@intentic/cli 1.32.2 → 1.38.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (189) hide show
  1. package/dist/add-app/add-app.command.d.ts +3 -0
  2. package/dist/add-app/add-app.command.d.ts.map +1 -0
  3. package/dist/add-app/add-app.command.js +20 -0
  4. package/dist/add-app/add-app.command.js.map +1 -0
  5. package/dist/add-app/add-app.d.ts +4 -0
  6. package/dist/add-app/add-app.d.ts.map +1 -0
  7. package/dist/add-app/add-app.js +13 -0
  8. package/dist/add-app/add-app.js.map +1 -0
  9. package/dist/adopt/adopt.command.d.ts +3 -0
  10. package/dist/adopt/adopt.command.d.ts.map +1 -0
  11. package/dist/adopt/adopt.command.js +82 -0
  12. package/dist/adopt/adopt.command.js.map +1 -0
  13. package/dist/adopt/adopt.d.ts.map +1 -0
  14. package/dist/adopt/adopt.js.map +1 -0
  15. package/dist/app.d.ts +1 -2
  16. package/dist/app.d.ts.map +1 -1
  17. package/dist/app.js +26 -441
  18. package/dist/app.js.map +1 -1
  19. package/dist/apply/access.d.ts.map +1 -0
  20. package/dist/{access.js → apply/access.js} +7 -21
  21. package/dist/apply/access.js.map +1 -0
  22. package/dist/apply/apply-lock.d.ts.map +1 -0
  23. package/dist/apply/apply-lock.js.map +1 -0
  24. package/dist/apply/apply.command.d.ts +3 -0
  25. package/dist/apply/apply.command.d.ts.map +1 -0
  26. package/dist/apply/apply.command.js +142 -0
  27. package/dist/apply/apply.command.js.map +1 -0
  28. package/dist/apply/migrate.d.ts.map +1 -0
  29. package/dist/apply/migrate.js.map +1 -0
  30. package/dist/demo.js +14 -42
  31. package/dist/demo.js.map +1 -1
  32. package/dist/deployments/deployments.command.d.ts +3 -0
  33. package/dist/deployments/deployments.command.d.ts.map +1 -0
  34. package/dist/deployments/deployments.command.js +18 -0
  35. package/dist/deployments/deployments.command.js.map +1 -0
  36. package/dist/deployments/deployments.d.ts.map +1 -0
  37. package/dist/{deployments.js → deployments/deployments.js} +32 -32
  38. package/dist/deployments/deployments.js.map +1 -0
  39. package/dist/env.config.d.ts +23 -0
  40. package/dist/env.config.d.ts.map +1 -0
  41. package/dist/env.config.js +27 -0
  42. package/dist/env.config.js.map +1 -0
  43. package/dist/host-ssh-tunnel/host-ssh-tunnel.command.d.ts +3 -0
  44. package/dist/host-ssh-tunnel/host-ssh-tunnel.command.d.ts.map +1 -0
  45. package/dist/host-ssh-tunnel/host-ssh-tunnel.command.js +35 -0
  46. package/dist/host-ssh-tunnel/host-ssh-tunnel.command.js.map +1 -0
  47. package/dist/host-ssh-tunnel/host-ssh-tunnel.d.ts +13 -0
  48. package/dist/host-ssh-tunnel/host-ssh-tunnel.d.ts.map +1 -0
  49. package/dist/host-ssh-tunnel/host-ssh-tunnel.js +21 -0
  50. package/dist/host-ssh-tunnel/host-ssh-tunnel.js.map +1 -0
  51. package/dist/index.d.ts +3 -3
  52. package/dist/index.d.ts.map +1 -1
  53. package/dist/index.js +3 -3
  54. package/dist/index.js.map +1 -1
  55. package/dist/init/init.command.d.ts +3 -0
  56. package/dist/init/init.command.d.ts.map +1 -0
  57. package/dist/init/init.command.js +45 -0
  58. package/dist/init/init.command.js.map +1 -0
  59. package/dist/{init.d.ts → init/init.d.ts} +2 -2
  60. package/dist/init/init.d.ts.map +1 -0
  61. package/dist/init/init.js +39 -0
  62. package/dist/init/init.js.map +1 -0
  63. package/dist/init/scaffold-app.d.ts +2 -0
  64. package/dist/init/scaffold-app.d.ts.map +1 -0
  65. package/dist/init/scaffold-app.js +27 -0
  66. package/dist/init/scaffold-app.js.map +1 -0
  67. package/dist/lib/artifact.d.ts.map +1 -0
  68. package/dist/lib/artifact.js.map +1 -0
  69. package/dist/lib/cf-tunnel.d.ts +11 -0
  70. package/dist/lib/cf-tunnel.d.ts.map +1 -0
  71. package/dist/lib/cf-tunnel.js +30 -0
  72. package/dist/lib/cf-tunnel.js.map +1 -0
  73. package/dist/lib/known-hosts.d.ts.map +1 -0
  74. package/dist/lib/known-hosts.js.map +1 -0
  75. package/dist/{output.d.ts → lib/output.d.ts} +0 -1
  76. package/dist/lib/output.d.ts.map +1 -0
  77. package/dist/{output.js → lib/output.js} +0 -4
  78. package/dist/lib/output.js.map +1 -0
  79. package/dist/lib/templates.d.ts +2 -0
  80. package/dist/lib/templates.d.ts.map +1 -0
  81. package/dist/lib/templates.js +6 -0
  82. package/dist/lib/templates.js.map +1 -0
  83. package/dist/lib/version.d.ts +2 -0
  84. package/dist/lib/version.d.ts.map +1 -0
  85. package/dist/lib/version.js +3 -0
  86. package/dist/lib/version.js.map +1 -0
  87. package/dist/pipelines/adopt-pipelines.d.ts.map +1 -0
  88. package/dist/pipelines/adopt-pipelines.js +59 -0
  89. package/dist/pipelines/adopt-pipelines.js.map +1 -0
  90. package/dist/pipelines/control-plane-sync.d.ts.map +1 -0
  91. package/dist/{control-plane-sync.js → pipelines/control-plane-sync.js} +2 -2
  92. package/dist/pipelines/control-plane-sync.js.map +1 -0
  93. package/dist/plan/plan.command.d.ts +3 -0
  94. package/dist/plan/plan.command.d.ts.map +1 -0
  95. package/dist/plan/plan.command.js +32 -0
  96. package/dist/plan/plan.command.js.map +1 -0
  97. package/dist/resolve/resolve.command.d.ts +3 -0
  98. package/dist/resolve/resolve.command.d.ts.map +1 -0
  99. package/dist/resolve/resolve.command.js +75 -0
  100. package/dist/resolve/resolve.command.js.map +1 -0
  101. package/dist/resolve/resolve.d.ts.map +1 -0
  102. package/dist/{resolve.js → resolve/resolve.js} +1 -1
  103. package/dist/resolve/resolve.js.map +1 -0
  104. package/dist/restore/restore.command.d.ts +3 -0
  105. package/dist/restore/restore.command.d.ts.map +1 -0
  106. package/dist/restore/restore.command.js +67 -0
  107. package/dist/restore/restore.command.js.map +1 -0
  108. package/dist/sandbox-tunnel/sandbox-tunnel.command.d.ts +3 -0
  109. package/dist/sandbox-tunnel/sandbox-tunnel.command.d.ts.map +1 -0
  110. package/dist/sandbox-tunnel/sandbox-tunnel.command.js +48 -0
  111. package/dist/sandbox-tunnel/sandbox-tunnel.command.js.map +1 -0
  112. package/dist/sandbox-tunnel/sandbox-tunnel.d.ts.map +1 -0
  113. package/dist/sandbox-tunnel/sandbox-tunnel.js +27 -0
  114. package/dist/sandbox-tunnel/sandbox-tunnel.js.map +1 -0
  115. package/dist/secrets/generated-secrets.d.ts.map +1 -0
  116. package/dist/{generated-secrets.js → secrets/generated-secrets.js} +1 -1
  117. package/dist/secrets/generated-secrets.js.map +1 -0
  118. package/dist/{secret-store.d.ts → secrets/secret-store.d.ts} +3 -1
  119. package/dist/secrets/secret-store.d.ts.map +1 -0
  120. package/dist/{secret-store.js → secrets/secret-store.js} +15 -1
  121. package/dist/secrets/secret-store.js.map +1 -0
  122. package/dist/secrets/secrets.d.ts.map +1 -0
  123. package/dist/{secrets.js → secrets/secrets.js} +2 -6
  124. package/dist/secrets/secrets.js.map +1 -0
  125. package/package.json +14 -8
  126. package/templates/access.md.eta +21 -0
  127. package/templates/demo/Dockerfile.eta +5 -0
  128. package/templates/demo/deploy.config.ts.eta +23 -0
  129. package/templates/demo/env.eta +2 -0
  130. package/templates/env-example.eta +6 -0
  131. package/templates/scaffold/Dockerfile.eta +7 -0
  132. package/templates/scaffold/deploy.config.selfhost.ts.eta +18 -0
  133. package/templates/scaffold/deploy.config.ts.eta +22 -0
  134. package/templates/scaffold/server.js.eta +9 -0
  135. package/templates/workflows/apply.yaml.eta +28 -0
  136. package/templates/workflows/resolve.yaml.eta +26 -0
  137. package/dist/access.d.ts.map +0 -1
  138. package/dist/access.js.map +0 -1
  139. package/dist/adopt-pipelines.d.ts.map +0 -1
  140. package/dist/adopt-pipelines.js +0 -97
  141. package/dist/adopt-pipelines.js.map +0 -1
  142. package/dist/adopt.d.ts.map +0 -1
  143. package/dist/adopt.js.map +0 -1
  144. package/dist/apply-lock.d.ts.map +0 -1
  145. package/dist/apply-lock.js.map +0 -1
  146. package/dist/artifact.d.ts.map +0 -1
  147. package/dist/artifact.js.map +0 -1
  148. package/dist/control-plane-sync.d.ts.map +0 -1
  149. package/dist/control-plane-sync.js.map +0 -1
  150. package/dist/deployments.d.ts.map +0 -1
  151. package/dist/deployments.js.map +0 -1
  152. package/dist/generated-secrets.d.ts.map +0 -1
  153. package/dist/generated-secrets.js.map +0 -1
  154. package/dist/init.d.ts.map +0 -1
  155. package/dist/init.js +0 -122
  156. package/dist/init.js.map +0 -1
  157. package/dist/known-hosts.d.ts.map +0 -1
  158. package/dist/known-hosts.js.map +0 -1
  159. package/dist/migrate.d.ts.map +0 -1
  160. package/dist/migrate.js.map +0 -1
  161. package/dist/output.d.ts.map +0 -1
  162. package/dist/output.js.map +0 -1
  163. package/dist/resolve.d.ts.map +0 -1
  164. package/dist/resolve.js.map +0 -1
  165. package/dist/sandbox-tunnel.d.ts.map +0 -1
  166. package/dist/sandbox-tunnel.js +0 -56
  167. package/dist/sandbox-tunnel.js.map +0 -1
  168. package/dist/secret-store.d.ts.map +0 -1
  169. package/dist/secret-store.js.map +0 -1
  170. package/dist/secrets.d.ts.map +0 -1
  171. package/dist/secrets.js.map +0 -1
  172. /package/dist/{adopt.d.ts → adopt/adopt.d.ts} +0 -0
  173. /package/dist/{adopt.js → adopt/adopt.js} +0 -0
  174. /package/dist/{access.d.ts → apply/access.d.ts} +0 -0
  175. /package/dist/{apply-lock.d.ts → apply/apply-lock.d.ts} +0 -0
  176. /package/dist/{apply-lock.js → apply/apply-lock.js} +0 -0
  177. /package/dist/{migrate.d.ts → apply/migrate.d.ts} +0 -0
  178. /package/dist/{migrate.js → apply/migrate.js} +0 -0
  179. /package/dist/{deployments.d.ts → deployments/deployments.d.ts} +0 -0
  180. /package/dist/{artifact.d.ts → lib/artifact.d.ts} +0 -0
  181. /package/dist/{artifact.js → lib/artifact.js} +0 -0
  182. /package/dist/{known-hosts.d.ts → lib/known-hosts.d.ts} +0 -0
  183. /package/dist/{known-hosts.js → lib/known-hosts.js} +0 -0
  184. /package/dist/{adopt-pipelines.d.ts → pipelines/adopt-pipelines.d.ts} +0 -0
  185. /package/dist/{control-plane-sync.d.ts → pipelines/control-plane-sync.d.ts} +0 -0
  186. /package/dist/{resolve.d.ts → resolve/resolve.d.ts} +0 -0
  187. /package/dist/{sandbox-tunnel.d.ts → sandbox-tunnel/sandbox-tunnel.d.ts} +0 -0
  188. /package/dist/{generated-secrets.d.ts → secrets/generated-secrets.d.ts} +0 -0
  189. /package/dist/{secrets.d.ts → secrets/secrets.d.ts} +0 -0
@@ -2,7 +2,7 @@ import { resolve } from "node:path";
2
2
  import { pathToFileURL } from "node:url";
3
3
  import { cloudflareApi } from "@intentic/providers";
4
4
  import { collectDomains, selectZone } from "@intentic/state-resolver";
5
- import { loadEnvFile } from "./artifact.js";
5
+ import { loadEnvFile } from "../lib/artifact.js";
6
6
  export const loadIntent = async (configPath) => {
7
7
  const loaded = (await import(pathToFileURL(resolve(configPath)).href));
8
8
  if (loaded.intent === undefined) {
@@ -0,0 +1 @@
1
+ {"version":3,"file":"resolve.js","sourceRoot":"","sources":["../../src/resolve/resolve.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAKjD,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,EAAE,UAAkB,EAAsB,EAAE;IACvE,MAAM,MAAM,GAAG,CAAC,MAAM,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAA2B,CAAC;IACjG,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,GAAG,UAAU,2CAA2C,CAAC,CAAC;IAC9E,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC;AACzB,CAAC,CAAC;AAMF,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAAE,MAAiB,EAAE,GAAW,EAA+B,EAAE;IAC9F,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IACrC,IAAI,UAAU,KAAK,SAAS,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;QACzF,OAAO,SAAS,CAAC;IACrB,CAAC;IACD,WAAW,CAAC,GAAG,CAAC,CAAC;IACjB,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC;IACxC,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,2DAA2D,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;IAChG,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACxC,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,EAAE,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,OAAO,KAAK,CAAC,GAAG,8FAA8F,CAAC,CAAC;IACpI,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC1D,OAAO,UAAU,CACb,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAC9B,cAAc,CAAC,MAAM,CAAC,CACzB,CAAC;AACN,CAAC,CAAC"}
@@ -0,0 +1,3 @@
1
+ import { type CommandContext } from "@stricli/core";
2
+ export declare const restore: import("@stricli/core").Command<CommandContext>;
3
+ //# sourceMappingURL=restore.command.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"restore.command.d.ts","sourceRoot":"","sources":["../../src/restore/restore.command.ts"],"names":[],"mappings":"AAGA,OAAO,EAAgB,KAAK,cAAc,EAAE,MAAM,eAAe,CAAC;AAelE,eAAO,MAAM,OAAO,iDA0DlB,CAAC"}
@@ -0,0 +1,67 @@
1
+ import { dirname } from "node:path";
2
+ import { createStore, resolveInputs } from "@intentic/engine";
3
+ import { createSshExecutor, hostTarget, restoreBackup } from "@intentic/providers";
4
+ import { buildCommand } from "@stricli/core";
5
+ import { loadConfig } from "../env.config.js";
6
+ import { ARTIFACT_PATH, loadEnvFile, readArtifact } from "../lib/artifact.js";
7
+ import { createKnownHostsStore } from "../lib/known-hosts.js";
8
+ import { createOutput } from "../lib/output.js";
9
+ import { ensureGeneratedSecrets } from "../secrets/generated-secrets.js";
10
+ import { generatedSecretStore } from "../secrets/secret-store.js";
11
+ import { collectSecrets } from "../secrets/secrets.js";
12
+ export const restore = buildCommand({
13
+ docs: { brief: "Restore Forgejo/Komodo from a restic backup snapshot, then re-apply (one-shot recovery)" },
14
+ parameters: {
15
+ flags: {
16
+ artifact: { kind: "parsed", parse: String, optional: true, brief: `Path to the artifact (default: ${ARTIFACT_PATH})` },
17
+ snapshot: { kind: "parsed", parse: String, optional: true, brief: "restic snapshot id to restore (default: latest)" },
18
+ only: { kind: "parsed", parse: String, optional: true, brief: "Which to restore: forgejo | komodo | all (default: all)" },
19
+ },
20
+ },
21
+ async func(flags) {
22
+ const out = createOutput(this.process.stdout, loadConfig().intenticOutput);
23
+ const artifact = flags.artifact ?? ARTIFACT_PATH;
24
+ const dir = dirname(artifact);
25
+ loadEnvFile(dir);
26
+ const graph = await readArtifact(artifact);
27
+ const ssh = createSshExecutor(createKnownHostsStore(dir));
28
+ await ensureGeneratedSecrets(generatedSecretStore(graph, dir, ssh, false, out.log), collectSecrets(graph).generated, process.env);
29
+ const backupNode = Object.values(graph.resources).find((node) => node.type === "backup");
30
+ if (backupNode === undefined) {
31
+ throw new Error("no backup resource in the artifact — declare one with i.have.backup and apply it first");
32
+ }
33
+ const scope = flags.only ?? "all";
34
+ if (scope !== "forgejo" && scope !== "komodo" && scope !== "all") {
35
+ throw new Error(`--only must be one of forgejo|komodo|all, got "${scope}"`);
36
+ }
37
+ const resolved = resolveInputs(backupNode.inputs, createStore(), process.env, { lenient: false });
38
+ const repo = resolved["repo"];
39
+ const password = resolved["password"];
40
+ const image = resolved["image"];
41
+ if (typeof repo !== "string" || typeof password !== "string" || typeof image !== "string") {
42
+ throw new Error("backup resource is missing its repo/password/image inputs");
43
+ }
44
+ const credsRaw = resolved["credentials"];
45
+ const credentials = {};
46
+ if (typeof credsRaw === "object" && credsRaw !== null) {
47
+ for (const [key, value] of Object.entries(credsRaw)) {
48
+ if (typeof value === "string") {
49
+ credentials[key] = value;
50
+ }
51
+ }
52
+ }
53
+ await restoreBackup({
54
+ target: hostTarget(resolved),
55
+ image,
56
+ repo,
57
+ password,
58
+ credentials,
59
+ snapshot: flags.snapshot ?? "latest",
60
+ scope: scope,
61
+ log: out.log,
62
+ executor: ssh,
63
+ });
64
+ out.result({ snapshot: flags.snapshot ?? "latest", scope });
65
+ },
66
+ });
67
+ //# sourceMappingURL=restore.command.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"restore.command.js","sourceRoot":"","sources":["../../src/restore/restore.command.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAqB,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACtG,OAAO,EAAE,YAAY,EAAuB,MAAM,eAAe,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAC9E,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAQvD,MAAM,CAAC,MAAM,OAAO,GAAG,YAAY,CAAe;IAC9C,IAAI,EAAE,EAAE,KAAK,EAAE,yFAAyF,EAAE;IAC1G,UAAU,EAAE;QACR,KAAK,EAAE;YACH,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,kCAAkC,aAAa,GAAG,EAAE;YACtH,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,iDAAiD,EAAE;YACrH,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,yDAAyD,EAAE;SAC5H;KACJ;IACD,KAAK,CAAC,IAAI,CAAuB,KAAmB;QAChD,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC,cAAc,CAAC,CAAC;QAC3E,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,aAAa,CAAC;QACjD,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC9B,WAAW,CAAC,GAAG,CAAC,CAAC;QACjB,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;QAG3C,MAAM,GAAG,GAAG,iBAAiB,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1D,MAAM,sBAAsB,CAAC,oBAAoB,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QAClI,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;QACzF,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,wFAAwF,CAAC,CAAC;QAC9G,CAAC;QACD,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC;QAClC,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,kDAAkD,KAAK,GAAG,CAAC,CAAC;QAChF,CAAC;QAGD,MAAM,QAAQ,GAAG,aAAa,CAAC,UAAU,CAAC,MAAM,EAAE,WAAW,EAAE,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QAClG,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC9B,MAAM,QAAQ,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxF,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;QACjF,CAAC;QACD,MAAM,QAAQ,GAAG,QAAQ,CAAC,aAAa,CAAC,CAAC;QACzC,MAAM,WAAW,GAA2B,EAAE,CAAC;QAC/C,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACpD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;oBAC5B,WAAW,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;gBAC7B,CAAC;YACL,CAAC;QACL,CAAC;QACD,MAAM,aAAa,CAAC;YAChB,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC;YAC5B,KAAK;YACL,IAAI;YACJ,QAAQ;YACR,WAAW;YACX,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,QAAQ;YACpC,KAAK,EAAE,KAAqB;YAC5B,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,QAAQ,EAAE,GAAG;SAChB,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;IAChE,CAAC;CACJ,CAAC,CAAC"}
@@ -0,0 +1,3 @@
1
+ import { type CommandContext } from "@stricli/core";
2
+ export declare const sandboxTunnel: import("@stricli/core").Command<CommandContext>;
3
+ //# sourceMappingURL=sandbox-tunnel.command.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"sandbox-tunnel.command.d.ts","sourceRoot":"","sources":["../../src/sandbox-tunnel/sandbox-tunnel.command.ts"],"names":[],"mappings":"AAAA,OAAO,EAAgB,KAAK,cAAc,EAAE,MAAM,eAAe,CAAC;AAQlE,eAAO,MAAM,aAAa,iDA4CxB,CAAC"}
@@ -0,0 +1,48 @@
1
+ import { buildCommand } from "@stricli/core";
2
+ import { loadConfig } from "../env.config.js";
3
+ import { createSandboxTunnel } from "./sandbox-tunnel.js";
4
+ export const sandboxTunnel = buildCommand({
5
+ docs: { brief: "Create/refresh the per-sandbox Cloudflare tunnel + DNS and print its connector token (used by connect.sh)" },
6
+ parameters: {
7
+ flags: {
8
+ service: {
9
+ kind: "parsed",
10
+ parse: String,
11
+ brief: "Internal service URL the tunnel routes to (e.g. http://intentic-sandbox-workspace:8787)",
12
+ },
13
+ previewService: {
14
+ kind: "parsed",
15
+ parse: String,
16
+ optional: true,
17
+ brief: "Dev-server URL to route the *.preview.<zone> wildcard to (e.g. http://intentic-sandbox-workspace:5173)",
18
+ },
19
+ zone: {
20
+ kind: "parsed",
21
+ parse: String,
22
+ optional: true,
23
+ brief: "Cloudflare zone for the DNS record (default: the API token's sole zone, or set ZONE)",
24
+ },
25
+ },
26
+ },
27
+ async func(flags) {
28
+ const config = loadConfig();
29
+ const { cloudflareApiToken: apiToken, connectToken } = config;
30
+ if (apiToken === "") {
31
+ throw new Error("set CLOUDFLARE_API_TOKEN");
32
+ }
33
+ if (connectToken === "") {
34
+ throw new Error("set CONNECT_TOKEN (the per-sandbox connection token)");
35
+ }
36
+ const zone = flags.zone ?? (config.zone !== "" ? config.zone : undefined);
37
+ const { token, hostname } = await createSandboxTunnel({
38
+ apiToken,
39
+ connectToken,
40
+ service: flags.service,
41
+ ...(flags.previewService !== undefined && flags.previewService !== "" ? { previewService: flags.previewService } : {}),
42
+ ...(zone !== undefined && zone !== "" ? { zone } : {}),
43
+ log: (message) => this.process.stderr.write(`${message}\n`),
44
+ });
45
+ this.process.stdout.write(`TUNNEL_TOKEN=${token}\nSANDBOX_HOSTNAME=${hostname}\n`);
46
+ },
47
+ });
48
+ //# sourceMappingURL=sandbox-tunnel.command.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"sandbox-tunnel.command.js","sourceRoot":"","sources":["../../src/sandbox-tunnel/sandbox-tunnel.command.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAuB,MAAM,eAAe,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAM1D,MAAM,CAAC,MAAM,aAAa,GAAG,YAAY,CAA8D;IACnG,IAAI,EAAE,EAAE,KAAK,EAAE,2GAA2G,EAAE;IAC5H,UAAU,EAAE;QACR,KAAK,EAAE;YACH,OAAO,EAAE;gBACL,IAAI,EAAE,QAAQ;gBACd,KAAK,EAAE,MAAM;gBACb,KAAK,EAAE,yFAAyF;aACnG;YACD,cAAc,EAAE;gBACZ,IAAI,EAAE,QAAQ;gBACd,KAAK,EAAE,MAAM;gBACb,QAAQ,EAAE,IAAI;gBACd,KAAK,EAAE,wGAAwG;aAClH;YACD,IAAI,EAAE;gBACF,IAAI,EAAE,QAAQ;gBACd,KAAK,EAAE,MAAM;gBACb,QAAQ,EAAE,IAAI;gBACd,KAAK,EAAE,sFAAsF;aAChG;SACJ;KACJ;IACD,KAAK,CAAC,IAAI,CAAuB,KAAkE;QAC/F,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,MAAM,EAAE,kBAAkB,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;QAC9D,IAAI,QAAQ,KAAK,EAAE,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAChD,CAAC;QACD,IAAI,YAAY,KAAK,EAAE,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC5E,CAAC;QACD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC1E,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,MAAM,mBAAmB,CAAC;YAClD,QAAQ;YACR,YAAY;YACZ,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,GAAG,CAAC,KAAK,CAAC,cAAc,KAAK,SAAS,IAAI,KAAK,CAAC,cAAc,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,KAAK,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtH,GAAG,CAAC,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,OAAO,IAAI,CAAC;SAC9D,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,KAAK,sBAAsB,QAAQ,IAAI,CAAC,CAAC;IACvF,CAAC;CACJ,CAAC,CAAC"}
@@ -0,0 +1 @@
1
+ {"version":3,"file":"sandbox-tunnel.d.ts","sourceRoot":"","sources":["../../src/sandbox-tunnel/sandbox-tunnel.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,aAAa,EAAiB,MAAM,qBAAqB,CAAC;AAGxE,MAAM,WAAW,mBAAmB;IAChC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC7B;AAMD,eAAO,MAAM,mBAAmB,GAAU,MAAM;IAC5C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IAEzB,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACxC,QAAQ,CAAC,GAAG,CAAC,EAAE,aAAa,CAAC;CAChC,KAAG,OAAO,CAAC,mBAAmB,CAsB9B,CAAC"}
@@ -0,0 +1,27 @@
1
+ import { createHash } from "node:crypto";
2
+ import { cloudflareApi } from "@intentic/providers";
3
+ import { CATCH_ALL, resolveZone, upsertCname } from "../lib/cf-tunnel.js";
4
+ export const createSandboxTunnel = async (args) => {
5
+ const { apiToken, connectToken, service, previewService, log } = args;
6
+ const api = args.api ?? cloudflareApi;
7
+ const zone = await resolveZone(api, apiToken, args.zone);
8
+ const id = createHash("sha256").update(connectToken).digest("hex").slice(0, 12);
9
+ const name = `sandbox-${id}`;
10
+ const hostname = `${name}.${zone.name}`;
11
+ const previewHostname = `*.preview.${zone.name}`;
12
+ const withPreview = previewService !== undefined && previewService !== "";
13
+ log(`resolving tunnel "${name}" on zone "${zone.name}"…`);
14
+ const existing = await api.findTunnel({ accountId: zone.accountId, apiToken, name });
15
+ const tunnel = existing ?? (await api.createTunnel({ accountId: zone.accountId, apiToken, name }));
16
+ const token = await api.getTunnelToken({ accountId: zone.accountId, apiToken, tunnelId: tunnel.id });
17
+ const ingress = [{ hostname, service }, ...(withPreview ? [{ hostname: previewHostname, service: previewService }] : []), CATCH_ALL];
18
+ await api.putTunnelIngress({ accountId: zone.accountId, apiToken, tunnelId: tunnel.id, ingress });
19
+ const cname = `${tunnel.id}.cfargotunnel.com`;
20
+ await upsertCname(api, apiToken, zone.id, hostname, cname, "intentic sandbox tunnel");
21
+ if (withPreview) {
22
+ await upsertCname(api, apiToken, zone.id, previewHostname, cname, "intentic sandbox tunnel");
23
+ }
24
+ log(`tunnel "${name}" → ${hostname} ready`);
25
+ return { token, hostname };
26
+ };
27
+ //# sourceMappingURL=sandbox-tunnel.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"sandbox-tunnel.js","sourceRoot":"","sources":["../../src/sandbox-tunnel/sandbox-tunnel.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAsB,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACxE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAW1E,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,EAAE,IASzC,EAAgC,EAAE;IAC/B,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,cAAc,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IACtE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,aAAa,CAAC;IACtC,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IACzD,MAAM,EAAE,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAChF,MAAM,IAAI,GAAG,WAAW,EAAE,EAAE,CAAC;IAC7B,MAAM,QAAQ,GAAG,GAAG,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;IACxC,MAAM,eAAe,GAAG,aAAa,IAAI,CAAC,IAAI,EAAE,CAAC;IACjD,MAAM,WAAW,GAAG,cAAc,KAAK,SAAS,IAAI,cAAc,KAAK,EAAE,CAAC;IAC1E,GAAG,CAAC,qBAAqB,IAAI,cAAc,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC;IAC1D,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IACrF,MAAM,MAAM,GAAG,QAAQ,IAAI,CAAC,MAAM,GAAG,CAAC,YAAY,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACnG,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;IACrG,MAAM,OAAO,GAAG,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,eAAe,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,SAAS,CAAC,CAAC;IACrI,MAAM,GAAG,CAAC,gBAAgB,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;IAClG,MAAM,KAAK,GAAG,GAAG,MAAM,CAAC,EAAE,mBAAmB,CAAC;IAC9C,MAAM,WAAW,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,yBAAyB,CAAC,CAAC;IACtF,IAAI,WAAW,EAAE,CAAC;QACd,MAAM,WAAW,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,yBAAyB,CAAC,CAAC;IACjG,CAAC;IACD,GAAG,CAAC,WAAW,IAAI,OAAO,QAAQ,QAAQ,CAAC,CAAC;IAC5C,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AAC/B,CAAC,CAAC"}
@@ -0,0 +1 @@
1
+ {"version":3,"file":"generated-secrets.d.ts","sourceRoot":"","sources":["../../src/secrets/generated-secrets.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD,KAAK,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;AAcrD,eAAO,MAAM,sBAAsB,GAAU,OAAO,WAAW,EAAE,MAAM,SAAS,MAAM,EAAE,EAAE,KAAK,UAAU,KAAG,OAAO,CAAC,IAAI,CAcvH,CAAC;AAKF,eAAO,MAAM,oBAAoB,GAAU,KAAK,MAAM,KAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAGtF,CAAC"}
@@ -2,7 +2,7 @@ import { randomBytes } from "node:crypto";
2
2
  import { existsSync } from "node:fs";
3
3
  import { readFile } from "node:fs/promises";
4
4
  import { join } from "node:path";
5
- import { SECRETS_FILE } from "./artifact.js";
5
+ import { SECRETS_FILE } from "../lib/artifact.js";
6
6
  const generate = () => randomBytes(16).toString("hex");
7
7
  export const ensureGeneratedSecrets = async (store, keys, env) => {
8
8
  for (const key of keys) {
@@ -0,0 +1 @@
1
+ {"version":3,"file":"generated-secrets.js","sourceRoot":"","sources":["../../src/secrets/generated-secrets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAOlD,MAAM,QAAQ,GAAG,GAAW,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAU/D,MAAM,CAAC,MAAM,sBAAsB,GAAG,KAAK,EAAE,KAAkB,EAAE,IAAuB,EAAE,GAAe,EAAiB,EAAE;IACxH,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACrB,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,SAAS,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC;YAC5C,SAAS;QACb,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACtC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YACzB,GAAG,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC;YACpB,SAAS;QACb,CAAC;QACD,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QACzB,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC5B,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACrB,CAAC;AACL,CAAC,CAAC;AAKF,MAAM,CAAC,MAAM,oBAAoB,GAAG,KAAK,EAAE,GAAW,EAAmC,EAAE;IACvF,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;IACrC,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAE,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAA4B,CAAC,CAAC,CAAC,EAAE,CAAC;AACxG,CAAC,CAAC"}
@@ -1,4 +1,5 @@
1
- import type { SshExecutor, SshTarget } from "@intentic/providers";
1
+ import type { DesiredStateGraph } from "@intentic/graph";
2
+ import { type SshExecutor, type SshTarget } from "@intentic/providers";
2
3
  export interface SecretStore {
3
4
  readonly get: (key: string) => Promise<string | undefined>;
4
5
  readonly set: (key: string, value: string) => Promise<void>;
@@ -9,4 +10,5 @@ export declare const createLayeredSecretStore: (layers: readonly SecretStore[],
9
10
  readonly backfill: boolean;
10
11
  readonly log?: (message: string) => void;
11
12
  }) => SecretStore;
13
+ export declare const generatedSecretStore: (graph: DesiredStateGraph, dir: string, ssh: SshExecutor, backfill: boolean, log: (message: string) => void) => SecretStore;
12
14
  //# sourceMappingURL=secret-store.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"secret-store.d.ts","sourceRoot":"","sources":["../../src/secrets/secret-store.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAc,KAAK,WAAW,EAAE,KAAK,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAOnF,MAAM,WAAW,WAAW;IACxB,QAAQ,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;IAC3D,QAAQ,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/D;AAID,eAAO,MAAM,sBAAsB,GAAI,KAAK,MAAM,KAAG,WAYpD,CAAC;AAOF,eAAO,MAAM,qBAAqB,GAAI,QAAQ,SAAS,EAAE,UAAU,WAAW,KAAG,WAiChF,CAAC;AAOF,eAAO,MAAM,wBAAwB,GACjC,QAAQ,SAAS,WAAW,EAAE,EAC9B,SAAS;IAAE,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAA;CAAE,KAClF,WA2CF,CAAC;AAUF,eAAO,MAAM,oBAAoB,GAC7B,OAAO,iBAAiB,EACxB,KAAK,MAAM,EACX,KAAK,WAAW,EAChB,UAAU,OAAO,EACjB,KAAK,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,KAC/B,WAYF,CAAC"}
@@ -1,7 +1,9 @@
1
1
  import { existsSync } from "node:fs";
2
2
  import { readFile, writeFile } from "node:fs/promises";
3
3
  import { join } from "node:path";
4
- import { SECRETS_FILE } from "./artifact.js";
4
+ import { createStore, resolveInputs } from "@intentic/engine";
5
+ import { hostTarget } from "@intentic/providers";
6
+ import { SECRETS_FILE } from "../lib/artifact.js";
5
7
  export const createLocalSecretStore = (dir) => {
6
8
  const path = join(dir, SECRETS_FILE);
7
9
  const read = async () => existsSync(path) ? JSON.parse(await readFile(path, "utf8")) : {};
@@ -94,4 +96,16 @@ export const createLayeredSecretStore = (layers, options) => {
94
96
  },
95
97
  };
96
98
  };
99
+ export const generatedSecretStore = (graph, dir, ssh, backfill, log) => {
100
+ const local = createLocalSecretStore(dir);
101
+ const forgejo = Object.values(graph.resources).find((node) => node.type === "forgejo");
102
+ const serverRef = forgejo?.inputs["server"];
103
+ const hostId = typeof serverRef === "object" && serverRef !== null && "$ref" in serverRef ? serverRef.$ref : undefined;
104
+ const hostNode = hostId !== undefined ? graph.resources[hostId] : undefined;
105
+ if (hostNode === undefined) {
106
+ return local;
107
+ }
108
+ const target = hostTarget(resolveInputs(hostNode.inputs, createStore(), process.env, { lenient: false }));
109
+ return createLayeredSecretStore([createHostSecretStore(target, ssh), local], { backfill, log });
110
+ };
97
111
  //# sourceMappingURL=secret-store.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"secret-store.js","sourceRoot":"","sources":["../../src/secrets/secret-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAE9D,OAAO,EAAE,UAAU,EAAoC,MAAM,qBAAqB,CAAC;AACnF,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAalD,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,GAAW,EAAe,EAAE;IAC/D,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,KAAK,IAAqC,EAAE,CACrD,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAE,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAA4B,CAAC,CAAC,CAAC,EAAE,CAAC;IACjG,OAAO;QACH,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC;QACvC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE;YACtB,MAAM,KAAK,GAAG,MAAM,IAAI,EAAE,CAAC;YAC3B,KAAK,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACnB,MAAM,SAAS,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACvF,CAAC;KACJ,CAAC;AACN,CAAC,CAAC;AAMF,MAAM,iBAAiB,GAAG,4BAA4B,CAAC;AACvD,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,MAAiB,EAAE,QAAqB,EAAe,EAAE;IAC3F,IAAI,KAAyC,CAAC;IAC9C,MAAM,IAAI,GAAG,KAAK,IAAqC,EAAE;QACrD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACtB,OAAO,KAAK,CAAC;QACjB,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC/C,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,OAAO,iBAAiB,2BAA2B,CAAC,CAAC;YACvF,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,IAAI,CAA2B,CAAC;QAC/E,CAAC;gBAAS,CAAC;YACP,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;QAC5B,CAAC;QACD,OAAO,KAAK,CAAC;IACjB,CAAC,CAAC;IACF,OAAO;QACH,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC;QACvC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE;YACtB,MAAM,KAAK,GAAG,MAAM,IAAI,EAAE,CAAC;YAC3B,KAAK,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACnB,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;YACjD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAC/C,IAAI,CAAC;gBAGD,MAAM,OAAO,CAAC,IAAI,CACd,mCAAmC,iBAAiB,kCAAkC,IAAI,qCAAqC,iBAAiB,cAAc,iBAAiB,QAAQ,iBAAiB,EAAE,CAC7M,CAAC;YACN,CAAC;oBAAS,CAAC;gBACP,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;YAC5B,CAAC;QACL,CAAC;KACJ,CAAC;AACN,CAAC,CAAC;AAOF,MAAM,CAAC,MAAM,wBAAwB,GAAG,CACpC,MAA8B,EAC9B,OAAiF,EACtE,EAAE;IACb,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IACtC,OAAO;QACH,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;YACf,MAAM,MAAM,GAA2B,EAAE,CAAC;YAC1C,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBACzB,IAAI,CAAC;oBACD,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;gBACtC,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACb,GAAG,CAAC,oCAAoC,GAAG,0BAA0B,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;oBACtF,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAC3B,CAAC;YACL,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC;YAC3D,IAAI,MAAM,KAAK,SAAS,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBAC3C,KAAK,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;oBACxC,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC;wBACvB,SAAS;oBACb,CAAC;oBACD,IAAI,CAAC;wBACD,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;oBACjC,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACb,GAAG,CAAC,qCAAqC,GAAG,mBAAmB,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;oBACpF,CAAC;gBACL,CAAC;YACL,CAAC;YACD,OAAO,MAAM,CAAC;QAClB,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE;YACtB,IAAI,SAAS,GAAG,KAAK,CAAC;YACtB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBACzB,IAAI,CAAC;oBACD,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;oBAC5B,SAAS,GAAG,IAAI,CAAC;gBACrB,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACb,GAAG,CAAC,qCAAqC,GAAG,aAAa,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gBAC9E,CAAC;YACL,CAAC;YACD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,uCAAuC,GAAG,gBAAgB,CAAC,CAAC;YAChF,CAAC;QACL,CAAC;KACJ,CAAC;AACN,CAAC,CAAC;AAUF,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAChC,KAAwB,EACxB,GAAW,EACX,GAAgB,EAChB,QAAiB,EACjB,GAA8B,EACnB,EAAE;IACb,MAAM,KAAK,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;IAC1C,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;IACvF,MAAM,SAAS,GAAG,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC5C,MAAM,MAAM,GACR,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,IAAI,IAAI,MAAM,IAAI,SAAS,CAAC,CAAC,CAAE,SAAuC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;IAC3I,MAAM,QAAQ,GAAG,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5E,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC;IACjB,CAAC;IACD,MAAM,MAAM,GAAG,UAAU,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,EAAE,WAAW,EAAE,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAC1G,OAAO,wBAAwB,CAAC,CAAC,qBAAqB,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC;AACpG,CAAC,CAAC"}
@@ -0,0 +1 @@
1
+ {"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/secrets/secrets.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAMxF,eAAO,MAAM,SAAS,GAAI,OAAO,eAAe,GAAG,SAAS,KAAG;IAAE,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAAC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GAAG,SAaxH,CAAC;AAOF,eAAO,MAAM,cAAc,GAAI,OAAO,iBAAiB,KAAG;IAAE,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,CAAC;IAAC,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,CAAA;CA6B/G,CAAC;AAIF,eAAO,MAAM,eAAe,GAAU,MAAM,MAAM,EAAE,MAAM,SAAS,MAAM,EAAE,KAAG,OAAO,CAAC,IAAI,CAEzF,CAAC"}
@@ -1,4 +1,5 @@
1
1
  import { writeFile } from "node:fs/promises";
2
+ import { renderTemplate } from "../lib/templates.js";
2
3
  export const secretRef = (value) => {
3
4
  if (typeof value !== "object" || value === null || Array.isArray(value)) {
4
5
  return undefined;
@@ -43,11 +44,6 @@ export const collectSecrets = (graph) => {
43
44
  return { env: bucket("env"), generated: bucket("generated") };
44
45
  };
45
46
  export const writeEnvExample = async (path, keys) => {
46
- const header = [
47
- "# Secrets required by desired-state.json. Copy this file to .env and fill in each value.",
48
- "# Regenerated by `intentic resolve`.",
49
- "",
50
- ];
51
- await writeFile(path, [...header, ...keys.map((key) => `${key}=`), ""].join("\n"));
47
+ await writeFile(path, renderTemplate("env-example", { keys }));
52
48
  };
53
49
  //# sourceMappingURL=secrets.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/secrets/secrets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAE7C,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAKrD,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,KAAkC,EAAuE,EAAE;IACjI,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACtE,OAAO,SAAS,CAAC;IACrB,CAAC;IACD,MAAM,MAAM,GAAI,KAA2D,CAAC,OAAO,CAAC;IACpF,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QAChD,OAAO,SAAS,CAAC;IACrB,CAAC;IACD,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,CAAC;IAC/B,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,WAAW,CAAC,EAAE,CAAC;QAC1E,OAAO,SAAS,CAAC;IACrB,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AAC3B,CAAC,CAAC;AAOF,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,KAAwB,EAA4D,EAAE;IACjH,MAAM,OAAO,GAAG,IAAI,GAAG,EAAwB,CAAC;IAChD,MAAM,IAAI,GAAG,CAAC,KAAsB,EAAQ,EAAE;QAC1C,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACpB,OAAO;QACX,CAAC;QACD,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAC7B,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACpB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;gBAC5C,MAAM,IAAI,KAAK,CAAC,WAAW,GAAG,CAAC,GAAG,yBAAyB,IAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;YACzF,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;YACjC,OAAO;QACX,CAAC;QACD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACvC,CAAC;IACL,CAAC,CAAC;IACF,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;QAChD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,CAAC;IACD,MAAM,MAAM,GAAG,CAAC,MAAoB,EAAY,EAAE,CAC9C,CAAC,GAAG,OAAO,CAAC;SACP,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC;SAC/B,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC;SACnB,IAAI,EAAE,CAAC;IAChB,OAAO,EAAE,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;AAClE,CAAC,CAAC;AAIF,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAAE,IAAY,EAAE,IAAuB,EAAiB,EAAE;IAC1F,MAAM,SAAS,CAAC,IAAI,EAAE,cAAc,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACnE,CAAC,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@intentic/cli",
3
- "version": "1.32.2",
3
+ "version": "1.38.0",
4
4
  "description": "",
5
5
  "license": "MIT",
6
6
  "type": "module",
@@ -10,7 +10,8 @@
10
10
  "directory": "_apps/cli"
11
11
  },
12
12
  "files": [
13
- "dist"
13
+ "dist",
14
+ "templates"
14
15
  ],
15
16
  "bin": {
16
17
  "intentic": "./dist/cli.js"
@@ -33,13 +34,17 @@
33
34
  }
34
35
  },
35
36
  "dependencies": {
37
+ "@puristic/env": "1.4.1",
36
38
  "@stricli/core": "1.2.8",
39
+ "eta": "4.6.0",
37
40
  "tslib": "2.8.1",
38
- "@intentic/engine": "1.32.2",
39
- "@intentic/graph": "1.32.2",
40
- "@intentic/need-resolver": "1.32.2",
41
- "@intentic/providers": "1.32.2",
42
- "@intentic/state-resolver": "1.32.2"
41
+ "zod": "4.4.3",
42
+ "@intentic/engine": "1.38.0",
43
+ "@intentic/need-resolver": "1.38.0",
44
+ "@intentic/graph": "1.38.0",
45
+ "@intentic/providers": "1.38.0",
46
+ "@intentic/scaffold": "0.0.0",
47
+ "@intentic/state-resolver": "1.38.0"
43
48
  },
44
49
  "devDependencies": {
45
50
  "@types/node": "24.13.2",
@@ -48,7 +53,8 @@
48
53
  "testcontainers": "12.0.3",
49
54
  "typescript": "5.9.3",
50
55
  "vitest": "4.1.9",
51
- "@intentic/sdk": "1.32.2",
56
+ "yaml": "2.9.0",
57
+ "@intentic/sdk": "1.38.0",
52
58
  "@intentic/tsconfig": "0.0.0"
53
59
  },
54
60
  "scripts": {
@@ -0,0 +1,21 @@
1
+ # Access
2
+
3
+ Generated by `intentic apply`. User-supplied passwords are the values you set in `.env`; generated passwords are stored in `.secrets.json` (gitignored).
4
+ <% if (it.services.length > 0) { -%>
5
+
6
+ | Service | URL | Username | Password |
7
+ | --- | --- | --- | --- |
8
+ <% it.services.forEach(function (service) { -%>
9
+ | <%= service.label %> | <%= service.url %> | <%= service.username %> | <%= service.password %> |
10
+ <% }) -%>
11
+ <% } -%>
12
+ <% if (it.apps.length > 0) { -%>
13
+
14
+ ## App environments
15
+
16
+ | Environment | URL |
17
+ | --- | --- |
18
+ <% it.apps.forEach(function (app) { -%>
19
+ | <%= app.id %> | <%= app.url %> |
20
+ <% }) -%>
21
+ <% } -%>
@@ -0,0 +1,5 @@
1
+ FROM busybox:1.37.0
2
+ RUN mkdir -p /www && printf '%s' '<%= it.appBody %>' > /www/index.html
3
+ ENV PORT=8080
4
+ EXPOSE 8080
5
+ CMD ["sh","-c","httpd -f -v -p ${PORT} -h /www"]
@@ -0,0 +1,23 @@
1
+ import { env } from "@intentic/graph";
2
+ import { defineIntent } from "@intentic/sdk";
3
+
4
+ export const intent = defineIntent((i) => {
5
+ const host = i.have.host("host", {
6
+ address: "127.0.0.1",
7
+ user: "root",
8
+ sshKey: env("HOST_SSH_KEY"),
9
+ port: <%= it.sshPort %>,
10
+ });
11
+
12
+ const cf = i.have.cloudflare("cf", {
13
+ apiToken: env("CLOUDFLARE_API_TOKEN"),
14
+ });
15
+
16
+ i.want.app("<%= it.app %>", {
17
+ on: host,
18
+ expose: cf,
19
+ environments: {
20
+ <%= it.env %>: { domain: "<%= it.domain %>", branch: "main", env: { PORT: "<%= it.appPort %>" } },
21
+ },
22
+ });
23
+ });
@@ -0,0 +1,2 @@
1
+ HOST_SSH_KEY="<%= it.privateKey %>"
2
+ CLOUDFLARE_API_TOKEN=<%= it.apiToken %>
@@ -0,0 +1,6 @@
1
+ # Secrets required by desired-state.json. Copy this file to .env and fill in each value.
2
+ # Regenerated by `intentic resolve`.
3
+
4
+ <% it.keys.forEach(function (key) { -%>
5
+ <%= key %>=
6
+ <% }) -%>
@@ -0,0 +1,7 @@
1
+ # intentic starter Dockerfile — replace with your app's real build.
2
+ FROM node:24.18.0-alpine3.24
3
+ WORKDIR /app
4
+ COPY . .
5
+ ENV PORT=8080
6
+ EXPOSE 8080
7
+ CMD ["node", "server.js"]
@@ -0,0 +1,18 @@
1
+ import { env } from "@intentic/graph";
2
+ import { defineIntent } from "@intentic/sdk";
3
+
4
+ export const intent = defineIntent((i) => {
5
+ const cf = i.have.cloudflare("cf", {
6
+ apiToken: env("CLOUDFLARE_API_TOKEN"),
7
+ });
8
+
9
+ // `self` is your local deploy target (this machine / its Docker-in-Docker host). intentic registers it in
10
+ // the managed `// <intentic>` block at the top of this file — reference it with `on: self`, don't redeclare it.
11
+ i.want.app("my-app", {
12
+ on: self,
13
+ expose: cf,
14
+ environments: {
15
+ production: { domain: "app.<%= it.zone %>", branch: "main" },
16
+ },
17
+ });
18
+ });
@@ -0,0 +1,22 @@
1
+ import { env } from "@intentic/graph";
2
+ import { defineIntent } from "@intentic/sdk";
3
+
4
+ export const intent = defineIntent((i) => {
5
+ const host = i.have.host("host", {
6
+ address: "203.0.113.10",
7
+ user: "deploy",
8
+ sshKey: env("HOST_SSH_KEY"),
9
+ });
10
+
11
+ const cf = i.have.cloudflare("cf", {
12
+ apiToken: env("CLOUDFLARE_API_TOKEN"),
13
+ });
14
+
15
+ i.want.app("my-app", {
16
+ on: host,
17
+ expose: cf,
18
+ environments: {
19
+ production: { domain: "app.example.com", branch: "main", env: { DATABASE_URL: env("PRODUCTION_DATABASE_URL") } },
20
+ },
21
+ });
22
+ });
@@ -0,0 +1,9 @@
1
+ import { createServer } from "node:http";
2
+
3
+ // Komodo sets PORT in production; the sandbox passes DEV_PORT for the live preview.
4
+ const port = Number(process.env.PORT ?? process.env.DEV_PORT ?? 5173);
5
+
6
+ createServer((_req, res) => {
7
+ res.writeHead(200, { "content-type": "text/html; charset=utf-8" });
8
+ res.end("<!doctype html><title>intentic app</title><h1>It works 🎉</h1><p>Edit <code>server.js</code> — the agent works on this repo.</p>");
9
+ }).listen(port, () => console.log(`app listening on :${port}`));
@@ -0,0 +1,28 @@
1
+ # Generated by intentic: apply the desired-state artifact, pruning resources it no longer declares.
2
+ on:
3
+ push:
4
+ branches: [ "main" ]
5
+ paths: [ "<%= it.artifactFile %>" ]
6
+ jobs:
7
+ apply:
8
+ runs-on: docker
9
+ env:
10
+ <% it.envEntries.forEach(function (entry) { -%>
11
+ <%= entry.env %>: ${{ secrets.<%= entry.secret %> }}
12
+ <% }) -%>
13
+ steps:
14
+ - uses: https://github.com/actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
15
+ with:
16
+ fetch-depth: 0
17
+ - name: apply and prune
18
+ run: |
19
+ corepack enable
20
+ PREV=''
21
+ if git rev-parse -q --verify refs/tags/<%= it.appliedTag %> >/dev/null; then \
22
+ git show <%= it.appliedTag %>:<%= it.artifactFile %> > /tmp/previous.json && PREV="--previous /tmp/previous.json"; fi
23
+ pnpm dlx <%= it.cliPackage %>@<%= it.cliVersion %> apply --artifact <%= it.artifactFile %> $PREV
24
+ - name: mark applied
25
+ run: |
26
+ AUTH="$(printf '%s:%s' '<%= it.user %>' "$<%= it.forgejoPasswordKey %>" | base64 -w0)"
27
+ git tag -f <%= it.appliedTag %> HEAD
28
+ git -c http.extraHeader="Authorization: basic $AUTH" push -f origin refs/tags/<%= it.appliedTag %>
@@ -0,0 +1,26 @@
1
+ # Generated by intentic: resolve deploy.config.ts and push the new artifact into the desired-state repo.
2
+ on:
3
+ push:
4
+ branches: [ "main" ]
5
+ paths: [ "<%= it.configFile %>", "package.json", "pnpm-lock.yaml" ]
6
+ jobs:
7
+ resolve:
8
+ runs-on: docker
9
+ env:
10
+ CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
11
+ <%= it.gitUserEnv %>: ${{ secrets.<%= it.gitUserSecret %> }}
12
+ <%= it.gitTokenEnv %>: ${{ secrets.<%= it.gitTokenSecret %> }}
13
+ steps:
14
+ - uses: https://github.com/actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
15
+ - name: resolve and push desired-state
16
+ run: |
17
+ corepack enable
18
+ pnpm install --ignore-workspace
19
+ AUTH="$(printf '%s:%s' "$GIT_USER" "$GIT_TOKEN" | base64 -w0)"
20
+ git -c http.extraHeader="Authorization: basic $AUTH" clone <%= it.desiredStateCloneUrl %> /tmp/ds
21
+ pnpm dlx <%= it.cliPackage %>@<%= it.cliVersion %> resolve --config <%= it.configFile %> --out /tmp/ds/<%= it.artifactFile %> --sync-control-plane
22
+ cd /tmp/ds
23
+ git add -A
24
+ if git diff --cached --quiet; then echo 'desired-state unchanged'; exit 0; fi
25
+ git -c user.name="<%= it.user %>" -c user.email="<%= it.user %>@<%= it.domain %>" commit -m "intentic resolve"
26
+ git -c http.extraHeader="Authorization: basic $AUTH" push origin HEAD:main
@@ -1 +0,0 @@
1
- {"version":3,"file":"access.d.ts","sourceRoot":"","sources":["../src/access.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAWvE,MAAM,WAAW,WAAW;IACxB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAG3B,QAAQ,CAAC,QAAQ,CAAC,EAAE;QAAE,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;QAAC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CACxG;AAKD,eAAO,MAAM,aAAa,GACtB,OAAO,iBAAiB,EACxB,SAAS,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,EACpE,KAAK,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC,KAClD,WAAW,EAuBb,CAAC;AAeF,eAAO,MAAM,mBAAmB,GAAI,SAAS,SAAS,WAAW,EAAE,KAAG,MASrE,CAAC;AAWF,eAAO,MAAM,eAAe,GAAU,MAAM,MAAM,EAAE,SAAS,SAAS,WAAW,EAAE,KAAG,OAAO,CAAC,IAAI,CAqBjG,CAAC"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"access.js","sourceRoot":"","sources":["../src/access.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAE7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAIzC,MAAM,cAAc,GAAqC;IACrD,OAAO,EAAE,eAAe;IACxB,MAAM,EAAE,kBAAkB;IAC1B,MAAM,EAAE,wBAAwB;CACnC,CAAC;AAeF,MAAM,CAAC,MAAM,aAAa,GAAG,CACzB,KAAwB,EACxB,OAAoE,EACpE,GAAiD,EACpC,EAAE;IACf,MAAM,OAAO,GAAkB,EAAE,CAAC;IAClC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;QAChD,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;YACxE,SAAS;QACb,CAAC;QACD,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC;QACtC,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC1B,SAAS;QACb,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC1C,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC;QACpD,MAAM,KAAK,GAAG,GAAG,EAAE,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACrE,MAAM,QAAQ,GAAG,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QACjI,OAAO,CAAC,IAAI,CAAC;YACT,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,EAAE;YAC3C,GAAG;YACH,GAAG,CAAC,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACrD,GAAG,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAClD,CAAC,CAAC;IACP,CAAC;IACD,OAAO,OAAO,CAAC;AACnB,CAAC,CAAC;AAGF,MAAM,eAAe,GAAG,CAAC,QAAiC,EAAU,EAAE;IAClE,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QACzB,OAAO,EAAE,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,QAAQ,CAAC,KAAK,KAAK,SAAS;YAC/B,CAAC,CAAC,gBAAgB,QAAQ,CAAC,KAAK,4BAA4B;YAC5D,CAAC,CAAC,8CAA8C,CAAC;IACzD,CAAC;IACD,OAAO,iBAAiB,QAAQ,CAAC,GAAG,EAAE,CAAC;AAC3C,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,OAA+B,EAAU,EAAE;IAC3E,MAAM,KAAK,GAAG,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;IAC9B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;QAC7C,IAAI,KAAK,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC/B,KAAK,CAAC,IAAI,CAAC,aAAa,KAAK,CAAC,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QAChF,CAAC;IACL,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC5B,CAAC,CAAC;AAIF,MAAM,gBAAgB,GAAG,CAAC,QAAiC,EAAU,EAAE;IACnE,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QACzB,OAAO,EAAE,CAAC;IACd,CAAC;IACD,OAAO,QAAQ,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,iCAAiC,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,GAAG,IAAI,CAAC;AACxG,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAAE,IAAY,EAAE,OAA+B,EAAiB,EAAE;IAClG,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;IACzE,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;IACrE,MAAM,KAAK,GAAG;QACV,UAAU;QACV,EAAE;QACF,0JAA0J;KAC7J,CAAC;IACF,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,yCAAyC,EAAE,2BAA2B,CAAC,CAAC;QACvF,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;YAC3B,KAAK,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,KAAK,MAAM,KAAK,CAAC,GAAG,MAAM,KAAK,CAAC,QAAQ,MAAM,gBAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC9G,CAAC;IACL,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClB,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,qBAAqB,EAAE,EAAE,EAAE,uBAAuB,EAAE,eAAe,CAAC,CAAC;QACpF,KAAK,MAAM,KAAK,IAAI,IAAI,EAAE,CAAC;YACvB,KAAK,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,EAAE,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;QACjD,CAAC;IACL,CAAC;IACD,MAAM,SAAS,CAAC,IAAI,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACnD,CAAC,CAAC"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"adopt-pipelines.d.ts","sourceRoot":"","sources":["../src/adopt-pipelines.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAItD,eAAO,MAAM,eAAe,sBAAsB,CAAC;AACnD,eAAO,MAAM,gBAAgB,uBAAuB,CAAC;AAIrD,eAAO,MAAM,YAAY,aAAa,CAAC;AACvC,eAAO,MAAM,aAAa,cAAc,CAAC;AAWzC,eAAO,MAAM,oBAAoB,oCAAoC,CAAC;AACtE,eAAO,MAAM,mBAAmB,kCAAkC,CAAC;AAOnE,eAAO,MAAM,iBAAiB,GAAI,KAAK,MAAM,KAAG,MAC+C,CAAC;AAEhG,MAAM,WAAW,cAAc;IAE3B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAE5B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAExB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAE9B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAGlC,QAAQ,CAAC,eAAe,EAAE,SAAS,MAAM,EAAE,CAAC;IAG5C,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;CACvC;AAOD,eAAO,MAAM,kBAAkB,GAAI,QAAQ,cAAc,KAAG,MA6B5C,CAAC;AAKjB,eAAO,MAAM,iBAAiB,GAAI,QAAQ,cAAc,KAAG,MA+B1D,CAAC;AAIF,eAAO,MAAM,aAAa,GAAU,SAAS,MAAM,EAAE,cAAc,MAAM,EAAE,SAAS,MAAM,KAAG,OAAO,CAAC,IAAI,CAIxG,CAAC;AAGF,eAAO,MAAM,0BAA0B,GAAU,WAAW,MAAM,EAAE,WAAW,MAAM,EAAE,QAAQ,cAAc,KAAG,OAAO,CAAC,IAAI,CAG3H,CAAC;AAGF,eAAO,MAAM,cAAc,GAAU,MAAM;IACvC,QAAQ,CAAC,GAAG,EAAE,UAAU,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CACtD,KAAG,OAAO,CAAC,IAAI,CAYf,CAAC"}