From 43b47e6fadd608e379dde2b03312b0dae9afcb5f Mon Sep 17 00:00:00 2001 From: Zhongwei Li Date: Sat, 29 Nov 2025 17:59:27 +0800 Subject: [PATCH] Initial commit --- .claude-plugin/plugin.json | 15 ++ README.md | 3 + commands/build.md | 158 ++++++++++++ commands/config.md | 355 ++++++++++++++++++++++++++ commands/deploy.md | 166 ++++++++++++ commands/infra.md | 93 +++++++ commands/init.md | 114 +++++++++ commands/logs.md | 258 +++++++++++++++++++ commands/rollback.md | 310 +++++++++++++++++++++++ commands/secrets.md | 465 ++++++++++++++++++++++++++++++++++ commands/status.md | 216 ++++++++++++++++ hooks/hooks.json | 13 + hooks/pre-deployment-check.js | 221 ++++++++++++++++ plugin.lock.json | 85 +++++++ 14 files changed, 2472 insertions(+) create mode 100644 .claude-plugin/plugin.json create mode 100644 README.md create mode 100644 commands/build.md create mode 100644 commands/config.md create mode 100644 commands/deploy.md create mode 100644 commands/infra.md create mode 100644 commands/init.md create mode 100644 commands/logs.md create mode 100644 commands/rollback.md create mode 100644 commands/secrets.md create mode 100644 commands/status.md create mode 100644 hooks/hooks.json create mode 100755 hooks/pre-deployment-check.js create mode 100644 plugin.lock.json diff --git a/.claude-plugin/plugin.json b/.claude-plugin/plugin.json new file mode 100644 index 0000000..fc7c17f --- /dev/null +++ b/.claude-plugin/plugin.json @@ -0,0 +1,15 @@ +{ + "name": "devops", + "description": "v1.0.1 - DevOps automation for Netlify deployments with encrypted secrets management, automatic validation, and instant rollback. Zero-token CLI operations with hybrid token authentication. AWS, GCP, Azure, and Vercel support coming soon.", + "version": "1.0.1", + "author": { + "name": "AutomateWith.Us", + "email": "team@automatewith.us" + }, + "commands": [ + "./commands" + ], + "hooks": [ + "./hooks" + ] +} \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..b1d2777 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# devops + +v1.0.1 - DevOps automation for Netlify deployments with encrypted secrets management, automatic validation, and instant rollback. Zero-token CLI operations with hybrid token authentication. AWS, GCP, Azure, and Vercel support coming soon. diff --git a/commands/build.md b/commands/build.md new file mode 100644 index 0000000..4987c35 --- /dev/null +++ b/commands/build.md @@ -0,0 +1,158 @@ +# DevOps Plugin - Trigger CI/CD Build + +You are triggering a CI/CD build pipeline. + +## Task: Trigger CI/CD Build + +The user wants to trigger a CI/CD build. This command works with GitHub Actions, Jenkins, and managed CI/CD platforms. + +### Step 1: Verify Configuration + +1. Check if `.devops/config.json` exists + +2. **Validate platform is supported**: + - Read config and get platform + - If platform is NOT "netlify", show error: + ``` + ❌ Platform Not Supported: {platform} + + This plugin currently supports Netlify only. + + To switch to Netlify: /devops:init + + Supported platforms: Netlify + ``` + Then STOP. + +3. Read CI/CD configuration: + ```bash + node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js config get --key cicd + ``` + +4. For Netlify, CI/CD is always "netlify" (managed builds). + +### Step 2: Parse Build Arguments + +Parse command arguments: +- `/devops:build` - Trigger default build (main branch) +- `/devops:build --branch dev` - Build specific branch +- `/devops:build --workflow deploy` - Trigger specific workflow +- `/devops:build --env staging` - Build for specific environment + +### Step 3: Trigger Build + +Trigger build via CLI based on platform: + +**GitHub Actions**: +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js build trigger \ + --platform github-actions \ + --branch "{branch}" \ + --workflow "{workflow}" +``` + +**Jenkins**: +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js build trigger \ + --platform jenkins \ + --job "{job_name}" \ + --params "{parameters}" +``` + +**Netlify/Vercel** (managed): +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js build trigger \ + --platform netlify \ + --env "{environment}" +``` + +### Step 4: Display Build Information + +Show build details: +``` +βœ“ Build triggered successfully + +Platform: {platform} +Branch: {branch} +Build ID: {build_id} +Status: {status} + +πŸ”— Build URL: {build_url} +⏱️ Estimated time: {estimated_time} + +πŸ’‘ Monitor progress: /devops:build status --id {build_id} +``` + +### Step 5: Offer to Monitor Build + +Ask: "Would you like to monitor the build progress?" +- If yes, run monitoring loop +- If no, done + +If monitoring: +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js build monitor --id {build_id} +``` + +Stream build status updates every 10 seconds: +``` +πŸ”„ Building... (30s elapsed) +πŸ“¦ Running tests... (1m 15s elapsed) +βœ“ Build completed successfully! (2m 30s) + +Artifacts: +- app.zip (15.2 MB) +- source-map.json (324 KB) + +πŸ’‘ Deploy now: /devops:deploy +``` + +### Step 6: Handle Build Failure + +If build fails: +``` +❌ Build failed + +Error: {error_message} +Failed step: {failed_step} + +πŸ“ View full logs: /devops:logs --build {build_id} +πŸ”— Build URL: {build_url} +``` + +--- + +**Netlify Build System**: + +Netlify provides fully managed builds: +- **Automatic builds** - Triggered on git push (if connected to repo) +- **Manual builds** - Can be triggered via this command +- **Deploy previews** - Automatic builds for pull requests +- **Build environment** - Ubuntu container with Node.js, Python, Ruby, Go, etc. + +**How Netlify Builds Work**: +1. Detects project type (Next.js, React, Vue, static, etc.) +2. Installs dependencies (`npm install`, `yarn install`, etc.) +3. Runs build command (`npm run build`, `gatsby build`, etc.) +4. Optimizes assets (images, scripts, etc.) +5. Deploys to global CDN +6. Provides deploy preview URL + +**Build Features**: +- βœ“ Automatic dependency caching (faster builds) +- βœ“ Build plugins (image optimization, form handling, etc.) +- βœ“ Environment variables (injected at build time) +- βœ“ Build hooks (trigger builds via webhook) +- βœ“ Parallel builds (multiple environments) + +**Note**: With Netlify, builds are typically triggered automatically when you deploy. +This command is useful for: +- Triggering manual builds without deploying +- Rebuilding with same code (e.g., if env vars changed) +- Building specific branch for preview + +**IMPORTANT**: +- Netlify builds run in the cloud (not locally) +- Build logs available via `/devops:logs` +- Builds are free up to 300 minutes/month (Pro: 25,000 min/month) +- Successful builds are automatically deployed diff --git a/commands/config.md b/commands/config.md new file mode 100644 index 0000000..2e3142d --- /dev/null +++ b/commands/config.md @@ -0,0 +1,355 @@ +# DevOps Plugin - Configuration Management + +You are managing DevOps configuration settings. + +## Task: Manage Configuration + +The user wants to view or modify DevOps configuration. + +### Step 1: Check for Configuration + +1. Check if `.devops/config.json` exists +2. If not and command is not `set`: + ``` + ❌ DevOps not initialized + πŸ’‘ Run /devops:init to create configuration + ``` + Then STOP. + +### Step 2: Parse Config Command + +Parse subcommand: +- `/devops:config` - Show current configuration +- `/devops:config get {key}` - Get specific config value +- `/devops:config set {key} {value}` - Set config value +- `/devops:config list` - List all configuration keys +- `/devops:config validate` - Validate configuration +- `/devops:config export` - Export configuration +- `/devops:config import {file}` - Import configuration + +### Step 3: Show Configuration + +**For `/devops:config`** (default): + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js config get --all +``` + +Display: +``` +βš™οΈ DevOps Configuration + +Platform: {platform} +Environment: {environment} +Region: {region} + +Deployment: + Strategy: {strategy} + Auto-deploy: {auto_deploy} + Rollback-on-failure: {rollback_enabled} + +CI/CD: + Platform: {cicd_platform} + Auto-build: {auto_build} + Branch: {default_branch} + +Secrets: + Mode: {secrets_mode} + Provider: {secrets_provider} + Encrypted: {is_encrypted} + +Infrastructure: + Type: {infra_type} + Auto-scale: {auto_scale} + Min instances: {min_instances} + Max instances: {max_instances} + +Monitoring: + Enabled: {monitoring_enabled} + Alerts: {alerts_enabled} + Log retention: {log_retention} days + +Configuration file: .devops/config.json +Last updated: {last_updated} + +πŸ’‘ Modify: /devops:config set {key} {value} +πŸ’‘ Validate: /devops:config validate +``` + +### Step 4: Get Specific Config Value + +**For `/devops:config get {key}`**: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js config get --key "{key}" +``` + +Display: +``` +{key}: {value} +``` + +Example: +``` +$ /devops:config get platform +platform: aws +``` + +### Step 5: Set Config Value + +**For `/devops:config set {key} {value}`**: + +1. Validate key exists: + ```bash + node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js config validate-key --key "{key}" + ``` + +2. If invalid key: + ``` + ❌ Invalid configuration key: {key} + + Valid keys: + - platform (aws, gcp, azure, netlify, vercel) + - environment (dev, staging, production) + - region (cloud-specific regions) + - cicd_platform (github-actions, jenkins, netlify, vercel) + - secrets_mode (local, aws, gcp, azure, manual) + - auto_deploy (true, false) + - auto_scale (true, false) + ``` + Then STOP. + +3. Set value: + ```bash + node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js config set \ + --key "{key}" \ + --value "{value}" + ``` + +4. Show confirmation: + ``` + βœ“ Configuration updated + + {key}: {old_value} β†’ {new_value} + + πŸ’‘ Validate: /devops:config validate + ``` + +### Step 6: Validate Configuration + +**For `/devops:config validate`**: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js config validate +``` + +Display validation results: +``` +πŸ” Validating configuration... + +Platform Configuration: + βœ“ Platform: aws (valid) + βœ“ Region: us-east-1 (valid) + βœ“ Credentials: configured + +CI/CD Configuration: + βœ“ Platform: github-actions (valid) + ⚠️ Auto-build: disabled (recommended: true) + βœ“ Branch: main (exists) + +Secrets Configuration: + βœ“ Mode: aws (valid) + βœ“ Provider: AWS Secrets Manager (accessible) + βœ“ Encryption: enabled + +Infrastructure Configuration: + βœ“ Type: full-stack (valid) + βœ“ Auto-scale: enabled + ⚠️ Max instances: 10 (high cost warning) + βœ“ Min instances: 2 (valid) + +Overall: Valid with 2 warnings + +πŸ’‘ Fix warnings or continue with current config +``` + +### Step 7: Export Configuration + +**For `/devops:config export`**: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js config export \ + --output ".devops/config-export-{timestamp}.json" +``` + +Show: +``` +βœ“ Configuration exported + +File: .devops/config-export-{timestamp}.json +Size: {size} KB + +Exported settings: +- Platform configuration +- CI/CD settings +- Infrastructure config +- Monitoring settings + +⚠️ Note: Secrets are NOT exported (security) + +πŸ’‘ Import to another project: /devops:config import {file} +``` + +### Step 8: Import Configuration + +**For `/devops:config import {file}`**: + +1. Validate import file exists +2. Show preview: + ```bash + node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js config preview-import \ + --file "{file}" + ``` + +3. Display changes: + ``` + πŸ“₯ Configuration Import Preview + + File: {file} + Settings to import: {count} + + Changes: + - platform: {current} β†’ {new} + - region: {current} β†’ {new} + - cicd_platform: {current} β†’ {new} + + New settings: + + monitoring_enabled: true + + log_retention: 30 + + ⚠️ This will overwrite current configuration + ``` + +4. Ask: "Import this configuration?" + - If no, STOP + - If yes, import + +5. Import: + ```bash + node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js config import \ + --file "{file}" \ + --backup + ``` + +6. Show result: + ``` + βœ“ Configuration imported + + Backup saved: .devops/config-backup-{timestamp}.json + Active config: .devops/config.json + + πŸ’‘ Validate: /devops:config validate + πŸ’‘ Restore backup if needed: /devops:config import {backup_file} + ``` + +### Step 9: List All Keys + +**For `/devops:config list`**: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js config list-keys +``` + +Display: +``` +βš™οΈ Available Configuration Keys + +Platform: + - platform (aws, gcp, azure, netlify, vercel) + - region (cloud-specific) + - environment (dev, staging, production) + +Deployment: + - deployment_strategy (rolling, blue-green, canary) + - auto_deploy (true, false) + - rollback_on_failure (true, false) + - health_check_enabled (true, false) + +CI/CD: + - cicd_platform (github-actions, jenkins, netlify, vercel) + - auto_build (true, false) + - default_branch (branch name) + - build_timeout (seconds) + +Secrets: + - secrets_mode (local, aws, gcp, azure, manual) + - secrets_provider (provider name) + - encryption_enabled (true, false) + +Infrastructure: + - infra_type (compute, serverless, static, full-stack) + - auto_scale (true, false) + - min_instances (number) + - max_instances (number) + - instance_type (instance size) + +Monitoring: + - monitoring_enabled (true, false) + - alerts_enabled (true, false) + - log_retention (days) + - metrics_retention (days) + +πŸ’‘ Get value: /devops:config get {key} +πŸ’‘ Set value: /devops:config set {key} {value} +``` + +--- + +**Configuration Schema**: + +The `.devops/config.json` file structure: +```json +{ + "version": "1.0", + "platform": "aws", + "environment": "production", + "region": "us-east-1", + "deployment": { + "strategy": "rolling", + "auto_deploy": false, + "rollback_on_failure": true, + "health_check_enabled": true + }, + "cicd": { + "platform": "github-actions", + "auto_build": true, + "default_branch": "main", + "build_timeout": 600 + }, + "secrets": { + "mode": "aws", + "provider": "AWS Secrets Manager", + "encryption_enabled": true + }, + "infrastructure": { + "type": "full-stack", + "auto_scale": true, + "min_instances": 2, + "max_instances": 10, + "instance_type": "t3.medium" + }, + "monitoring": { + "enabled": true, + "alerts_enabled": true, + "log_retention": 30, + "metrics_retention": 90 + } +} +``` + +**IMPORTANT**: +- Configuration changes take effect immediately +- Always validate after making changes +- Backup created automatically on import +- Secrets are never stored in config.json +- Platform-specific settings validated against cloud APIs diff --git a/commands/deploy.md b/commands/deploy.md new file mode 100644 index 0000000..a83f881 --- /dev/null +++ b/commands/deploy.md @@ -0,0 +1,166 @@ +# DevOps Plugin - Deploy Application + +You are deploying an application to a cloud platform. + +## Task: Deploy Application + +The user wants to deploy their application. This command handles fully automated deployments with pre-flight checks. + +### Step 1: Verify Configuration + +1. Check if `.devops/config.json` exists +2. If not, show error: + ``` + ❌ DevOps not initialized + πŸ’‘ Run /devops:init first to set up configuration + ``` + Then STOP. + +3. Read configuration using CLI: + ```bash + node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js config get + ``` + +4. **Validate platform is supported**: + - Get platform from config: `config.platform` + - If platform is NOT "netlify", show error: + ``` + ❌ Platform Not Supported: {platform} + + This plugin currently supports Netlify deployments only. + AWS, GCP, Azure, and Vercel support is in development. + + To switch to Netlify: + 1. Reconfigure: /devops:init + 2. Or manually update: /devops:config set platform netlify + 3. Configure token: /devops:secrets set + 4. Deploy: /devops:deploy + + Current platform: {platform} + Supported platforms: Netlify + ``` + Then STOP. + +### Step 2: Pre-Deployment Checks + +Run pre-deployment validation: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js validate-deployment +``` + +This checks: +- Credentials are configured +- Platform connectivity +- Git repository is clean (or has tracked changes) +- Build artifacts exist (if needed) +- Previous deployment status + +If validation fails, show error message from CLI and STOP. + +### Step 3: Determine Deployment Target + +Parse command arguments for target environment: +- `/devops:deploy` - Deploy to default (production) +- `/devops:deploy staging` - Deploy to staging +- `/devops:deploy dev` - Deploy to development + +### Step 4: Confirm Deployment (if production) + +If deploying to production, ask for confirmation: +``` +⚠️ Production Deployment +Platform: {platform} +Environment: production +Current version: {current_version} +New version: {new_version} + +Proceed with deployment? +``` +Options: Yes, No + +If No, STOP. + +### Step 5: Execute Deployment + +Run deployment via CLI: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js deploy \ + --env "{environment}" \ + --platform "{platform}" \ + --track +``` + +The CLI will: +1. Package application (if needed) +2. Upload to cloud platform +3. Execute deployment +4. Monitor deployment status +5. Save deployment record to `.devops/deployments.json` + +Show real-time output from CLI. + +### Step 6: Monitor Deployment + +The CLI streams deployment progress. Display updates: +``` +πŸš€ Deploying to {platform}... +πŸ“¦ Packaging application... +⬆️ Uploading to {platform}... +πŸ”„ Deploying version {version}... +βœ“ Deployment successful! + +🌐 URL: {deployment_url} +πŸ“Š Status: /devops:status +πŸ“ Logs: /devops:logs +``` + +### Step 7: Post-Deployment Verification + +Run post-deployment checks: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js verify-deployment --id {deployment_id} +``` + +If verification fails: +``` +⚠️ Deployment succeeded but verification failed +πŸ”„ Use /devops:rollback to revert +πŸ“ Use /devops:logs to investigate +``` + +### Step 8: Save Deployment Record + +Deployment record is automatically saved by CLI to: +- `.devops/deployments.json` (deployment history) +- `.devops/current-deployment.json` (current state) + +--- + +**Netlify Deployment Details**: + +The deployment process for Netlify: +1. **Automatic project detection** - Detects Next.js, React, Vue, static sites, etc. +2. **File upload** - Uploads build files to Netlify +3. **Build execution** - Netlify runs your build command (e.g., `npm run build`) +4. **Live deployment** - Site is published to your Netlify URL +5. **Instant rollback** - Previous versions remain available for instant rollback + +**Supported Project Types**: +- Static sites (HTML/CSS/JS) +- Single Page Applications (React, Vue, Angular, Svelte) +- Static Site Generators (Next.js, Gatsby, Hugo, Jekyll, Eleventy) +- Serverless Functions (Netlify Functions) + +**Not Supported** (use different platform when available): +- Docker containers (use AWS ECS when available) +- Kubernetes (use GCP/AWS when available) +- Custom infrastructure (use AWS/GCP/Azure when available) + +**IMPORTANT**: +- All deployment operations are fully automated +- Rollback is available via `/devops:rollback` +- Deployment history is tracked locally +- Netlify provides managed builds (no separate CI/CD needed) diff --git a/commands/infra.md b/commands/infra.md new file mode 100644 index 0000000..ec330ba --- /dev/null +++ b/commands/infra.md @@ -0,0 +1,93 @@ +# DevOps Plugin - Infrastructure Management + +You are managing infrastructure setup and configuration. + +## Task: Infrastructure Management + +The user wants to set up or manage cloud infrastructure. + +### Step 1: Check Platform Support + +1. Check if `.devops/config.json` exists +2. Read platform configuration: + ```bash + node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js config get --key platform + ``` + +3. **IMPORTANT**: Netlify is a fully managed platform - no manual infrastructure setup needed. + +Show this message: +``` +ℹ️ Infrastructure Management Not Needed + +Platform: Netlify (Fully Managed) + +Netlify automatically handles all infrastructure for you: +βœ“ Global CDN - Automatic edge distribution across 200+ PoPs +βœ“ SSL/TLS - Auto-provisioned and auto-renewed certificates +βœ“ DNS - Managed DNS with automatic configuration +βœ“ Build servers - Automatically scaled based on demand +βœ“ Serverless functions - Auto-deployed and auto-scaled +βœ“ Load balancing - Built-in, no configuration needed +βœ“ Caching - Intelligent edge caching +βœ“ DDoS protection - Included automatically + +No manual infrastructure setup, configuration, or management needed! + +What you CAN configure: +- Custom domains: Via Netlify dashboard or API +- Build settings: Automatically detected or via netlify.toml +- Environment variables: /devops:config or Netlify dashboard +- Redirect rules: Via netlify.toml or _redirects file +- Headers: Via netlify.toml or _headers file + +To view Netlify infrastructure status: /devops:status infra + +πŸ’‘ For platforms requiring manual infrastructure (AWS, GCP, Azure), + this plugin will support infrastructure-as-code in future releases. + +Current platforms needing /devops:infra: None (Netlify is fully managed) +Coming soon: AWS (CloudFormation), GCP (Deployment Manager), Azure (ARM) +``` + +Then STOP. + +--- + +**Why This Command Isn't Needed for Netlify**: + +Netlify is a Platform-as-a-Service (PaaS) that abstracts away all infrastructure management: + +**Traditional Cloud (AWS, GCP, Azure)**: +- You manage: VMs, containers, load balancers, networks, databases, storage +- You configure: Auto-scaling, health checks, SSL certificates, CDN +- You monitor: Server health, resource utilization, costs +- You update: OS patches, security updates, application deployments + +**Netlify (Managed Platform)**: +- Netlify manages: Everything above automatically +- You focus on: Your application code +- You deploy: Via git push or CLI +- Infrastructure: Invisible, automatic, global + +**What Netlify Handles Automatically**: +1. **CDN**: 200+ points of presence globally +2. **SSL/TLS**: Free certificates, auto-renewed +3. **Scaling**: Automatic, unlimited traffic +4. **Security**: DDoS protection, firewall, headers +5. **Performance**: Edge caching, asset optimization +6. **Availability**: 99.99% SLA, multi-region failover +7. **Monitoring**: Built-in analytics and logs + +**When You WOULD Use /devops:infra**: +- AWS: Create VPC, EC2 instances, RDS databases, load balancers +- GCP: Set up Compute Engine, Cloud SQL, networking +- Azure: Provision App Services, Virtual Networks, databases + +**When You DON'T Need /devops:infra**: +- Netlify: Everything is managed automatically +- Vercel: Same as Netlify, fully managed + +**Future Support**: +This command will be available when AWS, GCP, or Azure support is added to the plugin. +Until then, it's not needed for Netlify deployments. diff --git a/commands/init.md b/commands/init.md new file mode 100644 index 0000000..aaf3aa4 --- /dev/null +++ b/commands/init.md @@ -0,0 +1,114 @@ +# DevOps Plugin - Initialize Configuration + +You are initializing DevOps configuration for a project. + +## Task: Initialize DevOps Configuration + +The user wants to set up DevOps automation for their project. Guide them through configuration setup. + +### Step 1: Check for Existing Configuration + +1. Check if `.devops/config.json` exists in the project root +2. If it exists: + - Ask user: "DevOps configuration already exists. Do you want to overwrite it?" + - If no, STOP + - If yes, continue + +### Step 2: Platform Information + +**IMPORTANT**: This plugin currently supports **Netlify deployments only**. +AWS, GCP, Azure, and Vercel support is in development and will be added in future releases. + +Show this message to the user: +``` +πŸ“¦ DevOps Plugin - Netlify Setup + +This plugin currently supports Netlify deployments only. +Other platforms (AWS, GCP, Azure, Vercel) are in development. + +Prerequisites: +βœ“ Netlify account (https://netlify.com) +βœ“ Netlify API token (https://app.netlify.com/user/applications) +βœ“ Compatible project (static sites, Next.js, React, Vue, etc.) +``` + +Use the AskUserQuestion tool to ask: + +**Question 1**: "Ready to set up Netlify deployment?" +- Description: "Netlify provides automated builds and deployments for modern web projects" +- Options: + - "Yes, set up Netlify" + - "No, I'll wait for other platforms" +- Header: "Setup" +- Multi-select: false + +If user selects "No, I'll wait for other platforms": +- Show: "Run /devops:init when you're ready to set up Netlify deployment. We'll notify you when AWS, GCP, Azure, and Vercel support is available." +- STOP + +If user selects "Yes, set up Netlify": + +**Question 2**: "How should secrets be managed?" +- Description: "Your Netlify API token will be stored securely" +- Options: + - "Local encrypted storage (recommended - AES-256 encryption)" + - "Manual (I'll provide via environment variables)" +- Header: "Secrets" +- Multi-select: false + +**Auto-set values** (no user input needed): +- Platform: "netlify" +- CI/CD: "netlify" (Netlify provides managed builds) + +### Step 3: Create Configuration + +Use the CLI to create configuration with auto-set Netlify platform: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js init \ + --platform "netlify" \ + --cicd "netlify" \ + --secrets "{secrets_mode}" +``` + +The CLI will: +- Create `.devops/` directory +- Generate `config.json` with Netlify-specific settings +- Create `.devops/credentials.enc` (if local secrets mode) +- Generate `netlify-config.json` template +- Initialize deployment tracking + +### Step 4: Display Success and Next Steps + +Show: +``` +βœ“ Netlify deployment configured successfully! + +πŸ“ Configuration: .devops/config.json +🎯 Platform: Netlify +πŸ”§ CI/CD: Netlify (managed builds) +πŸ” Secrets: {secrets_mode} + +Next steps: +1. Configure your Netlify API token: /devops:secrets set +2. Deploy your application: /devops:deploy + +πŸ’‘ Useful commands: + - View configuration: /devops:config + - Check deployment status: /devops:status + - View logs: /devops:logs + - Rollback deployment: /devops:rollback +``` + +### Step 5: Offer to Configure Credentials + +Ask: "Would you like to configure credentials now?" +- If yes, automatically run `/devops:secrets set` +- If no, done + +--- + +**IMPORTANT**: +- Never commit `.devops/credentials.enc` to git (add to .gitignore) +- All CLI operations are zero-token (no Claude involvement) +- Configuration is stored locally in `.devops/` directory diff --git a/commands/logs.md b/commands/logs.md new file mode 100644 index 0000000..c53d352 --- /dev/null +++ b/commands/logs.md @@ -0,0 +1,258 @@ +# DevOps Plugin - View Logs + +You are retrieving and displaying deployment, build, or application logs. + +## Task: View Logs + +The user wants to view logs from deployments, builds, or running applications. + +### Step 1: Verify Configuration + +1. Check if `.devops/config.json` exists +2. Read configuration to determine platform +3. **Validate platform is supported**: + - If platform is NOT "netlify", show error: + ``` + ❌ Platform Not Supported: {platform} + + This plugin currently supports Netlify only. + + To switch to Netlify: /devops:init + + Supported platforms: Netlify + ``` + Then STOP. + +### Step 2: Parse Logs Command + +Parse arguments: +- `/devops:logs` - Show recent application logs (last 100 lines) +- `/devops:logs --lines 500` - Show last N lines +- `/devops:logs --build {build_id}` - Show build logs +- `/devops:logs --deployment {deployment_id}` - Show deployment logs +- `/devops:logs --follow` - Stream logs in real-time +- `/devops:logs --error` - Show only errors +- `/devops:logs --since 1h` - Show logs from last hour + +### Step 3: Fetch Application Logs + +**For `/devops:logs`** (default): + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js logs fetch \ + --type application \ + --lines {lines} \ + --format pretty +``` + +Display: +``` +πŸ“ Application Logs (last {lines} lines) + +Platform: {platform} +Environment: {environment} +Time range: {start_time} to {end_time} + +───────────────────────────────────────── +{timestamp} [INFO] Application started on port 3000 +{timestamp} [INFO] Connected to database +{timestamp} [DEBUG] Processing request: GET /api/users +{timestamp} [INFO] Response sent: 200 OK +{timestamp} [WARN] High memory usage: 85% +{timestamp} [ERROR] Database query timeout +{timestamp} [INFO] Retry successful +───────────────────────────────────────── + +Total: {total_lines} lines +Errors: {error_count} +Warnings: {warning_count} + +πŸ’‘ Filter errors: /devops:logs --error +πŸ’‘ Stream live: /devops:logs --follow +``` + +### Step 4: Fetch Build Logs + +**For `/devops:logs --build {build_id}`**: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js logs fetch \ + --type build \ + --id {build_id} +``` + +Display: +``` +πŸ”¨ Build Logs + +Build ID: {build_id} +Status: {status} +Branch: {branch} +Duration: {duration} + +───────────────────────────────────────── +[00:00] Starting build... +[00:02] Installing dependencies... +[00:15] Running npm install... +[00:45] Dependencies installed (245 packages) +[00:46] Running build script... +[01:20] Compiling TypeScript... +[01:55] Build completed successfully +[01:56] Generating artifacts... +[02:00] Build finished +───────────────────────────────────────── + +Build artifacts: +- app.zip (15.2 MB) +- source-map.json (324 KB) + +Exit code: 0 +``` + +### Step 5: Fetch Deployment Logs + +**For `/devops:logs --deployment {deployment_id}`**: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js logs fetch \ + --type deployment \ + --id {deployment_id} +``` + +Display: +``` +πŸš€ Deployment Logs + +Deployment ID: {deployment_id} +Version: {version} +Environment: {environment} +Status: {status} + +───────────────────────────────────────── +[00:00] Starting deployment... +[00:01] Validating configuration... +[00:02] Uploading artifacts... +[00:15] Artifacts uploaded (15.2 MB) +[00:16] Provisioning resources... +[00:30] Starting application... +[00:45] Health check: passed +[00:46] Deployment complete +───────────────────────────────────────── + +URL: {deployment_url} +Duration: {duration} +``` + +### Step 6: Stream Logs (Follow Mode) + +**For `/devops:logs --follow`**: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js logs stream +``` + +Show: +``` +πŸ“‘ Streaming logs (Ctrl+C to stop)... + +{timestamp} [INFO] Incoming request: GET /api/data +{timestamp} [INFO] Database query executed +{timestamp} [INFO] Response sent: 200 OK +{timestamp} [INFO] Request completed in 45ms +{timestamp} [WARN] Cache miss for key: user_123 +{timestamp} [INFO] Cache refreshed +... (continues streaming) +``` + +Note: In Claude Code, we can't truly stream indefinitely, so: +1. Stream for 30 seconds +2. Ask: "Continue streaming?" + - If yes, stream another 30 seconds + - If no, STOP + +### Step 7: Filter Logs + +**For `/devops:logs --error`**: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js logs fetch \ + --filter error \ + --lines 100 +``` + +Display: +``` +❌ Error Logs (last 100 errors) + +{timestamp} [ERROR] Database connection lost + Stack trace: + at DatabaseManager.connect (db.js:45) + at Server.start (server.js:20) + +{timestamp} [ERROR] Unhandled promise rejection + Error: Timeout waiting for response + at fetch (api.js:102) + +{timestamp} [ERROR] Memory limit exceeded + Current: 512 MB / Limit: 512 MB + +Total errors: {error_count} +Most common: {most_common_error} ({count} occurrences) + +πŸ’‘ View full context: /devops:logs --since 1h +``` + +### Step 8: Time-Based Filtering + +**For `/devops:logs --since {time}`**: + +Supported formats: +- `1h` - Last 1 hour +- `30m` - Last 30 minutes +- `24h` - Last 24 hours +- `2d` - Last 2 days + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js logs fetch \ + --since {time} +``` + +### Step 9: Export Logs + +Offer: "Would you like to save these logs to a file?" +- If yes: + ```bash + node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js logs export \ + --output ".devops/logs/{timestamp}.log" + ``` + + Show: "βœ“ Logs saved to .devops/logs/{timestamp}.log" + +--- + +**Netlify Logs**: + +Netlify provides several types of logs: +1. **Build Logs** - Complete build output with npm install, build script execution, etc. +2. **Function Logs** - Netlify Functions execution logs (if you use serverless functions) +3. **Deploy Logs** - Deployment process logs + +**Available via this plugin**: +- βœ“ Build logs (complete build output) +- βœ“ Deployment logs (deployment status and progress) +- βœ“ Function logs (if functions are deployed) + +**Note**: Real-time application logs require Netlify Functions. +For static sites, only build and deploy logs are available. + +**Log Levels**: +- INFO - General information +- WARN - Warning messages +- ERROR - Error messages + +**IMPORTANT**: +- Logs fetched via Netlify API (zero-token CLI) +- Build logs available for last 50 builds +- Function logs available for last 24 hours +- Real-time streaming has 30s intervals in Claude Code +- Exported logs saved to `.devops/logs/` diff --git a/commands/rollback.md b/commands/rollback.md new file mode 100644 index 0000000..42139a9 --- /dev/null +++ b/commands/rollback.md @@ -0,0 +1,310 @@ +# DevOps Plugin - Rollback Deployment + +You are rolling back a deployment to a previous version. + +## Task: Rollback Deployment + +The user wants to rollback to a previous deployment. This is a critical operation that must be handled carefully. + +### Step 1: Verify Configuration + +1. Check if `.devops/config.json` exists + +2. **Validate platform is supported**: + - Read config and get platform + - If platform is NOT "netlify", show error: + ``` + ❌ Platform Not Supported: {platform} + + This plugin currently supports Netlify only. + + To switch to Netlify: /devops:init + + Supported platforms: Netlify + ``` + Then STOP. + +3. Check if deployments exist: + ```bash + node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js deployments list --json + ``` + +4. If no previous deployments: + ``` + ❌ No previous deployments found + πŸ’‘ Nothing to rollback to + ``` + Then STOP. + +### Step 2: Show Deployment History + +Display recent deployments: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js deployments list --limit 5 +``` + +Show: +``` +πŸ“‹ Recent Deployments + +Current: βœ“ v1.2.3 (deployed 2h ago) - ACTIVE + ID: dep_xyz789 + Status: Healthy + URL: https://app.example.com + +Available rollback targets: +1. v1.2.2 (deployed 1d ago) + ID: dep_abc123 + Status: Stable + Duration: 24h active + +2. v1.2.1 (deployed 3d ago) + ID: dep_def456 + Status: Stable + Duration: 72h active + +3. v1.2.0 (deployed 1w ago) + ID: dep_ghi789 + Status: Stable + Duration: 168h active + +πŸ’‘ Select a version to rollback to +``` + +### Step 3: Select Rollback Target + +Parse command arguments: +- `/devops:rollback` - Rollback to previous version (auto-select v1.2.2) +- `/devops:rollback v1.2.1` - Rollback to specific version +- `/devops:rollback {deployment_id}` - Rollback to specific deployment + +If no target specified, default to previous version. + +### Step 4: Validate Rollback Target + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js deployments validate \ + --id {target_deployment_id} +``` + +Check: +- Target deployment exists +- Target is in stable state +- No breaking changes between current and target +- Platform resources still available + +If validation fails: +``` +❌ Cannot rollback to {target_version} + +Reason: {validation_error} + +πŸ’‘ Try a different version or contact support +``` +Then STOP. + +### Step 5: Show Rollback Impact + +Display impact analysis: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js rollback analyze \ + --from {current_deployment_id} \ + --to {target_deployment_id} +``` + +Show: +``` +⚠️ Rollback Impact Analysis + +Rolling back from v1.2.3 to v1.2.2 + +Changes that will be reverted: + - Feature: New user dashboard + - Fix: Database connection pool leak + - Update: Payment gateway integration + +Database migrations: + ⚠️ 2 migrations will be reverted + - 20240115_add_user_preferences + - 20240116_update_payment_schema + +Configuration changes: + - API_VERSION: 2.3 β†’ 2.2 + - MAX_CONNECTIONS: 100 β†’ 50 + +Potential impacts: + ⚠️ Users will lose access to new dashboard + ⚠️ Database schema will change + βœ“ No data loss expected + +Estimated downtime: ~30 seconds +``` + +### Step 6: Confirm Rollback + +⚠️ **CRITICAL CONFIRMATION** + +Ask for confirmation: +``` +⚠️ Confirm Rollback + +You are about to rollback: +FROM: v1.2.3 (current) +TO: v1.2.2 + +This will: +- Revert code changes +- Rollback database migrations +- Reset configuration +- Cause brief downtime (~30s) + +Type 'ROLLBACK' to confirm: +``` + +If not exactly "ROLLBACK", STOP. + +### Step 7: Create Backup + +Before rollback, create backup: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js backup create \ + --deployment {current_deployment_id} \ + --reason "pre-rollback" +``` + +Show: +``` +πŸ’Ύ Creating backup... +βœ“ Backup created: .devops/backups/{timestamp}/ +``` + +### Step 8: Execute Rollback + +Execute rollback: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js rollback execute \ + --to {target_deployment_id} \ + --track +``` + +Stream progress: +``` +πŸ”„ Rolling back deployment... + +[00:00] Starting rollback... +[00:01] Stopping current deployment... +[00:05] Current deployment stopped +[00:06] Restoring previous version... +[00:15] Code reverted to v1.2.2 +[00:16] Rolling back database migrations... +[00:25] Database rolled back +[00:26] Updating configuration... +[00:28] Starting application... +[00:35] Health check: passed +[00:36] Rollback complete +``` + +### Step 9: Verify Rollback + +Run post-rollback verification: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js verify-deployment \ + --id {target_deployment_id} +``` + +Show results: +``` +βœ“ Rollback successful! + +Current deployment: + Version: v1.2.2 + Status: Healthy + URL: https://app.example.com + +Verification: + βœ“ Application responding + βœ“ Database connected + βœ“ Health checks passing + βœ“ No errors in logs + +Previous deployment (v1.2.3): + Status: Terminated + Backup: .devops/backups/{timestamp}/ + +πŸ’‘ Monitor: /devops:status +πŸ’‘ View logs: /devops:logs +πŸ’‘ If issues persist, rollback further: /devops:rollback v1.2.1 +``` + +### Step 10: Record Rollback + +Rollback is automatically recorded: +- Added to `.devops/deployments.json` +- Logged in `.devops/rollback-history.json` +- Backup preserved in `.devops/backups/` + +### Step 11: Handle Rollback Failure + +If rollback fails: +``` +❌ Rollback failed! + +Error: {error_message} +Failed step: {failed_step} + +Emergency recovery: +1. Backup is safe: .devops/backups/{timestamp}/ +2. Current state: {current_state} +3. Manual intervention required + +πŸ’‘ Contact platform support immediately +πŸ“ Include rollback ID: {rollback_id} +``` + +Then attempt emergency recovery: +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js emergency-recover \ + --rollback-id {rollback_id} +``` + +--- + +**Netlify Rollback**: + +Netlify rollback is **instant** and **zero-downtime**: +- Simply activates a previous deployment +- Atomic traffic swap (no downtime) +- All previous deployments remain available +- Can rollback to any previous deployment instantly + +**How it works**: +1. Netlify keeps all your previous deployments +2. Rollback just makes a previous deployment the "published" one +3. No rebuild required (uses cached build) +4. Changes take effect immediately (typically < 1 second) + +**Simplified for Netlify**: +- ❌ No database migrations (static sites/JAMstack) +- ❌ No complex infrastructure changes +- ❌ No downtime during rollback +- βœ“ Instant rollback +- βœ“ Can rollback multiple times +- βœ“ Can "roll forward" to newer deployment if needed + +**IMPORTANT**: +- Rollback is instant (atomic traffic swap) +- Previous deployments never deleted (available indefinitely) +- Can rollback to any deployment in history +- If using Netlify Functions, function code is also rolled back +- If using environment variables, they are NOT rolled back (managed separately) + +**BEST PRACTICES**: +- Monitor application closely after rollback +- Rollback is safe and reversible (can activate newer version again) +- Document reason for rollback in deployment notes +- Check environment variables haven't changed between versions diff --git a/commands/secrets.md b/commands/secrets.md new file mode 100644 index 0000000..7ab6317 --- /dev/null +++ b/commands/secrets.md @@ -0,0 +1,465 @@ +# DevOps Plugin - Secrets Management + +You are managing secrets and credentials for deployments. + +## Task: Manage Secrets + +The user wants to set, get, or manage secrets. **CRITICAL**: Handle secrets securely and never log them. + +--- + +## Quick Start: Netlify Token Setup + +**If user just ran `/devops:init` and needs to set up Netlify token:** + +1. Show this message first: +``` +πŸ” Netlify API Token Setup + +You need a Netlify API token to deploy. This will be stored encrypted locally. + +πŸ“ Get your token: https://app.netlify.com/user/applications + β†’ Click "New access token" + β†’ Name it: "Claude DevOps Plugin" + β†’ Copy the token (starts with "nfp_...") + +⚑ Quick setup: +``` + +2. Use the AskUserQuestion tool to ask: + **Question**: "Do you have your Netlify API token ready?" + **Options**: + - "Yes, I have my token" β†’ Continue to Step 3 + - "No, I'll get it now" β†’ Show URL again and wait + +3. Ask for the token value: + "Paste your Netlify API token: (starts with nfp_...)" + + ⚠️ Security note: Input will be visible in chat. + For maximum security, use CLI: `node cli/devops-cli.js secrets set --name NETLIFY_API_TOKEN --value ` + +4. Set the secret via CLI: + ```bash + node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js secrets set \ + --name "NETLIFY_API_TOKEN" \ + --value "{token}" + ``` + +5. **IMPORTANT: Validate token immediately** using netlify-validator: + ```bash + node -e " + const validator = require('${CLAUDE_PLUGIN_ROOT}/cli/lib/validators/netlify-validator'); + validator.validateToken('{token}').then(result => { + console.log(JSON.stringify(result, null, 2)); + }); + " + ``` + +6. Show result based on validation: + - If valid: + ``` + βœ“ Token validated successfully! + βœ“ Connected to Netlify as: {email} + βœ“ Token encrypted and stored locally + + Next steps: + 1. Deploy your app: /devops:deploy + 2. Check status: /devops:status + ``` + + - If invalid: + ``` + ❌ Token validation failed + + Common issues: + - Token might be expired + - Token might be incorrect + - Check your internet connection + + πŸ’‘ Get a new token: https://app.netlify.com/user/applications + πŸ’‘ Try again: /devops:secrets set + ``` + +--- + +### Step 1: Check Configuration + +1. Check if `.devops/config.json` exists +2. Read secrets mode: + ```bash + node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js config get --key secrets_mode + ``` + +### Step 2: Parse Secrets Command + +Parse subcommand: +- `/devops:secrets set` - Set/update a secret +- `/devops:secrets get {name}` - Get a secret (masked) +- `/devops:secrets list` - List all secret names (not values!) +- `/devops:secrets delete {name}` - Delete a secret +- `/devops:secrets validate` - Validate all secrets +- `/devops:secrets rotate {name}` - Rotate a secret +- `/devops:secrets sync` - Sync with external provider + +### Step 3: Set Secret + +**For `/devops:secrets set`**: + +⚠️ **SECURITY CRITICAL** + +1. Ask for secret name: + "What is the secret name? (e.g., DATABASE_PASSWORD, API_KEY)" + +2. Ask for secret value: + "Enter the secret value: (will not be displayed)" + + **IMPORTANT**: In Claude Code, we can't hide input, so warn user: + ``` + ⚠️ Security Note: Your input will be visible in the chat + For maximum security, use environment variables or direct CLI input + + Alternative: Set via CLI directly: + $ node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js secrets set \ + --name {name} --value {value} + ``` + +3. Ask to proceed or use CLI: + - If "Use CLI", provide command and STOP + - If "Proceed", continue (but warn again) + +4. Set secret via CLI: + ```bash + node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js secrets set \ + --name "{name}" \ + --value "{value}" \ + --mode "{secrets_mode}" + ``` + + **Secrets Mode Handling**: + - **local**: Encrypt and store in `.devops/credentials.enc` + - **aws**: Store in AWS Secrets Manager + - **gcp**: Store in GCP Secret Manager + - **azure**: Store in Azure Key Vault + - **manual**: Just validate format, don't store + +5. Show confirmation: + ``` + βœ“ Secret set successfully + + Name: {name} + Mode: {secrets_mode} + Storage: {storage_location} + Encrypted: βœ“ + + πŸ’‘ Validate: /devops:secrets validate + πŸ’‘ Use in deployment: Environment variable {name} + ``` + +### Step 4: Get Secret (Masked) + +**For `/devops:secrets get {name}`**: + +⚠️ **NEVER display full secret values in chat** + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js secrets get \ + --name "{name}" \ + --masked +``` + +Display: +``` +πŸ” Secret: {name} + +Value: {first_4_chars}β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’{last_4_chars} +Length: {length} characters +Type: {type} (e.g., API key, password, token) +Storage: {storage_location} +Created: {created_timestamp} +Last rotated: {last_rotated} + +⚠️ Full value not shown for security +πŸ’‘ To use: Reference as environment variable ${name} +πŸ’‘ Rotate: /devops:secrets rotate {name} +``` + +Example: +``` +πŸ” Secret: DATABASE_PASSWORD + +Value: postβ€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’rd123 +Length: 24 characters +Type: password +Storage: AWS Secrets Manager +Created: 2024-01-15 10:30 +Last rotated: Never + +⚠️ Full value not shown for security +``` + +### Step 5: List Secrets + +**For `/devops:secrets list`**: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js secrets list +``` + +Display: +``` +πŸ” Secrets Inventory + +Total secrets: {count} +Storage mode: {secrets_mode} + +Secrets: +1. DATABASE_PASSWORD + Type: password + Created: 2024-01-15 + Status: βœ“ Valid + +2. API_KEY_STRIPE + Type: api-key + Created: 2024-01-16 + Status: βœ“ Valid + +3. JWT_SECRET + Type: token + Created: 2024-01-10 + Status: ⚠️ Expiring soon + +4. AWS_ACCESS_KEY + Type: access-key + Created: 2024-01-12 + Status: βœ“ Valid + +⚠️ 1 secret needs attention +πŸ’‘ Rotate expiring secrets: /devops:secrets rotate JWT_SECRET +πŸ’‘ Add new secret: /devops:secrets set +``` + +### Step 6: Delete Secret + +**For `/devops:secrets delete {name}`**: + +⚠️ **DESTRUCTIVE OPERATION** + +1. Confirm deletion: + ``` + ⚠️ Delete Secret: {name} + + This will permanently delete: + - Secret value + - Secret metadata + - All references + + Applications using this secret will fail! + + Type 'DELETE' to confirm: + ``` + +2. If not "DELETE", STOP + +3. Delete secret: + ```bash + node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js secrets delete \ + --name "{name}" \ + --confirm + ``` + +4. Show result: + ``` + βœ“ Secret deleted: {name} + + πŸ’Ύ Backup saved: .devops/secrets-backup/{timestamp}/{name}.enc + + ⚠️ Remember to: + - Update application code + - Remove environment variable references + - Deploy updated configuration + ``` + +### Step 7: Validate Secrets + +**For `/devops:secrets validate`**: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js secrets validate --all +``` + +Display validation results: +``` +πŸ” Validating secrets... + +DATABASE_PASSWORD: + βœ“ Encrypted properly + βœ“ Accessible + βœ“ Format valid + βœ“ Length sufficient (24 chars) + +API_KEY_STRIPE: + βœ“ Encrypted properly + βœ“ Accessible + ⚠️ Format warning: Should start with 'sk_' + βœ“ Length sufficient + +JWT_SECRET: + βœ“ Encrypted properly + βœ“ Accessible + βœ“ Format valid + ⚠️ Expiring in 7 days (recommend rotation) + +AWS_ACCESS_KEY: + βœ“ Encrypted properly + βœ“ Accessible + βœ“ Format valid (matches AWS pattern) + βœ“ Still valid with AWS + +Overall: 4/4 accessible, 2 warnings + +πŸ’‘ Fix warnings for best security +``` + +### Step 8: Rotate Secret + +**For `/devops:secrets rotate {name}`**: + +1. Show rotation options: + ``` + πŸ”„ Rotate Secret: {name} + + Choose rotation method: + 1. Auto-generate new value + 2. Manually provide new value + 3. Use external provider rotation + ``` + +2. Based on choice: + + **Auto-generate**: + ```bash + node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js secrets rotate \ + --name "{name}" \ + --auto-generate \ + --length 32 + ``` + + **Manual**: + Ask for new value and set like `/devops:secrets set` + + **Provider rotation** (AWS/GCP/Azure): + ```bash + node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js secrets rotate \ + --name "{name}" \ + --provider-managed + ``` + +3. Show result: + ``` + βœ“ Secret rotated: {name} + + Old value: Archived + New value: Set and encrypted + Backup: .devops/secrets-backup/{timestamp}/{name}.enc + + ⚠️ Next steps: + 1. Update applications to use new value + 2. Deploy updated configuration + 3. Monitor for auth errors + 4. Remove old value after verification + + πŸ’‘ Old value available for 24h in backup + ``` + +### Step 9: Sync with External Provider + +**For `/devops:secrets sync`**: + +Sync local secrets with external provider: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js secrets sync \ + --provider "{secrets_mode}" +``` + +Display: +``` +πŸ”„ Syncing secrets with {provider}... + +Local secrets: {local_count} +Remote secrets: {remote_count} + +Sync operations: +↓ Pull from remote: {pull_count} secrets + - NEW_SECRET_1 + - UPDATED_SECRET_2 + +↑ Push to remote: {push_count} secrets + - LOCAL_SECRET_1 + +β†’ No change: {unchanged_count} secrets + +Proceed with sync? +``` + +If yes: +``` +βœ“ Sync completed + +↓ Pulled: {pull_count} +↑ Pushed: {push_count} +β†’ Unchanged: {unchanged_count} + +All secrets synchronized +``` + +--- + +**Secrets Storage Modes**: + +**Local Mode** (`.devops/credentials.enc`): +- AES-256 encryption +- Master key in environment variable +- Suitable for development +- ⚠️ Not recommended for production + +**AWS Secrets Manager**: +- AWS-managed encryption (KMS) +- Auto-rotation support +- Fine-grained access control +- Versioning included + +**GCP Secret Manager**: +- Google-managed encryption +- IAM-based access control +- Automatic replication +- Version history + +**Azure Key Vault**: +- Azure-managed encryption +- RBAC access control +- Soft-delete protection +- Version tracking + +**Manual Mode**: +- No storage in plugin +- User provides at deployment time +- Most secure (no persistence) +- Requires manual input each time + +**SECURITY BEST PRACTICES**: + +1. **Never log secrets**: All CLI operations use `--no-log` flag +2. **Rotate regularly**: Recommend 90-day rotation +3. **Use strong secrets**: Min 16 chars, mixed characters +4. **Limit access**: Only necessary secrets per environment +5. **Monitor usage**: Track secret access in provider logs +6. **Backup safely**: Encrypted backups in `.devops/secrets-backup/` +7. **Delete old versions**: After rotation and verification + +**IMPORTANT**: +- Secrets are NEVER committed to git +- `.devops/credentials.enc` is in `.gitignore` +- All CLI secret operations are zero-token +- Secrets are encrypted at rest +- Full audit trail in `.devops/secrets-audit.log` diff --git a/commands/status.md b/commands/status.md new file mode 100644 index 0000000..300c2d6 --- /dev/null +++ b/commands/status.md @@ -0,0 +1,216 @@ +# DevOps Plugin - Deployment Status + +You are checking deployment and infrastructure status. + +## Task: Check Deployment Status + +The user wants to check the status of deployments, builds, or infrastructure. + +### Step 1: Verify Configuration + +1. Check if `.devops/config.json` exists +2. If not, show: + ``` + ❌ DevOps not initialized + πŸ’‘ Run /devops:init to get started + ``` + Then STOP. + +3. **Validate platform is supported**: + - Read config and get platform + - If platform is NOT "netlify", show error: + ``` + ❌ Platform Not Supported: {platform} + + This plugin currently supports Netlify only. + + To switch to Netlify: + 1. Reconfigure: /devops:init + 2. Or update manually: /devops:config set platform netlify + + Supported platforms: Netlify + ``` + Then STOP. + +### Step 2: Parse Status Command + +Parse arguments: +- `/devops:status` - Show overall status +- `/devops:status deployment` - Show deployment status only +- `/devops:status build` - Show build status only +- `/devops:status infra` - Show infrastructure status only + +### Step 3: Get Overall Status + +**For `/devops:status`** (no args): + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js status --all --json +``` + +Display comprehensive status: +``` +πŸ“Š DevOps Status Overview + +Platform: {platform} +Environment: {environment} +Last updated: {timestamp} + +πŸš€ Deployment + Status: {deployment_status} + Version: {current_version} + Deployed: {deployment_time} + URL: {deployment_url} + +πŸ”¨ Last Build + Status: {build_status} + Branch: {branch} + Commit: {commit_hash} + Duration: {build_duration} + +πŸ—οΈ Infrastructure + Status: {infra_status} + Resources: {resource_count} active + Health: {health_score}/100 + Cost (MTD): ${cost} + +πŸ“ˆ Metrics (Last 24h) + Requests: {request_count} + Errors: {error_count} ({error_rate}%) + Avg Response: {avg_response_time}ms + +πŸ’‘ Quick actions: + - Deploy: /devops:deploy + - View logs: /devops:logs + - Rollback: /devops:rollback +``` + +### Step 4: Get Deployment Status + +**For `/devops:status deployment`**: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js status deployment --json +``` + +Display: +``` +πŸš€ Deployment Status + +Current Deployment: + ID: {deployment_id} + Version: {version} + Environment: {environment} + Status: {status} + Deployed: {timestamp} + URL: {url} + +Health Checks: + Endpoint: {endpoint} + Status: {health_status} + Last check: {last_check} + Uptime: {uptime}% + +Recent Deployments: +1. v{version1} - {time1} - {status1} +2. v{version2} - {time2} - {status2} +3. v{version3} - {time3} - {status3} + +πŸ“ Full history: .devops/deployments.json +``` + +### Step 5: Get Build Status + +**For `/devops:status build`**: + +```bash +node ${CLAUDE_PLUGIN_ROOT}/cli/devops-cli.js status build --json +``` + +Display: +``` +πŸ”¨ Build Status + +Latest Build: + ID: {build_id} + Status: {status} + Branch: {branch} + Commit: {commit} + Triggered: {timestamp} + Duration: {duration} + +Build History (last 5): +1. #{build1} - {status1} - {branch1} - {time1} +2. #{build2} - {status2} - {branch2} - {time2} +3. #{build3} - {status3} - {branch3} - {time3} +4. #{build4} - {status4} - {branch4} - {time4} +5. #{build5} - {status5} - {branch5} - {time5} + +Success rate (last 30 builds): {success_rate}% + +πŸ”— CI/CD Dashboard: {dashboard_url} +``` + +### Step 6: Get Infrastructure Status + +**For `/devops:status infra`**: + +**Note**: Netlify is a managed platform - infrastructure is handled automatically. + +Show: +``` +πŸ—οΈ Netlify Infrastructure (Managed) + +Platform: Netlify +Status: Fully Managed + +Netlify handles all infrastructure automatically: + βœ“ Global CDN - Automatic edge distribution + βœ“ SSL/TLS - Auto-provisioned and renewed + βœ“ DNS - Managed DNS available + βœ“ Build servers - Automatic scaling + βœ“ Serverless functions - Auto-deployed + +Site Information: + Site ID: {site_id} + Site Name: {site_name} + URL: {site_url} + Custom Domain: {custom_domain or "Not configured"} + +Build Configuration: + Build command: {build_command} + Publish directory: {publish_dir} + Node version: {node_version} + +πŸ’‘ Netlify manages infrastructure for you +πŸ’‘ No manual infrastructure setup needed +πŸ’‘ View Netlify dashboard: https://app.netlify.com/sites/{site_name} +``` + +### Step 7: Handle Errors + +If status check fails: +``` +❌ Failed to retrieve status + +Error: {error_message} + +Troubleshooting: +- Check credentials: /devops:secrets validate +- Verify connectivity: ping {platform_endpoint} +- View logs: /devops:logs --recent +``` + +--- + +**Auto-Refresh Option**: + +If user wants real-time monitoring, offer: +"Would you like to monitor status in real-time?" +- If yes, run monitoring loop (refresh every 10s) +- If no, show static status + +**IMPORTANT**: +- All status data fetched via zero-token CLI +- Status cached for 30 seconds to reduce API calls +- Metrics aggregated from platform APIs diff --git a/hooks/hooks.json b/hooks/hooks.json new file mode 100644 index 0000000..5888733 --- /dev/null +++ b/hooks/hooks.json @@ -0,0 +1,13 @@ +{ + "PreToolUse": [ + { + "matcher": "*", + "hooks": [ + { + "type": "command", + "command": "node ${CLAUDE_PLUGIN_ROOT}/hooks/pre-deployment-check.js" + } + ] + } + ] +} diff --git a/hooks/pre-deployment-check.js b/hooks/pre-deployment-check.js new file mode 100755 index 0000000..f51b5b9 --- /dev/null +++ b/hooks/pre-deployment-check.js @@ -0,0 +1,221 @@ +#!/usr/bin/env node + +/** + * Pre-Deployment Safety Check Hook + * + * Runs before tool execution to validate deployment readiness. + * Prevents deployments with missing credentials, uncommitted changes, etc. + */ + +const fs = require('fs'); +const path = require('path'); + +// Read event data from stdin +let inputData = ''; +try { + inputData = fs.readFileSync(0, 'utf8').trim(); +} catch (error) { + // Silent exit if no input + process.exit(0); +} + +// Parse event data +let eventData; +try { + eventData = JSON.parse(inputData); +} catch (error) { + // Invalid JSON, silent exit + process.exit(0); +} + +/** + * Check if DevOps plugin is initialized + */ +function isDevOpsInitialized() { + const configPath = path.join(process.cwd(), '.devops', 'config.json'); + return fs.existsSync(configPath); +} + +/** + * Check if deployment is in progress + */ +function isDeploymentCommand(eventData) { + const toolName = eventData.toolName || ''; + const args = eventData.args || {}; + + // Check if SlashCommand tool is being used with deployment commands + if (toolName === 'SlashCommand') { + const command = args.command || ''; + return command.startsWith('/devops:deploy') || + command.startsWith('/devops:infra') || + command.startsWith('/devops:rollback'); + } + + return false; +} + +/** + * Validate git repository status + */ +function checkGitStatus() { + try { + const { execSync } = require('child_process'); + + // Check if git repo exists + try { + execSync('git rev-parse --git-dir', { stdio: 'ignore' }); + } catch { + return { valid: true, warning: 'Not a git repository' }; + } + + // Check for uncommitted changes + const status = execSync('git status --porcelain', { encoding: 'utf8' }); + + if (status.trim()) { + return { + valid: false, + error: 'Uncommitted changes detected', + message: 'Please commit or stash changes before deploying' + }; + } + + return { valid: true }; + } catch (error) { + return { valid: true, warning: 'Could not check git status' }; + } +} + +/** + * Check if credentials are configured + */ +function checkCredentials() { + if (!isDevOpsInitialized()) { + return { valid: true }; // Skip if not initialized + } + + const configPath = path.join(process.cwd(), '.devops', 'config.json'); + + try { + const config = JSON.parse(fs.readFileSync(configPath, 'utf8')); + const secretsMode = config.secrets?.mode || 'manual'; + + if (secretsMode === 'local') { + const credentialsPath = path.join(process.cwd(), '.devops', 'credentials.enc'); + if (!fs.existsSync(credentialsPath)) { + return { + valid: false, + error: 'No credentials configured', + message: 'Run /devops:secrets set to configure credentials' + }; + } + } + + return { valid: true }; + } catch (error) { + return { valid: true, warning: 'Could not validate credentials' }; + } +} + +/** + * Main hook execution + */ +function main() { + // Only run checks for deployment commands + if (!isDeploymentCommand(eventData)) { + // Not a deployment command, allow execution + const output = { + hookSpecificOutput: {} + }; + console.log(JSON.stringify(output)); + process.exit(0); + return; + } + + // Check if DevOps is initialized + if (!isDevOpsInitialized()) { + // Not initialized, allow execution (init command will handle it) + const output = { + hookSpecificOutput: {} + }; + console.log(JSON.stringify(output)); + process.exit(0); + return; + } + + // Run safety checks + const checks = { + git: checkGitStatus(), + credentials: checkCredentials() + }; + + // Collect errors and warnings + const errors = []; + const warnings = []; + + for (const [checkName, result] of Object.entries(checks)) { + if (!result.valid && result.error) { + errors.push({ + check: checkName, + error: result.error, + message: result.message + }); + } + if (result.warning) { + warnings.push({ + check: checkName, + warning: result.warning + }); + } + } + + // If there are errors, block execution + if (errors.length > 0) { + const errorMessages = errors.map(e => + `❌ ${e.error}: ${e.message}` + ).join('\n'); + + const output = { + hookSpecificOutput: { + additionalContext: `⚠️ Pre-Deployment Check Failed\n\n${errorMessages}\n\nπŸ’‘ Fix these issues before deploying` + }, + blocked: true, + blockMessage: 'Deployment blocked by safety checks' + }; + console.log(JSON.stringify(output)); + process.exit(1); + return; + } + + // If there are warnings, show them but allow execution + if (warnings.length > 0) { + const warningMessages = warnings.map(w => + `⚠️ ${w.warning}` + ).join('\n'); + + const output = { + hookSpecificOutput: { + additionalContext: `⚠️ Pre-Deployment Warnings\n\n${warningMessages}\n\nβœ“ Proceeding with deployment` + } + }; + console.log(JSON.stringify(output)); + process.exit(0); + return; + } + + // All checks passed + const output = { + hookSpecificOutput: { + additionalContext: 'βœ“ Pre-deployment checks passed' + } + }; + console.log(JSON.stringify(output)); + process.exit(0); +} + +// Run main function +try { + main(); +} catch (error) { + // Silent exit on any error to avoid blocking Claude Code + process.exit(0); +} diff --git a/plugin.lock.json b/plugin.lock.json new file mode 100644 index 0000000..5056bc9 --- /dev/null +++ b/plugin.lock.json @@ -0,0 +1,85 @@ +{ + "$schema": "internal://schemas/plugin.lock.v1.json", + "pluginId": "gh:awudevelop/claude-plugins:devops", + "normalized": { + "repo": null, + "ref": "refs/tags/v20251128.0", + "commit": "feb4ad30d1a27c1ce731fe669fe8ad58f258d775", + "treeHash": "948620eb1f353d361aca880fab1c59fb30261d9ee7158b90c87dd53141889136", + "generatedAt": "2025-11-28T10:14:05.830388Z", + "toolVersion": "publish_plugins.py@0.2.0" + }, + "origin": { + "remote": "git@github.com:zhongweili/42plugin-data.git", + "branch": "master", + "commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390", + "repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data" + }, + "manifest": { + "name": "devops", + "description": "v1.0.1 - DevOps automation for Netlify deployments with encrypted secrets management, automatic validation, and instant rollback. Zero-token CLI operations with hybrid token authentication. AWS, GCP, Azure, and Vercel support coming soon.", + "version": "1.0.1" + }, + "content": { + "files": [ + { + "path": "README.md", + "sha256": "534ba4b4d81d6c60056261e6fdbad5aa94c218c8830743daf76de7b411851dd3" + }, + { + "path": "hooks/hooks.json", + "sha256": "e85e1ebab5720c1e8a8cd4d2cebab4beb49d311645264511e5fbcae3003b2bcf" + }, + { + "path": "hooks/pre-deployment-check.js", + "sha256": "c93a193fe03fced056271cdf41996c7c8c04f97e8fc255137d2db77d3a385afe" + }, + { + "path": ".claude-plugin/plugin.json", + "sha256": "db335d076d631467debd7754e91963d95b7846042ecf46da4e9559130d25e715" + }, + { + "path": "commands/secrets.md", + "sha256": "e5216cafc69f2ed66d54ffeb071bd2f25e48bae8b588a0756634f4f11817b1e5" + }, + { + "path": "commands/logs.md", + "sha256": "720d3cac42f6fd0d59bcea84d87ad552b925e3be11d461414c7f991ff307f00c" + }, + { + "path": "commands/status.md", + "sha256": "e9bb417a8f340e9e1864a6d70414e590e00b57666340471e8e75f07968275a4a" + }, + { + "path": "commands/infra.md", + "sha256": "ee849d78a9d66a0448c7f479ab675bb82537025f673c2455f912230066637015" + }, + { + "path": "commands/init.md", + "sha256": "e15d5fac9f4ada1218e0dd1bb382922973bf3160c6353f401e3b6b13196a1ffc" + }, + { + "path": "commands/config.md", + "sha256": "5c082e28181648bc0ed1bfc0b96d483c167ebae7eb51788d37dec524e5f3b88e" + }, + { + "path": "commands/deploy.md", + "sha256": "41f41839317845abdbd43e2b98f92082b9905d8be2313064e4d115a1e717de1b" + }, + { + "path": "commands/build.md", + "sha256": "d2c9791681180339b3bd83d30a9390a20ed5a87a45c9e6cce1c36235b4901d4d" + }, + { + "path": "commands/rollback.md", + "sha256": "4047e44c323de00ee91ad813114418c283deda79fba47905ccdefe9c4f6da945" + } + ], + "dirSha256": "948620eb1f353d361aca880fab1c59fb30261d9ee7158b90c87dd53141889136" + }, + "security": { + "scannedAt": null, + "scannerVersion": null, + "flags": [] + } +} \ No newline at end of file