quicklify 0.3.3 → 0.4.1

package/README.md

@@ -45,6 +45,9 @@ npx quicklify init
 - ✨ **Dynamic Server Types** - Only shows compatible types for selected location
 - 🔥 **Auto Firewall** - Ports 8000, 22, 80, 443 configured automatically
 - 🚀 **Zero SSH Required** - Opens directly in browser after deployment
+- 📋 **Server Management** - List, status check, and destroy commands
+- 🏥 **Health Check Polling** - Detects when Coolify is ready (no more blind waiting)
+- 🤖 **Non-Interactive Mode** - CI/CD friendly with `--provider --token --region --size --name` flags
 
 ## 📦 Installation
 
@@ -156,53 +159,26 @@ For production use, we recommend setting up a domain instead of using the IP add
 
 ## 📋 Recent Updates
 
+### v0.4.0 (2026-02-20)
+- **New commands:** `quicklify list`, `quicklify status [query]`, `quicklify destroy [query]`
+- **Non-interactive mode:** `quicklify init --provider --token --region --size --name` for CI/CD
+- **Health check polling:** Detects when Coolify is ready instead of blind waiting
+- **Server persistence:** Deploys saved to `~/.quicklify/servers.json` for list/status/destroy
+- **`destroyServer()`** added to provider interface (Hetzner + DigitalOcean)
+- 233 tests with 97%+ statement coverage
+
 ### v0.3.1 (2026-02-19)
 - Hetzner pricing now shows net prices (excl. VAT), matching website display
 - Hetzner server types use `/datacenters` API for real availability per location
 - Replaced deprecated Hetzner server types (cpx→cx23/cx33)
 - "Server name already used" error now prompts for a new name
 - Location disabled retry now re-prompts for server type
-- Back navigation works correctly in error retry flows
 
 ### v0.3.0 (2026-02-19)
 - DigitalOcean provider support (full API integration)
 - Interactive provider selection (Hetzner / DigitalOcean)
 - Step-based back navigation in all prompts
 - Network wait loop + install logging for DigitalOcean cloud-init reliability
-- 143 tests with 97%+ statement coverage
-
-### v0.2.8 (2026-02-16)
-- Replaced all `any` types with proper TypeScript interfaces
-- Added ESLint 9 + Prettier for code quality enforcement
-- Added CHANGELOG.md and CONTRIBUTING.md
-
-### v0.2.7 (2026-02-16)
-- Fixed inaccurate README/SECURITY claims
-- Added npm keywords for better discoverability
-
-### v0.2.6 (2026-02-16)
-- CI: Upgraded Codecov action to v5
-
-### v0.2.5 (2026-02-16)
-- CI: Added Codecov integration for automatic coverage badge
-
-### v0.2.4 (2026-02-15)
-- Refactor: Removed recommended label, excluded failed server types from retry list
-
-### v0.2.3 (2026-02-15)
-- Fix: Unsupported error retry, dynamic deployment summary, dynamic recommended selection
-
-### v0.2.2 (2026-02-15)
-- Feat: Filter deprecated server types and add retry on unavailable
-
-### v0.2.1 (2026-02-14)
-- Fixed URL protocol (http for initial Coolify setup)
-
-### v0.2.0 (2026-02-14)
-- Added dynamic server type filtering based on selected location
-- Auto firewall configuration (ports 8000, 22, 80, 443)
-- Improved price formatting
-- Removed debug logs
 
 ## 🗺️ Roadmap
 
@@ -236,14 +212,21 @@ For production use, we recommend setting up a domain instead of using the IP add
 - [x] Step-based back navigation
 - [x] Cloud-init reliability improvements (network wait, logging)
 
+### v0.4.0 (Completed)
+
+- [x] Server management commands (list, status, destroy)
+- [x] Non-interactive mode for CI/CD
+- [x] Coolify health check polling (replaces blind wait)
+- [x] Server record persistence (`~/.quicklify/servers.json`)
+- [x] `destroyServer()` on provider interface
+- [x] Double confirmation safety for destroy
+
 ### Future
 - [ ] Vultr support
 - [ ] Linode support
 - [ ] Domain configuration helper
 - [ ] SSL certificate automation
-- [ ] Health checks & monitoring
 - [ ] Backup configuration
-- [ ] Multi-server management
 - [ ] Web dashboard
 - [ ] GitHub Actions integration
 
@@ -264,9 +247,23 @@ For production use, we recommend setting up a domain instead of using the IP add
 ### Commands
 
 ```bash
-# Deploy new Coolify instance
+# Deploy new Coolify instance (interactive)
 quicklify init
 
+# Deploy non-interactively (CI/CD friendly)
+quicklify init --provider hetzner --token YOUR_TOKEN --region nbg1 --size cax11 --name my-server
+
+# List all registered servers
+quicklify list
+
+# Check server and Coolify status
+quicklify status 123.45.67.89
+quicklify status my-server
+
+# Destroy a server (with double confirmation)
+quicklify destroy 123.45.67.89
+quicklify destroy my-server
+
 # Show version
 quicklify --version
 
@@ -274,6 +271,35 @@ quicklify --version
 quicklify --help
 ```
 
+### Non-Interactive Mode
+
+Pass all options as flags to skip interactive prompts (useful for CI/CD pipelines):
+
+```bash
+quicklify init \
+  --provider hetzner \
+  --token $HETZNER_TOKEN \
+  --region nbg1 \
+  --size cax11 \
+  --name production-coolify
+```
+
+**Using environment variables (recommended for CI/CD):**
+
+```bash
+# Set token as environment variable (avoids shell history exposure)
+export HETZNER_TOKEN="your-api-token"
+# or
+export DIGITALOCEAN_TOKEN="your-api-token"
+
+# Token is read automatically from env var
+quicklify init --provider hetzner --region nbg1 --size cax11 --name my-server
+```
+
+Token resolution order: `--token` flag > environment variable > interactive prompt.
+
+If some flags are missing, only the missing values will be prompted interactively.
+
 ### Interactive Prompts
 
 1. **Provider Selection** - Choose Hetzner Cloud or DigitalOcean
@@ -310,17 +336,28 @@ npm run format
 
 ```
 tests/
-├── __mocks__/          # Mock modules (axios, inquirer, ora, chalk)
-├── unit/               # Unit tests
+├── __mocks__/              # Mock modules (axios, inquirer, ora, chalk)
+├── unit/                   # Unit tests
 │   ├── cloudInit.test.ts
+│   ├── config.test.ts          # Config CRUD operations
+│   ├── config-edge.test.ts     # Config edge cases (corruption, empty files)
+│   ├── destroy.test.ts         # Destroy command unit tests
+│   ├── healthCheck.test.ts     # Health check polling tests
+│   ├── healthCheck-edge.test.ts # Health check edge cases (302, 401, 500)
+│   ├── list.test.ts            # List command unit tests
 │   ├── logger.test.ts
 │   ├── prompts.test.ts
+│   ├── providerFactory.test.ts # Provider factory tests
+│   ├── status.test.ts          # Status command unit tests
 │   └── validators.test.ts
-├── integration/        # Integration tests (provider API calls)
-│   ├── hetzner.test.ts
-│   └── digitalocean.test.ts
-└── e2e/                # End-to-end tests (full init flow)
-    └── init.test.ts
+├── integration/            # Integration tests (provider API calls)
+│   ├── hetzner.test.ts         # Including destroyServer tests
+│   └── digitalocean.test.ts    # Including destroyServer tests
+└── e2e/                    # End-to-end tests (full command flows)
+    ├── init.test.ts
+    ├── init-noninteractive.test.ts  # Non-interactive mode E2E
+    ├── status.test.ts               # Status command E2E
+    └── destroy.test.ts              # Destroy command E2E
 ```
 
 ### CI/CD
@@ -332,7 +369,7 @@ Tests run automatically on every push/PR via GitHub Actions across:
 
 ### Coverage
 
-Current coverage: **97%+ statements/lines**, **90%+ branches**, **100% functions**. 143 tests across 7 test suites.
+Current coverage: **97%+ statements/lines**, **89%+ branches**, **96%+ functions**. 233 tests across 18 test suites.
 
 ## 🔧 Troubleshooting
 

package/SECURITY.md

@@ -4,7 +4,8 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 0.2.x   | :white_check_mark: |
+| 0.4.x   | :white_check_mark: |
+| < 0.4   | :x:                |
 
 ## Reporting a Vulnerability
 
@@ -24,15 +25,28 @@ Response time: Within 48 hours
 
 - All dependencies scanned with Socket.dev
 - No credentials stored in code
-- API tokens collected via interactive secure prompts (masked input)
+- API tokens can be provided via environment variables (`HETZNER_TOKEN`, `DIGITALOCEAN_TOKEN`) to avoid shell history exposure
+- API tokens collected via interactive secure prompts (masked input) when env vars are not set
+- Config directory created with restrictive permissions (`0o700`)
+- Server config file written with `0o600` permissions (owner read/write only)
+- Cloud-init install log restricted to `chmod 600` (root only)
+- Server name validation: 3-63 chars, lowercase alphanumeric + hyphens, must start with letter
 - Input validation on all user inputs
 - Automated security checks via GitHub Actions
 
+## HTTP Usage
+
+Quicklify accesses Coolify at `http://IP:8000` during initial setup. This is expected because SSL/TLS is not configured on a fresh Coolify installation. Users are warned to set up a domain and enable SSL for production use.
+
 ## Third-party Dependencies
 
 Quicklify uses audited dependencies:
-- Hetzner Cloud API v1 (via Axios)
+- Hetzner Cloud API v1 (via Axios, HTTPS)
+- DigitalOcean API v2 (via Axios, HTTPS)
+- Coolify installed via `curl -fsSL https://cdn.coollabs.io/coolify/install.sh | bash` (official method, HTTPS)
 - All dependencies regularly updated
 - Socket.dev security monitoring enabled
 
+**Note:** The `curl | bash` installation method is the official Coolify installation procedure. The script is fetched over HTTPS from Coolify's CDN.
+
 Security scan: https://socket.dev/npm/package/quicklify

package/dist/commands/destroy.d.ts

@@ -0,0 +1,2 @@
+export declare function destroyCommand(query?: string): Promise<void>;
+//# sourceMappingURL=destroy.d.ts.map

package/dist/commands/destroy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"destroy.d.ts","sourceRoot":"","sources":["../../src/commands/destroy.ts"],"names":[],"mappings":"AA6BA,wBAAsB,cAAc,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CA4ElE"}

package/dist/commands/destroy.js

@@ -0,0 +1,95 @@
+import inquirer from "inquirer";
+import { getServers, findServer, removeServer } from "../utils/config.js";
+import { createProviderWithToken } from "../utils/providerFactory.js";
+import { logger, createSpinner } from "../utils/logger.js";
+async function selectServer() {
+    const servers = getServers();
+    if (servers.length === 0) {
+        logger.info("No servers found.");
+        return undefined;
+    }
+    const { serverId } = await inquirer.prompt([
+        {
+            type: "list",
+            name: "serverId",
+            message: "Select a server to destroy:",
+            choices: servers.map((s) => ({
+                name: `${s.name} (${s.ip}) - ${s.provider}`,
+                value: s.id,
+            })),
+        },
+    ]);
+    return servers.find((s) => s.id === serverId);
+}
+export async function destroyCommand(query) {
+    let server;
+    if (query) {
+        server = findServer(query);
+        if (!server) {
+            logger.error(`Server not found: ${query}`);
+            return;
+        }
+    }
+    else {
+        server = await selectServer();
+        if (!server)
+            return;
+    }
+    // First confirmation
+    const { confirm } = await inquirer.prompt([
+        {
+            type: "confirm",
+            name: "confirm",
+            message: `Are you sure you want to destroy "${server.name}" (${server.ip})?`,
+            default: false,
+        },
+    ]);
+    if (!confirm) {
+        logger.info("Destroy cancelled.");
+        return;
+    }
+    // Second confirmation: type server name
+    const { confirmName } = await inquirer.prompt([
+        {
+            type: "input",
+            name: "confirmName",
+            message: `Type the server name "${server.name}" to confirm:`,
+        },
+    ]);
+    if (confirmName.trim() !== server.name) {
+        logger.error("Server name does not match. Destroy cancelled.");
+        return;
+    }
+    // Ask for API token
+    const { apiToken } = await inquirer.prompt([
+        {
+            type: "password",
+            name: "apiToken",
+            message: `Enter your ${server.provider} API token:`,
+            validate: (input) => (input.trim().length > 0 ? true : "API token is required"),
+        },
+    ]);
+    const spinner = createSpinner("Destroying server...");
+    spinner.start();
+    try {
+        const provider = createProviderWithToken(server.provider, apiToken.trim());
+        await provider.destroyServer(server.id);
+        removeServer(server.id);
+        spinner.succeed(`Server "${server.name}" destroyed`);
+        logger.success("Server has been removed from your cloud provider and local config.");
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        const isNotFound = message.toLowerCase().includes("not found") || message.toLowerCase().includes("not_found");
+        if (isNotFound) {
+            removeServer(server.id);
+            spinner.warn(`Server not found on ${server.provider} (may have been deleted manually)`);
+            logger.info("Removed from local config.");
+        }
+        else {
+            spinner.fail("Failed to destroy server");
+            logger.error(message);
+        }
+    }
+}
+//# sourceMappingURL=destroy.js.map

package/dist/commands/destroy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"destroy.js","sourceRoot":"","sources":["../../src/commands/destroy.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,UAAU,CAAC;AAChC,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAG3D,KAAK,UAAU,YAAY;IACzB,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAE7B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACjC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;QACzC;YACE,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,6BAA6B;YACtC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC3B,IAAI,EAAE,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE;gBAC3C,KAAK,EAAE,CAAC,CAAC,EAAE;aACZ,CAAC,CAAC;SACJ;KACF,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,KAAc;IACjD,IAAI,MAAgC,CAAC;IAErC,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;QAC3B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,KAAK,CAAC,qBAAqB,KAAK,EAAE,CAAC,CAAC;YAC3C,OAAO;QACT,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,MAAM,YAAY,EAAE,CAAC;QAC9B,IAAI,CAAC,MAAM;YAAE,OAAO;IACtB,CAAC;IAED,qBAAqB;IACrB,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;QACxC;YACE,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,qCAAqC,MAAM,CAAC,IAAI,MAAM,MAAM,CAAC,EAAE,IAAI;YAC5E,OAAO,EAAE,KAAK;SACf;KACF,CAAC,CAAC;IAEH,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QAClC,OAAO;IACT,CAAC;IAED,wCAAwC;IACxC,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;QAC5C;YACE,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,yBAAyB,MAAM,CAAC,IAAI,eAAe;SAC7D;KACF,CAAC,CAAC;IAEH,IAAI,WAAW,CAAC,IAAI,EAAE,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC;QACvC,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC/D,OAAO;IACT,CAAC;IAED,oBAAoB;IACpB,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;QACzC;YACE,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,cAAc,MAAM,CAAC,QAAQ,aAAa;YACnD,QAAQ,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,uBAAuB,CAAC;SACxF;KACF,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,aAAa,CAAC,sBAAsB,CAAC,CAAC;IACtD,OAAO,CAAC,KAAK,EAAE,CAAC;IAEhB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,uBAAuB,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3E,MAAM,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACxC,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACxB,OAAO,CAAC,OAAO,CAAC,WAAW,MAAM,CAAC,IAAI,aAAa,CAAC,CAAC;QACrD,MAAM,CAAC,OAAO,CAAC,oEAAoE,CAAC,CAAC;IACvF,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,UAAU,GACd,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAE7F,IAAI,UAAU,EAAE,CAAC;YACf,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,uBAAuB,MAAM,CAAC,QAAQ,mCAAmC,CAAC,CAAC;YACxF,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;YACzC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/commands/init.d.ts

@@ -1,2 +1,3 @@
-export declare function initCommand(): Promise<void>;
+import type { InitOptions } from "../types/index.js";
+export declare function initCommand(options?: InitOptions): Promise<void>;
 //# sourceMappingURL=init.d.ts.map

package/dist/commands/init.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAsCA,wBAAsB,WAAW,kBAqNhC"}
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAgBrD,wBAAsB,WAAW,CAAC,OAAO,GAAE,WAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAiK1E"}