@matthesketh/fleet 1.8.1 → 1.11.0

package/dist/commands/update.js

@@ -0,0 +1,95 @@
+import { z } from 'zod';
+import { checkForUpdate, applyUpdate, resolveChannel } from '../core/self-update.js';
+import { defineCommand } from '../registry/registry.js';
+/** CLI surface for self-update. equivalent to the TUI banner + U key, but
+ *  driveable from a dumb terminal, a cron job, or a Claude session. */
+export const updateCommand = defineCommand({
+    name: 'update',
+    summary: 'Check for or install a fleet update from the configured channel',
+    args: z.object({
+        check: z.boolean().default(false),
+        channel: z.enum(['stable', 'prerelease']).optional(),
+        branch: z.string().optional(),
+    }),
+    async run(args, _ctx) {
+        // env-var overrides apply for the lifetime of this invocation so the
+        // existing resolveChannel logic stays the single source of truth. we
+        // restore the prior environment afterward so an in-process MCP call
+        // doesn't leak the override into subsequent commands.
+        const previous = {
+            channel: process.env.FLEET_UPDATE_CHANNEL,
+            branch: process.env.FLEET_UPDATE_BRANCH,
+        };
+        if (args.channel)
+            process.env.FLEET_UPDATE_CHANNEL = args.channel;
+        if (args.branch)
+            process.env.FLEET_UPDATE_BRANCH = args.branch;
+        try {
+            const info = await checkForUpdate();
+            const channelInfo = resolveChannel();
+            const base = {
+                channel: info.channel,
+                remoteBranch: info.remoteBranch,
+                localBranch: info.branch,
+                available: info.available,
+                behind: info.behind,
+                latestSubject: info.latestSubject,
+                ...(info.error ? { error: info.error } : {}),
+            };
+            if (info.error) {
+                return {
+                    ok: false,
+                    summary: `check failed: ${info.error}`,
+                    data: base,
+                };
+            }
+            if (!info.available) {
+                return {
+                    ok: true,
+                    summary: `up to date (channel=${channelInfo.channel}, branch=${channelInfo.branch})`,
+                    data: base,
+                };
+            }
+            if (args.check) {
+                const subject = info.latestSubject ? ` — ${info.latestSubject}` : '';
+                return {
+                    ok: true,
+                    summary: `update available (channel=${channelInfo.channel}): ${info.behind} commit${info.behind === 1 ? '' : 's'} ahead${subject}`,
+                    data: base,
+                };
+            }
+            const result = await applyUpdate();
+            const data = {
+                ...base,
+                pulled: result.pulled,
+                buildOk: result.buildOk,
+                output: result.output,
+            };
+            if (!result.ok) {
+                return {
+                    ok: false,
+                    summary: `update failed: ${result.output}`,
+                    data,
+                };
+            }
+            return {
+                ok: true,
+                summary: result.pulled === 0
+                    ? 'no changes pulled; rebuild ran'
+                    : `updated ${result.pulled} commit${result.pulled === 1 ? '' : 's'}, rebuilt`,
+                data,
+            };
+        }
+        finally {
+            // restore the prior env unconditionally — even if the call threw.
+            if (previous.channel === undefined)
+                delete process.env.FLEET_UPDATE_CHANNEL;
+            else
+                process.env.FLEET_UPDATE_CHANNEL = previous.channel;
+            if (previous.branch === undefined)
+                delete process.env.FLEET_UPDATE_BRANCH;
+            else
+                process.env.FLEET_UPDATE_BRANCH = previous.branch;
+        }
+    },
+});

package/dist/core/audit/cache.d.ts

@@ -0,0 +1,4 @@
+import type { AuditCache, AuditRecord } from './types.js';
+export declare function loadAuditCache(path?: string): AuditCache;
+export declare function saveAuditRecord(record: AuditRecord, path?: string): void;
+export declare function auditCachePath(): string;

package/dist/core/audit/cache.js

@@ -0,0 +1,37 @@
+import { readFileSync, writeFileSync, renameSync, existsSync, mkdirSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const DEFAULT_CACHE_PATH = join(__dirname, '..', '..', '..', 'data', 'audit-cache.json');
+function emptyCache() {
+    return { version: 1, audits: {} };
+}
+// load the audit cache, returning an empty cache when the file is absent or
+// unreadable — a stale/corrupt cache must never block a fresh audit.
+export function loadAuditCache(path = DEFAULT_CACHE_PATH) {
+    if (!existsSync(path))
+        return emptyCache();
+    try {
+        const parsed = JSON.parse(readFileSync(path, 'utf-8'));
+        if (!parsed || typeof parsed !== 'object' || !parsed.audits)
+            return emptyCache();
+        return parsed;
+    }
+    catch {
+        return emptyCache();
+    }
+}
+// upsert one audit record, keyed by target, via an atomic tmp-file rename.
+export function saveAuditRecord(record, path = DEFAULT_CACHE_PATH) {
+    const cache = loadAuditCache(path);
+    cache.audits[record.target] = record;
+    const dir = dirname(path);
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true });
+    const tmp = path + '.tmp';
+    writeFileSync(tmp, JSON.stringify(cache, null, 2) + '\n');
+    renameSync(tmp, path);
+}
+export function auditCachePath() {
+    return DEFAULT_CACHE_PATH;
+}

package/dist/core/audit/config.d.ts

@@ -0,0 +1,5 @@
+import type { AuditConfig } from './types.js';
+export declare function defaultAuditConfig(): AuditConfig;
+export declare function loadAuditConfig(path?: string): AuditConfig;
+export declare function saveAuditConfig(config: AuditConfig, path?: string): void;
+export declare function auditConfigPath(): string;

package/dist/core/audit/config.js

@@ -0,0 +1,35 @@
+import { readFileSync, writeFileSync, renameSync, existsSync, mkdirSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const DEFAULT_CONFIG_PATH = join(__dirname, '..', '..', '..', 'data', 'audit-config.json');
+export function defaultAuditConfig() {
+    return { version: 1, ignore: [] };
+}
+// load the audit config (ignore rules). a missing or corrupt file yields the
+// default empty config — a bad config must never abort an audit.
+export function loadAuditConfig(path = DEFAULT_CONFIG_PATH) {
+    if (!existsSync(path))
+        return defaultAuditConfig();
+    try {
+        const parsed = JSON.parse(readFileSync(path, 'utf-8'));
+        if (!parsed || !Array.isArray(parsed.ignore))
+            return defaultAuditConfig();
+        return { version: 1, ignore: parsed.ignore };
+    }
+    catch {
+        return defaultAuditConfig();
+    }
+}
+// persist the audit config via an atomic tmp-file rename.
+export function saveAuditConfig(config, path = DEFAULT_CONFIG_PATH) {
+    const dir = dirname(path);
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true });
+    const tmp = path + '.tmp';
+    writeFileSync(tmp, JSON.stringify(config, null, 2) + '\n');
+    renameSync(tmp, path);
+}
+export function auditConfigPath() {
+    return DEFAULT_CONFIG_PATH;
+}

package/dist/core/audit/greenlight.d.ts

@@ -0,0 +1,11 @@
+import type { GreenlightReport } from './types.js';
+export declare const GREENLIGHT_INSTALL_HINT: string;
+export declare function findGreenlight(): string | null;
+export declare function requireGreenlight(): string;
+export declare function greenlightVersion(bin: string): string | null;
+export interface PreflightOptions {
+    ipaPath?: string;
+    timeoutMs?: number;
+}
+export declare function runPreflight(projectPath: string, opts?: PreflightOptions, bin?: string): GreenlightReport;
+export declare function runGuidelines(args: string[], bin?: string): string;

package/dist/core/audit/greenlight.js

@@ -0,0 +1,81 @@
+import { existsSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { execSafe } from '../exec.js';
+import { FleetError } from '../errors.js';
+export const GREENLIGHT_INSTALL_HINT = [
+    'greenlight binary not found. Install it with one of:',
+    '  go install github.com/RevylAI/greenlight/cmd/greenlight@latest',
+    '  brew install revylai/tap/greenlight',
+    'Then re-run, or point GREENLIGHT_BIN at an absolute path.',
+].join('\n');
+// locate the greenlight binary. honours $GREENLIGHT_BIN first, then anything
+// on $PATH, then the usual `go install` and homebrew destinations. returns the
+// command/path execSafe should invoke, or null when nothing usable is found.
+export function findGreenlight() {
+    const override = process.env.GREENLIGHT_BIN;
+    if (override)
+        return existsSync(override) ? override : null;
+    if (execSafe('greenlight', ['--help'], { timeout: 10_000 }).ok) {
+        return 'greenlight';
+    }
+    const candidates = [];
+    if (process.env.GOBIN)
+        candidates.push(join(process.env.GOBIN, 'greenlight'));
+    const gopath = execSafe('go', ['env', 'GOPATH'], { timeout: 10_000 });
+    if (gopath.ok && gopath.stdout) {
+        candidates.push(join(gopath.stdout.split('\n')[0].trim(), 'bin', 'greenlight'));
+    }
+    candidates.push(join(homedir(), 'go', 'bin', 'greenlight'), '/opt/homebrew/bin/greenlight', '/usr/local/bin/greenlight');
+    for (const candidate of candidates) {
+        if (existsSync(candidate))
+            return candidate;
+    }
+    return null;
+}
+// resolve the binary or fail loudly with install guidance.
+export function requireGreenlight() {
+    const bin = findGreenlight();
+    if (!bin)
+        throw new FleetError(GREENLIGHT_INSTALL_HINT);
+    return bin;
+}
+// best-effort version string for diagnostics; null if it can't be read.
+export function greenlightVersion(bin) {
+    const res = execSafe(bin, ['version'], { timeout: 10_000 });
+    if (res.ok && res.stdout)
+        return res.stdout.split('\n')[0].trim();
+    return null;
+}
+// run `greenlight preflight <project> --format json` and parse the report.
+// greenlight exits 0 for any successful scan regardless of how many issues it
+// finds — a non-zero exit means the scan itself failed (bad path, binary
+// error), so that is the only case treated as an error here.
+export function runPreflight(projectPath, opts = {}, bin = requireGreenlight()) {
+    const args = ['preflight', projectPath, '--format', 'json'];
+    if (opts.ipaPath)
+        args.push('--ipa', opts.ipaPath);
+    const res = execSafe(bin, args, { timeout: opts.timeoutMs ?? 120_000 });
+    if (!res.ok) {
+        throw new FleetError(`greenlight preflight failed: ${res.stderr || res.stdout || 'unknown error'}`);
+    }
+    // greenlight prints a human banner (project path, scanner list) to stdout
+    // before the json document even under --format json, so slice from the
+    // first brace. the banner is plain text and never contains one.
+    const jsonStart = res.stdout.indexOf('{');
+    if (jsonStart === -1) {
+        throw new FleetError(`greenlight produced no json report:\n${res.stdout.slice(0, 500)}`);
+    }
+    try {
+        return JSON.parse(res.stdout.slice(jsonStart));
+    }
+    catch {
+        throw new FleetError(`greenlight returned output that is not valid json:\n${res.stdout.slice(0, 500)}`);
+    }
+}
+// passthrough to `greenlight guidelines <args>` (list | show <section> |
+// search <term>) — returns the rendered text for the caller to print.
+export function runGuidelines(args, bin = requireGreenlight()) {
+    const res = execSafe(bin, ['guidelines', ...args], { timeout: 15_000 });
+    return (res.stdout || res.stderr).trim();
+}

package/dist/core/audit/reporters/cli.d.ts

@@ -0,0 +1,3 @@
+import type { GreenlightReport } from '../types.js';
+export declare function severityIcon(severity: string): string;
+export declare function formatReport(report: GreenlightReport): string[];

package/dist/core/audit/reporters/cli.js

@@ -0,0 +1,68 @@
+import { c, icon } from '../../../ui/output.js';
+const SEVERITY_ORDER = ['CRITICAL', 'WARN', 'INFO'];
+export function severityIcon(severity) {
+    switch (severity) {
+        case 'CRITICAL': return icon.err;
+        case 'WARN': return icon.warn;
+        default: return icon.info;
+    }
+}
+function severityHeading(severity) {
+    switch (severity) {
+        case 'CRITICAL': return `${c.red}${c.bold}Critical — will be rejected`;
+        case 'WARN': return `${c.yellow}${c.bold}Warning — high rejection risk`;
+        default: return `${c.dim}${c.bold}Info — best practice`;
+    }
+}
+// render a parsed greenlight report into printable terminal lines, grouped by
+// severity with a verdict footer. ansi colours come from ui/output.
+export function formatReport(report) {
+    const lines = [];
+    if (report.app_name)
+        lines.push(`  ${c.dim}App${c.reset}     ${report.app_name}`);
+    if (report.bundle_id)
+        lines.push(`  ${c.dim}Bundle${c.reset}  ${report.bundle_id}`);
+    lines.push(`  ${c.dim}Privacy manifest${c.reset}  ` +
+        (report.has_privacy_info ? `${icon.ok} present` : `${icon.warn} missing`));
+    if (report.tracking_sdks && report.tracking_sdks.length > 0) {
+        lines.push(`  ${c.dim}Tracking SDKs${c.reset}  ${report.tracking_sdks.join(', ')}`);
+    }
+    if (report.detected_apis && report.detected_apis.length > 0) {
+        lines.push(`  ${c.dim}Required-reason APIs${c.reset}  ${report.detected_apis.join(', ')}`);
+    }
+    for (const severity of SEVERITY_ORDER) {
+        const group = report.findings.filter(f => f.severity === severity);
+        if (group.length === 0)
+            continue;
+        lines.push('');
+        lines.push(`${severityHeading(severity)} (${group.length})${c.reset}`);
+        for (const finding of group)
+            lines.push(...formatFinding(finding));
+    }
+    const s = report.summary;
+    lines.push('');
+    lines.push(`  ${c.dim}${'-'.repeat(48)}${c.reset}`);
+    if (s.passed) {
+        lines.push(`  ${c.green}${c.bold}GREENLIT${c.reset} — no critical issues found`);
+    }
+    else {
+        lines.push(`  ${c.red}${c.bold}NOT READY${c.reset} — ${s.critical} critical issue(s) must be fixed`);
+    }
+    lines.push(`  ${c.dim}${s.total} findings: ${s.critical} critical, ${s.warns} warn, ` +
+        `${s.infos} info — scanned in ${report.elapsed}${c.reset}`);
+    return lines;
+}
+function formatFinding(finding) {
+    const out = [];
+    const ref = finding.guideline ? `${c.cyan}§${finding.guideline}${c.reset} ` : '';
+    out.push(`  ${severityIcon(finding.severity)} ${c.dim}[${finding.source}]${c.reset} ` +
+        `${ref}${c.bold}${finding.title}${c.reset}`);
+    if (finding.file) {
+        const loc = finding.line ? `${finding.file}:${finding.line}` : finding.file;
+        out.push(`      ${c.dim}${loc}${c.reset}`);
+    }
+    out.push(`      ${c.dim}${finding.detail}${c.reset}`);
+    if (finding.fix)
+        out.push(`      ${c.green}fix:${c.reset} ${finding.fix}`);
+    return out;
+}

package/dist/core/audit/suppress.d.ts

@@ -0,0 +1,6 @@
+import type { AuditIgnoreRule, GreenlightReport } from './types.js';
+export interface SuppressionResult {
+    report: GreenlightReport;
+    suppressed: number;
+}
+export declare function applySuppressions(report: GreenlightReport, target: string, rules: AuditIgnoreRule[]): SuppressionResult;

package/dist/core/audit/suppress.js

@@ -0,0 +1,37 @@
+// true when `rule` dismisses `finding` for the audit target `target`.
+function ruleCovers(rule, finding, target) {
+    if (rule.target && rule.target !== target)
+        return false;
+    if (rule.title !== finding.title)
+        return false;
+    if (rule.contains) {
+        const haystack = `${finding.file ?? ''}\n${finding.code ?? ''}`;
+        if (!haystack.includes(rule.contains))
+            return false;
+    }
+    return true;
+}
+function recomputeSummary(findings) {
+    return {
+        total: findings.length,
+        critical: findings.filter(f => f.severity === 'CRITICAL').length,
+        warns: findings.filter(f => f.severity === 'WARN').length,
+        infos: findings.filter(f => f.severity === 'INFO').length,
+        passed: findings.every(f => f.severity !== 'CRITICAL'),
+    };
+}
+// drops findings covered by an active ignore rule and recomputes the summary
+// so the verdict reflects what is left. this is how confirmed scanner false
+// positives are dismissed — each rule carries a written reason.
+export function applySuppressions(report, target, rules) {
+    if (rules.length === 0)
+        return { report, suppressed: 0 };
+    const kept = report.findings.filter(finding => !rules.some(rule => ruleCovers(rule, finding, target)));
+    const suppressed = report.findings.length - kept.length;
+    if (suppressed === 0)
+        return { report, suppressed: 0 };
+    return {
+        report: { ...report, findings: kept, summary: recomputeSummary(kept) },
+        suppressed,
+    };
+}

package/dist/core/audit/target.d.ts

@@ -0,0 +1,5 @@
+export interface AuditTarget {
+    target: string;
+    projectPath: string;
+}
+export declare function resolveAuditTarget(target: string): AuditTarget;

package/dist/core/audit/target.js

@@ -0,0 +1,26 @@
+import { existsSync, statSync } from 'node:fs';
+import { join, resolve } from 'node:path';
+import { load, findApp } from '../registry.js';
+import { FleetError } from '../errors.js';
+// resolve an audit target to the mobile project directory to scan.
+//
+// a target is either an existing directory path (used as-is) or a registered
+// fleet app name. for a registered app the convention is a `mobile/` subdir of
+// its compose root — that is where an expo / ios project lives in a repo whose
+// root holds docker-compose — falling back to the compose root when there is
+// no such subdir.
+export function resolveAuditTarget(target) {
+    const asPath = resolve(target);
+    if (existsSync(asPath) && statSync(asPath).isDirectory()) {
+        return { target, projectPath: asPath };
+    }
+    const app = findApp(load(), target);
+    if (!app) {
+        throw new FleetError(`Audit target "${target}" is neither an existing directory nor a registered app.`);
+    }
+    const mobileDir = join(app.composePath, 'mobile');
+    return {
+        target: app.name,
+        projectPath: existsSync(mobileDir) ? mobileDir : app.composePath,
+    };
+}

package/dist/core/audit/types.d.ts

@@ -0,0 +1,54 @@
+export type GreenlightSeverity = 'CRITICAL' | 'WARN' | 'INFO';
+export type GreenlightSource = 'metadata' | 'codescan' | 'privacy' | 'ipa';
+export interface GreenlightFinding {
+    source: GreenlightSource | string;
+    severity: GreenlightSeverity | string;
+    guideline?: string;
+    title: string;
+    detail: string;
+    fix?: string;
+    file?: string;
+    line?: number;
+    code?: string;
+}
+export interface GreenlightSummary {
+    total: number;
+    critical: number;
+    warns: number;
+    infos: number;
+    passed: boolean;
+}
+export interface GreenlightReport {
+    project_path: string;
+    ipa_path?: string;
+    app_name?: string;
+    bundle_id?: string;
+    has_privacy_info: boolean;
+    detected_apis?: string[];
+    tracking_sdks?: string[];
+    findings: GreenlightFinding[];
+    summary: GreenlightSummary;
+    elapsed: string;
+}
+export interface AuditRecord {
+    target: string;
+    projectPath: string;
+    ipaPath?: string;
+    ranAt: string;
+    report: GreenlightReport;
+}
+export interface AuditCache {
+    version: 1;
+    audits: Record<string, AuditRecord>;
+}
+export interface AuditIgnoreRule {
+    target?: string;
+    title: string;
+    contains?: string;
+    reason: string;
+    addedAt: string;
+}
+export interface AuditConfig {
+    version: 1;
+    ignore: AuditIgnoreRule[];
+}

package/dist/core/audit/types.js

@@ -0,0 +1,5 @@
+// shapes for the App Store compliance audit feature. the report types mirror
+// the json emitted by `greenlight preflight --format json` (RevylAI/greenlight,
+// internal/cli/preflight.go writePreflightJSON) — kept structurally identical
+// so the binary's output deserialises straight into these.
+export {};

package/dist/core/backup/browser-api.d.ts

@@ -0,0 +1,66 @@
+import { StatusReport } from './statuspage.js';
+import { SnapshotInfo } from './types.js';
+import { TreeEntry } from './repo.js';
+export interface RestoreResult {
+    target: string;
+    fileCount: number;
+    bytes: number;
+    durationMs: number;
+}
+export interface StagingDir {
+    path: string;
+    bytes: number;
+    age: string;
+}
+/** everything the router needs, injected so handlers stay pure + testable. */
+export interface ApiContext {
+    now(): number;
+    totpSecret: string;
+    sessionSecret: string;
+    sessionTtlMs: number;
+    /** the deployment domain — the same-origin check accepts only this host. */
+    domain: string;
+    listApps(): string[];
+    statusReport(): StatusReport;
+    snapshots(app: string): SnapshotInfo[];
+    lsTree(app: string, snap: string, path: string): TreeEntry[];
+    fileMeta(app: string, snap: string, path: string): {
+        size: number;
+        sensitive: boolean;
+    } | null;
+    restore(app: string, snap: string, path: string): RestoreResult;
+    listStaging(): StagingDir[];
+    deleteStaging(path: string): void;
+}
+export interface ApiRequest {
+    method: string;
+    path: string;
+    query: Record<string, string>;
+    headers: Record<string, string>;
+    body?: unknown;
+    cookies: Record<string, string>;
+}
+export type ApiResponse = {
+    kind: 'json';
+    status: number;
+    body: unknown;
+    setCookie?: string;
+} | {
+    kind: 'html';
+    status: number;
+    body: string;
+} | {
+    kind: 'stream';
+    status: number;
+    app: string;
+    snap: string;
+    path: string;
+    filename: string;
+    contentType: string;
+    disposition: 'inline' | 'attachment';
+} | {
+    kind: 'redirect';
+    status: number;
+    location: string;
+};
+export declare function handle(req: ApiRequest, ctx: ApiContext): ApiResponse;