underpost 3.0.1 → 3.0.2

package/CHANGELOG.md

@@ -1,6 +1,61 @@
 # Changelog
 
-## 2026-02-23
+## 2026-03-02
+
+### engine-cyberia
+
+- Add test in engine-cyberia cd workflow ([642d7e36](https://github.com/underpostnet/engine/commit/642d7e36155b6db5dbd36e19767dd95f146ceaf5))
+- Add build dd-cyberia shape generator exclusive module files ([188f563a](https://github.com/underpostnet/engine/commit/188f563a61d7f6bf36bef93cdd18d4e1304f9747))
+- Fix ObjectLayerEngineViewer return to list button click ([aeaead6f](https://github.com/underpostnet/engine/commit/aeaead6f5c67a03449c63c584976e9a73ccc953d))
+- Improve static generations assets in object layer generation CLI ([06694d92](https://github.com/underpostnet/engine/commit/06694d92ea1ad849e745f561b8ec9a48bfa66056))
+- Implements deterministic object layer generation CLI ([f70c9841](https://github.com/underpostnet/engine/commit/f70c9841ef2efc9187c87427cc465505487766db))
+- Implement shape generator module ([5741a38b](https://github.com/underpostnet/engine/commit/5741a38bcfb8c1c4e0ef5053a2a6a73ff50a3879))
+- Fix remove of ag grid table delete object layer delete logic ([e98953cd](https://github.com/underpostnet/engine/commit/e98953cd29767ca44c2362997f0af40cd538371b))
+- Centralize Object Layer Logic and add js docs ([ff8eefed](https://github.com/underpostnet/engine/commit/ff8eefed08349a1e3390379f760c0d9eb20aecca))
+- ObjectLayer Engine Viewer Enhancements ([0ee052e5](https://github.com/underpostnet/engine/commit/0ee052e5231f7b55576595a817742970c90cd056))
+- Add metada json editor of object layers ([abe7448f](https://github.com/underpostnet/engine/commit/abe7448f5ed7429ba1f5c5d01ed94c5c70323638))
+- Remove helia pyntype logic ([2b443d1c](https://github.com/underpostnet/engine/commit/2b443d1c0ed2261e27d5be54903c9a37cff29dd5))
+- Object Layer Deletion Cleanup IPFS ([a2dcdf23](https://github.com/underpostnet/engine/commit/a2dcdf238c32d5b5237f0650232aca0c0823f044))
+- Add Public GET Access for File Object Atlas ([826317fe](https://github.com/underpostnet/engine/commit/826317fe21dfd0b77196ef343b31461c45b5eb72))
+- Allow Cross-Origin on GET methods file, object-layer, and atlas-sprite-sheet api. ([6801839c](https://github.com/underpostnet/engine/commit/6801839cc461dbec6ca205b035ea844415779e85))
+- Add DISABLE_API_RATE_LIMIT env option ([ae72885c](https://github.com/underpostnet/engine/commit/ae72885c1178846067db52b62455d804dbe4eeba))
+
+### client-core
+
+- Fix main-body-btn-container hide logic ([221f8bfc](https://github.com/underpostnet/engine/commit/221f8bfc262048e1ca226f66f0dfab9891db3fd5))
+
+### runtime-express
+
+- Fix express rate limit trust proxy ([ed19e729](https://github.com/underpostnet/engine/commit/ed19e729eafb59d46504fb1ebe89e4bd91c05d7e))
+
+### cli-cluster
+
+- Remove unused full flag ([13df39f5](https://github.com/underpostnet/engine/commit/13df39f508d65b61378ccfca4f7bfc427dcf5fa5))
+
+### ipfs
+
+- Add ipfs client stable json stringify in addJsonToIpfs method ([c2aaf56a](https://github.com/underpostnet/engine/commit/c2aaf56a4bfc4f06147818ec5681567e27967f41))
+- Fix config map IPFS Cluster daemon bind ([7e6df963](https://github.com/underpostnet/engine/commit/7e6df963ba6da1fdc96ac5b6ab844a789901f61b))
+- server ipfs client and object layer atlas sprite sheet ipfs integration ([781e35c4](https://github.com/underpostnet/engine/commit/781e35c4903380df9e7dce7cf5d9275387a46029))
+- Implement ipfs api user-pin and client component service ([1b12e8df](https://github.com/underpostnet/engine/commit/1b12e8df6af21e1dd2edc156e176072f25c9a433))
+
+### cli-run
+
+- Implements expose-ipfs runner ([765772b8](https://github.com/underpostnet/engine/commit/765772b8fb1e7b397560464d1dc6dea0b70a9b7f))
+
+### engine-core
+
+- Clean up legacy logic and json file model ref ([b4c62a2c](https://github.com/underpostnet/engine/commit/b4c62a2cfe4fea0212be644ce333464a81056f6f))
+
+### bin-build
+
+- Add missing       packagejson overrides on dd-cyberia build repository workflow ([7ece9ed5](https://github.com/underpostnet/engine/commit/7ece9ed5500e83a1baedc4d78fd889bca6ecac3c))
+
+## New release v:3.0.1 (2026-02-22)
+
+### engine-core
+
+- Remove ENABLE_FILE_LOGS to default dev adn test env ([727486dc](https://github.com/underpostnet/engine/commit/727486dc4030921c9d1f6a7035eb1a240569fa74))
 
 ### gitlab
 

package/CLI-HELP.md

@@ -1,4 +1,4 @@
-## underpost ci/cd cli v3.0.1
+## underpost ci/cd cli v3.0.2
 
 ### Usage: `underpost [options] [command]`
   ```
@@ -379,8 +379,6 @@ Options:
   --dedicated-gpu                      Initializes the cluster with dedicated
                                        GPU base resources and environment
                                        settings.
-  --full                               Initializes the cluster with all
-                                       available statefulsets and services.
   --ns-use <ns-name>                   Switches the current Kubernetes context
                                        to the specified namespace (creates if
                                        it doesn't exist).
@@ -835,7 +833,7 @@ Options:
 Runs specified scripts using various runners.
 
 Arguments:
-  runner-id                                       The runner ID to run. Options: dev-cluster,metadata,svc-ls,svc-rm,ssh-deploy-info,dev-hosts-expose,dev-hosts-restore,cluster-build,template-deploy,template-deploy-image,clean,pull,release-deploy,ssh-deploy,ide,crypto-policy,sync,stop,ssh-deploy-stop,ssh-deploy-db-rollback,ssh-deploy-db,ssh-deploy-db-status,tz,get-proxy,instance-promote,instance,ls-deployments,host-update,dd-container,ip-info,db-client,git-conf,promote,metrics,cluster,deploy,disk-clean,disk-devices,disk-usage,dev,service,etc-hosts,sh,log,ps,ptls,release-cmt,deploy-test,sync-replica,tf-vae-test,spark-template,rmi,kill,secret,underpost-config,gpu-env,tf-gpu-test,deploy-job.
+  runner-id                                       The runner ID to run. Options: dev-cluster,ipfs-expose,metadata,svc-ls,svc-rm,ssh-deploy-info,dev-hosts-expose,dev-hosts-restore,cluster-build,template-deploy,template-deploy-image,clean,pull,release-deploy,ssh-deploy,ide,crypto-policy,sync,stop,ssh-deploy-stop,ssh-deploy-db-rollback,ssh-deploy-db,ssh-deploy-db-status,tz,get-proxy,instance-promote,instance,ls-deployments,host-update,dd-container,ip-info,db-client,git-conf,promote,metrics,cluster,deploy,disk-clean,disk-devices,disk-usage,dev,service,etc-hosts,sh,log,ps,ptls,release-cmt,deploy-test,sync-replica,tf-vae-test,spark-template,rmi,kill,secret,underpost-config,gpu-env,tf-gpu-test,deploy-job.
   path                                            The input value, identifier, or path for the operation.
 
 Options:

package/README.md

@@ -16,7 +16,7 @@
 
 <div align="center">
 
-[![Node.js CI](https://github.com/underpostnet/engine/actions/workflows/docker-image.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/docker-image.yml) [![Test](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml) [![Downloads](https://img.shields.io/npm/dm/underpost.svg)](https://www.npmjs.com/package/underpost) [![Socket Badge](https://socket.dev/api/badge/npm/package/underpost/3.0.1)](https://socket.dev/npm/package/underpost/overview/3.0.1) [![Coverage Status](https://coveralls.io/repos/github/underpostnet/engine/badge.svg?branch=master)](https://coveralls.io/github/underpostnet/engine?branch=master) [![Version](https://img.shields.io/npm/v/underpost.svg)](https://www.npmjs.org/package/underpost) [![License](https://img.shields.io/npm/l/underpost.svg)](https://www.npmjs.com/package/underpost)
+[![Node.js CI](https://github.com/underpostnet/engine/actions/workflows/docker-image.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/docker-image.yml) [![Test](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml) [![Downloads](https://img.shields.io/npm/dm/underpost.svg)](https://www.npmjs.com/package/underpost) [![Socket Badge](https://socket.dev/api/badge/npm/package/underpost/3.0.2)](https://socket.dev/npm/package/underpost/overview/3.0.2) [![Coverage Status](https://coveralls.io/repos/github/underpostnet/engine/badge.svg?branch=master)](https://coveralls.io/github/underpostnet/engine?branch=master) [![Version](https://img.shields.io/npm/v/underpost.svg)](https://www.npmjs.org/package/underpost) [![License](https://img.shields.io/npm/l/underpost.svg)](https://www.npmjs.com/package/underpost)
 
 </div>
 
@@ -60,7 +60,7 @@ npm run dev
 
 <a target="_top" href="https://www.nexodev.org/docs?cid=src">See Docs here.</a>
 
-## underpost ci/cd cli v3.0.1
+## underpost ci/cd cli v3.0.2
 
 ### Usage: `underpost [options] [command]`
   ```

package/bin/build.js

@@ -172,6 +172,7 @@ const { DefaultConf } = await import(`../conf.${confName}.js`);
         ...packageJson.dependencies,
         ...CyberiaDependencies,
       };
+      packageJson.overrides = originPackageJson.overrides;
       fs.writeFileSync(`${basePath}/bin/index.js`, fs.readFileSync(`./bin/cyberia.js`, 'utf8'), 'utf8');
       fs.copyFileSync(`./src/api/object-layer/README.md`, `${basePath}/README.md`);
       fs.copySync(`./hardhat`, `${basePath}/hardhat`);
@@ -180,6 +181,9 @@ const { DefaultConf } = await import(`../conf.${confName}.js`);
         '/src/client/ssr/pages/CyberiaServerMetrics.js',
         '/src/server/object-layer.js',
         '/src/server/atlas-sprite-sheet-generator.js',
+        '/src/server/shape-generator.js',
+        '/src/server/semantic-layer-generator.js',
+        '/test/shape-generator.test.js',
       ])
         fs.copySync(`.${path}`, `${basePath}${path}`);
 
@@ -216,4 +220,6 @@ const { DefaultConf } = await import(`../conf.${confName}.js`);
   if (fs.existsSync(`./src/ws/${confName.split('-')[1]}`)) {
     fs.copySync(`./src/ws/${confName.split('-')[1]}`, `${basePath}/src/ws/${confName.split('-')[1]}`);
   }
+  shellExec(`cd ${basePath} && npm install --ignore-scripts`);
+  shellExec(`cd ${basePath} && npm run fix`);
 }

package/bin/deploy.js

@@ -374,7 +374,9 @@ try {
       shellExec(`node bin run kill 4002`);
       shellExec(`node bin run kill 4003`);
       shellExec(`npm run update-template`);
-      shellExec(`cd ../pwa-microservices-template && npm install`);
+      shellExec(
+        `cd ../pwa-microservices-template && npm install && echo "\nENABLE_FILE_LOGS=true" >> .env.development`,
+      );
       shellExec(`cd ../pwa-microservices-template && npm run build && timeout 5s npm run dev`, {
         async: true,
       });
@@ -509,33 +511,23 @@ ${shellExec(`git log | grep Author: | sort -u`, { stdout: true }).split(`\n`).jo
       // https://besu.hyperledger.org/
       // https://github.com/hyperledger/besu/archive/refs/tags/24.9.1.tar.gz
 
-      switch (process.platform) {
-        case 'linux':
-          {
-            shellCd(`..`);
-
-            // Download the Linux binary
-            shellExec(`wget https://github.com/hyperledger/besu/releases/download/24.9.1/besu-24.9.1.tar.gz`);
+      shellCd(`..`);
 
-            // Unzip the file:
-            shellExec(`tar -xvzf besu-24.9.1.tar.gz`);
+      // Download the Linux binary
+      shellExec(`wget https://github.com/hyperledger/besu/releases/download/24.9.1/besu-24.9.1.tar.gz`);
 
-            shellCd(`besu-24.9.1`);
+      // Unzip the file:
+      shellExec(`tar -xvzf besu-24.9.1.tar.gz`);
 
-            shellExec(`bin/besu --help`);
+      shellCd(`besu-24.9.1`);
 
-            // Set env path
-            // export PATH=$PATH:/home/dd/besu-24.9.1/bin
+      shellExec(`bin/besu --help`);
 
-            // Open src
-            // shellExec(`sudo code /home/dd/besu-24.9.1 --user-data-dir="/root/.vscode-root" --no-sandbox`);
-          }
-
-          break;
+      // Set env path
+      // export PATH=$PATH:/home/dd/besu-24.9.1/bin
 
-        default:
-          break;
-      }
+      // Open src
+      // shellExec(`sudo code /home/dd/besu-24.9.1 --user-data-dir="/root/.vscode-root" --no-sandbox`);
 
       break;
     }
@@ -977,10 +969,10 @@ nvidia/gpu-operator \
             `${key}`.toUpperCase().match('MAC')
               ? 'changethis'
               : isNaN(parseFloat(privateEnv[key]))
-              ? `${privateEnv[key]}`.match(`@`)
-                ? 'admin@default.net'
-                : 'changethis'
-              : privateEnv[key];
+                ? `${privateEnv[key]}`.match(`@`)
+                  ? 'admin@default.net'
+                  : 'changethis'
+                : privateEnv[key];
         }
         return env;
       };

package/bin/file.js

@@ -97,6 +97,9 @@ try {
           './manifests/deployment/dd-template-development',
           './src/server/object-layer.js',
           './src/server/atlas-sprite-sheet-generator.js',
+          './src/server/shape-generator.js',
+          './src/server/semantic-layer-generator.js',
+          './test/shape-generator.test.js',
           'bin/cyberia.js',
         ]) {
           if (fs.existsSync(deletePath)) fs.removeSync('../pwa-microservices-template/' + deletePath);

package/manifests/cronjobs/dd-cron/dd-cron-backup.yaml

@@ -23,7 +23,7 @@ spec:
         spec:
           containers:
             - name: dd-cron-backup
-              image: underpost/underpost-engine:v3.0.1
+              image: underpost/underpost-engine:v3.0.2
               command:
                 - /bin/sh
                 - -c

package/manifests/cronjobs/dd-cron/dd-cron-dns.yaml

@@ -23,7 +23,7 @@ spec:
         spec:
           containers:
             - name: dd-cron-dns
-              image: underpost/underpost-engine:v3.0.1
+              image: underpost/underpost-engine:v3.0.2
               command:
                 - /bin/sh
                 - -c

package/manifests/deployment/dd-default-development/deployment.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: dd-default-development-blue
-          image: localhost/rockylinux9-underpost:v3.0.1
+          image: localhost/rockylinux9-underpost:v3.0.2
           #          resources:
           #            requests:
           #              memory: "124Ki"
@@ -100,7 +100,7 @@ spec:
     spec:
       containers:
         - name: dd-default-development-green
-          image: localhost/rockylinux9-underpost:v3.0.1
+          image: localhost/rockylinux9-underpost:v3.0.2
           #          resources:
           #            requests:
           #              memory: "124Ki"

package/manifests/deployment/dd-test-development/deployment.yaml

@@ -18,7 +18,7 @@ spec:
     spec:
       containers:
         - name: dd-test-development-blue
-          image: localhost/rockylinux9-underpost:v3.0.1
+          image: localhost/rockylinux9-underpost:v3.0.2
 
           command:
             - /bin/sh
@@ -103,7 +103,7 @@ spec:
     spec:
       containers:
         - name: dd-test-development-green
-          image: localhost/rockylinux9-underpost:v3.0.1
+          image: localhost/rockylinux9-underpost:v3.0.2
 
           command:
             - /bin/sh

package/manifests/ipfs/configmap.yaml

@@ -16,6 +16,13 @@ data:
       ipfs-cluster-service init
     fi
 
+    # Bind cluster APIs to 0.0.0.0 so they are reachable from other pods.
+    # By default ipfs-cluster listens on 127.0.0.1 for REST (9094),
+    # Proxy (9095) and Pinning Service (9097).
+    sed -i 's|/ip4/127\.0\.0\.1/tcp/9094|/ip4/0.0.0.0/tcp/9094|g' /data/ipfs-cluster/service.json
+    sed -i 's|/ip4/127\.0\.0\.1/tcp/9095|/ip4/0.0.0.0/tcp/9095|g' /data/ipfs-cluster/service.json
+    sed -i 's|/ip4/127\.0\.0\.1/tcp/9097|/ip4/0.0.0.0/tcp/9097|g' /data/ipfs-cluster/service.json
+
     PEER_HOSTNAME=$(cat /proc/sys/kernel/hostname)
 
     if echo "${PEER_HOSTNAME}" | grep -q "^ipfs-cluster-0"; then

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "3.0.1",
+    "version": "3.0.2",
     "description": "pwa api rest template",
     "scripts": {
         "start": "env-cmd -f .env.production node --max-old-space-size=8192 src/server",

package/src/api/file/file.controller.js

@@ -19,22 +19,12 @@ const FileController = {
   },
   get: async (req, res, options) => {
     try {
+      res.setHeader('Access-Control-Allow-Origin', '*');
+      res.setHeader('Cross-Origin-Resource-Policy', 'cross-origin');
       const result = await FileService.get(req, res, options);
       if (result instanceof Buffer) {
-        if (
-          process.env.NODE_ENV === 'development' ||
-          req.hostname === options.host ||
-          (options.origins && options.origins.find((o) => o.match(req.hostname)))
-        ) {
-          res.set('Cross-Origin-Resource-Policy', 'cross-origin');
-          return res.status(200).end(result);
-        }
-        return res.status(403).json({
-          status: 'error',
-          message: 'Forbidden',
-        });
+        return res.status(200).end(result);
       }
-
       return res.status(200).json({
         status: 'success',
         data: result,

package/src/api/file/file.ref.json

@@ -5,27 +5,6 @@
       "logo": true
     }
   },
-  {
-    "api": "cyberia-biome",
-    "model": {
-      "fileId": true,
-      "topLevelColorFileId": true
-    }
-  },
-  {
-    "api": "cyberia-tile",
-    "model": {
-      "fileId": true
-    }
-  },
-  {
-    "api": "cyberia-world",
-    "model": {
-      "adjacentFace": {
-        "fileId": true
-      }
-    }
-  },
   {
     "api": "document",
     "model": {

package/src/cli/cluster.js

@@ -37,7 +37,6 @@ class UnderpostCluster {
      * @param {boolean} [options.postgresql=false] - Deploy PostgreSQL.
      * @param {boolean} [options.valkey=false] - Deploy Valkey.
      * @param {boolean} [options.ipfs=false] - Deploy ipfs-cluster statefulset.
-     * @param {boolean} [options.full=false] - Deploy a full set of common components.
      * @param {boolean} [options.info=false] - Display extensive Kubernetes cluster information.
      * @param {boolean} [options.certManager=false] - Deploy Cert-Manager for certificate management.
      * @param {boolean} [options.listPods=false] - List Kubernetes pods.
@@ -75,7 +74,6 @@ class UnderpostCluster {
         postgresql: false,
         valkey: false,
         ipfs: false,
-        full: false,
         info: false,
         certManager: false,
         listPods: false,
@@ -102,26 +100,22 @@ class UnderpostCluster {
         replicas: '',
       },
     ) {
-      // Handles initial host setup (installing docker, podman, kind, kubeadm, helm)
-      if (options.initHost === true) return Underpost.cluster.initHost();
+      if (options.initHost) return Underpost.cluster.initHost();
 
-      // Handles initial host setup (installing docker, podman, kind, kubeadm, helm)
-      if (options.uninstallHost === true) return Underpost.cluster.uninstallHost();
+      if (options.uninstallHost) return Underpost.cluster.uninstallHost();
 
-      // Applies general host configuration (SELinux, containerd, sysctl)
-      if (options.config === true) return Underpost.cluster.config();
+      if (options.config) return Underpost.cluster.config();
 
-      // Sets up kubectl configuration for the current user
-      if (options.chown === true) return Underpost.cluster.chown();
+      if (options.chown) return Underpost.cluster.chown();
 
       const npmRoot = getNpmRootPath();
-      const underpostRoot = options?.dev === true ? '.' : `${npmRoot}/underpost`;
+      const underpostRoot = options.dev ? '.' : `${npmRoot}/underpost`;
 
-      if (options.listPods === true) return console.table(Underpost.deploy.get(podName ?? undefined));
+      if (options.listPods) return console.table(Underpost.deploy.get(podName ?? undefined));
       // Set default namespace if not specified
       if (!options.namespace) options.namespace = 'default';
 
-      if (options.nsUse && typeof options.nsUse === 'string') {
+      if (options.nsUse) {
         // Verify if namespace exists, create if not
         const namespaceExists = shellExec(`kubectl get namespace ${options.nsUse} --ignore-not-found -o name`, {
           stdout: true,
@@ -142,8 +136,8 @@ class UnderpostCluster {
       }
 
       // Reset Kubernetes cluster components (Kind/Kubeadm/K3s) and container runtimes
-      if (options.reset === true) {
-        const clusterType = options.k3s === true ? 'k3s' : options.kubeadm === true ? 'kubeadm' : 'kind';
+      if (options.reset) {
+        const clusterType = options.k3s ? 'k3s' : options.kubeadm ? 'kubeadm' : 'kind';
         return await Underpost.cluster.safeReset({
           underpostRoot,
           removeVolumeHostPaths: options.removeVolumeHostPaths,
@@ -160,7 +154,7 @@ class UnderpostCluster {
       // --- Kubeadm/Kind/K3s Cluster Initialization ---
       if (!alreadyKubeadmCluster && !alreadyKindCluster && !alreadyK3sCluster) {
         Underpost.cluster.config();
-        if (options.k3s === true) {
+        if (options.k3s) {
           logger.info('Initializing K3s control plane...');
           // Install K3s
           logger.info('Installing K3s...');
@@ -172,7 +166,7 @@ class UnderpostCluster {
           logger.info('Waiting for K3s to be ready...');
           shellExec(`sudo systemctl is-active --wait k3s || sudo systemctl wait --for=active k3s.service`);
           logger.info('K3s service is active.');
-        } else if (options.kubeadm === true) {
+        } else if (options.kubeadm) {
           logger.info('Initializing Kubeadm control plane...');
           // Set default values if not provided
           const podNetworkCidr = options.podNetworkCidr || '192.168.0.0/16';
@@ -208,7 +202,7 @@ class UnderpostCluster {
           logger.info('Initializing Kind cluster...');
           shellExec(
             `cd ${underpostRoot}/manifests && kind create cluster --config kind-config${
-              options?.dev === true ? '-dev' : ''
+              options.dev ? '-dev' : ''
             }.yaml`,
           );
           Underpost.cluster.chown('kind'); // Pass 'kind' to chown
@@ -218,14 +212,12 @@ class UnderpostCluster {
       // --- Optional Component Deployments (Databases, Ingress, Cert-Manager) ---
       // These deployments happen after the base cluster is up.
 
-      if (options.full === true || options.dedicatedGpu === true) {
+      if (options.dedicatedGpu) {
         shellExec(`node ${underpostRoot}/bin/deploy nvidia-gpu-operator`);
-        shellExec(
-          `node ${underpostRoot}/bin/deploy kubeflow-spark-operator${options.kubeadm === true ? ' kubeadm' : ''}`,
-        );
+        shellExec(`node ${underpostRoot}/bin/deploy kubeflow-spark-operator${options.kubeadm ? ' kubeadm' : ''}`);
       }
 
-      if (options.grafana === true) {
+      if (options.grafana) {
         shellExec(`kubectl delete deployment grafana -n ${options.namespace} --ignore-not-found`);
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/grafana -n ${options.namespace}`);
         const yaml = `${fs
@@ -238,7 +230,7 @@ EOF
 `);
       }
 
-      if (options.prom && typeof options.prom === 'string') {
+      if (options.prom) {
         shellExec(`kubectl delete deployment prometheus --ignore-not-found`);
         shellExec(`kubectl delete configmap prometheus-config --ignore-not-found`);
         shellExec(`kubectl delete service prometheus --ignore-not-found`);
@@ -257,8 +249,8 @@ EOF
 `);
       }
 
-      if (options.full === true || options.valkey === true) {
-        if (options.pullImage === true) Underpost.cluster.pullImage('valkey/valkey:latest', options);
+      if (options.valkey) {
+        if (options.pullImage) Underpost.cluster.pullImage('valkey/valkey:latest', options);
         shellExec(`kubectl delete statefulset valkey-service -n ${options.namespace} --ignore-not-found`);
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/valkey -n ${options.namespace}`);
         await Underpost.test.statusMonitor('valkey-service', 'Running', 'pods', 1000, 60 * 10);
@@ -266,17 +258,17 @@ EOF
       if (options.ipfs) {
         await Underpost.ipfs.deploy(options, underpostRoot);
       }
-      if (options.full === true || options.mariadb === true) {
+      if (options.mariadb) {
         shellExec(
           `sudo kubectl create secret generic mariadb-secret --from-file=username=/home/dd/engine/engine-private/mariadb-username --from-file=password=/home/dd/engine/engine-private/mariadb-password --dry-run=client -o yaml | kubectl apply -f - -n ${options.namespace}`,
         );
         shellExec(`kubectl delete statefulset mariadb-statefulset -n ${options.namespace} --ignore-not-found`);
 
-        if (options.pullImage === true) Underpost.cluster.pullImage('mariadb:latest', options);
+        if (options.pullImage) Underpost.cluster.pullImage('mariadb:latest', options);
         shellExec(`kubectl apply -f ${underpostRoot}/manifests/mariadb/storage-class.yaml -n ${options.namespace}`);
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/mariadb -n ${options.namespace}`);
       }
-      if (options.full === true || options.mysql === true) {
+      if (options.mysql) {
         shellExec(
           `sudo kubectl create secret generic mysql-secret --from-file=username=/home/dd/engine/engine-private/mysql-username --from-file=password=/home/dd/engine/engine-private/mysql-password --dry-run=client -o yaml | kubectl apply -f - -n ${options.namespace}`,
         );
@@ -285,15 +277,15 @@ EOF
         shellExec(`sudo chown -R $(whoami):$(whoami) /mnt/data`);
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/mysql -n ${options.namespace}`);
       }
-      if (options.full === true || options.postgresql === true) {
-        if (options.pullImage === true) Underpost.cluster.pullImage('postgres:latest', options);
+      if (options.postgresql) {
+        if (options.pullImage) Underpost.cluster.pullImage('postgres:latest', options);
         shellExec(
           `sudo kubectl create secret generic postgres-secret --from-file=password=/home/dd/engine/engine-private/postgresql-password --dry-run=client -o yaml | kubectl apply -f - -n ${options.namespace}`,
         );
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/postgresql -n ${options.namespace}`);
       }
-      if (options.mongodb4 === true) {
-        if (options.pullImage === true) Underpost.cluster.pullImage('mongo:4.4', options);
+      if (options.mongodb4) {
+        if (options.pullImage) Underpost.cluster.pullImage('mongo:4.4', options);
         shellExec(`kubectl apply -k ${underpostRoot}/manifests/mongodb-4.4 -n ${options.namespace}`);
 
         const deploymentName = 'mongodb-deployment';
@@ -314,8 +306,8 @@ EOF
         --eval 'rs.initiate(${JSON.stringify(mongoConfig)})'`,
           );
         }
-      } else if (options.full === true || options.mongodb === true) {
-        if (options.pullImage === true) Underpost.cluster.pullImage('mongo:latest', options);
+      } else if (options.mongodb) {
+        if (options.pullImage) Underpost.cluster.pullImage('mongo:latest', options);
         shellExec(
           `sudo kubectl create secret generic mongodb-keyfile --from-file=/home/dd/engine/engine-private/mongodb-keyfile --dry-run=client -o yaml | kubectl apply -f - -n ${options.namespace}`,
         );
@@ -344,11 +336,11 @@ EOF
         }
       }
 
-      if (options.full === true || options.contour === true) {
+      if (options.contour) {
         shellExec(
           `kubectl apply -f https://cdn.jsdelivr.net/gh/projectcontour/contour@release-1.33/examples/render/contour.yaml`,
         );
-        if (options.kubeadm === true) {
+        if (options.kubeadm) {
           // Envoy service might need NodePort for kubeadm
           shellExec(
             `sudo kubectl apply -f ${underpostRoot}/manifests/envoy-service-nodeport.yaml -n ${options.namespace}`,
@@ -358,7 +350,7 @@ EOF
         // so a specific NodePort service might not be needed or can be configured differently.
       }
 
-      if (options.full === true || options.certManager === true) {
+      if (options.certManager) {
         if (!Underpost.deploy.get('cert-manager').find((p) => p.STATUS === 'Running')) {
           shellExec(`helm repo add jetstack https://charts.jetstack.io --force-update`);
           shellExec(

package/src/cli/index.js

@@ -218,7 +218,6 @@ program
   .option('--contour', 'Initializes the cluster with Project Contour base HTTPProxy and Envoy.')
   .option('--cert-manager', "Initializes the cluster with a Let's Encrypt production ClusterIssuer.")
   .option('--dedicated-gpu', 'Initializes the cluster with dedicated GPU base resources and environment settings.')
-  .option('--full', 'Initializes the cluster with all available statefulsets and services.')
   .option(
     '--ns-use <ns-name>',
     "Switches the current Kubernetes context to the specified namespace (creates if it doesn't exist).",

package/src/cli/run.js

@@ -217,6 +217,20 @@ class UnderpostRun {
       }
     },
 
+    /**
+     * @method ipfs-expose
+     * @description Exposes IPFS Cluster services on specified ports for local access.
+     * @type {Function}
+     * @memberof UnderpostRun
+     */
+    'ipfs-expose': (path, options = DEFAULT_OPTION) => {
+      const ports = [5001, 9094, 8080];
+      for (const port of ports)
+        shellExec(`node bin deploy --expose ipfs-cluster --expose-port ${port} --disable-update-underpost-config`, {
+          async: true,
+        });
+    },
+
     /**
      * @method metadata
      * @description Generates metadata for the specified path after exposing the development cluster.

package/src/client/components/core/LoadingAnimation.js

@@ -27,8 +27,8 @@ const LoadingAnimation = {
                 ? subThemeManager.darkColor
                 : `#66e400`
               : subThemeManager.lightColor
-              ? subThemeManager.lightColor
-              : `#157e00`};"
+                ? subThemeManager.lightColor
+                : `#157e00`};"
           ></div>
         `,
       );
@@ -131,7 +131,6 @@ const LoadingAnimation = {
     if (!backgroundContainer) backgroundContainer = '.ssr-background';
     if (s(backgroundContainer)) {
       s(backgroundContainer).style.display = 'none';
-      if (s(`.main-body-btn-container`)) s(`.main-body-btn-container`).classList.remove('hide');
       if (callBack) callBack();
     }
   },

package/src/client/components/core/Modal.js

@@ -322,7 +322,7 @@ const Modal = {
                 'body',
                 html`
                   <div
-                    class="abs main-body-btn-container hide"
+                    class="abs main-body-btn-container"
                     style="top: ${options.heightTopBar + 50}px; z-index: 9; ${true ||
                     (options.mode && options.mode.match('right'))
                       ? 'right'

package/src/index.js

@@ -42,7 +42,7 @@ class Underpost {
    * @type {String}
    * @memberof Underpost
    */
-  static version = 'v3.0.1';
+  static version = 'v3.0.2';
 
   /**
    * Required Node.js major version

package/src/runtime/express/Express.js

@@ -99,7 +99,7 @@ class ExpressService {
 
     if (origins && isDevProxyContext())
       origins.push(devProxyHostFactory({ host, includeHttp: true, tls: isTlsDevProxy() }));
-    app.set('trust proxy', true);
+    app.set('trust proxy', 1);
 
     app.use((req, res, next) => {
       res.on('finish', () => {

package/src/server/auth.js

@@ -647,24 +647,24 @@ function applySecurity(app, opts = {}) {
     }),
   );
   logger.info('Cors origin', origin);
-
-  // Rate limiting + slow down
-  const limiter = rateLimit({
-    windowMs: rate.windowMs,
-    max: rate.max,
-    standardHeaders: true,
-    legacyHeaders: false,
-    message: { error: 'Too many requests, please try again later.' },
-  });
-  app.use(limiter);
-
-  const speedLimiter = slowDown({
-    windowMs: slowdown.windowMs,
-    delayAfter: slowdown.delayAfter,
-    delayMs: () => slowdown.delayMs,
-  });
-  app.use(speedLimiter);
-
+  if (!process.env.DISABLE_API_RATE_LIMIT) {
+    // Rate limiting + slow down
+    const limiter = rateLimit({
+      windowMs: rate.windowMs,
+      max: rate.max,
+      standardHeaders: true,
+      legacyHeaders: false,
+      message: { error: 'Too many requests, please try again later.' },
+    });
+    app.use(limiter);
+
+    const speedLimiter = slowDown({
+      windowMs: slowdown.windowMs,
+      delayAfter: slowdown.delayAfter,
+      delayMs: () => slowdown.delayMs,
+    });
+    app.use(speedLimiter);
+  }
   // Cookie parsing
   app.use(cookieParser(process.env.JWT_SECRET));
 }

package/src/server/ipfs-client.js

@@ -0,0 +1,433 @@
+/**
+ * Lightweight IPFS HTTP client for communicating with a Kubo (go-ipfs) node
+ * and an IPFS Cluster daemon running side-by-side in the same StatefulSet.
+ *
+ * Kubo API  (port 5001) – add / pin / cat content.
+ * Cluster API (port 9094) – replicate pins across the cluster.
+ *
+ * Uses native `FormData` + `Blob` (Node ≥ 18) for reliable multipart encoding.
+ *
+ * @module src/server/ipfs-client.js
+ * @namespace IpfsClient
+ */
+
+import stringify from 'fast-json-stable-stringify';
+import { loggerFactory } from './logger.js';
+
+const logger = loggerFactory(import.meta);
+
+// ─────────────────────────────────────────────────────────
+//  URL helpers
+// ─────────────────────────────────────────────────────────
+
+/**
+ * Base URL of the Kubo RPC API (port 5001).
+ * @returns {string}
+ */
+const getIpfsApiUrl = () =>
+  process.env.IPFS_API_URL || `http://${process.env.NODE_ENV === 'development' ? 'localhost' : 'ipfs-cluster'}:5001`;
+
+/**
+ * Base URL of the IPFS Cluster REST API (port 9094).
+ * @returns {string}
+ */
+const getClusterApiUrl = () =>
+  process.env.IPFS_CLUSTER_API_URL ||
+  `http://${process.env.NODE_ENV === 'development' ? 'localhost' : 'ipfs-cluster'}:9094`;
+
+/**
+ * Base URL of the IPFS HTTP Gateway (port 8080).
+ * @returns {string}
+ */
+const getGatewayUrl = () =>
+  process.env.IPFS_GATEWAY_URL ||
+  `http://${process.env.NODE_ENV === 'development' ? 'localhost' : 'ipfs-cluster'}:8080`;
+
+// ─────────────────────────────────────────────────────────
+//  Core: add content
+// ─────────────────────────────────────────────────────────
+
+/**
+ * @typedef {Object} IpfsAddResult
+ * @property {string} cid  – CID (Content Identifier) returned by the node.
+ * @property {number} size – Cumulative DAG size reported by the node.
+ */
+
+/**
+ * Add arbitrary bytes to the Kubo node AND pin them on the IPFS Cluster.
+ *
+ * 1. `POST /api/v0/add?pin=true` to Kubo (5001) – stores + locally pins.
+ * 2. `POST /pins/<CID>` to the Cluster REST API (9094) – replicates the pin
+ *    across every peer so `GET /pins` on the cluster shows the content.
+ * 3. Copies into MFS so the Web UI "Files" section shows the file.
+ *
+ * @param {Buffer|string} content   – raw bytes or a UTF-8 string to store.
+ * @param {string}        [filename='data'] – logical filename for the upload.
+ * @param {string}        [mfsPath]  – optional full MFS path.
+ *                                     When omitted defaults to `/pinned/<filename>`.
+ * @returns {Promise<IpfsAddResult|null>} `null` when the node is unreachable.
+ */
+const addToIpfs = async (content, filename = 'data', mfsPath) => {
+  const kuboUrl = getIpfsApiUrl();
+  const clusterUrl = getClusterApiUrl();
+
+  // Build multipart body using native FormData + Blob (Node ≥ 18).
+  const buf = Buffer.isBuffer(content) ? content : Buffer.from(content, 'utf-8');
+  const formData = new FormData();
+  formData.append('file', new Blob([buf]), filename);
+
+  // ── Step 1: add to Kubo ──────────────────────────────
+  let cid;
+  let size;
+  try {
+    const res = await fetch(`${kuboUrl}/api/v0/add?pin=true&cid-version=1`, {
+      method: 'POST',
+      body: formData,
+    });
+
+    if (!res.ok) {
+      const text = await res.text();
+      logger.error(`IPFS Kubo add failed (${res.status}): ${text}`);
+      return null;
+    }
+
+    const json = await res.json();
+    cid = json.Hash;
+    size = Number(json.Size);
+    logger.info(`IPFS Kubo add OK – CID: ${cid}, size: ${size}`);
+  } catch (err) {
+    logger.warn(`IPFS Kubo node unreachable at ${kuboUrl}: ${err.message}`);
+    return null;
+  }
+
+  // ── Step 2: pin to the Cluster ───────────────────────
+  try {
+    const clusterRes = await fetch(`${clusterUrl}/pins/${encodeURIComponent(cid)}`, {
+      method: 'POST',
+    });
+
+    if (!clusterRes.ok) {
+      const text = await clusterRes.text();
+      logger.warn(`IPFS Cluster pin failed (${clusterRes.status}): ${text}`);
+    } else {
+      logger.info(`IPFS Cluster pin OK – CID: ${cid}`);
+    }
+  } catch (err) {
+    logger.warn(`IPFS Cluster unreachable at ${clusterUrl}: ${err.message}`);
+  }
+
+  // ── Step 3: copy into MFS so the Web UI "Files" section shows it ─
+  const destPath = mfsPath || `/pinned/${filename}`;
+  const destDir = destPath.substring(0, destPath.lastIndexOf('/')) || '/';
+  try {
+    // Ensure parent directory exists in MFS
+    await fetch(`${kuboUrl}/api/v0/files/mkdir?arg=${encodeURIComponent(destDir)}&parents=true`, { method: 'POST' });
+
+    // Remove existing entry if present (cp fails on duplicates)
+    await fetch(`${kuboUrl}/api/v0/files/rm?arg=${encodeURIComponent(destPath)}&force=true`, {
+      method: 'POST',
+    });
+
+    // Copy the CID into MFS
+    const cpRes = await fetch(
+      `${kuboUrl}/api/v0/files/cp?arg=/ipfs/${encodeURIComponent(cid)}&arg=${encodeURIComponent(destPath)}`,
+      { method: 'POST' },
+    );
+
+    if (!cpRes.ok) {
+      const text = await cpRes.text();
+      logger.warn(`IPFS MFS cp failed (${cpRes.status}): ${text}`);
+    } else {
+      logger.info(`IPFS MFS cp OK – ${destPath} → ${cid}`);
+    }
+  } catch (err) {
+    logger.warn(`IPFS MFS cp unreachable: ${err.message}`);
+  }
+
+  return { cid, size };
+};
+
+// ─────────────────────────────────────────────────────────
+//  Convenience wrappers
+// ─────────────────────────────────────────────────────────
+
+/**
+ * Add a JSON-serialisable object to IPFS.
+ *
+ * @param {any}    obj               – value to serialise.
+ * @param {string} [filename='data.json']
+ * @param {string} [mfsPath]         – optional full MFS destination path.
+ * @returns {Promise<IpfsAddResult|null>}
+ */
+const addJsonToIpfs = async (obj, filename = 'data.json', mfsPath) => {
+  const payload = stringify(obj);
+  return addToIpfs(Buffer.from(payload, 'utf-8'), filename, mfsPath);
+};
+
+/**
+ * Add a binary buffer (e.g. a PNG image) to IPFS.
+ *
+ * @param {Buffer} buffer   – raw image / file bytes.
+ * @param {string} filename – e.g. `"atlas.png"`.
+ * @param {string} [mfsPath] – optional full MFS destination path.
+ * @returns {Promise<IpfsAddResult|null>}
+ */
+const addBufferToIpfs = async (buffer, filename, mfsPath) => {
+  return addToIpfs(buffer, filename, mfsPath);
+};
+
+// ─────────────────────────────────────────────────────────
+//  Pin management
+// ─────────────────────────────────────────────────────────
+
+/**
+ * Explicitly pin an existing CID on both the Kubo node and the Cluster.
+ *
+ * @param {string} cid
+ * @param {string} [type='recursive'] – `'recursive'` | `'direct'`
+ * @returns {Promise<boolean>} `true` when at least the Kubo pin succeeded.
+ */
+const pinCid = async (cid, type = 'recursive') => {
+  const kuboUrl = getIpfsApiUrl();
+  const clusterUrl = getClusterApiUrl();
+  let kuboOk = false;
+
+  // Kubo pin
+  try {
+    const res = await fetch(`${kuboUrl}/api/v0/pin/add?arg=${encodeURIComponent(cid)}&type=${type}`, {
+      method: 'POST',
+    });
+    if (!res.ok) {
+      const text = await res.text();
+      logger.error(`IPFS Kubo pin/add failed (${res.status}): ${text}`);
+    } else {
+      kuboOk = true;
+      logger.info(`IPFS Kubo pin OK – CID: ${cid} (${type})`);
+    }
+  } catch (err) {
+    logger.warn(`IPFS Kubo pin unreachable: ${err.message}`);
+  }
+
+  // Cluster pin
+  try {
+    const clusterRes = await fetch(`${clusterUrl}/pins/${encodeURIComponent(cid)}`, {
+      method: 'POST',
+    });
+    if (!clusterRes.ok) {
+      const text = await clusterRes.text();
+      logger.warn(`IPFS Cluster pin failed (${clusterRes.status}): ${text}`);
+    } else {
+      logger.info(`IPFS Cluster pin OK – CID: ${cid}`);
+    }
+  } catch (err) {
+    logger.warn(`IPFS Cluster pin unreachable: ${err.message}`);
+  }
+
+  return kuboOk;
+};
+
+/**
+ * Unpin a CID from both the Kubo node and the Cluster.
+ *
+ * @param {string} cid
+ * @returns {Promise<boolean>}
+ */
+const unpinCid = async (cid) => {
+  const kuboUrl = getIpfsApiUrl();
+  const clusterUrl = getClusterApiUrl();
+  let kuboOk = false;
+
+  // Cluster unpin
+  try {
+    const clusterRes = await fetch(`${clusterUrl}/pins/${encodeURIComponent(cid)}`, {
+      method: 'DELETE',
+    });
+    if (!clusterRes.ok) {
+      const text = await clusterRes.text();
+      logger.warn(`IPFS Cluster unpin failed (${clusterRes.status}): ${text}`);
+    } else {
+      logger.info(`IPFS Cluster unpin OK – CID: ${cid}`);
+    }
+  } catch (err) {
+    logger.warn(`IPFS Cluster unpin unreachable: ${err.message}`);
+  }
+
+  // Kubo unpin
+  try {
+    const res = await fetch(`${kuboUrl}/api/v0/pin/rm?arg=${encodeURIComponent(cid)}`, {
+      method: 'POST',
+    });
+    if (!res.ok) {
+      const text = await res.text();
+      // "not pinned or pinned indirectly" means the CID is already unpinned – treat as success
+      if (text.includes('not pinned')) {
+        kuboOk = true;
+        logger.info(`IPFS Kubo unpin – CID already not pinned: ${cid}`);
+      } else {
+        logger.warn(`IPFS Kubo pin/rm failed (${res.status}): ${text}`);
+      }
+    } else {
+      kuboOk = true;
+      logger.info(`IPFS Kubo unpin OK – CID: ${cid}`);
+    }
+  } catch (err) {
+    logger.warn(`IPFS Kubo unpin unreachable: ${err.message}`);
+  }
+
+  return kuboOk;
+};
+
+// ─────────────────────────────────────────────────────────
+//  Retrieval
+// ─────────────────────────────────────────────────────────
+
+/**
+ * Retrieve raw bytes for a CID from the IPFS HTTP Gateway (port 8080).
+ *
+ * @param {string} cid
+ * @returns {Promise<Buffer|null>}
+ */
+const getFromIpfs = async (cid) => {
+  const url = getGatewayUrl();
+  try {
+    const res = await fetch(`${url}/ipfs/${encodeURIComponent(cid)}`);
+    if (!res.ok) {
+      logger.error(`IPFS gateway GET failed (${res.status}) for ${cid}`);
+      return null;
+    }
+    const arrayBuffer = await res.arrayBuffer();
+    return Buffer.from(arrayBuffer);
+  } catch (err) {
+    logger.warn(`IPFS gateway unreachable at ${url}: ${err.message}`);
+    return null;
+  }
+};
+
+// ─────────────────────────────────────────────────────────
+//  Diagnostics
+// ─────────────────────────────────────────────────────────
+
+/**
+ * List all pins tracked by the IPFS Cluster (port 9094).
+ * Each line in the response is a JSON object with at least a `cid` field.
+ *
+ * @returns {Promise<Array<{ cid: string, name: string, peer_map: object }>>}
+ */
+const listClusterPins = async () => {
+  const clusterUrl = getClusterApiUrl();
+  try {
+    const res = await fetch(`${clusterUrl}/pins`);
+    if (res.status === 204) {
+      // 204 No Content → the cluster has no pins at all.
+      return [];
+    }
+    if (!res.ok) {
+      const text = await res.text();
+      logger.error(`IPFS Cluster list pins failed (${res.status}): ${text}`);
+      return [];
+    }
+    const text = await res.text();
+    // The cluster streams one JSON object per line (NDJSON).
+    return text
+      .split('\n')
+      .filter((line) => line.trim())
+      .map((line) => {
+        try {
+          return JSON.parse(line);
+        } catch {
+          return null;
+        }
+      })
+      .filter(Boolean);
+  } catch (err) {
+    logger.warn(`IPFS Cluster unreachable at ${clusterUrl}: ${err.message}`);
+    return [];
+  }
+};
+
+/**
+ * List pins tracked by the local Kubo node (port 5001).
+ *
+ * @param {string} [type='recursive'] – `'all'` | `'recursive'` | `'direct'` | `'indirect'`
+ * @returns {Promise<Object<string, { Type: string }>>} Map of CID → pin info.
+ */
+const listKuboPins = async (type = 'recursive') => {
+  const kuboUrl = getIpfsApiUrl();
+  try {
+    const res = await fetch(`${kuboUrl}/api/v0/pin/ls?type=${type}`, {
+      method: 'POST',
+    });
+    if (!res.ok) {
+      const text = await res.text();
+      logger.error(`IPFS Kubo pin/ls failed (${res.status}): ${text}`);
+      return {};
+    }
+    const json = await res.json();
+    return json.Keys || {};
+  } catch (err) {
+    logger.warn(`IPFS Kubo pin/ls unreachable: ${err.message}`);
+    return {};
+  }
+};
+
+// ─────────────────────────────────────────────────────────
+//  MFS management
+// ─────────────────────────────────────────────────────────
+
+/**
+ * Remove a file or directory from the Kubo MFS (Mutable File System).
+ * This cleans up entries visible in the IPFS Web UI "Files" section.
+ *
+ * @param {string} mfsPath – Full MFS path to remove, e.g. `/pinned/myfile.json`
+ *                           or `/object-layer/itemId`.
+ * @param {boolean} [recursive=true] – When `true`, removes directories recursively.
+ * @returns {Promise<boolean>} `true` when the removal succeeded or the path didn't exist.
+ */
+const removeMfsPath = async (mfsPath, recursive = true) => {
+  const kuboUrl = getIpfsApiUrl();
+  try {
+    // First check if the path exists via stat; if it doesn't we can return early.
+    const statRes = await fetch(`${kuboUrl}/api/v0/files/stat?arg=${encodeURIComponent(mfsPath)}`, { method: 'POST' });
+    if (!statRes.ok) {
+      // Path doesn't exist – nothing to remove.
+      logger.info(`IPFS MFS rm – path does not exist, skipping: ${mfsPath}`);
+      return true;
+    }
+
+    const rmRes = await fetch(
+      `${kuboUrl}/api/v0/files/rm?arg=${encodeURIComponent(mfsPath)}&force=true${recursive ? '&recursive=true' : ''}`,
+      { method: 'POST' },
+    );
+    if (!rmRes.ok) {
+      const text = await rmRes.text();
+      logger.warn(`IPFS MFS rm failed (${rmRes.status}): ${text}`);
+      return false;
+    }
+    logger.info(`IPFS MFS rm OK – ${mfsPath}`);
+    return true;
+  } catch (err) {
+    logger.warn(`IPFS MFS rm unreachable: ${err.message}`);
+    return false;
+  }
+};
+
+// ─────────────────────────────────────────────────────────
+//  Export
+// ─────────────────────────────────────────────────────────
+
+const IpfsClient = {
+  getIpfsApiUrl,
+  getClusterApiUrl,
+  getGatewayUrl,
+  addToIpfs,
+  addJsonToIpfs,
+  addBufferToIpfs,
+  pinCid,
+  unpinCid,
+  getFromIpfs,
+  listClusterPins,
+  listKuboPins,
+  removeMfsPath,
+};
+
+export { IpfsClient };

package/bin/ssl.js

@@ -1,63 +0,0 @@
-import fs from 'fs';
-import read from 'read';
-import dotenv from 'dotenv';
-import { getRootDirectory, pbcopy, shellExec } from '../src/server/process.js';
-import { loggerFactory } from '../src/server/logger.js';
-import { Cmd, loadConf } from '../src/server/conf.js';
-import { buildSSL } from '../src/server/ssl.js';
-
-dotenv.config();
-
-const logger = loggerFactory(import.meta);
-
-await logger.setUpInfo();
-
-const [exe, dir, deployId, hosts] = process.argv;
-
-try {
-  let cmd;
-  await loadConf(deployId);
-  shellExec(Cmd.conf(deployId));
-  const confServer = JSON.parse(fs.readFileSync(`./conf/conf.server.json`, 'utf8'));
-  for (const host of hosts.split(',')) {
-    if (host in confServer) {
-      const directory = confServer[host]['/']?.['directory'] ? confServer[host]['/']['directory'] : undefined;
-      cmd = `sudo certbot certonly --webroot --webroot-path ${
-        directory ? directory : `${getRootDirectory()}/public/${host}`
-      } --cert-name ${host} -d ${host}`;
-      // directory ? directory : `${getRootDirectory()}/public/${host}`
-      // directory ? directory : `${getRootDirectory()}/public/www.${host.split('.').slice(-2).join('.')}`
-
-      // You can get multi domain cert by specifying (extra) -d
-      // For example
-      // certbot -d example.com -d example.net -d www.example.org
-
-      // delete all file (no increment live folder)
-      // certbot delete --cert-name <domain>
-
-      logger.info(`Run the following command`, cmd);
-      try {
-        await pbcopy(cmd);
-        await read({ prompt: 'Command copy to clipboard, press enter to continue.\n' });
-      } catch (error) {
-        logger.error(error);
-      }
-      // Certificate
-      if (process.argv.includes('build')) await buildSSL(host);
-      logger.info('Certificate saved', host);
-    } else throw new Error(`host not found: ${host}`);
-  }
-  // check for renewal conf:
-  // /etc/letsencrypt/renewal
-  // /etc/letsencrypt/live
-  cmd = `sudo certbot renew --dry-run`;
-  try {
-    await pbcopy(cmd);
-  } catch (error) {
-    logger.error(error);
-  }
-  logger.info(`run the following command for renewal. Command copy to clipboard`, cmd);
-  logger.info(`success install SLL`, hosts);
-} catch (error) {
-  logger.error(error, error.stack);
-}