@caelo-cms/provisioning 0.1.0 → 0.1.1

package/dist/adapter.d.ts

@@ -0,0 +1,95 @@
+/**
+ * P15 — shared cloud-provider adapter contract.
+ *
+ * Every per-provider Pulumi stack at `packages/provisioning/stacks/<provider>/`
+ * exports a `provision(inputs: CloudAdapterInputs): CloudAdapterOutputs`
+ * function. The Caelo runtime never knows which provider it's running
+ * on — it just consumes the connection strings + URLs the adapter
+ * publishes via `CloudAdapterOutputs`. This keeps the per-provider
+ * surface small (~6 capabilities, see master plan) and the runtime
+ * provider-agnostic.
+ *
+ * Pulumi types are intentionally NOT imported here so that callers
+ * outside the Pulumi runtime (e.g. the cms-provision CLI, the admin
+ * app's DNS-guidance page) can consume the *plain* shape without
+ * dragging in the @pulumi/pulumi peer dep. Per-stack `index.ts` files
+ * narrow the output type to `pulumi.Output<T>` at their boundary.
+ */
+export type Environment = "dev" | "staging" | "production";
+export type LocaleStrategy = "subdirectory" | "subdomain" | "domain";
+export interface LocaleConfig {
+    /** ISO code, e.g. "en", "de", "fr-CA". */
+    readonly code: string;
+    /** URL strategy. Mixed strategies in one install are explicitly supported. */
+    readonly strategy: LocaleStrategy;
+    /** Required when strategy is "subdomain" or "domain"; ignored for "subdirectory". */
+    readonly host?: string;
+}
+export interface CloudAdapterInputs {
+    /** Primary domain (e.g. example.com). Admin + production public both bind here. */
+    readonly domain: string;
+    /** Operator email used for ACME / cert provisioning + Pulumi notifications. */
+    readonly ownerEmail: string;
+    /** Three-env model (CMS_REQUIREMENTS §16.5). Cloud installs always provision all three. */
+    readonly environments: ReadonlyArray<Environment>;
+    /** Per-locale routing config — drives per-domain cert + DNS guidance + edge routing. */
+    readonly locales: ReadonlyArray<LocaleConfig>;
+    /** Optional pre-existing secret references (e.g. from a CI secrets manager). */
+    readonly preProvisionedSecrets?: {
+        readonly anthropicApiKey?: string;
+        readonly resendApiKey?: string;
+    };
+}
+/**
+ * DNS records the operator must create at their registrar to make the
+ * install reachable. Surfaced in the admin's /security/dns page with
+ * live resolver status badges.
+ */
+export interface DnsRecord {
+    readonly hostname: string;
+    readonly type: "A" | "AAAA" | "CNAME" | "TXT";
+    readonly value: string;
+    readonly purpose: string;
+}
+/**
+ * Plain-data adapter outputs. Per-stack code wraps each field in
+ * `pulumi.Output<…>` at the Pulumi boundary, but the *shape* is shared
+ * across providers so the cms-provision CLI + the DNS UI can consume
+ * any provider's outputs uniformly.
+ */
+export interface CloudAdapterOutputs {
+    /** DSN for cms_admin role (encrypted in Pulumi state). */
+    readonly adminDatabaseUrl: string;
+    /** DSN for cms_public role (encrypted in Pulumi state). */
+    readonly publicDatabaseUrl: string;
+    /** Provider-native blob URL (s3://, gs://, https://<account>.blob.core.windows.net/<container>). */
+    readonly mediaStorageUrl: string;
+    /** Public-facing URL the admin reaches for media reads. */
+    readonly mediaCdnBaseUrl: string;
+    /** Bootstrap-token URL — operator opens this once after `pulumi up`. */
+    readonly bootstrapUrl: string;
+    /** DNS records consumed by the admin's DNS-guidance page. */
+    readonly dnsRecordsRequired: ReadonlyArray<DnsRecord>;
+    /**
+     * Where edge-A/B assignment logs land — read by the P12A analytics plugin's
+     * provider-specific log adapter. Provider-native sink URL (BigQuery dataset,
+     * Athena database, Log Analytics workspace).
+     */
+    readonly edgeLogSinkUrl: string;
+    /** Which provider produced these outputs — drives the analytics plugin's adapter dispatch. */
+    readonly provider: SupportedProvider;
+    /** Which environment this output snapshot represents. */
+    readonly environment: Environment;
+}
+export type SupportedProvider = "self-hosted" | "gcp" | "aws" | "azure";
+/**
+ * Convenience: the shape persisted in `cms_admin.provisioning_outputs.outputs_json`.
+ * Pulumi runs the adapter, the CLI's `pulumi-output-sync` subcommand reads
+ * `pulumi stack output --json`, hashes the result, and writes a row keyed on
+ * (provider, environment) so the admin UI can read without provider creds.
+ */
+export interface ProvisioningOutputsJson {
+    readonly outputs: CloudAdapterOutputs;
+    readonly syncedAt: string;
+}
+//# sourceMappingURL=adapter.d.ts.map

package/dist/adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"adapter.d.ts","sourceRoot":"","sources":["../src/adapter.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;GAgBG;AAEH,MAAM,MAAM,WAAW,GAAG,KAAK,GAAG,SAAS,GAAG,YAAY,CAAC;AAC3D,MAAM,MAAM,cAAc,GAAG,cAAc,GAAG,WAAW,GAAG,QAAQ,CAAC;AAErE,MAAM,WAAW,YAAY;IAC3B,0CAA0C;IAC1C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,8EAA8E;IAC9E,QAAQ,CAAC,QAAQ,EAAE,cAAc,CAAC;IAClC,qFAAqF;IACrF,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,kBAAkB;IACjC,mFAAmF;IACnF,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,+EAA+E;IAC/E,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,2FAA2F;IAC3F,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC;IAClD,wFAAwF;IACxF,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;IAC9C,gFAAgF;IAChF,QAAQ,CAAC,qBAAqB,CAAC,EAAE;QAC/B,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;QAClC,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;KAChC,CAAC;CACH;AAED;;;;GAIG;AACH,MAAM,WAAW,SAAS;IACxB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,GAAG,GAAG,MAAM,GAAG,OAAO,GAAG,KAAK,CAAC;IAC9C,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED;;;;;GAKG;AACH,MAAM,WAAW,mBAAmB;IAClC,0DAA0D;IAC1D,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,2DAA2D;IAC3D,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,oGAAoG;IACpG,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,2DAA2D;IAC3D,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,wEAAwE;IACxE,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,6DAA6D;IAC7D,QAAQ,CAAC,kBAAkB,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC;IACtD;;;;OAIG;IACH,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,8FAA8F;IAC9F,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IACrC,yDAAyD;IACzD,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;CACnC;AAED,MAAM,MAAM,iBAAiB,GAAG,aAAa,GAAG,KAAK,GAAG,KAAK,GAAG,OAAO,CAAC;AAExE;;;;;GAKG;AACH,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,OAAO,EAAE,mBAAmB,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B"}

package/dist/adapter.js

@@ -0,0 +1,3 @@
+// SPDX-License-Identifier: MPL-2.0
+export {};
+//# sourceMappingURL=adapter.js.map

package/dist/adapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"adapter.js","sourceRoot":"","sources":["../src/adapter.ts"],"names":[],"mappings":"AAAA,mCAAmC"}

package/dist/bootstrap-token.d.ts

@@ -0,0 +1,11 @@
+/**
+ * P14 — owner bootstrap token. cms-provision generates one at first
+ * `up`; the operator visits /setup?token=<…> to create the first
+ * Owner. Single-use, 24h TTL.
+ */
+export interface BootstrapToken {
+    readonly token: string;
+    readonly expiresAt: string;
+}
+export declare function generateBootstrapToken(): BootstrapToken;
+//# sourceMappingURL=bootstrap-token.d.ts.map

package/dist/bootstrap-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bootstrap-token.d.ts","sourceRoot":"","sources":["../src/bootstrap-token.ts"],"names":[],"mappings":"AAEA;;;;GAIG;AAEH,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,wBAAgB,sBAAsB,IAAI,cAAc,CAMvD"}

package/dist/bootstrap-token.js

@@ -0,0 +1,9 @@
+// SPDX-License-Identifier: MPL-2.0
+export function generateBootstrapToken() {
+    const bytes = new Uint8Array(32);
+    crypto.getRandomValues(bytes);
+    const token = [...bytes].map((b) => b.toString(16).padStart(2, "0")).join("");
+    const expiresAt = new Date(Date.now() + 24 * 60 * 60 * 1000).toISOString();
+    return { token, expiresAt };
+}
+//# sourceMappingURL=bootstrap-token.js.map

package/dist/bootstrap-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bootstrap-token.js","sourceRoot":"","sources":["../src/bootstrap-token.ts"],"names":[],"mappings":"AAAA,mCAAmC;AAanC,MAAM,UAAU,sBAAsB;IACpC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC9B,MAAM,KAAK,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC9E,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAC3E,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;AAC9B,CAAC"}

package/dist/caddy.d.ts

@@ -0,0 +1,34 @@
+/**
+ * P14 — Caddyfile generator.
+ *
+ * Reads the `domains` table + the deploy targets and emits a
+ * deterministic Caddyfile string. The CLI's `regenerate-caddy`
+ * sub-command writes this to `/etc/caddy/Caddyfile` and runs
+ * `caddy reload`.
+ *
+ * Per-vhost shape:
+ *   <hostname> {
+ *     # admin   → reverse_proxy localhost:5173
+ *     # public  → root + try_files (static), with /api/* → gateway
+ *     # locale  → same as public, scoped to a per-locale dist dir
+ *     tls <ownerEmail>
+ *   }
+ *
+ * Staging vhosts force `X-Robots-Tag: noindex`.
+ */
+export interface CaddyDomainSpec {
+    readonly hostname: string;
+    readonly kind: "admin" | "public" | "locale-public";
+    readonly localeCode?: string;
+    readonly env: "production" | "staging";
+}
+export interface CaddyfileSpec {
+    readonly ownerEmail: string;
+    readonly publicSiteRoot: string;
+    readonly stagingSiteRoot: string;
+    readonly adminPort: number;
+    readonly gatewayPort: number;
+    readonly domains: ReadonlyArray<CaddyDomainSpec>;
+}
+export declare function generateCaddyfile(spec: CaddyfileSpec): string;
+//# sourceMappingURL=caddy.d.ts.map

package/dist/caddy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"caddy.d.ts","sourceRoot":"","sources":["../src/caddy.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;GAiBG;AAEH,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,OAAO,GAAG,QAAQ,GAAG,eAAe,CAAC;IACpD,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,GAAG,EAAE,YAAY,GAAG,SAAS,CAAC;CACxC;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;CAClD;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,aAAa,GAAG,MAAM,CAyB7D"}

package/dist/caddy.js

@@ -0,0 +1,53 @@
+// SPDX-License-Identifier: MPL-2.0
+export function generateCaddyfile(spec) {
+    const blocks = [];
+    // Global options.
+    blocks.push(`{
+  email ${spec.ownerEmail}
+}
+`);
+    for (const d of spec.domains) {
+        blocks.push(vhost(d, spec));
+    }
+    // Localhost dev fallback when no domains are configured (so a fresh
+    // `cms-provision` produces a working Caddyfile even pre-DNS).
+    if (spec.domains.length === 0) {
+        blocks.push(`# No domains configured yet — cms-provision regenerate-caddy
+# will overwrite this file when you add one at /security/domains.
+:8081 {
+  reverse_proxy localhost:${spec.adminPort}
+}
+`);
+    }
+    return blocks.join("\n");
+}
+function vhost(d, spec) {
+    const noindex = d.env === "staging" ? `\n  header X-Robots-Tag "noindex"` : "";
+    if (d.kind === "admin") {
+        return `${d.hostname} {${noindex}
+  reverse_proxy localhost:${spec.adminPort}
+}
+`;
+    }
+    // public / locale-public — same shape: API routes go to the gateway,
+    // the rest serves static files. Locale variants serve from a
+    // per-locale subdirectory.
+    const root = d.env === "staging" ? spec.stagingSiteRoot : spec.publicSiteRoot;
+    const localeSubdir = d.kind === "locale-public" && d.localeCode ? `/${d.localeCode}` : "";
+    return `${d.hostname} {${noindex}
+  root * ${root}${localeSubdir}
+  handle /api/* {
+    reverse_proxy localhost:${spec.gatewayPort}
+  }
+  handle /admin/* {
+    reverse_proxy localhost:${spec.adminPort}
+  }
+  handle {
+    file_server {
+      try_files {path} {path}/index.html /index.html
+    }
+  }
+}
+`;
+}
+//# sourceMappingURL=caddy.js.map

package/dist/caddy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"caddy.js","sourceRoot":"","sources":["../src/caddy.ts"],"names":[],"mappings":"AAAA,mCAAmC;AAqCnC,MAAM,UAAU,iBAAiB,CAAC,IAAmB;IACnD,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,kBAAkB;IAClB,MAAM,CAAC,IAAI,CAAC;UACJ,IAAI,CAAC,UAAU;;CAExB,CAAC,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;IAC9B,CAAC;IAED,oEAAoE;IACpE,8DAA8D;IAC9D,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC;;;4BAGY,IAAI,CAAC,SAAS;;CAEzC,CAAC,CAAC;IACD,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,SAAS,KAAK,CAAC,CAAkB,EAAE,IAAmB;IACpD,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,mCAAmC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/E,IAAI,CAAC,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACvB,OAAO,GAAG,CAAC,CAAC,QAAQ,KAAK,OAAO;4BACR,IAAI,CAAC,SAAS;;CAEzC,CAAC;IACA,CAAC;IACD,qEAAqE;IACrE,6DAA6D;IAC7D,2BAA2B;IAC3B,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;IAC9E,MAAM,YAAY,GAAG,CAAC,CAAC,IAAI,KAAK,eAAe,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1F,OAAO,GAAG,CAAC,CAAC,QAAQ,KAAK,OAAO;WACvB,IAAI,GAAG,YAAY;;8BAEA,IAAI,CAAC,WAAW;;;8BAGhB,IAAI,CAAC,SAAS;;;;;;;;CAQ3C,CAAC;AACF,CAAC"}

package/{src/cdn-copy.ts → dist/cdn-copy.d.ts}

@@ -1,5 +1,3 @@
-// SPDX-License-Identifier: MPL-2.0
-
 /**
  * P15 — per-provider CDN-copy adapter contract.
  *
@@ -21,32 +19,22 @@
  * `@aws-sdk/...`/`@google-cloud/...`/`@azure/...` as static deps). The
  * interface defined here is the only thing both sides agree on.
  */
-
 export interface CdnCopyAdapter {
-  /**
-   * Mark the asset at `assetKey` (object key in primary storage) as
-   * CDN-cached. Returns the public CDN URL — admin uses this as the
-   * canonical URL for the asset thereafter.
-   */
-  pin(assetKey: string): Promise<string>;
-  /** Reverse — drop from CDN edge cache. */
-  unpin(assetKey: string): Promise<void>;
+    /**
+     * Mark the asset at `assetKey` (object key in primary storage) as
+     * CDN-cached. Returns the public CDN URL — admin uses this as the
+     * canonical URL for the asset thereafter.
+     */
+    pin(assetKey: string): Promise<string>;
+    /** Reverse — drop from CDN edge cache. */
+    unpin(assetKey: string): Promise<void>;
 }
-
 /**
  * No-op adapter for self-hosted installs (Caddy serves directly from
  * disk; no separate CDN tier). Returns the input asset key as a relative
  * URL so callers don't have to special-case the no-CDN case.
  */
-export const selfHostedCdnCopy: CdnCopyAdapter = {
-  async pin(assetKey) {
-    return `/media/${assetKey}`;
-  },
-  async unpin() {
-    // no-op
-  },
-};
-
+export declare const selfHostedCdnCopy: CdnCopyAdapter;
 /**
  * Resolves the right adapter per `process.env.CAELO_PROVIDER`. Lazy
  * dynamic-imports the per-provider implementation so a self-hosted
@@ -61,24 +49,5 @@ export const selfHostedCdnCopy: CdnCopyAdapter = {
  * a deploy bug + the orchestrator tick should crash loudly so the
  * operator notices instead of silently dropping CDN-pin requests.
  */
-export async function loadCdnCopyAdapter(provider?: string): Promise<CdnCopyAdapter> {
-  switch (provider) {
-    case "gcp":
-      // biome-ignore lint/suspicious/noExplicitAny: opt-in dynamic import
-      return ((await import("./cdn-copy-gcs.js" as string)) as any).gcsCloudCdnPin;
-    case "aws":
-      // biome-ignore lint/suspicious/noExplicitAny: opt-in dynamic import
-      return ((await import("./cdn-copy-aws.js" as string)) as any).s3CloudfrontPrewarm;
-    case "azure":
-      // biome-ignore lint/suspicious/noExplicitAny: opt-in dynamic import
-      return ((await import("./cdn-copy-azure.js" as string)) as any).azureBlobCdnPrefetch;
-    case undefined:
-    case "":
-    case "self-hosted":
-      return selfHostedCdnCopy;
-    default:
-      throw new Error(
-        `loadCdnCopyAdapter: unknown CAELO_PROVIDER='${provider}'. Expected one of: self-hosted | gcp | aws | azure.`,
-      );
-  }
-}
+export declare function loadCdnCopyAdapter(provider?: string): Promise<CdnCopyAdapter>;
+//# sourceMappingURL=cdn-copy.d.ts.map

package/dist/cdn-copy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cdn-copy.d.ts","sourceRoot":"","sources":["../src/cdn-copy.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,MAAM,WAAW,cAAc;IAC7B;;;;OAIG;IACH,GAAG,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACvC,0CAA0C;IAC1C,KAAK,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACxC;AAED;;;;GAIG;AACH,eAAO,MAAM,iBAAiB,EAAE,cAO/B,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,wBAAsB,kBAAkB,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAoBnF"}

package/dist/cdn-copy.js

@@ -0,0 +1,48 @@
+// SPDX-License-Identifier: MPL-2.0
+/**
+ * No-op adapter for self-hosted installs (Caddy serves directly from
+ * disk; no separate CDN tier). Returns the input asset key as a relative
+ * URL so callers don't have to special-case the no-CDN case.
+ */
+export const selfHostedCdnCopy = {
+    async pin(assetKey) {
+        return `/media/${assetKey}`;
+    },
+    async unpin() {
+        // no-op
+    },
+};
+/**
+ * Resolves the right adapter per `process.env.CAELO_PROVIDER`. Lazy
+ * dynamic-imports the per-provider implementation so a self-hosted
+ * install never loads the cloud SDKs.
+ *
+ * Returns `selfHostedCdnCopy` ONLY for `provider==='self-hosted'` or an
+ * unset env (treated as self-hosted). For `gcp`/`aws`/`azure`, the
+ * matching `cdn-copy-<gcs|aws|azure>.ts` file MUST exist in this
+ * directory — those land with the per-provider PRs. Per CLAUDE.md §2
+ * "no fallbacks pre-1.0" we deliberately do NOT silently degrade to
+ * the self-hosted no-op when the file is missing: a missing module is
+ * a deploy bug + the orchestrator tick should crash loudly so the
+ * operator notices instead of silently dropping CDN-pin requests.
+ */
+export async function loadCdnCopyAdapter(provider) {
+    switch (provider) {
+        case "gcp":
+            // biome-ignore lint/suspicious/noExplicitAny: opt-in dynamic import
+            return (await import("./cdn-copy-gcs.js")).gcsCloudCdnPin;
+        case "aws":
+            // biome-ignore lint/suspicious/noExplicitAny: opt-in dynamic import
+            return (await import("./cdn-copy-aws.js")).s3CloudfrontPrewarm;
+        case "azure":
+            // biome-ignore lint/suspicious/noExplicitAny: opt-in dynamic import
+            return (await import("./cdn-copy-azure.js")).azureBlobCdnPrefetch;
+        case undefined:
+        case "":
+        case "self-hosted":
+            return selfHostedCdnCopy;
+        default:
+            throw new Error(`loadCdnCopyAdapter: unknown CAELO_PROVIDER='${provider}'. Expected one of: self-hosted | gcp | aws | azure.`);
+    }
+}
+//# sourceMappingURL=cdn-copy.js.map

package/dist/cdn-copy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cdn-copy.js","sourceRoot":"","sources":["../src/cdn-copy.ts"],"names":[],"mappings":"AAAA,mCAAmC;AAmCnC;;;;GAIG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAmB;IAC/C,KAAK,CAAC,GAAG,CAAC,QAAQ;QAChB,OAAO,UAAU,QAAQ,EAAE,CAAC;IAC9B,CAAC;IACD,KAAK,CAAC,KAAK;QACT,QAAQ;IACV,CAAC;CACF,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,QAAiB;IACxD,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,KAAK;YACR,oEAAoE;YACpE,OAAQ,CAAC,MAAM,MAAM,CAAC,mBAA6B,CAAC,CAAS,CAAC,cAAc,CAAC;QAC/E,KAAK,KAAK;YACR,oEAAoE;YACpE,OAAQ,CAAC,MAAM,MAAM,CAAC,mBAA6B,CAAC,CAAS,CAAC,mBAAmB,CAAC;QACpF,KAAK,OAAO;YACV,oEAAoE;YACpE,OAAQ,CAAC,MAAM,MAAM,CAAC,qBAA+B,CAAC,CAAS,CAAC,oBAAoB,CAAC;QACvF,KAAK,SAAS,CAAC;QACf,KAAK,EAAE,CAAC;QACR,KAAK,aAAa;YAChB,OAAO,iBAAiB,CAAC;QAC3B;YACE,MAAM,IAAI,KAAK,CACb,+CAA+C,QAAQ,sDAAsD,CAC9G,CAAC;IACN,CAAC;AACH,CAAC"}

package/dist/cli.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env bun
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}