underpost 3.2.9 → 3.2.11

package/bin/build.js

@@ -69,6 +69,7 @@ if (process.argv.includes('conf')) {
         ` && underpost push . ${privateGitUri}`,
       {
         silent: true,
+        silentOnError: true,
       },
     );
   }
@@ -163,27 +164,45 @@ const { DefaultConf } = await import(`../conf.${confName}.js`);
         `./.github/workflows/publish.cyberia.ci.yml`,
         `${basePath}/.github/workflows/publish.cyberia.ci.yml`,
       );
-      delete packageJson.bin.underpost;
+      if (packageJson.bin) delete packageJson.bin.underpost;
+      if (!packageJson.bin) packageJson.bin = {};
       packageJson.bin.cyberia = 'bin/index.js';
       packageJson.keywords = [
         'cyberia',
+        'cyberia-cli',
+        'engine-cyberia',
+        'sidecar',
+        'data-layer',
+        'engine-cyberia',
         'object-layer',
-        'game-engine',
-        'assets-management',
-        'web3',
         'atlas-sprite-sheet',
+        'ipfs',
+        'erc-1155',
+        'object-layer-token',
+        'hardhat',
+        'hyperledger-besu',
+        'blockchain',
+        'web3',
+        'underpost-platform',
+        'mmorpg',
       ];
-      packageJson.description = 'Cyberia Engine - Object Layer and Assets Management Microservice';
-      const { CyberiaDependencies } = await import(`../src/client/components/cyberia-portal/CommonCyberiaPortal.js`);
+      packageJson.description =
+        'Cyberia CLI — toolchain for the Cyberia MMO data layer, content pipeline, persistence, gRPC services, and ERC-1155 lifecycle on Hyperledger Besu.';
+      const { CyberiaDependencies } = await import(`../src/api/cyberia-server-defaults/cyberia-server-defaults.js`);
       packageJson.dependencies = {
         ...originPackageJson.dependencies,
         ...CyberiaDependencies,
       };
       fs.writeFileSync(`${basePath}/bin/index.js`, fs.readFileSync(`./bin/cyberia.js`, 'utf8'), 'utf8');
+      fs.writeFileSync(
+        `${basePath}/README.md`,
+        fs.readFileSync(`./src/client/public/cyberia-docs/CYBERIA-CLI.md`, 'utf8'),
+        'utf8',
+      );
       fs.copySync(`./hardhat`, `${basePath}/hardhat`);
       for (const path of [
         '/src/grpc/cyberia',
-        '/src/client/ssr/pages/CyberiaServerMetrics.js',
+        '/src/client/ssr/views/CyberiaServerMetrics.js',
         '/src/server/object-layer.js',
         '/src/server/atlas-sprite-sheet-generator.js',
         '/src/server/shape-generator.js',
@@ -197,6 +216,7 @@ const { DefaultConf } = await import(`../conf.${confName}.js`);
         '/src/runtime/cyberia-client',
         '/.github/workflows/hardhat.ci.yml',
         '/src/client/public/cyberia-docs',
+        '/src/api/cyberia-server-defaults',
       ])
         fs.copySync(`.${path}`, `${basePath}${path}`);
 

package/bin/build.template.js

@@ -0,0 +1,187 @@
+import fs from 'fs-extra';
+
+import { loggerFactory } from '../src/server/logger.js';
+import { getDirname, newInstance, uniqueArray } from '../src/client/components/core/CommonJs.js';
+import { shellExec } from '../src/server/process.js';
+import walk from 'ignore-walk';
+import { validateTemplatePath } from '../src/server/conf.js';
+import dotenv from 'dotenv';
+
+const logger = loggerFactory(import.meta);
+
+if (fs.existsSync('./engine-private/conf/dd-cron/.env.production'))
+  dotenv.config({
+    path: `./engine-private/conf/dd-cron/.env.production`,
+    override: true,
+  });
+else dotenv.config();
+
+// Engine-only paths stripped from the template after the source sync.
+const TEMPLATE_DELETE_PATHS = [
+  './.github',
+  './manifests/deployment/dd-lampp-development',
+  './manifests/deployment/dd-cyberia-development',
+  './manifests/deployment/dd-core-development',
+  './manifests/deployment/dd-template-development',
+  './src/server/object-layer.js',
+  './src/server/atlas-sprite-sheet-generator.js',
+  './src/server/shape-generator.js',
+  './src/server/semantic-layer-generator.js',
+  './src/server/semantic-layer-generator-floor.js',
+  './src/server/semantic-layer-generator-skin.js',
+  './src/server/semantic-layer-generator-resource.js',
+  './src/server/besu-genesis-generator.js',
+  './src/grpc/cyberia',
+  './src/runtime/cyberia-server',
+  './src/runtime/cyberia-client',
+  './test/shape-generator.test.js',
+  './src/client/public/cyberia-docs',
+  'bin/cyberia.js',
+  './hardhat',
+];
+
+// Workflow + service files re-added to the template after the engine-only strip above.
+const TEMPLATE_RESTORE_PATHS = [
+  `./.github/workflows/pwa-microservices-template-page.cd.yml`,
+  `./.github/workflows/pwa-microservices-template-test.ci.yml`,
+  `./.github/workflows/npmpkg.ci.yml`,
+  `./.github/workflows/ghpkg.ci.yml`,
+  `./.github/workflows/gitlab.ci.yml`,
+  `./.github/workflows/publish.ci.yml`,
+  `./.github/workflows/release.cd.yml`,
+  `./src/client/services/user/guest.service.js`,
+  './src/api/user/guest.service.js',
+  './src/ws/IoInterface.js',
+  './src/ws/IoServer.js',
+];
+
+const TEMPLATE_KEYWORDS = [
+  'underpost',
+  'underpost-platform',
+  'cli',
+  'toolchain',
+  'ci-cd',
+  'devops',
+  'kubernetes',
+  'k3s',
+  'kubeadm',
+  'lxd',
+  'bare-metal',
+  'container-orchestration',
+  'image-management',
+  'pwa',
+  'workbox',
+  'microservices',
+];
+
+const TEMPLATE_DESCRIPTION =
+  'Underpost Platform — end-to-end CI/CD and application-delivery toolchain CLI. Covers bare metal, Kubernetes, K3s, kubeadm, LXD, container/image orchestration, secrets, databases, cron jobs, monitoring, SSH, runners, PWA + Workbox delivery, and release orchestration. Extensible via downstream CLIs.';
+
+/**
+ * Builds the pwa-microservices-template from scratch out of the current engine source tree.
+ *
+ * Clones (or resets) the template repo next to the engine, syncs every engine-tracked file the
+ * template is allowed to carry (validateTemplatePath), strips engine-only modules, restores the
+ * template's own CI workflows + guest services, and rewrites package.json / package-lock.json /
+ * README so the template is a standalone, installable project.
+ *
+ * Usage: node bin/build.template [srcPath=./] [toPath=../pwa-microservices-template]
+ */
+const srcPath = (process.argv[2] ?? './').replaceAll(`'`, '');
+const toPath = (process.argv[3] ?? '../pwa-microservices-template').replaceAll(`'`, '');
+const githubUsername = process.env.GITHUB_USERNAME;
+
+logger.info('Build template', { srcPath, toPath });
+
+try {
+  const sourceFiles = (
+    await new Promise((resolve) =>
+      walk(
+        {
+          path: srcPath,
+          ignoreFiles: [`.gitignore`],
+          includeEmpty: false,
+          follow: false,
+        },
+        (...args) => resolve(args[1]),
+      ),
+    )
+  ).filter((p) => !p.startsWith('.git'));
+
+  // Clone the template from 0 if missing; otherwise reset it to a clean pristine checkout.
+  if (!fs.existsSync(toPath)) {
+    shellExec(`cd .. && node engine/bin clone ${githubUsername}/pwa-microservices-template`);
+  } else {
+    shellExec(`cd ${toPath} && git reset && git checkout . && git clean -f -d`);
+    shellExec(`node bin pull ${toPath} ${githubUsername}/pwa-microservices-template`);
+    shellExec(`sudo rm -rf ${toPath}/engine-private`);
+    shellExec(`sudo rm -rf ${toPath}/logs`);
+  }
+  shellExec(`cd ${toPath} && git config core.filemode false`);
+
+  for (const copyPath of sourceFiles) {
+    if (copyPath === 'NaN') continue;
+    const absolutePath = `${srcPath}/${copyPath}`;
+    if (!validateTemplatePath(absolutePath)) continue;
+
+    const folder = getDirname(`${toPath}/${copyPath}`);
+    if (!fs.existsSync(folder)) fs.mkdirSync(folder, { recursive: true });
+
+    logger.info('build', `${toPath}/${copyPath}`);
+    fs.copyFileSync(absolutePath, `${toPath}/${copyPath}`);
+  }
+
+  fs.copySync(`./.vscode`, `${toPath}/.vscode`);
+  fs.copySync(`./src/client/public/default`, `${toPath}/src/client/public/default`);
+
+  // Preserve the template's own README + package.json identity before merging engine metadata.
+  for (const checkoutPath of ['README.md', 'package.json']) shellExec(`cd ${toPath} && git checkout ${checkoutPath}`);
+
+  for (const deletePath of TEMPLATE_DELETE_PATHS) {
+    const target = `${toPath}/${deletePath}`;
+    if (fs.existsSync(target)) fs.removeSync(target);
+  }
+
+  fs.mkdirSync(`${toPath}/.github/workflows`, { recursive: true });
+  for (const restorePath of TEMPLATE_RESTORE_PATHS) fs.copyFileSync(restorePath, `${toPath}/${restorePath}`);
+
+  // ── package.json: take engine deps/scripts/version, keep template identity. ──
+  const originPackageJson = JSON.parse(fs.readFileSync('./package.json', 'utf8'));
+  const templatePackageJson = JSON.parse(fs.readFileSync(`${toPath}/package.json`, 'utf8'));
+  const templateName = templatePackageJson.name;
+
+  templatePackageJson.dependencies = originPackageJson.dependencies;
+  templatePackageJson.devDependencies = originPackageJson.devDependencies;
+  templatePackageJson.version = originPackageJson.version;
+  templatePackageJson.scripts = originPackageJson.scripts;
+  templatePackageJson.overrides = originPackageJson.overrides;
+  templatePackageJson.name = templateName;
+  templatePackageJson.description = TEMPLATE_DESCRIPTION;
+  templatePackageJson.keywords = uniqueArray(TEMPLATE_KEYWORDS.concat(templatePackageJson.keywords || []));
+  delete templatePackageJson.scripts['update:template'];
+  fs.writeFileSync(`${toPath}/package.json`, JSON.stringify(templatePackageJson, null, 4), 'utf8');
+
+  // ── package-lock.json: mirror engine packages, keep template name/version on the root entry. ──
+  const originPackageLockJson = JSON.parse(fs.readFileSync('./package-lock.json', 'utf8'));
+  const templatePackageLockJson = JSON.parse(fs.readFileSync(`${toPath}/package-lock.json`, 'utf8'));
+  const originBasePackageLock = newInstance(templatePackageLockJson.packages['']);
+  templatePackageLockJson.name = templateName;
+  templatePackageLockJson.version = originPackageLockJson.version;
+  templatePackageLockJson.packages = originPackageLockJson.packages;
+  templatePackageLockJson.packages[''].name = templateName;
+  templatePackageLockJson.packages[''].version = originPackageLockJson.version;
+  templatePackageLockJson.packages[''].hasInstallScript = originBasePackageLock.hasInstallScript;
+  templatePackageLockJson.packages[''].license = originBasePackageLock.license;
+  fs.writeFileSync(`${toPath}/package-lock.json`, JSON.stringify(templatePackageLockJson, null, 4), 'utf8');
+
+  fs.writeFileSync(
+    `${toPath}/README.md`,
+    fs
+      .readFileSync('./README.md', 'utf8')
+      .replace('<!-- template-title -->', '#### Base template for pwa/api-rest projects.'),
+    'utf8',
+  );
+} catch (error) {
+  logger.error(error, error.stack);
+  process.exit(1);
+}

package/bin/deploy.js

@@ -714,7 +714,7 @@ nvidia/gpu-operator \
     }
 
     case 'cyberia': {
-      const { CyberiaDependencies } = await import(`../src/client/components/cyberia-portal/CommonCyberiaPortal.js`);
+      const { CyberiaDependencies } = await import(`../src/api/cyberia-server-defaults/cyberia-server-defaults.js`);
       for (const dep of Object.keys(CyberiaDependencies)) {
         const ver = CyberiaDependencies[dep];
         shellExec(`npm install ${dep}@${ver}`);
@@ -823,7 +823,7 @@ nvidia/gpu-operator \
 
       // Delete merged local and remote branches
       for (const { branch, isAlreadyMerged } of mergedBranches) {
-        shellExec(`git branch -D ${branch}`, { silent: true });
+        shellExec(`git branch -D ${branch}`, { silent: true, silentOnError: true });
         // logger.info(`Deleting remote branch: ${branch}${isAlreadyMerged ? ' (already merged)' : ''}`);
         // shellExec(`git push https://${process.env.GITHUB_TOKEN}@github.com/${gitUri}.git --delete ${branch}`, {
         //   disableLog: true,
@@ -1528,6 +1528,16 @@ nvidia/gpu-operator \
 
       break;
     }
+
+    case 'k3s-template-env': {
+      if (fs.existsSync('./engine-private/conf/dd-default')) {
+        console.log('Cleaning up existing dd-default config for VM template environment setup');
+        fs.removeSync('./engine-private/conf/dd-default');
+      }
+      shellExec(`node bin env clean`);
+      shellExec(`sed -i "s/127.0.0.1/$(underpost ip --dhcp)/g" .env.example`);
+      break;
+    }
   }
 } catch (error) {
   logger.error(error, error.stack);

package/bin/index.js

@@ -9,4 +9,5 @@ try {
   program.parse();
 } catch (error) {
   logger.error(error);
-}
+  process.exit(1);
+}

package/bump.config.js

@@ -0,0 +1,26 @@
+/**
+ * bumpp configuration for the Underpost engine.
+ *
+ * Owns the *canonical* version-bearing files (anything that exposes a literal `version` field
+ * bumpp can detect natively). Non-canonical files — image tags in workflows, README badges,
+ * doc strings, deployment.yaml image refs — are handled by the custom regex walker in
+ * src/cli/release.js (VERSION_BUMP_TARGETS), because bumpp only rewrites `version`-shaped lines.
+ *
+ * release.js drives bumpp programmatically (versionBump from 'bumpp') with commit/tag/push
+ * disabled, since the engine release flow stages and commits separately via `node bin cmt`.
+ *
+ * @see https://github.com/antfu/bumpp
+ */
+export default {
+  files: [
+    'package.json',
+    'package-lock.json',
+    // engine-private confs are git-ignored and visited only if present at bump time.
+    'engine-private/conf/**/package.json',
+  ],
+  commit: false,
+  tag: false,
+  push: false,
+  confirm: false,
+  recursive: false,
+};

package/conf.js

@@ -168,11 +168,25 @@ const DefaultConf = /**/ {
       head: ['Seo', 'Pwa', 'Css', 'DefaultScripts', 'Production'],
       body: ['CacheControl', 'DefaultSplashScreen', '404', '500', 'SwaggerDarkMode'],
       mailer: { userVerifyEmail: 'DefaultVerifyEmail', userRecoverEmail: 'DefaultRecoverEmail' },
-      offline: [
-        { path: '/offline', title: 'No Network Connection', client: 'NoNetworkConnection', head: [], body: [] },
-        { path: '/maintenance', title: 'Server Maintenance', client: 'Maintenance', head: [], body: [] },
+      views: [
+        {
+          path: '/offline',
+          title: 'No Network Connection',
+          client: 'NoNetworkConnection',
+          head: [],
+          body: [],
+          offlineDefault: true,
+        },
+        {
+          path: '/maintenance',
+          title: 'Server Maintenance',
+          client: 'Maintenance',
+          head: [],
+          body: [],
+          maintenanceDefault: true,
+        },
+        { path: '/test', title: 'Test', client: 'Test', head: [], body: [] },
       ],
-      pages: [{ path: '/test', title: 'Test', client: 'Test', head: [], body: [] }],
     },
   },
   server: {
@@ -187,10 +201,9 @@ const DefaultConf = /**/ {
         proxy: [80, 443],
         db: {
           provider: 'env:DB_PROVIDER:mongoose',
-          host: 'env:DB_HOST:mongodb://127.0.0.1:27017',
+          host: 'env:DB_HOST:mongodb://mongodb-0.mongodb-service:27017',
           name: 'env:DB_NAME:default',
-          user: 'env:DB_USER:',
-          password: 'env:DB_PASSWORD:',
+          replicaSet: 'env:DB_REPLICA_SET:rs0',
         },
         mailer: {
           sender: {

package/manifests/cronjobs/dd-cron/dd-cron-backup.yaml

@@ -23,7 +23,7 @@ spec:
         spec:
           containers:
             - name: dd-cron-backup
-              image: underpost/underpost-engine:v3.2.9
+              image: underpost/underpost-engine:v3.2.11
               command:
                 - /bin/sh
                 - -c

package/manifests/cronjobs/dd-cron/dd-cron-dns.yaml

@@ -23,7 +23,7 @@ spec:
         spec:
           containers:
             - name: dd-cron-dns
-              image: underpost/underpost-engine:v3.2.9
+              image: underpost/underpost-engine:v3.2.11
               command:
                 - /bin/sh
                 - -c

package/manifests/deployment/dd-default-development/deployment.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: dd-default-development-blue
-          image: underpost/underpost-engine:v3.2.9
+          image: underpost/underpost-engine:v3.2.11
           #          resources:
           #            requests:
           #              memory: "124Ki"
@@ -98,7 +98,7 @@ spec:
     spec:
       containers:
         - name: dd-default-development-green
-          image: underpost/underpost-engine:v3.2.9
+          image: underpost/underpost-engine:v3.2.11
           #          resources:
           #            requests:
           #              memory: "124Ki"

package/manifests/deployment/dd-test-development/deployment.yaml

@@ -20,7 +20,7 @@ spec:
     spec:
       containers:
         - name: dd-test-development-blue
-          image: underpost/underpost-engine:v3.2.9
+          image: underpost/underpost-engine:v3.2.11
           imagePullPolicy: IfNotPresent
           envFrom:
             - secretRef:
@@ -34,6 +34,7 @@ spec:
               underpost start --build --run dd-test development
 
 
+
 ---
 apiVersion: v1
 kind: Service
@@ -147,7 +148,7 @@ spec:
     spec:
       containers:
         - name: dd-test-development-green
-          image: underpost/underpost-engine:v3.2.9
+          image: underpost/underpost-engine:v3.2.11
           imagePullPolicy: IfNotPresent
           envFrom:
             - secretRef:
@@ -161,6 +162,7 @@ spec:
               underpost start --build --run dd-test development
 
 
+
 ---
 apiVersion: v1
 kind: Service

package/manifests/kind-config-dev.yaml

@@ -1,8 +1,16 @@
 kind: Cluster
 apiVersion: kind.x-k8s.io/v1alpha4
+networking:
+  ipFamily: ipv4
 nodes:
   - role: control-plane
+    extraMounts:
+      - hostPath: /data/mongodb
+        containerPath: /data/mongodb
   - role: worker
+    extraMounts:
+      - hostPath: /data/mongodb
+        containerPath: /data/mongodb
     # extraPortMappings:
     # - containerPort: 80
     #   hostPort: 80

package/manifests/lxd/lxd-admin-profile.yaml

@@ -1,13 +1,22 @@
 config:
-  limits.cpu: "2"
+  limits.cpu: '2'
   limits.memory: 4GB
-description: vm nat network
+  # Host-safety hardening:
+  #   boot.autostart=false  → the LXD daemon will NOT start any VM created with
+  #     this profile when the host boots. The user explicitly brings VMs up
+  #     after the host is verified healthy. Prevents a broken VM from blocking
+  #     boot via snap.lxd.daemon.
+  #   boot.host_shutdown_timeout=60 → bound the time the daemon waits for this
+  #     VM to stop when the host is going down. Prevents an unresponsive VM
+  #     from holding the host in an indefinite shutdown.
+  boot.autostart: 'false'
+  boot.host_shutdown_timeout: '60'
+description: vm nat network (host-safe defaults)
 devices:
   eth0:
     name: eth0
     network: lxdbr0
     type: nic
-    ipv4.address: 10.250.250.100
   root:
     path: /
     pool: local # lxc storage list

package/manifests/mongodb/pv-pvc.yaml

@@ -1,23 +1,59 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: mongodb-pv
+  name: mongodb-pv-0
+  labels:
+    app: mongodb
 spec:
   capacity:
     storage: 5Gi
   accessModes:
     - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: mongodb-storage-class
+  claimRef:
+    namespace: default
+    name: mongodb-storage-mongodb-0
   hostPath:
-    path: /data/mongodb
+    path: /data/mongodb/v0
+    type: DirectoryOrCreate
 ---
 apiVersion: v1
-kind: PersistentVolumeClaim
+kind: PersistentVolume
+metadata:
+  name: mongodb-pv-1
+  labels:
+    app: mongodb
+spec:
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: mongodb-storage-class
+  claimRef:
+    namespace: default
+    name: mongodb-storage-mongodb-1
+  hostPath:
+    path: /data/mongodb/v1
+    type: DirectoryOrCreate
+---
+apiVersion: v1
+kind: PersistentVolume
 metadata:
-  name: mongodb-pvc
+  name: mongodb-pv-2
+  labels:
+    app: mongodb
 spec:
-  storageClassName: ''
+  capacity:
+    storage: 5Gi
   accessModes:
     - ReadWriteOnce
-  resources:
-    requests:
-      storage: 5Gi
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: mongodb-storage-class
+  claimRef:
+    namespace: default
+    name: mongodb-storage-mongodb-2
+  hostPath:
+    path: /data/mongodb/v2
+    type: DirectoryOrCreate