@cardelli/ambit 0.1.4 → 0.2.0

package/esm/src/docker/router/start.sh

@@ -1,146 +0,0 @@
-#!/bin/bash
-set -e
-
-# =============================================================================
-# ambit - Self-Configuring Tailscale Subnet Router
-# =============================================================================
-# State is persisted to /var/lib/tailscale via Fly volume.
-# On first run: creates auth key (with tags), authenticates, approves routes.
-# On restart: reuses existing state, no new device created.
-# =============================================================================
-
-echo "Router: Enabling IP Forwarding"
-echo 'net.ipv4.ip_forward = 1' | tee -a /etc/sysctl.conf
-echo 'net.ipv6.conf.all.forwarding = 1' | tee -a /etc/sysctl.conf
-sysctl -p /etc/sysctl.conf
-
-echo "Router: Starting Tailscaled"
-/usr/local/bin/tailscaled \
-  --state=/var/lib/tailscale/tailscaled.state \
-  --socket=/var/run/tailscale/tailscaled.sock &
-
-# Wait for tailscaled to be ready
-sleep 3
-
-echo "Router: Extracting Fly.io Subnet"
-SUBNET=$(grep fly-local-6pn /etc/hosts | awk '{print $1}' | cut -d: -f1-3)::/48
-echo "Router: Subnet ${SUBNET}"
-
-if /usr/local/bin/tailscale status --json 2>/dev/null | jq -e '.BackendState == "Running"' > /dev/null 2>&1; then
-  echo "Router: Already Authenticated (Using Persisted State)"
-
-  /usr/local/bin/tailscale up \
-    --hostname="${FLY_APP_NAME:-ambit}" \
-    --advertise-routes="${SUBNET}"
-else
-  # First run - need to authenticate
-  if [ -n "${TAILSCALE_API_TOKEN}" ]; then
-    echo "Router: Creating Auth Key (First Run)"
-
-    TAGS_JSON="[]"
-    if [ -n "${TAILSCALE_TAGS}" ]; then
-      TAGS_JSON=$(echo "${TAILSCALE_TAGS}" | jq -R 'split(",")')
-    fi
-
-    AUTH_KEY_RESPONSE=$(curl -s -X POST \
-      -u "${TAILSCALE_API_TOKEN}:" \
-      -H "Content-Type: application/json" \
-      -d "$(jq -n \
-        --argjson tags "${TAGS_JSON}" \
-        '{
-          capabilities: { devices: { create: {
-            reusable: false,
-            ephemeral: false,
-            preauthorized: true,
-            tags: $tags
-          }}},
-          expirySeconds: 300
-        }' | jq 'if .capabilities.devices.create.tags == [] then .capabilities.devices.create |= del(.tags) else . end')" \
-      "https://api.tailscale.com/api/v2/tailnet/-/keys")
-
-    TAILSCALE_AUTHKEY=$(echo "${AUTH_KEY_RESPONSE}" | jq -r '.key')
-
-    if [ -z "${TAILSCALE_AUTHKEY}" ] || [ "${TAILSCALE_AUTHKEY}" = "null" ]; then
-      echo "Router: ERROR - Failed to Create Auth Key"
-      echo "${AUTH_KEY_RESPONSE}"
-      exit 1
-    fi
-
-    echo "Router: Auth Key Created"
-  elif [ -z "${TAILSCALE_AUTHKEY}" ]; then
-    echo "Router: ERROR - No TAILSCALE_API_TOKEN or TAILSCALE_AUTHKEY Provided"
-    exit 1
-  fi
-
-  echo "Router: Authenticating to Tailscale"
-  /usr/local/bin/tailscale up \
-    --authkey="${TAILSCALE_AUTHKEY}" \
-    --hostname="${FLY_APP_NAME:-ambit}" \
-    --advertise-routes="${SUBNET}"
-fi
-
-echo "Router: Getting Node Key"
-NODE_KEY=$(/usr/local/bin/tailscale status --json | jq -r '.Self.PublicKey')
-echo "Router: Node Key ${NODE_KEY}"
-
-# Self-approve routes if we have API access
-# This is a fallback — if the user has autoApprovers configured in their
-# Tailscale policy file, routes are approved automatically and this block
-# is a no-op (routes are already enabled).
-if [ -n "${TAILSCALE_API_TOKEN}" ]; then
-  echo "Router: Finding Device ID"
-
-  DEVICES_RESPONSE=$(curl -s \
-    -u "${TAILSCALE_API_TOKEN}:" \
-    "https://api.tailscale.com/api/v2/tailnet/-/devices")
-
-  DEVICE_ID=$(echo "${DEVICES_RESPONSE}" | jq -r ".devices[] | select(.nodeKey == \"${NODE_KEY}\") | .id")
-
-  if [ -n "${DEVICE_ID}" ] && [ "${DEVICE_ID}" != "null" ]; then
-    echo "Router: Device ID ${DEVICE_ID}"
-    echo "Router: Approving Subnet Routes"
-
-    curl -s -X POST \
-      -u "${TAILSCALE_API_TOKEN}:" \
-      -H "Content-Type: application/json" \
-      -d "{\"routes\": [\"${SUBNET}\"]}" \
-      "https://api.tailscale.com/api/v2/device/${DEVICE_ID}/routes" > /dev/null
-
-    echo "Router: Routes Approved"
-  else
-    echo "Router: WARNING - Could Not Find Device ID"
-    echo "Router: Routes May Need Manual Approval"
-  fi
-fi
-
-echo "Router: Fully Configured"
-
-# Start SOCKS5 proxy for bidirectional tailnet access
-PRIVATE_IP=$(grep fly-local-6pn /etc/hosts | awk '{print $1}')
-echo "Router: Starting SOCKS5 Proxy on [${PRIVATE_IP}]:1080"
-/usr/local/bin/microsocks -i "$PRIVATE_IP" -p 1080 &
-
-echo "Router: Starting DNS Proxy"
-
-# Generate Corefile for CoreDNS
-# Rewrites NETWORK_NAME TLD to .flycast before forwarding to Fly DNS.
-# .flycast resolves to the Flycast address (private_v6) which routes through
-# Fly Proxy — enabling autostart/autostop and load balancing. The Flycast IP
-# is within the network's /48 subnet so it's routable through the tailnet.
-if [ -n "${NETWORK_NAME}" ]; then
-  echo "Router: DNS Rewrite ${NETWORK_NAME} -> flycast"
-  cat > /etc/coredns/Corefile <<EOF
-.:53 {
-    rewrite name suffix .${NETWORK_NAME}. .flycast. answer auto
-    forward . fdaa::3
-}
-EOF
-else
-  cat > /etc/coredns/Corefile <<EOF
-.:53 {
-    forward . fdaa::3
-}
-EOF
-fi
-
-exec /usr/local/bin/coredns -conf /etc/coredns/Corefile

package/esm/src/guard.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"guard.d.ts","sourceRoot":"","sources":["../../src/src/guard.ts"],"names":[],"mappings":"AAWA,OAAO,sBAAsB,CAAC;AAI9B,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAqLtD;;;GAGG;AACH,eAAO,MAAM,WAAW,GAAI,MAAM,MAAM,KAAG,OACN,CAAC;AAMtC,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,iBAAiB;IAChC,mBAAmB,EAAE,MAAM,CAAC;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,mBAAmB,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACjE,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAMD;;;GAGG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAOjD;AAMD;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,eAAe,CAwDhE;AAMD;;;GAGG;AACH,wBAAsB,WAAW,CAC/B,GAAG,EAAE,WAAW,EAChB,GAAG,EAAE,MAAM,EACX,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,iBAAiB,CAAC,CAwF5B"}

package/esm/src/providers/fly.d.ts

@@ -1,70 +0,0 @@
-import "../../_dnt.polyfills.js";
-import { type FlyApp, type FlyAppInfo, type FlyIp, type FlyMachine } from "../schemas/fly.js";
-/**
- * Thrown when a `fly deploy` command fails. Carries the raw stderr so callers
- * can surface it through `out` (respecting JSON mode) instead of printing
- * directly.
- */
-export declare class FlyDeployError extends Error {
-    /** Last meaningful line from flyctl stderr. */
-    readonly detail: string;
-    constructor(app: string, stderr: string);
-}
-export type MachineSize = "shared-cpu-1x" | "shared-cpu-2x" | "shared-cpu-4x";
-export interface MachineConfig {
-    size: MachineSize;
-    memoryMb?: number;
-    region?: string;
-    autoStopSeconds?: number;
-}
-export declare const getSizeConfig: (size: MachineSize) => {
-    cpus: number;
-    memoryMb: number;
-};
-export interface MachineResult {
-    id: string;
-    state: string;
-    size: string;
-    region: string;
-    privateIp?: string;
-}
-export interface SafeDeployOptions {
-    image?: string;
-    config?: string;
-    region?: string;
-}
-export interface FlyProvider {
-    ensureInstalled(): Promise<void>;
-    ensureAuth(options?: {
-        interactive?: boolean;
-    }): Promise<string>;
-    listOrgs(): Promise<Record<string, string>>;
-    createApp(name: string, org: string, options?: {
-        network?: string;
-    }): Promise<void>;
-    deleteApp(name: string): Promise<void>;
-    listApps(org?: string): Promise<FlyApp[]>;
-    appExists(name: string): Promise<boolean>;
-    listMachines(app: string): Promise<FlyMachine[]>;
-    listMachinesMapped(app: string): Promise<MachineResult[]>;
-    createMachine(app: string, config: MachineConfig): Promise<MachineResult>;
-    destroyMachine(app: string, machineId: string): Promise<void>;
-    setSecrets(app: string, secrets: Record<string, string>, options?: {
-        stage?: boolean;
-    }): Promise<void>;
-    routerDeploy(app: string, dockerfilePath: string, config?: {
-        region?: string;
-    }): Promise<void>;
-    listIps(app: string): Promise<FlyIp[]>;
-    releaseIp(app: string, address: string): Promise<void>;
-    allocateFlycastIp(app: string, network: string): Promise<void>;
-    getConfig(app: string): Promise<Record<string, unknown> | null>;
-    deploySafe(app: string, options: SafeDeployOptions): Promise<void>;
-    listCerts(app: string): Promise<string[]>;
-    removeCert(app: string, hostname: string): Promise<void>;
-    getFlyToken(): Promise<string>;
-    listAppsWithNetwork(org: string): Promise<FlyAppInfo[]>;
-}
-export declare const createFlyProvider: () => FlyProvider;
-export declare const getRouterAppName: (network: string, randomSuffix: string) => string;
-//# sourceMappingURL=fly.d.ts.map

package/esm/src/providers/fly.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"fly.d.ts","sourceRoot":"","sources":["../../../src/src/providers/fly.ts"],"names":[],"mappings":"AAGA,OAAO,yBAAyB,CAAC;AAajC,OAAO,EACL,KAAK,MAAM,EACX,KAAK,UAAU,EAIf,KAAK,KAAK,EAEV,KAAK,UAAU,EAMhB,MAAM,mBAAmB,CAAC;AAa3B;;;;GAIG;AACH,qBAAa,cAAe,SAAQ,KAAK;IACvC,+CAA+C;IAC/C,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;gBAEZ,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;CAMxC;AAmBD,MAAM,MAAM,WAAW,GAAG,eAAe,GAAG,eAAe,GAAG,eAAe,CAAC;AAE9E,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,WAAW,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,eAAO,MAAM,aAAa,GACxB,MAAM,WAAW,KAChB;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CASlC,CAAC;AAMF,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAMD,MAAM,WAAW,iBAAiB;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAMD,MAAM,WAAW,WAAW;IAC1B,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,UAAU,CAAC,OAAO,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACjE,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAC5C,SAAS,CACP,IAAI,EAAE,MAAM,EACZ,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,GAC7B,OAAO,CAAC,IAAI,CAAC,CAAC;IACjB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1C,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC1C,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IACjD,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IAC1D,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAC1E,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9D,UAAU,CACR,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC/B,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE,GAC5B,OAAO,CAAC,IAAI,CAAC,CAAC;IACjB,YAAY,CACV,GAAG,EAAE,MAAM,EACX,cAAc,EAAE,MAAM,EACtB,MAAM,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAC3B,OAAO,CAAC,IAAI,CAAC,CAAC;IACjB,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;IACvC,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/D,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;IAChE,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACnE,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1C,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzD,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAC/B,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;CACzD;AAMD,eAAO,MAAM,iBAAiB,QAAO,WA6bpC,CAAC;AAMF,eAAO,MAAM,gBAAgB,GAC3B,SAAS,MAAM,EACf,cAAc,MAAM,KACnB,MAEF,CAAC"}

package/esm/src/providers/fly.js

@@ -1,411 +0,0 @@
-// =============================================================================
-// Fly.io Provider - Wraps flyctl CLI
-// =============================================================================
-import "../../_dnt.polyfills.js";
-import * as dntShim from "../../_dnt.shims.js";
-import { runCommand, runCommandJson, runInteractive, runQuiet, } from "../../lib/command.js";
-import { commandExists, die, Spinner } from "../../lib/cli.js";
-import { dirname, resolve } from "../../deps/jsr.io/@std/path/1.1.4/mod.js";
-import { FlyAppInfoListSchema, FlyAppsListSchema, FlyAuthSchema, FlyIpListSchema, FlyMachinesListSchema, FlyOrgsSchema, FlyStatusSchema, mapFlyMachineSize, mapFlyMachineState, } from "../schemas/fly.js";
-import { fileExists } from "../../lib/cli.js";
-// =============================================================================
-// Constants
-// =============================================================================
-const ROUTER_APP_PREFIX = "ambit-";
-// =============================================================================
-// Deploy Error
-// =============================================================================
-/**
- * Thrown when a `fly deploy` command fails. Carries the raw stderr so callers
- * can surface it through `out` (respecting JSON mode) instead of printing
- * directly.
- */
-export class FlyDeployError extends Error {
-    /** Last meaningful line from flyctl stderr. */
-    detail;
-    constructor(app, stderr) {
-        const detail = extractErrorDetail(stderr);
-        super(`Deploy Failed for '${app}'`);
-        this.name = "FlyDeployError";
-        this.detail = detail;
-    }
-}
-/**
- * Pull the last non-empty, non-decoration line from fly stderr.
- * Fly often prints progress lines then the actual error at the end.
- */
-const extractErrorDetail = (stderr) => {
-    const lines = stderr
-        .split("\n")
-        .map((l) => l.replace(/\x1b\[[0-9;]*m/g, "").trim())
-        .filter((l) => l.length > 0 && !l.startsWith("-->") && l !== "Error");
-    return lines[lines.length - 1] ?? "unknown error";
-};
-export const getSizeConfig = (size) => {
-    switch (size) {
-        case "shared-cpu-1x":
-            return { cpus: 1, memoryMb: 1024 };
-        case "shared-cpu-2x":
-            return { cpus: 2, memoryMb: 2048 };
-        case "shared-cpu-4x":
-            return { cpus: 4, memoryMb: 4096 };
-    }
-};
-// =============================================================================
-// Create Fly Provider
-// =============================================================================
-export const createFlyProvider = () => {
-    return {
-        async ensureInstalled() {
-            if (!(await commandExists("fly"))) {
-                return die("Flyctl Not Found. Install from https://fly.io/docs/flyctl/install/");
-            }
-        },
-        async ensureAuth(options) {
-            const interactive = options?.interactive ?? true;
-            const result = await runCommand(["fly", "auth", "whoami", "--json"]);
-            if (result.success) {
-                try {
-                    const parsed = FlyAuthSchema.safeParse(JSON.parse(result.stdout));
-                    if (parsed.success) {
-                        return parsed.data.email;
-                    }
-                }
-                catch {
-                    // Parse failed, need to authenticate
-                }
-            }
-            if (!interactive) {
-                return die("Not Authenticated with Fly.io. Run 'fly auth login' First");
-            }
-            const loginResult = await runInteractive(["fly", "auth", "login"]);
-            if (!loginResult.success) {
-                return die("Fly.io Authentication Failed");
-            }
-            const checkResult = await runCommand(["fly", "auth", "whoami", "--json"]);
-            if (!checkResult.success) {
-                return die("Fly.io Authentication Verification Failed");
-            }
-            const parsed = FlyAuthSchema.safeParse(JSON.parse(checkResult.stdout));
-            if (!parsed.success || !parsed.data) {
-                return die("Fly.io Authentication Response Invalid");
-            }
-            return parsed.data.email;
-        },
-        async listOrgs() {
-            const result = await runCommandJson(["fly", "orgs", "list", "--json"]);
-            if (!result.success || !result.data) {
-                return die("Failed to List Organizations");
-            }
-            const parsed = FlyOrgsSchema.safeParse(result.data);
-            if (!parsed.success) {
-                return die("Failed to Parse Organizations");
-            }
-            return parsed.data;
-        },
-        async listApps(org) {
-            const args = ["fly", "apps", "list", "--json"];
-            if (org) {
-                args.push("--org", org);
-            }
-            const result = await runCommand(args);
-            if (!result.success) {
-                return [];
-            }
-            try {
-                const parsed = FlyAppsListSchema.safeParse(JSON.parse(result.stdout));
-                return parsed.success ? parsed.data : [];
-            }
-            catch {
-                return [];
-            }
-        },
-        async createApp(name, org, options) {
-            const args = ["fly", "apps", "create", name, "--org", org, "--json"];
-            if (options?.network) {
-                args.push("--network", options.network);
-            }
-            const result = await runQuiet("Creating App", args);
-            if (!result.success) {
-                return die(`Failed to Create App '${name}'`);
-            }
-        },
-        async deleteApp(name) {
-            const result = await runQuiet("Deleting App", [
-                "fly",
-                "apps",
-                "destroy",
-                name,
-                "--yes",
-            ]);
-            if (!result.success) {
-                return die(`Failed to Delete App '${name}'`);
-            }
-        },
-        async appExists(name) {
-            const result = await runCommand(["fly", "status", "-a", name, "--json"]);
-            if (!result.success)
-                return false;
-            try {
-                const parsed = FlyStatusSchema.safeParse(JSON.parse(result.stdout));
-                return parsed.success && !!parsed.data.ID;
-            }
-            catch {
-                return false;
-            }
-        },
-        async listMachines(app) {
-            const result = await runCommandJson(["fly", "machines", "list", "-a", app, "--json"]);
-            if (!result.success || !result.data) {
-                return [];
-            }
-            const parsed = FlyMachinesListSchema.safeParse(result.data);
-            return parsed.success ? parsed.data : [];
-        },
-        async listMachinesMapped(app) {
-            const raw = await this.listMachines(app);
-            return raw.map((m) => ({
-                id: m.id,
-                state: mapFlyMachineState(m.state),
-                size: mapFlyMachineSize(m.config?.guest),
-                region: m.region,
-                privateIp: m.private_ip,
-            }));
-        },
-        async createMachine(app, config) {
-            const existingMachines = await this.listMachinesMapped(app);
-            if (existingMachines.length === 0) {
-                return die("No Existing Machine to Clone. Run 'fly deploy' First");
-            }
-            const sourceMachine = existingMachines[0];
-            const sizeConfig = getSizeConfig(config.size);
-            const memoryMb = config.memoryMb ?? sizeConfig.memoryMb;
-            const args = [
-                "fly",
-                "machine",
-                "clone",
-                sourceMachine.id,
-                "-a",
-                app,
-                "--vm-cpus",
-                String(sizeConfig.cpus),
-                "--vm-memory",
-                String(memoryMb),
-            ];
-            if (config.region) {
-                args.push("--region", config.region);
-            }
-            const spinner = new Spinner();
-            spinner.start(`Creating ${config.size} Machine`);
-            const result = await runCommand(args);
-            if (!result.success) {
-                spinner.fail("Machine Creation Failed");
-                return die(result.stderr || "Unknown Error");
-            }
-            spinner.success(`Created ${config.size} Machine`);
-            const machines = await this.listMachinesMapped(app);
-            const newest = machines[machines.length - 1];
-            if (!newest) {
-                return die("Created Machine Not Found");
-            }
-            return newest;
-        },
-        async destroyMachine(app, machineId) {
-            const shortId = machineId.slice(0, 8);
-            const result = await runQuiet(`Destroying Machine ${shortId}`, [
-                "fly",
-                "machines",
-                "destroy",
-                machineId,
-                "-a",
-                app,
-                "--force",
-            ]);
-            if (!result.success) {
-                return die(`Failed to Destroy Machine '${shortId}'`);
-            }
-        },
-        async setSecrets(app, secrets, options) {
-            const pairs = Object.entries(secrets)
-                .filter(([_, v]) => v !== undefined && v !== "")
-                .map(([k, v]) => `${k}=${v}`);
-            if (pairs.length === 0)
-                return;
-            const args = ["fly", "secrets", "set", ...pairs, "-a", app];
-            if (options?.stage) {
-                args.push("--stage");
-            }
-            const result = await runQuiet(`Setting ${pairs.length} Secret(s)`, args);
-            if (!result.success) {
-                return die("Failed to Set Secrets");
-            }
-        },
-        async routerDeploy(app, dockerDir, config) {
-            const args = [
-                "fly",
-                "deploy",
-                dockerDir,
-                "-a",
-                app,
-                "--yes",
-                "--ha=false",
-            ];
-            if (config?.region) {
-                args.push("--primary-region", config.region);
-            }
-            const result = await runCommand(args);
-            if (!result.success) {
-                throw new FlyDeployError(app, result.stderr);
-            }
-        },
-        async listIps(app) {
-            const result = await runCommand([
-                "fly",
-                "ips",
-                "list",
-                "-a",
-                app,
-                "--json",
-            ]);
-            if (!result.success)
-                return [];
-            try {
-                const parsed = FlyIpListSchema.safeParse(JSON.parse(result.stdout));
-                return parsed.success ? parsed.data : [];
-            }
-            catch {
-                return [];
-            }
-        },
-        async releaseIp(app, address) {
-            const result = await runCommand([
-                "fly",
-                "ips",
-                "release",
-                address,
-                "-a",
-                app,
-            ]);
-            if (!result.success) {
-                return die(`Failed to Release IP ${address} from '${app}'`);
-            }
-        },
-        async allocateFlycastIp(app, network) {
-            const result = await runCommand([
-                "fly",
-                "ips",
-                "allocate-v6",
-                "--private",
-                "--network",
-                network,
-                "-a",
-                app,
-            ]);
-            if (!result.success) {
-                return die(`Failed to Allocate Flycast IP on Network '${network}'`);
-            }
-        },
-        async getConfig(app) {
-            const result = await runCommand(["fly", "config", "show", "-a", app]);
-            if (!result.success)
-                return null;
-            try {
-                return JSON.parse(result.stdout);
-            }
-            catch {
-                return null;
-            }
-        },
-        async deploySafe(app, options) {
-            const args = ["fly", "deploy"];
-            // When config is provided, use its parent directory as the build context
-            // so fly deploy finds the Dockerfile and COPY picks up the correct files
-            if (options.config) {
-                const configAbs = resolve(options.config);
-                args.push(dirname(configAbs));
-                args.push("--config", configAbs);
-            }
-            args.push("-a", app, "--yes", "--no-public-ips");
-            if (options.image) {
-                args.push("--image", options.image);
-            }
-            if (options.region) {
-                args.push("--primary-region", options.region);
-            }
-            const result = await runCommand(args);
-            if (!result.success) {
-                throw new FlyDeployError(app, result.stderr);
-            }
-        },
-        async listCerts(app) {
-            const result = await runCommand([
-                "fly",
-                "certs",
-                "list",
-                "-a",
-                app,
-                "--json",
-            ]);
-            if (!result.success)
-                return [];
-            try {
-                const certs = JSON.parse(result.stdout);
-                return certs
-                    .map((c) => c.Hostname)
-                    .filter((h) => typeof h === "string");
-            }
-            catch {
-                return [];
-            }
-        },
-        async removeCert(app, hostname) {
-            await runCommand([
-                "fly",
-                "certs",
-                "remove",
-                hostname,
-                "-a",
-                app,
-                "--yes",
-            ]);
-        },
-        async getFlyToken() {
-            // Read access_token from ~/.fly/config.yml
-            const home = dntShim.Deno.env.get("HOME") || dntShim.Deno.env.get("USERPROFILE") || "";
-            const configPath = `${home}/.fly/config.yml`;
-            if (!(await fileExists(configPath))) {
-                return die("Fly Config Not Found at ~/.fly/config.yml. Run 'fly auth login' First");
-            }
-            const content = await dntShim.Deno.readTextFile(configPath);
-            const match = content.match(/access_token:\s*(.+)/);
-            if (!match || !match[1]) {
-                return die("No Access Token Found in ~/.fly/config.yml. Run 'fly auth login' First");
-            }
-            return match[1].trim();
-        },
-        async listAppsWithNetwork(org) {
-            const token = await this.getFlyToken();
-            const response = await fetch(`https://api.machines.dev/v1/apps?org_slug=${encodeURIComponent(org)}`, {
-                headers: {
-                    Authorization: `Bearer ${token}`,
-                    "Content-Type": "application/json",
-                },
-            });
-            if (!response.ok) {
-                return die(`Failed to List Apps via REST API: HTTP ${response.status}`);
-            }
-            const data = await response.json();
-            const parsed = FlyAppInfoListSchema.safeParse(data);
-            if (!parsed.success) {
-                return die("Failed to Parse Apps REST API Response");
-            }
-            return parsed.data.apps;
-        },
-    };
-};
-// =============================================================================
-// Router App Naming
-// =============================================================================
-export const getRouterAppName = (network, randomSuffix) => {
-    return `${ROUTER_APP_PREFIX}${network}-${randomSuffix}`;
-};

package/esm/src/providers/tailscale.d.ts

@@ -1,31 +0,0 @@
-import "../../_dnt.polyfills.js";
-import { type AuthKeyCapabilities, type TailscaleDevice } from "../schemas/tailscale.js";
-export interface TailscaleProvider {
-    validateApiKey(): Promise<boolean>;
-    createAuthKey(opts?: AuthKeyCapabilities): Promise<string>;
-    listDevices(): Promise<TailscaleDevice[]>;
-    getDeviceByHostname(hostname: string): Promise<TailscaleDevice | null>;
-    deleteDevice(id: string): Promise<void>;
-    approveSubnetRoutes(deviceId: string, routes: string[]): Promise<void>;
-    setSplitDns(domain: string, nameservers: string[]): Promise<void>;
-    clearSplitDns(domain: string): Promise<void>;
-    getPolicyFile(): Promise<Record<string, unknown> | null>;
-    isTagOwnerConfigured(tag: string): Promise<boolean>;
-    isAutoApproverConfigured(tag: string): Promise<boolean>;
-}
-export declare const createTailscaleProvider: (tailnet: string, apiKey: string) => TailscaleProvider;
-export declare const waitForDevice: (provider: TailscaleProvider, hostname: string, timeoutMs?: number) => Promise<TailscaleDevice>;
-/**
- * Check if the tailscale CLI is installed.
- */
-export declare const isTailscaleInstalled: () => Promise<boolean>;
-/**
- * Check if accept-routes is enabled on the local client.
- */
-export declare const isAcceptRoutesEnabled: () => Promise<boolean>;
-/**
- * Enable accept-routes on the local client.
- * Returns true if successful, false if it failed (likely permissions).
- */
-export declare const enableAcceptRoutes: () => Promise<boolean>;
-//# sourceMappingURL=tailscale.d.ts.map

package/esm/src/providers/tailscale.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"tailscale.d.ts","sourceRoot":"","sources":["../../../src/src/providers/tailscale.ts"],"names":[],"mappings":"AAGA,OAAO,yBAAyB,CAAC;AAKjC,OAAO,EACL,KAAK,mBAAmB,EAExB,KAAK,eAAe,EAErB,MAAM,yBAAyB,CAAC;AAYjC,MAAM,WAAW,iBAAiB;IAChC,cAAc,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IACnC,aAAa,CAAC,IAAI,CAAC,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC3D,WAAW,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC;IAC1C,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAC;IACvE,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACxC,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvE,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClE,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;IACzD,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACpD,wBAAwB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACzD;AAiBD,eAAO,MAAM,uBAAuB,GAClC,SAAS,MAAM,EACf,QAAQ,MAAM,KACb,iBAoMF,CAAC;AAMF,eAAO,MAAM,aAAa,GACxB,UAAU,iBAAiB,EAC3B,UAAU,MAAM,EAChB,YAAW,MAAe,KACzB,OAAO,CAAC,eAAe,CAazB,CAAC;AAMF;;GAEG;AACH,eAAO,MAAM,oBAAoB,QAAa,OAAO,CAAC,OAAO,CAE5D,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,QAAa,OAAO,CAAC,OAAO,CAY7D,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,QAAa,OAAO,CAAC,OAAO,CAG1D,CAAC"}