@flui-cloud/cli 0.0.1 → 0.2.0

package/lib/cli/src/commands/integration/setup.js

@@ -0,0 +1,320 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const chalk_1 = __importDefault(require("chalk"));
+const ora_1 = __importDefault(require("ora"));
+const http = __importStar(require("node:http"));
+const os = __importStar(require("node:os"));
+const api_client_1 = require("../../lib/api-client");
+const config_storage_1 = require("../../lib/config-storage");
+const browser_callback_1 = require("../../lib/browser-callback");
+const prompts_1 = require("../../lib/prompts");
+const PAT_SCOPES = [
+    'repo',
+    'workflow',
+    'user:email',
+    'admin:repo_hook',
+    'write:packages',
+    'read:packages',
+    'delete:packages',
+];
+const PAT_DEEP_LINK = `https://github.com/settings/tokens/new?scopes=${PAT_SCOPES.join(',')}&description=Flui+CLI`;
+const MANIFEST_POLL_INTERVAL_MS = 2_000;
+const MANIFEST_POLL_TIMEOUT_MS = 10 * 60 * 1000;
+class IntegrationSetup extends core_1.Command {
+    async run() {
+        const { args, flags } = await this.parse(IntegrationSetup);
+        if (args.provider !== 'github') {
+            this.error(`Unknown provider "${args.provider}"`, { exit: 1 });
+        }
+        const configStorage = new config_storage_1.ConfigStorage();
+        const apiUrl = configStorage.getApiUrlOrThrow();
+        const apiKey = configStorage.getApiKey();
+        if (!apiKey) {
+            this.error('Not logged in. Run `flui auth login` first.', { exit: 1 });
+        }
+        const api = new api_client_1.ApiClient({ baseUrl: apiUrl, apiKey });
+        const status = await this.fetchStatus(api);
+        if (status?.configured) {
+            console.log(chalk_1.default.yellow(`\n  GitHub integration is already configured (authMethod=${status.authMethod}${status.appSlug ? `, appSlug=${status.appSlug}` : ''}).`));
+            const ok = await (0, prompts_1.confirmPrompt)('Overwrite existing configuration?', false);
+            if (!ok) {
+                console.log(chalk_1.default.dim('\n  Cancelled.\n'));
+                return;
+            }
+        }
+        const choice = await (0, prompts_1.selectWithArrows)('Choose setup method', [
+            { label: 'GitHub App (recommended) — one-click create on GitHub' },
+            { label: 'Personal Access Token — paste a classic PAT' },
+        ]);
+        if (choice === -1) {
+            console.log(chalk_1.default.dim('\n  Cancelled.\n'));
+            return;
+        }
+        if (choice === 0) {
+            await this.runManifestFlow(api, apiUrl, flags.headless);
+        }
+        else {
+            await this.runPatFlow(api, flags.headless);
+        }
+    }
+    async fetchStatus(api) {
+        try {
+            return await api.get('/repositories/github/setup/status');
+        }
+        catch {
+            return null;
+        }
+    }
+    async runManifestFlow(api, apiUrl, headless) {
+        console.log('');
+        const defaultName = `flui-${os.hostname().split('.')[0]}`;
+        const name = await (0, prompts_1.promptInput)({
+            message: 'GitHub App name (must be unique across GitHub)',
+            default: defaultName,
+        });
+        const publicApiUrl = await (0, prompts_1.promptInput)({
+            message: 'Flui public URL (must be reachable from github.com; OAuth callback, manifest redirect and webhook URL are derived from this)',
+            default: apiUrl.replace(/\/api(\/v\d+)?$/, '').replace(/\/$/, ''),
+            validate: (v) => /^https?:\/\//.test(v) ? null : 'Must be an http(s) URL',
+        });
+        if (/^https?:\/\/(localhost|127\.0\.0\.1|0\.0\.0\.0)/i.test(publicApiUrl)) {
+            console.log(chalk_1.default.yellow("  ! This URL points to localhost — GitHub won't reach the webhook (if enabled) nor complete the OAuth redirect from a different machine. Use a tunnel for development."));
+        }
+        const webhooksEnabled = await (0, prompts_1.confirmPrompt)('Enable webhooks for deploy-on-push?', false);
+        const publicApp = await (0, prompts_1.confirmPrompt)('Allow installation on other accounts / organizations? (off = only the owner account can install)', false);
+        const spinner = (0, ora_1.default)('Requesting manifest…').start();
+        let manifest;
+        try {
+            manifest = await api.post('/repositories/github/setup/github-app/manifest-start', { name, webhooksEnabled, publicApp, publicApiUrl });
+            spinner.succeed('Manifest ready');
+        }
+        catch (error) {
+            spinner.fail('Failed to request manifest');
+            this.printApiError(error);
+            this.exit(1);
+        }
+        const port = await (0, browser_callback_1.findFreeCallbackPort)();
+        const localUrl = `http://127.0.0.1:${port}/`;
+        const server = this.startManifestSubmitServer(port, manifest);
+        try {
+            if (headless) {
+                console.log('');
+                console.log(chalk_1.default.dim('  Open this URL in a browser to create the App:'));
+                console.log(`  ${chalk_1.default.cyan(localUrl)}`);
+            }
+            else if ((0, browser_callback_1.openInBrowser)(localUrl)) {
+                console.log(chalk_1.default.dim('\n  Opened browser. Confirm the App creation on GitHub…'));
+            }
+            else {
+                console.log(chalk_1.default.yellow(`\n  Could not open browser. Open this URL manually:\n  ${localUrl}\n`));
+            }
+            const ok = await this.pollUntilConfigured(api);
+            if (ok) {
+                const fresh = await this.fetchStatus(api);
+                console.log(chalk_1.default.green(`\n  ✔ GitHub App configured (${chalk_1.default.bold(fresh?.appSlug ?? '?')})\n`));
+                console.log(chalk_1.default.dim(`  Next: \`flui integration connect github\` to install on your account/org.\n`));
+            }
+            else {
+                console.log(chalk_1.default.red('\n  ✖ Timed out waiting for the manifest callback. If the browser already redirected, check the dashboard.\n'));
+                this.exit(1);
+            }
+        }
+        finally {
+            server.close();
+        }
+    }
+    startManifestSubmitServer(port, manifest) {
+        const html = renderManifestSubmitPage(manifest);
+        const server = http.createServer((req, res) => {
+            const url = new URL(req.url ?? '/', `http://127.0.0.1:${port}`);
+            if (url.pathname === '/') {
+                res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
+                res.end(html);
+                return;
+            }
+            res.writeHead(404);
+            res.end();
+        });
+        server.listen(port, '127.0.0.1');
+        return server;
+    }
+    async pollUntilConfigured(api) {
+        const spinner = (0, ora_1.default)('Waiting for GitHub App credentials…').start();
+        const start = Date.now();
+        while (Date.now() - start < MANIFEST_POLL_TIMEOUT_MS) {
+            const status = await this.fetchStatus(api);
+            if (status?.configured &&
+                status.authMethod === 'github_app' &&
+                status.appSlug) {
+                spinner.succeed('GitHub App credentials persisted');
+                return true;
+            }
+            await new Promise((resolve) => setTimeout(resolve, MANIFEST_POLL_INTERVAL_MS));
+        }
+        spinner.fail('Manifest callback never arrived');
+        return false;
+    }
+    async runPatFlow(api, headless) {
+        console.log('');
+        console.log(chalk_1.default.dim('  Create a classic PAT with the required scopes. The same token covers'));
+        console.log(chalk_1.default.dim('  cloning private repos, webhooks, and GHCR container pulls.'));
+        console.log(`  ${chalk_1.default.cyan(PAT_DEEP_LINK)}`);
+        if (!headless) {
+            (0, browser_callback_1.openInBrowser)(PAT_DEEP_LINK);
+        }
+        console.log('');
+        let token = '';
+        let validation = null;
+        while (true) {
+            token = await (0, prompts_1.promptMaskedInput)('Paste your PAT');
+            if (!token) {
+                console.log(chalk_1.default.dim('  Cancelled.'));
+                return;
+            }
+            const spinner = (0, ora_1.default)('Validating token with GitHub…').start();
+            try {
+                validation = await api.post('/repositories/github/validate-pat', { token });
+                spinner.stop();
+            }
+            catch (error) {
+                spinner.fail('Validation failed');
+                this.printApiError(error);
+                this.exit(1);
+            }
+            if (!validation?.valid) {
+                const label = patErrorLabel(validation?.error, validation?.message);
+                console.log(chalk_1.default.red(`  ✖ ${label}`));
+                const retry = await (0, prompts_1.confirmPrompt)('Try another token?', true);
+                if (!retry)
+                    return;
+                continue;
+            }
+            console.log(chalk_1.default.green(`  ✔ Authenticated as @${validation.login}. Scopes: ${(validation.scopes ?? []).join(', ') || '<none>'}`));
+            if ((validation.missingScopes?.length ?? 0) > 0) {
+                console.log(chalk_1.default.yellow(`  ! Missing scopes: ${validation.missingScopes.join(', ')}`));
+                const cont = await (0, prompts_1.confirmPrompt)('Save anyway? (webhooks/packages may not work)', false);
+                if (!cont)
+                    continue;
+            }
+            break;
+        }
+        const spinner = (0, ora_1.default)('Saving token…').start();
+        try {
+            await api.post('/repositories/github/setup/pat');
+            await api.post('/repositories/github/connect-pat', {
+                personalAccessToken: token,
+            });
+            spinner.succeed('PAT saved');
+        }
+        catch (error) {
+            spinner.fail('Failed to save PAT');
+            this.printApiError(error);
+            this.exit(1);
+        }
+        console.log(chalk_1.default.green(`\n  ✔ Connected as @${validation.login} via PAT.\n`));
+        console.log(chalk_1.default.dim(`  Next: \`flui repo list\` to see repositories or \`flui integration status github\` for details.\n`));
+    }
+    printApiError(error) {
+        if (error instanceof api_client_1.ApiError) {
+            console.log(chalk_1.default.red(`  ${error.statusCode}: ${error.message}`));
+            if (error.statusCode === 403) {
+                console.log(chalk_1.default.yellow('  Admin privileges required for this operation.'));
+            }
+        }
+        else {
+            console.log(chalk_1.default.red(`  ${error.message}`));
+        }
+    }
+}
+IntegrationSetup.description = 'Guided GitHub integration setup (admin). Pick GitHub App (recommended, creates the App on GitHub via manifest flow) or Personal Access Token (validates and saves a token).';
+IntegrationSetup.examples = [
+    '<%= config.bin %> <%= command.id %> github',
+    '<%= config.bin %> <%= command.id %> github --headless',
+];
+IntegrationSetup.args = {
+    provider: core_1.Args.string({
+        description: 'Integration provider (currently only `github`)',
+        required: true,
+        options: ['github'],
+    }),
+};
+IntegrationSetup.flags = {
+    headless: core_1.Flags.boolean({
+        description: 'Print URLs instead of opening a browser',
+        default: false,
+    }),
+};
+exports.default = IntegrationSetup;
+function patErrorLabel(error, message) {
+    switch (error) {
+        case 'invalid_token':
+            return 'Invalid token — GitHub rejected it (401).';
+        case 'sso_required':
+            return 'Token needs SSO authorization for one of your orgs. Authorize on GitHub and try again.';
+        case 'empty_token':
+            return 'Token is empty.';
+        case 'github_unreachable':
+            return `Could not reach GitHub: ${message ?? 'unknown error'}`;
+        default:
+            return `Token validation failed${message ? `: ${message}` : '.'}`;
+    }
+}
+function renderManifestSubmitPage(manifest) {
+    const manifestJsonEscaped = JSON.stringify(manifest.manifestJson)
+        .replace(/&/g, '&amp;')
+        .replace(/"/g, '&quot;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;');
+    return `<!doctype html>
+<html>
+<head><meta charset="utf-8"><title>Creating Flui GitHub App…</title>
+<style>body{font-family:system-ui,sans-serif;padding:48px;max-width:520px;margin:auto;color:#1f2937}h2{margin-bottom:8px}p{color:#6b7280}</style>
+</head>
+<body>
+<h2>Redirecting to GitHub…</h2>
+<p>This page will submit the GitHub App manifest. If nothing happens within a few seconds, ensure JavaScript is enabled and forms are not blocked.</p>
+<form id="f" method="POST" action="${manifest.githubUrl}">
+  <input type="hidden" name="manifest" value="${manifestJsonEscaped}" />
+  <noscript><button type="submit">Continue to GitHub</button></noscript>
+</form>
+<script>document.getElementById('f').submit();</script>
+</body>
+</html>`;
+}

package/lib/cli/src/commands/integration/status.d.ts

@@ -0,0 +1,9 @@
+import { Command } from '@oclif/core';
+export default class IntegrationStatus extends Command {
+    static readonly description = "Show the current GitHub integration status: configured mode, live health check, and (in PAT mode) your own connection state.";
+    static readonly examples: string[];
+    static readonly args: {
+        provider: import("@oclif/core/lib/interfaces").Arg<string, Record<string, unknown>>;
+    };
+    run(): Promise<void>;
+}

package/lib/cli/src/commands/integration/status.js

@@ -0,0 +1,117 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const chalk_1 = __importDefault(require("chalk"));
+const ora_1 = __importDefault(require("ora"));
+const api_client_1 = require("../../lib/api-client");
+const config_storage_1 = require("../../lib/config-storage");
+class IntegrationStatus extends core_1.Command {
+    async run() {
+        const { args } = await this.parse(IntegrationStatus);
+        if (args.provider !== 'github') {
+            this.error(`Unknown provider "${args.provider}"`, { exit: 1 });
+        }
+        const configStorage = new config_storage_1.ConfigStorage();
+        const apiUrl = configStorage.getApiUrlOrThrow();
+        const apiKey = configStorage.getApiKey();
+        if (!apiKey) {
+            this.error('Not logged in. Run `flui auth login` first.', { exit: 1 });
+        }
+        const api = new api_client_1.ApiClient({ baseUrl: apiUrl, apiKey });
+        const spinner = (0, ora_1.default)('Fetching GitHub integration status…').start();
+        let status = null;
+        let health = null;
+        try {
+            [status, health] = await Promise.all([
+                api.get('/repositories/github/setup/status'),
+                api
+                    .get('/repositories/github/setup/health')
+                    .catch((err) => {
+                    if (err instanceof api_client_1.ApiError && err.statusCode === 403) {
+                        return null;
+                    }
+                    throw err;
+                }),
+            ]);
+            spinner.stop();
+        }
+        catch (error) {
+            spinner.fail('Failed to fetch status');
+            if (error instanceof api_client_1.ApiError) {
+                console.log(chalk_1.default.red(`  ${error.statusCode}: ${error.message}`));
+            }
+            else {
+                console.log(chalk_1.default.red(`  ${error.message}`));
+            }
+            this.exit(1);
+        }
+        console.log('');
+        console.log(chalk_1.default.bold('  Instance configuration'));
+        if (!status?.configured) {
+            console.log(`    ${chalk_1.default.dim('Mode:')}          ${chalk_1.default.yellow('not configured')}`);
+            console.log('');
+            console.log(chalk_1.default.dim(`  Run \`flui integration setup github\` to configure it.\n`));
+            return;
+        }
+        console.log(`    ${chalk_1.default.dim('Mode:')}          ${chalk_1.default.cyan(status.authMethod ?? '?')}`);
+        if (status.appSlug) {
+            console.log(`    ${chalk_1.default.dim('App slug:')}      ${status.appSlug}`);
+        }
+        if (health) {
+            const healthSummary = summariseHealth(health);
+            console.log(`    ${chalk_1.default.dim('Health:')}        ${healthSummary}`);
+        }
+        else {
+            console.log(`    ${chalk_1.default.dim('Health:')}        ${chalk_1.default.dim('(admin only)')}`);
+        }
+        if (status.authMethod === 'pat') {
+            let userStatus = null;
+            try {
+                userStatus = await api.get('/repositories/github/status');
+            }
+            catch {
+                userStatus = null;
+            }
+            console.log('');
+            console.log(chalk_1.default.bold('  Your connection'));
+            if (userStatus?.connected) {
+                console.log(`    ${chalk_1.default.dim('Authenticated:')} @${userStatus.githubUsername}`);
+                if (userStatus.scopes) {
+                    console.log(`    ${chalk_1.default.dim('Scopes:')}        ${userStatus.scopes}`);
+                }
+            }
+            else {
+                console.log(`    ${chalk_1.default.dim('Authenticated:')} ${chalk_1.default.yellow('not connected')}`);
+                console.log(chalk_1.default.dim('    Run `flui integration setup github` (PAT branch) to connect.'));
+            }
+        }
+        console.log('');
+    }
+}
+IntegrationStatus.description = 'Show the current GitHub integration status: configured mode, live health check, and (in PAT mode) your own connection state.';
+IntegrationStatus.examples = ['<%= config.bin %> <%= command.id %> github'];
+IntegrationStatus.args = {
+    provider: core_1.Args.string({
+        description: 'Integration provider (currently only `github`)',
+        required: true,
+        options: ['github'],
+    }),
+};
+exports.default = IntegrationStatus;
+function summariseHealth(health) {
+    if (!health.ok) {
+        const reason = health.details.error ?? 'unknown';
+        return chalk_1.default.red(`✖ ${reason}${health.details.message ? ` — ${health.details.message}` : ''}`);
+    }
+    if (health.mode === 'github_app') {
+        const installCount = health.details.installationsCount ?? 0;
+        return chalk_1.default.green(`✔ App auth ok — ${installCount} installation${installCount === 1 ? '' : 's'}`);
+    }
+    if (health.mode === 'pat') {
+        return chalk_1.default.green('✔ PAT mode enabled (per-user credentials)');
+    }
+    return chalk_1.default.dim('—');
+}

package/lib/cli/src/commands/node/list.d.ts

@@ -7,5 +7,6 @@ export default class NodeList extends Command {
         output: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
     };
     run(): Promise<void>;
+    private masterProtectionLabel;
     private colorStatus;
 }

package/lib/cli/src/commands/node/list.js

@@ -13,9 +13,12 @@ class NodeList extends core_1.Command {
         const { flags } = await this.parse(NodeList);
         const spinner = (0, ora_1.default)('Fetching nodes...').start();
         try {
-            const { id: clusterId } = await (0, resolve_cluster_1.resolveCluster)(flags.cluster);
+            const { id: clusterId, entity } = await (0, resolve_cluster_1.resolveCluster)(flags.cluster);
             const service = await cli_node_service_1.CliNodeService.create(clusterId);
             const nodes = await service.listNodes();
+            const isControlCluster = entity?.clusterType === 'control' ||
+                entity?.clusterType === 'observability';
+            const masterProtected = !!entity?.metadata?.masterProtection;
             spinner.stop();
             if (flags.output === 'json') {
                 console.log(JSON.stringify(nodes, null, 2));
@@ -39,11 +42,18 @@ class NodeList extends core_1.Command {
                 const statusPadded = (node.status || 'unknown').padEnd(12);
                 const statusColored = this.colorStatus(statusPadded);
                 const ip = (node.ipAddress || '-').padEnd(18);
-                console.log(`  ${node.id.padEnd(38)} ${roleColored} ${statusColored} ${ip} ${name}`);
+                const taint = node.nodeType === 'master' && masterProtected
+                    ? chalk_1.default.yellow('  🔒 control-plane:NoSchedule')
+                    : '';
+                console.log(`  ${node.id.padEnd(38)} ${roleColored} ${statusColored} ${ip} ${name}${taint}`);
             }
             const workers = nodes.filter((n) => n.nodeType === 'worker').length;
             console.log('');
             console.log(chalk_1.default.dim(`  ${nodes.length} node${nodes.length === 1 ? '' : 's'} total (1 master, ${workers} worker${workers === 1 ? '' : 's'})`));
+            if (isControlCluster) {
+                console.log(chalk_1.default.dim('  Master protection: ') +
+                    this.masterProtectionLabel(workers, masterProtected));
+            }
             console.log('');
         }
         catch (error) {
@@ -52,6 +62,13 @@ class NodeList extends core_1.Command {
             this.exit(1);
         }
     }
+    masterProtectionLabel(workers, protectedFlag) {
+        if (workers === 0)
+            return chalk_1.default.dim('n/a (single-node)');
+        return protectedFlag
+            ? chalk_1.default.green('auto (master tainted)')
+            : chalk_1.default.yellow('off');
+    }
     colorStatus(status) {
         const s = status.trim().toLowerCase();
         if (s === 'ready')

package/lib/cli/src/commands/server-types/list.d.ts

@@ -5,6 +5,9 @@ export default class ServerTypesList extends Command {
     static readonly flags: {
         provider: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
         region: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
+        memory: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
+        sort: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
+        desc: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
         json: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
         'force-refresh': import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
     };

package/lib/cli/src/commands/server-types/list.js

@@ -10,6 +10,40 @@ const server_type_cache_service_1 = require("../../services/server-type-cache.se
 const server_type_validator_service_1 = require("../../services/server-type-validator.service");
 const defaults_1 = require("../../config/defaults");
 const provider_factory_1 = require("../../../../src/modules/providers/core/factories/provider.factory");
+/**
+ * Parse a numeric filter expression into an inclusive {min, max} range.
+ * Accepts "16" (exact), "8-32" (range), "8-" (min only), "-32" (max only).
+ * Returns null on invalid input.
+ */
+function parseNumericRange(raw) {
+    const value = raw.trim();
+    if (!value)
+        return null;
+    const num = (s) => {
+        if (s === '')
+            return undefined;
+        const n = Number.parseFloat(s);
+        return Number.isFinite(n) && n >= 0 ? n : Number.NaN;
+    };
+    if (!value.includes('-')) {
+        const exact = num(value);
+        if (exact === undefined || Number.isNaN(exact))
+            return null;
+        return { min: exact, max: exact };
+    }
+    const [minPart, maxPart, ...rest] = value.split('-');
+    if (rest.length > 0)
+        return null;
+    const min = num(minPart);
+    const max = num(maxPart);
+    if (Number.isNaN(min) || Number.isNaN(max))
+        return null;
+    if (min === undefined && max === undefined)
+        return null;
+    if (min !== undefined && max !== undefined && min > max)
+        return null;
+    return { min, max };
+}
 class ServerTypesList extends core_1.Command {
     async run() {
         const { flags } = await this.parse(ServerTypesList);
@@ -62,6 +96,15 @@ class ServerTypesList extends core_1.Command {
                     return type.locations.some((loc) => loc.name === flags.region);
                 });
             }
+            // Filter by memory (GB): "16" | "8-32" | "8-" | "-32"
+            if (flags.memory && serverTypes) {
+                const range = parseNumericRange(flags.memory);
+                if (!range) {
+                    throw new Error(`Invalid --memory value "${flags.memory}". Use "16", "8-32", "8-", or "-32".`);
+                }
+                serverTypes = serverTypes.filter((type) => (range.min === undefined || type.memory >= range.min) &&
+                    (range.max === undefined || type.memory <= range.max));
+            }
             // Filter out deprecated types
             const activeTypes = serverTypes?.filter((type) => !type.deprecated) || [];
             const deprecatedTypes = serverTypes?.filter((type) => type.deprecated) || [];
@@ -69,6 +112,28 @@ class ServerTypesList extends core_1.Command {
                 this.log(chalk_1.default.yellow('No active server types found'));
                 return;
             }
+            // Sort (default: cheapest first). Missing/zero prices sort last —
+            // €0.00 means the provider didn't return a price (e.g. bare-metal types).
+            const priceOf = (type) => {
+                const raw = validatorService.getFormattedPrice(type).monthly;
+                const n = raw ? Number.parseFloat(raw) : Number.NaN;
+                return Number.isFinite(n) && n > 0 ? n : Number.POSITIVE_INFINITY;
+            };
+            const dir = flags.desc ? -1 : 1;
+            activeTypes.sort((a, b) => {
+                switch (flags.sort) {
+                    case 'memory':
+                        return (a.memory - b.memory) * dir;
+                    case 'cores':
+                        return (a.cores - b.cores) * dir;
+                    case 'disk':
+                        return (a.disk - b.disk) * dir;
+                    case 'name':
+                        return a.name.localeCompare(b.name) * dir;
+                    default:
+                        return (priceOf(a) - priceOf(b)) * dir;
+                }
+            });
             // JSON output
             if (flags.json) {
                 this.log(JSON.stringify({ active: activeTypes, deprecated: deprecatedTypes }, null, 2));
@@ -179,6 +244,11 @@ ServerTypesList.description = 'List available server types for a provider';
 ServerTypesList.examples = [
     '<%= config.bin %> <%= command.id %> --provider hetzner',
     '<%= config.bin %> <%= command.id %> --provider hetzner --region fsn1',
+    '<%= config.bin %> <%= command.id %> --provider scaleway --memory 16',
+    '<%= config.bin %> <%= command.id %> --provider scaleway --memory 8-32',
+    '<%= config.bin %> <%= command.id %> --provider scaleway --memory -32',
+    '<%= config.bin %> <%= command.id %> --provider scaleway --sort memory',
+    '<%= config.bin %> <%= command.id %> --provider scaleway --sort price --desc',
     '<%= config.bin %> <%= command.id %> --provider hetzner --json',
     '<%= config.bin %> <%= command.id %> --provider hetzner --force-refresh',
 ];
@@ -193,6 +263,20 @@ ServerTypesList.flags = {
         char: 'r',
         description: 'Filter by region/location',
     }),
+    memory: core_1.Flags.string({
+        char: 'm',
+        description: 'Filter by RAM in GB: exact "16", range "8-32", min "8-", or max "-32"',
+    }),
+    sort: core_1.Flags.string({
+        char: 's',
+        description: 'Sort by field',
+        options: ['price', 'memory', 'cores', 'disk', 'name'],
+        default: 'price',
+    }),
+    desc: core_1.Flags.boolean({
+        description: 'Sort in descending order',
+        default: false,
+    }),
     json: core_1.Flags.boolean({
         description: 'Output as JSON',
         default: false,

package/lib/cli/src/commands/ssh.js

@@ -7,7 +7,7 @@ const core_1 = require("@oclif/core");
 const chalk_1 = __importDefault(require("chalk"));
 const ora_1 = __importDefault(require("ora"));
 const nest_app_1 = require("../lib/nest-app");
-const cli_observability_cluster_service_1 = require("../services/cli-observability-cluster.service");
+const cli_control_cluster_service_1 = require("../services/cli-control-cluster.service");
 const cli_ssh_service_1 = require("../services/cli-ssh.service");
 class Ssh extends core_1.Command {
     async run() {
@@ -15,13 +15,13 @@ class Ssh extends core_1.Command {
         const spinner = (0, ora_1.default)('Connecting to cluster...').start();
         try {
             const app = await (0, nest_app_1.getNestApp)();
-            const observabilityService = app.get(cli_observability_cluster_service_1.CliObservabilityClusterService);
+            const controlService = app.get(cli_control_cluster_service_1.CliControlClusterService);
             const sshService = app.get(cli_ssh_service_1.CliSshService);
             // Get cluster
-            const cluster = await observabilityService.getObservabilityCluster();
+            const cluster = await controlService.getControlCluster();
             if (!cluster) {
-                spinner.fail('No observability cluster found');
-                console.log(chalk_1.default.yellow('\n⚠️  No observability cluster exists.\n'));
+                spinner.fail('No control cluster found');
+                console.log(chalk_1.default.yellow('\n⚠️  No control cluster exists.\n'));
                 console.log(chalk_1.default.dim('Create one with:'));
                 console.log(`   ${chalk_1.default.cyan('flui env create')}\n`);
                 return;