nvoi 0.1.7 → 0.2.0

data/.claude/todo/refactor/03-external-cloud.md

@@ -1,164 +0,0 @@
-# 03 - External: Cloud Providers
-
-## Priority: THIRD
-
-External adapters depend on Objects and Utils.
-
----
-
-## Current State
-
-| File                           | Lines | Purpose                      |
-| ------------------------------ | ----- | ---------------------------- |
-| `providers/base.rb`            | 112   | Abstract interface + Structs |
-| `providers/hetzner.rb`         | 289   | Hetzner Cloud implementation |
-| `providers/hetzner_client.rb`  | ~200  | Hetzner HTTP client          |
-| `providers/aws.rb`             | ~250  | AWS implementation           |
-| `providers/scaleway.rb`        | ~280  | Scaleway implementation      |
-| `providers/scaleway_client.rb` | ~200  | Scaleway HTTP client         |
-| `service/provider.rb`          | ~50   | Provider factory helper      |
-
-**Total: ~1380 lines across 7 files**
-
----
-
-## Target Structure
-
-```
-lib/nvoi/external/cloud/
-├── base.rb             # Abstract interface (methods only, no Structs)
-├── hetzner.rb          # Hetzner (merge provider + client)
-├── aws.rb              # AWS
-├── scaleway.rb         # Scaleway (merge provider + client)
-└── factory.rb          # Provider initialization helper
-```
-
----
-
-## What Each Provider Does
-
-All providers implement:
-
-```ruby
-# Network operations
-find_or_create_network(name)
-get_network_by_name(name)
-delete_network(id)
-
-# Firewall operations
-find_or_create_firewall(name)
-get_firewall_by_name(name)
-delete_firewall(id)
-
-# Server operations
-find_server(name)
-list_servers
-create_server(opts)
-wait_for_server(server_id, max_attempts)
-delete_server(id)
-
-# Volume operations
-create_volume(opts)
-get_volume(id)
-get_volume_by_name(name)
-delete_volume(id)
-attach_volume(volume_id, server_id)
-detach_volume(volume_id)
-
-# Validation
-validate_instance_type(instance_type)
-validate_region(region)
-validate_credentials
-```
-
----
-
-## DRY Opportunities
-
-### 1. Merge Provider + Client
-
-Current pattern:
-
-- `hetzner.rb` = high-level operations
-- `hetzner_client.rb` = HTTP calls
-
-Merge into single file. The "client" is just private methods:
-
-```ruby
-# external/cloud/hetzner.rb
-module Nvoi
-  module External
-    module Cloud
-      class Hetzner < Base
-        def find_server(name) ... end  # public
-
-        private
-
-        def get(path) ... end          # HTTP helpers
-        def post(path, body) ... end
-      end
-    end
-  end
-end
-```
-
-### 2. Extract Common HTTP Client
-
-All providers do similar HTTP work. Extract base:
-
-```ruby
-# external/cloud/base.rb
-class Base
-  private
-
-  def http_get(url, headers = {}) ... end
-  def http_post(url, body, headers = {}) ... end
-  def handle_response(response) ... end
-end
-```
-
-### 3. Provider Factory
-
-Current `service/provider.rb` has `ProviderHelper` module. Move to:
-
-```ruby
-# external/cloud/factory.rb
-module Nvoi
-  module External
-    module Cloud
-      def self.for(config)
-        case config.provider_name
-        when "hetzner" then Hetzner.new(config.hetzner.api_token)
-        when "aws" then AWS.new(config.aws)
-        when "scaleway" then Scaleway.new(config.scaleway)
-        end
-      end
-    end
-  end
-end
-```
-
-### 4. Struct Extraction (already in 01-objects.md)
-
-Remove `Server`, `Network`, etc. from `base.rb` → use from `objects/`
-
----
-
-## Migration Steps
-
-1. Create `lib/nvoi/external/cloud/` directory
-2. Create `base.rb` with interface only (no Structs)
-3. Merge `hetzner.rb` + `hetzner_client.rb` → `external/cloud/hetzner.rb`
-4. Move `aws.rb` → `external/cloud/aws.rb`
-5. Merge `scaleway.rb` + `scaleway_client.rb` → `external/cloud/scaleway.rb`
-6. Move `service/provider.rb` → `external/cloud/factory.rb`
-7. Update requires to use `Objects::Server`, etc.
-
----
-
-## Estimated Effort
-
-- **Lines to consolidate:** ~1380
-- **Files created:** 5
-- **Files deleted:** 7
-- **DRY savings:** ~100 lines (merged clients, shared HTTP base)

data/.claude/todo/refactor/04-external-dns.md

@@ -1,104 +0,0 @@
-# 04 - External: DNS Provider (Cloudflare)
-
-## Priority: THIRD (parallel with cloud)
-
----
-
-## Current State
-
-| File                         | Lines | Purpose                    |
-| ---------------------------- | ----- | -------------------------- |
-| `cloudflare/client.rb`       | 288   | Cloudflare API client      |
-| `deployer/tunnel_manager.rb` | 58    | Tunnel setup orchestration |
-
-**Total: ~346 lines across 2 files**
-
----
-
-## Target Structure
-
-```
-lib/nvoi/external/dns/
-└── cloudflare.rb       # Full Cloudflare client (tunnels + DNS)
-```
-
----
-
-## What Cloudflare Client Does
-
-### Tunnel Operations
-
-- `create_tunnel(name)` → Tunnel
-- `find_tunnel(name)` → Tunnel | nil
-- `get_tunnel_token(tunnel_id)` → String
-- `update_tunnel_configuration(tunnel_id, hostname, service_url)`
-- `verify_tunnel_configuration(tunnel_id, hostname, service_url, attempts)`
-- `delete_tunnel(tunnel_id)`
-
-### DNS Operations
-
-- `find_zone(domain)` → Zone | nil
-- `find_dns_record(zone_id, name, type)` → DNSRecord | nil
-- `create_dns_record(zone_id, name, type, content, proxied:)`
-- `update_dns_record(zone_id, record_id, name, type, content, proxied:)`
-- `create_or_update_dns_record(...)` → convenience method
-- `delete_dns_record(zone_id, record_id)`
-
----
-
-## DRY Opportunities
-
-### 1. Absorb TunnelManager into Cloudflare Client
-
-`TunnelManager.setup_tunnel` does:
-
-1. Find or create tunnel
-2. Get token
-3. Configure ingress
-4. Verify configuration
-5. Create DNS record
-
-This is just a convenience method. Move into client:
-
-```ruby
-# external/dns/cloudflare.rb
-class Cloudflare
-  # Existing low-level methods...
-
-  # High-level convenience
-  def setup_tunnel(name, hostname, service_url, domain)
-    tunnel = find_tunnel(name) || create_tunnel(name)
-    token = tunnel.token || get_tunnel_token(tunnel.id)
-    update_tunnel_configuration(tunnel.id, hostname, service_url)
-    verify_tunnel_configuration(tunnel.id, hostname, service_url, Constants::TUNNEL_CONFIG_VERIFY_ATTEMPTS)
-
-    zone = find_zone(domain)
-    create_or_update_dns_record(zone.id, hostname, "CNAME", "#{tunnel.id}.cfargotunnel.com")
-
-    Objects::TunnelInfo.new(tunnel_id: tunnel.id, tunnel_token: token)
-  end
-end
-```
-
-### 2. Remove Struct Definitions
-
-Move `Tunnel`, `Zone`, `DNSRecord` to `objects/` (done in 01-objects.md)
-
----
-
-## Migration Steps
-
-1. Create `lib/nvoi/external/dns/` directory
-2. Move `cloudflare/client.rb` → `external/dns/cloudflare.rb`
-3. Merge `deployer/tunnel_manager.rb` into Cloudflare as `setup_tunnel` method
-4. Remove Struct definitions (use from `objects/`)
-5. Update namespace from `Cloudflare::Client` to `External::DNS::Cloudflare`
-
----
-
-## Estimated Effort
-
-- **Lines to consolidate:** ~346
-- **Files created:** 1
-- **Files deleted:** 2
-- **DRY savings:** ~20 lines (TunnelManager overhead)

data/.claude/todo/refactor/05-external.md

@@ -1,133 +0,0 @@
-# 05 - External: SSH, Kubectl, Containerd
-
-## Priority: THIRD (parallel with cloud/dns)
-
----
-
-## Current State
-
-| File                       | Lines | Purpose                      |
-| -------------------------- | ----- | ---------------------------- |
-| `remote/ssh_executor.rb`   | 73    | SSH command execution        |
-| `remote/docker_manager.rb` | 204   | Docker/containerd operations |
-| `remote/volume_manager.rb` | 104   | Volume mount operations      |
-| `k8s/renderer.rb`          | 45    | kubectl apply wrapper        |
-
-**Total: ~426 lines across 4 files**
-
----
-
-## Target Structure
-
-```
-lib/nvoi/external/
-├── ssh.rb              # SSH executor
-├── kubectl.rb          # kubectl wrapper (from k8s/renderer.rb)
-└── containerd.rb       # containerd/Docker operations (from docker_manager.rb + volume_manager.rb)
-```
-
----
-
-## What Each Does
-
-### SSH Executor (`remote/ssh_executor.rb`)
-
-- `execute(command, stream: false)` → String
-- `execute_quiet(command)` → nil (ignore errors)
-- `open_shell` → exec into SSH
-
-### Docker Manager (`remote/docker_manager.rb`)
-
-- `create_network(name)`
-- `build_image(path, tag, cache_from)` → local build, rsync, ctr import
-- `run_container(opts)`
-- `exec(container, command)`
-- `wait_for_health(opts)`
-- `container_status(name)`, `container_logs(name, lines)`
-- `stop_container(name)`, `remove_container(name)`
-- `list_containers(filter)`, `list_images(filter)`
-- `cleanup_old_images(prefix, keep_tags)`
-- `container_running?(name)`
-- `setup_cloudflared(network, token, name)`
-
-### Volume Manager (`remote/volume_manager.rb`)
-
-- `mount(opts)` → format + mount + fstab
-- `unmount(mount_path)`
-- `mounted?(mount_path)`
-- `remove_from_fstab(mount_path)`
-
-### K8s Renderer (`k8s/renderer.rb`)
-
-- `render_template(name, data)` → String
-- `apply_manifest(ssh, template_name, data)` → kubectl apply
-- `wait_for_deployment(ssh, name, namespace, timeout)`
-
----
-
-## DRY Opportunities
-
-### 1. Rename docker_manager → containerd
-
-It's not really Docker anymore. It uses `ctr` (containerd). Name it accurately:
-
-```ruby
-# external/containerd.rb
-class Containerd
-  def initialize(ssh) ... end
-  def build_and_import(path, tag) ... end
-  def list_images(filter) ... end
-  def cleanup_images(prefix, keep_tags) ... end
-end
-```
-
-### 2. Extract Volume Logic
-
-Volume mounting is separate from container runtime. Could stay in containerd or be separate.
-Decision: Keep in containerd since it's all "server-side stuff via SSH".
-
-### 3. Simplify K8s Renderer
-
-Move template rendering to `utils/templates.rb`. Keep only kubectl operations:
-
-```ruby
-# external/kubectl.rb
-class Kubectl
-  def initialize(ssh) ... end
-  def apply(manifest) ... end
-  def wait_for_deployment(name, namespace, timeout) ... end
-  def wait_for_statefulset(name, namespace, timeout) ... end
-  def get_pod_name(label) ... end
-  def exec(pod, command) ... end
-end
-```
-
-### 4. SSH as Dependency
-
-All external adapters that run on remote servers need SSH:
-
-- `Containerd.new(ssh)`
-- `Kubectl.new(ssh)`
-- `VolumeManager.new(ssh)` (if kept separate)
-
-This is correct. SSH is the transport, others are domain-specific.
-
----
-
-## Migration Steps
-
-1. Move `remote/ssh_executor.rb` → `external/ssh.rb`
-2. Rename `remote/docker_manager.rb` → `external/containerd.rb`
-3. Merge `remote/volume_manager.rb` into `external/containerd.rb` (or keep separate)
-4. Extract kubectl operations from `k8s/renderer.rb` → `external/kubectl.rb`
-5. Move template rendering to `utils/templates.rb` (already planned in 02-utils.md)
-6. Update namespace from `Remote::SSHExecutor` to `External::SSH`
-
----
-
-## Estimated Effort
-
-- **Lines to consolidate:** ~426
-- **Files created:** 3
-- **Files deleted:** 4
-- **DRY savings:** ~30 lines (simplified renderer, naming cleanup)

data/.claude/todo/refactor/06-cli.md

@@ -1,123 +0,0 @@
-# 06 - CLI Entry Point (Thor Routing)
-
-## Priority: FOURTH
-
-CLI depends on all command implementations.
-
----
-
-## Current State
-
-| File     | Lines | Purpose                                   |
-| -------- | ----- | ----------------------------------------- |
-| `cli.rb` | 191   | Thor commands + CredentialsCLI subcommand |
-
----
-
-## Target Structure
-
-```
-lib/nvoi/
-└── cli.rb              # Thor routing only (~50 lines)
-```
-
----
-
-## What CLI Currently Does
-
-1. **Thor setup** - class options, exit behavior
-2. **Command definitions** - `deploy`, `delete`, `exec`, `credentials`
-3. **Config path resolution** - `resolve_config_path`, `resolve_working_dir`
-4. **Instantiate services** - creates `DeployService`, `DeleteService`, etc.
-
----
-
-## Target: Thin Router
-
-CLI should ONLY:
-
-1. Define Thor commands
-2. Parse options
-3. Delegate to `cli/<command>/command.rb`
-
-```ruby
-# cli.rb
-module Nvoi
-  class CLI < Thor
-    class_option :config, aliases: "-c", default: "deploy.enc"
-    class_option :dir, aliases: "-d", default: "."
-
-    desc "deploy", "Deploy application"
-    option :dockerfile_path
-    def deploy
-      require_relative "cli/deploy/command"
-      CLI::Deploy::Command.new(options).run
-    end
-
-    desc "delete", "Delete infrastructure"
-    def delete
-      require_relative "cli/delete/command"
-      CLI::Delete::Command.new(options).run
-    end
-
-    desc "exec [COMMAND...]", "Execute command on server"
-    option :server, default: "main"
-    option :all, type: :boolean
-    option :interactive, aliases: "-i", type: :boolean
-    def exec(*args)
-      require_relative "cli/exec/command"
-      CLI::Exec::Command.new(options).run(args)
-    end
-
-    desc "credentials SUBCOMMAND", "Manage credentials"
-    subcommand "credentials", CLI::Credentials
-  end
-
-  class CLI::Credentials < Thor
-    desc "edit", "Edit encrypted credentials"
-    def edit
-      require_relative "cli/credentials/edit/command"
-      CLI::Credentials::Edit::Command.new(options).run
-    end
-
-    desc "show", "Show decrypted credentials"
-    def show
-      require_relative "cli/credentials/show/command"
-      CLI::Credentials::Show::Command.new(options).run
-    end
-  end
-end
-```
-
----
-
-## DRY Opportunities
-
-### 1. Move Logic to Commands
-
-All the `resolve_config_path`, validation, service instantiation moves INTO each command.
-
-### 2. Lazy Requires
-
-Use `require_relative` inside methods. Faster CLI startup, only loads what's needed.
-
-### 3. CredentialsCLI → Nested Class
-
-Currently separate class, can be nested under CLI.
-
----
-
-## Migration Steps
-
-1. Create command files first (07-10)
-2. Strip `cli.rb` down to routing only
-3. Move `CredentialsCLI` inline as `CLI::Credentials`
-4. Add lazy requires for each command
-
----
-
-## Estimated Effort
-
-- **Lines after refactor:** ~50 (down from 191)
-- **Logic moved to:** `cli/*/command.rb` files
-- **DRY savings:** 141 lines moved (not deleted, redistributed)

data/.claude/todo/refactor/07-cli-deploy-command.md

@@ -1,177 +0,0 @@
-# 07 - CLI: Deploy Command
-
-## Priority: FIFTH
-
-Depends on external adapters, utils, objects.
-
----
-
-## Current State
-
-| File                | Lines | Purpose                     |
-| ------------------- | ----- | --------------------------- |
-| `service/deploy.rb` | 81    | DeployService orchestration |
-
----
-
-## Target Structure
-
-```
-lib/nvoi/cli/deploy/
-├── command.rb          # Entry point + step orchestration
-└── steps/
-    ├── provision_network.rb
-    ├── provision_server.rb
-    ├── provision_volume.rb
-    ├── setup_k3s.rb
-    ├── configure_tunnel.rb
-    ├── build_image.rb
-    ├── deploy_database.rb
-    ├── deploy_service.rb
-    └── cleanup_images.rb
-```
-
----
-
-## What Deploy Does (Current Flow)
-
-```
-1. Load config
-2. Init provider
-3. Validate provider config
-4. provision_server:
-   a. ServerProvisioner.run → provisions network, firewall, servers
-   b. VolumeProvisioner.run → creates/attaches/mounts volumes
-   c. K3sClusterSetup.run → installs K3s on master + workers
-5. configure_tunnels:
-   a. TunnelConfigurator.run → creates Cloudflare tunnels + DNS
-6. deploy_application:
-   a. Orchestrator.run:
-      - Acquire lock
-      - ImageBuilder.build_and_push
-      - Push to registry
-      - ServiceDeployer.deploy_app_secret
-      - ServiceDeployer.deploy_database
-      - ServiceDeployer.deploy_service (for each service)
-      - ServiceDeployer.deploy_app_service (for each app)
-      - ServiceDeployer.deploy_cloudflared
-      - ServiceDeployer.verify_traffic_switchover
-      - Cleaner.cleanup_old_images
-      - Release lock
-```
-
----
-
-## Target Flow (Simplified)
-
-```ruby
-# cli/deploy/command.rb
-class Command
-  def run
-    config = Utils::ConfigLoader.new.load(config_path)
-    provider = External::Cloud.for(config)
-    log = Utils::Logger.new
-
-    Steps::ProvisionNetwork.new(config, provider, log).run
-    Steps::ProvisionServer.new(config, provider, log).run
-    Steps::ProvisionVolume.new(config, provider, log).run
-    Steps::SetupK3s.new(config, provider, log).run
-    tunnels = Steps::ConfigureTunnel.new(config, log).run
-    Steps::BuildImage.new(config, log).run
-    Steps::DeployService.new(config, tunnels, log).run
-    Steps::CleanupImages.new(config, log).run
-  end
-end
-```
-
----
-
-## DRY Opportunities
-
-### 1. Flatten the Hierarchy
-
-Current: `DeployService` → `Steps::*` → `Deployer::*`
-Target: `Command` → `Steps::*` directly
-
-Kill `Deployer::Orchestrator`. Its logic moves into `Steps::DeployService`.
-
-### 2. Remove Thin Wrappers
-
-`Steps::ApplicationDeployer` is just:
-
-```ruby
-def run
-  orchestrator = Deployer::Orchestrator.new(@config, @provider, @log)
-  orchestrator.run(@server_ip, @tunnels, @working_dir)
-end
-```
-
-Delete it. Put that logic in `Steps::DeployService`.
-
-### 3. Consolidate ServiceDeployer
-
-`Deployer::ServiceDeployer` (312 lines) does too much:
-
-- Deploy app secret
-- Deploy app service
-- Deploy database
-- Deploy generic service
-- Deploy cloudflared
-- Verify traffic
-- Run pre-run commands
-
-Split into focused steps or keep as internal helper in `Steps::DeployService`.
-
-### 4. Lock Management
-
-Deployment lock is in `Orchestrator`. Move to `Command`:
-
-```ruby
-def run
-  acquire_lock(ssh)
-  # ... steps ...
-ensure
-  release_lock(ssh)
-end
-```
-
----
-
-## Migration Steps
-
-1. Create `lib/nvoi/cli/deploy/command.rb`
-2. Create `lib/nvoi/cli/deploy/steps/` directory
-3. Move `steps/server_provisioner.rb` → `cli/deploy/steps/provision_server.rb`
-4. Move `steps/volume_provisioner.rb` → `cli/deploy/steps/provision_volume.rb`
-5. Merge `steps/k3s_cluster_setup.rb` + `steps/k3s_provisioner.rb` → `cli/deploy/steps/setup_k3s.rb`
-6. Move `steps/tunnel_configurator.rb` → `cli/deploy/steps/configure_tunnel.rb`
-7. Move `deployer/image_builder.rb` → `cli/deploy/steps/build_image.rb`
-8. Merge `deployer/orchestrator.rb` + `deployer/service_deployer.rb` → `cli/deploy/steps/deploy_service.rb`
-9. Move `deployer/cleaner.rb` → `cli/deploy/steps/cleanup_images.rb`
-10. Extract network/firewall from ServerProvisioner → `cli/deploy/steps/provision_network.rb`
-11. Delete old files: `service/deploy.rb`, `deployer/orchestrator.rb`, `steps/application_deployer.rb`
-
----
-
-## Estimated Effort
-
-**Files involved:**
-
-- `service/deploy.rb` (81 lines)
-- `steps/server_provisioner.rb` (44 lines)
-- `steps/volume_provisioner.rb` (155 lines)
-- `steps/k3s_provisioner.rb` (352 lines)
-- `steps/k3s_cluster_setup.rb` (106 lines)
-- `steps/tunnel_configurator.rb` (67 lines)
-- `steps/application_deployer.rb` (27 lines)
-- `deployer/orchestrator.rb` (147 lines)
-- `deployer/infrastructure.rb` (127 lines)
-- `deployer/image_builder.rb` (24 lines)
-- `deployer/service_deployer.rb` (312 lines)
-- `deployer/cleaner.rb` (37 lines)
-
-**Total: ~1479 lines to reorganize**
-
-- **Files created:** 9 (command.rb + 8 steps)
-- **Files deleted:** 12
-- **DRY savings:** ~150 lines (removed wrappers, flattened hierarchy)