@padua/cli 1.5.0 → 1.6.0

package/README.md

@@ -17,7 +17,7 @@ npm install -g @padua/cli
 **Optional:**
 - [npm](https://nodejs.org/) (for CodeArtifact registry authentication)
 - [Docker](https://www.docker.com/) (for ECR registry authentication)
-- [Session Manager Plugin](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html) (for tunneling - coming soon)
+- [Session Manager Plugin](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html) (for `padua tunnel` command)
 
 > **Note:** `padua init` validates prerequisites and displays install URLs for any missing tools.
 
@@ -48,6 +48,7 @@ The `init` command will:
 | | ECR | Docker registry authentication |
 | **Config** | Init | Automatic SSO discovery and profile generation |
 | | Status | Health check for all authentication services |
+| **Tunnel** | RDS | Secure tunnels to RDS/Aurora databases via SSM |
 
 ## Login Command
 
@@ -147,13 +148,61 @@ padua profile                    # Interactive AWS profile selection
 padua profile --setup            # Output shell function for paws command
 ```
 
+## Tunnel Command
+
+Create secure tunnels to RDS databases via SSM Session Manager.
+
+### Basic Usage
+
+```bash
+padua tunnel roma rds                    # Interactive (prompts for port/cluster)
+padua tunnel roma rds -p paduafg-development  # Use specific profile
+```
+
+### Options
+
+| Flag | Description |
+|------|-------------|
+| `-p, --profile <name>` | AWS profile to use |
+| `--local-port <port>` | Local port for the tunnel |
+| `--cluster <name>` | RDS cluster or instance name |
+| `-v, --verbose` | Show detailed output |
+| `--no-color` | Disable colored output |
+
+### System Configuration
+
+Different systems use different EC2 instances as tunnel endpoints:
+
+| System | EC2 Tag | Default Port | Default Cluster |
+|--------|---------|--------------|-----------------|
+| roma | bastion-host | 3306 (MySQL) | roma-backend |
+| (others) | jumpbox | 5432 (PostgreSQL) | (none) |
+
+### Example Output
+
+```
+Checking port 3306 availability...
+✓ Port 3306 is available
+Looking up bastion-host instance...
+✓ Found instance: i-0abc123def456
+Looking up RDS endpoint for roma-backend...
+✓ Found endpoint: roma-backend.cluster-xxx.ap-southeast-2.rds.amazonaws.com
+
+Starting tunnel...
+  System: roma
+  Profile: paduafg-development
+  Local port: 3306
+  Remote: roma-backend.cluster-xxx.ap-southeast-2.rds.amazonaws.com:3306
+  Via: i-0abc123def456 (bastion-host)
+
+Press Ctrl+C to close the tunnel
+```
+
 ## Planned Features
 
 The following commands are planned for future releases:
 
 ```bash
-padua tunnel rds                 # RDS PostgreSQL via jumpbox
-padua tunnel aurora              # Aurora PostgreSQL via jumpbox
 padua tunnel opensearch          # OpenSearch/Kibana dashboard
 padua tunnel ec2 <name>          # SSM session to EC2 instance
 padua ecs exec <cluster> <task>  # Execute in ECS container

package/dist/commands/tunnel/aws.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Get EC2 instance ID by Name tag
+ */
+export declare function getInstanceIdByTag(tagName: string, profile: string, verbose?: boolean): string;
+/**
+ * Get RDS cluster endpoint (Aurora)
+ */
+export declare function getRdsClusterEndpoint(clusterName: string, profile: string, endpointType?: 'reader' | 'writer', verbose?: boolean): string | null;
+/**
+ * Get RDS instance endpoint (non-Aurora)
+ */
+export declare function getRdsInstanceEndpoint(instanceName: string, profile: string, verbose?: boolean): string | null;
+/**
+ * Get RDS endpoint - tries cluster first, then instance
+ */
+export declare function getRdsEndpoint(name: string, profile: string, verbose?: boolean): string;
+//# sourceMappingURL=aws.d.ts.map

package/dist/commands/tunnel/aws.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws.d.ts","sourceRoot":"","sources":["../../../src/commands/tunnel/aws.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,OAAO,GAChB,MAAM,CA2CR;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACf,YAAY,GAAE,QAAQ,GAAG,QAAmB,EAC5C,OAAO,CAAC,EAAE,OAAO,GAChB,MAAM,GAAG,IAAI,CAuCf;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,OAAO,GAChB,MAAM,GAAG,IAAI,CAsCf;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,OAAO,GAChB,MAAM,CAcR"}

package/dist/commands/tunnel/aws.js

@@ -0,0 +1,130 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getInstanceIdByTag = getInstanceIdByTag;
+exports.getRdsClusterEndpoint = getRdsClusterEndpoint;
+exports.getRdsInstanceEndpoint = getRdsInstanceEndpoint;
+exports.getRdsEndpoint = getRdsEndpoint;
+const child_process_1 = require("child_process");
+const utils_1 = require("../login/utils");
+const AWS_TIMEOUT_MS = 30000;
+/**
+ * Get EC2 instance ID by Name tag
+ */
+function getInstanceIdByTag(tagName, profile, verbose) {
+    if (verbose) {
+        console.log(`  [verbose] Looking up EC2 instance with Name tag: ${tagName}`);
+    }
+    const result = (0, child_process_1.spawnSync)('aws', [
+        'ec2',
+        'describe-instances',
+        '--filter', `Name=tag:Name,Values=${tagName}`,
+        '--query', 'Reservations[].Instances[?State.Name == `running`].InstanceId[]',
+        '--output', 'text',
+        '--profile', profile,
+    ], {
+        shell: false,
+        timeout: AWS_TIMEOUT_MS,
+        maxBuffer: 1024 * 1024,
+        stdio: ['pipe', 'pipe', 'pipe'],
+        env: { ...(0, utils_1.getSubprocessEnv)(), AWS_PROFILE: profile },
+    });
+    if (result.error) {
+        throw new Error(`Failed to query EC2: ${(0, utils_1.sanitizeOutput)(result.error.message)}`);
+    }
+    if (result.status !== 0) {
+        const stderr = result.stderr?.toString() || '';
+        throw new Error(`EC2 lookup failed: ${(0, utils_1.sanitizeOutput)(stderr)}`);
+    }
+    const instanceId = result.stdout?.toString().trim();
+    if (!instanceId) {
+        throw new Error(`No running EC2 instance found with Name tag: ${tagName}`);
+    }
+    if (verbose) {
+        console.log(`  [verbose] Found instance: ${instanceId}`);
+    }
+    return instanceId;
+}
+/**
+ * Get RDS cluster endpoint (Aurora)
+ */
+function getRdsClusterEndpoint(clusterName, profile, endpointType = 'reader', verbose) {
+    if (verbose) {
+        console.log(`  [verbose] Looking up RDS cluster endpoint: ${clusterName} (${endpointType})`);
+    }
+    const result = (0, child_process_1.spawnSync)('aws', [
+        'rds',
+        'describe-db-cluster-endpoints',
+        '--db-cluster-identifier', clusterName,
+        '--filter', `Name=db-cluster-endpoint-type,Values=${endpointType}`,
+        '--query', 'DBClusterEndpoints[].Endpoint',
+        '--output', 'text',
+        '--profile', profile,
+    ], {
+        shell: false,
+        timeout: AWS_TIMEOUT_MS,
+        maxBuffer: 1024 * 1024,
+        stdio: ['pipe', 'pipe', 'pipe'],
+        env: { ...(0, utils_1.getSubprocessEnv)(), AWS_PROFILE: profile },
+    });
+    if (result.error || result.status !== 0) {
+        return null;
+    }
+    const endpoint = result.stdout?.toString().trim();
+    if (!endpoint || endpoint === 'None') {
+        return null;
+    }
+    if (verbose) {
+        console.log(`  [verbose] Found cluster endpoint: ${endpoint}`);
+    }
+    return endpoint;
+}
+/**
+ * Get RDS instance endpoint (non-Aurora)
+ */
+function getRdsInstanceEndpoint(instanceName, profile, verbose) {
+    if (verbose) {
+        console.log(`  [verbose] Looking up RDS instance endpoint: ${instanceName}`);
+    }
+    const result = (0, child_process_1.spawnSync)('aws', [
+        'rds',
+        'describe-db-instances',
+        '--db-instance-identifier', instanceName,
+        '--query', 'DBInstances[0].Endpoint.Address',
+        '--output', 'text',
+        '--profile', profile,
+    ], {
+        shell: false,
+        timeout: AWS_TIMEOUT_MS,
+        maxBuffer: 1024 * 1024,
+        stdio: ['pipe', 'pipe', 'pipe'],
+        env: { ...(0, utils_1.getSubprocessEnv)(), AWS_PROFILE: profile },
+    });
+    if (result.error || result.status !== 0) {
+        return null;
+    }
+    const endpoint = result.stdout?.toString().trim();
+    if (!endpoint || endpoint === 'None') {
+        return null;
+    }
+    if (verbose) {
+        console.log(`  [verbose] Found instance endpoint: ${endpoint}`);
+    }
+    return endpoint;
+}
+/**
+ * Get RDS endpoint - tries cluster first, then instance
+ */
+function getRdsEndpoint(name, profile, verbose) {
+    // Try cluster endpoint first (Aurora)
+    const clusterEndpoint = getRdsClusterEndpoint(name, profile, 'reader', verbose);
+    if (clusterEndpoint) {
+        return clusterEndpoint;
+    }
+    // Fall back to instance endpoint
+    const instanceEndpoint = getRdsInstanceEndpoint(name, profile, verbose);
+    if (instanceEndpoint) {
+        return instanceEndpoint;
+    }
+    throw new Error(`Could not find RDS cluster or instance: ${name}`);
+}
+//# sourceMappingURL=aws.js.map

package/dist/commands/tunnel/aws.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../src/commands/tunnel/aws.ts"],"names":[],"mappings":";;AAQA,gDA+CC;AAKD,sDA4CC;AAKD,wDA0CC;AAKD,wCAkBC;AA9KD,iDAA0C;AAC1C,0CAAkE;AAElE,MAAM,cAAc,GAAG,KAAK,CAAC;AAE7B;;GAEG;AACH,SAAgB,kBAAkB,CAChC,OAAe,EACf,OAAe,EACf,OAAiB;IAEjB,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,GAAG,CAAC,sDAAsD,OAAO,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,yBAAS,EACtB,KAAK,EACL;QACE,KAAK;QACL,oBAAoB;QACpB,UAAU,EAAE,wBAAwB,OAAO,EAAE;QAC7C,SAAS,EAAE,iEAAiE;QAC5E,UAAU,EAAE,MAAM;QAClB,WAAW,EAAE,OAAO;KACrB,EACD;QACE,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,cAAc;QACvB,SAAS,EAAE,IAAI,GAAG,IAAI;QACtB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;QAC/B,GAAG,EAAE,EAAE,GAAG,IAAA,wBAAgB,GAAE,EAAE,WAAW,EAAE,OAAO,EAAE;KACrD,CACF,CAAC;IAEF,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,wBAAwB,IAAA,sBAAc,EAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,sBAAsB,IAAA,sBAAc,EAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC;IACpD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,gDAAgD,OAAO,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,GAAG,CAAC,+BAA+B,UAAU,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CACnC,WAAmB,EACnB,OAAe,EACf,eAAoC,QAAQ,EAC5C,OAAiB;IAEjB,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,GAAG,CAAC,gDAAgD,WAAW,KAAK,YAAY,GAAG,CAAC,CAAC;IAC/F,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,yBAAS,EACtB,KAAK,EACL;QACE,KAAK;QACL,+BAA+B;QAC/B,yBAAyB,EAAE,WAAW;QACtC,UAAU,EAAE,wCAAwC,YAAY,EAAE;QAClE,SAAS,EAAE,+BAA+B;QAC1C,UAAU,EAAE,MAAM;QAClB,WAAW,EAAE,OAAO;KACrB,EACD;QACE,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,cAAc;QACvB,SAAS,EAAE,IAAI,GAAG,IAAI;QACtB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;QAC/B,GAAG,EAAE,EAAE,GAAG,IAAA,wBAAgB,GAAE,EAAE,WAAW,EAAE,OAAO,EAAE;KACrD,CACF,CAAC;IAEF,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC;IAClD,IAAI,CAAC,QAAQ,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,GAAG,CAAC,uCAAuC,QAAQ,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAgB,sBAAsB,CACpC,YAAoB,EACpB,OAAe,EACf,OAAiB;IAEjB,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,GAAG,CAAC,iDAAiD,YAAY,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,yBAAS,EACtB,KAAK,EACL;QACE,KAAK;QACL,uBAAuB;QACvB,0BAA0B,EAAE,YAAY;QACxC,SAAS,EAAE,iCAAiC;QAC5C,UAAU,EAAE,MAAM;QAClB,WAAW,EAAE,OAAO;KACrB,EACD;QACE,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,cAAc;QACvB,SAAS,EAAE,IAAI,GAAG,IAAI;QACtB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;QAC/B,GAAG,EAAE,EAAE,GAAG,IAAA,wBAAgB,GAAE,EAAE,WAAW,EAAE,OAAO,EAAE;KACrD,CACF,CAAC;IAEF,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC;IAClD,IAAI,CAAC,QAAQ,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,GAAG,CAAC,wCAAwC,QAAQ,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAC5B,IAAY,EACZ,OAAe,EACf,OAAiB;IAEjB,sCAAsC;IACtC,MAAM,eAAe,GAAG,qBAAqB,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChF,IAAI,eAAe,EAAE,CAAC;QACpB,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,iCAAiC;IACjC,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACxE,IAAI,gBAAgB,EAAE,CAAC;QACrB,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,2CAA2C,IAAI,EAAE,CAAC,CAAC;AACrE,CAAC"}

package/dist/commands/tunnel/index.d.ts

@@ -0,0 +1,12 @@
+import { Command } from 'commander';
+import { TunnelOptions } from './types';
+/**
+ * Tunnel command - create secure tunnels to AWS resources via SSM
+ */
+export declare const tunnelCommand: Command;
+/**
+ * Handle the tunnel command
+ */
+declare function handleTunnel(system: string, target: string, options: TunnelOptions): Promise<void>;
+export { handleTunnel };
+//# sourceMappingURL=index.d.ts.map

package/dist/commands/tunnel/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/commands/tunnel/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAIxC;;GAEG;AACH,eAAO,MAAM,aAAa,SASH,CAAC;AAExB;;GAEG;AACH,iBAAe,YAAY,CACzB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,IAAI,CAAC,CA8Cf;AAGD,OAAO,EAAE,YAAY,EAAE,CAAC"}

package/dist/commands/tunnel/index.js

@@ -0,0 +1,76 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.tunnelCommand = void 0;
+exports.handleTunnel = handleTunnel;
+const commander_1 = require("commander");
+const chalk_1 = __importDefault(require("chalk"));
+const rds_1 = require("./rds");
+const prerequisites_1 = require("../init/prerequisites");
+/**
+ * Tunnel command - create secure tunnels to AWS resources via SSM
+ */
+exports.tunnelCommand = new commander_1.Command('tunnel')
+    .description('Create secure tunnels to AWS resources via SSM Session Manager')
+    .argument('<system>', 'Target system (e.g., roma, padua-iam)')
+    .argument('<target>', 'Target service type (rds)')
+    .option('-p, --profile <name>', 'AWS profile to use')
+    .option('--local-port <port>', 'Local port for the tunnel')
+    .option('--cluster <name>', 'RDS cluster or instance name')
+    .option('-v, --verbose', 'Show detailed output')
+    .option('--no-color', 'Disable colored output')
+    .action(handleTunnel);
+/**
+ * Handle the tunnel command
+ */
+async function handleTunnel(system, target, options) {
+    const noColor = options.noColor ?? false;
+    // Check prerequisites
+    const ssmCheck = (0, prerequisites_1.checkSessionManagerPlugin)();
+    if (!ssmCheck.installed) {
+        if (!noColor) {
+            console.error(chalk_1.default.red('Session Manager Plugin is required for tunneling.'));
+            console.error(chalk_1.default.gray(`Install: ${ssmCheck.installUrl}`));
+        }
+        else {
+            console.error('Session Manager Plugin is required for tunneling.');
+            console.error(`Install: ${ssmCheck.installUrl}`);
+        }
+        process.exit(1);
+    }
+    // Validate target type
+    const validTargets = ['rds'];
+    if (!validTargets.includes(target.toLowerCase())) {
+        if (!noColor) {
+            console.error(chalk_1.default.red(`Invalid target: ${target}`));
+            console.error(chalk_1.default.gray(`Valid targets: ${validTargets.join(', ')}`));
+        }
+        else {
+            console.error(`Invalid target: ${target}`);
+            console.error(`Valid targets: ${validTargets.join(', ')}`);
+        }
+        process.exit(1);
+    }
+    try {
+        switch (target.toLowerCase()) {
+            case 'rds':
+                await (0, rds_1.startRdsTunnel)(system, options);
+                break;
+            default:
+                throw new Error(`Unsupported target: ${target}`);
+        }
+    }
+    catch (error) {
+        const message = error.message;
+        if (!noColor) {
+            console.error(chalk_1.default.red(`Error: ${message}`));
+        }
+        else {
+            console.error(`Error: ${message}`);
+        }
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/commands/tunnel/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/tunnel/index.ts"],"names":[],"mappings":";;;;;;AA4ES,oCAAY;AA5ErB,yCAAoC;AACpC,kDAA0B;AAE1B,+BAAuC;AACvC,yDAAkE;AAElE;;GAEG;AACU,QAAA,aAAa,GAAG,IAAI,mBAAO,CAAC,QAAQ,CAAC;KAC/C,WAAW,CAAC,gEAAgE,CAAC;KAC7E,QAAQ,CAAC,UAAU,EAAE,uCAAuC,CAAC;KAC7D,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAC;KACjD,MAAM,CAAC,sBAAsB,EAAE,oBAAoB,CAAC;KACpD,MAAM,CAAC,qBAAqB,EAAE,2BAA2B,CAAC;KAC1D,MAAM,CAAC,kBAAkB,EAAE,8BAA8B,CAAC;KAC1D,MAAM,CAAC,eAAe,EAAE,sBAAsB,CAAC;KAC/C,MAAM,CAAC,YAAY,EAAE,wBAAwB,CAAC;KAC9C,MAAM,CAAC,YAAY,CAAC,CAAC;AAExB;;GAEG;AACH,KAAK,UAAU,YAAY,CACzB,MAAc,EACd,MAAc,EACd,OAAsB;IAEtB,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,KAAK,CAAC;IAEzC,sBAAsB;IACtB,MAAM,QAAQ,GAAG,IAAA,yCAAyB,GAAE,CAAC;IAC7C,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;QACxB,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,eAAK,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC,CAAC;YAC9E,OAAO,CAAC,KAAK,CAAC,eAAK,CAAC,IAAI,CAAC,YAAY,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QAC/D,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACnE,OAAO,CAAC,KAAK,CAAC,YAAY,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QACnD,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,uBAAuB;IACvB,MAAM,YAAY,GAAG,CAAC,KAAK,CAAC,CAAC;IAC7B,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QACjD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,eAAK,CAAC,GAAG,CAAC,mBAAmB,MAAM,EAAE,CAAC,CAAC,CAAC;YACtD,OAAO,CAAC,KAAK,CAAC,eAAK,CAAC,IAAI,CAAC,kBAAkB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,mBAAmB,MAAM,EAAE,CAAC,CAAC;YAC3C,OAAO,CAAC,KAAK,CAAC,kBAAkB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC7D,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,CAAC;QACH,QAAQ,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;YAC7B,KAAK,KAAK;gBACR,MAAM,IAAA,oBAAc,EAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBACtC,MAAM;YACR;gBACE,MAAM,IAAI,KAAK,CAAC,uBAAuB,MAAM,EAAE,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,OAAO,GAAI,KAAe,CAAC,OAAO,CAAC;QACzC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,eAAK,CAAC,GAAG,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC;QACrC,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/tunnel/port.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Check if a local port is available
+ */
+export declare function isPortAvailable(port: number): Promise<boolean>;
+/**
+ * Validate port number is in valid range
+ */
+export declare function isValidPort(port: number): boolean;
+/**
+ * Parse port from string, return undefined if invalid
+ */
+export declare function parsePort(value: string): number | undefined;
+//# sourceMappingURL=port.d.ts.map

package/dist/commands/tunnel/port.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"port.d.ts","sourceRoot":"","sources":["../../../src/commands/tunnel/port.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAoB9D;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEjD;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAM3D"}

package/dist/commands/tunnel/port.js

@@ -0,0 +1,78 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isPortAvailable = isPortAvailable;
+exports.isValidPort = isValidPort;
+exports.parsePort = parsePort;
+const net = __importStar(require("net"));
+/**
+ * Check if a local port is available
+ */
+function isPortAvailable(port) {
+    return new Promise((resolve) => {
+        const server = net.createServer();
+        server.once('error', (err) => {
+            if (err.code === 'EADDRINUSE') {
+                resolve(false);
+            }
+            else {
+                resolve(false);
+            }
+        });
+        server.once('listening', () => {
+            server.close(() => {
+                resolve(true);
+            });
+        });
+        server.listen(port, '127.0.0.1');
+    });
+}
+/**
+ * Validate port number is in valid range
+ */
+function isValidPort(port) {
+    return Number.isInteger(port) && port >= 1 && port <= 65535;
+}
+/**
+ * Parse port from string, return undefined if invalid
+ */
+function parsePort(value) {
+    const port = parseInt(value, 10);
+    if (isNaN(port) || !isValidPort(port)) {
+        return undefined;
+    }
+    return port;
+}
+//# sourceMappingURL=port.js.map

package/dist/commands/tunnel/port.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"port.js","sourceRoot":"","sources":["../../../src/commands/tunnel/port.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAKA,0CAoBC;AAKD,kCAEC;AAKD,8BAMC;AA3CD,yCAA2B;AAE3B;;GAEG;AACH,SAAgB,eAAe,CAAC,IAAY;IAC1C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC;QAElC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;YAClD,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC9B,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE;YAC5B,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE;gBAChB,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,IAAY;IACtC,OAAO,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,KAAK,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,SAAgB,SAAS,CAAC,KAAa;IACrC,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACjC,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/commands/tunnel/rds.d.ts

@@ -0,0 +1,6 @@
+import { TunnelOptions } from './types';
+/**
+ * Start an RDS tunnel via SSM Session Manager
+ */
+export declare function startRdsTunnel(system: string, options: TunnelOptions): Promise<void>;
+//# sourceMappingURL=rds.d.ts.map

package/dist/commands/tunnel/rds.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rds.d.ts","sourceRoot":"","sources":["../../../src/commands/tunnel/rds.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAmB,MAAM,SAAS,CAAC;AAMzD;;GAEG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,IAAI,CAAC,CA0Kf"}

package/dist/commands/tunnel/rds.js

@@ -0,0 +1,175 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startRdsTunnel = startRdsTunnel;
+const child_process_1 = require("child_process");
+const chalk_1 = __importDefault(require("chalk"));
+const inquirer_1 = __importDefault(require("inquirer"));
+const types_1 = require("./types");
+const aws_1 = require("./aws");
+const port_1 = require("./port");
+const utils_1 = require("../login/utils");
+const config_1 = require("../login/config");
+/**
+ * Start an RDS tunnel via SSM Session Manager
+ */
+async function startRdsTunnel(system, options) {
+    const noColor = options.noColor ?? false;
+    // Load config and get profile
+    const config = await (0, config_1.loadConfig)();
+    const profile = options.profile || config?.defaultProfile || 'development';
+    // Get system configuration
+    const systemConfig = (0, types_1.getSystemConfig)(system);
+    // Step 1: Ask for local port
+    let localPort;
+    if (options.localPort) {
+        const parsed = (0, port_1.parsePort)(options.localPort);
+        if (!parsed) {
+            throw new Error(`Invalid port: ${options.localPort}`);
+        }
+        localPort = parsed;
+    }
+    else {
+        const portAnswer = await inquirer_1.default.prompt([
+            {
+                type: 'input',
+                name: 'port',
+                message: 'Local RDS port:',
+                default: systemConfig.defaultPort.toString(),
+                validate: (input) => {
+                    const p = (0, port_1.parsePort)(input);
+                    if (!p)
+                        return 'Please enter a valid port number (1-65535)';
+                    return true;
+                },
+            },
+        ]);
+        localPort = (0, port_1.parsePort)(portAnswer.port);
+    }
+    // Step 2: Verify port availability
+    if (!noColor) {
+        console.log(chalk_1.default.gray(`Checking port ${localPort} availability...`));
+    }
+    const portAvailable = await (0, port_1.isPortAvailable)(localPort);
+    if (!portAvailable) {
+        throw new Error(`Port ${localPort} is already in use. Please choose a different port.`);
+    }
+    if (!noColor) {
+        console.log(chalk_1.default.green(`✓ Port ${localPort} is available`));
+    }
+    else {
+        console.log(`Port ${localPort} is available`);
+    }
+    // Step 3: Ask for cluster name
+    let clusterName;
+    if (options.cluster) {
+        clusterName = options.cluster;
+    }
+    else {
+        const clusterAnswer = await inquirer_1.default.prompt([
+            {
+                type: 'input',
+                name: 'cluster',
+                message: 'RDS cluster/instance name:',
+                default: systemConfig.defaultCluster,
+                validate: (input) => {
+                    if (!input || input.trim().length === 0) {
+                        return 'Cluster name is required';
+                    }
+                    return true;
+                },
+            },
+        ]);
+        clusterName = clusterAnswer.cluster.trim();
+    }
+    // Step 4: Get EC2 instance ID
+    if (!noColor) {
+        console.log(chalk_1.default.gray(`Looking up ${systemConfig.ec2Tag} instance...`));
+    }
+    else {
+        console.log(`Looking up ${systemConfig.ec2Tag} instance...`);
+    }
+    const instanceId = (0, aws_1.getInstanceIdByTag)(systemConfig.ec2Tag, profile, options.verbose);
+    if (!noColor) {
+        console.log(chalk_1.default.green(`✓ Found instance: ${instanceId}`));
+    }
+    else {
+        console.log(`Found instance: ${instanceId}`);
+    }
+    // Step 5: Get RDS endpoint
+    if (!noColor) {
+        console.log(chalk_1.default.gray(`Looking up RDS endpoint for ${clusterName}...`));
+    }
+    else {
+        console.log(`Looking up RDS endpoint for ${clusterName}...`);
+    }
+    const endpoint = (0, aws_1.getRdsEndpoint)(clusterName, profile, options.verbose);
+    if (!noColor) {
+        console.log(chalk_1.default.green(`✓ Found endpoint: ${endpoint}`));
+    }
+    else {
+        console.log(`Found endpoint: ${endpoint}`);
+    }
+    // Step 6: Start SSM session
+    console.log('');
+    if (!noColor) {
+        console.log(chalk_1.default.cyan.bold('Starting tunnel...'));
+        console.log(chalk_1.default.gray(`  System: ${system}`));
+        console.log(chalk_1.default.gray(`  Profile: ${profile}`));
+        console.log(chalk_1.default.gray(`  Local port: ${localPort}`));
+        console.log(chalk_1.default.gray(`  Remote: ${endpoint}:${systemConfig.defaultPort}`));
+        console.log(chalk_1.default.gray(`  Via: ${instanceId} (${systemConfig.ec2Tag})`));
+    }
+    else {
+        console.log('Starting tunnel...');
+        console.log(`  System: ${system}`);
+        console.log(`  Profile: ${profile}`);
+        console.log(`  Local port: ${localPort}`);
+        console.log(`  Remote: ${endpoint}:${systemConfig.defaultPort}`);
+        console.log(`  Via: ${instanceId} (${systemConfig.ec2Tag})`);
+    }
+    console.log('');
+    if (!noColor) {
+        console.log(chalk_1.default.yellow('Press Ctrl+C to close the tunnel'));
+    }
+    else {
+        console.log('Press Ctrl+C to close the tunnel');
+    }
+    console.log('');
+    // Start the SSM session
+    const child = (0, child_process_1.spawn)('aws', [
+        'ssm',
+        'start-session',
+        '--target', instanceId,
+        '--document-name', 'AWS-StartPortForwardingSessionToRemoteHost',
+        '--parameters', `host="${endpoint}",portNumber="${systemConfig.defaultPort}",localPortNumber="${localPort}"`,
+        '--profile', profile,
+    ], {
+        stdio: 'inherit',
+        env: { ...(0, utils_1.getSubprocessEnv)(), AWS_PROFILE: profile },
+    });
+    // Handle process exit
+    child.on('error', (error) => {
+        throw new Error(`Failed to start SSM session: ${error.message}`);
+    });
+    child.on('exit', (code) => {
+        if (code !== 0 && code !== null) {
+            console.log('');
+            if (!noColor) {
+                console.log(chalk_1.default.red(`Tunnel closed with exit code: ${code}`));
+            }
+            else {
+                console.log(`Tunnel closed with exit code: ${code}`);
+            }
+        }
+    });
+    // Keep process running until SSM session ends
+    await new Promise((resolve) => {
+        child.on('close', () => {
+            resolve();
+        });
+    });
+}
+//# sourceMappingURL=rds.js.map

package/dist/commands/tunnel/rds.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rds.js","sourceRoot":"","sources":["../../../src/commands/tunnel/rds.ts"],"names":[],"mappings":";;;;;AAYA,wCA6KC;AAzLD,iDAAsC;AACtC,kDAA0B;AAC1B,wDAAgC;AAChC,mCAAyD;AACzD,+BAA2D;AAC3D,iCAAoD;AACpD,0CAAkD;AAClD,4CAA6C;AAE7C;;GAEG;AACI,KAAK,UAAU,cAAc,CAClC,MAAc,EACd,OAAsB;IAEtB,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,KAAK,CAAC;IAEzC,8BAA8B;IAC9B,MAAM,MAAM,GAAG,MAAM,IAAA,mBAAU,GAAE,CAAC;IAClC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,MAAM,EAAE,cAAc,IAAI,aAAa,CAAC;IAE3E,2BAA2B;IAC3B,MAAM,YAAY,GAAG,IAAA,uBAAe,EAAC,MAAM,CAAC,CAAC;IAE7C,6BAA6B;IAC7B,IAAI,SAAiB,CAAC;IAEtB,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,MAAM,MAAM,GAAG,IAAA,gBAAS,EAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC5C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,iBAAiB,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,SAAS,GAAG,MAAM,CAAC;IACrB,CAAC;SAAM,CAAC;QACN,MAAM,UAAU,GAAG,MAAM,kBAAQ,CAAC,MAAM,CAAC;YACvC;gBACE,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE,iBAAiB;gBAC1B,OAAO,EAAE,YAAY,CAAC,WAAW,CAAC,QAAQ,EAAE;gBAC5C,QAAQ,EAAE,CAAC,KAAa,EAAE,EAAE;oBAC1B,MAAM,CAAC,GAAG,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC;oBAC3B,IAAI,CAAC,CAAC;wBAAE,OAAO,4CAA4C,CAAC;oBAC5D,OAAO,IAAI,CAAC;gBACd,CAAC;aACF;SACF,CAAC,CAAC;QACH,SAAS,GAAG,IAAA,gBAAS,EAAC,UAAU,CAAC,IAAI,CAAE,CAAC;IAC1C,CAAC;IAED,mCAAmC;IACnC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,iBAAiB,SAAS,kBAAkB,CAAC,CAAC,CAAC;IACxE,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,IAAA,sBAAe,EAAC,SAAS,CAAC,CAAC;IACvD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,QAAQ,SAAS,qDAAqD,CAAC,CAAC;IAC1F,CAAC;IAED,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,UAAU,SAAS,eAAe,CAAC,CAAC,CAAC;IAC/D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,QAAQ,SAAS,eAAe,CAAC,CAAC;IAChD,CAAC;IAED,+BAA+B;IAC/B,IAAI,WAAmB,CAAC;IAExB,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC;IAChC,CAAC;SAAM,CAAC;QACN,MAAM,aAAa,GAAG,MAAM,kBAAQ,CAAC,MAAM,CAAC;YAC1C;gBACE,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,4BAA4B;gBACrC,OAAO,EAAE,YAAY,CAAC,cAAc;gBACpC,QAAQ,EAAE,CAAC,KAAa,EAAE,EAAE;oBAC1B,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBACxC,OAAO,0BAA0B,CAAC;oBACpC,CAAC;oBACD,OAAO,IAAI,CAAC;gBACd,CAAC;aACF;SACF,CAAC,CAAC;QACH,WAAW,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IAC7C,CAAC;IAED,8BAA8B;IAC9B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,cAAc,YAAY,CAAC,MAAM,cAAc,CAAC,CAAC,CAAC;IAC3E,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,cAAc,YAAY,CAAC,MAAM,cAAc,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,UAAU,GAAG,IAAA,wBAAkB,EAAC,YAAY,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAErF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,qBAAqB,UAAU,EAAE,CAAC,CAAC,CAAC;IAC9D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,mBAAmB,UAAU,EAAE,CAAC,CAAC;IAC/C,CAAC;IAED,2BAA2B;IAC3B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,+BAA+B,WAAW,KAAK,CAAC,CAAC,CAAC;IAC3E,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,+BAA+B,WAAW,KAAK,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,QAAQ,GAAG,IAAA,oBAAc,EAAC,WAAW,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAEvE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,qBAAqB,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC5D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,mBAAmB,QAAQ,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,4BAA4B;IAC5B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,aAAa,MAAM,EAAE,CAAC,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,cAAc,OAAO,EAAE,CAAC,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,iBAAiB,SAAS,EAAE,CAAC,CAAC,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,aAAa,QAAQ,IAAI,YAAY,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAC7E,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,UAAU,UAAU,KAAK,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC3E,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;QAClC,OAAO,CAAC,GAAG,CAAC,aAAa,MAAM,EAAE,CAAC,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,cAAc,OAAO,EAAE,CAAC,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,iBAAiB,SAAS,EAAE,CAAC,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,aAAa,QAAQ,IAAI,YAAY,CAAC,WAAW,EAAE,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,UAAU,UAAU,KAAK,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,MAAM,CAAC,kCAAkC,CAAC,CAAC,CAAC;IAChE,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,wBAAwB;IACxB,MAAM,KAAK,GAAG,IAAA,qBAAK,EACjB,KAAK,EACL;QACE,KAAK;QACL,eAAe;QACf,UAAU,EAAE,UAAU;QACtB,iBAAiB,EAAE,4CAA4C;QAC/D,cAAc,EAAE,SAAS,QAAQ,iBAAiB,YAAY,CAAC,WAAW,sBAAsB,SAAS,GAAG;QAC5G,WAAW,EAAE,OAAO;KACrB,EACD;QACE,KAAK,EAAE,SAAS;QAChB,GAAG,EAAE,EAAE,GAAG,IAAA,wBAAgB,GAAE,EAAE,WAAW,EAAE,OAAO,EAAE;KACrD,CACF,CAAC;IAEF,sBAAsB;IACtB,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;QAC1B,MAAM,IAAI,KAAK,CAAC,gCAAgC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;QACxB,IAAI,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YAChC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,iCAAiC,IAAI,EAAE,CAAC,CAAC,CAAC;YAClE,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,iCAAiC,IAAI,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,8CAA8C;IAC9C,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;QAClC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACrB,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/commands/tunnel/types.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Types for the tunnel command
+ */
+/**
+ * Tunnel target types
+ */
+export type TunnelTarget = 'rds' | 'opensearch' | 'ec2';
+/**
+ * Options for the tunnel command
+ */
+export interface TunnelOptions {
+    profile?: string;
+    localPort?: string;
+    cluster?: string;
+    noColor?: boolean;
+    verbose?: boolean;
+}
+/**
+ * System configuration for tunneling
+ */
+export interface SystemConfig {
+    /** EC2 Name tag to find bastion/jumpbox */
+    ec2Tag: string;
+    /** Default RDS cluster name */
+    defaultCluster?: string;
+    /** Default database port */
+    defaultPort: number;
+}
+/**
+ * System configurations
+ * roma = old world (bastion-host, MySQL)
+ * others = new world (jumpbox, typically PostgreSQL)
+ */
+export declare const SYSTEM_CONFIGS: Record<string, SystemConfig>;
+/**
+ * Default configuration for new/unknown systems
+ */
+export declare const DEFAULT_SYSTEM_CONFIG: SystemConfig;
+/**
+ * Get system configuration
+ */
+export declare function getSystemConfig(system: string): SystemConfig;
+//# sourceMappingURL=types.d.ts.map

package/dist/commands/tunnel/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/commands/tunnel/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,KAAK,GAAG,YAAY,GAAG,KAAK,CAAC;AAExD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,2CAA2C;IAC3C,MAAM,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,4BAA4B;IAC5B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;GAIG;AACH,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAMvD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,EAAE,YAGnC,CAAC;AAEF;;GAEG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,YAAY,CAE5D"}

package/dist/commands/tunnel/types.js

@@ -0,0 +1,33 @@
+"use strict";
+/**
+ * Types for the tunnel command
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_SYSTEM_CONFIG = exports.SYSTEM_CONFIGS = void 0;
+exports.getSystemConfig = getSystemConfig;
+/**
+ * System configurations
+ * roma = old world (bastion-host, MySQL)
+ * others = new world (jumpbox, typically PostgreSQL)
+ */
+exports.SYSTEM_CONFIGS = {
+    roma: {
+        ec2Tag: 'bastion-host',
+        defaultCluster: 'roma-backend',
+        defaultPort: 3306, // MySQL
+    },
+};
+/**
+ * Default configuration for new/unknown systems
+ */
+exports.DEFAULT_SYSTEM_CONFIG = {
+    ec2Tag: 'jumpbox',
+    defaultPort: 5432, // PostgreSQL
+};
+/**
+ * Get system configuration
+ */
+function getSystemConfig(system) {
+    return exports.SYSTEM_CONFIGS[system.toLowerCase()] || exports.DEFAULT_SYSTEM_CONFIG;
+}
+//# sourceMappingURL=types.js.map

package/dist/commands/tunnel/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/commands/tunnel/types.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAsDH,0CAEC;AA1BD;;;;GAIG;AACU,QAAA,cAAc,GAAiC;IAC1D,IAAI,EAAE;QACJ,MAAM,EAAE,cAAc;QACtB,cAAc,EAAE,cAAc;QAC9B,WAAW,EAAE,IAAI,EAAE,QAAQ;KAC5B;CACF,CAAC;AAEF;;GAEG;AACU,QAAA,qBAAqB,GAAiB;IACjD,MAAM,EAAE,SAAS;IACjB,WAAW,EAAE,IAAI,EAAE,aAAa;CACjC,CAAC;AAEF;;GAEG;AACH,SAAgB,eAAe,CAAC,MAAc;IAC5C,OAAO,sBAAc,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,IAAI,6BAAqB,CAAC;AACvE,CAAC"}

package/dist/index.js

@@ -8,6 +8,7 @@ const init_1 = require("./commands/init");
 const login_1 = require("./commands/login");
 const status_1 = require("./commands/status");
 const profile_1 = require("./commands/profile");
+const tunnel_1 = require("./commands/tunnel");
 // Read version from package.json
 const packageJson = JSON.parse((0, fs_1.readFileSync)((0, path_1.join)(__dirname, '..', 'package.json'), 'utf-8'));
 const program = new commander_1.Command();
@@ -20,5 +21,6 @@ program.addCommand(init_1.initCommand);
 program.addCommand(login_1.loginCommand);
 program.addCommand(status_1.statusCommand);
 program.addCommand(profile_1.profileCommand);
+program.addCommand(tunnel_1.tunnelCommand);
 program.parse();
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAEA,yCAAoC;AACpC,2BAAkC;AAClC,+BAA4B;AAC5B,0CAA8C;AAC9C,4CAAgD;AAChD,8CAAkD;AAClD,gDAAoD;AAEpD,iCAAiC;AACjC,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAC5B,IAAA,iBAAY,EAAC,IAAA,WAAI,EAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAC7D,CAAC;AAEF,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,OAAO,CAAC;KACb,WAAW,CAAC,2CAA2C,CAAC;KACxD,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;AAEhC,oBAAoB;AACpB,OAAO,CAAC,UAAU,CAAC,kBAAW,CAAC,CAAC;AAChC,OAAO,CAAC,UAAU,CAAC,oBAAY,CAAC,CAAC;AACjC,OAAO,CAAC,UAAU,CAAC,sBAAa,CAAC,CAAC;AAClC,OAAO,CAAC,UAAU,CAAC,wBAAc,CAAC,CAAC;AAEnC,OAAO,CAAC,KAAK,EAAE,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAEA,yCAAoC;AACpC,2BAAkC;AAClC,+BAA4B;AAC5B,0CAA8C;AAC9C,4CAAgD;AAChD,8CAAkD;AAClD,gDAAoD;AACpD,8CAAkD;AAElD,iCAAiC;AACjC,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAC5B,IAAA,iBAAY,EAAC,IAAA,WAAI,EAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAC7D,CAAC;AAEF,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,OAAO,CAAC;KACb,WAAW,CAAC,2CAA2C,CAAC;KACxD,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;AAEhC,oBAAoB;AACpB,OAAO,CAAC,UAAU,CAAC,kBAAW,CAAC,CAAC;AAChC,OAAO,CAAC,UAAU,CAAC,oBAAY,CAAC,CAAC;AACjC,OAAO,CAAC,UAAU,CAAC,sBAAa,CAAC,CAAC;AAClC,OAAO,CAAC,UAAU,CAAC,wBAAc,CAAC,CAAC;AACnC,OAAO,CAAC,UAAU,CAAC,sBAAa,CAAC,CAAC;AAElC,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@padua/cli",
-  "version": "1.5.0",
+  "version": "1.6.0",
   "description": "Unified AWS infrastructure management CLI",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",