underpost 3.1.2 → 3.2.0

package/src/cli/run.js

@@ -4,7 +4,8 @@
  * @namespace UnderpostRun
  */
 
-import { daemonProcess, getTerminalPid, shellCd, shellExec } from '../server/process.js';
+import { daemonProcess, getTerminalPid, pbcopy, shellCd, shellExec } from '../server/process.js';
+import crypto from 'crypto';
 import {
   awaitDeployMonitor,
   buildKindPorts,
@@ -17,12 +18,31 @@ import {
 import { actionInitLog, loggerFactory } from '../server/logger.js';
 
 import fs from 'fs-extra';
+import net from 'net';
 import { range, setPad, timer } from '../client/components/core/CommonJs.js';
 
 import os from 'os';
 import Underpost from '../index.js';
 import dotenv from 'dotenv';
 
+const waitForPort = (port, host = '127.0.0.1', { maxAttempts = 30, interval = 2000 } = {}) =>
+  new Promise((resolve, reject) => {
+    let attempts = 0;
+    const tryConnect = () => {
+      attempts++;
+      const socket = net.createConnection({ port, host }, () => {
+        socket.destroy();
+        resolve();
+      });
+      socket.on('error', () => {
+        socket.destroy();
+        if (attempts >= maxAttempts) return reject(new Error(`Port ${port} not ready after ${maxAttempts} attempts`));
+        setTimeout(tryConnect, interval);
+      });
+    };
+    tryConnect();
+  });
+
 const logger = loggerFactory(import.meta);
 
 /**
@@ -87,6 +107,7 @@ const logger = loggerFactory(import.meta);
  * @property {boolean} logs - Whether to enable logs.
  * @property {boolean} dryRun - Whether to perform a dry run.
  * @property {boolean} createJobNow - Whether to create the job immediately.
+ * @property {number} fromNCommit - Number of commits back to use for message propagation (default: 1, last commit only).
  * @property {string|Array<{ip: string, hostnames: string[]}>} hostAliases - Adds entries to the Pod /etc/hosts via Kubernetes hostAliases.
  *   As a string (CLI): semicolon-separated entries of "ip=hostname1,hostname2" (e.g., "127.0.0.1=foo.local,bar.local;10.1.2.3=foo.remote").
  *   As an array (programmatic): objects with `ip` and `hostnames` fields (e.g., [{ ip: "127.0.0.1", hostnames: ["foo.local"] }]).
@@ -151,7 +172,10 @@ const DEFAULT_OPTION = {
   logs: false,
   dryRun: false,
   createJobNow: false,
+  fromNCommit: 0,
   hostAliases: '',
+  gitClean: false,
+  copy: false,
 };
 
 /**
@@ -244,8 +268,15 @@ class UnderpostRun {
       const ports = '6379,27017';
       shellExec(`node bin run kill '${ports}'`);
       shellExec(`node bin run dev-cluster --dev --expose --namespace ${options.namespace}`, { async: true });
-      console.log('Loading fordward services...');
-      await timer(5000);
+      logger.info('Waiting for port-forward services to be ready...');
+      try {
+        await Promise.all([waitForPort(27017), waitForPort(6379)]);
+        logger.info('Port-forward services are ready');
+      } catch (err) {
+        logger.error('Port-forward services failed to become ready', { error: err.message });
+        shellExec(`node bin run kill '${ports}'`);
+        throw err;
+      }
       shellExec(`node bin metadata --generate ${path}`);
       shellExec(`node bin db --dev --clean-fs-collection dd`);
       shellExec(`node bin run kill '${ports}'`);
@@ -354,8 +385,10 @@ class UnderpostRun {
     },
     /**
      * @method template-deploy
-     * @description Pushes `engine-private`, dispatches CI workflow to build `pwa-microservices-template`, and optionally dispatches CD sync workflow.
-     * @param {string} path - The input value, identifier, or path for the operation.
+     * @description Pushes `engine-private`, dispatches CI workflow to build `pwa-microservices-template`,
+     * and optionally triggers engine-<conf-id> CI with sync/init which in turn dispatches the CD workflow
+     * after the build chain completes (template → ghpkg → engine-<conf-id> → CD).
+     * @param {string} path - The deployment path identifier (e.g., 'sync-engine-core', 'init-engine-core', or empty for build-only).
      * @param {Object} options - The default underpost runner options for customizing workflow
      * @memberof UnderpostRun
      */
@@ -368,7 +401,18 @@ class UnderpostRun {
         return;
       }
       shellExec(`${baseCommand} run pull`);
-      const message = shellExec(`node bin cmt --changelog --changelog-no-hash`, { silent: true, stdout: true }).trim();
+
+      // Capture last N commit messages for propagation.
+      // When --from-n-commit is not set, auto-detect unpushed commit count (same as --unpush flag).
+      const fromN =
+        options.fromNCommit && parseInt(options.fromNCommit) > 0
+          ? parseInt(options.fromNCommit)
+          : Underpost.repo.getUnpushedCount('.').count;
+      const message = shellExec(`node bin cmt --changelog ${fromN} --changelog-no-hash`, {
+        silent: true,
+        stdout: true,
+      }).trim();
+
       shellExec(
         `${baseCommand} push ./engine-private ${options.force ? '-f ' : ''}${
           process.env.GITHUB_USERNAME
@@ -376,54 +420,76 @@ class UnderpostRun {
       );
       shellCd('/home/dd/engine');
 
-      // Store deploy boundary hash for changelog before dispatch
-      const deployBoundaryHash = shellExec('git rev-parse HEAD', {
-        stdout: true,
-        silent: true,
-        disableLog: true,
-      }).trim();
-
-      function replaceNthNewline(str, n, replacement = ' ') {
-        let count = 0;
-        return str.replace(/\r\n?|\n/g, (match) => {
-          count++;
-          return count === n ? replacement : match;
-        });
-      }
-      const sanitizedMessage = message
-        ? replaceNthNewline(message.replaceAll('"', '').replaceAll('`', '').replaceAll('#', '').replaceAll('- ', ''), 2)
-            .replace(/\r\n?|\n/g, ' ')
-            .trim()
-        : '';
+      const sanitizedMessage = Underpost.repo.sanitizeChangelogMessage(message);
 
       // Push engine repo so workflow YAML changes reach GitHub
       shellExec(`git reset`);
       shellExec(`${baseCommand} push . ${options.force ? '-f ' : ''}${process.env.GITHUB_USERNAME}/engine`);
 
-      // Dispatch CI workflow instead of empty commit + push
+      // Determine deploy conf and type from path (sync-engine-core, init-engine-core, etc.)
+      let deployConfId = '';
+      let deployType = '';
+      if (path.startsWith('sync-')) {
+        deployConfId = path.replace(/^sync-/, '');
+        deployType = 'sync-and-deploy';
+      } else if (path.startsWith('init-')) {
+        deployConfId = path.replace(/^init-/, '');
+        deployType = 'init';
+      }
+
+      // Dispatch npmpkg CI workflow — this builds pwa-microservices-template first.
+      // If deployConfId is set, npmpkg.ci.yml will dispatch the engine-<conf-id> CI
+      // with sync=true after template build completes. The engine CI then dispatches
+      // the CD workflow after the engine repo build finishes — ensuring correct sequence:
+      // npmpkg.ci → engine-<id>.ci → engine-<id>.cd
       const repo = `${process.env.GITHUB_USERNAME}/engine`;
+      const inputs = {};
+      if (sanitizedMessage) inputs.message = sanitizedMessage;
+      if (deployConfId) inputs.deploy_conf_id = deployConfId;
+      if (deployType) inputs.deploy_type = deployType;
+
       Underpost.repo.dispatchWorkflow({
         repo,
         workflowFile: 'npmpkg.ci.yml',
         ref: 'master',
-        inputs: sanitizedMessage ? { message: sanitizedMessage } : {},
+        inputs,
       });
+    },
 
-      // Dispatch CD sync-and-deploy if path starts with 'sync'
-      if (path.startsWith('sync')) {
-        const confId = path.replace(/^sync-/, '');
-        Underpost.repo.dispatchWorkflow({
-          repo,
-          workflowFile: `${confId}.cd.yml`,
-          ref: 'master',
-          inputs: { job: 'sync-and-deploy' },
-        });
+    /**
+     * @method template-deploy-local
+     * @description Similar to `template-deploy` but runs the workflow locally without dispatching GitHub Actions. It pulls the latest changes, pushes to GitHub, builds the template, and optionally triggers a local release with CI push.
+     * @param {string} path - The deployment path identifier (e.g., 'sync-engine-core', 'init-engine-core', or empty for build-only).
+     * @param {Object} options - The default underpost runner options for customizing workflow
+     * @memberof UnderpostRun
+     */
+    'template-deploy-local': async (path, options = DEFAULT_OPTION) => {
+      const baseCommand = options.dev ? 'node bin' : 'underpost';
+      shellExec(`npm run security:secrets`);
+      const reportPath = './gitleaks-report.json';
+      if (fs.existsSync(reportPath) && JSON.parse(fs.readFileSync(reportPath, 'utf8')).length > 0) {
+        logger.error('Secrets detected in gitleaks-report.json, aborting template-deploy');
+        return;
       }
+      shellExec(`${baseCommand} run pull`);
 
-      // Store deploy boundary for changelog
-      shellExec(`${baseCommand} config set LAST_CI_DEPLOY_HASH ${deployBoundaryHash}`);
-    },
+      // Capture last N commit messages from the engine repo.
+      // When --from-n-commit is not set, auto-detect unpushed commit count (same as --unpush flag).
+      const fromN =
+        options.fromNCommit && parseInt(options.fromNCommit) > 0
+          ? parseInt(options.fromNCommit)
+          : Underpost.repo.getUnpushedCount('.').count;
+      const rawMessage = shellExec(`node bin cmt --changelog ${fromN} --changelog-no-hash`, {
+        silent: true,
+        stdout: true,
+      }).trim();
+      const sanitizedMessage = Underpost.repo.sanitizeChangelogMessage(rawMessage);
 
+      const { triggerCmd } = path
+        ? await Underpost.release.ci(path, sanitizedMessage, options)
+        : await Underpost.release.pwa(sanitizedMessage, options);
+      pbcopy(triggerCmd + ' && cd /home/dd/engine');
+    },
     /**
      * @method template-deploy-image
      * @description Dispatches the Docker image CI workflow for the `engine` repository.
@@ -439,6 +505,21 @@ class UnderpostRun {
         inputs: {},
       });
     },
+    /**
+     * @method docker-image
+     * @description Dispatches the Docker image CI workflow (`docker-image.ci.yml`) for the `engine` repository via `workflow_dispatch`.
+     * @param {string} path - The input value, identifier, or path for the operation.
+     * @param {Object} options - The default underpost runner options for customizing workflow
+     * @memberof UnderpostRun
+     */
+    'docker-image': (path, options = DEFAULT_OPTION) => {
+      Underpost.repo.dispatchWorkflow({
+        repo: `${process.env.GITHUB_USERNAME}/engine`,
+        workflowFile: 'docker-image.ci.yml',
+        ref: 'master',
+        inputs: {},
+      });
+    },
     /**
      * @method clean
      * @description Changes directory to the provided path (defaulting to `/home/dd/engine`) and runs `node bin/deploy clean-core-repo`.
@@ -606,20 +687,22 @@ echo -e "[code]\nname=Visual Studio Code\nbaseurl=https://packages.microsoft.com
       const cmdString = options.cmd
         ? ' --cmd ' + (options.cmd.find((c) => c.match('"')) ? '"' + options.cmd + '"' : "'" + options.cmd + "'")
         : '';
+      const clusterFlag = options.k3s ? ' --k3s' : options.kind ? ' --kind' : ' --kubeadm';
+      const gitCleanFlag = options.gitClean ? ' --git-clean' : '';
 
       shellExec(
-        `${baseCommand} deploy --kubeadm --build-manifest --sync --info-router --replicas ${replicas} --node ${node}${
+        `${baseCommand} deploy${clusterFlag} --build-manifest --sync --info-router --replicas ${replicas} --node ${node}${
           image ? ` --image ${image}` : ''
         }${versions ? ` --versions ${versions}` : ''}${
           options.namespace ? ` --namespace ${options.namespace}` : ''
-        }${timeoutFlags}${cmdString} ${deployId} ${env}`,
+        }${timeoutFlags}${cmdString}${gitCleanFlag} ${deployId} ${env}`,
       );
 
       if (isDeployRunnerContext(path, options)) {
         shellExec(
-          `${baseCommand} deploy --kubeadm${cmdString} --replicas ${replicas} --disable-update-proxy ${deployId} ${env} --versions ${versions}${
+          `${baseCommand} deploy${clusterFlag}${cmdString} --replicas ${replicas} --disable-update-proxy ${deployId} ${env} --versions ${versions}${
             options.namespace ? ` --namespace ${options.namespace}` : ''
-          }${timeoutFlags}`,
+          }${timeoutFlags}${gitCleanFlag}`,
         );
         if (!targetTraffic)
           targetTraffic = Underpost.deploy.getCurrentTraffic(deployId, { namespace: options.namespace });
@@ -831,6 +914,7 @@ echo -e "[code]\nname=Visual Studio Code\nbaseurl=https://packages.microsoft.com
       const confInstances = JSON.parse(
         fs.readFileSync(`./engine-private/conf/${deployId}/conf.instances.json`, 'utf8'),
       );
+      let promotedTraffic = '';
       for (const instance of confInstances) {
         let {
           id: _id,
@@ -850,6 +934,7 @@ echo -e "[code]\nname=Visual Studio Code\nbaseurl=https://packages.microsoft.com
           namespace: options.namespace,
         });
         const targetTraffic = currentTraffic ? (currentTraffic === 'blue' ? 'green' : 'blue') : 'blue';
+        promotedTraffic = targetTraffic;
         let proxyYaml =
           Underpost.deploy.baseProxyYamlFactory({ host: _host, env: options.tls ? 'production' : env, options }) +
           Underpost.deploy.deploymentYamlServiceFactory({
@@ -875,6 +960,18 @@ EOF
           { disableLog: true },
         );
       }
+      // Refresh the gRPC service to ensure it points to the parent deploy's current traffic.
+      if (promotedTraffic) {
+        const parentTraffic = Underpost.deploy.getCurrentTraffic(deployId, { namespace: options.namespace }) || 'blue';
+        const grpcServicePath = Underpost.deploy.buildGrpcServiceManifest({
+          deployId,
+          env,
+          confServer: loadConfServerJson(`./engine-private/conf/${deployId}/conf.server.json`),
+          namespace: options.namespace,
+          traffic: [parentTraffic],
+        });
+        if (grpcServicePath) shellExec(`kubectl apply -f ${grpcServicePath} -n ${options.namespace}`);
+      }
     },
 
     /**
@@ -914,12 +1011,12 @@ EOF
         // `localhost/rockylinux9-underpost:${Underpost.version}`
         if (!_image) _image = `underpost/underpost-engine:${Underpost.version}`;
 
-        if (options.nodeName) {
-          shellExec(`sudo crictl pull ${_image}`);
-        } else {
-          shellExec(`docker pull ${_image}`);
-          shellExec(`sudo kind load docker-image ${_image}`);
-        }
+        Underpost.image.pullDockerHubImage({
+          dockerhubImage: _image,
+          kind: options.kind || (!options.nodeName && !options.kubeadm && !options.k3s),
+          kubeadm: options.nodeName || options.kubeadm,
+          k3s: options.k3s,
+        });
 
         const currentTraffic = Underpost.deploy.getCurrentTraffic(_deployId, {
           hostTest: _host,
@@ -928,7 +1025,7 @@ EOF
 
         const targetTraffic = currentTraffic ? (currentTraffic === 'blue' ? 'green' : 'blue') : 'blue';
         const podId = `${_deployId}-${env}-${targetTraffic}`;
-        const ignorePods = Underpost.deploy.get(podId, 'pods', options.namespace).map((p) => p.NAME);
+        const ignorePods = Underpost.kubectl.get(podId, 'pods', options.namespace).map((p) => p.NAME);
         Underpost.deploy.configMap(env, options.namespace);
         shellExec(`kubectl delete service ${podId}-service --namespace ${options.namespace} --ignore-not-found`);
         shellExec(`kubectl delete deployment ${podId} --namespace ${options.namespace} --ignore-not-found`);
@@ -940,7 +1037,30 @@ EOF
               env,
               version: targetTraffic,
               nodeName: options.nodeName,
+              clusterContext: options.k3s ? 'k3s' : options.kubeadm ? 'kubeadm' : 'kind',
+              gitClean: options.gitClean || false,
             });
+        // Regenerate the parent deploy's gRPC ClusterIP service pointing to the
+        // parent's current traffic colour and apply it before the instance pod starts so
+        // DNS is resolvable the moment the pod boots.
+        const parentTraffic = Underpost.deploy.getCurrentTraffic(deployId, { namespace: options.namespace }) || 'blue';
+        const grpcServicePath = Underpost.deploy.buildGrpcServiceManifest({
+          deployId,
+          env,
+          confServer: loadConfServerJson(`./engine-private/conf/${deployId}/conf.server.json`),
+          namespace: options.namespace,
+          traffic: [targetTraffic],
+          host: _host,
+        });
+        if (grpcServicePath) shellExec(`kubectl apply -f ${grpcServicePath} -n ${options.namespace}`);
+
+        const resolvedCmd = _cmd[env].map((c) =>
+          c.replaceAll(
+            '{{grpc-service-dns}}',
+            `${deployId}-grpc-service-${env}-${parentTraffic}.${options.namespace || 'default'}.svc.cluster.local:50051`,
+          ),
+        );
+
         let deploymentYaml = `---
 ${Underpost.deploy
   .deploymentYamlPartsFactory({
@@ -952,7 +1072,7 @@ ${Underpost.deploy
     image: _image,
     namespace: options.namespace,
     volumes: _volumes,
-    cmd: _cmd[env],
+    cmd: resolvedCmd,
   })
   .replace('{{ports}}', buildKindPorts(_fromPort, _toPort))}
 `;
@@ -998,7 +1118,7 @@ EOF
      * @memberof UnderpostRun
      */
     'ls-deployments': async (path, options = DEFAULT_OPTION) => {
-      console.table(await Underpost.deploy.get(path, 'deployments', options.namespace));
+      console.table(await Underpost.kubectl.get(path, 'deployments', options.namespace));
     },
 
     /**
@@ -1092,15 +1212,13 @@ EOF
     'db-client': async (path, options = DEFAULT_OPTION) => {
       const { underpostRoot } = options;
 
-      const image = 'adminer:4.7.6-standalone';
-
-      if (!options.kubeadm && !options.k3s) {
-        // Only load if not kubeadm/k3s (Kind needs it)
-        shellExec(`docker pull ${image}`);
-        shellExec(`sudo kind load docker-image ${image}`);
-      } else if (options.kubeadm || options.k3s)
-        // For kubeadm/k3s, ensure it's available for containerd
-        shellExec(`sudo crictl pull ${image}`);
+      Underpost.image.pullDockerHubImage({
+        dockerhubImage: 'adminer',
+        version: '4.7.6-standalone',
+        kind: options.kind,
+        kubeadm: options.kubeadm,
+        k3s: options.k3s,
+      });
 
       shellExec(`kubectl delete deployment adminer -n ${options.namespace} --ignore-not-found`);
       shellExec(`kubectl apply -k ${underpostRoot}/manifests/deployment/adminer/. -n ${options.namespace}`);
@@ -1573,13 +1691,73 @@ EOF
     },
 
     /**
-     * @method ptls
+     * @method pid-info
+     * @description Displays detailed information about a process by PID, including service details, command line, executable path, working directory, environment variables, and parent process tree.
+     * @param {string} path - The PID of the process to inspect.
+     * @param {Object} options - The default underpost runner options for customizing workflow
+     * @memberof UnderpostRun
+     */
+    'pid-info': (path, options = DEFAULT_OPTION) => {
+      const pid = path;
+      if (!pid) {
+        logger.error('PID is required. Usage: underpost run pid-info <pid>');
+        return;
+      }
+
+      // Services
+      logger.info('Process info');
+      shellExec(`sudo ps -p ${pid} -o pid,ppid,user,stime,etime,cmd`);
+      logger.info('Command line');
+      shellExec(`sudo cat /proc/${pid}/cmdline | tr '\\0' ' ' ; echo`);
+      logger.info('Executable path');
+      shellExec(`sudo readlink -f /proc/${pid}/exe`);
+      logger.info('Working directory');
+      shellExec(`sudo readlink -f /proc/${pid}/cwd`);
+      logger.info('Environment variables (first 200)');
+      shellExec(`sudo tr '\\0' '\\n' </proc/${pid}/environ | head -200`);
+
+      // Parent
+      logger.info('Parent process');
+      const parentInfo = shellExec(`sudo ps -o pid,ppid,user,cmd -p ${pid}`, { stdout: true, silent: true });
+      console.log(parentInfo);
+      const ppidMatch = parentInfo.split('\n').find((l) => l.trim().startsWith(pid));
+      if (ppidMatch) {
+        const ppid = ppidMatch.trim().split(/\s+/)[1];
+        logger.info(`Parent PID: ${ppid}`);
+        shellExec(`ps -fp ${ppid}`);
+      }
+      logger.info('Process tree');
+      shellExec(`pstree -s ${pid}`);
+    },
+
+    /**
+     * @method background
+     * @description Runs a custom command in the background using nohup, logging output to `/var/log/<id>.log` and saving the PID to `/var/run/<id>.pid`.
+     * @param {string} path - The command to run in the background (e.g. 'npm run prod:container dd-cyberia-r3').
+     * @param {Object} options - The default underpost runner options for customizing workflow
+     * @memberof UnderpostRun
+     */
+    background: (path, options = DEFAULT_OPTION) => {
+      if (!path) {
+        logger.error('Command is required. Usage: underpost run background <command>');
+        return;
+      }
+      const id = path.split(/\s+/).pop();
+      const logFile = `/var/log/${id}.log`;
+      const pidFile = `/var/run/${id}.pid`;
+      logger.info(`Starting background process`, { id, logFile, pidFile });
+      shellExec(`nohup ${path} > ${logFile} 2>&1 & pid=$!; echo $pid > ${pidFile}; disown`);
+      logger.info(`Background process started for '${id}'`);
+    },
+
+    /**
+     * @method ports
      * @description Set on ~/.bashrc alias: ports <port> Command to list listening ports that match the given keyword.
      * @param {string} path - The input value, identifier, or path for the operation (used as a keyword to filter listening ports).
      * @param {Object} options - The default underpost runner options for customizing workflow
      * @memberof UnderpostRun
      */
-    ptls: async (path = '', options = DEFAULT_OPTION) => {
+    ports: async (path = '', options = DEFAULT_OPTION) => {
       shellExec(`chmod +x ${options.underpostRoot}/scripts/ports-ls.sh`);
       shellExec(`${options.underpostRoot}/scripts/ports-ls.sh`);
     },
@@ -1634,7 +1812,7 @@ EOF
 
               const { close } = await (async () => {
                 const checkAwaitPath = '/await';
-                while (!Underpost.deploy.existsContainerFile({ podName, path: checkAwaitPath })) {
+                while (!Underpost.kubectl.existsFile({ podName, path: checkAwaitPath })) {
                   logger.info('monitor', checkAwaitPath);
                   await timer(1000);
                 }
@@ -1661,7 +1839,7 @@ EOF
                 logger.info('monitor', checkPath);
                 {
                   const checkAwaitPath = `/home/dd/docs${checkPath}`;
-                  while (!Underpost.deploy.existsContainerFile({ podName, path: checkAwaitPath })) {
+                  while (!Underpost.kubectl.existsFile({ podName, path: checkAwaitPath })) {
                     logger.info('waiting for', checkAwaitPath);
                     await timer(1000);
                   }
@@ -1727,7 +1905,8 @@ EOF
 
       shellCd(dir);
 
-      shellExec(`git init && git add . && git commit -m "Base implementation"`);
+      Underpost.repo.initLocalRepo({ path: dir });
+      shellExec(`git add . && git commit -m "Base implementation"`);
       shellExec(`chmod +x ./replace_params.sh`);
       shellExec(`chmod +x ./build.sh`);
 
@@ -1772,11 +1951,46 @@ EOF
      * @param {Object} options - The default underpost runner options for customizing workflow
      * @memberof UnderpostRun
      */
+    /**
+     * @method generate-pass
+     * @description Generates a cryptographically secure random password that satisfies all validatePassword
+     * constraints (lowercase, uppercase, digit, special char, min 8 chars). Logs the plain password
+     * to the console or, when `--copy` is set, copies it to the clipboard via pbcopy.
+     * @param {string} path - Optional password length (default: 16).
+     * @param {Object} options - The default underpost runner options for customizing workflow.
+     * @param {boolean} options.copy - When true, copies to clipboard instead of logging.
+     * @memberof UnderpostRun
+     */
+    'generate-pass': (path, options = DEFAULT_OPTION) => {
+      const length = path && parseInt(path) > 0 ? parseInt(path) : 16;
+      const lower = 'abcdefghijklmnopqrstuvwxyz';
+      const upper = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+      const digits = '0123456789';
+      const special = '@#$%^&*()_+';
+      const all = lower + upper + digits + special;
+      const buf = crypto.randomBytes(length + 4);
+      // Guarantee at least one character from each required class
+      const chars = [
+        lower[buf[0] % lower.length],
+        upper[buf[1] % upper.length],
+        digits[buf[2] % digits.length],
+        special[buf[3] % special.length],
+      ];
+      for (let i = 4; i < length; i++) chars.push(all[buf[i] % all.length]);
+      // Fisher-Yates shuffle using an independent random buffer
+      const shuf = crypto.randomBytes(length);
+      for (let i = chars.length - 1; i > 0; i--) {
+        const j = shuf[i % shuf.length] % (i + 1);
+        [chars[i], chars[j]] = [chars[j], chars[i]];
+      }
+      const password = chars.join('');
+      if (options.copy) pbcopy(password);
+      else console.log(password);
+    },
+
     secret: (path, options = DEFAULT_OPTION) => {
       const secretPath = path ? path : `/home/dd/engine/engine-private/conf/dd-cron/.env.production`;
-      const command = options.dev
-        ? `node bin secret underpost --create-from-file ${secretPath}`
-        : `underpost secret underpost --create-from-file ${secretPath}`;
+      const command = `node bin secret underpost --create-from-file ${secretPath}`;
       shellExec(command);
     },
     /**

package/src/cli/test.js

@@ -81,7 +81,7 @@ class UnderpostTest {
         return await Underpost.test.statusMonitor(options.podName, options.podStatus, options.kindType);
 
       if (options.sh === true || options.logs === true) {
-        const [pod] = Underpost.deploy.get(deployList);
+        const [pod] = Underpost.kubectl.get(deployList);
         if (pod) {
           if (options.sh) return pbcopy(`sudo kubectl exec -it ${pod.NAME} -- sh`);
           if (options.logs) return shellExec(`sudo kubectl logs -f ${pod.NAME}`);
@@ -115,7 +115,7 @@ class UnderpostTest {
                 break;
             }
           else {
-            const pods = Underpost.deploy.get(deployId);
+            const pods = Underpost.kubectl.get(deployId);
             if (pods.length > 0)
               for (const deployData of pods) {
                 const { NAME } = deployData;
@@ -145,7 +145,7 @@ class UnderpostTest {
         logger.info(`Loading instance`, { podName, status, kindType, deltaMs, maxAttempts });
         const _monitor = async () => {
           await timer(deltaMs);
-          const pods = Underpost.deploy.get(podName, kindType);
+          const pods = Underpost.kubectl.get(podName, kindType);
           let result = pods.find((p) => p.STATUS === status || (status === 'Running' && p.STATUS === 'Completed'));
           logger.info(
             `Testing pod ${podName}... ${result ? 1 : 0}/1 - elapsed time ${deltaMs * (index + 1)}s - attempt ${

package/src/client/Default.index.js

@@ -11,10 +11,9 @@ import { RouterDefault } from './components/default/RoutesDefault.js';
 import { TranslateDefault } from './components/default/TranslateDefault.js';
 import { Worker } from './components/core/Worker.js';
 import { Keyboard } from './components/core/Keyboard.js';
-import { DefaultParams } from './components/default/CommonDefault.js';
 import { SocketIo } from './components/core/SocketIo.js';
 import { SocketIoDefault } from './components/default/SocketIoDefault.js';
-import { ElementsDefault } from './components/default/ElementsDefault.js';
+import { AppStoreDefault } from './components/default/AppStoreDefault.js';
 import { CssDefaultDark, CssDefaultLight } from './components/default/CssDefault.js';
 import { EventsUI } from './components/core/EventsUI.js';
 import { Modal } from './components/core/Modal.js';
@@ -71,14 +70,14 @@ window.onload = () =>
       await Responsive.Init();
       await MenuDefault.Render({ htmlMainBody });
       await SocketIo.Init({
-        channels: ElementsDefault.Data,
+        channels: AppStoreDefault.Data,
         path: `/`,
       });
       await SocketIoDefault.Init();
       await LogInDefault();
       await LogOutDefault();
       await SignUpDefault();
-      await Keyboard.Init({ callBackTime: DefaultParams.EVENT_CALLBACK_TIME });
+      await Keyboard.Init();
       await Modal.RenderSeoSanitizer();
     },
   });

package/src/client/components/core/Alert.js

@@ -49,7 +49,7 @@ const e404 = async () => {
     <br />
     <br />${Translate.Render('page-not-found')} <br />
     <br />
-    <a href="${location.origin}">${Translate.Render('back')}</a>
+    <a target="_top" href="${location.origin}">${Translate.Render('back')}</a>
   </div>`;
 };
 
@@ -68,7 +68,7 @@ const e500 = async () => {
     <br />
     <br />${Translate.Render('page-broken')} <br />
     <br />
-    <a href="${location.origin}">${Translate.Render('back')}</a>
+    <a target="_top" href="${location.origin}">${Translate.Render('back')}</a>
   </div>`;
 };