@geekmidas/cli 0.13.0 → 0.15.0

package/dist/dokploy-api-CaETb2L6.mjs

@@ -0,0 +1,305 @@
+//#region src/deploy/dokploy-api.ts
+var DokployApiError = class extends Error {
+	constructor(message, status, statusText, issues) {
+		super(message);
+		this.status = status;
+		this.statusText = statusText;
+		this.issues = issues;
+		this.name = "DokployApiError";
+	}
+};
+/**
+* Dokploy API client
+*/
+var DokployApi = class {
+	baseUrl;
+	token;
+	constructor(options) {
+		this.baseUrl = options.baseUrl.replace(/\/$/, "");
+		this.token = options.token;
+	}
+	/**
+	* Make a GET request to the Dokploy API
+	*/
+	async get(endpoint) {
+		return this.request("GET", endpoint);
+	}
+	/**
+	* Make a POST request to the Dokploy API
+	*/
+	async post(endpoint, body) {
+		return this.request("POST", endpoint, body);
+	}
+	/**
+	* Make a request to the Dokploy API
+	*/
+	async request(method, endpoint, body) {
+		const url = `${this.baseUrl}/api/${endpoint}`;
+		const response = await fetch(url, {
+			method,
+			headers: {
+				"Content-Type": "application/json",
+				"x-api-key": this.token
+			},
+			body: body ? JSON.stringify(body) : void 0
+		});
+		if (!response.ok) {
+			let errorMessage = `Dokploy API error: ${response.status} ${response.statusText}`;
+			let issues;
+			try {
+				const errorBody = await response.json();
+				if (errorBody.message) errorMessage = `Dokploy API error: ${errorBody.message}`;
+				if (errorBody.issues?.length) {
+					issues = errorBody.issues;
+					errorMessage += `\n  Issues: ${errorBody.issues.map((i) => i.message).join(", ")}`;
+				}
+			} catch {}
+			throw new DokployApiError(errorMessage, response.status, response.statusText, issues);
+		}
+		const text = await response.text();
+		if (!text || text.trim() === "") return void 0;
+		return JSON.parse(text);
+	}
+	/**
+	* Validate the API token by making a test request
+	*/
+	async validateToken() {
+		try {
+			await this.get("project.all");
+			return true;
+		} catch {
+			return false;
+		}
+	}
+	/**
+	* List all projects
+	*/
+	async listProjects() {
+		return this.get("project.all");
+	}
+	/**
+	* Get a single project by ID
+	*/
+	async getProject(projectId) {
+		return this.get(`project.one?projectId=${projectId}`);
+	}
+	/**
+	* Create a new project
+	*/
+	async createProject(name, description) {
+		return this.post("project.create", {
+			name,
+			description: description ?? `Created by gkm CLI`
+		});
+	}
+	/**
+	* Create an environment in a project
+	*/
+	async createEnvironment(projectId, name, description) {
+		return this.post("environment.create", {
+			projectId,
+			name,
+			description: description ?? `${name} environment`
+		});
+	}
+	/**
+	* Create a new application
+	*/
+	async createApplication(name, projectId, environmentId) {
+		return this.post("application.create", {
+			name,
+			projectId,
+			environmentId,
+			appName: name.toLowerCase().replace(/[^a-z0-9-]/g, "-")
+		});
+	}
+	/**
+	* Update an application
+	*/
+	async updateApplication(applicationId, updates) {
+		await this.post("application.update", {
+			applicationId,
+			...updates
+		});
+	}
+	/**
+	* Save environment variables for an application
+	*/
+	async saveApplicationEnv(applicationId, env) {
+		await this.post("application.saveEnvironment", {
+			applicationId,
+			env
+		});
+	}
+	/**
+	* Configure application to use Docker provider (pull from registry)
+	*
+	* For private registries, either:
+	* - Use `registryId` if the registry is configured in Dokploy
+	* - Or provide `username`, `password`, and `registryUrl` directly
+	*/
+	async saveDockerProvider(applicationId, dockerImage, options) {
+		await this.post("application.saveDockerProvider", {
+			applicationId,
+			dockerImage,
+			...options
+		});
+	}
+	/**
+	* Deploy an application
+	*/
+	async deployApplication(applicationId) {
+		await this.post("application.deploy", { applicationId });
+	}
+	/**
+	* List all registries
+	*/
+	async listRegistries() {
+		return this.get("registry.all");
+	}
+	/**
+	* Create a new registry
+	*/
+	async createRegistry(registryName, registryUrl, username, password, options) {
+		return this.post("registry.create", {
+			registryName,
+			registryUrl,
+			username,
+			password,
+			imagePrefix: options?.imagePrefix
+		});
+	}
+	/**
+	* Get a registry by ID
+	*/
+	async getRegistry(registryId) {
+		return this.get(`registry.one?registryId=${registryId}`);
+	}
+	/**
+	* Update a registry
+	*/
+	async updateRegistry(registryId, updates) {
+		await this.post("registry.update", {
+			registryId,
+			...updates
+		});
+	}
+	/**
+	* Delete a registry
+	*/
+	async deleteRegistry(registryId) {
+		await this.post("registry.remove", { registryId });
+	}
+	/**
+	* Create a new Postgres database
+	*/
+	async createPostgres(name, projectId, environmentId, options) {
+		return this.post("postgres.create", {
+			name,
+			projectId,
+			environmentId,
+			appName: options?.appName ?? name.toLowerCase().replace(/[^a-z0-9-]/g, "-"),
+			databaseName: options?.databaseName ?? "app",
+			databaseUser: options?.databaseUser ?? "postgres",
+			databasePassword: options?.databasePassword,
+			dockerImage: options?.dockerImage ?? "postgres:16-alpine",
+			description: options?.description ?? `Postgres database for ${name}`
+		});
+	}
+	/**
+	* Get a Postgres database by ID
+	*/
+	async getPostgres(postgresId) {
+		return this.get(`postgres.one?postgresId=${postgresId}`);
+	}
+	/**
+	* Deploy a Postgres database
+	*/
+	async deployPostgres(postgresId) {
+		await this.post("postgres.deploy", { postgresId });
+	}
+	/**
+	* Save environment variables for Postgres
+	*/
+	async savePostgresEnv(postgresId, env) {
+		await this.post("postgres.saveEnvironment", {
+			postgresId,
+			env
+		});
+	}
+	/**
+	* Set external port for Postgres (for external access)
+	*/
+	async savePostgresExternalPort(postgresId, externalPort) {
+		await this.post("postgres.saveExternalPort", {
+			postgresId,
+			externalPort
+		});
+	}
+	/**
+	* Update Postgres configuration
+	*/
+	async updatePostgres(postgresId, updates) {
+		await this.post("postgres.update", {
+			postgresId,
+			...updates
+		});
+	}
+	/**
+	* Create a new Redis instance
+	*/
+	async createRedis(name, projectId, environmentId, options) {
+		return this.post("redis.create", {
+			name,
+			projectId,
+			environmentId,
+			appName: options?.appName ?? name.toLowerCase().replace(/[^a-z0-9-]/g, "-"),
+			databasePassword: options?.databasePassword,
+			dockerImage: options?.dockerImage ?? "redis:7-alpine",
+			description: options?.description ?? `Redis instance for ${name}`
+		});
+	}
+	/**
+	* Get a Redis instance by ID
+	*/
+	async getRedis(redisId) {
+		return this.get(`redis.one?redisId=${redisId}`);
+	}
+	/**
+	* Deploy a Redis instance
+	*/
+	async deployRedis(redisId) {
+		await this.post("redis.deploy", { redisId });
+	}
+	/**
+	* Save environment variables for Redis
+	*/
+	async saveRedisEnv(redisId, env) {
+		await this.post("redis.saveEnvironment", {
+			redisId,
+			env
+		});
+	}
+	/**
+	* Set external port for Redis (for external access)
+	*/
+	async saveRedisExternalPort(redisId, externalPort) {
+		await this.post("redis.saveExternalPort", {
+			redisId,
+			externalPort
+		});
+	}
+	/**
+	* Update Redis configuration
+	*/
+	async updateRedis(redisId, updates) {
+		await this.post("redis.update", {
+			redisId,
+			...updates
+		});
+	}
+};
+
+//#endregion
+export { DokployApi, DokployApiError };
+//# sourceMappingURL=dokploy-api-CaETb2L6.mjs.map

package/dist/dokploy-api-CaETb2L6.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"dokploy-api-CaETb2L6.mjs","names":["message: string","status: number","statusText: string","issues?: Array<{ message: string }>","options: DokployApiOptions","endpoint: string","body?: Record<string, unknown>","method: 'GET' | 'POST' | 'PUT' | 'DELETE'","issues: Array<{ message: string }> | undefined","projectId: string","name: string","description?: string","environmentId: string","applicationId: string","updates: Partial<DokployApplicationUpdate>","env: string","dockerImage: string","options?: {\n\t\t\t/** Registry ID in Dokploy (for pre-configured registries) */\n\t\t\tregistryId?: string;\n\t\t\t/** Registry username (for direct auth) */\n\t\t\tusername?: string;\n\t\t\t/** Registry password (for direct auth) */\n\t\t\tpassword?: string;\n\t\t\t/** Registry URL (for direct auth, e.g., ghcr.io) */\n\t\t\tregistryUrl?: string;\n\t\t}","registryName: string","registryUrl: string","username: string","password: string","options?: {\n\t\t\timagePrefix?: string;\n\t\t}","registryId: string","updates: Partial<{\n\t\t\tregistryName: string;\n\t\t\tregistryUrl: string;\n\t\t\tusername: string;\n\t\t\tpassword: string;\n\t\t\timagePrefix: string;\n\t\t}>","options?: {\n\t\t\tappName?: string;\n\t\t\tdatabaseName?: string;\n\t\t\tdatabaseUser?: string;\n\t\t\tdatabasePassword?: string;\n\t\t\tdockerImage?: string;\n\t\t\tdescription?: string;\n\t\t}","postgresId: string","externalPort: number | null","updates: Partial<DokployPostgresUpdate>","options?: {\n\t\t\tappName?: string;\n\t\t\tdatabasePassword?: string;\n\t\t\tdockerImage?: string;\n\t\t\tdescription?: string;\n\t\t}","redisId: string","updates: Partial<DokployRedisUpdate>"],"sources":["../src/deploy/dokploy-api.ts"],"sourcesContent":["/**\n * Centralized Dokploy API client\n *\n * Handles authentication, error handling, and provides typed methods for all Dokploy API endpoints.\n */\n\nexport interface DokployApiOptions {\n\t/** Dokploy server URL (e.g., https://dokploy.example.com) */\n\tbaseUrl: string;\n\t/** API token for authentication */\n\ttoken: string;\n}\n\nexport interface DokployErrorResponse {\n\tmessage?: string;\n\tissues?: Array<{ message: string }>;\n}\n\nexport class DokployApiError extends Error {\n\tconstructor(\n\t\tmessage: string,\n\t\tpublic status: number,\n\t\tpublic statusText: string,\n\t\tpublic issues?: Array<{ message: string }>,\n\t) {\n\t\tsuper(message);\n\t\tthis.name = 'DokployApiError';\n\t}\n}\n\n/**\n * Dokploy API client\n */\nexport class DokployApi {\n\tprivate baseUrl: string;\n\tprivate token: string;\n\n\tconstructor(options: DokployApiOptions) {\n\t\tthis.baseUrl = options.baseUrl.replace(/\\/$/, ''); // Remove trailing slash\n\t\tthis.token = options.token;\n\t}\n\n\t/**\n\t * Make a GET request to the Dokploy API\n\t */\n\tasync get<T>(endpoint: string): Promise<T> {\n\t\treturn this.request<T>('GET', endpoint);\n\t}\n\n\t/**\n\t * Make a POST request to the Dokploy API\n\t */\n\tasync post<T>(endpoint: string, body?: Record<string, unknown>): Promise<T> {\n\t\treturn this.request<T>('POST', endpoint, body);\n\t}\n\n\t/**\n\t * Make a request to the Dokploy API\n\t */\n\tprivate async request<T>(\n\t\tmethod: 'GET' | 'POST' | 'PUT' | 'DELETE',\n\t\tendpoint: string,\n\t\tbody?: Record<string, unknown>,\n\t): Promise<T> {\n\t\tconst url = `${this.baseUrl}/api/${endpoint}`;\n\n\t\tconst response = await fetch(url, {\n\t\t\tmethod,\n\t\t\theaders: {\n\t\t\t\t'Content-Type': 'application/json',\n\t\t\t\t'x-api-key': this.token,\n\t\t\t},\n\t\t\tbody: body ? JSON.stringify(body) : undefined,\n\t\t});\n\n\t\tif (!response.ok) {\n\t\t\tlet errorMessage = `Dokploy API error: ${response.status} ${response.statusText}`;\n\t\t\tlet issues: Array<{ message: string }> | undefined;\n\n\t\t\ttry {\n\t\t\t\tconst errorBody = (await response.json()) as DokployErrorResponse;\n\t\t\t\tif (errorBody.message) {\n\t\t\t\t\terrorMessage = `Dokploy API error: ${errorBody.message}`;\n\t\t\t\t}\n\t\t\t\tif (errorBody.issues?.length) {\n\t\t\t\t\tissues = errorBody.issues;\n\t\t\t\t\terrorMessage += `\\n  Issues: ${errorBody.issues.map((i) => i.message).join(', ')}`;\n\t\t\t\t}\n\t\t\t} catch {\n\t\t\t\t// Ignore JSON parse errors\n\t\t\t}\n\n\t\t\tthrow new DokployApiError(\n\t\t\t\terrorMessage,\n\t\t\t\tresponse.status,\n\t\t\t\tresponse.statusText,\n\t\t\t\tissues,\n\t\t\t);\n\t\t}\n\n\t\t// Handle empty responses (204 No Content or empty body)\n\t\tconst text = await response.text();\n\t\tif (!text || text.trim() === '') {\n\t\t\treturn undefined as T;\n\t\t}\n\t\treturn JSON.parse(text) as T;\n\t}\n\n\t/**\n\t * Validate the API token by making a test request\n\t */\n\tasync validateToken(): Promise<boolean> {\n\t\ttry {\n\t\t\tawait this.get('project.all');\n\t\t\treturn true;\n\t\t} catch {\n\t\t\treturn false;\n\t\t}\n\t}\n\n\t// ============================================\n\t// Project endpoints\n\t// ============================================\n\n\t/**\n\t * List all projects\n\t */\n\tasync listProjects(): Promise<DokployProject[]> {\n\t\treturn this.get<DokployProject[]>('project.all');\n\t}\n\n\t/**\n\t * Get a single project by ID\n\t */\n\tasync getProject(projectId: string): Promise<DokployProjectDetails> {\n\t\treturn this.get<DokployProjectDetails>(\n\t\t\t`project.one?projectId=${projectId}`,\n\t\t);\n\t}\n\n\t/**\n\t * Create a new project\n\t */\n\tasync createProject(\n\t\tname: string,\n\t\tdescription?: string,\n\t): Promise<{ project: DokployProject; environment: DokployEnvironment }> {\n\t\treturn this.post<{\n\t\t\tproject: DokployProject;\n\t\t\tenvironment: DokployEnvironment;\n\t\t}>('project.create', {\n\t\t\tname,\n\t\t\tdescription: description ?? `Created by gkm CLI`,\n\t\t});\n\t}\n\n\t// ============================================\n\t// Environment endpoints\n\t// ============================================\n\n\t/**\n\t * Create an environment in a project\n\t */\n\tasync createEnvironment(\n\t\tprojectId: string,\n\t\tname: string,\n\t\tdescription?: string,\n\t): Promise<DokployEnvironment> {\n\t\treturn this.post<DokployEnvironment>('environment.create', {\n\t\t\tprojectId,\n\t\t\tname,\n\t\t\tdescription: description ?? `${name} environment`,\n\t\t});\n\t}\n\n\t// ============================================\n\t// Application endpoints\n\t// ============================================\n\n\t/**\n\t * Create a new application\n\t */\n\tasync createApplication(\n\t\tname: string,\n\t\tprojectId: string,\n\t\tenvironmentId: string,\n\t): Promise<DokployApplication> {\n\t\treturn this.post<DokployApplication>('application.create', {\n\t\t\tname,\n\t\t\tprojectId,\n\t\t\tenvironmentId,\n\t\t\tappName: name.toLowerCase().replace(/[^a-z0-9-]/g, '-'),\n\t\t});\n\t}\n\n\t/**\n\t * Update an application\n\t */\n\tasync updateApplication(\n\t\tapplicationId: string,\n\t\tupdates: Partial<DokployApplicationUpdate>,\n\t): Promise<void> {\n\t\tawait this.post('application.update', {\n\t\t\tapplicationId,\n\t\t\t...updates,\n\t\t});\n\t}\n\n\t/**\n\t * Save environment variables for an application\n\t */\n\tasync saveApplicationEnv(applicationId: string, env: string): Promise<void> {\n\t\tawait this.post('application.saveEnvironment', {\n\t\t\tapplicationId,\n\t\t\tenv,\n\t\t});\n\t}\n\n\t/**\n\t * Configure application to use Docker provider (pull from registry)\n\t *\n\t * For private registries, either:\n\t * - Use `registryId` if the registry is configured in Dokploy\n\t * - Or provide `username`, `password`, and `registryUrl` directly\n\t */\n\tasync saveDockerProvider(\n\t\tapplicationId: string,\n\t\tdockerImage: string,\n\t\toptions?: {\n\t\t\t/** Registry ID in Dokploy (for pre-configured registries) */\n\t\t\tregistryId?: string;\n\t\t\t/** Registry username (for direct auth) */\n\t\t\tusername?: string;\n\t\t\t/** Registry password (for direct auth) */\n\t\t\tpassword?: string;\n\t\t\t/** Registry URL (for direct auth, e.g., ghcr.io) */\n\t\t\tregistryUrl?: string;\n\t\t},\n\t): Promise<void> {\n\t\tawait this.post('application.saveDockerProvider', {\n\t\t\tapplicationId,\n\t\t\tdockerImage,\n\t\t\t...options,\n\t\t});\n\t}\n\n\t/**\n\t * Deploy an application\n\t */\n\tasync deployApplication(applicationId: string): Promise<void> {\n\t\tawait this.post('application.deploy', { applicationId });\n\t}\n\n\t// ============================================\n\t// Registry endpoints\n\t// ============================================\n\n\t/**\n\t * List all registries\n\t */\n\tasync listRegistries(): Promise<DokployRegistry[]> {\n\t\treturn this.get<DokployRegistry[]>('registry.all');\n\t}\n\n\t/**\n\t * Create a new registry\n\t */\n\tasync createRegistry(\n\t\tregistryName: string,\n\t\tregistryUrl: string,\n\t\tusername: string,\n\t\tpassword: string,\n\t\toptions?: {\n\t\t\timagePrefix?: string;\n\t\t},\n\t): Promise<DokployRegistry> {\n\t\treturn this.post<DokployRegistry>('registry.create', {\n\t\t\tregistryName,\n\t\t\tregistryUrl,\n\t\t\tusername,\n\t\t\tpassword,\n\t\t\timagePrefix: options?.imagePrefix,\n\t\t});\n\t}\n\n\t/**\n\t * Get a registry by ID\n\t */\n\tasync getRegistry(registryId: string): Promise<DokployRegistry> {\n\t\treturn this.get<DokployRegistry>(`registry.one?registryId=${registryId}`);\n\t}\n\n\t/**\n\t * Update a registry\n\t */\n\tasync updateRegistry(\n\t\tregistryId: string,\n\t\tupdates: Partial<{\n\t\t\tregistryName: string;\n\t\t\tregistryUrl: string;\n\t\t\tusername: string;\n\t\t\tpassword: string;\n\t\t\timagePrefix: string;\n\t\t}>,\n\t): Promise<void> {\n\t\tawait this.post('registry.update', { registryId, ...updates });\n\t}\n\n\t/**\n\t * Delete a registry\n\t */\n\tasync deleteRegistry(registryId: string): Promise<void> {\n\t\tawait this.post('registry.remove', { registryId });\n\t}\n\n\t// ============================================\n\t// Postgres endpoints\n\t// ============================================\n\n\t/**\n\t * Create a new Postgres database\n\t */\n\tasync createPostgres(\n\t\tname: string,\n\t\tprojectId: string,\n\t\tenvironmentId: string,\n\t\toptions?: {\n\t\t\tappName?: string;\n\t\t\tdatabaseName?: string;\n\t\t\tdatabaseUser?: string;\n\t\t\tdatabasePassword?: string;\n\t\t\tdockerImage?: string;\n\t\t\tdescription?: string;\n\t\t},\n\t): Promise<DokployPostgres> {\n\t\treturn this.post<DokployPostgres>('postgres.create', {\n\t\t\tname,\n\t\t\tprojectId,\n\t\t\tenvironmentId,\n\t\t\tappName:\n\t\t\t\toptions?.appName ?? name.toLowerCase().replace(/[^a-z0-9-]/g, '-'),\n\t\t\tdatabaseName: options?.databaseName ?? 'app',\n\t\t\tdatabaseUser: options?.databaseUser ?? 'postgres',\n\t\t\tdatabasePassword: options?.databasePassword,\n\t\t\tdockerImage: options?.dockerImage ?? 'postgres:16-alpine',\n\t\t\tdescription: options?.description ?? `Postgres database for ${name}`,\n\t\t});\n\t}\n\n\t/**\n\t * Get a Postgres database by ID\n\t */\n\tasync getPostgres(postgresId: string): Promise<DokployPostgres> {\n\t\treturn this.get<DokployPostgres>(`postgres.one?postgresId=${postgresId}`);\n\t}\n\n\t/**\n\t * Deploy a Postgres database\n\t */\n\tasync deployPostgres(postgresId: string): Promise<void> {\n\t\tawait this.post('postgres.deploy', { postgresId });\n\t}\n\n\t/**\n\t * Save environment variables for Postgres\n\t */\n\tasync savePostgresEnv(postgresId: string, env: string): Promise<void> {\n\t\tawait this.post('postgres.saveEnvironment', { postgresId, env });\n\t}\n\n\t/**\n\t * Set external port for Postgres (for external access)\n\t */\n\tasync savePostgresExternalPort(\n\t\tpostgresId: string,\n\t\texternalPort: number | null,\n\t): Promise<void> {\n\t\tawait this.post('postgres.saveExternalPort', { postgresId, externalPort });\n\t}\n\n\t/**\n\t * Update Postgres configuration\n\t */\n\tasync updatePostgres(\n\t\tpostgresId: string,\n\t\tupdates: Partial<DokployPostgresUpdate>,\n\t): Promise<void> {\n\t\tawait this.post('postgres.update', { postgresId, ...updates });\n\t}\n\n\t// ============================================\n\t// Redis endpoints\n\t// ============================================\n\n\t/**\n\t * Create a new Redis instance\n\t */\n\tasync createRedis(\n\t\tname: string,\n\t\tprojectId: string,\n\t\tenvironmentId: string,\n\t\toptions?: {\n\t\t\tappName?: string;\n\t\t\tdatabasePassword?: string;\n\t\t\tdockerImage?: string;\n\t\t\tdescription?: string;\n\t\t},\n\t): Promise<DokployRedis> {\n\t\treturn this.post<DokployRedis>('redis.create', {\n\t\t\tname,\n\t\t\tprojectId,\n\t\t\tenvironmentId,\n\t\t\tappName:\n\t\t\t\toptions?.appName ?? name.toLowerCase().replace(/[^a-z0-9-]/g, '-'),\n\t\t\tdatabasePassword: options?.databasePassword,\n\t\t\tdockerImage: options?.dockerImage ?? 'redis:7-alpine',\n\t\t\tdescription: options?.description ?? `Redis instance for ${name}`,\n\t\t});\n\t}\n\n\t/**\n\t * Get a Redis instance by ID\n\t */\n\tasync getRedis(redisId: string): Promise<DokployRedis> {\n\t\treturn this.get<DokployRedis>(`redis.one?redisId=${redisId}`);\n\t}\n\n\t/**\n\t * Deploy a Redis instance\n\t */\n\tasync deployRedis(redisId: string): Promise<void> {\n\t\tawait this.post('redis.deploy', { redisId });\n\t}\n\n\t/**\n\t * Save environment variables for Redis\n\t */\n\tasync saveRedisEnv(redisId: string, env: string): Promise<void> {\n\t\tawait this.post('redis.saveEnvironment', { redisId, env });\n\t}\n\n\t/**\n\t * Set external port for Redis (for external access)\n\t */\n\tasync saveRedisExternalPort(\n\t\tredisId: string,\n\t\texternalPort: number | null,\n\t): Promise<void> {\n\t\tawait this.post('redis.saveExternalPort', { redisId, externalPort });\n\t}\n\n\t/**\n\t * Update Redis configuration\n\t */\n\tasync updateRedis(\n\t\tredisId: string,\n\t\tupdates: Partial<DokployRedisUpdate>,\n\t): Promise<void> {\n\t\tawait this.post('redis.update', { redisId, ...updates });\n\t}\n}\n\n// ============================================\n// Type definitions for Dokploy API responses\n// ============================================\n\nexport interface DokployProject {\n\tprojectId: string;\n\tname: string;\n\tdescription: string | null;\n\tcreatedAt?: string;\n\tadminId?: string;\n}\n\nexport interface DokployEnvironment {\n\tenvironmentId: string;\n\tname: string;\n\tdescription: string | null;\n}\n\nexport interface DokployProjectDetails extends DokployProject {\n\tenvironments: DokployEnvironment[];\n}\n\nexport interface DokployApplication {\n\tapplicationId: string;\n\tname: string;\n\tappName: string;\n\tprojectId: string;\n\tenvironmentId?: string;\n}\n\nexport interface DokployApplicationUpdate {\n\tregistryId: string;\n\tdockerImage: string;\n\tsourceType: 'docker';\n}\n\nexport interface DokployRegistry {\n\tregistryId: string;\n\tregistryName: string;\n\tregistryUrl: string;\n\tusername: string;\n\timagePrefix: string | null;\n}\n\nexport interface DokployPostgres {\n\tpostgresId: string;\n\tname: string;\n\tappName: string;\n\tdatabaseName: string;\n\tdatabaseUser: string;\n\tdatabasePassword: string;\n\tdockerImage: string;\n\tdescription: string | null;\n\tprojectId: string;\n\tenvironmentId: string;\n\tapplicationStatus: 'idle' | 'running' | 'done' | 'error';\n\texternalPort: number | null;\n\tcreatedAt?: string;\n}\n\nexport interface DokployPostgresUpdate {\n\tname: string;\n\tappName: string;\n\tdatabaseName: string;\n\tdatabaseUser: string;\n\tdatabasePassword: string;\n\tdockerImage: string;\n\tdescription: string;\n}\n\nexport interface DokployRedis {\n\tredisId: string;\n\tname: string;\n\tappName: string;\n\tdatabasePassword: string;\n\tdockerImage: string;\n\tdescription: string | null;\n\tprojectId: string;\n\tenvironmentId: string;\n\tapplicationStatus: 'idle' | 'running' | 'done' | 'error';\n\texternalPort: number | null;\n\tcreatedAt?: string;\n}\n\nexport interface DokployRedisUpdate {\n\tname: string;\n\tappName: string;\n\tdatabasePassword: string;\n\tdockerImage: string;\n\tdescription: string;\n}\n\n/**\n * Create a Dokploy API client from stored credentials or environment\n */\nexport async function createDokployApi(\n\tendpoint?: string,\n): Promise<DokployApi | null> {\n\tconst { getDokployCredentials } = await import('../auth/credentials');\n\n\t// Try environment variable first\n\tconst envToken = process.env.DOKPLOY_API_TOKEN;\n\tconst envEndpoint = endpoint || process.env.DOKPLOY_ENDPOINT;\n\n\tif (envToken && envEndpoint) {\n\t\treturn new DokployApi({ baseUrl: envEndpoint, token: envToken });\n\t}\n\n\t// Fall back to stored credentials\n\tconst creds = await getDokployCredentials();\n\tif (creds) {\n\t\treturn new DokployApi({\n\t\t\tbaseUrl: endpoint || creds.endpoint,\n\t\t\ttoken: creds.token,\n\t\t});\n\t}\n\n\treturn null;\n}\n"],"mappings":";AAkBA,IAAa,kBAAb,cAAqC,MAAM;CAC1C,YACCA,SACOC,QACAC,YACAC,QACN;AACD,QAAM,QAAQ;EAJP;EACA;EACA;AAGP,OAAK,OAAO;CACZ;AACD;;;;AAKD,IAAa,aAAb,MAAwB;CACvB,AAAQ;CACR,AAAQ;CAER,YAAYC,SAA4B;AACvC,OAAK,UAAU,QAAQ,QAAQ,QAAQ,OAAO,GAAG;AACjD,OAAK,QAAQ,QAAQ;CACrB;;;;CAKD,MAAM,IAAOC,UAA8B;AAC1C,SAAO,KAAK,QAAW,OAAO,SAAS;CACvC;;;;CAKD,MAAM,KAAQA,UAAkBC,MAA4C;AAC3E,SAAO,KAAK,QAAW,QAAQ,UAAU,KAAK;CAC9C;;;;CAKD,MAAc,QACbC,QACAF,UACAC,MACa;EACb,MAAM,OAAO,EAAE,KAAK,QAAQ,OAAO,SAAS;EAE5C,MAAM,WAAW,MAAM,MAAM,KAAK;GACjC;GACA,SAAS;IACR,gBAAgB;IAChB,aAAa,KAAK;GAClB;GACD,MAAM,OAAO,KAAK,UAAU,KAAK;EACjC,EAAC;AAEF,OAAK,SAAS,IAAI;GACjB,IAAI,gBAAgB,qBAAqB,SAAS,OAAO,GAAG,SAAS,WAAW;GAChF,IAAIE;AAEJ,OAAI;IACH,MAAM,YAAa,MAAM,SAAS,MAAM;AACxC,QAAI,UAAU,QACb,iBAAgB,qBAAqB,UAAU,QAAQ;AAExD,QAAI,UAAU,QAAQ,QAAQ;AAC7B,cAAS,UAAU;AACnB,sBAAiB,cAAc,UAAU,OAAO,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,KAAK,KAAK,CAAC;IACjF;GACD,QAAO,CAEP;AAED,SAAM,IAAI,gBACT,cACA,SAAS,QACT,SAAS,YACT;EAED;EAGD,MAAM,OAAO,MAAM,SAAS,MAAM;AAClC,OAAK,QAAQ,KAAK,MAAM,KAAK,GAC5B;AAED,SAAO,KAAK,MAAM,KAAK;CACvB;;;;CAKD,MAAM,gBAAkC;AACvC,MAAI;AACH,SAAM,KAAK,IAAI,cAAc;AAC7B,UAAO;EACP,QAAO;AACP,UAAO;EACP;CACD;;;;CASD,MAAM,eAA0C;AAC/C,SAAO,KAAK,IAAsB,cAAc;CAChD;;;;CAKD,MAAM,WAAWC,WAAmD;AACnE,SAAO,KAAK,KACV,wBAAwB,UAAU,EACnC;CACD;;;;CAKD,MAAM,cACLC,MACAC,aACwE;AACxE,SAAO,KAAK,KAGT,kBAAkB;GACpB;GACA,aAAa,gBAAgB;EAC7B,EAAC;CACF;;;;CASD,MAAM,kBACLF,WACAC,MACAC,aAC8B;AAC9B,SAAO,KAAK,KAAyB,sBAAsB;GAC1D;GACA;GACA,aAAa,gBAAgB,EAAE,KAAK;EACpC,EAAC;CACF;;;;CASD,MAAM,kBACLD,MACAD,WACAG,eAC8B;AAC9B,SAAO,KAAK,KAAyB,sBAAsB;GAC1D;GACA;GACA;GACA,SAAS,KAAK,aAAa,CAAC,QAAQ,eAAe,IAAI;EACvD,EAAC;CACF;;;;CAKD,MAAM,kBACLC,eACAC,SACgB;AAChB,QAAM,KAAK,KAAK,sBAAsB;GACrC;GACA,GAAG;EACH,EAAC;CACF;;;;CAKD,MAAM,mBAAmBD,eAAuBE,KAA4B;AAC3E,QAAM,KAAK,KAAK,+BAA+B;GAC9C;GACA;EACA,EAAC;CACF;;;;;;;;CASD,MAAM,mBACLF,eACAG,aACAC,SAUgB;AAChB,QAAM,KAAK,KAAK,kCAAkC;GACjD;GACA;GACA,GAAG;EACH,EAAC;CACF;;;;CAKD,MAAM,kBAAkBJ,eAAsC;AAC7D,QAAM,KAAK,KAAK,sBAAsB,EAAE,cAAe,EAAC;CACxD;;;;CASD,MAAM,iBAA6C;AAClD,SAAO,KAAK,IAAuB,eAAe;CAClD;;;;CAKD,MAAM,eACLK,cACAC,aACAC,UACAC,UACAC,SAG2B;AAC3B,SAAO,KAAK,KAAsB,mBAAmB;GACpD;GACA;GACA;GACA;GACA,aAAa,SAAS;EACtB,EAAC;CACF;;;;CAKD,MAAM,YAAYC,YAA8C;AAC/D,SAAO,KAAK,KAAsB,0BAA0B,WAAW,EAAE;CACzE;;;;CAKD,MAAM,eACLA,YACAC,SAOgB;AAChB,QAAM,KAAK,KAAK,mBAAmB;GAAE;GAAY,GAAG;EAAS,EAAC;CAC9D;;;;CAKD,MAAM,eAAeD,YAAmC;AACvD,QAAM,KAAK,KAAK,mBAAmB,EAAE,WAAY,EAAC;CAClD;;;;CASD,MAAM,eACLb,MACAD,WACAG,eACAa,SAQ2B;AAC3B,SAAO,KAAK,KAAsB,mBAAmB;GACpD;GACA;GACA;GACA,SACC,SAAS,WAAW,KAAK,aAAa,CAAC,QAAQ,eAAe,IAAI;GACnE,cAAc,SAAS,gBAAgB;GACvC,cAAc,SAAS,gBAAgB;GACvC,kBAAkB,SAAS;GAC3B,aAAa,SAAS,eAAe;GACrC,aAAa,SAAS,gBAAgB,wBAAwB,KAAK;EACnE,EAAC;CACF;;;;CAKD,MAAM,YAAYC,YAA8C;AAC/D,SAAO,KAAK,KAAsB,0BAA0B,WAAW,EAAE;CACzE;;;;CAKD,MAAM,eAAeA,YAAmC;AACvD,QAAM,KAAK,KAAK,mBAAmB,EAAE,WAAY,EAAC;CAClD;;;;CAKD,MAAM,gBAAgBA,YAAoBX,KAA4B;AACrE,QAAM,KAAK,KAAK,4BAA4B;GAAE;GAAY;EAAK,EAAC;CAChE;;;;CAKD,MAAM,yBACLW,YACAC,cACgB;AAChB,QAAM,KAAK,KAAK,6BAA6B;GAAE;GAAY;EAAc,EAAC;CAC1E;;;;CAKD,MAAM,eACLD,YACAE,SACgB;AAChB,QAAM,KAAK,KAAK,mBAAmB;GAAE;GAAY,GAAG;EAAS,EAAC;CAC9D;;;;CASD,MAAM,YACLlB,MACAD,WACAG,eACAiB,SAMwB;AACxB,SAAO,KAAK,KAAmB,gBAAgB;GAC9C;GACA;GACA;GACA,SACC,SAAS,WAAW,KAAK,aAAa,CAAC,QAAQ,eAAe,IAAI;GACnE,kBAAkB,SAAS;GAC3B,aAAa,SAAS,eAAe;GACrC,aAAa,SAAS,gBAAgB,qBAAqB,KAAK;EAChE,EAAC;CACF;;;;CAKD,MAAM,SAASC,SAAwC;AACtD,SAAO,KAAK,KAAmB,oBAAoB,QAAQ,EAAE;CAC7D;;;;CAKD,MAAM,YAAYA,SAAgC;AACjD,QAAM,KAAK,KAAK,gBAAgB,EAAE,QAAS,EAAC;CAC5C;;;;CAKD,MAAM,aAAaA,SAAiBf,KAA4B;AAC/D,QAAM,KAAK,KAAK,yBAAyB;GAAE;GAAS;EAAK,EAAC;CAC1D;;;;CAKD,MAAM,sBACLe,SACAH,cACgB;AAChB,QAAM,KAAK,KAAK,0BAA0B;GAAE;GAAS;EAAc,EAAC;CACpE;;;;CAKD,MAAM,YACLG,SACAC,SACgB;AAChB,QAAM,KAAK,KAAK,gBAAgB;GAAE;GAAS,GAAG;EAAS,EAAC;CACxD;AACD"}

package/dist/dokploy-api-DHvfmWbi.mjs

@@ -0,0 +1,3 @@
+import { DokployApi, DokployApiError } from "./dokploy-api-CaETb2L6.mjs";
+
+export { DokployApi };

package/dist/{encryption-Dyf_r1h-.cjs → encryption-D7Efcdi9.cjs}

@@ -41,4 +41,4 @@ function generateDefineOptions(payload) {
 //#endregion
 exports.encryptSecrets = encryptSecrets;
 exports.generateDefineOptions = generateDefineOptions;
-//# sourceMappingURL=encryption-Dyf_r1h-.cjs.map
+//# sourceMappingURL=encryption-D7Efcdi9.cjs.map

package/dist/{encryption-Dyf_r1h-.cjs.map → encryption-D7Efcdi9.cjs.map}

@@ -1 +1 @@
-{"version":3,"file":"encryption-Dyf_r1h-.cjs","names":["secrets: EmbeddableSecrets","payload: EncryptedPayload"],"sources":["../src/secrets/encryption.ts"],"sourcesContent":["import { createCipheriv, createDecipheriv, randomBytes } from 'node:crypto';\nimport type { EmbeddableSecrets, EncryptedPayload } from './types';\n\n/** AES-256-GCM configuration */\nconst ALGORITHM = 'aes-256-gcm';\nconst KEY_LENGTH = 32; // 256 bits\nconst IV_LENGTH = 12; // 96 bits for GCM\nconst AUTH_TAG_LENGTH = 16; // 128 bits\n\n/**\n * Encrypt secrets for embedding in a bundle.\n * Uses AES-256-GCM with a randomly generated ephemeral key.\n *\n * @param secrets - Key-value pairs to encrypt\n * @returns Encrypted payload with ephemeral master key\n */\nexport function encryptSecrets(secrets: EmbeddableSecrets): EncryptedPayload {\n\t// Generate ephemeral key and IV\n\tconst masterKey = randomBytes(KEY_LENGTH);\n\tconst iv = randomBytes(IV_LENGTH);\n\n\t// Serialize secrets to JSON\n\tconst plaintext = JSON.stringify(secrets);\n\n\t// Encrypt\n\tconst cipher = createCipheriv(ALGORITHM, masterKey, iv);\n\tconst ciphertext = Buffer.concat([\n\t\tcipher.update(plaintext, 'utf-8'),\n\t\tcipher.final(),\n\t]);\n\n\t// Get auth tag\n\tconst authTag = cipher.getAuthTag();\n\n\t// Combine ciphertext + auth tag\n\tconst combined = Buffer.concat([ciphertext, authTag]);\n\n\treturn {\n\t\tencrypted: combined.toString('base64'),\n\t\tiv: iv.toString('hex'),\n\t\tmasterKey: masterKey.toString('hex'),\n\t};\n}\n\n/**\n * Decrypt secrets from an encrypted payload.\n * Used at runtime to decrypt embedded credentials.\n *\n * @param encrypted - Base64 encoded ciphertext + auth tag\n * @param iv - Hex encoded IV\n * @param masterKey - Hex encoded master key\n * @returns Decrypted secrets\n */\nexport function decryptSecrets(\n\tencrypted: string,\n\tiv: string,\n\tmasterKey: string,\n): EmbeddableSecrets {\n\t// Decode inputs\n\tconst key = Buffer.from(masterKey, 'hex');\n\tconst ivBuffer = Buffer.from(iv, 'hex');\n\tconst combined = Buffer.from(encrypted, 'base64');\n\n\t// Split ciphertext and auth tag\n\tconst ciphertext = combined.subarray(0, -AUTH_TAG_LENGTH);\n\tconst authTag = combined.subarray(-AUTH_TAG_LENGTH);\n\n\t// Decrypt\n\tconst decipher = createDecipheriv(ALGORITHM, key, ivBuffer);\n\tdecipher.setAuthTag(authTag);\n\n\tconst plaintext = Buffer.concat([\n\t\tdecipher.update(ciphertext),\n\t\tdecipher.final(),\n\t]);\n\n\treturn JSON.parse(plaintext.toString('utf-8')) as EmbeddableSecrets;\n}\n\n/**\n * Generate the define options for tsdown/esbuild.\n * These will be injected at build time.\n */\nexport function generateDefineOptions(\n\tpayload: EncryptedPayload,\n): Record<string, string> {\n\treturn {\n\t\t__GKM_ENCRYPTED_CREDENTIALS__: JSON.stringify(payload.encrypted),\n\t\t__GKM_CREDENTIALS_IV__: JSON.stringify(payload.iv),\n\t};\n}\n"],"mappings":";;;;;AAIA,MAAM,YAAY;AAClB,MAAM,aAAa;AACnB,MAAM,YAAY;;;;;;;;AAUlB,SAAgB,eAAeA,SAA8C;CAE5E,MAAM,YAAY,6BAAY,WAAW;CACzC,MAAM,KAAK,6BAAY,UAAU;CAGjC,MAAM,YAAY,KAAK,UAAU,QAAQ;CAGzC,MAAM,SAAS,gCAAe,WAAW,WAAW,GAAG;CACvD,MAAM,aAAa,OAAO,OAAO,CAChC,OAAO,OAAO,WAAW,QAAQ,EACjC,OAAO,OAAO,AACd,EAAC;CAGF,MAAM,UAAU,OAAO,YAAY;CAGnC,MAAM,WAAW,OAAO,OAAO,CAAC,YAAY,OAAQ,EAAC;AAErD,QAAO;EACN,WAAW,SAAS,SAAS,SAAS;EACtC,IAAI,GAAG,SAAS,MAAM;EACtB,WAAW,UAAU,SAAS,MAAM;CACpC;AACD;;;;;AAyCD,SAAgB,sBACfC,SACyB;AACzB,QAAO;EACN,+BAA+B,KAAK,UAAU,QAAQ,UAAU;EAChE,wBAAwB,KAAK,UAAU,QAAQ,GAAG;CAClD;AACD"}
+{"version":3,"file":"encryption-D7Efcdi9.cjs","names":["secrets: EmbeddableSecrets","payload: EncryptedPayload"],"sources":["../src/secrets/encryption.ts"],"sourcesContent":["import { createCipheriv, createDecipheriv, randomBytes } from 'node:crypto';\nimport type { EmbeddableSecrets, EncryptedPayload } from './types';\n\n/** AES-256-GCM configuration */\nconst ALGORITHM = 'aes-256-gcm';\nconst KEY_LENGTH = 32; // 256 bits\nconst IV_LENGTH = 12; // 96 bits for GCM\nconst AUTH_TAG_LENGTH = 16; // 128 bits\n\n/**\n * Encrypt secrets for embedding in a bundle.\n * Uses AES-256-GCM with a randomly generated ephemeral key.\n *\n * @param secrets - Key-value pairs to encrypt\n * @returns Encrypted payload with ephemeral master key\n */\nexport function encryptSecrets(secrets: EmbeddableSecrets): EncryptedPayload {\n\t// Generate ephemeral key and IV\n\tconst masterKey = randomBytes(KEY_LENGTH);\n\tconst iv = randomBytes(IV_LENGTH);\n\n\t// Serialize secrets to JSON\n\tconst plaintext = JSON.stringify(secrets);\n\n\t// Encrypt\n\tconst cipher = createCipheriv(ALGORITHM, masterKey, iv);\n\tconst ciphertext = Buffer.concat([\n\t\tcipher.update(plaintext, 'utf-8'),\n\t\tcipher.final(),\n\t]);\n\n\t// Get auth tag\n\tconst authTag = cipher.getAuthTag();\n\n\t// Combine ciphertext + auth tag\n\tconst combined = Buffer.concat([ciphertext, authTag]);\n\n\treturn {\n\t\tencrypted: combined.toString('base64'),\n\t\tiv: iv.toString('hex'),\n\t\tmasterKey: masterKey.toString('hex'),\n\t};\n}\n\n/**\n * Decrypt secrets from an encrypted payload.\n * Used at runtime to decrypt embedded credentials.\n *\n * @param encrypted - Base64 encoded ciphertext + auth tag\n * @param iv - Hex encoded IV\n * @param masterKey - Hex encoded master key\n * @returns Decrypted secrets\n */\nexport function decryptSecrets(\n\tencrypted: string,\n\tiv: string,\n\tmasterKey: string,\n): EmbeddableSecrets {\n\t// Decode inputs\n\tconst key = Buffer.from(masterKey, 'hex');\n\tconst ivBuffer = Buffer.from(iv, 'hex');\n\tconst combined = Buffer.from(encrypted, 'base64');\n\n\t// Split ciphertext and auth tag\n\tconst ciphertext = combined.subarray(0, -AUTH_TAG_LENGTH);\n\tconst authTag = combined.subarray(-AUTH_TAG_LENGTH);\n\n\t// Decrypt\n\tconst decipher = createDecipheriv(ALGORITHM, key, ivBuffer);\n\tdecipher.setAuthTag(authTag);\n\n\tconst plaintext = Buffer.concat([\n\t\tdecipher.update(ciphertext),\n\t\tdecipher.final(),\n\t]);\n\n\treturn JSON.parse(plaintext.toString('utf-8')) as EmbeddableSecrets;\n}\n\n/**\n * Generate the define options for tsdown/esbuild.\n * These will be injected at build time.\n */\nexport function generateDefineOptions(\n\tpayload: EncryptedPayload,\n): Record<string, string> {\n\treturn {\n\t\t__GKM_ENCRYPTED_CREDENTIALS__: JSON.stringify(payload.encrypted),\n\t\t__GKM_CREDENTIALS_IV__: JSON.stringify(payload.iv),\n\t};\n}\n"],"mappings":";;;;;AAIA,MAAM,YAAY;AAClB,MAAM,aAAa;AACnB,MAAM,YAAY;;;;;;;;AAUlB,SAAgB,eAAeA,SAA8C;CAE5E,MAAM,YAAY,6BAAY,WAAW;CACzC,MAAM,KAAK,6BAAY,UAAU;CAGjC,MAAM,YAAY,KAAK,UAAU,QAAQ;CAGzC,MAAM,SAAS,gCAAe,WAAW,WAAW,GAAG;CACvD,MAAM,aAAa,OAAO,OAAO,CAChC,OAAO,OAAO,WAAW,QAAQ,EACjC,OAAO,OAAO,AACd,EAAC;CAGF,MAAM,UAAU,OAAO,YAAY;CAGnC,MAAM,WAAW,OAAO,OAAO,CAAC,YAAY,OAAQ,EAAC;AAErD,QAAO;EACN,WAAW,SAAS,SAAS,SAAS;EACtC,IAAI,GAAG,SAAS,MAAM;EACtB,WAAW,UAAU,SAAS,MAAM;CACpC;AACD;;;;;AAyCD,SAAgB,sBACfC,SACyB;AACzB,QAAO;EACN,+BAA+B,KAAK,UAAU,QAAQ,UAAU;EAChE,wBAAwB,KAAK,UAAU,QAAQ,GAAG;CAClD;AACD"}

package/dist/{encryption-C8H-38Yy.mjs → encryption-h4Nb6W-M.mjs}

@@ -39,4 +39,4 @@ function generateDefineOptions(payload) {
 
 //#endregion
 export { encryptSecrets, generateDefineOptions };
-//# sourceMappingURL=encryption-C8H-38Yy.mjs.map
+//# sourceMappingURL=encryption-h4Nb6W-M.mjs.map

package/dist/{encryption-C8H-38Yy.mjs.map → encryption-h4Nb6W-M.mjs.map}

@@ -1 +1 @@
-{"version":3,"file":"encryption-C8H-38Yy.mjs","names":["secrets: EmbeddableSecrets","payload: EncryptedPayload"],"sources":["../src/secrets/encryption.ts"],"sourcesContent":["import { createCipheriv, createDecipheriv, randomBytes } from 'node:crypto';\nimport type { EmbeddableSecrets, EncryptedPayload } from './types';\n\n/** AES-256-GCM configuration */\nconst ALGORITHM = 'aes-256-gcm';\nconst KEY_LENGTH = 32; // 256 bits\nconst IV_LENGTH = 12; // 96 bits for GCM\nconst AUTH_TAG_LENGTH = 16; // 128 bits\n\n/**\n * Encrypt secrets for embedding in a bundle.\n * Uses AES-256-GCM with a randomly generated ephemeral key.\n *\n * @param secrets - Key-value pairs to encrypt\n * @returns Encrypted payload with ephemeral master key\n */\nexport function encryptSecrets(secrets: EmbeddableSecrets): EncryptedPayload {\n\t// Generate ephemeral key and IV\n\tconst masterKey = randomBytes(KEY_LENGTH);\n\tconst iv = randomBytes(IV_LENGTH);\n\n\t// Serialize secrets to JSON\n\tconst plaintext = JSON.stringify(secrets);\n\n\t// Encrypt\n\tconst cipher = createCipheriv(ALGORITHM, masterKey, iv);\n\tconst ciphertext = Buffer.concat([\n\t\tcipher.update(plaintext, 'utf-8'),\n\t\tcipher.final(),\n\t]);\n\n\t// Get auth tag\n\tconst authTag = cipher.getAuthTag();\n\n\t// Combine ciphertext + auth tag\n\tconst combined = Buffer.concat([ciphertext, authTag]);\n\n\treturn {\n\t\tencrypted: combined.toString('base64'),\n\t\tiv: iv.toString('hex'),\n\t\tmasterKey: masterKey.toString('hex'),\n\t};\n}\n\n/**\n * Decrypt secrets from an encrypted payload.\n * Used at runtime to decrypt embedded credentials.\n *\n * @param encrypted - Base64 encoded ciphertext + auth tag\n * @param iv - Hex encoded IV\n * @param masterKey - Hex encoded master key\n * @returns Decrypted secrets\n */\nexport function decryptSecrets(\n\tencrypted: string,\n\tiv: string,\n\tmasterKey: string,\n): EmbeddableSecrets {\n\t// Decode inputs\n\tconst key = Buffer.from(masterKey, 'hex');\n\tconst ivBuffer = Buffer.from(iv, 'hex');\n\tconst combined = Buffer.from(encrypted, 'base64');\n\n\t// Split ciphertext and auth tag\n\tconst ciphertext = combined.subarray(0, -AUTH_TAG_LENGTH);\n\tconst authTag = combined.subarray(-AUTH_TAG_LENGTH);\n\n\t// Decrypt\n\tconst decipher = createDecipheriv(ALGORITHM, key, ivBuffer);\n\tdecipher.setAuthTag(authTag);\n\n\tconst plaintext = Buffer.concat([\n\t\tdecipher.update(ciphertext),\n\t\tdecipher.final(),\n\t]);\n\n\treturn JSON.parse(plaintext.toString('utf-8')) as EmbeddableSecrets;\n}\n\n/**\n * Generate the define options for tsdown/esbuild.\n * These will be injected at build time.\n */\nexport function generateDefineOptions(\n\tpayload: EncryptedPayload,\n): Record<string, string> {\n\treturn {\n\t\t__GKM_ENCRYPTED_CREDENTIALS__: JSON.stringify(payload.encrypted),\n\t\t__GKM_CREDENTIALS_IV__: JSON.stringify(payload.iv),\n\t};\n}\n"],"mappings":";;;;AAIA,MAAM,YAAY;AAClB,MAAM,aAAa;AACnB,MAAM,YAAY;;;;;;;;AAUlB,SAAgB,eAAeA,SAA8C;CAE5E,MAAM,YAAY,YAAY,WAAW;CACzC,MAAM,KAAK,YAAY,UAAU;CAGjC,MAAM,YAAY,KAAK,UAAU,QAAQ;CAGzC,MAAM,SAAS,eAAe,WAAW,WAAW,GAAG;CACvD,MAAM,aAAa,OAAO,OAAO,CAChC,OAAO,OAAO,WAAW,QAAQ,EACjC,OAAO,OAAO,AACd,EAAC;CAGF,MAAM,UAAU,OAAO,YAAY;CAGnC,MAAM,WAAW,OAAO,OAAO,CAAC,YAAY,OAAQ,EAAC;AAErD,QAAO;EACN,WAAW,SAAS,SAAS,SAAS;EACtC,IAAI,GAAG,SAAS,MAAM;EACtB,WAAW,UAAU,SAAS,MAAM;CACpC;AACD;;;;;AAyCD,SAAgB,sBACfC,SACyB;AACzB,QAAO;EACN,+BAA+B,KAAK,UAAU,QAAQ,UAAU;EAChE,wBAAwB,KAAK,UAAU,QAAQ,GAAG;CAClD;AACD"}
+{"version":3,"file":"encryption-h4Nb6W-M.mjs","names":["secrets: EmbeddableSecrets","payload: EncryptedPayload"],"sources":["../src/secrets/encryption.ts"],"sourcesContent":["import { createCipheriv, createDecipheriv, randomBytes } from 'node:crypto';\nimport type { EmbeddableSecrets, EncryptedPayload } from './types';\n\n/** AES-256-GCM configuration */\nconst ALGORITHM = 'aes-256-gcm';\nconst KEY_LENGTH = 32; // 256 bits\nconst IV_LENGTH = 12; // 96 bits for GCM\nconst AUTH_TAG_LENGTH = 16; // 128 bits\n\n/**\n * Encrypt secrets for embedding in a bundle.\n * Uses AES-256-GCM with a randomly generated ephemeral key.\n *\n * @param secrets - Key-value pairs to encrypt\n * @returns Encrypted payload with ephemeral master key\n */\nexport function encryptSecrets(secrets: EmbeddableSecrets): EncryptedPayload {\n\t// Generate ephemeral key and IV\n\tconst masterKey = randomBytes(KEY_LENGTH);\n\tconst iv = randomBytes(IV_LENGTH);\n\n\t// Serialize secrets to JSON\n\tconst plaintext = JSON.stringify(secrets);\n\n\t// Encrypt\n\tconst cipher = createCipheriv(ALGORITHM, masterKey, iv);\n\tconst ciphertext = Buffer.concat([\n\t\tcipher.update(plaintext, 'utf-8'),\n\t\tcipher.final(),\n\t]);\n\n\t// Get auth tag\n\tconst authTag = cipher.getAuthTag();\n\n\t// Combine ciphertext + auth tag\n\tconst combined = Buffer.concat([ciphertext, authTag]);\n\n\treturn {\n\t\tencrypted: combined.toString('base64'),\n\t\tiv: iv.toString('hex'),\n\t\tmasterKey: masterKey.toString('hex'),\n\t};\n}\n\n/**\n * Decrypt secrets from an encrypted payload.\n * Used at runtime to decrypt embedded credentials.\n *\n * @param encrypted - Base64 encoded ciphertext + auth tag\n * @param iv - Hex encoded IV\n * @param masterKey - Hex encoded master key\n * @returns Decrypted secrets\n */\nexport function decryptSecrets(\n\tencrypted: string,\n\tiv: string,\n\tmasterKey: string,\n): EmbeddableSecrets {\n\t// Decode inputs\n\tconst key = Buffer.from(masterKey, 'hex');\n\tconst ivBuffer = Buffer.from(iv, 'hex');\n\tconst combined = Buffer.from(encrypted, 'base64');\n\n\t// Split ciphertext and auth tag\n\tconst ciphertext = combined.subarray(0, -AUTH_TAG_LENGTH);\n\tconst authTag = combined.subarray(-AUTH_TAG_LENGTH);\n\n\t// Decrypt\n\tconst decipher = createDecipheriv(ALGORITHM, key, ivBuffer);\n\tdecipher.setAuthTag(authTag);\n\n\tconst plaintext = Buffer.concat([\n\t\tdecipher.update(ciphertext),\n\t\tdecipher.final(),\n\t]);\n\n\treturn JSON.parse(plaintext.toString('utf-8')) as EmbeddableSecrets;\n}\n\n/**\n * Generate the define options for tsdown/esbuild.\n * These will be injected at build time.\n */\nexport function generateDefineOptions(\n\tpayload: EncryptedPayload,\n): Record<string, string> {\n\treturn {\n\t\t__GKM_ENCRYPTED_CREDENTIALS__: JSON.stringify(payload.encrypted),\n\t\t__GKM_CREDENTIALS_IV__: JSON.stringify(payload.iv),\n\t};\n}\n"],"mappings":";;;;AAIA,MAAM,YAAY;AAClB,MAAM,aAAa;AACnB,MAAM,YAAY;;;;;;;;AAUlB,SAAgB,eAAeA,SAA8C;CAE5E,MAAM,YAAY,YAAY,WAAW;CACzC,MAAM,KAAK,YAAY,UAAU;CAGjC,MAAM,YAAY,KAAK,UAAU,QAAQ;CAGzC,MAAM,SAAS,eAAe,WAAW,WAAW,GAAG;CACvD,MAAM,aAAa,OAAO,OAAO,CAChC,OAAO,OAAO,WAAW,QAAQ,EACjC,OAAO,OAAO,AACd,EAAC;CAGF,MAAM,UAAU,OAAO,YAAY;CAGnC,MAAM,WAAW,OAAO,OAAO,CAAC,YAAY,OAAQ,EAAC;AAErD,QAAO;EACN,WAAW,SAAS,SAAS,SAAS;EACtC,IAAI,GAAG,SAAS,MAAM;EACtB,WAAW,UAAU,SAAS,MAAM;CACpC;AACD;;;;;AAyCD,SAAgB,sBACfC,SACyB;AACzB,QAAO;EACN,+BAA+B,KAAK,UAAU,QAAQ,UAAU;EAChE,wBAAwB,KAAK,UAAU,QAAQ,GAAG;CAClD;AACD"}