npm - @cicore/cli - Versions diffs - 1.0.0 - Mend

@cicore/cli 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (337) hide show

package/bin/ci.js +13 -0
package/dist/commands/addon/api-actions.d.ts +45 -0
package/dist/commands/addon/api-actions.d.ts.map +1 -0
package/dist/commands/addon/api-actions.js +281 -0
package/dist/commands/addon/api-actions.js.map +1 -0
package/dist/commands/addon/build.d.ts +11 -0
package/dist/commands/addon/build.d.ts.map +1 -0
package/dist/commands/addon/build.js +182 -0
package/dist/commands/addon/build.js.map +1 -0
package/dist/commands/addon/create.d.ts +11 -0
package/dist/commands/addon/create.d.ts.map +1 -0
package/dist/commands/addon/create.js +1186 -0
package/dist/commands/addon/create.js.map +1 -0
package/dist/commands/addon/delete.d.ts +13 -0
package/dist/commands/addon/delete.d.ts.map +1 -0
package/dist/commands/addon/delete.js +83 -0
package/dist/commands/addon/delete.js.map +1 -0
package/dist/commands/addon/deploy.d.ts +27 -0
package/dist/commands/addon/deploy.d.ts.map +1 -0
package/dist/commands/addon/deploy.js +459 -0
package/dist/commands/addon/deploy.js.map +1 -0
package/dist/commands/addon/dev-deploy.d.ts +31 -0
package/dist/commands/addon/dev-deploy.d.ts.map +1 -0
package/dist/commands/addon/dev-deploy.js +128 -0
package/dist/commands/addon/dev-deploy.js.map +1 -0
package/dist/commands/addon/dev.d.ts +36 -0
package/dist/commands/addon/dev.d.ts.map +1 -0
package/dist/commands/addon/dev.js +323 -0
package/dist/commands/addon/dev.js.map +1 -0
package/dist/commands/addon/extract-classes.d.ts +23 -0
package/dist/commands/addon/extract-classes.d.ts.map +1 -0
package/dist/commands/addon/extract-classes.js +281 -0
package/dist/commands/addon/extract-classes.js.map +1 -0
package/dist/commands/addon/generate-safelist.d.ts +24 -0
package/dist/commands/addon/generate-safelist.d.ts.map +1 -0
package/dist/commands/addon/generate-safelist.js +276 -0
package/dist/commands/addon/generate-safelist.js.map +1 -0
package/dist/commands/addon/index.d.ts +19 -0
package/dist/commands/addon/index.d.ts.map +1 -0
package/dist/commands/addon/index.js +296 -0
package/dist/commands/addon/index.js.map +1 -0
package/dist/commands/addon/init-repo.d.ts +25 -0
package/dist/commands/addon/init-repo.d.ts.map +1 -0
package/dist/commands/addon/init-repo.js +171 -0
package/dist/commands/addon/init-repo.js.map +1 -0
package/dist/commands/addon/install.d.ts +23 -0
package/dist/commands/addon/install.d.ts.map +1 -0
package/dist/commands/addon/install.js +84 -0
package/dist/commands/addon/install.js.map +1 -0
package/dist/commands/addon/list.d.ts +10 -0
package/dist/commands/addon/list.d.ts.map +1 -0
package/dist/commands/addon/list.js +102 -0
package/dist/commands/addon/list.js.map +1 -0
package/dist/commands/addon/manifest-refresh.d.ts +17 -0
package/dist/commands/addon/manifest-refresh.d.ts.map +1 -0
package/dist/commands/addon/manifest-refresh.js +48 -0
package/dist/commands/addon/manifest-refresh.js.map +1 -0
package/dist/commands/addon/migrate.d.ts +40 -0
package/dist/commands/addon/migrate.d.ts.map +1 -0
package/dist/commands/addon/migrate.js +236 -0
package/dist/commands/addon/migrate.js.map +1 -0
package/dist/commands/addon/publish.d.ts +33 -0
package/dist/commands/addon/publish.d.ts.map +1 -0
package/dist/commands/addon/publish.js +236 -0
package/dist/commands/addon/publish.js.map +1 -0
package/dist/commands/addon/scaffold-quality.d.ts +21 -0
package/dist/commands/addon/scaffold-quality.d.ts.map +1 -0
package/dist/commands/addon/scaffold-quality.js +90 -0
package/dist/commands/addon/scaffold-quality.js.map +1 -0
package/dist/commands/addon/sign.d.ts +9 -0
package/dist/commands/addon/sign.d.ts.map +1 -0
package/dist/commands/addon/sign.js +83 -0
package/dist/commands/addon/sign.js.map +1 -0
package/dist/commands/addon/toggle.d.ts +6 -0
package/dist/commands/addon/toggle.d.ts.map +1 -0
package/dist/commands/addon/toggle.js +46 -0
package/dist/commands/addon/toggle.js.map +1 -0
package/dist/commands/agent/index.d.ts +34 -0
package/dist/commands/agent/index.d.ts.map +1 -0
package/dist/commands/agent/index.js +564 -0
package/dist/commands/agent/index.js.map +1 -0
package/dist/commands/brand/index.d.ts +54 -0
package/dist/commands/brand/index.d.ts.map +1 -0
package/dist/commands/brand/index.js +367 -0
package/dist/commands/brand/index.js.map +1 -0
package/dist/commands/build/index.d.ts +53 -0
package/dist/commands/build/index.d.ts.map +1 -0
package/dist/commands/build/index.js +726 -0
package/dist/commands/build/index.js.map +1 -0
package/dist/commands/cache/flush-local.d.ts +31 -0
package/dist/commands/cache/flush-local.d.ts.map +1 -0
package/dist/commands/cache/flush-local.js +161 -0
package/dist/commands/cache/flush-local.js.map +1 -0
package/dist/commands/cache/index.d.ts +14 -0
package/dist/commands/cache/index.d.ts.map +1 -0
package/dist/commands/cache/index.js +453 -0
package/dist/commands/cache/index.js.map +1 -0
package/dist/commands/check/index.d.ts +8 -0
package/dist/commands/check/index.d.ts.map +1 -0
package/dist/commands/check/index.js +1316 -0
package/dist/commands/check/index.js.map +1 -0
package/dist/commands/cloudflare/index.d.ts +8 -0
package/dist/commands/cloudflare/index.d.ts.map +1 -0
package/dist/commands/cloudflare/index.js +453 -0
package/dist/commands/cloudflare/index.js.map +1 -0
package/dist/commands/core/create.d.ts +12 -0
package/dist/commands/core/create.d.ts.map +1 -0
package/dist/commands/core/create.js +206 -0
package/dist/commands/core/create.js.map +1 -0
package/dist/commands/core/delete.d.ts +11 -0
package/dist/commands/core/delete.d.ts.map +1 -0
package/dist/commands/core/delete.js +64 -0
package/dist/commands/core/delete.js.map +1 -0
package/dist/commands/core/env.d.ts +12 -0
package/dist/commands/core/env.d.ts.map +1 -0
package/dist/commands/core/env.js +95 -0
package/dist/commands/core/env.js.map +1 -0
package/dist/commands/core/health.d.ts +6 -0
package/dist/commands/core/health.d.ts.map +1 -0
package/dist/commands/core/health.js +215 -0
package/dist/commands/core/health.js.map +1 -0
package/dist/commands/core/index.d.ts +15 -0
package/dist/commands/core/index.d.ts.map +1 -0
package/dist/commands/core/index.js +86 -0
package/dist/commands/core/index.js.map +1 -0
package/dist/commands/core/list.d.ts +11 -0
package/dist/commands/core/list.d.ts.map +1 -0
package/dist/commands/core/list.js +58 -0
package/dist/commands/core/list.js.map +1 -0
package/dist/commands/core/rebuild.d.ts +13 -0
package/dist/commands/core/rebuild.d.ts.map +1 -0
package/dist/commands/core/rebuild.js +119 -0
package/dist/commands/core/rebuild.js.map +1 -0
package/dist/commands/db/index.d.ts +23 -0
package/dist/commands/db/index.d.ts.map +1 -0
package/dist/commands/db/index.js +355 -0
package/dist/commands/db/index.js.map +1 -0
package/dist/commands/db/promote-silo.d.ts +320 -0
package/dist/commands/db/promote-silo.d.ts.map +1 -0
package/dist/commands/db/promote-silo.js +930 -0
package/dist/commands/db/promote-silo.js.map +1 -0
package/dist/commands/db/relocate.d.ts +41 -0
package/dist/commands/db/relocate.d.ts.map +1 -0
package/dist/commands/db/relocate.js +482 -0
package/dist/commands/db/relocate.js.map +1 -0
package/dist/commands/db/rollback-silo.d.ts +44 -0
package/dist/commands/db/rollback-silo.d.ts.map +1 -0
package/dist/commands/db/rollback-silo.js +402 -0
package/dist/commands/db/rollback-silo.js.map +1 -0
package/dist/commands/deploy/index.d.ts +26 -0
package/dist/commands/deploy/index.d.ts.map +1 -0
package/dist/commands/deploy/index.js +107 -0
package/dist/commands/deploy/index.js.map +1 -0
package/dist/commands/devops/index.d.ts +6 -0
package/dist/commands/devops/index.d.ts.map +1 -0
package/dist/commands/devops/index.js +220 -0
package/dist/commands/devops/index.js.map +1 -0
package/dist/commands/domain/index.d.ts +8 -0
package/dist/commands/domain/index.d.ts.map +1 -0
package/dist/commands/domain/index.js +386 -0
package/dist/commands/domain/index.js.map +1 -0
package/dist/commands/image/index.d.ts +8 -0
package/dist/commands/image/index.d.ts.map +1 -0
package/dist/commands/image/index.js +308 -0
package/dist/commands/image/index.js.map +1 -0
package/dist/commands/install/factory-reset.d.ts +21 -0
package/dist/commands/install/factory-reset.d.ts.map +1 -0
package/dist/commands/install/factory-reset.js +83 -0
package/dist/commands/install/factory-reset.js.map +1 -0
package/dist/commands/install/index.d.ts +17 -0
package/dist/commands/install/index.d.ts.map +1 -0
package/dist/commands/install/index.js +44 -0
package/dist/commands/install/index.js.map +1 -0
package/dist/commands/install/install.d.ts +35 -0
package/dist/commands/install/install.d.ts.map +1 -0
package/dist/commands/install/install.js +171 -0
package/dist/commands/install/install.js.map +1 -0
package/dist/commands/login/index.d.ts +15 -0
package/dist/commands/login/index.d.ts.map +1 -0
package/dist/commands/login/index.js +58 -0
package/dist/commands/login/index.js.map +1 -0
package/dist/commands/nginx/index.d.ts +11 -0
package/dist/commands/nginx/index.d.ts.map +1 -0
package/dist/commands/nginx/index.js +580 -0
package/dist/commands/nginx/index.js.map +1 -0
package/dist/commands/server/bootstrap.d.ts +25 -0
package/dist/commands/server/bootstrap.d.ts.map +1 -0
package/dist/commands/server/bootstrap.js +260 -0
package/dist/commands/server/bootstrap.js.map +1 -0
package/dist/commands/server/index.d.ts +8 -0
package/dist/commands/server/index.d.ts.map +1 -0
package/dist/commands/server/index.js +2524 -0
package/dist/commands/server/index.js.map +1 -0
package/dist/commands/setup/index.d.ts +34 -0
package/dist/commands/setup/index.d.ts.map +1 -0
package/dist/commands/setup/index.js +423 -0
package/dist/commands/setup/index.js.map +1 -0
package/dist/commands/ssl/index.d.ts +8 -0
package/dist/commands/ssl/index.d.ts.map +1 -0
package/dist/commands/ssl/index.js +275 -0
package/dist/commands/ssl/index.js.map +1 -0
package/dist/commands/superadmin/index.d.ts +16 -0
package/dist/commands/superadmin/index.d.ts.map +1 -0
package/dist/commands/superadmin/index.js +81 -0
package/dist/commands/superadmin/index.js.map +1 -0
package/dist/commands/tenant/index.d.ts +6 -0
package/dist/commands/tenant/index.d.ts.map +1 -0
package/dist/commands/tenant/index.js +192 -0
package/dist/commands/tenant/index.js.map +1 -0
package/dist/index.d.ts +11 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +107 -0
package/dist/index.js.map +1 -0
package/dist/lib/addon-sign.d.ts +23 -0
package/dist/lib/addon-sign.d.ts.map +1 -0
package/dist/lib/addon-sign.js +39 -0
package/dist/lib/addon-sign.js.map +1 -0
package/dist/lib/addon-sign.test.d.ts +2 -0
package/dist/lib/addon-sign.test.d.ts.map +1 -0
package/dist/lib/addon-sign.test.js +27 -0
package/dist/lib/addon-sign.test.js.map +1 -0
package/dist/lib/cdn.d.ts +25 -0
package/dist/lib/cdn.d.ts.map +1 -0
package/dist/lib/cdn.js +131 -0
package/dist/lib/cdn.js.map +1 -0
package/dist/lib/cloudflare.d.ts +133 -0
package/dist/lib/cloudflare.d.ts.map +1 -0
package/dist/lib/cloudflare.js +435 -0
package/dist/lib/cloudflare.js.map +1 -0
package/dist/lib/config.d.ts +96 -0
package/dist/lib/config.d.ts.map +1 -0
package/dist/lib/config.js +132 -0
package/dist/lib/config.js.map +1 -0
package/dist/lib/env.d.ts +8 -0
package/dist/lib/env.d.ts.map +1 -0
package/dist/lib/env.js +64 -0
package/dist/lib/env.js.map +1 -0
package/dist/lib/hosts.d.ts +194 -0
package/dist/lib/hosts.d.ts.map +1 -0
package/dist/lib/hosts.js +183 -0
package/dist/lib/hosts.js.map +1 -0
package/dist/lib/logger.d.ts +68 -0
package/dist/lib/logger.d.ts.map +1 -0
package/dist/lib/logger.js +130 -0
package/dist/lib/logger.js.map +1 -0
package/dist/lib/nginx-config.d.ts +78 -0
package/dist/lib/nginx-config.d.ts.map +1 -0
package/dist/lib/nginx-config.js +736 -0
package/dist/lib/nginx-config.js.map +1 -0
package/dist/lib/ops/addon-dev.d.ts +93 -0
package/dist/lib/ops/addon-dev.d.ts.map +1 -0
package/dist/lib/ops/addon-dev.js +237 -0
package/dist/lib/ops/addon-dev.js.map +1 -0
package/dist/lib/ops/addon-quality.d.ts +38 -0
package/dist/lib/ops/addon-quality.d.ts.map +1 -0
package/dist/lib/ops/addon-quality.js +338 -0
package/dist/lib/ops/addon-quality.js.map +1 -0
package/dist/lib/ops/addon-routes.d.ts +49 -0
package/dist/lib/ops/addon-routes.d.ts.map +1 -0
package/dist/lib/ops/addon-routes.js +189 -0
package/dist/lib/ops/addon-routes.js.map +1 -0
package/dist/lib/ops/addon.d.ts +120 -0
package/dist/lib/ops/addon.d.ts.map +1 -0
package/dist/lib/ops/addon.js +260 -0
package/dist/lib/ops/addon.js.map +1 -0
package/dist/lib/ops/cdn.d.ts +87 -0
package/dist/lib/ops/cdn.d.ts.map +1 -0
package/dist/lib/ops/cdn.js +170 -0
package/dist/lib/ops/cdn.js.map +1 -0
package/dist/lib/ops/cf.d.ts +36 -0
package/dist/lib/ops/cf.d.ts.map +1 -0
package/dist/lib/ops/cf.js +114 -0
package/dist/lib/ops/cf.js.map +1 -0
package/dist/lib/ops/compose.d.ts +95 -0
package/dist/lib/ops/compose.d.ts.map +1 -0
package/dist/lib/ops/compose.js +165 -0
package/dist/lib/ops/compose.js.map +1 -0
package/dist/lib/ops/core.d.ts +117 -0
package/dist/lib/ops/core.d.ts.map +1 -0
package/dist/lib/ops/core.js +322 -0
package/dist/lib/ops/core.js.map +1 -0
package/dist/lib/ops/db.d.ts +116 -0
package/dist/lib/ops/db.d.ts.map +1 -0
package/dist/lib/ops/db.js +351 -0
package/dist/lib/ops/db.js.map +1 -0
package/dist/lib/ops/dns.d.ts +111 -0
package/dist/lib/ops/dns.d.ts.map +1 -0
package/dist/lib/ops/dns.js +306 -0
package/dist/lib/ops/dns.js.map +1 -0
package/dist/lib/ops/image.d.ts +94 -0
package/dist/lib/ops/image.d.ts.map +1 -0
package/dist/lib/ops/image.js +159 -0
package/dist/lib/ops/image.js.map +1 -0
package/dist/lib/ops/nginx.d.ts +114 -0
package/dist/lib/ops/nginx.d.ts.map +1 -0
package/dist/lib/ops/nginx.js +388 -0
package/dist/lib/ops/nginx.js.map +1 -0
package/dist/lib/ops/redis.d.ts +7 -0
package/dist/lib/ops/redis.d.ts.map +1 -0
package/dist/lib/ops/redis.js +35 -0
package/dist/lib/ops/redis.js.map +1 -0
package/dist/lib/ops/ssh.d.ts +127 -0
package/dist/lib/ops/ssh.d.ts.map +1 -0
package/dist/lib/ops/ssh.js +269 -0
package/dist/lib/ops/ssh.js.map +1 -0
package/dist/lib/prompts.d.ts +46 -0
package/dist/lib/prompts.d.ts.map +1 -0
package/dist/lib/prompts.js +113 -0
package/dist/lib/prompts.js.map +1 -0
package/dist/lib/sast.d.ts +43 -0
package/dist/lib/sast.d.ts.map +1 -0
package/dist/lib/sast.js +79 -0
package/dist/lib/sast.js.map +1 -0
package/dist/lib/sast.test.d.ts +2 -0
package/dist/lib/sast.test.d.ts.map +1 -0
package/dist/lib/sast.test.js +33 -0
package/dist/lib/sast.test.js.map +1 -0
package/dist/lib/shell.d.ts +61 -0
package/dist/lib/shell.d.ts.map +1 -0
package/dist/lib/shell.js +183 -0
package/dist/lib/shell.js.map +1 -0
package/dist/lib/ssh-config.d.ts +37 -0
package/dist/lib/ssh-config.d.ts.map +1 -0
package/dist/lib/ssh-config.js +122 -0
package/dist/lib/ssh-config.js.map +1 -0
package/dist/lib/tenant-scope.d.ts +38 -0
package/dist/lib/tenant-scope.d.ts.map +1 -0
package/dist/lib/tenant-scope.js +129 -0
package/dist/lib/tenant-scope.js.map +1 -0
package/dist/lib/tenant-scope.test.d.ts +2 -0
package/dist/lib/tenant-scope.test.d.ts.map +1 -0
package/dist/lib/tenant-scope.test.js +223 -0
package/dist/lib/tenant-scope.test.js.map +1 -0
package/package.json +58 -0
package/templates/bootstrap/.env.template +54 -0
package/templates/bootstrap/docker-compose.yml +145 -0
package/templates/vhost.conf.tmpl +446 -0

package/dist/lib/ops/dns.js ADDED Viewed

@@ -0,0 +1,306 @@
+/**
+ * CiCore CLI — DNS / TLS provider abstraction
+ *
+ * Vendor-neutral {@link DnsProvider} interface + a Cloudflare implementation.
+ * The interface exists so a second vendor (Route53, …) can slot in later
+ * without touching callers (see brand-layer plan §K2 / §8). For now the only
+ * implementation is {@link CloudflareDnsProvider}.
+ *
+ * Two routing modes — both first-class, both modelled by the control plane
+ * (`cp_domains.dns_mode`):
+ *
+ *   - `owned_zone` — the hostname lives in a zone *we* manage (e.g.
+ *     `lab.multinodex.com`). We upsert a proxied CNAME → our origin target;
+ *     TLS is covered by the zone's Universal / Advanced certificate. The
+ *     zone id is resolved from the hostname at call time (a single host can
+ *     serve several owned zones — mkt fronts both multinodex.com and
+ *     randevu360.net — so we can't rely on `cfg.cfZoneId` alone).
+ *
+ *   - `custom_hostname` (PRIMARY) — a domain the *customer* owns (BYO domain,
+ *     Shopify/Webflow model). We register it as a Cloudflare for SaaS custom
+ *     hostname in our SaaS zone (`cfg.cfZoneId`); DV TLS is issued + renewed
+ *     automatically, and the customer points a CNAME at our fallback origin.
+ *     This retires the per-host tunnel-ingress + `api-lab` SSL-depth hack:
+ *     deep subdomains (`api.lab.x`) that Universal SSL's single-level wildcard
+ *     can't cover get their own per-hostname cert for free.
+ *
+ * All calls use the host's scoped token `cfg.cfApiToken` (Bearer) — NOT the
+ * stored-config token that `lib/cloudflare.ts` reads. Keep new DNS work here,
+ * on the host-aware path. Every mutation honours `--dry-run`.
+ */
+import { isDryRun } from '../config.js';
+import { log } from '../logger.js';
+const OK_RESULT = Object.freeze({ success: true, errorMessage: '' });
+/** Construct the configured provider for a host. Cloudflare-only today. */
+export function createDnsProvider(cfg) {
+    return new CloudflareDnsProvider(cfg);
+}
+// ─────────────────────────────────────────────────────────────────────────
+// Cloudflare implementation
+// ─────────────────────────────────────────────────────────────────────────
+const CF_API_BASE = 'https://api.cloudflare.com/client/v4';
+const REQUEST_TIMEOUT_MS = 30_000;
+class CloudflareDnsProvider {
+    cfg;
+    constructor(cfg) {
+        this.cfg = cfg;
+    }
+    async detectMode(hostname) {
+        const zoneId = await this.resolveZoneId(hostname);
+        return zoneId ? 'owned_zone' : 'custom_hostname';
+    }
+    async ensureHost(req) {
+        return req.mode === 'owned_zone'
+            ? this.ensureOwnedZone(req)
+            : this.ensureCustomHostname(req);
+    }
+    async getHostState(hostname, mode) {
+        if (mode === 'owned_zone') {
+            const zoneId = await this.resolveZoneId(hostname);
+            if (!zoneId)
+                return this.failState(hostname, mode, `no managed zone found for ${hostname}`);
+            const record = await this.findRecord(zoneId, hostname);
+            if (!record)
+                return this.failState(hostname, mode, `no DNS record for ${hostname}`);
+            return Object.freeze({
+                success: true,
+                hostname,
+                mode,
+                routingStatus: 'active',
+                sslStatus: 'active', // covered by zone Universal/ACM cert
+                cfZoneId: zoneId,
+                cnameTarget: record.content,
+                errorMessage: '',
+            });
+        }
+        const existing = await this.findCustomHostname(hostname);
+        if (!existing)
+            return this.failState(hostname, mode, `no custom hostname for ${hostname}`);
+        return this.customHostnameToState(hostname, existing);
+    }
+    async removeHost(hostname, mode) {
+        if (mode === 'owned_zone') {
+            const zoneId = await this.resolveZoneId(hostname);
+            if (!zoneId)
+                return OK_RESULT; // nothing to remove
+            const record = await this.findRecord(zoneId, hostname);
+            if (!record)
+                return OK_RESULT;
+            if (isDryRun()) {
+                log.debug(`[dry-run] DELETE dns_record ${hostname} (${record.id}) in zone ${zoneId}`);
+                return OK_RESULT;
+            }
+            const res = await this.cfFetch(`/zones/${zoneId}/dns_records/${record.id}`, { method: 'DELETE' });
+            return res.success ? OK_RESULT : Object.freeze({ success: false, errorMessage: res.errorMessage });
+        }
+        const existing = await this.findCustomHostname(hostname);
+        if (!existing)
+            return OK_RESULT;
+        if (isDryRun()) {
+            log.debug(`[dry-run] DELETE custom_hostname ${hostname} (${existing.id})`);
+            return OK_RESULT;
+        }
+        const res = await this.cfFetch(`/zones/${this.cfg.cfZoneId}/custom_hostnames/${existing.id}`, { method: 'DELETE' });
+        return res.success ? OK_RESULT : Object.freeze({ success: false, errorMessage: res.errorMessage });
+    }
+    async ensureFallbackOrigin(originHostname) {
+        log.info(`[dns] ensure SaaS fallback origin → ${originHostname} (zone ${this.cfg.cfZoneId})`);
+        if (isDryRun()) {
+            log.debug(`[dry-run] PUT custom_hostnames/fallback_origin { origin: ${originHostname} }`);
+            return OK_RESULT;
+        }
+        const res = await this.cfFetch(`/zones/${this.cfg.cfZoneId}/custom_hostnames/fallback_origin`, { method: 'PUT', body: { origin: originHostname } });
+        return res.success ? OK_RESULT : Object.freeze({ success: false, errorMessage: res.errorMessage });
+    }
+    // ── owned_zone ───────────────────────────────────────────────────────
+    async ensureOwnedZone(req) {
+        const { hostname, originTarget } = req;
+        const zoneId = await this.resolveZoneId(hostname);
+        if (!zoneId) {
+            return this.failState(hostname, 'owned_zone', `no Cloudflare zone manages '${hostname}'. Use custom_hostname mode for BYO domains, ` +
+                `or add the zone to the account.`);
+        }
+        log.info(`[dns] owned_zone: ${hostname} → CNAME ${originTarget} (proxied, zone ${zoneId})`);
+        if (isDryRun()) {
+            log.debug(`[dry-run] upsert proxied CNAME ${hostname} → ${originTarget}`);
+            return this.okOwnedState(hostname, zoneId, originTarget);
+        }
+        const existing = await this.findRecord(zoneId, hostname);
+        const body = { type: 'CNAME', name: hostname, content: originTarget, proxied: true, ttl: 1 };
+        const res = existing
+            ? await this.cfFetch(`/zones/${zoneId}/dns_records/${existing.id}`, { method: 'PUT', body })
+            : await this.cfFetch(`/zones/${zoneId}/dns_records`, { method: 'POST', body });
+        if (!res.success)
+            return this.failState(hostname, 'owned_zone', res.errorMessage);
+        return this.okOwnedState(hostname, zoneId, originTarget);
+    }
+    okOwnedState(hostname, zoneId, cnameTarget) {
+        // Universal SSL covers the apex + one wildcard level. A deeper subdomain
+        // (api.lab.x) is NOT covered by `*.x` — warn rather than silently claim
+        // active, so the operator knows to use custom_hostname or ACM there.
+        const sslStatus = isCoveredByUniversalSsl(hostname) ? 'active' : 'pending';
+        if (sslStatus === 'pending') {
+            log.warn(`[dns] '${hostname}' is a deep subdomain — Universal SSL ('*.<zone>') does not cover it. ` +
+                `Use custom_hostname mode or Advanced Certificate Manager for a valid cert.`);
+        }
+        return Object.freeze({
+            success: true,
+            hostname,
+            mode: 'owned_zone',
+            routingStatus: 'active',
+            sslStatus,
+            cfZoneId: zoneId,
+            cnameTarget,
+            errorMessage: '',
+        });
+    }
+    // ── custom_hostname (Cloudflare for SaaS) ────────────────────────────
+    async ensureCustomHostname(req) {
+        const { hostname, originTarget } = req;
+        log.info(`[dns] custom_hostname: register ${hostname} (CF for SaaS, DV auto-SSL)`);
+        if (isDryRun()) {
+            log.debug(`[dry-run] POST custom_hostnames { hostname: ${hostname}, ssl.method: http, type: dv }`);
+            return Object.freeze({
+                success: true,
+                hostname,
+                mode: 'custom_hostname',
+                routingStatus: 'pending',
+                sslStatus: 'pending',
+                cfZoneId: this.cfg.cfZoneId,
+                cnameTarget: originTarget,
+                errorMessage: '',
+            });
+        }
+        // Idempotent: reuse an existing custom hostname rather than 409-ing.
+        const existing = await this.findCustomHostname(hostname);
+        if (existing) {
+            log.debug(`[dns] custom hostname ${hostname} already registered (${existing.id})`);
+            return this.customHostnameToState(hostname, existing, originTarget);
+        }
+        const body = {
+            hostname,
+            ssl: {
+                method: 'http',
+                type: 'dv',
+                settings: { min_tls_version: '1.2' },
+            },
+        };
+        const res = await this.cfFetch(`/zones/${this.cfg.cfZoneId}/custom_hostnames`, { method: 'POST', body });
+        if (!res.success || !res.result) {
+            return this.failState(hostname, 'custom_hostname', res.errorMessage);
+        }
+        return this.customHostnameToState(hostname, res.result, originTarget);
+    }
+    customHostnameToState(hostname, ch, cnameTarget) {
+        const sslStatus = ch.ssl?.status === 'active' ? 'active' : 'pending';
+        const routingStatus = ch.status === 'active' ? 'active' : 'pending';
+        return Object.freeze({
+            success: true,
+            hostname,
+            mode: 'custom_hostname',
+            routingStatus,
+            sslStatus,
+            customHostnameId: ch.id,
+            cfZoneId: this.cfg.cfZoneId,
+            cnameTarget,
+            verification: {
+                ownership: ch.ownership_verification ?? null,
+                ssl: ch.ssl ?? null,
+            },
+            errorMessage: '',
+        });
+    }
+    // ── zone / record helpers ────────────────────────────────────────────
+    /**
+     * Resolve the Cloudflare zone id that manages `hostname`, or `undefined`
+     * if no zone in the account does (→ treat as a customer BYO domain).
+     *
+     * Walks the hostname's parent labels (e.g. `api.lab.multinodex.com` →
+     * `lab.multinodex.com` → `multinodex.com` → `com`) and returns the first
+     * label set that exactly matches a zone name. Handles multi-part TLDs
+     * (`.com.tr`) naturally because we test every suffix, not just the last two.
+     */
+    async resolveZoneId(hostname) {
+        const labels = hostname.split('.');
+        for (let i = 0; i < labels.length - 1; i++) {
+            const candidate = labels.slice(i).join('.');
+            const res = await this.cfFetch(`/zones?name=${encodeURIComponent(candidate)}`);
+            if (res.success && res.result && res.result.length > 0) {
+                return res.result[0].id;
+            }
+        }
+        return undefined;
+    }
+    async findRecord(zoneId, name) {
+        const res = await this.cfFetch(`/zones/${zoneId}/dns_records?name=${encodeURIComponent(name)}`);
+        return res.success && res.result && res.result.length > 0 ? res.result[0] : undefined;
+    }
+    async findCustomHostname(hostname) {
+        const res = await this.cfFetch(`/zones/${this.cfg.cfZoneId}/custom_hostnames?hostname=${encodeURIComponent(hostname)}`);
+        return res.success && res.result && res.result.length > 0 ? res.result[0] : undefined;
+    }
+    // ── HTTP ─────────────────────────────────────────────────────────────
+    failState(hostname, mode, errorMessage) {
+        return Object.freeze({
+            success: false,
+            hostname,
+            mode,
+            routingStatus: 'error',
+            sslStatus: 'error',
+            errorMessage,
+        });
+    }
+    /**
+     * Single Cloudflare v4 fetch. Bearer-auths with the host-scoped token,
+     * times out at {@link REQUEST_TIMEOUT_MS}, and normalises CF's
+     * `{ success, result, errors }` envelope into {@link CfApiResult}.
+     */
+    async cfFetch(endpoint, options = {}) {
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
+        try {
+            const response = await fetch(`${CF_API_BASE}${endpoint}`, {
+                method: options.method ?? 'GET',
+                headers: {
+                    Authorization: `Bearer ${this.cfg.cfApiToken}`,
+                    'Content-Type': 'application/json',
+                },
+                body: options.body !== undefined ? JSON.stringify(options.body) : undefined,
+                signal: controller.signal,
+            });
+            const data = (await response.json());
+            if (data.success) {
+                return { success: true, result: data.result, errorMessage: '' };
+            }
+            const msg = data.errors?.map((e) => `${e.code ?? ''} ${e.message}`.trim()).join('; ');
+            return { success: false, errorMessage: msg || `HTTP ${response.status}` };
+        }
+        catch (error) {
+            const message = error instanceof Error
+                ? error.name === 'AbortError'
+                    ? `Cloudflare request timed out after ${REQUEST_TIMEOUT_MS / 1000}s`
+                    : error.message
+                : String(error);
+            return { success: false, errorMessage: message };
+        }
+        finally {
+            clearTimeout(timeout);
+        }
+    }
+}
+// ─────────────────────────────────────────────────────────────────────────
+// Internal helpers
+// ─────────────────────────────────────────────────────────────────────────
+/**
+ * Cloudflare Universal SSL issues a cert for the apex plus a single wildcard
+ * level (`example.com` + `*.example.com`). A hostname with two or more labels
+ * below the registrable domain (e.g. `api.lab.example.com`) is therefore NOT
+ * covered. We approximate "registrable domain = last two labels" which is
+ * correct for plain TLDs and conservative (false-pending, never false-active)
+ * for multi-part TLDs like `.com.tr` — there it flags one level early, which
+ * only nudges the operator toward a proper per-hostname cert.
+ */
+function isCoveredByUniversalSsl(hostname) {
+    return hostname.split('.').length <= 3;
+}
+//# sourceMappingURL=dns.js.map

package/dist/lib/ops/dns.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dns.js","sourceRoot":"","sources":["../../../src/lib/ops/dns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAGH,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AACvC,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAyDlC,MAAM,SAAS,GAAc,MAAM,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC,CAAA;AAsC/E,2EAA2E;AAC3E,MAAM,UAAU,iBAAiB,CAAC,GAAe;IAC/C,OAAO,IAAI,qBAAqB,CAAC,GAAG,CAAC,CAAA;AACvC,CAAC;AAED,4EAA4E;AAC5E,4BAA4B;AAC5B,4EAA4E;AAE5E,MAAM,WAAW,GAAG,sCAAsC,CAAA;AAC1D,MAAM,kBAAkB,GAAG,MAAM,CAAA;AAEjC,MAAM,qBAAqB;IACI;IAA7B,YAA6B,GAAe;QAAf,QAAG,GAAH,GAAG,CAAY;IAAG,CAAC;IAEhD,KAAK,CAAC,UAAU,CAAC,QAAgB;QAC/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAA;QACjD,OAAO,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,iBAAiB,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAAmB;QAClC,OAAO,GAAG,CAAC,IAAI,KAAK,YAAY;YAC9B,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC;YAC3B,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAA;IACpC,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,IAAa;QAChD,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAA;YACjD,IAAI,CAAC,MAAM;gBAAE,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,6BAA6B,QAAQ,EAAE,CAAC,CAAA;YAC3F,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;YACtD,IAAI,CAAC,MAAM;gBAAE,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,qBAAqB,QAAQ,EAAE,CAAC,CAAA;YACnF,OAAO,MAAM,CAAC,MAAM,CAAC;gBACnB,OAAO,EAAE,IAAI;gBACb,QAAQ;gBACR,IAAI;gBACJ,aAAa,EAAE,QAAiB;gBAChC,SAAS,EAAE,QAAiB,EAAE,qCAAqC;gBACnE,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,MAAM,CAAC,OAAO;gBAC3B,YAAY,EAAE,EAAE;aACjB,CAAC,CAAA;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAA;QACxD,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,0BAA0B,QAAQ,EAAE,CAAC,CAAA;QAC1F,OAAO,IAAI,CAAC,qBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;IACvD,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAgB,EAAE,IAAa;QAC9C,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAA;YACjD,IAAI,CAAC,MAAM;gBAAE,OAAO,SAAS,CAAA,CAAC,oBAAoB;YAClD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;YACtD,IAAI,CAAC,MAAM;gBAAE,OAAO,SAAS,CAAA;YAC7B,IAAI,QAAQ,EAAE,EAAE,CAAC;gBACf,GAAG,CAAC,KAAK,CAAC,+BAA+B,QAAQ,KAAK,MAAM,CAAC,EAAE,aAAa,MAAM,EAAE,CAAC,CAAA;gBACrF,OAAO,SAAS,CAAA;YAClB,CAAC;YACD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,MAAM,gBAAgB,MAAM,CAAC,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAA;YACjG,OAAO,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,GAAG,CAAC,YAAY,EAAE,CAAC,CAAA;QACpG,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAA;QACxD,IAAI,CAAC,QAAQ;YAAE,OAAO,SAAS,CAAA;QAC/B,IAAI,QAAQ,EAAE,EAAE,CAAC;YACf,GAAG,CAAC,KAAK,CAAC,oCAAoC,QAAQ,KAAK,QAAQ,CAAC,EAAE,GAAG,CAAC,CAAA;YAC1E,OAAO,SAAS,CAAA;QAClB,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAC5B,UAAU,IAAI,CAAC,GAAG,CAAC,QAAQ,qBAAqB,QAAQ,CAAC,EAAE,EAAE,EAC7D,EAAE,MAAM,EAAE,QAAQ,EAAE,CACrB,CAAA;QACD,OAAO,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,GAAG,CAAC,YAAY,EAAE,CAAC,CAAA;IACpG,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,cAAsB;QAC/C,GAAG,CAAC,IAAI,CAAC,uCAAuC,cAAc,UAAU,IAAI,CAAC,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAA;QAC7F,IAAI,QAAQ,EAAE,EAAE,CAAC;YACf,GAAG,CAAC,KAAK,CAAC,4DAA4D,cAAc,IAAI,CAAC,CAAA;YACzF,OAAO,SAAS,CAAA;QAClB,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAC5B,UAAU,IAAI,CAAC,GAAG,CAAC,QAAQ,mCAAmC,EAC9D,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,EAAE,CACpD,CAAA;QACD,OAAO,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,GAAG,CAAC,YAAY,EAAE,CAAC,CAAA;IACpG,CAAC;IAED,wEAAwE;IAEhE,KAAK,CAAC,eAAe,CAAC,GAAmB;QAC/C,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,GAAG,CAAA;QACtC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAA;QACjD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC,SAAS,CACnB,QAAQ,EACR,YAAY,EACZ,+BAA+B,QAAQ,+CAA+C;gBACpF,iCAAiC,CACpC,CAAA;QACH,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,qBAAqB,QAAQ,YAAY,YAAY,mBAAmB,MAAM,GAAG,CAAC,CAAA;QAC3F,IAAI,QAAQ,EAAE,EAAE,CAAC;YACf,GAAG,CAAC,KAAK,CAAC,kCAAkC,QAAQ,MAAM,YAAY,EAAE,CAAC,CAAA;YACzE,OAAO,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,CAAA;QAC1D,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;QACxD,MAAM,IAAI,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,EAAE,CAAA;QAC5F,MAAM,GAAG,GAAG,QAAQ;YAClB,CAAC,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,MAAM,gBAAgB,QAAQ,CAAC,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;YAC5F,CAAC,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,MAAM,cAAc,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAA;QAEhF,IAAI,CAAC,GAAG,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,YAAY,EAAE,GAAG,CAAC,YAAY,CAAC,CAAA;QACjF,OAAO,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,CAAA;IAC1D,CAAC;IAEO,YAAY,CAAC,QAAgB,EAAE,MAAc,EAAE,WAAmB;QACxE,yEAAyE;QACzE,wEAAwE;QACxE,qEAAqE;QACrE,MAAM,SAAS,GAAc,uBAAuB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAA;QACrF,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,GAAG,CAAC,IAAI,CACN,UAAU,QAAQ,wEAAwE;gBACxF,4EAA4E,CAC/E,CAAA;QACH,CAAC;QACD,OAAO,MAAM,CAAC,MAAM,CAAC;YACnB,OAAO,EAAE,IAAI;YACb,QAAQ;YACR,IAAI,EAAE,YAAqB;YAC3B,aAAa,EAAE,QAAiB;YAChC,SAAS;YACT,QAAQ,EAAE,MAAM;YAChB,WAAW;YACX,YAAY,EAAE,EAAE;SACjB,CAAC,CAAA;IACJ,CAAC;IAED,wEAAwE;IAEhE,KAAK,CAAC,oBAAoB,CAAC,GAAmB;QACpD,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,GAAG,CAAA;QACtC,GAAG,CAAC,IAAI,CAAC,mCAAmC,QAAQ,6BAA6B,CAAC,CAAA;QAElF,IAAI,QAAQ,EAAE,EAAE,CAAC;YACf,GAAG,CAAC,KAAK,CAAC,+CAA+C,QAAQ,gCAAgC,CAAC,CAAA;YAClG,OAAO,MAAM,CAAC,MAAM,CAAC;gBACnB,OAAO,EAAE,IAAI;gBACb,QAAQ;gBACR,IAAI,EAAE,iBAA0B;gBAChC,aAAa,EAAE,SAAkB;gBACjC,SAAS,EAAE,SAAkB;gBAC7B,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC,QAAQ;gBAC3B,WAAW,EAAE,YAAY;gBACzB,YAAY,EAAE,EAAE;aACjB,CAAC,CAAA;QACJ,CAAC;QAED,qEAAqE;QACrE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAA;QACxD,IAAI,QAAQ,EAAE,CAAC;YACb,GAAG,CAAC,KAAK,CAAC,yBAAyB,QAAQ,wBAAwB,QAAQ,CAAC,EAAE,GAAG,CAAC,CAAA;YAClF,OAAO,IAAI,CAAC,qBAAqB,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAA;QACrE,CAAC;QAED,MAAM,IAAI,GAAG;YACX,QAAQ;YACR,GAAG,EAAE;gBACH,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,IAAI;gBACV,QAAQ,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE;aACrC;SACF,CAAA;QACD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAC5B,UAAU,IAAI,CAAC,GAAG,CAAC,QAAQ,mBAAmB,EAC9C,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,CACzB,CAAA;QACD,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,iBAAiB,EAAE,GAAG,CAAC,YAAY,CAAC,CAAA;QACtE,CAAC;QACD,OAAO,IAAI,CAAC,qBAAqB,CAAC,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAA;IACvE,CAAC;IAEO,qBAAqB,CAC3B,QAAgB,EAChB,EAAoB,EACpB,WAAoB;QAEpB,MAAM,SAAS,GAAc,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAA;QAC/E,MAAM,aAAa,GAAc,EAAE,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAA;QAC9E,OAAO,MAAM,CAAC,MAAM,CAAC;YACnB,OAAO,EAAE,IAAI;YACb,QAAQ;YACR,IAAI,EAAE,iBAA0B;YAChC,aAAa;YACb,SAAS;YACT,gBAAgB,EAAE,EAAE,CAAC,EAAE;YACvB,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC,QAAQ;YAC3B,WAAW;YACX,YAAY,EAAE;gBACZ,SAAS,EAAE,EAAE,CAAC,sBAAsB,IAAI,IAAI;gBAC5C,GAAG,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI;aACpB;YACD,YAAY,EAAE,EAAE;SACjB,CAAC,CAAA;IACJ,CAAC;IAED,wEAAwE;IAExE;;;;;;;;OAQG;IACK,KAAK,CAAC,aAAa,CAAC,QAAgB;QAC1C,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3C,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAC3C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAW,eAAe,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;YACxF,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvD,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;YACzB,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAA;IAClB,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,IAAY;QACnD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAC5B,UAAU,MAAM,qBAAqB,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAChE,CAAA;QACD,OAAO,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACvF,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,QAAgB;QAC/C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAC5B,UAAU,IAAI,CAAC,GAAG,CAAC,QAAQ,8BAA8B,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CACxF,CAAA;QACD,OAAO,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACvF,CAAC;IAED,wEAAwE;IAEhE,SAAS,CAAC,QAAgB,EAAE,IAAa,EAAE,YAAoB;QACrE,OAAO,MAAM,CAAC,MAAM,CAAC;YACnB,OAAO,EAAE,KAAK;YACd,QAAQ;YACR,IAAI;YACJ,aAAa,EAAE,OAAgB;YAC/B,SAAS,EAAE,OAAgB;YAC3B,YAAY;SACb,CAAC,CAAA;IACJ,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,OAAO,CACnB,QAAgB,EAChB,UAA+C,EAAE;QAEjD,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAA;QACxC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,kBAAkB,CAAC,CAAA;QACxE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,WAAW,GAAG,QAAQ,EAAE,EAAE;gBACxD,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,KAAK;gBAC/B,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE;oBAC9C,cAAc,EAAE,kBAAkB;iBACnC;gBACD,IAAI,EAAE,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC3E,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAA;YACF,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAkB,CAAA;YACrD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,YAAY,EAAE,EAAE,EAAE,CAAA;YACjE,CAAC;YACD,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,EAAE,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACrF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,GAAG,IAAI,QAAQ,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAA;QAC3E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GACX,KAAK,YAAY,KAAK;gBACpB,CAAC,CAAC,KAAK,CAAC,IAAI,KAAK,YAAY;oBAC3B,CAAC,CAAC,sCAAsC,kBAAkB,GAAG,IAAI,GAAG;oBACpE,CAAC,CAAC,KAAK,CAAC,OAAO;gBACjB,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;YACnB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,CAAA;QAClD,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,OAAO,CAAC,CAAA;QACvB,CAAC;IACH,CAAC;CACF;AA8CD,4EAA4E;AAC5E,mBAAmB;AACnB,4EAA4E;AAE5E;;;;;;;;GAQG;AACH,SAAS,uBAAuB,CAAC,QAAgB;IAC/C,OAAO,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAA;AACxC,CAAC"}

package/dist/lib/ops/image.d.ts ADDED Viewed

@@ -0,0 +1,94 @@
+/**
+ * CiCore CLI — Docker image primitives
+ *
+ * Build / push / pull / retag operations for the three core service images
+ * (`nuxt`, `php`, `nginx`). Image names are derived from {@link HostConfig}:
+ *
+ *   push target  = `<registry>/<imagePrefix>-<service>:<tag>`
+ *                  e.g. `cisofttr/cicore-nuxt:baea044`
+ *
+ *   compose name = `<composeImageName>-<service>:latest`
+ *                  e.g. `baynis/vucore-nuxt:latest`
+ *
+ * For vucore (registry=baynis, imagePrefix=vucore, composeImageName=baynis/vucore)
+ * the two converge; the retag is just `TAG → latest`. For cicore (registry=
+ * cisofttr, imagePrefix=cicore, composeImageName=baynis/vucore) the retag
+ * also crosses namespaces so the unmodified docker-compose.yml on the server
+ * keeps working without source changes.
+ */
+import type { AppServiceKey, HostConfig } from '../hosts.js';
+import { type ExecResult } from './ssh.js';
+/** Push-target reference for a service+tag combo: `<registry>/<prefix>-<svc>:<tag>`. */
+export declare function pushImageRef(cfg: HostConfig, service: AppServiceKey, tag: string): string;
+/** Compose-target reference (what docker-compose.yml expects): `<composeImageName>-<svc>:latest`. */
+export declare function composeImageRef(cfg: HostConfig, service: AppServiceKey): string;
+export interface BuildOptions {
+    /** Working directory for the docker build (where Dockerfile lives). Default: cwd. */
+    readonly cwd?: string;
+    /**
+     * Dockerfile path relative to `cwd`. Default: `Dockerfile.<service>.production`
+     * matching the existing repo convention.
+     */
+    readonly dockerfile?: string;
+    /**
+     * Buildx builder name. Auto-created on first use. Default `vu-cli-builder`.
+     * Separate builder = isolated cache from default `desktop-linux`.
+     */
+    readonly builderName?: string;
+    /** Suppress per-step log lines. Errors still surface in the returned result. */
+    readonly silent?: boolean;
+}
+/**
+ * Build a service image with buildx for `linux/amd64` (Mac M-series cross-build).
+ *
+ * Two tags are applied in one build pass: `:<tag>` and `:latest`. Buildx
+ * `--load` materializes the image in the local Docker daemon so the next
+ * push step finds it. The amd64 platform pin is mandatory — without it,
+ * arm64 hosts produce images that crash via emulation on the amd64 server.
+ *
+ * Builder is created lazily on first call; subsequent calls reuse it.
+ */
+export declare function buildImage(cfg: HostConfig, service: AppServiceKey, tag: string, opts?: BuildOptions): Promise<ExecResult>;
+/**
+ * Push a previously-built image to Docker Hub (or whichever registry the
+ * local docker daemon is logged into for `cfg.registry`).
+ *
+ * Pushes the specific `tag` and `:latest` in sequence — Docker dedupes shared
+ * layers, so the second push is mostly metadata.
+ */
+export declare function pushImage(cfg: HostConfig, service: AppServiceKey, tag: string, opts?: {
+    readonly silent?: boolean;
+}): Promise<ExecResult>;
+/**
+ * Retag a locally-built image without rebuilding — useful when the same
+ * binary needs to ship under multiple names (e.g. `vu deploy core` reusing
+ * an already-pushed image for a hotfix tag).
+ */
+export declare function tagImage(fromRef: string, toRef: string, opts?: {
+    readonly silent?: boolean;
+}): Promise<ExecResult>;
+/**
+ * `docker pull` the push-target image on the remote host. Assumes the host
+ * is already `docker login`-ed for `cfg.registry` (setup flow handles this).
+ */
+export declare function pullImage(cfg: HostConfig, service: AppServiceKey, tag: string, opts?: {
+    readonly silent?: boolean;
+}): Promise<ExecResult>;
+/**
+ * Retag a pulled image to the name the compose file references.
+ *
+ * For cicore this crosses namespaces (`cisofttr/cicore-* → baynis/vucore-*`)
+ * so the unmodified docker-compose.yml keeps working. For vucore it's a
+ * within-namespace tag rename (`baynis/vucore-*:TAG → :latest`).
+ *
+ * Idempotent — retagging the same image multiple times has no effect.
+ */
+export declare function retagForCompose(cfg: HostConfig, service: AppServiceKey, srcTag: string, opts?: {
+    readonly silent?: boolean;
+}): Promise<ExecResult>;
+/**
+ * Check whether an image with the given reference exists in the local
+ * docker daemon. Returns `false` for "doesn't exist" or any daemon error.
+ */
+export declare function imageExistsLocally(ref: string): Promise<boolean>;
+//# sourceMappingURL=image.d.ts.map

package/dist/lib/ops/image.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"image.d.ts","sourceRoot":"","sources":["../../../src/lib/ops/image.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAE5D,OAAO,EAAuB,KAAK,UAAU,EAAE,MAAM,UAAU,CAAA;AAM/D,wFAAwF;AACxF,wBAAgB,YAAY,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAEzF;AAED,qGAAqG;AACrG,wBAAgB,eAAe,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,aAAa,GAAG,MAAM,CAE/E;AAMD,MAAM,WAAW,YAAY;IAC3B,qFAAqF;IACrF,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAA;IACrB;;;OAGG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAA;IAC5B;;;OAGG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;IAC7B,gFAAgF;IAChF,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAC1B;AAED;;;;;;;;;GASG;AACH,wBAAsB,UAAU,CAC9B,GAAG,EAAE,UAAU,EACf,OAAO,EAAE,aAAa,EACtB,GAAG,EAAE,MAAM,EACX,IAAI,GAAE,YAAiB,GACtB,OAAO,CAAC,UAAU,CAAC,CA+BrB;AAiBD;;;;;;GAMG;AACH,wBAAsB,SAAS,CAC7B,GAAG,EAAE,UAAU,EACf,OAAO,EAAE,aAAa,EACtB,GAAG,EAAE,MAAM,EACX,IAAI,GAAE;IAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAO,GACvC,OAAO,CAAC,UAAU,CAAC,CAUrB;AAED;;;;GAIG;AACH,wBAAsB,QAAQ,CAC5B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,IAAI,GAAE;IAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAO,GACvC,OAAO,CAAC,UAAU,CAAC,CAGrB;AAMD;;;GAGG;AACH,wBAAsB,SAAS,CAC7B,GAAG,EAAE,UAAU,EACf,OAAO,EAAE,aAAa,EACtB,GAAG,EAAE,MAAM,EACX,IAAI,GAAE;IAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAO,GACvC,OAAO,CAAC,UAAU,CAAC,CAIrB;AAED;;;;;;;;GAQG;AACH,wBAAsB,eAAe,CACnC,GAAG,EAAE,UAAU,EACf,OAAO,EAAE,aAAa,EACtB,MAAM,EAAE,MAAM,EACd,IAAI,GAAE;IAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAO,GACvC,OAAO,CAAC,UAAU,CAAC,CAOrB;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAGtE"}

package/dist/lib/ops/image.js ADDED Viewed

@@ -0,0 +1,159 @@
+/**
+ * CiCore CLI — Docker image primitives
+ *
+ * Build / push / pull / retag operations for the three core service images
+ * (`nuxt`, `php`, `nginx`). Image names are derived from {@link HostConfig}:
+ *
+ *   push target  = `<registry>/<imagePrefix>-<service>:<tag>`
+ *                  e.g. `cisofttr/cicore-nuxt:baea044`
+ *
+ *   compose name = `<composeImageName>-<service>:latest`
+ *                  e.g. `baynis/vucore-nuxt:latest`
+ *
+ * For vucore (registry=baynis, imagePrefix=vucore, composeImageName=baynis/vucore)
+ * the two converge; the retag is just `TAG → latest`. For cicore (registry=
+ * cisofttr, imagePrefix=cicore, composeImageName=baynis/vucore) the retag
+ * also crosses namespaces so the unmodified docker-compose.yml on the server
+ * keeps working without source changes.
+ */
+import { log } from '../logger.js';
+import { runLocal, runRemote } from './ssh.js';
+// ─────────────────────────────────────────────────────────────────────────
+// Image name builders
+// ─────────────────────────────────────────────────────────────────────────
+/** Push-target reference for a service+tag combo: `<registry>/<prefix>-<svc>:<tag>`. */
+export function pushImageRef(cfg, service, tag) {
+    return `${cfg.registry}/${cfg.imagePrefix}-${service}:${tag}`;
+}
+/** Compose-target reference (what docker-compose.yml expects): `<composeImageName>-<svc>:latest`. */
+export function composeImageRef(cfg, service) {
+    return `${cfg.composeImageName}-${service}:latest`;
+}
+/**
+ * Build a service image with buildx for `linux/amd64` (Mac M-series cross-build).
+ *
+ * Two tags are applied in one build pass: `:<tag>` and `:latest`. Buildx
+ * `--load` materializes the image in the local Docker daemon so the next
+ * push step finds it. The amd64 platform pin is mandatory — without it,
+ * arm64 hosts produce images that crash via emulation on the amd64 server.
+ *
+ * Builder is created lazily on first call; subsequent calls reuse it.
+ */
+export async function buildImage(cfg, service, tag, opts = {}) {
+    const builder = opts.builderName ?? 'vu-cli-builder';
+    await ensureBuilder(builder, opts.silent === true);
+    const dockerfile = opts.dockerfile ?? `Dockerfile.${service}.production`;
+    const tagged = pushImageRef(cfg, service, tag);
+    const latest = pushImageRef(cfg, service, 'latest');
+    if (!opts.silent) {
+        log.info(`Building ${tagged} (+latest) from ${dockerfile} ...`);
+    }
+    return runLocal('docker', [
+        'buildx',
+        'build',
+        '--builder',
+        builder,
+        '--platform',
+        'linux/amd64',
+        '--load',
+        '-f',
+        dockerfile,
+        '-t',
+        tagged,
+        '-t',
+        latest,
+        '.',
+    ], { cwd: opts.cwd, stream: true });
+}
+async function ensureBuilder(name, silent) {
+    const inspect = await runLocal('docker', ['buildx', 'inspect', name], { silent: true });
+    if (inspect.success)
+        return;
+    if (!silent)
+        log.info(`Creating buildx builder '${name}' ...`);
+    await runLocal('docker', ['buildx', 'create', '--name', name, '--use', '--driver-opt', 'network=host'], { silent });
+}
+// ─────────────────────────────────────────────────────────────────────────
+// Push (local → Docker Hub)
+// ─────────────────────────────────────────────────────────────────────────
+/**
+ * Push a previously-built image to Docker Hub (or whichever registry the
+ * local docker daemon is logged into for `cfg.registry`).
+ *
+ * Pushes the specific `tag` and `:latest` in sequence — Docker dedupes shared
+ * layers, so the second push is mostly metadata.
+ */
+export async function pushImage(cfg, service, tag, opts = {}) {
+    const tagged = pushImageRef(cfg, service, tag);
+    const latest = pushImageRef(cfg, service, 'latest');
+    if (!opts.silent)
+        log.info(`Pushing ${tagged} ...`);
+    const taggedResult = await runLocal('docker', ['push', tagged], { stream: true });
+    if (!taggedResult.success)
+        return taggedResult;
+    if (!opts.silent)
+        log.info(`Pushing ${latest} ...`);
+    return runLocal('docker', ['push', latest], { stream: true });
+}
+/**
+ * Retag a locally-built image without rebuilding — useful when the same
+ * binary needs to ship under multiple names (e.g. `vu deploy core` reusing
+ * an already-pushed image for a hotfix tag).
+ */
+export async function tagImage(fromRef, toRef, opts = {}) {
+    if (!opts.silent)
+        log.info(`Tagging ${fromRef} → ${toRef}`);
+    return runLocal('docker', ['tag', fromRef, toRef], { silent: opts.silent });
+}
+// ─────────────────────────────────────────────────────────────────────────
+// Remote pull + retag (server side)
+// ─────────────────────────────────────────────────────────────────────────
+/**
+ * `docker pull` the push-target image on the remote host. Assumes the host
+ * is already `docker login`-ed for `cfg.registry` (setup flow handles this).
+ */
+export async function pullImage(cfg, service, tag, opts = {}) {
+    const ref = pushImageRef(cfg, service, tag);
+    if (!opts.silent)
+        log.info(`Pulling ${ref} on ${cfg.brandName} ...`);
+    return runRemote(cfg, `docker pull ${shellQuote(ref)}`, { silent: opts.silent });
+}
+/**
+ * Retag a pulled image to the name the compose file references.
+ *
+ * For cicore this crosses namespaces (`cisofttr/cicore-* → baynis/vucore-*`)
+ * so the unmodified docker-compose.yml keeps working. For vucore it's a
+ * within-namespace tag rename (`baynis/vucore-*:TAG → :latest`).
+ *
+ * Idempotent — retagging the same image multiple times has no effect.
+ */
+export async function retagForCompose(cfg, service, srcTag, opts = {}) {
+    const src = pushImageRef(cfg, service, srcTag);
+    const dst = composeImageRef(cfg, service);
+    if (!opts.silent)
+        log.info(`Retag ${src} → ${dst}`);
+    return runRemote(cfg, `docker tag ${shellQuote(src)} ${shellQuote(dst)}`, {
+        silent: opts.silent,
+    });
+}
+/**
+ * Check whether an image with the given reference exists in the local
+ * docker daemon. Returns `false` for "doesn't exist" or any daemon error.
+ */
+export async function imageExistsLocally(ref) {
+    const result = await runLocal('docker', ['image', 'inspect', ref], { silent: true });
+    return result.success;
+}
+// ─────────────────────────────────────────────────────────────────────────
+// Helpers
+// ─────────────────────────────────────────────────────────────────────────
+/**
+ * Single-quote-wrap a string for safe shell interpolation, escaping any
+ * embedded `'`. Used for image refs that may contain `/` (always) and `:`
+ * (always) — both shell-safe but quoting defends against future names with
+ * other characters.
+ */
+function shellQuote(s) {
+    return `'${s.replace(/'/g, `'\\''`)}'`;
+}
+//# sourceMappingURL=image.js.map

package/dist/lib/ops/image.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"image.js","sourceRoot":"","sources":["../../../src/lib/ops/image.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAGH,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAClC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAmB,MAAM,UAAU,CAAA;AAE/D,4EAA4E;AAC5E,sBAAsB;AACtB,4EAA4E;AAE5E,wFAAwF;AACxF,MAAM,UAAU,YAAY,CAAC,GAAe,EAAE,OAAsB,EAAE,GAAW;IAC/E,OAAO,GAAG,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,WAAW,IAAI,OAAO,IAAI,GAAG,EAAE,CAAA;AAC/D,CAAC;AAED,qGAAqG;AACrG,MAAM,UAAU,eAAe,CAAC,GAAe,EAAE,OAAsB;IACrE,OAAO,GAAG,GAAG,CAAC,gBAAgB,IAAI,OAAO,SAAS,CAAA;AACpD,CAAC;AAuBD;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,GAAe,EACf,OAAsB,EACtB,GAAW,EACX,OAAqB,EAAE;IAEvB,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,IAAI,gBAAgB,CAAA;IACpD,MAAM,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,CAAA;IAElD,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,cAAc,OAAO,aAAa,CAAA;IACxE,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,CAAA;IAC9C,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAA;IAEnD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,GAAG,CAAC,IAAI,CAAC,YAAY,MAAM,mBAAmB,UAAU,MAAM,CAAC,CAAA;IACjE,CAAC;IACD,OAAO,QAAQ,CACb,QAAQ,EACR;QACE,QAAQ;QACR,OAAO;QACP,WAAW;QACX,OAAO;QACP,YAAY;QACZ,aAAa;QACb,QAAQ;QACR,IAAI;QACJ,UAAU;QACV,IAAI;QACJ,MAAM;QACN,IAAI;QACJ,MAAM;QACN,GAAG;KACJ,EACD,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,CAChC,CAAA;AACH,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,IAAY,EAAE,MAAe;IACxD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAA;IACvF,IAAI,OAAO,CAAC,OAAO;QAAE,OAAM;IAC3B,IAAI,CAAC,MAAM;QAAE,GAAG,CAAC,IAAI,CAAC,4BAA4B,IAAI,OAAO,CAAC,CAAA;IAC9D,MAAM,QAAQ,CACZ,QAAQ,EACR,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,cAAc,EAAE,cAAc,CAAC,EAC7E,EAAE,MAAM,EAAE,CACX,CAAA;AACH,CAAC;AAED,4EAA4E;AAC5E,4BAA4B;AAC5B,4EAA4E;AAE5E;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,GAAe,EACf,OAAsB,EACtB,GAAW,EACX,OAAsC,EAAE;IAExC,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,CAAA;IAC9C,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAA;IAEnD,IAAI,CAAC,IAAI,CAAC,MAAM;QAAE,GAAG,CAAC,IAAI,CAAC,WAAW,MAAM,MAAM,CAAC,CAAA;IACnD,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAA;IACjF,IAAI,CAAC,YAAY,CAAC,OAAO;QAAE,OAAO,YAAY,CAAA;IAE9C,IAAI,CAAC,IAAI,CAAC,MAAM;QAAE,GAAG,CAAC,IAAI,CAAC,WAAW,MAAM,MAAM,CAAC,CAAA;IACnD,OAAO,QAAQ,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAA;AAC/D,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,OAAe,EACf,KAAa,EACb,OAAsC,EAAE;IAExC,IAAI,CAAC,IAAI,CAAC,MAAM;QAAE,GAAG,CAAC,IAAI,CAAC,WAAW,OAAO,MAAM,KAAK,EAAE,CAAC,CAAA;IAC3D,OAAO,QAAQ,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAA;AAC7E,CAAC;AAED,4EAA4E;AAC5E,oCAAoC;AACpC,4EAA4E;AAE5E;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,GAAe,EACf,OAAsB,EACtB,GAAW,EACX,OAAsC,EAAE;IAExC,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,CAAA;IAC3C,IAAI,CAAC,IAAI,CAAC,MAAM;QAAE,GAAG,CAAC,IAAI,CAAC,WAAW,GAAG,OAAO,GAAG,CAAC,SAAS,MAAM,CAAC,CAAA;IACpE,OAAO,SAAS,CAAC,GAAG,EAAE,eAAe,UAAU,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAA;AAClF,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,GAAe,EACf,OAAsB,EACtB,MAAc,EACd,OAAsC,EAAE;IAExC,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,CAAC,CAAA;IAC9C,MAAM,GAAG,GAAG,eAAe,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;IACzC,IAAI,CAAC,IAAI,CAAC,MAAM;QAAE,GAAG,CAAC,IAAI,CAAC,SAAS,GAAG,MAAM,GAAG,EAAE,CAAC,CAAA;IACnD,OAAO,SAAS,CAAC,GAAG,EAAE,cAAc,UAAU,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,EAAE,EAAE;QACxE,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CAAA;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,GAAW;IAClD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAA;IACpF,OAAO,MAAM,CAAC,OAAO,CAAA;AACvB,CAAC;AAED,4EAA4E;AAC5E,UAAU;AACV,4EAA4E;AAE5E;;;;;GAKG;AACH,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAA;AACxC,CAAC"}