@geekmidas/cli 0.12.0 → 0.14.0

package/src/index.ts

@@ -47,7 +47,8 @@ program
 				process.chdir(globalOptions.cwd);
 			}
 			await initCommand(name, options);
-		} catch (_error) {
+		} catch (error) {
+			console.error(error instanceof Error ? error.message : 'Command failed');
 			process.exit(1);
 		}
 	});
@@ -120,7 +121,10 @@ program
 						stage: options.stage,
 					});
 				}
-			} catch (_error) {
+			} catch (error) {
+				console.error(
+					error instanceof Error ? error.message : 'Command failed',
+				);
 				process.exit(1);
 			}
 		},
@@ -147,7 +151,8 @@ program
 				portExplicit: !!options.port,
 				enableOpenApi: options.enableOpenapi ?? true,
 			});
-		} catch (_error) {
+		} catch (error) {
+			console.error(error instanceof Error ? error.message : 'Command failed');
 			process.exit(1);
 		}
 	});
@@ -195,7 +200,8 @@ program
 				process.chdir(globalOptions.cwd);
 			}
 			await openapiCommand({});
-		} catch (_error) {
+		} catch (error) {
+			console.error(error instanceof Error ? error.message : 'Command failed');
 			process.exit(1);
 		}
 	});
@@ -218,7 +224,10 @@ program
 					process.chdir(globalOptions.cwd);
 				}
 				await generateReactQueryCommand(options);
-			} catch (_error) {
+			} catch (error) {
+				console.error(
+					error instanceof Error ? error.message : 'Command failed',
+				);
 				process.exit(1);
 			}
 		},
@@ -241,7 +250,8 @@ program
 				process.chdir(globalOptions.cwd);
 			}
 			await dockerCommand(options);
-		} catch (_error) {
+		} catch (error) {
+			console.error(error instanceof Error ? error.message : 'Command failed');
 			process.exit(1);
 		}
 	});
@@ -299,7 +309,10 @@ program
 					const registry = options.registry;
 					const _imageRef = registry ? `${registry}/api:${tag}` : `api:${tag}`;
 				}
-			} catch (_error) {
+			} catch (error) {
+				console.error(
+					error instanceof Error ? error.message : 'Command failed',
+				);
 				process.exit(1);
 			}
 		},
@@ -318,7 +331,8 @@ program
 				process.chdir(globalOptions.cwd);
 			}
 			await secretsInitCommand(options);
-		} catch (_error) {
+		} catch (error) {
+			console.error(error instanceof Error ? error.message : 'Command failed');
 			process.exit(1);
 		}
 	});
@@ -341,7 +355,10 @@ program
 					process.chdir(globalOptions.cwd);
 				}
 				await secretsSetCommand(key, value, options);
-			} catch (_error) {
+			} catch (error) {
+				console.error(
+					error instanceof Error ? error.message : 'Command failed',
+				);
 				process.exit(1);
 			}
 		},
@@ -359,7 +376,8 @@ program
 				process.chdir(globalOptions.cwd);
 			}
 			await secretsShowCommand(options);
-		} catch (_error) {
+		} catch (error) {
+			console.error(error instanceof Error ? error.message : 'Command failed');
 			process.exit(1);
 		}
 	});
@@ -379,7 +397,8 @@ program
 				process.chdir(globalOptions.cwd);
 			}
 			await secretsRotateCommand(options);
-		} catch (_error) {
+		} catch (error) {
+			console.error(error instanceof Error ? error.message : 'Command failed');
 			process.exit(1);
 		}
 	});
@@ -397,7 +416,8 @@ program
 				process.chdir(globalOptions.cwd);
 			}
 			await secretsImportCommand(file, options);
-		} catch (_error) {
+		} catch (error) {
+			console.error(error instanceof Error ? error.message : 'Command failed');
 			process.exit(1);
 		}
 	});
@@ -447,7 +467,8 @@ program
 					skipPush: options.skipPush,
 					skipBuild: options.skipBuild,
 				});
-			} catch (_error) {
+			} catch (error) {
+				console.error(error instanceof Error ? error.message : 'Deploy failed');
 				process.exit(1);
 			}
 		},

package/src/secrets/__tests__/storage.spec.ts

@@ -11,6 +11,7 @@ import {
 	secretsExist,
 	setCustomSecret,
 	toEmbeddableSecrets,
+	validateEnvironmentVariables,
 	writeStageSecrets,
 } from '../storage';
 import type { StageSecrets } from '../types';
@@ -401,3 +402,210 @@ describe('maskPassword', () => {
 		expect(masked).toBe('1234***89');
 	});
 });
+
+describe('validateEnvironmentVariables', () => {
+	const baseSecrets: StageSecrets = {
+		stage: 'production',
+		createdAt: new Date().toISOString(),
+		updatedAt: new Date().toISOString(),
+		services: {},
+		urls: {},
+		custom: {},
+	};
+
+	it('should return valid when no variables are required', () => {
+		const result = validateEnvironmentVariables([], baseSecrets);
+
+		expect(result.valid).toBe(true);
+		expect(result.missing).toEqual([]);
+		expect(result.provided).toEqual([]);
+		expect(result.required).toEqual([]);
+	});
+
+	it('should return valid when all required variables are present', () => {
+		const secrets: StageSecrets = {
+			...baseSecrets,
+			urls: {
+				DATABASE_URL: 'postgresql://...',
+			},
+			custom: {
+				API_KEY: 'sk_test_123',
+			},
+		};
+
+		const result = validateEnvironmentVariables(
+			['DATABASE_URL', 'API_KEY'],
+			secrets,
+		);
+
+		expect(result.valid).toBe(true);
+		expect(result.missing).toEqual([]);
+		expect(result.provided).toEqual(['API_KEY', 'DATABASE_URL']);
+		expect(result.required).toEqual(['API_KEY', 'DATABASE_URL']);
+	});
+
+	it('should return invalid when some variables are missing', () => {
+		const secrets: StageSecrets = {
+			...baseSecrets,
+			urls: {
+				DATABASE_URL: 'postgresql://...',
+			},
+			custom: {},
+		};
+
+		const result = validateEnvironmentVariables(
+			['DATABASE_URL', 'API_KEY', 'JWT_SECRET'],
+			secrets,
+		);
+
+		expect(result.valid).toBe(false);
+		expect(result.missing).toEqual(['API_KEY', 'JWT_SECRET']);
+		expect(result.provided).toEqual(['DATABASE_URL']);
+		expect(result.required).toEqual(['API_KEY', 'DATABASE_URL', 'JWT_SECRET']);
+	});
+
+	it('should return invalid when all variables are missing', () => {
+		const result = validateEnvironmentVariables(
+			['API_KEY', 'JWT_SECRET'],
+			baseSecrets,
+		);
+
+		expect(result.valid).toBe(false);
+		expect(result.missing).toEqual(['API_KEY', 'JWT_SECRET']);
+		expect(result.provided).toEqual([]);
+	});
+
+	it('should recognize service credentials as provided', () => {
+		const secrets: StageSecrets = {
+			...baseSecrets,
+			services: {
+				postgres: {
+					host: 'postgres',
+					port: 5432,
+					username: 'app',
+					password: 'secret',
+					database: 'app',
+				},
+				redis: {
+					host: 'redis',
+					port: 6379,
+					username: 'default',
+					password: 'redis-pass',
+				},
+			},
+			urls: {},
+			custom: {},
+		};
+
+		const result = validateEnvironmentVariables(
+			['POSTGRES_PASSWORD', 'REDIS_HOST', 'POSTGRES_DB'],
+			secrets,
+		);
+
+		expect(result.valid).toBe(true);
+		expect(result.missing).toEqual([]);
+		expect(result.provided).toEqual([
+			'POSTGRES_DB',
+			'POSTGRES_PASSWORD',
+			'REDIS_HOST',
+		]);
+	});
+
+	it('should sort missing and provided arrays alphabetically', () => {
+		const secrets: StageSecrets = {
+			...baseSecrets,
+			custom: {
+				ZEBRA: 'value',
+				ALPHA: 'value',
+			},
+		};
+
+		const result = validateEnvironmentVariables(
+			['ZEBRA', 'ALPHA', 'YELLOW', 'BETA'],
+			secrets,
+		);
+
+		expect(result.missing).toEqual(['BETA', 'YELLOW']);
+		expect(result.provided).toEqual(['ALPHA', 'ZEBRA']);
+		expect(result.required).toEqual(['ALPHA', 'BETA', 'YELLOW', 'ZEBRA']);
+	});
+
+	it('should handle duplicate required variables', () => {
+		const secrets: StageSecrets = {
+			...baseSecrets,
+			custom: {
+				API_KEY: 'value',
+			},
+		};
+
+		const result = validateEnvironmentVariables(
+			['API_KEY', 'API_KEY', 'MISSING'],
+			secrets,
+		);
+
+		expect(result.valid).toBe(false);
+		expect(result.missing).toEqual(['MISSING']);
+		// Note: duplicates in input are preserved in required list
+		expect(result.required).toEqual(['API_KEY', 'API_KEY', 'MISSING']);
+	});
+
+	it('should work with complex service configurations', () => {
+		const secrets: StageSecrets = {
+			...baseSecrets,
+			services: {
+				postgres: {
+					host: 'postgres',
+					port: 5432,
+					username: 'app',
+					password: 'pg-secret',
+					database: 'mydb',
+				},
+				redis: {
+					host: 'redis',
+					port: 6379,
+					username: 'default',
+					password: 'redis-secret',
+				},
+				rabbitmq: {
+					host: 'rabbitmq',
+					port: 5672,
+					username: 'guest',
+					password: 'guest',
+					vhost: '/',
+				},
+			},
+			urls: {
+				DATABASE_URL: 'postgresql://...',
+				REDIS_URL: 'redis://...',
+				RABBITMQ_URL: 'amqp://...',
+			},
+			custom: {
+				JWT_SECRET: 'jwt-secret-value',
+			},
+		};
+
+		const result = validateEnvironmentVariables(
+			[
+				'DATABASE_URL',
+				'REDIS_URL',
+				'RABBITMQ_URL',
+				'JWT_SECRET',
+				'POSTGRES_PASSWORD',
+				'REDIS_PASSWORD',
+				'RABBITMQ_USER',
+				'MISSING_VAR',
+			],
+			secrets,
+		);
+
+		expect(result.valid).toBe(false);
+		expect(result.missing).toEqual(['MISSING_VAR']);
+		expect(result.provided).toContain('DATABASE_URL');
+		expect(result.provided).toContain('REDIS_URL');
+		expect(result.provided).toContain('RABBITMQ_URL');
+		expect(result.provided).toContain('JWT_SECRET');
+		expect(result.provided).toContain('POSTGRES_PASSWORD');
+		expect(result.provided).toContain('REDIS_PASSWORD');
+		expect(result.provided).toContain('RABBITMQ_USER');
+	});
+});

package/src/secrets/storage.ts

@@ -27,6 +27,21 @@ export function secretsExist(stage: string, cwd = process.cwd()): boolean {
 	return existsSync(getSecretsPath(stage, cwd));
 }
 
+/**
+ * Initialize an empty StageSecrets object for a stage.
+ */
+export function initStageSecrets(stage: string): StageSecrets {
+	const now = new Date().toISOString();
+	return {
+		stage,
+		createdAt: now,
+		updatedAt: now,
+		services: {},
+		urls: {},
+		custom: {},
+	};
+}
+
 /**
  * Read secrets for a stage.
  * @returns StageSecrets or null if not found
@@ -132,3 +147,61 @@ export function maskPassword(password: string): string {
 	}
 	return `${password.slice(0, 4)}${'*'.repeat(password.length - 6)}${password.slice(-2)}`;
 }
+
+/**
+ * Result of environment variable validation.
+ */
+export interface EnvValidationResult {
+	/** Whether all required environment variables are present */
+	valid: boolean;
+	/** List of missing environment variable names */
+	missing: string[];
+	/** List of environment variables that are provided */
+	provided: string[];
+	/** List of environment variables that were required */
+	required: string[];
+}
+
+/**
+ * Validate that all required environment variables are present in secrets.
+ *
+ * @param requiredVars - Array of environment variable names required by the application
+ * @param secrets - Stage secrets to validate against
+ * @returns Validation result with missing and provided variables
+ *
+ * @example
+ * ```typescript
+ * const required = ['DATABASE_URL', 'API_KEY', 'JWT_SECRET'];
+ * const secrets = await readStageSecrets('production');
+ * const result = validateEnvironmentVariables(required, secrets);
+ *
+ * if (!result.valid) {
+ *   console.error(`Missing environment variables: ${result.missing.join(', ')}`);
+ * }
+ * ```
+ */
+export function validateEnvironmentVariables(
+	requiredVars: string[],
+	secrets: StageSecrets,
+): EnvValidationResult {
+	const embeddable = toEmbeddableSecrets(secrets);
+	const availableVars = new Set(Object.keys(embeddable));
+
+	const missing: string[] = [];
+	const provided: string[] = [];
+
+	for (const varName of requiredVars) {
+		if (availableVars.has(varName)) {
+			provided.push(varName);
+		} else {
+			missing.push(varName);
+		}
+	}
+
+	return {
+		valid: missing.length === 0,
+		missing: missing.sort(),
+		provided: provided.sort(),
+		required: [...requiredVars].sort(),
+	};
+}

package/src/types.ts

@@ -181,6 +181,8 @@ export interface DokployProviderConfig {
 	applicationId: string;
 	/** Container registry (overrides docker.registry if set) */
 	registry?: string;
+	/** Registry ID in Dokploy (recommended for private registries) */
+	registryId?: string;
 }
 
 export interface ProvidersConfig {

package/dist/bundler-DRXCw_YR.mjs

@@ -1,70 +0,0 @@
-import { existsSync } from "node:fs";
-import { join } from "node:path";
-import { mkdir, rename, writeFile } from "node:fs/promises";
-import { execSync } from "node:child_process";
-
-//#region src/build/bundler.ts
-/**
-* Bundle the server application using tsdown
-*
-* @param options - Bundle configuration options
-* @returns Bundle result with output path and optional master key
-*/
-async function bundleServer(options) {
-	const { entryPoint, outputDir, minify, sourcemap, external, stage } = options;
-	await mkdir(outputDir, { recursive: true });
-	const args = [
-		"npx",
-		"tsdown",
-		entryPoint,
-		"--no-config",
-		"--out-dir",
-		outputDir,
-		"--format",
-		"esm",
-		"--platform",
-		"node",
-		"--target",
-		"node22",
-		"--clean"
-	];
-	if (minify) args.push("--minify");
-	if (sourcemap) args.push("--sourcemap");
-	for (const ext of external) args.push("--external", ext);
-	args.push("--external", "node:*");
-	let masterKey;
-	if (stage) {
-		const { readStageSecrets, toEmbeddableSecrets } = await import("./storage-DLJAYxzJ.mjs");
-		const { encryptSecrets, generateDefineOptions } = await import("./encryption-C8H-38Yy.mjs");
-		const secrets = await readStageSecrets(stage);
-		if (!secrets) throw new Error(`No secrets found for stage "${stage}". Run "gkm secrets:init --stage ${stage}" first.`);
-		const embeddable = toEmbeddableSecrets(secrets);
-		const encrypted = encryptSecrets(embeddable);
-		masterKey = encrypted.masterKey;
-		const defines = generateDefineOptions(encrypted);
-		for (const [key, value] of Object.entries(defines)) args.push("--define", `${key}=${value}`);
-		console.log(`  Secrets encrypted for stage "${stage}"`);
-	}
-	const mjsOutput = join(outputDir, "server.mjs");
-	try {
-		execSync(args.join(" "), {
-			cwd: process.cwd(),
-			stdio: "inherit"
-		});
-		const jsOutput = join(outputDir, "server.js");
-		if (existsSync(jsOutput)) await rename(jsOutput, mjsOutput);
-		const { readFile: readFile$1 } = await import("node:fs/promises");
-		const content = await readFile$1(mjsOutput, "utf-8");
-		if (!content.startsWith("#!")) await writeFile(mjsOutput, `#!/usr/bin/env node\n${content}`);
-	} catch (error) {
-		throw new Error(`Failed to bundle server: ${error instanceof Error ? error.message : "Unknown error"}`);
-	}
-	return {
-		outputPath: mjsOutput,
-		masterKey
-	};
-}
-
-//#endregion
-export { bundleServer };
-//# sourceMappingURL=bundler-DRXCw_YR.mjs.map

package/dist/bundler-DRXCw_YR.mjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"bundler-DRXCw_YR.mjs","names":["options: BundleOptions","masterKey: string | undefined"],"sources":["../src/build/bundler.ts"],"sourcesContent":["import { execSync } from 'node:child_process';\nimport { existsSync } from 'node:fs';\nimport { mkdir, rename, writeFile } from 'node:fs/promises';\nimport { join } from 'node:path';\n\nexport interface BundleOptions {\n\t/** Entry point file (e.g., .gkm/server/server.ts) */\n\tentryPoint: string;\n\t/** Output directory for bundled files */\n\toutputDir: string;\n\t/** Minify the output (default: true) */\n\tminify: boolean;\n\t/** Generate sourcemaps (default: false) */\n\tsourcemap: boolean;\n\t/** Packages to exclude from bundling */\n\texternal: string[];\n\t/** Stage for secrets injection (optional) */\n\tstage?: string;\n}\n\nexport interface BundleResult {\n\t/** Path to the bundled output */\n\toutputPath: string;\n\t/** Ephemeral master key for deployment (only if stage was provided) */\n\tmasterKey?: string;\n}\n\n/**\n * Bundle the server application using tsdown\n *\n * @param options - Bundle configuration options\n * @returns Bundle result with output path and optional master key\n */\nexport async function bundleServer(\n\toptions: BundleOptions,\n): Promise<BundleResult> {\n\tconst { entryPoint, outputDir, minify, sourcemap, external, stage } = options;\n\n\t// Ensure output directory exists\n\tawait mkdir(outputDir, { recursive: true });\n\n\t// Build command-line arguments for tsdown\n\tconst args = [\n\t\t'npx',\n\t\t'tsdown',\n\t\tentryPoint,\n\t\t'--no-config', // Don't use any config file from workspace\n\t\t'--out-dir',\n\t\toutputDir,\n\t\t'--format',\n\t\t'esm',\n\t\t'--platform',\n\t\t'node',\n\t\t'--target',\n\t\t'node22',\n\t\t'--clean',\n\t];\n\n\tif (minify) {\n\t\targs.push('--minify');\n\t}\n\n\tif (sourcemap) {\n\t\targs.push('--sourcemap');\n\t}\n\n\t// Add external packages\n\tfor (const ext of external) {\n\t\targs.push('--external', ext);\n\t}\n\n\t// Always exclude node: builtins\n\targs.push('--external', 'node:*');\n\n\t// Handle secrets injection if stage is provided\n\tlet masterKey: string | undefined;\n\n\tif (stage) {\n\t\tconst { readStageSecrets, toEmbeddableSecrets } = await import(\n\t\t\t'../secrets/storage'\n\t\t);\n\t\tconst { encryptSecrets, generateDefineOptions } = await import(\n\t\t\t'../secrets/encryption'\n\t\t);\n\n\t\tconst secrets = await readStageSecrets(stage);\n\n\t\tif (!secrets) {\n\t\t\tthrow new Error(\n\t\t\t\t`No secrets found for stage \"${stage}\". Run \"gkm secrets:init --stage ${stage}\" first.`,\n\t\t\t);\n\t\t}\n\n\t\t// Convert to embeddable format and encrypt\n\t\tconst embeddable = toEmbeddableSecrets(secrets);\n\t\tconst encrypted = encryptSecrets(embeddable);\n\t\tmasterKey = encrypted.masterKey;\n\n\t\t// Add define options for build-time injection\n\t\tconst defines = generateDefineOptions(encrypted);\n\t\tfor (const [key, value] of Object.entries(defines)) {\n\t\t\targs.push('--define', `${key}=${value}`);\n\t\t}\n\n\t\tconsole.log(`  Secrets encrypted for stage \"${stage}\"`);\n\t}\n\n\tconst mjsOutput = join(outputDir, 'server.mjs');\n\n\ttry {\n\t\t// Run tsdown with command-line arguments\n\t\texecSync(args.join(' '), {\n\t\t\tcwd: process.cwd(),\n\t\t\tstdio: 'inherit',\n\t\t});\n\n\t\t// Rename output to .mjs for explicit ESM\n\t\t// tsdown outputs as server.js for ESM format\n\t\tconst jsOutput = join(outputDir, 'server.js');\n\n\t\tif (existsSync(jsOutput)) {\n\t\t\tawait rename(jsOutput, mjsOutput);\n\t\t}\n\n\t\t// Add shebang to the bundled file\n\t\tconst { readFile } = await import('node:fs/promises');\n\t\tconst content = await readFile(mjsOutput, 'utf-8');\n\t\tif (!content.startsWith('#!')) {\n\t\t\tawait writeFile(mjsOutput, `#!/usr/bin/env node\\n${content}`);\n\t\t}\n\t} catch (error) {\n\t\tthrow new Error(\n\t\t\t`Failed to bundle server: ${error instanceof Error ? error.message : 'Unknown error'}`,\n\t\t);\n\t}\n\n\treturn {\n\t\toutputPath: mjsOutput,\n\t\tmasterKey,\n\t};\n}\n"],"mappings":";;;;;;;;;;;;AAiCA,eAAsB,aACrBA,SACwB;CACxB,MAAM,EAAE,YAAY,WAAW,QAAQ,WAAW,UAAU,OAAO,GAAG;AAGtE,OAAM,MAAM,WAAW,EAAE,WAAW,KAAM,EAAC;CAG3C,MAAM,OAAO;EACZ;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;CACA;AAED,KAAI,OACH,MAAK,KAAK,WAAW;AAGtB,KAAI,UACH,MAAK,KAAK,cAAc;AAIzB,MAAK,MAAM,OAAO,SACjB,MAAK,KAAK,cAAc,IAAI;AAI7B,MAAK,KAAK,cAAc,SAAS;CAGjC,IAAIC;AAEJ,KAAI,OAAO;EACV,MAAM,EAAE,kBAAkB,qBAAqB,GAAG,MAAM,OACvD;EAED,MAAM,EAAE,gBAAgB,uBAAuB,GAAG,MAAM,OACvD;EAGD,MAAM,UAAU,MAAM,iBAAiB,MAAM;AAE7C,OAAK,QACJ,OAAM,IAAI,OACR,8BAA8B,MAAM,mCAAmC,MAAM;EAKhF,MAAM,aAAa,oBAAoB,QAAQ;EAC/C,MAAM,YAAY,eAAe,WAAW;AAC5C,cAAY,UAAU;EAGtB,MAAM,UAAU,sBAAsB,UAAU;AAChD,OAAK,MAAM,CAAC,KAAK,MAAM,IAAI,OAAO,QAAQ,QAAQ,CACjD,MAAK,KAAK,aAAa,EAAE,IAAI,GAAG,MAAM,EAAE;AAGzC,UAAQ,KAAK,iCAAiC,MAAM,GAAG;CACvD;CAED,MAAM,YAAY,KAAK,WAAW,aAAa;AAE/C,KAAI;AAEH,WAAS,KAAK,KAAK,IAAI,EAAE;GACxB,KAAK,QAAQ,KAAK;GAClB,OAAO;EACP,EAAC;EAIF,MAAM,WAAW,KAAK,WAAW,YAAY;AAE7C,MAAI,WAAW,SAAS,CACvB,OAAM,OAAO,UAAU,UAAU;EAIlC,MAAM,EAAE,sBAAU,GAAG,MAAM,OAAO;EAClC,MAAM,UAAU,MAAM,WAAS,WAAW,QAAQ;AAClD,OAAK,QAAQ,WAAW,KAAK,CAC5B,OAAM,UAAU,YAAY,uBAAuB,QAAQ,EAAE;CAE9D,SAAQ,OAAO;AACf,QAAM,IAAI,OACR,2BAA2B,iBAAiB,QAAQ,MAAM,UAAU,gBAAgB;CAEtF;AAED,QAAO;EACN,YAAY;EACZ;CACA;AACD"}

package/dist/bundler-WsEvH_b2.cjs

@@ -1,71 +0,0 @@
-const require_chunk = require('./chunk-CUT6urMc.cjs');
-const node_fs = require_chunk.__toESM(require("node:fs"));
-const node_path = require_chunk.__toESM(require("node:path"));
-const node_fs_promises = require_chunk.__toESM(require("node:fs/promises"));
-const node_child_process = require_chunk.__toESM(require("node:child_process"));
-
-//#region src/build/bundler.ts
-/**
-* Bundle the server application using tsdown
-*
-* @param options - Bundle configuration options
-* @returns Bundle result with output path and optional master key
-*/
-async function bundleServer(options) {
-	const { entryPoint, outputDir, minify, sourcemap, external, stage } = options;
-	await (0, node_fs_promises.mkdir)(outputDir, { recursive: true });
-	const args = [
-		"npx",
-		"tsdown",
-		entryPoint,
-		"--no-config",
-		"--out-dir",
-		outputDir,
-		"--format",
-		"esm",
-		"--platform",
-		"node",
-		"--target",
-		"node22",
-		"--clean"
-	];
-	if (minify) args.push("--minify");
-	if (sourcemap) args.push("--sourcemap");
-	for (const ext of external) args.push("--external", ext);
-	args.push("--external", "node:*");
-	let masterKey;
-	if (stage) {
-		const { readStageSecrets, toEmbeddableSecrets } = await Promise.resolve().then(() => require("./storage-BUYQJgz7.cjs"));
-		const { encryptSecrets, generateDefineOptions } = await Promise.resolve().then(() => require("./encryption-Dyf_r1h-.cjs"));
-		const secrets = await readStageSecrets(stage);
-		if (!secrets) throw new Error(`No secrets found for stage "${stage}". Run "gkm secrets:init --stage ${stage}" first.`);
-		const embeddable = toEmbeddableSecrets(secrets);
-		const encrypted = encryptSecrets(embeddable);
-		masterKey = encrypted.masterKey;
-		const defines = generateDefineOptions(encrypted);
-		for (const [key, value] of Object.entries(defines)) args.push("--define", `${key}=${value}`);
-		console.log(`  Secrets encrypted for stage "${stage}"`);
-	}
-	const mjsOutput = (0, node_path.join)(outputDir, "server.mjs");
-	try {
-		(0, node_child_process.execSync)(args.join(" "), {
-			cwd: process.cwd(),
-			stdio: "inherit"
-		});
-		const jsOutput = (0, node_path.join)(outputDir, "server.js");
-		if ((0, node_fs.existsSync)(jsOutput)) await (0, node_fs_promises.rename)(jsOutput, mjsOutput);
-		const { readFile } = await import("node:fs/promises");
-		const content = await readFile(mjsOutput, "utf-8");
-		if (!content.startsWith("#!")) await (0, node_fs_promises.writeFile)(mjsOutput, `#!/usr/bin/env node\n${content}`);
-	} catch (error) {
-		throw new Error(`Failed to bundle server: ${error instanceof Error ? error.message : "Unknown error"}`);
-	}
-	return {
-		outputPath: mjsOutput,
-		masterKey
-	};
-}
-
-//#endregion
-exports.bundleServer = bundleServer;
-//# sourceMappingURL=bundler-WsEvH_b2.cjs.map

package/dist/bundler-WsEvH_b2.cjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"bundler-WsEvH_b2.cjs","names":["options: BundleOptions","masterKey: string | undefined"],"sources":["../src/build/bundler.ts"],"sourcesContent":["import { execSync } from 'node:child_process';\nimport { existsSync } from 'node:fs';\nimport { mkdir, rename, writeFile } from 'node:fs/promises';\nimport { join } from 'node:path';\n\nexport interface BundleOptions {\n\t/** Entry point file (e.g., .gkm/server/server.ts) */\n\tentryPoint: string;\n\t/** Output directory for bundled files */\n\toutputDir: string;\n\t/** Minify the output (default: true) */\n\tminify: boolean;\n\t/** Generate sourcemaps (default: false) */\n\tsourcemap: boolean;\n\t/** Packages to exclude from bundling */\n\texternal: string[];\n\t/** Stage for secrets injection (optional) */\n\tstage?: string;\n}\n\nexport interface BundleResult {\n\t/** Path to the bundled output */\n\toutputPath: string;\n\t/** Ephemeral master key for deployment (only if stage was provided) */\n\tmasterKey?: string;\n}\n\n/**\n * Bundle the server application using tsdown\n *\n * @param options - Bundle configuration options\n * @returns Bundle result with output path and optional master key\n */\nexport async function bundleServer(\n\toptions: BundleOptions,\n): Promise<BundleResult> {\n\tconst { entryPoint, outputDir, minify, sourcemap, external, stage } = options;\n\n\t// Ensure output directory exists\n\tawait mkdir(outputDir, { recursive: true });\n\n\t// Build command-line arguments for tsdown\n\tconst args = [\n\t\t'npx',\n\t\t'tsdown',\n\t\tentryPoint,\n\t\t'--no-config', // Don't use any config file from workspace\n\t\t'--out-dir',\n\t\toutputDir,\n\t\t'--format',\n\t\t'esm',\n\t\t'--platform',\n\t\t'node',\n\t\t'--target',\n\t\t'node22',\n\t\t'--clean',\n\t];\n\n\tif (minify) {\n\t\targs.push('--minify');\n\t}\n\n\tif (sourcemap) {\n\t\targs.push('--sourcemap');\n\t}\n\n\t// Add external packages\n\tfor (const ext of external) {\n\t\targs.push('--external', ext);\n\t}\n\n\t// Always exclude node: builtins\n\targs.push('--external', 'node:*');\n\n\t// Handle secrets injection if stage is provided\n\tlet masterKey: string | undefined;\n\n\tif (stage) {\n\t\tconst { readStageSecrets, toEmbeddableSecrets } = await import(\n\t\t\t'../secrets/storage'\n\t\t);\n\t\tconst { encryptSecrets, generateDefineOptions } = await import(\n\t\t\t'../secrets/encryption'\n\t\t);\n\n\t\tconst secrets = await readStageSecrets(stage);\n\n\t\tif (!secrets) {\n\t\t\tthrow new Error(\n\t\t\t\t`No secrets found for stage \"${stage}\". Run \"gkm secrets:init --stage ${stage}\" first.`,\n\t\t\t);\n\t\t}\n\n\t\t// Convert to embeddable format and encrypt\n\t\tconst embeddable = toEmbeddableSecrets(secrets);\n\t\tconst encrypted = encryptSecrets(embeddable);\n\t\tmasterKey = encrypted.masterKey;\n\n\t\t// Add define options for build-time injection\n\t\tconst defines = generateDefineOptions(encrypted);\n\t\tfor (const [key, value] of Object.entries(defines)) {\n\t\t\targs.push('--define', `${key}=${value}`);\n\t\t}\n\n\t\tconsole.log(`  Secrets encrypted for stage \"${stage}\"`);\n\t}\n\n\tconst mjsOutput = join(outputDir, 'server.mjs');\n\n\ttry {\n\t\t// Run tsdown with command-line arguments\n\t\texecSync(args.join(' '), {\n\t\t\tcwd: process.cwd(),\n\t\t\tstdio: 'inherit',\n\t\t});\n\n\t\t// Rename output to .mjs for explicit ESM\n\t\t// tsdown outputs as server.js for ESM format\n\t\tconst jsOutput = join(outputDir, 'server.js');\n\n\t\tif (existsSync(jsOutput)) {\n\t\t\tawait rename(jsOutput, mjsOutput);\n\t\t}\n\n\t\t// Add shebang to the bundled file\n\t\tconst { readFile } = await import('node:fs/promises');\n\t\tconst content = await readFile(mjsOutput, 'utf-8');\n\t\tif (!content.startsWith('#!')) {\n\t\t\tawait writeFile(mjsOutput, `#!/usr/bin/env node\\n${content}`);\n\t\t}\n\t} catch (error) {\n\t\tthrow new Error(\n\t\t\t`Failed to bundle server: ${error instanceof Error ? error.message : 'Unknown error'}`,\n\t\t);\n\t}\n\n\treturn {\n\t\toutputPath: mjsOutput,\n\t\tmasterKey,\n\t};\n}\n"],"mappings":";;;;;;;;;;;;;AAiCA,eAAsB,aACrBA,SACwB;CACxB,MAAM,EAAE,YAAY,WAAW,QAAQ,WAAW,UAAU,OAAO,GAAG;AAGtE,OAAM,4BAAM,WAAW,EAAE,WAAW,KAAM,EAAC;CAG3C,MAAM,OAAO;EACZ;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;CACA;AAED,KAAI,OACH,MAAK,KAAK,WAAW;AAGtB,KAAI,UACH,MAAK,KAAK,cAAc;AAIzB,MAAK,MAAM,OAAO,SACjB,MAAK,KAAK,cAAc,IAAI;AAI7B,MAAK,KAAK,cAAc,SAAS;CAGjC,IAAIC;AAEJ,KAAI,OAAO;EACV,MAAM,EAAE,kBAAkB,qBAAqB,GAAG,2CAAM;EAGxD,MAAM,EAAE,gBAAgB,uBAAuB,GAAG,2CAAM;EAIxD,MAAM,UAAU,MAAM,iBAAiB,MAAM;AAE7C,OAAK,QACJ,OAAM,IAAI,OACR,8BAA8B,MAAM,mCAAmC,MAAM;EAKhF,MAAM,aAAa,oBAAoB,QAAQ;EAC/C,MAAM,YAAY,eAAe,WAAW;AAC5C,cAAY,UAAU;EAGtB,MAAM,UAAU,sBAAsB,UAAU;AAChD,OAAK,MAAM,CAAC,KAAK,MAAM,IAAI,OAAO,QAAQ,QAAQ,CACjD,MAAK,KAAK,aAAa,EAAE,IAAI,GAAG,MAAM,EAAE;AAGzC,UAAQ,KAAK,iCAAiC,MAAM,GAAG;CACvD;CAED,MAAM,YAAY,oBAAK,WAAW,aAAa;AAE/C,KAAI;AAEH,mCAAS,KAAK,KAAK,IAAI,EAAE;GACxB,KAAK,QAAQ,KAAK;GAClB,OAAO;EACP,EAAC;EAIF,MAAM,WAAW,oBAAK,WAAW,YAAY;AAE7C,MAAI,wBAAW,SAAS,CACvB,OAAM,6BAAO,UAAU,UAAU;EAIlC,MAAM,EAAE,UAAU,GAAG,MAAM,OAAO;EAClC,MAAM,UAAU,MAAM,SAAS,WAAW,QAAQ;AAClD,OAAK,QAAQ,WAAW,KAAK,CAC5B,OAAM,gCAAU,YAAY,uBAAuB,QAAQ,EAAE;CAE9D,SAAQ,OAAO;AACf,QAAM,IAAI,OACR,2BAA2B,iBAAiB,QAAQ,MAAM,UAAU,gBAAgB;CAEtF;AAED,QAAO;EACN,YAAY;EACZ;CACA;AACD"}

package/dist/storage-BUYQJgz7.cjs

@@ -1,4 +0,0 @@
-const require_storage = require('./storage-BXoJvmv2.cjs');
-
-exports.readStageSecrets = require_storage.readStageSecrets;
-exports.toEmbeddableSecrets = require_storage.toEmbeddableSecrets;

package/dist/storage-BXoJvmv2.cjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"storage-BXoJvmv2.cjs","names":["stage: string","secrets: StageSecrets","key: string","value: string","updated: StageSecrets","password: string"],"sources":["../src/secrets/storage.ts"],"sourcesContent":["import { existsSync } from 'node:fs';\nimport { mkdir, readFile, writeFile } from 'node:fs/promises';\nimport { join } from 'node:path';\nimport type { EmbeddableSecrets, StageSecrets } from './types';\n\n/** Default secrets directory relative to project root */\nconst SECRETS_DIR = '.gkm/secrets';\n\n/**\n * Get the secrets directory path.\n */\nexport function getSecretsDir(cwd = process.cwd()): string {\n\treturn join(cwd, SECRETS_DIR);\n}\n\n/**\n * Get the secrets file path for a stage.\n */\nexport function getSecretsPath(stage: string, cwd = process.cwd()): string {\n\treturn join(getSecretsDir(cwd), `${stage}.json`);\n}\n\n/**\n * Check if secrets exist for a stage.\n */\nexport function secretsExist(stage: string, cwd = process.cwd()): boolean {\n\treturn existsSync(getSecretsPath(stage, cwd));\n}\n\n/**\n * Read secrets for a stage.\n * @returns StageSecrets or null if not found\n */\nexport async function readStageSecrets(\n\tstage: string,\n\tcwd = process.cwd(),\n): Promise<StageSecrets | null> {\n\tconst path = getSecretsPath(stage, cwd);\n\n\tif (!existsSync(path)) {\n\t\treturn null;\n\t}\n\n\tconst content = await readFile(path, 'utf-8');\n\treturn JSON.parse(content) as StageSecrets;\n}\n\n/**\n * Write secrets for a stage.\n */\nexport async function writeStageSecrets(\n\tsecrets: StageSecrets,\n\tcwd = process.cwd(),\n): Promise<void> {\n\tconst dir = getSecretsDir(cwd);\n\tconst path = getSecretsPath(secrets.stage, cwd);\n\n\t// Ensure directory exists\n\tawait mkdir(dir, { recursive: true });\n\n\t// Write with pretty formatting\n\tawait writeFile(path, JSON.stringify(secrets, null, 2), 'utf-8');\n}\n\n/**\n * Convert StageSecrets to embeddable format (flat key-value pairs).\n * This is what gets encrypted and embedded in the bundle.\n */\nexport function toEmbeddableSecrets(secrets: StageSecrets): EmbeddableSecrets {\n\treturn {\n\t\t...secrets.urls,\n\t\t...secrets.custom,\n\t\t// Also include individual service credentials if needed\n\t\t...(secrets.services.postgres && {\n\t\t\tPOSTGRES_USER: secrets.services.postgres.username,\n\t\t\tPOSTGRES_PASSWORD: secrets.services.postgres.password,\n\t\t\tPOSTGRES_DB: secrets.services.postgres.database ?? 'app',\n\t\t\tPOSTGRES_HOST: secrets.services.postgres.host,\n\t\t\tPOSTGRES_PORT: String(secrets.services.postgres.port),\n\t\t}),\n\t\t...(secrets.services.redis && {\n\t\t\tREDIS_PASSWORD: secrets.services.redis.password,\n\t\t\tREDIS_HOST: secrets.services.redis.host,\n\t\t\tREDIS_PORT: String(secrets.services.redis.port),\n\t\t}),\n\t\t...(secrets.services.rabbitmq && {\n\t\t\tRABBITMQ_USER: secrets.services.rabbitmq.username,\n\t\t\tRABBITMQ_PASSWORD: secrets.services.rabbitmq.password,\n\t\t\tRABBITMQ_HOST: secrets.services.rabbitmq.host,\n\t\t\tRABBITMQ_PORT: String(secrets.services.rabbitmq.port),\n\t\t\tRABBITMQ_VHOST: secrets.services.rabbitmq.vhost ?? '/',\n\t\t}),\n\t};\n}\n\n/**\n * Update a custom secret in the secrets file.\n */\nexport async function setCustomSecret(\n\tstage: string,\n\tkey: string,\n\tvalue: string,\n\tcwd = process.cwd(),\n): Promise<StageSecrets> {\n\tconst secrets = await readStageSecrets(stage, cwd);\n\n\tif (!secrets) {\n\t\tthrow new Error(\n\t\t\t`Secrets not found for stage \"${stage}\". Run \"gkm secrets:init --stage ${stage}\" first.`,\n\t\t);\n\t}\n\n\tconst updated: StageSecrets = {\n\t\t...secrets,\n\t\tupdatedAt: new Date().toISOString(),\n\t\tcustom: {\n\t\t\t...secrets.custom,\n\t\t\t[key]: value,\n\t\t},\n\t};\n\n\tawait writeStageSecrets(updated, cwd);\n\treturn updated;\n}\n\n/**\n * Mask a password for display (show first 4 and last 2 chars).\n */\nexport function maskPassword(password: string): string {\n\tif (password.length <= 8) {\n\t\treturn '********';\n\t}\n\treturn `${password.slice(0, 4)}${'*'.repeat(password.length - 6)}${password.slice(-2)}`;\n}\n"],"mappings":";;;;;;;AAMA,MAAM,cAAc;;;;AAKpB,SAAgB,cAAc,MAAM,QAAQ,KAAK,EAAU;AAC1D,QAAO,oBAAK,KAAK,YAAY;AAC7B;;;;AAKD,SAAgB,eAAeA,OAAe,MAAM,QAAQ,KAAK,EAAU;AAC1E,QAAO,oBAAK,cAAc,IAAI,GAAG,EAAE,MAAM,OAAO;AAChD;;;;AAKD,SAAgB,aAAaA,OAAe,MAAM,QAAQ,KAAK,EAAW;AACzE,QAAO,wBAAW,eAAe,OAAO,IAAI,CAAC;AAC7C;;;;;AAMD,eAAsB,iBACrBA,OACA,MAAM,QAAQ,KAAK,EACY;CAC/B,MAAM,OAAO,eAAe,OAAO,IAAI;AAEvC,MAAK,wBAAW,KAAK,CACpB,QAAO;CAGR,MAAM,UAAU,MAAM,+BAAS,MAAM,QAAQ;AAC7C,QAAO,KAAK,MAAM,QAAQ;AAC1B;;;;AAKD,eAAsB,kBACrBC,SACA,MAAM,QAAQ,KAAK,EACH;CAChB,MAAM,MAAM,cAAc,IAAI;CAC9B,MAAM,OAAO,eAAe,QAAQ,OAAO,IAAI;AAG/C,OAAM,4BAAM,KAAK,EAAE,WAAW,KAAM,EAAC;AAGrC,OAAM,gCAAU,MAAM,KAAK,UAAU,SAAS,MAAM,EAAE,EAAE,QAAQ;AAChE;;;;;AAMD,SAAgB,oBAAoBA,SAA0C;AAC7E,QAAO;EACN,GAAG,QAAQ;EACX,GAAG,QAAQ;EAEX,GAAI,QAAQ,SAAS,YAAY;GAChC,eAAe,QAAQ,SAAS,SAAS;GACzC,mBAAmB,QAAQ,SAAS,SAAS;GAC7C,aAAa,QAAQ,SAAS,SAAS,YAAY;GACnD,eAAe,QAAQ,SAAS,SAAS;GACzC,eAAe,OAAO,QAAQ,SAAS,SAAS,KAAK;EACrD;EACD,GAAI,QAAQ,SAAS,SAAS;GAC7B,gBAAgB,QAAQ,SAAS,MAAM;GACvC,YAAY,QAAQ,SAAS,MAAM;GACnC,YAAY,OAAO,QAAQ,SAAS,MAAM,KAAK;EAC/C;EACD,GAAI,QAAQ,SAAS,YAAY;GAChC,eAAe,QAAQ,SAAS,SAAS;GACzC,mBAAmB,QAAQ,SAAS,SAAS;GAC7C,eAAe,QAAQ,SAAS,SAAS;GACzC,eAAe,OAAO,QAAQ,SAAS,SAAS,KAAK;GACrD,gBAAgB,QAAQ,SAAS,SAAS,SAAS;EACnD;CACD;AACD;;;;AAKD,eAAsB,gBACrBD,OACAE,KACAC,OACA,MAAM,QAAQ,KAAK,EACK;CACxB,MAAM,UAAU,MAAM,iBAAiB,OAAO,IAAI;AAElD,MAAK,QACJ,OAAM,IAAI,OACR,+BAA+B,MAAM,mCAAmC,MAAM;CAIjF,MAAMC,UAAwB;EAC7B,GAAG;EACH,WAAW,qBAAI,QAAO,aAAa;EACnC,QAAQ;GACP,GAAG,QAAQ;IACV,MAAM;EACP;CACD;AAED,OAAM,kBAAkB,SAAS,IAAI;AACrC,QAAO;AACP;;;;AAKD,SAAgB,aAAaC,UAA0B;AACtD,KAAI,SAAS,UAAU,EACtB,QAAO;AAER,SAAQ,EAAE,SAAS,MAAM,GAAG,EAAE,CAAC,EAAE,IAAI,OAAO,SAAS,SAAS,EAAE,CAAC,EAAE,SAAS,MAAM,GAAG,CAAC;AACtF"}

package/dist/storage-C9PU_30f.mjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"storage-C9PU_30f.mjs","names":["stage: string","secrets: StageSecrets","key: string","value: string","updated: StageSecrets","password: string"],"sources":["../src/secrets/storage.ts"],"sourcesContent":["import { existsSync } from 'node:fs';\nimport { mkdir, readFile, writeFile } from 'node:fs/promises';\nimport { join } from 'node:path';\nimport type { EmbeddableSecrets, StageSecrets } from './types';\n\n/** Default secrets directory relative to project root */\nconst SECRETS_DIR = '.gkm/secrets';\n\n/**\n * Get the secrets directory path.\n */\nexport function getSecretsDir(cwd = process.cwd()): string {\n\treturn join(cwd, SECRETS_DIR);\n}\n\n/**\n * Get the secrets file path for a stage.\n */\nexport function getSecretsPath(stage: string, cwd = process.cwd()): string {\n\treturn join(getSecretsDir(cwd), `${stage}.json`);\n}\n\n/**\n * Check if secrets exist for a stage.\n */\nexport function secretsExist(stage: string, cwd = process.cwd()): boolean {\n\treturn existsSync(getSecretsPath(stage, cwd));\n}\n\n/**\n * Read secrets for a stage.\n * @returns StageSecrets or null if not found\n */\nexport async function readStageSecrets(\n\tstage: string,\n\tcwd = process.cwd(),\n): Promise<StageSecrets | null> {\n\tconst path = getSecretsPath(stage, cwd);\n\n\tif (!existsSync(path)) {\n\t\treturn null;\n\t}\n\n\tconst content = await readFile(path, 'utf-8');\n\treturn JSON.parse(content) as StageSecrets;\n}\n\n/**\n * Write secrets for a stage.\n */\nexport async function writeStageSecrets(\n\tsecrets: StageSecrets,\n\tcwd = process.cwd(),\n): Promise<void> {\n\tconst dir = getSecretsDir(cwd);\n\tconst path = getSecretsPath(secrets.stage, cwd);\n\n\t// Ensure directory exists\n\tawait mkdir(dir, { recursive: true });\n\n\t// Write with pretty formatting\n\tawait writeFile(path, JSON.stringify(secrets, null, 2), 'utf-8');\n}\n\n/**\n * Convert StageSecrets to embeddable format (flat key-value pairs).\n * This is what gets encrypted and embedded in the bundle.\n */\nexport function toEmbeddableSecrets(secrets: StageSecrets): EmbeddableSecrets {\n\treturn {\n\t\t...secrets.urls,\n\t\t...secrets.custom,\n\t\t// Also include individual service credentials if needed\n\t\t...(secrets.services.postgres && {\n\t\t\tPOSTGRES_USER: secrets.services.postgres.username,\n\t\t\tPOSTGRES_PASSWORD: secrets.services.postgres.password,\n\t\t\tPOSTGRES_DB: secrets.services.postgres.database ?? 'app',\n\t\t\tPOSTGRES_HOST: secrets.services.postgres.host,\n\t\t\tPOSTGRES_PORT: String(secrets.services.postgres.port),\n\t\t}),\n\t\t...(secrets.services.redis && {\n\t\t\tREDIS_PASSWORD: secrets.services.redis.password,\n\t\t\tREDIS_HOST: secrets.services.redis.host,\n\t\t\tREDIS_PORT: String(secrets.services.redis.port),\n\t\t}),\n\t\t...(secrets.services.rabbitmq && {\n\t\t\tRABBITMQ_USER: secrets.services.rabbitmq.username,\n\t\t\tRABBITMQ_PASSWORD: secrets.services.rabbitmq.password,\n\t\t\tRABBITMQ_HOST: secrets.services.rabbitmq.host,\n\t\t\tRABBITMQ_PORT: String(secrets.services.rabbitmq.port),\n\t\t\tRABBITMQ_VHOST: secrets.services.rabbitmq.vhost ?? '/',\n\t\t}),\n\t};\n}\n\n/**\n * Update a custom secret in the secrets file.\n */\nexport async function setCustomSecret(\n\tstage: string,\n\tkey: string,\n\tvalue: string,\n\tcwd = process.cwd(),\n): Promise<StageSecrets> {\n\tconst secrets = await readStageSecrets(stage, cwd);\n\n\tif (!secrets) {\n\t\tthrow new Error(\n\t\t\t`Secrets not found for stage \"${stage}\". Run \"gkm secrets:init --stage ${stage}\" first.`,\n\t\t);\n\t}\n\n\tconst updated: StageSecrets = {\n\t\t...secrets,\n\t\tupdatedAt: new Date().toISOString(),\n\t\tcustom: {\n\t\t\t...secrets.custom,\n\t\t\t[key]: value,\n\t\t},\n\t};\n\n\tawait writeStageSecrets(updated, cwd);\n\treturn updated;\n}\n\n/**\n * Mask a password for display (show first 4 and last 2 chars).\n */\nexport function maskPassword(password: string): string {\n\tif (password.length <= 8) {\n\t\treturn '********';\n\t}\n\treturn `${password.slice(0, 4)}${'*'.repeat(password.length - 6)}${password.slice(-2)}`;\n}\n"],"mappings":";;;;;;AAMA,MAAM,cAAc;;;;AAKpB,SAAgB,cAAc,MAAM,QAAQ,KAAK,EAAU;AAC1D,QAAO,KAAK,KAAK,YAAY;AAC7B;;;;AAKD,SAAgB,eAAeA,OAAe,MAAM,QAAQ,KAAK,EAAU;AAC1E,QAAO,KAAK,cAAc,IAAI,GAAG,EAAE,MAAM,OAAO;AAChD;;;;AAKD,SAAgB,aAAaA,OAAe,MAAM,QAAQ,KAAK,EAAW;AACzE,QAAO,WAAW,eAAe,OAAO,IAAI,CAAC;AAC7C;;;;;AAMD,eAAsB,iBACrBA,OACA,MAAM,QAAQ,KAAK,EACY;CAC/B,MAAM,OAAO,eAAe,OAAO,IAAI;AAEvC,MAAK,WAAW,KAAK,CACpB,QAAO;CAGR,MAAM,UAAU,MAAM,SAAS,MAAM,QAAQ;AAC7C,QAAO,KAAK,MAAM,QAAQ;AAC1B;;;;AAKD,eAAsB,kBACrBC,SACA,MAAM,QAAQ,KAAK,EACH;CAChB,MAAM,MAAM,cAAc,IAAI;CAC9B,MAAM,OAAO,eAAe,QAAQ,OAAO,IAAI;AAG/C,OAAM,MAAM,KAAK,EAAE,WAAW,KAAM,EAAC;AAGrC,OAAM,UAAU,MAAM,KAAK,UAAU,SAAS,MAAM,EAAE,EAAE,QAAQ;AAChE;;;;;AAMD,SAAgB,oBAAoBA,SAA0C;AAC7E,QAAO;EACN,GAAG,QAAQ;EACX,GAAG,QAAQ;EAEX,GAAI,QAAQ,SAAS,YAAY;GAChC,eAAe,QAAQ,SAAS,SAAS;GACzC,mBAAmB,QAAQ,SAAS,SAAS;GAC7C,aAAa,QAAQ,SAAS,SAAS,YAAY;GACnD,eAAe,QAAQ,SAAS,SAAS;GACzC,eAAe,OAAO,QAAQ,SAAS,SAAS,KAAK;EACrD;EACD,GAAI,QAAQ,SAAS,SAAS;GAC7B,gBAAgB,QAAQ,SAAS,MAAM;GACvC,YAAY,QAAQ,SAAS,MAAM;GACnC,YAAY,OAAO,QAAQ,SAAS,MAAM,KAAK;EAC/C;EACD,GAAI,QAAQ,SAAS,YAAY;GAChC,eAAe,QAAQ,SAAS,SAAS;GACzC,mBAAmB,QAAQ,SAAS,SAAS;GAC7C,eAAe,QAAQ,SAAS,SAAS;GACzC,eAAe,OAAO,QAAQ,SAAS,SAAS,KAAK;GACrD,gBAAgB,QAAQ,SAAS,SAAS,SAAS;EACnD;CACD;AACD;;;;AAKD,eAAsB,gBACrBD,OACAE,KACAC,OACA,MAAM,QAAQ,KAAK,EACK;CACxB,MAAM,UAAU,MAAM,iBAAiB,OAAO,IAAI;AAElD,MAAK,QACJ,OAAM,IAAI,OACR,+BAA+B,MAAM,mCAAmC,MAAM;CAIjF,MAAMC,UAAwB;EAC7B,GAAG;EACH,WAAW,qBAAI,QAAO,aAAa;EACnC,QAAQ;GACP,GAAG,QAAQ;IACV,MAAM;EACP;CACD;AAED,OAAM,kBAAkB,SAAS,IAAI;AACrC,QAAO;AACP;;;;AAKD,SAAgB,aAAaC,UAA0B;AACtD,KAAI,SAAS,UAAU,EACtB,QAAO;AAER,SAAQ,EAAE,SAAS,MAAM,GAAG,EAAE,CAAC,EAAE,IAAI,OAAO,SAAS,SAAS,EAAE,CAAC,EAAE,SAAS,MAAM,GAAG,CAAC;AACtF"}

package/dist/storage-DLJAYxzJ.mjs

@@ -1,3 +0,0 @@
-import { getSecretsDir, getSecretsPath, maskPassword, readStageSecrets, secretsExist, setCustomSecret, toEmbeddableSecrets, writeStageSecrets } from "./storage-C9PU_30f.mjs";
-
-export { readStageSecrets, toEmbeddableSecrets };