@padua/cli 2.0.24 → 2.0.25

package/README.md

@@ -54,6 +54,7 @@ The `init` command will:
 | | Status | Health check for all authentication services |
 | | Doctor | Configuration validation and diagnostics with fuzzy profile matching |
 | **Tunnel** | RDS | Secure tunnels to RDS/Aurora databases via SSM |
+| | LB | Port forwarding to internal ALB via SSM |
 | **Exec** | ECS | Interactive shell in running ECS containers via SSM |
 | **MCP** | Server | Built-in MCP server with 49 GitLab and Atlassian tools |
 | | Daemon | Background process management via `padua login` |
@@ -302,7 +303,7 @@ Returns:
     "atlassian": "ready"
   },
   "uptime": 3600,
-  "version": "2.0.23"
+  "version": "2.0.25"
 }
 ```
 
@@ -789,15 +790,27 @@ paws clear
 
 ## Tunnel Command
 
-Create secure tunnels to RDS databases via SSM Session Manager.
+Create secure tunnels to AWS resources via SSM Session Manager.
 
 Automatically reads `AWS_PROFILE` environment variable when no `--profile` flag is provided (works with `paws`).
 
+### Targets
+
+| Target | Description | System Required |
+|--------|-------------|-----------------|
+| `rds` | Tunnel to RDS/Aurora databases | Yes (e.g., `roma`, `padua-iam`) |
+| `lb` | Tunnel to internal ALB (`dev.int.paduasolutions.net:443`) | No |
+
 ### Basic Usage
 
 ```bash
+# RDS tunnel (requires system argument)
 padua tunnel roma rds                    # Interactive (prompts for port/cluster)
 padua tunnel roma rds -p paduafg-development  # Use specific profile
+
+# Load balancer tunnel (no system needed)
+padua tunnel lb                          # Interactive (prompts for port, default 8443)
+padua tunnel lb --local-port 9443        # Use specific local port
 ```
 
 ### Options
@@ -806,11 +819,11 @@ padua tunnel roma rds -p paduafg-development  # Use specific profile
 |------|-------------|
 | `-p, --profile <name>` | AWS profile to use |
 | `--local-port <port>` | Local port for the tunnel |
-| `--cluster <name>` | RDS cluster or instance name |
+| `--cluster <name>` | RDS cluster or instance name (RDS only) |
 | `-v, --verbose` | Show detailed output |
 | `--no-color` | Disable colored output |
 
-### System Configuration
+### RDS System Configuration
 
 Different systems use different EC2 instances as tunnel endpoints:
 
@@ -819,7 +832,22 @@ Different systems use different EC2 instances as tunnel endpoints:
 | roma | bastion-host | 3306 (MySQL) | roma-backend |
 | (others) | jumpbox | 5432 (PostgreSQL) | (none) |
 
-### Example Output
+### LB Tunnel Usage
+
+The internal ALB uses path-based routing for most services. Once the tunnel is running:
+
+```bash
+# Path-based services (most services)
+curl -k https://localhost:8443/echo/test
+curl -k https://localhost:8443/wealth-summaries/healthz
+curl -k https://localhost:8443/entity-management/api/v1/status
+
+# Host-based services (permify)
+curl -k https://localhost:8443/v1/permissions/check \
+  -H "Host: permify.dev.int.paduasolutions.net"
+```
+
+### Example Output (RDS)
 
 ```
 Checking port 3306 availability...
@@ -839,6 +867,30 @@ Starting tunnel...
 Press Ctrl+C to close the tunnel
 ```
 
+### Example Output (LB)
+
+```
+Checking port 8443 availability...
+✓ Port 8443 is available
+Looking up jumpbox instance...
+✓ Found instance: i-0abc123def456
+
+Starting tunnel...
+  Profile: paduafg-development
+  Local port: 8443
+  Remote: dev.int.paduasolutions.net:443
+  Via: i-0abc123def456 (jumpbox)
+
+Usage (path-based services):
+  curl -k https://localhost:8443/<service>/path
+  e.g. curl -k https://localhost:8443/echo/test
+
+Usage (host-based services like permify):
+  curl -k https://localhost:8443/path -H "Host: <service>.dev.int.paduasolutions.net"
+
+Press Ctrl+C to close the tunnel
+```
+
 ## Exec Command
 
 Open an interactive shell in a running ECS container via SSM Execute Command.

package/dist/commands/tunnel/index.d.ts

@@ -7,6 +7,6 @@ export declare const tunnelCommand: Command;
 /**
  * Handle the tunnel command
  */
-declare function handleTunnel(system: string, target: string, options: TunnelOptions): Promise<void>;
+declare function handleTunnel(system: string, target: string | undefined, options: TunnelOptions): Promise<void>;
 export { handleTunnel };
 //# sourceMappingURL=index.d.ts.map

package/dist/commands/tunnel/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/commands/tunnel/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAI3C;;GAEG;AACH,eAAO,MAAM,aAAa,SASH,CAAC;AAExB;;GAEG;AACH,iBAAe,YAAY,CACzB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,IAAI,CAAC,CA8Cf;AAGD,OAAO,EAAE,YAAY,EAAE,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/commands/tunnel/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAK3C;;GAEG;AACH,eAAO,MAAM,aAAa,SASH,CAAC;AAExB;;GAEG;AACH,iBAAe,YAAY,CACzB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,IAAI,CAAC,CAqEf;AAGD,OAAO,EAAE,YAAY,EAAE,CAAC"}

package/dist/commands/tunnel/index.js

@@ -1,14 +1,15 @@
 import { Command } from 'commander';
 import chalk from 'chalk';
 import { startRdsTunnel } from './rds.js';
+import { startLbTunnel } from './lb.js';
 import { checkSessionManagerPlugin } from '../init/prerequisites.js';
 /**
  * Tunnel command - create secure tunnels to AWS resources via SSM
  */
 export const tunnelCommand = new Command('tunnel')
     .description('Create secure tunnels to AWS resources via SSM Session Manager')
-    .argument('<system>', 'Target system (e.g., roma, padua-iam)')
-    .argument('<target>', 'Target service type (rds)')
+    .argument('<system>', 'Target system (e.g., roma, padua-iam) or target type (lb)')
+    .argument('[target]', 'Target service type (rds, lb)')
     .option('-p, --profile <name>', 'AWS profile to use')
     .option('--local-port <port>', 'Local port for the tunnel')
     .option('--cluster <name>', 'RDS cluster or instance name')
@@ -33,8 +34,24 @@ async function handleTunnel(system, target, options) {
         }
         process.exit(1);
     }
+    // Smart target detection: if system is a valid target and no target provided
+    const validTargets = ['rds', 'lb'];
+    if (target === undefined && validTargets.includes(system.toLowerCase())) {
+        target = system;
+        system = '';
+    }
+    if (target === undefined) {
+        if (!noColor) {
+            console.error(chalk.red('Target is required.'));
+            console.error(chalk.gray(`Valid targets: ${validTargets.join(', ')}`));
+        }
+        else {
+            console.error('Target is required.');
+            console.error(`Valid targets: ${validTargets.join(', ')}`);
+        }
+        process.exit(1);
+    }
     // Validate target type
-    const validTargets = ['rds'];
     if (!validTargets.includes(target.toLowerCase())) {
         if (!noColor) {
             console.error(chalk.red(`Invalid target: ${target}`));
@@ -49,8 +66,14 @@ async function handleTunnel(system, target, options) {
     try {
         switch (target.toLowerCase()) {
             case 'rds':
+                if (!system) {
+                    throw new Error('System argument is required for RDS tunnels (e.g., padua tunnel roma rds)');
+                }
                 await startRdsTunnel(system, options);
                 break;
+            case 'lb':
+                await startLbTunnel(options);
+                break;
             default:
                 throw new Error(`Unsupported target: ${target}`);
         }

package/dist/commands/tunnel/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/tunnel/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,EAAE,yBAAyB,EAAE,MAAM,0BAA0B,CAAC;AAErE;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,OAAO,CAAC,QAAQ,CAAC;KAC/C,WAAW,CAAC,gEAAgE,CAAC;KAC7E,QAAQ,CAAC,UAAU,EAAE,uCAAuC,CAAC;KAC7D,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAC;KACjD,MAAM,CAAC,sBAAsB,EAAE,oBAAoB,CAAC;KACpD,MAAM,CAAC,qBAAqB,EAAE,2BAA2B,CAAC;KAC1D,MAAM,CAAC,kBAAkB,EAAE,8BAA8B,CAAC;KAC1D,MAAM,CAAC,eAAe,EAAE,sBAAsB,CAAC;KAC/C,MAAM,CAAC,YAAY,EAAE,wBAAwB,CAAC;KAC9C,MAAM,CAAC,YAAY,CAAC,CAAC;AAExB;;GAEG;AACH,KAAK,UAAU,YAAY,CACzB,MAAc,EACd,MAAc,EACd,OAAsB;IAEtB,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,KAAK,CAAC;IAEzC,sBAAsB;IACtB,MAAM,QAAQ,GAAG,yBAAyB,EAAE,CAAC;IAC7C,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;QACxB,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC,CAAC;YAC9E,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QAC/D,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACnE,OAAO,CAAC,KAAK,CAAC,YAAY,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QACnD,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,uBAAuB;IACvB,MAAM,YAAY,GAAG,CAAC,KAAK,CAAC,CAAC;IAC7B,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QACjD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,mBAAmB,MAAM,EAAE,CAAC,CAAC,CAAC;YACtD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,kBAAkB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,mBAAmB,MAAM,EAAE,CAAC,CAAC;YAC3C,OAAO,CAAC,KAAK,CAAC,kBAAkB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC7D,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,CAAC;QACH,QAAQ,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;YAC7B,KAAK,KAAK;gBACR,MAAM,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBACtC,MAAM;YACR;gBACE,MAAM,IAAI,KAAK,CAAC,uBAAuB,MAAM,EAAE,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,OAAO,GAAI,KAAe,CAAC,OAAO,CAAC;QACzC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC;QACrC,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,sBAAsB;AACtB,OAAO,EAAE,YAAY,EAAE,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/tunnel/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,EAAE,yBAAyB,EAAE,MAAM,0BAA0B,CAAC;AAErE;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,OAAO,CAAC,QAAQ,CAAC;KAC/C,WAAW,CAAC,gEAAgE,CAAC;KAC7E,QAAQ,CAAC,UAAU,EAAE,2DAA2D,CAAC;KACjF,QAAQ,CAAC,UAAU,EAAE,+BAA+B,CAAC;KACrD,MAAM,CAAC,sBAAsB,EAAE,oBAAoB,CAAC;KACpD,MAAM,CAAC,qBAAqB,EAAE,2BAA2B,CAAC;KAC1D,MAAM,CAAC,kBAAkB,EAAE,8BAA8B,CAAC;KAC1D,MAAM,CAAC,eAAe,EAAE,sBAAsB,CAAC;KAC/C,MAAM,CAAC,YAAY,EAAE,wBAAwB,CAAC;KAC9C,MAAM,CAAC,YAAY,CAAC,CAAC;AAExB;;GAEG;AACH,KAAK,UAAU,YAAY,CACzB,MAAc,EACd,MAA0B,EAC1B,OAAsB;IAEtB,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,KAAK,CAAC;IAEzC,sBAAsB;IACtB,MAAM,QAAQ,GAAG,yBAAyB,EAAE,CAAC;IAC7C,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;QACxB,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC,CAAC;YAC9E,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QAC/D,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACnE,OAAO,CAAC,KAAK,CAAC,YAAY,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QACnD,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,6EAA6E;IAC7E,MAAM,YAAY,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACnC,IAAI,MAAM,KAAK,SAAS,IAAI,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QACxE,MAAM,GAAG,MAAM,CAAC;QAChB,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAED,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC;YAChD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,kBAAkB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACrC,OAAO,CAAC,KAAK,CAAC,kBAAkB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC7D,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,uBAAuB;IACvB,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QACjD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,mBAAmB,MAAM,EAAE,CAAC,CAAC,CAAC;YACtD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,kBAAkB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,mBAAmB,MAAM,EAAE,CAAC,CAAC;YAC3C,OAAO,CAAC,KAAK,CAAC,kBAAkB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC7D,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,CAAC;QACH,QAAQ,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;YAC7B,KAAK,KAAK;gBACR,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;gBAC/F,CAAC;gBACD,MAAM,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBACtC,MAAM;YACR,KAAK,IAAI;gBACP,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;gBAC7B,MAAM;YACR;gBACE,MAAM,IAAI,KAAK,CAAC,uBAAuB,MAAM,EAAE,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,OAAO,GAAI,KAAe,CAAC,OAAO,CAAC;QACzC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC;QACrC,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,sBAAsB;AACtB,OAAO,EAAE,YAAY,EAAE,CAAC"}

package/dist/commands/tunnel/lb.d.ts

@@ -0,0 +1,6 @@
+import { TunnelOptions } from './types.js';
+/**
+ * Start an LB tunnel via SSM Session Manager to the internal ALB
+ */
+export declare function startLbTunnel(options: TunnelOptions): Promise<void>;
+//# sourceMappingURL=lb.d.ts.map

package/dist/commands/tunnel/lb.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lb.d.ts","sourceRoot":"","sources":["../../../src/commands/tunnel/lb.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAW3C;;GAEG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CA+IzE"}

package/dist/commands/tunnel/lb.js

@@ -0,0 +1,148 @@
+import { spawn } from 'child_process';
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import { getInstanceIdByTag } from './aws.js';
+import { isPortAvailable, parsePort } from './port.js';
+import { getSubprocessEnv, sanitizeOutput } from '../login/utils.js';
+import { loadConfig } from '../login/config.js';
+import { getEffectiveProfile } from '../login/types.js';
+const ALB_REMOTE_HOST = 'dev.int.paduasolutions.net';
+const ALB_REMOTE_PORT = 443;
+const LB_DEFAULT_LOCAL_PORT = 8443;
+/**
+ * Start an LB tunnel via SSM Session Manager to the internal ALB
+ */
+export async function startLbTunnel(options) {
+    const noColor = options.noColor ?? false;
+    // Load config and get profile
+    const config = await loadConfig();
+    const profile = getEffectiveProfile({ profile: options.profile }, config ?? undefined);
+    // Step 1: Resolve local port
+    let localPort;
+    if (options.localPort) {
+        const parsed = parsePort(options.localPort);
+        if (!parsed) {
+            throw new Error(`Invalid port: ${options.localPort}`);
+        }
+        localPort = parsed;
+    }
+    else {
+        const portAnswer = await inquirer.prompt([
+            {
+                type: 'input',
+                name: 'port',
+                message: 'Local port for ALB tunnel:',
+                default: LB_DEFAULT_LOCAL_PORT.toString(),
+                validate: (input) => {
+                    const p = parsePort(input);
+                    if (!p)
+                        return 'Please enter a valid port number (1-65535)';
+                    return true;
+                },
+            },
+        ]);
+        localPort = parsePort(portAnswer.port);
+    }
+    // Step 2: Verify port availability
+    if (!noColor) {
+        console.log(chalk.gray(`Checking port ${localPort} availability...`));
+    }
+    const portAvailable = await isPortAvailable(localPort);
+    if (!portAvailable) {
+        throw new Error(`Port ${localPort} is already in use. Please choose a different port.`);
+    }
+    if (!noColor) {
+        console.log(chalk.green(`✓ Port ${localPort} is available`));
+    }
+    else {
+        console.log(`Port ${localPort} is available`);
+    }
+    // Step 3: Get jumpbox instance ID
+    if (!noColor) {
+        console.log(chalk.gray('Looking up jumpbox instance...'));
+    }
+    else {
+        console.log('Looking up jumpbox instance...');
+    }
+    const instanceId = getInstanceIdByTag('jumpbox', profile, options.verbose);
+    if (!noColor) {
+        console.log(chalk.green(`✓ Found instance: ${instanceId}`));
+    }
+    else {
+        console.log(`Found instance: ${instanceId}`);
+    }
+    // Step 4: Print tunnel summary
+    console.log('');
+    if (!noColor) {
+        console.log(chalk.cyan.bold('Starting tunnel...'));
+        console.log(chalk.gray(`  Profile: ${profile}`));
+        console.log(chalk.gray(`  Local port: ${localPort}`));
+        console.log(chalk.gray(`  Remote: ${ALB_REMOTE_HOST}:${ALB_REMOTE_PORT}`));
+        console.log(chalk.gray(`  Via: ${instanceId} (jumpbox)`));
+    }
+    else {
+        console.log('Starting tunnel...');
+        console.log(`  Profile: ${profile}`);
+        console.log(`  Local port: ${localPort}`);
+        console.log(`  Remote: ${ALB_REMOTE_HOST}:${ALB_REMOTE_PORT}`);
+        console.log(`  Via: ${instanceId} (jumpbox)`);
+    }
+    console.log('');
+    if (!noColor) {
+        console.log(chalk.cyan('Usage (path-based services):'));
+        console.log(chalk.gray(`  curl -k https://localhost:${localPort}/<service>/path`));
+        console.log(chalk.gray(`  e.g. curl -k https://localhost:${localPort}/echo/test`));
+        console.log('');
+        console.log(chalk.cyan('Usage (host-based services like permify):'));
+        console.log(chalk.gray(`  curl -k https://localhost:${localPort}/path -H "Host: <service>.${ALB_REMOTE_HOST}"`));
+    }
+    else {
+        console.log('Usage (path-based services):');
+        console.log(`  curl -k https://localhost:${localPort}/<service>/path`);
+        console.log(`  e.g. curl -k https://localhost:${localPort}/echo/test`);
+        console.log('');
+        console.log('Usage (host-based services like permify):');
+        console.log(`  curl -k https://localhost:${localPort}/path -H "Host: <service>.${ALB_REMOTE_HOST}"`);
+    }
+    console.log('');
+    if (!noColor) {
+        console.log(chalk.yellow('Press Ctrl+C to close the tunnel'));
+    }
+    else {
+        console.log('Press Ctrl+C to close the tunnel');
+    }
+    console.log('');
+    // Step 5: Start SSM session
+    const child = spawn('aws', [
+        'ssm',
+        'start-session',
+        '--target', instanceId,
+        '--document-name', 'AWS-StartPortForwardingSessionToRemoteHost',
+        '--parameters', `host="${ALB_REMOTE_HOST}",portNumber="${ALB_REMOTE_PORT}",localPortNumber="${localPort}"`,
+        '--profile', profile,
+    ], {
+        stdio: 'inherit',
+        env: { ...getSubprocessEnv(), AWS_PROFILE: profile },
+    });
+    // Handle process lifecycle
+    await new Promise((resolve, reject) => {
+        child.on('error', (error) => {
+            reject(new Error(`Failed to start SSM session: ${sanitizeOutput(error.message)}`));
+        });
+        child.on('exit', (code) => {
+            if (code !== 0 && code !== null) {
+                console.log('');
+                if (!noColor) {
+                    console.log(chalk.red(`Tunnel closed with exit code: ${code}`));
+                }
+                else {
+                    console.log(`Tunnel closed with exit code: ${code}`);
+                }
+            }
+        });
+        child.on('close', () => {
+            resolve();
+        });
+    });
+}
+//# sourceMappingURL=lb.js.map

package/dist/commands/tunnel/lb.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lb.js","sourceRoot":"","sources":["../../../src/commands/tunnel/lb.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AACtC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,QAAQ,MAAM,UAAU,CAAC;AAEhC,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAExD,MAAM,eAAe,GAAG,4BAA4B,CAAC;AACrD,MAAM,eAAe,GAAG,GAAG,CAAC;AAC5B,MAAM,qBAAqB,GAAG,IAAI,CAAC;AAEnC;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,OAAsB;IACxD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,KAAK,CAAC;IAEzC,8BAA8B;IAC9B,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;IAClC,MAAM,OAAO,GAAG,mBAAmB,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;IAEvF,6BAA6B;IAC7B,IAAI,SAAiB,CAAC;IAEtB,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC5C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,iBAAiB,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,SAAS,GAAG,MAAM,CAAC;IACrB,CAAC;SAAM,CAAC;QACN,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;YACvC;gBACE,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE,4BAA4B;gBACrC,OAAO,EAAE,qBAAqB,CAAC,QAAQ,EAAE;gBACzC,QAAQ,EAAE,CAAC,KAAa,EAAE,EAAE;oBAC1B,MAAM,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;oBAC3B,IAAI,CAAC,CAAC;wBAAE,OAAO,4CAA4C,CAAC;oBAC5D,OAAO,IAAI,CAAC;gBACd,CAAC;aACF;SACF,CAAC,CAAC;QACH,SAAS,GAAG,SAAS,CAAC,UAAU,CAAC,IAAI,CAAE,CAAC;IAC1C,CAAC;IAED,mCAAmC;IACnC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,SAAS,kBAAkB,CAAC,CAAC,CAAC;IACxE,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,eAAe,CAAC,SAAS,CAAC,CAAC;IACvD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,QAAQ,SAAS,qDAAqD,CAAC,CAAC;IAC1F,CAAC;IAED,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,SAAS,eAAe,CAAC,CAAC,CAAC;IAC/D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,QAAQ,SAAS,eAAe,CAAC,CAAC;IAChD,CAAC;IAED,kCAAkC;IAClC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC,CAAC;IAC5D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAE3E,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,qBAAqB,UAAU,EAAE,CAAC,CAAC,CAAC;IAC9D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,mBAAmB,UAAU,EAAE,CAAC,CAAC;IAC/C,CAAC;IAED,+BAA+B;IAC/B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,cAAc,OAAO,EAAE,CAAC,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,SAAS,EAAE,CAAC,CAAC,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,eAAe,IAAI,eAAe,EAAE,CAAC,CAAC,CAAC;QAC3E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,UAAU,YAAY,CAAC,CAAC,CAAC;IAC5D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;QAClC,OAAO,CAAC,GAAG,CAAC,cAAc,OAAO,EAAE,CAAC,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,iBAAiB,SAAS,EAAE,CAAC,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,aAAa,eAAe,IAAI,eAAe,EAAE,CAAC,CAAC;QAC/D,OAAO,CAAC,GAAG,CAAC,UAAU,UAAU,YAAY,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,+BAA+B,SAAS,iBAAiB,CAAC,CAAC,CAAC;QACnF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,oCAAoC,SAAS,YAAY,CAAC,CAAC,CAAC;QACnF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC,CAAC;QACrE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,+BAA+B,SAAS,6BAA6B,eAAe,GAAG,CAAC,CAAC,CAAC;IACnH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,+BAA+B,SAAS,iBAAiB,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,oCAAoC,SAAS,YAAY,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,+BAA+B,SAAS,6BAA6B,eAAe,GAAG,CAAC,CAAC;IACvG,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,kCAAkC,CAAC,CAAC,CAAC;IAChE,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,4BAA4B;IAC5B,MAAM,KAAK,GAAG,KAAK,CACjB,KAAK,EACL;QACE,KAAK;QACL,eAAe;QACf,UAAU,EAAE,UAAU;QACtB,iBAAiB,EAAE,4CAA4C;QAC/D,cAAc,EAAE,SAAS,eAAe,iBAAiB,eAAe,sBAAsB,SAAS,GAAG;QAC1G,WAAW,EAAE,OAAO;KACrB,EACD;QACE,KAAK,EAAE,SAAS;QAChB,GAAG,EAAE,EAAE,GAAG,gBAAgB,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE;KACrD,CACF,CAAC;IAEF,2BAA2B;IAC3B,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1C,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YAC1B,MAAM,CAAC,IAAI,KAAK,CAAC,gCAAgC,cAAc,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;QACrF,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,IAAI,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;gBAChC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,iCAAiC,IAAI,EAAE,CAAC,CAAC,CAAC;gBAClE,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,iCAAiC,IAAI,EAAE,CAAC,CAAC;gBACvD,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACrB,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/commands/tunnel/types.d.ts

@@ -4,7 +4,7 @@
 /**
  * Tunnel target types
  */
-export type TunnelTarget = 'rds' | 'opensearch' | 'ec2';
+export type TunnelTarget = 'rds' | 'opensearch' | 'ec2' | 'lb';
 /**
  * Options for the tunnel command
  */

package/dist/commands/tunnel/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/commands/tunnel/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,KAAK,GAAG,YAAY,GAAG,KAAK,CAAC;AAExD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,2CAA2C;IAC3C,MAAM,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,4BAA4B;IAC5B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;GAIG;AACH,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAMvD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,EAAE,YAGnC,CAAC;AAEF;;GAEG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,YAAY,CAE5D;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CA2B/E"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/commands/tunnel/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,KAAK,GAAG,YAAY,GAAG,KAAK,GAAG,IAAI,CAAC;AAE/D;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,2CAA2C;IAC3C,MAAM,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,4BAA4B;IAC5B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;GAIG;AACH,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAMvD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,EAAE,YAGnC,CAAC;AAEF;;GAEG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,YAAY,CAE5D;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CA2B/E"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@padua/cli",
-  "version": "2.0.24",
+  "version": "2.0.25",
   "description": "Unified AWS infrastructure management CLI",
   "type": "module",
   "main": "dist/index.js",