@unimatrix27/ralph-harness 1.0.0

package/dist/bin/ralph-gsm.js

@@ -0,0 +1,93 @@
+#!/usr/bin/env node
+//
+// ralph-gsm — CLI wrapper around src/lib/github-state-mutator. Drop-in
+// replacement for the (deleted) bin/gsm bash script.
+//
+// Usage:
+//   ralph-gsm swap-label <repo> <issue#> <from-label> <to-label>
+//   ralph-gsm comment-issue <repo> <issue#> <body>
+//   ralph-gsm find-or-create-log <repo> <milestone>
+//   ralph-gsm append-caveman-log <repo> <log#> <issue#> <summary> [<gotcha>]
+//
+// Exit codes (matching bin/gsm):
+//   0  success
+//   2  usage / missing required argument
+//   non-zero  propagated from gh via GhRunnerError
+import { GhRunnerError, appendCavemanLog, commentIssue, findOrCreateMilestoneLogIssue, moduleErr, swapLabel, } from "../lib/github-state-mutator.js";
+const USAGE = `usage: ralph-gsm <command> [args]
+
+commands:
+  swap-label <repo> <issue#> <from-label> <to-label>
+  comment-issue <repo> <issue#> <body>
+  find-or-create-log <repo> <milestone>
+  append-caveman-log <repo> <log#> <issue#> <summary> [<gotcha>]
+`;
+function fail(message, code) {
+    process.stderr.write(moduleErr(message) + "\n");
+    process.exit(code);
+}
+function usage(code) {
+    process.stderr.write(USAGE);
+    process.exit(code);
+}
+function parseIssueNum(raw, label) {
+    const n = Number.parseInt(raw, 10);
+    if (!Number.isFinite(n) || n <= 0 || String(n) !== raw) {
+        fail(`${label} must be a positive integer, got '${raw}'`, 2);
+    }
+    return n;
+}
+function requireArgs(cmd, want, got) {
+    if (got < want)
+        fail(`${cmd}: expected ${want} args, got ${got}`, 2);
+}
+const args = process.argv.slice(2);
+const cmd = args[0];
+if (!cmd)
+    usage(2);
+if (cmd === "-h" || cmd === "--help" || cmd === "help")
+    usage(0);
+const rest = args.slice(1);
+try {
+    switch (cmd) {
+        case "swap-label": {
+            requireArgs("swap-label", 4, rest.length);
+            const [repo, numRaw, from, to] = rest;
+            swapLabel(repo, parseIssueNum(numRaw, "issue#"), from, to);
+            break;
+        }
+        case "comment-issue": {
+            requireArgs("comment-issue", 3, rest.length);
+            const [repo, numRaw, body] = rest;
+            commentIssue(repo, parseIssueNum(numRaw, "issue#"), body);
+            break;
+        }
+        case "find-or-create-log": {
+            requireArgs("find-or-create-log", 2, rest.length);
+            const [repo, milestone] = rest;
+            const n = findOrCreateMilestoneLogIssue(repo, milestone);
+            process.stdout.write(`${n}\n`);
+            break;
+        }
+        case "append-caveman-log": {
+            requireArgs("append-caveman-log", 4, rest.length);
+            const [repo, logRaw, issueRaw, summary, gotcha] = rest;
+            appendCavemanLog(repo, parseIssueNum(logRaw, "log#"), parseIssueNum(issueRaw, "issue#"), summary, gotcha);
+            break;
+        }
+        default:
+            process.stderr.write(`ralph-gsm: unknown command: ${cmd}\n`);
+            usage(2);
+    }
+}
+catch (err) {
+    if (err instanceof GhRunnerError) {
+        process.stderr.write(moduleErr(err.message) + "\n");
+        process.exit(err.exitCode === 0 ? 1 : err.exitCode);
+    }
+    const detail = err instanceof Error ? err.message : String(err);
+    process.stderr.write(detail + "\n");
+    process.exit(1);
+}
+process.exit(0);
+//# sourceMappingURL=ralph-gsm.js.map

package/dist/bin/ralph-gsm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ralph-gsm.js","sourceRoot":"","sources":["../../src/bin/ralph-gsm.ts"],"names":[],"mappings":";AACA,EAAE;AACF,uEAAuE;AACvE,qDAAqD;AACrD,EAAE;AACF,SAAS;AACT,iEAAiE;AACjE,mDAAmD;AACnD,oDAAoD;AACpD,6EAA6E;AAC7E,EAAE;AACF,iCAAiC;AACjC,eAAe;AACf,yCAAyC;AACzC,mDAAmD;AAEnD,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,YAAY,EACZ,6BAA6B,EAC7B,SAAS,EACT,SAAS,GACV,MAAM,gCAAgC,CAAC;AAExC,MAAM,KAAK,GAAG;;;;;;;CAOb,CAAC;AAEF,SAAS,IAAI,CAAC,OAAe,EAAE,IAAY;IACzC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;IAChD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACrB,CAAC;AAED,SAAS,KAAK,CAAC,IAAY;IACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC5B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACrB,CAAC;AAED,SAAS,aAAa,CAAC,GAAW,EAAE,KAAa;IAC/C,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACnC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;QACvD,IAAI,CAAC,GAAG,KAAK,qCAAqC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,WAAW,CAAC,GAAW,EAAE,IAAY,EAAE,GAAW;IACzD,IAAI,GAAG,GAAG,IAAI;QAAE,IAAI,CAAC,GAAG,GAAG,cAAc,IAAI,cAAc,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;AAEpB,IAAI,CAAC,GAAG;IAAE,KAAK,CAAC,CAAC,CAAC,CAAC;AACnB,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,MAAM;IAAE,KAAK,CAAC,CAAC,CAAC,CAAC;AAEjE,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AAE3B,IAAI,CAAC;IACH,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,YAAY,CAAC,CAAC,CAAC;YAClB,WAAW,CAAC,YAAY,EAAE,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,IAAwC,CAAC;YAC1E,SAAS,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;YAC3D,MAAM;QACR,CAAC;QACD,KAAK,eAAe,CAAC,CAAC,CAAC;YACrB,WAAW,CAAC,eAAe,EAAE,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YAC7C,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,IAAgC,CAAC;YAC9D,YAAY,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAC;YAC1D,MAAM;QACR,CAAC;QACD,KAAK,oBAAoB,CAAC,CAAC,CAAC;YAC1B,WAAW,CAAC,oBAAoB,EAAE,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YAClD,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,IAAwB,CAAC;YACnD,MAAM,CAAC,GAAG,6BAA6B,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YACzD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC/B,MAAM;QACR,CAAC;QACD,KAAK,oBAAoB,CAAC,CAAC,CAAC;YAC1B,WAAW,CAAC,oBAAoB,EAAE,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YAClD,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,IAMjD,CAAC;YACF,gBAAgB,CACd,IAAI,EACJ,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,EAC7B,aAAa,CAAC,QAAQ,EAAE,QAAQ,CAAC,EACjC,OAAO,EACP,MAAM,CACP,CAAC;YACF,MAAM;QACR,CAAC;QACD;YACE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,GAAG,IAAI,CAAC,CAAC;YAC7D,KAAK,CAAC,CAAC,CAAC,CAAC;IACb,CAAC;AACH,CAAC;AAAC,OAAO,GAAG,EAAE,CAAC;IACb,IAAI,GAAG,YAAY,aAAa,EAAE,CAAC;QACjC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;QACpD,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAChE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACpC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC"}

package/dist/bin/ralph-orchestrate.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=ralph-orchestrate.d.ts.map

package/dist/bin/ralph-orchestrate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ralph-orchestrate.d.ts","sourceRoot":"","sources":["../../src/bin/ralph-orchestrate.ts"],"names":[],"mappings":""}

package/dist/bin/ralph-orchestrate.js

@@ -0,0 +1,20 @@
+#!/usr/bin/env node
+//
+// ralph-orchestrate — slice 5 orchestrator (real). Replaces the iteration-1
+// `lib/ec2-orchestrator.sh`. Runs the discovery → implementation → review
+// state machine on a freshly bootstrapped EC2 worker.
+//
+// Usage:
+//   ralph-orchestrate
+//
+// Reads the env contract documented in lib/ec2-orchestrator.ts. Exit codes
+// are byte-compatible with iteration 1's `orch::run`.
+import { run } from "../lib/ec2-orchestrator.js";
+run()
+    .then((rc) => process.exit(rc))
+    .catch((err) => {
+    const msg = err instanceof Error ? err.message : String(err);
+    process.stderr.write(`ralph-orchestrate: ${msg}\n`);
+    process.exit(1);
+});
+//# sourceMappingURL=ralph-orchestrate.js.map

package/dist/bin/ralph-orchestrate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ralph-orchestrate.js","sourceRoot":"","sources":["../../src/bin/ralph-orchestrate.ts"],"names":[],"mappings":";AACA,EAAE;AACF,4EAA4E;AAC5E,0EAA0E;AAC1E,sDAAsD;AACtD,EAAE;AACF,SAAS;AACT,sBAAsB;AACtB,EAAE;AACF,2EAA2E;AAC3E,sDAAsD;AAEtD,OAAO,EAAE,GAAG,EAAE,MAAM,4BAA4B,CAAC;AAEjD,GAAG,EAAE;KACF,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;KAC9B,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC7D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,GAAG,IAAI,CAAC,CAAC;IACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/bin/ralph-sync-credential.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=ralph-sync-credential.d.ts.map

package/dist/bin/ralph-sync-credential.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ralph-sync-credential.d.ts","sourceRoot":"","sources":["../../src/bin/ralph-sync-credential.ts"],"names":[],"mappings":""}

package/dist/bin/ralph-sync-credential.js

@@ -0,0 +1,44 @@
+#!/usr/bin/env node
+//
+// ralph-sync-credential — extract the macOS Keychain `Claude Code-credentials`
+// entry and write it into SSM as a SecureString. Drop-in replacement for the
+// (deleted) bin/sync-credential.sh. Re-run after every desktop `claude /login`.
+//
+// Usage:
+//   ralph-sync-credential [<ssm-key>]
+//
+// Reads from env:
+//   RALPH_CLAUDE_OAUTH_SSM_KEY    SSM parameter name
+//                                 (default /ralph/claude-oauth-credential)
+//
+// Region is forced to eu-central-1. The credential is never echoed, logged,
+// or placed on any process's argv.
+//
+// Exit codes (matching bin/sync-credential.sh + lib/credential-syncer.sh):
+//   0   success
+//   2   usage error
+//   3   Keychain entry missing, empty, or not JSON
+//   4   AWS credentials not configured
+//   1   any other failure
+import { defaultAwsClients } from "../lib/aws-clients.js";
+import { CredentialSyncerError, DEFAULTS, moduleErr, syncCredential, } from "../lib/credential-syncer.js";
+async function main() {
+    const args = process.argv.slice(2);
+    if (args.length > 1) {
+        process.stderr.write(moduleErr("usage: ralph-sync-credential [<ssm-key>]") + "\n");
+        process.exit(2);
+    }
+    const ssmKey = args[0] ?? process.env.RALPH_CLAUDE_OAUTH_SSM_KEY ?? DEFAULTS.ssmKey;
+    const clients = defaultAwsClients();
+    await syncCredential({ clients, ssmKey });
+}
+main().catch((err) => {
+    if (err instanceof CredentialSyncerError) {
+        process.stderr.write(`${err.message}\n`);
+        process.exit(err.code);
+    }
+    const msg = err instanceof Error ? err.message : String(err);
+    process.stderr.write(`${msg}\n`);
+    process.exit(1);
+});
+//# sourceMappingURL=ralph-sync-credential.js.map

package/dist/bin/ralph-sync-credential.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ralph-sync-credential.js","sourceRoot":"","sources":["../../src/bin/ralph-sync-credential.ts"],"names":[],"mappings":";AACA,EAAE;AACF,+EAA+E;AAC/E,6EAA6E;AAC7E,gFAAgF;AAChF,EAAE;AACF,SAAS;AACT,sCAAsC;AACtC,EAAE;AACF,kBAAkB;AAClB,qDAAqD;AACrD,2EAA2E;AAC3E,EAAE;AACF,4EAA4E;AAC5E,mCAAmC;AACnC,EAAE;AACF,2EAA2E;AAC3E,gBAAgB;AAChB,oBAAoB;AACpB,mDAAmD;AACnD,uCAAuC;AACvC,0BAA0B;AAE1B,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EACL,qBAAqB,EACrB,QAAQ,EACR,SAAS,EACT,cAAc,GACf,MAAM,6BAA6B,CAAC;AAErC,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,SAAS,CAAC,0CAA0C,CAAC,GAAG,IAAI,CAC7D,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,MAAM,GACV,IAAI,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,QAAQ,CAAC,MAAM,CAAC;IAEvE,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;IACpC,MAAM,cAAc,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;AAC5C,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,IAAI,GAAG,YAAY,qBAAqB,EAAE,CAAC;QACzC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACzB,CAAC;IACD,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC7D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;IACjC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/bin/ralph-sync-github-pat.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=ralph-sync-github-pat.d.ts.map

package/dist/bin/ralph-sync-github-pat.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ralph-sync-github-pat.d.ts","sourceRoot":"","sources":["../../src/bin/ralph-sync-github-pat.ts"],"names":[],"mappings":""}

package/dist/bin/ralph-sync-github-pat.js

@@ -0,0 +1,93 @@
+#!/usr/bin/env node
+//
+// ralph-sync-github-pat — write a GitHub PAT into the SSM SecureString that
+// the EC2 worker reads at launch. Net-new in slice 4 (the iteration-1 fire
+// path bootstrapped a placeholder via aws-bootstrap and the operator
+// overwrote it manually with `aws ssm put-parameter`).
+//
+// Usage:
+//   echo $TOKEN | ralph-sync-github-pat
+//   ralph-sync-github-pat < ./token.txt
+//
+// The token must be supplied on stdin. We deliberately do NOT accept the
+// token on argv (it would land in shell history + ps output). We also do
+// not read from a $RALPH_GITHUB_PAT env var — env vars on macOS leak into
+// process listings.
+//
+// Reads from env:
+//   RALPH_GITHUB_TOKEN_SSM_KEY    SSM parameter name
+//                                 (default /ralph/github-pat)
+//
+// Region is forced to eu-central-1.
+//
+// Exit codes:
+//   0   success
+//   2   usage error (no stdin / empty input / argv given)
+//   4   AWS credentials not configured
+//   1   any other failure
+import { PutParameterCommand } from "@aws-sdk/client-ssm";
+import { GetCallerIdentityCommand } from "@aws-sdk/client-sts";
+import { AWS_REGION, defaultAwsClients } from "../lib/aws-clients.js";
+const MODULE_PREFIX = "github-pat-syncer";
+const DEFAULT_SSM_KEY = "/ralph/github-pat";
+const DEFAULT_KMS_ALIAS = "alias/ralph";
+function moduleErr(message) {
+    return `${MODULE_PREFIX}: error: ${message}`;
+}
+function moduleInfo(message) {
+    return `${MODULE_PREFIX}: ${message}`;
+}
+async function readStdin() {
+    const chunks = [];
+    for await (const chunk of process.stdin) {
+        chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+    }
+    return Buffer.concat(chunks).toString("utf8");
+}
+async function main() {
+    const args = process.argv.slice(2);
+    if (args.length > 0) {
+        process.stderr.write(moduleErr("this CLI takes no arguments — pass the token on stdin (echo $TOKEN | ralph-sync-github-pat)") + "\n");
+        process.exit(2);
+    }
+    if (process.stdin.isTTY) {
+        process.stderr.write(moduleErr("no stdin attached. Pipe the token in: 'echo $TOKEN | ralph-sync-github-pat' (or redirect from a file).") + "\n");
+        process.exit(2);
+    }
+    const ssmKey = process.env.RALPH_GITHUB_TOKEN_SSM_KEY || DEFAULT_SSM_KEY;
+    const kmsAlias = DEFAULT_KMS_ALIAS;
+    const raw = await readStdin();
+    // Strip exactly one trailing newline (added by `echo`/`cat`); preserve
+    // whitespace inside the token. If the operator typed multiple lines we
+    // keep them — the SDK will reject anything that isn't a valid GitHub PAT
+    // when it's actually used downstream.
+    const token = raw.endsWith("\n") ? raw.slice(0, -1) : raw;
+    if (token.length === 0) {
+        process.stderr.write(moduleErr("stdin was empty.") + "\n");
+        process.exit(2);
+    }
+    const clients = defaultAwsClients();
+    try {
+        await clients.sts.send(new GetCallerIdentityCommand({}));
+    }
+    catch (err) {
+        const detail = err instanceof Error ? err.message : String(err);
+        process.stderr.write(moduleErr(`AWS credentials not configured. Run 'aws configure' or set AWS_PROFILE. (${detail})`) + "\n");
+        process.exit(4);
+    }
+    process.stdout.write(moduleInfo(`uploading PAT to ${ssmKey} (region=${AWS_REGION}, kms=${kmsAlias})`) + "\n");
+    await clients.ssm.send(new PutParameterCommand({
+        Name: ssmKey,
+        Type: "SecureString",
+        KeyId: kmsAlias,
+        Value: token,
+        Overwrite: true,
+    }));
+    process.stdout.write(moduleInfo(`uploaded PAT to ${ssmKey}`) + "\n");
+}
+main().catch((err) => {
+    const msg = err instanceof Error ? err.message : String(err);
+    process.stderr.write(`${msg}\n`);
+    process.exit(1);
+});
+//# sourceMappingURL=ralph-sync-github-pat.js.map

package/dist/bin/ralph-sync-github-pat.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ralph-sync-github-pat.js","sourceRoot":"","sources":["../../src/bin/ralph-sync-github-pat.ts"],"names":[],"mappings":";AACA,EAAE;AACF,4EAA4E;AAC5E,2EAA2E;AAC3E,qEAAqE;AACrE,uDAAuD;AACvD,EAAE;AACF,SAAS;AACT,wCAAwC;AACxC,wCAAwC;AACxC,EAAE;AACF,yEAAyE;AACzE,yEAAyE;AACzE,0EAA0E;AAC1E,oBAAoB;AACpB,EAAE;AACF,kBAAkB;AAClB,qDAAqD;AACrD,8DAA8D;AAC9D,EAAE;AACF,oCAAoC;AACpC,EAAE;AACF,cAAc;AACd,gBAAgB;AAChB,0DAA0D;AAC1D,uCAAuC;AACvC,0BAA0B;AAE1B,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,wBAAwB,EAAE,MAAM,qBAAqB,CAAC;AAE/D,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAEtE,MAAM,aAAa,GAAG,mBAAmB,CAAC;AAC1C,MAAM,eAAe,GAAG,mBAAmB,CAAC;AAC5C,MAAM,iBAAiB,GAAG,aAAa,CAAC;AAExC,SAAS,SAAS,CAAC,OAAe;IAChC,OAAO,GAAG,aAAa,YAAY,OAAO,EAAE,CAAC;AAC/C,CAAC;AAED,SAAS,UAAU,CAAC,OAAe;IACjC,OAAO,GAAG,aAAa,KAAK,OAAO,EAAE,CAAC;AACxC,CAAC;AAED,KAAK,UAAU,SAAS;IACtB,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IACnE,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAChD,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,SAAS,CACP,6FAA6F,CAC9F,GAAG,IAAI,CACT,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,SAAS,CACP,wGAAwG,CACzG,GAAG,IAAI,CACT,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GACV,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,eAAe,CAAC;IAC5D,MAAM,QAAQ,GAAG,iBAAiB,CAAC;IAEnC,MAAM,GAAG,GAAG,MAAM,SAAS,EAAE,CAAC;IAC9B,uEAAuE;IACvE,uEAAuE;IACvE,yEAAyE;IACzE,sCAAsC;IACtC,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAC1D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC;QAC3D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;IAEpC,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,wBAAwB,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,SAAS,CACP,4EAA4E,MAAM,GAAG,CACtF,GAAG,IAAI,CACT,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,UAAU,CACR,oBAAoB,MAAM,YAAY,UAAU,SAAS,QAAQ,GAAG,CACrE,GAAG,IAAI,CACT,CAAC;IAEF,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CACpB,IAAI,mBAAmB,CAAC;QACtB,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,KAAK;QACZ,SAAS,EAAE,IAAI;KAChB,CAAC,CACH,CAAC;IAEF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,mBAAmB,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;AACvE,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC7D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;IACjC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/bin/ralph-tail-logs.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=ralph-tail-logs.d.ts.map

package/dist/bin/ralph-tail-logs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ralph-tail-logs.d.ts","sourceRoot":"","sources":["../../src/bin/ralph-tail-logs.ts"],"names":[],"mappings":""}

package/dist/bin/ralph-tail-logs.js

@@ -0,0 +1,72 @@
+#!/usr/bin/env node
+//
+// ralph-tail-logs — tail the per-instance CloudWatch streams for one (or
+// all) running ralph-harness EC2 worker(s). Net-new in slice 4 (iteration 1
+// documented `aws logs tail …` as a one-liner).
+//
+// Usage:
+//   ralph-tail-logs                       # tail every stream in /ralph/main
+//   ralph-tail-logs <instance-id>         # tail just one stream (i-...)
+//   ralph-tail-logs --since 30m           # forwarded to `aws logs tail`
+//   ralph-tail-logs --no-follow ...       # forwarded to `aws logs tail`
+//
+// Implementation: this is a thin pass-through to `aws logs tail` (CLI v2).
+// The CLI is the only AWS tool that ships a usable interactive tailer; the
+// SDK's StartLiveTail API requires extra IAM perms most operators don't
+// have. Forwarding keeps the operator UX identical.
+//
+// Reads from env:
+//   RALPH_LOG_GROUP    log group to tail (default /ralph/main)
+//
+// Region is forced to eu-central-1 via the --region flag passed to aws.
+//
+// Exit codes:
+//   0   aws exited 0
+//   2   usage error
+//   propagated   any non-zero exit from the underlying `aws` CLI
+import { spawnSync } from "node:child_process";
+import { AWS_REGION } from "../lib/aws-clients.js";
+const MODULE_PREFIX = "ralph-tail-logs";
+const DEFAULT_LOG_GROUP = "/ralph/main";
+function moduleErr(message) {
+    return `${MODULE_PREFIX}: error: ${message}`;
+}
+function main() {
+    const argv = process.argv.slice(2);
+    if (argv[0] === "-h" || argv[0] === "--help") {
+        process.stdout.write(`usage: ralph-tail-logs [<instance-id>] [extra args forwarded to 'aws logs tail']\n` +
+            `\n` +
+            `Tails the per-instance CloudWatch stream(s) for ralph-harness EC2 workers.\n` +
+            `Without an instance id, tails every stream in the log group.\n` +
+            `\n` +
+            `env:\n` +
+            `  RALPH_LOG_GROUP    log group to tail (default ${DEFAULT_LOG_GROUP})\n`);
+        process.exit(0);
+    }
+    const logGroup = process.env.RALPH_LOG_GROUP || DEFAULT_LOG_GROUP;
+    // First positional argument that looks like an EC2 instance id is treated
+    // as the stream filter; everything else is forwarded to `aws logs tail`.
+    // (aws logs tail accepts `--log-stream-names <name>` for stream selection.)
+    const passthrough = [];
+    let instanceId;
+    for (const a of argv) {
+        if (!instanceId && /^i-[0-9a-f]+$/i.test(a)) {
+            instanceId = a;
+            continue;
+        }
+        passthrough.push(a);
+    }
+    const args = ["--region", AWS_REGION, "logs", "tail", logGroup, "--follow"];
+    if (instanceId) {
+        args.push("--log-stream-names", instanceId);
+    }
+    args.push(...passthrough);
+    const r = spawnSync("aws", args, { stdio: "inherit" });
+    if (r.error) {
+        process.stderr.write(moduleErr(`failed to spawn aws: ${r.error.message}`) + "\n");
+        process.exit(1);
+    }
+    process.exit(r.status ?? 1);
+}
+main();
+//# sourceMappingURL=ralph-tail-logs.js.map

package/dist/bin/ralph-tail-logs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ralph-tail-logs.js","sourceRoot":"","sources":["../../src/bin/ralph-tail-logs.ts"],"names":[],"mappings":";AACA,EAAE;AACF,yEAAyE;AACzE,4EAA4E;AAC5E,gDAAgD;AAChD,EAAE;AACF,SAAS;AACT,6EAA6E;AAC7E,yEAAyE;AACzE,yEAAyE;AACzE,yEAAyE;AACzE,EAAE;AACF,2EAA2E;AAC3E,2EAA2E;AAC3E,wEAAwE;AACxE,oDAAoD;AACpD,EAAE;AACF,kBAAkB;AAClB,+DAA+D;AAC/D,EAAE;AACF,wEAAwE;AACxE,EAAE;AACF,cAAc;AACd,qBAAqB;AACrB,oBAAoB;AACpB,iEAAiE;AAEjE,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAEnD,MAAM,aAAa,GAAG,iBAAiB,CAAC;AACxC,MAAM,iBAAiB,GAAG,aAAa,CAAC;AAExC,SAAS,SAAS,CAAC,OAAe;IAChC,OAAO,GAAG,aAAa,YAAY,OAAO,EAAE,CAAC;AAC/C,CAAC;AAED,SAAS,IAAI;IACX,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,oFAAoF;YAClF,IAAI;YACJ,8EAA8E;YAC9E,gEAAgE;YAChE,IAAI;YACJ,QAAQ;YACR,mDAAmD,iBAAiB,KAAK,CAC5E,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,iBAAiB,CAAC;IAElE,0EAA0E;IAC1E,yEAAyE;IACzE,4EAA4E;IAC5E,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,IAAI,UAA8B,CAAC;IACnC,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,IAAI,CAAC,UAAU,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5C,UAAU,GAAG,CAAC,CAAC;YACf,SAAS;QACX,CAAC;QACD,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC5E,IAAI,UAAU,EAAE,CAAC;QACf,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,UAAU,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;IAE1B,MAAM,CAAC,GAAG,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;IACvD,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,SAAS,CAAC,wBAAwB,CAAC,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,GAAG,IAAI,CAC5D,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC;AAC9B,CAAC;AAED,IAAI,EAAE,CAAC"}

package/dist/bin/ralph-validate-config.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=ralph-validate-config.d.ts.map

package/dist/bin/ralph-validate-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ralph-validate-config.d.ts","sourceRoot":"","sources":["../../src/bin/ralph-validate-config.ts"],"names":[],"mappings":""}

package/dist/bin/ralph-validate-config.js

@@ -0,0 +1,41 @@
+#!/usr/bin/env node
+import { readFileSync } from "node:fs";
+import { ValidateError, moduleErr, validate, } from "../lib/target-config-schema.js";
+const args = process.argv.slice(2);
+if (args.length === 0) {
+    process.stderr.write(moduleErr("usage: ralph-validate-config <path-to-config.yaml>") + "\n");
+    process.exit(2);
+}
+const path = args[0];
+let yamlString;
+try {
+    yamlString = readFileSync(path, "utf8");
+}
+catch (err) {
+    const code = err.code;
+    if (code === "ENOENT") {
+        process.stderr.write(moduleErr(`config file not found: ${path}`) + "\n");
+        process.exit(2);
+    }
+    const detail = err instanceof Error ? err.message : String(err);
+    process.stderr.write(moduleErr(`could not read ${path}: ${detail}`) + "\n");
+    process.exit(2);
+}
+try {
+    validate(yamlString);
+}
+catch (err) {
+    if (err instanceof ValidateError) {
+        const msg = err.code === 3
+            ? err.message.replace(/^malformed yaml/, `malformed yaml in ${path}`)
+            : err.message;
+        process.stderr.write(moduleErr(msg) + "\n");
+        process.exit(err.code);
+    }
+    const detail = err instanceof Error ? err.message : String(err);
+    process.stderr.write(moduleErr(`unexpected error: ${detail}`) + "\n");
+    process.exit(6);
+}
+process.stdout.write(`ok: ${path} is a valid .ralph/config.yaml\n`);
+process.exit(0);
+//# sourceMappingURL=ralph-validate-config.js.map

package/dist/bin/ralph-validate-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ralph-validate-config.js","sourceRoot":"","sources":["../../src/bin/ralph-validate-config.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EACL,aAAa,EACb,SAAS,EACT,QAAQ,GACT,MAAM,gCAAgC,CAAC;AAExC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AAEnC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;IACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,SAAS,CAAC,oDAAoD,CAAC,GAAG,IAAI,CACvE,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAE,CAAC;AAEtB,IAAI,UAAkB,CAAC;AACvB,IAAI,CAAC;IACH,UAAU,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AAC1C,CAAC;AAAC,OAAO,GAAG,EAAE,CAAC;IACb,MAAM,IAAI,GAAI,GAA6B,CAAC,IAAI,CAAC;IACjD,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,0BAA0B,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;QACzE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAChE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,kBAAkB,IAAI,KAAK,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;IAC5E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,IAAI,CAAC;IACH,QAAQ,CAAC,UAAU,CAAC,CAAC;AACvB,CAAC;AAAC,OAAO,GAAG,EAAE,CAAC;IACb,IAAI,GAAG,YAAY,aAAa,EAAE,CAAC;QACjC,MAAM,GAAG,GACP,GAAG,CAAC,IAAI,KAAK,CAAC;YACZ,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CACjB,iBAAiB,EACjB,qBAAqB,IAAI,EAAE,CAC5B;YACH,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC;QAClB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;QAC5C,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACzB,CAAC;IACD,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAChE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,qBAAqB,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;IACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,kCAAkC,CAAC,CAAC;AACpE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC"}

package/dist/lib/aws-bootstrap.d.ts

@@ -0,0 +1,53 @@
+import { type AwsClients } from "./aws-clients.js";
+export declare const MODULE_PREFIX = "aws-bootstrap";
+export declare const DEFAULTS: {
+    readonly region: "eu-central-1";
+    readonly kmsAlias: "alias/ralph";
+    readonly iamRole: "ralph-ec2-role";
+    readonly iamProfile: "ralph-ec2-profile";
+    readonly sgName: "ralph-sg";
+    readonly agentStuckLabel: "agent-stuck";
+    readonly agentStuckColor: "d73a4a";
+    readonly githubKey: "/ralph/github-pat";
+    readonly oauthKey: "/ralph/claude-oauth-credential";
+    readonly logGroup: "/ralph/main";
+};
+export declare function moduleErr(message: string): string;
+export declare function moduleInfo(message: string): string;
+export type Logger = (line: string) => void;
+export declare function ensureKmsAlias(clients: AwsClients, alias: string, info?: Logger): Promise<void>;
+export declare function ensureSsmSecureString(clients: AwsClients, name: string, description: string, kmsAlias: string, info?: Logger): Promise<void>;
+interface PolicyDoc {
+    Version: string;
+    Statement: PolicyStatement[];
+}
+interface PolicyStatement {
+    Sid: string;
+    Effect: "Allow" | "Deny";
+    Action: string[];
+    Resource: string[] | string;
+    Condition?: unknown;
+}
+export declare function buildInlinePolicy(account: string, githubKey: string, oauthKey: string, logGroup: string, kmsAlias: string, region?: string): PolicyDoc;
+export declare function canonicalJson(value: unknown): string;
+export declare function ensureIamRoleAndProfile(clients: AwsClients, role: string, profile: string, githubKey: string, oauthKey: string, logGroup: string, kmsAlias: string, info?: Logger, region?: string): Promise<void>;
+export declare function ensureSecurityGroup(clients: AwsClients, name: string, description: string, info?: Logger, region?: string): Promise<void>;
+export declare function ensureLogGroup(clients: AwsClients, name: string, info?: Logger): Promise<void>;
+export declare function ensureAgentStuckLabel(repo: string, label: string, info?: Logger, color?: string): void;
+export interface RunAllOptions {
+    clients: AwsClients;
+    repo: string;
+    githubKey?: string;
+    oauthKey?: string;
+    logGroup?: string;
+    kmsAlias?: string;
+    iamRole?: string;
+    iamProfile?: string;
+    sgName?: string;
+    agentStuckLabel?: string;
+    region?: string;
+    info?: Logger;
+}
+export declare function runAll(opts: RunAllOptions): Promise<void>;
+export {};
+//# sourceMappingURL=aws-bootstrap.d.ts.map

package/dist/lib/aws-bootstrap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws-bootstrap.d.ts","sourceRoot":"","sources":["../../src/lib/aws-bootstrap.ts"],"names":[],"mappings":"AAqDA,OAAO,EAAc,KAAK,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAG/D,eAAO,MAAM,aAAa,kBAAkB,CAAC;AAE7C,eAAO,MAAM,QAAQ;;;;;;;;;;;CAWX,CAAC;AAEX,wBAAgB,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEjD;AAED,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAElD;AAED,MAAM,MAAM,MAAM,GAAG,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;AAS5C,wBAAsB,cAAc,CAClC,OAAO,EAAE,UAAU,EACnB,KAAK,EAAE,MAAM,EACb,IAAI,GAAE,MAAoB,GACzB,OAAO,CAAC,IAAI,CAAC,CAwBf;AASD,wBAAsB,qBAAqB,CACzC,OAAO,EAAE,UAAU,EACnB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,EAChB,IAAI,GAAE,MAAoB,GACzB,OAAO,CAAC,IAAI,CAAC,CAiCf;AAID,UAAU,SAAS;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,eAAe,EAAE,CAAC;CAC9B;AAED,UAAU,eAAe;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,OAAO,GAAG,MAAM,CAAC;IACzB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IAC5B,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AA+BD,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,MAAM,GAAE,MAAwB,GAC/B,SAAS,CAkCX;AAID,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAEpD;AAsBD,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,UAAU,EACnB,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,IAAI,GAAE,MAAoB,EAC1B,MAAM,GAAE,MAAwB,GAC/B,OAAO,CAAC,IAAI,CAAC,CA4If;AAOD,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,UAAU,EACnB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,IAAI,GAAE,MAAoB,EAC1B,MAAM,GAAE,MAAwB,GAC/B,OAAO,CAAC,IAAI,CAAC,CAyCf;AAKD,wBAAsB,cAAc,CAClC,OAAO,EAAE,UAAU,EACnB,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE,MAAoB,GACzB,OAAO,CAAC,IAAI,CAAC,CAWf;AAMD,wBAAgB,qBAAqB,CACnC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,IAAI,GAAE,MAAoB,EAC1B,KAAK,GAAE,MAAiC,GACvC,IAAI,CAwCN;AAID,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,UAAU,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAGD,wBAAsB,MAAM,CAAC,IAAI,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CA0D/D"}