@opensecurity/zonzon-cli 0.1.4 → 0.1.6

package/dist/cli.d.ts

@@ -1,2 +1 @@
-#!/usr/bin/env node
 export {};

package/dist/cli.js

@@ -1,13 +1,17 @@
-#!/usr/bin/env node
-import * as fs from "fs";
-import * as path from "path";
-import * as os from "os";
-import { parseArgs } from "util";
-import { randomBytes } from "crypto";
+import * as fs from "node:fs";
+import * as path from "node:path";
+import * as os from "node:os";
+import { parseArgs } from "node:util";
+import { randomBytes } from "node:crypto";
+import { createRequire } from "node:module";
 import { DevDnsServer, DnsHandler, HttpHandler, SniProxyService, validateServerConfig, audit } from "@opensecurity/zonzon-core";
 import { ControlPlane } from "@opensecurity/zonzon-control-plane";
+const require = createRequire(import.meta.url);
+const pkg = require("../package.json");
+const CLI_VERSION = pkg.version;
 const CONFIG_DIR = path.join(os.homedir(), ".zonzon");
 const DEFAULT_CONFIG_PATH = path.join(CONFIG_DIR, "config.json");
+const DEFAULT_SOCK_PATH = path.join(os.tmpdir(), "zonzon-cp.sock");
 function ensureConfigDir() {
     if (!fs.existsSync(CONFIG_DIR)) {
         fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
@@ -58,7 +62,7 @@ function setDeepValue(obj, pathStr, value) {
 }
 function printUsage() {
     console.log(`
-zonzon core engine (v0.1.0)
+zonzon core engine (v${CLI_VERSION})
 Usage: zonzon <command> [options]
 
 Commands:
@@ -74,12 +78,18 @@ Config Commands:
 
 Global Options:
   --config, -c   Override path to configuration file (default: ~/.zonzon/config.json)
+  --json         Output CLI command results in pure JSON format
   `);
     process.exit(0);
 }
-async function handleInit(configPath) {
+async function handleInit(configPath, isJson) {
     if (fs.existsSync(configPath)) {
-        audit.error(`Configuration already exists at ${configPath}`);
+        if (isJson) {
+            console.log(JSON.stringify({ success: false, error: "Configuration already exists", path: configPath }));
+        }
+        else {
+            audit.error(`Configuration already exists at ${configPath}`);
+        }
         process.exit(1);
     }
     const defaultConf = {
@@ -91,7 +101,7 @@ async function handleInit(configPath) {
         tcpIdleTimeoutMs: 30000,
         controlPlane: {
             enabled: true,
-            port: 8080
+            socketPath: DEFAULT_SOCK_PATH
         },
         firewall: {
             defaultPolicy: "deny",
@@ -100,33 +110,58 @@ async function handleInit(configPath) {
         hosts: {}
     };
     saveConfig(configPath, defaultConf);
-    audit.system(`Initialized secure default configuration at ${configPath}`);
-    audit.system(`Security Notice: Default HTTP/HTTPS ports mapped to 80/443.`);
-    audit.system(`If executing within a non-root sandbox, mutate config.json to unprivileged ports (e.g. 8080/8443) to prevent EACCES binding faults.`);
+    if (isJson) {
+        console.log(JSON.stringify({ success: true, action: "init", path: configPath, config: defaultConf }));
+    }
+    else {
+        audit.system(`Initialized secure default configuration at ${configPath}`);
+        audit.system(`Security Notice: Default HTTP/HTTPS ports mapped to 80/443.`);
+        audit.system(`If executing within a non-root sandbox, mutate config.json to unprivileged ports (e.g. 8080/8443) to prevent EACCES binding faults.`);
+    }
     process.exit(0);
 }
-async function handleConfig(configPath, args) {
+async function handleConfig(configPath, args, isJson) {
     const subCmd = args[0];
     if (subCmd === "view") {
         if (!fs.existsSync(configPath)) {
-            audit.error(`No configuration found at ${configPath}. Run 'zonzon init' first.`);
+            if (isJson) {
+                console.log(JSON.stringify({ success: false, error: "No configuration found. Run init first." }));
+            }
+            else {
+                audit.error(`No configuration found at ${configPath}. Run 'zonzon init' first.`);
+            }
             process.exit(1);
         }
         const fileContents = fs.readFileSync(configPath, "utf8");
-        console.log(fileContents);
+        if (isJson) {
+            console.log(JSON.stringify(JSON.parse(fileContents)));
+        }
+        else {
+            console.log(fileContents);
+        }
         process.exit(0);
     }
     if (subCmd === "set") {
         const key = args[1];
         const value = args[2];
         if (!key || value === undefined) {
-            audit.error("Usage: zonzon config set <key> <value>");
+            if (isJson) {
+                console.log(JSON.stringify({ success: false, error: "Missing key or value" }));
+            }
+            else {
+                audit.error("Usage: zonzon config set <key> <value>");
+            }
             process.exit(1);
         }
         const currentConfig = loadConfig(configPath);
         setDeepValue(currentConfig, key, value);
         saveConfig(configPath, currentConfig);
-        audit.system(`Updated configuration: ${key} = ${value}`);
+        if (isJson) {
+            console.log(JSON.stringify({ success: true, action: "set", key, value }));
+        }
+        else {
+            audit.system(`Updated configuration: ${key} = ${value}`);
+        }
         process.exit(0);
     }
     printUsage();
@@ -202,11 +237,14 @@ async function startEngine(configPath, portOverride, cpPortOverride) {
         }
         const blindIndexSalt = randomBytes(16).toString("hex");
         const cpPort = config.controlPlane?.port || 8080;
+        const socketPath = config.controlPlane?.socketPath || DEFAULT_SOCK_PATH;
         controlPlane = new ControlPlane({
             port: cpPort,
+            socketPath: socketPath,
             apiKey: activeApiKey,
             blindIndexSalt: blindIndexSalt,
             initialConfig: config,
+            configFilePath: configPath
         });
         controlPlane.subscribe(async (newConfig) => {
             audit.system("Applying dynamic configuration update from Control Plane...");
@@ -223,12 +261,22 @@ async function startEngine(configPath, portOverride, cpPortOverride) {
         }
     }
     audit.system("Initialization complete. Awaiting connections...");
+    let shuttingDown = false;
     const shutdown = async () => {
-        audit.system("Initiating graceful shutdown sequence...");
+        if (shuttingDown)
+            return;
+        shuttingDown = true;
+        audit.system("SIGINT/SIGTERM received. Initiating graceful connection draining sequence (10s bounds)...");
+        const forceExit = setTimeout(() => {
+            audit.error("Graceful drain timeout exceeded. Forcing engine termination.");
+            process.exit(1);
+        }, 10000);
         await daemon.stop();
         if (controlPlane) {
             await controlPlane.stop();
         }
+        clearTimeout(forceExit);
+        audit.system("All boundaries offline. Process terminating cleanly.");
         process.exit(0);
     };
     process.on("SIGINT", shutdown);
@@ -248,6 +296,10 @@ async function main() {
             "cp-port": {
                 type: "string",
             },
+            json: {
+                type: "boolean",
+                default: false,
+            }
         },
         strict: false,
         allowPositionals: true
@@ -256,12 +308,13 @@ async function main() {
     const configPath = values.config
         ? path.resolve(process.cwd(), values.config)
         : DEFAULT_CONFIG_PATH;
+    const isJson = values.json;
     switch (command) {
         case "init":
-            await handleInit(configPath);
+            await handleInit(configPath, isJson);
             break;
         case "config":
-            await handleConfig(configPath, positionals.slice(1));
+            await handleConfig(configPath, positionals.slice(1), isJson);
             break;
         case "start":
             await startEngine(configPath, values.port, values["cp-port"]);

package/dist/cli.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/cli.test.js

@@ -0,0 +1,105 @@
+import { describe, it, before, after } from "node:test";
+import assert from "node:assert";
+import { exec } from "node:child_process";
+import { promisify } from "node:util";
+import { promises as fs } from "node:fs";
+import * as path from "node:path";
+import * as os from "node:os";
+const execAsync = promisify(exec);
+const PROJECT_ROOT = process.cwd();
+const CLI_PATH = path.resolve(PROJECT_ROOT, "packages/cli/src/cli.ts");
+async function runCli(args) {
+    try {
+        const { stdout, stderr } = await execAsync(`npx tsx ${CLI_PATH} ${args.join(" ")}`);
+        return { stdout, stderr, code: 0 };
+    }
+    catch (error) {
+        return { stdout: error.stdout || "", stderr: error.stderr || "", code: error.code || 1 };
+    }
+}
+describe("CLI Integration Tests", () => {
+    let tempDir;
+    let testConfigPath;
+    before(async () => {
+        tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "zonzon-cli-test-"));
+        testConfigPath = path.join(tempDir, "config.json");
+    });
+    after(async () => {
+        await fs.rm(tempDir, { recursive: true, force: true });
+    });
+    it("fails to run without a command and prints usage", async () => {
+        const { stdout, code } = await runCli([]);
+        assert.strictEqual(code, 0);
+        assert.ok(stdout.includes("Usage: zonzon <command>"));
+    });
+    it("initializes a new configuration file", async () => {
+        const { stdout, code } = await runCli(["init", "--config", testConfigPath, "--json"]);
+        assert.strictEqual(code, 0);
+        const output = JSON.parse(stdout);
+        assert.strictEqual(output.success, true);
+        assert.strictEqual(output.action, "init");
+        const fileContent = await fs.readFile(testConfigPath, "utf8");
+        const config = JSON.parse(fileContent);
+        assert.strictEqual(config.port, 53);
+        assert.strictEqual(config.controlPlane.enabled, true);
+    });
+    it("refuses to overwrite an existing configuration", async () => {
+        const { stdout, code } = await runCli(["init", "--config", testConfigPath, "--json"]);
+        assert.strictEqual(code, 1);
+        const output = JSON.parse(stdout);
+        assert.strictEqual(output.success, false);
+        assert.ok(output.error.includes("already exists"));
+    });
+    it("views the current configuration", async () => {
+        const { stdout, code } = await runCli(["config", "view", "--config", testConfigPath, "--json"]);
+        assert.strictEqual(code, 0);
+        const config = JSON.parse(stdout);
+        assert.strictEqual(config.port, 53);
+        assert.strictEqual(config.httpPort, 80);
+    });
+    it("mutates a top level configuration value using numeric casting", async () => {
+        const { stdout, code } = await runCli(["config", "set", "port", "5353", "--config", testConfigPath, "--json"]);
+        assert.strictEqual(code, 0);
+        const output = JSON.parse(stdout);
+        assert.strictEqual(output.success, true);
+        const { stdout: viewOut } = await runCli(["config", "view", "--config", testConfigPath, "--json"]);
+        const config = JSON.parse(viewOut);
+        assert.strictEqual(config.port, 5353);
+    });
+    it("mutates a nested configuration value using boolean casting", async () => {
+        const { code } = await runCli(["config", "set", "controlPlane.enabled", "false", "--config", testConfigPath, "--json"]);
+        assert.strictEqual(code, 0);
+        const fileContent = await fs.readFile(testConfigPath, "utf8");
+        const config = JSON.parse(fileContent);
+        assert.strictEqual(config.controlPlane.enabled, false);
+    });
+    it("mutates a nested configuration value with standard strings", async () => {
+        const { code } = await runCli(["config", "set", "fallbackDns", "8.8.8.8", "--config", testConfigPath, "--json"]);
+        assert.strictEqual(code, 0);
+        const fileContent = await fs.readFile(testConfigPath, "utf8");
+        const config = JSON.parse(fileContent);
+        assert.strictEqual(config.fallbackDns, "8.8.8.8");
+    });
+    it("creates nested objects natively if they do not exist", async () => {
+        const { code } = await runCli(["config", "set", "firewall.allowlist_ips.0", "10.0.0.1", "--config", testConfigPath, "--json"]);
+        assert.strictEqual(code, 0);
+        const fileContent = await fs.readFile(testConfigPath, "utf8");
+        const config = JSON.parse(fileContent);
+        assert.strictEqual(config.firewall.allowlist_ips[0], "10.0.0.1");
+    });
+    it("fails to view configuration if file is missing", async () => {
+        const missingPath = path.join(tempDir, "missing.json");
+        const { stdout, code } = await runCli(["config", "view", "--config", missingPath, "--json"]);
+        assert.strictEqual(code, 1);
+        const output = JSON.parse(stdout);
+        assert.strictEqual(output.success, false);
+        assert.ok(output.error.includes("No configuration found"));
+    });
+    it("fails to set configuration if parameters are missing", async () => {
+        const { stdout, code } = await runCli(["config", "set", "port", "--config", testConfigPath, "--json"]);
+        assert.strictEqual(code, 1);
+        const output = JSON.parse(stdout);
+        assert.strictEqual(output.success, false);
+        assert.ok(output.error.includes("Missing key or value"));
+    });
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opensecurity/zonzon-cli",
-  "version": "0.1.4",
+  "version": "0.1.6",
   "description": "cli interface for zonzon",
   "type": "module",
   "author": "Lucian BLETAN <neuraluc@gmail.com>",
@@ -31,7 +31,7 @@
     "dev:watch": "NODE_OPTIONS=--disable-warning=DEP0205 tsx watch src/cli.ts start --config ../../config/hosts.json"
   },
   "dependencies": {
-    "@opensecurity/zonzon-core": "^0.1.4",
-    "@opensecurity/zonzon-control-plane": "^0.1.4"
+    "@opensecurity/zonzon-core": "^0.1.6",
+    "@opensecurity/zonzon-control-plane": "^0.1.6"
   }
-}
+}