@geekmidas/cli 0.9.0 → 0.12.0

package/dist/storage-BXoJvmv2.cjs

@@ -0,0 +1,149 @@
+const require_chunk = require('./chunk-CUT6urMc.cjs');
+const node_fs = require_chunk.__toESM(require("node:fs"));
+const node_path = require_chunk.__toESM(require("node:path"));
+const node_fs_promises = require_chunk.__toESM(require("node:fs/promises"));
+
+//#region src/secrets/storage.ts
+/** Default secrets directory relative to project root */
+const SECRETS_DIR = ".gkm/secrets";
+/**
+* Get the secrets directory path.
+*/
+function getSecretsDir(cwd = process.cwd()) {
+	return (0, node_path.join)(cwd, SECRETS_DIR);
+}
+/**
+* Get the secrets file path for a stage.
+*/
+function getSecretsPath(stage, cwd = process.cwd()) {
+	return (0, node_path.join)(getSecretsDir(cwd), `${stage}.json`);
+}
+/**
+* Check if secrets exist for a stage.
+*/
+function secretsExist(stage, cwd = process.cwd()) {
+	return (0, node_fs.existsSync)(getSecretsPath(stage, cwd));
+}
+/**
+* Read secrets for a stage.
+* @returns StageSecrets or null if not found
+*/
+async function readStageSecrets(stage, cwd = process.cwd()) {
+	const path = getSecretsPath(stage, cwd);
+	if (!(0, node_fs.existsSync)(path)) return null;
+	const content = await (0, node_fs_promises.readFile)(path, "utf-8");
+	return JSON.parse(content);
+}
+/**
+* Write secrets for a stage.
+*/
+async function writeStageSecrets(secrets, cwd = process.cwd()) {
+	const dir = getSecretsDir(cwd);
+	const path = getSecretsPath(secrets.stage, cwd);
+	await (0, node_fs_promises.mkdir)(dir, { recursive: true });
+	await (0, node_fs_promises.writeFile)(path, JSON.stringify(secrets, null, 2), "utf-8");
+}
+/**
+* Convert StageSecrets to embeddable format (flat key-value pairs).
+* This is what gets encrypted and embedded in the bundle.
+*/
+function toEmbeddableSecrets(secrets) {
+	return {
+		...secrets.urls,
+		...secrets.custom,
+		...secrets.services.postgres && {
+			POSTGRES_USER: secrets.services.postgres.username,
+			POSTGRES_PASSWORD: secrets.services.postgres.password,
+			POSTGRES_DB: secrets.services.postgres.database ?? "app",
+			POSTGRES_HOST: secrets.services.postgres.host,
+			POSTGRES_PORT: String(secrets.services.postgres.port)
+		},
+		...secrets.services.redis && {
+			REDIS_PASSWORD: secrets.services.redis.password,
+			REDIS_HOST: secrets.services.redis.host,
+			REDIS_PORT: String(secrets.services.redis.port)
+		},
+		...secrets.services.rabbitmq && {
+			RABBITMQ_USER: secrets.services.rabbitmq.username,
+			RABBITMQ_PASSWORD: secrets.services.rabbitmq.password,
+			RABBITMQ_HOST: secrets.services.rabbitmq.host,
+			RABBITMQ_PORT: String(secrets.services.rabbitmq.port),
+			RABBITMQ_VHOST: secrets.services.rabbitmq.vhost ?? "/"
+		}
+	};
+}
+/**
+* Update a custom secret in the secrets file.
+*/
+async function setCustomSecret(stage, key, value, cwd = process.cwd()) {
+	const secrets = await readStageSecrets(stage, cwd);
+	if (!secrets) throw new Error(`Secrets not found for stage "${stage}". Run "gkm secrets:init --stage ${stage}" first.`);
+	const updated = {
+		...secrets,
+		updatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+		custom: {
+			...secrets.custom,
+			[key]: value
+		}
+	};
+	await writeStageSecrets(updated, cwd);
+	return updated;
+}
+/**
+* Mask a password for display (show first 4 and last 2 chars).
+*/
+function maskPassword(password) {
+	if (password.length <= 8) return "********";
+	return `${password.slice(0, 4)}${"*".repeat(password.length - 6)}${password.slice(-2)}`;
+}
+
+//#endregion
+Object.defineProperty(exports, 'getSecretsDir', {
+  enumerable: true,
+  get: function () {
+    return getSecretsDir;
+  }
+});
+Object.defineProperty(exports, 'getSecretsPath', {
+  enumerable: true,
+  get: function () {
+    return getSecretsPath;
+  }
+});
+Object.defineProperty(exports, 'maskPassword', {
+  enumerable: true,
+  get: function () {
+    return maskPassword;
+  }
+});
+Object.defineProperty(exports, 'readStageSecrets', {
+  enumerable: true,
+  get: function () {
+    return readStageSecrets;
+  }
+});
+Object.defineProperty(exports, 'secretsExist', {
+  enumerable: true,
+  get: function () {
+    return secretsExist;
+  }
+});
+Object.defineProperty(exports, 'setCustomSecret', {
+  enumerable: true,
+  get: function () {
+    return setCustomSecret;
+  }
+});
+Object.defineProperty(exports, 'toEmbeddableSecrets', {
+  enumerable: true,
+  get: function () {
+    return toEmbeddableSecrets;
+  }
+});
+Object.defineProperty(exports, 'writeStageSecrets', {
+  enumerable: true,
+  get: function () {
+    return writeStageSecrets;
+  }
+});
+//# sourceMappingURL=storage-BXoJvmv2.cjs.map

package/dist/storage-BXoJvmv2.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"storage-BXoJvmv2.cjs","names":["stage: string","secrets: StageSecrets","key: string","value: string","updated: StageSecrets","password: string"],"sources":["../src/secrets/storage.ts"],"sourcesContent":["import { existsSync } from 'node:fs';\nimport { mkdir, readFile, writeFile } from 'node:fs/promises';\nimport { join } from 'node:path';\nimport type { EmbeddableSecrets, StageSecrets } from './types';\n\n/** Default secrets directory relative to project root */\nconst SECRETS_DIR = '.gkm/secrets';\n\n/**\n * Get the secrets directory path.\n */\nexport function getSecretsDir(cwd = process.cwd()): string {\n\treturn join(cwd, SECRETS_DIR);\n}\n\n/**\n * Get the secrets file path for a stage.\n */\nexport function getSecretsPath(stage: string, cwd = process.cwd()): string {\n\treturn join(getSecretsDir(cwd), `${stage}.json`);\n}\n\n/**\n * Check if secrets exist for a stage.\n */\nexport function secretsExist(stage: string, cwd = process.cwd()): boolean {\n\treturn existsSync(getSecretsPath(stage, cwd));\n}\n\n/**\n * Read secrets for a stage.\n * @returns StageSecrets or null if not found\n */\nexport async function readStageSecrets(\n\tstage: string,\n\tcwd = process.cwd(),\n): Promise<StageSecrets | null> {\n\tconst path = getSecretsPath(stage, cwd);\n\n\tif (!existsSync(path)) {\n\t\treturn null;\n\t}\n\n\tconst content = await readFile(path, 'utf-8');\n\treturn JSON.parse(content) as StageSecrets;\n}\n\n/**\n * Write secrets for a stage.\n */\nexport async function writeStageSecrets(\n\tsecrets: StageSecrets,\n\tcwd = process.cwd(),\n): Promise<void> {\n\tconst dir = getSecretsDir(cwd);\n\tconst path = getSecretsPath(secrets.stage, cwd);\n\n\t// Ensure directory exists\n\tawait mkdir(dir, { recursive: true });\n\n\t// Write with pretty formatting\n\tawait writeFile(path, JSON.stringify(secrets, null, 2), 'utf-8');\n}\n\n/**\n * Convert StageSecrets to embeddable format (flat key-value pairs).\n * This is what gets encrypted and embedded in the bundle.\n */\nexport function toEmbeddableSecrets(secrets: StageSecrets): EmbeddableSecrets {\n\treturn {\n\t\t...secrets.urls,\n\t\t...secrets.custom,\n\t\t// Also include individual service credentials if needed\n\t\t...(secrets.services.postgres && {\n\t\t\tPOSTGRES_USER: secrets.services.postgres.username,\n\t\t\tPOSTGRES_PASSWORD: secrets.services.postgres.password,\n\t\t\tPOSTGRES_DB: secrets.services.postgres.database ?? 'app',\n\t\t\tPOSTGRES_HOST: secrets.services.postgres.host,\n\t\t\tPOSTGRES_PORT: String(secrets.services.postgres.port),\n\t\t}),\n\t\t...(secrets.services.redis && {\n\t\t\tREDIS_PASSWORD: secrets.services.redis.password,\n\t\t\tREDIS_HOST: secrets.services.redis.host,\n\t\t\tREDIS_PORT: String(secrets.services.redis.port),\n\t\t}),\n\t\t...(secrets.services.rabbitmq && {\n\t\t\tRABBITMQ_USER: secrets.services.rabbitmq.username,\n\t\t\tRABBITMQ_PASSWORD: secrets.services.rabbitmq.password,\n\t\t\tRABBITMQ_HOST: secrets.services.rabbitmq.host,\n\t\t\tRABBITMQ_PORT: String(secrets.services.rabbitmq.port),\n\t\t\tRABBITMQ_VHOST: secrets.services.rabbitmq.vhost ?? '/',\n\t\t}),\n\t};\n}\n\n/**\n * Update a custom secret in the secrets file.\n */\nexport async function setCustomSecret(\n\tstage: string,\n\tkey: string,\n\tvalue: string,\n\tcwd = process.cwd(),\n): Promise<StageSecrets> {\n\tconst secrets = await readStageSecrets(stage, cwd);\n\n\tif (!secrets) {\n\t\tthrow new Error(\n\t\t\t`Secrets not found for stage \"${stage}\". Run \"gkm secrets:init --stage ${stage}\" first.`,\n\t\t);\n\t}\n\n\tconst updated: StageSecrets = {\n\t\t...secrets,\n\t\tupdatedAt: new Date().toISOString(),\n\t\tcustom: {\n\t\t\t...secrets.custom,\n\t\t\t[key]: value,\n\t\t},\n\t};\n\n\tawait writeStageSecrets(updated, cwd);\n\treturn updated;\n}\n\n/**\n * Mask a password for display (show first 4 and last 2 chars).\n */\nexport function maskPassword(password: string): string {\n\tif (password.length <= 8) {\n\t\treturn '********';\n\t}\n\treturn `${password.slice(0, 4)}${'*'.repeat(password.length - 6)}${password.slice(-2)}`;\n}\n"],"mappings":";;;;;;;AAMA,MAAM,cAAc;;;;AAKpB,SAAgB,cAAc,MAAM,QAAQ,KAAK,EAAU;AAC1D,QAAO,oBAAK,KAAK,YAAY;AAC7B;;;;AAKD,SAAgB,eAAeA,OAAe,MAAM,QAAQ,KAAK,EAAU;AAC1E,QAAO,oBAAK,cAAc,IAAI,GAAG,EAAE,MAAM,OAAO;AAChD;;;;AAKD,SAAgB,aAAaA,OAAe,MAAM,QAAQ,KAAK,EAAW;AACzE,QAAO,wBAAW,eAAe,OAAO,IAAI,CAAC;AAC7C;;;;;AAMD,eAAsB,iBACrBA,OACA,MAAM,QAAQ,KAAK,EACY;CAC/B,MAAM,OAAO,eAAe,OAAO,IAAI;AAEvC,MAAK,wBAAW,KAAK,CACpB,QAAO;CAGR,MAAM,UAAU,MAAM,+BAAS,MAAM,QAAQ;AAC7C,QAAO,KAAK,MAAM,QAAQ;AAC1B;;;;AAKD,eAAsB,kBACrBC,SACA,MAAM,QAAQ,KAAK,EACH;CAChB,MAAM,MAAM,cAAc,IAAI;CAC9B,MAAM,OAAO,eAAe,QAAQ,OAAO,IAAI;AAG/C,OAAM,4BAAM,KAAK,EAAE,WAAW,KAAM,EAAC;AAGrC,OAAM,gCAAU,MAAM,KAAK,UAAU,SAAS,MAAM,EAAE,EAAE,QAAQ;AAChE;;;;;AAMD,SAAgB,oBAAoBA,SAA0C;AAC7E,QAAO;EACN,GAAG,QAAQ;EACX,GAAG,QAAQ;EAEX,GAAI,QAAQ,SAAS,YAAY;GAChC,eAAe,QAAQ,SAAS,SAAS;GACzC,mBAAmB,QAAQ,SAAS,SAAS;GAC7C,aAAa,QAAQ,SAAS,SAAS,YAAY;GACnD,eAAe,QAAQ,SAAS,SAAS;GACzC,eAAe,OAAO,QAAQ,SAAS,SAAS,KAAK;EACrD;EACD,GAAI,QAAQ,SAAS,SAAS;GAC7B,gBAAgB,QAAQ,SAAS,MAAM;GACvC,YAAY,QAAQ,SAAS,MAAM;GACnC,YAAY,OAAO,QAAQ,SAAS,MAAM,KAAK;EAC/C;EACD,GAAI,QAAQ,SAAS,YAAY;GAChC,eAAe,QAAQ,SAAS,SAAS;GACzC,mBAAmB,QAAQ,SAAS,SAAS;GAC7C,eAAe,QAAQ,SAAS,SAAS;GACzC,eAAe,OAAO,QAAQ,SAAS,SAAS,KAAK;GACrD,gBAAgB,QAAQ,SAAS,SAAS,SAAS;EACnD;CACD;AACD;;;;AAKD,eAAsB,gBACrBD,OACAE,KACAC,OACA,MAAM,QAAQ,KAAK,EACK;CACxB,MAAM,UAAU,MAAM,iBAAiB,OAAO,IAAI;AAElD,MAAK,QACJ,OAAM,IAAI,OACR,+BAA+B,MAAM,mCAAmC,MAAM;CAIjF,MAAMC,UAAwB;EAC7B,GAAG;EACH,WAAW,qBAAI,QAAO,aAAa;EACnC,QAAQ;GACP,GAAG,QAAQ;IACV,MAAM;EACP;CACD;AAED,OAAM,kBAAkB,SAAS,IAAI;AACrC,QAAO;AACP;;;;AAKD,SAAgB,aAAaC,UAA0B;AACtD,KAAI,SAAS,UAAU,EACtB,QAAO;AAER,SAAQ,EAAE,SAAS,MAAM,GAAG,EAAE,CAAC,EAAE,IAAI,OAAO,SAAS,SAAS,EAAE,CAAC,EAAE,SAAS,MAAM,GAAG,CAAC;AACtF"}

package/dist/storage-C9PU_30f.mjs

@@ -0,0 +1,101 @@
+import { existsSync } from "node:fs";
+import { join } from "node:path";
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+
+//#region src/secrets/storage.ts
+/** Default secrets directory relative to project root */
+const SECRETS_DIR = ".gkm/secrets";
+/**
+* Get the secrets directory path.
+*/
+function getSecretsDir(cwd = process.cwd()) {
+	return join(cwd, SECRETS_DIR);
+}
+/**
+* Get the secrets file path for a stage.
+*/
+function getSecretsPath(stage, cwd = process.cwd()) {
+	return join(getSecretsDir(cwd), `${stage}.json`);
+}
+/**
+* Check if secrets exist for a stage.
+*/
+function secretsExist(stage, cwd = process.cwd()) {
+	return existsSync(getSecretsPath(stage, cwd));
+}
+/**
+* Read secrets for a stage.
+* @returns StageSecrets or null if not found
+*/
+async function readStageSecrets(stage, cwd = process.cwd()) {
+	const path = getSecretsPath(stage, cwd);
+	if (!existsSync(path)) return null;
+	const content = await readFile(path, "utf-8");
+	return JSON.parse(content);
+}
+/**
+* Write secrets for a stage.
+*/
+async function writeStageSecrets(secrets, cwd = process.cwd()) {
+	const dir = getSecretsDir(cwd);
+	const path = getSecretsPath(secrets.stage, cwd);
+	await mkdir(dir, { recursive: true });
+	await writeFile(path, JSON.stringify(secrets, null, 2), "utf-8");
+}
+/**
+* Convert StageSecrets to embeddable format (flat key-value pairs).
+* This is what gets encrypted and embedded in the bundle.
+*/
+function toEmbeddableSecrets(secrets) {
+	return {
+		...secrets.urls,
+		...secrets.custom,
+		...secrets.services.postgres && {
+			POSTGRES_USER: secrets.services.postgres.username,
+			POSTGRES_PASSWORD: secrets.services.postgres.password,
+			POSTGRES_DB: secrets.services.postgres.database ?? "app",
+			POSTGRES_HOST: secrets.services.postgres.host,
+			POSTGRES_PORT: String(secrets.services.postgres.port)
+		},
+		...secrets.services.redis && {
+			REDIS_PASSWORD: secrets.services.redis.password,
+			REDIS_HOST: secrets.services.redis.host,
+			REDIS_PORT: String(secrets.services.redis.port)
+		},
+		...secrets.services.rabbitmq && {
+			RABBITMQ_USER: secrets.services.rabbitmq.username,
+			RABBITMQ_PASSWORD: secrets.services.rabbitmq.password,
+			RABBITMQ_HOST: secrets.services.rabbitmq.host,
+			RABBITMQ_PORT: String(secrets.services.rabbitmq.port),
+			RABBITMQ_VHOST: secrets.services.rabbitmq.vhost ?? "/"
+		}
+	};
+}
+/**
+* Update a custom secret in the secrets file.
+*/
+async function setCustomSecret(stage, key, value, cwd = process.cwd()) {
+	const secrets = await readStageSecrets(stage, cwd);
+	if (!secrets) throw new Error(`Secrets not found for stage "${stage}". Run "gkm secrets:init --stage ${stage}" first.`);
+	const updated = {
+		...secrets,
+		updatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+		custom: {
+			...secrets.custom,
+			[key]: value
+		}
+	};
+	await writeStageSecrets(updated, cwd);
+	return updated;
+}
+/**
+* Mask a password for display (show first 4 and last 2 chars).
+*/
+function maskPassword(password) {
+	if (password.length <= 8) return "********";
+	return `${password.slice(0, 4)}${"*".repeat(password.length - 6)}${password.slice(-2)}`;
+}
+
+//#endregion
+export { getSecretsDir, getSecretsPath, maskPassword, readStageSecrets, secretsExist, setCustomSecret, toEmbeddableSecrets, writeStageSecrets };
+//# sourceMappingURL=storage-C9PU_30f.mjs.map

package/dist/storage-C9PU_30f.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"storage-C9PU_30f.mjs","names":["stage: string","secrets: StageSecrets","key: string","value: string","updated: StageSecrets","password: string"],"sources":["../src/secrets/storage.ts"],"sourcesContent":["import { existsSync } from 'node:fs';\nimport { mkdir, readFile, writeFile } from 'node:fs/promises';\nimport { join } from 'node:path';\nimport type { EmbeddableSecrets, StageSecrets } from './types';\n\n/** Default secrets directory relative to project root */\nconst SECRETS_DIR = '.gkm/secrets';\n\n/**\n * Get the secrets directory path.\n */\nexport function getSecretsDir(cwd = process.cwd()): string {\n\treturn join(cwd, SECRETS_DIR);\n}\n\n/**\n * Get the secrets file path for a stage.\n */\nexport function getSecretsPath(stage: string, cwd = process.cwd()): string {\n\treturn join(getSecretsDir(cwd), `${stage}.json`);\n}\n\n/**\n * Check if secrets exist for a stage.\n */\nexport function secretsExist(stage: string, cwd = process.cwd()): boolean {\n\treturn existsSync(getSecretsPath(stage, cwd));\n}\n\n/**\n * Read secrets for a stage.\n * @returns StageSecrets or null if not found\n */\nexport async function readStageSecrets(\n\tstage: string,\n\tcwd = process.cwd(),\n): Promise<StageSecrets | null> {\n\tconst path = getSecretsPath(stage, cwd);\n\n\tif (!existsSync(path)) {\n\t\treturn null;\n\t}\n\n\tconst content = await readFile(path, 'utf-8');\n\treturn JSON.parse(content) as StageSecrets;\n}\n\n/**\n * Write secrets for a stage.\n */\nexport async function writeStageSecrets(\n\tsecrets: StageSecrets,\n\tcwd = process.cwd(),\n): Promise<void> {\n\tconst dir = getSecretsDir(cwd);\n\tconst path = getSecretsPath(secrets.stage, cwd);\n\n\t// Ensure directory exists\n\tawait mkdir(dir, { recursive: true });\n\n\t// Write with pretty formatting\n\tawait writeFile(path, JSON.stringify(secrets, null, 2), 'utf-8');\n}\n\n/**\n * Convert StageSecrets to embeddable format (flat key-value pairs).\n * This is what gets encrypted and embedded in the bundle.\n */\nexport function toEmbeddableSecrets(secrets: StageSecrets): EmbeddableSecrets {\n\treturn {\n\t\t...secrets.urls,\n\t\t...secrets.custom,\n\t\t// Also include individual service credentials if needed\n\t\t...(secrets.services.postgres && {\n\t\t\tPOSTGRES_USER: secrets.services.postgres.username,\n\t\t\tPOSTGRES_PASSWORD: secrets.services.postgres.password,\n\t\t\tPOSTGRES_DB: secrets.services.postgres.database ?? 'app',\n\t\t\tPOSTGRES_HOST: secrets.services.postgres.host,\n\t\t\tPOSTGRES_PORT: String(secrets.services.postgres.port),\n\t\t}),\n\t\t...(secrets.services.redis && {\n\t\t\tREDIS_PASSWORD: secrets.services.redis.password,\n\t\t\tREDIS_HOST: secrets.services.redis.host,\n\t\t\tREDIS_PORT: String(secrets.services.redis.port),\n\t\t}),\n\t\t...(secrets.services.rabbitmq && {\n\t\t\tRABBITMQ_USER: secrets.services.rabbitmq.username,\n\t\t\tRABBITMQ_PASSWORD: secrets.services.rabbitmq.password,\n\t\t\tRABBITMQ_HOST: secrets.services.rabbitmq.host,\n\t\t\tRABBITMQ_PORT: String(secrets.services.rabbitmq.port),\n\t\t\tRABBITMQ_VHOST: secrets.services.rabbitmq.vhost ?? '/',\n\t\t}),\n\t};\n}\n\n/**\n * Update a custom secret in the secrets file.\n */\nexport async function setCustomSecret(\n\tstage: string,\n\tkey: string,\n\tvalue: string,\n\tcwd = process.cwd(),\n): Promise<StageSecrets> {\n\tconst secrets = await readStageSecrets(stage, cwd);\n\n\tif (!secrets) {\n\t\tthrow new Error(\n\t\t\t`Secrets not found for stage \"${stage}\". Run \"gkm secrets:init --stage ${stage}\" first.`,\n\t\t);\n\t}\n\n\tconst updated: StageSecrets = {\n\t\t...secrets,\n\t\tupdatedAt: new Date().toISOString(),\n\t\tcustom: {\n\t\t\t...secrets.custom,\n\t\t\t[key]: value,\n\t\t},\n\t};\n\n\tawait writeStageSecrets(updated, cwd);\n\treturn updated;\n}\n\n/**\n * Mask a password for display (show first 4 and last 2 chars).\n */\nexport function maskPassword(password: string): string {\n\tif (password.length <= 8) {\n\t\treturn '********';\n\t}\n\treturn `${password.slice(0, 4)}${'*'.repeat(password.length - 6)}${password.slice(-2)}`;\n}\n"],"mappings":";;;;;;AAMA,MAAM,cAAc;;;;AAKpB,SAAgB,cAAc,MAAM,QAAQ,KAAK,EAAU;AAC1D,QAAO,KAAK,KAAK,YAAY;AAC7B;;;;AAKD,SAAgB,eAAeA,OAAe,MAAM,QAAQ,KAAK,EAAU;AAC1E,QAAO,KAAK,cAAc,IAAI,GAAG,EAAE,MAAM,OAAO;AAChD;;;;AAKD,SAAgB,aAAaA,OAAe,MAAM,QAAQ,KAAK,EAAW;AACzE,QAAO,WAAW,eAAe,OAAO,IAAI,CAAC;AAC7C;;;;;AAMD,eAAsB,iBACrBA,OACA,MAAM,QAAQ,KAAK,EACY;CAC/B,MAAM,OAAO,eAAe,OAAO,IAAI;AAEvC,MAAK,WAAW,KAAK,CACpB,QAAO;CAGR,MAAM,UAAU,MAAM,SAAS,MAAM,QAAQ;AAC7C,QAAO,KAAK,MAAM,QAAQ;AAC1B;;;;AAKD,eAAsB,kBACrBC,SACA,MAAM,QAAQ,KAAK,EACH;CAChB,MAAM,MAAM,cAAc,IAAI;CAC9B,MAAM,OAAO,eAAe,QAAQ,OAAO,IAAI;AAG/C,OAAM,MAAM,KAAK,EAAE,WAAW,KAAM,EAAC;AAGrC,OAAM,UAAU,MAAM,KAAK,UAAU,SAAS,MAAM,EAAE,EAAE,QAAQ;AAChE;;;;;AAMD,SAAgB,oBAAoBA,SAA0C;AAC7E,QAAO;EACN,GAAG,QAAQ;EACX,GAAG,QAAQ;EAEX,GAAI,QAAQ,SAAS,YAAY;GAChC,eAAe,QAAQ,SAAS,SAAS;GACzC,mBAAmB,QAAQ,SAAS,SAAS;GAC7C,aAAa,QAAQ,SAAS,SAAS,YAAY;GACnD,eAAe,QAAQ,SAAS,SAAS;GACzC,eAAe,OAAO,QAAQ,SAAS,SAAS,KAAK;EACrD;EACD,GAAI,QAAQ,SAAS,SAAS;GAC7B,gBAAgB,QAAQ,SAAS,MAAM;GACvC,YAAY,QAAQ,SAAS,MAAM;GACnC,YAAY,OAAO,QAAQ,SAAS,MAAM,KAAK;EAC/C;EACD,GAAI,QAAQ,SAAS,YAAY;GAChC,eAAe,QAAQ,SAAS,SAAS;GACzC,mBAAmB,QAAQ,SAAS,SAAS;GAC7C,eAAe,QAAQ,SAAS,SAAS;GACzC,eAAe,OAAO,QAAQ,SAAS,SAAS,KAAK;GACrD,gBAAgB,QAAQ,SAAS,SAAS,SAAS;EACnD;CACD;AACD;;;;AAKD,eAAsB,gBACrBD,OACAE,KACAC,OACA,MAAM,QAAQ,KAAK,EACK;CACxB,MAAM,UAAU,MAAM,iBAAiB,OAAO,IAAI;AAElD,MAAK,QACJ,OAAM,IAAI,OACR,+BAA+B,MAAM,mCAAmC,MAAM;CAIjF,MAAMC,UAAwB;EAC7B,GAAG;EACH,WAAW,qBAAI,QAAO,aAAa;EACnC,QAAQ;GACP,GAAG,QAAQ;IACV,MAAM;EACP;CACD;AAED,OAAM,kBAAkB,SAAS,IAAI;AACrC,QAAO;AACP;;;;AAKD,SAAgB,aAAaC,UAA0B;AACtD,KAAI,SAAS,UAAU,EACtB,QAAO;AAER,SAAQ,EAAE,SAAS,MAAM,GAAG,EAAE,CAAC,EAAE,IAAI,OAAO,SAAS,SAAS,EAAE,CAAC,EAAE,SAAS,MAAM,GAAG,CAAC;AACtF"}

package/dist/storage-DLJAYxzJ.mjs

@@ -0,0 +1,3 @@
+import { getSecretsDir, getSecretsPath, maskPassword, readStageSecrets, secretsExist, setCustomSecret, toEmbeddableSecrets, writeStageSecrets } from "./storage-C9PU_30f.mjs";
+
+export { readStageSecrets, toEmbeddableSecrets };

package/dist/{types-b-vwGpqc.d.cts → types-BR0M2v_c.d.mts}

@@ -7,9 +7,81 @@ interface ProviderConfig {
 }
 interface AWSApiGatewayConfig extends ProviderConfig {}
 interface AWSLambdaConfig extends ProviderConfig {}
+interface ProductionConfig {
+  /** Enable production mode (default: false) */
+  enabled?: boolean;
+  /** Bundle server into single file (default: true) */
+  bundle?: boolean;
+  /** Minify bundled output (default: true) */
+  minify?: boolean;
+  /** Health check endpoint path (default: '/health') */
+  healthCheck?: string;
+  /** Enable graceful shutdown handling (default: true) */
+  gracefulShutdown?: boolean;
+  /** Packages to exclude from bundling (default: []) */
+  external?: string[];
+  /** Include subscribers in production build (default: 'exclude' for serverless) */
+  subscribers?: 'include' | 'exclude';
+  /** Include OpenAPI spec in production (default: false) */
+  openapi?: boolean;
+  /**
+   * Enable build-time optimized handler generation (default: true)
+   * Generates specialized handlers based on endpoint tier:
+   * - minimal: Near-raw-Hono performance for simple endpoints
+   * - standard: Optimized handlers for auth/services
+   * - full: Uses HonoEndpoint.addRoutes for complex endpoints
+   */
+  optimizedHandlers?: boolean;
+}
+/** Service-specific configuration for docker-compose */
+interface ServiceConfig {
+  /**
+   * Full Docker image reference (e.g., 'postgis/postgis:16-3.4-alpine').
+   * When specified, overrides the default image entirely.
+   */
+  image?: string;
+  /**
+   * Docker image version/tag (e.g., '15-alpine' for postgres).
+   * Only used when `image` is not specified.
+   */
+  version?: string;
+}
+/** Supported docker-compose service names */
+type ComposeServiceName = 'postgres' | 'redis' | 'rabbitmq';
+/** Services configuration - can be boolean (use defaults) or object with version */
+type ComposeServicesConfig = { [K in ComposeServiceName]?: boolean | ServiceConfig };
+interface DockerConfig {
+  /** Container registry URL (e.g., 'ghcr.io/myorg') */
+  registry?: string;
+  /** Docker image name (default: derived from package.json name) */
+  imageName?: string;
+  /** Base Docker image (default: 'node:22-alpine') */
+  baseImage?: string;
+  /** Container port (default: 3000) */
+  port?: number;
+  /** docker-compose services to include */
+  compose?: {
+    /**
+     * Services to include in docker-compose.
+     * Can be an object with service configs or an array of service names (legacy).
+     *
+     * @example Object format (recommended)
+     * services: {
+     *   postgres: { version: '15-alpine' },
+     *   redis: true,  // use default version
+     * }
+     *
+     * @example Array format (legacy, uses default versions)
+     * services: ['postgres', 'redis']
+     */
+    services?: ComposeServicesConfig | ComposeServiceName[];
+  };
+}
 interface ServerConfig extends ProviderConfig {
   enableOpenApi?: boolean;
   port?: number;
+  /** Production build configuration */
+  production?: ProductionConfig;
 }
 type Runtime = 'node' | 'bun';
 interface TelescopeConfig {
@@ -73,6 +145,17 @@ interface HooksConfig {
    */
   server?: string;
 }
+/** Dokploy deployment configuration */
+interface DokployProviderConfig {
+  /** Dokploy API endpoint (e.g., 'https://dokploy.example.com') */
+  endpoint: string;
+  /** Project ID in Dokploy */
+  projectId: string;
+  /** Application ID in Dokploy */
+  applicationId: string;
+  /** Container registry (overrides docker.registry if set) */
+  registry?: string;
+}
 interface ProvidersConfig {
   aws?: {
     apiGateway?: {
@@ -85,6 +168,8 @@ interface ProvidersConfig {
     };
   };
   server?: boolean | ServerConfig;
+  /** Dokploy deployment configuration */
+  dokploy?: boolean | DokployProviderConfig;
 }
 interface GkmConfig {
   routes: Routes;
@@ -157,7 +242,21 @@ interface GkmConfig {
    * env: ['.env', '.env.local']
    */
   env?: string | string[];
+  /**
+   * Docker deployment configuration.
+   * Used by `gkm docker` and `gkm prepack` commands.
+   *
+   * @example
+   * docker: {
+   *   registry: 'ghcr.io/myorg',
+   *   imageName: 'my-api',
+   *   compose: {
+   *     services: ['postgres', 'redis']
+   *   }
+   * }
+   */
+  docker?: DockerConfig;
 }
 //#endregion
 export { GkmConfig, OpenApiConfig };
-//# sourceMappingURL=types-b-vwGpqc.d.cts.map
+//# sourceMappingURL=types-BR0M2v_c.d.mts.map

package/dist/types-BR0M2v_c.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types-BR0M2v_c.d.mts","names":[],"sources":["../src/types.ts"],"sourcesContent":[],"mappings":";;AASiB,KAFL,MAAA,GAEmB,MAAA,GAAA,MAAA,EAAA;AAKd,UALA,cAAA,CAKoB;EAIpB,OAAA,CAAA,EAAA,OAAA;EAIA,SAAA,CAAA,EAAA,MAAA;AA4BjB;AAcY,UAlDK,mBAAA,SAA4B,cAkDf,CAAA,CAG9B;AAAiC,UAjDhB,eAAA,SAAwB,cAiDR,CAAA;AACM,UA9CtB,gBAAA,CA8CsB;EAAa;EAGnC,OAAA,CAAA,EAAA,OAAY;EAAA;EAAA,MAwBhB,CAAA,EAAA,OAAA;EAAqB;EAAqB,MAAA,CAAA,EAAA,OAAA;EAItC;EAAa,WAAA,CAAA,EAAA,MAAA;EAAA;EAIA,gBAJQ,CAAA,EAAA,OAAA;EAAc;EAOxC,QAAA,CAAA,EAAO,MAAA,EAAA;EAEF;EAiBA,WAAA,CAAA,EAAA,SAAY,GAAA,SAAA;EASZ;EAWA,OAAA,CAAA,EAAA,OAAW;EA6BX;AAWjB;;;;;;EAQoC,iBAGhB,CAAA,EAAA,OAAA;;AAEsB;AAGzB,UAvJA,aAAA,CAuJS;EAAA;;;;EAGX,KACA,CAAA,EAAA,MAAA;EAAM;;;;EA+BoB,OAmBpB,CAAA,EAAA,MAAA;;;AA8BC,KA7NV,kBAAA,GA6NU,UAAA,GAAA,OAAA,GAAA,UAAA;;KA1NV,qBAAA,WACL,gCAAgC;UAGtB,YAAA;;;;;;;;;;;;;;;;;;;;;;;;eAwBJ,wBAAwB;;;UAIpB,YAAA,SAAqB;;;;eAIxB;;KAGF,OAAA;UAEK,eAAA;;;;;;;;;;;;;;;;UAiBA,YAAA;;;;;;;;UASA,aAAA;;;;;;;;;;UAWA,WAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;UA6BA,qBAAA;;;;;;;;;;UAWA,eAAA;;;qBAGC;qBACA;;;4BAGO;wBACJ;;;qBAGD;;sBAEC;;UAGJ,SAAA;UACR;cACI;UACJ;gBACM;;;cAGF;;;;;;;;;;UAUJ;;;;;;;;iCAQuB;;;;;;;;;;8BAUH;;;;;;;;;;;;;;;;;;;sBAmBR;;YAEV;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA4BD"}

package/dist/{types-DXgiA1sF.d.mts → types-BhkZc-vm.d.cts}

@@ -7,9 +7,81 @@ interface ProviderConfig {
 }
 interface AWSApiGatewayConfig extends ProviderConfig {}
 interface AWSLambdaConfig extends ProviderConfig {}
+interface ProductionConfig {
+  /** Enable production mode (default: false) */
+  enabled?: boolean;
+  /** Bundle server into single file (default: true) */
+  bundle?: boolean;
+  /** Minify bundled output (default: true) */
+  minify?: boolean;
+  /** Health check endpoint path (default: '/health') */
+  healthCheck?: string;
+  /** Enable graceful shutdown handling (default: true) */
+  gracefulShutdown?: boolean;
+  /** Packages to exclude from bundling (default: []) */
+  external?: string[];
+  /** Include subscribers in production build (default: 'exclude' for serverless) */
+  subscribers?: 'include' | 'exclude';
+  /** Include OpenAPI spec in production (default: false) */
+  openapi?: boolean;
+  /**
+   * Enable build-time optimized handler generation (default: true)
+   * Generates specialized handlers based on endpoint tier:
+   * - minimal: Near-raw-Hono performance for simple endpoints
+   * - standard: Optimized handlers for auth/services
+   * - full: Uses HonoEndpoint.addRoutes for complex endpoints
+   */
+  optimizedHandlers?: boolean;
+}
+/** Service-specific configuration for docker-compose */
+interface ServiceConfig {
+  /**
+   * Full Docker image reference (e.g., 'postgis/postgis:16-3.4-alpine').
+   * When specified, overrides the default image entirely.
+   */
+  image?: string;
+  /**
+   * Docker image version/tag (e.g., '15-alpine' for postgres).
+   * Only used when `image` is not specified.
+   */
+  version?: string;
+}
+/** Supported docker-compose service names */
+type ComposeServiceName = 'postgres' | 'redis' | 'rabbitmq';
+/** Services configuration - can be boolean (use defaults) or object with version */
+type ComposeServicesConfig = { [K in ComposeServiceName]?: boolean | ServiceConfig };
+interface DockerConfig {
+  /** Container registry URL (e.g., 'ghcr.io/myorg') */
+  registry?: string;
+  /** Docker image name (default: derived from package.json name) */
+  imageName?: string;
+  /** Base Docker image (default: 'node:22-alpine') */
+  baseImage?: string;
+  /** Container port (default: 3000) */
+  port?: number;
+  /** docker-compose services to include */
+  compose?: {
+    /**
+     * Services to include in docker-compose.
+     * Can be an object with service configs or an array of service names (legacy).
+     *
+     * @example Object format (recommended)
+     * services: {
+     *   postgres: { version: '15-alpine' },
+     *   redis: true,  // use default version
+     * }
+     *
+     * @example Array format (legacy, uses default versions)
+     * services: ['postgres', 'redis']
+     */
+    services?: ComposeServicesConfig | ComposeServiceName[];
+  };
+}
 interface ServerConfig extends ProviderConfig {
   enableOpenApi?: boolean;
   port?: number;
+  /** Production build configuration */
+  production?: ProductionConfig;
 }
 type Runtime = 'node' | 'bun';
 interface TelescopeConfig {
@@ -73,6 +145,17 @@ interface HooksConfig {
    */
   server?: string;
 }
+/** Dokploy deployment configuration */
+interface DokployProviderConfig {
+  /** Dokploy API endpoint (e.g., 'https://dokploy.example.com') */
+  endpoint: string;
+  /** Project ID in Dokploy */
+  projectId: string;
+  /** Application ID in Dokploy */
+  applicationId: string;
+  /** Container registry (overrides docker.registry if set) */
+  registry?: string;
+}
 interface ProvidersConfig {
   aws?: {
     apiGateway?: {
@@ -85,6 +168,8 @@ interface ProvidersConfig {
     };
   };
   server?: boolean | ServerConfig;
+  /** Dokploy deployment configuration */
+  dokploy?: boolean | DokployProviderConfig;
 }
 interface GkmConfig {
   routes: Routes;
@@ -157,7 +242,21 @@ interface GkmConfig {
    * env: ['.env', '.env.local']
    */
   env?: string | string[];
+  /**
+   * Docker deployment configuration.
+   * Used by `gkm docker` and `gkm prepack` commands.
+   *
+   * @example
+   * docker: {
+   *   registry: 'ghcr.io/myorg',
+   *   imageName: 'my-api',
+   *   compose: {
+   *     services: ['postgres', 'redis']
+   *   }
+   * }
+   */
+  docker?: DockerConfig;
 }
 //#endregion
 export { GkmConfig, OpenApiConfig };
-//# sourceMappingURL=types-DXgiA1sF.d.mts.map
+//# sourceMappingURL=types-BhkZc-vm.d.cts.map

package/dist/types-BhkZc-vm.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types-BhkZc-vm.d.cts","names":[],"sources":["../src/types.ts"],"sourcesContent":[],"mappings":";;AASiB,KAFL,MAAA,GAEmB,MAAA,GAAA,MAAA,EAAA;AAKd,UALA,cAAA,CAKoB;EAIpB,OAAA,CAAA,EAAA,OAAA;EAIA,SAAA,CAAA,EAAA,MAAA;AA4BjB;AAcY,UAlDK,mBAAA,SAA4B,cAkDf,CAAA,CAG9B;AAAiC,UAjDhB,eAAA,SAAwB,cAiDR,CAAA;AACM,UA9CtB,gBAAA,CA8CsB;EAAa;EAGnC,OAAA,CAAA,EAAA,OAAY;EAAA;EAAA,MAwBhB,CAAA,EAAA,OAAA;EAAqB;EAAqB,MAAA,CAAA,EAAA,OAAA;EAItC;EAAa,WAAA,CAAA,EAAA,MAAA;EAAA;EAIA,gBAJQ,CAAA,EAAA,OAAA;EAAc;EAOxC,QAAA,CAAA,EAAO,MAAA,EAAA;EAEF;EAiBA,WAAA,CAAA,EAAA,SAAY,GAAA,SAAA;EASZ;EAWA,OAAA,CAAA,EAAA,OAAW;EA6BX;AAWjB;;;;;;EAQoC,iBAGhB,CAAA,EAAA,OAAA;;AAEsB;AAGzB,UAvJA,aAAA,CAuJS;EAAA;;;;EAGX,KACA,CAAA,EAAA,MAAA;EAAM;;;;EA+BoB,OAmBpB,CAAA,EAAA,MAAA;;;AA8BC,KA7NV,kBAAA,GA6NU,UAAA,GAAA,OAAA,GAAA,UAAA;;KA1NV,qBAAA,WACL,gCAAgC;UAGtB,YAAA;;;;;;;;;;;;;;;;;;;;;;;;eAwBJ,wBAAwB;;;UAIpB,YAAA,SAAqB;;;;eAIxB;;KAGF,OAAA;UAEK,eAAA;;;;;;;;;;;;;;;;UAiBA,YAAA;;;;;;;;UASA,aAAA;;;;;;;;;;UAWA,WAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;UA6BA,qBAAA;;;;;;;;;;UAWA,eAAA;;;qBAGC;qBACA;;;4BAGO;wBACJ;;;qBAGD;;sBAEC;;UAGJ,SAAA;UACR;cACI;UACJ;gBACM;;;cAGF;;;;;;;;;;UAUJ;;;;;;;;iCAQuB;;;;;;;;;;8BAUH;;;;;;;;;;;;;;;;;;;sBAmBR;;YAEV;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA4BD"}

package/examples/cron-example.ts

@@ -4,42 +4,42 @@ import { cron } from '@geekmidas/constructs/crons';
  * Example cron that generates a daily report at 9 AM UTC
  */
 export const dailyReport = cron
-  .schedule('cron(0 9 * * ? *)')
-  .timeout(600000) // 10 minutes
-  .handle(async ({ services, logger }) => {
-    logger.info('Generating daily report');
+	.schedule('cron(0 9 * * ? *)')
+	.timeout(600000) // 10 minutes
+	.handle(async ({ services, logger }) => {
+		logger.info('Generating daily report');
 
-    const reportDate = new Date().toISOString().split('T')[0];
+		const reportDate = new Date().toISOString().split('T')[0];
 
-    // Generate report logic here
-    const reportData = {
-      date: reportDate,
-      totalOrders: 150,
-      totalRevenue: 12500.0,
-      topProducts: [
-        { id: 'prod-1', name: 'Widget A', sales: 45 },
-        { id: 'prod-2', name: 'Widget B', sales: 32 },
-      ],
-    };
+		// Generate report logic here
+		const reportData = {
+			date: reportDate,
+			totalOrders: 150,
+			totalRevenue: 12500.0,
+			topProducts: [
+				{ id: 'prod-1', name: 'Widget A', sales: 45 },
+				{ id: 'prod-2', name: 'Widget B', sales: 32 },
+			],
+		};
 
-    logger.info('Daily report generated', reportData);
+		logger.info('Daily report generated', reportData);
 
-    return reportData;
-  });
+		return reportData;
+	});
 
 /**
  * Example cron that runs every hour
  */
 export const hourlyCleanup = cron
-  .schedule('rate(1 hour)')
-  .timeout(300000) // 5 minutes
-  .handle(async ({ services, logger }) => {
-    logger.info('Running hourly cleanup');
+	.schedule('rate(1 hour)')
+	.timeout(300000) // 5 minutes
+	.handle(async ({ services, logger }) => {
+		logger.info('Running hourly cleanup');
 
-    // Cleanup logic here
-    const itemsCleaned = 42;
+		// Cleanup logic here
+		const itemsCleaned = 42;
 
-    logger.info(`Cleaned ${itemsCleaned} items`);
+		logger.info(`Cleaned ${itemsCleaned} items`);
 
-    return { itemsCleaned };
-  });
+		return { itemsCleaned };
+	});