npm - @cardelli/ambit - Versions diffs - 0.1.5 → 0.2.0 - Mend

@cardelli/ambit 0.1.5 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (139) hide show

package/esm/cli/commands/create/index.d.ts +2 -0
package/esm/cli/commands/create/index.d.ts.map +1 -0
package/esm/cli/commands/create/index.js +292 -0
package/esm/cli/commands/create/machine.d.ts +33 -0
package/esm/cli/commands/create/machine.d.ts.map +1 -0
package/esm/cli/commands/create/machine.js +162 -0
package/esm/cli/commands/deploy/index.d.ts +2 -0
package/esm/cli/commands/deploy/index.d.ts.map +1 -0
package/esm/cli/commands/deploy/index.js +290 -0
package/esm/cli/commands/deploy/machine.d.ts +52 -0
package/esm/cli/commands/deploy/machine.d.ts.map +1 -0
package/esm/cli/commands/deploy/machine.js +116 -0
package/esm/cli/commands/deploy/modes.d.ts +18 -0
package/esm/cli/commands/deploy/modes.d.ts.map +1 -0
package/esm/cli/commands/deploy/modes.js +152 -0
package/esm/cli/commands/destroy/app.d.ts +2 -0
package/esm/cli/commands/destroy/app.d.ts.map +1 -0
package/esm/cli/commands/destroy/app.js +173 -0
package/esm/cli/commands/destroy/index.d.ts +2 -0
package/esm/cli/commands/destroy/index.d.ts.map +1 -0
package/esm/cli/commands/destroy/index.js +63 -0
package/esm/cli/commands/destroy/network.d.ts +2 -0
package/esm/cli/commands/destroy/network.d.ts.map +1 -0
package/esm/cli/commands/destroy/network.js +210 -0
package/esm/cli/commands/doctor.d.ts.map +1 -0
package/esm/cli/commands/doctor.js +295 -0
package/esm/{src/cli → cli}/commands/list.d.ts.map +1 -1
package/esm/{src/cli → cli}/commands/list.js +39 -54
package/esm/cli/commands/status.d.ts.map +1 -0
package/esm/cli/commands/status.js +331 -0
package/esm/cli/mod.d.ts.map +1 -0
package/esm/{src/cli → cli}/mod.js +4 -4
package/esm/deno.d.ts +4 -18
package/esm/deno.js +5 -19
package/esm/deps/jsr.io/@std/path/1.1.4/constants.d.ts +1 -1
package/esm/lib/args.d.ts +11 -0
package/esm/lib/args.d.ts.map +1 -0
package/esm/lib/args.js +28 -0
package/esm/lib/cli.d.ts +0 -1
package/esm/lib/cli.d.ts.map +1 -1
package/esm/lib/cli.js +0 -1
package/esm/lib/command.d.ts +0 -3
package/esm/lib/command.d.ts.map +1 -1
package/esm/lib/command.js +2 -13
package/esm/lib/machine.d.ts +11 -0
package/esm/lib/machine.d.ts.map +1 -0
package/esm/lib/machine.js +15 -0
package/esm/lib/output.d.ts +2 -1
package/esm/lib/output.d.ts.map +1 -1
package/esm/lib/output.js +21 -3
package/esm/lib/result.d.ts +0 -1
package/esm/lib/result.d.ts.map +1 -1
package/esm/lib/result.js +0 -1
package/esm/main.d.ts +6 -6
package/esm/main.d.ts.map +1 -1
package/esm/main.js +7 -9
package/esm/providers/fly.d.ts +81 -0
package/esm/providers/fly.d.ts.map +1 -0
package/esm/providers/fly.js +372 -0
package/esm/providers/tailscale.d.ts +31 -0
package/esm/providers/tailscale.d.ts.map +1 -0
package/esm/providers/tailscale.js +150 -0
package/esm/{src/schemas → schemas}/fly.d.ts +1 -11
package/esm/schemas/fly.d.ts.map +1 -0
package/esm/{src/schemas → schemas}/fly.js +14 -56
package/esm/{src/schemas → schemas}/tailscale.d.ts +1 -2
package/esm/schemas/tailscale.d.ts.map +1 -0
package/esm/{src/schemas → schemas}/tailscale.js +2 -3
package/esm/src/{docker/router → router}/Dockerfile +0 -11
package/esm/src/{docker/router → router}/start.sh +18 -9
package/esm/util/constants.d.ts +13 -0
package/esm/util/constants.d.ts.map +1 -0
package/esm/util/constants.js +34 -0
package/esm/{src → util}/credentials.d.ts +0 -1
package/esm/util/credentials.d.ts.map +1 -0
package/esm/{src → util}/credentials.js +3 -5
package/esm/{src → util}/discovery.d.ts +16 -3
package/esm/util/discovery.d.ts.map +1 -0
package/esm/{src → util}/discovery.js +24 -15
package/esm/util/fly-transforms.d.ts +27 -0
package/esm/util/fly-transforms.d.ts.map +1 -0
package/esm/util/fly-transforms.js +87 -0
package/esm/{src → util}/guard.d.ts +1 -2
package/esm/util/guard.d.ts.map +1 -0
package/esm/{src → util}/guard.js +27 -27
package/esm/util/naming.d.ts +5 -0
package/esm/util/naming.d.ts.map +1 -0
package/esm/util/naming.js +12 -0
package/esm/{src → util}/resolve.d.ts +2 -3
package/esm/util/resolve.d.ts.map +1 -0
package/esm/{src → util}/resolve.js +1 -2
package/esm/util/session.d.ts +16 -0
package/esm/util/session.d.ts.map +1 -0
package/esm/util/session.js +19 -0
package/esm/util/tailscale-local.d.ts +13 -0
package/esm/util/tailscale-local.d.ts.map +1 -0
package/esm/util/tailscale-local.js +63 -0
package/esm/{src → util}/template.d.ts +0 -1
package/esm/util/template.d.ts.map +1 -0
package/esm/{src → util}/template.js +0 -1
package/package.json +1 -49
package/esm/lib/paths.d.ts +0 -3
package/esm/lib/paths.d.ts.map +0 -1
package/esm/lib/paths.js +0 -5
package/esm/src/cli/commands/create.d.ts +0 -2
package/esm/src/cli/commands/create.d.ts.map +0 -1
package/esm/src/cli/commands/create.js +0 -308
package/esm/src/cli/commands/deploy.d.ts +0 -2
package/esm/src/cli/commands/deploy.d.ts.map +0 -1
package/esm/src/cli/commands/deploy.js +0 -430
package/esm/src/cli/commands/destroy.d.ts +0 -2
package/esm/src/cli/commands/destroy.d.ts.map +0 -1
package/esm/src/cli/commands/destroy.js +0 -340
package/esm/src/cli/commands/doctor.d.ts.map +0 -1
package/esm/src/cli/commands/doctor.js +0 -141
package/esm/src/cli/commands/status.d.ts.map +0 -1
package/esm/src/cli/commands/status.js +0 -152
package/esm/src/cli/mod.d.ts.map +0 -1
package/esm/src/credentials.d.ts.map +0 -1
package/esm/src/discovery.d.ts.map +0 -1
package/esm/src/guard.d.ts.map +0 -1
package/esm/src/providers/fly.d.ts +0 -76
package/esm/src/providers/fly.d.ts.map +0 -1
package/esm/src/providers/fly.js +0 -407
package/esm/src/providers/tailscale.d.ts +0 -31
package/esm/src/providers/tailscale.d.ts.map +0 -1
package/esm/src/providers/tailscale.js +0 -189
package/esm/src/resolve.d.ts.map +0 -1
package/esm/src/schemas/config.d.ts +0 -5
package/esm/src/schemas/config.d.ts.map +0 -1
package/esm/src/schemas/config.js +0 -22
package/esm/src/schemas/fly.d.ts.map +0 -1
package/esm/src/schemas/tailscale.d.ts.map +0 -1
package/esm/src/template.d.ts.map +0 -1
/package/esm/{src/cli → cli}/commands/doctor.d.ts +0 -0
/package/esm/{src/cli → cli}/commands/list.d.ts +0 -0
/package/esm/{src/cli → cli}/commands/status.d.ts +0 -0
/package/esm/{src/cli → cli}/mod.d.ts +0 -0
/package/esm/src/{docker/router → router}/fly.toml +0 -0

package/esm/{src → util}/discovery.js RENAMED Viewed

@@ -12,23 +12,18 @@
 // Commands compose them into whatever view they need.
 //
 // =============================================================================
-import "../_dnt.polyfills.js";
-import { getRouterSuffix, getWorkloadAppName } from "./providers/fly.js";
-import { extractSubnet } from "./schemas/config.js";
-// =============================================================================
-// Constants
-// =============================================================================
-const ROUTER_APP_PREFIX = "ambit-";
-const DEFAULT_NETWORK = "default";
+import { getRouterSuffix, getWorkloadAppName } from "./naming.js";
+import { extractSubnet } from "./fly-transforms.js";
+import { DEFAULT_FLY_NETWORK, ROUTER_APP_PREFIX, } from "./constants.js";
 // =============================================================================
 // 1. Which routers exist? (Fly REST API)
 // =============================================================================
 /** List all ambit apps on custom networks in an org. */
 export const listRouterApps = async (fly, org) => {
-    const apps = await fly.listAppsWithNetwork(org);
+    const apps = await fly.apps.listWithNetwork(org);
     return apps
         .filter((app) => app.name.startsWith(ROUTER_APP_PREFIX) &&
-        app.network !== DEFAULT_NETWORK)
+        app.network !== DEFAULT_FLY_NETWORK)
         .map((app) => ({
         appName: app.name,
         network: app.network,
@@ -43,7 +38,7 @@ export const findRouterApp = async (fly, org, network) => {
 };
 /** List all non-router apps on a specific custom network in an org. */
 export const listWorkloadAppsOnNetwork = async (fly, org, network) => {
-    const apps = await fly.listAppsWithNetwork(org);
+    const apps = await fly.apps.listWithNetwork(org);
     return apps
         .filter((app) => !app.name.startsWith(ROUTER_APP_PREFIX) &&
         app.network === network)
@@ -57,10 +52,10 @@ export const listWorkloadAppsOnNetwork = async (fly, org, network) => {
  *  When a network is provided, resolves the router-suffixed Fly app name
  *  (e.g. "thing" on network "lab" with routerId "abc123" → "thing-abc123"). */
 export const findWorkloadApp = async (fly, org, appName, network) => {
-    const apps = await fly.listAppsWithNetwork(org);
+    const apps = await fly.apps.listWithNetwork(org);
     const workloads = apps
         .filter((app) => !app.name.startsWith(ROUTER_APP_PREFIX) &&
-        app.network !== DEFAULT_NETWORK)
+        app.network !== DEFAULT_FLY_NETWORK)
         .map((app) => ({
         appName: app.name,
         network: app.network,
@@ -86,7 +81,7 @@ export const findWorkloadApp = async (fly, org, appName, network) => {
 // =============================================================================
 /** Get machine info for a router app. Returns null if no machines exist. */
 export const getRouterMachineInfo = async (fly, appName) => {
-    const machines = await fly.listMachines(appName);
+    const machines = await fly.machines.list(appName);
     const machine = machines[0];
     if (!machine)
         return null;
@@ -105,7 +100,7 @@ export const getRouterMachineInfo = async (fly, appName) => {
 /** Get tailscale device info for a router. Returns null if not found. */
 export const getRouterTailscaleInfo = async (tailscale, appName) => {
     try {
-        const device = await tailscale.getDeviceByHostname(appName);
+        const device = await tailscale.devices.getByHostname(appName);
         if (!device)
             return null;
         return {
@@ -119,3 +114,17 @@ export const getRouterTailscaleInfo = async (tailscale, appName) => {
         return null;
     }
 };
+/**
+ * Discover all routers in an org and hydrate each with machine + Tailscale state.
+ * Shows a spinner while fetching. Fetches all routers in parallel.
+ */
+export const discoverRouters = async (out, fly, tailscale, org) => {
+    const spinner = out.spinner("Discovering Routers");
+    const routerApps = await listRouterApps(fly, org);
+    spinner.success(`Found ${routerApps.length} Router${routerApps.length !== 1 ? "s" : ""}`);
+    return Promise.all(routerApps.map(async (app) => ({
+        ...app,
+        machine: await getRouterMachineInfo(fly, app.appName),
+        tailscale: await getRouterTailscaleInfo(tailscale, app.appName),
+    })));
+};

package/esm/util/fly-transforms.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+import type { FlyMachine } from "../schemas/fly.js";
+import { type FlyMachineGuestSchema } from "../schemas/fly.js";
+import type { z } from "../deps/jsr.io/@zod/zod/4.3.6/src/index.js";
+/**
+ * Map Fly machine state to internal state.
+ * Fly states: created, starting, started, stopping, stopped, destroying, destroyed
+ */
+export declare const mapFlyMachineState: (flyState: string) => "creating" | "running" | "frozen" | "failed";
+/**
+ * Map Fly guest config to machine size enum.
+ */
+export declare const mapFlyMachineSize: (guest?: z.infer<typeof FlyMachineGuestSchema>) => "shared-cpu-1x" | "shared-cpu-2x" | "shared-cpu-4x";
+import type { MachineResult } from "../providers/fly.js";
+/** Map raw Fly machines to internal MachineResult format. */
+export declare const mapMachines: (raw: FlyMachine[]) => MachineResult[];
+import type { MachineSize } from "../providers/fly.js";
+export declare const getSizeConfig: (size: MachineSize) => {
+    cpus: number;
+    memoryMb: number;
+};
+/**
+ * Pull the last non-empty, non-decoration line from fly stderr.
+ * Fly often prints progress lines then the actual error at the end.
+ */
+export declare const extractErrorDetail: (stderr: string) => string;
+export declare const extractSubnet: (privateIp: string) => string;
+//# sourceMappingURL=fly-transforms.d.ts.map

package/esm/util/fly-transforms.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"fly-transforms.d.ts","sourceRoot":"","sources":["../../src/util/fly-transforms.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,KAAK,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,4CAA4C,CAAC;AAMpE;;;GAGG;AACH,eAAO,MAAM,kBAAkB,GAC7B,UAAU,MAAM,KACf,UAAU,GAAG,SAAS,GAAG,QAAQ,GAAG,QAiBtC,CAAC;AAMF;;GAEG;AACH,eAAO,MAAM,iBAAiB,GAC5B,QAAQ,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,KAC5C,eAAe,GAAG,eAAe,GAAG,eAOtC,CAAC;AAMF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEzD,6DAA6D;AAC7D,eAAO,MAAM,WAAW,GAAI,KAAK,UAAU,EAAE,KAAG,aAAa,EAQ5D,CAAC;AAMF,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEvD,eAAO,MAAM,aAAa,GACxB,MAAM,WAAW,KAChB;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CASlC,CAAC;AAMF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,GAAI,QAAQ,MAAM,KAAG,MAOnD,CAAC;AAMF,eAAO,MAAM,aAAa,GAAI,WAAW,MAAM,KAAG,MAKjD,CAAC"}

package/esm/util/fly-transforms.js ADDED Viewed

@@ -0,0 +1,87 @@
+// =============================================================================
+// Fly Transforms — Pure Data Transformations
+// =============================================================================
+// =============================================================================
+// Machine State Mapping
+// =============================================================================
+/**
+ * Map Fly machine state to internal state.
+ * Fly states: created, starting, started, stopping, stopped, destroying, destroyed
+ */
+export const mapFlyMachineState = (flyState) => {
+    switch (flyState.toLowerCase()) {
+        case "started":
+            return "running";
+        case "stopped":
+        case "suspended":
+            return "frozen";
+        case "created":
+        case "starting":
+            return "creating";
+        case "destroying":
+        case "destroyed":
+        case "failed":
+            return "failed";
+        default:
+            return "creating";
+    }
+};
+// =============================================================================
+// Machine Size Mapping
+// =============================================================================
+/**
+ * Map Fly guest config to machine size enum.
+ */
+export const mapFlyMachineSize = (guest) => {
+    if (!guest)
+        return "shared-cpu-1x";
+    const cpus = guest.cpus;
+    if (cpus >= 4)
+        return "shared-cpu-4x";
+    if (cpus >= 2)
+        return "shared-cpu-2x";
+    return "shared-cpu-1x";
+};
+/** Map raw Fly machines to internal MachineResult format. */
+export const mapMachines = (raw) => {
+    return raw.map((m) => ({
+        id: m.id,
+        state: mapFlyMachineState(m.state),
+        size: mapFlyMachineSize(m.config?.guest),
+        region: m.region,
+        privateIp: m.private_ip,
+    }));
+};
+export const getSizeConfig = (size) => {
+    switch (size) {
+        case "shared-cpu-1x":
+            return { cpus: 1, memoryMb: 1024 };
+        case "shared-cpu-2x":
+            return { cpus: 2, memoryMb: 2048 };
+        case "shared-cpu-4x":
+            return { cpus: 4, memoryMb: 4096 };
+    }
+};
+// =============================================================================
+// Error Detail Extraction
+// =============================================================================
+/**
+ * Pull the last non-empty, non-decoration line from fly stderr.
+ * Fly often prints progress lines then the actual error at the end.
+ */
+export const extractErrorDetail = (stderr) => {
+    const lines = stderr
+        .split("\n")
+        .map((l) => l.replace(/\x1b\[[0-9;]*m/g, "").trim())
+        .filter((l) => l.length > 0 && !l.startsWith("-->") && l !== "Error");
+    return lines[lines.length - 1] ?? "unknown error";
+};
+// =============================================================================
+// Subnet Extraction
+// =============================================================================
+export const extractSubnet = (privateIp) => {
+    // privateIp format: fdaa:X:XXXX::Y
+    // Extract first 3 hextets and append ::/48
+    const parts = privateIp.split(":");
+    return `${parts[0]}:${parts[1]}:${parts[2]}::/48`;
+};

package/esm/{src → util}/guard.d.ts RENAMED Viewed

@@ -1,5 +1,4 @@
-import "../_dnt.polyfills.js";
-import type { FlyProvider } from "./providers/fly.js";
+import type { FlyProvider } from "../providers/fly.js";
 /**
  * Returns true if the given name is a public TLD (case-insensitive).
  * Used to prevent creating networks that would shadow real DNS.

package/esm/util/guard.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"guard.d.ts","sourceRoot":"","sources":["../../src/util/guard.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAsLvD;;;GAGG;AACH,eAAO,MAAM,WAAW,GAAI,MAAM,MAAM,KAAG,OACN,CAAC;AAMtC,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,iBAAiB;IAChC,mBAAmB,EAAE,MAAM,CAAC;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,mBAAmB,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACjE,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAMD;;;GAGG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAOjD;AAMD;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,eAAe,CA8ChE;AAMD;;;GAGG;AACH,wBAAsB,WAAW,CAC/B,GAAG,EAAE,WAAW,EAChB,GAAG,EAAE,MAAM,EACX,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,iBAAiB,CAAC,CA4F5B"}

package/esm/{src → util}/guard.js RENAMED Viewed

@@ -9,8 +9,8 @@
 //   - auditDeploy: post-deploy check that releases public IPs and reports
 //
 // =============================================================================
-import "../_dnt.polyfills.js";
 import { parse as parseToml } from "../deps/jsr.io/@std/toml/1.0.11/mod.js";
+import { ROUTER_APP_PREFIX } from "./constants.js";
 // =============================================================================
 // Public TLD Blocklist (source: https://data.iana.org/TLD/tlds-alpha-by-domain.txt)
 // =============================================================================
@@ -201,7 +201,7 @@ export const isPublicTld = (name) => PUBLIC_TLDS.has(name.toLowerCase());
  * Workload apps must not start with the ambit- prefix.
  */
 export function assertNotRouter(app) {
-    if (app.startsWith("ambit-")) {
+    if (app.startsWith(ROUTER_APP_PREFIX)) {
         throw new Error("Cannot deploy ambit infrastructure apps (ambit-* prefix). " +
             "Use 'ambit create' to manage routers.");
     }
@@ -235,23 +235,21 @@ export function scanFlyToml(tomlContent) {
         result.errors.push("http_service.force_https is enabled. " +
             "This implies public HTTPS which is incompatible with Flycast-only deployment.");
     }
-    // Check [[services]] for TLS on 443 — dangerous if a public IP were ever added
-    const services = parsed.services;
-    if (Array.isArray(services)) {
-        result.warnings.push("fly.toml uses [[services]] blocks. Consider migrating to [http_service].");
-        for (const svc of services) {
-            const ports = svc.ports;
+    // Check [[services]] for TLS handler on port 443
+    if (Array.isArray(parsed.services)) {
+        const hasTlsHandler = parsed.services.some((svc) => {
+            const ports = svc?.ports;
             if (!Array.isArray(ports))
-                continue;
-            for (const port of ports) {
-                const handlers = port.handlers;
-                if (port.port === 443 &&
-                    Array.isArray(handlers) &&
-                    handlers.includes("tls")) {
-                    result.errors.push("Service has TLS handler on port 443. " +
-                        "This is designed for public HTTPS and incompatible with Flycast-only deployment.");
-                }
-            }
+                return false;
+            return ports.some((p) => {
+                const port = p;
+                const handlers = port?.handlers;
+                return Array.isArray(handlers) && handlers.includes("tls") &&
+                    port?.port === 443;
+            });
+        });
+        if (hasTlsHandler) {
+            result.errors.push("TLS Handler on Port 443 Is Incompatible with Flycast-Only Deployment.");
         }
     }
     return result;
@@ -271,7 +269,7 @@ export async function auditDeploy(fly, app, targetNetwork) {
         warnings: [],
     };
     // Phase 1: Check and clean IPs — only keep Flycast on the target network
-    const ips = await fly.listIps(app);
+    const ips = await fly.ips.list(app);
     for (const ip of ips) {
         const ipNetwork = ip.Network?.Name || "default";
         if (ip.Type === "private_v6" && ipNetwork === targetNetwork) {
@@ -283,23 +281,23 @@ export async function auditDeploy(fly, app, targetNetwork) {
         }
         else if (ip.Type === "private_v6") {
             // Flycast on wrong network (e.g. default from --flycast flag) — release
-            await fly.releaseIp(app, ip.Address);
+            await fly.ips.release(app, ip.Address);
             result.warnings.push(`Released Flycast IP ${ip.Address} on wrong network '${ipNetwork}' (expected '${targetNetwork}')`);
         }
         else {
             // Public IP — release immediately
-            await fly.releaseIp(app, ip.Address);
+            await fly.ips.release(app, ip.Address);
             result.public_ips_released++;
         }
     }
     // Phase 2: Remove auto-generated .fly.dev certs to keep the app fully private
-    const certs = await fly.listCerts(app);
+    const certs = await fly.certs.list(app);
     for (const hostname of certs) {
-        await fly.removeCert(app, hostname);
+        await fly.certs.remove(app, hostname);
         result.certs_removed++;
     }
     // Phase 3: Inspect merged config for dangerous patterns
-    const config = await fly.getConfig(app);
+    const config = await fly.apps.getConfig(app);
     if (config) {
         const services = config.services;
         if (Array.isArray(services) && services.length > 0) {
@@ -320,10 +318,12 @@ export async function auditDeploy(fly, app, targetNetwork) {
     // Phase 4: Verify Flycast allocation on target network
     const hasTargetFlycast = result.flycast_allocations.some((a) => a.network === targetNetwork);
     if (!hasTargetFlycast) {
-        // Allocate on the target network
-        await fly.allocateFlycastIp(app, targetNetwork);
+        // Allocate on the target network, then re-list to get the actual address
+        await fly.ips.allocateFlycast(app, targetNetwork);
+        const refreshed = await fly.ips.list(app);
+        const newIp = refreshed.find((ip) => ip.Type === "private_v6" && ip.Network?.Name === targetNetwork);
         result.flycast_allocations.push({
-            address: "(newly allocated)",
+            address: newIp?.Address ?? "allocated",
             network: targetNetwork,
         });
     }

package/esm/util/naming.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export declare const getRouterAppName: (network: string, randomSuffix: string) => string;
+export declare const getRouterSuffix: (routerAppName: string, network: string) => string;
+export declare const getWorkloadAppName: (name: string, routerId: string) => string;
+export declare const getRouterTag: (network: string) => string;
+//# sourceMappingURL=naming.d.ts.map

package/esm/util/naming.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"naming.d.ts","sourceRoot":"","sources":["../../src/util/naming.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,gBAAgB,GAC3B,SAAS,MAAM,EACf,cAAc,MAAM,KACnB,MAEF,CAAC;AAEF,eAAO,MAAM,eAAe,GAC1B,eAAe,MAAM,EACrB,SAAS,MAAM,KACd,MAGF,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAC7B,MAAM,MAAM,EACZ,UAAU,MAAM,KACf,MAEF,CAAC;AAEF,eAAO,MAAM,YAAY,GAAI,SAAS,MAAM,KAAG,MAAgC,CAAC"}

package/esm/util/naming.js ADDED Viewed

@@ -0,0 +1,12 @@
+import { ROUTER_APP_PREFIX } from "./constants.js";
+export const getRouterAppName = (network, randomSuffix) => {
+    return `${ROUTER_APP_PREFIX}${network}-${randomSuffix}`;
+};
+export const getRouterSuffix = (routerAppName, network) => {
+    const prefix = `${ROUTER_APP_PREFIX}${network}-`;
+    return routerAppName.slice(prefix.length);
+};
+export const getWorkloadAppName = (name, routerId) => {
+    return `${name}-${routerId}`;
+};
+export const getRouterTag = (network) => `tag:ambit-${network}`;

package/esm/{src → util}/resolve.d.ts RENAMED Viewed

@@ -1,11 +1,10 @@
-import "../_dnt.polyfills.js";
 import type { Output } from "../lib/output.js";
-import type { FlyProvider } from "./providers/fly.js";
+import type { FlyProvider } from "../providers/fly.js";
 /**
  * Resolve Fly.io organization: --org flag → single org auto-select → prompt.
  */
 export declare const resolveOrg: (fly: FlyProvider, args: {
     org?: string;
     json?: boolean;
-}, out: Output<Record<string, unknown>>) => Promise<string>;
+}, out: Output<any>) => Promise<string>;
 //# sourceMappingURL=resolve.d.ts.map

package/esm/util/resolve.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"resolve.d.ts","sourceRoot":"","sources":["../../src/util/resolve.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAMvD;;GAEG;AACH,eAAO,MAAM,UAAU,GACrB,KAAK,WAAW,EAChB,MAAM;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,EACtC,KAAK,MAAM,CAAC,GAAG,CAAC,KACf,OAAO,CAAC,MAAM,CA6BhB,CAAC"}

package/esm/{src → util}/resolve.js RENAMED Viewed

@@ -1,7 +1,6 @@
 // =============================================================================
 // Resolve - Org Resolution Helper
 // =============================================================================
-import "../_dnt.polyfills.js";
 import { prompt } from "../lib/cli.js";
 // =============================================================================
 // Resolve Org
@@ -15,7 +14,7 @@ export const resolveOrg = async (fly, args, out) => {
     if (args.json) {
         return out.die("--org Is Required in JSON Mode");
     }
-    const orgs = await fly.listOrgs();
+    const orgs = await fly.orgs.list();
     const orgSlugs = Object.keys(orgs);
     if (orgSlugs.length === 0) {
         return out.die("No Fly.io Organizations Found");

package/esm/util/session.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { type FlyProvider } from "../providers/fly.js";
+import { type TailscaleProvider } from "../providers/tailscale.js";
+import type { Output } from "../lib/output.js";
+/**
+ * Bootstrap the three shared prerequisites every command needs:
+ * validates fly CLI + Tailscale key, authenticates with Fly, and resolves org.
+ */
+export declare const initSession: <T extends Record<string, unknown>>(out: Output<T>, opts: {
+    json: boolean;
+    org?: string;
+}) => Promise<{
+    fly: FlyProvider;
+    tailscale: TailscaleProvider;
+    org: string;
+}>;
+//# sourceMappingURL=session.d.ts.map

package/esm/util/session.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/util/session.ts"],"names":[],"mappings":"AAIA,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAC1E,OAAO,EAEL,KAAK,iBAAiB,EACvB,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAI/C;;;GAGG;AACH,eAAO,MAAM,WAAW,GAAU,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjE,KAAK,MAAM,CAAC,CAAC,CAAC,EACd,MAAM;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,KACpC,OAAO,CAAC;IAAE,GAAG,EAAE,WAAW,CAAC;IAAC,SAAS,EAAE,iBAAiB,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAOzE,CAAC"}

package/esm/util/session.js ADDED Viewed

@@ -0,0 +1,19 @@
+// =============================================================================
+// Session — Shared Prerequisites Initialization
+// =============================================================================
+import { createFlyProvider } from "../providers/fly.js";
+import { createTailscaleProvider, } from "../providers/tailscale.js";
+import { checkDependencies } from "./credentials.js";
+import { resolveOrg } from "./resolve.js";
+/**
+ * Bootstrap the three shared prerequisites every command needs:
+ * validates fly CLI + Tailscale key, authenticates with Fly, and resolves org.
+ */
+export const initSession = async (out, opts) => {
+    const { tailscaleKey } = await checkDependencies(out);
+    const fly = createFlyProvider();
+    await fly.auth.login({ interactive: !opts.json });
+    const tailscale = createTailscaleProvider(tailscaleKey);
+    const org = await resolveOrg(fly, opts, out);
+    return { fly, tailscale, org };
+};

package/esm/util/tailscale-local.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import type { TailscaleDevice } from "../schemas/tailscale.js";
+import type { TailscaleProvider } from "../providers/tailscale.js";
+export declare const isTailscaleInstalled: () => Promise<boolean>;
+export declare const isAcceptRoutesEnabled: () => Promise<boolean>;
+/**
+ * Enable accept-routes on the local client.
+ * Returns true if successful, false if it failed (likely permissions).
+ */
+export declare const enableAcceptRoutes: () => Promise<boolean>;
+export declare const waitForDevice: (provider: TailscaleProvider, hostname: string, timeoutMs?: number) => Promise<TailscaleDevice>;
+export declare const isTagOwnerConfigured: (policy: Record<string, unknown> | null, tag: string) => boolean;
+export declare const isAutoApproverConfigured: (policy: Record<string, unknown> | null, tag: string) => boolean;
+//# sourceMappingURL=tailscale-local.d.ts.map

package/esm/util/tailscale-local.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tailscale-local.d.ts","sourceRoot":"","sources":["../../src/util/tailscale-local.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAMnE,eAAO,MAAM,oBAAoB,QAAa,OAAO,CAAC,OAAO,CAE5D,CAAC;AAEF,eAAO,MAAM,qBAAqB,QAAa,OAAO,CAAC,OAAO,CAM7D,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,QAAa,OAAO,CAAC,OAAO,CAG1D,CAAC;AAMF,eAAO,MAAM,aAAa,GACxB,UAAU,iBAAiB,EAC3B,UAAU,MAAM,EAChB,YAAW,MAAe,KACzB,OAAO,CAAC,eAAe,CAazB,CAAC;AAMF,eAAO,MAAM,oBAAoB,GAC/B,QAAQ,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,EACtC,KAAK,MAAM,KACV,OASF,CAAC;AAEF,eAAO,MAAM,wBAAwB,GACnC,QAAQ,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,EACtC,KAAK,MAAM,KACV,OAgBF,CAAC"}

package/esm/util/tailscale-local.js ADDED Viewed

@@ -0,0 +1,63 @@
+// =============================================================================
+// Tailscale Local — CLI Operations + Pure Policy Checks
+// =============================================================================
+import { commandExists, die } from "../lib/cli.js";
+import { runCommand } from "../lib/command.js";
+// =============================================================================
+// Local CLI Operations
+// =============================================================================
+export const isTailscaleInstalled = async () => {
+    return await commandExists("tailscale");
+};
+export const isAcceptRoutesEnabled = async () => {
+    const result = await runCommand(["tailscale", "debug", "prefs"]);
+    return result.json().match({
+        ok: (prefs) => prefs.RouteAll === true,
+        err: () => false,
+    });
+};
+/**
+ * Enable accept-routes on the local client.
+ * Returns true if successful, false if it failed (likely permissions).
+ */
+export const enableAcceptRoutes = async () => {
+    const result = await runCommand(["tailscale", "set", "--accept-routes"]);
+    return result.ok;
+};
+// =============================================================================
+// Wait for Device
+// =============================================================================
+export const waitForDevice = async (provider, hostname, timeoutMs = 120000) => {
+    const startTime = Date.now();
+    const pollInterval = 5000;
+    while (Date.now() - startTime < timeoutMs) {
+        const device = await provider.devices.getByHostname(hostname);
+        if (device) {
+            return device;
+        }
+        await new Promise((resolve) => setTimeout(resolve, pollInterval));
+    }
+    return die(`Timeout Waiting for Device '${hostname}'`);
+};
+// =============================================================================
+// Pure Policy Checks
+// =============================================================================
+export const isTagOwnerConfigured = (policy, tag) => {
+    if (!policy)
+        return false;
+    const tagOwners = policy.tagOwners;
+    if (!tagOwners)
+        return false;
+    return tag in tagOwners;
+};
+export const isAutoApproverConfigured = (policy, tag) => {
+    if (!policy)
+        return false;
+    const autoApprovers = policy.autoApprovers;
+    if (!autoApprovers)
+        return false;
+    const routes = autoApprovers.routes;
+    if (!routes)
+        return false;
+    return Object.values(routes).some((approvers) => Array.isArray(approvers) && approvers.includes(tag));
+};

package/esm/{src → util}/template.d.ts RENAMED Viewed

@@ -1,4 +1,3 @@
-import "../_dnt.polyfills.js";
 import { Result } from "../lib/result.js";
 /** Parsed GitHub template reference. */
 export interface TemplateRef {

package/esm/util/template.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"template.d.ts","sourceRoot":"","sources":["../../src/util/template.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAM1C,wCAAwC;AACxC,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,GAAG,SAAS,CAAC;CACzB;AAED,iDAAiD;AACjD,MAAM,MAAM,mBAAmB,GAAG,MAAM,CACtC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,CACzC,CAAC;AAyBF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,gBAAgB,GAAI,KAAK,MAAM,KAAG,WAAW,GAAG,IAyB5D,CAAC;AAMF;;;;;;;;;GASG;AACH,eAAO,MAAM,aAAa,GACxB,KAAK,WAAW,KACf,OAAO,CAAC,mBAAmB,CAqG7B,CAAC"}

package/esm/{src → util}/template.js RENAMED Viewed

@@ -14,7 +14,6 @@
 //   ToxicPine/ambit-templates/cdp@main     → explicit branch
 //
 // =============================================================================
-import "../_dnt.polyfills.js";
 import * as dntShim from "../_dnt.shims.js";
 import { join } from "../deps/jsr.io/@std/path/1.1.4/mod.js";
 import { runCommand } from "../lib/command.js";

package/package.json CHANGED Viewed

@@ -1,56 +1,8 @@
 {
   "name": "@cardelli/ambit",
-  "version": "0.1.5",
+  "version": "0.2.0",
   "description": "Deploy apps to the cloud that only you and your AI agents can reach",
   "license": "MIT",
-  "module": "./esm/src/providers/fly.js",
-  "exports": {
-    "./providers/fly": {
-      "import": "./esm/src/providers/fly.js"
-    },
-    "./providers/tailscale": {
-      "import": "./esm/src/providers/tailscale.js"
-    },
-    "./schemas/config": {
-      "import": "./esm/src/schemas/config.js"
-    },
-    "./schemas/fly": {
-      "import": "./esm/src/schemas/fly.js"
-    },
-    "./schemas/tailscale": {
-      "import": "./esm/src/schemas/tailscale.js"
-    },
-    "./lib/cli": {
-      "import": "./esm/lib/cli.js"
-    },
-    "./lib/command": {
-      "import": "./esm/lib/command.js"
-    },
-    "./lib/output": {
-      "import": "./esm/lib/output.js"
-    },
-    "./lib/result": {
-      "import": "./esm/lib/result.js"
-    },
-    "./lib/paths": {
-      "import": "./esm/lib/paths.js"
-    },
-    "./src/credentials": {
-      "import": "./esm/src/credentials.js"
-    },
-    "./src/discovery": {
-      "import": "./esm/src/discovery.js"
-    },
-    "./src/guard": {
-      "import": "./esm/src/guard.js"
-    },
-    "./src/resolve": {
-      "import": "./esm/src/resolve.js"
-    },
-    "./src/template": {
-      "import": "./esm/src/template.js"
-    }
-  },
   "scripts": {},
   "bin": {
     "ambit": "./esm/main.js"

package/esm/lib/paths.d.ts DELETED Viewed

@@ -1,3 +0,0 @@
-import "../_dnt.polyfills.js";
-export declare const getRouterDockerDir: () => string;
-//# sourceMappingURL=paths.d.ts.map

package/esm/lib/paths.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"paths.d.ts","sourceRoot":"","sources":["../../src/lib/paths.ts"],"names":[],"mappings":"AAGA,OAAO,sBAAsB,CAAC;AAG9B,eAAO,MAAM,kBAAkB,QAAO,MACqB,CAAC"}

package/esm/lib/paths.js DELETED Viewed

@@ -1,5 +0,0 @@
-// =============================================================================
-// Path Helpers - Locate Package Resources
-// =============================================================================
-import "../_dnt.polyfills.js";
-export const getRouterDockerDir = () => new URL("../src/docker/router", globalThis[Symbol.for("import-meta-ponyfill-esmodule")](import.meta).url).pathname;

package/esm/src/cli/commands/create.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- export {};
2	- //# sourceMappingURL=create.d.ts.map

package/esm/src/cli/commands/create.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../../../src/src/cli/commands/create.ts"],"names":[],"mappings":""}