@geekmidas/cli 0.54.0 → 1.0.1

package/dist/HostingerProvider-DqUq6e9i.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"HostingerProvider-DqUq6e9i.mjs","names":["message: string","status: number","statusText: string","errors?: Record<string, string[]>","token: string","method: 'GET' | 'POST' | 'PUT' | 'DELETE'","endpoint: string","body?: unknown","errors: Record<string, string[]> | undefined","domain: string","records: DnsRecord[]","filters: DnsRecordFilter[]","name: string","type: DnsRecordType","subdomain: string","ip: string","domain: string","records: UpsertDnsRecord[]","results: UpsertResult[]"],"sources":["../src/deploy/dns/hostinger-api.ts","../src/deploy/dns/HostingerProvider.ts"],"sourcesContent":["/**\n * Hostinger DNS API client\n *\n * API Documentation: https://developers.hostinger.com/\n * Authentication: Bearer token from hpanel.hostinger.com/profile/api\n */\n\nconst HOSTINGER_API_BASE = 'https://developers.hostinger.com';\n\n/**\n * DNS record types supported by Hostinger\n */\nexport type DnsRecordType =\n\t| 'A'\n\t| 'AAAA'\n\t| 'CNAME'\n\t| 'MX'\n\t| 'TXT'\n\t| 'NS'\n\t| 'SRV'\n\t| 'CAA';\n\n/**\n * A single DNS record\n */\nexport interface DnsRecord {\n\t/** Subdomain name (e.g., 'api.joemoer' for api.joemoer.traflabs.io) */\n\tname: string;\n\t/** Record type */\n\ttype: DnsRecordType;\n\t/** TTL in seconds */\n\tttl: number;\n\t/** Record values */\n\trecords: Array<{ content: string }>;\n}\n\n/**\n * Filter for deleting specific records\n */\nexport interface DnsRecordFilter {\n\tname: string;\n\ttype: DnsRecordType;\n}\n\n/**\n * API error response\n */\nexport interface HostingerErrorResponse {\n\tmessage?: string;\n\terrors?: Record<string, string[]>;\n}\n\n/**\n * Hostinger API error\n */\nexport class HostingerApiError extends Error {\n\tconstructor(\n\t\tmessage: string,\n\t\tpublic status: number,\n\t\tpublic statusText: string,\n\t\tpublic errors?: Record<string, string[]>,\n\t) {\n\t\tsuper(message);\n\t\tthis.name = 'HostingerApiError';\n\t}\n}\n\n/**\n * Hostinger DNS API client\n *\n * @example\n * ```ts\n * const api = new HostingerApi(token);\n *\n * // Get all records for a domain\n * const records = await api.getRecords('traflabs.io');\n *\n * // Create/update records\n * await api.upsertRecords('traflabs.io', [\n *   { name: 'api.joemoer', type: 'A', ttl: 300, records: ['1.2.3.4'] }\n * ]);\n * ```\n */\nexport class HostingerApi {\n\tprivate token: string;\n\n\tconstructor(token: string) {\n\t\tthis.token = token;\n\t}\n\n\t/**\n\t * Make a request to the Hostinger API\n\t */\n\tprivate async request<T>(\n\t\tmethod: 'GET' | 'POST' | 'PUT' | 'DELETE',\n\t\tendpoint: string,\n\t\tbody?: unknown,\n\t): Promise<T> {\n\t\tconst url = `${HOSTINGER_API_BASE}${endpoint}`;\n\n\t\tconst response = await fetch(url, {\n\t\t\tmethod,\n\t\t\theaders: {\n\t\t\t\t'Content-Type': 'application/json',\n\t\t\t\tAuthorization: `Bearer ${this.token}`,\n\t\t\t},\n\t\t\tbody: body ? JSON.stringify(body) : undefined,\n\t\t});\n\n\t\tif (!response.ok) {\n\t\t\tlet errorMessage = `Hostinger API error: ${response.status} ${response.statusText}`;\n\t\t\tlet errors: Record<string, string[]> | undefined;\n\n\t\t\ttry {\n\t\t\t\tconst errorBody = (await response.json()) as HostingerErrorResponse;\n\t\t\t\tif (errorBody.message) {\n\t\t\t\t\terrorMessage = `Hostinger API error: ${errorBody.message}`;\n\t\t\t\t}\n\t\t\t\terrors = errorBody.errors;\n\t\t\t} catch {\n\t\t\t\t// Ignore JSON parse errors\n\t\t\t}\n\n\t\t\tthrow new HostingerApiError(\n\t\t\t\terrorMessage,\n\t\t\t\tresponse.status,\n\t\t\t\tresponse.statusText,\n\t\t\t\terrors,\n\t\t\t);\n\t\t}\n\n\t\t// Handle empty responses\n\t\tconst text = await response.text();\n\t\tif (!text || text.trim() === '') {\n\t\t\treturn undefined as T;\n\t\t}\n\t\treturn JSON.parse(text) as T;\n\t}\n\n\t/**\n\t * Get all DNS records for a domain\n\t *\n\t * @param domain - Root domain (e.g., 'traflabs.io')\n\t */\n\tasync getRecords(domain: string): Promise<DnsRecord[]> {\n\t\tinterface RecordResponse {\n\t\t\tdata: Array<{\n\t\t\t\tname: string;\n\t\t\t\ttype: DnsRecordType;\n\t\t\t\tttl: number;\n\t\t\t\trecords: Array<{ content: string }>;\n\t\t\t}>;\n\t\t}\n\n\t\tconst response = await this.request<RecordResponse>(\n\t\t\t'GET',\n\t\t\t`/api/dns/v1/zones/${domain}`,\n\t\t);\n\n\t\treturn response.data || [];\n\t}\n\n\t/**\n\t * Create or update DNS records\n\t *\n\t * @param domain - Root domain (e.g., 'traflabs.io')\n\t * @param records - Records to create/update\n\t * @param overwrite - If true, replaces all existing records. If false, merges with existing.\n\t */\n\tasync upsertRecords(\n\t\tdomain: string,\n\t\trecords: DnsRecord[],\n\t\toverwrite = false,\n\t): Promise<void> {\n\t\tawait this.request('PUT', `/api/dns/v1/zones/${domain}`, {\n\t\t\toverwrite,\n\t\t\tzone: records,\n\t\t});\n\t}\n\n\t/**\n\t * Validate DNS records before applying\n\t *\n\t * @param domain - Root domain (e.g., 'traflabs.io')\n\t * @param records - Records to validate\n\t * @returns true if valid, throws if invalid\n\t */\n\tasync validateRecords(\n\t\tdomain: string,\n\t\trecords: DnsRecord[],\n\t): Promise<boolean> {\n\t\tawait this.request('POST', `/api/dns/v1/zones/${domain}/validate`, {\n\t\t\toverwrite: false,\n\t\t\tzone: records,\n\t\t});\n\t\treturn true;\n\t}\n\n\t/**\n\t * Delete specific DNS records\n\t *\n\t * @param domain - Root domain (e.g., 'traflabs.io')\n\t * @param filters - Filters to match records for deletion\n\t */\n\tasync deleteRecords(\n\t\tdomain: string,\n\t\tfilters: DnsRecordFilter[],\n\t): Promise<void> {\n\t\tawait this.request('DELETE', `/api/dns/v1/zones/${domain}`, {\n\t\t\tfilters,\n\t\t});\n\t}\n\n\t/**\n\t * Check if a specific record exists\n\t *\n\t * @param domain - Root domain (e.g., 'traflabs.io')\n\t * @param name - Subdomain name (e.g., 'api.joemoer')\n\t * @param type - Record type (e.g., 'A')\n\t */\n\tasync recordExists(\n\t\tdomain: string,\n\t\tname: string,\n\t\ttype: DnsRecordType = 'A',\n\t): Promise<boolean> {\n\t\tconst records = await this.getRecords(domain);\n\t\treturn records.some((r) => r.name === name && r.type === type);\n\t}\n\n\t/**\n\t * Create a single A record if it doesn't exist\n\t *\n\t * @param domain - Root domain (e.g., 'traflabs.io')\n\t * @param subdomain - Subdomain name (e.g., 'api.joemoer')\n\t * @param ip - IP address to point to\n\t * @param ttl - TTL in seconds (default: 300)\n\t * @returns true if created, false if already exists\n\t */\n\tasync createARecordIfNotExists(\n\t\tdomain: string,\n\t\tsubdomain: string,\n\t\tip: string,\n\t\tttl = 300,\n\t): Promise<boolean> {\n\t\tconst exists = await this.recordExists(domain, subdomain, 'A');\n\t\tif (exists) {\n\t\t\treturn false;\n\t\t}\n\n\t\tawait this.upsertRecords(domain, [\n\t\t\t{\n\t\t\t\tname: subdomain,\n\t\t\t\ttype: 'A',\n\t\t\t\tttl,\n\t\t\t\trecords: [{ content: ip }],\n\t\t\t},\n\t\t]);\n\n\t\treturn true;\n\t}\n}\n","/**\n * Hostinger DNS Provider\n *\n * Implements DnsProvider interface using the Hostinger DNS API.\n */\n\nimport { getHostingerToken } from '../../auth/credentials';\nimport type {\n\tDnsProvider,\n\tDnsRecord,\n\tUpsertDnsRecord,\n\tUpsertResult,\n} from './DnsProvider';\nimport { HostingerApi } from './hostinger-api';\n\n/**\n * Hostinger DNS provider implementation.\n */\nexport class HostingerProvider implements DnsProvider {\n\treadonly name = 'hostinger';\n\tprivate api: HostingerApi | null = null;\n\n\t/**\n\t * Get or create the Hostinger API client.\n\t */\n\tprivate async getApi(): Promise<HostingerApi> {\n\t\tif (this.api) {\n\t\t\treturn this.api;\n\t\t}\n\n\t\tconst token = await getHostingerToken();\n\t\tif (!token) {\n\t\t\tthrow new Error(\n\t\t\t\t'Hostinger API token not configured. Run `gkm login --service=hostinger` or get your token from https://hpanel.hostinger.com/profile/api',\n\t\t\t);\n\t\t}\n\n\t\tthis.api = new HostingerApi(token);\n\t\treturn this.api;\n\t}\n\n\tasync getRecords(domain: string): Promise<DnsRecord[]> {\n\t\tconst api = await this.getApi();\n\t\tconst records = await api.getRecords(domain);\n\n\t\treturn records.map((r) => ({\n\t\t\tname: r.name,\n\t\t\ttype: r.type,\n\t\t\tttl: r.ttl,\n\t\t\tvalues: r.records.map((rec) => rec.content),\n\t\t}));\n\t}\n\n\tasync upsertRecords(\n\t\tdomain: string,\n\t\trecords: UpsertDnsRecord[],\n\t): Promise<UpsertResult[]> {\n\t\tconst api = await this.getApi();\n\t\tconst results: UpsertResult[] = [];\n\n\t\t// Get existing records to check what already exists\n\t\tconst existingRecords = await api.getRecords(domain);\n\n\t\tfor (const record of records) {\n\t\t\tconst existing = existingRecords.find(\n\t\t\t\t(r) => r.name === record.name && r.type === record.type,\n\t\t\t);\n\n\t\t\tconst existingValue = existing?.records?.[0]?.content;\n\n\t\t\tif (existing && existingValue === record.value) {\n\t\t\t\t// Record exists with same value - unchanged\n\t\t\t\tresults.push({\n\t\t\t\t\trecord,\n\t\t\t\t\tcreated: false,\n\t\t\t\t\tunchanged: true,\n\t\t\t\t});\n\t\t\t\tcontinue;\n\t\t\t}\n\n\t\t\t// Create or update the record\n\t\t\tawait api.upsertRecords(domain, [\n\t\t\t\t{\n\t\t\t\t\tname: record.name,\n\t\t\t\t\ttype: record.type,\n\t\t\t\t\tttl: record.ttl,\n\t\t\t\t\trecords: [{ content: record.value }],\n\t\t\t\t},\n\t\t\t]);\n\n\t\t\tresults.push({\n\t\t\t\trecord,\n\t\t\t\tcreated: !existing,\n\t\t\t\tunchanged: false,\n\t\t\t});\n\t\t}\n\n\t\treturn results;\n\t}\n}\n"],"mappings":";;;;;;;;;AAOA,MAAM,qBAAqB;;;;AAgD3B,IAAa,oBAAb,cAAuC,MAAM;CAC5C,YACCA,SACOC,QACAC,YACAC,QACN;AACD,QAAM,QAAQ;EAJP;EACA;EACA;AAGP,OAAK,OAAO;CACZ;AACD;;;;;;;;;;;;;;;;;AAkBD,IAAa,eAAb,MAA0B;CACzB,AAAQ;CAER,YAAYC,OAAe;AAC1B,OAAK,QAAQ;CACb;;;;CAKD,MAAc,QACbC,QACAC,UACAC,MACa;EACb,MAAM,OAAO,EAAE,mBAAmB,EAAE,SAAS;EAE7C,MAAM,WAAW,MAAM,MAAM,KAAK;GACjC;GACA,SAAS;IACR,gBAAgB;IAChB,gBAAgB,SAAS,KAAK,MAAM;GACpC;GACD,MAAM,OAAO,KAAK,UAAU,KAAK;EACjC,EAAC;AAEF,OAAK,SAAS,IAAI;GACjB,IAAI,gBAAgB,uBAAuB,SAAS,OAAO,GAAG,SAAS,WAAW;GAClF,IAAIC;AAEJ,OAAI;IACH,MAAM,YAAa,MAAM,SAAS,MAAM;AACxC,QAAI,UAAU,QACb,iBAAgB,uBAAuB,UAAU,QAAQ;AAE1D,aAAS,UAAU;GACnB,QAAO,CAEP;AAED,SAAM,IAAI,kBACT,cACA,SAAS,QACT,SAAS,YACT;EAED;EAGD,MAAM,OAAO,MAAM,SAAS,MAAM;AAClC,OAAK,QAAQ,KAAK,MAAM,KAAK,GAC5B;AAED,SAAO,KAAK,MAAM,KAAK;CACvB;;;;;;CAOD,MAAM,WAAWC,QAAsC;EAUtD,MAAM,WAAW,MAAM,KAAK,QAC3B,QACC,oBAAoB,OAAO,EAC5B;AAED,SAAO,SAAS,QAAQ,CAAE;CAC1B;;;;;;;;CASD,MAAM,cACLA,QACAC,SACA,YAAY,OACI;AAChB,QAAM,KAAK,QAAQ,QAAQ,oBAAoB,OAAO,GAAG;GACxD;GACA,MAAM;EACN,EAAC;CACF;;;;;;;;CASD,MAAM,gBACLD,QACAC,SACmB;AACnB,QAAM,KAAK,QAAQ,SAAS,oBAAoB,OAAO,YAAY;GAClE,WAAW;GACX,MAAM;EACN,EAAC;AACF,SAAO;CACP;;;;;;;CAQD,MAAM,cACLD,QACAE,SACgB;AAChB,QAAM,KAAK,QAAQ,WAAW,oBAAoB,OAAO,GAAG,EAC3D,QACA,EAAC;CACF;;;;;;;;CASD,MAAM,aACLF,QACAG,MACAC,OAAsB,KACH;EACnB,MAAM,UAAU,MAAM,KAAK,WAAW,OAAO;AAC7C,SAAO,QAAQ,KAAK,CAAC,MAAM,EAAE,SAAS,QAAQ,EAAE,SAAS,KAAK;CAC9D;;;;;;;;;;CAWD,MAAM,yBACLJ,QACAK,WACAC,IACA,MAAM,KACa;EACnB,MAAM,SAAS,MAAM,KAAK,aAAa,QAAQ,WAAW,IAAI;AAC9D,MAAI,OACH,QAAO;AAGR,QAAM,KAAK,cAAc,QAAQ,CAChC;GACC,MAAM;GACN,MAAM;GACN;GACA,SAAS,CAAC,EAAE,SAAS,GAAI,CAAC;EAC1B,CACD,EAAC;AAEF,SAAO;CACP;AACD;;;;;;;AClPD,IAAa,oBAAb,MAAsD;CACrD,AAAS,OAAO;CAChB,AAAQ,MAA2B;;;;CAKnC,MAAc,SAAgC;AAC7C,MAAI,KAAK,IACR,QAAO,KAAK;EAGb,MAAM,QAAQ,MAAM,mBAAmB;AACvC,OAAK,MACJ,OAAM,IAAI,MACT;AAIF,OAAK,MAAM,IAAI,aAAa;AAC5B,SAAO,KAAK;CACZ;CAED,MAAM,WAAWC,QAAsC;EACtD,MAAM,MAAM,MAAM,KAAK,QAAQ;EAC/B,MAAM,UAAU,MAAM,IAAI,WAAW,OAAO;AAE5C,SAAO,QAAQ,IAAI,CAAC,OAAO;GAC1B,MAAM,EAAE;GACR,MAAM,EAAE;GACR,KAAK,EAAE;GACP,QAAQ,EAAE,QAAQ,IAAI,CAAC,QAAQ,IAAI,QAAQ;EAC3C,GAAE;CACH;CAED,MAAM,cACLA,QACAC,SAC0B;EAC1B,MAAM,MAAM,MAAM,KAAK,QAAQ;EAC/B,MAAMC,UAA0B,CAAE;EAGlC,MAAM,kBAAkB,MAAM,IAAI,WAAW,OAAO;AAEpD,OAAK,MAAM,UAAU,SAAS;GAC7B,MAAM,WAAW,gBAAgB,KAChC,CAAC,MAAM,EAAE,SAAS,OAAO,QAAQ,EAAE,SAAS,OAAO,KACnD;GAED,MAAM,gBAAgB,UAAU,UAAU,IAAI;AAE9C,OAAI,YAAY,kBAAkB,OAAO,OAAO;AAE/C,YAAQ,KAAK;KACZ;KACA,SAAS;KACT,WAAW;IACX,EAAC;AACF;GACA;AAGD,SAAM,IAAI,cAAc,QAAQ,CAC/B;IACC,MAAM,OAAO;IACb,MAAM,OAAO;IACb,KAAK,OAAO;IACZ,SAAS,CAAC,EAAE,SAAS,OAAO,MAAO,CAAC;GACpC,CACD,EAAC;AAEF,WAAQ,KAAK;IACZ;IACA,UAAU;IACV,WAAW;GACX,EAAC;EACF;AAED,SAAO;CACP;AACD"}

package/dist/LocalStateProvider-CdspeSVL.cjs

@@ -0,0 +1,43 @@
+const require_chunk = require('./chunk-CUT6urMc.cjs');
+const node_path = require_chunk.__toESM(require("node:path"));
+const node_fs_promises = require_chunk.__toESM(require("node:fs/promises"));
+
+//#region src/deploy/LocalStateProvider.ts
+/**
+* Get the state file path for a stage.
+*/
+function getStateFilePath(workspaceRoot, stage) {
+	return (0, node_path.join)(workspaceRoot, ".gkm", `deploy-${stage}.json`);
+}
+/**
+* Local filesystem state provider.
+*
+* Stores state in .gkm/deploy-{stage}.json files in the workspace root.
+*/
+var LocalStateProvider = class {
+	constructor(workspaceRoot) {
+		this.workspaceRoot = workspaceRoot;
+	}
+	async read(stage) {
+		const filePath = getStateFilePath(this.workspaceRoot, stage);
+		try {
+			const content = await (0, node_fs_promises.readFile)(filePath, "utf-8");
+			return JSON.parse(content);
+		} catch (error) {
+			if (error.code === "ENOENT") return null;
+			console.warn(`Warning: Could not read deploy state: ${error}`);
+			return null;
+		}
+	}
+	async write(stage, state) {
+		const filePath = getStateFilePath(this.workspaceRoot, stage);
+		const dir = (0, node_path.join)(this.workspaceRoot, ".gkm");
+		await (0, node_fs_promises.mkdir)(dir, { recursive: true });
+		state.lastDeployedAt = (/* @__PURE__ */ new Date()).toISOString();
+		await (0, node_fs_promises.writeFile)(filePath, JSON.stringify(state, null, 2));
+	}
+};
+
+//#endregion
+exports.LocalStateProvider = LocalStateProvider;
+//# sourceMappingURL=LocalStateProvider-CdspeSVL.cjs.map

package/dist/LocalStateProvider-CdspeSVL.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"LocalStateProvider-CdspeSVL.cjs","names":["workspaceRoot: string","stage: string","state: DokployStageState"],"sources":["../src/deploy/LocalStateProvider.ts"],"sourcesContent":["/**\n * Local Filesystem State Provider\n *\n * Stores deployment state in .gkm/deploy-{stage}.json files.\n * This is the default provider for local development.\n */\n\nimport { mkdir, readFile, writeFile } from 'node:fs/promises';\nimport { join } from 'node:path';\nimport type { StateProvider } from './StateProvider';\nimport type { DokployStageState } from './state';\n\n/**\n * Get the state file path for a stage.\n */\nfunction getStateFilePath(workspaceRoot: string, stage: string): string {\n\treturn join(workspaceRoot, '.gkm', `deploy-${stage}.json`);\n}\n\n/**\n * Local filesystem state provider.\n *\n * Stores state in .gkm/deploy-{stage}.json files in the workspace root.\n */\nexport class LocalStateProvider implements StateProvider {\n\tconstructor(private readonly workspaceRoot: string) {}\n\n\tasync read(stage: string): Promise<DokployStageState | null> {\n\t\tconst filePath = getStateFilePath(this.workspaceRoot, stage);\n\n\t\ttry {\n\t\t\tconst content = await readFile(filePath, 'utf-8');\n\t\t\treturn JSON.parse(content) as DokployStageState;\n\t\t} catch (error) {\n\t\t\t// File doesn't exist - return null\n\t\t\tif ((error as NodeJS.ErrnoException).code === 'ENOENT') {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\t// Log other errors but don't fail\n\t\t\tconsole.warn(`Warning: Could not read deploy state: ${error}`);\n\t\t\treturn null;\n\t\t}\n\t}\n\n\tasync write(stage: string, state: DokployStageState): Promise<void> {\n\t\tconst filePath = getStateFilePath(this.workspaceRoot, stage);\n\t\tconst dir = join(this.workspaceRoot, '.gkm');\n\n\t\t// Ensure .gkm directory exists\n\t\tawait mkdir(dir, { recursive: true });\n\n\t\t// Update last deployed timestamp\n\t\tstate.lastDeployedAt = new Date().toISOString();\n\n\t\tawait writeFile(filePath, JSON.stringify(state, null, 2));\n\t}\n}\n"],"mappings":";;;;;;;;AAeA,SAAS,iBAAiBA,eAAuBC,OAAuB;AACvE,QAAO,oBAAK,eAAe,SAAS,SAAS,MAAM,OAAO;AAC1D;;;;;;AAOD,IAAa,qBAAb,MAAyD;CACxD,YAA6BD,eAAuB;EAAvB;CAAyB;CAEtD,MAAM,KAAKC,OAAkD;EAC5D,MAAM,WAAW,iBAAiB,KAAK,eAAe,MAAM;AAE5D,MAAI;GACH,MAAM,UAAU,MAAM,+BAAS,UAAU,QAAQ;AACjD,UAAO,KAAK,MAAM,QAAQ;EAC1B,SAAQ,OAAO;AAEf,OAAK,MAAgC,SAAS,SAC7C,QAAO;AAGR,WAAQ,MAAM,wCAAwC,MAAM,EAAE;AAC9D,UAAO;EACP;CACD;CAED,MAAM,MAAMA,OAAeC,OAAyC;EACnE,MAAM,WAAW,iBAAiB,KAAK,eAAe,MAAM;EAC5D,MAAM,MAAM,oBAAK,KAAK,eAAe,OAAO;AAG5C,QAAM,4BAAM,KAAK,EAAE,WAAW,KAAM,EAAC;AAGrC,QAAM,iBAAiB,qBAAI,QAAO,aAAa;AAE/C,QAAM,gCAAU,UAAU,KAAK,UAAU,OAAO,MAAM,EAAE,CAAC;CACzD;AACD"}

package/dist/LocalStateProvider-DxoSaWUV.mjs

@@ -0,0 +1,42 @@
+import { join } from "node:path";
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+
+//#region src/deploy/LocalStateProvider.ts
+/**
+* Get the state file path for a stage.
+*/
+function getStateFilePath(workspaceRoot, stage) {
+	return join(workspaceRoot, ".gkm", `deploy-${stage}.json`);
+}
+/**
+* Local filesystem state provider.
+*
+* Stores state in .gkm/deploy-{stage}.json files in the workspace root.
+*/
+var LocalStateProvider = class {
+	constructor(workspaceRoot) {
+		this.workspaceRoot = workspaceRoot;
+	}
+	async read(stage) {
+		const filePath = getStateFilePath(this.workspaceRoot, stage);
+		try {
+			const content = await readFile(filePath, "utf-8");
+			return JSON.parse(content);
+		} catch (error) {
+			if (error.code === "ENOENT") return null;
+			console.warn(`Warning: Could not read deploy state: ${error}`);
+			return null;
+		}
+	}
+	async write(stage, state) {
+		const filePath = getStateFilePath(this.workspaceRoot, stage);
+		const dir = join(this.workspaceRoot, ".gkm");
+		await mkdir(dir, { recursive: true });
+		state.lastDeployedAt = (/* @__PURE__ */ new Date()).toISOString();
+		await writeFile(filePath, JSON.stringify(state, null, 2));
+	}
+};
+
+//#endregion
+export { LocalStateProvider };
+//# sourceMappingURL=LocalStateProvider-DxoSaWUV.mjs.map

package/dist/LocalStateProvider-DxoSaWUV.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"LocalStateProvider-DxoSaWUV.mjs","names":["workspaceRoot: string","stage: string","state: DokployStageState"],"sources":["../src/deploy/LocalStateProvider.ts"],"sourcesContent":["/**\n * Local Filesystem State Provider\n *\n * Stores deployment state in .gkm/deploy-{stage}.json files.\n * This is the default provider for local development.\n */\n\nimport { mkdir, readFile, writeFile } from 'node:fs/promises';\nimport { join } from 'node:path';\nimport type { StateProvider } from './StateProvider';\nimport type { DokployStageState } from './state';\n\n/**\n * Get the state file path for a stage.\n */\nfunction getStateFilePath(workspaceRoot: string, stage: string): string {\n\treturn join(workspaceRoot, '.gkm', `deploy-${stage}.json`);\n}\n\n/**\n * Local filesystem state provider.\n *\n * Stores state in .gkm/deploy-{stage}.json files in the workspace root.\n */\nexport class LocalStateProvider implements StateProvider {\n\tconstructor(private readonly workspaceRoot: string) {}\n\n\tasync read(stage: string): Promise<DokployStageState | null> {\n\t\tconst filePath = getStateFilePath(this.workspaceRoot, stage);\n\n\t\ttry {\n\t\t\tconst content = await readFile(filePath, 'utf-8');\n\t\t\treturn JSON.parse(content) as DokployStageState;\n\t\t} catch (error) {\n\t\t\t// File doesn't exist - return null\n\t\t\tif ((error as NodeJS.ErrnoException).code === 'ENOENT') {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\t// Log other errors but don't fail\n\t\t\tconsole.warn(`Warning: Could not read deploy state: ${error}`);\n\t\t\treturn null;\n\t\t}\n\t}\n\n\tasync write(stage: string, state: DokployStageState): Promise<void> {\n\t\tconst filePath = getStateFilePath(this.workspaceRoot, stage);\n\t\tconst dir = join(this.workspaceRoot, '.gkm');\n\n\t\t// Ensure .gkm directory exists\n\t\tawait mkdir(dir, { recursive: true });\n\n\t\t// Update last deployed timestamp\n\t\tstate.lastDeployedAt = new Date().toISOString();\n\n\t\tawait writeFile(filePath, JSON.stringify(state, null, 2));\n\t}\n}\n"],"mappings":";;;;;;;AAeA,SAAS,iBAAiBA,eAAuBC,OAAuB;AACvE,QAAO,KAAK,eAAe,SAAS,SAAS,MAAM,OAAO;AAC1D;;;;;;AAOD,IAAa,qBAAb,MAAyD;CACxD,YAA6BD,eAAuB;EAAvB;CAAyB;CAEtD,MAAM,KAAKC,OAAkD;EAC5D,MAAM,WAAW,iBAAiB,KAAK,eAAe,MAAM;AAE5D,MAAI;GACH,MAAM,UAAU,MAAM,SAAS,UAAU,QAAQ;AACjD,UAAO,KAAK,MAAM,QAAQ;EAC1B,SAAQ,OAAO;AAEf,OAAK,MAAgC,SAAS,SAC7C,QAAO;AAGR,WAAQ,MAAM,wCAAwC,MAAM,EAAE;AAC9D,UAAO;EACP;CACD;CAED,MAAM,MAAMA,OAAeC,OAAyC;EACnE,MAAM,WAAW,iBAAiB,KAAK,eAAe,MAAM;EAC5D,MAAM,MAAM,KAAK,KAAK,eAAe,OAAO;AAG5C,QAAM,MAAM,KAAK,EAAE,WAAW,KAAM,EAAC;AAGrC,QAAM,iBAAiB,qBAAI,QAAO,aAAa;AAE/C,QAAM,UAAU,UAAU,KAAK,UAAU,OAAO,MAAM,EAAE,CAAC;CACzD;AACD"}

package/dist/Route53Provider-CpRIqu69.cjs

@@ -0,0 +1,157 @@
+const require_chunk = require('./chunk-CUT6urMc.cjs');
+const __aws_sdk_client_route_53 = require_chunk.__toESM(require("@aws-sdk/client-route-53"));
+const __aws_sdk_credential_providers = require_chunk.__toESM(require("@aws-sdk/credential-providers"));
+
+//#region src/deploy/dns/Route53Provider.ts
+/**
+* Route53 DNS provider implementation.
+*
+* Uses AWS default credential chain for authentication.
+* Region can be specified or will use AWS_REGION/AWS_DEFAULT_REGION env vars.
+* Profile can be specified to use a named profile from ~/.aws/credentials.
+*/
+var Route53Provider = class {
+	name = "route53";
+	client;
+	hostedZoneId;
+	hostedZoneCache = /* @__PURE__ */ new Map();
+	constructor(options = {}) {
+		this.client = new __aws_sdk_client_route_53.Route53Client({
+			...options.region && { region: options.region },
+			...options.endpoint && { endpoint: options.endpoint },
+			...options.profile && { credentials: (0, __aws_sdk_credential_providers.fromIni)({ profile: options.profile }) }
+		});
+		this.hostedZoneId = options.hostedZoneId;
+	}
+	/**
+	* Get the hosted zone ID for a domain.
+	* Uses cache to avoid repeated API calls.
+	*/
+	async getHostedZoneId(domain) {
+		if (this.hostedZoneId) return this.hostedZoneId;
+		if (this.hostedZoneCache.has(domain)) return this.hostedZoneCache.get(domain);
+		const command = new __aws_sdk_client_route_53.ListHostedZonesByNameCommand({
+			DNSName: domain,
+			MaxItems: 1
+		});
+		const response = await this.client.send(command);
+		const zones = response.HostedZones ?? [];
+		const normalizedDomain = domain.endsWith(".") ? domain : `${domain}.`;
+		const zone = zones.find((z) => z.Name === normalizedDomain);
+		if (!zone?.Id) throw new Error(`No hosted zone found for domain: ${domain}. Create one in Route53 or provide hostedZoneId in config.`);
+		const zoneId = zone.Id.replace("/hostedzone/", "");
+		this.hostedZoneCache.set(domain, zoneId);
+		return zoneId;
+	}
+	/**
+	* Convert Route53 record type to our DnsRecordType.
+	* Excludes NS and SOA which are auto-managed by Route53 for the zone.
+	*/
+	toRecordType(type) {
+		const managedTypes = ["NS", "SOA"];
+		if (managedTypes.includes(type)) return null;
+		const validTypes = [
+			"A",
+			"AAAA",
+			"CNAME",
+			"MX",
+			"TXT",
+			"SRV",
+			"CAA"
+		];
+		return validTypes.includes(type) ? type : null;
+	}
+	/**
+	* Extract subdomain from full record name relative to domain.
+	*/
+	extractSubdomain(recordName, domain) {
+		const normalizedDomain = domain.endsWith(".") ? domain : `${domain}.`;
+		const normalizedName = recordName.endsWith(".") ? recordName : `${recordName}.`;
+		if (normalizedName === normalizedDomain) return "@";
+		const subdomain = normalizedName.replace(`.${normalizedDomain}`, "");
+		return subdomain.replace(/\.$/, "");
+	}
+	async getRecords(domain) {
+		const zoneId = await this.getHostedZoneId(domain);
+		const records = [];
+		let nextRecordName;
+		let nextRecordType;
+		do {
+			const command = new __aws_sdk_client_route_53.ListResourceRecordSetsCommand({
+				HostedZoneId: zoneId,
+				StartRecordName: nextRecordName,
+				StartRecordType: nextRecordType,
+				MaxItems: 100
+			});
+			const response = await this.client.send(command);
+			for (const recordSet of response.ResourceRecordSets ?? []) {
+				const type = this.toRecordType(recordSet.Type ?? "");
+				if (!type || !recordSet.Name) continue;
+				const values = (recordSet.ResourceRecords ?? []).map((r) => r.Value).filter((v) => !!v);
+				records.push({
+					name: this.extractSubdomain(recordSet.Name, domain),
+					type,
+					ttl: recordSet.TTL ?? 300,
+					values
+				});
+			}
+			if (response.IsTruncated) {
+				nextRecordName = response.NextRecordName;
+				nextRecordType = response.NextRecordType;
+			} else nextRecordName = void 0;
+		} while (nextRecordName);
+		return records;
+	}
+	async upsertRecords(domain, records) {
+		const zoneId = await this.getHostedZoneId(domain);
+		const results = [];
+		const existingRecords = await this.getRecords(domain);
+		const batchSize = 100;
+		for (let i = 0; i < records.length; i += batchSize) {
+			const batch = records.slice(i, i + batchSize);
+			const changes = [];
+			for (const record of batch) {
+				const existing = existingRecords.find((r) => r.name === record.name && r.type === record.type);
+				const existingValue = existing?.values?.[0];
+				if (existing && existingValue === record.value) {
+					results.push({
+						record,
+						created: false,
+						unchanged: true
+					});
+					continue;
+				}
+				const recordName = record.name === "@" ? domain : `${record.name}.${domain}`;
+				changes.push({
+					Action: "UPSERT",
+					ResourceRecordSet: {
+						Name: recordName,
+						Type: record.type,
+						TTL: record.ttl,
+						ResourceRecords: [{ Value: record.value }]
+					}
+				});
+				results.push({
+					record,
+					created: !existing,
+					unchanged: false
+				});
+			}
+			if (changes.length > 0) {
+				const command = new __aws_sdk_client_route_53.ChangeResourceRecordSetsCommand({
+					HostedZoneId: zoneId,
+					ChangeBatch: {
+						Comment: "Upsert by gkm deploy",
+						Changes: changes
+					}
+				});
+				await this.client.send(command);
+			}
+		}
+		return results;
+	}
+};
+
+//#endregion
+exports.Route53Provider = Route53Provider;
+//# sourceMappingURL=Route53Provider-CpRIqu69.cjs.map

package/dist/Route53Provider-CpRIqu69.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"Route53Provider-CpRIqu69.cjs","names":["options: Route53ProviderOptions","Route53Client","domain: string","ListHostedZonesByNameCommand","type: string","validTypes: DnsRecordType[]","recordName: string","records: DnsRecord[]","nextRecordName: string | undefined","nextRecordType: RRType | undefined","ListResourceRecordSetsCommand","records: UpsertDnsRecord[]","results: UpsertResult[]","ChangeResourceRecordSetsCommand"],"sources":["../src/deploy/dns/Route53Provider.ts"],"sourcesContent":["/**\n * Route53 DNS Provider\n *\n * Implements DnsProvider interface using AWS Route53.\n */\n\nimport {\n\tChangeResourceRecordSetsCommand,\n\tListHostedZonesByNameCommand,\n\tListResourceRecordSetsCommand,\n\tRoute53Client,\n\ttype RRType,\n} from '@aws-sdk/client-route-53';\nimport { fromIni } from '@aws-sdk/credential-providers';\nimport type {\n\tDnsProvider,\n\tDnsRecord,\n\tDnsRecordType,\n\tUpsertDnsRecord,\n\tUpsertResult,\n} from './DnsProvider';\n\nexport interface Route53ProviderOptions {\n\t/** AWS region (optional - uses AWS_REGION env var if not provided) */\n\tregion?: string;\n\t/** AWS profile name (optional - uses default credential chain if not provided) */\n\tprofile?: string;\n\t/** Hosted zone ID (optional - auto-detected from domain if not provided) */\n\thostedZoneId?: string;\n\t/** Custom endpoint for testing with localstack */\n\tendpoint?: string;\n}\n\n/**\n * Route53 DNS provider implementation.\n *\n * Uses AWS default credential chain for authentication.\n * Region can be specified or will use AWS_REGION/AWS_DEFAULT_REGION env vars.\n * Profile can be specified to use a named profile from ~/.aws/credentials.\n */\nexport class Route53Provider implements DnsProvider {\n\treadonly name = 'route53';\n\tprivate client: Route53Client;\n\tprivate hostedZoneId?: string;\n\tprivate hostedZoneCache: Map<string, string> = new Map();\n\n\tconstructor(options: Route53ProviderOptions = {}) {\n\t\tthis.client = new Route53Client({\n\t\t\t...(options.region && { region: options.region }),\n\t\t\t...(options.endpoint && { endpoint: options.endpoint }),\n\t\t\t...(options.profile && {\n\t\t\t\tcredentials: fromIni({ profile: options.profile }),\n\t\t\t}),\n\t\t});\n\t\tthis.hostedZoneId = options.hostedZoneId;\n\t}\n\n\t/**\n\t * Get the hosted zone ID for a domain.\n\t * Uses cache to avoid repeated API calls.\n\t */\n\tprivate async getHostedZoneId(domain: string): Promise<string> {\n\t\t// Use configured zone ID if provided\n\t\tif (this.hostedZoneId) {\n\t\t\treturn this.hostedZoneId;\n\t\t}\n\n\t\t// Check cache\n\t\tif (this.hostedZoneCache.has(domain)) {\n\t\t\treturn this.hostedZoneCache.get(domain)!;\n\t\t}\n\n\t\t// Auto-detect from domain\n\t\tconst command = new ListHostedZonesByNameCommand({\n\t\t\tDNSName: domain,\n\t\t\tMaxItems: 1,\n\t\t});\n\n\t\tconst response = await this.client.send(command);\n\t\tconst zones = response.HostedZones ?? [];\n\n\t\t// Find exact match (domain with trailing dot)\n\t\tconst normalizedDomain = domain.endsWith('.') ? domain : `${domain}.`;\n\t\tconst zone = zones.find((z) => z.Name === normalizedDomain);\n\n\t\tif (!zone?.Id) {\n\t\t\tthrow new Error(\n\t\t\t\t`No hosted zone found for domain: ${domain}. Create one in Route53 or provide hostedZoneId in config.`,\n\t\t\t);\n\t\t}\n\n\t\t// Zone ID comes as \"/hostedzone/Z1234567890\" - extract just the ID\n\t\tconst zoneId = zone.Id.replace('/hostedzone/', '');\n\t\tthis.hostedZoneCache.set(domain, zoneId);\n\t\treturn zoneId;\n\t}\n\n\t/**\n\t * Convert Route53 record type to our DnsRecordType.\n\t * Excludes NS and SOA which are auto-managed by Route53 for the zone.\n\t */\n\tprivate toRecordType(type: string): DnsRecordType | null {\n\t\t// Exclude NS and SOA which are auto-managed zone records\n\t\tconst managedTypes = ['NS', 'SOA'];\n\t\tif (managedTypes.includes(type)) {\n\t\t\treturn null;\n\t\t}\n\n\t\tconst validTypes: DnsRecordType[] = [\n\t\t\t'A',\n\t\t\t'AAAA',\n\t\t\t'CNAME',\n\t\t\t'MX',\n\t\t\t'TXT',\n\t\t\t'SRV',\n\t\t\t'CAA',\n\t\t];\n\t\treturn validTypes.includes(type as DnsRecordType)\n\t\t\t? (type as DnsRecordType)\n\t\t\t: null;\n\t}\n\n\t/**\n\t * Extract subdomain from full record name relative to domain.\n\t */\n\tprivate extractSubdomain(recordName: string, domain: string): string {\n\t\tconst normalizedDomain = domain.endsWith('.') ? domain : `${domain}.`;\n\t\tconst normalizedName = recordName.endsWith('.')\n\t\t\t? recordName\n\t\t\t: `${recordName}.`;\n\n\t\tif (normalizedName === normalizedDomain) {\n\t\t\treturn '@';\n\t\t}\n\n\t\t// Remove the domain suffix\n\t\tconst subdomain = normalizedName.replace(`.${normalizedDomain}`, '');\n\t\treturn subdomain.replace(/\\.$/, ''); // Remove trailing dot if any\n\t}\n\n\tasync getRecords(domain: string): Promise<DnsRecord[]> {\n\t\tconst zoneId = await this.getHostedZoneId(domain);\n\t\tconst records: DnsRecord[] = [];\n\n\t\tlet nextRecordName: string | undefined;\n\t\tlet nextRecordType: RRType | undefined;\n\n\t\t// Paginate through all records\n\t\tdo {\n\t\t\tconst command = new ListResourceRecordSetsCommand({\n\t\t\t\tHostedZoneId: zoneId,\n\t\t\t\tStartRecordName: nextRecordName,\n\t\t\t\tStartRecordType: nextRecordType,\n\t\t\t\tMaxItems: 100,\n\t\t\t});\n\n\t\t\tconst response = await this.client.send(command);\n\n\t\t\tfor (const recordSet of response.ResourceRecordSets ?? []) {\n\t\t\t\tconst type = this.toRecordType(recordSet.Type ?? '');\n\t\t\t\tif (!type || !recordSet.Name) continue;\n\n\t\t\t\tconst values = (recordSet.ResourceRecords ?? [])\n\t\t\t\t\t.map((r) => r.Value)\n\t\t\t\t\t.filter((v): v is string => !!v);\n\n\t\t\t\trecords.push({\n\t\t\t\t\tname: this.extractSubdomain(recordSet.Name, domain),\n\t\t\t\t\ttype,\n\t\t\t\t\tttl: recordSet.TTL ?? 300,\n\t\t\t\t\tvalues,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tif (response.IsTruncated) {\n\t\t\t\tnextRecordName = response.NextRecordName;\n\t\t\t\tnextRecordType = response.NextRecordType;\n\t\t\t} else {\n\t\t\t\tnextRecordName = undefined;\n\t\t\t}\n\t\t} while (nextRecordName);\n\n\t\treturn records;\n\t}\n\n\tasync upsertRecords(\n\t\tdomain: string,\n\t\trecords: UpsertDnsRecord[],\n\t): Promise<UpsertResult[]> {\n\t\tconst zoneId = await this.getHostedZoneId(domain);\n\t\tconst results: UpsertResult[] = [];\n\n\t\t// Get existing records to determine if creating or updating\n\t\tconst existingRecords = await this.getRecords(domain);\n\n\t\t// Process records in batches (Route53 allows max 1000 changes per request)\n\t\tconst batchSize = 100;\n\t\tfor (let i = 0; i < records.length; i += batchSize) {\n\t\t\tconst batch = records.slice(i, i + batchSize);\n\t\t\tconst changes = [];\n\n\t\t\tfor (const record of batch) {\n\t\t\t\tconst existing = existingRecords.find(\n\t\t\t\t\t(r) => r.name === record.name && r.type === record.type,\n\t\t\t\t);\n\n\t\t\t\tconst existingValue = existing?.values?.[0];\n\n\t\t\t\tif (existing && existingValue === record.value) {\n\t\t\t\t\t// Record exists with same value - unchanged\n\t\t\t\t\tresults.push({\n\t\t\t\t\t\trecord,\n\t\t\t\t\t\tcreated: false,\n\t\t\t\t\t\tunchanged: true,\n\t\t\t\t\t});\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\n\t\t\t\t// Build full record name\n\t\t\t\tconst recordName =\n\t\t\t\t\trecord.name === '@' ? domain : `${record.name}.${domain}`;\n\n\t\t\t\tchanges.push({\n\t\t\t\t\tAction: 'UPSERT' as const,\n\t\t\t\t\tResourceRecordSet: {\n\t\t\t\t\t\tName: recordName,\n\t\t\t\t\t\tType: record.type,\n\t\t\t\t\t\tTTL: record.ttl,\n\t\t\t\t\t\tResourceRecords: [{ Value: record.value }],\n\t\t\t\t\t},\n\t\t\t\t});\n\n\t\t\t\tresults.push({\n\t\t\t\t\trecord,\n\t\t\t\t\tcreated: !existing,\n\t\t\t\t\tunchanged: false,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\t// Execute batch if there are changes\n\t\t\tif (changes.length > 0) {\n\t\t\t\tconst command = new ChangeResourceRecordSetsCommand({\n\t\t\t\t\tHostedZoneId: zoneId,\n\t\t\t\t\tChangeBatch: {\n\t\t\t\t\t\tComment: 'Upsert by gkm deploy',\n\t\t\t\t\t\tChanges: changes,\n\t\t\t\t\t},\n\t\t\t\t});\n\n\t\t\t\tawait this.client.send(command);\n\t\t\t}\n\t\t}\n\n\t\treturn results;\n\t}\n}\n"],"mappings":";;;;;;;;;;;;AAwCA,IAAa,kBAAb,MAAoD;CACnD,AAAS,OAAO;CAChB,AAAQ;CACR,AAAQ;CACR,AAAQ,kCAAuC,IAAI;CAEnD,YAAYA,UAAkC,CAAE,GAAE;AACjD,OAAK,SAAS,IAAIC,wCAAc;GAC/B,GAAI,QAAQ,UAAU,EAAE,QAAQ,QAAQ,OAAQ;GAChD,GAAI,QAAQ,YAAY,EAAE,UAAU,QAAQ,SAAU;GACtD,GAAI,QAAQ,WAAW,EACtB,aAAa,4CAAQ,EAAE,SAAS,QAAQ,QAAS,EAAC,CAClD;EACD;AACD,OAAK,eAAe,QAAQ;CAC5B;;;;;CAMD,MAAc,gBAAgBC,QAAiC;AAE9D,MAAI,KAAK,aACR,QAAO,KAAK;AAIb,MAAI,KAAK,gBAAgB,IAAI,OAAO,CACnC,QAAO,KAAK,gBAAgB,IAAI,OAAO;EAIxC,MAAM,UAAU,IAAIC,uDAA6B;GAChD,SAAS;GACT,UAAU;EACV;EAED,MAAM,WAAW,MAAM,KAAK,OAAO,KAAK,QAAQ;EAChD,MAAM,QAAQ,SAAS,eAAe,CAAE;EAGxC,MAAM,mBAAmB,OAAO,SAAS,IAAI,GAAG,UAAU,EAAE,OAAO;EACnE,MAAM,OAAO,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,iBAAiB;AAE3D,OAAK,MAAM,GACV,OAAM,IAAI,OACR,mCAAmC,OAAO;EAK7C,MAAM,SAAS,KAAK,GAAG,QAAQ,gBAAgB,GAAG;AAClD,OAAK,gBAAgB,IAAI,QAAQ,OAAO;AACxC,SAAO;CACP;;;;;CAMD,AAAQ,aAAaC,MAAoC;EAExD,MAAM,eAAe,CAAC,MAAM,KAAM;AAClC,MAAI,aAAa,SAAS,KAAK,CAC9B,QAAO;EAGR,MAAMC,aAA8B;GACnC;GACA;GACA;GACA;GACA;GACA;GACA;EACA;AACD,SAAO,WAAW,SAAS,KAAsB,GAC7C,OACD;CACH;;;;CAKD,AAAQ,iBAAiBC,YAAoBJ,QAAwB;EACpE,MAAM,mBAAmB,OAAO,SAAS,IAAI,GAAG,UAAU,EAAE,OAAO;EACnE,MAAM,iBAAiB,WAAW,SAAS,IAAI,GAC5C,cACC,EAAE,WAAW;AAEjB,MAAI,mBAAmB,iBACtB,QAAO;EAIR,MAAM,YAAY,eAAe,SAAS,GAAG,iBAAiB,GAAG,GAAG;AACpE,SAAO,UAAU,QAAQ,OAAO,GAAG;CACnC;CAED,MAAM,WAAWA,QAAsC;EACtD,MAAM,SAAS,MAAM,KAAK,gBAAgB,OAAO;EACjD,MAAMK,UAAuB,CAAE;EAE/B,IAAIC;EACJ,IAAIC;AAGJ,KAAG;GACF,MAAM,UAAU,IAAIC,wDAA8B;IACjD,cAAc;IACd,iBAAiB;IACjB,iBAAiB;IACjB,UAAU;GACV;GAED,MAAM,WAAW,MAAM,KAAK,OAAO,KAAK,QAAQ;AAEhD,QAAK,MAAM,aAAa,SAAS,sBAAsB,CAAE,GAAE;IAC1D,MAAM,OAAO,KAAK,aAAa,UAAU,QAAQ,GAAG;AACpD,SAAK,SAAS,UAAU,KAAM;IAE9B,MAAM,SAAS,CAAC,UAAU,mBAAmB,CAAE,GAC7C,IAAI,CAAC,MAAM,EAAE,MAAM,CACnB,OAAO,CAAC,QAAqB,EAAE;AAEjC,YAAQ,KAAK;KACZ,MAAM,KAAK,iBAAiB,UAAU,MAAM,OAAO;KACnD;KACA,KAAK,UAAU,OAAO;KACtB;IACA,EAAC;GACF;AAED,OAAI,SAAS,aAAa;AACzB,qBAAiB,SAAS;AAC1B,qBAAiB,SAAS;GAC1B,MACA;EAED,SAAQ;AAET,SAAO;CACP;CAED,MAAM,cACLR,QACAS,SAC0B;EAC1B,MAAM,SAAS,MAAM,KAAK,gBAAgB,OAAO;EACjD,MAAMC,UAA0B,CAAE;EAGlC,MAAM,kBAAkB,MAAM,KAAK,WAAW,OAAO;EAGrD,MAAM,YAAY;AAClB,OAAK,IAAI,IAAI,GAAG,IAAI,QAAQ,QAAQ,KAAK,WAAW;GACnD,MAAM,QAAQ,QAAQ,MAAM,GAAG,IAAI,UAAU;GAC7C,MAAM,UAAU,CAAE;AAElB,QAAK,MAAM,UAAU,OAAO;IAC3B,MAAM,WAAW,gBAAgB,KAChC,CAAC,MAAM,EAAE,SAAS,OAAO,QAAQ,EAAE,SAAS,OAAO,KACnD;IAED,MAAM,gBAAgB,UAAU,SAAS;AAEzC,QAAI,YAAY,kBAAkB,OAAO,OAAO;AAE/C,aAAQ,KAAK;MACZ;MACA,SAAS;MACT,WAAW;KACX,EAAC;AACF;IACA;IAGD,MAAM,aACL,OAAO,SAAS,MAAM,UAAU,EAAE,OAAO,KAAK,GAAG,OAAO;AAEzD,YAAQ,KAAK;KACZ,QAAQ;KACR,mBAAmB;MAClB,MAAM;MACN,MAAM,OAAO;MACb,KAAK,OAAO;MACZ,iBAAiB,CAAC,EAAE,OAAO,OAAO,MAAO,CAAC;KAC1C;IACD,EAAC;AAEF,YAAQ,KAAK;KACZ;KACA,UAAU;KACV,WAAW;IACX,EAAC;GACF;AAGD,OAAI,QAAQ,SAAS,GAAG;IACvB,MAAM,UAAU,IAAIC,0DAAgC;KACnD,cAAc;KACd,aAAa;MACZ,SAAS;MACT,SAAS;KACT;IACD;AAED,UAAM,KAAK,OAAO,KAAK,QAAQ;GAC/B;EACD;AAED,SAAO;CACP;AACD"}

package/dist/Route53Provider-KUAX3vz9.mjs

@@ -0,0 +1,156 @@
+import { ChangeResourceRecordSetsCommand, ListHostedZonesByNameCommand, ListResourceRecordSetsCommand, Route53Client } from "@aws-sdk/client-route-53";
+import { fromIni } from "@aws-sdk/credential-providers";
+
+//#region src/deploy/dns/Route53Provider.ts
+/**
+* Route53 DNS provider implementation.
+*
+* Uses AWS default credential chain for authentication.
+* Region can be specified or will use AWS_REGION/AWS_DEFAULT_REGION env vars.
+* Profile can be specified to use a named profile from ~/.aws/credentials.
+*/
+var Route53Provider = class {
+	name = "route53";
+	client;
+	hostedZoneId;
+	hostedZoneCache = /* @__PURE__ */ new Map();
+	constructor(options = {}) {
+		this.client = new Route53Client({
+			...options.region && { region: options.region },
+			...options.endpoint && { endpoint: options.endpoint },
+			...options.profile && { credentials: fromIni({ profile: options.profile }) }
+		});
+		this.hostedZoneId = options.hostedZoneId;
+	}
+	/**
+	* Get the hosted zone ID for a domain.
+	* Uses cache to avoid repeated API calls.
+	*/
+	async getHostedZoneId(domain) {
+		if (this.hostedZoneId) return this.hostedZoneId;
+		if (this.hostedZoneCache.has(domain)) return this.hostedZoneCache.get(domain);
+		const command = new ListHostedZonesByNameCommand({
+			DNSName: domain,
+			MaxItems: 1
+		});
+		const response = await this.client.send(command);
+		const zones = response.HostedZones ?? [];
+		const normalizedDomain = domain.endsWith(".") ? domain : `${domain}.`;
+		const zone = zones.find((z) => z.Name === normalizedDomain);
+		if (!zone?.Id) throw new Error(`No hosted zone found for domain: ${domain}. Create one in Route53 or provide hostedZoneId in config.`);
+		const zoneId = zone.Id.replace("/hostedzone/", "");
+		this.hostedZoneCache.set(domain, zoneId);
+		return zoneId;
+	}
+	/**
+	* Convert Route53 record type to our DnsRecordType.
+	* Excludes NS and SOA which are auto-managed by Route53 for the zone.
+	*/
+	toRecordType(type) {
+		const managedTypes = ["NS", "SOA"];
+		if (managedTypes.includes(type)) return null;
+		const validTypes = [
+			"A",
+			"AAAA",
+			"CNAME",
+			"MX",
+			"TXT",
+			"SRV",
+			"CAA"
+		];
+		return validTypes.includes(type) ? type : null;
+	}
+	/**
+	* Extract subdomain from full record name relative to domain.
+	*/
+	extractSubdomain(recordName, domain) {
+		const normalizedDomain = domain.endsWith(".") ? domain : `${domain}.`;
+		const normalizedName = recordName.endsWith(".") ? recordName : `${recordName}.`;
+		if (normalizedName === normalizedDomain) return "@";
+		const subdomain = normalizedName.replace(`.${normalizedDomain}`, "");
+		return subdomain.replace(/\.$/, "");
+	}
+	async getRecords(domain) {
+		const zoneId = await this.getHostedZoneId(domain);
+		const records = [];
+		let nextRecordName;
+		let nextRecordType;
+		do {
+			const command = new ListResourceRecordSetsCommand({
+				HostedZoneId: zoneId,
+				StartRecordName: nextRecordName,
+				StartRecordType: nextRecordType,
+				MaxItems: 100
+			});
+			const response = await this.client.send(command);
+			for (const recordSet of response.ResourceRecordSets ?? []) {
+				const type = this.toRecordType(recordSet.Type ?? "");
+				if (!type || !recordSet.Name) continue;
+				const values = (recordSet.ResourceRecords ?? []).map((r) => r.Value).filter((v) => !!v);
+				records.push({
+					name: this.extractSubdomain(recordSet.Name, domain),
+					type,
+					ttl: recordSet.TTL ?? 300,
+					values
+				});
+			}
+			if (response.IsTruncated) {
+				nextRecordName = response.NextRecordName;
+				nextRecordType = response.NextRecordType;
+			} else nextRecordName = void 0;
+		} while (nextRecordName);
+		return records;
+	}
+	async upsertRecords(domain, records) {
+		const zoneId = await this.getHostedZoneId(domain);
+		const results = [];
+		const existingRecords = await this.getRecords(domain);
+		const batchSize = 100;
+		for (let i = 0; i < records.length; i += batchSize) {
+			const batch = records.slice(i, i + batchSize);
+			const changes = [];
+			for (const record of batch) {
+				const existing = existingRecords.find((r) => r.name === record.name && r.type === record.type);
+				const existingValue = existing?.values?.[0];
+				if (existing && existingValue === record.value) {
+					results.push({
+						record,
+						created: false,
+						unchanged: true
+					});
+					continue;
+				}
+				const recordName = record.name === "@" ? domain : `${record.name}.${domain}`;
+				changes.push({
+					Action: "UPSERT",
+					ResourceRecordSet: {
+						Name: recordName,
+						Type: record.type,
+						TTL: record.ttl,
+						ResourceRecords: [{ Value: record.value }]
+					}
+				});
+				results.push({
+					record,
+					created: !existing,
+					unchanged: false
+				});
+			}
+			if (changes.length > 0) {
+				const command = new ChangeResourceRecordSetsCommand({
+					HostedZoneId: zoneId,
+					ChangeBatch: {
+						Comment: "Upsert by gkm deploy",
+						Changes: changes
+					}
+				});
+				await this.client.send(command);
+			}
+		}
+		return results;
+	}
+};
+
+//#endregion
+export { Route53Provider };
+//# sourceMappingURL=Route53Provider-KUAX3vz9.mjs.map

package/dist/Route53Provider-KUAX3vz9.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"Route53Provider-KUAX3vz9.mjs","names":["options: Route53ProviderOptions","domain: string","type: string","validTypes: DnsRecordType[]","recordName: string","records: DnsRecord[]","nextRecordName: string | undefined","nextRecordType: RRType | undefined","records: UpsertDnsRecord[]","results: UpsertResult[]"],"sources":["../src/deploy/dns/Route53Provider.ts"],"sourcesContent":["/**\n * Route53 DNS Provider\n *\n * Implements DnsProvider interface using AWS Route53.\n */\n\nimport {\n\tChangeResourceRecordSetsCommand,\n\tListHostedZonesByNameCommand,\n\tListResourceRecordSetsCommand,\n\tRoute53Client,\n\ttype RRType,\n} from '@aws-sdk/client-route-53';\nimport { fromIni } from '@aws-sdk/credential-providers';\nimport type {\n\tDnsProvider,\n\tDnsRecord,\n\tDnsRecordType,\n\tUpsertDnsRecord,\n\tUpsertResult,\n} from './DnsProvider';\n\nexport interface Route53ProviderOptions {\n\t/** AWS region (optional - uses AWS_REGION env var if not provided) */\n\tregion?: string;\n\t/** AWS profile name (optional - uses default credential chain if not provided) */\n\tprofile?: string;\n\t/** Hosted zone ID (optional - auto-detected from domain if not provided) */\n\thostedZoneId?: string;\n\t/** Custom endpoint for testing with localstack */\n\tendpoint?: string;\n}\n\n/**\n * Route53 DNS provider implementation.\n *\n * Uses AWS default credential chain for authentication.\n * Region can be specified or will use AWS_REGION/AWS_DEFAULT_REGION env vars.\n * Profile can be specified to use a named profile from ~/.aws/credentials.\n */\nexport class Route53Provider implements DnsProvider {\n\treadonly name = 'route53';\n\tprivate client: Route53Client;\n\tprivate hostedZoneId?: string;\n\tprivate hostedZoneCache: Map<string, string> = new Map();\n\n\tconstructor(options: Route53ProviderOptions = {}) {\n\t\tthis.client = new Route53Client({\n\t\t\t...(options.region && { region: options.region }),\n\t\t\t...(options.endpoint && { endpoint: options.endpoint }),\n\t\t\t...(options.profile && {\n\t\t\t\tcredentials: fromIni({ profile: options.profile }),\n\t\t\t}),\n\t\t});\n\t\tthis.hostedZoneId = options.hostedZoneId;\n\t}\n\n\t/**\n\t * Get the hosted zone ID for a domain.\n\t * Uses cache to avoid repeated API calls.\n\t */\n\tprivate async getHostedZoneId(domain: string): Promise<string> {\n\t\t// Use configured zone ID if provided\n\t\tif (this.hostedZoneId) {\n\t\t\treturn this.hostedZoneId;\n\t\t}\n\n\t\t// Check cache\n\t\tif (this.hostedZoneCache.has(domain)) {\n\t\t\treturn this.hostedZoneCache.get(domain)!;\n\t\t}\n\n\t\t// Auto-detect from domain\n\t\tconst command = new ListHostedZonesByNameCommand({\n\t\t\tDNSName: domain,\n\t\t\tMaxItems: 1,\n\t\t});\n\n\t\tconst response = await this.client.send(command);\n\t\tconst zones = response.HostedZones ?? [];\n\n\t\t// Find exact match (domain with trailing dot)\n\t\tconst normalizedDomain = domain.endsWith('.') ? domain : `${domain}.`;\n\t\tconst zone = zones.find((z) => z.Name === normalizedDomain);\n\n\t\tif (!zone?.Id) {\n\t\t\tthrow new Error(\n\t\t\t\t`No hosted zone found for domain: ${domain}. Create one in Route53 or provide hostedZoneId in config.`,\n\t\t\t);\n\t\t}\n\n\t\t// Zone ID comes as \"/hostedzone/Z1234567890\" - extract just the ID\n\t\tconst zoneId = zone.Id.replace('/hostedzone/', '');\n\t\tthis.hostedZoneCache.set(domain, zoneId);\n\t\treturn zoneId;\n\t}\n\n\t/**\n\t * Convert Route53 record type to our DnsRecordType.\n\t * Excludes NS and SOA which are auto-managed by Route53 for the zone.\n\t */\n\tprivate toRecordType(type: string): DnsRecordType | null {\n\t\t// Exclude NS and SOA which are auto-managed zone records\n\t\tconst managedTypes = ['NS', 'SOA'];\n\t\tif (managedTypes.includes(type)) {\n\t\t\treturn null;\n\t\t}\n\n\t\tconst validTypes: DnsRecordType[] = [\n\t\t\t'A',\n\t\t\t'AAAA',\n\t\t\t'CNAME',\n\t\t\t'MX',\n\t\t\t'TXT',\n\t\t\t'SRV',\n\t\t\t'CAA',\n\t\t];\n\t\treturn validTypes.includes(type as DnsRecordType)\n\t\t\t? (type as DnsRecordType)\n\t\t\t: null;\n\t}\n\n\t/**\n\t * Extract subdomain from full record name relative to domain.\n\t */\n\tprivate extractSubdomain(recordName: string, domain: string): string {\n\t\tconst normalizedDomain = domain.endsWith('.') ? domain : `${domain}.`;\n\t\tconst normalizedName = recordName.endsWith('.')\n\t\t\t? recordName\n\t\t\t: `${recordName}.`;\n\n\t\tif (normalizedName === normalizedDomain) {\n\t\t\treturn '@';\n\t\t}\n\n\t\t// Remove the domain suffix\n\t\tconst subdomain = normalizedName.replace(`.${normalizedDomain}`, '');\n\t\treturn subdomain.replace(/\\.$/, ''); // Remove trailing dot if any\n\t}\n\n\tasync getRecords(domain: string): Promise<DnsRecord[]> {\n\t\tconst zoneId = await this.getHostedZoneId(domain);\n\t\tconst records: DnsRecord[] = [];\n\n\t\tlet nextRecordName: string | undefined;\n\t\tlet nextRecordType: RRType | undefined;\n\n\t\t// Paginate through all records\n\t\tdo {\n\t\t\tconst command = new ListResourceRecordSetsCommand({\n\t\t\t\tHostedZoneId: zoneId,\n\t\t\t\tStartRecordName: nextRecordName,\n\t\t\t\tStartRecordType: nextRecordType,\n\t\t\t\tMaxItems: 100,\n\t\t\t});\n\n\t\t\tconst response = await this.client.send(command);\n\n\t\t\tfor (const recordSet of response.ResourceRecordSets ?? []) {\n\t\t\t\tconst type = this.toRecordType(recordSet.Type ?? '');\n\t\t\t\tif (!type || !recordSet.Name) continue;\n\n\t\t\t\tconst values = (recordSet.ResourceRecords ?? [])\n\t\t\t\t\t.map((r) => r.Value)\n\t\t\t\t\t.filter((v): v is string => !!v);\n\n\t\t\t\trecords.push({\n\t\t\t\t\tname: this.extractSubdomain(recordSet.Name, domain),\n\t\t\t\t\ttype,\n\t\t\t\t\tttl: recordSet.TTL ?? 300,\n\t\t\t\t\tvalues,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tif (response.IsTruncated) {\n\t\t\t\tnextRecordName = response.NextRecordName;\n\t\t\t\tnextRecordType = response.NextRecordType;\n\t\t\t} else {\n\t\t\t\tnextRecordName = undefined;\n\t\t\t}\n\t\t} while (nextRecordName);\n\n\t\treturn records;\n\t}\n\n\tasync upsertRecords(\n\t\tdomain: string,\n\t\trecords: UpsertDnsRecord[],\n\t): Promise<UpsertResult[]> {\n\t\tconst zoneId = await this.getHostedZoneId(domain);\n\t\tconst results: UpsertResult[] = [];\n\n\t\t// Get existing records to determine if creating or updating\n\t\tconst existingRecords = await this.getRecords(domain);\n\n\t\t// Process records in batches (Route53 allows max 1000 changes per request)\n\t\tconst batchSize = 100;\n\t\tfor (let i = 0; i < records.length; i += batchSize) {\n\t\t\tconst batch = records.slice(i, i + batchSize);\n\t\t\tconst changes = [];\n\n\t\t\tfor (const record of batch) {\n\t\t\t\tconst existing = existingRecords.find(\n\t\t\t\t\t(r) => r.name === record.name && r.type === record.type,\n\t\t\t\t);\n\n\t\t\t\tconst existingValue = existing?.values?.[0];\n\n\t\t\t\tif (existing && existingValue === record.value) {\n\t\t\t\t\t// Record exists with same value - unchanged\n\t\t\t\t\tresults.push({\n\t\t\t\t\t\trecord,\n\t\t\t\t\t\tcreated: false,\n\t\t\t\t\t\tunchanged: true,\n\t\t\t\t\t});\n\t\t\t\t\tcontinue;\n\t\t\t\t}\n\n\t\t\t\t// Build full record name\n\t\t\t\tconst recordName =\n\t\t\t\t\trecord.name === '@' ? domain : `${record.name}.${domain}`;\n\n\t\t\t\tchanges.push({\n\t\t\t\t\tAction: 'UPSERT' as const,\n\t\t\t\t\tResourceRecordSet: {\n\t\t\t\t\t\tName: recordName,\n\t\t\t\t\t\tType: record.type,\n\t\t\t\t\t\tTTL: record.ttl,\n\t\t\t\t\t\tResourceRecords: [{ Value: record.value }],\n\t\t\t\t\t},\n\t\t\t\t});\n\n\t\t\t\tresults.push({\n\t\t\t\t\trecord,\n\t\t\t\t\tcreated: !existing,\n\t\t\t\t\tunchanged: false,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\t// Execute batch if there are changes\n\t\t\tif (changes.length > 0) {\n\t\t\t\tconst command = new ChangeResourceRecordSetsCommand({\n\t\t\t\t\tHostedZoneId: zoneId,\n\t\t\t\t\tChangeBatch: {\n\t\t\t\t\t\tComment: 'Upsert by gkm deploy',\n\t\t\t\t\t\tChanges: changes,\n\t\t\t\t\t},\n\t\t\t\t});\n\n\t\t\t\tawait this.client.send(command);\n\t\t\t}\n\t\t}\n\n\t\treturn results;\n\t}\n}\n"],"mappings":";;;;;;;;;;;AAwCA,IAAa,kBAAb,MAAoD;CACnD,AAAS,OAAO;CAChB,AAAQ;CACR,AAAQ;CACR,AAAQ,kCAAuC,IAAI;CAEnD,YAAYA,UAAkC,CAAE,GAAE;AACjD,OAAK,SAAS,IAAI,cAAc;GAC/B,GAAI,QAAQ,UAAU,EAAE,QAAQ,QAAQ,OAAQ;GAChD,GAAI,QAAQ,YAAY,EAAE,UAAU,QAAQ,SAAU;GACtD,GAAI,QAAQ,WAAW,EACtB,aAAa,QAAQ,EAAE,SAAS,QAAQ,QAAS,EAAC,CAClD;EACD;AACD,OAAK,eAAe,QAAQ;CAC5B;;;;;CAMD,MAAc,gBAAgBC,QAAiC;AAE9D,MAAI,KAAK,aACR,QAAO,KAAK;AAIb,MAAI,KAAK,gBAAgB,IAAI,OAAO,CACnC,QAAO,KAAK,gBAAgB,IAAI,OAAO;EAIxC,MAAM,UAAU,IAAI,6BAA6B;GAChD,SAAS;GACT,UAAU;EACV;EAED,MAAM,WAAW,MAAM,KAAK,OAAO,KAAK,QAAQ;EAChD,MAAM,QAAQ,SAAS,eAAe,CAAE;EAGxC,MAAM,mBAAmB,OAAO,SAAS,IAAI,GAAG,UAAU,EAAE,OAAO;EACnE,MAAM,OAAO,MAAM,KAAK,CAAC,MAAM,EAAE,SAAS,iBAAiB;AAE3D,OAAK,MAAM,GACV,OAAM,IAAI,OACR,mCAAmC,OAAO;EAK7C,MAAM,SAAS,KAAK,GAAG,QAAQ,gBAAgB,GAAG;AAClD,OAAK,gBAAgB,IAAI,QAAQ,OAAO;AACxC,SAAO;CACP;;;;;CAMD,AAAQ,aAAaC,MAAoC;EAExD,MAAM,eAAe,CAAC,MAAM,KAAM;AAClC,MAAI,aAAa,SAAS,KAAK,CAC9B,QAAO;EAGR,MAAMC,aAA8B;GACnC;GACA;GACA;GACA;GACA;GACA;GACA;EACA;AACD,SAAO,WAAW,SAAS,KAAsB,GAC7C,OACD;CACH;;;;CAKD,AAAQ,iBAAiBC,YAAoBH,QAAwB;EACpE,MAAM,mBAAmB,OAAO,SAAS,IAAI,GAAG,UAAU,EAAE,OAAO;EACnE,MAAM,iBAAiB,WAAW,SAAS,IAAI,GAC5C,cACC,EAAE,WAAW;AAEjB,MAAI,mBAAmB,iBACtB,QAAO;EAIR,MAAM,YAAY,eAAe,SAAS,GAAG,iBAAiB,GAAG,GAAG;AACpE,SAAO,UAAU,QAAQ,OAAO,GAAG;CACnC;CAED,MAAM,WAAWA,QAAsC;EACtD,MAAM,SAAS,MAAM,KAAK,gBAAgB,OAAO;EACjD,MAAMI,UAAuB,CAAE;EAE/B,IAAIC;EACJ,IAAIC;AAGJ,KAAG;GACF,MAAM,UAAU,IAAI,8BAA8B;IACjD,cAAc;IACd,iBAAiB;IACjB,iBAAiB;IACjB,UAAU;GACV;GAED,MAAM,WAAW,MAAM,KAAK,OAAO,KAAK,QAAQ;AAEhD,QAAK,MAAM,aAAa,SAAS,sBAAsB,CAAE,GAAE;IAC1D,MAAM,OAAO,KAAK,aAAa,UAAU,QAAQ,GAAG;AACpD,SAAK,SAAS,UAAU,KAAM;IAE9B,MAAM,SAAS,CAAC,UAAU,mBAAmB,CAAE,GAC7C,IAAI,CAAC,MAAM,EAAE,MAAM,CACnB,OAAO,CAAC,QAAqB,EAAE;AAEjC,YAAQ,KAAK;KACZ,MAAM,KAAK,iBAAiB,UAAU,MAAM,OAAO;KACnD;KACA,KAAK,UAAU,OAAO;KACtB;IACA,EAAC;GACF;AAED,OAAI,SAAS,aAAa;AACzB,qBAAiB,SAAS;AAC1B,qBAAiB,SAAS;GAC1B,MACA;EAED,SAAQ;AAET,SAAO;CACP;CAED,MAAM,cACLN,QACAO,SAC0B;EAC1B,MAAM,SAAS,MAAM,KAAK,gBAAgB,OAAO;EACjD,MAAMC,UAA0B,CAAE;EAGlC,MAAM,kBAAkB,MAAM,KAAK,WAAW,OAAO;EAGrD,MAAM,YAAY;AAClB,OAAK,IAAI,IAAI,GAAG,IAAI,QAAQ,QAAQ,KAAK,WAAW;GACnD,MAAM,QAAQ,QAAQ,MAAM,GAAG,IAAI,UAAU;GAC7C,MAAM,UAAU,CAAE;AAElB,QAAK,MAAM,UAAU,OAAO;IAC3B,MAAM,WAAW,gBAAgB,KAChC,CAAC,MAAM,EAAE,SAAS,OAAO,QAAQ,EAAE,SAAS,OAAO,KACnD;IAED,MAAM,gBAAgB,UAAU,SAAS;AAEzC,QAAI,YAAY,kBAAkB,OAAO,OAAO;AAE/C,aAAQ,KAAK;MACZ;MACA,SAAS;MACT,WAAW;KACX,EAAC;AACF;IACA;IAGD,MAAM,aACL,OAAO,SAAS,MAAM,UAAU,EAAE,OAAO,KAAK,GAAG,OAAO;AAEzD,YAAQ,KAAK;KACZ,QAAQ;KACR,mBAAmB;MAClB,MAAM;MACN,MAAM,OAAO;MACb,KAAK,OAAO;MACZ,iBAAiB,CAAC,EAAE,OAAO,OAAO,MAAO,CAAC;KAC1C;IACD,EAAC;AAEF,YAAQ,KAAK;KACZ;KACA,UAAU;KACV,WAAW;IACX,EAAC;GACF;AAGD,OAAI,QAAQ,SAAS,GAAG;IACvB,MAAM,UAAU,IAAI,gCAAgC;KACnD,cAAc;KACd,aAAa;MACZ,SAAS;MACT,SAAS;KACT;IACD;AAED,UAAM,KAAK,OAAO,KAAK,QAAQ;GAC/B;EACD;AAED,SAAO;CACP;AACD"}

package/dist/SSMStateProvider-BxAPU99a.cjs

@@ -0,0 +1,53 @@
+const require_chunk = require('./chunk-CUT6urMc.cjs');
+const __aws_sdk_client_ssm = require_chunk.__toESM(require("@aws-sdk/client-ssm"));
+
+//#region src/deploy/SSMStateProvider.ts
+/**
+* AWS SSM Parameter Store state provider.
+*
+* Stores state as encrypted SecureString parameters.
+* Parameter path: /gkm/{workspaceName}/{stage}/state
+*/
+var SSMStateProvider = class {
+	client;
+	workspaceName;
+	constructor(options) {
+		this.workspaceName = options.workspaceName;
+		this.client = new __aws_sdk_client_ssm.SSMClient({ region: options.region });
+	}
+	/**
+	* Get the SSM parameter name for a stage.
+	*/
+	getParameterName(stage) {
+		return `/gkm/${this.workspaceName}/${stage}/state`;
+	}
+	async read(stage) {
+		const parameterName = this.getParameterName(stage);
+		try {
+			const response = await this.client.send(new __aws_sdk_client_ssm.GetParameterCommand({
+				Name: parameterName,
+				WithDecryption: true
+			}));
+			if (!response.Parameter?.Value) return null;
+			return JSON.parse(response.Parameter.Value);
+		} catch (error) {
+			if (error instanceof __aws_sdk_client_ssm.ParameterNotFound) return null;
+			throw error;
+		}
+	}
+	async write(stage, state) {
+		const parameterName = this.getParameterName(stage);
+		state.lastDeployedAt = (/* @__PURE__ */ new Date()).toISOString();
+		await this.client.send(new __aws_sdk_client_ssm.PutParameterCommand({
+			Name: parameterName,
+			Value: JSON.stringify(state),
+			Type: "SecureString",
+			Overwrite: true,
+			Description: `GKM deployment state for ${this.workspaceName}/${stage}`
+		}));
+	}
+};
+
+//#endregion
+exports.SSMStateProvider = SSMStateProvider;
+//# sourceMappingURL=SSMStateProvider-BxAPU99a.cjs.map

package/dist/SSMStateProvider-BxAPU99a.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"SSMStateProvider-BxAPU99a.cjs","names":["options: SSMStateProviderOptions","SSMClient","stage: string","GetParameterCommand","ParameterNotFound","state: DokployStageState","PutParameterCommand"],"sources":["../src/deploy/SSMStateProvider.ts"],"sourcesContent":["/**\n * AWS SSM Parameter Store State Provider\n *\n * Stores deployment state as SecureString parameters in AWS SSM.\n * Uses AWS-managed KMS key for encryption (free tier).\n *\n * Parameter naming: /gkm/{workspaceName}/{stage}/state\n */\n\nimport {\n\tGetParameterCommand,\n\tParameterNotFound,\n\tPutParameterCommand,\n\tSSMClient,\n} from '@aws-sdk/client-ssm';\nimport type { AwsRegion, StateProvider } from './StateProvider';\nimport type { DokployStageState } from './state';\n\nexport interface SSMStateProviderOptions {\n\t/** Workspace name (used in parameter path) */\n\tworkspaceName: string;\n\t/** AWS region (required) */\n\tregion: AwsRegion;\n}\n\n/**\n * AWS SSM Parameter Store state provider.\n *\n * Stores state as encrypted SecureString parameters.\n * Parameter path: /gkm/{workspaceName}/{stage}/state\n */\nexport class SSMStateProvider implements StateProvider {\n\tprivate readonly client: SSMClient;\n\tprivate readonly workspaceName: string;\n\n\tconstructor(options: SSMStateProviderOptions) {\n\t\tthis.workspaceName = options.workspaceName;\n\t\tthis.client = new SSMClient({\n\t\t\tregion: options.region,\n\t\t});\n\t}\n\n\t/**\n\t * Get the SSM parameter name for a stage.\n\t */\n\tprivate getParameterName(stage: string): string {\n\t\treturn `/gkm/${this.workspaceName}/${stage}/state`;\n\t}\n\n\tasync read(stage: string): Promise<DokployStageState | null> {\n\t\tconst parameterName = this.getParameterName(stage);\n\n\t\ttry {\n\t\t\tconst response = await this.client.send(\n\t\t\t\tnew GetParameterCommand({\n\t\t\t\t\tName: parameterName,\n\t\t\t\t\tWithDecryption: true,\n\t\t\t\t}),\n\t\t\t);\n\n\t\t\tif (!response.Parameter?.Value) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\treturn JSON.parse(response.Parameter.Value) as DokployStageState;\n\t\t} catch (error) {\n\t\t\t// Parameter doesn't exist - return null (new deployment)\n\t\t\tif (error instanceof ParameterNotFound) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\t// Re-throw other errors (permission denied, network, etc.)\n\t\t\tthrow error;\n\t\t}\n\t}\n\n\tasync write(stage: string, state: DokployStageState): Promise<void> {\n\t\tconst parameterName = this.getParameterName(stage);\n\n\t\t// Update last deployed timestamp\n\t\tstate.lastDeployedAt = new Date().toISOString();\n\n\t\tawait this.client.send(\n\t\t\tnew PutParameterCommand({\n\t\t\t\tName: parameterName,\n\t\t\t\tValue: JSON.stringify(state),\n\t\t\t\tType: 'SecureString',\n\t\t\t\tOverwrite: true,\n\t\t\t\tDescription: `GKM deployment state for ${this.workspaceName}/${stage}`,\n\t\t\t}),\n\t\t);\n\t}\n}\n"],"mappings":";;;;;;;;;;AA+BA,IAAa,mBAAb,MAAuD;CACtD,AAAiB;CACjB,AAAiB;CAEjB,YAAYA,SAAkC;AAC7C,OAAK,gBAAgB,QAAQ;AAC7B,OAAK,SAAS,IAAIC,+BAAU,EAC3B,QAAQ,QAAQ,OAChB;CACD;;;;CAKD,AAAQ,iBAAiBC,OAAuB;AAC/C,UAAQ,OAAO,KAAK,cAAc,GAAG,MAAM;CAC3C;CAED,MAAM,KAAKA,OAAkD;EAC5D,MAAM,gBAAgB,KAAK,iBAAiB,MAAM;AAElD,MAAI;GACH,MAAM,WAAW,MAAM,KAAK,OAAO,KAClC,IAAIC,yCAAoB;IACvB,MAAM;IACN,gBAAgB;GAChB,GACD;AAED,QAAK,SAAS,WAAW,MACxB,QAAO;AAGR,UAAO,KAAK,MAAM,SAAS,UAAU,MAAM;EAC3C,SAAQ,OAAO;AAEf,OAAI,iBAAiBC,uCACpB,QAAO;AAIR,SAAM;EACN;CACD;CAED,MAAM,MAAMF,OAAeG,OAAyC;EACnE,MAAM,gBAAgB,KAAK,iBAAiB,MAAM;AAGlD,QAAM,iBAAiB,qBAAI,QAAO,aAAa;AAE/C,QAAM,KAAK,OAAO,KACjB,IAAIC,yCAAoB;GACvB,MAAM;GACN,OAAO,KAAK,UAAU,MAAM;GAC5B,MAAM;GACN,WAAW;GACX,cAAc,2BAA2B,KAAK,cAAc,GAAG,MAAM;EACrE,GACD;CACD;AACD"}

package/dist/SSMStateProvider-C4wp4AZe.mjs

@@ -0,0 +1,52 @@
+import { GetParameterCommand, ParameterNotFound, PutParameterCommand, SSMClient } from "@aws-sdk/client-ssm";
+
+//#region src/deploy/SSMStateProvider.ts
+/**
+* AWS SSM Parameter Store state provider.
+*
+* Stores state as encrypted SecureString parameters.
+* Parameter path: /gkm/{workspaceName}/{stage}/state
+*/
+var SSMStateProvider = class {
+	client;
+	workspaceName;
+	constructor(options) {
+		this.workspaceName = options.workspaceName;
+		this.client = new SSMClient({ region: options.region });
+	}
+	/**
+	* Get the SSM parameter name for a stage.
+	*/
+	getParameterName(stage) {
+		return `/gkm/${this.workspaceName}/${stage}/state`;
+	}
+	async read(stage) {
+		const parameterName = this.getParameterName(stage);
+		try {
+			const response = await this.client.send(new GetParameterCommand({
+				Name: parameterName,
+				WithDecryption: true
+			}));
+			if (!response.Parameter?.Value) return null;
+			return JSON.parse(response.Parameter.Value);
+		} catch (error) {
+			if (error instanceof ParameterNotFound) return null;
+			throw error;
+		}
+	}
+	async write(stage, state) {
+		const parameterName = this.getParameterName(stage);
+		state.lastDeployedAt = (/* @__PURE__ */ new Date()).toISOString();
+		await this.client.send(new PutParameterCommand({
+			Name: parameterName,
+			Value: JSON.stringify(state),
+			Type: "SecureString",
+			Overwrite: true,
+			Description: `GKM deployment state for ${this.workspaceName}/${stage}`
+		}));
+	}
+};
+
+//#endregion
+export { SSMStateProvider };
+//# sourceMappingURL=SSMStateProvider-C4wp4AZe.mjs.map

package/dist/SSMStateProvider-C4wp4AZe.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"SSMStateProvider-C4wp4AZe.mjs","names":["options: SSMStateProviderOptions","stage: string","state: DokployStageState"],"sources":["../src/deploy/SSMStateProvider.ts"],"sourcesContent":["/**\n * AWS SSM Parameter Store State Provider\n *\n * Stores deployment state as SecureString parameters in AWS SSM.\n * Uses AWS-managed KMS key for encryption (free tier).\n *\n * Parameter naming: /gkm/{workspaceName}/{stage}/state\n */\n\nimport {\n\tGetParameterCommand,\n\tParameterNotFound,\n\tPutParameterCommand,\n\tSSMClient,\n} from '@aws-sdk/client-ssm';\nimport type { AwsRegion, StateProvider } from './StateProvider';\nimport type { DokployStageState } from './state';\n\nexport interface SSMStateProviderOptions {\n\t/** Workspace name (used in parameter path) */\n\tworkspaceName: string;\n\t/** AWS region (required) */\n\tregion: AwsRegion;\n}\n\n/**\n * AWS SSM Parameter Store state provider.\n *\n * Stores state as encrypted SecureString parameters.\n * Parameter path: /gkm/{workspaceName}/{stage}/state\n */\nexport class SSMStateProvider implements StateProvider {\n\tprivate readonly client: SSMClient;\n\tprivate readonly workspaceName: string;\n\n\tconstructor(options: SSMStateProviderOptions) {\n\t\tthis.workspaceName = options.workspaceName;\n\t\tthis.client = new SSMClient({\n\t\t\tregion: options.region,\n\t\t});\n\t}\n\n\t/**\n\t * Get the SSM parameter name for a stage.\n\t */\n\tprivate getParameterName(stage: string): string {\n\t\treturn `/gkm/${this.workspaceName}/${stage}/state`;\n\t}\n\n\tasync read(stage: string): Promise<DokployStageState | null> {\n\t\tconst parameterName = this.getParameterName(stage);\n\n\t\ttry {\n\t\t\tconst response = await this.client.send(\n\t\t\t\tnew GetParameterCommand({\n\t\t\t\t\tName: parameterName,\n\t\t\t\t\tWithDecryption: true,\n\t\t\t\t}),\n\t\t\t);\n\n\t\t\tif (!response.Parameter?.Value) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\treturn JSON.parse(response.Parameter.Value) as DokployStageState;\n\t\t} catch (error) {\n\t\t\t// Parameter doesn't exist - return null (new deployment)\n\t\t\tif (error instanceof ParameterNotFound) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\t// Re-throw other errors (permission denied, network, etc.)\n\t\t\tthrow error;\n\t\t}\n\t}\n\n\tasync write(stage: string, state: DokployStageState): Promise<void> {\n\t\tconst parameterName = this.getParameterName(stage);\n\n\t\t// Update last deployed timestamp\n\t\tstate.lastDeployedAt = new Date().toISOString();\n\n\t\tawait this.client.send(\n\t\t\tnew PutParameterCommand({\n\t\t\t\tName: parameterName,\n\t\t\t\tValue: JSON.stringify(state),\n\t\t\t\tType: 'SecureString',\n\t\t\t\tOverwrite: true,\n\t\t\t\tDescription: `GKM deployment state for ${this.workspaceName}/${stage}`,\n\t\t\t}),\n\t\t);\n\t}\n}\n"],"mappings":";;;;;;;;;AA+BA,IAAa,mBAAb,MAAuD;CACtD,AAAiB;CACjB,AAAiB;CAEjB,YAAYA,SAAkC;AAC7C,OAAK,gBAAgB,QAAQ;AAC7B,OAAK,SAAS,IAAI,UAAU,EAC3B,QAAQ,QAAQ,OAChB;CACD;;;;CAKD,AAAQ,iBAAiBC,OAAuB;AAC/C,UAAQ,OAAO,KAAK,cAAc,GAAG,MAAM;CAC3C;CAED,MAAM,KAAKA,OAAkD;EAC5D,MAAM,gBAAgB,KAAK,iBAAiB,MAAM;AAElD,MAAI;GACH,MAAM,WAAW,MAAM,KAAK,OAAO,KAClC,IAAI,oBAAoB;IACvB,MAAM;IACN,gBAAgB;GAChB,GACD;AAED,QAAK,SAAS,WAAW,MACxB,QAAO;AAGR,UAAO,KAAK,MAAM,SAAS,UAAU,MAAM;EAC3C,SAAQ,OAAO;AAEf,OAAI,iBAAiB,kBACpB,QAAO;AAIR,SAAM;EACN;CACD;CAED,MAAM,MAAMA,OAAeC,OAAyC;EACnE,MAAM,gBAAgB,KAAK,iBAAiB,MAAM;AAGlD,QAAM,iBAAiB,qBAAI,QAAO,aAAa;AAE/C,QAAM,KAAK,OAAO,KACjB,IAAI,oBAAoB;GACvB,MAAM;GACN,OAAO,KAAK,UAAU,MAAM;GAC5B,MAAM;GACN,WAAW;GACX,cAAc,2BAA2B,KAAK,cAAc,GAAG,MAAM;EACrE,GACD;CACD;AACD"}

package/dist/{bundler-DGry2vaR.mjs → bundler-BqTN5Dj5.mjs}

@@ -58,8 +58,8 @@ async function bundleServer(options) {
 	for (const ext of external) args.push(`--external:${ext}`);
 	let masterKey;
 	if (stage) {
-		const { readStageSecrets, toEmbeddableSecrets, validateEnvironmentVariables, initStageSecrets, writeStageSecrets } = await import("./storage-DNj_I11J.mjs");
-		const { encryptSecrets, generateDefineOptions } = await import("./encryption-CQXBZGkt.mjs");
+		const { readStageSecrets, toEmbeddableSecrets, validateEnvironmentVariables, initStageSecrets, writeStageSecrets } = await import("./storage-D8XzjVaO.mjs");
+		const { encryptSecrets, generateDefineOptions } = await import("./encryption-UUmaWAmz.mjs");
 		let secrets = await readStageSecrets(stage);
 		if (!secrets) {
 			console.log(`  Initializing secrets for stage "${stage}"...`);
@@ -132,4 +132,4 @@ async function bundleServer(options) {
 
 //#endregion
 export { bundleServer };
-//# sourceMappingURL=bundler-DGry2vaR.mjs.map
+//# sourceMappingURL=bundler-BqTN5Dj5.mjs.map