bs9 1.0.0 → 1.1.0

package/README.md

@@ -1,6 +1,12 @@
-# BS9 (Bun Sentinel 9)
+# BS9 (Bun Sentinel 9) 🚀
 
-> Mission-critical process manager CLI with real-time monitoring dashboard, historical metrics storage, alert system, container support, and enterprise-grade security.
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Version](https://img.shields.io/badge/version-1.0.0-blue.svg)](https://github.com/bs9/bs9)
+[![Security](https://img.shields.io/badge/security-Enterprise-green.svg)](SECURITY.md)
+[![Production Ready](https://img.shields.io/badge/production-Ready-brightgreen.svg)](PRODUCTION.md)
+[![Cross-Platform](https://img.shields.io/badge/platform-Linux%20%7C%20macOS%20%7C%20Windows-lightgrey.svg)](https://github.com/bs9/bs9)
+
+**Enterprise-grade, mission-critical process manager for Bun applications with built-in security, monitoring, and observability. Works on Windows, macOS, and Linux.**
 
 ---
 
@@ -8,7 +14,7 @@
 
 ```bash
 # One-click installer (installs Bun + BS9)
-curl -fsSL https://raw.githubusercontent.com/xarhang/bs9/main/setup.sh | bash
+curl -fsSL https://raw.githubusercontent.com/xarhang/bs9/setup.sh | bash
 
 # Or manual install
 git clone https://github.com/xarhang/bs9.git
@@ -20,14 +26,43 @@ chmod +x ~/.local/bin/bs9
 
 ---
 
+### Platform Support
+
+BS9 supports all major platforms with native service management:
+
+#### 🐧 Linux
+- **Service Manager**: Systemd (user-mode)
+- **Features**: Advanced security hardening, resource limits, sandboxing
+- **Commands**: All standard commands available
+
+#### 🍎 macOS  
+- **Service Manager**: Launchd
+- **Features**: Native macOS integration, automatic recovery
+- **Commands**: Standard commands + `bs9 macos` for launchd management
+
+#### 🪟 Windows
+- **Service Manager**: Windows Services
+- **Features**: PowerShell automation, event log integration
+- **Commands**: Standard commands + `bs9 windows` for service management
+
+```bash
+# Check your platform
+bs9 platform
+
+# Platform-specific service management
+bs9 macos create --name my-app --file app.js  # macOS
+bs9 windows create --name my-app --file app.js # Windows
+```
+
 ## 📋 Complete CLI Commands
 
 ### Service Management
 ```bash
-# Start service with TypeScript JIT/AOT support
-bs9 start app.js                    # JavaScript app
-bs9 start app.ts --build          # TypeScript AOT compilation
-bs9 start app.ts --name myapp --port 8080 --env NODE_ENV=production
+# Start service with flexible host and protocol options
+bs9 start app.js                                    # Default: localhost:3000, HTTP
+bs9 start app.js --host 0.0.0.0 --port 8080        # Custom host and port
+bs9 start app.js --host 192.168.1.100 --https      # Custom host with HTTPS
+bs9 start app.ts --build --name myapp --port 8080 --env NODE_ENV=production --host 0.0.0.0 --https
 
 # Service lifecycle
 bs9 stop myapp
@@ -234,8 +269,8 @@ docker-compose up -d
 kubectl apply -f src/k8s/bs9-deployment.yaml
 
 # Check deployment
+kubectl get deployments -n bs9-system
 kubectl get pods -n bs9-system
-kubectl get services -n bs9-system
 ```
 
 ### K8s Features
@@ -528,5 +563,58 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for development guidelines.
 
 - **GitHub**: https://github.com/xarhang/bs9
 - **Issues**: https://github.com/xarhang/bs9/issues
-- **Documentation**: https://github.com/xarhang/bs9/wiki
 - **Discussions**: https://github.com/xarhang/bs9/discussions
+- **Security**: security@bs9.dev
+- **Enterprise**: enterprise@bs9.dev
+
+## 🔒 Security
+
+BS9 is built with security as a primary concern:
+
+### Built-in Security Features
+- **Input Validation**: Path traversal protection, command injection prevention
+- **Runtime Security**: Process isolation, resource limits, security auditing
+- **Platform Hardening**: Native security integration (systemd, launchd, Windows services)
+- **Web Security**: Session token authentication, XSS protection
+- **Database Security**: SQL injection prevention, connection validation
+- **Network Security**: Header sanitization, rate limiting
+
+### Security Best Practices
+```bash
+# Use secure service names
+bs9 start app.js --name my-secure-app
+
+# Bind to specific interfaces
+bs9 start app.js --host 127.0.0.1 --port 3000
+
+# Use HTTPS in production
+bs9 start app.js --https --host 0.0.0.0 --port 8443
+
+# Enable security auditing
+export BS9_AUDIT_LOGGING=true
+bs9 start app.js
+
+# Secure web dashboard
+bs9 web --port 8080  # Generates secure session token
+```
+
+### Security Documentation
+- **[Security Policy](SECURITY.md)** - Complete security documentation
+- **[Production Security Guide](PRODUCTION.md#security-hardening)** - Production security hardening
+
+### Security Checklist
+- [ ] Review service configurations
+- [ ] Enable security audit logging
+- [ ] Use proper file permissions
+- [ ] Configure network firewalls
+- [ ] Monitor security logs
+- [ ] Regular security updates
+
+## 📚 Documentation
+
+- **[Production Guide](PRODUCTION.md)** - Production deployment and operations
+- **[Security Policy](SECURITY.md)** - Security features and vulnerability reporting
+- **[Architecture](ARCHITECTURE.md)** - System architecture and design
+- **[Installation Guide](INSTALL.md)** - Detailed installation instructions
+- **[Contributing](CONTRIBUTING.md)** - Development and contribution guidelines
+- **[Changelog](CHANGELOG.md)** - Version history and roadmap

package/bin/bs9

@@ -10,6 +10,12 @@ import { monitCommand } from "../src/commands/monit.js";
 import { webCommand } from "../src/commands/web.js";
 import { alertCommand } from "../src/commands/alert.js";
 import { exportCommand } from "../src/commands/export.js";
+import { depsCommand } from "../src/commands/deps.js";
+import { profileCommand } from "../src/commands/profile.js";
+import { loadbalancerCommand } from "../src/loadbalancer/manager.js";
+import { windowsCommand } from "../src/windows/service.js";
+import { launchdCommand } from "../src/macos/launchd.js";
+import { dbpoolCommand } from "../src/database/pool.js";
 
 const program = new Command();
 
@@ -21,13 +27,15 @@ program
 program
   .command("start")
   .description("Start a process with hardened systemd unit")
-  .argument("<file>", "Script or executable to run")
-  .option("-n, --name <name>", "Service name (defaults to filename)")
-  .option("-p, --port <port>", "Port to expose (for metrics/health)", "3000")
-  .option("--env <env...>", "Environment variables (KEY=VALUE)")
-  .option("--no-otel", "Disable automatic OpenTelemetry injection")
-  .option("--no-prometheus", "Disable automatic Prometheus metrics")
-  .option("--build", "Build TypeScript to optimized JavaScript for production (AOT)")
+  .argument("<file>", "Application file to start")
+  .option("-n, --name <name>", "Service name")
+  .option("-p, --port <port>", "Port number", "3000")
+  .option("-h, --host <host>", "Host address", "localhost")
+  .option("--https", "Use HTTPS protocol")
+  .option("-e, --env <env>", "Environment variables (can be used multiple times)", (value, previous) => [...(previous || []), value])
+  .option("--otel", "Enable OpenTelemetry instrumentation", true)
+  .option("--prometheus", "Enable Prometheus metrics", true)
+  .option("--build", "Build TypeScript to JavaScript before starting")
   .action(startCommand);
 
 program
@@ -94,4 +102,47 @@ program
   .option("-s, --service <name>", "Export specific service metrics")
   .action(exportCommand);
 
+program
+  .command("deps")
+  .description("Visualize service dependencies")
+  .option("-f, --format <format>", "Output format (text|dot|json)", "text")
+  .option("-o, --output <file>", "Output file path")
+  .action(depsCommand);
+
+program
+  .command("profile")
+  .description("Performance profiling for services")
+  .option("-d, --duration <seconds>", "Profiling duration", "60")
+  .option("-i, --interval <ms>", "Sampling interval", "1000")
+  .option("-s, --service <name>", "Service name to profile")
+  .option("-o, --output <file>", "Output file path")
+  .action(profileCommand);
+
+program
+  .command("loadbalancer")
+  .description("Load balancer management")
+  .argument("<action>", "Action to perform")
+  .option("-p, --port <port>", "Load balancer port", "8080")
+  .option("-a, --algorithm <type>", "Load balancing algorithm", "round-robin")
+  .option("-b, --backends <list>", "Backend servers (host:port,host:port)")
+  .option("--health-check", "Enable health checking", true)
+  .option("--health-path <path>", "Health check path", "/healthz")
+  .option("--health-interval <ms>", "Health check interval", "10000")
+  .action(loadbalancerCommand);
+
+program
+  .command("dbpool")
+  .description("Database connection pool management")
+  .argument("<action>", "Action to perform")
+  .option("--host <host>", "Database host", "localhost")
+  .option("--port <port>", "Database port", "5432")
+  .option("--database <name>", "Database name", "testdb")
+  .option("--username <user>", "Database username", "user")
+  .option("--password <pass>", "Database password", "password")
+  .option("--max-connections <num>", "Maximum connections", "10")
+  .option("--min-connections <num>", "Minimum connections", "2")
+  .option("--concurrency <num>", "Test concurrency", "10")
+  .option("--iterations <num>", "Test iterations", "100")
+  .action(dbpoolCommand);
+
 program.parse();

package/dist/bs9-064xs9r9.

@@ -0,0 +1,148 @@
+#!/usr/bin/env bun
+
+import { Command } from "commander";
+import { startCommand } from "../src/commands/start.js";
+import { stopCommand } from "../src/commands/stop.js";
+import { restartCommand } from "../src/commands/restart.js";
+import { statusCommand } from "../src/commands/status.js";
+import { logsCommand } from "../src/commands/logs.js";
+import { monitCommand } from "../src/commands/monit.js";
+import { webCommand } from "../src/commands/web.js";
+import { alertCommand } from "../src/commands/alert.js";
+import { exportCommand } from "../src/commands/export.js";
+import { depsCommand } from "../src/commands/deps.js";
+import { profileCommand } from "../src/commands/profile.js";
+import { loadbalancerCommand } from "../src/loadbalancer/manager.js";
+import { windowsCommand } from "../src/windows/service.js";
+import { launchdCommand } from "../src/macos/launchd.js";
+import { dbpoolCommand } from "../src/database/pool.js";
+
+const program = new Command();
+
+program
+  .name("bs9")
+  .description("BS9 (Bun Sentinel 9) — Mission-critical process manager CLI")
+  .version("1.0.0");
+
+program
+  .command("start")
+  .description("Start a process with hardened systemd unit")
+  .argument("<file>", "Application file to start")
+  .option("-n, --name <name>", "Service name")
+  .option("-p, --port <port>", "Port number", "3000")
+  .option("-h, --host <host>", "Host address", "localhost")
+  .option("--https", "Use HTTPS protocol")
+  .option("-e, --env <env>", "Environment variables (can be used multiple times)", (value, previous) => [...(previous || []), value])
+  .option("--otel", "Enable OpenTelemetry instrumentation", true)
+  .option("--prometheus", "Enable Prometheus metrics", true)
+  .option("--build", "Build TypeScript to JavaScript before starting")
+  .action(startCommand);
+
+program
+  .command("stop")
+  .description("Stop a managed service")
+  .argument("<name>", "Service name")
+  .action(stopCommand);
+
+program
+  .command("restart")
+  .description("Restart a managed service")
+  .argument("<name>", "Service name")
+  .action(restartCommand);
+
+program
+  .command("status")
+  .description("Show status and SRE metrics for all services")
+  .option("-w, --watch", "Watch mode (refresh every 2s)")
+  .action(statusCommand);
+
+program
+  .command("logs")
+  .description("Show logs for a service (via journalctl)")
+  .argument("<name>", "Service name")
+  .option("-f, --follow", "Follow logs")
+  .option("-n, --lines <number>", "Number of lines", "50")
+  .action(logsCommand);
+
+program
+  .command("monit")
+  .description("Real-time terminal dashboard for all services")
+  .option("-r, --refresh <seconds>", "Refresh interval in seconds", "2")
+  .action(monitCommand);
+
+program
+  .command("web")
+  .description("Start web-based monitoring dashboard")
+  .option("-p, --port <port>", "Port for web dashboard", "8080")
+  .option("-d, --detach", "Run in background")
+  .action(webCommand);
+
+program
+  .command("alert")
+  .description("Configure alert thresholds and webhooks")
+  .option("--enable", "Enable alerts")
+  .option("--disable", "Disable alerts")
+  .option("--webhook <url>", "Set webhook URL for alerts")
+  .option("--cpu <percentage>", "CPU threshold percentage")
+  .option("--memory <percentage>", "Memory threshold percentage")
+  .option("--errorRate <percentage>", "Error rate threshold percentage")
+  .option("--uptime <percentage>", "Uptime threshold percentage")
+  .option("--cooldown <seconds>", "Alert cooldown period in seconds")
+  .option("--service <name>", "Configure alerts for specific service")
+  .option("--list", "List current alert configuration")
+  .option("--test", "Test webhook connectivity")
+  .action(alertCommand);
+
+program
+  .command("export")
+  .description("Export historical metrics data")
+  .option("-f, --format <format>", "Export format (json|csv)", "json")
+  .option("-h, --hours <hours>", "Hours of data to export", "24")
+  .option("-o, --output <file>", "Output file path")
+  .option("-s, --service <name>", "Export specific service metrics")
+  .action(exportCommand);
+
+program
+  .command("deps")
+  .description("Visualize service dependencies")
+  .option("-f, --format <format>", "Output format (text|dot|json)", "text")
+  .option("-o, --output <file>", "Output file path")
+  .action(depsCommand);
+
+program
+  .command("profile")
+  .description("Performance profiling for services")
+  .option("-d, --duration <seconds>", "Profiling duration", "60")
+  .option("-i, --interval <ms>", "Sampling interval", "1000")
+  .option("-s, --service <name>", "Service name to profile")
+  .option("-o, --output <file>", "Output file path")
+  .action(profileCommand);
+
+program
+  .command("loadbalancer")
+  .description("Load balancer management")
+  .argument("<action>", "Action to perform")
+  .option("-p, --port <port>", "Load balancer port", "8080")
+  .option("-a, --algorithm <type>", "Load balancing algorithm", "round-robin")
+  .option("-b, --backends <list>", "Backend servers (host:port,host:port)")
+  .option("--health-check", "Enable health checking", true)
+  .option("--health-path <path>", "Health check path", "/healthz")
+  .option("--health-interval <ms>", "Health check interval", "10000")
+  .action(loadbalancerCommand);
+
+program
+  .command("dbpool")
+  .description("Database connection pool management")
+  .argument("<action>", "Action to perform")
+  .option("--host <host>", "Database host", "localhost")
+  .option("--port <port>", "Database port", "5432")
+  .option("--database <name>", "Database name", "testdb")
+  .option("--username <user>", "Database username", "user")
+  .option("--password <pass>", "Database password", "password")
+  .option("--max-connections <num>", "Maximum connections", "10")
+  .option("--min-connections <num>", "Minimum connections", "2")
+  .option("--concurrency <num>", "Test concurrency", "10")
+  .option("--iterations <num>", "Test iterations", "100")
+  .action(dbpoolCommand);
+
+program.parse();

package/dist/bs9-0gqcrp5t.

@@ -0,0 +1,144 @@
+#!/usr/bin/env bun
+
+import { Command } from "commander";
+import { startCommand } from "../src/commands/start.js";
+import { stopCommand } from "../src/commands/stop.js";
+import { restartCommand } from "../src/commands/restart.js";
+import { statusCommand } from "../src/commands/status.js";
+import { logsCommand } from "../src/commands/logs.js";
+import { monitCommand } from "../src/commands/monit.js";
+import { webCommand } from "../src/commands/web.js";
+import { alertCommand } from "../src/commands/alert.js";
+import { exportCommand } from "../src/commands/export.js";
+import { depsCommand } from "../src/commands/deps.js";
+import { profileCommand } from "../src/commands/profile.js";
+import { loadbalancerCommand } from "../src/loadbalancer/manager.js";
+import { dbpoolCommand } from "../src/database/pool.js";
+
+const program = new Command();
+
+program
+  .name("bs9")
+  .description("BS9 (Bun Sentinel 9) — Mission-critical process manager CLI")
+  .version("1.0.0");
+
+program
+  .command("start")
+  .description("Start a process with hardened systemd unit")
+  .argument("<file>", "Script or executable to run")
+  .option("-n, --name <name>", "Service name (defaults to filename)")
+  .option("-p, --port <port>", "Port to expose (for metrics/health)", "3000")
+  .option("--env <env...>", "Environment variables (KEY=VALUE)")
+  .option("--no-otel", "Disable automatic OpenTelemetry injection")
+  .option("--no-prometheus", "Disable automatic Prometheus metrics")
+  .option("--build", "Build TypeScript to optimized JavaScript for production (AOT)")
+  .action(startCommand);
+
+program
+  .command("stop")
+  .description("Stop a managed service")
+  .argument("<name>", "Service name")
+  .action(stopCommand);
+
+program
+  .command("restart")
+  .description("Restart a managed service")
+  .argument("<name>", "Service name")
+  .action(restartCommand);
+
+program
+  .command("status")
+  .description("Show status and SRE metrics for all services")
+  .option("-w, --watch", "Watch mode (refresh every 2s)")
+  .action(statusCommand);
+
+program
+  .command("logs")
+  .description("Show logs for a service (via journalctl)")
+  .argument("<name>", "Service name")
+  .option("-f, --follow", "Follow logs")
+  .option("-n, --lines <number>", "Number of lines", "50")
+  .action(logsCommand);
+
+program
+  .command("monit")
+  .description("Real-time terminal dashboard for all services")
+  .option("-r, --refresh <seconds>", "Refresh interval in seconds", "2")
+  .action(monitCommand);
+
+program
+  .command("web")
+  .description("Start web-based monitoring dashboard")
+  .option("-p, --port <port>", "Port for web dashboard", "8080")
+  .option("-d, --detach", "Run in background")
+  .action(webCommand);
+
+program
+  .command("alert")
+  .description("Configure alert thresholds and webhooks")
+  .option("--enable", "Enable alerts")
+  .option("--disable", "Disable alerts")
+  .option("--webhook <url>", "Set webhook URL for alerts")
+  .option("--cpu <percentage>", "CPU threshold percentage")
+  .option("--memory <percentage>", "Memory threshold percentage")
+  .option("--errorRate <percentage>", "Error rate threshold percentage")
+  .option("--uptime <percentage>", "Uptime threshold percentage")
+  .option("--cooldown <seconds>", "Alert cooldown period in seconds")
+  .option("--service <name>", "Configure alerts for specific service")
+  .option("--list", "List current alert configuration")
+  .option("--test", "Test webhook connectivity")
+  .action(alertCommand);
+
+program
+  .command("export")
+  .description("Export historical metrics data")
+  .option("-f, --format <format>", "Export format (json|csv)", "json")
+  .option("-h, --hours <hours>", "Hours of data to export", "24")
+  .option("-o, --output <file>", "Output file path")
+  .option("-s, --service <name>", "Export specific service metrics")
+  .action(exportCommand);
+
+program
+  .command("deps")
+  .description("Visualize service dependencies")
+  .option("-f, --format <format>", "Output format (text|dot|json)", "text")
+  .option("-o, --output <file>", "Output file path")
+  .action(depsCommand);
+
+program
+  .command("profile")
+  .description("Performance profiling for services")
+  .option("-d, --duration <seconds>", "Profiling duration", "60")
+  .option("-i, --interval <ms>", "Sampling interval", "1000")
+  .option("-s, --service <name>", "Service name to profile")
+  .option("-o, --output <file>", "Output file path")
+  .action(profileCommand);
+
+program
+  .command("loadbalancer")
+  .description("Load balancer management")
+  .argument("<action>", "Action to perform")
+  .option("-p, --port <port>", "Load balancer port", "8080")
+  .option("-a, --algorithm <type>", "Load balancing algorithm", "round-robin")
+  .option("-b, --backends <list>", "Backend servers (host:port,host:port)")
+  .option("--health-check", "Enable health checking", true)
+  .option("--health-path <path>", "Health check path", "/healthz")
+  .option("--health-interval <ms>", "Health check interval", "10000")
+  .action(loadbalancerCommand);
+
+program
+  .command("dbpool")
+  .description("Database connection pool management")
+  .argument("<action>", "Action to perform")
+  .option("--host <host>", "Database host", "localhost")
+  .option("--port <port>", "Database port", "5432")
+  .option("--database <name>", "Database name", "testdb")
+  .option("--username <user>", "Database username", "user")
+  .option("--password <pass>", "Database password", "password")
+  .option("--max-connections <num>", "Maximum connections", "10")
+  .option("--min-connections <num>", "Minimum connections", "2")
+  .option("--concurrency <num>", "Test concurrency", "10")
+  .option("--iterations <num>", "Test iterations", "100")
+  .action(dbpoolCommand);
+
+program.parse();