MetaState-Prototype-Project · coodos · Apr 20, 2025 · Apr 19, 2025 · Apr 20, 2025 · Apr 20, 2025
@@ -19,5 +19,5 @@ WORKDIR /app
 RUN npm i -g corepack@latest
 COPY --from=deps /out/ /app
 EXPOSE 4000
-workdir /app/infrastructure/evault-core
+WORKDIR /app/infrastructure/evault-core
 CMD ["pnpm", "dev"]
@@ -0,0 +1,24 @@
+FROM node:22-slim AS deps
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
+RUN corepack enable
+COPY . /app
+WORKDIR /app
+RUN npm i -g corepack@latest
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --frozen-lockfile
+RUN pnpm turbo prune evault-core --docker --use-gitignore=false
+RUN mkdir /out
+RUN cp -R ./out/full/* /out/
+RUN cp -R ./out/json/* /out/
+RUN cp ./out/pnpm-lock.yaml /out/pnpm-lock.yaml
+RUN cp -R node_modules/ /out/
+
+
+FROM node:22-slim AS core-api
+WORKDIR /app
+RUN npm i -g corepack@latest
+COPY --from=deps /out/ /app
+RUN pnpm -F=evault-core build
+EXPOSE 4000
+WORKDIR /app/infrastructure/evault-core
+CMD ["echo \'hi'\"]
-FROM node:22-slim AS core-api
-WORKDIR /app
-RUN npm i -g corepack@latest
-COPY --from=deps /out/ /app
-RUN pnpm -F=evault-core build
-EXPOSE 4000
-WORKDIR /app/infrastructure/evault-core
-CMD ["echo \'hi'\"]
+FROM node:22-slim AS core-api
+WORKDIR /app
+RUN npm i -g corepack@latest
+COPY --from=deps /out/ /app
+RUN pnpm -F=evault-core build
+
+# Add a non-root user for security
+RUN groupadd -r evault && useradd -r -g evault evault
+USER evault
+
+EXPOSE 4000
+WORKDIR /app/infrastructure/evault-core
+
+# Healthcheck to ensure the service is up
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+  CMD ["curl", "-f", "http://localhost:4000/health"]
+
+# Start the application
+CMD ["node", "dist/index.js"]
-FROM node:22-slim AS core-api
-WORKDIR /app
-RUN npm i -g corepack@latest
-COPY --from=deps /out/ /app
-RUN pnpm -F=evault-core build
-EXPOSE 4000
-WORKDIR /app/infrastructure/evault-core
-CMD ["echo \'hi'\"]
+FROM node:22-slim AS core-api
+WORKDIR /app
+RUN npm i -g corepack@latest
+COPY --from=deps /out/ /app
+RUN pnpm -F=evault-core build
+
+# Add a non-root user for security
+RUN groupadd -r evault && useradd -r -g evault evault
+USER evault
+
+EXPOSE 4000
+WORKDIR /app/infrastructure/evault-core
+
+# Healthcheck to ensure the service is up
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+  CMD ["curl", "-f", "http://localhost:4000/health"]
+
+# Start the application
+CMD ["node", "dist/index.js"]
@@ -6,7 +6,8 @@
     "scripts": {
         "test": "vitest --config vitest.config.ts",
         "build": "tsc",
-        "dev": "node --watch --import tsx src/evault.ts"
+        "dev": "node --watch --import tsx src/evault.ts",
+        "start": "node ./dist/evault.js"
     },
     "packageManager": "[email protected]",
     "keywords": [],

@@ -32,10 +32,10 @@ class EVault {
     }
 
     start() {
-        const port = process.env.PORT ?? 4000;
-        this.server.listen(port, () => {
-            console.log(`GraphQL Server started on http://localhost:${port}`);
-            console.log(`Voyager started on http://localhost:${port}`);
+        const port = process.env.NOMAD_PORT_http || process.env.PORT || 4000;
+        this.server.listen(Number(port), "0.0.0.0", () => {
+            console.log(`GraphQL Server started on http://0.0.0.0:${port}`);
+            console.log(`Voyager started on http://0.0.0.0:${port}`);
         });
     }
 }

@@ -1,18 +1,27 @@
 {
-	"compilerOptions": {
-		"target": "ES2017",
-		"module": "ESNext",
-		"lib": ["ESNext", "DOM"],
-		"declaration": true,
-		"declarationDir": "./dist/types",
-		"outDir": "./dist",
-		"rootDir": "./src",
-		"strict": true,
-		"esModuleInterop": true,
-		"forceConsistentCasingInFileNames": true,
-		"moduleResolution": "Node",
-		"skipLibCheck": true
-	},
-	"include": ["src/**/*"],
-	"exclude": ["node_modules", "dist"]
+    "compilerOptions": {
+        "target": "ES2021",
+        "module": "CommonJS",
+        "lib": [
+            "ESNext",
+            "DOM"
+        ],
+        "declaration": true,
+        "declarationDir": "./dist/types",
+        "outDir": "./dist",
+        "rootDir": "./src",
+        "strict": true,
+        "esModuleInterop": true,
+        "forceConsistentCasingInFileNames": true,
+        "moduleResolution": "Node",
+        "skipLibCheck": true
+    },
+    "include": [
+        "src/**/*"
+    ],
+    "exclude": [
+        "node_modules",
+        "dist",
+        "*/**/*.spec.ts"
+    ]
 }
@@ -0,0 +1,188 @@
+# Evault Provisioner
+
+A TypeScript API for provisioning evault instances on Nomad. This service allows you to spin up evault instances with Neo4j backends for different tenants.
+
+## Prerequisites
+
+- Node.js 18+
+- Docker
+- Nomad (see setup instructions below)
+- OrbStack (for macOS users)
+
+## Nomad Setup
+
+### macOS Setup (using OrbStack)
+
+Due to CNI bridge plugin requirements, running Nomad on macOS is best done through OrbStack:
+
+1. Install OrbStack: https://orbstack.dev/
+2. Create a new VM in OrbStack
+3. SSH into the VM and install Nomad:
+
+```bash
+# Install Nomad
+curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
+sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
+sudo apt-get update && sudo apt-get install nomad
+
+# Install CNI plugins
+sudo mkdir -p /opt/cni/bin
+curl -L https://github.com/containernetworking/plugins/releases/download/v1.3.0/cni-plugins-linux-amd64-v1.3.0.tgz | sudo tar -C /opt/cni/bin -xz
+```
+
+4. Start Nomad in dev mode:
+
+```bash
+sudo nomad agent -dev -network-interface=eth0 -log-level=DEBUG -bind=0.0.0.0
+```
+
+### Linux Setup
+
+1. Install Nomad:
+
+```bash
+# Install Nomad
+curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
+sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
+sudo apt-get update && sudo apt-get install nomad
+
+# Install CNI plugins
+sudo mkdir -p /opt/cni/bin
+curl -L https://github.com/containernetworking/plugins/releases/download/v1.3.0/cni-plugins-linux-amd64-v1.3.0.tgz | sudo tar -C /opt/cni/bin -xz
+```
+
+2. Start Nomad in dev mode:
+
+```bash
+sudo nomad agent -dev -network-interface=eth0 -log-level=DEBUG -bind=0.0.0.0
+```
+
+## Project Setup
+
+1. Install dependencies:
+
+```bash
+npm install
+```
+
+2. Build the project:
+
+```bash
+npm run build
+```
+
+3. Start the server:
+
+```bash
+npm start
+```
+
+For development with auto-reload:
+
+```bash
+npm run dev
+```
+
+## API Endpoints
+
+### Health Check
+
+```
+GET /health
+```
+
+Returns the health status of the API.
+
+### Provision Evault
+
+```
+POST /provision
+```
+
+Provisions a new evault instance for a tenant.
+
+Request body:
+
+```json
+{
+  "tenantId": "your-tenant-id"
+}
+```
-```json
-{
-  "tenantId": "your-tenant-id"
-}
-```
-```json
-{
-  "tenantId": "your-tenant-id"
-}
-```
+
+Response:
+
+```json
+{
+  "success": true,
+  "message": "Successfully provisioned evault for tenant your-tenant-id",
+  "jobName": "evault-your-tenant-id"
+}
+```
+
+## Architecture
+
+The provisioner creates a Nomad job that consists of two tasks:
+
+1. **Neo4j Task**:
+
+   - Runs Neo4j 5.15
+   - Exposes ports: 7687 (bolt) and 7474 (browser)
+   - Uses dynamic ports for flexibility
+   - 2GB memory allocation
+
+2. **Evault Task**:
+   - Runs the evault application
+   - Connects to Neo4j via localhost
+   - Uses dynamic port allocation
+   - 512MB memory allocation
+   - Depends on Neo4j task
+
+## Environment Variables
+
+- `PORT` - Port to run the API on (default: 3000)
+- `NOMAD_ADDR` - Nomad API address (default: http://localhost:4646)
+
+## Troubleshooting
+
+### Common Issues
+
+1. **Port Allocation Issues**:
+
+   - Ensure Nomad is running with CNI plugins installed
+   - Check that the network interface is correctly specified
+   - Verify that ports are not already in use
+
+2. **Container Networking**:
+
+   - Ensure Docker is running
+   - Check that the bridge network is properly configured
+   - Verify container-to-container communication
+
+3. **Nomad Job Failures**:
+   - Check Nomad logs for detailed error messages
+   - Verify that all required images are available
+   - Ensure resource allocations are sufficient
+
+### Debugging
+
+To debug Nomad issues:
+
+```bash
+# View Nomad logs
+journalctl -u nomad -f
+
+# Check Nomad status
+nomad status
+
+# View specific job details
+nomad job status evault-<tenant-id>
+
+# View allocation details
+nomad alloc status <allocation-id>
+```
+
+## Development
+
+The project uses TypeScript for type safety and better development experience. The source files are in the `src` directory and are compiled to the `dist` directory.
+
+For development, you can use `npm run dev` which uses `tsx` to run the TypeScript files directly without compilation.
@@ -0,0 +1,27 @@
+{
+    "name": "evault-provisioner",
+    "version": "1.0.0",
+    "description": "API for provisioning evault instances on Nomad",
+    "main": "dist/index.js",
+    "type": "module",
+    "scripts": {
+        "start": "node dist/index.js",
+        "dev": "tsx watch src/index.ts",
+        "build": "tsc",
+        "test": "vitest"
+    },
+    "dependencies": {
+        "express": "^4.18.2",
+        "axios": "^1.6.7",
+        "dotenv": "^16.4.5",
+        "w3id": "workspace:*"
+    },
+    "devDependencies": {
+        "@types/express": "^4.17.21",
+        "@types/node": "^20.11.24",
+        "nodemon": "^3.0.3",
+        "tsx": "^4.7.1",
+        "typescript": "^5.3.3",
+        "vitest": "^1.3.1"
+    }
+}