nvoi 0.1.8 → 0.2.0

data/.claude/todo/refactor/09-cli-delete-command.md

@@ -1,169 +0,0 @@
-# 09 - CLI: Delete Command
-
-## Priority: FIFTH (parallel with deploy)
-
----
-
-## Current State
-
-| File                | Lines | Purpose                                |
-| ------------------- | ----- | -------------------------------------- |
-| `service/delete.rb` | 235   | DeleteService - teardown all resources |
-
----
-
-## Target Structure
-
-```
-lib/nvoi/cli/delete/
-├── command.rb
-└── steps/
-    ├── teardown_tunnel.rb
-    ├── teardown_dns.rb
-    ├── detach_volumes.rb
-    ├── teardown_server.rb
-    ├── teardown_volume.rb
-    ├── teardown_firewall.rb
-    └── teardown_network.rb
-```
-
----
-
-## What Delete Does (Current)
-
-```ruby
-def run
-  detach_volumes          # Must happen before server deletion
-  delete_all_servers      # Delete servers from all groups
-  delete_volumes          # Now safe to delete
-  delete_firewall         # With retry (might still be attached)
-  delete_network
-  delete_cloudflare_resources  # Tunnels + DNS records
-end
-```
-
----
-
-## Target Flow
-
-```ruby
-# cli/delete/command.rb
-class Command
-  def run
-    config = Utils::ConfigLoader.new.load(config_path)
-    provider = External::Cloud.for(config)
-    cloudflare = External::DNS::Cloudflare.new(config.cloudflare)
-    log = Utils::Logger.new
-
-    # Order matters!
-    Steps::DetachVolumes.new(config, provider, log).run
-    Steps::TeardownServer.new(config, provider, log).run
-    Steps::TeardownVolume.new(config, provider, log).run
-    Steps::TeardownFirewall.new(config, provider, log).run
-    Steps::TeardownNetwork.new(config, provider, log).run
-    Steps::TeardownTunnel.new(config, cloudflare, log).run
-    Steps::TeardownDNS.new(config, cloudflare, log).run
-
-    log.success "Cleanup complete"
-  end
-end
-```
-
----
-
-## DRY Opportunities
-
-### 1. Shared Volume Name Collection
-
-Both `detach_volumes` and `delete_volumes` call `collect_volume_names`.
-Extract to utils or pass as step output:
-
-```ruby
-volumes = Steps::DetachVolumes.new(...).run  # returns volume list
-Steps::TeardownVolume.new(...).run(volumes)
-```
-
-### 2. Shared Hostname Builder
-
-`build_hostname` is duplicated. Already planned for `utils/namer.rb`.
-
-### 3. Merge Tunnel + DNS Teardown
-
-Both iterate over app services with domains. Could be single step:
-
-```ruby
-Steps::TeardownCloudflare.new(config, cloudflare, log).run
-# Deletes both tunnels and DNS records
-```
-
-### 4. Error Tolerance
-
-Delete operations should be idempotent. Current code does:
-
-```ruby
-rescue StandardError => e
-  @log.warning "Failed to delete: %s", e.message
-end
-```
-
-Keep this pattern - deletion should continue even if some resources are already gone.
-
----
-
-## Step Details
-
-### detach_volumes.rb (~40 lines)
-
-- Collect all volume names
-- For each: find volume, detach if attached
-
-### teardown_server.rb (~50 lines)
-
-- For each server group:
-  - For each server in group:
-    - Find and delete server
-
-### teardown_volume.rb (~40 lines)
-
-- For each volume name:
-  - Find and delete volume
-
-### teardown_firewall.rb (~30 lines)
-
-- Find firewall by name
-- Delete with retry (may still be detaching)
-
-### teardown_network.rb (~20 lines)
-
-- Find network by name
-- Delete
-
-### teardown_tunnel.rb (~40 lines)
-
-- For each app service with domain:
-  - Find and delete tunnel
-
-### teardown_dns.rb (~40 lines)
-
-- For each app service with domain:
-  - Find zone
-  - Find and delete CNAME record
-
----
-
-## Migration Steps
-
-1. Create `lib/nvoi/cli/delete/command.rb`
-2. Create `lib/nvoi/cli/delete/steps/` directory
-3. Extract each operation from `service/delete.rb` into separate step
-4. Move `collect_volume_names` to command (shared state)
-5. Delete `service/delete.rb`
-
----
-
-## Estimated Effort
-
-- **Lines to reorganize:** 235
-- **Files created:** 8 (command + 7 steps)
-- **Files deleted:** 1
-- **DRY savings:** ~30 lines (shared hostname, merged tunnel+dns option)

data/.claude/todo/refactor/10-cli-exec-command.md

@@ -1,157 +0,0 @@
-# 10 - CLI: Exec Command
-
-## Priority: FIFTH (parallel with deploy/delete)
-
----
-
-## Current State
-
-| File | Lines | Purpose |
-|------|-------|---------|
-| `service/exec.rb` | 145 | ExecService - remote command execution |
-
----
-
-## Target Structure
-
-```
-lib/nvoi/cli/exec/
-└── command.rb          # Single file, no steps needed
-```
-
----
-
-## What Exec Does
-
-Three modes:
-1. **Single server:** `nvoi exec "ls -la"` → run on main server
-2. **All servers:** `nvoi exec --all "ls -la"` → run on all servers in parallel
-3. **Interactive:** `nvoi exec -i` → open SSH shell
-
----
-
-## Target Implementation
-
-```ruby
-# cli/exec/command.rb
-module Nvoi
-  module CLI
-    module Exec
-      class Command
-        def initialize(options)
-          @options = options
-          @log = Utils::Logger.new
-        end
-
-        def run(args)
-          config = Utils::ConfigLoader.new.load(config_path)
-          provider = External::Cloud.for(config)
-
-          if @options[:interactive]
-            open_shell(config, provider)
-          elsif @options[:all]
-            run_all(config, provider, args.join(" "))
-          else
-            run_single(config, provider, args.join(" "), @options[:server])
-          end
-        end
-
-        private
-
-        def run_single(config, provider, command, server_name)
-          server = find_server(config, provider, server_name)
-          ssh = External::SSH.new(server.public_ipv4, config.ssh_key_path)
-
-          @log.info "Executing on %s: %s", server.name, command
-          ssh.execute(command, stream: true)
-          @log.success "Command completed"
-        end
-
-        def run_all(config, provider, command)
-          servers = all_servers(config, provider)
-          @log.info "Executing on %d servers", servers.size
-
-          threads = servers.map do |server|
-            Thread.new do
-              ssh = External::SSH.new(server.public_ipv4, config.ssh_key_path)
-              output = ssh.execute(command)
-              [server.name, output]
-            end
-          end
-
-          threads.each do |t|
-            name, output = t.value
-            output.lines.each { |line| puts "[#{name}] #{line}" }
-          end
-        end
-
-        def open_shell(config, provider)
-          server = find_server(config, provider, @options[:server])
-          ssh = External::SSH.new(server.public_ipv4, config.ssh_key_path)
-          ssh.open_shell
-        end
-
-        def find_server(config, provider, name)
-          actual_name = resolve_server_name(config, name)
-          provider.find_server(actual_name) or raise ServiceError, "server not found: #{actual_name}"
-        end
-
-        def resolve_server_name(config, name)
-          return config.server_name if name == "main" || name.nil?
-          # Parse "worker-1" → server_name("worker", 1)
-          # ...
-        end
-
-        def all_servers(config, provider)
-          config.deploy.application.servers.flat_map do |group, cfg|
-            (1..cfg.count).map { |i| provider.find_server(config.namer.server_name(group, i)) }
-          end.compact
-        end
-      end
-    end
-  end
-end
-```
-
----
-
-## DRY Opportunities
-
-### 1. Server Name Resolution
-`resolve_server_name` logic is useful. Could go to `utils/namer.rb`:
-```ruby
-# utils/namer.rb
-def resolve_server_reference(ref)
-  # "main" → server_name for master
-  # "worker-1" → server_name("worker", 1)
-end
-```
-
-### 2. Server Collection
-`all_servers` pattern could be a config method:
-```ruby
-# objects/config.rb
-def each_server
-  deploy.application.servers.each do |group, cfg|
-    (1..cfg.count).each { |i| yield(group, i) }
-  end
-end
-```
-
----
-
-## Migration Steps
-
-1. Create `lib/nvoi/cli/exec/command.rb`
-2. Move logic from `service/exec.rb`
-3. Extract `resolve_server_name` to `utils/namer.rb`
-4. Delete `service/exec.rb`
-
----
-
-## Estimated Effort
-
-- **Lines to reorganize:** 145
-- **Files created:** 1
-- **Files deleted:** 1
-- **Net change:** ~0 (simple move + namespace change)

data/.claude/todo/refactor/11-cli-credentials-command.md

@@ -1,190 +0,0 @@
-# 11 - CLI: Credentials Commands
-
-## Priority: FIFTH (parallel with others)
-
----
-
-## Current State
-
-| File                      | Lines | Purpose                         |
-| ------------------------- | ----- | ------------------------------- |
-| `cli.rb` (CredentialsCLI) | ~55   | Thor subcommand for credentials |
-| `credentials/editor.rb`   | ~80   | Edit/show encrypted credentials |
-| `credentials/manager.rb`  | ~150  | Load/save encrypted files       |
-| `credentials/crypto.rb`   | ~100  | AES encryption                  |
-
-**Total: ~385 lines**
-
----
-
-## Target Structure
-
-```
-lib/nvoi/cli/credentials/
-├── edit/
-│   └── command.rb      # nvoi credentials edit
-└── show/
-    └── command.rb      # nvoi credentials show
-```
-
-Note: `crypto.rb` and `manager.rb` move to `utils/` (see 02-utils.md)
-
----
-
-## What Each Command Does
-
-### credentials edit
-
-1. Load or create credentials file
-2. Decrypt to temp file
-3. Open in $EDITOR
-4. Validate YAML on save
-5. Re-encrypt
-6. Update .gitignore if first run
-
-### credentials show
-
-1. Load credentials file
-2. Decrypt
-3. Print to stdout
-
----
-
-## Target Implementation
-
-```ruby
-# cli/credentials/edit/command.rb
-module Nvoi
-  module CLI
-    module Credentials
-      module Edit
-        class Command
-          def initialize(options)
-            @options = options
-            @log = Utils::Logger.new
-          end
-
-          def run
-            working_dir = resolve_working_dir
-            store = Utils::CredentialStore.new(working_dir, @options[:credentials], @options[:master_key])
-
-            if store.exists?
-              edit_existing(store)
-            else
-              create_new(store)
-            end
-          end
-
-          private
-
-          def edit_existing(store)
-            content = store.read
-            new_content = open_in_editor(content)
-            validate_yaml!(new_content)
-            store.write(new_content)
-            @log.success "Credentials updated"
-          end
-
-          def create_new(store)
-            @log.info "Creating new credentials file"
-            template = default_template
-            new_content = open_in_editor(template)
-            validate_yaml!(new_content)
-            store.write(new_content)
-            store.update_gitignore
-            @log.success "Credentials created"
-            @log.warning "Keep your master key safe!"
-          end
-
-          def open_in_editor(content)
-            # Write to temp file, exec $EDITOR, read back
-          end
-
-          def validate_yaml!(content)
-            YAML.safe_load(content)
-          rescue Psych::SyntaxError => e
-            raise ConfigError, "Invalid YAML: #{e.message}"
-          end
-        end
-      end
-    end
-  end
-end
-```
-
-```ruby
-# cli/credentials/show/command.rb
-module Nvoi
-  module CLI
-    module Credentials
-      module Show
-        class Command
-          def initialize(options)
-            @options = options
-          end
-
-          def run
-            working_dir = resolve_working_dir
-            store = Utils::CredentialStore.new(working_dir, @options[:credentials], @options[:master_key])
-            puts store.read
-          end
-        end
-      end
-    end
-  end
-end
-```
-
----
-
-## DRY Opportunities
-
-### 1. Merge Crypto + Manager → CredentialStore
-
-Already planned in 02-utils.md. Single class:
-
-```ruby
-# utils/crypto.rb
-class CredentialStore
-  def initialize(working_dir, enc_path = nil, key_path = nil)
-  def exists? → bool
-  def read → String
-  def write(content)
-  def update_gitignore
-end
-```
-
-### 2. Remove Editor Class
-
-Current `credentials/editor.rb` is thin wrapper. Logic goes directly into command.
-
-### 3. YAML Validation
-
-Move to utils for reuse:
-
-```ruby
-# utils/config_loader.rb
-def self.validate_yaml!(content)
-  YAML.safe_load(content, permitted_classes: [Symbol])
-end
-```
-
----
-
-## Migration Steps
-
-1. Move `credentials/crypto.rb` + `credentials/manager.rb` → `utils/crypto.rb` (02-utils.md)
-2. Create `lib/nvoi/cli/credentials/edit/command.rb`
-3. Create `lib/nvoi/cli/credentials/show/command.rb`
-4. Move editor logic into `edit/command.rb`
-5. Delete `credentials/editor.rb`
-6. Update `cli.rb` to route to new commands
-
----
-
-## Estimated Effort
-
-- **Lines to reorganize:** ~385
-- **Files created:** 2
-- **Files deleted:** 3 (`editor.rb`, `manager.rb`, `crypto.rb` → merged to utils)
-- **Net reduction:** ~50 lines (removed wrapper, merged classes)

data/.claude/todo/refactor/12-cli-db-command.md

@@ -1,128 +0,0 @@
-# 12 - CLI: Database Commands
-
-## Priority: FIFTH (parallel with others)
-
----
-
-## Current State (NEW from main)
-
-| File | Lines | Purpose |
-|------|-------|---------|
-| `service/db.rb` | 285 | DbService - database branch operations |
-| `database/provider.rb` | 160 | Base provider + factory + structs |
-| `database/postgres.rb` | ~100 | Postgres dump/restore |
-| `database/mysql.rb` | ~100 | MySQL dump/restore |
-| `database/sqlite.rb` | ~80 | SQLite dump/restore |
-
-**Total: ~725 lines**
-
----
-
-## What It Does
-
-Database "branching" = snapshots for backup/restore:
-
-```bash
-nvoi db branch create [name]      # Dump current DB to file
-nvoi db branch list               # List saved branches
-nvoi db branch restore <id>       # Restore branch to new DB
-nvoi db branch download <id>      # Download dump locally
-```
-
----
-
-## Target Structure
-
-```
-lib/nvoi/cli/db/
-├── command.rb                    # Router for subcommands
-├── branch/
-│   ├── create/
-│   │   └── command.rb
-│   ├── list/
-│   │   └── command.rb
-│   ├── restore/
-│   │   └── command.rb
-│   └── download/
-│       └── command.rb
-```
-
-OR simpler (single file since operations are small):
-
-```
-lib/nvoi/cli/db/
-└── command.rb                    # All branch operations
-```
-
----
-
-## Database Module → External
-
-The `database/` providers are external adapters (talk to DBs via kubectl exec):
-
-```
-lib/nvoi/external/database/
-├── provider.rb                   # Base + factory
-├── postgres.rb
-├── mysql.rb
-└── sqlite.rb
-```
-
-**Note:** These use `kubectl exec` to run dump/restore commands in pods. They're external adapters like cloud providers.
-
----
-
-## Objects to Extract
-
-From `database/provider.rb`:
-
-```ruby
-# objects/database.rb
-Credentials = Struct.new(:user, :password, :host, :port, :database, :path, keyword_init: true)
-DumpOptions = Struct.new(:pod_name, :database, :user, :password, :host_path, keyword_init: true)
-RestoreOptions = Struct.new(:pod_name, :database, :user, :password, :source_db, :host_path, keyword_init: true)
-CreateOptions = Struct.new(:pod_name, :database, :user, :password, keyword_init: true)
-Branch = Struct.new(:id, :created_at, :size, :adapter, :database, keyword_init: true)
-BranchMetadata  # class with branches array
-```
-
----
-
-## DRY Opportunities
-
-### 1. SSH Helper Pattern
-`DbService#with_ssh` creates SSH executor. Same pattern in other services.
-Extract to base or mixin:
-
-```ruby
-# In command base or utils
-def with_master_ssh(config, provider)
-  server_ip = get_master_server_ip(config, provider)
-  ssh = External::SSH.new(server_ip, config.ssh_key_path)
-  yield ssh
-end
-```
-
-### 2. Database Credentials Resolution
-`Config::DatabaseHelper.get_credentials` is called from multiple places.
-Keep in config or move to database provider factory.
-
----
-
-## Migration Steps
-
-1. Create `lib/nvoi/external/database/` directory
-2. Move `database/*.rb` → `external/database/`
-3. Extract Structs to `objects/database.rb`
-4. Create `lib/nvoi/cli/db/command.rb`
-5. Move logic from `service/db.rb` → `cli/db/command.rb`
-6. Delete `service/db.rb`
-
----
-
-## Estimated Effort
-
-- **Lines to reorganize:** ~725
-- **Files created:** 5 (1 command + 4 external/database)
-- **Files deleted/moved:** 5
-- **Net change:** minimal (reorganization)

data/.claude/todo/refactor/_target.md

@@ -1,79 +0,0 @@
-lib/nvoi/
-│
-├── cli.rb # Thor routing only
-│
-├── cli/
-│ ├── deploy/
-│ │ ├── command.rb
-│ │ └── steps/
-│ │ ├── provision_network.rb
-│ │ ├── provision_server.rb
-│ │ ├── provision_volume.rb
-│ │ ├── setup_k3s.rb
-│ │ ├── configure_tunnel.rb
-│ │ ├── build_image.rb
-│ │ ├── deploy_service.rb
-│ │ └── cleanup_images.rb
-│ │
-│ ├── delete/
-│ │ ├── command.rb
-│ │ └── steps/
-│ │ ├── teardown_tunnel.rb
-│ │ ├── teardown_dns.rb
-│ │ ├── detach_volumes.rb
-│ │ ├── teardown_server.rb
-│ │ ├── teardown_volume.rb
-│ │ ├── teardown_firewall.rb
-│ │ └── teardown_network.rb
-│ │
-│ ├── exec/
-│ │ └── command.rb
-│ │
-│ └── credentials/
-│ ├── edit/
-│ │ └── command.rb
-│ └── show/
-│ └── command.rb
-│
-├── external/
-│ ├── cloud/
-│ │ ├── base.rb
-│ │ ├── hetzner.rb
-│ │ ├── aws.rb
-│ │ └── scaleway.rb
-│ ├── dns/
-│ │ └── cloudflare.rb
-│ ├── ssh.rb
-│ ├── kubectl.rb
-│ └── containerd.rb
-│
-├── objects/
-│ ├── server.rb
-│ ├── network.rb
-│ ├── firewall.rb
-│ ├── volume.rb
-│ ├── tunnel.rb
-│ ├── dns_record.rb
-│ ├── zone.rb
-│ ├── service_spec.rb
-│ └── config.rb
-│
-└── utils/
-├── namer.rb
-├── env_resolver.rb
-├── crypto.rb
-├── templates.rb
-├── logger.rb
-└── constants.rb
-
----
-
-Summary:
-
-| Folder        | Purpose                | Rule                                  |
-| ------------- | ---------------------- | ------------------------------------- |
-| cli/          | Command entrypoints    | 1 command = 1 command.rb              |
-| cli/\*/steps/ | Multi-step pipelines   | Only for commands with ordered phases |
-| external/     | Outside world adapters | APIs, SSH, CLIs                       |
-| objects/      | Data structures        | No behavior, just shape               |
-| utils/        | Stateless helpers      | Used everywhere                       |