@reyemtech/nimbus 1.1.2 → 1.3.0

package/dist/cjs/azure/index.d.ts

@@ -8,4 +8,5 @@ export { createAksCluster, type IAksOptions } from "./cluster";
 export { createAzureDns, type IAzureDnsOptions } from "./dns";
 export { createAzureSecrets, type IAzureSecretsOptions } from "./secrets";
 export { createAzureStateBackend, type IAzureStateBackendOptions } from "./state";
+export { ensureResourceGroup, type IResourceGroupOptions } from "./resource-group";
 //# sourceMappingURL=index.d.ts.map

package/dist/cjs/azure/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/azure/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,KAAK,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAC1E,OAAO,EAAE,gBAAgB,EAAE,KAAK,WAAW,EAAE,MAAM,WAAW,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,KAAK,gBAAgB,EAAE,MAAM,OAAO,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,KAAK,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAC1E,OAAO,EAAE,uBAAuB,EAAE,KAAK,yBAAyB,EAAE,MAAM,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/azure/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,KAAK,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAC1E,OAAO,EAAE,gBAAgB,EAAE,KAAK,WAAW,EAAE,MAAM,WAAW,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,KAAK,gBAAgB,EAAE,MAAM,OAAO,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,KAAK,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAC1E,OAAO,EAAE,uBAAuB,EAAE,KAAK,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,KAAK,qBAAqB,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/cjs/azure/index.js

@@ -5,7 +5,7 @@
  * @module azure
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createAzureStateBackend = exports.createAzureSecrets = exports.createAzureDns = exports.createAksCluster = exports.createAzureNetwork = void 0;
+exports.ensureResourceGroup = exports.createAzureStateBackend = exports.createAzureSecrets = exports.createAzureDns = exports.createAksCluster = exports.createAzureNetwork = void 0;
 var network_1 = require("./network");
 Object.defineProperty(exports, "createAzureNetwork", { enumerable: true, get: function () { return network_1.createAzureNetwork; } });
 var cluster_1 = require("./cluster");
@@ -16,4 +16,6 @@ var secrets_1 = require("./secrets");
 Object.defineProperty(exports, "createAzureSecrets", { enumerable: true, get: function () { return secrets_1.createAzureSecrets; } });
 var state_1 = require("./state");
 Object.defineProperty(exports, "createAzureStateBackend", { enumerable: true, get: function () { return state_1.createAzureStateBackend; } });
+var resource_group_1 = require("./resource-group");
+Object.defineProperty(exports, "ensureResourceGroup", { enumerable: true, get: function () { return resource_group_1.ensureResourceGroup; } });
 //# sourceMappingURL=index.js.map

package/dist/cjs/azure/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/azure/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,qCAA0E;AAAjE,6GAAA,kBAAkB,OAAA;AAC3B,qCAA+D;AAAtD,2GAAA,gBAAgB,OAAA;AACzB,6BAA8D;AAArD,qGAAA,cAAc,OAAA;AACvB,qCAA0E;AAAjE,6GAAA,kBAAkB,OAAA;AAC3B,iCAAkF;AAAzE,gHAAA,uBAAuB,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/azure/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,qCAA0E;AAAjE,6GAAA,kBAAkB,OAAA;AAC3B,qCAA+D;AAAtD,2GAAA,gBAAgB,OAAA;AACzB,6BAA8D;AAArD,qGAAA,cAAc,OAAA;AACvB,qCAA0E;AAAjE,6GAAA,kBAAkB,OAAA;AAC3B,iCAAkF;AAAzE,gHAAA,uBAAuB,OAAA;AAChC,mDAAmF;AAA1E,qHAAA,mBAAmB,OAAA"}

package/dist/cjs/azure/resource-group.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Resource group abstraction — declare once, reuse across all Azure resources.
+ *
+ * Caches by name so multiple factories referencing the same resource group
+ * share a single Pulumi resource declaration. Idempotent by design:
+ * Pulumi handles create/update/no-op on each `pulumi up`.
+ *
+ * @module azure/resource-group
+ */
+import type * as pulumi from "@pulumi/pulumi";
+/** Options for {@link ensureResourceGroup}. */
+export interface IResourceGroupOptions {
+    /** Tags to apply to the resource group. */
+    readonly tags?: Record<string, string>;
+    /** Azure location override. Defaults to the Pulumi-configured region. */
+    readonly location?: pulumi.Input<string>;
+}
+/**
+ * Ensure a resource group is declared in the Pulumi stack.
+ *
+ * First call creates the Pulumi resource; subsequent calls with the
+ * same name return the cached reference. This is pure declaration —
+ * Pulumi decides whether to create, update, or skip at deploy time.
+ *
+ * @param name - Desired resource group name in Azure (e.g. "rg-myapp-canadacentral")
+ * @param opts - Optional tags and location override
+ * @returns The ResourceGroup's name as a Pulumi Output (for dependency chaining)
+ *
+ * @example
+ * ```typescript
+ * const rgName = ensureResourceGroup("rg-prod-canadacentral", {
+ *   tags: { environment: "production" },
+ * });
+ * ```
+ */
+export declare function ensureResourceGroup(name: string, opts?: IResourceGroupOptions): pulumi.Output<string>;
+//# sourceMappingURL=resource-group.d.ts.map

package/dist/cjs/azure/resource-group.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resource-group.d.ts","sourceRoot":"","sources":["../../../src/azure/resource-group.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,KAAK,KAAK,MAAM,MAAM,gBAAgB,CAAC;AAK9C,+CAA+C;AAC/C,MAAM,WAAW,qBAAqB;IACpC,2CAA2C;IAC3C,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,yEAAyE;IACzE,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;CAC1C;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,qBAAqB,GAC3B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAYvB"}

package/dist/cjs/azure/resource-group.js

@@ -0,0 +1,79 @@
+"use strict";
+/**
+ * Resource group abstraction — declare once, reuse across all Azure resources.
+ *
+ * Caches by name so multiple factories referencing the same resource group
+ * share a single Pulumi resource declaration. Idempotent by design:
+ * Pulumi handles create/update/no-op on each `pulumi up`.
+ *
+ * @module azure/resource-group
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureResourceGroup = ensureResourceGroup;
+const azure = __importStar(require("@pulumi/azure-native/resources"));
+/** Cache of declared resource groups, keyed by name. */
+const cache = new Map();
+/**
+ * Ensure a resource group is declared in the Pulumi stack.
+ *
+ * First call creates the Pulumi resource; subsequent calls with the
+ * same name return the cached reference. This is pure declaration —
+ * Pulumi decides whether to create, update, or skip at deploy time.
+ *
+ * @param name - Desired resource group name in Azure (e.g. "rg-myapp-canadacentral")
+ * @param opts - Optional tags and location override
+ * @returns The ResourceGroup's name as a Pulumi Output (for dependency chaining)
+ *
+ * @example
+ * ```typescript
+ * const rgName = ensureResourceGroup("rg-prod-canadacentral", {
+ *   tags: { environment: "production" },
+ * });
+ * ```
+ */
+function ensureResourceGroup(name, opts) {
+    const existing = cache.get(name);
+    if (existing)
+        return existing.name;
+    const rg = new azure.ResourceGroup(`nimbus-rg-${name}`, {
+        resourceGroupName: name,
+        location: opts?.location,
+        tags: opts?.tags,
+    });
+    cache.set(name, rg);
+    return rg.name;
+}
+//# sourceMappingURL=resource-group.js.map

package/dist/cjs/azure/resource-group.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resource-group.js","sourceRoot":"","sources":["../../../src/azure/resource-group.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCH,kDAeC;AA/CD,sEAAwD;AAGxD,wDAAwD;AACxD,MAAM,KAAK,GAAG,IAAI,GAAG,EAA+B,CAAC;AAUrD;;;;;;;;;;;;;;;;;GAiBG;AACH,SAAgB,mBAAmB,CACjC,IAAY,EACZ,IAA4B;IAE5B,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACjC,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC,IAAI,CAAC;IAEnC,MAAM,EAAE,GAAG,IAAI,KAAK,CAAC,aAAa,CAAC,aAAa,IAAI,EAAE,EAAE;QACtD,iBAAiB,EAAE,IAAI;QACvB,QAAQ,EAAE,IAAI,EAAE,QAAQ;QACxB,IAAI,EAAE,IAAI,EAAE,IAAI;KACjB,CAAC,CAAC;IAEH,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACpB,OAAO,EAAE,CAAC,IAAI,CAAC;AACjB,CAAC"}

package/dist/cjs/azure/secrets.d.ts

@@ -9,8 +9,8 @@ import type { ISecrets, ISecretsConfig } from "../secrets";
 export interface IAzureSecretsOptions {
     /** Resource group name. Required for Azure. */
     readonly resourceGroupName: pulumi.Input<string>;
-    /** Azure AD tenant ID. Required for Key Vault access policies. */
-    readonly tenantId: pulumi.Input<string>;
+    /** Azure AD tenant ID. Auto-detected via `getClientConfigOutput()` when omitted. */
+    readonly tenantId?: pulumi.Input<string>;
     /** Object ID of the principal that should have access to secrets. */
     readonly objectId?: pulumi.Input<string>;
     /** Key Vault SKU. Default: "standard". */
@@ -19,6 +19,10 @@ export interface IAzureSecretsOptions {
 /**
  * Create an Azure Key Vault for secret management.
  *
+ * When `tenantId` is omitted, it is auto-detected from the current Azure
+ * identity via `getClientConfigOutput()`. A Key Vault Secrets Officer RBAC
+ * role assignment is automatically created for the deploying principal.
+ *
  * @example
  * ```typescript
  * const secrets = createAzureSecrets("prod", {
@@ -26,7 +30,6 @@ export interface IAzureSecretsOptions {
  *   backend: "azure-key-vault",
  * }, {
  *   resourceGroupName: "my-rg",
- *   tenantId: "00000000-0000-0000-0000-000000000000",
  * });
  *
  * secrets.putSecret("database", { host: "db.example.com", password: dbPassword });

package/dist/cjs/azure/secrets.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../../src/azure/secrets.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,MAAM,MAAM,gBAAgB,CAAC;AACzC,OAAO,KAAK,EAAc,QAAQ,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AASvE,sCAAsC;AACtC,MAAM,WAAW,oBAAoB;IACnC,+CAA+C;IAC/C,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjD,kEAAkE;IAClE,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACxC,qEAAqE;IACrE,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACzC,0CAA0C;IAC1C,QAAQ,CAAC,GAAG,CAAC,EAAE,UAAU,GAAG,SAAS,CAAC;CACvC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,cAAc,EACtB,OAAO,EAAE,oBAAoB,GAC5B,QAAQ,CAqGV"}
+{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../../src/azure/secrets.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,MAAM,MAAM,gBAAgB,CAAC;AACzC,OAAO,KAAK,EAAc,QAAQ,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAYvE,sCAAsC;AACtC,MAAM,WAAW,oBAAoB;IACnC,+CAA+C;IAC/C,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjD,oFAAoF;IACpF,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACzC,qEAAqE;IACrE,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACzC,0CAA0C;IAC1C,QAAQ,CAAC,GAAG,CAAC,EAAE,UAAU,GAAG,SAAS,CAAC;CACvC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,cAAc,EACtB,OAAO,EAAE,oBAAoB,GAC5B,QAAQ,CAmHV"}

package/dist/cjs/azure/secrets.js

@@ -46,9 +46,15 @@ const types_1 = require("../types");
 const KEY_VAULT_NAME_MAX_LENGTH = 24;
 /** Default soft-delete retention period in days for Key Vault. */
 const SOFT_DELETE_RETENTION_DAYS = 90;
+/** Well-known role definition ID for Key Vault Secrets Officer. */
+const KEY_VAULT_SECRETS_OFFICER_ROLE_ID = "b86a8fe4-44ce-4948-aee5-eccb2c155cd7";
 /**
  * Create an Azure Key Vault for secret management.
  *
+ * When `tenantId` is omitted, it is auto-detected from the current Azure
+ * identity via `getClientConfigOutput()`. A Key Vault Secrets Officer RBAC
+ * role assignment is automatically created for the deploying principal.
+ *
  * @example
  * ```typescript
  * const secrets = createAzureSecrets("prod", {
@@ -56,7 +62,6 @@ const SOFT_DELETE_RETENTION_DAYS = 90;
  *   backend: "azure-key-vault",
  * }, {
  *   resourceGroupName: "my-rg",
- *   tenantId: "00000000-0000-0000-0000-000000000000",
  * });
  *
  * secrets.putSecret("database", { host: "db.example.com", password: dbPassword });
@@ -68,12 +73,15 @@ function createAzureSecrets(name, config, options) {
     const target = (0, types_1.resolveCloudTarget)(cloud);
     const tags = config.tags ?? {};
     const rgName = options.resourceGroupName;
+    // Auto-detect tenantId from current Azure identity when not provided
+    const clientConfig = azure.authorization.getClientConfigOutput();
+    const tenantId = options.tenantId ?? clientConfig.tenantId;
     // Key Vault names must be 3-24 chars, alphanumeric + hyphens
     const vaultName = name.replace(/[^a-zA-Z0-9-]/g, "-").substring(0, KEY_VAULT_NAME_MAX_LENGTH);
     const accessPolicies = [];
     if (options.objectId) {
         accessPolicies.push({
-            tenantId: options.tenantId,
+            tenantId,
             objectId: options.objectId,
             permissions: {
                 secrets: ["Get", "List", "Set", "Delete"],
@@ -84,7 +92,7 @@ function createAzureSecrets(name, config, options) {
         vaultName,
         resourceGroupName: rgName,
         properties: {
-            tenantId: options.tenantId,
+            tenantId,
             sku: {
                 family: "A",
                 name: options.sku === "premium"
@@ -98,6 +106,12 @@ function createAzureSecrets(name, config, options) {
         },
         tags: { ...tags, Name: `${name}-kv` },
     });
+    // Grant the deploying principal Key Vault Secrets Officer on this vault
+    new azure.authorization.RoleAssignment(`${name}-kv-secrets-officer`, {
+        principalId: clientConfig.objectId,
+        roleDefinitionId: clientConfig.subscriptionId.apply((sub) => `/subscriptions/${sub}/providers/Microsoft.Authorization/roleDefinitions/${KEY_VAULT_SECRETS_OFFICER_ROLE_ID}`),
+        scope: vault.id,
+    });
     // Track created secrets for getSecretRef lookups
     const secretResources = new Map();
     return {

package/dist/cjs/azure/secrets.js.map

@@ -1 +1 @@
-{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../../src/azure/secrets.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0CH,gDAyGC;AAjJD,4DAA8C;AAC9C,uDAAyC;AAEzC,oCAA8C;AAE9C,qFAAqF;AACrF,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAErC,kEAAkE;AAClE,MAAM,0BAA0B,GAAG,EAAE,CAAC;AActC;;;;;;;;;;;;;;;;GAgBG;AACH,SAAgB,kBAAkB,CAChC,IAAY,EACZ,MAAsB,EACtB,OAA6B;IAE7B,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;IACxF,MAAM,MAAM,GAAG,IAAA,0BAAkB,EAAC,KAAK,CAAC,CAAC;IAEzC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;IAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAEzC,6DAA6D;IAC7D,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,yBAAyB,CAAC,CAAC;IAE9F,MAAM,cAAc,GAAuD,EAAE,CAAC;IAC9E,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,cAAc,CAAC,IAAI,CAAC;YAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,WAAW,EAAE;gBACX,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAC;aAC1C;SACF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,IAAI,KAAK,EAAE;QACnD,SAAS;QACT,iBAAiB,EAAE,MAAM;QACzB,UAAU,EAAE;YACV,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,GAAG,EAAE;gBACH,MAAM,EAAE,GAAG;gBACX,IAAI,EACF,OAAO,CAAC,GAAG,KAAK,SAAS;oBACvB,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO;oBAChC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ;aACtC;YACD,gBAAgB,EAAE,IAAI;YACtB,yBAAyB,EAAE,0BAA0B;YACrD,uBAAuB,EAAE,IAAI;YAC7B,cAAc;SACf;QACD,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,GAAG,IAAI,KAAK,EAAE;KACtC,CAAC,CAAC;IAEH,iDAAiD;IACjD,MAAM,eAAe,GAAG,IAAI,GAAG,EAAiC,CAAC;IAEjE,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,MAAM;QACb,OAAO,EAAE,iBAAiB;QAC1B,cAAc,EAAE,KAAK;QAErB,SAAS,CAAC,IAAY,EAAE,IAA0C;YAChE,gFAAgF;YAChF,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;YACnF,iDAAiD;YACjD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;YAEvD,MAAM,MAAM,GAAG,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,IAAI,IAAI,UAAU,EAAE,EAAE;gBAChE,UAAU;gBACV,SAAS,EAAE,KAAK,CAAC,IAAI;gBACrB,iBAAiB,EAAE,MAAM;gBACzB,UAAU,EAAE;oBACV,KAAK,EAAE,WAAW;oBAClB,WAAW,EAAE,kBAAkB;iBAChC;gBACD,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE;aACxB,CAAC,CAAC;YAEH,eAAe,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACpC,CAAC;QAED,YAAY,CAAC,GAAe;YAC1B,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC7C,MAAM,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC;YAEpB,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,4CAA4C;gBAC5C,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;gBAC3D,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,CAAC,eAAe,CAAC;oBAC5C,UAAU;oBACV,SAAS,EAAE,KAAK,CAAC,IAAI;oBACrB,iBAAiB,EAAE,MAAM;iBAC1B,CAAC,CAAC;gBAEH,IAAI,GAAG,EAAE,CAAC;oBACR,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;wBACvC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,IAAI,IAAI,CAA2B,CAAC;wBACzE,OAAO,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;oBAC3B,CAAC,CAAC,CAAC;gBACL,CAAC;gBACD,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;YAC/D,CAAC;YAED,IAAI,GAAG,EAAE,CAAC;gBACR,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;oBACvC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,IAAI,IAAI,CAA2B,CAAC;oBACzE,OAAO,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;gBAC3B,CAAC,CAAC,CAAC;YACL,CAAC;YACD,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QAC/D,CAAC;KACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../../src/azure/secrets.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgDH,gDAuHC;AArKD,4DAA8C;AAC9C,uDAAyC;AAEzC,oCAA8C;AAE9C,qFAAqF;AACrF,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAErC,kEAAkE;AAClE,MAAM,0BAA0B,GAAG,EAAE,CAAC;AAEtC,mEAAmE;AACnE,MAAM,iCAAiC,GAAG,sCAAsC,CAAC;AAcjF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,SAAgB,kBAAkB,CAChC,IAAY,EACZ,MAAsB,EACtB,OAA6B;IAE7B,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;IACxF,MAAM,MAAM,GAAG,IAAA,0BAAkB,EAAC,KAAK,CAAC,CAAC;IAEzC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;IAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAEzC,qEAAqE;IACrE,MAAM,YAAY,GAAG,KAAK,CAAC,aAAa,CAAC,qBAAqB,EAAE,CAAC;IACjE,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,YAAY,CAAC,QAAQ,CAAC;IAE3D,6DAA6D;IAC7D,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,yBAAyB,CAAC,CAAC;IAE9F,MAAM,cAAc,GAAuD,EAAE,CAAC;IAC9E,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,cAAc,CAAC,IAAI,CAAC;YAClB,QAAQ;YACR,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,WAAW,EAAE;gBACX,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAC;aAC1C;SACF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,IAAI,KAAK,EAAE;QACnD,SAAS;QACT,iBAAiB,EAAE,MAAM;QACzB,UAAU,EAAE;YACV,QAAQ;YACR,GAAG,EAAE;gBACH,MAAM,EAAE,GAAG;gBACX,IAAI,EACF,OAAO,CAAC,GAAG,KAAK,SAAS;oBACvB,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO;oBAChC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ;aACtC;YACD,gBAAgB,EAAE,IAAI;YACtB,yBAAyB,EAAE,0BAA0B;YACrD,uBAAuB,EAAE,IAAI;YAC7B,cAAc;SACf;QACD,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,GAAG,IAAI,KAAK,EAAE;KACtC,CAAC,CAAC;IAEH,wEAAwE;IACxE,IAAI,KAAK,CAAC,aAAa,CAAC,cAAc,CAAC,GAAG,IAAI,qBAAqB,EAAE;QACnE,WAAW,EAAE,YAAY,CAAC,QAAQ;QAClC,gBAAgB,EAAE,YAAY,CAAC,cAAc,CAAC,KAAK,CACjD,CAAC,GAAG,EAAE,EAAE,CACN,kBAAkB,GAAG,sDAAsD,iCAAiC,EAAE,CACjH;QACD,KAAK,EAAE,KAAK,CAAC,EAAE;KAChB,CAAC,CAAC;IAEH,iDAAiD;IACjD,MAAM,eAAe,GAAG,IAAI,GAAG,EAAiC,CAAC;IAEjE,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,MAAM;QACb,OAAO,EAAE,iBAAiB;QAC1B,cAAc,EAAE,KAAK;QAErB,SAAS,CAAC,IAAY,EAAE,IAA0C;YAChE,gFAAgF;YAChF,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;YACnF,iDAAiD;YACjD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;YAEvD,MAAM,MAAM,GAAG,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,IAAI,IAAI,UAAU,EAAE,EAAE;gBAChE,UAAU;gBACV,SAAS,EAAE,KAAK,CAAC,IAAI;gBACrB,iBAAiB,EAAE,MAAM;gBACzB,UAAU,EAAE;oBACV,KAAK,EAAE,WAAW;oBAClB,WAAW,EAAE,kBAAkB;iBAChC;gBACD,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE;aACxB,CAAC,CAAC;YAEH,eAAe,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACpC,CAAC;QAED,YAAY,CAAC,GAAe;YAC1B,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC7C,MAAM,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC;YAEpB,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,4CAA4C;gBAC5C,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;gBAC3D,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,CAAC,eAAe,CAAC;oBAC5C,UAAU;oBACV,SAAS,EAAE,KAAK,CAAC,IAAI;oBACrB,iBAAiB,EAAE,MAAM;iBAC1B,CAAC,CAAC;gBAEH,IAAI,GAAG,EAAE,CAAC;oBACR,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;wBACvC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,IAAI,IAAI,CAA2B,CAAC;wBACzE,OAAO,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;oBAC3B,CAAC,CAAC,CAAC;gBACL,CAAC;gBACD,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;YAC/D,CAAC;YAED,IAAI,GAAG,EAAE,CAAC;gBACR,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;oBACvC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,IAAI,IAAI,CAA2B,CAAC;oBACzE,OAAO,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;gBAC3B,CAAC,CAAC,CAAC;YACL,CAAC;YACD,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QAC/D,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/cjs/cli/azure-prompts.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Azure-specific CLI prompt orchestration for `nimbus new`.
+ *
+ * Prompts users for Azure region and resource group name
+ * when scaffolding Azure templates.
+ *
+ * @module cli/azure-prompts
+ */
+import type { TemplateName } from "./templates.js";
+/** Azure configuration values collected from interactive prompts. */
+export interface IAzureTemplateOptions {
+    readonly region: string;
+    readonly resourceGroupName: string;
+}
+/**
+ * Check whether a template requires Azure prompts.
+ *
+ * @param template - Template name to check
+ * @returns True if the template needs Azure configuration
+ */
+export declare function requiresAzurePrompts(template: TemplateName): boolean;
+/**
+ * Prompt the user for Azure configuration values.
+ *
+ * Asks for region and resource group name.
+ *
+ * @param projectName - Project name used for default resource group
+ * @returns Azure template options collected from the user
+ */
+export declare function promptForAzureOptions(projectName: string): Promise<IAzureTemplateOptions>;
+//# sourceMappingURL=azure-prompts.d.ts.map

package/dist/cjs/cli/azure-prompts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"azure-prompts.d.ts","sourceRoot":"","sources":["../../../src/cli/azure-prompts.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEnD,qEAAqE;AACrE,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;CACpC;AAKD;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,CAEpE;AAED;;;;;;;GAOG;AACH,wBAAsB,qBAAqB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAkB/F"}

package/dist/cjs/cli/azure-prompts.js

@@ -0,0 +1,49 @@
+"use strict";
+/**
+ * Azure-specific CLI prompt orchestration for `nimbus new`.
+ *
+ * Prompts users for Azure region and resource group name
+ * when scaffolding Azure templates.
+ *
+ * @module cli/azure-prompts
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requiresAzurePrompts = requiresAzurePrompts;
+exports.promptForAzureOptions = promptForAzureOptions;
+const prompt_js_1 = require("./prompt.js");
+/** Templates that require Azure configuration prompts. */
+const AZURE_TEMPLATES = ["minimal-azure", "azure", "multi-cloud"];
+/**
+ * Check whether a template requires Azure prompts.
+ *
+ * @param template - Template name to check
+ * @returns True if the template needs Azure configuration
+ */
+function requiresAzurePrompts(template) {
+    return AZURE_TEMPLATES.includes(template);
+}
+/**
+ * Prompt the user for Azure configuration values.
+ *
+ * Asks for region and resource group name.
+ *
+ * @param projectName - Project name used for default resource group
+ * @returns Azure template options collected from the user
+ */
+async function promptForAzureOptions(projectName) {
+    const rl = (0, prompt_js_1.createPromptInterface)();
+    try {
+        console.log("\nAzure configuration:\n");
+        const region = await (0, prompt_js_1.askQuestion)(rl, "Azure region", {
+            defaultValue: "canadacentral",
+        });
+        const resourceGroupName = await (0, prompt_js_1.askQuestion)(rl, "Resource group name", {
+            defaultValue: `rg-${projectName}-${region}`,
+        });
+        return { region, resourceGroupName };
+    }
+    finally {
+        rl.close();
+    }
+}
+//# sourceMappingURL=azure-prompts.js.map

package/dist/cjs/cli/azure-prompts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"azure-prompts.js","sourceRoot":"","sources":["../../../src/cli/azure-prompts.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAoBH,oDAEC;AAUD,sDAkBC;AAhDD,2CAAiE;AASjE,0DAA0D;AAC1D,MAAM,eAAe,GAAgC,CAAC,eAAe,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;AAE/F;;;;;GAKG;AACH,SAAgB,oBAAoB,CAAC,QAAsB;IACzD,OAAO,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC5C,CAAC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,qBAAqB,CAAC,WAAmB;IAC7D,MAAM,EAAE,GAAG,IAAA,iCAAqB,GAAE,CAAC;IAEnC,IAAI,CAAC;QACH,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;QAExC,MAAM,MAAM,GAAG,MAAM,IAAA,uBAAW,EAAC,EAAE,EAAE,cAAc,EAAE;YACnD,YAAY,EAAE,eAAe;SAC9B,CAAC,CAAC;QAEH,MAAM,iBAAiB,GAAG,MAAM,IAAA,uBAAW,EAAC,EAAE,EAAE,qBAAqB,EAAE;YACrE,YAAY,EAAE,MAAM,WAAW,IAAI,MAAM,EAAE;SAC5C,CAAC,CAAC;QAEH,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IACvC,CAAC;YAAS,CAAC;QACT,EAAE,CAAC,KAAK,EAAE,CAAC;IACb,CAAC;AACH,CAAC"}

package/dist/cjs/cli/prompt.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Generic readline prompt utility for CLI interactive input.
+ *
+ * Uses Node's built-in `readline` module to prompt users for input.
+ *
+ * @module cli/prompt
+ */
+import type { Interface as ReadlineInterface } from "readline";
+/** Options for a single prompt question. */
+export interface IPromptOptions {
+    /** Default value shown in brackets, used if user presses Enter. */
+    readonly defaultValue?: string;
+    /** If true, re-prompts when the answer is empty and no default is set. */
+    readonly required?: boolean;
+}
+/**
+ * Create a readline interface for interactive prompts.
+ *
+ * @returns A readline interface connected to stdin/stdout
+ */
+export declare function createPromptInterface(): ReadlineInterface;
+/**
+ * Ask the user a question via readline and return their answer.
+ *
+ * Shows the default value in brackets (e.g., `"Region [canadacentral]: "`).
+ * Re-prompts if `required` is true and the answer is empty with no default.
+ *
+ * @param rl - Readline interface
+ * @param question - The question text to display
+ * @param options - Prompt options (defaultValue, required)
+ * @returns The user's answer or the default value
+ */
+export declare function askQuestion(rl: ReadlineInterface, question: string, options?: IPromptOptions): Promise<string>;
+//# sourceMappingURL=prompt.d.ts.map

package/dist/cjs/cli/prompt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt.d.ts","sourceRoot":"","sources":["../../../src/cli/prompt.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,SAAS,IAAI,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAE/D,4CAA4C;AAC5C,MAAM,WAAW,cAAc;IAC7B,mEAAmE;IACnE,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,0EAA0E;IAC1E,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED;;;;GAIG;AACH,wBAAgB,qBAAqB,IAAI,iBAAiB,CAKzD;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,WAAW,CACzB,EAAE,EAAE,iBAAiB,EACrB,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,cAAmB,GAC3B,OAAO,CAAC,MAAM,CAAC,CAuBjB"}

package/dist/cjs/cli/prompt.js

@@ -0,0 +1,61 @@
+"use strict";
+/**
+ * Generic readline prompt utility for CLI interactive input.
+ *
+ * Uses Node's built-in `readline` module to prompt users for input.
+ *
+ * @module cli/prompt
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createPromptInterface = createPromptInterface;
+exports.askQuestion = askQuestion;
+const readline_1 = require("readline");
+/**
+ * Create a readline interface for interactive prompts.
+ *
+ * @returns A readline interface connected to stdin/stdout
+ */
+function createPromptInterface() {
+    return (0, readline_1.createInterface)({
+        input: process.stdin,
+        output: process.stdout,
+    });
+}
+/**
+ * Ask the user a question via readline and return their answer.
+ *
+ * Shows the default value in brackets (e.g., `"Region [canadacentral]: "`).
+ * Re-prompts if `required` is true and the answer is empty with no default.
+ *
+ * @param rl - Readline interface
+ * @param question - The question text to display
+ * @param options - Prompt options (defaultValue, required)
+ * @returns The user's answer or the default value
+ */
+function askQuestion(rl, question, options = {}) {
+    const { defaultValue, required } = options;
+    const suffix = defaultValue ? ` [${defaultValue}]` : "";
+    const prompt = `${question}${suffix}: `;
+    return new Promise((resolve) => {
+        const ask = () => {
+            rl.question(prompt, (answer) => {
+                const trimmed = answer.trim();
+                if (trimmed) {
+                    resolve(trimmed);
+                }
+                else if (defaultValue) {
+                    resolve(defaultValue);
+                }
+                else if (required) {
+                    console.log("  This field is required. Please enter a value.");
+                    ask();
+                }
+                else {
+                    resolve("");
+                }
+            });
+        };
+        ask();
+    });
+}
+//# sourceMappingURL=prompt.js.map

package/dist/cjs/cli/prompt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt.js","sourceRoot":"","sources":["../../../src/cli/prompt.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAkBH,sDAKC;AAaD,kCA2BC;AA7DD,uCAA2C;AAW3C;;;;GAIG;AACH,SAAgB,qBAAqB;IACnC,OAAO,IAAA,0BAAe,EAAC;QACrB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,WAAW,CACzB,EAAqB,EACrB,QAAgB,EAChB,UAA0B,EAAE;IAE5B,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IAC3C,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,CAAC,KAAK,YAAY,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IACxD,MAAM,MAAM,GAAG,GAAG,QAAQ,GAAG,MAAM,IAAI,CAAC;IAExC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,GAAG,GAAG,GAAS,EAAE;YACrB,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,MAAc,EAAE,EAAE;gBACrC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;gBAC9B,IAAI,OAAO,EAAE,CAAC;oBACZ,OAAO,CAAC,OAAO,CAAC,CAAC;gBACnB,CAAC;qBAAM,IAAI,YAAY,EAAE,CAAC;oBACxB,OAAO,CAAC,YAAY,CAAC,CAAC;gBACxB,CAAC;qBAAM,IAAI,QAAQ,EAAE,CAAC;oBACpB,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;oBAC/D,GAAG,EAAE,CAAC;gBACR,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,EAAE,CAAC,CAAC;gBACd,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC;QACF,GAAG,EAAE,CAAC;IACR,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/cjs/cli/templates-azure.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Azure project templates for `nimbus new`.
+ *
+ * Contains the minimal-azure, azure, and multi-cloud template generators,
+ * split from templates.ts to keep files under the 500-line limit.
+ *
+ * @module cli/templates-azure
+ */
+import type { ITemplateFiles, ITemplateOptions } from "./templates.js";
+/**
+ * Minimal Azure template — state backend + Key Vault, no cluster.
+ *
+ * @param name - Project name substituted into resource names
+ * @param options - Optional template options with Azure configuration
+ * @returns Template files
+ */
+export declare function minimalAzureTemplate(name: string, options?: ITemplateOptions): ITemplateFiles;
+/**
+ * Full Azure stack — VNet + AKS + Azure DNS + Key Vault + Platform.
+ *
+ * @param name - Project name substituted into resource names
+ * @param options - Optional template options with Azure configuration
+ * @returns Template files
+ */
+export declare function azureTemplate(name: string, options?: ITemplateOptions): ITemplateFiles;
+/**
+ * Multi-cloud template — AWS + Azure active-active with GLB.
+ *
+ * @param name - Project name substituted into resource names
+ * @param options - Optional template options with Azure configuration
+ * @returns Template files
+ */
+export declare function multiCloudTemplate(name: string, options?: ITemplateOptions): ITemplateFiles;
+//# sourceMappingURL=templates-azure.d.ts.map

package/dist/cjs/cli/templates-azure.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates-azure.d.ts","sourceRoot":"","sources":["../../../src/cli/templates-azure.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAKvE;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,cAAc,CAgF7F;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,cAAc,CAqKtF;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,cAAc,CA4K3F"}