@meshxdata/fops 0.0.1

package/src/doctor.js

@@ -0,0 +1,487 @@
+import fs from "node:fs";
+import https from "node:https";
+import os from "node:os";
+import net from "node:net";
+import path from "node:path";
+import chalk from "chalk";
+import { execa } from "execa";
+import { rootDir } from "./project.js";
+import { detectEcrRegistry, detectAwsSsoProfiles, fixAwsSso, fixEcr } from "./setup/aws.js";
+import { confirm } from "./ui/index.js";
+
+const KEY_PORTS = {
+  5432: "Postgres",
+  9092: "Kafka",
+  9001: "Backend",
+  3002: "Frontend",
+  8081: "Trino",
+  9083: "Hive Metastore",
+  8181: "OPA",
+  18201: "Vault",
+};
+
+function header(title) {
+  console.log(chalk.bold.cyan(`\n  ${title}`));
+  console.log(chalk.gray("  " + "─".repeat(40)));
+}
+
+async function checkPort(port) {
+  return new Promise((resolve) => {
+    const srv = net.createServer();
+    srv.once("error", () => resolve(true)); // port in use
+    srv.once("listening", () => { srv.close(); resolve(false); });
+    srv.listen(port, "127.0.0.1");
+  });
+}
+
+async function cmdVersion(cmd, args = ["--version"]) {
+  try {
+    const { stdout } = await execa(cmd, args, { reject: false, timeout: 5000 });
+    return stdout?.split("\n")[0]?.trim() || null;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Parse ~/.netrc and return the password/token for a given machine, or null.
+ */
+function readNetrcToken(content, machine) {
+  // Handles both multi-line and single-line netrc formats
+  const lines = content.replace(/\r\n/g, "\n").split("\n");
+  let inMachine = false;
+  for (const line of lines) {
+    const tokens = line.trim().split(/\s+/);
+    for (let i = 0; i < tokens.length; i++) {
+      if (tokens[i] === "machine" && tokens[i + 1] === machine) {
+        inMachine = true;
+      } else if (tokens[i] === "machine" && tokens[i + 1] !== machine) {
+        if (inMachine) return null; // entered a different machine block
+      }
+      if (inMachine && tokens[i] === "password" && tokens[i + 1]) {
+        return tokens[i + 1];
+      }
+    }
+  }
+  return null;
+}
+
+/**
+ * Make an authenticated GitHub API GET request. Returns { status, body }.
+ */
+function ghApiGet(path, token) {
+  return new Promise((resolve) => {
+    const req = https.get(`https://api.github.com${path}`, {
+      headers: {
+        Authorization: `token ${token}`,
+        "User-Agent": "fops-doctor",
+        Accept: "application/vnd.github+json",
+      },
+      timeout: 5000,
+    }, (res) => {
+      let body = "";
+      res.on("data", (chunk) => { body += chunk; });
+      res.on("end", () => {
+        try { resolve({ status: res.statusCode, body: JSON.parse(body) }); }
+        catch { resolve({ status: res.statusCode, body: {} }); }
+      });
+    });
+    req.on("error", () => resolve({ status: 0, body: {} }));
+    req.on("timeout", () => { req.destroy(); resolve({ status: 0, body: {} }); });
+  });
+}
+
+export async function runDoctor(opts = {}, registry = null) {
+  const dir = rootDir() || null;
+  let passed = 0;
+  let warned = 0;
+  let failed = 0;
+
+  const fixes = []; // collect fix actions to run at the end
+
+  const ok = (name, detail) => {
+    console.log(chalk.green("  ✓ ") + name + (detail ? chalk.gray(` — ${detail}`) : ""));
+    passed++;
+  };
+  const warn = (name, detail) => {
+    console.log(chalk.yellow("  ⚠ ") + name + (detail ? chalk.gray(` — ${detail}`) : ""));
+    warned++;
+  };
+  const fail = (name, detail, fixFn) => {
+    console.log(chalk.red("  ✗ ") + name + (detail ? chalk.gray(` — ${detail}`) : ""));
+    failed++;
+    if (fixFn) fixes.push({ name, fn: fixFn });
+  };
+
+  // ── Prerequisites ──────────────────────────────────
+  header("Prerequisites");
+
+  // Docker
+  const dockerVer = await cmdVersion("docker");
+  if (dockerVer) {
+    // Check if daemon is actually running
+    try {
+      await execa("docker", ["info"], { timeout: 5000 });
+      ok("Docker running", dockerVer);
+    } catch {
+      fail("Docker daemon not running", "start Docker Desktop or dockerd");
+    }
+  } else {
+    fail("Docker not found", "install from docker.com");
+  }
+
+  // Git
+  const gitVer = await cmdVersion("git");
+  if (gitVer) ok("Git available", gitVer);
+  else fail("Git not found", "install git");
+
+  // Node.js version
+  const nodeVer = process.versions.node;
+  const nodeMajor = parseInt(nodeVer.split(".")[0], 10);
+  if (nodeMajor >= 18) ok(`Node.js v${nodeVer}`, ">=18 required");
+  else fail(`Node.js v${nodeVer}`, "upgrade to >=18");
+
+  // AWS CLI (optional)
+  const awsVer = await cmdVersion("aws");
+  if (awsVer) ok("AWS CLI", awsVer);
+  else warn("AWS CLI not found", "optional — needed for ECR login");
+
+  // ~/.netrc GitHub credentials (optional — validate against API + repo access)
+  const netrcPath = path.join(os.homedir(), ".netrc");
+  if (fs.existsSync(netrcPath)) {
+    try {
+      const content = fs.readFileSync(netrcPath, "utf8");
+      if (!content.includes("github.com")) {
+        warn("~/.netrc exists but no github.com entry");
+      } else {
+        const token = readNetrcToken(content, "github.com");
+        if (!token) {
+          warn("~/.netrc has github.com but no password/token");
+        } else {
+          const userRes = await ghApiGet("/user", token);
+          if (userRes.status !== 200) {
+            fail("~/.netrc GitHub token invalid or expired", "regenerate at github.com/settings/tokens");
+          } else {
+            const login = userRes.body.login || "authenticated";
+            ok("~/.netrc GitHub credentials", `authenticated as ${login}`);
+            const repoRes = await ghApiGet("/repos/meshxdata/foundation-compose", token);
+            if (repoRes.status === 200) {
+              ok("GitHub repo access", "meshxdata/foundation-compose readable");
+            } else if (repoRes.status === 404) {
+              fail("GitHub repo access", "meshxdata/foundation-compose not found — token may lack repo scope");
+            } else {
+              fail("GitHub repo access", `meshxdata/foundation-compose returned ${repoRes.status}`);
+            }
+          }
+        }
+      }
+    } catch {
+      warn("~/.netrc not readable");
+    }
+  } else {
+    warn("~/.netrc not found", "optional — used for private repo access");
+  }
+
+  // ~/.fops.json config (optional)
+  const fopsConfig = path.join(os.homedir(), ".fops.json");
+  if (fs.existsSync(fopsConfig)) ok("~/.fops.json config");
+  else warn("~/.fops.json not found", "optional — run fops init to create");
+
+  // ── AWS / ECR ──────────────────────────────────────
+  header("AWS / ECR");
+
+  const awsConfigPath = path.join(os.homedir(), ".aws", "config");
+  let awsSessionValid = false;
+
+  if (fs.existsSync(awsConfigPath)) {
+    ok("~/.aws/config exists");
+
+    // Check for SSO session — use detected profile
+    const ssoProfiles = awsVer ? detectAwsSsoProfiles() : [];
+    const defaultProfile = ssoProfiles[0];
+
+    if (awsVer) {
+      const profileArgs = defaultProfile ? ["--profile", defaultProfile.name] : [];
+      try {
+        const { stdout } = await execa("aws", ["sts", "get-caller-identity", "--output", "json", ...profileArgs], {
+          timeout: 10000, reject: false,
+        });
+        if (stdout && stdout.includes("Account")) {
+          ok("AWS SSO session valid");
+          awsSessionValid = true;
+        } else {
+          fail("AWS SSO session expired or invalid", "run: aws sso login", fixAwsSso);
+        }
+      } catch {
+        fail("AWS SSO session check failed", "run: aws sso login", fixAwsSso);
+      }
+    }
+  } else {
+    warn("~/.aws/config not found", "optional — needed for ECR");
+  }
+
+  // Validate ECR access if project references ECR images
+  const ecrInfo = dir ? detectEcrRegistry(dir) : null;
+  if (ecrInfo) {
+    const ecrUrl = `${ecrInfo.accountId}.dkr.ecr.${ecrInfo.region}.amazonaws.com`;
+    if (!awsSessionValid) {
+      fail(`ECR registry ${ecrUrl}`, "fix AWS session first", () => fixEcr(ecrInfo));
+    } else {
+      // Check we can get an ECR login password (same call the actual login uses)
+      const ssoProfiles = detectAwsSsoProfiles();
+      const ecrProfile = ssoProfiles.find((p) => p.region === ecrInfo.region) || ssoProfiles[0];
+      const ecrProfileArgs = ecrProfile ? ["--profile", ecrProfile.name] : [];
+      try {
+        const { stdout, exitCode } = await execa("aws", [
+          "ecr", "get-login-password", "--region", ecrInfo.region, ...ecrProfileArgs,
+        ], { timeout: 10000, reject: false });
+        if (exitCode === 0 && stdout?.trim()) {
+          ok(`ECR registry accessible`, ecrUrl);
+        } else {
+          fail(`ECR registry not accessible`, `${ecrUrl} — run: fops doctor --fix`, () => fixEcr(ecrInfo));
+        }
+      } catch {
+        fail(`ECR registry check failed`, ecrUrl, () => fixEcr(ecrInfo));
+      }
+    }
+  } else if (dir) {
+    warn("No ECR images detected in docker-compose.yaml", "skipping ECR check");
+  }
+
+  // ── Project ────────────────────────────────────────
+  header("Project");
+
+  if (dir) {
+    // .env — only report if missing (the CLI creates it automatically)
+    const envPath = path.join(dir, ".env");
+    const envExample = path.join(dir, ".env.example");
+    if (!fs.existsSync(envPath)) {
+      if (opts.fix && fs.existsSync(envExample)) {
+        fs.copyFileSync(envExample, envPath);
+        ok(".env created from .env.example", "--fix applied");
+      } else {
+        fail(".env missing", fs.existsSync(envExample) ? "run: cp .env.example .env" : "create .env");
+      }
+    }
+  } else {
+    fail("No Foundation project found", "run: fops init", async () => {
+      console.log(chalk.cyan("  ▶ fops init"));
+      const { runInitWizard } = await import("./setup/index.js");
+      await runInitWizard();
+    });
+  }
+
+  // ── Docker Resources ───────────────────────────────
+  if (dockerVer) {
+    header("Docker Resources");
+
+    // CPU check
+    try {
+      const { stdout: cpuOut } = await execa("docker", ["info", "--format", "{{.NCPU}}"], {
+        timeout: 5000, reject: false,
+      });
+      if (cpuOut) {
+        const cpus = parseInt(cpuOut.trim(), 10);
+        if (cpus >= 4) ok(`Docker CPUs: ${cpus}`);
+        else warn(`Docker CPUs: ${cpus}`, "recommend 4+ for full stack");
+      }
+    } catch {}
+
+    // Memory check
+    try {
+      const { stdout } = await execa("docker", ["info", "--format", "{{.MemTotal}}"], {
+        timeout: 5000, reject: false,
+      });
+      if (stdout) {
+        const bytes = parseInt(stdout.trim(), 10);
+        const gb = (bytes / (1024 ** 3)).toFixed(1);
+        if (bytes >= 7.5 * (1024 ** 3)) {
+          ok(`Docker memory: ${gb} GB`);
+        } else {
+          warn(`Docker memory: ${gb} GB`, "recommend 8 GB+ for full stack");
+        }
+      }
+    } catch {}
+
+    // Docker disk usage (images + containers + volumes + build cache)
+    try {
+      const { stdout: dfOut } = await execa("docker", ["system", "df", "--format", "{{.Size}}"], {
+        timeout: 10000, reject: false,
+      });
+      if (dfOut?.trim()) {
+        const sizes = dfOut.trim().split("\n").filter(Boolean);
+        ok(`Docker disk used`, sizes.join(" + "));
+      }
+    } catch {}
+
+    // Host disk available
+    try {
+      const { stdout: dfHost } = await execa("df", ["-h", "/"], {
+        timeout: 5000, reject: false,
+      });
+      if (dfHost) {
+        const lines = dfHost.trim().split("\n");
+        if (lines.length >= 2) {
+          const cols = lines[lines.length - 1].split(/\s+/);
+          const size = cols[1];
+          const avail = cols[3];
+          const pct = parseInt(cols[4], 10);
+          if (pct >= 90) fail(`Host disk: ${avail} free of ${size}`, "critically low — Docker needs room");
+          else if (pct >= 80) warn(`Host disk: ${avail} free of ${size}`, "getting low");
+          else ok(`Host disk: ${avail} free of ${size}`);
+        }
+      }
+    } catch {}
+
+    // Port conflicts
+    header("Ports");
+    for (const [port, service] of Object.entries(KEY_PORTS)) {
+      const inUse = await checkPort(parseInt(port, 10));
+      if (inUse) {
+        // If project containers are running, ports in use is expected
+        if (dir) ok(`:${port} ${service} — in use`);
+        else warn(`:${port} ${service} — in use`, "potential conflict");
+      } else {
+        ok(`:${port} ${service} — available`);
+      }
+    }
+  }
+
+  // ── Services ───────────────────────────────────────
+  if (dir && dockerVer) {
+    header("Services");
+
+    try {
+      const { stdout } = await execa("docker", ["compose", "ps", "--format", "json"], {
+        cwd: dir, reject: false, timeout: 10000,
+      });
+      if (stdout && stdout.trim()) {
+        const lines = stdout.trim().split("\n").filter(Boolean);
+        let anyService = false;
+        for (const line of lines) {
+          try {
+            const svc = JSON.parse(line);
+            const name = svc.Name || svc.name || "?";
+            const state = svc.State || svc.state || "?";
+            const health = svc.Health || svc.health || "";
+            anyService = true;
+
+            if (state === "running" && (!health || health === "healthy")) {
+              ok(name, state + (health ? ` (${health})` : ""));
+            } else if (state === "running" && health === "unhealthy") {
+              warn(name, `${state} (${health})`);
+            } else {
+              fail(name, state + (health ? ` (${health})` : ""));
+            }
+          } catch {
+            // skip unparseable line
+          }
+        }
+        if (!anyService) warn("No containers found", "run: fops up");
+      } else {
+        warn("No containers running", "run: fops up");
+      }
+    } catch {
+      warn("Could not check containers", "Docker Compose error");
+    }
+  }
+
+  // ── Images ──────────────────────────────────────────
+  if (dir && dockerVer) {
+    header("Images");
+    const STALE_DAYS = 7;
+
+    try {
+      const { stdout: imgOut } = await execa("docker", [
+        "compose", "images", "--format", "json",
+      ], { cwd: dir, reject: false, timeout: 10000 });
+
+      if (imgOut?.trim()) {
+        const stale = [];
+        const lines = imgOut.trim().split("\n").filter(Boolean);
+        for (const line of lines) {
+          try {
+            const img = JSON.parse(line);
+            const repo = img.Repository || img.repository || "";
+            const tag = img.Tag || img.tag || "";
+            const id = img.ID || img.id || "";
+            if (!id) continue;
+
+            // Inspect for creation date
+            const { stdout: inspectOut } = await execa("docker", [
+              "image", "inspect", id, "--format", "{{.Created}}",
+            ], { reject: false, timeout: 5000 });
+
+            if (inspectOut?.trim()) {
+              const created = new Date(inspectOut.trim());
+              const ageDays = Math.floor((Date.now() - created.getTime()) / (1000 * 60 * 60 * 24));
+              const name = `${repo}:${tag}`.replace(/^:/, "").replace(/:$/, "") || id.slice(0, 12);
+
+              if (ageDays > STALE_DAYS) {
+                warn(name, `${ageDays}d old — consider rebuilding`);
+                stale.push(name);
+              } else {
+                ok(name, ageDays === 0 ? "today" : `${ageDays}d ago`);
+              }
+            }
+          } catch {}
+        }
+
+        if (stale.length > 0) {
+          fixes.push({
+            name: `Rebuild ${stale.length} stale image(s)`,
+            fn: async () => {
+              console.log(chalk.cyan("  ▶ docker compose build --pull"));
+              await execa("docker", ["compose", "build", "--pull"], {
+                cwd: dir, stdio: "inherit", reject: false, timeout: 600_000,
+              });
+            },
+          });
+        }
+      }
+    } catch {}
+  }
+
+  // ── Plugins ─────────────────────────────────────────
+  if (registry && registry.doctorChecks.length > 0) {
+    header("Plugins");
+    for (const check of registry.doctorChecks) {
+      await check.fn(ok, warn, fail);
+    }
+  }
+
+  // ── Summary ────────────────────────────────────────
+  console.log(chalk.gray("\n  " + "─".repeat(40)));
+  const parts = [];
+  if (passed) parts.push(chalk.green(`${passed} passed`));
+  if (warned) parts.push(chalk.yellow(`${warned} warnings`));
+  if (failed) parts.push(chalk.red(`${failed} failed`));
+  console.log("  " + parts.join(chalk.gray(" · ")));
+
+  if (failed > 0 && fixes.length > 0) {
+    const shouldFix = opts.fix || await confirm(`\n  Fix ${fixes.length} issue(s) automatically?`, true);
+    if (shouldFix) {
+      console.log("");
+      for (const fix of fixes) {
+        try {
+          console.log(chalk.bold(`  Fixing: ${fix.name}`));
+          await fix.fn();
+          console.log(chalk.green("  ✓ Fixed\n"));
+        } catch (err) {
+          console.log(chalk.red(`  ✗ Fix failed: ${err.message}\n`));
+        }
+      }
+      console.log(chalk.gray("  Run fops doctor again to verify.\n"));
+    } else {
+      console.log("");
+      process.exit(1);
+    }
+  } else if (failed > 0) {
+    console.log(chalk.yellow("\n  No automatic fix available. Resolve the issues above manually.\n"));
+    process.exit(1);
+  } else if (warned > 0) {
+    console.log(chalk.green("\n  Looking good. Warnings are optional.\n"));
+  } else {
+    console.log(chalk.green("\n  All systems operational. Run: fops up\n"));
+  }
+}

package/src/doctor.test.js

@@ -0,0 +1,134 @@
+import { describe, it, expect } from "vitest";
+import fs from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const doctorSource = fs.readFileSync(path.join(__dirname, "doctor.js"), "utf8");
+
+// readNetrcToken is not exported, so we inline a copy for testing
+function readNetrcToken(content, machine) {
+  const lines = content.replace(/\r\n/g, "\n").split("\n");
+  let inMachine = false;
+  for (const line of lines) {
+    const tokens = line.trim().split(/\s+/);
+    for (let i = 0; i < tokens.length; i++) {
+      if (tokens[i] === "machine" && tokens[i + 1] === machine) {
+        inMachine = true;
+      } else if (tokens[i] === "machine" && tokens[i + 1] !== machine) {
+        if (inMachine) return null;
+      }
+      if (inMachine && tokens[i] === "password" && tokens[i + 1]) {
+        return tokens[i + 1];
+      }
+    }
+  }
+  return null;
+}
+
+describe("doctor", () => {
+  describe("readNetrcToken", () => {
+    it("returns token for multi-line netrc", () => {
+      const content = `machine github.com\nlogin user\npassword ghp_abc123\n`;
+      expect(readNetrcToken(content, "github.com")).toBe("ghp_abc123");
+    });
+
+    it("returns token for single-line netrc", () => {
+      const content = `machine github.com login user password ghp_abc123`;
+      expect(readNetrcToken(content, "github.com")).toBe("ghp_abc123");
+    });
+
+    it("returns null for wrong machine", () => {
+      const content = `machine gitlab.com\nlogin user\npassword glpat_xyz\n`;
+      expect(readNetrcToken(content, "github.com")).toBe(null);
+    });
+
+    it("returns null for missing password", () => {
+      const content = `machine github.com\nlogin user\n`;
+      expect(readNetrcToken(content, "github.com")).toBe(null);
+    });
+
+    it("handles multiple machines", () => {
+      const content = [
+        "machine gitlab.com login a password glpat_xyz",
+        "machine github.com login b password ghp_123",
+      ].join("\n");
+      expect(readNetrcToken(content, "github.com")).toBe("ghp_123");
+      expect(readNetrcToken(content, "gitlab.com")).toBe("glpat_xyz");
+    });
+
+    it("stops at next machine block", () => {
+      const content = [
+        "machine github.com",
+        "login user",
+        "machine other.com",
+        "password secret",
+      ].join("\n");
+      expect(readNetrcToken(content, "github.com")).toBe(null);
+    });
+
+    it("handles windows line endings", () => {
+      const content = "machine github.com\r\nlogin user\r\npassword ghp_win\r\n";
+      expect(readNetrcToken(content, "github.com")).toBe("ghp_win");
+    });
+
+    it("handles empty content", () => {
+      expect(readNetrcToken("", "github.com")).toBe(null);
+    });
+
+    it("handles whitespace-only content", () => {
+      expect(readNetrcToken("   \n  \n  ", "github.com")).toBe(null);
+    });
+
+    it("handles machine with no following tokens", () => {
+      const content = "machine\ngithub.com\npassword ghp_123";
+      // "machine" without immediate next token matching
+      expect(readNetrcToken(content, "github.com")).toBe(null);
+    });
+
+    it("handles mixed multi-line and single-line entries", () => {
+      const content = [
+        "machine gitlab.com login gl password glpat_abc",
+        "",
+        "machine github.com",
+        "login gh",
+        "password ghp_xyz",
+      ].join("\n");
+      expect(readNetrcToken(content, "github.com")).toBe("ghp_xyz");
+      expect(readNetrcToken(content, "gitlab.com")).toBe("glpat_abc");
+    });
+
+    it("returns first password for a machine", () => {
+      const content = "machine github.com login user password first_token";
+      expect(readNetrcToken(content, "github.com")).toBe("first_token");
+    });
+  });
+
+  describe("KEY_PORTS", () => {
+    it("defines all expected ports", () => {
+      expect(doctorSource).toContain("5432");
+      expect(doctorSource).toContain("Postgres");
+      expect(doctorSource).toContain("9092");
+      expect(doctorSource).toContain("Kafka");
+      expect(doctorSource).toContain("9001");
+      expect(doctorSource).toContain("Backend");
+      expect(doctorSource).toContain("3002");
+      expect(doctorSource).toContain("Frontend");
+      expect(doctorSource).toContain("8081");
+      expect(doctorSource).toContain("Trino");
+      expect(doctorSource).toContain("9083");
+      expect(doctorSource).toContain("Hive Metastore");
+      expect(doctorSource).toContain("8181");
+      expect(doctorSource).toContain("OPA");
+      expect(doctorSource).toContain("18201");
+      expect(doctorSource).toContain("Vault");
+    });
+  });
+
+  describe("runDoctor export", () => {
+    it("is exported as a function", async () => {
+      const { runDoctor } = await import("./doctor.js");
+      expect(typeof runDoctor).toBe("function");
+    });
+  });
+});

package/src/plugins/api.js

@@ -0,0 +1,37 @@
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+
+/**
+ * FopsPluginApi — the single API surface passed to each plugin's register() function.
+ */
+export function createPluginApi(pluginId, registry) {
+  // Load plugin-specific config from ~/.fops.json → plugins.entries.<id>.config
+  let config = {};
+  try {
+    const fopsConfig = path.join(os.homedir(), ".fops.json");
+    if (fs.existsSync(fopsConfig)) {
+      const raw = JSON.parse(fs.readFileSync(fopsConfig, "utf8"));
+      config = raw?.plugins?.entries?.[pluginId]?.config || {};
+    }
+  } catch {
+    // ignore parse errors
+  }
+
+  return {
+    id: pluginId,
+    config,
+
+    registerCommand(spec) {
+      registry.commands.push({ pluginId, spec });
+    },
+
+    registerDoctorCheck(check) {
+      registry.doctorChecks.push({ pluginId, name: check.name, fn: check.fn });
+    },
+
+    registerHook(event, handler, priority = 0) {
+      registry.hooks.push({ pluginId, event, handler, priority });
+    },
+  };
+}