@opensecurity/zonzon-cli 0.1.3 → 0.1.5

package/dist/cli.js

@@ -4,10 +4,15 @@ import * as path from "path";
 import * as os from "os";
 import { parseArgs } from "util";
 import { randomBytes } from "crypto";
+import { createRequire } from "module";
 import { DevDnsServer, DnsHandler, HttpHandler, SniProxyService, validateServerConfig, audit } from "@opensecurity/zonzon-core";
 import { ControlPlane } from "@opensecurity/zonzon-control-plane";
+const require = createRequire(import.meta.url);
+const pkg = require("../package.json");
+const CLI_VERSION = pkg.version;
 const CONFIG_DIR = path.join(os.homedir(), ".zonzon");
 const DEFAULT_CONFIG_PATH = path.join(CONFIG_DIR, "config.json");
+const DEFAULT_SOCK_PATH = path.join(os.tmpdir(), "zonzon-cp.sock");
 function ensureConfigDir() {
     if (!fs.existsSync(CONFIG_DIR)) {
         fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
@@ -58,7 +63,7 @@ function setDeepValue(obj, pathStr, value) {
 }
 function printUsage() {
     console.log(`
-zonzon core engine (v0.1.0)
+zonzon core engine (v${CLI_VERSION})
 Usage: zonzon <command> [options]
 
 Commands:
@@ -74,22 +79,30 @@ Config Commands:
 
 Global Options:
   --config, -c   Override path to configuration file (default: ~/.zonzon/config.json)
+  --json         Output CLI command results in pure JSON format
   `);
     process.exit(0);
 }
-async function handleInit(configPath) {
+async function handleInit(configPath, isJson) {
     if (fs.existsSync(configPath)) {
-        audit.error(`Configuration already exists at ${configPath}`);
+        if (isJson) {
+            console.log(JSON.stringify({ success: false, error: "Configuration already exists", path: configPath }));
+        }
+        else {
+            audit.error(`Configuration already exists at ${configPath}`);
+        }
         process.exit(1);
     }
     const defaultConf = {
         port: 53,
+        httpPort: 80,
+        httpsPort: 443,
         fallbackDns: "1.1.1.1",
         maxTcpConnections: 100,
         tcpIdleTimeoutMs: 30000,
         controlPlane: {
             enabled: true,
-            port: 8080
+            socketPath: DEFAULT_SOCK_PATH
         },
         firewall: {
             defaultPolicy: "deny",
@@ -98,35 +111,101 @@ async function handleInit(configPath) {
         hosts: {}
     };
     saveConfig(configPath, defaultConf);
-    audit.system(`Initialized secure default configuration at ${configPath}`);
+    if (isJson) {
+        console.log(JSON.stringify({ success: true, action: "init", path: configPath, config: defaultConf }));
+    }
+    else {
+        audit.system(`Initialized secure default configuration at ${configPath}`);
+        audit.system(`Security Notice: Default HTTP/HTTPS ports mapped to 80/443.`);
+        audit.system(`If executing within a non-root sandbox, mutate config.json to unprivileged ports (e.g. 8080/8443) to prevent EACCES binding faults.`);
+    }
     process.exit(0);
 }
-async function handleConfig(configPath, args) {
+async function handleConfig(configPath, args, isJson) {
     const subCmd = args[0];
     if (subCmd === "view") {
         if (!fs.existsSync(configPath)) {
-            audit.error(`No configuration found at ${configPath}. Run 'zonzon init' first.`);
+            if (isJson) {
+                console.log(JSON.stringify({ success: false, error: "No configuration found. Run init first." }));
+            }
+            else {
+                audit.error(`No configuration found at ${configPath}. Run 'zonzon init' first.`);
+            }
             process.exit(1);
         }
         const fileContents = fs.readFileSync(configPath, "utf8");
-        console.log(fileContents);
+        if (isJson) {
+            console.log(JSON.stringify(JSON.parse(fileContents)));
+        }
+        else {
+            console.log(fileContents);
+        }
         process.exit(0);
     }
     if (subCmd === "set") {
         const key = args[1];
         const value = args[2];
         if (!key || value === undefined) {
-            audit.error("Usage: zonzon config set <key> <value>");
+            if (isJson) {
+                console.log(JSON.stringify({ success: false, error: "Missing key or value" }));
+            }
+            else {
+                audit.error("Usage: zonzon config set <key> <value>");
+            }
             process.exit(1);
         }
         const currentConfig = loadConfig(configPath);
         setDeepValue(currentConfig, key, value);
         saveConfig(configPath, currentConfig);
-        audit.system(`Updated configuration: ${key} = ${value}`);
+        if (isJson) {
+            console.log(JSON.stringify({ success: true, action: "set", key, value }));
+        }
+        else {
+            audit.system(`Updated configuration: ${key} = ${value}`);
+        }
         process.exit(0);
     }
     printUsage();
 }
+class ZonzonDaemon {
+    dnsHandler = null;
+    httpHandler = null;
+    sniProxy = null;
+    async start(config) {
+        try {
+            const dnsServer = new DevDnsServer(config);
+            this.dnsHandler = new DnsHandler(dnsServer, config);
+            await this.dnsHandler.start();
+            audit.system(`DNS Listener actively enforcing Zero-Trust boundaries on port ${config.port}`);
+            this.httpHandler = new HttpHandler(dnsServer, config, config.httpPort ?? 80);
+            await this.httpHandler.start();
+            audit.system(`HTTP L7 Sandbox Router active on port ${config.httpPort ?? 80}`);
+            this.sniProxy = new SniProxyService(config, config.httpsPort ?? 443);
+            await this.sniProxy.start();
+            audit.system(`SNI Proxy active on port ${config.httpsPort ?? 443}`);
+        }
+        catch (err) {
+            audit.error(`Fatal bind error during initialization: ${err.message}`);
+            await this.stop();
+            process.exit(1);
+        }
+    }
+    async stop() {
+        if (this.dnsHandler) {
+            await this.dnsHandler.stop();
+            this.dnsHandler = null;
+        }
+        if (this.httpHandler) {
+            await this.httpHandler.stop();
+            this.httpHandler = null;
+        }
+        if (this.sniProxy) {
+            await this.sniProxy.stop();
+            this.sniProxy = null;
+        }
+        audit.system("Subsystems halted. Sockets closed.");
+    }
+}
 async function startEngine(configPath, portOverride, cpPortOverride) {
     const rawConfig = loadConfig(configPath);
     if (portOverride) {
@@ -145,10 +224,8 @@ async function startEngine(configPath, portOverride, cpPortOverride) {
         audit.error(`Configuration Schema Violation: ${err.message}`);
         process.exit(1);
     }
-    const dnsServer = new DevDnsServer(config);
-    const dnsHandler = new DnsHandler(dnsServer, config);
-    const httpHandler = new HttpHandler(dnsServer, config, 80);
-    const sniProxy = new SniProxyService(config, 443);
+    const daemon = new ZonzonDaemon();
+    await daemon.start(config);
     const isCpEnabled = config.controlPlane?.enabled !== false;
     let controlPlane = null;
     let isEphemeralKey = false;
@@ -161,51 +238,50 @@ async function startEngine(configPath, portOverride, cpPortOverride) {
         }
         const blindIndexSalt = randomBytes(16).toString("hex");
         const cpPort = config.controlPlane?.port || 8080;
+        const socketPath = config.controlPlane?.socketPath || DEFAULT_SOCK_PATH;
         controlPlane = new ControlPlane({
             port: cpPort,
+            socketPath: socketPath,
             apiKey: activeApiKey,
             blindIndexSalt: blindIndexSalt,
             initialConfig: config,
+            configFilePath: configPath
         });
-        controlPlane.subscribe((newConfig) => {
+        controlPlane.subscribe(async (newConfig) => {
             audit.system("Applying dynamic configuration update from Control Plane...");
+            await daemon.stop();
+            await daemon.start(newConfig);
         });
+        await controlPlane.start();
+        if (isEphemeralKey) {
+            audit.system(`[SECURITY] Generated Ephemeral API Key for this session: ${activeApiKey}`);
+            audit.system(`[SECURITY] Do not lose this key. It will not be shown again.`);
+        }
+        else {
+            audit.system(`[SECURITY] Control Plane using static API Key from configuration.`);
+        }
     }
+    audit.system("Initialization complete. Awaiting connections...");
+    let shuttingDown = false;
     const shutdown = async () => {
-        audit.system("Initiating graceful shutdown sequence...");
-        await dnsHandler.stop();
-        await httpHandler.stop();
-        await sniProxy.stop();
+        if (shuttingDown)
+            return;
+        shuttingDown = true;
+        audit.system("SIGINT/SIGTERM received. Initiating graceful connection draining sequence (10s bounds)...");
+        const forceExit = setTimeout(() => {
+            audit.error("Graceful drain timeout exceeded. Forcing engine termination.");
+            process.exit(1);
+        }, 10000);
+        await daemon.stop();
         if (controlPlane) {
             await controlPlane.stop();
         }
+        clearTimeout(forceExit);
+        audit.system("All boundaries offline. Process terminating cleanly.");
         process.exit(0);
     };
     process.on("SIGINT", shutdown);
     process.on("SIGTERM", shutdown);
-    try {
-        await dnsHandler.start();
-        audit.system(`DNS Listener actively enforcing Zero-Trust boundaries on port ${config.port}`);
-        await httpHandler.start();
-        audit.system(`HTTP L7 Sandbox Router active on port 80`);
-        await sniProxy.start();
-        audit.system(`SNI Proxy active on port 443`);
-        if (controlPlane) {
-            await controlPlane.start();
-            if (isEphemeralKey) {
-                audit.system(`[SECURITY] Generated Ephemeral API Key for this session: ${activeApiKey}`);
-                audit.system(`[SECURITY] Do not lose this key. It will not be shown again.`);
-            }
-            else {
-                audit.system(`[SECURITY] Control Plane using static API Key from configuration.`);
-            }
-        }
-        audit.system("Initialization complete. Awaiting connections...");
-    }
-    catch (err) {
-        audit.error(`Fatal bind error during initialization: ${err.message}`);
-        await shutdown();
-    }
 }
 async function main() {
     const { values, positionals } = parseArgs({
@@ -221,6 +297,10 @@ async function main() {
             "cp-port": {
                 type: "string",
             },
+            json: {
+                type: "boolean",
+                default: false,
+            }
         },
         strict: false,
         allowPositionals: true
@@ -229,12 +309,13 @@ async function main() {
     const configPath = values.config
         ? path.resolve(process.cwd(), values.config)
         : DEFAULT_CONFIG_PATH;
+    const isJson = values.json;
     switch (command) {
         case "init":
-            await handleInit(configPath);
+            await handleInit(configPath, isJson);
             break;
         case "config":
-            await handleConfig(configPath, positionals.slice(1));
+            await handleConfig(configPath, positionals.slice(1), isJson);
             break;
         case "start":
             await startEngine(configPath, values.port, values["cp-port"]);

package/dist/cli.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/cli.test.js

@@ -0,0 +1,105 @@
+import { describe, it, before, after } from "node:test";
+import assert from "node:assert";
+import { exec } from "node:child_process";
+import { promisify } from "node:util";
+import { promises as fs } from "node:fs";
+import * as path from "node:path";
+import * as os from "node:os";
+const execAsync = promisify(exec);
+const PROJECT_ROOT = process.cwd();
+const CLI_PATH = path.resolve(PROJECT_ROOT, "packages/cli/src/cli.ts");
+async function runCli(args) {
+    try {
+        const { stdout, stderr } = await execAsync(`npx tsx ${CLI_PATH} ${args.join(" ")}`);
+        return { stdout, stderr, code: 0 };
+    }
+    catch (error) {
+        return { stdout: error.stdout || "", stderr: error.stderr || "", code: error.code || 1 };
+    }
+}
+describe("CLI Integration Tests", () => {
+    let tempDir;
+    let testConfigPath;
+    before(async () => {
+        tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "zonzon-cli-test-"));
+        testConfigPath = path.join(tempDir, "config.json");
+    });
+    after(async () => {
+        await fs.rm(tempDir, { recursive: true, force: true });
+    });
+    it("fails to run without a command and prints usage", async () => {
+        const { stdout, code } = await runCli([]);
+        assert.strictEqual(code, 0);
+        assert.ok(stdout.includes("Usage: zonzon <command>"));
+    });
+    it("initializes a new configuration file", async () => {
+        const { stdout, code } = await runCli(["init", "--config", testConfigPath, "--json"]);
+        assert.strictEqual(code, 0);
+        const output = JSON.parse(stdout);
+        assert.strictEqual(output.success, true);
+        assert.strictEqual(output.action, "init");
+        const fileContent = await fs.readFile(testConfigPath, "utf8");
+        const config = JSON.parse(fileContent);
+        assert.strictEqual(config.port, 53);
+        assert.strictEqual(config.controlPlane.enabled, true);
+    });
+    it("refuses to overwrite an existing configuration", async () => {
+        const { stdout, code } = await runCli(["init", "--config", testConfigPath, "--json"]);
+        assert.strictEqual(code, 1);
+        const output = JSON.parse(stdout);
+        assert.strictEqual(output.success, false);
+        assert.ok(output.error.includes("already exists"));
+    });
+    it("views the current configuration", async () => {
+        const { stdout, code } = await runCli(["config", "view", "--config", testConfigPath, "--json"]);
+        assert.strictEqual(code, 0);
+        const config = JSON.parse(stdout);
+        assert.strictEqual(config.port, 53);
+        assert.strictEqual(config.httpPort, 80);
+    });
+    it("mutates a top level configuration value using numeric casting", async () => {
+        const { stdout, code } = await runCli(["config", "set", "port", "5353", "--config", testConfigPath, "--json"]);
+        assert.strictEqual(code, 0);
+        const output = JSON.parse(stdout);
+        assert.strictEqual(output.success, true);
+        const { stdout: viewOut } = await runCli(["config", "view", "--config", testConfigPath, "--json"]);
+        const config = JSON.parse(viewOut);
+        assert.strictEqual(config.port, 5353);
+    });
+    it("mutates a nested configuration value using boolean casting", async () => {
+        const { code } = await runCli(["config", "set", "controlPlane.enabled", "false", "--config", testConfigPath, "--json"]);
+        assert.strictEqual(code, 0);
+        const fileContent = await fs.readFile(testConfigPath, "utf8");
+        const config = JSON.parse(fileContent);
+        assert.strictEqual(config.controlPlane.enabled, false);
+    });
+    it("mutates a nested configuration value with standard strings", async () => {
+        const { code } = await runCli(["config", "set", "fallbackDns", "8.8.8.8", "--config", testConfigPath, "--json"]);
+        assert.strictEqual(code, 0);
+        const fileContent = await fs.readFile(testConfigPath, "utf8");
+        const config = JSON.parse(fileContent);
+        assert.strictEqual(config.fallbackDns, "8.8.8.8");
+    });
+    it("creates nested objects natively if they do not exist", async () => {
+        const { code } = await runCli(["config", "set", "firewall.allowlist_ips.0", "10.0.0.1", "--config", testConfigPath, "--json"]);
+        assert.strictEqual(code, 0);
+        const fileContent = await fs.readFile(testConfigPath, "utf8");
+        const config = JSON.parse(fileContent);
+        assert.strictEqual(config.firewall.allowlist_ips[0], "10.0.0.1");
+    });
+    it("fails to view configuration if file is missing", async () => {
+        const missingPath = path.join(tempDir, "missing.json");
+        const { stdout, code } = await runCli(["config", "view", "--config", missingPath, "--json"]);
+        assert.strictEqual(code, 1);
+        const output = JSON.parse(stdout);
+        assert.strictEqual(output.success, false);
+        assert.ok(output.error.includes("No configuration found"));
+    });
+    it("fails to set configuration if parameters are missing", async () => {
+        const { stdout, code } = await runCli(["config", "set", "port", "--config", testConfigPath, "--json"]);
+        assert.strictEqual(code, 1);
+        const output = JSON.parse(stdout);
+        assert.strictEqual(output.success, false);
+        assert.ok(output.error.includes("Missing key or value"));
+    });
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opensecurity/zonzon-cli",
-  "version": "0.1.3",
+  "version": "0.1.5",
   "description": "cli interface for zonzon",
   "type": "module",
   "author": "Lucian BLETAN <neuraluc@gmail.com>",
@@ -28,10 +28,10 @@
   "scripts": {
     "build": "tsc -b",
     "start": "node dist/cli.js",
-    "dev": "tsx watch src/cli.ts"
+    "dev:watch": "NODE_OPTIONS=--disable-warning=DEP0205 tsx watch src/cli.ts start --config ../../config/hosts.json"
   },
   "dependencies": {
-    "@opensecurity/zonzon-core": "^0.1.3",
-    "@opensecurity/zonzon-control-plane": "^0.1.3"
+    "@opensecurity/zonzon-core": "^0.1.5",
+    "@opensecurity/zonzon-control-plane": "^0.1.5"
   }
-}
+}