@ebowwa/hetzner 0.1.0 → 0.2.0

package/errors.js

@@ -1,6 +1,30 @@
+"use strict";
 /**
  * Hetzner Cloud API error types and utilities
  */
+var __extends = (this && this.__extends) || (function () {
+    var extendStatics = function (d, b) {
+        extendStatics = Object.setPrototypeOf ||
+            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
+            function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
+        return extendStatics(d, b);
+    };
+    return function (d, b) {
+        if (typeof b !== "function" && b !== null)
+            throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
+        extendStatics(d, b);
+        function __() { this.constructor = d; }
+        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HetznerTimeoutError = exports.HetznerActionError = exports.HetznerServiceError = exports.HetznerConflictError = exports.HetznerInvalidInputError = exports.HetznerResourceLimitError = exports.HetznerResourceLockedError = exports.HetznerRateLimitError = exports.HetznerNotFoundError = exports.HetznerForbiddenError = exports.HetznerUnauthorizedError = exports.HetznerAPIError = exports.HetznerErrorCode = void 0;
+exports.createHetznerError = createHetznerError;
+exports.isRetryableError = isRetryableError;
+exports.isRateLimitError = isRateLimitError;
+exports.isResourceLockedError = isResourceLockedError;
+exports.calculateRetryDelay = calculateRetryDelay;
+exports.defaultErrorHandler = defaultErrorHandler;
 // ============================================================================
 // Error Codes
 // ============================================================================
@@ -8,7 +32,7 @@
  * Hetzner API error codes
  * @see https://docs.hetzner.cloud/#errors
  */
-export var HetznerErrorCode;
+var HetznerErrorCode;
 (function (HetznerErrorCode) {
     // Authentication errors
     HetznerErrorCode["Unauthorized"] = "unauthorized";
@@ -40,162 +64,212 @@ export var HetznerErrorCode;
     // Certificate errors
     HetznerErrorCode["CertificateValidationFailed"] = "certificate_validation_failed";
     HetznerErrorCode["CertificatePending"] = "certificate_pending";
-})(HetznerErrorCode || (HetznerErrorCode = {}));
+})(HetznerErrorCode || (exports.HetznerErrorCode = HetznerErrorCode = {}));
 // ============================================================================
 // Error Classes
 // ============================================================================
 /**
  * Base Hetzner API error
  */
-export class HetznerAPIError extends Error {
-    code;
-    details;
-    constructor(message, code, details) {
-        super(message);
-        this.code = code;
-        this.details = details;
-        this.name = "HetznerAPIError";
+var HetznerAPIError = /** @class */ (function (_super) {
+    __extends(HetznerAPIError, _super);
+    function HetznerAPIError(message, code, details) {
+        var _this = _super.call(this, message) || this;
+        _this.code = code;
+        _this.details = details;
+        _this.name = "HetznerAPIError";
+        return _this;
     }
-}
+    return HetznerAPIError;
+}(Error));
+exports.HetznerAPIError = HetznerAPIError;
 /**
  * Authentication error (401)
  */
-export class HetznerUnauthorizedError extends HetznerAPIError {
-    constructor(message = "Unauthorized: Invalid API token") {
-        super(message, HetznerErrorCode.Unauthorized);
-        this.name = "HetznerUnauthorizedError";
+var HetznerUnauthorizedError = /** @class */ (function (_super) {
+    __extends(HetznerUnauthorizedError, _super);
+    function HetznerUnauthorizedError(message) {
+        if (message === void 0) { message = "Unauthorized: Invalid API token"; }
+        var _this = _super.call(this, message, HetznerErrorCode.Unauthorized) || this;
+        _this.name = "HetznerUnauthorizedError";
+        return _this;
     }
-}
+    return HetznerUnauthorizedError;
+}(HetznerAPIError));
+exports.HetznerUnauthorizedError = HetznerUnauthorizedError;
 /**
  * Forbidden error (403)
  */
-export class HetznerForbiddenError extends HetznerAPIError {
-    constructor(message = "Forbidden: Insufficient permissions") {
-        super(message, HetznerErrorCode.Forbidden);
-        this.name = "HetznerForbiddenError";
+var HetznerForbiddenError = /** @class */ (function (_super) {
+    __extends(HetznerForbiddenError, _super);
+    function HetznerForbiddenError(message) {
+        if (message === void 0) { message = "Forbidden: Insufficient permissions"; }
+        var _this = _super.call(this, message, HetznerErrorCode.Forbidden) || this;
+        _this.name = "HetznerForbiddenError";
+        return _this;
     }
-}
+    return HetznerForbiddenError;
+}(HetznerAPIError));
+exports.HetznerForbiddenError = HetznerForbiddenError;
 /**
  * Resource not found error (404)
  */
-export class HetznerNotFoundError extends HetznerAPIError {
-    constructor(resource, id) {
-        super(`${resource} with ID ${id} not found`, HetznerErrorCode.NotFound, { resource, id });
-        this.name = "HetznerNotFoundError";
+var HetznerNotFoundError = /** @class */ (function (_super) {
+    __extends(HetznerNotFoundError, _super);
+    function HetznerNotFoundError(resource, id) {
+        var _this = _super.call(this, "".concat(resource, " with ID ").concat(id, " not found"), HetznerErrorCode.NotFound, { resource: resource, id: id }) || this;
+        _this.name = "HetznerNotFoundError";
+        return _this;
     }
-}
+    return HetznerNotFoundError;
+}(HetznerAPIError));
+exports.HetznerNotFoundError = HetznerNotFoundError;
 /**
  * Rate limit exceeded error (429)
  */
-export class HetznerRateLimitError extends HetznerAPIError {
-    rateLimitInfo;
-    constructor(message = "Rate limit exceeded", rateLimitInfo) {
-        super(message, HetznerErrorCode.RateLimitExceeded, rateLimitInfo);
-        this.rateLimitInfo = rateLimitInfo;
-        this.name = "HetznerRateLimitError";
+var HetznerRateLimitError = /** @class */ (function (_super) {
+    __extends(HetznerRateLimitError, _super);
+    function HetznerRateLimitError(message, rateLimitInfo) {
+        if (message === void 0) { message = "Rate limit exceeded"; }
+        var _this = _super.call(this, message, HetznerErrorCode.RateLimitExceeded, rateLimitInfo) || this;
+        _this.rateLimitInfo = rateLimitInfo;
+        _this.name = "HetznerRateLimitError";
+        return _this;
     }
-    /**
-     * Get the number of milliseconds until the rate limit resets
-     */
-    get resetInMs() {
-        if (!this.rateLimitInfo)
-            return 60000; // Default to 1 minute
-        return Math.max(0, this.rateLimitInfo.reset * 1000 - Date.now());
-    }
-    /**
-     * Get a human-readable reset time
-     */
-    get resetTime() {
-        if (!this.rateLimitInfo)
-            return "unknown";
-        return new Date(this.rateLimitInfo.reset * 1000).toISOString();
-    }
-}
+    Object.defineProperty(HetznerRateLimitError.prototype, "resetInMs", {
+        /**
+         * Get the number of milliseconds until the rate limit resets
+         */
+        get: function () {
+            if (!this.rateLimitInfo)
+                return 60000; // Default to 1 minute
+            return Math.max(0, this.rateLimitInfo.reset * 1000 - Date.now());
+        },
+        enumerable: false,
+        configurable: true
+    });
+    Object.defineProperty(HetznerRateLimitError.prototype, "resetTime", {
+        /**
+         * Get a human-readable reset time
+         */
+        get: function () {
+            if (!this.rateLimitInfo)
+                return "unknown";
+            return new Date(this.rateLimitInfo.reset * 1000).toISOString();
+        },
+        enumerable: false,
+        configurable: true
+    });
+    return HetznerRateLimitError;
+}(HetznerAPIError));
+exports.HetznerRateLimitError = HetznerRateLimitError;
 /**
  * Resource locked error
  */
-export class HetznerResourceLockedError extends HetznerAPIError {
-    actionInProgress;
-    constructor(resource, id, actionInProgress) {
-        super(`${resource} ${id} is locked${actionInProgress ? ` by ${actionInProgress}` : ""}`, HetznerErrorCode.ResourceLocked, { resource, id, actionInProgress });
-        this.actionInProgress = actionInProgress;
-        this.name = "HetznerResourceLockedError";
+var HetznerResourceLockedError = /** @class */ (function (_super) {
+    __extends(HetznerResourceLockedError, _super);
+    function HetznerResourceLockedError(resource, id, actionInProgress) {
+        var _this = _super.call(this, "".concat(resource, " ").concat(id, " is locked").concat(actionInProgress ? " by ".concat(actionInProgress) : ""), HetznerErrorCode.ResourceLocked, { resource: resource, id: id, actionInProgress: actionInProgress }) || this;
+        _this.actionInProgress = actionInProgress;
+        _this.name = "HetznerResourceLockedError";
+        return _this;
     }
-}
+    return HetznerResourceLockedError;
+}(HetznerAPIError));
+exports.HetznerResourceLockedError = HetznerResourceLockedError;
 /**
  * Resource limit exceeded error
  */
-export class HetznerResourceLimitError extends HetznerAPIError {
-    constructor(resource, limit) {
-        super(`Resource limit exceeded: ${resource} (limit: ${limit})`, HetznerErrorCode.ResourceLimitExceeded, { resource, limit });
-        this.name = "HetznerResourceLimitError";
+var HetznerResourceLimitError = /** @class */ (function (_super) {
+    __extends(HetznerResourceLimitError, _super);
+    function HetznerResourceLimitError(resource, limit) {
+        var _this = _super.call(this, "Resource limit exceeded: ".concat(resource, " (limit: ").concat(limit, ")"), HetznerErrorCode.ResourceLimitExceeded, { resource: resource, limit: limit }) || this;
+        _this.name = "HetznerResourceLimitError";
+        return _this;
     }
-}
+    return HetznerResourceLimitError;
+}(HetznerAPIError));
+exports.HetznerResourceLimitError = HetznerResourceLimitError;
 /**
  * Invalid input error
  */
-export class HetznerInvalidInputError extends HetznerAPIError {
-    fields;
-    constructor(message, fields) {
-        super(message, HetznerErrorCode.InvalidInput, { fields });
-        this.fields = fields;
-        this.name = "HetznerInvalidInputError";
+var HetznerInvalidInputError = /** @class */ (function (_super) {
+    __extends(HetznerInvalidInputError, _super);
+    function HetznerInvalidInputError(message, fields) {
+        var _this = _super.call(this, message, HetznerErrorCode.InvalidInput, { fields: fields }) || this;
+        _this.fields = fields;
+        _this.name = "HetznerInvalidInputError";
+        return _this;
     }
-}
+    return HetznerInvalidInputError;
+}(HetznerAPIError));
+exports.HetznerInvalidInputError = HetznerInvalidInputError;
 /**
  * Conflict error
  */
-export class HetznerConflictError extends HetznerAPIError {
-    constructor(message, details) {
-        super(message, HetznerErrorCode.Conflict, details);
-        this.name = "HetznerConflictError";
+var HetznerConflictError = /** @class */ (function (_super) {
+    __extends(HetznerConflictError, _super);
+    function HetznerConflictError(message, details) {
+        var _this = _super.call(this, message, HetznerErrorCode.Conflict, details) || this;
+        _this.name = "HetznerConflictError";
+        return _this;
     }
-}
+    return HetznerConflictError;
+}(HetznerAPIError));
+exports.HetznerConflictError = HetznerConflictError;
 /**
  * Service error (5xx)
  */
-export class HetznerServiceError extends HetznerAPIError {
-    statusCode;
-    constructor(message, statusCode) {
-        super(message, HetznerErrorCode.ServiceError, { statusCode });
-        this.statusCode = statusCode;
-        this.name = "HetznerServiceError";
+var HetznerServiceError = /** @class */ (function (_super) {
+    __extends(HetznerServiceError, _super);
+    function HetznerServiceError(message, statusCode) {
+        var _this = _super.call(this, message, HetznerErrorCode.ServiceError, { statusCode: statusCode }) || this;
+        _this.statusCode = statusCode;
+        _this.name = "HetznerServiceError";
+        return _this;
     }
-}
+    return HetznerServiceError;
+}(HetznerAPIError));
+exports.HetznerServiceError = HetznerServiceError;
 /**
  * Action failed error
  */
-export class HetznerActionError extends HetznerAPIError {
-    actionError;
-    actionId;
-    constructor(actionError, actionId) {
-        super(`Action ${actionId} failed: ${actionError.code} - ${actionError.message}`, actionError.code, { actionError, actionId });
-        this.actionError = actionError;
-        this.actionId = actionId;
-        this.name = "HetznerActionError";
+var HetznerActionError = /** @class */ (function (_super) {
+    __extends(HetznerActionError, _super);
+    function HetznerActionError(actionError, actionId) {
+        var _this = _super.call(this, "Action ".concat(actionId, " failed: ").concat(actionError.code, " - ").concat(actionError.message), actionError.code, { actionError: actionError, actionId: actionId }) || this;
+        _this.actionError = actionError;
+        _this.actionId = actionId;
+        _this.name = "HetznerActionError";
+        return _this;
     }
-}
+    return HetznerActionError;
+}(HetznerAPIError));
+exports.HetznerActionError = HetznerActionError;
 /**
  * Timeout error for action polling
  */
-export class HetznerTimeoutError extends HetznerAPIError {
-    lastProgress;
-    constructor(actionId, timeout, lastProgress) {
-        super(`Action ${actionId} timed out after ${timeout}ms (last progress: ${lastProgress}%)`, "timeout", { actionId, timeout, lastProgress });
-        this.lastProgress = lastProgress;
-        this.name = "HetznerTimeoutError";
+var HetznerTimeoutError = /** @class */ (function (_super) {
+    __extends(HetznerTimeoutError, _super);
+    function HetznerTimeoutError(actionId, timeout, lastProgress) {
+        var _this = _super.call(this, "Action ".concat(actionId, " timed out after ").concat(timeout, "ms (last progress: ").concat(lastProgress, "%)"), "timeout", { actionId: actionId, timeout: timeout, lastProgress: lastProgress }) || this;
+        _this.lastProgress = lastProgress;
+        _this.name = "HetznerTimeoutError";
+        return _this;
     }
-}
+    return HetznerTimeoutError;
+}(HetznerAPIError));
+exports.HetznerTimeoutError = HetznerTimeoutError;
 // ============================================================================
 // Error Factory
 // ============================================================================
 /**
  * Parse Hetzner API error response and create appropriate error
  */
-export function createHetznerError(statusCode, body) {
-    const error = body.error;
+function createHetznerError(statusCode, body) {
+    var error = body.error;
     if (!error) {
-        return new HetznerServiceError(`HTTP ${statusCode}: ${JSON.stringify(body)}`, statusCode);
+        return new HetznerServiceError("HTTP ".concat(statusCode, ": ").concat(JSON.stringify(body)), statusCode);
     }
     switch (statusCode) {
         case 401:
@@ -226,7 +300,7 @@ export function createHetznerError(statusCode, body) {
 /**
  * Check if an error is retryable
  */
-export function isRetryableError(error) {
+function isRetryableError(error) {
     if (error instanceof HetznerRateLimitError)
         return true;
     if (error instanceof HetznerResourceLockedError)
@@ -240,31 +314,32 @@ export function isRetryableError(error) {
 /**
  * Check if an error is a rate limit error
  */
-export function isRateLimitError(error) {
+function isRateLimitError(error) {
     return error instanceof HetznerRateLimitError;
 }
 /**
  * Check if an error is a resource locked error
  */
-export function isResourceLockedError(error) {
+function isResourceLockedError(error) {
     return error instanceof HetznerResourceLockedError;
 }
 /**
  * Calculate retry delay with exponential backoff
  */
-export function calculateRetryDelay(attempt, baseDelay = 1000, maxDelay = 60000) {
-    const delay = baseDelay * Math.pow(2, attempt);
+function calculateRetryDelay(attempt, baseDelay, maxDelay) {
+    if (baseDelay === void 0) { baseDelay = 1000; }
+    if (maxDelay === void 0) { maxDelay = 60000; }
+    var delay = baseDelay * Math.pow(2, attempt);
     // Add jitter (±25%)
-    const jitter = delay * 0.25 * (Math.random() * 2 - 1);
+    var jitter = delay * 0.25 * (Math.random() * 2 - 1);
     return Math.min(maxDelay, delay + jitter);
 }
 /**
  * Default error handler that logs to console
  */
-export function defaultErrorHandler(error) {
-    console.error(`[Hetzner API Error] ${error.name}: ${error.message}`);
+function defaultErrorHandler(error) {
+    console.error("[Hetzner API Error] ".concat(error.name, ": ").concat(error.message));
     if (error.details) {
         console.error("Details:", error.details);
     }
 }
-//# sourceMappingURL=errors.js.map

package/index.js

@@ -1,3 +1,4 @@
+"use strict";
 /**
  * Hetzner Cloud API client
  * For server-side use only (requires API token)
@@ -6,23 +7,67 @@
  * - Certificate actions: https://docs.hetzner.cloud/reference/cloud#certificate-actions
  * - DNS operations
  */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ACTION_TIMEOUTS = exports.createProgressLogger = exports.waitForRateLimitReset = exports.formatRateLimitStatus = exports.isRateLimitLow = exports.parseRateLimitHeaders = exports.waitForActionAdaptive = exports.getAdaptivePollInterval = exports.getPollInterval = exports.getActionDescription = exports.formatActionProgress = exports.isActionError = exports.isActionSuccess = exports.isActionRunning = exports.getActionTimeout = exports.batchCheckActions = exports.waitForMultipleActionsWithLimit = exports.waitForMultipleActions = exports.waitForAction = exports.HETZNER_API_BASE = exports.resolveApiToken = exports.isAuthenticated = exports.getTokenFromCLI = exports.SSHKeyOperations = exports.ActionOperations = exports.VolumeOperations = exports.ServerOperations = exports.HetznerClient = void 0;
 // Core exports
-export { HetznerClient } from "./client.js";
-export { ServerOperations } from "./servers.js";
-export { ActionOperations } from "./actions.js";
-export { SSHKeyOperations } from "./ssh-keys.js";
+var client_js_1 = require("./client.js");
+Object.defineProperty(exports, "HetznerClient", { enumerable: true, get: function () { return client_js_1.HetznerClient; } });
+var servers_js_1 = require("./servers.js");
+Object.defineProperty(exports, "ServerOperations", { enumerable: true, get: function () { return servers_js_1.ServerOperations; } });
+var volumes_js_1 = require("./volumes.js");
+Object.defineProperty(exports, "VolumeOperations", { enumerable: true, get: function () { return volumes_js_1.VolumeOperations; } });
+var actions_js_1 = require("./actions.js");
+Object.defineProperty(exports, "ActionOperations", { enumerable: true, get: function () { return actions_js_1.ActionOperations; } });
+var ssh_keys_js_1 = require("./ssh-keys.js");
+Object.defineProperty(exports, "SSHKeyOperations", { enumerable: true, get: function () { return ssh_keys_js_1.SSHKeyOperations; } });
 // Auth
-export { getTokenFromCLI, isAuthenticated, resolveApiToken } from "./auth.js";
+var auth_js_1 = require("./auth.js");
+Object.defineProperty(exports, "getTokenFromCLI", { enumerable: true, get: function () { return auth_js_1.getTokenFromCLI; } });
+Object.defineProperty(exports, "isAuthenticated", { enumerable: true, get: function () { return auth_js_1.isAuthenticated; } });
+Object.defineProperty(exports, "resolveApiToken", { enumerable: true, get: function () { return auth_js_1.resolveApiToken; } });
 // Config
-export { HETZNER_API_BASE } from "./config.js";
+var config_js_1 = require("./config.js");
+Object.defineProperty(exports, "HETZNER_API_BASE", { enumerable: true, get: function () { return config_js_1.HETZNER_API_BASE; } });
 // Types
-export * from "./types.js";
+__exportStar(require("./types.js"), exports);
 // Schemas
-export * from "./schemas.js";
+__exportStar(require("./schemas.js"), exports);
 // Errors
-export * from "./errors.js";
+__exportStar(require("./errors.js"), exports);
 // Action utilities
-export { waitForAction, waitForMultipleActions, waitForMultipleActionsWithLimit, batchCheckActions, getActionTimeout, isActionRunning, isActionSuccess, isActionError, formatActionProgress, getActionDescription, getPollInterval, getAdaptivePollInterval, waitForActionAdaptive, parseRateLimitHeaders, isRateLimitLow, formatRateLimitStatus, waitForRateLimitReset, createProgressLogger, ACTION_TIMEOUTS, } from "./actions.js";
+var actions_js_2 = require("./actions.js");
+Object.defineProperty(exports, "waitForAction", { enumerable: true, get: function () { return actions_js_2.waitForAction; } });
+Object.defineProperty(exports, "waitForMultipleActions", { enumerable: true, get: function () { return actions_js_2.waitForMultipleActions; } });
+Object.defineProperty(exports, "waitForMultipleActionsWithLimit", { enumerable: true, get: function () { return actions_js_2.waitForMultipleActionsWithLimit; } });
+Object.defineProperty(exports, "batchCheckActions", { enumerable: true, get: function () { return actions_js_2.batchCheckActions; } });
+Object.defineProperty(exports, "getActionTimeout", { enumerable: true, get: function () { return actions_js_2.getActionTimeout; } });
+Object.defineProperty(exports, "isActionRunning", { enumerable: true, get: function () { return actions_js_2.isActionRunning; } });
+Object.defineProperty(exports, "isActionSuccess", { enumerable: true, get: function () { return actions_js_2.isActionSuccess; } });
+Object.defineProperty(exports, "isActionError", { enumerable: true, get: function () { return actions_js_2.isActionError; } });
+Object.defineProperty(exports, "formatActionProgress", { enumerable: true, get: function () { return actions_js_2.formatActionProgress; } });
+Object.defineProperty(exports, "getActionDescription", { enumerable: true, get: function () { return actions_js_2.getActionDescription; } });
+Object.defineProperty(exports, "getPollInterval", { enumerable: true, get: function () { return actions_js_2.getPollInterval; } });
+Object.defineProperty(exports, "getAdaptivePollInterval", { enumerable: true, get: function () { return actions_js_2.getAdaptivePollInterval; } });
+Object.defineProperty(exports, "waitForActionAdaptive", { enumerable: true, get: function () { return actions_js_2.waitForActionAdaptive; } });
+Object.defineProperty(exports, "parseRateLimitHeaders", { enumerable: true, get: function () { return actions_js_2.parseRateLimitHeaders; } });
+Object.defineProperty(exports, "isRateLimitLow", { enumerable: true, get: function () { return actions_js_2.isRateLimitLow; } });
+Object.defineProperty(exports, "formatRateLimitStatus", { enumerable: true, get: function () { return actions_js_2.formatRateLimitStatus; } });
+Object.defineProperty(exports, "waitForRateLimitReset", { enumerable: true, get: function () { return actions_js_2.waitForRateLimitReset; } });
+Object.defineProperty(exports, "createProgressLogger", { enumerable: true, get: function () { return actions_js_2.createProgressLogger; } });
+Object.defineProperty(exports, "ACTION_TIMEOUTS", { enumerable: true, get: function () { return actions_js_2.ACTION_TIMEOUTS; } });
 // Bootstrap security modules
-export * from "./bootstrap/index.js";
-//# sourceMappingURL=index.js.map
+__exportStar(require("./bootstrap/index.js"), exports);

package/index.ts

@@ -10,6 +10,7 @@
 // Core exports
 export { HetznerClient } from "./client.js";
 export { ServerOperations } from "./servers.js";
+export { VolumeOperations } from "./volumes.js";
 export { ActionOperations } from "./actions.js";
 export { SSHKeyOperations } from "./ssh-keys.js";
 
@@ -53,3 +54,6 @@ export {
 
 // Bootstrap security modules
 export * from "./bootstrap/index.js";
+
+// Onboarding (Phase 2: post-boot configuration)
+export * from "./onboarding/index.js";

package/onboarding/doppler.ts

@@ -0,0 +1,116 @@
+/**
+ * Doppler Onboarding
+ *
+ * Configure Doppler CLI service token on remote servers.
+ * This enables doppler run to inject secrets into processes.
+ */
+
+import type { SSHOptions } from "@ebowwa/terminal/types";
+
+export interface DopplerConfig {
+  token: string;
+  project?: string;
+  config?: string;
+}
+
+/**
+ * Configure Doppler on a remote server
+ *
+ * @param host - Server IP or hostname
+ * @param config - Doppler configuration
+ * @param sshOptions - SSH options
+ * @returns Success status
+ */
+export async function onboardDoppler(
+  host: string,
+  config: DopplerConfig,
+  sshOptions: Partial<SSHOptions> = {}
+): Promise<{ success: boolean; message: string }> {
+  const { execSSH } = await import("@ebowwa/terminal/client");
+
+  const { token, project = "seed", config: dopplerConfig = "prd" } = config;
+
+  try {
+    // Step 1: Configure Doppler service token
+    const configureCmd = [
+      `doppler configure set token ${token}`,
+      `doppler configure set project ${project}`,
+      `doppler configure set config ${dopplerConfig}`,
+    ].join(" && ");
+
+    await execSSH(configureCmd, {
+      host,
+      user: "root",
+      ...sshOptions
+    });
+
+    // Step 2: Verify configuration by fetching a secret
+    const verifyCmd = `doppler secrets get --config ${dopplerConfig} --project ${project} --json 2>/dev/null | head -5`;
+
+    await execSSH(verifyCmd, {
+      host,
+      user: "root",
+      timeout: 10000,
+      ...sshOptions
+    });
+
+    return {
+      success: true,
+      message: `Doppler configured for project ${project}/${dopplerConfig}`
+    };
+  } catch (error) {
+    return {
+      success: false,
+      message: `Doppler configuration failed: ${error instanceof Error ? error.message : String(error)}`
+    };
+  }
+}
+
+/**
+ * Check Doppler status on a remote server
+ *
+ * @param host - Server IP or hostname
+ * @param sshOptions - SSH options
+ * @returns Doppler status
+ */
+export async function checkDopplerStatus(
+  host: string,
+  sshOptions: Partial<SSHOptions> = {}
+): Promise<{ configured: boolean; project?: string; config?: string; message: string }> {
+  const { execSSH } = await import("@ebowwa/terminal/client");
+
+  try {
+    // Check if doppler is configured
+    const checkCmd = `
+      doppler configure get project 2>/dev/null || echo "NOT_CONFIGURED"
+      doppler configure get config 2>/dev/null || echo "NOT_CONFIGURED"
+    `;
+
+    const result = await execSSH(checkCmd, {
+      host,
+      user: "root",
+      timeout: 5000,
+      ...sshOptions
+    });
+
+    const lines = result.trim().split("\n");
+    const project = lines[0]?.trim() || "";
+    const config = lines[1]?.trim() || "";
+
+    const configured = project !== "NOT_CONFIGURED" && config !== "NOT_CONFIGURED";
+
+    return {
+      configured,
+      project: configured ? project : undefined,
+      config: configured ? config : undefined,
+      message: configured
+        ? `Doppler configured: ${project}/${config}`
+        : "Doppler not configured"
+    };
+  } catch (error) {
+    return {
+      configured: false,
+      message: `Could not check Doppler status: ${error instanceof Error ? error.message : String(error)}`
+    };
+  }
+}