mysystem-cli 1.0.0

package/dist/commands/audit.d.ts

@@ -0,0 +1 @@
+export declare function runAudit(projectRoot: string): void;

package/dist/commands/audit.js

@@ -0,0 +1,194 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runAudit = runAudit;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+function runAudit(projectRoot) {
+    console.log('\n🔍 Auditing project for production readiness...\n');
+    const items = [];
+    // 1. Check Dockerfile
+    const dockerfilePath = path.join(projectRoot, 'Dockerfile');
+    if (!fs.existsSync(dockerfilePath)) {
+        items.push({
+            name: 'Dockerfile Exists',
+            passed: false,
+            type: 'error',
+            message: 'No Dockerfile found. Run `npx mysystem init` to generate one.',
+        });
+    }
+    else {
+        items.push({
+            name: 'Dockerfile Exists',
+            passed: true,
+            type: 'error',
+            message: 'Dockerfile found.',
+        });
+        const dockerfileContent = fs.readFileSync(dockerfilePath, 'utf8');
+        // Check for non-root USER
+        const hasUser = dockerfileContent.includes('USER ');
+        items.push({
+            name: 'Secure Container User (Non-Root)',
+            passed: hasUser,
+            type: 'error',
+            message: hasUser
+                ? 'Dockerfile specifies a non-root USER.'
+                : 'Dockerfile executes as root. Add a USER instruction for security container hardening.',
+        });
+        // Check for healthcheck
+        const hasHealthcheck = dockerfileContent.includes('HEALTHCHECK ');
+        items.push({
+            name: 'Container Health Check',
+            passed: hasHealthcheck,
+            type: 'warning',
+            message: hasHealthcheck
+                ? 'Dockerfile specifies a HEALTHCHECK instruction.'
+                : 'No HEALTHCHECK found in Dockerfile. ECS needs health checks to detect failing tasks.',
+        });
+    }
+    // 2. Check CI/CD Workflows
+    const workflowPath = path.join(projectRoot, '.github', 'workflows', 'mysystem-deploy.yml');
+    const hasWorkflow = fs.existsSync(workflowPath);
+    items.push({
+        name: 'GitHub Actions CI/CD Pipeline',
+        passed: hasWorkflow,
+        type: 'error',
+        message: hasWorkflow
+            ? 'GitHub Actions deploy workflow configured.'
+            : 'Deployment workflow missing. Make sure `.github/workflows/mysystem-deploy.yml` exists.',
+    });
+    // 3. Check Terraform Infrastructure as Code
+    const terraformPath = path.join(projectRoot, 'terraform');
+    const hasTerraform = fs.existsSync(terraformPath) && fs.readdirSync(terraformPath).some(file => file.endsWith('.tf'));
+    items.push({
+        name: 'Infrastructure as Code (Terraform)',
+        passed: hasTerraform,
+        type: 'error',
+        message: hasTerraform
+            ? 'Terraform modules found in `/terraform` directory.'
+            : 'Terraform configuration files not found in `/terraform`. Run `npx mysystem init`.',
+    });
+    // 4. Check AGENTS.md rulebook
+    const agentsPath = path.join(projectRoot, 'AGENTS.md');
+    const hasAgents = fs.existsSync(agentsPath);
+    items.push({
+        name: 'AI Agent Guidelines (AGENTS.md)',
+        passed: hasAgents,
+        type: 'warning',
+        message: hasAgents
+            ? 'AGENTS.md rules file configured in root.'
+            : 'No AGENTS.md rules found. AI agents won\'t have constraints for production-readiness.',
+    });
+    // 5. Secret Scanning (Simple checks for common API Keys/Credentials)
+    let foundSecrets = false;
+    const filesToScan = scanDirForCodeFiles(projectRoot);
+    for (const file of filesToScan) {
+        // Skip node_modules, git, terraform, dist, etc.
+        const content = fs.readFileSync(file, 'utf8');
+        const hasSmdPattern = /aws_access_key_id\s*=\s*['"][A-Z0-9]{20}['"]/gi.test(content) ||
+            /aws_secret_access_key\s*=\s*['"][A-Za-z0-9/+=]{40}['"]/gi.test(content) ||
+            /db_password\s*=\s*['"][^'"]{6,}['"]/gi.test(content);
+        if (hasSmdPattern) {
+            foundSecrets = true;
+            console.log(`\x1b[31m⚠️ Potential secret/credential leak in file: ${path.relative(projectRoot, file)}\x1b[0m`);
+        }
+    }
+    items.push({
+        name: 'No Hardcoded Secrets',
+        passed: !foundSecrets,
+        type: 'error',
+        message: !foundSecrets
+            ? 'No plain-text credentials found in repository files.'
+            : 'Potential plain-text credentials detected in codebase. Clean secrets and use environment variables.',
+    });
+    // Output Audit Dashboard
+    console.log('----------------------------------------------------');
+    console.log('\x1b[1mAUDIT REPORT RESULTS\x1b[0m');
+    console.log('----------------------------------------------------');
+    let passedCount = 0;
+    let errorCount = 0;
+    let warningCount = 0;
+    for (const item of items) {
+        if (item.passed) {
+            console.log(` ✅ \x1b[32m[PASS]\x1b[0m \x1b[1m${item.name}\x1b[0m`);
+            console.log(`    ${item.message}`);
+            passedCount++;
+        }
+        else {
+            const color = item.type === 'error' ? '\x1b[31m[FAIL]\x1b[0m' : '\x1b[33m[WARN]\x1b[0m';
+            console.log(` ❌ ${color} \x1b[1m${item.name}\x1b[0m`);
+            console.log(`    ${item.message}`);
+            if (item.type === 'error')
+                errorCount++;
+            else
+                warningCount++;
+        }
+        console.log('');
+    }
+    const score = Math.round((passedCount / items.length) * 100);
+    console.log('----------------------------------------------------');
+    console.log(`Readiness Score: \x1b[1m${score === 100 ? '\x1b[32m' : score >= 70 ? '\x1b[33m' : '\x1b[31m'}${score}%\x1b[0m`);
+    console.log(`Summary: ${passedCount} passed | ${errorCount} errors | ${warningCount} warnings`);
+    console.log('----------------------------------------------------');
+    if (errorCount > 0) {
+        console.log('\x1b[31m❌ Fix all errors before deploying to production.\x1b[0m\n');
+    }
+    else if (warningCount > 0) {
+        console.log('\x1b[33m⚠️ Resolving warnings is recommended for full production readiness.\x1b[0m\n');
+    }
+    else {
+        console.log('\x1b[32m🚀 Your application is 100% production ready! Ready to deploy to AWS.\x1b[0m\n');
+    }
+}
+function scanDirForCodeFiles(dir, fileList = []) {
+    const files = fs.readdirSync(dir);
+    for (const file of files) {
+        const filePath = path.join(dir, file);
+        if (fs.statSync(filePath).isDirectory()) {
+            // Exclude build, node, git, terraform folders
+            if (['node_modules', '.git', 'terraform', 'dist', 'build', '.next', 'out'].includes(file)) {
+                continue;
+            }
+            scanDirForCodeFiles(filePath, fileList);
+        }
+        else {
+            // Only scan code files
+            if (/\.(js|ts|tsx|jsx|json|py|env|tfvars)$/.test(file) && file !== 'package-lock.json') {
+                fileList.push(filePath);
+            }
+        }
+    }
+    return fileList;
+}

package/dist/commands/destroy.d.ts

@@ -0,0 +1 @@
+export declare function runDestroy(projectRoot: string): Promise<void>;

package/dist/commands/destroy.js

@@ -0,0 +1,92 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runDestroy = runDestroy;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const readline = __importStar(require("readline/promises"));
+const child_process_1 = require("child_process");
+async function runDestroy(projectRoot) {
+    const configPath = path.join(projectRoot, 'mysystem.json');
+    if (!fs.existsSync(configPath)) {
+        console.error('\x1b[31mError: MySystem is not initialized in this directory.\x1b[0m');
+        console.error('Run `npx mysystem init` first.');
+        process.exit(1);
+    }
+    const config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+    console.log(`\n\x1b[31m⚠️  WARNING: You are about to DESTROY all AWS infrastructure for "${config.name}".\x1b[0m`);
+    console.log('This will delete the database (RDS), cache (Redis), server (Fargate), and load balancers.');
+    console.log('\x1b[1mALL DATA WILL BE PERMANENTLY LOST.\x1b[0m\n');
+    const rl = readline.createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+    const confirm = await rl.question('Are you absolutely sure? Type the application name to confirm: ');
+    rl.close();
+    if (confirm.trim() !== config.name) {
+        console.log('\n❌ Confirmation failed. Destruction cancelled.');
+        return;
+    }
+    console.log('\n🔥 Initiating infrastructure destruction. Please wait...');
+    const tfDir = path.join(projectRoot, 'terraform');
+    if (!fs.existsSync(tfDir)) {
+        console.error('\x1b[31mError: terraform directory not found.\x1b[0m');
+        process.exit(1);
+    }
+    // Execute terraform destroy
+    // Set stdio: 'inherit' to stream Terraform output directly to user's terminal
+    const tf = (0, child_process_1.spawn)('terraform', ['destroy', '-auto-approve'], {
+        cwd: tfDir,
+        stdio: 'inherit',
+        shell: true,
+    });
+    tf.on('close', (code) => {
+        if (code === 0) {
+            console.log('\n\x1b[32m✅ Successfully destroyed all AWS resources for this application.\x1b[0m');
+            console.log('Your AWS billing for this project has been stopped.');
+            // Remove local generated files if they want, or keep configuration
+            try {
+                if (fs.existsSync(path.join(projectRoot, 'mysystem.json'))) {
+                    fs.unlinkSync(path.join(projectRoot, 'mysystem.json'));
+                }
+                console.log('Deleted local mysystem.json configuration.');
+            }
+            catch (e) { }
+        }
+        else {
+            console.error(`\n\x1b[31m❌ Terraform destroy failed with exit code ${code}.\x1b[0m`);
+        }
+    });
+}

package/dist/commands/init.d.ts

@@ -0,0 +1 @@
+export declare function runInit(projectRoot: string): Promise<void>;

package/dist/commands/init.js

@@ -0,0 +1,255 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runInit = runInit;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const readline = __importStar(require("readline/promises"));
+const detector_1 = require("../utils/detector");
+async function runInit(projectRoot) {
+    console.log('\n🔍 Scanning project codebase...');
+    const detected = (0, detector_1.detectProject)(projectRoot);
+    console.log(`Detected application type: \x1b[36m${detected.type}\x1b[0m`);
+    console.log(`Default container port: \x1b[36m${detected.port}\x1b[0m`);
+    console.log(`Requires database: \x1b[36m${detected.hasDatabase ? 'Yes' : 'No'}\x1b[0m`);
+    console.log(`Requires Redis:    \x1b[36m${detected.hasRedis ? 'Yes' : 'No'}\x1b[0m\n`);
+    // Prompt the user for overrides using native readline
+    const rl = readline.createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+    try {
+        const appNameInput = await rl.question(`Enter application name [${detected.name}]: `);
+        const appName = appNameInput.trim() || detected.name;
+        const awsRegionInput = await rl.question(`Enter AWS region [us-east-1]: `);
+        const awsRegion = awsRegionInput.trim() || 'us-east-1';
+        console.log('Select your AWS hosting tier:');
+        console.log('  \x1b[36m1. Production\x1b[0m [ECS Fargate + RDS + ALB + WAF] (~$17/mo free-tier, ~$51/mo standard)');
+        console.log('  \x1b[36m2. Hobbyist\x1b[0m   [Single EC2 + Docker Compose + Postgres] ($0/mo free-tier, ~$3.20/mo standard)');
+        const tierInput = await rl.question('Choose tier [1]: ');
+        const isProductionTier = tierInput.trim() !== '2';
+        let enableDatabase = detected.hasDatabase;
+        let enableRedis = detected.hasRedis;
+        let enableRdsProxy = false;
+        if (isProductionTier) {
+            const enableDbInput = await rl.question(`Enable RDS PostgreSQL database? (y/n) [${detected.hasDatabase ? 'y' : 'n'}]: `);
+            enableDatabase = enableDbInput.trim() ? enableDbInput.trim().toLowerCase() === 'y' : detected.hasDatabase;
+            const enableRedisInput = await rl.question(`Enable ElastiCache Redis? (y/n) [${detected.hasRedis ? 'y' : 'n'}]: `);
+            enableRedis = enableRedisInput.trim() ? enableRedisInput.trim().toLowerCase() === 'y' : detected.hasRedis;
+            if (enableDatabase) {
+                const enableProxyInput = await rl.question(`Enable RDS Proxy (PgBouncer connection pooler)? (y/n) [n]: `);
+                enableRdsProxy = enableProxyInput.trim().toLowerCase() === 'y';
+            }
+        }
+        else {
+            // Hobby tier runs Postgres inside Docker Compose on the same instance (flat cost)
+            enableDatabase = true;
+            enableRedis = false;
+            enableRdsProxy = false;
+        }
+        const billingEmailInput = await rl.question(`Enter email for AWS budget alerts (press Enter to skip): `);
+        const billingEmail = billingEmailInput.trim();
+        const customDomainInput = await rl.question(`Enable custom domain & HTTPS SSL certificate? (y/n) [n]: `);
+        const enableCustomDomain = customDomainInput.trim().toLowerCase() === 'y';
+        let domainName = '';
+        let dnsProvider = 'external';
+        if (enableCustomDomain) {
+            const domainInput = await rl.question(`Enter custom domain (e.g., app.myproduct.com): `);
+            domainName = domainInput.trim();
+            const providerInput = await rl.question(`Is your domain DNS managed on AWS Route 53? (y/n) [n]: `);
+            dnsProvider = providerInput.trim().toLowerCase() === 'y' ? 'route53' : 'external';
+        }
+        const enableSentryInput = await rl.question(`Enable Sentry Error Tracking? (y/n) [n]: `);
+        const enableSentry = enableSentryInput.trim().toLowerCase() === 'y';
+        let sentryDsn = '';
+        if (enableSentry) {
+            const dsnInput = await rl.question(`Enter Sentry DSN (press Enter to skip and configure later): `);
+            sentryDsn = dsnInput.trim();
+        }
+        rl.close();
+        console.log('\n🚀 Generating deployment assets...');
+        // Find templates directory relative to CLI source or dist
+        let templatesDir = '';
+        const pathsToCheck = [
+            path.join(__dirname, '../../templates'), // Packaged location relative to dist/commands/
+            path.join(__dirname, '../../../templates'), // Local dev relative to src/commands/
+            path.join(__dirname, '../../../../templates'), // Local dev relative to packages/cli/dist/commands
+            path.join(__dirname, '../../../../../templates'), // Fallback
+        ];
+        for (const p of pathsToCheck) {
+            if (fs.existsSync(p)) {
+                templatesDir = p;
+                break;
+            }
+        }
+        if (!fs.existsSync(templatesDir)) {
+            throw new Error(`Templates directory not found. Looked in: ${templatesDir}`);
+        }
+        // 1. Copy Dockerfile
+        let dockerfileTemplate = '';
+        switch (detected.type) {
+            case 'nextjs':
+                dockerfileTemplate = 'nextjs.Dockerfile';
+                break;
+            case 'react-vite':
+                dockerfileTemplate = 'react.Dockerfile';
+                break;
+            case 'fastapi':
+                dockerfileTemplate = 'fastapi.Dockerfile';
+                break;
+            default:
+                dockerfileTemplate = 'node.Dockerfile';
+        }
+        const srcDockerfile = path.join(templatesDir, 'docker', dockerfileTemplate);
+        const destDockerfile = path.join(projectRoot, 'Dockerfile');
+        if (fs.existsSync(srcDockerfile)) {
+            fs.copyFileSync(srcDockerfile, destDockerfile);
+            console.log('  ✅ Created Dockerfile');
+        }
+        // 2. Create GitHub Actions folder & copy deploy.yml and destroy.yml
+        const githubWorkflowDir = path.join(projectRoot, '.github', 'workflows');
+        fs.mkdirSync(githubWorkflowDir, { recursive: true });
+        const srcDeployWorkflow = path.join(templatesDir, 'github', isProductionTier ? 'deploy.yml' : 'deploy-ec2.yml');
+        const destDeployWorkflow = path.join(githubWorkflowDir, 'mysystem-deploy.yml');
+        if (fs.existsSync(srcDeployWorkflow)) {
+            let workflowContent = fs.readFileSync(srcDeployWorkflow, 'utf8');
+            workflowContent = workflowContent.replace(/aws-region: us-east-1/g, `aws-region: ${awsRegion}`);
+            fs.writeFileSync(destDeployWorkflow, workflowContent, 'utf8');
+            console.log('  ✅ Created .github/workflows/mysystem-deploy.yml');
+        }
+        const srcDestroyWorkflow = path.join(templatesDir, 'github', 'destroy.yml');
+        const destDestroyWorkflow = path.join(githubWorkflowDir, 'mysystem-destroy.yml');
+        if (fs.existsSync(srcDestroyWorkflow)) {
+            let workflowContent = fs.readFileSync(srcDestroyWorkflow, 'utf8');
+            workflowContent = workflowContent.replace(/aws-region: us-east-1/g, `aws-region: ${awsRegion}`);
+            fs.writeFileSync(destDestroyWorkflow, workflowContent, 'utf8');
+            console.log('  ✅ Created .github/workflows/mysystem-destroy.yml');
+        }
+        // 3. Create Terraform directory & copy templates
+        const terraformDir = path.join(projectRoot, 'terraform');
+        fs.mkdirSync(terraformDir, { recursive: true });
+        const srcTerraformDir = path.join(templatesDir, isProductionTier ? 'terraform' : 'terraform-ec2');
+        if (fs.existsSync(srcTerraformDir)) {
+            const files = fs.readdirSync(srcTerraformDir);
+            for (const file of files) {
+                const filePath = path.join(srcTerraformDir, file);
+                if (fs.statSync(filePath).isFile() && file !== 'bootstrap-oidc.yaml') {
+                    fs.copyFileSync(filePath, path.join(terraformDir, file));
+                }
+            }
+            console.log('  ✅ Created Terraform modules in /terraform');
+        }
+        // 4. Write terraform.tfvars
+        const tfvarsContent = `aws_region           = "${awsRegion}"
+app_name             = "${appName}"
+container_port       = ${detected.port}
+enable_database      = ${enableDatabase}
+enable_redis         = ${enableRedis}
+enable_rds_proxy     = ${enableRdsProxy}
+billing_email        = "${billingEmail}"
+enable_custom_domain = ${enableCustomDomain}
+domain_name          = "${domainName}"
+dns_provider         = "${dnsProvider}"
+sentry_dsn           = "${sentryDsn}"
+`;
+        fs.writeFileSync(path.join(terraformDir, 'terraform.tfvars'), tfvarsContent, 'utf8');
+        console.log('  ✅ Created terraform/terraform.tfvars');
+        // 5. Copy AGENTS.md
+        let srcAgentsMd = '';
+        const agentsPathsToCheck = [
+            path.join(__dirname, '../../AGENTS.md'),
+            path.join(__dirname, '../../../AGENTS.md'),
+            path.join(__dirname, '../../../../AGENTS.md'),
+            path.join(__dirname, '../../../../../AGENTS.md'),
+        ];
+        for (const p of agentsPathsToCheck) {
+            if (fs.existsSync(p)) {
+                srcAgentsMd = p;
+                break;
+            }
+        }
+        const destAgentsMd = path.join(projectRoot, 'AGENTS.md');
+        if (fs.existsSync(srcAgentsMd)) {
+            fs.copyFileSync(srcAgentsMd, destAgentsMd);
+            console.log('  ✅ Created AGENTS.md');
+        }
+        // 6. Write project configuration mysystem.json
+        const config = {
+            name: appName,
+            region: awsRegion,
+            port: detected.port,
+            tier: isProductionTier ? 'production' : 'hobbyist',
+            database: enableDatabase,
+            redis: enableRedis,
+            rdsProxy: enableRdsProxy,
+            billingEmail: billingEmail,
+            customDomain: enableCustomDomain,
+            domainName: domainName,
+            dnsProvider: dnsProvider,
+            sentryDsn: sentryDsn,
+            type: detected.type,
+            initializedAt: new Date().toISOString(),
+        };
+        fs.writeFileSync(path.join(projectRoot, 'mysystem.json'), JSON.stringify(config, null, 2), 'utf8');
+        console.log('  ✅ Created mysystem.json');
+        // Output Setup Guidance
+        const cfUrl = `https://console.aws.amazon.com/cloudformation/home?region=${awsRegion}#/stacks/create/review?templateURL=https://raw.githubusercontent.com/ai-production-standard/mysystem/main/templates/terraform/bootstrap-oidc.yaml&stackName=mysystem-oidc-${appName}`;
+        console.log('\n\x1b[32m✨ MySystem deployment files initialized successfully!\x1b[0m\n');
+        console.log('\x1b[1m🚀 NEXT STEPS TO DEPLOY:\x1b[0m\n');
+        console.log('\x1b[33mStep 1: Connect AWS to GitHub (One-Time Setup)\x1b[0m');
+        console.log('--------------------------------------------');
+        console.log('Click this link to configure a secure OIDC Trust stack in AWS:');
+        console.log(`\x1b[36m${cfUrl}\x1b[0m\n`);
+        console.log('Fill in parameters:');
+        console.log('  - GitHubOrg: Your GitHub Org or username (case-sensitive)');
+        console.log('  - GitHubRepo: Your GitHub repository name (case-sensitive)');
+        console.log('\nClick "Create Stack". Once complete, copy the "RoleARN" from outputs.');
+        console.log('\n\x1b[33mStep 2: Save Role ARN as a GitHub Secret\x1b[0m');
+        console.log('----------------------------------------');
+        console.log('Go to your GitHub repository -> Settings -> Secrets and variables -> Actions.');
+        console.log('Add a new secret:');
+        console.log('  - Name:  \x1b[1mAWS_ROLE_ARN\x1b[0m');
+        console.log('  - Value: \x1b[32m<copied-role-arn>\x1b[0m');
+        console.log('\n\x1b[33mStep 3: Tell your AI coding agent to push and deploy!\x1b[0m');
+        console.log('----------------------------------------------------');
+        console.log('Simply type in your AI chat:');
+        console.log('  \x1b[32m"I have set up the AWS secrets. Push changes to deploy."\x1b[0m');
+        console.log('\nThe agent will commit, push, and initiate the GitHub Actions pipeline.\n');
+    }
+    catch (e) {
+        rl.close();
+        console.error(`\x1b[31mError during initialization: ${e.message}\x1b[0m`);
+    }
+}

package/dist/commands/logs.d.ts

@@ -0,0 +1 @@
+export declare function runLogs(projectRoot: string): Promise<void>;

package/dist/commands/logs.js

@@ -0,0 +1,76 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runLogs = runLogs;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const child_process_1 = require("child_process");
+const installer_1 = require("../utils/installer");
+async function runLogs(projectRoot) {
+    const configPath = path.join(projectRoot, 'mysystem.json');
+    if (!fs.existsSync(configPath)) {
+        console.error('\x1b[31mError: MySystem is not initialized in this directory.\x1b[0m');
+        console.error('Run `npx mysystem init` first.');
+        process.exit(1);
+    }
+    const config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+    const logGroupName = `/ecs/${config.name}`;
+    const region = config.region;
+    // 1. Ensure AWS CLI is installed
+    const hasAwsCli = await (0, installer_1.ensureAwsCli)();
+    if (!hasAwsCli) {
+        console.log('\nAlternatively, you can view logs in your browser via the AWS CloudWatch Console:');
+        console.log(`👉 \x1b[36mhttps://console.aws.amazon.com/cloudwatch/home?region=${region}#logsV2:log-groups/log-group/%252Fecs%252F${config.name}\x1b[0m\n`);
+        process.exit(1);
+    }
+    console.log(`\n☁️  Streaming logs for \x1b[36m${config.name}\x1b[0m [Log Group: ${logGroupName}] in \x1b[32m${region}\x1b[0m...`);
+    console.log('Press \x1b[33mCtrl+C\x1b[0m to stop streaming.\n');
+    // Spawn AWS CLI log tailing command
+    const awsLog = (0, child_process_1.spawn)('aws', ['logs', 'tail', logGroupName, '--follow', '--region', region], {
+        stdio: 'inherit',
+        shell: true,
+    });
+    awsLog.on('close', (code) => {
+        if (code !== 0 && code !== null) {
+            console.error(`\n\x1b[31m❌ AWS CLI log tailing exited with code ${code}.\x1b[0m`);
+            console.log('Make sure your AWS credentials are configured locally by running `aws configure`.');
+        }
+    });
+    // Handle Ctrl+C gracefully
+    process.on('SIGINT', () => {
+        awsLog.kill();
+        process.exit(0);
+    });
+}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};