hereya-cli 0.55.0 → 0.57.0

package/dist/executor/local.js

@@ -17,11 +17,11 @@ export class LocalExecutor {
         });
     }
     async import(input) {
-        const resolvePackageOutput = await resolvePackage({ package: input.package, projectRootDir: input.projectRootDir });
+        const resolvePackageOutput = await resolvePackage({ logger: input.logger, package: input.package, projectRootDir: input.projectRootDir });
         if (!resolvePackageOutput.found) {
             return { reason: resolvePackageOutput.reason, success: false };
         }
-        const { canonicalName, metadata, pkgName } = resolvePackageOutput;
+        const { canonicalName, metadata, pkgName, version } = resolvePackageOutput;
         const backend = await getBackend();
         const id$ = await backend.getProvisioningId({
             logicalId: getProvisioningLogicalId({ pkg: pkgName, project: input.project, workspace: input.workspace }),
@@ -46,7 +46,7 @@ export class LocalExecutor {
         if (!uploadStateFileOutput.success) {
             return { reason: uploadStateFileOutput.reason, success: false };
         }
-        return { metadata, success: true };
+        return { metadata, pkgName, success: true, version };
     }
     async provision(input) {
         const getWorkspaceEnvOutput = await this.getWorkspaceEnv({

package/dist/infrastructure/index.d.ts

@@ -39,7 +39,9 @@ export type ProvisionPackageOutput = {
         [key: string]: string;
     };
     metadata: z.infer<typeof PackageMetadata>;
+    pkgName: string;
     success: true;
+    version?: string;
 } | {
     reason: string;
     success: false;

package/dist/infrastructure/index.js

@@ -29,17 +29,17 @@ export function getInfrastructure(input) {
     }
 }
 export async function destroyPackage(input) {
-    const resolvePackageOutput = await resolvePackage({ isDeploying: input.isDeploying, package: input.package, projectRootDir: input.projectRootDir });
+    const resolvePackageOutput = await resolvePackage({ isDeploying: input.isDeploying, logger: input.logger, package: input.package, projectRootDir: input.projectRootDir });
     if (!resolvePackageOutput.found) {
         return { reason: resolvePackageOutput.reason, success: false };
     }
-    const { canonicalName, metadata, packageUri, pkgName } = resolvePackageOutput;
+    const { canonicalName, metadata, packageUri, pkgName, version } = resolvePackageOutput;
     const infrastructure$ = getInfrastructure({ type: metadata.infra });
     if (!infrastructure$.supported) {
         return { reason: infrastructure$.reason, success: false };
     }
     if (metadata.deploy && input.skipDeploy) {
-        return { env: {}, metadata, success: true };
+        return { env: {}, metadata, pkgName, success: true, version: version || '' };
     }
     const { infrastructure } = infrastructure$;
     const backend = await getBackend();
@@ -92,20 +92,20 @@ export async function destroyPackage(input) {
             success: false,
         };
     }
-    return { env: destroyOutput.env, metadata, success: true };
+    return { env: destroyOutput.env, metadata, pkgName, success: true, version: version || '' };
 }
 export async function provisionPackage(input) {
-    const resolvePackageOutput = await resolvePackage({ isDeploying: input.isDeploying, package: input.package, projectRootDir: input.projectRootDir });
+    const resolvePackageOutput = await resolvePackage({ isDeploying: input.isDeploying, logger: input.logger, package: input.package, projectRootDir: input.projectRootDir });
     if (!resolvePackageOutput.found) {
         return { reason: resolvePackageOutput.reason, success: false };
     }
-    const { canonicalName, metadata, packageUri, pkgName } = resolvePackageOutput;
+    const { canonicalName, metadata, packageUri, pkgName, version } = resolvePackageOutput;
     const infrastructure$ = getInfrastructure({ type: metadata.infra });
     if (!infrastructure$.supported) {
         return { reason: infrastructure$.reason, success: false };
     }
     if (metadata.deploy && input.skipDeploy) {
-        return { env: {}, metadata, success: true };
+        return { env: {}, metadata, pkgName, success: true, version: version || '' };
     }
     const dependencies = metadata.dependencies ?? {};
     const depsOutput = await Promise.all(Object.entries(dependencies).map(async ([depName]) => provisionPackage({
@@ -167,7 +167,7 @@ export async function provisionPackage(input) {
     if (!provisionOutput.success) {
         return { reason: provisionOutput.reason, success: false };
     }
-    return { env: provisionOutput.env, metadata, success: true };
+    return { env: provisionOutput.env, metadata, pkgName, success: true, version: version || '' };
 }
 export function getProvisioningLogicalId({ pkg, project, workspace }) {
     const projectName = project ? stripOrgPrefix(project) : project;

package/dist/lib/config/common.d.ts

@@ -37,5 +37,6 @@ export type AddPackageInput = {
     metadata: IPackageMetadata;
     package: string;
     projectRootDir?: string;
+    version?: string;
 };
 export type RemovePackageInput = AddPackageInput;

package/dist/lib/config/simple.js

@@ -11,7 +11,7 @@ export class SimpleConfigManager {
                     deploy: {
                         ...config.deploy,
                         [input.package]: {
-                            version: '',
+                            version: input.version || '',
                         },
                     },
                 }
@@ -19,7 +19,7 @@ export class SimpleConfigManager {
                     packages: {
                         ...config.packages,
                         [input.package]: {
-                            version: '',
+                            version: input.version || '',
                             ...(input.metadata.onDeploy
                                 ? {
                                     onDeploy: {

package/dist/lib/package/cloud.d.ts

@@ -0,0 +1,19 @@
+import type { Backend, RegistryPackage } from '../../backend/common.js';
+import type { Logger } from '../log.js';
+import type { GetRepoContentInput, GetRepoContentOutput, PackageManager } from './common.js';
+export interface CloudPackageInfo {
+    name: string;
+    registryPackage: RegistryPackage;
+    version: string;
+}
+export declare class CloudPackageManager implements PackageManager {
+    private readonly backend;
+    private readonly logger?;
+    constructor(backend: Backend, logger?: Logger | undefined);
+    downloadAndValidatePackage(registryPackage: RegistryPackage, destPath: string): Promise<string>;
+    downloadPackage(pkgUrl: string, destPath: string): Promise<string>;
+    getFileFromRepository(repoUrl: string, commit: string | undefined, filePath: string, sha256?: string): Promise<GetRepoContentOutput>;
+    getRepoContent({ owner, path: filePath, repo, version }: GetRepoContentInput): Promise<GetRepoContentOutput>;
+    resolvePackage(packageSpec: string): Promise<CloudPackageInfo | null>;
+    private parsePackageSpec;
+}

package/dist/lib/package/cloud.js

@@ -0,0 +1,226 @@
+import { createHash, randomUUID } from 'node:crypto';
+import fs from 'node:fs/promises';
+import os from 'node:os';
+import path from 'node:path';
+import { fileExists, isNotEmpty } from '../filesystem.js';
+export class CloudPackageManager {
+    backend;
+    logger;
+    constructor(backend, logger) {
+        this.backend = backend;
+        this.logger = logger;
+    }
+    async downloadAndValidatePackage(registryPackage, destPath) {
+        if (!registryPackage.repository) {
+            throw new Error(`No repository URL for package ${registryPackage.name}`);
+        }
+        if (await isNotEmpty(destPath)) {
+            return destPath;
+        }
+        await fs.mkdir(destPath, { recursive: true });
+        const tmpFolder = path.join(os.homedir(), '.hereya', 'downloads', randomUUID());
+        try {
+            // Use simple-git to clone the repository at specific commit
+            const { simpleGit } = await import('simple-git');
+            const git = simpleGit();
+            if (registryPackage.commit) {
+                // Clone repository and checkout specific commit
+                await git.clone(registryPackage.repository, tmpFolder, ['--no-checkout']);
+                const repoGit = simpleGit(tmpFolder);
+                await repoGit.checkout(registryPackage.commit);
+            }
+            else {
+                // Clone repository at default branch
+                await git.clone(registryPackage.repository, tmpFolder, ['--depth=1']);
+            }
+            // If checksum is provided, validate it
+            if (registryPackage.sha256) {
+                // Create tar archive from the cloned repository for checksum validation
+                const repoGit = simpleGit(tmpFolder);
+                const archiveBuffer = await repoGit.raw(['archive', '--format=tar', registryPackage.commit || 'HEAD']);
+                const hash = createHash('sha256');
+                hash.update(archiveBuffer);
+                const actualChecksum = hash.digest('hex');
+                if (actualChecksum !== registryPackage.sha256) {
+                    throw new Error(`Checksum mismatch for package ${registryPackage.name}@${registryPackage.version}. Expected: ${registryPackage.sha256}, Got: ${actualChecksum}`);
+                }
+            }
+            // Move files from temp folder to destination
+            const files = await fs.readdir(tmpFolder);
+            await Promise.all(files.map(async (file) => {
+                if (file !== '.git') {
+                    await fs.rename(path.join(tmpFolder, file), path.join(destPath, file));
+                }
+            }));
+            // Clean up temp folder
+            await fs.rm(tmpFolder, { force: true, recursive: true });
+        }
+        catch (error) {
+            // Clean up on error
+            try {
+                await fs.rm(tmpFolder, { force: true, recursive: true });
+            }
+            catch {
+                // Ignore cleanup errors
+            }
+            throw error;
+        }
+        return destPath;
+    }
+    async downloadPackage(pkgUrl, destPath) {
+        // Parse the package URL to extract repository and commit
+        // Format: <repository_url>#<commit_sha>
+        const [repoUrl, commitSha] = pkgUrl.split('#');
+        // For downloading packages during provision/deploy, we use downloadAndValidatePackage
+        // but we don't have SHA256 here. The validation happens in getRepoContent instead
+        // where we have access to the full registry metadata
+        const registryPackage = {
+            commit: commitSha,
+            description: '',
+            id: '',
+            name: '',
+            repository: repoUrl,
+            version: '',
+            // SHA256 not available here - validation happens in getRepoContent
+        };
+        return this.downloadAndValidatePackage(registryPackage, destPath);
+    }
+    async getFileFromRepository(repoUrl, commit, filePath, sha256) {
+        this.logger?.debug(`getFileFromRepository: trying to get ${filePath} from ${repoUrl}${commit ? `@${commit}` : ''}`);
+        const tmpFolder = path.join(os.homedir(), '.hereya', 'downloads', randomUUID());
+        try {
+            const { simpleGit } = await import('simple-git');
+            const git = simpleGit();
+            this.logger?.debug(`getFileFromRepository: cloning ${repoUrl}...`);
+            if (commit) {
+                // Clone repository and checkout specific commit
+                await git.clone(repoUrl, tmpFolder, ['--no-checkout']);
+                const repoGit = simpleGit(tmpFolder);
+                await repoGit.checkout(commit);
+                // Validate checksum if provided (for cloud packages)
+                if (sha256) {
+                    this.logger?.debug('Validating package checksum...');
+                    const archiveBuffer = await repoGit.raw(['archive', '--format=tar', commit]);
+                    const hash = createHash('sha256');
+                    hash.update(archiveBuffer);
+                    const actualChecksum = hash.digest('hex');
+                    if (actualChecksum !== sha256) {
+                        await fs.rm(tmpFolder, { recursive: true });
+                        return {
+                            found: false,
+                            reason: `Checksum validation failed for repository ${repoUrl}@${commit}. Expected: ${sha256}, Got: ${actualChecksum}. This may indicate the package has been tampered with or corrupted.`,
+                        };
+                    }
+                    this.logger?.debug('Checksum validation successful');
+                }
+            }
+            else {
+                // Clone repository at default branch
+                await git.clone(repoUrl, tmpFolder, ['--depth=1']);
+            }
+            const fullFilePath = path.join(tmpFolder, filePath);
+            this.logger?.debug(`getFileFromRepository: checking if file exists at ${fullFilePath}`);
+            if (await fileExists(fullFilePath)) {
+                this.logger?.debug(`getFileFromRepository: file found, reading content...`);
+                const content = await fs.readFile(fullFilePath, 'utf8');
+                await fs.rm(tmpFolder, { recursive: true });
+                return {
+                    content,
+                    found: true,
+                    pkgUrl: commit ? `${repoUrl}#${commit}` : repoUrl,
+                };
+            }
+            // List files to debug what's actually in the package
+            const files = await fs.readdir(tmpFolder);
+            this.logger?.debug(`getFileFromRepository: file ${filePath} not found. Available files: ${files.join(', ')}`);
+            await fs.rm(tmpFolder, { recursive: true });
+            return {
+                found: false,
+                reason: `File '${filePath}' not found in repository '${repoUrl}'. Available files: ${files.join(', ')}. This package may not be compatible with hereya or may be missing required metadata files.`,
+            };
+        }
+        catch (error) {
+            // Clean up on error
+            try {
+                await fs.rm(tmpFolder, { recursive: true });
+            }
+            catch {
+                // Ignore cleanup errors
+            }
+            return {
+                found: false,
+                reason: `Failed to download repository '${repoUrl}': ${error.message}. This could be due to network issues, repository access problems, or authentication issues.`,
+            };
+        }
+    }
+    async getRepoContent({ owner, path: filePath, repo, version }) {
+        // For cloud packages, owner/repo represent the package name in the registry
+        // The actual repository URL comes from the registry metadata
+        // Reconstruct package name from owner/repo
+        // - If owner is empty → package name is just 'repo' (simple name)
+        // - Otherwise → package name is 'owner/repo' (org/name format)
+        const packageName = owner ? `${owner}/${repo}` : repo;
+        // Include version if provided
+        const packageSpec = version ? `${packageName}@${version}` : packageName;
+        this.logger?.debug(`getRepoContent: trying to get ${filePath} from registry package '${packageSpec}'`);
+        // Resolve package from registry to get repository URL
+        const packageInfo = await this.resolvePackage(packageSpec);
+        if (!packageInfo) {
+            this.logger?.debug(`getRepoContent: package '${packageName}' not found in registry`);
+            return {
+                found: false,
+                reason: `Package '${packageName}' not found in registry`,
+            };
+        }
+        // Now we have the actual repository URL and commit from registry
+        const repoUrl = packageInfo.registryPackage.repository;
+        const { commit } = packageInfo.registryPackage;
+        if (!repoUrl) {
+            return {
+                found: false,
+                reason: `Package '${packageName}' in registry has no repository URL`,
+            };
+        }
+        this.logger?.debug(`getRepoContent: downloading from ${repoUrl}${commit ? `@${commit}` : ''}`);
+        // Use the getFileFromRepository method to download from the actual repository
+        // Pass SHA256 for checksum validation if available
+        return this.getFileFromRepository(repoUrl, commit, filePath, packageInfo.registryPackage.sha256);
+    }
+    async resolvePackage(packageSpec) {
+        // Parse package specification: name, org/name, name@version, or org/name@version
+        const { packageName, version } = this.parsePackageSpec(packageSpec);
+        try {
+            // Try to get package from registry
+            // Registry API accepts both 'name' and 'org/name' formats
+            const result = version
+                ? await this.backend.getPackageByVersion(packageName, version)
+                : await this.backend.getPackageLatest(packageName);
+            if (result.success && result.package) {
+                return {
+                    name: packageName,
+                    registryPackage: result.package,
+                    version: result.package.version,
+                };
+            }
+            // Package not found in registry or API error
+            if (!result.success) {
+                this.logger?.debug(`Registry API returned error for ${packageName}: ${result.reason}`);
+            }
+        }
+        catch (error) {
+            // Network error or other exception
+            this.logger?.debug(`Registry API exception for ${packageName}: ${error.message}`);
+        }
+        return null;
+    }
+    parsePackageSpec(spec) {
+        // Parse package specification
+        // Formats: name, org/name, name@version, org/name@version
+        const match = spec.match(/^([^@]+)(?:@(.+))?$/);
+        if (!match) {
+            return { packageName: spec };
+        }
+        const [, packageName, version] = match;
+        return { packageName, version };
+    }
+}

package/dist/lib/package/common.d.ts

@@ -7,6 +7,7 @@ export type GetRepoContentInput = {
     path: string;
     projectRootDir?: string;
     repo: string;
+    version?: string;
 };
 export type GetRepoContentOutput = {
     content: string;

package/dist/lib/package/github.d.ts

@@ -3,5 +3,5 @@ export declare class GitHubPackageManager implements PackageManager {
     private readonly registryUrl;
     constructor(registryUrl?: string);
     downloadPackage(pkgUrl: string, destPath: string): Promise<string>;
-    getRepoContent({ owner, path: filePath, repo }: GetRepoContentInput): Promise<GetRepoContentOutput>;
+    getRepoContent({ owner, path: filePath, repo, version }: GetRepoContentInput): Promise<GetRepoContentOutput>;
 }

package/dist/lib/package/github.js

@@ -16,30 +16,57 @@ export class GitHubPackageManager {
         await fs.mkdir(destPath, { recursive: true });
         // Initialize simple-git
         const git = simpleGit();
-        // Clone repository into temp directory
-        await git.clone(pkgUrl, destPath, ['--depth=1']);
+        // Parse version from URL if present (format: url#version)
+        const [repoUrl, version] = pkgUrl.split('#');
+        if (version) {
+            // Clone repository and checkout specific version tag
+            await git.clone(repoUrl, destPath, ['--no-checkout']);
+            const repoGit = simpleGit(destPath);
+            try {
+                // Try to checkout the version as a tag (e.g., v1.2.3 or 1.2.3)
+                await repoGit.checkout(`v${version}`);
+            }
+            catch {
+                try {
+                    // If v-prefixed tag doesn't exist, try without prefix
+                    await repoGit.checkout(version);
+                }
+                catch {
+                    // If neither tag exists, fail with clear error
+                    throw new Error(`Version '${version}' not found in repository ${repoUrl}. Available tags can be found at ${repoUrl}/tags`);
+                }
+            }
+        }
+        else {
+            // Clone repository at default branch
+            await git.clone(pkgUrl, destPath, ['--depth=1']);
+        }
         return destPath;
     }
-    async getRepoContent({ owner, path: filePath, repo }) {
+    async getRepoContent({ owner, path: filePath, repo, version }) {
         const pkgUrl = `${this.registryUrl}/${owner}/${repo}`;
         const tmpFolder = path.join(os.homedir(), '.hereya', 'downloads', randomUUID());
         try {
-            const destPath = await this.downloadPackage(pkgUrl, tmpFolder);
+            // Build URL with version if provided
+            const versionedPkgUrl = version ? `${pkgUrl}#${version}` : pkgUrl;
+            const destPath = await this.downloadPackage(versionedPkgUrl, tmpFolder);
             if (await fileExists(path.join(destPath, filePath))) {
                 const content = await fs.readFile(path.join(destPath, filePath), 'utf8');
                 // remove the tmp folder
                 await fs.rm(destPath, { recursive: true });
+                // Include version in the pkgUrl if provided
+                const finalPkgUrl = version ? `${pkgUrl}#${version}` : pkgUrl;
                 return {
                     content,
                     found: true,
-                    pkgUrl,
+                    pkgUrl: finalPkgUrl,
                 };
             }
             // remove the tmp folder
             await fs.rm(destPath, { recursive: true });
             return {
                 found: false,
-                reason: `File ${filePath} not found in ${pkgUrl}`,
+                reason: `File ${filePath} not found in ${pkgUrl}${version ? ` at version ${version}` : ''}`,
             };
         }
         catch (error) {

package/dist/lib/package/index.d.ts

@@ -1,16 +1,20 @@
 import { z } from 'zod';
+import { Backend } from '../../backend/common.js';
 import { IacType } from '../../iac/common.js';
 import { InfrastructureType } from '../../infrastructure/common.js';
+import { Logger } from '../log.js';
 import { PackageManager } from './common.js';
 import { LocalPackageManager } from './local.js';
-export declare const packageManager: PackageManager;
+export declare const githubPackageManager: PackageManager;
 export declare const localPackageManager: LocalPackageManager;
-export declare function getPackageManager(protocol: string): PackageManager;
+export declare function getPackageManager(protocol: string, logger?: Logger): Promise<PackageManager>;
 export declare function resolvePackage(input: ResolvePackageInput): Promise<ResolvePackageOutput>;
 export declare function getPackageCanonicalName(packageName: string): string;
 export declare function downloadPackage(pkgUrl: string, destPath: string): Promise<string>;
 export type ResolvePackageInput = {
+    backend?: Backend;
     isDeploying?: boolean;
+    logger?: Logger;
     package: string;
     projectRootDir?: string;
 };
@@ -20,6 +24,7 @@ export type ResolvePackageOutput = {
     metadata: z.infer<typeof PackageMetadata>;
     packageUri: string;
     pkgName: string;
+    version?: string;
 } | {
     found: false;
     reason: string;
@@ -41,8 +46,8 @@ export declare const PackageMetadata: z.ZodObject<{
     }>>;
     originalInfra: z.ZodOptional<z.ZodNativeEnum<typeof InfrastructureType>>;
 }, "strip", z.ZodTypeAny, {
-    iac: IacType;
     infra: InfrastructureType;
+    iac: IacType;
     dependencies?: Record<string, string> | undefined;
     deploy?: boolean | undefined;
     onDeploy?: {
@@ -51,8 +56,8 @@ export declare const PackageMetadata: z.ZodObject<{
     } | undefined;
     originalInfra?: InfrastructureType | undefined;
 }, {
-    iac: IacType;
     infra: InfrastructureType;
+    iac: IacType;
     dependencies?: Record<string, string> | undefined;
     deploy?: boolean | undefined;
     onDeploy?: {