@swovohq/fuel 0.1.0

package/dist/commands/infra-init.d.ts

@@ -0,0 +1,75 @@
+export declare const CONFIG_TEMPLATE: {
+    name: string;
+    deployment: string;
+    ssl: string;
+    slack_webhook_url: string;
+    apps: ({
+        name: string;
+        technology: string;
+        dockerfile: string;
+        health_check_path: string;
+        domain: string;
+        port: number;
+        branch: string;
+        postgres: boolean;
+        redis: boolean;
+        cpu_units: number;
+        memory_units: number;
+        db_instance_type: string;
+        db_allocated_storage: number;
+        variables: {};
+        workers: never[];
+        build_env?: undefined;
+    } | {
+        name: string;
+        technology: string;
+        dockerfile: string;
+        health_check_path: string;
+        domain: string;
+        port: number;
+        branch: string;
+        cpu_units: number;
+        memory_units: number;
+        build_env: {
+            NEXT_PUBLIC_API_HOST: string;
+        };
+        postgres?: undefined;
+        redis?: undefined;
+        db_instance_type?: undefined;
+        db_allocated_storage?: undefined;
+        variables?: undefined;
+        workers?: undefined;
+    })[];
+};
+export interface InfraInitAnswers {
+    credentials: Record<string, string>;
+    projectName: string;
+    ssl: string;
+    slackWebhookUrl: string;
+    /** api is always NestJS; web is always React/Next.js */
+    appTypes: Array<{
+        suffix: 'api' | 'web';
+        dockerfile: string;
+        port: number;
+        healthCheckPath: string;
+        postgres: boolean;
+        redis: boolean;
+        cpuUnits: number;
+        memoryUnits: number;
+        dbInstanceType: string;
+        dbAllocatedStorage: number;
+        redisInstanceType: string;
+        variables: Record<string, Record<string, string>>;
+    }>;
+    environments: string[];
+    baseDomain: string;
+    domains: Record<string, Record<string, string>>;
+}
+export declare function applyInfraInitAnswers(answers: InfraInitAnswers, opts: {
+    output?: string;
+}): Promise<void>;
+export declare function infraInit(opts: {
+    output?: string;
+    template?: boolean;
+}): Promise<void>;
+//# sourceMappingURL=infra-init.d.ts.map

package/dist/commands/infra-init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"infra-init.d.ts","sourceRoot":"","sources":["../../src/commands/infra-init.ts"],"names":[],"mappings":"AAsBA,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsC3B,CAAA;AAED,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACnC,WAAW,EAAE,MAAM,CAAA;IACnB,GAAG,EAAE,MAAM,CAAA;IACX,eAAe,EAAE,MAAM,CAAA;IACvB,wDAAwD;IACxD,QAAQ,EAAE,KAAK,CAAC;QACd,MAAM,EAAE,KAAK,GAAG,KAAK,CAAA;QACrB,UAAU,EAAE,MAAM,CAAA;QAClB,IAAI,EAAE,MAAM,CAAA;QACZ,eAAe,EAAE,MAAM,CAAA;QAEvB,QAAQ,EAAE,OAAO,CAAA;QACjB,KAAK,EAAE,OAAO,CAAA;QACd,QAAQ,EAAE,MAAM,CAAA;QAChB,WAAW,EAAE,MAAM,CAAA;QACnB,cAAc,EAAE,MAAM,CAAA;QACtB,kBAAkB,EAAE,MAAM,CAAA;QAC1B,iBAAiB,EAAE,MAAM,CAAA;QACzB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;KAClD,CAAC,CAAA;IACF,YAAY,EAAE,MAAM,EAAE,CAAA;IACtB,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;CAChD;AA0ZD,wBAAsB,qBAAqB,CACzC,OAAO,EAAE,gBAAgB,EACzB,IAAI,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,GACxB,OAAO,CAAC,IAAI,CAAC,CA6Ff;AAID,wBAAsB,SAAS,CAAC,IAAI,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsB5F"}

package/dist/commands/infra-init.js

@@ -0,0 +1,577 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CONFIG_TEMPLATE = void 0;
+exports.applyInfraInitAnswers = applyInfraInitAnswers;
+exports.infraInit = infraInit;
+const fs = __importStar(require("fs-extra"));
+const path = __importStar(require("path"));
+const chalk_1 = __importDefault(require("chalk"));
+const promises_1 = require("readline/promises");
+const child_process_1 = require("child_process");
+const util_1 = require("util");
+const https = __importStar(require("https"));
+const execAsync = (0, util_1.promisify)(child_process_1.exec);
+function httpsGetJson(url, headers) {
+    return new Promise((resolve, reject) => {
+        const req = https.get(url, { headers }, (res) => {
+            let body = '';
+            res.on('data', (chunk) => { body += chunk.toString(); });
+            res.on('end', () => resolve({ status: res.statusCode ?? 0, body }));
+        });
+        req.on('error', reject);
+        req.setTimeout(10000, () => { req.destroy(); reject(new Error('Request timed out')); });
+    });
+}
+exports.CONFIG_TEMPLATE = {
+    name: 'my-app',
+    deployment: 'ecs',
+    ssl: 'arn:aws:acm:us-east-1:ACCOUNT_ID:certificate/CERTIFICATE_ID',
+    slack_webhook_url: '',
+    apps: [
+        {
+            name: 'my-app-api',
+            technology: 'nest',
+            dockerfile: 'apps/api/Dockerfile',
+            health_check_path: '/health',
+            domain: 'api.example.com',
+            port: 3000,
+            branch: 'main',
+            postgres: true,
+            redis: false,
+            cpu_units: 1024,
+            memory_units: 2048,
+            db_instance_type: 'db.t3.small',
+            db_allocated_storage: 30,
+            variables: {},
+            workers: [],
+        },
+        {
+            name: 'my-app-web',
+            technology: 'react',
+            dockerfile: 'apps/web/Dockerfile',
+            health_check_path: '/health',
+            domain: 'app.example.com',
+            port: 3000,
+            branch: 'main',
+            cpu_units: 512,
+            memory_units: 1024,
+            build_env: {
+                NEXT_PUBLIC_API_HOST: 'https://api.example.com',
+            },
+        },
+    ],
+};
+// --- Private prompt helpers ---
+async function ask(rl, label, defaultVal) {
+    const hint = defaultVal ? ` [${defaultVal}]` : '';
+    const answer = await rl.question(`  ${label}${hint}: `);
+    return answer.trim() || defaultVal || '';
+}
+async function askInt(rl, label, defaultVal) {
+    while (true) {
+        const raw = await ask(rl, label, defaultVal !== undefined ? String(defaultVal) : undefined);
+        const n = parseInt(raw, 10);
+        if (!isNaN(n) && n > 0)
+            return n;
+        console.log('  Please enter a positive integer.');
+    }
+}
+async function askYesNo(rl, label, defaultYes = false) {
+    const hint = defaultYes ? '[Y/n]' : '[y/N]';
+    const answer = await rl.question(`  ${label} ${hint}: `);
+    const trimmed = answer.trim().toLowerCase();
+    if (!trimmed)
+        return defaultYes;
+    return trimmed === 'y' || trimmed === 'yes';
+}
+/** Prints a numbered list and returns the selected option. `defaultIdx` is 1-based. */
+async function askSelect(rl, label, options, defaultIdx = 1) {
+    const formatted = options.map((o, i) => `(${i + 1}) ${o}`).join('  ');
+    console.log(`  ${label}: ${formatted}`);
+    while (true) {
+        const raw = await rl.question(`  Choice [${defaultIdx}]: `);
+        const trimmed = raw.trim();
+        const n = trimmed === '' ? defaultIdx : parseInt(trimmed, 10);
+        if (n >= 1 && n <= options.length)
+            return options[n - 1];
+        console.log(`  Please enter a number between 1 and ${options.length}.`);
+    }
+}
+/** Prompts for KEY=VALUE pairs until the user submits an empty line. */
+async function askKeyValues(rl, label) {
+    console.log(`\n  ${label} (KEY=VALUE format, empty line to finish):`);
+    const result = {};
+    while (true) {
+        const input = await rl.question('    > ');
+        const trimmed = input.trim();
+        if (!trimmed)
+            break;
+        const eqIdx = trimmed.indexOf('=');
+        if (eqIdx < 1) {
+            console.log('  Invalid format. Use KEY=VALUE (e.g. DATABASE_URL=postgres://...).');
+            continue;
+        }
+        result[trimmed.slice(0, eqIdx).trim()] = trimmed.slice(eqIdx + 1).trim();
+    }
+    return result;
+}
+/** Calls GET /user on the GitHub API to verify the token. Returns login + email on success or `{ error: string }` on failure. */
+async function tryGetGithubUser(credentials) {
+    try {
+        const { status, body } = await httpsGetJson('https://api.github.com/user', {
+            Authorization: `Bearer ${credentials.GITHUB_TOKEN}`,
+            'User-Agent': 'fuel-cli',
+            Accept: 'application/vnd.github+json',
+        });
+        const data = JSON.parse(body);
+        if (status !== 200)
+            return { error: data.message ?? `HTTP ${status}` };
+        return { login: data.login ?? '(unknown)', email: data.email ?? '(private)' };
+    }
+    catch (err) {
+        return { error: err instanceof Error ? err.message : String(err) };
+    }
+}
+/** Calls GET /orgs/{org} to retrieve the GitHub org ID. Returns id + login on success or `{ error: string }` on failure. */
+async function tryGetGithubOrg(credentials) {
+    const org = credentials.GITHUB_ORGANIZATION;
+    if (!org)
+        return { error: 'GITHUB_ORGANIZATION not set' };
+    try {
+        const { status, body } = await httpsGetJson(`https://api.github.com/orgs/${encodeURIComponent(org)}`, {
+            Authorization: `Bearer ${credentials.GITHUB_TOKEN}`,
+            'User-Agent': 'fuel-cli',
+            Accept: 'application/vnd.github+json',
+        });
+        const data = JSON.parse(body);
+        if (status !== 200)
+            return { error: data.message ?? `HTTP ${status}` };
+        return { id: data.id ?? 0, login: data.login ?? org };
+    }
+    catch (err) {
+        return { error: err instanceof Error ? err.message : String(err) };
+    }
+}
+/** Calls `aws sts get-caller-identity` using the provided credentials. Returns Account ID on success, or `{ error: string }` on failure. */
+async function tryGetAwsAccountId(credentials) {
+    try {
+        const { stdout } = await execAsync('aws sts get-caller-identity --output json', {
+            env: {
+                ...process.env,
+                AWS_ACCESS_KEY_ID: credentials.AWS_ACCESS_KEY_ID,
+                AWS_SECRET_ACCESS_KEY: credentials.AWS_SECRET_ACCESS_KEY,
+                AWS_REGION: credentials.AWS_REGION,
+            },
+            timeout: 10000,
+        });
+        const accountId = JSON.parse(stdout).Account ?? '';
+        return { accountId };
+    }
+    catch (err) {
+        const e = err;
+        const raw = e.stderr ?? e.message ?? String(err);
+        const firstLine = raw.split('\n').map((l) => l.trim()).find((l) => l.length > 0) ?? raw;
+        return { error: firstLine };
+    }
+}
+/** Calls `aws acm describe-certificate` to verify the SSL cert ARN exists and is ISSUED. */
+async function tryGetAcmCertificate(arn, credentials) {
+    try {
+        const { stdout } = await execAsync(`aws acm describe-certificate --certificate-arn "${arn}" --output json`, {
+            env: {
+                ...process.env,
+                AWS_ACCESS_KEY_ID: credentials.AWS_ACCESS_KEY_ID,
+                AWS_SECRET_ACCESS_KEY: credentials.AWS_SECRET_ACCESS_KEY,
+                AWS_REGION: credentials.AWS_REGION,
+            },
+            timeout: 10000,
+        });
+        const cert = JSON.parse(stdout).Certificate;
+        return {
+            domainName: cert?.DomainName ?? '(unknown)',
+            status: cert?.Status ?? '(unknown)',
+        };
+    }
+    catch (err) {
+        const e = err;
+        const raw = e.stderr ?? e.message ?? String(err);
+        const firstLine = raw.split('\n').map((l) => l.trim()).find((l) => l.length > 0) ?? raw;
+        return { error: firstLine };
+    }
+}
+/** Displays credential verification results and throws if any check failed. */
+function assertCredentialResults(stsResult, ghUserResult, ghOrgResult) {
+    const failures = [];
+    if ('error' in stsResult)
+        failures.push(`AWS credentials: ${stsResult.error}`);
+    if ('error' in ghUserResult)
+        failures.push(`GitHub token: ${ghUserResult.error}`);
+    if ('error' in ghOrgResult)
+        failures.push(`GitHub org: ${ghOrgResult.error}`);
+    if (failures.length > 0) {
+        throw new Error('Credential verification failed:\n' +
+            failures.map((f) => `  • ${f}`).join('\n'));
+    }
+}
+/** Derives a sensible domain default: cliswovotest-api.swovo.com (production), cliswovotest-api-dev.swovo.com (others) */
+function defaultDomain(projectName, suffix, env, baseDomain) {
+    const label = suffix === 'web' ? 'app' : suffix;
+    if (env === 'production')
+        return `${projectName}-${label}.${baseDomain}`;
+    return `${projectName}-${label}-${env}.${baseDomain}`;
+}
+// --- collectAnswers ---
+async function collectAnswers(rl) {
+    console.log('\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
+    console.log(' FUEL ► INFRASTRUCTURE SETUP');
+    console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n');
+    // --- Credentials ---
+    console.log('  Credentials');
+    console.log('  ────────────────────────────────────────────────────');
+    let credentials = {};
+    let useExistingCreds = false;
+    const credFilePath = path.resolve('.fuel-credentials');
+    if (await fs.pathExists(credFilePath)) {
+        try {
+            const existing = await fs.readJson(credFilePath);
+            console.log('\n  Found existing .fuel-credentials');
+            const [stsResult, ghUserResult, ghOrgResult] = await Promise.all([
+                tryGetAwsAccountId(existing),
+                tryGetGithubUser(existing),
+                tryGetGithubOrg(existing),
+            ]);
+            if ('accountId' in stsResult) {
+                console.log(`    AWS Account:  ${chalk_1.default.green(stsResult.accountId)}`);
+            }
+            else {
+                console.log('    ' + chalk_1.default.yellow('⚠') + ' AWS credentials invalid:');
+                console.log(`      ${stsResult.error}`);
+            }
+            console.log(`    AWS Region:   ${existing.AWS_REGION ?? '(not set)'}`);
+            if ('login' in ghUserResult) {
+                console.log(`    GitHub User:  ${chalk_1.default.green(ghUserResult.login)}`);
+                console.log(`    GitHub Email: ${ghUserResult.email}`);
+            }
+            else {
+                console.log('    ' + chalk_1.default.yellow('⚠') + ' GitHub token invalid:');
+                console.log(`      ${ghUserResult.error}`);
+            }
+            if ('id' in ghOrgResult) {
+                console.log(`    GitHub Org:   ${chalk_1.default.green(ghOrgResult.login)}  (ID: ${ghOrgResult.id})`);
+            }
+            else {
+                console.log(`    GitHub Org:   ${existing.GITHUB_ORGANIZATION ?? '(not set)'}`);
+                console.log('    ' + chalk_1.default.yellow('⚠') + ' Could not verify org:');
+                console.log(`      ${ghOrgResult.error}`);
+            }
+            assertCredentialResults(stsResult, ghUserResult, ghOrgResult);
+            console.log('');
+            useExistingCreds = await askYesNo(rl, 'Use these credentials?', true);
+            if (useExistingCreds)
+                credentials = existing;
+        }
+        catch (e) {
+            if (e instanceof Error && e.message.startsWith('Credential verification failed'))
+                throw e;
+            console.log('  Could not read .fuel-credentials — prompting for credentials.');
+        }
+    }
+    if (!useExistingCreds) {
+        credentials.AWS_ACCESS_KEY_ID = await ask(rl, 'AWS_ACCESS_KEY_ID');
+        credentials.AWS_SECRET_ACCESS_KEY = await ask(rl, 'AWS_SECRET_ACCESS_KEY');
+        credentials.AWS_REGION = await ask(rl, 'AWS_REGION', 'us-east-1');
+        credentials.GITHUB_TOKEN = await ask(rl, 'GITHUB_TOKEN');
+        credentials.GITHUB_USERNAME = await ask(rl, 'GITHUB_USERNAME');
+        credentials.GITHUB_ORGANIZATION = await ask(rl, 'GITHUB_ORGANIZATION');
+        console.log('\n  Verifying credentials...');
+        const [stsResult, ghUserResult, ghOrgResult] = await Promise.all([
+            tryGetAwsAccountId(credentials),
+            tryGetGithubUser(credentials),
+            tryGetGithubOrg(credentials),
+        ]);
+        if ('accountId' in stsResult) {
+            console.log(`    AWS Account:  ${chalk_1.default.green(stsResult.accountId)}`);
+        }
+        else {
+            console.log('    ' + chalk_1.default.yellow('⚠') + ' AWS credentials invalid:');
+            console.log(`      ${stsResult.error}`);
+        }
+        console.log(`    AWS Region:   ${credentials.AWS_REGION}`);
+        if ('login' in ghUserResult) {
+            console.log(`    GitHub User:  ${chalk_1.default.green(ghUserResult.login)}`);
+            console.log(`    GitHub Email: ${ghUserResult.email}`);
+        }
+        else {
+            console.log('    ' + chalk_1.default.yellow('⚠') + ' GitHub token invalid:');
+            console.log(`      ${ghUserResult.error}`);
+        }
+        if ('id' in ghOrgResult) {
+            console.log(`    GitHub Org:   ${chalk_1.default.green(ghOrgResult.login)}  (ID: ${ghOrgResult.id})`);
+        }
+        else {
+            console.log(`    GitHub Org:   ${credentials.GITHUB_ORGANIZATION}`);
+            console.log('    ' + chalk_1.default.yellow('⚠') + ' Could not verify org:');
+            console.log(`      ${ghOrgResult.error}`);
+        }
+        assertCredentialResults(stsResult, ghUserResult, ghOrgResult);
+    }
+    console.log('');
+    // --- Project ---
+    console.log('  Project');
+    console.log('  ────────────────────────────────────────────────────');
+    const projectName = await ask(rl, 'Project name', 'my-app');
+    const ssl = await ask(rl, 'SSL certificate ARN (arn:aws:acm:...)');
+    const slackWebhookUrl = await ask(rl, 'Slack webhook URL for deploy/alarm notifications (leave empty to skip)', '');
+    const certResult = await tryGetAcmCertificate(ssl, credentials);
+    if ('domainName' in certResult) {
+        const statusColored = certResult.status === 'ISSUED'
+            ? chalk_1.default.green(certResult.status)
+            : chalk_1.default.yellow(certResult.status);
+        console.log(`    ${chalk_1.default.green('✓')} Certificate found: ${certResult.domainName}  [${statusColored}]`);
+        if (certResult.status !== 'ISSUED') {
+            throw new Error(`SSL certificate is not ISSUED (status: ${certResult.status}). Provision or validate the certificate first.`);
+        }
+    }
+    else {
+        throw new Error(`SSL certificate not found or inaccessible: ${certResult.error}`);
+    }
+    console.log('');
+    // --- App configuration ---
+    console.log('  App configuration');
+    console.log('  ────────────────────────────────────────────────────');
+    const appChoice = await askSelect(rl, 'Include which apps?', ['API only (NestJS)', 'Web only (React/Next.js)', 'API + Web'], 3);
+    const includeApi = appChoice !== 'Web only (React/Next.js)';
+    const includeWeb = appChoice !== 'API only (NestJS)';
+    const appTypes = [];
+    if (includeApi) {
+        console.log('\n  API (NestJS):');
+        const dockerfile = await ask(rl, 'Dockerfile', 'apps/api/Dockerfile');
+        const port = await askInt(rl, 'Port', 3000);
+        const healthCheckPath = await ask(rl, 'Health check path', '/health');
+        const postgres = await askYesNo(rl, 'Include PostgreSQL?', true);
+        let dbInstanceType = 'db.t3.small';
+        let dbAllocatedStorage = 30;
+        if (postgres) {
+            dbInstanceType = await ask(rl, '  DB instance type', 'db.t3.small');
+            dbAllocatedStorage = await askInt(rl, '  DB allocated storage (GB)', 30);
+        }
+        const redis = await askYesNo(rl, 'Include Redis?', false);
+        let redisInstanceType = 'cache.t3.small';
+        if (redis) {
+            redisInstanceType = await ask(rl, '  Redis instance type', 'cache.t3.small');
+        }
+        const cpuUnits = await askInt(rl, 'CPU units', 1024);
+        const memoryUnits = await askInt(rl, 'Memory (MB)', 2048);
+        appTypes.push({
+            suffix: 'api', dockerfile, port, healthCheckPath,
+            postgres, redis, cpuUnits, memoryUnits,
+            dbInstanceType, dbAllocatedStorage, redisInstanceType, variables: {},
+        });
+    }
+    if (includeWeb) {
+        console.log('\n  Web (React/Next.js):');
+        const dockerfile = await ask(rl, 'Dockerfile', 'apps/web/Dockerfile');
+        const port = await askInt(rl, 'Port', 3000);
+        const healthCheckPath = await ask(rl, 'Health check path', '/health');
+        const cpuUnits = await askInt(rl, 'CPU units', 512);
+        const memoryUnits = await askInt(rl, 'Memory (MB)', 1024);
+        appTypes.push({
+            suffix: 'web', dockerfile, port, healthCheckPath,
+            postgres: false, redis: false, cpuUnits, memoryUnits,
+            dbInstanceType: 'db.t3.small', dbAllocatedStorage: 30,
+            redisInstanceType: 'cache.t3.small', variables: {},
+        });
+    }
+    console.log('');
+    // --- Environments ---
+    console.log('  Environments');
+    console.log('  ────────────────────────────────────────────────────');
+    const envPresets = {
+        'production only': ['production'],
+        'dev + production': ['dev', 'production'],
+        'dev + staging + production': ['dev', 'staging', 'production'],
+    };
+    const envChoice = await askSelect(rl, 'Environments', Object.keys(envPresets), 3);
+    const environments = envPresets[envChoice];
+    console.log('');
+    // --- Base domain + per-app domains ---
+    console.log('  Domains');
+    console.log('  ────────────────────────────────────────────────────');
+    const baseDomain = await ask(rl, 'Base domain (e.g. swovo.com)');
+    console.log('');
+    const domains = {};
+    for (const appType of appTypes) {
+        domains[appType.suffix] = {};
+        for (const env of environments) {
+            const suggestion = baseDomain ? defaultDomain(projectName, appType.suffix, env, baseDomain) : '';
+            const appFullName = `${projectName}-${appType.suffix}-${env}`;
+            domains[appType.suffix][env] = await ask(rl, appFullName, suggestion || undefined);
+        }
+    }
+    console.log('');
+    // --- Environment variables (per app × per environment) ---
+    console.log('  Environment variables');
+    console.log('  ────────────────────────────────────────────────────');
+    for (const appType of appTypes) {
+        const isApi = appType.suffix === 'api';
+        for (const env of environments) {
+            const label = isApi
+                ? `${projectName}-api-${env} runtime variables (e.g. TWILIO_TOKEN=xxx)`
+                : `${projectName}-web-${env} build variables (NEXT_PUBLIC_API_HOST and NEXT_PUBLIC_APP_HOST are already included)`;
+            appType.variables[env] = await askKeyValues(rl, label);
+        }
+    }
+    console.log('');
+    return { credentials, projectName, ssl, slackWebhookUrl, appTypes, environments, baseDomain, domains };
+}
+// --- applyInfraInitAnswers ---
+async function applyInfraInitAnswers(answers, opts) {
+    // 1. Write .fuel-credentials
+    const credPath = path.resolve('.fuel-credentials');
+    await fs.writeFile(credPath, JSON.stringify(answers.credentials, null, 2));
+    console.log(chalk_1.default.green('✓') + ' Credentials written to .fuel-credentials');
+    // 2. Ensure .gitignore contains .fuel-credentials
+    const gitignorePath = path.resolve('.gitignore');
+    const CRED_LINE = '.fuel-credentials';
+    if (await fs.pathExists(gitignorePath)) {
+        const content = await fs.readFile(gitignorePath, 'utf-8');
+        if (!content.split('\n').some((l) => l.trim() === CRED_LINE)) {
+            await fs.appendFile(gitignorePath, `\n${CRED_LINE}\n`);
+            console.log(chalk_1.default.green('✓') + ' .fuel-credentials added to .gitignore');
+        }
+        else {
+            console.log('  .fuel-credentials already in .gitignore');
+        }
+    }
+    else {
+        await fs.writeFile(gitignorePath, `${CRED_LINE}\n`);
+        console.log(chalk_1.default.green('✓') + ' .fuel-credentials added to .gitignore');
+    }
+    // 3. Build config (cartesian product: appTypes × environments)
+    const apps = [];
+    for (const appType of answers.appTypes) {
+        const isApi = appType.suffix === 'api';
+        const technology = isApi ? 'nest' : 'react';
+        for (const env of answers.environments) {
+            const branch = env === 'production' ? 'main' : env;
+            const app = {
+                name: `${answers.projectName}-${appType.suffix}-${env}`,
+                technology,
+                dockerfile: appType.dockerfile,
+                domain: answers.domains[appType.suffix][env],
+                port: appType.port,
+                health_check_path: appType.healthCheckPath,
+                branch,
+                cpu_units: appType.cpuUnits,
+                memory_units: appType.memoryUnits,
+                variables: {},
+                build_env: {},
+                workers: [],
+            };
+            if (isApi) {
+                app.postgres = appType.postgres;
+                app.redis = appType.redis;
+                app.variables = appType.variables[env] ?? {};
+                if (appType.postgres) {
+                    app.db_instance_type = appType.dbInstanceType;
+                    app.db_allocated_storage = appType.dbAllocatedStorage;
+                }
+                if (appType.redis) {
+                    app.redis_instance_type = appType.redisInstanceType;
+                }
+            }
+            else {
+                // Auto-populate build_env from domains; user-provided vars override
+                const autoBuildEnv = {};
+                const webDomain = answers.domains['web']?.[env];
+                if (webDomain)
+                    autoBuildEnv['NEXT_PUBLIC_APP_HOST'] = `https://${webDomain}`;
+                const apiDomain = answers.domains['api']?.[env];
+                if (apiDomain)
+                    autoBuildEnv['NEXT_PUBLIC_API_HOST'] = `https://${apiDomain}`;
+                app.build_env = { ...autoBuildEnv, ...(appType.variables[env] ?? {}) };
+            }
+            apps.push(app);
+        }
+    }
+    const config = {
+        name: answers.projectName,
+        deployment: 'ecs',
+        ssl: answers.ssl,
+        slack_webhook_url: answers.slackWebhookUrl || '',
+        apps,
+    };
+    // 4. Guard against overwriting existing config
+    const outputPath = opts.output ? path.resolve(opts.output) : path.resolve('config.json');
+    if (await fs.pathExists(outputPath)) {
+        throw new Error(`${outputPath} already exists. Remove it first or use --output <path>.`);
+    }
+    // 5. Write config.json
+    await fs.writeJson(outputPath, config, { spaces: 2 });
+    const totalApps = answers.appTypes.length * answers.environments.length;
+    console.log(chalk_1.default.green('✓') +
+        ` config.json written — ${totalApps} apps (${answers.appTypes.length} types × ${answers.environments.length} environments)`);
+    // 6. Next steps
+    console.log('\n  Next steps:');
+    console.log('    Review and edit config.json to add workers/variables, then:');
+    console.log(`    fuel create:app ${answers.projectName} --deployment ecs --config config.json\n`);
+}
+// --- infraInit ---
+async function infraInit(opts) {
+    if (opts.template) {
+        const outputPath = opts.output ? path.resolve(opts.output) : path.resolve('config.json');
+        if (await fs.pathExists(outputPath)) {
+            throw new Error(`${outputPath} already exists. Remove it first or use --output <path>.`);
+        }
+        await fs.writeJson(outputPath, exports.CONFIG_TEMPLATE, { spaces: 2 });
+        console.log(chalk_1.default.green('✓') + ` Config template written to ${outputPath}`);
+        console.log('\nEdit the file with your project details, then run:\n' +
+            '  fuel create:app my-app --deployment ecs --config config.json\n');
+        return;
+    }
+    const rl = (0, promises_1.createInterface)({ input: process.stdin, output: process.stdout });
+    try {
+        const answers = await collectAnswers(rl);
+        await applyInfraInitAnswers(answers, opts);
+    }
+    finally {
+        rl.close();
+    }
+}
+//# sourceMappingURL=infra-init.js.map