npm - @matthesketh/fleet - Versions diffs - 1.2.0 → 1.7.0 - Mend

@matthesketh/fleet 1.2.0 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (218) hide show

package/README.md +183 -251
package/dist/adapters/detector/index.d.ts +8 -0
package/dist/adapters/detector/index.js +54 -0
package/dist/adapters/notifier/index.d.ts +2 -0
package/dist/adapters/notifier/index.js +2 -0
package/dist/adapters/notifier/stdout.d.ts +2 -0
package/dist/adapters/notifier/stdout.js +8 -0
package/dist/adapters/notifier/webhook.d.ts +9 -0
package/dist/adapters/notifier/webhook.js +38 -0
package/dist/adapters/runner/claude-cli.d.ts +7 -0
package/dist/adapters/runner/claude-cli.js +231 -0
package/dist/adapters/runner/mcp-call.d.ts +8 -0
package/dist/adapters/runner/mcp-call.js +82 -0
package/dist/adapters/runner/shell.d.ts +2 -0
package/dist/adapters/runner/shell.js +103 -0
package/dist/adapters/scheduler/systemd-timer.d.ts +17 -0
package/dist/adapters/scheduler/systemd-timer.js +149 -0
package/dist/adapters/signals/ci-status.d.ts +2 -0
package/dist/adapters/signals/ci-status.js +79 -0
package/dist/adapters/signals/container-up.d.ts +5 -0
package/dist/adapters/signals/container-up.js +54 -0
package/dist/adapters/signals/git-clean.d.ts +2 -0
package/dist/adapters/signals/git-clean.js +55 -0
package/dist/adapters/signals/index.d.ts +6 -0
package/dist/adapters/signals/index.js +7 -0
package/dist/adapters/types.d.ts +52 -0
package/dist/adapters/types.js +1 -0
package/dist/cli.js +46 -2
package/dist/commands/add.js +0 -6
package/dist/commands/boot-start.d.ts +1 -0
package/dist/commands/boot-start.js +51 -0
package/dist/commands/deploy.js +13 -0
package/dist/commands/deps.js +5 -0
package/dist/commands/egress.d.ts +1 -0
package/dist/commands/egress.js +106 -0
package/dist/commands/freeze.d.ts +4 -0
package/dist/commands/freeze.js +64 -0
package/dist/commands/guard.d.ts +1 -0
package/dist/commands/guard.js +144 -0
package/dist/commands/logs.d.ts +1 -1
package/dist/commands/logs.js +237 -8
package/dist/commands/patch-systemd.d.ts +1 -0
package/dist/commands/patch-systemd.js +126 -0
package/dist/commands/rollback.d.ts +1 -0
package/dist/commands/rollback.js +58 -0
package/dist/commands/routine-run.d.ts +1 -0
package/dist/commands/routine-run.js +122 -0
package/dist/commands/routines.d.ts +1 -0
package/dist/commands/routines.js +25 -0
package/dist/commands/secrets.js +449 -16
package/dist/commands/status.js +7 -3
package/dist/commands/watchdog.d.ts +1 -1
package/dist/commands/watchdog.js +16 -40
package/dist/core/boot-refresh.d.ts +57 -0
package/dist/core/boot-refresh.js +116 -0
package/dist/core/deps/actors/pr-creator.js +11 -9
package/dist/core/deps/collectors/docker-running.js +2 -2
package/dist/core/deps/collectors/github-pr.js +5 -2
package/dist/core/deps/collectors/npm.js +10 -5
package/dist/core/deps/collectors/vulnerability.js +10 -6
package/dist/core/deps/reporters/motd.js +1 -1
package/dist/core/deps/reporters/telegram.js +2 -29
package/dist/core/docker.js +45 -15
package/dist/core/egress.d.ts +41 -0
package/dist/core/egress.js +161 -0
package/dist/core/exec.d.ts +7 -1
package/dist/core/exec.js +25 -17
package/dist/core/git.d.ts +1 -0
package/dist/core/git.js +36 -23
package/dist/core/github.js +27 -8
package/dist/core/health.d.ts +3 -0
package/dist/core/health.js +15 -3
package/dist/core/logs-multi.d.ts +73 -0
package/dist/core/logs-multi.js +163 -0
package/dist/core/logs-policy.d.ts +55 -0
package/dist/core/logs-policy.js +148 -0
package/dist/core/nginx.js +8 -4
package/dist/core/notify.d.ts +15 -0
package/dist/core/notify.js +55 -0
package/dist/core/registry.d.ts +25 -0
package/dist/core/registry.js +57 -10
package/dist/core/routines/cost-queries.d.ts +24 -0
package/dist/core/routines/cost-queries.js +65 -0
package/dist/core/routines/db.d.ts +9 -0
package/dist/core/routines/db.js +126 -0
package/dist/core/routines/defaults.d.ts +2 -0
package/dist/core/routines/defaults.js +72 -0
package/dist/core/routines/engine.d.ts +59 -0
package/dist/core/routines/engine.js +175 -0
package/dist/core/routines/incidents.d.ts +13 -0
package/dist/core/routines/incidents.js +35 -0
package/dist/core/routines/schema.d.ts +418 -0
package/dist/core/routines/schema.js +113 -0
package/dist/core/routines/signals-collector.d.ts +35 -0
package/dist/core/routines/signals-collector.js +114 -0
package/dist/core/routines/store.d.ts +316 -0
package/dist/core/routines/store.js +99 -0
package/dist/core/routines/test-utils.d.ts +2 -0
package/dist/core/routines/test-utils.js +13 -0
package/dist/core/secrets-audit.d.ts +21 -0
package/dist/core/secrets-audit.js +60 -0
package/dist/core/secrets-metadata.d.ts +39 -0
package/dist/core/secrets-metadata.js +82 -0
package/dist/core/secrets-motd.d.ts +20 -0
package/dist/core/secrets-motd.js +72 -0
package/dist/core/secrets-ops.d.ts +3 -1
package/dist/core/secrets-ops.js +78 -13
package/dist/core/secrets-providers.d.ts +50 -0
package/dist/core/secrets-providers.js +291 -0
package/dist/core/secrets-rotation.d.ts +52 -0
package/dist/core/secrets-rotation.js +165 -0
package/dist/core/secrets-snapshots.d.ts +26 -0
package/dist/core/secrets-snapshots.js +95 -0
package/dist/core/secrets-validate.js +2 -1
package/dist/core/secrets.d.ts +12 -1
package/dist/core/secrets.js +35 -24
package/dist/core/self-update.d.ts +41 -0
package/dist/core/self-update.js +73 -0
package/dist/core/systemd.js +29 -12
package/dist/core/telegram.d.ts +6 -0
package/dist/core/telegram.js +32 -0
package/dist/core/validate.d.ts +7 -0
package/dist/core/validate.js +42 -0
package/dist/index.js +0 -4
package/dist/mcp/deps-tools.js +9 -1
package/dist/mcp/git-tools.js +4 -4
package/dist/mcp/server.js +193 -8
package/dist/templates/systemd.js +3 -3
package/dist/templates/unseal.js +5 -1
package/dist/tui/components/KeyHint.js +10 -0
package/dist/tui/exec-bridge.js +26 -12
package/dist/tui/hooks/use-fleet-data.js +5 -2
package/dist/tui/hooks/use-health.js +5 -2
package/dist/tui/router.js +60 -7
package/dist/tui/routines/RoutinesApp.d.ts +8 -0
package/dist/tui/routines/RoutinesApp.js +277 -0
package/dist/tui/routines/components/AlertsPanel.d.ts +7 -0
package/dist/tui/routines/components/AlertsPanel.js +22 -0
package/dist/tui/routines/components/AlertsPanel.test.d.ts +1 -0
package/dist/tui/routines/components/AlertsPanel.test.js +52 -0
package/dist/tui/routines/components/CommandPalette.d.ts +12 -0
package/dist/tui/routines/components/CommandPalette.js +21 -0
package/dist/tui/routines/components/LiveRunPanel.d.ts +12 -0
package/dist/tui/routines/components/LiveRunPanel.js +107 -0
package/dist/tui/routines/components/RoutineForm.d.ts +8 -0
package/dist/tui/routines/components/RoutineForm.js +254 -0
package/dist/tui/routines/components/SignalsGrid.d.ts +13 -0
package/dist/tui/routines/components/SignalsGrid.js +34 -0
package/dist/tui/routines/components/SignalsGrid.test.d.ts +1 -0
package/dist/tui/routines/components/SignalsGrid.test.js +43 -0
package/dist/tui/routines/format.d.ts +7 -0
package/dist/tui/routines/format.js +51 -0
package/dist/tui/routines/hooks/use-git-fleet.d.ts +33 -0
package/dist/tui/routines/hooks/use-git-fleet.js +82 -0
package/dist/tui/routines/hooks/use-logs-stream.d.ts +13 -0
package/dist/tui/routines/hooks/use-logs-stream.js +64 -0
package/dist/tui/routines/hooks/use-ops-fleet.d.ts +20 -0
package/dist/tui/routines/hooks/use-ops-fleet.js +70 -0
package/dist/tui/routines/hooks/use-repo-detail.d.ts +31 -0
package/dist/tui/routines/hooks/use-repo-detail.js +104 -0
package/dist/tui/routines/hooks/use-security.d.ts +33 -0
package/dist/tui/routines/hooks/use-security.js +110 -0
package/dist/tui/routines/hooks/use-signals.d.ts +9 -0
package/dist/tui/routines/hooks/use-signals.js +60 -0
package/dist/tui/routines/runtime.d.ts +20 -0
package/dist/tui/routines/runtime.js +40 -0
package/dist/tui/routines/tabs/CostTab.d.ts +7 -0
package/dist/tui/routines/tabs/CostTab.js +24 -0
package/dist/tui/routines/tabs/DashboardTab.d.ts +15 -0
package/dist/tui/routines/tabs/DashboardTab.js +10 -0
package/dist/tui/routines/tabs/GitTab.d.ts +6 -0
package/dist/tui/routines/tabs/GitTab.js +39 -0
package/dist/tui/routines/tabs/LogsTab.d.ts +6 -0
package/dist/tui/routines/tabs/LogsTab.js +58 -0
package/dist/tui/routines/tabs/OpsTab.d.ts +6 -0
package/dist/tui/routines/tabs/OpsTab.js +34 -0
package/dist/tui/routines/tabs/RepoDetailView.d.ts +6 -0
package/dist/tui/routines/tabs/RepoDetailView.js +12 -0
package/dist/tui/routines/tabs/RoutinesTab.d.ts +10 -0
package/dist/tui/routines/tabs/RoutinesTab.js +58 -0
package/dist/tui/routines/tabs/ScaffoldTab.d.ts +2 -0
package/dist/tui/routines/tabs/ScaffoldTab.js +127 -0
package/dist/tui/routines/tabs/SecurityTab.d.ts +6 -0
package/dist/tui/routines/tabs/SecurityTab.js +31 -0
package/dist/tui/routines/tabs/SettingsTab.d.ts +6 -0
package/dist/tui/routines/tabs/SettingsTab.js +61 -0
package/dist/tui/routines/tabs/TimelineTab.d.ts +7 -0
package/dist/tui/routines/tabs/TimelineTab.js +26 -0
package/dist/tui/state.js +1 -1
package/dist/tui/tests/keyboard-integration.test.js +3 -0
package/dist/tui/tests/test-app.js +1 -1
package/dist/tui/types.d.ts +2 -2
package/dist/tui/views/AppDetail.js +3 -4
package/dist/tui/views/HealthView.js +7 -1
package/dist/tui/views/LogsView.js +24 -1
package/dist/tui/views/MultiLogsView.d.ts +2 -0
package/dist/tui/views/MultiLogsView.js +165 -0
package/dist/tui/views/SecretEdit.js +10 -3
package/dist/tui/views/SecretsView.js +6 -3
package/dist/ui/prompt.d.ts +52 -0
package/dist/ui/prompt.js +169 -0
package/package.json +34 -21
package/scripts/guard/cert-expiry-watch +109 -0
package/scripts/guard/cf-audit-monitor +169 -0
package/scripts/guard/cf-snapshot +124 -0
package/scripts/guard/cron.d-cf-protect +11 -0
package/scripts/guard/dns-drift-watch +138 -0
package/scripts/guard/fleet-guard +282 -0
package/scripts/guard/fleet-guard-execute +197 -0
package/scripts/guard/notify +108 -0
package/dist/commands/motd.d.ts +0 -1
package/dist/commands/motd.js +0 -10
package/dist/templates/motd.d.ts +0 -1
package/dist/templates/motd.js +0 -7
package/dist/tui/components/AppList.d.ts +0 -12
package/dist/tui/components/AppList.js +0 -32
package/dist/tui/hooks/use-keyboard.d.ts +0 -1
package/dist/tui/hooks/use-keyboard.js +0 -44

package/scripts/guard/fleet-guard ADDED Viewed

@@ -0,0 +1,282 @@
+#!/usr/bin/env python3
+"""
+fleet-guard — pending-action queue with out-of-band approval.
+state layout under /var/lib/fleet-guard/:
+  pending/<token>.json   — awaiting approval. created by `hold`.
+  approved/<token>.json  — owner approved. picked up by executor.
+  processed/<token>.json — executor finished (success or fail).
+token format: 22-char base32 (random, single-use). 256 bits of entropy.
+cli verbs (all log to /var/log/fleet-guard/audit.jsonl):
+  hold <kind> <summary> [--payload '<json>']  create a pending hold + notify
+  list [pending|approved|processed]            list tokens with summaries
+  show <token>                                 dump one record
+  approve <token> [--actor <name>]             mark approved
+  reject <token>  [--actor <name>]             mark rejected (deletes record)
+  status                                       human summary
+  execute                                      run all approved actions
+approval is also mediated by the daemon (telegram callbacks/messages).
+this cli is the fallback path + ssh-session override.
+"""
+import argparse
+import base64
+import json
+import os
+import secrets
+import shutil
+import subprocess
+import sys
+import time
+from pathlib import Path
+from datetime import datetime, timezone
+ROOT = Path("/var/lib/fleet-guard")
+LOG = Path("/var/log/fleet-guard/audit.jsonl")
+NOTIFY = "/usr/local/sbin/notify"
+GUARD_CFG = Path("/etc/fleet/guard.json")
+DEFAULT_TTL = 600
+PENDING = ROOT / "pending"
+APPROVED = ROOT / "approved"
+PROCESSED = ROOT / "processed"
+def utcnow():
+    return datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+def epoch():
+    return int(time.time())
+def log_event(event):
+    LOG.parent.mkdir(parents=True, exist_ok=True)
+    entry = {"ts": utcnow(), **event}
+    with LOG.open("a") as f:
+        f.write(json.dumps(entry, default=str) + "\n")
+def gen_token():
+    return base64.b32encode(secrets.token_bytes(14)).decode().rstrip("=")
+def load_cfg():
+    if not GUARD_CFG.exists():
+        return {}
+    try:
+        return json.loads(GUARD_CFG.read_text())
+    except Exception:
+        return {}
+def write_record(dirpath, token, record):
+    dirpath.mkdir(parents=True, exist_ok=True)
+    path = dirpath / f"{token}.json"
+    tmp = path.with_suffix(".json.tmp")
+    tmp.write_text(json.dumps(record, indent=2, sort_keys=True))
+    tmp.rename(path)
+    os.chmod(path, 0o600)
+    return path
+def find_token(token):
+    """search pending/approved/processed for a token"""
+    for d in (PENDING, APPROVED, PROCESSED):
+        p = d / f"{token}.json"
+        if p.exists():
+            return d, p
+    return None, None
+def cmd_hold(args):
+    token = gen_token()
+    cfg = load_cfg()
+    ttl = int(cfg.get("tokenTtlSeconds") or DEFAULT_TTL)
+    record = {
+        "token": token,
+        "kind": args.kind,
+        "summary": args.summary,
+        "payload": json.loads(args.payload) if args.payload else {},
+        "created_at": utcnow(),
+        "expires_at_epoch": epoch() + ttl,
+        "creator": os.environ.get("SUDO_USER") or os.environ.get("USER") or "unknown",
+        "creator_uid": os.getuid(),
+    }
+    write_record(PENDING, token, record)
+    log_event({"event": "hold_created", "token": token, "kind": args.kind, "summary": args.summary})
+    # notify owner
+    title = f"action held: {args.kind}"
+    body = (
+        f"{args.summary}\n"
+        f"approve: send `/approve {token}` to bot\n"
+        f"or: fleet-guard approve {token}\n"
+        f"expires in {ttl // 60}m"
+    )
+    try:
+        subprocess.run([NOTIFY, title, body], check=False, timeout=15)
+    except Exception:
+        pass
+    print(token)
+    return 0
+def cmd_list(args):
+    target = {"pending": PENDING, "approved": APPROVED, "processed": PROCESSED}.get(args.where, PENDING)
+    rows = []
+    if target.exists():
+        for path in sorted(target.glob("*.json")):
+            r = json.loads(path.read_text())
+            rows.append((r["token"], r.get("kind", "?"), r.get("summary", "")[:60]))
+    for t, k, s in rows:
+        print(f"{t}  {k:<20}  {s}")
+    if not rows:
+        print(f"(no records in {args.where})")
+    return 0
+def cmd_show(args):
+    _, path = find_token(args.token)
+    if not path:
+        print(f"token not found: {args.token}", file=sys.stderr)
+        return 1
+    print(path.read_text())
+    return 0
+def _expire_check(record):
+    return epoch() > int(record.get("expires_at_epoch", 0))
+def cmd_approve(args):
+    src, path = find_token(args.token)
+    if path is None:
+        print(f"token not found: {args.token}", file=sys.stderr)
+        return 1
+    if src != PENDING:
+        print(f"token not in pending state (in {src.name})", file=sys.stderr)
+        return 1
+    record = json.loads(path.read_text())
+    if _expire_check(record):
+        log_event({"event": "approve_expired", "token": args.token, "actor": args.actor})
+        path.unlink()
+        print("token expired", file=sys.stderr)
+        return 1
+    record["approved_at"] = utcnow()
+    record["approver"] = args.actor or os.environ.get("SUDO_USER") or os.environ.get("USER") or "cli"
+    write_record(APPROVED, args.token, record)
+    path.unlink()
+    log_event({"event": "approved", "token": args.token, "kind": record.get("kind"),
+               "approver": record["approver"]})
+    # acknowledge
+    try:
+        subprocess.run([NOTIFY, "approval recorded",
+                        f"{record.get('kind')} approved by {record['approver']}"],
+                       check=False, timeout=10)
+    except Exception:
+        pass
+    print(f"approved {args.token}")
+    return 0
+def cmd_reject(args):
+    src, path = find_token(args.token)
+    if path is None or src != PENDING:
+        print(f"token not in pending state", file=sys.stderr)
+        return 1
+    record = json.loads(path.read_text())
+    record["rejected_at"] = utcnow()
+    record["rejecter"] = args.actor or os.environ.get("SUDO_USER") or os.environ.get("USER") or "cli"
+    write_record(PROCESSED, args.token, {**record, "outcome": "rejected"})
+    path.unlink()
+    log_event({"event": "rejected", "token": args.token, "actor": record["rejecter"]})
+    print(f"rejected {args.token}")
+    return 0
+def cmd_status(args):
+    counts = {}
+    for name, d in (("pending", PENDING), ("approved", APPROVED), ("processed", PROCESSED)):
+        counts[name] = len(list(d.glob("*.json"))) if d.exists() else 0
+    print(f"pending={counts['pending']} approved={counts['approved']} processed={counts['processed']}")
+    if PENDING.exists():
+        for path in sorted(PENDING.glob("*.json")):
+            r = json.loads(path.read_text())
+            ttl = int(r.get("expires_at_epoch", 0)) - epoch()
+            print(f"  {r['token']}  {r.get('kind')}  ttl={ttl}s  {r.get('summary', '')[:60]}")
+    return 0
+def cmd_execute(args):
+    """invoke executor for each approved record. external script handles each kind."""
+    executor = "/usr/local/sbin/fleet-guard-execute"
+    if not Path(executor).exists():
+        print(f"executor not installed at {executor}", file=sys.stderr)
+        return 1
+    count = 0
+    for path in sorted(APPROVED.glob("*.json")):
+        record = json.loads(path.read_text())
+        try:
+            res = subprocess.run([executor], input=json.dumps(record), capture_output=True,
+                                 text=True, timeout=120)
+            ok = res.returncode == 0
+            outcome = "executed" if ok else "execute_failed"
+            record["executed_at"] = utcnow()
+            record["outcome"] = outcome
+            record["executor_stdout"] = res.stdout[-2000:]
+            record["executor_stderr"] = res.stderr[-2000:]
+            write_record(PROCESSED, record["token"], record)
+            path.unlink()
+            log_event({"event": outcome, "token": record["token"], "kind": record.get("kind")})
+            count += 1
+        except Exception as e:
+            log_event({"event": "execute_error", "token": record["token"], "err": str(e)})
+    print(f"processed {count} approvals")
+    return 0
+def main():
+    p = argparse.ArgumentParser(prog="fleet-guard")
+    sub = p.add_subparsers(dest="cmd", required=True)
+    sp = sub.add_parser("hold")
+    sp.add_argument("kind")
+    sp.add_argument("summary")
+    sp.add_argument("--payload", default="")
+    sp.set_defaults(fn=cmd_hold)
+    sp = sub.add_parser("list")
+    sp.add_argument("where", nargs="?", default="pending",
+                    choices=["pending", "approved", "processed"])
+    sp.set_defaults(fn=cmd_list)
+    sp = sub.add_parser("show")
+    sp.add_argument("token")
+    sp.set_defaults(fn=cmd_show)
+    sp = sub.add_parser("approve")
+    sp.add_argument("token")
+    sp.add_argument("--actor", default="")
+    sp.set_defaults(fn=cmd_approve)
+    sp = sub.add_parser("reject")
+    sp.add_argument("token")
+    sp.add_argument("--actor", default="")
+    sp.set_defaults(fn=cmd_reject)
+    sp = sub.add_parser("status")
+    sp.set_defaults(fn=cmd_status)
+    sp = sub.add_parser("execute")
+    sp.set_defaults(fn=cmd_execute)
+    args = p.parse_args()
+    sys.exit(args.fn(args))
+if __name__ == "__main__":
+    main()

package/scripts/guard/fleet-guard-execute ADDED Viewed

@@ -0,0 +1,197 @@
+#!/usr/bin/env python3
+"""
+fleet-guard-execute — executes one approved fleet-guard record.
+reads a single json record on stdin (the approved hold). dispatches on
+record["kind"]. on success, prints a short summary; on failure, prints
+the error to stderr and exits non-zero.
+supported kinds:
+  noop                    — for testing the queue
+  cf_pause_zone           — pauses a cloudflare zone (dev mode style)
+  cf_unpause_zone         — unpauses a cloudflare zone
+  cf_revert_dns_record    — restores a dns record to its snapshot value
+  cf_block_ip             — adds a custom waf rule blocking an ip
+creds: /etc/fleet/guard.cf.json (root:fleet-guard 640)
+snapshots: /var/lib/cf-snapshots (git-tracked, populated by cf-snapshot)
+"""
+import json
+import sys
+import urllib.parse
+import urllib.request
+from pathlib import Path
+CFG_PATH = Path("/etc/fleet/guard.cf.json")
+SNAP_DIR = Path("/var/lib/cf-snapshots")
+def load_cf():
+    cfg = json.loads(CFG_PATH.read_text())
+    if not cfg.get("apiKey") or not cfg.get("email"):
+        sys.exit("missing cloudflare creds in /etc/fleet/guard.cf.json")
+    return cfg["apiKey"], cfg["email"], cfg.get("accountId")
+def cf_request(method, path, api_key, email, body=None):
+    url = f"https://api.cloudflare.com/client/v4{path}"
+    data = json.dumps(body).encode() if body is not None else None
+    req = urllib.request.Request(url, data=data, method=method, headers={
+        "X-Auth-Email": email,
+        "X-Auth-Key": api_key,
+        "Content-Type": "application/json",
+    })
+    with urllib.request.urlopen(req, timeout=20) as r:
+        return json.loads(r.read())
+def find_zone_id(zone_name, api_key, email):
+    qs = urllib.parse.urlencode({"name": zone_name})
+    res = cf_request("GET", f"/zones?{qs}", api_key, email)
+    results = res.get("result") or []
+    if not results:
+        raise RuntimeError(f"no zone match for {zone_name}")
+    return results[0]["id"]
+def kind_noop(payload):
+    print(f"noop ok: {payload.get('note', '')}")
+    return 0
+def kind_cf_pause_zone(payload, api_key, email, account_id):
+    zone = payload["zone"]
+    zid = find_zone_id(zone, api_key, email)
+    res = cf_request("POST", f"/zones/{zid}/pause", api_key, email, body={})
+    if not res.get("success"):
+        print(json.dumps(res), file=sys.stderr)
+        return 1
+    print(f"paused {zone}")
+    return 0
+def kind_cf_unpause_zone(payload, api_key, email, account_id):
+    zone = payload["zone"]
+    zid = find_zone_id(zone, api_key, email)
+    res = cf_request("POST", f"/zones/{zid}/unpause", api_key, email, body={})
+    if not res.get("success"):
+        print(json.dumps(res), file=sys.stderr)
+        return 1
+    print(f"unpaused {zone}")
+    return 0
+def kind_cf_revert_dns_record(payload, api_key, email, account_id):
+    """payload: {zone, name, type} — restores from latest snapshot."""
+    zone = payload["zone"]
+    name = payload["name"]
+    rtype = payload["type"]
+    snap_path = SNAP_DIR / f"{zone}.json"
+    if not snap_path.exists():
+        raise RuntimeError(f"no snapshot for {zone}")
+    snap = json.loads(snap_path.read_text())
+    matches = [r for r in snap.get("records", [])
+               if r.get("type") == rtype and r.get("name") == name]
+    if not matches:
+        raise RuntimeError(f"no snapshot record for {name} {rtype}")
+    target = matches[0]
+    zid = find_zone_id(zone, api_key, email)
+    # find live record id, if any
+    qs = urllib.parse.urlencode({"name": name, "type": rtype})
+    live = cf_request("GET", f"/zones/{zid}/dns_records?{qs}", api_key, email)
+    live_records = live.get("result") or []
+    body = {
+        "type": target["type"],
+        "name": target["name"],
+        "content": target.get("content"),
+        "proxied": target.get("proxied", False),
+        "ttl": target.get("ttl", 1),
+    }
+    if target.get("priority") is not None:
+        body["priority"] = target["priority"]
+    if live_records:
+        rec_id = live_records[0]["id"]
+        res = cf_request("PUT", f"/zones/{zid}/dns_records/{rec_id}", api_key, email, body)
+        action = "updated"
+    else:
+        res = cf_request("POST", f"/zones/{zid}/dns_records", api_key, email, body)
+        action = "recreated"
+    if not res.get("success"):
+        print(json.dumps(res), file=sys.stderr)
+        return 1
+    print(f"{action} {rtype} {name} on {zone}")
+    return 0
+def kind_cf_block_ip(payload, api_key, email, account_id):
+    """payload: {zone, ip, note?} — adds a block via cf rulesets."""
+    zone = payload["zone"]
+    ip = payload["ip"]
+    note = payload.get("note") or "fleet-guard auto-block"
+    zid = find_zone_id(zone, api_key, email)
+    rule = {
+        "action": "block",
+        "expression": f'(ip.src eq {ip})',
+        "description": f"fleet-guard: {note}",
+        "enabled": True,
+    }
+    body = {
+        "rules": [rule],
+    }
+    # rules go into the http_request_firewall_custom phase entrypoint
+    res = cf_request(
+        "PUT",
+        f"/zones/{zid}/rulesets/phases/http_request_firewall_custom/entrypoint",
+        api_key, email, body,
+    )
+    if not res.get("success"):
+        print(json.dumps(res), file=sys.stderr)
+        return 1
+    print(f"blocked {ip} on {zone}")
+    return 0
+HANDLERS = {
+    "noop": kind_noop,
+    "cf_pause_zone": kind_cf_pause_zone,
+    "cf_unpause_zone": kind_cf_unpause_zone,
+    "cf_revert_dns_record": kind_cf_revert_dns_record,
+    "cf_block_ip": kind_cf_block_ip,
+}
+def main():
+    raw = sys.stdin.read()
+    if not raw.strip():
+        sys.exit("no record on stdin")
+    record = json.loads(raw)
+    kind = record.get("kind")
+    payload = record.get("payload") or {}
+    handler = HANDLERS.get(kind)
+    if not handler:
+        print(f"unknown kind: {kind}", file=sys.stderr)
+        return 1
+    if kind == "noop":
+        return handler(payload)
+    api_key, email, account_id = load_cf()
+    try:
+        return handler(payload, api_key, email, account_id)
+    except urllib.error.HTTPError as e:
+        body = e.read().decode("utf-8", errors="replace")[:500]
+        print(f"cf api {e.code}: {body}", file=sys.stderr)
+        return 1
+    except Exception as e:
+        print(f"executor error: {e}", file=sys.stderr)
+        return 1
+if __name__ == "__main__":
+    sys.exit(main())

package/scripts/guard/notify ADDED Viewed

@@ -0,0 +1,108 @@
+#!/usr/bin/env python3
+"""
+fan-out notifier. reads /etc/fleet/notify.json (an "adapters" list) and
+dispatches the same message to every adapter that's configured. each
+adapter failure is reported but doesn't block the others.
+usage: notify "title" "body"
+"""
+import json
+import sys
+import urllib.parse
+import urllib.request
+import uuid
+from pathlib import Path
+CFG = Path("/etc/fleet/notify.json")
+def md_escape(text):
+    # markdownv2 escape for telegram
+    specials = "_*[]()~`>#+-=|{}.!"
+    return "".join("\\" + c if c in specials else c for c in text)
+def send_telegram(adapter, title, body):
+    token = adapter["botToken"]
+    chat = adapter["chatId"]
+    text = "*" + md_escape(title) + "*"
+    if body:
+        text += "\n" + md_escape(body)
+    data = urllib.parse.urlencode({
+        "chat_id": chat,
+        "text": text,
+        "parse_mode": "MarkdownV2",
+        "disable_web_page_preview": "true",
+    }).encode()
+    req = urllib.request.Request(
+        f"https://api.telegram.org/bot{token}/sendMessage",
+        data=data,
+        method="POST",
+    )
+    with urllib.request.urlopen(req, timeout=15) as r:
+        return r.status == 200
+def send_bluebubbles(adapter, title, body):
+    base = adapter["serverUrl"].rstrip("/")
+    pwd = adapter["password"]
+    chat = adapter["chatGuid"]
+    text = title if not body else f"{title}\n{body}"
+    payload = json.dumps({
+        "chatGuid": chat,
+        "message": text,
+        "method": "apple-script",
+        "tempGuid": str(uuid.uuid4()),
+    }).encode()
+    headers = {
+        "Content-Type": "application/json",
+        "User-Agent": "Mozilla/5.0 (server-notify) AppleWebKit/537.36",
+    }
+    if adapter.get("cfAccessClientId"):
+        headers["CF-Access-Client-Id"] = adapter["cfAccessClientId"]
+        headers["CF-Access-Client-Secret"] = adapter["cfAccessClientSecret"]
+    url = f"{base}/api/v1/message/text?password={urllib.parse.quote(pwd)}"
+    req = urllib.request.Request(url, data=payload, headers=headers, method="POST")
+    with urllib.request.urlopen(req, timeout=45) as r:
+        return r.status == 200
+DISPATCH = {
+    "telegram": send_telegram,
+    "bluebubbles": send_bluebubbles,
+}
+def main():
+    if len(sys.argv) < 2:
+        sys.exit("usage: notify <title> [body]")
+    title = sys.argv[1]
+    body = sys.argv[2] if len(sys.argv) > 2 else ""
+    if not CFG.exists():
+        sys.exit(f"missing {CFG}")
+    cfg = json.loads(CFG.read_text())
+    adapters = cfg.get("adapters") or []
+    failures = []
+    for ad in adapters:
+        kind = ad.get("type")
+        fn = DISPATCH.get(kind)
+        if not fn:
+            failures.append(f"unknown adapter: {kind}")
+            continue
+        try:
+            fn(ad, title, body)
+        except Exception as e:
+            failures.append(f"{kind}: {e}")
+    if failures:
+        # write to stderr but keep going; cron mail will surface it
+        for f in failures:
+            print(f, file=sys.stderr)
+        # only fail outright if every adapter failed
+        if len(failures) == len(adapters):
+            sys.exit(1)
+if __name__ == "__main__":
+    main()

package/dist/commands/motd.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export declare function motdInstallCommand(): void;

package/dist/commands/motd.js DELETED Viewed

@@ -1,10 +0,0 @@
-import { writeFileSync, chmodSync } from 'node:fs';
-import { generateMotdScript } from '../templates/motd.js';
-import { success } from '../ui/output.js';
-const MOTD_PATH = '/etc/update-motd.d/50-fleet-status';
-export function motdInstallCommand() {
-    const script = generateMotdScript();
-    writeFileSync(MOTD_PATH, script);
-    chmodSync(MOTD_PATH, 0o755);
-    success(`Installed MOTD script at ${MOTD_PATH}`);
-}

package/dist/templates/motd.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export declare function generateMotdScript(): string;

package/dist/templates/motd.js DELETED Viewed

@@ -1,7 +0,0 @@
-export function generateMotdScript() {
-    return `#!/bin/bash
-# Fleet service health check — installed by "fleet motd install"
-# Shows service status on SSH login
-/usr/bin/node /home/matt/fleet/dist/index.js watchdog --motd 2>/dev/null || echo "  Fleet: health check failed to run"
-`;
-}

package/dist/tui/components/AppList.d.ts DELETED Viewed

@@ -1,12 +0,0 @@
-import React from 'react';
-interface AppListItem {
-    name: string;
-    label?: string;
-}
-interface AppListProps {
-    items: AppListItem[];
-    onSelect: (item: AppListItem) => void;
-    renderItem?: (item: AppListItem, selected: boolean) => React.JSX.Element;
-}
-export declare function AppList({ items, onSelect, renderItem }: AppListProps): React.JSX.Element;
-export {};

package/dist/tui/components/AppList.js DELETED Viewed

@@ -1,32 +0,0 @@
-import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
-import { useState } from 'react';
-import { Box, Text, useInput } from 'ink';
-import { colors } from '../theme.js';
-export function AppList({ items, onSelect, renderItem }) {
-    const [selectedIndex, setSelectedIndex] = useState(0);
-    useInput((input, key) => {
-        if (items.length === 0)
-            return;
-        if (input === 'j' || key.downArrow) {
-            setSelectedIndex(prev => Math.min(prev + 1, items.length - 1));
-        }
-        else if (input === 'k' || key.upArrow) {
-            setSelectedIndex(prev => Math.max(prev - 1, 0));
-        }
-        else if (key.return) {
-            if (items[selectedIndex]) {
-                onSelect(items[selectedIndex]);
-            }
-        }
-    });
-    if (items.length === 0) {
-        return _jsx(Text, { color: colors.muted, children: "No items" });
-    }
-    return (_jsx(Box, { flexDirection: "column", children: items.map((item, i) => {
-            const selected = i === selectedIndex;
-            if (renderItem) {
-                return (_jsxs(Box, { children: [_jsx(Text, { bold: true, color: selected ? colors.primary : colors.muted, children: selected ? '> ' : '  ' }), renderItem(item, selected)] }, item.name));
-            }
-            return (_jsxs(Text, { bold: selected, color: selected ? colors.primary : colors.text, children: [selected ? '> ' : '  ', item.label ?? item.name] }, item.name));
-        }) }));
-}

package/dist/tui/hooks/use-keyboard.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export declare function useKeyboard(): void;