@tronsfey/ucli-server 0.5.0

package/dist/config/app-config.module.js

@@ -0,0 +1,100 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AppConfigModule = void 0;
+const common_1 = require("@nestjs/common");
+const config_1 = require("@nestjs/config");
+const Joi = __importStar(require("joi"));
+const app_config_service_1 = require("./app-config.service");
+let AppConfigModule = class AppConfigModule {
+};
+exports.AppConfigModule = AppConfigModule;
+exports.AppConfigModule = AppConfigModule = __decorate([
+    (0, common_1.Global)(),
+    (0, common_1.Module)({
+        imports: [
+            config_1.ConfigModule.forRoot({
+                isGlobal: true,
+                validationSchema: Joi.object({
+                    PORT: Joi.number().default(3000),
+                    HOST: Joi.string().default('0.0.0.0'),
+                    NODE_ENV: Joi.string().valid('development', 'production', 'test').default('development'),
+                    ADMIN_SECRET: Joi.string().min(8).required(),
+                    JWT_PRIVATE_KEY: Joi.string().optional(),
+                    JWT_PUBLIC_KEY: Joi.string().optional(),
+                    JWT_DEFAULT_TTL: Joi.number().default(86400),
+                    DB_TYPE: Joi.string().valid('memory', 'postgres', 'mysql').default('memory'),
+                    DATABASE_URL: Joi.when('DB_TYPE', {
+                        is: Joi.valid('postgres', 'mysql'),
+                        then: Joi.string().required(),
+                        otherwise: Joi.string().optional(),
+                    }),
+                    CACHE_TYPE: Joi.string().valid('memory', 'redis').default('memory'),
+                    REDIS_URL: Joi.when('CACHE_TYPE', {
+                        is: 'redis',
+                        then: Joi.string().required(),
+                        otherwise: Joi.string().optional(),
+                    }),
+                    ENCRYPTION_KEY: Joi.string()
+                        .pattern(/^[0-9a-f]{64}$/)
+                        .required()
+                        .messages({ 'string.pattern.base': 'ENCRYPTION_KEY must be a 64-char hex string' }),
+                    RATE_LIMIT_TTL: Joi.number().default(60000),
+                    RATE_LIMIT_LIMIT: Joi.number().default(100),
+                    METRICS_ALLOWED_IPS: Joi.string().default('127.0.0.1,::1'),
+                    SWAGGER_ENABLED: Joi.string().valid('true', 'false').default('true'),
+                    LOG_LEVEL: Joi.string()
+                        .valid('trace', 'debug', 'info', 'warn', 'error', 'fatal')
+                        .default('info'),
+                    // OpenTelemetry
+                    OTEL_ENABLED: Joi.string().valid('true', 'false').default('true'),
+                    OTEL_SERVICE_NAME: Joi.string().default('ucli-server'),
+                    OTEL_EXPORTER_OTLP_ENDPOINT: Joi.string().uri().optional(),
+                    // Admin UI
+                    ADMIN_UI_PATH: Joi.string().optional(),
+                }),
+            }),
+        ],
+        providers: [app_config_service_1.AppConfigService],
+        exports: [app_config_service_1.AppConfigService],
+    })
+], AppConfigModule);
+//# sourceMappingURL=app-config.module.js.map

package/dist/config/app-config.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"app-config.module.js","sourceRoot":"","sources":["../../src/config/app-config.module.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA+C;AAC/C,2CAA6C;AAC7C,yCAA0B;AAC1B,6DAAuD;AA2DhD,IAAM,eAAe,GAArB,MAAM,eAAe;CAAG,CAAA;AAAlB,0CAAe;0BAAf,eAAe;IAzD3B,IAAA,eAAM,GAAE;IACR,IAAA,eAAM,EAAC;QACN,OAAO,EAAE;YACP,qBAAY,CAAC,OAAO,CAAC;gBACnB,QAAQ,EAAE,IAAI;gBACd,gBAAgB,EAAE,GAAG,CAAC,MAAM,CAAC;oBAC3B,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;oBAChC,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC;oBACrC,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,aAAa,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC;oBAExF,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;oBAE5C,eAAe,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;oBACxC,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;oBACvC,eAAe,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;oBAE5C,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;oBAC5E,YAAY,EAAE,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE;wBAChC,EAAE,EAAE,GAAG,CAAC,KAAK,CAAC,UAAU,EAAE,OAAO,CAAC;wBAClC,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;wBAC7B,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;qBACnC,CAAC;oBAEF,UAAU,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;oBACnE,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE;wBAChC,EAAE,EAAE,OAAO;wBACX,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;wBAC7B,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;qBACnC,CAAC;oBAEF,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE;yBACzB,OAAO,CAAC,gBAAgB,CAAC;yBACzB,QAAQ,EAAE;yBACV,QAAQ,CAAC,EAAE,qBAAqB,EAAE,6CAA6C,EAAE,CAAC;oBAErF,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;oBAC3C,gBAAgB,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;oBAE3C,mBAAmB,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,eAAe,CAAC;oBAC1D,eAAe,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;oBACpE,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE;yBACpB,KAAK,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC;yBACzD,OAAO,CAAC,MAAM,CAAC;oBAElB,gBAAgB;oBAChB,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;oBACjE,iBAAiB,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,aAAa,CAAC;oBACtD,2BAA2B,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAE1D,WAAW;oBACX,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;iBACvC,CAAC;aACH,CAAC;SACH;QACD,SAAS,EAAE,CAAC,qCAAgB,CAAC;QAC7B,OAAO,EAAE,CAAC,qCAAgB,CAAC;KAC5B,CAAC;GACW,eAAe,CAAG"}

package/dist/config/app-config.service.d.ts

@@ -0,0 +1,29 @@
+import { ConfigService } from '@nestjs/config';
+export declare class AppConfigService {
+    private readonly config;
+    constructor(config: ConfigService);
+    get port(): number;
+    get host(): string;
+    get nodeEnv(): string;
+    get isDev(): boolean;
+    get isProd(): boolean;
+    get adminSecret(): string;
+    get encryptionKey(): string;
+    get jwtPrivateKey(): string | undefined;
+    get jwtPublicKey(): string | undefined;
+    get jwtDefaultTtl(): number;
+    get dbType(): 'memory' | 'postgres' | 'mysql';
+    get databaseUrl(): string | undefined;
+    get cacheType(): 'memory' | 'redis';
+    get redisUrl(): string | undefined;
+    get rateLimitTtl(): number;
+    get rateLimitLimit(): number;
+    get metricsAllowedIPs(): string[];
+    get logLevel(): string;
+    get swaggerEnabled(): boolean;
+    get otelEnabled(): boolean;
+    get otelServiceName(): string;
+    get otlpEndpoint(): string | undefined;
+    get adminUiPath(): string | undefined;
+}
+//# sourceMappingURL=app-config.service.d.ts.map

package/dist/config/app-config.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"app-config.service.d.ts","sourceRoot":"","sources":["../../src/config/app-config.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAA;AAE9C,qBACa,gBAAgB;IACf,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,aAAa;IAElD,IAAI,IAAI,IAAI,MAAM,CAAiD;IACnE,IAAI,IAAI,IAAI,MAAM,CAAsD;IACxE,IAAI,OAAO,IAAI,MAAM,CAA8D;IACnF,IAAI,KAAK,IAAI,OAAO,CAA0C;IAC9D,IAAI,MAAM,IAAI,OAAO,CAAyC;IAE9D,IAAI,WAAW,IAAI,MAAM,CAA0D;IACnF,IAAI,aAAa,IAAI,MAAM,CAA4D;IAEvF,IAAI,aAAa,IAAI,MAAM,GAAG,SAAS,CAAsD;IAC7F,IAAI,YAAY,IAAI,MAAM,GAAG,SAAS,CAAqD;IAC3F,IAAI,aAAa,IAAI,MAAM,CAA6D;IAExF,IAAI,MAAM,IAAI,QAAQ,GAAG,UAAU,GAAG,OAAO,CAE5C;IACD,IAAI,WAAW,IAAI,MAAM,GAAG,SAAS,CAAmD;IAExF,IAAI,SAAS,IAAI,QAAQ,GAAG,OAAO,CAElC;IACD,IAAI,QAAQ,IAAI,MAAM,GAAG,SAAS,CAAgD;IAElF,IAAI,YAAY,IAAI,MAAM,CAA4D;IACtF,IAAI,cAAc,IAAI,MAAM,CAA4D;IAExF,IAAI,iBAAiB,IAAI,MAAM,EAAE,CAEhC;IACD,IAAI,QAAQ,IAAI,MAAM,CAAwD;IAE9E,IAAI,cAAc,IAAI,OAAO,CAE5B;IAGD,IAAI,WAAW,IAAI,OAAO,CAEzB;IACD,IAAI,eAAe,IAAI,MAAM,CAE5B;IACD,IAAI,YAAY,IAAI,MAAM,GAAG,SAAS,CAErC;IAED,IAAI,WAAW,IAAI,MAAM,GAAG,SAAS,CAEpC;CACF"}

package/dist/config/app-config.service.js

@@ -0,0 +1,66 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AppConfigService = void 0;
+const common_1 = require("@nestjs/common");
+const config_1 = require("@nestjs/config");
+let AppConfigService = class AppConfigService {
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    get port() { return this.config.get('PORT', 3000); }
+    get host() { return this.config.get('HOST', '0.0.0.0'); }
+    get nodeEnv() { return this.config.get('NODE_ENV', 'development'); }
+    get isDev() { return this.nodeEnv === 'development'; }
+    get isProd() { return this.nodeEnv === 'production'; }
+    get adminSecret() { return this.config.getOrThrow('ADMIN_SECRET'); }
+    get encryptionKey() { return this.config.getOrThrow('ENCRYPTION_KEY'); }
+    get jwtPrivateKey() { return this.config.get('JWT_PRIVATE_KEY'); }
+    get jwtPublicKey() { return this.config.get('JWT_PUBLIC_KEY'); }
+    get jwtDefaultTtl() { return this.config.get('JWT_DEFAULT_TTL', 86400); }
+    get dbType() {
+        return this.config.get('DB_TYPE', 'memory');
+    }
+    get databaseUrl() { return this.config.get('DATABASE_URL'); }
+    get cacheType() {
+        return this.config.get('CACHE_TYPE', 'memory');
+    }
+    get redisUrl() { return this.config.get('REDIS_URL'); }
+    get rateLimitTtl() { return this.config.get('RATE_LIMIT_TTL', 60000); }
+    get rateLimitLimit() { return this.config.get('RATE_LIMIT_LIMIT', 100); }
+    get metricsAllowedIPs() {
+        return this.config.get('METRICS_ALLOWED_IPS', '127.0.0.1,::1').split(',').map(s => s.trim());
+    }
+    get logLevel() { return this.config.get('LOG_LEVEL', 'info'); }
+    get swaggerEnabled() {
+        return this.config.get('SWAGGER_ENABLED', 'true') !== 'false';
+    }
+    // OpenTelemetry — read-only view of what otel.ts already consumed from process.env
+    get otelEnabled() {
+        return this.config.get('OTEL_ENABLED', 'true') !== 'false';
+    }
+    get otelServiceName() {
+        return this.config.get('OTEL_SERVICE_NAME', 'ucli-server');
+    }
+    get otlpEndpoint() {
+        return this.config.get('OTEL_EXPORTER_OTLP_ENDPOINT');
+    }
+    get adminUiPath() {
+        return this.config.get('ADMIN_UI_PATH');
+    }
+};
+exports.AppConfigService = AppConfigService;
+exports.AppConfigService = AppConfigService = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [config_1.ConfigService])
+], AppConfigService);
+//# sourceMappingURL=app-config.service.js.map

package/dist/config/app-config.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"app-config.service.js","sourceRoot":"","sources":["../../src/config/app-config.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA2C;AAC3C,2CAA8C;AAGvC,IAAM,gBAAgB,GAAtB,MAAM,gBAAgB;IACE;IAA7B,YAA6B,MAAqB;QAArB,WAAM,GAAN,MAAM,CAAe;IAAG,CAAC;IAEtD,IAAI,IAAI,KAAa,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAS,MAAM,EAAE,IAAI,CAAC,CAAA,CAAC,CAAC;IACnE,IAAI,IAAI,KAAa,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAS,MAAM,EAAE,SAAS,CAAC,CAAA,CAAC,CAAC;IACxE,IAAI,OAAO,KAAa,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAS,UAAU,EAAE,aAAa,CAAC,CAAA,CAAC,CAAC;IACnF,IAAI,KAAK,KAAc,OAAO,IAAI,CAAC,OAAO,KAAK,aAAa,CAAA,CAAC,CAAC;IAC9D,IAAI,MAAM,KAAc,OAAO,IAAI,CAAC,OAAO,KAAK,YAAY,CAAA,CAAC,CAAC;IAE9D,IAAI,WAAW,KAAa,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAS,cAAc,CAAC,CAAA,CAAC,CAAC;IACnF,IAAI,aAAa,KAAa,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAS,gBAAgB,CAAC,CAAA,CAAC,CAAC;IAEvF,IAAI,aAAa,KAAyB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAS,iBAAiB,CAAC,CAAA,CAAC,CAAC;IAC7F,IAAI,YAAY,KAAyB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAS,gBAAgB,CAAC,CAAA,CAAC,CAAC;IAC3F,IAAI,aAAa,KAAa,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAS,iBAAiB,EAAE,KAAK,CAAC,CAAA,CAAC,CAAC;IAExF,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAkC,SAAS,EAAE,QAAQ,CAAC,CAAA;IAC9E,CAAC;IACD,IAAI,WAAW,KAAyB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAS,cAAc,CAAC,CAAA,CAAC,CAAC;IAExF,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAqB,YAAY,EAAE,QAAQ,CAAC,CAAA;IACpE,CAAC;IACD,IAAI,QAAQ,KAAyB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAS,WAAW,CAAC,CAAA,CAAC,CAAC;IAElF,IAAI,YAAY,KAAa,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAS,gBAAgB,EAAE,KAAK,CAAC,CAAA,CAAC,CAAC;IACtF,IAAI,cAAc,KAAa,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAS,kBAAkB,EAAE,GAAG,CAAC,CAAA,CAAC,CAAC;IAExF,IAAI,iBAAiB;QACnB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAS,qBAAqB,EAAE,eAAe,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAA;IACtG,CAAC;IACD,IAAI,QAAQ,KAAa,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAS,WAAW,EAAE,MAAM,CAAC,CAAA,CAAC,CAAC;IAE9E,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAS,iBAAiB,EAAE,MAAM,CAAC,KAAK,OAAO,CAAA;IACvE,CAAC;IAED,mFAAmF;IACnF,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAS,cAAc,EAAE,MAAM,CAAC,KAAK,OAAO,CAAA;IACpE,CAAC;IACD,IAAI,eAAe;QACjB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAS,mBAAmB,EAAE,aAAa,CAAC,CAAA;IACpE,CAAC;IACD,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAS,6BAA6B,CAAC,CAAA;IAC/D,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAS,eAAe,CAAC,CAAA;IACjD,CAAC;CACF,CAAA;AApDY,4CAAgB;2BAAhB,gBAAgB;IAD5B,IAAA,mBAAU,GAAE;qCAE0B,sBAAa;GADvC,gBAAgB,CAoD5B"}

package/dist/crypto/crypto.module.d.ts

@@ -0,0 +1,3 @@
+export declare class CryptoModule {
+}
+//# sourceMappingURL=crypto.module.d.ts.map

package/dist/crypto/crypto.module.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.module.d.ts","sourceRoot":"","sources":["../../src/crypto/crypto.module.ts"],"names":[],"mappings":"AAIA,qBAIa,YAAY;CAAG"}

package/dist/crypto/crypto.module.js

@@ -0,0 +1,22 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CryptoModule = void 0;
+const common_1 = require("@nestjs/common");
+const jwt_service_1 = require("./jwt.service");
+const encryption_service_1 = require("./encryption.service");
+let CryptoModule = class CryptoModule {
+};
+exports.CryptoModule = CryptoModule;
+exports.CryptoModule = CryptoModule = __decorate([
+    (0, common_1.Module)({
+        providers: [jwt_service_1.JwtService, encryption_service_1.EncryptionService],
+        exports: [jwt_service_1.JwtService, encryption_service_1.EncryptionService],
+    })
+], CryptoModule);
+//# sourceMappingURL=crypto.module.js.map

package/dist/crypto/crypto.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.module.js","sourceRoot":"","sources":["../../src/crypto/crypto.module.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAAuC;AACvC,+CAA0C;AAC1C,6DAAwD;AAMjD,IAAM,YAAY,GAAlB,MAAM,YAAY;CAAG,CAAA;AAAf,oCAAY;uBAAZ,YAAY;IAJxB,IAAA,eAAM,EAAC;QACN,SAAS,EAAE,CAAC,wBAAU,EAAE,sCAAiB,CAAC;QAC1C,OAAO,EAAE,CAAC,wBAAU,EAAE,sCAAiB,CAAC;KACzC,CAAC;GACW,YAAY,CAAG"}

package/dist/crypto/encryption.service.d.ts

@@ -0,0 +1,9 @@
+import { AppConfigService } from '../config/app-config.service';
+export declare class EncryptionService {
+    private readonly appConfig;
+    constructor(appConfig: AppConfigService);
+    private getKey;
+    encrypt(config: object): string;
+    decrypt(encoded: string): object;
+}
+//# sourceMappingURL=encryption.service.d.ts.map

package/dist/crypto/encryption.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.service.d.ts","sourceRoot":"","sources":["../../src/crypto/encryption.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAA;AAM/D,qBACa,iBAAiB;IAChB,OAAO,CAAC,QAAQ,CAAC,SAAS;gBAAT,SAAS,EAAE,gBAAgB;IAExD,OAAO,CAAC,MAAM;IAId,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;IAa/B,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM;CAkBjC"}

package/dist/crypto/encryption.service.js

@@ -0,0 +1,59 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EncryptionService = void 0;
+const common_1 = require("@nestjs/common");
+const node_crypto_1 = require("node:crypto");
+const app_config_service_1 = require("../config/app-config.service");
+const ALGORITHM = 'aes-256-gcm';
+const IV_LENGTH = 12;
+const TAG_LENGTH = 16;
+let EncryptionService = class EncryptionService {
+    appConfig;
+    constructor(appConfig) {
+        this.appConfig = appConfig;
+    }
+    getKey() {
+        return Buffer.from(this.appConfig.encryptionKey, 'hex');
+    }
+    encrypt(config) {
+        const key = this.getKey();
+        const iv = (0, node_crypto_1.randomBytes)(IV_LENGTH);
+        const cipher = (0, node_crypto_1.createCipheriv)(ALGORITHM, key, iv, { authTagLength: TAG_LENGTH });
+        const plaintext = JSON.stringify(config);
+        const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
+        const tag = cipher.getAuthTag();
+        const combined = Buffer.concat([iv, tag, encrypted]);
+        return combined.toString('base64url');
+    }
+    decrypt(encoded) {
+        const key = this.getKey();
+        const combined = Buffer.from(encoded, 'base64url');
+        const iv = combined.subarray(0, IV_LENGTH);
+        const tag = combined.subarray(IV_LENGTH, IV_LENGTH + TAG_LENGTH);
+        const ciphertext = combined.subarray(IV_LENGTH + TAG_LENGTH);
+        const decipher = (0, node_crypto_1.createDecipheriv)(ALGORITHM, key, iv, { authTagLength: TAG_LENGTH });
+        decipher.setAuthTag(tag);
+        const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+        try {
+            return JSON.parse(decrypted.toString('utf8'));
+        }
+        catch {
+            throw new common_1.InternalServerErrorException('Failed to decrypt auth configuration — data may be corrupted');
+        }
+    }
+};
+exports.EncryptionService = EncryptionService;
+exports.EncryptionService = EncryptionService = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [app_config_service_1.AppConfigService])
+], EncryptionService);
+//# sourceMappingURL=encryption.service.js.map

package/dist/crypto/encryption.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.service.js","sourceRoot":"","sources":["../../src/crypto/encryption.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAyE;AACzE,6CAA2E;AAC3E,qEAA+D;AAE/D,MAAM,SAAS,GAAG,aAAa,CAAA;AAC/B,MAAM,SAAS,GAAG,EAAE,CAAA;AACpB,MAAM,UAAU,GAAG,EAAE,CAAA;AAGd,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IACC;IAA7B,YAA6B,SAA2B;QAA3B,cAAS,GAAT,SAAS,CAAkB;IAAG,CAAC;IAEpD,MAAM;QACZ,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,KAAK,CAAC,CAAA;IACzD,CAAC;IAED,OAAO,CAAC,MAAc;QACpB,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,CAAA;QACzB,MAAM,EAAE,GAAG,IAAA,yBAAW,EAAC,SAAS,CAAC,CAAA;QACjC,MAAM,MAAM,GAAG,IAAA,4BAAc,EAAC,SAAS,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC,CAAA;QAEhF,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;QACxC,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;QACnF,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;QAE/B,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC,CAAA;QACpD,OAAO,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;IACvC,CAAC;IAED,OAAO,CAAC,OAAe;QACrB,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,CAAA;QACzB,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAA;QAElD,MAAM,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAA;QAC1C,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,SAAS,EAAE,SAAS,GAAG,UAAU,CAAC,CAAA;QAChE,MAAM,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC,SAAS,GAAG,UAAU,CAAC,CAAA;QAE5D,MAAM,QAAQ,GAAG,IAAA,8BAAgB,EAAC,SAAS,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC,CAAA;QACpF,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;QAExB,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;QAChF,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAW,CAAA;QACzD,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,qCAA4B,CAAC,8DAA8D,CAAC,CAAA;QACxG,CAAC;IACH,CAAC;CACF,CAAA;AAtCY,8CAAiB;4BAAjB,iBAAiB;IAD7B,IAAA,mBAAU,GAAE;qCAE6B,qCAAgB;GAD7C,iBAAiB,CAsC7B"}

package/dist/crypto/jwt.service.d.ts

@@ -0,0 +1,28 @@
+import { OnModuleInit } from '@nestjs/common';
+import { AppConfigService } from '../config/app-config.service';
+export interface JwtPayload {
+    sub: string;
+    jti: string;
+    scope: string;
+    group: string;
+    iss: string;
+    iat: number;
+    exp?: number;
+}
+export declare class JwtService implements OnModuleInit {
+    private readonly appConfig;
+    private readonly logger;
+    private privateKey;
+    private publicKey;
+    constructor(appConfig: AppConfigService);
+    onModuleInit(): Promise<void>;
+    sign(opts: {
+        groupId: string;
+        groupName: string;
+        jti: string;
+        scopes: string[];
+        expiresAt: Date | null;
+    }): Promise<string>;
+    verify(token: string): Promise<JwtPayload>;
+}
+//# sourceMappingURL=jwt.service.d.ts.map

package/dist/crypto/jwt.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.service.d.ts","sourceRoot":"","sources":["../../src/crypto/jwt.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,YAAY,EAAU,MAAM,gBAAgB,CAAA;AAWjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAA;AAK/D,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;IACb,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,CAAC,EAAE,MAAM,CAAA;CACb;AAED,qBACa,UAAW,YAAW,YAAY;IAKjC,OAAO,CAAC,QAAQ,CAAC,SAAS;IAJtC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA8B;IACrD,OAAO,CAAC,UAAU,CAAU;IAC5B,OAAO,CAAC,SAAS,CAAU;gBAEE,SAAS,EAAE,gBAAgB;IAElD,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IA2B7B,IAAI,CAAC,IAAI,EAAE;QACf,OAAO,EAAE,MAAM,CAAA;QACf,SAAS,EAAE,MAAM,CAAA;QACjB,GAAG,EAAE,MAAM,CAAA;QACX,MAAM,EAAE,MAAM,EAAE,CAAA;QAChB,SAAS,EAAE,IAAI,GAAG,IAAI,CAAA;KACvB,GAAG,OAAO,CAAC,MAAM,CAAC;IAeb,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;CAOjD"}

package/dist/crypto/jwt.service.js

@@ -0,0 +1,72 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var JwtService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtService = void 0;
+const common_1 = require("@nestjs/common");
+const jose_1 = require("jose");
+const app_config_service_1 = require("../config/app-config.service");
+const ALGORITHM = 'RS256';
+const ISSUER = 'ucli-server';
+let JwtService = JwtService_1 = class JwtService {
+    appConfig;
+    logger = new common_1.Logger(JwtService_1.name);
+    privateKey;
+    publicKey;
+    constructor(appConfig) {
+        this.appConfig = appConfig;
+    }
+    async onModuleInit() {
+        if (this.appConfig.jwtPrivateKey && this.appConfig.jwtPublicKey) {
+            this.privateKey = await (0, jose_1.importPKCS8)(Buffer.from(this.appConfig.jwtPrivateKey, 'base64').toString('utf8'), ALGORITHM);
+            this.publicKey = await (0, jose_1.importSPKI)(Buffer.from(this.appConfig.jwtPublicKey, 'base64').toString('utf8'), ALGORITHM);
+            this.logger.log('JWT keys loaded from environment');
+        }
+        else {
+            if (this.appConfig.isProd) {
+                throw new Error('JWT_PRIVATE_KEY and JWT_PUBLIC_KEY must be set in production');
+            }
+            this.logger.warn('Generating ephemeral RS256 key pair — DO NOT use in production');
+            const { privateKey, publicKey } = await (0, jose_1.generateKeyPair)(ALGORITHM, { modulusLength: 2048 });
+            this.privateKey = privateKey;
+            this.publicKey = publicKey;
+            const privPem = await (0, jose_1.exportPKCS8)(privateKey);
+            const pubPem = await (0, jose_1.exportSPKI)(publicKey);
+            this.logger.debug(`JWT_PRIVATE_KEY=${Buffer.from(privPem).toString('base64')}`);
+            this.logger.debug(`JWT_PUBLIC_KEY=${Buffer.from(pubPem).toString('base64')}`);
+        }
+    }
+    async sign(opts) {
+        let builder = new jose_1.SignJWT({ scope: opts.scopes.join(' '), group: opts.groupName })
+            .setProtectedHeader({ alg: ALGORITHM })
+            .setIssuer(ISSUER)
+            .setSubject(opts.groupId)
+            .setJti(opts.jti)
+            .setIssuedAt();
+        if (opts.expiresAt) {
+            builder = builder.setExpirationTime(Math.floor(opts.expiresAt.getTime() / 1000));
+        }
+        return builder.sign(this.privateKey);
+    }
+    async verify(token) {
+        const { payload } = await (0, jose_1.jwtVerify)(token, this.publicKey, {
+            issuer: ISSUER,
+            algorithms: [ALGORITHM],
+        });
+        return payload;
+    }
+};
+exports.JwtService = JwtService;
+exports.JwtService = JwtService = JwtService_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [app_config_service_1.AppConfigService])
+], JwtService);
+//# sourceMappingURL=jwt.service.js.map

package/dist/crypto/jwt.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.service.js","sourceRoot":"","sources":["../../src/crypto/jwt.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,2CAAiE;AACjE,+BASa;AACb,qEAA+D;AAE/D,MAAM,SAAS,GAAG,OAAO,CAAA;AACzB,MAAM,MAAM,GAAG,aAAa,CAAA;AAarB,IAAM,UAAU,kBAAhB,MAAM,UAAU;IAKQ;IAJZ,MAAM,GAAG,IAAI,eAAM,CAAC,YAAU,CAAC,IAAI,CAAC,CAAA;IAC7C,UAAU,CAAU;IACpB,SAAS,CAAU;IAE3B,YAA6B,SAA2B;QAA3B,cAAS,GAAT,SAAS,CAAkB;IAAG,CAAC;IAE5D,KAAK,CAAC,YAAY;QAChB,IAAI,IAAI,CAAC,SAAS,CAAC,aAAa,IAAI,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;YAChE,IAAI,CAAC,UAAU,GAAG,MAAM,IAAA,kBAAW,EACjC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EACpE,SAAS,CACV,CAAA;YACD,IAAI,CAAC,SAAS,GAAG,MAAM,IAAA,iBAAU,EAC/B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EACnE,SAAS,CACV,CAAA;YACD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAA;QACrD,CAAC;aAAM,CAAC;YACN,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAA;YACjF,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAA;YAClF,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,IAAA,sBAAe,EAAC,SAAS,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAA;YAC3F,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;YAC5B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;YAE1B,MAAM,OAAO,GAAG,MAAM,IAAA,kBAAW,EAAC,UAAU,CAAC,CAAA;YAC7C,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAU,EAAC,SAAS,CAAC,CAAA;YAC1C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;YAC/E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;QAC/E,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,IAMV;QACC,IAAI,OAAO,GAAG,IAAI,cAAO,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;aAC/E,kBAAkB,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;aACtC,SAAS,CAAC,MAAM,CAAC;aACjB,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC;aACxB,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;aAChB,WAAW,EAAE,CAAA;QAEhB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,OAAO,GAAG,OAAO,CAAC,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,CAAA;QAClF,CAAC;QAED,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACtC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAA,gBAAS,EAAC,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE;YACzD,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,CAAC,SAAS,CAAC;SACxB,CAAC,CAAA;QACF,OAAO,OAAgC,CAAA;IACzC,CAAC;CACF,CAAA;AA9DY,gCAAU;qBAAV,UAAU;IADtB,IAAA,mBAAU,GAAE;qCAM6B,qCAAgB;GAL7C,UAAU,CA8DtB"}

package/dist/groups/dto/create-group.dto.d.ts

@@ -0,0 +1,5 @@
+export declare class CreateGroupDto {
+    name: string;
+    description?: string;
+}
+//# sourceMappingURL=create-group.dto.d.ts.map

package/dist/groups/dto/create-group.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-group.dto.d.ts","sourceRoot":"","sources":["../../../src/groups/dto/create-group.dto.ts"],"names":[],"mappings":"AAGA,qBAAa,cAAc;IAKzB,IAAI,EAAG,MAAM,CAAA;IAMb,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB"}

package/dist/groups/dto/create-group.dto.js

@@ -0,0 +1,34 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CreateGroupDto = void 0;
+const class_validator_1 = require("class-validator");
+const swagger_1 = require("@nestjs/swagger");
+class CreateGroupDto {
+    name;
+    description;
+}
+exports.CreateGroupDto = CreateGroupDto;
+__decorate([
+    (0, swagger_1.ApiProperty)({ example: 'production', description: 'Unique group name (lowercase alphanumeric, hyphens, underscores)' }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.Length)(1, 100),
+    (0, class_validator_1.Matches)(/^[a-z0-9\-_]+$/, { message: 'name must be lowercase alphanumeric with hyphens/underscores' }),
+    __metadata("design:type", String)
+], CreateGroupDto.prototype, "name", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({ example: 'Production environment agents', description: 'Optional group description' }),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.Length)(0, 500),
+    __metadata("design:type", String)
+], CreateGroupDto.prototype, "description", void 0);
+//# sourceMappingURL=create-group.dto.js.map

package/dist/groups/dto/create-group.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-group.dto.js","sourceRoot":"","sources":["../../../src/groups/dto/create-group.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAuE;AACvE,6CAAkE;AAElE,MAAa,cAAc;IAKzB,IAAI,CAAS;IAMb,WAAW,CAAS;CACrB;AAZD,wCAYC;AAPC;IAJC,IAAA,qBAAW,EAAC,EAAE,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,kEAAkE,EAAE,CAAC;IACvH,IAAA,0BAAQ,GAAE;IACV,IAAA,wBAAM,EAAC,CAAC,EAAE,GAAG,CAAC;IACd,IAAA,yBAAO,EAAC,gBAAgB,EAAE,EAAE,OAAO,EAAE,8DAA8D,EAAE,CAAC;;4CAC1F;AAMb;IAJC,IAAA,6BAAmB,EAAC,EAAE,OAAO,EAAE,+BAA+B,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;IAC5G,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,GAAE;IACV,IAAA,wBAAM,EAAC,CAAC,EAAE,GAAG,CAAC;;mDACK"}

package/dist/groups/groups.controller.d.ts

@@ -0,0 +1,9 @@
+import { GroupsService } from './groups.service';
+import { CreateGroupDto } from './dto/create-group.dto';
+export declare class GroupsController {
+    private readonly groupsService;
+    constructor(groupsService: GroupsService);
+    create(dto: CreateGroupDto): Promise<import("../storage/interfaces/repos.interface").Group>;
+    findAll(): Promise<import("../storage/interfaces/repos.interface").Group[]>;
+}
+//# sourceMappingURL=groups.controller.d.ts.map

package/dist/groups/groups.controller.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"groups.controller.d.ts","sourceRoot":"","sources":["../../src/groups/groups.controller.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAA;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AAEvD,qBAIa,gBAAgB;IACf,OAAO,CAAC,QAAQ,CAAC,aAAa;gBAAb,aAAa,EAAE,aAAa;IAOzD,MAAM,CAAS,GAAG,EAAE,cAAc;IAOlC,OAAO;CAGR"}

package/dist/groups/groups.controller.js

@@ -0,0 +1,60 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GroupsController = void 0;
+const common_1 = require("@nestjs/common");
+const swagger_1 = require("@nestjs/swagger");
+const admin_guard_1 = require("../auth/admin.guard");
+const groups_service_1 = require("./groups.service");
+const create_group_dto_1 = require("./dto/create-group.dto");
+let GroupsController = class GroupsController {
+    groupsService;
+    constructor(groupsService) {
+        this.groupsService = groupsService;
+    }
+    create(dto) {
+        return this.groupsService.create({ name: dto.name, description: dto.description ?? '' });
+    }
+    findAll() {
+        return this.groupsService.findAll();
+    }
+};
+exports.GroupsController = GroupsController;
+__decorate([
+    (0, common_1.Post)(),
+    (0, common_1.HttpCode)(201),
+    (0, swagger_1.ApiOperation)({ summary: 'Create a new group' }),
+    (0, swagger_1.ApiResponse)({ status: 201, description: 'Group created successfully' }),
+    (0, swagger_1.ApiResponse)({ status: 409, description: 'Group name already exists' }),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [create_group_dto_1.CreateGroupDto]),
+    __metadata("design:returntype", void 0)
+], GroupsController.prototype, "create", null);
+__decorate([
+    (0, common_1.Get)(),
+    (0, swagger_1.ApiOperation)({ summary: 'List all groups' }),
+    (0, swagger_1.ApiResponse)({ status: 200, description: 'List of groups' }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", []),
+    __metadata("design:returntype", void 0)
+], GroupsController.prototype, "findAll", null);
+exports.GroupsController = GroupsController = __decorate([
+    (0, swagger_1.ApiTags)('Admin / Groups'),
+    (0, swagger_1.ApiSecurity)('AdminSecret'),
+    (0, common_1.Controller)('admin/groups'),
+    (0, common_1.UseGuards)(admin_guard_1.AdminGuard),
+    __metadata("design:paramtypes", [groups_service_1.GroupsService])
+], GroupsController);
+//# sourceMappingURL=groups.controller.js.map

package/dist/groups/groups.controller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"groups.controller.js","sourceRoot":"","sources":["../../src/groups/groups.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAiF;AACjF,6CAAiF;AACjF,qDAAgD;AAChD,qDAAgD;AAChD,6DAAuD;AAMhD,IAAM,gBAAgB,GAAtB,MAAM,gBAAgB;IACE;IAA7B,YAA6B,aAA4B;QAA5B,kBAAa,GAAb,aAAa,CAAe;IAAG,CAAC;IAO7D,MAAM,CAAS,GAAmB;QAChC,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC,CAAA;IAC1F,CAAC;IAKD,OAAO;QACL,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAA;IACrC,CAAC;CACF,CAAA;AAlBY,4CAAgB;AAQ3B;IALC,IAAA,aAAI,GAAE;IACN,IAAA,iBAAQ,EAAC,GAAG,CAAC;IACb,IAAA,sBAAY,EAAC,EAAE,OAAO,EAAE,oBAAoB,EAAE,CAAC;IAC/C,IAAA,qBAAW,EAAC,EAAE,MAAM,EAAE,GAAG,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;IACvE,IAAA,qBAAW,EAAC,EAAE,MAAM,EAAE,GAAG,EAAE,WAAW,EAAE,2BAA2B,EAAE,CAAC;IAC/D,WAAA,IAAA,aAAI,GAAE,CAAA;;qCAAM,iCAAc;;8CAEjC;AAKD;IAHC,IAAA,YAAG,GAAE;IACL,IAAA,sBAAY,EAAC,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC;IAC5C,IAAA,qBAAW,EAAC,EAAE,MAAM,EAAE,GAAG,EAAE,WAAW,EAAE,gBAAgB,EAAE,CAAC;;;;+CAG3D;2BAjBU,gBAAgB;IAJ5B,IAAA,iBAAO,EAAC,gBAAgB,CAAC;IACzB,IAAA,qBAAW,EAAC,aAAa,CAAC;IAC1B,IAAA,mBAAU,EAAC,cAAc,CAAC;IAC1B,IAAA,kBAAS,EAAC,wBAAU,CAAC;qCAEwB,8BAAa;GAD9C,gBAAgB,CAkB5B"}

package/dist/groups/groups.module.d.ts

@@ -0,0 +1,3 @@
+export declare class GroupsModule {
+}
+//# sourceMappingURL=groups.module.d.ts.map

package/dist/groups/groups.module.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"groups.module.d.ts","sourceRoot":"","sources":["../../src/groups/groups.module.ts"],"names":[],"mappings":"AAKA,qBAMa,YAAY;CAAG"}

package/dist/groups/groups.module.js

@@ -0,0 +1,25 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GroupsModule = void 0;
+const common_1 = require("@nestjs/common");
+const auth_module_1 = require("../auth/auth.module");
+const groups_controller_1 = require("./groups.controller");
+const groups_service_1 = require("./groups.service");
+let GroupsModule = class GroupsModule {
+};
+exports.GroupsModule = GroupsModule;
+exports.GroupsModule = GroupsModule = __decorate([
+    (0, common_1.Module)({
+        imports: [auth_module_1.AuthModule],
+        controllers: [groups_controller_1.GroupsController],
+        providers: [groups_service_1.GroupsService],
+        exports: [groups_service_1.GroupsService],
+    })
+], GroupsModule);
+//# sourceMappingURL=groups.module.js.map

package/dist/groups/groups.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"groups.module.js","sourceRoot":"","sources":["../../src/groups/groups.module.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAAuC;AACvC,qDAAgD;AAChD,2DAAsD;AACtD,qDAAgD;AAQzC,IAAM,YAAY,GAAlB,MAAM,YAAY;CAAG,CAAA;AAAf,oCAAY;uBAAZ,YAAY;IANxB,IAAA,eAAM,EAAC;QACN,OAAO,EAAE,CAAC,wBAAU,CAAC;QACrB,WAAW,EAAE,CAAC,oCAAgB,CAAC;QAC/B,SAAS,EAAE,CAAC,8BAAa,CAAC;QAC1B,OAAO,EAAE,CAAC,8BAAa,CAAC;KACzB,CAAC;GACW,YAAY,CAAG"}

package/dist/groups/groups.service.d.ts

@@ -0,0 +1,9 @@
+import type { IGroupRepo, Group, CreateGroupInput } from '../storage/interfaces/repos.interface';
+export declare class GroupsService {
+    private readonly groupRepo;
+    constructor(groupRepo: IGroupRepo);
+    create(data: CreateGroupInput): Promise<Group>;
+    findAll(): Promise<Group[]>;
+    findById(id: string): Promise<Group>;
+}
+//# sourceMappingURL=groups.service.d.ts.map

package/dist/groups/groups.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"groups.service.d.ts","sourceRoot":"","sources":["../../src/groups/groups.service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAA;AAEhG,qBACa,aAAa;IACQ,OAAO,CAAC,QAAQ,CAAC,SAAS;gBAAT,SAAS,EAAE,UAAU;IAEhE,MAAM,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC;IAM9C,OAAO,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;IAI3B,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;CAK3C"}