@swarp/cli 0.0.3 → 0.0.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swarp/cli",
-  "version": "0.0.3",
+  "version": "0.0.4",
   "description": "SWARP agent orchestration platform — CLI, MCP server, generator",
   "type": "module",
   "bin": {

package/src/deploy/wireguard.mjs

@@ -0,0 +1,54 @@
+import { execFileSync } from "node:child_process";
+import { readFileSync, writeFileSync } from "node:fs";
+
+export function createWireGuardPeer(org, region, agentName) {
+  const confPath = `/tmp/${agentName}.conf`;
+  execFileSync("flyctl", ["wireguard", "create", org, region, agentName, confPath]);
+  return confPath;
+}
+
+export function extractDnsIP(confPath) {
+  const contents = readFileSync(confPath, "utf8");
+  for (const line of contents.split("\n")) {
+    const trimmed = line.trim();
+    if (trimmed.startsWith("DNS")) {
+      const [, value] = trimmed.split("=");
+      return value.trim();
+    }
+  }
+  return null;
+}
+
+export function addKeepalive(confPath, interval = 25) {
+  const contents = readFileSync(confPath, "utf8");
+  if (contents.includes("PersistentKeepalive")) {
+    return confPath;
+  }
+  const updated = contents.replace(
+    /(\[Peer\])/,
+    `$1\nPersistentKeepalive = ${interval}`
+  );
+  writeFileSync(confPath, updated, "utf8");
+  return confPath;
+}
+
+export function pushWireGuardToSprite(agentName, confPath) {
+  const conf = readFileSync(confPath, "utf8");
+  execFileSync(
+    "sprite",
+    [
+      "exec",
+      "-s",
+      agentName,
+      "--",
+      "bash",
+      "-c",
+      "mkdir -p /etc/wireguard && cat > /etc/wireguard/wg0.conf && wg-quick up wg0",
+    ],
+    { input: conf }
+  );
+}
+
+export function removeWireGuardPeer(org, agentName) {
+  execFileSync("flyctl", ["wireguard", "remove", org, agentName]);
+}

package/src/deploy/wireguard.test.mjs

@@ -0,0 +1,91 @@
+import { describe, it, expect, vi, beforeEach } from "vitest";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { writeFileSync, readFileSync } from "node:fs";
+
+vi.mock("node:child_process", () => ({ execFileSync: vi.fn() }));
+
+import { execFileSync } from "node:child_process";
+import {
+  createWireGuardPeer,
+  extractDnsIP,
+  addKeepalive,
+  pushWireGuardToSprite,
+  removeWireGuardPeer,
+} from "./wireguard.mjs";
+
+const SAMPLE_CONF = `[Interface]
+PrivateKey = abc123
+Address = fdaa:0:5e4f:a7b:23c:0:a:2/120
+DNS = fdaa:0:5e4f::3
+
+[Peer]
+PublicKey = xyz789
+AllowedIPs = fdaa:0:5e4f::/48
+Endpoint = sea1.gateway.6pn.dev:51820
+`;
+
+function writeTempConf(contents = SAMPLE_CONF) {
+  const path = join(tmpdir(), `wg-test-${Date.now()}.conf`);
+  writeFileSync(path, contents, "utf8");
+  return path;
+}
+
+describe("createWireGuardPeer", () => {
+  beforeEach(() => vi.clearAllMocks());
+
+  it("calls flyctl with correct args and returns conf path", () => {
+    const result = createWireGuardPeer("my-org", "sea", "my-agent");
+    expect(execFileSync).toHaveBeenCalledWith("flyctl", [
+      "wireguard",
+      "create",
+      "my-org",
+      "sea",
+      "my-agent",
+      "/tmp/my-agent.conf",
+    ]);
+    expect(result).toBe("/tmp/my-agent.conf");
+  });
+});
+
+describe("extractDnsIP", () => {
+  it("parses the DNS IP from a WG config", () => {
+    const confPath = writeTempConf();
+    expect(extractDnsIP(confPath)).toBe("fdaa:0:5e4f::3");
+  });
+});
+
+describe("addKeepalive", () => {
+  it("inserts PersistentKeepalive after [Peer]", () => {
+    const confPath = writeTempConf();
+    addKeepalive(confPath);
+    const result = readFileSync(confPath, "utf8");
+    expect(result).toContain("PersistentKeepalive = 25");
+    expect(result.indexOf("[Peer]")).toBeLessThan(
+      result.indexOf("PersistentKeepalive")
+    );
+  });
+
+  it("is idempotent — does not add keepalive twice", () => {
+    const confPath = writeTempConf();
+    addKeepalive(confPath);
+    addKeepalive(confPath);
+    const result = readFileSync(confPath, "utf8");
+    const count = (result.match(/PersistentKeepalive/g) || []).length;
+    expect(count).toBe(1);
+  });
+});
+
+describe("removeWireGuardPeer", () => {
+  beforeEach(() => vi.clearAllMocks());
+
+  it("calls flyctl with correct args", () => {
+    removeWireGuardPeer("my-org", "my-agent");
+    expect(execFileSync).toHaveBeenCalledWith("flyctl", [
+      "wireguard",
+      "remove",
+      "my-org",
+      "my-agent",
+    ]);
+  });
+});

package/src/init/index.mjs

@@ -93,11 +93,6 @@ function buildRouterYaml() {
 registration:
   ttl_minutes: 30
   persist_path: /data/registry.json
-
-tls:
-  ca_cert_secret: SWARP_MTLS_CA_CERT
-  router_cert_secret: SWARP_MTLS_ROUTER_CERT
-  router_key_secret: SWARP_MTLS_ROUTER_KEY
 `;
 }
 
@@ -136,6 +131,7 @@ function updateMcpJson(cwd) {
   console.log(`  update ${mcpPath} — added swarp entry`);
 }
 
+
 // ── Main entry point ──────────────────────────────────────────────────────────
 
 /**

package/src/init/index.test.mjs

@@ -4,6 +4,24 @@ import path from 'node:path';
 import os from 'node:os';
 import { runInit } from './index.mjs';
 
+// Track calls made to execFileSync by the module under test.
+// We cannot vi.spyOn a CJS binding in ESM, so we use a shared call log
+// populated via vi.mock instead.
+const execFileSyncCalls = [];
+let execFileSyncImpl = null;
+
+vi.mock('node:child_process', async (importOriginal) => {
+  const original = await importOriginal();
+  return {
+    ...original,
+    execFileSync: (...args) => {
+      execFileSyncCalls.push(args);
+      if (execFileSyncImpl) return execFileSyncImpl(...args);
+      return original.execFileSync(...args);
+    },
+  };
+});
+
 // ── Helpers ───────────────────────────────────────────────────────────────────
 
 function makeTmpDir() {
@@ -28,6 +46,8 @@ describe('runInit', () => {
 
   beforeEach(() => {
     tmpDir = makeTmpDir();
+    execFileSyncCalls.length = 0;
+    execFileSyncImpl = null;
     // Silence stdout/stderr during tests
     vi.spyOn(console, 'log').mockImplementation(() => {});
     vi.spyOn(console, 'warn').mockImplementation(() => {});
@@ -35,6 +55,7 @@ describe('runInit', () => {
 
   afterEach(() => {
     cleanDir(tmpDir);
+    execFileSyncImpl = null;
     vi.restoreAllMocks();
   });
 
@@ -72,7 +93,7 @@ describe('runInit', () => {
     expect(fs.existsSync(p)).toBe(true);
     const content = fs.readFileSync(p, 'utf8');
     expect(content).toContain('grpc_port: 50051');
-    expect(content).toContain('SWARP_MTLS_CA_CERT');
+    expect(content).toContain('grpc_port: 50051');
   });
 
   it('creates .github/workflows/deploy-agents.yml', async () => {
@@ -165,4 +186,5 @@ describe('runInit', () => {
     const messages = logSpy.mock.calls.map((c) => c[0]).join('\n');
     expect(messages).toContain('/swarp');
   });
+
 });