kastell 1.4.0 → 1.5.2

package/README.md

@@ -14,8 +14,6 @@
 ![License](https://img.shields.io/badge/license-Apache%202.0-blue)
 ![GitHub stars](https://img.shields.io/github/stars/kastelldev/kastell?style=flat-square)
 [![Socket Badge](https://socket.dev/api/badge/npm/package/kastell)](https://socket.dev/npm/package/kastell)
-[![Website](https://img.shields.io/website?url=https%3A%2F%2Fkastell.dev&label=website)](https://kastell.dev)
-
 ## Why Kastell Exists
 
 Most self-hosted servers break because:
@@ -45,7 +43,7 @@ Running `kastell` without any arguments launches an **interactive search menu**
  ██║  ██╗  ██║  ██║ ███████║   ██║   ███████╗███████╗███████╗
  ╚═╝  ╚═╝  ╚═╝  ╚═╝ ╚══════╝   ╚═╝   ╚══════╝╚══════╝╚══════╝
 
-  KASTELL  v1.4.0  ·  Your infrastructure, fortified.
+  KASTELL  v1.5.2  ·  Your infrastructure, fortified.
 
   $ kastell init --template production  → deploy a new server
   $ kastell status --all                → check all servers
@@ -150,6 +148,22 @@ kastell secure setup my-server      # SSH hardening + fail2ban
 kastell domain add my-server --domain example.com  # Set domain + SSL
 ```
 
+### Security Audit
+```bash
+kastell audit my-server                # Full security audit (9 categories, 46+ checks)
+kastell audit my-server --json         # JSON output for automation
+kastell audit my-server --threshold 70 # Exit code 1 if score below threshold
+kastell audit my-server --fix          # Interactive fix mode (prompts per severity)
+kastell audit my-server --fix --dry-run # Preview fixes without executing
+kastell audit my-server --watch        # Re-audit every 5 min, show only changes
+kastell audit my-server --watch 60     # Custom interval (60 seconds)
+kastell audit --host root@1.2.3.4     # Audit unregistered server
+kastell audit my-server --badge        # SVG badge output
+kastell audit my-server --report html  # Full HTML report
+kastell audit my-server --score-only   # Just the score (CI-friendly)
+kastell audit my-server --summary      # Compact dashboard view
+```
+
 ### Monitor & Debug
 ```bash
 kastell monitor my-server             # CPU, RAM, disk usage
@@ -163,20 +177,20 @@ kastell doctor                         # Check local environment
 
 | Provider | Status | Regions | Starting Price |
 |----------|--------|---------|---------------|
-| [Hetzner Cloud](https://hetzner.cloud) | Stable | EU, US | ~EUR4/mo |
+| [Hetzner Cloud](https://hetzner.cloud) | Stable | EU, US | ~€4/mo |
 | [DigitalOcean](https://digitalocean.com) | Stable | Global | ~$18/mo |
-| [Vultr](https://vultr.com) | Stable | Global | ~$10/mo |
-| [Linode (Akamai)](https://linode.com) | Beta | Global | ~$24/mo |
+| [Vultr](https://vultr.com) | Stable | Global | ~$12/mo |
+| [Linode (Akamai)](https://linode.com) | Beta | Global | ~$12/mo |
 
-> Prices reflect the default starter template per provider. You can choose a different size during setup. Linode support is in beta -- community testing welcome.
+> Prices reflect the cheapest plan with at least 2 GB RAM (required by Coolify and Dokploy). Bare mode has no minimum requirements -- plans start from ~$2.50/mo depending on provider. You can choose a different size during setup. Linode support is in beta -- community testing welcome.
 
 ## Supported Platforms
 
-| Platform | Mode Flag | Description |
-|----------|-----------|-------------|
-| Coolify | `--mode coolify` (default) | Docker-based PaaS |
-| Dokploy | `--mode dokploy` | Docker Swarm-based PaaS |
-| Bare | `--mode bare` | Generic VPS (no platform) |
+| Platform | Mode Flag | Min RAM | Min CPU | Description |
+|----------|-----------|---------|---------|-------------|
+| Coolify | `--mode coolify` (default) | 2 GB | 2 vCPU | Docker-based PaaS (port 8000) |
+| Dokploy | `--mode dokploy` | 2 GB | 2 vCPU | Docker Swarm-based PaaS (port 3000) |
+| Bare | `--mode bare` | — | — | Generic VPS, no platform overhead |
 
 Kastell uses a **PlatformAdapter** architecture -- the same commands (`update`, `maintain`, `logs`, `health`) work across all platforms. The platform is stored in your server record and auto-detected on each command.
 
@@ -294,15 +308,41 @@ Available tools:
 | `server_secure` | secure, firewall, domain | SSH hardening, firewall rules, domain/SSL management (10 subcommands) |
 | `server_backup` | backup, snapshot | Backup/restore databases and create/manage VPS snapshots |
 | `server_provision` | create | Provision new servers on cloud providers |
+| `server_audit` | audit | Run security audit with summary/json/score output formats |
 
 > All destructive operations (destroy, restore, snapshot-delete, provision, restart, maintain, snapshot-create) require `SAFE_MODE=false` to execute.
 
+## CI/CD Integration
+
+Use `kastell audit` in your CI pipeline to enforce security baselines:
+
+```yaml
+# .github/workflows/security-audit.yml
+name: Security Audit
+on:
+  schedule:
+    - cron: '0 6 * * 1'  # Weekly Monday 6 AM
+  workflow_dispatch:
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: npm install -g kastell
+      - run: kastell audit --host root@${{ secrets.SERVER_IP }} --threshold 70 --json > audit-result.json
+      - uses: actions/upload-artifact@v4
+        with:
+          name: audit-report
+          path: audit-result.json
+```
+
+The `--threshold` flag causes a non-zero exit code when the score falls below the target, failing the CI job automatically.
+
 ## What's Next
 
-- `kastell audit` -- security scanning and compliance reports (v1.5)
-- kastell.dev website (v1.5)
-- Guard daemon and fleet management (v1.6)
-- Plugin ecosystem for AI IDEs (v2.0)
+- kastell.dev website
+- Guard daemon and fleet management
+- Plugin ecosystem for AI IDEs
 
 ## Philosophy
 

package/README.tr.md

@@ -14,8 +14,6 @@
 ![License](https://img.shields.io/badge/license-Apache%202.0-blue)
 ![GitHub stars](https://img.shields.io/github/stars/kastelldev/kastell?style=flat-square)
 [![Socket Badge](https://socket.dev/api/badge/npm/package/kastell)](https://socket.dev/npm/package/kastell)
-[![Website](https://img.shields.io/website?url=https%3A%2F%2Fkastell.dev&label=website)](https://kastell.dev)
-
 ## Kastell Neden Var?
 
 Self-hosted sunucuların çoğu şu nedenlerle çöker:
@@ -45,7 +43,7 @@ npx kastell
  ██║  ██╗  ██║  ██║ ███████║   ██║   ███████╗███████╗███████╗
  ╚═╝  ╚═╝  ╚═╝  ╚═╝ ╚══════╝   ╚═╝   ╚══════╝╚══════╝╚══════╝
 
-  KASTELL  v1.4.0  ·  Your infrastructure, fortified.
+  KASTELL  v1.5.1  ·  Your infrastructure, fortified.
 
   $ kastell init --template production  → deploy a new server
   $ kastell status --all                → check all servers
@@ -150,6 +148,22 @@ kastell secure setup sunucum      # SSH sıkılaştırma + fail2ban
 kastell domain add sunucum --domain ornek.com  # Domain + SSL ayarla
 ```
 
+### Güvenlik Denetimi
+```bash
+kastell audit sunucum                # Tam güvenlik denetimi (9 kategori, 46+ kontrol)
+kastell audit sunucum --json         # Otomasyon için JSON çıktısı
+kastell audit sunucum --threshold 70 # Skor eşiğin altındaysa exit code 1
+kastell audit sunucum --fix          # İnteraktif düzeltme modu (önem derecesine göre)
+kastell audit sunucum --fix --dry-run # Düzeltmeleri çalıştırmadan önizle
+kastell audit sunucum --watch        # 5 dk aralıkla tekrar denetle, sadece değişiklikleri göster
+kastell audit sunucum --watch 60     # Özel aralık (60 saniye)
+kastell audit --host root@1.2.3.4   # Kayıtlı olmayan sunucuyu denetle
+kastell audit sunucum --badge        # SVG rozet çıktısı
+kastell audit sunucum --report html  # Tam HTML raporu
+kastell audit sunucum --score-only   # Sadece skor (CI uyumlu)
+kastell audit sunucum --summary      # Kompakt özet görünümü
+```
+
 ### İzleme ve Hata Ayıklama
 ```bash
 kastell monitor sunucum             # CPU, RAM, disk kullanımı
@@ -163,20 +177,20 @@ kastell doctor                       # Yerel ortam kontrolü
 
 | Sağlayıcı | Durum | Bölgeler | Başlangıç Fiyatı |
 |-----------|-------|----------|------------------|
-| [Hetzner Cloud](https://hetzner.cloud) | Kararlı | Avrupa, ABD | ~EUR4/ay |
+| [Hetzner Cloud](https://hetzner.cloud) | Kararlı | Avrupa, ABD | ~€4/ay |
 | [DigitalOcean](https://digitalocean.com) | Kararlı | Küresel | ~$18/ay |
-| [Vultr](https://vultr.com) | Kararlı | Küresel | ~$10/ay |
-| [Linode (Akamai)](https://linode.com) | Beta | Küresel | ~$24/ay |
+| [Vultr](https://vultr.com) | Kararlı | Küresel | ~$12/ay |
+| [Linode (Akamai)](https://linode.com) | Beta | Küresel | ~$12/ay |
 
-> Fiyatlar provider başına varsayılan starter şablonunu yansıtır. Kurulum sırasında farklı boyut seçebilirsiniz. Linode desteği beta aşamasındadır -- topluluk testleri memnuniyetle karşılanır.
+> Fiyatlar en az 2 GB RAM'e sahip en ucuz planı yansıtır (Coolify ve Dokploy gereksinimi). Bare modda minimum gereksinim yoktur -- sağlayıcıya göre ~$2.50/ay'dan başlayan planlar kullanılabilir. Kurulum sırasında farklı boyut seçebilirsiniz. Linode desteği beta aşamasındadır -- topluluk testleri memnuniyetle karşılanır.
 
 ## Desteklenen Platformlar
 
-| Platform | Mod Bayrağı | Açıklama |
-|----------|-------------|----------|
-| Coolify | `--mode coolify` (varsayılan) | Docker tabanlı PaaS |
-| Dokploy | `--mode dokploy` | Docker Swarm tabanlı PaaS |
-| Bare | `--mode bare` | Genel VPS (platform yok) |
+| Platform | Mod Bayrağı | Min RAM | Min CPU | Açıklama |
+|----------|-------------|---------|---------|----------|
+| Coolify | `--mode coolify` (varsayılan) | 2 GB | 2 vCPU | Docker tabanlı PaaS (port 8000) |
+| Dokploy | `--mode dokploy` | 2 GB | 2 vCPU | Docker Swarm tabanlı PaaS (port 3000) |
+| Bare | `--mode bare` | — | — | Genel VPS, platform yükü yok |
 
 Kastell **PlatformAdapter** mimarisini kullanır -- aynı komutlar (`update`, `maintain`, `logs`, `health`) tüm platformlarda çalışır. Platform sunucu kaydınızda saklanır ve her komutta otomatik algılanır.
 
@@ -294,15 +308,34 @@ Mevcut araçlar:
 | `server_secure` | secure, firewall, domain | SSH sıkılaştırma, güvenlik duvarı kuralları, domain/SSL yönetimi (10 alt komut) |
 | `server_backup` | backup, snapshot | Veritabanı yedekle/geri yükle ve VPS snapshot oluştur/yönet |
 | `server_provision` | create | Bulut sağlayıcılarda yeni sunucu oluştur |
+| `server_audit` | audit | Güvenlik denetimi çalıştır (summary/json/score çıktı formatları) |
 
 > Tüm yıkıcı işlemler (destroy, restore, snapshot-delete, provision, restart, maintain, snapshot-create) çalıştırılmak için `SAFE_MODE=false` gerektirir.
 
+`kastell audit` komutunu CI pipeline'ınızda güvenlik eşiği zorunluluğu için kullanın:
+
+```yaml
+# .github/workflows/security-audit.yml
+name: Güvenlik Denetimi
+on:
+  schedule:
+    - cron: '0 6 * * 1'  # Her Pazartesi 06:00
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - run: npx -y kastell audit --host root@${{ secrets.SERVER_IP }} --threshold 70 --json > audit-result.json
+      - uses: actions/upload-artifact@v4
+        with:
+          name: audit-report
+          path: audit-result.json
+```
+
 ## Gelecek Planlar
 
-- `kastell audit` -- güvenlik taraması ve uyumluluk raporları (v1.5)
-- kastell.dev web sitesi (v1.5)
-- Guard daemon ve fleet yönetimi (v1.6)
-- AI IDE'ler için plugin ekosistemi (v2.0)
+- kastell.dev web sitesi
+- Guard daemon ve fleet yönetimi
+- AI IDE'ler için plugin ekosistemi
 
 ## Felsefe
 

package/SECURITY.md

@@ -24,9 +24,11 @@ Response time: Within 48 hours
 ## Security Architecture
 
 ### Token Handling (A2 — Sensitive Data Exposure)
-- API tokens are **never stored on disk** — runtime prompt or environment variables only
+- Token resolution chain: OS keychain (primary) -> environment variable (fallback) -> undefined
 - Supported env vars: `HETZNER_TOKEN`, `DIGITALOCEAN_TOKEN`, `VULTR_TOKEN`, `LINODE_TOKEN`
-- API tokens collected via interactive secure prompts (masked input) when env vars are not set
+- `kastell auth set <provider>` stores tokens in OS keychain (Windows Credential Manager, macOS Keychain, Linux Secret Service)
+- Tokens are never written to disk in plaintext
+- API tokens collected via interactive secure prompts (masked input) when neither keychain nor env var is available
 - `sanitizedEnv()` strips all keys containing TOKEN, SECRET, PASSWORD, CREDENTIAL from child process environments before every `spawn`/`spawnSync`/`exec` call
 - Provider errors sanitized via `stripSensitiveData()` — removes Authorization headers, request data, response headers, and non-whitelisted response body fields from axios errors before they propagate via error cause chains
 
@@ -102,13 +104,98 @@ All production dependencies use audited, versioned packages:
 - Linode API v4 (via Axios, HTTPS)
 - Model Context Protocol SDK (`@modelcontextprotocol/sdk`) for MCP server
 - Zod for runtime input validation
-- Coolify installed via `curl -fsSL https://cdn.coollabs.io/coolify/install.sh | bash` (official method, HTTPS)
+- Coolify installed via download-then-execute pattern: `curl -fsSL URL -o /tmp/install.sh && bash /tmp/install.sh` (prevents partial execution on network failure)
 
 ### Dev Dependencies
-One moderate-severity ReDoS vulnerability remains in `test-exclude` → `glob` → `minimatch@10.0.0-10.2.2` (jest code coverage toolchain). This is a dev-only dependency not present in production builds. Remediation is blocked by the dependency chain — `npm audit fix --force` would cause lock file breakage per project policy. Risk accepted as dev-only, not exploitable in production.
+No known vulnerabilities (minimatch pinned to ^10.2.4 via npm overrides).
 
 Security scan: https://socket.dev/npm/package/kastell
 
-## HTTP Usage
+## Token Security
 
-Kastell accesses Coolify at `http://IP:8000` during initial setup. This is expected because SSL/TLS is not configured on a fresh Coolify installation. Users are warned to set up a domain and enable SSL for production use.
+### OS Keychain Integration
+
+Kastell stores provider API tokens in the OS keychain using `@napi-rs/keyring`:
+
+- **Windows:** Windows Credential Manager
+- **macOS:** Keychain
+- **Linux:** Secret Service (GNOME Keyring, KWallet)
+
+Use `kastell auth set <provider>` to store tokens securely. Use `kastell auth list` to see which providers have stored tokens (token values are never displayed). Use `kastell auth remove <provider>` to delete a stored token.
+
+In CI/headless environments where no keychain is available, Kastell automatically falls back to environment variables.
+
+### Subprocess Security
+
+All child processes spawned by Kastell use `sanitizedEnv()` which strips TOKEN, SECRET, PASSWORD, and CREDENTIAL environment variables. This prevents accidental token leakage to SSH sessions and other subprocesses.
+
+### Disabling Core Dumps (Recommended for MCP/Long-Running Mode)
+
+Core dumps can expose in-memory tokens. Disable on production servers:
+
+**Linux:**
+- `ulimit -c 0` (current session)
+- `echo "* hard core 0" >> /etc/security/limits.conf` (permanent)
+
+**macOS:**
+- `launchctl limit core 0 0`
+
+### Swap Encryption (Recommended)
+
+Unencrypted swap can expose in-memory tokens when pages are swapped to disk.
+
+- **Linux:** Use encrypted swap (`cryptsetup` or `dm-crypt`)
+- **macOS:** Encrypted by default with FileVault
+- **Windows:** BitLocker encrypts the entire volume including pagefile
+
+## Known Limitations & Accepted Risks
+
+### 1. SSH Trust-On-First-Use (TOFU)
+
+All SSH connections use `StrictHostKeyChecking=accept-new`. This automatically trusts the host key on first connection. A MITM attack during the very first SSH connection to a newly provisioned server would succeed silently.
+
+**Why accepted:** Newly provisioned servers have unknown host keys — there is no known-good key to verify against. This is inherent to any server provisioning tool. Subsequent connections verify the stored key, so only the first connection is vulnerable.
+
+**Mitigation:**
+- Servers are provisioned via authenticated cloud provider APIs (HTTPS + API token), reducing the likelihood of a MITM during the narrow window between provision and first SSH connection.
+- Set `KASTELL_STRICT_HOST_KEY=true` to reject unknown host keys entirely. This requires manual host key management but eliminates TOFU risk.
+
+### 2. Health Checks Over HTTP
+
+Coolify (`http://IP:8000`) and Dokploy (`http://IP:3000`) health checks use unencrypted HTTP. No sensitive data is sent — only an HTTP status code is checked.
+
+**Why accepted:** Fresh Coolify/Dokploy installations only listen on HTTP. HTTPS requires a domain + SSL certificate, which is configured after initial setup via `kastell domain-set --ssl`.
+
+**Mitigation:** When a domain is configured via `kastell domain add --domain example.com`, health checks automatically try HTTPS first, falling back to HTTP only if HTTPS fails. The domain is stored in the server record for persistent HTTPS health checks.
+
+**Recommendation:** Always configure a domain with SSL for production access: `kastell domain add <server> --domain example.com`
+
+### 3. API Token In-Memory Exposure
+
+Provider API tokens are held as class properties in memory for the lifetime of the process.
+
+**CLI mode (low risk):** Process runs for seconds, then exits. Token is freed with the process.
+
+**MCP mode (elevated risk):** MCP server runs for hours. Token stays in memory and could theoretically be exposed via heap dump, core dump, or debugger attachment.
+
+**Why accepted:** Node.js strings are immutable and managed by V8's garbage collector — there is no reliable way to zero a string in memory. Alternative approaches (Buffer-based token storage) would require changing all axios header construction and provide marginal benefit since `process.env` also holds the token in memory.
+
+**Mitigations in place:**
+- `sanitizedEnv()` strips tokens from all child process environments
+- `stripSensitiveData()` removes Authorization headers from error objects
+- Provider instances are not cached across MCP tool calls — each call creates a fresh instance, allowing GC to collect the previous one
+- Tokens are never written to disk
+
+**Future consideration:** Getter pattern that reads from `process.env` on each API call instead of storing as class property — reduces in-memory copies but does not eliminate the underlying exposure since `process.env` itself holds the value.
+
+### 4. Remote Install Scripts
+
+Coolify and Dokploy are installed via remote shell scripts downloaded over HTTPS. A compromised CDN or DNS hijack could serve a malicious install script.
+
+**Why accepted:** This is the official installation method provided by both Coolify and Dokploy upstream projects. There are no published checksums to verify against.
+
+**Mitigations in place:**
+- HTTPS transport security (TLS certificate validation)
+- Download-then-execute pattern (prevents partial execution on network interruption)
+- **Script validation before execution:** Downloaded scripts are verified to start with a shebang (`#!`) and have a minimum size (>100 bytes) before being executed. A truncated, empty, or non-script response will be rejected.
+- Install scripts are downloaded to `/tmp/` and cleaned up after execution

package/dist/adapters/coolify.d.ts

@@ -1,12 +1,13 @@
-import type { PlatformAdapter, HealthResult, PlatformStatusResult, PlatformBackupResult, UpdateResult } from "./interface.js";
+import type { PlatformAdapter, HealthResult, PlatformStatusResult, PlatformBackupResult, PlatformRestoreResult, UpdateResult } from "./interface.js";
+import type { BackupManifest } from "../types/index.js";
 export declare class CoolifyAdapter implements PlatformAdapter {
     readonly name = "coolify";
     getCloudInit(serverName: string): string;
-    healthCheck(ip: string): Promise<HealthResult>;
+    healthCheck(ip: string, domain?: string): Promise<HealthResult>;
     createBackup(ip: string, serverName: string, provider: string): Promise<PlatformBackupResult>;
+    restoreBackup(ip: string, backupPath: string, _manifest: BackupManifest): Promise<PlatformRestoreResult>;
     getStatus(ip: string): Promise<PlatformStatusResult>;
     update(ip: string): Promise<UpdateResult>;
-    getLogCommand(lines: number, follow: boolean): string;
     private buildPgDumpCommand;
     private buildConfigTarCommand;
     private buildCleanupCommand;

package/dist/adapters/coolify.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"coolify.d.ts","sourceRoot":"","sources":["../../src/adapters/coolify.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,eAAe,EACf,YAAY,EACZ,oBAAoB,EACpB,oBAAoB,EACpB,YAAY,EACb,MAAM,gBAAgB,CAAC;AAWxB,qBAAa,cAAe,YAAW,eAAe;IACpD,QAAQ,CAAC,IAAI,aAAa;IAE1B,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;IAuElC,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAa9C,YAAY,CAChB,EAAE,EAAE,MAAM,EACV,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,oBAAoB,CAAC;IAuF1B,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAWpD,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAsB/C,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,MAAM;IAMrD,OAAO,CAAC,kBAAkB;IAI1B,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,mBAAmB;IAI3B,OAAO,CAAC,mBAAmB;CAG5B"}
+{"version":3,"file":"coolify.d.ts","sourceRoot":"","sources":["../../src/adapters/coolify.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,eAAe,EACf,YAAY,EACZ,oBAAoB,EACpB,oBAAoB,EACpB,qBAAqB,EACrB,YAAY,EACb,MAAM,gBAAgB,CAAC;AACxB,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAmBxD,qBAAa,cAAe,YAAW,eAAe;IACpD,QAAQ,CAAC,IAAI,aAAa;IAE1B,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;IAuElC,WAAW,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAI/D,YAAY,CAChB,EAAE,EAAE,MAAM,EACV,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,oBAAoB,CAAC;IAuF1B,aAAa,CACjB,EAAE,EAAE,MAAM,EACV,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,cAAc,GACxB,OAAO,CAAC,qBAAqB,CAAC;IAkI3B,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAIpD,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAM/C,OAAO,CAAC,kBAAkB;IAI1B,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,mBAAmB;IAI3B,OAAO,CAAC,mBAAmB;CAG5B"}

package/dist/adapters/coolify.js

@@ -1,10 +1,10 @@
-import axios from "axios";
 import { mkdirSync, writeFileSync } from "fs";
 import { join } from "path";
 import { COOLIFY_UPDATE_CMD } from "../constants.js";
 import { assertValidIp, sshExec } from "../utils/ssh.js";
-import { formatTimestamp, getBackupDir, scpDownload, } from "../core/backup.js";
+import { formatTimestamp, getBackupDir, scpDownload, scpUpload, buildStopCoolifyCommand, buildStartCoolifyCommand, buildStartDbCommand, buildRestoreDbCommand, buildRestoreConfigCommand, buildCleanupCommand, tryRestartCoolify, } from "../core/backup.js";
 import { getErrorMessage, mapSshError, sanitizeStderr } from "../utils/errorMapper.js";
+import { sharedHealthCheck, sharedUpdate, sharedGetStatus } from "./shared.js";
 export class CoolifyAdapter {
     name = "coolify";
     getCloudInit(serverName) {
@@ -40,7 +40,7 @@ apt-get update -y
 
 # Install Coolify
 echo "Installing Coolify..."
-curl -fsSL https://cdn.coollabs.io/coolify/install.sh | bash
+curl -fsSL https://cdn.coollabs.io/coolify/install.sh -o /tmp/coolify-install.sh && head -c2 /tmp/coolify-install.sh | grep -q "#!" && [ "$(wc -c < /tmp/coolify-install.sh)" -gt 100 ] && bash /tmp/coolify-install.sh && rm -f /tmp/coolify-install.sh
 
 # Wait for services
 echo "Waiting for Coolify services to start..."
@@ -77,18 +77,8 @@ echo "Please wait 3-5 more minutes for Coolify to fully initialize."
 echo "Then access your instance at: http://YOUR_SERVER_IP:8000"
 `;
     }
-    async healthCheck(ip) {
-        assertValidIp(ip);
-        try {
-            await axios.get(`http://${ip}:8000`, {
-                timeout: 5000,
-                validateStatus: () => true,
-            });
-            return { status: "running" };
-        }
-        catch {
-            return { status: "not reachable" };
-        }
+    async healthCheck(ip, domain) {
+        return sharedHealthCheck(ip, 8000, domain);
     }
     async createBackup(ip, serverName, provider) {
         assertValidIp(ip);
@@ -156,44 +146,123 @@ echo "Then access your instance at: http://YOUR_SERVER_IP:8000"
             };
         }
     }
-    async getStatus(ip) {
-        assertValidIp(ip);
-        const versionResult = await sshExec(ip, this.buildVersionCommand());
-        const platformVersion = versionResult.code === 0 ? versionResult.stdout.trim() : "unknown";
-        const health = await this.healthCheck(ip);
-        return {
-            platformVersion,
-            status: health.status,
-        };
-    }
-    async update(ip) {
+    async restoreBackup(ip, backupPath, _manifest) {
         assertValidIp(ip);
+        const steps = [];
         try {
-            const result = await sshExec(ip, COOLIFY_UPDATE_CMD);
-            if (result.code === 0) {
-                return { success: true, output: result.stdout || undefined };
+            // Upload backup files (before stopping Coolify -- safe to fail here)
+            const dbUpload = await scpUpload(ip, join(backupPath, "coolify-backup.sql.gz"), "/tmp/coolify-backup.sql.gz");
+            if (dbUpload.code !== 0) {
+                return {
+                    success: false,
+                    steps: [
+                        {
+                            name: "Upload database backup",
+                            status: "failure",
+                            error: sanitizeStderr(dbUpload.stderr),
+                        },
+                    ],
+                    error: "Failed to upload database backup",
+                };
             }
-            return {
-                success: false,
-                error: `Update failed (exit code ${result.code})`,
-                output: result.stderr || result.stdout || undefined,
-            };
+            steps.push({ name: "Upload database backup", status: "success" });
+            const configUpload = await scpUpload(ip, join(backupPath, "coolify-config.tar.gz"), "/tmp/coolify-config.tar.gz");
+            if (configUpload.code !== 0) {
+                return {
+                    success: false,
+                    steps: [
+                        ...steps,
+                        {
+                            name: "Upload config backup",
+                            status: "failure",
+                            error: sanitizeStderr(configUpload.stderr),
+                        },
+                    ],
+                    error: "Failed to upload config backup",
+                };
+            }
+            steps.push({ name: "Upload config backup", status: "success" });
+            // Step 1: Stop Coolify
+            const stopResult = await sshExec(ip, buildStopCoolifyCommand());
+            if (stopResult.code !== 0) {
+                steps.push({
+                    name: "Stop Coolify",
+                    status: "failure",
+                    error: sanitizeStderr(stopResult.stderr),
+                });
+                return { success: false, steps, error: "Failed to stop Coolify" };
+            }
+            steps.push({ name: "Stop Coolify", status: "success" });
+            // Step 2: Start DB only
+            const dbStartResult = await sshExec(ip, buildStartDbCommand());
+            if (dbStartResult.code !== 0) {
+                steps.push({
+                    name: "Start database",
+                    status: "failure",
+                    error: sanitizeStderr(dbStartResult.stderr),
+                });
+                await tryRestartCoolify(ip);
+                return { success: false, steps, error: "Failed to start database" };
+            }
+            steps.push({ name: "Start database", status: "success" });
+            // Step 3: Restore database
+            const restoreDbResult = await sshExec(ip, buildRestoreDbCommand());
+            if (restoreDbResult.code !== 0) {
+                steps.push({
+                    name: "Restore database",
+                    status: "failure",
+                    error: sanitizeStderr(restoreDbResult.stderr),
+                });
+                await tryRestartCoolify(ip);
+                return { success: false, steps, error: "Database restore failed" };
+            }
+            steps.push({ name: "Restore database", status: "success" });
+            // Step 4: Restore config
+            const restoreConfigResult = await sshExec(ip, buildRestoreConfigCommand());
+            if (restoreConfigResult.code !== 0) {
+                steps.push({
+                    name: "Restore config",
+                    status: "failure",
+                    error: sanitizeStderr(restoreConfigResult.stderr),
+                });
+                await tryRestartCoolify(ip);
+                return { success: false, steps, error: "Config restore failed" };
+            }
+            steps.push({ name: "Restore config", status: "success" });
+            // Step 5: Start Coolify
+            const startResult = await sshExec(ip, buildStartCoolifyCommand());
+            if (startResult.code !== 0) {
+                steps.push({
+                    name: "Start Coolify",
+                    status: "failure",
+                    error: sanitizeStderr(startResult.stderr),
+                });
+                return { success: false, steps, error: "Failed to start Coolify" };
+            }
+            steps.push({ name: "Start Coolify", status: "success" });
+            // Cleanup remote (best-effort)
+            await sshExec(ip, buildCleanupCommand()).catch(() => { });
+            return { success: true, steps };
         }
         catch (error) {
             const hint = mapSshError(error, ip);
             return {
                 success: false,
+                steps,
                 error: getErrorMessage(error),
                 ...(hint ? { hint } : {}),
             };
         }
     }
-    getLogCommand(lines, follow) {
-        return `docker logs coolify --tail ${lines}${follow ? " --follow" : ""}`;
+    async getStatus(ip) {
+        return sharedGetStatus(ip, this.buildVersionCommand(), 8000);
+    }
+    async update(ip) {
+        return sharedUpdate(ip, COOLIFY_UPDATE_CMD);
     }
     // ─── Private Helpers ────────────────────────────────────────────────────────
     buildPgDumpCommand() {
-        return "docker exec coolify-db pg_dump -U coolify -d coolify | gzip > /tmp/coolify-backup.sql.gz";
+        return "set -o pipefail && docker exec coolify-db pg_dump -U coolify -d coolify | gzip > /tmp/coolify-backup.sql.gz";
     }
     buildConfigTarCommand() {
         return "tar czf /tmp/coolify-config.tar.gz -C /data/coolify/source .env docker-compose.yml docker-compose.prod.yml 2>/dev/null || tar czf /tmp/coolify-config.tar.gz -C /data/coolify/source .env docker-compose.yml";

package/dist/adapters/coolify.js.map

@@ -1 +1 @@
-{"version":3,"file":"coolify.js","sourceRoot":"","sources":["../../src/adapters/coolify.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAS5B,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EACL,eAAe,EACf,YAAY,EACZ,WAAW,GACZ,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAEvF,MAAM,OAAO,cAAc;IAChB,IAAI,GAAG,SAAS,CAAC;IAE1B,YAAY,CAAC,UAAkB;QAC7B,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACvD,OAAO;;;;;;;;gBAQK,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA0DvB,CAAC;IACA,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,EAAU;QAC1B,aAAa,CAAC,EAAE,CAAC,CAAC;QAClB,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,EAAE;gBACnC,OAAO,EAAE,IAAI;gBACb,cAAc,EAAE,GAAG,EAAE,CAAC,IAAI;aAC3B,CAAC,CAAC;YACH,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;QACrC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,EAAU,EACV,UAAkB,EAClB,QAAgB;QAEhB,aAAa,CAAC,EAAE,CAAC,CAAC;QAElB,IAAI,CAAC;YACH,4CAA4C;YAC5C,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,mBAAmB,EAAE,CAAC,CAAC;YACpE,MAAM,cAAc,GAAG,aAAa,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;YAE1F,0BAA0B;YAC1B,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,kBAAkB,EAAE,CAAC,CAAC;YAC9D,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACxB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,wBAAwB;oBAC/B,IAAI,EAAE,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS;iBACnD,CAAC;YACJ,CAAC;YAED,wBAAwB;YACxB,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,qBAAqB,EAAE,CAAC,CAAC;YACrE,IAAI,YAAY,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBAC5B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,sBAAsB;oBAC7B,IAAI,EAAE,cAAc,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,SAAS;iBACvD,CAAC;YACJ,CAAC;YAED,8CAA8C;YAC9C,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;YAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,EAAE,SAAS,CAAC,CAAC;YAC7D,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAExD,MAAM,IAAI,GAAG,MAAM,WAAW,CAC5B,EAAE,EACF,4BAA4B,EAC5B,IAAI,CAAC,UAAU,EAAE,uBAAuB,CAAC,CAC1C,CAAC;YACF,IAAI,IAAI,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACpB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,oCAAoC;oBAC3C,IAAI,EAAE,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,SAAS;iBAC/C,CAAC;YACJ,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,WAAW,CAChC,EAAE,EACF,4BAA4B,EAC5B,IAAI,CAAC,UAAU,EAAE,uBAAuB,CAAC,CAC1C,CAAC;YACF,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACxB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,kCAAkC;oBACzC,IAAI,EAAE,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS;iBACnD,CAAC;YACJ,CAAC;YAED,yBAAyB;YACzB,MAAM,QAAQ,GAAmB;gBAC/B,UAAU;gBACV,QAAQ;gBACR,SAAS;gBACT,cAAc;gBACd,KAAK,EAAE,CAAC,uBAAuB,EAAE,uBAAuB,CAAC;aAC1D,CAAC;YACF,aAAa,CACX,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,EACjC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EACjC,EAAE,IAAI,EAAE,KAAK,EAAE,CAChB,CAAC;YAEF,uCAAuC;YACvC,MAAM,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,mBAAmB,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YAE9D,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC;QACjD,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACpC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,eAAe,CAAC,KAAK,CAAC;gBAC7B,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC1B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,EAAU;QACxB,aAAa,CAAC,EAAE,CAAC,CAAC;QAClB,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,mBAAmB,EAAE,CAAC,CAAC;QACpE,MAAM,eAAe,GAAG,aAAa,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;QAC3F,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAC1C,OAAO;YACL,eAAe;YACf,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU;QACrB,aAAa,CAAC,EAAE,CAAC,CAAC;QAClB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,EAAE,EAAE,kBAAkB,CAAC,CAAC;YACrD,IAAI,MAAM,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACtB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;YAC/D,CAAC;YACD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,4BAA4B,MAAM,CAAC,IAAI,GAAG;gBACjD,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,IAAI,SAAS;aACpD,CAAC;QACJ,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACpC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,eAAe,CAAC,KAAK,CAAC;gBAC7B,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC1B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,aAAa,CAAC,KAAa,EAAE,MAAe;QAC1C,OAAO,8BAA8B,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IAC3E,CAAC;IAED,+EAA+E;IAEvE,kBAAkB;QACxB,OAAO,0FAA0F,CAAC;IACpG,CAAC;IAEO,qBAAqB;QAC3B,OAAO,8MAA8M,CAAC;IACxN,CAAC;IAEO,mBAAmB;QACzB,OAAO,6DAA6D,CAAC;IACvE,CAAC;IAEO,mBAAmB;QACzB,OAAO,iGAAiG,CAAC;IAC3G,CAAC;CACF"}
+{"version":3,"file":"coolify.js","sourceRoot":"","sources":["../../src/adapters/coolify.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAU5B,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EACL,eAAe,EACf,YAAY,EACZ,WAAW,EACX,SAAS,EACT,uBAAuB,EACvB,wBAAwB,EACxB,mBAAmB,EACnB,qBAAqB,EACrB,yBAAyB,EACzB,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACvF,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE/E,MAAM,OAAO,cAAc;IAChB,IAAI,GAAG,SAAS,CAAC;IAE1B,YAAY,CAAC,UAAkB;QAC7B,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACvD,OAAO;;;;;;;;gBAQK,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA0DvB,CAAC;IACA,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,EAAU,EAAE,MAAe;QAC3C,OAAO,iBAAiB,CAAC,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,EAAU,EACV,UAAkB,EAClB,QAAgB;QAEhB,aAAa,CAAC,EAAE,CAAC,CAAC;QAElB,IAAI,CAAC;YACH,4CAA4C;YAC5C,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,mBAAmB,EAAE,CAAC,CAAC;YACpE,MAAM,cAAc,GAAG,aAAa,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;YAE1F,0BAA0B;YAC1B,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,kBAAkB,EAAE,CAAC,CAAC;YAC9D,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACxB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,wBAAwB;oBAC/B,IAAI,EAAE,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS;iBACnD,CAAC;YACJ,CAAC;YAED,wBAAwB;YACxB,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,qBAAqB,EAAE,CAAC,CAAC;YACrE,IAAI,YAAY,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBAC5B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,sBAAsB;oBAC7B,IAAI,EAAE,cAAc,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,SAAS;iBACvD,CAAC;YACJ,CAAC;YAED,8CAA8C;YAC9C,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;YAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,EAAE,SAAS,CAAC,CAAC;YAC7D,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAExD,MAAM,IAAI,GAAG,MAAM,WAAW,CAC5B,EAAE,EACF,4BAA4B,EAC5B,IAAI,CAAC,UAAU,EAAE,uBAAuB,CAAC,CAC1C,CAAC;YACF,IAAI,IAAI,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACpB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,oCAAoC;oBAC3C,IAAI,EAAE,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,SAAS;iBAC/C,CAAC;YACJ,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,WAAW,CAChC,EAAE,EACF,4BAA4B,EAC5B,IAAI,CAAC,UAAU,EAAE,uBAAuB,CAAC,CAC1C,CAAC;YACF,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACxB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,kCAAkC;oBACzC,IAAI,EAAE,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS;iBACnD,CAAC;YACJ,CAAC;YAED,yBAAyB;YACzB,MAAM,QAAQ,GAAmB;gBAC/B,UAAU;gBACV,QAAQ;gBACR,SAAS;gBACT,cAAc;gBACd,KAAK,EAAE,CAAC,uBAAuB,EAAE,uBAAuB,CAAC;aAC1D,CAAC;YACF,aAAa,CACX,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,EACjC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EACjC,EAAE,IAAI,EAAE,KAAK,EAAE,CAChB,CAAC;YAEF,uCAAuC;YACvC,MAAM,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,mBAAmB,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YAE9D,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC;QACjD,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACpC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,eAAe,CAAC,KAAK,CAAC;gBAC7B,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC1B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,EAAU,EACV,UAAkB,EAClB,SAAyB;QAEzB,aAAa,CAAC,EAAE,CAAC,CAAC;QAElB,MAAM,KAAK,GAIN,EAAE,CAAC;QAER,IAAI,CAAC;YACH,qEAAqE;YACrE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAC9B,EAAE,EACF,IAAI,CAAC,UAAU,EAAE,uBAAuB,CAAC,EACzC,4BAA4B,CAC7B,CAAC;YACF,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACxB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE;wBACL;4BACE,IAAI,EAAE,wBAAwB;4BAC9B,MAAM,EAAE,SAAS;4BACjB,KAAK,EAAE,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC;yBACvC;qBACF;oBACD,KAAK,EAAE,kCAAkC;iBAC1C,CAAC;YACJ,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,wBAAwB,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;YAElE,MAAM,YAAY,GAAG,MAAM,SAAS,CAClC,EAAE,EACF,IAAI,CAAC,UAAU,EAAE,uBAAuB,CAAC,EACzC,4BAA4B,CAC7B,CAAC;YACF,IAAI,YAAY,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBAC5B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE;wBACL,GAAG,KAAK;wBACR;4BACE,IAAI,EAAE,sBAAsB;4BAC5B,MAAM,EAAE,SAAS;4BACjB,KAAK,EAAE,cAAc,CAAC,YAAY,CAAC,MAAM,CAAC;yBAC3C;qBACF;oBACD,KAAK,EAAE,gCAAgC;iBACxC,CAAC;YACJ,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;YAEhE,uBAAuB;YACvB,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,EAAE,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAChE,IAAI,UAAU,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBAC1B,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,cAAc;oBACpB,MAAM,EAAE,SAAS;oBACjB,KAAK,EAAE,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC;iBACzC,CAAC,CAAC;gBACH,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC;YACpE,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;YAExD,wBAAwB;YACxB,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,EAAE,EAAE,mBAAmB,EAAE,CAAC,CAAC;YAC/D,IAAI,aAAa,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBAC7B,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,gBAAgB;oBACtB,MAAM,EAAE,SAAS;oBACjB,KAAK,EAAE,cAAc,CAAC,aAAa,CAAC,MAAM,CAAC;iBAC5C,CAAC,CAAC;gBACH,MAAM,iBAAiB,CAAC,EAAE,CAAC,CAAC;gBAC5B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC;YACtE,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;YAE1D,2BAA2B;YAC3B,MAAM,eAAe,GAAG,MAAM,OAAO,CAAC,EAAE,EAAE,qBAAqB,EAAE,CAAC,CAAC;YACnE,IAAI,eAAe,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBAC/B,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,kBAAkB;oBACxB,MAAM,EAAE,SAAS;oBACjB,KAAK,EAAE,cAAc,CAAC,eAAe,CAAC,MAAM,CAAC;iBAC9C,CAAC,CAAC;gBACH,MAAM,iBAAiB,CAAC,EAAE,CAAC,CAAC;gBAC5B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC;YACrE,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;YAE5D,yBAAyB;YACzB,MAAM,mBAAmB,GAAG,MAAM,OAAO,CAAC,EAAE,EAAE,yBAAyB,EAAE,CAAC,CAAC;YAC3E,IAAI,mBAAmB,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACnC,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,gBAAgB;oBACtB,MAAM,EAAE,SAAS;oBACjB,KAAK,EAAE,cAAc,CAAC,mBAAmB,CAAC,MAAM,CAAC;iBAClD,CAAC,CAAC;gBACH,MAAM,iBAAiB,CAAC,EAAE,CAAC,CAAC;gBAC5B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC;YACnE,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;YAE1D,wBAAwB;YACxB,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,EAAE,EAAE,wBAAwB,EAAE,CAAC,CAAC;YAClE,IAAI,WAAW,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBAC3B,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,eAAe;oBACrB,MAAM,EAAE,SAAS;oBACjB,KAAK,EAAE,cAAc,CAAC,WAAW,CAAC,MAAM,CAAC;iBAC1C,CAAC,CAAC;gBACH,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC;YACrE,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;YAEzD,+BAA+B;YAC/B,MAAM,OAAO,CAAC,EAAE,EAAE,mBAAmB,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YAEzD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;QAClC,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACpC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK;gBACL,KAAK,EAAE,eAAe,CAAC,KAAK,CAAC;gBAC7B,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC1B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,EAAU;QACxB,OAAO,eAAe,CAAC,EAAE,EAAE,IAAI,CAAC,mBAAmB,EAAE,EAAE,IAAI,CAAC,CAAC;IAC/D,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU;QACrB,OAAO,YAAY,CAAC,EAAE,EAAE,kBAAkB,CAAC,CAAC;IAC9C,CAAC;IAED,+EAA+E;IAEvE,kBAAkB;QACxB,OAAO,6GAA6G,CAAC;IACvH,CAAC;IAEO,qBAAqB;QAC3B,OAAO,8MAA8M,CAAC;IACxN,CAAC;IAEO,mBAAmB;QACzB,OAAO,6DAA6D,CAAC;IACvE,CAAC;IAEO,mBAAmB;QACzB,OAAO,iGAAiG,CAAC;IAC3G,CAAC;CACF"}

package/dist/adapters/dokploy.d.ts

@@ -1,12 +1,14 @@
-import type { PlatformAdapter, HealthResult, PlatformStatusResult, PlatformBackupResult, UpdateResult } from "./interface.js";
+import type { PlatformAdapter, HealthResult, PlatformStatusResult, PlatformBackupResult, PlatformRestoreResult, UpdateResult } from "./interface.js";
+import type { BackupManifest } from "../types/index.js";
 export declare class DokployAdapter implements PlatformAdapter {
     readonly name = "dokploy";
     getCloudInit(serverName: string): string;
-    healthCheck(ip: string): Promise<HealthResult>;
+    healthCheck(ip: string, domain?: string): Promise<HealthResult>;
     createBackup(ip: string, serverName: string, provider: string): Promise<PlatformBackupResult>;
+    restoreBackup(ip: string, backupPath: string, _manifest: BackupManifest): Promise<PlatformRestoreResult>;
     getStatus(ip: string): Promise<PlatformStatusResult>;
     update(ip: string): Promise<UpdateResult>;
-    getLogCommand(lines: number, follow: boolean): string;
+    private tryRestartDokploy;
     private buildPgDumpCommand;
     private buildConfigTarCommand;
     private buildCleanupCommand;

package/dist/adapters/dokploy.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"dokploy.d.ts","sourceRoot":"","sources":["../../src/adapters/dokploy.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,eAAe,EACf,YAAY,EACZ,oBAAoB,EACpB,oBAAoB,EACpB,YAAY,EACb,MAAM,gBAAgB,CAAC;AAWxB,qBAAa,cAAe,YAAW,eAAe;IACpD,QAAQ,CAAC,IAAI,aAAa;IAE1B,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;IA4ElC,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAa9C,YAAY,CAChB,EAAE,EAAE,MAAM,EACV,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,oBAAoB,CAAC;IAwF1B,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAWpD,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAsB/C,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,MAAM;IAMrD,OAAO,CAAC,kBAAkB;IAI1B,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,mBAAmB;IAI3B,OAAO,CAAC,mBAAmB;CAG5B"}
+{"version":3,"file":"dokploy.d.ts","sourceRoot":"","sources":["../../src/adapters/dokploy.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,eAAe,EACf,YAAY,EACZ,oBAAoB,EACpB,oBAAoB,EACpB,qBAAqB,EACrB,YAAY,EACb,MAAM,gBAAgB,CAAC;AACxB,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAYxD,qBAAa,cAAe,YAAW,eAAe;IACpD,QAAQ,CAAC,IAAI,aAAa;IAE1B,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;IA4ElC,WAAW,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAI/D,YAAY,CAChB,EAAE,EAAE,MAAM,EACV,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,oBAAoB,CAAC;IAwF1B,aAAa,CACjB,EAAE,EAAE,MAAM,EACV,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,cAAc,GACxB,OAAO,CAAC,qBAAqB,CAAC;IA2I3B,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAIpD,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;YAMjC,iBAAiB;IAQ/B,OAAO,CAAC,kBAAkB;IAI1B,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,mBAAmB;IAI3B,OAAO,CAAC,mBAAmB;CAG5B"}