npm - cyberia - Versions diffs - 3.0.3 → 3.2.5 - Mend

cyberia 3.0.3 → 3.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (296) hide show

package/{.env.production → .env.example} +20 -4
package/.github/workflows/engine-cyberia.cd.yml +43 -10
package/.github/workflows/engine-cyberia.ci.yml +48 -26
package/.github/workflows/ghpkg.ci.yml +5 -5
package/.github/workflows/gitlab.ci.yml +1 -1
package/.github/workflows/hardhat.ci.yml +82 -0
package/.github/workflows/npmpkg.ci.yml +60 -14
package/.github/workflows/publish.ci.yml +26 -7
package/.github/workflows/publish.cyberia.ci.yml +5 -5
package/.github/workflows/pwa-microservices-template-page.cd.yml +6 -7
package/.github/workflows/pwa-microservices-template-test.ci.yml +4 -4
package/.github/workflows/release.cd.yml +14 -8
package/.vscode/extensions.json +9 -8
package/.vscode/settings.json +3 -2
package/CHANGELOG.md +643 -1
package/CLI-HELP.md +132 -57
package/Dockerfile +4 -2
package/README.md +347 -22
package/WHITE-PAPER.md +1540 -0
package/bin/build.js +21 -12
package/bin/cyberia.js +2640 -106
package/bin/deploy.js +258 -372
package/bin/file.js +5 -1
package/bin/index.js +2640 -106
package/bin/vs.js +3 -3
package/conf.js +169 -105
package/deployment.yaml +236 -20
package/hardhat/.env.example +31 -0
package/hardhat/README.md +531 -0
package/hardhat/WHITE-PAPER.md +1540 -0
package/hardhat/contracts/ObjectLayerToken.sol +391 -0
package/hardhat/deployments/.gitkeep +0 -0
package/hardhat/deployments/hardhat-ObjectLayerToken.json +11 -0
package/hardhat/hardhat.config.js +136 -0
package/hardhat/ignition/modules/ObjectLayerToken.js +21 -0
package/hardhat/networks/besu-object-layer.network.json +138 -0
package/hardhat/package-lock.json +4323 -0
package/hardhat/package.json +36 -0
package/hardhat/scripts/deployObjectLayerToken.js +98 -0
package/hardhat/test/ObjectLayerToken.js +592 -0
package/hardhat/types/ethers-contracts/ObjectLayerToken.ts +690 -0
package/hardhat/types/ethers-contracts/common.ts +92 -0
package/hardhat/types/ethers-contracts/factories/ObjectLayerToken__factory.ts +1055 -0
package/hardhat/types/ethers-contracts/factories/index.ts +4 -0
package/hardhat/types/ethers-contracts/hardhat.d.ts +47 -0
package/hardhat/types/ethers-contracts/index.ts +6 -0
package/jsdoc.dd-cyberia.json +68 -0
package/jsdoc.json +65 -49
package/manifests/cronjobs/dd-cron/dd-cron-backup.yaml +5 -4
package/manifests/cronjobs/dd-cron/dd-cron-dns.yaml +5 -4
package/manifests/deployment/dd-cyberia-development/deployment.yaml +562 -0
package/manifests/deployment/dd-cyberia-development/proxy.yaml +297 -0
package/manifests/deployment/dd-cyberia-development/pv-pvc.yaml +132 -0
package/manifests/deployment/dd-default-development/deployment.yaml +2 -2
package/manifests/deployment/dd-test-development/deployment.yaml +88 -74
package/manifests/deployment/dd-test-development/proxy.yaml +13 -4
package/manifests/deployment/playwright/deployment.yaml +1 -1
package/manifests/pv-pvc-dd.yaml +1 -1
package/nodemon.json +1 -1
package/package.json +60 -48
package/proxy.yaml +118 -10
package/pv-pvc.yaml +132 -0
package/scripts/k3s-node-setup.sh +1 -1
package/scripts/ports-ls.sh +2 -0
package/scripts/rhel-grpc-setup.sh +56 -0
package/src/api/atlas-sprite-sheet/atlas-sprite-sheet.controller.js +47 -1
package/src/api/atlas-sprite-sheet/atlas-sprite-sheet.model.js +17 -2
package/src/api/atlas-sprite-sheet/atlas-sprite-sheet.router.js +5 -0
package/src/api/atlas-sprite-sheet/atlas-sprite-sheet.service.js +80 -7
package/src/api/cyberia-dialogue/cyberia-dialogue.controller.js +93 -0
package/src/api/cyberia-dialogue/cyberia-dialogue.model.js +36 -0
package/src/api/cyberia-dialogue/cyberia-dialogue.router.js +29 -0
package/src/api/cyberia-dialogue/cyberia-dialogue.service.js +51 -0
package/src/api/cyberia-entity/cyberia-entity.controller.js +74 -0
package/src/api/cyberia-entity/cyberia-entity.model.js +24 -0
package/src/api/cyberia-entity/cyberia-entity.router.js +27 -0
package/src/api/cyberia-entity/cyberia-entity.service.js +42 -0
package/src/api/cyberia-instance/cyberia-fallback-world.js +368 -0
package/src/api/cyberia-instance/cyberia-instance.controller.js +92 -0
package/src/api/cyberia-instance/cyberia-instance.model.js +84 -0
package/src/api/cyberia-instance/cyberia-instance.router.js +63 -0
package/src/api/cyberia-instance/cyberia-instance.service.js +191 -0
package/src/api/cyberia-instance/cyberia-portal-connector.js +486 -0
package/src/api/cyberia-instance-conf/cyberia-instance-conf.controller.js +74 -0
package/src/api/cyberia-instance-conf/cyberia-instance-conf.defaults.js +413 -0
package/src/api/cyberia-instance-conf/cyberia-instance-conf.model.js +228 -0
package/src/api/cyberia-instance-conf/cyberia-instance-conf.router.js +27 -0
package/src/api/cyberia-instance-conf/cyberia-instance-conf.service.js +42 -0
package/src/api/cyberia-map/cyberia-map.controller.js +79 -0
package/src/api/cyberia-map/cyberia-map.model.js +30 -0
package/src/api/cyberia-map/cyberia-map.router.js +40 -0
package/src/api/cyberia-map/cyberia-map.service.js +74 -0
package/src/api/document/document.service.js +1 -1
package/src/api/file/file.controller.js +3 -1
package/src/api/file/file.ref.json +18 -0
package/src/api/file/file.service.js +28 -5
package/src/api/ipfs/ipfs.controller.js +4 -25
package/src/api/ipfs/ipfs.model.js +43 -34
package/src/api/ipfs/ipfs.router.js +8 -13
package/src/api/ipfs/ipfs.service.js +56 -104
package/src/api/object-layer/README.md +347 -22
package/src/api/object-layer/object-layer.controller.js +6 -2
package/src/api/object-layer/object-layer.model.js +12 -8
package/src/api/object-layer/object-layer.router.js +698 -42
package/src/api/object-layer/object-layer.service.js +119 -37
package/src/api/object-layer-render-frames/object-layer-render-frames.model.js +1 -2
package/src/api/user/user.router.js +10 -5
package/src/api/user/user.service.js +15 -14
package/src/cli/baremetal.js +6 -10
package/src/cli/cloud-init.js +0 -3
package/src/cli/cluster.js +7 -7
package/src/cli/db.js +723 -857
package/src/cli/deploy.js +215 -105
package/src/cli/env.js +34 -5
package/src/cli/fs.js +5 -4
package/src/cli/image.js +0 -3
package/src/cli/index.js +83 -15
package/src/cli/kubectl.js +211 -0
package/src/cli/monitor.js +5 -6
package/src/cli/release.js +284 -0
package/src/cli/repository.js +708 -62
package/src/cli/run.js +371 -151
package/src/cli/secrets.js +73 -2
package/src/cli/ssh.js +1 -1
package/src/cli/test.js +3 -3
package/src/client/Cryptokoyn.index.js +3 -4
package/src/client/CyberiaPortal.index.js +3 -4
package/src/client/Default.index.js +3 -4
package/src/client/Itemledger.index.js +4 -963
package/src/client/Underpost.index.js +3 -4
package/src/client/components/core/AgGrid.js +20 -5
package/src/client/components/core/Alert.js +2 -2
package/src/client/components/core/AppStore.js +69 -0
package/src/client/components/core/CalendarCore.js +2 -2
package/src/client/components/core/Content.js +22 -3
package/src/client/components/core/Docs.js +30 -6
package/src/client/components/core/DropDown.js +137 -17
package/src/client/components/core/FileExplorer.js +71 -4
package/src/client/components/core/Input.js +1 -1
package/src/client/components/core/Keyboard.js +2 -2
package/src/client/components/core/LogIn.js +2 -2
package/src/client/components/core/LogOut.js +2 -2
package/src/client/components/core/Modal.js +20 -7
package/src/client/components/core/Panel.js +0 -1
package/src/client/components/core/PanelForm.js +19 -19
package/src/client/components/core/RichText.js +1 -2
package/src/client/components/core/SocketIo.js +82 -29
package/src/client/components/core/SocketIoHandler.js +75 -0
package/src/client/components/core/Stream.js +143 -95
package/src/client/components/core/Webhook.js +40 -7
package/src/client/components/cryptokoyn/AppStoreCryptokoyn.js +5 -0
package/src/client/components/cryptokoyn/LogInCryptokoyn.js +3 -3
package/src/client/components/cryptokoyn/LogOutCryptokoyn.js +2 -2
package/src/client/components/cryptokoyn/MenuCryptokoyn.js +3 -3
package/src/client/components/cryptokoyn/SocketIoCryptokoyn.js +3 -51
package/src/client/components/cyberia/InstanceEngineCyberia.js +700 -0
package/src/client/components/cyberia/MapEngineCyberia.js +1359 -2
package/src/client/components/cyberia/ObjectLayerEngineModal.js +17 -6
package/src/client/components/cyberia/ObjectLayerEngineViewer.js +92 -54
package/src/client/components/cyberia-portal/AppStoreCyberiaPortal.js +5 -0
package/src/client/components/cyberia-portal/CommonCyberiaPortal.js +217 -30
package/src/client/components/cyberia-portal/CssCyberiaPortal.js +44 -2
package/src/client/components/cyberia-portal/LogInCyberiaPortal.js +3 -4
package/src/client/components/cyberia-portal/LogOutCyberiaPortal.js +2 -2
package/src/client/components/cyberia-portal/MenuCyberiaPortal.js +104 -9
package/src/client/components/cyberia-portal/RoutesCyberiaPortal.js +5 -0
package/src/client/components/cyberia-portal/SocketIoCyberiaPortal.js +3 -49
package/src/client/components/cyberia-portal/TranslateCyberiaPortal.js +4 -0
package/src/client/components/default/AppStoreDefault.js +5 -0
package/src/client/components/default/LogInDefault.js +3 -3
package/src/client/components/default/LogOutDefault.js +2 -2
package/src/client/components/default/MenuDefault.js +5 -5
package/src/client/components/default/SocketIoDefault.js +3 -51
package/src/client/components/itemledger/AppStoreItemledger.js +5 -0
package/src/client/components/itemledger/LogInItemledger.js +3 -3
package/src/client/components/itemledger/LogOutItemledger.js +2 -2
package/src/client/components/itemledger/MenuItemledger.js +3 -3
package/src/client/components/itemledger/SocketIoItemledger.js +3 -51
package/src/client/components/underpost/AppStoreUnderpost.js +5 -0
package/src/client/components/underpost/CssUnderpost.js +59 -0
package/src/client/components/underpost/LogInUnderpost.js +6 -3
package/src/client/components/underpost/LogOutUnderpost.js +4 -2
package/src/client/components/underpost/MenuUnderpost.js +104 -18
package/src/client/components/underpost/RoutesUnderpost.js +2 -0
package/src/client/components/underpost/SocketIoUnderpost.js +3 -51
package/src/client/public/cryptokoyn/assets/logo/base-icon.png +0 -0
package/src/client/public/cryptokoyn/browserconfig.xml +12 -0
package/src/client/public/cryptokoyn/microdata.json +85 -0
package/src/client/public/cryptokoyn/site.webmanifest +57 -0
package/src/client/public/cryptokoyn/sitemap +3 -3
package/src/client/public/default/sitemap +3 -3
package/src/client/public/itemledger/browserconfig.xml +2 -2
package/src/client/public/itemledger/manifest.webmanifest +4 -4
package/src/client/public/itemledger/microdata.json +71 -0
package/src/client/public/itemledger/sitemap +3 -3
package/src/client/public/itemledger/yandex-browser-manifest.json +2 -2
package/src/client/public/test/sitemap +3 -3
package/src/client/services/core/core.service.js +20 -8
package/src/client/services/cyberia-dialogue/cyberia-dialogue.service.js +105 -0
package/src/client/services/cyberia-entity/cyberia-entity.management.js +57 -0
package/src/client/services/cyberia-entity/cyberia-entity.service.js +105 -0
package/src/client/services/cyberia-instance/cyberia-instance.management.js +194 -0
package/src/client/services/cyberia-instance/cyberia-instance.service.js +122 -0
package/src/client/services/cyberia-instance-conf/cyberia-instance-conf.service.js +105 -0
package/src/client/services/cyberia-map/cyberia-map.management.js +193 -0
package/src/client/services/cyberia-map/cyberia-map.service.js +126 -0
package/src/client/services/instance/instance.management.js +2 -2
package/src/client/services/ipfs/ipfs.service.js +3 -23
package/src/client/services/object-layer/object-layer.management.js +3 -3
package/src/client/services/object-layer/object-layer.service.js +21 -0
package/src/client/services/user/user.management.js +2 -2
package/src/client/ssr/body/404.js +15 -11
package/src/client/ssr/body/500.js +15 -11
package/src/client/ssr/body/SwaggerDarkMode.js +285 -0
package/src/client/ssr/head/PwaItemledger.js +60 -0
package/src/client/ssr/offline/NoNetworkConnection.js +11 -10
package/src/client/ssr/pages/CyberiaServerMetrics.js +1 -1
package/src/client/ssr/pages/Test.js +11 -10
package/src/client.build.js +0 -3
package/src/client.dev.js +0 -3
package/src/db/DataBaseProvider.js +17 -2
package/src/db/mariadb/MariaDB.js +14 -9
package/src/db/mongo/MongooseDB.js +17 -1
package/src/grpc/cyberia/OFF_CHAIN_ECONOMY.md +305 -0
package/src/grpc/cyberia/README.md +326 -0
package/src/grpc/cyberia/grpc-server.js +530 -0
package/src/index.js +24 -1
package/src/proxy.js +0 -3
package/src/runtime/express/Dockerfile +4 -0
package/src/runtime/express/Express.js +33 -10
package/src/runtime/lampp/Dockerfile +13 -2
package/src/runtime/lampp/Lampp.js +33 -17
package/src/runtime/wp/Dockerfile +68 -0
package/src/runtime/wp/Wp.js +639 -0
package/src/server/auth.js +36 -15
package/src/server/backup.js +39 -12
package/src/server/besu-genesis-generator.js +1630 -0
package/src/server/client-build-docs.js +133 -17
package/src/server/client-build-live.js +9 -18
package/src/server/client-build.js +229 -101
package/src/server/client-dev-server.js +14 -13
package/src/server/client-formatted.js +109 -57
package/src/server/conf.js +391 -164
package/src/server/cron.js +27 -24
package/src/server/dns.js +29 -12
package/src/server/downloader.js +0 -2
package/src/server/ipfs-client.js +24 -1
package/src/server/logger.js +27 -9
package/src/server/object-layer.js +217 -103
package/src/server/peer.js +8 -2
package/src/server/process.js +1 -50
package/src/server/proxy.js +4 -8
package/src/server/runtime.js +30 -9
package/src/server/semantic-layer-generator-floor.js +359 -0
package/src/server/semantic-layer-generator-skin.js +1294 -0
package/src/server/semantic-layer-generator.js +116 -555
package/src/server/ssr.js +0 -3
package/src/server/start.js +19 -12
package/src/server/tls.js +0 -2
package/src/server.js +0 -4
package/src/ws/IoInterface.js +1 -10
package/src/ws/IoServer.js +14 -33
package/src/ws/core/channels/core.ws.chat.js +65 -20
package/src/ws/core/channels/core.ws.mailer.js +113 -32
package/src/ws/core/channels/core.ws.stream.js +90 -31
package/src/ws/core/core.ws.connection.js +12 -33
package/src/ws/core/core.ws.emit.js +10 -26
package/src/ws/core/core.ws.server.js +25 -58
package/src/ws/default/channels/default.ws.main.js +53 -12
package/src/ws/default/default.ws.connection.js +26 -13
package/src/ws/default/default.ws.server.js +30 -12
package/.env.development +0 -43
package/.env.test +0 -43
package/hardhat/contracts/CryptoKoyn.sol +0 -59
package/hardhat/contracts/ItemLedger.sol +0 -73
package/hardhat/contracts/Lock.sol +0 -34
package/hardhat/hardhat.config.cjs +0 -45
package/hardhat/ignition/modules/Lock.js +0 -18
package/hardhat/networks/cryptokoyn-itemledger.network.json +0 -29
package/hardhat/scripts/deployCryptokoyn.cjs +0 -25
package/hardhat/scripts/deployItemledger.cjs +0 -25
package/hardhat/test/Lock.js +0 -126
package/hardhat/white-paper.md +0 -581
package/src/client/components/cryptokoyn/CommonCryptokoyn.js +0 -29
package/src/client/components/cryptokoyn/ElementsCryptokoyn.js +0 -38
package/src/client/components/cyberia-portal/ElementsCyberiaPortal.js +0 -38
package/src/client/components/default/ElementsDefault.js +0 -38
package/src/client/components/itemledger/CommonItemledger.js +0 -29
package/src/client/components/itemledger/ElementsItemledger.js +0 -38
package/src/client/components/underpost/CommonUnderpost.js +0 -29
package/src/client/components/underpost/ElementsUnderpost.js +0 -38
package/src/ws/core/management/core.ws.chat.js +0 -8
package/src/ws/core/management/core.ws.mailer.js +0 -16
package/src/ws/core/management/core.ws.stream.js +0 -8
package/src/ws/default/management/default.ws.main.js +0 -8
package/white-paper.md +0 -581

package/src/server/auth.js CHANGED Viewed

@@ -4,13 +4,17 @@
  * @namespace Auth
  */
-import dotenv from 'dotenv';
 import jwt from 'jsonwebtoken';
 import { loggerFactory } from './logger.js';
 import crypto from 'crypto';
 import { promisify } from 'util';
 import { UserDto } from '../api/user/user.model.js';
-import { commonAdminGuard, commonModeratorGuard, validatePassword } from '../client/components/core/CommonJs.js';
+import {
+  commonAdminGuard,
+  commonModeratorGuard,
+  commonUserGuard,
+  validatePassword,
+} from '../client/components/core/CommonJs.js';
 import helmet from 'helmet';
 import rateLimit from 'express-rate-limit';
 import slowDown from 'express-slow-down';
@@ -19,7 +23,6 @@ import cookieParser from 'cookie-parser';
 import { DataBaseProvider } from '../db/DataBaseProvider.js';
 import { isDevProxyContext } from './conf.js';
-dotenv.config();
 const logger = loggerFactory(import.meta);
 // Promisified crypto functions
@@ -305,6 +308,23 @@ const moderatorGuard = (req, res, next) => {
     return res.status(400).json({ status: 'error', message: 'bad request' });
   }
 };
+/**
+ * Express middleware to guard routes for authenticated users (any non-guest role).
+ * @param {import('express').Request} req The Express request object.
+ * @param {import('express').Response} res The Express response object.
+ * @param {import('express').NextFunction} next The next middleware function.
+ * @memberof Auth
+ */
+const userGuard = (req, res, next) => {
+  try {
+    if (!req.auth || !commonUserGuard(req.auth.user.role))
+      return res.status(403).json({ status: 'error', message: 'Insufficient permission' });
+    return next();
+  } catch (err) {
+    logger.error(err);
+    return res.status(400).json({ status: 'error', message: 'bad request' });
+  }
+};
 // ---------- Password validation middleware (server-side) ----------
 /**
@@ -349,12 +369,7 @@ const cookieOptionsFactory = (req, host) => {
     secure,
     sameSite,
     path: '/',
-    domain:
-      process.env.NODE_ENV === 'production' ||
-      isDevProxyContext() ||
-      (req.headers.host && req.headers.host.toLocaleLowerCase().match(host))
-        ? host
-        : 'localhost',
+    domain: process.env.NODE_ENV === 'production' || isDevProxyContext() ? host : 'localhost',
     maxAge,
   };
@@ -389,7 +404,11 @@ async function createSessionAndUserToken(user, User, req, res, options = { host:
   };
   // push session
-  const updatedUser = await User.findByIdAndUpdate(user._id, { $push: { activeSessions: newSession } }, { new: true });
+  const updatedUser = await User.findByIdAndUpdate(
+    user._id,
+    { $push: { activeSessions: newSession } },
+    { returnDocument: 'after' },
+  );
   const session = updatedUser.activeSessions[updatedUser.activeSessions.length - 1];
   const jwtid = session._id.toString();
@@ -616,13 +635,13 @@ function applySecurity(app, opts = {}) {
         frameAncestors: frameAncestors,
         imgSrc: ["'self'", 'data:', httpDirective, 'https:', 'blob:'],
         objectSrc: ["'none'"],
-        // script-src and script-src-elem include dynamic nonce
-        scriptSrc: [
+        // script-src and script-src-elem: use 'unsafe-inline' for swagger (no nonce, otherwise
+        // the nonce causes 'unsafe-inline' to be ignored per CSP3 spec), nonce for everything else.
+        scriptSrc: ["'self'", (req, res) => (res.locals.isSwagger ? "'unsafe-inline'" : `'nonce-${res.locals.nonce}'`)],
+        scriptSrcElem: [
           "'self'",
-          (req, res) => `'nonce-${res.locals.nonce}'`,
-          (req, res) => (res.locals.isSwagger ? "'unsafe-inline'" : ''),
+          (req, res) => (res.locals.isSwagger ? "'unsafe-inline'" : `'nonce-${res.locals.nonce}'`),
         ],
-        scriptSrcElem: ["'self'", (req, res) => `'nonce-${res.locals.nonce}'`],
         // style-src: avoid 'unsafe-inline' when possible; if you must inline styles,
         // use a nonce for them too (or hash).
         styleSrc: [
@@ -630,6 +649,7 @@ function applySecurity(app, opts = {}) {
           httpDirective,
           (req, res) => (res.locals.isSwagger ? "'unsafe-inline'" : `'nonce-${res.locals.nonce}'`),
         ],
+        styleSrcAttr: [(req, res) => (res.locals.isSwagger ? "'unsafe-inline'" : "'none'")],
         // deny plugins
         objectSrc: ["'none'"],
       },
@@ -680,6 +700,7 @@ export {
   jwtVerify as verifyJWT,
   adminGuard,
   moderatorGuard,
+  userGuard,
   validatePasswordMiddleware,
   getBearerToken,
   createSessionAndUserToken,

package/src/server/backup.js CHANGED Viewed

@@ -6,11 +6,8 @@
 import fs from 'fs-extra';
 import { loggerFactory } from './logger.js';
-import { shellExec } from './process.js';
-import dotenv from 'dotenv';
 import Underpost from '../index.js';
-dotenv.config();
+import { loadCronDeployEnv } from './conf.js';
 const logger = loggerFactory(import.meta);
@@ -23,16 +20,25 @@ class BackUp {
   /**
    * @method callback
    * @description Initiates a backup operation for the specified deployment list.
-   * @param {string} deployList - The list of deployments to backup.
+   * Orchestrates two backup phases per deployment:
+   *   1. Database export (MariaDB / MongoDB dump via `node bin db --export`).
+   *   2. Repository backup (git commit+push inside the deployment pod via `node bin db --repo-backup`).
+   *
+   * Commands are always forwarded to the host node via SSH because the CronJob
+   * container itself has no kubectl access. GITHUB_TOKEN and GITHUB_USERNAME
+   * are passed as ephemeral inline env vars so they never touch the host filesystem.
+   *
+   * @param {string} deployList - Comma-separated list of deployment IDs.
    * @param {Object} options - The options for the backup operation.
    * @param {boolean} options.git - Whether to backup data using Git.
    * @param {boolean} [options.k3s] - Use k3s cluster context.
    * @param {boolean} [options.kind] - Use kind cluster context.
    * @param {boolean} [options.kubeadm] - Use kubeadm cluster context.
-   * @param {boolean} [options.ssh] - Execute backup commands via SSH on the remote node.
    * @memberof UnderpostBakcUp
    */
   static callback = async function (deployList, options = { git: false }) {
+    const firstDeployId = deployList && deployList !== 'dd' ? deployList.split(',')[0].trim() : '';
+    loadCronDeployEnv();
     if ((!deployList || deployList === 'dd') && fs.existsSync(`./engine-private/deploy/dd.router`))
       deployList = fs.readFileSync(`./engine-private/deploy/dd.router`, 'utf8').trim();
@@ -44,19 +50,40 @@ class BackUp {
     for (const _deployId of deployList.split(',')) {
       const deployId = _deployId.trim();
       if (!deployId) continue;
+      const dbCommand = `node bin db ${options.git ? '--git --force-clone ' : ''}--export --primary-pod --preserveUUID${clusterFlag} ${deployId}`;
+      const repoCommand = `node bin db --repo-backup${clusterFlag} ${deployId}`;
-      const command = `node bin db ${options.git ? '--git --force-clone ' : ''}--export --primary-pod${clusterFlag} ${deployId}`;
+      // Pass GITHUB_TOKEN and GITHUB_USERNAME ephemerally through the SSH command
+      // so git operations can push backups without relying on host env files.
+      const envPrefix = [
+        process.env.GITHUB_TOKEN ? `GITHUB_TOKEN=${process.env.GITHUB_TOKEN}` : '',
+        process.env.GITHUB_USERNAME ? `GITHUB_USERNAME=${process.env.GITHUB_USERNAME}` : '',
+      ]
+        .filter(Boolean)
+        .join(' ');
+      const prefixCmd = (cmd) => (envPrefix ? `${envPrefix} ${cmd}` : cmd);
-      if (options.ssh) {
+      try {
         logger.info('Executing database export via SSH for', deployId);
-        await Underpost.ssh.sshRemoteRunner(command, {
+        await Underpost.ssh.sshRemoteRunner(prefixCmd(dbCommand), {
+          remote: true,
+          useSudo: true,
+          cd: '/home/dd/engine',
+        });
+      } catch (err) {
+        logger.error(`Error during database export for ${deployId}:`, err);
+      }
+      // Repository backup: Cron container → SSH to host → host finds pod → kubectl exec git backup
+      try {
+        logger.info('Executing repository backup via SSH for', deployId);
+        await Underpost.ssh.sshRemoteRunner(prefixCmd(repoCommand), {
           remote: true,
           useSudo: true,
           cd: '/home/dd/engine',
         });
-      } else {
-        logger.info('Executing database export for', deployId);
-        shellExec(command);
+      } catch (err) {
+        logger.error(`Error during repository backup for ${deployId}:`, err);
       }
     }
   };