thevoidforge 21.0.0

package/dist/wizard/lib/financial-vault.js

@@ -0,0 +1,199 @@
+/**
+ * Financial Vault — Separate encrypted storage for ad platform and bank credentials.
+ *
+ * Key differences from the infrastructure vault (vault.ts):
+ * - Stored at ~/.voidforge/treasury/vault.enc (not ~/.voidforge/vault.enc)
+ * - Uses scrypt key derivation (memory-hard, unlike PBKDF2 in the infra vault)
+ *   Note: PRD specifies Argon2id but Node.js has no built-in Argon2id.
+ *   scrypt is the closest built-in memory-hard KDF. Zero-dependency constraint wins.
+ * - Separate password from the infrastructure vault
+ * - TOTP 2FA required for write operations (see totp.ts)
+ *
+ * PRD Reference: §9.11 (Financial Security), ADR-4 (TOTP storage), §9.18 (macOS fsync)
+ *
+ * Threat model: compromise of the infrastructure vault should NOT automatically
+ * compromise the financial vault. Different password, different file, different KDF.
+ */
+import { createCipheriv, createDecipheriv, scrypt, randomBytes, timingSafeEqual } from 'node:crypto';
+import { readFile, mkdir, open, rename } from 'node:fs/promises';
+import { join } from 'node:path';
+import { existsSync } from 'node:fs';
+import { homedir, platform } from 'node:os';
+const TREASURY_DIR = join(homedir(), '.voidforge', 'treasury');
+const VAULT_PATH = join(TREASURY_DIR, 'vault.enc');
+const ALGORITHM = 'aes-256-gcm';
+const KEY_LENGTH = 32;
+const IV_LENGTH = 16;
+const SALT_LENGTH = 32;
+const AUTH_TAG_LENGTH = 16;
+const MAX_PASSWORD_LENGTH = 256;
+// scrypt parameters — memory-hard to resist brute force
+// N=2^17 (131072), r=8, p=1 — ~128MB memory, ~1s on modern hardware
+const SCRYPT_N = 131072;
+const SCRYPT_R = 8;
+const SCRYPT_P = 1;
+/** In-memory cache — zeroed on lock or vault timeout */
+let sessionCache = null;
+/** Write queue to serialize vault operations */
+let writeQueue = Promise.resolve();
+function serialized(fn) {
+    const result = writeQueue.then(fn, () => fn());
+    writeQueue = result.then(() => { }, () => { });
+    return result;
+}
+async function deriveKey(password, salt) {
+    const capped = password.slice(0, MAX_PASSWORD_LENGTH);
+    return new Promise((resolve, reject) => {
+        scrypt(capped, salt, KEY_LENGTH, { N: SCRYPT_N, r: SCRYPT_R, p: SCRYPT_P }, (err, key) => {
+            if (err)
+                reject(err);
+            else
+                resolve(key);
+        });
+    });
+}
+async function encrypt(plaintext, password) {
+    const salt = randomBytes(SALT_LENGTH);
+    const iv = randomBytes(IV_LENGTH);
+    const key = await deriveKey(password, salt);
+    const cipher = createCipheriv(ALGORITHM, key, iv);
+    const encrypted = Buffer.concat([cipher.update(plaintext, 'utf-8'), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+    // Format: salt (32) + iv (16) + authTag (16) + ciphertext
+    return Buffer.concat([salt, iv, authTag, encrypted]);
+}
+async function decrypt(data, password) {
+    if (data.length < SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH + 1) {
+        throw new Error('Financial vault data is corrupted or empty');
+    }
+    const salt = data.subarray(0, SALT_LENGTH);
+    const iv = data.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);
+    const authTag = data.subarray(SALT_LENGTH + IV_LENGTH, SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH);
+    const ciphertext = data.subarray(SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH);
+    const key = await deriveKey(password, salt);
+    const decipher = createDecipheriv(ALGORITHM, key, iv);
+    decipher.setAuthTag(authTag);
+    const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+    return decrypted.toString('utf-8');
+}
+async function readVault(password) {
+    if (sessionCache) {
+        const a = Buffer.from(sessionCache.password, 'utf-8');
+        const b = Buffer.from(password, 'utf-8');
+        if (a.length === b.length && timingSafeEqual(a, b)) {
+            return { ...sessionCache.data }; // Return copy to prevent mutation
+        }
+    }
+    if (!existsSync(VAULT_PATH)) {
+        return {};
+    }
+    const raw = await readFile(VAULT_PATH);
+    const json = await decrypt(raw, password);
+    const data = JSON.parse(json);
+    sessionCache = { password, data };
+    return { ...data };
+}
+async function writeVault(password, data) {
+    await mkdir(TREASURY_DIR, { recursive: true });
+    const json = JSON.stringify(data);
+    const encrypted = await encrypt(json, password);
+    // Atomic write: temp → fsync → rename (per ADR-1)
+    const tmpPath = VAULT_PATH + '.tmp.' + process.pid;
+    const fh = await open(tmpPath, 'w', 0o600);
+    try {
+        await fh.writeFile(encrypted);
+        // macOS: fsync() doesn't guarantee physical durability (§9.18)
+        // F_FULLFSYNC (fcntl flag 51) is required for financial files
+        // Node.js datasync is the closest built-in; document the gap
+        if (platform() === 'darwin') {
+            await fh.datasync();
+        }
+        else {
+            await fh.sync();
+        }
+    }
+    finally {
+        await fh.close();
+    }
+    await rename(tmpPath, VAULT_PATH);
+    sessionCache = { password, data: { ...data } };
+}
+// ── Public API ────────────────────────────────────────
+const MIN_PASSWORD_LENGTH = 12;
+function validatePassword(password) {
+    if (password.length < MIN_PASSWORD_LENGTH) {
+        throw new Error(`Financial vault password must be at least ${MIN_PASSWORD_LENGTH} characters`);
+    }
+}
+/** Store a financial credential */
+export function financialVaultSet(password, key, value) {
+    validatePassword(password);
+    return serialized(async () => {
+        const data = await readVault(password);
+        data[key] = value;
+        await writeVault(password, data);
+    });
+}
+/** Retrieve a financial credential */
+export function financialVaultGet(password, key) {
+    return serialized(async () => {
+        const data = await readVault(password);
+        return data[key] ?? null;
+    });
+}
+/** Delete a financial credential */
+export function financialVaultDelete(password, key) {
+    return serialized(async () => {
+        const data = await readVault(password);
+        delete data[key];
+        await writeVault(password, data);
+    });
+}
+/** Check if the financial vault exists */
+export function financialVaultExists() {
+    return existsSync(VAULT_PATH);
+}
+/** Verify password can decrypt the vault */
+export function financialVaultUnlock(password) {
+    if (!existsSync(VAULT_PATH)) {
+        return Promise.resolve(true); // No vault yet = password is for creation
+    }
+    return serialized(async () => {
+        try {
+            await readVault(password);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    });
+}
+/** List stored keys (requires password) */
+export function financialVaultKeys(password) {
+    return serialized(async () => {
+        const data = await readVault(password);
+        return Object.keys(data);
+    });
+}
+/** Zero the in-memory cache — call on SIGTERM, vault timeout, or manual lock */
+export function financialVaultLock() {
+    if (sessionCache) {
+        // Best-effort memory zeroing — V8 doesn't guarantee this but it's defense in depth
+        sessionCache.password = '\0'.repeat(sessionCache.password.length);
+        sessionCache = null;
+    }
+    // VG-004: Also invalidate TOTP session when vault is locked
+    try {
+        // Dynamic import to avoid circular dependency — totp.ts is a sibling module
+        import('./totp.js').then(m => m.totpSessionInvalidate()).catch(() => { });
+    }
+    catch { /* totp module may not be loaded */ }
+}
+/** Return the vault file path */
+export function financialVaultPath() {
+    return VAULT_PATH;
+}
+/** Return the treasury directory path */
+export function treasuryDir() {
+    return TREASURY_DIR;
+}

package/dist/wizard/lib/frontmatter.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Minimal YAML frontmatter parser for PRD documents.
+ * Handles the simple key: value format used in PRD frontmatter blocks.
+ */
+export interface PrdFrontmatter {
+    name?: string;
+    type?: string;
+    framework?: string;
+    database?: string;
+    cache?: string;
+    styling?: string;
+    auth?: string;
+    payments?: string;
+    workers?: string;
+    admin?: string;
+    marketing?: string;
+    email?: string;
+    deploy?: string;
+    instance_type?: string;
+    hostname?: string;
+    language?: string;
+    description?: string;
+    [key: string]: string | undefined;
+}
+export declare function parseFrontmatter(content: string): {
+    frontmatter: PrdFrontmatter;
+    body: string;
+};
+export declare function generateFrontmatterBlock(fm: PrdFrontmatter): string;
+export declare function validateFrontmatter(fm: PrdFrontmatter): string[];

package/dist/wizard/lib/frontmatter.js

@@ -0,0 +1,96 @@
+/**
+ * Minimal YAML frontmatter parser for PRD documents.
+ * Handles the simple key: value format used in PRD frontmatter blocks.
+ */
+export function parseFrontmatter(content) {
+    // Look for ```yaml ... ``` block in the frontmatter section
+    const yamlBlockMatch = content.match(/```yaml\s*\n([\s\S]*?)```/);
+    if (!yamlBlockMatch) {
+        return { frontmatter: {}, body: content };
+    }
+    const yamlStr = yamlBlockMatch[1];
+    const frontmatter = {};
+    for (const line of yamlStr.split('\n')) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith('#'))
+            continue;
+        const match = trimmed.match(/^(\w+):\s*(.+)$/);
+        if (match) {
+            const key = match[1];
+            let value = match[2].trim();
+            // Track whether the original value was quoted
+            const wasQuoted = (value.startsWith('"') && value.endsWith('"')) ||
+                (value.startsWith("'") && value.endsWith("'"));
+            // Strip quotes
+            if (wasQuoted) {
+                value = value.slice(1, -1);
+            }
+            // Strip inline comments — but only if the value was NOT quoted
+            // (a `#` inside a quoted value is literal, not a comment)
+            if (!wasQuoted) {
+                const commentIdx = value.indexOf('#');
+                if (commentIdx > 0) {
+                    value = value.slice(0, commentIdx).trim();
+                }
+            }
+            frontmatter[key] = value;
+        }
+    }
+    return { frontmatter, body: content };
+}
+export function generateFrontmatterBlock(fm) {
+    const lines = ['```yaml'];
+    if (fm.name)
+        lines.push(`name: "${fm.name}"`);
+    if (fm.type)
+        lines.push(`type: "${fm.type}"`);
+    lines.push('');
+    if (fm.framework)
+        lines.push(`framework: "${fm.framework}"`);
+    if (fm.database)
+        lines.push(`database: "${fm.database}"`);
+    if (fm.cache)
+        lines.push(`cache: "${fm.cache}"`);
+    if (fm.styling)
+        lines.push(`styling: "${fm.styling}"`);
+    lines.push('');
+    if (fm.auth)
+        lines.push(`auth: ${fm.auth}`);
+    if (fm.payments)
+        lines.push(`payments: ${fm.payments}`);
+    if (fm.workers)
+        lines.push(`workers: ${fm.workers}`);
+    if (fm.admin)
+        lines.push(`admin: ${fm.admin}`);
+    if (fm.marketing)
+        lines.push(`marketing: ${fm.marketing}`);
+    if (fm.email)
+        lines.push(`email: ${fm.email}`);
+    lines.push('');
+    if (fm.deploy)
+        lines.push(`deploy: "${fm.deploy}"`);
+    if (fm.instance_type)
+        lines.push(`instance_type: "${fm.instance_type}"`);
+    if (fm.hostname)
+        lines.push(`hostname: "${fm.hostname}"`);
+    lines.push('```');
+    return lines.join('\n');
+}
+const VALID_TYPES = ['full-stack', 'api-only', 'static-site', 'prototype'];
+const VALID_DEPLOY = ['vps', 'vercel', 'railway', 'cloudflare', 'static', 'docker'];
+const VALID_INSTANCE_TYPES = ['t3.micro', 't3.small', 't3.medium', 't3.large'];
+export function validateFrontmatter(fm) {
+    const errors = [];
+    if (!fm.name)
+        errors.push('Missing required field: name');
+    if (fm.type && !VALID_TYPES.includes(fm.type)) {
+        errors.push(`Invalid type: "${fm.type}". Must be one of: ${VALID_TYPES.join(', ')}`);
+    }
+    if (fm.deploy && !VALID_DEPLOY.includes(fm.deploy)) {
+        errors.push(`Invalid deploy: "${fm.deploy}". Must be one of: ${VALID_DEPLOY.join(', ')}`);
+    }
+    if (fm.instance_type && !VALID_INSTANCE_TYPES.includes(fm.instance_type)) {
+        errors.push(`Invalid instance_type: "${fm.instance_type}". Must be one of: ${VALID_INSTANCE_TYPES.join(', ')}`);
+    }
+    return errors;
+}

package/dist/wizard/lib/gap-analysis.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Seven's Gap Analysis Engine — 5-dimension project scoring (v12.1).
+ *
+ * Analyzes a project across: feature completeness, quality, performance,
+ * growth readiness, and revenue potential. Produces a scored situation model
+ * that drives Tuvok's campaign proposals.
+ *
+ * PRD Reference: ROADMAP v12.1 deliverables, DEEP_CURRENT.md ANALYZE step
+ */
+import type { SituationModel, DimensionScore } from './deep-current.js';
+/**
+ * Score feature completeness by diffing PRD requirements against codebase.
+ * Uses a simplified heuristic: count PRD sections vs implemented routes/components.
+ */
+export declare function scoreFeatureCompleteness(projectDir: string): Promise<DimensionScore>;
+/**
+ * Score quality from gauntlet findings, field reports, and test presence.
+ */
+export declare function scoreQuality(projectDir: string): Promise<DimensionScore>;
+/**
+ * Score revenue potential from treasury setup, payment integrations, and pricing presence.
+ */
+export declare function scoreRevenuePotential(projectDir: string): Promise<DimensionScore>;
+/**
+ * Run Seven's full gap analysis across all 5 dimensions.
+ * Performance and growthReadiness come from Torres's site scan (already in the model).
+ * Feature completeness, quality, and revenue potential are analyzed here.
+ */
+export declare function analyzeGaps(model: SituationModel, projectDir: string): Promise<SituationModel>;
+/**
+ * Find the weakest dimension — this drives the next campaign proposal.
+ */
+export declare function findWeakestDimension(model: SituationModel): {
+    name: string;
+    score: number;
+    gaps: string[];
+};

package/dist/wizard/lib/gap-analysis.js

@@ -0,0 +1,218 @@
+/**
+ * Seven's Gap Analysis Engine — 5-dimension project scoring (v12.1).
+ *
+ * Analyzes a project across: feature completeness, quality, performance,
+ * growth readiness, and revenue potential. Produces a scored situation model
+ * that drives Tuvok's campaign proposals.
+ *
+ * PRD Reference: ROADMAP v12.1 deliverables, DEEP_CURRENT.md ANALYZE step
+ */
+import { existsSync } from 'node:fs';
+import { readFile, readdir } from 'node:fs/promises';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+// ── Feature Completeness Dimension ────────────────────
+/**
+ * Score feature completeness by diffing PRD requirements against codebase.
+ * Uses a simplified heuristic: count PRD sections vs implemented routes/components.
+ */
+export async function scoreFeatureCompleteness(projectDir) {
+    const gaps = [];
+    let score = 50; // base — assumes halfway done if we can't fully analyze
+    // Read PRD if exists
+    const prdPaths = [join(projectDir, 'docs', 'PRD.md'), join(projectDir, 'PRD.md')];
+    let prdContent = '';
+    for (const p of prdPaths) {
+        if (existsSync(p)) {
+            prdContent = await readFile(p, 'utf-8');
+            break;
+        }
+    }
+    if (!prdContent) {
+        return { score: 0, gaps: ['No PRD found — cannot assess feature completeness'], lastUpdated: new Date().toISOString() };
+    }
+    // Count PRD feature sections (## headers that look like features)
+    const featureSections = (prdContent.match(/^#{2,3}\s+(?!Frontmatter|Version|Status)/gm) || []).length;
+    // Count source files as a proxy for implementation
+    let sourceFileCount = 0;
+    try {
+        const srcDirs = ['src', 'app', 'pages', 'components', 'lib', 'services', 'wizard/lib', 'wizard/ui'];
+        for (const dir of srcDirs) {
+            const fullDir = join(projectDir, dir);
+            if (existsSync(fullDir)) {
+                const files = await readdir(fullDir, { recursive: true });
+                sourceFileCount += files.filter(f => /\.(ts|tsx|js|jsx|py|rb)$/.test(String(f))).length;
+            }
+        }
+    }
+    catch { /* can't read dirs */ }
+    // Heuristic scoring
+    if (featureSections > 0 && sourceFileCount > 0) {
+        const ratio = Math.min(sourceFileCount / featureSections, 3); // cap at 3 files/section
+        score = Math.min(100, Math.round(ratio / 3 * 100));
+    }
+    if (score < 30)
+        gaps.push(`Only ${sourceFileCount} source files for ${featureSections} PRD sections`);
+    if (score < 60)
+        gaps.push('Feature implementation appears incomplete');
+    // Check for campaign state — completed campaigns boost the score
+    const campaignStatePath = join(projectDir, 'logs', 'campaign-state.md');
+    if (existsSync(campaignStatePath)) {
+        const campaignContent = await readFile(campaignStatePath, 'utf-8');
+        const completedMissions = (campaignContent.match(/COMPLETE/g) || []).length;
+        score = Math.min(100, score + completedMissions * 3);
+    }
+    return { score: Math.min(100, score), gaps, lastUpdated: new Date().toISOString() };
+}
+// ── Quality Dimension ─────────────────────────────────
+/**
+ * Score quality from gauntlet findings, field reports, and test presence.
+ */
+export async function scoreQuality(projectDir) {
+    const gaps = [];
+    let score = 50;
+    // Check for test files
+    let testFileCount = 0;
+    const testDirs = ['__tests__', 'tests', 'test', 'spec'];
+    for (const dir of testDirs) {
+        const fullDir = join(projectDir, dir);
+        if (existsSync(fullDir)) {
+            const files = await readdir(fullDir, { recursive: true });
+            testFileCount += files.filter(f => /\.(test|spec)\.(ts|tsx|js|jsx|py)$/.test(String(f))).length;
+        }
+    }
+    // Also check for test files alongside source
+    try {
+        const srcDir = join(projectDir, 'src');
+        if (existsSync(srcDir)) {
+            const files = await readdir(srcDir, { recursive: true });
+            testFileCount += files.filter(f => /\.(test|spec)\.(ts|tsx|js|jsx)$/.test(String(f))).length;
+        }
+    }
+    catch { /* can't read */ }
+    if (testFileCount === 0) {
+        gaps.push('No test files found');
+        score -= 20;
+    }
+    else if (testFileCount < 5) {
+        gaps.push(`Only ${testFileCount} test files — coverage likely low`);
+        score -= 10;
+    }
+    else {
+        score += 15;
+    }
+    // Check gauntlet state for unfixed findings
+    const gauntletPath = join(projectDir, 'logs', 'gauntlet-state.md');
+    if (existsSync(gauntletPath)) {
+        const content = await readFile(gauntletPath, 'utf-8');
+        if (content.includes('COMPLETE') && content.includes('SIGN OFF')) {
+            score += 20;
+        }
+        const criticalCount = (content.match(/Critical/gi) || []).length;
+        if (criticalCount > 5) {
+            gaps.push(`${criticalCount} Critical mentions in gauntlet state`);
+            score -= 10;
+        }
+    }
+    else {
+        gaps.push('No gauntlet history — project has not been reviewed');
+        score -= 15;
+    }
+    // Check for LESSONS.md (learning from mistakes = quality signal)
+    if (existsSync(join(projectDir, 'docs', 'LESSONS.md')))
+        score += 5;
+    return { score: Math.max(0, Math.min(100, score)), gaps, lastUpdated: new Date().toISOString() };
+}
+// ── Revenue Potential Dimension ───────────────────────
+/**
+ * Score revenue potential from treasury setup, payment integrations, and pricing presence.
+ */
+export async function scoreRevenuePotential(projectDir) {
+    const gaps = [];
+    let score = 20; // base — most projects start without revenue infrastructure
+    // Check for treasury vault (Cultivation installed)
+    const treasuryVault = join(homedir(), '.voidforge', 'treasury', 'vault.enc');
+    if (existsSync(treasuryVault)) {
+        score += 25;
+    }
+    else {
+        gaps.push('No treasury set up — no revenue tracking');
+    }
+    // Check for payment integration in code
+    const paymentIndicators = ['stripe', 'paddle', 'lemon', 'paypal', 'checkout'];
+    let paymentFound = false;
+    try {
+        const envPath = join(projectDir, '.env');
+        if (existsSync(envPath)) {
+            const envContent = await readFile(envPath, 'utf-8');
+            for (const indicator of paymentIndicators) {
+                if (envContent.toLowerCase().includes(indicator)) {
+                    paymentFound = true;
+                    break;
+                }
+            }
+        }
+    }
+    catch { /* can't read .env */ }
+    if (paymentFound) {
+        score += 20;
+    }
+    else {
+        gaps.push('No payment integration detected');
+    }
+    // Check for pricing page indicators in source
+    try {
+        const srcDir = join(projectDir, 'src');
+        if (existsSync(srcDir)) {
+            const files = await readdir(srcDir, { recursive: true });
+            const pricingFiles = files.filter(f => /pric/i.test(String(f)));
+            if (pricingFiles.length > 0) {
+                score += 15;
+            }
+            else {
+                gaps.push('No pricing page or component found');
+            }
+        }
+    }
+    catch { /* can't read */ }
+    // Check for heartbeat daemon (revenue monitoring)
+    if (existsSync(join(homedir(), '.voidforge', 'heartbeat.json'))) {
+        score += 15;
+    }
+    else {
+        gaps.push('Heartbeat daemon not running — no revenue monitoring');
+    }
+    return { score: Math.max(0, Math.min(100, score)), gaps, lastUpdated: new Date().toISOString() };
+}
+// ── Full Analysis ─────────────────────────────────────
+/**
+ * Run Seven's full gap analysis across all 5 dimensions.
+ * Performance and growthReadiness come from Torres's site scan (already in the model).
+ * Feature completeness, quality, and revenue potential are analyzed here.
+ */
+export async function analyzeGaps(model, projectDir) {
+    // Feature completeness
+    model.dimensions.featureCompleteness = await scoreFeatureCompleteness(projectDir);
+    // Quality
+    model.dimensions.quality = await scoreQuality(projectDir);
+    // Revenue potential
+    model.dimensions.revenuePotential = await scoreRevenuePotential(projectDir);
+    // Performance and growthReadiness are updated by Torres's SENSE step (site scanner)
+    // If they haven't been scanned yet, keep their current values
+    return model;
+}
+/**
+ * Find the weakest dimension — this drives the next campaign proposal.
+ */
+export function findWeakestDimension(model) {
+    const dims = model.dimensions;
+    const entries = [
+        { name: 'Feature Completeness', ...dims.featureCompleteness },
+        { name: 'Quality', ...dims.quality },
+        { name: 'Performance', ...dims.performance },
+        { name: 'Growth Readiness', ...dims.growthReadiness },
+        { name: 'Revenue Potential', ...dims.revenuePotential },
+    ];
+    entries.sort((a, b) => a.score - b.score);
+    return entries[0];
+}

package/dist/wizard/lib/github.d.ts

@@ -0,0 +1,22 @@
+/**
+ * GitHub integration — create repo, git init + remote + push.
+ * Runs as a pre-provision step (ADR-011) so platforms can link to the repo.
+ * Uses exec.ts for git operations (ADR-013). No npm dependencies.
+ */
+import type { ProvisionEmitter } from './provisioners/types.js';
+export interface GitHubResult {
+    success: boolean;
+    repoUrl?: string;
+    owner?: string;
+    repoName?: string;
+    error?: string;
+}
+/**
+ * Full GitHub pre-provision flow:
+ * 1. Validate git binary exists
+ * 2. Determine owner (from vault or token)
+ * 3. Create repo via API (or use existing)
+ * 4. Ensure .gitignore has .ssh/ and .env
+ * 5. git init + remote + push
+ */
+export declare function prepareGithub(runId: string, token: string, owner: string | null, projectName: string, projectDir: string, emit: ProvisionEmitter, abortSignal?: AbortSignal, framework?: string, deployTarget?: string): Promise<GitHubResult>;