@saptools/cf-debugger 0.1.4 → 0.1.6

package/dist/index.js

@@ -14,26 +14,38 @@ var CfDebuggerError = class extends Error {
   }
 };
 
-// src/debugger.ts
+// src/debug-session/start.ts
 import { mkdir as mkdir3, rm } from "fs/promises";
-import { hostname as getHostname2 } from "os";
-import process3 from "process";
+import process4 from "process";
 
-// src/cf.ts
-import { execFile, spawn } from "child_process";
+// src/cloud-foundry/execute.ts
+import { execFile } from "child_process";
 import { promisify } from "util";
 var execFileAsync = promisify(execFile);
 var MAX_BUFFER = 16 * 1024 * 1024;
 var CF_CLI_TIMEOUT_MS = 3e4;
-var CF_RESTART_TIMEOUT_MS = 12e4;
-var CF_SSH_SIGNAL_TIMEOUT_MS = 15e3;
-var CF_AUTH_MAX_ATTEMPTS = 3;
+var REDACTED_ARG = "<redacted>";
 function buildEnv(cfHome) {
   return { ...process.env, CF_HOME: cfHome };
 }
 function resolveBin(context) {
   return context.command ?? process.env["CF_DEBUGGER_CF_BIN"] ?? "cf";
 }
+function sensitiveArgs(args) {
+  if (args[0] !== "auth") {
+    return [];
+  }
+  return args.slice(1).filter((arg) => arg.length > 0);
+}
+function redactText(text, values) {
+  return values.reduce((current, value) => current.split(value).join(REDACTED_ARG), text);
+}
+function formatArgsForError(args) {
+  if (args[0] !== "auth") {
+    return args.join(" ");
+  }
+  return args.map((arg, index) => index === 0 ? arg : REDACTED_ARG).join(" ");
+}
 async function runCf(args, context, timeoutMs = CF_CLI_TIMEOUT_MS) {
   try {
     const { stdout } = await execFileAsync(resolveBin(context), [...args], {
@@ -44,14 +56,20 @@ async function runCf(args, context, timeoutMs = CF_CLI_TIMEOUT_MS) {
     return stdout;
   } catch (err) {
     const e = err;
-    const stderr = e.stderr?.trim() ?? "";
+    const redactionValues = sensitiveArgs(args);
+    const stderr = redactText(e.stderr?.trim() ?? "", redactionValues);
+    const fallbackMessage = redactText(e.message, redactionValues);
     throw new CfDebuggerError(
       "CF_CLI_FAILED",
-      `cf ${args.join(" ")} failed: ${stderr.length > 0 ? stderr : e.message}`,
+      `cf ${formatArgsForError(args)} failed: ${stderr.length > 0 ? stderr : fallbackMessage}`,
       stderr
     );
   }
 }
+
+// src/cloud-foundry/commands.ts
+var CF_RESTART_TIMEOUT_MS = 12e4;
+var CF_AUTH_MAX_ATTEMPTS = 3;
 async function cfApi(apiEndpoint, context) {
   await runCf(["api", apiEndpoint], context);
 }
@@ -117,6 +135,10 @@ async function cfEnableSsh(appName, context) {
 async function cfRestartApp(appName, context) {
   await runCf(["restart", appName], context, CF_RESTART_TIMEOUT_MS);
 }
+
+// src/cloud-foundry/ssh.ts
+import { spawn } from "child_process";
+var CF_SSH_SIGNAL_TIMEOUT_MS = 15e3;
 async function cfSshOneShot(appName, command, context) {
   return await new Promise((resolve) => {
     const child = spawn(resolveBin(context), ["ssh", appName, "-c", command], {
@@ -191,7 +213,7 @@ function sessionCfHomeDir(sessionId) {
   return join(saptoolsDir(), CF_DEBUGGER_HOMES_DIRNAME, sessionId);
 }
 
-// src/port.ts
+// src/network/ports.ts
 import { execFile as execFile2 } from "child_process";
 import { createConnection, createServer } from "net";
 import { promisify as promisify2 } from "util";
@@ -363,7 +385,7 @@ function listKnownRegionKeys() {
   return Object.keys(REGION_API_ENDPOINTS);
 }
 
-// src/state.ts
+// src/session-state/store.ts
 import { randomUUID } from "crypto";
 import { mkdir as mkdir2, readFile, rename, writeFile } from "fs/promises";
 import { hostname as getHostname } from "os";
@@ -418,7 +440,7 @@ async function withFileLock(lockPath, work, options) {
   }
 }
 
-// src/state.ts
+// src/session-state/store.ts
 async function readJsonFile(path) {
   let raw;
   try {
@@ -650,13 +672,29 @@ async function removeSession(sessionId) {
   });
 }
 
-// src/debugger.ts
+// src/debug-session/constants.ts
 var DEFAULT_TUNNEL_READY_TIMEOUT_MS = 3e4;
 var POST_USR1_DELAY_MS = 300;
 var PORT_CLEANUP_DELAY_MS = 600;
 var CHILD_SIGTERM_GRACE_MS = 2e3;
 var PORT_RECLAIM_DELAY_MS = 250;
 var PID_TERMINATION_POLL_MS = 100;
+
+// src/debug-session/orphans.ts
+import { hostname as getHostname2 } from "os";
+async function pruneAndCleanupOrphans() {
+  const result = await readAndPruneActiveSessions();
+  const host = getHostname2();
+  for (const removed of result.removed) {
+    if (removed.hostname === host) {
+      void killProcessOnPort(removed.localPort);
+    }
+  }
+  return result.sessions;
+}
+
+// src/debug-session/processes.ts
+import process3 from "process";
 function signalPidOrGroup(pid, signal) {
   const isWindows = process3.platform === "win32";
   if (!isWindows) {
@@ -696,24 +734,16 @@ async function killProcessGroupOrProc(child, timeoutMs = CHILD_SIGTERM_GRACE_MS)
   }
   await terminatePidOrGroup(child.pid, timeoutMs);
 }
-async function pruneAndCleanupOrphans() {
-  const result = await readAndPruneActiveSessions();
-  const host = getHostname2();
-  for (const removed of result.removed) {
-    if (removed.hostname === host) {
-      void killProcessOnPort(removed.localPort);
-    }
-  }
-  return result.sessions;
-}
+
+// src/debug-session/start.ts
 function checkAbort(signal) {
   if (signal?.aborted) {
     throw new CfDebuggerError("ABORTED", "Operation aborted by caller");
   }
 }
 function requireCredentials(options) {
-  const email = options.email ?? process3.env["SAP_EMAIL"];
-  const password = options.password ?? process3.env["SAP_PASSWORD"];
+  const email = options.email ?? process4.env["SAP_EMAIL"];
+  const password = options.password ?? process4.env["SAP_PASSWORD"];
   if (email === void 0 || email === "") {
     throw new CfDebuggerError(
       "MISSING_CREDENTIALS",
@@ -728,15 +758,7 @@ function requireCredentials(options) {
   }
   return { email, password };
 }
-async function startDebugger(options) {
-  const { email, password } = requireCredentials(options);
-  const apiEndpoint = resolveApiEndpoint(options.region, options.apiEndpoint);
-  const tunnelReadyTimeoutMs = options.tunnelReadyTimeoutMs ?? DEFAULT_TUNNEL_READY_TIMEOUT_MS;
-  const emit = (status, message) => {
-    options.onStatus?.(status, message);
-  };
-  checkAbort(options.signal);
-  await pruneAndCleanupOrphans();
+async function registerSession(options, apiEndpoint) {
   const registration = await registerNewSession({
     region: options.region,
     org: options.org,
@@ -753,20 +775,151 @@ async function startDebugger(options) {
       `A debugger session is already running for ${sessionKeyString(options)} on port ${registration.existing.localPort.toString()} (pid ${registration.existing.pid.toString()}, sessionId ${registration.existing.sessionId}). Stop it first with \`cf-debugger stop\`.`
     );
   }
-  const session = registration.session;
+  return registration.session;
+}
+async function loginAndTarget(options, apiEndpoint, email, password, context, sessionId, emit) {
+  emit("logging-in");
+  await updateSessionStatus(sessionId, "logging-in");
+  await cfLogin(apiEndpoint, email, password, context);
+  checkAbort(options.signal);
+  emit("targeting");
+  await updateSessionStatus(sessionId, "targeting");
+  await cfTarget(options.org, options.space, context);
+  checkAbort(options.signal);
+}
+async function signalRemoteNode(options, context, sessionId, emit) {
+  emit("signaling");
+  await updateSessionStatus(sessionId, "signaling");
+  const signalResult = await cfSshOneShot(options.app, `kill -s USR1 $(pidof node)`, context);
+  if (!isSshDisabledError(signalResult.stderr)) {
+    if (signalResult.exitCode === 0) {
+      return;
+    }
+    const detail = signalResult.stderr.trim().length > 0 ? signalResult.stderr.trim() : `exit code ${String(signalResult.exitCode)}`;
+    throw new CfDebuggerError(
+      "USR1_SIGNAL_FAILED",
+      `Failed to send SIGUSR1 to the Node.js process on ${options.app}: ${detail}`,
+      signalResult.stderr
+    );
+  }
+  const alreadyEnabled = await cfSshEnabled(options.app, context);
+  if (!alreadyEnabled) {
+    emit("ssh-enabling", "Enabling SSH on the app");
+    await updateSessionStatus(sessionId, "ssh-enabling");
+    await cfEnableSsh(options.app, context);
+  }
+  emit("ssh-restarting", "Restarting app so SSH becomes active");
+  await updateSessionStatus(sessionId, "ssh-restarting");
+  await cfRestartApp(options.app, context);
+  checkAbort(options.signal);
+  await retryRemoteSignal(options, context, sessionId, emit);
+}
+async function retryRemoteSignal(options, context, sessionId, emit) {
+  emit("signaling");
+  await updateSessionStatus(sessionId, "signaling");
+  const retrySignalResult = await cfSshOneShot(
+    options.app,
+    `kill -s USR1 $(pidof node)`,
+    context
+  );
+  if (retrySignalResult.exitCode === 0) {
+    return;
+  }
+  const detail = retrySignalResult.stderr.trim().length > 0 ? retrySignalResult.stderr.trim() : `exit code ${String(retrySignalResult.exitCode)}`;
+  throw new CfDebuggerError(
+    "USR1_SIGNAL_FAILED",
+    `Failed to send SIGUSR1 to the Node.js process on ${options.app} after enabling SSH: ${detail}`,
+    retrySignalResult.stderr
+  );
+}
+async function waitAfterSignal(signal) {
+  await new Promise((resolve) => {
+    setTimeout(resolve, POST_USR1_DELAY_MS);
+  });
+  checkAbort(signal);
+}
+async function ensurePortAvailable(localPort) {
+  if (await isPortFree(localPort)) {
+    return;
+  }
+  await killProcessOnPort(localPort);
+  await new Promise((resolve) => {
+    setTimeout(resolve, PORT_RECLAIM_DELAY_MS);
+  });
+  if (!await isPortFree(localPort)) {
+    throw new CfDebuggerError(
+      "PORT_UNAVAILABLE",
+      `Local port ${localPort.toString()} is in use and could not be reclaimed for the tunnel.`
+    );
+  }
+}
+async function openReadyTunnel(options, session, context, tunnelReadyTimeoutMs, onChild) {
+  await ensurePortAvailable(session.localPort);
+  const child = spawnSshTunnel(options.app, session.localPort, session.remotePort, context);
+  onChild(child);
+  if (child.pid !== void 0) {
+    await updateSessionPid(session.sessionId, child.pid);
+  }
+  const ready = await probeTunnelReady(session.localPort, tunnelReadyTimeoutMs);
+  checkAbort(options.signal);
+  if (!ready) {
+    throw new CfDebuggerError(
+      "TUNNEL_NOT_READY",
+      `SSH tunnel on port ${session.localPort.toString()} did not become ready within ${Math.round(tunnelReadyTimeoutMs / 1e3).toString()}s.`
+    );
+  }
+  const listeningPid = await findListeningProcessId(session.localPort);
+  const activePid = listeningPid ?? child.pid ?? session.pid;
+  if (activePid !== session.pid) {
+    await updateSessionPid(session.sessionId, activePid);
+  }
+  return { child, activePid };
+}
+function attachTunnelEvents(child, markClosed, resolveExit, emit) {
+  child.on("close", (code) => {
+    markClosed();
+    resolveExit(code);
+  });
+  child.on("error", (err) => {
+    emit("error", err.message);
+  });
+}
+function createHandle(session, emit, finalize, exitPromise) {
+  let disposePromise;
+  return {
+    session,
+    dispose: async () => {
+      disposePromise ??= (async () => {
+        emit("stopping");
+        await updateSessionStatus(session.sessionId, "stopping");
+        await finalize();
+      })();
+      await disposePromise;
+    },
+    waitForExit: async () => {
+      return await exitPromise;
+    }
+  };
+}
+async function startDebugger(options) {
+  const { email, password } = requireCredentials(options);
+  const apiEndpoint = resolveApiEndpoint(options.region, options.apiEndpoint);
+  const tunnelReadyTimeoutMs = options.tunnelReadyTimeoutMs ?? DEFAULT_TUNNEL_READY_TIMEOUT_MS;
+  const emit = (status, message) => {
+    options.onStatus?.(status, message);
+  };
+  checkAbort(options.signal);
+  await pruneAndCleanupOrphans();
+  const session = await registerSession(options, apiEndpoint);
   const context = { cfHome: session.cfHomeDir };
   let child;
   let tunnelClosed = false;
-  let exitResolve;
+  let exitResolve = (_code) => {
+    throw new Error("Exit resolver was used before initialization");
+  };
   const exitPromise = new Promise((resolve) => {
     exitResolve = resolve;
   });
-  const cleanupFilesystem = async () => {
-    try {
-      await rm(session.cfHomeDir, { recursive: true, force: true });
-    } catch {
-    }
-  };
   const finalize = async () => {
     if (!tunnelClosed) {
       tunnelClosed = true;
@@ -778,125 +931,37 @@ async function startDebugger(options) {
       }, PORT_CLEANUP_DELAY_MS);
     }
     await removeSession(session.sessionId);
-    await cleanupFilesystem();
+    await cleanupFilesystem(session.cfHomeDir);
     emit("stopped");
   };
   try {
     await mkdir3(session.cfHomeDir, { recursive: true });
-    emit("logging-in");
-    await updateSessionStatus(session.sessionId, "logging-in");
-    await cfLogin(apiEndpoint, email, password, context);
-    checkAbort(options.signal);
-    emit("targeting");
-    await updateSessionStatus(session.sessionId, "targeting");
-    await cfTarget(options.org, options.space, context);
-    checkAbort(options.signal);
+    await loginAndTarget(options, apiEndpoint, email, password, context, session.sessionId, emit);
     await killProcessOnPort(session.localPort);
     await new Promise((resolve) => {
       setTimeout(resolve, 200);
     });
-    emit("signaling");
-    await updateSessionStatus(session.sessionId, "signaling");
-    const signalResult = await cfSshOneShot(
-      options.app,
-      `kill -s USR1 $(pidof node)`,
-      context
-    );
-    if (isSshDisabledError(signalResult.stderr)) {
-      const alreadyEnabled = await cfSshEnabled(options.app, context);
-      if (!alreadyEnabled) {
-        emit("ssh-enabling", "Enabling SSH on the app");
-        await updateSessionStatus(session.sessionId, "ssh-enabling");
-        await cfEnableSsh(options.app, context);
-      }
-      emit("ssh-restarting", "Restarting app so SSH becomes active");
-      await updateSessionStatus(session.sessionId, "ssh-restarting");
-      await cfRestartApp(options.app, context);
-      checkAbort(options.signal);
-      emit("signaling");
-      await updateSessionStatus(session.sessionId, "signaling");
-      const retrySignalResult = await cfSshOneShot(
-        options.app,
-        `kill -s USR1 $(pidof node)`,
-        context
-      );
-      if (retrySignalResult.exitCode !== 0) {
-        const detail = retrySignalResult.stderr.trim().length > 0 ? retrySignalResult.stderr.trim() : `exit code ${String(retrySignalResult.exitCode)}`;
-        throw new CfDebuggerError(
-          "USR1_SIGNAL_FAILED",
-          `Failed to send SIGUSR1 to the Node.js process on ${options.app} after enabling SSH: ${detail}`,
-          retrySignalResult.stderr
-        );
-      }
-    } else if (signalResult.exitCode !== 0) {
-      const detail = signalResult.stderr.trim().length > 0 ? signalResult.stderr.trim() : `exit code ${String(signalResult.exitCode)}`;
-      throw new CfDebuggerError(
-        "USR1_SIGNAL_FAILED",
-        `Failed to send SIGUSR1 to the Node.js process on ${options.app}: ${detail}`,
-        signalResult.stderr
-      );
-    }
-    await new Promise((resolve) => {
-      setTimeout(resolve, POST_USR1_DELAY_MS);
-    });
-    checkAbort(options.signal);
+    await signalRemoteNode(options, context, session.sessionId, emit);
+    await waitAfterSignal(options.signal);
     emit("tunneling");
     await updateSessionStatus(session.sessionId, "tunneling");
-    if (!await isPortFree(session.localPort)) {
-      await killProcessOnPort(session.localPort);
-      await new Promise((resolve) => {
-        setTimeout(resolve, PORT_RECLAIM_DELAY_MS);
-      });
-      if (!await isPortFree(session.localPort)) {
-        throw new CfDebuggerError(
-          "PORT_UNAVAILABLE",
-          `Local port ${session.localPort.toString()} is in use and could not be reclaimed for the tunnel.`
-        );
+    const tunnel = await openReadyTunnel(
+      options,
+      session,
+      context,
+      tunnelReadyTimeoutMs,
+      (tunnelChild) => {
+        child = tunnelChild;
+        attachTunnelEvents(tunnelChild, () => {
+          tunnelClosed = true;
+        }, exitResolve, emit);
       }
-    }
-    child = spawnSshTunnel(options.app, session.localPort, session.remotePort, context);
-    if (child.pid !== void 0) {
-      await updateSessionPid(session.sessionId, child.pid);
-    }
-    child.on("close", (code) => {
-      tunnelClosed = true;
-      exitResolve?.(code);
-    });
-    child.on("error", (err) => {
-      emit("error", err.message);
-    });
-    const ready = await probeTunnelReady(session.localPort, tunnelReadyTimeoutMs);
-    checkAbort(options.signal);
-    if (!ready) {
-      throw new CfDebuggerError(
-        "TUNNEL_NOT_READY",
-        `SSH tunnel on port ${session.localPort.toString()} did not become ready within ${Math.round(tunnelReadyTimeoutMs / 1e3).toString()}s.`
-      );
-    }
-    const listeningPid = await findListeningProcessId(session.localPort);
-    const activePid = listeningPid ?? child.pid ?? session.pid;
-    if (activePid !== session.pid) {
-      await updateSessionPid(session.sessionId, activePid);
-    }
+    );
+    child = tunnel.child;
     emit("ready");
     const readySession = await updateSessionStatus(session.sessionId, "ready");
-    const activeSession = readySession ?? { ...session, pid: activePid, status: "ready" };
-    let disposePromise;
-    const handle = {
-      session: activeSession,
-      dispose: async () => {
-        disposePromise ??= (async () => {
-          emit("stopping");
-          await updateSessionStatus(session.sessionId, "stopping");
-          await finalize();
-        })();
-        await disposePromise;
-      },
-      waitForExit: async () => {
-        return await exitPromise;
-      }
-    };
-    return handle;
+    const activeSession = readySession ?? { ...session, pid: tunnel.activePid, status: "ready" };
+    return createHandle(activeSession, emit, finalize, exitPromise);
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
     emit("error", message);
@@ -904,6 +969,16 @@ async function startDebugger(options) {
     throw err;
   }
 }
+async function cleanupFilesystem(cfHomeDir) {
+  try {
+    await rm(cfHomeDir, { recursive: true, force: true });
+  } catch {
+  }
+}
+
+// src/debug-session/sessions.ts
+import { rm as rm2 } from "fs/promises";
+import process5 from "process";
 async function stopDebugger(options) {
   const sessions = await pruneAndCleanupOrphans();
   let target;
@@ -916,7 +991,7 @@ async function stopDebugger(options) {
   if (target === void 0) {
     return void 0;
   }
-  if (target.pid !== process3.pid) {
+  if (target.pid !== process5.pid) {
     try {
       await terminatePidOrGroup(target.pid);
     } catch {
@@ -927,7 +1002,7 @@ async function stopDebugger(options) {
   }, PORT_CLEANUP_DELAY_MS);
   const removed = await removeSession(target.sessionId);
   try {
-    await rm(target.cfHomeDir, { recursive: true, force: true });
+    await rm2(target.cfHomeDir, { recursive: true, force: true });
   } catch {
   }
   return removed ?? target;