@vibesdotdev/infra-doks 0.0.1

package/src/doks.plugin.ts

@@ -0,0 +1,401 @@
+/**
+ * DOKS Runtime Plugin
+ *
+ * Registers DigitalOcean Kubernetes infrastructure implementations with the runtime.
+ */
+
+import { createRuntimePlugin, createRuntimeImplementation, createRuntimeAsset } from '@vibesdotdev/runtime';
+import {
+	generateK8sDeployment,
+	DoksDeploymentDescriptorSchema,
+	type DoksDeploymentDescriptorInput
+} from './implementations/deployment.impl';
+import type { K8sDeployment } from './types.ts';
+import { stringify } from 'yaml';
+import { resolve } from 'node:path';
+import {
+	generateK8sStatefulSet,
+	DoksQueueDescriptorSchema,
+	DoksDatabaseDescriptorSchema,
+	type DoksQueueDescriptorInput,
+	type DoksDatabaseDescriptorInput
+} from './implementations/statefulset.impl';
+import {
+	generateDOManagedDB,
+	DOManagedPostgresDescriptorSchema,
+	type DOManagedPostgresDescriptorInput
+} from './implementations/managed-db.impl';
+import {
+	generateDOManagedRedis,
+	DOManagedRedisDescriptorSchema,
+	type DOManagedRedisDescriptorInput
+} from './implementations/managed-redis.impl';
+import {
+	generateDOSpaces,
+	DOSpacesDescriptorSchema,
+	type DOSpacesDescriptorInput
+} from './implementations/spaces.impl';
+import {
+	generateGiteaManifest,
+	GiteaDoksDescriptorSchema,
+	type GiteaDoksDescriptorInput
+} from './implementations/gitea.impl';
+import {
+	generateVerdaccioManifest,
+	VerdaccioDoksDescriptorSchema,
+	type VerdaccioDoksDescriptorInput
+} from './implementations/verdaccio.impl';
+import { createDoDropletImpl } from './implementations/droplet.impl';
+
+// Factory functions that wrap implementation generators in RuntimeImplementation
+
+function createDeploymentImpl(input: DoksDeploymentDescriptorInput) {
+	const descriptor = DoksDeploymentDescriptorSchema.parse(input);
+	return createRuntimeImplementation({
+		id: 'doks-deployment',
+		kind: 'infra/worker',
+		priority: 20,
+		implementation: {
+			generateConfig: () => generateK8sDeployment(descriptor)
+		}
+	});
+}
+
+function createQueueStatefulSetImpl(input: DoksQueueDescriptorInput) {
+	const descriptor = DoksQueueDescriptorSchema.parse(input);
+	return createRuntimeImplementation({
+		id: 'doks-statefulset',
+		kind: 'infra/queue',
+		priority: 20,
+		implementation: {
+			generateConfig: () => generateK8sStatefulSet(descriptor)
+		}
+	});
+}
+
+function createDatabaseStatefulSetImpl(input: DoksDatabaseDescriptorInput) {
+	const descriptor = DoksDatabaseDescriptorSchema.parse(input);
+	return createRuntimeImplementation({
+		id: 'doks-statefulset',
+		kind: 'infra/database',
+		priority: 20,
+		implementation: {
+			generateConfig: () => generateK8sStatefulSet(descriptor)
+		}
+	});
+}
+
+function createManagedPostgresImpl(input: DOManagedPostgresDescriptorInput) {
+	const descriptor = DOManagedPostgresDescriptorSchema.parse(input);
+	return createRuntimeImplementation({
+		id: 'do-managed-postgres',
+		kind: 'infra/database',
+		priority: 30,
+		implementation: {
+			generateConfig: () => generateDOManagedDB(descriptor)
+		}
+	});
+}
+
+function createManagedRedisImpl(input: DOManagedRedisDescriptorInput) {
+	const descriptor = DOManagedRedisDescriptorSchema.parse(input);
+	return createRuntimeImplementation({
+		id: 'do-managed-redis',
+		kind: 'infra/cache',
+		priority: 20,
+		implementation: {
+			generateConfig: () => generateDOManagedRedis(descriptor)
+		}
+	});
+}
+
+function createSpacesImpl(input: DOSpacesDescriptorInput) {
+	const descriptor = DOSpacesDescriptorSchema.parse(input);
+	return createRuntimeImplementation({
+		id: 'do-spaces',
+		kind: 'infra/object-storage',
+		priority: 20,
+		implementation: {
+			generateConfig: () => generateDOSpaces(descriptor)
+		}
+	});
+}
+
+function createGiteaImpl(input: GiteaDoksDescriptorInput) {
+	const descriptor = GiteaDoksDescriptorSchema.parse(input);
+	return createRuntimeImplementation({
+		id: 'gitea-doks',
+		kind: 'infra/git-hosting',
+		priority: 20,
+		implementation: {
+			generateConfig: () => generateGiteaManifest(descriptor)
+		}
+	});
+}
+
+function createVerdaccioImpl(input: VerdaccioDoksDescriptorInput) {
+	const descriptor = VerdaccioDoksDescriptorSchema.parse(input);
+	return createRuntimeImplementation({
+		id: 'verdaccio-doks',
+		kind: 'infra/package-registry',
+		priority: 20,
+		implementation: {
+			generateConfig: () => generateVerdaccioManifest(descriptor)
+		}
+	});
+}
+
+export {
+	createDeploymentImpl,
+	createQueueStatefulSetImpl,
+	createDatabaseStatefulSetImpl,
+	createManagedPostgresImpl,
+	createManagedRedisImpl,
+	createSpacesImpl,
+	createGiteaImpl,
+	createVerdaccioImpl
+};
+
+export default createRuntimePlugin({
+	id: 'infra-doks',
+	name: 'DigitalOcean Kubernetes Infrastructure',
+	dependencies: ['infra'],
+
+	onActivate: async (runtime) => {
+		// infra/worker: DOKS Deployment
+		runtime.registerLoader(
+			'infra/worker',
+			'doks-deployment',
+			async () => {
+				return createDeploymentImpl({
+					kind: 'infra/worker',
+					id: 'default-worker',
+					entrypoint: 'src/worker.ts',
+					queues: [],
+					concurrency: 1,
+					config: {
+						adapter: 'doks-deployment'
+					}
+				});
+			},
+			{ priority: 20, origin: 'infra-doks' }
+		);
+
+		// infra/queue: DOKS StatefulSet for Kafka/Redpanda
+		runtime.registerLoader(
+			'infra/queue',
+			'doks-statefulset',
+			async () => {
+				return createQueueStatefulSetImpl({
+					kind: 'infra/queue',
+					id: 'default-queue',
+					engine: 'kafka',
+					config: {
+						adapter: 'doks-statefulset'
+					}
+				});
+			},
+			{ priority: 20, origin: 'infra-doks' }
+		);
+
+		// infra/database: DOKS StatefulSet for self-hosted Postgres
+		runtime.registerLoader(
+			'infra/database',
+			'doks-statefulset',
+			async () => {
+				return createDatabaseStatefulSetImpl({
+					kind: 'infra/database',
+					id: 'default-db',
+					engine: 'postgres',
+					replicas: 0,
+					config: {
+						adapter: 'doks-statefulset'
+					}
+				});
+			},
+			{ priority: 20, origin: 'infra-doks' }
+		);
+
+		// infra/database: DO Managed Postgres (higher priority than StatefulSet)
+		runtime.registerLoader(
+			'infra/database',
+			'do-managed-postgres',
+			async () => {
+				return createManagedPostgresImpl({
+					kind: 'infra/database',
+					id: 'default-managed-db',
+					engine: 'postgres',
+					replicas: 0,
+					config: {
+						adapter: 'do-managed-postgres'
+					}
+				});
+			},
+			{ priority: 30, origin: 'infra-doks' }
+		);
+
+		// infra/cache: DO Managed Redis
+		runtime.registerLoader(
+			'infra/cache',
+			'do-managed-redis',
+			async () => {
+				return createManagedRedisImpl({
+					kind: 'infra/cache',
+					id: 'default-redis',
+					engine: 'redis',
+					config: {
+						adapter: 'do-managed-redis'
+					}
+				});
+			},
+			{ priority: 20, origin: 'infra-doks' }
+		);
+
+		// infra/object-storage: DO Spaces
+		runtime.registerLoader(
+			'infra/object-storage',
+			'do-spaces',
+			async () => {
+				return createSpacesImpl({
+					kind: 'infra/object-storage',
+					id: 'default-spaces',
+					publicAccess: false,
+					config: {
+						adapter: 'do-spaces'
+					}
+				});
+			},
+			{ priority: 20, origin: 'infra-doks' }
+		);
+
+		// infra/git-hosting: Gitea on DOKS
+		runtime.registerLoader(
+			'infra/git-hosting',
+			'gitea-doks',
+			async () => {
+				return createGiteaImpl({
+					kind: 'infra/git-hosting',
+					id: 'gitea',
+					url: 'https://git.vibes.dev',
+					hostname: 'git.vibes.dev',
+					type: 'gitea',
+					storagePath: '/data',
+					authMethod: 'token',
+					ssl: true,
+					config: {
+						adapter: 'gitea-doks',
+						dropletSize: 's-2vcpu-2gb',
+						dockerImage: 'gitea/gitea:1.21',
+						volumeSizeGb: 50,
+						domain: 'git.vibes.dev',
+						sshPort: 22,
+						httpPort: 3000
+					}
+				});
+			},
+			{ priority: 20, origin: 'infra-doks' }
+		);
+
+		// infra/sandbox: DigitalOcean droplet provisioner
+		runtime.registerLoader(
+			'infra/sandbox',
+			'digitalocean-droplet',
+			async () =>
+				createRuntimeImplementation({
+					id: 'digitalocean-droplet',
+					kind: 'infra/sandbox',
+					priority: 20,
+					implementation: createDoDropletImpl()
+				}),
+			{ priority: 20, origin: 'infra-doks' }
+		);
+
+		// infra/package-registry: Verdaccio on DOKS
+		runtime.registerLoader(
+			'infra/package-registry',
+			'verdaccio-doks',
+			async () => {
+				return createVerdaccioImpl({
+					kind: 'infra/package-registry',
+					id: 'verdaccio',
+					url: 'https://packages.vibes.dev',
+					registryType: 'npm',
+					scope: '@vibesdotdev',
+					upstreamUrl: 'https://registry.npmjs.org',
+					authRequired: true,
+					ssl: true,
+					config: {
+						adapter: 'verdaccio-doks',
+						dockerImage: 'verdaccio/verdaccio:5',
+						storageSize: '10Gi',
+						domain: 'packages.vibes.dev',
+						upstreamNpmUrl: 'https://registry.npmjs.org',
+						authEnabled: true
+					}
+				});
+			},
+			{ priority: 20, origin: 'infra-doks' }
+		);
+
+		// Canonical DigitalOcean App Platform Deploy client (`runtime/client` kind).
+		// Consumers resolve via `getDigitalOceanAppDeployClient()` or
+		// `getVibesClient<DigitalOceanAppDeployClient>('digitalocean-app-deploy')`.
+		runtime.registerDescriptor('runtime/client', {
+			id: 'digitalocean-app-deploy',
+			kind: 'runtime/client',
+			description:
+				'DigitalOcean App Platform deploy client — creates/updates DO Apps from AppDeployment manifests.'
+		});
+		runtime.registerLoader('runtime/client', 'digitalocean-app-deploy', async () => {
+			const { DigitalOceanAppDeployClient } = await import(
+				'./client/digitalocean-app-deploy.client'
+			);
+			return { impl: DigitalOceanAppDeployClient };
+		});
+
+		// infra/artifact: K8s Deployment generator
+		runtime.registerDescriptor('infra/artifact', {
+			id: 'k8s-deployment',
+			kind: 'infra/artifact',
+			description: 'Generates Kubernetes Deployment YAML from infra/worker descriptors'
+		});
+		runtime.registerLoader('infra/artifact', 'k8s-deployment', async () => {
+			return createRuntimeImplementation({
+				id: 'k8s-deployment',
+				kind: 'infra/artifact',
+				priority: 20,
+				implementation: {
+					async generate(context?: any) {
+						const resources = context?.resources || [];
+						const outputDir = context?.outputDir || './infra/generated';
+						const workerDescriptors = resources.filter((r: any) => r.kind === 'infra/worker');
+
+						if (workerDescriptors.length === 0) {
+							return {
+								content: '# No infra/worker descriptors found\n',
+								filename: 'k8s-deployment.yaml',
+								path: resolve(outputDir, 'kubernetes', 'k8s-deployment.yaml'),
+								metadata: { sourceKind: 'infra/worker', format: 'yaml', generator: 'k8s-deployment' }
+							};
+						}
+
+						const artifacts: string[] = [];
+						for (const descriptor of workerDescriptors) {
+							const parsed = DoksDeploymentDescriptorSchema.parse(descriptor);
+							const deployment: K8sDeployment = generateK8sDeployment(parsed);
+							const yamlContent = stringify(deployment);
+							artifacts.push(`---\n# Resource: ${descriptor.id}\n${yamlContent}`);
+						}
+
+						return {
+							content: artifacts.join('\n'),
+							filename: 'k8s-deployment.yaml',
+							path: resolve(outputDir, 'kubernetes', 'k8s-deployment.yaml'),
+							metadata: { sourceKind: 'infra/worker', format: 'yaml', generator: 'k8s-deployment' }
+						};
+					}
+				}
+			});
+		});
+	}
+});

package/src/implementations/deployment.impl.ts

@@ -0,0 +1,93 @@
+/**
+ * Implementation: infra/worker -> kubernetes (doks-deployment)
+ *
+ * Generates a K8s Deployment manifest for worker descriptors.
+ */
+
+import * as z from 'zod/v4';
+import { DoksDeploymentWorkerConfigSchema } from '@vibesdotdev/infra-core/kinds';
+import type { K8sDeployment } from '../types.ts';
+
+export const DoksDeploymentDescriptorSchema = z.object({
+	kind: z.literal('infra/worker'),
+	id: z.string().min(1),
+	name: z.string().optional(),
+	description: z.string().optional(),
+	/** Path to worker entrypoint */
+	entrypoint: z.string().min(1),
+	/** Queue names to consume from */
+	queues: z.array(z.string().min(1)).default([]),
+	/** Worker concurrency */
+	concurrency: z.number().int().positive().default(1),
+	/** Scaling configuration */
+	scaling: z
+		.object({
+			min: z.number().int().nonnegative().default(1),
+			max: z.number().int().positive().default(1),
+			cpu: z.string().optional(),
+			memory: z.string().optional()
+		})
+		.optional(),
+	config: DoksDeploymentWorkerConfigSchema.extend({
+		adapter: z.literal('doks-deployment')
+	})
+});
+
+export type DoksDeploymentDescriptorInput = z.input<typeof DoksDeploymentDescriptorSchema>;
+export type DoksDeploymentDescriptor = z.infer<typeof DoksDeploymentDescriptorSchema>;
+
+export function generateK8sDeployment(descriptor: DoksDeploymentDescriptor): K8sDeployment {
+	const parsed = DoksDeploymentDescriptorSchema.parse(descriptor);
+	const ns = parsed.config?.namespace ?? 'vibes';
+	const image = parsed.config?.image ?? `vibes/${parsed.id}:latest`;
+	const healthPort = parsed.config?.healthPort ?? 8080;
+	const healthPath = parsed.config?.healthPath ?? '/healthz';
+	const readyPath = parsed.config?.readyPath ?? '/readyz';
+
+	return {
+		apiVersion: 'apps/v1',
+		kind: 'Deployment',
+		metadata: {
+			name: `vibes-${parsed.id}`,
+			namespace: ns,
+			labels: { app: parsed.id, 'app.kubernetes.io/part-of': 'vibes' }
+		},
+		spec: {
+			replicas: parsed.scaling?.min ?? 1,
+			selector: { matchLabels: { app: parsed.id } },
+			template: {
+				metadata: {
+					labels: { app: parsed.id }
+				},
+				spec: {
+					containers: [
+						{
+							name: parsed.id,
+							image,
+							command: ['bun', 'run', parsed.entrypoint],
+							resources: {
+								requests: {
+									cpu: parsed.scaling?.cpu ?? '250m',
+									memory: parsed.scaling?.memory ?? '256Mi'
+								},
+								limits: {
+									cpu: parsed.scaling?.cpu ?? '1',
+									memory: parsed.scaling?.memory ?? '512Mi'
+								}
+							},
+							envFrom: [{ configMapRef: { name: `vibes-${parsed.id}-config` } }],
+							livenessProbe: {
+								httpGet: { path: healthPath, port: healthPort },
+								periodSeconds: 30
+							},
+							readinessProbe: {
+								httpGet: { path: readyPath, port: healthPort },
+								periodSeconds: 10
+							}
+						}
+					]
+				}
+			}
+		}
+	};
+}

package/src/implementations/droplet.impl.ts

@@ -0,0 +1,157 @@
+/**
+ * Implementation: infra/sandbox → digitalocean-droplet
+ *
+ * Wires the existing `DigitalOceanProvider` (./cloud/digitalocean.ts) into
+ * the runtime kind resolution path. The resolved impl exposes a
+ * `provision(descriptor)` method that creates a DigitalOcean droplet via
+ * the v2 API, waits for `status: 'active'`, and returns the platform-side
+ * `SandboxProvisionResult` shape that
+ * `apps/platform-web/src/lib/hosts/server/queries/host-provision.ts`
+ * consumes.
+ *
+ * The DO API token resolves in this order:
+ *   1. `descriptor.config.apiToken` (explicit override; tests use this).
+ *   2. `process.env.DIGITALOCEAN_API_TOKEN` (the existing dev fallback,
+ *      matching the `DigitalOceanAppDeployClient` in `./client/`).
+ *   3. `packages/secrets` `cloud-credentials.digitalocean.token` —
+ *      brokerage path, currently DEFERRED to the migration debt entry
+ *      in `infra-deploy/SPEC.md`. When that lands, this impl resolves
+ *      the same secret per actor scope.
+ */
+
+import * as z from 'zod/v4';
+import { DigitalOceanDropletSandboxConfigSchema } from '@vibesdotdev/infra-core/kinds';
+import { DigitalOceanProvider } from '../cloud/digitalocean.ts';
+import type { CloudInstance } from '../types.ts';
+
+export const DoDropletConfigSchema = DigitalOceanDropletSandboxConfigSchema.extend({
+	adapter: z.literal('digitalocean-droplet'),
+	region: z.string().default('nyc3'),
+	image: z.string().default('ubuntu-24-04-x64'),
+	tags: z.array(z.string()).default([]),
+	sshKeyIds: z.array(z.string()).default([]),
+	apiToken: z.string().optional()
+});
+
+export const DoDropletDescriptorSchema = z.object({
+	kind: z.literal('infra/sandbox'),
+	id: z.string().min(1),
+	name: z.string().optional(),
+	description: z.string().optional(),
+	config: DoDropletConfigSchema,
+	cloudInitScript: z.string().optional()
+});
+
+export type DoDropletDescriptorInput = z.input<typeof DoDropletDescriptorSchema>;
+export type DoDropletDescriptor = z.infer<typeof DoDropletDescriptorSchema>;
+
+export interface SandboxProvisionResult {
+	instanceId: string;
+	publicIp?: string;
+	privateIp?: string;
+	region: string;
+	createdAt: Date;
+}
+
+import type { InstanceFilters } from '../types.ts';
+
+export type ProviderFactory = (
+	apiToken: string,
+	defaultRegion: string
+) => {
+	createInstance(config: {
+		name: string;
+		type: string;
+		region: string;
+		image: string;
+		sshKeys?: string[];
+		userData?: string;
+		tags: Record<string, string>;
+	}): Promise<CloudInstance>;
+	listInstances(filters?: InstanceFilters): Promise<CloudInstance[]>;
+};
+
+function resolveApiToken(config: z.infer<typeof DoDropletConfigSchema>): string {
+	if (config.apiToken) return config.apiToken;
+	const envToken =
+		(typeof process !== 'undefined' && process.env?.DIGITALOCEAN_API_TOKEN) || '';
+	if (envToken) return envToken;
+	throw new Error(
+		'digitalocean-droplet provision failed: no API token. Pass config.apiToken or set DIGITALOCEAN_API_TOKEN.'
+	);
+}
+
+function tagsArrayToRecord(tags: string[]): Record<string, string> {
+	const record: Record<string, string> = {};
+	for (const tag of tags) record[tag] = '';
+	return record;
+}
+
+/**
+ * `DoDropletSandbox` is a singleton-friendly impl: a single instance is
+ * registered per worker and serves every `provision(descriptor)` call.
+ * Per-call descriptors carry their own API token + region, so multi-tenant
+ * use is safe — the impl holds no per-tenant state.
+ *
+ * For unit tests, pass `providerFactory` to swap in a mock
+ * `DigitalOceanProvider`.
+ */
+export class DoDropletSandbox {
+	private readonly providerFactory: ProviderFactory;
+
+	constructor(
+		providerFactory: ProviderFactory = (token, region) => new DigitalOceanProvider(token, region)
+	) {
+		this.providerFactory = providerFactory;
+	}
+
+	async provision(descriptorInput: DoDropletDescriptorInput): Promise<SandboxProvisionResult> {
+		const descriptor = DoDropletDescriptorSchema.parse(descriptorInput);
+		const cfg = descriptor.config;
+		const provider = this.providerFactory(resolveApiToken(cfg), cfg.region);
+		const resourceTag = `vibes:resourceId=${descriptor.id}`;
+
+		// Idempotency: list existing droplets carrying our resource tag.
+		// Returning early prevents double-create on retry / restart while
+		// the upstream DB row still tracks the provisioning intent (per
+		// SPEC §Hard rule "Droplet creation is idempotent against the
+		// descriptor id").
+		const existing = await provider.listInstances({ tags: { vibes: resourceTag.replace('vibes:', '') } });
+		if (existing.length > 0) {
+			const instance = existing[0];
+			return {
+				instanceId: instance.id,
+				publicIp: instance.publicIp,
+				privateIp: instance.privateIp,
+				region: instance.region,
+				createdAt: instance.createdAt
+			};
+		}
+
+		// Inject the resource tag onto user-supplied tags. Duplicates are
+		// harmless — Record dedupes by key.
+		const tags = tagsArrayToRecord([...cfg.tags, resourceTag]);
+		const instance = await provider.createInstance({
+			name: descriptor.name ?? `vibes-${descriptor.id}`,
+			type: cfg.dropletSize,
+			region: cfg.region,
+			image: cfg.image,
+			sshKeys: cfg.sshKeyIds,
+			userData: descriptor.cloudInitScript,
+			tags
+		});
+		return {
+			instanceId: instance.id,
+			publicIp: instance.publicIp,
+			privateIp: instance.privateIp,
+			region: instance.region,
+			createdAt: instance.createdAt
+		};
+	}
+}
+
+export function createDoDropletImpl(
+	providerFactory?: ProviderFactory
+): DoDropletSandbox {
+	return new DoDropletSandbox(providerFactory);
+}