start-command 0.7.6 → 0.10.0

package/src/lib/isolation.js

@@ -131,6 +131,22 @@ function hasTTY() {
   return Boolean(process.stdin.isTTY && process.stdout.isTTY);
 }
 
+/**
+ * Wrap command with sudo -u if user option is specified
+ * @param {string} command - Original command
+ * @param {string|null} user - Username to run as (or null)
+ * @returns {string} Wrapped command
+ */
+function wrapCommandWithUser(command, user) {
+  if (!user) {
+    return command;
+  }
+  // Use sudo -u to run command as specified user
+  // -E preserves environment variables
+  // -n ensures non-interactive (fails if password required)
+  return `sudo -n -u ${user} sh -c '${command.replace(/'/g, "'\\''")}'`;
+}
+
 /**
  * Run command in GNU Screen using detached mode with log capture
  * This is a workaround for environments without TTY
@@ -142,9 +158,10 @@ function hasTTY() {
  * @param {string} command - Command to execute
  * @param {string} sessionName - Session name
  * @param {object} shellInfo - Shell info from getShell()
+ * @param {string|null} user - Username to run command as (optional)
  * @returns {Promise<{success: boolean, sessionName: string, message: string, output: string}>}
  */
-function runScreenWithLogCapture(command, sessionName, shellInfo) {
+function runScreenWithLogCapture(command, sessionName, shellInfo, user = null) {
   const { shell, shellArg } = shellInfo;
   const logFile = path.join(os.tmpdir(), `screen-output-${sessionName}.log`);
 
@@ -154,7 +171,8 @@ function runScreenWithLogCapture(command, sessionName, shellInfo) {
   return new Promise((resolve) => {
     try {
       let screenArgs;
-      let effectiveCommand = command;
+      // Wrap command with user switch if specified
+      let effectiveCommand = wrapCommandWithUser(command, user);
 
       if (useNativeLogging) {
         // Modern screen (>= 4.5.1): Use -L -Logfile option for native log capture
@@ -167,7 +185,7 @@ function runScreenWithLogCapture(command, sessionName, shellInfo) {
           logFile,
           shell,
           shellArg,
-          command,
+          effectiveCommand,
         ];
 
         if (DEBUG) {
@@ -179,7 +197,7 @@ function runScreenWithLogCapture(command, sessionName, shellInfo) {
         // Older screen (< 4.5.1, e.g., macOS bundled 4.0.3): Use tee fallback
         // Wrap the command to capture output using tee
         // The parentheses ensure proper grouping of the command and its stderr
-        effectiveCommand = `(${command}) 2>&1 | tee "${logFile}"`;
+        effectiveCommand = `(${effectiveCommand}) 2>&1 | tee "${logFile}"`;
         screenArgs = ['-dmS', sessionName, shell, shellArg, effectiveCommand];
 
         if (DEBUG) {
@@ -299,7 +317,7 @@ function runScreenWithLogCapture(command, sessionName, shellInfo) {
 /**
  * Run command in GNU Screen
  * @param {string} command - Command to execute
- * @param {object} options - Options (session, detached)
+ * @param {object} options - Options (session, detached, user, keepAlive)
  * @returns {Promise<{success: boolean, sessionName: string, message: string}>}
  */
 function runInScreen(command, options = {}) {
@@ -317,12 +335,31 @@ function runInScreen(command, options = {}) {
   const { shell, shellArg } = shellInfo;
 
   try {
+    // Wrap command with user switch if specified
+    let effectiveCommand = wrapCommandWithUser(command, options.user);
+
     if (options.detached) {
       // Detached mode: screen -dmS <session> <shell> -c '<command>'
-      const screenArgs = ['-dmS', sessionName, shell, shellArg, command];
+      // By default (keepAlive=false), the session will exit after command completes
+      // With keepAlive=true, we start a shell that runs the command but stays alive
+
+      if (options.keepAlive) {
+        // With keep-alive: run command, then keep shell open
+        effectiveCommand = `${effectiveCommand}; exec ${shell}`;
+      }
+      // Without keep-alive: command runs and session exits naturally when done
+
+      const screenArgs = [
+        '-dmS',
+        sessionName,
+        shell,
+        shellArg,
+        effectiveCommand,
+      ];
 
       if (DEBUG) {
         console.log(`[DEBUG] Running: screen ${screenArgs.join(' ')}`);
+        console.log(`[DEBUG] keepAlive: ${options.keepAlive || false}`);
       }
 
       // Use spawnSync with array arguments to avoid shell quoting issues
@@ -336,10 +373,18 @@ function runInScreen(command, options = {}) {
         throw result.error;
       }
 
+      let message = `Command started in detached screen session: ${sessionName}`;
+      if (options.keepAlive) {
+        message += `\nSession will stay alive after command completes.`;
+      } else {
+        message += `\nSession will exit automatically after command completes.`;
+      }
+      message += `\nReattach with: screen -r ${sessionName}`;
+
       return Promise.resolve({
         success: true,
         sessionName,
-        message: `Command started in detached screen session: ${sessionName}\nReattach with: screen -r ${sessionName}`,
+        message,
       });
     } else {
       // Attached mode: always use detached mode with log capture
@@ -357,7 +402,12 @@ function runInScreen(command, options = {}) {
         );
       }
 
-      return runScreenWithLogCapture(command, sessionName, shellInfo);
+      return runScreenWithLogCapture(
+        command,
+        sessionName,
+        shellInfo,
+        options.user
+      );
     }
   } catch (err) {
     return Promise.resolve({
@@ -371,7 +421,7 @@ function runInScreen(command, options = {}) {
 /**
  * Run command in tmux
  * @param {string} command - Command to execute
- * @param {object} options - Options (session, detached)
+ * @param {object} options - Options (session, detached, user, keepAlive)
  * @returns {Promise<{success: boolean, sessionName: string, message: string}>}
  */
 function runInTmux(command, options = {}) {
@@ -385,37 +435,63 @@ function runInTmux(command, options = {}) {
   }
 
   const sessionName = options.session || generateSessionName('tmux');
+  const shellInfo = getShell();
+  const { shell } = shellInfo;
+
+  // Wrap command with user switch if specified
+  let effectiveCommand = wrapCommandWithUser(command, options.user);
 
   try {
     if (options.detached) {
       // Detached mode: tmux new-session -d -s <session> '<command>'
+      // By default (keepAlive=false), the session will exit after command completes
+      // With keepAlive=true, we keep the shell alive after the command
+
+      if (options.keepAlive) {
+        // With keep-alive: run command, then keep shell open
+        effectiveCommand = `${effectiveCommand}; exec ${shell}`;
+      }
+      // Without keep-alive: command runs and session exits naturally when done
+
       if (DEBUG) {
         console.log(
-          `[DEBUG] Running: tmux new-session -d -s "${sessionName}" "${command}"`
+          `[DEBUG] Running: tmux new-session -d -s "${sessionName}" "${effectiveCommand}"`
         );
+        console.log(`[DEBUG] keepAlive: ${options.keepAlive || false}`);
       }
 
-      execSync(`tmux new-session -d -s "${sessionName}" "${command}"`, {
-        stdio: 'inherit',
-      });
+      execSync(
+        `tmux new-session -d -s "${sessionName}" "${effectiveCommand}"`,
+        {
+          stdio: 'inherit',
+        }
+      );
+
+      let message = `Command started in detached tmux session: ${sessionName}`;
+      if (options.keepAlive) {
+        message += `\nSession will stay alive after command completes.`;
+      } else {
+        message += `\nSession will exit automatically after command completes.`;
+      }
+      message += `\nReattach with: tmux attach -t ${sessionName}`;
 
       return Promise.resolve({
         success: true,
         sessionName,
-        message: `Command started in detached tmux session: ${sessionName}\nReattach with: tmux attach -t ${sessionName}`,
+        message,
       });
     } else {
       // Attached mode: tmux new-session -s <session> '<command>'
       if (DEBUG) {
         console.log(
-          `[DEBUG] Running: tmux new-session -s "${sessionName}" "${command}"`
+          `[DEBUG] Running: tmux new-session -s "${sessionName}" "${effectiveCommand}"`
         );
       }
 
       return new Promise((resolve) => {
         const child = spawn(
           'tmux',
-          ['new-session', '-s', sessionName, command],
+          ['new-session', '-s', sessionName, effectiveCommand],
           {
             stdio: 'inherit',
           }
@@ -451,7 +527,7 @@ function runInTmux(command, options = {}) {
 /**
  * Run command in Docker container
  * @param {string} command - Command to execute
- * @param {object} options - Options (image, session/name, detached)
+ * @param {object} options - Options (image, session/name, detached, user, keepAlive, autoRemoveDockerContainer)
  * @returns {Promise<{success: boolean, containerName: string, message: string}>}
  */
 function runInDocker(command, options = {}) {
@@ -476,45 +552,75 @@ function runInDocker(command, options = {}) {
 
   try {
     if (options.detached) {
-      // Detached mode: docker run -d --name <name> <image> <shell> -c '<command>'
-      const dockerArgs = [
-        'run',
-        '-d',
-        '--name',
-        containerName,
-        options.image,
-        '/bin/sh',
-        '-c',
-        command,
-      ];
+      // Detached mode: docker run -d --name <name> [--user <user>] <image> <shell> -c '<command>'
+      // By default (keepAlive=false), the container exits after command completes
+      // With keepAlive=true, we keep the container running with a shell
+      let effectiveCommand = command;
+
+      if (options.keepAlive) {
+        // With keep-alive: run command, then keep shell alive
+        effectiveCommand = `${command}; exec /bin/sh`;
+      }
+      // Without keep-alive: container exits naturally when command completes
+
+      const dockerArgs = ['run', '-d', '--name', containerName];
+
+      // Add --rm flag if autoRemoveDockerContainer is true
+      // Note: --rm must come before the image name
+      if (options.autoRemoveDockerContainer) {
+        dockerArgs.splice(2, 0, '--rm');
+      }
+
+      // Add --user flag if specified
+      if (options.user) {
+        dockerArgs.push('--user', options.user);
+      }
+
+      dockerArgs.push(options.image, '/bin/sh', '-c', effectiveCommand);
 
       if (DEBUG) {
         console.log(`[DEBUG] Running: docker ${dockerArgs.join(' ')}`);
+        console.log(`[DEBUG] keepAlive: ${options.keepAlive || false}`);
+        console.log(
+          `[DEBUG] autoRemoveDockerContainer: ${options.autoRemoveDockerContainer || false}`
+        );
       }
 
       const containerId = execSync(`docker ${dockerArgs.join(' ')}`, {
         encoding: 'utf8',
       }).trim();
 
+      let message = `Command started in detached docker container: ${containerName}`;
+      message += `\nContainer ID: ${containerId.substring(0, 12)}`;
+      if (options.keepAlive) {
+        message += `\nContainer will stay alive after command completes.`;
+      } else {
+        message += `\nContainer will exit automatically after command completes.`;
+      }
+      if (options.autoRemoveDockerContainer) {
+        message += `\nContainer will be automatically removed after exit.`;
+      } else {
+        message += `\nContainer filesystem will be preserved after exit.`;
+      }
+      message += `\nAttach with: docker attach ${containerName}`;
+      message += `\nView logs: docker logs ${containerName}`;
+
       return Promise.resolve({
         success: true,
         containerName,
         containerId,
-        message: `Command started in detached docker container: ${containerName}\nContainer ID: ${containerId.substring(0, 12)}\nAttach with: docker attach ${containerName}\nView logs: docker logs ${containerName}`,
+        message,
       });
     } else {
-      // Attached mode: docker run -it --name <name> <image> <shell> -c '<command>'
-      const dockerArgs = [
-        'run',
-        '-it',
-        '--rm',
-        '--name',
-        containerName,
-        options.image,
-        '/bin/sh',
-        '-c',
-        command,
-      ];
+      // Attached mode: docker run -it --name <name> [--user <user>] <image> <shell> -c '<command>'
+      const dockerArgs = ['run', '-it', '--rm', '--name', containerName];
+
+      // Add --user flag if specified
+      if (options.user) {
+        dockerArgs.push('--user', options.user);
+      }
+
+      dockerArgs.push(options.image, '/bin/sh', '-c', command);
 
       if (DEBUG) {
         console.log(`[DEBUG] Running: docker ${dockerArgs.join(' ')}`);
@@ -602,6 +708,7 @@ function generateLogFilename(environment) {
  * @param {string} params.mode - attached or detached
  * @param {string} params.sessionName - Session/container name
  * @param {string} [params.image] - Docker image (for docker environment)
+ * @param {string} [params.user] - User to run command as (optional)
  * @param {string} params.startTime - Start timestamp
  * @returns {string} Log header content
  */
@@ -615,6 +722,9 @@ function createLogHeader(params) {
   if (params.image) {
     content += `Image: ${params.image}\n`;
   }
+  if (params.user) {
+    content += `User: ${params.user}\n`;
+  }
   content += `Platform: ${process.platform}\n`;
   content += `Node Version: ${process.version}\n`;
   content += `Working Directory: ${process.cwd()}\n`;
@@ -678,6 +788,37 @@ function resetScreenVersionCache() {
   screenVersionChecked = false;
 }
 
+/**
+ * Run command as an isolated user (without isolation backend)
+ * Uses sudo -u to switch users
+ * @param {string} cmd - Command to execute
+ * @param {string} username - User to run as
+ * @returns {Promise<{success: boolean, message: string, exitCode: number}>}
+ */
+function runAsIsolatedUser(cmd, username) {
+  return new Promise((resolve) => {
+    const child = spawn('sudo', ['-n', '-u', username, 'sh', '-c', cmd], {
+      stdio: 'inherit',
+    });
+
+    child.on('exit', (code) => {
+      resolve({
+        success: code === 0,
+        message: `Command completed as user "${username}" with exit code ${code}`,
+        exitCode: code || 0,
+      });
+    });
+
+    child.on('error', (err) => {
+      resolve({
+        success: false,
+        message: `Failed to run as user "${username}": ${err.message}`,
+        exitCode: 1,
+      });
+    });
+  });
+}
+
 module.exports = {
   isCommandAvailable,
   hasTTY,
@@ -685,7 +826,8 @@ module.exports = {
   runInTmux,
   runInDocker,
   runIsolated,
-  // Export logging utilities for unified experience
+  runAsIsolatedUser,
+  wrapCommandWithUser,
   getTimestamp,
   generateLogFilename,
   createLogHeader,
@@ -693,7 +835,6 @@ module.exports = {
   writeLogFile,
   getLogDir,
   createLogPath,
-  // Export screen version utilities for testing and debugging
   getScreenVersion,
   supportsLogfileOption,
   resetScreenVersionCache,