@brewnet/cli 0.0.1

package/dist/chunk-JFPHGZ6Z.js

@@ -0,0 +1,254 @@
+#!/usr/bin/env node
+
+// src/services/cloudflare-client.ts
+import crypto from "crypto";
+var CF_BASE = "https://api.cloudflare.com/client/v4";
+function cfHeaders(apiToken) {
+  return {
+    "Authorization": `Bearer ${apiToken}`,
+    "Content-Type": "application/json"
+  };
+}
+async function fetchWithRetry(url, init, config = {}) {
+  const maxRetries = config.maxRetries ?? 3;
+  const baseDelayMs = config.baseDelayMs ?? 1e3;
+  let lastError;
+  for (let attempt = 0; attempt <= maxRetries; attempt++) {
+    try {
+      const response = await fetch(url, init);
+      if (response.status === 400 || response.status === 401 || response.status === 403) {
+        return response;
+      }
+      if (response.status >= 500 || response.status === 429) {
+        if (attempt < maxRetries) {
+          await retryDelay(attempt, baseDelayMs);
+          continue;
+        }
+        return response;
+      }
+      return response;
+    } catch (err) {
+      lastError = err;
+      if (attempt < maxRetries) {
+        await retryDelay(attempt, baseDelayMs);
+        continue;
+      }
+    }
+  }
+  throw lastError ?? new Error("fetchWithRetry: exhausted retries");
+}
+function retryDelay(attempt, baseDelayMs) {
+  const jitterFactor = 0.9 + Math.random() * 0.2;
+  const delay = baseDelayMs * Math.pow(2, attempt) * jitterFactor;
+  return new Promise((resolve) => setTimeout(resolve, delay));
+}
+async function deleteTunnel(apiToken, accountId, tunnelId) {
+  const url = `${CF_BASE}/accounts/${accountId}/cfd_tunnel/${tunnelId}`;
+  const response = await fetchWithRetry(url, {
+    method: "DELETE",
+    headers: cfHeaders(apiToken)
+  });
+  if (response.status === 404) {
+    return;
+  }
+  const data = await response.json();
+  if (!response.ok || !data.success) {
+    const errMsg = data.errors?.[0]?.message ?? `HTTP ${response.status}`;
+    if (response.status === 400 && errMsg.toLowerCase().includes("active connection")) {
+      throw new Error(
+        `\uD130\uB110 \uC0AD\uC81C \uC2E4\uD328: \uD65C\uC131 \uC5F0\uACB0\uC774 \uC788\uC2B5\uB2C8\uB2E4. cloudflared \uCEE8\uD14C\uC774\uB108\uB97C \uBA3C\uC800 \uC911\uC9C0\uD558\uC138\uC694. (${errMsg})`
+      );
+    }
+    throw new Error(`\uD130\uB110 \uC0AD\uC81C \uC2E4\uD328: ${errMsg}`);
+  }
+}
+async function verifyToken(apiToken) {
+  const verifyResp = await fetch(`${CF_BASE}/user/tokens/verify`, {
+    headers: cfHeaders(apiToken)
+  });
+  const verifyData = await verifyResp.json();
+  if (!verifyResp.ok || !verifyData.success || verifyData.result?.status !== "active") {
+    return { valid: false };
+  }
+  const userResp = await fetch(`${CF_BASE}/user`, {
+    headers: cfHeaders(apiToken)
+  });
+  const userData = await userResp.json();
+  const email = userData.success ? userData.result?.email : void 0;
+  return { valid: true, email };
+}
+async function getAccounts(apiToken) {
+  const response = await fetch(`${CF_BASE}/accounts`, {
+    headers: cfHeaders(apiToken)
+  });
+  const data = await response.json();
+  if (!response.ok || !data.success) return [];
+  return data.result ?? [];
+}
+async function getZones(apiToken) {
+  const response = await fetch(`${CF_BASE}/zones`, {
+    headers: cfHeaders(apiToken)
+  });
+  const data = await response.json();
+  if (!response.ok || !data.success) return [];
+  return (data.result ?? []).map((z) => ({
+    id: z.id,
+    name: z.name,
+    status: z.status,
+    accountId: z.account?.id
+  }));
+}
+async function createTunnel(apiToken, accountId, name) {
+  const tunnelSecret = crypto.randomBytes(32).toString("base64");
+  const url = `${CF_BASE}/accounts/${accountId}/cfd_tunnel`;
+  const response = await fetch(url, {
+    method: "POST",
+    headers: cfHeaders(apiToken),
+    body: JSON.stringify({
+      name,
+      config_src: "cloudflare",
+      tunnel_secret: tunnelSecret
+    })
+  });
+  const data = await response.json();
+  if (!response.ok || !data.success) {
+    const msg = data.errors?.[0]?.message ?? `HTTP ${response.status}`;
+    throw new Error(msg);
+  }
+  if (!data.result?.id || !data.result?.token) {
+    throw new Error("Cloudflare API returned unexpected response (missing id or token)");
+  }
+  return {
+    tunnelId: data.result.id,
+    tunnelToken: data.result.token
+  };
+}
+async function configureTunnelIngress(apiToken, accountId, tunnelId, domain, routes) {
+  const url = `${CF_BASE}/accounts/${accountId}/cfd_tunnel/${tunnelId}/configurations`;
+  const ingress = [
+    ...routes.map((r) => ({
+      hostname: `${r.subdomain}.${r.domain ?? domain}`,
+      service: `http://${r.containerName}:${r.port}`
+    })),
+    { service: "http_status:404" }
+  ];
+  const response = await fetch(url, {
+    method: "PUT",
+    headers: cfHeaders(apiToken),
+    body: JSON.stringify({ config: { ingress } })
+  });
+  const data = await response.json();
+  if (!response.ok || !data.success) {
+    const msg = data.errors?.[0]?.message ?? `HTTP ${response.status}`;
+    throw new Error(`Failed to configure ingress: ${msg}`);
+  }
+}
+async function createDnsRecord(apiToken, zoneId, tunnelId, subdomain, domain) {
+  const url = `${CF_BASE}/zones/${zoneId}/dns_records`;
+  const response = await fetch(url, {
+    method: "POST",
+    headers: cfHeaders(apiToken),
+    body: JSON.stringify({
+      type: "CNAME",
+      name: `${subdomain}.${domain}`,
+      content: `${tunnelId}.cfargotunnel.com`,
+      proxied: true
+    })
+  });
+  const data = await response.json();
+  if (!response.ok || !data.success) {
+    const msg = data.errors?.[0]?.message ?? `HTTP ${response.status}`;
+    if (!msg.toLowerCase().includes("already exists")) {
+      throw new Error(`DNS record creation failed: ${msg}`);
+    }
+  }
+}
+async function getDnsRecords(apiToken, zoneId, hostname) {
+  const url = `${CF_BASE}/zones/${zoneId}/dns_records?type=CNAME&name=${encodeURIComponent(hostname)}`;
+  const response = await fetchWithRetry(url, {
+    headers: cfHeaders(apiToken)
+  });
+  const data = await response.json();
+  if (!response.ok || !data.success) {
+    const msg = data.errors?.[0]?.message ?? `HTTP ${response.status}`;
+    throw new Error(`Failed to query DNS records: ${msg}`);
+  }
+  return data.result ?? [];
+}
+async function deleteDnsRecord(apiToken, zoneId, recordId) {
+  const url = `${CF_BASE}/zones/${zoneId}/dns_records/${recordId}`;
+  const response = await fetchWithRetry(url, {
+    method: "DELETE",
+    headers: cfHeaders(apiToken)
+  });
+  if (response.status === 404) {
+    return;
+  }
+  const data = await response.json();
+  if (!response.ok || !data.success) {
+    const msg = data.errors?.[0]?.message ?? `HTTP ${response.status}`;
+    throw new Error(`Failed to delete DNS record: ${msg}`);
+  }
+}
+async function getTunnelHealth(apiToken, accountId, tunnelId) {
+  const url = `${CF_BASE}/accounts/${accountId}/cfd_tunnel/${tunnelId}`;
+  const response = await fetchWithRetry(url, {
+    headers: cfHeaders(apiToken)
+  });
+  const data = await response.json();
+  if (!response.ok || !data.success) {
+    const msg = data.errors?.[0]?.message ?? `HTTP ${response.status}`;
+    throw new Error(`Failed to get tunnel health: ${msg}`);
+  }
+  const rawStatus = data.result?.status ?? "inactive";
+  const connectorCount = data.result?.connections?.length ?? 0;
+  const status = rawStatus === "healthy" ? "healthy" : rawStatus === "degraded" ? "degraded" : "inactive";
+  return { status, connectorCount };
+}
+function buildTokenCreationUrl(projectName) {
+  const perms = encodeURIComponent(
+    JSON.stringify([
+      { key: "cloudflare_tunnel", type: "edit" },
+      { key: "dns", type: "edit" }
+    ])
+  );
+  return `https://dash.cloudflare.com/profile/api-tokens?permissionGroupKeys=${perms}&name=brewnet-${projectName}`;
+}
+function getActiveServiceRoutes(state) {
+  const routes = [];
+  routes.push({ subdomain: "git", containerName: "gitea", port: 3e3 });
+  if (state.servers.fileServer?.enabled) {
+    if (state.servers.fileServer.service === "nextcloud") {
+      routes.push({ subdomain: "cloud", containerName: "nextcloud", port: 80 });
+    } else if (state.servers.fileServer.service === "minio") {
+      routes.push({ subdomain: "minio", containerName: "minio", port: 9001 });
+    }
+  }
+  if (state.servers.media?.enabled && state.servers.media.services?.includes("jellyfin")) {
+    routes.push({ subdomain: "media", containerName: "jellyfin", port: 8096 });
+  }
+  if (state.servers.dbServer?.enabled && state.servers.dbServer.adminUI && state.servers.dbServer.primary === "postgresql") {
+    routes.push({ subdomain: "pgadmin", containerName: "pgadmin", port: 80 });
+  }
+  if (state.servers.fileBrowser?.enabled) {
+    routes.push({ subdomain: "files", containerName: "filebrowser", port: 80 });
+  }
+  return routes;
+}
+
+export {
+  fetchWithRetry,
+  deleteTunnel,
+  verifyToken,
+  getAccounts,
+  getZones,
+  createTunnel,
+  configureTunnelIngress,
+  createDnsRecord,
+  getDnsRecords,
+  deleteDnsRecord,
+  getTunnelHealth,
+  buildTokenCreationUrl,
+  getActiveServiceRoutes
+};
+//# sourceMappingURL=chunk-JFPHGZ6Z.js.map

package/dist/chunk-JFPHGZ6Z.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/services/cloudflare-client.ts"],"sourcesContent":["/**\n * Cloudflare API client for Brewnet tunnel automation.\n *\n * Covers the full tunnel setup flow:\n *   1. Token verification\n *   2. Account listing / auto-selection\n *   3. Zone (domain) listing / selection\n *   4. Tunnel creation\n *   5. Ingress rule configuration\n *   6. DNS CNAME record creation\n *\n * API reference:\n *   https://developers.cloudflare.com/api/\n *\n * @module services/cloudflare-client\n */\n\nimport crypto from 'node:crypto';\nimport type { WizardState } from '@brewnet/shared';\n\n// ---------------------------------------------------------------------------\n// Types\n// ---------------------------------------------------------------------------\n\nexport interface ServiceRoute {\n  subdomain: string;\n  containerName: string;\n  port: number;\n  /** Per-route domain override. When set, takes precedence over the shared `domain` param in configureTunnelIngress. */\n  domain?: string;\n}\n\nexport interface RetryConfig {\n  /** Maximum number of retry attempts (default: 3) */\n  maxRetries?: number;\n  /** Base delay in ms before first retry (default: 1000) */\n  baseDelayMs?: number;\n}\n\n// ---------------------------------------------------------------------------\n// Internal helpers\n// ---------------------------------------------------------------------------\n\nconst CF_BASE = 'https://api.cloudflare.com/client/v4';\n\nfunction cfHeaders(apiToken: string): Record<string, string> {\n  return {\n    'Authorization': `Bearer ${apiToken}`,\n    'Content-Type': 'application/json',\n  };\n}\n\n// ---------------------------------------------------------------------------\n// fetchWithRetry\n// ---------------------------------------------------------------------------\n\n/**\n * Wrapper around `fetch` with exponential backoff retry logic.\n *\n * Retry conditions:\n *   - Network errors (fetch throws)\n *   - HTTP 5xx responses\n *   - HTTP 429 (rate limit)\n *\n * No retry conditions:\n *   - HTTP 400 / 401 / 403 (client errors — retrying won't help)\n *   - Other 4xx responses\n *\n * Backoff: baseDelay * 2^attempt ± 10% jitter (default: 1s → 2s → 4s)\n */\nexport async function fetchWithRetry(\n  url: string,\n  init?: RequestInit,\n  config: RetryConfig = {},\n): Promise<Response> {\n  const maxRetries = config.maxRetries ?? 3;\n  const baseDelayMs = config.baseDelayMs ?? 1000;\n\n  let lastError: unknown;\n\n  for (let attempt = 0; attempt <= maxRetries; attempt++) {\n    try {\n      const response = await fetch(url, init);\n\n      // No retry for auth/client errors\n      if (response.status === 400 || response.status === 401 || response.status === 403) {\n        return response;\n      }\n\n      // Retry on 5xx or 429\n      if (response.status >= 500 || response.status === 429) {\n        if (attempt < maxRetries) {\n          await retryDelay(attempt, baseDelayMs);\n          continue;\n        }\n        return response;\n      }\n\n      return response;\n    } catch (err) {\n      // Network error — retry\n      lastError = err;\n      if (attempt < maxRetries) {\n        await retryDelay(attempt, baseDelayMs);\n        continue;\n      }\n    }\n  }\n\n  throw lastError ?? new Error('fetchWithRetry: exhausted retries');\n}\n\nfunction retryDelay(attempt: number, baseDelayMs: number): Promise<void> {\n  const jitterFactor = 0.9 + Math.random() * 0.2; // ±10%\n  const delay = baseDelayMs * Math.pow(2, attempt) * jitterFactor;\n  return new Promise((resolve) => setTimeout(resolve, delay));\n}\n\n// ---------------------------------------------------------------------------\n// deleteTunnel\n// ---------------------------------------------------------------------------\n\n/**\n * Delete a Cloudflare Tunnel via the API.\n *\n * DELETE /client/v4/accounts/{accountId}/cfd_tunnel/{tunnelId}\n *\n * Throws with a descriptive error if the tunnel has active connections\n * (HTTP 400) or if the request fails for any other reason.\n *\n * Used during auto-rollback when tunnel setup fails partway through.\n */\nexport async function deleteTunnel(\n  apiToken: string,\n  accountId: string,\n  tunnelId: string,\n): Promise<void> {\n  const url = `${CF_BASE}/accounts/${accountId}/cfd_tunnel/${tunnelId}`;\n\n  const response = await fetchWithRetry(url, {\n    method: 'DELETE',\n    headers: cfHeaders(apiToken),\n  });\n\n  if (response.status === 404) {\n    // Already deleted — treat as success\n    return;\n  }\n\n  const data = (await response.json()) as {\n    success: boolean;\n    errors?: Array<{ message: string; code?: number }>;\n  };\n\n  if (!response.ok || !data.success) {\n    const errMsg = data.errors?.[0]?.message ?? `HTTP ${response.status}`;\n    if (response.status === 400 && errMsg.toLowerCase().includes('active connection')) {\n      throw new Error(\n        `터널 삭제 실패: 활성 연결이 있습니다. cloudflared 컨테이너를 먼저 중지하세요. (${errMsg})`,\n      );\n    }\n    throw new Error(`터널 삭제 실패: ${errMsg}`);\n  }\n}\n\n// ---------------------------------------------------------------------------\n// verifyToken\n// ---------------------------------------------------------------------------\n\n/**\n * Verify a Cloudflare API token and retrieve the associated account email.\n *\n * GET /client/v4/user/tokens/verify\n * GET /client/v4/user  (to get email)\n */\nexport async function verifyToken(\n  apiToken: string,\n): Promise<{ valid: boolean; email?: string }> {\n  const verifyResp = await fetch(`${CF_BASE}/user/tokens/verify`, {\n    headers: cfHeaders(apiToken),\n  });\n\n  const verifyData = (await verifyResp.json()) as {\n    success: boolean;\n    result?: { status: string };\n  };\n\n  if (!verifyResp.ok || !verifyData.success || verifyData.result?.status !== 'active') {\n    return { valid: false };\n  }\n\n  // Fetch email from /user endpoint\n  const userResp = await fetch(`${CF_BASE}/user`, {\n    headers: cfHeaders(apiToken),\n  });\n  const userData = (await userResp.json()) as {\n    success: boolean;\n    result?: { email: string };\n  };\n\n  const email = userData.success ? userData.result?.email : undefined;\n  return { valid: true, email };\n}\n\n// ---------------------------------------------------------------------------\n// getAccounts\n// ---------------------------------------------------------------------------\n\n/**\n * List all Cloudflare accounts accessible with the given token.\n *\n * GET /client/v4/accounts\n */\nexport async function getAccounts(\n  apiToken: string,\n): Promise<Array<{ id: string; name: string }>> {\n  const response = await fetch(`${CF_BASE}/accounts`, {\n    headers: cfHeaders(apiToken),\n  });\n\n  const data = (await response.json()) as {\n    success: boolean;\n    result?: Array<{ id: string; name: string }>;\n  };\n\n  if (!response.ok || !data.success) return [];\n  return data.result ?? [];\n}\n\n// ---------------------------------------------------------------------------\n// getZones\n// ---------------------------------------------------------------------------\n\n/**\n * List all DNS zones (domains) accessible with the given token.\n *\n * GET /client/v4/zones\n */\nexport async function getZones(\n  apiToken: string,\n): Promise<Array<{ id: string; name: string; status: string; accountId?: string }>> {\n  const response = await fetch(`${CF_BASE}/zones`, {\n    headers: cfHeaders(apiToken),\n  });\n\n  const data = (await response.json()) as {\n    success: boolean;\n    result?: Array<{ id: string; name: string; status: string; account?: { id: string } }>;\n  };\n\n  if (!response.ok || !data.success) return [];\n  return (data.result ?? []).map((z) => ({\n    id: z.id,\n    name: z.name,\n    status: z.status,\n    accountId: z.account?.id,\n  }));\n}\n\n// ---------------------------------------------------------------------------\n// createTunnel\n// ---------------------------------------------------------------------------\n\n/**\n * Create a Cloudflare Tunnel via the API.\n *\n * POST /client/v4/accounts/{accountId}/cfd_tunnel\n */\nexport async function createTunnel(\n  apiToken: string,\n  accountId: string,\n  name: string,\n): Promise<{ tunnelId: string; tunnelToken: string }> {\n  const tunnelSecret = crypto.randomBytes(32).toString('base64');\n  const url = `${CF_BASE}/accounts/${accountId}/cfd_tunnel`;\n\n  const response = await fetch(url, {\n    method: 'POST',\n    headers: cfHeaders(apiToken),\n    body: JSON.stringify({\n      name,\n      config_src: 'cloudflare',\n      tunnel_secret: tunnelSecret,\n    }),\n  });\n\n  const data = (await response.json()) as {\n    success: boolean;\n    result?: { id: string; token: string };\n    errors?: Array<{ message: string }>;\n  };\n\n  if (!response.ok || !data.success) {\n    const msg = data.errors?.[0]?.message ?? `HTTP ${response.status}`;\n    throw new Error(msg);\n  }\n\n  if (!data.result?.id || !data.result?.token) {\n    throw new Error('Cloudflare API returned unexpected response (missing id or token)');\n  }\n\n  return {\n    tunnelId: data.result.id,\n    tunnelToken: data.result.token,\n  };\n}\n\n// ---------------------------------------------------------------------------\n// configureTunnelIngress\n// ---------------------------------------------------------------------------\n\n/**\n * Configure ingress rules for a Cloudflare Tunnel.\n *\n * PUT /client/v4/accounts/{accountId}/cfd_tunnel/{tunnelId}/configurations\n */\nexport async function configureTunnelIngress(\n  apiToken: string,\n  accountId: string,\n  tunnelId: string,\n  domain: string,\n  routes: ServiceRoute[],\n): Promise<void> {\n  const url = `${CF_BASE}/accounts/${accountId}/cfd_tunnel/${tunnelId}/configurations`;\n\n  const ingress = [\n    ...routes.map((r) => ({\n      hostname: `${r.subdomain}.${r.domain ?? domain}`,\n      service: `http://${r.containerName}:${r.port}`,\n    })),\n    { service: 'http_status:404' },\n  ];\n\n  const response = await fetch(url, {\n    method: 'PUT',\n    headers: cfHeaders(apiToken),\n    body: JSON.stringify({ config: { ingress } }),\n  });\n\n  const data = (await response.json()) as {\n    success: boolean;\n    errors?: Array<{ message: string }>;\n  };\n\n  if (!response.ok || !data.success) {\n    const msg = data.errors?.[0]?.message ?? `HTTP ${response.status}`;\n    throw new Error(`Failed to configure ingress: ${msg}`);\n  }\n}\n\n// ---------------------------------------------------------------------------\n// createDnsRecord\n// ---------------------------------------------------------------------------\n\n/**\n * Create a CNAME DNS record pointing to the Cloudflare Tunnel.\n *\n * POST /client/v4/zones/{zoneId}/dns_records\n * Record: {subdomain}.{domain} → {tunnelId}.cfargotunnel.com (proxied)\n */\nexport async function createDnsRecord(\n  apiToken: string,\n  zoneId: string,\n  tunnelId: string,\n  subdomain: string,\n  domain: string,\n): Promise<void> {\n  const url = `${CF_BASE}/zones/${zoneId}/dns_records`;\n\n  const response = await fetch(url, {\n    method: 'POST',\n    headers: cfHeaders(apiToken),\n    body: JSON.stringify({\n      type: 'CNAME',\n      name: `${subdomain}.${domain}`,\n      content: `${tunnelId}.cfargotunnel.com`,\n      proxied: true,\n    }),\n  });\n\n  const data = (await response.json()) as {\n    success: boolean;\n    errors?: Array<{ message: string }>;\n  };\n\n  if (!response.ok || !data.success) {\n    const msg = data.errors?.[0]?.message ?? `HTTP ${response.status}`;\n    // Non-fatal if record already exists\n    if (!msg.toLowerCase().includes('already exists')) {\n      throw new Error(`DNS record creation failed: ${msg}`);\n    }\n  }\n}\n\n// ---------------------------------------------------------------------------\n// getDnsRecords\n// ---------------------------------------------------------------------------\n\n/**\n * Query CNAME DNS records for a specific hostname in a zone.\n *\n * GET /client/v4/zones/{zoneId}/dns_records?type=CNAME&name={hostname}\n */\nexport async function getDnsRecords(\n  apiToken: string,\n  zoneId: string,\n  hostname: string,\n): Promise<Array<{ id: string; name: string; content: string; proxied: boolean }>> {\n  const url = `${CF_BASE}/zones/${zoneId}/dns_records?type=CNAME&name=${encodeURIComponent(hostname)}`;\n\n  const response = await fetchWithRetry(url, {\n    headers: cfHeaders(apiToken),\n  });\n\n  const data = (await response.json()) as {\n    success: boolean;\n    result?: Array<{ id: string; name: string; content: string; proxied: boolean }>;\n    errors?: Array<{ message: string }>;\n  };\n\n  if (!response.ok || !data.success) {\n    const msg = data.errors?.[0]?.message ?? `HTTP ${response.status}`;\n    throw new Error(`Failed to query DNS records: ${msg}`);\n  }\n\n  return data.result ?? [];\n}\n\n// ---------------------------------------------------------------------------\n// deleteDnsRecord\n// ---------------------------------------------------------------------------\n\n/**\n * Delete a DNS record by ID.\n *\n * DELETE /client/v4/zones/{zoneId}/dns_records/{recordId}\n */\nexport async function deleteDnsRecord(\n  apiToken: string,\n  zoneId: string,\n  recordId: string,\n): Promise<void> {\n  const url = `${CF_BASE}/zones/${zoneId}/dns_records/${recordId}`;\n\n  const response = await fetchWithRetry(url, {\n    method: 'DELETE',\n    headers: cfHeaders(apiToken),\n  });\n\n  if (response.status === 404) {\n    // Already deleted — treat as success\n    return;\n  }\n\n  const data = (await response.json()) as {\n    success: boolean;\n    errors?: Array<{ message: string }>;\n  };\n\n  if (!response.ok || !data.success) {\n    const msg = data.errors?.[0]?.message ?? `HTTP ${response.status}`;\n    throw new Error(`Failed to delete DNS record: ${msg}`);\n  }\n}\n\n// ---------------------------------------------------------------------------\n// getTunnelHealth\n// ---------------------------------------------------------------------------\n\n/**\n * Query the health of a Cloudflare Tunnel.\n *\n * GET /client/v4/accounts/{accountId}/cfd_tunnel/{tunnelId}\n *\n * Returns the tunnel status and number of active connectors.\n * Used for health verification after tunnel creation and for `brewnet domain tunnel status`.\n */\nexport async function getTunnelHealth(\n  apiToken: string,\n  accountId: string,\n  tunnelId: string,\n): Promise<{ status: 'healthy' | 'degraded' | 'inactive'; connectorCount: number }> {\n  const url = `${CF_BASE}/accounts/${accountId}/cfd_tunnel/${tunnelId}`;\n\n  const response = await fetchWithRetry(url, {\n    headers: cfHeaders(apiToken),\n  });\n\n  const data = (await response.json()) as {\n    success: boolean;\n    result?: {\n      status: string;\n      connections?: Array<unknown>;\n    };\n    errors?: Array<{ message: string }>;\n  };\n\n  if (!response.ok || !data.success) {\n    const msg = data.errors?.[0]?.message ?? `HTTP ${response.status}`;\n    throw new Error(`Failed to get tunnel health: ${msg}`);\n  }\n\n  const rawStatus = data.result?.status ?? 'inactive';\n  const connectorCount = data.result?.connections?.length ?? 0;\n\n  const status: 'healthy' | 'degraded' | 'inactive' =\n    rawStatus === 'healthy' ? 'healthy'\n    : rawStatus === 'degraded' ? 'degraded'\n    : 'inactive';\n\n  return { status, connectorCount };\n}\n\n// ---------------------------------------------------------------------------\n// buildTokenCreationUrl\n// ---------------------------------------------------------------------------\n\n/**\n * Build a pre-filled Cloudflare API Token creation URL.\n *\n * Sets permissions: Cloudflare Tunnel (Edit) + DNS (Edit)\n * Sets name: brewnet-{projectName}\n */\nexport function buildTokenCreationUrl(projectName: string): string {\n  const perms = encodeURIComponent(\n    JSON.stringify([\n      { key: 'cloudflare_tunnel', type: 'edit' },\n      { key: 'dns', type: 'edit' },\n    ]),\n  );\n  return `https://dash.cloudflare.com/profile/api-tokens?permissionGroupKeys=${perms}&name=brewnet-${projectName}`;\n}\n\n// ---------------------------------------------------------------------------\n// getActiveServiceRoutes\n// ---------------------------------------------------------------------------\n\n/**\n * Build the list of service routes to expose through the Cloudflare Tunnel.\n * Called after server component selection to determine which ingress rules to create.\n */\nexport function getActiveServiceRoutes(state: WizardState): ServiceRoute[] {\n  const routes: ServiceRoute[] = [];\n\n  // Git server (always enabled)\n  routes.push({ subdomain: 'git', containerName: 'gitea', port: 3000 });\n\n  // File server\n  if (state.servers.fileServer?.enabled) {\n    if (state.servers.fileServer.service === 'nextcloud') {\n      routes.push({ subdomain: 'cloud', containerName: 'nextcloud', port: 80 });\n    } else if (state.servers.fileServer.service === 'minio') {\n      routes.push({ subdomain: 'minio', containerName: 'minio', port: 9001 });\n    }\n  }\n\n  // Media\n  if (state.servers.media?.enabled && state.servers.media.services?.includes('jellyfin')) {\n    routes.push({ subdomain: 'media', containerName: 'jellyfin', port: 8096 });\n  }\n\n  // Database admin UI (pgAdmin for PostgreSQL)\n  if (\n    state.servers.dbServer?.enabled &&\n    state.servers.dbServer.adminUI &&\n    state.servers.dbServer.primary === 'postgresql'\n  ) {\n    routes.push({ subdomain: 'pgadmin', containerName: 'pgadmin', port: 80 });\n  }\n\n  // FileBrowser\n  if (state.servers.fileBrowser?.enabled) {\n    routes.push({ subdomain: 'files', containerName: 'filebrowser', port: 80 });\n  }\n\n  return routes;\n}\n"],"mappings":";;;AAiBA,OAAO,YAAY;AA0BnB,IAAM,UAAU;AAEhB,SAAS,UAAU,UAA0C;AAC3D,SAAO;AAAA,IACL,iBAAiB,UAAU,QAAQ;AAAA,IACnC,gBAAgB;AAAA,EAClB;AACF;AAoBA,eAAsB,eACpB,KACA,MACA,SAAsB,CAAC,GACJ;AACnB,QAAM,aAAa,OAAO,cAAc;AACxC,QAAM,cAAc,OAAO,eAAe;AAE1C,MAAI;AAEJ,WAAS,UAAU,GAAG,WAAW,YAAY,WAAW;AACtD,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,KAAK,IAAI;AAGtC,UAAI,SAAS,WAAW,OAAO,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACjF,eAAO;AAAA,MACT;AAGA,UAAI,SAAS,UAAU,OAAO,SAAS,WAAW,KAAK;AACrD,YAAI,UAAU,YAAY;AACxB,gBAAM,WAAW,SAAS,WAAW;AACrC;AAAA,QACF;AACA,eAAO;AAAA,MACT;AAEA,aAAO;AAAA,IACT,SAAS,KAAK;AAEZ,kBAAY;AACZ,UAAI,UAAU,YAAY;AACxB,cAAM,WAAW,SAAS,WAAW;AACrC;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,QAAM,aAAa,IAAI,MAAM,mCAAmC;AAClE;AAEA,SAAS,WAAW,SAAiB,aAAoC;AACvE,QAAM,eAAe,MAAM,KAAK,OAAO,IAAI;AAC3C,QAAM,QAAQ,cAAc,KAAK,IAAI,GAAG,OAAO,IAAI;AACnD,SAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,KAAK,CAAC;AAC5D;AAgBA,eAAsB,aACpB,UACA,WACA,UACe;AACf,QAAM,MAAM,GAAG,OAAO,aAAa,SAAS,eAAe,QAAQ;AAEnE,QAAM,WAAW,MAAM,eAAe,KAAK;AAAA,IACzC,QAAQ;AAAA,IACR,SAAS,UAAU,QAAQ;AAAA,EAC7B,CAAC;AAED,MAAI,SAAS,WAAW,KAAK;AAE3B;AAAA,EACF;AAEA,QAAM,OAAQ,MAAM,SAAS,KAAK;AAKlC,MAAI,CAAC,SAAS,MAAM,CAAC,KAAK,SAAS;AACjC,UAAM,SAAS,KAAK,SAAS,CAAC,GAAG,WAAW,QAAQ,SAAS,MAAM;AACnE,QAAI,SAAS,WAAW,OAAO,OAAO,YAAY,EAAE,SAAS,mBAAmB,GAAG;AACjF,YAAM,IAAI;AAAA,QACR,8LAAuD,MAAM;AAAA,MAC/D;AAAA,IACF;AACA,UAAM,IAAI,MAAM,2CAAa,MAAM,EAAE;AAAA,EACvC;AACF;AAYA,eAAsB,YACpB,UAC6C;AAC7C,QAAM,aAAa,MAAM,MAAM,GAAG,OAAO,uBAAuB;AAAA,IAC9D,SAAS,UAAU,QAAQ;AAAA,EAC7B,CAAC;AAED,QAAM,aAAc,MAAM,WAAW,KAAK;AAK1C,MAAI,CAAC,WAAW,MAAM,CAAC,WAAW,WAAW,WAAW,QAAQ,WAAW,UAAU;AACnF,WAAO,EAAE,OAAO,MAAM;AAAA,EACxB;AAGA,QAAM,WAAW,MAAM,MAAM,GAAG,OAAO,SAAS;AAAA,IAC9C,SAAS,UAAU,QAAQ;AAAA,EAC7B,CAAC;AACD,QAAM,WAAY,MAAM,SAAS,KAAK;AAKtC,QAAM,QAAQ,SAAS,UAAU,SAAS,QAAQ,QAAQ;AAC1D,SAAO,EAAE,OAAO,MAAM,MAAM;AAC9B;AAWA,eAAsB,YACpB,UAC8C;AAC9C,QAAM,WAAW,MAAM,MAAM,GAAG,OAAO,aAAa;AAAA,IAClD,SAAS,UAAU,QAAQ;AAAA,EAC7B,CAAC;AAED,QAAM,OAAQ,MAAM,SAAS,KAAK;AAKlC,MAAI,CAAC,SAAS,MAAM,CAAC,KAAK,QAAS,QAAO,CAAC;AAC3C,SAAO,KAAK,UAAU,CAAC;AACzB;AAWA,eAAsB,SACpB,UACkF;AAClF,QAAM,WAAW,MAAM,MAAM,GAAG,OAAO,UAAU;AAAA,IAC/C,SAAS,UAAU,QAAQ;AAAA,EAC7B,CAAC;AAED,QAAM,OAAQ,MAAM,SAAS,KAAK;AAKlC,MAAI,CAAC,SAAS,MAAM,CAAC,KAAK,QAAS,QAAO,CAAC;AAC3C,UAAQ,KAAK,UAAU,CAAC,GAAG,IAAI,CAAC,OAAO;AAAA,IACrC,IAAI,EAAE;AAAA,IACN,MAAM,EAAE;AAAA,IACR,QAAQ,EAAE;AAAA,IACV,WAAW,EAAE,SAAS;AAAA,EACxB,EAAE;AACJ;AAWA,eAAsB,aACpB,UACA,WACA,MACoD;AACpD,QAAM,eAAe,OAAO,YAAY,EAAE,EAAE,SAAS,QAAQ;AAC7D,QAAM,MAAM,GAAG,OAAO,aAAa,SAAS;AAE5C,QAAM,WAAW,MAAM,MAAM,KAAK;AAAA,IAChC,QAAQ;AAAA,IACR,SAAS,UAAU,QAAQ;AAAA,IAC3B,MAAM,KAAK,UAAU;AAAA,MACnB;AAAA,MACA,YAAY;AAAA,MACZ,eAAe;AAAA,IACjB,CAAC;AAAA,EACH,CAAC;AAED,QAAM,OAAQ,MAAM,SAAS,KAAK;AAMlC,MAAI,CAAC,SAAS,MAAM,CAAC,KAAK,SAAS;AACjC,UAAM,MAAM,KAAK,SAAS,CAAC,GAAG,WAAW,QAAQ,SAAS,MAAM;AAChE,UAAM,IAAI,MAAM,GAAG;AAAA,EACrB;AAEA,MAAI,CAAC,KAAK,QAAQ,MAAM,CAAC,KAAK,QAAQ,OAAO;AAC3C,UAAM,IAAI,MAAM,mEAAmE;AAAA,EACrF;AAEA,SAAO;AAAA,IACL,UAAU,KAAK,OAAO;AAAA,IACtB,aAAa,KAAK,OAAO;AAAA,EAC3B;AACF;AAWA,eAAsB,uBACpB,UACA,WACA,UACA,QACA,QACe;AACf,QAAM,MAAM,GAAG,OAAO,aAAa,SAAS,eAAe,QAAQ;AAEnE,QAAM,UAAU;AAAA,IACd,GAAG,OAAO,IAAI,CAAC,OAAO;AAAA,MACpB,UAAU,GAAG,EAAE,SAAS,IAAI,EAAE,UAAU,MAAM;AAAA,MAC9C,SAAS,UAAU,EAAE,aAAa,IAAI,EAAE,IAAI;AAAA,IAC9C,EAAE;AAAA,IACF,EAAE,SAAS,kBAAkB;AAAA,EAC/B;AAEA,QAAM,WAAW,MAAM,MAAM,KAAK;AAAA,IAChC,QAAQ;AAAA,IACR,SAAS,UAAU,QAAQ;AAAA,IAC3B,MAAM,KAAK,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;AAAA,EAC9C,CAAC;AAED,QAAM,OAAQ,MAAM,SAAS,KAAK;AAKlC,MAAI,CAAC,SAAS,MAAM,CAAC,KAAK,SAAS;AACjC,UAAM,MAAM,KAAK,SAAS,CAAC,GAAG,WAAW,QAAQ,SAAS,MAAM;AAChE,UAAM,IAAI,MAAM,gCAAgC,GAAG,EAAE;AAAA,EACvD;AACF;AAYA,eAAsB,gBACpB,UACA,QACA,UACA,WACA,QACe;AACf,QAAM,MAAM,GAAG,OAAO,UAAU,MAAM;AAEtC,QAAM,WAAW,MAAM,MAAM,KAAK;AAAA,IAChC,QAAQ;AAAA,IACR,SAAS,UAAU,QAAQ;AAAA,IAC3B,MAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,MAAM,GAAG,SAAS,IAAI,MAAM;AAAA,MAC5B,SAAS,GAAG,QAAQ;AAAA,MACpB,SAAS;AAAA,IACX,CAAC;AAAA,EACH,CAAC;AAED,QAAM,OAAQ,MAAM,SAAS,KAAK;AAKlC,MAAI,CAAC,SAAS,MAAM,CAAC,KAAK,SAAS;AACjC,UAAM,MAAM,KAAK,SAAS,CAAC,GAAG,WAAW,QAAQ,SAAS,MAAM;AAEhE,QAAI,CAAC,IAAI,YAAY,EAAE,SAAS,gBAAgB,GAAG;AACjD,YAAM,IAAI,MAAM,+BAA+B,GAAG,EAAE;AAAA,IACtD;AAAA,EACF;AACF;AAWA,eAAsB,cACpB,UACA,QACA,UACiF;AACjF,QAAM,MAAM,GAAG,OAAO,UAAU,MAAM,gCAAgC,mBAAmB,QAAQ,CAAC;AAElG,QAAM,WAAW,MAAM,eAAe,KAAK;AAAA,IACzC,SAAS,UAAU,QAAQ;AAAA,EAC7B,CAAC;AAED,QAAM,OAAQ,MAAM,SAAS,KAAK;AAMlC,MAAI,CAAC,SAAS,MAAM,CAAC,KAAK,SAAS;AACjC,UAAM,MAAM,KAAK,SAAS,CAAC,GAAG,WAAW,QAAQ,SAAS,MAAM;AAChE,UAAM,IAAI,MAAM,gCAAgC,GAAG,EAAE;AAAA,EACvD;AAEA,SAAO,KAAK,UAAU,CAAC;AACzB;AAWA,eAAsB,gBACpB,UACA,QACA,UACe;AACf,QAAM,MAAM,GAAG,OAAO,UAAU,MAAM,gBAAgB,QAAQ;AAE9D,QAAM,WAAW,MAAM,eAAe,KAAK;AAAA,IACzC,QAAQ;AAAA,IACR,SAAS,UAAU,QAAQ;AAAA,EAC7B,CAAC;AAED,MAAI,SAAS,WAAW,KAAK;AAE3B;AAAA,EACF;AAEA,QAAM,OAAQ,MAAM,SAAS,KAAK;AAKlC,MAAI,CAAC,SAAS,MAAM,CAAC,KAAK,SAAS;AACjC,UAAM,MAAM,KAAK,SAAS,CAAC,GAAG,WAAW,QAAQ,SAAS,MAAM;AAChE,UAAM,IAAI,MAAM,gCAAgC,GAAG,EAAE;AAAA,EACvD;AACF;AAcA,eAAsB,gBACpB,UACA,WACA,UACkF;AAClF,QAAM,MAAM,GAAG,OAAO,aAAa,SAAS,eAAe,QAAQ;AAEnE,QAAM,WAAW,MAAM,eAAe,KAAK;AAAA,IACzC,SAAS,UAAU,QAAQ;AAAA,EAC7B,CAAC;AAED,QAAM,OAAQ,MAAM,SAAS,KAAK;AASlC,MAAI,CAAC,SAAS,MAAM,CAAC,KAAK,SAAS;AACjC,UAAM,MAAM,KAAK,SAAS,CAAC,GAAG,WAAW,QAAQ,SAAS,MAAM;AAChE,UAAM,IAAI,MAAM,gCAAgC,GAAG,EAAE;AAAA,EACvD;AAEA,QAAM,YAAY,KAAK,QAAQ,UAAU;AACzC,QAAM,iBAAiB,KAAK,QAAQ,aAAa,UAAU;AAE3D,QAAM,SACJ,cAAc,YAAY,YACxB,cAAc,aAAa,aAC3B;AAEJ,SAAO,EAAE,QAAQ,eAAe;AAClC;AAYO,SAAS,sBAAsB,aAA6B;AACjE,QAAM,QAAQ;AAAA,IACZ,KAAK,UAAU;AAAA,MACb,EAAE,KAAK,qBAAqB,MAAM,OAAO;AAAA,MACzC,EAAE,KAAK,OAAO,MAAM,OAAO;AAAA,IAC7B,CAAC;AAAA,EACH;AACA,SAAO,sEAAsE,KAAK,iBAAiB,WAAW;AAChH;AAUO,SAAS,uBAAuB,OAAoC;AACzE,QAAM,SAAyB,CAAC;AAGhC,SAAO,KAAK,EAAE,WAAW,OAAO,eAAe,SAAS,MAAM,IAAK,CAAC;AAGpE,MAAI,MAAM,QAAQ,YAAY,SAAS;AACrC,QAAI,MAAM,QAAQ,WAAW,YAAY,aAAa;AACpD,aAAO,KAAK,EAAE,WAAW,SAAS,eAAe,aAAa,MAAM,GAAG,CAAC;AAAA,IAC1E,WAAW,MAAM,QAAQ,WAAW,YAAY,SAAS;AACvD,aAAO,KAAK,EAAE,WAAW,SAAS,eAAe,SAAS,MAAM,KAAK,CAAC;AAAA,IACxE;AAAA,EACF;AAGA,MAAI,MAAM,QAAQ,OAAO,WAAW,MAAM,QAAQ,MAAM,UAAU,SAAS,UAAU,GAAG;AACtF,WAAO,KAAK,EAAE,WAAW,SAAS,eAAe,YAAY,MAAM,KAAK,CAAC;AAAA,EAC3E;AAGA,MACE,MAAM,QAAQ,UAAU,WACxB,MAAM,QAAQ,SAAS,WACvB,MAAM,QAAQ,SAAS,YAAY,cACnC;AACA,WAAO,KAAK,EAAE,WAAW,WAAW,eAAe,WAAW,MAAM,GAAG,CAAC;AAAA,EAC1E;AAGA,MAAI,MAAM,QAAQ,aAAa,SAAS;AACtC,WAAO,KAAK,EAAE,WAAW,SAAS,eAAe,eAAe,MAAM,GAAG,CAAC;AAAA,EAC5E;AAEA,SAAO;AACT;","names":[]}