@flui-cloud/cli 0.0.1 → 0.2.0

package/lib/cli/src/commands/app/list.d.ts

@@ -4,8 +4,11 @@ export default class AppList extends Command {
     static readonly examples: string[];
     static readonly flags: {
         cluster: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
+        expanded: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
         output: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
     };
     run(): Promise<void>;
+    private printGroup;
+    private printRow;
     private colorStatus;
 }

package/lib/cli/src/commands/app/list.js

@@ -15,34 +15,30 @@ class AppList extends core_1.Command {
         try {
             const { id: clusterId } = await (0, resolve_cluster_1.resolveCluster)(flags.cluster);
             const service = await cli_app_service_1.CliAppService.create(clusterId);
-            const apps = await service.listApps();
+            const groups = await service.listAppGroups();
             spinner.stop();
             if (flags.output === 'json') {
-                console.log(JSON.stringify(apps, null, 2));
+                console.log(JSON.stringify(groups, null, 2));
                 return;
             }
-            if (apps.length === 0) {
+            if (groups.length === 0) {
                 console.log(chalk_1.default.yellow('\n  No applications found in this cluster.\n'));
                 return;
             }
             console.log(chalk_1.default.cyan('\n  Applications\n'));
-            console.log(chalk_1.default.dim(`  ${'NAME'.padEnd(28)} ${'STATUS'.padEnd(14)} ${'REPLICAS'.padEnd(10)} ${'KIND'.padEnd(14)} ${'EXPOSURE'.padEnd(10)} LAST DEPLOY`));
-            console.log(chalk_1.default.dim('  ' + '─'.repeat(90)));
-            for (const app of apps) {
-                const name = app.name.length > 26 ? app.name.slice(0, 25) + '…' : app.name;
-                const kind = (app.kind || '').toLowerCase();
-                const exposure = (app.exposure || '').toLowerCase();
-                const replicas = String(app.replicas ?? '-');
-                const lastDeploy = app.lastDeployedAt
-                    ? new Date(app.lastDeployedAt).toLocaleString()
-                    : chalk_1.default.dim('never');
-                // Pad before coloring so escape codes don't break column widths
-                const statusPadded = app.status.padEnd(14);
-                const coloredStatus = this.colorStatus(statusPadded);
-                console.log(`  ${name.padEnd(28)} ${coloredStatus} ${replicas.padEnd(10)} ${kind.padEnd(14)} ${exposure.padEnd(10)} ${lastDeploy}`);
+            console.log(chalk_1.default.dim(`  ${'NAME'.padEnd(30)} ${'STATUS'.padEnd(14)} ${'REPLICAS'.padEnd(10)} ${'KIND'.padEnd(12)} ${'EXPOSURE'.padEnd(10)} LAST DEPLOY`));
+            console.log(chalk_1.default.dim('  ' + '─'.repeat(92)));
+            for (const group of groups) {
+                this.printGroup(group, flags.expanded);
             }
+            const appCount = groups.reduce((n, g) => n + g.componentCount, 0);
+            const composed = groups.filter((g) => g.type === 'composed').length;
             console.log('');
-            console.log(chalk_1.default.dim(`  ${apps.length} app${apps.length === 1 ? '' : 's'} total`));
+            console.log(chalk_1.default.dim(`  ${groups.length} app${groups.length === 1 ? '' : 's'}` +
+                (composed > 0 ? ` (${appCount} components)` : '') +
+                (composed > 0 && !flags.expanded
+                    ? chalk_1.default.dim(' · use --expanded to list components')
+                    : '')));
             console.log('');
         }
         catch (error) {
@@ -51,6 +47,58 @@ class AppList extends core_1.Command {
             this.exit(1);
         }
     }
+    printGroup(group, expanded) {
+        if (group.type === 'standalone') {
+            const app = group.components[0];
+            this.printRow({
+                name: group.name,
+                status: group.status,
+                replicas: String(app?.replicas ?? '-'),
+                kind: (app?.kind || '').toLowerCase(),
+                exposure: (app?.exposure || '').toLowerCase(),
+                lastDeploy: app?.lastDeployedAt,
+            });
+            return;
+        }
+        const marker = expanded ? '▾' : '▸';
+        const primary = group.components.find((c) => c.isPrimary);
+        this.printRow({
+            name: `${marker} ${group.name} (${group.componentCount})`,
+            status: group.status,
+            replicas: '-',
+            kind: 'composed',
+            exposure: (primary?.exposure || '').toLowerCase(),
+            lastDeploy: undefined,
+        });
+        if (!expanded)
+            return;
+        const children = [...group.components].sort((a, b) => Number(b.isPrimary ?? false) - Number(a.isPrimary ?? false));
+        children.forEach((c, i) => {
+            const branch = i === children.length - 1 ? '└' : '├';
+            const short = c.slug.startsWith(`${group.slug}-`)
+                ? c.slug.slice(group.slug.length + 1)
+                : c.slug;
+            this.printRow({
+                name: `    ${branch} ${short}${c.isPrimary ? chalk_1.default.dim(' (primary)') : ''}`,
+                status: c.status,
+                replicas: String(c.replicas ?? '-'),
+                kind: (c.kind || '').toLowerCase(),
+                exposure: (c.exposure || '').toLowerCase(),
+                lastDeploy: c.lastDeployedAt,
+                dim: true,
+            });
+        });
+    }
+    printRow(r) {
+        const visibleLen = r.name.replace(/\x1b\[[0-9;]*m/g, '').length;
+        const namePad = r.name + ' '.repeat(Math.max(0, 30 - visibleLen));
+        const status = this.colorStatus(r.status.padEnd(14));
+        const last = r.lastDeploy
+            ? new Date(r.lastDeploy).toLocaleString()
+            : chalk_1.default.dim('—');
+        const line = `  ${namePad} ${status} ${r.replicas.padEnd(10)} ${r.kind.padEnd(12)} ${r.exposure.padEnd(10)} ${last}`;
+        console.log(r.dim ? chalk_1.default.dim(line) : line);
+    }
     colorStatus(status) {
         const s = status.trim().toLowerCase();
         if (s === 'running')
@@ -67,6 +115,7 @@ class AppList extends core_1.Command {
 AppList.description = 'List all applications in the cluster';
 AppList.examples = [
     '<%= config.bin %> <%= command.id %>',
+    '<%= config.bin %> <%= command.id %> --expanded',
     '<%= config.bin %> <%= command.id %> --output json',
 ];
 AppList.flags = {
@@ -74,6 +123,11 @@ AppList.flags = {
         char: 'c',
         description: 'Cluster name or ID (default: auto-detect when only one cluster exists)',
     }),
+    expanded: core_1.Flags.boolean({
+        char: 'x',
+        description: 'Show the individual components of composed apps',
+        default: false,
+    }),
     output: core_1.Flags.string({
         char: 'o',
         description: 'Output format',

package/lib/cli/src/commands/app/status.d.ts

@@ -10,6 +10,7 @@ export default class AppStatus extends Command {
         output: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
     };
     run(): Promise<void>;
+    private printEndpoint;
     private printContainer;
     private colorStatus;
 }

package/lib/cli/src/commands/app/status.js

@@ -16,10 +16,13 @@ class AppStatus extends core_1.Command {
             const { id: clusterId } = await (0, resolve_cluster_1.resolveCluster)(flags.cluster);
             const service = await cli_app_service_1.CliAppService.create(clusterId);
             const app = await service.getAppByName(args.name);
-            const runtime = await service.getRuntime(app.id);
+            const [runtime, endpoints] = await Promise.all([
+                service.getRuntime(app.id),
+                service.listEndpoints(app.id).catch(() => []),
+            ]);
             spinner.stop();
             if (flags.output === 'json') {
-                console.log(JSON.stringify({ app, runtime }, null, 2));
+                console.log(JSON.stringify({ app, runtime, endpoints }, null, 2));
                 return;
             }
             console.log(chalk_1.default.cyan(`\n  ${app.name}\n`));
@@ -45,6 +48,11 @@ class AppStatus extends core_1.Command {
                 for (const c of runtime.containers)
                     this.printContainer(c);
             }
+            if (endpoints.length > 0) {
+                console.log(chalk_1.default.cyan('\n  Endpoints\n'));
+                for (const e of endpoints)
+                    this.printEndpoint(e);
+            }
             console.log('');
         }
         catch (error) {
@@ -53,6 +61,23 @@ class AppStatus extends core_1.Command {
             this.exit(1);
         }
     }
+    printEndpoint(e) {
+        const scheme = e.tlsEnabled ? 'https' : 'http';
+        const url = `${scheme}://${e.fqdn}`;
+        console.log(`  ${chalk_1.default.bold('URL:')}        ${chalk_1.default.cyan(url)}`);
+        const meta = [
+            e.endpointType,
+            e.hostnameMode,
+            e.tlsEnabled ? 'tls' : 'no-tls',
+        ]
+            .filter(Boolean)
+            .join(' · ');
+        console.log(`  ${chalk_1.default.dim(meta)}`);
+        if (e.certificateStatus && e.certificateStatus !== 'ISSUED') {
+            const color = e.certificateStatus === 'FAILED' ? chalk_1.default.red : chalk_1.default.yellow;
+            console.log(`  ${chalk_1.default.bold('Cert:')}       ${color(e.certificateStatus)}${e.certificateMessage ? ` — ${e.certificateMessage}` : ''}`);
+        }
+    }
     printContainer(c) {
         console.log(`  ${chalk_1.default.bold(c.name)}`);
         console.log(`    ${chalk_1.default.dim('image:')}   ${c.image}`);

package/lib/cli/src/commands/cluster/destroy.d.ts

@@ -1,6 +1,6 @@
 import { Command } from '@oclif/core';
 export default class ClusterDestroy extends Command {
-    static readonly description = "Permanently destroy a workload cluster and all its nodes. For the observability cluster use `flui env destroy`.";
+    static readonly description = "Permanently destroy a workload cluster and all its nodes. For the control cluster use `flui env destroy`.";
     static readonly examples: string[];
     static readonly args: {
         cluster: import("@oclif/core/lib/interfaces").Arg<string, Record<string, unknown>>;

package/lib/cli/src/commands/cluster/destroy.js

@@ -30,7 +30,7 @@ class ClusterDestroy extends core_1.Command {
         }
         const { id: clusterId, name: clusterName, entity } = resolved;
         if (entity.metadata?.isObservabilityCluster) {
-            this.error(`"${clusterName}" is the observability cluster. Use \`flui env destroy\` instead.`, { exit: 1 });
+            this.error(`"${clusterName}" is the control cluster. Use \`flui env destroy\` instead.`, { exit: 1 });
         }
         console.log(chalk_1.default.red('\n⚠️  DESTROY Workload Cluster\n'));
         console.log(`  ${chalk_1.default.bold('Name:')}    ${clusterName}`);
@@ -111,7 +111,7 @@ class ClusterDestroy extends core_1.Command {
         return false;
     }
 }
-ClusterDestroy.description = 'Permanently destroy a workload cluster and all its nodes. For the observability cluster use `flui env destroy`.';
+ClusterDestroy.description = 'Permanently destroy a workload cluster and all its nodes. For the control cluster use `flui env destroy`.';
 ClusterDestroy.examples = [
     '<%= config.bin %> <%= command.id %> my-workload-cluster',
     '<%= config.bin %> <%= command.id %> my-workload-cluster --force',

package/lib/cli/src/commands/deploy.d.ts

@@ -16,6 +16,9 @@ export default class Deploy extends Command {
         'no-build': import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
         image: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
         'skip-endpoint': import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        'cert-challenge': import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
+        'cert-provider': import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
+        hostname: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
         'no-wait': import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
         'validate-only': import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
         'skip-checks': import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;

package/lib/cli/src/commands/deploy.js

@@ -258,6 +258,13 @@ class Deploy extends core_1.Command {
                 clusterId,
                 ...(flags.name ? { displayName: flags.name } : {}),
                 ...(flags.domain ? { domain: flags.domain } : {}),
+                ...(flags['cert-challenge']
+                    ? { certChallenge: flags['cert-challenge'] }
+                    : {}),
+                ...(flags['cert-provider']
+                    ? { certificateProvider: flags['cert-provider'] }
+                    : {}),
+                ...(flags.hostname ? { hostnameMode: flags.hostname } : {}),
                 ...(flags['skip-endpoint'] ? { skipEndpoint: true } : {}),
                 ...(Object.keys(envOverrides).length > 0
                     ? { envOverrides, userInputs: envOverrides }
@@ -525,6 +532,18 @@ Deploy.flags = {
         description: 'Skip DNS and TLS provisioning (kind:CatalogApp only)',
         default: false,
     }),
+    'cert-challenge': core_1.Flags.string({
+        description: 'ACME challenge for the app endpoint (kind:CatalogApp). http-01 works without a DNS zone and forces a per-host cert; dns-01 needs a cluster DNS zone with a wildcard issuer. Default: derived from cluster config.',
+        options: ['http-01', 'dns-01'],
+    }),
+    'cert-provider': core_1.Flags.string({
+        description: 'Certificate issuer for the app endpoint (kind:CatalogApp). Default: cluster default.',
+        options: ['lets-encrypt', 'lets-encrypt-staging'],
+    }),
+    hostname: core_1.Flags.string({
+        description: 'How the app is exposed (kind:CatalogApp): ip (nip.io) or domain (cluster DNS zone). Default: derived from manifest/cluster.',
+        options: ['ip', 'domain'],
+    }),
     'no-wait': core_1.Flags.boolean({
         description: 'Alias for --detach (kind:CatalogApp compat)',
         default: false,

package/lib/cli/src/commands/dev/creds.d.ts

@@ -13,7 +13,6 @@ export default class DevCreds extends Command {
     private buildEnvVars;
     private writeEnvFile;
     private readFluiSecrets;
-    private readOidcIssuer;
     private resolveApiPath;
     private printSummary;
 }

package/lib/cli/src/commands/dev/creds.js

@@ -43,7 +43,7 @@ const fs = __importStar(require("node:fs"));
 const path = __importStar(require("node:path"));
 const os = __importStar(require("node:os"));
 const nest_app_1 = require("../../lib/nest-app");
-const cli_observability_cluster_service_1 = require("../../services/cli-observability-cluster.service");
+const cli_control_cluster_service_1 = require("../../services/cli-control-cluster.service");
 const cli_ssh_service_1 = require("../../services/cli-ssh.service");
 const config_storage_1 = require("../../lib/config-storage");
 const encryption_service_1 = require("../../../../src/modules/shared/encryption/services/encryption.service");
@@ -58,12 +58,12 @@ class DevCreds extends core_1.Command {
         let spinner = (0, ora_1.default)('Reading cluster configuration...').start();
         try {
             const app = await (0, nest_app_1.getNestApp)();
-            const observabilityService = app.get(cli_observability_cluster_service_1.CliObservabilityClusterService);
+            const controlService = app.get(cli_control_cluster_service_1.CliControlClusterService);
             const encryptionService = app.get(encryption_service_1.EncryptionService);
             const sshService = app.get(cli_ssh_service_1.CliSshService);
-            const cluster = await observabilityService.getObservabilityCluster();
+            const cluster = await controlService.getControlCluster();
             if (!cluster) {
-                spinner.fail('No observability cluster found');
+                spinner.fail('No control cluster found');
                 return;
             }
             if (cluster.status !== cluster_entity_1.ClusterStatus.READY) {
@@ -89,14 +89,6 @@ class DevCreds extends core_1.Command {
             spinner = (0, ora_1.default)('Reading flui-secrets via SSH...').start();
             const fluiSecrets = await this.readFluiSecrets(sshService, masterIp);
             spinner.succeed('flui-secrets read');
-            // OIDC issuer from flui-api-config — used to point local API at the
-            // public Zitadel admin URL instead of the in-cluster service DNS.
-            spinner = (0, ora_1.default)('Reading OIDC issuer from flui-api-config...').start();
-            const oidcIssuer = await this.readOidcIssuer(sshService, masterIp);
-            if (oidcIssuer)
-                spinner.succeed(`OIDC issuer: ${oidcIssuer}`);
-            else
-                spinner.warn('OIDC issuer not found in flui-api-config');
             // Local encryption key — shared with API via ~/.flui/encryption.key.
             const encryptionKeyPath = path.join(os.homedir(), '.flui', 'encryption.key');
             const encryptionKey = fs.existsSync(encryptionKeyPath)
@@ -111,7 +103,6 @@ class DevCreds extends core_1.Command {
                 passwords,
                 encryptionKey,
                 fluiSecrets,
-                oidcIssuer,
             });
             this.printSummary(envLocalPath, envVars);
             if (fluiSecrets.fluiApiKey) {
@@ -160,7 +151,7 @@ class DevCreds extends core_1.Command {
         return null;
     }
     buildEnvVars(opts) {
-        const { passwords, encryptionKey, fluiSecrets, oidcIssuer } = opts;
+        const { passwords, encryptionKey, fluiSecrets } = opts;
         const envVars = {
             DB_PASSWORD: passwords.postgres,
             REDIS_PASSWORD: passwords.redis,
@@ -180,8 +171,6 @@ class DevCreds extends core_1.Command {
             envVars.SSH_CA_PUBLIC_KEY = fluiSecrets.sshCaPublicKey;
         if (fluiSecrets.zitadelPat)
             envVars.ZITADEL_SERVICE_ACCOUNT_PAT = fluiSecrets.zitadelPat;
-        if (oidcIssuer)
-            envVars.OIDC_PROVIDER_ADMIN_URL = oidcIssuer;
         return envVars;
     }
     writeEnvFile(envLocalPath, apiDir, envVars, backup) {
@@ -228,16 +217,6 @@ class DevCreds extends core_1.Command {
             return {};
         }
     }
-    async readOidcIssuer(sshService, masterIp) {
-        try {
-            const raw = await sshService.sshExec(masterIp, "kubectl -n flui-system get configmap flui-api-config -o jsonpath='{.data.OIDC_ISSUER}'");
-            const trimmed = raw.trim();
-            return trimmed || undefined;
-        }
-        catch {
-            return undefined;
-        }
-    }
     async resolveApiPath(explicit, save) {
         const storage = new config_storage_1.ConfigStorage();
         const resolver = new preferences_resolver_1.PreferencesResolver(storage);
@@ -267,7 +246,7 @@ DevCreds.description = 'Developer-only: write cluster secrets (DB/Redis password
 DevCreds.examples = [
     '<%= config.bin %> <%= command.id %>',
     '<%= config.bin %> <%= command.id %> --dry-run',
-    '<%= config.bin %> <%= command.id %> --api-path ../flui.api',
+    '<%= config.bin %> <%= command.id %> --api-path ../flui-core',
 ];
 DevCreds.flags = {
     'dry-run': core_1.Flags.boolean({

package/lib/cli/src/commands/dev/tunnel.js

@@ -10,7 +10,7 @@ const node_child_process_1 = require("node:child_process");
 const node_util_1 = require("node:util");
 const execFileAsync = (0, node_util_1.promisify)(node_child_process_1.execFile);
 const nest_app_1 = require("../../lib/nest-app");
-const cli_observability_cluster_service_1 = require("../../services/cli-observability-cluster.service");
+const cli_control_cluster_service_1 = require("../../services/cli-control-cluster.service");
 const cli_ssh_service_1 = require("../../services/cli-ssh.service");
 const cluster_entity_1 = require("../../../../src/modules/infrastructure/clusters/entities/cluster.entity");
 const FORWARDS = {
@@ -41,7 +41,7 @@ const FORWARDS = {
         localPort: 3001,
         remotePort: 3000,
         service: 'svc/grafana',
-        namespace: 'flui-observability',
+        namespace: 'flui-control',
         needsKubectl: true,
     },
     vmsingle: {
@@ -49,7 +49,7 @@ const FORWARDS = {
         localPort: 9090,
         remotePort: 8428,
         service: 'svc/vmsingle',
-        namespace: 'flui-observability',
+        namespace: 'flui-control',
         needsKubectl: true,
     },
     loki: {
@@ -57,7 +57,7 @@ const FORWARDS = {
         localPort: 3100,
         remotePort: 3100,
         service: 'svc/loki',
-        namespace: 'flui-observability',
+        namespace: 'flui-control',
         needsKubectl: true,
     },
 };
@@ -68,10 +68,10 @@ class DevTunnel extends core_1.Command {
         let masterIp;
         try {
             const app = await (0, nest_app_1.getNestApp)();
-            const observabilityService = app.get(cli_observability_cluster_service_1.CliObservabilityClusterService);
-            const cluster = await observabilityService.getObservabilityCluster();
+            const controlService = app.get(cli_control_cluster_service_1.CliControlClusterService);
+            const cluster = await controlService.getControlCluster();
             if (!cluster) {
-                spinner.fail('No observability cluster found');
+                spinner.fail('No control cluster found');
                 console.log(chalk_1.default.yellow('\n⚠️  Run `flui env create` first.\n'));
                 return;
             }
@@ -239,7 +239,7 @@ class DevTunnel extends core_1.Command {
         return `sh -c '${lines.join('\n')}'`;
     }
 }
-DevTunnel.description = 'Open SSH tunnels from localhost to the observability cluster services.\n' +
+DevTunnel.description = 'Open SSH tunnels from localhost to the control cluster services.\n' +
     'On the remote side runs kubectl port-forward against the in-cluster Services,\n' +
     'so no NodePort or kube-API exposure is required. Stay in foreground; CTRL-C to close.';
 DevTunnel.examples = [

package/lib/cli/src/commands/env/capacity.js

@@ -7,7 +7,7 @@ const core_1 = require("@oclif/core");
 const chalk_1 = __importDefault(require("chalk"));
 const ora_1 = __importDefault(require("ora"));
 const nest_app_1 = require("../../lib/nest-app");
-const cli_observability_cluster_service_1 = require("../../services/cli-observability-cluster.service");
+const cli_control_cluster_service_1 = require("../../services/cli-control-cluster.service");
 const cluster_capacity_service_1 = require("../../../../src/modules/infrastructure/clusters/services/cluster-capacity.service");
 const context_banner_1 = require("../../lib/context-banner");
 class EnvCapacity extends core_1.Command {
@@ -17,11 +17,11 @@ class EnvCapacity extends core_1.Command {
         const spinner = (0, ora_1.default)('Computing capacity plan...').start();
         try {
             const app = await (0, nest_app_1.getNestApp)();
-            const observabilityService = app.get(cli_observability_cluster_service_1.CliObservabilityClusterService);
+            const controlService = app.get(cli_control_cluster_service_1.CliControlClusterService);
             const capacityService = app.get(cluster_capacity_service_1.ClusterCapacityService);
-            const cluster = await observabilityService.getObservabilityCluster();
+            const cluster = await controlService.getControlCluster();
             if (!cluster) {
-                spinner.fail('No observability cluster found');
+                spinner.fail('No control cluster found');
                 console.log(chalk_1.default.yellow('\n⚠️  Create a cluster first: ' + chalk_1.default.cyan('flui env create\n')));
                 return;
             }

package/lib/cli/src/commands/env/create.d.ts

@@ -1,6 +1,6 @@
 import { Command } from '@oclif/core';
 export default class EnvCreate extends Command {
-    static readonly description = "Create observability cluster infrastructure on K3s";
+    static readonly description = "Create control cluster infrastructure on K3s";
     static readonly examples: string[];
     static readonly flags: {
         provider: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
@@ -14,8 +14,11 @@ export default class EnvCreate extends Command {
         'firewall-ip': import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
         'auth-mode': import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
         'acme-staging': import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        latest: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
         'no-shared-storage': import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
         'shared-storage-size': import("@oclif/core/lib/interfaces").OptionFlag<number, import("@oclif/core/lib/interfaces").CustomOptions>;
     };
+    /** The sole provider with configured credentials, or undefined if none/both. */
+    private detectConfiguredProvider;
     run(): Promise<void>;
 }