clawdlets 0.2.2 → 0.3.0

package/dist/commands/secrets/verify.d.ts

@@ -1,28 +0,0 @@
-export declare const secretsVerify: import("citty").CommandDef<{
-    runtimeDir: {
-        type: "string";
-        description: string;
-    };
-    envFile: {
-        type: "string";
-        description: string;
-    };
-    host: {
-        type: "string";
-        description: string;
-    };
-    operator: {
-        type: "string";
-        description: string;
-    };
-    ageKeyFile: {
-        type: "string";
-        description: string;
-    };
-    json: {
-        type: "boolean";
-        description: string;
-        default: false;
-    };
-}>;
-//# sourceMappingURL=verify.d.ts.map

package/dist/commands/secrets/verify.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../../src/commands/secrets/verify.ts"],"names":[],"mappings":"AAaA,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;EA6GxB,CAAC"}

package/dist/commands/secrets/verify.js

@@ -1,118 +0,0 @@
-import fs from "node:fs";
-import path from "node:path";
-import process from "node:process";
-import { defineCommand } from "citty";
-import YAML from "yaml";
-import { sopsDecryptYamlFile } from "@clawdlets/core/lib/sops";
-import { sanitizeOperatorId } from "@clawdlets/core/lib/identifiers";
-import { buildFleetSecretsPlan } from "@clawdlets/core/lib/fleet-secrets";
-import { isPlaceholderSecretValue } from "@clawdlets/core/lib/secrets-init";
-import { loadDeployCreds } from "@clawdlets/core/lib/deploy-creds";
-import { getHostSecretsDir, getLocalOperatorAgeKeyPath } from "@clawdlets/core/repo-layout";
-import { loadHostContextOrExit } from "../../lib/context.js";
-export const secretsVerify = defineCommand({
-    meta: {
-        name: "verify",
-        description: "Verify secrets decrypt correctly and contain no placeholders.",
-    },
-    args: {
-        runtimeDir: { type: "string", description: "Runtime directory (default: .clawdlets)." },
-        envFile: { type: "string", description: "Env file for deploy creds (default: <runtimeDir>/env)." },
-        host: { type: "string", description: "Host name (defaults to clawdlets.json defaultHost / sole host)." },
-        operator: {
-            type: "string",
-            description: "Operator id for age key name (default: $USER). Used if SOPS_AGE_KEY_FILE is not set.",
-        },
-        ageKeyFile: { type: "string", description: "Override SOPS_AGE_KEY_FILE path." },
-        json: { type: "boolean", description: "Output JSON.", default: false },
-    },
-    async run({ args }) {
-        const cwd = process.cwd();
-        const ctx = loadHostContextOrExit({ cwd, runtimeDir: args.runtimeDir, hostArg: args.host });
-        if (!ctx)
-            return;
-        const { layout, config, hostName, hostCfg } = ctx;
-        const deployCreds = loadDeployCreds({ cwd, runtimeDir: args.runtimeDir, envFile: args.envFile });
-        if (deployCreds.envFile?.origin === "explicit" && deployCreds.envFile.status !== "ok") {
-            throw new Error(`deploy env file rejected: ${deployCreds.envFile.path} (${deployCreds.envFile.error || deployCreds.envFile.status})`);
-        }
-        const operatorId = sanitizeOperatorId(String(args.operator || process.env.USER || "operator"));
-        const operatorKeyPath = (args.ageKeyFile ? String(args.ageKeyFile).trim() : "") ||
-            (deployCreds.values.SOPS_AGE_KEY_FILE ? String(deployCreds.values.SOPS_AGE_KEY_FILE).trim() : "") ||
-            getLocalOperatorAgeKeyPath(layout, operatorId);
-        const nix = { nixBin: String(deployCreds.values.NIX_BIN || "nix").trim() || "nix", cwd: layout.repoRoot, dryRun: false };
-        const localDir = getHostSecretsDir(layout, hostName);
-        const secretsPlan = buildFleetSecretsPlan({ config, hostName });
-        const requiredSecretNames = new Set(secretsPlan.secretNamesRequired);
-        const tailnetMode = String(hostCfg.tailnet?.mode || "none");
-        const requiredSecrets = Array.from(new Set([
-            ...(tailnetMode === "tailscale" ? ["tailscale_auth_key"] : []),
-            "admin_password_hash",
-        ]));
-        const secretNames = secretsPlan.secretNamesAll;
-        const optionalSecrets = ["root_password_hash"];
-        const results = [];
-        if (!fs.existsSync(operatorKeyPath)) {
-            results.push({ secret: "SOPS_AGE_KEY_FILE", status: "missing", detail: operatorKeyPath });
-        }
-        const verifyOne = async (secretName, optional, allowOptionalMarker) => {
-            const filePath = path.join(localDir, `${secretName}.yaml`);
-            if (!fs.existsSync(filePath)) {
-                results.push({ secret: secretName, status: optional ? "warn" : "missing", detail: `(missing: ${filePath})` });
-                return;
-            }
-            try {
-                const decrypted = await sopsDecryptYamlFile({ filePath, ageKeyFile: operatorKeyPath, nix });
-                const parsed = YAML.parse(decrypted) || {};
-                const keys = Object.keys(parsed).filter((k) => k !== "sops");
-                if (keys.length !== 1 || keys[0] !== secretName) {
-                    results.push({ secret: secretName, status: "missing", detail: "(invalid: expected exactly 1 key matching filename)" });
-                    return;
-                }
-                const v = parsed[secretName];
-                const value = typeof v === "string" ? v : v == null ? "" : String(v);
-                if (!allowOptionalMarker && value.trim() === "<OPTIONAL>") {
-                    results.push({ secret: secretName, status: "missing", detail: "(placeholder: <OPTIONAL>)" });
-                    return;
-                }
-                if (!optional && isPlaceholderSecretValue(value)) {
-                    results.push({ secret: secretName, status: "missing", detail: `(placeholder: ${value.trim()})` });
-                    return;
-                }
-                if (optional && isPlaceholderSecretValue(value)) {
-                    results.push({ secret: secretName, status: "missing", detail: `(placeholder: ${value.trim()})` });
-                    return;
-                }
-                if (!optional && !value.trim()) {
-                    results.push({ secret: secretName, status: "missing", detail: "(empty)" });
-                    return;
-                }
-                results.push({ secret: secretName, status: "ok" });
-            }
-            catch (e) {
-                results.push({ secret: secretName, status: "missing", detail: String(e?.message || e) });
-            }
-        };
-        if (!fs.existsSync(localDir)) {
-            results.push({ secret: "secrets.localDir", status: "missing", detail: localDir });
-        }
-        else {
-            for (const s of requiredSecrets)
-                await verifyOne(s, false, false);
-            for (const s of secretNames)
-                await verifyOne(s, false, !requiredSecretNames.has(s));
-            for (const s of optionalSecrets)
-                await verifyOne(s, true, true);
-        }
-        if (args.json) {
-            console.log(JSON.stringify({ host: hostName, localDir, results }, null, 2));
-        }
-        else {
-            for (const r of results)
-                console.log(`${r.status}: ${r.secret}${r.detail ? ` (${r.detail})` : ""}`);
-        }
-        if (results.some((r) => r.status === "missing"))
-            process.exitCode = 1;
-    },
-});
-//# sourceMappingURL=verify.js.map

package/dist/commands/secrets/verify.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../../src/commands/secrets/verify.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,OAAO,MAAM,cAAc,CAAC;AACnC,OAAO,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AACtC,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;AAC1E,OAAO,EAAE,wBAAwB,EAAE,MAAM,kCAAkC,CAAC;AAC5E,OAAO,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AAC5F,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAE7D,MAAM,CAAC,MAAM,aAAa,GAAG,aAAa,CAAC;IACzC,IAAI,EAAE;QACJ,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,+DAA+D;KAC7E;IACD,IAAI,EAAE;QACJ,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,0CAA0C,EAAE;QACvF,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wDAAwD,EAAE;QAClG,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iEAAiE,EAAE;QACxG,QAAQ,EAAE;YACR,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,sFAAsF;SACpG;QACD,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kCAAkC,EAAE;QAC/E,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,OAAO,EAAE,KAAK,EAAE;KACvE;IACD,KAAK,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE;QAChB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,qBAAqB,CAAC,EAAE,GAAG,EAAE,UAAU,EAAG,IAAY,CAAC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACrG,IAAI,CAAC,GAAG;YAAE,OAAO;QACjB,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;QAElD,MAAM,WAAW,GAAG,eAAe,CAAC,EAAE,GAAG,EAAE,UAAU,EAAG,IAAY,CAAC,UAAU,EAAE,OAAO,EAAG,IAAY,CAAC,OAAO,EAAE,CAAC,CAAC;QACnH,IAAI,WAAW,CAAC,OAAO,EAAE,MAAM,KAAK,UAAU,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;YACtF,MAAM,IAAI,KAAK,CAAC,6BAA6B,WAAW,CAAC,OAAO,CAAC,IAAI,KAAK,WAAW,CAAC,OAAO,CAAC,KAAK,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;QACxI,CAAC;QAED,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,UAAU,CAAC,CAAC,CAAC;QAE/F,MAAM,eAAe,GACnB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvD,CAAC,WAAW,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjG,0BAA0B,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAEjD,MAAM,GAAG,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,IAAI,KAAK,CAAC,CAAC,IAAI,EAAE,IAAI,KAAK,EAAE,GAAG,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAW,CAAC;QAElI,MAAM,QAAQ,GAAG,iBAAiB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACrD,MAAM,WAAW,GAAG,qBAAqB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QAChE,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAS,WAAW,CAAC,mBAAmB,CAAC,CAAC;QAE7E,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,IAAI,MAAM,CAAC,CAAC;QAC5D,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC;YACzC,GAAG,CAAC,WAAW,KAAK,WAAW,CAAC,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9D,qBAAqB;SACtB,CAAC,CAAC,CAAC;QACJ,MAAM,WAAW,GAAG,WAAW,CAAC,cAAc,CAAC;QAC/C,MAAM,eAAe,GAAG,CAAC,oBAAoB,CAAC,CAAC;QAG/C,MAAM,OAAO,GAAa,EAAE,CAAC;QAE7B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;YACpC,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;QAC5F,CAAC;QAED,MAAM,SAAS,GAAG,KAAK,EAAE,UAAkB,EAAE,QAAiB,EAAE,mBAA4B,EAAE,EAAE;YAC9F,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,UAAU,OAAO,CAAC,CAAC;YAC3D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7B,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,QAAQ,GAAG,EAAE,CAAC,CAAC;gBAC9G,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,mBAAmB,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,EAAE,CAAC,CAAC;gBAC5F,MAAM,MAAM,GAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAA6B,IAAI,EAAE,CAAC;gBACxE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;gBAC7D,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE,CAAC;oBAChD,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,qDAAqD,EAAE,CAAC,CAAC;oBACvH,OAAO;gBACT,CAAC;gBACD,MAAM,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;gBAC7B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBACrE,IAAI,CAAC,mBAAmB,IAAI,KAAK,CAAC,IAAI,EAAE,KAAK,YAAY,EAAE,CAAC;oBAC1D,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,2BAA2B,EAAE,CAAC,CAAC;oBAC7F,OAAO;gBACT,CAAC;gBACD,IAAI,CAAC,QAAQ,IAAI,wBAAwB,CAAC,KAAK,CAAC,EAAE,CAAC;oBACjD,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,iBAAiB,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;oBAClG,OAAO;gBACT,CAAC;gBACD,IAAI,QAAQ,IAAI,wBAAwB,CAAC,KAAK,CAAC,EAAE,CAAC;oBAChD,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,iBAAiB,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;oBAClG,OAAO;gBACT,CAAC;gBACD,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;oBAC/B,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;oBAC3E,OAAO;gBACT,CAAC;gBACD,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;YACrD,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,CAAE,CAAW,EAAE,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC;YACtG,CAAC;QACH,CAAC,CAAC;QAEF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QACpF,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,CAAC,IAAI,eAAe;gBAAE,MAAM,SAAS,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;YAClE,KAAK,MAAM,CAAC,IAAI,WAAW;gBAAE,MAAM,SAAS,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACpF,KAAK,MAAM,CAAC,IAAI,eAAe;gBAAE,MAAM,SAAS,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9E,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,CAAC,IAAI,OAAO;gBAAE,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACtG,CAAC;QAED,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC;YAAE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACxE,CAAC;CACF,CAAC,CAAC"}

package/dist/commands/secrets.d.ts

@@ -1,2 +0,0 @@
-export declare const secrets: import("citty").CommandDef<import("citty").ArgsDef>;
-//# sourceMappingURL=secrets.d.ts.map

package/dist/commands/secrets.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/commands/secrets.ts"],"names":[],"mappings":"AAMA,eAAO,MAAM,OAAO,qDAWlB,CAAC"}

package/dist/commands/secrets.js

@@ -1,18 +0,0 @@
-import { defineCommand } from "citty";
-import { secretsInit } from "./secrets/init.js";
-import { secretsPath } from "./secrets/path.js";
-import { secretsSync } from "./secrets/sync.js";
-import { secretsVerify } from "./secrets/verify.js";
-export const secrets = defineCommand({
-    meta: {
-        name: "secrets",
-        description: "Secrets workflow (/secrets + extra-files + sync).",
-    },
-    subCommands: {
-        init: secretsInit,
-        verify: secretsVerify,
-        sync: secretsSync,
-        path: secretsPath,
-    },
-});
-//# sourceMappingURL=secrets.js.map

package/dist/commands/secrets.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/commands/secrets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AACtC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD,MAAM,CAAC,MAAM,OAAO,GAAG,aAAa,CAAC;IACnC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,WAAW,EAAE,mDAAmD;KACjE;IACD,WAAW,EAAE;QACX,IAAI,EAAE,WAAW;QACjB,MAAM,EAAE,aAAa;QACrB,IAAI,EAAE,WAAW;QACjB,IAAI,EAAE,WAAW;KAClB;CACF,CAAC,CAAC"}

package/dist/commands/server/common.d.ts

@@ -1,3 +0,0 @@
-import { needsSudo, requireTargetHost } from "../ssh-target.js";
-export { needsSudo, requireTargetHost };
-//# sourceMappingURL=common.d.ts.map

package/dist/commands/server/common.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"common.d.ts","sourceRoot":"","sources":["../../../src/commands/server/common.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAEhE,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,CAAC"}

package/dist/commands/server/common.js

@@ -1,3 +0,0 @@
-import { needsSudo, requireTargetHost } from "../ssh-target.js";
-export { needsSudo, requireTargetHost };
-//# sourceMappingURL=common.js.map

package/dist/commands/server/common.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"common.js","sourceRoot":"","sources":["../../../src/commands/server/common.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAEhE,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,CAAC"}

package/dist/commands/server/deploy.d.ts

@@ -1,53 +0,0 @@
-export declare const serverDeploy: import("citty").CommandDef<{
-    runtimeDir: {
-        type: "string";
-        description: string;
-    };
-    envFile: {
-        type: "string";
-        description: string;
-    };
-    host: {
-        type: "string";
-        description: string;
-    };
-    targetHost: {
-        type: "string";
-        description: string;
-    };
-    rev: {
-        type: "string";
-        description: string;
-        default: string;
-    };
-    toplevel: {
-        type: "string";
-        description: string;
-    };
-    manifest: {
-        type: "string";
-        description: string;
-    };
-    manifestSignature: {
-        type: "string";
-        description: string;
-    };
-    manifestPublicKey: {
-        type: "string";
-        description: string;
-    };
-    manifestPublicKeyFile: {
-        type: "string";
-        description: string;
-    };
-    manifestOut: {
-        type: "string";
-        description: string;
-    };
-    sshTty: {
-        type: "boolean";
-        description: string;
-        default: true;
-    };
-}>;
-//# sourceMappingURL=deploy.d.ts.map

package/dist/commands/server/deploy.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"deploy.d.ts","sourceRoot":"","sources":["../../../src/commands/server/deploy.ts"],"names":[],"mappings":"AA2CA,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAmJvB,CAAC"}

package/dist/commands/server/deploy.js

@@ -1,177 +0,0 @@
-import fs from "node:fs";
-import path from "node:path";
-import process from "node:process";
-import { defineCommand } from "citty";
-import { resolveGitRev } from "@clawdlets/core/lib/git";
-import { capture, run } from "@clawdlets/core/lib/run";
-import { loadDeployCreds } from "@clawdlets/core/lib/deploy-creds";
-import { withFlakesEnv } from "@clawdlets/core/lib/nix-flakes";
-import { shellQuote, sshRun } from "@clawdlets/core/lib/ssh-remote";
-import { getHostSecretsDir } from "@clawdlets/core/repo-layout";
-import { createSecretsTar } from "@clawdlets/core/lib/secrets-tar";
-import { requireDeployGate } from "../../lib/deploy-gate.js";
-import { loadHostContextOrExit } from "../../lib/context.js";
-import { needsSudo, requireTargetHost } from "../ssh-target.js";
-import { formatDeployManifest, parseDeployManifest, requireToplevel } from "../../lib/deploy-manifest.js";
-import { resolveManifestPublicKey, resolveManifestSignaturePath, verifyManifestSignature } from "../../lib/manifest-signature.js";
-import { requireLinuxForLocalNixosBuild } from "../../lib/linux-build.js";
-async function buildLocalToplevel(params) {
-    requireLinuxForLocalNixosBuild({ platform: process.platform, command: "clawdlets server deploy" });
-    const attr = `.#nixosConfigurations.${params.host}.config.system.build.toplevel`;
-    const out = await capture(params.nixBin, ["build", "--json", "--no-link", attr], {
-        cwd: params.repoRoot,
-        env: withFlakesEnv(process.env),
-    });
-    let parsed;
-    try {
-        parsed = JSON.parse(out);
-    }
-    catch (e) {
-        throw new Error(`nix build --json returned invalid JSON (${String(e?.message || e)})`);
-    }
-    const toplevel = parsed?.[0]?.outputs?.out;
-    if (!toplevel || typeof toplevel !== "string") {
-        throw new Error("nix build did not return a toplevel store path");
-    }
-    return requireToplevel(toplevel);
-}
-export const serverDeploy = defineCommand({
-    meta: {
-        name: "deploy",
-        description: "Deploy a prebuilt NixOS system + secrets by store path.",
-    },
-    args: {
-        runtimeDir: { type: "string", description: "Runtime directory (default: .clawdlets)." },
-        envFile: { type: "string", description: "Env file for deploy creds (default: <runtimeDir>/env)." },
-        host: { type: "string", description: "Host name (defaults to clawdlets.json defaultHost / sole host)." },
-        targetHost: { type: "string", description: "SSH target override (default: from clawdlets.json)." },
-        rev: { type: "string", description: "Git rev to pin (HEAD/sha/tag).", default: "HEAD" },
-        toplevel: { type: "string", description: "NixOS system toplevel store path (CI mode)." },
-        manifest: { type: "string", description: "Path to deploy manifest JSON (CI mode)." },
-        manifestSignature: { type: "string", description: "Path to manifest minisign signature (.minisig)." },
-        manifestPublicKey: { type: "string", description: "Minisign public key string (verify manifest)." },
-        manifestPublicKeyFile: { type: "string", description: "Path to minisign public key (verify manifest)." },
-        manifestOut: { type: "string", description: "Write deploy manifest JSON to this path." },
-        sshTty: { type: "boolean", description: "Allocate TTY for sudo prompts.", default: true },
-    },
-    async run({ args }) {
-        const cwd = process.cwd();
-        const ctx = loadHostContextOrExit({ cwd, runtimeDir: args.runtimeDir, hostArg: args.host });
-        if (!ctx)
-            return;
-        const { repoRoot, layout, hostName, hostCfg } = ctx;
-        await requireDeployGate({
-            runtimeDir: args.runtimeDir,
-            envFile: args.envFile,
-            host: hostName,
-            scope: "server-deploy",
-            strict: false,
-            skipGithubTokenCheck: true,
-        });
-        const targetHost = requireTargetHost(String(args.targetHost || hostCfg.targetHost || ""), hostName);
-        const sudo = needsSudo(targetHost);
-        const deployCreds = loadDeployCreds({ cwd, runtimeDir: args.runtimeDir, envFile: args.envFile });
-        if (deployCreds.envFile?.origin === "explicit" && deployCreds.envFile.status !== "ok") {
-            throw new Error(`deploy env file rejected: ${deployCreds.envFile.path} (${deployCreds.envFile.error || deployCreds.envFile.status})`);
-        }
-        const nixBin = String(deployCreds.values.NIX_BIN || "nix").trim() || "nix";
-        const manifestPath = String(args.manifest || "").trim();
-        const toplevelArg = String(args.toplevel || "").trim();
-        if (manifestPath && toplevelArg)
-            throw new Error("use either --manifest or --toplevel (not both)");
-        let resolvedRev = "";
-        let toplevel = "";
-        let manifestDigest;
-        if (manifestPath) {
-            const signaturePath = resolveManifestSignaturePath({
-                cwd,
-                manifestPath,
-                signaturePathArg: args.manifestSignature,
-            });
-            const publicKey = resolveManifestPublicKey({
-                publicKeyArg: args.manifestPublicKey,
-                publicKeyFileArg: args.manifestPublicKeyFile,
-                defaultKeyPath: path.join(repoRoot, "config", "manifest.minisign.pub"),
-                hostPublicKey: hostCfg?.selfUpdate?.publicKey,
-            });
-            await verifyManifestSignature({ manifestPath, signaturePath, publicKey });
-            const manifest = parseDeployManifest(manifestPath);
-            if (manifest.host !== hostName) {
-                throw new Error(`manifest host mismatch: ${manifest.host} vs ${hostName}`);
-            }
-            const revArg = String(args.rev || "").trim();
-            if (revArg && revArg !== "HEAD" && revArg !== manifest.rev) {
-                throw new Error(`manifest rev mismatch: ${manifest.rev} vs ${revArg}`);
-            }
-            resolvedRev = manifest.rev;
-            toplevel = manifest.toplevel;
-            manifestDigest = manifest.secretsDigest;
-        }
-        else {
-            const revRaw = String(args.rev || "").trim() || "HEAD";
-            const resolved = await resolveGitRev(layout.repoRoot, revRaw);
-            if (!resolved)
-                throw new Error(`unable to resolve git rev: ${revRaw}`);
-            resolvedRev = resolved;
-            if (toplevelArg) {
-                toplevel = requireToplevel(toplevelArg);
-            }
-            else {
-                const flakeHost = String(hostCfg.flakeHost || hostName).trim() || hostName;
-                toplevel = await buildLocalToplevel({ repoRoot, nixBin, host: flakeHost });
-            }
-        }
-        const secretsDir = getHostSecretsDir(layout, hostName);
-        const { tarPath: tarLocal, digest } = await createSecretsTar({ hostName, localDir: secretsDir });
-        const tarRemote = `/tmp/clawdlets-secrets.${hostName}.${process.pid}.tgz`;
-        if (manifestDigest && manifestDigest !== digest) {
-            throw new Error(`secrets digest mismatch (manifest ${manifestDigest}, local ${digest}); regenerate or omit secretsDigest`);
-        }
-        try {
-            await run("scp", [tarLocal, `${targetHost}:${tarRemote}`], { redact: [] });
-        }
-        finally {
-            try {
-                if (fs.existsSync(tarLocal))
-                    fs.unlinkSync(tarLocal);
-            }
-            catch {
-                // best-effort cleanup
-            }
-        }
-        const installCmd = [
-            ...(sudo ? ["sudo"] : []),
-            "/etc/clawdlets/bin/install-secrets",
-            "--host",
-            hostName,
-            "--tar",
-            tarRemote,
-            "--rev",
-            resolvedRev,
-            "--digest",
-            digest,
-        ].map(shellQuote).join(" ");
-        await sshRun(targetHost, installCmd, { tty: sudo && args.sshTty });
-        const switchCmd = [
-            ...(sudo ? ["sudo"] : []),
-            "/etc/clawdlets/bin/switch-system",
-            "--toplevel",
-            toplevel,
-            "--rev",
-            resolvedRev,
-        ].map(shellQuote).join(" ");
-        await sshRun(targetHost, switchCmd, { tty: sudo && args.sshTty });
-        const manifestOutRaw = String(args.manifestOut || "").trim();
-        const manifestOut = manifestOutRaw
-            ? (path.isAbsolute(manifestOutRaw) ? manifestOutRaw : path.resolve(cwd, manifestOutRaw))
-            : (manifestPath ? "" : path.join(layout.runtimeDir, "deploy.json"));
-        if (manifestOut) {
-            fs.mkdirSync(path.dirname(manifestOut), { recursive: true });
-            const manifest = { rev: resolvedRev, host: hostName, toplevel, secretsDigest: digest };
-            fs.writeFileSync(manifestOut, formatDeployManifest(manifest), "utf8");
-            console.log(`ok: wrote deploy manifest ${manifestOut}`);
-        }
-        console.log(`ok: deployed ${hostName} (${resolvedRev})`);
-    },
-});
-//# sourceMappingURL=deploy.js.map

package/dist/commands/server/deploy.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"deploy.js","sourceRoot":"","sources":["../../../src/commands/server/deploy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,OAAO,MAAM,cAAc,CAAC;AACnC,OAAO,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AACtC,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACnE,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,eAAe,EAAuB,MAAM,8BAA8B,CAAC;AAC/H,OAAO,EAAE,wBAAwB,EAAE,4BAA4B,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAClI,OAAO,EAAE,8BAA8B,EAAE,MAAM,0BAA0B,CAAC;AAG1E,KAAK,UAAU,kBAAkB,CAAC,MAIjC;IACC,8BAA8B,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC,CAAC;IACnG,MAAM,IAAI,GAAG,yBAAyB,MAAM,CAAC,IAAI,+BAA+B,CAAC;IACjF,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,CAAC,EAAE;QAC/E,GAAG,EAAE,MAAM,CAAC,QAAQ;QACpB,GAAG,EAAE,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;KAChC,CAAC,CAAC;IACH,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,2CAA2C,MAAM,CAAE,CAAW,EAAE,OAAO,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACpG,CAAC;IACD,MAAM,QAAQ,GAAI,MAAc,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC;IACpD,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,eAAe,CAAC,QAAQ,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,aAAa,CAAC;IACxC,IAAI,EAAE;QACJ,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,yDAAyD;KACvE;IACD,IAAI,EAAE;QACJ,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,0CAA0C,EAAE;QACvF,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wDAAwD,EAAE;QAClG,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iEAAiE,EAAE;QACxG,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qDAAqD,EAAE;QAClG,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gCAAgC,EAAE,OAAO,EAAE,MAAM,EAAE;QACvF,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,6CAA6C,EAAE;QACxF,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,yCAAyC,EAAE;QACpF,iBAAiB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iDAAiD,EAAE;QACrG,iBAAiB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,+CAA+C,EAAE;QACnG,qBAAqB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gDAAgD,EAAE;QACxG,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,0CAA0C,EAAE;QACxF,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,gCAAgC,EAAE,OAAO,EAAE,IAAI,EAAE;KAC1F;IACD,KAAK,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE;QAChB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,qBAAqB,CAAC,EAAE,GAAG,EAAE,UAAU,EAAG,IAAY,CAAC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACrG,IAAI,CAAC,GAAG;YAAE,OAAO;QACjB,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;QAEpD,MAAM,iBAAiB,CAAC;YACtB,UAAU,EAAG,IAAY,CAAC,UAAU;YACpC,OAAO,EAAG,IAAY,CAAC,OAAO;YAC9B,IAAI,EAAE,QAAQ;YACd,KAAK,EAAE,eAAe;YACtB,MAAM,EAAE,KAAK;YACb,oBAAoB,EAAE,IAAI;SAC3B,CAAC,CAAC;QAEH,MAAM,UAAU,GAAG,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAC;QACpG,MAAM,IAAI,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;QAEnC,MAAM,WAAW,GAAG,eAAe,CAAC,EAAE,GAAG,EAAE,UAAU,EAAG,IAAY,CAAC,UAAU,EAAE,OAAO,EAAG,IAAY,CAAC,OAAO,EAAE,CAAC,CAAC;QACnH,IAAI,WAAW,CAAC,OAAO,EAAE,MAAM,KAAK,UAAU,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;YACtF,MAAM,IAAI,KAAK,CAAC,6BAA6B,WAAW,CAAC,OAAO,CAAC,IAAI,KAAK,WAAW,CAAC,OAAO,CAAC,KAAK,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;QACxI,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,IAAI,KAAK,CAAC,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC;QAE3E,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACxD,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACvD,IAAI,YAAY,IAAI,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAEnG,IAAI,WAAW,GAAG,EAAE,CAAC;QACrB,IAAI,QAAQ,GAAG,EAAE,CAAC;QAClB,IAAI,cAAkC,CAAC;QAEvC,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,aAAa,GAAG,4BAA4B,CAAC;gBACjD,GAAG;gBACH,YAAY;gBACZ,gBAAgB,EAAE,IAAI,CAAC,iBAAiB;aACzC,CAAC,CAAC;YACH,MAAM,SAAS,GAAG,wBAAwB,CAAC;gBACzC,YAAY,EAAE,IAAI,CAAC,iBAAiB;gBACpC,gBAAgB,EAAE,IAAI,CAAC,qBAAqB;gBAC5C,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,EAAE,uBAAuB,CAAC;gBACtE,aAAa,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS;aAC9C,CAAC,CAAC;YACH,MAAM,uBAAuB,CAAC,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,CAAC,CAAC;YAE1E,MAAM,QAAQ,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC;YACnD,IAAI,QAAQ,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC/B,MAAM,IAAI,KAAK,CAAC,2BAA2B,QAAQ,CAAC,IAAI,OAAO,QAAQ,EAAE,CAAC,CAAC;YAC7E,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7C,IAAI,MAAM,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,QAAQ,CAAC,GAAG,EAAE,CAAC;gBAC3D,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,CAAC,GAAG,OAAO,MAAM,EAAE,CAAC,CAAC;YACzE,CAAC;YACD,WAAW,GAAG,QAAQ,CAAC,GAAG,CAAC;YAC3B,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC;YAC7B,cAAc,GAAG,QAAQ,CAAC,aAAa,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,MAAM,CAAC;YACvD,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YAC9D,IAAI,CAAC,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,MAAM,EAAE,CAAC,CAAC;YACvE,WAAW,GAAG,QAAQ,CAAC;YAEvB,IAAI,WAAW,EAAE,CAAC;gBAChB,QAAQ,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;YAC1C,CAAC;iBAAM,CAAC;gBACN,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,IAAI,QAAQ,CAAC,CAAC,IAAI,EAAE,IAAI,QAAQ,CAAC;gBAC3E,QAAQ,GAAG,MAAM,kBAAkB,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QAED,MAAM,UAAU,GAAG,iBAAiB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACvD,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,gBAAgB,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC;QACjG,MAAM,SAAS,GAAG,0BAA0B,QAAQ,IAAI,OAAO,CAAC,GAAG,MAAM,CAAC;QAE1E,IAAI,cAAc,IAAI,cAAc,KAAK,MAAM,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,qCAAqC,cAAc,WAAW,MAAM,qCAAqC,CAAC,CAAC;QAC7H,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,GAAG,UAAU,IAAI,SAAS,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;QAC7E,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC;gBACH,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;oBAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,sBAAsB;YACxB,CAAC;QACH,CAAC;QAED,MAAM,UAAU,GAAG;YACjB,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACzB,oCAAoC;YACpC,QAAQ;YACR,QAAQ;YACR,OAAO;YACP,SAAS;YACT,OAAO;YACP,WAAW;YACX,UAAU;YACV,MAAM;SACP,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,MAAM,CAAC,UAAU,EAAE,UAAU,EAAE,EAAE,GAAG,EAAE,IAAI,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAEnE,MAAM,SAAS,GAAG;YAChB,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACzB,kCAAkC;YAClC,YAAY;YACZ,QAAQ;YACR,OAAO;YACP,WAAW;SACZ,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,MAAM,CAAC,UAAU,EAAE,SAAS,EAAE,EAAE,GAAG,EAAE,IAAI,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAElE,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7D,MAAM,WAAW,GAAG,cAAc;YAChC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;YACxF,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,CAAC;QAEtE,IAAI,WAAW,EAAE,CAAC;YAChB,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7D,MAAM,QAAQ,GAAmB,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC;YACvG,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,oBAAoB,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,CAAC;YACtE,OAAO,CAAC,GAAG,CAAC,6BAA6B,WAAW,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,gBAAgB,QAAQ,KAAK,WAAW,GAAG,CAAC,CAAC;IAC3D,CAAC;CACF,CAAC,CAAC"}

package/dist/commands/server/github-sync.d.ts

@@ -1,2 +0,0 @@
-export declare const serverGithubSync: import("citty").CommandDef<import("citty").ArgsDef>;
-//# sourceMappingURL=github-sync.d.ts.map

package/dist/commands/server/github-sync.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"github-sync.d.ts","sourceRoot":"","sources":["../../../src/commands/server/github-sync.ts"],"names":[],"mappings":"AA4JA,eAAO,MAAM,gBAAgB,qDAW3B,CAAC"}

package/dist/commands/server/github-sync.js

@@ -1,166 +0,0 @@
-import process from "node:process";
-import { defineCommand } from "citty";
-import { shellQuote, sshRun } from "@clawdlets/core/lib/ssh-remote";
-import { needsSudo, requireTargetHost } from "./common.js";
-import { loadHostContextOrExit } from "../../lib/context.js";
-function normalizeKind(raw) {
-    const v = raw.trim();
-    if (v === "prs" || v === "issues")
-        return v;
-    throw new Error(`invalid --kind: ${raw} (expected prs|issues)`);
-}
-const serverGithubSyncStatus = defineCommand({
-    meta: {
-        name: "status",
-        description: "Show GitHub sync timers (clawdbot-gh-sync-*.timer).",
-    },
-    args: {
-        runtimeDir: { type: "string", description: "Runtime directory (default: .clawdlets)." },
-        host: { type: "string", description: "Host name (defaults to clawdlets.json defaultHost / sole host)." },
-        targetHost: { type: "string", description: "SSH target override (default: from clawdlets.json)." },
-        sshTty: { type: "boolean", description: "Allocate TTY for sudo prompts.", default: true },
-    },
-    async run({ args }) {
-        const cwd = process.cwd();
-        const ctx = loadHostContextOrExit({ cwd, runtimeDir: args.runtimeDir, hostArg: args.host });
-        if (!ctx)
-            return;
-        const { hostName, hostCfg } = ctx;
-        const targetHost = requireTargetHost(String(args.targetHost || hostCfg.targetHost || ""), hostName);
-        const sudo = needsSudo(targetHost);
-        const remoteCmd = [
-            ...(sudo ? ["sudo"] : []),
-            "systemctl",
-            "list-timers",
-            "--all",
-            "--no-pager",
-            shellQuote("clawdbot-gh-sync-*.timer"),
-        ].join(" ");
-        await sshRun(targetHost, remoteCmd, { tty: sudo && args.sshTty });
-    },
-});
-const serverGithubSyncRun = defineCommand({
-    meta: {
-        name: "run",
-        description: "Run a GitHub sync now (oneshot).",
-    },
-    args: {
-        runtimeDir: { type: "string", description: "Runtime directory (default: .clawdlets)." },
-        host: { type: "string", description: "Host name (defaults to clawdlets.json defaultHost / sole host)." },
-        targetHost: { type: "string", description: "SSH target override (default: from clawdlets.json)." },
-        bot: { type: "string", description: "Bot id (default: all bots with sync enabled)." },
-        sshTty: { type: "boolean", description: "Allocate TTY for sudo prompts.", default: true },
-    },
-    async run({ args }) {
-        const cwd = process.cwd();
-        const ctx = loadHostContextOrExit({ cwd, runtimeDir: args.runtimeDir, hostArg: args.host });
-        if (!ctx)
-            return;
-        const { hostName, hostCfg } = ctx;
-        const targetHost = requireTargetHost(String(args.targetHost || hostCfg.targetHost || ""), hostName);
-        const bot = String(args.bot || "").trim();
-        const unit = bot ? `clawdbot-gh-sync-${bot}.service` : "clawdbot-gh-sync-*.service";
-        const sudo = needsSudo(targetHost);
-        const remoteCmd = [
-            ...(sudo ? ["sudo"] : []),
-            "systemctl",
-            "start",
-            shellQuote(unit),
-        ].join(" ");
-        await sshRun(targetHost, remoteCmd, { tty: sudo && args.sshTty });
-    },
-});
-const serverGithubSyncLogs = defineCommand({
-    meta: {
-        name: "logs",
-        description: "Show GitHub sync logs (journalctl).",
-    },
-    args: {
-        runtimeDir: { type: "string", description: "Runtime directory (default: .clawdlets)." },
-        host: { type: "string", description: "Host name (defaults to clawdlets.json defaultHost / sole host)." },
-        targetHost: { type: "string", description: "SSH target override (default: from clawdlets.json)." },
-        bot: { type: "string", description: "Bot id (required)." },
-        follow: { type: "boolean", description: "Follow logs.", default: false },
-        lines: { type: "string", description: "Number of lines (default: 200).", default: "200" },
-        sshTty: { type: "boolean", description: "Allocate TTY for sudo prompts.", default: true },
-    },
-    async run({ args }) {
-        const cwd = process.cwd();
-        const ctx = loadHostContextOrExit({ cwd, runtimeDir: args.runtimeDir, hostArg: args.host });
-        if (!ctx)
-            return;
-        const { hostName, hostCfg } = ctx;
-        const targetHost = requireTargetHost(String(args.targetHost || hostCfg.targetHost || ""), hostName);
-        const bot = String(args.bot || "").trim();
-        if (!bot)
-            throw new Error("missing --bot (example: --bot maren)");
-        const sudo = needsSudo(targetHost);
-        const unit = `clawdbot-gh-sync-${bot}.service`;
-        const n = String(args.lines || "200").trim() || "200";
-        if (!/^\d+$/.test(n) || Number(n) <= 0)
-            throw new Error(`invalid --lines: ${n}`);
-        const remoteCmd = [
-            ...(sudo ? ["sudo"] : []),
-            "journalctl",
-            "-u",
-            shellQuote(unit),
-            "-n",
-            shellQuote(n),
-            ...(args.follow ? ["-f"] : []),
-            "--no-pager",
-        ].join(" ");
-        await sshRun(targetHost, remoteCmd, { tty: sudo && args.sshTty });
-    },
-});
-const serverGithubSyncShow = defineCommand({
-    meta: {
-        name: "show",
-        description: "Show the last synced snapshot (prs|issues) from bot workspace memory.",
-    },
-    args: {
-        runtimeDir: { type: "string", description: "Runtime directory (default: .clawdlets)." },
-        host: { type: "string", description: "Host name (defaults to clawdlets.json defaultHost / sole host)." },
-        targetHost: { type: "string", description: "SSH target override (default: from clawdlets.json)." },
-        bot: { type: "string", description: "Bot id (required)." },
-        kind: { type: "string", description: "Snapshot kind: prs|issues.", default: "prs" },
-        lines: { type: "string", description: "Max lines to print (default: 200).", default: "200" },
-        sshTty: { type: "boolean", description: "Allocate TTY for sudo prompts.", default: true },
-    },
-    async run({ args }) {
-        const cwd = process.cwd();
-        const ctx = loadHostContextOrExit({ cwd, runtimeDir: args.runtimeDir, hostArg: args.host });
-        if (!ctx)
-            return;
-        const { hostName, hostCfg } = ctx;
-        const targetHost = requireTargetHost(String(args.targetHost || hostCfg.targetHost || ""), hostName);
-        const bot = String(args.bot || "").trim();
-        if (!bot)
-            throw new Error("missing --bot (example: --bot maren)");
-        const kind = normalizeKind(String(args.kind || "prs"));
-        const n = String(args.lines || "200").trim() || "200";
-        if (!/^\d+$/.test(n) || Number(n) <= 0)
-            throw new Error(`invalid --lines: ${n}`);
-        const sudo = needsSudo(targetHost);
-        const remoteCmd = [
-            ...(sudo ? ["sudo"] : []),
-            "/etc/clawdlets/bin/gh-sync-read",
-            shellQuote(bot),
-            shellQuote(kind),
-            shellQuote(n),
-        ].join(" ");
-        await sshRun(targetHost, remoteCmd, { tty: sudo && args.sshTty });
-    },
-});
-export const serverGithubSync = defineCommand({
-    meta: {
-        name: "github-sync",
-        description: "GitHub inventory sync (systemd timers + logs + snapshots).",
-    },
-    subCommands: {
-        status: serverGithubSyncStatus,
-        run: serverGithubSyncRun,
-        logs: serverGithubSyncLogs,
-        show: serverGithubSyncShow,
-    },
-});
-//# sourceMappingURL=github-sync.js.map