gitship-core 0.0.1

package/package.json

@@ -0,0 +1,24 @@
+{
+  "name": "gitship-core",
+  "version": "0.0.1",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "test": "echo \"No tests for core\""
+  },
+  "dependencies": {
+    "gitship-shared": "*",
+    "better-sqlite3": "^11.0.0",
+    "execa": "^9.2.0",
+    "nanoid": "^5.0.7",
+    "octokit": "^3.2.1",
+    "zod": "^3.23.8"
+  },
+  "devDependencies": {
+    "@types/better-sqlite3": "^7.6.10",
+    "@types/node": "^22.0.0",
+    "typescript": "^5.4.5"
+  }
+}

package/src/db.ts

@@ -0,0 +1,425 @@
+import Database from "better-sqlite3";
+import fs from "fs";
+import { DB_PATH, ensureDirsExist } from "./paths.js";
+import {
+  Project,
+  Webhook,
+  Deployment,
+  DeploymentStep,
+  DeploymentLog,
+  DeploymentStatus,
+  StepStatus,
+} from "gitship-shared";
+
+let dbInstance: Database.Database | null = null;
+
+export function getDb(): Database.Database {
+  if (dbInstance) return dbInstance;
+  ensureDirsExist();
+  dbInstance = new Database(DB_PATH);
+  try {
+    fs.chmodSync(DB_PATH, 0o600);
+  } catch {}
+  dbInstance.pragma("journal_mode = WAL");
+  dbInstance.pragma("foreign_keys = ON");
+  initDb(dbInstance);
+  return dbInstance;
+}
+
+function initDb(db: Database.Database) {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS projects (
+      id TEXT PRIMARY KEY,
+      name TEXT UNIQUE NOT NULL,
+      owner TEXT NOT NULL,
+      repo TEXT NOT NULL,
+      branch TEXT NOT NULL,
+      target_type TEXT NOT NULL,
+      target_host TEXT,
+      target_path TEXT NOT NULL,
+      install_cmd TEXT,
+      build_cmd TEXT,
+      restart_cmd TEXT,
+      healthcheck_path TEXT,
+      healthcheck_port INTEGER,
+      healthcheck_retries INTEGER,
+      healthcheck_interval_ms INTEGER,
+      healthcheck_timeout_ms INTEGER,
+      webhook_secret TEXT NOT NULL,
+      created_at INTEGER NOT NULL,
+      updated_at INTEGER NOT NULL
+    );
+
+    CREATE TABLE IF NOT EXISTS webhooks (
+      id TEXT PRIMARY KEY,
+      project_id TEXT NOT NULL,
+      github_webhook_id INTEGER,
+      url TEXT NOT NULL,
+      secret TEXT NOT NULL,
+      active INTEGER NOT NULL DEFAULT 1,
+      created_at INTEGER NOT NULL,
+      FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE
+    );
+
+    CREATE TABLE IF NOT EXISTS deployments (
+      id TEXT PRIMARY KEY,
+      project_id TEXT NOT NULL,
+      branch TEXT NOT NULL,
+      commit_sha TEXT,
+      commit_message TEXT,
+      author TEXT,
+      status TEXT NOT NULL,
+      started_at INTEGER,
+      finished_at INTEGER,
+      total_duration_ms INTEGER,
+      rollback_of_id TEXT,
+      created_at INTEGER NOT NULL,
+      FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE
+    );
+
+    CREATE TABLE IF NOT EXISTS deployment_steps (
+      id TEXT PRIMARY KEY,
+      deployment_id TEXT NOT NULL,
+      step_name TEXT NOT NULL,
+      status TEXT NOT NULL,
+      started_at INTEGER,
+      finished_at INTEGER,
+      duration_ms INTEGER,
+      FOREIGN KEY (deployment_id) REFERENCES deployments(id) ON DELETE CASCADE
+    );
+
+    CREATE TABLE IF NOT EXISTS deployment_logs (
+      deployment_id TEXT PRIMARY KEY,
+      log_data TEXT NOT NULL,
+      FOREIGN KEY (deployment_id) REFERENCES deployments(id) ON DELETE CASCADE
+    );
+
+    CREATE TABLE IF NOT EXISTS webhook_deliveries (
+      id TEXT PRIMARY KEY,
+      created_at INTEGER NOT NULL
+    );
+  `);
+}
+
+// Project Repositories
+export function addProject(project: Omit<Project, "created_at" | "updated_at">): Project {
+  const db = getDb();
+  const now = Date.now();
+  const fullProject = { ...project, created_at: now, updated_at: now };
+  const stmt = db.prepare(`
+    INSERT INTO projects (id, name, owner, repo, branch, target_type, target_host, target_path, install_cmd, build_cmd, restart_cmd, healthcheck_path, healthcheck_port, healthcheck_retries, healthcheck_interval_ms, healthcheck_timeout_ms, webhook_secret, created_at, updated_at)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    ON CONFLICT(name) DO UPDATE SET
+      owner = excluded.owner,
+      repo = excluded.repo,
+      branch = excluded.branch,
+      target_type = excluded.target_type,
+      target_host = excluded.target_host,
+      target_path = excluded.target_path,
+      install_cmd = excluded.install_cmd,
+      build_cmd = excluded.build_cmd,
+      restart_cmd = excluded.restart_cmd,
+      healthcheck_path = excluded.healthcheck_path,
+      healthcheck_port = excluded.healthcheck_port,
+      healthcheck_retries = excluded.healthcheck_retries,
+      healthcheck_interval_ms = excluded.healthcheck_interval_ms,
+      healthcheck_timeout_ms = excluded.healthcheck_timeout_ms,
+      webhook_secret = excluded.webhook_secret,
+      updated_at = excluded.updated_at
+  `);
+  stmt.run(
+    fullProject.id,
+    fullProject.name,
+    fullProject.owner,
+    fullProject.repo,
+    fullProject.branch,
+    fullProject.target_type,
+    fullProject.target_host || null,
+    fullProject.target_path,
+    fullProject.install_cmd || null,
+    fullProject.build_cmd || null,
+    fullProject.restart_cmd || null,
+    fullProject.healthcheck_path || null,
+    fullProject.healthcheck_port || null,
+    fullProject.healthcheck_retries || null,
+    fullProject.healthcheck_interval_ms || null,
+    fullProject.healthcheck_timeout_ms || null,
+    fullProject.webhook_secret,
+    fullProject.created_at,
+    fullProject.updated_at
+  );
+  return fullProject;
+}
+
+export function getProject(idOrName: string): Project | null {
+  const db = getDb();
+  const stmt = db.prepare("SELECT * FROM projects WHERE id = ? OR name = ?");
+  const res = stmt.get(idOrName, idOrName) as Project | undefined;
+  return res || null;
+}
+
+export function getProjects(): Project[] {
+  const db = getDb();
+  const stmt = db.prepare("SELECT * FROM projects ORDER BY name ASC");
+  return stmt.all() as Project[];
+}
+
+export function removeProject(id: string): void {
+  const db = getDb();
+  const stmt = db.prepare("DELETE FROM projects WHERE id = ?");
+  stmt.run(id);
+}
+
+// Webhook Repositories
+export function saveWebhook(webhook: Webhook): void {
+  const db = getDb();
+  const stmt = db.prepare(`
+    INSERT INTO webhooks (id, project_id, github_webhook_id, url, secret, active, created_at)
+    VALUES (?, ?, ?, ?, ?, ?, ?)
+    ON CONFLICT(id) DO UPDATE SET
+      github_webhook_id = excluded.github_webhook_id,
+      url = excluded.url,
+      secret = excluded.secret,
+      active = excluded.active
+  `);
+  stmt.run(
+    webhook.id,
+    webhook.project_id,
+    webhook.github_webhook_id,
+    webhook.url,
+    webhook.secret,
+    webhook.active ? 1 : 0,
+    webhook.created_at
+  );
+}
+
+export function getWebhookByProjectId(projectId: string): Webhook | null {
+  const db = getDb();
+  const stmt = db.prepare("SELECT * FROM webhooks WHERE project_id = ?");
+  const res = stmt.get(projectId) as any;
+  if (!res) return null;
+  return {
+    ...res,
+    active: res.active === 1,
+  };
+}
+
+// Deployment Repositories
+export function createDeployment(deployment: Omit<Deployment, "created_at">): Deployment {
+  const db = getDb();
+  const now = Date.now();
+  const fullDeployment = { ...deployment, created_at: now };
+  const stmt = db.prepare(`
+    INSERT INTO deployments (id, project_id, branch, commit_sha, commit_message, author, status, started_at, finished_at, total_duration_ms, rollback_of_id, created_at)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `);
+  stmt.run(
+    fullDeployment.id,
+    fullDeployment.project_id,
+    fullDeployment.branch,
+    fullDeployment.commit_sha || null,
+    fullDeployment.commit_message || null,
+    fullDeployment.author || null,
+    fullDeployment.status,
+    fullDeployment.started_at || null,
+    fullDeployment.finished_at || null,
+    fullDeployment.total_duration_ms || null,
+    fullDeployment.rollback_of_id || null,
+    fullDeployment.created_at
+  );
+
+  // Initialize empty logs for this deployment
+  const logStmt = db.prepare("INSERT INTO deployment_logs (deployment_id, log_data) VALUES (?, ?)");
+  logStmt.run(fullDeployment.id, "");
+
+  return fullDeployment;
+}
+
+export function updateDeploymentStatus(
+  id: string,
+  status: DeploymentStatus,
+  fields: Partial<Deployment> = {}
+): void {
+  const db = getDb();
+  const updates: string[] = ["status = ?"];
+  const params: any[] = [status];
+
+  for (const [key, val] of Object.entries(fields)) {
+    if (key !== "id" && key !== "status") {
+      updates.push(`${key} = ?`);
+      params.push(val);
+    }
+  }
+
+  params.push(id);
+  const stmt = db.prepare(`UPDATE deployments SET ${updates.join(", ")} WHERE id = ?`);
+  stmt.run(...params);
+}
+
+export function getDeployment(id: string): Deployment | null {
+  const db = getDb();
+  const stmt = db.prepare("SELECT * FROM deployments WHERE id = ?");
+  const res = stmt.get(id) as Deployment | undefined;
+  return res || null;
+}
+
+export function getDeployments(projectId?: string, limit?: number): Deployment[] {
+  const db = getDb();
+  let query = "SELECT * FROM deployments";
+  const params: any[] = [];
+
+  if (projectId) {
+    query += " WHERE project_id = ?";
+    params.push(projectId);
+  }
+
+  query += " ORDER BY created_at DESC";
+
+  if (limit) {
+    query += " LIMIT ?";
+    params.push(limit);
+  }
+
+  const stmt = db.prepare(query);
+  return stmt.all(...params) as Deployment[];
+}
+
+export function getQueuedDeployments(projectId: string): Deployment[] {
+  const db = getDb();
+  const stmt = db.prepare("SELECT * FROM deployments WHERE project_id = ? AND status = 'QUEUED' ORDER BY created_at ASC");
+  return stmt.all(projectId) as Deployment[];
+}
+
+export function getRunningDeployment(projectId: string): Deployment | null {
+  const db = getDb();
+  const stmt = db.prepare("SELECT * FROM deployments WHERE project_id = ? AND status = 'RUNNING'");
+  const res = stmt.get(projectId) as Deployment | undefined;
+  return res || null;
+}
+
+// Steps Repositories
+export function createDeploymentStep(step: DeploymentStep): void {
+  const db = getDb();
+  const stmt = db.prepare(`
+    INSERT INTO deployment_steps (id, deployment_id, step_name, status, started_at, finished_at, duration_ms)
+    VALUES (?, ?, ?, ?, ?, ?, ?)
+  `);
+  stmt.run(step.id, step.deployment_id, step.step_name, step.status, step.started_at, step.finished_at, step.duration_ms);
+}
+
+export function updateDeploymentStep(id: string, fields: Partial<DeploymentStep>): void {
+  const db = getDb();
+  const updates: string[] = [];
+  const params: any[] = [];
+
+  for (const [key, val] of Object.entries(fields)) {
+    if (key !== "id") {
+      updates.push(`${key} = ?`);
+      params.push(val);
+    }
+  }
+
+  params.push(id);
+  const stmt = db.prepare(`UPDATE deployment_steps SET ${updates.join(", ")} WHERE id = ?`);
+  stmt.run(...params);
+}
+
+export function getDeploymentSteps(deploymentId: string): DeploymentStep[] {
+  const db = getDb();
+  const stmt = db.prepare("SELECT * FROM deployment_steps WHERE deployment_id = ? ORDER BY started_at ASC");
+  return stmt.all(deploymentId) as DeploymentStep[];
+}
+
+// Log Repositories
+export function appendDeploymentLog(deploymentId: string, text: string): void {
+  const db = getDb();
+  const stmt = db.prepare(`
+    UPDATE deployment_logs
+    SET log_data = log_data || ?
+    WHERE deployment_id = ?
+  `);
+  stmt.run(text, deploymentId);
+}
+
+export function getDeploymentLog(deploymentId: string): string | null {
+  const db = getDb();
+  const stmt = db.prepare("SELECT log_data FROM deployment_logs WHERE deployment_id = ?");
+  const res = stmt.get(deploymentId) as { log_data: string } | undefined;
+  return res ? res.log_data : null;
+}
+
+// Stats Repository
+export interface ProjectStats {
+  totalDeployments: number;
+  successRate: number;
+  avgDeployTimeMs: number;
+  avgBuildTimeMs: number;
+  slowestDeployMs: number;
+  fastestDeployMs: number;
+}
+
+export function getStats(projectId?: string): ProjectStats {
+  const db = getDb();
+  const filter = projectId ? "WHERE project_id = ?" : "WHERE 1=1";
+  const params = projectId ? [projectId] : [];
+
+  const totalRow = db.prepare(`SELECT count(*) as count FROM deployments ${filter}`).get(...params) as { count: number };
+  const total = totalRow.count;
+
+  if (total === 0) {
+    return {
+      totalDeployments: 0,
+      successRate: 0,
+      avgDeployTimeMs: 0,
+      avgBuildTimeMs: 0,
+      slowestDeployMs: 0,
+      fastestDeployMs: 0,
+    };
+  }
+
+  const successRow = db.prepare(`SELECT count(*) as count FROM deployments ${filter} AND status = 'SUCCESS'`).get(...params) as { count: number };
+  const successRate = total > 0 ? (successRow.count / total) * 100 : 0;
+
+  const durationRow = db.prepare(`
+    SELECT
+      avg(total_duration_ms) as avg_duration,
+      max(total_duration_ms) as max_duration,
+      min(total_duration_ms) as min_duration
+    FROM deployments
+    ${filter} AND status = 'SUCCESS'
+  `).get(...params) as { avg_duration: number | null; max_duration: number | null; min_duration: number | null };
+
+  const buildDurationRow = db.prepare(`
+    SELECT avg(ds.duration_ms) as avg_build
+    FROM deployment_steps ds
+    JOIN deployments d ON ds.deployment_id = d.id
+    ${projectId ? "WHERE d.project_id = ?" : "WHERE 1=1"} AND ds.step_name = 'build' AND ds.status = 'SUCCESS'
+  `).get(projectId ? [projectId] : []) as { avg_build: number | null };
+
+  return {
+    totalDeployments: total,
+    successRate: parseFloat(successRate.toFixed(1)),
+    avgDeployTimeMs: Math.round(durationRow.avg_duration || 0),
+    avgBuildTimeMs: Math.round(buildDurationRow.avg_build || 0),
+    slowestDeployMs: durationRow.max_duration || 0,
+    fastestDeployMs: durationRow.min_duration || 0,
+  };
+}
+
+export function isWebhookDeliveryProcessed(id: string): boolean {
+  const db = getDb();
+  const stmt = db.prepare("SELECT count(*) as count FROM webhook_deliveries WHERE id = ?");
+  const res = stmt.get(id) as { count: number };
+  return res.count > 0;
+}
+
+export function recordWebhookDelivery(id: string): void {
+  const db = getDb();
+  const now = Date.now();
+  const insertStmt = db.prepare("INSERT OR IGNORE INTO webhook_deliveries (id, created_at) VALUES (?, ?)");
+  insertStmt.run(id, now);
+
+  // Prune older than 24 hours (86,400,000 ms)
+  const pruneStmt = db.prepare("DELETE FROM webhook_deliveries WHERE created_at < ?");
+  pruneStmt.run(now - 86400000);
+}

package/src/engine.ts

@@ -0,0 +1,477 @@
+import { execa } from "execa";
+import fs from "fs";
+import path from "path";
+import { nanoid } from "nanoid";
+import {
+  Project,
+  Deployment,
+  DeploymentStep,
+  StepStatus,
+  DeploymentStatus,
+} from "gitship-shared";
+import {
+  updateDeploymentStatus,
+  createDeploymentStep,
+  updateDeploymentStep,
+  appendDeploymentLog,
+  getDeployment,
+} from "./db.js";
+import { BUILDS_DIR, readAuthConfig } from "./paths.js";
+import { activeProcesses } from "./queue.js";
+
+interface StepResult {
+  status: StepStatus;
+  durationMs: number;
+}
+
+export async function runDeploymentPipeline(
+  project: Project,
+  deployment: Deployment
+): Promise<void> {
+  const auth = readAuthConfig();
+  const token = auth.github_token;
+
+  if (!token) {
+    const errorMsg = "Error: GitHub authentication token is missing. Please run 'deploykit auth github'.\n";
+    appendDeploymentLog(deployment.id, errorMsg);
+    updateDeploymentStatus(deployment.id, "FAILED", {
+      finished_at: Date.now(),
+      total_duration_ms: 0,
+    });
+    return;
+  }
+
+  // Prevent shell command injection via branch or commit SHA inputs
+  const safeBranchRegex = /^[a-zA-Z0-9/_.-]+$/;
+  if (!safeBranchRegex.test(deployment.branch)) {
+    const errorMsg = `Error: Unsafe branch name format: "${deployment.branch}". Deployment aborted.\n`;
+    appendDeploymentLog(deployment.id, errorMsg);
+    updateDeploymentStatus(deployment.id, "FAILED", {
+      finished_at: Date.now(),
+      total_duration_ms: 0,
+    });
+    return;
+  }
+
+  if (deployment.commit_sha && !/^[a-zA-Z0-9]+$/.test(deployment.commit_sha)) {
+    const errorMsg = `Error: Unsafe commit SHA format: "${deployment.commit_sha}". Deployment aborted.\n`;
+    appendDeploymentLog(deployment.id, errorMsg);
+    updateDeploymentStatus(deployment.id, "FAILED", {
+      finished_at: Date.now(),
+      total_duration_ms: 0,
+    });
+    return;
+  }
+
+  const startTime = Date.now();
+  updateDeploymentStatus(deployment.id, "RUNNING", { started_at: startTime });
+
+  appendDeploymentLog(
+    deployment.id,
+    `=== Starting deployment ${deployment.id} for project "${project.name}" ===\n` +
+      `Branch: ${deployment.branch}\n` +
+      `Commit: ${deployment.commit_sha || "latest"}\n` +
+      `Author: ${deployment.author || "system"}\n` +
+      `Target: ${project.target_type} (${
+        project.target_type === "ssh"
+          ? `${project.target_host}:${project.target_path}`
+          : project.target_path
+      })\n\n`
+  );
+
+  let status: DeploymentStatus = "SUCCESS";
+
+  try {
+    // Step 1: Clone or Pull
+    const cloneSuccess = await runStep(
+      deployment.id,
+      "clone",
+      async (log) => {
+        // Double check cancellation
+        checkCancelled(deployment.id);
+
+        const repoUrl = `https://${token}@github.com/${project.owner}/${project.repo}.git`;
+        if (project.target_type === "local") {
+          const projectPath = path.join(BUILDS_DIR, project.name);
+          if (!fs.existsSync(projectPath)) {
+            log(`Cloning repository into local path ${projectPath}...\n`);
+            await execLocal(
+              deployment.id,
+              "git",
+              ["clone", "--branch", deployment.branch, repoUrl, "."],
+              BUILDS_DIR,
+              project.name, // create dir
+              log
+            );
+          } else {
+            log(`Repository directory exists. Fetching latest changes...\n`);
+            await execLocal(deployment.id, "git", ["fetch", "origin"], projectPath, undefined, log);
+            
+            const checkoutTarget = deployment.commit_sha || `origin/${deployment.branch}`;
+            log(`Checking out target: ${checkoutTarget}...\n`);
+            await execLocal(deployment.id, "git", ["checkout", "-B", deployment.branch], projectPath, undefined, log);
+            await execLocal(deployment.id, "git", ["reset", "--hard", checkoutTarget], projectPath, undefined, log);
+          }
+        } else {
+          // SSH Target
+          const port = project.target_host?.split(":")[1] || "22";
+          const host = project.target_host?.split(":")[0] || "";
+          
+          log(`Ensuring target path ${project.target_path} exists on remote server...\n`);
+          await execSSH(deployment.id, host, port, `mkdir -p ${project.target_path}`, log);
+
+          // Check if git repository exists on the remote target path
+          log(`Checking if repository is already initialized on remote...\n`);
+          let isInitialized = false;
+          try {
+            await execSSH(deployment.id, host, port, `cd ${project.target_path} && git rev-parse --is-inside-work-tree`, () => {});
+            isInitialized = true;
+          } catch {
+            isInitialized = false;
+          }
+
+          checkCancelled(deployment.id);
+
+          if (!isInitialized) {
+            log(`Cloning repository on remote server into ${project.target_path}...\n`);
+            await execSSH(deployment.id, host, port, `git clone --branch ${deployment.branch} ${repoUrl} ${project.target_path}`, log);
+          } else {
+            log(`Fetching updates on remote server...\n`);
+            await execSSH(deployment.id, host, port, `cd ${project.target_path} && git fetch origin`, log);
+            
+            const checkoutTarget = deployment.commit_sha || `origin/${deployment.branch}`;
+            log(`Checking out target on remote server: ${checkoutTarget}...\n`);
+            await execSSH(deployment.id, host, port, `cd ${project.target_path} && git checkout -B ${deployment.branch} && git reset --hard ${checkoutTarget}`, log);
+          }
+        }
+      }
+    );
+
+    if (!cloneSuccess) throw new Error("Step 'clone' failed.");
+
+    // Step 2: Install dependencies
+    if (project.install_cmd) {
+      const installSuccess = await runStep(
+        deployment.id,
+        "install",
+        async (log) => {
+          checkCancelled(deployment.id);
+          log(`Running install command: ${project.install_cmd}\n`);
+          if (project.target_type === "local") {
+            const projectPath = path.join(BUILDS_DIR, project.name);
+            await execShell(deployment.id, project.install_cmd!, projectPath, log);
+          } else {
+            const port = project.target_host?.split(":")[1] || "22";
+            const host = project.target_host?.split(":")[0] || "";
+            await execSSH(deployment.id, host, port, `cd ${project.target_path} && ${project.install_cmd}`, log);
+          }
+        }
+      );
+      if (!installSuccess) throw new Error("Step 'install' failed.");
+    } else {
+      skipStep(deployment.id, "install");
+    }
+
+    // Step 3: Build project
+    if (project.build_cmd) {
+      const buildSuccess = await runStep(
+        deployment.id,
+        "build",
+        async (log) => {
+          checkCancelled(deployment.id);
+          log(`Running build command: ${project.build_cmd}\n`);
+          if (project.target_type === "local") {
+            const projectPath = path.join(BUILDS_DIR, project.name);
+            await execShell(deployment.id, project.build_cmd!, projectPath, log);
+          } else {
+            const port = project.target_host?.split(":")[1] || "22";
+            const host = project.target_host?.split(":")[0] || "";
+            await execSSH(deployment.id, host, port, `cd ${project.target_path} && ${project.build_cmd}`, log);
+          }
+        }
+      );
+      if (!buildSuccess) throw new Error("Step 'build' failed.");
+    } else {
+      skipStep(deployment.id, "build");
+    }
+
+    // Step 4: Restart application
+    if (project.restart_cmd) {
+      const restartSuccess = await runStep(
+        deployment.id,
+        "restart",
+        async (log) => {
+          checkCancelled(deployment.id);
+          log(`Running restart command: ${project.restart_cmd}\n`);
+          if (project.target_type === "local") {
+            const projectPath = path.join(BUILDS_DIR, project.name);
+            await execShell(deployment.id, project.restart_cmd!, projectPath, log);
+          } else {
+            const port = project.target_host?.split(":")[1] || "22";
+            const host = project.target_host?.split(":")[0] || "";
+            await execSSH(deployment.id, host, port, `cd ${project.target_path} && ${project.restart_cmd}`, log);
+          }
+        }
+      );
+      if (!restartSuccess) throw new Error("Step 'restart' failed.");
+    } else {
+      skipStep(deployment.id, "restart");
+    }
+
+    // Step 5: Health Check
+    if (project.healthcheck_path) {
+      const healthSuccess = await runStep(
+        deployment.id,
+        "healthcheck",
+        async (log) => {
+          checkCancelled(deployment.id);
+          const pathStr = project.healthcheck_path || "/";
+          const portNum = project.healthcheck_port;
+          const retries = project.healthcheck_retries || 5;
+          const interval = project.healthcheck_interval_ms || 1000;
+          const timeout = project.healthcheck_timeout_ms || 2000;
+
+          const url = portNum ? `http://localhost:${portNum}${pathStr}` : `http://localhost${pathStr}`;
+          log(`Performing health check on: ${url} (Retries: ${retries}, Interval: ${interval}ms)\n`);
+
+          let lastError: any = null;
+          for (let i = 1; i <= retries; i++) {
+            checkCancelled(deployment.id);
+            log(`Attempt ${i} of ${retries}... `);
+
+            try {
+              if (project.target_type === "local") {
+                const controller = new AbortController();
+                const timeoutId = setTimeout(() => controller.abort(), timeout);
+                const res = await fetch(url, { signal: controller.signal });
+                clearTimeout(timeoutId);
+                if (res.ok) {
+                  log(`OK (${res.status})\n`);
+                  return;
+                } else {
+                  throw new Error(`HTTP status ${res.status}`);
+                }
+              } else {
+                // SSH Target
+                const sshPort = project.target_host?.split(":")[1] || "22";
+                const host = project.target_host?.split(":")[0] || "";
+                const maxTimeSecs = Math.max(1, Math.round(timeout / 1000));
+                await execSSH(
+                  deployment.id,
+                  host,
+                  sshPort,
+                  `curl -s -f --max-time ${maxTimeSecs} ${url}`,
+                  () => {}
+                );
+                log(`OK (exit code 0)\n`);
+                return;
+              }
+            } catch (err: any) {
+              lastError = err;
+              log(`FAILED: ${err.message || err}\n`);
+              if (i < retries) {
+                await new Promise((r) => setTimeout(r, interval));
+              }
+            }
+          }
+          throw new Error(`Health check failed after ${retries} retries. Last error: ${lastError?.message || lastError}`);
+        }
+      );
+      if (!healthSuccess) throw new Error("Step 'healthcheck' failed.");
+    } else {
+      skipStep(deployment.id, "healthcheck");
+    }
+
+    // Check if cancelled at the very end
+    const currentDep = getDeployment(deployment.id);
+    if (currentDep?.status === "CANCELLED") {
+      status = "CANCELLED";
+    } else {
+      appendDeploymentLog(deployment.id, `\n=== Deployment SUCCESS ===\n`);
+    }
+  } catch (err: any) {
+    const currentDep = getDeployment(deployment.id);
+    if (currentDep?.status === "CANCELLED") {
+      status = "CANCELLED";
+      appendDeploymentLog(deployment.id, `\n=== Deployment CANCELLED ===\n`);
+    } else {
+      status = "FAILED";
+      appendDeploymentLog(deployment.id, `\n=== Deployment FAILED ===\nReason: ${err.message || err}\n`);
+    }
+  } finally {
+    const endTime = Date.now();
+    const duration = endTime - startTime;
+    updateDeploymentStatus(deployment.id, status, {
+      finished_at: endTime,
+      total_duration_ms: duration,
+    });
+  }
+}
+
+function checkCancelled(deploymentId: string) {
+  const currentDep = getDeployment(deploymentId);
+  if (currentDep?.status === "CANCELLED") {
+    throw new Error("Deployment cancelled by user.");
+  }
+}
+
+// Execa locally helper
+async function execLocal(
+  deploymentId: string,
+  cmd: string,
+  args: string[],
+  cwd: string,
+  createDir?: string,
+  log?: (chunk: string) => void
+): Promise<void> {
+  const finalCwd = createDir ? cwd : cwd;
+  if (createDir) {
+    fs.mkdirSync(path.join(cwd, createDir), { recursive: true });
+  }
+
+  const proc = execa(cmd, args, {
+    cwd: createDir ? path.join(cwd, createDir) : finalCwd,
+    all: true,
+  });
+
+  activeProcesses.set(deploymentId, proc);
+
+  if (log && proc.all) {
+    proc.all.on("data", (chunk) => {
+      log(chunk.toString());
+    });
+  }
+
+  try {
+    await proc;
+  } finally {
+    activeProcesses.delete(deploymentId);
+  }
+}
+
+// Execa locally with shell helper
+async function execShell(
+  deploymentId: string,
+  cmd: string,
+  cwd: string,
+  log: (chunk: string) => void
+): Promise<void> {
+  const proc = execa({ shell: true, cwd, all: true })`${cmd}`;
+  
+  activeProcesses.set(deploymentId, proc);
+
+  if (proc.all) {
+    proc.all.on("data", (chunk) => {
+      log(chunk.toString());
+    });
+  }
+
+  try {
+    await proc;
+  } finally {
+    activeProcesses.delete(deploymentId);
+  }
+}
+
+// Execa SSH command helper
+async function execSSH(
+  deploymentId: string,
+  host: string,
+  port: string,
+  cmd: string,
+  log: (chunk: string) => void
+): Promise<void> {
+  // Execute via SSH CLI
+  const proc = execa("ssh", ["-o", "StrictHostKeyChecking=no", "-p", port, host, cmd], {
+    all: true,
+  });
+
+  activeProcesses.set(deploymentId, proc);
+
+  if (proc.all) {
+    proc.all.on("data", (chunk) => {
+      log(chunk.toString());
+    });
+  }
+
+  try {
+    await proc;
+  } finally {
+    activeProcesses.delete(deploymentId);
+  }
+}
+
+async function runStep(
+  deploymentId: string,
+  name: "clone" | "install" | "build" | "restart" | "healthcheck",
+  fn: (log: (text: string) => void) => Promise<void>
+): Promise<boolean> {
+  const stepId = nanoid();
+  const startTime = Date.now();
+
+  const step: DeploymentStep = {
+    id: stepId,
+    deployment_id: deploymentId,
+    step_name: name,
+    status: "RUNNING",
+    started_at: startTime,
+    finished_at: null,
+    duration_ms: null,
+  };
+
+  createDeploymentStep(step);
+  appendDeploymentLog(deploymentId, `[Step: ${name}] Started...\n`);
+
+  try {
+    await fn((text: string) => {
+      appendDeploymentLog(deploymentId, text);
+    });
+
+    // Check cancellation again
+    checkCancelled(deploymentId);
+
+    const endTime = Date.now();
+    const duration = endTime - startTime;
+
+    updateDeploymentStep(stepId, {
+      status: "SUCCESS",
+      finished_at: endTime,
+      duration_ms: duration,
+    });
+    appendDeploymentLog(deploymentId, `[Step: ${name}] Completed successfully (${Math.round(duration / 1000)}s).\n\n`);
+    return true;
+  } catch (err: any) {
+    const endTime = Date.now();
+    const duration = endTime - startTime;
+
+    const currentDep = getDeployment(deploymentId);
+    const isCancelled = currentDep?.status === "CANCELLED";
+
+    updateDeploymentStep(stepId, {
+      status: isCancelled ? "FAILED" : "FAILED", // or can mark as cancelled if step structure supported it, but FAILED is robust
+      finished_at: endTime,
+      duration_ms: duration,
+    });
+    
+    appendDeploymentLog(deploymentId, `[Step: ${name}] ${isCancelled ? 'Cancelled' : 'Failed'} (${Math.round(duration / 1000)}s).\nError detail: ${err.message || err}\n\n`);
+    return false;
+  }
+}
+
+function skipStep(
+  deploymentId: string,
+  name: "clone" | "install" | "build" | "restart" | "healthcheck"
+) {
+  const stepId = nanoid();
+  const step: DeploymentStep = {
+    id: stepId,
+    deployment_id: deploymentId,
+    step_name: name,
+    status: "SUCCESS",
+    started_at: Date.now(),
+    finished_at: Date.now(),
+    duration_ms: 0,
+  };
+  createDeploymentStep(step);
+  appendDeploymentLog(deploymentId, `[Step: ${name}] Skipped (not configured).\n\n`);
+}

package/src/github.ts

@@ -0,0 +1,124 @@
+import { Octokit } from "octokit";
+
+export function getOctokit(token: string): Octokit {
+  return new Octokit({ auth: token });
+}
+
+export async function validateToken(token: string): Promise<{ username: string; name: string | null }> {
+  const octokit = getOctokit(token);
+  const { data } = await octokit.rest.users.getAuthenticated();
+  return {
+    username: data.login,
+    name: data.name || null,
+  };
+}
+
+export interface GitRepo {
+  owner: string;
+  name: string;
+  fullName: string;
+  url: string;
+}
+
+export async function listRepositories(token: string): Promise<GitRepo[]> {
+  const octokit = getOctokit(token);
+  const repos: GitRepo[] = [];
+  
+  // Fetch up to 100 repositories. In a real-world scenario we could paginate further,
+  // but for an MVP 100 is typically enough or we can list top repos.
+  const response = await octokit.rest.repos.listForAuthenticatedUser({
+    per_page: 100,
+    sort: "updated",
+  });
+
+  for (const repo of response.data) {
+    repos.push({
+      owner: repo.owner.login,
+      name: repo.name,
+      fullName: repo.full_name,
+      url: repo.clone_url,
+    });
+  }
+
+  return repos;
+}
+
+export async function listBranches(token: string, owner: string, repo: string): Promise<string[]> {
+  const octokit = getOctokit(token);
+  const response = await octokit.rest.repos.listBranches({
+    owner,
+    repo,
+    per_page: 100,
+  });
+  return response.data.map(b => b.name);
+}
+
+export interface WebhookConfig {
+  owner: string;
+  repo: string;
+  webhookUrl: string;
+  secret: string;
+}
+
+export async function setupWebhook(
+  token: string,
+  config: WebhookConfig
+): Promise<{ id: number; url: string }> {
+  const octokit = getOctokit(config.webhookUrl ? token : token); // ensure unused warning bypass
+  
+  // 1. List existing webhooks to find a duplicate
+  const webhooks = await octokit.rest.repos.listWebhooks({
+    owner: config.owner,
+    repo: config.repo,
+    per_page: 100,
+  });
+
+  const existing = webhooks.data.find(h => h.config.url === config.webhookUrl);
+
+  if (existing) {
+    // 2. Update webhook
+    await octokit.rest.repos.updateWebhook({
+      owner: config.owner,
+      repo: config.repo,
+      hook_id: existing.id,
+      config: {
+        url: config.webhookUrl,
+        content_type: "json",
+        secret: config.secret,
+        insecure_ssl: "1",
+      },
+      events: ["push"],
+      active: true,
+    });
+    return { id: existing.id, url: config.webhookUrl };
+  } else {
+    // 3. Create webhook
+    const response = await octokit.rest.repos.createWebhook({
+      owner: config.owner,
+      repo: config.repo,
+      name: "web",
+      active: true,
+      events: ["push"],
+      config: {
+        url: config.webhookUrl,
+        content_type: "json",
+        secret: config.secret,
+        insecure_ssl: "1",
+      },
+    });
+    return { id: response.data.id, url: config.webhookUrl };
+  }
+}
+
+import { execa } from "execa";
+
+export async function openBrowser(url: string): Promise<void> {
+  const platform = process.platform;
+  if (platform === "darwin") {
+    await execa("open", [url]);
+  } else if (platform === "win32") {
+    await execa("cmd", ["/c", "start", url]);
+  } else {
+    await execa("xdg-open", [url]);
+  }
+}

package/src/index.ts

@@ -0,0 +1,5 @@
+export * from "./paths.js";
+export * from "./db.js";
+export * from "./github.js";
+export * from "./queue.js";
+export * from "./engine.js";

package/src/paths.ts

@@ -0,0 +1,35 @@
+import path from "path";
+import os from "os";
+import fs from "fs";
+
+export const DEPLOYKIT_DIR = process.env.DEPLOYKIT_DIR || path.join(os.homedir(), ".deploykit");
+export const CONFIG_PATH = path.join(DEPLOYKIT_DIR, "config.json");
+export const DB_PATH = path.join(DEPLOYKIT_DIR, "deploykit.db");
+export const BUILDS_DIR = path.join(DEPLOYKIT_DIR, "builds");
+
+export function ensureDirsExist() {
+  if (!fs.existsSync(DEPLOYKIT_DIR)) {
+    fs.mkdirSync(DEPLOYKIT_DIR, { recursive: true });
+  }
+  if (!fs.existsSync(BUILDS_DIR)) {
+    fs.mkdirSync(BUILDS_DIR, { recursive: true });
+  }
+}
+
+export function readAuthConfig(): { github_token?: string; github_username?: string } {
+  ensureDirsExist();
+  if (!fs.existsSync(CONFIG_PATH)) {
+    return {};
+  }
+  try {
+    const raw = fs.readFileSync(CONFIG_PATH, "utf-8");
+    return JSON.parse(raw);
+  } catch {
+    return {};
+  }
+}
+
+export function writeAuthConfig(config: { github_token: string; github_username?: string }) {
+  ensureDirsExist();
+  fs.writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2), "utf-8");
+}

package/src/queue.ts

@@ -0,0 +1,130 @@
+import { nanoid } from "nanoid";
+import { Deployment, DeploymentStatus } from "gitship-shared";
+import {
+  createDeployment,
+  getProject,
+  getQueuedDeployments,
+  getRunningDeployment,
+  updateDeploymentStatus,
+  getDeployment,
+  appendDeploymentLog,
+} from "./db.js";
+import { runDeploymentPipeline } from "./engine.js";
+
+// Global map to track active execa processes for cancelling running tasks
+export const activeProcesses = new Map<string, { kill: () => void }>();
+
+export async function enqueueDeployment(
+  projectId: string,
+  branch: string,
+  commitSha: string | null,
+  commitMessage: string | null,
+  author: string | null,
+  rollbackOfId: string | null = null
+): Promise<Deployment> {
+  const deploymentId = `dep_${nanoid(10)}`;
+  const deployment = createDeployment({
+    id: deploymentId,
+    project_id: projectId,
+    branch,
+    commit_sha: commitSha,
+    commit_message: commitMessage,
+    author,
+    status: "QUEUED",
+    started_at: null,
+    finished_at: null,
+    total_duration_ms: null,
+    rollback_of_id: rollbackOfId,
+  });
+
+  // Trigger queue processing asynchronously
+  processQueue(projectId).catch(err => {
+    console.error(`Error processing queue for project ${projectId}:`, err);
+  });
+
+  return deployment;
+}
+
+export async function processQueue(projectId: string): Promise<void> {
+  // 1. Check if there is already a running deployment for this project
+  const running = getRunningDeployment(projectId);
+  if (running) {
+    // A deployment is already running, wait for it to finish.
+    // It will trigger processQueue again upon completion.
+    return;
+  }
+
+  // 2. Get the next queued deployment
+  const queued = getQueuedDeployments(projectId);
+  if (queued.length === 0) {
+    return;
+  }
+
+  const nextDeployment = queued[0];
+  const project = getProject(projectId);
+
+  if (!project) {
+    console.error(`Project ${projectId} not found for deployment ${nextDeployment.id}`);
+    updateDeploymentStatus(nextDeployment.id, "FAILED", {
+      finished_at: Date.now(),
+      total_duration_ms: 0,
+    });
+    return;
+  }
+
+  try {
+    // Execute the deployment pipeline
+    await runDeploymentPipeline(project, nextDeployment);
+  } catch (err) {
+    console.error(`Pipeline exception for deployment ${nextDeployment.id}:`, err);
+  } finally {
+    // Process the next item in the queue
+    processQueue(projectId).catch(err => {
+      console.error(`Error in queue recursion for project ${projectId}:`, err);
+    });
+  }
+}
+
+export function cancelDeployment(id: string): { success: boolean; message: string } {
+  const dep = getDeployment(id);
+  if (!dep) {
+    return { success: false, message: "Deployment not found" };
+  }
+
+  if (dep.status === "SUCCESS" || dep.status === "FAILED" || dep.status === "CANCELLED") {
+    return { success: false, message: `Deployment already finished with status: ${dep.status}` };
+  }
+
+  if (dep.status === "QUEUED") {
+    updateDeploymentStatus(id, "CANCELLED", {
+      finished_at: Date.now(),
+      total_duration_ms: 0,
+    });
+    appendDeploymentLog(id, "\n=== Deployment CANCELLED while in queue ===\n");
+    return { success: true, message: "Queued deployment cancelled successfully" };
+  }
+
+  if (dep.status === "RUNNING") {
+    // Set status to CANCELLED in DB first
+    updateDeploymentStatus(id, "CANCELLED", {
+      finished_at: Date.now(),
+    });
+    appendDeploymentLog(id, "\n=== Deployment CANCELLATION REQUESTED ===\n");
+
+    // Check if we have an active process to kill
+    const proc = activeProcesses.get(id);
+    if (proc) {
+      try {
+        proc.kill();
+        activeProcesses.delete(id);
+        return { success: true, message: "Running deployment cancelled and terminated" };
+      } catch (err: any) {
+        return { success: true, message: `Running deployment status set to CANCELLED, but failed to kill process: ${err.message}` };
+      }
+    }
+
+    return { success: true, message: "Running deployment marked as CANCELLED" };
+  }
+
+  return { success: false, message: "Unknown status" };
+}

package/tsconfig.json

@@ -0,0 +1,8 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "outDir": "./dist",
+    "rootDir": "./src"
+  },
+  "include": ["src/**/*"]
+}