@factiii/stack 0.1.23 → 0.1.25

package/dist/plugins/pipelines/factiii/workflows/factiii-dev-sync.yml

@@ -47,19 +47,20 @@ jobs:
       - name: Read config
         id: config
         run: |
-          if [ ! -f "factiii.yml" ]; then
-            echo "❌ factiii.yml not found"
+          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
+          if [ ! -f "$CONFIG_FILE" ]; then
+            echo "❌ stack.yml or factiii.yml not found"
             exit 1
           fi
           
-          REPO_NAME=$(yq eval '.name' factiii.yml)
+          REPO_NAME=$(yq eval '.name' "$CONFIG_FILE")
           
           if [ "${{ inputs.environment }}" == "staging" ]; then
-            HOST=$(yq eval '.environments.staging.domain // ""' factiii.yml)
-            SSH_USER=$(yq eval '.environments.staging.ssh_user // "ubuntu"' factiii.yml)
+            HOST=$(yq eval '.staging.domain // ""' "$CONFIG_FILE")
+            SSH_USER=$(yq eval '.staging.ssh_user // "ubuntu"' "$CONFIG_FILE")
           else
-            HOST=$(yq eval '.environments.prod.domain // ""' factiii.yml)
-            SSH_USER=$(yq eval '.environments.prod.ssh_user // "ubuntu"' factiii.yml)
+            HOST=$(yq eval '.prod.domain // ""' "$CONFIG_FILE")
+            SSH_USER=$(yq eval '.prod.ssh_user // "ubuntu"' "$CONFIG_FILE")
           fi
           
           echo "repo_name=$REPO_NAME" >> $GITHUB_OUTPUT
@@ -69,16 +70,17 @@ jobs:
       - name: Check if environment configured
         id: check_env
         run: |
+          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
           if [ "${{ inputs.environment }}" == "staging" ]; then
-            HAS_ENV=$(yq eval '.environments.staging != null' factiii.yml)
+            HAS_ENV=$(yq eval '.staging != null' "$CONFIG_FILE")
           else
-            HAS_ENV=$(yq eval '.environments.prod != null' factiii.yml)
+            HAS_ENV=$(yq eval '.prod != null' "$CONFIG_FILE")
           fi
           
           echo "has_env=$HAS_ENV" >> $GITHUB_OUTPUT
           
           if [ "$HAS_ENV" != "true" ]; then
-            echo "⏭️  ${{ inputs.environment }} environment not configured in factiii.yml"
+            echo "⏭️  ${{ inputs.environment }} not configured in config"
             exit 1
           fi
 
@@ -137,7 +139,7 @@ jobs:
           ENVIRONMENT: ${{ inputs.environment }}
         run: |
           if [ -z "$HOST" ]; then
-            echo "❌ Missing domain in factiii.yml: environments.$ENVIRONMENT.domain"
+            echo "❌ Missing domain in config: $ENVIRONMENT.domain"
             exit 1
           fi
           

package/dist/plugins/pipelines/factiii/workflows/factiii-fix.yml

@@ -37,10 +37,10 @@ jobs:
         run: |
           ENVS="[]"
 
+          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
           if [ "${{ inputs.environment }}" == "all" ]; then
-            # Check which environments are configured
-            HAS_STAGING=$(yq eval '.staging != null' factiii.yml)
-            HAS_PROD=$(yq eval '.prod != null' factiii.yml)
+            HAS_STAGING=$(yq eval '.staging != null' "$CONFIG_FILE")
+            HAS_PROD=$(yq eval '.prod != null' "$CONFIG_FILE")
 
             if [ "$HAS_STAGING" == "true" ] && [ "$HAS_PROD" == "true" ]; then
               ENVS='["staging", "prod"]'
@@ -75,14 +75,15 @@ jobs:
         env:
           ENVIRONMENT: ${{ matrix.environment }}
         run: |
-          if [ ! -f "factiii.yml" ]; then
-            echo "❌ factiii.yml not found"
+          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
+          if [ ! -f "$CONFIG_FILE" ]; then
+            echo "❌ stack.yml or factiii.yml not found"
             exit 1
           fi
 
-          REPO_NAME=$(yq eval '.name' factiii.yml)
-          HOST=$(yq eval ".$ENVIRONMENT.domain // \"\"" factiii.yml)
-          SSH_USER=$(yq eval ".$ENVIRONMENT.ssh_user // \"ubuntu\"" factiii.yml)
+          REPO_NAME=$(yq eval '.name' "$CONFIG_FILE")
+          HOST=$(yq eval ".$ENVIRONMENT.domain // \"\"" "$CONFIG_FILE")
+          SSH_USER=$(yq eval ".$ENVIRONMENT.ssh_user // \"ubuntu\"" "$CONFIG_FILE")
 
           echo "repo_name=$REPO_NAME" >> $GITHUB_OUTPUT
           echo "host=$HOST" >> $GITHUB_OUTPUT
@@ -93,11 +94,12 @@ jobs:
         env:
           ENVIRONMENT: ${{ matrix.environment }}
         run: |
-          HAS_ENV=$(yq eval ".$ENVIRONMENT != null" factiii.yml)
+          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
+          HAS_ENV=$(yq eval ".$ENVIRONMENT != null" "$CONFIG_FILE")
           echo "has_env=$HAS_ENV" >> $GITHUB_OUTPUT
 
           if [ "$HAS_ENV" != "true" ]; then
-            echo "⏭️  $ENVIRONMENT environment not configured in factiii.yml"
+            echo "⏭️  $ENVIRONMENT not configured"
             exit 0
           fi
 
@@ -153,7 +155,7 @@ jobs:
           ENVIRONMENT: ${{ matrix.environment }}
         run: |
           if [ -z "$HOST" ]; then
-            echo "❌ Missing domain in factiii.yml: $ENVIRONMENT.domain"
+            echo "❌ Missing domain in config: $ENVIRONMENT.domain"
             exit 1
           fi
           

package/dist/plugins/pipelines/factiii/workflows/factiii-pr-check.yml

@@ -24,14 +24,16 @@ jobs:
       - name: Read config
         id: config
         run: |
-          if [ ! -f "factiii.yml" ]; then
-            echo "❌ factiii.yml not found"
+          CONFIG_FILE="stack.yml"
+          if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
+          if [ ! -f "$CONFIG_FILE" ]; then
+            echo "❌ stack.yml or factiii.yml not found"
             exit 1
           fi
 
-          REPO_NAME=$(yq eval '.name' factiii.yml)
-          HOST=$(yq eval '.staging.domain // ""' factiii.yml)
-          SSH_USER=$(yq eval '.staging.ssh_user // "ubuntu"' factiii.yml)
+          REPO_NAME=$(yq eval '.name' "$CONFIG_FILE")
+          HOST=$(yq eval '.staging.domain // ""' "$CONFIG_FILE")
+          SSH_USER=$(yq eval '.staging.ssh_user // "ubuntu"' "$CONFIG_FILE")
 
           echo "repo_name=$REPO_NAME" >> $GITHUB_OUTPUT
           echo "host=$HOST" >> $GITHUB_OUTPUT
@@ -40,7 +42,8 @@ jobs:
       - name: Check if staging configured
         id: check_staging
         run: |
-          HAS_STAGING=$(yq eval '.staging != null' factiii.yml)
+          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
+          HAS_STAGING=$(yq eval '.staging != null' "$CONFIG_FILE")
           echo "has_staging=$HAS_STAGING" >> $GITHUB_OUTPUT
 
           if [ "$HAS_STAGING" != "true" ]; then
@@ -74,7 +77,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           if [ -z "$HOST" ]; then
-            echo "❌ Missing staging.domain in factiii.yml"
+            echo "❌ Missing staging.domain in config"
             exit 1
           fi
 

package/dist/plugins/pipelines/factiii/workflows/factiii-scan.yml

@@ -35,12 +35,17 @@ jobs:
       - name: Determine environments
         id: set-matrix
         run: |
+          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
+          if [ ! -f "$CONFIG_FILE" ]; then
+            echo "matrix={\"environment\":[]}" >> $GITHUB_OUTPUT
+            echo "❌ stack.yml or factiii.yml not found"
+            exit 1
+          fi
           ENVS="[]"
           
           if [ "${{ inputs.environment }}" == "all" ]; then
-            # Check which environments are configured
-            HAS_STAGING=$(yq eval '.environments.staging != null' factiii.yml)
-            HAS_PROD=$(yq eval '.environments.prod != null' factiii.yml)
+            HAS_STAGING=$(yq eval '.staging != null' "$CONFIG_FILE")
+            HAS_PROD=$(yq eval '.prod != null' "$CONFIG_FILE")
             
             if [ "$HAS_STAGING" == "true" ] && [ "$HAS_PROD" == "true" ]; then
               ENVS='["staging", "prod"]'
@@ -75,14 +80,15 @@ jobs:
         env:
           ENVIRONMENT: ${{ matrix.environment }}
         run: |
-          if [ ! -f "factiii.yml" ]; then
-            echo "❌ factiii.yml not found"
+          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
+          if [ ! -f "$CONFIG_FILE" ]; then
+            echo "❌ stack.yml or factiii.yml not found"
             exit 1
           fi
           
-          REPO_NAME=$(yq eval '.name' factiii.yml)
-          HOST=$(yq eval ".environments.$ENVIRONMENT.domain // \"\"" factiii.yml)
-          SSH_USER=$(yq eval ".environments.$ENVIRONMENT.ssh_user // \"ubuntu\"" factiii.yml)
+          REPO_NAME=$(yq eval '.name' "$CONFIG_FILE")
+          HOST=$(yq eval ".$ENVIRONMENT.domain // \"\"" "$CONFIG_FILE")
+          SSH_USER=$(yq eval ".$ENVIRONMENT.ssh_user // \"ubuntu\"" "$CONFIG_FILE")
           
           echo "repo_name=$REPO_NAME" >> $GITHUB_OUTPUT
           echo "host=$HOST" >> $GITHUB_OUTPUT
@@ -93,11 +99,12 @@ jobs:
         env:
           ENVIRONMENT: ${{ matrix.environment }}
         run: |
-          HAS_ENV=$(yq eval ".environments.$ENVIRONMENT != null" factiii.yml)
+          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
+          HAS_ENV=$(yq eval ".$ENVIRONMENT != null" "$CONFIG_FILE")
           echo "has_env=$HAS_ENV" >> $GITHUB_OUTPUT
           
           if [ "$HAS_ENV" != "true" ]; then
-            echo "⏭️  $ENVIRONMENT environment not configured in factiii.yml"
+            echo "⏭️  $ENVIRONMENT not configured"
             exit 0
           fi
 
@@ -153,7 +160,7 @@ jobs:
           ENVIRONMENT: ${{ matrix.environment }}
         run: |
           if [ -z "$HOST" ]; then
-            echo "❌ Missing domain in factiii.yml: environments.$ENVIRONMENT.domain"
+            echo "❌ Missing domain in config: $ENVIRONMENT.domain"
             exit 1
           fi
           

package/dist/plugins/pipelines/factiii/workflows/factiii-undeploy.yml

@@ -30,19 +30,20 @@ jobs:
       - name: Read config
         id: config
         run: |
-          if [ ! -f "factiii.yml" ]; then
-            echo "❌ factiii.yml not found"
+          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
+          if [ ! -f "$CONFIG_FILE" ]; then
+            echo "❌ stack.yml or factiii.yml not found"
             exit 1
           fi
           
-          REPO_NAME=$(yq eval '.name' factiii.yml)
+          REPO_NAME=$(yq eval '.name' "$CONFIG_FILE")
           
           if [ "${{ inputs.environment }}" == "staging" ]; then
-            HOST=$(yq eval '.environments.staging.domain // ""' factiii.yml)
-            SSH_USER=$(yq eval '.environments.staging.ssh_user // "ubuntu"' factiii.yml)
+            HOST=$(yq eval '.staging.domain // ""' "$CONFIG_FILE")
+            SSH_USER=$(yq eval '.staging.ssh_user // "ubuntu"' "$CONFIG_FILE")
           else
-            HOST=$(yq eval '.environments.prod.domain // ""' factiii.yml)
-            SSH_USER=$(yq eval '.environments.prod.ssh_user // "ubuntu"' factiii.yml)
+            HOST=$(yq eval '.prod.domain // ""' "$CONFIG_FILE")
+            SSH_USER=$(yq eval '.prod.ssh_user // "ubuntu"' "$CONFIG_FILE")
           fi
           
           echo "repo_name=$REPO_NAME" >> $GITHUB_OUTPUT
@@ -70,7 +71,7 @@ jobs:
           ENVIRONMENT: ${{ inputs.environment }}
         run: |
           if [ -z "$HOST" ]; then
-            echo "❌ Missing domain in factiii.yml: environments.$ENVIRONMENT.domain"
+            echo "❌ Missing domain in config: $ENVIRONMENT.domain"
             exit 1
           fi
           

package/dist/plugins/pipelines/factiii/workflows/stack-cicd-prod.yml

@@ -0,0 +1,115 @@
+name: Stack CI/CD Prod
+
+# Generated by @factiii/stack v{VERSION}
+# CI/CD: Auto-deploy to prod on push to prod branch
+# This is the app's CI/CD pipeline, NOT infrastructure management.
+# For manual infrastructure operations, use stack-deploy.yml
+
+on:
+  push:
+    branches:
+      - prod
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install yq
+        run: |
+          sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
+          sudo chmod +x /usr/local/bin/yq
+
+      - name: Read config
+        id: config
+        run: |
+          CONFIG_FILE="stack.yml"
+          if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
+          if [ ! -f "$CONFIG_FILE" ]; then
+            echo "❌ stack.yml or factiii.yml not found"
+            exit 1
+          fi
+
+          REPO_NAME=$(yq eval '.name' "$CONFIG_FILE")
+          HOST=$(yq eval '.prod.domain // ""' "$CONFIG_FILE")
+          SSH_USER=$(yq eval '.prod.ssh_user // "ubuntu"' "$CONFIG_FILE")
+
+          echo "repo_name=$REPO_NAME" >> $GITHUB_OUTPUT
+          echo "host=$HOST" >> $GITHUB_OUTPUT
+          echo "ssh_user=$SSH_USER" >> $GITHUB_OUTPUT
+
+      - name: Check if prod configured
+        id: check_prod
+        run: |
+          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
+          HAS_PROD=$(yq eval '.prod != null' "$CONFIG_FILE")
+          echo "has_prod=$HAS_PROD" >> $GITHUB_OUTPUT
+
+          if [ "$HAS_PROD" != "true" ]; then
+            echo "⏭️  Prod not configured - skipping deployment"
+            exit 0
+          fi
+
+      - name: Setup SSH
+        if: steps.check_prod.outputs.has_prod == 'true'
+        env:
+          SSH_KEY: ${{ secrets.PROD_SSH }}
+        run: |
+          if [ -z "$SSH_KEY" ]; then
+            echo "❌ Missing PROD_SSH secret"
+            exit 1
+          fi
+          
+          mkdir -p ~/.ssh
+          echo "$SSH_KEY" > ~/.ssh/deploy_key
+          chmod 600 ~/.ssh/deploy_key
+
+      - name: Deploy via CLI
+        if: steps.check_prod.outputs.has_prod == 'true'
+        env:
+          HOST: ${{ steps.config.outputs.host }}
+          USER: ${{ steps.config.outputs.ssh_user }}
+          REPO_NAME: ${{ steps.config.outputs.repo_name }}
+          COMMIT_HASH: ${{ github.sha }}
+          BRANCH: ${{ github.ref_name }}
+          GITHUB_REPO: ${{ github.repository }}
+          PROD_ENVS: ${{ secrets.PROD_ENVS }}
+        run: |
+          if [ -z "$HOST" ]; then
+            echo "❌ Missing prod.domain in config"
+            exit 1
+          fi
+          
+          echo "🚀 Deploying to prod ($HOST)..."
+          
+          # Prepare environment variables for SSH (base64 encode to handle special characters)
+          ENV_VARS_EXPORT=""
+          if [ -n "$PROD_ENVS" ]; then
+            ENV_VARS_B64=$(echo -n "$PROD_ENVS" | base64 -w 0)
+            ENV_VARS_EXPORT="PROD_ENVS=\$(echo '$ENV_VARS_B64' | base64 -d) && export PROD_ENVS && "
+          fi
+          
+          ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no "$USER@$HOST" \
+            "export PATH=\"/opt/homebrew/bin:/usr/local/bin:\$PATH\" && \
+             REPO_DIR=\"\$HOME/.factiii/$REPO_NAME\" && \
+             if [ -d \"\$REPO_DIR\" ]; then \
+               cd \"\$REPO_DIR\" && \
+               $ENV_VARS_EXPORT GITHUB_ACTIONS=true COMMIT_HASH=$COMMIT_HASH BRANCH=$BRANCH GITHUB_REPO=$GITHUB_REPO \
+               npx stack deploy --prod --commit $COMMIT_HASH --branch $BRANCH; \
+             else \
+               echo \"❌ Repo directory not found at \$REPO_DIR\"; \
+               echo \"Run deployment first to clone the repository\"; \
+               exit 1; \
+             fi"
+          
+          DEPLOY_EXIT_CODE=$?
+          rm -f ~/.ssh/deploy_key
+          
+          if [ $DEPLOY_EXIT_CODE -eq 0 ]; then
+            echo "✅ Prod deployment complete!"
+          else
+            echo "❌ Prod deployment failed with exit code $DEPLOY_EXIT_CODE"
+            exit $DEPLOY_EXIT_CODE
+          fi

package/dist/plugins/pipelines/factiii/workflows/stack-cicd-staging.yml

@@ -0,0 +1,120 @@
+name: Stack CI/CD Staging
+
+# Generated by @factiii/stack v{VERSION}
+# CI/CD: Auto-deploy to staging on push to main branch
+# This is the app's CI/CD pipeline, NOT infrastructure management.
+# For manual infrastructure operations, use stack-deploy.yml
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install yq
+        run: |
+          sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
+          sudo chmod +x /usr/local/bin/yq
+
+      - name: Read config
+        id: config
+        run: |
+          CONFIG_FILE="stack.yml"
+          if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
+          if [ ! -f "$CONFIG_FILE" ]; then
+            echo "❌ stack.yml or factiii.yml not found"
+            exit 1
+          fi
+
+          REPO_NAME=$(yq eval '.name' "$CONFIG_FILE")
+          HOST=$(yq eval '.staging.domain // ""' "$CONFIG_FILE")
+          SSH_USER=$(yq eval '.staging.ssh_user // "ubuntu"' "$CONFIG_FILE")
+
+          echo "repo_name=$REPO_NAME" >> $GITHUB_OUTPUT
+          echo "host=$HOST" >> $GITHUB_OUTPUT
+          echo "ssh_user=$SSH_USER" >> $GITHUB_OUTPUT
+
+      - name: Check if staging configured
+        id: check_staging
+        run: |
+          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
+          HAS_STAGING=$(yq eval '.staging != null' "$CONFIG_FILE")
+          echo "has_staging=$HAS_STAGING" >> $GITHUB_OUTPUT
+
+          if [ "$HAS_STAGING" != "true" ]; then
+            echo "⏭️  Staging not configured - skipping deployment"
+            exit 0
+          fi
+
+      - name: Setup SSH
+        if: steps.check_staging.outputs.has_staging == 'true'
+        env:
+          SSH_KEY: ${{ secrets.STAGING_SSH }}
+        run: |
+          if [ -z "$SSH_KEY" ]; then
+            echo "❌ Missing STAGING_SSH secret"
+            exit 1
+          fi
+          
+          mkdir -p ~/.ssh
+          echo "$SSH_KEY" > ~/.ssh/deploy_key
+          chmod 600 ~/.ssh/deploy_key
+
+      - name: Deploy via CLI
+        if: steps.check_staging.outputs.has_staging == 'true'
+        env:
+          HOST: ${{ steps.config.outputs.host }}
+          USER: ${{ steps.config.outputs.ssh_user }}
+          REPO_NAME: ${{ steps.config.outputs.repo_name }}
+          COMMIT_HASH: ${{ github.sha }}
+          BRANCH: ${{ github.ref_name }}
+          GITHUB_REPO: ${{ github.repository }}
+          STAGING_ENVS: ${{ secrets.STAGING_ENVS }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          if [ -z "$HOST" ]; then
+            echo "❌ Missing staging.domain in config"
+            exit 1
+          fi
+
+          echo "🚀 Deploying to staging ($HOST)..."
+
+          # Prepare environment variables for SSH (base64 encode to handle special characters)
+          ENV_VARS_EXPORT=""
+          if [ -n "$STAGING_ENVS" ]; then
+            ENV_VARS_B64=$(echo -n "$STAGING_ENVS" | base64 -w 0)
+            ENV_VARS_EXPORT="STAGING_ENVS=\$(echo '$ENV_VARS_B64' | base64 -d) && export STAGING_ENVS && "
+          fi
+
+          # Base64 encode GITHUB_TOKEN for safe SSH transport
+          GITHUB_TOKEN_B64=$(echo -n "$GITHUB_TOKEN" | base64 -w 0)
+
+          ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no "$USER@$HOST" \
+            "export PATH=\"/opt/homebrew/bin:/usr/local/bin:\$PATH\" && \
+             export GITHUB_TOKEN=\$(echo \"$GITHUB_TOKEN_B64\" | base64 -d) && \
+             REPO_DIR=\"\$HOME/.factiii/$REPO_NAME\" && \
+             if [ -d \"\$REPO_DIR\" ]; then \
+               cd \"\$REPO_DIR\" && \
+               $ENV_VARS_EXPORT GITHUB_ACTIONS=true COMMIT_HASH=$COMMIT_HASH BRANCH=$BRANCH GITHUB_REPO=$GITHUB_REPO \
+               npx stack deploy --staging --commit $COMMIT_HASH --branch $BRANCH; \
+             else \
+               echo \"❌ Repo directory not found at \$REPO_DIR\"; \
+               echo \"Run deployment first to clone the repository\"; \
+               exit 1; \
+             fi"
+          
+          DEPLOY_EXIT_CODE=$?
+          rm -f ~/.ssh/deploy_key
+          
+          if [ $DEPLOY_EXIT_CODE -eq 0 ]; then
+            echo "✅ Staging deployment complete!"
+          else
+            echo "❌ Staging deployment failed with exit code $DEPLOY_EXIT_CODE"
+            exit $DEPLOY_EXIT_CODE
+          fi

package/dist/plugins/pipelines/factiii/workflows/stack-command.yml

@@ -0,0 +1,132 @@
+name: Stack Command
+
+# Generated by @factiii/stack v{VERSION}
+# INFRASTRUCTURE: Run plugin commands on remote servers
+# Run: npx stack db seed --staging (triggers this workflow)
+
+on:
+  workflow_dispatch:
+    inputs:
+      category:
+        description: 'Command category (db, ops, backup)'
+        required: true
+        type: string
+      command:
+        description: 'Command to run (e.g., seed, migrate, logs)'
+        required: true
+        type: string
+      stage:
+        description: 'Target environment'
+        required: true
+        type: choice
+        options:
+          - staging
+          - prod
+      options:
+        description: 'Command options (JSON)'
+        required: false
+        default: '{}'
+
+jobs:
+  run-command:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install yq
+        run: |
+          sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
+          sudo chmod +x /usr/local/bin/yq
+
+      - name: Read config
+        id: config
+        env:
+          STAGE: ${{ inputs.stage }}
+        run: |
+          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
+          if [ ! -f "$CONFIG_FILE" ]; then
+            echo "❌ stack.yml or factiii.yml not found"
+            exit 1
+          fi
+
+          REPO_NAME=$(yq eval '.name' "$CONFIG_FILE")
+          HOST=$(yq eval ".$STAGE.domain // \"\"" "$CONFIG_FILE")
+          SSH_USER=$(yq eval ".$STAGE.ssh_user // \"ubuntu\"" "$CONFIG_FILE")
+
+          echo "repo_name=$REPO_NAME" >> $GITHUB_OUTPUT
+          echo "host=$HOST" >> $GITHUB_OUTPUT
+          echo "ssh_user=$SSH_USER" >> $GITHUB_OUTPUT
+
+      - name: Check environment configured
+        env:
+          STAGE: ${{ inputs.stage }}
+        run: |
+          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
+          HAS_ENV=$(yq eval ".$STAGE != null" "$CONFIG_FILE")
+          if [ "$HAS_ENV" != "true" ]; then
+            echo "$STAGE not configured in config"
+            exit 1
+          fi
+
+      - name: Check SSH secret
+        env:
+          STAGE: ${{ inputs.stage }}
+          SSH_KEY: ${{ inputs.stage == 'staging' && secrets.STAGING_SSH || secrets.PROD_SSH }}
+        run: |
+          if [ -z "$SSH_KEY" ]; then
+            SECRET_NAME="${STAGE^^}_SSH"
+            echo "${SECRET_NAME} secret not found"
+            echo "Add it at: https://github.com/${{ github.repository }}/settings/secrets/actions"
+            exit 1
+          fi
+
+      - name: Setup SSH
+        env:
+          SSH_KEY: ${{ inputs.stage == 'staging' && secrets.STAGING_SSH || secrets.PROD_SSH }}
+        run: |
+          mkdir -p ~/.ssh
+          echo "$SSH_KEY" > ~/.ssh/deploy_key
+          chmod 600 ~/.ssh/deploy_key
+
+      - name: Run command via SSH
+        env:
+          HOST: ${{ steps.config.outputs.host }}
+          USER: ${{ steps.config.outputs.ssh_user }}
+          REPO_NAME: ${{ steps.config.outputs.repo_name }}
+          CATEGORY: ${{ inputs.category }}
+          COMMAND: ${{ inputs.command }}
+          STAGE: ${{ inputs.stage }}
+        run: |
+          if [ -z "$HOST" ]; then
+            echo "Missing domain in config: $STAGE.domain"
+            exit 1
+          fi
+
+          echo "Running: stack $CATEGORY $COMMAND --$STAGE"
+          echo "Server: $USER@$HOST"
+          echo ""
+
+          ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no -o ConnectTimeout=10 -o ServerAliveInterval=60 -o ServerAliveCountMax=5 "$USER@$HOST" \
+            "export PATH=\"/opt/homebrew/bin:/usr/local/bin:\$PATH\" && \
+             REPO_DIR=\"\$HOME/.factiii/$REPO_NAME\" && \
+             if [ -d \"\$REPO_DIR\" ]; then \
+               cd \"\$REPO_DIR\" && \
+               GITHUB_ACTIONS=true npx stack $CATEGORY $COMMAND --$STAGE; \
+             else \
+               echo \"Repo directory not found at \$REPO_DIR\"; \
+               echo \"Run deployment first to clone the repository\"; \
+               exit 1; \
+             fi"
+
+          EXIT_CODE=$?
+          rm -f ~/.ssh/deploy_key
+
+          if [ $EXIT_CODE -eq 0 ]; then
+            echo ""
+            echo "Command completed successfully"
+          else
+            echo ""
+            echo "Command failed with exit code $EXIT_CODE"
+            exit $EXIT_CODE
+          fi