@lovinka/deployik-mcp 0.1.0

package/dist/knowledge/recipes.generated.js

@@ -0,0 +1,17 @@
+// AUTO-GENERATED by scripts/copy-recipes.mjs. Do not edit by hand.
+// Source: ../../.claude/skills/deployik-howto/
+export const RECIPE_FILES = [
+    {
+        file: "SKILL.md",
+        content: "---\nname: deployik-howto\ndescription: Use when a user asks how to do something in the Deployik dashboard — connecting a GitHub repo, custom domains, environment variables or secrets, auto-deploy on push, password protection, sending email from a contact form (Webglobe SMTP + reCAPTCHA v3), or rolling back a deployment — or asks Claude to perform one of those actions for them. Triggers include \"how do I…\", \"where do I click…\", \"I want my own domain\", \"I want my contact form to send emails\", \"I want to make X work\", \"deploy my repo\", and \"just do X for me\" phrased against Deployik. Do NOT activate for questions about Deployik's source code (Go handlers, React pages, migrations) — those are codebase tasks, not dashboard tasks.\n---\n\n# Deployik How-To\n\nHelps a user navigate or operate the Deployik dashboard. Two modes: **guide** (walk them through clicks) and **action** (do it for them via the Deployik API).\n\n## Tone\n\nThe primary user is non-technical. Speak warmly and in plain language. Quote Deployik button labels exactly (they're in English) but explain in everyday words around them. Never assume the user already knows what an \"MX record\" or a \"site key\" is — define it the first time it appears, in one short sentence.\n\nWhen you give a recipe, **always finish with the same friendly offer**:\n\n> Stuck on any of these steps? Tell me which one and I'll walk through it with you.\n\nIf the user gets stuck, ask one question at a time, and offer to do the part on their behalf if it's something action mode can do (e.g. \"Want me to add the secret for you, or do you want to do it in the dashboard?\").\n\nIf a sub-step happens outside Deployik (a registrar's DNS panel, the Google reCAPTCHA admin, a webmail customer portal), say so explicitly so they know they're leaving Deployik for a moment. Then guide them step-by-step in the external UI before bringing them back.\n\n## When to use\n\n- User goal phrased against the Deployik dashboard — e.g. \"I want my own domain\", \"where do I add an env var\", \"make the site password-protected\", \"redeploy when I push to GitHub\", \"make my contact form send emails\", \"roll back my last release\".\n- User asks Claude to *perform* one of those tasks instead of guiding them.\n\n## When NOT to use\n\n- Questions about Deployik's source code, build pipeline internals, or how a Go handler/React page is implemented. Those are not dashboard tasks.\n- Self-hosting / VPS / nginx / SSL provider questions — those belong to the lovinka-infra repo and a different audience.\n\n## How to choose the mode\n\nRead the user's phrasing:\n\n- *\"How do I…\"*, *\"Where do I click…\"*, *\"I want to learn how to…\"* → **guide mode** → see [click-paths.md](click-paths.md).\n- *\"Do X for me\"*, *\"Add this env var\"*, *\"Trigger a deploy\"*, imperative phrasing → **action mode** → see [api-actions.md](api-actions.md).\n\nIf ambiguous, ask warmly: \"Want me to walk you through the dashboard, or do it for you?\"\n\n## Action mode prerequisites\n\nAction mode requires a Personal Access Token. If `~/.config/deployik/config` doesn't exist or is missing `DEPLOYIK_BASE_URL` / `DEPLOYIK_TOKEN`, stop and explain in friendly tone:\n\n> Before I can do this for you, I need a Deployik access token — it's like a password just for tools. In the Deployik sidebar, click **Access tokens** → **Create token**, give it a name like \"skill\", and copy the value it shows you (it starts with `dpk_`). Then save it to a file at `~/.config/deployik/config` like this:\n>\n> ```\n> DEPLOYIK_BASE_URL=https://your-deployik-host\n> DEPLOYIK_TOKEN=dpk_...\n> ```\n>\n> Once that's saved, just ask me the same thing again and I'll do it.\n\n## Safety rules for action mode\n\n| Verb / target | Rule |\n|---------------|------|\n| `GET *` | Execute silently |\n| `POST/PUT/PATCH` to non-production | Print intended `<METHOD> <path>` and JSON body, ask \"Do this?\" — wait for an affirmative reply |\n| `POST/PUT/PATCH` to production env | Print payload, **flag PRODUCTION explicitly**, ask yes/no |\n| `DELETE *` and `POST .../regenerate` | Require typed string confirmation matching the target name (e.g. `yes delete example.com`) — anything else aborts |\n\nAlways invoke the API via `helpers/deployik` (bundled with this skill). Never hand-roll curl with the token inline — keeps the token out of shell history.\n",
+    },
+    {
+        file: "api-actions.md",
+        content: "# Deployik — API actions\n\nAction mode for the goals in [click-paths.md](click-paths.md). Each entry has the endpoint, payload shape, safety tier, and the exact `helpers/deployik` invocation.\n\n## Helper script\n\nAlways invoke the API via `./helpers/deployik` (relative to this skill's directory) — never paste tokens into raw curl. The wrapper:\n\n- Reads `~/.config/deployik/config` (`DEPLOYIK_BASE_URL`, `DEPLOYIK_TOKEN`)\n- Sends `Authorization: Bearer $DEPLOYIK_TOKEN`\n- Prints `HTTP <status>` to stderr, body to stdout\n- Exits non-zero on HTTP error\n- Pretty-prints JSON if `jq` is installed\n\nUsage:\n\n```\ndeployik api <METHOD> <path> [json-body]\n```\n\nIf `~/.config/deployik/config` is missing, stop and direct the user to create a token (Sidebar → **Access tokens** → **Create token**) before retrying.\n\n## Safety tiers\n\n| Verb / target | Rule |\n|---------------|------|\n| `GET *` | Execute silently — read-only |\n| `POST/PUT/PATCH` non-production | Print payload, ask \"Do this?\" — wait for affirmative reply |\n| `POST/PUT/PATCH` production env | Flag `**PRODUCTION**`, ask explicit yes/no |\n| `DELETE *` and `POST .../regenerate` | Require typed string confirmation matching the target name (e.g. `yes delete example.com`) |\n\n## Resolving project id\n\nMost endpoints need `{id}` (a ULID). When the user names a project, run:\n\n```\ndeployik api GET /api/projects\n```\n\n…and find the row whose `name` matches. Use its `id`.\n\n---\n\n## create-project\n\n**Goal:** [click-paths.md#create-project](click-paths.md#create-project)\n\n**Endpoint:** `POST /api/projects`\n**Tier:** Mutation — confirm before executing.\n\n**Body shape:**\n\n```json\n{\n  \"name\": \"my-app\",\n  \"github_repo\": \"my-repo\",\n  \"github_owner\": \"my-org\",\n  \"branch\": \"main\",\n  \"framework\": \"nextjs\",\n  \"package_manager\": \"auto\",\n  \"root_directory\": \"\",\n  \"output_directory\": \".next\",\n  \"build_command\": \"bun run build\",\n  \"install_command\": \"bun install\",\n  \"node_version\": \"22\",\n  \"organization_id\": \"(optional — defaults to personal workspace)\"\n}\n```\n\n**Invocation:**\n\n```\ndeployik api POST /api/projects '{\"name\":\"my-app\",\"github_repo\":\"my-repo\",\"github_owner\":\"my-org\",\"branch\":\"main\",\"framework\":\"nextjs\",\"package_manager\":\"auto\",\"output_directory\":\".next\",\"build_command\":\"bun run build\",\"install_command\":\"bun install\",\"node_version\":\"22\"}'\n```\n\n**Behavior:** creates the project, auto-domain, GitHub webhook (best-effort), and triggers an initial preview deployment.\n\n---\n\n## custom-domain\n\n**Goal:** [click-paths.md#custom-domain](click-paths.md#custom-domain)\n\n**Endpoints:**\n- `POST /api/projects/{id}/domains` — adds the row\n- `POST /api/projects/{id}/domains/{did}/verify` — runs DNS check + cert provisioning (returns 202; final result streams over WebSocket but the synchronous response confirms acceptance)\n- `PATCH /api/projects/{id}/domains/{did}` `{is_primary: true}` — optional, mark as primary\n\n**Tier:** Mutation — confirm before each step.\n\n**Body shape (POST):**\n\n```json\n{ \"domain\": \"example.com\", \"environment\": \"production\" }\n```\n\n**Invocation:**\n\n```\ndeployik api POST /api/projects/{id}/domains '{\"domain\":\"example.com\",\"environment\":\"production\"}'\ndeployik api POST /api/projects/{id}/domains/{did}/verify\n```\n\n**Critical reminder for the user:** the DNS A-record at the registrar must point to the VPS IP **before** Verify, otherwise it fails. Tell them the click-paths recipe explains where to add it.\n\n---\n\n## env-vars\n\n**Goal:** [click-paths.md#env-vars](click-paths.md#env-vars)\n\n**Endpoints:**\n- `POST /api/projects/{id}/env` — single upsert (env var)\n- `POST /api/projects/{id}/secrets` — single upsert (secret)\n- `DELETE /api/projects/{id}/env/{key}?environment=preview|production|shared` — destructive\n- `PUT /api/projects/{id}/env` — bulk replace (don't use unless the user says \"replace all\")\n\n**Tier:** Mutation — confirm. **Production environment writes get extra production-flag confirmation.**\n\n**Body shape (single upsert):**\n\n```json\n{ \"key\": \"STRIPE_PUBLIC\", \"value\": \"pk_test_xxx\", \"environment\": \"preview\" }\n```\n\n**Environment values:** `shared` (applies to both), `preview`, or `production`. If the user says \"preview\", use `preview`; if \"production\" or \"live\", use `production`. If unsure, ask.\n\n**Invocations:**\n\n```\ndeployik api POST /api/projects/{id}/env '{\"key\":\"STRIPE_PUBLIC\",\"value\":\"pk_test_xxx\",\"environment\":\"preview\"}'\ndeployik api POST /api/projects/{id}/secrets '{\"key\":\"DATABASE_URL\",\"value\":\"postgres://...\",\"environment\":\"production\"}'\ndeployik api DELETE /api/projects/{id}/env/STRIPE_PUBLIC?environment=preview\n```\n\n**Constraint:** secrets refuse `NEXT_PUBLIC_*` keys (they need to be in the variables store to bake into the build). Surface that error verbatim if the API returns it.\n\n**Heads-up:** changing a variable does NOT redeploy. After applying, ask the user if they want you to trigger a redeploy via the [#rollback](#rollback) endpoint with the latest commit sha.\n\n---\n\n## auto-deploy\n\n**Goal:** [click-paths.md#auto-deploy](click-paths.md#auto-deploy)\n\n**Endpoint:** `PUT /api/projects/{id}/auto-build`\n**Tier:** Mutation — confirm.\n\n**Body shape:**\n\n```json\n{\n  \"enabled\": true,\n  \"production_branch\": \"main\",\n  \"preview_branches\": \"*\"\n}\n```\n\n**Invocation:**\n\n```\ndeployik api PUT /api/projects/{id}/auto-build '{\"enabled\":true,\"production_branch\":\"main\",\"preview_branches\":\"*\"}'\n```\n\n**Side effect:** Deployik creates a webhook on the GitHub repo. If the user hasn't granted the `admin:repo_hook` scope to the OAuth app, this errors — ask them to sign out and back in in the dashboard, then retry.\n\nTo disable: `deployik api DELETE /api/projects/{id}/auto-build` (deletes config + webhook). Treat as destructive — typed confirmation.\n\n---\n\n## password-protection\n\n**Goal:** [click-paths.md#password-protection](click-paths.md#password-protection)\n\n**Endpoints:**\n- `PUT /api/projects/{id}/protection` — enable/disable per environment\n- `POST /api/projects/{id}/protection/regenerate` — new password (destructive — require typed confirmation, the old password stops working at this point)\n\n**Tier:** PUT = mutation/confirm. Regenerate = destructive/typed-confirm.\n\n**Body shapes:**\n\n```json\n{ \"environment\": \"preview\",     \"enabled\": true }\n{ \"environment\": \"production\",  \"enabled\": false }\n```\n\n**Invocations:**\n\n```\ndeployik api PUT  /api/projects/{id}/protection '{\"environment\":\"preview\",\"enabled\":true}'\ndeployik api POST /api/projects/{id}/protection/regenerate '{\"environment\":\"preview\"}'\n```\n\n**Response on enable / regenerate:** the JSON includes the plaintext password under `password`. Surface it to the user with a warning: this is the only time the API will return it.\n\n---\n\n## contact-form-email\n\n**Goal:** [click-paths.md#contact-form-email](click-paths.md#contact-form-email)\n\n**Endpoints:**\n- `GET /api/projects/{id}/email` — fetch current settings + the **AI install prompt** (auto-generated server-side from the project's framework, package manager, root directory, and reCAPTCHA site key)\n- `PUT /api/projects/{id}/email` — save SMTP host/port/security/user, From address + name, contact recipients, reCAPTCHA site key, score threshold; the SMTP password and reCAPTCHA secret are persisted as encrypted secrets\n- `POST /api/projects/{id}/email/test-smtp` — send a test email through the saved SMTP credentials\n\n**Tier:** PUT = mutation/confirm. test-smtp = mutation/confirm (it actually sends an email — usually fine, but flag it explicitly because the user might be configuring against a live mailbox). GET = read silent.\n\n**Body shape (PUT):**\n\n```json\n{\n  \"provider\": \"webglobe\",\n  \"smtp_host\": \"smtp.webglobe.cz\",\n  \"smtp_port\": 587,\n  \"smtp_security\": \"starttls\",\n  \"smtp_user\": \"noreply@example.com\",\n  \"smtp_password\": \"<paste, only sent on save>\",\n  \"email_from\": \"noreply@example.com\",\n  \"email_from_name\": \"My Site\",\n  \"contact_email_to\": \"owner@example.com\",\n  \"recaptcha_site_key\": \"6Lc...public\",\n  \"recaptcha_secret\": \"6Lc...secret\",\n  \"recaptcha_mode\": \"v3\",\n  \"recaptcha_score_threshold\": 0.5\n}\n```\n\n**Provider values:** `webglobe` (defaults derived from the project's primary production domain) or `smtp` (custom — user supplies all fields). Use `webglobe` unless the user says otherwise.\n\n**Security values:** `starttls` (port 587), `tls` (port 465), `none` (only for explicit testing — never recommend it).\n\n**Invocations:**\n\n```\ndeployik api GET  /api/projects/{id}/email\ndeployik api PUT  /api/projects/{id}/email '{\"provider\":\"webglobe\",\"smtp_host\":\"smtp.webglobe.cz\",\"smtp_port\":587,\"smtp_security\":\"starttls\",\"smtp_user\":\"noreply@example.com\",\"smtp_password\":\"<...>\",\"email_from\":\"noreply@example.com\",\"email_from_name\":\"My Site\",\"contact_email_to\":\"owner@example.com\",\"recaptcha_site_key\":\"<site>\",\"recaptcha_secret\":\"<secret>\",\"recaptcha_mode\":\"v3\",\"recaptcha_score_threshold\":0.5}'\ndeployik api POST /api/projects/{id}/email/test-smtp\n```\n\n**Response from GET:** includes the field `ai_install_prompt` (or similar — confirm the exact key by reading the response). This is a fully-formed prompt the user can paste into any AI coding assistant to install the contact-form code into their site. **When the user asks for the AI prompt, surface this string verbatim** — do not paraphrase or shorten it.\n\n**Workflow when guiding action mode for this recipe:**\n1. Ask the user for the four SMTP values from the Webglobe portal and the two reCAPTCHA keys from Google. Offer to walk them through Parts 1 and 2 of the click-paths recipe if they don't have them yet.\n2. Print the PUT payload (with **password and secret masked** as `***` in the preview) and ask \"Do this?\"\n3. On confirm, send the PUT.\n4. Ask if they want to verify by sending a test email; if yes, run POST `/email/test-smtp`.\n5. If the test succeeds, fetch GET `/email` and surface the AI install prompt for Part 4 of the recipe.\n6. If the test fails, surface the error from `payload.settings.last_test_error` verbatim and offer to walk through troubleshooting.\n\n**Sensitive values:** `smtp_password` and `recaptcha_secret` are the only truly sensitive fields. Treat them like passwords. If the user pastes them in chat, complete the action then suggest rotating them.\n\n---\n\n## rollback\n\n**Goal:** [click-paths.md#rollback](click-paths.md#rollback)\n\n**Endpoints:**\n- `GET /api/projects/{id}/deployments?environment=production&status=live` — find the previous good deployment\n- `POST /api/projects/{id}/deployments` — trigger a redeploy of a specific commit\n\n**Tier:** Mutation — confirm. **Production redeploys flagged as production.**\n\n**Body shape (POST):**\n\n```json\n{ \"environment\": \"production\", \"branch\": \"main\", \"commit_sha\": \"abc1234\" }\n```\n\nIf the user wants to roll back to \"the previous good one\", list deployments first and pick the most recent `live` row before the regression. Show its commit sha and message in the confirmation prompt.\n\n**Invocations:**\n\n```\ndeployik api GET /api/projects/{id}/deployments?environment=production&status=live&limit=5\ndeployik api POST /api/projects/{id}/deployments '{\"environment\":\"production\",\"branch\":\"main\",\"commit_sha\":\"abc1234\"}'\n```\n\n---\n\n## Errors\n\nWhen the API returns a non-2xx status:\n\n- Print the HTTP status and the JSON body (the helper does this automatically — let the user see it).\n- **Don't retry silently.** Most errors are user-meaningful (e.g. `403` from auto-build = missing OAuth scope, `409` from domain add = duplicate, `400` from secret = `NEXT_PUBLIC_` not allowed).\n- Suggest the next step based on the error message rather than guessing or hand-rolling a fix.\n",
+    },
+    {
+        file: "click-paths.md",
+        content: "# Deployik — Where to click\n\nSeven recipes for the most common things a user wants to do in the Deployik dashboard. If the user's goal isn't in the table, ask them warmly to rephrase, or check whether their goal is actually outside Deployik's scope.\n\nEvery recipe ends with a friendly \"stuck on a step?\" line. If the user uses it, ask which step and walk through that single step in fine detail (one click, one screenshot description, or one clarifying question at a time) before continuing.\n\n## What do you want to do?\n\n| Goal | Recipe |\n|------|--------|\n| I want to put my GitHub repo online | [#create-project](#create-project) |\n| I want to use my own domain (example.com) | [#custom-domain](#custom-domain) |\n| I want to set environment variables / API keys | [#env-vars](#env-vars) |\n| I want it to redeploy when I push to GitHub | [#auto-deploy](#auto-deploy) |\n| I want a password before people see the site | [#password-protection](#password-protection) |\n| I want my contact form to actually send emails (with spam protection) | [#contact-form-email](#contact-form-email) |\n| I want to roll back to a previous version | [#rollback](#rollback) |\n\n---\n\n## create-project\n\n**Goal:** Connect a GitHub repository to Deployik and deploy it for the first time.\n\n**Route:** `/new`\n**Sidebar:** (top-right of the Projects page) → **+ New project**\n\n**Steps:**\n1. Click **+ New project** on the dashboard. The page lists every GitHub repo Deployik can see for your account.\n2. Search or scroll for the repo. Click **Import** on the row.\n3. *If Deployik detects a monorepo (multiple apps in subfolders):* a step appears asking which app to deploy. Click the one you want. Framework, root directory, and build command pre-fill.\n4. *If single-app:* this step is skipped automatically.\n5. On the configuration screen:\n   - **Project name** — used as the preview subdomain. Lowercase letters, digits, and hyphens only.\n   - **Branch** — usually `main` or `master`.\n   - **Framework** — auto-detected. If wrong, change it; install/build/output reset to that framework's defaults.\n   - **Workspace** — leave on Personal unless you've been added to a shared org.\n6. Click **Create project**. Deployik creates the auto-domain `{project-name}.preview.lovinka.com`, sets up the GitHub webhook for auto-deploy, and starts the first preview deployment.\n7. The page navigates to the project Overview. The **Preview** strip shows the deployment progressing through queued → building → live.\n\n**Gotcha:** the GitHub OAuth scope must include `admin:repo_hook` for the webhook step to work. If you signed in before that scope was added, sign out and back in.\n\n**Stuck on any of these steps? Tell me which one and I'll walk through it with you.**\n\n**API equivalent:** [api-actions.md#create-project](api-actions.md#create-project)\n\n---\n\n## custom-domain\n\n**Goal:** Point your own domain (e.g. `example.com`) at a Deployik project.\n\n**Route:** `/projects/$id/settings/domains`\n**Sidebar:** Project → **Settings** (expand) → **Domains**\n\n**Steps:**\n1. Click **Domains** under the project's Settings section.\n2. Find the **Add domain** form near the top. Enter the domain (apex like `example.com` or subdomain like `app.example.com`).\n3. Pick the environment — **Preview** for staging, **Production** for live.\n4. Click **Add**. The row appears with status `pending` and `dns_verified: no`.\n5. **Outside Deployik** — go to your domain's DNS provider:\n   - **Cloudflare:** DNS → **Records** → **Add record** → Type `A`, Name (apex = `@`, subdomain = the prefix), IPv4 = the VPS IP shown in Deployik's expandable **DNS Setup Guide** on the same page, Proxy status: **DNS only** (gray cloud, not orange — Cloudflare's proxy interferes with Let's Encrypt). Save.\n   - **Namecheap:** Domain List → **Manage** → **Advanced DNS** → **Add new record** → Type `A Record`, Host (`@` or subdomain), Value = VPS IP, TTL Automatic. Save.\n   - **GoDaddy:** Domain → **DNS** → **Add** → Type `A`, Name (`@` or subdomain), Value = VPS IP. Save.\n   - **Other registrar:** add an `A` record pointing at the VPS IP from the DNS Setup Guide. The exact UI varies — the record type and value matter, the UI doesn't.\n6. Wait 1–5 minutes for DNS to propagate. You can check with `dig +short A example.com` or `nslookup example.com` from your terminal — when it returns the VPS IP, you're ready.\n7. Back in Deployik, on the same Domains page, click the **Verify** button on the domain's row. A live log streams: DNS check → Let's Encrypt cert request → nginx reload. Wait for \"Provisioning complete\".\n8. Once `ssl_status: active`, the **Open** button on the row works. Production primary domain also drives the **Open** link on the project Overview.\n\n**Gotcha:** if Verify fails with \"DNS does not match\", DNS hasn't propagated yet — wait another minute and try again. Don't change anything in Deployik in the meantime.\n\n**Set as primary:** to make this domain the one Deployik treats as canonical for its environment, click the row's three-dot menu → **Set as primary**. A star badge appears.\n\n**Stuck on any of these steps? Tell me which one and I'll walk through it with you.** I can especially help with the registrar's DNS panel — just tell me which provider you use and I'll talk you through the exact clicks.\n\n**API equivalent:** [api-actions.md#custom-domain](api-actions.md#custom-domain)\n\n---\n\n## env-vars\n\n**Goal:** Set environment variables (for build-time `NEXT_PUBLIC_*`) or secrets (runtime-only) for the deployed app.\n\n**Route:** `/projects/$id/settings/env`\n**Sidebar:** Project → **Settings** (expand) → **Environments**\n\n**Steps:**\n1. Click **Environments** under the project's Settings section.\n2. Two tabs at the top: **Variables** (visible at build time, can include `NEXT_PUBLIC_*`) and **Secrets** (runtime only, never in build).\n3. Each row picks a **Scope** — *Shared* (applies to both preview and production), *Preview* only, or *Production* only.\n4. Click **Add variable** (or **Add secret** on that tab). Type the key (e.g. `STRIPE_PUBLIC` or `DATABASE_URL`), the value, pick the scope. Click **Save**.\n5. To bulk-paste from a `.env` file: click **Import .env**, paste the file's contents, pick the scope. Each non-empty line becomes one variable.\n6. Existing values are masked as `****abcd` (last 4 chars). To change a value, click the row's edit (pencil) icon, paste the new value, save.\n\n**Gotcha:** changing a variable does NOT redeploy automatically. You'll see a \"Variables changed since last deploy\" badge on the project Overview. Click **Redeploy** there to apply the new values.\n\n**Build-time vs runtime:** `NEXT_PUBLIC_*` keys are baked into the static bundle at build time, so changing one requires a rebuild. Secrets are always runtime-only — Deployik refuses to save a secret with a `NEXT_PUBLIC_` prefix.\n\n**Stuck on any of these steps? Tell me which one and I'll walk through it with you.** I can also add a variable for you via the API — just tell me the key, value, and which environment.\n\n**API equivalent:** [api-actions.md#env-vars](api-actions.md#env-vars)\n\n---\n\n## auto-deploy\n\n**Goal:** Make Deployik redeploy automatically when you push to GitHub.\n\n**Route:** `/projects/$id/settings`\n**Sidebar:** Project → **Settings** (expand) → **Build** (the default Settings page)\n\n**Steps:**\n1. Click **Settings** in the project sidebar (it lands on Build by default).\n2. Scroll to the **Auto-deploy** section.\n3. Toggle **Enable auto-deploy**. The first time you turn it on, Deployik creates a webhook on the GitHub repo using your OAuth token — this requires the `admin:repo_hook` scope. If the toggle errors, sign out and back in (GitHub re-prompts for the scope).\n4. **Production branch** — the branch whose pushes trigger production deployments. Defaults to the project's main branch (e.g. `main`).\n5. **Preview branches** — comma-separated list of branch names or branch patterns. `*` matches every other branch. Leave as `*` unless you want to restrict preview builds to specific branches.\n6. Click **Save**. The status indicator turns green and shows the GitHub webhook ID.\n7. Push a commit to the production branch. Within seconds, a new deployment with `trigger_source: webhook` appears in the Deployments list, and Deployik streams the build log.\n\n**Gotcha:** if a push doesn't trigger a build, check **GitHub repo → Settings → Webhooks**. The Deployik webhook should show recent deliveries with `200 OK` responses. Re-deliver a failed one from there to debug.\n\n**Stuck on any of these steps? Tell me which one and I'll walk through it with you.**\n\n**API equivalent:** [api-actions.md#auto-deploy](api-actions.md#auto-deploy)\n\n---\n\n## password-protection\n\n**Goal:** Hide the deployed site (preview, production, or both) behind a password before showing it to clients or doing QA.\n\n**Route:** `/projects/$id/settings/protection`\n**Sidebar:** Project → **Settings** (expand) → **Protection**\n\n**Steps:**\n1. Click **Protection** under the project's Settings section.\n2. Two cards: **Preview** and **Production**. Each has a toggle and (when enabled) a password reveal button.\n3. Toggle **Enable password protection** on the environment you want.\n4. Deployik generates a 16-character random password, encrypts and stores it, regenerates the nginx config to add `auth_request` blocks, and shows you the password once. Click the eye icon to reveal it. Copy it now.\n5. Click **Regenerate password** to mint a new one (invalidates the old). The new password is shown the same way.\n6. Visit the deployed site in an incognito window to confirm: the Czech-language auth page (`Heslo`) appears. Enter the password — you're in for 24 hours.\n\n**Gotcha:** changing the password does not log out anyone who's already on the site. The signed `deployik_site_auth` cookie they hold remains valid for its 24-hour lifetime. To force everyone off, change the cookie's `JWT_SECRET` on the Deployik server (operator action).\n\n**Stuck on any of these steps? Tell me which one and I'll walk through it with you.**\n\n**API equivalent:** [api-actions.md#password-protection](api-actions.md#password-protection)\n\n---\n\n## contact-form-email\n\n**Goal:** Make the contact form on your deployed site actually deliver emails to your inbox, with spam protection so bots don't flood you.\n\n**Route:** `/projects/$id/integrations/email`\n**Sidebar:** Project → **Integrations** (expand) → **Email**\n\n**What this gives you:** when someone submits the contact form on your site, a real email lands in your inbox. Bots are filtered out using Google's invisible spam check (reCAPTCHA v3 — your visitors never see a \"click the traffic lights\" puzzle).\n\nThis recipe has three parts. Two of them happen outside Deployik — I'll tell you when we're leaving and when we're coming back.\n\n### Part 1 — Get your SMTP credentials from Webglobe (outside Deployik)\n\nSMTP is just the technical name for \"email sending\" — your hosting provider gives you a username and password your site uses to send mail through their servers.\n\n1. Open a new browser tab, go to your **Webglobe customer portal** (the place where you manage your hosting). Sign in.\n2. Find the section called **Mail** or **E-mail accounts**. Pick the address you want emails to come *from* (e.g. `noreply@yourdomain.com`). Create it if it doesn't exist yet.\n3. On that mailbox, look for **SMTP** or **Outgoing mail** settings. Write down four things:\n   - **SMTP host** (looks like `smtp.webglobe.cz` or similar — exact name varies)\n   - **SMTP port** (usually `587` for STARTTLS or `465` for TLS)\n   - **Security** (`STARTTLS` for port 587, `TLS` for port 465)\n   - **Username** (often the full email address, e.g. `noreply@yourdomain.com`)\n   - **Password** (the mailbox password — keep it safe, you'll paste it into Deployik in Part 3)\n\nIf you can't find any of these, ask me — I'll help you locate them based on what you see in the portal.\n\n### Part 2 — Get reCAPTCHA v3 keys from Google (outside Deployik)\n\nThis is the spam protection. Google gives you two keys: a **site key** that goes on the public form, and a **secret key** the server uses to verify the form was submitted by a human.\n\n1. In a new tab, open `https://www.google.com/recaptcha/admin/create`. Sign in with your Google account.\n2. Fill the form:\n   - **Label:** anything memorable, e.g. `myproject contact form`\n   - **reCAPTCHA type:** pick **reCAPTCHA v3** (very important — v2 won't work).\n   - **Domains:** add your production hostname (e.g. `example.com`). If you have a `www.example.com` variant, add it too. You can add `localhost` for testing.\n   - Accept the terms, click **Submit**.\n3. The next page shows two keys:\n   - **Site key** — public, goes in Deployik. Copy it.\n   - **Secret key** — private, goes in your secrets store. Copy it too (and treat it like a password).\n\n### Part 3 — Wire it up in Deployik\n\nWe're back in Deployik now.\n\n1. In the project sidebar, expand **Integrations** and click **Email**.\n2. Fill in the SMTP fields with what you wrote down in Part 1:\n   - **SMTP host**, **Port**, **Security** (STARTTLS / TLS), **Username**.\n   - For **Password**, click the field and paste the mailbox password.\n3. Fill in the email fields:\n   - **From address** — the mailbox address (e.g. `noreply@yourdomain.com`).\n   - **From name** — the human name shown to recipients (e.g. `My Site`).\n   - **Contact recipients** — who receives the form submissions. Comma-separated if more than one.\n4. Paste the reCAPTCHA **site key** from Part 2 into the **reCAPTCHA site key** field.\n5. **Score threshold** — leave at the default (`0.5`) unless you know you want to change it. Higher = stricter (more bots blocked, but more humans rejected too).\n6. Click **Save**. Deployik writes the SMTP host/port/from-address as **shared variables** and the SMTP password and reCAPTCHA secret as **secrets** — so the deployed site can read them at runtime.\n7. Click **Send test email**. Check the inbox of one of your **Contact recipients**. If it arrives, you're done with Part 3.\n\n### Part 4 — Add the contact form code to your site\n\nThe Email page has an **AI install prompt** section. It generates a copy-pasteable prompt with your project's exact framework, environment variables, and reCAPTCHA site key already filled in.\n\n1. On the Email page, scroll to **AI install prompt** (or **Install with AI**).\n2. Click **Copy prompt**.\n3. Paste the prompt into your AI coding assistant (Cursor, Claude Code, etc.) inside your project's repo. The assistant will write the contact form route, the reCAPTCHA hook, and the server handler that calls Deployik's SMTP credentials.\n4. Commit, push. If auto-deploy is on, the new version is live in a couple of minutes.\n5. Visit your live site, fill out the form, submit. The email should land in the inbox you configured.\n\n**Gotcha:** if the test email succeeds but real form submissions don't arrive, the most common cause is that the contact form code isn't reading the reCAPTCHA secret from environment variables on the server. The AI install prompt sets this up correctly — if it doesn't work, paste the error your form shows you and I'll diagnose.\n\n**Gotcha:** the **SMTP password** and the **reCAPTCHA secret** are the only two truly sensitive values here. Both are stored as secrets (encrypted at rest) — never paste them into a chat with me unless you're willing to rotate them after.\n\n**Stuck on any of these steps? Tell me which one and I'll walk through it with you.** I can also do Part 3 for you via the API once you have the values from Parts 1 and 2 — just ask.\n\n**API equivalent:** [api-actions.md#contact-form-email](api-actions.md#contact-form-email)\n\n---\n\n## rollback\n\n**Goal:** Revert to a previous successful deployment when the latest one is broken.\n\n**Route:** `/projects/$id/deployments`\n**Sidebar:** Project → **Deployments**\n\n**Steps:**\n1. Click **Deployments** in the project sidebar.\n2. The list shows every deployment with status, branch, commit message, who triggered it, and a thumbnail screenshot.\n3. Find the most recent **live**-status row from before the regression. Click the row to open the deployment detail page.\n4. On the detail page, in the top-right, click **Redeploy this commit**. (If you don't see that button, scroll to the build log header — it's there.)\n5. A confirmation modal appears. Click **Redeploy**. A new deployment row appears in the list with the same `commit_sha` but a new `id`, new build, and `triggered_by_username: you`.\n6. When status reaches **live**, the swap completes — the previous broken container is stopped and the rolled-back container takes over. Visitors see the older code immediately.\n\n**Gotcha:** rollback re-runs the build from source. If the regression is a config/env-var issue (not a code change), changing the env var and triggering a new build is faster — see [#env-vars](#env-vars). If it's a runtime dependency that broke between commits, rollback is the right move.\n\n**Stuck on any of these steps? Tell me which one and I'll walk through it with you.** I can also list your recent deployments and pick the right \"last good\" one for you — just say the word.\n\n**API equivalent:** [api-actions.md#rollback](api-actions.md#rollback)\n",
+    },
+];
+//# sourceMappingURL=recipes.generated.js.map

package/dist/knowledge/recipes.generated.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"recipes.generated.js","sourceRoot":"","sources":["../../src/knowledge/recipes.generated.ts"],"names":[],"mappings":"AAAA,mEAAmE;AACnE,+CAA+C;AAO/C,MAAM,CAAC,MAAM,YAAY,GAAiB;IACxC;QACE,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,myIAAmyI;KAC7yI;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,izXAAizX;KAC3zX;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,mgiBAAmgiB;KAC7giB;CACF,CAAC"}

package/dist/lib/format.js

@@ -0,0 +1,96 @@
+export function renderDryRun(dryRun) {
+    const lines = [
+        `DRY RUN — \`${dryRun.tool}\` (${dryRun.tier})`,
+        "",
+        "Impact:",
+        ...Object.entries(dryRun.willDo).map(([k, v]) => `  • ${k}: ${formatValue(v)}`),
+        "",
+        "To proceed, call this tool again with:",
+        `  ${JSON.stringify(dryRun.nextCall)}`,
+    ];
+    return lines.join("\n");
+}
+export function renderProjectSummary(project) {
+    const lines = [
+        `Project: ${project.name} (id: ${project.id})`,
+        `  Workspace:    ${project.organization_name ?? project.organization_id}`,
+        `  Repo:         ${project.github_owner}/${project.github_repo} @ ${project.branch}`,
+        `  Framework:    ${project.framework} (${project.package_manager}, node ${project.node_version})`,
+        `  Status:       ${project.status}`,
+        `  Resource:     ${project.resource_tier}`,
+        `  Created:      ${project.created_at}`,
+    ];
+    if (project.latest_deployment_id) {
+        lines.push(`  Latest:       ${project.latest_deployment_environment ?? "?"} · ${project.latest_deployment_status ?? "?"} (${project.latest_deployment_id})`);
+    }
+    return lines.join("\n");
+}
+export function renderDeploymentSummary(deployment) {
+    return [
+        `Deployment ${deployment.id}`,
+        `  Project:     ${deployment.project_id}`,
+        `  Environment: ${deployment.environment}`,
+        `  Branch:      ${deployment.branch}`,
+        `  Status:      ${deployment.status}`,
+        `  Commit:      ${deployment.commit_sha.slice(0, 8)} — ${truncate(deployment.commit_message, 80)}`,
+        `  Triggered:   ${deployment.trigger_source} · ${deployment.triggered_by_username || deployment.triggered_by}`,
+        `  Created:     ${deployment.created_at}${deployment.finished_at ? ` → finished ${deployment.finished_at}` : ""}`,
+        deployment.error_message ? `  Error:       ${deployment.error_message}` : "",
+    ]
+        .filter(Boolean)
+        .join("\n");
+}
+export function renderDomainsList(domains) {
+    if (domains.length === 0)
+        return "(no domains)";
+    return domains
+        .map((d) => {
+        const flags = [
+            d.is_primary ? "primary" : null,
+            d.is_auto ? "auto" : null,
+            d.dns_verified ? "dns-ok" : "dns-pending",
+            `ssl:${d.ssl_status}`,
+        ]
+            .filter(Boolean)
+            .join(" ");
+        return `  • ${d.domain}  [${d.environment}]  ${flags}`;
+    })
+        .join("\n");
+}
+export function renderVolumesList(volumes) {
+    if (volumes.length === 0)
+        return "(no volumes)";
+    return volumes
+        .map((v) => {
+        const size = v.exists ? formatBytes(v.size_bytes) : "(missing)";
+        const inUse = v.in_use ? "in-use" : "idle";
+        return `  • ${v.name}  [${v.environment}]  ${size}  ${inUse}  mount=${v.mount_path}`;
+    })
+        .join("\n");
+}
+export function renderProtection(status) {
+    return [
+        `  Preview:    ${status.preview_enabled ? "enabled" : "disabled"}`,
+        `  Production: ${status.production_enabled ? "enabled" : "disabled"}`,
+    ].join("\n");
+}
+function truncate(s, n) {
+    if (s.length <= n)
+        return s;
+    return `${s.slice(0, n - 1)}…`;
+}
+function formatValue(v) {
+    if (typeof v === "string")
+        return v;
+    return JSON.stringify(v);
+}
+function formatBytes(n) {
+    if (n < 1024)
+        return `${n} B`;
+    if (n < 1024 * 1024)
+        return `${(n / 1024).toFixed(1)} KiB`;
+    if (n < 1024 * 1024 * 1024)
+        return `${(n / 1024 / 1024).toFixed(1)} MiB`;
+    return `${(n / 1024 / 1024 / 1024).toFixed(2)} GiB`;
+}
+//# sourceMappingURL=format.js.map

package/dist/lib/format.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"format.js","sourceRoot":"","sources":["../../src/lib/format.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,YAAY,CAAC,MAA0G;IACrI,MAAM,KAAK,GAAG;QACZ,eAAe,MAAM,CAAC,IAAI,OAAO,MAAM,CAAC,IAAI,GAAG;QAC/C,EAAE;QACF,SAAS;QACT,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/E,EAAE;QACF,wCAAwC;QACxC,KAAK,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE;KACvC,CAAC;IACF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,MAAM,KAAK,GAAG;QACZ,YAAY,OAAO,CAAC,IAAI,SAAS,OAAO,CAAC,EAAE,GAAG;QAC9C,mBAAmB,OAAO,CAAC,iBAAiB,IAAI,OAAO,CAAC,eAAe,EAAE;QACzE,mBAAmB,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,WAAW,MAAM,OAAO,CAAC,MAAM,EAAE;QACpF,mBAAmB,OAAO,CAAC,SAAS,KAAK,OAAO,CAAC,eAAe,UAAU,OAAO,CAAC,YAAY,GAAG;QACjG,mBAAmB,OAAO,CAAC,MAAM,EAAE;QACnC,mBAAmB,OAAO,CAAC,aAAa,EAAE;QAC1C,mBAAmB,OAAO,CAAC,UAAU,EAAE;KACxC,CAAC;IACF,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CACR,mBAAmB,OAAO,CAAC,6BAA6B,IAAI,GAAG,MAAM,OAAO,CAAC,wBAAwB,IAAI,GAAG,KAAK,OAAO,CAAC,oBAAoB,GAAG,CACjJ,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,UAAsB;IAC5D,OAAO;QACL,cAAc,UAAU,CAAC,EAAE,EAAE;QAC7B,kBAAkB,UAAU,CAAC,UAAU,EAAE;QACzC,kBAAkB,UAAU,CAAC,WAAW,EAAE;QAC1C,kBAAkB,UAAU,CAAC,MAAM,EAAE;QACrC,kBAAkB,UAAU,CAAC,MAAM,EAAE;QACrC,kBAAkB,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,QAAQ,CAAC,UAAU,CAAC,cAAc,EAAE,EAAE,CAAC,EAAE;QAClG,kBAAkB,UAAU,CAAC,cAAc,MAAM,UAAU,CAAC,qBAAqB,IAAI,UAAU,CAAC,YAAY,EAAE;QAC9G,kBAAkB,UAAU,CAAC,UAAU,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC,eAAe,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;QACjH,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,kBAAkB,UAAU,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE;KAC7E;SACE,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,OAAiB;IACjD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,cAAc,CAAC;IAChD,OAAO,OAAO;SACX,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACT,MAAM,KAAK,GAAG;YACZ,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI;YAC/B,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI;YACzB,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,aAAa;YACzC,OAAO,CAAC,CAAC,UAAU,EAAE;SACtB;aACE,MAAM,CAAC,OAAO,CAAC;aACf,IAAI,CAAC,GAAG,CAAC,CAAC;QACb,OAAO,OAAO,CAAC,CAAC,MAAM,MAAM,CAAC,CAAC,WAAW,MAAM,KAAK,EAAE,CAAC;IACzD,CAAC,CAAC;SACD,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,OAAqB;IACrD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,cAAc,CAAC;IAChD,OAAO,OAAO;SACX,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACT,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;QAChE,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC;QAC3C,OAAO,OAAO,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,WAAW,MAAM,IAAI,KAAK,KAAK,WAAW,CAAC,CAAC,UAAU,EAAE,CAAC;IACvF,CAAC,CAAC;SACD,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,MAAwB;IACvD,OAAO;QACL,iBAAiB,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,EAAE;QAClE,iBAAiB,MAAM,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,EAAE;KACtE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS,EAAE,CAAS;IACpC,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,CAAC,CAAC;IAC5B,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC;AACjC,CAAC;AAED,SAAS,WAAW,CAAC,CAAU;IAC7B,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAC;IACpC,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;AAC3B,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,IAAI,CAAC,GAAG,IAAI;QAAE,OAAO,GAAG,CAAC,IAAI,CAAC;IAC9B,IAAI,CAAC,GAAG,IAAI,GAAG,IAAI;QAAE,OAAO,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;IAC3D,IAAI,CAAC,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI;QAAE,OAAO,GAAG,CAAC,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;IACzE,OAAO,GAAG,CAAC,CAAC,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;AACtD,CAAC"}

package/dist/lib/logs.js

@@ -0,0 +1,46 @@
+const ERROR_PATTERNS = [
+    /\berror\b/i,
+    /\bfailed\b/i,
+    /\bpanic\b/i,
+    /\bcannot\b/i,
+    /\bENOENT\b/,
+    /\bcommand not found\b/i,
+    /\bexit (status |code )?[1-9]/i,
+];
+const DEFAULTS = { maxLines: 200, maxBytes: 8 * 1024 };
+export function formatLogs(logs, opts = {}) {
+    const maxLines = opts.maxLines ?? DEFAULTS.maxLines;
+    const maxBytes = opts.maxBytes ?? DEFAULTS.maxBytes;
+    const anchor = opts.anchorErrors !== false;
+    const total = logs.length;
+    if (total === 0) {
+        return { text: "(no log lines yet)", totalLines: 0, returnedLines: 0, truncated: false, errorAnchors: [] };
+    }
+    const slice = opts.tail !== false ? logs.slice(-maxLines) : logs.slice(0, maxLines);
+    const truncatedLines = slice.length < total;
+    const errorAnchors = [];
+    const rendered = [];
+    let byteCount = 0;
+    for (const log of slice) {
+        const prefix = log.stream === "stderr" ? "! " : "  ";
+        const isError = anchor && ERROR_PATTERNS.some((rx) => rx.test(log.content));
+        const marker = isError ? "↑ " : "  ";
+        const line = `${prefix}${marker}${log.line_number.toString().padStart(4, " ")}  ${log.content}`;
+        const lineBytes = Buffer.byteLength(line, "utf8") + 1;
+        if (byteCount + lineBytes > maxBytes)
+            break;
+        rendered.push(line);
+        byteCount += lineBytes;
+        if (isError)
+            errorAnchors.push(log.line_number);
+    }
+    const returnedLines = rendered.length;
+    const truncated = truncatedLines || returnedLines < slice.length;
+    const text = rendered.join("\n");
+    const lastSeen = slice[slice.length - 1]?.line_number ?? 0;
+    const hint = truncated
+        ? `Showing ${returnedLines} of ${total} lines. Call get_deploy_logs with { since_line: ${lastSeen} } for more.`
+        : undefined;
+    return { text, totalLines: total, returnedLines, truncated, errorAnchors, hint };
+}
+//# sourceMappingURL=logs.js.map

package/dist/lib/logs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logs.js","sourceRoot":"","sources":["../../src/lib/logs.ts"],"names":[],"mappings":"AAoBA,MAAM,cAAc,GAAG;IACrB,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,wBAAwB;IACxB,+BAA+B;CAChC,CAAC;AAEF,MAAM,QAAQ,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,GAAG,IAAI,EAAE,CAAC;AAEvD,MAAM,UAAU,UAAU,CAAC,IAAgB,EAAE,OAA0B,EAAE;IACvE,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC;IACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC;IACpD,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,KAAK,KAAK,CAAC;IAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC;IAC1B,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;QAChB,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,UAAU,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;IAC7G,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IACpF,MAAM,cAAc,GAAG,KAAK,CAAC,MAAM,GAAG,KAAK,CAAC;IAC5C,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;QACrD,MAAM,OAAO,GAAG,MAAM,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;QAC5E,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;QACrC,MAAM,IAAI,GAAG,GAAG,MAAM,GAAG,MAAM,GAAG,GAAG,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC;QAChG,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QACtD,IAAI,SAAS,GAAG,SAAS,GAAG,QAAQ;YAAE,MAAM;QAC5C,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,SAAS,IAAI,SAAS,CAAC;QACvB,IAAI,OAAO;YAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC;IACtC,MAAM,SAAS,GAAG,cAAc,IAAI,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC;IACjE,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,WAAW,IAAI,CAAC,CAAC;IAC3D,MAAM,IAAI,GAAG,SAAS;QACpB,CAAC,CAAC,WAAW,aAAa,OAAO,KAAK,mDAAmD,QAAQ,cAAc;QAC/G,CAAC,CAAC,SAAS,CAAC;IAEd,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;AACnF,CAAC"}

package/dist/lib/poll.js

@@ -0,0 +1,20 @@
+export async function pollUntil(probe, predicate, opts) {
+    const start = Date.now();
+    if (opts.initialDelayMs && opts.initialDelayMs > 0) {
+        await sleep(opts.initialDelayMs);
+    }
+    let last = await probe();
+    if (predicate(last))
+        return { done: true, value: last, elapsedMs: Date.now() - start };
+    while (Date.now() - start < opts.timeoutMs) {
+        await sleep(opts.intervalMs);
+        last = await probe();
+        if (predicate(last))
+            return { done: true, value: last, elapsedMs: Date.now() - start };
+    }
+    return { done: false, value: last, elapsedMs: Date.now() - start };
+}
+export function sleep(ms) {
+    return new Promise((res) => setTimeout(res, ms));
+}
+//# sourceMappingURL=poll.js.map

package/dist/lib/poll.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"poll.js","sourceRoot":"","sources":["../../src/lib/poll.ts"],"names":[],"mappings":"AAOA,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,KAAuB,EACvB,SAAgC,EAChC,IAAsB;IAEtB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,IAAI,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;QACnD,MAAM,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACnC,CAAC;IACD,IAAI,IAAI,GAAM,MAAM,KAAK,EAAE,CAAC;IAC5B,IAAI,SAAS,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC;IACvF,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAC3C,MAAM,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,GAAG,MAAM,KAAK,EAAE,CAAC;QACrB,IAAI,SAAS,CAAC,IAAI,CAAC;YAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC;IACzF,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC;AACrE,CAAC;AAED,MAAM,UAAU,KAAK,CAAC,EAAU;IAC9B,OAAO,IAAI,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;AACnD,CAAC"}

package/dist/lib/safety.js

@@ -0,0 +1,38 @@
+export function checkSafety(ctx, args) {
+    if (ctx.tier === "read" || ctx.tier === "mutating") {
+        return { proceed: true };
+    }
+    const required = { confirm: true };
+    if (ctx.tier === "destructive_production") {
+        if (!ctx.expectedName) {
+            throw new Error(`safety: destructive_production tier requires expectedName for tool ${ctx.toolName}`);
+        }
+        required.confirm_name = ctx.expectedName;
+    }
+    if (args.confirm !== true) {
+        return {
+            proceed: false,
+            dryRun: {
+                tool: ctx.toolName,
+                tier: ctx.tier,
+                willDo: ctx.impact,
+                nextCall: required,
+            },
+        };
+    }
+    if (ctx.tier === "destructive_production") {
+        if (args.confirm_name !== ctx.expectedName) {
+            return {
+                proceed: false,
+                dryRun: {
+                    tool: ctx.toolName,
+                    tier: ctx.tier,
+                    willDo: ctx.impact,
+                    nextCall: required,
+                },
+            };
+        }
+    }
+    return { proceed: true };
+}
+//# sourceMappingURL=safety.js.map

package/dist/lib/safety.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"safety.js","sourceRoot":"","sources":["../../src/lib/safety.ts"],"names":[],"mappings":"AAoBA,MAAM,UAAU,WAAW,CAAC,GAAkB,EAAE,IAAgB;IAC9D,IAAI,GAAG,CAAC,IAAI,KAAK,MAAM,IAAI,GAAG,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACnD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,MAAM,QAAQ,GAA4B,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC5D,IAAI,GAAG,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;QAC1C,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,sEAAsE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QACxG,CAAC;QACD,QAAQ,CAAC,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC;IAC3C,CAAC;IAED,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;QAC1B,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE;gBACN,IAAI,EAAE,GAAG,CAAC,QAAQ;gBAClB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,QAAQ,EAAE,QAAQ;aACnB;SACF,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;QAC1C,IAAI,IAAI,CAAC,YAAY,KAAK,GAAG,CAAC,YAAY,EAAE,CAAC;YAC3C,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE;oBACN,IAAI,EAAE,GAAG,CAAC,QAAQ;oBAClB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,QAAQ,EAAE,QAAQ;iBACnB;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC"}

package/dist/resolve/project.js

@@ -0,0 +1,130 @@
+import { execSync } from "node:child_process";
+import { readBinding } from "../config/binding.js";
+import { readCache, writeCache, isCacheFresh } from "../config/cache.js";
+export class ResolveError extends Error {
+    hint;
+    constructor(message, hint) {
+        super(message);
+        this.hint = hint;
+        this.name = "ResolveError";
+    }
+}
+export async function resolveProject(ctx, input = {}) {
+    // 1. explicit id
+    if (input.project_id) {
+        const project = await ctx.client.request(`/projects/${encodeURIComponent(input.project_id)}`);
+        return { project, source: "id" };
+    }
+    // gather projects once
+    const projects = await fetchProjects(ctx);
+    // 2. explicit slug
+    if (input.project) {
+        const match = matchProjectByName(projects, input.project, input.workspace);
+        if (match)
+            return { project: match, source: "slug" };
+        throw new ResolveError(`No project named '${input.project}' is visible to this token${input.workspace ? ` in workspace '${input.workspace}'` : ""}.`, "Call `list_projects` to see what this token can reach.");
+    }
+    // 3. binding file
+    const binding = readBinding(ctx.stateDir);
+    if (binding?.project) {
+        const match = matchProjectByName(projects, binding.project, binding.workspace);
+        if (match)
+            return { project: match, source: "binding" };
+    }
+    // 4. git remote → cached project lookup
+    const remote = readGitRemote(ctx.cwd);
+    if (remote) {
+        const match = projects.find((p) => p.github_owner.toLowerCase() === remote.owner.toLowerCase() && p.github_repo.toLowerCase() === remote.repo.toLowerCase());
+        if (match)
+            return { project: match, source: "git_remote" };
+    }
+    // 5. single project visible
+    if (projects.length === 1) {
+        return { project: projects[0], source: "single_workspace" };
+    }
+    throw new ResolveError("Could not figure out which Deployik project you mean.", "Pass `project: <slug>` or `project_id: <id>`, or run `init_in_repo` to bind this folder to a project.");
+}
+export async function fetchProjects(ctx) {
+    const projects = await ctx.client.request(`/projects`);
+    await refreshCache(ctx, projects);
+    return projects;
+}
+export async function refreshCache(ctx, projects) {
+    // workspaces fetched lazily — only when cache is stale or missing
+    let workspaces = [];
+    const existing = readCache(ctx.stateDir);
+    if (!existing || !isCacheFresh(existing)) {
+        try {
+            workspaces = await ctx.client.request(`/organizations`);
+        }
+        catch {
+            workspaces = existing?.workspaces.map((w) => ({
+                id: w.id,
+                slug: w.slug,
+                name: w.name,
+                is_personal: false,
+                membership_role: "member",
+                project_count: 0,
+                created_at: "",
+                updated_at: "",
+            })) ?? [];
+        }
+    }
+    else {
+        workspaces = existing.workspaces.map((w) => ({
+            id: w.id,
+            slug: w.slug,
+            name: w.name,
+            is_personal: false,
+            membership_role: "member",
+            project_count: 0,
+            created_at: "",
+            updated_at: "",
+        }));
+    }
+    const cached = projects.map((p) => ({
+        id: p.id,
+        name: p.name,
+        workspace: p.organization_name ?? p.organization_id,
+        github_owner: p.github_owner,
+        github_repo: p.github_repo,
+    }));
+    writeCache(ctx.stateDir, {
+        projects: cached,
+        workspaces: workspaces.map((w) => ({ id: w.id, slug: w.slug, name: w.name })),
+        platform: existing?.platform,
+    });
+}
+function matchProjectByName(projects, slug, workspace) {
+    const slugLower = slug.toLowerCase();
+    const matches = projects.filter((p) => p.name.toLowerCase() === slugLower);
+    if (matches.length === 0)
+        return undefined;
+    if (matches.length === 1)
+        return matches[0];
+    if (!workspace)
+        return matches[0];
+    const ws = workspace.toLowerCase();
+    const refined = matches.find((p) => (p.organization_name ?? "").toLowerCase() === ws || p.organization_id === workspace);
+    return refined ?? matches[0];
+}
+function readGitRemote(cwd) {
+    try {
+        const url = execSync("git remote get-url origin", { cwd, encoding: "utf8", stdio: ["ignore", "pipe", "ignore"] }).trim();
+        return parseGithubUrl(url);
+    }
+    catch {
+        return undefined;
+    }
+}
+function parseGithubUrl(url) {
+    // git@github.com:owner/repo.git | https://github.com/owner/repo(.git)?
+    const ssh = url.match(/^git@github\.com:([^\/]+)\/([^\/]+?)(?:\.git)?$/);
+    if (ssh)
+        return { owner: ssh[1], repo: ssh[2] };
+    const https = url.match(/^https?:\/\/github\.com\/([^\/]+)\/([^\/]+?)(?:\.git)?$/);
+    if (https)
+        return { owner: https[1], repo: https[2] };
+    return undefined;
+}
+//# sourceMappingURL=project.js.map

package/dist/resolve/project.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"project.js","sourceRoot":"","sources":["../../src/resolve/project.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAE9C,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAsB,MAAM,oBAAoB,CAAC;AAuB7F,MAAM,OAAO,YAAa,SAAQ,KAAK;IACQ;IAA7C,YAAY,OAAe,EAAkB,IAAY;QACvD,KAAK,CAAC,OAAO,CAAC,CAAC;QAD4B,SAAI,GAAJ,IAAI,CAAQ;QAEvD,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC7B,CAAC;CACF;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,GAAmB,EAAE,QAAsB,EAAE;IAChF,iBAAiB;IACjB,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;QACrB,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CAAU,aAAa,kBAAkB,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QACvG,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IACnC,CAAC;IAED,uBAAuB;IACvB,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAC;IAE1C,mBAAmB;IACnB,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;QAClB,MAAM,KAAK,GAAG,kBAAkB,CAAC,QAAQ,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;QAC3E,IAAI,KAAK;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QACrD,MAAM,IAAI,YAAY,CACpB,qBAAqB,KAAK,CAAC,OAAO,6BAA6B,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,kBAAkB,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAC7H,wDAAwD,CACzD,CAAC;IACJ,CAAC;IAED,kBAAkB;IAClB,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,OAAO,EAAE,OAAO,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,kBAAkB,CAAC,QAAQ,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAC/E,IAAI,KAAK;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1D,CAAC;IAED,wCAAwC;IACxC,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,CACzB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,WAAW,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAChI,CAAC;QACF,IAAI,KAAK;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;IAC7D,CAAC;IAED,4BAA4B;IAC5B,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;IAC/D,CAAC;IAED,MAAM,IAAI,YAAY,CACpB,uDAAuD,EACvD,uGAAuG,CACxG,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,GAAmB;IACrD,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CAAY,WAAW,CAAC,CAAC;IAClE,MAAM,YAAY,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAClC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,GAAmB,EAAE,QAAmB;IACzE,kEAAkE;IAClE,IAAI,UAAU,GAAmB,EAAE,CAAC;IACpC,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzC,IAAI,CAAC;YACH,UAAU,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CAAiB,gBAAgB,CAAC,CAAC;QAC1E,CAAC;QAAC,MAAM,CAAC;YACP,UAAU,GAAG,QAAQ,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC5C,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,WAAW,EAAE,KAAK;gBAClB,eAAe,EAAE,QAAQ;gBACzB,aAAa,EAAE,CAAC;gBAChB,UAAU,EAAE,EAAE;gBACd,UAAU,EAAE,EAAE;aACf,CAAC,CAAC,IAAI,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;SAAM,CAAC;QACN,UAAU,GAAG,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3C,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,WAAW,EAAE,KAAK;YAClB,eAAe,EAAE,QAAQ;YACzB,aAAa,EAAE,CAAC;YAChB,UAAU,EAAE,EAAE;YACd,UAAU,EAAE,EAAE;SACf,CAAC,CAAC,CAAC;IACN,CAAC;IAED,MAAM,MAAM,GAAoB,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACnD,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,SAAS,EAAE,CAAC,CAAC,iBAAiB,IAAI,CAAC,CAAC,eAAe;QACnD,YAAY,EAAE,CAAC,CAAC,YAAY;QAC5B,WAAW,EAAE,CAAC,CAAC,WAAW;KAC3B,CAAC,CAAC,CAAC;IAEJ,UAAU,CAAC,GAAG,CAAC,QAAQ,EAAE;QACvB,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7E,QAAQ,EAAE,QAAQ,EAAE,QAAQ;KAC7B,CAAC,CAAC;AACL,CAAC;AAED,SAAS,kBAAkB,CAAC,QAAmB,EAAE,IAAY,EAAE,SAAkB;IAC/E,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,SAAS,CAAC,CAAC;IAC3E,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAC3C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC,CAAC,CAAE,CAAC;IAC7C,IAAI,CAAC,SAAS;QAAE,OAAO,OAAO,CAAC,CAAC,CAAE,CAAC;IACnC,MAAM,EAAE,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;IACnC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC,eAAe,KAAK,SAAS,CAAC,CAAC;IACzH,OAAO,OAAO,IAAI,OAAO,CAAC,CAAC,CAAE,CAAC;AAChC,CAAC;AAOD,SAAS,aAAa,CAAC,GAAW;IAChC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,QAAQ,CAAC,2BAA2B,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACzH,OAAO,cAAc,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,GAAW;IACjC,uEAAuE;IACvE,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACzE,IAAI,GAAG;QAAE,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,CAAE,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC,CAAE,EAAE,CAAC;IAClD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC;IACnF,IAAI,KAAK;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAE,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAE,EAAE,CAAC;IACxD,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/server.js

@@ -0,0 +1,32 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { DeployikClient } from "./client/http.js";
+import { loadEnv } from "./config/env.js";
+import { registerKnowledgePrompts } from "./knowledge/prompts.js";
+import { registerAllTools } from "./tools/index.js";
+export function buildServer(env = process.env, cwd = process.cwd()) {
+    const cfg = loadEnv(env, cwd);
+    const client = new DeployikClient({
+        baseUrl: cfg.baseUrl,
+        token: cfg.token,
+        timeoutMs: cfg.timeoutMs,
+        userAgent: "deployik-mcp/0.1.0",
+    });
+    const server = new McpServer({
+        name: "deployik",
+        version: "0.1.0",
+    }, {
+        capabilities: {
+            tools: {},
+            prompts: {},
+        },
+    });
+    const ctx = {
+        client,
+        stateDir: cfg.stateDir,
+        cwd: cfg.cwd,
+    };
+    registerKnowledgePrompts(server);
+    registerAllTools(server, ctx);
+    return { server, ctx };
+}
+//# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAQpD,MAAM,UAAU,WAAW,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,MAAc,OAAO,CAAC,GAAG,EAAE;IACxE,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC9B,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC;QAChC,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,SAAS,EAAE,oBAAoB;KAChC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,IAAI,SAAS,CAC1B;QACE,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,OAAO;KACjB,EACD;QACE,YAAY,EAAE;YACZ,KAAK,EAAE,EAAE;YACT,OAAO,EAAE,EAAE;SACZ;KACF,CACF,CAAC;IAEF,MAAM,GAAG,GAAgB;QACvB,MAAM;QACN,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,GAAG,EAAE,GAAG,CAAC,GAAG;KACb,CAAC;IAEF,wBAAwB,CAAC,MAAM,CAAC,CAAC;IACjC,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE9B,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACzB,CAAC"}

package/dist/tools/_helpers.js

@@ -0,0 +1,76 @@
+import { ApiError, asString } from "../client/errors.js";
+import { appendAudit, redact } from "../config/audit.js";
+export function registerTool(server, ctx, def) {
+    const cb = async (rawArgs) => {
+        const args = (rawArgs ?? {});
+        const start = Date.now();
+        try {
+            const result = await def.handler(args, ctx);
+            if (def.audit) {
+                const entry = {
+                    ts: new Date().toISOString(),
+                    tool: def.name,
+                    args: redact(args),
+                    durationMs: Date.now() - start,
+                    outcome: "ok",
+                };
+                appendAudit(ctx.stateDir, entry);
+            }
+            const out = {
+                content: [{ type: "text", text: result.text }],
+            };
+            if (result.data !== undefined) {
+                out.structuredContent = result.data;
+            }
+            if (result.isError) {
+                out.isError = true;
+            }
+            return out;
+        }
+        catch (err) {
+            const message = formatError(err);
+            if (def.audit) {
+                appendAudit(ctx.stateDir, {
+                    ts: new Date().toISOString(),
+                    tool: def.name,
+                    args: redact(args),
+                    httpStatus: err instanceof ApiError ? err.status : undefined,
+                    durationMs: Date.now() - start,
+                    outcome: "error",
+                    error: asString(err),
+                });
+            }
+            return {
+                content: [{ type: "text", text: message }],
+                isError: true,
+            };
+        }
+    };
+    const config = {
+        description: def.description,
+    };
+    if (def.annotations?.title)
+        config.title = def.annotations.title;
+    if (def.inputSchema)
+        config.inputSchema = def.inputSchema;
+    const annotations = { openWorldHint: true, ...(def.annotations ?? {}) };
+    delete annotations.title;
+    config.annotations = annotations;
+    // SDK overload variance: cast through unknown.
+    server.registerTool(def.name, config, cb);
+}
+export function formatError(err) {
+    if (err instanceof ApiError) {
+        const lines = [`Error ${err.status || ""} calling ${err.endpoint}: ${err.message}`.trim()];
+        if (err.hint)
+            lines.push(`Hint: ${err.hint}`);
+        return lines.join("\n");
+    }
+    if (err instanceof Error)
+        return err.message;
+    return String(err);
+}
+export function jsonBlock(label, value) {
+    return `${label}:\n${JSON.stringify(value, null, 2)}`;
+}
+//# sourceMappingURL=_helpers.js.map

package/dist/tools/_helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"_helpers.js","sourceRoot":"","sources":["../../src/tools/_helpers.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,EAAmB,MAAM,oBAAoB,CAAC;AA8B1E,MAAM,UAAU,YAAY,CAC1B,MAAiB,EACjB,GAAgB,EAChB,GAAe;IAGf,MAAM,EAAE,GAAO,KAAK,EAAE,OAAO,EAAE,EAAE;QAC/B,MAAM,IAAI,GAAG,CAAC,OAAO,IAAI,EAAE,CAAmB,CAAC;QAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC5C,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gBACd,MAAM,KAAK,GAAe;oBACxB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBAC5B,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,IAAI,EAAE,MAAM,CAAC,IAA+B,CAAC;oBAC7C,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;oBAC9B,OAAO,EAAE,IAAI;iBACd,CAAC;gBACF,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YACnC,CAAC;YACD,MAAM,GAAG,GAAmB;gBAC1B,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;aAC/C,CAAC;YACF,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC9B,GAAG,CAAC,iBAAiB,GAAG,MAAM,CAAC,IAA+B,CAAC;YACjE,CAAC;YACD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC;YACrB,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;YACjC,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gBACd,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE;oBACxB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBAC5B,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,IAAI,EAAE,MAAM,CAAC,IAA+B,CAAC;oBAC7C,UAAU,EAAE,GAAG,YAAY,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;oBAC5D,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;oBAC9B,OAAO,EAAE,OAAO;oBAChB,KAAK,EAAE,QAAQ,CAAC,GAAG,CAAC;iBACrB,CAAC,CAAC;YACL,CAAC;YACD,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;gBAC1C,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,MAAM,GAA4B;QACtC,WAAW,EAAE,GAAG,CAAC,WAAW;KAC7B,CAAC;IACF,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK;QAAE,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC;IACjE,IAAI,GAAG,CAAC,WAAW;QAAE,MAAM,CAAC,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC;IAC1D,MAAM,WAAW,GAAoB,EAAE,aAAa,EAAE,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC,EAAE,CAAC;IACzF,OAAQ,WAAuC,CAAC,KAAK,CAAC;IACtD,MAAM,CAAC,WAAW,GAAG,WAAW,CAAC;IAEjC,+CAA+C;IAC9C,MAAM,CAAC,YAAsE,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;AACvG,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,GAAY;IACtC,IAAI,GAAG,YAAY,QAAQ,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,CAAC,SAAS,GAAG,CAAC,MAAM,IAAI,EAAE,YAAY,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3F,IAAI,GAAG,CAAC,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,SAAS,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QAC9C,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IACD,IAAI,GAAG,YAAY,KAAK;QAAE,OAAO,GAAG,CAAC,OAAO,CAAC;IAC7C,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAa,EAAE,KAAc;IACrD,OAAO,GAAG,KAAK,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;AACxD,CAAC"}

package/dist/tools/analytics.js

@@ -0,0 +1,46 @@
+import { z } from "zod";
+import { registerTool } from "./_helpers.js";
+import { resolveProject } from "../resolve/project.js";
+const ENV = z.enum(["all", "preview", "production"]);
+const RANGE = z.enum(["1h", "24h", "7d", "30d"]);
+export function registerAnalyticsTools(server, ctx) {
+    registerTool(server, ctx, {
+        name: "get_project_analytics",
+        description: "Get the combined Umami audience + Loki runtime analytics payload for a project.",
+        inputSchema: {
+            project_id: z.string().optional(),
+            project: z.string().optional(),
+            environment: ENV.default("all"),
+            range: RANGE.default("24h"),
+            timezone: z.string().default("UTC"),
+        },
+        annotations: { readOnlyHint: true },
+        handler: async (args) => {
+            const { project } = await resolveProject(ctx, args);
+            const payload = await ctx.client.request(`/projects/${project.id}/analytics`, {
+                query: { environment: args.environment, range: args.range, timezone: args.timezone },
+            });
+            return { text: JSON.stringify(payload, null, 2), data: payload };
+        },
+    });
+    registerTool(server, ctx, {
+        name: "verify_project_analytics",
+        description: "Force a refresh of analytics verification status (re-checks Umami install signal).",
+        inputSchema: {
+            project_id: z.string().optional(),
+            project: z.string().optional(),
+            environment: ENV.default("all"),
+            range: RANGE.default("24h"),
+            timezone: z.string().default("UTC"),
+        },
+        handler: async (args) => {
+            const { project } = await resolveProject(ctx, args);
+            const payload = await ctx.client.request(`/projects/${project.id}/analytics/verify`, {
+                method: "POST",
+                query: { environment: args.environment, range: args.range, timezone: args.timezone },
+            });
+            return { text: JSON.stringify(payload, null, 2), data: payload };
+        },
+    });
+}
+//# sourceMappingURL=analytics.js.map