teleportation-cli 1.0.0 → 1.0.1

package/lib/remote/providers/fly-provider.js

@@ -0,0 +1,611 @@
+/**
+ * Fly.io Provider for Remote Development Environments
+ *
+ * Uses Fly.io Machines API for persistent remote development environments.
+ * Machines are persistent VMs that can be stopped/started without losing state.
+ *
+ * Ideal for:
+ * - Long-running tasks (overnight work, multi-day projects)
+ * - Cost-efficient: pay only when machine is running
+ * - Persistent storage between stops/starts
+ *
+ * @see https://fly.io/docs/machines/api/
+ */
+
+import { BaseProvider } from './base-provider.js';
+
+export class FlyProvider extends BaseProvider {
+  /**
+   * Initialize FlyProvider
+   * @param {Object} config - Provider configuration
+   * @param {VaultClient} config.vaultClient - Mech Vault client
+   * @param {LivePortClient} config.livePortClient - LivePort client
+   * @param {string} [config.flyApiToken] - Fly.io API token (or FLY_API_TOKEN env var)
+   * @param {string} [config.appName] - Fly app name (or FLY_APP_NAME env var, defaults to 'teleportation-remote')
+   * @param {string} [config.region] - Fly region code (defaults to 'iad' - Ashburn, VA)
+   */
+  constructor(config) {
+    super(config);
+    this.apiToken = config.flyApiToken || process.env.FLY_API_TOKEN;
+    this.apiUrl = 'https://api.machines.dev/v1';
+    this.appName = config.appName || process.env.FLY_APP_NAME || 'teleportation-remote';
+    this.region = config.region || 'iad'; // Default to Ashburn, VA
+    this.timeout = config.timeout || 30000; // 30 second default timeout
+
+    if (!this.apiToken) {
+      throw new Error('FLY_API_TOKEN is required for FlyProvider');
+    }
+  }
+
+  /**
+   * Create headers for Fly.io API
+   * @private
+   */
+  _headers() {
+    const authToken = this.apiToken.startsWith('Bearer ') ? this.apiToken : `Bearer ${this.apiToken}`;
+    return {
+      'Content-Type': 'application/json',
+      'Authorization': authToken,
+    };
+  }
+
+  /**
+   * Escape shell argument by wrapping in single quotes and escaping any single quotes
+   * @private
+   * @param {string} arg - Argument to escape
+   * @returns {string} Shell-safe escaped argument
+   */
+  _escapeShellArg(arg) {
+    if (!arg) return "''";
+    // Replace any single quotes with '\'' (end quote, escaped quote, start quote)
+    return `'${arg.replace(/'/g, "'\\''")}'`;
+  }
+
+  /**
+   * Fetch with timeout support
+   * @private
+   * @param {string} url - URL to fetch
+   * @param {Object} options - Fetch options
+   * @returns {Promise<Response>} Fetch response
+   * @throws {Error} If request times out or fails
+   */
+  async _fetchWithTimeout(url, options = {}) {
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+
+    try {
+      const response = await fetch(url, {
+        ...options,
+        signal: controller.signal,
+      });
+      clearTimeout(timeoutId);
+      return response;
+    } catch (error) {
+      clearTimeout(timeoutId);
+      if (error.name === 'AbortError') {
+        throw new Error(`Request timed out after ${this.timeout}ms: ${url}`);
+      }
+      throw error;
+    }
+  }
+
+  /**
+   * Create a remote Fly.io machine
+   *
+   * Provisions a new Fly machine with:
+   * - Bun runtime (oven/bun:latest)
+   * - SSH access configured
+   * - LivePort tunnel setup
+   * - All secrets stored in Vault
+   * - Git repository cloned
+   * - Teleportation daemon started
+   *
+   * @param {Object} sessionConfig - Session configuration (see BaseProvider)
+   * @returns {Promise<Object>} Machine details with IDs for cleanup
+   * @throws {Error} If machine provisioning fails
+   */
+  async createMachine(sessionConfig) {
+    const sessionId = sessionConfig.sessionId;
+    const namespace = `teleportationremote${sessionId.replace(/-/g, '')}`;
+
+    // 1. Setup SSH access
+    console.log('[DEBUG] Step 1: Setting up SSH access...');
+    const ssh = await this._setupSSHAccess(sessionConfig.machineId || sessionId, namespace);
+    console.log('[DEBUG] SSH setup complete');
+
+    // 2. Setup LivePort tunnel
+    console.log('[DEBUG] Step 2: Setting up LivePort tunnel...');
+    const tunnel = await this._setupTunnel(sessionId, sessionId);
+    console.log('[DEBUG] Tunnel setup complete');
+
+    // 3. Store necessary secrets in Vault
+    console.log('[DEBUG] Step 3: Storing secrets in Vault...');
+
+    // Fetch user environment variables from relay API
+    let userEnvVars = {};
+    if (sessionConfig.relayApiUrl && sessionConfig.relayApiKey) {
+      try {
+        console.log('[DEBUG] Fetching user environment variables from relay API...');
+        const envVarsResponse = await fetch(`${sessionConfig.relayApiUrl}/api/env-vars`, {
+          headers: {
+            'Authorization': `Bearer ${sessionConfig.relayApiKey}`,
+          },
+        });
+
+        if (!envVarsResponse.ok) {
+          console.warn('[WARNING] Failed to fetch user environment variables:', envVarsResponse.status);
+          console.warn('[WARNING] Remote session will use local environment variables only');
+        } else {
+          const envVarsData = await envVarsResponse.json();
+          userEnvVars = envVarsData.variables || {};
+          console.log('[DEBUG] Fetched user environment variables:', Object.keys(userEnvVars).join(', '));
+        }
+      } catch (error) {
+        console.warn('[WARNING] Error fetching user environment variables:', error.message);
+        console.warn('[WARNING] Remote session will use local environment variables only');
+      }
+    }
+
+    // Try to extract Claude API key from local installation if not provided
+    // User env vars take precedence, then sessionConfig, then local extraction, then env vars
+    let anthropicApiKey = userEnvVars.ANTHROPIC_API_KEY || sessionConfig.anthropicApiKey || process.env.ANTHROPIC_API_KEY;
+    if (!anthropicApiKey) {
+      try {
+        const { extractClaudeApiKey } = await import('../auth/claude-key-extractor.js');
+        anthropicApiKey = await extractClaudeApiKey();
+      } catch (error) {
+        console.log('[DEBUG] Could not auto-extract Claude API key:', error.message);
+      }
+    }
+
+    const secrets = {
+      RELAY_API_URL: sessionConfig.relayApiUrl,
+      RELAY_API_KEY: sessionConfig.relayApiKey,
+      GITHUB_TOKEN: userEnvVars.GITHUB_TOKEN || sessionConfig.githubToken,
+      MECH_API_KEY: sessionConfig.mechApiKey,
+      LIVEPORT_BRIDGE_KEY: tunnel.bridgeKey,
+      // Machine coder API keys (user env vars take precedence)
+      ANTHROPIC_API_KEY: anthropicApiKey,
+      GEMINI_API_KEY: userEnvVars.GEMINI_API_KEY || sessionConfig.geminiApiKey || process.env.GEMINI_API_KEY,
+      // Merge all other user environment variables
+      ...userEnvVars,
+      // Session config can override user env vars if explicitly provided
+      ...sessionConfig.additionalSecrets,
+    };
+
+    const secretIds = await this._storeSecrets(namespace, secrets);
+    console.log('[DEBUG] Secrets stored');
+
+    // 4. Export env file for the machine
+    console.log('[DEBUG] Step 4: Exporting env file...');
+    const envFile = await this._exportEnvFile(namespace);
+    console.log('[DEBUG] Env file exported');
+
+    // 5. Create Fly.io machine
+    const machineConfig = {
+      name: `teleportation-${sessionId}`,
+      config: {
+        image: 'oven/bun:latest',
+        auto_destroy: true,
+        restart: {
+          policy: 'no',
+        },
+        env: {
+          SESSION_ID: sessionId,
+          VAULT_NAMESPACE: namespace,
+          MECH_VAULT_URL: this.vaultClient.apiUrl,
+          MECH_API_KEY: this.vaultClient.apiKey,
+          MECH_APP_ID: this.vaultClient.appId,
+          TUNNEL_URL: tunnel.tunnelUrl,
+        },
+        services: [
+          {
+            ports: [
+              {
+                port: 22,
+                handlers: ['tls', 'http'],
+              },
+              {
+                port: 3000,
+                handlers: ['tls', 'http'],
+              },
+            ],
+            protocol: 'tcp',
+            internal_port: 22,
+          },
+        ],
+        guest: {
+          cpu_kind: 'shared',
+          cpus: 1,
+          memory_mb: 512,
+        },
+        init: {
+          cmd: ['/bin/sh', '-c', this._generateInitScript(sessionConfig, tunnel, ssh)],
+        },
+      },
+    };
+
+    const response = await fetch(`${this.apiUrl}/apps/${this.appName}/machines`, {
+      method: 'POST',
+      headers: this._headers(),
+      body: JSON.stringify(machineConfig),
+    });
+
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`Failed to create Fly machine: ${error}`);
+    }
+
+    const machine = await response.json();
+
+    return {
+      machineId: machine.id,
+      sshHost: `${machine.id}.vm.${this.appName}.internal`,
+      sshPort: 22,
+      tunnelUrl: tunnel.tunnelUrl,
+      namespace,
+      secretIds,
+      sshKeyId: ssh.keyId,
+      bridgeKeyId: tunnel.keyId,
+      publicIp: machine.private_ip,
+    };
+  }
+
+  /**
+   * Generate initialization script for the Fly machine
+   *
+   * This script runs when the machine starts and sets up:
+   * - SSH server with authorized keys
+   * - Git repository clone
+   * - LivePort tunnel
+   * - Teleportation daemon
+   *
+   * @private
+   * @param {Object} sessionConfig - Session configuration
+   * @param {Object} tunnel - Tunnel configuration with tunnelCommand
+   * @param {Object} ssh - SSH key with publicKey
+   * @returns {string} Shell script for machine initialization
+   */
+  _generateInitScript(sessionConfig, tunnel, ssh) {
+    // Escape all user-provided values to prevent command injection
+    const safeRepoUrl = this._escapeShellArg(sessionConfig.repoUrl);
+    const safeBranch = this._escapeShellArg(sessionConfig.branch || 'main');
+    const safeSessionId = this._escapeShellArg(sessionConfig.sessionId);
+    const safeTask = this._escapeShellArg(sessionConfig.task || '');
+    const safePublicKey = this._escapeShellArg(ssh.publicKey);
+    const safeVaultUrl = this._escapeShellArg(this.vaultClient.apiUrl);
+    const safeVaultKey = this._escapeShellArg(this.vaultClient.apiKey);
+    const safeAppId = this._escapeShellArg(this.vaultClient.appId);
+
+    // Teleportation repo URL (configurable via env var or config)
+    const teleportationRepoUrl = process.env.TELEPORTATION_REPO_URL ||
+                                  sessionConfig.teleportationRepoUrl ||
+                                  'https://github.com/dundas/teleportation-private.git';
+    const safeTeleportationRepoUrl = this._escapeShellArg(teleportationRepoUrl);
+
+    return `
+set -e
+
+# Install system dependencies
+apt-get update && apt-get install -y git openssh-server curl jq wget
+
+# Install Node.js (required for Claude Code CLI)
+echo "=== Installing Node.js ==="
+curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
+apt-get install -y nodejs
+echo "✅ Node.js installed: $(node --version)"
+
+# Install Claude Code CLI
+echo "=== Installing Claude Code CLI ==="
+npm install -g @anthropic-ai/claude-code || {
+  echo "WARNING: Claude Code CLI installation failed"
+}
+if command -v claude >/dev/null 2>&1; then
+  echo "✅ Claude Code CLI installed: $(claude --version)"
+else
+  echo "⚠️  Claude Code CLI not available"
+fi
+
+# Install Gemini CLI
+echo "=== Installing Gemini CLI ==="
+wget -O /tmp/gemini-cli.tar.gz https://github.com/google/generative-ai-cli/releases/latest/download/gemini-cli-linux-amd64.tar.gz || {
+  echo "WARNING: Gemini CLI download failed"
+}
+if [ -f /tmp/gemini-cli.tar.gz ]; then
+  tar -xzf /tmp/gemini-cli.tar.gz -C /usr/local/bin/
+  chmod +x /usr/local/bin/gemini
+  rm /tmp/gemini-cli.tar.gz
+  if command -v gemini >/dev/null 2>&1; then
+    echo "✅ Gemini CLI installed: $(gemini --version)"
+  else
+    echo "⚠️  Gemini CLI not available"
+  fi
+else
+  echo "⚠️  Gemini CLI installation skipped"
+fi
+
+# Setup SSH
+mkdir -p ~/.ssh
+echo ${safePublicKey} >> ~/.ssh/authorized_keys
+chmod 600 ~/.ssh/authorized_keys
+# SSH service not needed in container
+
+# Pull secrets from Vault
+export MECH_VAULT_URL=${safeVaultUrl}
+export MECH_API_KEY=${safeVaultKey}
+export MECH_APP_ID=${safeAppId}
+
+# Export session env vars from Vault (with debugging)
+ENV_FILE=/tmp/teleportation.env
+echo "=== Exporting env from Vault ==="
+echo "Namespace: $VAULT_NAMESPACE"
+echo "Vault URL: $MECH_VAULT_URL"
+
+# Construct payload
+PAYLOAD=$(jq -n --arg namespace "$VAULT_NAMESPACE" --arg format 'env' '{namespace:$namespace,format:$format}')
+echo "Payload: $PAYLOAD"
+
+# Make request with verbose output
+curl -v -X POST "$MECH_VAULT_URL/env-files/export" \
+  -H "Content-Type: application/json" \
+  -H "X-API-Key: $MECH_API_KEY" \
+  -H "X-App-ID: $MECH_APP_ID" \
+  -d "$PAYLOAD" \
+  -o "$ENV_FILE" 2>&1 || {
+    EXIT_CODE=$?
+    echo "ERROR: Vault env export failed with exit code $EXIT_CODE"
+    echo "Response body (if any):"
+    cat "$ENV_FILE" 2>/dev/null || echo "(empty)"
+    exit $EXIT_CODE
+  }
+
+if [ ! -s "$ENV_FILE" ]; then
+  echo "WARNING: Env file is empty, creating minimal file"
+  echo "# No secrets found" > "$ENV_FILE"
+fi
+
+echo "✅ Env file exported successfully ($(wc -l < "$ENV_FILE") lines)"
+
+# Load exported env vars (no xtrace; avoid printing secrets)
+set +x
+set -a
+ . "$ENV_FILE"
+set +a
+
+# Configure git authentication (for both teleportation and user repositories)
+if [ -n "$GITHUB_TOKEN" ]; then
+  git config --global url."https://x-access-token:$GITHUB_TOKEN@github.com/".insteadOf "https://github.com/"
+  git config --global url."https://x-access-token:$GITHUB_TOKEN@github.com/".insteadOf "git@github.com:"
+  echo "✅ Git authentication configured"
+fi
+
+# Clone teleportation repository first (contains daemon)
+echo "=== Cloning teleportation repository ==="
+git clone ${safeTeleportationRepoUrl} /teleportation
+cd /teleportation
+bun install
+echo "✅ Teleportation repo ready at /teleportation"
+
+# Clone user repository
+echo "=== Cloning user repository ==="
+git clone ${safeRepoUrl} /workspace
+cd /workspace
+
+# Checkout branch
+git checkout ${safeBranch}
+
+# Install repo dependencies
+bun install
+echo "✅ User repo ready at /workspace"
+
+# Start LivePort tunnel in background
+${tunnel.tunnelCommand} &
+
+# Ensure session exists in relay so daemon can poll immediately
+curl -fsSL -X POST "$RELAY_API_URL/api/sessions/register" \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $RELAY_API_KEY" \
+  -d "$(jq -n --arg session_id \"$SESSION_ID\" '{session_id:$session_id,meta:{provider:"fly",remote:true}}')" >/dev/null || true
+
+# Start teleportation daemon from user workspace
+# The daemon will run in /workspace context so child processes have correct working directory
+cd /workspace
+echo "=== Starting daemon ==="
+echo "Session ID: $SESSION_ID"
+echo "Teleportation repo: /teleportation"
+echo "Working directory: $(pwd)"
+
+# Export task description for daemon
+export TELEPORTATION_TASK="${safeTask}"
+
+# Start daemon (it's installed in /teleportation)
+bun /teleportation/teleportation-cli.cjs daemon start || {
+  echo "ERROR: Daemon failed to start (exit code $?)"
+  exit 1
+}
+
+# Keep container running
+echo "=== Daemon started successfully, keeping container alive ==="
+echo "Initialization completed at $(date)"
+tail -f /dev/null
+`.trim();
+  }
+
+  /**
+   * Destroy the Fly.io machine
+   *
+   * Permanently deletes the machine and all its data.
+   * This action cannot be undone.
+   *
+   * @param {string} machineId - Fly machine ID
+   * @returns {Promise<boolean>} True if destroyed successfully
+   * @throws {Error} If machine deletion fails
+   */
+  async destroyMachine(machineId) {
+    this._validateMachineId(machineId);
+    const response = await this._fetchWithTimeout(`${this.apiUrl}/apps/${this.appName}/machines/${machineId}`, {
+      method: 'DELETE',
+      headers: this._headers(),
+    });
+
+    if (!response.ok) {
+      throw new Error(`Failed to destroy Fly machine: ${response.statusText}`);
+    }
+
+    return true;
+  }
+
+  /**
+   * Get machine status
+   *
+   * Returns current state of the Fly machine.
+   *
+   * @param {string} machineId - Fly machine ID
+   * @returns {Promise<Object>} Machine status
+   * @returns {string} return.status - Machine state (started, stopped, etc.)
+   * @returns {string} return.ip - Private IP address
+   * @returns {string} return.uptime - Last update timestamp
+   * @returns {string} return.region - Fly region
+   * @throws {Error} If status fetch fails
+   */
+  async getMachineStatus(machineId) {
+    this._validateMachineId(machineId);
+    const response = await this._fetchWithTimeout(`${this.apiUrl}/apps/${this.appName}/machines/${machineId}`, {
+      method: 'GET',
+      headers: this._headers(),
+    });
+
+    if (!response.ok) {
+      throw new Error(`Failed to get machine status: ${response.statusText}`);
+    }
+
+    const machine = await response.json();
+
+    return {
+      status: machine.state,
+      ip: machine.private_ip,
+      uptime: machine.updated_at,
+      region: machine.region,
+    };
+  }
+
+  /**
+   * Execute command on remote machine via SSH
+   *
+   * Note: This is a placeholder. Real SSH execution would require
+   * establishing SSH connection using the private key from Vault.
+   *
+   * @param {string} machineId - Fly machine ID
+   * @param {string} command - Command to execute
+   * @returns {Promise<Object>} Command result (placeholder)
+   * @returns {string} return.stdout - Standard output
+   * @returns {string} return.stderr - Standard error
+   * @returns {number} return.exitCode - Exit code
+   */
+  async executeCommand(machineId, command) {
+    this._validateMachineId(machineId);
+
+    // TODO: Implement real SSH command execution
+    // This would require:
+    // 1. Fetch private key from Vault
+    // 2. Establish SSH connection to machine
+    // 3. Execute command
+    // 4. Return stdout/stderr/exitCode
+
+    return {
+      stdout: '',
+      stderr: '',
+      exitCode: 0,
+    };
+  }
+
+  /**
+   * Get machine logs
+   *
+   * Retrieves logs from the Fly machine's init process.
+   *
+   * @param {string} machineId - Fly machine ID
+   * @param {Object} [options] - Log retrieval options
+   * @param {number} [options.tail] - Number of recent lines to retrieve
+   * @param {boolean} [options.follow] - Stream logs (not implemented)
+   * @returns {Promise<Object>} Log data
+   * @returns {Array<string>} return.logs - Array of log lines
+   * @throws {Error} If log retrieval fails
+   */
+  async getLogs(machineId, options = {}) {
+    this._validateMachineId(machineId);
+
+    try {
+      const params = new URLSearchParams();
+      if (options.tail) {
+        params.set('limit', options.tail.toString());
+      }
+
+      const url = `${this.apiUrl}/apps/${this.appName}/machines/${machineId}/logs?${params}`;
+      const response = await this._fetchWithTimeout(url, {
+        method: 'GET',
+        headers: this._headers(),
+      });
+
+      if (!response.ok) {
+        throw new Error(`Failed to get logs: ${response.statusText}`);
+      }
+
+      const logs = await response.json();
+
+      return {
+        logs: Array.isArray(logs) ? logs : [],
+      };
+    } catch (error) {
+      // Fallback to empty logs if API doesn't support log retrieval
+      console.warn(`Failed to retrieve logs for ${machineId}:`, error.message);
+      return { logs: [] };
+    }
+  }
+
+  /**
+   * Stop a machine (without destroying)
+   *
+   * Stops the machine to save costs. Machine state is preserved.
+   *
+   * @param {string} machineId - Fly machine ID
+   * @returns {Promise<boolean>} True if stopped successfully
+   * @throws {Error} If stop fails
+   */
+  async stopMachine(machineId) {
+    this._validateMachineId(machineId);
+    const response = await this._fetchWithTimeout(`${this.apiUrl}/apps/${this.appName}/machines/${machineId}/stop`, {
+      method: 'POST',
+      headers: this._headers(),
+    });
+
+    if (!response.ok) {
+      throw new Error(`Failed to stop machine: ${response.statusText}`);
+    }
+
+    return true;
+  }
+
+  /**
+   * Start a stopped machine
+   *
+   * Resumes a stopped machine. State is preserved from when it was stopped.
+   *
+   * @param {string} machineId - Fly machine ID
+   * @returns {Promise<boolean>} True if started successfully
+   * @throws {Error} If start fails
+   */
+  async startMachine(machineId) {
+    this._validateMachineId(machineId);
+    const response = await this._fetchWithTimeout(`${this.apiUrl}/apps/${this.appName}/machines/${machineId}/start`, {
+      method: 'POST',
+      headers: this._headers(),
+    });
+
+    if (!response.ok) {
+      throw new Error(`Failed to start machine: ${response.statusText}`);
+    }
+
+    return true;
+  }
+}