puls-dev 0.3.3 → 0.3.5

package/dist/providers/do/droplet.js

@@ -24,6 +24,7 @@ export class DropletBuilder extends BaseBuilder {
     dropletId;
     resolvedIp;
     sshKeyPath;
+    _sshUser;
     _provision = [];
     _forceConfigCheck = false;
     constructor(name) {
@@ -70,10 +71,24 @@ export class DropletBuilder extends BaseBuilder {
         this.config.size = size;
         return this;
     }
-    sslKey(keyPath) {
+    sshKey(keyPath) {
         this.sshKeyPath = keyPath.replace('~', homedir());
         return this;
     }
+    /** @deprecated Use `.sshKey()` instead */
+    sslKey(keyPath) {
+        return this.sshKey(keyPath);
+    }
+    sshUser(user) {
+        this._sshUser = user;
+        return this;
+    }
+    resolveUser() {
+        return (this._sshUser ??
+            process.env.DO_SSH_USER ??
+            Config.get().providers.do?.sshUser ??
+            "root");
+    }
     vpc(uuid) {
         this.config.vpc_uuid = uuid;
         return this;
@@ -86,12 +101,22 @@ export class DropletBuilder extends BaseBuilder {
         this._forceConfigCheck = true;
         return this;
     }
+    getDiff(existing) {
+        const diffs = [];
+        if (existing.size_slug !== this.config.size) {
+            diffs.push({ field: "size", declared: this.config.size, live: existing.size_slug });
+        }
+        if (existing.region?.slug !== this.config.region) {
+            diffs.push({ field: "region", declared: this.config.region, live: existing.region?.slug });
+        }
+        return diffs;
+    }
     async checkPort(ip, port) {
         return checkPort(ip, port);
     }
     async runProvisioner(ip, script) {
         const keyPath = this.sshKeyPath ? this.sshKeyPath : undefined;
-        return runProvisioner(ip, "root", keyPath, script);
+        return runProvisioner(ip, this.resolveUser(), keyPath, script);
     }
     async resolveOrRegisterSshKey(api) {
         const pubPath = this.sshKeyPath.replace(/\.pub$/, '') + '.pub';
@@ -258,7 +283,7 @@ export class DropletBuilder extends BaseBuilder {
                 context.hosts.push({
                     name: this.name,
                     ip: activeIp,
-                    user: "root",
+                    user: this.resolveUser(),
                     sshKey: this.sshKeyPath,
                     provider: "do"
                 });

package/dist/providers/do/droplet.test.js

@@ -106,7 +106,7 @@ describe('DropletBuilder Unit Tests', () => {
         builder
             .region('nyc3')
             .size('s-1vcpu-1gb')
-            .sslKey('~/.ssh/id_rsa.pub');
+            .sshKey('~/.ssh/id_rsa.pub');
         const result = await builder.deploy();
         assert.ok(result);
         assert.strictEqual(result.region, 'nyc3');

package/dist/providers/do/list.js

@@ -20,11 +20,14 @@ function priceForSlug(slug) {
 }
 export async function listDoResources() {
     const api = getDoApi();
-    const [dropletsData, firewallsData, lbData, domainsData] = await Promise.all([
+    const [dropletsData, firewallsData, lbData, domainsData, dbData, appsData, vpcsData] = await Promise.all([
         api.get('/droplets?per_page=200'),
         api.get('/firewalls?per_page=200'),
         api.get('/load_balancers?per_page=200'),
         api.get('/domains?per_page=200'),
+        api.get('/databases?per_page=200'),
+        api.get('/apps?per_page=200'),
+        api.get('/vpcs?per_page=200'),
     ]);
     const droplets = dropletsData.droplets.map((d) => {
         const pub = (d.networks?.v4 ?? []).find((n) => n.type === 'public');
@@ -54,6 +57,26 @@ export async function listDoResources() {
         name: d.name,
         ttl: d.ttl,
     }));
+    const databases = (dbData.databases ?? []).map((d) => ({
+        id: d.id,
+        name: d.name,
+        engine: `${d.engine} ${d.version ?? ''}`.trim(),
+        region: d.region ?? '',
+        status: d.status ?? '',
+        nodeCount: d.num_nodes ?? 1,
+    }));
+    const apps = (appsData.apps ?? []).map((a) => ({
+        id: a.id,
+        name: a.spec?.name ?? a.id,
+        liveUrl: a.live_url ?? '',
+        status: a.active_deployment?.phase ?? 'unknown',
+    }));
+    const vpcs = (vpcsData.vpcs ?? []).map((v) => ({
+        id: v.id,
+        name: v.name,
+        region: v.region ?? '',
+        ipRange: v.ip_range ?? '',
+    }));
     const totalMonthlyCost = droplets.reduce((sum, d) => sum + d.monthlyCost, 0);
-    return { droplets, firewalls, loadBalancers, domains, totalMonthlyCost };
+    return { droplets, firewalls, loadBalancers, domains, databases, apps, vpcs, totalMonthlyCost };
 }

package/dist/providers/do/load_balancer.d.ts

@@ -41,6 +41,11 @@ export declare class LoadBalancerBuilder extends BaseBuilder {
     stickySession(type: 'cookies' | 'none', cookieName?: string, cookieTtlSeconds?: number): this;
     private resolveDropletIds;
     private resolveCertificateId;
+    getDiff(existing: any): {
+        field: string;
+        declared: string;
+        live: any;
+    }[];
     deploy(): Promise<any>;
     destroy(): Promise<any>;
 }

package/dist/providers/do/load_balancer.js

@@ -96,6 +96,13 @@ export class LoadBalancerBuilder extends BaseBuilder {
         }
         return match.id;
     }
+    getDiff(existing) {
+        const diffs = [];
+        if (existing.region?.slug !== this._region) {
+            diffs.push({ field: "region", declared: this._region, live: existing.region?.slug });
+        }
+        return diffs;
+    }
     async deploy() {
         const dryRun = this.isDryRunActive();
         const existing = await this.discoveryPromise;

package/dist/providers/do/vpc.d.ts

@@ -12,6 +12,11 @@ export declare class VPCBuilder extends BaseBuilder {
     region(r: string): this;
     ipRange(cidr: string): this;
     description(text: string): this;
+    getDiff(existing: any): {
+        field: string;
+        declared: string;
+        live: any;
+    }[];
     private discoverVpc;
     deploy(): Promise<{
         name: string;

package/dist/providers/do/vpc.js

@@ -26,6 +26,14 @@ export class VPCBuilder extends BaseBuilder {
         this._description = text;
         return this;
     }
+    getDiff(existing) {
+        const diffs = [];
+        // region and ip_range are immutable after creation
+        if (this._description !== undefined && existing.description !== this._description) {
+            diffs.push({ field: "description", declared: this._description, live: existing.description });
+        }
+        return diffs;
+    }
     async discoverVpc(name) {
         try {
             const api = getDoApi();

package/dist/providers/firebase/functions.d.ts

@@ -29,6 +29,15 @@ export declare class FirebaseFunctionsBuilder extends BaseBuilder {
     maxInstances(n: number): this;
     minInstances(n: number): this;
     env(vars: Record<string, string>): this;
+    getDiff(existing: any): ({
+        field: string;
+        declared: string;
+        live: any;
+    } | {
+        field: string;
+        declared: number;
+        live: any;
+    })[];
     private fnPath;
     private getExisting;
     private zipSource;

package/dist/providers/firebase/functions.js

@@ -79,6 +79,34 @@ export class FirebaseFunctionsBuilder extends BaseBuilder {
         this._env = vars;
         return this;
     }
+    getDiff(existing) {
+        const diffs = [];
+        const liveRuntime = existing.buildConfig?.runtime;
+        if (liveRuntime !== undefined && liveRuntime !== this._runtime) {
+            diffs.push({ field: "runtime", declared: this._runtime, live: liveRuntime });
+        }
+        const liveEntryPoint = existing.buildConfig?.entryPoint;
+        if (liveEntryPoint !== undefined && liveEntryPoint !== this._entryPoint) {
+            diffs.push({ field: "entryPoint", declared: this._entryPoint, live: liveEntryPoint });
+        }
+        const liveMemory = existing.serviceConfig?.availableMemory;
+        if (liveMemory !== undefined && liveMemory !== this._memory) {
+            diffs.push({ field: "memory", declared: this._memory, live: liveMemory });
+        }
+        const liveTimeout = existing.serviceConfig?.timeoutSeconds;
+        if (liveTimeout !== undefined && liveTimeout !== this._timeout) {
+            diffs.push({ field: "timeout", declared: `${this._timeout}s`, live: `${liveTimeout}s` });
+        }
+        const liveMax = existing.serviceConfig?.maxInstanceCount;
+        if (liveMax !== undefined && liveMax !== this._maxInstances) {
+            diffs.push({ field: "maxInstances", declared: this._maxInstances, live: liveMax });
+        }
+        const liveMin = existing.serviceConfig?.minInstanceCount ?? 0;
+        if (liveMin !== this._minInstances) {
+            diffs.push({ field: "minInstances", declared: this._minInstances, live: liveMin });
+        }
+        return diffs;
+    }
     fnPath() {
         return `/projects/${getProjectId()}/locations/${this._region}/functions/${this.name}`;
     }

package/dist/providers/firebase/list.js

@@ -1,9 +1,13 @@
 import { getProjectId, hostingFetch, cloudFetch } from "./api.js";
 export async function listFirebaseResources() {
     const project = getProjectId();
-    const [hostRes, fnRes] = await Promise.all([
+    const [hostRes, fnRes, firestoreRes, storageRes, authRes, rcRes] = await Promise.all([
         hostingFetch(`/projects/${project}/sites`).catch(() => ({})),
         cloudFetch("https://cloudfunctions.googleapis.com/v2", `/projects/${project}/locations/-/functions`).catch(() => ({})),
+        cloudFetch("https://firestore.googleapis.com/v1", `/projects/${project}/databases`).catch(() => ({})),
+        cloudFetch("https://storage.googleapis.com/storage/v1", `/b?project=${project}`).catch(() => ({})),
+        cloudFetch("https://identitytoolkit.googleapis.com/admin/v2", `/projects/${project}/config`).catch(() => ({})),
+        cloudFetch("https://firebaseremoteconfig.googleapis.com/v1", `/projects/${project}/remoteConfig`).catch(() => ({})),
     ]);
     // 1. Map Hosting Sites
     const hostingSites = (hostRes.sites ?? []).map((s) => ({
@@ -21,5 +25,33 @@ export async function listFirebaseResources() {
             runtime: f.buildConfig?.runtime ?? "unknown",
         };
     });
-    return { hostingSites, functions };
+    // 3. Map Firestore Databases
+    const firestoreDbs = (firestoreRes.databases ?? []).map((d) => ({
+        name: d.name.split("/").pop() ?? d.name,
+        type: d.type ?? "FIRESTORE_NATIVE",
+        state: d.state ?? "unknown",
+    }));
+    // 4. Map Storage Buckets (filter to project-owned buckets)
+    const storageBuckets = (storageRes.items ?? [])
+        .filter((b) => b.name?.includes(project))
+        .map((b) => ({
+        name: b.name,
+        location: b.location ?? "unknown",
+    }));
+    // 5. Map Auth Sign-in Providers from Identity Toolkit config
+    const signIn = authRes.signIn ?? {};
+    const authProviders = [
+        ...(signIn.email?.enabled ? [{ providerId: "email/password" }] : []),
+        ...(signIn.phoneNumber?.enabled ? [{ providerId: "phone" }] : []),
+        ...(signIn.anonymous?.enabled ? [{ providerId: "anonymous" }] : []),
+    ];
+    // 6. Map RemoteConfig
+    let remoteConfig;
+    if (rcRes.parameters !== undefined || rcRes.version) {
+        remoteConfig = {
+            parameterCount: Object.keys(rcRes.parameters ?? {}).length,
+            version: rcRes.version?.versionNumber ?? "unknown",
+        };
+    }
+    return { hostingSites, functions, firestoreDbs, storageBuckets, authProviders, remoteConfig };
 }

package/dist/providers/gcp/api.js

@@ -113,6 +113,12 @@ function createGcpOfflineMock(base, path, opts) {
         };
     }
     if (path.includes("/instances")) {
+        // Specific instance GET (discovery path: /instances/{name}) - return not-found so
+        // builders plan creation rather than treating the mock VM as already existing
+        const afterInstances = path.split("/instances")[1] ?? "";
+        if (afterInstances.startsWith("/") && afterInstances.length > 1) {
+            throw new Error(`GCP API GET ${path} → 404: Not Found`);
+        }
         return {
             status: "RUNNING",
             id: "mock-gcp-instance-id",

package/dist/providers/gcp/cloudrun.d.ts

@@ -20,6 +20,19 @@ export declare class GCPCloudRunBuilder extends BaseBuilder {
     env(vars: Record<string, string | GCPSecretBuilder>): this;
     region(reg: string): this;
     public(enabled?: boolean): this;
+    getDiff(existing: any): ({
+        field: string;
+        declared: string | undefined;
+        live: any;
+    } | {
+        field: string;
+        declared: number;
+        live: any;
+    } | {
+        field: string;
+        declared: boolean;
+        live: boolean;
+    })[];
     private discoverService;
     deploy(): Promise<{
         serviceId: string;

package/dist/providers/gcp/cloudrun.js

@@ -60,6 +60,36 @@ export class GCPCloudRunBuilder extends BaseBuilder {
         this._public = enabled;
         return this;
     }
+    getDiff(existing) {
+        const diffs = [];
+        const container = existing.template?.containers?.[0];
+        const scaling = existing.template?.scaling ?? {};
+        const targetIngress = this._public ? "INGRESS_TRAFFIC_ALL" : "INGRESS_TRAFFIC_INTERNAL_ONLY";
+        if (container?.image !== this._image) {
+            diffs.push({ field: "image", declared: this._image, live: container?.image });
+        }
+        if (container?.ports?.[0]?.containerPort !== this._port) {
+            diffs.push({ field: "port", declared: this._port, live: container?.ports?.[0]?.containerPort });
+        }
+        if (container?.resources?.limits?.cpu !== formatCpu(this._cpu)) {
+            diffs.push({ field: "cpu", declared: formatCpu(this._cpu), live: container?.resources?.limits?.cpu });
+        }
+        if (container?.resources?.limits?.memory !== formatMemory(this._memory)) {
+            diffs.push({ field: "memory", declared: formatMemory(this._memory), live: container?.resources?.limits?.memory });
+        }
+        const minDeclared = this._minInstances ?? 0;
+        const maxDeclared = this._maxInstances ?? 100;
+        if ((scaling.minInstanceCount ?? 0) !== minDeclared) {
+            diffs.push({ field: "minInstances", declared: minDeclared, live: scaling.minInstanceCount ?? 0 });
+        }
+        if ((scaling.maxInstanceCount ?? 100) !== maxDeclared) {
+            diffs.push({ field: "maxInstances", declared: maxDeclared, live: scaling.maxInstanceCount ?? 100 });
+        }
+        if (existing.ingress !== targetIngress) {
+            diffs.push({ field: "public", declared: this._public, live: existing.ingress === "INGRESS_TRAFFIC_ALL" });
+        }
+        return diffs;
+    }
     async discoverService() {
         try {
             const project = getProjectId();

package/dist/providers/gcp/cloudsql.d.ts

@@ -23,6 +23,15 @@ export declare class GCPCloudSQLBuilder extends BaseBuilder {
     database(name: string): this;
     publicAccess(enabled?: boolean): this;
     region(reg: string): this;
+    getDiff(existing: any): ({
+        field: string;
+        declared: string;
+        live: any;
+    } | {
+        field: string;
+        declared: boolean;
+        live: boolean;
+    })[];
     private discoverInstance;
     private waitForOperation;
     deploy(): Promise<{

package/dist/providers/gcp/cloudsql.js

@@ -64,6 +64,26 @@ export class GCPCloudSQLBuilder extends BaseBuilder {
         this.discoveryPromise = this.discoverInstance();
         return this;
     }
+    getDiff(existing) {
+        const diffs = [];
+        const declaredDbVersion = `${this._engine.toUpperCase()}_${this._engineVersion}`;
+        if (existing.databaseVersion !== declaredDbVersion) {
+            diffs.push({ field: "databaseVersion", declared: declaredDbVersion, live: existing.databaseVersion });
+        }
+        const liveTier = existing.settings?.tier;
+        if (liveTier !== undefined && liveTier !== this._tier) {
+            diffs.push({ field: "tier", declared: this._tier, live: liveTier });
+        }
+        const liveDiskSize = existing.settings?.dataDiskSizeGb;
+        if (liveDiskSize !== undefined && Number(liveDiskSize) !== this._storage) {
+            diffs.push({ field: "storage", declared: `${this._storage} GB`, live: `${liveDiskSize} GB` });
+        }
+        const isPublic = (existing.settings?.ipConfiguration?.authorizedNetworks ?? []).length > 0;
+        if (isPublic !== this._publicAccess) {
+            diffs.push({ field: "publicAccess", declared: this._publicAccess, live: isPublic });
+        }
+        return diffs;
+    }
     async discoverInstance() {
         try {
             const project = getProjectId();

package/dist/providers/gcp/list.js

@@ -1,11 +1,13 @@
 import { gcpFetch, getProjectId } from "./api.js";
 export async function listGcpResources() {
     const project = getProjectId();
-    const [vmRes, sqlRes, runRes, dnsRes] = await Promise.all([
+    const [vmRes, sqlRes, runRes, dnsRes, pubsubRes, secretsRes] = await Promise.all([
         gcpFetch("https://compute.googleapis.com", `/compute/v1/projects/${project}/aggregated/instances`).catch(() => ({})),
         gcpFetch("https://sqladmin.googleapis.com", `/v1/projects/${project}/instances`).catch(() => ({})),
         gcpFetch("https://run.googleapis.com", `/v2/projects/${project}/locations/-/services`).catch(() => ({})),
         gcpFetch("https://dns.googleapis.com", `/dns/v1/projects/${project}/managedZones`).catch(() => ({})),
+        gcpFetch("https://pubsub.googleapis.com", `/v1/projects/${project}/topics`).catch(() => ({})),
+        gcpFetch("https://secretmanager.googleapis.com", `/v1/projects/${project}/secrets`).catch(() => ({})),
     ]);
     // 1. Map VM Instances
     const vms = [];
@@ -51,5 +53,13 @@ export async function listGcpResources() {
         name: z.name,
         dnsName: z.dnsName ?? "",
     }));
-    return { vms, rdsInstances, distributions, hostedZones };
+    // 5. Map Pub/Sub Topics
+    const pubSubTopics = (pubsubRes.topics ?? []).map((t) => ({
+        name: t.name.split("/").pop() ?? t.name,
+    }));
+    // 6. Map Secret Manager Secrets
+    const secrets = (secretsRes.secrets ?? []).map((s) => ({
+        name: s.name.split("/").pop() ?? s.name,
+    }));
+    return { vms, rdsInstances, distributions, hostedZones, pubSubTopics, secrets };
 }

package/dist/providers/gcp/template.d.ts

@@ -9,6 +9,7 @@ export declare class GCPTemplateBuilder extends BaseBuilder {
     private _zone;
     private _network;
     private _sshKeys;
+    private _sshUser?;
     private _provision;
     constructor(name: string);
     baseImage(img: string): this;
@@ -16,6 +17,8 @@ export declare class GCPTemplateBuilder extends BaseBuilder {
     zone(z: string): this;
     network(netPath: string): this;
     sshKey(keys: string | string[]): this;
+    sshUser(user: string): this;
+    private resolveUser;
     provision(...playbookPaths: (string | string[])[]): this;
     private discoverImage;
     protected checkPort(ip: string, port: number): Promise<boolean>;

package/dist/providers/gcp/template.js

@@ -1,6 +1,7 @@
 import fs from "node:fs";
 import { homedir } from "node:os";
 import { BaseBuilder } from "../../core/resource.js";
+import { Config } from "../../core/config.js";
 import { Output } from "../../core/output.js";
 import { gcpFetch, getProjectId } from "./api.js";
 import { checkPort, runProvisioner } from "../../core/provisioner.js";
@@ -15,6 +16,7 @@ export class GCPTemplateBuilder extends BaseBuilder {
     _zone = "us-central1-a";
     _network = "global/networks/default";
     _sshKeys = [];
+    _sshUser;
     _provision = [];
     constructor(name) {
         super(name);
@@ -41,6 +43,16 @@ export class GCPTemplateBuilder extends BaseBuilder {
         this._sshKeys = keys;
         return this;
     }
+    sshUser(user) {
+        this._sshUser = user;
+        return this;
+    }
+    resolveUser() {
+        return (this._sshUser ??
+            process.env.GCP_SSH_USER ??
+            Config.get().providers.gcp?.sshUser ??
+            "root");
+    }
     provision(...playbookPaths) {
         this._provision.push(...playbookPaths.flat());
         return this;
@@ -66,7 +78,7 @@ export class GCPTemplateBuilder extends BaseBuilder {
     async runProvisioner(ip, script) {
         const keysArray = Array.isArray(this._sshKeys) ? this._sshKeys : [this._sshKeys];
         const keyPath = keysArray.find(k => !k.startsWith('ssh-') && !k.startsWith('ecdsa-') && !k.startsWith('sk-'));
-        return runProvisioner(ip, "root", keyPath, script);
+        return runProvisioner(ip, this.resolveUser(), keyPath, script);
     }
     async deploy() {
         const dryRun = this.isDryRunActive();

package/dist/providers/gcp/vm.d.ts

@@ -12,6 +12,7 @@ export declare class GCPVMBuilder extends BaseBuilder {
     private _zone;
     private _network;
     private _sshKeys;
+    private _sshUser?;
     private _provision;
     private _forceConfigCheck;
     private resolvedInstanceId?;
@@ -23,8 +24,15 @@ export declare class GCPVMBuilder extends BaseBuilder {
     zone(z: string): this;
     network(netPath: string): this;
     sshKey(keys: string | string[]): this;
+    sshUser(user: string): this;
+    private resolveUser;
     provision(...playbookPaths: (string | string[])[]): this;
     forceConfigCheck(): this;
+    getDiff(existing: any): {
+        field: string;
+        declared: string;
+        live: any;
+    }[];
     protected checkPort(ip: string, port: number): Promise<boolean>;
     protected runProvisioner(ip: string, script: string): Promise<void>;
     private discoverVM;

package/dist/providers/gcp/vm.js

@@ -1,6 +1,7 @@
 import fs from "node:fs";
 import { homedir } from "node:os";
 import { BaseBuilder } from "../../core/resource.js";
+import { Config } from "../../core/config.js";
 import { Output } from "../../core/output.js";
 import { gcpFetch, getProjectId } from "./api.js";
 import { checkPort, runProvisioner } from "../../core/provisioner.js";
@@ -17,6 +18,7 @@ export class GCPVMBuilder extends BaseBuilder {
     _zone = "us-central1-a";
     _network = "global/networks/default";
     _sshKeys = [];
+    _sshUser;
     _provision = [];
     _forceConfigCheck = false;
     resolvedInstanceId;
@@ -51,6 +53,16 @@ export class GCPVMBuilder extends BaseBuilder {
         this._sshKeys = keys;
         return this;
     }
+    sshUser(user) {
+        this._sshUser = user;
+        return this;
+    }
+    resolveUser() {
+        return (this._sshUser ??
+            process.env.GCP_SSH_USER ??
+            Config.get().providers.gcp?.sshUser ??
+            "root");
+    }
     provision(...playbookPaths) {
         this._provision.push(...playbookPaths.flat());
         return this;
@@ -59,6 +71,14 @@ export class GCPVMBuilder extends BaseBuilder {
         this._forceConfigCheck = true;
         return this;
     }
+    getDiff(existing) {
+        const diffs = [];
+        const liveMachineType = existing.machineType?.split("/").pop();
+        if (liveMachineType !== undefined && liveMachineType !== this._machineType) {
+            diffs.push({ field: "machineType", declared: this._machineType, live: liveMachineType });
+        }
+        return diffs;
+    }
     async checkPort(ip, port) {
         return checkPort(ip, port);
     }
@@ -68,7 +88,7 @@ export class GCPVMBuilder extends BaseBuilder {
         if (!keyPath) {
             throw new Error(`[GCP VM:${this.name}] No SSH private key path found. Pass a file path via .sshKey() to run provisioning.`);
         }
-        return runProvisioner(ip, "root", keyPath, script);
+        return runProvisioner(ip, this.resolveUser(), keyPath, script);
     }
     async discoverVM() {
         try {
@@ -298,7 +318,7 @@ export class GCPVMBuilder extends BaseBuilder {
                 context.hosts.push({
                     name: this.name,
                     ip: activeIp,
-                    user: "root",
+                    user: this.resolveUser(),
                     sshKey: keyPath,
                     provider: "gcp"
                 });

package/dist/providers/proxmox/api.d.ts

@@ -10,4 +10,5 @@ export declare class ProxmoxApiClient {
     put<T>(path: string, body?: unknown): Promise<T>;
     delete(path: string): Promise<void>;
 }
+export declare function withVmidAllocation<T>(fn: () => Promise<T>): Promise<T>;
 export declare function getPMClient(): ProxmoxApiClient;

package/dist/providers/proxmox/api.js

@@ -75,9 +75,10 @@ export class ProxmoxApiClient {
             return json.data ?? null;
         }, {
             retryable: (err) => {
-                const match = err.message.match(/: (\d+)/);
+                // Match the 3-digit HTTP status that appears after ": " at the end of the path segment
+                const match = err.message.match(/:\s(\d{3})(?:\s|$)/);
                 const status = match ? parseInt(match[1], 10) : null;
-                return status === 429 || (status && status >= 500) || err.message.includes("ETIMEDOUT");
+                return status === 429 || (status !== null && status >= 500) || err.message.includes("ETIMEDOUT");
             }
         });
     }
@@ -94,11 +95,25 @@ export class ProxmoxApiClient {
         await this.request("DELETE", path);
     }
 }
+let _vmidLock = Promise.resolve();
+export async function withVmidAllocation(fn) {
+    let release;
+    const acquired = new Promise(r => { release = r; });
+    const prev = _vmidLock;
+    _vmidLock = prev.then(() => acquired);
+    await prev;
+    try {
+        return await fn();
+    }
+    finally {
+        release();
+    }
+}
 export function getPMClient() {
     const cfg = Config.get().providers.proxmox;
     if (!cfg?.url || !cfg?.user || !cfg?.tokenName || !cfg?.tokenSecret) {
         if (Config.isOfflineMode() || Config.isGlobalDryRun()) {
-            return new ProxmoxApiClient("https://10.8.4.39:8006", "mock-user@pve", "mock-token-name", "mock-token-secret", false);
+            return new ProxmoxApiClient("https://proxmox.invalid:8006", "mock-user@pve", "mock-token-name", "mock-token-secret", false);
         }
         throw new Error("Proxmox not configured. Set proxmox: { url, user, tokenName, tokenSecret } in @Deploy");
     }

package/dist/providers/proxmox/base.d.ts

@@ -0,0 +1,16 @@
+import { BaseBuilder } from "../../core/resource.js";
+import type { ProxmoxApiClient } from "./api.js";
+export declare abstract class ProxmoxBaseBuilder extends BaseBuilder {
+    protected _sshKeys?: string | string[];
+    protected _sshUser?: string;
+    sshKey(keys: string | readonly string[]): this;
+    sshUser(user: string): this;
+    protected resolveUser(): string;
+    protected selectBestNode(pm: ProxmoxApiClient): Promise<string | undefined>;
+    protected waitForTask(node: string, upid: string, pm: ProxmoxApiClient): Promise<void>;
+    protected resolvePublicKeys(): string[];
+    protected sshKeyPath(): string;
+    protected checkCloudInit(ip: string): Promise<boolean>;
+    protected checkPort(ip: string, port: number): Promise<boolean>;
+    protected runProvisioner(ip: string, script: string): Promise<void>;
+}