npm - puls-dev - Versions diffs - 0.1.9 → 0.2.0 - Mend

puls-dev 0.1.9 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

package/README.md +7 -7
package/dist/index.d.ts +0 -7
package/dist/index.js +0 -7
package/dist/providers/aws/index.d.ts +1 -0
package/dist/providers/aws/index.js +1 -0
package/dist/providers/aws/lambda.js +6 -6
package/dist/providers/aws/lambda.test.d.ts +1 -0
package/dist/providers/aws/lambda.test.js +189 -0
package/dist/providers/aws/route53.d.ts +1 -1
package/dist/providers/aws/route53.js +20 -12
package/dist/providers/aws/route53.test.d.ts +1 -0
package/dist/providers/aws/route53.test.js +229 -0
package/dist/providers/aws/s3.d.ts +3 -0
package/dist/providers/aws/s3.js +65 -3
package/dist/providers/aws/s3.test.d.ts +1 -0
package/dist/providers/aws/s3.test.js +172 -0
package/dist/providers/do/api.js +5 -1
package/dist/providers/do/certificate.test.d.ts +1 -0
package/dist/providers/do/certificate.test.js +133 -0
package/dist/providers/do/domain.d.ts +12 -1
package/dist/providers/do/domain.js +129 -13
package/dist/providers/do/domain.test.d.ts +1 -0
package/dist/providers/do/domain.test.js +200 -0
package/dist/providers/do/droplet.js +2 -2
package/dist/providers/do/droplet.test.d.ts +1 -0
package/dist/providers/do/droplet.test.js +265 -0
package/dist/providers/do/firewall.test.d.ts +1 -0
package/dist/providers/do/firewall.test.js +176 -0
package/dist/providers/do/index.d.ts +1 -0
package/dist/providers/do/index.js +1 -0
package/dist/providers/do/load_balancer.d.ts +39 -5
package/dist/providers/do/load_balancer.js +272 -30
package/dist/providers/do/load_balancer.test.d.ts +1 -0
package/dist/providers/do/load_balancer.test.js +269 -0
package/dist/providers/firebase/api.js +2 -2
package/dist/providers/firebase/functions.d.ts +1 -0
package/dist/providers/firebase/functions.js +24 -10
package/dist/providers/firebase/functions.test.d.ts +1 -0
package/dist/providers/firebase/functions.test.js +297 -0
package/dist/providers/firebase/hosting.js +5 -5
package/dist/providers/firebase/hosting.test.d.ts +1 -0
package/dist/providers/firebase/hosting.test.js +181 -0
package/dist/providers/proxmox/index.d.ts +1 -0
package/dist/providers/proxmox/index.js +1 -0
package/dist/providers/proxmox/vm.d.ts +0 -1
package/dist/providers/proxmox/vm.js +4 -50
package/package.json +78 -5

package/dist/providers/aws/s3.js CHANGED Viewed

@@ -1,6 +1,6 @@
-import { readFileSync } from "node:fs";
+import fs from "node:fs";
 import { basename, extname } from "node:path";
-import { HeadBucketCommand, CreateBucketCommand, GetBucketPolicyCommand, PutBucketPolicyCommand, PutObjectCommand, } from "@aws-sdk/client-s3";
+import { HeadBucketCommand, CreateBucketCommand, GetBucketPolicyCommand, PutBucketPolicyCommand, PutObjectCommand, PutBucketWebsiteCommand, PutPublicAccessBlockCommand, } from "@aws-sdk/client-s3";
 import { BaseBuilder } from "../../core/resource.js";
 import { getS3Client } from "./api.js";
 import { Config } from "../../core/config.js";
@@ -10,6 +10,7 @@ export class S3BucketBuilder extends BaseBuilder {
     _allowedDistributions = [];
     _region;
     _uploadPath;
+    _websiteConfig;
     constructor(bucketName) {
         super(bucketName);
         this.bucketName = bucketName;
@@ -48,6 +49,10 @@ export class S3BucketBuilder extends BaseBuilder {
         this._uploadPath = filePath;
         return this;
     }
+    staticSite(indexDocument = "index.html", errorDocument = "error.html") {
+        this._websiteConfig = { index: indexDocument, error: errorDocument };
+        return this;
+    }
     async deploy() {
         const dryRun = this.isDryRunActive();
         const exists = await this.discoveryPromise;
@@ -87,6 +92,34 @@ export class S3BucketBuilder extends BaseBuilder {
                 await this.updateBucketPolicy(s3, newArns);
             }
         }
+        if (this._websiteConfig) {
+            if (dryRun) {
+                console.log(`   📝 [PLAN] Enable static site hosting: index=${this._websiteConfig.index}, error=${this._websiteConfig.error}`);
+                console.log(`   📝 [PLAN] Remove public access block from bucket`);
+                console.log(`   📝 [PLAN] Configure public read bucket policy`);
+            }
+            else {
+                await s3.send(new PutPublicAccessBlockCommand({
+                    Bucket: this.bucketName,
+                    PublicAccessBlockConfiguration: {
+                        BlockPublicAcls: false,
+                        IgnorePublicAcls: false,
+                        BlockPublicPolicy: false,
+                        RestrictPublicBuckets: false,
+                    },
+                }));
+                console.log(`   ✅ Public access block removed`);
+                await s3.send(new PutBucketWebsiteCommand({
+                    Bucket: this.bucketName,
+                    WebsiteConfiguration: {
+                        IndexDocument: { Suffix: this._websiteConfig.index },
+                        ErrorDocument: { Key: this._websiteConfig.error },
+                    },
+                }));
+                console.log(`   ✅ Configured static website hosting`);
+                await this.applyPublicReadPolicy(s3);
+            }
+        }
         if (this._uploadPath) {
             if (dryRun) {
                 console.log(`   📝 [PLAN] Upload ${basename(this._uploadPath)} → s3://${this.bucketName}/`);
@@ -100,7 +133,7 @@ export class S3BucketBuilder extends BaseBuilder {
     }
     async uploadFile(s3, filePath) {
         const key = basename(filePath);
-        const body = readFileSync(filePath);
+        const body = fs.readFileSync(filePath);
         const contentTypeMap = {
             ".json": "application/json",
             ".js": "application/javascript",
@@ -169,4 +202,33 @@ export class S3BucketBuilder extends BaseBuilder {
         for (const arn of newArns)
             console.log(`      └─ ${arn}`);
     }
+    async applyPublicReadPolicy(s3) {
+        let policy = { Version: "2012-10-17", Statement: [] };
+        try {
+            const existing = await s3.send(new GetBucketPolicyCommand({ Bucket: this.bucketName }));
+            if (existing.Policy)
+                policy = JSON.parse(existing.Policy);
+        }
+        catch (e) {
+            if (e.name !== "NoSuchBucketPolicy")
+                throw e;
+        }
+        let stmt = policy.Statement.find((s) => s.Sid === "PublicReadGetObject" ||
+            (s.Effect === "Allow" && s.Principal === "*" && s.Action === "s3:GetObject"));
+        if (!stmt) {
+            stmt = {
+                Sid: "PublicReadGetObject",
+                Effect: "Allow",
+                Principal: "*",
+                Action: "s3:GetObject",
+                Resource: `arn:aws:s3:::${this.bucketName}/*`,
+            };
+            policy.Statement.push(stmt);
+        }
+        await s3.send(new PutBucketPolicyCommand({
+            Bucket: this.bucketName,
+            Policy: JSON.stringify(policy),
+        }));
+        console.log(`   ✅ Public read policy statement applied`);
+    }
 }

package/dist/providers/aws/s3.test.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/providers/aws/s3.test.js ADDED Viewed

@@ -0,0 +1,172 @@
+import { test, describe, beforeEach, afterEach, mock } from 'node:test';
+import assert from 'node:assert';
+import fs from 'node:fs';
+import { S3Client } from '@aws-sdk/client-s3';
+import { S3BucketBuilder } from './s3.js';
+import { Config } from '../../core/config.js';
+describe('S3BucketBuilder Unit Tests', () => {
+    let originalSend;
+    let s3Calls = [];
+    let mockS3Responses = {};
+    beforeEach(() => {
+        Config.set({
+            dryRun: false,
+            providers: {
+                aws: { region: 'us-east-1' }
+            }
+        });
+        s3Calls = [];
+        mockS3Responses = {};
+        originalSend = S3Client.prototype.send;
+        // Zero-dependency override on prototype to intercept S3 commands
+        S3Client.prototype.send = async function (command) {
+            const commandName = command.constructor.name;
+            const input = command.input;
+            s3Calls.push({ commandName, input });
+            if (mockS3Responses[commandName]) {
+                const handler = mockS3Responses[commandName];
+                if (typeof handler === 'function') {
+                    return handler(input);
+                }
+                if (handler instanceof Error) {
+                    throw handler;
+                }
+                return handler;
+            }
+            return {};
+        };
+        mock.method(fs, 'readFileSync', () => {
+            return Buffer.from('hello from s3 site');
+        });
+    });
+    afterEach(() => {
+        S3Client.prototype.send = originalSend;
+        mock.restoreAll();
+    });
+    test('gracefully handles discovery when bucket does not exist', async () => {
+        const notFoundError = new Error('NoSuchBucket');
+        notFoundError.name = 'NotFound';
+        notFoundError.$metadata = { httpStatusCode: 404 };
+        mockS3Responses['HeadBucketCommand'] = notFoundError;
+        const builder = new S3BucketBuilder('my-bucket');
+        const discoveryResult = await builder.discoveryPromise;
+        assert.strictEqual(discoveryResult, false);
+        assert.strictEqual(s3Calls.length, 1);
+        assert.strictEqual(s3Calls[0].commandName, 'HeadBucketCommand');
+        assert.strictEqual(s3Calls[0].input.Bucket, 'my-bucket');
+    });
+    test('discovers bucket successfully when it exists', async () => {
+        mockS3Responses['HeadBucketCommand'] = {};
+        const builder = new S3BucketBuilder('my-bucket');
+        const discoveryResult = await builder.discoveryPromise;
+        assert.strictEqual(discoveryResult, true);
+        assert.strictEqual(s3Calls.length, 1);
+        assert.strictEqual(s3Calls[0].commandName, 'HeadBucketCommand');
+    });
+    test('performs clean dry-run planning without making write requests', async () => {
+        Config.set({
+            dryRun: true,
+            providers: { aws: { region: 'us-east-1' } }
+        });
+        const notFoundError = new Error('NoSuchBucket');
+        notFoundError.name = 'NotFound';
+        notFoundError.$metadata = { httpStatusCode: 404 };
+        mockS3Responses['HeadBucketCommand'] = notFoundError;
+        const builder = new S3BucketBuilder('my-bucket');
+        builder.versioning().upload('/path/to/index.html');
+        const result = await builder.deploy();
+        assert.ok(result);
+        assert.strictEqual(result.name, 'my-bucket');
+        // Asserts HeadBucket was called for discovery, but no CreateBucket or PutObject
+        assert.strictEqual(s3Calls.filter(c => c.commandName !== 'HeadBucketCommand').length, 0);
+    });
+    test('deploys new bucket when missing', async () => {
+        const notFoundError = new Error('NoSuchBucket');
+        notFoundError.name = 'NotFound';
+        notFoundError.$metadata = { httpStatusCode: 404 };
+        mockS3Responses['HeadBucketCommand'] = notFoundError;
+        mockS3Responses['CreateBucketCommand'] = {};
+        const builder = new S3BucketBuilder('my-bucket');
+        const result = await builder.deploy();
+        assert.ok(result);
+        assert.strictEqual(result.name, 'my-bucket');
+        const createCall = s3Calls.find(c => c.commandName === 'CreateBucketCommand');
+        assert.ok(createCall);
+        assert.strictEqual(createCall.input.Bucket, 'my-bucket');
+    });
+    test('deploys static site with public access unblocking, website configuration, and public read policy', async () => {
+        const notFoundError = new Error('NoSuchBucket');
+        notFoundError.name = 'NotFound';
+        notFoundError.$metadata = { httpStatusCode: 404 };
+        mockS3Responses['HeadBucketCommand'] = notFoundError;
+        mockS3Responses['CreateBucketCommand'] = {};
+        mockS3Responses['PutPublicAccessBlockCommand'] = {};
+        mockS3Responses['PutBucketWebsiteCommand'] = {};
+        mockS3Responses['GetBucketPolicyCommand'] = new Error('NoSuchBucketPolicy');
+        mockS3Responses['GetBucketPolicyCommand'].name = 'NoSuchBucketPolicy';
+        mockS3Responses['PutBucketPolicyCommand'] = {};
+        const builder = new S3BucketBuilder('my-web-bucket');
+        builder.staticSite('index.html', 'error.html');
+        const result = await builder.deploy();
+        assert.ok(result);
+        // Verify Public Access Block removal
+        const blockCall = s3Calls.find(c => c.commandName === 'PutPublicAccessBlockCommand');
+        assert.ok(blockCall);
+        assert.deepStrictEqual(blockCall.input.PublicAccessBlockConfiguration, {
+            BlockPublicAcls: false,
+            IgnorePublicAcls: false,
+            BlockPublicPolicy: false,
+            RestrictPublicBuckets: false,
+        });
+        // Verify website configurations
+        const websiteCall = s3Calls.find(c => c.commandName === 'PutBucketWebsiteCommand');
+        assert.ok(websiteCall);
+        assert.deepStrictEqual(websiteCall.input.WebsiteConfiguration, {
+            IndexDocument: { Suffix: 'index.html' },
+            ErrorDocument: { Key: 'error.html' },
+        });
+        // Verify public read bucket policy upload
+        const policyCall = s3Calls.find(c => c.commandName === 'PutBucketPolicyCommand');
+        assert.ok(policyCall);
+        const parsedPolicy = JSON.parse(policyCall.input.Policy);
+        const stmt = parsedPolicy.Statement.find((s) => s.Sid === 'PublicReadGetObject');
+        assert.ok(stmt);
+        assert.strictEqual(stmt.Effect, 'Allow');
+        assert.strictEqual(stmt.Principal, '*');
+        assert.strictEqual(stmt.Resource, 'arn:aws:s3:::my-web-bucket/*');
+    });
+    test('attaches OAC CloudFront policy integration correctly', async () => {
+        mockS3Responses['HeadBucketCommand'] = {};
+        mockS3Responses['GetBucketPolicyCommand'] = new Error('NoSuchBucketPolicy');
+        mockS3Responses['GetBucketPolicyCommand'].name = 'NoSuchBucketPolicy';
+        mockS3Responses['PutBucketPolicyCommand'] = {};
+        const mockCdn = {
+            name: 'my-cdn',
+            resolvedArn: 'arn:aws:cloudfront::123456789012:distribution/ED12345'
+        };
+        const builder = new S3BucketBuilder('my-bucket');
+        builder.allowFrom(mockCdn);
+        await builder.deploy();
+        const policyCall = s3Calls.find(c => c.commandName === 'PutBucketPolicyCommand');
+        assert.ok(policyCall);
+        const parsedPolicy = JSON.parse(policyCall.input.Policy);
+        const stmt = parsedPolicy.Statement.find((s) => s.Principal.Service === 'cloudfront.amazonaws.com');
+        assert.ok(stmt);
+        assert.strictEqual(stmt.Effect, 'Allow');
+        const sourceArns = stmt.Condition.StringEquals['AWS:SourceArn'];
+        assert.deepStrictEqual(sourceArns, ['arn:aws:cloudfront::123456789012:distribution/ED12345']);
+    });
+    test('uploads local file with mapped content type', async () => {
+        mockS3Responses['HeadBucketCommand'] = {};
+        mockS3Responses['PutObjectCommand'] = {};
+        const builder = new S3BucketBuilder('my-bucket');
+        builder.upload('/path/to/my-page.html');
+        await builder.deploy();
+        const uploadCall = s3Calls.find(c => c.commandName === 'PutObjectCommand');
+        assert.ok(uploadCall);
+        assert.strictEqual(uploadCall.input.Bucket, 'my-bucket');
+        assert.strictEqual(uploadCall.input.Key, 'my-page.html');
+        assert.strictEqual(uploadCall.input.ContentType, 'text/html');
+        assert.deepStrictEqual(uploadCall.input.Body, Buffer.from('hello from s3 site'));
+    });
+});

package/dist/providers/do/api.js CHANGED Viewed

@@ -6,7 +6,11 @@ export class DoApiClient {
         this.token = token;
     }
     get authHeaders() {
-        return { Authorization: `Bearer ${this.token}`, 'Content-Type': 'application/json' };
+        return {
+            Authorization: `Bearer ${this.token}`,
+            'Content-Type': 'application/json',
+            'Accept-Encoding': 'identity'
+        };
     }
     async get(path) {
         const res = await fetch(`${DoApiClient.BASE}${path}`, { headers: this.authHeaders });

package/dist/providers/do/certificate.test.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/providers/do/certificate.test.js ADDED Viewed

@@ -0,0 +1,133 @@
+import { test, describe, beforeEach, afterEach } from 'node:test';
+import assert from 'node:assert';
+import { CertificateBuilder } from './certificate.js';
+import { Config } from '../../core/config.js';
+describe('CertificateBuilder Unit Tests', () => {
+    let originalFetch;
+    let fetchCalls = [];
+    let mockResponses = {};
+    beforeEach(() => {
+        Config.set({
+            dryRun: false,
+            providers: {
+                do: { token: 'fake-do-token' }
+            }
+        });
+        originalFetch = globalThis.fetch;
+        fetchCalls = [];
+        mockResponses = {};
+        globalThis.fetch = async (input, init) => {
+            const url = String(input);
+            const method = init?.method ?? 'GET';
+            const body = init?.body ? JSON.parse(init.body) : undefined;
+            const headers = init?.headers;
+            fetchCalls.push({ url, method, body, headers });
+            const matchKey = Object.keys(mockResponses).find(key => {
+                const [mMethod, mPath] = key.split(' ');
+                return method === mMethod && url.includes(mPath);
+            });
+            if (matchKey) {
+                const resp = mockResponses[matchKey];
+                return {
+                    ok: resp.status >= 200 && resp.status < 300,
+                    status: resp.status,
+                    json: async () => resp.body,
+                    text: async () => JSON.stringify(resp.body),
+                };
+            }
+            return {
+                ok: false,
+                status: 404,
+                json: async () => ({ message: 'Not found' }),
+                text: async () => 'Not found',
+            };
+        };
+    });
+    afterEach(() => {
+        globalThis.fetch = originalFetch;
+    });
+    test('gracefully handles discovery when certificate does not exist', async () => {
+        mockResponses['GET /certificates'] = {
+            status: 200,
+            body: { certificates: [] }
+        };
+        const builder = new CertificateBuilder('example.com');
+        const discoveryResult = await builder.discoveryPromise;
+        assert.strictEqual(discoveryResult, null);
+        assert.strictEqual(fetchCalls.length, 1);
+        assert.strictEqual(fetchCalls[0].method, 'GET');
+        assert.ok(fetchCalls[0].url.endsWith('/certificates?per_page=200'));
+    });
+    test('discovers certificate successfully when it exists', async () => {
+        mockResponses['GET /certificates'] = {
+            status: 200,
+            body: {
+                certificates: [
+                    { id: 'cert-123', name: 'ssl-example.com', state: 'active' }
+                ]
+            }
+        };
+        const builder = new CertificateBuilder('example.com');
+        const discoveryResult = await builder.discoveryPromise;
+        assert.ok(discoveryResult);
+        assert.strictEqual(discoveryResult.id, 'cert-123');
+        assert.strictEqual(discoveryResult.name, 'ssl-example.com');
+    });
+    test('performs clean dry-run planning without making write requests', async () => {
+        Config.set({
+            dryRun: true,
+            providers: { do: { token: 'fake-token' } }
+        });
+        mockResponses['GET /certificates'] = {
+            status: 200,
+            body: { certificates: [] }
+        };
+        const builder = new CertificateBuilder('example.com');
+        const result = await builder.deploy();
+        assert.ok(result);
+        assert.strictEqual(result.name, 'ssl-example.com');
+        const writeCalls = fetchCalls.filter(c => c.method !== 'GET');
+        assert.strictEqual(writeCalls.length, 0);
+    });
+    test('deploys new certificate when missing', async () => {
+        mockResponses['GET /certificates'] = {
+            status: 200,
+            body: { certificates: [] }
+        };
+        mockResponses['POST /certificates'] = {
+            status: 201,
+            body: {
+                certificate: { id: 'cert-789', name: 'ssl-example.com', type: 'lets_encrypt' }
+            }
+        };
+        const builder = new CertificateBuilder('example.com');
+        const result = await builder.deploy();
+        assert.ok(result);
+        assert.strictEqual(result.id, 'cert-789');
+        const postCall = fetchCalls.find(c => c.method === 'POST');
+        assert.ok(postCall);
+        assert.ok(postCall.url.endsWith('/certificates'));
+        assert.deepStrictEqual(postCall.body, {
+            name: 'ssl-example.com',
+            type: 'lets_encrypt',
+            dns_names: ['*.example.com', 'example.com']
+        });
+    });
+    test('skips certificate deployment if certificate already exists', async () => {
+        mockResponses['GET /certificates'] = {
+            status: 200,
+            body: {
+                certificates: [
+                    { id: 'cert-123', name: 'ssl-example.com', state: 'active' }
+                ]
+            }
+        };
+        const builder = new CertificateBuilder('example.com');
+        const result = await builder.deploy();
+        assert.ok(result);
+        assert.strictEqual(result.id, 'cert-123');
+        // Only GET discovery should have run, no writes
+        const writeCalls = fetchCalls.filter(c => c.method !== 'GET');
+        assert.strictEqual(writeCalls.length, 0);
+    });
+});

package/dist/providers/do/domain.d.ts CHANGED Viewed

@@ -2,9 +2,14 @@ import { BaseBuilder } from "../../core/resource.js";
 import { Output } from "../../core/output.js";
 import { DropletBuilder } from "./droplet.js";
 export interface DNSRecord {
-    type: "A" | "CNAME" | "TXT" | "MX";
+    type: "A" | "CNAME" | "TXT" | "MX" | "AAAA" | "SRV" | "CAA";
     name: string;
     value: string | DropletBuilder | Output<string>;
+    priority?: number;
+    port?: number;
+    weight?: number;
+    flags?: number;
+    tag?: string;
 }
 export declare class DomainBuilder extends BaseBuilder {
     domainName: string;
@@ -14,8 +19,14 @@ export declare class DomainBuilder extends BaseBuilder {
     withSSL(): this;
     pointer(name: string, target: DropletBuilder | Output<string> | string): this;
     cname(name: string, target: string): this;
+    aaaa(name: string, target: string | Output<string>): this;
+    txt(name: string, target: string): this;
+    mx(name: string, target: string, priority?: number): this;
+    srv(name: string, target: string, port: number, priority?: number, weight?: number): this;
+    caa(name: string, tag: string, target: string, flags?: number): this;
     deploy(): Promise<{
         domain: string;
         records: DNSRecord[];
     }>;
+    destroy(): Promise<any>;
 }

package/dist/providers/do/domain.js CHANGED Viewed

@@ -35,6 +35,26 @@ export class DomainBuilder extends BaseBuilder {
         this.records.push({ type: "CNAME", name, value: target });
         return this;
     }
+    aaaa(name, target) {
+        this.records.push({ type: "AAAA", name, value: target });
+        return this;
+    }
+    txt(name, target) {
+        this.records.push({ type: "TXT", name, value: target });
+        return this;
+    }
+    mx(name, target, priority = 10) {
+        this.records.push({ type: "MX", name, value: target, priority });
+        return this;
+    }
+    srv(name, target, port, priority = 10, weight = 10) {
+        this.records.push({ type: "SRV", name, value: target, port, priority, weight });
+        return this;
+    }
+    caa(name, tag, target, flags = 0) {
+        this.records.push({ type: "CAA", name, value: target, tag, flags });
+        return this;
+    }
     async deploy() {
         const dryRun = this.isDryRunActive();
         const existing = await this.discoveryPromise;
@@ -49,6 +69,19 @@ export class DomainBuilder extends BaseBuilder {
                 console.log(`🚀 Created domain ${this.domainName}`);
             }
         }
+        // Fetch existing records in a single batch
+        let existingRecords = [];
+        if (existing) {
+            try {
+                const res = await api.get(`/domains/${this.domainName}/records?per_page=200`);
+                existingRecords = res.domain_records;
+            }
+            catch {
+                existingRecords = [];
+            }
+        }
+        // Track matched existing records
+        const consumedRecordIds = new Set();
         for (const record of this.records) {
             let data;
             if (record.value instanceof Output) {
@@ -62,24 +95,107 @@ export class DomainBuilder extends BaseBuilder {
             else {
                 data = record.value;
             }
-            if (dryRun) {
-                console.log(`   📝 [PLAN] ${record.type} ${record.name}.${this.domainName} → ${data}`);
+            const targetPriority = record.priority ?? null;
+            const targetPort = record.port ?? null;
+            const targetWeight = record.weight ?? null;
+            const targetFlags = record.flags ?? null;
+            const targetTag = record.tag ?? null;
+            // 1. Check for a perfect match
+            const perfectMatch = existingRecords.find((r) => {
+                if (consumedRecordIds.has(r.id))
+                    return false;
+                return (r.type === record.type &&
+                    r.name === record.name &&
+                    String(r.data) === String(data) &&
+                    (r.priority ?? null) === targetPriority &&
+                    (r.port ?? null) === targetPort &&
+                    (r.weight ?? null) === targetWeight &&
+                    (r.flags ?? null) === targetFlags &&
+                    (r.tag ?? null) === targetTag);
+            });
+            if (perfectMatch) {
+                consumedRecordIds.add(perfectMatch.id);
+                console.log(`   ✅ ${record.type} ${record.name}.${this.domainName} is up to date (→ ${data})`);
                 continue;
             }
-            // Delete existing record with same type+name before creating
-            const existing_records = await api.get(`/domains/${this.domainName}/records?per_page=200`);
-            const dupe = existing_records.domain_records.find((r) => r.type === record.type && r.name === record.name);
-            if (dupe)
-                await api.delete(`/domains/${this.domainName}/records/${dupe.id}`);
-            await api.post(`/domains/${this.domainName}/records`, {
-                type: record.type,
-                name: record.name,
-                data,
-                ttl: 3600,
+            // 2. Look for updateable match (same type and name, different data)
+            const updateableMatch = existingRecords.find((r) => {
+                if (consumedRecordIds.has(r.id))
+                    return false;
+                return r.type === record.type && r.name === record.name;
             });
-            console.log(`   ✅ ${record.type} ${record.name}.${this.domainName} → ${data}`);
+            if (updateableMatch) {
+                consumedRecordIds.add(updateableMatch.id);
+                if (dryRun) {
+                    console.log(`   📝 [PLAN] Update ${record.type} ${record.name}.${this.domainName} → ${data} (was ${updateableMatch.data})`);
+                }
+                else {
+                    await api.put(`/domains/${this.domainName}/records/${updateableMatch.id}`, {
+                        type: record.type,
+                        name: record.name,
+                        data,
+                        ttl: 3600,
+                        priority: targetPriority,
+                        port: targetPort,
+                        weight: targetWeight,
+                        flags: targetFlags,
+                        tag: targetTag,
+                    });
+                    console.log(`   🔄 Updated ${record.type} ${record.name}.${this.domainName} → ${data}`);
+                }
+            }
+            else {
+                // 3. No match found, create a new record
+                if (dryRun) {
+                    console.log(`   📝 [PLAN] Create ${record.type} ${record.name}.${this.domainName} → ${data}`);
+                }
+                else {
+                    await api.post(`/domains/${this.domainName}/records`, {
+                        type: record.type,
+                        name: record.name,
+                        data,
+                        ttl: 3600,
+                        priority: targetPriority,
+                        port: targetPort,
+                        weight: targetWeight,
+                        flags: targetFlags,
+                        tag: targetTag,
+                    });
+                    console.log(`   🚀 Created ${record.type} ${record.name}.${this.domainName} → ${data}`);
+                }
+            }
+        }
+        // 4. Delete duplicate/stale records of the types we declared
+        const declaredTypesAndNames = new Set(this.records.map((r) => `${r.type}:${r.name}`));
+        for (const r of existingRecords) {
+            if (consumedRecordIds.has(r.id))
+                continue;
+            if (declaredTypesAndNames.has(`${r.type}:${r.name}`)) {
+                if (dryRun) {
+                    console.log(`   📝 [PLAN] Delete stale ${r.type} ${r.name}.${this.domainName} (→ ${r.data})`);
+                }
+                else {
+                    await api.delete(`/domains/${this.domainName}/records/${r.id}`);
+                    console.log(`   🗑️  Deleted stale ${r.type} ${r.name}.${this.domainName}`);
+                }
+            }
         }
         await this.deploySidecars();
         return { domain: this.domainName, records: this.records };
     }
+    async destroy() {
+        const dryRun = this.isDryRunActive();
+        await this.discoveryPromise;
+        console.log(`\n🗑️  Destroying DNS domain "${this.domainName}"...`);
+        if (dryRun) {
+            console.log(`   📝 [PLAN] Would delete domain ${this.domainName}`);
+        }
+        else {
+            const api = getDoApi();
+            await api.delete(`/domains/${this.domainName}`);
+            console.log(`   ✅ Deleted.`);
+        }
+        await this.destroySidecars();
+        return { destroyed: this.domainName };
+    }
 }

package/dist/providers/do/domain.test.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};