@tolinax/ayoune-cli 2026.10.0 → 2026.10.1

package/lib/api/apiClient.js

@@ -1,5 +1,25 @@
-import { http } from "@tolinax/ayoune-core/lib/http/index.js";
+// HTTP client for the `ay` CLI.
+//
+// Uses Node's built-in `fetch` (Node ≥ 18) — NO axios, NO @tolinax/ayoune-core
+// HTTP wrapper. The `core/lib/http` re-export was previously used here, but
+// it transitively requires `core/lib/aYOUne` at module top-level which loads
+// the entire backend framework: mongoose schemas, prom-client metric
+// registries, and an ioredis client wired to env vars that don't exist on
+// end-user machines (causing visible "ERR_SOCKET_BAD_PORT" errors and a
+// duplicate-index warning). The CLI is a pure HTTP client — it has no
+// business loading any of that.
+//
+// The exported `api({...})` and `audit({...})` functions preserve the
+// axios-shaped contract that callers expect:
+//
+//   const res = await api({ baseURL, method, url, data, params, headers });
+//   res.status / res.statusText / res.data / res.headers
+//
+// Errors throw with `.response = { status, statusText, data, headers }` and
+// `.config = { baseURL, url, method }` so `handleAPIError` keeps working
+// unchanged.
 import chalk from "chalk";
+import { Readable } from "stream";
 import { config } from "../helpers/config.js";
 let debugEnabled = false;
 export function enableDebug() {
@@ -22,57 +42,211 @@ const MODULE_HOST_OVERRIDES = {
 export function getModuleBaseUrl(module) {
     return MODULE_HOST_OVERRIDES[module] || `https://${module}-api.ayoune.app`;
 }
-const retryConfig = {
-    retries: 3,
-    retryDelay: (retryCount, error) => {
-        var _a, _b;
-        // Respect Retry-After header for 429 responses
-        const retryAfter = (_b = (_a = error.response) === null || _a === void 0 ? void 0 : _a.headers) === null || _b === void 0 ? void 0 : _b["retry-after"];
-        if (retryAfter) {
-            const seconds = parseInt(retryAfter, 10);
-            if (!isNaN(seconds)) {
-                debugLog(chalk.yellow(`Rate limited. Retrying in ${seconds}s...`));
-                return seconds * 1000;
+const DEFAULT_TIMEOUT = 30000;
+const MAX_RETRIES = 3;
+/**
+ * Build the full request URL from baseURL + url + serialized params.
+ * Handles the same edge cases as axios: collapses duplicate slashes,
+ * preserves the protocol's `://`, and skips falsy params.
+ */
+function buildUrl(req) {
+    const base = req.baseURL || "";
+    const path = req.url || "";
+    let combined = `${base}/${path}`.replace(/\/+/g, "/").replace(":/", "://");
+    if (req.params && typeof req.params === "object") {
+        const usp = new URLSearchParams();
+        for (const [k, v] of Object.entries(req.params)) {
+            if (v === undefined || v === null)
+                continue;
+            // Booleans / numbers stringify cleanly; arrays get repeated keys; objects get JSON.
+            if (Array.isArray(v)) {
+                v.forEach((item) => usp.append(k, String(item)));
+            }
+            else if (typeof v === "object") {
+                usp.append(k, JSON.stringify(v));
+            }
+            else {
+                usp.append(k, String(v));
             }
         }
-        // Exponential backoff: 1s, 2s, 4s
-        const delay = Math.pow(2, retryCount - 1) * 1000;
-        debugLog(chalk.yellow(`Retrying in ${delay / 1000}s (attempt ${retryCount}/3)...`));
-        return delay;
-    },
-    retryCondition: (error) => {
-        var _a;
-        // Retry on network errors, 5xx, and 429 (rate limit)
-        const status = (_a = error.response) === null || _a === void 0 ? void 0 : _a.status;
-        if (!status)
-            return true; // network error
-        return status >= 500 || status === 429;
-    },
-};
+        const qs = usp.toString();
+        if (qs)
+            combined += (combined.includes("?") ? "&" : "?") + qs;
+    }
+    return combined;
+}
+/** Build a "configured" request — used by api()/audit() to apply defaults. */
+function withDefaults(defaults, req) {
+    return {
+        ...defaults,
+        ...req,
+        headers: { ...(defaults.headers || {}), ...(req.headers || {}) },
+    };
+}
+/** Sleep for n ms — used by retry backoff. */
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+/** Decide whether to retry given the last error. */
+function shouldRetry(err) {
+    // No response → network or timeout error → retry.
+    if (!err.response)
+        return true;
+    const status = err.response.status;
+    return status >= 500 || status === 429;
+}
+/** Compute backoff in ms, honouring Retry-After on 429. */
+function backoffMs(attempt, err) {
+    var _a, _b, _c;
+    const status = (_a = err.response) === null || _a === void 0 ? void 0 : _a.status;
+    const retryAfter = (_c = (_b = err.response) === null || _b === void 0 ? void 0 : _b.headers) === null || _c === void 0 ? void 0 : _c["retry-after"];
+    if (status === 429 && retryAfter) {
+        const seconds = parseInt(retryAfter, 10);
+        if (!Number.isNaN(seconds)) {
+            debugLog(chalk.yellow(`Rate limited. Retrying in ${seconds}s...`));
+            return seconds * 1000;
+        }
+    }
+    // Exponential: 1s, 2s, 4s
+    const delay = Math.pow(2, attempt) * 1000;
+    debugLog(chalk.yellow(`Retrying in ${delay / 1000}s (attempt ${attempt + 1}/${MAX_RETRIES})...`));
+    return delay;
+}
+/**
+ * Headers#entries() returned by undici returns a flat record. Normalize to
+ * a plain `Record<string, string>` so callers (and handleAPIError) can index
+ * by header name without thinking about Headers semantics.
+ */
+function headersToObject(headers) {
+    const out = {};
+    headers.forEach((value, key) => {
+        out[key.toLowerCase()] = value;
+    });
+    return out;
+}
+/**
+ * Single-shot fetch — no retry. Throws axios-shaped errors so the existing
+ * `handleAPIError` works unchanged.
+ */
+async function performRequest(req) {
+    var _a;
+    const method = (req.method || "GET").toUpperCase();
+    const url = buildUrl(req);
+    const headers = { ...(req.headers || {}) };
+    let body;
+    if (req.data !== undefined && req.data !== null && method !== "GET" && method !== "HEAD") {
+        body = typeof req.data === "string" ? req.data : JSON.stringify(req.data);
+        if (!headers["Content-Type"] && !headers["content-type"]) {
+            headers["Content-Type"] = "application/json";
+        }
+    }
+    const timeout = (_a = req.timeout) !== null && _a !== void 0 ? _a : DEFAULT_TIMEOUT;
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeout);
+    let response;
+    try {
+        response = await fetch(url, {
+            method,
+            headers,
+            body,
+            signal: controller.signal,
+        });
+    }
+    catch (e) {
+        clearTimeout(timer);
+        const err = new Error(e.name === "AbortError" ? `Request timed out after ${timeout}ms` : e.message);
+        err.code = e.code;
+        err.config = { baseURL: req.baseURL, url: req.url, method };
+        throw err;
+    }
+    clearTimeout(timer);
+    // Stream mode: hand back a Node Readable wrapping the fetch body. Used by
+    // searchClient.searchGlobal() for the SSE endpoint. The caller .on('data')s
+    // it directly, no JSON parsing.
+    let data = undefined;
+    if (req.responseType === "stream" && response.body) {
+        // Readable.fromWeb is available since Node 18.
+        data = Readable.fromWeb(response.body);
+    }
+    else {
+        // Parse body — JSON if Content-Type says so, else text. Empty body → undefined.
+        const ct = response.headers.get("content-type") || "";
+        const text = await response.text();
+        if (text.length > 0) {
+            if (ct.includes("application/json")) {
+                try {
+                    data = JSON.parse(text);
+                }
+                catch (_b) {
+                    data = text;
+                }
+            }
+            else {
+                data = text;
+            }
+        }
+    }
+    const apiResponse = {
+        status: response.status,
+        statusText: response.statusText,
+        data,
+        headers: headersToObject(response.headers),
+        config: { baseURL: req.baseURL, url: req.url, method },
+    };
+    if (response.status >= 200 && response.status < 300) {
+        return apiResponse;
+    }
+    // Non-2xx → throw axios-shaped error.
+    const err = new Error(`HTTP ${response.status} ${response.statusText}`);
+    err.response = apiResponse;
+    err.config = apiResponse.config;
+    throw err;
+}
+/**
+ * Retry wrapper around `performRequest`. Mirrors the previous axios-retry
+ * config: 3 retries, exponential backoff (1s/2s/4s), respects Retry-After on
+ * 429, retries on network errors and 5xx/429 status codes.
+ */
+async function performRequestWithRetry(req) {
+    let lastErr;
+    for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
+        try {
+            return await performRequest(req);
+        }
+        catch (err) {
+            lastErr = err;
+            if (attempt >= MAX_RETRIES || !shouldRetry(err))
+                throw err;
+            await sleep(backoffMs(attempt, err));
+        }
+    }
+    throw lastErr;
+}
 /**
- * Debug-aware HTTP request wrapper.
- * Logs request/response details to stderr when debug mode is enabled.
+ * Debug-aware request wrapper. Logs request/response details to stderr when
+ * debug mode is enabled, then delegates to the retry wrapper.
  */
-async function debugRequest(client, requestConfig) {
+async function debugRequest(defaults, requestConfig) {
     var _a, _b, _c, _d;
-    const url = `${requestConfig.baseURL || ""}/${requestConfig.url || ""}`.replace(/\/+/g, "/").replace(":/", "://");
-    const method = (requestConfig.method || "GET").toUpperCase();
+    const merged = withDefaults(defaults, requestConfig);
+    const url = buildUrl(merged);
+    const method = (merged.method || "GET").toUpperCase();
     if (debugEnabled) {
         debugLog(`${chalk.yellow(method)} ${chalk.cyan(url)}`);
-        if (requestConfig.params && Object.keys(requestConfig.params).length) {
-            debugLog("params:", JSON.stringify(requestConfig.params));
+        if (merged.params && Object.keys(merged.params).length) {
+            debugLog("params:", JSON.stringify(merged.params));
         }
-        if (requestConfig.data) {
-            debugLog("body:", JSON.stringify(requestConfig.data).substring(0, 200));
+        if (merged.data) {
+            debugLog("body:", JSON.stringify(merged.data).substring(0, 200));
         }
-        const auth = ((_a = requestConfig.headers) === null || _a === void 0 ? void 0 : _a.Authorization) || ((_b = requestConfig.headers) === null || _b === void 0 ? void 0 : _b.authorization);
+        const auth = ((_a = merged.headers) === null || _a === void 0 ? void 0 : _a.Authorization) || ((_b = merged.headers) === null || _b === void 0 ? void 0 : _b.authorization);
         if (auth) {
             const token = String(auth);
             debugLog("auth:", token.substring(0, 15) + "..." + token.substring(token.length - 10));
         }
     }
     try {
-        const res = await client.request(requestConfig);
+        const res = await performRequestWithRetry(merged);
         if (debugEnabled) {
             const meta = (_c = res.data) === null || _c === void 0 ? void 0 : _c.meta;
             const total = (_d = meta === null || meta === void 0 ? void 0 : meta.pageInfo) === null || _d === void 0 ? void 0 : _d.totalEntries;
@@ -102,20 +276,13 @@ async function debugRequest(client, requestConfig) {
         throw err;
     }
 }
-const apiClient = http.create({
-    timeout: 30000,
-    retry: retryConfig,
-    logging: false,
-    metrics: false,
-});
-const auditClient = http.create({
+const API_DEFAULTS = { timeout: DEFAULT_TIMEOUT };
+const AUDIT_DEFAULTS = {
     baseURL: config.auditUrl,
-    retry: retryConfig,
-    logging: false,
-    metrics: false,
-});
-/** Callable API client that supports debug logging */
-const api = (requestConfig) => debugRequest(apiClient, requestConfig);
-/** Callable audit client that supports debug logging */
-const audit = (requestConfig) => debugRequest(auditClient, requestConfig);
+    timeout: DEFAULT_TIMEOUT,
+};
+/** Callable API client that supports debug logging. */
+const api = (requestConfig) => debugRequest(API_DEFAULTS, requestConfig);
+/** Callable audit client that supports debug logging. */
+const audit = (requestConfig) => debugRequest(AUDIT_DEFAULTS, requestConfig);
 export { api, audit };

package/lib/commands/createProgram.js

@@ -34,7 +34,7 @@ import { loadAliases } from "./createAliasCommand.js";
 import { getLogoSync, brandHighlight, dim } from "../helpers/logo.js";
 import { createRequire } from "module";
 // HEAVY modules deliberately NOT imported at the top of this file:
-//   - ../api/apiClient (pulls in @tolinax/ayoune-core HTTP client + axios)
+//   - ../api/apiClient (uses native fetch but still pulls in chalk + config)
 //   - ../api/apiCallHandler (pulls in apiClient + secureStorage + login)
 //   - ../helpers/secureStorage (pulls in node-localstorage + crypto)
 //   - ../api/login (pulls in socket.io-client)

package/lib/commands/createServicesCommand.js

@@ -127,16 +127,17 @@ Examples:
             // Deduplicate by host
             const uniqueTargets = [...new Map(targets.map((t) => [t.host, t])).values()];
             spinner.start({ text: `Checking ${uniqueTargets.length} service(s)...`, color: "magenta" });
-            const { http } = await import("@tolinax/ayoune-core/lib/http");
             const results = await Promise.allSettled(uniqueTargets.map(async (t) => {
                 const start = Date.now();
+                // Native fetch with AbortController-driven timeout. We previously
+                // used @tolinax/ayoune-core's http wrapper here, but it loads the
+                // backend AY singleton (mongoose + ioredis + prom-client) at import
+                // time and has no place in a CLI process.
+                const controller = new AbortController();
+                const timer = setTimeout(() => controller.abort(), opts.timeout);
                 try {
-                    const resp = await http.get(`https://${t.host}/`, {
-                        timeout: opts.timeout,
-                        validateStatus: () => true,
-                        logging: false,
-                        metrics: false,
-                    });
+                    const resp = await fetch(`https://${t.host}/`, { signal: controller.signal });
+                    clearTimeout(timer);
                     return {
                         host: t.host,
                         name: t.name,
@@ -146,13 +147,14 @@ Examples:
                     };
                 }
                 catch (e) {
+                    clearTimeout(timer);
                     return {
                         host: t.host,
                         name: t.name,
                         status: "unreachable",
                         statusCode: 0,
                         responseTime: Date.now() - start,
-                        error: e.code || e.message,
+                        error: e.name === "AbortError" ? "timeout" : (e.code || e.message),
                     };
                 }
             }));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tolinax/ayoune-cli",
-  "version": "2026.10.0",
+  "version": "2026.10.1",
   "description": "CLI for the aYOUne Business-as-a-Service platform",
   "type": "module",
   "main": "./index.js",