@tamyla/clodo-framework 3.1.21 → 3.1.22

package/dist/bin/shared/utils/deployment-validator.js

@@ -0,0 +1,97 @@
+/**
+ * Deployment Validator Utility
+ * Pre-deployment validation and prerequisite checking
+ * Extracted from clodo-service-old.js for modular reuse
+ */
+
+import { existsSync } from 'fs';
+import { join } from 'path';
+import chalk from 'chalk';
+
+/**
+ * Validate deployment prerequisites before proceeding
+ * @param {Object} coreInputs - Core deployment inputs
+ * @param {Object} options - Deployment options
+ * @returns {Promise<boolean>} True if all prerequisites are valid
+ */
+export async function validateDeploymentPrerequisites(coreInputs, options) {
+  const issues = [];
+  console.log(chalk.cyan('\n🔍 Pre-deployment Validation'));
+  console.log(chalk.gray('─'.repeat(40)));
+
+  // Check required fields
+  if (!coreInputs.customer) {
+    issues.push('Customer name is required');
+  }
+  if (!coreInputs.environment) {
+    issues.push('Environment is required');
+  }
+  if (!coreInputs.domainName) {
+    issues.push('Domain name is required');
+  }
+  if (!coreInputs.cloudflareToken) {
+    issues.push('Cloudflare API token is required');
+  }
+
+  // Check Cloudflare token format (basic validation)
+  if (coreInputs.cloudflareToken && !coreInputs.cloudflareToken.startsWith('CLOUDFLARE_API_TOKEN=')) {
+    if (coreInputs.cloudflareToken.length < 40) {
+      issues.push('Cloudflare API token appears to be invalid (too short)');
+    }
+  }
+
+  // Check if service path exists
+  if (options.servicePath && options.servicePath !== '.') {
+    if (!existsSync(options.servicePath)) {
+      issues.push(`Service path does not exist: ${options.servicePath}`);
+    }
+  }
+
+  // Check for wrangler.toml if not dry run
+  if (!options.dryRun) {
+    const wranglerPath = join(options.servicePath || '.', 'wrangler.toml');
+    if (!existsSync(wranglerPath)) {
+      issues.push('wrangler.toml not found in service directory');
+    }
+  }
+
+  // Report issues
+  if (issues.length > 0) {
+    console.log(chalk.red('\n❌ Validation Failed:'));
+    issues.forEach(issue => {
+      console.log(chalk.red(`   • ${issue}`));
+    });
+    console.log(chalk.gray('\n─'.repeat(40)));
+    return false;
+  }
+  console.log(chalk.green('✅ All prerequisites validated'));
+  console.log(chalk.gray('─'.repeat(40)));
+  return true;
+}
+
+/**
+ * Validate basic deployment inputs
+ * @param {Object} inputs - Input object to validate
+ * @param {Array<string>} requiredFields - Required field names
+ * @returns {Object} Validation result { valid, errors }
+ */
+export function validateDeploymentInputs(inputs, requiredFields = ['customer', 'environment', 'domainName', 'cloudflareToken']) {
+  const result = {
+    valid: true,
+    errors: []
+  };
+
+  // Handle null/undefined inputs
+  if (!inputs) {
+    result.errors.push('Input object is required');
+    result.valid = false;
+    return result;
+  }
+  requiredFields.forEach(field => {
+    if (!inputs[field]) {
+      result.errors.push(`${field} is required`);
+      result.valid = false;
+    }
+  });
+  return result;
+}

package/dist/bin/shared/utils/formatters.js

@@ -118,6 +118,16 @@ export const ResourceFormatters = {
    */
   configKey(camelCase) {
     return NameFormatters.toKebabCase(camelCase);
+  },
+  /**
+   * Format package name for NPM
+   * Example: 'my-service' → 'my-service'
+   */
+  packageName(serviceName) {
+    if (!serviceName) return '';
+    // For NPM packages, just use the service name as-is
+    // Scoped packages would be handled separately (e.g., @company/my-service)
+    return serviceName;
   }
 };
 

package/dist/bin/shared/utils/index.js

@@ -16,4 +16,16 @@ export { GracefulShutdownManager, getShutdownManager, initializeGracefulShutdown
 export { executeWithRateLimit, queueRequest, getRateLimitStatus, clearQueues, RATE_LIMITS } from './rate-limiter.js';
 
 // Unified error handling module (Phase 3.2.3d - consolidated from 5 sources)
-export { default as ErrorHandler, createErrorResponse, createContextualError, createErrorHandler } from './ErrorHandler.js';
+export { default as ErrorHandler, createErrorResponse, createContextualError, createErrorHandler } from './ErrorHandler.js';
+
+// Progress display utilities
+export { showProgressSpinner, showProgressWithSpinner } from './progress-spinner.js';
+
+// Deployment validation
+export { validateDeploymentPrerequisites, validateDeploymentInputs } from './deployment-validator.js';
+
+// Sensitive information redaction
+export { redactSensitiveInfo, redactSensitiveObject } from './sensitive-redactor.js';
+
+// Configuration loading
+export { ConfigLoader } from './config-loader.js';

package/dist/bin/shared/utils/interactive-prompts.js

@@ -98,6 +98,7 @@ export function showProgress(message, steps = ['⏳', '⚡', '✅']) {
 
 /**
  * Ask for sensitive input (like API tokens) with hidden input
+ * Supports pasting with Ctrl+V or right-click paste
  */
 export function askPassword(question) {
   return new Promise(resolve => {
@@ -107,26 +108,41 @@ export function askPassword(question) {
     // Hide input for sensitive data
     process.stdin.setRawMode(true);
     process.stdin.resume();
+    process.stdin.setEncoding('utf8');
     let password = '';
-    const onData = char => {
-      const charCode = char[0];
-      if (charCode === 13) {
-        // Enter key
-        process.stdin.setRawMode(false);
-        process.stdin.pause();
-        process.stdin.removeListener('data', onData);
-        process.stdout.write('\n');
-        resolve(password);
-      } else if (charCode === 127 || charCode === 8) {
-        // Backspace
-        if (password.length > 0) {
-          password = password.slice(0, -1);
-          process.stdout.write('\b \b');
+    const onData = chunk => {
+      // Handle multi-character input (paste operations)
+      for (let i = 0; i < chunk.length; i++) {
+        const char = chunk[i];
+        const charCode = char.charCodeAt(0);
+        if (charCode === 13 || charCode === 10) {
+          // Enter key (CR or LF)
+          process.stdin.setRawMode(false);
+          process.stdin.pause();
+          process.stdin.removeListener('data', onData);
+          process.stdout.write('\n');
+          resolve(password);
+          return;
+        } else if (charCode === 127 || charCode === 8) {
+          // Backspace
+          if (password.length > 0) {
+            password = password.slice(0, -1);
+            process.stdout.write('\b \b');
+          }
+        } else if (charCode === 3) {
+          // Ctrl+C
+          process.stdin.setRawMode(false);
+          process.stdin.pause();
+          process.stdin.removeListener('data', onData);
+          process.stdout.write('\n');
+          console.log('\nOperation cancelled');
+          process.exit(0);
+        } else if (charCode >= 32 && charCode <= 126) {
+          // Printable characters
+          password += char;
+          process.stdout.write('*');
         }
-      } else if (charCode >= 32 && charCode <= 126) {
-        // Printable characters
-        password += char.toString();
-        process.stdout.write('*');
+        // Ignore other control characters (allows paste to work)
       }
     };
     process.stdin.on('data', onData);

package/dist/bin/shared/utils/progress-manager.js

@@ -71,11 +71,11 @@ export class ProgressManager {
    * @returns {ProgressManager} This instance for chaining
    */
   nextStep(stepName = null) {
+    this.currentStep++;
+    this.stepStartTime = Date.now();
     if (this.quiet) {
       return this;
     }
-    this.currentStep++;
-    this.stepStartTime = Date.now();
     const name = stepName || this.steps[this.currentStep - 1] || `Step ${this.currentStep}`;
     const progress = this.totalSteps > 0 ? Math.round(this.currentStep / this.totalSteps * 100) : 0;
     if (this.output) {

package/dist/bin/shared/utils/progress-spinner.js

@@ -0,0 +1,53 @@
+/**
+ * Progress Spinner Utility
+ * Enhanced progress display with spinner animation
+ * Extracted from clodo-service-old.js for modular reuse
+ */
+
+import chalk from 'chalk';
+
+/**
+ * Display progress with animated spinner
+ * @param {string} message - Progress message to display
+ * @param {number} duration - Duration in milliseconds (default: 2000)
+ * @returns {Promise} Resolves when progress completes
+ */
+export function showProgressSpinner(message, duration = 2000) {
+  return new Promise(resolve => {
+    process.stdout.write(chalk.cyan(`⏳ ${message}...`));
+    const spinner = ['⠋', '⠙', '⠹', '⠸', '⠼', '⠴', '⠦', '⠧', '⠇', '⠏'];
+    let i = 0;
+    const interval = setInterval(() => {
+      process.stdout.write(`\r${chalk.cyan(spinner[i])} ${message}...`);
+      i = (i + 1) % spinner.length;
+    }, 100);
+    setTimeout(() => {
+      clearInterval(interval);
+      process.stdout.write(`\r${chalk.green('✅')} ${message}... Done!\n`);
+      resolve();
+    }, duration);
+  });
+}
+
+/**
+ * Display progress with custom spinner characters
+ * @param {string} message - Progress message
+ * @param {Array<string>} spinnerChars - Custom spinner characters
+ * @param {number} duration - Duration in milliseconds
+ * @returns {Promise} Resolves when complete
+ */
+export function showProgressWithSpinner(message, spinnerChars = ['⠋', '⠙', '⠹', '⠸', '⠼', '⠴', '⠦', '⠧', '⠇', '⠏'], duration = 2000) {
+  return new Promise(resolve => {
+    process.stdout.write(chalk.cyan(`⏳ ${message}...`));
+    let i = 0;
+    const interval = setInterval(() => {
+      process.stdout.write(`\r${chalk.cyan(spinnerChars[i])} ${message}...`);
+      i = (i + 1) % spinnerChars.length;
+    }, 100);
+    setTimeout(() => {
+      clearInterval(interval);
+      process.stdout.write(`\r${chalk.green('✅')} ${message}... Done!\n`);
+      resolve();
+    }, duration);
+  });
+}

package/dist/bin/shared/utils/sensitive-redactor.js

@@ -0,0 +1,91 @@
+/**
+ * Sensitive Information Redactor
+ * Advanced pattern-based redaction for logs and output
+ * Extracted from clodo-service-old.js for modular reuse
+ */
+
+/**
+ * Redact sensitive information from text using pattern matching
+ * @param {string} text - Text to redact
+ * @returns {string} Redacted text
+ */
+export function redactSensitiveInfo(text) {
+  if (typeof text !== 'string') return text;
+
+  // Patterns to redact
+  const patterns = [
+  // Cloudflare API tokens
+  [/(CLOUDFLARE_API_TOKEN=?)(\w{20,})/gi, '$1[REDACTED]'],
+  // Generic API tokens/keys - require minimum length
+  [/(token|api[_-]?token|api[_-]?key|auth[_-]?token)["']?[:=]\s*([a-zA-Z0-9_-]{6,})/gi, '$1: [REDACTED]'],
+  // Passwords - require minimum length
+  [/(password|passwd|pwd)["']?[:=]\s*([^"'\s]{4,})/gi, '$1: [REDACTED]'],
+  // Secrets - require minimum length
+  [/(secret|key)["']?[:=]\s*([a-zA-Z0-9_-]{6,})/gi, '$1: [REDACTED]'],
+  // Account IDs (partial redaction) - match 8+ characters
+  [/(account[_-]?id|zone[_-]?id)["']?[:=]\s*["']?([a-zA-Z0-9]{8})([a-zA-Z0-9]*)/gi, '$1: $2[REDACTED]']];
+  let redacted = text;
+  patterns.forEach(([pattern, replacement]) => {
+    redacted = redacted.replace(pattern, replacement);
+  });
+  return redacted;
+}
+
+/**
+ * Redact sensitive information from an object recursively
+ * @param {any} obj - Object to redact
+ * @param {Set} visited - Set of visited objects to prevent circular references
+ * @returns {any} Redacted object
+ */
+export function redactSensitiveObject(obj, visited = new Set()) {
+  // Handle circular references by returning a placeholder
+  if (obj && typeof obj === 'object') {
+    if (visited.has(obj)) {
+      return '[CIRCULAR REFERENCE]';
+    }
+    visited.add(obj);
+  }
+  if (typeof obj === 'string') {
+    return redactSensitiveInfo(obj);
+  }
+  if (Array.isArray(obj)) {
+    // Process each array element individually
+    return obj.map(item => redactSensitiveObject(item, visited));
+  }
+  if (obj && typeof obj === 'object') {
+    const redacted = {};
+    for (const [key, value] of Object.entries(obj)) {
+      const lowerKey = key.toLowerCase();
+      // Special handling for accountId and zoneId - allow partial redaction via regex
+      if (lowerKey.includes('accountid') || lowerKey.includes('zoneid')) {
+        if (typeof value === 'string') {
+          // Apply partial redaction for account/zone IDs
+          redacted[key] = value.replace(/^([a-zA-Z0-9]{8})([a-zA-Z0-9]*)$/, '$1[REDACTED]');
+        } else {
+          redacted[key] = redactSensitiveObject(value, visited);
+        }
+      } else if (isSensitiveKey(key)) {
+        if (Array.isArray(value)) {
+          // Redact each element in sensitive arrays
+          redacted[key] = value.map(() => '[REDACTED]');
+        } else {
+          redacted[key] = '[REDACTED]';
+        }
+      } else {
+        redacted[key] = redactSensitiveObject(value, visited);
+      }
+    }
+    return redacted;
+  }
+  return obj;
+}
+
+/**
+ * Check if a key name indicates sensitive information
+ * @param {string} key - Key name to check
+ * @returns {boolean} True if key is sensitive
+ */
+function isSensitiveKey(key) {
+  const sensitiveKeys = ['password', 'passwd', 'pwd', 'secret', 'key', 'token', 'apikey', 'cloudflaretoken', 'apitoken', 'authkey', 'privatekey'];
+  return sensitiveKeys.some(sensitive => key.toLowerCase().includes(sensitive.toLowerCase()));
+}

package/dist/bin/shared/validation/ValidationRegistry.js

@@ -8,7 +8,7 @@
 /**
  * Import validators from src/utils (source of truth)
  */
-import { validateServiceName, validateDomainName, validateCloudflareToken, validateCloudflareId, validateServiceType, validateEnvironment } from "../../../utils/validation.js";
+import { validateServiceName, validateDomainName, validateCloudflareToken, validateCloudflareId, validateServiceType, validateEnvironment } from '../../../utils/validation.js';
 
 /**
  * Validation Registry - Single source of truth for all validators

package/dist/security/index.js

@@ -6,7 +6,7 @@
 import { ConfigurationValidator } from './ConfigurationValidator.js';
 // DeploymentManager removed - replaced by MultiDomainOrchestrator + WranglerConfigManager
 import { SecretGenerator } from './SecretGenerator.js';
-import { ErrorHandler } from "../../dist/bin/shared/utils/index.js";
+import { ErrorHandler } from '../../bin/shared/utils/index.js';
 // InteractiveDeploymentConfigurator removed - replaced by InputCollector
 
 export { ConfigurationValidator } from './ConfigurationValidator.js';

package/dist/security/patterns/insecure-patterns.js

@@ -5,7 +5,7 @@
 
 export const INSECURE_PATTERNS = {
   // Development/dummy API keys
-  DUMMY_API_KEYS: ['content-skimmer-dev-key', 'logger-service-dev-key', 'auth-service-dev-key', 'test-key', 'dev-key', 'dummy-key', 'placeholder-key', 'example-key', 'sample-key', 'demo-key', 'test-api-key-*', 'dummy-*-key', 'dev-*-secret', 'placeholder-*', 'example-*-token', 'fake-*-credential', 'mock-*-password'],
+  DUMMY_API_KEYS: ['content-skimmer-dev-key', 'logger-service-dev-key', 'auth-service-dev-key', 'test-key', 'dev-key', 'dummy-key', 'dummy-api-key', 'placeholder-key', 'example-key', 'sample-key', 'demo-key', 'test-api-key-*', 'dummy-*-key', 'dev-*-secret', 'placeholder-*', 'example-*-token', 'fake-*-credential', 'mock-*-password'],
   // Weak secrets (common insecure values)
   WEAK_SECRETS: ['secret', 'password', '123456', 'admin', 'test', 'changeme', 'default', 'password123', 'admin123', 'root', 'guest'],
   // Development URLs that shouldn't be in production

package/dist/utils/constants.js

@@ -0,0 +1,102 @@
+/**
+ * Centralized Constants
+ * Loads constants from validation-config.json to avoid duplication
+ * Provides easy access to domain templates, timeouts, and other config
+ */
+
+import { readFileSync } from 'fs';
+import { join, dirname } from 'path';
+import { fileURLToPath } from 'url';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+// Load validation config
+let validationConfig;
+try {
+  const configPath = join(__dirname, '..', '..', 'config', 'validation-config.json');
+  validationConfig = JSON.parse(readFileSync(configPath, 'utf-8'));
+} catch (error) {
+  console.warn('⚠️  Could not load validation-config.json, using fallback constants');
+  validationConfig = null;
+}
+
+/**
+ * Get domain template for environment
+ * @param {string} environment - Environment name (development, staging, production)
+ * @returns {string} Domain template pattern
+ */
+export function getDomainTemplate(environment = 'production') {
+  if (validationConfig?.environments?.[environment]?.domainTemplate) {
+    return validationConfig.environments[environment].domainTemplate;
+  }
+
+  // Fallback templates if config not available
+  const fallbacks = {
+    production: '{service}.{domain}',
+    staging: 'staging-{service}.{domain}',
+    development: 'dev-{service}.{domain}'
+  };
+  return fallbacks[environment] || fallbacks.production;
+}
+
+/**
+ * Build custom domain URL from template
+ * @param {string} serviceName - Service name
+ * @param {string} domain - Base domain (e.g., clodo.dev)
+ * @param {string} environment - Environment name
+ * @returns {string} Full custom domain URL
+ */
+export function buildCustomDomain(serviceName, domain, environment = 'production') {
+  const template = getDomainTemplate(environment);
+  const subdomain = template.replace('{service}', serviceName).replace('{domain}', domain);
+  return `https://${subdomain}`;
+}
+
+/**
+ * Get environment-specific worker suffix
+ * @param {string} environment - Environment name
+ * @returns {string} Worker suffix (e.g., '-dev', '-staging', '')
+ */
+export function getWorkerSuffix(environment = 'production') {
+  return validationConfig?.environments?.[environment]?.workerSuffix || '';
+}
+
+/**
+ * Get environment-specific database suffix
+ * @param {string} environment - Environment name
+ * @returns {string} Database suffix (e.g., '-dev', '-staging', '')
+ */
+export function getDatabaseSuffix(environment = 'production') {
+  return validationConfig?.environments?.[environment]?.databaseSuffix || '';
+}
+
+/**
+ * Get timing configuration
+ * @param {string} key - Timing key
+ * @returns {number} Timeout in milliseconds
+ */
+export function getTimeout(key) {
+  return validationConfig?.timing?.[key] || 30000; // Default 30s
+}
+
+/**
+ * Get all service types
+ * @returns {string[]} Array of valid service types
+ */
+export function getServiceTypes() {
+  return validationConfig?.validation?.serviceTypes || ['data-service', 'auth-service', 'content-service', 'api-gateway', 'static-site', 'generic'];
+}
+
+/**
+ * Export full config for direct access if needed
+ */
+export const VALIDATION_CONFIG = validationConfig;
+
+/**
+ * Common constants
+ */
+export const CONSTANTS = {
+  DEFAULT_ENVIRONMENT: 'production',
+  SUPPORTED_ENVIRONMENTS: ['development', 'staging', 'production'],
+  WORKERS_DEV_SUFFIX: '.workers.dev'
+};