@eightstate/escli 0.8.0 → 0.9.0

package/dist/commands/mcp/register.js

@@ -4,8 +4,7 @@ import { ErrorCode } from '@eightstate/contracts/errors';
 import { BaseCommand } from '../../base-command.js';
 import { writeStderr } from '../../io/io.js';
 import { resolveCliToken } from '../../services/credentials.js';
-import { authRequired, DEFAULT_MCP_DOMAIN, maskSecret, usageError } from '../../services/mcp/common.js';
-import { CloudflareClient } from '../../services/mcp/cloudflare.js';
+import { authRequired, maskSecret, usageError } from '../../services/mcp/common.js';
 import { validateRootDirectory, writeMachineConfig } from '../../services/mcp/config.js';
 import { McpGateClient } from '../../services/mcp/gate-client.js';
 export const McpRegisterDataSchema = z.object({
@@ -24,7 +23,7 @@ export const McpRegisterDataSchema = z.object({
 export default class McpRegister extends BaseCommand {
     static errors = [ErrorCode.AuthRequired, ErrorCode.UsageInvalid, ErrorCode.ConfigInvalid, ErrorCode.ApiError, ErrorCode.GateUnavailable, ErrorCode.GateInvalidResponse, ErrorCode.NetworkError];
     static summary = 'Register a local directory as an MCP machine';
-    static examples = ['<%= config.bin %> mcp register --root . --label "repo"', '<%= config.bin %> mcp register --root . --slug my-repo'];
+    static examples = ['<%= config.bin %> mcp register --root .', '<%= config.bin %> mcp register --root . --slug my-repo --label "My Repo"'];
     static enableJsonFlag = true;
     static strict = true;
     static flags = {
@@ -32,9 +31,6 @@ export default class McpRegister extends BaseCommand {
         slug: Flags.string({ description: 'Machine slug. Defaults from --label, root basename, or hostname.' }),
         port: Flags.integer({ description: 'Local MCP origin port.', default: 9315 }),
         label: Flags.string({ description: 'Human label for this machine.' }),
-        'cf-account-id': Flags.string({ description: 'Cloudflare account ID. Defaults to CLOUDFLARE_ACCOUNT_ID.' }),
-        'cf-zone-id': Flags.string({ description: 'Cloudflare zone ID. Defaults to CLOUDFLARE_ZONE_ID.' }),
-        'cf-api-token': Flags.string({ description: 'Cloudflare API token. Defaults to CLOUDFLARE_API_TOKEN; never persisted.' }),
     };
     async execute() {
         const flags = await this.parseFlags(McpRegister);
@@ -45,41 +41,25 @@ export default class McpRegister extends BaseCommand {
         if (port < 1 || port > 65535)
             throw usageError('--port must be between 1 and 65535');
         const slug = normalizeSlug(flags.slug ?? flags.label ?? root.split('/').filter(Boolean).pop() ?? 'machine');
-        const hostname = `mcp-${slug}.${DEFAULT_MCP_DOMAIN}`;
-        const cf = new CloudflareClient({ accountId: flags['cf-account-id'], zoneId: flags['cf-zone-id'], apiToken: flags['cf-api-token'] });
-        let tunnelId;
-        let dnsRecordId;
-        try {
-            const tunnel = await cf.createTunnel(slug);
-            tunnelId = tunnel.id;
-            await cf.configureIngress(tunnel.id, hostname, port);
-            const dns = await cf.createDnsRecord(hostname, tunnel.id);
-            dnsRecordId = dns.id;
-            const gate = await new McpGateClient().createMachine({ slug, hostname, tunnel_id: tunnel.id, port, label: flags.label });
-            const config = {
-                slug,
-                label: flags.label,
-                root_default: root,
-                hostname: gate.hostname,
-                resource: gate.resource,
-                tunnel_id: tunnel.id,
-                tunnel_token: tunnel.token,
-                dns_record_id: dns.id,
-                port,
-                machine_id: gate.machine_id,
-                machine_secret: gate.machine_secret,
-                created_at: new Date().toISOString(),
-            };
-            const configPath = await writeMachineConfig(config);
-            if (!flags.quiet && !flags.json)
-                await writeStderr(`connector URL: ${gate.resource}/mcp\nconfig: ${configPath}\ntunnel: ${maskSecret(tunnel.id)}\n`);
-            return { slug, label: flags.label, root_default: root, hostname: gate.hostname, resource: gate.resource, port, machine_id: gate.machine_id, tunnel_id: tunnel.id, dns_record_id: dns.id, config_path: configPath, connector_url: `${gate.resource}/mcp` };
-        }
-        catch (error) {
-            const cleanup = [`Cloudflare tunnel id: ${tunnelId ?? '(not created)'}`, `Cloudflare DNS record id: ${dnsRecordId ?? '(not created)'}`].join('\n');
-            await writeStderr(`MCP register failed. Cleanup references:\n${cleanup}\n`);
-            throw error;
-        }
+        const gate = await new McpGateClient().createMachine({ slug, port, label: flags.label });
+        const config = {
+            slug,
+            label: flags.label,
+            root_default: root,
+            hostname: gate.hostname,
+            resource: gate.resource,
+            tunnel_id: gate.tunnel_id,
+            tunnel_token: gate.tunnel_token,
+            dns_record_id: gate.dns_record_id,
+            port,
+            machine_id: gate.machine_id,
+            machine_secret: gate.machine_secret,
+            created_at: new Date().toISOString(),
+        };
+        const configPath = await writeMachineConfig(config);
+        if (!flags.quiet && !flags.json)
+            await writeStderr(`registered: ${gate.hostname}\nconnector URL: ${gate.resource}/mcp\nconfig: ${configPath}\ntunnel: ${maskSecret(gate.tunnel_id)}\n`);
+        return { slug, label: flags.label, root_default: root, hostname: gate.hostname, resource: gate.resource, port, machine_id: gate.machine_id, tunnel_id: gate.tunnel_id, dns_record_id: gate.dns_record_id, config_path: configPath, connector_url: `${gate.resource}/mcp` };
     }
 }
 function normalizeSlug(value) {

package/dist/commands/mcp/revoke.js

@@ -2,35 +2,30 @@ import { Flags } from '@oclif/core';
 import { z } from 'zod';
 import { ErrorCode } from '@eightstate/contracts/errors';
 import { BaseCommand } from '../../base-command.js';
-import { CloudflareClient } from '../../services/mcp/cloudflare.js';
 import { deleteMachineConfig, resolveMachineConfig } from '../../services/mcp/config.js';
 import { McpGateClient } from '../../services/mcp/gate-client.js';
 export const McpRevokeDataSchema = z.object({ slug: z.string(), gate_revoked: z.boolean(), cloudflare_deleted: z.boolean(), local_config_deleted: z.boolean() });
 export default class McpRevoke extends BaseCommand {
     static errors = [ErrorCode.ConfigInvalid, ErrorCode.AuthRequired, ErrorCode.GateUnavailable, ErrorCode.ApiError];
-    static summary = 'Revoke an MCP machine and optionally delete Cloudflare resources';
-    static examples = ['<%= config.bin %> mcp revoke --slug my-repo', '<%= config.bin %> mcp revoke --slug my-repo --cloudflare --yes'];
+    static summary = 'Revoke an MCP machine and delete its Cloudflare tunnel';
+    static examples = ['<%= config.bin %> mcp revoke --slug my-repo', '<%= config.bin %> mcp revoke --slug my-repo --yes'];
     static enableJsonFlag = true;
     static strict = true;
     static flags = {
         slug: Flags.string({ description: 'Machine slug. Optional only when one config exists.' }),
         cloudflare: Flags.boolean({ description: 'Also delete Cloudflare DNS record and tunnel.', default: false }),
         yes: Flags.boolean({ char: 'y', description: 'Skip confirmation for --cloudflare.', default: false }),
-        'cf-account-id': Flags.string({ description: 'Cloudflare account ID. Defaults to CLOUDFLARE_ACCOUNT_ID.' }),
-        'cf-zone-id': Flags.string({ description: 'Cloudflare zone ID. Defaults to CLOUDFLARE_ZONE_ID.' }),
-        'cf-api-token': Flags.string({ description: 'Cloudflare API token. Defaults to CLOUDFLARE_API_TOKEN; never persisted.' }),
     };
     async execute() {
         const flags = await this.parseFlags(McpRevoke);
         const config = await resolveMachineConfig(flags.slug);
-        await new McpGateClient().revokeMachine(config.slug);
+        const gate = new McpGateClient();
+        await gate.revokeMachine(config.slug);
         let cloudflareDeleted = false;
         if (flags.cloudflare) {
             if (!flags.yes)
-                throw new Error('refusing to delete Cloudflare resources without --yes');
-            const cf = new CloudflareClient({ accountId: flags['cf-account-id'], zoneId: flags['cf-zone-id'], apiToken: flags['cf-api-token'] });
-            await cf.deleteDnsRecord(config.dns_record_id);
-            await cf.deleteTunnel(config.tunnel_id);
+                throw new Error('refusing to delete Cloudflare resources without --yes; Gate will deprovision the tunnel and DNS');
+            await gate.deprovisionMachine(config.slug);
             cloudflareDeleted = true;
         }
         const localConfigDeleted = await deleteMachineConfig(config.slug);

package/dist/services/mcp/cloudflare.js

@@ -3,6 +3,8 @@ import { ExitCodes } from '@eightstate/contracts/exit-codes';
 import { EscliError } from '../../lib/escli-error.js';
 import { parseJsonResponse, recordValue, stringValue, usageError } from './common.js';
 const CF_API_BASE = 'https://api.cloudflare.com/client/v4';
+const EIGHTSTATE_ACCOUNT_ID = '3db5cf3eac3990b5604382b809bb46c6';
+const EIGHTSTATE_ZONE_ID = 'db5d43c916a7db789e1692d1ffdcf12a';
 export class CloudflareClient {
     credentials;
     constructor(input) {
@@ -73,16 +75,11 @@ export class CloudflareClient {
     }
 }
 export function resolveCloudflareCredentials(input) {
-    const accountId = input.accountId ?? process.env.CLOUDFLARE_ACCOUNT_ID;
-    const zoneId = input.zoneId ?? process.env.CLOUDFLARE_ZONE_ID;
+    const accountId = input.accountId ?? process.env.CLOUDFLARE_ACCOUNT_ID ?? EIGHTSTATE_ACCOUNT_ID;
+    const zoneId = input.zoneId ?? process.env.CLOUDFLARE_ZONE_ID ?? EIGHTSTATE_ZONE_ID;
     const apiToken = input.apiToken ?? process.env.CLOUDFLARE_API_TOKEN;
-    const missing = [
-        accountId ? undefined : 'CLOUDFLARE_ACCOUNT_ID',
-        zoneId ? undefined : 'CLOUDFLARE_ZONE_ID',
-        apiToken ? undefined : 'CLOUDFLARE_API_TOKEN',
-    ].filter(Boolean);
-    if (!accountId || !zoneId || !apiToken)
-        throw usageError(`missing Cloudflare credentials: ${missing.join(', ')}`);
+    if (!apiToken)
+        throw usageError('missing CLOUDFLARE_API_TOKEN — set it as an env var or pass --cf-api-token');
     return { accountId, zoneId, apiToken };
 }
 function cfInvalid(message, details) {

package/dist/services/mcp/gate-client.js

@@ -9,6 +9,9 @@ const McpMachineCreateResponseSchema = z.object({
     machine_secret: z.string(),
     hostname: z.string(),
     resource: z.string(),
+    tunnel_id: z.string(),
+    tunnel_token: z.string(),
+    dns_record_id: z.string(),
 });
 const McpMachineStatusResponseSchema = z.object({
     machine_id: z.number(),
@@ -42,6 +45,9 @@ export class McpGateClient {
         const parsed = McpMachineStatusResponseSchema.safeParse(data);
         return parsed.success ? parsed.data : data;
     }
+    async deprovisionMachine(slug) {
+        await this.request(`/api/mcp/machines/${encodeURIComponent(slug)}/deprovision`, { method: 'POST', userAuth: true });
+    }
     async introspectToken(machineSecret, token, resource) {
         const data = await this.request('/api/mcp/introspect', {
             method: 'POST',

package/oclif.manifest.json

@@ -3482,8 +3482,8 @@
       "aliases": [],
       "args": {},
       "examples": [
-        "<%= config.bin %> mcp register --root . --label \"repo\"",
-        "<%= config.bin %> mcp register --root . --slug my-repo"
+        "<%= config.bin %> mcp register --root .",
+        "<%= config.bin %> mcp register --root . --slug my-repo --label \"My Repo\""
       ],
       "flags": {
         "json": {
@@ -3575,27 +3575,6 @@
           "hasDynamicHelp": false,
           "multiple": false,
           "type": "option"
-        },
-        "cf-account-id": {
-          "description": "Cloudflare account ID. Defaults to CLOUDFLARE_ACCOUNT_ID.",
-          "name": "cf-account-id",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "cf-zone-id": {
-          "description": "Cloudflare zone ID. Defaults to CLOUDFLARE_ZONE_ID.",
-          "name": "cf-zone-id",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "cf-api-token": {
-          "description": "Cloudflare API token. Defaults to CLOUDFLARE_API_TOKEN; never persisted.",
-          "name": "cf-api-token",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
         }
       },
       "hasDynamicHelp": false,
@@ -3630,7 +3609,7 @@
       "args": {},
       "examples": [
         "<%= config.bin %> mcp revoke --slug my-repo",
-        "<%= config.bin %> mcp revoke --slug my-repo --cloudflare --yes"
+        "<%= config.bin %> mcp revoke --slug my-repo --yes"
       ],
       "flags": {
         "json": {
@@ -3712,27 +3691,6 @@
           "name": "yes",
           "allowNo": false,
           "type": "boolean"
-        },
-        "cf-account-id": {
-          "description": "Cloudflare account ID. Defaults to CLOUDFLARE_ACCOUNT_ID.",
-          "name": "cf-account-id",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "cf-zone-id": {
-          "description": "Cloudflare zone ID. Defaults to CLOUDFLARE_ZONE_ID.",
-          "name": "cf-zone-id",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "cf-api-token": {
-          "description": "Cloudflare API token. Defaults to CLOUDFLARE_API_TOKEN; never persisted.",
-          "name": "cf-api-token",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
         }
       },
       "hasDynamicHelp": false,
@@ -3742,7 +3700,7 @@
       "pluginName": "@eightstate/escli",
       "pluginType": "core",
       "strict": true,
-      "summary": "Revoke an MCP machine and optionally delete Cloudflare resources",
+      "summary": "Revoke an MCP machine and delete its Cloudflare tunnel",
       "enableJsonFlag": true,
       "emitsJsonEnvelope": false,
       "errors": [
@@ -8062,5 +8020,5 @@
       ]
     }
   },
-  "version": "0.8.0"
+  "version": "0.9.0"
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@eightstate/escli",
-  "version": "0.8.0",
+  "version": "0.9.0",
   "private": false,
   "type": "module",
   "repository": {
@@ -24,7 +24,7 @@
     "@oclif/core": "4.11.3",
     "chalk": "5.6.2",
     "zod": "4.4.3",
-    "@eightstate/contracts": "0.8.0"
+    "@eightstate/contracts": "0.9.0"
   },
   "devDependencies": {
     "@eslint/js": "9.39.1",