@caelo-cms/provisioning 0.1.0 → 0.2.1

package/stacks/self-hosted/index.ts

@@ -23,9 +23,9 @@
 import { resolve } from "node:path";
 import { local } from "@pulumi/command";
 import * as pulumi from "@pulumi/pulumi";
-import { generateBootstrapToken } from "../../src/bootstrap-token.js";
-import { generateCaddyfile } from "../../src/caddy.js";
-import { generateDockerCompose } from "../../src/compose.js";
+import { generateBootstrapToken } from "../../dist/bootstrap-token.js";
+import { generateCaddyfile } from "../../dist/caddy.js";
+import { generateDockerCompose } from "../../dist/compose.js";
 
 const cfg = new pulumi.Config();
 const domain = cfg.require("domain");

package/static/welcome.html

@@ -0,0 +1,155 @@
+<!doctype html>
+<!-- SPDX-License-Identifier: MPL-2.0 -->
+<!--
+  Caelo CMS — fresh-install placeholder.
+  Uploaded by the provisioning wizard the first time it brings up the
+  static bucket. Replaced the moment the operator publishes their
+  first deploy via the admin app's "Publish" flow.
+-->
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <meta name="robots" content="noindex">
+  <title>Caelo CMS — your install is ready</title>
+  <style>
+    *,*::before,*::after { box-sizing: border-box; margin: 0; padding: 0; }
+    :root {
+      --fg: #0c0d12;
+      --muted: #4a4e5e;
+      --accent: #4f46e5;
+      --accent-glow: #818cf8;
+      --card-bg: rgba(255,255,255,0.78);
+      --card-border: rgba(255,255,255,0.55);
+      --shadow: 0 30px 60px -20px rgba(15,17,40,0.18), 0 8px 18px -8px rgba(15,17,40,0.10);
+    }
+    html, body { height: 100%; }
+    body {
+      font: 16px/1.55 system-ui, -apple-system, "Segoe UI", Helvetica, Arial, sans-serif;
+      color: var(--fg);
+      display: grid;
+      place-items: center;
+      padding: 2rem;
+      background: #f6f6fb;
+      overflow: hidden;
+      position: relative;
+    }
+    /* Animated mesh-gradient background. Three soft blobs orbiting at
+       different speeds; backdrop-filter on the card softens them. */
+    .blob {
+      position: fixed;
+      border-radius: 50%;
+      filter: blur(80px);
+      opacity: 0.55;
+      pointer-events: none;
+      animation: drift 22s ease-in-out infinite;
+      will-change: transform;
+    }
+    .blob.b1 { width: 520px; height: 520px; background: #818cf8; top: -120px; left: -160px; animation-delay: -3s; }
+    .blob.b2 { width: 460px; height: 460px; background: #f0abfc; bottom: -180px; right: -140px; animation-delay: -8s; }
+    .blob.b3 { width: 380px; height: 380px; background: #67e8f9; top: 40%; left: 55%; animation-delay: -14s; animation-duration: 27s; }
+    @keyframes drift {
+      0%, 100% { transform: translate(0, 0) scale(1); }
+      33%      { transform: translate(40px, -30px) scale(1.07); }
+      66%      { transform: translate(-30px, 35px) scale(0.96); }
+    }
+    @media (prefers-reduced-motion: reduce) {
+      .blob { animation: none; }
+    }
+
+    main {
+      position: relative;
+      z-index: 1;
+      max-width: 36rem;
+      width: 100%;
+      background: var(--card-bg);
+      border: 1px solid var(--card-border);
+      border-radius: 22px;
+      padding: 2.5rem;
+      box-shadow: var(--shadow);
+      backdrop-filter: blur(14px) saturate(140%);
+      -webkit-backdrop-filter: blur(14px) saturate(140%);
+    }
+
+    .brand {
+      display: flex;
+      align-items: center;
+      gap: 0.65rem;
+      font-weight: 600;
+      letter-spacing: -0.01em;
+      color: var(--muted);
+      font-size: 0.95rem;
+      margin-bottom: 1.5rem;
+    }
+    .brand .dot {
+      width: 10px; height: 10px; border-radius: 50%;
+      background: var(--accent);
+      box-shadow: 0 0 0 0 var(--accent-glow);
+      animation: pulse 1.8s ease-out infinite;
+    }
+    @keyframes pulse {
+      0%   { box-shadow: 0 0 0 0 rgba(79,70,229,0.55); }
+      70%  { box-shadow: 0 0 0 12px rgba(79,70,229,0); }
+      100% { box-shadow: 0 0 0 0 rgba(79,70,229,0); }
+    }
+    @media (prefers-reduced-motion: reduce) {
+      .brand .dot { animation: none; }
+    }
+
+    h1 {
+      font-size: clamp(1.65rem, 1.2rem + 1.6vw, 2.25rem);
+      letter-spacing: -0.02em;
+      line-height: 1.15;
+      margin-bottom: 0.65rem;
+    }
+    p { color: var(--muted); margin-bottom: 1rem; }
+    p:last-child { margin-bottom: 0; }
+
+    .cta {
+      display: inline-flex;
+      align-items: center;
+      gap: 0.5rem;
+      margin-top: 1.5rem;
+      padding: 0.75rem 1.1rem;
+      background: var(--fg);
+      color: #fff;
+      text-decoration: none;
+      border-radius: 12px;
+      font-weight: 500;
+      transition: transform 0.15s ease, box-shadow 0.15s ease;
+    }
+    .cta:hover { transform: translateY(-1px); box-shadow: 0 12px 24px -8px rgba(15,17,40,0.25); }
+    .cta svg { width: 14px; height: 14px; }
+
+    .hint {
+      margin-top: 2rem;
+      padding-top: 1.5rem;
+      border-top: 1px solid rgba(15,17,40,0.08);
+      font-size: 0.875rem;
+      color: var(--muted);
+    }
+    .hint code {
+      font: 0.85em ui-monospace, "SF Mono", Menlo, Consolas, monospace;
+      background: rgba(15,17,40,0.05);
+      padding: 0.15em 0.45em;
+      border-radius: 6px;
+    }
+    .hint a { color: var(--accent); text-decoration: none; }
+    .hint a:hover { text-decoration: underline; }
+  </style>
+</head>
+<body>
+  <div class="blob b1"></div>
+  <div class="blob b2"></div>
+  <div class="blob b3"></div>
+
+  <main>
+    <div class="brand"><span class="dot"></span>Caelo&nbsp;CMS</div>
+    <h1>Your install is up. One more step.</h1>
+    <p>This is the placeholder Caelo serves on a fresh deploy. The operator who provisioned this install has a one-time bootstrap link in their terminal output — opening it walks through Owner-account setup. After publish, this page disappears.</p>
+    <div class="hint">
+      Bootstrap link expires in 24h and rotates per <code>bunx @caelo-cms/provisioning</code> run. After Owner setup, the admin lives at <code>{{ADMIN_URL}}</code> behind <code>Sign in with Google</code> (IAP allowlist).
+    </div>
+  </main>
+</body>
+</html>

package/src/adapter.ts

@@ -1,103 +0,0 @@
-// SPDX-License-Identifier: MPL-2.0
-
-/**
- * P15 — shared cloud-provider adapter contract.
- *
- * Every per-provider Pulumi stack at `packages/provisioning/stacks/<provider>/`
- * exports a `provision(inputs: CloudAdapterInputs): CloudAdapterOutputs`
- * function. The Caelo runtime never knows which provider it's running
- * on — it just consumes the connection strings + URLs the adapter
- * publishes via `CloudAdapterOutputs`. This keeps the per-provider
- * surface small (~6 capabilities, see master plan) and the runtime
- * provider-agnostic.
- *
- * Pulumi types are intentionally NOT imported here so that callers
- * outside the Pulumi runtime (e.g. the cms-provision CLI, the admin
- * app's DNS-guidance page) can consume the *plain* shape without
- * dragging in the @pulumi/pulumi peer dep. Per-stack `index.ts` files
- * narrow the output type to `pulumi.Output<T>` at their boundary.
- */
-
-export type Environment = "dev" | "staging" | "production";
-export type LocaleStrategy = "subdirectory" | "subdomain" | "domain";
-
-export interface LocaleConfig {
-  /** ISO code, e.g. "en", "de", "fr-CA". */
-  readonly code: string;
-  /** URL strategy. Mixed strategies in one install are explicitly supported. */
-  readonly strategy: LocaleStrategy;
-  /** Required when strategy is "subdomain" or "domain"; ignored for "subdirectory". */
-  readonly host?: string;
-}
-
-export interface CloudAdapterInputs {
-  /** Primary domain (e.g. example.com). Admin + production public both bind here. */
-  readonly domain: string;
-  /** Operator email used for ACME / cert provisioning + Pulumi notifications. */
-  readonly ownerEmail: string;
-  /** Three-env model (CMS_REQUIREMENTS §16.5). Cloud installs always provision all three. */
-  readonly environments: ReadonlyArray<Environment>;
-  /** Per-locale routing config — drives per-domain cert + DNS guidance + edge routing. */
-  readonly locales: ReadonlyArray<LocaleConfig>;
-  /** Optional pre-existing secret references (e.g. from a CI secrets manager). */
-  readonly preProvisionedSecrets?: {
-    readonly anthropicApiKey?: string;
-    readonly resendApiKey?: string;
-  };
-}
-
-/**
- * DNS records the operator must create at their registrar to make the
- * install reachable. Surfaced in the admin's /security/dns page with
- * live resolver status badges.
- */
-export interface DnsRecord {
-  readonly hostname: string; // e.g. "de.example.com"
-  readonly type: "A" | "AAAA" | "CNAME" | "TXT";
-  readonly value: string; // the value the operator's registrar must hold
-  readonly purpose: string; // human-readable description
-}
-
-/**
- * Plain-data adapter outputs. Per-stack code wraps each field in
- * `pulumi.Output<…>` at the Pulumi boundary, but the *shape* is shared
- * across providers so the cms-provision CLI + the DNS UI can consume
- * any provider's outputs uniformly.
- */
-export interface CloudAdapterOutputs {
-  /** DSN for cms_admin role (encrypted in Pulumi state). */
-  readonly adminDatabaseUrl: string;
-  /** DSN for cms_public role (encrypted in Pulumi state). */
-  readonly publicDatabaseUrl: string;
-  /** Provider-native blob URL (s3://, gs://, https://<account>.blob.core.windows.net/<container>). */
-  readonly mediaStorageUrl: string;
-  /** Public-facing URL the admin reaches for media reads. */
-  readonly mediaCdnBaseUrl: string;
-  /** Bootstrap-token URL — operator opens this once after `pulumi up`. */
-  readonly bootstrapUrl: string;
-  /** DNS records consumed by the admin's DNS-guidance page. */
-  readonly dnsRecordsRequired: ReadonlyArray<DnsRecord>;
-  /**
-   * Where edge-A/B assignment logs land — read by the P12A analytics plugin's
-   * provider-specific log adapter. Provider-native sink URL (BigQuery dataset,
-   * Athena database, Log Analytics workspace).
-   */
-  readonly edgeLogSinkUrl: string;
-  /** Which provider produced these outputs — drives the analytics plugin's adapter dispatch. */
-  readonly provider: SupportedProvider;
-  /** Which environment this output snapshot represents. */
-  readonly environment: Environment;
-}
-
-export type SupportedProvider = "self-hosted" | "gcp" | "aws" | "azure";
-
-/**
- * Convenience: the shape persisted in `cms_admin.provisioning_outputs.outputs_json`.
- * Pulumi runs the adapter, the CLI's `pulumi-output-sync` subcommand reads
- * `pulumi stack output --json`, hashes the result, and writes a row keyed on
- * (provider, environment) so the admin UI can read without provider creds.
- */
-export interface ProvisioningOutputsJson {
-  readonly outputs: CloudAdapterOutputs;
-  readonly syncedAt: string; // ISO timestamp
-}

package/src/bootstrap-token.ts

@@ -1,20 +0,0 @@
-// SPDX-License-Identifier: MPL-2.0
-
-/**
- * P14 — owner bootstrap token. cms-provision generates one at first
- * `up`; the operator visits /setup?token=<…> to create the first
- * Owner. Single-use, 24h TTL.
- */
-
-export interface BootstrapToken {
-  readonly token: string;
-  readonly expiresAt: string;
-}
-
-export function generateBootstrapToken(): BootstrapToken {
-  const bytes = new Uint8Array(32);
-  crypto.getRandomValues(bytes);
-  const token = [...bytes].map((b) => b.toString(16).padStart(2, "0")).join("");
-  const expiresAt = new Date(Date.now() + 24 * 60 * 60 * 1000).toISOString();
-  return { token, expiresAt };
-}

package/src/caddy.ts

@@ -1,93 +0,0 @@
-// SPDX-License-Identifier: MPL-2.0
-
-/**
- * P14 — Caddyfile generator.
- *
- * Reads the `domains` table + the deploy targets and emits a
- * deterministic Caddyfile string. The CLI's `regenerate-caddy`
- * sub-command writes this to `/etc/caddy/Caddyfile` and runs
- * `caddy reload`.
- *
- * Per-vhost shape:
- *   <hostname> {
- *     # admin   → reverse_proxy localhost:5173
- *     # public  → root + try_files (static), with /api/* → gateway
- *     # locale  → same as public, scoped to a per-locale dist dir
- *     tls <ownerEmail>
- *   }
- *
- * Staging vhosts force `X-Robots-Tag: noindex`.
- */
-
-export interface CaddyDomainSpec {
-  readonly hostname: string;
-  readonly kind: "admin" | "public" | "locale-public";
-  readonly localeCode?: string;
-  readonly env: "production" | "staging";
-}
-
-export interface CaddyfileSpec {
-  readonly ownerEmail: string;
-  readonly publicSiteRoot: string; // absolute path on disk
-  readonly stagingSiteRoot: string;
-  readonly adminPort: number;
-  readonly gatewayPort: number;
-  readonly domains: ReadonlyArray<CaddyDomainSpec>;
-}
-
-export function generateCaddyfile(spec: CaddyfileSpec): string {
-  const blocks: string[] = [];
-
-  // Global options.
-  blocks.push(`{
-  email ${spec.ownerEmail}
-}
-`);
-
-  for (const d of spec.domains) {
-    blocks.push(vhost(d, spec));
-  }
-
-  // Localhost dev fallback when no domains are configured (so a fresh
-  // `cms-provision` produces a working Caddyfile even pre-DNS).
-  if (spec.domains.length === 0) {
-    blocks.push(`# No domains configured yet — cms-provision regenerate-caddy
-# will overwrite this file when you add one at /security/domains.
-:8081 {
-  reverse_proxy localhost:${spec.adminPort}
-}
-`);
-  }
-
-  return blocks.join("\n");
-}
-
-function vhost(d: CaddyDomainSpec, spec: CaddyfileSpec): string {
-  const noindex = d.env === "staging" ? `\n  header X-Robots-Tag "noindex"` : "";
-  if (d.kind === "admin") {
-    return `${d.hostname} {${noindex}
-  reverse_proxy localhost:${spec.adminPort}
-}
-`;
-  }
-  // public / locale-public — same shape: API routes go to the gateway,
-  // the rest serves static files. Locale variants serve from a
-  // per-locale subdirectory.
-  const root = d.env === "staging" ? spec.stagingSiteRoot : spec.publicSiteRoot;
-  const localeSubdir = d.kind === "locale-public" && d.localeCode ? `/${d.localeCode}` : "";
-  return `${d.hostname} {${noindex}
-  root * ${root}${localeSubdir}
-  handle /api/* {
-    reverse_proxy localhost:${spec.gatewayPort}
-  }
-  handle /admin/* {
-    reverse_proxy localhost:${spec.adminPort}
-  }
-  handle {
-    file_server {
-      try_files {path} {path}/index.html /index.html
-    }
-  }
-}
-`;
-}