@pleri/olam-cli 0.1.153 → 0.1.157

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAC;AAChF,OAAO,EAAE,8BAA8B,EAAE,MAAM,yCAAyC,CAAC;AACzF,OAAO,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,MAAM,CAAC;KACZ,WAAW,CAAC,+DAA+D,CAAC;IAC7E,4EAA4E;IAC5E,0EAA0E;KACzE,MAAM,CAAC,OAAO,EAAE,6DAA6D,CAAC;KAC9E,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;AAE7B,gEAAgE;AAChE,6EAA6E;AAC7E,4EAA4E;AAC5E,yEAAyE;AACzE,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AACnD,IAAI,YAAY,KAAK,CAAC,CAAC,EAAE,CAAC;IACxB,qEAAqE;IACrE,+EAA+E;IAC/E,iDAAiD;IACjD,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IACzF,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,0DAA0D,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK;YACtF,qEAAqE,CACxE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AACvD,CAAC;AAED,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,sEAAsE;AACtE,yEAAyE;AACzE,0EAA0E;AAC1E,wEAAwE;AACxE,mBAAmB,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;AAC/D,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAC7B,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,WAAW,CAAC,OAAO,CAAC,CAAC;AACrB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACnC,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACpC,8BAA8B,CAAC,OAAO,CAAC,CAAC;AACxC,2BAA2B,CAAC,OAAO,CAAC,CAAC;AACrC,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAE3B,0EAA0E;AAC1E,6EAA6E;AAC7E,yEAAyE;AACzE,wBAAwB;AAExB,OAAO,CAAC,KAAK,EAAE,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAC;AAChF,OAAO,EAAE,8BAA8B,EAAE,MAAM,yCAAyC,CAAC;AACzF,OAAO,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,MAAM,CAAC;KACZ,WAAW,CAAC,+DAA+D,CAAC;IAC7E,4EAA4E;IAC5E,0EAA0E;KACzE,MAAM,CAAC,OAAO,EAAE,6DAA6D,CAAC;KAC9E,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;AAE7B,gEAAgE;AAChE,6EAA6E;AAC7E,4EAA4E;AAC5E,yEAAyE;AACzE,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AACnD,IAAI,YAAY,KAAK,CAAC,CAAC,EAAE,CAAC;IACxB,qEAAqE;IACrE,+EAA+E;IAC/E,iDAAiD;IACjD,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IACzF,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,0DAA0D,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK;YACtF,qEAAqE,CACxE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AACvD,CAAC;AAED,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,sEAAsE;AACtE,yEAAyE;AACzE,0EAA0E;AAC1E,wEAAwE;AACxE,mBAAmB,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;AAC/D,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAC7B,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,WAAW,CAAC,OAAO,CAAC,CAAC;AACrB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACnC,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACpC,8BAA8B,CAAC,OAAO,CAAC,CAAC;AACxC,2BAA2B,CAAC,OAAO,CAAC,CAAC;AACrC,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,cAAc,CAAC,OAAO,CAAC,CAAC;AAExB,0EAA0E;AAC1E,6EAA6E;AAC7E,yEAAyE;AACzE,wBAAwB;AAExB,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/lib/memory-host-process-migration.d.ts

@@ -0,0 +1,56 @@
+/**
+ * memory-host-process-migration.ts — idempotent cleanup of the Phase A
+ * host-process model's residual state on disk.
+ *
+ * Phase A spawned `agentmemory` as a host child process and recorded its PID
+ * at `~/.olam/memory.pid` + stdout/stderr at `~/.olam/memory-service.log`.
+ * Phase B repoints `olam memory start` at the Docker substrate (this skill's
+ * `MemoryServiceContainerController`); the legacy pidfile + log become orphan
+ * artefacts the moment the new substrate runs.
+ *
+ * This helper is called from `runMemoryStart` / `runMemoryStop` (B1 / B2) BEFORE
+ * the substrate handoff so operators upgrading from the host-process model
+ * never have to manually clean up.
+ *
+ * PID-reuse defence (T2 mitigation). A stale pidfile can record a PID that
+ * the OS has since recycled to an unrelated process. SIGTERMing the wrong PID
+ * is a foot-gun. Defence:
+ *   1. If pidfile is absent → no-op.
+ *   2. If recorded PID is dead (kill(0) throws ESRCH) → unlink pidfile only.
+ *   3. If recorded PID is alive BUT `ps -p <pid> -o comm=` doesn't return
+ *      `node` (the legacy host-process was always a node child) → unlink
+ *      pidfile WITHOUT signalling. Logs a warning so support can diagnose.
+ *   4. Only when PID is alive AND comm=node → SIGTERM, wait up to 5s,
+ *      SIGKILL on timeout, then unlink.
+ *
+ * Plan reference: docs/plans/memory-service-as-docker-peripheral/phase-b-tasks.md B5
+ */
+export interface MigrationResult {
+    /** True if any legacy artefact (pidfile or log) was found + cleaned. */
+    readonly cleaned: boolean;
+    /** One-line description of what happened (for operator-visible logging). */
+    readonly summary: string;
+}
+export interface MigrationOptions {
+    /** Remove `memory-service.log` in addition to the pidfile (B2 stop path uses this). */
+    removeLog?: boolean;
+    /** Override the pidfile path. Defaults to MEMORY_PID_PATH. Used by tests. */
+    pidPath?: string;
+    /** Override the log path. Defaults to MEMORY_LOG_PATH. Used by tests. */
+    logPath?: string;
+}
+/**
+ * Detect + clean up legacy host-process state. Idempotent — safe to call on
+ * every `olam memory start` / `olam memory stop` invocation; no-op when no
+ * legacy artefacts present.
+ *
+ * Side effects (only when artefacts present):
+ *   - Unlink `~/.olam/memory.pid` if it exists.
+ *   - Send SIGTERM (then SIGKILL on timeout) to the recorded PID iff it's
+ *     alive AND its comm name is `node` (the legacy spawn shape).
+ *   - Leave `~/.olam/memory-service.log` in place by default — operators
+ *     may want to inspect it post-migration. Pass `{ removeLog: true }` to
+ *     remove it explicitly (B2's stop path uses this).
+ */
+export declare function migrateFromHostProcess(opts?: MigrationOptions): MigrationResult;
+//# sourceMappingURL=memory-host-process-migration.d.ts.map

package/dist/lib/memory-host-process-migration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-host-process-migration.d.ts","sourceRoot":"","sources":["../../src/lib/memory-host-process-migration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAMH,MAAM,WAAW,eAAe;IAC9B,wEAAwE;IACxE,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,4EAA4E;IAC5E,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,gBAAgB;IAC/B,uFAAuF;IACvF,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,6EAA6E;IAC7E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yEAAyE;IACzE,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAID;;;;;;;;;;;;GAYG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,GAAE,gBAAqB,GAAG,eAAe,CAoDnF"}

package/dist/lib/memory-host-process-migration.js

@@ -0,0 +1,156 @@
+/**
+ * memory-host-process-migration.ts — idempotent cleanup of the Phase A
+ * host-process model's residual state on disk.
+ *
+ * Phase A spawned `agentmemory` as a host child process and recorded its PID
+ * at `~/.olam/memory.pid` + stdout/stderr at `~/.olam/memory-service.log`.
+ * Phase B repoints `olam memory start` at the Docker substrate (this skill's
+ * `MemoryServiceContainerController`); the legacy pidfile + log become orphan
+ * artefacts the moment the new substrate runs.
+ *
+ * This helper is called from `runMemoryStart` / `runMemoryStop` (B1 / B2) BEFORE
+ * the substrate handoff so operators upgrading from the host-process model
+ * never have to manually clean up.
+ *
+ * PID-reuse defence (T2 mitigation). A stale pidfile can record a PID that
+ * the OS has since recycled to an unrelated process. SIGTERMing the wrong PID
+ * is a foot-gun. Defence:
+ *   1. If pidfile is absent → no-op.
+ *   2. If recorded PID is dead (kill(0) throws ESRCH) → unlink pidfile only.
+ *   3. If recorded PID is alive BUT `ps -p <pid> -o comm=` doesn't return
+ *      `node` (the legacy host-process was always a node child) → unlink
+ *      pidfile WITHOUT signalling. Logs a warning so support can diagnose.
+ *   4. Only when PID is alive AND comm=node → SIGTERM, wait up to 5s,
+ *      SIGKILL on timeout, then unlink.
+ *
+ * Plan reference: docs/plans/memory-service-as-docker-peripheral/phase-b-tasks.md B5
+ */
+import { existsSync, readFileSync, unlinkSync } from 'node:fs';
+import { spawnSync } from 'node:child_process';
+import { MEMORY_PID_PATH, MEMORY_LOG_PATH } from '../commands/memory/_paths.js';
+const KILL_TIMEOUT_MS = 5_000;
+/**
+ * Detect + clean up legacy host-process state. Idempotent — safe to call on
+ * every `olam memory start` / `olam memory stop` invocation; no-op when no
+ * legacy artefacts present.
+ *
+ * Side effects (only when artefacts present):
+ *   - Unlink `~/.olam/memory.pid` if it exists.
+ *   - Send SIGTERM (then SIGKILL on timeout) to the recorded PID iff it's
+ *     alive AND its comm name is `node` (the legacy spawn shape).
+ *   - Leave `~/.olam/memory-service.log` in place by default — operators
+ *     may want to inspect it post-migration. Pass `{ removeLog: true }` to
+ *     remove it explicitly (B2's stop path uses this).
+ */
+export function migrateFromHostProcess(opts = {}) {
+    const pidPath = opts.pidPath ?? MEMORY_PID_PATH;
+    const logPath = opts.logPath ?? MEMORY_LOG_PATH;
+    const pidfileExists = existsSync(pidPath);
+    const logExists = existsSync(logPath);
+    if (!pidfileExists && !logExists) {
+        return { cleaned: false, summary: 'no legacy host-process state to clean' };
+    }
+    const events = [];
+    if (pidfileExists) {
+        const pid = readPidFromFile(pidPath);
+        if (pid === null) {
+            // Pidfile exists but is unparseable — just unlink.
+            unlinkSync(pidPath);
+            events.push('unlinked unparseable ~/.olam/memory.pid');
+        }
+        else if (!isProcessAlive(pid)) {
+            // Recorded PID is dead — clean unlink with no signalling.
+            unlinkSync(pidPath);
+            events.push(`unlinked stale ~/.olam/memory.pid (pid ${pid} not alive)`);
+        }
+        else {
+            // PID is alive — check comm name before signalling.
+            const comm = processCommName(pid);
+            if (comm !== 'node') {
+                // PID-reuse case: alive but not our process. Unlink WITHOUT signalling.
+                unlinkSync(pidPath);
+                events.push(`unlinked ~/.olam/memory.pid without signal (pid ${pid} comm=${comm ?? 'unknown'}, not node — assumed PID-reuse, defensive skip)`);
+            }
+            else {
+                // Our process — terminate gracefully.
+                const terminated = terminateProcess(pid);
+                unlinkSync(pidPath);
+                events.push(terminated
+                    ? `terminated legacy host-process pid ${pid} (SIGTERM) + unlinked pidfile`
+                    : `terminated legacy host-process pid ${pid} (SIGKILL after timeout) + unlinked pidfile`);
+            }
+        }
+    }
+    if (logExists && opts.removeLog) {
+        unlinkSync(logPath);
+        events.push('removed legacy ~/.olam/memory-service.log');
+    }
+    else if (logExists) {
+        events.push('left ~/.olam/memory-service.log in place (inspectable; pass {removeLog:true} to remove)');
+    }
+    return { cleaned: true, summary: events.join('; ') };
+}
+function readPidFromFile(pidPath) {
+    try {
+        const raw = readFileSync(pidPath, 'utf8').trim();
+        const pid = parseInt(raw, 10);
+        if (!Number.isFinite(pid) || pid <= 0)
+            return null;
+        return pid;
+    }
+    catch {
+        return null;
+    }
+}
+function isProcessAlive(pid) {
+    try {
+        // signal 0 doesn't deliver; just tests existence + permission
+        process.kill(pid, 0);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Read the comm name of a process via `ps -p <pid> -o comm=`. Returns null
+ * on any error (process gone, ps not available, etc.) — the caller treats
+ * null as "don't signal," which is the safe default.
+ */
+function processCommName(pid) {
+    const r = spawnSync('ps', ['-p', String(pid), '-o', 'comm='], { encoding: 'utf-8' });
+    if (r.status !== 0)
+        return null;
+    const comm = r.stdout.trim();
+    // `ps` may return a full path (e.g. `/usr/local/bin/node`); take basename.
+    return comm.split('/').pop() ?? null;
+}
+/**
+ * SIGTERM the PID; wait up to 5s for it to exit; SIGKILL on timeout.
+ * Returns true if SIGTERM was sufficient, false if SIGKILL was needed.
+ */
+function terminateProcess(pid) {
+    try {
+        process.kill(pid, 'SIGTERM');
+    }
+    catch {
+        // Already dead between the comm-check and now; nothing to do.
+        return true;
+    }
+    const deadline = Date.now() + KILL_TIMEOUT_MS;
+    while (Date.now() < deadline) {
+        if (!isProcessAlive(pid))
+            return true;
+        // Busy-spin sleep — node:fs is synchronous; no async helper here.
+        spawnSync('sleep', ['0.1']);
+    }
+    // Still alive after timeout — escalate.
+    try {
+        process.kill(pid, 'SIGKILL');
+    }
+    catch {
+        // race: died between probe and SIGKILL
+    }
+    return false;
+}
+//# sourceMappingURL=memory-host-process-migration.js.map

package/dist/lib/memory-host-process-migration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-host-process-migration.js","sourceRoot":"","sources":["../../src/lib/memory-host-process-migration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAkBhF,MAAM,eAAe,GAAG,KAAK,CAAC;AAE9B;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAyB,EAAE;IAChE,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,eAAe,CAAC;IAChD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,eAAe,CAAC;IAChD,MAAM,aAAa,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IAEtC,IAAI,CAAC,aAAa,IAAI,CAAC,SAAS,EAAE,CAAC;QACjC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;IAC9E,CAAC;IAED,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACjB,mDAAmD;YACnD,UAAU,CAAC,OAAO,CAAC,CAAC;YACpB,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;QACzD,CAAC;aAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,0DAA0D;YAC1D,UAAU,CAAC,OAAO,CAAC,CAAC;YACpB,MAAM,CAAC,IAAI,CAAC,0CAA0C,GAAG,aAAa,CAAC,CAAC;QAC1E,CAAC;aAAM,CAAC;YACN,oDAAoD;YACpD,MAAM,IAAI,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;gBACpB,wEAAwE;gBACxE,UAAU,CAAC,OAAO,CAAC,CAAC;gBACpB,MAAM,CAAC,IAAI,CACT,mDAAmD,GAAG,SAAS,IAAI,IAAI,SAAS,iDAAiD,CAClI,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,sCAAsC;gBACtC,MAAM,UAAU,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;gBACzC,UAAU,CAAC,OAAO,CAAC,CAAC;gBACpB,MAAM,CAAC,IAAI,CACT,UAAU;oBACR,CAAC,CAAC,sCAAsC,GAAG,+BAA+B;oBAC1E,CAAC,CAAC,sCAAsC,GAAG,6CAA6C,CAC3F,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,SAAS,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,UAAU,CAAC,OAAO,CAAC,CAAC;QACpB,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IAC3D,CAAC;SAAM,IAAI,SAAS,EAAE,CAAC;QACrB,MAAM,CAAC,IAAI,CAAC,yFAAyF,CAAC,CAAC;IACzG,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;AACvD,CAAC;AAED,SAAS,eAAe,CAAC,OAAe;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QACjD,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC9B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QACnD,OAAO,GAAG,CAAC;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,GAAW;IACjC,IAAI,CAAC;QACH,8DAA8D;QAC9D,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,eAAe,CAAC,GAAW;IAClC,MAAM,CAAC,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;IACrF,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAChC,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAC7B,2EAA2E;IAC3E,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CAAC,GAAW;IACnC,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,8DAA8D;QAC9D,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,eAAe,CAAC;IAC9C,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QACtC,kEAAkE;QAClE,SAAS,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9B,CAAC;IACD,wCAAwC;IACxC,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,uCAAuC;IACzC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/lib/upgrade-kubernetes.d.ts

@@ -23,6 +23,8 @@
  *   D27 — audit log entry (phase2.flag_removed) emitted per upgrade run
  *
  * Step order (Phase D — kubernetes substrate, Phase 2 GA):
+ *   0.4  R3-C create/update ghcr-pull imagePullSecret in olam namespace (when GH_TOKEN available)
+ *   0.5  D4 k3d node docker socket bind-mount preflight (Decision #11 backward-compat surface)
  *   0    probeKubernetesApiReachable — 5s timeout kubectl cluster-info
  *   1    D10 context-allowlist + OLAM_K8S_CONTEXT_ACK strict-equality byte-for-byte
  *   2    D12 Secret pre-check (olam-host-cp-secret; base64-decode; key-name check)
@@ -112,6 +114,23 @@ export interface UpgradeKubernetesDeps {
     readonly k8sBootstrapImpl?: typeof ensureK8sBootstrap;
     /** B4: pass-through deps for `ensureK8sBootstrap`. */
     readonly k8sBootstrapDeps?: K8sBootstrapDeps;
+    /**
+     * B3/step 0.4: override the GH token value for tests.
+     * When `ghTokenOverrideActive` is true AND `ghTokenOverride` is undefined,
+     * the step treats GH_TOKEN as absent (skipped path). When `ghTokenOverride`
+     * is a string, that string is used as the token regardless of env/config.
+     * When `ghTokenOverrideActive` is falsy (default), real env/config is used.
+     */
+    readonly ghTokenOverride?: string;
+    readonly ghTokenOverrideActive?: boolean;
+    /**
+     * Phase D D4: override for k3d node mount detection (step 0.5 preflight).
+     * Returns 'new-form' when /host-colima/ bind is present (correct),
+     * 'old-form' when /var/run/docker.sock direct file-bind is present (broken on colima),
+     * or 'none' when neither is detectable (non-k3d or bare k3s cluster — warn only).
+     * Tests inject a mock to avoid real `docker inspect` invocations.
+     */
+    readonly checkK3dNodeMountsImpl?: () => Promise<'new-form' | 'old-form' | 'none'>;
 }
 export interface UpgradeKubernetesOpts {
     readonly forceRefreshManifests?: boolean;

package/dist/lib/upgrade-kubernetes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"upgrade-kubernetes.d.ts","sourceRoot":"","sources":["../../src/lib/upgrade-kubernetes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAQ9B,OAAO,EAAE,WAAW,EAAwB,MAAM,mBAAmB,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,8BAA8B,EAAE,wBAAwB,EAAE,KAAK,eAAe,EAAE,KAAK,yBAAyB,EAAE,MAAM,mBAAmB,CAAC;AACrK,OAAO,EAAE,mBAAmB,EAAE,KAAK,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAC1E,OAAO,EAAE,kBAAkB,EAAE,uBAAuB,EAA4B,KAAK,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAItI,OAAO,EAAE,kBAAkB,EAAE,KAAK,aAAa,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEhG,eAAO,MAAM,sBAAsB,QAA2C,CAAC;AAC/E,eAAO,MAAM,aAAa,SAAS,CAAC;AACpC,eAAO,MAAM,mBAAmB,wBAAwB,CAAC;AACzD,eAAO,MAAM,uBAAuB,iBAAiB,CAAC;AACtD,eAAO,MAAM,mBAAmB,yBAAyB,CAAC;AAC1D,eAAO,MAAM,kBAAkB,kCAAkC,CAAC;AAElE,oDAAoD;AACpD,eAAO,MAAM,mBAAmB,QAAqD,CAAC;AAwItF,MAAM,WAAW,qBAAqB;IACpC,uCAAuC;IACvC,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,WAAW,CAAC;IAC9C,2CAA2C;IAC3C,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,gBAAgB,CAAC;IACxD,yDAAyD;IACzD,QAAQ,CAAC,kCAAkC,CAAC,EAAE,OAAO,8BAA8B,CAAC;IACpF,mDAAmD;IACnD,QAAQ,CAAC,4BAA4B,CAAC,EAAE,OAAO,wBAAwB,CAAC;IACxE,wDAAwD;IACxD,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC5E,8CAA8C;IAC9C,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,mBAAmB,CAAC;IAC/C,2CAA2C;IAC3C,QAAQ,CAAC,mBAAmB,CAAC,EAAE,OAAO,kBAAkB,CAAC;IACzD,2CAA2C;IAC3C,QAAQ,CAAC,iBAAiB,CAAC,EAAE,OAAO,uBAAuB,CAAC;IAC5D,sFAAsF;IACtF,QAAQ,CAAC,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IAC/C,6CAA6C;IAC7C,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,yEAAyE;IACzE,QAAQ,CAAC,eAAe,CAAC,EAAE,eAAe,CAAC;IAC3C,iGAAiG;IACjG,QAAQ,CAAC,yBAAyB,CAAC,EAAE,yBAAyB,CAAC;IAC/D,oCAAoC;IACpC,QAAQ,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC;IAC7B,iCAAiC;IACjC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;IACxC,iCAAiC;IACjC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;IACxC,oEAAoE;IACpE,QAAQ,CAAC,gBAAgB,CAAC,EAAE,OAAO,EAAE,CAAC,YAAY,CAAC;IACnD,yDAAyD;IACzD,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,MAAM,CAAC;IAChC;;;;OAIG;IACH,QAAQ,CAAC,uBAAuB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAChE;;;;OAIG;IACH,QAAQ,CAAC,qBAAqB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IACvE;;;OAGG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,CAAC,EAAE,OAAO,kBAAkB,CAAC;IACtD,sDAAsD;IACtD,QAAQ,CAAC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;CAC9C;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,OAAO,CAAC;IACzC,QAAQ,CAAC,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAC5C,wFAAwF;IACxF,QAAQ,CAAC,aAAa,CAAC,EAAE,OAAO,CAAC;IACjC;;;;;;OAMG;IACH,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC;CACpC;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAgTD;;;;GAIG;AACH,wBAAsB,oBAAoB,CACxC,IAAI,GAAE,qBAA0B,EAChC,IAAI,GAAE,qBAA0B,GAC/B,OAAO,CAAC,uBAAuB,CAAC,CAwXlC"}
+{"version":3,"file":"upgrade-kubernetes.d.ts","sourceRoot":"","sources":["../../src/lib/upgrade-kubernetes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAQ9B,OAAO,EAAE,WAAW,EAAwB,MAAM,mBAAmB,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,8BAA8B,EAAE,wBAAwB,EAAE,KAAK,eAAe,EAAE,KAAK,yBAAyB,EAAE,MAAM,mBAAmB,CAAC;AACrK,OAAO,EAAE,mBAAmB,EAAE,KAAK,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAC1E,OAAO,EAAE,kBAAkB,EAAE,uBAAuB,EAA4B,KAAK,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAItI,OAAO,EAAE,kBAAkB,EAAE,KAAK,aAAa,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEhG,eAAO,MAAM,sBAAsB,QAA2C,CAAC;AAC/E,eAAO,MAAM,aAAa,SAAS,CAAC;AACpC,eAAO,MAAM,mBAAmB,wBAAwB,CAAC;AACzD,eAAO,MAAM,uBAAuB,iBAAiB,CAAC;AACtD,eAAO,MAAM,mBAAmB,yBAAyB,CAAC;AAC1D,eAAO,MAAM,kBAAkB,kCAAkC,CAAC;AAElE,oDAAoD;AACpD,eAAO,MAAM,mBAAmB,QAAqD,CAAC;AAkJtF,MAAM,WAAW,qBAAqB;IACpC,uCAAuC;IACvC,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,WAAW,CAAC;IAC9C,2CAA2C;IAC3C,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,gBAAgB,CAAC;IACxD,yDAAyD;IACzD,QAAQ,CAAC,kCAAkC,CAAC,EAAE,OAAO,8BAA8B,CAAC;IACpF,mDAAmD;IACnD,QAAQ,CAAC,4BAA4B,CAAC,EAAE,OAAO,wBAAwB,CAAC;IACxE,wDAAwD;IACxD,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC5E,8CAA8C;IAC9C,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,mBAAmB,CAAC;IAC/C,2CAA2C;IAC3C,QAAQ,CAAC,mBAAmB,CAAC,EAAE,OAAO,kBAAkB,CAAC;IACzD,2CAA2C;IAC3C,QAAQ,CAAC,iBAAiB,CAAC,EAAE,OAAO,uBAAuB,CAAC;IAC5D,sFAAsF;IACtF,QAAQ,CAAC,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IAC/C,6CAA6C;IAC7C,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,yEAAyE;IACzE,QAAQ,CAAC,eAAe,CAAC,EAAE,eAAe,CAAC;IAC3C,iGAAiG;IACjG,QAAQ,CAAC,yBAAyB,CAAC,EAAE,yBAAyB,CAAC;IAC/D,oCAAoC;IACpC,QAAQ,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC;IAC7B,iCAAiC;IACjC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;IACxC,iCAAiC;IACjC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;IACxC,oEAAoE;IACpE,QAAQ,CAAC,gBAAgB,CAAC,EAAE,OAAO,EAAE,CAAC,YAAY,CAAC;IACnD,yDAAyD;IACzD,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,MAAM,CAAC;IAChC;;;;OAIG;IACH,QAAQ,CAAC,uBAAuB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAChE;;;;OAIG;IACH,QAAQ,CAAC,qBAAqB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IACvE;;;OAGG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,CAAC,EAAE,OAAO,kBAAkB,CAAC;IACtD,sDAAsD;IACtD,QAAQ,CAAC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IAC7C;;;;;;OAMG;IACH,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,OAAO,CAAC;IACzC;;;;;;OAMG;IACH,QAAQ,CAAC,sBAAsB,CAAC,EAAE,MAAM,OAAO,CAAC,UAAU,GAAG,UAAU,GAAG,MAAM,CAAC,CAAC;CACnF;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,OAAO,CAAC;IACzC,QAAQ,CAAC,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAC5C,wFAAwF;IACxF,QAAQ,CAAC,aAAa,CAAC,EAAE,OAAO,CAAC;IACjC;;;;;;OAMG;IACH,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC;CACpC;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAkdD;;;;GAIG;AACH,wBAAsB,oBAAoB,CACxC,IAAI,GAAE,qBAA0B,EAChC,IAAI,GAAE,qBAA0B,GAC/B,OAAO,CAAC,uBAAuB,CAAC,CAmalC"}

package/dist/lib/upgrade-kubernetes.js

@@ -23,6 +23,8 @@
  *   D27 — audit log entry (phase2.flag_removed) emitted per upgrade run
  *
  * Step order (Phase D — kubernetes substrate, Phase 2 GA):
+ *   0.4  R3-C create/update ghcr-pull imagePullSecret in olam namespace (when GH_TOKEN available)
+ *   0.5  D4 k3d node docker socket bind-mount preflight (Decision #11 backward-compat surface)
  *   0    probeKubernetesApiReachable — 5s timeout kubectl cluster-info
  *   1    D10 context-allowlist + OLAM_K8S_CONTEXT_ACK strict-equality byte-for-byte
  *   2    D12 Secret pre-check (olam-host-cp-secret; base64-decode; key-name check)
@@ -82,10 +84,20 @@ const PERIPHERAL_SECRETS = [
 const K8S_DNS_SUFFIX = 'olam.svc.cluster.local';
 /**
  * Build the K8s in-cluster DNS URL for a peripheral service.
- * Form: http://<k8sServiceName>.olam.svc.cluster.local:<port>
+ * Form: http://olam-<k8sServiceName>.olam.svc.cluster.local:<port>
+ *
+ * All olam peripheral k8s Services are named `olam-<short-name>` in the
+ * manifests (e.g. `olam-auth-service` not `auth-service`). The PERIPHERALS
+ * registry stores the short name in `k8sServiceName` for use by port-forward
+ * (which already works). Here we always prepend `olam-` because the DNS
+ * hostname MUST match the Service metadata.name in 60-service.yaml.
+ *
+ * C3 (R3-F): fix — previous form `http://auth-service.olam.svc.cluster.local`
+ * resolved to nothing; correct form is `http://olam-auth-service.olam.svc.cluster.local`.
  */
 function buildK8sDnsUrl(k8sServiceName, port) {
-    return `http://${k8sServiceName}.${K8S_DNS_SUFFIX}:${port}`;
+    const prefixed = k8sServiceName.startsWith('olam-') ? k8sServiceName : `olam-${k8sServiceName}`;
+    return `http://${prefixed}.${K8S_DNS_SUFFIX}:${port}`;
 }
 /**
  * Append a JSONL audit entry to the substrate audit log (D18).
@@ -394,6 +406,140 @@ async function verifyHealthHeader(deps) {
         return { ok: false, engineHeader: null };
     }
 }
+/**
+ * Step 0.4 — R3-C: create/update ghcr-pull imagePullSecret (Decision R3-#3).
+ *
+ * Creates a kubernetes.io/dockerconfigjson Secret named `ghcr-pull` in the
+ * `olam` namespace so all 5 Deployment specs (host-cp + 4 peripherals) can
+ * pull private images from ghcr.io/pleri/* without anonymous rate limits.
+ *
+ * Token resolution order:
+ *   1. deps.ghTokenOverride (test injection — ghTokenOverrideActive must be true)
+ *   2. host.gh_token in ~/.olam/config.json (operator config, not yet wired here —
+ *      future: read via resolveKubectlContext deps; skipped for Phase B scope)
+ *   3. GH_TOKEN environment variable
+ *
+ * Returns { skipped: true } when no token is available (not a hard failure —
+ * operators without a GH token fall back to anonymous pulls which may rate-limit).
+ *
+ * Idempotent: `kubectl apply -f -` (stdin) is a no-op when the Secret already
+ * exists with the same content (kubectl reports "configured" or "unchanged").
+ */
+async function createGhcrPullSecret(context, deps, stderr) {
+    // Resolve GH token from override (test injection) or environment.
+    let ghToken;
+    if (deps.ghTokenOverrideActive === true) {
+        ghToken = deps.ghTokenOverride;
+    }
+    else {
+        ghToken = process.env['GH_TOKEN'];
+    }
+    if (!ghToken) {
+        stderr.write(`${pc.yellow('[warn]')} GH_TOKEN not found — skipping ghcr-pull Secret creation.\n` +
+            `  Image pulls from ghcr.io/pleri/* will use anonymous access (may rate-limit).\n` +
+            `  Set GH_TOKEN env var or add host.gh_token to ~/.olam/config.json to enable.\n`);
+        return { skipped: true, reason: 'no GH_TOKEN in env or config' };
+    }
+    const dockerConfigJson = JSON.stringify({
+        auths: {
+            'ghcr.io': {
+                auth: Buffer.from(`pleri:${ghToken}`).toString('base64'),
+            },
+        },
+    });
+    const secretManifest = {
+        apiVersion: 'v1',
+        kind: 'Secret',
+        type: 'kubernetes.io/dockerconfigjson',
+        metadata: { name: 'ghcr-pull', namespace: K8S_NAMESPACE },
+        data: {
+            '.dockerconfigjson': Buffer.from(dockerConfigJson).toString('base64'),
+        },
+    };
+    const secretYaml = JSON.stringify(secretManifest); // kubectl apply accepts JSON as YAML
+    const wrap = deps.kubectlWrapImpl ?? kubectlWrap;
+    const result = await wrap(['--context', context, 'apply', '-f', '-'], { timeout: 30_000, stdin: secretYaml });
+    if (!result.ok) {
+        return { skipped: false, reason: `kubectl apply ghcr-pull failed: ${result.stderr.split('\n')[0] ?? ''}` };
+    }
+    return { skipped: false };
+}
+/** k3d node container name olam uses by convention. */
+const K3D_NODE_CONTAINER = 'k3d-olam-host-server-0';
+/**
+ * Default implementation: run `docker inspect k3d-olam-host-server-0` and
+ * scan the Mounts array to determine which bind form is in use.
+ *
+ * Returns:
+ *   'new-form' — /host-colima/ bind present (correct form per Phase B B1)
+ *   'old-form' — /var/run/docker.sock direct file-bind present (broken on colima, R3-A)
+ *   'none'     — container not found or neither bind detectable (non-k3d / bare k3s)
+ */
+async function defaultCheckK3dNodeMounts() {
+    const { execFile } = await import('node:child_process');
+    const { promisify } = await import('node:util');
+    const execFileAsync = promisify(execFile);
+    try {
+        const { stdout } = await execFileAsync('docker', ['inspect', K3D_NODE_CONTAINER, '--format', '{{json .HostConfig.Binds}}'], { timeout: 8_000 });
+        const binds = JSON.parse(stdout.trim());
+        if (!Array.isArray(binds))
+            return 'none';
+        // New form: bind contains /host-colima/ (directory bind from Phase B B1).
+        if (binds.some((b) => b.includes('/host-colima/')))
+            return 'new-form';
+        // Old form: bind contains /var/run/docker.sock as a file source (R3-A broken form).
+        if (binds.some((b) => b.startsWith('/var/run/docker.sock:')))
+            return 'old-form';
+        return 'none';
+    }
+    catch {
+        // Container not found, docker unavailable, or JSON parse error — treat as non-k3d.
+        return 'none';
+    }
+}
+/**
+ * Step 0.5 — Phase D D4: k3d node docker socket bind-mount preflight (Decision #11).
+ *
+ * Detects whether the k3d-olam-host cluster was created with the correct
+ * `--volume "$HOME/.colima/default/:/host-colima/@server:*"` bind (new form,
+ * Phase B B1) or the old `--volume /var/run/docker.sock:/var/run/docker.sock`
+ * direct file-bind (broken on colima, R3-A).
+ *
+ * - 'new-form' → proceed (correct)
+ * - 'old-form' → hard error with actionable Decision #11 recreate command
+ * - 'none'     → WARN only (non-k3d or bare k3s without socket bind; may work)
+ *
+ * Runs ONLY on kubernetes substrate. The check is host-side (`docker inspect`)
+ * so it can fire BEFORE any kubectl apply (pre-step 0b runs AFTER cluster is
+ * deployed; this runs BEFORE step 0 so fresh-install operators catch the
+ * broken bind before wasting a full upgrade attempt).
+ *
+ * Returns null on pass/warn (upgrade should continue);
+ * returns error message string on hard failure (upgrade should abort).
+ */
+async function preflightK3dNodeMounts(deps, stderr) {
+    const check = deps.checkK3dNodeMountsImpl ?? defaultCheckK3dNodeMounts;
+    const form = await check();
+    if (form === 'new-form') {
+        // Correct bind — proceed silently.
+        return null;
+    }
+    if (form === 'old-form') {
+        // Decision #11 backward-compat error: operator must recreate the cluster.
+        return (`Your k3d cluster was created with the old --volume form which fails on colima.\n` +
+            `  Recreate the cluster with:\n` +
+            `    k3d cluster delete olam-host\n` +
+            `    k3d cluster create olam-host --volume "$HOME/.colima/default/:/host-colima/@server:*"\n` +
+            `  Then re-run olam upgrade.`);
+    }
+    // 'none': k3d node container not found or non-k3d cluster (bare k3s, minikube, etc.).
+    // Emit WARN only — we cannot detect the bind on non-k3d setups, so do not block.
+    stderr.write(`${pc.yellow('[warn]')} step 0.5: k3d node container "${K3D_NODE_CONTAINER}" not found or bind form undetectable.\n` +
+        `  This is expected on non-k3d clusters (bare k3s, minikube). Continuing.\n` +
+        `  On colima+k3d: ensure the cluster was created with:\n` +
+        `    k3d cluster create olam-host --volume "$HOME/.colima/default/:/host-colima/@server:*"\n`);
+    return null;
+}
 /**
  * Main entrypoint for the kubernetes upgrade path.
  *
@@ -420,6 +566,49 @@ export async function runUpgradeKubernetes(opts = {}, deps = {}) {
         }
         // skipped: dir exists or bundle absent (dev context) — no output, continue.
     }
+    // ── Step 0.4: R3-C — create/update ghcr-pull imagePullSecret ────────
+    // Runs BEFORE probeKubernetesApiReachable because the Secret creation itself
+    // requires API access. Placed after manifest seed so manifests (which include
+    // imagePullSecrets: [{name: ghcr-pull}]) are on disk before step 3 applies them.
+    //
+    // Context resolution: step 0.4 runs before the B3 context-resolution block, so
+    // we resolve a preliminary context here. The canonical resolution happens at
+    // pre-step 0a-prelude and is used for all subsequent steps. This duplicate
+    // resolution is acceptable — step 0.4 is additive and does not replace B3.
+    {
+        const preliminaryResolved = resolveKubectlContext(deps.configPath);
+        if (preliminaryResolved.error === undefined) {
+            const preliminaryContext = preliminaryResolved.context;
+            const step04Spinner = ora('Creating ghcr-pull imagePullSecret (R3-C)').start();
+            const pullSecretResult = await createGhcrPullSecret(preliminaryContext, deps, stderr);
+            if (pullSecretResult.skipped) {
+                step04Spinner.warn(`ghcr-pull Secret skipped: ${pullSecretResult.reason ?? 'no token'}`);
+            }
+            else if (pullSecretResult.reason) {
+                // kubectl apply failed — warn but do not abort. Rollout will fail on 401
+                // image pull if the secret is needed, which surfaces a clear error.
+                const warnMsg = `ghcr-pull Secret apply failed (continuing): ${pullSecretResult.reason}`;
+                step04Spinner.warn(warnMsg);
+                stderr.write(`${pc.yellow('[warn]')} ${warnMsg}\n`);
+            }
+            else {
+                step04Spinner.succeed('ghcr-pull imagePullSecret created/updated');
+            }
+        }
+        // If context resolution fails here, step 0a-prelude will catch and abort below.
+    }
+    // ── Step 0.5: D4 — k3d node docker socket bind-mount preflight (Decision #11) ──
+    // Runs BEFORE API reachability (step 0) so operators on a mis-configured k3d
+    // cluster get an actionable error before wasting a full upgrade attempt.
+    // Only meaningful on k3d clusters where the node container is named
+    // k3d-olam-host-server-0. Non-k3d clusters emit WARN and proceed.
+    {
+        const step05Error = await preflightK3dNodeMounts(deps, stderr);
+        if (step05Error !== null) {
+            stderr.write(`${pc.red('error:')} ${step05Error}\n`);
+            return { exitCode: 1, summary: 'k3d node bind-mount preflight failed (Decision #11)' };
+        }
+    }
     // ── Pre-step 0a-prelude: B3 — resolve kubectl context ONCE (config + env) ──
     // The context is needed by ALL kubectl-invoking pre-steps and steps below.
     // Resolution policy lives in `kubectl-context.ts` (single source of truth):