puls-dev 0.2.7 → 0.2.9

package/dist/providers/aws/template.js

@@ -0,0 +1,252 @@
+import { DescribeImagesCommand, DeregisterImageCommand, DeleteSnapshotCommand, RunInstancesCommand, DescribeInstancesCommand, StopInstancesCommand, CreateImageCommand, CreateTagsCommand, TerminateInstancesCommand, } from "@aws-sdk/client-ec2";
+import { BaseBuilder } from "../../core/resource.js";
+import { Output } from "../../core/output.js";
+import { getEC2Client } from "./api.js";
+import { checkPort, runProvisioner } from "../../core/provisioner.js";
+import { getFileHash } from "../proxmox/hash.js";
+import { parseAwsTagsForProvision, mergeAwsTagsForProvision } from "./ec2.js";
+export class EC2TemplateBuilder extends BaseBuilder {
+    out = {
+        amiId: new Output(),
+    };
+    _baseImage = "ami-0c55b159cbfafe1f0"; // Default standard Ubuntu 22.04 LTS
+    _instanceType = "t3.micro";
+    _subnetId;
+    _securityGroupIds;
+    _sshPrivateKeyPath;
+    _keyName;
+    _provision = [];
+    constructor(name) {
+        super(name);
+        this.discoveryPromise = this.discoverAMI();
+    }
+    baseImage(amiId) {
+        this._baseImage = amiId;
+        return this;
+    }
+    instanceType(type) {
+        this._instanceType = type;
+        return this;
+    }
+    subnetId(id) {
+        this._subnetId = id;
+        return this;
+    }
+    securityGroupIds(ids) {
+        this._securityGroupIds = ids;
+        return this;
+    }
+    sshPrivateKey(path) {
+        this._sshPrivateKeyPath = path;
+        return this;
+    }
+    keyName(name) {
+        this._keyName = name;
+        return this;
+    }
+    provision(...playbookPaths) {
+        this._provision.push(...playbookPaths.flat());
+        return this;
+    }
+    async discoverAMI() {
+        try {
+            const client = getEC2Client();
+            const res = await client.send(new DescribeImagesCommand({
+                Filters: [
+                    { Name: "name", Values: [this.name] },
+                    { Name: "state", Values: ["available", "pending"] },
+                ],
+                Owners: ["self"],
+            }));
+            return res.Images?.[0] ?? null;
+        }
+        catch (e) {
+            if (e.name === "CredentialsProviderError" ||
+                e.message?.includes("credentials not configured")) {
+                return null;
+            }
+            throw e;
+        }
+    }
+    async checkPort(ip, port) {
+        return checkPort(ip, port);
+    }
+    async runProvisioner(ip, script) {
+        if (!this._sshPrivateKeyPath) {
+            throw new Error(`[EC2TemplateBuilder:${this.name}] sshPrivateKey(path) is required to run playbook provisioning.`);
+        }
+        return runProvisioner(ip, "ubuntu", this._sshPrivateKeyPath, script);
+    }
+    async deploy() {
+        const dryRun = this.isDryRunActive();
+        const existing = await this.discoveryPromise;
+        const client = getEC2Client();
+        const declaredPlaybooksWithHashes = this._provision.map((p) => {
+            const baseName = p.split("/").pop() ?? p;
+            const slug = baseName.toLowerCase().replace(/[^a-z0-9_-]/g, "-");
+            return { path: p, slug, hash: getFileHash(p) };
+        });
+        if (existing) {
+            this.out.amiId.resolve(existing.ImageId);
+            // Check if playbooks differ
+            const appliedHashes = parseAwsTagsForProvision(existing.Tags);
+            const hasChanges = declaredPlaybooksWithHashes.some((p) => {
+                const appliedHash = appliedHashes[p.slug];
+                return !appliedHash || appliedHash !== p.hash;
+            });
+            if (!hasChanges) {
+                console.log(`\n🔍 AWS AMI Template "${this.name}"...`);
+                console.log(`   ✅ Custom AMI "${this.name}" already exists and matches defined state.`);
+                return { name: this.name, amiId: existing.ImageId };
+            }
+            console.log(`\n⏳ Finalizing AWS AMI Template "${this.name}"...`);
+            console.log(`   🔄 Template playbook hashes changed. Deregistering old custom AMI...`);
+            if (dryRun) {
+                console.log(`   📝 [PLAN] Would deregister AMI "${this.name}" (${existing.ImageId}) and rebuild.`);
+                return { name: this.name, amiId: "PENDING" };
+            }
+            else {
+                await client.send(new DeregisterImageCommand({ ImageId: existing.ImageId }));
+                const mappings = existing.BlockDeviceMappings ?? [];
+                for (const mapping of mappings) {
+                    const snapshotId = mapping.Ebs?.SnapshotId;
+                    if (snapshotId) {
+                        try {
+                            await client.send(new DeleteSnapshotCommand({ SnapshotId: snapshotId }));
+                        }
+                        catch (err) {
+                            console.warn(`   ⚠️  Could not delete snapshot ${snapshotId}: ${err.message}`);
+                        }
+                    }
+                }
+            }
+        }
+        console.log(`\n⏳ Finalizing AWS AMI Template "${this.name}"...`);
+        const initialHashes = {};
+        for (const p of declaredPlaybooksWithHashes) {
+            initialHashes[p.slug] = p.hash;
+        }
+        const initialMetadataVal = mergeAwsTagsForProvision(initialHashes);
+        if (dryRun) {
+            console.log(`   📝 [PLAN] Bake AWS AMI Template "${this.name}"`);
+            console.log(`      └─ Base Image: ${this._baseImage}  Instance Type: ${this._instanceType}`);
+            if (this._provision.length > 0) {
+                console.log(`      └─ Provision: ${this._provision.join(", ")}`);
+            }
+            this.out.amiId.resolve("PENDING");
+            return { name: this.name, amiId: "PENDING" };
+        }
+        // Spawn temporary instance to bake
+        console.log(`🚀 Spawning temporary VM "puls-bake-temp-${this.name}" to bake custom AMI...`);
+        const runRes = await client.send(new RunInstancesCommand({
+            ImageId: this._baseImage,
+            InstanceType: this._instanceType,
+            MinCount: 1,
+            MaxCount: 1,
+            KeyName: this._keyName,
+            SubnetId: this._subnetId,
+            SecurityGroupIds: this._securityGroupIds,
+            TagSpecifications: [
+                {
+                    ResourceType: "instance",
+                    Tags: [
+                        { Key: "Name", Value: `puls-bake-temp-${this.name}` },
+                    ],
+                },
+            ],
+        }));
+        const instanceId = runRes.Instances?.[0]?.InstanceId;
+        if (!instanceId)
+            throw new Error("Failed to retrieve instance ID from RunInstancesCommand");
+        // Wait until running and IP is resolved
+        let resolvedIp;
+        await this.waitFor(`temporary instance "${instanceId}" to start running`, async () => {
+            const result = await client.send(new DescribeInstancesCommand({ InstanceIds: [instanceId] }));
+            const inst = result.Reservations?.[0]?.Instances?.[0];
+            if (inst && inst.State?.Name === "running") {
+                resolvedIp = inst.PublicIpAddress ?? inst.PrivateIpAddress ?? undefined;
+                return !!resolvedIp;
+            }
+            return false;
+        }, { intervalMs: 10_000, timeoutMs: 300_000 });
+        if (!resolvedIp) {
+            throw new Error(`Failed to resolve IP for temporary instance "${instanceId}"`);
+        }
+        // Provision the instance
+        if (this._provision.length > 0) {
+            await this.waitFor(`SSH on ${resolvedIp} to be ready`, () => this.checkPort(resolvedIp, 22), { intervalMs: 10_000, timeoutMs: 300_000 });
+            for (const playbook of this._provision) {
+                await this.runProvisioner(resolvedIp, playbook);
+            }
+        }
+        // Stop temporary instance
+        console.log(`   🛑 Stopping temporary instance "${instanceId}"...`);
+        await client.send(new StopInstancesCommand({ InstanceIds: [instanceId] }));
+        await this.waitFor(`temporary instance to stop`, async () => {
+            const result = await client.send(new DescribeInstancesCommand({ InstanceIds: [instanceId] }));
+            const inst = result.Reservations?.[0]?.Instances?.[0];
+            return inst?.State?.Name === "stopped";
+        }, { intervalMs: 10_000, timeoutMs: 300_000 });
+        // Bake AMI
+        console.log(`   💾 Baking custom AMI "${this.name}" from instance "${instanceId}"...`);
+        const amiRes = await client.send(new CreateImageCommand({
+            InstanceId: instanceId,
+            Name: this.name,
+            Description: `Puls Golden Image Template - ${this.name}`,
+            NoReboot: true,
+        }));
+        const newAmiId = amiRes.ImageId;
+        if (!newAmiId)
+            throw new Error("Failed to bake custom AMI from instance");
+        // Wait until AMI is available
+        await this.waitFor(`custom AMI "${newAmiId}" to become available`, async () => {
+            const result = await client.send(new DescribeImagesCommand({ ImageIds: [newAmiId] }));
+            const img = result.Images?.[0];
+            return img?.State === "available";
+        }, { intervalMs: 15_000, timeoutMs: 600_000 });
+        // Tag the AMI
+        await client.send(new CreateTagsCommand({
+            Resources: [newAmiId],
+            Tags: [
+                { Key: "Name", Value: this.name },
+                ...(initialMetadataVal ? [{ Key: "puls-provision", Value: initialMetadataVal }] : []),
+            ],
+        }));
+        console.log(`   ✅ Custom AMI "${this.name}" (${newAmiId}) baked successfully.`);
+        // Clean up temporary instance
+        console.log(`   🧹 Terminating temporary provisioning instance "${instanceId}"...`);
+        await client.send(new TerminateInstancesCommand({ InstanceIds: [instanceId] }));
+        this.out.amiId.resolve(newAmiId);
+        return { name: this.name, amiId: newAmiId };
+    }
+    async destroy() {
+        const dryRun = this.isDryRunActive();
+        const existing = await this.discoveryPromise;
+        const client = getEC2Client();
+        console.log(`\n🗑️  Destroying AWS AMI Template "${this.name}"...`);
+        if (!existing) {
+            console.log(`   ─  AWS AMI Template "${this.name}" not found`);
+            return { destroyed: false };
+        }
+        if (dryRun) {
+            console.log(`   📝 [PLAN] Deregister AWS AMI "${this.name}" (id=${existing.ImageId})`);
+            return { destroyed: this.name };
+        }
+        console.log(`   🔄 Deregistering AWS AMI "${this.name}" (id=${existing.ImageId})...`);
+        await client.send(new DeregisterImageCommand({ ImageId: existing.ImageId }));
+        const mappings = existing.BlockDeviceMappings ?? [];
+        for (const mapping of mappings) {
+            const snapshotId = mapping.Ebs?.SnapshotId;
+            if (snapshotId) {
+                try {
+                    await client.send(new DeleteSnapshotCommand({ SnapshotId: snapshotId }));
+                }
+                catch {
+                    // Ignore safely
+                }
+            }
+        }
+        console.log(`   🗑️  Removed AWS AMI Template "${this.name}"`);
+        return { destroyed: this.name };
+    }
+}

package/dist/providers/aws/template.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/providers/aws/template.test.js

@@ -0,0 +1,208 @@
+import { test, describe, beforeEach, afterEach, mock } from "node:test";
+import assert from "node:assert";
+import { EC2Client } from "@aws-sdk/client-ec2";
+import { EC2TemplateBuilder } from "./template.js";
+import { EC2VMBuilder } from "./ec2.js";
+import { Config } from "../../core/config.js";
+import { getFileHash } from "../proxmox/hash.js";
+import { Stack } from "../../core/stack.js";
+describe("AWS EC2TemplateBuilder Unit Tests", () => {
+    let originalSend;
+    let clientCalls = [];
+    let mockResponses = {};
+    beforeEach(() => {
+        Config.set({
+            dryRun: false,
+            providers: {
+                aws: { region: "us-east-1" },
+            },
+        });
+        clientCalls = [];
+        mockResponses = {};
+        originalSend = EC2Client.prototype.send;
+        EC2Client.prototype.send = async function (command) {
+            const name = command.constructor.name;
+            clientCalls.push({ method: name, input: command.input });
+            if (mockResponses[name] !== undefined) {
+                const handler = mockResponses[name];
+                if (typeof handler === "function")
+                    return handler(command.input);
+                return handler;
+            }
+            if (name === "DescribeImagesCommand") {
+                return { Images: [] };
+            }
+            if (name === "DescribeInstancesCommand") {
+                return { Reservations: [] };
+            }
+            if (name === "RunInstancesCommand") {
+                return { Instances: [{ InstanceId: "i-temp123" }] };
+            }
+            if (name === "CreateImageCommand") {
+                return { ImageId: "ami-custom456" };
+            }
+            return {};
+        };
+    });
+    afterEach(() => {
+        EC2Client.prototype.send = originalSend;
+    });
+    test("gracefully handles discovery when Template does not exist", async () => {
+        const template = new EC2TemplateBuilder("my-golden-image");
+        const existing = await template.discoveryPromise;
+        assert.strictEqual(existing, null);
+    });
+    test("discovers existing Template and skips deployment if hashes match (Idempotence)", async () => {
+        const nginxHash = getFileHash("playbooks/nginx.yaml");
+        mockResponses["DescribeImagesCommand"] = {
+            Images: [
+                {
+                    ImageId: "ami-golden123",
+                    State: "available",
+                    Tags: [
+                        { Key: "Name", Value: "my-docker-base" },
+                        { Key: "puls-provision", Value: `nginx-yaml=${nginxHash}` },
+                    ],
+                },
+            ],
+        };
+        const template = new EC2TemplateBuilder("my-docker-base")
+            .provision("playbooks/nginx.yaml");
+        const result = await template.deploy();
+        assert.strictEqual(result.amiId, "ami-golden123");
+        // Ensure no RunInstances or CreateImage calls were made
+        const writes = clientCalls.filter(c => c.method === "RunInstancesCommand" || c.method === "CreateImageCommand");
+        assert.strictEqual(writes.length, 0);
+    });
+    test("purges and rebuilds template if playbooks differ", async () => {
+        mockResponses["DescribeImagesCommand"] = (input) => {
+            // If querying the target name "my-docker-base"
+            if (input.Filters?.some((f) => f.Name === "name" && f.Values?.includes("my-docker-base"))) {
+                return {
+                    Images: [
+                        {
+                            ImageId: "ami-old555",
+                            State: "available",
+                            Tags: [
+                                { Key: "Name", Value: "my-docker-base" },
+                                { Key: "puls-provision", Value: "nginx-yaml=outdated" },
+                            ],
+                            BlockDeviceMappings: [
+                                { Ebs: { SnapshotId: "snap-old999" } }
+                            ],
+                        },
+                    ],
+                };
+            }
+            // If querying the baked template status "ami-custom456"
+            if (input.ImageIds?.includes("ami-custom456")) {
+                return {
+                    Images: [{ ImageId: "ami-custom456", State: "available" }]
+                };
+            }
+            return { Images: [] };
+        };
+        let describeInstanceCount = 0;
+        mockResponses["DescribeInstancesCommand"] = () => {
+            describeInstanceCount++;
+            return {
+                Reservations: [
+                    {
+                        Instances: [
+                            {
+                                InstanceId: "i-temp123",
+                                State: { Name: describeInstanceCount > 1 ? "stopped" : "running" },
+                                PublicIpAddress: "34.20.10.99",
+                            }
+                        ]
+                    }
+                ]
+            };
+        };
+        const template = new EC2TemplateBuilder("my-docker-base")
+            .provision("playbooks/nginx.yaml");
+        template.waitFor = async (label, condition) => {
+            return await condition();
+        };
+        template.checkPort = async () => true;
+        const provisionSpy = mock.method(template, "runProvisioner", async () => { });
+        const result = await template.deploy();
+        assert.strictEqual(result.amiId, "ami-custom456");
+        // Verify Deregister and Snapshot delete called
+        const deregisterCall = clientCalls.find(c => c.method === "DeregisterImageCommand");
+        assert.ok(deregisterCall);
+        assert.strictEqual(deregisterCall.input.ImageId, "ami-old555");
+        const deleteSnapCall = clientCalls.find(c => c.method === "DeleteSnapshotCommand");
+        assert.ok(deleteSnapCall);
+        assert.strictEqual(deleteSnapCall.input.SnapshotId, "snap-old999");
+        // Verify temp instance was created, stopped, image created, and terminated
+        assert.ok(clientCalls.some(c => c.method === "RunInstancesCommand"));
+        assert.ok(clientCalls.some(c => c.method === "StopInstancesCommand"));
+        assert.ok(clientCalls.some(c => c.method === "CreateImageCommand"));
+        assert.ok(clientCalls.some(c => c.method === "TerminateInstancesCommand"));
+        // Verify provision script ran on resolved temporary instance IP
+        assert.strictEqual(provisionSpy.mock.callCount(), 1);
+        assert.strictEqual(provisionSpy.mock.calls[0].arguments[0], "34.20.10.99");
+        assert.strictEqual(provisionSpy.mock.calls[0].arguments[1], "playbooks/nginx.yaml");
+    });
+    test("EC2 instance clones from custom baked template successfully", async () => {
+        const nginxHash = getFileHash("playbooks/nginx.yaml");
+        mockResponses["DescribeImagesCommand"] = (input) => {
+            if (input.Filters?.some((f) => f.Name === "name" && f.Values?.includes("my-golden-ami"))) {
+                return {
+                    Images: [
+                        {
+                            ImageId: "ami-custom777",
+                            State: "available",
+                            Tags: [
+                                { Key: "Name", Value: "my-golden-ami" },
+                                { Key: "puls-provision", Value: `nginx-yaml=${nginxHash}` },
+                            ],
+                        },
+                    ],
+                };
+            }
+            return { Images: [] };
+        };
+        let describeCount = 0;
+        mockResponses["DescribeInstancesCommand"] = () => {
+            describeCount++;
+            if (describeCount === 1)
+                return { Reservations: [] }; // VM doesn't exist initially
+            return {
+                Reservations: [
+                    {
+                        Instances: [
+                            {
+                                InstanceId: "i-prod123",
+                                State: { Name: "running" },
+                                PublicIpAddress: "34.200.5.5",
+                            }
+                        ]
+                    }
+                ]
+            };
+        };
+        mockResponses["RunInstancesCommand"] = {
+            Instances: [{ InstanceId: "i-prod123" }],
+        };
+        class AWSStack extends Stack {
+            amiTemplate = new EC2TemplateBuilder("my-golden-ami")
+                .provision("playbooks/nginx.yaml");
+            server = new EC2VMBuilder("prod-server-01")
+                .fromTemplate(this.amiTemplate)
+                .instanceType("t3.small");
+        }
+        const stack = new AWSStack();
+        stack.server.waitFor = async () => true;
+        stack.server.checkPort = async () => true;
+        const result = await stack.deploy();
+        // Verify Stack outputs
+        assert.strictEqual(result.amiTemplate.amiId, "ami-custom777");
+        assert.strictEqual(result.server.id, "i-prod123");
+        // Verify VM cloned from dynamic template AMI
+        const runInstanceCall = clientCalls.find(c => c.method === "RunInstancesCommand" && c.input?.ImageId === "ami-custom777");
+        assert.ok(runInstanceCall);
+        assert.strictEqual(runInstanceCall.input.InstanceType, "t3.small");
+    });
+});

package/dist/providers/do/api.d.ts

@@ -3,9 +3,11 @@ export declare class DoApiClient {
     private static readonly BASE;
     constructor(token: string);
     private get authHeaders();
+    private createDoOfflineMock;
+    private request;
     get<T>(path: string): Promise<T>;
     post<T>(path: string, body: unknown): Promise<T>;
     put<T>(path: string, body: unknown): Promise<T>;
-    delete(path: string): Promise<void>;
+    delete(path: string, body?: unknown): Promise<void>;
 }
 export declare function getDoApi(): DoApiClient;

package/dist/providers/do/api.js

@@ -1,4 +1,6 @@
 import { Config } from '../../core/config.js';
+import { withRetry } from '../../core/retry.js';
+import { resourceContextStorage } from '../../core/context.js';
 export class DoApiClient {
     token;
     static BASE = 'https://api.digitalocean.com/v2';
@@ -12,45 +14,142 @@ export class DoApiClient {
             'Accept-Encoding': 'identity'
         };
     }
+    createDoOfflineMock(method, path, body) {
+        if (path.includes("/droplets")) {
+            return {
+                droplet: {
+                    id: 1234567,
+                    name: body?.name ?? "mock-droplet",
+                    networks: {
+                        v4: [
+                            { ip_address: "159.203.12.34", type: "public" },
+                            { ip_address: "10.132.0.3", type: "private" }
+                        ]
+                    }
+                },
+                droplets: [
+                    {
+                        id: 1234567,
+                        name: body?.name ?? "mock-droplet",
+                        networks: {
+                            v4: [
+                                { ip_address: "159.203.12.34", type: "public" },
+                                { ip_address: "10.132.0.3", type: "private" }
+                            ]
+                        }
+                    }
+                ]
+            };
+        }
+        if (path.includes("/domains")) {
+            return { domain: { name: "mock-domain.com", ttl: 1800 } };
+        }
+        if (path.includes("/ssh_keys")) {
+            return { ssh_key: { id: 12345, name: "mock-key", public_key: "ssh-rsa mock" } };
+        }
+        return new Proxy({}, {
+            get(target, prop) {
+                if (prop === "then")
+                    return undefined;
+                if (prop === "id")
+                    return 123456;
+                if (prop === "name")
+                    return "mock-do-name";
+                if (prop === "status")
+                    return "active";
+                if (prop.endsWith("s"))
+                    return [];
+                return `mock-do-${prop.toLowerCase()}`;
+            }
+        });
+    }
+    async request(fn) {
+        return withRetry(fn, {
+            retryable: (err) => {
+                const match = err.message.match(/: (\d+)/);
+                const status = match ? parseInt(match[1], 10) : null;
+                return status === 429 || (status && status >= 500) || err.message.includes("ETIMEDOUT");
+            }
+        });
+    }
     async get(path) {
-        const res = await fetch(`${DoApiClient.BASE}${path}`, { headers: this.authHeaders });
-        if (!res.ok)
-            throw new Error(`DO API GET ${path}: ${res.status} ${await res.text()}`);
-        return res.json();
+        const context = resourceContextStorage.getStore();
+        const abortSignal = context?.abortSignal;
+        if (Config.isOfflineMode() || Config.isGlobalDryRun()) {
+            return Promise.resolve(this.createDoOfflineMock('GET', path));
+        }
+        return this.request(async () => {
+            const res = await fetch(`${DoApiClient.BASE}${path}`, {
+                headers: this.authHeaders,
+                ...(abortSignal && { signal: abortSignal })
+            });
+            if (!res.ok)
+                throw new Error(`DO API GET ${path}: ${res.status} ${await res.text()}`);
+            return res.json();
+        });
     }
     async post(path, body) {
-        const res = await fetch(`${DoApiClient.BASE}${path}`, {
-            method: 'POST',
-            headers: this.authHeaders,
-            body: JSON.stringify(body),
+        const context = resourceContextStorage.getStore();
+        const abortSignal = context?.abortSignal;
+        if (Config.isOfflineMode() || Config.isGlobalDryRun()) {
+            return Promise.resolve(this.createDoOfflineMock('POST', path, body));
+        }
+        return this.request(async () => {
+            const res = await fetch(`${DoApiClient.BASE}${path}`, {
+                method: 'POST',
+                headers: this.authHeaders,
+                body: JSON.stringify(body),
+                ...(abortSignal && { signal: abortSignal })
+            });
+            if (!res.ok)
+                throw new Error(`DO API POST ${path}: ${res.status} ${await res.text()}`);
+            return res.json();
         });
-        if (!res.ok)
-            throw new Error(`DO API POST ${path}: ${res.status} ${await res.text()}`);
-        return res.json();
     }
     async put(path, body) {
-        const res = await fetch(`${DoApiClient.BASE}${path}`, {
-            method: 'PUT',
-            headers: this.authHeaders,
-            body: JSON.stringify(body),
-        });
-        if (!res.ok)
-            throw new Error(`DO API PUT ${path}: ${res.status} ${await res.text()}`);
-        return res.json();
-    }
-    async delete(path) {
-        const res = await fetch(`${DoApiClient.BASE}${path}`, {
-            method: 'DELETE',
-            headers: this.authHeaders,
+        const context = resourceContextStorage.getStore();
+        const abortSignal = context?.abortSignal;
+        if (Config.isOfflineMode() || Config.isGlobalDryRun()) {
+            return Promise.resolve(this.createDoOfflineMock('PUT', path, body));
+        }
+        return this.request(async () => {
+            const res = await fetch(`${DoApiClient.BASE}${path}`, {
+                method: 'PUT',
+                headers: this.authHeaders,
+                body: JSON.stringify(body),
+                ...(abortSignal && { signal: abortSignal })
+            });
+            if (!res.ok)
+                throw new Error(`DO API PUT ${path}: ${res.status} ${await res.text()}`);
+            return res.json();
         });
-        if (!res.ok && res.status !== 404) {
-            throw new Error(`DO API DELETE ${path}: ${res.status} ${await res.text()}`);
+    }
+    async delete(path, body) {
+        const context = resourceContextStorage.getStore();
+        const abortSignal = context?.abortSignal;
+        if (Config.isOfflineMode() || Config.isGlobalDryRun()) {
+            return Promise.resolve();
         }
+        return this.request(async () => {
+            const res = await fetch(`${DoApiClient.BASE}${path}`, {
+                method: 'DELETE',
+                headers: this.authHeaders,
+                ...(body !== undefined && { body: JSON.stringify(body) }),
+                ...(abortSignal && { signal: abortSignal })
+            });
+            if (!res.ok && res.status !== 404) {
+                throw new Error(`DO API DELETE ${path}: ${res.status} ${await res.text()}`);
+            }
+        });
     }
 }
 export function getDoApi() {
     const token = Config.get().providers.do?.token;
-    if (!token)
+    if (!token) {
+        if (Config.isOfflineMode() || Config.isGlobalDryRun()) {
+            return new DoApiClient("mock-do-token");
+        }
         throw new Error('DO token not configured. Call DO.init({ token: "..." })');
+    }
     return new DoApiClient(token);
 }

package/dist/providers/do/app.d.ts

@@ -0,0 +1,26 @@
+import { BaseBuilder } from "../../core/resource.js";
+import { Output } from "../../core/output.js";
+export declare class AppPlatformBuilder extends BaseBuilder {
+    readonly out: {
+        id: Output<string>;
+        liveUrl: Output<string>;
+    };
+    private _spec;
+    constructor(appName: string);
+    spec(jsonSpec: any): this;
+    private discoverApp;
+    deploy(): Promise<{
+        name: string;
+        id: any;
+        liveUrl: any;
+    } | {
+        name: string;
+        id: string;
+        liveUrl?: undefined;
+    }>;
+    destroy(): Promise<{
+        destroyed: boolean;
+    } | {
+        destroyed: string;
+    }>;
+}