@factiii/stack 0.1.2

package/dist/plugins/pipelines/aws/prod.js

@@ -0,0 +1,362 @@
+"use strict";
+/**
+ * Production environment operations for AWS plugin
+ * Handles production deployment, server preparation, and production-specific helpers
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureServerReady = ensureServerReady;
+exports.deployProd = deployProd;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const js_yaml_1 = __importDefault(require("js-yaml"));
+const ssh_helper_js_1 = require("../../../utils/ssh-helper.js");
+const config_helpers_js_1 = require("../../../utils/config-helpers.js");
+const index_js_1 = require("../../../scripts/index.js");
+/**
+ * Execute a command on a remote server via SSH
+ */
+async function sshExecCommand(envConfig, command) {
+    return await (0, ssh_helper_js_1.sshExec)(envConfig, command);
+}
+/**
+ * Ensure Node.js is installed on the server
+ */
+async function ensureNodeInstalled(envConfig) {
+    try {
+        await sshExecCommand(envConfig, 'which node');
+    }
+    catch {
+        console.log('      Installing Node.js...');
+        await sshExecCommand(envConfig, 'curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - && sudo apt-get install -y nodejs');
+    }
+}
+/**
+ * Ensure git is installed on the server
+ */
+async function ensureGitInstalled(envConfig) {
+    try {
+        await sshExecCommand(envConfig, 'which git');
+    }
+    catch {
+        console.log('      Installing git...');
+        await sshExecCommand(envConfig, 'sudo apt-get update && sudo apt-get install -y git');
+    }
+}
+/**
+ * Ensure repository is cloned
+ */
+async function ensureRepoCloned(envConfig, repoUrl, repoDir, repoName) {
+    const checkExists = await sshExecCommand(envConfig, `test -d ${repoDir}/.git && echo "exists" || echo "missing"`);
+    if (checkExists.includes('missing')) {
+        console.log('      Cloning repository...');
+        // Extract GitHub repo from URL if provided, otherwise use GITHUB_REPO env var
+        let gitUrl = repoUrl;
+        if (repoUrl && !repoUrl.startsWith('git@') && !repoUrl.startsWith('https://')) {
+            // Format: owner/repo
+            gitUrl = `git@github.com:${repoUrl}.git`;
+        }
+        await sshExecCommand(envConfig, `mkdir -p ~/.factiii && cd ~/.factiii && git clone ${gitUrl} ${repoName}`);
+    }
+}
+/**
+ * Pull latest changes and checkout specific commit
+ */
+async function pullAndCheckout(envConfig, repoDir, branch, commitHash) {
+    console.log(`      Checking out ${branch}${commitHash ? ' @ ' + commitHash.substring(0, 7) : ''}...`);
+    const commands = [
+        `cd ${repoDir}`,
+        'git fetch --all',
+        `git checkout ${branch}`,
+        `git pull origin ${branch}`,
+    ];
+    // If commit hash provided, checkout that specific commit
+    if (commitHash) {
+        commands.push(`git checkout ${commitHash}`);
+    }
+    await sshExecCommand(envConfig, commands.join(' && '));
+}
+/**
+ * Write environment variables to .env file on server
+ * Handles both local (on-server) and remote (SSH) execution
+ */
+async function writeEnvFile(envConfig, repoDir, environment, envVarsString) {
+    if (!envVarsString) {
+        // If no env vars provided, skip writing (allow manual .env files)
+        return;
+    }
+    const envFileName = `.env.${environment === 'production' ? 'prod' : environment}`;
+    const isOnServer = process.env.GITHUB_ACTIONS === 'true';
+    // Parse env vars string (newline-separated KEY=VALUE format)
+    const envVars = envVarsString
+        .split('\n')
+        .map((line) => line.trim())
+        .filter((line) => line && !line.startsWith('#'))
+        .filter((line) => line.includes('='));
+    if (envVars.length === 0) {
+        console.log(`   ⚠️  No environment variables found in ${environment} secrets`);
+        return;
+    }
+    // Build env file content
+    const envFileContent = envVars.join('\n') + '\n';
+    if (isOnServer) {
+        // We're on the server - write directly
+        const expandedRepoDir = repoDir.replace('~', process.env.HOME ?? '/home/ubuntu');
+        const envFilePath = path.join(expandedRepoDir, envFileName);
+        console.log(`   📝 Writing ${envFileName} (${envVars.length} variables)...`);
+        fs.writeFileSync(envFilePath, envFileContent, 'utf8');
+    }
+    else {
+        // We're remote - SSH to write
+        console.log(`   📝 Writing ${envFileName} on remote server (${envVars.length} variables)...`);
+        await sshExecCommand(envConfig, `cat > ${repoDir}/${envFileName} << 'ENVEOF'
+${envFileContent}ENVEOF`);
+    }
+}
+// ============================================================
+// CRITICAL: SSL Certificate Management
+// ============================================================
+// Why this exists: Automatically obtain/renew Let's Encrypt SSL certificates
+// What breaks if changed: HTTPS will fail, browsers show security warnings
+// Dependencies: Docker must be installed, ssl_email must be configured
+// Uses Docker certbot for portability (no host certbot installation needed)
+// ============================================================
+/**
+ * Run certbot to obtain/renew SSL certificates using Docker
+ * Called after nginx.conf is generated but before containers start
+ * Collects all domains from all environments in factiii.yml and obtains certificates
+ * Uses standalone mode with Docker certbot (nginx must be stopped first)
+ */
+async function runCertbot(envConfig, config) {
+    const environments = (0, config_helpers_js_1.extractEnvironments)(config);
+    // Collect all domains that need certificates
+    const domains = [];
+    for (const env of Object.values(environments)) {
+        if (env.domain && !env.domain.startsWith('EXAMPLE-')) {
+            domains.push(env.domain);
+        }
+    }
+    if (domains.length === 0) {
+        console.log('      No domains configured, skipping SSL certificates');
+        return;
+    }
+    const sslEmail = config.ssl_email;
+    if (!sslEmail || sslEmail.startsWith('EXAMPLE-')) {
+        console.log('      ⚠️  ssl_email not configured in factiii.yml, skipping SSL');
+        console.log('      Add ssl_email to factiii.yml to enable automatic SSL certificates');
+        return;
+    }
+    // For each domain, obtain certificate using Docker certbot
+    for (const domain of domains) {
+        console.log(`      Obtaining SSL certificate for: ${domain}`);
+        // Build Docker certbot command (standalone mode - port 80 must be free)
+        const certbotCmd = [
+            'docker run --rm',
+            '-v /etc/letsencrypt:/etc/letsencrypt',
+            '-v /var/lib/letsencrypt:/var/lib/letsencrypt',
+            '-p 80:80',
+            'certbot/certbot certonly',
+            '--standalone',
+            '-d ' + domain,
+            '--email ' + sslEmail,
+            '--agree-tos',
+            '--non-interactive',
+        ].join(' ');
+        try {
+            await sshExecCommand(envConfig, certbotCmd);
+            console.log(`      ✅ SSL certificate obtained for ${domain}`);
+        }
+        catch (error) {
+            console.log(`      ⚠️  Certbot failed for ${domain}, continuing without SSL`);
+        }
+    }
+}
+/**
+ * Setup automatic certificate renewal via cron using Docker certbot
+ * Only runs once - checks if renewal is already configured
+ */
+async function setupCertbotRenewal(envConfig) {
+    console.log('      Setting up automatic certificate renewal...');
+    // Docker certbot renewal command (webroot mode since nginx will be running)
+    const renewCmd = 'docker run --rm -v /etc/letsencrypt:/etc/letsencrypt -v /var/lib/letsencrypt:/var/lib/letsencrypt -v /var/www/certbot:/var/www/certbot certbot/certbot renew --quiet && docker exec factiii_nginx nginx -s reload';
+    // Check if certbot renewal is already configured
+    const cronCheck = await sshExecCommand(envConfig, 'crontab -l 2>/dev/null | grep "certbot/certbot renew" || echo "NOT_FOUND"');
+    if (cronCheck.includes('NOT_FOUND')) {
+        // Add renewal cron job (runs twice daily)
+        await sshExecCommand(envConfig, `(crontab -l 2>/dev/null; echo "0 0,12 * * * ${renewCmd}") | crontab -`);
+        console.log('      ✅ Configured automatic certificate renewal (twice daily)');
+    }
+    else {
+        console.log('      ✅ Certificate renewal already configured');
+    }
+}
+/**
+ * Update docker-compose.yml to replace build context with ECR image for prod services
+ * This is called after generate-all.js runs (which generates generic compose with build context)
+ */
+async function updateComposeForECR(envConfig, config) {
+    const repoName = config.name ?? 'app';
+    const region = config.aws?.region ?? 'us-east-1';
+    const serviceName = `${repoName}-prod`;
+    // Get ECR registry - use config value or construct from AWS account ID on server
+    let ecrRegistry;
+    if (config.ecr_registry) {
+        ecrRegistry = config.ecr_registry;
+    }
+    else {
+        // Get AWS account ID from the server
+        try {
+            const accountId = await sshExecCommand(envConfig, `aws sts get-caller-identity --query Account --output text --region ${region}`);
+            ecrRegistry = `${accountId.trim()}.dkr.ecr.${region}.amazonaws.com`;
+        }
+        catch (error) {
+            throw new Error(`Failed to get AWS account ID from server: ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    const ecrRepository = config.ecr_repository ?? repoName;
+    const imageTag = `${ecrRegistry}/${ecrRepository}:latest`;
+    // Read docker-compose.yml from server
+    const composeContent = await sshExecCommand(envConfig, 'cat ~/.factiii/docker-compose.yml');
+    // Parse and update
+    const compose = js_yaml_1.default.load(composeContent);
+    if (compose.services && compose.services[serviceName]) {
+        // Remove build section and set image to ECR
+        delete compose.services[serviceName].build;
+        compose.services[serviceName].image = imageTag;
+    }
+    // Write back to server
+    const updatedContent = js_yaml_1.default.dump(compose, { lineWidth: -1 });
+    await sshExecCommand(envConfig, `cat > ~/.factiii/docker-compose.yml << 'EOF'\n${updatedContent}\nEOF`);
+}
+/**
+ * Ensure server is ready for deployment
+ * Installs Node.js, git, clones repo, checks out commit
+ * Note: Production doesn't install dependencies (pulls pre-built images)
+ */
+async function ensureServerReady(config, environment, options = {}) {
+    // AWS only handles prod-type environments (prod, prod2, production, etc.)
+    if (!environment.startsWith('prod') && environment !== 'production') {
+        return { success: true, message: 'AWS only handles production environments' };
+    }
+    // Get environment config (supports both v1.x and v2.0.0+ formats)
+    const environments = (0, config_helpers_js_1.extractEnvironments)(config);
+    const envConfig = environments[environment] ?? environments['prod'] ?? environments['production'];
+    if (!envConfig?.domain) {
+        throw new Error(`${environment} domain not configured`);
+    }
+    const { commitHash, branch = 'main', repoUrl } = options;
+    const repoName = config.name ?? 'app';
+    const repoDir = `~/.factiii/${repoName}`;
+    try {
+        // 1. Ensure Node.js is installed
+        console.log('   Checking Node.js...');
+        await ensureNodeInstalled(envConfig);
+        // 2. Ensure git is installed
+        console.log('   Checking git...');
+        await ensureGitInstalled(envConfig);
+        // 3. Ensure repo is cloned and up to date
+        console.log('   Syncing repository...');
+        await ensureRepoCloned(envConfig, repoUrl, repoDir, repoName);
+        await pullAndCheckout(envConfig, repoDir, branch, commitHash);
+        // 4. Write environment variables from GitHub secrets if provided
+        const envVarsString = process.env.PROD_ENVS;
+        if (envVarsString) {
+            console.log('   Writing environment variables...');
+            await writeEnvFile(envConfig, repoDir, 'prod', envVarsString);
+        }
+        else {
+            console.log('   ⚠️  PROD_ENVS not provided, skipping env file write (using existing .env.prod if present)');
+        }
+        // Note: Production doesn't install dependencies - it pulls pre-built images from ECR
+        return { success: true, message: 'Server ready' };
+    }
+    catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        throw new Error(`Failed to prepare server: ${errorMessage}`);
+    }
+}
+/**
+ * Deploy to production server (pull from ECR)
+ *
+ * @param config - Factiii config (supports both v1.x and v2.0.0+)
+ * @param environment - Environment name (defaults to 'prod' for backward compatibility)
+ */
+async function deployProd(config, environment = 'prod') {
+    // Get environment config (supports both v1.x and v2.0.0+ formats)
+    const environments = (0, config_helpers_js_1.extractEnvironments)(config);
+    const envConfig = environments[environment] ?? environments['prod'] ?? environments['production'];
+    if (!envConfig?.domain) {
+        return { success: false, error: `${environment} domain not configured` };
+    }
+    console.log(`   🚀 Deploying to production (${envConfig.domain})...`);
+    try {
+        const repoName = config.name ?? 'app';
+        const region = config.aws?.region ?? 'us-east-1';
+        // Step 1: Regenerate unified docker-compose.yml (generic, uses build context)
+        console.log('   🔄 Regenerating unified docker-compose.yml...');
+        const repos = (0, index_js_1.scanRepos)();
+        const configs = (0, index_js_1.loadConfigs)(repos);
+        (0, index_js_1.generateDockerCompose)(configs);
+        (0, index_js_1.generateNginx)(configs);
+        // Step 2: Update docker-compose.yml to use ECR image for prod services
+        console.log('   🔄 Updating docker-compose.yml with ECR image references...');
+        await updateComposeForECR(envConfig, config);
+        // Step 3: Login to ECR and pull latest image
+        console.log('   🔐 Logging in to ECR and pulling image...');
+        await sshExecCommand(envConfig, `
+      aws ecr get-login-password --region ${region} | docker login --username AWS --password-stdin $(aws sts get-caller-identity --query Account --output text).dkr.ecr.${region}.amazonaws.com && \
+      cd ~/.factiii && \
+      docker compose pull ${repoName}-prod
+    `);
+        // Step 4: Manage SSL certificates
+        console.log('   🔐 Managing SSL certificates...');
+        await runCertbot(envConfig, config);
+        await setupCertbotRenewal(envConfig);
+        // Step 5: Start containers using unified docker-compose.yml
+        console.log('   🚀 Starting containers with unified docker-compose.yml...');
+        await sshExecCommand(envConfig, `cd ~/.factiii && docker compose up -d ${repoName}-prod`);
+        return { success: true, message: 'Production deployment complete' };
+    }
+    catch (error) {
+        return {
+            success: false,
+            error: error instanceof Error ? error.message : String(error),
+        };
+    }
+}
+//# sourceMappingURL=prod.js.map

package/dist/plugins/pipelines/aws/prod.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"prod.js","sourceRoot":"","sources":["../../../../src/plugins/pipelines/aws/prod.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyUH,8CAoDC;AAQD,gCA2DC;AA9bD,uCAAyB;AACzB,2CAA6B;AAC7B,sDAA2B;AAE3B,gEAAuD;AACvD,wEAAuE;AACvE,wDAAyG;AAQzG;;GAEG;AACH,KAAK,UAAU,cAAc,CAAC,SAA4B,EAAE,OAAe;IACzE,OAAO,MAAM,IAAA,uBAAO,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,mBAAmB,CAAC,SAA4B;IAC7D,IAAI,CAAC;QACH,MAAM,cAAc,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAC3C,MAAM,cAAc,CAClB,SAAS,EACT,qGAAqG,CACtG,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAAC,SAA4B;IAC5D,IAAI,CAAC;QACH,MAAM,cAAc,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,MAAM,cAAc,CAAC,SAAS,EAAE,oDAAoD,CAAC,CAAC;IACxF,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,gBAAgB,CAC7B,SAA4B,EAC5B,OAA2B,EAC3B,OAAe,EACf,QAAgB;IAEhB,MAAM,WAAW,GAAG,MAAM,cAAc,CACtC,SAAS,EACT,WAAW,OAAO,0CAA0C,CAC7D,CAAC;IAEF,IAAI,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAE3C,8EAA8E;QAC9E,IAAI,MAAM,GAAG,OAAO,CAAC;QACrB,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9E,qBAAqB;YACrB,MAAM,GAAG,kBAAkB,OAAO,MAAM,CAAC;QAC3C,CAAC;QAED,MAAM,cAAc,CAClB,SAAS,EACT,qDAAqD,MAAM,IAAI,QAAQ,EAAE,CAC1E,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAC5B,SAA4B,EAC5B,OAAe,EACf,MAAc,EACd,UAA8B;IAE9B,OAAO,CAAC,GAAG,CACT,sBAAsB,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,KAAK,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,CACzF,CAAC;IAEF,MAAM,QAAQ,GAAG;QACf,MAAM,OAAO,EAAE;QACf,iBAAiB;QACjB,gBAAgB,MAAM,EAAE;QACxB,mBAAmB,MAAM,EAAE;KAC5B,CAAC;IAEF,yDAAyD;IACzD,IAAI,UAAU,EAAE,CAAC;QACf,QAAQ,CAAC,IAAI,CAAC,gBAAgB,UAAU,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,cAAc,CAAC,SAAS,EAAE,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;AACzD,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,YAAY,CACzB,SAA4B,EAC5B,OAAe,EACf,WAAmB,EACnB,aAAiC;IAEjC,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,kEAAkE;QAClE,OAAO;IACT,CAAC;IAED,MAAM,WAAW,GAAG,QAAQ,WAAW,KAAK,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IAClF,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM,CAAC;IAEzD,6DAA6D;IAC7D,MAAM,OAAO,GAAG,aAAa;SAC1B,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;SAC/C,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;IAExC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,4CAA4C,WAAW,UAAU,CAAC,CAAC;QAC/E,OAAO;IACT,CAAC;IAED,yBAAyB;IACzB,MAAM,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAEjD,IAAI,UAAU,EAAE,CAAC;QACf,uCAAuC;QACvC,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,cAAc,CAAC,CAAC;QACjF,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;QAE5D,OAAO,CAAC,GAAG,CAAC,iBAAiB,WAAW,KAAK,OAAO,CAAC,MAAM,gBAAgB,CAAC,CAAC;QAC7E,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,cAAc,EAAE,MAAM,CAAC,CAAC;IACxD,CAAC;SAAM,CAAC;QACN,8BAA8B;QAC9B,OAAO,CAAC,GAAG,CAAC,iBAAiB,WAAW,sBAAsB,OAAO,CAAC,MAAM,gBAAgB,CAAC,CAAC;QAE9F,MAAM,cAAc,CAClB,SAAS,EACT,SAAS,OAAO,IAAI,WAAW;EACnC,cAAc,QAAQ,CACnB,CAAC;IACJ,CAAC;AACH,CAAC;AAED,+DAA+D;AAC/D,uCAAuC;AACvC,+DAA+D;AAC/D,6EAA6E;AAC7E,2EAA2E;AAC3E,uEAAuE;AACvE,4EAA4E;AAC5E,+DAA+D;AAE/D;;;;;GAKG;AACH,KAAK,UAAU,UAAU,CACvB,SAA4B,EAC5B,MAAqB;IAErB,MAAM,YAAY,GAAG,IAAA,uCAAmB,EAAC,MAAM,CAAC,CAAC;IAEjD,6CAA6C;IAC7C,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;QAC9C,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACrD,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;QACtE,OAAO;IACT,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAC;IAClC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;QAC/E,OAAO,CAAC,GAAG,CAAC,yEAAyE,CAAC,CAAC;QACvF,OAAO;IACT,CAAC;IAED,2DAA2D;IAC3D,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,wCAAwC,MAAM,EAAE,CAAC,CAAC;QAE9D,wEAAwE;QACxE,MAAM,UAAU,GAAG;YACjB,iBAAiB;YACjB,sCAAsC;YACtC,8CAA8C;YAC9C,UAAU;YACV,0BAA0B;YAC1B,cAAc;YACd,KAAK,GAAG,MAAM;YACd,UAAU,GAAG,QAAQ;YACrB,aAAa;YACb,mBAAmB;SACpB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEZ,IAAI,CAAC;YACH,MAAM,cAAc,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,wCAAwC,MAAM,EAAE,CAAC,CAAC;QAChE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,gCAAgC,MAAM,0BAA0B,CAAC,CAAC;QAChF,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,mBAAmB,CAAC,SAA4B;IAC7D,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;IAEjE,4EAA4E;IAC5E,MAAM,QAAQ,GAAG,mNAAmN,CAAC;IAErO,iDAAiD;IACjD,MAAM,SAAS,GAAG,MAAM,cAAc,CACpC,SAAS,EACT,2EAA2E,CAC5E,CAAC;IAEF,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QACpC,0CAA0C;QAC1C,MAAM,cAAc,CAClB,SAAS,EACT,+CAA+C,QAAQ,gBAAgB,CACxE,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;IAChF,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;IAChE,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,mBAAmB,CAChC,SAA4B,EAC5B,MAAqB;IAErB,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,IAAI,KAAK,CAAC;IACtC,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,EAAE,MAAM,IAAI,WAAW,CAAC;IACjD,MAAM,WAAW,GAAG,GAAG,QAAQ,OAAO,CAAC;IAEvC,iFAAiF;IACjF,IAAI,WAAmB,CAAC;IACxB,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC;IACpC,CAAC;SAAM,CAAC;QACN,qCAAqC;QACrC,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,cAAc,CACpC,SAAS,EACT,sEAAsE,MAAM,EAAE,CAC/E,CAAC;YACF,WAAW,GAAG,GAAG,SAAS,CAAC,IAAI,EAAE,YAAY,MAAM,gBAAgB,CAAC;QACtE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,6CAA6C,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACtG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,CAAC,cAAc,IAAI,QAAQ,CAAC;IACxD,MAAM,QAAQ,GAAG,GAAG,WAAW,IAAI,aAAa,SAAS,CAAC;IAE1D,sCAAsC;IACtC,MAAM,cAAc,GAAG,MAAM,cAAc,CACzC,SAAS,EACT,mCAAmC,CACpC,CAAC;IAEF,mBAAmB;IACnB,MAAM,OAAO,GAAG,iBAAI,CAAC,IAAI,CAAC,cAAc,CAUvC,CAAC;IAEF,IAAI,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QACtD,4CAA4C;QAC5C,OAAO,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC;QAC3C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,KAAK,GAAG,QAAQ,CAAC;IACjD,CAAC;IAED,uBAAuB;IACvB,MAAM,cAAc,GAAG,iBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;IAC7D,MAAM,cAAc,CAClB,SAAS,EACT,iDAAiD,cAAc,OAAO,CACvE,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,iBAAiB,CACrC,MAAqB,EACrB,WAAmB,EACnB,UAAoC,EAAE;IAEtC,0EAA0E;IAC1E,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,WAAW,KAAK,YAAY,EAAE,CAAC;QACpE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,0CAA0C,EAAE,CAAC;IAChF,CAAC;IAED,kEAAkE;IAClE,MAAM,YAAY,GAAG,IAAA,uCAAmB,EAAC,MAAM,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,YAAY,CAAC,WAAW,CAAC,IAAI,YAAY,CAAC,MAAM,CAAC,IAAI,YAAY,CAAC,YAAY,CAAC,CAAC;IAElG,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,GAAG,WAAW,wBAAwB,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IACzD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,IAAI,KAAK,CAAC;IACtC,MAAM,OAAO,GAAG,cAAc,QAAQ,EAAE,CAAC;IAEzC,IAAI,CAAC;QACH,iCAAiC;QACjC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;QACtC,MAAM,mBAAmB,CAAC,SAAS,CAAC,CAAC;QAErC,6BAA6B;QAC7B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;QAClC,MAAM,kBAAkB,CAAC,SAAS,CAAC,CAAC;QAEpC,0CAA0C;QAC1C,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;QACxC,MAAM,gBAAgB,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC9D,MAAM,eAAe,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;QAE9D,iEAAiE;QACjE,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC;QAC5C,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;YACnD,MAAM,YAAY,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC;QAChE,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,8FAA8F,CAAC,CAAC;QAC9G,CAAC;QAED,qFAAqF;QAErF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC;IACpD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5E,MAAM,IAAI,KAAK,CAAC,6BAA6B,YAAY,EAAE,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,UAAU,CAC9B,MAAqB,EACrB,cAAsB,MAAM;IAE5B,kEAAkE;IAClE,MAAM,YAAY,GAAG,IAAA,uCAAmB,EAAC,MAAM,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,YAAY,CAAC,WAAW,CAAC,IAAI,YAAY,CAAC,MAAM,CAAC,IAAI,YAAY,CAAC,YAAY,CAAC,CAAC;IAElG,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC;QACvB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,WAAW,wBAAwB,EAAE,CAAC;IAC3E,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,kCAAkC,SAAS,CAAC,MAAM,MAAM,CAAC,CAAC;IAEtE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,IAAI,KAAK,CAAC;QACtC,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,EAAE,MAAM,IAAI,WAAW,CAAC;QAEjD,8EAA8E;QAC9E,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;QAChE,MAAM,KAAK,GAAG,IAAA,oBAAS,GAAE,CAAC;QAC1B,MAAM,OAAO,GAAG,IAAA,sBAAW,EAAC,KAAK,CAAC,CAAC;QACnC,IAAA,gCAAqB,EAAC,OAAO,CAAC,CAAC;QAC/B,IAAA,wBAAa,EAAC,OAAO,CAAC,CAAC;QAEvB,uEAAuE;QACvE,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;QAC9E,MAAM,mBAAmB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAE7C,6CAA6C;QAC7C,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;QAC5D,MAAM,cAAc,CAClB,SAAS,EACT;4CACsC,MAAM,wHAAwH,MAAM;;4BAEpJ,QAAQ;KAC/B,CACA,CAAC;QAEF,kCAAkC;QAClC,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;QAClD,MAAM,UAAU,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QACpC,MAAM,mBAAmB,CAAC,SAAS,CAAC,CAAC;QAErC,4DAA4D;QAC5D,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;QAC5E,MAAM,cAAc,CAClB,SAAS,EACT,yCAAyC,QAAQ,OAAO,CACzD,CAAC;QAEF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC;IACtE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/plugins/pipelines/aws/scanfix/aws-cli.d.ts

@@ -0,0 +1,7 @@
+/**
+ * AWS CLI fixes for AWS plugin
+ * Handles AWS CLI installation for dev environment
+ */
+import type { Fix } from '../../../../types/index.js';
+export declare const awsCliFixes: Fix[];
+//# sourceMappingURL=aws-cli.d.ts.map

package/dist/plugins/pipelines/aws/scanfix/aws-cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws-cli.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/aws-cli.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AAErE,eAAO,MAAM,WAAW,EAAE,GAAG,EAoB5B,CAAC"}

package/dist/plugins/pipelines/aws/scanfix/aws-cli.js

@@ -0,0 +1,31 @@
+"use strict";
+/**
+ * AWS CLI fixes for AWS plugin
+ * Handles AWS CLI installation for dev environment
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.awsCliFixes = void 0;
+const child_process_1 = require("child_process");
+exports.awsCliFixes = [
+    {
+        id: 'aws-cli-not-installed-dev',
+        stage: 'dev',
+        severity: 'warning',
+        description: 'AWS CLI not installed (needed for ECR)',
+        scan: async (config, _rootDir) => {
+            // Only check if AWS is configured
+            if (!config?.aws?.access_key_id)
+                return false;
+            try {
+                (0, child_process_1.execSync)('which aws', { stdio: 'pipe' });
+                return false;
+            }
+            catch {
+                return true;
+            }
+        },
+        fix: null,
+        manualFix: 'Install AWS CLI: brew install awscli',
+    },
+];
+//# sourceMappingURL=aws-cli.js.map

package/dist/plugins/pipelines/aws/scanfix/aws-cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws-cli.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/aws-cli.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,iDAAyC;AAG5B,QAAA,WAAW,GAAU;IAChC;QACE,EAAE,EAAE,2BAA2B;QAC/B,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,wCAAwC;QACrD,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAE,QAAgB,EAAoB,EAAE;YACxE,kCAAkC;YAClC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,aAAa;gBAAE,OAAO,KAAK,CAAC;YAE9C,IAAI,CAAC;gBACH,IAAA,wBAAQ,EAAC,WAAW,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;gBACzC,OAAO,KAAK,CAAC;YACf,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,GAAG,EAAE,IAAI;QACT,SAAS,EAAE,sCAAsC;KAClD;CACF,CAAC"}

package/dist/plugins/pipelines/aws/scanfix/config.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Configuration-related fixes for AWS plugin
+ * Handles configuration checks and validation
+ */
+import type { Fix } from '../../../../types/index.js';
+export declare const configFixes: Fix[];
+//# sourceMappingURL=config.d.ts.map

package/dist/plugins/pipelines/aws/scanfix/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/config.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AAErE,eAAO,MAAM,WAAW,EAAE,GAAG,EA6F5B,CAAC"}

package/dist/plugins/pipelines/aws/scanfix/config.js

@@ -0,0 +1,134 @@
+"use strict";
+/**
+ * Configuration-related fixes for AWS plugin
+ * Handles configuration checks and validation
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.configFixes = void 0;
+const child_process_1 = require("child_process");
+exports.configFixes = [
+    // PROD STAGE FIXES
+    {
+        id: 'prod-domain-missing',
+        stage: 'prod',
+        severity: 'critical',
+        description: 'Production domain not configured in factiii.yml',
+        scan: async (config, _rootDir) => {
+            const { extractEnvironments } = await Promise.resolve().then(() => __importStar(require('../../../../utils/config-helpers.js')));
+            const environments = extractEnvironments(config);
+            // Only check if prod environment is defined in config
+            const hasProdEnv = environments.prod || environments.production;
+            if (!hasProdEnv)
+                return false; // Skip check if prod not configured
+            return !environments.prod?.domain && !environments.production?.domain;
+        },
+        fix: null,
+        manualFix: 'Add prod.domain to factiii.yml',
+    },
+    {
+        id: 'prod-aws-config-missing',
+        stage: 'prod',
+        severity: 'critical',
+        description: 'AWS configuration missing in factiii.yml',
+        scan: async (config, _rootDir) => {
+            const { extractEnvironments } = await Promise.resolve().then(() => __importStar(require('../../../../utils/config-helpers.js')));
+            const environments = extractEnvironments(config);
+            // Only check if prod environment is defined in config
+            const hasProdEnv = environments.prod || environments.production;
+            if (!hasProdEnv)
+                return false; // Skip check if prod not configured
+            const prodEnv = environments.prod ?? environments.production;
+            return !prodEnv?.access_key_id || !prodEnv?.region;
+        },
+        fix: null,
+        manualFix: 'Add access_key_id and region to prod environment in factiii.yml',
+    },
+    {
+        id: 'prod-unreachable',
+        stage: 'prod',
+        severity: 'critical',
+        description: 'Cannot reach production server',
+        scan: async (config, _rootDir) => {
+            const { extractEnvironments } = await Promise.resolve().then(() => __importStar(require('../../../../utils/config-helpers.js')));
+            const environments = extractEnvironments(config);
+            // Only check if prod environment is defined in config
+            const hasProdEnv = environments.prod || environments.production;
+            if (!hasProdEnv)
+                return false; // Skip check if prod not configured
+            const domain = environments.prod?.domain ?? environments.production?.domain;
+            if (!domain)
+                return false;
+            try {
+                (0, child_process_1.execSync)(`ping -c 1 -W 3 ${domain}`, { stdio: 'pipe' });
+                return false;
+            }
+            catch {
+                return true;
+            }
+        },
+        fix: null,
+        manualFix: 'Check network connectivity to production server',
+    },
+    {
+        id: 'prod-repo-not-cloned',
+        stage: 'prod',
+        severity: 'warning',
+        description: 'Repository not cloned on production server',
+        scan: async (config, _rootDir) => {
+            const { extractEnvironments } = await Promise.resolve().then(() => __importStar(require('../../../../utils/config-helpers.js')));
+            const environments = extractEnvironments(config);
+            const envConfig = environments.prod ?? environments.production;
+            if (!envConfig)
+                return false;
+            if (!envConfig?.domain)
+                return false;
+            const repoName = config.name ?? 'app';
+            // Executed locally - SSH handled by CLI wrapper
+            const fs = await Promise.resolve().then(() => __importStar(require('fs')));
+            const path = await Promise.resolve().then(() => __importStar(require('path')));
+            try {
+                const repoPath = path.join(process.env.HOME ?? '/home/ubuntu', '.factiii', repoName, '.git');
+                return !fs.existsSync(repoPath);
+            }
+            catch {
+                return true;
+            }
+        },
+        fix: null, // Will be handled by ensureServerReady()
+        manualFix: 'Repository will be cloned automatically on first deployment',
+    },
+];
+//# sourceMappingURL=config.js.map

package/dist/plugins/pipelines/aws/scanfix/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/config.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,iDAAyC;AAG5B,QAAA,WAAW,GAAU;IAChC,mBAAmB;IACnB;QACE,EAAE,EAAE,qBAAqB;QACzB,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,iDAAiD;QAC9D,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAE,QAAgB,EAAoB,EAAE;YACxE,MAAM,EAAE,mBAAmB,EAAE,GAAG,wDAAa,qCAAqC,GAAC,CAAC;YACpF,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAEjD,sDAAsD;YACtD,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,UAAU,CAAC;YAChE,IAAI,CAAC,UAAU;gBAAE,OAAO,KAAK,CAAC,CAAC,oCAAoC;YAEnE,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC;QACxE,CAAC;QACD,GAAG,EAAE,IAAI;QACT,SAAS,EAAE,gCAAgC;KAC5C;IACD;QACE,EAAE,EAAE,yBAAyB;QAC7B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,0CAA0C;QACvD,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAE,QAAgB,EAAoB,EAAE;YACxE,MAAM,EAAE,mBAAmB,EAAE,GAAG,wDAAa,qCAAqC,GAAC,CAAC;YACpF,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAEjD,sDAAsD;YACtD,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,UAAU,CAAC;YAChE,IAAI,CAAC,UAAU;gBAAE,OAAO,KAAK,CAAC,CAAC,oCAAoC;YAEnE,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,UAAU,CAAC;YAC7D,OAAO,CAAC,OAAO,EAAE,aAAa,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC;QACrD,CAAC;QACD,GAAG,EAAE,IAAI;QACT,SAAS,EAAE,iEAAiE;KAC7E;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,gCAAgC;QAC7C,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAE,QAAgB,EAAoB,EAAE;YACxE,MAAM,EAAE,mBAAmB,EAAE,GAAG,wDAAa,qCAAqC,GAAC,CAAC;YACpF,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAEjD,sDAAsD;YACtD,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,UAAU,CAAC;YAChE,IAAI,CAAC,UAAU;gBAAE,OAAO,KAAK,CAAC,CAAC,oCAAoC;YAEnE,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,IAAI,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC;YAC5E,IAAI,CAAC,MAAM;gBAAE,OAAO,KAAK,CAAC;YAE1B,IAAI,CAAC;gBACH,IAAA,wBAAQ,EAAC,kBAAkB,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;gBACxD,OAAO,KAAK,CAAC;YACf,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,GAAG,EAAE,IAAI;QACT,SAAS,EAAE,iDAAiD;KAC7D;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,4CAA4C;QACzD,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAE,QAAgB,EAAoB,EAAE;YACxE,MAAM,EAAE,mBAAmB,EAAE,GAAG,wDAAa,qCAAqC,GAAC,CAAC;YACpF,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAEjD,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,UAAU,CAAC;YAC/D,IAAI,CAAC,SAAS;gBAAE,OAAO,KAAK,CAAC;YAC7B,IAAI,CAAC,SAAS,EAAE,MAAM;gBAAE,OAAO,KAAK,CAAC;YAErC,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,IAAI,KAAK,CAAC;YAEtC,gDAAgD;YAChD,MAAM,EAAE,GAAG,wDAAa,IAAI,GAAC,CAAC;YAC9B,MAAM,IAAI,GAAG,wDAAa,MAAM,GAAC,CAAC;YAClC,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,cAAc,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;gBAC7F,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YAClC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,GAAG,EAAE,IAAI,EAAE,yCAAyC;QACpD,SAAS,EAAE,6DAA6D;KACzE;CACF,CAAC"}

package/dist/plugins/pipelines/factiii/github-secrets-store.d.ts

@@ -0,0 +1,65 @@
+/**
+ * GitHub Secrets Store
+ *
+ * Utility for managing GitHub repository secrets via the GitHub API.
+ * Used by the pipeline plugin and secrets CLI command.
+ */
+interface RepoInfo {
+    owner: string;
+    repo: string;
+}
+interface SetSecretResult {
+    success: boolean;
+    error?: string;
+}
+interface CheckSecretsResult {
+    existing?: string[];
+    status?: Record<string, boolean>;
+    missing?: string[];
+    error?: string;
+}
+interface PublicKeyResponse {
+    key: string;
+    key_id: string;
+}
+interface GitHubSecretsStoreConfig {
+    token?: string;
+    owner?: string;
+    repo?: string;
+}
+export declare class GitHubSecretsStore {
+    private token?;
+    private owner?;
+    private repo?;
+    constructor(config?: GitHubSecretsStoreConfig);
+    /**
+     * Get repository info from git remote
+     */
+    static getRepoInfo(): RepoInfo | null;
+    /**
+     * Make GitHub API request
+     */
+    private request;
+    /**
+     * Get repository public key for encrypting secrets
+     */
+    getPublicKey(): Promise<PublicKeyResponse>;
+    /**
+     * Encrypt a secret value using the repository's public key
+     */
+    encryptSecret(value: string, _publicKey: string): string;
+    /**
+     * Set a secret in the repository
+     */
+    setSecret(name: string, value: string): Promise<SetSecretResult>;
+    /**
+     * Check which secrets exist
+     */
+    checkSecrets(secretNames: string[]): Promise<CheckSecretsResult>;
+    /**
+     * Delete a secret
+     */
+    deleteSecret(name: string): Promise<SetSecretResult>;
+}
+export {};
+//# sourceMappingURL=github-secrets-store.d.ts.map

package/dist/plugins/pipelines/factiii/github-secrets-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github-secrets-store.d.ts","sourceRoot":"","sources":["../../../../src/plugins/pipelines/factiii/github-secrets-store.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,UAAU,QAAQ;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd;AAED,UAAU,eAAe;IACvB,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,UAAU,kBAAkB;IAC1B,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,UAAU,iBAAiB;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;CAChB;AAMD,UAAU,wBAAwB;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,KAAK,CAAC,CAAS;IACvB,OAAO,CAAC,KAAK,CAAC,CAAS;IACvB,OAAO,CAAC,IAAI,CAAC,CAAS;gBAEV,MAAM,GAAE,wBAA6B;IAejD;;OAEG;IACH,MAAM,CAAC,WAAW,IAAI,QAAQ,GAAG,IAAI;IAuBrC;;OAEG;YACW,OAAO;IAwDrB;;OAEG;IACG,YAAY,IAAI,OAAO,CAAC,iBAAiB,CAAC;IAKhD;;OAEG;IACH,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM;IAQxD;;OAEG;IACG,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAwBtE;;OAEG;IACG,YAAY,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,kBAAkB,CAAC;IA6BtE;;OAEG;IACG,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;CAY3D"}