hackerrun 0.1.0

package/dist/index.js

@@ -0,0 +1,2813 @@
+#!/usr/bin/env node
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/index.ts
+import { Command as Command9 } from "commander";
+
+// src/commands/login.ts
+import { Command } from "commander";
+import chalk from "chalk";
+import ora from "ora";
+
+// src/lib/config.ts
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
+var ConfigManager = class {
+  configDir;
+  configFile;
+  constructor() {
+    this.configDir = join(homedir(), ".config", "hackerrun");
+    this.configFile = join(this.configDir, "config.json");
+    this.ensureConfigDir();
+  }
+  ensureConfigDir() {
+    if (!existsSync(this.configDir)) {
+      mkdirSync(this.configDir, { recursive: true, mode: 448 });
+    }
+  }
+  /**
+   * Read config from ~/.config/hackerrun/config.json
+   */
+  readConfig() {
+    if (!existsSync(this.configFile)) {
+      return {};
+    }
+    try {
+      const content = readFileSync(this.configFile, "utf-8");
+      return JSON.parse(content);
+    } catch (error) {
+      console.warn("Failed to read config file");
+      return {};
+    }
+  }
+  /**
+   * Write config to ~/.config/hackerrun/config.json
+   */
+  writeConfig(config) {
+    writeFileSync(this.configFile, JSON.stringify(config, null, 2), { mode: 384 });
+  }
+  /**
+   * Load and validate config
+   */
+  load() {
+    const config = this.readConfig();
+    if (!config.apiToken) {
+      throw new Error(
+        `Missing API token. Please run:
+
+  hackerrun login
+`
+      );
+    }
+    return {
+      apiToken: config.apiToken
+    };
+  }
+  /**
+   * Set a config value
+   */
+  set(key, value) {
+    const config = this.readConfig();
+    config[key] = value;
+    this.writeConfig(config);
+  }
+  /**
+   * Get a config value
+   */
+  get(key) {
+    const config = this.readConfig();
+    return config[key];
+  }
+  /**
+   * Get all config values (with sensitive data masked)
+   */
+  getAll(maskSensitive = true) {
+    const config = this.readConfig();
+    if (maskSensitive && config.apiToken) {
+      config.apiToken = this.maskToken(config.apiToken);
+    }
+    return config;
+  }
+  /**
+   * Mask sensitive token for display
+   */
+  maskToken(token) {
+    if (token.length <= 8) return "***";
+    return token.substring(0, 8) + "..." + token.substring(token.length - 4);
+  }
+  /**
+   * Delete a config value
+   */
+  unset(key) {
+    const config = this.readConfig();
+    delete config[key];
+    this.writeConfig(config);
+  }
+  /**
+   * Check if config exists and is valid
+   */
+  exists() {
+    const config = this.readConfig();
+    return !!config.apiToken;
+  }
+  /**
+   * Get config file path
+   */
+  getConfigPath() {
+    return this.configFile;
+  }
+};
+
+// src/commands/login.ts
+var PLATFORM_API_URL = process.env.HACKERRUN_API_URL || "http://localhost:3000";
+function createLoginCommand() {
+  const cmd = new Command("login");
+  cmd.description("Login to HackerRun platform");
+  cmd.action(async () => {
+    try {
+      console.log(chalk.cyan("\n\u{1F510} Logging in to HackerRun\n"));
+      const spinner = ora("Initiating login...").start();
+      const initResponse = await fetch(`${PLATFORM_API_URL}/api/auth/device`, {
+        method: "POST"
+      });
+      if (!initResponse.ok) {
+        spinner.fail("Failed to initiate login");
+        const error = await initResponse.json().catch(() => ({ error: "Unknown error" }));
+        console.error(chalk.red(`
+Error: ${error.error || initResponse.statusText}
+`));
+        process.exit(1);
+      }
+      const deviceFlow = await initResponse.json();
+      spinner.succeed("Login initiated");
+      console.log(chalk.cyan("\n\u{1F4CB} Please complete the following steps:\n"));
+      console.log(`  1. Visit: ${chalk.bold.blue(deviceFlow.verificationUri)}`);
+      console.log(`  2. Enter code: ${chalk.bold.yellow(deviceFlow.userCode)}
+`);
+      console.log(chalk.dim(`Code expires in ${Math.floor(deviceFlow.expiresIn / 60)} minutes
+`));
+      const pollSpinner = ora("Waiting for authorization...").start();
+      const pollInterval = deviceFlow.interval * 1e3;
+      const maxAttempts = Math.floor(deviceFlow.expiresIn / deviceFlow.interval);
+      let attempts = 0;
+      while (attempts < maxAttempts) {
+        await sleep(pollInterval);
+        attempts++;
+        try {
+          const pollResponse = await fetch(
+            `${PLATFORM_API_URL}/api/auth/device/poll?device_code=${deviceFlow.deviceCode}`
+          );
+          if (!pollResponse.ok) {
+            pollSpinner.fail("Failed to check authorization status");
+            console.error(chalk.red("\nPlease try again later\n"));
+            process.exit(1);
+          }
+          const result = await pollResponse.json();
+          if (result.status === "authorized") {
+            pollSpinner.succeed(chalk.green("Authorization successful!"));
+            const configManager = new ConfigManager();
+            configManager.set("apiToken", result.token);
+            console.log(chalk.green("\n\u2713 Login successful!\n"));
+            console.log(chalk.cyan("You can now use HackerRun CLI:\n"));
+            console.log(`  ${chalk.bold("hackerrun deploy")}     Deploy your application`);
+            console.log(`  ${chalk.bold("hackerrun app list")}  List your apps`);
+            console.log(`  ${chalk.bold("hackerrun config list")} View configuration
+`);
+            return;
+          } else if (result.status === "expired") {
+            pollSpinner.fail("Authorization code expired");
+            console.error(chalk.red("\nPlease run `hackerrun login` again\n"));
+            process.exit(1);
+          }
+        } catch (error) {
+          pollSpinner.fail("Failed to check authorization");
+          console.error(chalk.red(`
+Error: ${error.message}
+`));
+          process.exit(1);
+        }
+      }
+      pollSpinner.fail("Authorization timed out");
+      console.error(chalk.red("\nPlease run `hackerrun login` again\n"));
+      process.exit(1);
+    } catch (error) {
+      console.error(chalk.red(`
+\u274C Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  return cmd;
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+// src/commands/deploy.ts
+import { Command as Command2 } from "commander";
+import chalk7 from "chalk";
+import ora4 from "ora";
+
+// src/lib/ssh-cert.ts
+import { execSync } from "child_process";
+import { mkdtempSync, writeFileSync as writeFileSync2, readFileSync as readFileSync2, rmSync, existsSync as existsSync2, chmodSync } from "fs";
+import { join as join2 } from "path";
+import { tmpdir } from "os";
+import * as net from "net";
+var SSHCertManager = class {
+  constructor(platformClient) {
+    this.platformClient = platformClient;
+  }
+  sessions = /* @__PURE__ */ new Map();
+  sshAgentStarted = false;
+  /**
+   * Get or create an SSH session for an app
+   * Generates temp keypair, gets certificate, adds to SSH agent
+   */
+  async getSession(appName, vmIp) {
+    const existingSession = this.sessions.get(appName);
+    if (existingSession && this.isSessionValid(existingSession)) {
+      return existingSession;
+    }
+    const session = await this.createSession(appName, vmIp);
+    this.sessions.set(appName, session);
+    return session;
+  }
+  /**
+   * Create a new SSH session with certificate
+   */
+  async createSession(appName, vmIp) {
+    const tmpDir = mkdtempSync(join2(tmpdir(), "hackerrun-ssh-"));
+    const keyPath = join2(tmpDir, "key");
+    try {
+      execSync(`ssh-keygen -t ed25519 -f "${keyPath}" -N "" -C "hackerrun-temp"`, {
+        stdio: "pipe"
+      });
+      const publicKey = readFileSync2(`${keyPath}.pub`, "utf8").trim();
+      const { certificate } = await this.platformClient.requestSSHCertificate(appName, publicKey);
+      const certPath = `${keyPath}-cert.pub`;
+      writeFileSync2(certPath, certificate);
+      chmodSync(keyPath, 384);
+      await this.addToSSHAgent(keyPath);
+      const session = {
+        keyPath,
+        publicKey,
+        certificate,
+        certPath,
+        vmIp,
+        cleanup: () => {
+          try {
+            execSync(`ssh-add -d "${keyPath}" 2>/dev/null`, { stdio: "pipe" });
+          } catch {
+          }
+          rmSync(tmpDir, { recursive: true, force: true });
+          this.sessions.delete(appName);
+        }
+      };
+      return session;
+    } catch (error) {
+      rmSync(tmpDir, { recursive: true, force: true });
+      throw error;
+    }
+  }
+  /**
+   * Check if an SSH agent is running, start one if needed
+   */
+  ensureSSHAgent() {
+    if (this.sshAgentStarted) return;
+    const agentPid = process.env.SSH_AGENT_PID;
+    const authSock = process.env.SSH_AUTH_SOCK;
+    if (agentPid && authSock && existsSync2(authSock)) {
+      this.sshAgentStarted = true;
+      return;
+    }
+    try {
+      const result = execSync("ssh-agent -s", { encoding: "utf-8" });
+      const pidMatch = result.match(/SSH_AGENT_PID=(\d+)/);
+      const sockMatch = result.match(/SSH_AUTH_SOCK=([^;]+)/);
+      if (pidMatch && sockMatch) {
+        process.env.SSH_AGENT_PID = pidMatch[1];
+        process.env.SSH_AUTH_SOCK = sockMatch[1];
+        this.sshAgentStarted = true;
+      }
+    } catch {
+    }
+  }
+  /**
+   * Add key and certificate to SSH agent
+   */
+  async addToSSHAgent(keyPath) {
+    this.ensureSSHAgent();
+    try {
+      execSync(`ssh-add "${keyPath}"`, { stdio: "pipe" });
+    } catch (error) {
+      throw new Error(`Failed to add key to SSH agent: ${error.message}`);
+    }
+  }
+  /**
+   * Check if a session is still valid (certificate not expired)
+   * Certificates have 5-minute TTL
+   */
+  isSessionValid(session) {
+    try {
+      if (!existsSync2(session.keyPath) || !existsSync2(session.certPath)) {
+        return false;
+      }
+      const result = execSync(`ssh-keygen -L -f "${session.certPath}"`, { encoding: "utf-8" });
+      const validMatch = result.match(/Valid: from .* to (.+)/);
+      if (!validMatch) return false;
+      const expiryStr = validMatch[1].trim();
+      const expiry = new Date(expiryStr);
+      const now = /* @__PURE__ */ new Date();
+      now.setSeconds(now.getSeconds() + 30);
+      return expiry > now;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Get SSH command options for connecting with certificate
+   * Returns options that work with ssh+cli:// connector
+   */
+  getSSHOptions(session) {
+    return [
+      "-o",
+      "StrictHostKeyChecking=no",
+      "-o",
+      "UserKnownHostsFile=/dev/null",
+      "-o",
+      `IdentityFile=${session.keyPath}`,
+      "-o",
+      `CertificateFile=${session.certPath}`
+    ];
+  }
+  /**
+   * Format VM IP for uncloud --connect ssh+cli:// URL
+   * Note: Don't use brackets - uncloud passes this to SSH which expects raw addresses
+   */
+  formatConnectionURL(vmIp) {
+    return `ssh+cli://root@${vmIp}`;
+  }
+  /**
+   * Clean up all sessions
+   */
+  cleanupAll() {
+    for (const session of this.sessions.values()) {
+      session.cleanup();
+    }
+    this.sessions.clear();
+  }
+};
+var ipv6ConnectivityCache = /* @__PURE__ */ new Map();
+async function testIPv6Connectivity(vmIp, timeoutMs = 2e3) {
+  if (ipv6ConnectivityCache.has(vmIp)) {
+    return ipv6ConnectivityCache.get(vmIp);
+  }
+  const result = await new Promise((resolve) => {
+    const socket = new net.Socket();
+    const cleanup = () => {
+      socket.destroy();
+    };
+    socket.setTimeout(timeoutMs);
+    socket.on("connect", () => {
+      cleanup();
+      resolve(true);
+    });
+    socket.on("timeout", () => {
+      cleanup();
+      resolve(false);
+    });
+    socket.on("error", () => {
+      cleanup();
+      resolve(false);
+    });
+    socket.connect(22, vmIp);
+  });
+  ipv6ConnectivityCache.set(vmIp, result);
+  return result;
+}
+
+// src/lib/cluster.ts
+import { execSync as execSync2 } from "child_process";
+import ora2 from "ora";
+import chalk2 from "chalk";
+var platformKeysCache = null;
+var ClusterManager = class {
+  constructor(platformClient) {
+    this.platformClient = platformClient;
+    this.sshCertManager = new SSHCertManager(platformClient);
+  }
+  sshCertManager;
+  /**
+   * Get platform SSH keys (cached for the session)
+   * Returns CA public key and platform public key for VM creation
+   */
+  async getPlatformKeys() {
+    if (platformKeysCache) {
+      return platformKeysCache;
+    }
+    try {
+      platformKeysCache = await this.platformClient.getPlatformSSHKeys();
+      return platformKeysCache;
+    } catch (error) {
+      throw new Error(`Failed to get platform SSH keys: ${error.message}`);
+    }
+  }
+  /**
+   * Initialize a new cluster for an app (creates first VM and sets up uncloud)
+   *
+   * Flow:
+   * 1. Create VM with platform SSH key
+   * 2. Wait for VM to get IPv6 address
+   * 3. Call platform API to setup VM (DNS64, WireGuard, SSH CA)
+   * 4. Run `uc machine init` to install Docker + uncloud
+   * 5. Configure Docker for NAT64
+   * 6. Save app state to platform
+   *
+   * Users access VMs via SSH certificates signed by the platform CA.
+   */
+  async initializeCluster(options) {
+    const { appName, location, vmSize, storageSize, bootImage } = options;
+    const vmName = `${appName}-vm-${this.generateId()}`;
+    let spinner = ora2(`Creating VM '${vmName}' in ${location}...`).start();
+    try {
+      spinner.text = "Fetching platform SSH keys...";
+      const platformKeys = await this.getPlatformKeys();
+      const gateway = await this.platformClient.getGateway(location);
+      const privateSubnetId = gateway?.subnetId;
+      spinner.text = `Creating VM '${vmName}'...`;
+      const vm = await this.platformClient.createVM({
+        name: vmName,
+        location,
+        size: vmSize,
+        storage_size: storageSize,
+        boot_image: bootImage,
+        unix_user: "root",
+        public_key: platformKeys.platformPublicKey,
+        enable_ip4: !privateSubnetId,
+        // IPv6-only if we have a subnet for NAT64
+        private_subnet_id: privateSubnetId
+      });
+      spinner.text = `Waiting for VM to be ready...`;
+      spinner.stop();
+      console.log(chalk2.cyan("\nWaiting for VM to get an IPv6 address..."));
+      const vmWithIp = await this.waitForVM(location, vmName, 600, false);
+      spinner = ora2("Setting up VM...").start();
+      spinner.text = "Waiting for SSH to be ready...";
+      await this.sleep(3e4);
+      spinner.text = "Configuring VM (DNS64, NAT64, SSH CA)...";
+      await this.platformClient.setupVM(vmWithIp.ip6, location, appName);
+      const cluster = {
+        appName,
+        location,
+        nodes: [{
+          name: vmName,
+          id: vm.id,
+          ipv6: vmWithIp.ip6,
+          isPrimary: true
+        }],
+        uncloudContext: appName,
+        createdAt: (/* @__PURE__ */ new Date()).toISOString()
+      };
+      spinner.text = "Registering app...";
+      const savedCluster = await this.platformClient.saveApp(cluster);
+      spinner.text = "Installing Docker and Uncloud...";
+      spinner.stop();
+      console.log(chalk2.cyan("\nInitializing uncloud (this may take a few minutes)..."));
+      await this.initializeUncloud(vmWithIp.ip6, appName);
+      spinner = ora2("Configuring Docker for NAT64...").start();
+      await this.configureDockerNAT64(vmWithIp.ip6);
+      spinner.succeed(chalk2.green(`Cluster initialized successfully`));
+      return savedCluster;
+    } catch (error) {
+      spinner.fail(chalk2.red("Failed to initialize cluster"));
+      throw error;
+    }
+  }
+  /**
+   * Add a node to an existing cluster
+   */
+  async addNode(appName, vmSize, bootImage) {
+    const cluster = await this.platformClient.getApp(appName);
+    if (!cluster) {
+      throw new Error(`App '${appName}' not found`);
+    }
+    const primaryNode = await this.platformClient.getPrimaryNode(appName);
+    if (!primaryNode || !primaryNode.ipv6) {
+      throw new Error(`Primary node not found or has no IPv6 address`);
+    }
+    const gateway = await this.platformClient.getGateway(cluster.location);
+    const privateSubnetId = gateway?.subnetId;
+    const vmName = `${appName}-vm-${this.generateId()}`;
+    let spinner = ora2(`Adding node '${vmName}' to cluster...`).start();
+    try {
+      spinner.text = "Fetching platform SSH keys...";
+      const platformKeys = await this.getPlatformKeys();
+      spinner.text = `Creating VM '${vmName}'...`;
+      const vm = await this.platformClient.createVM({
+        name: vmName,
+        location: cluster.location,
+        size: vmSize,
+        boot_image: bootImage,
+        unix_user: "root",
+        public_key: platformKeys.platformPublicKey,
+        enable_ip4: !privateSubnetId,
+        private_subnet_id: privateSubnetId
+      });
+      spinner.text = `Waiting for VM to be ready...`;
+      spinner.stop();
+      console.log(chalk2.cyan("\nWaiting for VM to get an IPv6 address..."));
+      const vmWithIp = await this.waitForVM(cluster.location, vmName, 600, false);
+      spinner = ora2("Setting up VM...").start();
+      await this.sleep(3e4);
+      spinner.text = "Configuring VM...";
+      await this.platformClient.setupVM(vmWithIp.ip6, cluster.location, appName);
+      spinner.text = "Joining uncloud cluster...";
+      spinner.stop();
+      console.log(chalk2.cyan("\nJoining uncloud cluster..."));
+      await this.joinUncloudCluster(vmWithIp.ip6, primaryNode.ipv6, appName);
+      spinner = ora2("Configuring Docker for NAT64...").start();
+      await this.configureDockerNAT64(vmWithIp.ip6);
+      spinner.succeed(chalk2.green(`Node '${vmName}' added successfully`));
+      const newNode = {
+        name: vmName,
+        id: vm.id,
+        ipv6: vmWithIp.ip6,
+        isPrimary: false
+      };
+      cluster.nodes.push(newNode);
+      await this.platformClient.saveApp(cluster);
+      return newNode;
+    } catch (error) {
+      spinner.fail(chalk2.red("Failed to add node"));
+      throw error;
+    }
+  }
+  /**
+   * Initialize uncloud on the VM using uc machine init
+   * Uses --no-dns because we manage our own domain via gateway
+   *
+   * Before running uc, we get an SSH certificate from the platform
+   * and add it to the ssh-agent. This allows uc to authenticate
+   * since the VM only accepts platform SSH key or signed certificates.
+   */
+  async initializeUncloud(vmIp, contextName) {
+    try {
+      await this.sshCertManager.getSession(contextName, vmIp);
+      execSync2(`uc machine init -c "${contextName}" --no-dns root@${vmIp}`, {
+        stdio: "inherit",
+        timeout: 6e5
+        // 10 min timeout
+      });
+    } catch (error) {
+      throw new Error(`Failed to initialize uncloud: ${error.message}`);
+    }
+  }
+  /**
+   * Join a new node to an existing uncloud cluster
+   * Uses --connect ssh:// to avoid local context dependency
+   */
+  async joinUncloudCluster(newVmIp, primaryVmIp, contextName) {
+    try {
+      await this.sshCertManager.getSession(contextName, primaryVmIp);
+      await this.sshCertManager.getSession(contextName, newVmIp);
+      const token = execSync2(`uc --connect ssh://root@${primaryVmIp} machine token`, {
+        encoding: "utf-8",
+        timeout: 3e4
+      }).trim();
+      if (!token) {
+        throw new Error("Failed to get join token from primary node");
+      }
+      execSync2(`uc --connect ssh://root@${primaryVmIp} machine add root@${newVmIp} --token "${token}"`, {
+        stdio: "inherit",
+        timeout: 6e5
+        // 10 min timeout
+      });
+    } catch (error) {
+      throw new Error(`Failed to join cluster: ${error.message}`);
+    }
+  }
+  /**
+   * Configure Docker for NAT64 support on IPv6-only VMs
+   *
+   * Problem: DNS64 returns both A (IPv4) and AAAA (IPv6) records. Applications may try
+   * IPv4 first, which times out because there's no route to IPv4 internet.
+   *
+   * Solution:
+   * 1. Enable IPv6 on Docker networks so containers get IPv6 addresses
+   * 2. Block IPv4 forwarding from Docker to internet so IPv4 fails immediately
+   * 3. Applications then use IPv6 (NAT64) which works via the gateway
+   */
+  async configureDockerNAT64(vmIp) {
+    const setupScript = `#!/bin/bash
+set -e
+
+# Step 1: Add IPv6 support to Docker daemon config
+DAEMON_JSON='/etc/docker/daemon.json'
+if [ -f "$DAEMON_JSON" ]; then
+  # Merge with existing config using jq
+  jq '. + {"ipv6": true, "fixed-cidr-v6": "fd00:d0c6:e4::/64"}' "$DAEMON_JSON" > /tmp/daemon.json
+  mv /tmp/daemon.json "$DAEMON_JSON"
+else
+  cat > "$DAEMON_JSON" << 'EOFJSON'
+{
+  "ipv6": true,
+  "fixed-cidr-v6": "fd00:d0c6:e4::/64"
+}
+EOFJSON
+fi
+
+# Step 2: Create systemd service to block IPv4 forwarding from Docker containers
+cat > /etc/systemd/system/docker-ipv6-nat64.service << 'EOFSVC'
+[Unit]
+Description=Block IPv4 forwarding from Docker containers (force NAT64)
+After=docker.service
+Requires=docker.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/sbin/iptables -I FORWARD -i br-+ -o ens3 -j REJECT --reject-with icmp-net-unreachable
+ExecStop=/sbin/iptables -D FORWARD -i br-+ -o ens3 -j REJECT --reject-with icmp-net-unreachable
+
+[Install]
+WantedBy=multi-user.target
+EOFSVC
+
+systemctl daemon-reload
+systemctl enable docker-ipv6-nat64
+
+# Step 3: Restart Docker to apply IPv6 config
+systemctl restart docker
+sleep 3
+
+# Step 4: Recreate uncloud network with IPv6 enabled
+CONTAINERS=$(docker ps -aq --filter network=uncloud 2>/dev/null || true)
+
+for container in $CONTAINERS; do
+  docker network disconnect uncloud "$container" 2>/dev/null || true
+done
+
+docker network rm uncloud 2>/dev/null || true
+docker network create --driver bridge   --subnet 10.210.0.0/24 --gateway 10.210.0.1   --ipv6 --subnet fd00:a10:210::/64 --gateway fd00:a10:210::1   uncloud
+
+for container in $CONTAINERS; do
+  docker network connect uncloud "$container" 2>/dev/null || true
+done
+
+# Step 5: Start the iptables service
+systemctl start docker-ipv6-nat64
+
+echo "Docker NAT64 configuration complete"
+`;
+    try {
+      execSync2(`ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@${vmIp} 'bash -s' << 'REMOTESCRIPT'
+${setupScript}
+REMOTESCRIPT`, {
+        stdio: "inherit",
+        timeout: 12e4
+        // 2 min timeout
+      });
+    } catch (error) {
+      throw new Error(`Failed to configure Docker for NAT64: ${error.message}`);
+    }
+  }
+  /**
+   * Wait for VM to have an IP address
+   * @param requireIpv4 - If true, wait for IPv4 (for gateway VMs). Otherwise wait for IPv6.
+   */
+  async waitForVM(location, vmName, timeoutSeconds, requireIpv4 = false) {
+    const startTime = Date.now();
+    const timeoutMs = timeoutSeconds * 1e3;
+    let lastStatus = "";
+    while (Date.now() - startTime < timeoutMs) {
+      const vm = await this.platformClient.getVM(location, vmName);
+      if (vm.status && vm.status !== lastStatus) {
+        console.log(chalk2.dim(`  Status: ${vm.status}`));
+        lastStatus = vm.status;
+      }
+      const hasRequiredIp = requireIpv4 ? vm.ip4 : vm.ip6;
+      if (hasRequiredIp) {
+        const ipDisplay = requireIpv4 ? vm.ip4 : vm.ip6;
+        console.log(chalk2.green(`  IP assigned: ${ipDisplay}`));
+        return vm;
+      }
+      const elapsed = Math.floor((Date.now() - startTime) / 1e3);
+      const ipType = requireIpv4 ? "IPv4" : "IPv6";
+      process.stdout.write(`\r  Waiting for ${ipType}... (${elapsed}s / ${timeoutSeconds}s)`);
+      await this.sleep(5e3);
+    }
+    process.stdout.write("\n");
+    throw new Error(
+      `Timeout waiting for VM to get IP address after ${timeoutSeconds}s.
+
+The VM may still be provisioning. You can:
+  1. Check VM status: hackerrun vm list
+  2. Delete and retry: hackerrun vm delete ${vmName}
+  3. Check Ubicloud console: https://console.ubicloud.com`
+    );
+  }
+  /**
+   * Generate a random ID
+   */
+  generateId() {
+    return Math.random().toString(36).substring(2, 9);
+  }
+  /**
+   * Sleep for specified milliseconds
+   */
+  sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+};
+
+// src/lib/platform.ts
+import { platform } from "os";
+import chalk3 from "chalk";
+var PlatformDetector = class {
+  /**
+   * Check if running on Windows
+   */
+  static isWindows() {
+    return platform() === "win32";
+  }
+  /**
+   * Check if running inside WSL (Windows Subsystem for Linux)
+   */
+  static isWSL() {
+    if (!this.isWindows()) {
+      if (platform() === "linux") {
+        try {
+          const fs = __require("fs");
+          const procVersion = fs.readFileSync("/proc/version", "utf8").toLowerCase();
+          return procVersion.includes("microsoft") || procVersion.includes("wsl");
+        } catch {
+          return false;
+        }
+      }
+      return false;
+    }
+    return false;
+  }
+  /**
+   * Check if platform is supported for hackerrun
+   */
+  static isSupported() {
+    return platform() === "darwin" || platform() === "linux" || this.isWSL();
+  }
+  /**
+   * Get platform name for display
+   */
+  static getPlatformName() {
+    if (this.isWSL()) return "WSL (Windows Subsystem for Linux)";
+    if (platform() === "win32") return "Windows";
+    if (platform() === "darwin") return "macOS";
+    if (platform() === "linux") return "Linux";
+    return platform();
+  }
+  /**
+   * Ensure platform is supported, exit with helpful message if not
+   */
+  static ensureSupported() {
+    if (this.isWindows() && !this.isWSL()) {
+      console.log(chalk3.yellow("\n\u26A0\uFE0F  Windows detected\n"));
+      console.log("Hackerrun requires WSL (Windows Subsystem for Linux) to run.");
+      console.log("Uncloud and SSH tools work best in a Linux environment.\n");
+      console.log(chalk3.cyan("How to set up WSL:\n"));
+      console.log("1. Open PowerShell as Administrator and run:");
+      console.log(chalk3.bold("   wsl --install\n"));
+      console.log("2. Restart your computer\n");
+      console.log("3. Install Ubuntu from Microsoft Store (or use default Linux)\n");
+      console.log("4. Open WSL terminal and install hackerrun:");
+      console.log(chalk3.bold("   npm install -g hackerrun\n"));
+      console.log("Learn more: https://docs.microsoft.com/en-us/windows/wsl/install\n");
+      console.log(chalk3.red("Please install WSL and run hackerrun from WSL terminal.\n"));
+      process.exit(1);
+    }
+    if (!this.isSupported()) {
+      console.log(chalk3.red(`
+\u274C Platform '${platform()}' is not supported
+`));
+      console.log("Hackerrun supports:");
+      console.log("  - macOS");
+      console.log("  - Linux");
+      console.log("  - Windows (via WSL)\n");
+      process.exit(1);
+    }
+  }
+};
+
+// src/lib/uncloud.ts
+import { execSync as execSync3 } from "child_process";
+import { platform as platform2 } from "os";
+import chalk4 from "chalk";
+import ora3 from "ora";
+var UncloudManager = class {
+  /**
+   * Check if uncloud CLI is installed
+   */
+  static isInstalled() {
+    try {
+      execSync3("uc --version", { stdio: "pipe" });
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Get uncloud version
+   */
+  static getVersion() {
+    try {
+      const version = execSync3("uc --version", { encoding: "utf-8" }).trim();
+      return version;
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Check if uncloud is installed, offer to install if not
+   */
+  static async ensureInstalled() {
+    if (this.isInstalled()) {
+      return;
+    }
+    console.log(chalk4.yellow("\n\u26A0\uFE0F  Uncloud CLI not found\n"));
+    console.log("Uncloud is required to deploy and manage your apps.");
+    console.log("Learn more: https://uncloud.run\n");
+    const os = platform2();
+    if (os === "darwin" || os === "linux") {
+      this.showInstallInstructions();
+      console.log(chalk4.cyan("Would you like to install uncloud now? (Y/n): "));
+      const answer = await this.promptUser();
+      if (answer === "y" || answer === "yes" || answer === "") {
+        try {
+          await this.autoInstall();
+          return;
+        } catch (error) {
+          console.log(chalk4.red("\nAuto-installation failed. Please install manually.\n"));
+          process.exit(1);
+        }
+      } else {
+        console.log(chalk4.yellow("\nPlease install uncloud manually and run hackerrun again.\n"));
+        process.exit(1);
+      }
+    } else {
+      this.showInstallInstructions();
+      console.log(chalk4.red("Please install uncloud and run hackerrun again.\n"));
+      process.exit(1);
+    }
+  }
+  /**
+   * Show installation instructions based on platform
+   */
+  static showInstallInstructions() {
+    const os = platform2();
+    console.log(chalk4.cyan("Installation instructions:\n"));
+    if (os === "darwin" || os === "linux") {
+      console.log(chalk4.bold("Option 1: Automated install (Recommended)"));
+      console.log(chalk4.green("  curl -fsS https://get.uncloud.run/install.sh | sh\n"));
+      console.log(chalk4.bold("Option 2: Homebrew"));
+      console.log(chalk4.green("  brew install psviderski/tap/uncloud\n"));
+      console.log(chalk4.bold("Option 3: Manual download"));
+      console.log("  Download from: https://github.com/psviderski/uncloud/releases/latest");
+      console.log("  Extract and move to /usr/local/bin\n");
+    } else if (os === "win32") {
+      console.log(chalk4.bold("For Windows (via WSL):"));
+      console.log("  Open your WSL terminal and run:");
+      console.log(chalk4.green("  curl -fsS https://get.uncloud.run/install.sh | sh\n"));
+    }
+    console.log("Documentation: https://uncloud.run/docs/getting-started/install-cli\n");
+  }
+  /**
+   * Prompt user for input from stdin
+   */
+  static async promptUser() {
+    return new Promise((resolve) => {
+      process.stdin.resume();
+      process.stdin.setEncoding("utf8");
+      const onData = (input) => {
+        process.stdin.pause();
+        process.stdin.removeListener("data", onData);
+        resolve(input.trim().toLowerCase());
+      };
+      process.stdin.on("data", onData);
+    });
+  }
+  /**
+   * Attempt to auto-install uncloud with user confirmation
+   */
+  static async autoInstall() {
+    const spinner = ora3("Installing uncloud...").start();
+    try {
+      execSync3("curl -fsS https://get.uncloud.run/install.sh | sh", {
+        stdio: "inherit"
+      });
+      spinner.succeed(chalk4.green("Uncloud installed successfully!"));
+      if (this.isInstalled()) {
+        const version = this.getVersion();
+        console.log(chalk4.cyan(`\u2713 Uncloud ${version} is ready to use
+`));
+      } else {
+        spinner.warn(chalk4.yellow("Installation completed but uc command not found in PATH"));
+        console.log(chalk4.yellow("\nYou may need to:"));
+        console.log("  1. Restart your terminal");
+        console.log("  2. Or run: source ~/.bashrc (or ~/.zshrc)\n");
+        throw new Error("Please restart your terminal and try again");
+      }
+    } catch (error) {
+      spinner.fail(chalk4.red("Failed to install uncloud"));
+      console.log(chalk4.red(`
+Error: ${error.message}
+`));
+      console.log(chalk4.yellow("Please try manual installation:"));
+      console.log("  curl -fsS https://get.uncloud.run/install.sh | sh\n");
+      throw error;
+    }
+  }
+};
+
+// src/lib/platform-auth.ts
+import chalk5 from "chalk";
+function getPlatformToken() {
+  const configManager = new ConfigManager();
+  try {
+    const config = configManager.load();
+    return config.apiToken;
+  } catch (error) {
+    console.error(chalk5.red("\n Not logged in"));
+    console.log(chalk5.cyan("\nPlease login first:\n"));
+    console.log(`  ${chalk5.bold("hackerrun login")}
+`);
+    process.exit(1);
+  }
+}
+
+// src/lib/platform-client.ts
+var PLATFORM_API_URL2 = process.env.HACKERRUN_API_URL || "http://localhost:3000";
+var PlatformClient = class {
+  constructor(authToken) {
+    this.authToken = authToken;
+  }
+  async request(method, path, body) {
+    const url = `${PLATFORM_API_URL2}${path}`;
+    const headers = {
+      Authorization: `Bearer ${this.authToken}`,
+      "Content-Type": "application/json"
+      // FIX STALE CONNECTION: If retry logic below doesn't reliably fix
+      // "SocketError: other side closed" errors, uncomment this line and
+      // remove the retry logic in the catch block below.
+      // 'Connection': 'close',
+    };
+    const doFetch = () => fetch(url, {
+      method,
+      headers,
+      body: body ? JSON.stringify(body) : void 0
+    });
+    let response;
+    try {
+      response = await doFetch();
+    } catch (error) {
+      const isSocketError = error instanceof Error && error.cause?.code === "UND_ERR_SOCKET";
+      if (isSocketError) {
+        response = await doFetch();
+      } else {
+        const errMsg = error instanceof Error ? error.message : "Unknown error";
+        throw new Error(`Failed to connect to platform API (${url}): ${errMsg}`);
+      }
+    }
+    if (!response.ok) {
+      const errorText = await response.text();
+      let errorMessage;
+      try {
+        const errorJson = JSON.parse(errorText);
+        errorMessage = errorJson.error || response.statusText;
+      } catch {
+        errorMessage = errorText || response.statusText;
+      }
+      throw new Error(`API error (${response.status}): ${errorMessage}`);
+    }
+    return response.json();
+  }
+  // ==================== App State Management ====================
+  /**
+   * List all apps for the authenticated user
+   */
+  async listApps() {
+    const { apps } = await this.request("GET", "/api/apps");
+    return apps;
+  }
+  /**
+   * Get a specific app by name
+   */
+  async getApp(appName) {
+    try {
+      const { app } = await this.request("GET", `/api/apps/${appName}`);
+      return app;
+    } catch (error) {
+      if (error.message.includes("404") || error.message.includes("not found")) {
+        return null;
+      }
+      throw error;
+    }
+  }
+  /**
+   * Create or update an app
+   * Returns the app with auto-generated domainName
+   */
+  async saveApp(cluster) {
+    const { app } = await this.request("POST", "/api/apps", {
+      appName: cluster.appName,
+      location: cluster.location,
+      uncloudContext: cluster.uncloudContext,
+      nodes: cluster.nodes.map((node) => ({
+        name: node.name,
+        id: node.id,
+        ipv4: node.ipv4,
+        ipv6: node.ipv6,
+        isPrimary: node.isPrimary
+      }))
+    });
+    return app;
+  }
+  /**
+   * Update app's last deployed timestamp
+   */
+  async updateLastDeployed(appName) {
+    await this.request("PATCH", `/api/apps/${appName}`, {
+      lastDeployedAt: (/* @__PURE__ */ new Date()).toISOString()
+    });
+  }
+  /**
+   * Rename an app (per-user unique)
+   */
+  async renameApp(currentAppName, newAppName) {
+    const { app } = await this.request("PATCH", `/api/apps/${currentAppName}`, {
+      newAppName
+    });
+    return app;
+  }
+  /**
+   * Rename app's domain (globally unique)
+   */
+  async renameDomain(appName, newDomainName) {
+    const { app } = await this.request("PATCH", `/api/apps/${appName}`, {
+      newDomainName
+    });
+    return app;
+  }
+  /**
+   * Delete an app
+   */
+  async deleteApp(appName) {
+    await this.request("DELETE", `/api/apps/${appName}`);
+  }
+  /**
+   * Check if app exists
+   */
+  async hasApp(appName) {
+    const app = await this.getApp(appName);
+    return app !== null;
+  }
+  /**
+   * Get primary node for an app
+   */
+  async getPrimaryNode(appName) {
+    const app = await this.getApp(appName);
+    return app?.nodes.find((node) => node.isPrimary) || null;
+  }
+  // ==================== VM Operations (Proxied to Ubicloud) ====================
+  /**
+   * List all VMs for the user's Ubicloud project
+   */
+  async listVMs() {
+    const { vms } = await this.request("GET", "/api/vms");
+    return vms;
+  }
+  /**
+   * Create a new VM
+   */
+  async createVM(params) {
+    const { vm } = await this.request("POST", "/api/vms", params);
+    return vm;
+  }
+  /**
+   * Get a specific VM
+   */
+  async getVM(location, vmName) {
+    const { vm } = await this.request(
+      "GET",
+      `/api/vms/${location}/${vmName}`
+    );
+    return vm;
+  }
+  /**
+   * Delete a VM
+   */
+  async deleteVM(location, vmName) {
+    await this.request("DELETE", `/api/vms/${location}/${vmName}`);
+  }
+  // ==================== Uncloud Config Management ====================
+  /**
+   * Upload uncloud config to platform
+   */
+  async uploadUncloudConfig(configYaml) {
+    await this.request("POST", "/api/uncloud/config", { config: configYaml });
+  }
+  /**
+   * Download uncloud config from platform
+   */
+  async downloadUncloudConfig() {
+    try {
+      const { config } = await this.request("GET", "/api/uncloud/config");
+      return config;
+    } catch (error) {
+      if (error.message.includes("404") || error.message.includes("not found")) {
+        return null;
+      }
+      throw error;
+    }
+  }
+  // ==================== Gateway Management ====================
+  /**
+   * Get gateway info for a location
+   */
+  async getGateway(location) {
+    try {
+      const { gateway } = await this.request("GET", `/api/gateway?location=${encodeURIComponent(location)}`);
+      return gateway;
+    } catch (error) {
+      if (error.message.includes("404") || error.message.includes("not found")) {
+        return null;
+      }
+      throw error;
+    }
+  }
+  // ==================== Route Management ====================
+  /**
+   * Register a route for an app (maps hostname to VM IPv6)
+   */
+  async registerRoute(appName, backendIpv6, backendPort = 443) {
+    const { route } = await this.request("POST", "/api/routes", {
+      appName,
+      backendIpv6,
+      backendPort
+    });
+    return route;
+  }
+  /**
+   * Delete routes for an app
+   */
+  async deleteRoute(appName) {
+    await this.request("DELETE", `/api/routes/${encodeURIComponent(appName)}`);
+  }
+  // ==================== Gateway Route Sync ====================
+  /**
+   * Sync gateway Caddy configuration for a location
+   * This updates the gateway's reverse proxy config with current routes
+   */
+  async syncGatewayRoutes(location) {
+    const result = await this.request("POST", "/api/gateway/sync", { location });
+    return { routeCount: result.routeCount };
+  }
+  // ==================== SSH Certificate Management ====================
+  /**
+   * Get platform SSH keys (CA public key + platform public key for VM creation)
+   */
+  async getPlatformSSHKeys() {
+    return this.request("GET", "/api/platform/ssh-keys");
+  }
+  /**
+   * Initialize platform SSH keys (creates them if they don't exist)
+   */
+  async initPlatformSSHKeys() {
+    return this.request("POST", "/api/platform/ssh-keys");
+  }
+  /**
+   * Request a signed SSH certificate for accessing an app's VMs
+   * Returns a short-lived certificate (5 min) signed by the platform CA
+   */
+  async requestSSHCertificate(appName, publicKey) {
+    return this.request("POST", `/api/apps/${appName}/ssh-certificate`, { publicKey });
+  }
+  // ==================== VM Setup ====================
+  /**
+   * Setup a newly created VM (DNS64, NAT64, SSH CA, Docker, uncloud)
+   * This runs all configuration using the platform SSH key
+   */
+  async setupVM(vmIp, location, appName) {
+    await this.request("POST", "/api/vms/setup", {
+      vmIp,
+      location,
+      appName
+    });
+  }
+  // ==================== Environment Variables ====================
+  /**
+   * Set a single environment variable
+   */
+  async setEnvVar(appName, key, value) {
+    await this.request("POST", `/api/apps/${appName}/env`, { key, value });
+  }
+  /**
+   * Set multiple environment variables at once
+   */
+  async setEnvVars(appName, vars) {
+    await this.request("POST", `/api/apps/${appName}/env`, { vars });
+  }
+  /**
+   * List environment variables (values are masked)
+   */
+  async listEnvVars(appName) {
+    const { vars } = await this.request("GET", `/api/apps/${appName}/env`);
+    return vars;
+  }
+  /**
+   * Remove an environment variable
+   */
+  async unsetEnvVar(appName, key) {
+    await this.request("DELETE", `/api/apps/${appName}/env/${encodeURIComponent(key)}`);
+  }
+  // ==================== GitHub Connection ====================
+  /**
+   * Create app metadata without creating VM (for connect-before-deploy flow)
+   */
+  async createAppMetadata(appName, location) {
+    const { app } = await this.request("POST", "/api/apps", {
+      appName,
+      location: location || "eu-central-h1",
+      metadataOnly: true
+      // Signal that we don't want to create VM yet
+    });
+    return app;
+  }
+  /**
+   * Initiate GitHub App installation flow
+   */
+  async initiateGitHubConnect() {
+    return this.request("POST", "/api/github/connect");
+  }
+  /**
+   * Poll for GitHub App installation completion
+   */
+  async pollGitHubConnect(stateToken) {
+    return this.request("GET", `/api/github/connect/poll?state=${encodeURIComponent(stateToken)}`);
+  }
+  /**
+   * Get current user's GitHub App installation
+   */
+  async getGitHubInstallation() {
+    try {
+      const { installation } = await this.request("GET", "/api/github/installation");
+      return installation;
+    } catch (error) {
+      if (error.message.includes("404") || error.message.includes("not found")) {
+        return null;
+      }
+      throw error;
+    }
+  }
+  /**
+   * List repositories accessible via GitHub App installation
+   */
+  async listAccessibleRepos() {
+    const { repos } = await this.request("GET", "/api/github/repos");
+    return repos;
+  }
+  /**
+   * Connect a repository to an app
+   */
+  async connectRepo(appName, repoFullName, branch) {
+    await this.request("POST", `/api/apps/${appName}/repo`, {
+      repoFullName,
+      branch: branch || "main"
+    });
+  }
+  /**
+   * Get connected repository for an app
+   */
+  async getConnectedRepo(appName) {
+    try {
+      const { repo } = await this.request("GET", `/api/apps/${appName}/repo`);
+      return repo;
+    } catch (error) {
+      if (error.message.includes("404") || error.message.includes("not found")) {
+        return null;
+      }
+      throw error;
+    }
+  }
+  /**
+   * Disconnect repository from an app
+   */
+  async disconnectRepo(appName) {
+    await this.request("DELETE", `/api/apps/${appName}/repo`);
+  }
+  // ==================== Builds ====================
+  /**
+   * List builds for an app
+   */
+  async listBuilds(appName, limit = 10) {
+    const { builds } = await this.request("GET", `/api/apps/${appName}/builds?limit=${limit}`);
+    return builds;
+  }
+  /**
+   * Get build details
+   */
+  async getBuild(appName, buildId) {
+    const { build } = await this.request("GET", `/api/apps/${appName}/builds/${buildId}`);
+    return build;
+  }
+  /**
+   * Get build events (for live streaming)
+   */
+  async getBuildEvents(appName, buildId, after) {
+    let url = `/api/apps/${appName}/builds/${buildId}/events`;
+    if (after) {
+      url += `?after=${encodeURIComponent(after.toISOString())}`;
+    }
+    const { events } = await this.request("GET", url);
+    return events;
+  }
+};
+
+// src/lib/app-config.ts
+import { existsSync as existsSync3, readFileSync as readFileSync3, writeFileSync as writeFileSync3 } from "fs";
+import { join as join3 } from "path";
+import { parse, stringify } from "yaml";
+var CONFIG_FILENAME = "hackerrun.yaml";
+function getConfigPath(directory = process.cwd()) {
+  return join3(directory, CONFIG_FILENAME);
+}
+function hasAppConfig(directory = process.cwd()) {
+  return existsSync3(getConfigPath(directory));
+}
+function readAppConfig(directory = process.cwd()) {
+  const configPath = getConfigPath(directory);
+  if (!existsSync3(configPath)) {
+    return null;
+  }
+  try {
+    const content = readFileSync3(configPath, "utf-8");
+    const config = parse(content);
+    if (!config.appName) {
+      return null;
+    }
+    return config;
+  } catch (error) {
+    console.error(`Failed to parse ${CONFIG_FILENAME}:`, error);
+    return null;
+  }
+}
+function writeAppConfig(config, directory = process.cwd()) {
+  const configPath = getConfigPath(directory);
+  const content = stringify(config);
+  writeFileSync3(configPath, content, "utf-8");
+}
+function getAppName(directory = process.cwd()) {
+  const config = readAppConfig(directory);
+  if (config?.appName) {
+    return config.appName;
+  }
+  const folderName = directory.split("/").pop() || "app";
+  return folderName.toLowerCase().replace(/[^a-z0-9_-]/g, "-");
+}
+function linkApp(appName, directory = process.cwd()) {
+  writeAppConfig({ appName }, directory);
+}
+
+// src/lib/uncloud-runner.ts
+import { execSync as execSync4, spawnSync as spawnSync2, spawn } from "child_process";
+import * as net2 from "net";
+import chalk6 from "chalk";
+var UncloudRunner = class {
+  constructor(platformClient) {
+    this.platformClient = platformClient;
+    this.certManager = new SSHCertManager(platformClient);
+  }
+  certManager;
+  gatewayCache = /* @__PURE__ */ new Map();
+  activeTunnels = /* @__PURE__ */ new Map();
+  tempConfigPath = null;
+  /**
+   * Get the connection URL for an app's primary VM
+   * Handles IPv6 direct connection or gateway proxy fallback
+   */
+  async getConnectionInfo(appName) {
+    const app = await this.platformClient.getApp(appName);
+    if (!app) {
+      throw new Error(`App '${appName}' not found`);
+    }
+    const primaryNode = app.nodes.find((n) => n.isPrimary);
+    if (!primaryNode?.ipv6) {
+      throw new Error(`App '${appName}' has no primary node with IPv6 address`);
+    }
+    const vmIp = primaryNode.ipv6;
+    await this.certManager.getSession(appName, vmIp);
+    const canConnectDirect = await testIPv6Connectivity(vmIp, 3e3);
+    const viaGateway = !canConnectDirect;
+    if (viaGateway) {
+      const tunnelInfo = await this.ensureTunnel(appName, vmIp, app.location);
+      return {
+        url: `ssh://root@localhost:${tunnelInfo.localPort}`,
+        vmIp,
+        viaGateway: true,
+        localPort: tunnelInfo.localPort
+      };
+    }
+    return {
+      url: `ssh://root@${vmIp}`,
+      vmIp,
+      viaGateway: false
+    };
+  }
+  /**
+   * Pre-accept a host's SSH key by running ssh-keyscan
+   * This prevents "Host key verification failed" errors from uncloud
+   */
+  preAcceptHostKey(host, port) {
+    try {
+      const portArg = port ? `-p ${port}` : "";
+      execSync4(
+        `ssh-keyscan ${portArg} -H ${host} >> ~/.ssh/known_hosts 2>/dev/null`,
+        { stdio: "pipe", timeout: 1e4 }
+      );
+    } catch {
+    }
+  }
+  /**
+   * Ensure an SSH tunnel exists for gateway fallback
+   */
+  async ensureTunnel(appName, vmIp, location) {
+    const existing = this.activeTunnels.get(appName);
+    if (existing && !existing.process.killed) {
+      return existing;
+    }
+    const gateway = await this.getGateway(location);
+    if (!gateway) {
+      throw new Error(`No gateway found for location ${location}`);
+    }
+    const localPort = await this.findAvailablePort();
+    const tunnelProcess = spawn("ssh", [
+      "-N",
+      // No remote command
+      "-L",
+      `${localPort}:[${vmIp}]:22`,
+      // Local port forward
+      "-o",
+      "StrictHostKeyChecking=no",
+      "-o",
+      "UserKnownHostsFile=/dev/null",
+      "-o",
+      "LogLevel=ERROR",
+      "-o",
+      "ExitOnForwardFailure=yes",
+      "-o",
+      "ServerAliveInterval=30",
+      `root@${gateway.ipv4}`
+    ], {
+      detached: true,
+      stdio: "pipe"
+    });
+    await this.waitForTunnel(localPort);
+    const tunnelInfo = { process: tunnelProcess, localPort };
+    this.activeTunnels.set(appName, tunnelInfo);
+    return tunnelInfo;
+  }
+  /**
+   * Find an available local port
+   */
+  async findAvailablePort() {
+    return new Promise((resolve, reject) => {
+      const server = net2.createServer();
+      server.listen(0, () => {
+        const port = server.address().port;
+        server.close(() => resolve(port));
+      });
+      server.on("error", reject);
+    });
+  }
+  /**
+   * Wait for tunnel to be established
+   */
+  async waitForTunnel(port, timeoutMs = 1e4) {
+    const startTime = Date.now();
+    while (Date.now() - startTime < timeoutMs) {
+      try {
+        await new Promise((resolve, reject) => {
+          const socket = net2.createConnection(port, "localhost", () => {
+            socket.destroy();
+            resolve();
+          });
+          socket.on("error", () => {
+            socket.destroy();
+            reject();
+          });
+          socket.setTimeout(500, () => {
+            socket.destroy();
+            reject();
+          });
+        });
+        return;
+      } catch {
+        await new Promise((r) => setTimeout(r, 200));
+      }
+    }
+    throw new Error(`Tunnel failed to establish on port ${port}`);
+  }
+  /**
+   * Run an uncloud command on the app's VM
+   */
+  async run(appName, command, args = [], options = {}) {
+    const connInfo = await this.getConnectionInfo(appName);
+    if (connInfo.viaGateway) {
+      console.log(chalk6.dim(`Connecting via gateway...`));
+    }
+    const fullArgs = ["--connect", connInfo.url, command, ...args];
+    if (options.stdio === "inherit") {
+      const result = spawnSync2("uc", fullArgs, {
+        cwd: options.cwd,
+        stdio: "inherit",
+        timeout: options.timeout
+      });
+      if (result.status !== 0) {
+        throw new Error(`Uncloud command failed with exit code ${result.status}`);
+      }
+    } else {
+      const result = execSync4(`uc ${fullArgs.map((a) => `"${a}"`).join(" ")}`, {
+        cwd: options.cwd,
+        encoding: "utf-8",
+        timeout: options.timeout
+      });
+      return result;
+    }
+  }
+  /**
+   * Run 'uc deploy' for an app
+   */
+  async deploy(appName, cwd) {
+    await this.run(appName, "deploy", ["--yes"], { cwd, stdio: "inherit" });
+  }
+  /**
+   * Run 'uc service logs' for an app
+   */
+  async logs(appName, serviceName, options = {}) {
+    const args = [serviceName];
+    if (options.follow) args.push("-f");
+    if (options.tail) args.push("--tail", String(options.tail));
+    await this.run(appName, "service", ["logs", ...args], { stdio: "inherit" });
+  }
+  /**
+   * Run 'uc service ls' for an app
+   */
+  async serviceList(appName) {
+    const result = await this.run(appName, "service", ["ls"], { stdio: "pipe" });
+    return result;
+  }
+  /**
+   * Run 'uc machine token' on remote VM via SSH
+   * This is different - it runs on the VM directly, not via uncloud connector
+   */
+  async getMachineToken(appName) {
+    const connInfo = await this.getConnectionInfo(appName);
+    let sshCmd2;
+    if (connInfo.viaGateway && connInfo.localPort) {
+      sshCmd2 = `ssh -p ${connInfo.localPort} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR root@localhost`;
+    } else {
+      sshCmd2 = `ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR root@${connInfo.vmIp}`;
+    }
+    const token = execSync4(`${sshCmd2} "uc machine token"`, { encoding: "utf-8" }).trim();
+    return token;
+  }
+  /**
+   * Execute an SSH command on the VM
+   */
+  async sshExec(appName, command) {
+    const connInfo = await this.getConnectionInfo(appName);
+    let sshCmd2;
+    if (connInfo.viaGateway && connInfo.localPort) {
+      sshCmd2 = `ssh -p ${connInfo.localPort} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR root@localhost`;
+    } else {
+      sshCmd2 = `ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR root@${connInfo.vmIp}`;
+    }
+    return execSync4(`${sshCmd2} "${command}"`, { encoding: "utf-8" }).trim();
+  }
+  /**
+   * Get gateway info (cached)
+   */
+  async getGateway(location) {
+    if (this.gatewayCache.has(location)) {
+      return this.gatewayCache.get(location) || null;
+    }
+    const gateway = await this.platformClient.getGateway(location);
+    if (gateway) {
+      this.gatewayCache.set(location, { ipv4: gateway.ipv4, ipv6: gateway.ipv6 });
+      return { ipv4: gateway.ipv4, ipv6: gateway.ipv6 };
+    }
+    this.gatewayCache.set(location, null);
+    return null;
+  }
+  /**
+   * Clean up all SSH sessions and tunnels
+   */
+  cleanup() {
+    for (const [appName, tunnel] of this.activeTunnels) {
+      try {
+        tunnel.process.kill();
+      } catch {
+      }
+    }
+    this.activeTunnels.clear();
+    this.certManager.cleanupAll();
+  }
+};
+
+// src/commands/deploy.ts
+var DEFAULT_LOCATION = "eu-central-h1";
+var DEFAULT_SIZE = "burstable-1";
+var DEFAULT_STORAGE_SIZE = 10;
+var DEFAULT_IMAGE = "ubuntu-noble";
+function createDeployCommand() {
+  const cmd = new Command2("deploy");
+  cmd.description("Deploy your application to hackerrun").option("-n, --name <name>", "App name (defaults to hackerrun.yaml or directory name)").option("--app <app>", "App name (alias for --name, for CI/CD compatibility)").option("-l, --location <location>", "VM location").option("-s, --size <size>", "VM size (default: burstable-1)").option("--storage <gb>", "Storage size in GB (default: 10)").option("-i, --image <image>", "Boot image").option("--build-token <token>", "Build token for CI/CD (bypasses normal auth)").action(async (options) => {
+    try {
+      PlatformDetector.ensureSupported();
+      await UncloudManager.ensureInstalled();
+      let platformToken;
+      const isCIBuild = !!options.buildToken;
+      if (isCIBuild) {
+        platformToken = options.buildToken;
+      } else {
+        platformToken = getPlatformToken();
+      }
+      const platformClient = new PlatformClient(platformToken);
+      const clusterManager = new ClusterManager(platformClient);
+      const uncloudRunner = new UncloudRunner(platformClient);
+      const appName = options.app || options.name || getAppName();
+      const location = options.location || DEFAULT_LOCATION;
+      const vmSize = options.size || DEFAULT_SIZE;
+      const storageSize = options.storage ? parseInt(options.storage) : DEFAULT_STORAGE_SIZE;
+      const bootImage = options.image || DEFAULT_IMAGE;
+      console.log(chalk7.cyan(`
+Deploying '${appName}' to hackerrun...
+`));
+      let cluster = await platformClient.getApp(appName);
+      let isFirstDeploy = false;
+      if (!cluster) {
+        isFirstDeploy = true;
+        console.log(chalk7.yellow("First deployment - creating infrastructure...\n"));
+        cluster = await clusterManager.initializeCluster({
+          appName,
+          location,
+          vmSize,
+          storageSize,
+          bootImage
+        });
+        console.log(chalk7.cyan("\nWhat just happened:"));
+        console.log(`  ${chalk7.green("\u2713")} Created 1 IPv6-only VM (${vmSize})`);
+        console.log(`  ${chalk7.green("\u2713")} Installed Docker and Uncloud daemon`);
+        console.log(`  ${chalk7.green("\u2713")} Initialized uncloud cluster`);
+        console.log(`  ${chalk7.green("\u2713")} Assigned domain: ${cluster.domainName}.hackerrun.app`);
+        console.log();
+        if (!hasAppConfig()) {
+          linkApp(appName);
+          console.log(chalk7.dim(`Created hackerrun.yaml for app linking
+`));
+        }
+      } else {
+        console.log(chalk7.green(`Using existing infrastructure (${cluster.nodes.length} VM(s))
+`));
+      }
+      const primaryNode = await platformClient.getPrimaryNode(appName);
+      if (!primaryNode || !primaryNode.ipv6) {
+        throw new Error("Primary node not found or has no IPv6 address");
+      }
+      console.log(chalk7.cyan("\nRunning deployment...\n"));
+      try {
+        await uncloudRunner.deploy(appName, process.cwd());
+        console.log(chalk7.green("\nApp deployed successfully!"));
+        if (cluster.domainName) {
+          const spinner = ora4("Registering route...").start();
+          try {
+            const route = await platformClient.registerRoute(appName, primaryNode.ipv6, 80);
+            spinner.succeed(chalk7.green(`Route registered: ${route.fullUrl}`));
+            spinner.start("Syncing gateway routes...");
+            await platformClient.syncGatewayRoutes(cluster.location);
+            spinner.succeed(chalk7.green("Gateway routes synced"));
+          } catch (error) {
+            spinner.warn(chalk7.yellow(`Could not register route: ${error.message}`));
+          }
+        }
+        await platformClient.updateLastDeployed(appName);
+        console.log(chalk7.cyan("\nDeployment Summary:\n"));
+        console.log(`  App Name:     ${chalk7.bold(appName)}`);
+        console.log(`  Domain:       ${chalk7.bold(`${cluster.domainName}.hackerrun.app`)}`);
+        console.log(`  URL:          ${chalk7.bold(`https://${cluster.domainName}.hackerrun.app`)}`);
+        console.log(`  Location:     ${cluster.location}`);
+        console.log(`  Nodes:        ${cluster.nodes.length}`);
+        console.log(chalk7.cyan("\nInfrastructure:\n"));
+        cluster.nodes.forEach((node, index) => {
+          const prefix = node.isPrimary ? chalk7.yellow("(primary)") : "         ";
+          const ip = node.ipv6 || node.ipv4 || "pending";
+          console.log(`  ${prefix} ${node.name} - ${ip}`);
+        });
+        console.log(chalk7.cyan("\nNext steps:\n"));
+        console.log(`  View logs:     ${chalk7.bold(`hackerrun logs ${appName}`)}`);
+        console.log(`  SSH access:    ${chalk7.bold(`hackerrun ssh ${appName}`)}`);
+        console.log(`  Change domain: ${chalk7.bold(`hackerrun domain --app ${appName} <new-name>`)}`);
+        console.log();
+        uncloudRunner.cleanup();
+      } catch (error) {
+        uncloudRunner.cleanup();
+        console.log(chalk7.red("\nDeployment failed"));
+        throw error;
+      }
+    } catch (error) {
+      console.error(chalk7.red(`
+Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  return cmd;
+}
+
+// src/commands/app.ts
+import { Command as Command3 } from "commander";
+import chalk8 from "chalk";
+import ora5 from "ora";
+import { execSync as execSync5 } from "child_process";
+import { readFileSync as readFileSync4, writeFileSync as writeFileSync4, existsSync as existsSync4 } from "fs";
+import { homedir as homedir2 } from "os";
+import { join as join4 } from "path";
+import YAML from "yaml";
+function removeUncloudContext(contextName) {
+  const configPath = join4(homedir2(), ".config", "uncloud", "config.yaml");
+  if (!existsSync4(configPath)) {
+    return false;
+  }
+  try {
+    const content = readFileSync4(configPath, "utf-8");
+    const config = YAML.parse(content);
+    if (!config.contexts || !config.contexts[contextName]) {
+      return false;
+    }
+    delete config.contexts[contextName];
+    if (config.current_context === contextName) {
+      const remainingContexts = Object.keys(config.contexts);
+      config.current_context = remainingContexts.length > 0 ? remainingContexts[0] : "";
+    }
+    writeFileSync4(configPath, YAML.stringify(config));
+    return true;
+  } catch {
+    return false;
+  }
+}
+function createAppCommands() {
+  const appsCmd2 = new Command3("apps");
+  appsCmd2.description("List all your apps and their infrastructure").action(async () => {
+    try {
+      const platformToken = getPlatformToken();
+      const platformClient = new PlatformClient(platformToken);
+      const apps = await platformClient.listApps();
+      if (apps.length === 0) {
+        console.log(chalk8.yellow("\nNo apps deployed yet.\n"));
+        console.log(`Run ${chalk8.bold("hackerrun deploy")} to deploy your first app!
+`);
+        return;
+      }
+      console.log(chalk8.cyan("\n Your Apps:\n"));
+      apps.forEach((app) => {
+        console.log(chalk8.bold(`  ${app.appName}`));
+        console.log(`    Domain:       ${app.domainName}.hackerrun.app`);
+        console.log(`    URL:          https://${app.domainName}.hackerrun.app`);
+        console.log(`    Location:     ${app.location}`);
+        console.log(`    Nodes:        ${app.nodes.length}`);
+        console.log(`    Created:      ${new Date(app.createdAt).toLocaleString()}`);
+        if (app.lastDeployedAt) {
+          console.log(`    Last Deploy:  ${new Date(app.lastDeployedAt).toLocaleString()}`);
+        }
+        const primaryNode = app.nodes.find((n) => n.isPrimary);
+        console.log(`    Primary Node: ${primaryNode?.ipv6 || primaryNode?.ipv4 || "N/A"}`);
+        console.log();
+      });
+      console.log(chalk8.green(`Total: ${apps.length} app(s)
+`));
+    } catch (error) {
+      console.error(chalk8.red(`
+Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  const nodesCmd2 = new Command3("nodes");
+  nodesCmd2.description("List all VMs in an app's cluster").argument("<app>", "App name").action(async (appName) => {
+    try {
+      const platformToken = getPlatformToken();
+      const platformClient = new PlatformClient(platformToken);
+      const app = await platformClient.getApp(appName);
+      if (!app) {
+        console.log(chalk8.red(`
+App '${appName}' not found
+`));
+        process.exit(1);
+      }
+      console.log(chalk8.cyan(`
+Nodes in '${appName}':
+`));
+      app.nodes.forEach((node, index) => {
+        const primaryLabel = node.isPrimary ? chalk8.yellow(" (primary)") : "";
+        console.log(`  ${index + 1}. ${chalk8.bold(node.name)}${primaryLabel}`);
+        console.log(`     IPv6: ${node.ipv6 || "pending"}`);
+        if (node.ipv4) {
+          console.log(`     IPv4: ${node.ipv4}`);
+        }
+        console.log(`     ID:   ${node.id}`);
+        console.log();
+      });
+      console.log(chalk8.green(`Total: ${app.nodes.length} node(s)
+`));
+    } catch (error) {
+      console.error(chalk8.red(`
+Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  const sshCmd2 = new Command3("ssh");
+  sshCmd2.description("SSH into an app's VM").argument("<app>", "App name").option("-n, --node <node>", "Node name or index (defaults to primary node)").action(async (appName, options) => {
+    const platformToken = getPlatformToken();
+    const platformClient = new PlatformClient(platformToken);
+    const uncloudRunner = new UncloudRunner(platformClient);
+    try {
+      const app = await platformClient.getApp(appName);
+      if (!app) {
+        console.log(chalk8.red(`
+App '${appName}' not found
+`));
+        process.exit(1);
+      }
+      let targetNode;
+      if (options.node) {
+        const nodeIndex = parseInt(options.node);
+        if (!isNaN(nodeIndex) && nodeIndex > 0 && nodeIndex <= app.nodes.length) {
+          targetNode = app.nodes[nodeIndex - 1];
+        } else {
+          targetNode = app.nodes.find((n) => n.name === options.node);
+        }
+        if (!targetNode) {
+          console.log(chalk8.red(`
+Node '${options.node}' not found
+`));
+          process.exit(1);
+        }
+      } else {
+        targetNode = app.nodes.find((n) => n.isPrimary);
+      }
+      const nodeIp = targetNode?.ipv6 || targetNode?.ipv4;
+      if (!targetNode || !nodeIp) {
+        console.log(chalk8.red(`
+Target node not found or has no IP
+`));
+        process.exit(1);
+      }
+      const connInfo = await uncloudRunner.getConnectionInfo(appName);
+      if (connInfo.viaGateway) {
+        console.log(chalk8.cyan(`
+Connecting to ${targetNode.name} via gateway...
+`));
+      } else {
+        console.log(chalk8.cyan(`
+Connecting to ${targetNode.name}...
+`));
+      }
+      if (connInfo.viaGateway && connInfo.localPort) {
+        execSync5(
+          `ssh -p ${connInfo.localPort} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR root@localhost`,
+          { stdio: "inherit" }
+        );
+      } else {
+        execSync5(
+          `ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR root@${nodeIp}`,
+          { stdio: "inherit" }
+        );
+      }
+    } catch (error) {
+      console.error(chalk8.red(`
+Error: ${error.message}
+`));
+      process.exit(1);
+    } finally {
+      uncloudRunner.cleanup();
+    }
+  });
+  const destroyCmd2 = new Command3("destroy");
+  destroyCmd2.description("Delete an app and all its infrastructure").argument("<app>", "App name").option("--force", "Skip confirmation").action(async (appName, options) => {
+    try {
+      const platformToken = getPlatformToken();
+      const platformClient = new PlatformClient(platformToken);
+      const app = await platformClient.getApp(appName);
+      if (!app) {
+        console.log(chalk8.red(`
+\u274C App '${appName}' not found
+`));
+        process.exit(1);
+      }
+      if (!options.force) {
+        console.log(chalk8.yellow(`
+\u26A0\uFE0F  You are about to delete '${appName}' and all its infrastructure:`));
+        console.log(`  - ${app.nodes.length} VM(s) will be deleted`);
+        console.log(`  - All data will be lost
+`);
+        console.log(chalk8.red("Use --force flag to confirm deletion\n"));
+        process.exit(1);
+      }
+      const spinner = ora5("Deleting infrastructure...").start();
+      try {
+        for (const node of app.nodes) {
+          spinner.text = `Deleting VM '${node.name}'...`;
+          await platformClient.deleteVM(app.location, node.name);
+        }
+        spinner.text = "Removing app from database...";
+        await platformClient.deleteApp(appName);
+        spinner.text = "Cleaning up local configuration...";
+        const contextName = app.uncloudContext || appName;
+        removeUncloudContext(contextName);
+        spinner.succeed(chalk8.green(`App '${appName}' destroyed successfully`));
+        console.log(chalk8.cyan("\n\u{1F4A1} All infrastructure has been deleted.\n"));
+      } catch (error) {
+        spinner.fail(chalk8.red("Failed to destroy app"));
+        throw error;
+      }
+    } catch (error) {
+      console.error(chalk8.red(`
+\u274C Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  const linkCmd2 = new Command3("link");
+  linkCmd2.description("Link current directory to an existing app").argument("<app-name>", "App name to link to").action(async (appName) => {
+    try {
+      const platformToken = getPlatformToken();
+      const platformClient = new PlatformClient(platformToken);
+      const app = await platformClient.getApp(appName);
+      if (!app) {
+        console.log(chalk8.red(`
+App '${appName}' not found
+`));
+        console.log(`Run ${chalk8.bold("hackerrun apps")} to see your apps.
+`);
+        process.exit(1);
+      }
+      const existingConfig = readAppConfig();
+      if (existingConfig) {
+        if (existingConfig.appName === appName) {
+          console.log(chalk8.yellow(`
+This directory is already linked to '${appName}'
+`));
+          return;
+        }
+        console.log(chalk8.yellow(`
+This directory is currently linked to '${existingConfig.appName}'`));
+        console.log(`Updating link to '${appName}'...
+`);
+      }
+      linkApp(appName);
+      console.log(chalk8.green(`
+Linked to app '${appName}'
+`));
+      console.log(`  Domain: https://${app.domainName}.hackerrun.app`);
+      console.log(`  Run ${chalk8.bold("hackerrun deploy")} to deploy changes.
+`);
+    } catch (error) {
+      console.error(chalk8.red(`
+Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  const renameCmd2 = new Command3("rename");
+  renameCmd2.description("Rename an app (per-user unique)").requiredOption("--app <current-name>", "Current app name").argument("<new-name>", "New app name").action(async (newName, options) => {
+    try {
+      const platformToken = getPlatformToken();
+      const platformClient = new PlatformClient(platformToken);
+      const currentName = options.app;
+      const app = await platformClient.getApp(currentName);
+      if (!app) {
+        console.log(chalk8.red(`
+App '${currentName}' not found
+`));
+        process.exit(1);
+      }
+      const spinner = ora5(`Renaming app '${currentName}' to '${newName}'...`).start();
+      try {
+        const updatedApp = await platformClient.renameApp(currentName, newName);
+        spinner.succeed(chalk8.green(`App renamed successfully`));
+        console.log(`
+  Old name: ${currentName}`);
+        console.log(`  New name: ${updatedApp.appName}`);
+        console.log(`  Domain:   https://${updatedApp.domainName}.hackerrun.app
+`);
+        const existingConfig = readAppConfig();
+        if (existingConfig?.appName === currentName) {
+          linkApp(newName);
+          console.log(chalk8.dim(`Updated local hackerrun.yaml
+`));
+        }
+      } catch (error) {
+        spinner.fail(chalk8.red("Failed to rename app"));
+        throw error;
+      }
+    } catch (error) {
+      console.error(chalk8.red(`
+Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  const domainCmd2 = new Command3("domain");
+  domainCmd2.description("Change app's domain name (globally unique)").requiredOption("--app <app-name>", "App name").argument("<new-domain>", "New domain name (without .hackerrun.app)").action(async (newDomain, options) => {
+    try {
+      const platformToken = getPlatformToken();
+      const platformClient = new PlatformClient(platformToken);
+      const appName = options.app;
+      const app = await platformClient.getApp(appName);
+      if (!app) {
+        console.log(chalk8.red(`
+App '${appName}' not found
+`));
+        process.exit(1);
+      }
+      const oldDomain = app.domainName;
+      const spinner = ora5(`Changing domain from '${oldDomain}' to '${newDomain}'...`).start();
+      try {
+        const updatedApp = await platformClient.renameDomain(appName, newDomain);
+        spinner.succeed(chalk8.green(`Domain changed successfully`));
+        spinner.start("Syncing gateway routes...");
+        await platformClient.syncGatewayRoutes(app.location);
+        spinner.succeed(chalk8.green("Gateway routes synced"));
+        console.log(`
+  App:        ${updatedApp.appName}`);
+        console.log(`  Old domain: https://${oldDomain}.hackerrun.app`);
+        console.log(`  New domain: https://${updatedApp.domainName}.hackerrun.app
+`);
+      } catch (error) {
+        spinner.fail(chalk8.red("Failed to change domain"));
+        throw error;
+      }
+    } catch (error) {
+      console.error(chalk8.red(`
+Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  return { appsCmd: appsCmd2, nodesCmd: nodesCmd2, sshCmd: sshCmd2, destroyCmd: destroyCmd2, linkCmd: linkCmd2, renameCmd: renameCmd2, domainCmd: domainCmd2 };
+}
+
+// src/commands/config.ts
+import { Command as Command4 } from "commander";
+import chalk9 from "chalk";
+function createConfigCommand() {
+  const cmd = new Command4("config");
+  cmd.description("Manage hackerrun configuration");
+  cmd.command("set").description("Set a configuration value").argument("<key>", "Configuration key (apiToken)").argument("<value>", "Configuration value").action((key, value) => {
+    try {
+      const configManager = new ConfigManager();
+      if (key !== "apiToken") {
+        console.log(chalk9.red(`
+\u274C Invalid key: ${key}
+`));
+        console.log(chalk9.cyan("Valid keys:"));
+        console.log("  - apiToken    Platform API token\n");
+        process.exit(1);
+      }
+      configManager.set(key, value);
+      const displayValue = configManager.getAll(true).apiToken;
+      console.log(chalk9.green(`
+\u2713 Set ${key} = ${displayValue}
+`));
+    } catch (error) {
+      console.error(chalk9.red(`
+\u274C Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  cmd.command("get").description("Get a configuration value").argument("<key>", "Configuration key").option("--show-secrets", "Show unmasked sensitive values").action((key, options) => {
+    try {
+      const configManager = new ConfigManager();
+      if (key !== "apiToken") {
+        console.log(chalk9.red(`
+\u274C Invalid key: ${key}
+`));
+        process.exit(1);
+      }
+      const value = configManager.get(key);
+      if (!value) {
+        console.log(chalk9.yellow(`
+\u26A0\uFE0F  ${key} is not set
+`));
+        process.exit(1);
+      }
+      const displayValue = options.showSecrets ? value : configManager.getAll(true).apiToken;
+      console.log(chalk9.cyan(`
+${key} = ${displayValue}
+`));
+    } catch (error) {
+      console.error(chalk9.red(`
+\u274C Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  cmd.command("list").description("List all configuration values").option("--show-secrets", "Show unmasked sensitive values").action((options) => {
+    try {
+      const configManager = new ConfigManager();
+      const config = configManager.getAll(!options.showSecrets);
+      if (Object.keys(config).length === 0) {
+        console.log(chalk9.yellow("\n\u26A0\uFE0F  No configuration found\n"));
+        console.log(chalk9.cyan("Get started by logging in:\n"));
+        console.log("  hackerrun login\n");
+        return;
+      }
+      console.log(chalk9.cyan("\n\u{1F4DD} Configuration:\n"));
+      console.log(`  apiToken: ${config.apiToken || chalk9.red("not set")}`);
+      console.log(chalk9.dim(`
+Config file: ${configManager.getConfigPath()}
+`));
+    } catch (error) {
+      console.error(chalk9.red(`
+\u274C Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  cmd.command("unset").description("Remove a configuration value").argument("<key>", "Configuration key").action((key) => {
+    try {
+      const configManager = new ConfigManager();
+      if (key !== "apiToken") {
+        console.log(chalk9.red(`
+\u274C Invalid key: ${key}
+`));
+        process.exit(1);
+      }
+      configManager.unset(key);
+      console.log(chalk9.green(`
+\u2713 Removed ${key}
+`));
+    } catch (error) {
+      console.error(chalk9.red(`
+\u274C Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  cmd.command("path").description("Show the config file path").action(() => {
+    try {
+      const configManager = new ConfigManager();
+      console.log(configManager.getConfigPath());
+    } catch (error) {
+      console.error(chalk9.red(`
+\u274C Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  return cmd;
+}
+
+// src/commands/logs.ts
+import { Command as Command5 } from "commander";
+import chalk10 from "chalk";
+function createLogsCommand() {
+  const cmd = new Command5("logs");
+  cmd.description("View logs for app services").argument("<app>", "App name").argument("[service]", "Service name (optional - lists services if omitted)").option("-f, --follow", "Follow log output").option("--tail <lines>", "Number of lines to show from the end of the logs").action(async (appName, serviceName, options) => {
+    const platformToken = getPlatformToken();
+    const platformClient = new PlatformClient(platformToken);
+    const uncloudRunner = new UncloudRunner(platformClient);
+    try {
+      const app = await platformClient.getApp(appName);
+      if (!app) {
+        console.log(chalk10.red(`
+ App '${appName}' not found
+`));
+        console.log(chalk10.cyan("Available apps:"));
+        const apps = await platformClient.listApps();
+        if (apps.length === 0) {
+          console.log(chalk10.yellow("  No apps deployed yet\n"));
+        } else {
+          apps.forEach((a) => console.log(`  - ${a.appName}`));
+          console.log();
+        }
+        process.exit(1);
+      }
+      if (!serviceName) {
+        try {
+          const output = await uncloudRunner.serviceList(appName);
+          const lines = output.trim().split("\n");
+          const services = [];
+          for (let i = 0; i < lines.length; i++) {
+            const line = lines[i].trim();
+            if (!line || line.startsWith("NAME") || line.startsWith("Connecting") || line.startsWith("Connected")) {
+              continue;
+            }
+            const svcName = line.split(/\s+/)[0];
+            if (svcName) {
+              services.push(svcName);
+            }
+          }
+          if (services.length === 0) {
+            console.log(chalk10.yellow(`
+ No services found in app '${appName}'
+`));
+            return;
+          }
+          console.log(chalk10.cyan(`
+ Available services in '${appName}':
+`));
+          services.forEach((s) => console.log(`  ${chalk10.bold(s)}`));
+          console.log(chalk10.dim(`
+Usage: hackerrun logs ${appName} <service>`));
+          console.log(chalk10.dim(`Example: hackerrun logs ${appName} ${services[0]}
+`));
+          return;
+        } catch (error) {
+          console.error(chalk10.red("\n Failed to list services"));
+          console.error(chalk10.yellow("Make sure the app is deployed and running\n"));
+          process.exit(1);
+        }
+      }
+      console.log(chalk10.cyan(`
+ Viewing logs for '${serviceName}' in app '${appName}'...
+`));
+      try {
+        await uncloudRunner.logs(appName, serviceName, {
+          follow: options.follow,
+          tail: options.tail ? parseInt(options.tail) : void 0
+        });
+      } catch (error) {
+        console.error(chalk10.red(`
+ Failed to fetch logs for service '${serviceName}'`));
+        console.error(chalk10.yellow("The service may not exist or may not be running\n"));
+        process.exit(1);
+      }
+    } catch (error) {
+      console.error(chalk10.red(`
+ Error: ${error.message}
+`));
+      process.exit(1);
+    } finally {
+      uncloudRunner.cleanup();
+    }
+  });
+  return cmd;
+}
+
+// src/commands/env.ts
+import { Command as Command6 } from "commander";
+import chalk11 from "chalk";
+import ora6 from "ora";
+import { password } from "@inquirer/prompts";
+import { readFileSync as readFileSync5, existsSync as existsSync5 } from "fs";
+function parseEnvFile(content) {
+  const vars = {};
+  for (const line of content.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#")) continue;
+    const eqIndex = trimmed.indexOf("=");
+    if (eqIndex === -1) continue;
+    const key = trimmed.slice(0, eqIndex);
+    let value = trimmed.slice(eqIndex + 1);
+    if (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'")) {
+      value = value.slice(1, -1);
+    }
+    vars[key] = value;
+  }
+  return vars;
+}
+function createEnvCommand() {
+  const cmd = new Command6("env");
+  cmd.description("Manage environment variables for an app");
+  cmd.command("set").description("Set an environment variable").argument("<keyValue>", "KEY=value or just KEY (will prompt for value)").option("--app <app>", "App name (uses hackerrun.yaml if not specified)").action(async (keyValue, options) => {
+    try {
+      const appName = options.app || getAppName();
+      const platformToken = getPlatformToken();
+      const platformClient = new PlatformClient(platformToken);
+      let key;
+      let value;
+      if (keyValue.includes("=")) {
+        const parts = keyValue.split("=");
+        key = parts[0];
+        value = parts.slice(1).join("=");
+      } else {
+        key = keyValue;
+        value = await password({
+          message: `Enter value for ${key}:`,
+          mask: "*"
+        });
+      }
+      if (!key) {
+        console.error(chalk11.red("\nError: Key cannot be empty\n"));
+        process.exit(1);
+      }
+      const spinner = ora6(`Setting ${key}...`).start();
+      await platformClient.setEnvVar(appName, key, value);
+      spinner.succeed(`Set ${key}`);
+    } catch (error) {
+      console.error(chalk11.red(`
+Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  cmd.command("upload").description("Upload environment variables from a file").argument("<file>", "Path to .env file").option("--app <app>", "App name (uses hackerrun.yaml if not specified)").action(async (filePath, options) => {
+    try {
+      const appName = options.app || getAppName();
+      const platformToken = getPlatformToken();
+      const platformClient = new PlatformClient(platformToken);
+      if (!existsSync5(filePath)) {
+        console.error(chalk11.red(`
+Error: File not found: ${filePath}
+`));
+        process.exit(1);
+      }
+      const content = readFileSync5(filePath, "utf-8");
+      const vars = parseEnvFile(content);
+      const count = Object.keys(vars).length;
+      if (count === 0) {
+        console.log(chalk11.yellow("\nNo environment variables found in file.\n"));
+        return;
+      }
+      const spinner = ora6(`Uploading ${count} variable${count > 1 ? "s" : ""}...`).start();
+      await platformClient.setEnvVars(appName, vars);
+      spinner.succeed(`Uploaded ${count} environment variable${count > 1 ? "s" : ""}`);
+    } catch (error) {
+      console.error(chalk11.red(`
+Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  cmd.command("list").description("List environment variables").option("--app <app>", "App name (uses hackerrun.yaml if not specified)").action(async (options) => {
+    try {
+      const appName = options.app || getAppName();
+      const platformToken = getPlatformToken();
+      const platformClient = new PlatformClient(platformToken);
+      const spinner = ora6("Fetching environment variables...").start();
+      const vars = await platformClient.listEnvVars(appName);
+      spinner.stop();
+      if (vars.length === 0) {
+        console.log(chalk11.yellow(`
+No environment variables set for '${appName}'.
+`));
+        console.log(chalk11.cyan("Set variables with:\n"));
+        console.log(`  hackerrun env set KEY=value`);
+        console.log(`  hackerrun env upload .env
+`);
+        return;
+      }
+      console.log(chalk11.cyan(`
+Environment variables for '${appName}':
+`));
+      for (const v of vars) {
+        const masked = "*".repeat(Math.min(v.valueLength, 20));
+        console.log(`  ${chalk11.bold(v.key)}=${chalk11.dim(masked)}`);
+      }
+      console.log();
+    } catch (error) {
+      console.error(chalk11.red(`
+Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  cmd.command("unset").description("Remove an environment variable").argument("<key>", "Environment variable key").option("--app <app>", "App name (uses hackerrun.yaml if not specified)").action(async (key, options) => {
+    try {
+      const appName = options.app || getAppName();
+      const platformToken = getPlatformToken();
+      const platformClient = new PlatformClient(platformToken);
+      const spinner = ora6(`Removing ${key}...`).start();
+      await platformClient.unsetEnvVar(appName, key);
+      spinner.succeed(`Removed ${key}`);
+    } catch (error) {
+      console.error(chalk11.red(`
+Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  return cmd;
+}
+
+// src/commands/connect.ts
+import { Command as Command7 } from "commander";
+import chalk12 from "chalk";
+import ora7 from "ora";
+import { select } from "@inquirer/prompts";
+function sleep2(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+async function pollForInstallation(platformClient, stateToken, spinner, maxAttempts = 60, intervalMs = 5e3) {
+  let attempts = 0;
+  while (attempts < maxAttempts) {
+    await sleep2(intervalMs);
+    attempts++;
+    const result = await platformClient.pollGitHubConnect(stateToken);
+    if (result.status === "complete" && result.installationId) {
+      return { installationId: result.installationId };
+    } else if (result.status === "expired") {
+      throw new Error("Authorization expired. Please try again.");
+    }
+  }
+  throw new Error("Authorization timed out. Please try again.");
+}
+function createConnectCommand() {
+  const cmd = new Command7("connect");
+  cmd.description("Connect a GitHub repository for automatic deploys").option("--app <app>", "App name (uses hackerrun.yaml or folder name if not specified)").action(async (options) => {
+    try {
+      const appName = options.app || getAppName();
+      const platformToken = getPlatformToken();
+      const platformClient = new PlatformClient(platformToken);
+      console.log(chalk12.cyan(`
+Connecting GitHub repository to '${appName}'
+`));
+      let app = await platformClient.getApp(appName);
+      if (!app) {
+        const spinner = ora7("Creating app...").start();
+        app = await platformClient.createAppMetadata(appName);
+        spinner.succeed(`Created app '${appName}'`);
+        if (!hasAppConfig()) {
+          linkApp(appName);
+          console.log(chalk12.dim(`  Created hackerrun.yaml`));
+        }
+      }
+      const existingRepo = await platformClient.getConnectedRepo(appName);
+      if (existingRepo) {
+        console.log(chalk12.yellow(`
+App '${appName}' is already connected to:`));
+        console.log(`  ${chalk12.bold(existingRepo.repoFullName)} (branch: ${existingRepo.branch})
+`);
+        const action = await select({
+          message: "What would you like to do?",
+          choices: [
+            { name: "Change repository", value: "change" },
+            { name: "Keep current connection", value: "keep" }
+          ]
+        });
+        if (action === "keep") {
+          console.log(chalk12.green("\nConnection unchanged.\n"));
+          return;
+        }
+      }
+      let installation = await platformClient.getGitHubInstallation();
+      if (!installation) {
+        console.log(chalk12.cyan("First, install the HackerRun GitHub App:\n"));
+        const spinner = ora7("Initiating GitHub connection...").start();
+        const flow = await platformClient.initiateGitHubConnect();
+        spinner.succeed("GitHub connection initiated");
+        console.log(chalk12.cyan("\nPlease complete the following steps:\n"));
+        console.log(`  1. Visit: ${chalk12.bold.blue(flow.authUrl)}`);
+        console.log(`  2. Install the HackerRun app on your account`);
+        console.log(`  3. Select the repositories you want to access
+`);
+        const pollSpinner = ora7("Waiting for GitHub authorization...").start();
+        try {
+          installation = await pollForInstallation(platformClient, flow.stateToken, pollSpinner);
+          pollSpinner.succeed("GitHub App installed");
+        } catch (error) {
+          pollSpinner.fail(error.message);
+          process.exit(1);
+        }
+      } else {
+        console.log(chalk12.green(`\u2713 GitHub App already installed (${installation.accountLogin})
+`));
+      }
+      const repoSpinner = ora7("Fetching accessible repositories...").start();
+      const repos = await platformClient.listAccessibleRepos();
+      repoSpinner.stop();
+      if (repos.length === 0) {
+        console.log(chalk12.yellow("\nNo repositories found."));
+        console.log(chalk12.cyan("Make sure you have given HackerRun access to your repositories.\n"));
+        console.log(`Visit ${chalk12.blue("https://github.com/settings/installations")} to manage access.
+`);
+        process.exit(1);
+      }
+      const selectedRepo = await select({
+        message: "Select repository to connect:",
+        choices: repos.map((r) => ({
+          name: `${r.fullName}${r.private ? chalk12.dim(" (private)") : ""} [${r.defaultBranch}]`,
+          value: r.fullName
+        }))
+      });
+      const selectedRepoInfo = repos.find((r) => r.fullName === selectedRepo);
+      const branch = selectedRepoInfo?.defaultBranch || "main";
+      const connectSpinner = ora7("Connecting repository...").start();
+      await platformClient.connectRepo(appName, selectedRepo, branch);
+      connectSpinner.succeed(`Connected ${selectedRepo}`);
+      console.log(chalk12.green(`
+\u2713 Successfully connected!
+`));
+      console.log(chalk12.cyan("Auto-deploy is now enabled:"));
+      console.log(`  Repository: ${chalk12.bold(selectedRepo)}`);
+      console.log(`  Branch: ${chalk12.bold(branch)}`);
+      console.log(`  App: ${chalk12.bold(appName)}
+`);
+      console.log(chalk12.dim("Every push to this branch will trigger a build and deploy.\n"));
+    } catch (error) {
+      console.error(chalk12.red(`
+Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  return cmd;
+}
+function createDisconnectCommand() {
+  const cmd = new Command7("disconnect");
+  cmd.description("Disconnect GitHub repository from an app").option("--app <app>", "App name (uses hackerrun.yaml or folder name if not specified)").action(async (options) => {
+    try {
+      const appName = options.app || getAppName();
+      const platformToken = getPlatformToken();
+      const platformClient = new PlatformClient(platformToken);
+      const existingRepo = await platformClient.getConnectedRepo(appName);
+      if (!existingRepo) {
+        console.log(chalk12.yellow(`
+No repository connected to '${appName}'.
+`));
+        return;
+      }
+      const spinner = ora7("Disconnecting repository...").start();
+      await platformClient.disconnectRepo(appName);
+      spinner.succeed("Repository disconnected");
+      console.log(chalk12.green(`
+\u2713 Disconnected ${existingRepo.repoFullName} from '${appName}'
+`));
+      console.log(chalk12.dim("Auto-deploy is now disabled. Use `hackerrun connect` to reconnect.\n"));
+    } catch (error) {
+      console.error(chalk12.red(`
+Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  return cmd;
+}
+
+// src/commands/builds.ts
+import { Command as Command8 } from "commander";
+import chalk13 from "chalk";
+import ora8 from "ora";
+function sleep3(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function formatDuration(startedAt, completedAt) {
+  if (!startedAt) return "-";
+  const start = new Date(startedAt);
+  const end = completedAt ? new Date(completedAt) : /* @__PURE__ */ new Date();
+  const durationMs = end.getTime() - start.getTime();
+  const seconds = Math.floor(durationMs / 1e3);
+  if (seconds < 60) return `${seconds}s`;
+  const minutes = Math.floor(seconds / 60);
+  const remainingSeconds = seconds % 60;
+  return `${minutes}m ${remainingSeconds}s`;
+}
+function formatRelativeTime(dateStr) {
+  const date = new Date(dateStr);
+  const now = /* @__PURE__ */ new Date();
+  const diffMs = now.getTime() - date.getTime();
+  const diffSeconds = Math.floor(diffMs / 1e3);
+  if (diffSeconds < 60) return "just now";
+  if (diffSeconds < 3600) return `${Math.floor(diffSeconds / 60)} minutes ago`;
+  if (diffSeconds < 86400) return `${Math.floor(diffSeconds / 3600)} hours ago`;
+  return `${Math.floor(diffSeconds / 86400)} days ago`;
+}
+function getStatusIcon(status) {
+  switch (status) {
+    case "success":
+      return chalk13.green("\u2713");
+    case "failed":
+      return chalk13.red("\u2717");
+    case "building":
+      return chalk13.yellow("\u25CF");
+    case "pending":
+      return chalk13.dim("\u25CB");
+    default:
+      return chalk13.dim("?");
+  }
+}
+function getStageIcon(stage, status) {
+  if (status === "completed") return chalk13.green("\u2713");
+  if (status === "failed") return chalk13.red("\u2717");
+  if (status === "started") return chalk13.yellow("\u25CF");
+  return chalk13.dim("\u25CB");
+}
+function formatEventTime(startTime, eventTime) {
+  const diffMs = eventTime.getTime() - startTime.getTime();
+  const totalSeconds = Math.floor(diffMs / 1e3);
+  const minutes = Math.floor(totalSeconds / 60);
+  const seconds = totalSeconds % 60;
+  return `${minutes.toString().padStart(2, "0")}:${seconds.toString().padStart(2, "0")}`;
+}
+function createBuildsCommand() {
+  const cmd = new Command8("builds");
+  cmd.description("View and monitor builds").argument("[buildId]", "Build ID to view details").option("--app <app>", "App name (uses hackerrun.yaml or folder name if not specified)").option("--watch", "Watch for new builds").option("--latest", "Stream the latest/current build in real-time").option("-n, --limit <number>", "Number of builds to show", "10").action(async (buildId, options) => {
+    try {
+      const appName = options.app || getAppName();
+      const platformToken = getPlatformToken();
+      const platformClient = new PlatformClient(platformToken);
+      if (buildId) {
+        await showBuildDetails(platformClient, appName, parseInt(buildId, 10));
+      } else if (options.latest) {
+        await streamLatestBuild(platformClient, appName);
+      } else if (options.watch) {
+        await watchBuilds(platformClient, appName);
+      } else {
+        await listBuilds(platformClient, appName, parseInt(options.limit, 10));
+      }
+    } catch (error) {
+      console.error(chalk13.red(`
+Error: ${error.message}
+`));
+      process.exit(1);
+    }
+  });
+  return cmd;
+}
+async function listBuilds(platformClient, appName, limit) {
+  const spinner = ora8("Fetching builds...").start();
+  const builds = await platformClient.listBuilds(appName, limit);
+  spinner.stop();
+  if (builds.length === 0) {
+    console.log(chalk13.yellow(`
+No builds found for '${appName}'.
+`));
+    console.log(chalk13.cyan("Connect a GitHub repo to enable auto-deploy:\n"));
+    console.log(`  hackerrun connect
+`);
+    return;
+  }
+  console.log(chalk13.cyan(`
+Builds for '${appName}':
+`));
+  for (const build of builds) {
+    const icon = getStatusIcon(build.status);
+    const sha = build.commitSha.substring(0, 7);
+    const msg = build.commitMsg ? build.commitMsg.length > 50 ? build.commitMsg.substring(0, 47) + "..." : build.commitMsg : chalk13.dim("No message");
+    const duration = formatDuration(build.startedAt, build.completedAt);
+    const time = formatRelativeTime(build.createdAt);
+    console.log(`  ${icon} ${chalk13.bold(`#${build.id}`)} ${chalk13.dim(sha)} ${msg}`);
+    console.log(`    ${chalk13.dim(`${build.branch} \u2022 ${duration} \u2022 ${time}`)}`);
+    console.log();
+  }
+}
+async function showBuildDetails(platformClient, appName, buildId) {
+  const spinner = ora8("Fetching build details...").start();
+  const build = await platformClient.getBuild(appName, buildId);
+  const events = await platformClient.getBuildEvents(appName, buildId);
+  spinner.stop();
+  const icon = getStatusIcon(build.status);
+  const sha = build.commitSha.substring(0, 7);
+  console.log(chalk13.cyan(`
+Build #${build.id}
+`));
+  console.log(`  Status: ${icon} ${build.status}`);
+  console.log(`  Commit: ${chalk13.dim(sha)} ${build.commitMsg || chalk13.dim("No message")}`);
+  console.log(`  Branch: ${build.branch}`);
+  console.log(`  Duration: ${formatDuration(build.startedAt, build.completedAt)}`);
+  console.log(`  Created: ${formatRelativeTime(build.createdAt)}`);
+  if (events.length > 0) {
+    console.log(chalk13.cyan("\nBuild Events:\n"));
+    const startTime = new Date(events[0].timestamp);
+    for (const event of events) {
+      const eventTime = new Date(event.timestamp);
+      const timeStr = formatEventTime(startTime, eventTime);
+      const icon2 = getStageIcon(event.stage, event.status);
+      console.log(`  [${timeStr}] ${icon2} ${event.message || event.stage}`);
+    }
+  }
+  if (build.logs) {
+    console.log(chalk13.cyan("\nBuild Logs:\n"));
+    console.log(chalk13.dim(build.logs));
+  }
+  console.log();
+}
+async function streamLatestBuild(platformClient, appName) {
+  console.log(chalk13.cyan(`
+Watching latest build for '${appName}'...
+`));
+  console.log(chalk13.dim("Press Ctrl+C to stop\n"));
+  let currentBuildId = null;
+  let lastEventTimestamp = null;
+  let buildStartTime = null;
+  process.on("SIGINT", () => {
+    console.log(chalk13.dim("\n\nStopped watching.\n"));
+    process.exit(0);
+  });
+  while (true) {
+    try {
+      const builds = await platformClient.listBuilds(appName, 1);
+      if (builds.length === 0) {
+        console.log(chalk13.dim("Waiting for builds..."));
+        await sleep3(5e3);
+        continue;
+      }
+      const latestBuild = builds[0];
+      if (latestBuild.id !== currentBuildId) {
+        currentBuildId = latestBuild.id;
+        lastEventTimestamp = null;
+        buildStartTime = latestBuild.startedAt ? new Date(latestBuild.startedAt) : /* @__PURE__ */ new Date();
+        console.log(chalk13.bold(`
+Build #${latestBuild.id}`) + ` - commit ${chalk13.dim(latestBuild.commitSha.substring(0, 7))} "${latestBuild.commitMsg || "No message"}"`);
+        console.log(chalk13.dim(`Branch: ${latestBuild.branch} | Started: ${formatRelativeTime(latestBuild.createdAt)}`));
+        console.log();
+      }
+      const events = await platformClient.getBuildEvents(appName, currentBuildId, lastEventTimestamp || void 0);
+      for (const event of events) {
+        const eventTime = new Date(event.timestamp);
+        const timeStr = formatEventTime(buildStartTime, eventTime);
+        const icon = getStageIcon(event.stage, event.status);
+        console.log(`[${timeStr}] ${icon} ${event.message || event.stage}`);
+        lastEventTimestamp = eventTime;
+      }
+      if (latestBuild.status === "success" || latestBuild.status === "failed") {
+        const duration = formatDuration(latestBuild.startedAt, latestBuild.completedAt);
+        const icon = getStatusIcon(latestBuild.status);
+        console.log();
+        console.log(`${icon} Build #${latestBuild.id} ${latestBuild.status} in ${duration}`);
+        console.log(chalk13.dim("\nWaiting for next build...\n"));
+        currentBuildId = null;
+      }
+      await sleep3(2e3);
+    } catch (error) {
+      await sleep3(5e3);
+    }
+  }
+}
+async function watchBuilds(platformClient, appName) {
+  console.log(chalk13.cyan(`
+Watching builds for '${appName}'...
+`));
+  console.log(chalk13.dim("Press Ctrl+C to stop\n"));
+  let lastBuildId = null;
+  process.on("SIGINT", () => {
+    console.log(chalk13.dim("\n\nStopped watching.\n"));
+    process.exit(0);
+  });
+  while (true) {
+    try {
+      const builds = await platformClient.listBuilds(appName, 5);
+      if (builds.length === 0) {
+        console.log(chalk13.dim("No builds yet. Waiting..."));
+        await sleep3(5e3);
+        continue;
+      }
+      const latestBuild = builds[0];
+      if (latestBuild.id !== lastBuildId) {
+        if (lastBuildId !== null) {
+          const icon = getStatusIcon(latestBuild.status);
+          const sha = latestBuild.commitSha.substring(0, 7);
+          console.log(`${icon} New build #${latestBuild.id} ${chalk13.dim(sha)} "${latestBuild.commitMsg || "No message"}" [${latestBuild.status}]`);
+        }
+        lastBuildId = latestBuild.id;
+      }
+      for (const build of builds) {
+        if (build.status === "building") {
+          const duration = formatDuration(build.startedAt, null);
+          console.log(chalk13.yellow(`  \u25CF Build #${build.id} in progress (${duration})...`));
+        }
+      }
+      await sleep3(5e3);
+    } catch (error) {
+      await sleep3(5e3);
+    }
+  }
+}
+
+// src/index.ts
+var program = new Command9();
+program.name("hackerrun").description("Deploy apps with full control over your infrastructure").version("0.1.0");
+program.addCommand(createLoginCommand());
+program.addCommand(createConfigCommand());
+program.addCommand(createDeployCommand());
+program.addCommand(createLogsCommand());
+program.addCommand(createConnectCommand());
+program.addCommand(createDisconnectCommand());
+program.addCommand(createEnvCommand());
+program.addCommand(createBuildsCommand());
+var { appsCmd, nodesCmd, sshCmd, destroyCmd, linkCmd, renameCmd, domainCmd } = createAppCommands();
+program.addCommand(appsCmd);
+program.addCommand(nodesCmd);
+program.addCommand(sshCmd);
+program.addCommand(destroyCmd);
+program.addCommand(linkCmd);
+program.addCommand(renameCmd);
+program.addCommand(domainCmd);
+program.parse();