@selvajs/cli 2.0.0 → 2.0.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@selvajs/cli",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "description": "Scaffold and operate a Selva white-label deployment. `npx @selvajs/cli <dir>` to bootstrap, `selva <cmd>` to manage.",
   "license": "MIT",
   "publishConfig": {
@@ -8,7 +8,7 @@
   },
   "type": "module",
   "bin": {
-    "create": "./bin/create.js",
+    "cli": "./bin/cli.js",
     "selva": "./bin/selva.js"
   },
   "files": [
@@ -23,8 +23,8 @@
     "picocolors": "^1.1.1"
   },
   "scripts": {
-    "start": "node ./bin/create.js",
+    "start": "node ./bin/cli.js",
     "selva": "node ./bin/selva.js",
-    "test": "node --input-type=module -e \"for (const m of ['./src/cli.js','./src/prompts.js','./src/env.js','./src/paths.js','./src/secrets.js','./src/commands/create.js','./src/commands/init.js','./src/commands/doctor.js','./src/commands/pm2.js','./src/commands/keys.js']) { await import(m); }\""
+    "test": "node --input-type=module -e \"for (const m of ['./src/cli.js','./src/prompts.js','./src/env.js','./src/paths.js','./src/secrets.js','./src/commands/create.js','./src/commands/init.js','./src/commands/doctor.js','./src/commands/pm2.js','./src/commands/migrate.js','./src/commands/keys.js']) { await import(m); }\""
   }
 }

package/src/cli.js

@@ -14,6 +14,7 @@ const COMMANDS = {
 	restart: () => import('./commands/pm2.js').then((m) => m.runRestart),
 	logs: () => import('./commands/pm2.js').then((m) => m.runLogs),
 	update: () => import('./commands/pm2.js').then((m) => m.runUpdate),
+	migrate: () => import('./commands/migrate.js').then((m) => m.runMigrate),
 	keys: () => import('./commands/keys.js').then((m) => keysDispatch(m))
 };
 
@@ -70,6 +71,7 @@ function printHelp() {
 			'  restart                 pm2 restart selva-compute --update-env',
 			'  logs                    pm2 logs selva-compute',
 			'  update                  npm update @selvajs/selva + restart',
+			'  migrate                 Bring package.json onto the current layout',
 			'  keys rotate <hmac|at-rest>   Rotate a secret in .env (destructive)',
 			'',
 			pc.dim('To scaffold a new deployment: ') + pc.cyan('npx @selvajs/cli <dir>')

package/src/commands/doctor.js

@@ -10,12 +10,13 @@
 //
 // Exits 0 (green) or 1 (any red); yellow checks don't fail the run.
 
-import { existsSync, accessSync, constants, statSync } from 'node:fs';
+import { existsSync, readFileSync, accessSync, constants, statSync } from 'node:fs';
 import { join, resolve } from 'node:path';
 import * as p from '@clack/prompts';
 import pc from 'picocolors';
 import { readEnvFile } from '../env.js';
 import { requireDeploymentDir, resolveDeploymentDir } from '../paths.js';
+import { detectDrift } from './migrate.js';
 
 const HEX_64 = /^[0-9a-f]{64}$/i;
 const PLACEHOLDER = 'replace-this-with-a-random-32-byte-hex-key';
@@ -34,6 +35,12 @@ export async function runDoctor() {
 	checks.push(checkFile(join(dir, 'selva.config.js'), 'selva.config.js present'));
 	checks.push(checkFile(join(dir, 'ecosystem.config.cjs'), 'ecosystem.config.cjs present'));
 
+	// ── Layout drift ───────────────────────────────────────────────────
+	// Catches deployments still on the @selvajs/runtime layout (or other
+	// historical states) and points the operator at `selva migrate` instead
+	// of just letting the missing-package checks below scream.
+	checks.push(checkLayoutDrift(dir));
+
 	// ── Secrets ────────────────────────────────────────────────────────
 	checks.push(checkSecret(env.SELVA_HMAC_KEY, 'SELVA_HMAC_KEY is a 32-byte hex string'));
 	checks.push(checkSecret(env.SELVA_AT_REST_KEY, 'SELVA_AT_REST_KEY is a 32-byte hex string'));
@@ -192,6 +199,23 @@ function checkPackage(dir, name) {
 	return green(`${name} installed`);
 }
 
+function checkLayoutDrift(dir) {
+	const pkgPath = join(dir, 'package.json');
+	if (!existsSync(pkgPath)) return yellow('package.json missing — cannot check layout');
+	let pkg;
+	try {
+		pkg = JSON.parse(readFileSync(pkgPath, 'utf8'));
+	} catch {
+		return red('package.json is not valid JSON');
+	}
+	const reasons = detectDrift(pkg);
+	if (reasons.length === 0) return green('package.json layout is current');
+	return red(
+		`package.json layout is outdated — run \`selva migrate\`:\n     ` +
+			reasons.map((r) => '· ' + r).join('\n     ')
+	);
+}
+
 // Header-auth-specific sanity checks. None of these catch the truly dangerous
 // misconfigurations (header spoofing, missing proxy auth) — those are
 // runtime invariants we can't verify from here. We DO check the things we can:

package/src/commands/migrate.js

@@ -0,0 +1,243 @@
+// `selva migrate` — bring an existing deployment's package.json onto the
+// current layout.
+//
+// Two historical migrations exist for Selva deployments:
+//   1. `@selvajs/create` → `@selvajs/cli`  (CLI bootstrap; can't be automated
+//      since the operator has no `selva` binary yet — they run two npm
+//      commands by hand from the Hotfix doc).
+//   2. `@selvajs/runtime` → `@selvajs/selva`  (runtime bundling: UI, schemas,
+//      ui-kit and the providers' workspace deps are now built into
+//      @selvajs/selva). This is what `selva migrate` automates.
+//
+// Future package-layout shifts go here too — the command should remain
+// idempotent. On an already-current deployment it prints "nothing to
+// migrate" and exits 0.
+//
+// Mirrors `selva update`'s lifecycle: stop pm2, mutate node_modules, start
+// pm2 again with --update-env. Rollback restores package.json.bak on
+// npm-install failure so the operator isn't left with a broken deployment.
+
+import { existsSync, readFileSync, writeFileSync, copyFileSync, rmSync } from 'node:fs';
+import { join } from 'node:path';
+import { spawnSync, execSync } from 'node:child_process';
+import * as p from '@clack/prompts';
+import pc from 'picocolors';
+import { readEnvFile } from '../env.js';
+import { requireDeploymentDir, resolveDeploymentDir } from '../paths.js';
+
+const APP_NAME = 'selva-compute';
+
+// Packages we own. Everything in this set is rewritten wholesale by migrate;
+// anything outside it (operator's own deps) gets dropped, which is the
+// explicit design choice — operators with custom deps should fork the
+// template rather than hand-patch the deployment package.json.
+const SELVA_DEPS = new Set([
+	'@selvajs/cli',
+	'@selvajs/selva',
+	'@selvajs/runtime', // legacy — removed during migrate
+	'@selvajs/platform',
+	'@selvajs/local-provider',
+	'@selvajs/supabase-provider',
+	'@selvajs/header-auth-provider',
+	'@selvajs/create' // legacy CLI — removed during migrate
+]);
+
+const CANONICAL_SCRIPTS = {
+	start: 'selva start',
+	stop: 'selva stop',
+	restart: 'selva restart',
+	logs: 'selva logs',
+	doctor: 'selva doctor',
+	update: 'selva update'
+};
+
+export async function runMigrate() {
+	const dir = resolveDeploymentDir();
+	requireDeploymentDir(dir);
+
+	p.intro(pc.bgCyan(pc.black(' selva migrate ')));
+
+	const pkgPath = join(dir, 'package.json');
+	if (!existsSync(pkgPath)) {
+		p.outro(pc.red('No package.json in this directory — nothing to migrate.'));
+		process.exit(1);
+	}
+
+	const before = JSON.parse(readFileSync(pkgPath, 'utf8'));
+	const env = readEnvFile(join(dir, '.env'));
+
+	const target = buildTargetPackageJson(before, env);
+	const diff = diffPackageJson(before, target);
+
+	if (diff.length === 0) {
+		p.outro(pc.green('Already on the current layout — nothing to migrate.'));
+		return;
+	}
+
+	p.log.info('Changes to apply:');
+	for (const line of diff) console.log('  ' + line);
+
+	const confirmed = await p.confirm({
+		message: 'Apply these changes, reinstall, and restart?',
+		initialValue: true
+	});
+	if (p.isCancel(confirmed) || !confirmed) {
+		p.cancel('Cancelled.');
+		return;
+	}
+
+	// Stop pm2 before mutating node_modules. Same reasoning as `selva update`:
+	// SvelteKit's node adapter lazy-imports chunks, so swapping the build dir
+	// under a live process causes ERR_MODULE_NOT_FOUND on in-flight requests.
+	const stopStatus = runPm2(dir, ['stop', APP_NAME], { inherit: false });
+	if (stopStatus !== 0) {
+		p.log.warn('pm2 stop did not succeed — selva-compute may not be running. Continuing.');
+	}
+
+	// Write package.json.bak before touching anything. Restored if npm install
+	// fails so the operator can re-run with their previous state intact.
+	const bakPath = pkgPath + '.bak';
+	copyFileSync(pkgPath, bakPath);
+	writeFileSync(pkgPath, JSON.stringify(target, null, 2) + '\n', 'utf8');
+
+	// Nuke node_modules + lockfile. A simple `npm install` won't always
+	// resolve correctly when major version ranges change (e.g. runtime 0.10
+	// → selva 2.0) — the lockfile pins old transitive deps that no longer
+	// belong. Clean install is the only reliable path.
+	rmSync(join(dir, 'node_modules'), { recursive: true, force: true });
+	rmSync(join(dir, 'package-lock.json'), { force: true });
+
+	const s = p.spinner();
+	s.start('Installing new dependencies (this can take a minute)');
+	try {
+		// --prefer-online to bypass the stale-packument trap documented in
+		// docs/Hotfix-CLI-Runtime.md.
+		execSync('npm install --prefer-online', {
+			cwd: dir,
+			stdio: 'pipe'
+		});
+		s.stop('Dependencies installed');
+	} catch (err) {
+		s.stop(pc.red('npm install failed — rolling back package.json'));
+		copyFileSync(bakPath, pkgPath);
+		// Try to bring the old process back up so we don't leave the operator
+		// with downtime. If node_modules was wiped this won't help, but at
+		// least package.json matches what's on disk.
+		runPm2(dir, ['start', APP_NAME, '--update-env'], { inherit: false });
+		p.outro(pc.red(`Migration aborted: ${err.message ?? err}`));
+		process.exit(1);
+	}
+
+	const status = runPm2(dir, ['start', APP_NAME, '--update-env'], { inherit: false });
+	if (status === 0) {
+		p.outro(
+			[
+				pc.green('Migration complete.'),
+				pc.dim('Old package.json saved as ') + pc.cyan('package.json.bak'),
+				pc.dim('Run ') + pc.cyan('selva doctor') + pc.dim(' to verify.')
+			].join('\n')
+		);
+	} else {
+		p.outro(pc.yellow(`Migration applied but pm2 start failed — check \`pm2 logs ${APP_NAME}\`.`));
+	}
+}
+
+// Compute what package.json should look like given the current contents and
+// the operator's .env (which tells us which providers are in use).
+//
+// Wholesale-replace semantics: any @selvajs/* or pm2 entry not in our
+// canonical set is dropped. Non-selva deps the operator added are also
+// dropped — that's the design choice we made up-front.
+function buildTargetPackageJson(current, env) {
+	const providers = new Set(
+		[
+			env.SELVA_AUTH_PROVIDER,
+			env.SELVA_DATA_PROVIDER,
+			env.SELVA_STORAGE_PROVIDER
+		].filter(Boolean).map((v) => v.toLowerCase())
+	);
+
+	const deps = {
+		'@selvajs/cli': 'latest',
+		'@selvajs/selva': 'latest',
+		'@selvajs/platform': 'latest',
+		pm2: '^5.4.0'
+	};
+	if (providers.has('local')) deps['@selvajs/local-provider'] = 'latest';
+	if (providers.has('supabase')) deps['@selvajs/supabase-provider'] = 'latest';
+	if (providers.has('header')) deps['@selvajs/header-auth-provider'] = 'latest';
+
+	return {
+		name: current.name ?? 'selva-deployment',
+		version: current.version ?? '0.1.0',
+		private: true,
+		type: 'module',
+		scripts: { ...CANONICAL_SCRIPTS },
+		dependencies: deps
+	};
+}
+
+// Produce human-readable diff lines for the confirmation prompt. Keep it
+// short — the operator just needs to see what's moving, not a unified diff.
+function diffPackageJson(before, after) {
+	const lines = [];
+
+	const beforeDeps = before.dependencies ?? {};
+	const afterDeps = after.dependencies ?? {};
+
+	const allNames = new Set([...Object.keys(beforeDeps), ...Object.keys(afterDeps)]);
+	for (const name of [...allNames].sort()) {
+		const a = beforeDeps[name];
+		const b = afterDeps[name];
+		if (a && !b) lines.push(`${pc.red('-')} ${name} ${pc.dim(a)}`);
+		else if (!a && b) lines.push(`${pc.green('+')} ${name} ${pc.dim(b)}`);
+		else if (a !== b) lines.push(`${pc.yellow('~')} ${name} ${pc.dim(a + ' → ' + b)}`);
+	}
+
+	const beforeScripts = before.scripts ?? {};
+	const afterScripts = after.scripts ?? {};
+	const allScripts = new Set([...Object.keys(beforeScripts), ...Object.keys(afterScripts)]);
+	for (const name of [...allScripts].sort()) {
+		const a = beforeScripts[name];
+		const b = afterScripts[name];
+		if (a !== b) {
+			if (a && !b) lines.push(`${pc.red('-')} script.${name} ${pc.dim(a)}`);
+			else if (!a && b) lines.push(`${pc.green('+')} script.${name} ${pc.dim(b)}`);
+			else lines.push(`${pc.yellow('~')} script.${name} ${pc.dim(a + ' → ' + b)}`);
+		}
+	}
+
+	return lines;
+}
+
+// Local copy of pm2.js's runner. Importing it would create a circular
+// dependency via the `pm2.js` exports; pm2 invocation is small enough to
+// duplicate.
+function runPm2(dir, args, { inherit = true } = {}) {
+	const local = join(dir, 'node_modules', '.bin', process.platform === 'win32' ? 'pm2.cmd' : 'pm2');
+	const bin = existsSync(local) ? local : 'pm2';
+	const result = spawnSync(bin, args, {
+		cwd: dir,
+		stdio: inherit ? 'inherit' : 'pipe',
+		shell: process.platform === 'win32'
+	});
+	if (result.error) return 1;
+	return result.status ?? 0;
+}
+
+// Exported for use by `selva doctor` so it can warn about layout drift
+// without duplicating the detection logic.
+export function detectDrift(pkgJson) {
+	const deps = pkgJson?.dependencies ?? {};
+	const reasons = [];
+	if (deps['@selvajs/runtime']) reasons.push('@selvajs/runtime is the old runtime package');
+	if (deps['@selvajs/create']) reasons.push('@selvajs/create is the old CLI package');
+	if (!deps['@selvajs/selva']) reasons.push('@selvajs/selva is missing');
+	if (!deps['@selvajs/cli']) reasons.push('@selvajs/cli is missing');
+	if (!deps['pm2']) reasons.push('pm2 is not in dependencies');
+	return reasons;
+}
+
+// Re-exported so tests/imports can verify what migrate would write without
+// actually running it.
+export { buildTargetPackageJson, SELVA_DEPS };