npm - @tamyla/clodo-framework - Versions diffs - 3.1.21 → 3.1.23 - Mend

@tamyla/clodo-framework 3.1.21 → 3.1.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (150) hide show

package/dist/lib/shared/utils/progress-spinner.js ADDED Viewed

@@ -0,0 +1,53 @@
+/**
+ * Progress Spinner Utility
+ * Enhanced progress display with spinner animation
+ * Extracted from clodo-service-old.js for modular reuse
+ */
+import chalk from 'chalk';
+/**
+ * Display progress with animated spinner
+ * @param {string} message - Progress message to display
+ * @param {number} duration - Duration in milliseconds (default: 2000)
+ * @returns {Promise} Resolves when progress completes
+ */
+export function showProgressSpinner(message, duration = 2000) {
+  return new Promise(resolve => {
+    process.stdout.write(chalk.cyan(`⏳ ${message}...`));
+    const spinner = ['⠋', '⠙', '⠹', '⠸', '⠼', '⠴', '⠦', '⠧', '⠇', '⠏'];
+    let i = 0;
+    const interval = setInterval(() => {
+      process.stdout.write(`\r${chalk.cyan(spinner[i])} ${message}...`);
+      i = (i + 1) % spinner.length;
+    }, 100);
+    setTimeout(() => {
+      clearInterval(interval);
+      process.stdout.write(`\r${chalk.green('✅')} ${message}... Done!\n`);
+      resolve();
+    }, duration);
+  });
+}
+/**
+ * Display progress with custom spinner characters
+ * @param {string} message - Progress message
+ * @param {Array<string>} spinnerChars - Custom spinner characters
+ * @param {number} duration - Duration in milliseconds
+ * @returns {Promise} Resolves when complete
+ */
+export function showProgressWithSpinner(message, spinnerChars = ['⠋', '⠙', '⠹', '⠸', '⠼', '⠴', '⠦', '⠧', '⠇', '⠏'], duration = 2000) {
+  return new Promise(resolve => {
+    process.stdout.write(chalk.cyan(`⏳ ${message}...`));
+    let i = 0;
+    const interval = setInterval(() => {
+      process.stdout.write(`\r${chalk.cyan(spinnerChars[i])} ${message}...`);
+      i = (i + 1) % spinnerChars.length;
+    }, 100);
+    setTimeout(() => {
+      clearInterval(interval);
+      process.stdout.write(`\r${chalk.green('✅')} ${message}... Done!\n`);
+      resolve();
+    }, duration);
+  });
+}

package/dist/lib/shared/utils/sensitive-redactor.js ADDED Viewed

@@ -0,0 +1,91 @@
+/**
+ * Sensitive Information Redactor
+ * Advanced pattern-based redaction for logs and output
+ * Extracted from clodo-service-old.js for modular reuse
+ */
+/**
+ * Redact sensitive information from text using pattern matching
+ * @param {string} text - Text to redact
+ * @returns {string} Redacted text
+ */
+export function redactSensitiveInfo(text) {
+  if (typeof text !== 'string') return text;
+  // Patterns to redact
+  const patterns = [
+  // Cloudflare API tokens
+  [/(CLOUDFLARE_API_TOKEN=?)(\w{20,})/gi, '$1[REDACTED]'],
+  // Generic API tokens/keys - require minimum length
+  [/(token|api[_-]?token|api[_-]?key|auth[_-]?token)["']?[:=]\s*([a-zA-Z0-9_-]{6,})/gi, '$1: [REDACTED]'],
+  // Passwords - require minimum length
+  [/(password|passwd|pwd)["']?[:=]\s*([^"'\s]{4,})/gi, '$1: [REDACTED]'],
+  // Secrets - require minimum length
+  [/(secret|key)["']?[:=]\s*([a-zA-Z0-9_-]{6,})/gi, '$1: [REDACTED]'],
+  // Account IDs (partial redaction) - match 8+ characters
+  [/(account[_-]?id|zone[_-]?id)["']?[:=]\s*["']?([a-zA-Z0-9]{8})([a-zA-Z0-9]*)/gi, '$1: $2[REDACTED]']];
+  let redacted = text;
+  patterns.forEach(([pattern, replacement]) => {
+    redacted = redacted.replace(pattern, replacement);
+  });
+  return redacted;
+}
+/**
+ * Redact sensitive information from an object recursively
+ * @param {any} obj - Object to redact
+ * @param {Set} visited - Set of visited objects to prevent circular references
+ * @returns {any} Redacted object
+ */
+export function redactSensitiveObject(obj, visited = new Set()) {
+  // Handle circular references by returning a placeholder
+  if (obj && typeof obj === 'object') {
+    if (visited.has(obj)) {
+      return '[CIRCULAR REFERENCE]';
+    }
+    visited.add(obj);
+  }
+  if (typeof obj === 'string') {
+    return redactSensitiveInfo(obj);
+  }
+  if (Array.isArray(obj)) {
+    // Process each array element individually
+    return obj.map(item => redactSensitiveObject(item, visited));
+  }
+  if (obj && typeof obj === 'object') {
+    const redacted = {};
+    for (const [key, value] of Object.entries(obj)) {
+      const lowerKey = key.toLowerCase();
+      // Special handling for accountId and zoneId - allow partial redaction via regex
+      if (lowerKey.includes('accountid') || lowerKey.includes('zoneid')) {
+        if (typeof value === 'string') {
+          // Apply partial redaction for account/zone IDs
+          redacted[key] = value.replace(/^([a-zA-Z0-9]{8})([a-zA-Z0-9]*)$/, '$1[REDACTED]');
+        } else {
+          redacted[key] = redactSensitiveObject(value, visited);
+        }
+      } else if (isSensitiveKey(key)) {
+        if (Array.isArray(value)) {
+          // Redact each element in sensitive arrays
+          redacted[key] = value.map(() => '[REDACTED]');
+        } else {
+          redacted[key] = '[REDACTED]';
+        }
+      } else {
+        redacted[key] = redactSensitiveObject(value, visited);
+      }
+    }
+    return redacted;
+  }
+  return obj;
+}
+/**
+ * Check if a key name indicates sensitive information
+ * @param {string} key - Key name to check
+ * @returns {boolean} True if key is sensitive
+ */
+function isSensitiveKey(key) {
+  const sensitiveKeys = ['password', 'passwd', 'pwd', 'secret', 'key', 'token', 'apikey', 'cloudflaretoken', 'apitoken', 'authkey', 'privatekey'];
+  return sensitiveKeys.some(sensitive => key.toLowerCase().includes(sensitive.toLowerCase()));
+}

package/dist/{bin → lib}/shared/validation/ValidationRegistry.js RENAMED Viewed

@@ -8,7 +8,7 @@
 /**
  * Import validators from src/utils (source of truth)
  */
-import { validateServiceName, validateDomainName, validateCloudflareToken, validateCloudflareId, validateServiceType, validateEnvironment } from "../../../utils/validation.js";
+import { validateServiceName, validateDomainName, validateCloudflareToken, validateCloudflareId, validateServiceType, validateEnvironment } from '../../utils/validation.js';
 /**
  * Validation Registry - Single source of truth for all validators

package/dist/migration/MigrationAdapters.js CHANGED Viewed

@@ -274,6 +274,26 @@ export class DataServiceAdapter {
     });
   }
+  /**
+   * Query with optional advanced features
+   */
+  async query(sql, params = [], options = {}) {
+    return this._withAsyncMigrationLogging('query', async () => {
+      return featureManager.withFeature(FEATURES.ENABLE_ADVANCED_QUERIES, async () => {
+        return await this.enhanced.query(sql, params, {
+          ...options,
+          usePreparedStatements: true,
+          enableQueryAnalysis: true
+        });
+      }, async () => {
+        if (this.legacy && this.legacy.query) {
+          return await this.legacy.query(sql, params, options);
+        }
+        return await this.enhanced.queryDirect(sql, params, options);
+      });
+    });
+  }
   /**
    * List with optional advanced pagination
    */
@@ -310,9 +330,17 @@ export class DataServiceAdapter {
    * Get migration progress and statistics
    */
   getMigrationStats() {
+    // Get enhanced service stats and merge with adapter stats
+    const enhancedStats = this.enhanced.getMigrationStats ? this.enhanced.getMigrationStats() : {};
     return {
-      callCounts: Object.fromEntries(this.migrationState.callCounts),
-      cacheHitRates: Object.fromEntries(this.migrationState.cacheHitRates),
+      callCounts: {
+        ...enhancedStats.callCounts,
+        ...Object.fromEntries(this.migrationState.callCounts)
+      },
+      cacheHitRates: {
+        ...enhancedStats.cacheHitRates,
+        ...Object.fromEntries(this.migrationState.cacheHitRates)
+      },
       performanceGains: Object.fromEntries(this.migrationState.performanceGains),
       featureUsage: this._getFeatureUsageStats()
     };
@@ -420,6 +448,16 @@ export class ModuleManagerAdapter {
     });
   }
+  /**
+   * Execute single hook (convenience method)
+   */
+  async executeHook(hookName, context = {}) {
+    const results = await this.executeHooks(hookName, context);
+    return results && results.length > 0 ? results[0] : {
+      success: false
+    };
+  }
   /**
    * Get hook metrics if available
    */
@@ -433,9 +471,17 @@ export class ModuleManagerAdapter {
    * Get migration statistics
    */
   getMigrationStats() {
+    // Get enhanced service stats and merge with adapter stats
+    const enhancedStats = this.enhanced.getMigrationStats ? this.enhanced.getMigrationStats() : {};
     return {
-      hookExecutions: Object.fromEntries(this.migrationState.hookExecutions),
-      timeoutEvents: Object.fromEntries(this.migrationState.timeoutEvents),
+      hookExecutions: {
+        ...enhancedStats.hookExecutions,
+        ...Object.fromEntries(this.migrationState.hookExecutions)
+      },
+      timeoutEvents: {
+        ...enhancedStats.timeoutEvents,
+        ...Object.fromEntries(this.migrationState.timeoutEvents)
+      },
       performanceMetrics: Object.fromEntries(this.migrationState.performanceMetrics),
       featureUsage: this._getFeatureUsageStats()
     };

package/dist/orchestration/cross-domain-coordinator.js CHANGED Viewed

@@ -19,13 +19,13 @@
 import { access } from 'fs/promises';
 import { MultiDomainOrchestrator } from './multi-domain-orchestrator.js';
-import { DeploymentValidator } from "../../dist/bin/shared/deployment/validator.js";
-import { RollbackManager } from "../../dist/bin/shared/deployment/rollback-manager.js";
-import { DomainDiscovery } from "../../dist/bin/shared/cloudflare/domain-discovery.js";
+import { DeploymentValidator } from '../lib/shared/deployment/validator.js';
+import { RollbackManager } from '../lib/shared/deployment/rollback-manager.js';
+import { DomainDiscovery } from '../lib/shared/cloudflare/domain-discovery.js';
 import { DatabaseOrchestrator } from '../database/database-orchestrator.js';
 import { EnhancedSecretManager } from '../utils/deployment/secret-generator.js';
-import { ProductionTester } from "../../dist/bin/shared/production-tester/index.js";
-import { DeploymentAuditor } from "../../dist/bin/shared/deployment/auditor.js";
+import { ProductionTester } from '../lib/shared/production-tester/index.js';
+import { DeploymentAuditor } from '../lib/shared/deployment/auditor.js';
 import { ConfigurationCacheManager } from '../utils/deployment/config-cache.js';
 export class CrossDomainCoordinator {
   constructor(options = {}) {

package/dist/orchestration/multi-domain-orchestrator.js CHANGED Viewed

@@ -14,6 +14,7 @@ import { DatabaseOrchestrator } from '../database/database-orchestrator.js';
 import { EnhancedSecretManager } from '../utils/deployment/secret-generator.js';
 import { WranglerConfigManager } from '../utils/deployment/wrangler-config-manager.js';
 import { ConfigurationValidator } from '../security/ConfigurationValidator.js';
+import { buildCustomDomain } from '../utils/constants.js';
 import { exec } from 'child_process';
 import { promisify } from 'util';
 import { join } from 'path';
@@ -34,13 +35,24 @@ export class MultiDomainOrchestrator {
     this.skipTests = options.skipTests || false;
     this.parallelDeployments = options.parallelDeployments || 3;
     this.servicePath = options.servicePath || process.cwd();
+    this.serviceName = options.serviceName || 'worker'; // Service name for custom domain
+    // Wrangler config path - allows using customer-specific wrangler.toml files
+    // If not specified, wrangler uses the default wrangler.toml in servicePath
+    this.wranglerConfigPath = options.wranglerConfigPath;
     // Cloudflare credentials for API-based operations
-    this.cloudflareToken = options.cloudflareToken;
-    this.cloudflareAccountId = options.cloudflareAccountId;
+    // Support both legacy individual params and new cloudflareSettings object
+    const cfSettings = options.cloudflareSettings || {};
+    this.cloudflareToken = options.cloudflareToken || cfSettings.token;
+    this.cloudflareAccountId = options.cloudflareAccountId || cfSettings.accountId;
+    this.cloudflareZoneId = options.cloudflareZoneId || cfSettings.zoneId;
+    this.cloudflareZoneName = options.cloudflareZoneName || cfSettings.zoneName;
     // Configure wrangler to use API token when available
-    // This ensures all wrangler operations use the same account as API operations
+    // Configure wrangler authentication via environment variables
+    // Note: account_id comes from wrangler.toml, not env var
+    // (env var would be ignored by wrangler when wrangler.toml has account_id)
     if (this.cloudflareToken) {
       process.env.CLOUDFLARE_API_TOKEN = this.cloudflareToken;
       console.log(`🔑 Configured wrangler to use API token authentication`);
@@ -49,9 +61,12 @@ export class MultiDomainOrchestrator {
       process.env.CLOUDFLARE_ACCOUNT_ID = this.cloudflareAccountId;
       console.log(`🔑 Configured wrangler to use account ID: ${this.cloudflareAccountId}`);
     }
-    if (this.cloudflareAccountId) {
-      process.env.CLOUDFLARE_ACCOUNT_ID = this.cloudflareAccountId;
-      console.log(`🔑 Configured wrangler to use account ID: ${this.cloudflareAccountId}`);
+    if (this.cloudflareZoneId) {
+      process.env.CLOUDFLARE_ZONE_ID = this.cloudflareZoneId;
+      console.log(`🔑 Configured wrangler to use zone ID: ${this.cloudflareZoneId}`);
+    }
+    if (this.cloudflareZoneName) {
+      console.log(`🌐 Deploying to zone: ${this.cloudflareZoneName}`);
     }
     // Initialize modular components
@@ -80,7 +95,8 @@ export class MultiDomainOrchestrator {
       projectRoot: this.servicePath,
       dryRun: this.dryRun,
       cloudflareToken: this.cloudflareToken,
-      cloudflareAccountId: this.cloudflareAccountId
+      cloudflareAccountId: this.cloudflareAccountId,
+      cloudflareZoneId: this.cloudflareZoneId
     });
     this.secretManager = new EnhancedSecretManager({
       projectRoot: this.servicePath,
@@ -509,15 +525,40 @@ export class MultiDomainOrchestrator {
     console.log(`   🚀 Deploying worker for ${domain}`);
     if (this.dryRun) {
       console.log(`   🔍 DRY RUN: Would deploy worker for ${domain}`);
-      const subdomain = this.environment === 'production' ? 'api' : `${this.environment}-api`;
+      // Use centralized domain template from validation-config.json
+      const customUrl = buildCustomDomain(this.serviceName, domain, this.environment);
       return {
-        url: `https://${subdomain}.${domain}`,
+        url: customUrl,
         deployed: false,
         dryRun: true
       };
     }
     try {
-      // CRITICAL: Ensure environment section exists in wrangler.toml BEFORE deploying
+      // Generate/update customer-specific wrangler.toml, then copy to root
+      // This implements the architecture where:
+      // 1. Customer configs are persistent (deployment history/state)
+      // 2. Root wrangler.toml is ephemeral (reflects current active deployment)
+      if (this.cloudflareZoneName) {
+        console.log(`   🔧 Preparing customer config for zone: ${this.cloudflareZoneName}`);
+        // Generate or update customer config with current deployment parameters
+        const customerConfigPath = await this.wranglerConfigManager.generateCustomerConfig(this.cloudflareZoneName, {
+          accountId: this.cloudflareAccountId,
+          environment: this.environment
+        });
+        // Copy customer config to root (ephemeral working copy for this deployment)
+        console.log(`   📋 Copying customer config to root wrangler.toml`);
+        await this.wranglerConfigManager.copyCustomerConfig(customerConfigPath);
+      } else {
+        // Fallback: Update root wrangler.toml directly if no zone name available
+        console.log(`   ⚠️  No zone name available, updating root wrangler.toml directly`);
+        if (this.cloudflareAccountId) {
+          await this.wranglerConfigManager.setAccountId(this.cloudflareAccountId);
+        }
+      }
+      // Ensure environment section exists in wrangler.toml
       console.log(`   📝 Verifying wrangler.toml configuration...`);
       try {
         await this.wranglerConfigManager.ensureEnvironment(this.environment);
@@ -526,18 +567,18 @@ export class MultiDomainOrchestrator {
         // Continue anyway - wrangler will provide clearer error if config is wrong
       }
-      // Find wrangler.toml in service path
-      const wranglerConfigPath = join(this.servicePath, 'wrangler.toml');
-      // Build deploy command with environment
+      // Build deploy command
+      // Note: We already copied customer config to root wrangler.toml above
+      // So wrangler will use root wrangler.toml which has the correct account_id
       let deployCommand = `npx wrangler deploy`;
-      // Add environment flag for non-production
-      if (this.environment !== 'production') {
-        deployCommand += ` --env ${this.environment}`;
-      }
-      console.log(`   � Executing: ${deployCommand}`);
+      // ALWAYS add environment flag to use environment-specific config
+      // Even for production, we use [env.production] section which has the correct worker name and DB
+      deployCommand += ` --env ${this.environment}`;
+      console.log(`   🔧 Executing: ${deployCommand}`);
       console.log(`   📁 Working directory: ${this.servicePath}`);
+      console.log(`   📄 Using wrangler.toml from service root (already updated with customer config)`);
+      console.log(`   🌍 Environment: ${this.environment}`);
       // Execute deployment with timeout
       const {
@@ -566,9 +607,9 @@ export class MultiDomainOrchestrator {
       const urlMatch = stdout.match(/https:\/\/[^\s]+/);
       const workerUrl = urlMatch ? urlMatch[0] : null;
-      // Also construct custom domain URL
-      const subdomain = this.environment === 'production' ? 'api' : `${this.environment}-api`;
-      const customUrl = `https://${subdomain}.${domain}`;
+      // Construct custom domain URL using centralized template from validation-config.json
+      // Handles all environment patterns: production, staging, development
+      const customUrl = buildCustomDomain(this.serviceName, domain, this.environment);
       // Store URLs in domain state
       const domainState = this.portfolioState.domainStates.get(domain);

package/dist/security/index.js CHANGED Viewed

@@ -6,13 +6,13 @@
 import { ConfigurationValidator } from './ConfigurationValidator.js';
 // DeploymentManager removed - replaced by MultiDomainOrchestrator + WranglerConfigManager
 import { SecretGenerator } from './SecretGenerator.js';
-import { ErrorHandler } from "../../dist/bin/shared/utils/index.js";
+import { ErrorHandler } from '../lib/shared/utils/index.js';
 // InteractiveDeploymentConfigurator removed - replaced by InputCollector
 export { ConfigurationValidator } from './ConfigurationValidator.js';
 // export { DeploymentManager } - DEPRECATED: Use MultiDomainOrchestrator instead
 export { SecretGenerator } from './SecretGenerator.js';
-export { ErrorHandler } from '../../bin/shared/utils/index.js';
+export { ErrorHandler } from '../lib/shared/utils/index.js';
 // export { InteractiveDeploymentConfigurator } - DEPRECATED: Use InputCollector instead
 // Re-export patterns and rules for advanced usage

package/dist/security/patterns/insecure-patterns.js CHANGED Viewed

@@ -5,7 +5,7 @@
 export const INSECURE_PATTERNS = {
   // Development/dummy API keys
-  DUMMY_API_KEYS: ['content-skimmer-dev-key', 'logger-service-dev-key', 'auth-service-dev-key', 'test-key', 'dev-key', 'dummy-key', 'placeholder-key', 'example-key', 'sample-key', 'demo-key', 'test-api-key-*', 'dummy-*-key', 'dev-*-secret', 'placeholder-*', 'example-*-token', 'fake-*-credential', 'mock-*-password'],
+  DUMMY_API_KEYS: ['content-skimmer-dev-key', 'logger-service-dev-key', 'auth-service-dev-key', 'test-key', 'dev-key', 'dummy-key', 'dummy-api-key', 'placeholder-key', 'example-key', 'sample-key', 'demo-key', 'test-api-key-*', 'dummy-*-key', 'dev-*-secret', 'placeholder-*', 'example-*-token', 'fake-*-credential', 'mock-*-password'],
   // Weak secrets (common insecure values)
   WEAK_SECRETS: ['secret', 'password', '123456', 'admin', 'test', 'changeme', 'default', 'password123', 'admin123', 'root', 'guest'],
   // Development URLs that shouldn't be in production

package/dist/service-management/ConfirmationEngine.js CHANGED Viewed

@@ -34,7 +34,7 @@
 import { createInterface } from 'readline';
 import chalk from 'chalk';
 import { validateServiceName, validateDomainName } from '../utils/validation.js';
-import { NameFormatters, UrlFormatters, ResourceFormatters } from "../../dist/bin/shared/utils/Formatters.js";
+import { NameFormatters, UrlFormatters, ResourceFormatters } from '../lib/shared/utils/formatters.js';
 export class ConfirmationEngine {
   constructor(options = {}) {
     this.interactive = options.interactive !== false;

package/dist/service-management/ErrorTracker.js CHANGED Viewed

@@ -8,7 +8,7 @@
 import fs from 'fs/promises';
 import path from 'path';
 import chalk from 'chalk';
-import { logger } from "../../dist/bin/shared/logging/Logger.js";
+import { logger } from '../lib/shared/logging/Logger.js';
 export class ErrorTracker {
   constructor() {
     this.errors = [];

package/dist/service-management/InputCollector.js CHANGED Viewed

@@ -15,7 +15,7 @@ import { createInterface } from 'readline';
 import chalk from 'chalk';
 import { validateServiceName, validateDomainName } from '../utils/validation.js';
 import { uiStructuresLoader } from '../utils/ui-structures-loader.js';
-import { NameFormatters, UrlFormatters, ResourceFormatters } from "../../dist/bin/shared/utils/Formatters.js";
+import { NameFormatters, UrlFormatters, ResourceFormatters } from '../lib/shared/utils/formatters.js';
 // Assessment capabilities moved to @tamyla/clodo-orchestration (professional edition)