@alienplatform/testing 0.1.0 → 1.3.3

package/dist/external-secrets.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"external-secrets.js","names":[],"sources":["../src/external-secrets.ts"],"sourcesContent":["/**\n * External secrets - platform-native secret management\n */\n\nimport { existsSync, mkdirSync, readFileSync, writeFileSync } from \"node:fs\"\nimport { join } from \"node:path\"\nimport { AlienError } from \"@alienplatform/core\"\nimport { PutParameterCommand, SSMClient } from \"@aws-sdk/client-ssm\"\nimport { ClientSecretCredential } from \"@azure/identity\"\nimport { SecretClient } from \"@azure/keyvault-secrets\"\nimport { SecretManagerServiceClient } from \"@google-cloud/secret-manager\"\nimport {\n  TestingOperationFailedError,\n  TestingUnsupportedPlatformError,\n  withTestingContext,\n} from \"./errors.js\"\nimport type { Platform } from \"./types.js\"\n\n/**\n * Set an external secret using platform-native tools\n *\n * Falls back to environment variables for cloud provider credentials.\n */\nexport async function setExternalSecret(\n  platform: Platform,\n  resourcePrefix: string,\n  vaultName: string,\n  secretKey: string,\n  secretValue: string,\n  _namespace?: string,\n  stateDir?: string,\n  deploymentId?: string,\n): Promise<void> {\n  try {\n    switch (platform) {\n      case \"aws\":\n        await setAWSSecret(resourcePrefix, vaultName, secretKey, secretValue)\n        break\n\n      case \"gcp\":\n        await setGCPSecret(resourcePrefix, vaultName, secretKey, secretValue)\n        break\n\n      case \"azure\":\n        await setAzureSecret(resourcePrefix, vaultName, secretKey, secretValue)\n        break\n\n      case \"local\":\n        await setLocalSecret(vaultName, secretKey, secretValue, stateDir, deploymentId)\n        break\n\n      default: {\n        const exhaustive: never = platform\n        throw new AlienError(\n          TestingUnsupportedPlatformError.create({\n            platform: String(exhaustive),\n            operation: \"setExternalSecret\",\n          }),\n        )\n      }\n    }\n  } catch (error) {\n    throw await withTestingContext(error, \"setExternalSecret\", \"Failed to set external secret\", {\n      platform,\n      resourcePrefix,\n      vaultName,\n      secretKey,\n    })\n  }\n}\n\n/**\n * Set AWS SSM Parameter Store secret\n *\n * Uses environment variables for credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION).\n */\nasync function setAWSSecret(\n  resourcePrefix: string,\n  vaultName: string,\n  secretKey: string,\n  secretValue: string,\n): Promise<void> {\n  const client = new SSMClient({\n    region: process.env.AWS_REGION,\n  })\n  const parameterName = `/${resourcePrefix}-${vaultName}-${secretKey}`\n\n  await client.send(\n    new PutParameterCommand({\n      Name: parameterName,\n      Value: secretValue,\n      Type: \"SecureString\",\n      Overwrite: true,\n    }),\n  )\n}\n\n/**\n * Set GCP Secret Manager secret\n *\n * Uses environment variables for credentials (GOOGLE_APPLICATION_CREDENTIALS, GCP_PROJECT_ID).\n */\nasync function setGCPSecret(\n  resourcePrefix: string,\n  vaultName: string,\n  secretKey: string,\n  secretValue: string,\n): Promise<void> {\n  // Falls back to GOOGLE_APPLICATION_CREDENTIALS\n  const client = new SecretManagerServiceClient()\n  const projectId = process.env.GCP_PROJECT_ID || process.env.GOOGLE_CLOUD_PROJECT\n\n  if (!projectId) {\n    throw new AlienError(\n      TestingOperationFailedError.create({\n        operation: \"setGCPSecret\",\n        message: \"GCP project ID is required (set GCP_PROJECT_ID or GOOGLE_CLOUD_PROJECT env var)\",\n      }),\n    )\n  }\n\n  const secretName = `${resourcePrefix}-${vaultName}-${secretKey}`\n  const parent = `projects/${projectId}`\n  const secretPath = `${parent}/secrets/${secretName}`\n\n  try {\n    // Try to create the secret first\n    await client.createSecret({\n      parent,\n      secretId: secretName,\n      secret: {\n        replication: {\n          automatic: {},\n        },\n      },\n    })\n  } catch (error: any) {\n    // Secret already exists, that's fine\n    if (!error.message?.includes(\"ALREADY_EXISTS\")) {\n      throw await withTestingContext(error, \"setGCPSecret\", \"Failed to create GCP secret\")\n    }\n  }\n\n  // Add secret version\n  await client.addSecretVersion({\n    parent: secretPath,\n    payload: {\n      data: Buffer.from(secretValue, \"utf8\"),\n    },\n  })\n}\n\n/**\n * Set Azure Key Vault secret\n *\n * Uses environment variables for credentials (AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET).\n */\nasync function setAzureSecret(\n  resourcePrefix: string,\n  vaultName: string,\n  secretKey: string,\n  secretValue: string,\n): Promise<void> {\n  const vaultNameFull = `${resourcePrefix}-${vaultName}`\n  const vaultUrl = `https://${vaultNameFull}.vault.azure.net`\n\n  // Fall back to environment variables\n  const tenantId = process.env.AZURE_TENANT_ID\n  const clientId = process.env.AZURE_CLIENT_ID\n  const clientSecret = process.env.AZURE_CLIENT_SECRET\n\n  if (!tenantId || !clientId || !clientSecret) {\n    throw new AlienError(\n      TestingOperationFailedError.create({\n        operation: \"setAzureSecret\",\n        message:\n          \"Azure credentials are required (set AZURE_TENANT_ID, AZURE_CLIENT_ID, and AZURE_CLIENT_SECRET env vars)\",\n      }),\n    )\n  }\n\n  const credential = new ClientSecretCredential(tenantId, clientId, clientSecret)\n  const client = new SecretClient(vaultUrl, credential)\n\n  // Azure Key Vault requires alphanumeric names with hyphens\n  const azureSecretKey = secretKey.replace(/_/g, \"-\")\n\n  await client.setSecret(azureSecretKey, secretValue)\n}\n\n/**\n * Set local dev secret by writing directly to the vault's secrets.json file.\n *\n * The local vault binding (LocalVault) reads from:\n *   {stateDir}/{deploymentId}/vault/{vaultName}/secrets.json\n *\n * We write to the same path so the running function can read it immediately.\n */\nasync function setLocalSecret(\n  vaultName: string,\n  secretKey: string,\n  secretValue: string,\n  stateDir?: string,\n  deploymentId?: string,\n): Promise<void> {\n  if (!stateDir) {\n    throw new AlienError(\n      TestingOperationFailedError.create({\n        operation: \"setLocalSecret\",\n        message: \"stateDir is required for local vault set\",\n      }),\n    )\n  }\n\n  if (!deploymentId) {\n    throw new AlienError(\n      TestingOperationFailedError.create({\n        operation: \"setLocalSecret\",\n        message: \"deploymentId is required for local vault set\",\n      }),\n    )\n  }\n\n  // Path matches what LocalVault reads: {stateDir}/{deploymentId}/vault/{vaultName}/secrets.json\n  const vaultDir = join(stateDir, deploymentId, \"vault\", vaultName)\n  const secretsFile = join(vaultDir, \"secrets.json\")\n\n  // Read existing secrets or start fresh\n  let secrets: Record<string, string> = {}\n  if (existsSync(secretsFile)) {\n    secrets = JSON.parse(readFileSync(secretsFile, \"utf-8\"))\n  }\n\n  // Set the secret\n  secrets[secretKey] = secretValue\n\n  // Write back\n  mkdirSync(vaultDir, { recursive: true })\n  writeFileSync(secretsFile, JSON.stringify(secrets, null, 2))\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAuBA,eAAsB,kBACpB,UACA,gBACA,WACA,WACA,aACA,YACA,UACA,cACe;AACf,KAAI;AACF,UAAQ,UAAR;GACE,KAAK;AACH,UAAM,aAAa,gBAAgB,WAAW,WAAW,YAAY;AACrE;GAEF,KAAK;AACH,UAAM,aAAa,gBAAgB,WAAW,WAAW,YAAY;AACrE;GAEF,KAAK;AACH,UAAM,eAAe,gBAAgB,WAAW,WAAW,YAAY;AACvE;GAEF,KAAK;AACH,UAAM,eAAe,WAAW,WAAW,aAAa,UAAU,aAAa;AAC/E;GAEF,SAAS;IACP,MAAM,aAAoB;AAC1B,UAAM,IAAI,WACR,gCAAgC,OAAO;KACrC,UAAU,OAAO,WAAW;KAC5B,WAAW;KACZ,CAAC,CACH;;;UAGE,OAAO;AACd,QAAM,MAAM,mBAAmB,OAAO,qBAAqB,iCAAiC;GAC1F;GACA;GACA;GACA;GACD,CAAC;;;;;;;;AASN,eAAe,aACb,gBACA,WACA,WACA,aACe;CACf,MAAM,SAAS,IAAI,UAAU,EAC3B,QAAQ,QAAQ,IAAI,YACrB,CAAC;CACF,MAAM,gBAAgB,IAAI,eAAe,GAAG,UAAU,GAAG;AAEzD,OAAM,OAAO,KACX,IAAI,oBAAoB;EACtB,MAAM;EACN,OAAO;EACP,MAAM;EACN,WAAW;EACZ,CAAC,CACH;;;;;;;AAQH,eAAe,aACb,gBACA,WACA,WACA,aACe;CAEf,MAAM,SAAS,IAAI,4BAA4B;CAC/C,MAAM,YAAY,QAAQ,IAAI,kBAAkB,QAAQ,IAAI;AAE5D,KAAI,CAAC,UACH,OAAM,IAAI,WACR,4BAA4B,OAAO;EACjC,WAAW;EACX,SAAS;EACV,CAAC,CACH;CAGH,MAAM,aAAa,GAAG,eAAe,GAAG,UAAU,GAAG;CACrD,MAAM,SAAS,YAAY;CAC3B,MAAM,aAAa,GAAG,OAAO,WAAW;AAExC,KAAI;AAEF,QAAM,OAAO,aAAa;GACxB;GACA,UAAU;GACV,QAAQ,EACN,aAAa,EACX,WAAW,EAAE,EACd,EACF;GACF,CAAC;UACK,OAAY;AAEnB,MAAI,CAAC,MAAM,SAAS,SAAS,iBAAiB,CAC5C,OAAM,MAAM,mBAAmB,OAAO,gBAAgB,8BAA8B;;AAKxF,OAAM,OAAO,iBAAiB;EAC5B,QAAQ;EACR,SAAS,EACP,MAAM,OAAO,KAAK,aAAa,OAAO,EACvC;EACF,CAAC;;;;;;;AAQJ,eAAe,eACb,gBACA,WACA,WACA,aACe;CAEf,MAAM,WAAW,WADK,GAAG,eAAe,GAAG,YACD;CAG1C,MAAM,WAAW,QAAQ,IAAI;CAC7B,MAAM,WAAW,QAAQ,IAAI;CAC7B,MAAM,eAAe,QAAQ,IAAI;AAEjC,KAAI,CAAC,YAAY,CAAC,YAAY,CAAC,aAC7B,OAAM,IAAI,WACR,4BAA4B,OAAO;EACjC,WAAW;EACX,SACE;EACH,CAAC,CACH;CAIH,MAAM,SAAS,IAAI,aAAa,UADb,IAAI,uBAAuB,UAAU,UAAU,aAAa,CAC1B;CAGrD,MAAM,iBAAiB,UAAU,QAAQ,MAAM,IAAI;AAEnD,OAAM,OAAO,UAAU,gBAAgB,YAAY;;;;;;;;;;AAWrD,eAAe,eACb,WACA,WACA,aACA,UACA,cACe;AACf,KAAI,CAAC,SACH,OAAM,IAAI,WACR,4BAA4B,OAAO;EACjC,WAAW;EACX,SAAS;EACV,CAAC,CACH;AAGH,KAAI,CAAC,aACH,OAAM,IAAI,WACR,4BAA4B,OAAO;EACjC,WAAW;EACX,SAAS;EACV,CAAC,CACH;CAIH,MAAM,WAAW,KAAK,UAAU,cAAc,SAAS,UAAU;CACjE,MAAM,cAAc,KAAK,UAAU,eAAe;CAGlD,IAAI,UAAkC,EAAE;AACxC,KAAI,WAAW,YAAY,CACzB,WAAU,KAAK,MAAM,aAAa,aAAa,QAAQ,CAAC;AAI1D,SAAQ,aAAa;AAGrB,WAAU,UAAU,EAAE,WAAW,MAAM,CAAC;AACxC,eAAc,aAAa,KAAK,UAAU,SAAS,MAAM,EAAE,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,165 @@
+import * as node_child_process0 from "node:child_process";
+import * as _alienplatform_core0 from "@alienplatform/core";
+import { AlienError } from "@alienplatform/core";
+import * as z from "zod/v4";
+
+//#region src/types.d.ts
+
+/**
+ * Core types for @alienplatform/testing
+ */
+/**
+ * Target platform for deployment.
+ *
+ * - 'local' (default) — runs locally via `alien dev`, no credentials needed
+ * - 'aws' | 'gcp' | 'azure' — deploys to the cloud via the platform API (requires ALIEN_API_KEY)
+ */
+type Platform = "local" | "aws" | "gcp" | "azure";
+/**
+ * Environment variable configuration for deployments
+ */
+interface EnvironmentVariable {
+  name: string;
+  value: string;
+  type?: "plain" | "secret";
+  targetResources?: string[];
+}
+/**
+ * Options for deploying an application
+ */
+interface DeployOptions {
+  /** Path to application directory */
+  app: string;
+  /** Optional: specific config file to use (e.g., alien.function.ts) */
+  config?: string;
+  /** Target platform (default: 'local') */
+  platform?: Platform;
+  /** Environment variables */
+  environmentVariables?: EnvironmentVariable[];
+  /** Verbose logging */
+  verbose?: boolean;
+}
+/**
+ * Options for upgrading a deployment
+ */
+interface UpgradeOptions {
+  environmentVariables?: EnvironmentVariable[];
+}
+/**
+ * Deployment info response from alien dev server
+ */
+interface DeploymentInfo {
+  commands: {
+    url: string;
+    deploymentId: string;
+  };
+  resources: Record<string, {
+    resourceType: string;
+    publicUrl?: string;
+  }>;
+  status: string;
+  platform: Platform;
+}
+/**
+ * Init params for creating a Deployment instance (internal)
+ */
+interface DeploymentInit {
+  id: string;
+  name: string;
+  url: string;
+  platform: Platform;
+  commandsUrl: string;
+  appPath: string;
+  process?: node_child_process0.ChildProcess;
+  apiUrl?: string;
+  apiKey?: string;
+}
+//#endregion
+//#region src/deployment.d.ts
+declare class Deployment {
+  readonly id: string;
+  readonly name: string;
+  readonly url: string;
+  readonly platform: Platform;
+  /** Whether the deployment has been destroyed */
+  destroyed: boolean;
+  private process?;
+  private commandsUrl;
+  private appPath;
+  private apiUrl?;
+  private apiKey?;
+  constructor(params: DeploymentInit);
+  /**
+   * Invoke a command on the deployment
+   */
+  invokeCommand(name: string, params: any): Promise<any>;
+  /**
+   * Set an external secret using platform-native tools
+   */
+  setExternalSecret(vaultName: string, secretKey: string, secretValue: string): Promise<void>;
+  /**
+   * Upgrade the deployment by creating a new release and updating the deployment.
+   * Only works for API-mode deployments (cloud platforms).
+   */
+  upgrade(options?: UpgradeOptions): Promise<void>;
+  /**
+   * Destroy the deployment.
+   *
+   * For dev mode: kills the `alien dev` process.
+   * For API mode: calls DELETE on platform API.
+   */
+  destroy(): Promise<void>;
+  private resolveCliPath;
+}
+//#endregion
+//#region src/deploy.d.ts
+/**
+ * Deploy an Alien application for testing.
+ *
+ * Uses local dev mode by default. Set `platform` to a cloud provider
+ * to deploy via the platform API (requires ALIEN_API_KEY env var).
+ */
+declare function deploy(options: DeployOptions): Promise<Deployment>;
+//#endregion
+//#region src/errors.d.ts
+declare const TestingOperationFailedError: {
+  metadata: _alienplatform_core0.AlienErrorMetadata<z.ZodObject<{
+    operation: z.ZodString;
+    message: z.ZodString;
+    details: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+  }, z.core.$strip>>;
+  contextSchema: z.ZodObject<{
+    operation: z.ZodString;
+    message: z.ZodString;
+    details: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+  }, z.core.$strip>;
+  create: (context: {
+    operation: string;
+    message: string;
+    details?: Record<string, unknown> | undefined;
+  }) => _alienplatform_core0.AlienErrorDefinition<z.ZodObject<{
+    operation: z.ZodString;
+    message: z.ZodString;
+    details: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+  }, z.core.$strip>>;
+};
+declare const TestingUnsupportedPlatformError: {
+  metadata: _alienplatform_core0.AlienErrorMetadata<z.ZodObject<{
+    platform: z.ZodString;
+    operation: z.ZodString;
+  }, z.core.$strip>>;
+  contextSchema: z.ZodObject<{
+    platform: z.ZodString;
+    operation: z.ZodString;
+  }, z.core.$strip>;
+  create: (context: {
+    platform: string;
+    operation: string;
+  }) => _alienplatform_core0.AlienErrorDefinition<z.ZodObject<{
+    platform: z.ZodString;
+    operation: z.ZodString;
+  }, z.core.$strip>>;
+};
+//#endregion
+export { type DeployOptions, Deployment, type DeploymentInfo, type EnvironmentVariable, type Platform, TestingOperationFailedError, TestingUnsupportedPlatformError, type UpgradeOptions, deploy };
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","names":[],"sources":["../src/types.ts","../src/deployment.ts","../src/deploy.ts","../src/errors.ts"],"mappings":";;;;;;;;;;;;;AAUA;AAKA;AAUA;AAA8B,KAflB,QAAA,GAekB,OAAA,GAAA,KAAA,GAAA,KAAA,GAAA,OAAA;;;;AAoBb,UA9BA,mBAAA,CA+BQ;EAMR,IAAA,EAAA,MAAA;EAAc,KAAA,EAAA,MAAA;MAKlB,CAAA,EAAA,OAAA,GAAA,QAAA;iBAQD,CAAA,EAAA,MAAA,EAAA;;AAMZ;;;AAIoB,UAlDH,aAAA,CAuDwB;EAAY;;;;EC9DxC;EAAU,QAAA,CAAA,EDeV,QCfU;;sBAiBD,CAAA,EDCG,mBCDH,EAAA;;SAkCjB,CAAA,EAAA,OAAA;;;;;UDxBY,cAAA;yBACQ;;AEuBzB;;;AAA8D,UFjB7C,cAAA,CEiB6C;UAAR,EAAA;IAAO,GAAA,EAAA,MAAA;;;aFZhD;IGtDA,YAAA,EAAA,MAAA;IAWX,SAAA,CAAA,EAAA,MAAA;;;YHmDU;;;;;UAMK,cAAA;;;;YAIL;;;YAAQ,mBAAA,CAKqB;;;;;;AAvDxB,cCPJ,UAAA,CDOiB;EAAA,SAAA,EAAA,EAAA,MAAA;WAQjB,IAAA,EAAA,MAAA;WAGY,GAAA,EAAA,MAAA;EAAmB,SAAA,QAAA,ECdvB,QDcuB;EAS3B;EAOA,SAAA,EAAA,OAAc;EAAA,QAAA,OAAA;UAKlB,WAAA;UAQD,OAAA;EAAQ,QAAA,MAAA;EAMH,QAAA,MAAA;EAAc,WAAA,CAAA,MAAA,ECpCT,cDoCS;;;;4CCrBmB;;;AAhClD;EAAuB,iBAAA,CAAA,SAAA,EAAA,MAAA,EAAA,SAAA,EAAA,MAAA,EAAA,WAAA,EAAA,MAAA,CAAA,EAmDlB,OAnDkB,CAAA,IAAA,CAAA;;;;;SAsEE,CAAA,OAAA,CAAA,EAAA,cAAA,CAAA,EAAsB,OAAtB,CAAA,IAAA,CAAA;;;;;;;ECnBH,OAAA,CAAA,CAAM,EDiGT,OCjGS,CAAA,IAAA,CAAA;EAAA,QAAA,cAAA;;;;;;;;AFxB5B;AAOA;AAA+B,iBEiBT,MAAA,CFjBS,OAAA,EEiBO,aFjBP,CAAA,EEiBuB,OFjBvB,CEiB+B,UFjB/B,CAAA;;;cGjDlB;;;;IHOD,OAAQ,eAAA,YAAA,YAAA,cAAA,CAAA,CAAA;EAKH,CAAA,eAAA,CAAA,CAAA;EAUA,aAAA,aAAa,CAAA;IAAA,SAAA,aAAA;IAQjB,OAAA,aAAA;IAGY,OAAA,eAAA,YAAA,YAAA,cAAA,CAAA,CAAA;EAAmB,CAAA,eAAA,CAAA;EAS3B,MAAA,EAAA,CAAA,OAAA,EAAc;IAOd,SAAA,EAAA,MAAc;IAAA,OAAA,EAAA,MAAA;IAKlB,OAAA,CAAA,QAAA,CAAA,MAAA,EAAA,OAAA,CAAA,GAAA,SAAA;KAQD,4CAAA,YAAA,CAAA;IAAQ,SAAA,aAAA;IAMH,OAAA,aAAc;IAAA,OAAA,eAAA,YAAA,YAAA,cAAA,CAAA,CAAA;kBAInB,CAAA,CAAA;;AAKyC,cGhExC,+BHgEwC,EAAA;;;;EC9DxC,CAAA,eAAU,CAAA,CAAA;EAAA,aAAA,aAAA,CAAA;IAIF,QAAA,aAAA;IAaC,SAAA,aAAA;kBAe4B,CAAA;QAmB7C,EAAA,CAAA,OAAA,EAAA;IAmBoB,QAAA,EAAA,MAAA;IAAsB,SAAA,EAAA,MAAA;KA8E5B,4CAAA,YAAA,CAAA;IAAO,QAAA,aAAA"}

package/dist/index.js

@@ -0,0 +1,458 @@
+import { n as TestingUnsupportedPlatformError, r as withTestingContext, t as TestingOperationFailedError } from "./errors.js";
+import { execFile, spawn } from "node:child_process";
+import { existsSync, readFileSync, rmSync } from "node:fs";
+import { dirname, join, resolve } from "node:path";
+import { promisify } from "node:util";
+import { AlienError } from "@alienplatform/core";
+import getPort from "get-port";
+import { CommandsClient } from "@alienplatform/sdk/commands";
+//#region src/deployment.ts
+/**
+* Deployment — handle to a deployed application for testing
+*
+* Supports two deployment modes:
+* - Dev mode: manages a child `alien dev` process (local platform)
+* - API mode: manages a deployment via platform API (cloud platforms)
+*/
+const execFileAsync$1 = promisify(execFile);
+var Deployment = class {
+	id;
+	name;
+	url;
+	platform;
+	/** Whether the deployment has been destroyed */
+	destroyed = false;
+	process;
+	commandsUrl;
+	appPath;
+	apiUrl;
+	apiKey;
+	constructor(params) {
+		this.id = params.id;
+		this.name = params.name;
+		this.url = params.url;
+		this.platform = params.platform;
+		this.commandsUrl = params.commandsUrl;
+		this.process = params.process;
+		this.appPath = params.appPath;
+		this.apiUrl = params.apiUrl;
+		this.apiKey = params.apiKey;
+	}
+	/**
+	* Invoke a command on the deployment
+	*/
+	async invokeCommand(name, params) {
+		const token = this.apiKey ?? "";
+		return new CommandsClient({
+			managerUrl: this.commandsUrl,
+			deploymentId: this.id,
+			token,
+			allowLocalStorage: this.platform === "local"
+		}).invoke(name, params);
+	}
+	/**
+	* Set an external secret using platform-native tools
+	*/
+	async setExternalSecret(vaultName, secretKey, secretValue) {
+		const { setExternalSecret } = await import("./external-secrets.js");
+		const stateDir = this.appPath ? `${this.appPath}/.alien` : void 0;
+		await setExternalSecret(this.platform, this.name, vaultName, secretKey, secretValue, void 0, stateDir, this.id);
+	}
+	/**
+	* Upgrade the deployment by creating a new release and updating the deployment.
+	* Only works for API-mode deployments (cloud platforms).
+	*/
+	async upgrade(options = {}) {
+		if (!this.apiUrl || !this.apiKey) throw new Error("upgrade() requires a cloud deployment (not local dev mode)");
+		const headers = {
+			Authorization: `Bearer ${this.apiKey}`,
+			"Content-Type": "application/json"
+		};
+		await execFileAsync$1(this.resolveCliPath(), [
+			"build",
+			"--platform",
+			this.platform
+		], { cwd: this.appPath });
+		const stackPath = resolve(this.appPath, ".alien", "stack.json");
+		const stack = JSON.parse(readFileSync(stackPath, "utf-8"));
+		const releaseResp = await fetch(`${this.apiUrl}/v1/releases`, {
+			method: "POST",
+			headers,
+			body: JSON.stringify({ stack })
+		});
+		if (!releaseResp.ok) {
+			const body = await releaseResp.text();
+			throw new Error(`Failed to create release for upgrade: ${releaseResp.status} ${body}`);
+		}
+		const release = await releaseResp.json();
+		const patchBody = { releaseId: release.id };
+		if (options.environmentVariables?.length) patchBody.environmentVariables = options.environmentVariables;
+		const patchResp = await fetch(`${this.apiUrl}/v1/deployments/${this.id}`, {
+			method: "PATCH",
+			headers,
+			body: JSON.stringify(patchBody)
+		});
+		if (!patchResp.ok) {
+			const body = await patchResp.text();
+			throw new Error(`Failed to update deployment for upgrade: ${patchResp.status} ${body}`);
+		}
+		const timeout = 3e5;
+		const start = Date.now();
+		while (Date.now() - start < timeout) {
+			const resp = await fetch(`${this.apiUrl}/v1/deployments/${this.id}`, { headers: { Authorization: `Bearer ${this.apiKey}` } });
+			if (resp.ok) {
+				const data = await resp.json();
+				if (data.releaseId === release.id && data.status === "running") return;
+				if (data.status === "error" || data.status.includes("failed")) throw new Error(`Deployment failed during upgrade with status: ${data.status}`);
+			}
+			await new Promise((r) => setTimeout(r, 5e3));
+		}
+		throw new Error("Timeout waiting for deployment to pick up upgrade");
+	}
+	/**
+	* Destroy the deployment.
+	*
+	* For dev mode: kills the `alien dev` process.
+	* For API mode: calls DELETE on platform API.
+	*/
+	async destroy() {
+		if (this.destroyed) return;
+		if (this.process) {
+			if (!this.process.killed) {
+				this.process.kill("SIGTERM");
+				await new Promise((resolve) => {
+					const timeout = setTimeout(() => {
+						if (!this.process.killed) this.process.kill("SIGKILL");
+						resolve();
+					}, 5e3);
+					this.process.once("exit", () => {
+						clearTimeout(timeout);
+						resolve();
+					});
+				});
+			}
+			this.destroyed = true;
+			return;
+		}
+		if (this.apiUrl && this.apiKey) {
+			const headers = { Authorization: `Bearer ${this.apiKey}` };
+			const resp = await fetch(`${this.apiUrl}/v1/deployments/${this.id}`, {
+				method: "DELETE",
+				headers
+			});
+			if (!resp.ok && resp.status !== 404) {
+				const body = await resp.text();
+				throw new Error(`Failed to destroy deployment: ${resp.status} ${body}`);
+			}
+			const timeout = 3e5;
+			const start = Date.now();
+			while (Date.now() - start < timeout) {
+				const checkResp = await fetch(`${this.apiUrl}/v1/deployments/${this.id}`, { headers });
+				if (checkResp.status === 404) break;
+				if (checkResp.ok) {
+					const data = await checkResp.json();
+					if (data.status === "destroyed" || data.status === "deleted") break;
+				}
+				await new Promise((r) => setTimeout(r, 5e3));
+			}
+		}
+		this.destroyed = true;
+	}
+	resolveCliPath() {
+		const raw = process.env.ALIEN_CLI_PATH?.trim();
+		if (raw) return raw.includes("/") || raw.includes("\\") ? resolve(raw) : raw;
+		return "alien";
+	}
+};
+//#endregion
+//#region src/deploy.ts
+/**
+* deploy() — single entry point for deploying an Alien application for testing
+*
+* Auto-detects the deployment method based on the target platform:
+* - local (default): spawns `alien dev` and watches its status file contract
+* - aws / gcp / azure: builds + creates release/deployment via platform API — reads ALIEN_API_KEY from env
+*/
+const execFileAsync = promisify(execFile);
+/**
+* Get the alien CLI path with fallback discovery.
+*
+* Resolution order:
+* 1. ALIEN_CLI_PATH (if set)
+* 2. nearest ../target/debug/alien (or alien.exe) walking upward from app path
+* 3. "alien" from PATH
+*/
+function getAlienCliPath(appPath) {
+	const raw = process.env.ALIEN_CLI_PATH?.trim();
+	if (raw) {
+		if (raw.includes("/") || raw.includes("\\")) return resolve(raw);
+		return raw;
+	}
+	let current = resolve(appPath);
+	while (true) {
+		const unixCandidate = join(current, "target", "debug", "alien");
+		if (existsSync(unixCandidate)) return unixCandidate;
+		const windowsCandidate = `${unixCandidate}.exe`;
+		if (existsSync(windowsCandidate)) return windowsCandidate;
+		const parent = dirname(current);
+		if (parent === current) break;
+		current = parent;
+	}
+	return "alien";
+}
+/**
+* Deploy an Alien application for testing.
+*
+* Uses local dev mode by default. Set `platform` to a cloud provider
+* to deploy via the platform API (requires ALIEN_API_KEY env var).
+*/
+async function deploy(options) {
+	if ((options.platform ?? "local") === "local") return deployViaDev(options);
+	return deployViaApi(options);
+}
+async function deployViaDev(options) {
+	const verbose = options.verbose ?? process.env.VERBOSE === "true";
+	const port = await getPort();
+	const cliPath = getAlienCliPath(options.app);
+	const statusFile = join(options.app, ".alien", "testing-dev-status.json");
+	const args = [
+		"dev",
+		"--port",
+		String(port),
+		"--status-file",
+		statusFile
+	];
+	if (options.config) args.push("--config", options.config);
+	for (const ev of options.environmentVariables ?? []) {
+		const flag = ev.type === "secret" ? "--secret" : "--env";
+		const targets = ev.targetResources?.length ? `:${ev.targetResources.join(",")}` : "";
+		args.push(flag, `${ev.name}=${ev.value}${targets}`);
+	}
+	if (verbose) console.log(`[testing] Spawning: ${cliPath} ${args.join(" ")}`);
+	rmSync(join(options.app, ".alien"), {
+		recursive: true,
+		force: true
+	});
+	const childEnv = { ...process.env };
+	const proc = spawn(cliPath, args, {
+		cwd: options.app,
+		env: childEnv,
+		stdio: [
+			"ignore",
+			"pipe",
+			"pipe"
+		]
+	});
+	let stdout = "";
+	let stderr = "";
+	proc.stdout?.on("data", (data) => {
+		stdout += data.toString();
+		if (verbose) process.stdout.write(data);
+	});
+	proc.stderr?.on("data", (data) => {
+		stderr += data.toString();
+		if (verbose) process.stderr.write(data);
+	});
+	let exited = false;
+	let exitCode = null;
+	proc.on("exit", (code) => {
+		exited = true;
+		exitCode = code;
+	});
+	proc.on("error", (err) => {
+		exited = true;
+		exitCode = 1;
+		stderr += `\nFailed to spawn alien CLI: ${err.message}`;
+	});
+	try {
+		const agent = findPrimaryAgent(await waitForDevStatusReady(statusFile, () => exited, () => exitCode, () => stderr));
+		const publicUrl = findPublicUrl(agent.resources);
+		if (!publicUrl) throw new AlienError(TestingOperationFailedError.create({
+			operation: "resolve-public-url",
+			message: "No public URL found in deployment resources",
+			details: { resources: agent.resources }
+		}));
+		if (verbose) {
+			console.log(`[testing] Public URL: ${publicUrl}`);
+			if (agent.commandsUrl) console.log(`[testing] Commands URL: ${agent.commandsUrl}`);
+		}
+		if (!agent.commandsUrl) throw new AlienError(TestingOperationFailedError.create({
+			operation: "resolve-commands-url",
+			message: "alien dev status file did not include a commands URL",
+			details: { agent }
+		}));
+		return new Deployment({
+			id: agent.id,
+			name: agent.name,
+			url: publicUrl,
+			platform: options.platform ?? "local",
+			commandsUrl: agent.commandsUrl,
+			process: proc,
+			appPath: options.app
+		});
+	} catch (error) {
+		proc.kill("SIGTERM");
+		throw await withTestingContext(error, "deploy", "Failed while waiting for alien dev to become ready", {
+			statusFile,
+			appPath: options.app,
+			platform: options.platform ?? "local"
+		});
+	}
+}
+async function deployViaApi(options) {
+	const platform = options.platform ?? "local";
+	const verbose = options.verbose ?? process.env.VERBOSE === "true";
+	const apiKey = process.env.ALIEN_API_KEY;
+	if (!apiKey) throw new Error(`Cloud deployment (platform: '${platform}') requires the ALIEN_API_KEY environment variable to be set`);
+	const apiUrl = process.env.ALIEN_API_URL ?? "https://api.alien.dev";
+	const headers = {
+		Authorization: `Bearer ${apiKey}`,
+		"Content-Type": "application/json"
+	};
+	if (verbose) console.log("[testing:api] Building application...");
+	const cliPath = getAlienCliPath(options.app);
+	const buildArgs = [
+		"build",
+		"--platform",
+		platform
+	];
+	if (options.config) buildArgs.push("--config", options.config);
+	await execFileAsync(cliPath, buildArgs, { cwd: options.app });
+	const stackPath = resolve(options.app, ".alien", "stack.json");
+	if (!existsSync(stackPath)) throw new Error(`Build did not produce stack.json at ${stackPath}`);
+	const stack = JSON.parse(readFileSync(stackPath, "utf-8"));
+	if (verbose) console.log("[testing:api] Creating release...");
+	const releaseResp = await fetch(`${apiUrl}/v1/releases`, {
+		method: "POST",
+		headers,
+		body: JSON.stringify({ stack })
+	});
+	if (!releaseResp.ok) {
+		const body = await releaseResp.text();
+		throw new Error(`Failed to create release: ${releaseResp.status} ${body}`);
+	}
+	const release = await releaseResp.json();
+	if (verbose) console.log("[testing:api] Creating deployment...");
+	const deploymentName = `e2e-${Date.now()}`;
+	const deployBody = {
+		releaseId: release.id,
+		platform,
+		name: deploymentName
+	};
+	if (options.environmentVariables?.length) deployBody.environmentVariables = options.environmentVariables;
+	const deployResp = await fetch(`${apiUrl}/v1/deployments`, {
+		method: "POST",
+		headers,
+		body: JSON.stringify(deployBody)
+	});
+	if (!deployResp.ok) {
+		const body = await deployResp.text();
+		throw new Error(`Failed to create deployment: ${deployResp.status} ${body}`);
+	}
+	const deployment = await deployResp.json();
+	if (verbose) console.log(`[testing:api] Waiting for deployment ${deployment.id} to be running...`);
+	const running = await waitForPlatformDeploymentRunning(apiUrl, apiKey, deployment.id, verbose);
+	return new Deployment({
+		id: running.id,
+		name: running.name,
+		url: running.url,
+		platform,
+		commandsUrl: running.commandsUrl,
+		appPath: options.app,
+		apiUrl,
+		apiKey
+	});
+}
+/**
+* Wait for `alien dev` to report a ready local session via its status file.
+*/
+async function waitForDevStatusReady(statusFile, hasExited, getExitCode, getStderr) {
+	const timeout = 9e5;
+	const pollInterval = 500;
+	const start = Date.now();
+	while (Date.now() - start < timeout) {
+		if (hasExited()) throw new AlienError(TestingOperationFailedError.create({
+			operation: "wait-for-ready",
+			message: "alien dev exited before the local session became ready",
+			details: {
+				exitCode: getExitCode(),
+				stderrTail: getStderr().slice(-1e3)
+			}
+		}));
+		if (!existsSync(statusFile)) {
+			await new Promise((r) => setTimeout(r, pollInterval));
+			continue;
+		}
+		try {
+			const status = JSON.parse(readFileSync(statusFile, "utf-8"));
+			if (status.status === "error") throw new AlienError(TestingOperationFailedError.create({
+				operation: "wait-for-ready",
+				message: "alien dev reported an error status",
+				details: { status }
+			}));
+			if (status.status === "ready" && Object.keys(status.agents ?? {}).length > 0) return status;
+		} catch (error) {
+			if (error instanceof AlienError && error.code === "TESTING_OPERATION_FAILED") throw error;
+		}
+		await new Promise((r) => setTimeout(r, pollInterval));
+	}
+	throw new AlienError(TestingOperationFailedError.create({
+		operation: "wait-for-ready",
+		message: `Timeout waiting for alien dev to report readiness (${timeout / 1e3}s)`,
+		details: {
+			statusFile,
+			timeoutMs: timeout
+		}
+	}));
+}
+function findPrimaryAgent(status) {
+	const agent = Object.values(status.agents ?? {})[0];
+	if (!agent) throw new AlienError(TestingOperationFailedError.create({
+		operation: "resolve-agent",
+		message: "alien dev reported readiness but no agents were present in the status file",
+		details: { status }
+	}));
+	return agent;
+}
+/**
+* Wait for a platform API deployment to reach "running" status.
+*/
+async function waitForPlatformDeploymentRunning(apiUrl, apiKey, deploymentId, verbose) {
+	const timeout = 9e5;
+	const pollInterval = 5e3;
+	const start = Date.now();
+	const headers = { Authorization: `Bearer ${apiKey}` };
+	while (Date.now() - start < timeout) {
+		try {
+			const resp = await fetch(`${apiUrl}/v1/deployments/${deploymentId}`, {
+				headers,
+				signal: AbortSignal.timeout(1e4)
+			});
+			if (resp.ok) {
+				const data = await resp.json();
+				if (verbose) console.log(`[testing] Deployment ${deploymentId} status: ${data.status}`);
+				if (data.status === "running") {
+					if (!data.url) throw new Error(`Deployment is running but has no URL: ${JSON.stringify(data)}`);
+					return data;
+				}
+				if (data.status === "error" || data.status.includes("failed")) throw new Error(`Deployment failed with status: ${data.status}`);
+			}
+		} catch (error) {
+			if (error instanceof Error && error.message.includes("failed with status")) throw error;
+		}
+		await new Promise((r) => setTimeout(r, pollInterval));
+	}
+	throw new Error(`Timeout waiting for deployment ${deploymentId} to reach running status (${timeout / 1e3}s)`);
+}
+/**
+* Find the public URL from deployment resources
+*/
+function findPublicUrl(resources) {
+	for (const [name, resource] of Object.entries(resources)) if (resource.url && (name.includes("router") || name.includes("gateway") || name.includes("proxy"))) return resource.url;
+	const publicResources = Object.entries(resources).filter(([_, r]) => (r.resourceType === "container" || r.resourceType === "function") && r.url);
+	if (publicResources.length > 0) return publicResources[publicResources.length - 1][1].url;
+}
+//#endregion
+export { Deployment, TestingOperationFailedError, TestingUnsupportedPlatformError, deploy };
+
+//# sourceMappingURL=index.js.map