npm - @occam-scaly/scaly-cli - Versions diffs - 0.2.8 → 0.2.9 - Mend

@occam-scaly/scaly-cli 0.2.8 → 0.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/bin/scaly.js CHANGED Viewed

@@ -68,6 +68,15 @@ Usage:
   scaly auth status [--json]
   scaly auth logout [--json]
+  scaly doctor [--json] [--env-file .env] [--require KEY1,KEY2] [--db-host 127.0.0.1] [--db-port 5432] [--storage-addon <id>] [--storage-prefix <prefix>]
+  scaly user-groups list [--account <accountId>] [--json]
+  scaly user-groups members --name <group> [--account <accountId>] [--json]
+  scaly user-groups create --name <group> [--description <text>] [--account <accountId>] [--json]
+  scaly user-groups delete --name <group> [--yes] [--account <accountId>] [--json]
+  scaly user-groups add --name <group> <email...> [--emails a,b] [--account <accountId>] [--json]
+  scaly user-groups remove --name <group> <email...> [--emails a,b] [--account <accountId>] [--json]
   scaly secrets list --app <appId> [--json]
   scaly secrets set  --app <appId> --name <KEY> [--from-env ENV] [--stdin] [--json]
   scaly secrets delete --app <appId> (--name <KEY> | --id <secretId>) [--yes] [--json]
@@ -132,6 +141,14 @@ function main(argv) {
     return runAuth(sub, flags).then((code) => process.exit(code));
   }
+  if (cmd === 'doctor') {
+    return runDoctor(args.slice(1)).then((code) => process.exit(code));
+  }
+  if (cmd === 'user-groups') {
+    return runUserGroups(sub, rest).then((code) => process.exit(code));
+  }
   if (cmd === 'secrets') {
     return runSecrets(sub, rest).then((code) => process.exit(code));
   }
@@ -2610,6 +2627,225 @@ async function runSecrets(sub, rest) {
   return 2;
 }
+// -------------------------
+// User Groups (account-scoped)
+// -------------------------
+async function runUserGroups(sub, rest) {
+  const action = String(sub || '')
+    .trim()
+    .toLowerCase();
+  const f = parseKv(rest);
+  const json = parseBool(f.json, false);
+  const accountId = await require('../lib/scaly-user-groups').resolveAccountId(
+    f.account || f['account-id'] || f.account_id
+  );
+  if (!accountId) {
+    const msg =
+      'Unable to infer account id. Pass --account <accountId> (or ensure you have accessible stacks).';
+    if (json)
+      console.log(JSON.stringify({ ok: false, error: { message: msg } }));
+    else console.error(msg);
+    return 2;
+  }
+  const groups = require('../lib/scaly-user-groups');
+  try {
+    if (!action || action === 'list') {
+      const res = await groups.listGroups({ accountId });
+      const out = {
+        ok: true,
+        account_id: accountId,
+        user_groups: { addon_id: res.pool.id, name: res.pool.name },
+        groups: (res.groups || []).map((g) => ({
+          name: g.name,
+          description: g.description || null
+        }))
+      };
+      if (json) console.log(JSON.stringify(out));
+      else out.groups.forEach((g) => console.log(g.name));
+      return 0;
+    }
+    if (action === 'members') {
+      const name = f.name || (f._ && f._[0]);
+      if (!name) {
+        const msg = '--name <group> is required';
+        if (json)
+          console.log(JSON.stringify({ ok: false, error: { message: msg } }));
+        else console.error(msg);
+        return 2;
+      }
+      const res = await groups.listGroupMembers({ accountId, name });
+      const out = {
+        ok: true,
+        account_id: accountId,
+        group: { name, description: res.group.description || null },
+        members: (res.members || []).map((u) => ({
+          email: u.email,
+          name: u.name,
+          status: u.status || null,
+          enabled: typeof u.enabled === 'boolean' ? u.enabled : null
+        }))
+      };
+      if (json) console.log(JSON.stringify(out));
+      else out.members.forEach((u) => console.log(u.email));
+      return 0;
+    }
+    if (action === 'create') {
+      const name = f.name || (f._ && f._[0]);
+      if (!name) {
+        const msg = '--name <group> is required';
+        if (json)
+          console.log(JSON.stringify({ ok: false, error: { message: msg } }));
+        else console.error(msg);
+        return 2;
+      }
+      const res = await groups.createGroup({
+        accountId,
+        name,
+        description: f.description || null
+      });
+      const out = {
+        ok: true,
+        account_id: accountId,
+        user_groups: { addon_id: res.pool.id, name: res.pool.name },
+        created: res.created
+      };
+      if (json) console.log(JSON.stringify(out));
+      else console.log(`Created group: ${name}`);
+      return 0;
+    }
+    if (action === 'delete') {
+      const name = f.name || (f._ && f._[0]);
+      const yes = parseBool(f.yes, false);
+      if (!name) {
+        const msg = '--name <group> is required';
+        if (json)
+          console.log(JSON.stringify({ ok: false, error: { message: msg } }));
+        else console.error(msg);
+        return 2;
+      }
+      if (!yes) {
+        const msg = 'Refusing to delete group without --yes';
+        if (json)
+          console.log(JSON.stringify({ ok: false, error: { message: msg } }));
+        else console.error(msg);
+        return 2;
+      }
+      const res = await groups.deleteGroup({ accountId, name });
+      const out = {
+        ok: true,
+        account_id: accountId,
+        deleted: true,
+        count: res.result ? res.result.count : null
+      };
+      if (json) console.log(JSON.stringify(out));
+      else console.log(`Deleted group: ${name}`);
+      return 0;
+    }
+    if (action === 'add' || action === 'remove') {
+      const name = f.name || (f._ && f._[0]);
+      if (!name) {
+        const msg = '--name <group> is required';
+        if (json)
+          console.log(JSON.stringify({ ok: false, error: { message: msg } }));
+        else console.error(msg);
+        return 2;
+      }
+      const rawEmails = []
+        .concat(f.emails ? String(f.emails).split(',') : [])
+        .concat(f.email ? [String(f.email)] : [])
+        .concat(Array.isArray(f._) ? f._.slice(1) : []);
+      const emails = rawEmails.map((e) => String(e).trim()).filter(Boolean);
+      if (!emails.length) {
+        const msg =
+          'At least one email is required (positional args or --emails a,b)';
+        if (json)
+          console.log(JSON.stringify({ ok: false, error: { message: msg } }));
+        else console.error(msg);
+        return 2;
+      }
+      const res =
+        action === 'add'
+          ? await groups.addUsers({ accountId, name, emails })
+          : await groups.removeUsers({ accountId, name, emails });
+      const out = {
+        ok: true,
+        account_id: accountId,
+        group: name,
+        emails,
+        count: res.result ? res.result.count : null
+      };
+      if (json) console.log(JSON.stringify(out));
+      else
+        console.log(
+          `${action === 'add' ? 'Added' : 'Removed'} ${emails.length} user(s).`
+        );
+      return 0;
+    }
+    const msg = `Unknown user-groups command: ${action}`;
+    if (json)
+      console.log(JSON.stringify({ ok: false, error: { message: msg } }));
+    else console.error(msg);
+    return 2;
+  } catch (e) {
+    const msg = String((e && e.message) || e);
+    if (json)
+      console.log(
+        JSON.stringify({
+          ok: false,
+          error: { message: msg, code: e && e.code ? e.code : null }
+        })
+      );
+    else console.error(msg);
+    return 2;
+  }
+}
+// -------------------------
+// Doctor (local checklist)
+// -------------------------
+async function runDoctor(rest) {
+  const f = parseKv(rest);
+  const json = parseBool(f.json, false);
+  const required =
+    f.require && typeof f.require === 'string'
+      ? f.require
+          .split(',')
+          .map((s) => s.trim())
+          .filter(Boolean)
+      : [];
+  const { runDoctor: doctor } = require('../lib/scaly-doctor');
+  const res = await doctor({
+    envFile: f['env-file'] || f.env_file || '.env',
+    requiredEnvVars: required,
+    dbHost: f['db-host'] || f.db_host || '127.0.0.1',
+    dbPort:
+      f['db-port'] !== undefined ? Number(f['db-port'] || f.db_port) : null,
+    storageAddonId: f['storage-addon'] || f.storage_addon || null,
+    storagePrefix: f['storage-prefix'] || f.storage_prefix || null
+  });
+  if (json) {
+    console.log(JSON.stringify(res));
+  } else {
+    for (const c of res.checks) {
+      const status = c.ok ? 'OK' : 'FAIL';
+      console.log(`[doctor] ${status} ${c.name}`);
+      if (c.hint) console.log(`         ${c.hint}`);
+    }
+  }
+  return res.ok ? 0 : 1;
+}
 // -------------------------
 // DB tunnel: localhost port-forward via WSS
 // -------------------------

package/lib/scaly-api.js CHANGED Viewed

@@ -307,6 +307,26 @@ const QUERIES = {
         minIdle
       }
     }
+  `,
+  listGroups: `
+    query ListGroups($where: AddOnWhereUniqueInput!) {
+      listGroups(where: $where) { name description }
+    }
+  `,
+  listGroupsWithUsers: `
+    query ListGroupsWithUsers($where: AddOnWhereUniqueInput!) {
+      listGroups(where: $where) { name description users { email name status enabled } }
+    }
+  `,
+  listBucketObjects: `
+    query ListBucketObjects($where: AddOnWhereUniqueInput!, $prefix: String, $pageSize: Int) {
+      listBucketObjects(where: $where, prefix: $prefix, pageSize: $pageSize) {
+        bucket
+        prefix
+        nextCursor
+        objects { key size lastModified }
+      }
+    }
   `
 };
@@ -335,6 +355,26 @@ const MUTATIONS = {
     mutation CreateAddOn($data: AddOnCreateInput!) {
       createAddOn(data: $data) { id name type accountId status }
     }
+  `,
+  createUserGroups: `
+    mutation CreateUserGroups($where: AddOnWhereUniqueInput!, $data: [CognitoUserGroupInput!]!) {
+      createUserGroups(where: $where, data: $data) { name description }
+    }
+  `,
+  deleteUserGroups: `
+    mutation DeleteUserGroups($where: AddOnWhereUniqueInput!, $groups: [String!]!) {
+      deleteUserGroups(where: $where, groups: $groups) { count }
+    }
+  `,
+  addUsersToGroups: `
+    mutation AddUsersToGroups($where: AddOnWhereUniqueInput!, $emails: [String!]!, $groups: [String!]!) {
+      addUsersToGroups(where: $where, emails: $emails, groups: $groups) { count }
+    }
+  `,
+  removeUsersFromGroups: `
+    mutation RemoveUsersFromGroups($where: AddOnWhereUniqueInput!, $emails: [String!]!, $groups: [String!]!) {
+      removeUsersFromGroups(where: $where, emails: $emails, groups: $groups) { count }
+    }
   `
 };
@@ -384,6 +424,57 @@ async function listAddOnsByType({ accountId, type, take = 10 }) {
   return data?.listAddOns || [];
 }
+async function listGroups({ addonId, includeUsers = false }) {
+  const data = await graphqlRequest(
+    includeUsers ? QUERIES.listGroupsWithUsers : QUERIES.listGroups,
+    { where: { id: addonId } }
+  );
+  return data?.listGroups || [];
+}
+async function createUserGroup({ addonId, name, description }) {
+  const data = await graphqlRequest(MUTATIONS.createUserGroups, {
+    where: { id: addonId },
+    data: [{ name, description: description || null }]
+  });
+  return (data?.createUserGroups || [])[0] || null;
+}
+async function deleteUserGroup({ addonId, name }) {
+  const data = await graphqlRequest(MUTATIONS.deleteUserGroups, {
+    where: { id: addonId },
+    groups: [name]
+  });
+  return data?.deleteUserGroups || null;
+}
+async function addUsersToGroup({ addonId, name, emails }) {
+  const data = await graphqlRequest(MUTATIONS.addUsersToGroups, {
+    where: { id: addonId },
+    emails,
+    groups: [name]
+  });
+  return data?.addUsersToGroups || null;
+}
+async function removeUsersFromGroup({ addonId, name, emails }) {
+  const data = await graphqlRequest(MUTATIONS.removeUsersFromGroups, {
+    where: { id: addonId },
+    emails,
+    groups: [name]
+  });
+  return data?.removeUsersFromGroups || null;
+}
+async function listBucketObjects({ addonId, prefix, pageSize = 1 }) {
+  const data = await graphqlRequest(QUERIES.listBucketObjects, {
+    where: { id: addonId },
+    prefix: prefix || null,
+    pageSize
+  });
+  return data?.listBucketObjects || null;
+}
 async function createStack({
   accountId,
   name,
@@ -503,6 +594,12 @@ module.exports = {
   listAddOnsByType,
   listStacks,
   listApps,
+  listGroups,
+  createUserGroup,
+  deleteUserGroup,
+  addUsersToGroup,
+  removeUsersFromGroup,
+  listBucketObjects,
   createStack,
   updateStack,
   createApp,

package/lib/scaly-doctor.js ADDED Viewed

@@ -0,0 +1,211 @@
+'use strict';
+const fs = require('fs');
+const net = require('net');
+const path = require('path');
+const api = require('./scaly-api');
+const { normalizeStage, readAuthStore } = require('./scaly-auth');
+function parseEnvKeys(text) {
+  const out = new Set();
+  for (const rawLine of String(text || '').split('\n')) {
+    const line = rawLine.trim();
+    if (!line || line.startsWith('#')) continue;
+    const idx = line.indexOf('=');
+    if (idx <= 0) continue;
+    out.add(line.slice(0, idx).trim());
+  }
+  return out;
+}
+function tcpCheck(host, port, timeoutMs = 1000) {
+  return new Promise((resolve) => {
+    const socket = net.createConnection({ host, port });
+    const done = (ok) => {
+      try {
+        socket.destroy();
+      } catch {}
+      resolve(ok);
+    };
+    socket.setTimeout(timeoutMs);
+    socket.once('connect', () => done(true));
+    socket.once('timeout', () => done(false));
+    socket.once('error', () => done(false));
+  });
+}
+async function runDoctor({
+  envFile = '.env',
+  requiredEnvVars = [],
+  dbHost = '127.0.0.1',
+  dbPort = null,
+  storageAddonId = null,
+  storagePrefix = null
+} = {}) {
+  const checks = [];
+  // Auth store / token
+  const found = readAuthStore();
+  const session = found && found.session ? found.session : null;
+  const stage = normalizeStage(
+    (session && session.stage) || process.env.SCALY_STAGE || 'prod'
+  );
+  const expMs =
+    session && typeof session.expires_at === 'number'
+      ? session.expires_at
+      : null;
+  const authenticated = Boolean(session && session.access_token);
+  const expired = Boolean(expMs && expMs <= Date.now());
+  checks.push({
+    name: 'auth',
+    ok: authenticated && !expired,
+    details: {
+      authenticated,
+      stage: session ? session.stage || stage : stage,
+      expires_in_seconds: expMs
+        ? Math.max(0, Math.floor((expMs - Date.now()) / 1000))
+        : null,
+      store_path: found ? found.path : null
+    },
+    hint: !authenticated
+      ? 'Run `scaly auth login`.'
+      : expired
+        ? `Run \`scaly auth login --stage ${stage}\`.`
+        : null
+  });
+  // API reachability
+  if (!process.env.SCALY_API_KEY) {
+    checks.push({
+      name: 'api',
+      ok: false,
+      details: { skipped: true },
+      hint: 'Set SCALY_API_KEY to verify API reachability.'
+    });
+  } else {
+    try {
+      const startedAt = Date.now();
+      await api.listStacks({ take: 1 });
+      checks.push({
+        name: 'api',
+        ok: true,
+        details: {
+          endpoint: api.resolveApiEndpoint(),
+          latency_ms: Date.now() - startedAt
+        }
+      });
+    } catch (e) {
+      checks.push({
+        name: 'api',
+        ok: false,
+        details: {
+          endpoint: api.resolveApiEndpoint(),
+          error: String((e && e.message) || e)
+        },
+        hint: 'Verify SCALY_API_KEY / SCALY_STAGE and confirm the API is reachable.'
+      });
+    }
+  }
+  // .env key checklist (optional)
+  if (Array.isArray(requiredEnvVars) && requiredEnvVars.length > 0) {
+    try {
+      const abs = path.resolve(envFile);
+      if (!fs.existsSync(abs)) {
+        checks.push({
+          name: 'env',
+          ok: false,
+          details: {
+            env_file: envFile,
+            missing_file: true,
+            required: requiredEnvVars
+          },
+          hint: `Create ${envFile} (or pass --env-file <path>).`
+        });
+      } else {
+        const keys = parseEnvKeys(fs.readFileSync(abs, 'utf8'));
+        const missing = requiredEnvVars.filter((k) => !keys.has(k));
+        checks.push({
+          name: 'env',
+          ok: missing.length === 0,
+          details: { env_file: envFile, required: requiredEnvVars, missing },
+          hint: missing.length
+            ? `Add missing keys to ${envFile} (values are not shown).`
+            : null
+        });
+      }
+    } catch (e) {
+      checks.push({
+        name: 'env',
+        ok: false,
+        details: { env_file: envFile, error: String((e && e.message) || e) }
+      });
+    }
+  }
+  // DB tunnel port check (optional)
+  if (typeof dbPort === 'number') {
+    const okTcp = await tcpCheck(dbHost, dbPort, 1000);
+    checks.push({
+      name: 'db_tunnel',
+      ok: okTcp,
+      details: { host: dbHost, port: dbPort },
+      hint: okTcp ? null : 'Start a DB tunnel (CLI or MCP) and retry.'
+    });
+  }
+  // Storage access check (optional)
+  if (storageAddonId) {
+    if (!process.env.SCALY_API_KEY) {
+      checks.push({
+        name: 'storage',
+        ok: false,
+        details: { addon_id: storageAddonId, skipped: true },
+        hint: 'Set SCALY_API_KEY and run `scaly auth login` to verify storage access.'
+      });
+    } else if (!authenticated || expired) {
+      checks.push({
+        name: 'storage',
+        ok: false,
+        details: { addon_id: storageAddonId, skipped: true },
+        hint: `Run \`scaly auth login --stage ${stage}\` to enable storage checks.`
+      });
+    } else {
+      try {
+        const startedAt = Date.now();
+        const res = await api.listBucketObjects({
+          addonId: storageAddonId,
+          prefix: storagePrefix,
+          pageSize: 1
+        });
+        checks.push({
+          name: 'storage',
+          ok: true,
+          details: {
+            addon_id: storageAddonId,
+            bucket: res ? res.bucket : null,
+            prefix: storagePrefix,
+            latency_ms: Date.now() - startedAt
+          }
+        });
+      } catch (e) {
+        checks.push({
+          name: 'storage',
+          ok: false,
+          details: {
+            addon_id: storageAddonId,
+            error: String((e && e.message) || e)
+          },
+          hint: 'Verify storage add-on id and that your session token is valid.'
+        });
+      }
+    }
+  }
+  const ok = checks.every((c) => c.ok !== false);
+  return { ok, checks };
+}
+module.exports = { runDoctor };

package/lib/scaly-user-groups.js ADDED Viewed

@@ -0,0 +1,97 @@
+'use strict';
+const api = require('./scaly-api');
+async function resolveAccountId(explicit) {
+  if (explicit) return explicit;
+  const stacks = await api.listStacks({ take: 1 });
+  return stacks && stacks[0] ? stacks[0].accountId : null;
+}
+async function getAccountUserGroupsAddOn(accountId) {
+  const pools = await api.listAddOnsByType({
+    accountId,
+    type: 'COGNITO',
+    take: 5
+  });
+  if (!pools || pools.length === 0) {
+    const e = new Error(
+      'User Groups is not provisioned for this account. Contact support to repair this account.'
+    );
+    e.code = 'COGNITO_POOL_MISSING';
+    throw e;
+  }
+  if (pools.length > 1) {
+    const e = new Error(
+      'Multiple User Groups pools exist in this account. Contact support to repair this account before continuing.'
+    );
+    e.code = 'COGNITO_POOL_DUPLICATE';
+    e.details = { pools };
+    throw e;
+  }
+  return pools[0];
+}
+async function listGroups({ accountId }) {
+  const pool = await getAccountUserGroupsAddOn(accountId);
+  const groups = await api.listGroups({
+    addonId: pool.id,
+    includeUsers: false
+  });
+  return { pool, groups };
+}
+async function listGroupMembers({ accountId, name }) {
+  const pool = await getAccountUserGroupsAddOn(accountId);
+  const groups = await api.listGroups({ addonId: pool.id, includeUsers: true });
+  const g = (groups || []).find((x) => x && x.name === name) || null;
+  if (!g) {
+    const e = new Error(`Group not found: ${name}`);
+    e.code = 'GROUP_NOT_FOUND';
+    throw e;
+  }
+  return { pool, group: g, members: g.users || [] };
+}
+async function createGroup({ accountId, name, description }) {
+  const pool = await getAccountUserGroupsAddOn(accountId);
+  const created = await api.createUserGroup({
+    addonId: pool.id,
+    name,
+    description
+  });
+  return { pool, created };
+}
+async function deleteGroup({ accountId, name }) {
+  const pool = await getAccountUserGroupsAddOn(accountId);
+  const res = await api.deleteUserGroup({ addonId: pool.id, name });
+  return { pool, result: res };
+}
+async function addUsers({ accountId, name, emails }) {
+  const pool = await getAccountUserGroupsAddOn(accountId);
+  const res = await api.addUsersToGroup({ addonId: pool.id, name, emails });
+  return { pool, result: res };
+}
+async function removeUsers({ accountId, name, emails }) {
+  const pool = await getAccountUserGroupsAddOn(accountId);
+  const res = await api.removeUsersFromGroup({
+    addonId: pool.id,
+    name,
+    emails
+  });
+  return { pool, result: res };
+}
+module.exports = {
+  resolveAccountId,
+  getAccountUserGroupsAddOn,
+  listGroups,
+  listGroupMembers,
+  createGroup,
+  deleteGroup,
+  addUsers,
+  removeUsers
+};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@occam-scaly/scaly-cli",
-  "version": "0.2.8",
+  "version": "0.2.9",
   "description": "Scaly CLI (auth + project config helpers)",
   "bin": {
     "scaly": "./bin/scaly.js"