npm - onedeploy-cli - Versions diffs - 0.1.9 → 0.1.11 - Mend

onedeploy-cli 0.1.9 → 0.1.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
-# OneDeploy CLI
+# oneDeploy CLI
-This CLI allows you to connect to a OneDeploy cluster via
+This CLI allows you to connect to a oneDeploy cluster via
 [Nebula](https://github.com/slackhq/nebula).
 ## Getting Started
@@ -17,12 +17,11 @@ or from an administrator prompt on Windows:
 npx onedeploy-cli
 ```
-Then, you need to create an API key on your OneDeploy dashboard. You can
-`Setup new connection` to enter your dashboard URL and API key. Afterwards, you
-can `Connect` to the cluster you added. Please note that connections are stored
-per computer (for the root user), not individually per user.
+Then, you need to create an API key on your oneDeploy dashboard. You can
+`Enter new URL` to enter your oneDeploy URL. After the first connection, this
+URL will be remembered. You will need to authenticate using your passkey.
 ## License
-The OneDeploy CLI licensed under MIT, see [here](./LICENSE). It uses the Nebula
+The oneDeploy CLI licensed under MIT, see [here](./LICENSE). It uses the Nebula
 overlay network, which is also MIT licensed.

package/dist/browser.js ADDED Viewed

@@ -0,0 +1,41 @@
+import { execFile } from "node:child_process";
+import { promisify } from "node:util";
+export const openBrowser = async (url) => {
+    try {
+        // If running as root via sudo, run browser as the original user
+        const isRoot = process.getuid?.() === 0;
+        const sudoUser = process.env.SUDO_USER;
+        switch (process.platform) {
+            case "linux": {
+                if (isRoot && sudoUser) {
+                    // Run as the original user to avoid browser sandbox issues
+                    await promisify(execFile)("sudo", ["-u", sudoUser, "xdg-open", url]);
+                }
+                else {
+                    await promisify(execFile)("xdg-open", [url]);
+                }
+                break;
+            }
+            case "darwin": {
+                if (isRoot && sudoUser) {
+                    // Run as the original user to avoid browser issues
+                    await promisify(execFile)("sudo", ["-u", sudoUser, "open", url]);
+                }
+                else {
+                    await promisify(execFile)("open", [url]);
+                }
+                break;
+            }
+            case "win32":
+                await promisify(execFile)("cmd", ["/c", "start", '""', url]);
+                break;
+            default:
+                console.error(`Unsupported platform: ${process.platform}.`);
+                console.error("Please open the URL manually.");
+                break;
+        }
+    }
+    catch {
+        console.error("Could not open browser automatically. Please open the URL manually.");
+    }
+};

package/dist/config.js CHANGED Viewed

@@ -1,19 +1,11 @@
 import { chmod, mkdir, readFile, writeFile } from "node:fs/promises";
 import { homedir } from "node:os";
-import { y } from "yedra";
-const configDir = `${homedir()}/.config/onedeploy`;
+export const configDir = `${homedir()}/.config/onedeploy`;
 await mkdir(configDir, { recursive: true });
-const Instance = y.object({
-    url: y.string(),
-});
-const Config = y.object({
-    instances: Instance.array(),
-});
 export const loadConfig = async () => {
     try {
         const result = await readFile(`${configDir}/config.json`, "utf-8");
-        const config = JSON.parse(result);
-        return Config.parse(config);
+        return JSON.parse(result);
     }
     catch (_error) {
         // no config yet

package/dist/index.js CHANGED Viewed

@@ -1,27 +1,65 @@
 #!/usr/bin/env node
 import prompts from "prompts";
 import { loadConfig, saveConfig } from "./config.js";
-import { cleanupNebula, connectNebula, installNebula, isNebulaRunning, } from "./nebula.js";
+import { cleanupNebula, getSession, installNebula, isNebulaRunning, startNebula, stopNebula, } from "./nebula.js";
+import { deleteAllTunnels } from "./tunnel.js";
+import { tunnelMenu } from "./tunnel-menu.js";
+// Track active connection for cleanup on signals
+let activeConnection = null;
+const cleanup = async () => {
+    if (activeConnection) {
+        console.log("\nCleaning up...");
+        try {
+            await deleteAllTunnels(activeConnection.instance, activeConnection.session);
+        }
+        catch {
+            // ignore if already disconnected
+        }
+        activeConnection.stopRefresh();
+        stopNebula(activeConnection.nebulaProcess);
+        activeConnection = null;
+    }
+    await cleanupNebula();
+};
+const handleSignal = () => {
+    if (!isNebulaRunning) {
+        process.exit();
+    }
+    // Perform cleanup and exit
+    cleanup().finally(() => process.exit());
+};
 if (process.argv.includes("--version")) {
     console.log("onedeploy-cli version 0.1.4");
     process.exit();
 }
 const config = await loadConfig();
-const setupConnection = async () => {
-    const result = await prompts([
-        {
-            type: "text",
-            name: "url",
-            message: "Enter OneDeploy URL",
-        },
-    ]);
-    if (result.url === undefined) {
+const NEW_URL_VALUE = "__NEW_URL__";
+const normalizeUrl = (url) => {
+    const trimmedUrl = url.trim();
+    // Convert http:// to https://
+    if (trimmedUrl.startsWith("http://")) {
+        return trimmedUrl.replace("http://", "https://");
+    }
+    // Add https:// if no protocol specified
+    if (!trimmedUrl.startsWith("https://")) {
+        return `https://${trimmedUrl}`;
+    }
+    return trimmedUrl;
+};
+const addInstance = async (url) => {
+    // Check for duplicates
+    if (config.instances.some((instance) => instance.url === url)) {
         return;
     }
-    config.instances.push({ url: result.url });
+    config.instances.push({ url });
     await saveConfig(config);
 };
+const REMOVE_URL_VALUE = "__REMOVE_URL__";
 const removeConnection = async () => {
+    if (config.instances.length === 0) {
+        console.log("No connections to remove.");
+        return;
+    }
     const { connection } = await prompts([
         {
             type: "select",
@@ -50,61 +88,90 @@ const removeConnection = async () => {
     }
 };
 const mainMenu = async () => {
-    const { action } = await prompts([
+    const choices = [
+        ...config.instances.map((instance) => ({
+            title: instance.url,
+            value: instance.url,
+        })),
+        {
+            title: "Enter new URL",
+            value: NEW_URL_VALUE,
+        },
+        {
+            title: "Remove a URL",
+            value: REMOVE_URL_VALUE,
+            disabled: config.instances.length === 0,
+        },
+    ];
+    const { selection } = await prompts([
         {
             type: "select",
-            name: "action",
-            message: "What do you want to do?",
-            choices: [
-                {
-                    title: "Connect",
-                    value: "connect",
-                    disabled: config.instances.length === 0,
-                },
-                {
-                    title: "Setup new connection",
-                    value: "setup",
-                },
-                {
-                    title: "Remove connection",
-                    value: "remove",
-                },
-            ],
+            name: "selection",
+            message: "Select oneDeploy instance",
+            choices,
         },
     ]);
-    if (action === "connect") {
+    if (selection === undefined) {
+        return false;
+    }
+    if (selection === REMOVE_URL_VALUE) {
+        await removeConnection();
+        return true;
+    }
+    let urlToConnect;
+    if (selection === NEW_URL_VALUE) {
         const result = await prompts([
             {
-                type: "select",
-                name: "connection",
-                message: "Select OneDeploy instance",
-                choices: config.instances.map((instance) => ({
-                    title: instance.url,
-                    value: instance,
-                })),
+                type: "text",
+                name: "url",
+                message: "Enter oneDeploy URL",
             },
         ]);
-        if (result.connection !== undefined) {
-            await connectNebula(result.connection);
+        if (result.url === undefined) {
+            return true;
         }
+        urlToConnect = normalizeUrl(result.url);
     }
-    else if (action === "setup") {
-        await setupConnection();
+    else {
+        urlToConnect = selection;
     }
-    else if (action === "remove") {
-        await removeConnection();
+    const instance = { url: urlToConnect, apiKey: "" };
+    // 1. Authenticate
+    const session = await getSession(instance);
+    // 2. Start Nebula (non-blocking)
+    const { nebulaProcess, stopRefresh } = await startNebula(instance, session);
+    // Track connection for signal handlers
+    activeConnection = { instance, session, nebulaProcess, stopRefresh };
+    // 3. Enter tunnel management loop
+    try {
+        await tunnelMenu(instance, session);
     }
-    else {
-        return false;
+    finally {
+        // 4. Cleanup on exit
+        console.log("Cleaning up tunnels...");
+        try {
+            await deleteAllTunnels(instance, session);
+        }
+        catch {
+            // ignore if already disconnected
+        }
+        stopRefresh();
+        stopNebula(nebulaProcess);
+        activeConnection = null;
     }
+    // Only save if connection was successful (didn't throw)
+    await addInstance(urlToConnect);
     return true;
 };
 process.on("SIGINT", () => {
     if (!isNebulaRunning) {
         process.exit();
     }
-    // ignore SIGINTs to continue after Nebula is disconnected
+    // When Nebula is running, let prompts handle SIGINT (returns undefined)
+    // which triggers the finally block in mainMenu
 });
+process.on("SIGTERM", handleSignal);
+process.on("SIGHUP", handleSignal);
 await installNebula();
 try {
     while (true) {
@@ -115,5 +182,5 @@ try {
     }
 }
 finally {
-    await cleanupNebula();
+    await cleanup();
 }

package/dist/nebula.js CHANGED Viewed

@@ -1,12 +1,15 @@
 import { execFile, spawn } from "node:child_process";
-import { randomBytes, randomUUID } from "node:crypto";
-import { chmod, mkdir, rm, writeFile } from "node:fs/promises";
+import { randomUUID } from "node:crypto";
+import { access, chmod, mkdir, readFile, rm, writeFile, } from "node:fs/promises";
 import { createServer } from "node:http";
 import { tmpdir } from "node:os";
 import path from "node:path";
 import { Readable } from "node:stream";
 import { promisify } from "node:util";
 import { parse } from "yaml";
+import { openBrowser } from "./browser.js";
+import { configDir } from "./config.js";
+import { successPage } from "./success.js";
 const getNebulaPackageName = () => {
     switch (process.platform) {
         case "linux":
@@ -33,22 +36,52 @@ const getNebulaPackageName = () => {
 const nebulaVersion = "v1.10.0";
 const packageName = getNebulaPackageName();
 const nebulaUrl = `https://github.com/slackhq/nebula/releases/download/${nebulaVersion}/${packageName}`;
+const nebulaDir = path.join(configDir, "nebula");
 const tmpDir = path.join(tmpdir(), `onedeploy-${randomUUID()}`);
 await mkdir(tmpDir, { recursive: true });
-export const installNebula = async () => {
-    console.log(`Downloading Nebula to ${tmpDir}/${packageName}...`);
+const isCacheValid = async () => {
+    try {
+        const versionFile = path.join(nebulaDir, "version");
+        const cachedVersion = await readFile(versionFile, "utf-8");
+        if (cachedVersion.trim() !== nebulaVersion) {
+            // Version mismatch - delete old version
+            await rm(nebulaDir, { recursive: true, force: true });
+            return false;
+        }
+        // Check if binaries exist
+        await access(path.join(nebulaDir, "nebula"));
+        await access(path.join(nebulaDir, "nebula-cert"));
+        return true;
+    }
+    catch {
+        // If any error occurs (file doesn't exist, etc.), invalidate cache
+        await rm(nebulaDir, { recursive: true, force: true });
+        return false;
+    }
+};
+const downloadNebula = async () => {
+    console.log(`Downloading Nebula ${nebulaVersion}...`);
     const file = await fetch(nebulaUrl);
     if (file.body === null) {
         throw new Error("Could not download Nebula executable.");
     }
-    await writeFile(`${tmpDir}/${packageName}`, Readable.from(file.body));
-    console.log(`Extracting Nebula to ${tmpDir}/nebula...`);
-    await promisify(execFile)("tar", [
-        "-xf",
-        `${tmpDir}/${packageName}`,
-        "-C",
-        tmpDir,
-    ]);
+    const downloadPath = path.join(tmpDir, packageName);
+    await writeFile(downloadPath, Readable.from(file.body));
+    console.log(`Extracting Nebula...`);
+    // Extract directly to nebulaDir
+    await mkdir(nebulaDir, { recursive: true });
+    await promisify(execFile)("tar", ["-xf", downloadPath, "-C", nebulaDir]);
+    // Store version info
+    await writeFile(path.join(nebulaDir, "version"), nebulaVersion);
+    // Clean up downloaded archive
+    await rm(downloadPath, { force: true });
+    console.log(`Stored Nebula binaries to ${nebulaDir}`);
+};
+export const installNebula = async () => {
+    const cached = await isCacheValid();
+    if (!cached) {
+        await downloadNebula();
+    }
 };
 export const cleanupNebula = async () => {
     await rm(tmpDir, { recursive: true, force: true });
@@ -68,12 +101,16 @@ export const getNebulaCert = async (instance, session) => {
     console.log(`Wrote Nebula configuration to ${tmpDir}/nebula.yml`);
     const parsedConfig = parse(nebulaConfig);
     await writeFile(`${tmpDir}/nebula-debug.crt`, parsedConfig.pki.cert);
-    const { stdout } = await promisify(execFile)(`${tmpDir}/nebula-cert`, [
+    const { stdout } = await promisify(execFile)(`${nebulaDir}/nebula-cert`, [
         "print",
         "-path",
         `${tmpDir}/nebula-debug.crt`,
     ]);
     const cert = JSON.parse(stdout);
+    // Extract Nebula IP from certificate (remove CIDR suffix)
+    if (cert.details.networks && cert.details.networks.length > 0) {
+        nebulaIp = cert.details.networks[0].split("/")[0];
+    }
     // in case our local time isn't correct, wait for the certificate to become valid
     const validFromDate = new Date(cert.details.notBefore);
     if (validFromDate.toString() === "Invalid Date") {
@@ -86,8 +123,8 @@ export const getNebulaCert = async (instance, session) => {
     }
 };
 export let isNebulaRunning = false;
-const getSession = (instance) => {
-    const verificationCode = randomBytes(8).toString("base64url");
+export let nebulaIp = null;
+export const getSession = (instance) => {
     return new Promise((resolve) => {
         const getServerAddr = () => {
             const addr = server.address();
@@ -105,8 +142,10 @@ const getSession = (instance) => {
                     throw new Error("Missing token in callback URL");
                 }
                 // authentication complete
-                res.writeHead(200);
-                res.write("Authentication successful! You can close this window.");
+                res.writeHead(200, "OK", {
+                    "content-type": "text/html",
+                });
+                res.write(successPage);
                 res.end();
                 server.close();
                 resolve(token);
@@ -114,32 +153,38 @@ const getSession = (instance) => {
             else {
                 const target = `${getServerAddr()}/authenticated`;
                 res.writeHead(302, {
-                    location: `${instance.url}/auth/nebula?redirect=${encodeURIComponent(target)}&code=${encodeURIComponent(verificationCode)}`,
+                    location: `${instance.url}/auth/nebula?redirect=${encodeURIComponent(target)}`,
                 });
                 res.end();
             }
         });
-        server.on("listening", () => {
+        server.on("listening", async () => {
             const addr = server.address();
             if (addr === null || typeof addr === "string") {
                 throw new Error("Unexpected address type");
             }
-            console.log(`Visit ${getServerAddr()} to authenticate. Client verification code: ${verificationCode}`);
+            const authUrl = getServerAddr();
+            console.log(`Visit ${authUrl} to authenticate (opened in browser)`);
+            await openBrowser(authUrl);
         });
         server.listen();
     });
 };
-export const connectNebula = async (instance) => {
-    const session = await getSession(instance);
+export const startNebula = async (instance, session) => {
     await getNebulaCert(instance, session);
     isNebulaRunning = true;
-    const nebula = spawn(`${tmpDir}/nebula`, ["-config", `${tmpDir}/nebula.yml`], { stdio: "inherit" });
+    const nebula = spawn(`${nebulaDir}/nebula`, ["-config", `${tmpDir}/nebula.yml`], { stdio: "ignore" });
     const interval = setInterval(async () => {
         // refresh Nebula cert every 10 minutes (lifetime is 15 minutes)
         await getNebulaCert(instance, session);
         nebula.kill("SIGHUP");
     }, 10 * 60 * 1000);
-    await new Promise((resolve) => nebula.on("exit", resolve));
+    return {
+        nebulaProcess: nebula,
+        stopRefresh: () => clearInterval(interval),
+    };
+};
+export const stopNebula = (nebulaProcess) => {
+    nebulaProcess.kill("SIGTERM");
     isNebulaRunning = false;
-    clearInterval(interval);
 };

package/dist/proxy.js ADDED Viewed

@@ -0,0 +1,69 @@
+import { createServer, Socket } from "node:net";
+// Track active proxies by port
+const activeProxies = new Map();
+const connectToLocalhost = (port, clientSocket) => {
+    const targetSocket = new Socket();
+    const tryConnect = (host, fallback) => {
+        targetSocket.connect(port, host, () => {
+            clientSocket.pipe(targetSocket);
+            targetSocket.pipe(clientSocket);
+        });
+        targetSocket.once("error", (err) => {
+            if (err.code === "ECONNREFUSED" && fallback) {
+                // Try fallback address
+                targetSocket.removeAllListeners();
+                const fallbackSocket = new Socket();
+                fallbackSocket.connect(port, fallback, () => {
+                    clientSocket.pipe(fallbackSocket);
+                    fallbackSocket.pipe(clientSocket);
+                });
+                fallbackSocket.on("error", () => clientSocket.destroy());
+                clientSocket.on("error", () => fallbackSocket.destroy());
+                clientSocket.on("close", () => fallbackSocket.destroy());
+                fallbackSocket.on("close", () => clientSocket.destroy());
+            }
+            else {
+                clientSocket.destroy();
+            }
+        });
+    };
+    tryConnect("127.0.0.1", "::1");
+    clientSocket.on("error", () => targetSocket.destroy());
+    clientSocket.on("close", () => targetSocket.destroy());
+    targetSocket.on("close", () => clientSocket.destroy());
+};
+export const startProxy = (port, bindIp) => {
+    return new Promise((resolve) => {
+        const server = createServer((clientSocket) => {
+            connectToLocalhost(port, clientSocket);
+        });
+        server.on("error", (err) => {
+            if (err.code === "EADDRINUSE") {
+                // App already binds to this IP, no proxy needed
+                resolve(false);
+            }
+            else {
+                // Other error, log and continue without proxy
+                console.error(`Proxy error on port ${port}: ${err.message}`);
+                resolve(false);
+            }
+        });
+        server.listen(port, bindIp, () => {
+            activeProxies.set(port, server);
+            resolve(true);
+        });
+    });
+};
+export const stopProxy = (port) => {
+    const server = activeProxies.get(port);
+    if (server) {
+        server.close();
+        activeProxies.delete(port);
+    }
+};
+export const stopAllProxies = () => {
+    for (const [port, server] of activeProxies) {
+        server.close();
+        activeProxies.delete(port);
+    }
+};

package/dist/success.js ADDED Viewed

@@ -0,0 +1,201 @@
+export const successPage = `<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>oneDeploy</title>
+    <link rel="icon" type="image/svg+xml"
+        href="data:image/svg+xml,%3Csvg width='48' height='48' viewBox='0 0 48 48' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Ccircle cx='14' cy='27' r='14' fill='%2322C55E'/%3E%3Ccircle cx='38' cy='10' r='10' fill='%234ADE80'/%3E%3Ccircle cx='40' cy='40' r='8' fill='%2316A34A'/%3E%3Cline x1='26' y1='19' x2='30' y2='14' stroke='%2386EFAC' stroke-width='3' stroke-linecap='round'/%3E%3Cline x1='26' y1='36' x2='34' y2='38' stroke='%2386EFAC' stroke-width='3' stroke-linecap='round'/%3E%3Cpath d='M9 20V34L21 27L9 20Z' fill='white'/%3E%3C/svg%3E">
+    <style>
+        * {
+            margin: 0;
+            padding: 0;
+            box-sizing: border-box;
+        }
+        body {
+            font-family: ui-sans-serif, system-ui, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";
+            margin: 0;
+            padding: 0;
+        }
+        .page-container {
+            min-height: 100vh;
+            background-color: #0b0b0f;
+            color: #f3f4f6;
+        }
+        .navbar {
+            padding: 1rem;
+            border-bottom: 1px solid rgba(255, 255, 255, 0.05);
+            background-color: #0e0e14;
+        }
+        .logo-container {
+            display: flex;
+            align-items: center;
+            gap: 0.75rem;
+        }
+        .logo-container img {
+            width: 2.5rem;
+            height: 2.5rem;
+        }
+        .logo-text {
+            font-size: 1.5rem;
+            font-weight: 700;
+            letter-spacing: -0.025em;
+            line-height: 1.2;
+        }
+        @media (min-width: 768px) {
+            .logo-text {
+                font-size: 1.875rem;
+            }
+        }
+        .logo-one {
+            color: #4ade80;
+        }
+        .logo-deploy {
+            color: #f3f4f6;
+        }
+        .content-wrapper {
+            padding: 1rem;
+        }
+        .container {
+            min-height: 80vh;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            padding-left: 1rem;
+            padding-right: 1rem;
+        }
+        .card {
+            width: 100%;
+            max-width: 28rem;
+            background-color: #14141c;
+            border: 1px solid rgba(255, 255, 255, 0.05);
+            border-radius: 1rem;
+            padding: 2rem;
+            box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.5);
+        }
+        .header {
+            text-align: center;
+            margin-bottom: 2rem;
+        }
+        .icon-container {
+            display: inline-flex;
+            align-items: center;
+            justify-content: center;
+            width: 4rem;
+            height: 4rem;
+            border-radius: 1rem;
+            background-color: rgba(139, 92, 246, 0.1);
+            color: #a78bfa;
+            margin-bottom: 1.5rem;
+            border: 1px solid rgba(255, 255, 255, 0.05);
+        }
+        .icon-container svg {
+            width: 2rem;
+            height: 2rem;
+        }
+        h1 {
+            font-size: 1.875rem;
+            font-weight: 700;
+            color: #f3f4f6;
+            letter-spacing: -0.025em;
+            margin: 0 0 0.5rem 0;
+            line-height: 2.25rem;
+            text-align: center;
+        }
+        .description {
+            color: #9ca3af;
+            font-size: 1rem;
+            line-height: 1.5rem;
+            text-align: center;
+            margin: 0;
+        }
+        .status-container {
+            min-height: 60px;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+        }
+        .success-box {
+            width: 100%;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            padding-top: 0.75rem;
+            padding-bottom: 0.75rem;
+            font-size: 1rem;
+            font-weight: 500;
+            background-color: rgba(34, 197, 94, 0.1);
+            border: 1px solid rgba(34, 197, 94, 0.2);
+            border-radius: 0.5rem;
+            color: #4ade80;
+        }
+        .success-box svg {
+            width: 1.25rem;
+            height: 1.25rem;
+        }
+    </style>
+</head>
+<body>
+    <div class="page-container">
+        <div class="navbar">
+            <div class="logo-container">
+                <img alt="oneDeploy Logo"
+                    src="data:image/svg+xml,%3Csvg width='48' height='48' viewBox='0 0 48 48' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Ccircle cx='14' cy='27' r='14' fill='%2322C55E'/%3E%3Ccircle cx='38' cy='10' r='10' fill='%234ADE80'/%3E%3Ccircle cx='40' cy='40' r='8' fill='%2316A34A'/%3E%3Cline x1='26' y1='19' x2='30' y2='14' stroke='%2386EFAC' stroke-width='3' stroke-linecap='round'/%3E%3Cline x1='26' y1='36' x2='34' y2='38' stroke='%2386EFAC' stroke-width='3' stroke-linecap='round'/%3E%3Cpath d='M9 20V34L21 27L9 20Z' fill='white'/%3E%3C/svg%3E">
+                <div class="logo-text">
+                    <span class="logo-one">one</span><span class="logo-deploy">Deploy</span>
+                </div>
+            </div>
+        </div>
+        <div class="content-wrapper">
+            <div class="container">
+                <div class="card">
+                    <div class="header">
+                        <div class="icon-container">
+                            <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none"
+                                stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+                                <circle cx="12" cy="12" r="10" />
+                                <line x1="2" y1="12" x2="22" y2="12" />
+                                <path
+                                    d="M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z" />
+                            </svg>
+                        </div>
+                        <h1>Network Access Request</h1>
+                        <p class="description">oneDeploy CLI is requesting access to the oneDeploy network</p>
+                    </div>
+                    <div class="status-container">
+                        <div class="success-box">
+                            <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none"
+                                stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+                                <path d="M20 6 9 17l-5-5" />
+                            </svg>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</body>
+`;

package/dist/tunnel-menu.js ADDED Viewed

@@ -0,0 +1,169 @@
+import prompts from "prompts";
+import { createTunnel, deleteAllTunnels, deleteTunnel, getActiveTunnels, validateName, validatePort, } from "./tunnel.js";
+const MENU_CREATE = "create";
+const MENU_DELETE = "delete";
+const MENU_DELETE_ALL = "delete_all";
+const MENU_DISCONNECT = "disconnect";
+const displayActiveTunnels = () => {
+    const tunnels = getActiveTunnels();
+    console.log("\n--- Active Tunnels ---");
+    if (tunnels.length === 0) {
+        console.log("  (no active tunnels)");
+    }
+    else {
+        for (const tunnel of tunnels) {
+            const nameDisplay = tunnel.name ? ` (${tunnel.name})` : "";
+            console.log(`  https://${tunnel.hostname}${nameDisplay} → localhost:${tunnel.port}`);
+        }
+    }
+    console.log("");
+};
+const createTunnelPrompt = async (instance, session) => {
+    const { port } = await prompts({
+        type: "number",
+        name: "port",
+        message: "Enter port number",
+        validate: (value) => {
+            const error = validatePort(value);
+            return error ?? true;
+        },
+    });
+    if (port === undefined) {
+        return;
+    }
+    const { name } = await prompts({
+        type: "text",
+        name: "name",
+        message: "Enter tunnel name (optional, press Enter to skip)",
+        validate: (value) => {
+            if (!value)
+                return true;
+            const error = validateName(value);
+            return error ?? true;
+        },
+    });
+    if (name === undefined) {
+        return;
+    }
+    try {
+        await createTunnel(instance, session, port, name || undefined);
+    }
+    catch (error) {
+        if (error instanceof Error) {
+            console.error(`\nFailed to create tunnel: ${error.message}`);
+        }
+        else {
+            console.error("\nFailed to create tunnel");
+        }
+    }
+};
+const deleteTunnelPrompt = async (instance, session) => {
+    const tunnels = getActiveTunnels();
+    if (tunnels.length === 0) {
+        console.log("\nNo tunnels to delete.");
+        return;
+    }
+    const { tunnelId } = await prompts({
+        type: "select",
+        name: "tunnelId",
+        message: "Select tunnel to delete",
+        choices: tunnels.map((tunnel) => {
+            const nameDisplay = tunnel.name ? ` (${tunnel.name})` : "";
+            return {
+                title: `https://${tunnel.hostname}${nameDisplay} → localhost:${tunnel.port}`,
+                value: tunnel.id,
+            };
+        }),
+    });
+    if (tunnelId === undefined) {
+        return;
+    }
+    const { confirm } = await prompts({
+        type: "confirm",
+        name: "confirm",
+        message: "Are you sure you want to delete this tunnel?",
+        initial: false,
+    });
+    if (confirm !== true) {
+        return;
+    }
+    try {
+        await deleteTunnel(instance, session, tunnelId);
+        console.log("\nTunnel deleted.");
+    }
+    catch (error) {
+        if (error instanceof Error) {
+            console.error(`\nFailed to delete tunnel: ${error.message}`);
+        }
+        else {
+            console.error("\nFailed to delete tunnel");
+        }
+    }
+};
+const deleteAllTunnelsPrompt = async (instance, session) => {
+    const tunnels = getActiveTunnels();
+    if (tunnels.length === 0) {
+        console.log("\nNo tunnels to delete.");
+        return;
+    }
+    const { confirm } = await prompts({
+        type: "confirm",
+        name: "confirm",
+        message: `Are you sure you want to delete all ${tunnels.length} tunnel(s)?`,
+        initial: false,
+    });
+    if (confirm !== true) {
+        return;
+    }
+    try {
+        await deleteAllTunnels(instance, session);
+        console.log("\nAll tunnels deleted.");
+    }
+    catch (error) {
+        if (error instanceof Error) {
+            console.error(`\nFailed to delete tunnels: ${error.message}`);
+        }
+        else {
+            console.error("\nFailed to delete tunnels");
+        }
+    }
+};
+export const tunnelMenu = async (instance, session) => {
+    while (true) {
+        displayActiveTunnels();
+        const tunnels = getActiveTunnels();
+        const { action } = await prompts({
+            type: "select",
+            name: "action",
+            message: "Tunnel Management",
+            choices: [
+                { title: "Create new tunnel", value: MENU_CREATE },
+                {
+                    title: "Delete a tunnel",
+                    value: MENU_DELETE,
+                    disabled: tunnels.length === 0,
+                },
+                {
+                    title: "Delete all tunnels",
+                    value: MENU_DELETE_ALL,
+                    disabled: tunnels.length === 0,
+                },
+                { title: "Disconnect from Nebula", value: MENU_DISCONNECT },
+            ],
+        });
+        if (action === undefined || action === MENU_DISCONNECT) {
+            return;
+        }
+        switch (action) {
+            case MENU_CREATE:
+                await createTunnelPrompt(instance, session);
+                break;
+            case MENU_DELETE:
+                await deleteTunnelPrompt(instance, session);
+                break;
+            case MENU_DELETE_ALL:
+                await deleteAllTunnelsPrompt(instance, session);
+                break;
+        }
+    }
+};

package/dist/tunnel.js ADDED Viewed

@@ -0,0 +1,76 @@
+import { nebulaIp } from "./nebula.js";
+import { startProxy, stopAllProxies, stopProxy } from "./proxy.js";
+// In-memory list of active tunnels
+let activeTunnels = [];
+export const getActiveTunnels = () => {
+    return [...activeTunnels];
+};
+export const createTunnel = async (instance, session, port, name) => {
+    const body = { port };
+    if (name) {
+        body.name = name;
+    }
+    const response = await fetch(`${instance.url}/api/tunnels`, {
+        method: "POST",
+        headers: {
+            Authorization: `Bearer ${session}`,
+            "Content-Type": "application/json",
+        },
+        body: JSON.stringify(body),
+    });
+    if (!response.ok) {
+        const errorText = await response.text();
+        throw new Error(`Failed to create tunnel: ${response.status} ${errorText}`);
+    }
+    const tunnel = (await response.json());
+    tunnel.port = port; // Ensure port is set even if API doesn't return it
+    activeTunnels.push(tunnel);
+    // Try to start IPv6→IPv4 proxy on the Nebula interface
+    if (nebulaIp) {
+        await startProxy(port, nebulaIp);
+    }
+    return tunnel;
+};
+export const deleteTunnel = async (instance, session, id) => {
+    const response = await fetch(`${instance.url}/api/tunnels/${id}`, {
+        method: "DELETE",
+        headers: {
+            Authorization: `Bearer ${session}`,
+        },
+    });
+    if (!response.ok && response.status !== 404) {
+        const errorText = await response.text();
+        throw new Error(`Failed to delete tunnel: ${response.status} ${errorText}`);
+    }
+    const tunnel = activeTunnels.find((t) => t.id === id);
+    if (tunnel) {
+        stopProxy(tunnel.port);
+    }
+    activeTunnels = activeTunnels.filter((t) => t.id !== id);
+};
+export const deleteAllTunnels = async (instance, session) => {
+    const response = await fetch(`${instance.url}/api/tunnels`, {
+        method: "DELETE",
+        headers: {
+            Authorization: `Bearer ${session}`,
+        },
+    });
+    if (!response.ok && response.status !== 404) {
+        const errorText = await response.text();
+        throw new Error(`Failed to delete all tunnels: ${response.status} ${errorText}`);
+    }
+    stopAllProxies();
+    activeTunnels = [];
+};
+export const validatePort = (port) => {
+    if (!Number.isInteger(port) || port < 1 || port > 65535) {
+        return "Port must be an integer between 1 and 65535";
+    }
+    return null;
+};
+export const validateName = (name) => {
+    if (name && !/^[a-z0-9-]+$/.test(name)) {
+        return "Name must only contain lowercase letters, numbers, and hyphens";
+    }
+    return null;
+};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "onedeploy-cli",
-	"version": "0.1.9",
+	"version": "0.1.11",
 	"description": "CLI tool for connecting to OneDeploy via Nebula",
 	"keywords": [
 		"onedeploy",
@@ -32,14 +32,14 @@
 		"fix": "biome check src/* --fix"
 	},
 	"devDependencies": {
-		"@biomejs/biome": "^2.3.8",
-		"@types/node": "^25.0.1",
+		"@biomejs/biome": "^2.3.13",
+		"@types/node": "^25.2.0",
 		"@types/prompts": "^2.4.9",
+		"@typescript/native-preview": "^7.0.0-dev.20260203.1",
 		"typescript": "^5.9.3"
 	},
 	"dependencies": {
 		"prompts": "^2.4.2",
-		"yaml": "^2.8.2",
-		"yedra": "^0.19.0"
+		"yaml": "^2.8.2"
 	}
 }

package/src/index.ts CHANGED Viewed

@@ -1,12 +1,49 @@
 #!/usr/bin/env node
+import type { ChildProcess } from "node:child_process";
 import prompts from "prompts";
+import type { Instance } from "./config.js";
 import { loadConfig, saveConfig } from "./config.js";
 import {
 	cleanupNebula,
-	connectNebula,
+	getSession,
 	installNebula,
 	isNebulaRunning,
+	startNebula,
+	stopNebula,
 } from "./nebula.js";
+import { deleteAllTunnels } from "./tunnel.js";
+import { tunnelMenu } from "./tunnel-menu.js";
+// Track active connection for cleanup on signals
+let activeConnection: {
+	instance: Instance;
+	session: string;
+	nebulaProcess: ChildProcess;
+	stopRefresh: () => void;
+} | null = null;
+const cleanup = async () => {
+	if (activeConnection) {
+		console.log("\nCleaning up...");
+		try {
+			await deleteAllTunnels(activeConnection.instance, activeConnection.session);
+		} catch {
+			// ignore if already disconnected
+		}
+		activeConnection.stopRefresh();
+		stopNebula(activeConnection.nebulaProcess);
+		activeConnection = null;
+	}
+	await cleanupNebula();
+};
+const handleSignal = () => {
+	if (!isNebulaRunning) {
+		process.exit();
+	}
+	// Perform cleanup and exit
+	cleanup().finally(() => process.exit());
+};
 if (process.argv.includes("--version")) {
 	console.log("onedeploy-cli version 0.1.4");
@@ -15,22 +52,37 @@ if (process.argv.includes("--version")) {
 const config = await loadConfig();
-const setupConnection = async () => {
-	const result = await prompts([
-		{
-			type: "text",
-			name: "url",
-			message: "Enter OneDeploy URL",
-		},
-	]);
-	if (result.url === undefined) {
+const NEW_URL_VALUE = "__NEW_URL__";
+const normalizeUrl = (url: string): string => {
+	const trimmedUrl = url.trim();
+	// Convert http:// to https://
+	if (trimmedUrl.startsWith("http://")) {
+		return trimmedUrl.replace("http://", "https://");
+	}
+	// Add https:// if no protocol specified
+	if (!trimmedUrl.startsWith("https://")) {
+		return `https://${trimmedUrl}`;
+	}
+	return trimmedUrl;
+};
+const addInstance = async (url: string) => {
+	// Check for duplicates
+	if (config.instances.some((instance) => instance.url === url)) {
 		return;
 	}
-	config.instances.push({ url: result.url });
+	config.instances.push({ url });
 	await saveConfig(config);
 };
+const REMOVE_URL_VALUE = "__REMOVE_URL__";
 const removeConnection = async () => {
+	if (config.instances.length === 0) {
+		console.log("No connections to remove.");
+		return;
+	}
 	const { connection } = await prompts([
 		{
 			type: "select",
@@ -60,50 +112,89 @@ const removeConnection = async () => {
 };
 const mainMenu = async (): Promise<boolean> => {
-	const { action } = await prompts([
+	const choices = [
+		...config.instances.map((instance) => ({
+			title: instance.url,
+			value: instance.url,
+		})),
+		{
+			title: "Enter new URL",
+			value: NEW_URL_VALUE,
+		},
+		{
+			title: "Remove a URL",
+			value: REMOVE_URL_VALUE,
+			disabled: config.instances.length === 0,
+		},
+	];
+	const { selection } = await prompts([
 		{
 			type: "select",
-			name: "action",
-			message: "What do you want to do?",
-			choices: [
-				{
-					title: "Connect",
-					value: "connect",
-					disabled: config.instances.length === 0,
-				},
-				{
-					title: "Setup new connection",
-					value: "setup",
-				},
-				{
-					title: "Remove connection",
-					value: "remove",
-				},
-			],
+			name: "selection",
+			message: "Select oneDeploy instance",
+			choices,
 		},
 	]);
-	if (action === "connect") {
+	if (selection === undefined) {
+		return false;
+	}
+	if (selection === REMOVE_URL_VALUE) {
+		await removeConnection();
+		return true;
+	}
+	let urlToConnect: string;
+	if (selection === NEW_URL_VALUE) {
 		const result = await prompts([
 			{
-				type: "select",
-				name: "connection",
-				message: "Select OneDeploy instance",
-				choices: config.instances.map((instance) => ({
-					title: instance.url,
-					value: instance,
-				})),
+				type: "text",
+				name: "url",
+				message: "Enter oneDeploy URL",
 			},
 		]);
-		if (result.connection !== undefined) {
-			await connectNebula(result.connection);
+		if (result.url === undefined) {
+			return true;
 		}
-	} else if (action === "setup") {
-		await setupConnection();
-	} else if (action === "remove") {
-		await removeConnection();
+		urlToConnect = normalizeUrl(result.url);
 	} else {
-		return false;
+		urlToConnect = selection;
 	}
+	const instance = { url: urlToConnect, apiKey: "" };
+	// 1. Authenticate
+	const session = await getSession(instance);
+	// 2. Start Nebula (non-blocking)
+	const { nebulaProcess, stopRefresh } = await startNebula(instance, session);
+	// Track connection for signal handlers
+	activeConnection = { instance, session, nebulaProcess, stopRefresh };
+	// 3. Enter tunnel management loop
+	try {
+		await tunnelMenu(instance, session);
+	} finally {
+		// 4. Cleanup on exit
+		console.log("Cleaning up tunnels...");
+		try {
+			await deleteAllTunnels(instance, session);
+		} catch {
+			// ignore if already disconnected
+		}
+		stopRefresh();
+		stopNebula(nebulaProcess);
+		activeConnection = null;
+	}
+	// Only save if connection was successful (didn't throw)
+	await addInstance(urlToConnect);
 	return true;
 };
@@ -111,8 +202,12 @@ process.on("SIGINT", () => {
 	if (!isNebulaRunning) {
 		process.exit();
 	}
-	// ignore SIGINTs to continue after Nebula is disconnected
+	// When Nebula is running, let prompts handle SIGINT (returns undefined)
+	// which triggers the finally block in mainMenu
 });
+process.on("SIGTERM", handleSignal);
+process.on("SIGHUP", handleSignal);
 await installNebula();
 try {
 	while (true) {
@@ -122,5 +217,5 @@ try {
 		}
 	}
 } finally {
-	await cleanupNebula();
+	await cleanup();
 }