@stacksjs/ts-cloud 0.2.22 → 0.2.24

package/dist/deploy/site-target.d.ts

@@ -2,10 +2,10 @@ import type { CloudConfig, SiteConfig, SiteDeployTarget } from '@ts-cloud/core';
 /**
  * The three resolved deployment kinds for a site:
  *  - `'bucket'`        — upload built `root` to object storage + CDN.
- *  - `'server-app'`    — `server` + `start`: dynamic app as a systemd service
- *                        behind the Caddy reverse proxy.
+ *  - `'server-app'`    — `server` + `start`: dynamic app as a systemd service.
  *  - `'server-static'` — `server` + no `start` (has static `root`): a static
- *                        site built and served on the box via Caddy `file_server`.
+ *                        site built and shipped to `/var/www/<site>` on the box
+ *                        (served by the operator's own proxy, e.g. rpx + tlsx).
  */
 export type SiteDeployKind = 'bucket' | 'server-app' | 'server-static';
 /**

package/dist/drivers/hetzner/driver.d.ts

@@ -67,8 +67,9 @@ export declare class HetznerDriver implements CloudDriver {
      */
     private ensureFirewall;
     /**
-     * Collect the upstream app ports that must be reachable when no reverse proxy
-     * is fronting traffic (raw-port deploys). Drops 80/443 (handled separately).
+     * Collect the upstream app ports that must be reachable on the box. ts-cloud
+     * does not front traffic with its own proxy, so each site's app port is
+     * opened directly. Drops 80/443 (always handled by the firewall base rules).
      */
     private collectUpstreamPorts;
     private sleep;
@@ -81,8 +82,8 @@ export declare class HetznerDriver implements CloudDriver {
     private waitForSshReady;
     /**
      * Block until cloud-init finishes (`cloud-init status --wait`). cloud-init is
-     * what installs the runtime + Caddy; deploying before it completes leaves the
-     * release pointing at a half-provisioned box (missing `bun`, no Caddy).
+     * what installs the runtime; deploying before it completes leaves the
+     * release pointing at a half-provisioned box (missing `bun`).
      */
     private waitForCloudInit;
     private outputsFromState;

package/dist/drivers/index.d.ts

@@ -3,6 +3,5 @@ export { AwsDriver } from './aws/driver';
 export { HetznerDriver } from './hetzner/driver';
 export { HetznerClient, resolveHetznerApiToken } from './hetzner/client';
 export { generateUbuntuAppCloudInit, wrapCloudInitUserData } from './hetzner/cloud-init';
-export { buildCaddyfile, buildCaddyfileFromProxy, isOnDemandDomain, proxyConfigFromSites, resolveCaddyfile, staticSiteServerRoot, } from './shared/caddyfile';
 export { buildAwsArtifactFetch, buildLocalArtifactFetch, buildSiteDeployScript, buildStaticSiteDeployScript, resolveExecStart, } from './shared/deploy-script';
 export { deployAllComputeSites, deploySiteRelease } from './shared/compute-deploy';

package/dist/drivers/shared/compute-deploy.d.ts

@@ -22,6 +22,6 @@ export interface DeployAllSitesOptions {
 /**
  * Deploy every site that targets the compute server — both dynamic apps
  * (`server` + `start`, run as systemd services) and static sites (`server`
- * without `start`, served by Caddy `file_server`). Bucket sites are skipped.
+ * without `start`, shipped to `/var/www/<site>`). Bucket sites are skipped.
  */
 export declare function deployAllComputeSites(options: DeployAllSitesOptions): Promise<boolean>;

package/dist/drivers/shared/deploy-script.d.ts

@@ -31,7 +31,7 @@ export interface BuildStaticSiteDeployScriptOptions {
     siteName: string;
     /** How the remote host obtains the release tarball */
     artifactFetch: string[];
-    /** Target directory served by Caddy `file_server`. Default `/var/www/<site>`. */
+    /** Target directory the static site is shipped to. Default `/var/www/<site>`. */
     appDir?: string;
     /**
      * Commands run inside `appDir` after extraction — e.g. build the docs/blog on
@@ -43,8 +43,8 @@ export interface BuildStaticSiteDeployScriptOptions {
 /**
  * Build the remote shell commands that install/refresh a STATIC site on a
  * compute target. Unlike {@link buildSiteDeployScript}, there is no systemd
- * service — the extracted files are served directly by Caddy `file_server`
- * (Caddy is reloaded separately when the Caddyfile changes).
+ * service — the extracted files are shipped to `/var/www/<site>` and served by
+ * the operator's own proxy (e.g. rpx + tlsx), which ts-cloud does not manage.
  */
 export declare function buildStaticSiteDeployScript(options: BuildStaticSiteDeployScriptOptions): string[];
 export declare function buildAwsArtifactFetch(bucket: string, key: string, region: string, siteName: string): string[];

package/dist/index.d.ts

@@ -6,10 +6,12 @@ export { AWSClient, CloudFormationClient, CloudFormationClient as AWSCloudFormat
 export type { AWSRequestOptions, AWSClientConfig, AWSError, AWSCredentials as AWSClientCredentials, StackParameter, StackTag, CreateStackOptions, UpdateStackOptions, DescribeStacksOptions, StackEvent, Stack, InvalidationOptions, Distribution, S3SyncOptions, S3CopyOptions, S3ListOptions, S3Object, CertificateDetail, Certificate as ELBv2Certificate, RekognitionS3Object, RekognitionBoundingBox, TextractS3Object, TextractBoundingBox, CountryCode, ContactType, ContactDetail, KendraCreateDataSourceCommandInput, KendraCreateDataSourceCommandOutput, KendraListDataSourcesCommandInput, KendraListDataSourcesCommandOutput, InvokeModelCommandInput, InvokeModelCommandOutput, InvokeModelWithResponseStreamCommandInput, InvokeModelWithResponseStreamCommandOutput, CreateModelCustomizationJobCommandInput, CreateModelCustomizationJobCommandOutput, GetModelCustomizationJobCommandInput, GetModelCustomizationJobCommandOutput, ListFoundationModelsCommandInput, ListFoundationModelsCommandOutput, AttributeValue as DynamoDBAttributeValue, KeySchemaElement, AttributeDefinition as DynamoDBAttributeDefinition, } from './aws';
 export { createObjectStorageClient, providerEndpoint, resolveObjectStorage, } from './object-storage';
 export type { ObjectStorageConfig, ObjectStorageCredentials, ObjectStorageProvider, ResolvedObjectStorage, } from './object-storage';
+export { keyMatchesFilters, migrateObjectStorage, remapKey, } from './object-storage/migrate';
+export type { MigrateEndpoint, MigrateError, MigrateOptions, MigratePlanItem, MigrateProgress, MigrateResult, MigrateVerification, } from './object-storage/migrate';
 export * from './ssl';
 export { deployStaticSite, deployStaticSiteFull, uploadStaticFiles, invalidateCache, deleteStaticSite, generateStaticSiteTemplate, deployStaticSiteWithExternalDns, deployStaticSiteWithExternalDnsFull, generateExternalDnsStaticSiteTemplate, deploySite, resolveSiteDeployTarget, resolveSiteKind, validateDeploymentConfig, } from './deploy';
 export type { StaticSiteConfig, DeployResult, UploadOptions, ExternalDnsStaticSiteConfig, ExternalDnsDeployResult, DeploySiteConfig, DeploySiteResult, StaticSiteDnsProvider, SiteDeployKind, DeploymentValidationResult, } from './deploy';
-export { createCloudDriver, CloudDriverFactory, cloudDrivers, AwsDriver, HetznerDriver, HetznerClient, resolveHetznerApiToken, generateUbuntuAppCloudInit, wrapCloudInitUserData, buildCaddyfile, buildCaddyfileFromProxy, isOnDemandDomain, proxyConfigFromSites, resolveCaddyfile, staticSiteServerRoot, buildSiteDeployScript, buildStaticSiteDeployScript, resolveExecStart, deployAllComputeSites, deploySiteRelease, } from './drivers';
+export { createCloudDriver, CloudDriverFactory, cloudDrivers, AwsDriver, HetznerDriver, HetznerClient, resolveHetznerApiToken, generateUbuntuAppCloudInit, wrapCloudInitUserData, buildSiteDeployScript, buildStaticSiteDeployScript, resolveExecStart, deployAllComputeSites, deploySiteRelease, } from './drivers';
 export type { CreateCloudDriverOptions } from './drivers/factory';
 export { createDnsProvider, detectDnsProvider, DnsProviderFactory, dnsProviders, PorkbunProvider, GoDaddyProvider, Route53Provider, UnifiedDnsValidator, createPorkbunValidator, createGoDaddyValidator, createRoute53Validator, } from './dns';
 export type { DnsProvider, DnsProviderConfig, DnsRecord, DnsRecordType, DnsRecordResult, CreateRecordResult, DeleteRecordResult, ListRecordsResult, } from './dns';

package/dist/index.js

@@ -2123,6 +2123,67 @@ class S3Client2 {
     });
     return result;
   }
+  async getObjectBytes(bucket, key) {
+    const { accessKeyId, secretAccessKey, sessionToken } = this.getCredentials();
+    const host = this.s3VirtualHost(bucket);
+    const encodedKey = key.split("/").map((seg) => encodeURIComponent(seg)).join("/");
+    const canonicalUri = this.forcePathStyle ? `/${bucket}/${encodedKey}` : `/${encodedKey}`;
+    const url = `https://${host}${canonicalUri}`;
+    const now = new Date;
+    const amzDate = now.toISOString().replace(/[:-]|\.\d{3}/g, "");
+    const dateStamp = now.toISOString().slice(0, 10).replace(/-/g, "");
+    const payloadHash = crypto3.createHash("sha256").update("").digest("hex");
+    const requestHeaders = {
+      host,
+      "x-amz-date": amzDate,
+      "x-amz-content-sha256": payloadHash
+    };
+    if (sessionToken) {
+      requestHeaders["x-amz-security-token"] = sessionToken;
+    }
+    const canonicalHeaders = Object.keys(requestHeaders).sort().map((k) => `${k.toLowerCase()}:${requestHeaders[k].trim()}
+`).join("");
+    const signedHeaders = Object.keys(requestHeaders).sort().map((k) => k.toLowerCase()).join(";");
+    const canonicalRequest = [
+      "GET",
+      canonicalUri,
+      "",
+      canonicalHeaders,
+      signedHeaders,
+      payloadHash
+    ].join(`
+`);
+    const algorithm = "AWS4-HMAC-SHA256";
+    const credentialScope = `${dateStamp}/${this.region}/s3/aws4_request`;
+    const stringToSign = [
+      algorithm,
+      amzDate,
+      credentialScope,
+      crypto3.createHash("sha256").update(canonicalRequest).digest("hex")
+    ].join(`
+`);
+    const kDate = crypto3.createHmac("sha256", `AWS4${secretAccessKey}`).update(dateStamp).digest();
+    const kRegion = crypto3.createHmac("sha256", kDate).update(this.region).digest();
+    const kService = crypto3.createHmac("sha256", kRegion).update("s3").digest();
+    const kSigning = crypto3.createHmac("sha256", kService).update("aws4_request").digest();
+    const signature = crypto3.createHmac("sha256", kSigning).update(stringToSign).digest("hex");
+    const authorizationHeader = `${algorithm} Credential=${accessKeyId}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`;
+    const response = await fetch(url, {
+      method: "GET",
+      headers: { ...requestHeaders, Authorization: authorizationHeader }
+    });
+    if (!response.ok) {
+      const errorText = await response.text();
+      throw new Error(`S3 GET failed: ${response.status} ${errorText}`);
+    }
+    const buffer = await response.arrayBuffer();
+    const contentLengthHeader = response.headers.get("content-length");
+    return {
+      body: new Uint8Array(buffer),
+      contentType: response.headers.get("content-type") ?? undefined,
+      contentLength: contentLengthHeader ? Number.parseInt(contentLengthHeader, 10) : undefined
+    };
+  }
   async copyObject(options) {
     const headers = {
       "x-amz-copy-source": `/${options.sourceBucket}/${options.sourceKey}`
@@ -65570,6 +65631,165 @@ init_client();
 
 // src/object-storage/index.ts
 init_s3();
+
+// src/object-storage/migrate.ts
+function stripPrefix(key, prefix) {
+  if (!prefix)
+    return key;
+  return key.startsWith(prefix) ? key.slice(prefix.length) : key;
+}
+function remapKey(sourceKey, fromPrefix, toPrefix) {
+  const stripped = stripPrefix(sourceKey, fromPrefix);
+  return `${toPrefix ?? ""}${stripped}`;
+}
+function keyMatchesFilters(key, include, exclude) {
+  if (exclude && exclude.some((p) => key.startsWith(p)))
+    return false;
+  if (include && include.length > 0)
+    return include.some((p) => key.startsWith(p));
+  return true;
+}
+async function mapWithConcurrency(items, limit, worker) {
+  let cursor = 0;
+  const runners = [];
+  const size = Math.max(1, Math.min(limit, items.length || 1));
+  for (let i = 0;i < size; i++) {
+    runners.push((async () => {
+      while (true) {
+        const index = cursor++;
+        if (index >= items.length)
+          return;
+        await worker(items[index], index);
+      }
+    })());
+  }
+  await Promise.all(runners);
+}
+function clientFor(endpoint) {
+  if (endpoint.client)
+    return endpoint.client;
+  return createObjectStorageClient({
+    provider: endpoint.provider,
+    region: endpoint.region,
+    endpoint: endpoint.endpoint,
+    forcePathStyle: endpoint.forcePathStyle,
+    credentials: endpoint.credentials
+  });
+}
+async function migrateObjectStorage(options) {
+  const concurrency = options.concurrency ?? 8;
+  const fromClient = clientFor(options.from);
+  const toClient = clientFor(options.to);
+  const sourceObjects = await fromClient.listAllObjects({
+    bucket: options.from.bucket,
+    prefix: options.from.prefix
+  });
+  const result = {
+    copied: 0,
+    skipped: 0,
+    excluded: 0,
+    bytesCopied: 0,
+    errors: [],
+    excludedKeys: [],
+    deleted: []
+  };
+  const toCopy = [];
+  for (const obj of sourceObjects) {
+    if (!keyMatchesFilters(obj.Key, options.include, options.exclude)) {
+      result.excluded++;
+      result.excludedKeys.push(obj.Key);
+      continue;
+    }
+    toCopy.push({ source: obj, destKey: remapKey(obj.Key, options.from.prefix, options.to.prefix) });
+  }
+  if (options.dryRun) {
+    result.plan = toCopy.map(({ source, destKey }) => ({ key: source.Key, destKey, size: source.Size }));
+    const total2 = sourceObjects.length;
+    let index = 0;
+    for (const obj of sourceObjects) {
+      index++;
+      const excluded = !keyMatchesFilters(obj.Key, options.include, options.exclude);
+      options.onProgress?.({
+        key: obj.Key,
+        destKey: excluded ? "" : remapKey(obj.Key, options.from.prefix, options.to.prefix),
+        size: obj.Size,
+        action: excluded ? "excluded" : "planned",
+        index,
+        total: total2
+      });
+    }
+    return result;
+  }
+  const total = toCopy.length;
+  let processed = 0;
+  await mapWithConcurrency(toCopy, concurrency, async ({ source, destKey }) => {
+    const myIndex = ++processed;
+    try {
+      if (!options.force) {
+        const head = await toClient.headObject(options.to.bucket, destKey);
+        if (head && head.ContentLength === source.Size) {
+          result.skipped++;
+          options.onProgress?.({ key: source.Key, destKey, size: source.Size, action: "skipped", index: myIndex, total });
+          return;
+        }
+      }
+      const { body, contentType } = await fromClient.getObjectBytes(options.from.bucket, source.Key);
+      await toClient.putObject({
+        bucket: options.to.bucket,
+        key: destKey,
+        body,
+        contentType
+      });
+      result.copied++;
+      result.bytesCopied += body.byteLength;
+      options.onProgress?.({ key: source.Key, destKey, size: source.Size, action: "copied", index: myIndex, total });
+    } catch (err) {
+      result.errors.push({ key: source.Key, message: err?.message ?? String(err) });
+      options.onProgress?.({ key: source.Key, destKey, size: source.Size, action: "error", index: myIndex, total });
+    }
+  });
+  const copiedDestKeys = new Set(toCopy.map((c) => c.destKey));
+  if (options.deleteExtraneous) {
+    const destObjects = await toClient.listAllObjects({ bucket: options.to.bucket, prefix: options.to.prefix });
+    const extraneous = destObjects.filter((o) => !copiedDestKeys.has(o.Key)).map((o) => o.Key);
+    for (const key of extraneous) {
+      try {
+        await toClient.deleteObject(options.to.bucket, key);
+        result.deleted.push(key);
+      } catch (err) {
+        result.errors.push({ key, message: `delete failed: ${err?.message ?? String(err)}` });
+      }
+    }
+  }
+  if (options.verify) {
+    const destObjects = await toClient.listAllObjects({ bucket: options.to.bucket, prefix: options.to.prefix });
+    const destBySizeKey = new Map(destObjects.map((o) => [o.Key, o.Size]));
+    const missing = [];
+    const sizeMismatches = [];
+    let matched = 0;
+    for (const { source, destKey } of toCopy) {
+      if (!destBySizeKey.has(destKey)) {
+        missing.push(destKey);
+        continue;
+      }
+      const actual = destBySizeKey.get(destKey);
+      if (actual !== source.Size) {
+        sizeMismatches.push({ key: destKey, expected: source.Size, actual });
+        continue;
+      }
+      matched++;
+    }
+    result.verification = {
+      ok: missing.length === 0 && sizeMismatches.length === 0,
+      matched,
+      missing,
+      sizeMismatches
+    };
+  }
+  return result;
+}
+
+// src/object-storage/index.ts
 var DEFAULT_REGION = {
   aws: "us-east-1",
   backblaze: "us-west-004",
@@ -81229,204 +81449,6 @@ import { homedir as homedir7 } from "node:os";
 import { join as join13 } from "node:path";
 import { execSync } from "node:child_process";
 
-// src/drivers/shared/caddyfile.ts
-function isOnDemandDomain(domain) {
-  return domain === "*" || domain.includes("*");
-}
-function isStaticApp(app) {
-  return typeof app.root === "string" && app.root.length > 0;
-}
-function isProxyApp(app) {
-  return typeof app.port === "number";
-}
-function staticSiteServerRoot(name) {
-  return `/var/www/${name}`;
-}
-function normalizeOnDemandTls(onDemandTls) {
-  if (!onDemandTls)
-    return;
-  if (onDemandTls === true)
-    return {};
-  return onDemandTls;
-}
-function wrapInHandle(body, path, indent) {
-  const inner = body.split(`
-`).map((line) => `  ${line}`).join(`
-`);
-  return `${indent}handle ${path} {
-${inner}
-${indent}}`;
-}
-function renderUpstreamBlock(app, indent) {
-  const host = app.upstreamHost || "localhost";
-  const upstream = `${host}:${app.port}`;
-  const directives = app.reverseProxyDirectives ?? [];
-  const proxyLine = directives.length === 0 ? `${indent}reverse_proxy ${upstream}` : [
-    `${indent}reverse_proxy ${upstream} {`,
-    ...directives.map((d) => `${indent}  ${d}`),
-    `${indent}}`
-  ].join(`
-`);
-  const isCatchAll = !app.path || app.path === "/";
-  if (isCatchAll)
-    return proxyLine;
-  return wrapInHandle(proxyLine, app.path, indent);
-}
-function renderStaticBlock(app, indent) {
-  const root = app.root;
-  const lines = [`${indent}root * ${root}`];
-  if (app.cache?.enabled) {
-    const maxAge = app.cache.maxAge ?? 3600;
-    lines.push(`${indent}header Cache-Control "public, max-age=${maxAge}"`);
-  }
-  if (app.spa) {
-    lines.push(`${indent}try_files {path} /index.html`);
-  } else if (app.pathRewriteStyle === "flat") {
-    lines.push(`${indent}try_files {path} {path}.html {path}/index.html`);
-  } else {
-    lines.push(`${indent}try_files {path} {path}/index.html {path}.html`);
-  }
-  lines.push(`${indent}file_server`);
-  const body = lines.join(`
-`);
-  const isCatchAll = !app.path || app.path === "/";
-  if (isCatchAll)
-    return body;
-  return wrapInHandle(body, app.path, indent);
-}
-function renderAppBlock(app, indent) {
-  return isStaticApp(app) ? renderStaticBlock(app, indent) : renderUpstreamBlock(app, indent);
-}
-function groupAppsByDomains(apps) {
-  const groups = new Map;
-  for (const app of apps) {
-    const domains = [...app.domains].filter(Boolean);
-    if (domains.length === 0)
-      continue;
-    const key = [...domains].sort().join(" ");
-    const group = groups.get(key) ?? { domains, apps: [] };
-    group.apps.push(app);
-    groups.set(key, group);
-  }
-  return [...groups.values()];
-}
-function sortAppsByPath(apps) {
-  return [...apps].sort((a, b) => {
-    const aCatchAll = !a.path || a.path === "/";
-    const bCatchAll = !b.path || b.path === "/";
-    if (aCatchAll && !bCatchAll)
-      return 1;
-    if (!aCatchAll && bCatchAll)
-      return -1;
-    return (b.path?.length ?? 0) - (a.path?.length ?? 0);
-  });
-}
-function buildCaddyfileFromProxy(proxy) {
-  if (proxy.raw && proxy.raw.trim())
-    return proxy.raw.trim();
-  const apps = (proxy.apps ?? []).filter((app) => app.domains.length > 0 && (isProxyApp(app) || isStaticApp(app)));
-  if (apps.length === 0)
-    return;
-  const onDemand = normalizeOnDemandTls(proxy.onDemandTls);
-  const hasOnDemandDomain = apps.some((app) => app.domains.some(isOnDemandDomain));
-  const globalLines = [];
-  if (proxy.email)
-    globalLines.push(`email ${proxy.email}`);
-  if (proxy.staging)
-    globalLines.push("acme_ca https://acme-staging-v02.api.letsencrypt.org/directory");
-  if (onDemand) {
-    if (onDemand.ask || onDemand.interval || onDemand.burst != null) {
-      const inner = [];
-      if (onDemand.ask)
-        inner.push(`  ask ${onDemand.ask}`);
-      if (onDemand.interval || onDemand.burst != null) {
-        const rl = [];
-        if (onDemand.interval)
-          rl.push(`    interval ${onDemand.interval}`);
-        if (onDemand.burst != null)
-          rl.push(`    burst ${onDemand.burst}`);
-        inner.push(`  rate_limit {
-${rl.join(`
-`)}
-  }`);
-      }
-      globalLines.push(`on_demand_tls {
-${inner.join(`
-`)}
-}`);
-    } else {
-      globalLines.push(`on_demand_tls {
-}`);
-    }
-  }
-  for (const directive of proxy.globalDirectives ?? [])
-    globalLines.push(directive);
-  const blocks = [];
-  if (globalLines.length > 0)
-    blocks.push(`{
-${globalLines.map((line) => `  ${line}`).join(`
-`)}
-}`);
-  for (const group of groupAppsByDomains(apps)) {
-    const sorted = sortAppsByPath(group.apps);
-    const body = sorted.map((app) => renderAppBlock(app, "  ")).join(`
-`);
-    const needsOnDemand = onDemand && group.domains.some(isOnDemandDomain);
-    const tlsBlock = needsOnDemand ? `
-  tls {
-    on_demand
-  }` : "";
-    blocks.push(`${group.domains.join(", ")} {
-${body}${tlsBlock}
-}`);
-  }
-  if (hasOnDemandDomain && !onDemand) {
-    blocks.unshift(`# WARNING: wildcard/catch-all domain present but on_demand_tls is not enabled.
-` + "# Caddy cannot provision TLS for these hosts. Set compute.proxy.onDemandTls.");
-  }
-  return blocks.join(`
-
-`);
-}
-function proxyConfigFromSites(sites) {
-  const apps = [];
-  for (const [name, site] of Object.entries(sites)) {
-    if (typeof site.domain !== "string" || !site.domain)
-      continue;
-    if (typeof site.port === "number" && site.deploy !== "bucket") {
-      apps.push({
-        name,
-        domains: [site.domain],
-        port: site.port,
-        path: site.path
-      });
-    } else if (resolveSiteKind(site) === "server-static") {
-      apps.push({
-        name,
-        domains: [site.domain],
-        root: staticSiteServerRoot(name),
-        path: site.path,
-        spa: site.spa,
-        pathRewriteStyle: site.pathRewriteStyle,
-        cache: site.cache
-      });
-    }
-  }
-  return { apps };
-}
-function resolveCaddyfile(sites, proxy) {
-  if (proxy) {
-    if (proxy.raw && proxy.raw.trim())
-      return proxy.raw.trim();
-    const resolved = proxy.apps && proxy.apps.length > 0 ? proxy : { ...proxy, apps: proxyConfigFromSites(sites).apps };
-    return buildCaddyfileFromProxy(resolved);
-  }
-  return buildCaddyfileFromProxy(proxyConfigFromSites(sites));
-}
-function buildCaddyfile(sites) {
-  return buildCaddyfileFromProxy(proxyConfigFromSites(sites));
-}
-
 // src/drivers/hetzner/client.ts
 var DEFAULT_API_URL = "https://api.hetzner.cloud/v1";
 
@@ -81829,14 +81851,12 @@ class HetznerDriver {
       return this.outputsFromState(rehydrated, alreadyRunning);
     }
     const sites = config6.sites || {};
-    const caddyfile = resolveCaddyfile(sites, compute.proxy);
-    const sitePorts = caddyfile ? [] : this.collectUpstreamPorts(sites, compute.proxy);
+    const sitePorts = this.collectUpstreamPorts(sites);
     const bootstrap = generateUbuntuAppCloudInit({
       runtime: compute.runtime || "bun",
       runtimeVersion: compute.runtimeVersion || "latest",
       systemPackages: compute.systemPackages,
-      database: config6.infrastructure?.database,
-      caddyfile
+      database: config6.infrastructure?.database
     });
     const userData = wrapCloudInitUserData(bootstrap);
     const serverType = resolveHetznerServerType(compute.size);
@@ -82002,12 +82022,8 @@ class HetznerDriver {
     const { firewall } = await this.client.createFirewall({ name, labels, rules });
     return { firewall };
   }
-  collectUpstreamPorts(sites, proxy) {
+  collectUpstreamPorts(sites) {
     const ports = new Set;
-    for (const app of proxy?.apps ?? []) {
-      if (typeof app.port === "number")
-        ports.add(app.port);
-    }
     for (const site of Object.values(sites)) {
       if (typeof site.port === "number")
         ports.add(site.port);
@@ -82361,7 +82377,6 @@ export {
   suggestFlags,
   suggestCommand,
   storageAdvancedManager,
-  staticSiteServerRoot,
   staticSiteManager,
   stackDependencyManager,
   signRequestAsync,
@@ -82393,13 +82408,12 @@ export {
   resolveDeployBucketName,
   resolveCredentials,
   resolveCloudProvider,
-  resolveCaddyfile,
   requiresReplacement,
   replicaManager,
+  remapKey,
   regionPairManager,
   quickHash,
   queueManagementManager,
-  proxyConfigFromSites,
   providerEndpoint,
   progressiveDeploymentManager,
   processInChunks,
@@ -82417,6 +82431,7 @@ export {
   multiRegionManager,
   multiAccountManager,
   migrationManager,
+  migrateObjectStorage,
   metricsManager,
   mergeInfrastructure,
   makeAWSRequestOnce,
@@ -82430,9 +82445,9 @@ export {
   lambdaDestinationsManager,
   lambdaDLQManager,
   lambdaConcurrencyManager,
+  keyMatchesFilters,
   isWebCryptoAvailable,
   isValidRegion,
-  isOnDemandDomain,
   isNodeCryptoAvailable,
   isLocalDevelopment,
   isLikelyTypo,
@@ -82585,8 +82600,6 @@ export {
   buildSiteDeployScript,
   buildOptimizationManager,
   buildCloudFormationTemplate,
-  buildCaddyfileFromProxy,
-  buildCaddyfile,
   bounceComplaintHandler,
   blueGreenManager,
   batchProcessingManager,

package/dist/object-storage/index.d.ts

@@ -23,6 +23,7 @@
  * ```
  */
 import { S3Client } from '../aws/s3';
+export * from './migrate';
 export type ObjectStorageProvider = 'aws' | 'backblaze' | 'hetzner';
 export interface ObjectStorageCredentials {
     accessKeyId: string;