@brewnet/cli 0.0.1 → 0.0.2

package/dist/chunk-FZZ3HP2G.js

@@ -0,0 +1,1151 @@
+#!/usr/bin/env node
+import {
+  addApp,
+  appendDeployHistory,
+  readApps,
+  readDeployHistory,
+  removeApp,
+  updateApp
+} from "./chunk-JIPAYMOA.js";
+import {
+  getLastProject,
+  loadState
+} from "./chunk-ZKMWE5AH.js";
+
+// src/services/app-manager.ts
+import { existsSync as existsSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2, readdirSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+import { randomBytes } from "crypto";
+import { execa } from "execa";
+
+// src/services/gitea-client.ts
+import { existsSync, readFileSync, writeFileSync, chmodSync, mkdirSync, unlinkSync } from "fs";
+import { dirname } from "path";
+import { execSync } from "child_process";
+var GiteaClient = class {
+  config;
+  constructor(config) {
+    this.config = config;
+  }
+  // ---------------------------------------------------------------------------
+  // Token management
+  // ---------------------------------------------------------------------------
+  /**
+   * Create a Gitea API token via Basic Auth.
+   * If the admin account has mustChangePassword=true (403), auto-fixes via docker exec and retries.
+   * Saves the token to tokenPath on success.
+   */
+  async _createToken() {
+    const { tokenPath, baseUrl, username, password } = this.config;
+    const basic = Buffer.from(`${username}:${password}`).toString("base64");
+    const makeRequest = () => fetch(`${baseUrl}/api/v1/users/${username}/tokens`, {
+      method: "POST",
+      headers: { Authorization: `Basic ${basic}`, "Content-Type": "application/json" },
+      body: JSON.stringify({
+        name: `brewnet-${Date.now()}`,
+        scopes: ["write:repository", "read:repository", "write:user", "read:user"]
+      }),
+      signal: AbortSignal.timeout(8e3)
+    });
+    let res = await makeRequest();
+    let wasFixed = false;
+    if (!res.ok) {
+      const body = await res.text();
+      if (res.status === 403 && body.includes("must change")) {
+        try {
+          execSync(
+            `docker exec -u git brewnet-gitea gitea admin user change-password --username ${username} --password ${password} --must-change-password=false`,
+            { stdio: "pipe" }
+          );
+        } catch (e) {
+          const stderr = e.stderr?.toString().trim() ?? String(e);
+          throw new Error(
+            `Gitea admin requires password change \u2014 auto-fix failed:
+  ${stderr}
+  Manual fix: docker exec -u git brewnet-gitea gitea admin user change-password --username ${username} --password <password> --must-change-password=false`
+          );
+        }
+        wasFixed = true;
+        res = await makeRequest();
+        if (!res.ok) {
+          throw new Error(
+            `Gitea token creation failed after auto-fix: ${res.status} ${await res.text()}`
+          );
+        }
+      } else {
+        throw new Error(`Gitea token creation failed: ${res.status} ${body}`);
+      }
+    }
+    const data = await res.json();
+    mkdirSync(dirname(tokenPath), { recursive: true });
+    writeFileSync(tokenPath, data.sha1, "utf-8");
+    chmodSync(tokenPath, 384);
+    return { wasFixed };
+  }
+  /**
+   * Explicit setup step — call once before any API operations.
+   * Validates any cached token; deletes and re-creates if stale (401).
+   * Returns what happened so the caller can surface it in job step logs.
+   */
+  async prepare() {
+    const { tokenPath, baseUrl } = this.config;
+    if (existsSync(tokenPath)) {
+      const token = readFileSync(tokenPath, "utf-8").trim();
+      try {
+        const check = await fetch(`${baseUrl}/api/v1/user`, {
+          headers: { Authorization: `token ${token}` },
+          signal: AbortSignal.timeout(8e3)
+        });
+        if (check.status !== 401) {
+          return { autoFixed: false, message: "token cached" };
+        }
+        unlinkSync(tokenPath);
+      } catch {
+        return { autoFixed: false, message: "token cached (network check skipped)" };
+      }
+    }
+    const { wasFixed } = await this._createToken();
+    return {
+      autoFixed: wasFixed,
+      message: wasFixed ? "mustChangePassword was set \u2014 auto-fixed via docker exec; token created" : "token created"
+    };
+  }
+  async ensureToken() {
+    const { tokenPath } = this.config;
+    if (existsSync(tokenPath)) {
+      return readFileSync(tokenPath, "utf-8").trim();
+    }
+    await this._createToken();
+    return readFileSync(tokenPath, "utf-8").trim();
+  }
+  async authHeaders() {
+    return {
+      Authorization: `token ${await this.ensureToken()}`,
+      "Content-Type": "application/json"
+    };
+  }
+  // ---------------------------------------------------------------------------
+  // Repository operations
+  // ---------------------------------------------------------------------------
+  async repoExists(name) {
+    const { baseUrl, username } = this.config;
+    const res = await fetch(
+      `${baseUrl}/api/v1/repos/${username}/${name}`,
+      { headers: await this.authHeaders() }
+    );
+    return res.status === 200;
+  }
+  /** Returns true if the repo exists but has no commits (empty: true from Gitea API). */
+  async repoIsEmpty(name) {
+    const { baseUrl, username } = this.config;
+    const res = await fetch(
+      `${baseUrl}/api/v1/repos/${username}/${name}`,
+      { headers: await this.authHeaders() }
+    );
+    if (res.status !== 200) return false;
+    const data = await res.json();
+    return data.empty === true;
+  }
+  /** Creates a private repo and returns the clone URL. */
+  async createRepo(name, description = "") {
+    const { baseUrl } = this.config;
+    const res = await fetch(`${baseUrl}/api/v1/user/repos`, {
+      method: "POST",
+      headers: await this.authHeaders(),
+      body: JSON.stringify({ name, description, private: false, auto_init: false })
+    });
+    if (!res.ok) {
+      const body = await res.text();
+      if (res.status === 409) {
+        const existing = await fetch(`${baseUrl}/api/v1/repos/${this.config.username}/${name}`, {
+          headers: await this.authHeaders()
+        });
+        if (existing.ok) {
+          const data2 = await existing.json();
+          return data2.clone_url;
+        }
+      }
+      if (res.status === 500 && body.includes("files already exist")) {
+        await this.deleteRepo(name).catch(() => {
+        });
+        const retry = await fetch(`${baseUrl}/api/v1/user/repos`, {
+          method: "POST",
+          headers: await this.authHeaders(),
+          body: JSON.stringify({ name, description, private: false, auto_init: false })
+        });
+        if (!retry.ok) {
+          throw new Error(`Gitea createRepo retry failed: ${retry.status} ${await retry.text()}`);
+        }
+        const retryData = await retry.json();
+        return retryData.clone_url;
+      }
+      throw new Error(`Gitea createRepo failed: ${res.status} ${body}`);
+    }
+    const data = await res.json();
+    return data.clone_url;
+  }
+  /** Patch a repo from private to public visibility. No-op if already public. */
+  async makeRepoPublic(name) {
+    const { baseUrl, username } = this.config;
+    const res = await fetch(`${baseUrl}/api/v1/repos/${username}/${name}`, {
+      method: "PATCH",
+      headers: await this.authHeaders(),
+      body: JSON.stringify({ private: false })
+    });
+    if (!res.ok) throw new Error(`Gitea makeRepoPublic failed: ${res.status} ${await res.text()}`);
+  }
+  async deleteRepo(name) {
+    const { baseUrl, username } = this.config;
+    await fetch(`${baseUrl}/api/v1/repos/${username}/${name}`, {
+      method: "DELETE",
+      headers: await this.authHeaders()
+    });
+  }
+  /** Returns all repos accessible to the authenticated user. */
+  async listRepos() {
+    const { baseUrl } = this.config;
+    const res = await fetch(`${baseUrl}/api/v1/user/repos`, {
+      headers: await this.authHeaders(),
+      signal: AbortSignal.timeout(8e3)
+    });
+    if (!res.ok) {
+      throw new Error(`Gitea listRepos failed: ${res.status} ${await res.text()}`);
+    }
+    return await res.json();
+  }
+  /** Fetch a single repo's detail (includes default_branch, ssh_url). */
+  async getRepo(name) {
+    const { baseUrl, username } = this.config;
+    const res = await fetch(`${baseUrl}/api/v1/repos/${username}/${name}`, {
+      headers: await this.authHeaders()
+    });
+    if (!res.ok) throw new Error(`Gitea getRepo failed: ${res.status} ${await res.text()}`);
+    return res.json();
+  }
+  /** Get the latest commit on a branch. Returns null for empty repos. */
+  async getLatestCommit(repoName, branch) {
+    const { baseUrl, username } = this.config;
+    const res = await fetch(
+      `${baseUrl}/api/v1/repos/${username}/${repoName}/commits?sha=${encodeURIComponent(branch)}&limit=1`,
+      { headers: await this.authHeaders() }
+    );
+    if (!res.ok) return null;
+    const commits = await res.json();
+    if (!commits.length) return null;
+    const c = commits[0];
+    return {
+      hash: c.sha,
+      shortHash: c.sha.slice(0, 7),
+      message: c.commit.message.split("\n")[0],
+      date: c.commit.committer.date
+    };
+  }
+  /** Register a push webhook on the repo. */
+  async createWebhook(repoName, webhookUrl, secret) {
+    const { baseUrl, username } = this.config;
+    const res = await fetch(`${baseUrl}/api/v1/repos/${username}/${repoName}/hooks`, {
+      method: "POST",
+      headers: await this.authHeaders(),
+      body: JSON.stringify({
+        type: "gitea",
+        config: { url: webhookUrl, content_type: "json", secret },
+        events: ["push"],
+        active: true
+      })
+    });
+    if (!res.ok) throw new Error(`Gitea createWebhook failed: ${res.status} ${await res.text()}`);
+  }
+  /** Returns branch names for a repo. Falls back to empty array on error. */
+  async listBranches(repoName) {
+    const { baseUrl, username } = this.config;
+    const res = await fetch(
+      `${baseUrl}/api/v1/repos/${username}/${repoName}/branches?limit=50`,
+      { headers: await this.authHeaders(), signal: AbortSignal.timeout(8e3) }
+    );
+    if (!res.ok) return [];
+    const data = await res.json();
+    return data.map((b) => b.name);
+  }
+  /** URL suitable for git remote add — includes credentials in URL (stored in .git/config which is chmod 600). */
+  authedCloneUrl(cloneUrl) {
+    const { username, password, tokenPath, baseUrl } = this.config;
+    const credential = existsSync(tokenPath) ? readFileSync(tokenPath, "utf-8").trim() : password;
+    const encUser = encodeURIComponent(username);
+    const encCred = encodeURIComponent(credential);
+    const repoMatch = cloneUrl.match(/\/([^/]+\/[^/]+\.git)$/);
+    const normalizedUrl = repoMatch ? `${baseUrl.replace(/\/$/, "")}/${repoMatch[1]}` : cloneUrl;
+    return normalizedUrl.replace("http://", `http://${encUser}:${encCred}@`);
+  }
+};
+
+// src/services/app-manager.ts
+var BREWNET_DIR = join(homedir(), ".brewnet");
+var GITEA_TOKEN_PATH = join(BREWNET_DIR, "gitea-token");
+var GITEA_CONFIG_PATH = join(BREWNET_DIR, "gitea-config.json");
+var DEPLOY_HISTORY_PATH = join(BREWNET_DIR, "deploy-history.json");
+var jobs = /* @__PURE__ */ new Map();
+function resolveAppsJsonPath() {
+  return join(BREWNET_DIR, "apps.json");
+}
+function loadGiteaConfig() {
+  if (!existsSync2(GITEA_CONFIG_PATH)) return null;
+  try {
+    return JSON.parse(readFileSync2(GITEA_CONFIG_PATH, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+function saveGiteaConfig(baseUrl, username) {
+  try {
+    const config = { baseUrl, username, writtenAt: (/* @__PURE__ */ new Date()).toISOString() };
+    writeFileSync2(GITEA_CONFIG_PATH, JSON.stringify(config, null, 2), "utf-8");
+  } catch (e) {
+    console.warn("[app-manager] gitea-config.json \uC800\uC7A5 \uC2E4\uD328:", e instanceof Error ? e.message : e);
+  }
+}
+function readDotEnvValue(envPath, key) {
+  if (!existsSync2(envPath)) return "";
+  const lines = readFileSync2(envPath, "utf-8").split("\n");
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (trimmed.startsWith(`${key}=`)) {
+      return trimmed.slice(key.length + 1).trim();
+    }
+  }
+  return "";
+}
+var _boilerplateRegistered = false;
+async function listApps() {
+  const appsJson = resolveAppsJsonPath();
+  const apps = readApps(appsJson);
+  if (_boilerplateRegistered) return apps;
+  _boilerplateRegistered = true;
+  try {
+    const ctx = resolveContext();
+    const bpPath = join(ctx.projectPath, ".brewnet-boilerplate.json");
+    if (existsSync2(bpPath)) {
+      const raw = JSON.parse(readFileSync2(bpPath, "utf-8"));
+      const bpMetas = Array.isArray(raw) ? raw : [raw];
+      let changed = false;
+      for (const bp of bpMetas) {
+        if (!bp.stackId || !bp.appDir) continue;
+        const exists = apps.some((a) => a.appDir === bp.appDir || a.stackId === bp.stackId);
+        if (!exists) {
+          const port = bp.backendUrl ? parseInt(new URL(bp.backendUrl).port || "8080", 10) : 8080;
+          const entry = {
+            name: bp.stackId,
+            mode: "boilerplate",
+            stackId: bp.stackId,
+            appDir: bp.appDir,
+            lang: bp.lang,
+            framework: bp.frameworkId,
+            port,
+            status: bp.status || "running",
+            createdAt: (/* @__PURE__ */ new Date()).toISOString()
+          };
+          apps.push(entry);
+          changed = true;
+        }
+      }
+      if (changed) {
+        writeFileSync2(appsJson, JSON.stringify(apps, null, 2), "utf-8");
+      }
+    }
+  } catch {
+  }
+  return apps;
+}
+function getDeployHistory(appName) {
+  const entries = readDeployHistory(DEPLOY_HISTORY_PATH);
+  if (!appName) return entries;
+  return entries.filter((e) => e.appName === appName);
+}
+async function listGiteaRepos() {
+  const ctx = resolveContext();
+  const gitea = new GiteaClient({
+    baseUrl: ctx.giteaBaseUrl,
+    username: ctx.giteaUser,
+    password: ctx.giteaPassword,
+    tokenPath: GITEA_TOKEN_PATH
+  });
+  await gitea.prepare();
+  return gitea.listRepos();
+}
+function getDeploySettings(appName) {
+  const apps = readApps(resolveAppsJsonPath());
+  const app = apps.find((a) => a.name === appName);
+  const settings = app?.deploySettings;
+  return settings ?? { autoDeploy: false, deployBranch: "main" };
+}
+function updateDeploySettings(appName, settings) {
+  const appsJson = resolveAppsJsonPath();
+  const apps = readApps(appsJson);
+  const app = apps.find((a) => a.name === appName);
+  if (!app) throw new Error(`App "${appName}" not found`);
+  const existing = app.deploySettings ?? { autoDeploy: false, deployBranch: "main" };
+  app.deploySettings = { ...existing, ...settings };
+  updateApp(appsJson, appName, app);
+}
+async function getAppGitInfo(appName) {
+  const ctx = resolveContext();
+  const apps = readApps(resolveAppsJsonPath());
+  const app = apps.find((a) => a.name === appName);
+  if (!app) throw new Error(`App "${appName}" not found`);
+  const gitea = new GiteaClient({
+    baseUrl: ctx.giteaBaseUrl,
+    username: ctx.giteaUser,
+    password: ctx.giteaPassword,
+    tokenPath: GITEA_TOKEN_PATH
+  });
+  let branch = "main";
+  let latestCommit = null;
+  let cloneUrlSsh = `ssh://git@localhost:2222/${ctx.giteaUser}/${appName}.git`;
+  try {
+    const repo = await gitea.getRepo(appName);
+    branch = repo.default_branch || "main";
+    cloneUrlSsh = repo.ssh_url || cloneUrlSsh;
+    if (repo.private) {
+      await gitea.makeRepoPublic(appName).catch((e) => {
+        console.warn(`[app-manager] makeRepoPublic failed for ${appName}: ${e instanceof Error ? e.message : String(e)}`);
+      });
+    }
+    latestCommit = await gitea.getLatestCommit(appName, branch);
+  } catch (e) {
+    console.warn(`[app-manager] getAppGitInfo Gitea call failed (${appName}): ${e instanceof Error ? e.message : String(e)}`);
+  }
+  return {
+    giteaUrl: `${ctx.giteaDisplayUrl}/${ctx.giteaUser}/${appName}`,
+    cloneUrlHttp: `${ctx.giteaBaseUrl}/${ctx.giteaUser}/${appName}.git`,
+    cloneUrlSsh,
+    localPath: app.appDir,
+    branch,
+    latestCommit
+  };
+}
+async function rollbackApp(appName, commitHash) {
+  const job = newJob(appName, ["Checkout", "Build & Start", "Health check"]);
+  jobs.set(job.jobId, job);
+  setImmediate(() => void _runRollback(job, appName, commitHash));
+  return job.jobId;
+}
+async function _runRollback(job, appName, commitHash) {
+  try {
+    const apps = readApps(resolveAppsJsonPath());
+    const app = apps.find((a) => a.name === appName);
+    if (!app) throw new Error(`App "${appName}" not found`);
+    const target = commitHash || "HEAD~1";
+    setStep(job, 0, "running", `git checkout ${target.slice(0, 7)}`);
+    await execa("git", ["checkout", target], { cwd: app.appDir });
+    setStep(job, 0, "done");
+    await _injectQuickTunnelIfNeeded(app.appDir, appName, app.port);
+    setStep(job, 1, "running", "docker compose up --build");
+    await _dockerComposeUp(app.appDir, job);
+    setStep(job, 1, "done", "containers started");
+    setStep(job, 2, "running");
+    const healthUrl = _buildHealthUrl(app.appDir, app.port);
+    setStep(job, 2, "running", `polling ${healthUrl}`);
+    await _pollHealth(healthUrl, 12e4, job);
+    setStep(job, 2, "done");
+    updateApp(resolveAppsJsonPath(), appName, { status: "running" });
+    appendDeployHistory(DEPLOY_HISTORY_PATH, {
+      appName,
+      commitHash,
+      commitMessage: `Rollback to ${commitHash.slice(0, 7)}`,
+      status: "success",
+      deployedAt: (/* @__PURE__ */ new Date()).toISOString()
+    });
+    job.status = "done";
+  } catch (err) {
+    job.status = "failed";
+    job.error = err instanceof Error ? err.message : String(err);
+    for (const step of job.steps) {
+      if (step.status === "running" || step.status === "pending") step.status = "failed";
+    }
+    appendDeployHistory(DEPLOY_HISTORY_PATH, {
+      appName,
+      commitHash,
+      commitMessage: `Rollback to ${commitHash.slice(0, 7)}`,
+      status: "failed",
+      deployedAt: (/* @__PURE__ */ new Date()).toISOString()
+    });
+  }
+}
+async function getAppBranches(appName) {
+  const ctx = resolveContext();
+  const gitea = new GiteaClient({
+    baseUrl: ctx.giteaBaseUrl,
+    username: ctx.giteaUser,
+    password: ctx.giteaPassword,
+    tokenPath: GITEA_TOKEN_PATH
+  });
+  return gitea.listBranches(appName);
+}
+async function setupWebhook(appName, webhookUrl) {
+  const ctx = resolveContext();
+  const settings = getDeploySettings(appName);
+  const secret = settings.webhookSecret ?? randomBytes(16).toString("hex");
+  const gitea = new GiteaClient({
+    baseUrl: ctx.giteaBaseUrl,
+    username: ctx.giteaUser,
+    password: ctx.giteaPassword,
+    tokenPath: GITEA_TOKEN_PATH
+  });
+  await gitea.createWebhook(appName, webhookUrl, secret);
+  updateDeploySettings(appName, { webhookSecret: secret });
+}
+async function deployApp(appName) {
+  const job = newJob(appName, ["Pull", "Build & Start", "Health check"]);
+  jobs.set(job.jobId, job);
+  setImmediate(() => void _runDeploy(job, appName));
+  return job.jobId;
+}
+async function _runDeploy(job, appName) {
+  const apps = readApps(resolveAppsJsonPath());
+  const app = apps.find((a) => a.name === appName);
+  if (!app) {
+    job.status = "failed";
+    job.error = `App "${appName}" not found`;
+    return;
+  }
+  try {
+    const settings = getDeploySettings(appName);
+    setStep(job, 0, "running");
+    try {
+      const ctx = resolveContext();
+      const gitea = new GiteaClient({
+        baseUrl: ctx.giteaBaseUrl,
+        username: ctx.giteaUser,
+        password: ctx.giteaPassword,
+        tokenPath: GITEA_TOKEN_PATH
+      });
+      await gitea.prepare();
+      const repoExists = await gitea.repoExists(appName);
+      if (!repoExists) {
+        appendLog(job, "[pull] Gitea repo not found \u2014 recreating and pushing local code");
+        const cloneUrl = await gitea.createRepo(appName, `Brewnet app: ${appName}`);
+        const authedUrl = gitea.authedCloneUrl(cloneUrl);
+        await execa("git", ["remote", "add", "brewnet", authedUrl], { cwd: app.appDir }).catch(
+          () => execa("git", ["remote", "set-url", "brewnet", authedUrl], { cwd: app.appDir })
+        );
+        await execa("git", ["push", "brewnet", "HEAD:main", "--force"], { cwd: app.appDir });
+        appendLog(job, "[pull] Gitea repo recreated and code pushed \u2713");
+      } else if (!existsSync2(app.appDir)) {
+        appendLog(job, "[pull] appDir missing \u2014 cloning from Gitea");
+        const authedUrl = gitea.authedCloneUrl(`${ctx.giteaBaseUrl}/${ctx.giteaUser}/${appName}.git`);
+        await execa("git", ["clone", authedUrl, app.appDir]);
+        appendLog(job, "[pull] re-cloned from Gitea \u2713");
+      } else if (await gitea.repoIsEmpty(appName)) {
+        appendLog(job, "[pull] Gitea repo is empty \u2014 pushing local code");
+        const isShallow = await execa("git", ["rev-parse", "--is-shallow-repository"], { cwd: app.appDir }).then((r) => r.stdout.trim() === "true").catch(() => false);
+        if (isShallow) {
+          appendLog(job, "[pull] shallow clone detected \u2014 unshallowing");
+          await execa("git", ["fetch", "--unshallow", "origin"], { cwd: app.appDir }).catch(async () => {
+            const { reinitGit } = await import("./boilerplate-manager-WEFTHL2O.js");
+            await reinitGit(app.appDir);
+          });
+        }
+        const authedUrl = gitea.authedCloneUrl(`${ctx.giteaBaseUrl}/${ctx.giteaUser}/${appName}.git`);
+        await execa("git", ["remote", "add", "brewnet", authedUrl], { cwd: app.appDir }).catch(
+          () => execa("git", ["remote", "set-url", "brewnet", authedUrl], { cwd: app.appDir })
+        );
+        await execa("git", ["push", "brewnet", "HEAD:main", "--force"], { cwd: app.appDir });
+        appendLog(job, "[pull] code pushed to Gitea \u2713");
+      } else {
+        await execa("git", ["pull", "brewnet", settings.deployBranch], { cwd: app.appDir }).catch((e) => {
+          appendLog(job, `[pull] git pull failed (non-critical): ${e instanceof Error ? e.message : String(e)}`);
+        });
+      }
+    } catch (e) {
+      const msg = e instanceof Error ? e.message : String(e);
+      appendLog(job, `[pull] Gitea sync failed (non-critical): ${msg}`);
+      console.warn(`[app-manager] Gitea sync failed for "${appName}": ${msg}`);
+    }
+    setStep(job, 0, "done");
+    const hasCompose = existsSync2(join(app.appDir, "docker-compose.yml")) || existsSync2(join(app.appDir, "compose.yml"));
+    if (!hasCompose) {
+      const projectType = _detectProjectType(app.appDir);
+      if (projectType) {
+        appendLog(job, `[scaffold] Detected ${projectType} project \u2014 generating Docker config`);
+        _scaffoldDockerConfig(app.appDir, appName, app.port, job, projectType);
+      } else {
+        throw new Error(
+          "This project has no docker-compose.yml or Dockerfile. Add a Dockerfile and docker-compose.yml to deploy, or use a Brewnet boilerplate."
+        );
+      }
+    }
+    await _injectQuickTunnelIfNeeded(app.appDir, appName, app.port);
+    setStep(job, 1, "running", "docker compose up --build");
+    await _dockerComposeUp(app.appDir, job);
+    setStep(job, 1, "done", "containers started");
+    setStep(job, 2, "running");
+    const healthUrlDeploy = _buildHealthUrl(app.appDir, app.port);
+    setStep(job, 2, "running", `polling ${healthUrlDeploy}`);
+    await _pollHealth(healthUrlDeploy, 12e4, job);
+    setStep(job, 2, "done");
+    updateApp(resolveAppsJsonPath(), appName, { status: "running" });
+    const headHash = await execa("git", ["rev-parse", "HEAD"], { cwd: app.appDir }).then((r) => r.stdout.trim()).catch(() => "");
+    const headMsg = await execa("git", ["log", "-1", "--format=%s"], { cwd: app.appDir }).then((r) => r.stdout.trim()).catch(() => "Manual deploy");
+    appendDeployHistory(DEPLOY_HISTORY_PATH, {
+      appName,
+      commitHash: headHash,
+      commitMessage: headMsg,
+      status: "success",
+      deployedAt: (/* @__PURE__ */ new Date()).toISOString()
+    });
+    job.status = "done";
+  } catch (err) {
+    job.status = "failed";
+    job.error = err instanceof Error ? err.message : String(err);
+    for (const step of job.steps) {
+      if (step.status === "running" || step.status === "pending") step.status = "failed";
+    }
+    const headHashFail = await execa("git", ["rev-parse", "HEAD"], { cwd: app.appDir }).then((r) => r.stdout.trim()).catch(() => "");
+    appendDeployHistory(DEPLOY_HISTORY_PATH, {
+      appName,
+      commitHash: headHashFail,
+      commitMessage: "Manual deploy",
+      status: "failed",
+      deployedAt: (/* @__PURE__ */ new Date()).toISOString()
+    });
+  }
+}
+function getAppDir(appName) {
+  const apps = readApps(resolveAppsJsonPath());
+  return apps.find((a) => a.name === appName)?.appDir;
+}
+function getJobStatus(jobId) {
+  return jobs.get(jobId);
+}
+function newJob(appName, stepLabels) {
+  return {
+    jobId: randomBytes(8).toString("hex"),
+    appName,
+    status: "running",
+    steps: stepLabels.map((label) => ({ label, status: "pending" }))
+  };
+}
+function setStep(job, index, status, message) {
+  const step = job.steps[index];
+  if (step) {
+    step.status = status;
+    if (message) step.message = message;
+  }
+}
+function appendLog(job, line) {
+  if (!job.logs) job.logs = [];
+  job.logs.push(line);
+  if (job.logs.length > 200) job.logs.splice(0, job.logs.length - 200);
+}
+function readBoilerplateMeta(projectPath) {
+  const p = join(projectPath, ".brewnet-boilerplate.json");
+  if (!existsSync2(p)) return [];
+  try {
+    const raw = JSON.parse(readFileSync2(p, "utf-8"));
+    return Array.isArray(raw) ? raw : [raw];
+  } catch {
+    return [];
+  }
+}
+function resolveContext() {
+  const cached = loadGiteaConfig();
+  const last = getLastProject();
+  const state = loadState(last ?? "");
+  const raw = state?.projectPath ?? process.cwd();
+  const projectPath = raw.startsWith("~") ? join(homedir(), raw.slice(1)) : raw;
+  const envPath = join(projectPath, ".env");
+  const giteaUser = cached?.username ?? (readDotEnvValue(envPath, "GITEA_ADMIN_USER") || state?.admin?.username || "admin");
+  const secretsPath = join(projectPath, "secrets", "admin_password");
+  const secretsPassword = existsSync2(secretsPath) ? readFileSync2(secretsPath, "utf-8").trim() : "";
+  const giteaPassword = secretsPassword || readDotEnvValue(envPath, "GITEA_ADMIN_PASSWORD") || state?.admin?.password || "";
+  const giteaBaseUrl = "http://localhost/git";
+  const tunnelMode = state?.domain?.cloudflare?.tunnelMode ?? "";
+  const zoneName = state?.domain?.cloudflare?.zoneName ?? "";
+  const giteaDisplayUrl = tunnelMode === "named" && zoneName ? `https://git.${zoneName}` : giteaBaseUrl;
+  return { projectPath, giteaBaseUrl, giteaDisplayUrl, giteaUser, giteaPassword };
+}
+async function _injectQuickTunnelIfNeeded(appDir, appName, port) {
+  try {
+    const last = getLastProject();
+    const state = loadState(last ?? "");
+    if (state?.domain?.cloudflare?.tunnelMode !== "quick") return;
+    const { injectTraefikForQuickTunnel } = await import("./boilerplate-manager-WEFTHL2O.js");
+    injectTraefikForQuickTunnel(appDir, appName, port);
+  } catch (err) {
+    console.error(`[Quick Tunnel] Failed to inject Traefik labels for ${appName}: ${err instanceof Error ? err.message : String(err)}`);
+  }
+}
+function _detectProjectType(dir) {
+  try {
+    if (existsSync2(join(dir, "next.config.ts")) || existsSync2(join(dir, "next.config.mjs")) || existsSync2(join(dir, "next.config.js"))) return "nextjs";
+    if (existsSync2(join(dir, "package.json"))) return "nodejs";
+    if (existsSync2(join(dir, "requirements.txt")) || existsSync2(join(dir, "pyproject.toml"))) return "python";
+    if (existsSync2(join(dir, "go.mod"))) return "go";
+    if (existsSync2(join(dir, "Cargo.toml"))) return "rust";
+    if (existsSync2(join(dir, "pom.xml")) || existsSync2(join(dir, "build.gradle")) || existsSync2(join(dir, "build.gradle.kts"))) return "java";
+    if (existsSync2(join(dir, "index.html"))) return "static";
+    if (readdirSync(dir).some((f) => f.endsWith(".html"))) return "static";
+  } catch {
+  }
+  return null;
+}
+function _scaffoldDockerConfig(dir, _appName, port, job, detectedType) {
+  const type = detectedType || _detectProjectType(dir);
+  if (!type) throw new Error(`Cannot auto-detect project type in ${dir}. Add a Dockerfile and docker-compose.yml manually.`);
+  if (job && !detectedType) appendLog(job, `[scaffold] Detected ${type} project \u2014 generating Docker config`);
+  let dockerfile = "";
+  switch (type) {
+    case "nextjs":
+      dockerfile = [
+        "FROM node:22-alpine",
+        "WORKDIR /app",
+        "COPY package.json package-lock.json* pnpm-lock.yaml* yarn.lock* ./",
+        "RUN npm install --legacy-peer-deps 2>/dev/null || yarn install 2>/dev/null || true",
+        "COPY . .",
+        "RUN npm run build",
+        "ENV PORT=3000 HOSTNAME=0.0.0.0",
+        "EXPOSE 3000",
+        'CMD ["npm", "start"]'
+      ].join("\n");
+      break;
+    case "nodejs":
+      dockerfile = [
+        "FROM node:22-alpine",
+        "WORKDIR /app",
+        "COPY package.json package-lock.json* pnpm-lock.yaml* yarn.lock* ./",
+        "RUN npm install --legacy-peer-deps || true",
+        "COPY . .",
+        "RUN npm run build 2>/dev/null || true",
+        "EXPOSE " + port,
+        'CMD ["npm", "start"]'
+      ].join("\n");
+      break;
+    case "python":
+      dockerfile = [
+        "FROM python:3.13-slim",
+        "WORKDIR /app",
+        "COPY requirements.txt* pyproject.toml* ./",
+        "RUN pip install --no-cache-dir -r requirements.txt 2>/dev/null || pip install --no-cache-dir . 2>/dev/null || true",
+        "COPY . .",
+        "EXPOSE " + port,
+        'CMD ["python", "-m", "uvicorn", "main:app", "--host", "0.0.0.0", "--port", "' + port + '"]'
+      ].join("\n");
+      break;
+    case "go":
+      dockerfile = [
+        "FROM golang:1.22-alpine AS builder",
+        "WORKDIR /app",
+        "COPY go.mod go.sum* ./",
+        "RUN go mod download",
+        "COPY . .",
+        "RUN CGO_ENABLED=0 go build -o server .",
+        "",
+        "FROM alpine",
+        "WORKDIR /app",
+        "COPY --from=builder /app/server .",
+        "EXPOSE " + port,
+        'CMD ["./server"]'
+      ].join("\n");
+      break;
+    case "rust":
+      dockerfile = [
+        "FROM rust:1.88 AS builder",
+        "WORKDIR /app",
+        "COPY . .",
+        "RUN cargo build --release",
+        "",
+        "FROM debian:bookworm-slim",
+        "WORKDIR /app",
+        "COPY --from=builder /app/target/release/* /app/ 2>/dev/null || true",
+        "EXPOSE " + port,
+        'CMD ["./app"]'
+      ].join("\n");
+      break;
+    case "java":
+      dockerfile = [
+        "FROM gradle:8.12-jdk21 AS builder",
+        "WORKDIR /app",
+        "COPY . .",
+        "RUN gradle build -x test 2>/dev/null || ./gradlew build -x test 2>/dev/null || mvn package -DskipTests 2>/dev/null || true",
+        "",
+        "FROM eclipse-temurin:21-jre-alpine",
+        "WORKDIR /app",
+        "COPY --from=builder /app/build/libs/*.jar app.jar 2>/dev/null || true",
+        "COPY --from=builder /app/target/*.jar app.jar 2>/dev/null || true",
+        "EXPOSE " + port,
+        'CMD ["java", "-jar", "app.jar"]'
+      ].join("\n");
+      break;
+    case "static":
+      dockerfile = [
+        "FROM nginx:1.27-alpine",
+        "COPY . /usr/share/nginx/html/",
+        "EXPOSE 80"
+      ].join("\n");
+      break;
+  }
+  const internalPort = type === "nextjs" ? 3e3 : type === "static" ? 80 : port;
+  const compose = [
+    "services:",
+    "  backend:",
+    "    build: .",
+    "    ports:",
+    `      - "${port}:${internalPort}"`,
+    "    restart: unless-stopped",
+    "    healthcheck:",
+    `      test: ["CMD", "wget", "-q", "-O", "/dev/null", "http://127.0.0.1:${internalPort}/"]`,
+    "      interval: 10s",
+    "      timeout: 5s",
+    "      retries: 5"
+  ].join("\n");
+  if (!existsSync2(join(dir, "Dockerfile"))) {
+    writeFileSync2(join(dir, "Dockerfile"), dockerfile, "utf-8");
+    if (job) appendLog(job, "[scaffold] Generated Dockerfile");
+  }
+  writeFileSync2(join(dir, "docker-compose.yml"), compose, "utf-8");
+  if (job) appendLog(job, "[scaffold] Generated docker-compose.yml");
+  if (!existsSync2(join(dir, ".dockerignore"))) {
+    writeFileSync2(join(dir, ".dockerignore"), "node_modules\n.next\n.git\n*.md\n", "utf-8");
+  }
+}
+function ensureComposeFile(dir, appName, port, job) {
+  if (existsSync2(join(dir, "docker-compose.yml")) || existsSync2(join(dir, "compose.yml"))) return;
+  _scaffoldDockerConfig(dir, appName, port, job);
+}
+function _resolveBackendPort(appDir, fallbackPort) {
+  const envPath = join(appDir, ".env");
+  const val = readDotEnvValue(envPath, "BACKEND_PORT");
+  const parsed = val ? parseInt(val, 10) : NaN;
+  return isNaN(parsed) ? fallbackPort : parsed;
+}
+function detectBasePath(appDir) {
+  for (const name of ["next.config.ts", "next.config.mjs", "next.config.js"]) {
+    const p = join(appDir, name);
+    if (existsSync2(p)) {
+      const content = readFileSync2(p, "utf-8");
+      const match = content.match(/basePath\s*:\s*['"`]([^'"`]+)['"`]/);
+      if (match) return match[1];
+    }
+  }
+  return "";
+}
+function _buildHealthUrl(appDir, fallbackPort) {
+  const healthPort = _resolveBackendPort(appDir, fallbackPort);
+  const basePath = detectBasePath(appDir);
+  const isBoilerplate = existsSync2(join(appDir, ".env.example")) && readFileSync2(join(appDir, ".env.example"), "utf-8").includes("STACK_LANG");
+  const hasHealthRoute = existsSync2(join(appDir, "src", "app", "health")) || existsSync2(join(appDir, "backend", "src"));
+  const healthPath = isBoilerplate || hasHealthRoute ? "/health" : "/";
+  return `http://127.0.0.1:${healthPort}${basePath}${healthPath}`;
+}
+async function _pollHealth(url, maxMs = 12e4, job) {
+  const deadline = Date.now() + maxMs;
+  let attempt = 0;
+  while (Date.now() < deadline) {
+    attempt++;
+    try {
+      const res = await fetch(url, { signal: AbortSignal.timeout(5e3) });
+      if (res.ok) {
+        if (job) appendLog(job, `[health] \u2713 ${url} \u2192 ${res.status} (attempt ${attempt})`);
+        return;
+      }
+      if (job) appendLog(job, `[health] ${url} \u2192 ${res.status} (attempt ${attempt})`);
+    } catch {
+      if (job && attempt % 3 === 1) appendLog(job, `[health] waiting... ${url} (attempt ${attempt})`);
+    }
+    await new Promise((r) => setTimeout(r, 3e3));
+  }
+  if (job) appendLog(job, `[health] \u2717 timeout after ${maxMs / 1e3}s`);
+  throw new Error(`Health check timed out after ${maxMs / 1e3}s: ${url}`);
+}
+async function _dockerComposeUp(cwd, job) {
+  appendLog(job, `[docker] $ docker compose up -d --build`);
+  appendLog(job, `[docker] cwd: ${cwd}`);
+  const proc = execa("docker", ["compose", "up", "-d", "--build"], { cwd, reject: false });
+  proc.stdout?.on("data", (chunk) => {
+    for (const line of chunk.toString().split("\n").filter(Boolean)) {
+      appendLog(job, `[docker] ${line}`);
+    }
+  });
+  proc.stderr?.on("data", (chunk) => {
+    for (const line of chunk.toString().split("\n").filter(Boolean)) {
+      appendLog(job, `[docker] ${line}`);
+    }
+  });
+  const result = await proc;
+  if (result.exitCode !== 0) {
+    appendLog(job, `[docker] \u2717 exit code ${result.exitCode}`);
+    throw new Error(`Command failed with exit code ${result.exitCode}: docker compose up -d --build
+${result.stderr}`);
+  }
+  appendLog(job, `[docker] \u2713 containers started`);
+}
+async function createApp(opts) {
+  const job = newJob(opts.appName, ["Validating", "Gitea setup", "Gitea repo", "Git push", "Docker up", "Health check"]);
+  jobs.set(job.jobId, job);
+  setImmediate(() => void _runCreateApp(job, opts));
+  return job.jobId;
+}
+async function _runCreateApp(job, opts) {
+  try {
+    const ctx = resolveContext();
+    const appsJson = resolveAppsJsonPath();
+    setStep(job, 0, "running");
+    if (opts.mode === "boilerplate") {
+      if (!opts.stackId) throw new Error("stackId is required for boilerplate mode");
+      const metas = readBoilerplateMeta(ctx.projectPath);
+      const meta = metas.find((m) => m.stackId === opts.stackId);
+      if (meta) {
+        opts._meta = meta;
+      } else {
+        appendLog(job, `[info] Stack "${opts.stackId}" not installed locally \u2014 cloning fresh from catalog`);
+        opts._resolvedStackId = opts.stackId;
+      }
+    } else if (opts.mode === "git-clone") {
+      if (!opts.gitUrl) throw new Error("gitUrl is required for Git Clone mode");
+    } else if (opts.mode === "new-project") {
+      const { resolveStackId } = await import("./frameworks-Z7VXDGP4.js");
+      const stackId = resolveStackId(opts.language ?? "nodejs", opts.frameworkId ?? "express");
+      if (!stackId) throw new Error(`Unknown stack: ${opts.language}/${opts.frameworkId}`);
+      opts._resolvedStackId = stackId;
+    }
+    setStep(job, 0, "done");
+    setStep(job, 1, "running");
+    const gitea = new GiteaClient({
+      baseUrl: ctx.giteaBaseUrl,
+      username: ctx.giteaUser,
+      password: ctx.giteaPassword,
+      tokenPath: GITEA_TOKEN_PATH
+    });
+    const giteaPrep = await gitea.prepare();
+    setStep(job, 1, "done", giteaPrep.message);
+    if (opts.mode === "boilerplate" && opts._meta) {
+      await _createModeA(job, opts, ctx, gitea, appsJson);
+    } else if (opts.mode === "git-clone") {
+      await _createModeB(job, opts, ctx, gitea, appsJson);
+    } else {
+      await _createModeC(job, opts, ctx, gitea, appsJson);
+    }
+    job.status = "done";
+  } catch (err) {
+    job.status = "failed";
+    job.error = err instanceof Error ? err.message : String(err);
+    for (const step of job.steps) {
+      if (step.status === "running" || step.status === "pending") step.status = "failed";
+    }
+  }
+}
+async function _createModeA(job, opts, ctx, gitea, appsJson) {
+  const meta = opts._meta;
+  const port = opts.port ?? meta.port ?? parseInt(meta.backendUrl.split(":").pop() ?? "8080", 10);
+  setStep(job, 2, "running", `checking ${ctx.giteaUser}/${opts.appName}`);
+  const alreadyExists = await gitea.repoExists(opts.appName);
+  let cloneUrl;
+  if (!alreadyExists) {
+    setStep(job, 2, "running", `creating ${ctx.giteaUser}/${opts.appName}`);
+    cloneUrl = await gitea.createRepo(opts.appName, `Brewnet app: ${opts.appName}`);
+  } else {
+    cloneUrl = `${ctx.giteaBaseUrl}/${ctx.giteaUser}/${opts.appName}.git`;
+  }
+  setStep(job, 2, "done");
+  setStep(job, 3, "running", `pushing HEAD:main \u2192 ${ctx.giteaUser}/${opts.appName}`);
+  const shallowCheck = await execa("git", ["rev-parse", "--is-shallow-repository"], { cwd: meta.appDir }).catch(() => ({ stdout: "false" }));
+  if (shallowCheck.stdout.trim() === "true") {
+    await execa("git", ["fetch", "--unshallow", "origin"], { cwd: meta.appDir }).catch(async () => {
+      const { reinitGit } = await import("./boilerplate-manager-WEFTHL2O.js");
+      await reinitGit(meta.appDir);
+    });
+  }
+  const authedUrl = gitea.authedCloneUrl(cloneUrl);
+  await execa("git", ["remote", "add", "brewnet", authedUrl], { cwd: meta.appDir }).catch(() => {
+    return execa("git", ["remote", "set-url", "brewnet", authedUrl], { cwd: meta.appDir });
+  });
+  await execa("git", ["push", "brewnet", "HEAD:main", "--force"], { cwd: meta.appDir });
+  setStep(job, 3, "done");
+  setStep(job, 4, "running", "docker compose up --build");
+  ensureComposeFile(meta.appDir, opts.appName, port, job);
+  await _injectQuickTunnelIfNeeded(meta.appDir, opts.appName, port);
+  await _dockerComposeUp(meta.appDir, job);
+  setStep(job, 4, "done", "containers started");
+  setStep(job, 5, "running");
+  const healthUrlA = _buildHealthUrl(meta.appDir, port);
+  setStep(job, 5, "running", `polling ${healthUrlA}`);
+  await _pollHealth(healthUrlA, 12e4, job);
+  setStep(job, 5, "done");
+  addApp(appsJson, {
+    name: opts.appName,
+    mode: "boilerplate",
+    stackId: opts.stackId,
+    appDir: meta.appDir,
+    lang: meta.lang,
+    framework: meta.frameworkId,
+    port,
+    giteaRepoUrl: `${ctx.giteaDisplayUrl}/${ctx.giteaUser}/${opts.appName}`,
+    status: "running",
+    createdAt: (/* @__PURE__ */ new Date()).toISOString()
+  });
+  await setupWebhook(opts.appName, "http://localhost:8088/api/deploy/hook").catch((e) => {
+    console.warn("[webhook] registration failed (non-critical):", e instanceof Error ? e.message : String(e));
+  });
+}
+async function _createModeB(job, opts, ctx, gitea, appsJson) {
+  const port = opts.port ?? 8080;
+  const appDir = join(ctx.projectPath, "apps", opts.appName);
+  setStep(job, 2, "running", "Cloning external repository...");
+  const { reinitGit: reinitGitB } = await import("./boilerplate-manager-WEFTHL2O.js");
+  const { rmSync } = await import("fs");
+  if (existsSync2(appDir)) {
+    rmSync(appDir, { recursive: true, force: true });
+  }
+  const cloneArgs = ["clone", "--depth", "1"];
+  if (opts.branch) cloneArgs.push("-b", opts.branch);
+  cloneArgs.push(opts.gitUrl, appDir);
+  await execa("git", cloneArgs);
+  appendLog(job, `[clone] ${opts.gitUrl} \u2192 ${opts.appName} \u2713`);
+  const envExPath = join(appDir, ".env.example");
+  const envPath = join(appDir, ".env");
+  if (existsSync2(envExPath)) {
+    const { findFreePort: findFreePortB } = await import("./boilerplate-manager-WEFTHL2O.js");
+    let envContent = readFileSync2(envExPath, "utf-8");
+    envContent = envContent.replace(/^BACKEND_PORT=.*/m, `BACKEND_PORT=${port}`);
+    const fePort = await findFreePortB(port + 1);
+    envContent = envContent.replace(/^FRONTEND_PORT=.*/m, `FRONTEND_PORT=${fePort}`);
+    writeFileSync2(envPath, envContent, "utf-8");
+  } else if (existsSync2(join(appDir, ".env"))) {
+    let envContent = readFileSync2(join(appDir, ".env"), "utf-8");
+    envContent = envContent.replace(/^BACKEND_PORT=.*/m, `BACKEND_PORT=${port}`);
+    writeFileSync2(join(appDir, ".env"), envContent, "utf-8");
+  }
+  await reinitGitB(appDir);
+  setStep(job, 2, "running", `Creating Gitea repo ${ctx.giteaUser}/${opts.appName}\u2026`);
+  const alreadyExists = await gitea.repoExists(opts.appName);
+  const cloneUrl = alreadyExists ? `${ctx.giteaBaseUrl}/${ctx.giteaUser}/${opts.appName}.git` : await gitea.createRepo(opts.appName, `Brewnet app: ${opts.appName}`);
+  setStep(job, 2, "done");
+  setStep(job, 3, "running");
+  const authedUrl = gitea.authedCloneUrl(cloneUrl);
+  await execa("git", ["remote", "add", "brewnet", authedUrl], { cwd: appDir });
+  await execa("git", ["push", "brewnet", "HEAD:main", "--force"], { cwd: appDir });
+  setStep(job, 3, "done");
+  ensureComposeFile(appDir, opts.appName, port, job);
+  const hasCompose = existsSync2(join(appDir, "docker-compose.yml")) || existsSync2(join(appDir, "compose.yml"));
+  if (hasCompose) {
+    setStep(job, 4, "running", "docker compose up --build");
+    await _injectQuickTunnelIfNeeded(appDir, opts.appName, port);
+    await _dockerComposeUp(appDir, job);
+    setStep(job, 4, "done", "containers started");
+    setStep(job, 5, "running");
+    const healthUrlB = _buildHealthUrl(appDir, port);
+    setStep(job, 5, "running", `polling ${healthUrlB}`);
+    await _pollHealth(healthUrlB, 12e4, job);
+    setStep(job, 5, "done");
+  } else {
+    setStep(job, 4, "done", "skipped \u2014 no docker-compose.yml");
+    setStep(job, 5, "done", "skipped \u2014 deploy separately");
+    appendLog(job, "[clone] Gitea push completed \u2014 no docker-compose.yml, skipping Docker up");
+  }
+  addApp(appsJson, {
+    name: opts.appName,
+    mode: "git-clone",
+    sourceUrl: opts.gitUrl,
+    appDir,
+    port,
+    giteaRepoUrl: `${ctx.giteaDisplayUrl}/${ctx.giteaUser}/${opts.appName}`,
+    status: hasCompose ? "running" : "stopped",
+    createdAt: (/* @__PURE__ */ new Date()).toISOString()
+  });
+}
+async function _createModeC(job, opts, ctx, gitea, appsJson) {
+  const { cloneStack, generateEnv, reinitGit, findFreePort } = await import("./boilerplate-manager-WEFTHL2O.js");
+  const { getStackById } = await import("./stacks-M4FBTVO5.js");
+  const stackId = opts._resolvedStackId;
+  const requestedPort = opts.port ?? 8080;
+  const appDir = join(ctx.projectPath, "apps", opts.appName);
+  await cloneStack(stackId, appDir);
+  const port = await findFreePort(requestedPort);
+  const stackInfo = getStackById(stackId);
+  const frontendPort = stackInfo && !stackInfo.isUnified ? await findFreePort(port + 1) : void 0;
+  generateEnv(appDir, stackId, "sqlite3", { hostPort: port, frontendPort });
+  await reinitGit(appDir);
+  setStep(job, 2, "running");
+  const cloneUrl = await gitea.createRepo(opts.appName, `Brewnet app: ${opts.appName}`);
+  setStep(job, 2, "done");
+  setStep(job, 3, "running");
+  const authedUrl = gitea.authedCloneUrl(cloneUrl);
+  await execa("git", ["remote", "add", "brewnet", authedUrl], { cwd: appDir });
+  await execa("git", ["push", "brewnet", "HEAD:main", "--force"], { cwd: appDir });
+  setStep(job, 3, "done");
+  setStep(job, 4, "running", "docker compose up --build");
+  ensureComposeFile(appDir, opts.appName, port, job);
+  await _injectQuickTunnelIfNeeded(appDir, opts.appName, port);
+  await _dockerComposeUp(appDir, job);
+  setStep(job, 4, "done", "containers started");
+  setStep(job, 5, "running");
+  const healthUrlC = _buildHealthUrl(appDir, port);
+  setStep(job, 5, "running", `polling ${healthUrlC}`);
+  await _pollHealth(healthUrlC, 12e4, job);
+  setStep(job, 5, "done");
+  addApp(appsJson, {
+    name: opts.appName,
+    mode: opts.mode === "boilerplate" ? "boilerplate" : "new-project",
+    stackId,
+    appDir,
+    lang: opts.language ?? stackInfo?.language,
+    framework: opts.frameworkId ?? stackInfo?.framework,
+    port,
+    giteaRepoUrl: `${ctx.giteaDisplayUrl}/${ctx.giteaUser}/${opts.appName}`,
+    status: "running",
+    createdAt: (/* @__PURE__ */ new Date()).toISOString()
+  });
+}
+async function startApp(appName) {
+  const appsJson = resolveAppsJsonPath();
+  const apps = readApps(appsJson);
+  const app = apps.find((a) => a.name === appName);
+  if (!app) throw new Error(`App "${appName}" not found`);
+  await execa("docker", ["compose", "up", "-d"], { cwd: app.appDir });
+  updateApp(appsJson, appName, { status: "running" });
+}
+async function stopApp(appName) {
+  const appsJson = resolveAppsJsonPath();
+  const apps = readApps(appsJson);
+  const app = apps.find((a) => a.name === appName);
+  if (!app) throw new Error(`App "${appName}" not found`);
+  await execa("docker", ["compose", "down"], { cwd: app.appDir }).catch((e) => {
+    console.warn("[stopApp] docker compose down failed:", e instanceof Error ? e.message : String(e));
+  });
+  updateApp(appsJson, appName, { status: "stopped" });
+}
+async function removeApp2(appName) {
+  const appsJson = resolveAppsJsonPath();
+  const apps = readApps(appsJson);
+  const app = apps.find((a) => a.name === appName);
+  if (!app) throw new Error(`App "${appName}" not found`);
+  await execa("docker", ["compose", "down", "--volumes"], { cwd: app.appDir }).catch((e) => {
+    console.warn("[removeApp] docker compose down failed:", e instanceof Error ? e.message : String(e));
+  });
+  removeApp(appsJson, appName);
+}
+
+export {
+  resolveAppsJsonPath,
+  loadGiteaConfig,
+  saveGiteaConfig,
+  readDotEnvValue,
+  listApps,
+  getDeployHistory,
+  listGiteaRepos,
+  getDeploySettings,
+  updateDeploySettings,
+  getAppGitInfo,
+  rollbackApp,
+  getAppBranches,
+  setupWebhook,
+  deployApp,
+  getAppDir,
+  getJobStatus,
+  detectBasePath,
+  createApp,
+  startApp,
+  stopApp,
+  removeApp2 as removeApp
+};
+//# sourceMappingURL=chunk-FZZ3HP2G.js.map