@aaricchen1991/deploy 0.1.0

package/dist/commands/nginx.js

@@ -0,0 +1,70 @@
+/**
+ * Generate nginx config from domains config; optionally install and reload.
+ */
+import { spawn } from "node:child_process";
+import fs from "node:fs";
+import path from "node:path";
+import { parseDomainsYaml } from "../lib/domains.js";
+import { error, info, warn } from "../lib/logger.js";
+import { generateNginxConf } from "../lib/nginx.js";
+const NGINX_CONF_NAME = "n2.conf";
+export async function runNginx(opts) {
+    const configPath = path.resolve(process.cwd(), opts.config);
+    if (!fs.existsSync(configPath)) {
+        error(`Config not found: ${configPath}`);
+        process.exit(1);
+    }
+    const yaml = fs.readFileSync(configPath, "utf8");
+    const config = parseDomainsYaml(yaml);
+    const nginxConf = generateNginxConf(config);
+    const outPath = path.resolve(process.cwd(), opts.output);
+    const outDir = path.dirname(outPath);
+    fs.mkdirSync(outDir, { recursive: true });
+    fs.writeFileSync(outPath, nginxConf);
+    info(`Wrote ${outPath}`);
+    if (opts.install) {
+        const destDir = detectNginxConfDir();
+        const destPath = path.join(destDir, NGINX_CONF_NAME);
+        try {
+            fs.copyFileSync(outPath, destPath);
+            info(`Installed to ${destPath}`);
+        }
+        catch (e) {
+            error(`Install failed (try sudo): ${e}`);
+            process.exit(1);
+        }
+        await nginxTestAndReload();
+    }
+}
+function detectNginxConfDir() {
+    if (fs.existsSync("/etc/nginx/conf.d"))
+        return "/etc/nginx/conf.d";
+    if (fs.existsSync("/etc/nginx/sites-available"))
+        return "/etc/nginx/sites-available";
+    return "/etc/nginx/conf.d";
+}
+function nginxTestAndReload() {
+    return new Promise((resolve, reject) => {
+        const t = spawn("nginx", ["-t"], { stdio: "inherit" });
+        t.on("close", code => {
+            if (code !== 0) {
+                reject(new Error("nginx -t failed"));
+                return;
+            }
+            const r = spawn("systemctl", ["reload", "nginx"], { stdio: "inherit" });
+            r.on("close", c => {
+                if (c === 0) {
+                    info("Nginx reloaded.");
+                    resolve();
+                }
+                else {
+                    warn("systemctl reload nginx failed; try: sudo systemctl reload nginx");
+                    resolve();
+                }
+            });
+            r.on("error", () => resolve());
+        });
+        t.on("error", () => reject(new Error("nginx not found")));
+    });
+}
+//# sourceMappingURL=nginx.js.map

package/dist/commands/nginx.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nginx.js","sourceRoot":"","sources":["../../src/commands/nginx.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAQpD,MAAM,eAAe,GAAG,SAAS,CAAC;AAElC,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,IAAkB;IAC/C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,qBAAqB,UAAU,EAAE,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAE5C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IACzD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACrC,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1C,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IACrC,IAAI,CAAC,SAAS,OAAO,EAAE,CAAC,CAAC;IAEzB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QACrD,IAAI,CAAC;YACH,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YACnC,IAAI,CAAC,gBAAgB,QAAQ,EAAE,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,KAAK,CAAC,8BAA8B,CAAC,EAAE,CAAC,CAAC;YACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,MAAM,kBAAkB,EAAE,CAAC;IAC7B,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB;IACzB,IAAI,EAAE,CAAC,UAAU,CAAC,mBAAmB,CAAC;QAAE,OAAO,mBAAmB,CAAC;IACnE,IAAI,EAAE,CAAC,UAAU,CAAC,4BAA4B,CAAC;QAC7C,OAAO,4BAA4B,CAAC;IACtC,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AAED,SAAS,kBAAkB;IACzB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,CAAC,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QACvD,CAAC,CAAC,EAAE,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE;YACnB,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC;gBACrC,OAAO;YACT,CAAC;YACD,MAAM,CAAC,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;YACxE,CAAC,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE;gBAChB,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;oBACZ,IAAI,CAAC,iBAAiB,CAAC,CAAC;oBACxB,OAAO,EAAE,CAAC;gBACZ,CAAC;qBAAM,CAAC;oBACN,IAAI,CACF,iEAAiE,CAClE,CAAC;oBACF,OAAO,EAAE,CAAC;gBACZ,CAAC;YACH,CAAC,CAAC,CAAC;YACH,CAAC,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/commands/ssl-logs.d.ts

@@ -0,0 +1,17 @@
+/**
+ * View SSL log file: tail, lines, follow, optional filter by action/result.
+ */
+export interface SslLogsOptions {
+    /** Log file path (default: /opt/deploy/logs/ssl.log) */
+    logFile?: string;
+    /** Show last N lines (default: 50) */
+    lines?: number;
+    /** Follow (tail -f) */
+    follow?: boolean;
+    /** Filter: create | renew | success | failure | run */
+    action?: string;
+    /** Filter: ok | fail */
+    result?: string;
+}
+export declare function runSslLogs(opts: SslLogsOptions): Promise<void>;
+//# sourceMappingURL=ssl-logs.d.ts.map

package/dist/commands/ssl-logs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssl-logs.d.ts","sourceRoot":"","sources":["../../src/commands/ssl-logs.ts"],"names":[],"mappings":"AAAA;;GAEG;AAQH,MAAM,WAAW,cAAc;IAC7B,wDAAwD;IACxD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,sCAAsC;IACtC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,uBAAuB;IACvB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,uDAAuD;IACvD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,wBAAwB;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wBAAsB,UAAU,CAAC,IAAI,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAwDpE"}

package/dist/commands/ssl-logs.js

@@ -0,0 +1,54 @@
+/**
+ * View SSL log file: tail, lines, follow, optional filter by action/result.
+ */
+import fs from "node:fs";
+import path from "node:path";
+import { getLogFilePath } from "../lib/logger.js";
+const DEFAULT_SSL_LOG = "/opt/deploy/logs/ssl.log";
+export async function runSslLogs(opts) {
+    const logPath = opts.logFile ?? getLogFilePath() ?? DEFAULT_SSL_LOG;
+    const resolved = path.resolve(process.cwd(), logPath);
+    if (!fs.existsSync(resolved)) {
+        console.error("Log file not found:", resolved);
+        process.exit(1);
+    }
+    const lines = opts.lines ?? 50;
+    let content;
+    const stat = fs.statSync(resolved);
+    const fd = fs.openSync(resolved, "r");
+    try {
+        const buffer = Buffer.alloc(Math.min(stat.size, 256 * 1024));
+        const read = fs.readSync(fd, buffer, 0, buffer.length, Math.max(0, stat.size - buffer.length));
+        content = buffer.subarray(0, read).toString("utf8");
+    }
+    finally {
+        fs.closeSync(fd);
+    }
+    const allLines = content.split(/\n/).filter(l => l.length > 0);
+    const lastLines = allLines.slice(-lines);
+    const filter = (line) => {
+        if (opts.action || opts.result) {
+            const parts = line.split("\t");
+            if (parts.length >= 5) {
+                const [, , action, , result] = parts;
+                if (opts.action && action !== opts.action)
+                    return false;
+                if (opts.result && result !== opts.result)
+                    return false;
+            }
+        }
+        return true;
+    };
+    const filtered = opts.action || opts.result ? lastLines.filter(filter) : lastLines;
+    for (const line of filtered) {
+        console.log(line);
+    }
+    if (opts.follow) {
+        const { spawn } = await import("node:child_process");
+        const tail = spawn("tail", ["-n", String(lines), "-f", resolved], {
+            stdio: "inherit",
+        });
+        tail.on("close", code => process.exit(code ?? 0));
+    }
+}
+//# sourceMappingURL=ssl-logs.js.map

package/dist/commands/ssl-logs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssl-logs.js","sourceRoot":"","sources":["../../src/commands/ssl-logs.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD,MAAM,eAAe,GAAG,0BAA0B,CAAC;AAenD,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,IAAoB;IACnD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,cAAc,EAAE,IAAI,eAAe,CAAC;IACpE,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,CAAC;IAEtD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC;QAC/C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;IAC/B,IAAI,OAAe,CAAC;IACpB,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC;QAC7D,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CACtB,EAAE,EACF,MAAM,EACN,CAAC,EACD,MAAM,CAAC,MAAM,EACb,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CACvC,CAAC;QACF,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACtD,CAAC;YAAS,CAAC;QACT,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACnB,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC;IAEzC,MAAM,MAAM,GAAG,CAAC,IAAY,EAAW,EAAE;QACvC,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC/B,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;gBACtB,MAAM,CAAC,EAAE,AAAD,EAAG,MAAM,EAAE,AAAD,EAAG,MAAM,CAAC,GAAG,KAAK,CAAC;gBACrC,IAAI,IAAI,CAAC,MAAM,IAAI,MAAM,KAAK,IAAI,CAAC,MAAM;oBAAE,OAAO,KAAK,CAAC;gBACxD,IAAI,IAAI,CAAC,MAAM,IAAI,MAAM,KAAK,IAAI,CAAC,MAAM;oBAAE,OAAO,KAAK,CAAC;YAC1D,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IAEF,MAAM,QAAQ,GACZ,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAEpE,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACpB,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACrD,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC,EAAE;YAChE,KAAK,EAAE,SAAS;SACjB,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC;IACpD,CAAC;AACH,CAAC"}

package/dist/commands/ssl.d.ts

@@ -0,0 +1,16 @@
+/**
+ * SSL certificate setup/renew for all domains from config.
+ * Runs check-and-setup-ssl.sh; all output and structured events go to SSL log file.
+ */
+export interface SslOptions {
+    config: string;
+    /** Ali key (or ALIYUN_ACCESS_KEY_ID / Ali_Key env) */
+    aliKey?: string;
+    /** Ali secret (or ALIYUN_ACCESS_KEY_SECRET / Ali_Secret env) */
+    aliSecret?: string;
+    logFile?: string;
+    /** Path to deploy scripts (default: N2_DEPLOY_SCRIPTS_DIR or cwd/scripts/deploy or assets) */
+    scriptsDir?: string;
+}
+export declare function runSsl(opts: SslOptions): Promise<void>;
+//# sourceMappingURL=ssl.d.ts.map

package/dist/commands/ssl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssl.d.ts","sourceRoot":"","sources":["../../src/commands/ssl.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAiBH,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,sDAAsD;IACtD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gEAAgE;IAChE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8FAA8F;IAC9F,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,wBAAsB,MAAM,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA4G5D"}

package/dist/commands/ssl.js

@@ -0,0 +1,98 @@
+/**
+ * SSL certificate setup/renew for all domains from config.
+ * Runs check-and-setup-ssl.sh; all output and structured events go to SSL log file.
+ */
+import { spawn } from "node:child_process";
+import fs from "node:fs";
+import path from "node:path";
+import { getAllDomains, parseDomainsYaml } from "../lib/domains.js";
+import { appendRaw, appendSslLog, error, info, setLogFile, } from "../lib/logger.js";
+import { getScriptsDir } from "../lib/paths.js";
+const DEFAULT_SSL_LOG = "/opt/deploy/logs/ssl.log";
+export async function runSsl(opts) {
+    const configPath = path.resolve(process.cwd(), opts.config);
+    if (!fs.existsSync(configPath)) {
+        error(`Config not found: ${configPath}`);
+        process.exit(1);
+    }
+    const aliKey = opts.aliKey ?? process.env.ALIYUN_ACCESS_KEY_ID ?? process.env.Ali_Key;
+    const aliSecret = opts.aliSecret ??
+        process.env.ALIYUN_ACCESS_KEY_SECRET ??
+        process.env.Ali_Secret;
+    if (!aliKey || !aliSecret) {
+        error("Aliyun API credentials required. Set --ali-key/--ali-secret or ALIYUN_ACCESS_KEY_ID/ALIYUN_ACCESS_KEY_SECRET (or Ali_Key/Ali_Secret).");
+        process.exit(1);
+    }
+    const yaml = fs.readFileSync(configPath, "utf8");
+    const config = parseDomainsYaml(yaml);
+    const domains = getAllDomains(config);
+    const domainsTxt = domains.join("\n") + "\n";
+    const logPath = opts.logFile ?? DEFAULT_SSL_LOG;
+    setLogFile(logPath);
+    const logDir = path.dirname(logPath);
+    fs.mkdirSync(logDir, { recursive: true });
+    info("SSL log file: " + logPath);
+    info("Domains: " + domains.join(", "));
+    const scriptsDir = opts.scriptsDir ||
+        process.env.N2_DEPLOY_SCRIPTS_DIR ||
+        getScriptsDir(process.cwd());
+    let scriptPath;
+    let domainsFilePath;
+    if (fs.existsSync("/opt/ssl/check-and-setup-ssl.sh")) {
+        scriptPath = "/opt/ssl/check-and-setup-ssl.sh";
+        domainsFilePath = "/opt/ssl/domains.txt";
+        fs.writeFileSync(domainsFilePath, domainsTxt);
+        info("Updated /opt/ssl/domains.txt");
+    }
+    else if (scriptsDir &&
+        fs.existsSync(path.join(scriptsDir, "ssl", "check-and-setup-ssl.sh"))) {
+        scriptPath = path.join(scriptsDir, "ssl", "check-and-setup-ssl.sh");
+        const tmpDomains = path.join(logDir, "domains.txt");
+        fs.writeFileSync(tmpDomains, domainsTxt);
+        domainsFilePath = tmpDomains;
+    }
+    else {
+        error("SSL scripts not found. Run 'n2-deploy init' first or set N2_DEPLOY_SCRIPTS_DIR.");
+        process.exit(1);
+    }
+    appendSslLog("run", "", "ok", "start");
+    await new Promise((resolve, reject) => {
+        const child = spawn("bash", [scriptPath, "--ali-key", aliKey, "--ali-secret", aliSecret], {
+            env: {
+                ...process.env,
+                Ali_Key: aliKey,
+                Ali_Secret: aliSecret,
+                DOMAINS_FILE: domainsFilePath,
+            },
+            stdio: ["inherit", "pipe", "pipe"],
+        });
+        const appendOut = (data) => {
+            const s = data.toString();
+            process.stdout.write(s);
+            appendRaw(s.trimEnd());
+        };
+        child.stdout?.on("data", appendOut);
+        child.stderr?.on("data", data => {
+            const s = data.toString();
+            process.stderr.write(s);
+            appendRaw(s.trimEnd());
+        });
+        child.on("close", (code, signal) => {
+            if (code === 0) {
+                appendSslLog("run", "", "ok", "done");
+                info("SSL certificate setup completed.");
+                resolve();
+            }
+            else {
+                appendSslLog("run", "", "fail", `exit ${code} ${signal ?? ""}`);
+                error(`SSL script exited with code ${code}`);
+                reject(new Error(`SSL script exited with ${code}`));
+            }
+        });
+        child.on("error", err => {
+            appendSslLog("run", "", "fail", err.message);
+            reject(err);
+        });
+    });
+}
+//# sourceMappingURL=ssl.js.map

package/dist/commands/ssl.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssl.js","sourceRoot":"","sources":["../../src/commands/ssl.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACpE,OAAO,EACL,SAAS,EACT,YAAY,EACZ,KAAK,EACL,IAAI,EACJ,UAAU,GACX,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,eAAe,GAAG,0BAA0B,CAAC;AAanD,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,IAAgB;IAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,qBAAqB,UAAU,EAAE,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GACV,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;IACzE,MAAM,SAAS,GACb,IAAI,CAAC,SAAS;QACd,OAAO,CAAC,GAAG,CAAC,wBAAwB;QACpC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IAEzB,IAAI,CAAC,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QAC1B,KAAK,CACH,uIAAuI,CACxI,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAE7C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,eAAe,CAAC;IAChD,UAAU,CAAC,OAAO,CAAC,CAAC;IACpB,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACrC,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1C,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,CAAC;IACjC,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAEvC,MAAM,UAAU,GACd,IAAI,CAAC,UAAU;QACf,OAAO,CAAC,GAAG,CAAC,qBAAqB;QACjC,aAAa,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAE/B,IAAI,UAAkB,CAAC;IACvB,IAAI,eAAuB,CAAC;IAE5B,IAAI,EAAE,CAAC,UAAU,CAAC,iCAAiC,CAAC,EAAE,CAAC;QACrD,UAAU,GAAG,iCAAiC,CAAC;QAC/C,eAAe,GAAG,sBAAsB,CAAC;QACzC,EAAE,CAAC,aAAa,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAC9C,IAAI,CAAC,8BAA8B,CAAC,CAAC;IACvC,CAAC;SAAM,IACL,UAAU;QACV,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,wBAAwB,CAAC,CAAC,EACrE,CAAC;QACD,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,wBAAwB,CAAC,CAAC;QACpE,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QACpD,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACzC,eAAe,GAAG,UAAU,CAAC;IAC/B,CAAC;SAAM,CAAC;QACN,KAAK,CACH,iFAAiF,CAClF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,YAAY,CAAC,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAEvC,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1C,MAAM,KAAK,GAAG,KAAK,CACjB,MAAM,EACN,CAAC,UAAU,EAAE,WAAW,EAAE,MAAM,EAAE,cAAc,EAAE,SAAS,CAAC,EAC5D;YACE,GAAG,EAAE;gBACH,GAAG,OAAO,CAAC,GAAG;gBACd,OAAO,EAAE,MAAM;gBACf,UAAU,EAAE,SAAS;gBACrB,YAAY,EAAE,eAAe;aAC9B;YACD,KAAK,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC;SACnC,CACF,CAAC;QAEF,MAAM,SAAS,GAAG,CAAC,IAAqB,EAAE,EAAE;YAC1C,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACxB,SAAS,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACzB,CAAC,CAAC;QAEF,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACpC,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE;YAC9B,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACxB,SAAS,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACzB,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;YACjC,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;gBACf,YAAY,CAAC,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;gBACtC,IAAI,CAAC,kCAAkC,CAAC,CAAC;gBACzC,OAAO,EAAE,CAAC;YACZ,CAAC;iBAAM,CAAC;gBACN,YAAY,CAAC,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,IAAI,IAAI,MAAM,IAAI,EAAE,EAAE,CAAC,CAAC;gBAChE,KAAK,CAAC,+BAA+B,IAAI,EAAE,CAAC,CAAC;gBAC7C,MAAM,CAAC,IAAI,KAAK,CAAC,0BAA0B,IAAI,EAAE,CAAC,CAAC,CAAC;YACtD,CAAC;QACH,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;YACtB,YAAY,CAAC,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAC7C,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/lib/domains.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Parse domains.yaml format (same as scripts/deploy/domains.yaml).
+ */
+export interface DomainsConfig {
+    api: {
+        backend_port: number;
+        domains: string[];
+    };
+    admin: {
+        domains: string[];
+    };
+    tenant: {
+        domains: string[];
+    };
+    client: {
+        domains: string[];
+    };
+}
+export declare function parseDomainsYaml(content: string): DomainsConfig;
+/** Return all domains (api + admin + tenant + client) in order. */
+export declare function getAllDomains(config: DomainsConfig): string[];
+//# sourceMappingURL=domains.d.ts.map

package/dist/lib/domains.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"domains.d.ts","sourceRoot":"","sources":["../../src/lib/domains.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IACjD,KAAK,EAAE;QAAE,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAC7B,MAAM,EAAE;QAAE,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAC9B,MAAM,EAAE;QAAE,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CAC/B;AASD,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,aAAa,CAgD/D;AAED,mEAAmE;AACnE,wBAAgB,aAAa,CAAC,MAAM,EAAE,aAAa,GAAG,MAAM,EAAE,CAO7D"}

package/dist/lib/domains.js

@@ -0,0 +1,70 @@
+/**
+ * Parse domains.yaml format (same as scripts/deploy/domains.yaml).
+ */
+const DEFAULT_CONFIG = {
+    api: { backend_port: 3000, domains: [] },
+    admin: { domains: [] },
+    tenant: { domains: [] },
+    client: { domains: [] },
+};
+export function parseDomainsYaml(content) {
+    const result = JSON.parse(JSON.stringify(DEFAULT_CONFIG));
+    const lines = content.split(/\r?\n/);
+    let current = null;
+    let inDomains = false;
+    for (const line of lines) {
+        const trimmed = line.trim();
+        if (trimmed.startsWith("#") || !trimmed)
+            continue;
+        if (/^api:\s*$/.test(trimmed)) {
+            current = "api";
+            inDomains = false;
+            continue;
+        }
+        if (/^admin:\s*$/.test(trimmed)) {
+            current = "admin";
+            inDomains = false;
+            continue;
+        }
+        if (/^tenant:\s*$/.test(trimmed)) {
+            current = "tenant";
+            inDomains = false;
+            continue;
+        }
+        if (/^client:\s*$/.test(trimmed)) {
+            current = "client";
+            inDomains = false;
+            continue;
+        }
+        const backendPortMatch = trimmed.match(/^backend_port:\s*(\d+)\s*$/);
+        if (current === "api" && backendPortMatch) {
+            result.api.backend_port = parseInt(backendPortMatch[1], 10);
+            continue;
+        }
+        if (current && /^domains:\s*$/.test(trimmed)) {
+            inDomains = true;
+            continue;
+        }
+        const domainMatch = trimmed.match(/^-\s*(.+)$/);
+        if (current && inDomains && domainMatch) {
+            const domain = domainMatch[1].trim();
+            if (domain)
+                result[current].domains.push(domain);
+        }
+    }
+    return result;
+}
+/** Return all domains (api + admin + tenant + client) in order. */
+export function getAllDomains(config) {
+    const list = [];
+    for (const d of config.api.domains)
+        list.push(d);
+    for (const d of config.admin.domains)
+        list.push(d);
+    for (const d of config.tenant.domains)
+        list.push(d);
+    for (const d of config.client.domains)
+        list.push(d);
+    return list;
+}
+//# sourceMappingURL=domains.js.map

package/dist/lib/domains.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"domains.js","sourceRoot":"","sources":["../../src/lib/domains.ts"],"names":[],"mappings":"AAAA;;GAEG;AASH,MAAM,cAAc,GAAkB;IACpC,GAAG,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE;IACxC,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;IACtB,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;IACvB,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;CACxB,CAAC;AAEF,MAAM,UAAU,gBAAgB,CAAC,OAAe;IAC9C,MAAM,MAAM,GAAkB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC,CAAC;IACzE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,OAAO,GAA+B,IAAI,CAAC;IAC/C,IAAI,SAAS,GAAG,KAAK,CAAC;IAEtB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO;YAAE,SAAS;QAElD,IAAI,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,OAAO,GAAG,KAAK,CAAC;YAChB,SAAS,GAAG,KAAK,CAAC;YAClB,SAAS;QACX,CAAC;QACD,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,OAAO,GAAG,OAAO,CAAC;YAClB,SAAS,GAAG,KAAK,CAAC;YAClB,SAAS;QACX,CAAC;QACD,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,OAAO,GAAG,QAAQ,CAAC;YACnB,SAAS,GAAG,KAAK,CAAC;YAClB,SAAS;QACX,CAAC;QACD,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,OAAO,GAAG,QAAQ,CAAC;YACnB,SAAS,GAAG,KAAK,CAAC;YAClB,SAAS;QACX,CAAC;QAED,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;QACrE,IAAI,OAAO,KAAK,KAAK,IAAI,gBAAgB,EAAE,CAAC;YAC1C,MAAM,CAAC,GAAG,CAAC,YAAY,GAAG,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC5D,SAAS;QACX,CAAC;QACD,IAAI,OAAO,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7C,SAAS,GAAG,IAAI,CAAC;YACjB,SAAS;QACX,CAAC;QACD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAChD,IAAI,OAAO,IAAI,SAAS,IAAI,WAAW,EAAE,CAAC;YACxC,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACrC,IAAI,MAAM;gBAAE,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,mEAAmE;AACnE,MAAM,UAAU,aAAa,CAAC,MAAqB;IACjD,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO;QAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACjD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO;QAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO;QAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO;QAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/lib/logger.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Unified logger: timestamp, level, optional file output.
+ */
+export type LogLevel = "info" | "warn" | "error";
+export declare function setLogFile(filePath: string): void;
+export declare function getLogFilePath(): string | null;
+export declare function info(msg: string): void;
+export declare function warn(msg: string): void;
+export declare function error(msg: string): void;
+/** Append a raw line to the log file (no timestamp/level prefix). */
+export declare function appendRaw(line: string): void;
+/** Append a structured SSL log line (time, action, domain, result, message). */
+export declare function appendSslLog(action: "create" | "renew" | "success" | "failure" | "run", domain: string, result: "ok" | "fail", message?: string): void;
+//# sourceMappingURL=logger.d.ts.map

package/dist/lib/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/lib/logger.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAkBjD,wBAAgB,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAEjD;AAED,wBAAgB,cAAc,IAAI,MAAM,GAAG,IAAI,CAE9C;AAaD,wBAAgB,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAItC;AAED,wBAAgB,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAItC;AAED,wBAAgB,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAIvC;AAED,qEAAqE;AACrE,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAE5C;AAED,gFAAgF;AAChF,wBAAgB,YAAY,CAC1B,MAAM,EAAE,QAAQ,GAAG,OAAO,GAAG,SAAS,GAAG,SAAS,GAAG,KAAK,EAC1D,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,IAAI,GAAG,MAAM,EACrB,OAAO,CAAC,EAAE,MAAM,GACf,IAAI,CAKN"}

package/dist/lib/logger.js

@@ -0,0 +1,60 @@
+/**
+ * Unified logger: timestamp, level, optional file output.
+ */
+import fs from "node:fs";
+import path from "node:path";
+const PREFIX = {
+    info: "\x1b[32m[INFO]\x1b[0m",
+    warn: "\x1b[33m[WARN]\x1b[0m",
+    error: "\x1b[31m[ERROR]\x1b[0m",
+};
+function timestamp() {
+    return new Date().toISOString().replace("T", " ").slice(0, 19);
+}
+function format(level, msg) {
+    return `${timestamp()} ${PREFIX[level]} ${msg}`;
+}
+let logFile = null;
+export function setLogFile(filePath) {
+    logFile = filePath;
+}
+export function getLogFilePath() {
+    return logFile;
+}
+function writeToLogFileSync(line) {
+    if (!logFile)
+        return;
+    try {
+        const dir = path.dirname(logFile);
+        fs.mkdirSync(dir, { recursive: true });
+        fs.appendFileSync(logFile, line + "\n");
+    }
+    catch {
+        // ignore
+    }
+}
+export function info(msg) {
+    const line = format("info", msg);
+    console.log(line);
+    writeToLogFileSync(line);
+}
+export function warn(msg) {
+    const line = format("warn", msg);
+    console.warn(line);
+    writeToLogFileSync(line);
+}
+export function error(msg) {
+    const line = format("error", msg);
+    console.error(line);
+    writeToLogFileSync(line);
+}
+/** Append a raw line to the log file (no timestamp/level prefix). */
+export function appendRaw(line) {
+    writeToLogFileSync(line);
+}
+/** Append a structured SSL log line (time, action, domain, result, message). */
+export function appendSslLog(action, domain, result, message) {
+    const line = [timestamp(), "ssl", action, domain, result, message ?? ""].join("\t");
+    writeToLogFileSync(line);
+}
+//# sourceMappingURL=logger.js.map

package/dist/lib/logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/lib/logger.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAI7B,MAAM,MAAM,GAA6B;IACvC,IAAI,EAAE,uBAAuB;IAC7B,IAAI,EAAE,uBAAuB;IAC7B,KAAK,EAAE,wBAAwB;CAChC,CAAC;AAEF,SAAS,SAAS;IAChB,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACjE,CAAC;AAED,SAAS,MAAM,CAAC,KAAe,EAAE,GAAW;IAC1C,OAAO,GAAG,SAAS,EAAE,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,EAAE,CAAC;AAClD,CAAC;AAED,IAAI,OAAO,GAAkB,IAAI,CAAC;AAElC,MAAM,UAAU,UAAU,CAAC,QAAgB;IACzC,OAAO,GAAG,QAAQ,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY;IACtC,IAAI,CAAC,OAAO;QAAE,OAAO;IACrB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAClC,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACvC,EAAE,CAAC,cAAc,CAAC,OAAO,EAAE,IAAI,GAAG,IAAI,CAAC,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;AACH,CAAC;AAED,MAAM,UAAU,IAAI,CAAC,GAAW;IAC9B,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACjC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClB,kBAAkB,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,IAAI,CAAC,GAAW;IAC9B,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACjC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnB,kBAAkB,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,KAAK,CAAC,GAAW;IAC/B,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAClC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACpB,kBAAkB,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,qEAAqE;AACrE,MAAM,UAAU,SAAS,CAAC,IAAY;IACpC,kBAAkB,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,gFAAgF;AAChF,MAAM,UAAU,YAAY,CAC1B,MAA0D,EAC1D,MAAc,EACd,MAAqB,EACrB,OAAgB;IAEhB,MAAM,IAAI,GAAG,CAAC,SAAS,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,CAC3E,IAAI,CACL,CAAC;IACF,kBAAkB,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC"}

package/dist/lib/nginx.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Generate nginx n2.conf from domains config (same output as generate-nginx-conf.js).
+ */
+import type { DomainsConfig } from "./domains.js";
+export declare function generateNginxConf(config: DomainsConfig): string;
+//# sourceMappingURL=nginx.d.ts.map

package/dist/lib/nginx.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nginx.d.ts","sourceRoot":"","sources":["../../src/lib/nginx.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAmFlD,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,aAAa,GAAG,MAAM,CAgC/D"}

package/dist/lib/nginx.js

@@ -0,0 +1,113 @@
+/**
+ * Generate nginx n2.conf from domains config (same output as generate-nginx-conf.js).
+ */
+function apiServerBlock(domain, backendPort) {
+    return `# HTTPS - API (${domain})
+server {
+    listen 443 ssl http2;
+    server_name ${domain};
+
+    ssl_certificate /etc/nginx/ssl/${domain}.crt;
+    ssl_certificate_key /etc/nginx/ssl/${domain}.key;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    access_log /var/log/nginx/api-access.log;
+    error_log /var/log/nginx/api-error.log;
+
+    location / {
+        proxy_pass http://127.0.0.1:${backendPort};
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+}
+
+`;
+}
+function staticAppServerBlock(domain, appName) {
+    const root = `/var/www/${appName}`;
+    return `# HTTPS - ${appName} (${domain})
+server {
+    listen 443 ssl http2;
+    server_name ${domain};
+
+    root ${root};
+    index index.html;
+
+    ssl_certificate /etc/nginx/ssl/${domain}.crt;
+    ssl_certificate_key /etc/nginx/ssl/${domain}.key;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    access_log /var/log/nginx/${appName}-access.log;
+    error_log /var/log/nginx/${appName}-error.log;
+
+    gzip on;
+    gzip_vary on;
+    gzip_min_length 1024;
+    gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json;
+
+    location ~* \\.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot|mp3)$ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+        access_log off;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+}
+
+`;
+}
+export function generateNginxConf(config) {
+    const blocks = [];
+    const apiPort = config.api.backend_port ?? 3000;
+    for (const d of config.api.domains) {
+        blocks.push(apiServerBlock(d, apiPort));
+    }
+    for (const d of config.admin.domains) {
+        blocks.push(staticAppServerBlock(d, "admin"));
+    }
+    for (const d of config.tenant.domains) {
+        blocks.push(staticAppServerBlock(d, "tenant"));
+    }
+    for (const d of config.client.domains) {
+        blocks.push(staticAppServerBlock(d, "client"));
+    }
+    const allDomains = [
+        ...config.api.domains,
+        ...config.admin.domains,
+        ...config.tenant.domains,
+        ...config.client.domains,
+    ];
+    const redirectBlock = `# HTTP to HTTPS redirect
+server {
+    listen 80;
+    server_name ${allDomains.join(" ")};
+    return 301 https://$host$request_uri;
+}
+`;
+    return blocks.join("\n") + "\n" + redirectBlock;
+}
+//# sourceMappingURL=nginx.js.map

package/dist/lib/nginx.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nginx.js","sourceRoot":"","sources":["../../src/lib/nginx.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,SAAS,cAAc,CAAC,MAAc,EAAE,WAAmB;IACzD,OAAO,kBAAkB,MAAM;;;kBAGf,MAAM;;qCAEa,MAAM;yCACF,MAAM;;;;;;;;;;;;sCAYT,WAAW;;;;;;;;;;;;;CAahD,CAAC;AACF,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAc,EAAE,OAAe;IAC3D,MAAM,IAAI,GAAG,YAAY,OAAO,EAAE,CAAC;IACnC,OAAO,aAAa,OAAO,KAAK,MAAM;;;kBAGtB,MAAM;;WAEb,IAAI;;;qCAGsB,MAAM;yCACF,MAAM;;;;;;;;gCAQf,OAAO;+BACR,OAAO;;;;;;;;;;;;;;;;;;;;;;;CAuBrC,CAAC;AACF,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,MAAqB;IACrD,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC;IAEhD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;IAC1C,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;QACrC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;IAChD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACtC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACtC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,UAAU,GAAG;QACjB,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO;QACrB,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO;QACvB,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO;QACxB,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO;KACzB,CAAC;IACF,MAAM,aAAa,GAAG;;;kBAGN,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC;;;CAGrC,CAAC;IAEA,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,aAAa,CAAC;AAClD,CAAC"}

package/dist/lib/paths.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Resolve deploy scripts directory: for init/ssl we need deploy.sh, server-setup.sh, ssl/*, lib/*.
+ * 1) N2_DEPLOY_SCRIPTS_DIR env
+ * 2) cwd/scripts/deploy (monorepo)
+ * 3) package assets (when published)
+ */
+export declare function getScriptsDir(cwd?: string): string | null;
+//# sourceMappingURL=paths.d.ts.map

package/dist/lib/paths.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"paths.d.ts","sourceRoot":"","sources":["../../src/lib/paths.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,wBAAgB,aAAa,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,GAAG,IAAI,CAgBxE"}

package/dist/lib/paths.js

@@ -0,0 +1,28 @@
+/**
+ * Resolve deploy scripts directory: for init/ssl we need deploy.sh, server-setup.sh, ssl/*, lib/*.
+ * 1) N2_DEPLOY_SCRIPTS_DIR env
+ * 2) cwd/scripts/deploy (monorepo)
+ * 3) package assets (when published)
+ */
+import fs from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+export function getScriptsDir(cwd = process.cwd()) {
+    const envDir = process.env.N2_DEPLOY_SCRIPTS_DIR;
+    if (envDir && fs.existsSync(path.join(envDir, "deploy.sh"))) {
+        return envDir;
+    }
+    const monorepo = path.join(cwd, "scripts", "deploy");
+    if (fs.existsSync(path.join(monorepo, "deploy.sh"))) {
+        return monorepo;
+    }
+    // From dist/cli.js, package root is ../ and we may have assets/deploy
+    const packageRoot = path.join(__dirname, "..", "..");
+    const assetsDeploy = path.join(packageRoot, "assets", "deploy");
+    if (fs.existsSync(path.join(assetsDeploy, "deploy.sh"))) {
+        return assetsDeploy;
+    }
+    return null;
+}
+//# sourceMappingURL=paths.js.map