Kevin/v1.1.0 (#63)

* feat: Added includeSensitive flag for remote inits

* feat: Added distro filtering

* feat: Add verbosity toggle

* feat: Add defaulting to plain reporter if tty is not available

* feat: Added auto approve flag for scripts

* feat: Added toggle for adding sudo password during apply

* feat: Added toggle for adding sudo password during apply

* feat: Changed to custom component

* feat: Changed to custom components intead of inkjs

* feat: Added checking state to password input

* Made the password input for plugins un-cancellable

* Made updateRenderState async and render to nothing first to avoid memory crashes.

Improved the progress output for destroy

* Couple of fixes:
- Previous sudo check blocked the main thread
- Move title of sudo inside of the box
- Make sure not to cache password for regular plugin requests

* Refactoring to fix structural issues and improvements

* feat: Added sudoAskpass support. Removed unnecessary log event emitter. Changed raw logs to not be cyan

* feat: Refactoring setRawMode and disableRawMode into the reporter

* fix: Fix password dialog not disappearing for plugin sudo requests

* feat: Add verbosity level for commands ran on local cli

* feat: Improved log output

* feat: Improved log output (add strip ansi)

* feat: Added CLI version to plugin search. This gates breaking changes and prevents them from breaking older versions

* feat: Added terminal resize handler

* Kevin/improved errors (#61)

* feat: Improved apply validation errors

* feat: Refactored to share the same plugin error type. Use the reporter to determine how to present it.

* fix: Fixed display functions to be async

* feat: Improve the copy and formatting for apply validation error. Fix pretty print error for NOOP. Added to CLAUDE.md

* feat: Improved copy again

* feat: Added partial applys. If a resource fails to apply, skip it and all transitive dependent resources. Apply un-related resources.

* feat: Further refactored the error messages. Combined it with a final display message change. The final display message will now tell the user a list of all changes that were made.

* feat: refactored the code so that the final apply message is handled entirely inside the reporters.

* feat: Additional refactoring. Cleaned up dead APPLY_VALIDATION_ERROR dead code. Moved rendering logic to the ApplyComplete component instead.

* fix: Fix /etc/os-release not present

* Kevin/improve launcher-and-destroy (#62)

* feat: Patch the launcher script to handle simple tasks so that the NodeJS startup delay is less noticeable.

* fix: For unescaped brackets in the patch file

* fix: Added static help files for top level commands as well: codify apply, codify plan, codify ...

* feat: Patch the NodeJS subshell launch in the bin script as well. Replace with exec

* feat: Added MacOS pkg installer patching as well. Removed it from the pkg script.

* feat: Added destroy to connect

* feat: Improved subprogress display

* feat: Improved edit to install the codify desktop app instead

* feat: refactored and improve the new edit changes

* feat: improve installation script to create /usr/local/bin if it doesn't exist

* feat: added another QOL change to prevent sleep while codify apply or destroy is running

* feat: improved text for sudo password and progress display

* feat: added status effects for sub-progresses

* fix: ws.close instead of ws.terminate. Improved progress display

* feat: added skip banner flag to init command

* feat: add test fixes

* feat: add skip banner flag to connect

* feat: added additional commands to quick launch message

* feat: added log messages for any commands that failed

* feat: improved error logs. Made it visually more appealing

* feat: improve the summary list to remove noops and skips

* feat: remove applying from log...

Author: kevinwang5658

.gitignore

@@ -11,3 +11,4 @@
 node_modules
 oclif.manifest.json
 .env
+.codify-files

CLAUDE.md

@@ -184,4 +184,27 @@ Parent Process              Plugin Process
 3. **Plugin IPC**: Plugins cannot directly read stdin (security isolation)
 4. **Sudo Caching**: Password cached in memory during session unless `--secure` flag used
 5. **File Watcher**: Use `persistent: false` option to prevent hanging processes
-6. **Linting**: ESLint enforces single quotes, specific import ordering, and strict type safety
+6. **Linting**: ESLint enforces single quotes, specific import ordering, and strict type safety
+7. **Reporter display methods are async**: All `Reporter` interface display methods (`displayPlan`, `displayImportResult`, `displayFileModifications`, `displayMessage`, `displayPluginError`) return `Promise<void>`. Always `await` them at call sites — `DefaultReporter.updateRenderState()` has a 50ms sleep, so unawaited calls cause `process.exit(1)` to fire before the UI renders.
+8. **Mock reporter async assertions**: Assertions inside `MockReporter` config callbacks (e.g. `displayFileModifications`) will silently pass if the call isn't awaited. Making display methods async surfaced latent bugs where expected file paths were wrong.
+
+## Plugin Error Handling Architecture
+
+Plugin errors flow as structured `PluginErrorData` over IPC and are caught as `PluginError` instances on the CLI side:
+
+**IPC envelope** (`@codifycli/schemas`):
+```typescript
+interface PluginErrorData {
+  errorType: string;   // 'apply_validation' | 'sudo_error' | 'unknown'
+  message: string;
+  data?: unknown;
+}
+```
+
+**CLI carrier** (`src/common/errors.ts`): `PluginError extends CodifyError` holds `pluginName`, `resourceType`, and `errorData: PluginErrorData`.
+
+**Reporter as view model**: Reporters (not components) decide how to render each `errorType`. `DefaultReporter.displayPluginError()` branches on `errorType` to set the appropriate `RenderStatus` (`APPLY_VALIDATION_ERROR` with a `ResourcePlan` for plan diffs, `PLUGIN_ERROR` with a message string for generic errors). The `DefaultComponent` is purely display.
+
+**Shared formatter**: `src/ui/plugin-error-formatter.ts` exports `formatApplyValidationError(error: PluginError): string` used by both `PlainReporter` and `DefaultComponent`.
+
+**Backward compat**: `plugin.ts#toErrorData()` validates IPC data against `ErrorResponseDataSchema` (AJV); falls back to `{ errorType: 'unknown', message: data }` for old plugins sending bare strings.

package-lock.json

@@ -5,9 +5,8 @@
   },
   "dependencies": {
     "@codifycli/ink-form": "0.0.12",
-    "@codifycli/schemas": "1.0.0",
+    "@codifycli/schemas": "1.1.0-beta8",
     "@homebridge/node-pty-prebuilt-multiarch": "^0.12.0-beta.5",
-    "@inkjs/ui": "^2",
     "@mischnic/json-sourcemap": "^0.1.1",
     "@oclif/core": "^4.0.8",
     "@oclif/plugin-autocomplete": "^3.2.24",
@@ -44,7 +43,7 @@
   },
   "description": "Codify is a configuration-as-code tool that declaratively installs and manages developer tools and applications. Check out https://dashboard.codifycli.com for an editor.",
   "devDependencies": {
-    "@codifycli/plugin-core": "^1.0.0",
+    "@codifycli/plugin-core": "^1.1.0-beta19",
     "@oclif/prettier-config": "^0.2.1",
     "@types/chalk": "^2.2.0",
     "@types/cors": "^2.8.19",
@@ -128,6 +127,7 @@
   },
   "repository": "codifycli/codify",
   "scripts": {
+    "postinstall": "[ -f node_modules/oclif/lib/tarballs/bin.js ] && tsx scripts/patch-oclif.ts || true",
     "build": "shx rm -rf dist && tsc -b",
     "build:release": "npm run pkg && ./scripts/notarize.sh",
     "lint": "tsc",
@@ -145,7 +145,7 @@
     "deploy": "npm run pkg && npm run notarize && npm run upload",
     "prepublishOnly": "npm run build"
   },
-  "version": "1.0.2",
+  "version": "1.1.0-beta.4",
   "bugs": "https://github.com/codifycli/codify/issues",
   "keywords": [
     "oclif",

package.json

@@ -44,6 +44,8 @@
   fi
 
   mkdir -p /usr/local/lib
+  mkdir -p /usr/local/bin
+
   cd /usr/local/lib
   rm -rf codify
   rm -rf ~/.local/share/codify/client

scripts/install-beta.sh

@@ -44,6 +44,8 @@
   fi
 
   mkdir -p /usr/local/lib
+  mkdir -p /usr/local/bin
+
   cd /usr/local/lib
   rm -rf codify
   rm -rf ~/.local/share/codify/client

scripts/install.sh

@@ -0,0 +1,132 @@
+// Patches node_modules/oclif/lib/tarballs/bin.js to inject bash logic into the shell script
+// that oclif generates during `oclif pack tarballs`. This runs via the `postinstall` npm script
+// so it re-applies automatically after any `npm install` that updates oclif.
+//
+// Why: Node.js takes 500ms–1s to start. By handling simple cases in the shell script we can
+// give instant feedback before Node launches.
+//
+// What the injected bash does (inside the else block, before the "$NODE ... $DIR/run" line):
+//   - codify --help / -h           → cats dist/static/help.txt and exits (no Node startup)
+//   - codify <cmd> --help / -h     → cats dist/static/<cmd>-help.txt and exits
+//   - codify --version / -v        → cats dist/static/version.txt and exits
+//   - codify apply/destroy/plan    → prints "Running Codify <cmd>..." immediately
+//                                    (suppressed when --output json or -o json is passed)
+//   - everything else              → falls through to normal Node.js launch
+//
+// Static files (dist/static/*.txt) are generated in scripts/pkg.ts after the esbuild step.
+// Missing static files are guarded by [ -f ] so all cases fall back to Node gracefully.
+//
+// Note: console.log('Running Codify apply/destroy...') was removed from src/commands/apply.ts
+// and src/commands/destroy.ts to prevent double-printing (shell prints first, Node would repeat it).
+//
+// Also patches node_modules/oclif/lib/commands/pack/macos.js to add
+// `sudo rm -rf ~/.local/share/codify` to the macOS installer's preinstall script.
+// This fixes an oclif bug where the auto-updater cache (~/.local/share/codify) isn't cleared
+// on fresh installs, causing the old cached version to be used. The patch must happen before
+// `oclif pack macos` runs — modifying the .pkg after the fact breaks notarization.
+//
+// If oclif upgrades and changes either file's structure, this script exits with code 1 so the
+// breakage is immediately visible.
+import { existsSync } from 'node:fs';
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const BIN_JS = path.join(__dirname, '../node_modules/oclif/lib/tarballs/bin.js');
+const MACOS_JS = path.join(__dirname, '../node_modules/oclif/lib/commands/pack/macos.js');
+
+if (!existsSync(BIN_JS)) {
+  console.log('oclif bin.js not found (likely production install). Skipping.');
+  process.exit(0);
+}
+
+let content = await fs.readFile(BIN_JS, 'utf8');
+
+if (content.includes('CODIFY_PATCH_START')) {
+  console.log('Removing existing patch to reapply...');
+  content = content.replace(/  # CODIFY_PATCH_START[\s\S]*?# CODIFY_PATCH_END[^\n]*\n/, '');
+}
+
+const SEARCH = '  if [ "\\$DEBUG" == "*" ]; then\n    echoerr';
+const idx = content.lastIndexOf(SEARCH);
+if (idx === -1) {
+  console.error('ERROR: Could not find insertion point in oclif bin.js. The oclif version may have changed.');
+  process.exit(1);
+}
+
+// Patch uses \\$ so that it survives the JS string — in the generated shell script each \\$ becomes \$
+// which bash then interprets as a literal $ (not a template substitution in the JS template literal).
+// Bash default-value syntax ${1:-} is avoided since ${...} would be evaluated as a JS template expression.
+const PATCH = `  # CODIFY_PATCH_START — do not remove this marker
+  _first_arg=""
+  if [ "\\$#" -gt 0 ]; then _first_arg="\\$1"; fi
+  _second_arg=""
+  if [ "\\$#" -gt 1 ]; then _second_arg="\\$2"; fi
+  if [ "\\$_first_arg" = "--help" ] || [ "\\$_first_arg" = "-h" ]; then
+    _help_file="\\$DIR/../dist/static/help.txt"
+    if [ -f "\\$_help_file" ]; then cat "\\$_help_file"; exit 0; fi
+  fi
+  if [ "\\$_second_arg" = "--help" ] || [ "\\$_second_arg" = "-h" ]; then
+    _cmd_help_file="\\$DIR/../dist/static/\\$_first_arg-help.txt"
+    if [ -f "\\$_cmd_help_file" ]; then cat "\\$_cmd_help_file"; exit 0; fi
+  fi
+  if [ "\\$_first_arg" = "--version" ] || [ "\\$_first_arg" = "-v" ] || [ "\\$_first_arg" = "version" ]; then
+    _version_file="\\$DIR/../dist/static/version.txt"
+    if [ -f "\\$_version_file" ]; then cat "\\$_version_file"; exit 0; fi
+  fi
+  _cmd="\\$_first_arg"
+  if [ "\\$_cmd" = "apply" ] || [ "\\$_cmd" = "destroy" ] || [ "\\$_cmd" = "plan" ] || [ "\\$_cmd" = "login" ] || [ "\\$_cmd" = "logout" ] || [ "\\$_cmd" = "import" ] || [ "\\$_cmd" = "refresh" ] || [ "\\$_cmd" = "init" ] || [ "\\$_cmd" = "validate" ] || [ "\\$_cmd" = "test" ] || [ "\\$_cmd" = "edit" ] || [ "\\$_cmd" = "connect" ]; then
+    _json_output=0
+    _prev=""
+    for _a in "\\$@"; do
+      if [ "\\$_a" = "--output=json" ] || [ "\\$_a" = "-o=json" ]; then _json_output=1; break; fi
+      if [ "\\$_prev" = "--output" ] || [ "\\$_prev" = "-o" ]; then
+        if [ "\\$_a" = "json" ]; then _json_output=1; break; fi
+      fi
+      _prev="\\$_a"
+    done
+    if [ "\\$_json_output" -eq 0 ]; then echo "Running Codify \\$_cmd..."; fi
+  fi
+  # CODIFY_PATCH_END — do not remove this marker
+`;
+
+const patched = content.slice(0, idx) + PATCH + content.slice(idx);
+
+// Use exec to replace the shell process with Node rather than spawning a child.
+// This avoids an extra process in memory and ensures signals go directly to Node.
+const NODE_LAUNCH = '  "\\$NODE" ';
+const NODE_LAUNCH_EXEC = '  exec "\\$NODE" ';
+let withExec = patched;
+if (patched.includes(NODE_LAUNCH) && !patched.includes(NODE_LAUNCH_EXEC)) {
+  withExec = patched.replace(NODE_LAUNCH, NODE_LAUNCH_EXEC);
+} else if (!patched.includes(NODE_LAUNCH_EXEC)) {
+  console.error('ERROR: Could not find Node launch line to add exec. The oclif version may have changed.');
+  process.exit(1);
+}
+
+await fs.writeFile(BIN_JS, withExec, 'utf8');
+console.log('Successfully patched oclif bin.js');
+
+// Patch macos.js preinstall script to also clear the auto-updater cache directory.
+// Oclif's auto-updater stores binaries in ~/.local/share/codify and the macOS installer
+// doesn't clean this up, so fresh installs still run the old cached version.
+// We must patch the template before `oclif pack macos` runs — modifying the .pkg after
+// the fact breaks notarization since the binary has been tampered with.
+const SEARCH_PREINSTALL = 'sudo rm -rf /usr/local/bin/${config.bin}\n${additionalCLI';
+const PATCH_PREINSTALL  = 'sudo rm -rf /usr/local/bin/${config.bin}\nsudo rm -rf ~/.local/share/${config.dirname}\n${additionalCLI';
+
+if (!existsSync(MACOS_JS)) {
+  console.log('oclif macos.js not found. Skipping preinstall patch.');
+} else {
+  const macosContent = await fs.readFile(MACOS_JS, 'utf8');
+  if (macosContent.includes(PATCH_PREINSTALL)) {
+    console.log('oclif macos.js preinstall already patched. Skipping.');
+  } else if (!macosContent.includes(SEARCH_PREINSTALL)) {
+    console.error('ERROR: Could not find preinstall insertion point in oclif macos.js. The oclif version may have changed.');
+    process.exit(1);
+  } else {
+    await fs.writeFile(MACOS_JS, macosContent.replace(SEARCH_PREINSTALL, PATCH_PREINSTALL), 'utf8');
+    console.log('Successfully patched oclif macos.js preinstall script');
+  }
+}