npm - @caelo-cms/provisioning - Versions diffs - 0.1.1 → 0.2.1 - Mend

@caelo-cms/provisioning 0.1.1 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (65) hide show

package/dist/cli.js +92 -7
package/dist/cli.js.map +1 -1
package/dist/compose.d.ts +7 -0
package/dist/compose.d.ts.map +1 -1
package/dist/compose.js +10 -9
package/dist/compose.js.map +1 -1
package/dist/dns/cloudflare.d.ts +9 -0
package/dist/dns/cloudflare.d.ts.map +1 -0
package/dist/dns/cloudflare.js +160 -0
package/dist/dns/cloudflare.js.map +1 -0
package/dist/dns/index.d.ts +12 -0
package/dist/dns/index.d.ts.map +1 -0
package/dist/dns/index.js +42 -0
package/dist/dns/index.js.map +1 -0
package/dist/dns/manual.d.ts +5 -0
package/dist/dns/manual.d.ts.map +1 -0
package/dist/dns/manual.js +96 -0
package/dist/dns/manual.js.map +1 -0
package/dist/dns/types.d.ts +23 -0
package/dist/dns/types.d.ts.map +1 -0
package/dist/dns/types.js +3 -0
package/dist/dns/types.js.map +1 -0
package/dist/gcloud.d.ts +42 -0
package/dist/gcloud.d.ts.map +1 -0
package/dist/gcloud.js +187 -0
package/dist/gcloud.js.map +1 -0
package/dist/install-state.d.ts +54 -0
package/dist/install-state.d.ts.map +1 -0
package/dist/install-state.js +118 -0
package/dist/install-state.js.map +1 -0
package/dist/lifecycle.d.ts +19 -0
package/dist/lifecycle.d.ts.map +1 -0
package/dist/lifecycle.js +589 -0
package/dist/lifecycle.js.map +1 -0
package/dist/migration-runner.d.ts +15 -0
package/dist/migration-runner.d.ts.map +1 -0
package/dist/migration-runner.js +174 -0
package/dist/migration-runner.js.map +1 -0
package/dist/redirects-emit.d.ts.map +1 -1
package/dist/redirects-emit.js +4 -1
package/dist/redirects-emit.js.map +1 -1
package/dist/wizard.d.ts +35 -0
package/dist/wizard.d.ts.map +1 -0
package/dist/wizard.js +160 -0
package/dist/wizard.js.map +1 -0
package/dist/wizards/gcp-cost.d.ts +27 -0
package/dist/wizards/gcp-cost.d.ts.map +1 -0
package/dist/wizards/gcp-cost.js +77 -0
package/dist/wizards/gcp-cost.js.map +1 -0
package/dist/wizards/gcp-pulumi.d.ts +37 -0
package/dist/wizards/gcp-pulumi.d.ts.map +1 -0
package/dist/wizards/gcp-pulumi.js +100 -0
package/dist/wizards/gcp-pulumi.js.map +1 -0
package/dist/wizards/gcp.d.ts +9 -0
package/dist/wizards/gcp.d.ts.map +1 -0
package/dist/wizards/gcp.js +895 -0
package/dist/wizards/gcp.js.map +1 -0
package/package.json +13 -2
package/stacks/aws/index.ts +6 -7
package/stacks/azure/index.ts +11 -11
package/stacks/gcp/Pulumi.production.yaml +16 -0
package/stacks/gcp/Pulumi.yaml +52 -6
package/stacks/gcp/index.ts +569 -188
package/stacks/self-hosted/index.ts +3 -3
package/static/welcome.html +155 -0

package/dist/migration-runner.js ADDED Viewed

@@ -0,0 +1,174 @@
+// SPDX-License-Identifier: MPL-2.0
+/**
+ * P21 ship 3 — shared migration runner. Used by both the GCP wizard
+ * (apps/admin/scripts/wizards/gcp.ts) AND the lifecycle `upgrade`
+ * command (lifecycle.ts).
+ *
+ * Spawns a one-shot Cloud Run Job that invokes
+ * `bun /app/packages/migrations/src/migrate.ts <target>` against the
+ * private-IP Cloud SQL instance. The job inherits the running admin
+ * Cloud Run's image (so it always carries the matching migration set)
+ * + its DB URLs + its network/subnet.
+ *
+ * Idempotent: drizzle's `__drizzle_migrations` table tracks applied
+ * versions, so re-runs only apply NEW migrations. Returns `{ok}` so
+ * callers (especially `upgrade`) can abort cleanly when a migration
+ * fails BEFORE traffic shifts to the new revision.
+ */
+import { spinner } from "@clack/prompts";
+import { green, red } from "kleur/colors";
+import { gcloud } from "./gcloud.js";
+/**
+ * Resolve the running admin Cloud Run service's image + DB URLs +
+ * VPC config. Returns null on any failure; caller surfaces the error.
+ */
+async function readAdminConfig(opts) {
+    // Find the actual deployed service name (Pulumi appends a 7-char
+    // suffix; hardcoding the bare name 404s).
+    const list = await gcloud([
+        "run",
+        "services",
+        "list",
+        "--region",
+        opts.region,
+        "--project",
+        opts.projectId,
+        "--filter",
+        "metadata.name~^caelo-production-admin",
+        "--format=value(metadata.name)",
+    ]);
+    if (!list.ok)
+        return null;
+    const serviceName = list.stdout.trim().split("\n")[0]?.trim();
+    if (!serviceName)
+        return null;
+    const descr = await gcloud([
+        "run",
+        "services",
+        "describe",
+        serviceName,
+        "--region",
+        opts.region,
+        "--project",
+        opts.projectId,
+        "--format=json",
+    ]);
+    if (!descr.ok)
+        return null;
+    try {
+        const d = JSON.parse(descr.stdout);
+        const c = d.spec.template.spec.containers[0];
+        const imageRef = c?.image ?? "";
+        let adminUrl = "";
+        let publicUrl = "";
+        for (const e of c?.env ?? []) {
+            if (e.name === "ADMIN_DATABASE_URL")
+                adminUrl = e.value ?? "";
+            if (e.name === "PUBLIC_ADMIN_DATABASE_URL")
+                publicUrl = e.value ?? "";
+        }
+        let networkRef = "";
+        let subnetRef = "";
+        const niAnnotation = d.spec.template.metadata?.annotations?.["run.googleapis.com/network-interfaces"];
+        if (niAnnotation) {
+            try {
+                const parsed = JSON.parse(niAnnotation);
+                networkRef = parsed[0]?.network ?? "";
+                subnetRef = parsed[0]?.subnetwork ?? "";
+            }
+            catch {
+                // fall through
+            }
+        }
+        if (!networkRef || !subnetRef) {
+            const ni = d.spec.template.spec.vpcAccess?.networkInterfaces?.[0];
+            networkRef ||= ni?.network ?? "";
+            subnetRef ||= ni?.subnetwork ?? "";
+        }
+        if (!imageRef || !adminUrl || !publicUrl || !networkRef || !subnetRef)
+            return null;
+        return { imageRef, adminUrl, publicUrl, networkRef, subnetRef };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Run admin + public migrations against Cloud SQL. Returns `{ok}` so
+ * callers can decide what to do on failure (the wizard exits the
+ * process; upgrade aborts before rolling Cloud Run).
+ */
+export async function runMigrationsViaCloudRunJob(opts) {
+    const sAdmin = spinner();
+    sAdmin.start("Reading admin Cloud Run config for migration job...");
+    const cfg = await readAdminConfig(opts);
+    if (!cfg) {
+        sAdmin.stop(red("Couldn't resolve admin config — admin may not be deployed yet"));
+        return { ok: false, error: "admin-config-unresolved" };
+    }
+    sAdmin.stop(green(`Admin config resolved (${cfg.imageRef.slice(-19)})`));
+    for (const target of ["admin", "public"]) {
+        const s = spinner();
+        s.start(`Applying ${target} migrations via one-shot Cloud Run Job...`);
+        // Delete-then-create so each invocation runs with the freshest
+        // image + env (no stale job specs).
+        await gcloud([
+            "run",
+            "jobs",
+            "delete",
+            `caelo-migrate-${target}`,
+            "--region",
+            opts.region,
+            "--project",
+            opts.projectId,
+            "--quiet",
+        ]);
+        const create = await gcloud([
+            "run",
+            "jobs",
+            "create",
+            `caelo-migrate-${target}`,
+            `--image=${cfg.imageRef}`,
+            "--region",
+            opts.region,
+            "--project",
+            opts.projectId,
+            "--service-account",
+            `caelo-production-run-sa@${opts.projectId}.iam.gserviceaccount.com`,
+            "--network",
+            cfg.networkRef.split("/").pop() ?? cfg.networkRef,
+            "--subnet",
+            cfg.subnetRef.split("/").pop() ?? cfg.subnetRef,
+            "--vpc-egress=private-ranges-only",
+            "--command=bun",
+            `--args=--bun,/app/packages/migrations/src/migrate.ts,${target}`,
+            "--set-env-vars",
+            `ADMIN_DATABASE_URL=${cfg.adminUrl},PUBLIC_ADMIN_DATABASE_URL=${cfg.publicUrl}`,
+            "--max-retries=0",
+            "--task-timeout=10m",
+            "--quiet",
+        ]);
+        if (!create.ok) {
+            s.stop(red(`Job create failed: ${create.stderr.trim()}`));
+            return { ok: false, error: `migrate-${target}-create: ${create.stderr.trim()}` };
+        }
+        const exec = await gcloud([
+            "run",
+            "jobs",
+            "execute",
+            `caelo-migrate-${target}`,
+            "--region",
+            opts.region,
+            "--project",
+            opts.projectId,
+            "--wait",
+        ]);
+        if (!exec.ok) {
+            s.stop(red(`${target} migrations failed: ${exec.stderr.trim()}`));
+            return { ok: false, error: `migrate-${target}-exec: ${exec.stderr.trim()}` };
+        }
+        s.stop(green(`${target} migrations applied`));
+    }
+    return { ok: true };
+}
+//# sourceMappingURL=migration-runner.js.map

package/dist/migration-runner.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"migration-runner.js","sourceRoot":"","sources":["../src/migration-runner.ts"],"names":[],"mappings":"AAAA,mCAAmC;AAEnC;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AACzC,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAerC;;;GAGG;AACH,KAAK,UAAU,eAAe,CAAC,IAAyB;IACtD,iEAAiE;IACjE,0CAA0C;IAC1C,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC;QACxB,KAAK;QACL,UAAU;QACV,MAAM;QACN,UAAU;QACV,IAAI,CAAC,MAAM;QACX,WAAW;QACX,IAAI,CAAC,SAAS;QACd,UAAU;QACV,uCAAuC;QACvC,+BAA+B;KAChC,CAAC,CAAC;IACH,IAAI,CAAC,IAAI,CAAC,EAAE;QAAE,OAAO,IAAI,CAAC;IAC1B,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;IAC9D,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE9B,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC;QACzB,KAAK;QACL,UAAU;QACV,UAAU;QACV,WAAW;QACX,UAAU;QACV,IAAI,CAAC,MAAM;QACX,WAAW;QACX,IAAI,CAAC,SAAS;QACd,eAAe;KAChB,CAAC,CAAC;IACH,IAAI,CAAC,KAAK,CAAC,EAAE;QAAE,OAAO,IAAI,CAAC;IAE3B,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAUhC,CAAC;QACF,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC7C,MAAM,QAAQ,GAAG,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QAChC,IAAI,QAAQ,GAAG,EAAE,CAAC;QAClB,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,KAAK,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,IAAI,EAAE,EAAE,CAAC;YAC7B,IAAI,CAAC,CAAC,IAAI,KAAK,oBAAoB;gBAAE,QAAQ,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9D,IAAI,CAAC,CAAC,IAAI,KAAK,2BAA2B;gBAAE,SAAS,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACxE,CAAC;QACD,IAAI,UAAU,GAAG,EAAE,CAAC;QACpB,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,MAAM,YAAY,GAChB,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,WAAW,EAAE,CAAC,uCAAuC,CAAC,CAAC;QACnF,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAgD,CAAC;gBACvF,UAAU,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,OAAO,IAAI,EAAE,CAAC;gBACtC,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,UAAU,IAAI,EAAE,CAAC;YAC1C,CAAC;YAAC,MAAM,CAAC;gBACP,eAAe;YACjB,CAAC;QACH,CAAC;QACD,IAAI,CAAC,UAAU,IAAI,CAAC,SAAS,EAAE,CAAC;YAC9B,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,CAAC;YAClE,UAAU,KAAK,EAAE,EAAE,OAAO,IAAI,EAAE,CAAC;YACjC,SAAS,KAAK,EAAE,EAAE,UAAU,IAAI,EAAE,CAAC;QACrC,CAAC;QACD,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QACnF,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;IAClE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,IAAyB;IAEzB,MAAM,MAAM,GAAG,OAAO,EAAE,CAAC;IACzB,MAAM,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACpE,MAAM,GAAG,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC,CAAC;QAClF,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC;IACzD,CAAC;IACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,0BAA0B,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAEzE,KAAK,MAAM,MAAM,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAU,EAAE,CAAC;QAClD,MAAM,CAAC,GAAG,OAAO,EAAE,CAAC;QACpB,CAAC,CAAC,KAAK,CAAC,YAAY,MAAM,2CAA2C,CAAC,CAAC;QACvE,+DAA+D;QAC/D,oCAAoC;QACpC,MAAM,MAAM,CAAC;YACX,KAAK;YACL,MAAM;YACN,QAAQ;YACR,iBAAiB,MAAM,EAAE;YACzB,UAAU;YACV,IAAI,CAAC,MAAM;YACX,WAAW;YACX,IAAI,CAAC,SAAS;YACd,SAAS;SACV,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC;YAC1B,KAAK;YACL,MAAM;YACN,QAAQ;YACR,iBAAiB,MAAM,EAAE;YACzB,WAAW,GAAG,CAAC,QAAQ,EAAE;YACzB,UAAU;YACV,IAAI,CAAC,MAAM;YACX,WAAW;YACX,IAAI,CAAC,SAAS;YACd,mBAAmB;YACnB,2BAA2B,IAAI,CAAC,SAAS,0BAA0B;YACnE,WAAW;YACX,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,GAAG,CAAC,UAAU;YACjD,UAAU;YACV,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,GAAG,CAAC,SAAS;YAC/C,kCAAkC;YAClC,eAAe;YACf,wDAAwD,MAAM,EAAE;YAChE,gBAAgB;YAChB,sBAAsB,GAAG,CAAC,QAAQ,8BAA8B,GAAG,CAAC,SAAS,EAAE;YAC/E,iBAAiB;YACjB,oBAAoB;YACpB,SAAS;SACV,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,sBAAsB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;YAC1D,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,MAAM,YAAY,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC;QACnF,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC;YACxB,KAAK;YACL,MAAM;YACN,SAAS;YACT,iBAAiB,MAAM,EAAE;YACzB,UAAU;YACV,IAAI,CAAC,MAAM;YACX,WAAW;YACX,IAAI,CAAC,SAAS;YACd,QAAQ;SACT,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,uBAAuB,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;YAClE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,MAAM,UAAU,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC;QAC/E,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,MAAM,qBAAqB,CAAC,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AACtB,CAAC"}

package/dist/redirects-emit.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"redirects-emit.d.ts","sourceRoot":"","sources":["../src/redirects-emit.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;GAYG;AAEH,MAAM,MAAM,kBAAkB,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAEvD,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,UAAU,EAAE,kBAAkB,CAAC;CACzC;~~AA0BD~~;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,aAAa,CAAC,WAAW,CAAC,GAAG,MAAM,CAKhF;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;CAC/B;AAED,wBAAgB,uBAAuB,CACrC,IAAI,EAAE,aAAa,CAAC,WAAW,CAAC,GAC/B,0BAA0B,CAwB5B;AAED;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC;QACjC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;QAC5B,QAAQ,CAAC,UAAU,EAAE;YACnB,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;YAC3B,QAAQ,CAAC,WAAW,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;SAC7C,CAAC;KACH,CAAC,CAAC;IACH,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;QAC9B,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC;QAC7B,QAAQ,CAAC,UAAU,EAAE;YACnB,QAAQ,CAAC,YAAY,EAAE,OAAO,GAAG,OAAO,GAAG,mBAAmB,GAAG,mBAAmB,CAAC;YACrF,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;SAClC,CAAC;KACH,CAAC,CAAC;CACJ;AAED,wBAAgB,2BAA2B,CACzC,IAAI,EAAE,aAAa,CAAC,WAAW,CAAC,GAC/B,aAAa,CAAC,aAAa,CAAC,CAqB9B"}
1	+ {"version":3,"file":"redirects-emit.d.ts","sourceRoot":"","sources":["../src/redirects-emit.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;GAYG;AAEH,MAAM,MAAM,kBAAkB,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAEvD,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,UAAU,EAAE,kBAAkB,CAAC;CACzC;AA6BD;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,aAAa,CAAC,WAAW,CAAC,GAAG,MAAM,CAKhF;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;CAC/B;AAED,wBAAgB,uBAAuB,CACrC,IAAI,EAAE,aAAa,CAAC,WAAW,CAAC,GAC/B,0BAA0B,CAwB5B;AAED;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC;QACjC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;QAC5B,QAAQ,CAAC,UAAU,EAAE;YACnB,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;YAC3B,QAAQ,CAAC,WAAW,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;SAC7C,CAAC;KACH,CAAC,CAAC;IACH,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;QAC9B,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC;QAC7B,QAAQ,CAAC,UAAU,EAAE;YACnB,QAAQ,CAAC,YAAY,EAAE,OAAO,GAAG,OAAO,GAAG,mBAAmB,GAAG,mBAAmB,CAAC;YACrF,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;SAClC,CAAC;KACH,CAAC,CAAC;CACJ;AAED,wBAAgB,2BAA2B,CACzC,IAAI,EAAE,aAAa,CAAC,WAAW,CAAC,GAC/B,aAAa,CAAC,aAAa,CAAC,CAqB9B"}

package/dist/redirects-emit.js CHANGED Viewed

@@ -9,7 +9,10 @@
  * defend their own contract.
  */
 function assertPathClean(label, path) {
-    if (/[\s\x00-\x1f]/.test(path)) {
+    // \p{Cc} matches the Unicode control category (U+0000–U+001F + U+007F–U+009F);
+    // the linter rejects literal \x00-\x1f ranges in regex, but the intent — defending
+    // emitter contracts against control chars — is the explicit reason for this check.
+    if (/[\s\p{Cc}]/u.test(path)) {
         throw new Error(`redirects-emit: ${label}=${JSON.stringify(path)} contains whitespace or control chars; reject upstream`);
     }
 }

package/dist/redirects-emit.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"redirects-emit.js","sourceRoot":"","sources":["../src/redirects-emit.ts"],"names":[],"mappings":"AAAA,mCAAmC;AAwBnC;;;;;;;;GAQG;AACH,SAAS,eAAe,CAAC,KAA4B,EAAE,IAAY;IACjE,IAAI,~~eAAe~~,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;~~QAC/B~~,MAAM,IAAI,KAAK,CACb,mBAAmB,KAAK,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,wDAAwD,CACzG,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,IAAgC;IACvD,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,eAAe,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;QACxC,eAAe,CAAC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IACtC,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAAgC;IACtE,eAAe,CAAC,IAAI,CAAC,CAAC;IACtB,MAAM,MAAM,GAAG,iEAAiE,CAAC;IACjF,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC;IAC3E,OAAO,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AACnE,CAAC;AAeD,MAAM,UAAU,uBAAuB,CACrC,IAAgC;IAEhC,eAAe,CAAC,IAAI,CAAC,CAAC;IACtB,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAC/B,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,EAC1F,IAAI,EACJ,CAAC,CACF,CAAC;IACF,oEAAoE;IACpE,oEAAoE;IACpE,MAAM,YAAY,GAAG;;;;;;;;;;;;;GAapB,CAAC;IACF,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,CAAC;AACtC,CAAC;AA2BD,MAAM,UAAU,2BAA2B,CACzC,IAAgC;IAEhC,eAAe,CAAC,IAAI,CAAC,CAAC;IACtB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACzB,IAAI,EAAE,YAAY,CAAC,GAAG,CAAC,EAAE;QACzB,KAAK,EAAE,CAAC,GAAG,CAAC;QACZ,UAAU,EAAE;YACV;gBACE,IAAI,EAAE,YAAqB;gBAC3B,UAAU,EAAE,EAAE,QAAQ,EAAE,OAAgB,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE;aACtE;SACF;QACD,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,aAAsB;gBAC5B,UAAU,EAAE;oBACV,YAAY,EAAE,iBAAiB,CAAC,CAAC,CAAC,UAAU,CAAC;oBAC7C,eAAe,EAAE,CAAC,CAAC,MAAM;iBAC1B;aACF;SACF;KACF,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,iBAAiB,CACxB,MAA0B;IAE1B,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,GAAG;YACN,OAAO,OAAO,CAAC;QACjB,KAAK,GAAG;YACN,OAAO,OAAO,CAAC;QACjB,KAAK,GAAG;YACN,OAAO,mBAAmB,CAAC;QAC7B,KAAK,GAAG;YACN,OAAO,mBAAmB,CAAC;IAC/B,CAAC;AACH,CAAC"}
1	+ {"version":3,"file":"redirects-emit.js","sourceRoot":"","sources":["../src/redirects-emit.ts"],"names":[],"mappings":"AAAA,mCAAmC;AAwBnC;;;;;;;;GAQG;AACH,SAAS,eAAe,CAAC,KAA4B,EAAE,IAAY;IACjE,+EAA+E;IAC/E,mFAAmF;IACnF,mFAAmF;IACnF,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CACb,mBAAmB,KAAK,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,wDAAwD,CACzG,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,IAAgC;IACvD,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,eAAe,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;QACxC,eAAe,CAAC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IACtC,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAAgC;IACtE,eAAe,CAAC,IAAI,CAAC,CAAC;IACtB,MAAM,MAAM,GAAG,iEAAiE,CAAC;IACjF,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC;IAC3E,OAAO,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AACnE,CAAC;AAeD,MAAM,UAAU,uBAAuB,CACrC,IAAgC;IAEhC,eAAe,CAAC,IAAI,CAAC,CAAC;IACtB,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAC/B,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,EAC1F,IAAI,EACJ,CAAC,CACF,CAAC;IACF,oEAAoE;IACpE,oEAAoE;IACpE,MAAM,YAAY,GAAG;;;;;;;;;;;;;GAapB,CAAC;IACF,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,CAAC;AACtC,CAAC;AA2BD,MAAM,UAAU,2BAA2B,CACzC,IAAgC;IAEhC,eAAe,CAAC,IAAI,CAAC,CAAC;IACtB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACzB,IAAI,EAAE,YAAY,CAAC,GAAG,CAAC,EAAE;QACzB,KAAK,EAAE,CAAC,GAAG,CAAC;QACZ,UAAU,EAAE;YACV;gBACE,IAAI,EAAE,YAAqB;gBAC3B,UAAU,EAAE,EAAE,QAAQ,EAAE,OAAgB,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE;aACtE;SACF;QACD,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,aAAsB;gBAC5B,UAAU,EAAE;oBACV,YAAY,EAAE,iBAAiB,CAAC,CAAC,CAAC,UAAU,CAAC;oBAC7C,eAAe,EAAE,CAAC,CAAC,MAAM;iBAC1B;aACF;SACF;KACF,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,iBAAiB,CACxB,MAA0B;IAE1B,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,GAAG;YACN,OAAO,OAAO,CAAC;QACjB,KAAK,GAAG;YACN,OAAO,OAAO,CAAC;QACjB,KAAK,GAAG;YACN,OAAO,mBAAmB,CAAC;QAC7B,KAAK,GAAG;YACN,OAAO,mBAAmB,CAAC;IAC/B,CAAC;AACH,CAAC"}

package/dist/wizard.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+/**
+ * `bunx @caelo-cms/provisioning` — interactive wizard.
+ *
+ * Per CLAUDE.md §11.C, this is the primary surface OSS users interact
+ * with: one command, end-to-end, < 20 min, on the user's own cloud.
+ *
+ * Top-level shape:
+ *   1. Pick provider (gcp / aws / azure / self-hosted)
+ *   2. Detect existing install at `~/.caelo-<id>/` and offer to resume
+ *   3. Prompt for the few inputs the provider needs (domain, owner email,
+ *      project id, Anthropic key — input-hidden)
+ *   4. Show cost estimate + final confirm
+ *   5. Delegate to the provider-specific wizard which handles project
+ *      bootstrap → Pulumi up → DNS → cert → IAP enable → bootstrap URL
+ *
+ * Each provider wizard is a separate file under `wizards/<provider>.ts`
+ * so adding a new provider is one new file, not a sprawling switch.
+ */
+import { spinner } from "@clack/prompts";
+import { type Provider } from "./install-state.js";
+export interface WizardOptions {
+    /** Skip prompts; require all inputs via flags. CI-friendly. */
+    nonInteractive?: boolean;
+    /** Pre-supplied provider — skips the picker. */
+    provider?: Provider;
+    /** Pre-supplied domain — skips the prompt. */
+    domain?: string;
+    /** Pre-supplied owner email — skips the prompt. */
+    ownerEmail?: string;
+    /** Pre-supplied GCP project id — skips the prompt for gcp. */
+    projectId?: string;
+}
+export declare function runWizard(opts?: WizardOptions): Promise<void>;
+export { spinner };
+//# sourceMappingURL=wizard.d.ts.map

package/dist/wizard.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"wizard.d.ts","sourceRoot":"","sources":["../src/wizard.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAmD,OAAO,EAAQ,MAAM,gBAAgB,CAAC;AAEhG,OAAO,EAGL,KAAK,QAAQ,EAGd,MAAM,oBAAoB,CAAC;AAG5B,MAAM,WAAW,aAAa;IAC5B,+DAA+D;IAC/D,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gDAAgD;IAChD,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,8CAA8C;IAC9C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,mDAAmD;IACnD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8DAA8D;IAC9D,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,wBAAsB,SAAS,CAAC,IAAI,GAAE,aAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CAyEvE;AA0ED,OAAO,EAAE,OAAO,EAAE,CAAC"}

package/dist/wizard.js ADDED Viewed

@@ -0,0 +1,160 @@
+// SPDX-License-Identifier: MPL-2.0
+/**
+ * `bunx @caelo-cms/provisioning` — interactive wizard.
+ *
+ * Per CLAUDE.md §11.C, this is the primary surface OSS users interact
+ * with: one command, end-to-end, < 20 min, on the user's own cloud.
+ *
+ * Top-level shape:
+ *   1. Pick provider (gcp / aws / azure / self-hosted)
+ *   2. Detect existing install at `~/.caelo-<id>/` and offer to resume
+ *   3. Prompt for the few inputs the provider needs (domain, owner email,
+ *      project id, Anthropic key — input-hidden)
+ *   4. Show cost estimate + final confirm
+ *   5. Delegate to the provider-specific wizard which handles project
+ *      bootstrap → Pulumi up → DNS → cert → IAP enable → bootstrap URL
+ *
+ * Each provider wizard is a separate file under `wizards/<provider>.ts`
+ * so adding a new provider is one new file, not a sprawling switch.
+ */
+import { cancel, confirm, intro, isCancel, outro, select, spinner, text } from "@clack/prompts";
+import { bold, cyan, dim } from "kleur/colors";
+import { deriveInstallId, ensureInstallDir, readMetadata, writeMetadata, } from "./install-state.js";
+import { runGcpWizard } from "./wizards/gcp.js";
+export async function runWizard(opts = {}) {
+    intro(bold(cyan("Caelo CMS provisioner")) + dim(" — one-command deploy"));
+    // 1. Provider — pre-supplied via flag OR picker.
+    const provider = opts.provider ?? (await pickProvider());
+    // 2. Common inputs the provider wizard always needs. Provider-specific
+    //    inputs (GCP project id, AWS region, etc.) are prompted inside the
+    //    per-provider wizard.
+    const domain = opts.domain ?? (await promptDomain());
+    const ownerEmail = opts.ownerEmail ?? (await promptOwnerEmail());
+    // 3. Per-install state directory + resume detection. The install id is
+    //    derived from (provider, projectId-or-domain) so re-runs land here.
+    //    For GCP we don't have the project id yet (it's the next prompt);
+    //    use domain as the seed, then rewrite metadata once project id is
+    //    set in the GCP wizard.
+    const installId = deriveInstallId(provider, opts.projectId ?? domain);
+    ensureInstallDir(installId);
+    const existing = readMetadata(installId);
+    if (existing && !opts.nonInteractive) {
+        const resume = await confirm({
+            message: `Existing install '${installId}' detected (created ${dim(existing.createdAt)}). Resume?`,
+            initialValue: true,
+        });
+        if (isCancel(resume)) {
+            cancel("Cancelled.");
+            process.exit(0);
+        }
+        if (!resume) {
+            cancel(`Aborted. Run with a different domain or remove ~/.caelo-${installId}/ first.`);
+            process.exit(0);
+        }
+    }
+    else {
+        writeMetadata(installId, {
+            installId,
+            provider,
+            projectId: opts.projectId ?? null,
+            domain,
+            ownerEmail,
+            region: null,
+            createdAt: new Date().toISOString(),
+        });
+    }
+    // 4. Delegate to the provider-specific wizard.
+    switch (provider) {
+        case "gcp":
+            await runGcpWizard({
+                installId,
+                domain,
+                ownerEmail,
+                projectId: opts.projectId ?? null,
+                nonInteractive: opts.nonInteractive ?? false,
+            });
+            break;
+        case "self-hosted":
+            cancel("Self-hosted wizard is the existing `cms-provision init` flow. Run `bunx @caelo-cms/provisioning init --domain ... --owner-email ...` for now; wizard polish lands in a follow-up commit.");
+            process.exit(0);
+            break;
+        case "aws":
+        case "azure":
+            cancel(`${provider.toUpperCase()} provider wizard not yet implemented. GCP is the first cloud target; AWS + Azure follow the same shape and land in upcoming commits.`);
+            process.exit(0);
+            break;
+    }
+    outro(bold("Done. Welcome to Caelo CMS."));
+}
+async function pickProvider() {
+    const choice = await select({
+        message: "Where do you want to deploy?",
+        options: [
+            {
+                value: "gcp",
+                label: "Google Cloud Platform",
+                hint: "Cloud Run + Cloud SQL + Cloud Storage + Cloud CDN. Default for v0.1.",
+            },
+            {
+                value: "self-hosted",
+                label: "Self-hosted (Docker Compose)",
+                hint: "Single Linux box. Postgres + Caddy + the admin + the gateway.",
+            },
+            {
+                value: "aws",
+                label: "Amazon Web Services",
+                hint: "Lambda + RDS + S3 + CloudFront. Lands in a follow-up commit.",
+            },
+            {
+                value: "azure",
+                label: "Microsoft Azure",
+                hint: "Container Apps + Azure DB + Blob + Front Door. Lands in a follow-up commit.",
+            },
+        ],
+    });
+    if (isCancel(choice)) {
+        cancel("Cancelled.");
+        process.exit(0);
+    }
+    return choice;
+}
+async function promptDomain() {
+    const value = await text({
+        message: "Domain you'd like to use",
+        placeholder: "mysite.com",
+        validate: (v) => {
+            if (!v || v.length === 0)
+                return "Domain is required";
+            if (!/^[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?(?:\.[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?)+$/.test(v)) {
+                return "Looks like an invalid domain (e.g. mysite.com)";
+            }
+            return undefined;
+        },
+    });
+    if (isCancel(value)) {
+        cancel("Cancelled.");
+        process.exit(0);
+    }
+    return value;
+}
+async function promptOwnerEmail() {
+    const value = await text({
+        message: "Owner email (you'll be the IAP allowlisted Owner; can add more later)",
+        placeholder: "you@example.com",
+        validate: (v) => {
+            if (!v || v.length === 0)
+                return "Email is required";
+            if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(v))
+                return "Looks like an invalid email";
+            return undefined;
+        },
+    });
+    if (isCancel(value)) {
+        cancel("Cancelled.");
+        process.exit(0);
+    }
+    return value;
+}
+// Re-export the spinner factory so per-provider wizards use a consistent UX.
+export { spinner };
+//# sourceMappingURL=wizard.js.map

package/dist/wizard.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"wizard.js","sourceRoot":"","sources":["../src/wizard.ts"],"names":[],"mappings":"AAAA,mCAAmC;AAEnC;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAChG,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAC/C,OAAO,EACL,eAAe,EACf,gBAAgB,EAEhB,YAAY,EACZ,aAAa,GACd,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAehD,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,OAAsB,EAAE;IACtD,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,GAAG,GAAG,CAAC,uBAAuB,CAAC,CAAC,CAAC;IAE1E,iDAAiD;IACjD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,YAAY,EAAE,CAAC,CAAC;IAEzD,uEAAuE;IACvE,uEAAuE;IACvE,0BAA0B;IAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,YAAY,EAAE,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,CAAC,MAAM,gBAAgB,EAAE,CAAC,CAAC;IAEjE,uEAAuE;IACvE,wEAAwE;IACxE,sEAAsE;IACtE,sEAAsE;IACtE,4BAA4B;IAC5B,MAAM,SAAS,GAAG,eAAe,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;IACtE,gBAAgB,CAAC,SAAS,CAAC,CAAC;IAE5B,MAAM,QAAQ,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;IACzC,IAAI,QAAQ,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC;YAC3B,OAAO,EAAE,qBAAqB,SAAS,uBAAuB,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,YAAY;YACjG,YAAY,EAAE,IAAI;SACnB,CAAC,CAAC;QACH,IAAI,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACrB,MAAM,CAAC,YAAY,CAAC,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,2DAA2D,SAAS,UAAU,CAAC,CAAC;YACvF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,aAAa,CAAC,SAAS,EAAE;YACvB,SAAS;YACT,QAAQ;YACR,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,IAAI;YACjC,MAAM;YACN,UAAU;YACV,MAAM,EAAE,IAAI;YACZ,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;IAED,+CAA+C;IAC/C,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,KAAK;YACR,MAAM,YAAY,CAAC;gBACjB,SAAS;gBACT,MAAM;gBACN,UAAU;gBACV,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,IAAI;gBACjC,cAAc,EAAE,IAAI,CAAC,cAAc,IAAI,KAAK;aAC7C,CAAC,CAAC;YACH,MAAM;QACR,KAAK,aAAa;YAChB,MAAM,CACJ,0LAA0L,CAC3L,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,MAAM;QACR,KAAK,KAAK,CAAC;QACX,KAAK,OAAO;YACV,MAAM,CACJ,GAAG,QAAQ,CAAC,WAAW,EAAE,sIAAsI,CAChK,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,MAAM;IACV,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED,KAAK,UAAU,YAAY;IACzB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAW;QACpC,OAAO,EAAE,8BAA8B;QACvC,OAAO,EAAE;YACP;gBACE,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,uBAAuB;gBAC9B,IAAI,EAAE,sEAAsE;aAC7E;YACD;gBACE,KAAK,EAAE,aAAa;gBACpB,KAAK,EAAE,8BAA8B;gBACrC,IAAI,EAAE,+DAA+D;aACtE;YACD;gBACE,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,qBAAqB;gBAC5B,IAAI,EAAE,8DAA8D;aACrE;YACD;gBACE,KAAK,EAAE,OAAO;gBACd,KAAK,EAAE,iBAAiB;gBACxB,IAAI,EAAE,6EAA6E;aACpF;SACF;KACF,CAAC,CAAC;IACH,IAAI,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACrB,MAAM,CAAC,YAAY,CAAC,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,MAAkB,CAAC;AAC5B,CAAC;AAED,KAAK,UAAU,YAAY;IACzB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC;QACvB,OAAO,EAAE,0BAA0B;QACnC,WAAW,EAAE,YAAY;QACzB,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE;YACd,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,oBAAoB,CAAC;YACtD,IACE,CAAC,mFAAmF,CAAC,IAAI,CAAC,CAAC,CAAC,EAC5F,CAAC;gBACD,OAAO,gDAAgD,CAAC;YAC1D,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;KACF,CAAC,CAAC;IACH,IAAI,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACpB,MAAM,CAAC,YAAY,CAAC,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,KAAe,CAAC;AACzB,CAAC;AAED,KAAK,UAAU,gBAAgB;IAC7B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC;QACvB,OAAO,EAAE,uEAAuE;QAChF,WAAW,EAAE,iBAAiB;QAC9B,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE;YACd,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,mBAAmB,CAAC;YACrD,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC;gBAAE,OAAO,6BAA6B,CAAC;YAChF,OAAO,SAAS,CAAC;QACnB,CAAC;KACF,CAAC,CAAC;IACH,IAAI,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACpB,MAAM,CAAC,YAAY,CAAC,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,KAAe,CAAC;AACzB,CAAC;AAED,6EAA6E;AAC7E,OAAO,EAAE,OAAO,EAAE,CAAC"}

package/dist/wizards/gcp-cost.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+/**
+ * Per-resource static price table for the GCP stack — used by the
+ * wizard's pre-flight cost estimate. Prices are EUR/USD per month at
+ * `europe-west1` list rates as of 2026-05; ship updates with each
+ * Caelo release.
+ *
+ * The estimate is intentionally OVER-conservative — it shows the
+ * floor cost (idle + scale-to-zero traffic). Real usage adds egress
+ * + AI calls + storage growth on top.
+ */
+export interface CostLine {
+    name: string;
+    monthlyUsd: number;
+    notes?: string;
+}
+export interface CostEstimateInputs {
+    cloudSqlTier: string;
+    cloudSqlHa: boolean;
+    adminMinInstances: number;
+    gatewayMinInstances: number;
+    wafAdaptiveProtection: boolean;
+}
+export declare function estimateGcpCost(inputs: CostEstimateInputs): {
+    lines: CostLine[];
+    totalUsd: number;
+};
+//# sourceMappingURL=gcp-cost.d.ts.map

package/dist/wizards/gcp-cost.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"gcp-cost.d.ts","sourceRoot":"","sources":["../../src/wizards/gcp-cost.ts"],"names":[],"mappings":"AAEA;;;;;;;;;GASG;AAEH,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,OAAO,CAAC;IACpB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,qBAAqB,EAAE,OAAO,CAAC;CAChC;AAgBD,wBAAgB,eAAe,CAAC,MAAM,EAAE,kBAAkB,GAAG;IAC3D,KAAK,EAAE,QAAQ,EAAE,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAiEA"}

package/dist/wizards/gcp-cost.js ADDED Viewed

@@ -0,0 +1,77 @@
+// SPDX-License-Identifier: MPL-2.0
+const SQL_TIER_USD = {
+    // Shared-core legacy tiers, ENTERPRISE edition
+    "db-f1-micro": 9.5,
+    "db-g1-small": 30,
+    // Per-N tiers (ENTERPRISE_PLUS only)
+    "db-perf-optimized-N-2": 50,
+    "db-perf-optimized-N-4": 95,
+    "db-perf-optimized-N-8": 180,
+    // Custom-machine fallback (rough)
+    "db-custom-1-3840": 35,
+    "db-custom-2-7680": 65,
+    "db-custom-4-15360": 130,
+};
+export function estimateGcpCost(inputs) {
+    const sqlBase = SQL_TIER_USD[inputs.cloudSqlTier] ?? 30;
+    const sqlMultiplier = inputs.cloudSqlHa ? 2.0 : 1.0;
+    const sqlMonthly = Math.round(sqlBase * sqlMultiplier);
+    const lines = [
+        {
+            name: `Cloud SQL Postgres (${inputs.cloudSqlTier}${inputs.cloudSqlHa ? ", HA" : ""})`,
+            monthlyUsd: sqlMonthly,
+            notes: inputs.cloudSqlHa
+                ? "REGIONAL availability (synchronous replica)"
+                : "ZONAL — single zone, automated backups",
+        },
+        {
+            name: "Cloud Run admin",
+            monthlyUsd: inputs.adminMinInstances === 0 ? 1 : 1 + inputs.adminMinInstances * 15,
+            notes: inputs.adminMinInstances === 0
+                ? "scale-to-zero; ~$1/mo light editorial use"
+                : `${inputs.adminMinInstances} min-instance${inputs.adminMinInstances > 1 ? "s" : ""} (no cold start)`,
+        },
+        {
+            name: "Cloud Run gateway",
+            monthlyUsd: inputs.gatewayMinInstances === 0 ? 1 : 1 + inputs.gatewayMinInstances * 15,
+            notes: inputs.gatewayMinInstances === 0
+                ? "scale-to-zero; ~$1/mo light traffic"
+                : `${inputs.gatewayMinInstances} min-instance${inputs.gatewayMinInstances > 1 ? "s" : ""}`,
+        },
+        {
+            name: "Load balancer + managed SSL cert",
+            monthlyUsd: 18,
+            notes: "Global LB base fee + cert (free) — flat",
+        },
+        {
+            name: "Cloud Storage (static + media)",
+            monthlyUsd: 1,
+            notes: "~5 GB storage + low egress; growth roughly $0.02/GB",
+        },
+        {
+            name: "Cloud CDN cache",
+            monthlyUsd: 1,
+            notes: "Free egress at edge cache hits",
+        },
+        {
+            name: "Cloud Armor WAF",
+            monthlyUsd: inputs.wafAdaptiveProtection ? 5 : 0,
+            notes: inputs.wafAdaptiveProtection
+                ? "Adaptive protection (ML-based bot mitigation)"
+                : "Free tier — rate limit + OWASP basic rules",
+        },
+        {
+            name: "Secret Manager (5 secrets)",
+            monthlyUsd: 0,
+            notes: "Free tier",
+        },
+        {
+            name: "BigQuery edge log sink",
+            monthlyUsd: 0,
+            notes: "Free tier — pay only on >1 TB/mo query",
+        },
+    ];
+    const totalUsd = lines.reduce((sum, l) => sum + l.monthlyUsd, 0);
+    return { lines, totalUsd };
+}
+//# sourceMappingURL=gcp-cost.js.map

package/dist/wizards/gcp-cost.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"gcp-cost.js","sourceRoot":"","sources":["../../src/wizards/gcp-cost.ts"],"names":[],"mappings":"AAAA,mCAAmC;AA2BnC,MAAM,YAAY,GAA2B;IAC3C,+CAA+C;IAC/C,aAAa,EAAE,GAAG;IAClB,aAAa,EAAE,EAAE;IACjB,qCAAqC;IACrC,uBAAuB,EAAE,EAAE;IAC3B,uBAAuB,EAAE,EAAE;IAC3B,uBAAuB,EAAE,GAAG;IAC5B,kCAAkC;IAClC,kBAAkB,EAAE,EAAE;IACtB,kBAAkB,EAAE,EAAE;IACtB,mBAAmB,EAAE,GAAG;CACzB,CAAC;AAEF,MAAM,UAAU,eAAe,CAAC,MAA0B;IAIxD,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;IACxD,MAAM,aAAa,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IACpD,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,aAAa,CAAC,CAAC;IAEvD,MAAM,KAAK,GAAe;QACxB;YACE,IAAI,EAAE,uBAAuB,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG;YACrF,UAAU,EAAE,UAAU;YACtB,KAAK,EAAE,MAAM,CAAC,UAAU;gBACtB,CAAC,CAAC,6CAA6C;gBAC/C,CAAC,CAAC,wCAAwC;SAC7C;QACD;YACE,IAAI,EAAE,iBAAiB;YACvB,UAAU,EAAE,MAAM,CAAC,iBAAiB,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,iBAAiB,GAAG,EAAE;YAClF,KAAK,EACH,MAAM,CAAC,iBAAiB,KAAK,CAAC;gBAC5B,CAAC,CAAC,2CAA2C;gBAC7C,CAAC,CAAC,GAAG,MAAM,CAAC,iBAAiB,gBAAgB,MAAM,CAAC,iBAAiB,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,kBAAkB;SAC3G;QACD;YACE,IAAI,EAAE,mBAAmB;YACzB,UAAU,EAAE,MAAM,CAAC,mBAAmB,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,mBAAmB,GAAG,EAAE;YACtF,KAAK,EACH,MAAM,CAAC,mBAAmB,KAAK,CAAC;gBAC9B,CAAC,CAAC,qCAAqC;gBACvC,CAAC,CAAC,GAAG,MAAM,CAAC,mBAAmB,gBAAgB,MAAM,CAAC,mBAAmB,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;SAC/F;QACD;YACE,IAAI,EAAE,kCAAkC;YACxC,UAAU,EAAE,EAAE;YACd,KAAK,EAAE,yCAAyC;SACjD;QACD;YACE,IAAI,EAAE,gCAAgC;YACtC,UAAU,EAAE,CAAC;YACb,KAAK,EAAE,qDAAqD;SAC7D;QACD;YACE,IAAI,EAAE,iBAAiB;YACvB,UAAU,EAAE,CAAC;YACb,KAAK,EAAE,gCAAgC;SACxC;QACD;YACE,IAAI,EAAE,iBAAiB;YACvB,UAAU,EAAE,MAAM,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAChD,KAAK,EAAE,MAAM,CAAC,qBAAqB;gBACjC,CAAC,CAAC,+CAA+C;gBACjD,CAAC,CAAC,4CAA4C;SACjD;QACD;YACE,IAAI,EAAE,4BAA4B;YAClC,UAAU,EAAE,CAAC;YACb,KAAK,EAAE,WAAW;SACnB;QACD;YACE,IAAI,EAAE,wBAAwB;YAC9B,UAAU,EAAE,CAAC;YACb,KAAK,EAAE,wCAAwC;SAChD;KACF,CAAC;IAEF,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IACjE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AAC7B,CAAC"}

package/dist/wizards/gcp-pulumi.d.ts ADDED Viewed

@@ -0,0 +1,37 @@
+export interface PulumiUpInputs {
+    installId: string;
+    installRoot: string;
+    secretsDir: string;
+    projectId: string;
+    domain: string;
+    ownerEmail: string;
+    region: string;
+    saKeyPath: string;
+    pulumiPassphrase: string;
+    anthropicApiKey: string;
+    cloudSqlTier: string;
+    cloudSqlHa: boolean;
+    adminMinInstances: number;
+    gatewayMinInstances: number;
+    wafAdaptiveProtection: boolean;
+    iapAllowlist: string[];
+    /** Resolved sha256 digests per service (admin, gateway). The wizard
+     *  pre-resolves the floating `:main` tag to a fixed digest so each
+     *  pulumi up rolls Cloud Run to the freshest published image. */
+    imageDigests: Record<string, string>;
+}
+export interface PulumiUpResult {
+    outputs: Record<string, unknown>;
+    resourceCount: {
+        created: number;
+        updated: number;
+        deleted: number;
+    };
+}
+/**
+ * Run `pulumi up` against the GCP stack via the Automation SDK.
+ * Streams resource-create events to the supplied onEvent callback so
+ * the wizard can render a live progress bar.
+ */
+export declare function pulumiUpGcp(inputs: PulumiUpInputs, onEvent: (kind: "resource" | "error" | "log", message: string) => void): Promise<PulumiUpResult>;
+//# sourceMappingURL=gcp-pulumi.d.ts.map

package/dist/wizards/gcp-pulumi.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"gcp-pulumi.d.ts","sourceRoot":"","sources":["../../src/wizards/gcp-pulumi.ts"],"names":[],"mappings":"AAeA,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,OAAO,CAAC;IACpB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB;;qEAEiE;IACjE,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,aAAa,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CACtE;AAeD;;;;GAIG;AACH,wBAAsB,WAAW,CAC/B,MAAM,EAAE,cAAc,EACtB,OAAO,EAAE,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,GAAG,KAAK,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,GACrE,OAAO,CAAC,cAAc,CAAC,CAmFzB"}