@factiii/stack 0.1.203 → 0.7.2

package/README.md

@@ -1,402 +1,94 @@
-# Stack
+# @factiii/stack
 
-Infrastructure management CLI for deploying full-stack applications with plugin-based configuration.
+Infrastructure management CLI. Scan, fix, and deploy Node.js apps to AWS with Docker, Nginx, and GitHub Actions.
 
-## Quick Start
+## Install
 
 ```bash
-# Install in your project
 npm install @factiii/stack
-
-# Initialize configuration (run this first!)
-npx stack init
-
-# This creates:
-# - stack.yml (user-editable config)
-# - stackAuto.yml (auto-detected config)
-# - .github/workflows/ (CI/CD workflows)
-
-# Edit stack.yml to replace EXAMPLE_ values
-# Then run:
-npx stack scan    # Check for issues
-npx stack fix     # Auto-fix issues
-npx stack deploy --staging  # Deploy to staging
-```
-
-## How It Works
-
-Stack uses a **plugin-based architecture** where each plugin:
-1. Defines its own configuration schema
-2. Auto-detects project settings
-3. Validates and fixes issues
-4. Handles deployment for its domain
-
-### The Two Config Files
-
-**`stack.yml`** - User-Editable Configuration
-```yaml
-name: my-app
-
-# Environment configurations
-staging:
-  domain: staging.myapp.com
-  server: mac             # OS type: mac, ubuntu, windows, amazon-linux
-  server_mode: true       # Enable server hardening (default: true)
-
-prod:
-  domain: myapp.com
-  server: ubuntu          # OS type for production
-  pipeline: aws           # Use AWS pipeline for deployment
-  config: free-tier       # AWS tier: ec2, free-tier, standard, enterprise
-  access_key_id: AKIAXXXXXXXX
-  region: us-east-1
-
-prisma:
-  schema_path: null  # Optional override
-  version: null      # Optional override
-
-# Exclude Docker containers from unmanaged container cleanup
-container_exclusions:
-  - factiii_postgres
-  - legacy_container
-```
-
-**`stackAuto.yml`** - Auto-Detected Configuration
-```yaml
-# Auto-detected by plugins
-factiii_version: 1.0.0
-has_prisma: true
-has_trpc: true
-prisma_schema: prisma/schema.prisma
-prisma_version: 5.0.0
-ssh_user: ubuntu
-dockerfile: Dockerfile
-package_manager: pnpm
-node_version: 20
-pnpm_version: 9
-aws_cli_installed: true
-```
-
-## CLI Commands
-
-### Init (Run This First!)
-
-Scans your project and generates configuration files:
-
-```bash
-npx stack init          # Initialize Stack
-npx stack init --force  # Regenerate configs
-```
-
-**What it does:**
-- Detects which plugins are relevant to your project
-- Generates `stack.yml` with only relevant sections
-- Generates `stackAuto.yml` with auto-detected values
-- Creates GitHub Actions workflows
-
-### Scan
-
-Checks all environments for issues:
-
-```bash
-npx stack scan           # Scan all (dev, secrets, staging, prod)
-npx stack scan --dev     # Scan dev only
-npx stack scan --staging # Scan staging only
-npx stack scan --prod    # Scan prod only
-```
-
-**Note:** Requires `stack.yml` (or legacy factiii.yml) to exist. Run `npx stack init` first.
-
-### Fix
-
-Automatically fixes issues where possible:
-
-```bash
-npx stack fix           # Fix all environments
-npx stack fix --dev     # Fix dev only
-npx stack fix --staging # Fix staging only
-npx stack fix --prod    # Fix prod only
-```
-
-**Note:** Requires `stack.yml` (or legacy factiii.yml) to exist. Run `npx stack init` first.
-
-### Deploy
-
-Deploys to environments (runs scan first, aborts on issues):
-
-```bash
-npx stack deploy --dev      # Start local dev containers
-npx stack deploy --staging  # Deploy to staging server
-npx stack deploy --prod     # Deploy to production server
-```
-
-**Note:** Requires `stack.yml` (or legacy factiii.yml) to exist. Run `npx stack init` first.
-
-### AWS EC2 Deployment (2 Commands)
-
-Deploy your full-stack app to AWS EC2 with just two commands:
-
-```bash
-# 1. Provision all AWS infrastructure
-npx factiii fix
-
-# Creates: VPC, Security Groups, EC2 instance, RDS database,
-# S3 bucket, ECR repository, IAM users, SES email
-
-# 2. Deploy your application
-npx factiii deploy --prod
-
-# Configures: Docker, Nginx, SSL certificates, pulls images, starts containers
-```
-
-**Prerequisites:** You need an IAM user with the `factiii-bootstrap` policy configured via `aws configure`.
-
-See [docs/aws-setup-guide.md](docs/aws-setup-guide.md) for the full step-by-step setup guide including the IAM policy JSON.
-
-### Secrets Management
-
-Manage secrets via Ansible Vault and deploy them directly to servers:
-
-```bash
-# List all secrets (SSH keys + environment variables)
-npx stack deploy --secrets list
-
-# Set SSH keys (required for deployment)
-npx stack deploy --secrets set STAGING_SSH
-npx stack deploy --secrets set PROD_SSH
-
-# Set environment variables for each stage
-npx stack deploy --secrets set-env DATABASE_URL --staging
-npx stack deploy --secrets set-env JWT_SECRET --staging
-npx stack deploy --secrets set-env DATABASE_URL --prod
-npx stack deploy --secrets set-env JWT_SECRET --prod
-
-# List environment variables
-npx stack deploy --secrets list-env --staging
-npx stack deploy --secrets list-env --prod
-
-# Deploy secrets to servers via SSH
-npx stack deploy --secrets deploy --staging  # Deploy to staging server
-npx stack deploy --secrets deploy --prod     # Deploy to production server
-npx stack deploy --secrets deploy --all      # Deploy to all servers
-
-# Options
-npx stack deploy --secrets deploy --staging --restart   # Restart container after deploy
-npx stack deploy --secrets deploy --staging --dry-run   # Show what would be deployed
 ```
 
-**How it works:**
-1. Secrets are stored locally in Ansible Vault (encrypted)
-2. When you run `secrets deploy`, Factiii:
-   - Reads the SSH key from the vault
-   - Connects to the server via SSH
-   - Writes a `.env.{stage}` file with your environment variables
-3. Your application reads the `.env.{stage}` file on startup
-
-**Note:** Requires `stack.yml` with Ansible Vault configured. Run `npx stack init` first.
-
-## Stage Execution
-
-Stack commands work with four stages: `dev`, `secrets`, `staging`, `prod`.
-
-### Running Commands
-
-```bash
-npx stack scan              # Scan all reachable stages
-npx stack scan --dev        # Scan only dev stage
-npx stack scan --staging    # Scan only staging stage
-
-npx stack fix               # Fix all reachable stages
-npx stack fix --staging     # Fix only staging stage
-
-npx stack deploy --staging  # Deploy to staging
-npx stack deploy --prod     # Deploy to prod
-```
-
-### How Stages Are Reached
-
-The pipeline plugin decides how to reach each stage:
-
-| Stage | How it's reached |
-|-------|------------------|
-| dev | Always runs locally |
-| secrets | Runs locally (needs Ansible Vault configured) |
-| staging | Via workflow → SSH → runs with `--staging` |
-| prod | Via workflow → SSH → runs with `--prod` |
-
-### For Pipeline Plugin Authors
-
-When your CI/CD workflow SSHs to a server to run commands, you **MUST** specify the stage:
+## Quick Start
 
 ```bash
-# In your workflow, after SSH to staging server:
-GITHUB_ACTIONS=true npx stack fix --staging     # ✅ Correct
-npx stack fix                                    # ❌ Wrong - will try to run all stages
+npx stack              # Self-bootstrap + scan
+npx stack init         # First-time vault/secrets setup
+npx stack scan --dev   # Read-only issue detection
+npx stack fix --dev    # Auto-fix detected issues
+npx stack deploy --staging  # Scan then deploy
 ```
 
-This prevents the command from trying to reach stages it can't access from the server.
-
-See [STANDARDS.md](STANDARDS.md) for full documentation of the stage execution pattern.
-
-## Plugin Architecture
-
-### Built-in Plugins
+## Commands
 
-**Pipelines**
-- `factiii` - GitHub Actions CI/CD with thin workflows
-- `aws` - AWS infrastructure (EC2, ECR, free-tier configs)
+| Command | Description |
+|---------|-------------|
+| `npx stack` | Self-bootstrap + scan (default) |
+| `npx stack init` | First-time vault/secrets setup |
+| `npx stack scan [--stage]` | Read-only issue detection |
+| `npx stack fix [--stage]` | Auto-fix detected issues |
+| `npx stack deploy --<stage>` | Scan then deploy |
+| `npx stack deploy --secrets <action>` | Manage Ansible Vault secrets |
+| `npx stack db <cmd> --<stage>` | Database operations (migrate, seed, reset, status) |
+| `npx stack ops <cmd> --<stage>` | Server operations (logs, restart, shell, status) |
+| `npx stack backup <cmd> --<stage>` | Database backup/restore |
+| `npx stack dev-reset [--dry-run]` | Reset local config/secrets for fresh bootstrap |
 
-**Servers (OS Types)**
-- `mac` - macOS (Homebrew, launchctl)
-- `ubuntu` - Ubuntu Linux (apt, systemd)
-- `windows` - Windows Server (Chocolatey) - template
-- `amazon-linux` - Amazon Linux 2023 (dnf, systemd)
-
-**Frameworks**
-- `prisma-trpc` - Prisma database + tRPC API
-
-**Addons**
-- `server-mode` - Configure machines as deployment servers (disable sleep, enable SSH, etc.)
-
-### How Plugins Work
-
-Each plugin defines:
-
-```javascript
-class MyPlugin {
-  static id = 'my-plugin';
-  static category = 'framework'; // or: pipeline, server, addon
-  
-  // Schema for factiii.yml (user-editable)
-  static configSchema = {
-    my_plugin: {
-      setting: 'default-value'
-    }
-  };
-  
-  // Schema for factiiiAuto.yml (auto-detected)
-  static autoConfigSchema = {
-    has_my_plugin: 'boolean',
-    my_plugin_version: 'string'
-  };
-  
-  // Auto-detect configuration
-  static async detectConfig(rootDir) {
-    return {
-      has_my_plugin: true,
-      my_plugin_version: '1.0.0'
-    };
-  }
-  
-  // Fixes array - issues this plugin can detect and resolve
-  static fixes = [
-    {
-      id: 'missing-config',
-      stage: 'dev',
-      severity: 'critical',
-      description: 'Configuration missing',
-      scan: async (config, rootDir) => {
-        // Return true if problem exists
-        return !config.my_plugin;
-      },
-      fix: async (config, rootDir) => {
-        // Auto-fix the problem
-        return true;
-      },
-      manualFix: 'Add my_plugin config to factiii.yml'
-    }
-  ];
-  
-  // Deploy method
-  async deploy(config, environment) {
-    // Handle deployment for this environment
-  }
-}
-```
+## Stages
 
-## Thin Workflows
+`--dev`, `--secrets`, `--staging`, `--prod`
 
-GitHub Actions workflows are intentionally minimal - they just SSH into servers and call the CLI:
+Routing priority:
+1. `dev` / `secrets` → always runs locally
+2. `staging` / `prod` → tries SSH key (`~/.ssh/{stage}_deploy_key`) → falls back to GitHub Actions workflow → unreachable
 
-```yaml
-# .github/workflows/factiii-staging.yml
-- name: Deploy via CLI
-  run: |
-    ssh user@host << EOF
-      cd ~/.factiii/my-app
-      git pull
-      GITHUB_ACTIONS=true npx stack deploy --staging
-    EOF
-```
+## Config Files
 
-**CRITICAL: Workflows MUST specify the stage flag (`--staging` or `--prod`) when running commands on servers.**
+| File | Purpose | Editable By |
+|------|---------|-------------|
+| `stack.yml` | Manual settings (committed) | User |
+| `stackAuto.yml` | Auto-detected settings | Stack CLI |
+| `stack.local.yml` | Per-developer overrides (gitignored) | User |
 
-All deployment logic runs on the server in testable JavaScript, not in workflow bash scripts.
+Legacy `factiii.yml` is also supported.
 
-## Secrets Configuration
+## Plugins
 
-Secrets are managed via Ansible Vault (see CLI commands above). Add this to `stack.yml`:
+**Pipelines** — CI/CD routing: `factiii`, `aws`
 
-```yaml
-ansible:
-  vault_path: group_vars/all/vault.yml
-  vault_password_file: ~/.vault_pass      # or set ANSIBLE_VAULT_PASSWORD env var
-```
+**Servers** — OS-specific commands: `mac`, `ubuntu`, `windows`, `amazon-linux`
 
-**Required secrets:** `STAGING_SSH`, `PROD_SSH`, and `AWS_SECRET_ACCESS_KEY` (if using AWS).
+**Frameworks** — App scaffolding: `prisma-trpc`, `expo`
 
-**CI/CD:** Add `ANSIBLE_VAULT_PASSWORD` to your GitHub repo secrets. Workflows use `npx stack deploy --secrets write-ssh-keys` to extract SSH keys for deployment.
+**Addons** — Extensions: `server-mode` (hardening), `openclaw` (AI agent), `auth` (@factiii/auth integration)
 
-**Security:** Never commit the vault password or decrypted vault file to git.
+Plugins auto-detect from your project. No manual registration needed.
 
-## Environment Variables
+## AWS Strategy
 
-Plugins declare required environment variables:
+Two IAM users per project:
+- **Dev account** (dev + staging): `factiii-{project}-dev`
+- **Prod account** (prod only): `factiii-{project}-prod`
 
-```javascript
-class MyPlugin {
-  static requiredEnvVars = ['DATABASE_URL', 'API_KEY'];
-}
-```
+Provisioning covers EC2, RDS, VPC, ECR, Route 53, and S3.
 
-These are automatically validated against:
-- `.env.example` (template, committed to git)
-- `.env` (local dev, gitignored, auto-created from example)
-- `.env.staging` (staging values, user creates)
-- `.env.prod` (production values, user creates)
+## Deployment Flow
 
-## AWS Configuration Bundles
+1. `npx stack` — bootstrap (installs deps, detects frameworks, generates config)
+2. `npx stack init` — create vault, store secrets
+3. `npx stack fix --staging` — provision infrastructure, push workflows
+4. `npx stack deploy --staging` — scan, build, deploy via SSH or GitHub Actions
 
-The AWS plugin supports multiple configuration bundles:
+Workflows are ultra-thin: trigger + secrets + SSH + CLI call. No setup/clone/build logic in CI.
 
 ```yaml
-# factiii.yml
-aws:
-  config: free-tier  # Choose your bundle
-  region: us-east-1
-```
-
-**Available Bundles:**
-- `ec2` - Basic EC2 instance
-- `free-tier` - Complete free tier (EC2 + RDS + S3 + ECR)
-- `standard` - Production-ready setup (coming soon)
-- `enterprise` - HA, multi-AZ, auto-scaling (coming soon)
-
-## External Plugins
-
-Install external plugins via npm:
-
-```bash
-npm install @factiii/stack-plugin-nextjs
+ssh -i ~/.ssh/deploy_key "$USER@$HOST" \
+  "GITHUB_ACTIONS=true npx stack deploy --staging"
 ```
 
-Factiii automatically loads plugins from `node_modules` that match:
-- `@factiii/stack-plugin-*`
-- Listed in `factiii.yml` under `plugins`
-
-## Development
+## Requirements
 
-See [STANDARDS.md](STANDARDS.md) for plugin development guide.
+- Node.js >= 18.0.0
+- pnpm, npm, or yarn
 
 ## License
 

package/dist/plugins/addons/auth/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/plugins/addons/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAE,GAAG,EAAE,QAAQ,EAAwB,MAAM,yBAAyB,CAAC;AAoClG,cAAM,SAAS;IAKb,MAAM,CAAC,QAAQ,CAAC,EAAE,UAAU;IAC5B,MAAM,CAAC,QAAQ,CAAC,IAAI,0BAA0B;IAC9C,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAW;IAC5C,MAAM,CAAC,QAAQ,CAAC,OAAO,WAAW;IAElC;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,iBAAiB,EAAE,QAAQ,EAAE,CAAgC;IAE7E,MAAM,CAAC,QAAQ,CAAC,aAAa,EAAE,QAAQ,CAAY;IAGnD,MAAM,CAAC,QAAQ,CAAC,eAAe,EAAE,MAAM,EAAE,CAAkB;IAG3D,MAAM,CAAC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CASnD;IAGF,MAAM,CAAC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAGtD;IAEF;;;OAGG;WACU,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC;IAalF,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CASrC;IAMF,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE,CAAe;IAM3C;;OAEG;WACU,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAkC5E,OAAO,CAAC,OAAO,CAAgB;gBAEnB,MAAM,EAAE,aAAa;CAGlC;AAED,eAAe,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/plugins/addons/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAE,GAAG,EAAE,QAAQ,EAAwB,MAAM,yBAAyB,CAAC;AAqDlG,cAAM,SAAS;IAKb,MAAM,CAAC,QAAQ,CAAC,EAAE,UAAU;IAC5B,MAAM,CAAC,QAAQ,CAAC,IAAI,0BAA0B;IAC9C,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAW;IAC5C,MAAM,CAAC,QAAQ,CAAC,OAAO,WAAW;IAElC;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,iBAAiB,EAAE,QAAQ,EAAE,CAAgC;IAE7E,MAAM,CAAC,QAAQ,CAAC,aAAa,EAAE,QAAQ,CAAY;IAGnD,MAAM,CAAC,QAAQ,CAAC,eAAe,EAAE,MAAM,EAAE,CAEtB;IAGnB,MAAM,CAAC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CASnD;IAGF,MAAM,CAAC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAGtD;IAEF;;;OAGG;WACU,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC;IAalF,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CASrC;IAMF,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE,CAAe;IAM3C;;OAEG;WACU,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAqC5E,OAAO,CAAC,OAAO,CAAgB;gBAEnB,MAAM,EAAE,aAAa;CAGlC;AAED,eAAe,SAAS,CAAC"}

package/dist/plugins/addons/auth/index.js

@@ -65,6 +65,22 @@ const path = __importStar(require("path"));
 const setup_js_1 = require("./scanfix/setup.js");
 const secrets_js_1 = require("./scanfix/secrets.js");
 const validate_js_1 = require("./scanfix/validate.js");
+/**
+ * Load the stack-plugin contract from @factiii/auth.
+ * Returns null if auth is not installed or doesn't export it.
+ */
+function loadAuthContract() {
+    try {
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
+        return require('@factiii/auth/stack-plugin');
+    }
+    catch {
+        // @factiii/auth not installed or doesn't export stack-plugin
+        return null;
+    }
+}
+// Load the contract once at module init
+const authContract = loadAuthContract();
 /**
  * Try to load scanfixes from @factiii/auth's stackPlugin export.
  * Returns the exported fixes if available, null otherwise.
@@ -106,10 +122,12 @@ class AuthAddon {
      */
     static compatibleServers = ['mac', 'ubuntu', 'windows'];
     static defaultServer = 'ubuntu';
-    // Env vars this plugin requires (auto-generates .env.example checks)
-    static requiredEnvVars = ['JWT_SECRET'];
-    // Schema for stack.yml (user-editable, optional)
-    static configSchema = {
+    // Env vars this plugin requires — sourced from @factiii/auth's contract
+    static requiredEnvVars = authContract
+        ? [...authContract.requiredEnvVars]
+        : ['JWT_SECRET'];
+    // Schema for stack.yml (user-editable, optional) — sourced from @factiii/auth's contract
+    static configSchema = authContract?.configSchema ?? {
         auth: {
             features: {
                 oauth: false,
@@ -175,11 +193,12 @@ class AuthAddon {
             detected.auth_installed = false;
         }
         // Check if auth models exist in Prisma schema
+        const modelsToCheck = authContract?.prismaModels ?? ['User', 'Session'];
         try {
             const schemaPath = path.join(rootDir, 'prisma', 'schema.prisma');
             if (fs.existsSync(schemaPath)) {
                 const content = fs.readFileSync(schemaPath, 'utf8');
-                detected.auth_initialized = content.includes('model User') && content.includes('model Session');
+                detected.auth_initialized = modelsToCheck.every((model) => content.includes('model ' + model));
             }
             else {
                 detected.auth_initialized = false;

package/dist/plugins/addons/auth/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/plugins/addons/auth/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,2CAA6B;AAG7B,iFAAiF;AACjF,iDAAgD;AAChD,qDAAoD;AACpD,uDAAsD;AAEtD;;;GAGG;AACH,SAAS,iBAAiB;IACxB,IAAI,CAAC;QACH,iEAAiE;QACjE,MAAM,OAAO,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;QACzC,IAAI,OAAO,CAAC,WAAW,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;YACpE,OAAO,OAAO,CAAC,WAAmC,CAAC;QACrD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,4DAA4D;IAC9D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,SAAS;IAChB,MAAM,QAAQ,GAAG,iBAAiB,EAAE,CAAC;IACrC,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,QAAQ,CAAC,KAAK,CAAC;IACxB,CAAC;IACD,gDAAgD;IAChD,OAAO,CAAC,GAAG,qBAAU,EAAE,GAAG,yBAAY,EAAE,GAAG,2BAAa,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,SAAS;IACb,+DAA+D;IAC/D,kBAAkB;IAClB,+DAA+D;IAE/D,MAAM,CAAU,EAAE,GAAG,MAAM,CAAC;IAC5B,MAAM,CAAU,IAAI,GAAG,sBAAsB,CAAC;IAC9C,MAAM,CAAU,QAAQ,GAAY,OAAO,CAAC;IAC5C,MAAM,CAAU,OAAO,GAAG,OAAO,CAAC;IAElC;;OAEG;IACH,MAAM,CAAU,iBAAiB,GAAe,CAAC,KAAK,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAE7E,MAAM,CAAU,aAAa,GAAa,QAAQ,CAAC;IAEnD,qEAAqE;IACrE,MAAM,CAAU,eAAe,GAAa,CAAC,YAAY,CAAC,CAAC;IAE3D,iDAAiD;IACjD,MAAM,CAAU,YAAY,GAA4B;QACtD,IAAI,EAAE;YACJ,QAAQ,EAAE;gBACR,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,KAAK;gBACZ,iBAAiB,EAAE,KAAK;aACzB;YACD,cAAc,EAAE,gBAAgB;SACjC;KACF,CAAC;IAEF,2CAA2C;IAC3C,MAAM,CAAU,gBAAgB,GAA2B;QACzD,cAAc,EAAE,SAAS;QACzB,gBAAgB,EAAE,SAAS;KAC5B,CAAC;IAEF;;;OAGG;IACH,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,OAAe,EAAE,OAAsB;QAC7D,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;YACnD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE1C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;YACzD,MAAM,IAAI,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7E,OAAO,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,MAAM,CAAC,QAAQ,GAA2B;QACxC,UAAU,EAAE;;;;;;;qDAOqC;KAClD,CAAC;IAEF,+DAA+D;IAC/D,8EAA8E;IAC9E,+DAA+D;IAE/D,MAAM,CAAU,KAAK,GAAU,SAAS,EAAE,CAAC;IAE3C,+DAA+D;IAC/D,wBAAwB;IACxB,+DAA+D;IAE/D;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,OAAe;QACvC,MAAM,QAAQ,GAA4B,EAAE,CAAC;QAE7C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;YACnD,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;gBACzD,MAAM,IAAI,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;gBAC7E,QAAQ,CAAC,cAAc,GAAG,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,cAAc,GAAG,KAAK,CAAC;QAClC,CAAC;QAED,8CAA8C;QAC9C,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;YACjE,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9B,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;gBACpD,QAAQ,CAAC,gBAAgB,GAAG,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;YAClG,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,gBAAgB,GAAG,KAAK,CAAC;YACpC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,gBAAgB,GAAG,KAAK,CAAC;QACpC,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,+DAA+D;IAC/D,WAAW;IACX,+DAA+D;IAEvD,OAAO,CAAgB;IAE/B,YAAY,MAAqB;QAC/B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACxB,CAAC;;AAGH,kBAAe,SAAS,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/plugins/addons/auth/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,2CAA6B;AAG7B,iFAAiF;AACjF,iDAAgD;AAChD,qDAAoD;AACpD,uDAAsD;AAEtD;;;GAGG;AACH,SAAS,gBAAgB;IACvB,IAAI,CAAC;QACH,iEAAiE;QACjE,OAAO,OAAO,CAAC,4BAA4B,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,6DAA6D;QAC7D,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,wCAAwC;AACxC,MAAM,YAAY,GAAG,gBAAgB,EAAE,CAAC;AAExC;;;GAGG;AACH,SAAS,iBAAiB;IACxB,IAAI,CAAC;QACH,iEAAiE;QACjE,MAAM,OAAO,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;QACzC,IAAI,OAAO,CAAC,WAAW,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;YACpE,OAAO,OAAO,CAAC,WAAmC,CAAC;QACrD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,4DAA4D;IAC9D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,SAAS;IAChB,MAAM,QAAQ,GAAG,iBAAiB,EAAE,CAAC;IACrC,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,QAAQ,CAAC,KAAK,CAAC;IACxB,CAAC;IACD,gDAAgD;IAChD,OAAO,CAAC,GAAG,qBAAU,EAAE,GAAG,yBAAY,EAAE,GAAG,2BAAa,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,SAAS;IACb,+DAA+D;IAC/D,kBAAkB;IAClB,+DAA+D;IAE/D,MAAM,CAAU,EAAE,GAAG,MAAM,CAAC;IAC5B,MAAM,CAAU,IAAI,GAAG,sBAAsB,CAAC;IAC9C,MAAM,CAAU,QAAQ,GAAY,OAAO,CAAC;IAC5C,MAAM,CAAU,OAAO,GAAG,OAAO,CAAC;IAElC;;OAEG;IACH,MAAM,CAAU,iBAAiB,GAAe,CAAC,KAAK,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAE7E,MAAM,CAAU,aAAa,GAAa,QAAQ,CAAC;IAEnD,wEAAwE;IACxE,MAAM,CAAU,eAAe,GAAa,YAAY;QACtD,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC,eAAe,CAAC;QACnC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;IAEnB,yFAAyF;IACzF,MAAM,CAAU,YAAY,GAA4B,YAAY,EAAE,YAAY,IAAI;QACpF,IAAI,EAAE;YACJ,QAAQ,EAAE;gBACR,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,KAAK;gBACZ,iBAAiB,EAAE,KAAK;aACzB;YACD,cAAc,EAAE,gBAAgB;SACjC;KACF,CAAC;IAEF,2CAA2C;IAC3C,MAAM,CAAU,gBAAgB,GAA2B;QACzD,cAAc,EAAE,SAAS;QACzB,gBAAgB,EAAE,SAAS;KAC5B,CAAC;IAEF;;;OAGG;IACH,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,OAAe,EAAE,OAAsB;QAC7D,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;YACnD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE1C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;YACzD,MAAM,IAAI,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7E,OAAO,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,MAAM,CAAC,QAAQ,GAA2B;QACxC,UAAU,EAAE;;;;;;;qDAOqC;KAClD,CAAC;IAEF,+DAA+D;IAC/D,8EAA8E;IAC9E,+DAA+D;IAE/D,MAAM,CAAU,KAAK,GAAU,SAAS,EAAE,CAAC;IAE3C,+DAA+D;IAC/D,wBAAwB;IACxB,+DAA+D;IAE/D;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,OAAe;QACvC,MAAM,QAAQ,GAA4B,EAAE,CAAC;QAE7C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;YACnD,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;gBACzD,MAAM,IAAI,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;gBAC7E,QAAQ,CAAC,cAAc,GAAG,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,cAAc,GAAG,KAAK,CAAC;QAClC,CAAC;QAED,8CAA8C;QAC9C,MAAM,aAAa,GAAG,YAAY,EAAE,YAAY,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACxE,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;YACjE,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9B,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;gBACpD,QAAQ,CAAC,gBAAgB,GAAG,aAAa,CAAC,KAAK,CAC7C,CAAC,KAAa,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,GAAG,KAAK,CAAC,CACtD,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,gBAAgB,GAAG,KAAK,CAAC;YACpC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,gBAAgB,GAAG,KAAK,CAAC;QACpC,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,+DAA+D;IAC/D,WAAW;IACX,+DAA+D;IAEvD,OAAO,CAAgB;IAE/B,YAAY,MAAqB;QAC/B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACxB,CAAC;;AAGH,kBAAe,SAAS,CAAC"}

package/dist/plugins/addons/auth/scanfix/secrets.d.ts

@@ -4,6 +4,9 @@
  * Manages authentication secrets in Ansible Vault:
  * - JWT_SECRET: auto-generated 256-bit random key
  * - OAuth keys: prompted from user (Google, Apple)
+ *
+ * Secret names are sourced from @factiii/auth's stack-plugin contract
+ * to avoid hardcoded strings drifting out of sync.
  */
 import type { Fix } from '../../../../types/index.js';
 export declare const secretsFixes: Fix[];

package/dist/plugins/addons/auth/scanfix/secrets.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/addons/auth/scanfix/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AAyCrE,eAAO,MAAM,YAAY,EAAE,GAAG,EA+H7B,CAAC"}
+{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/addons/auth/scanfix/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AA2ErE,eAAO,MAAM,YAAY,EAAE,GAAG,EA+H7B,CAAC"}