codify-plugin-lib 1.0.179 → 1.0.181

package/dist/bin/build.d.ts

@@ -0,0 +1 @@
+export declare function build(): Promise<void>;

package/dist/bin/build.js

@@ -0,0 +1,80 @@
+import { Ajv } from 'ajv';
+import { IpcMessageSchema, MessageStatus, ResourceSchema } from 'codify-schemas';
+// @ts-ignore
+import mergeJsonSchemas from 'merge-json-schemas';
+import { fork } from 'node:child_process';
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import * as url from 'node:url';
+import { codifySpawn } from '../utils/codify-spawn.js';
+const ajv = new Ajv({
+    strict: true
+});
+const ipcMessageValidator = ajv.compile(IpcMessageSchema);
+function sendMessageAndAwaitResponse(process, message) {
+    return new Promise((resolve, reject) => {
+        process.on('message', (response) => {
+            if (!ipcMessageValidator(response)) {
+                throw new Error(`Invalid message from plugin. ${JSON.stringify(message, null, 2)}`);
+            }
+            // Wait for the message response. Other messages such as sudoRequest may be sent before the response returns
+            if (response.cmd === message.cmd + '_Response') {
+                if (response.status === MessageStatus.SUCCESS) {
+                    resolve(response.data);
+                }
+                else {
+                    reject(new Error(String(response.data)));
+                }
+            }
+        });
+        // Send message last to ensure listeners are all registered
+        process.send(message);
+    });
+}
+export async function build() {
+    await fs.rm('./dist', { force: true, recursive: true });
+    await codifySpawn('npm run rollup -- -f es');
+    const plugin = fork('./dist/index.js', [], {
+        // Use default true to test plugins in secure mode (un-able to request sudo directly)
+        detached: true,
+        env: { ...process.env },
+        execArgv: ['--import', 'tsx/esm'],
+    });
+    const initializeResult = await sendMessageAndAwaitResponse(plugin, {
+        cmd: 'initialize',
+        data: {}
+    });
+    const { resourceDefinitions } = initializeResult;
+    const resourceTypes = resourceDefinitions.map((i) => i.type);
+    const schemasMap = new Map();
+    for (const type of resourceTypes) {
+        const resourceInfo = await sendMessageAndAwaitResponse(plugin, {
+            cmd: 'getResourceInfo',
+            data: { type }
+        });
+        schemasMap.set(type, resourceInfo.schema);
+    }
+    const mergedSchemas = [...schemasMap.entries()].map(([type, schema]) => {
+        // const resolvedSchema = await $RefParser.dereference(schema)
+        const resourceSchema = JSON.parse(JSON.stringify(ResourceSchema));
+        delete resourceSchema.$id;
+        delete resourceSchema.$schema;
+        delete resourceSchema.title;
+        delete resourceSchema.oneOf;
+        delete resourceSchema.properties.type;
+        if (schema) {
+            delete schema.$id;
+            delete schema.$schema;
+            delete schema.title;
+            delete schema.oneOf;
+        }
+        return mergeJsonSchemas([schema ?? {}, resourceSchema, { properties: { type: { const: type, type: 'string' } } }]);
+    });
+    await fs.rm('./dist', { force: true, recursive: true });
+    await codifySpawn('npm run rollup'); // re-run rollup without building for es
+    console.log('Generated JSON Schemas for all resources');
+    const distFolder = path.resolve(path.dirname(url.fileURLToPath(import.meta.url)), '..', 'dist');
+    const schemaOutputPath = path.resolve(distFolder, 'schemas.json');
+    await fs.writeFile(schemaOutputPath, JSON.stringify(mergedSchemas, null, 2));
+    console.log('Successfully wrote schema to ./dist/schemas.json');
+}

package/dist/bin/deploy-plugin.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/bin/deploy-plugin.js

@@ -0,0 +1,8 @@
+#!/usr/bin/env node
+import path from 'node:path';
+import * as fs from 'node:fs';
+import { build } from './build.js';
+const packageJson = fs.readFileSync(path.join(process.env['npm_config_local_prefix'], 'package.json'), 'utf8');
+const { name: libraryName, version: libraryVersion } = JSON.parse(packageJson);
+console.log(libraryName, libraryVersion);
+await build();

package/dist/plugin/plugin.js

@@ -30,13 +30,22 @@ export class Plugin {
         }
         return {
             resourceDefinitions: [...this.resourceControllers.values()]
-                .map((r) => ({
-                dependencies: r.dependencies,
-                type: r.typeId,
-                sensitiveParameters: Object.entries(r.settings.parameterSettings ?? {})
+                .map((r) => {
+                const sensitiveParameters = Object.entries(r.settings.parameterSettings ?? {})
                     .filter(([, v]) => v?.isSensitive)
-                    .map(([k]) => k),
-            }))
+                    .map(([k]) => k);
+                // Here we add '*' if the resource is sensitive but no sensitive parameters are found. This works because the import
+                // sensitivity check only checks for the existance of a sensitive parameter whereas the parameter blocking one blocks
+                // on a specific sensitive parameter.
+                if (r.settings.isSensitive && sensitiveParameters.length === 0) {
+                    sensitiveParameters.push('*');
+                }
+                return {
+                    dependencies: r.dependencies,
+                    type: r.typeId,
+                    sensitiveParameters,
+                };
+            })
         };
     }
     getResourceInfo(data) {
@@ -51,9 +60,15 @@ export class Plugin {
             ?? undefined);
         const allowMultiple = resource.settings.allowMultiple !== undefined
             && resource.settings.allowMultiple !== false;
+        // Here we add '*' if the resource is sensitive but no sensitive parameters are found. This works because the import
+        // sensitivity check only checks for the existance of a sensitive parameter whereas the parameter blocking one blocks
+        // on a specific sensitive parameter.
         const sensitiveParameters = Object.entries(resource.settings.parameterSettings ?? {})
             .filter(([, v]) => v?.isSensitive)
             .map(([k]) => k);
+        if (resource.settings.isSensitive && sensitiveParameters.length === 0) {
+            sensitiveParameters.push('*');
+        }
         return {
             plugin: this.name,
             type: data.type,

package/dist/pty/background-pty.d.ts

@@ -16,4 +16,5 @@ export declare class BackgroundPty implements IPty {
         signal?: number | undefined;
     }>;
     private initialize;
+    private getDefaultShell;
 }

package/dist/pty/background-pty.js

@@ -16,7 +16,7 @@ EventEmitter.defaultMaxListeners = 1000;
  * without a tty (or even a stdin) attached so interactive commands will not work.
  */
 export class BackgroundPty {
-    basePty = pty.spawn('zsh', ['-i'], {
+    basePty = pty.spawn(this.getDefaultShell(), ['-i'], {
         env: process.env, name: nanoid(6),
         handleFlowControl: true
     });
@@ -103,7 +103,10 @@ export class BackgroundPty {
         await this.promiseQueue.run(async () => {
             let outputBuffer = '';
             return new Promise(resolve => {
-                this.basePty.write('setopt hist_ignore_space;\n');
+                // zsh-specific commands
+                if (this.getDefaultShell() === 'zsh') {
+                    this.basePty.write('setopt hist_ignore_space;\n');
+                }
                 this.basePty.write(' unset PS1;\n');
                 this.basePty.write(' unset PS0;\n');
                 this.basePty.write(' echo setup complete\\"\n');
@@ -117,4 +120,7 @@ export class BackgroundPty {
             });
         });
     }
+    getDefaultShell() {
+        return process.platform === 'darwin' ? 'zsh' : 'bash';
+    }
 }

package/dist/resource/resource-settings.d.ts

@@ -18,6 +18,11 @@ export interface ResourceSettings<T extends StringIndexedObject> {
      * Schema to validate user configs with. Must be in the format JSON Schema draft07
      */
     schema?: Partial<JSONSchemaType<T | any>>;
+    /**
+     * Mark the resource as sensitive. Defaults to false. This prevents the resource from automatically being imported by init and import.
+     * This differs from the parameter level sensitivity which also prevents the parameter value from being displayed in the plan.
+     */
+    isSensitive?: boolean;
     /**
      * Allow multiple of the same resource to unique. Set truthy if
      * multiples are allowed, for example for applications, there can be multiple copy of the same application installed

package/dist/resource/resource-settings.js

@@ -12,8 +12,9 @@ const ParameterEqualsDefaults = {
         if (transformedB.startsWith('.')) { // Only relative paths start with '.'
             transformedB = path.resolve(transformedB);
         }
-        const notCaseSensitive = process.platform === 'darwin';
-        if (notCaseSensitive) {
+        // macOS has case-insensitive filesystem by default, Linux is case-sensitive
+        const isCaseSensitive = process.platform === 'linux';
+        if (!isCaseSensitive) {
             transformedA = transformedA.toLowerCase();
             transformedB = transformedB.toLowerCase();
         }

package/dist/scripts/deploy.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/scripts/deploy.js

@@ -0,0 +1,2 @@
+console.log('Deploying!!');
+export {};

package/dist/utils/codify-spawn.d.ts

@@ -0,0 +1,29 @@
+import { SpawnOptions } from 'node:child_process';
+export declare enum SpawnStatus {
+    SUCCESS = "success",
+    ERROR = "error"
+}
+export interface SpawnResult {
+    status: SpawnStatus;
+    data: string;
+}
+type CodifySpawnOptions = {
+    cwd?: string;
+    throws?: boolean;
+    requiresRoot?: boolean;
+    requestsTTY?: boolean;
+} & Omit<SpawnOptions, 'detached' | 'shell' | 'stdio'>;
+/**
+ *
+ * @param cmd Command to run. Ex: `rm -rf`
+ * @param opts Standard options for node spawn. Additional argument:
+ * throws determines if a shell will throw a JS error. Defaults to true
+ *
+ * @see promiseSpawn
+ * @see spawn
+ *
+ * @returns SpawnResult { status: SUCCESS | ERROR; data: string }
+ */
+export declare function codifySpawn(cmd: string, opts?: CodifySpawnOptions): Promise<SpawnResult>;
+export declare function isDebug(): boolean;
+export {};

package/dist/utils/codify-spawn.js

@@ -0,0 +1,136 @@
+import { Ajv } from 'ajv';
+import { MessageCmd, SudoRequestResponseDataSchema } from 'codify-schemas';
+import { nanoid } from 'nanoid';
+import { spawn } from 'node:child_process';
+import stripAnsi from 'strip-ansi';
+import { VerbosityLevel } from './utils.js';
+import { SudoError } from '../errors.js';
+const ajv = new Ajv({
+    strict: true,
+});
+const validateSudoRequestResponse = ajv.compile(SudoRequestResponseDataSchema);
+export var SpawnStatus;
+(function (SpawnStatus) {
+    SpawnStatus["SUCCESS"] = "success";
+    SpawnStatus["ERROR"] = "error";
+})(SpawnStatus || (SpawnStatus = {}));
+/**
+ *
+ * @param cmd Command to run. Ex: `rm -rf`
+ * @param opts Standard options for node spawn. Additional argument:
+ * throws determines if a shell will throw a JS error. Defaults to true
+ *
+ * @see promiseSpawn
+ * @see spawn
+ *
+ * @returns SpawnResult { status: SUCCESS | ERROR; data: string }
+ */
+export async function codifySpawn(cmd, opts) {
+    const throws = opts?.throws ?? true;
+    console.log(`Running command: ${cmd}` + (opts?.cwd ? `(${opts?.cwd})` : ''));
+    try {
+        // TODO: Need to benchmark the effects of using sh vs zsh for shell.
+        //  Seems like zsh shells run slower
+        const result = await (opts?.requiresRoot
+            ? externalSpawnWithSudo(cmd, opts)
+            : internalSpawn(cmd, opts ?? {}));
+        if (result.status !== SpawnStatus.SUCCESS) {
+            throw new Error(result.data);
+        }
+        return result;
+    }
+    catch (error) {
+        if (isDebug()) {
+            console.error(`CodifySpawn error for command ${cmd}`, error);
+        }
+        // @ts-ignore
+        if (error.message?.startsWith('sudo:')) {
+            throw new SudoError(cmd);
+        }
+        if (throws) {
+            throw error;
+        }
+        if (error instanceof Error) {
+            return {
+                status: SpawnStatus.ERROR,
+                data: error.message,
+            };
+        }
+        return {
+            status: SpawnStatus.ERROR,
+            data: String(error),
+        };
+    }
+}
+async function internalSpawn(cmd, opts) {
+    return new Promise((resolve) => {
+        const output = [];
+        // If TERM_PROGRAM=Apple_Terminal is set then ANSI escape characters may be included
+        // in the response.
+        const env = { ...process.env, ...opts.env, TERM_PROGRAM: 'codify', COMMAND_MODE: 'unix2003', COLORTERM: 'truecolor' };
+        const shell = getDefaultShell();
+        const rcFile = shell === 'zsh' ? '~/.zshrc' : '~/.bashrc';
+        // Source start up shells to emulate a users environment vs. a non-interactive non-login shell script
+        // Ignore all stdin
+        // If tty is requested then we'll need to sleep 1 to avoid race conditions. This is because if the terminal updates async after the tty message is
+        // displayed then it'll disappear. By adding sleep 1 it'll allow ink.js to finish all the updates before the tty message is shown
+        const _process = spawn(`source ${rcFile}; ${opts.requestsTTY ? 'sleep 1;' : ''}${cmd}`, [], {
+            ...opts,
+            stdio: ['ignore', 'pipe', 'pipe'],
+            shell,
+            env
+        });
+        const { stdout, stderr, stdin } = _process;
+        stdout.setEncoding('utf8');
+        stderr.setEncoding('utf8');
+        stdout.on('data', (data) => {
+            output.push(data.toString());
+        });
+        stderr.on('data', (data) => {
+            output.push(data.toString());
+        });
+        _process.on('error', (data) => { });
+        // please node that this is not a full replacement for 'inherit'
+        // the child process can and will detect if stdout is a pty and change output based on it
+        // the terminal context is lost & ansi information (coloring) etc will be lost
+        if (stdout && stderr && VerbosityLevel.get() > 0) {
+            stdout.pipe(process.stdout);
+            stderr.pipe(process.stderr);
+        }
+        _process.on('close', (code) => {
+            resolve({
+                status: code === 0 ? SpawnStatus.SUCCESS : SpawnStatus.ERROR,
+                data: stripAnsi(output.join('\n')),
+            });
+        });
+    });
+}
+async function externalSpawnWithSudo(cmd, opts) {
+    return new Promise((resolve) => {
+        const requestId = nanoid(8);
+        const listener = (data) => {
+            if (data.requestId === requestId) {
+                process.removeListener('message', listener);
+                if (!validateSudoRequestResponse(data.data)) {
+                    throw new Error(`Invalid response for sudo request: ${JSON.stringify(validateSudoRequestResponse.errors, null, 2)}`);
+                }
+                resolve(data.data);
+            }
+        };
+        process.on('message', listener);
+        process.send({
+            cmd: MessageCmd.SUDO_REQUEST,
+            data: {
+                command: cmd,
+                options: opts ?? {},
+            },
+            requestId
+        });
+    });
+}
+export function isDebug() {
+    return process.env.DEBUG != null && process.env.DEBUG.includes('codify'); // TODO: replace with debug library
+}
+function getDefaultShell() {
+    return process.platform === 'darwin' ? 'zsh' : 'bash';
+}

package/dist/utils/pty-local-storage.d.ts

@@ -1,3 +1,2 @@
-/// <reference types="node" resolution-mode="require"/>
 import { AsyncLocalStorage } from 'node:async_hooks';
 export declare const ptyLocalStorage: AsyncLocalStorage<unknown>;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codify-plugin-lib",
-  "version": "1.0.179",
+  "version": "1.0.181",
   "description": "Library plugin library",
   "main": "dist/index.js",
   "typings": "dist/index.d.ts",
@@ -10,42 +10,47 @@
     "posttest": "tsc",
     "prepublishOnly": "tsc"
   },
+  "bin": {
+    "codify-deploy": "./dist/bin/deploy-plugin.js"
+  },
   "keywords": [],
   "author": "",
   "license": "ISC",
   "dependencies": {
+    "@homebridge/node-pty-prebuilt-multiarch": "^0.13.1",
+    "@npmcli/promise-spawn": "^7.0.1",
     "ajv": "^8.12.0",
     "ajv-formats": "^2.1.1",
+    "clean-deep": "^3.4.0",
     "codify-schemas": "1.0.83",
-    "@npmcli/promise-spawn": "^7.0.1",
-    "@homebridge/node-pty-prebuilt-multiarch": "^0.12.0-beta.5",
-    "uuid": "^10.0.0",
     "lodash.isequal": "^4.5.0",
     "nanoid": "^5.0.9",
     "strip-ansi": "^7.1.0",
-    "clean-deep": "^3.4.0"
+    "uuid": "^10.0.0"
   },
   "devDependencies": {
+    "@apidevtools/json-schema-ref-parser": "^11.7.2",
     "@oclif/prettier-config": "^0.2.1",
     "@oclif/test": "^3",
-    "@types/npmcli__promise-spawn": "^6.0.3",
+    "@types/lodash.isequal": "^4.5.8",
     "@types/node": "^20",
+    "@types/npmcli__promise-spawn": "^6.0.3",
     "@types/semver": "^7.5.4",
     "@types/sinon": "^17.0.3",
     "@types/uuid": "^10.0.0",
-    "@types/lodash.isequal": "^4.5.8",
     "chai-as-promised": "^7.1.1",
-    "vitest": "^3.0.5",
-    "vitest-mock-extended": "^1.3.1",
-    "sinon": "^17.0.1",
     "eslint": "^8.51.0",
     "eslint-config-oclif": "^5",
     "eslint-config-oclif-typescript": "^3",
+    "eslint-config-prettier": "^9.0.0",
+    "merge-json-schemas": "^1.0.0",
     "shx": "^0.3.3",
+    "sinon": "^17.0.1",
     "ts-node": "^10.9.1",
     "tsc-watch": "^6.0.4",
     "typescript": "^5",
-    "eslint-config-prettier": "^9.0.0"
+    "vitest": "^3.0.5",
+    "vitest-mock-extended": "^1.3.1"
   },
   "engines": {
     "node": ">=18.0.0"

package/src/plugin/plugin.ts

@@ -59,13 +59,24 @@ export class Plugin {
 
     return {
       resourceDefinitions: [...this.resourceControllers.values()]
-        .map((r) => ({
-          dependencies: r.dependencies,
-          type: r.typeId,
-          sensitiveParameters: Object.entries(r.settings.parameterSettings ?? {})
+        .map((r) => {
+          const sensitiveParameters = Object.entries(r.settings.parameterSettings ?? {})
             .filter(([, v]) => v?.isSensitive)
-            .map(([k]) => k),
-        }))
+            .map(([k]) => k);
+
+          // Here we add '*' if the resource is sensitive but no sensitive parameters are found. This works because the import
+          // sensitivity check only checks for the existance of a sensitive parameter whereas the parameter blocking one blocks
+          // on a specific sensitive parameter.
+          if (r.settings.isSensitive && sensitiveParameters.length === 0) {
+            sensitiveParameters.push('*');
+          }
+
+          return {
+            dependencies: r.dependencies,
+            type: r.typeId,
+            sensitiveParameters,
+          }
+        })
     }
   }
 
@@ -87,10 +98,17 @@ export class Plugin {
     const allowMultiple = resource.settings.allowMultiple !== undefined
       && resource.settings.allowMultiple !== false;
 
+    // Here we add '*' if the resource is sensitive but no sensitive parameters are found. This works because the import
+    // sensitivity check only checks for the existance of a sensitive parameter whereas the parameter blocking one blocks
+    // on a specific sensitive parameter.
     const sensitiveParameters = Object.entries(resource.settings.parameterSettings ?? {})
       .filter(([, v]) => v?.isSensitive)
       .map(([k]) => k);
 
+    if (resource.settings.isSensitive && sensitiveParameters.length === 0) {
+      sensitiveParameters.push('*');
+    }
+
     return {
       plugin: this.name,
       type: data.type,

package/src/pty/background-pty.ts

@@ -19,7 +19,7 @@ EventEmitter.defaultMaxListeners = 1000;
  * without a tty (or even a stdin) attached so interactive commands will not work.
  */
 export class BackgroundPty implements IPty {
-  private basePty = pty.spawn('zsh', ['-i'], {
+  private basePty = pty.spawn(this.getDefaultShell(), ['-i'], {
     env: process.env, name: nanoid(6),
     handleFlowControl: true
   });
@@ -127,7 +127,10 @@ export class BackgroundPty implements IPty {
       let outputBuffer = '';
 
       return new Promise(resolve => {
-        this.basePty.write('setopt hist_ignore_space;\n');
+        // zsh-specific commands
+        if (this.getDefaultShell() === 'zsh') {
+          this.basePty.write('setopt hist_ignore_space;\n');
+        }
         this.basePty.write(' unset PS1;\n');
         this.basePty.write(' unset PS0;\n')
         this.basePty.write(' echo setup complete\\"\n')
@@ -142,4 +145,8 @@ export class BackgroundPty implements IPty {
       })
     })
   }
+
+  private getDefaultShell(): string {
+    return process.platform === 'darwin' ? 'zsh' : 'bash';
+  }
 }

package/src/resource/resource-settings.ts

@@ -27,6 +27,12 @@ export interface ResourceSettings<T extends StringIndexedObject> {
    */
   schema?: Partial<JSONSchemaType<T | any>>;
 
+  /**
+   * Mark the resource as sensitive. Defaults to false. This prevents the resource from automatically being imported by init and import.
+   * This differs from the parameter level sensitivity which also prevents the parameter value from being displayed in the plan.
+   */
+  isSensitive?: boolean;
+
   /**
    * Allow multiple of the same resource to unique. Set truthy if
    * multiples are allowed, for example for applications, there can be multiple copy of the same application installed
@@ -344,8 +350,9 @@ const ParameterEqualsDefaults: Partial<Record<ParameterSettingType, (a: unknown,
       transformedB = path.resolve(transformedB)
     }
 
-    const notCaseSensitive = process.platform === 'darwin';
-    if (notCaseSensitive) {
+    // macOS has case-insensitive filesystem by default, Linux is case-sensitive
+    const isCaseSensitive = process.platform === 'linux';
+    if (!isCaseSensitive) {
       transformedA = transformedA.toLowerCase();
       transformedB = transformedB.toLowerCase();
     }