underpost 2.8.884 → 2.8.886

package/manifests/deployment/dd-test-development/proxy.yaml

@@ -13,7 +13,7 @@ spec:
       enableWebsockets: true
       services:
         - name: dd-test-development-blue-service
-          port: 4021
+          port: 4041
           weight: 100
     
     - conditions:
@@ -21,7 +21,7 @@ spec:
       enableWebsockets: true
       services:
         - name: dd-test-development-blue-service
-          port: 4022
+          port: 4042
           weight: 100
     
 ---
@@ -38,7 +38,7 @@ spec:
       enableWebsockets: true
       services:
         - name: dd-test-development-blue-service
-          port: 4023
+          port: 4043
           weight: 100
     
     - conditions:
@@ -46,6 +46,6 @@ spec:
       enableWebsockets: true
       services:
         - name: dd-test-development-blue-service
-          port: 4024
+          port: 4044
           weight: 100
     

package/manifests/lxd/underpost-setup.sh

@@ -39,15 +39,15 @@ sudo dnf install -y tar bzip2 git epel-release
 sudo dnf -y update
 
 # --- NVM and Node.js Installation ---
-echo "Installing NVM and Node.js v23.8.0..."
+echo "Installing NVM and Node.js v24.10.0..."
 curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
 
 # Load nvm for the current session
 export NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")"
 [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
 
-nvm install 23.8.0
-nvm use 23.8.0
+nvm install 24.10.0
+nvm use 24.10.0
 
 echo "
 ██╗░░░██╗███╗░░██╗██████╗░███████╗██████╗░██████╗░░█████╗░░██████╗████████╗
@@ -65,9 +65,9 @@ npm install -g underpost
 
 # Ensure underpost executable is in PATH and has execute permissions
 # Adjusting this for global npm install which usually handles permissions
-# If you still face issues, ensure /root/.nvm/versions/node/v23.8.0/bin is in your PATH
+# If you still face issues, ensure /root/.nvm/versions/node/v24.10.0/bin is in your PATH
 # For global installs, it's usually handled automatically.
-# chmod +x /root/.nvm/versions/node/v23.8.0/bin/underpost # This might not be necessary for global npm installs
+# chmod +x /root/.nvm/versions/node/v24.10.0/bin/underpost # This might not be necessary for global npm installs
 
 # --- Kernel Module for Bridge Filtering ---
 # This is crucial for Kubernetes networking (CNI)

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "2.8.884",
+    "version": "2.8.886",
     "description": "pwa api rest template",
     "scripts": {
         "start": "env-cmd -f .env.production node --max-old-space-size=8192 src/server",
@@ -80,7 +80,7 @@
         "http-proxy-middleware": "^2.0.6",
         "ignore-walk": "^6.0.4",
         "iovalkey": "^0.2.1",
-        "jimp": "^0.22.12",
+        "jimp": "^1.6.0",
         "json-colorizer": "^2.2.2",
         "jsonwebtoken": "^9.0.2",
         "mariadb": "^3.2.2",
@@ -88,7 +88,7 @@
         "mocha": "^10.8.2",
         "mongoose": "^8.9.5",
         "morgan": "^1.10.0",
-        "nodemailer": "^6.9.9",
+        "nodemailer": "^7.0.9",
         "nodemon": "^3.0.1",
         "peer": "^1.0.2",
         "peerjs": "^1.5.2",

package/scripts/ssl.sh

@@ -0,0 +1,164 @@
+#!/usr/bin/env bash
+# RHEL / Rocky Linux — Generate local TLS cert + fullchain (cert + root CA) using mkcert
+# Usage:
+#   ./generate-local-ssl-fullchain.sh /path/to/target "localhost 127.0.0.1 ::1"
+
+set -euo pipefail
+IFS=$'\n\t'
+
+err() { echo "[ERROR] $*" >&2; }
+info() { echo "[INFO] $*"; }
+
+print_usage() {
+  cat <<'EOF'
+Usage: $0 TARGET_DIR "domain1 domain2 ..."
+Example: $0 /etc/ssl/local "localhost 127.0.0.1 ::1"
+
+Outputs created in TARGET_DIR:
+ - <name>.pem          : leaf/server certificate
+ - <name>-key.pem      : private key
+ - <name>-fullchain.pem: certificate followed by root CA (use for servers needing full chain)
+ - rootCA.pem          : local root CA (if OpenSSL fallback used or copied from mkcert CAROOT)
+EOF
+}
+
+if [[ ${1-} == "-h" || ${1-} == "--help" ]]; then
+  print_usage; exit 0; fi
+
+TARGET_DIR="${1-}"
+DOMAINS="${2-}"
+
+if [[ -z "$TARGET_DIR" ]]; then read -rp "Target directory to store certificates (absolute path): " TARGET_DIR; fi
+if [[ -z "$DOMAINS" ]]; then read -rp "Space-separated domains/IPs to include (e.g. 'localhost 127.0.0.1 api.myapp.test'): " DOMAINS; fi
+
+TARGET_DIR="$(realpath -m "$TARGET_DIR")"
+mkdir -p "$TARGET_DIR"
+IFS=' ' read -r -a DOMAIN_ARR <<< "$DOMAINS"
+if [[ ${#DOMAIN_ARR[@]} -eq 0 ]]; then err "No domains provided. Exiting."; exit 1; fi
+
+NAME_SAFE="${DOMAIN_ARR[0]//[^a-zA-Z0-9_.-]/_}"
+CERT_FILE="$TARGET_DIR/${NAME_SAFE}.pem"
+KEY_FILE="$TARGET_DIR/${NAME_SAFE}-key.pem"
+FULLCHAIN_FILE="$TARGET_DIR/${NAME_SAFE}-fullchain.pem"
+ROOT_PEM="$TARGET_DIR/rootCA.pem"
+
+info "Target dir: $TARGET_DIR"
+info "Domains: ${DOMAIN_ARR[*]}"
+info "Outputs: $CERT_FILE, $KEY_FILE, $FULLCHAIN_FILE, $ROOT_PEM"
+
+# Install prerequisites
+if ! command -v dnf >/dev/null 2>&1; then err "dnf not found. This script expects RHEL/Rocky with dnf."; exit 1; fi
+sudo dnf install -y curl nss-tools ca-certificates || true
+
+# Download and install mkcert binary (no 'go install')
+download_mkcert_binary() {
+  UNAME_M=$(uname -m)
+  case "$UNAME_M" in
+    x86_64|amd64) ARCH_STR='linux-amd64' ;;
+    aarch64|arm64) ARCH_STR='linux-arm64' ;;
+    *) ARCH_STR='linux-amd64' ;;
+  esac
+  info "Searching mkcert release for $ARCH_STR"
+  ASSET_URL=$(curl -sS "https://api.github.com/repos/FiloSottile/mkcert/releases/latest" | \
+    grep -E '"browser_download_url":' | grep -i "$ARCH_STR" | head -n1 | sed -E 's/.*"(https:[^"]+)".*/\1/' || true)
+  if [[ -z "$ASSET_URL" ]]; then
+    ASSET_URL=$(curl -sS "https://api.github.com/repos/FiloSottile/mkcert/releases/latest" | \
+      grep -E '"browser_download_url":' | grep -i 'linux' | grep -i 'amd64' | head -n1 | sed -E 's/.*"(https:[^"]+)".*/\1/' || true)
+  fi
+  if [[ -z "$ASSET_URL" ]]; then err "Could not find mkcert asset for your arch"; return 1; fi
+  TMP_BIN="$(mktemp -u /tmp/mkcert.XXXXXX)"
+  if curl -fSL -o "$TMP_BIN" "$ASSET_URL"; then
+    sudo mv "$TMP_BIN" /usr/local/bin/mkcert
+    sudo chmod +x /usr/local/bin/mkcert
+    info "mkcert installed to /usr/local/bin/mkcert"
+    return 0
+  fi
+  return 1
+}
+
+use_mkcert() {
+  if ! command -v mkcert >/dev/null 2>&1; then
+    info "mkcert not found — attempting to download/install binary"
+    download_mkcert_binary || return 1
+  fi
+  MKCERT_BIN="$(command -v mkcert || echo /usr/local/bin/mkcert)"
+  info "Running mkcert -install as sudo (if necessary)"
+  if ! sudo "$MKCERT_BIN" -install >/dev/null 2>&1; then
+    if ! "$MKCERT_BIN" -install >/dev/null 2>&1; then
+      err "mkcert -install failed"; return 1
+    fi
+  fi
+  MK_ARGS=()
+  for d in "${DOMAIN_ARR[@]}"; do MK_ARGS+=("$d"); done
+  info "Generating cert+key with mkcert"
+  if ! "$MKCERT_BIN" -cert-file "$CERT_FILE" -key-file "$KEY_FILE" "${MK_ARGS[@]}"; then err "mkcert failed to generate"; return 1; fi
+  # copy root CA from mkcert CAROOT into TARGET_DIR
+  if ROOT_FROM_MKCERT="$($MKCERT_BIN -CAROOT 2>/dev/null || true)"; then
+    if [[ -f "$ROOT_FROM_MKCERT/rootCA.pem" ]]; then
+      cp "$ROOT_FROM_MKCERT/rootCA.pem" "$ROOT_PEM"
+      info "Copied mkcert root CA to $ROOT_PEM"
+    fi
+  fi
+  # create fullchain (cert followed by root CA)
+  if [[ -f "$ROOT_PEM" ]]; then
+    cat "$CERT_FILE" "$ROOT_PEM" > "$FULLCHAIN_FILE"
+    info "Created fullchain: $FULLCHAIN_FILE"
+  else
+    cp "$CERT_FILE" "$FULLCHAIN_FILE"
+    info "No root CA found to append; fullchain contains only leaf cert: $FULLCHAIN_FILE"
+  fi
+  return 0
+}
+
+use_openssl() {
+  command -v openssl >/dev/null 2>&1 || { err "openssl required"; return 1; }
+  ROOT_KEY="$TARGET_DIR/rootCA.key"
+  if [[ ! -f "$ROOT_KEY" || ! -f "$ROOT_PEM" ]]; then
+    openssl genrsa -out "$ROOT_KEY" 4096
+    openssl req -x509 -new -nodes -key "$ROOT_KEY" -sha256 -days 3650 -out "$ROOT_PEM" -subj "/CN=Local Development Root CA"
+  fi
+  CSR_KEY="$TARGET_DIR/${NAME_SAFE}.key"
+  CSR_PEM="$TARGET_DIR/${NAME_SAFE}.csr"
+  openssl genrsa -out "$CSR_KEY" 2048
+  openssl req -new -key "$CSR_KEY" -out "$CSR_PEM" -subj "/CN=${DOMAIN_ARR[0]}"
+  V3EXT="$TARGET_DIR/v3.ext"
+  printf 'authorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage = digitalSignature, keyEncipherment\nsubjectAltName = @alt_names\n\n[alt_names]\n' > "$V3EXT"
+  DNS=1; IP=1
+  for d in "${DOMAIN_ARR[@]}"; do
+    if [[ "$d" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$d" == *":"* ]]; then
+      printf 'IP.%d = %s\n' "$IP" "$d" >> "$V3EXT"; IP=$((IP+1))
+    else
+      printf 'DNS.%d = %s\n' "$DNS" "$d" >> "$V3EXT"; DNS=$((DNS+1))
+    fi
+  done
+  if openssl x509 -req -in "$CSR_PEM" -CA "$ROOT_PEM" -CAkey "$ROOT_KEY" -CAcreateserial -out "$CERT_FILE" -days 825 -sha256 -extfile "$V3EXT"; then
+    mv -f "$CSR_KEY" "$KEY_FILE"
+    # create fullchain: leaf + root
+    cat "$CERT_FILE" "$ROOT_PEM" > "$FULLCHAIN_FILE"
+    sudo cp "$ROOT_PEM" /etc/pki/ca-trust/source/anchors/ || true
+    sudo update-ca-trust extract || true
+    if command -v certutil >/dev/null 2>&1; then
+      mkdir -p "$HOME/.pki/nssdb"
+      certutil -d sql:$HOME/.pki/nssdb -A -t "CT,C,C" -n "Local Dev Root CA" -i "$ROOT_PEM" || true
+    fi
+    info "OpenSSL created cert, key and fullchain"
+    return 0
+  fi
+  err "OpenSSL failed to create certificate"
+  return 1
+}
+
+# main
+if use_mkcert; then
+  info "Done: created cert, key, fullchain and root CA in $TARGET_DIR"
+  exit 0
+else
+  info "mkcert flow failed — trying OpenSSL fallback"
+  if use_openssl; then
+    info "Done: created cert, key, fullchain and root CA in $TARGET_DIR"
+    exit 0
+  fi
+fi
+
+err "Failed to create certificates with mkcert or OpenSSL"
+exit 2

package/src/cli/baremetal.js

@@ -11,7 +11,7 @@ import dotenv from 'dotenv';
 import { loggerFactory } from '../server/logger.js';
 import { getLocalIPv4Address } from '../server/dns.js';
 import fs from 'fs-extra';
-import { Downloader } from '../server/downloader.js';
+import Downloader from '../server/downloader.js';
 import UnderpostCloudInit from './cloud-init.js';
 import { s4, timer } from '../client/components/core/CommonJs.js';
 
@@ -153,10 +153,10 @@ class UnderpostBaremetal {
       // Handle control server installation.
       if (options.controlServerInstall === true) {
         // Ensure scripts are executable and then run them.
-        shellExec(`chmod +x ${underpostRoot}/manifests/maas/maas-setup.sh`);
-        shellExec(`chmod +x ${underpostRoot}/manifests/maas/nat-iptables.sh`);
-        shellExec(`${underpostRoot}/manifests/maas/maas-setup.sh`);
-        shellExec(`${underpostRoot}/manifests/maas/nat-iptables.sh`);
+        shellExec(`chmod +x ${underpostRoot}/scripts/maas-setup.sh`);
+        shellExec(`chmod +x ${underpostRoot}/scripts/nat-iptables.sh`);
+        shellExec(`${underpostRoot}/scripts/maas-setup.sh`);
+        shellExec(`${underpostRoot}/scripts/nat-iptables.sh`);
         return;
       }
 
@@ -349,7 +349,7 @@ class UnderpostBaremetal {
             const name = url.split('/').pop().replace('.zip', '');
             const path = `../${name}`;
             if (!fs.existsSync(path)) {
-              await Downloader(url, `../${name}.zip`); // Download firmware if not exists.
+              await Downloader.downloadFile(url, `../${name}.zip`); // Download firmware if not exists.
               shellExec(`cd .. && mkdir ${name} && cd ${name} && unzip ../${name}.zip`); // Unzip firmware.
             }
             shellExec(`sudo cp -a ${path}/* ${tftpRootPath}`); // Copy firmware files to TFTP root.
@@ -530,7 +530,7 @@ menuentry '${menuentryStr}' {
         if (options.cloudInitUpdate === true) return;
 
         // Apply NAT iptables rules.
-        shellExec(`${underpostRoot}/manifests/maas/nat-iptables.sh`, { silent: true });
+        shellExec(`${underpostRoot}/scripts/nat-iptables.sh`, { silent: true });
 
         // Wait for MAC address assignment.
         logger.info('Waiting for MAC assignment...');

package/src/cli/cloud-init.js

@@ -182,7 +182,7 @@ cut -d: -f1 /etc/passwd`,
 
           // Copy the device scan script from manifests.
           logger.info('Build', `${nfsHostToolsPath}/device_scan.sh`);
-          fs.copySync(`${underpostRoot}/manifests/maas/device-scan.sh`, `${nfsHostToolsPath}/device_scan.sh`);
+          fs.copySync(`${underpostRoot}/scripts/device-scan.sh`, `${nfsHostToolsPath}/device_scan.sh`);
 
           // Build and write the config path script.
           logger.info('Build', `${nfsHostToolsPath}/config-path.sh`);

package/src/cli/cluster.js

@@ -1,3 +1,9 @@
+/**
+ * Cluster module for managing Kubernetes cluster initialization, configuration, and component deployment.
+ * @module src/cli/cluster.js
+ * @namespace UnderpostCluster
+ */
+
 import { getNpmRootPath } from '../server/conf.js';
 import { loggerFactory } from '../server/logger.js';
 import { shellExec } from '../server/process.js';
@@ -9,6 +15,13 @@ import fs from 'fs-extra';
 
 const logger = loggerFactory(import.meta);
 
+/**
+ * @class UnderpostCluster
+ * @description Manages Kubernetes cluster initialization, configuration, and component deployment.
+ * This class provides a set of static methods to handle cluster initialization, configuration,
+ * and optional component deployments.
+ * @memberof UnderpostCluster
+ */
 class UnderpostCluster {
   static API = {
     /**
@@ -45,6 +58,7 @@ class UnderpostCluster {
      * @param {boolean} [options.config=false] - Apply general host configuration (SELinux, containerd, sysctl, firewalld).
      * @param {boolean} [options.worker=false] - Configure as a worker node (for Kubeadm or K3s join).
      * @param {boolean} [options.chown=false] - Set up kubectl configuration for the current user.
+     * @memberof UnderpostCluster
      */
     async init(
       podName,
@@ -460,6 +474,7 @@ EOF
      * are applied for a healthy Kubernetes environment. It explicitly avoids
      * iptables flushing commands to prevent conflicts with Kubernetes' own network management.
      * @param {string} underpostRoot - The root directory of the underpost project.
+     * @memberof UnderpostCluster
      */
     config(options = { underpostRoot: '.' }) {
       const { underpostRoot } = options;
@@ -512,7 +527,7 @@ net.ipv4.ip_forward = 1' | sudo tee ${iptableConfPath}`,
 
       // shellExec(`sudo sysctl --system`); // Apply sysctl changes immediately
       // Apply NAT iptables rules.
-      shellExec(`${underpostRoot}/manifests/maas/nat-iptables.sh`, { silent: true });
+      shellExec(`${underpostRoot}/scripts/nat-iptables.sh`, { silent: true });
 
       // Disable firewalld (common cause of network issues in Kubernetes)
       shellExec(`sudo systemctl stop firewalld || true`); // Stop if running
@@ -523,6 +538,7 @@ net.ipv4.ip_forward = 1' | sudo tee ${iptableConfPath}`,
      * @method chown
      * @description Sets up kubectl configuration for the current user based on the cluster type.
      * @param {string} clusterType - The type of Kubernetes cluster ('kubeadm', 'k3s', or 'kind').
+     * @memberof UnderpostCluster
      */
     chown(clusterType) {
       console.log(`Setting up kubectl configuration for ${clusterType} cluster...`);
@@ -559,6 +575,7 @@ net.ipv4.ip_forward = 1' | sudo tee ${iptableConfPath}`,
      * in coredns) by restoring SELinux security contexts and safely cleaning up cluster artifacts.
      * @param {object} [options] - Configuration options for the reset.
      * @param {string} [options.underpostRoot] - The root path of the underpost project.
+     * @memberof UnderpostCluster
      */
     async safeReset(options = { underpostRoot: '.' }) {
       logger.info('Starting a safe and comprehensive reset of Kubernetes and container environments...');
@@ -653,8 +670,8 @@ net.ipv4.ip_forward = 1' | sudo tee ${iptableConfPath}`,
         shellExec('sudo iptables -F || true');
         shellExec('sudo iptables -t nat -F || true');
         // Restore iptables rules
-        shellExec(`chmod +x ${options.underpostRoot}/manifests/maas/nat-iptables.sh`);
-        shellExec(`${options.underpostRoot}/manifests/maas/nat-iptables.sh`, { silent: true });
+        shellExec(`chmod +x ${options.underpostRoot}/scripts/nat-iptables.sh`);
+        shellExec(`${options.underpostRoot}/scripts/nat-iptables.sh`, { silent: true });
         shellExec('sudo ip link del cni0 || true');
         shellExec('sudo ip link del flannel.1 || true');
 
@@ -672,6 +689,13 @@ net.ipv4.ip_forward = 1' | sudo tee ${iptableConfPath}`,
       }
     },
 
+    /**
+     * @method getResourcesCapacity
+     * @description Retrieves the capacity of resources (CPU and memory) for a specific node in the cluster.
+     * @param {string} [node=os.hostname()] - The node to query. Defaults to the current host.
+     * @returns {object} An object containing the CPU and memory capacity of the node.
+     * @memberof UnderpostCluster
+     */
     getResourcesCapacity(node) {
       const resources = {};
       const nodeName = node ?? os.hostname();
@@ -698,9 +722,11 @@ net.ipv4.ip_forward = 1' | sudo tee ${iptableConfPath}`,
 
       return resources;
     },
+
     /**
      * @method initHost
      * @description Installs essential host-level prerequisites for Kubernetes (Docker, Podman, Kind, Kubeadm, Helm).
+     * @memberof UnderpostCluster
      */
     initHost() {
       const archData = UnderpostBaremetal.API.getHostArch();
@@ -738,10 +764,12 @@ EOF`);
       shellExec(`sudo rm -rf get_helm.sh`);
       console.log('Host prerequisites installed successfully.');
     },
+
     /**
      * @method uninstallHost
      * @description Uninstalls all host components installed by initHost.
      * This includes Docker, Podman, Kind, Kubeadm, Kubelet, Kubectl, and Helm.
+     * @memberof UnderpostCluster
      */
     uninstallHost() {
       console.log('Uninstalling host components: Docker, Podman, Kind, Kubeadm, Kubelet, Kubectl, Helm.');

package/src/cli/cron.js

@@ -17,7 +17,7 @@ const logger = loggerFactory(import.meta);
 
 /**
  * UnderpostCron main module methods
- * @class
+ * @class UnderpostCron
  * @memberof UnderpostCron
  */
 class UnderpostCron {
@@ -71,6 +71,14 @@ class UnderpostCron {
         if (UnderpostCron.JOB[jobId]) await UnderpostCron.JOB[jobId].callback(deployList, options);
       }
     },
+
+    /**
+     * Get the related deploy id for the given job id
+     * @static
+     * @param {String} jobId - The job id
+     * @return {String} The related deploy id
+     * @memberof UnderpostCron
+     */
     getRelatedDeployId(jobId) {
       switch (jobId) {
         case 'dns':

package/src/cli/db.js

@@ -1,3 +1,9 @@
+/**
+ * UnderpostDB CLI index module
+ * @module src/cli/db.js
+ * @namespace UnderpostDB
+ */
+
 import { mergeFile, splitFileFactory } from '../server/conf.js';
 import { loggerFactory } from '../server/logger.js';
 import { shellExec } from '../server/process.js';
@@ -9,8 +15,36 @@ import { loadReplicas, pathPortAssignmentFactory } from '../server/conf.js';
 
 const logger = loggerFactory(import.meta);
 
+/**
+ * @class UnderpostDB
+ * @description Manages database operations and backups.
+ * This class provides a set of static methods to handle database operations,
+ * including importing and exporting data, managing database backups, and
+ * handling database connections for different providers (e.g., MariaDB, MongoDB).
+ * @memberof UnderpostDB
+ */
 class UnderpostDB {
   static API = {
+    /**
+     * @method callback
+     * @description Initiates a database backup workflow based on the provided options.
+     * This method orchestrates the backup process for multiple deployments, handling
+     * database connections, backup storage, and optional Git integration for version control.
+     * @param {string} [deployList='default'] - List of deployment IDs to include in the backup.
+     * @param {object} [options] - An object containing boolean flags for various operations.
+     * @param {boolean} [options.import=false] - Flag to import data from a backup.
+     * @param {boolean} [options.export=false] - Flag to export data to a backup.
+     * @param {string} [options.podName=false] - The name of the Kubernetes pod to use for database operations.
+     * @param {string} [options.ns=false] - The namespace to use for database operations.
+     * @param {string} [options.collections=''] - Comma-separated list of collections to include in the backup.
+     * @param {string} [options.outPath=''] - Output path for the backup file.
+     * @param {boolean} [options.drop=false] - Flag to drop the database before importing.
+     * @param {boolean} [options.preserveUUID=false] - Flag to preserve UUIDs during import.
+     * @param {boolean} [options.git=false] - Flag to enable Git integration for version control.
+     * @param {string} [options.hosts=''] - Comma-separated list of hosts to include in the backup.
+     * @param {string} [options.paths=''] - Comma-separated list of paths to include in the backup.
+     * @memberof UnderpostDB
+     */
     async callback(
       deployList = 'default',
       options = {
@@ -200,6 +234,17 @@ class UnderpostDB {
         }
       }
     },
+
+    /**
+     * @method clusterMetadataFactory
+     * @description Creates a cluster metadata object for the specified deployment.
+     * This method loads database configuration and initializes a cluster metadata object
+     * using the provided deployment ID, host, and path.
+     * @param {string} [deployId=process.env.DEFAULT_DEPLOY_ID] - The deployment ID to use.
+     * @param {string} [host=process.env.DEFAULT_DEPLOY_HOST] - The host to use.
+     * @param {string} [path=process.env.DEFAULT_DEPLOY_PATH] - The path to use.
+     * @memberof UnderpostDB
+     */
     async clusterMetadataFactory(
       deployId = process.env.DEFAULT_DEPLOY_ID,
       host = process.env.DEFAULT_DEPLOY_HOST,
@@ -227,10 +272,9 @@ class UnderpostDB {
           if (!deployId) continue;
           const confServer = loadReplicas(
             JSON.parse(fs.readFileSync(`./engine-private/conf/${deployId}/conf.server.json`, 'utf8')),
-            'proxy',
           );
           const router = await UnderpostDeploy.API.routerFactory(deployId, env);
-          const pathPortAssignmentData = pathPortAssignmentFactory(router, confServer);
+          const pathPortAssignmentData = await pathPortAssignmentFactory(deployId, router, confServer);
 
           for (const host of Object.keys(confServer)) {
             for (const { path, port } of pathPortAssignmentData[host]) {
@@ -298,6 +342,24 @@ class UnderpostDB {
       }
       await DataBaseProvider.instance[`${host}${path}`].mongoose.close();
     },
+
+    /**
+     * @method clusterMetadataBackupCallback
+     * @description Handles the backup of cluster metadata for the specified deployment.
+     * This method orchestrates the backup process for cluster metadata, including
+     * instances and crons, and handles optional Git integration for version control.
+     * @param {string} [deployId=process.env.DEFAULT_DEPLOY_ID] - The deployment ID to use.
+     * @param {string} [host=process.env.DEFAULT_DEPLOY_HOST] - The host to use.
+     * @param {string} [path=process.env.DEFAULT_DEPLOY_PATH] - The path to use.
+     * @param {object} [options] - An object containing boolean flags for various operations.
+     * @param {boolean} [options.generate=false] - Flag to generate cluster metadata.
+     * @param {boolean} [options.itc=false] - Flag to enable Git integration for version control.
+     * @param {boolean} [options.import=false] - Flag to import data from a backup.
+     * @param {boolean} [options.export=false] - Flag to export data to a backup.
+     * @param {boolean} [options.instances=false] - Flag to backup instances.
+     * @param {boolean} [options.crons=false] - Flag to backup crons.
+     * @memberof UnderpostDB
+     */
     clusterMetadataBackupCallback(
       deployId = process.env.DEFAULT_DEPLOY_ID,
       host = process.env.DEFAULT_DEPLOY_HOST,