xtra-cli 0.1.0

package/dist/commands/branch.js

@@ -0,0 +1,216 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.branchCommand = void 0;
+const commander_1 = require("commander");
+const api_1 = require("../lib/api");
+const chalk_1 = __importDefault(require("chalk"));
+const ora_1 = __importDefault(require("ora"));
+const table_1 = require("table");
+const config_1 = require("../lib/config");
+const inquirer_1 = __importDefault(require("inquirer"));
+exports.branchCommand = new commander_1.Command("branch")
+    .description("Manage branches")
+    .option("-p, --project <projectId>", "Project ID");
+// LIST
+exports.branchCommand
+    .command("list")
+    .description("List all branches")
+    .action(async (options) => {
+    // Access parent options (project ID)
+    const parentOpts = exports.branchCommand.opts();
+    let { project } = parentOpts;
+    if (!project) {
+        project = (0, config_1.getConfigValue)("project");
+    }
+    if (!project) {
+        console.error(chalk_1.default.red("Error: Project ID is required. Use -p <id> or checkout a branch."));
+        process.exit(1);
+    }
+    const spinner = (0, ora_1.default)("Fetching branches...").start();
+    try {
+        const branches = await api_1.api.getBranches(project);
+        spinner.stop();
+        if (!branches) {
+            console.log(chalk_1.default.yellow("No branches found."));
+            return;
+        }
+        if (!Array.isArray(branches)) {
+            // Check for error object
+            if (branches.error) {
+                console.error(chalk_1.default.red(`Error: ${branches.error}`));
+            }
+            else {
+                console.error(chalk_1.default.red("Error: Unexpected API response format (not an array)."));
+            }
+            return;
+        }
+        if (branches.length === 0) {
+            console.log(chalk_1.default.yellow("No branches found."));
+            return;
+        }
+        const data = [[chalk_1.default.bold("Name"), chalk_1.default.bold("ID"), chalk_1.default.bold("Created By")]];
+        branches.forEach((b) => {
+            const createdBy = b.user?.email || b.user?.name || b.createdBy || "-";
+            data.push([b.name, b.id, createdBy]);
+        });
+        console.log((0, table_1.table)(data));
+    }
+    catch (error) {
+        spinner.fail("Failed to fetch branches");
+        if (error.response && error.response.data && error.response.data.error) {
+            console.error(chalk_1.default.red(`Server Error: ${error.response.data.error}`));
+        }
+        else {
+            console.error(chalk_1.default.red(error.message));
+        }
+    }
+});
+// CREATE
+exports.branchCommand
+    .command("create")
+    .description("Create a new branch")
+    .argument("<name>", "Branch name")
+    .option("-d, --description <text>", "Description")
+    .action(async (name, options) => {
+    const parentOpts = exports.branchCommand.opts();
+    let { project } = parentOpts;
+    const { description } = options;
+    if (!project) {
+        project = (0, config_1.getConfigValue)("project");
+    }
+    if (!project) {
+        console.error(chalk_1.default.red("Error: Project ID is required. Use -p <id> or run 'xtra project set' first."));
+        process.exit(1);
+    }
+    const spinner = (0, ora_1.default)(`Creating branch '${name}'...`).start();
+    try {
+        await api_1.api.createBranch(project, name, description);
+        spinner.succeed(`Branch '${name}' created successfully.`);
+    }
+    catch (error) {
+        spinner.fail("Failed to create branch");
+        if (error.response && error.response.data && error.response.data.error) {
+            console.error(chalk_1.default.red(`Server Error: ${error.response.data.error}`));
+        }
+        else {
+            console.error(chalk_1.default.red(error.message));
+        }
+    }
+});
+// DELETE
+exports.branchCommand
+    .command("delete")
+    .description("Delete a branch")
+    .argument("<name>", "Branch name")
+    .option("-y, --yes", "Skip confirmation prompt", false)
+    .action(async (name, options) => {
+    const parentOpts = exports.branchCommand.opts();
+    let { project } = parentOpts;
+    const { yes } = options;
+    if (!project) {
+        project = (0, config_1.getConfigValue)("project");
+    }
+    if (!project) {
+        console.error(chalk_1.default.red("Error: Project ID is required. Use -p <id> or run 'xtra project set' first."));
+        process.exit(1);
+    }
+    if (name === "main") {
+        console.error(chalk_1.default.red("Error: Cannot delete the 'main' branch."));
+        return;
+    }
+    const spinner = (0, ora_1.default)("Resolving branch...").start();
+    try {
+        // 1. Resolve Name to ID
+        const branches = await api_1.api.getBranches(project);
+        const target = branches.find((b) => b.name === name);
+        if (!target) {
+            spinner.fail(`Branch '${name}' not found.`);
+            return;
+        }
+        spinner.stop();
+        // 2. Confirm
+        if (!yes) {
+            const { confirm } = await inquirer_1.default.prompt([{
+                    type: "confirm",
+                    name: "confirm",
+                    message: `Are you sure you want to DELETE branch '${name}'? This action cannot be undone.`,
+                    default: false
+                }]);
+            if (!confirm) {
+                console.log(chalk_1.default.gray("Operation cancelled."));
+                return;
+            }
+        }
+        // 3. Delete
+        spinner.start("Deleting branch...");
+        await api_1.api.deleteBranch(target.id);
+        spinner.succeed(`Branch '${name}' deleted successfully.`);
+        // Audit log
+        try {
+            const { logAudit } = require("../lib/audit");
+            logAudit("BRANCH_DELETED", project, null, { branchName: name, branchId: target.id });
+        }
+        catch (e) { }
+    }
+    catch (error) {
+        spinner.fail("Failed to delete branch");
+        if (error.response && error.response.data && error.response.data.error) {
+            console.error(chalk_1.default.red(`Server Error: ${error.response.data.error}`));
+        }
+        else {
+            console.error(chalk_1.default.red(error.message));
+        }
+    }
+});
+// UPDATE
+exports.branchCommand
+    .command("update")
+    .description("Update a branch")
+    .argument("<name>", "Current branch name")
+    .option("-n, --new-name <newName>", "New branch name")
+    .option("-d, --description <description>", "New description")
+    .action(async (name, options) => {
+    const parentOpts = exports.branchCommand.opts();
+    let { project } = parentOpts;
+    const { newName, description } = options;
+    if (!project) {
+        project = (0, config_1.getConfigValue)("project");
+    }
+    if (!project) {
+        console.error(chalk_1.default.red("Error: Project ID is required. Use -p <id> or checkout a branch."));
+        process.exit(1);
+    }
+    if (!newName && !description) {
+        console.log(chalk_1.default.yellow("No updates specified. Use --new-name or --description."));
+        return;
+    }
+    const spinner = (0, ora_1.default)("Resolving branch...").start();
+    try {
+        // 1. Resolve Name to ID
+        const branches = await api_1.api.getBranches(project);
+        const target = branches.find((b) => b.name === name);
+        if (!target) {
+            spinner.fail(`Branch '${name}' not found.`);
+            return;
+        }
+        spinner.text = "Updating branch...";
+        // 2. Update
+        await api_1.api.updateBranch(target.id, {
+            name: newName,
+            description
+        });
+        spinner.succeed(`Branch updated successfully.`);
+    }
+    catch (error) {
+        spinner.fail("Failed to update branch");
+        if (error.response && error.response.data && error.response.data.error) {
+            console.error(chalk_1.default.red(`Server Error: ${error.response.data.error}`));
+        }
+        else {
+            console.error(chalk_1.default.red(error.message));
+        }
+    }
+});

package/dist/commands/checkout.js

@@ -0,0 +1,74 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkoutCommand = void 0;
+const commander_1 = require("commander");
+const api_1 = require("../lib/api");
+const config_1 = require("../lib/config");
+const chalk_1 = __importDefault(require("chalk"));
+const ora_1 = __importDefault(require("ora"));
+const inquirer_1 = __importDefault(require("inquirer"));
+exports.checkoutCommand = new commander_1.Command("checkout")
+    .description("Switch the active branch context")
+    .argument("[branchName]", "Branch name to switch to (optional - will show list if not provided)")
+    .option("-p, --project <projectId>", "Project ID")
+    .action(async (branchName, options) => {
+    let { project } = options;
+    // Try to get project from config if not provided
+    if (!project) {
+        project = (0, config_1.getConfigValue)("project");
+    }
+    if (!project) {
+        console.error(chalk_1.default.red("Error: Project ID is required. Use -p <id> or run 'xtra project set' first."));
+        process.exit(1);
+    }
+    const spinner = (0, ora_1.default)("Fetching branches...").start();
+    try {
+        // Fetch branches
+        const branches = await api_1.api.getBranches(project);
+        spinner.stop();
+        if (!Array.isArray(branches) || branches.length === 0) {
+            console.log(chalk_1.default.yellow("No branches found in this project."));
+            return;
+        }
+        let selectedBranch = branchName;
+        // If no branch name provided, show interactive selector
+        if (!selectedBranch) {
+            const choices = branches.map((b) => ({
+                name: b.name,
+                value: b.name
+            }));
+            const { selected } = await inquirer_1.default.prompt([{
+                    type: "list",
+                    name: "selected",
+                    message: "Select a branch:",
+                    choices
+                }]);
+            selectedBranch = selected;
+        }
+        else {
+            // Verify branch exists
+            const exists = branches.find((b) => b.name === selectedBranch);
+            if (!exists) {
+                console.error(chalk_1.default.red(`Branch '${selectedBranch}' does not exist.`));
+                console.log(chalk_1.default.yellow(`Use 'xtra branch create ${selectedBranch}' to create it.`));
+                return;
+            }
+        }
+        // Save to config
+        (0, config_1.setConfig)("branch", selectedBranch);
+        (0, config_1.setConfig)("project", project);
+        console.log(chalk_1.default.green(`✔ Switched to branch '${selectedBranch}'`));
+    }
+    catch (error) {
+        spinner.fail("Failed to fetch branches");
+        if (error.response?.data?.error) {
+            console.error(chalk_1.default.red(`Error: ${error.response.data.error}`));
+        }
+        else {
+            console.error(chalk_1.default.red(error.message));
+        }
+    }
+});

package/dist/commands/ci.js

@@ -0,0 +1,330 @@
+"use strict";
+/**
+ * ci.ts - CI/CD Machine User Mode for xtra-cli
+ *
+ * This command is designed for headless pipeline execution:
+ *  - No interactive prompts
+ *  - No colors or spinners
+ *  - Output is pure clean JSON (pipe-friendly with `jq`)
+ *  - Auth via XTRA_MACHINE_TOKEN env var (no stored token needed)
+ *  - Non-zero exit codes on any failure
+ *
+ * Usage:
+ *   XTRA_MACHINE_TOKEN=tok_... xtra ci secrets --project <id> --env production
+ *   XTRA_MACHINE_TOKEN=tok_... xtra ci secrets --project <id> --env production | jq '.DATABASE_URL'
+ *   XTRA_MACHINE_TOKEN=tok_... xtra ci set --project <id> --env production KEY=VALUE
+ *   XTRA_MACHINE_TOKEN=tok_... xtra ci export --project <id> --env production --format dotenv > .env
+ *   XTRA_MACHINE_TOKEN=tok_... xtra ci run --project <id> --env production node app.js
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ciCommand = void 0;
+const commander_1 = require("commander");
+const child_process_1 = require("child_process");
+const axios_1 = __importDefault(require("axios"));
+const fs = __importStar(require("fs"));
+// ─── CI API Client ─────────────────────────────────────────────────────────────
+// Standalone, no Conf dependency — reads everything from environment variables
+function getCiClient() {
+    const token = process.env.XTRA_MACHINE_TOKEN;
+    const apiUrl = process.env.XTRA_API_URL || "http://localhost:3000/api";
+    if (!token) {
+        ciError("XTRA_MACHINE_TOKEN environment variable is required for CI mode.");
+    }
+    return axios_1.default.create({
+        baseURL: apiUrl,
+        headers: {
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${token}`,
+            "X-CI-Mode": "true",
+        },
+    });
+}
+// ─── Helpers ──────────────────────────────────────────────────────────────────
+/** Emit a JSON error to stderr and exit 1 */
+function ciError(message, detail) {
+    process.stderr.write(JSON.stringify({ ok: false, error: message, detail: detail || null }, null, 2) + "\n");
+    process.exit(1);
+}
+/** Emit clean JSON to stdout */
+function ciOut(data) {
+    process.stdout.write(JSON.stringify(data, null, 2) + "\n");
+}
+/** Validate required CLI env vars and options */
+function requireMachineToken() {
+    if (!process.env.XTRA_MACHINE_TOKEN) {
+        ciError("XTRA_MACHINE_TOKEN is not set. Export it before running CI commands.", {
+            hint: "export XTRA_MACHINE_TOKEN=your_service_account_token"
+        });
+    }
+}
+function requireProject(project) {
+    if (!project) {
+        ciError("--project <id> is required in CI mode. Set it explicitly (no config fallback).");
+    }
+    return project;
+}
+function requireEnv(env) {
+    if (!env) {
+        ciError("--env <environment> is required in CI mode.");
+    }
+    return env;
+}
+// ─── xtra ci ──────────────────────────────────────────────────────────────────
+exports.ciCommand = new commander_1.Command("ci")
+    .description("CI/CD headless mode — JSON output, no prompts, XTRA_MACHINE_TOKEN auth")
+    .addHelpText("after", `
+Environment Variables:
+  XTRA_MACHINE_TOKEN   Required. Service account token for authentication.
+  XTRA_API_URL         Optional. Override the API base URL.
+  XTRA_PROFILE         Optional. Use a specific named profile.
+
+Subcommands:
+  xtra ci secrets      Fetch secrets as JSON
+  xtra ci set          Set one or more secrets KEY=VALUE
+  xtra ci export       Export secrets in dotenv/json/yaml format to a file
+  xtra ci run          Run a command with secrets injected as env vars
+
+Examples:
+  XTRA_MACHINE_TOKEN=tok_... xtra ci secrets -p proj123 -e production
+  XTRA_MACHINE_TOKEN=tok_... xtra ci secrets -p proj123 -e production | jq '.DATABASE_URL'
+  XTRA_MACHINE_TOKEN=tok_... xtra ci set -p proj123 -e staging DEPLOY_VERSION=1.2.3
+  XTRA_MACHINE_TOKEN=tok_... xtra ci export -p proj123 -e production -f dotenv -o .env
+  XTRA_MACHINE_TOKEN=tok_... xtra ci run -p proj123 -e production -- node app.js
+`);
+// ── ci secrets ────────────────────────────────────────────────────────────────
+exports.ciCommand
+    .command("secrets")
+    .description("Fetch secrets as JSON (pipe-friendly)")
+    .requiredOption("-p, --project <id>", "Project ID")
+    .requiredOption("-e, --env <environment>", "Environment")
+    .option("-b, --branch <branch>", "Branch name", "main")
+    .option("--keys <keys>", "Comma-separated list of keys to include (default: all)")
+    .action(async (options) => {
+    requireMachineToken();
+    const project = requireProject(options.project);
+    const env = requireEnv(options.env);
+    try {
+        const client = getCiClient();
+        const res = await client.get(`/projects/${project}/envs/${env}/secrets?branch=${options.branch}`);
+        let secrets = res.data;
+        // Filter to specific keys if requested
+        if (options.keys) {
+            const allowedKeys = options.keys.split(",").map((k) => k.trim());
+            const filtered = {};
+            for (const k of allowedKeys) {
+                if (secrets[k] !== undefined)
+                    filtered[k] = secrets[k];
+                else
+                    process.stderr.write(`Warning: key '${k}' not found\n`);
+            }
+            secrets = filtered;
+        }
+        ciOut({ ok: true, project, env, branch: options.branch, secrets });
+    }
+    catch (e) {
+        const status = e?.response?.status;
+        const message = e?.response?.data?.error || e.message;
+        if (status === 401)
+            ciError("Unauthorized. Check your XTRA_MACHINE_TOKEN.", { status });
+        if (status === 403)
+            ciError("Forbidden. This token lacks permission to read secrets.", { status });
+        if (status === 404)
+            ciError(`Project '${project}' or environment '${env}' not found.`, { status });
+        ciError(message, { status });
+    }
+});
+// ── ci set ────────────────────────────────────────────────────────────────────
+exports.ciCommand
+    .command("set")
+    .description("Set one or more secrets in CI mode (KEY=VALUE ...)")
+    .requiredOption("-p, --project <id>", "Project ID")
+    .requiredOption("-e, --env <environment>", "Environment")
+    .option("-b, --branch <branch>", "Branch name", "main")
+    .argument("<secrets...>", "Secrets to set (format: KEY=VALUE)")
+    .action(async (args, options) => {
+    requireMachineToken();
+    const project = requireProject(options.project);
+    const env = requireEnv(options.env);
+    const payload = {};
+    for (const arg of args) {
+        const idx = arg.indexOf("=");
+        if (idx === -1) {
+            ciError(`Invalid format: '${arg}'. Expected KEY=VALUE`);
+        }
+        payload[arg.substring(0, idx)] = arg.substring(idx + 1);
+    }
+    if (Object.keys(payload).length === 0) {
+        ciError("No valid KEY=VALUE pairs provided.");
+    }
+    try {
+        const client = getCiClient();
+        await client.post(`/projects/${project}/envs/${env}/secrets`, {
+            secrets: payload,
+            branch: options.branch,
+        });
+        ciOut({
+            ok: true,
+            project,
+            env,
+            branch: options.branch,
+            updated: Object.keys(payload),
+            count: Object.keys(payload).length,
+        });
+    }
+    catch (e) {
+        const status = e?.response?.status;
+        ciError(e?.response?.data?.error || e.message, { status });
+    }
+});
+// ── ci export ─────────────────────────────────────────────────────────────────
+exports.ciCommand
+    .command("export")
+    .description("Export secrets to a file (dotenv, json, or github-actions format)")
+    .requiredOption("-p, --project <id>", "Project ID")
+    .requiredOption("-e, --env <environment>", "Environment")
+    .option("-b, --branch <branch>", "Branch name", "main")
+    .option("-f, --format <format>", "Output format: dotenv | json | github", "dotenv")
+    .option("-o, --output <file>", "Output file path (default: stdout)")
+    .action(async (options) => {
+    requireMachineToken();
+    const project = requireProject(options.project);
+    const env = requireEnv(options.env);
+    const { format, output, branch } = options;
+    const validFormats = ["dotenv", "json", "github"];
+    if (!validFormats.includes(format)) {
+        ciError(`Invalid format '${format}'. Must be one of: ${validFormats.join(", ")}`);
+    }
+    try {
+        const client = getCiClient();
+        const res = await client.get(`/projects/${project}/envs/${env}/secrets?branch=${branch}`);
+        const secrets = res.data;
+        let content;
+        switch (format) {
+            case "dotenv":
+                content = Object.entries(secrets)
+                    .map(([k, v]) => `${k}=${v}`)
+                    .join("\n") + "\n";
+                break;
+            case "json":
+                content = JSON.stringify(secrets, null, 2) + "\n";
+                break;
+            case "github":
+                // Format for GitHub Actions $GITHUB_ENV / $GITHUB_OUTPUT
+                content = Object.entries(secrets)
+                    .map(([k, v]) => `${k}=${v}`)
+                    .join("\n") + "\n";
+                break;
+            default:
+                ciError("Unreachable format error.");
+        }
+        if (output) {
+            fs.writeFileSync(output, content, "utf8");
+            // Write metadata to stderr so it doesn't pollute file output
+            process.stderr.write(JSON.stringify({ ok: true, file: output, keys: Object.keys(secrets).length }) + "\n");
+        }
+        else {
+            // Write raw content to stdout (pipe-ready)
+            process.stdout.write(content);
+        }
+    }
+    catch (e) {
+        const status = e?.response?.status;
+        ciError(e?.response?.data?.error || e.message, { status });
+    }
+});
+// ── ci run ────────────────────────────────────────────────────────────────────
+exports.ciCommand
+    .command("run")
+    .description("Run a command with secrets injected as environment variables")
+    .requiredOption("-p, --project <id>", "Project ID")
+    .requiredOption("-e, --env <environment>", "Environment")
+    .option("-b, --branch <branch>", "Branch name", "main")
+    .argument("<command>", "Command to execute")
+    .argument("[args...]", "Command arguments")
+    .action(async (command, args, options) => {
+    requireMachineToken();
+    const project = requireProject(options.project);
+    const env = requireEnv(options.env);
+    // Security: prevent command injection
+    const SHELL_UNSAFE = /[;&|`$<>\\\n]/g;
+    if (SHELL_UNSAFE.test(command)) {
+        ciError("Command contains unsafe characters. Aborting for security.");
+    }
+    try {
+        const client = getCiClient();
+        const res = await client.get(`/projects/${project}/envs/${env}/secrets?branch=${options.branch}`);
+        const secrets = res.data;
+        process.stderr.write(`[xtra ci] Injecting ${Object.keys(secrets).length} secrets into process env\n`);
+        const envVars = { ...process.env, ...secrets };
+        const child = (0, child_process_1.spawn)(command, args, {
+            env: envVars,
+            stdio: "inherit",
+            shell: false, // NO shell:true — prevents injection
+        });
+        child.on("exit", (code) => process.exit(code ?? 0));
+        child.on("error", (err) => ciError(`Failed to start process: ${err.message}`));
+    }
+    catch (e) {
+        const status = e?.response?.status;
+        ciError(e?.response?.data?.error || e.message, { status });
+    }
+});
+// ── ci validate ───────────────────────────────────────────────────────────────
+exports.ciCommand
+    .command("validate")
+    .description("Validate that XTRA_MACHINE_TOKEN is set and working")
+    .action(async () => {
+    requireMachineToken();
+    try {
+        const client = getCiClient();
+        const res = await client.get("/project");
+        ciOut({
+            ok: true,
+            authenticated: true,
+            projects: res.data.length,
+            message: "XTRA_MACHINE_TOKEN is valid and working.",
+        });
+    }
+    catch (e) {
+        const status = e?.response?.status;
+        if (status === 401)
+            ciError("XTRA_MACHINE_TOKEN is invalid or expired.", { status });
+        ciError(e?.response?.data?.error || e.message, { status });
+    }
+});