paratix 0.3.0 → 0.4.0

package/README.md

@@ -18,6 +18,7 @@ The result is a practical server automation tool with a compact mental model: mo
 - **TypeScript authoring**: use regular `.ts` files with imports, conditions, and editor tooling.
 - **Resilient SSH flow**: reconnects after reboots and SSH port changes when modules require it.
 - **Structured orchestration**: recipes and signals keep service reloads and grouped changes explicit.
+- **Declarative host guards**: gate modules on package, command, file, directory, symlink, or socket state without embedding shell checks in strings.
 - **Strong bootstrap story**: supports explicit first-run flows and strict host-key handling.
 - **Practical built-in modules**: packages, files, services, users, SSH, firewall, systemd, sysctl, mount, rsync, and more.
 
@@ -93,6 +94,10 @@ Recipes group related modules into a named unit. They help structure larger play
 
 Signals are deferred side effects such as `service.reload(...)` or `service.restart(...)`. They run when the surrounding scope actually changed, and can also be flushed explicitly with `signals.flush()` when you need a checkpoint inside a larger flow.
 
+### Guards
+
+Paratix also supports declarative host-state guards. Use `when.packageInstalled(...)`, `when.commandExists(...)`, `when.fileExists(...)`, `when.pathExists(...)`, `when.symlinkExists(...)`, or `when.socketExists(...)` and their inverted forms to gate modules or recipes on remote host state without shell-heavy playbooks.
+
 ## CLI
 
 ```text

package/dist/{chunk-ULJMW23T.js → chunk-C45YPXCX.js}

@@ -4729,6 +4729,37 @@ var systemd = {
 // src/modules/ufw.ts
 var UFW = "ufw";
 var ufw = {
+  /**
+   * Ensure UFW is inactive. If UFW is not installed, this is treated as already satisfied.
+   *
+   * @returns A Module that ensures UFW is disabled.
+   */
+  disabled() {
+    return {
+      async apply(ssh2) {
+        if (!ssh2) return failed("[ufw.disabled] SSH connection is required");
+        const pm = await detectPackageManager(ssh2);
+        if (pm == null || !await isPackageInstalled(ssh2, pm, UFW)) {
+          return { status: "ok" };
+        }
+        const result = await ssh2.exec(`${UFW} --force disable`, {
+          ignoreExitCode: true,
+          silent: true
+        });
+        return result.code === 0 ? { status: "changed" } : failedCommand("[ufw.disabled] ufw disable failed", result);
+      },
+      async check(ssh2) {
+        if (!ssh2) return NEEDS_APPLY;
+        const pm = await detectPackageManager(ssh2);
+        if (pm == null || !await isPackageInstalled(ssh2, pm, UFW)) {
+          return "ok";
+        }
+        const status = await ssh2.output(`${UFW} status`);
+        return status.includes("Status: inactive") ? "ok" : NEEDS_APPLY;
+      },
+      name: "ufw.disabled"
+    };
+  },
   /**
    * Ensure UFW is active. Enables the firewall non-interactively if not already running.
    *
@@ -4932,6 +4963,9 @@ export {
   failed,
   failedCommand,
   NEEDS_APPLY,
+  detectPackageManager,
+  isPackageInstalled,
+  pkg,
   apt,
   archive,
   command,
@@ -4945,7 +4979,6 @@ export {
   mount,
   net,
   op,
-  pkg,
   releaseUpgrade,
   rsync,
   script,
@@ -4958,4 +4991,4 @@ export {
   ufw,
   user
 };
-//# sourceMappingURL=chunk-ULJMW23T.js.map
+//# sourceMappingURL=chunk-C45YPXCX.js.map