@percepta/create 3.6.1 → 3.6.3

package/templates/webapp/.github/workflows/__APP_NAME__-terraform-ryvn-release.yaml

@@ -1,92 +0,0 @@
-name: Build & Release __APP_NAME__-terraform
-
-on:
-  push:
-    branches:
-      - "main"
-    paths:
-      - "packages/__APP_NAME__/terraform/schema/**"
-      - ".github/workflows/__APP_NAME__-terraform-ryvn-release.yaml"
-  workflow_dispatch:
-
-env:
-  SERVICE_NAME: __APP_NAME__-terraform
-
-jobs:
-  build-and-release:
-    name: Build and Release
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      id-token: write
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Install Ryvn CLI
-        uses: ryvn-technologies/install-ryvn-cli@v1.0.0
-
-      - name: Generate Release Tag
-        id: generate-tag
-        env:
-          RYVN_CLIENT_ID: ${{ secrets.RYVN_CLIENT_ID }}
-          RYVN_CLIENT_SECRET: ${{ secrets.RYVN_CLIENT_SECRET }}
-        run: |
-          tag_info=$(ryvn generate-release-tag "$SERVICE_NAME" --prefix="${SERVICE_NAME}@" -o json --default-bump-minor)
-
-          version=$(echo "$tag_info" | jq -r '.version')
-          new_tag=$(echo "$tag_info" | jq -r '.tag')
-          channel=$(echo "$tag_info" | jq -r '.channel')
-          isPreview=$(echo "$tag_info" | jq -r '.isPreview')
-
-          echo "version=$version" >> $GITHUB_OUTPUT
-          echo "new_tag=$new_tag" >> $GITHUB_OUTPUT
-          echo "channel=$channel" >> $GITHUB_OUTPUT
-          echo "isPreview=$isPreview" >> $GITHUB_OUTPUT
-
-      - name: Create Ryvn Release
-        if: |
-          !contains(github.event.head_commit.message, '[skip-release]') &&
-          !contains(github.event.pull_request.title, '[skip-release]') &&
-          (steps.generate-tag.outputs.isPreview == 'true' || github.ref == format('refs/heads/{0}', github.event.repository.default_branch))
-        env:
-          RYVN_CLIENT_ID: ${{ secrets.RYVN_CLIENT_ID }}
-          RYVN_CLIENT_SECRET: ${{ secrets.RYVN_CLIENT_SECRET }}
-        run: |
-          version="${{ steps.generate-tag.outputs.new_tag }}"
-          version="${version#"${SERVICE_NAME}@"}"
-          version="${version#@}"
-          channel="${{ steps.generate-tag.outputs.channel }}"
-
-          if [ -n "$channel" ] && [ "$channel" != "null" ]; then
-            ryvn create release "$SERVICE_NAME" "$version" --channel "$channel"
-          else
-            ryvn create release "$SERVICE_NAME" "$version"
-          fi
-
-      - name: Create GitHub Tag
-        if: |
-          github.ref == format('refs/heads/{0}', github.event.repository.default_branch) &&
-          !contains(github.event.head_commit.message, '[skip-release]') &&
-          !contains(github.event.pull_request.title, '[skip-release]')
-        run: |
-          git config --global user.email "github-actions[bot]@users.noreply.github.com"
-          git config --global user.name "github-actions[bot]"
-          git tag "${{ steps.generate-tag.outputs.new_tag }}"
-          git push origin "${{ steps.generate-tag.outputs.new_tag }}"
-
-      - name: Create GitHub Release
-        if: |
-          github.ref == format('refs/heads/{0}', github.event.repository.default_branch) &&
-          !contains(github.event.head_commit.message, '[skip-release]') &&
-          !contains(github.event.pull_request.title, '[skip-release]')
-        uses: softprops/action-gh-release@v1
-        with:
-          tag_name: ${{ steps.generate-tag.outputs.new_tag }}
-          name: ${{ steps.generate-tag.outputs.new_tag }}
-          generate_release_notes: true
-          draft: false
-          prerelease: false

package/templates/webapp/agent-skills/deploy.md

@@ -1,92 +0,0 @@
-# Deploying to Percepta Test
-
-This guide deploys __APP_TITLE__ to `https://__APP_NAME__.percepta-test.aitco.dev` using Ryvn. Tell Claude "deploy this app to percepta-test" and it should run the direct deploy helper below.
-
-This is the existing-environment deploy motion: `percepta-test` already owns the shared platform services, and this app is wired into them. Fresh-environment platform bootstrap is separate and should use a Ryvn blueprint or environment-specific platform rollout before app deploys run. The `pnpm deploy:percepta-test` script delegates to the versioned `@percepta/deploy` CLI; this app owns only its Ryvn YAML and generated secrets env file.
-
-## What's Already Scaffolded
-
-- `deploy/ryvn/__APP_NAME__.service.yaml` — Ryvn server service for the web app.
-- `deploy/ryvn/__APP_NAME__-terraform.service.yaml` — Ryvn Terraform service that creates the app's Postgres schema.
-- `deploy/ryvn/environments/percepta-test/installations/__APP_NAME__.env.percepta-test.serviceinstallation.yaml` — web installation.
-- `deploy/ryvn/environments/percepta-test/installations/__APP_NAME__-terraform.env.percepta-test.serviceinstallation.yaml` — schema installation.
-- `.github/workflows/__APP_NAME__-ryvn-release.yaml` — builds the Docker image and creates the web Ryvn release.
-- `.github/workflows/__APP_NAME__-terraform-ryvn-release.yaml` — creates the schema Terraform Ryvn release.
-- `deploy/ryvn/percepta-test.secrets.env` — generated locally and ignored by git; injected into the app installation as Ryvn secrets by the deploy helper.
-
-See [`deploy/README.md`](../deploy/README.md) for the file-by-file breakdown.
-
-## Prerequisites
-
-- `git`, `gh`, and `ryvn` are installed and authenticated.
-- The worktree is clean and committed. The helper pushes the current branch to `main` because GitHub Actions builds from GitHub.
-- The Percepta-Core org has `RYVN_CLIENT_ID`, `RYVN_CLIENT_SECRET`, and `NPM_TOKEN` available as org-level GitHub secrets.
-- These shared platform installations are already deployed and healthy in `percepta-test`: `percepta-internal-terraform`, `inngest-test`, `otel-collector`, `lgtm-stack-helm`, and `langfuse`.
-- The `demos-commons` Ryvn variable group exists in `percepta-test` and provides `LANGFUSE_PUBLIC_KEY` plus sensitive `ANTHROPIC_API_KEY` and `LANGFUSE_SECRET_KEY` for shared demo LLM calls and Langfuse tracing.
-
-## Deploy
-
-From this package directory:
-
-```bash
-pnpm deploy:percepta-test -- --yes
-```
-
-The helper:
-
-1. Checks the existing platform installations and shared demo variable group in `percepta-test`.
-2. Creates `Percepta-Core/__REPO_NAME__` if needed.
-3. Pushes the current branch to `main`.
-4. Creates or replaces the Ryvn web and schema services.
-5. Runs the schema Terraform release workflow.
-6. Creates or replaces the schema installation and approves the Terraform plan.
-7. Runs the web release workflow.
-8. Creates or replaces the web installation.
-9. Creates or updates app-scoped Ryvn installation secrets for `BETTER_AUTH_SECRET` and `ENCRYPTION_SECRET_KEY` from `deploy/ryvn/percepta-test.secrets.env`. On first install, the helper injects them into the create manifest so the first pod starts with auth configured.
-10. Waits for Ryvn health and checks `/api/healthz`, `/api/readyz`, and the protected app route.
-
-The app will be available at **https://__APP_NAME__.percepta-test.aitco.dev**.
-
-## Useful Variants
-
-```bash
-pnpm deploy:percepta-test -- --skip-workflows --yes
-pnpm deploy:percepta-test -- --skip-push --yes
-pnpm deploy:percepta-test -- --timeout-minutes 30 --yes
-```
-
-Use `--skip-workflows` when the required Ryvn releases already exist. Use `--skip-push` only when the target ref is already pushed.
-
-The legacy infra-PR path is still available:
-
-```bash
-pnpm deploy:percepta-test:pr -- --phase service --yes
-pnpm deploy:percepta-test:pr -- --phase installation --yes
-```
-
-## Verify
-
-```bash
-ryvn get installation __APP_NAME__ -e percepta-test
-ryvn logs __APP_NAME__ -e percepta-test
-curl -s https://__APP_NAME__.percepta-test.aitco.dev/api/healthz
-curl -s https://__APP_NAME__.percepta-test.aitco.dev/api/readyz
-curl -I https://__APP_NAME__.percepta-test.aitco.dev/
-```
-
-For apps with tRPC routes, also verify at least one endpoint that initializes Better Auth or app services. `healthz` can be green even when app-specific secrets or workflow wiring are wrong.
-
-## Troubleshooting
-
-- **Image build fails fetching @percepta packages** → check the Percepta-Core org-level `NPM_TOKEN` secret. Do not add a repo-level token unless the org secret is unavailable.
-- **Ryvn release already exists** → commit a new change or re-run with `--skip-workflows` if the current releases are already present.
-- **Terraform plan needs approval** → the helper approves it when run with `--yes`; without `--yes`, approve the prompt.
-- **Auth/sign-in or tRPC routes fail after install** → verify the `__APP_NAME__` installation has `BETTER_AUTH_SECRET` and `ENCRYPTION_SECRET_KEY` secrets from `deploy/ryvn/percepta-test.secrets.env`, then redeploy `__APP_NAME__` so the pod reloads them.
-- **Pod crash-looping** → check `ryvn logs`; migration or database connectivity failures are the most common fresh-deploy causes.
-- **Database schema missing** → check `ryvn get installation __APP_NAME__-terraform -e percepta-test`.
-- **Inngest can't reach the app** → `INNGEST_APP_URL` must use the k8s service name `__APP_NAME__-web-server`.
-- **Platform preflight fails** → deploy or repair the missing shared installation first. This helper only wires apps into an existing environment.
-- **No Langfuse traces** → verify the target environment has Langfuse deployed and that the `demos-commons` variable group has `LANGFUSE_PUBLIC_KEY` and sensitive `LANGFUSE_SECRET_KEY`.
-- **LLM calls fail after deploy** → verify `demos-commons` has sensitive `ANTHROPIC_API_KEY` and the installation has `LLM_PROVIDER=anthropic`.
-
-For Ryvn CLI operations, use the `/use-ryvn` skill.

package/templates/webapp/deploy/ryvn/__APP_NAME__-terraform.service.yaml

@@ -1,10 +0,0 @@
-kind: Service
-metadata:
-  name: __APP_NAME__-terraform
-spec:
-  type: terraform
-  repo: Percepta-Core/__REPO_NAME__
-  autoApprove: false
-  build:
-    path: packages/__APP_NAME__/terraform/schema
-    tagPrefix: __APP_NAME__-terraform@

package/templates/webapp/deploy/ryvn/environments/percepta-test/installations/__APP_NAME__-terraform.env.percepta-test.serviceinstallation.yaml

@@ -1,11 +0,0 @@
-kind: ServiceInstallation
-metadata:
-  name: __APP_NAME__-terraform
-spec:
-  service: __APP_NAME__-terraform
-  environment: percepta-test
-  config: |
-    aws_region: {{ .ryvn.env.state.cluster_region }}
-    database_secret_name: {{ .ryvn.installations.percepta_internal_terraform.outputs.percepta_internal_secrets_manager_secret_name }}
-    database_name: demos
-    schema_name: __APP_NAME_SNAKE__

package/templates/webapp/deploy/ryvn/environments/percepta-test/installations/__APP_NAME__.env.percepta-test.serviceinstallation.yaml

@@ -1,154 +0,0 @@
-kind: ServiceInstallation
-metadata:
-  name: __APP_NAME__
-spec:
-  service: __APP_NAME__
-  environment: percepta-test
-  config: |
-    replicaCount: 1
-
-    service:
-      port: 3000
-
-    startupEnabled: true
-    startupProbe:
-      httpGet:
-        path: /api/healthz
-        port: 3000
-      failureThreshold: 30
-      periodSeconds: 10
-    livenessEnabled: true
-    livenessProbe:
-      httpGet:
-        path: /api/healthz
-        port: 3000
-    readinessEnabled: true
-    readinessProbe:
-      httpGet:
-        path: /api/readyz
-        port: 3000
-
-    resources:
-      requests:
-        cpu: "100m"
-        memory: "256Mi"
-      limits:
-        cpu: "500m"
-        memory: "512Mi"
-
-    ingress:
-      enabled: true
-      className: external-nginx
-      annotations:
-        cert-manager.io/cluster-issuer: external-issuer
-        nginx.ingress.kubernetes.io/ssl-redirect: "true"
-      hosts:
-        - host: __APP_NAME__.percepta-test.aitco.dev
-          paths:
-            - path: /
-              pathType: Prefix
-      tls:
-        - secretName: __APP_NAME__-tls
-          hosts:
-            - __APP_NAME__.percepta-test.aitco.dev
-
-    env:
-      # Database — shared `demos` DB on the percepta-internal Postgres instance.
-      # Tables live under a per-app schema created by the __APP_NAME__-terraform
-      # Ryvn service. DATABASE_SCHEMA pins the connection search_path so Drizzle
-      # migrations + queries land there.
-      - name: DATABASE_HOST
-        valueFrom:
-          secretKeyRef:
-            name: "{{ .ryvn.installations.percepta_internal_terraform.outputs.percepta_internal_postgresql_secret_name }}"
-            key: host
-      - name: DATABASE_PORT
-        valueFrom:
-          secretKeyRef:
-            name: "{{ .ryvn.installations.percepta_internal_terraform.outputs.percepta_internal_postgresql_secret_name }}"
-            key: port
-      - name: DATABASE_USERNAME
-        valueFrom:
-          secretKeyRef:
-            name: "{{ .ryvn.installations.percepta_internal_terraform.outputs.percepta_internal_postgresql_secret_name }}"
-            key: username
-      - name: DATABASE_PASSWORD
-        valueFrom:
-          secretKeyRef:
-            name: "{{ .ryvn.installations.percepta_internal_terraform.outputs.percepta_internal_postgresql_secret_name }}"
-            key: password
-      - name: DATABASE_NAME
-        value: "demos"
-      - name: DATABASE_SCHEMA
-        value: "__APP_NAME_SNAKE__"
-      - name: DATABASE_USE_SSL
-        value: "true"
-
-      - name: NODE_ENV
-        value: "production"
-      - name: PORT
-        value: "3000"
-  env:
-    # App identity
-    - key: APP_BASE_URL
-      value: https://__APP_NAME__.percepta-test.aitco.dev
-    - key: BETTER_AUTH_URL
-      value: https://__APP_NAME__.percepta-test.aitco.dev
-    # deploy:percepta-test injects BETTER_AUTH_SECRET and ENCRYPTION_SECRET_KEY
-    # from deploy/ryvn/percepta-test.secrets.env into the create request.
-    # Secret values are intentionally not declared here.
-
-    # Inngest (shared percepta-test platform service)
-    - key: INNGEST_BASE_URL
-      value: http://inngest.percepta-test.svc.cluster.local:8288
-    - key: INNGEST_EVENT_KEY
-      value: c0766e61c95af6afd18911698080b4fea4d311f60b02033d673234ded333ff39
-    - key: INNGEST_SIGNING_KEY
-      value: signkey-dev-7782b39265d2ca61d083fe1b230b468b10f01434d49486051fd108363da736f2
-    - key: INNGEST_APP_URL
-      value: http://__APP_NAME__-web-server.percepta-test.svc.cluster.local:3000/api/inngest
-    - key: INNGEST_SERVE_HOST
-      value: http://__APP_NAME__-web-server.percepta-test.svc.cluster.local:3000/api/inngest
-
-    # Observability (shared percepta-test OTEL collector + LGTM stack)
-    # Application logs are emitted to stdout and collected by the shared OTEL
-    # collector. Traces and metrics are exported over OTLP HTTP.
-    - key: OTEL_SERVICE_NAME
-      value: __APP_NAME__
-    - key: OTEL_RESOURCE_ATTRIBUTES
-      value: service.namespace=__REPO_NAME__,deployment.environment=percepta-test
-    - key: OTEL_TRACES_EXPORTER
-      value: otlp
-    - key: OTEL_METRICS_EXPORTER
-      value: otlp
-    - key: OTEL_LOGS_EXPORTER
-      value: none
-    - key: OTEL_EXPORTER_OTLP_PROTOCOL
-      value: http/protobuf
-    - key: OTEL_EXPORTER_OTLP_ENDPOINT
-      value: http://otel-collector-opentelemetry-collector.percepta-test.svc.cluster.local:4318
-    - key: OTEL_EXPORTER_OTLP_TRACES_ENDPOINT
-      value: http://otel-collector-opentelemetry-collector.percepta-test.svc.cluster.local:4318/v1/traces
-    - key: OTEL_EXPORTER_OTLP_METRICS_ENDPOINT
-      value: http://otel-collector-opentelemetry-collector.percepta-test.svc.cluster.local:4318/v1/metrics
-    - key: OTEL_METRIC_EXPORT_INTERVAL
-      value: "60000"
-    - key: NEXT_PUBLIC_FARO_APP_NAME
-      value: __APP_NAME__
-    - key: NEXT_PUBLIC_FARO_APP_VERSION
-      value: "0.1.0"
-    - key: NEXT_PUBLIC_FARO_APP_ENVIRONMENT
-      value: percepta-test
-    - key: LOG_LEVEL
-      value: debug
-
-    # Langfuse (shared percepta-test platform service). Project keys come from
-    # the demos-commons Ryvn variable group below.
-    - key: LANGFUSE_BASE_URL
-      value: https://langfuse.percepta-test.aitco.dev
-
-    # LLM provider (shared demo Anthropic key comes from demos-commons).
-    - key: LLM_PROVIDER
-      value: anthropic
-  variableGroups:
-    - name: demos-commons

package/templates/webapp/terraform/README.md

@@ -1,147 +0,0 @@
-# __APP_NAME_UPPER__ Terraform Service
-
-This Terraform service creates AWS infrastructure for the __APP_NAME_UPPER__ system.
-
-## Architecture Overview
-
-The service creates the following components:
-
-### 1. RDS Module
-- **Flexible RDS**: Can use existing cluster or create new Aurora PostgreSQL cluster
-- **Database**: `__DB_NAME__` database
-- **User**: `__APP_NAME__-db-user` with access to the database
-- **Security**: Proper VPC security groups and SSL certificates
-
-### 3. Secrets Module
-- **EKS Secrets**: All credentials stored as Kubernetes secrets:
-  - `__APP_NAME__-database-credentials`
-
-### 4. Networking Module
-- **VPC Integration**: Works with existing VPC and subnets
-- **Security Groups**: Proper network access controls
-
-## Usage
-
-### Required Variables
-
-```hcl
-# Basic configuration
-environment = "prod"
-name        = "__APP_NAME__"
-region      = "us-west-2"
-
-# EKS configuration
-cluster_name = "my-eks-cluster"
-vpc_id       = "vpc-12345678"
-
-# Optional: Use existing RDS cluster
-existing_rds_cluster_name = "existing-cluster-name"
-```
-
-### Optional Variables
-
-```hcl
-# Kubernetes namespace (default: "__APP_NAME__")
-namespace = "__APP_NAME__"
-
-# Subnet configuration (auto-discovered if not provided)
-subnet_ids = ["subnet-12345", "subnet-67890"]
-
-# RDS configuration
-create_new_rds = true
-rds_engine_version = "16.8"
-rds_port = 5432
-
-# S3 lifecycle
-s3_bucket_expiration_days = 90
-
-# Readonly database access (optional - for external data warehouse access)
-edw_allowed_principals = ["arn:aws:iam::123456789012:role/ExampleRole"]
-edw_vpc_cidr_blocks = ["10.20.0.0/16"]
-```
-
-## Readonly Database Access
-
-The infrastructure optionally creates a readonly database user for external data access (e.g., data warehouses, analytics platforms). When `edw_allowed_principals` is configured:
-
-- A readonly database user is created with `SELECT`-only access
-- Credentials are stored in AWS Secrets Manager
-- An IAM role is created that specified principals can assume to read the credentials
-- Security group rules allow traffic from specified VPC CIDR blocks
-
-Configure `edw_allowed_principals` and `edw_vpc_cidr_blocks` in your `terraform.tfvars` to enable this feature. See the Terraform outputs for the secret ARN and reader role ARN needed to connect.
-
-## Deployment
-
-1. **Initialize Terraform**:
-   ```bash
-   terraform init
-   ```
-
-2. **Plan deployment**:
-   ```bash
-   terraform plan -var-file="terraform.tfvars"
-   ```
-
-3. **Apply configuration**:
-   ```bash
-   terraform apply -var-file="terraform.tfvars"
-   ```
-
-## Outputs
-
-The service provides comprehensive outputs for integration:
-
-### Database Outputs
-- `rds_cluster_endpoint`: Database endpoint
-- `rds_database_name`: Database name
-- `database_secret_name`: Kubernetes secret name
-
-## Security Features
-
-- **Encryption**: All S3 buckets enforce encryption in transit
-- **IAM**: Least-privilege access policies
-- **Network**: VPC-based security groups
-- **Secrets**: Sensitive data stored in AWS Secrets Manager and Kubernetes secrets
-- **SSL**: Database connections use SSL certificates
-
-## Prerequisites
-
-- AWS CLI configured with appropriate permissions
-- kubectl configured for target EKS cluster
-- Terraform >= 1.9.8
-- Existing VPC and EKS cluster
-
-## Permissions Required
-
-The deploying user/role needs permissions for:
-- IAM user and policy management
-- S3 bucket creation and management
-- RDS cluster management (if creating new)
-- Kubernetes secret management
-- VPC and networking resources
-
-## Notes
-
-- **Database User Creation**: The RDS module creates the password and stores it securely, but actual database user creation may need to be handled through initialization scripts or database providers.
-- **Cost Optimization**: S3 lifecycle policies are configured to expire objects after the specified number of days.
-
-## Troubleshooting
-
-### Common Issues
-
-1. **VPC Subnets**: Verify subnets have the correct tags for auto-discovery
-2. **EKS Permissions**: Ensure Terraform has permissions to create Kubernetes resources
-3. **RDS Existing Cluster**: Verify the existing cluster name is correct and accessible
-
-### Validation
-
-Run `terraform validate` to check configuration syntax:
-```bash
-terraform validate
-```
-
-Run `terraform plan` to preview changes before applying:
-```bash
-terraform plan
-```

package/templates/webapp/terraform/deploy.sh

@@ -1,97 +0,0 @@
-#!/bin/bash
-
-# __APP_NAME_UPPER__ Terraform Deployment Script
-# This script helps deploy the __APP_NAME_UPPER__ infrastructure
-
-set -e
-
-# Colors for output
-RED='\033[0;31m'
-GREEN='\033[0;32m'
-YELLOW='\033[1;33m'
-NC='\033[0m' # No Color
-
-# Function to print colored output
-print_status() {
-    echo -e "${GREEN}[INFO]${NC} $1"
-}
-
-print_warning() {
-    echo -e "${YELLOW}[WARNING]${NC} $1"
-}
-
-print_error() {
-    echo -e "${RED}[ERROR]${NC} $1"
-}
-
-# Check if terraform.tfvars exists
-if [ ! -f "terraform.tfvars" ]; then
-    print_error "terraform.tfvars not found!"
-    print_status "Please copy terraform.tfvars.example to terraform.tfvars and customize it for your environment."
-    exit 1
-fi
-
-# Check if required tools are installed
-command -v terraform >/dev/null 2>&1 || { print_error "terraform is required but not installed. Aborting."; exit 1; }
-command -v kubectl >/dev/null 2>&1 || { print_error "kubectl is required but not installed. Aborting."; exit 1; }
-command -v aws >/dev/null 2>&1 || { print_error "aws CLI is required but not installed. Aborting."; exit 1; }
-
-# Parse command line arguments
-ACTION=${1:-plan}
-
-case $ACTION in
-    init)
-        print_status "Initializing Terraform..."
-        terraform init
-        ;;
-    plan)
-        print_status "Planning Terraform deployment..."
-        terraform plan -var-file="terraform.tfvars"
-        ;;
-    apply)
-        print_status "Applying Terraform configuration..."
-        print_warning "This will create/modify AWS resources. Continue? (y/N)"
-        read -r response
-        if [[ "$response" =~ ^([yY][eE][sS]|[yY])$ ]]; then
-            terraform apply -var-file="terraform.tfvars"
-            print_status "Deployment completed successfully!"
-            print_status "Check the outputs above for important resource information."
-        else
-            print_status "Deployment cancelled."
-        fi
-        ;;
-    destroy)
-        print_warning "This will DESTROY all __APP_NAME_UPPER__ infrastructure!"
-        print_warning "Are you absolutely sure? Type 'yes' to continue:"
-        read -r response
-        if [[ "$response" == "yes" ]]; then
-            terraform destroy -var-file="terraform.tfvars"
-            print_status "Infrastructure destroyed."
-        else
-            print_status "Destruction cancelled."
-        fi
-        ;;
-    validate)
-        print_status "Validating Terraform configuration..."
-        terraform validate
-        print_status "Configuration is valid!"
-        ;;
-    output)
-        print_status "Showing Terraform outputs..."
-        terraform output
-        ;;
-    *)
-        echo "Usage: $0 {init|plan|apply|destroy|validate|output}"
-        echo ""
-        echo "Commands:"
-        echo "  init     - Initialize Terraform (run this first)"
-        echo "  plan     - Show what changes will be made"
-        echo "  apply    - Apply the Terraform configuration"
-        echo "  destroy  - Destroy all infrastructure (DANGEROUS)"
-        echo "  validate - Validate the Terraform configuration"
-        echo "  output   - Show current outputs"
-        echo ""
-        echo "Example: $0 plan"
-        exit 1
-        ;;
-esac