npm - thevoidforge - Versions diffs - 21.0.0 - Mend

thevoidforge 21.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (328) hide show

package/dist/scripts/vault-read.d.ts +11 -0
package/dist/scripts/vault-read.js +89 -0
package/dist/scripts/voidforge.d.ts +20 -0
package/dist/scripts/voidforge.js +404 -0
package/dist/tsconfig.tsbuildinfo +1 -0
package/dist/wizard/api/auth.d.ts +5 -0
package/dist/wizard/api/auth.js +133 -0
package/dist/wizard/api/blueprint.d.ts +45 -0
package/dist/wizard/api/blueprint.js +184 -0
package/dist/wizard/api/cloud-providers.d.ts +16 -0
package/dist/wizard/api/cloud-providers.js +363 -0
package/dist/wizard/api/credentials.d.ts +1 -0
package/dist/wizard/api/credentials.js +258 -0
package/dist/wizard/api/danger-room.d.ts +18 -0
package/dist/wizard/api/danger-room.js +401 -0
package/dist/wizard/api/deploy.d.ts +4 -0
package/dist/wizard/api/deploy.js +164 -0
package/dist/wizard/api/prd.d.ts +1 -0
package/dist/wizard/api/prd.js +363 -0
package/dist/wizard/api/project.d.ts +1 -0
package/dist/wizard/api/project.js +239 -0
package/dist/wizard/api/projects.d.ts +6 -0
package/dist/wizard/api/projects.js +648 -0
package/dist/wizard/api/provision.d.ts +4 -0
package/dist/wizard/api/provision.js +535 -0
package/dist/wizard/api/terminal.d.ts +25 -0
package/dist/wizard/api/terminal.js +241 -0
package/dist/wizard/api/users.d.ts +6 -0
package/dist/wizard/api/users.js +244 -0
package/dist/wizard/api/war-room.d.ts +14 -0
package/dist/wizard/api/war-room.js +45 -0
package/dist/wizard/lib/ad-platform-core.d.ts +6 -0
package/dist/wizard/lib/ad-platform-core.js +1 -0
package/dist/wizard/lib/adapters/index.d.ts +52 -0
package/dist/wizard/lib/adapters/index.js +38 -0
package/dist/wizard/lib/adapters/sandbox-bank.d.ts +17 -0
package/dist/wizard/lib/adapters/sandbox-bank.js +77 -0
package/dist/wizard/lib/adapters/sandbox.d.ts +39 -0
package/dist/wizard/lib/adapters/sandbox.js +174 -0
package/dist/wizard/lib/adapters/stripe.d.ts +19 -0
package/dist/wizard/lib/adapters/stripe.js +143 -0
package/dist/wizard/lib/adapters/types.d.ts +9 -0
package/dist/wizard/lib/adapters/types.js +10 -0
package/dist/wizard/lib/agent-memory.d.ts +36 -0
package/dist/wizard/lib/agent-memory.js +114 -0
package/dist/wizard/lib/anomaly-detection.d.ts +59 -0
package/dist/wizard/lib/anomaly-detection.js +122 -0
package/dist/wizard/lib/anthropic.d.ts +21 -0
package/dist/wizard/lib/anthropic.js +105 -0
package/dist/wizard/lib/asset-scanner.d.ts +23 -0
package/dist/wizard/lib/asset-scanner.js +107 -0
package/dist/wizard/lib/audit-log.d.ts +23 -0
package/dist/wizard/lib/audit-log.js +70 -0
package/dist/wizard/lib/autonomy-controller.d.ts +76 -0
package/dist/wizard/lib/autonomy-controller.js +183 -0
package/dist/wizard/lib/body-parser.d.ts +2 -0
package/dist/wizard/lib/body-parser.js +36 -0
package/dist/wizard/lib/build-analytics.d.ts +39 -0
package/dist/wizard/lib/build-analytics.js +91 -0
package/dist/wizard/lib/build-step.d.ts +21 -0
package/dist/wizard/lib/build-step.js +104 -0
package/dist/wizard/lib/campaign-proposer.d.ts +39 -0
package/dist/wizard/lib/campaign-proposer.js +180 -0
package/dist/wizard/lib/campaign-state-machine.d.ts +63 -0
package/dist/wizard/lib/campaign-state-machine.js +114 -0
package/dist/wizard/lib/ci-generator.d.ts +14 -0
package/dist/wizard/lib/ci-generator.js +187 -0
package/dist/wizard/lib/claude-merge.d.ts +38 -0
package/dist/wizard/lib/claude-merge.js +115 -0
package/dist/wizard/lib/codegen/erd-gen.d.ts +16 -0
package/dist/wizard/lib/codegen/erd-gen.js +98 -0
package/dist/wizard/lib/codegen/integrations.d.ts +18 -0
package/dist/wizard/lib/codegen/integrations.js +189 -0
package/dist/wizard/lib/codegen/openapi-gen.d.ts +15 -0
package/dist/wizard/lib/codegen/openapi-gen.js +79 -0
package/dist/wizard/lib/codegen/prisma-types.d.ts +15 -0
package/dist/wizard/lib/codegen/prisma-types.js +44 -0
package/dist/wizard/lib/codegen/seed-gen.d.ts +16 -0
package/dist/wizard/lib/codegen/seed-gen.js +128 -0
package/dist/wizard/lib/compliance.d.ts +51 -0
package/dist/wizard/lib/compliance.js +112 -0
package/dist/wizard/lib/correlation-engine.d.ts +59 -0
package/dist/wizard/lib/correlation-engine.js +151 -0
package/dist/wizard/lib/cost-estimator.d.ts +22 -0
package/dist/wizard/lib/cost-estimator.js +72 -0
package/dist/wizard/lib/cost-tracker.d.ts +27 -0
package/dist/wizard/lib/cost-tracker.js +37 -0
package/dist/wizard/lib/daemon-aggregator.d.ts +71 -0
package/dist/wizard/lib/daemon-aggregator.js +204 -0
package/dist/wizard/lib/daemon-core.d.ts +6 -0
package/dist/wizard/lib/daemon-core.js +5 -0
package/dist/wizard/lib/dashboard-data.d.ts +132 -0
package/dist/wizard/lib/dashboard-data.js +336 -0
package/dist/wizard/lib/dashboard-ws.d.ts +25 -0
package/dist/wizard/lib/dashboard-ws.js +91 -0
package/dist/wizard/lib/deep-current.d.ts +77 -0
package/dist/wizard/lib/deep-current.js +234 -0
package/dist/wizard/lib/deploy-coordinator.d.ts +40 -0
package/dist/wizard/lib/deploy-coordinator.js +86 -0
package/dist/wizard/lib/deploy-log.d.ts +28 -0
package/dist/wizard/lib/deploy-log.js +52 -0
package/dist/wizard/lib/desktop-notify.d.ts +27 -0
package/dist/wizard/lib/desktop-notify.js +98 -0
package/dist/wizard/lib/dns/cloudflare-dns.d.ts +35 -0
package/dist/wizard/lib/dns/cloudflare-dns.js +216 -0
package/dist/wizard/lib/dns/cloudflare-registrar.d.ts +31 -0
package/dist/wizard/lib/dns/cloudflare-registrar.js +148 -0
package/dist/wizard/lib/dns/types.d.ts +22 -0
package/dist/wizard/lib/dns/types.js +4 -0
package/dist/wizard/lib/document-discovery.d.ts +33 -0
package/dist/wizard/lib/document-discovery.js +145 -0
package/dist/wizard/lib/env-validator.d.ts +14 -0
package/dist/wizard/lib/env-validator.js +205 -0
package/dist/wizard/lib/env-writer.d.ts +13 -0
package/dist/wizard/lib/env-writer.js +26 -0
package/dist/wizard/lib/exec.d.ts +30 -0
package/dist/wizard/lib/exec.js +52 -0
package/dist/wizard/lib/experiment.d.ts +70 -0
package/dist/wizard/lib/experiment.js +169 -0
package/dist/wizard/lib/extensions.d.ts +20 -0
package/dist/wizard/lib/extensions.js +183 -0
package/dist/wizard/lib/financial/adapter-factory.d.ts +47 -0
package/dist/wizard/lib/financial/adapter-factory.js +225 -0
package/dist/wizard/lib/financial/billing/base.d.ts +6 -0
package/dist/wizard/lib/financial/billing/base.js +1 -0
package/dist/wizard/lib/financial/billing/google-billing.d.ts +56 -0
package/dist/wizard/lib/financial/billing/google-billing.js +298 -0
package/dist/wizard/lib/financial/billing/meta-billing.d.ts +54 -0
package/dist/wizard/lib/financial/billing/meta-billing.js +243 -0
package/dist/wizard/lib/financial/billing/tiktok-billing.d.ts +54 -0
package/dist/wizard/lib/financial/billing/tiktok-billing.js +260 -0
package/dist/wizard/lib/financial/campaign/base.d.ts +13 -0
package/dist/wizard/lib/financial/campaign/base.js +1 -0
package/dist/wizard/lib/financial/campaign/google-campaign.d.ts +42 -0
package/dist/wizard/lib/financial/campaign/google-campaign.js +388 -0
package/dist/wizard/lib/financial/campaign/meta-campaign.d.ts +41 -0
package/dist/wizard/lib/financial/campaign/meta-campaign.js +311 -0
package/dist/wizard/lib/financial/campaign/sandbox-campaign.d.ts +45 -0
package/dist/wizard/lib/financial/campaign/sandbox-campaign.js +261 -0
package/dist/wizard/lib/financial/campaign/tiktok-campaign.d.ts +40 -0
package/dist/wizard/lib/financial/campaign/tiktok-campaign.js +350 -0
package/dist/wizard/lib/financial/funding-auto.d.ts +44 -0
package/dist/wizard/lib/financial/funding-auto.js +52 -0
package/dist/wizard/lib/financial/funding-policy.d.ts +60 -0
package/dist/wizard/lib/financial/funding-policy.js +179 -0
package/dist/wizard/lib/financial/platform-planner.d.ts +47 -0
package/dist/wizard/lib/financial/platform-planner.js +134 -0
package/dist/wizard/lib/financial/reconciliation-engine.d.ts +78 -0
package/dist/wizard/lib/financial/reconciliation-engine.js +193 -0
package/dist/wizard/lib/financial/registry.d.ts +22 -0
package/dist/wizard/lib/financial/registry.js +26 -0
package/dist/wizard/lib/financial/reporting.d.ts +96 -0
package/dist/wizard/lib/financial/reporting.js +198 -0
package/dist/wizard/lib/financial/stablecoin/base.d.ts +6 -0
package/dist/wizard/lib/financial/stablecoin/base.js +1 -0
package/dist/wizard/lib/financial/stablecoin/circle.d.ts +54 -0
package/dist/wizard/lib/financial/stablecoin/circle.js +367 -0
package/dist/wizard/lib/financial/stablecoin/mercury.d.ts +24 -0
package/dist/wizard/lib/financial/stablecoin/mercury.js +171 -0
package/dist/wizard/lib/financial/stablecoin/sandbox-stablecoin.d.ts +47 -0
package/dist/wizard/lib/financial/stablecoin/sandbox-stablecoin.js +202 -0
package/dist/wizard/lib/financial/treasury-planner.d.ts +52 -0
package/dist/wizard/lib/financial/treasury-planner.js +128 -0
package/dist/wizard/lib/financial-core.d.ts +6 -0
package/dist/wizard/lib/financial-core.js +5 -0
package/dist/wizard/lib/financial-vault.d.ts +34 -0
package/dist/wizard/lib/financial-vault.js +199 -0
package/dist/wizard/lib/frontmatter.d.ts +30 -0
package/dist/wizard/lib/frontmatter.js +96 -0
package/dist/wizard/lib/gap-analysis.d.ts +37 -0
package/dist/wizard/lib/gap-analysis.js +218 -0
package/dist/wizard/lib/github.d.ts +22 -0
package/dist/wizard/lib/github.js +261 -0
package/dist/wizard/lib/headless-deploy.d.ts +14 -0
package/dist/wizard/lib/headless-deploy.js +452 -0
package/dist/wizard/lib/health-monitor.d.ts +15 -0
package/dist/wizard/lib/health-monitor.js +91 -0
package/dist/wizard/lib/health-poller.d.ts +9 -0
package/dist/wizard/lib/health-poller.js +123 -0
package/dist/wizard/lib/heartbeat.d.ts +15 -0
package/dist/wizard/lib/heartbeat.js +827 -0
package/dist/wizard/lib/http-helpers.d.ts +9 -0
package/dist/wizard/lib/http-helpers.js +24 -0
package/dist/wizard/lib/image-gen.d.ts +56 -0
package/dist/wizard/lib/image-gen.js +159 -0
package/dist/wizard/lib/instance-sizing.d.ts +26 -0
package/dist/wizard/lib/instance-sizing.js +51 -0
package/dist/wizard/lib/kongo/analytics.d.ts +29 -0
package/dist/wizard/lib/kongo/analytics.js +179 -0
package/dist/wizard/lib/kongo/campaigns.d.ts +52 -0
package/dist/wizard/lib/kongo/campaigns.js +91 -0
package/dist/wizard/lib/kongo/client.d.ts +58 -0
package/dist/wizard/lib/kongo/client.js +221 -0
package/dist/wizard/lib/kongo/jobs.d.ts +57 -0
package/dist/wizard/lib/kongo/jobs.js +122 -0
package/dist/wizard/lib/kongo/pages.d.ts +60 -0
package/dist/wizard/lib/kongo/pages.js +150 -0
package/dist/wizard/lib/kongo/provisioner.d.ts +64 -0
package/dist/wizard/lib/kongo/provisioner.js +116 -0
package/dist/wizard/lib/kongo/seed.d.ts +49 -0
package/dist/wizard/lib/kongo/seed.js +237 -0
package/dist/wizard/lib/kongo/types.d.ts +323 -0
package/dist/wizard/lib/kongo/types.js +11 -0
package/dist/wizard/lib/kongo/variants.d.ts +57 -0
package/dist/wizard/lib/kongo/variants.js +88 -0
package/dist/wizard/lib/kongo/webhooks.d.ts +41 -0
package/dist/wizard/lib/kongo/webhooks.js +112 -0
package/dist/wizard/lib/marker.d.ts +28 -0
package/dist/wizard/lib/marker.js +79 -0
package/dist/wizard/lib/migrator.d.ts +35 -0
package/dist/wizard/lib/migrator.js +190 -0
package/dist/wizard/lib/natural-language-deploy.d.ts +30 -0
package/dist/wizard/lib/natural-language-deploy.js +186 -0
package/dist/wizard/lib/network.d.ts +22 -0
package/dist/wizard/lib/network.js +72 -0
package/dist/wizard/lib/oauth-core.d.ts +6 -0
package/dist/wizard/lib/oauth-core.js +5 -0
package/dist/wizard/lib/open-browser.d.ts +1 -0
package/dist/wizard/lib/open-browser.js +26 -0
package/dist/wizard/lib/patterns/ad-billing-adapter.d.ts +209 -0
package/dist/wizard/lib/patterns/ad-billing-adapter.js +269 -0
package/dist/wizard/lib/patterns/ad-platform-adapter.d.ts +200 -0
package/dist/wizard/lib/patterns/ad-platform-adapter.js +212 -0
package/dist/wizard/lib/patterns/daemon-process.d.ts +88 -0
package/dist/wizard/lib/patterns/daemon-process.js +271 -0
package/dist/wizard/lib/patterns/financial-transaction.d.ts +161 -0
package/dist/wizard/lib/patterns/financial-transaction.js +132 -0
package/dist/wizard/lib/patterns/funding-plan.d.ts +136 -0
package/dist/wizard/lib/patterns/funding-plan.js +200 -0
package/dist/wizard/lib/patterns/oauth-token-lifecycle.d.ts +94 -0
package/dist/wizard/lib/patterns/oauth-token-lifecycle.js +139 -0
package/dist/wizard/lib/patterns/outbound-rate-limiter.d.ts +67 -0
package/dist/wizard/lib/patterns/outbound-rate-limiter.js +216 -0
package/dist/wizard/lib/patterns/revenue-source-adapter.d.ts +96 -0
package/dist/wizard/lib/patterns/revenue-source-adapter.js +182 -0
package/dist/wizard/lib/patterns/stablecoin-adapter.d.ts +218 -0
package/dist/wizard/lib/patterns/stablecoin-adapter.js +264 -0
package/dist/wizard/lib/prd-validator.d.ts +39 -0
package/dist/wizard/lib/prd-validator.js +137 -0
package/dist/wizard/lib/project-init.d.ts +24 -0
package/dist/wizard/lib/project-init.js +193 -0
package/dist/wizard/lib/project-registry.d.ts +86 -0
package/dist/wizard/lib/project-registry.js +359 -0
package/dist/wizard/lib/provision-manifest.d.ts +44 -0
package/dist/wizard/lib/provision-manifest.js +164 -0
package/dist/wizard/lib/provisioner-registry.d.ts +15 -0
package/dist/wizard/lib/provisioner-registry.js +34 -0
package/dist/wizard/lib/provisioners/aws-vps.d.ts +6 -0
package/dist/wizard/lib/provisioners/aws-vps.js +643 -0
package/dist/wizard/lib/provisioners/cloudflare.d.ts +6 -0
package/dist/wizard/lib/provisioners/cloudflare.js +300 -0
package/dist/wizard/lib/provisioners/docker.d.ts +6 -0
package/dist/wizard/lib/provisioners/docker.js +75 -0
package/dist/wizard/lib/provisioners/http-client.d.ts +20 -0
package/dist/wizard/lib/provisioners/http-client.js +79 -0
package/dist/wizard/lib/provisioners/railway.d.ts +6 -0
package/dist/wizard/lib/provisioners/railway.js +413 -0
package/dist/wizard/lib/provisioners/scripts/caddyfile.d.ts +10 -0
package/dist/wizard/lib/provisioners/scripts/caddyfile.js +54 -0
package/dist/wizard/lib/provisioners/scripts/deploy-vps.d.ts +10 -0
package/dist/wizard/lib/provisioners/scripts/deploy-vps.js +112 -0
package/dist/wizard/lib/provisioners/scripts/docker-compose.d.ts +11 -0
package/dist/wizard/lib/provisioners/scripts/docker-compose.js +91 -0
package/dist/wizard/lib/provisioners/scripts/dockerfile.d.ts +5 -0
package/dist/wizard/lib/provisioners/scripts/dockerfile.js +185 -0
package/dist/wizard/lib/provisioners/scripts/ecosystem-config.d.ts +10 -0
package/dist/wizard/lib/provisioners/scripts/ecosystem-config.js +36 -0
package/dist/wizard/lib/provisioners/scripts/provision-vps.d.ts +14 -0
package/dist/wizard/lib/provisioners/scripts/provision-vps.js +202 -0
package/dist/wizard/lib/provisioners/scripts/rollback-vps.d.ts +10 -0
package/dist/wizard/lib/provisioners/scripts/rollback-vps.js +67 -0
package/dist/wizard/lib/provisioners/self-deploy.d.ts +41 -0
package/dist/wizard/lib/provisioners/self-deploy.js +185 -0
package/dist/wizard/lib/provisioners/static-s3.d.ts +6 -0
package/dist/wizard/lib/provisioners/static-s3.js +235 -0
package/dist/wizard/lib/provisioners/types.d.ts +40 -0
package/dist/wizard/lib/provisioners/types.js +4 -0
package/dist/wizard/lib/provisioners/vercel.d.ts +6 -0
package/dist/wizard/lib/provisioners/vercel.js +287 -0
package/dist/wizard/lib/pty-manager.d.ts +42 -0
package/dist/wizard/lib/pty-manager.js +231 -0
package/dist/wizard/lib/rate-limiter-core.d.ts +5 -0
package/dist/wizard/lib/rate-limiter-core.js +5 -0
package/dist/wizard/lib/reconciliation.d.ts +43 -0
package/dist/wizard/lib/reconciliation.js +173 -0
package/dist/wizard/lib/revenue-types.d.ts +5 -0
package/dist/wizard/lib/revenue-types.js +1 -0
package/dist/wizard/lib/route-optimizer.d.ts +28 -0
package/dist/wizard/lib/route-optimizer.js +93 -0
package/dist/wizard/lib/s3-deploy.d.ts +19 -0
package/dist/wizard/lib/s3-deploy.js +156 -0
package/dist/wizard/lib/safety-tiers.d.ts +76 -0
package/dist/wizard/lib/safety-tiers.js +134 -0
package/dist/wizard/lib/sentry-generator.d.ts +15 -0
package/dist/wizard/lib/sentry-generator.js +116 -0
package/dist/wizard/lib/server-config.d.ts +13 -0
package/dist/wizard/lib/server-config.js +23 -0
package/dist/wizard/lib/service-install.d.ts +18 -0
package/dist/wizard/lib/service-install.js +182 -0
package/dist/wizard/lib/site-scanner.d.ts +80 -0
package/dist/wizard/lib/site-scanner.js +262 -0
package/dist/wizard/lib/ssh-deploy.d.ts +25 -0
package/dist/wizard/lib/ssh-deploy.js +225 -0
package/dist/wizard/lib/templates.d.ts +24 -0
package/dist/wizard/lib/templates.js +219 -0
package/dist/wizard/lib/totp.d.ts +35 -0
package/dist/wizard/lib/totp.js +276 -0
package/dist/wizard/lib/tower-auth.d.ts +43 -0
package/dist/wizard/lib/tower-auth.js +352 -0
package/dist/wizard/lib/tower-rate-limit.d.ts +14 -0
package/dist/wizard/lib/tower-rate-limit.js +61 -0
package/dist/wizard/lib/tower-session.d.ts +28 -0
package/dist/wizard/lib/tower-session.js +119 -0
package/dist/wizard/lib/treasury-backup.d.ts +23 -0
package/dist/wizard/lib/treasury-backup.js +126 -0
package/dist/wizard/lib/treasury-heartbeat.d.ts +82 -0
package/dist/wizard/lib/treasury-heartbeat.js +1104 -0
package/dist/wizard/lib/updater.d.ts +29 -0
package/dist/wizard/lib/updater.js +190 -0
package/dist/wizard/lib/user-manager.d.ts +39 -0
package/dist/wizard/lib/user-manager.js +182 -0
package/dist/wizard/lib/vault.d.ts +26 -0
package/dist/wizard/lib/vault.js +161 -0
package/dist/wizard/router.d.ts +5 -0
package/dist/wizard/router.js +15 -0
package/dist/wizard/server.d.ts +18 -0
package/dist/wizard/server.js +436 -0
package/package.json +59 -0

package/dist/wizard/lib/provisioners/self-deploy.js ADDED Viewed

@@ -0,0 +1,185 @@
+/**
+ * Self-Deploy Provisioner — deploys VoidForge itself to a remote VPS.
+ *
+ * Usage: npx voidforge deploy --self
+ *
+ * Steps:
+ * 1. Connect to VPS via SSH (EC2 or manual target)
+ * 2. Install: Node.js, Git, PM2, Caddy, Claude Code
+ * 3. Clone VoidForge, configure Caddy for HTTPS
+ * 4. Create forge-user (non-root PTY execution)
+ * 5. Generate initial admin credentials + TOTP secret
+ * 6. Start VoidForge as PM2-managed service
+ * 7. Report public URL + TOTP QR setup instructions
+ */
+/** Shell-escape a value to prevent command injection. */
+function shellEscape(value) {
+    // Reject any value containing shell metacharacters
+    if (/[;&|`$(){}\\!#\n\r]/.test(value)) {
+        throw new Error(`Unsafe value for shell interpolation: ${value.slice(0, 20)}...`);
+    }
+    // Wrap in single quotes for extra safety (single quotes prevent all expansion)
+    return `'${value.replace(/'/g, "'\\''")}'`;
+}
+/** Validate a domain name. */
+function isValidDomain(domain) {
+    return /^[a-zA-Z0-9][a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/.test(domain);
+}
+const DEFAULT_CONFIG = {
+    nodeVersion: '22',
+    voidforgeRepo: 'https://github.com/tmcleod3/voidforge.git',
+    voidforgeBranch: 'main',
+};
+/**
+ * Generate the provision script that runs on the remote VPS.
+ * This script is piped over SSH — no files need to exist on the remote first.
+ */
+export function generateProvisionScript(config) {
+    // Validate all inputs before shell interpolation
+    if (!isValidDomain(config.domain)) {
+        throw new Error(`Invalid domain: ${config.domain}`);
+    }
+    const safeDomain = shellEscape(config.domain);
+    const safeRepo = shellEscape(config.voidforgeRepo);
+    const safeBranch = shellEscape(config.voidforgeBranch);
+    const safeNodeVersion = shellEscape(config.nodeVersion);
+    return `#!/bin/bash
+set -euo pipefail
+echo "=== VoidForge Self-Deploy ==="
+echo "Domain: ${safeDomain}"
+echo ""
+# 1. System packages
+echo "[1/7] Installing system packages..."
+sudo apt-get update -qq
+sudo apt-get install -y -qq curl git build-essential
+# 2. Node.js
+echo "[2/7] Installing Node.js ${safeNodeVersion}..."
+if ! command -v node &>/dev/null; then
+  curl -fsSL https://deb.nodesource.com/setup_${safeNodeVersion}.x | sudo -E bash -
+  sudo apt-get install -y -qq nodejs
+fi
+echo "  Node $(node --version)"
+# 3. PM2 + Caddy
+echo "[3/7] Installing PM2 and Caddy..."
+sudo npm install -g pm2 2>/dev/null || true
+sudo apt-get install -y -qq debian-keyring debian-archive-keyring apt-transport-https
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg 2>/dev/null || true
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list >/dev/null
+sudo apt-get update -qq
+sudo apt-get install -y -qq caddy
+# 4. forge-user (non-root PTY execution)
+echo "[4/7] Creating forge-user..."
+if ! id forge-user &>/dev/null; then
+  sudo useradd -m -s /bin/bash forge-user
+fi
+sudo mkdir -p /home/forge-user/projects
+sudo chown -R forge-user:forge-user /home/forge-user
+# 5. Clone VoidForge
+echo "[5/7] Cloning VoidForge..."
+VOIDFORGE_DIR="/opt/voidforge"
+sudo mkdir -p "$VOIDFORGE_DIR"
+sudo chown $(whoami) "$VOIDFORGE_DIR"
+if [ -d "$VOIDFORGE_DIR/.git" ]; then
+  cd "$VOIDFORGE_DIR" && git pull origin ${safeBranch}
+else
+  git clone --branch ${safeBranch} ${safeRepo} "$VOIDFORGE_DIR"
+fi
+cd "$VOIDFORGE_DIR" && npm install --production 2>/dev/null || true
+# 6. Caddy config
+echo "[6/7] Configuring Caddy for ${safeDomain}..."
+sudo tee /etc/caddy/Caddyfile > /dev/null << CADDY
+${config.domain} {
+    # Rate limiting on login endpoint
+    @login path /api/auth/login
+    handle @login {
+        reverse_proxy localhost:3141
+    }
+    # WebSocket upgrade for terminal
+    @ws {
+        path /ws/terminal
+        header Connection *Upgrade*
+        header Upgrade websocket
+    }
+    handle @ws {
+        reverse_proxy localhost:3141
+    }
+    # All other traffic
+    reverse_proxy localhost:3141
+    # Security headers (supplementing VoidForge's own headers)
+    header {
+        Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+    }
+}
+CADDY
+sudo systemctl reload caddy
+# 7. Start VoidForge
+echo "[7/7] Starting VoidForge..."
+cd "$VOIDFORGE_DIR"
+pm2 delete voidforge 2>/dev/null || true
+pm2 start "npx tsx scripts/voidforge.ts init --remote" --name voidforge --cwd "$VOIDFORGE_DIR"
+pm2 save
+echo ""
+echo "═══════════════════════════════════════════"
+echo "  VoidForge deployed!"
+echo "═══════════════════════════════════════════"
+echo "  URL: https://${config.domain}"
+echo ""
+echo "  Open the URL above to create your admin"
+echo "  account (username + password + TOTP 2FA)."
+echo "═══════════════════════════════════════════"
+`;
+}
+/**
+ * Generate the Caddy config template for manual setup.
+ * Used when the user wants to configure Caddy themselves.
+ */
+export function generateCaddyTemplate(domain) {
+    return `# VoidForge Avengers Tower Remote — Caddy Configuration
+# Save to /etc/caddy/Caddyfile and run: sudo systemctl reload caddy
+${domain} {
+    # Optional: IP allowlist (uncomment and set your IPs)
+    # @blocked not remote_ip <your-ip>/32 <vpn-cidr>/24
+    # respond @blocked 403
+    # Rate limiting on login (requires caddy-ratelimit plugin)
+    # rate_limit {
+    #     zone forge_login {
+    #         key {remote_host}
+    #         events 5
+    #         window 1m
+    #     }
+    # }
+    # WebSocket upgrade for terminal connections
+    @ws {
+        path /ws/terminal
+        header Connection *Upgrade*
+        header Upgrade websocket
+    }
+    handle @ws {
+        reverse_proxy localhost:3141
+    }
+    # All other traffic
+    reverse_proxy localhost:3141
+    # HSTS (Caddy auto-provisions TLS certificates)
+    header {
+        Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+    }
+}
+`;
+}

package/dist/wizard/lib/provisioners/static-s3.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Static S3 provisioner — creates real S3 bucket configured for static hosting + deploy script.
+ * Reuses the same AWS credentials as the VPS provisioner.
+ */
+import type { Provisioner } from './types.js';
+export declare const staticS3Provisioner: Provisioner;

package/dist/wizard/lib/provisioners/static-s3.js ADDED Viewed

@@ -0,0 +1,235 @@
+/**
+ * Static S3 provisioner — creates real S3 bucket configured for static hosting + deploy script.
+ * Reuses the same AWS credentials as the VPS provisioner.
+ */
+import { writeFile, mkdir } from 'node:fs/promises';
+import { join } from 'node:path';
+import { recordResourcePending, recordResourceCreated } from '../provision-manifest.js';
+import { slugify } from './http-client.js';
+import { appendEnvSection } from '../env-writer.js';
+export const staticS3Provisioner = {
+    async validate(ctx) {
+        const errors = [];
+        if (!ctx.projectDir)
+            errors.push('Project directory is required');
+        if (!ctx.credentials['aws-access-key-id'])
+            errors.push('AWS Access Key ID is required');
+        if (!ctx.credentials['aws-secret-access-key'])
+            errors.push('AWS Secret Access Key is required');
+        return errors;
+    },
+    async provision(ctx, emit) {
+        const files = [];
+        const resources = [];
+        const outputs = {};
+        const region = ctx.credentials['aws-region'] || 'us-east-1';
+        const slug = slugify(ctx.projectName);
+        const bucketName = `${slug}-site`;
+        // Dynamic import of AWS SDK
+        let S3Client;
+        let s3Commands;
+        let STSClient;
+        let GetCallerIdentityCommand;
+        try {
+            const s3Mod = await import('@aws-sdk/client-s3');
+            const stsMod = await import('@aws-sdk/client-sts');
+            S3Client = s3Mod.S3Client;
+            s3Commands = s3Mod;
+            STSClient = stsMod.STSClient;
+            GetCallerIdentityCommand = stsMod.GetCallerIdentityCommand;
+        }
+        catch {
+            return {
+                success: false, resources, outputs, files,
+                error: 'AWS SDK not installed. Run: npm install @aws-sdk/client-s3 @aws-sdk/client-sts',
+            };
+        }
+        const awsConfig = {
+            region,
+            credentials: {
+                accessKeyId: ctx.credentials['aws-access-key-id'],
+                secretAccessKey: ctx.credentials['aws-secret-access-key'],
+            },
+        };
+        const s3 = new S3Client(awsConfig);
+        const sts = new STSClient(awsConfig);
+        // Step 1: Validate credentials
+        emit({ step: 'validate-creds', status: 'started', message: 'Validating AWS credentials' });
+        try {
+            const identity = await sts.send(new GetCallerIdentityCommand({}));
+            emit({ step: 'validate-creds', status: 'done', message: `Authenticated as ${identity.Arn}` });
+        }
+        catch (err) {
+            emit({ step: 'validate-creds', status: 'error', message: 'Invalid AWS credentials', detail: err.message });
+            return { success: false, resources, outputs, files, error: 'AWS credential validation failed' };
+        }
+        // Step 2: Create S3 bucket
+        emit({ step: 's3-bucket', status: 'started', message: `Creating S3 bucket "${bucketName}"` });
+        try {
+            await recordResourcePending(ctx.runId, 's3-bucket', bucketName, region);
+            // us-east-1 doesn't accept LocationConstraint
+            const createInput = { Bucket: bucketName };
+            if (region !== 'us-east-1') {
+                createInput.CreateBucketConfiguration = {
+                    LocationConstraint: region, // Cast to enum — SDK accepts any valid region string at runtime
+                };
+            }
+            await s3.send(new s3Commands.CreateBucketCommand(createInput));
+            resources.push({ type: 's3-bucket', id: bucketName, region });
+            await recordResourceCreated(ctx.runId, 's3-bucket', bucketName, region);
+            emit({ step: 's3-bucket', status: 'done', message: `Bucket "${bucketName}" created` });
+        }
+        catch (err) {
+            const msg = err.message || '';
+            if (msg.includes('BucketAlreadyOwnedByYou')) {
+                emit({ step: 's3-bucket', status: 'done', message: `Bucket "${bucketName}" already exists — using it` });
+                resources.push({ type: 's3-bucket', id: bucketName, region });
+                await recordResourceCreated(ctx.runId, 's3-bucket', bucketName, region);
+            }
+            else if (msg.includes('BucketAlreadyExists')) {
+                emit({ step: 's3-bucket', status: 'error', message: `Bucket name "${bucketName}" is taken by another AWS account`, detail: 'Use a more unique project name to generate a different bucket name' });
+                return { success: false, resources, outputs, files, error: `S3 bucket name "${bucketName}" is globally taken` };
+            }
+            else {
+                emit({ step: 's3-bucket', status: 'error', message: 'Failed to create S3 bucket', detail: msg });
+                return { success: false, resources, outputs, files, error: msg };
+            }
+        }
+        // Step 3: Configure bucket for static website hosting
+        emit({ step: 's3-website', status: 'started', message: 'Configuring static website hosting' });
+        try {
+            await s3.send(new s3Commands.PutBucketWebsiteCommand({
+                Bucket: bucketName,
+                WebsiteConfiguration: {
+                    IndexDocument: { Suffix: 'index.html' },
+                    ErrorDocument: { Key: 'index.html' }, // SPA fallback
+                },
+            }));
+            // Set public access policy
+            await s3.send(new s3Commands.DeletePublicAccessBlockCommand({ Bucket: bucketName }));
+            await s3.send(new s3Commands.PutBucketPolicyCommand({
+                Bucket: bucketName,
+                Policy: JSON.stringify({
+                    Version: '2012-10-17',
+                    Statement: [{
+                            Sid: 'PublicReadGetObject',
+                            Effect: 'Allow',
+                            Principal: '*',
+                            Action: 's3:GetObject',
+                            Resource: `arn:aws:s3:::${bucketName}/*`,
+                        }],
+                }),
+            }));
+            const websiteUrl = region === 'us-east-1'
+                ? `http://${bucketName}.s3-website-${region}.amazonaws.com`
+                : `http://${bucketName}.s3-website.${region}.amazonaws.com`;
+            outputs['S3_BUCKET'] = bucketName;
+            outputs['S3_WEBSITE_URL'] = websiteUrl;
+            emit({ step: 's3-website', status: 'done', message: `Static hosting enabled — ${websiteUrl}` });
+        }
+        catch (err) {
+            emit({ step: 's3-website', status: 'error', message: 'Failed to configure website hosting', detail: err.message });
+            // Non-fatal — bucket exists, user can configure manually
+        }
+        // Step 4: Generate deploy script
+        emit({ step: 's3-script', status: 'started', message: 'Generating deploy script' });
+        try {
+            const infraDir = join(ctx.projectDir, 'infra');
+            await mkdir(infraDir, { recursive: true });
+            const deployScript = `#!/usr/bin/env bash
+# deploy-s3.sh — Deploy static site to S3
+# Generated by VoidForge
+set -euo pipefail
+BUCKET="\${S3_BUCKET:-${bucketName}}"
+BUILD_DIR="\${BUILD_DIR:-dist}"
+echo "=== Deploying to S3 bucket: $BUCKET ==="
+# Sync build output to S3
+aws s3 sync "$BUILD_DIR" "s3://$BUCKET" \\
+  --delete \\
+  --cache-control "public, max-age=31536000, immutable" \\
+  --exclude "*.html" \\
+  --exclude "sw.js" \\
+  --exclude "manifest.json"
+# HTML and service worker files with short cache
+aws s3 sync "$BUILD_DIR" "s3://$BUCKET" \\
+  --cache-control "public, max-age=0, must-revalidate" \\
+  --exclude '*' \\
+  --include "*.html" \\
+  --include "sw.js" \\
+  --include "manifest.json"
+echo ""
+echo "=== Deploy complete ==="
+echo "Site: ${outputs['S3_WEBSITE_URL'] || `http://$BUCKET.s3-website.amazonaws.com`}"
+`;
+            await writeFile(join(infraDir, 'deploy-s3.sh'), deployScript, { mode: 0o755 });
+            files.push('infra/deploy-s3.sh');
+            emit({ step: 's3-script', status: 'done', message: 'Generated infra/deploy-s3.sh' });
+        }
+        catch (err) {
+            emit({ step: 's3-script', status: 'error', message: 'Failed to generate deploy script', detail: err.message });
+        }
+        // Step 5: Write .env
+        emit({ step: 's3-env', status: 'started', message: 'Writing S3 config to .env' });
+        try {
+            const envLines = [
+                `# VoidForge Static S3 — generated ${new Date().toISOString()}`,
+                `S3_BUCKET=${bucketName}`,
+            ];
+            if (outputs['S3_WEBSITE_URL'])
+                envLines.push(`S3_WEBSITE_URL=${outputs['S3_WEBSITE_URL']}`);
+            envLines.push('# Deploy with: ./infra/deploy-s3.sh (or auto-deploys via Haku wizard)');
+            await appendEnvSection(ctx.projectDir, envLines);
+            emit({ step: 's3-env', status: 'done', message: 'S3 config written to .env' });
+        }
+        catch (err) {
+            emit({ step: 's3-env', status: 'error', message: 'Failed to write .env', detail: err.message });
+        }
+        return { success: true, resources, outputs, files };
+    },
+    async cleanup(resources, credentials) {
+        if (resources.length === 0)
+            return;
+        const region = resources[0].region;
+        const awsConfig = {
+            region,
+            credentials: {
+                accessKeyId: credentials['aws-access-key-id'] ?? '',
+                secretAccessKey: credentials['aws-secret-access-key'] ?? '',
+            },
+        };
+        for (const resource of [...resources].reverse()) {
+            if (resource.type === 's3-bucket') {
+                try {
+                    const { S3Client, DeleteBucketCommand, ListObjectsV2Command, DeleteObjectsCommand } = await import('@aws-sdk/client-s3');
+                    const s3 = new S3Client(awsConfig);
+                    // Must empty bucket before deleting — paginate to handle >1000 objects
+                    let continuationToken;
+                    do {
+                        const listRes = await s3.send(new ListObjectsV2Command({
+                            Bucket: resource.id,
+                            ContinuationToken: continuationToken,
+                        }));
+                        if (listRes.Contents && listRes.Contents.length > 0) {
+                            await s3.send(new DeleteObjectsCommand({
+                                Bucket: resource.id,
+                                Delete: {
+                                    Objects: listRes.Contents.map((obj) => ({ Key: obj.Key })),
+                                },
+                            }));
+                        }
+                        continuationToken = listRes.IsTruncated ? listRes.NextContinuationToken : undefined;
+                    } while (continuationToken);
+                    await s3.send(new DeleteBucketCommand({ Bucket: resource.id }));
+                }
+                catch (err) {
+                    console.error(`Failed to cleanup S3 bucket ${resource.id}:`, err.message);
+                }
+            }
+        }
+    },
+};

package/dist/wizard/lib/provisioners/types.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+/**
+ * Provisioner interfaces — shared across all deploy targets.
+ */
+export interface ProvisionContext {
+    runId: string;
+    projectDir: string;
+    projectName: string;
+    deployTarget: string;
+    framework: string;
+    database: string;
+    cache: string;
+    instanceType: string;
+    hostname: string;
+    credentials: Record<string, string>;
+    abortSignal?: AbortSignal;
+}
+export interface ProvisionEvent {
+    step: string;
+    status: 'started' | 'done' | 'error' | 'skipped' | 'warning';
+    message: string;
+    detail?: string;
+}
+export type ProvisionEmitter = (event: ProvisionEvent) => void;
+export interface CreatedResource {
+    type: string;
+    id: string;
+    region: string;
+}
+export interface ProvisionResult {
+    success: boolean;
+    resources: CreatedResource[];
+    outputs: Record<string, string>;
+    files: string[];
+    error?: string;
+}
+export interface Provisioner {
+    validate(ctx: ProvisionContext): Promise<string[]>;
+    provision(ctx: ProvisionContext, emit: ProvisionEmitter): Promise<ProvisionResult>;
+    cleanup(resources: CreatedResource[], credentials: Record<string, string>): Promise<void>;
+}

package/dist/wizard/lib/provisioners/types.js ADDED Viewed

@@ -0,0 +1,4 @@
+/**
+ * Provisioner interfaces — shared across all deploy targets.
+ */
+export {};

package/dist/wizard/lib/provisioners/vercel.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Vercel provisioner — creates a real Vercel project via API + generates vercel.json.
+ * v3.8.0: Links GitHub repo, sets env vars, polls deploy (ADR-015).
+ */
+import type { Provisioner } from './types.js';
+export declare const vercelProvisioner: Provisioner;