@yannelli/zoomies 0.0.0

package/dist/server/certs/scheduler.d.ts

@@ -0,0 +1,68 @@
+/**
+ * Periodic renewal scheduler for ACME-issued certificates.
+ *
+ * The scheduler walks the cert repository, filters to `provider === 'acme'`
+ * certificates whose `notAfter` falls within a configurable lead window, and
+ * delegates each to a pre-bound {@link RenewalSchedulerDeps.renew} closure.
+ * Renewals are awaited **sequentially** — Let's Encrypt rate limits favour
+ * one-order-at-a-time over parallel bursts, and a serial loop also keeps
+ * accounting simple if any one renewal fails partway through.
+ *
+ * This module is intentionally pure-ish: no `setTimeout`, no infinite loop,
+ * no signal handling. The {@link main} worker in `src/server/worker/main.ts`
+ * drives the cadence and owns the process lifecycle.
+ *
+ * Failure handling: a thrown renewal is logged, recorded in
+ * {@link RenewalRunResult.failed}, and the loop continues with the next cert.
+ * A single bad cert (e.g. a dropped DNS record) must not block renewals for
+ * every other domain on the host.
+ */
+import type { Cert } from '../domain/cert.js';
+import type { CertRepository } from '../repositories/cert-repository.js';
+export interface RenewalSchedulerDeps {
+    certRepo: CertRepository;
+    /**
+     * Per-cert renewal closure. Production code pre-binds the ACME account,
+     * challenge store, cert directory, and repository so the scheduler only
+     * needs to pass the cert row.
+     */
+    renew: (cert: Cert) => Promise<Cert>;
+    /** Time source. Defaults to `() => new Date()`; injected for determinism. */
+    now?: () => Date;
+    /**
+     * Structured-ish logger. Defaults to `console.info`. The first arg is a
+     * human-readable message; the optional second arg is a metadata bag so
+     * production logs can be parsed by a journal collector without regex.
+     */
+    log?: (message: string, meta?: Record<string, unknown>) => void;
+}
+export interface RenewalSchedulerOptions {
+    /**
+     * Renew certificates whose `notAfter` lies within this many days of `now`.
+     * Defaults to 30, matching Let's Encrypt's recommended renewal threshold
+     * (90-day lifetime, renew at T-30).
+     */
+    renewWithinDays?: number;
+    deps: RenewalSchedulerDeps;
+}
+export interface RenewalRunResult {
+    /** Number of `acme` certs that were inspected for renewal eligibility. */
+    checked: number;
+    /** Number of certs successfully renewed in this run. */
+    renewed: number;
+    /** One entry per failed renewal, in iteration order. */
+    failed: Array<{
+        domain: string;
+        error: string;
+    }>;
+}
+/**
+ * Execute a single renewal pass.
+ *
+ * Lists every cert, filters to ACME-managed rows whose validity window ends
+ * within the configured lead time, and awaits each renewal in turn. Returns
+ * a summary describing what happened — the worker logs it and decides when
+ * to run again.
+ */
+export declare function runRenewalCheck(opts: RenewalSchedulerOptions): Promise<RenewalRunResult>;
+//# sourceMappingURL=scheduler.d.ts.map

package/dist/server/certs/scheduler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scheduler.d.ts","sourceRoot":"","sources":["../../../src/server/certs/scheduler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AAEzE,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,cAAc,CAAC;IACzB;;;;OAIG;IACH,KAAK,EAAE,CAAC,IAAI,EAAE,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrC,6EAA6E;IAC7E,GAAG,CAAC,EAAE,MAAM,IAAI,CAAC;IACjB;;;;OAIG;IACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;CACjE;AAED,MAAM,WAAW,uBAAuB;IACtC;;;;OAIG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,IAAI,EAAE,oBAAoB,CAAC;CAC5B;AAED,MAAM,WAAW,gBAAgB;IAC/B,0EAA0E;IAC1E,OAAO,EAAE,MAAM,CAAC;IAChB,wDAAwD;IACxD,OAAO,EAAE,MAAM,CAAC;IAChB,wDAAwD;IACxD,MAAM,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAClD;AAoBD;;;;;;;GAOG;AACH,wBAAsB,eAAe,CAAC,IAAI,EAAE,uBAAuB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAmC9F"}

package/dist/server/certs/scheduler.js

@@ -0,0 +1,76 @@
+/**
+ * Periodic renewal scheduler for ACME-issued certificates.
+ *
+ * The scheduler walks the cert repository, filters to `provider === 'acme'`
+ * certificates whose `notAfter` falls within a configurable lead window, and
+ * delegates each to a pre-bound {@link RenewalSchedulerDeps.renew} closure.
+ * Renewals are awaited **sequentially** — Let's Encrypt rate limits favour
+ * one-order-at-a-time over parallel bursts, and a serial loop also keeps
+ * accounting simple if any one renewal fails partway through.
+ *
+ * This module is intentionally pure-ish: no `setTimeout`, no infinite loop,
+ * no signal handling. The {@link main} worker in `src/server/worker/main.ts`
+ * drives the cadence and owns the process lifecycle.
+ *
+ * Failure handling: a thrown renewal is logged, recorded in
+ * {@link RenewalRunResult.failed}, and the loop continues with the next cert.
+ * A single bad cert (e.g. a dropped DNS record) must not block renewals for
+ * every other domain on the host.
+ */
+const DEFAULT_RENEW_WITHIN_DAYS = 30;
+const MS_PER_DAY = 24 * 60 * 60 * 1000;
+function defaultLog(message, meta) {
+    if (meta === undefined) {
+        console.info(message);
+    }
+    else {
+        console.info(message, meta);
+    }
+}
+function formatError(err) {
+    if (err instanceof Error) {
+        return err.message;
+    }
+    return String(err);
+}
+/**
+ * Execute a single renewal pass.
+ *
+ * Lists every cert, filters to ACME-managed rows whose validity window ends
+ * within the configured lead time, and awaits each renewal in turn. Returns
+ * a summary describing what happened — the worker logs it and decides when
+ * to run again.
+ */
+export async function runRenewalCheck(opts) {
+    const renewWithinDays = opts.renewWithinDays ?? DEFAULT_RENEW_WITHIN_DAYS;
+    const { certRepo, renew } = opts.deps;
+    const now = opts.deps.now ?? (() => new Date());
+    const log = opts.deps.log ?? defaultLog;
+    const threshold = new Date(now().getTime() + renewWithinDays * MS_PER_DAY);
+    // Filter to ACME-managed certs whose validity window ends before the
+    // threshold. Manual certs are owned by the operator — the scheduler
+    // never touches them.
+    const candidates = certRepo
+        .list()
+        .filter((cert) => cert.provider === 'acme')
+        .filter((cert) => Date.parse(cert.notAfter) <= threshold.getTime());
+    const result = {
+        checked: candidates.length,
+        renewed: 0,
+        failed: [],
+    };
+    for (const cert of candidates) {
+        try {
+            await renew(cert);
+            result.renewed += 1;
+            log('zoomies: renewed cert', { domain: cert.domain });
+        }
+        catch (err) {
+            const message = formatError(err);
+            result.failed.push({ domain: cert.domain, error: message });
+            log('zoomies: renewal failed', { domain: cert.domain, error: message });
+        }
+    }
+    return result;
+}
+//# sourceMappingURL=scheduler.js.map

package/dist/server/certs/scheduler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scheduler.js","sourceRoot":"","sources":["../../../src/server/certs/scheduler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AA0CH,MAAM,yBAAyB,GAAG,EAAE,CAAC;AACrC,MAAM,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAEvC,SAAS,UAAU,CAAC,OAAe,EAAE,IAA8B;IACjE,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAC9B,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,GAAY;IAC/B,IAAI,GAAG,YAAY,KAAK,EAAE,CAAC;QACzB,OAAO,GAAG,CAAC,OAAO,CAAC;IACrB,CAAC;IACD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,IAA6B;IACjE,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,IAAI,yBAAyB,CAAC;IAC1E,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IAChD,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,UAAU,CAAC;IAExC,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,GAAG,eAAe,GAAG,UAAU,CAAC,CAAC;IAE3E,qEAAqE;IACrE,oEAAoE;IACpE,sBAAsB;IACtB,MAAM,UAAU,GAAG,QAAQ;SACxB,IAAI,EAAE;SACN,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC;SAC1C,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;IAEtE,MAAM,MAAM,GAAqB;QAC/B,OAAO,EAAE,UAAU,CAAC,MAAM;QAC1B,OAAO,EAAE,CAAC;QACV,MAAM,EAAE,EAAE;KACX,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC;YAClB,MAAM,CAAC,OAAO,IAAI,CAAC,CAAC;YACpB,GAAG,CAAC,uBAAuB,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAC5D,GAAG,CAAC,yBAAyB,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QAC1E,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/server/db/connection.d.ts

@@ -0,0 +1,10 @@
+import Database from 'better-sqlite3';
+/**
+ * Open a SQLite database and apply the control-plane pragma defaults.
+ *
+ * - `journal_mode = WAL` — write-ahead logging for concurrent readers.
+ * - `foreign_keys = ON` — enforce FK constraints (off by default in SQLite).
+ * - `synchronous = NORMAL` — durable under WAL while staying fast.
+ */
+export declare function openDatabase(path: string): Database.Database;
+//# sourceMappingURL=connection.d.ts.map

package/dist/server/db/connection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"connection.d.ts","sourceRoot":"","sources":["../../../src/server/db/connection.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AAEtC;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAM5D"}

package/dist/server/db/connection.js

@@ -0,0 +1,16 @@
+import Database from 'better-sqlite3';
+/**
+ * Open a SQLite database and apply the control-plane pragma defaults.
+ *
+ * - `journal_mode = WAL` — write-ahead logging for concurrent readers.
+ * - `foreign_keys = ON` — enforce FK constraints (off by default in SQLite).
+ * - `synchronous = NORMAL` — durable under WAL while staying fast.
+ */
+export function openDatabase(path) {
+    const db = new Database(path);
+    db.pragma('journal_mode = WAL');
+    db.pragma('foreign_keys = ON');
+    db.pragma('synchronous = NORMAL');
+    return db;
+}
+//# sourceMappingURL=connection.js.map

package/dist/server/db/connection.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"connection.js","sourceRoot":"","sources":["../../../src/server/db/connection.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AAEtC;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC9B,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAChC,EAAE,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;IAC/B,EAAE,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;IAClC,OAAO,EAAE,CAAC;AACZ,CAAC"}

package/dist/server/db/migrate.d.ts

@@ -0,0 +1,12 @@
+import type Database from 'better-sqlite3';
+/**
+ * Apply pending SQL migrations from the sibling `migrations/` directory.
+ *
+ * Each `.sql` file is one migration; the version is the filename without
+ * its extension. Migrations are applied in filename-sorted order. Each
+ * application is wrapped in a transaction together with the
+ * `schema_migrations` bookkeeping insert, so a failure rolls back cleanly
+ * and a second call is a no-op.
+ */
+export declare function runMigrations(db: Database.Database): void;
+//# sourceMappingURL=migrate.d.ts.map

package/dist/server/db/migrate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"migrate.d.ts","sourceRoot":"","sources":["../../../src/server/db/migrate.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAU3C;;;;;;;;GAQG;AACH,wBAAgB,aAAa,CAAC,EAAE,EAAE,QAAQ,CAAC,QAAQ,GAAG,IAAI,CA+BzD"}

package/dist/server/db/migrate.js

@@ -0,0 +1,37 @@
+import { readdirSync, readFileSync } from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const MIGRATIONS_DIR = path.join(__dirname, 'migrations');
+/**
+ * Apply pending SQL migrations from the sibling `migrations/` directory.
+ *
+ * Each `.sql` file is one migration; the version is the filename without
+ * its extension. Migrations are applied in filename-sorted order. Each
+ * application is wrapped in a transaction together with the
+ * `schema_migrations` bookkeeping insert, so a failure rolls back cleanly
+ * and a second call is a no-op.
+ */
+export function runMigrations(db) {
+    db.exec('CREATE TABLE IF NOT EXISTS schema_migrations (version TEXT PRIMARY KEY, applied_at TEXT NOT NULL);');
+    const applied = new Set(db
+        .prepare('SELECT version FROM schema_migrations')
+        .all()
+        .map((row) => row.version));
+    const files = readdirSync(MIGRATIONS_DIR)
+        .filter((name) => name.endsWith('.sql'))
+        .sort();
+    const insertVersion = db.prepare('INSERT INTO schema_migrations (version, applied_at) VALUES (?, ?)');
+    for (const file of files) {
+        const version = file.slice(0, -'.sql'.length);
+        if (applied.has(version))
+            continue;
+        const sql = readFileSync(path.join(MIGRATIONS_DIR, file), 'utf8');
+        db.transaction(() => {
+            db.exec(sql);
+            insertVersion.run(version, new Date().toISOString());
+        })();
+    }
+}
+//# sourceMappingURL=migrate.js.map

package/dist/server/db/migrate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"migrate.js","sourceRoot":"","sources":["../../../src/server/db/migrate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACpD,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAIzC,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AAC3C,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;AAM1D;;;;;;;;GAQG;AACH,MAAM,UAAU,aAAa,CAAC,EAAqB;IACjD,EAAE,CAAC,IAAI,CACL,oGAAoG,CACrG,CAAC;IAEF,MAAM,OAAO,GAAG,IAAI,GAAG,CACrB,EAAE;SACC,OAAO,CAAC,uCAAuC,CAAC;SAChD,GAAG,EAAE;SACL,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAE,GAAkB,CAAC,OAAO,CAAC,CAC7C,CAAC;IAEF,MAAM,KAAK,GAAG,WAAW,CAAC,cAAc,CAAC;SACtC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;SACvC,IAAI,EAAE,CAAC;IAEV,MAAM,aAAa,GAAG,EAAE,CAAC,OAAO,CAC9B,mEAAmE,CACpE,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;YAAE,SAAS;QAEnC,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,CAAC;QAElE,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE;YAClB,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACb,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;QACvD,CAAC,CAAC,EAAE,CAAC;IACP,CAAC;AACH,CAAC"}

package/dist/server/db/migrations/0001_init.sql

@@ -0,0 +1,42 @@
+CREATE TABLE upstreams (
+  id TEXT PRIMARY KEY,
+  name TEXT NOT NULL,
+  load_balancer TEXT NOT NULL CHECK (load_balancer IN ('round_robin', 'least_conn', 'ip_hash')),
+  created_at TEXT NOT NULL,
+  updated_at TEXT NOT NULL
+);
+
+CREATE TABLE upstream_targets (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  upstream_id TEXT NOT NULL REFERENCES upstreams(id) ON DELETE CASCADE,
+  host TEXT NOT NULL,
+  port INTEGER NOT NULL CHECK (port BETWEEN 1 AND 65535),
+  weight INTEGER NOT NULL CHECK (weight BETWEEN 1 AND 1000),
+  position INTEGER NOT NULL,
+  UNIQUE (upstream_id, position)
+);
+
+CREATE TABLE sites (
+  id TEXT PRIMARY KEY,
+  hostname TEXT NOT NULL UNIQUE,
+  upstream_id TEXT NOT NULL REFERENCES upstreams(id) ON DELETE RESTRICT,
+  tls_mode TEXT NOT NULL CHECK (tls_mode IN ('off', 'acme', 'manual')),
+  created_at TEXT NOT NULL,
+  updated_at TEXT NOT NULL
+);
+
+CREATE TABLE certs (
+  id TEXT PRIMARY KEY,
+  domain TEXT NOT NULL UNIQUE,
+  provider TEXT NOT NULL CHECK (provider IN ('acme', 'manual')),
+  pem_path TEXT NOT NULL,
+  key_path TEXT NOT NULL,
+  not_before TEXT NOT NULL,
+  not_after TEXT NOT NULL,
+  created_at TEXT NOT NULL,
+  updated_at TEXT NOT NULL,
+  CHECK (not_before < not_after)
+);
+
+CREATE INDEX idx_sites_upstream ON sites(upstream_id);
+CREATE INDEX idx_targets_upstream ON upstream_targets(upstream_id);

package/dist/server/domain/cert.d.ts

@@ -0,0 +1,17 @@
+import { z } from 'zod';
+export declare const CertSchema: z.ZodObject<{
+    id: z.ZodUUID;
+    domain: z.ZodString;
+    provider: z.ZodEnum<{
+        acme: "acme";
+        manual: "manual";
+    }>;
+    pemPath: z.ZodString;
+    keyPath: z.ZodString;
+    notBefore: z.ZodISODateTime;
+    notAfter: z.ZodISODateTime;
+    createdAt: z.ZodISODateTime;
+    updatedAt: z.ZodISODateTime;
+}, z.core.$strip>;
+export type Cert = z.infer<typeof CertSchema>;
+//# sourceMappingURL=cert.d.ts.map

package/dist/server/domain/cert.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cert.d.ts","sourceRoot":"","sources":["../../../src/server/domain/cert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAQxB,eAAO,MAAM,UAAU;;;;;;;;;;;;;iBAenB,CAAC;AAEL,MAAM,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC"}

package/dist/server/domain/cert.js

@@ -0,0 +1,22 @@
+import { z } from 'zod';
+// RFC 1123 hostname: labels of 1-63 chars (alphanumeric + hyphen, no leading
+// or trailing hyphen), separated by dots. Defined locally so the cert module
+// does not couple to the Site schema's hostname rules.
+const DOMAIN_REGEX = /^(?=.{1,253}$)([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/;
+export const CertSchema = z
+    .object({
+    id: z.uuid(),
+    domain: z.string().min(1).max(253).regex(DOMAIN_REGEX, 'must be a valid domain'),
+    provider: z.enum(['acme', 'manual']),
+    pemPath: z.string().min(1),
+    keyPath: z.string().min(1),
+    notBefore: z.iso.datetime(),
+    notAfter: z.iso.datetime(),
+    createdAt: z.iso.datetime(),
+    updatedAt: z.iso.datetime(),
+})
+    .refine((cert) => Date.parse(cert.notBefore) < Date.parse(cert.notAfter), {
+    message: 'notBefore must be earlier than notAfter',
+    path: ['notAfter'],
+});
+//# sourceMappingURL=cert.js.map

package/dist/server/domain/cert.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cert.js","sourceRoot":"","sources":["../../../src/server/domain/cert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,6EAA6E;AAC7E,6EAA6E;AAC7E,uDAAuD;AACvD,MAAM,YAAY,GAChB,8GAA8G,CAAC;AAEjH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC;KACxB,MAAM,CAAC;IACN,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE;IACZ,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,YAAY,EAAE,wBAAwB,CAAC;IAChF,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACpC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,SAAS,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE;IAC3B,QAAQ,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE;IAC1B,SAAS,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE;IAC3B,SAAS,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE;CAC5B,CAAC;KACD,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;IACxE,OAAO,EAAE,yCAAyC;IAClD,IAAI,EAAE,CAAC,UAAU,CAAC;CACnB,CAAC,CAAC"}

package/dist/server/domain/errors.d.ts

@@ -0,0 +1,36 @@
+/**
+ * Domain error hierarchy for the Zoomies control plane.
+ *
+ * These errors model failure modes inside the pure domain layer:
+ * a record is missing, a uniqueness/state constraint is violated, or
+ * input could not be reconciled with a domain invariant. They carry a
+ * stable `code` discriminator so transport layers (Route Handlers, CLI)
+ * can map them to HTTP statuses / exit codes without `instanceof` chains.
+ *
+ * No I/O. No Zod. No entity coupling.
+ */
+export declare abstract class DomainError extends Error {
+    abstract readonly code: string;
+    constructor(message: string, options?: {
+        cause?: unknown;
+    });
+}
+export declare class NotFoundError extends DomainError {
+    readonly code = "not_found";
+    constructor(message: string, options?: {
+        cause?: unknown;
+    });
+}
+export declare class ConflictError extends DomainError {
+    readonly code = "conflict";
+    constructor(message: string, options?: {
+        cause?: unknown;
+    });
+}
+export declare class ValidationError extends DomainError {
+    readonly code = "validation";
+    constructor(message: string, options?: {
+        cause?: unknown;
+    });
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/server/domain/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/server/domain/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,8BAAsB,WAAY,SAAQ,KAAK;IAC7C,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;gBAEnB,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE;CAK3D;AAED,qBAAa,aAAc,SAAQ,WAAW;IAC5C,QAAQ,CAAC,IAAI,eAAe;gBAEhB,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE;CAG3D;AAED,qBAAa,aAAc,SAAQ,WAAW;IAC5C,QAAQ,CAAC,IAAI,cAAc;gBAEf,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE;CAG3D;AAED,qBAAa,eAAgB,SAAQ,WAAW;IAC9C,QAAQ,CAAC,IAAI,gBAAgB;gBAEjB,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE;CAG3D"}

package/dist/server/domain/errors.js

@@ -0,0 +1,37 @@
+/**
+ * Domain error hierarchy for the Zoomies control plane.
+ *
+ * These errors model failure modes inside the pure domain layer:
+ * a record is missing, a uniqueness/state constraint is violated, or
+ * input could not be reconciled with a domain invariant. They carry a
+ * stable `code` discriminator so transport layers (Route Handlers, CLI)
+ * can map them to HTTP statuses / exit codes without `instanceof` chains.
+ *
+ * No I/O. No Zod. No entity coupling.
+ */
+export class DomainError extends Error {
+    constructor(message, options) {
+        super(message, options);
+        // Ensure stack traces show the concrete subclass name, not "Error".
+        this.name = new.target.name;
+    }
+}
+export class NotFoundError extends DomainError {
+    code = 'not_found';
+    constructor(message, options) {
+        super(message, options);
+    }
+}
+export class ConflictError extends DomainError {
+    code = 'conflict';
+    constructor(message, options) {
+        super(message, options);
+    }
+}
+export class ValidationError extends DomainError {
+    code = 'validation';
+    constructor(message, options) {
+        super(message, options);
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/server/domain/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/server/domain/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,OAAgB,WAAY,SAAQ,KAAK;IAG7C,YAAY,OAAe,EAAE,OAA6B;QACxD,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxB,oEAAoE;QACpE,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;IAC9B,CAAC;CACF;AAED,MAAM,OAAO,aAAc,SAAQ,WAAW;IACnC,IAAI,GAAG,WAAW,CAAC;IAE5B,YAAY,OAAe,EAAE,OAA6B;QACxD,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1B,CAAC;CACF;AAED,MAAM,OAAO,aAAc,SAAQ,WAAW;IACnC,IAAI,GAAG,UAAU,CAAC;IAE3B,YAAY,OAAe,EAAE,OAA6B;QACxD,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1B,CAAC;CACF;AAED,MAAM,OAAO,eAAgB,SAAQ,WAAW;IACrC,IAAI,GAAG,YAAY,CAAC;IAE7B,YAAY,OAAe,EAAE,OAA6B;QACxD,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1B,CAAC;CACF"}

package/dist/server/domain/site.d.ts

@@ -0,0 +1,15 @@
+import { z } from 'zod';
+export declare const SiteSchema: z.ZodObject<{
+    id: z.ZodString;
+    hostname: z.ZodString;
+    upstreamId: z.ZodString;
+    tlsMode: z.ZodEnum<{
+        off: "off";
+        acme: "acme";
+        manual: "manual";
+    }>;
+    createdAt: z.ZodString;
+    updatedAt: z.ZodString;
+}, z.core.$strip>;
+export type Site = z.infer<typeof SiteSchema>;
+//# sourceMappingURL=site.d.ts.map

package/dist/server/domain/site.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"site.d.ts","sourceRoot":"","sources":["../../../src/server/domain/site.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAexB,eAAO,MAAM,UAAU;;;;;;;;;;;iBAWrB,CAAC;AAEH,MAAM,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC"}

package/dist/server/domain/site.js

@@ -0,0 +1,25 @@
+import { z } from 'zod';
+/**
+ * Hostname regex (RFC 1123-flavoured, restricted to lowercase).
+ *
+ * - Each label is 1–63 characters long, drawn from [a-z0-9-].
+ * - Labels may NOT start or end with a hyphen.
+ * - Labels are separated by a single dot. A trailing dot is rejected.
+ * - A single-label hostname (e.g. `localhost`) is permitted.
+ *
+ * The overall length (max 253 chars) is enforced separately via `.max(253)`.
+ */
+const HOSTNAME_REGEX = /^[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?(?:\.[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?)*$/;
+export const SiteSchema = z.object({
+    id: z.string().uuid(),
+    hostname: z
+        .string()
+        .min(1)
+        .max(253)
+        .regex(HOSTNAME_REGEX, 'must be a lowercase RFC 1123 hostname'),
+    upstreamId: z.string().uuid(),
+    tlsMode: z.enum(['off', 'acme', 'manual']),
+    createdAt: z.string().datetime(),
+    updatedAt: z.string().datetime(),
+});
+//# sourceMappingURL=site.js.map

package/dist/server/domain/site.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"site.js","sourceRoot":"","sources":["../../../src/server/domain/site.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;;;;;;GASG;AACH,MAAM,cAAc,GAClB,mFAAmF,CAAC;AAEtF,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE;IACrB,QAAQ,EAAE,CAAC;SACR,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,GAAG,CAAC;SACR,KAAK,CAAC,cAAc,EAAE,uCAAuC,CAAC;IACjE,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE;IAC7B,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC1C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACjC,CAAC,CAAC"}

package/dist/server/domain/upstream.d.ts

@@ -0,0 +1,25 @@
+import { z } from 'zod';
+export declare const UpstreamTargetSchema: z.ZodObject<{
+    host: z.ZodUnion<readonly [z.ZodIPv4, z.ZodIPv6, z.ZodString]>;
+    port: z.ZodNumber;
+    weight: z.ZodNumber;
+}, z.core.$strip>;
+export declare const UpstreamSchema: z.ZodObject<{
+    id: z.ZodUUID;
+    name: z.ZodString;
+    targets: z.ZodArray<z.ZodObject<{
+        host: z.ZodUnion<readonly [z.ZodIPv4, z.ZodIPv6, z.ZodString]>;
+        port: z.ZodNumber;
+        weight: z.ZodNumber;
+    }, z.core.$strip>>;
+    loadBalancer: z.ZodEnum<{
+        round_robin: "round_robin";
+        least_conn: "least_conn";
+        ip_hash: "ip_hash";
+    }>;
+    createdAt: z.ZodISODateTime;
+    updatedAt: z.ZodISODateTime;
+}, z.core.$strip>;
+export type UpstreamTarget = z.infer<typeof UpstreamTargetSchema>;
+export type Upstream = z.infer<typeof UpstreamSchema>;
+//# sourceMappingURL=upstream.d.ts.map

package/dist/server/domain/upstream.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"upstream.d.ts","sourceRoot":"","sources":["../../../src/server/domain/upstream.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAcxB,eAAO,MAAM,oBAAoB;;;;iBAI/B,CAAC;AAEH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;iBAOzB,CAAC;AAEH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAClE,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC"}

package/dist/server/domain/upstream.js

@@ -0,0 +1,24 @@
+import { z } from 'zod';
+// RFC 1123 hostname: labels of 1-63 chars (alphanumeric + hyphen, no leading
+// or trailing hyphen), separated by dots. Total length capped at 253 chars
+// by the outer z.string().max() below.
+const HOSTNAME_REGEX = /^(?=.{1,253}$)([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/;
+const HostnameOrIpSchema = z.union([
+    z.ipv4(),
+    z.ipv6(),
+    z.string().min(1).max(253).regex(HOSTNAME_REGEX, 'must be a valid hostname'),
+]);
+export const UpstreamTargetSchema = z.object({
+    host: HostnameOrIpSchema,
+    port: z.number().int().min(1).max(65535),
+    weight: z.number().int().min(1).max(1000),
+});
+export const UpstreamSchema = z.object({
+    id: z.uuid(),
+    name: z.string().min(1).max(100),
+    targets: z.array(UpstreamTargetSchema).min(1).max(64),
+    loadBalancer: z.enum(['round_robin', 'least_conn', 'ip_hash']),
+    createdAt: z.iso.datetime(),
+    updatedAt: z.iso.datetime(),
+});
+//# sourceMappingURL=upstream.js.map

package/dist/server/domain/upstream.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"upstream.js","sourceRoot":"","sources":["../../../src/server/domain/upstream.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,6EAA6E;AAC7E,2EAA2E;AAC3E,uCAAuC;AACvC,MAAM,cAAc,GAClB,8GAA8G,CAAC;AAEjH,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC;IACjC,CAAC,CAAC,IAAI,EAAE;IACR,CAAC,CAAC,IAAI,EAAE;IACR,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,cAAc,EAAE,0BAA0B,CAAC;CAC7E,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3C,IAAI,EAAE,kBAAkB;IACxB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC;IACxC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;CAC1C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE;IACZ,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IAChC,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IACrD,YAAY,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;IAC9D,SAAS,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE;IAC3B,SAAS,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE;CAC5B,CAAC,CAAC"}

package/dist/server/index.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/server/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,CAAC"}

package/dist/server/index.js

@@ -0,0 +1,4 @@
+// Control-plane domain code lives here. This file is intentionally a
+// placeholder for Phase 0 scaffolding — see src/server/README.md.
+export {};
+//# sourceMappingURL=index.js.map

package/dist/server/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,kEAAkE;AAClE,OAAO,EAAE,CAAC"}

package/dist/server/reload/atomic-write.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Rollback handle returned from {@link writeAtomic} and {@link deleteAtomic}.
+ *
+ * The orchestrator (Phase 5 Stage 2) collects these handles in order so it
+ * can unwind a multi-file change when `nginx -t` rejects the new bundle.
+ * `restore()` must be idempotent: calling it twice is a no-op the second
+ * time (and any time after).
+ */
+export interface AtomicRollback {
+    restore(): Promise<void>;
+}
+/**
+ * Atomically write `contents` to `path`, returning a rollback handle that
+ * can restore the prior state.
+ *
+ * Algorithm:
+ *   1. Snapshot the prior state of `path` (contents + mode, or "didn't
+ *      exist") into memory.
+ *   2. Write `contents` to `${path}.new` in the same directory.
+ *   3. fsync the `.new` file so its data is durable before rename.
+ *   4. `rename(${path}.new, path)` — atomic on POSIX same-filesystem.
+ *   5. fsync the parent directory so the rename itself is durable.
+ *
+ * Rollback (`restore()`):
+ *   - If the prior state was "didn't exist", `unlink(path)`.
+ *   - Otherwise run the same atomic-replace dance with the stashed bytes
+ *     and mode.
+ *   - Idempotent: a second `restore()` call is a no-op.
+ */
+export declare function writeAtomic(path: string, contents: string): Promise<AtomicRollback>;
+/**
+ * Atomically delete `path`, returning a rollback handle that restores the
+ * file byte-exact (including its mode).
+ *
+ * Throws {@link NotFoundError} if the target path does not exist — unlike
+ * `writeAtomic`, delete is meaningless against an absent file and the
+ * orchestrator should treat that as a precondition failure.
+ *
+ * Rollback (`restore()`):
+ *   - Atomically re-creates the file with the stashed contents and mode.
+ *   - Idempotent: a second `restore()` is a no-op.
+ */
+export declare function deleteAtomic(path: string): Promise<AtomicRollback>;
+//# sourceMappingURL=atomic-write.d.ts.map

package/dist/server/reload/atomic-write.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"atomic-write.d.ts","sourceRoot":"","sources":["../../../src/server/reload/atomic-write.ts"],"names":[],"mappings":"AAKA;;;;;;;GAOG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1B;AA0FD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CA6BzF;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAoBxE"}