpt = redacted.slice(0, 200)
@@ -120,9 +147,9 @@ export async function verifyModelsAvailable(
 
   const entries = parsed.data
 
-  // OpenAI presence check
+  // OpenAI presence check.
   if (providers.includes('openai')) {
-    const hasOpenAi = entries.some(e => e.owned_by === 'openai')
+    const hasOpenAi = entries.some(e => entryMatchesProvider(e, 'openai'))
     if (!hasOpenAi) {
       throw new Error('No OpenAI models on proxy — is the Codex token loaded? Try `cliproxy login codex`.')
     }
@@ -133,11 +160,11 @@ export async function verifyModelsAvailable(
   const bareId = slashIndex === -1 ? model : model.slice(slashIndex + 1)
   const providerPrefix = slashIndex >= 0 ? model.slice(0, slashIndex) : undefined
 
-  const modelPresent = entries.some(e => e.id === bareId)
+  const modelPresent = entries.some(e => e.id === bareId || e.id === model)
   if (!modelPresent) {
     // List available ids for the matching provider only
     const matchingIds = providerPrefix
-      ? entries.filter(e => e.owned_by === providerPrefix).map(e => e.id)
+      ? entries.filter(e => entryMatchesProvider(e, providerPrefix)).map(e => e.id)
       : entries.map(e => e.id)
     const available = matchingIds.length > 0 ? matchingIds.join(', ') : '(none)'
     throw new Error(`Model "${bareId}" not found on proxy. Available ${providerPrefix ?? 'models'}: ${available}`)
@@ -146,7 +173,7 @@ export async function verifyModelsAvailable(
 
 export async function assertProxyReachable(baseUrl: string): Promise<void> {
   try {
-    const response = await fetch(baseUrl, {
+    const response = await fetch(`${baseUrl}/healthz`, {
       signal: AbortSignal.timeout(HTTP_TIMEOUT_MS),
     })