RubyGems - nvoi - Versions diffs - 0.1.5 → 0.1.7 - Mend

nvoi 0.1.5 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (156) hide show

checksums.yaml +4 -4
data/.claude/todo/refactor/00-overview.md +171 -0
data/.claude/todo/refactor/01-objects.md +96 -0
data/.claude/todo/refactor/02-utils.md +143 -0
data/.claude/todo/refactor/03-external-cloud.md +164 -0
data/.claude/todo/refactor/04-external-dns.md +104 -0
data/.claude/todo/refactor/05-external.md +133 -0
data/.claude/todo/refactor/06-cli.md +123 -0
data/.claude/todo/refactor/07-cli-deploy-command.md +177 -0
data/.claude/todo/refactor/08-cli-deploy-steps.md +201 -0
data/.claude/todo/refactor/09-cli-delete-command.md +169 -0
data/.claude/todo/refactor/10-cli-exec-command.md +157 -0
data/.claude/todo/refactor/11-cli-credentials-command.md +190 -0
data/.claude/todo/refactor/12-cli-db-command.md +128 -0
data/.claude/todo/refactor/_target.md +79 -0
data/.claude/todo/refactor-execution/00-entrypoint.md +49 -0
data/.claude/todo/refactor-execution/01-objects.md +42 -0
data/.claude/todo/refactor-execution/02-utils.md +41 -0
data/.claude/todo/refactor-execution/03-external-cloud.md +38 -0
data/.claude/todo/refactor-execution/04-external-dns.md +35 -0
data/.claude/todo/refactor-execution/05-external-other.md +46 -0
data/.claude/todo/refactor-execution/06-cli-deploy.md +45 -0
data/.claude/todo/refactor-execution/07-cli-delete.md +43 -0
data/.claude/todo/refactor-execution/08-cli-exec.md +30 -0
data/.claude/todo/refactor-execution/09-cli-credentials.md +34 -0
data/.claude/todo/refactor-execution/10-cli-db.md +31 -0
data/.claude/todo/refactor-execution/11-cli-router.md +44 -0
data/.claude/todo/refactor-execution/12-cleanup.md +120 -0
data/.claude/todo/refactor-execution/_monitoring-strategy.md +126 -0
data/.claude/todo/scaleway.impl.md +644 -0
data/.claude/todo/scaleway.reference.md +520 -0
data/.claude/todos.md +550 -0
data/Gemfile +6 -0
data/Gemfile.lock +46 -5
data/Rakefile +1 -1
data/doc/config-schema.yaml +44 -11
data/examples/golang/deploy.enc +0 -0
data/examples/golang/main.go +18 -0
data/exe/nvoi +3 -1
data/ingest +0 -0
data/lib/nvoi/cli/config/command.rb +219 -0
data/lib/nvoi/cli/credentials/edit/command.rb +384 -0
data/lib/nvoi/cli/credentials/show/command.rb +35 -0
data/lib/nvoi/cli/db/command.rb +308 -0
data/lib/nvoi/cli/delete/command.rb +75 -0
data/lib/nvoi/cli/delete/steps/detach_volumes.rb +98 -0
data/lib/nvoi/cli/delete/steps/teardown_dns.rb +50 -0
data/lib/nvoi/cli/delete/steps/teardown_firewall.rb +46 -0
data/lib/nvoi/cli/delete/steps/teardown_network.rb +30 -0
data/lib/nvoi/cli/delete/steps/teardown_server.rb +50 -0
data/lib/nvoi/cli/delete/steps/teardown_tunnel.rb +44 -0
data/lib/nvoi/cli/delete/steps/teardown_volume.rb +61 -0
data/lib/nvoi/cli/deploy/command.rb +184 -0
data/lib/nvoi/cli/deploy/steps/build_image.rb +27 -0
data/lib/nvoi/cli/deploy/steps/cleanup_images.rb +42 -0
data/lib/nvoi/cli/deploy/steps/configure_tunnel.rb +102 -0
data/lib/nvoi/cli/deploy/steps/deploy_service.rb +399 -0
data/lib/nvoi/cli/deploy/steps/provision_network.rb +44 -0
data/lib/nvoi/cli/deploy/steps/provision_server.rb +143 -0
data/lib/nvoi/cli/deploy/steps/provision_volume.rb +171 -0
data/lib/nvoi/cli/deploy/steps/setup_k3s.rb +490 -0
data/lib/nvoi/cli/exec/command.rb +173 -0
data/lib/nvoi/cli/logs/command.rb +66 -0
data/lib/nvoi/cli/onboard/command.rb +761 -0
data/lib/nvoi/cli/unlock/command.rb +72 -0
data/lib/nvoi/cli.rb +339 -141
data/lib/nvoi/config_api/actions/app.rb +53 -0
data/lib/nvoi/config_api/actions/compute_provider.rb +55 -0
data/lib/nvoi/config_api/actions/database.rb +70 -0
data/lib/nvoi/config_api/actions/domain_provider.rb +40 -0
data/lib/nvoi/config_api/actions/env.rb +32 -0
data/lib/nvoi/config_api/actions/init.rb +67 -0
data/lib/nvoi/config_api/actions/secret.rb +32 -0
data/lib/nvoi/config_api/actions/server.rb +66 -0
data/lib/nvoi/config_api/actions/service.rb +52 -0
data/lib/nvoi/config_api/actions/volume.rb +40 -0
data/lib/nvoi/config_api/base.rb +38 -0
data/lib/nvoi/config_api/result.rb +26 -0
data/lib/nvoi/config_api.rb +93 -0
data/lib/nvoi/errors.rb +68 -50
data/lib/nvoi/external/cloud/aws.rb +450 -0
data/lib/nvoi/external/cloud/base.rb +99 -0
data/lib/nvoi/external/cloud/factory.rb +48 -0
data/lib/nvoi/external/cloud/hetzner.rb +402 -0
data/lib/nvoi/external/cloud/scaleway.rb +559 -0
data/lib/nvoi/external/cloud.rb +15 -0
data/lib/nvoi/external/containerd.rb +86 -0
data/lib/nvoi/external/database/mysql.rb +84 -0
data/lib/nvoi/external/database/postgres.rb +82 -0
data/lib/nvoi/external/database/provider.rb +65 -0
data/lib/nvoi/external/database/sqlite.rb +72 -0
data/lib/nvoi/external/database.rb +22 -0
data/lib/nvoi/external/dns/cloudflare.rb +310 -0
data/lib/nvoi/external/kubectl.rb +65 -0
data/lib/nvoi/external/ssh.rb +106 -0
data/lib/nvoi/objects/config_override.rb +60 -0
data/lib/nvoi/objects/configuration.rb +483 -0
data/lib/nvoi/objects/database.rb +56 -0
data/lib/nvoi/objects/dns.rb +14 -0
data/lib/nvoi/objects/firewall.rb +11 -0
data/lib/nvoi/objects/network.rb +11 -0
data/lib/nvoi/objects/server.rb +14 -0
data/lib/nvoi/objects/service_spec.rb +26 -0
data/lib/nvoi/objects/tunnel.rb +14 -0
data/lib/nvoi/objects/volume.rb +17 -0
data/lib/nvoi/utils/config_loader.rb +172 -0
data/lib/nvoi/utils/constants.rb +61 -0
data/lib/nvoi/{credentials/manager.rb → utils/credential_store.rb} +16 -16
data/lib/nvoi/{credentials → utils}/crypto.rb +8 -5
data/lib/nvoi/{config → utils}/env_resolver.rb +10 -2
data/lib/nvoi/utils/logger.rb +84 -0
data/lib/nvoi/{config/naming.rb → utils/namer.rb} +37 -25
data/lib/nvoi/{deployer → utils}/retry.rb +23 -3
data/lib/nvoi/utils/templates.rb +62 -0
data/lib/nvoi/version.rb +1 -1
data/lib/nvoi.rb +27 -55
data/templates/app-ingress.yaml.erb +3 -1
data/templates/error-backend.yaml.erb +134 -0
metadata +121 -44
data/examples/golang/deploy.yml +0 -54
data/lib/nvoi/cloudflare/client.rb +0 -287
data/lib/nvoi/config/config.rb +0 -248
data/lib/nvoi/config/loader.rb +0 -102
data/lib/nvoi/config/ssh_keys.rb +0 -82
data/lib/nvoi/config/types.rb +0 -274
data/lib/nvoi/constants.rb +0 -59
data/lib/nvoi/credentials/editor.rb +0 -272
data/lib/nvoi/deployer/cleaner.rb +0 -36
data/lib/nvoi/deployer/image_builder.rb +0 -23
data/lib/nvoi/deployer/infrastructure.rb +0 -126
data/lib/nvoi/deployer/orchestrator.rb +0 -146
data/lib/nvoi/deployer/service_deployer.rb +0 -311
data/lib/nvoi/deployer/tunnel_manager.rb +0 -57
data/lib/nvoi/deployer/types.rb +0 -8
data/lib/nvoi/k8s/renderer.rb +0 -44
data/lib/nvoi/k8s/templates.rb +0 -29
data/lib/nvoi/logger.rb +0 -72
data/lib/nvoi/providers/aws.rb +0 -403
data/lib/nvoi/providers/base.rb +0 -111
data/lib/nvoi/providers/hetzner.rb +0 -288
data/lib/nvoi/providers/hetzner_client.rb +0 -170
data/lib/nvoi/remote/docker_manager.rb +0 -203
data/lib/nvoi/remote/ssh_executor.rb +0 -72
data/lib/nvoi/remote/volume_manager.rb +0 -103
data/lib/nvoi/service/delete.rb +0 -234
data/lib/nvoi/service/deploy.rb +0 -80
data/lib/nvoi/service/exec.rb +0 -144
data/lib/nvoi/service/provider.rb +0 -36
data/lib/nvoi/steps/application_deployer.rb +0 -26
data/lib/nvoi/steps/database_provisioner.rb +0 -60
data/lib/nvoi/steps/k3s_cluster_setup.rb +0 -105
data/lib/nvoi/steps/k3s_provisioner.rb +0 -351
data/lib/nvoi/steps/server_provisioner.rb +0 -43
data/lib/nvoi/steps/services_provisioner.rb +0 -29
data/lib/nvoi/steps/tunnel_configurator.rb +0 -66
data/lib/nvoi/steps/volume_provisioner.rb +0 -154

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fb54d0e596f64c761d8c3b6f38e6ae0ea7f71186e89744078e6b09e9906bfc1a
-  data.tar.gz: 22eca4a7d6bc75e7d5f9c0372a261d3c82b88b07f3d82db38828c486249495c7
+  metadata.gz: 91c0d6ae24cfc163dd6c00008e5199cfdca4b9864ed6c2b56644b58b90d04ca6
+  data.tar.gz: 319109891843c14ae0dfe4c66553bdf06a5bf5a1d009855f97f0c6ffc17bccc6
 SHA512:
-  metadata.gz: 2f18b886aa28994c1f6f8caace570f1ad714815f4161ce2bbb48b00be06f7f3f60e7fa14e04d8c1423aa0b55039ca43165bf360c73fc11e8ccb73ea7a7b0a67f
-  data.tar.gz: 53d83331ca4ecd654fb1d563149f04ffae292474b2cf930cbeefafa00f6bbb746ade07fc1c400409445282718bb50eaf5db26dd0df187ac011313a242b3ca6a0
+  metadata.gz: 34b0c1e73b479bb2e10356b27f397a7c34dc9476bd7244490450163736fc7106bd28143ec91bfba1aa27a16c5b1f15d722cfd09d98d7a4155ce7dd752ff30949
+  data.tar.gz: 9706c433e608299ac10f71ff257a9d73a0e4f97bab126d3b99d0050474c426dde79fb793204dc55d9369b0654bfba162621106c34d3791fb4e9fb7fed651d8e2

data/.claude/todo/refactor/00-overview.md ADDED Viewed

@@ -0,0 +1,171 @@
+# Refactor Overview
+## Target Structure
+```
+lib/nvoi/
+├── cli.rb                              # Thor routing only (~50 lines)
+│
+├── cli/
+│   ├── deploy/
+│   │   ├── command.rb
+│   │   └── steps/
+│   │       ├── provision_network.rb
+│   │       ├── provision_server.rb
+│   │       ├── provision_volume.rb
+│   │       ├── setup_k3s.rb
+│   │       ├── configure_tunnel.rb
+│   │       ├── build_image.rb
+│   │       ├── deploy_service.rb
+│   │       └── cleanup_images.rb
+│   │
+│   ├── delete/
+│   │   ├── command.rb
+│   │   └── steps/
+│   │       ├── teardown_tunnel.rb
+│   │       ├── teardown_dns.rb
+│   │       ├── detach_volumes.rb
+│   │       ├── teardown_server.rb
+│   │       ├── teardown_volume.rb
+│   │       ├── teardown_firewall.rb
+│   │       └── teardown_network.rb
+│   │
+│   ├── exec/
+│   │   └── command.rb
+│   │
+│   └── credentials/
+│       ├── edit/
+│       │   └── command.rb
+│       └── show/
+│           └── command.rb
+│
+├── external/
+│   ├── cloud/
+│   │   ├── base.rb
+│   │   ├── hetzner.rb
+│   │   ├── aws.rb
+│   │   ├── scaleway.rb
+│   │   └── factory.rb
+│   ├── dns/
+│   │   └── cloudflare.rb
+│   ├── ssh.rb
+│   ├── kubectl.rb
+│   └── containerd.rb
+│
+├── objects/
+│   ├── server.rb
+│   ├── network.rb
+│   ├── firewall.rb
+│   ├── volume.rb
+│   ├── tunnel.rb
+│   ├── dns.rb
+│   ├── service_spec.rb
+│   └── config.rb
+│
+└── utils/
+    ├── namer.rb
+    ├── env_resolver.rb
+    ├── config_loader.rb
+    ├── crypto.rb
+    ├── templates.rb
+    ├── logger.rb
+    ├── constants.rb
+    ├── errors.rb
+    └── retry.rb
+```
+---
+## Refactor Order
+| #   | File                       | Description               | Depends On      |
+| --- | -------------------------- | ------------------------- | --------------- |
+| 01  | objects.md                 | Domain entities (Structs) | Nothing         |
+| 02  | utils.md                   | Shared helpers            | Objects         |
+| 03  | external-cloud.md          | Cloud provider adapters   | Objects, Utils  |
+| 04  | external-dns.md            | Cloudflare adapter        | Objects, Utils  |
+| 05  | external.md                | SSH, kubectl, containerd  | Objects, Utils  |
+| 06  | cli.md                     | Thor router               | Commands        |
+| 07  | cli-deploy-command.md      | Deploy orchestration      | External, Utils |
+| 08  | cli-deploy-steps.md        | Deploy step details       | External, Utils |
+| 09  | cli-delete-command.md      | Delete orchestration      | External, Utils |
+| 10  | cli-exec-command.md        | Exec command              | External, Utils |
+| 11  | cli-credentials-command.md | Credentials commands      | Utils           |
+---
+## Line Count Summary
+### Current State (~4200 lines)
+| Category                          | Lines |
+| --------------------------------- | ----- |
+| Config types + loading            | ~550  |
+| Credentials                       | ~330  |
+| Providers                         | ~1380 |
+| Cloudflare                        | ~350  |
+| Remote (SSH, Docker, Volume)      | ~430  |
+| K8s (templates, renderer)         | ~75   |
+| Steps                             | ~750  |
+| Deployer                          | ~580  |
+| Service (CLI entry)               | ~460  |
+| Utils (logger, constants, errors) | ~200  |
+| CLI                               | ~190  |
+### Target State (~3800 lines)
+| Category         | Lines | Change           |
+| ---------------- | ----- | ---------------- |
+| objects/         | ~400  | consolidated     |
+| utils/           | ~600  | merged           |
+| external/        | ~1000 | merged providers |
+| cli/deploy/      | ~1200 | flattened        |
+| cli/delete/      | ~300  | separated        |
+| cli/exec/        | ~150  | simplified       |
+| cli/credentials/ | ~100  | simplified       |
+| cli.rb           | ~50   | routing only     |
+**Net reduction: ~400 lines (10%)**
+---
+## DRY Wins
+1. **Hostname builder** - 3 duplications → 1 in `utils/namer.rb`
+2. **Provider + Client merge** - 4 files → 3 files
+3. **TunnelManager absorption** - eliminated wrapper
+4. **Config loader + SSH key merge** - 2 files → 1 file
+5. **Crypto + Manager merge** - 2 files → 1 file
+6. **Templates + Binding merge** - 2 files → 1 file
+7. **Thin wrapper removal** - `ApplicationDeployer`, `Editor` → gone
+8. **Struct consolidation** - scattered → `objects/`
+---
+## Migration Strategy
+### Phase 1: Foundation (01-02)
+Create `objects/` and `utils/`. No breaking changes yet.
+Other code keeps working, just uses new locations.
+### Phase 2: External Adapters (03-05)
+Move and merge providers. Update imports.
+Still backward compatible with old namespaces via aliases if needed.
+### Phase 3: Commands (07-11)
+Create new command structure.
+Old `service/*.rb` files still work during transition.
+### Phase 4: Router (06)
+Switch `cli.rb` to new commands.
+Delete old files.
+### Phase 5: Cleanup
+- Remove empty directories
+- Remove old requires from `lib/nvoi.rb`
+- Update tests

data/.claude/todo/refactor/01-objects.md ADDED Viewed

@@ -0,0 +1,96 @@
+# 01 - Objects (Domain Entities)
+## Priority: FIRST
+Objects have no dependencies. Everything else depends on them.
+---
+## Current State
+Scattered across multiple files:
+| Object                                                        | Current Location       | Lines |
+| ------------------------------------------------------------- | ---------------------- | ----- |
+| `Server`, `Network`, `Firewall`, `Volume`                     | `providers/base.rb`    | ~20   |
+| `ServerCreateOptions`, `VolumeCreateOptions`                  | `providers/base.rb`    | ~5    |
+| `Tunnel`, `Zone`, `DNSRecord`                                 | `cloudflare/client.rb` | ~10   |
+| `TunnelInfo`                                                  | `deployer/types.rb`    | ~3    |
+| `ServiceSpec`                                                 | `config/types.rb`      | ~20   |
+| `MountOptions`, `ContainerRunOptions`, `WaitForHealthOptions` | `remote/*.rb`          | ~10   |
+| Config types (15+ classes)                                    | `config/types.rb`      | ~290  |
+**Total: ~360 lines scattered across 5 files**
+---
+## Target Structure
+```
+lib/nvoi/objects/
+├── server.rb           # Server, ServerCreateOptions
+├── network.rb          # Network
+├── firewall.rb         # Firewall
+├── volume.rb           # Volume, VolumeCreateOptions, MountOptions
+├── tunnel.rb           # Tunnel, TunnelInfo
+├── dns.rb              # Zone, DNSRecord
+├── service_spec.rb     # ServiceSpec (K8s deployment spec)
+└── config.rb           # All config types consolidated
+```
+---
+## DRY Opportunities
+### 1. Config Types Consolidation
+Current `config/types.rb` has 15+ classes. Keep them but in `objects/config.rb`.
+### 2. Struct vs Class
+Many objects are simple Structs. Keep them as Structs:
+```ruby
+# objects/server.rb
+module Nvoi
+  module Objects
+    Server = Struct.new(:id, :name, :status, :public_ipv4, keyword_init: true)
+    ServerCreateOptions = Struct.new(:name, :type, :image, :location, :user_data, :network_id, :firewall_id, keyword_init: true)
+  end
+end
+```
+### 3. TunnelInfo Duplication
+`TunnelInfo` in `deployer/types.rb` is basically `Tunnel` + extra fields. Merge:
+```ruby
+# objects/tunnel.rb
+module Nvoi
+  module Objects
+    Tunnel = Struct.new(:id, :name, :token, keyword_init: true)
+    TunnelInfo = Struct.new(:service_name, :hostname, :tunnel_id, :tunnel_token, :port, keyword_init: true)
+  end
+end
+```
+---
+## Migration Steps
+1. Create `lib/nvoi/objects/` directory
+2. Extract Structs from `providers/base.rb` → `objects/server.rb`, `objects/network.rb`, etc.
+3. Extract Structs from `cloudflare/client.rb` → `objects/tunnel.rb`, `objects/dns.rb`
+4. Move `deployer/types.rb` → `objects/tunnel.rb` (merge TunnelInfo)
+5. Move `config/types.rb` → `objects/config.rb`
+6. Extract `MountOptions` from `remote/volume_manager.rb` → `objects/volume.rb`
+7. Update all requires in `lib/nvoi.rb`
+---
+## Estimated Effort
+- **Lines to move:** ~360
+- **Files created:** 8
+- **Files deleted:** 1 (`deployer/types.rb`)
+- **Files modified:** 4 (remove struct definitions)

data/.claude/todo/refactor/02-utils.md ADDED Viewed

@@ -0,0 +1,143 @@
+# 02 - Utils (Shared Helpers)
+## Priority: SECOND
+Utils depend only on Objects. Everything else uses them.
+---
+## Current State
+| Utility           | Current Location         | Lines | Purpose                            |
+| ----------------- | ------------------------ | ----- | ---------------------------------- |
+| `ResourceNamer`   | `config/naming.rb`       | 197   | Generate consistent resource names |
+| `EnvResolver`     | `config/env_resolver.rb` | 64    | Merge env vars from config         |
+| `SSHKeyLoader`    | `config/ssh_keys.rb`     | ~80   | Load SSH keys from config          |
+| `ConfigLoader`    | `config/loader.rb`       | 103   | Load and parse config file         |
+| `Crypto`          | `credentials/crypto.rb`  | ~100  | AES encryption/decryption          |
+| `Manager`         | `credentials/manager.rb` | ~150  | Credential file management         |
+| `Templates`       | `k8s/templates.rb`       | ~30   | ERB template loading               |
+| `TemplateBinding` | `k8s/renderer.rb`        | ~20   | ERB binding helper                 |
+| `Logger`          | `logger.rb`              | 73    | Colored console output             |
+| `Constants`       | `constants.rb`           | 60    | Magic numbers                      |
+| `Errors`          | `errors.rb`              | 70    | Error class hierarchy              |
+| `Retry`           | `deployer/retry.rb`      | ~30   | Retry logic                        |
+**Total: ~980 lines across 12 files**
+---
+## Target Structure
+```
+lib/nvoi/utils/
+├── namer.rb            # ResourceNamer
+├── env_resolver.rb     # EnvResolver
+├── config_loader.rb    # ConfigLoader + SSHKeyLoader (merge)
+├── crypto.rb           # Crypto + Manager (merge)
+├── templates.rb        # Templates + TemplateBinding
+├── logger.rb           # Logger
+├── constants.rb        # Constants
+├── errors.rb           # All error classes
+└── retry.rb            # Retry logic
+```
+---
+## DRY Opportunities
+### 1. Merge ConfigLoader + SSHKeyLoader
+Both deal with config initialization. Single file:
+```ruby
+# utils/config_loader.rb
+module Nvoi
+  module Utils
+    class ConfigLoader
+      def load(path)
+        # decrypt, parse YAML, load SSH keys, validate
+      end
+    end
+  end
+end
+```
+### 2. Merge Crypto + Manager
+`Manager` is just `Crypto` + file I/O. Combine:
+```ruby
+# utils/crypto.rb
+module Nvoi
+  module Utils
+    class Crypto
+      def encrypt(plaintext) ... end
+      def decrypt(ciphertext) ... end
+    end
+    class CredentialStore
+      def initialize(crypto) ... end
+      def read ... end
+      def write(content) ... end
+    end
+  end
+end
+```
+### 3. Merge Templates + TemplateBinding
+Both in k8s/ but are generic ERB utilities:
+```ruby
+# utils/templates.rb
+module Nvoi
+  module Utils
+    class TemplateRenderer
+      def render(name, data) ... end
+    end
+  end
+end
+```
+### 4. Hostname Builder Duplication
+`build_hostname(subdomain, domain)` appears in:
+- `steps/tunnel_configurator.rb`
+- `service/delete.rb`
+- `deployer/service_deployer.rb`
+Extract to namer:
+```ruby
+# utils/namer.rb
+def hostname(subdomain, domain)
+  subdomain.nil? || subdomain.empty? || subdomain == "@" ? domain : "#{subdomain}.#{domain}"
+end
+```
+---
+## Migration Steps
+1. Create `lib/nvoi/utils/` directory
+2. Move `logger.rb` → `utils/logger.rb` (no changes)
+3. Move `constants.rb` → `utils/constants.rb` (no changes)
+4. Move `errors.rb` → `utils/errors.rb` (no changes)
+5. Merge `config/naming.rb` → `utils/namer.rb` + add `hostname` method
+6. Merge `config/env_resolver.rb` → `utils/env_resolver.rb`
+7. Merge `config/loader.rb` + `config/ssh_keys.rb` → `utils/config_loader.rb`
+8. Merge `credentials/crypto.rb` + `credentials/manager.rb` → `utils/crypto.rb`
+9. Merge `k8s/templates.rb` + `k8s/renderer.rb` → `utils/templates.rb`
+10. Move `deployer/retry.rb` → `utils/retry.rb`
+11. Update all requires
+---
+## Estimated Effort
+- **Lines to consolidate:** ~980
+- **Files created:** 9
+- **Files deleted:** 12 (all current locations)
+- **DRY savings:** ~50 lines (hostname duplication, merged classes)

data/.claude/todo/refactor/03-external-cloud.md ADDED Viewed

@@ -0,0 +1,164 @@
+# 03 - External: Cloud Providers
+## Priority: THIRD
+External adapters depend on Objects and Utils.
+---
+## Current State
+| File                           | Lines | Purpose                      |
+| ------------------------------ | ----- | ---------------------------- |
+| `providers/base.rb`            | 112   | Abstract interface + Structs |
+| `providers/hetzner.rb`         | 289   | Hetzner Cloud implementation |
+| `providers/hetzner_client.rb`  | ~200  | Hetzner HTTP client          |
+| `providers/aws.rb`             | ~250  | AWS implementation           |
+| `providers/scaleway.rb`        | ~280  | Scaleway implementation      |
+| `providers/scaleway_client.rb` | ~200  | Scaleway HTTP client         |
+| `service/provider.rb`          | ~50   | Provider factory helper      |
+**Total: ~1380 lines across 7 files**
+---
+## Target Structure
+```
+lib/nvoi/external/cloud/
+├── base.rb             # Abstract interface (methods only, no Structs)
+├── hetzner.rb          # Hetzner (merge provider + client)
+├── aws.rb              # AWS
+├── scaleway.rb         # Scaleway (merge provider + client)
+└── factory.rb          # Provider initialization helper
+```
+---
+## What Each Provider Does
+All providers implement:
+```ruby
+# Network operations
+find_or_create_network(name)
+get_network_by_name(name)
+delete_network(id)
+# Firewall operations
+find_or_create_firewall(name)
+get_firewall_by_name(name)
+delete_firewall(id)
+# Server operations
+find_server(name)
+list_servers
+create_server(opts)
+wait_for_server(server_id, max_attempts)
+delete_server(id)
+# Volume operations
+create_volume(opts)
+get_volume(id)
+get_volume_by_name(name)
+delete_volume(id)
+attach_volume(volume_id, server_id)
+detach_volume(volume_id)
+# Validation
+validate_instance_type(instance_type)
+validate_region(region)
+validate_credentials
+```
+---
+## DRY Opportunities
+### 1. Merge Provider + Client
+Current pattern:
+- `hetzner.rb` = high-level operations
+- `hetzner_client.rb` = HTTP calls
+Merge into single file. The "client" is just private methods:
+```ruby
+# external/cloud/hetzner.rb
+module Nvoi
+  module External
+    module Cloud
+      class Hetzner < Base
+        def find_server(name) ... end  # public
+        private
+        def get(path) ... end          # HTTP helpers
+        def post(path, body) ... end
+      end
+    end
+  end
+end
+```
+### 2. Extract Common HTTP Client
+All providers do similar HTTP work. Extract base:
+```ruby
+# external/cloud/base.rb
+class Base
+  private
+  def http_get(url, headers = {}) ... end
+  def http_post(url, body, headers = {}) ... end
+  def handle_response(response) ... end
+end
+```
+### 3. Provider Factory
+Current `service/provider.rb` has `ProviderHelper` module. Move to:
+```ruby
+# external/cloud/factory.rb
+module Nvoi
+  module External
+    module Cloud
+      def self.for(config)
+        case config.provider_name
+        when "hetzner" then Hetzner.new(config.hetzner.api_token)
+        when "aws" then AWS.new(config.aws)
+        when "scaleway" then Scaleway.new(config.scaleway)
+        end
+      end
+    end
+  end
+end
+```
+### 4. Struct Extraction (already in 01-objects.md)
+Remove `Server`, `Network`, etc. from `base.rb` → use from `objects/`
+---
+## Migration Steps
+1. Create `lib/nvoi/external/cloud/` directory
+2. Create `base.rb` with interface only (no Structs)
+3. Merge `hetzner.rb` + `hetzner_client.rb` → `external/cloud/hetzner.rb`
+4. Move `aws.rb` → `external/cloud/aws.rb`
+5. Merge `scaleway.rb` + `scaleway_client.rb` → `external/cloud/scaleway.rb`
+6. Move `service/provider.rb` → `external/cloud/factory.rb`
+7. Update requires to use `Objects::Server`, etc.
+---
+## Estimated Effort
+- **Lines to consolidate:** ~1380
+- **Files created:** 5
+- **Files deleted:** 7
+- **DRY savings:** ~100 lines (merged clients, shared HTTP base)

data/.claude/todo/refactor/04-external-dns.md ADDED Viewed

@@ -0,0 +1,104 @@
+# 04 - External: DNS Provider (Cloudflare)
+## Priority: THIRD (parallel with cloud)
+---
+## Current State
+| File                         | Lines | Purpose                    |
+| ---------------------------- | ----- | -------------------------- |
+| `cloudflare/client.rb`       | 288   | Cloudflare API client      |
+| `deployer/tunnel_manager.rb` | 58    | Tunnel setup orchestration |
+**Total: ~346 lines across 2 files**
+---
+## Target Structure
+```
+lib/nvoi/external/dns/
+└── cloudflare.rb       # Full Cloudflare client (tunnels + DNS)
+```
+---
+## What Cloudflare Client Does
+### Tunnel Operations
+- `create_tunnel(name)` → Tunnel
+- `find_tunnel(name)` → Tunnel | nil
+- `get_tunnel_token(tunnel_id)` → String
+- `update_tunnel_configuration(tunnel_id, hostname, service_url)`
+- `verify_tunnel_configuration(tunnel_id, hostname, service_url, attempts)`
+- `delete_tunnel(tunnel_id)`
+### DNS Operations
+- `find_zone(domain)` → Zone | nil
+- `find_dns_record(zone_id, name, type)` → DNSRecord | nil
+- `create_dns_record(zone_id, name, type, content, proxied:)`
+- `update_dns_record(zone_id, record_id, name, type, content, proxied:)`
+- `create_or_update_dns_record(...)` → convenience method
+- `delete_dns_record(zone_id, record_id)`
+---
+## DRY Opportunities
+### 1. Absorb TunnelManager into Cloudflare Client
+`TunnelManager.setup_tunnel` does:
+1. Find or create tunnel
+2. Get token
+3. Configure ingress
+4. Verify configuration
+5. Create DNS record
+This is just a convenience method. Move into client:
+```ruby
+# external/dns/cloudflare.rb
+class Cloudflare
+  # Existing low-level methods...
+  # High-level convenience
+  def setup_tunnel(name, hostname, service_url, domain)
+    tunnel = find_tunnel(name) || create_tunnel(name)
+    token = tunnel.token || get_tunnel_token(tunnel.id)
+    update_tunnel_configuration(tunnel.id, hostname, service_url)
+    verify_tunnel_configuration(tunnel.id, hostname, service_url, Constants::TUNNEL_CONFIG_VERIFY_ATTEMPTS)
+    zone = find_zone(domain)
+    create_or_update_dns_record(zone.id, hostname, "CNAME", "#{tunnel.id}.cfargotunnel.com")
+    Objects::TunnelInfo.new(tunnel_id: tunnel.id, tunnel_token: token)
+  end
+end
+```
+### 2. Remove Struct Definitions
+Move `Tunnel`, `Zone`, `DNSRecord` to `objects/` (done in 01-objects.md)
+---
+## Migration Steps
+1. Create `lib/nvoi/external/dns/` directory
+2. Move `cloudflare/client.rb` → `external/dns/cloudflare.rb`
+3. Merge `deployer/tunnel_manager.rb` into Cloudflare as `setup_tunnel` method
+4. Remove Struct definitions (use from `objects/`)
+5. Update namespace from `Cloudflare::Client` to `External::DNS::Cloudflare`
+---
+## Estimated Effort
+- **Lines to consolidate:** ~346
+- **Files created:** 1
+- **Files deleted:** 2
+- **DRY savings:** ~20 lines (TunnelManager overhead)