npm - @cardelli/ambit - Versions diffs - 0.1.4 → 0.2.0 - Mend

@cardelli/ambit 0.1.4 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (141) hide show

package/esm/cli/commands/create/index.d.ts +2 -0
package/esm/cli/commands/create/index.d.ts.map +1 -0
package/esm/cli/commands/create/index.js +292 -0
package/esm/cli/commands/create/machine.d.ts +33 -0
package/esm/cli/commands/create/machine.d.ts.map +1 -0
package/esm/cli/commands/create/machine.js +162 -0
package/esm/cli/commands/deploy/index.d.ts +2 -0
package/esm/cli/commands/deploy/index.d.ts.map +1 -0
package/esm/cli/commands/deploy/index.js +290 -0
package/esm/cli/commands/deploy/machine.d.ts +52 -0
package/esm/cli/commands/deploy/machine.d.ts.map +1 -0
package/esm/cli/commands/deploy/machine.js +116 -0
package/esm/cli/commands/deploy/modes.d.ts +18 -0
package/esm/cli/commands/deploy/modes.d.ts.map +1 -0
package/esm/cli/commands/deploy/modes.js +152 -0
package/esm/cli/commands/destroy/app.d.ts +2 -0
package/esm/cli/commands/destroy/app.d.ts.map +1 -0
package/esm/cli/commands/destroy/app.js +173 -0
package/esm/cli/commands/destroy/index.d.ts +2 -0
package/esm/cli/commands/destroy/index.d.ts.map +1 -0
package/esm/cli/commands/destroy/index.js +63 -0
package/esm/cli/commands/destroy/network.d.ts +2 -0
package/esm/cli/commands/destroy/network.d.ts.map +1 -0
package/esm/cli/commands/destroy/network.js +210 -0
package/esm/cli/commands/doctor.d.ts.map +1 -0
package/esm/cli/commands/doctor.js +295 -0
package/esm/{src/cli → cli}/commands/list.d.ts.map +1 -1
package/esm/{src/cli → cli}/commands/list.js +39 -54
package/esm/cli/commands/status.d.ts.map +1 -0
package/esm/cli/commands/status.js +331 -0
package/esm/cli/mod.d.ts.map +1 -0
package/esm/{src/cli → cli}/mod.js +4 -4
package/esm/deno.d.ts +4 -18
package/esm/deno.js +5 -19
package/esm/deps/jsr.io/@std/path/1.1.4/constants.d.ts +1 -1
package/esm/deps/jsr.io/@zod/zod/4.3.6/src/v4/core/json-schema-generator.d.ts +1 -1
package/esm/lib/args.d.ts +11 -0
package/esm/lib/args.d.ts.map +1 -0
package/esm/lib/args.js +28 -0
package/esm/lib/cli.d.ts +0 -2
package/esm/lib/cli.d.ts.map +1 -1
package/esm/lib/cli.js +41 -27
package/esm/lib/command.d.ts +21 -49
package/esm/lib/command.d.ts.map +1 -1
package/esm/lib/command.js +55 -95
package/esm/lib/machine.d.ts +11 -0
package/esm/lib/machine.d.ts.map +1 -0
package/esm/lib/machine.js +15 -0
package/esm/lib/output.d.ts +3 -2
package/esm/lib/output.d.ts.map +1 -1
package/esm/lib/output.js +25 -11
package/esm/lib/result.d.ts +18 -7
package/esm/lib/result.d.ts.map +1 -1
package/esm/lib/result.js +46 -1
package/esm/main.d.ts +6 -6
package/esm/main.d.ts.map +1 -1
package/esm/main.js +7 -9
package/esm/providers/fly.d.ts +81 -0
package/esm/providers/fly.d.ts.map +1 -0
package/esm/providers/fly.js +372 -0
package/esm/providers/tailscale.d.ts +31 -0
package/esm/providers/tailscale.d.ts.map +1 -0
package/esm/providers/tailscale.js +150 -0
package/esm/{src/schemas → schemas}/fly.d.ts +1 -11
package/esm/schemas/fly.d.ts.map +1 -0
package/esm/{src/schemas → schemas}/fly.js +14 -56
package/esm/{src/schemas → schemas}/tailscale.d.ts +1 -2
package/esm/schemas/tailscale.d.ts.map +1 -0
package/esm/{src/schemas → schemas}/tailscale.js +2 -3
package/esm/src/{docker/router → router}/Dockerfile +0 -11
package/esm/src/router/start.sh +101 -0
package/esm/util/constants.d.ts +13 -0
package/esm/util/constants.d.ts.map +1 -0
package/esm/util/constants.js +34 -0
package/esm/{src → util}/credentials.d.ts +0 -1
package/esm/util/credentials.d.ts.map +1 -0
package/esm/{src → util}/credentials.js +3 -5
package/esm/{src → util}/discovery.d.ts +20 -4
package/esm/util/discovery.d.ts.map +1 -0
package/esm/{src → util}/discovery.js +38 -15
package/esm/util/fly-transforms.d.ts +27 -0
package/esm/util/fly-transforms.d.ts.map +1 -0
package/esm/util/fly-transforms.js +87 -0
package/esm/{src → util}/guard.d.ts +1 -2
package/esm/util/guard.d.ts.map +1 -0
package/esm/{src → util}/guard.js +27 -27
package/esm/util/naming.d.ts +5 -0
package/esm/util/naming.d.ts.map +1 -0
package/esm/util/naming.js +12 -0
package/esm/{src → util}/resolve.d.ts +2 -3
package/esm/util/resolve.d.ts.map +1 -0
package/esm/{src → util}/resolve.js +1 -2
package/esm/util/session.d.ts +16 -0
package/esm/util/session.d.ts.map +1 -0
package/esm/util/session.js +19 -0
package/esm/util/tailscale-local.d.ts +13 -0
package/esm/util/tailscale-local.d.ts.map +1 -0
package/esm/util/tailscale-local.js +63 -0
package/esm/{src → util}/template.d.ts +2 -4
package/esm/util/template.d.ts.map +1 -0
package/esm/{src → util}/template.js +14 -17
package/package.json +1 -43
package/esm/lib/paths.d.ts +0 -3
package/esm/lib/paths.d.ts.map +0 -1
package/esm/lib/paths.js +0 -5
package/esm/src/cli/commands/create.d.ts +0 -2
package/esm/src/cli/commands/create.d.ts.map +0 -1
package/esm/src/cli/commands/create.js +0 -294
package/esm/src/cli/commands/deploy.d.ts +0 -2
package/esm/src/cli/commands/deploy.d.ts.map +0 -1
package/esm/src/cli/commands/deploy.js +0 -426
package/esm/src/cli/commands/destroy.d.ts +0 -2
package/esm/src/cli/commands/destroy.d.ts.map +0 -1
package/esm/src/cli/commands/destroy.js +0 -340
package/esm/src/cli/commands/doctor.d.ts.map +0 -1
package/esm/src/cli/commands/doctor.js +0 -141
package/esm/src/cli/commands/status.d.ts.map +0 -1
package/esm/src/cli/commands/status.js +0 -152
package/esm/src/cli/mod.d.ts.map +0 -1
package/esm/src/credentials.d.ts.map +0 -1
package/esm/src/discovery.d.ts.map +0 -1
package/esm/src/docker/router/start.sh +0 -146
package/esm/src/guard.d.ts.map +0 -1
package/esm/src/providers/fly.d.ts +0 -70
package/esm/src/providers/fly.d.ts.map +0 -1
package/esm/src/providers/fly.js +0 -411
package/esm/src/providers/tailscale.d.ts +0 -31
package/esm/src/providers/tailscale.d.ts.map +0 -1
package/esm/src/providers/tailscale.js +0 -195
package/esm/src/resolve.d.ts.map +0 -1
package/esm/src/schemas/config.d.ts +0 -5
package/esm/src/schemas/config.d.ts.map +0 -1
package/esm/src/schemas/config.js +0 -22
package/esm/src/schemas/fly.d.ts.map +0 -1
package/esm/src/schemas/tailscale.d.ts.map +0 -1
package/esm/src/template.d.ts.map +0 -1
/package/esm/{src/cli → cli}/commands/doctor.d.ts +0 -0
/package/esm/{src/cli → cli}/commands/list.d.ts +0 -0
/package/esm/{src/cli → cli}/commands/status.d.ts +0 -0
/package/esm/{src/cli → cli}/mod.d.ts +0 -0
/package/esm/src/{docker/router → router}/fly.toml +0 -0

package/esm/{src/schemas → schemas}/fly.js RENAMED Viewed

@@ -1,14 +1,13 @@
 // =============================================================================
 // Fly.io CLI Response Schemas
 // =============================================================================
-import "../../_dnt.polyfills.js";
-import { z } from "../../deps/jsr.io/@zod/zod/4.3.6/src/index.js";
+import { z } from "../deps/jsr.io/@zod/zod/4.3.6/src/index.js";
 // =============================================================================
 // Auth Response
 // =============================================================================
 export const FlyAuthSchema = z.object({
     email: z.string(),
-}).passthrough();
+}).loose();
 // =============================================================================
 // App Schemas
 // =============================================================================
@@ -18,7 +17,7 @@ export const FlyAppSchema = z.object({
     Organization: z.object({
         Slug: z.string(),
     }).optional(),
-}).passthrough();
+}).loose();
 export const FlyAppsListSchema = z.array(FlyAppSchema);
 // =============================================================================
 // App Status
@@ -28,7 +27,7 @@ export const FlyStatusSchema = z.object({
     Name: z.string().optional(),
     Hostname: z.string().optional(),
     Deployed: z.boolean().optional(),
-}).passthrough();
+}).loose();
 // =============================================================================
 // Machine Schemas
 // =============================================================================
@@ -36,7 +35,7 @@ export const FlyMachineGuestSchema = z.object({
     cpu_kind: z.string(),
     cpus: z.number(),
     memory_mb: z.number(),
-}).passthrough();
+}).loose();
 export const FlyMachineConfigSchema = z.object({
     guest: FlyMachineGuestSchema.optional(),
     metadata: z.record(z.string(), z.string()).optional(),
@@ -45,11 +44,11 @@ export const FlyMachineConfigSchema = z.object({
         ports: z.array(z.object({
             port: z.number(),
             handlers: z.array(z.string()).optional(),
-        }).passthrough()).optional(),
+        }).loose()).optional(),
         protocol: z.string().optional(),
         internal_port: z.number().optional(),
-    }).passthrough()).optional(),
-}).passthrough();
+    }).loose()).optional(),
+}).loose();
 export const FlyMachineSchema = z.object({
     id: z.string(),
     name: z.string(),
@@ -59,7 +58,7 @@ export const FlyMachineSchema = z.object({
     config: FlyMachineConfigSchema.optional(),
     created_at: z.string().optional(),
     updated_at: z.string().optional(),
-}).passthrough();
+}).loose();
 export const FlyMachinesListSchema = z.array(FlyMachineSchema);
 // =============================================================================
 // Organization Schemas
@@ -71,55 +70,14 @@ export const FlyOrgsSchema = z.record(z.string(), z.string());
 export const FlyDeploySchema = z.object({
     ID: z.string().optional(),
     Status: z.string().optional(),
-}).passthrough();
-// =============================================================================
-// Machine State Mapping
-// =============================================================================
-/**
- * Map Fly machine state to internal state.
- * Fly states: created, starting, started, stopping, stopped, destroying, destroyed
- */
-export const mapFlyMachineState = (flyState) => {
-    switch (flyState.toLowerCase()) {
-        case "started":
-            return "running";
-        case "stopped":
-        case "suspended":
-            return "frozen";
-        case "created":
-        case "starting":
-            return "creating";
-        case "destroying":
-        case "destroyed":
-        case "failed":
-            return "failed";
-        default:
-            return "creating";
-    }
-};
-// =============================================================================
-// Machine Size Mapping
-// =============================================================================
-/**
- * Map Fly guest config to machine size enum.
- */
-export const mapFlyMachineSize = (guest) => {
-    if (!guest)
-        return "shared-cpu-1x";
-    const cpus = guest.cpus;
-    if (cpus >= 4)
-        return "shared-cpu-4x";
-    if (cpus >= 2)
-        return "shared-cpu-2x";
-    return "shared-cpu-1x";
-};
+}).loose();
 // =============================================================================
 // IP Schemas
 // =============================================================================
 export const FlyIpNetworkSchema = z.object({
     Name: z.string(),
     Organization: z.object({ Slug: z.string() }).optional(),
-}).passthrough();
+}).loose();
 export const FlyIpSchema = z.object({
     ID: z.string().optional(),
     Address: z.string(),
@@ -127,7 +85,7 @@ export const FlyIpSchema = z.object({
     Region: z.string().optional(),
     CreatedAt: z.string().optional(),
     Network: FlyIpNetworkSchema.optional(),
-}).passthrough();
+}).loose();
 export const FlyIpListSchema = z.array(FlyIpSchema);
 // =============================================================================
 // REST API Schemas (Machines API - api.machines.dev)
@@ -137,8 +95,8 @@ export const FlyAppInfoSchema = z.object({
     network: z.string(),
     status: z.string(),
     organization: z.object({ slug: z.string() }).optional(),
-}).passthrough();
+}).loose();
 export const FlyAppInfoListSchema = z.object({
     total_apps: z.number(),
     apps: z.array(FlyAppInfoSchema),
-}).passthrough();
+}).loose();

package/esm/{src/schemas → schemas}/tailscale.d.ts RENAMED Viewed

@@ -1,5 +1,4 @@
-import "../../_dnt.polyfills.js";
-import { z } from "../../deps/jsr.io/@zod/zod/4.3.6/src/index.js";
+import { z } from "../deps/jsr.io/@zod/zod/4.3.6/src/index.js";
 export declare const TailscaleAuthKeySchema: z.ZodObject<{
     key: z.ZodString;
     id: z.ZodOptional<z.ZodString>;

package/esm/schemas/tailscale.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tailscale.d.ts","sourceRoot":"","sources":["../../src/schemas/tailscale.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,CAAC,EAAE,MAAM,4CAA4C,CAAC;AAM/D,eAAO,MAAM,sBAAsB;;;;;iBAKjC,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAMtE,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;iBAcxB,CAAC;AAEX,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;iBAErC,CAAC;AAEH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAM9E,eAAO,MAAM,qBAAqB;;;iBAGhC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAMpE,eAAO,MAAM,6BAA6B;;iBAExC,CAAC;AAEH,eAAO,MAAM,uBAAuB,mDAGnC,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAMxE,eAAO,MAAM,oBAAoB;;iBAE/B,CAAC;AAEH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAMlE,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,eAAO,MAAM,oBAAoB,GAAI,MAAM,mBAAmB,KAAG,MA+BhE,CAAC"}

package/esm/{src/schemas → schemas}/tailscale.js RENAMED Viewed

@@ -1,8 +1,7 @@
 // =============================================================================
 // Tailscale API Response Schemas
 // =============================================================================
-import "../../_dnt.polyfills.js";
-import { z } from "../../deps/jsr.io/@zod/zod/4.3.6/src/index.js";
+import { z } from "../deps/jsr.io/@zod/zod/4.3.6/src/index.js";
 // =============================================================================
 // Auth Key Schemas
 // =============================================================================
@@ -29,7 +28,7 @@ export const TailscaleDeviceSchema = z.object({
     tags: z.array(z.string()).optional(),
     advertisedRoutes: z.array(z.string()).optional(),
     enabledRoutes: z.array(z.string()).optional(),
-}).passthrough();
+}).loose();
 export const TailscaleDevicesListSchema = z.object({
     devices: z.array(TailscaleDeviceSchema),
 });

package/esm/src/{docker/router → router}/Dockerfile RENAMED Viewed

@@ -6,7 +6,6 @@ FROM alpine:3.23.3
 ARG TAILSCALE_VERSION=1.94.1
 ARG COREDNS_VERSION=1.14.1
-ARG MICROSOCKS_VERSION=1.0.5
 RUN apk add --no-cache \
     bash \
@@ -25,16 +24,6 @@ RUN cd /tmp \
     && mv coredns /usr/local/bin/coredns \
     && chmod +x /usr/local/bin/coredns
-RUN apk add --no-cache gcc musl-dev make \
-    && cd /tmp \
-    && wget -q "https://github.com/rofl0r/microsocks/archive/refs/tags/v${MICROSOCKS_VERSION}.tar.gz" \
-    && tar xzf "v${MICROSOCKS_VERSION}.tar.gz" \
-    && cd "microsocks-${MICROSOCKS_VERSION}" \
-    && make \
-    && cp microsocks /usr/local/bin/ \
-    && cd / && rm -rf /tmp/microsocks* /tmp/v${MICROSOCKS_VERSION}.tar.gz \
-    && apk del gcc musl-dev make
 RUN mkdir -p /var/lib/tailscale /var/run/tailscale /etc/coredns
 COPY start.sh /start.sh

package/esm/src/router/start.sh ADDED Viewed

@@ -0,0 +1,101 @@
+#!/bin/bash
+set -e
+# =============================================================================
+# ambit - Self-Configuring Tailscale Subnet Router
+# =============================================================================
+# State is persisted to /var/lib/tailscale via Fly volume.
+# On first run: authenticates with a pre-minted auth key, advertises routes.
+# On restart: reuses existing state, no new device created.
+# The router never receives the user's API token — only a single-use,
+# tag-scoped auth key that expires after 5 minutes.
+# =============================================================================
+echo "Router: Enabling IP Forwarding"
+echo 'net.ipv4.ip_forward = 1' | tee -a /etc/sysctl.conf
+echo 'net.ipv6.conf.all.forwarding = 1' | tee -a /etc/sysctl.conf
+sysctl -p /etc/sysctl.conf
+PRIVATE_IP=$(grep fly-local-6pn /etc/hosts | awk '{print $1}')
+# tailscaled's built-in SOCKS5 proxy routes through the WireGuard tunnel
+# directly (no tun device needed). This handles both TCP routing and DNS
+# resolution through the tailnet — MagicDNS, split DNS, everything.
+echo "Router: Starting Tailscaled with SOCKS5 Proxy on [${PRIVATE_IP}]:1080"
+/usr/local/bin/tailscaled \
+  --state=/var/lib/tailscale/tailscaled.state \
+  --socket=/var/run/tailscale/tailscaled.sock \
+  --socks5-server=[${PRIVATE_IP}]:1080 &
+# Wait for tailscaled to be ready
+sleep 3
+echo "Router: Extracting Fly.io Subnet"
+SUBNET=$(grep fly-local-6pn /etc/hosts | awk '{print $1}' | cut -d: -f1-3)::/48
+echo "Router: Subnet ${SUBNET}"
+if /usr/local/bin/tailscale status --json 2>/dev/null | jq -e '.BackendState == "Running"' > /dev/null 2>&1; then
+  echo "Router: Already Authenticated (Using Persisted State)"
+  /usr/local/bin/tailscale up \
+    --hostname="${FLY_APP_NAME:-ambit}" \
+    --advertise-routes="${SUBNET}"
+else
+  # First run - authenticate with pre-minted auth key
+  if [ -z "${TAILSCALE_AUTHKEY}" ]; then
+    echo "Router: ERROR - No TAILSCALE_AUTHKEY Provided"
+    exit 1
+  fi
+  echo "Router: Authenticating to Tailscale"
+  /usr/local/bin/tailscale up \
+    --authkey="${TAILSCALE_AUTHKEY}" \
+    --hostname="${FLY_APP_NAME:-ambit}" \
+    --advertise-routes="${SUBNET}"
+fi
+echo "Router: Fully Configured"
+# Get Tailscale IPv4 for CoreDNS bind — split DNS queries arrive here
+TAILSCALE_IP=$(/usr/local/bin/tailscale ip -4)
+echo "Router: Tailscale IP ${TAILSCALE_IP}"
+echo "Router: Starting DNS Proxy"
+# Generate Corefile for CoreDNS
+# Binds to the Fly private IP and the Tailscale IP. Split DNS queries from
+# tailnet clients arrive on the Tailscale IP. Does NOT bind to all interfaces,
+# so tailscaled's MagicDNS resolver on 100.100.100.100:53 remains unblocked.
+#
+# Rewrites NETWORK_NAME TLD to .flycast before forwarding to Fly DNS.
+# When ROUTER_ID is set, workload app names are suffixed: app.network ->
+# app-ROUTER_ID.flycast. This ties workloads to their router and avoids
+# name collisions across networks.
+if [ -n "${NETWORK_NAME}" ] && [ -n "${ROUTER_ID}" ]; then
+  echo "Router: DNS Rewrite *.${NETWORK_NAME} -> *-${ROUTER_ID}.flycast"
+  cat > /etc/coredns/Corefile <<EOF
+.:53 {
+    bind ${PRIVATE_IP} ${TAILSCALE_IP}
+    rewrite name regex (.+)\.${NETWORK_NAME}\. {1}-${ROUTER_ID}.flycast. answer auto
+    forward . fdaa::3
+}
+EOF
+elif [ -n "${NETWORK_NAME}" ]; then
+  echo "Router: DNS Rewrite ${NETWORK_NAME} -> flycast"
+  cat > /etc/coredns/Corefile <<EOF
+.:53 {
+    bind ${PRIVATE_IP} ${TAILSCALE_IP}
+    rewrite name suffix .${NETWORK_NAME}. .flycast. answer auto
+    forward . fdaa::3
+}
+EOF
+else
+  cat > /etc/coredns/Corefile <<EOF
+.:53 {
+    bind ${PRIVATE_IP} ${TAILSCALE_IP}
+    forward . fdaa::3
+}
+EOF
+fi
+exec /usr/local/bin/coredns -conf /etc/coredns/Corefile

package/esm/util/constants.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+export declare const ROUTER_APP_PREFIX = "ambit-";
+export declare const DEFAULT_FLY_NETWORK = "default";
+export declare const ROUTER_DOCKER_DIR: string;
+export declare const SOCKS_PROXY_PORT = 1080;
+export declare const FLY_PRIVATE_SUBNET = "fdaa::/16";
+export declare const TAILSCALE_API_KEY_PREFIX = "tskey-api-";
+export declare const ENV_TAILSCALE_API_KEY = "TAILSCALE_API_KEY";
+export declare const FLYCTL_INSTALL_URL = "https://fly.io/docs/flyctl/install/";
+export declare const SECRET_TAILSCALE_AUTHKEY = "TAILSCALE_AUTHKEY";
+export declare const SECRET_NETWORK_NAME = "NETWORK_NAME";
+export declare const SECRET_ROUTER_ID = "ROUTER_ID";
+export declare const SECRET_AMBIT_OUTBOUND_PROXY = "AMBIT_OUTBOUND_PROXY";
+//# sourceMappingURL=constants.d.ts.map

package/esm/util/constants.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/util/constants.ts"],"names":[],"mappings":"AAQA,eAAO,MAAM,iBAAiB,WAAW,CAAC;AAE1C,eAAO,MAAM,mBAAmB,YAAY,CAAC;AAE7C,eAAO,MAAM,iBAAiB,QACnB,CAAC;AAMZ,eAAO,MAAM,gBAAgB,OAAO,CAAC;AAErC,eAAO,MAAM,kBAAkB,cAAc,CAAC;AAM9C,eAAO,MAAM,wBAAwB,eAAe,CAAC;AAErD,eAAO,MAAM,qBAAqB,sBAAsB,CAAC;AAMzD,eAAO,MAAM,kBAAkB,wCAAwC,CAAC;AAMxE,eAAO,MAAM,wBAAwB,sBAAsB,CAAC;AAC5D,eAAO,MAAM,mBAAmB,iBAAiB,CAAC;AAClD,eAAO,MAAM,gBAAgB,cAAc,CAAC;AAM5C,eAAO,MAAM,2BAA2B,yBAAyB,CAAC"}

package/esm/util/constants.js ADDED Viewed

@@ -0,0 +1,34 @@
+// =============================================================================
+// Constants - Shared Magic Values
+// =============================================================================
+// =============================================================================
+// Router / App Identity
+// =============================================================================
+export const ROUTER_APP_PREFIX = "ambit-";
+export const DEFAULT_FLY_NETWORK = "default";
+export const ROUTER_DOCKER_DIR = new URL("../router", globalThis[Symbol.for("import-meta-ponyfill-esmodule")](import.meta).url)
+    .pathname;
+// =============================================================================
+// Networking
+// =============================================================================
+export const SOCKS_PROXY_PORT = 1080;
+export const FLY_PRIVATE_SUBNET = "fdaa::/16";
+// =============================================================================
+// Tailscale
+// =============================================================================
+export const TAILSCALE_API_KEY_PREFIX = "tskey-api-";
+export const ENV_TAILSCALE_API_KEY = "TAILSCALE_API_KEY";
+// =============================================================================
+// External URLs
+// =============================================================================
+export const FLYCTL_INSTALL_URL = "https://fly.io/docs/flyctl/install/";
+// =============================================================================
+// Fly.io Secret Names (set on router machines)
+// =============================================================================
+export const SECRET_TAILSCALE_AUTHKEY = "TAILSCALE_AUTHKEY";
+export const SECRET_NETWORK_NAME = "NETWORK_NAME";
+export const SECRET_ROUTER_ID = "ROUTER_ID";
+// =============================================================================
+// Fly.io Secret Names (set on workload machines)
+// =============================================================================
+export const SECRET_AMBIT_OUTBOUND_PROXY = "AMBIT_OUTBOUND_PROXY";

package/esm/{src → util}/credentials.d.ts RENAMED Viewed

@@ -1,4 +1,3 @@
-import "../_dnt.polyfills.js";
 export interface CredentialStore {
     getTailscaleApiKey(): Promise<string | null>;
     setTailscaleApiKey(key: string): Promise<void>;

package/esm/util/credentials.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../../src/util/credentials.ts"],"names":[],"mappings":"AAsBA,MAAM,WAAW,eAAe;IAC9B,kBAAkB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC7C,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAChD;AAQD,eAAO,MAAM,2BAA2B,QAAO,eA0B9C,CAAC;AAMF,eAAO,MAAM,kBAAkB,QAAO,eAerC,CAAC;AAMF;;;;;;;GAOG;AACH,eAAO,MAAM,iBAAiB,GAC5B,KAAK;IAAE,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAAC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,KAAK,CAAA;CAAE,KAC1D,OAAO,CAAC;IAAE,YAAY,EAAE,MAAM,CAAA;CAAE,CAyBlC,CAAC"}

package/esm/{src → util}/credentials.js RENAMED Viewed

@@ -1,11 +1,10 @@
 // =============================================================================
 // Credential Store - Persistent Tailscale API Key Storage
 // =============================================================================
-import "../_dnt.polyfills.js";
 import * as dntShim from "../_dnt.shims.js";
 import { z } from "../deps/jsr.io/@zod/zod/4.3.6/src/index.js";
-import { commandExists, ensureConfigDir, fileExists } from "../lib/cli.js";
-import { getConfigDir } from "./schemas/config.js";
+import { commandExists, ensureConfigDir, fileExists, getConfigDir } from "../lib/cli.js";
+import { ENV_TAILSCALE_API_KEY } from "./constants.js";
 // =============================================================================
 // Schema
 // =============================================================================
@@ -46,8 +45,7 @@ export const getCredentialStore = () => {
     const fileStore = createConfigCredentialStore();
     return {
         async getTailscaleApiKey() {
-            // Environment variable takes priority
-            const envKey = dntShim.Deno.env.get("TAILSCALE_API_KEY");
+            const envKey = dntShim.Deno.env.get(ENV_TAILSCALE_API_KEY);
             if (envKey)
                 return envKey;
             return await fileStore.getTailscaleApiKey();

package/esm/{src → util}/discovery.d.ts RENAMED Viewed

@@ -1,11 +1,11 @@
-import "../_dnt.polyfills.js";
-import type { FlyProvider } from "./providers/fly.js";
-import type { TailscaleProvider } from "./providers/tailscale.js";
+import type { FlyProvider } from "../providers/fly.js";
+import type { TailscaleProvider } from "../providers/tailscale.js";
 /** A router app discovered from the Fly REST API. */
 export interface RouterApp {
     appName: string;
     network: string;
     org: string;
+    routerId: string;
 }
 /** Machine state for a router, from the Fly Machines API. */
 export interface RouterMachineInfo {
@@ -33,10 +33,26 @@ export interface WorkloadApp {
 }
 /** List all non-router apps on a specific custom network in an org. */
 export declare const listWorkloadAppsOnNetwork: (fly: FlyProvider, org: string, network: string) => Promise<WorkloadApp[]>;
-/** Find a specific workload app by name, optionally verifying network. */
+/** Find a specific workload app by logical name, optionally scoped to a network.
+ *  When a network is provided, resolves the router-suffixed Fly app name
+ *  (e.g. "thing" on network "lab" with routerId "abc123" → "thing-abc123"). */
 export declare const findWorkloadApp: (fly: FlyProvider, org: string, appName: string, network?: string) => Promise<WorkloadApp | null>;
 /** Get machine info for a router app. Returns null if no machines exist. */
 export declare const getRouterMachineInfo: (fly: FlyProvider, appName: string) => Promise<RouterMachineInfo | null>;
 /** Get tailscale device info for a router. Returns null if not found. */
 export declare const getRouterTailscaleInfo: (tailscale: TailscaleProvider, appName: string) => Promise<RouterTailscaleInfo | null>;
+/** A router app with its machine and Tailscale state hydrated. */
+export type RouterWithInfo = RouterApp & {
+    machine: RouterMachineInfo | null;
+    tailscale: RouterTailscaleInfo | null;
+};
+/**
+ * Discover all routers in an org and hydrate each with machine + Tailscale state.
+ * Shows a spinner while fetching. Fetches all routers in parallel.
+ */
+export declare const discoverRouters: (out: {
+    spinner(msg: string): {
+        success(msg: string): void;
+    };
+}, fly: FlyProvider, tailscale: TailscaleProvider, org: string) => Promise<RouterWithInfo[]>;
 //# sourceMappingURL=discovery.d.ts.map

package/esm/util/discovery.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../../src/util/discovery.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEvD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAWnE,qDAAqD;AACrD,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,6DAA6D;AAC7D,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,2CAA2C;AAC3C,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAMD,wDAAwD;AACxD,eAAO,MAAM,cAAc,GACzB,KAAK,WAAW,EAChB,KAAK,MAAM,KACV,OAAO,CAAC,SAAS,EAAE,CAerB,CAAC;AAEF,kDAAkD;AAClD,eAAO,MAAM,aAAa,GACxB,KAAK,WAAW,EAChB,KAAK,MAAM,EACX,SAAS,MAAM,KACd,OAAO,CAAC,SAAS,GAAG,IAAI,CAG1B,CAAC;AAMF,oEAAoE;AACpE,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,uEAAuE;AACvE,eAAO,MAAM,yBAAyB,GACpC,KAAK,WAAW,EAChB,KAAK,MAAM,EACX,SAAS,MAAM,KACd,OAAO,CAAC,WAAW,EAAE,CAcvB,CAAC;AAEF;;+EAE+E;AAC/E,eAAO,MAAM,eAAe,GAC1B,KAAK,WAAW,EAChB,KAAK,MAAM,EACX,SAAS,MAAM,EACf,UAAU,MAAM,KACf,OAAO,CAAC,WAAW,GAAG,IAAI,CA4B5B,CAAC;AAMF,4EAA4E;AAC5E,eAAO,MAAM,oBAAoB,GAC/B,KAAK,WAAW,EAChB,SAAS,MAAM,KACd,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAclC,CAAC;AAMF,yEAAyE;AACzE,eAAO,MAAM,sBAAsB,GACjC,WAAW,iBAAiB,EAC5B,SAAS,MAAM,KACd,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAcpC,CAAC;AAMF,kEAAkE;AAClE,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG;IACvC,OAAO,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAClC,SAAS,EAAE,mBAAmB,GAAG,IAAI,CAAC;CACvC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,eAAe,GAC1B,KAAK;IAAE,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG;QAAE,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAA;CAAE,EAC7D,KAAK,WAAW,EAChB,WAAW,iBAAiB,EAC5B,KAAK,MAAM,KACV,OAAO,CAAC,cAAc,EAAE,CAa1B,CAAC"}

package/esm/{src → util}/discovery.js RENAMED Viewed

@@ -12,26 +12,23 @@
 // Commands compose them into whatever view they need.
 //
 // =============================================================================
-import "../_dnt.polyfills.js";
-import { extractSubnet } from "./schemas/config.js";
-// =============================================================================
-// Constants
-// =============================================================================
-const ROUTER_APP_PREFIX = "ambit-";
-const DEFAULT_NETWORK = "default";
+import { getRouterSuffix, getWorkloadAppName } from "./naming.js";
+import { extractSubnet } from "./fly-transforms.js";
+import { DEFAULT_FLY_NETWORK, ROUTER_APP_PREFIX, } from "./constants.js";
 // =============================================================================
 // 1. Which routers exist? (Fly REST API)
 // =============================================================================
 /** List all ambit apps on custom networks in an org. */
 export const listRouterApps = async (fly, org) => {
-    const apps = await fly.listAppsWithNetwork(org);
+    const apps = await fly.apps.listWithNetwork(org);
     return apps
         .filter((app) => app.name.startsWith(ROUTER_APP_PREFIX) &&
-        app.network !== DEFAULT_NETWORK)
+        app.network !== DEFAULT_FLY_NETWORK)
         .map((app) => ({
         appName: app.name,
         network: app.network,
         org: app.organization?.slug ?? org,
+        routerId: getRouterSuffix(app.name, app.network),
     }));
 };
 /** Find the router app for a specific network. */
@@ -41,7 +38,7 @@ export const findRouterApp = async (fly, org, network) => {
 };
 /** List all non-router apps on a specific custom network in an org. */
 export const listWorkloadAppsOnNetwork = async (fly, org, network) => {
-    const apps = await fly.listAppsWithNetwork(org);
+    const apps = await fly.apps.listWithNetwork(org);
     return apps
         .filter((app) => !app.name.startsWith(ROUTER_APP_PREFIX) &&
         app.network === network)
@@ -51,20 +48,32 @@ export const listWorkloadAppsOnNetwork = async (fly, org, network) => {
         org: app.organization?.slug ?? org,
     }));
 };
-/** Find a specific workload app by name, optionally verifying network. */
+/** Find a specific workload app by logical name, optionally scoped to a network.
+ *  When a network is provided, resolves the router-suffixed Fly app name
+ *  (e.g. "thing" on network "lab" with routerId "abc123" → "thing-abc123"). */
 export const findWorkloadApp = async (fly, org, appName, network) => {
-    const apps = await fly.listAppsWithNetwork(org);
+    const apps = await fly.apps.listWithNetwork(org);
     const workloads = apps
         .filter((app) => !app.name.startsWith(ROUTER_APP_PREFIX) &&
-        app.network !== DEFAULT_NETWORK)
+        app.network !== DEFAULT_FLY_NETWORK)
         .map((app) => ({
         appName: app.name,
         network: app.network,
         org: app.organization?.slug ?? org,
     }));
     if (network) {
+        // Resolve the router's suffix so we can match the suffixed Fly app name
+        const router = await findRouterApp(fly, org, network);
+        if (router) {
+            const suffixedName = getWorkloadAppName(appName, router.routerId);
+            const found = workloads.find((a) => a.appName === suffixedName && a.network === network);
+            if (found)
+                return found;
+        }
+        // Fallback: try exact match (for pre-suffix apps or direct Fly name)
         return workloads.find((a) => a.appName === appName && a.network === network) ?? null;
     }
+    // Without network, try exact match only
     return workloads.find((a) => a.appName === appName) ?? null;
 };
 // =============================================================================
@@ -72,7 +81,7 @@ export const findWorkloadApp = async (fly, org, appName, network) => {
 // =============================================================================
 /** Get machine info for a router app. Returns null if no machines exist. */
 export const getRouterMachineInfo = async (fly, appName) => {
-    const machines = await fly.listMachines(appName);
+    const machines = await fly.machines.list(appName);
     const machine = machines[0];
     if (!machine)
         return null;
@@ -91,7 +100,7 @@ export const getRouterMachineInfo = async (fly, appName) => {
 /** Get tailscale device info for a router. Returns null if not found. */
 export const getRouterTailscaleInfo = async (tailscale, appName) => {
     try {
-        const device = await tailscale.getDeviceByHostname(appName);
+        const device = await tailscale.devices.getByHostname(appName);
         if (!device)
             return null;
         return {
@@ -105,3 +114,17 @@ export const getRouterTailscaleInfo = async (tailscale, appName) => {
         return null;
     }
 };
+/**
+ * Discover all routers in an org and hydrate each with machine + Tailscale state.
+ * Shows a spinner while fetching. Fetches all routers in parallel.
+ */
+export const discoverRouters = async (out, fly, tailscale, org) => {
+    const spinner = out.spinner("Discovering Routers");
+    const routerApps = await listRouterApps(fly, org);
+    spinner.success(`Found ${routerApps.length} Router${routerApps.length !== 1 ? "s" : ""}`);
+    return Promise.all(routerApps.map(async (app) => ({
+        ...app,
+        machine: await getRouterMachineInfo(fly, app.appName),
+        tailscale: await getRouterTailscaleInfo(tailscale, app.appName),
+    })));
+};

package/esm/util/fly-transforms.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+import type { FlyMachine } from "../schemas/fly.js";
+import { type FlyMachineGuestSchema } from "../schemas/fly.js";
+import type { z } from "../deps/jsr.io/@zod/zod/4.3.6/src/index.js";
+/**
+ * Map Fly machine state to internal state.
+ * Fly states: created, starting, started, stopping, stopped, destroying, destroyed
+ */
+export declare const mapFlyMachineState: (flyState: string) => "creating" | "running" | "frozen" | "failed";
+/**
+ * Map Fly guest config to machine size enum.
+ */
+export declare const mapFlyMachineSize: (guest?: z.infer<typeof FlyMachineGuestSchema>) => "shared-cpu-1x" | "shared-cpu-2x" | "shared-cpu-4x";
+import type { MachineResult } from "../providers/fly.js";
+/** Map raw Fly machines to internal MachineResult format. */
+export declare const mapMachines: (raw: FlyMachine[]) => MachineResult[];
+import type { MachineSize } from "../providers/fly.js";
+export declare const getSizeConfig: (size: MachineSize) => {
+    cpus: number;
+    memoryMb: number;
+};
+/**
+ * Pull the last non-empty, non-decoration line from fly stderr.
+ * Fly often prints progress lines then the actual error at the end.
+ */
+export declare const extractErrorDetail: (stderr: string) => string;
+export declare const extractSubnet: (privateIp: string) => string;
+//# sourceMappingURL=fly-transforms.d.ts.map

package/esm/util/fly-transforms.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"fly-transforms.d.ts","sourceRoot":"","sources":["../../src/util/fly-transforms.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,KAAK,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,4CAA4C,CAAC;AAMpE;;;GAGG;AACH,eAAO,MAAM,kBAAkB,GAC7B,UAAU,MAAM,KACf,UAAU,GAAG,SAAS,GAAG,QAAQ,GAAG,QAiBtC,CAAC;AAMF;;GAEG;AACH,eAAO,MAAM,iBAAiB,GAC5B,QAAQ,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,KAC5C,eAAe,GAAG,eAAe,GAAG,eAOtC,CAAC;AAMF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEzD,6DAA6D;AAC7D,eAAO,MAAM,WAAW,GAAI,KAAK,UAAU,EAAE,KAAG,aAAa,EAQ5D,CAAC;AAMF,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEvD,eAAO,MAAM,aAAa,GACxB,MAAM,WAAW,KAChB;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CASlC,CAAC;AAMF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,GAAI,QAAQ,MAAM,KAAG,MAOnD,CAAC;AAMF,eAAO,MAAM,aAAa,GAAI,WAAW,MAAM,KAAG,MAKjD,CAAC"}