@viza-cli/app 1.5.27

package/README.md

@@ -0,0 +1,25 @@
+# viza-cli
+
+Unified CLI for Viza system.
+
+## Install
+
+Recommended (global install):
+
+```bash
+npm i -g @@viza-cli/app
+```
+
+## Usage
+
+```bash
+viza --help
+```
+
+## Examples
+
+```bash
+viza dev deploy worker
+viza publish worker
+viza billing report
+```

package/dist/bin/viza.js

@@ -0,0 +1,5 @@
+#!/usr/bin/env node
+import { createProgram } from "../src/cli/program.js";
+import { handleError } from "../src/errors/handleError.js";
+const program = createProgram();
+program.parseAsync(process.argv).catch(handleError);

package/dist/src/cli/options.js

@@ -0,0 +1,6 @@
+export function registerGlobalOptions(program) {
+    program
+        .option("--status", "Show status only (no execution)")
+        .option("--remove-log", "Remove execution logs after completion", false)
+        .option("--self-hosted", "Use self-hosted runner (viza-builder)", false);
+}

package/dist/src/cli/program.js

@@ -0,0 +1,23 @@
+import { Command } from "commander";
+import { getCliVersion } from "../core/version.js";
+import { registerGlobalOptions } from "./options.js";
+import { registerLoginCommand } from "../commands/login/register.js";
+import { registerBootstrapCommand } from "../commands/bootstrap/register.js";
+import { whoamiCommand } from "../commands/whoami/index.js";
+import { registerAwsCommand } from "../commands/aws/register.js";
+export function createProgram() {
+    const program = new Command();
+    program
+        .name("viza")
+        .description("Viza Command Line Interface")
+        .version(getCliVersion());
+    registerGlobalOptions(program);
+    registerBootstrapCommand(program);
+    registerLoginCommand(program);
+    registerAwsCommand(program);
+    program
+        .command("whoami")
+        .description("Show current GitHub identity and Viza team memberships (local only)")
+        .action(whoamiCommand);
+    return program;
+}

package/dist/src/cli/resolveOptions.js

@@ -0,0 +1,9 @@
+export function getResolvedOptions(command) {
+    let allOptions = {};
+    let current = command;
+    while (current) {
+        allOptions = { ...current.opts(), ...allOptions };
+        current = current.parent;
+    }
+    return allOptions;
+}

package/dist/src/commands/aws/register.js

@@ -0,0 +1,4 @@
+import { registerAwsRolesAnywhereCommand } from "./rolesanywhere/register.js";
+export function registerAwsCommand(program) {
+    registerAwsRolesAnywhereCommand(program);
+}

package/dist/src/commands/aws/rolesanywhere/bootstrap/bootstrap.js

@@ -0,0 +1,46 @@
+import { resolveEnv } from "../../../../context/env.js";
+import { resolveHubIntent } from "../../../../context/hubIntent.js";
+import { dispatchIntentAndWait } from "../../../../core/dispatch.js";
+/**
+ * Target teams for `viza aws rolesanywhere bootstrap`.
+ * CLI-only fail-fast UX constraint.
+ * NOT a policy and MUST NOT be sent to gateway.
+ */
+const TARGET_TEAMS = {
+    dev: ["viza-super"],
+    prod: ["viza-super"],
+};
+/**
+ * viza aws rolesanywhere bootstrap
+ *
+ * Flow:
+ * 1) Resolve env
+ * 2) Resolve hub intent
+ * 3) Derive allowed teams (CLI UX only)
+ * 4) Dispatch frozen intent
+ */
+export async function bootstrapAwsRolesAnywhereCommand(options) {
+    // 1) Resolve environment
+    const env = resolveEnv(options);
+    const intent = resolveHubIntent(env);
+    // 2) Resolve allowed teams (no status mode for bootstrap)
+    const allowedTeams = TARGET_TEAMS[env];
+    // 3) Dispatch intent (freeze)
+    await dispatchIntentAndWait({
+        intent,
+        commandType: "aws.rolesanywhere.bootstrap",
+        infraKey: "aws",
+        targetEnv: env,
+        allowedTeams,
+        // Canonical CLI contract (explicit, non-magical)
+        selfHosted: options.selfHosted === true,
+        keepLog: options.removeLog !== true,
+        flowGates: {
+            secrets: true,
+        },
+        payload: {}
+    }, {
+        status: options.status === true,
+        log: "show",
+    });
+}

package/dist/src/commands/aws/rolesanywhere/bootstrap/register.js

@@ -0,0 +1,13 @@
+import { bootstrapAwsRolesAnywhereCommand } from "./bootstrap.js";
+import { getResolvedOptions } from "../../../../cli/resolveOptions.js";
+export function registerAwsRolesAnywhereBootstrap(program) {
+    program
+        .command("bootstrap")
+        .description("Bootstrap AWS RolesAnywhere infrastructure")
+        .option("--prod", "Use production environment")
+        .option("--dev", "Use development environment")
+        .action(async (_opts, command) => {
+        const fullOpts = getResolvedOptions(command);
+        await bootstrapAwsRolesAnywhereCommand(fullOpts);
+    });
+}

package/dist/src/commands/aws/rolesanywhere/enable-profiles/enable-profiles.js

@@ -0,0 +1,46 @@
+import { resolveEnv } from "../../../../context/env.js";
+import { resolveHubIntent } from "../../../../context/hubIntent.js";
+import { dispatchIntentAndWait } from "../../../../core/dispatch.js";
+/**
+ * Target teams for `viza aws rolesanywhere enable-profiles`.
+ * CLI-only fail-fast UX constraint.
+ * NOT a policy and MUST NOT be sent to gateway.
+ */
+const TARGET_TEAMS = {
+    dev: ["viza-super"],
+    prod: ["viza-super"],
+};
+/**
+ * viza aws rolesanywhere enable-profiles
+ *
+ * Flow:
+ * 1) Resolve env
+ * 2) Resolve hub intent
+ * 3) Derive allowed teams (CLI UX only)
+ * 4) Dispatch frozen intent
+ */
+export async function enableProfilesAwsRolesAnywhereCommand(options) {
+    // 1) Resolve environment
+    const env = resolveEnv(options);
+    const intent = resolveHubIntent(env);
+    // 2) Resolve allowed teams (no status mode for enable-profiles)
+    const allowedTeams = TARGET_TEAMS[env];
+    // 3) Dispatch intent (freeze)
+    await dispatchIntentAndWait({
+        intent,
+        commandType: "aws.rolesanywhere.enable-profiles",
+        infraKey: "aws",
+        targetEnv: env,
+        allowedTeams,
+        // Canonical CLI contract (explicit, non-magical)
+        selfHosted: options.selfHosted === true,
+        keepLog: options.removeLog !== true,
+        flowGates: {
+            secrets: false,
+        },
+        payload: {}
+    }, {
+        status: options.status === true,
+        log: "show",
+    });
+}

package/dist/src/commands/aws/rolesanywhere/enable-profiles/register.js

@@ -0,0 +1,13 @@
+import { enableProfilesAwsRolesAnywhereCommand } from "./enable-profiles.js";
+import { getResolvedOptions } from "../../../../cli/resolveOptions.js";
+export function registerAwsRolesAnywhereEnableProfiles(program) {
+    program
+        .command("enable-profiles")
+        .description("Enable AWS RolesAnywhere profiles")
+        .option("--prod", "Use production environment")
+        .option("--dev", "Use development environment")
+        .action(async (_opts, command) => {
+        const fullOpts = getResolvedOptions(command);
+        await enableProfilesAwsRolesAnywhereCommand(fullOpts);
+    });
+}

package/dist/src/commands/aws/rolesanywhere/register.js

@@ -0,0 +1,12 @@
+import { registerAwsRolesAnywhereBootstrap } from "./bootstrap/register.js";
+import { registerAwsRolesAnywhereEnableProfiles } from "./enable-profiles/register.js";
+export function registerAwsRolesAnywhereCommand(program) {
+    const aws = program.command("aws").description("AWS related commands");
+    const rolesanywhere = aws
+        .command("rolesanywhere")
+        .description("AWS RolesAnywhere operations");
+    registerAwsRolesAnywhereBootstrap(rolesanywhere);
+    registerAwsRolesAnywhereEnableProfiles(rolesanywhere);
+    // registerAwsRolesAnywhereRotate(rolesanywhere);
+    // registerAwsRolesAnywhereRollback(rolesanywhere);
+}

package/dist/src/commands/aws/rolesanywhere/rollback/rollback.js

@@ -0,0 +1 @@
+export {};

package/dist/src/commands/aws/rolesanywhere/rotate/rotate.js

@@ -0,0 +1 @@
+export {};

package/dist/src/commands/bootstrap/index.js

@@ -0,0 +1,5 @@
+import { bootstrapGatewayConfigFromGitHub } from "@vizamodo/viza-dispatcher";
+export async function bootstrapCommand() {
+    await bootstrapGatewayConfigFromGitHub();
+    console.log("✅ Bootstrap completed.");
+}

package/dist/src/commands/bootstrap/register.js

@@ -0,0 +1,16 @@
+import { bootstrapCommand } from "./index.js";
+/**
+ * Register `viza bootstrap` commands
+ */
+export function registerBootstrapCommand(program) {
+    const cmd = program
+        .command("bootstrap")
+        .description("Bootstrap infrastructure or system components");
+    // Default bootstrap
+    cmd.action(async (_opts, command) => {
+        await bootstrapCommand();
+    });
+    // ⬇️ Sau này mở rộng rất dễ:
+    // registerBootstrapAwsCommand(cmd);
+    // registerBootstrapCloudflareCommand(cmd);
+}

package/dist/src/commands/login/aws/aws.js

@@ -0,0 +1,87 @@
+import { resolveEnv } from "../../../context/env.js";
+import { resolveHubIntent } from "../../../context/hubIntent.js";
+import { dispatchIntentAndWait } from "../../../core/dispatch.js";
+import { showSsoLinkMenu } from "../../../ui/sso/awsLoginMenu.js";
+function parseAwsLoginResult(buffer) {
+    try {
+        const json = JSON.parse(buffer.toString("utf8"));
+        if (typeof json?.loginUrl === "string" &&
+            typeof json?.shortUrl === "string" &&
+            typeof json?.ttlHours === "number") {
+            return json;
+        }
+        throw new Error("invalid_aws_login_result_shape");
+    }
+    catch (err) {
+        throw new Error("failed_to_parse_aws_login_result");
+    }
+}
+/**
+ * Target teams for `viza login aws`.
+ * This is a CLI-only UX constraint for fail-fast validation.
+ * NOT a policy and MUST NOT be sent to gateway.
+ */
+const TARGET_TEAMS = {
+    "dev": [
+        "viza-deployer",
+        "viza-manager",
+        "viza-admin",
+        "viza-super"
+    ],
+    "prod": [
+        "viza-publisher",
+        "viza-admin",
+        "viza-super"
+    ]
+};
+/**
+ * viza login aws
+ *
+ * Flow:
+ * 1) Resolve env (deterministic)
+ * 2) Resolve user identity (trusted via gh auth)
+ * 3) CLI pre-check against target teams (fail-fast UX)
+ * 4) Derive ONE valid team (deterministic)
+ * 5) Dispatch frozen intent to gateway
+ */
+export async function loginAwsCommand(options) {
+    // 1) Resolve environment
+    const env = resolveEnv(options);
+    const intent = resolveHubIntent(env);
+    // Resolve allowed teams
+    // - Dispatch mode: restrict by targetEnv
+    // - Status mode: allow union of all env teams (read-only query)
+    const allowedTeams = options.status === true && env === "dev"
+        ? Array.from(new Set([
+            ...TARGET_TEAMS.dev,
+            ...TARGET_TEAMS.prod,
+        ]))
+        : TARGET_TEAMS[env];
+    // 5) Dispatch intent (freeze)
+    const result = await dispatchIntentAndWait({
+        intent,
+        commandType: "aws.login",
+        infraKey: "aws",
+        targetEnv: env,
+        allowedTeams,
+        selfHosted: options.selfHosted === true,
+        keepLog: options.removeLog !== true,
+        flowGates: {
+            secrets: false,
+        },
+        payload: {}
+    }, {
+        status: options.status === true,
+        log: "hide",
+    });
+    if (!result)
+        return;
+    if (result.status !== "success") {
+        return;
+    }
+    if (!result.resultBuffer) {
+        return;
+    }
+    const awsResult = parseAwsLoginResult(result.resultBuffer);
+    await showSsoLinkMenu(awsResult.loginUrl, awsResult.shortUrl, awsResult.ttlHours);
+}

package/dist/src/commands/login/aws/register.js

@@ -0,0 +1,15 @@
+import { loginAwsCommand } from "./aws.js";
+import { getResolvedOptions } from "../../../cli/resolveOptions.js";
+export function registerLoginAwsCommand(program) {
+    program
+        .command("login")
+        .description("Login to cloud providers")
+        .command("aws")
+        .description("Login to AWS")
+        .option("--prod", "Use production environment")
+        .option("--dev", "Use development environment")
+        .action(async (_opts, command) => {
+        const fullOpts = getResolvedOptions(command);
+        await loginAwsCommand(fullOpts);
+    });
+}

package/dist/src/commands/login/register.js

@@ -0,0 +1,4 @@
+import { registerLoginAwsCommand } from "./aws/register.js";
+export function registerLoginCommand(program) {
+    registerLoginAwsCommand(program);
+}

package/dist/src/commands/whoami/index.js

@@ -0,0 +1,69 @@
+import { execFile } from "node:child_process";
+import { promisify } from "node:util";
+import chalk from "chalk";
+const execFileAsync = promisify(execFile);
+// ⚠️ UX-only role descriptions (NOT security enforcement)
+const TEAM_DESCRIPTIONS = {
+    "viza-designer": "Product designer. Full access to sign in, view, edit, and delete designs in Figma.",
+    "viza-deployer": "Software developer. Builds mobile / IoT / web applications and deploys resources to the DEV environment on AWS / Cloudflare.",
+    "viza-manager": "Engineering manager. Manages GitHub resources and can grant or revoke access for developers and designers.",
+    "viza-publisher": "Release manager. Deploys resources to the PRODUCTION environment on AWS / Cloudflare and publishes Android / iOS applications.",
+    "viza-billing": "Billing administrator. Views, adds, and manages billing information across Figma, AWS, Cloudflare, and GitHub.",
+    "viza-admin": "System administrator. Deploys to both DEV and PROD environments and manages access for publishers, managers, and billing roles.",
+    "viza-super": "Super administrator. Highest authority with full deployment and access control privileges, including system administrators.",
+};
+const AUTH_ORG = "Modo-Auth";
+async function getGithubLogin() {
+    const { stdout } = await execFileAsync("gh", ["api", "user", "--jq", ".login"]);
+    return stdout.trim();
+}
+async function getUserTeams(login) {
+    const { stdout } = await execFileAsync("gh", [
+        "api",
+        "user/teams",
+        "--paginate",
+        "--jq",
+        `.[] | select(.organization.login=="${AUTH_ORG}") | .slug`,
+    ]);
+    return stdout
+        .split("\n")
+        .map((s) => s.trim())
+        .filter(Boolean);
+}
+export async function whoamiCommand() {
+    process.stdout.write("\u001b[2J\u001b[3J\u001b[H");
+    console.log(chalk.cyanBright("👤 Viza WhoAmI"));
+    console.log(chalk.gray("─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────"));
+    let login;
+    let teams;
+    try {
+        login = await getGithubLogin();
+    }
+    catch {
+        console.error(chalk.red("❌ Unable to resolve GitHub identity. Are you logged in via `gh auth login`?"));
+        process.exit(1);
+    }
+    try {
+        teams = await getUserTeams(login);
+    }
+    catch {
+        console.error(chalk.red("❌ Unable to resolve GitHub team membership."));
+        process.exit(1);
+    }
+    console.log(`${chalk.gray("GitHub User:")} ${chalk.magentaBright.bold(login)}`);
+    console.log();
+    if (teams.length === 0) {
+        console.log(chalk.yellow("⚠️ You are not a member of any Viza teams."));
+        return;
+    }
+    console.log(chalk.gray("Teams & Capabilities:"));
+    console.log(chalk.gray("─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────"));
+    for (const team of teams) {
+        console.log(chalk.green(`✓ ${team}`));
+        const description = TEAM_DESCRIPTIONS[team] ?? "Chưa có mô tả quyền cho nhóm này.";
+        console.log(chalk.gray(`  ${description}`));
+        console.log();
+    }
+    console.log(chalk.gray("ℹ️  Capabilities shown above are UX hints only.\n" +
+        "   Actual permissions are enforced server-side."));
+}

package/dist/src/context/env.js

@@ -0,0 +1,13 @@
+export function resolveEnv(flags) {
+    // Fail fast on conflicting deterministic flags
+    if (flags.prod && flags.dev) {
+        throw new Error("Conflicting flags: --prod and --dev cannot be used together");
+    }
+    // Deterministic environment resolution
+    if (flags.prod)
+        return "prod";
+    if (flags.dev)
+        return "dev";
+    // Default fallback
+    return "dev";
+}

package/dist/src/context/hubIntent.js

@@ -0,0 +1,8 @@
+// src/commands/_shared/hubIntent.ts
+export const HUB_INTENT_BY_ENV = {
+    dev: "hub-dev",
+    prod: "hub",
+};
+export function resolveHubIntent(env) {
+    return HUB_INTENT_BY_ENV[env];
+}

package/dist/src/core/commandDescriptor.js

@@ -0,0 +1 @@
+export {};

package/dist/src/core/dispatch.js

@@ -0,0 +1,130 @@
+import { dispatcherDispatch, } from "@vizamodo/viza-dispatcher";
+import chalk from "chalk";
+import { startSpinner, stopSpinner } from "../ui/spinner.js";
+import { renderLog } from "../ui/logRenderer.js";
+import { showDispatchBanner } from "../ui/banner.js";
+import { getCliVersion, checkForCliUpdateSoft } from "./version.js";
+import { resolveExecutionMode } from "./resolveExecutionMode.js";
+/**
+ * KISS log rendering.
+ * - success + hide => no log
+ * - otherwise => render log (if present)
+ */
+function maybeRenderLog(result, policy) {
+    // KISS: only skip logs when success + hide.
+    if (result.status === "success" && policy === "hide") {
+        return;
+    }
+    if (result.logBuffer) {
+        renderLog(result.logBuffer, { status: result.status });
+    }
+}
+function assertDispatchInputStrict(input) {
+    // Required top-level fields
+    if (!input.intent || typeof input.intent !== "string") {
+        throw new Error("dispatch_input_missing_intent");
+    }
+    if (!input.commandType || typeof input.commandType !== "string") {
+        throw new Error("dispatch_input_missing_commandType");
+    }
+    if (!input.infraKey || typeof input.infraKey !== "string") {
+        throw new Error("dispatch_input_missing_infraKey");
+    }
+    if (!("payload" in input)) {
+        throw new Error("dispatch_input_missing_payload");
+    }
+    if (typeof input.payload !== "object" ||
+        input.payload === null ||
+        Array.isArray(input.payload)) {
+        throw new Error("dispatch_input_invalid_payload");
+    }
+    // runnerLabel must be explicit
+    if (!input.runnerLabel || (input.runnerLabel !== "native" && input.runnerLabel !== "selfhosted")) {
+        throw new Error("dispatch_input_invalid_runnerLabel");
+    }
+    // keepLog must be boolean if present
+    if ("keepLog" in input && typeof input.keepLog !== "boolean") {
+        throw new Error("dispatch_input_invalid_keepLog");
+    }
+    // flowGates validation (no undefined allowed)
+    if ("flowGates" in input) {
+        if (input.flowGates === undefined || input.flowGates === null) {
+            throw new Error("dispatch_input_invalid_flowGates");
+        }
+        if (typeof input.flowGates !== "object") {
+            throw new Error("dispatch_input_invalid_flowGates");
+        }
+        if ("secrets" in input.flowGates && typeof input.flowGates.secrets !== "boolean") {
+            throw new Error("dispatch_input_invalid_flowGates_secrets");
+        }
+        if ("encVars" in input.flowGates && typeof input.flowGates.encVars !== "boolean") {
+            throw new Error("dispatch_input_invalid_flowGates_encVars");
+        }
+    }
+    // Final hard check: JSON round-trip must still work
+    try {
+        JSON.parse(JSON.stringify(input));
+    }
+    catch {
+        throw new Error("dispatch_input_not_json_roundtrip_safe");
+    }
+}
+async function dispatchIntent(input, mode = "dispatch") {
+    const dispatchInput = {
+        intent: input.intent,
+        commandType: input.commandType,
+        infraKey: input.infraKey,
+        payload: input.payload,
+        runnerLabel: input.selfHosted ? "selfhosted" : "native",
+        keepLog: input.keepLog,
+        flowGates: input.flowGates,
+    };
+    // CLI fail-fast: never dispatch dirty envelope
+    assertDispatchInputStrict(dispatchInput);
+    const handle = await dispatcherDispatch(dispatchInput, {
+        auth: {
+            targetEnv: input.targetEnv,
+            allowedTeams: input.allowedTeams,
+        },
+    }, mode);
+    return handle;
+}
+/**
+ * Dispatch and wait for completion.
+ *
+ * This is the recommended "one door" for most viza-cli commands
+ * so that waiting/log/result handling does not spread across the codebase.
+ */
+export async function dispatchIntentAndWait(input, opts = {}) {
+    const policy = opts.log ?? "hide";
+    const mode = resolveExecutionMode(opts);
+    const cliVersion = getCliVersion();
+    const meta = {
+        cliVersion,
+    };
+    showDispatchBanner(input, meta, opts.status);
+    const handle = await dispatchIntent(input, mode);
+    const spinner = startSpinner("Waiting for dispatch session");
+    // Fast update check (kept before wait/log so the hint is not lost)
+    const updateInfo = await checkForCliUpdateSoft().catch(() => null);
+    if (updateInfo?.hasUpdate) {
+        const title = chalk.gray.bold("\n⬆️  Update available");
+        const ver = chalk.yellow(`${updateInfo.current} → ${updateInfo.latest}`);
+        const cmd = chalk.cyan("npm i -g @@viza-cli/app");
+        console.log(`\n${title}  ${ver}`);
+        console.log(chalk.dim("   Run:") + " " + cmd + "\n");
+    }
+    try {
+        const result = await handle.wait();
+        stopSpinner(spinner, result.status === "success" ? "✅ Done" : "❌ Failed");
+        maybeRenderLog(result, policy);
+        if (result.status !== "success") {
+            throw new Error(`Dispatch failed: ${result.status}`);
+        }
+        return result;
+    }
+    catch (err) {
+        stopSpinner(spinner, "❌ Failed");
+        throw err;
+    }
+}

package/dist/src/core/renderHint.js

@@ -0,0 +1,9 @@
+export function renderHint(cmd) {
+    console.log("\n" + cmd.name + ": " + cmd.description + "\n");
+    if (cmd.children?.length) {
+        console.log("Available commands:");
+        for (const c of cmd.children) {
+            console.log("  • " + c.name + " — " + c.description);
+        }
+    }
+}

package/dist/src/core/resolveExecutionMode.js

@@ -0,0 +1,5 @@
+export function resolveExecutionMode(options) {
+    if (options.status)
+        return "status";
+    return "dispatch";
+}

package/dist/src/core/version.js

@@ -0,0 +1,148 @@
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "node:fs";
+import { resolve, join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+import os from "node:os";
+let _cached;
+/**
+ * Returns the current viza-cli version.
+ *
+ * - Prefers build-time injected `VIZA_CLI_VERSION`.
+ * - Falls back to reading nearest package.json.
+ * - Always returns a non-empty string ("dev" as last resort).
+ */
+export function getCliVersion() {
+    if (_cached)
+        return _cached;
+    const injected = process.env.VIZA_CLI_VERSION;
+    if (injected && injected.trim()) {
+        _cached = injected.trim();
+        return _cached;
+    }
+    try {
+        const here = fileURLToPath(import.meta.url);
+        let dir = dirname(here);
+        // Walk up to find the package.json that belongs to this CLI package.
+        for (let i = 0; i < 8; i++) {
+            const pkgPath = resolve(dir, "package.json");
+            try {
+                const raw = readFileSync(pkgPath, "utf8");
+                const json = JSON.parse(raw);
+                if (json?.name === "@@viza-cli/app" && typeof json.version === "string" && json.version.trim()) {
+                    _cached = json.version.trim();
+                    return _cached;
+                }
+            }
+            catch {
+                // ignore and keep walking up
+            }
+            const parent = resolve(dir, "..");
+            if (parent === dir)
+                break;
+            dir = parent;
+        }
+    }
+    catch {
+        // ignore
+    }
+    _cached = "dev";
+    return _cached;
+}
+function resolveVizaConfigDir() {
+    if (process.platform === "win32") {
+        const appData = process.env.APPDATA || join(process.env.USERPROFILE || "", "AppData", "Roaming");
+        return join(appData, "viza");
+    }
+    else {
+        return join(os.homedir(), ".config", "viza");
+    }
+}
+function resolveUpdateCachePath() {
+    const configDir = resolveVizaConfigDir();
+    return join(configDir, "update.json");
+}
+function semverCompare(a, b) {
+    // minimal semver compare for x.y.z numeric only
+    const parse = (v) => {
+        const parts = v.split(".");
+        if (parts.length !== 3)
+            return null;
+        const nums = parts.map(p => {
+            const n = Number(p);
+            return Number.isNaN(n) ? null : n;
+        });
+        if (nums.includes(null))
+            return null;
+        return nums;
+    };
+    const pa = parse(a);
+    const pb = parse(b);
+    if (!pa || !pb) {
+        // fallback to string compare
+        if (a === b)
+            return 0;
+        return a > b ? 1 : -1;
+    }
+    for (let i = 0; i < 3; i++) {
+        if (pa[i] > pb[i])
+            return 1;
+        if (pa[i] < pb[i])
+            return -1;
+    }
+    return 0;
+}
+/**
+ * Checks npm for the latest published version of @@viza-cli/app without throwing and without blocking the main flow.
+ *
+ * Returns null on failure.
+ */
+export async function checkForCliUpdateSoft() {
+    const cachePath = resolveUpdateCachePath();
+    const now = Date.now();
+    const ttl = 10 * 60 * 1000; // 10 minutes (Fixed window)
+    const current = getCliVersion();
+    try {
+        if (existsSync(cachePath)) {
+            const raw = readFileSync(cachePath, "utf8");
+            const cached = JSON.parse(raw);
+            // Kiểm tra Version Mismatch HOẶC Cache Expired
+            // KHÔNG cập nhật checkedAt ở đây để đảm bảo đúng 10p sẽ check lại 1 lần
+            if (cached.current === current && cached.checkedAt && (now - cached.checkedAt) < ttl) {
+                return cached;
+            }
+        }
+    }
+    catch { /* ignore */ }
+    // --- Bắt đầu Fetch mới khi cache hết hạn hoặc sai version ---
+    try {
+        const registryUrl = `https://registry.npmjs.org/@@viza-cli/app/latest?t=${now}`;
+        const res = await fetch(registryUrl, {
+            cache: "no-store",
+            headers: { 'Cache-Control': 'no-cache' }
+        });
+        if (!res.ok)
+            return null;
+        const json = await res.json();
+        const latest = json.version;
+        if (!latest || typeof latest !== "string")
+            return null;
+        const cmp = semverCompare(latest, current);
+        const hasUpdate = cmp > 0 && current !== "dev";
+        const info = {
+            current,
+            latest,
+            hasUpdate,
+            checkedAt: now, // Chỉ cập nhật mốc thời gian tại đây
+        };
+        try {
+            const configDir = dirname(cachePath);
+            if (!existsSync(configDir))
+                mkdirSync(configDir, { recursive: true });
+            writeFileSync(cachePath, JSON.stringify(info), "utf8");
+        }
+        catch { /* ignore */ }
+        return info;
+    }
+    catch {
+        return null;
+    }
+}

package/dist/src/errors/handleError.js

@@ -0,0 +1,6 @@
+import { normalizeDispatcherError } from "@vizamodo/viza-dispatcher";
+export function handleError(err) {
+    const e = normalizeDispatcherError(err);
+    console.error(e.message);
+    process.exit(e.exitCode);
+}

package/dist/src/types/cli.js

@@ -0,0 +1 @@
+export {};

package/dist/src/ui/banner.js

@@ -0,0 +1,75 @@
+import chalk from "chalk";
+import figlet from "figlet";
+const ENV_BANNER_CONFIG = {
+    "dev": { title: "Viza Development", color: "cyanBright" },
+    "prod": { title: "Viza Production", color: "yellowBright" },
+};
+function pickBannerConfig(env) {
+    const cfg = ENV_BANNER_CONFIG[env];
+    if (cfg)
+        return cfg;
+    return {
+        title: `Viza CLI`,
+        color: "cyanBright"
+    };
+}
+/**
+ * Show a banner right before calling dispatchIntent.
+ * Maps targetTeam -> title/color/env, and renders meta (github login + viza-cli version).
+ */
+export function showDispatchBanner(input, meta, status) {
+    const cfg = pickBannerConfig(input.targetEnv);
+    // Default subtitle: commandType (or caller-provided subtitle)
+    const subtitle = `${input.commandType}`;
+    showBanner({
+        title: status ? `Viza Command Line` : cfg.title,
+        subtitle,
+        color: status ? "magentaBright" : cfg.color,
+        env: input.targetEnv,
+        runner: input.selfHosted
+            ? {
+                type: "selfhosted",
+                label: "viza-builder",
+            } :
+            { type: "github" },
+        meta: {
+            version: meta?.cliVersion,
+        }
+    });
+}
+export function showBanner(opts) {
+    const { title, subtitle, color = "cyanBright", runner, meta } = opts;
+    process.stdout.write("\u001b[2J\u001b[3J\u001b[H");
+    const font = opts.env === "prod"
+        ? "Ogre"
+        : opts.env === "dev"
+            ? "Ogre"
+            : "Small";
+    const bannerText = figlet.textSync(title, { font });
+    console.log(chalk[color](bannerText));
+    if (subtitle) {
+        console.log(chalk.gray("Command:"), chalk.magentaBright(subtitle));
+    }
+    // Environment line removed; replaced by user-friendly info line below
+    if (runner) {
+        if (runner.type === "github") {
+            console.log(chalk.gray("Runner:"), chalk.yellowBright("GitHub-hosted"));
+        }
+        else {
+            console.log(chalk.gray("Runner:"), chalk.yellowBright("Self-hosted"), runner.label ? chalk.gray("         |         label:") : "", runner.label ? chalk.cyan(runner.label) : "");
+        }
+    }
+    // User-friendly info line
+    {
+        const parts = [];
+        parts.push(`Viza CLI`);
+        if (meta?.version) {
+            parts.push(`Version: ${chalk.cyan(meta.version)}`);
+        }
+        parts.push(`Install: ${chalk.gray(`npm i -g @@viza-cli/app`)}`);
+        if (parts.length) {
+            console.log(chalk.gray(parts.join(chalk.gray("         |         "))));
+        }
+    }
+    console.log(chalk.gray("────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────"));
+}

package/dist/src/ui/index.js

@@ -0,0 +1,22 @@
+// public exports (optional)
+import { showBanner } from "./banner.js";
+import { startSpinner, stopSpinner } from "./spinner.js";
+import { renderLog } from "./logRenderer.js";
+export function beginUi(opts) {
+    if (opts.banner) {
+        showBanner(opts.banner);
+    }
+    let spinner;
+    if (opts.spinnerMessage) {
+        spinner = startSpinner(opts.spinnerMessage);
+    }
+    return { spinner };
+}
+export function endUi(session, opts) {
+    if (session.spinner) {
+        stopSpinner(session.spinner, opts?.finalMessage);
+    }
+}
+export function renderArtifactLog(buffer, status) {
+    renderLog(buffer, { status });
+}

package/dist/src/ui/logRenderer.js

@@ -0,0 +1,174 @@
+import chalk from "chalk";
+import AdmZip from "adm-zip";
+/**
+ * Render deployment log artifact.
+ *
+ * This function:
+ *  - Unzips workflow log artifact
+ *  - Delegates step-level parsing to parseDeployLog
+ *  - Prints a final status banner
+ *
+ * It does NOT:
+ *  - fetch logs
+ *  - manage spinner
+ *  - exit process
+ */
+export function renderLog(zipBuffer, options) {
+    if (!Buffer.isBuffer(zipBuffer)) {
+        throw new Error("Invalid log artifact: expected Buffer");
+    }
+    // Validate ZIP structure early
+    try {
+        new AdmZip(zipBuffer);
+    }
+    catch {
+        throw new Error("Invalid log artifact: not a ZIP file");
+    }
+    // Print detailed workflow log
+    parseAndPrintDeployLog(zipBuffer);
+    // Print final status banner
+    const status = options.status ?? "unknown";
+    let color = chalk.gray;
+    if (status === "success")
+        color = chalk.greenBright;
+    else if (status === "failure")
+        color = chalk.redBright;
+    else if (status === "cancelled")
+        color = chalk.yellowBright;
+    console.log(color(`\n────── DEPLOY STATUS: ${String(status).toUpperCase()} ─────────────────────────────────────────────────────────────────────────────────────────────\n`));
+}
+const RUNNER_TIMESTAMP_REGEX = /^\uFEFF?\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d+Z\s*/;
+const MARKERS_TO_REMOVE = [
+    { type: "startsWith", value: "0_" },
+    { type: "endsWith", value: "system.txt" },
+    { type: "endsWith", value: "_Complete job.txt" },
+    { type: "includes", value: "_📤 Dispatch log collector" },
+    { type: "includes", value: "_Post " },
+];
+export function parseAndPrintDeployLog(zipBuffer) {
+    const zip = new AdmZip(zipBuffer);
+    const entries = zip.getEntries();
+    // Sort entries like GitHub steps
+    const sorted = entries
+        .filter(e => !e.isDirectory)
+        .sort((a, b) => a.entryName.localeCompare(b.entryName, undefined, { numeric: true }));
+    // Filter unwanted files
+    const filtered = sorted.filter(e => {
+        const n = e.entryName;
+        return !MARKERS_TO_REMOVE.some(rule => {
+            if (rule.type === "startsWith")
+                return n.startsWith(rule.value);
+            if (rule.type === "endsWith")
+                return n.endsWith(rule.value);
+            if (rule.type === "includes")
+                return n.includes(rule.value);
+            return false;
+        });
+    });
+    const GROUP_START = /^##\[group\]\s*(.*)/;
+    const GROUP_END = /^##\[endgroup\]/;
+    // Group entries by job (top-level folder)
+    const jobs = new Map();
+    for (const e of filtered) {
+        const parts = e.entryName.split("/");
+        const jobName = parts.length > 1 ? parts[0] : "__root__";
+        if (!jobs.has(jobName))
+            jobs.set(jobName, []);
+        jobs.get(jobName).push(e);
+    }
+    const sortedJobs = [...jobs.entries()].sort((a, b) => {
+        const numA = parseInt(a[0]);
+        const numB = parseInt(b[0]);
+        return (isNaN(numA) ? 9999 : numA) - (isNaN(numB) ? 9999 : numB);
+    });
+    for (const [jobName, entriesOfJob] of sortedJobs) {
+        let printedJobName;
+        if (jobName === "__root__") {
+            printedJobName = "Global Steps";
+        }
+        else {
+            // Remove leading numbering like "1. ", "2. "
+            const cleaned = jobName.replace(/^[0-9]+\.\s*/, "");
+            // Replace dots with arrows for readability
+            const beautified = cleaned.replace(/\./g, " → ");
+            printedJobName = beautified.trim();
+        }
+        console.log(chalk.yellow(`\n\n────── ${printedJobName} ───────────────────────────────────────────────────────────────────────────────────────────────────────────\n`));
+        for (const entry of entriesOfJob) {
+            let stepTitle = entry.entryName.replace(".txt", "");
+            // Remove leading directory (job folder)
+            if (stepTitle.includes("/")) {
+                stepTitle = stepTitle.split("/").pop();
+            }
+            // Replace first "_" with ". "
+            const underscoreIndex = stepTitle.indexOf("_");
+            if (underscoreIndex > 0) {
+                const num = stepTitle.slice(0, underscoreIndex);
+                const title = stepTitle.slice(underscoreIndex + 1);
+                stepTitle = `${num}. ${title}`;
+            }
+            console.log(chalk.cyan(`\n────── ${stepTitle} ───────────────────────────────────────────────────────────────────────────────────────────────────────────`));
+            const raw = entry.getData().toString("utf8");
+            const lines = raw.split(/\r?\n/);
+            let inGroup = false;
+            let currentGroupTitle = "";
+            let displayIdx = 1;
+            for (let line of lines) {
+                // Remove timestamps & ANSI codes
+                line = line
+                    .replace(RUNNER_TIMESTAMP_REGEX, "")
+                    .replace(/\x1b\[[0-9;]*m/g, "");
+                if (!line.trim()) {
+                    const ln = chalk.gray(String(displayIdx++).padStart(3, " "));
+                    console.log(`${ln}  `);
+                    continue;
+                }
+                const groupStart = line.match(GROUP_START);
+                if (groupStart) {
+                    inGroup = true;
+                    currentGroupTitle = groupStart[1] || "";
+                    console.log(chalk.magenta(`\n▼`), chalk.whiteBright(`${currentGroupTitle}`));
+                    continue;
+                }
+                if (GROUP_END.test(line)) {
+                    inGroup = false;
+                    continue;
+                }
+                const ln = chalk.gray(String(displayIdx++).padStart(5, " "));
+                if (inGroup) {
+                    // Inside a group block — indent and highlight commands
+                    if (/^Run /.test(line)) {
+                        console.log(`${ln}  ${chalk.blue(line)}`);
+                    }
+                    else if (/^\[ERROR\]/.test(line)) {
+                        console.log(`${ln}  ${chalk.redBright(line)}`);
+                    }
+                    else if (/\[INFO\]/.test(line)) {
+                        console.log(`${ln}  ${chalk.green(line)}`);
+                    }
+                    else {
+                        console.log(`${ln}  ${chalk.white(line)}`);
+                    }
+                    continue;
+                }
+                // Normal (non-group) line
+                if (/##\[error\]/i.test(line)) {
+                    console.log(`${ln}  ${chalk.redBright(line)}`);
+                }
+                else if (/^Run /.test(line)) {
+                    console.log(`${ln}  ${chalk.blueBright(line)}`);
+                }
+                else if (/^\[ERROR\]/.test(line)) {
+                    console.log(`${ln}  ${chalk.redBright(line)}`);
+                }
+                else if (/\[INFO\]/.test(line)) {
+                    console.log(`${ln}  ${chalk.green(line)}`);
+                }
+                else {
+                    console.log(`${ln}  ${chalk.white(line)}`);
+                }
+            }
+        }
+    }
+    return true;
+}

package/dist/src/ui/spinner.js

@@ -0,0 +1,22 @@
+import chalk from 'chalk';
+export function startSpinner(message, delayX = 500) {
+    const spinner = ['|', '/', '-', '\\'];
+    const dotStages = ['.  ', '.. ', '...'];
+    let i = 0;
+    let dotIdx = 0;
+    const startTime = Date.now();
+    return setInterval(() => {
+        const elapsed = Math.floor((Date.now() - startTime) / 1000);
+        const dots = dotStages[dotIdx % dotStages.length];
+        process.stdout.write(`\r${spinner[i % spinner.length]} ${chalk.gray(`${message}`)} [${chalk.magenta(`${elapsed}s`)}] ${dots}`);
+        i++;
+        dotIdx++;
+    }, delayX);
+}
+export function stopSpinner(spinner, finalMessage) {
+    clearInterval(spinner);
+    process.stdout.write('\r\x1b[2K');
+    if (finalMessage) {
+        console.log(finalMessage);
+    }
+}

package/dist/src/ui/sso/awsLoginMenu.js

@@ -0,0 +1,38 @@
+import chalk from "chalk";
+import prompts from "prompts";
+import open from "open";
+import clipboardy from "clipboardy";
+/**
+ * Hiển thị menu chọn hành động sau khi tạo SSO URL
+ * @param ssoUrl - Đường dẫn zero-click AWS login URL
+ * @param ttlHours - Thời hạn hiệu lực của link (mặc định 12h)
+ */
+export async function showSsoLinkMenu(ssoUrl, shortUrl, ttlHours = 12) {
+    console.log(chalk.gray(`\n───────────────────────────────────── ${chalk.magentaBright(`AWS Zero-Click Login`)} ─────────────────────────────────────────────────`));
+    console.log(chalk.gray(`✅ Đã tạo liên kết đăng nhập thành công (${chalk.yellow(`hiệu lực:`)} ${chalk.cyanBright(`${ttlHours}`)} giờ)`));
+    console.log(chalk.yellow('🔗 Liên kết đăng nhập:'));
+    console.log(chalk.whiteBright(`${shortUrl}`));
+    console.log(chalk.gray('───────────────────────────────────────────────────────────────────────────────────────────────────────────'));
+    // Non-interactive fallback (CI / pipe / limited TTY)
+    if (!process.stdin.isTTY) {
+        console.log(shortUrl);
+        return;
+    }
+    const { action } = await prompts({
+        type: "select",
+        name: "action",
+        message: "👉 Hãy chọn hành động bạn muốn thực hiện:",
+        choices: [
+            { title: "🌐  Mở trong trình duyệt", value: "open" },
+            { title: "📋  Sao chép liên kết", value: "copy" },
+        ],
+    });
+    if (action === 'open') {
+        console.log(chalk.blue('🔍 Đang mở liên kết trong trình duyệt...'));
+        await open(ssoUrl);
+    }
+    else if (action === 'copy') {
+        clipboardy.writeSync(ssoUrl);
+        console.log(chalk.green('✅ Liên kết đã được sao chép vào clipboard!'));
+    }
+}

package/dist/src/ui/theme.js

@@ -0,0 +1 @@
+export const theme = {};

package/dist/src/utils/fs.js

@@ -0,0 +1,3 @@
+export function listDirs() {
+    return [];
+}

package/package.json

@@ -0,0 +1,36 @@
+{
+  "name": "@viza-cli/app",
+  "version": "1.5.27",
+  "type": "module",
+  "description": "Viza unified command line interface",
+  "bin": {
+    "viza": "dist/bin/viza.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "prepublishOnly": "npm run build",
+    "dev": "ts-node bin/viza.ts",
+    "release:prod": "rm -rf dist && npx npm-check-updates -u && npm install && git add package.json package-lock.json && git commit -m 'chore(deps): auto update dependencies before release' || echo 'No changes' && node versioning.js && npm login && npm publish --tag latest --access public && git push"
+  },
+  "dependencies": {
+    "@vizamodo/viza-dispatcher": "^1.4.85",
+    "adm-zip": "^0.5.16",
+    "chalk": "^5.6.2",
+    "clipboardy": "^5.2.1",
+    "commander": "^14.0.3",
+    "figlet": "^1.10.0",
+    "open": "^11.0.0",
+    "prompts": "^2.4.2"
+  },
+  "devDependencies": {
+    "@types/adm-zip": "^0.5.7",
+    "@types/figlet": "^1.7.0",
+    "@types/node": "^25.2.3",
+    "@types/prompts": "^2.4.9",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.9.3"
+  }
+}