teleportation-cli 1.0.0 → 1.0.2

package/lib/remote/providers/daytona-provider.js

@@ -0,0 +1,506 @@
+/**
+ * Daytona Provider for Remote Development Environments
+ *
+ * Uses Daytona API for ephemeral, cloud-native development workspaces.
+ * Workspaces can be created from git repos and automatically configured.
+ *
+ * Ideal for:
+ * - Quick tasks (feature branches, bug fixes, PR reviews)
+ * - Clean, isolated environments
+ * - Auto-stop to save costs when inactive
+ * - Snapshot support for state preservation
+ *
+ * @see https://daytona.io/docs/api
+ */
+
+import { BaseProvider } from './base-provider.js';
+
+export class DaytonaProvider extends BaseProvider {
+  /**
+   * Initialize DaytonaProvider
+   * @param {Object} config - Provider configuration
+   * @param {VaultClient} config.vaultClient - Mech Vault client
+   * @param {LivePortClient} config.livePortClient - LivePort client
+   * @param {string} [config.daytonaApiKey] - Daytona API key (or DAYTONA_API_KEY env var)
+   * @param {string} [config.apiUrl] - Daytona API URL (or DAYTONA_API_URL env var, defaults to https://app.daytona.io/api)
+   * @param {string} [config.profileId] - Daytona profile ID (or DAYTONA_PROFILE_ID env var, defaults to 'default')
+   * @param {string} [config.organizationId] - Daytona organization ID (or DAYTONA_ORGANIZATION_ID env var)
+   */
+  constructor(config) {
+    super(config);
+    this.apiKey = config.daytonaApiKey || process.env.DAYTONA_API_KEY;
+    this.apiUrl = config.apiUrl || process.env.DAYTONA_API_URL || 'https://app.daytona.io/api';
+    this.profileId = config.profileId || process.env.DAYTONA_PROFILE_ID || 'default';
+    this.organizationId = config.organizationId || process.env.DAYTONA_ORGANIZATION_ID || '';
+    this.timeout = config.timeout || 30000; // 30 second default timeout
+
+    if (!this.apiKey) {
+      throw new Error('DAYTONA_API_KEY is required for DaytonaProvider');
+    }
+  }
+
+  /**
+   * Create headers for Daytona API
+   * @private
+   */
+  _headers() {
+    const headers = {
+      'Content-Type': 'application/json',
+      'Authorization': `Bearer ${this.apiKey}`,
+    };
+
+    if (this.organizationId) {
+      headers['X-Daytona-Organization-ID'] = this.organizationId;
+    }
+
+    return headers;
+  }
+
+  async _formatApiError(response, url) {
+    const contentType = response.headers?.get?.('content-type') || '';
+
+    let raw = '';
+    try {
+      const bodyReader = typeof response.clone === 'function' ? response.clone() : response;
+      raw = await bodyReader.text();
+    } catch {
+      raw = '';
+    }
+
+    const trimmed = raw?.trim?.() || '';
+
+    const truncated = trimmed.length > 1000
+      ? `${trimmed.slice(0, 1000)}…`
+      : trimmed;
+
+    const contentTypeLower = String(contentType).toLowerCase();
+    const isHtml = contentTypeLower.includes('text/html')
+      || /<\s*!doctype\s+html/i.test(truncated)
+      || /<\s*html/i.test(truncated);
+    const hint = isHtml
+      ? ' (received HTML; check DAYTONA_API_URL and ensure DAYTONA_API_KEY is valid for API access)'
+      : '';
+
+    return `Daytona API request failed: ${response.status} ${response.statusText} (${url})${hint}\n${truncated}`;
+  }
+
+  /**
+   * Escape shell argument by wrapping in single quotes and escaping any single quotes
+   * @private
+   * @param {string} arg - Argument to escape
+   * @returns {string} Shell-safe escaped argument
+   */
+  _escapeShellArg(arg) {
+    if (!arg) return "''";
+    // Replace any single quotes with '\'' (end quote, escaped quote, start quote)
+    return `'${arg.replace(/'/g, "'\\''")}'`;
+  }
+
+  /**
+   * Fetch with timeout support
+   * @private
+   * @param {string} url - URL to fetch
+   * @param {Object} options - Fetch options
+   * @returns {Promise<Response>} Fetch response
+   * @throws {Error} If request times out or fails
+   */
+  async _fetchWithTimeout(url, options = {}) {
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+
+    try {
+      const response = await fetch(url, {
+        ...options,
+        signal: controller.signal,
+      });
+      clearTimeout(timeoutId);
+      return response;
+    } catch (error) {
+      clearTimeout(timeoutId);
+      if (error.name === 'AbortError') {
+        throw new Error(`Request timed out after ${this.timeout}ms: ${url}`);
+      }
+      throw error;
+    }
+  }
+
+  /**
+   * Create a remote Daytona workspace
+   *
+   * Provisions a new Daytona workspace with:
+   * - Bun runtime (oven/bun:latest)
+   * - Git repository cloned automatically
+   * - SSH access configured
+   * - LivePort tunnel setup
+   * - All secrets stored in Vault
+   * - Auto-stop when inactive
+   *
+   * @param {Object} sessionConfig - Session configuration (see BaseProvider)
+   * @returns {Promise<Object>} Workspace details with IDs for cleanup
+   * @throws {Error} If workspace provisioning fails
+   */
+  async createMachine(sessionConfig) {
+    const sessionId = sessionConfig.sessionId;
+    const namespace = `teleportationremote${String(sessionId).replace(/[^a-zA-Z0-9]/g, '')}`;
+
+    // 1. Setup SSH access
+    const ssh = await this._setupSSHAccess(sessionId, namespace);
+
+    // 2. Setup LivePort tunnel
+    const tunnel = await this._setupTunnel(sessionId, sessionId);
+
+    // 3. Store necessary secrets in Vault
+    const secrets = {
+      RELAY_API_URL: sessionConfig.relayApiUrl,
+      RELAY_API_KEY: sessionConfig.relayApiKey,
+      GITHUB_TOKEN: sessionConfig.githubToken,
+      MECH_API_KEY: sessionConfig.mechApiKey,
+      LIVEPORT_BRIDGE_KEY: tunnel.bridgeKey,
+      ...sessionConfig.additionalSecrets,
+    };
+
+    const secretIds = await this._storeSecrets(namespace, secrets);
+
+    // 4. Create workspace configuration
+    const workspaceConfig = {
+      name: `teleportation-${sessionId}`,
+      profileId: this.profileId,
+      git: {
+        repository: sessionConfig.repoUrl,
+        branch: sessionConfig.branch || 'main',
+      },
+      envVars: {
+        SESSION_ID: sessionId,
+        VAULT_NAMESPACE: namespace,
+        MECH_VAULT_URL: this.vaultClient.apiUrl,
+        MECH_API_KEY: this.vaultClient.apiKey,
+        MECH_APP_ID: this.vaultClient.appId,
+        TUNNEL_URL: tunnel.tunnelUrl,
+        LIVEPORT_BRIDGE_KEY: tunnel.bridgeKey,
+      },
+      devcontainer: {
+        image: 'oven/bun:latest',
+        postCreateCommand: this._generatePostCreateScript(sessionConfig, tunnel, ssh),
+      },
+      ideConfig: {
+        defaultIde: 'none', // No IDE needed, using CLI
+      },
+      resources: {
+        cpus: sessionConfig.cpus || 1,
+        memory: sessionConfig.memory || 2048, // MB
+        disk: sessionConfig.disk || 10, // GB
+      },
+      autoStop: {
+        enabled: true,
+        inactivityMinutes: sessionConfig.autoStopMinutes || 60,
+      },
+    };
+
+    const createUrl = `${this.apiUrl}/workspace`;
+    const response = await this._fetchWithTimeout(createUrl, {
+      method: 'POST',
+      headers: this._headers(),
+      body: JSON.stringify(workspaceConfig),
+    });
+
+    if (!response.ok) {
+      throw new Error(await this._formatApiError(response, createUrl));
+    }
+
+    const workspace = await response.json();
+
+    return {
+      machineId: workspace.id,
+      workspaceId: workspace.id,
+      sshHost: workspace.sshHost || `${workspace.id}.daytona.io`,
+      sshPort: workspace.sshPort || 22,
+      tunnelUrl: tunnel.tunnelUrl,
+      namespace,
+      secretIds,
+      sshKeyId: ssh.keyId,
+      bridgeKeyId: tunnel.keyId,
+      ideUrl: workspace.ideUrl,
+    };
+  }
+
+  /**
+   * Generate post-create script for Daytona workspace
+   *
+   * This script runs after the workspace is created and sets up:
+   * - SSH authorized keys
+   * - Teleportation CLI installation
+   * - LivePort tunnel
+   * - Teleportation daemon
+   *
+   * @private
+   * @param {Object} sessionConfig - Session configuration
+   * @param {Object} tunnel - Tunnel configuration with tunnelCommand
+   * @param {Object} ssh - SSH key with publicKey
+   * @returns {string} Shell script for workspace initialization
+   */
+  _generatePostCreateScript(sessionConfig, tunnel, ssh) {
+    // Escape all user-provided values to prevent command injection
+    const safePublicKey = this._escapeShellArg(ssh.publicKey);
+    const safeSessionId = this._escapeShellArg(sessionConfig.sessionId);
+    const safeTask = this._escapeShellArg(sessionConfig.task || '');
+
+    return `
+set -e
+
+# Setup SSH key
+mkdir -p ~/.ssh
+echo ${safePublicKey} >> ~/.ssh/authorized_keys
+chmod 600 ~/.ssh/authorized_keys
+
+REPO_ROOT=$(git rev-parse --show-toplevel 2>/dev/null || pwd)
+cd "$REPO_ROOT"
+
+# Install repo dependencies
+bun install
+
+# Start LivePort tunnel in background
+${tunnel.tunnelCommand} &
+
+TUNNEL_PID=$!
+
+# Wait briefly for the tunnel process to stay alive (avoid blind sleep)
+for i in 1 2 3 4 5; do
+  if ! kill -0 "$TUNNEL_PID" >/dev/null 2>&1; then
+    echo "LivePort tunnel failed to start" >&2
+    exit 1
+  fi
+  sleep 1
+done
+
+# Start teleportation daemon
+bun teleportation-cli.cjs daemon start --session-id ${safeSessionId} --task ${safeTask}
+`.trim();
+  }
+
+  /**
+   * Destroy the Daytona workspace
+   *
+   * Permanently deletes the workspace and all its data.
+   * This action cannot be undone.
+   *
+   * @param {string} workspaceId - Daytona workspace ID
+   * @returns {Promise<boolean>} True if destroyed successfully
+   * @throws {Error} If workspace deletion fails
+   */
+  async destroyMachine(workspaceId) {
+    this._validateMachineId(workspaceId);
+    const url = `${this.apiUrl}/workspace/${workspaceId}`;
+    const response = await this._fetchWithTimeout(url, {
+      method: 'DELETE',
+      headers: this._headers(),
+    });
+
+    if (!response.ok) {
+      throw new Error(await this._formatApiError(response, url));
+    }
+
+    return true;
+  }
+
+  /**
+   * Get workspace status
+   *
+   * Returns current state of the Daytona workspace including auto-stop countdown.
+   *
+   * @param {string} workspaceId - Daytona workspace ID
+   * @returns {Promise<Object>} Workspace status
+   * @returns {string} return.status - Workspace state (running, stopped, error)
+   * @returns {number} return.uptime - Uptime in seconds
+   * @returns {string} return.lastActivity - Last activity timestamp
+   * @returns {number} return.autoStopIn - Seconds until auto-stop
+   * @returns {Object} return.resources - Resource allocation (cpus, memory)
+   * @throws {Error} If status fetch fails
+   */
+  async getMachineStatus(workspaceId) {
+    this._validateMachineId(workspaceId);
+    const url = `${this.apiUrl}/workspace/${workspaceId}`;
+    const response = await this._fetchWithTimeout(url, {
+      method: 'GET',
+      headers: this._headers(),
+    });
+
+    if (!response.ok) {
+      throw new Error(await this._formatApiError(response, url));
+    }
+
+    const workspace = await response.json();
+
+    return {
+      status: workspace.state || workspace.status,
+      uptime: workspace.uptime,
+      lastActivity: workspace.lastActivity,
+      autoStopIn: workspace.autoStopIn,
+      resources: workspace.resources,
+    };
+  }
+
+  /**
+   * Execute command in workspace
+   *
+   * Runs a command directly in the workspace via Daytona exec API.
+   *
+   * @param {string} workspaceId - Daytona workspace ID
+   * @param {string} command - Command to execute
+   * @returns {Promise<Object>} Command result
+   * @returns {string} return.stdout - Standard output
+   * @returns {string} return.stderr - Standard error
+   * @returns {number} return.exitCode - Exit code
+   * @throws {Error} If command execution fails
+   */
+  async executeCommand(workspaceId, command) {
+    this._validateMachineId(workspaceId);
+    const url = `${this.apiUrl}/toolbox/${workspaceId}/toolbox/process/execute`;
+    const response = await this._fetchWithTimeout(url, {
+      method: 'POST',
+      headers: this._headers(),
+      body: JSON.stringify({ command }),
+    });
+
+    if (!response.ok) {
+      throw new Error(await this._formatApiError(response, url));
+    }
+
+    return response.json();
+  }
+
+  /**
+   * Get workspace logs
+   *
+   * Retrieves logs from the workspace's processes.
+   *
+   * @param {string} workspaceId - Daytona workspace ID
+   * @param {Object} [options] - Log retrieval options
+   * @param {number} [options.tail] - Number of recent lines to retrieve (default: 100)
+   * @param {boolean} [options.follow] - Stream logs continuously (default: false)
+   * @returns {Promise<Object>} Log data
+   * @returns {Array<string>} return.logs - Array of log lines
+   * @throws {Error} If log retrieval fails
+   */
+  async getLogs(workspaceId, options = {}) {
+    this._validateMachineId(workspaceId);
+    const params = new URLSearchParams({
+      tail: options.tail || 100,
+      follow: options.follow || false,
+    });
+
+    const url = `${this.apiUrl}/workspace/${workspaceId}/logs?${params}`;
+    const response = await this._fetchWithTimeout(url, {
+      method: 'GET',
+      headers: this._headers(),
+    });
+
+    if (!response.ok) {
+      throw new Error(await this._formatApiError(response, url));
+    }
+
+    return response.json();
+  }
+
+  /**
+   * Stop workspace (keeps it for later restart)
+   *
+   * Stops the workspace to save costs. Workspace state is preserved.
+   *
+   * @param {string} workspaceId - Daytona workspace ID
+   * @returns {Promise<boolean>} True if stopped successfully
+   * @throws {Error} If stop fails
+   */
+  async stopMachine(workspaceId) {
+    this._validateMachineId(workspaceId);
+    const url = `${this.apiUrl}/workspace/${workspaceId}/stop`;
+    const response = await this._fetchWithTimeout(url, {
+      method: 'POST',
+      headers: this._headers(),
+    });
+
+    if (!response.ok) {
+      throw new Error(await this._formatApiError(response, url));
+    }
+
+    return true;
+  }
+
+  /**
+   * Start stopped workspace
+   *
+   * Resumes a stopped workspace. State is preserved from when it was stopped.
+   *
+   * @param {string} workspaceId - Daytona workspace ID
+   * @returns {Promise<boolean>} True if started successfully
+   * @throws {Error} If start fails
+   */
+  async startMachine(workspaceId) {
+    this._validateMachineId(workspaceId);
+    const url = `${this.apiUrl}/workspace/${workspaceId}/start`;
+    const response = await this._fetchWithTimeout(url, {
+      method: 'POST',
+      headers: this._headers(),
+    });
+
+    if (!response.ok) {
+      throw new Error(await this._formatApiError(response, url));
+    }
+
+    return true;
+  }
+
+  /**
+   * Extend auto-stop timeout
+   *
+   * Adds additional time before the workspace auto-stops due to inactivity.
+   *
+   * @param {string} workspaceId - Daytona workspace ID
+   * @param {number} additionalMinutes - Minutes to add to auto-stop timer
+   * @returns {Promise<Object>} Extended auto-stop information
+   * @throws {Error} If extension fails
+   */
+  async extendAutoStop(workspaceId, additionalMinutes) {
+    this._validateMachineId(workspaceId);
+    const url = `${this.apiUrl}/workspace/${workspaceId}/extend`;
+    const response = await this._fetchWithTimeout(url, {
+      method: 'POST',
+      headers: this._headers(),
+      body: JSON.stringify({
+        additionalMinutes,
+      }),
+    });
+
+    if (!response.ok) {
+      throw new Error(await this._formatApiError(response, url));
+    }
+
+    return response.json();
+  }
+
+  /**
+   * Create snapshot of workspace
+   *
+   * Creates a snapshot of the workspace's current state.
+   * Snapshots can be used to restore workspace to a previous state.
+   *
+   * @param {string} workspaceId - Daytona workspace ID
+   * @param {string} name - Snapshot name
+   * @returns {Promise<Object>} Snapshot details
+   * @throws {Error} If snapshot creation fails
+   */
+  async createSnapshot(workspaceId, name) {
+    this._validateMachineId(workspaceId);
+    const url = `${this.apiUrl}/workspace/${workspaceId}/snapshots`;
+    const response = await this._fetchWithTimeout(url, {
+      method: 'POST',
+      headers: this._headers(),
+      body: JSON.stringify({ name }),
+    });
+
+    if (!response.ok) {
+      throw new Error(await this._formatApiError(response, url));
+    }
+
+    return response.json();
+  }
+}