@flui-cloud/cli 0.0.1 → 0.1.0

package/lib/cli/src/commands/env/export-config.js

@@ -42,7 +42,7 @@ const ora_1 = __importDefault(require("ora"));
 const fs = __importStar(require("node:fs"));
 const path = __importStar(require("node:path"));
 const nest_app_1 = require("../../lib/nest-app");
-const cli_observability_cluster_service_1 = require("../../services/cli-observability-cluster.service");
+const cli_control_cluster_service_1 = require("../../services/cli-control-cluster.service");
 const cli_endpoint_resolver_service_1 = require("../../services/cli-endpoint-resolver.service");
 const config_storage_1 = require("../../lib/config-storage");
 const cluster_entity_1 = require("../../../../src/modules/infrastructure/clusters/entities/cluster.entity");
@@ -59,12 +59,12 @@ class EnvExportConfig extends core_1.Command {
         let spinner = (0, ora_1.default)('Reading cluster configuration...').start();
         try {
             const app = await (0, nest_app_1.getNestApp)();
-            const observabilityService = app.get(cli_observability_cluster_service_1.CliObservabilityClusterService);
+            const controlService = app.get(cli_control_cluster_service_1.CliControlClusterService);
             const resolver = app.get(cli_endpoint_resolver_service_1.CliEndpointResolverService);
-            const cluster = await observabilityService.getObservabilityCluster();
+            const cluster = await controlService.getControlCluster();
             if (!cluster) {
-                spinner.fail('No observability cluster found');
-                console.log(chalk_1.default.yellow('\n⚠️  No observability cluster exists.\n'));
+                spinner.fail('No control cluster found');
+                console.log(chalk_1.default.yellow('\n⚠️  No control cluster exists.\n'));
                 console.log(chalk_1.default.dim('Create one with:'));
                 console.log(`   ${chalk_1.default.cyan('flui env create')}\n`);
                 return;
@@ -83,17 +83,12 @@ class EnvExportConfig extends core_1.Command {
             spinner = (0, ora_1.default)('Resolving endpoints from cluster...').start();
             const endpoints = await resolver.resolveEndpoints(masterIp, cluster.nipHostnameToken);
             spinner.succeed('Endpoints resolved');
-            // ADMIN_EMAIL and SSH_CA_PUBLIC_KEY live in flui-secrets but reading
-            // them here would require kube-API access (closed by the new firewall
-            // policy). They are written to .env.local by `flui dev creds`, which
-            // reaches the secret over SSH+kubectl. Here we fall back to the
-            // 'email' preference and skip the public CA key.
+            // Written to .env.local by `flui dev creds` (reads flui-secrets over SSH+kubectl).
             const adminEmail = '';
             const sshCaPublicKey = '';
             const authMode = endpoints.authMode === 'unknown' ? 'local' : endpoints.authMode;
             const resolvedIssuer = this.resolveIssuer(endpoints);
             const resolvedJwks = this.resolveJwks(endpoints, resolvedIssuer);
-            // Display configuration
             console.log(chalk_1.default.cyan('\n📋 Exporting Cluster Configuration\n'));
             console.log(`   ${chalk_1.default.bold('Cluster:')}    ${cluster.name}`);
             console.log(`   ${chalk_1.default.bold('Master IP:')}  ${masterIp}`);
@@ -113,7 +108,16 @@ class EnvExportConfig extends core_1.Command {
                 console.log(`   OIDC_ISSUER=${resolvedIssuer || chalk_1.default.dim('(not set)')}`);
                 console.log(`   OIDC_JWKS_URI=${resolvedJwks || chalk_1.default.dim('(not set)')}`);
                 console.log(`   OIDC_AUDIENCE=${endpoints.oidcAudience || chalk_1.default.dim('(set after first Zitadel setup)')}`);
+                const adminUrlPreview = endpoints.zitadel.fqdn
+                    ? `https://${endpoints.zitadel.fqdn}`
+                    : chalk_1.default.dim('(zitadel ingress not found)');
+                console.log(`   OIDC_PROVIDER_ADMIN_URL=${adminUrlPreview}`);
+                console.log(`   OIDC_CLI_CLIENT_ID=${endpoints.oidcCliClientId || chalk_1.default.dim('(not yet provisioned)')}`);
             }
+            const publicWebUrlPreview = endpoints.fluiWeb.fqdn
+                ? `https://${endpoints.fluiWeb.fqdn}`
+                : chalk_1.default.dim('(flui-web ingress not found)');
+            console.log(`   PUBLIC_WEB_URL=${publicWebUrlPreview}`);
             console.log(`   AUTH_MODE=${authMode}`);
             console.log(`   ADMIN_EMAIL=${adminEmail || chalk_1.default.dim('(not set)')}`);
             console.log(`   SSH_CA_PUBLIC_KEY=${sshCaPublicKey ? chalk_1.default.green('(present)') : chalk_1.default.dim('(not set)')}`);
@@ -138,8 +142,6 @@ class EnvExportConfig extends core_1.Command {
                 skipDashboard: flags['no-dashboard'],
             });
             spinner = (0, ora_1.default)('Updating .env file...').start();
-            // .env lives next to the resolved apiPath. Defaults to '.' (cwd) so legacy
-            // invocations from inside flui.api keep working without any preference set.
             const apiDir = path.isAbsolute(preferences.apiPath)
                 ? preferences.apiPath
                 : path.resolve(process.cwd(), preferences.apiPath);
@@ -184,8 +186,15 @@ class EnvExportConfig extends core_1.Command {
                 envVars.OIDC_JWKS_URI = resolvedJwks;
             if (endpoints.oidcAudience)
                 envVars.OIDC_AUDIENCE = endpoints.oidcAudience;
-            // ADMIN_EMAIL: prefer the value baked into the cluster's flui-secrets, fall back to
-            // the resolved 'email' preference. Either way the API gets a populated value.
+            // Zitadel admin API enforces Host header matching ExternalDomain.
+            if (endpoints.zitadel.fqdn)
+                envVars.OIDC_PROVIDER_ADMIN_URL = `https://${endpoints.zitadel.fqdn}`;
+            // Avoids OidcBootstrapSeeder re-provisioning the CLI app on every boot.
+            if (endpoints.oidcCliClientId)
+                envVars.OIDC_CLI_CLIENT_ID = endpoints.oidcCliClientId;
+            // Consumed by flui-authz install for the login-redirect URL.
+            if (endpoints.fluiWeb.fqdn)
+                envVars.PUBLIC_WEB_URL = `https://${endpoints.fluiWeb.fqdn}`;
             const resolvedEmail = adminEmail || preferences.email;
             if (resolvedEmail)
                 envVars.ADMIN_EMAIL = resolvedEmail;
@@ -220,15 +229,6 @@ class EnvExportConfig extends core_1.Command {
             await (0, nest_app_1.closeNestApp)();
         }
     }
-    /**
-     * Resolve every preference this command consumes (email, dashboardPath, certificateMode)
-     * through the layered config: flag > env > project-local > user > default > prompt.
-     *
-     * Prompted values are persisted to the active profile only when --save is set;
-     * otherwise they are used for this run and forgotten (no surprise side effects).
-     *
-     * `skipDashboard` shortcuts the dashboard-only preferences when --no-dashboard is set.
-     */
     async resolvePreferences(opts) {
         const storage = new config_storage_1.ConfigStorage();
         const resolver = new preferences_resolver_1.PreferencesResolver(storage);
@@ -264,10 +264,6 @@ class EnvExportConfig extends core_1.Command {
         }
         return out;
     }
-    /**
-     * Patch the dashboard's config.json with the localhost API endpoints + cluster auth +
-     * the resolved certificateMode. Caller is responsible for resolving inputs.
-     */
     async syncDashboardConfig(opts) {
         const dashboardPath = opts.dashboardPath;
         const certificateMode = opts.certificateMode;
@@ -275,20 +271,31 @@ class EnvExportConfig extends core_1.Command {
             ? dashboardPath
             : path.resolve(process.cwd(), dashboardPath);
         const configPath = path.join(absoluteDashboardPath, 'src', 'assets', 'config.json');
+        const examplePath = path.join(absoluteDashboardPath, 'src', 'assets', 'config.example.json');
         const spinner = (0, ora_1.default)(`Updating dashboard config (${configPath})...`).start();
-        if (!fs.existsSync(configPath)) {
-            spinner.warn(`Dashboard config not found at ${configPath} — skipping. Adjust dashboardPath or pass --no-dashboard.`);
-            return;
-        }
         let current = {};
-        try {
-            current = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+        if (fs.existsSync(configPath)) {
+            try {
+                current = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+            }
+            catch (err) {
+                spinner.fail(`Dashboard config.json is not valid JSON (${err.message}) — skipping`);
+                return;
+            }
+        }
+        else if (fs.existsSync(examplePath)) {
+            try {
+                current = JSON.parse(fs.readFileSync(examplePath, 'utf-8'));
+                spinner.info(`config.json missing — seeded from ${path.basename(examplePath)}`);
+            }
+            catch (err) {
+                spinner.warn(`config.example.json is not valid JSON (${err.message}) — starting from empty config`);
+            }
         }
-        catch (err) {
-            spinner.fail(`Dashboard config.json is not valid JSON (${err.message}) — skipping`);
-            return;
+        else {
+            spinner.info('config.json and config.example.json both missing — creating from scratch');
         }
-        if (opts.backup) {
+        if (opts.backup && fs.existsSync(configPath)) {
             const timestamp = new Date()
                 .toISOString()
                 .replaceAll(':', '-')
@@ -308,10 +315,6 @@ class EnvExportConfig extends core_1.Command {
         fs.writeFileSync(configPath, JSON.stringify(updated, null, 2) + '\n', 'utf-8');
         spinner.succeed(`Dashboard config updated (authMode=${opts.authMode}, certificateMode=${certificateMode}, oidcClientId=${opts.oidcClientId ? 'set' : '(empty)'})`);
     }
-    /**
-     * Prompt for a missing preference value, validating against the schema.
-     * Used only when every other layer (flag, env, project, user, default) failed to provide a value.
-     */
     async promptForPreference(key) {
         const def = preferences_schema_1.PREFERENCES[key];
         return (0, prompts_1.promptInput)({
@@ -363,8 +366,6 @@ EnvExportConfig.flags = {
         description: 'Skip updating the dashboard config.json',
         default: false,
     }),
-    // Direct overrides for the layered preferences resolver.
-    // Without these, values resolve from env > project file > user config > prompt.
     'api-path': core_1.Flags.string({
         description: `Override resolved value for the "apiPath" preference (${preferences_schema_1.PREFERENCES.apiPath.description})`,
     }),

package/lib/cli/src/commands/env/force-ready.d.ts

@@ -1,6 +1,6 @@
 import { Command } from '@oclif/core';
 export default class EnvForceReady extends Command {
-    static readonly description = "Force observability cluster status to READY (use when cluster is working but stuck in ERROR or CREATING state)";
+    static readonly description = "Force control cluster status to READY (use when cluster is working but stuck in ERROR or CREATING state)";
     static readonly examples: string[];
     static readonly flags: {
         force: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;

package/lib/cli/src/commands/env/force-ready.js

@@ -41,7 +41,7 @@ const chalk_1 = __importDefault(require("chalk"));
 const ora_1 = __importDefault(require("ora"));
 const nest_app_1 = require("../../lib/nest-app");
 const nip_base_domain_util_1 = require("../../lib/nip-base-domain.util");
-const cli_observability_cluster_service_1 = require("../../services/cli-observability-cluster.service");
+const cli_control_cluster_service_1 = require("../../services/cli-control-cluster.service");
 const cli_cluster_repository_1 = require("../../lib/repositories/cli-cluster.repository");
 const cli_operation_repository_1 = require("../../lib/repositories/cli-operation.repository");
 const cluster_entity_1 = require("../../../../src/modules/infrastructure/clusters/entities/cluster.entity");
@@ -59,14 +59,14 @@ class EnvForceReady extends core_1.Command {
             spinner.stop();
             console.log(chalk_1.default.yellow('\n⚠️  Force Cluster Status to READY\n'));
             spinner = (0, ora_1.default)('Loading cluster...').start();
-            const observabilityService = app.get(cli_observability_cluster_service_1.CliObservabilityClusterService);
+            const controlService = app.get(cli_control_cluster_service_1.CliControlClusterService);
             const clusterRepository = app.get(cli_cluster_repository_1.CliClusterRepository);
             const operationRepository = app.get(cli_operation_repository_1.CliOperationRepository);
-            // Find observability cluster
-            const cluster = await observabilityService.getObservabilityCluster();
+            // Find control cluster
+            const cluster = await controlService.getControlCluster();
             if (!cluster) {
-                spinner.fail('No observability cluster found');
-                console.log(chalk_1.default.yellow('\n⚠️  No observability cluster exists.\n'));
+                spinner.fail('No control cluster found');
+                console.log(chalk_1.default.yellow('\n⚠️  No control cluster exists.\n'));
                 console.log(chalk_1.default.dim('Create one with:'));
                 console.log(`   ${chalk_1.default.cyan('flui env create')}\n`);
                 return;
@@ -96,7 +96,7 @@ class EnvForceReady extends core_1.Command {
                 console.log(chalk_1.default.cyan('\n🔍 Checking cluster health...\n'));
                 spinner = (0, ora_1.default)('Checking observability services...').start();
                 try {
-                    healthStatus = await observabilityService.checkObservabilityServices(cluster.masterIpAddress, cluster.nipHostnameToken);
+                    healthStatus = await controlService.checkObservabilityServices(cluster.masterIpAddress, cluster.nipHostnameToken);
                     spinner.succeed('Health checks completed');
                     // Display health status
                     console.log(chalk_1.default.cyan('\n📊 Service Health Status:\n'));
@@ -202,7 +202,7 @@ class EnvForceReady extends core_1.Command {
         }
     }
 }
-EnvForceReady.description = 'Force observability cluster status to READY (use when cluster is working but stuck in ERROR or CREATING state)';
+EnvForceReady.description = 'Force control cluster status to READY (use when cluster is working but stuck in ERROR or CREATING state)';
 EnvForceReady.examples = [
     '<%= config.bin %> <%= command.id %>',
     '<%= config.bin %> <%= command.id %> --force',

package/lib/cli/src/commands/env/inspect.js

@@ -7,7 +7,7 @@ const core_1 = require("@oclif/core");
 const chalk_1 = __importDefault(require("chalk"));
 const ora_1 = __importDefault(require("ora"));
 const nest_app_1 = require("../../lib/nest-app");
-const cli_observability_cluster_service_1 = require("../../services/cli-observability-cluster.service");
+const cli_control_cluster_service_1 = require("../../services/cli-control-cluster.service");
 const cli_ssh_service_1 = require("../../services/cli-ssh.service");
 const context_banner_1 = require("../../lib/context-banner");
 class EnvInspect extends core_1.Command {
@@ -17,13 +17,13 @@ class EnvInspect extends core_1.Command {
         let spinner = (0, ora_1.default)('Loading cluster information...').start();
         try {
             const app = await (0, nest_app_1.getNestApp)();
-            const observabilityService = app.get(cli_observability_cluster_service_1.CliObservabilityClusterService);
+            const controlService = app.get(cli_control_cluster_service_1.CliControlClusterService);
             const sshService = app.get(cli_ssh_service_1.CliSshService);
             // Get cluster
-            const cluster = await observabilityService.getObservabilityCluster();
+            const cluster = await controlService.getControlCluster();
             if (!cluster) {
-                spinner.fail('No observability cluster found');
-                console.log(chalk_1.default.yellow('\n⚠️  No observability cluster exists.\n'));
+                spinner.fail('No control cluster found');
+                console.log(chalk_1.default.yellow('\n⚠️  No control cluster exists.\n'));
                 console.log(chalk_1.default.dim('Create one with:'));
                 console.log(`   ${chalk_1.default.cyan('flui env create')}\n`);
                 return;

package/lib/cli/src/commands/env/refresh-kubeconfig.js

@@ -7,7 +7,7 @@ const core_1 = require("@oclif/core");
 const chalk_1 = __importDefault(require("chalk"));
 const ora_1 = __importDefault(require("ora"));
 const nest_app_1 = require("../../lib/nest-app");
-const cli_observability_cluster_service_1 = require("../../services/cli-observability-cluster.service");
+const cli_control_cluster_service_1 = require("../../services/cli-control-cluster.service");
 const cli_ssh_service_1 = require("../../services/cli-ssh.service");
 const cli_cluster_repository_1 = require("../../lib/repositories/cli-cluster.repository");
 const encryption_service_1 = require("../../../../src/modules/shared/encryption/services/encryption.service");
@@ -19,13 +19,13 @@ class EnvRefreshKubeconfig extends core_1.Command {
         const spinner = (0, ora_1.default)('Fetching kubeconfig from K3s master...').start();
         try {
             const app = await (0, nest_app_1.getNestApp)();
-            const observabilityService = app.get(cli_observability_cluster_service_1.CliObservabilityClusterService);
+            const controlService = app.get(cli_control_cluster_service_1.CliControlClusterService);
             const sshService = app.get(cli_ssh_service_1.CliSshService);
             const clusterRepo = app.get(cli_cluster_repository_1.CliClusterRepository);
             const encryptionService = app.get(encryption_service_1.EncryptionService);
-            const cluster = await observabilityService.getObservabilityCluster();
+            const cluster = await controlService.getControlCluster();
             if (!cluster) {
-                spinner.fail('No observability cluster found');
+                spinner.fail('No control cluster found');
                 return;
             }
             if (cluster.status !== cluster_entity_1.ClusterStatus.READY) {

package/lib/cli/src/commands/env/repair-ssh-ca.js

@@ -43,7 +43,7 @@ const fs = __importStar(require("node:fs/promises"));
 const path = __importStar(require("node:path"));
 const os = __importStar(require("node:os"));
 const nest_app_1 = require("../../lib/nest-app");
-const cli_observability_cluster_service_1 = require("../../services/cli-observability-cluster.service");
+const cli_control_cluster_service_1 = require("../../services/cli-control-cluster.service");
 const cli_ssh_service_1 = require("../../services/cli-ssh.service");
 const context_banner_1 = require("../../lib/context-banner");
 class EnvRepairSshCa extends core_1.Command {
@@ -71,11 +71,11 @@ class EnvRepairSshCa extends core_1.Command {
         }
         const app = await (0, nest_app_1.getNestApp)();
         try {
-            const obs = app.get(cli_observability_cluster_service_1.CliObservabilityClusterService);
+            const obs = app.get(cli_control_cluster_service_1.CliControlClusterService);
             const ssh = app.get(cli_ssh_service_1.CliSshService);
-            const cluster = await obs.getObservabilityCluster();
+            const cluster = await obs.getControlCluster();
             if (!cluster?.masterIpAddress) {
-                this.log(chalk_1.default.red('  No observability cluster found in this profile.'));
+                this.log(chalk_1.default.red('  No control cluster found in this profile.'));
                 this.exit(1);
                 return;
             }

package/lib/cli/src/commands/env/repair-storage.d.ts

@@ -0,0 +1,9 @@
+import { Command } from '@oclif/core';
+export default class EnvRepairStorage extends Command {
+    static readonly description = "Backfill the shared-storage volume id into the cluster DB. Repairs clusters whose flui-secrets/DB never received FLUI_SHARED_STORAGE_VOLUME_ID at create \u2014 symptom is sharedStorageVolumeId NULL in the DB and \"no Flui-managed shared storage volume\" on storage expand. Reads the volume id from the active profile, patches flui-secrets over SSH, then restarts flui-api so the bootstrap seeder backfills the DB.";
+    static readonly examples: string[];
+    static readonly flags: {
+        'no-restart': import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+    };
+    run(): Promise<void>;
+}

package/lib/cli/src/commands/env/repair-storage.js

@@ -0,0 +1,82 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const chalk_1 = __importDefault(require("chalk"));
+const ora_1 = __importDefault(require("ora"));
+const nest_app_1 = require("../../lib/nest-app");
+const cli_control_cluster_service_1 = require("../../services/cli-control-cluster.service");
+const cli_ssh_service_1 = require("../../services/cli-ssh.service");
+const context_banner_1 = require("../../lib/context-banner");
+class EnvRepairStorage extends core_1.Command {
+    async run() {
+        const { flags } = await this.parse(EnvRepairStorage);
+        (0, context_banner_1.printContextBanner)();
+        const app = await (0, nest_app_1.getNestApp)();
+        try {
+            const control = app.get(cli_control_cluster_service_1.CliControlClusterService);
+            const ssh = app.get(cli_ssh_service_1.CliSshService);
+            const cluster = await control.getControlCluster();
+            if (!cluster?.masterIpAddress) {
+                this.log(chalk_1.default.red('  No control cluster found in this profile.'));
+                this.exit(1);
+                return;
+            }
+            const volumeId = cluster.sharedStorageVolumeId;
+            const sizeGb = cluster.sharedStorageVolumeSizeGb;
+            if (!volumeId) {
+                this.log(chalk_1.default.red('  No shared-storage volume id in this profile — nothing to backfill.'));
+                this.exit(1);
+                return;
+            }
+            const b64 = (s) => Buffer.from(s).toString('base64');
+            const ops = [
+                `{"op":"add","path":"/data/FLUI_SHARED_STORAGE_VOLUME_ID","value":"${b64(volumeId)}"}`,
+            ];
+            if (sizeGb) {
+                ops.push(`{"op":"add","path":"/data/FLUI_SHARED_STORAGE_VOLUME_GB","value":"${b64(String(sizeGb))}"}`);
+            }
+            const patchSpinner = (0, ora_1.default)(`Patching flui-secrets on ${cluster.masterIpAddress}...`).start();
+            const patchCmd = `kubectl -n flui-system patch secret flui-secrets ` +
+                `--type='json' -p='[${ops.join(',')}]'`;
+            try {
+                await ssh.sshExec(cluster.masterIpAddress, patchCmd);
+                patchSpinner.succeed(`Secret patched (FLUI_SHARED_STORAGE_VOLUME_ID=${volumeId})`);
+            }
+            catch (err) {
+                patchSpinner.fail(`Patch failed: ${err.message}`);
+                this.exit(1);
+                return;
+            }
+            if (!flags['no-restart']) {
+                const restartSpinner = (0, ora_1.default)('Restarting flui-api...').start();
+                try {
+                    await ssh.sshExec(cluster.masterIpAddress, 'kubectl -n flui-system rollout restart deployment/flui-api');
+                    restartSpinner.succeed('flui-api rolling restart triggered');
+                }
+                catch (err) {
+                    restartSpinner.warn(`Restart failed (Secret was patched OK): ${err.message}`);
+                }
+            }
+            this.log('');
+            this.log(chalk_1.default.green('  ✅ Storage repair complete. On flui-api boot the seeder backfills sharedStorageVolumeId in the DB.'));
+            this.log(chalk_1.default.dim('     Verify with `flui env storage` or the storage-expand endpoint once flui-api is back up.\n'));
+        }
+        finally {
+            await (0, nest_app_1.closeNestApp)();
+        }
+    }
+}
+EnvRepairStorage.description = 'Backfill the shared-storage volume id into the cluster DB. Repairs clusters whose flui-secrets/DB never received FLUI_SHARED_STORAGE_VOLUME_ID at create — symptom is sharedStorageVolumeId NULL in the DB and "no Flui-managed shared storage volume" on storage expand. Reads the volume id from the active profile, patches flui-secrets over SSH, then restarts flui-api so the bootstrap seeder backfills the DB.';
+EnvRepairStorage.examples = [
+    '<%= config.bin %> <%= command.id %>',
+    '<%= config.bin %> <%= command.id %> --no-restart',
+];
+EnvRepairStorage.flags = {
+    'no-restart': core_1.Flags.boolean({
+        description: 'Skip the flui-api rolling restart after patching the Secret',
+    }),
+};
+exports.default = EnvRepairStorage;

package/lib/cli/src/commands/env/restart.d.ts

@@ -1,6 +1,6 @@
 import { Command } from '@oclif/core';
 export default class EnvRestart extends Command {
-    static readonly description = "Restart stopped observability cluster servers";
+    static readonly description = "Restart stopped control cluster servers";
     static readonly examples: string[];
     run(): Promise<void>;
     /**

package/lib/cli/src/commands/env/restart.js

@@ -7,7 +7,7 @@ const core_1 = require("@oclif/core");
 const chalk_1 = __importDefault(require("chalk"));
 const ora_1 = __importDefault(require("ora"));
 const nest_app_1 = require("../../lib/nest-app");
-const cli_observability_cluster_service_1 = require("../../services/cli-observability-cluster.service");
+const cli_control_cluster_service_1 = require("../../services/cli-control-cluster.service");
 const hetzner_provider_service_1 = require("../../../../src/modules/providers/services/hetzner-provider.service");
 const cluster_entity_1 = require("../../../../src/modules/infrastructure/clusters/entities/cluster.entity");
 const cli_cluster_repository_1 = require("../../lib/repositories/cli-cluster.repository");
@@ -20,14 +20,14 @@ class EnvRestart extends core_1.Command {
             // Bootstrap NestJS and get services
             const app = await (0, nest_app_1.getNestApp)();
             spinner.succeed('Initialized');
-            console.log(chalk_1.default.cyan('\n🔄 Restarting Observability Cluster\n'));
+            console.log(chalk_1.default.cyan('\n🔄 Restarting Control Cluster\n'));
             spinner = (0, ora_1.default)('Finding cluster...').start();
-            const observabilityService = app.get(cli_observability_cluster_service_1.CliObservabilityClusterService);
-            // Get observability cluster
-            const cluster = await observabilityService.getObservabilityCluster();
+            const controlService = app.get(cli_control_cluster_service_1.CliControlClusterService);
+            // Get control cluster
+            const cluster = await controlService.getControlCluster();
             if (!cluster) {
-                spinner.fail('No observability cluster found');
-                console.log(chalk_1.default.yellow('\n⚠️  No observability cluster exists.\n'));
+                spinner.fail('No control cluster found');
+                console.log(chalk_1.default.yellow('\n⚠️  No control cluster exists.\n'));
                 console.log(`Create one with: ${chalk_1.default.cyan('flui env create')}\n`);
                 return;
             }
@@ -117,7 +117,7 @@ class EnvRestart extends core_1.Command {
                 for (let attempt = 1; attempt <= maxAttempts; attempt++) {
                     spinner = (0, ora_1.default)(`Checking services (attempt ${attempt}/${maxAttempts})...`).start();
                     try {
-                        const servicesHealth = await observabilityService.checkObservabilityServices(cluster.masterIpAddress, cluster.nipHostnameToken);
+                        const servicesHealth = await controlService.checkObservabilityServices(cluster.masterIpAddress, cluster.nipHostnameToken);
                         const allHealthy = servicesHealth.prometheus === 'healthy' &&
                             servicesHealth.grafana === 'healthy' &&
                             servicesHealth.loki === 'healthy';
@@ -182,6 +182,6 @@ class EnvRestart extends core_1.Command {
         return new Promise((resolve) => setTimeout(resolve, ms));
     }
 }
-EnvRestart.description = 'Restart stopped observability cluster servers';
+EnvRestart.description = 'Restart stopped control cluster servers';
 EnvRestart.examples = ['<%= config.bin %> <%= command.id %>'];
 exports.default = EnvRestart;

package/lib/cli/src/commands/env/scale-master.js

@@ -8,7 +8,7 @@ const chalk_1 = __importDefault(require("chalk"));
 const ora_1 = __importDefault(require("ora"));
 const nest_app_1 = require("../../lib/nest-app");
 const context_banner_1 = require("../../lib/context-banner");
-const cli_observability_cluster_service_1 = require("../../services/cli-observability-cluster.service");
+const cli_control_cluster_service_1 = require("../../services/cli-control-cluster.service");
 const cluster_node_scaling_service_1 = require("../../../../src/modules/infrastructure/clusters/services/cluster-node-scaling.service");
 const cluster_capacity_service_1 = require("../../../../src/modules/infrastructure/clusters/services/cluster-capacity.service");
 const cli_node_repository_1 = require("../../lib/repositories/cli-node.repository");
@@ -21,13 +21,13 @@ class EnvScaleMaster extends core_1.Command {
         const spinner = (0, ora_1.default)('Preparing scale-master plan...').start();
         try {
             const app = await (0, nest_app_1.getNestApp)();
-            const observabilityService = app.get(cli_observability_cluster_service_1.CliObservabilityClusterService);
+            const controlService = app.get(cli_control_cluster_service_1.CliControlClusterService);
             const nodeRepo = app.get(cli_node_repository_1.CliNodeRepository);
             const capacityService = app.get(cluster_capacity_service_1.ClusterCapacityService);
             const scalingService = app.get(cluster_node_scaling_service_1.ClusterNodeScalingService);
-            const cluster = await observabilityService.getObservabilityCluster();
+            const cluster = await controlService.getControlCluster();
             if (!cluster) {
-                spinner.fail('No observability cluster found');
+                spinner.fail('No control cluster found');
                 return;
             }
             const nodes = await nodeRepo.find({ where: { clusterId: cluster.id } });

package/lib/cli/src/commands/env/scale-node.js

@@ -8,7 +8,7 @@ const chalk_1 = __importDefault(require("chalk"));
 const ora_1 = __importDefault(require("ora"));
 const nest_app_1 = require("../../lib/nest-app");
 const context_banner_1 = require("../../lib/context-banner");
-const cli_observability_cluster_service_1 = require("../../services/cli-observability-cluster.service");
+const cli_control_cluster_service_1 = require("../../services/cli-control-cluster.service");
 const cluster_node_scaling_service_1 = require("../../../../src/modules/infrastructure/clusters/services/cluster-node-scaling.service");
 const cluster_capacity_service_1 = require("../../../../src/modules/infrastructure/clusters/services/cluster-capacity.service");
 const cli_node_repository_1 = require("../../lib/repositories/cli-node.repository");
@@ -20,13 +20,13 @@ class EnvScaleNode extends core_1.Command {
         const spinner = (0, ora_1.default)('Preparing scale-node plan...').start();
         try {
             const app = await (0, nest_app_1.getNestApp)();
-            const observabilityService = app.get(cli_observability_cluster_service_1.CliObservabilityClusterService);
+            const controlService = app.get(cli_control_cluster_service_1.CliControlClusterService);
             const nodeRepo = app.get(cli_node_repository_1.CliNodeRepository);
             const capacityService = app.get(cluster_capacity_service_1.ClusterCapacityService);
             const scalingService = app.get(cluster_node_scaling_service_1.ClusterNodeScalingService);
-            const cluster = await observabilityService.getObservabilityCluster();
+            const cluster = await controlService.getControlCluster();
             if (!cluster) {
-                spinner.fail('No observability cluster found');
+                spinner.fail('No control cluster found');
                 return;
             }
             const nodes = await nodeRepo.find({ where: { clusterId: cluster.id } });

package/lib/cli/src/commands/env/set-master-protection.d.ts

@@ -0,0 +1,16 @@
+import { Command } from '@oclif/core';
+export default class EnvSetMasterProtection extends Command {
+    static readonly description: string;
+    static readonly examples: string[];
+    static readonly args: {
+        action: import("@oclif/core/lib/interfaces").Arg<string, Record<string, unknown>>;
+    };
+    run(): Promise<void>;
+    private countWorkers;
+    private masterTainted;
+    private protectionLabel;
+    private showState;
+    private turnOn;
+    private turnOff;
+    private persist;
+}