@cicore/cli 1.0.0

package/dist/commands/addon/publish.js

@@ -0,0 +1,236 @@
+/**
+ * CiCore CLI — `ci addon publish` (M3.4 S4, option-b / K4 single authority)
+ *
+ * Publishes an addon to the central marketplace:
+ *   1. build (unless --skip-build)        — reuse `ci addon build`
+ *   2. package → zip                      — addonPackageBackend
+ *   3. sha256 + HMAC signature            — addon-sign (cross-lang parity)
+ *   4. upload artifact to R2              — cdnUploadZip (→ addons/<name>/<ver>/)
+ *   5. enqueue a SIGNED publish_addon job — enqueueJob (cp_provisioning_jobs)
+ *
+ * The CLI never writes cp_addons directly. The agent (`ci agent run`) claims the
+ * signed job (HMAC-verified) and runs publish-addon-job.php INSIDE the app
+ * container, so the control-plane registration goes through AddonRegistryService
+ * — the SINGLE writer (K-M3.4-1) — then rebuilds + uploads the CDN manifest.
+ *
+ * Live steps (R2 upload + enqueue) are Mustafa-gated; `--dry-run` (global
+ * CICORE_DRY_RUN) short-circuits the R2/DB writes (build + sha + sign still run).
+ */
+import { readFile } from 'node:fs/promises';
+import { mkdtemp, rm } from 'node:fs/promises';
+import { tmpdir } from 'node:os';
+import { join as pathJoin } from 'node:path';
+import { createWriteStream, existsSync, readdirSync, statSync } from 'node:fs';
+import { log } from '../../lib/logger.js';
+import { paths, isDryRun } from '../../lib/config.js';
+import { getHostConfig } from '../../lib/hosts.js';
+import { buildAddon } from './build.js';
+import { addonPackageBackend, addonPackageBackendTarGz, addonCleanupPackage } from '../../lib/ops/addon.js';
+import { cdnUploadZip } from '../../lib/ops/cdn.js';
+import { cfPurgePaths } from '../../lib/ops/cf.js';
+import { enqueueJob } from '../agent/index.js';
+import { sha256Hex, signPackage } from '../../lib/addon-sign.js';
+import { runSemgrepScan } from '../../lib/sast.js';
+import archiver from 'archiver';
+export async function publishAddon(name, options) {
+    const version = options.version ?? 'latest';
+    const addonPath = `${paths.dev.addons}/${name}`;
+    const cfg = getHostConfig(options.host ?? 'cicore');
+    log.title(`Publish Addon: ${name}@${version}`);
+    // 1. Build (unless skipped).
+    if (options.skipBuild !== true) {
+        await buildAddon(name, { core: options.core });
+    }
+    // 1.5 SAST pre-flight gate (P-1b): üçüncü-taraf addon kaynağı çekirdekte çalışır →
+    // publish ÖNCESİ Semgrep. ERROR-severity bulgu / semgrep YOK → fail-closed ABORT
+    // (upload/enqueue YAPILMAZ). Bilinçli atlama: --skip-scan (audit'li). NOT: bu CLI
+    // gate'i geliştirici katmanı; OTORİTER tarama (scan_status='passed' yazan) container-
+    // içi publish-addon-job'da (semgrep-in-image, mehmet/infra) → o gün gelene dek
+    // scan_status server-otoritesiyle 'pending' kalır (P-1).
+    if (options.skipScan === true) {
+        log.warn('SAST taraması ATLANDI (--skip-scan) — fail-closed bypass, audit edilir.');
+    }
+    else {
+        const scan = await runSemgrepScan(addonPath, { config: options.semgrepConfig });
+        if (!scan.available) {
+            log.error(`SAST gate: semgrep bulunamadı → publish ABORT (fail-closed). Kur: 'pip install semgrep' veya bilinçli atlamak için --skip-scan. (${scan.message})`);
+            process.exit(1);
+        }
+        if (scan.errorCount > 0) {
+            log.error(`SAST gate: ${scan.errorCount} ERROR-severity bulgu → publish ABORT (fail-closed):`);
+            for (const f of scan.findings.filter((f) => f.severity === 'ERROR').slice(0, 20)) {
+                log.error(`  ✗ ${f.checkId} @ ${f.path}${f.line ? ':' + f.line : ''}`);
+            }
+            process.exit(1);
+        }
+        log.success(`SAST gate GEÇTİ (semgrep; ${scan.findings.length} non-blocking finding, 0 ERROR).`);
+    }
+    // 2. Package → zip (legacy SSH deploy) + pkg.tar.gz (FAZ-2 cold-fetch R2).
+    const pack = await addonPackageBackend(name, addonPath);
+    const pkgTarGz = await addonPackageBackendTarGz(name, addonPath);
+    try {
+        // 3. Hash + sign. sha256 is from pkg.tar.gz — PHP install verifies this exact hash.
+        const secret = process.env.CDN_GRANT_SECRET ?? process.env.CICORE_JOB_SIGNING_SECRET ?? '';
+        if (!secret) {
+            log.warn('CDN_GRANT_SECRET/CICORE_JOB_SIGNING_SECRET unset — package signature boş (dev).');
+        }
+        const sha256 = pkgTarGz.sha256;
+        const signature = secret ? signPackage(sha256, secret) : '';
+        log.kv('sha256 (pkg.tar.gz)', sha256);
+        // r2_path = specific file path (not a directory prefix); PHP install fetches this.
+        const r2PathPkg = `addons/${name}/${version}/pkg.tar.gz`;
+        // 4a. Frontend bundle → R2 (addons/<name>/<version>/*)
+        // dist/ veya latest/ içeriğini ayrı bir ZIP olarak CF Worker'a gönder.
+        const frontendDir = existsSync(pathJoin(addonPath, 'latest'))
+            ? pathJoin(addonPath, 'latest')
+            : existsSync(pathJoin(addonPath, 'dist'))
+                ? pathJoin(addonPath, 'dist')
+                : null;
+        // F1 content-hash: frontend bundle ZIP sha256 (AUTHORITATIVE, cp_addon_versions.content_hash)
+        let contentHash;
+        if (frontendDir) {
+            const feZipDir = await mkdtemp(pathJoin(tmpdir(), `vu-addon-fe-${name}-`));
+            const feZipPath = pathJoin(feZipDir, `${name}-fe.zip`);
+            // F1 determinism: arc.directory() embeds FS mtime + non-deterministic readdir order
+            // → same input, different hash on each build. Fix: sorted recursive file list +
+            // date: new Date(0) (epoch) per entry → identical ZIP bytes for identical content.
+            await new Promise((resolve, reject) => {
+                const output = createWriteStream(feZipPath);
+                const arc = archiver('zip', { zlib: { level: 6 } });
+                output.on('close', resolve);
+                output.on('error', reject);
+                arc.on('error', reject);
+                arc.pipe(output);
+                const EPOCH = new Date(0);
+                function addSorted(dir, rel) {
+                    for (const entry of readdirSync(dir).sort()) {
+                        const abs = pathJoin(dir, entry);
+                        const relPath = rel ? `${rel}/${entry}` : entry;
+                        if (statSync(abs).isDirectory()) {
+                            addSorted(abs, relPath);
+                        }
+                        else {
+                            arc.file(abs, { name: relPath, date: EPOCH });
+                        }
+                    }
+                }
+                addSorted(frontendDir, '');
+                arc.finalize().catch(reject);
+            });
+            // F1: ZIP oluşturulduktan sonra hash hesapla — sorted+epoch → retry-safe deterministic
+            const feZipBytes = await readFile(feZipPath);
+            contentHash = sha256Hex(feZipBytes);
+            log.kv('content_hash (frontend bundle)', contentHash);
+            // F1 dual-write: version path + latest path (Worker) + hash path (immutable, Worker)
+            const feUp = await cdnUploadZip(cfg, feZipPath, { addon: name, version, contentHash });
+            await rm(feZipDir, { recursive: true, force: true }).catch(() => { });
+            if (!feUp.success && !isDryRun()) {
+                log.error(`Frontend CDN upload failed: ${feUp.errorMessage}`);
+                process.exit(1);
+            }
+            log.success(`Frontend bundle → R2 addons/${name}/${version}/ + addons/${name}/${contentHash}/ (immutable)`);
+        }
+        else {
+            log.warn(`Frontend dist/ / latest/ bulunamadı — sadece backend upload yapılıyor.`);
+        }
+        // 4b. Backend pkg.tar.gz → R2 via CDN Worker.
+        // Wrap pkg.tar.gz in a ZIP so the Worker stores it at
+        // addons/<name>/<version>/pkg.tar.gz (single R2 object, not unpacked).
+        const wrapDir = await mkdtemp(pathJoin(tmpdir(), `vu-addon-wrap-${name}-`));
+        const wrapZipPath = pathJoin(wrapDir, 'pkg-wrap.zip');
+        await new Promise((resolve, reject) => {
+            const output = createWriteStream(wrapZipPath);
+            const arc = archiver('zip', { zlib: { level: 0 } }); // no re-compression
+            output.on('close', resolve);
+            output.on('error', reject);
+            arc.on('error', reject);
+            arc.pipe(output);
+            arc.file(pkgTarGz.tarGzPath, { name: 'pkg.tar.gz' });
+            arc.finalize().catch(reject);
+        });
+        const pkgUp = await cdnUploadZip(cfg, wrapZipPath, { addon: name, version });
+        await rm(wrapDir, { recursive: true, force: true }).catch(() => { });
+        if (!pkgUp.success && !isDryRun()) {
+            log.error(`Backend pkg.tar.gz CDN upload failed: ${pkgUp.errorMessage}`);
+            process.exit(1);
+        }
+        log.success(`Backend pkg.tar.gz → R2 ${r2PathPkg}`);
+        // 5. Enqueue the signed publish_addon job (agent registers via single authority).
+        if (options.skipEnqueue === true) {
+            log.warn('publish_addon enqueue ATLANDI (--skip-enqueue). DB kaydı için `ci agent run` gerekli.');
+        }
+        else {
+            const payload = {
+                addon: {
+                    slug: name,
+                    title: options.title ?? name,
+                    plan_code: options.plan ?? null,
+                    is_public: options.public === true,
+                },
+                version: {
+                    version,
+                    r2_path: r2PathPkg, // specific pkg.tar.gz file (PHP install uses this)
+                    sha256, // sha256 of pkg.tar.gz (backend integrity)
+                    signature,
+                    size_bytes: pkgTarGz.sizeBytes,
+                    content_hash: contentHash, // F1: sha256(frontend bundle ZIP) — immutable R2 path key
+                },
+                // F2 saga: agent publish-addon-job.php bu steps'i kullanarak her adımı kayıt eder;
+                // failure → compensation (R2 hash-path sil, cp_addon_versions sil, am_addons pointer geri al)
+                saga_steps: [
+                    { step: 'r2_upload', status: 'completed', hash_path: contentHash ? `addons/${name}/${contentHash}/` : null },
+                    { step: 'cp_versions_register', status: 'pending' },
+                    { step: 'am_projection', status: 'pending' },
+                    { step: 'pointer_flip', status: 'pending' },
+                    { step: 'cf_purge', status: 'pending' },
+                ],
+            };
+            const queued = await enqueueJob(cfg, 'publish_addon', 'addon', payload, options.requestedBy ?? 'cli');
+            if (!queued && !isDryRun()) {
+                log.error('publish_addon enqueue failed');
+                process.exit(1);
+            }
+        }
+        // 6. CF edge-cache purge — upload tek başına yetmez; CF eski 404/200'ü TTL
+        //    boyunca tutabilir. Upload'daki tüm dosyaları URL-bazlı purge et.
+        if (frontendDir) {
+            const purgeUrls = [];
+            const cdnBase = cfg.cdnBaseUrl; // full CDN URL for CF purge API (cdn.cicore.com.tr)
+            // frontend dosyalarını rekürsif listele
+            function collectFiles(dir, rel) {
+                for (const entry of readdirSync(dir)) {
+                    const full = pathJoin(dir, entry);
+                    const relPath = rel ? `${rel}/${entry}` : entry;
+                    if (statSync(full).isDirectory()) {
+                        collectFiles(full, relPath);
+                    }
+                    else {
+                        purgeUrls.push(`${cdnBase}/addons/${name}/${version}/${relPath}`);
+                        if (version !== 'latest') {
+                            purgeUrls.push(`${cdnBase}/addons/${name}/latest/${relPath}`);
+                        }
+                    }
+                }
+            }
+            collectFiles(frontendDir, '');
+            if (purgeUrls.length > 0) {
+                const purge = await cfPurgePaths(cfg, purgeUrls);
+                if (purge.success) {
+                    log.success(`CF edge-cache purge: ${purgeUrls.length} URL temizlendi.`);
+                }
+                else {
+                    log.warn(`CF cache purge başarısız (non-blocking): ${purge.errorMessage}`);
+                }
+            }
+        }
+        log.success(`${name}@${version} → R2 + CF purge + publish_addon job queued${isDryRun() ? ' (dry-run)' : ''}`);
+        log.info('`ci agent run` registers it in control-plane (AddonRegistryService) + rebuilds the CDN manifest.');
+    }
+    finally {
+        await addonCleanupPackage(pack.zipPath);
+        // Clean pkg.tar.gz temp dir (separate mkdtemp root from addonPackageBackendTarGz)
+        const pkgParent = pathJoin(pkgTarGz.tarGzPath, '..');
+        await rm(pkgParent, { recursive: true, force: true }).catch(() => { });
+    }
+}
+//# sourceMappingURL=publish.js.map

package/dist/commands/addon/publish.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"publish.js","sourceRoot":"","sources":["../../../src/commands/addon/publish.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,QAAQ,EAAa,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,IAAI,IAAI,QAAQ,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC/E,OAAO,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAC;AAC1C,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC5G,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,QAAQ,MAAM,UAAU,CAAC;AAgBhC,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAY,EAAE,OAAuB;IACtE,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,QAAQ,CAAC;IAC5C,MAAM,SAAS,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC;IAChD,MAAM,GAAG,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,IAAI,QAAQ,CAAC,CAAC;IAEpD,GAAG,CAAC,KAAK,CAAC,kBAAkB,IAAI,IAAI,OAAO,EAAE,CAAC,CAAC;IAE/C,6BAA6B;IAC7B,IAAI,OAAO,CAAC,SAAS,KAAK,IAAI,EAAE,CAAC;QAC/B,MAAM,UAAU,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,mFAAmF;IACnF,iFAAiF;IACjF,kFAAkF;IAClF,sFAAsF;IACtF,+EAA+E;IAC/E,yDAAyD;IACzD,IAAI,OAAO,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;QAC9B,GAAG,CAAC,IAAI,CAAC,yEAAyE,CAAC,CAAC;IACtF,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;QAChF,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,GAAG,CAAC,KAAK,CAAC,oIAAoI,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC;YAC/J,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;YACxB,GAAG,CAAC,KAAK,CAAC,cAAc,IAAI,CAAC,UAAU,sDAAsD,CAAC,CAAC;YAC/F,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;gBACjF,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,OAAO,MAAM,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACzE,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,GAAG,CAAC,OAAO,CAAC,6BAA6B,IAAI,CAAC,QAAQ,CAAC,MAAM,kCAAkC,CAAC,CAAC;IACnG,CAAC;IAED,2EAA2E;IAC3E,MAAM,IAAI,GAAG,MAAM,mBAAmB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACxD,MAAM,QAAQ,GAAG,MAAM,wBAAwB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACjE,IAAI,CAAC;QACH,oFAAoF;QACpF,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC,yBAAyB,IAAI,EAAE,CAAC;QAC3F,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,GAAG,CAAC,IAAI,CAAC,iFAAiF,CAAC,CAAC;QAC9F,CAAC;QACD,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;QAC/B,MAAM,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5D,GAAG,CAAC,EAAE,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;QAEtC,mFAAmF;QACnF,MAAM,SAAS,GAAG,UAAU,IAAI,IAAI,OAAO,aAAa,CAAC;QAEzD,uDAAuD;QACvD,uEAAuE;QACvE,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC3D,CAAC,CAAC,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC;YAC/B,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;gBACvC,CAAC,CAAC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;gBAC7B,CAAC,CAAC,IAAI,CAAC;QAEX,8FAA8F;QAC9F,IAAI,WAA+B,CAAC;QAEpC,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,eAAe,IAAI,GAAG,CAAC,CAAC,CAAC;YAC3E,MAAM,SAAS,GAAG,QAAQ,CAAC,QAAQ,EAAE,GAAG,IAAI,SAAS,CAAC,CAAC;YACvD,oFAAoF;YACpF,gFAAgF;YAChF,mFAAmF;YACnF,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBAC1C,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;gBAC5C,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;gBACpD,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBAC5B,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBAC3B,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBACxB,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACjB,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC;gBAC1B,SAAS,SAAS,CAAC,GAAW,EAAE,GAAW;oBACzC,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;wBAC5C,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;wBACjC,MAAM,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;wBAChD,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;4BAChC,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;wBAC1B,CAAC;6BAAM,CAAC;4BACN,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;wBAChD,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;gBAC3B,GAAG,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC;YAEH,uFAAuF;YACvF,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,SAAS,CAAC,CAAC;YAC7C,WAAW,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;YACpC,GAAG,CAAC,EAAE,CAAC,gCAAgC,EAAE,WAAW,CAAC,CAAC;YAEtD,qFAAqF;YACrF,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,GAAG,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC;YACvF,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACrE,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;gBACjC,GAAG,CAAC,KAAK,CAAC,+BAA+B,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;gBAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,GAAG,CAAC,OAAO,CAAC,+BAA+B,IAAI,IAAI,OAAO,cAAc,IAAI,IAAI,WAAW,eAAe,CAAC,CAAC;QAC9G,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAC;QACrF,CAAC;QAED,8CAA8C;QAC9C,sDAAsD;QACtD,uEAAuE;QACvE,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,iBAAiB,IAAI,GAAG,CAAC,CAAC,CAAC;QAC5E,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QACtD,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,MAAM,MAAM,GAAG,iBAAiB,CAAC,WAAW,CAAC,CAAC;YAC9C,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,oBAAoB;YACzE,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC5B,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC3B,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACxB,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACjB,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;YACrD,GAAG,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,GAAG,EAAE,WAAW,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAC7E,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YAClC,GAAG,CAAC,KAAK,CAAC,yCAAyC,KAAK,CAAC,YAAY,EAAE,CAAC,CAAC;YACzE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,GAAG,CAAC,OAAO,CAAC,2BAA2B,SAAS,EAAE,CAAC,CAAC;QAEpD,kFAAkF;QAClF,IAAI,OAAO,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;YACjC,GAAG,CAAC,IAAI,CAAC,uFAAuF,CAAC,CAAC;QACpG,CAAC;aAAM,CAAC;YACN,MAAM,OAAO,GAAG;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,IAAI;oBACV,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;oBAC5B,SAAS,EAAE,OAAO,CAAC,IAAI,IAAI,IAAI;oBAC/B,SAAS,EAAE,OAAO,CAAC,MAAM,KAAK,IAAI;iBACnC;gBACD,OAAO,EAAE;oBACP,OAAO;oBACP,OAAO,EAAE,SAAS,EAAU,mDAAmD;oBAC/E,MAAM,EAAuB,2CAA2C;oBACxE,SAAS;oBACT,UAAU,EAAE,QAAQ,CAAC,SAAS;oBAC9B,YAAY,EAAE,WAAW,EAAI,0DAA0D;iBACxF;gBACD,mFAAmF;gBACnF,8FAA8F;gBAC9F,UAAU,EAAE;oBACV,EAAE,IAAI,EAAE,WAAW,EAAY,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC,CAAC,UAAU,IAAI,IAAI,WAAW,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE;oBACtH,EAAE,IAAI,EAAE,sBAAsB,EAAE,MAAM,EAAE,SAAS,EAAE;oBACnD,EAAE,IAAI,EAAE,eAAe,EAAS,MAAM,EAAE,SAAS,EAAE;oBACnD,EAAE,IAAI,EAAE,cAAc,EAAU,MAAM,EAAE,SAAS,EAAE;oBACnD,EAAE,IAAI,EAAE,UAAU,EAAc,MAAM,EAAE,SAAS,EAAE;iBACpD;aACF,CAAC;YACF,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE,eAAe,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,WAAW,IAAI,KAAK,CAAC,CAAC;YACtG,IAAI,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;gBAC3B,GAAG,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;gBAC1C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAED,2EAA2E;QAC3E,sEAAsE;QACtE,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,SAAS,GAAa,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,oDAAoD;YACpF,wCAAwC;YACxC,SAAS,YAAY,CAAC,GAAW,EAAE,GAAW;gBAC5C,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;oBACrC,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;oBAClC,MAAM,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;oBAChD,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;wBACjC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;oBAC9B,CAAC;yBAAM,CAAC;wBACN,SAAS,CAAC,IAAI,CAAC,GAAG,OAAO,WAAW,IAAI,IAAI,OAAO,IAAI,OAAO,EAAE,CAAC,CAAC;wBAClE,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;4BACzB,SAAS,CAAC,IAAI,CAAC,GAAG,OAAO,WAAW,IAAI,WAAW,OAAO,EAAE,CAAC,CAAC;wBAChE,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YACD,YAAY,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YAE9B,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzB,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;gBACjD,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;oBAClB,GAAG,CAAC,OAAO,CAAC,wBAAwB,SAAS,CAAC,MAAM,kBAAkB,CAAC,CAAC;gBAC1E,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,IAAI,CAAC,4CAA4C,KAAK,CAAC,YAAY,EAAE,CAAC,CAAC;gBAC7E,CAAC;YACH,CAAC;QACH,CAAC;QAED,GAAG,CAAC,OAAO,CAAC,GAAG,IAAI,IAAI,OAAO,8CAA8C,QAAQ,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9G,GAAG,CAAC,IAAI,CAAC,kGAAkG,CAAC,CAAC;IAC/G,CAAC;YAAS,CAAC;QACT,MAAM,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxC,kFAAkF;QAClF,MAAM,SAAS,GAAG,QAAQ,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QACrD,MAAM,EAAE,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IACxE,CAAC;AACH,CAAC"}

package/dist/commands/addon/scaffold-quality.d.ts

@@ -0,0 +1,21 @@
+/**
+ * `ci addon scaffold-quality [path]`
+ *
+ * Applies the Faz 5 quality template to an existing addon directory
+ * (eslint config, prettier, tsconfig, editorconfig, gitlab-ci, env.d.ts).
+ * Same templates `ci addon create` ships with new addons — this command
+ * is the backport path for addons that pre-date Faz 5.
+ *
+ * Default cwd. `--all` walks every addon under the dev-shell's
+ * cores/dev/addons/ directory in sequence — used during the bulk
+ * backport (Faz 5B). `--overwrite` replaces existing config files;
+ * default is to keep what the addon already has and only add missing
+ * files.
+ */
+export interface ScaffoldQualityOptions {
+    readonly path?: string;
+    readonly all?: boolean;
+    readonly overwrite?: boolean;
+}
+export declare function scaffoldQuality(options: ScaffoldQualityOptions): Promise<void>;
+//# sourceMappingURL=scaffold-quality.d.ts.map

package/dist/commands/addon/scaffold-quality.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scaffold-quality.d.ts","sourceRoot":"","sources":["../../../src/commands/addon/scaffold-quality.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAQH,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,GAAG,CAAC,EAAE,OAAO,CAAA;IACtB,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,CAAA;CAC7B;AAID,wBAAsB,eAAe,CAAC,OAAO,EAAE,sBAAsB,GAAG,OAAO,CAAC,IAAI,CAAC,CAqBpF"}

package/dist/commands/addon/scaffold-quality.js

@@ -0,0 +1,90 @@
+/**
+ * `ci addon scaffold-quality [path]`
+ *
+ * Applies the Faz 5 quality template to an existing addon directory
+ * (eslint config, prettier, tsconfig, editorconfig, gitlab-ci, env.d.ts).
+ * Same templates `ci addon create` ships with new addons — this command
+ * is the backport path for addons that pre-date Faz 5.
+ *
+ * Default cwd. `--all` walks every addon under the dev-shell's
+ * cores/dev/addons/ directory in sequence — used during the bulk
+ * backport (Faz 5B). `--overwrite` replaces existing config files;
+ * default is to keep what the addon already has and only add missing
+ * files.
+ */
+import path from 'node:path';
+import fs from 'fs-extra';
+import { log } from '../../lib/logger.js';
+import { findShellRoot } from '../../lib/ops/addon-dev.js';
+import { applyQualityTemplate } from '../../lib/ops/addon-quality.js';
+const ADDON_NAME_RE = /^[A-Za-z0-9_-]+$/;
+export async function scaffoldQuality(options) {
+    if (options.all) {
+        await applyToAllAddons(options);
+        return;
+    }
+    const addonDir = path.resolve(options.path ?? process.cwd());
+    const manifestPath = path.join(addonDir, 'addon.json');
+    if (!(await fs.pathExists(manifestPath))) {
+        log.error(`addon.json not found at ${manifestPath}`);
+        log.info('Run from an addon directory, or pass --path <addon-dir> or --all (from dev-shell).');
+        return;
+    }
+    const addonName = path.basename(addonDir);
+    if (!ADDON_NAME_RE.test(addonName)) {
+        log.error(`Invalid addon name "${addonName}" (derived from dir) — only [A-Za-z0-9_-].`);
+        return;
+    }
+    await applyOne(addonDir, addonName, options.overwrite === true);
+}
+async function applyToAllAddons(options) {
+    const shellRoot = findShellRoot(process.cwd());
+    if (!shellRoot) {
+        log.error('--all requires running from inside dev-shell. Walk up to a dir containing nginx/snippets/ + cores/dev/addons/.');
+        return;
+    }
+    const addonsRoot = path.join(shellRoot, 'cores', 'dev', 'addons');
+    const entries = await fs.readdir(addonsRoot, { withFileTypes: true });
+    const addonNames = entries
+        .filter((e) => e.isDirectory() && ADDON_NAME_RE.test(e.name))
+        .map((e) => e.name);
+    if (addonNames.length === 0) {
+        log.info(`No addons found under ${addonsRoot}.`);
+        return;
+    }
+    log.title(`Faz 5B — quality template backport to ${addonNames.length} addon${addonNames.length === 1 ? '' : 's'}`);
+    log.blank();
+    for (const name of addonNames) {
+        const addonDir = path.join(addonsRoot, name);
+        // Skip dirs that aren't actual addons (missing addon.json) so a
+        // half-cloned dir or stray test fixture doesn't get a config dump.
+        if (!(await fs.pathExists(path.join(addonDir, 'addon.json')))) {
+            log.warn(`${name}: addon.json missing, skipped`);
+            continue;
+        }
+        await applyOne(addonDir, name, options.overwrite === true);
+        log.blank();
+    }
+    log.success(`Backport complete (${addonNames.length} addon${addonNames.length === 1 ? '' : 's'}).`);
+    log.info('Next: in each addon repo, run lint + commit:');
+    log.item('cd cores/dev/addons/<Name>');
+    log.item('../../../../node_modules/.bin/eslint . --fix      # autofixable warnings');
+    log.item('../../../../node_modules/.bin/vue-tsc --noEmit    # type errors');
+    log.item('git add -A && git commit -m "chore: Faz 5 quality template"');
+}
+async function applyOne(addonDir, addonName, overwrite) {
+    log.kv('Addon', addonName);
+    log.kv('Path', addonDir);
+    const result = await applyQualityTemplate(addonDir, addonName, { overwrite });
+    if (result.written.length > 0) {
+        log.success(`Wrote ${result.written.length} config file${result.written.length === 1 ? '' : 's'}:`);
+        for (const rel of result.written)
+            log.item(rel);
+    }
+    if (result.skipped.length > 0) {
+        log.info(`Skipped ${result.skipped.length} existing file${result.skipped.length === 1 ? '' : 's'} (use --overwrite to replace):`);
+        for (const rel of result.skipped)
+            log.item(rel);
+    }
+}
+//# sourceMappingURL=scaffold-quality.js.map

package/dist/commands/addon/scaffold-quality.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scaffold-quality.js","sourceRoot":"","sources":["../../../src/commands/addon/scaffold-quality.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,IAAI,MAAM,WAAW,CAAA;AAC5B,OAAO,EAAE,MAAM,UAAU,CAAA;AACzB,OAAO,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAA;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAA;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAA;AAQrE,MAAM,aAAa,GAAG,kBAAkB,CAAA;AAExC,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAA+B;IACnE,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAA;QAC/B,OAAM;IACR,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;IAC5D,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAA;IACtD,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC;QACzC,GAAG,CAAC,KAAK,CAAC,2BAA2B,YAAY,EAAE,CAAC,CAAA;QACpD,GAAG,CAAC,IAAI,CAAC,oFAAoF,CAAC,CAAA;QAC9F,OAAM;IACR,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACzC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QACnC,GAAG,CAAC,KAAK,CAAC,uBAAuB,SAAS,4CAA4C,CAAC,CAAA;QACvF,OAAM;IACR,CAAC;IAED,MAAM,QAAQ,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,KAAK,IAAI,CAAC,CAAA;AACjE,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,OAA+B;IAC7D,MAAM,SAAS,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;IAC9C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,GAAG,CAAC,KAAK,CAAC,gHAAgH,CAAC,CAAA;QAC3H,OAAM;IACR,CAAC;IACD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAA;IACjE,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAA;IACrE,MAAM,UAAU,GAAG,OAAO;SACvB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;SAC5D,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;IAErB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,GAAG,CAAC,IAAI,CAAC,yBAAyB,UAAU,GAAG,CAAC,CAAA;QAChD,OAAM;IACR,CAAC;IAED,GAAG,CAAC,KAAK,CAAC,yCAAyC,UAAU,CAAC,MAAM,SAAS,UAAU,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAA;IAClH,GAAG,CAAC,KAAK,EAAE,CAAA;IAEX,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAA;QAC5C,gEAAgE;QAChE,mEAAmE;QACnE,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9D,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,+BAA+B,CAAC,CAAA;YAChD,SAAQ;QACV,CAAC;QACD,MAAM,QAAQ,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,SAAS,KAAK,IAAI,CAAC,CAAA;QAC1D,GAAG,CAAC,KAAK,EAAE,CAAA;IACb,CAAC;IAED,GAAG,CAAC,OAAO,CAAC,sBAAsB,UAAU,CAAC,MAAM,SAAS,UAAU,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAA;IACnG,GAAG,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAA;IACxD,GAAG,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAA;IACtC,GAAG,CAAC,IAAI,CAAC,0EAA0E,CAAC,CAAA;IACpF,GAAG,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAA;IAC3E,GAAG,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAA;AACzE,CAAC;AAED,KAAK,UAAU,QAAQ,CAAC,QAAgB,EAAE,SAAiB,EAAE,SAAkB;IAC7E,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,SAAS,CAAC,CAAA;IAC1B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IACxB,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,QAAQ,EAAE,SAAS,EAAE,EAAE,SAAS,EAAE,CAAC,CAAA;IAC7E,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,GAAG,CAAC,OAAO,CAAC,SAAS,MAAM,CAAC,OAAO,CAAC,MAAM,eAAe,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAA;QACnG,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,OAAO;YAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACjD,CAAC;IACD,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,GAAG,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,OAAO,CAAC,MAAM,iBAAiB,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,gCAAgC,CAAC,CAAA;QACjI,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,OAAO;YAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACjD,CAAC;AACH,CAAC"}

package/dist/commands/addon/sign.d.ts

@@ -0,0 +1,9 @@
+/**
+ * vu addon:sign <name>
+ */
+interface SignOptions {
+    key?: string;
+}
+export declare function signAddon(name: string, options: SignOptions): Promise<void>;
+export {};
+//# sourceMappingURL=sign.d.ts.map

package/dist/commands/addon/sign.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sign.d.ts","sourceRoot":"","sources":["../../../src/commands/addon/sign.ts"],"names":[],"mappings":"AAAA;;GAEG;AAQH,UAAU,WAAW;IACnB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,wBAAsB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CA0EjF"}

package/dist/commands/addon/sign.js

@@ -0,0 +1,83 @@
+/**
+ * vu addon:sign <name>
+ */
+import { log, spinner } from '../../lib/logger.js';
+import { paths } from '../../lib/config.js';
+import fs from 'fs-extra';
+import path from 'path';
+import crypto from 'crypto';
+export async function signAddon(name, options) {
+    log.title(`Sign Addon: ${name}`);
+    const addonPath = path.join(paths.dev.addons, name);
+    // Check addon exists
+    if (!await fs.pathExists(addonPath)) {
+        log.error(`Addon "${name}" not found`);
+        return;
+    }
+    const signSpinner = spinner('Generating signature...').start();
+    try {
+        // Collect files to hash
+        const filesToHash = [];
+        // addon.json
+        const addonJsonPath = path.join(addonPath, 'addon.json');
+        if (await fs.pathExists(addonJsonPath)) {
+            filesToHash.push(addonJsonPath);
+        }
+        // Backend files
+        const backendPath = path.join(addonPath, 'Backend');
+        if (await fs.pathExists(backendPath)) {
+            const backendFiles = await getFilesRecursive(backendPath);
+            filesToHash.push(...backendFiles);
+        }
+        // Pages
+        const pagesPath = path.join(addonPath, 'pages');
+        if (await fs.pathExists(pagesPath)) {
+            const pageFiles = await getFilesRecursive(pagesPath);
+            filesToHash.push(...pageFiles);
+        }
+        // Locales
+        const localesPath = path.join(addonPath, 'locales');
+        if (await fs.pathExists(localesPath)) {
+            const localeFiles = await getFilesRecursive(localesPath);
+            filesToHash.push(...localeFiles);
+        }
+        // Generate hash
+        const hash = crypto.createHash('sha256');
+        for (const file of filesToHash.sort()) {
+            const content = await fs.readFile(file);
+            const relativePath = path.relative(addonPath, file);
+            hash.update(relativePath);
+            hash.update(content);
+        }
+        const signature = hash.digest('hex');
+        // Write signature file
+        const signaturePath = path.join(addonPath, '.signature');
+        await fs.writeFile(signaturePath, signature);
+        signSpinner.succeed('Signature generated');
+        log.blank();
+        log.kv('Files hashed', filesToHash.length.toString());
+        log.kv('Signature', signature.slice(0, 16) + '...');
+        log.kv('Saved to', signaturePath);
+        log.blank();
+        log.success('Addon signed successfully');
+    }
+    catch (error) {
+        signSpinner.fail('Failed to sign addon');
+        log.error(error.message);
+    }
+}
+async function getFilesRecursive(dir) {
+    const files = [];
+    const entries = await fs.readdir(dir, { withFileTypes: true });
+    for (const entry of entries) {
+        const fullPath = path.join(dir, entry.name);
+        if (entry.isDirectory()) {
+            files.push(...await getFilesRecursive(fullPath));
+        }
+        else {
+            files.push(fullPath);
+        }
+    }
+    return files;
+}
+//# sourceMappingURL=sign.js.map

package/dist/commands/addon/sign.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sign.js","sourceRoot":"","sources":["../../../src/commands/addon/sign.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAC5C,OAAO,EAAE,MAAM,UAAU,CAAC;AAC1B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,MAAM,MAAM,QAAQ,CAAC;AAM5B,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,IAAY,EAAE,OAAoB;IAChE,GAAG,CAAC,KAAK,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC;IAEjC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAEpD,qBAAqB;IACrB,IAAI,CAAC,MAAM,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACpC,GAAG,CAAC,KAAK,CAAC,UAAU,IAAI,aAAa,CAAC,CAAC;QACvC,OAAO;IACT,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAAC,KAAK,EAAE,CAAC;IAE/D,IAAI,CAAC;QACH,wBAAwB;QACxB,MAAM,WAAW,GAAa,EAAE,CAAC;QAEjC,aAAa;QACb,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QACzD,IAAI,MAAM,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YACvC,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAClC,CAAC;QAED,gBAAgB;QAChB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACpD,IAAI,MAAM,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACrC,MAAM,YAAY,GAAG,MAAM,iBAAiB,CAAC,WAAW,CAAC,CAAC;YAC1D,WAAW,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;QACpC,CAAC;QAED,QAAQ;QACR,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAChD,IAAI,MAAM,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACnC,MAAM,SAAS,GAAG,MAAM,iBAAiB,CAAC,SAAS,CAAC,CAAC;YACrD,WAAW,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,CAAC;QACjC,CAAC;QAED,UAAU;QACV,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACpD,IAAI,MAAM,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACrC,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,WAAW,CAAC,CAAC;YACzD,WAAW,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;QACnC,CAAC;QAED,gBAAgB;QAChB,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAEzC,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC;YACtC,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACxC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YACpD,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YAC1B,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAErC,uBAAuB;QACvB,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,EAAE,CAAC,SAAS,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;QAE7C,WAAW,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;QAE3C,GAAG,CAAC,KAAK,EAAE,CAAC;QACZ,GAAG,CAAC,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QACtD,GAAG,CAAC,EAAE,CAAC,WAAW,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC;QACpD,GAAG,CAAC,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;QAElC,GAAG,CAAC,KAAK,EAAE,CAAC;QACZ,GAAG,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC;IAE3C,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,WAAW,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACzC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,GAAW;IAC1C,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAE/D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnD,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/commands/addon/toggle.d.ts

@@ -0,0 +1,6 @@
+/**
+ * vu addon:enable / vu addon:disable
+ */
+export declare function enableAddon(name: string, core: string): Promise<void>;
+export declare function disableAddon(name: string, core: string): Promise<void>;
+//# sourceMappingURL=toggle.d.ts.map

package/dist/commands/addon/toggle.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"toggle.d.ts","sourceRoot":"","sources":["../../../src/commands/addon/toggle.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,wBAAsB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAG3E;AAED,wBAAsB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAG5E"}

package/dist/commands/addon/toggle.js

@@ -0,0 +1,46 @@
+/**
+ * vu addon:enable / vu addon:disable
+ */
+import { log, spinner } from '../../lib/logger.js';
+import { ssh } from '../../lib/shell.js';
+export async function enableAddon(name, core) {
+    log.title(`Enable Addon: ${name} in ${core}`);
+    await toggleAddon(name, core, true);
+}
+export async function disableAddon(name, core) {
+    log.title(`Disable Addon: ${name} in ${core}`);
+    await toggleAddon(name, core, false);
+}
+async function toggleAddon(name, core, enable) {
+    const addonPath = `/home/cores/${core}/addons/${name}`;
+    const addonJson = `${addonPath}/addon.json`;
+    // Check addon exists
+    const checkResult = await ssh(`test -f ${addonJson} && echo "exists"`, { silent: true });
+    if (!checkResult.stdout.includes('exists')) {
+        log.error(`Addon "${name}" not found in ${core}`);
+        return;
+    }
+    const toggleSpinner = spinner(`${enable ? 'Enabling' : 'Disabling'} addon...`).start();
+    // Update addon.json
+    const sedCmd = enable
+        ? `sed -i 's/"enabled"[[:space:]]*:[[:space:]]*false/"enabled": true/g' ${addonJson}`
+        : `sed -i 's/"enabled"[[:space:]]*:[[:space:]]*true/"enabled": false/g' ${addonJson}`;
+    const result = await ssh(sedCmd, { silent: true });
+    if (!result.success) {
+        toggleSpinner.fail('Failed to update addon.json');
+        log.error(result.stderr);
+        return;
+    }
+    toggleSpinner.succeed(`Addon ${enable ? 'enabled' : 'disabled'}`);
+    // Clear cache
+    const cacheSpinner = spinner('Clearing cache...').start();
+    await ssh(`rm -rf /home/cores/${core}/storage/cache/addon_*`, { silent: true });
+    cacheSpinner.succeed('Cache cleared');
+    // Restart PHP
+    const restartSpinner = spinner('Restarting PHP...').start();
+    await ssh('docker restart cicore_php', { silent: true });
+    restartSpinner.succeed('PHP restarted');
+    log.blank();
+    log.success(`Addon "${name}" is now ${enable ? 'enabled' : 'disabled'}`);
+}
+//# sourceMappingURL=toggle.js.map

package/dist/commands/addon/toggle.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"toggle.js","sourceRoot":"","sources":["../../../src/commands/addon/toggle.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAC;AAEzC,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,IAAY,EAAE,IAAY;IAC1D,GAAG,CAAC,KAAK,CAAC,iBAAiB,IAAI,OAAO,IAAI,EAAE,CAAC,CAAC;IAC9C,MAAM,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;AACtC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAY,EAAE,IAAY;IAC3D,GAAG,CAAC,KAAK,CAAC,kBAAkB,IAAI,OAAO,IAAI,EAAE,CAAC,CAAC;IAC/C,MAAM,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,IAAY,EAAE,IAAY,EAAE,MAAe;IACpE,MAAM,SAAS,GAAG,eAAe,IAAI,WAAW,IAAI,EAAE,CAAC;IACvD,MAAM,SAAS,GAAG,GAAG,SAAS,aAAa,CAAC;IAE5C,qBAAqB;IACrB,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,WAAW,SAAS,mBAAmB,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAEzF,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3C,GAAG,CAAC,KAAK,CAAC,UAAU,IAAI,kBAAkB,IAAI,EAAE,CAAC,CAAC;QAClD,OAAO;IACT,CAAC;IAED,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,WAAW,CAAC,CAAC,KAAK,EAAE,CAAC;IAEvF,oBAAoB;IACpB,MAAM,MAAM,GAAG,MAAM;QACnB,CAAC,CAAC,wEAAwE,SAAS,EAAE;QACrF,CAAC,CAAC,wEAAwE,SAAS,EAAE,CAAC;IAExF,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAEnD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,aAAa,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAClD,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACzB,OAAO;IACT,CAAC;IAED,aAAa,CAAC,OAAO,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC;IAElE,cAAc;IACd,MAAM,YAAY,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC,KAAK,EAAE,CAAC;IAC1D,MAAM,GAAG,CAAC,sBAAsB,IAAI,wBAAwB,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAChF,YAAY,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAEtC,cAAc;IACd,MAAM,cAAc,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC,KAAK,EAAE,CAAC;IAC5D,MAAM,GAAG,CAAC,2BAA2B,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,cAAc,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAExC,GAAG,CAAC,KAAK,EAAE,CAAC;IACZ,GAAG,CAAC,OAAO,CAAC,UAAU,IAAI,YAAY,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC;AAC3E,CAAC"}

package/dist/commands/agent/index.d.ts

@@ -0,0 +1,34 @@
+/**
+ * CiCore CLI — `ci agent` (provisioning agent / execution bridge, K4)
+ *
+ * The control-plane never SSHes ad hoc. The panel (PHP) writes a *job* to
+ * `cp_provisioning_jobs`; a privileged agent claims it and runs the work,
+ * recording step logs, status, errors and an audit trail. This is that agent.
+ *
+ *   - `ci agent enqueue` — write a (signed) job. The panel mirrors this INSERT
+ *     in PHP; the CLI form is for testing + ops.
+ *   - `ci agent run` — claim queued jobs and execute them. Run it as a cron /
+ *     systemd timer on the host (or any box with SSH + control-plane access).
+ *
+ * Execution reuses the existing CLI commands by spawning them as child
+ * processes (e.g. `brand_reconcile` → `ci brand reconcile`), so the agent adds
+ * no second copy of the provisioning logic and a job failure can't take the
+ * agent down. Jobs are HMAC-signed (env `CICORE_JOB_SIGNING_SECRET`) so a
+ * compromised panel can't inject arbitrary work; if the secret is unset the
+ * agent runs in dev mode (verification skipped, with a warning).
+ *
+ * v1 job type: `brand_reconcile`. Reconcile is idempotent, so a failed job is
+ * safe to re-run (recovery = re-queue); true compensating rollback for
+ * create-type jobs (create_brand, …) is a follow-up.
+ */
+import { Command } from 'commander';
+import { type HostConfig } from '../../lib/hosts.js';
+export declare function registerAgentCommands(program: Command): void;
+/** Sign a job, or return '' (unsigned) when no secret is configured (dev). */
+/**
+ * Enqueue a signed provisioning job (reusable by other commands, e.g.
+ * `ci addon publish` → publish_addon). Mirrors the `agent enqueue` INSERT;
+ * caller ensures `type` is a KNOWN_TYPES value. Returns whether the row landed.
+ */
+export declare function enqueueJob(cfg: HostConfig, type: string, targetType: string, payload: unknown, requestedBy?: string): Promise<boolean>;
+//# sourceMappingURL=index.d.ts.map

package/dist/commands/agent/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/commands/agent/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAKnC,OAAO,EAAiB,KAAK,UAAU,EAAE,MAAM,oBAAoB,CAAA;AA2BnE,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAoE5D;AA+ZD,8EAA8E;AAC9E;;;;GAIG;AACH,wBAAsB,UAAU,CAC9B,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,SAAQ,GACvF,OAAO,CAAC,OAAO,CAAC,CAWlB"}