api-response-manager 1.0.1 → 2.3.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Vijay Singh Purohit
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -41,12 +41,36 @@ npx @vijaypurohit322-arm/cli webhook
 ## Quick Start
 
 ### 1. Login
+
+**Interactive Login (Recommended)**
 ```bash
 arm login
-# Or provide credentials directly
+# Choose from: Email/Password, Google, GitHub, or Microsoft
+```
+
+**Email & Password**
+```bash
 arm login -e your@email.com -p yourpassword
 ```
 
+**Social Login (OAuth)**
+```bash
+# Login with Google
+arm login --provider google
+
+# Login with GitHub
+arm login --provider github
+
+# Login with Microsoft
+arm login --provider microsoft
+```
+
+The CLI will:
+1. Generate a unique device code
+2. Open your browser automatically
+3. Wait for you to authenticate
+4. Store your credentials securely
+
 ### 2. Start a Tunnel
 ```bash
 # Expose local port 3000
@@ -77,9 +101,59 @@ arm webhook --tunnel <tunnel-id>
 
 #### `arm login`
 Authenticate with API Response Manager
+
+**Options:**
+- `-e, --email <email>` - Email address (for email/password login)
+- `-p, --password <password>` - Password (for email/password login)
+- `--provider <provider>` - OAuth provider: google, github, or microsoft
+
+**Examples:**
 ```bash
+# Interactive login (choose method)
 arm login
-arm login -e email@example.com -p password
+
+# Email & Password
+arm login -e user@example.com -p mypassword
+
+# Social Login (OAuth Device Flow)
+arm login --provider github
+arm login --provider google
+arm login --provider microsoft
+```
+
+**OAuth Device Flow:**
+When using social login, the CLI will:
+1. Generate a unique device code (e.g., `ABCD-EFGH`)
+2. Display a verification URL
+3. Automatically open your browser
+4. Wait for you to complete authentication
+5. Store your token securely
+
+Example output:
+```bash
+$ arm login --provider github
+
+🌐 Logging in with github...
+
+📋 Please complete authentication:
+
+  1. Visit: https://localhost:5173/device
+  2. Enter code: ABCD-EFGH
+
+  Code expires in 600 seconds
+
+? Open browser automatically? (Y/n) 
+
+✓ Browser opened
+
+⠋ Waiting for authentication...
+✓ Authentication successful!
+
+User: John Doe
+Provider: github
+Token saved to: ~/.config/arm-cli/config.json
+
+✓ You can now use all ARM CLI commands
 ```
 
 #### `arm logout`
@@ -93,9 +167,23 @@ arm logout
 #### `arm tunnel <port>`
 Start a tunnel to expose local server
 ```bash
+# Basic HTTP tunnel
 arm tunnel 3000
-arm tunnel 3000 --subdomain myapi --name "My API"
-arm tunnel 3000 --auth --rate-limit 100
+
+# HTTPS tunnel with SSL
+arm tunnel 3000 --protocol https --ssl
+
+# TCP tunnel (for databases, etc.)
+arm tunnel 5432 --protocol tcp --subdomain postgres
+
+# WebSocket tunnel
+arm tunnel 8080 --protocol ws
+
+# With custom subdomain and authentication
+arm tunnel 3000 --subdomain myapi --name "My API" --auth --rate-limit 100
+
+# With custom domain
+arm tunnel 3000 --protocol https --ssl --domain api.yourdomain.com
 ```
 
 Options:
@@ -103,6 +191,9 @@ Options:
 - `-n, --name <name>` - Tunnel name
 - `-a, --auth` - Enable basic authentication
 - `-r, --rate-limit <limit>` - Rate limit (requests per minute, default: 60)
+- `-p, --protocol <protocol>` - Protocol: http, https, tcp, ws, wss (default: http)
+- `--ssl` - Enable SSL/HTTPS
+- `-d, --domain <domain>` - Custom domain
 
 #### `arm tunnel:list`
 List all active tunnels
@@ -128,6 +219,91 @@ Options:
 - `-f, --follow` - Follow log output (real-time)
 - `-n, --lines <number>` - Number of lines to show (default: 50)
 
+#### `arm tunnel:domain <tunnelId> <domain>`
+Set custom domain for tunnel
+```bash
+arm tunnel:domain 507f1f77bcf86cd799439011 api.yourdomain.com
+```
+
+#### `arm tunnel:ssl <tunnelId>`
+Upload SSL certificate for tunnel
+```bash
+arm tunnel:ssl 507f1f77bcf86cd799439011 --cert cert.pem --key key.pem
+arm tunnel:ssl 507f1f77bcf86cd799439011 --cert cert.pem --key key.pem --ca ca.pem
+```
+
+Options:
+- `--cert <path>` - Path to certificate file
+- `--key <path>` - Path to private key file
+- `--ca <path>` - Path to CA certificate file (optional)
+
+#### `arm tunnel:auth:oauth <tunnelId>`
+Configure OAuth authentication for tunnel
+```bash
+arm tunnel:auth:oauth 507f1f77bcf86cd799439011 \
+  --provider google \
+  --client-id YOUR_CLIENT_ID \
+  --client-secret YOUR_SECRET \
+  --callback-url https://yourtunnel.arm.dev/auth/callback \
+  --scope openid,email,profile
+```
+
+Options:
+- `--provider <provider>` - OAuth provider: google, github, microsoft, custom
+- `--client-id <id>` - OAuth client ID
+- `--client-secret <secret>` - OAuth client secret
+- `--callback-url <url>` - OAuth callback URL
+- `--scope <scope>` - OAuth scope (comma-separated)
+
+#### `arm tunnel:auth:oidc <tunnelId>`
+Configure OpenID Connect authentication for tunnel
+```bash
+arm tunnel:auth:oidc 507f1f77bcf86cd799439011 \
+  --issuer https://accounts.google.com \
+  --client-id YOUR_CLIENT_ID \
+  --client-secret YOUR_SECRET \
+  --callback-url https://yourtunnel.arm.dev/auth/callback
+```
+
+Options:
+- `--issuer <url>` - OIDC issuer URL
+- `--client-id <id>` - OIDC client ID
+- `--client-secret <secret>` - OIDC client secret
+- `--callback-url <url>` - OIDC callback URL
+
+#### `arm tunnel:auth:saml <tunnelId>`
+Configure SAML authentication for tunnel
+```bash
+arm tunnel:auth:saml 507f1f77bcf86cd799439011 \
+  --entry-point https://idp.example.com/saml/sso \
+  --issuer https://yourtunnel.arm.dev \
+  --cert idp-cert.pem \
+  --callback-url https://yourtunnel.arm.dev/auth/saml/callback
+```
+
+Options:
+- `--entry-point <url>` - SAML entry point URL
+- `--issuer <issuer>` - SAML issuer
+- `--cert <path>` - Path to IdP certificate file
+- `--callback-url <url>` - SAML callback URL
+
+#### `arm tunnel:ingress <tunnelId> <rules>`
+Configure ingress rules for tunnel (path-based routing)
+```bash
+# Route different paths to different backends
+arm tunnel:ingress 507f1f77bcf86cd799439011 \
+  "/api=localhost:3000,/admin=localhost:4000" \
+  --tls
+
+# Single rule
+arm tunnel:ingress 507f1f77bcf86cd799439011 "/api=localhost:3000"
+```
+
+Options:
+- `--tls` - Enable TLS for ingress
+
+Rules format: `/path=host:port,/path2=host:port`
+
 ### Webhooks
 
 #### `arm webhook`
@@ -268,13 +444,53 @@ Default configuration:
 # Login
 arm login
 
-# Start tunnel on port 3000
-arm tunnel 3000 --subdomain myapp
+# Start HTTPS tunnel on port 3000
+arm tunnel 3000 --protocol https --ssl --subdomain myapp
 
 # Your local server is now accessible at:
 # https://myapp.tunnel.arm.dev
 ```
 
+### Secure Tunnel with OAuth Authentication
+```bash
+# Create HTTPS tunnel
+arm tunnel 3000 --protocol https --ssl --subdomain myapi
+
+# Configure Google OAuth
+arm tunnel:auth:oauth <tunnel-id> \
+  --provider google \
+  --client-id YOUR_GOOGLE_CLIENT_ID \
+  --client-secret YOUR_GOOGLE_SECRET \
+  --callback-url https://myapi.tunnel.arm.dev/auth/callback
+
+# Now your tunnel requires Google login to access
+```
+
+### TCP Tunnel for Database
+```bash
+# Expose PostgreSQL database
+arm tunnel 5432 --protocol tcp --subdomain mydb
+
+# Connect from anywhere:
+# psql -h mydb.tunnel.arm.dev -p 5432 -U username -d database
+```
+
+### Multi-Service Routing with Ingress
+```bash
+# Create tunnel
+arm tunnel 3000 --protocol https --ssl
+
+# Configure path-based routing
+arm tunnel:ingress <tunnel-id> \
+  "/api/v1=localhost:3000,/api/v2=localhost:4000,/admin=localhost:5000" \
+  --tls
+
+# Now:
+# https://yourtunnel.arm.dev/api/v1 -> localhost:3000
+# https://yourtunnel.arm.dev/api/v2 -> localhost:4000
+# https://yourtunnel.arm.dev/admin -> localhost:5000
+```
+
 ### Test Webhooks Locally
 ```bash
 # Create webhook that forwards to local server
@@ -328,6 +544,28 @@ arm config:set apiUrl https://your-api-url.com/api
 arm config:get
 ```
 
+## Troubleshooting
+
+### Command Not Found After Installation
+
+If you get `arm: command not found` after installing:
+
+**Windows:**
+1. Check npm prefix: `npm config get prefix`
+2. Add to PATH: `C:\Users\<YourUsername>\AppData\Roaming\npm`
+3. Restart terminal
+
+**macOS/Linux:**
+```bash
+echo 'export PATH="$(npm config get prefix)/bin:$PATH"' >> ~/.bashrc
+source ~/.bashrc
+```
+
+**Alternative - Use npx:**
+```bash
+npx @vijaypurohit322-arm/cli login
+```
+
 ## Publishing to npm
 
 See [PUBLISHING.md](./PUBLISHING.md) for detailed instructions on publishing this package to npm.

package/bin/arm.js

@@ -17,6 +17,10 @@ const webhookCommand = require('../commands/webhook');
 const projectCommand = require('../commands/project');
 const logsCommand = require('../commands/logs');
 const configCommand = require('../commands/config');
+const ipWhitelistCommand = require('../commands/ipWhitelist');
+const ipBlacklistCommand = require('../commands/ipBlacklist');
+const rateLimitCommand = require('../commands/rateLimit');
+const healthCommand = require('../commands/health');
 
 // CLI setup
 program
@@ -30,6 +34,7 @@ program
   .description('Authenticate with API Response Manager')
   .option('-e, --email <email>', 'Email address')
   .option('-p, --password <password>', 'Password')
+  .option('--provider <provider>', 'OAuth provider (google, github, microsoft)')
   .action(loginCommand);
 
 // Logout command
@@ -47,6 +52,9 @@ program
   .option('-n, --name <name>', 'Tunnel name')
   .option('-a, --auth', 'Enable basic authentication')
   .option('-r, --rate-limit <limit>', 'Rate limit (requests per minute)', '60')
+  .option('-p, --protocol <protocol>', 'Protocol (http, https, tcp, ws, wss)', 'http')
+  .option('--ssl', 'Enable SSL/HTTPS')
+  .option('-d, --domain <domain>', 'Custom domain')
   .action(tunnelCommand.start);
 
 program
@@ -68,6 +76,140 @@ program
   .option('-n, --lines <number>', 'Number of lines to show', '50')
   .action(tunnelCommand.logs);
 
+program
+  .command('tunnel:domain')
+  .description('Set custom domain for tunnel')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .argument('<domain>', 'Custom domain (e.g., api.yourdomain.com)')
+  .action(tunnelCommand.setDomain);
+
+program
+  .command('tunnel:ssl')
+  .description('Upload SSL certificate for tunnel')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .option('--cert <path>', 'Path to certificate file')
+  .option('--key <path>', 'Path to private key file')
+  .option('--ca <path>', 'Path to CA certificate file (optional)')
+  .action(tunnelCommand.uploadSSL);
+
+program
+  .command('tunnel:auth:oauth')
+  .description('Configure OAuth authentication')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .option('--provider <provider>', 'OAuth provider (google, github, microsoft, custom)')
+  .option('--client-id <id>', 'OAuth client ID')
+  .option('--client-secret <secret>', 'OAuth client secret')
+  .option('--callback-url <url>', 'OAuth callback URL')
+  .option('--scope <scope>', 'OAuth scope (comma-separated)')
+  .action(tunnelCommand.configureOAuth);
+
+program
+  .command('tunnel:auth:oidc')
+  .description('Configure OIDC authentication')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .option('--issuer <url>', 'OIDC issuer URL')
+  .option('--client-id <id>', 'OIDC client ID')
+  .option('--client-secret <secret>', 'OIDC client secret')
+  .option('--callback-url <url>', 'OIDC callback URL')
+  .action(tunnelCommand.configureOIDC);
+
+program
+  .command('tunnel:auth:saml')
+  .description('Configure SAML authentication')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .option('--entry-point <url>', 'SAML entry point URL')
+  .option('--issuer <issuer>', 'SAML issuer')
+  .option('--cert <path>', 'Path to IdP certificate file')
+  .option('--callback-url <url>', 'SAML callback URL')
+  .action(tunnelCommand.configureSAML);
+
+program
+  .command('tunnel:ingress')
+  .description('Configure ingress rules for tunnel')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .argument('<rules>', 'Ingress rules (e.g., "/api=localhost:3000,/admin=localhost:4000")')
+  .option('--tls', 'Enable TLS for ingress')
+  .action(tunnelCommand.configureIngress);
+
+// IP Whitelist commands
+program
+  .command('tunnel:ip-whitelist:add')
+  .description('Add IP to tunnel whitelist')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .argument('<ip>', 'IP address or CIDR range (e.g., 192.168.1.100 or 10.0.0.0/8)')
+  .action(ipWhitelistCommand.add);
+
+program
+  .command('tunnel:ip-whitelist:remove')
+  .description('Remove IP from tunnel whitelist')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .argument('<ip>', 'IP address or CIDR range')
+  .action(ipWhitelistCommand.remove);
+
+program
+  .command('tunnel:ip-whitelist:list')
+  .description('List tunnel IP whitelist')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .action(ipWhitelistCommand.list);
+
+program
+  .command('tunnel:ip-whitelist:clear')
+  .description('Clear tunnel IP whitelist')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .action(ipWhitelistCommand.clear);
+
+// IP Blacklist commands
+program
+  .command('tunnel:ip-blacklist:add')
+  .description('Add IP to tunnel blacklist')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .argument('<ip>', 'IP address or CIDR range')
+  .action(ipBlacklistCommand.add);
+
+program
+  .command('tunnel:ip-blacklist:remove')
+  .description('Remove IP from tunnel blacklist')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .argument('<ip>', 'IP address or CIDR range')
+  .action(ipBlacklistCommand.remove);
+
+program
+  .command('tunnel:ip-blacklist:list')
+  .description('List tunnel IP blacklist')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .action(ipBlacklistCommand.list);
+
+program
+  .command('tunnel:ip-blacklist:clear')
+  .description('Clear tunnel IP blacklist')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .action(ipBlacklistCommand.clear);
+
+// Rate Limit commands
+program
+  .command('tunnel:rate-limit')
+  .description('Configure tunnel rate limits')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .option('--rpm <number>', 'Requests per minute')
+  .option('--rph <number>', 'Requests per hour')
+  .option('--rpd <number>', 'Requests per day')
+  .option('--enable', 'Enable rate limiting')
+  .option('--disable', 'Disable rate limiting')
+  .action(rateLimitCommand.configure);
+
+program
+  .command('tunnel:rate-limit:show')
+  .description('Show tunnel rate limits')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .action(rateLimitCommand.show);
+
+// Health check command
+program
+  .command('health')
+  .description('Check server health')
+  .option('-d, --detailed', 'Show detailed health information')
+  .action(healthCommand.check);
+
 // Webhook commands
 program
   .command('webhook')

package/commands/health.js

@@ -0,0 +1,114 @@
+const chalk = require('chalk');
+const ora = require('ora');
+const axios = require('axios');
+const config = require('../utils/config');
+
+// Check basic health
+async function check(options) {
+  const apiUrl = config.get('apiUrl') || 'http://localhost:5000/api';
+  // Remove /api prefix since apiUrl already includes it
+  const endpoint = options.detailed ? '/health/detailed' : '/health';
+  
+  const spinner = ora('Checking server health...').start();
+
+  try {
+    const response = await axios.get(`${apiUrl}${endpoint}`, {
+      validateStatus: (status) => status < 500 || status === 503 // Accept 503 for degraded status
+    });
+    const health = response.data;
+
+    spinner.stop();
+
+    if (options.detailed) {
+      displayDetailedHealth(health);
+    } else {
+      displayBasicHealth(health);
+    }
+
+    // Exit with 0 for ok/degraded, 1 for error
+    process.exit(health.status === 'ok' || health.status === 'degraded' ? 0 : 1);
+  } catch (error) {
+    spinner.fail(chalk.red('Server is unreachable'));
+    console.error(chalk.red(`\n✗ ${error.message}\n`));
+    process.exit(1);
+  }
+}
+
+function displayBasicHealth(health) {
+  console.log(chalk.blue.bold('\n🏥 Server Health Check\n'));
+  
+  const statusColor = health.status === 'ok' ? chalk.green : chalk.red;
+  const statusIcon = health.status === 'ok' ? '✓' : '✗';
+  
+  console.log(chalk.gray('┌─────────────────────────────────────┐'));
+  console.log(chalk.gray('│') + chalk.white('  Status:       ') + statusColor(`${statusIcon} ${health.status.toUpperCase()}`).padEnd(28) + chalk.gray('│'));
+  console.log(chalk.gray('│') + chalk.white('  Uptime:       ') + chalk.cyan(formatUptime(health.uptime)).padEnd(20) + chalk.gray('│'));
+  console.log(chalk.gray('│') + chalk.white('  Environment:  ') + chalk.cyan(health.environment).padEnd(20) + chalk.gray('│'));
+  console.log(chalk.gray('│') + chalk.white('  Timestamp:    ') + chalk.gray(new Date(health.timestamp).toLocaleString()).padEnd(20) + chalk.gray('│'));
+  console.log(chalk.gray('└─────────────────────────────────────┘\n'));
+}
+
+function displayDetailedHealth(health) {
+  console.log(chalk.blue.bold('\n🏥 Detailed Server Health Check\n'));
+  
+  const statusColor = health.status === 'ok' ? chalk.green : (health.status === 'degraded' ? chalk.yellow : chalk.red);
+  const statusIcon = health.status === 'ok' ? '✓' : (health.status === 'degraded' ? '⚠' : '✗');
+  
+  console.log(chalk.gray('┌─────────────────────────────────────────────────────┐'));
+  console.log(chalk.gray('│') + chalk.white.bold('  Overall Status                                    ') + chalk.gray('│'));
+  console.log(chalk.gray('├─────────────────────────────────────────────────────┤'));
+  console.log(chalk.gray('│') + chalk.white('  Status:       ') + statusColor(`${statusIcon} ${health.status.toUpperCase()}`).padEnd(42) + chalk.gray('│'));
+  console.log(chalk.gray('│') + chalk.white('  Uptime:       ') + chalk.cyan(formatUptime(health.uptime)).padEnd(34) + chalk.gray('│'));
+  console.log(chalk.gray('│') + chalk.white('  Environment:  ') + chalk.cyan(health.environment).padEnd(34) + chalk.gray('│'));
+  console.log(chalk.gray('│') + chalk.white('  Version:      ') + chalk.cyan(health.version || 'N/A').padEnd(34) + chalk.gray('│'));
+  console.log(chalk.gray('└─────────────────────────────────────────────────────┘\n'));
+
+  if (health.checks) {
+    // Database
+    console.log(chalk.white.bold('Database:'));
+    displayCheckStatus(health.checks.database);
+    
+    // Redis
+    console.log(chalk.white.bold('\nRedis:'));
+    displayCheckStatus(health.checks.redis);
+    
+    // Memory
+    console.log(chalk.white.bold('\nMemory:'));
+    displayCheckStatus(health.checks.memory);
+    
+    console.log();
+  }
+}
+
+function displayCheckStatus(check) {
+  const statusColor = check.status === 'ok' ? chalk.green : 
+                      check.status === 'warning' ? chalk.yellow : 
+                      check.status === 'not configured' ? chalk.gray : chalk.red;
+  const statusIcon = check.status === 'ok' ? '✓' : 
+                     check.status === 'warning' ? '⚠' : 
+                     check.status === 'not configured' ? '○' : '✗';
+  
+  console.log(`  ${statusColor(statusIcon)} ${statusColor(check.status.toUpperCase())}`);
+  
+  Object.keys(check).forEach(key => {
+    if (key !== 'status') {
+      console.log(`     ${chalk.gray(key + ':')} ${chalk.white(check[key])}`);
+    }
+  });
+}
+
+function formatUptime(seconds) {
+  const days = Math.floor(seconds / 86400);
+  const hours = Math.floor((seconds % 86400) / 3600);
+  const minutes = Math.floor((seconds % 3600) / 60);
+  const secs = Math.floor(seconds % 60);
+
+  if (days > 0) return `${days}d ${hours}h ${minutes}m`;
+  if (hours > 0) return `${hours}h ${minutes}m ${secs}s`;
+  if (minutes > 0) return `${minutes}m ${secs}s`;
+  return `${secs}s`;
+}
+
+module.exports = {
+  check
+};

package/commands/ipBlacklist.js

@@ -0,0 +1,121 @@
+const chalk = require('chalk');
+const ora = require('ora');
+const Table = require('cli-table3');
+const api = require('../utils/api');
+
+// Add IP to blacklist
+async function add(tunnelId, ip) {
+  const spinner = ora('Adding IP to blacklist...').start();
+
+  try {
+    // Get current tunnel
+    const tunnel = await api.getTunnel(tunnelId);
+    const currentBlacklist = tunnel.tunnel.ipBlacklist || [];
+
+    // Check if IP already exists
+    if (currentBlacklist.includes(ip)) {
+      spinner.fail(chalk.yellow(`IP ${ip} is already in the blacklist`));
+      return;
+    }
+
+    // Add new IP
+    const updatedBlacklist = [...currentBlacklist, ip];
+    await api.updateIPBlacklist(tunnelId, updatedBlacklist);
+
+    spinner.succeed(chalk.green(`IP ${ip} added to blacklist`));
+    console.log(chalk.gray(`\nTotal blacklisted IPs: ${updatedBlacklist.length}\n`));
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to add IP to blacklist'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+// Remove IP from blacklist
+async function remove(tunnelId, ip) {
+  const spinner = ora('Removing IP from blacklist...').start();
+
+  try {
+    // Get current tunnel
+    const tunnel = await api.getTunnel(tunnelId);
+    const currentBlacklist = tunnel.tunnel.ipBlacklist || [];
+
+    // Check if IP exists
+    if (!currentBlacklist.includes(ip)) {
+      spinner.fail(chalk.yellow(`IP ${ip} is not in the blacklist`));
+      return;
+    }
+
+    // Remove IP
+    const updatedBlacklist = currentBlacklist.filter(item => item !== ip);
+    await api.updateIPBlacklist(tunnelId, updatedBlacklist);
+
+    spinner.succeed(chalk.green(`IP ${ip} removed from blacklist`));
+    console.log(chalk.gray(`\nTotal blacklisted IPs: ${updatedBlacklist.length}\n`));
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to remove IP from blacklist'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+// List blacklisted IPs
+async function list(tunnelId) {
+  const spinner = ora('Fetching IP blacklist...').start();
+
+  try {
+    const tunnel = await api.getTunnel(tunnelId);
+    const blacklist = tunnel.tunnel.ipBlacklist || [];
+
+    spinner.stop();
+
+    if (blacklist.length === 0) {
+      console.log(chalk.yellow('\n⚠ No IP blacklist configured. No IPs are blocked.\n'));
+      return;
+    }
+
+    console.log(chalk.blue.bold(`\n🚫 IP Blacklist (${blacklist.length} IPs)\n`));
+
+    const table = new Table({
+      head: [chalk.white('IP Address / CIDR')],
+      style: {
+        head: ['cyan'],
+        border: ['gray']
+      }
+    });
+
+    blacklist.forEach(ip => {
+      table.push([chalk.red(ip)]);
+    });
+
+    console.log(table.toString());
+    console.log();
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to fetch IP blacklist'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+// Clear all blacklisted IPs
+async function clear(tunnelId) {
+  const spinner = ora('Clearing IP blacklist...').start();
+
+  try {
+    await api.updateIPBlacklist(tunnelId, []);
+
+    spinner.succeed(chalk.green('IP blacklist cleared'));
+    console.log(chalk.gray('\nNo IPs are blocked.\n'));
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to clear IP blacklist'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+module.exports = {
+  add,
+  remove,
+  list,
+  clear
+};

package/commands/ipWhitelist.js

@@ -0,0 +1,121 @@
+const chalk = require('chalk');
+const ora = require('ora');
+const Table = require('cli-table3');
+const api = require('../utils/api');
+
+// Add IP to whitelist
+async function add(tunnelId, ip) {
+  const spinner = ora('Adding IP to whitelist...').start();
+
+  try {
+    // Get current tunnel
+    const tunnel = await api.getTunnel(tunnelId);
+    const currentWhitelist = tunnel.tunnel.ipWhitelist || [];
+
+    // Check if IP already exists
+    if (currentWhitelist.includes(ip)) {
+      spinner.fail(chalk.yellow(`IP ${ip} is already in the whitelist`));
+      return;
+    }
+
+    // Add new IP
+    const updatedWhitelist = [...currentWhitelist, ip];
+    await api.updateIPWhitelist(tunnelId, updatedWhitelist);
+
+    spinner.succeed(chalk.green(`IP ${ip} added to whitelist`));
+    console.log(chalk.gray(`\nTotal whitelisted IPs: ${updatedWhitelist.length}\n`));
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to add IP to whitelist'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+// Remove IP from whitelist
+async function remove(tunnelId, ip) {
+  const spinner = ora('Removing IP from whitelist...').start();
+
+  try {
+    // Get current tunnel
+    const tunnel = await api.getTunnel(tunnelId);
+    const currentWhitelist = tunnel.tunnel.ipWhitelist || [];
+
+    // Check if IP exists
+    if (!currentWhitelist.includes(ip)) {
+      spinner.fail(chalk.yellow(`IP ${ip} is not in the whitelist`));
+      return;
+    }
+
+    // Remove IP
+    const updatedWhitelist = currentWhitelist.filter(item => item !== ip);
+    await api.updateIPWhitelist(tunnelId, updatedWhitelist);
+
+    spinner.succeed(chalk.green(`IP ${ip} removed from whitelist`));
+    console.log(chalk.gray(`\nTotal whitelisted IPs: ${updatedWhitelist.length}\n`));
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to remove IP from whitelist'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+// List whitelisted IPs
+async function list(tunnelId) {
+  const spinner = ora('Fetching IP whitelist...').start();
+
+  try {
+    const tunnel = await api.getTunnel(tunnelId);
+    const whitelist = tunnel.tunnel.ipWhitelist || [];
+
+    spinner.stop();
+
+    if (whitelist.length === 0) {
+      console.log(chalk.yellow('\n⚠ No IP whitelist configured. All IPs are allowed.\n'));
+      return;
+    }
+
+    console.log(chalk.blue.bold(`\n🔒 IP Whitelist (${whitelist.length} IPs)\n`));
+
+    const table = new Table({
+      head: [chalk.white('IP Address / CIDR')],
+      style: {
+        head: ['cyan'],
+        border: ['gray']
+      }
+    });
+
+    whitelist.forEach(ip => {
+      table.push([chalk.green(ip)]);
+    });
+
+    console.log(table.toString());
+    console.log();
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to fetch IP whitelist'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+// Clear all whitelisted IPs
+async function clear(tunnelId) {
+  const spinner = ora('Clearing IP whitelist...').start();
+
+  try {
+    await api.updateIPWhitelist(tunnelId, []);
+
+    spinner.succeed(chalk.green('IP whitelist cleared'));
+    console.log(chalk.gray('\nAll IPs are now allowed.\n'));
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to clear IP whitelist'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+module.exports = {
+  add,
+  remove,
+  list,
+  clear
+};

package/commands/login.js

@@ -1,12 +1,38 @@
 const inquirer = require('inquirer');
 const chalk = require('chalk');
 const ora = require('ora');
+const open = require('open');
 const api = require('../utils/api');
 const config = require('../utils/config');
 
 async function login(options) {
   console.log(chalk.blue.bold('\n🔐 API Response Manager - Login\n'));
 
+  // Check if social login is requested
+  if (options.provider) {
+    return await socialLogin(options.provider);
+  }
+
+  // Ask for login method
+  const { method } = await inquirer.prompt([
+    {
+      type: 'list',
+      name: 'method',
+      message: 'Choose login method:',
+      choices: [
+        { name: '📧 Email & Password', value: 'email' },
+        { name: '🌐 Google', value: 'google' },
+        { name: '🐙 GitHub', value: 'github' },
+        { name: '🪟 Microsoft', value: 'microsoft' }
+      ]
+    }
+  ]);
+
+  if (method !== 'email') {
+    return await socialLogin(method);
+  }
+
+  // Traditional email/password login
   let email = options.email;
   let password = options.password;
 
@@ -85,4 +111,100 @@ async function login(options) {
   }
 }
 
+async function socialLogin(provider) {
+  console.log(chalk.blue(`\n🌐 Logging in with ${provider}...\n`));
+
+  const spinner = ora('Initiating OAuth flow...').start();
+
+  try {
+    // Request device code from backend
+    const deviceResponse = await api.requestDeviceCode(provider);
+    
+    spinner.stop();
+
+    const { device_code, user_code, verification_uri, expires_in } = deviceResponse;
+
+    console.log(chalk.yellow('\n📋 Please complete authentication:\n'));
+    console.log(chalk.white('  1. Visit:'), chalk.cyan.underline(verification_uri));
+    console.log(chalk.white('  2. Enter code:'), chalk.green.bold(user_code));
+    console.log(chalk.gray(`\n  Code expires in ${expires_in} seconds\n`));
+
+    // Open browser automatically
+    const { openBrowser } = await inquirer.prompt([
+      {
+        type: 'confirm',
+        name: 'openBrowser',
+        message: 'Open browser automatically?',
+        default: true
+      }
+    ]);
+
+    if (openBrowser) {
+      await open(verification_uri);
+      console.log(chalk.gray('  ✓ Browser opened\n'));
+    }
+
+    const pollSpinner = ora('Waiting for authentication...').start();
+
+    // Poll for token
+    const pollInterval = 5000; // 5 seconds
+    const maxAttempts = Math.ceil(expires_in / (pollInterval / 1000));
+    let attempts = 0;
+
+    const pollForToken = async () => {
+      while (attempts < maxAttempts) {
+        attempts++;
+        
+        try {
+          const tokenResponse = await api.pollDeviceToken(device_code, provider);
+          
+          if (tokenResponse.token) {
+            pollSpinner.succeed(chalk.green('Authentication successful!'));
+            
+            // Store credentials
+            api.setToken(tokenResponse.token);
+            
+            const userId = tokenResponse.user?._id || tokenResponse.user?.id;
+            const userEmail = tokenResponse.user?.email;
+            const userName = tokenResponse.user?.name;
+            
+            if (userId) config.set('userId', userId);
+            if (userEmail) config.set('email', userEmail);
+            
+            console.log(chalk.gray('\nUser:'), chalk.white(userName || userEmail));
+            console.log(chalk.gray('Provider:'), chalk.white(provider));
+            console.log(chalk.gray('Token saved to:'), chalk.white(config.path));
+            console.log(chalk.green('\n✓ You can now use all ARM CLI commands\n'));
+            
+            return;
+          }
+        } catch (error) {
+          if (error.response?.status === 428) {
+            // Still pending, continue polling
+            await new Promise(resolve => setTimeout(resolve, pollInterval));
+            continue;
+          }
+          throw error;
+        }
+      }
+      
+      throw new Error('Authentication timeout - please try again');
+    };
+
+    await pollForToken();
+
+  } catch (error) {
+    spinner.stop();
+    console.error(chalk.red('\n✗ Social login failed'));
+    
+    if (error.response?.data?.msg) {
+      console.error(chalk.red(`✗ ${error.response.data.msg}\n`));
+    } else {
+      console.error(chalk.red(`✗ ${error.message}\n`));
+    }
+    
+    process.exit(1);
+  }
+}
+
 module.exports = login;

package/commands/rateLimit.js

@@ -0,0 +1,69 @@
+const chalk = require('chalk');
+const ora = require('ora');
+const api = require('../utils/api');
+
+// Configure rate limits
+async function configure(tunnelId, options) {
+  const spinner = ora('Updating rate limits...').start();
+
+  try {
+    // Get current tunnel
+    const tunnel = await api.getTunnel(tunnelId);
+    const currentRateLimit = tunnel.tunnel.rateLimit || {};
+
+    // Build update object
+    const updates = {
+      rateLimit: {
+        enabled: options.disable ? false : (options.enable ? true : currentRateLimit.enabled),
+        requestsPerMinute: options.rpm || currentRateLimit.requestsPerMinute,
+        requestsPerHour: options.rph || currentRateLimit.requestsPerHour,
+        requestsPerDay: options.rpd || currentRateLimit.requestsPerDay
+      }
+    };
+
+    await api.updateTunnel(tunnelId, updates);
+
+    spinner.succeed(chalk.green('Rate limits updated successfully'));
+
+    console.log(chalk.blue.bold('\n⚡ Rate Limit Configuration\n'));
+    console.log(chalk.gray('┌─────────────────────────────────────┐'));
+    console.log(chalk.gray('│') + chalk.white('  Status:       ') + (updates.rateLimit.enabled ? chalk.green('Enabled') : chalk.red('Disabled')).padEnd(28) + chalk.gray('│'));
+    console.log(chalk.gray('│') + chalk.white('  Per Minute:   ') + chalk.cyan(String(updates.rateLimit.requestsPerMinute)).padEnd(20) + chalk.gray('│'));
+    console.log(chalk.gray('│') + chalk.white('  Per Hour:     ') + chalk.cyan(String(updates.rateLimit.requestsPerHour)).padEnd(20) + chalk.gray('│'));
+    console.log(chalk.gray('│') + chalk.white('  Per Day:      ') + chalk.cyan(String(updates.rateLimit.requestsPerDay)).padEnd(20) + chalk.gray('│'));
+    console.log(chalk.gray('└─────────────────────────────────────┘\n'));
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to update rate limits'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+// Show current rate limits
+async function show(tunnelId) {
+  const spinner = ora('Fetching rate limits...').start();
+
+  try {
+    const tunnel = await api.getTunnel(tunnelId);
+    const rateLimit = tunnel.tunnel.rateLimit || {};
+
+    spinner.stop();
+
+    console.log(chalk.blue.bold('\n⚡ Rate Limit Configuration\n'));
+    console.log(chalk.gray('┌─────────────────────────────────────┐'));
+    console.log(chalk.gray('│') + chalk.white('  Status:       ') + (rateLimit.enabled ? chalk.green('Enabled') : chalk.red('Disabled')).padEnd(28) + chalk.gray('│'));
+    console.log(chalk.gray('│') + chalk.white('  Per Minute:   ') + chalk.cyan(String(rateLimit.requestsPerMinute || 60)).padEnd(20) + chalk.gray('│'));
+    console.log(chalk.gray('│') + chalk.white('  Per Hour:     ') + chalk.cyan(String(rateLimit.requestsPerHour || 1000)).padEnd(20) + chalk.gray('│'));
+    console.log(chalk.gray('│') + chalk.white('  Per Day:      ') + chalk.cyan(String(rateLimit.requestsPerDay || 10000)).padEnd(20) + chalk.gray('│'));
+    console.log(chalk.gray('└─────────────────────────────────────┘\n'));
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to fetch rate limits'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+module.exports = {
+  configure,
+  show
+};

package/commands/tunnel.js

@@ -21,6 +21,9 @@ async function start(port, options) {
       name: options.name || `Tunnel-${port}`,
       subdomain: options.subdomain,
       localPort: parseInt(port),
+      protocol: options.protocol || 'http',
+      sslEnabled: options.ssl || options.protocol === 'https',
+      customDomain: options.domain,
       security: {
         requireAuth: options.auth || false
       },
@@ -222,9 +225,147 @@ async function logs(tunnelId, options) {
   }
 }
 
+// Set custom domain
+async function setDomain(tunnelId, domain) {
+  const spinner = ora('Setting custom domain...').start();
+
+  try {
+    await api.setTunnelDomain(tunnelId, domain);
+    spinner.succeed(chalk.green('Custom domain set successfully'));
+    console.log(chalk.cyan(`\n✓ Tunnel now accessible at: https://${domain}\n`));
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to set custom domain'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+// Upload SSL certificate
+async function uploadSSL(tunnelId, options) {
+  const spinner = ora('Uploading SSL certificate...').start();
+
+  try {
+    const fs = require('fs');
+    const cert = fs.readFileSync(options.cert, 'utf8');
+    const key = fs.readFileSync(options.key, 'utf8');
+    const ca = options.ca ? fs.readFileSync(options.ca, 'utf8') : null;
+
+    await api.uploadTunnelSSL(tunnelId, { cert, key, ca });
+    spinner.succeed(chalk.green('SSL certificate uploaded successfully'));
+    console.log();
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to upload SSL certificate'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+// Configure OAuth
+async function configureOAuth(tunnelId, options) {
+  const spinner = ora('Configuring OAuth...').start();
+
+  try {
+    await api.configureTunnelOAuth(tunnelId, {
+      provider: options.provider,
+      clientId: options.clientId,
+      clientSecret: options.clientSecret,
+      callbackUrl: options.callbackUrl,
+      scope: options.scope ? options.scope.split(',') : ['openid', 'email', 'profile']
+    });
+    spinner.succeed(chalk.green('OAuth configured successfully'));
+    console.log();
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to configure OAuth'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+// Configure OIDC
+async function configureOIDC(tunnelId, options) {
+  const spinner = ora('Configuring OIDC...').start();
+
+  try {
+    await api.configureTunnelOIDC(tunnelId, {
+      issuer: options.issuer,
+      clientId: options.clientId,
+      clientSecret: options.clientSecret,
+      callbackUrl: options.callbackUrl
+    });
+    spinner.succeed(chalk.green('OIDC configured successfully'));
+    console.log();
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to configure OIDC'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+// Configure SAML
+async function configureSAML(tunnelId, options) {
+  const spinner = ora('Configuring SAML...').start();
+
+  try {
+    const fs = require('fs');
+    const cert = fs.readFileSync(options.cert, 'utf8');
+
+    await api.configureTunnelSAML(tunnelId, {
+      entryPoint: options.entryPoint,
+      issuer: options.issuer,
+      cert,
+      callbackUrl: options.callbackUrl
+    });
+    spinner.succeed(chalk.green('SAML configured successfully'));
+    console.log();
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to configure SAML'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+// Configure ingress
+async function configureIngress(tunnelId, rules, options) {
+  const spinner = ora('Configuring ingress...').start();
+
+  try {
+    // Parse rules: "/api=localhost:3000,/admin=localhost:4000"
+    const parsedRules = rules.split(',').map(rule => {
+      const [path, backend] = rule.split('=');
+      const [host, port] = backend.split(':');
+      return {
+        path: path.trim(),
+        pathType: 'Prefix',
+        backend: {
+          host: host.trim(),
+          port: parseInt(port)
+        }
+      };
+    });
+
+    await api.configureTunnelIngress(tunnelId, {
+      enabled: true,
+      rules: parsedRules,
+      tls: { enabled: options.tls || false }
+    });
+    spinner.succeed(chalk.green('Ingress configured successfully'));
+    console.log();
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to configure ingress'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
 module.exports = {
   start,
   list,
   stop,
-  logs
+  logs,
+  setDomain,
+  uploadSSL,
+  configureOAuth,
+  configureOIDC,
+  configureSAML,
+  configureIngress
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "api-response-manager",
-  "version": "1.0.1",
+  "version": "2.3.1",
   "description": "Command-line interface for API Response Manager",
   "main": "index.js",
   "bin": {
@@ -8,7 +8,17 @@
   },
   "scripts": {
     "test": "jest",
-    "link": "npm link"
+    "link": "npm link",
+    "prepublishOnly": "echo 'Publishing api-response-manager CLI...'"
+  },
+  "files": [
+    "bin/",
+    "commands/",
+    "utils/",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
   },
   "keywords": [
     "api",
@@ -21,17 +31,18 @@
   "author": "Vijay Singh Purohit",
   "license": "MIT",
   "dependencies": {
-    "commander": "^11.1.0",
     "axios": "^1.6.2",
+    "boxen": "^5.1.2",
     "chalk": "^4.1.2",
+    "cli-table3": "^0.6.3",
+    "commander": "^11.1.0",
+    "conf": "^10.2.0",
+    "dotenv": "^16.3.1",
     "inquirer": "^8.2.5",
+    "open": "^8.4.0",
     "ora": "^5.4.1",
-    "ws": "^8.14.2",
-    "dotenv": "^16.3.1",
-    "conf": "^10.2.0",
-    "boxen": "^5.1.2",
-    "cli-table3": "^0.6.3",
-    "update-notifier": "^6.0.2"
+    "update-notifier": "^6.0.2",
+    "ws": "^8.14.2"
   },
   "devDependencies": {
     "jest": "^29.7.0"
@@ -46,5 +57,6 @@
   "bugs": {
     "url": "https://github.com/vijaypurohit322/api-response-manager/issues"
   },
-  "homepage": "https://github.com/vijaypurohit322/api-response-manager#readme"
+  "homepage": "https://github.com/vijaypurohit322/api-response-manager#readme",
+  "preferGlobal": true
 }

package/utils/api.js

@@ -58,6 +58,20 @@ class APIClient {
     return response.data;
   }
 
+  // OAuth Device Flow for CLI
+  async requestDeviceCode(provider) {
+    const response = await this.client.post('/auth/device/code', { provider });
+    return response.data;
+  }
+
+  async pollDeviceToken(deviceCode, provider) {
+    const response = await this.client.post('/auth/device/token', { 
+      device_code: deviceCode,
+      provider 
+    });
+    return response.data;
+  }
+
   // Tunnels
   async createTunnel(data) {
     const response = await this.client.post('/tunnels', data);
@@ -140,6 +154,54 @@ class APIClient {
     const response = await this.client.get(`/projects/${id}/responses`, { params });
     return response.data;
   }
+
+  // Advanced Tunnel Features
+  async setTunnelDomain(id, domain) {
+    const response = await this.client.post(`/tunnels/${id}/custom-domain`, { domain });
+    return response.data;
+  }
+
+  async uploadTunnelSSL(id, data) {
+    const response = await this.client.post(`/tunnels/${id}/ssl`, data);
+    return response.data;
+  }
+
+  async configureTunnelOAuth(id, data) {
+    const response = await this.client.post(`/tunnels/${id}/auth/oauth`, data);
+    return response.data;
+  }
+
+  async configureTunnelOIDC(id, data) {
+    const response = await this.client.post(`/tunnels/${id}/auth/oidc`, data);
+    return response.data;
+  }
+
+  async configureTunnelSAML(id, data) {
+    const response = await this.client.post(`/tunnels/${id}/auth/saml`, data);
+    return response.data;
+  }
+
+  async configureTunnelIngress(id, data) {
+    const response = await this.client.post(`/tunnels/${id}/ingress`, data);
+    return response.data;
+  }
+
+  // IP Management
+  async updateIPWhitelist(id, ipWhitelist) {
+    const response = await this.client.put(`/tunnels/${id}/ip-whitelist`, { ipWhitelist });
+    return response.data;
+  }
+
+  async updateIPBlacklist(id, ipBlacklist) {
+    const response = await this.client.put(`/tunnels/${id}/ip-blacklist`, { ipBlacklist });
+    return response.data;
+  }
+
+  // Update Tunnel
+  async updateTunnel(id, updates) {
+    const response = await this.client.put(`/tunnels/${id}`, updates);
+    return response.data;
+  }
 }
 
 module.exports = new APIClient();