npm - @flui-cloud/cli - Versions diffs - 0.0.1 → 0.1.0 - Mend

@flui-cloud/cli 0.0.1 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (106) hide show

package/lib/cli/src/commands/env/create.js CHANGED Viewed

@@ -3,12 +3,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+const node_crypto_1 = require("node:crypto");
 const core_1 = require("@oclif/core");
 const chalk_1 = __importDefault(require("chalk"));
 const ora_1 = __importDefault(require("ora"));
 const nest_app_1 = require("../../lib/nest-app");
 const nip_base_domain_util_1 = require("../../lib/nip-base-domain.util");
-const cli_observability_cluster_service_1 = require("../../services/cli-observability-cluster.service");
+const cli_control_cluster_service_1 = require("../../services/cli-control-cluster.service");
 const cli_ssh_service_1 = require("../../services/cli-ssh.service");
 const cloud_provider_enum_1 = require("../../../../src/modules/providers/enums/cloud-provider.enum");
 const cluster_entity_1 = require("../../../../src/modules/infrastructure/clusters/entities/cluster.entity");
@@ -28,9 +29,36 @@ const prompts_1 = require("../../lib/prompts");
 const preferences_resolver_1 = require("../../config/preferences-resolver");
 const preferences_schema_1 = require("../../config/preferences-schema");
 class EnvCreate extends core_1.Command {
+    /** The sole provider with configured credentials, or undefined if none/both. */
+    detectConfiguredProvider(configStorage) {
+        const configured = ['hetzner', 'scaleway'].filter((p) => (0, provider_credential_schemas_1.isCompoundProvider)(p)
+            ? configStorage.hasCredentials(p)
+            : configStorage.hasToken(p));
+        return configured.length === 1 ? configured[0] : undefined;
+    }
     async run() {
         const { flags } = await this.parse(EnvCreate);
-        const providerKey = flags.provider;
+        if (flags['auth-mode'] !== 'oidc') {
+            this.error(`Authentication mode '${flags['auth-mode']}' is not supported. Only 'oidc' is available.`, { exit: 1 });
+        }
+        const configStorage = new config_storage_1.ConfigStorage();
+        const hasCreds = (p) => (0, provider_credential_schemas_1.isCompoundProvider)(p)
+            ? configStorage.hasCredentials(p)
+            : configStorage.hasToken(p);
+        // Resolve the target provider BEFORE deriving provider-specific defaults.
+        // Precedence: explicit --provider > the profile's single configured
+        // provider > the setup wizard's choice. (Previously hard-defaulted to
+        // hetzner, so a Scaleway-only profile still tried — and failed — to build
+        // on Hetzner.)
+        let providerKey = flags.provider ?? this.detectConfiguredProvider(configStorage);
+        if (!providerKey || !hasCreds(providerKey)) {
+            const configured = await (0, prompts_1.runProviderSetupWizard)(providerKey);
+            if (!configured) {
+                console.log(chalk_1.default.dim(`   To configure manually: flui config set ${providerKey ?? '<provider>'}\n`));
+                this.exit(1);
+            }
+            providerKey = configured;
+        }
         const cloudProvider = providerKey === 'scaleway'
             ? cloud_provider_enum_1.CloudProvider.SCALEWAY
             : cloud_provider_enum_1.CloudProvider.HETZNER;
@@ -40,9 +68,6 @@ class EnvCreate extends core_1.Command {
         if (!allowedRegions.includes(region)) {
             this.error(`Region '${region}' is not supported for provider '${providerKey}'. Allowed: ${allowedRegions.join(', ')}`, { exit: 1 });
         }
-        if (flags['auth-mode'] !== 'oidc') {
-            this.error(`Authentication mode '${flags['auth-mode']}' is not supported. Only 'oidc' is available.`, { exit: 1 });
-        }
         (0, context_banner_1.printContextBanner)({
             cluster: { provider: providerKey, region },
         });
@@ -55,9 +80,8 @@ class EnvCreate extends core_1.Command {
             app = await (0, nest_app_1.getNestApp)();
             spinner.succeed('Initialized');
             spinner = (0, ora_1.default)('Loading services...').start();
-            const configStorage = new config_storage_1.ConfigStorage();
             const apiUrl = configStorage.getApiUrl();
-            const observabilityService = app.get(cli_observability_cluster_service_1.CliObservabilityClusterService);
+            const controlService = app.get(cli_control_cluster_service_1.CliControlClusterService);
             const apiClient = new api_client_1.ApiClient({
                 baseUrl: apiUrl,
                 apiKey: configStorage.getApiKey(),
@@ -65,20 +89,6 @@ class EnvCreate extends core_1.Command {
             const cacheService = new server_type_cache_service_1.ServerTypeCacheService();
             const validatorService = new server_type_validator_service_1.ServerTypeValidatorService();
             spinner.succeed('Services loaded');
-            // 2. Early credential check — must happen before any provider call
-            const hasProviderCreds = (0, provider_credential_schemas_1.isCompoundProvider)(providerKey)
-                ? configStorage.hasCredentials(providerKey)
-                : configStorage.hasToken(providerKey);
-            if (!hasProviderCreds) {
-                spinner.stop();
-                const configured = await (0, prompts_1.runProviderSetupWizard)();
-                if (!configured) {
-                    console.log(chalk_1.default.dim(`   To configure manually: flui config set ${providerKey}\n`));
-                    this.exit(1);
-                }
-                spinner = (0, ora_1.default)('Resuming...').start();
-                spinner.succeed('Provider configured');
-            }
             // 3. Resolve admin email (prompt if not set, then persist)
             const emailResolver = new preferences_resolver_1.PreferencesResolver(configStorage);
             const emailResult = emailResolver.resolve('email');
@@ -102,6 +112,7 @@ class EnvCreate extends core_1.Command {
             // server-side, so the LE 5-certs-per-7-days rate limit never trips on
             // repeated test creations.
             const acmeStaging = flags['acme-staging'];
+            const useLatest = flags.latest;
             spinner.stop();
             if (acmeStaging) {
                 console.log(chalk_1.default.yellow(`\n⚠ ACME endpoint: Let's Encrypt STAGING — cert will not be browser-trusted (warning expected).\n`));
@@ -231,17 +242,17 @@ class EnvCreate extends core_1.Command {
                 spinner.succeed('Server type validation skipped (no data available)');
             }
             // Display cluster configuration
-            console.log(chalk_1.default.cyan('\n🚀 Creating Flui Observability Cluster (K3s)\n'));
+            console.log(chalk_1.default.cyan('\n🚀 Creating Flui Control Cluster (K3s)\n'));
             console.log(chalk_1.default.dim(`   Provider: ${providerKey}`));
             console.log(chalk_1.default.dim(`   Node Size: ${validatedNodeSize}`));
             console.log(chalk_1.default.dim(`   Region: ${validatedRegion}`));
             console.log(chalk_1.default.dim(`   Worker Nodes: ${flags['node-count']}\n`));
-            // 3. Check if observability cluster already exists
+            // 3. Check if control cluster already exists
             spinner = (0, ora_1.default)('Checking for existing cluster...').start();
-            const existingCluster = await observabilityService.getObservabilityCluster();
+            const existingCluster = await controlService.getControlCluster();
             if (existingCluster && existingCluster.status !== cluster_entity_1.ClusterStatus.DELETED) {
-                spinner.fail('Observability cluster already exists!');
-                console.log(chalk_1.default.yellow('\n⚠️  An observability cluster is already running:\n'));
+                spinner.fail('Control cluster already exists!');
+                console.log(chalk_1.default.yellow('\n⚠️  An control cluster is already running:\n'));
                 console.log(`   ${chalk_1.default.bold('Name:')}     ${existingCluster.name}`);
                 console.log(`   ${chalk_1.default.bold('ID:')}       ${existingCluster.id}`);
                 console.log(`   ${chalk_1.default.bold('Status:')}   ${existingCluster.status}`);
@@ -263,7 +274,7 @@ class EnvCreate extends core_1.Command {
                 const vnetService = app.get(vnet_provisioning_service_1.VnetProvisioningService);
                 envVnetInfo = await vnetService.ensureEnvVnet({
                     provider: cloudProvider,
-                    name: 'flui-env-vnet',
+                    name: `flui-env-${(0, node_crypto_1.randomBytes)(3).toString('hex')}`,
                     ipRange: '10.10.0.0/16',
                     subnetIpRange: '10.10.1.0/24',
                     networkZone: cloudProvider === cloud_provider_enum_1.CloudProvider.HETZNER
@@ -277,7 +288,7 @@ class EnvCreate extends core_1.Command {
             }
             catch (error) {
                 spinner.fail(`VNet provisioning failed: ${error.message}`);
-                console.log(chalk_1.default.red('\n   Cannot proceed without an environment VNet. The observability cluster and all workload clusters must share a private network.'));
+                console.log(chalk_1.default.red('\n   Cannot proceed without an environment VNet. The control cluster and all workload clusters must share a private network.'));
                 this.exit(1);
             }
             // 4. Create firewall BEFORE cluster (if enabled)
@@ -296,15 +307,18 @@ class EnvCreate extends core_1.Command {
                         const publicIp = await ipService.getPublicIp();
                         sourceCidrs = [ipService.toCidr(publicIp)];
                     }
-                    const rules = (0, firewall_rules_1.OBSERVABILITY_FIREWALL_RULES)(sourceCidrs);
-                    const temporaryFirewallName = `flui-observability-firewall-${Date.now()}`;
+                    const rules = (0, firewall_rules_1.CONTROL_FIREWALL_RULES)(sourceCidrs);
+                    // Unique temporary name to avoid colliding with orphaned firewalls
+                    // from previous runs; renamed to flui-control-firewall-<clusterId>
+                    // (by firewallId) once the cluster is ready.
+                    const temporaryFirewallName = `flui-control-firewall-${(0, node_crypto_1.randomBytes)(4).toString('hex')}`;
                     // Create firewall with temporary name (will be renamed when cluster is ready)
                     const result = await firewallService.createFirewall({
                         name: temporaryFirewallName,
                         labels: [
                             { key: 'managed-by', value: 'flui-cloud' },
                             { key: 'flui-resource-type', value: 'firewall' },
-                            { key: 'flui-cluster-type', value: 'observability' },
+                            { key: 'flui-cluster-type', value: 'control' },
                         ],
                         rules,
                         // Label selector will be applied later when cluster servers exist
@@ -326,10 +340,10 @@ class EnvCreate extends core_1.Command {
                     spinner.succeed(`Firewall created (Source: ${sourceCidrs.join(', ')})`);
                 }
                 catch (error) {
-                    spinner.warn(`Firewall creation failed: ${error.message}`);
-                    console.log(chalk_1.default.yellow('   Continuing without firewall. You can configure it manually later.'));
-                    firewallId = undefined;
-                    sourceCidrs = undefined;
+                    spinner.fail(`Firewall creation failed: ${error.message}`);
+                    console.log(chalk_1.default.red('\n   Aborting: the control cluster must not be provisioned without a firewall.'));
+                    console.log(chalk_1.default.dim('   Resolve the cause (e.g. remove a leftover/orphaned firewall on the provider) and retry,\n   or pass --no-configure-firewall to explicitly opt out of firewall protection.'));
+                    this.exit(1);
                 }
             }
             // 5. Create K3s cluster
@@ -337,7 +351,7 @@ class EnvCreate extends core_1.Command {
             console.log(chalk_1.default.dim(flags['node-count'] > 0
                 ? '   This will create master node + worker nodes'
                 : '   This will create master node only'));
-            const clusterId = await observabilityService.createObservabilityCluster(cloudProvider, validatedRegion, validatedNodeSize, flags['node-count'], firewallId, sourceCidrs, flags['auth-mode'], envVnetInfo
+            const clusterId = await controlService.createControlCluster(cloudProvider, validatedRegion, validatedNodeSize, flags['node-count'], firewallId, sourceCidrs, flags['auth-mode'], envVnetInfo
                 ? {
                     vnetProviderResourceId: envVnetInfo.vnetProviderResourceId,
                     vnetIpRange: envVnetInfo.vnetIpRange,
@@ -349,6 +363,7 @@ class EnvCreate extends core_1.Command {
                 : undefined, adminEmail, acmeStaging, flags['disk-size'], {
                 sharedStorageEnabled: !flags['no-shared-storage'],
                 sharedStorageVolumeSizeGb: flags['shared-storage-size'],
+                useLatest,
             });
             spinner.succeed('Cluster creation started!');
             if (firewallId && clusterId) {
@@ -369,7 +384,7 @@ class EnvCreate extends core_1.Command {
             }
             if (flags.detached) {
                 // DETACHED MODE: Exit immediately with monitoring instructions
-                console.log(chalk_1.default.green('\n✅ Observability Cluster Creation Started!\n'));
+                console.log(chalk_1.default.green('\n✅ Control Cluster Creation Started!\n'));
                 console.log(chalk_1.default.cyan('📋 Cluster Details:\n'));
                 console.log(`   ${chalk_1.default.bold('Cluster ID:')}  ${clusterId}`);
                 console.log(`   ${chalk_1.default.bold('Provider:')}    ${cloudProvider}`);
@@ -391,7 +406,7 @@ class EnvCreate extends core_1.Command {
                 // WAIT MODE: Wait for cluster to be ready
                 spinner = (0, ora_1.default)('Waiting for cluster to be ready...').start();
                 try {
-                    await observabilityService.waitForClusterReady(clusterId, 600000);
+                    await controlService.waitForClusterReady(clusterId, 600000);
                     spinner.succeed('Cluster is ready!');
                 }
                 catch (error) {
@@ -399,7 +414,7 @@ class EnvCreate extends core_1.Command {
                     console.log(chalk_1.default.red(`\n❌ Error: ${error.message}\n`));
                     this.exit(1);
                 }
-                console.log(chalk_1.default.green('\n✅ Observability Cluster Created Successfully!\n'));
+                console.log(chalk_1.default.green('\n✅ Control Cluster Created Successfully!\n'));
                 console.log(chalk_1.default.cyan('📋 Cluster Details:\n'));
                 console.log(`   ${chalk_1.default.bold('Cluster ID:')}  ${clusterId}`);
                 console.log(`   ${chalk_1.default.bold('Provider:')}    ${cloudProvider}`);
@@ -428,7 +443,7 @@ class EnvCreate extends core_1.Command {
                 // This ensures reconciliation runs even if SSH setup fails
                 let shouldExit = false;
                 const onReconcile = async () => {
-                    const cluster = await observabilityService.getObservabilityCluster();
+                    const cluster = await controlService.getControlCluster();
                     const masterIp = cluster?.masterIpAddress;
                     const nipToken = cluster?.nipHostnameToken;
                     const baseDomain = (0, nip_base_domain_util_1.buildNipBaseDomain)(masterIp ?? '', nipToken);
@@ -440,13 +455,13 @@ class EnvCreate extends core_1.Command {
                         const interval = 15_000;
                         const deadline = Date.now() + maxWait;
                         while (Date.now() < deadline) {
-                            const valid = await observabilityService.waitForValidTls(certUrl, interval, interval, acmeStaging);
+                            const valid = await controlService.waitForValidTls(certUrl, interval, interval, acmeStaging);
                             if (valid)
                                 break;
                             elapsed += interval;
                             console.log(chalk_1.default.dim(`  Certificate pending... (${Math.round(elapsed / 1000)}s / ${maxWait / 1000}s)`));
                         }
-                        const tlsReady = await observabilityService.waitForValidTls(certUrl, 5_000, 5_000, acmeStaging);
+                        const tlsReady = await controlService.waitForValidTls(certUrl, 5_000, 5_000, acmeStaging);
                         if (tlsReady) {
                             console.log(chalk_1.default.green(acmeStaging
                                 ? "✅ TLS certificate valid (Let's Encrypt STAGING — not browser-trusted)"
@@ -477,12 +492,14 @@ class EnvCreate extends core_1.Command {
                                 }
                             }
                             console.log(chalk_1.default.dim(`\n→ Waiting for OIDC client provisioning...`));
-                            const oidcReady = await observabilityService.waitForOidcReady(apiBaseUrl, 300_000, 10_000, acmeStaging);
+                            const oidcReady = await controlService.waitForOidcReady(apiBaseUrl, 300_000, 10_000, acmeStaging);
                             if (oidcReady) {
                                 console.log(chalk_1.default.green('✅ OIDC login ready'));
                             }
                             else {
-                                console.log(chalk_1.default.yellow('⚠ OIDC not ready — run `flui env force-ready` to retry bootstrap'));
+                                console.log(chalk_1.default.yellow('⚠ OIDC login not ready — the dashboard sign-in will fail until this is resolved.'));
+                                console.log(chalk_1.default.dim('   Diagnose with `flui env status`, or `flui ssh master` + kubectl (check the zitadel and flui-web pods).\n' +
+                                    '   `flui env force-ready` does NOT retry bootstrap — it only overrides the local status, so use it only after the cause is fixed.'));
                             }
                         }
                     }
@@ -507,12 +524,12 @@ class EnvCreate extends core_1.Command {
                         '\n'));
                     shouldExit = true;
                 };
-                pollerHandle = observabilityService.pollOperationUntilReady(clusterId, onReconcile, onFailed);
+                pollerHandle = controlService.pollOperationUntilReady(clusterId, onReconcile, onFailed);
                 // Phase 1: Wait for server provisioning (master IP)
                 spinner = (0, ora_1.default)('Provisioning server...').start();
                 let masterIp;
                 try {
-                    masterIp = await observabilityService.waitForMasterIp(clusterId, 600000, 5000);
+                    masterIp = await controlService.waitForMasterIp(clusterId, 600000, 5000);
                     spinner.succeed(`Server provisioned (${masterIp})`);
                 }
                 catch (error) {
@@ -528,7 +545,7 @@ class EnvCreate extends core_1.Command {
                 // Phase 2: Wait for server boot (SSH port open)
                 spinner = (0, ora_1.default)('Server booting...').start();
                 try {
-                    await observabilityService.waitForPortReady(masterIp, 22, 600000, 5000);
+                    await controlService.waitForPortReady(masterIp, 22, 600000, 5000);
                     spinner.succeed('Server online');
                 }
                 catch (error) {
@@ -542,7 +559,7 @@ class EnvCreate extends core_1.Command {
                 // Phase 3: Wait for SSH authentication (CA enrollment via cloud-init)
                 spinner = (0, ora_1.default)('Waiting for SSH access (CA enrollment)...').start();
                 try {
-                    await observabilityService.waitForSshAuth(() => sshService.sshExec(masterIp, 'echo ok'), 600000, 10000);
+                    await controlService.waitForSshAuth(() => sshService.sshExec(masterIp, 'echo ok'), 600000, 10000);
                     spinner.succeed('SSH access ready');
                 }
                 catch (error) {
@@ -611,7 +628,7 @@ class EnvCreate extends core_1.Command {
             }
         }
         catch (error) {
-            spinner.fail('Failed to create observability cluster');
+            spinner.fail('Failed to create control cluster');
             if (firewallId) {
                 try {
                     spinner = (0, ora_1.default)('Cleaning up orphaned firewall...').start();
@@ -653,7 +670,7 @@ class EnvCreate extends core_1.Command {
         }
     }
 }
-EnvCreate.description = 'Create observability cluster infrastructure on K3s';
+EnvCreate.description = 'Create control cluster infrastructure on K3s';
 EnvCreate.examples = [
     '<%= config.bin %> <%= command.id %>',
     '<%= config.bin %> <%= command.id %> --node-size cx32',
@@ -664,8 +681,7 @@ EnvCreate.examples = [
 EnvCreate.flags = {
     provider: core_1.Flags.string({
         char: 'p',
-        description: 'Cloud provider for the observability cluster',
-        default: 'hetzner',
+        description: "Cloud provider for the control cluster (default: the profile's configured provider)",
         options: ['hetzner', 'scaleway'],
     }),
     'node-size': core_1.Flags.string({
@@ -696,6 +712,7 @@ EnvCreate.flags = {
     'configure-firewall': core_1.Flags.boolean({
         description: 'Automatically configure firewall after cluster creation',
         default: true,
+        allowNo: true,
     }),
     'firewall-ip': core_1.Flags.string({
         description: 'Source IP/CIDR for firewall (comma-separated, default: auto-detect)',
@@ -708,6 +725,10 @@ EnvCreate.flags = {
         description: "Use Let's Encrypt staging endpoint (untrusted cert, no rate limits) — useful while iterating to avoid burning prod quota",
         default: false,
     }),
+    latest: core_1.Flags.boolean({
+        description: 'Install mobile dev tags instead of the pinned release: bootstrap scripts from `master` and `:latest` Docker images. Default: every component is pinned to the CLI release version.',
+        default: false,
+    }),
     'no-shared-storage': core_1.Flags.boolean({
         description: 'Disable Flui shared storage (NFS+fscache). Default: shared storage enabled — master gets a Volume hosting the NFS export, workers mount it. Disable to fall back to local-path on each node bundled disk.',
         default: false,

package/lib/cli/src/commands/env/credentials.js CHANGED Viewed

@@ -45,7 +45,7 @@ const os = __importStar(require("node:os"));
 const nest_app_1 = require("../../lib/nest-app");
 const context_banner_1 = require("../../lib/context-banner");
 const nip_base_domain_util_1 = require("../../lib/nip-base-domain.util");
-const cli_observability_cluster_service_1 = require("../../services/cli-observability-cluster.service");
+const cli_control_cluster_service_1 = require("../../services/cli-control-cluster.service");
 const cli_ssh_service_1 = require("../../services/cli-ssh.service");
 const encryption_service_1 = require("../../../../src/modules/shared/encryption/services/encryption.service");
 const cluster_entity_1 = require("../../../../src/modules/infrastructure/clusters/entities/cluster.entity");
@@ -95,9 +95,9 @@ class EnvCredentials extends core_1.Command {
             return '';
         }
     }
-    async runHealthCheck(observabilityService, masterIp, nipHostnameToken) {
+    async runHealthCheck(controlService, masterIp, nipHostnameToken) {
         const s = (0, ora_1.default)('Testing connections...').start();
-        const result = await observabilityService.checkObservabilityServices(masterIp, nipHostnameToken);
+        const result = await controlService.checkObservabilityServices(masterIp, nipHostnameToken);
         s.succeed('Connection tests completed');
         return result;
     }
@@ -141,13 +141,13 @@ class EnvCredentials extends core_1.Command {
         let spinner = (0, ora_1.default)('Fetching credentials...').start();
         try {
             const app = await (0, nest_app_1.getNestApp)();
-            const observabilityService = app.get(cli_observability_cluster_service_1.CliObservabilityClusterService);
+            const controlService = app.get(cli_control_cluster_service_1.CliControlClusterService);
             const encryptionService = app.get(encryption_service_1.EncryptionService);
-            // Get observability cluster
-            const cluster = await observabilityService.getObservabilityCluster();
+            // Get control cluster
+            const cluster = await controlService.getControlCluster();
             if (!cluster) {
-                spinner.fail('No observability cluster found');
-                console.log(chalk_1.default.yellow('\n⚠️  No observability cluster exists.\n'));
+                spinner.fail('No control cluster found');
+                console.log(chalk_1.default.yellow('\n⚠️  No control cluster exists.\n'));
                 console.log(chalk_1.default.dim('Create one with:'));
                 console.log(`   ${chalk_1.default.cyan('flui env create')}\n`);
                 return;
@@ -159,7 +159,7 @@ class EnvCredentials extends core_1.Command {
             }
             spinner.succeed('Cluster found');
             // Get endpoints
-            const endpoints = await observabilityService.getObservabilityEndpoints(cluster.id);
+            const endpoints = await controlService.getObservabilityEndpoints(cluster.id);
             const masterIp = cluster.masterIpAddress;
             if (!masterIp) {
                 spinner.fail('Master IP address not available');
@@ -204,7 +204,7 @@ class EnvCredentials extends core_1.Command {
                 ? this.redact(zitadelAdminTempPassword, showSecrets)
                 : '';
             const healthStatus = flags.test
-                ? await this.runHealthCheck(observabilityService, masterIp, cluster.nipHostnameToken)
+                ? await this.runHealthCheck(controlService, masterIp, cluster.nipHostnameToken)
                 : null;
             const secretStatus = flags.verify
                 ? await this.runSecretVerify(app.get(cli_ssh_service_1.CliSshService), masterIp)
@@ -295,7 +295,7 @@ class EnvCredentials extends core_1.Command {
         }
     }
     displayTextOutput(masterIp, endpoints, passwords, admin, healthStatus, secretStatus, zitadel = null) {
-        console.log(chalk_1.default.cyan('\n📋 Observability Cluster Credentials'));
+        console.log(chalk_1.default.cyan('\n📋 Control Cluster Credentials'));
         console.log(chalk_1.default.cyan('━'.repeat(50)));
         // Endpoints section
         console.log(chalk_1.default.cyan('\n🌐 Endpoints:\n'));
@@ -404,7 +404,7 @@ class EnvCredentials extends core_1.Command {
         return `${chalk_1.default.red('❌ unreachable')}`;
     }
 }
-EnvCredentials.description = 'Display observability cluster connection information.\n' +
+EnvCredentials.description = 'Display control cluster connection information.\n' +
     'Secrets are hidden by default; pass --show-secrets to print them. To populate\n' +
     'a local .env.local for development use `flui dev creds` instead.';
 EnvCredentials.examples = [

package/lib/cli/src/commands/env/destroy.d.ts CHANGED Viewed

@@ -1,9 +1,10 @@
 import { Command } from '@oclif/core';
 export default class EnvDestroy extends Command {
-    static readonly description = "Permanently delete observability cluster (WARNING: All data will be lost!)";
+    static readonly description = "Permanently delete control cluster (WARNING: All data will be lost!)";
     static readonly examples: string[];
     static readonly flags: {
         force: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
     };
+    private cleanupClusterScopedConfig;
     run(): Promise<void>;
 }

package/lib/cli/src/commands/env/destroy.js CHANGED Viewed

@@ -8,11 +8,45 @@ const chalk_1 = __importDefault(require("chalk"));
 const ora_1 = __importDefault(require("ora"));
 const nest_app_1 = require("../../lib/nest-app");
 const context_banner_1 = require("../../lib/context-banner");
-const cli_observability_cluster_service_1 = require("../../services/cli-observability-cluster.service");
+const cli_control_cluster_service_1 = require("../../services/cli-control-cluster.service");
 const config_storage_1 = require("../../lib/config-storage");
 const prompts_1 = require("../../lib/prompts");
 const vnet_provisioning_service_1 = require("../../lib/services/vnet-provisioning.service");
 class EnvDestroy extends core_1.Command {
+    // Drop config tied to the deleted cluster: registration, API endpoint and key.
+    cleanupClusterScopedConfig() {
+        const spinner = (0, ora_1.default)('Cleaning up configuration...').start();
+        try {
+            const configStorage = new config_storage_1.ConfigStorage();
+            const config = configStorage['readConfig']();
+            let changed = false;
+            if (config.credentials?.['observability-cluster-registration']) {
+                delete config.credentials['observability-cluster-registration'];
+                changed = true;
+            }
+            if (config.apiUrl) {
+                delete config.apiUrl;
+                if (config.metadata)
+                    delete config.metadata.apiUrlUpdatedAt;
+                changed = true;
+            }
+            if (config.apiKey) {
+                delete config.apiKey;
+                changed = true;
+            }
+            if (changed) {
+                configStorage['writeConfig'](config);
+                spinner.succeed('Configuration cleaned up');
+            }
+            else {
+                spinner.info('No configuration to clean up');
+            }
+        }
+        catch (error) {
+            spinner.warn(`Failed to clean up configuration: ${error.message}`);
+            console.log(chalk_1.default.yellow('   This is not critical, continuing...'));
+        }
+    }
     async run() {
         const { flags } = await this.parse(EnvDestroy);
         (0, context_banner_1.printContextBanner)();
@@ -21,14 +55,14 @@ class EnvDestroy extends core_1.Command {
             // Bootstrap NestJS and get services
             const app = await (0, nest_app_1.getNestApp)();
             spinner.stop();
-            console.log(chalk_1.default.red('\n⚠️  DESTROY Observability Cluster\n'));
+            console.log(chalk_1.default.red('\n⚠️  DESTROY Control Cluster\n'));
             spinner = (0, ora_1.default)('Checking for cluster...').start();
-            const observabilityService = app.get(cli_observability_cluster_service_1.CliObservabilityClusterService);
-            // Find observability cluster
-            const cluster = await observabilityService.getObservabilityCluster();
+            const controlService = app.get(cli_control_cluster_service_1.CliControlClusterService);
+            // Find control cluster
+            const cluster = await controlService.getControlCluster();
             if (!cluster) {
-                spinner.fail('No observability cluster found');
-                console.log(chalk_1.default.yellow('\n⚠️  No observability cluster exists.\n'));
+                spinner.fail('No control cluster found');
+                console.log(chalk_1.default.yellow('\n⚠️  No control cluster exists.\n'));
                 console.log(chalk_1.default.dim('Create one with:'));
                 console.log(`   ${chalk_1.default.cyan('flui env create')}\n`);
                 return;
@@ -64,31 +98,14 @@ class EnvDestroy extends core_1.Command {
                 color: 'yellow',
             }).start();
             try {
-                await observabilityService.deleteObservabilityCluster();
+                await controlService.deleteControlCluster();
                 spinner.succeed('All cluster resources deleted successfully');
             }
             catch (error) {
                 spinner.fail('Cluster deletion encountered an error');
                 throw error;
             }
-            // Clean up observability-cluster-registration from config.json
-            spinner = (0, ora_1.default)('Cleaning up configuration...').start();
-            try {
-                const configStorage = new config_storage_1.ConfigStorage();
-                const config = configStorage['readConfig']();
-                if (config.credentials?.['observability-cluster-registration']) {
-                    delete config.credentials['observability-cluster-registration'];
-                    configStorage['writeConfig'](config);
-                    spinner.succeed('Configuration cleaned up');
-                }
-                else {
-                    spinner.info('No registration to clean up');
-                }
-            }
-            catch (error) {
-                spinner.warn(`Failed to clean up configuration: ${error.message}`);
-                console.log(chalk_1.default.yellow('   This is not critical, continuing...'));
-            }
+            this.cleanupClusterScopedConfig();
             // Tear down environment VNet/Subnet (must run AFTER all servers are deleted —
             // Hetzner refuses to delete a network that still has attached servers).
             try {
@@ -101,7 +118,7 @@ class EnvDestroy extends core_1.Command {
                 spinner.warn(`VNet teardown failed: ${error.message}`);
                 console.log(chalk_1.default.yellow('   You may need to delete the VNet manually from the Hetzner console.'));
             }
-            console.log(chalk_1.default.green('\n✅ Observability Cluster Deleted Successfully\n'));
+            console.log(chalk_1.default.green('\n✅ Control Cluster Deleted Successfully\n'));
             console.log(chalk_1.default.dim('   All cluster resources have been removed:'));
             console.log(chalk_1.default.dim('   • Servers (master and worker nodes)'));
             console.log(chalk_1.default.dim('   • Firewalls and security rules'));
@@ -130,7 +147,7 @@ class EnvDestroy extends core_1.Command {
         }
     }
 }
-EnvDestroy.description = 'Permanently delete observability cluster (WARNING: All data will be lost!)';
+EnvDestroy.description = 'Permanently delete control cluster (WARNING: All data will be lost!)';
 EnvDestroy.examples = [
     '<%= config.bin %> <%= command.id %>',
     '<%= config.bin %> <%= command.id %> --force',

package/lib/cli/src/commands/env/diag-ca.js CHANGED Viewed

@@ -8,7 +8,7 @@ const chalk_1 = __importDefault(require("chalk"));
 const ora_1 = __importDefault(require("ora"));
 const nest_app_1 = require("../../lib/nest-app");
 const nip_base_domain_util_1 = require("../../lib/nip-base-domain.util");
-const cli_observability_cluster_service_1 = require("../../services/cli-observability-cluster.service");
+const cli_control_cluster_service_1 = require("../../services/cli-control-cluster.service");
 const cli_ssh_service_1 = require("../../services/cli-ssh.service");
 const context_banner_1 = require("../../lib/context-banner");
 class EnvDiagCA extends core_1.Command {
@@ -17,9 +17,9 @@ class EnvDiagCA extends core_1.Command {
         const spinner = (0, ora_1.default)('Connecting to cluster...').start();
         try {
             const app = await (0, nest_app_1.getNestApp)();
-            const observabilityService = app.get(cli_observability_cluster_service_1.CliObservabilityClusterService);
+            const controlService = app.get(cli_control_cluster_service_1.CliControlClusterService);
             const sshService = app.get(cli_ssh_service_1.CliSshService);
-            const cluster = await observabilityService.getObservabilityCluster();
+            const cluster = await controlService.getControlCluster();
             if (!this.assertClusterReady(cluster, spinner)) {
                 return;
             }
@@ -42,8 +42,8 @@ class EnvDiagCA extends core_1.Command {
     }
     assertClusterReady(cluster, spinner) {
         if (!cluster) {
-            spinner.fail('No observability cluster found');
-            console.log(chalk_1.default.yellow('\n⚠️  No observability cluster exists.\n'));
+            spinner.fail('No control cluster found');
+            console.log(chalk_1.default.yellow('\n⚠️  No control cluster exists.\n'));
             console.log(chalk_1.default.dim('Create one with:'));
             console.log(`   ${chalk_1.default.cyan('flui env create')}\n`);
             return false;

package/lib/cli/src/commands/env/export-config.d.ts CHANGED Viewed

@@ -14,25 +14,8 @@ export default class EnvExportConfig extends Command {
         save: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
     };
     run(): Promise<void>;
-    /**
-     * Resolve every preference this command consumes (email, dashboardPath, certificateMode)
-     * through the layered config: flag > env > project-local > user > default > prompt.
-     *
-     * Prompted values are persisted to the active profile only when --save is set;
-     * otherwise they are used for this run and forgotten (no surprise side effects).
-     *
-     * `skipDashboard` shortcuts the dashboard-only preferences when --no-dashboard is set.
-     */
     private resolvePreferences;
-    /**
-     * Patch the dashboard's config.json with the localhost API endpoints + cluster auth +
-     * the resolved certificateMode. Caller is responsible for resolving inputs.
-     */
     private syncDashboardConfig;
-    /**
-     * Prompt for a missing preference value, validating against the schema.
-     * Used only when every other layer (flag, env, project, user, default) failed to provide a value.
-     */
     private promptForPreference;
     private resolveIssuer;
     private resolveJwks;