@cardelli/ambit 0.2.0 → 0.2.2

package/README.md

@@ -0,0 +1,261 @@
+# Ambit
+
+Ambit lets you deploy apps (databases, internal tools, dashboards) that live in the cloud but are completely inaccessible to strangers. For example: you build something on your laptop and want to reach it from your phone. With Ambit, that just works: a random person on the internet cannot access it, but any device you own can.
+
+## The Problem
+
+Putting a database or dashboard on the public internet forces you to build login pages, configure firewalls, and worry about bots scanning your IP. Even when you do it right, you've spent hours on plumbing that has nothing to do with what you were actually trying to build.
+
+## The Solution: "Cloud Localhost"
+
+Ambit bridges two services: [Fly.io](https://fly.io) (where your apps run) and [Tailscale](https://tailscale.com) (a VPN that links your devices into a private network). Unlike a typical VPN that hides your browsing or spoofs your location, Tailscale creates a sealed private network: devices you enroll can connect to each other, and devices you haven't enrolled cannot. Ambit deploys your apps inside that sealed network, so they are only reachable from devices you have explicitly added to it. A stranger on the internet cannot connect to your app any more than they can connect to a server running on your laptop — there is simply no route to it from the outside.
+
+- **No Login Pages to Build.** If your device is enrolled with your Tailscale
+  account, you can access the app. If it isn't, the connection is refused before   the app ever sees it. You never have to write a login page.
+- **No Security Auditing To Do.** A database with a weak password, an admin
+  panel with no login, an API with no rate limiting — all of these are fine,   because the only machines that can connect are ones you already trust.
+- **Human-Readable Addresses.** Your apps get names like
+  `http://my-dashboard.lab` instead of IP addresses.
+
+## Networks with Human-Readable Addresses (Ambits)
+
+Each private network you create is called an ambit, and every app you deploy to it gets an address under that network's name — so `http://my-dashboard.lab` means the `my-dashboard` app on the `lab` ambit. These addresses work for anyone on your Tailscale network, which means you can share them with teammates and they just work, no extra configuration needed.
+
+You can create as many ambits as you want, and through Tailscale's ACL settings you can decide precisely which of your devices or users can reach each one, as well as which ambits are allowed to talk to each other. You might, for example, give your whole team access to a `staging` ambit while keeping a `personal` ambit entirely to yourself.
+
+## Why You Need This
+
+### For the "Person with an AI Agent"
+
+If you use Claude Code or OpenClaw, you want the agent to deploy things for testing. Giving it full cloud access is risky since it might deploy a public app with no password.
+
+With Ambit, the agent deploys to `http://test-app.sandbox`. You can see it, the agent can see it, and nobody else knows it exists.
+
+### For the Developer
+
+Setting up auth for a personal tool is a tedious barrier. Run `ambit deploy my-tool.lab` and the app is live and secure in minutes. The architecture enforces security so your config doesn't have to.
+
+## How It Works
+
+1. Ambit creates an encrypted tunnel between your machine and the cloud using    Tailscale. 2. Your apps deploy into that tunnel. 3. Any device on your Tailscale network can reach them.
+
+## Quick Start
+
+### 1. Install
+
+```bash
+npx @cardelli/ambit --help
+```
+
+### 2. Create a Network
+
+```bash
+npx @cardelli/ambit create lab
+```
+
+### 3. Deploy an App
+
+```bash
+npx @cardelli/ambit deploy my-crazy-site.lab
+```
+
+### 4. Visit It
+
+Open `http://my-crazy-site.lab`. It works for you and nobody else.
+
+## Commands
+
+### `ambit create <network>`
+
+This is the first command you run, it sets up your private network: a named slice of the cloud that only your devices can reach. Under the hood it handles Fly.io and Tailscale authentication, deploys the router, sets up DNS, and configures your local machine to accept the new routes.
+
+| Flag                   | Description                                                |
+| ---------------------- | ---------------------------------------------------------- |
+| `--org <org>`          | Fly.io organization slug                                   |
+| `--region <region>`    | Fly.io region (default: `iad`)                             |
+| `--api-key <key>`      | Tailscale API access token (tskey-api-...)                 |
+| `--tag <tag>`          | Tailscale ACL tag for the router (default: `tag:ambit-<network>`) |
+| `--no-auto-approve`    | Skip waiting for router and approving routes               |
+| `-y`, `--yes`          | Skip confirmation prompts                                  |
+| `--json`               | Machine-readable JSON output (implies `--no-auto-approve`) |
+
+### `ambit deploy <app>.<network>`
+
+This puts an app onto your private network. This is what you run whenever you want to host something. If the app doesn't exist yet, ambit creates it on the right network for you. The network can be specified as part of the name (`my-app.lab`) or with `--network` (`my-app --network lab`).
+
+Before deploying, ambit scans your config for settings that don't make sense on a private network (like `force_https`, which only matters for public traffic). After deploying, it checks that no public IPs were allocated, releases any that were, and verifies the app has a private address on the network you specified.
+
+There are three deployment modes. They are mutually exclusive — you can only use one at a time.
+
+#### Config mode (default)
+
+Deploy from a `fly.toml`. If you don't pass `--config`, ambit looks for a `fly.toml` in the current directory.
+
+```bash
+npx @cardelli/ambit deploy my-app.lab
+npx @cardelli/ambit deploy my-app.lab --config ./my-config/fly.toml
+```
+
+| Flag               | Description                       |
+| ------------------ | --------------------------------- |
+| `--config <path>`  | Explicit fly.toml path (optional) |
+
+#### Image mode
+
+Deploy a Docker image directly, without needing a `fly.toml`. Ambit generates a minimal config for you with auto start/stop enabled.
+
+```bash
+npx @cardelli/ambit deploy my-app.lab --image registry/img:latest
+npx @cardelli/ambit deploy my-app.lab --image registry/img:latest --main-port 3000
+```
+
+| Flag                 | Description                                                                  |
+| -------------------- | ---------------------------------------------------------------------------- |
+| `--image <img>`      | Docker image to deploy (required)                                            |
+| `--main-port <port>` | Internal port for the HTTP service (default: `80`, `none` to skip)           |
+
+#### Template mode
+
+Fetch a ready-made configuration from GitHub and deploy it. The reference format is `owner/repo/path[@ref]` — pin to a tag, branch, or commit with `@`.
+
+```bash
+npx @cardelli/ambit deploy my-browser.lab --template ToxicPine/ambit-templates/chromatic
+npx @cardelli/ambit deploy my-browser.lab --template ToxicPine/ambit-templates/chromatic@v1.0
+```
+
+| Flag                | Description                                |
+| ------------------- | ------------------------------------------ |
+| `--template <ref>`  | GitHub template reference (required)       |
+
+#### Shared flags
+
+These work with all three modes.
+
+| Flag                  | Description                                                    |
+| --------------------- | -------------------------------------------------------------- |
+| `--network <name>`    | Target network                                                 |
+| `--org <org>`         | Fly.io organization slug                                       |
+| `--region <region>`   | Primary deployment region                                      |
+| `-y`, `--yes`         | Skip confirmation prompts                                      |
+| `--json`              | Machine-readable JSON output                                   |
+
+### `ambit status [network|app]`
+
+Without a subcommand, defaults to showing all routers (same as `status network`).
+
+#### `ambit status network [<name>]`
+
+Without a network name, shows a summary table of all routers. With a name, shows detailed status for a specific network: machine state, SOCKS proxy, Tailscale IP, subnet, and apps on the network.
+
+| Flag              | Description                    |
+| ----------------- | ------------------------------ |
+| `--org <org>`     | Fly.io organization slug       |
+| `--json`          | Machine-readable JSON output   |
+
+#### `ambit status app <app>.<network>`
+
+Shows detailed status for a specific app: machines, Flycast IPs, and the backing router.
+
+| Flag                 | Description                                  |
+| -------------------- | -------------------------------------------- |
+| `--network <name>`   | Target network (if not using dot syntax)     |
+| `--org <org>`        | Fly.io organization slug                     |
+| `--json`             | Machine-readable JSON output                 |
+
+### `ambit list`
+
+Lists all discovered routers across networks in a table showing the network name, app name, region, machine state, Tailscale connectivity status, and ACL tag.
+
+| Flag              | Description                    |
+| ----------------- | ------------------------------ |
+| `--org <org>`     | Fly.io organization slug       |
+| `--json`          | Machine-readable JSON output   |
+
+### `ambit destroy network <name>`
+
+Tears down a network: destroys the router, cleans up DNS, and removes the Tailscale device. If there are workload apps still on the network, ambit warns you before proceeding. Reminds you to clean up any ACL entries you added.
+
+| Flag              | Description                    |
+| ----------------- | ------------------------------ |
+| `--org <org>`     | Fly.io organization slug       |
+| `-y`, `--yes`     | Skip confirmation prompts      |
+| `--json`          | Machine-readable JSON output   |
+
+### `ambit destroy app <app>.<network>`
+
+Destroys a workload app on a network. The network can be specified as part of the name (`my-app.lab`) or with `--network` (`my-app --network lab`). Verifies the app exists on the specified network before destroying it.
+
+| Flag                 | Description                                  |
+| -------------------- | -------------------------------------------- |
+| `--network <name>`   | Target network (if not using dot syntax)     |
+| `--org <org>`        | Fly.io organization slug                     |
+| `-y`, `--yes`        | Skip confirmation prompts                    |
+| `--json`             | Machine-readable JSON output                 |
+
+### `ambit doctor [network|app]`
+
+This helps you diagnose issues, run it if something seems broken. It checks that Tailscale is running, routes are accepted, the router is healthy, and all parts of the system can talk to each other. Without a subcommand, defaults to checking all routers (same as `doctor network`).
+
+#### `ambit doctor network [<name>]`
+
+Checks router health. Without a network name, checks all routers. With a name, checks only the specified network. Also approves any unapproved subnet routes it finds.
+
+| Flag                 | Description                                  |
+| -------------------- | -------------------------------------------- |
+| `--network <name>`   | Alias for the positional `<name>` argument   |
+| `--org <org>`        | Fly.io organization slug                     |
+| `--json`             | Machine-readable JSON output                 |
+
+#### `ambit doctor app <app>.<network>`
+
+Checks app health: verifies the app is deployed and running, then checks the router for that network.
+
+| Flag                 | Description                                  |
+| -------------------- | -------------------------------------------- |
+| `--network <name>`   | Target network (if not using dot syntax)     |
+| `--org <org>`        | Fly.io organization slug                     |
+| `--json`             | Machine-readable JSON output                 |
+
+## Access Control
+
+Ambit doesn't touch your Tailscale ACL policy. After creating a router, it prints the exact policy entries you need so you can control who on your tailnet can reach which networks. By default, if you haven't restricted anything, all your devices can reach everything.
+
+If you want to lock it down, two rules do the job — one for DNS queries and one for data traffic:
+
+```jsonc
+{
+  "tagOwners": {
+    "tag:ambit-infra": ["autogroup:admin"]
+  },
+  "autoApprovers": {
+    "routes": {
+      "fdaa:X:XXXX::/48": ["tag:ambit-infra"]
+    }
+  },
+  "acls": [
+    {
+      "action": "accept",
+      "src": ["group:team"],
+      "dst": ["tag:ambit-infra:53"]
+    },
+    { "action": "accept", "src": ["group:team"], "dst": ["fdaa:X:XXXX::/48:*"] }
+  ]
+}
+```
+
+## Multiple Networks
+
+You can create as many networks as you want, and each one gets its own TLD on your tailnet. The SOCKS proxy on each router means containers on one network can reach services on another by going through the tailnet, so a browser on your `browsers` network can connect to a database on your `infra` network.
+
+```bash
+npx @cardelli/ambit create infra
+npx @cardelli/ambit create browsers
+```
+
+## Agent Skill
+
+Install the Ambit [skill](https://skills.sh) to give your AI coding agent reference documentation for all the CLI commands. Works with Claude Code, Cursor, Windsurf, and other AI coding agents:
+
+```bash
+npx skills add ToxicPine/ambit-skills --skill ambit-cli
+```

package/esm/cli/commands/create/index.js

@@ -12,7 +12,7 @@ import { isPublicTld } from "../../../util/guard.js";
 import { createFlyProvider, } from "../../../providers/fly.js";
 import { createTailscaleProvider, } from "../../../providers/tailscale.js";
 import { getCredentialStore } from "../../../util/credentials.js";
-import { FLY_PRIVATE_SUBNET, SOCKS_PROXY_PORT, TAILSCALE_API_KEY_PREFIX, } from "../../../util/constants.js";
+import { FLY_PRIVATE_SUBNET, TAILSCALE_API_KEY_PREFIX, } from "../../../util/constants.js";
 import { resolveOrg } from "../../../util/resolve.js";
 import { isAutoApproverConfigured, isTagOwnerConfigured } from "../../../util/tailscale-local.js";
 import { createTransition, hydrateCreate, reportSkipped, } from "./machine.js";
@@ -43,7 +43,7 @@ const stageTailscaleConfig = async (out, opts) => {
             return out.die("--api-key Is Required in JSON Mode");
         }
         out.dim("Ambit Needs an API Access Token (Not an Auth Key) to Manage Your Tailnet.")
-            .dim("Create One at: https://login.tailscale.com/admin/settings/keys")
+            .dim("Create One at:").link("  https://login.tailscale.com/admin/settings/keys")
             .blank();
         apiKey = await readSecret("API access token (tskey-api-...): ");
         if (!apiKey) {
@@ -66,35 +66,39 @@ const stageTailscaleConfig = async (out, opts) => {
     const policy = await tailscale.acl.getPolicy();
     const hasTagOwner = isTagOwnerConfigured(policy, opts.tag);
     if (!hasTagOwner) {
-        tagOwnerSpinner.fail(`Tag ${opts.tag} Not Configured in tagOwners`);
+        tagOwnerSpinner.fail(`${opts.tag} Not Set Up Yet`);
         out.blank()
-            .text(`  The Tag ${opts.tag} Does Not Exist in Your Tailscale ACL tagOwners.`)
-            .text("  Tailscale Will Reject Auth Keys for Undefined Tags.")
+            .text(`  You need to grant yourself permission to create the "${opts.network}"`)
+            .text(`  network by setting up ${opts.tag} in Tailscale.`)
             .blank()
-            .text("  Add This Tag in Your Tailscale ACL Settings:")
-            .dim("  https://login.tailscale.com/admin/acls/visual/tags")
+            .text(`  You can create the tag and assign it to yourself or a group`)
+            .text(`  you're a part of in the Tailscale dashboard:`)
+            .link("  https://login.tailscale.com/admin/acls/visual/tags")
             .blank()
+            .dim("  Or you can do it manually in the JSON editor:")
+            .link("  https://login.tailscale.com/admin/acls/file")
             .dim(`    "tagOwners": { "${opts.tag}": ["autogroup:admin"] }`)
             .blank();
-        return out.die(`Add ${opts.tag} to tagOwners Before Creating Router`);
+        return out.die(`Set Up ${opts.tag} in Tailscale, Then Try Again`);
     }
-    tagOwnerSpinner.success(`Tag ${opts.tag} Configured in tagOwners`);
+    tagOwnerSpinner.success(`${opts.tag} Found in Tailscale ACL`);
     if (opts.json) {
         const approverSpinner = out.spinner(`Checking autoApprovers for ${opts.tag}`);
         const hasApprover = isAutoApproverConfigured(policy, opts.tag);
         if (!hasApprover) {
-            approverSpinner.fail(`autoApprovers Not Configured for ${opts.tag}`);
+            approverSpinner.fail(`Auto-approve Not Configured for ${opts.tag}`);
             out.blank()
-                .text("  JSON mode skips interactive route approval.")
-                .text(`  Configure autoApprovers for ${opts.tag} so routes are approved on deploy.`)
+                .text("  In JSON mode, ambit can't interactively approve subnet routes.")
+                .text(`  Add an autoApprovers rule so Tailscale automatically trusts`)
+                .text(`  routes advertised by ${opts.tag}:`)
                 .blank()
-                .dim("  Add to your ACL at: https://login.tailscale.com/admin/acls/file")
+                .dim("  https://login.tailscale.com/admin/acls/file")
                 .blank()
                 .dim(`    "autoApprovers": { "routes": { "${FLY_PRIVATE_SUBNET}": ["${opts.tag}"] } }`)
                 .blank();
-            return out.die(`Configure autoApprovers for ${opts.tag} Before Using --json`);
+            return out.die(`Add autoApprovers for ${opts.tag} to Use --json`);
         }
-        approverSpinner.success(`autoApprovers Configured for ${opts.tag}`);
+        approverSpinner.success(`Auto-approve Configured for ${opts.tag}`);
     }
     out.blank();
     return tailscale;
@@ -157,52 +161,52 @@ const stageSummary = async (out, fly, tailscale, ctx, opts) => {
         .header("  Router Created!")
         .header("=".repeat(50))
         .blank()
-        .text(`Any Flycast App on the "${opts.network}" Network Is Reachable as:`)
-        .text(`  <app-name>.${opts.network}`)
-        .blank();
-    if (ctx.subnet) {
-        const machines = await fly.machines.list(ctx.appName);
-        const routerMachine = machines.find((m) => m.private_ip);
-        if (routerMachine?.private_ip) {
-            out.text("SOCKS5 Proxy Available at:")
-                .text(`  socks5://[${routerMachine.private_ip}]:${SOCKS_PROXY_PORT}`)
-                .dim("Containers on This Network Can Use It to Reach Your Tailnet.")
-                .blank();
-        }
-    }
-    out.dim("Deploy an App to This Network:")
-        .dim(`  ambit deploy my-app --network ${opts.network}`)
+        .text(`The "${opts.network}" Network Is Ready.`)
         .blank()
-        .dim("Invite People to Your Tailnet:")
-        .dim("  https://login.tailscale.com/admin/users")
-        .dim("Control Their Access:")
-        .dim("  https://login.tailscale.com/admin/acls/visual/general-access-rules")
+        .text(`You Can Deploy Apps to It With:`)
+        .text(`  npx @cardelli/ambit deploy <app-name>.${opts.network}`)
+        .blank();
+    out.dim("Invite People to Your Tailnet:")
+        .link("  https://login.tailscale.com/admin/users")
         .blank();
-    if (ctx.subnet && !hasAutoApprover) {
-        out.header("Recommended: Configure autoApprovers")
-            .blank()
-            .dim("  Add to Your Tailnet Policy File at:")
-            .dim("  https://login.tailscale.com/admin/acls/file")
-            .blank()
-            .text(`  "autoApprovers": { "routes": { "${ctx.subnet}": ["${opts.tag}"] } }`)
-            .blank()
-            .dim("  Routes Were Approved via API for This Session.")
-            .dim("  autoApprovers Will Auto-Approve on Future Restarts.")
-            .blank();
-    }
     if (ctx.subnet) {
-        out.header("Recommended ACL Rules:")
+        out.header("Next: Allow Traffic Through the Router")
+            .blank()
+            .text("  You must configure Tailscale so that traffic can flow from your")
+            .text(`  devices through the router and into the "${opts.network}" network.`);
+        if (!hasAutoApprover) {
+            out.blank()
+                .text("  1. Automatically Allow Traffic Through the Router:")
+                .dim("     Tailscale needs to trust the router's network connections.")
+                .blank()
+                .dim("     You can do this from the Tailscale dashboard:")
+                .link("     https://login.tailscale.com/admin/acls/visual/auto-approvers")
+                .dim(`     Route: ${ctx.subnet}  Owner: ${opts.tag}`)
+                .blank()
+                .dim("     Or you can do it manually with this JSON config:")
+                .link("     https://login.tailscale.com/admin/acls/file")
+                .dim(`     "autoApprovers": { "routes": { "${ctx.subnet}": ["${opts.tag}"] } }`);
+            if (opts.shouldApprove) {
+                out.blank().dim("     Traffic Was Allowed via API for This Session.");
+            }
+        }
+        out.blank()
+            .text(`  ${hasAutoApprover ? "1" : "2"}. Control Who Can Reach Apps on This Network:`)
+            .dim("     This lets you restrict which users or devices can access your apps.")
             .blank()
-            .dim("  To Restrict Access, Add ACL Rules to Your Policy File:")
-            .dim("  https://login.tailscale.com/admin/acls/file")
+            .dim("     You can do this from the Tailscale dashboard:")
+            .link("     https://login.tailscale.com/admin/acls/visual/general-access-rules")
+            .dim(`     Source: group:YOUR_GROUP  Destination: ${opts.tag}:*`)
             .blank()
-            .dim(`    {"action": "accept", "src": ["group:YOUR_GROUP"], "dst": ["${opts.tag}:53"]}`)
-            .dim(`    {"action": "accept", "src": ["group:YOUR_GROUP"], "dst": ["${ctx.subnet}:*"]}`)
+            .dim("     Or you can do it manually with this JSON config:")
+            .link("     https://login.tailscale.com/admin/acls/file")
+            .dim(`     {"action": "accept", "src": ["group:YOUR_GROUP"], "dst": ["${opts.tag}:53"]}`)
+            .dim(`     {"action": "accept", "src": ["group:YOUR_GROUP"], "dst": ["${ctx.subnet}:*"]}`)
             .blank();
     }
     if (!opts.shouldApprove) {
         out.dim("Route Approval Was Skipped. To Complete Setup:")
-            .dim(`  ambit doctor --network ${opts.network}`)
+            .dim(`  ambit doctor network ${opts.network}`)
             .blank();
     }
     out.print();

package/esm/deno.js

@@ -1,6 +1,6 @@
 export default {
     "name": "@cardelli/ambit",
-    "version": "0.2.0",
+    "version": "0.2.2",
     "description": "Deploy apps to the cloud that only you and your AI agents can reach",
     "license": "MIT",
     "tasks": {

package/esm/lib/output.d.ts

@@ -19,6 +19,7 @@ export declare class Output<T extends Record<string, unknown>> {
     warn(text: string): this;
     text(text: string): this;
     dim(text: string): this;
+    link(text: string): this;
     header(text: string): this;
     blank(): this;
     spinner(message: string): {

package/esm/lib/output.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"output.d.ts","sourceRoot":"","sources":["../../src/lib/output.ts"],"names":[],"mappings":"AAkBA,MAAM,MAAM,aAAa,CAAC,CAAC,IAAI;IAAE,EAAE,EAAE,IAAI,CAAA;CAAE,GAAG,CAAC,CAAC;AAChD,MAAM,MAAM,WAAW,GAAG;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAMvD,qBAAa,MAAM,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACnD,OAAO,CAAC,MAAM,CAGE;IAChB,OAAO,CAAC,QAAQ,CAAU;gBAEd,QAAQ,EAAE,OAAO;IAS7B,IAAI,CAAC,IAAI,EAAE,CAAC,GAAG,IAAI;IAMnB,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAKzD,KAAK,IAAI,IAAI;IAUb,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKxB,EAAE,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKtB,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKvB,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKxB,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKxB,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKxB,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKvB,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAK1B,KAAK,IAAI,IAAI;IAKb,OAAO,CACL,OAAO,EAAE,MAAM,GACd;QAAE,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,IAAI,IAAI,IAAI,CAAA;KAAE;IAiBlE,IAAI,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;IAgB9D,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,KAAK;IAS3B,MAAM,IAAI,OAAO;CAGlB;AAMD,wBAAgB,YAAY,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC5D,QAAQ,EAAE,OAAO,GAChB,MAAM,CAAC,CAAC,CAAC,CAEX"}
+{"version":3,"file":"output.d.ts","sourceRoot":"","sources":["../../src/lib/output.ts"],"names":[],"mappings":"AAmBA,MAAM,MAAM,aAAa,CAAC,CAAC,IAAI;IAAE,EAAE,EAAE,IAAI,CAAA;CAAE,GAAG,CAAC,CAAC;AAChD,MAAM,MAAM,WAAW,GAAG;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAMvD,qBAAa,MAAM,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACnD,OAAO,CAAC,MAAM,CAGE;IAChB,OAAO,CAAC,QAAQ,CAAU;gBAEd,QAAQ,EAAE,OAAO;IAS7B,IAAI,CAAC,IAAI,EAAE,CAAC,GAAG,IAAI;IAMnB,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAKzD,KAAK,IAAI,IAAI;IAUb,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKxB,EAAE,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKtB,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKvB,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKxB,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKxB,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKxB,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKvB,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKxB,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAK1B,KAAK,IAAI,IAAI;IAKb,OAAO,CACL,OAAO,EAAE,MAAM,GACd;QAAE,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,IAAI,IAAI,IAAI,CAAA;KAAE;IAiBlE,IAAI,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;IAgB9D,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,KAAK;IAS3B,MAAM,IAAI,OAAO;CAGlB;AAMD,wBAAgB,YAAY,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC5D,QAAQ,EAAE,OAAO,GAChB,MAAM,CAAC,CAAC,CAAC,CAEX"}

package/esm/lib/output.js

@@ -1,7 +1,7 @@
 // =============================================================================
 // Output - Unified Output Handling for CLI Commands
 // =============================================================================
-import { bold, dim, Spinner, statusErr, statusInfo, statusOk, statusWarn, } from "./cli.js";
+import { blue, bold, dim, Spinner, statusErr, statusInfo, statusOk, statusWarn, } from "./cli.js";
 // =============================================================================
 // Output Class
 // =============================================================================
@@ -67,6 +67,11 @@ export class Output {
             console.log(dim(text));
         return this;
     }
+    link(text) {
+        if (!this.jsonMode)
+            console.log(blue(text));
+        return this;
+    }
     header(text) {
         if (!this.jsonMode)
             console.log(bold(text));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cardelli/ambit",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "description": "Deploy apps to the cloud that only you and your AI agents can reach",
   "license": "MIT",
   "scripts": {},