npm - iec-builder - Versions diffs - 0.1.0 - Mend

iec-builder 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (337) hide show

package/.claude/settings.local.json +111 -0
package/.iec.yaml +5 -0
package/CLAUDE.md +174 -0
package/Dockerfile +34 -0
package/README.md +84 -0
package/catalog-info.yaml +11 -0
package/dist/config/env.d.ts +219 -0
package/dist/config/env.d.ts.map +1 -0
package/dist/config/env.js +89 -0
package/dist/config/env.js.map +1 -0
package/dist/index.d.ts +2 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +148 -0
package/dist/index.js.map +1 -0
package/dist/middleware/auth.d.ts +43 -0
package/dist/middleware/auth.d.ts.map +1 -0
package/dist/middleware/auth.js +217 -0
package/dist/middleware/auth.js.map +1 -0
package/dist/middleware/org-access.d.ts +28 -0
package/dist/middleware/org-access.d.ts.map +1 -0
package/dist/middleware/org-access.js +102 -0
package/dist/middleware/org-access.js.map +1 -0
package/dist/models/types.d.ts +254 -0
package/dist/models/types.d.ts.map +1 -0
package/dist/models/types.js +2 -0
package/dist/models/types.js.map +1 -0
package/dist/routes/ai.d.ts +2 -0
package/dist/routes/ai.d.ts.map +1 -0
package/dist/routes/ai.js +77 -0
package/dist/routes/ai.js.map +1 -0
package/dist/routes/audit.d.ts +2 -0
package/dist/routes/audit.d.ts.map +1 -0
package/dist/routes/audit.js +102 -0
package/dist/routes/audit.js.map +1 -0
package/dist/routes/builds.d.ts +2 -0
package/dist/routes/builds.d.ts.map +1 -0
package/dist/routes/builds.js +262 -0
package/dist/routes/builds.js.map +1 -0
package/dist/routes/cluster.d.ts +2 -0
package/dist/routes/cluster.d.ts.map +1 -0
package/dist/routes/cluster.js +181 -0
package/dist/routes/cluster.js.map +1 -0
package/dist/routes/config.d.ts +2 -0
package/dist/routes/config.d.ts.map +1 -0
package/dist/routes/config.js +291 -0
package/dist/routes/config.js.map +1 -0
package/dist/routes/databases.d.ts +2 -0
package/dist/routes/databases.d.ts.map +1 -0
package/dist/routes/databases.js +161 -0
package/dist/routes/databases.js.map +1 -0
package/dist/routes/db-whitelist.d.ts +2 -0
package/dist/routes/db-whitelist.d.ts.map +1 -0
package/dist/routes/db-whitelist.js +148 -0
package/dist/routes/db-whitelist.js.map +1 -0
package/dist/routes/domains.d.ts +2 -0
package/dist/routes/domains.d.ts.map +1 -0
package/dist/routes/domains.js +449 -0
package/dist/routes/domains.js.map +1 -0
package/dist/routes/oauth.d.ts +2 -0
package/dist/routes/oauth.d.ts.map +1 -0
package/dist/routes/oauth.js +180 -0
package/dist/routes/oauth.js.map +1 -0
package/dist/routes/observability.d.ts +2 -0
package/dist/routes/observability.d.ts.map +1 -0
package/dist/routes/observability.js +167 -0
package/dist/routes/observability.js.map +1 -0
package/dist/routes/orgs.d.ts +2 -0
package/dist/routes/orgs.d.ts.map +1 -0
package/dist/routes/orgs.js +270 -0
package/dist/routes/orgs.js.map +1 -0
package/dist/routes/platform.d.ts +2 -0
package/dist/routes/platform.d.ts.map +1 -0
package/dist/routes/platform.js +107 -0
package/dist/routes/platform.js.map +1 -0
package/dist/routes/push.d.ts +2 -0
package/dist/routes/push.d.ts.map +1 -0
package/dist/routes/push.js +233 -0
package/dist/routes/push.js.map +1 -0
package/dist/routes/rotation.d.ts +3 -0
package/dist/routes/rotation.d.ts.map +1 -0
package/dist/routes/rotation.js +154 -0
package/dist/routes/rotation.js.map +1 -0
package/dist/routes/services.d.ts +2 -0
package/dist/routes/services.d.ts.map +1 -0
package/dist/routes/services.js +246 -0
package/dist/routes/services.js.map +1 -0
package/dist/routes/storage.d.ts +2 -0
package/dist/routes/storage.d.ts.map +1 -0
package/dist/routes/storage.js +118 -0
package/dist/routes/storage.js.map +1 -0
package/dist/routes/users.d.ts +2 -0
package/dist/routes/users.d.ts.map +1 -0
package/dist/routes/users.js +183 -0
package/dist/routes/users.js.map +1 -0
package/dist/routes/versions.d.ts +2 -0
package/dist/routes/versions.d.ts.map +1 -0
package/dist/routes/versions.js +195 -0
package/dist/routes/versions.js.map +1 -0
package/dist/routes/webhooks.d.ts +2 -0
package/dist/routes/webhooks.d.ts.map +1 -0
package/dist/routes/webhooks.js +334 -0
package/dist/routes/webhooks.js.map +1 -0
package/dist/services/__tests__/deploy-pipeline.integration.test.d.ts +2 -0
package/dist/services/__tests__/deploy-pipeline.integration.test.d.ts.map +1 -0
package/dist/services/__tests__/deploy-pipeline.integration.test.js +482 -0
package/dist/services/__tests__/deploy-pipeline.integration.test.js.map +1 -0
package/dist/services/bio-client.d.ts +68 -0
package/dist/services/bio-client.d.ts.map +1 -0
package/dist/services/bio-client.js +110 -0
package/dist/services/bio-client.js.map +1 -0
package/dist/services/build-queue.d.ts +7 -0
package/dist/services/build-queue.d.ts.map +1 -0
package/dist/services/build-queue.js +114 -0
package/dist/services/build-queue.js.map +1 -0
package/dist/services/builder.d.ts +7 -0
package/dist/services/builder.d.ts.map +1 -0
package/dist/services/builder.js +1384 -0
package/dist/services/builder.js.map +1 -0
package/dist/services/catalog.d.ts +177 -0
package/dist/services/catalog.d.ts.map +1 -0
package/dist/services/catalog.js +805 -0
package/dist/services/catalog.js.map +1 -0
package/dist/services/catalog.test.d.ts +2 -0
package/dist/services/catalog.test.d.ts.map +1 -0
package/dist/services/catalog.test.js +467 -0
package/dist/services/catalog.test.js.map +1 -0
package/dist/services/cloudflare.d.ts +43 -0
package/dist/services/cloudflare.d.ts.map +1 -0
package/dist/services/cloudflare.js +182 -0
package/dist/services/cloudflare.js.map +1 -0
package/dist/services/config-validator.d.ts +28 -0
package/dist/services/config-validator.d.ts.map +1 -0
package/dist/services/config-validator.js +68 -0
package/dist/services/config-validator.js.map +1 -0
package/dist/services/config-validator.test.d.ts +2 -0
package/dist/services/config-validator.test.d.ts.map +1 -0
package/dist/services/config-validator.test.js +151 -0
package/dist/services/config-validator.test.js.map +1 -0
package/dist/services/crypto.d.ts +19 -0
package/dist/services/crypto.d.ts.map +1 -0
package/dist/services/crypto.js +63 -0
package/dist/services/crypto.js.map +1 -0
package/dist/services/database.d.ts +26 -0
package/dist/services/database.d.ts.map +1 -0
package/dist/services/database.js +100 -0
package/dist/services/database.js.map +1 -0
package/dist/services/db-credential-manager.d.ts +73 -0
package/dist/services/db-credential-manager.d.ts.map +1 -0
package/dist/services/db-credential-manager.js +342 -0
package/dist/services/db-credential-manager.js.map +1 -0
package/dist/services/db-provisioner.d.ts +57 -0
package/dist/services/db-provisioner.d.ts.map +1 -0
package/dist/services/db-provisioner.js +400 -0
package/dist/services/db-provisioner.js.map +1 -0
package/dist/services/db-provisioner.test.d.ts +2 -0
package/dist/services/db-provisioner.test.d.ts.map +1 -0
package/dist/services/db-provisioner.test.js +141 -0
package/dist/services/db-provisioner.test.js.map +1 -0
package/dist/services/db-whitelist.d.ts +58 -0
package/dist/services/db-whitelist.d.ts.map +1 -0
package/dist/services/db-whitelist.js +379 -0
package/dist/services/db-whitelist.js.map +1 -0
package/dist/services/dependency-resolver.d.ts +58 -0
package/dist/services/dependency-resolver.d.ts.map +1 -0
package/dist/services/dependency-resolver.js +180 -0
package/dist/services/dependency-resolver.js.map +1 -0
package/dist/services/dependency-resolver.test.d.ts +2 -0
package/dist/services/dependency-resolver.test.d.ts.map +1 -0
package/dist/services/dependency-resolver.test.js +195 -0
package/dist/services/dependency-resolver.test.js.map +1 -0
package/dist/services/deploy-gate.d.ts +19 -0
package/dist/services/deploy-gate.d.ts.map +1 -0
package/dist/services/deploy-gate.js +56 -0
package/dist/services/deploy-gate.js.map +1 -0
package/dist/services/deploy-gate.test.d.ts +2 -0
package/dist/services/deploy-gate.test.d.ts.map +1 -0
package/dist/services/deploy-gate.test.js +199 -0
package/dist/services/deploy-gate.test.js.map +1 -0
package/dist/services/dockerfile-generator.d.ts +31 -0
package/dist/services/dockerfile-generator.d.ts.map +1 -0
package/dist/services/dockerfile-generator.js +544 -0
package/dist/services/dockerfile-generator.js.map +1 -0
package/dist/services/dockerfile-generator.test.d.ts +2 -0
package/dist/services/dockerfile-generator.test.d.ts.map +1 -0
package/dist/services/dockerfile-generator.test.js +144 -0
package/dist/services/dockerfile-generator.test.js.map +1 -0
package/dist/services/forgejo.d.ts +58 -0
package/dist/services/forgejo.d.ts.map +1 -0
package/dist/services/forgejo.js +131 -0
package/dist/services/forgejo.js.map +1 -0
package/dist/services/koko.d.ts +153 -0
package/dist/services/koko.d.ts.map +1 -0
package/dist/services/koko.js +260 -0
package/dist/services/koko.js.map +1 -0
package/dist/services/kubernetes.d.ts +16 -0
package/dist/services/kubernetes.d.ts.map +1 -0
package/dist/services/kubernetes.js +102 -0
package/dist/services/kubernetes.js.map +1 -0
package/dist/services/oauth-provisioner.d.ts +30 -0
package/dist/services/oauth-provisioner.d.ts.map +1 -0
package/dist/services/oauth-provisioner.js +182 -0
package/dist/services/oauth-provisioner.js.map +1 -0
package/dist/services/oauth-provisioner.test.d.ts +2 -0
package/dist/services/oauth-provisioner.test.d.ts.map +1 -0
package/dist/services/oauth-provisioner.test.js +349 -0
package/dist/services/oauth-provisioner.test.js.map +1 -0
package/dist/services/pod-diagnostics.d.ts +11 -0
package/dist/services/pod-diagnostics.d.ts.map +1 -0
package/dist/services/pod-diagnostics.js +201 -0
package/dist/services/pod-diagnostics.js.map +1 -0
package/dist/services/rotation-scheduler.d.ts +2 -0
package/dist/services/rotation-scheduler.d.ts.map +1 -0
package/dist/services/rotation-scheduler.js +215 -0
package/dist/services/rotation-scheduler.js.map +1 -0
package/dist/services/storage-credential-manager.d.ts +43 -0
package/dist/services/storage-credential-manager.d.ts.map +1 -0
package/dist/services/storage-credential-manager.js +159 -0
package/dist/services/storage-credential-manager.js.map +1 -0
package/dist/services/storage-provisioner.d.ts +32 -0
package/dist/services/storage-provisioner.d.ts.map +1 -0
package/dist/services/storage-provisioner.js +136 -0
package/dist/services/storage-provisioner.js.map +1 -0
package/dist/services/storage.d.ts +65 -0
package/dist/services/storage.d.ts.map +1 -0
package/dist/services/storage.js +204 -0
package/dist/services/storage.js.map +1 -0
package/dist/services/troubleshooter.d.ts +22 -0
package/dist/services/troubleshooter.d.ts.map +1 -0
package/dist/services/troubleshooter.js +168 -0
package/dist/services/troubleshooter.js.map +1 -0
package/dist/services/vault-client.d.ts +114 -0
package/dist/services/vault-client.d.ts.map +1 -0
package/dist/services/vault-client.js +411 -0
package/dist/services/vault-client.js.map +1 -0
package/dist/utils/logger.d.ts +2 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +6 -0
package/dist/utils/logger.js.map +1 -0
package/dist/utils/response.d.ts +13 -0
package/dist/utils/response.d.ts.map +1 -0
package/dist/utils/response.js +12 -0
package/dist/utils/response.js.map +1 -0
package/docs/registry-migration.md +301 -0
package/docs/registry-quickstart.md +169 -0
package/ecosystem.config.cjs +14 -0
package/findings.md +168 -0
package/helm/default-service/Chart.yaml +6 -0
package/helm/default-service/templates/deployment.yaml +97 -0
package/helm/default-service/templates/ingress.yaml +43 -0
package/helm/default-service/templates/service.yaml +17 -0
package/helm/default-service/values.yaml +82 -0
package/helm/services/iec-builder/Chart.yaml +6 -0
package/helm/services/iec-builder/templates/_helpers.tpl +61 -0
package/helm/services/iec-builder/templates/deployment.yaml +73 -0
package/helm/services/iec-builder/templates/service.yaml +15 -0
package/helm/services/iec-builder/templates/serviceaccount.yaml +12 -0
package/helm/services/iec-builder/values.yaml +56 -0
package/helm/vault-values.yaml +127 -0
package/package.json +45 -0
package/progress.md +156 -0
package/scripts/.vault-init-keys.json +23 -0
package/scripts/backfill-ownership.ts +113 -0
package/scripts/finalize-mongo-auth.sh +212 -0
package/scripts/setup-ipset.sh +107 -0
package/scripts/setup-mongo-auth.sh +163 -0
package/scripts/setup-neo4j-auth.sh +62 -0
package/scripts/setup-redis-auth.sh +55 -0
package/scripts/setup-registry-secret.sh +71 -0
package/scripts/setup-vault.sh +308 -0
package/src/config/env.ts +117 -0
package/src/index.ts +153 -0
package/src/middleware/auth.ts +294 -0
package/src/middleware/org-access.ts +126 -0
package/src/models/types.ts +288 -0
package/src/routes/ai.ts +115 -0
package/src/routes/audit.ts +121 -0
package/src/routes/builds.ts +320 -0
package/src/routes/cluster.ts +235 -0
package/src/routes/config.ts +369 -0
package/src/routes/databases.ts +201 -0
package/src/routes/db-whitelist.ts +204 -0
package/src/routes/domains.ts +547 -0
package/src/routes/oauth.ts +195 -0
package/src/routes/observability.ts +205 -0
package/src/routes/orgs.ts +330 -0
package/src/routes/platform.ts +134 -0
package/src/routes/rotation.ts +191 -0
package/src/routes/services.ts +290 -0
package/src/routes/storage.ts +153 -0
package/src/routes/users.ts +235 -0
package/src/routes/webhooks.ts +384 -0
package/src/services/__tests__/catalog-storage.test.ts +186 -0
package/src/services/__tests__/deploy-pipeline.integration.test.ts +624 -0
package/src/services/__tests__/pod-diagnostics.test.ts +332 -0
package/src/services/__tests__/storage-credential-manager.test.ts +129 -0
package/src/services/__tests__/storage-provisioner.test.ts +166 -0
package/src/services/__tests__/troubleshooter.test.ts +329 -0
package/src/services/bio-client.ts +189 -0
package/src/services/build-queue.ts +137 -0
package/src/services/builder.ts +1800 -0
package/src/services/catalog.test.ts +1389 -0
package/src/services/catalog.ts +1187 -0
package/src/services/cloudflare.ts +259 -0
package/src/services/config-validator.test.ts +190 -0
package/src/services/config-validator.ts +108 -0
package/src/services/crypto.ts +78 -0
package/src/services/database.ts +122 -0
package/src/services/db-credential-manager.test.ts +101 -0
package/src/services/db-credential-manager.ts +447 -0
package/src/services/db-provisioner.test.ts +602 -0
package/src/services/db-provisioner.ts +589 -0
package/src/services/db-whitelist.test.ts +671 -0
package/src/services/db-whitelist.ts +496 -0
package/src/services/dependency-resolver.test.ts +677 -0
package/src/services/dependency-resolver.ts +319 -0
package/src/services/deploy-gate.test.ts +247 -0
package/src/services/deploy-gate.ts +75 -0
package/src/services/dockerfile-generator.test.ts +401 -0
package/src/services/dockerfile-generator.ts +606 -0
package/src/services/forgejo.ts +212 -0
package/src/services/koko.ts +492 -0
package/src/services/kubernetes.ts +141 -0
package/src/services/oauth-provisioner.test.ts +477 -0
package/src/services/oauth-provisioner.ts +286 -0
package/src/services/pod-diagnostics.ts +261 -0
package/src/services/rotation-scheduler.ts +293 -0
package/src/services/storage-credential-manager.ts +223 -0
package/src/services/storage-provisioner.ts +216 -0
package/src/services/storage.ts +274 -0
package/src/services/troubleshooter.ts +208 -0
package/src/services/vault-client.test.ts +272 -0
package/src/services/vault-client.ts +587 -0
package/src/utils/logger.ts +6 -0
package/src/utils/response.ts +23 -0
package/task_plan.md +171 -0
package/tsconfig.json +20 -0
package/vitest.config.ts +19 -0

package/.claude/settings.local.json ADDED Viewed

@@ -0,0 +1,111 @@
+{
+  "permissions": {
+    "allow": [
+      "mcp__filesystem__directory_tree",
+      "mcp__filesystem__read_multiple_files",
+      "Bash(git config:*)",
+      "mcp__filesystem__list_directory",
+      "mcp__filesystem__list_allowed_directories",
+      "mcp__jci-mcp__bible_create",
+      "mcp__jci-mcp__bible_publish",
+      "mcp__jci-mcp__bible_append",
+      "Bash(git add:*)",
+      "Bash(git commit:*)",
+      "Bash(iec deploy:*)",
+      "Bash(iec logs:*)",
+      "Bash(npm install)",
+      "Bash(git push)",
+      "Bash(gh run list:*)",
+      "Bash(ssh:*)",
+      "Bash(pnpm iec link:*)",
+      "Bash(pnpm iec deploy:*)",
+      "Bash(pnpm iec logs:*)",
+      "Bash(kubectl get:*)",
+      "Bash(kubectl describe:*)",
+      "Bash(doctl compute droplet-size list:*)",
+      "Bash(doctl compute size list:*)",
+      "Bash(doctl compute size:*)",
+      "Bash(sort:*)",
+      "Bash(kubectl apply:*)",
+      "mcp__filesystem__search_files",
+      "Read(//Users/daryx/dev/**)",
+      "Bash(ls:*)",
+      "Bash(iec status:*)",
+      "Bash(npm run build:*)",
+      "Bash(git -C /Users/daryx/dev/tawa-web log --oneline -3)",
+      "WebFetch(domain:tawa.insureco.io)",
+      "Bash(npx tsc:*)",
+      "Bash(npx tsx:*)",
+      "Bash(doctl kubernetes cluster:*)",
+      "Bash(scp:*)",
+      "Bash(dig:*)",
+      "mcp__firecrawl__firecrawl_search",
+      "mcp__firecrawl__firecrawl_scrape",
+      "Bash(FORGEJO_TOKEN=\"afa025a5fa8a07633ddc50acb32945da5c1f86b3\")",
+      "Bash(for name in iec-builder iec-koko iec-janus iec-bio checkcle iec-wallet tawa-web resi-tech icap-portal iec-relay sandiego-site)",
+      "Bash(do echo -n \"$name: \")",
+      "Bash(python3:*)",
+      "Bash(done)",
+      "Bash(bash -c '\nFORGEJO_TOKEN=\"\"afa025a5fa8a07633ddc50acb32945da5c1f86b3\"\"\nWORK_DIR=\"\"/tmp/git-migration\"\"\nmkdir -p \"\"$WORK_DIR\"\"\n\ndeclare -A REPOS\nREPOS[\"\"git@github.com:insurecosys/iec-builder.git\"\"]=\"\"iec-builder\"\"\nREPOS[\"\"git@github.com:insurecosys/iec-koko.git\"\"]=\"\"iec-koko\"\"\nREPOS[\"\"git@github.com:insurecosys/iec-janus.git\"\"]=\"\"iec-janus\"\"\nREPOS[\"\"git@github.com:insurecosys/iec-bio.git\"\"]=\"\"iec-bio\"\"\nREPOS[\"\"git@github.com:insurecosys/checkcle.git\"\"]=\"\"checkcle\"\"\nREPOS[\"\"git@github.com:insurecosys/iec-wallet.git\"\"]=\"\"iec-wallet\"\"\nREPOS[\"\"git@github.com:insurecosys/tawa-web.git\"\"]=\"\"tawa-web\"\"\nREPOS[\"\"git@github.com:insureco/resi-tech.git\"\"]=\"\"resi-tech\"\"\nREPOS[\"\"git@github.com:insurecosys/icap-portal.git\"\"]=\"\"icap-portal\"\"\nREPOS[\"\"git@github.com:insurecosys/iec-relay.git\"\"]=\"\"iec-relay\"\"\nREPOS[\"\"git@github.com:sagmahajan/sandiego-site.git\"\"]=\"\"sandiego-site\"\"\n\nfor github_url in \"\"${!REPOS[@]}\"\"; do\n  name=\"\"${REPOS[$github_url]}\"\"\n  echo \"\"=== $name ===\"\"\n  cd \"\"$WORK_DIR\"\"\n  rm -rf \"\"${name}.git\"\"\n  git clone --bare \"\"$github_url\"\" \"\"${name}.git\"\" 2>&1 | tail -1\n  cd \"\"${name}.git\"\"\n  git push --mirror \"\"https://forgejo-token:${FORGEJO_TOKEN}@git.insureco.io/insureco/${name}.git\"\" 2>&1 | tail -3\n  echo \"\"\"\"\ndone\n')",
+      "Bash(wc:*)",
+      "Bash(chmod:*)",
+      "Bash(git -C /Users/daryx/dev/tawa-cli add src/commands/org.ts src/commands/login.ts src/index.ts src/lib/builder.ts)",
+      "Bash(git -C /Users/daryx/dev/tawa-cli diff --cached --stat)",
+      "Bash(git -C /Users/daryx/dev/tawa-cli push)",
+      "Bash(npm publish:*)",
+      "Bash(npx turbo run build:*)",
+      "Bash(mongosh:*)",
+      "Bash(tawa config list:*)",
+      "Bash(tawa deploy:*)",
+      "Bash(NEW_URI=\"mongodb://svc_relay_prod:W143iTjsvqrqyTgGIWq1fYsaKSLwPrgv@64.23.181.20:27017/relay?authSource=relay\")",
+      "Bash(tawa status:*)",
+      "Bash(kubectl logs:*)",
+      "Bash(tawa login:*)",
+      "Bash(tawa services:*)",
+      "Bash(git clone:*)",
+      "Bash(node dist/index.js:*)",
+      "Bash(kubectl exec:*)",
+      "Bash(tawa logs:*)",
+      "Skill(planning-with-files)",
+      "Skill(planning-with-files:*)",
+      "Bash(kubectl run:*)",
+      "Bash(kubectl delete:*)",
+      "Bash(aws kms create-alias:*)",
+      "Bash(aws iam create-user:*)",
+      "Bash(aws iam put-user-policy:*)",
+      "Bash(aws iam create-access-key:*)",
+      "Bash(bash:*)",
+      "Bash(git fetch:*)",
+      "WebFetch(domain:paketo.io)",
+      "WebFetch(domain:nixpacks.com)",
+      "WebFetch(domain:buildpacks.io)",
+      "WebFetch(domain:github.com)",
+      "WebFetch(domain:raw.githubusercontent.com)",
+      "Bash(gh api:*)",
+      "Bash(npm info:*)",
+      "Bash(go version:*)",
+      "Bash(git stash:*)",
+      "Bash(git revert:*)",
+      "Bash(git rm:*)",
+      "Bash(host:*)",
+      "Bash(nslookup:*)",
+      "Bash(npm view:*)",
+      "Bash(head:*)",
+      "Bash(tail:*)",
+      "Bash(git -C /Users/daryx/dev/tawa-cli add src/commands/sample.ts src/lib/scaffold.ts src/index.ts)",
+      "Bash(git -C /Users/daryx/dev/tawa-cli commit -m \"$\\(cat <<''EOF''\nfeat: add --with-storage flag to tawa sample scaffold\n\nAdds S3 object storage support to scaffolded projects. When used,\npatches package.json with tawa-storage dependency, adds spec.storage\nto catalog-info.yaml, and creates src/storage.ts helper file.\nEOF\n\\)\")",
+      "Bash(git -C /Users/daryx/dev/tawa-web add \"src/app/\\(public\\)/docs/storage/page.tsx\" \"src/app/\\(public\\)/docs/layout.tsx\" \"src/app/\\(public\\)/docs/page.tsx\")",
+      "Bash(git -C /Users/daryx/dev/tawa-web commit -m \"$\\(cat <<''EOF''\ndocs: add Object Storage guide\n\nCovers YAML config, storage tiers, env vars, tawa-storage SDK usage,\nAPI reference, local development with Docker MinIO, and scaffold support.\nEOF\n\\)\")",
+      "Bash(npx turbo build:*)",
+      "Bash(git -C /Users/daryx/dev/iec-bio remote:*)",
+      "mcp__iec-cf__list_dns_records",
+      "Bash(tawa domain add:*)",
+      "Bash(npx tawa:*)",
+      "Bash(xargs:*)",
+      "Bash(for i in {1..3})",
+      "Bash(do echo \"Attempt $i:\")",
+      "Bash(sudo dscacheutil:*)",
+      "Bash(sudo killall:*)"
+    ]
+  }
+}

package/.iec.yaml ADDED Viewed

@@ -0,0 +1,5 @@
+serviceId: c77af113-c779-4bb9-8e17-ef8d3d0d4708
+serviceName: iec-builder
+repoUrl: git@github.com:insurecosys/iec-builder.git
+branch: main
+linkedAt: 2026-01-23T01:57:21.894Z

package/CLAUDE.md ADDED Viewed

@@ -0,0 +1,174 @@
+# iec-builder
+Build and deployment server for Tawa platform services. Runs on tawa-builder server (64.23.181.20, PM2 process 0).
+## Architecture
+### Deployment Flow
+`tawa deploy` triggers the builder which:
+1. Clones repo at specified commit
+2. Reads `catalog-info.yaml` for service metadata (framework, databases, auth, routes)
+3. Builds Docker image (auto-generates Dockerfile if missing)
+4. Pushes to DigitalOcean Container Registry
+5. Provisions databases (MongoDB, Redis, Neo4j) and creates K8s secrets
+6. Provisions OAuth client via Bio-ID and creates K8s secret
+7. Deploys via Helm (default-service chart or custom chart)
+8. Registers service in Koko (service mesh)
+9. Configures DNS
+### Key Source Files
+| File | Purpose |
+|------|---------|
+| `src/services/builder.ts` | Core build/deploy orchestration |
+| `src/services/crypto.ts` | AES-256-GCM encryption for secrets |
+| `src/services/db-provisioner.ts` | Database provisioning and secret creation |
+| `src/services/db-credential-manager.ts` | Per-service MongoDB user management |
+| `src/services/oauth-provisioner.ts` | Bio-ID OAuth client provisioning |
+| `src/routes/config.ts` | Config/secrets CRUD API |
+| `src/routes/builds.ts` | Build trigger and status API |
+| `src/routes/databases.ts` | Database credential listing and rotation API |
+| `src/services/db-whitelist.ts` | Self-service DB access (IP whitelist + ipset) |
+| `src/routes/db-whitelist.ts` | Whitelist API endpoints |
+| `helm/default-service/` | Default Helm chart used for most services |
+## Managed Secrets System
+Secrets are stored encrypted in MongoDB and injected into Kubernetes on deploy.
+### Flow
+1. Developer sets secret: `tawa config set KEY=VALUE --secret`
+2. API encrypts value with AES-256-GCM using `CONFIG_ENCRYPTION_KEY`
+3. Encrypted value stored in `service.secrets` in MongoDB
+4. On deploy, builder decrypts and creates K8s Secret: `{service}-managed-secrets`
+5. Helm receives `--set secretRef={service}-managed-secrets`
+6. Pod mounts the secret via `envFrom.secretRef`
+### Secret Naming Convention
+| Type | K8s Secret Name | Created By |
+|------|----------------|------------|
+| Managed (user-defined) | `{service}-managed-secrets` | builder.ts (deploy) |
+| MongoDB | `{service}-db-mongodb` | db-provisioner.ts |
+| Redis | `{service}-db-redis` | db-provisioner.ts |
+| Neo4j | `{service}-db-neo4j` | db-provisioner.ts |
+| OAuth | `{service}-oauth` | oauth-provisioner.ts |
+| DB Credentials (auth) | `{service}-db-{type}` | db-provisioner.ts (with credentials) |
+### Important
+- `CONFIG_ENCRYPTION_KEY` (env var, 64-char hex) is required for secret operations
+- Secret values are NEVER returned by the API -- only key names
+- `tawa config pull` decrypts and writes to `.env.local` (audited)
+- Do NOT create Helm `secret.yaml` templates -- let the builder handle secrets
+## Helm Charts
+### Default Service Chart (`helm/default-service/`)
+Used for most services. The deployment template mounts:
+- `{release}-config` (ConfigMap, optional) -- plain env vars via `--set env.KEY=val`
+- `{release}-secrets` (Secret, optional) -- legacy, not actively created
+- `secretRef` value (Secret) -- managed secrets, set via `--set secretRef=`
+### Custom Charts
+Services with custom Helm charts (in their own repo or `iec-tawa/helm/services/`) should:
+- Reference secrets via `secretRef` in values.yaml, NOT create secret templates
+- Let the builder inject `--set secretRef=` during deploy
+## Per-Service Database Credentials
+When `DB_MONGODB_ADMIN_URI` is set, the builder provisions per-service MongoDB users with `readWrite` role scoped to the service's database. This is opt-in and backwards-compatible -- when the env var is empty, the builder falls back to unauthenticated connection strings.
+### Flow
+1. On deploy, `db-provisioner.ts` checks if `DB_MONGODB_ADMIN_URI` is configured
+2. If configured: generates username (`svc_{service}_{env}`), password (32 random bytes, base64url)
+3. Calls `ensureMongoUser()` -- idempotent create/update of MongoDB user via admin connection
+4. Builds authenticated connection string: `mongodb://user:pass@host:port/db?authSource=db`
+5. Creates K8s secret with authenticated URI
+6. Encrypts password and stores in `service.databaseCredentials`
+### Credential Rotation
+`POST /services/:name/databases/:type/rotate` generates a new password, updates the MongoDB user, updates the K8s secret, and stores the new encrypted password. Requires org admin role. Services must redeploy to pick up rotated credentials.
+### Environment Variable
+`DB_MONGODB_ADMIN_URI` -- MongoDB admin connection string (e.g., `mongodb://admin:pass@host:27017/admin?authSource=admin`). Required for credential provisioning. When empty, databases are provisioned without authentication (legacy behavior).
+## Database Whitelist (Self-Service DB Access)
+Developers can temporarily whitelist their IP for direct MongoDB access from tools like Studio 3T via `tawa db connect`. No SSH tunnels needed.
+### How It Works
+1. Developer runs `tawa db connect <service> --prod`
+2. CLI calls `POST /services/:name/databases/whitelist` on the builder
+3. Builder adds caller's IP to Linux `ipset` with TTL (auto-expires)
+4. Builder decrypts service credentials and returns a MongoDB connection string
+5. Audit record inserted in `db_whitelists` collection (TTL index auto-cleans)
+### Firewall (ipset + iptables)
+Port 27017 is firewalled on tawa-builder. A named `ipset` (`mongodb-access`) controls which external IPs can connect:
+```
+Rule 1: ACCEPT tcp/27017 from ipset mongodb-access  (whitelisted IPs)
+Rule 2: ACCEPT tcp/27017 from 127.0.0.1             (localhost/builder)
+Rule 3: ACCEPT tcp/27017 from 10.0.0.0/8            (K8s nodes)
+Rule 4: DROP   tcp/27017                             (everything else)
+```
+The builder manages ipset entries via `sudo ipset add/del` (NOPASSWD configured in `/etc/sudoers.d/ipset-tawa`). Each entry has a kernel-level TTL that auto-removes it when expired.
+### Access Levels
+| Org Role | Access Level | MongoDB User |
+|----------|-------------|-------------|
+| member | `read` | `svc_{service}_{env}_ro` (lazy-provisioned) |
+| admin | `readWrite` | `svc_{service}_{env}` (existing deploy cred) |
+### API Endpoints
+| Method | Endpoint | Role | Purpose |
+|--------|----------|------|---------|
+| `POST` | `/services/:name/databases/whitelist` | member | Whitelist IP, get connection string |
+| `GET` | `/services/:name/databases/whitelist` | viewer | List active entries (no credentials) |
+| `DELETE` | `/services/:name/databases/whitelist/:id` | admin | Revoke entry, remove IP from firewall |
+| `GET` | `/databases/whitelist` | platform admin | List all entries across orgs |
+### Key Source Files
+| File | Purpose |
+|------|---------|
+| `src/services/db-whitelist.ts` | Core service: IP validation, ipset management, credential lookup, audit |
+| `src/routes/db-whitelist.ts` | API endpoints with org-scoped auth |
+| `scripts/setup-ipset.sh` | One-time server setup (ipset + iptables rules) |
+### Startup Reconciliation
+On builder restart, `reconcileOnStartup()` re-adds active whitelist entries to ipset (kernel ipset is cleared on reboot, but MongoDB records persist). Entries with expired TTLs are skipped.
+### Environment Variables
+- `DB_MONGODB_PUBLIC_HOST` -- public IP for connection strings (falls back to `DB_MONGODB_HOST`)
+## Config API
+| Method | Endpoint | Purpose |
+|--------|----------|---------|
+| `GET` | `/services/:name/config` | List config vars + secret key names |
+| `PATCH` | `/services/:name/config` | Set config vars or secrets |
+| `DELETE` | `/services/:name/config` | Remove config vars or secrets |
+| `GET` | `/services/:name/config/pull` | Download decrypted config (audited) |
+## Testing
+```bash
+npm test          # unit tests (vitest)
+npm run build     # TypeScript compilation check
+```

package/Dockerfile ADDED Viewed

@@ -0,0 +1,34 @@
+FROM node:20-alpine AS builder
+WORKDIR /app
+# Copy package files
+COPY package*.json ./
+# Install all dependencies (including dev for building)
+RUN npm ci
+# Copy source code
+COPY tsconfig.json ./
+COPY src/ ./src/
+# Build TypeScript
+RUN npm run build
+# Production stage
+FROM node:20-alpine
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci --omit=dev
+# Copy built application from builder stage
+COPY --from=builder /app/dist ./dist
+ENV NODE_ENV=production
+ENV PORT=3002
+EXPOSE 3002
+CMD ["node", "dist/index.js"]

package/README.md ADDED Viewed

@@ -0,0 +1,84 @@
+# iec-builder
+CI/CD Build Service for InsurEco Tawa platform.
+## Overview
+iec-builder receives webhooks from Git providers (GitHub, GitLab, Bitbucket), builds Docker images, and deploys to Kubernetes. It runs on the tawa-builder server (64.23.181.20) alongside Docker.
+## Architecture
+```
+Developer's Repo → Webhook → iec-builder → Docker Build → registry.insureco.io → K8s Deploy
+```
+## API Endpoints
+### Webhooks
+- `POST /webhooks/github` - GitHub push webhook
+- `POST /webhooks/gitlab` - GitLab push webhook
+- `POST /webhooks/generic` - Generic webhook
+### Services (registered apps)
+- `GET /services` - List registered services
+- `POST /services` - Register a new service
+- `GET /services/:id` - Get service details
+- `PATCH /services/:id` - Update service config
+- `DELETE /services/:id` - Unregister service
+- `GET /services/:id/builds` - Get builds for service
+### Builds
+- `GET /builds` - List builds
+- `GET /builds/:id` - Get build details
+- `GET /builds/:id/logs` - Get build logs
+- `POST /builds/trigger` - Manually trigger build
+- `POST /builds/:id/cancel` - Cancel a build
+- `POST /builds/:id/retry` - Retry a failed build
+## Development
+```bash
+npm install
+npm run dev
+```
+## Deployment (tawa-builder)
+```bash
+# SSH into tawa-builder
+ssh tawa
+# Deploy updates
+cd /opt/iec-builder
+git pull origin main
+npm install
+npm run build
+pm2 restart iec-builder
+pm2 save
+```
+### Server Details
+- **Host**: 64.23.181.20 (ssh alias: `tawa`)
+- **User**: tawa
+- **SSH Key**: ~/.ssh/do_2025
+- **App Path**: /opt/iec-builder
+- **PM2 ID**: 0
+### Quick Deploy Command
+```bash
+ssh tawa "cd /opt/iec-builder && git pull && npm install && npm run build && pm2 restart iec-builder"
+```
+## Environment Variables
+| Variable | Default | Description |
+|----------|---------|-------------|
+| PORT | 3002 | HTTP port |
+| MONGODB_URI | mongodb://localhost:27017/builder | MongoDB connection |
+| REDIS_URL | redis://localhost:6379 | Redis connection |
+| KOKO_URL | http://koko... | Koko service URL |
+| WORKSPACE_DIR | /tmp/iec-builds | Build workspace |
+| DOCKER_REGISTRY | registry.insureco.io/insureco | Container registry |
+| DOCKER_REGISTRY_USER | | Registry username (Forgejo user) |
+| DOCKER_REGISTRY_TOKEN | | Registry password (Forgejo access token) |
+| K8S_NAMESPACE | iec-platform | Kubernetes namespace |

package/catalog-info.yaml ADDED Viewed

@@ -0,0 +1,11 @@
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: iec-builder
+  description: CI/CD build service for InsurEco Tawa platform
+  annotations:
+    github.com/project-slug: insurecosys/iec-builder
+spec:
+  type: service
+  lifecycle: production
+  owner: platform-team

package/dist/config/env.d.ts ADDED Viewed

@@ -0,0 +1,219 @@
+import { z } from 'zod';
+declare const envSchema: z.ZodObject<{
+    NODE_ENV: z.ZodDefault<z.ZodEnum<["development", "staging", "production", "test"]>>;
+    PORT: z.ZodDefault<z.ZodEffects<z.ZodString, number, string>>;
+    LOG_LEVEL: z.ZodDefault<z.ZodEnum<["fatal", "error", "warn", "info", "debug", "trace"]>>;
+    MONGODB_URI: z.ZodDefault<z.ZodString>;
+    BIO_MONGODB_URI: z.ZodDefault<z.ZodString>;
+    REDIS_URL: z.ZodDefault<z.ZodString>;
+    DB_MONGODB_ADMIN_URI: z.ZodDefault<z.ZodString>;
+    DB_MONGODB_HOST: z.ZodDefault<z.ZodString>;
+    DB_MONGODB_PUBLIC_HOST: z.ZodDefault<z.ZodString>;
+    DB_MONGODB_PORT: z.ZodDefault<z.ZodEffects<z.ZodString, number, string>>;
+    DB_REDIS_ADMIN_URL: z.ZodDefault<z.ZodString>;
+    DB_REDIS_HOST: z.ZodDefault<z.ZodString>;
+    DB_REDIS_PORT: z.ZodDefault<z.ZodEffects<z.ZodString, number, string>>;
+    DB_NEO4J_ADMIN_URI: z.ZodDefault<z.ZodString>;
+    DB_NEO4J_ADMIN_USER: z.ZodDefault<z.ZodString>;
+    DB_NEO4J_ADMIN_PASSWORD: z.ZodDefault<z.ZodString>;
+    DB_NEO4J_HOST: z.ZodDefault<z.ZodString>;
+    DB_NEO4J_PORT: z.ZodDefault<z.ZodEffects<z.ZodString, number, string>>;
+    MINIO_HOST: z.ZodDefault<z.ZodString>;
+    MINIO_PORT: z.ZodDefault<z.ZodEffects<z.ZodString, number, string>>;
+    KOKO_URL: z.ZodDefault<z.ZodString>;
+    BIO_ID_URL: z.ZodDefault<z.ZodString>;
+    BIO_INTERNAL_KEY: z.ZodDefault<z.ZodString>;
+    WORKSPACE_DIR: z.ZodDefault<z.ZodString>;
+    DOCKER_REGISTRY: z.ZodDefault<z.ZodString>;
+    MAX_UPLOAD_SIZE_MB: z.ZodDefault<z.ZodEffects<z.ZodString, number, string>>;
+    ENABLE_AUTO_DOCKERFILE: z.ZodDefault<z.ZodString>;
+    ENFORCE_MINIMUM_CATALOG_VERSION: z.ZodDefault<z.ZodString>;
+    KUBECONFIG: z.ZodDefault<z.ZodString>;
+    K8S_NAMESPACE: z.ZodDefault<z.ZodString>;
+    ENABLE_K8S_DEPLOY: z.ZodDefault<z.ZodString>;
+    CLOUDFLARE_API_TOKEN: z.ZodDefault<z.ZodString>;
+    CLOUDFLARE_ZONE_ID: z.ZodDefault<z.ZodString>;
+    INGRESS_TARGET: z.ZodDefault<z.ZodString>;
+    ENABLE_DNS_MANAGEMENT: z.ZodDefault<z.ZodString>;
+    FORGEJO_URL: z.ZodDefault<z.ZodString>;
+    FORGEJO_TOKEN: z.ZodDefault<z.ZodString>;
+    FORGEJO_ADMIN_USER: z.ZodDefault<z.ZodString>;
+    FORGEJO_ADMIN_PASSWORD: z.ZodDefault<z.ZodString>;
+    GITHUB_TOKEN: z.ZodDefault<z.ZodString>;
+    GITHUB_WEBHOOK_SECRET: z.ZodDefault<z.ZodString>;
+    GITLAB_WEBHOOK_SECRET: z.ZodDefault<z.ZodString>;
+    WALLET_URL: z.ZodDefault<z.ZodString>;
+    INTERNAL_SERVICE_KEY: z.ZodDefault<z.ZodString>;
+    BUILD_CONCURRENCY: z.ZodDefault<z.ZodEffects<z.ZodString, number, string>>;
+    VAULT_ADDR: z.ZodDefault<z.ZodString>;
+    VAULT_TOKEN: z.ZodDefault<z.ZodString>;
+    VAULT_ENABLED: z.ZodDefault<z.ZodString>;
+    ROTATION_TTL_DAYS: z.ZodDefault<z.ZodEffects<z.ZodString, number, string>>;
+    RELAY_DIRECT_URL: z.ZodDefault<z.ZodString>;
+    RELAY_INTERNAL_KEY: z.ZodDefault<z.ZodString>;
+    ANTHROPIC_API_KEY: z.ZodDefault<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    NODE_ENV: "development" | "staging" | "production" | "test";
+    PORT: number;
+    LOG_LEVEL: "fatal" | "error" | "warn" | "info" | "debug" | "trace";
+    MONGODB_URI: string;
+    BIO_MONGODB_URI: string;
+    REDIS_URL: string;
+    DB_MONGODB_ADMIN_URI: string;
+    DB_MONGODB_HOST: string;
+    DB_MONGODB_PUBLIC_HOST: string;
+    DB_MONGODB_PORT: number;
+    DB_REDIS_ADMIN_URL: string;
+    DB_REDIS_HOST: string;
+    DB_REDIS_PORT: number;
+    DB_NEO4J_ADMIN_URI: string;
+    DB_NEO4J_ADMIN_USER: string;
+    DB_NEO4J_ADMIN_PASSWORD: string;
+    DB_NEO4J_HOST: string;
+    DB_NEO4J_PORT: number;
+    MINIO_HOST: string;
+    MINIO_PORT: number;
+    KOKO_URL: string;
+    BIO_ID_URL: string;
+    BIO_INTERNAL_KEY: string;
+    WORKSPACE_DIR: string;
+    DOCKER_REGISTRY: string;
+    MAX_UPLOAD_SIZE_MB: number;
+    ENABLE_AUTO_DOCKERFILE: string;
+    ENFORCE_MINIMUM_CATALOG_VERSION: string;
+    KUBECONFIG: string;
+    K8S_NAMESPACE: string;
+    ENABLE_K8S_DEPLOY: string;
+    CLOUDFLARE_API_TOKEN: string;
+    CLOUDFLARE_ZONE_ID: string;
+    INGRESS_TARGET: string;
+    ENABLE_DNS_MANAGEMENT: string;
+    FORGEJO_URL: string;
+    FORGEJO_TOKEN: string;
+    FORGEJO_ADMIN_USER: string;
+    FORGEJO_ADMIN_PASSWORD: string;
+    GITHUB_TOKEN: string;
+    GITHUB_WEBHOOK_SECRET: string;
+    GITLAB_WEBHOOK_SECRET: string;
+    WALLET_URL: string;
+    INTERNAL_SERVICE_KEY: string;
+    BUILD_CONCURRENCY: number;
+    VAULT_ADDR: string;
+    VAULT_TOKEN: string;
+    VAULT_ENABLED: string;
+    ROTATION_TTL_DAYS: number;
+    RELAY_DIRECT_URL: string;
+    RELAY_INTERNAL_KEY: string;
+    ANTHROPIC_API_KEY: string;
+}, {
+    NODE_ENV?: "development" | "staging" | "production" | "test" | undefined;
+    PORT?: string | undefined;
+    LOG_LEVEL?: "fatal" | "error" | "warn" | "info" | "debug" | "trace" | undefined;
+    MONGODB_URI?: string | undefined;
+    BIO_MONGODB_URI?: string | undefined;
+    REDIS_URL?: string | undefined;
+    DB_MONGODB_ADMIN_URI?: string | undefined;
+    DB_MONGODB_HOST?: string | undefined;
+    DB_MONGODB_PUBLIC_HOST?: string | undefined;
+    DB_MONGODB_PORT?: string | undefined;
+    DB_REDIS_ADMIN_URL?: string | undefined;
+    DB_REDIS_HOST?: string | undefined;
+    DB_REDIS_PORT?: string | undefined;
+    DB_NEO4J_ADMIN_URI?: string | undefined;
+    DB_NEO4J_ADMIN_USER?: string | undefined;
+    DB_NEO4J_ADMIN_PASSWORD?: string | undefined;
+    DB_NEO4J_HOST?: string | undefined;
+    DB_NEO4J_PORT?: string | undefined;
+    MINIO_HOST?: string | undefined;
+    MINIO_PORT?: string | undefined;
+    KOKO_URL?: string | undefined;
+    BIO_ID_URL?: string | undefined;
+    BIO_INTERNAL_KEY?: string | undefined;
+    WORKSPACE_DIR?: string | undefined;
+    DOCKER_REGISTRY?: string | undefined;
+    MAX_UPLOAD_SIZE_MB?: string | undefined;
+    ENABLE_AUTO_DOCKERFILE?: string | undefined;
+    ENFORCE_MINIMUM_CATALOG_VERSION?: string | undefined;
+    KUBECONFIG?: string | undefined;
+    K8S_NAMESPACE?: string | undefined;
+    ENABLE_K8S_DEPLOY?: string | undefined;
+    CLOUDFLARE_API_TOKEN?: string | undefined;
+    CLOUDFLARE_ZONE_ID?: string | undefined;
+    INGRESS_TARGET?: string | undefined;
+    ENABLE_DNS_MANAGEMENT?: string | undefined;
+    FORGEJO_URL?: string | undefined;
+    FORGEJO_TOKEN?: string | undefined;
+    FORGEJO_ADMIN_USER?: string | undefined;
+    FORGEJO_ADMIN_PASSWORD?: string | undefined;
+    GITHUB_TOKEN?: string | undefined;
+    GITHUB_WEBHOOK_SECRET?: string | undefined;
+    GITLAB_WEBHOOK_SECRET?: string | undefined;
+    WALLET_URL?: string | undefined;
+    INTERNAL_SERVICE_KEY?: string | undefined;
+    BUILD_CONCURRENCY?: string | undefined;
+    VAULT_ADDR?: string | undefined;
+    VAULT_TOKEN?: string | undefined;
+    VAULT_ENABLED?: string | undefined;
+    ROTATION_TTL_DAYS?: string | undefined;
+    RELAY_DIRECT_URL?: string | undefined;
+    RELAY_INTERNAL_KEY?: string | undefined;
+    ANTHROPIC_API_KEY?: string | undefined;
+}>;
+export type Env = z.infer<typeof envSchema>;
+export declare function loadEnv(): Env;
+export declare const env: {
+    NODE_ENV: "development" | "staging" | "production" | "test";
+    PORT: number;
+    LOG_LEVEL: "fatal" | "error" | "warn" | "info" | "debug" | "trace";
+    MONGODB_URI: string;
+    BIO_MONGODB_URI: string;
+    REDIS_URL: string;
+    DB_MONGODB_ADMIN_URI: string;
+    DB_MONGODB_HOST: string;
+    DB_MONGODB_PUBLIC_HOST: string;
+    DB_MONGODB_PORT: number;
+    DB_REDIS_ADMIN_URL: string;
+    DB_REDIS_HOST: string;
+    DB_REDIS_PORT: number;
+    DB_NEO4J_ADMIN_URI: string;
+    DB_NEO4J_ADMIN_USER: string;
+    DB_NEO4J_ADMIN_PASSWORD: string;
+    DB_NEO4J_HOST: string;
+    DB_NEO4J_PORT: number;
+    MINIO_HOST: string;
+    MINIO_PORT: number;
+    KOKO_URL: string;
+    BIO_ID_URL: string;
+    BIO_INTERNAL_KEY: string;
+    WORKSPACE_DIR: string;
+    DOCKER_REGISTRY: string;
+    MAX_UPLOAD_SIZE_MB: number;
+    ENABLE_AUTO_DOCKERFILE: string;
+    ENFORCE_MINIMUM_CATALOG_VERSION: string;
+    KUBECONFIG: string;
+    K8S_NAMESPACE: string;
+    ENABLE_K8S_DEPLOY: string;
+    CLOUDFLARE_API_TOKEN: string;
+    CLOUDFLARE_ZONE_ID: string;
+    INGRESS_TARGET: string;
+    ENABLE_DNS_MANAGEMENT: string;
+    FORGEJO_URL: string;
+    FORGEJO_TOKEN: string;
+    FORGEJO_ADMIN_USER: string;
+    FORGEJO_ADMIN_PASSWORD: string;
+    GITHUB_TOKEN: string;
+    GITHUB_WEBHOOK_SECRET: string;
+    GITLAB_WEBHOOK_SECRET: string;
+    WALLET_URL: string;
+    INTERNAL_SERVICE_KEY: string;
+    BUILD_CONCURRENCY: number;
+    VAULT_ADDR: string;
+    VAULT_TOKEN: string;
+    VAULT_ENABLED: string;
+    ROTATION_TTL_DAYS: number;
+    RELAY_DIRECT_URL: string;
+    RELAY_INTERNAL_KEY: string;
+    ANTHROPIC_API_KEY: string;
+};
+export {};
+//# sourceMappingURL=env.d.ts.map

package/dist/config/env.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../../src/config/env.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAQvB,QAAA,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA2Fb,CAAA;AAEF,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,SAAS,CAAC,CAAA;AAE3C,wBAAgB,OAAO,IAAI,GAAG,CAS7B;AAED,eAAO,MAAM,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAAY,CAAA"}