underpost 3.2.14 → 3.2.21

package/CHANGELOG.md

@@ -1,6 +1,62 @@
 # Changelog
 
-## 2026-06-02
+## 2026-06-06
+
+### release
+
+- Add options for MongoDB and Valkey configuration in build process ([7dba2a68a](https://github.com/underpostnet/engine/commit/7dba2a68a01dd0dacdf0e1f430170e80f6ce97d8))
+
+### repository
+
+- Enhance deployment process: Include deploy ID in logging and update build commands ([aedd99415](https://github.com/underpostnet/engine/commit/aedd994157a5688b13c9f063b9e1446807282213))
+- Add --has-changes option to check for staged or unstaged git changes and update template repo logic ([f479994a4](https://github.com/underpostnet/engine/commit/f479994a40ad3815839cd85f8664390074799c55))
+- Ensure repository directory is created before initialization ([5cb66853f](https://github.com/underpostnet/engine/commit/5cb66853f2623e18edaf8f63de95757cc48d389a))
+
+### docs
+
+- Refactor CLI documentation generation: Update command argument and option sections for improved clarity ([fd20febb1](https://github.com/underpostnet/engine/commit/fd20febb125f547b287edd784504185273080a51))
+
+### deploy
+
+- Add support for self-signed TLS certificates and related options in deployment scripts ([d03ddf7b7](https://github.com/underpostnet/engine/commit/d03ddf7b758afb9c55fe7c610011fe9e4828d033))
+- Add localProxy option to enable TCP port forwarding and path-based routing ([6b6c03a4c](https://github.com/underpostnet/engine/commit/6b6c03a4c0a990a9b03c234025b3d68deb48f41a))
+- Add exposeLocalPort option for custom local port configuration in deployment ([60fe88b95](https://github.com/underpostnet/engine/commit/60fe88b95e69c744fb53d900edaf6b918f0824bb))
+- Refactor deployment scripts: Update commands in engine-test workflow and add link-local CLI script ([8506dbca4](https://github.com/underpostnet/engine/commit/8506dbca4280e782cb550206f8bf550f9f6f81af))
+
+### cli-run
+
+- Add build-cluster-deployment-manifests method and update test-monitor script: Implement deployment manifest building for production and development environments. ([be2c5a71e](https://github.com/underpostnet/engine/commit/be2c5a71e553a65e57fd9f21a5ccb5acaf7b7d58))
+- Add etc-hosts method: Modify /etc/hosts file for local service access ([c4e7ba286](https://github.com/underpostnet/engine/commit/c4e7ba286651f002c1f6be09225c092b0596e4b8))
+
+### monitor
+
+- Refactor monitoring and deployment port resolution: Introduce deployStatusPort for consistent internal status port handling and implement findFreePort for ephemeral TCP port allocation. ([735c2c41e](https://github.com/underpostnet/engine/commit/735c2c41e2cfc7c47dd7ce3f0832b80f9c41188f))
+- Add test-monitor script: Implement deployment and monitoring commands for development environment ([a74316ae1](https://github.com/underpostnet/engine/commit/a74316ae140c7917c2923f9f6f63d0ea74859116))
+- Implement reliable two-phase deployment monitoring with internal HTTP status endpoint ([a2b49dcd6](https://github.com/underpostnet/engine/commit/a2b49dcd62ee5056c6d4e5caba0faf867e531269))
+- Improve pod status handling: Exclude 'empty' status from container status checks ([6d18e2872](https://github.com/underpostnet/engine/commit/6d18e28720004eca5dcff8ad61373ac74b46851a))
+- Improve pod status handling: Exclude 'empty' status from advanced pod tracking ([a90400342](https://github.com/underpostnet/engine/commit/a904003428a2a920f56ea409391812a6d3dab794))
+
+### build-template
+
+- Add option to update private template repository ([77cbe276a](https://github.com/underpostnet/engine/commit/77cbe276af8f5a3a85c95ab8ad2044b57ee52326))
+
+### runtime-cyberia
+
+- Refactor Dockerfiles: Standardize comments and clean up unnecessary lines ([6ae4d0bef](https://github.com/underpostnet/engine/commit/6ae4d0bef71eb31fc56eb66be5e52ba3334b5f13))
+
+### engine-cyberia
+
+- Enhance dialogue and quest systems: Add new dialogue entries for Lain, update action types, and revise implementation status in documentation ([67702fa9c](https://github.com/underpostnet/engine/commit/67702fa9c4219fed4742d078f88a52167dd08249))
+
+### cyberia-cli
+
+- Add Mongo host override option to import command for Object Layer items ([b181892b4](https://github.com/underpostnet/engine/commit/b181892b48753f7a40ede0346934f6a8b9fd21dc))
+
+### env
+
+- Simplify environment variable check: Remove redundant logging for empty env path ([b192cdff4](https://github.com/underpostnet/engine/commit/b192cdff40c2053c651210fbf244be34b74b8376))
+
+## New release v:3.2.14 (2026-06-02)
 
 ### runtime-wp
 

package/CLI-HELP.md

@@ -1,6 +1,6 @@
 ## Underpost CLI
 
-> underpost ci/cd cli v3.2.14
+> underpost ci/cd cli v3.2.21
 
 **Usage:** `underpost [options] [command]`
 
@@ -46,7 +46,7 @@
 
 ## Command reference
 
-### `underpost new`
+### underpost new
 
 Initializes a new Underpost project, service, or configuration.
 
@@ -76,7 +76,9 @@ Initializes a new Underpost project, service, or configuration.
 | `--conf-workflow-id <workflow-id>` | Set custom configuration workflow ID for conf generation |
 | `-h, --help` | display help for command |
 
-### `underpost client`
+---
+
+### underpost client
 
 Builds client assets, single replicas, and/or syncs environment ports.
 
@@ -105,7 +107,9 @@ Builds client assets, single replicas, and/or syncs environment ports.
 | `--icons-build` | Build icons |
 | `-h, --help` | display help for command |
 
-### `underpost start`
+---
+
+### underpost start
 
 Initiates application servers, build pipelines, or other defined services based on the deployment ID.
 
@@ -130,7 +134,9 @@ Initiates application servers, build pipelines, or other defined services based
 | `--pull-bundle` | Downloads the pre-built client bundle from Cloudinary via pull-bundle before starting. Use together with --skip-full-build to skip the local build entirely. |
 | `-h, --help` | display help for command |
 
-### `underpost clone`
+---
+
+### underpost clone
 
 Clones a specified GitHub repository into the current directory.
 
@@ -150,7 +156,9 @@ Clones a specified GitHub repository into the current directory.
 | `--g8` | Uses the g8 repository extension for cloning. |
 | `-h, --help` | display help for command |
 
-### `underpost pull`
+---
+
+### underpost pull
 
 Pulls the latest changes from a specified GitHub repository.
 
@@ -170,7 +178,9 @@ Pulls the latest changes from a specified GitHub repository.
 | `--g8` | Uses the g8 repository extension for pulling. |
 | `-h, --help` | display help for command |
 
-### `underpost cmt`
+---
+
+### underpost cmt
 
 Manages commits to a GitHub repository, supporting various commit types and options.
 
@@ -209,9 +219,12 @@ Manages commits to a GitHub repository, supporting various commit types and opti
 | `-p [branch]` | Shows the reflog for the specified branch. |
 | `--bc <commit-hash>` | Shows branches that contain the specified commit. |
 | `--is-remote-repo <url-repo>` | Checks whether a remote Git repository URL is reachable. Prints true or false. |
+| `--has-changes` | Prints "1" if there are staged or unstaged git changes in the repository, empty string otherwise. |
 | `-h, --help` | display help for command |
 
-### `underpost push`
+---
+
+### underpost push
 
 Pushes committed changes from a local repository to a remote GitHub repository.
 
@@ -232,7 +245,9 @@ Pushes committed changes from a local repository to a remote GitHub repository.
 | `--g8` | Uses the g8 repository extension for pushing. |
 | `-h, --help` | display help for command |
 
-### `underpost env`
+---
+
+### underpost env
 
 Sets environment variables and configurations related to a specific deployment ID.
 
@@ -252,7 +267,9 @@ Sets environment variables and configurations related to a specific deployment I
 | --- | --- |
 | `-h, --help` | display help for command |
 
-### `underpost static`
+---
+
+### underpost static
 
 Manages static build of page, bundles, and documentation with comprehensive customization options.
 
@@ -293,7 +310,9 @@ Manages static build of page, bundles, and documentation with comprehensive cust
 | `--run-sv [port]` | Start a standalone Express static server to preview the static build (default port: 5000). |
 | `-h, --help` | display help for command |
 
-### `underpost config`
+---
+
+### underpost config
 
 Manages Underpost configurations using various operators.
 
@@ -318,7 +337,9 @@ Manages Underpost configurations using various operators.
 | `--copy` | Copies the configuration value to the clipboard (only for get operation). |
 | `-h, --help` | display help for command |
 
-### `underpost root`
+---
+
+### underpost root
 
 Displays the root path of the npm installation.
 
@@ -330,7 +351,9 @@ Displays the root path of the npm installation.
 | --- | --- |
 | `-h, --help` | display help for command |
 
-### `underpost ip`
+---
+
+### underpost ip
 
 Displays the current public machine IP addresses.
 
@@ -361,7 +384,9 @@ Displays the current public machine IP addresses.
 | `--mac` | Prints the MAC address of the main network interface. |
 | `-h, --help` | display help for command |
 
-### `underpost cluster`
+---
+
+### underpost cluster
 
 Manages Kubernetes clusters, defaulting to Kind cluster initialization.
 
@@ -413,7 +438,9 @@ Manages Kubernetes clusters, defaulting to Kind cluster initialization.
 | `--replicas <replicas>` | Sets a custom number of replicas for statefulset deployments. |
 | `-h, --help` | display help for command |
 
-### `underpost deploy`
+---
+
+### underpost deploy
 
 Manages application deployments, defaulting to deploying development pods.
 
@@ -436,6 +463,7 @@ Manages application deployments, defaulting to deploying development pods.
 | `--expose` | Exposes services matching the provided deployment ID list. |
 | `--cert` | Resets TLS/SSL certificate secrets for deployments. |
 | `--cert-hosts <hosts>` | Resets TLS/SSL certificate secrets for specified hosts. |
+| `--self-signed` | Use a pre-created self-signed TLS secret (kubernetes.io/tls) instead of cert-manager. The secret must already exist in the namespace with the same name as the host. Enables TLS in the Contour HTTPProxy virtualhost without requiring a production ClusterIssuer. |
 | `--node <node>` | Sets optional node for deployment operations. |
 | `--build-manifest` | Builds Kubernetes YAML manifests, including deployments, services, proxies, and secrets. |
 | `--replicas <replicas>` | Sets a custom number of replicas for deployments. |
@@ -447,6 +475,8 @@ Manages application deployments, defaulting to deploying development pods.
 | `--retry-count <count>` | Sets HTTPProxy per-route retry count (e.g., 3). |
 | `--retry-per-try-timeout <duration>` | Sets HTTPProxy retry per-try timeout (e.g., "150ms"). |
 | `--disable-update-deployment` | Disables updates to deployments. |
+| `--disable-runtime-probes` | Omits the internal-status HTTP probes from generated deployment manifests. |
+| `--tcp-probes` | Generates legacy TCP socket probes instead of HTTP internal-status probes (migration). |
 | `--disable-update-proxy` | Disables updates to proxies. |
 | `--disable-deployment-proxy` | Disables proxies of deployments. |
 | `--disable-update-volume` | Disables updates to volume mounts during deployment. |
@@ -460,13 +490,18 @@ Manages application deployments, defaulting to deploying development pods.
 | `--kind-type <kind-type>` | Specifies the Kind cluster type for deployment operations. |
 | `--port <port>` | Sets up port forwarding from local to remote ports. |
 | `--expose-port <port>` | Sets the local:remote port to expose when --expose is active (overrides auto-detected service port). |
+| `--expose-local-port <port>` | Sets a different local port for --expose (e.g. 80) while keeping the remote service port. Useful for /etc/hosts local access without specifying a port in the browser. |
+| `--local-proxy` | Forward all service TCP ports locally and start the Node.js path-routing proxy. Enables full path-based routing (e.g. /wp alongside /) without needing --expose-local-port. Requires --expose. |
 | `--cmd <cmd>` | Custom initialization command for deployment (comma-separated commands). |
 | `--skip-full-build` | Skip client bundle rebuild; container will pull pre-built bundle via pull-bundle instead. |
 | `--pull-bundle` | Explicitly pull the pre-built client bundle from Cloudinary inside the container. Use together with --skip-full-build. |
 | `--image-pull-policy <policy>` | Override container imagePullPolicy in the generated deployment manifest (Always, IfNotPresent, Never). Defaults to Never for localhost/ images and IfNotPresent otherwise. |
+| `--tls` | Enables TLS for the local proxy started by --expose --local-proxy. The proxy will serve HTTPS on port 443 using self-signed certificates resolved from the local SSL store. Use together with --expose and --local-proxy. |
 | `-h, --help` | display help for command |
 
-### `underpost secret`
+---
+
+### underpost secret
 
 Manages secrets for various platforms.
 
@@ -489,7 +524,9 @@ Manages secrets for various platforms.
 | `--list` | Lists all available secrets for the platform. |
 | `-h, --help` | display help for command |
 
-### `underpost image`
+---
+
+### underpost image
 
 Manages Docker images, including building, saving, and loading into Kubernetes clusters.
 
@@ -519,7 +556,9 @@ Manages Docker images, including building, saving, and loading into Kubernetes c
 | `--pull-dockerhub <dockerhub-image>` | Sets a custom Docker Hub image for base image pulls. |
 | `-h, --help` | display help for command |
 
-### `underpost install`
+---
+
+### underpost install
 
 Quickly imports Underpost npm dependencies by copying them.
 
@@ -531,7 +570,9 @@ Quickly imports Underpost npm dependencies by copying them.
 | --- | --- |
 | `-h, --help` | display help for command |
 
-### `underpost db`
+---
+
+### underpost db
 
 Manages database operations with support for MariaDB and MongoDB, including import/export, multi-pod targeting, and Git integration.
 
@@ -573,7 +614,9 @@ Manages database operations with support for MariaDB and MongoDB, including impo
 | `--repo-backup` | Backs up repositories (git commit+push) inside deployment pods via kubectl exec. |
 | `-h, --help` | display help for command |
 
-### `underpost metadata`
+---
+
+### underpost metadata
 
 Manages cluster metadata operations, including import and export.
 
@@ -600,7 +643,9 @@ Manages cluster metadata operations, including import and export.
 | `--dev` | Sets the development cli context |
 | `-h, --help` | display help for command |
 
-### `underpost cron`
+---
+
+### underpost cron
 
 Manages cron jobs: execute jobs directly or generate and apply K8s CronJob manifests.
 
@@ -632,7 +677,9 @@ Manages cron jobs: execute jobs directly or generate and apply K8s CronJob manif
 | `--create-job-now` | After applying manifests, immediately create a Job from each CronJob (requires --apply). |
 | `-h, --help` | display help for command |
 
-### `underpost fs`
+---
+
+### underpost fs
 
 Manages file storage, defaulting to file upload operations.
 
@@ -658,7 +705,9 @@ Manages file storage, defaulting to file upload operations.
 | `--storage-file-path <storage-file-path>` | Specifies a custom file storage path. |
 | `-h, --help` | display help for command |
 
-### `underpost test`
+---
+
+### underpost test
 
 Manages and runs tests, defaulting to the current Underpost default test suite.
 
@@ -682,7 +731,9 @@ Manages and runs tests, defaulting to the current Underpost default test suite.
 | `--kind-type <kind-type>` | Optional: Specifies the Kind cluster type for tests. |
 | `-h, --help` | display help for command |
 
-### `underpost monitor`
+---
+
+### underpost monitor
 
 Manages health server monitoring for specified deployments.
 
@@ -716,7 +767,9 @@ Manages health server monitoring for specified deployments.
 | `--promote` | Promotes the deployment after monitoring. |
 | `-h, --help` | display help for command |
 
-### `underpost ssh`
+---
+
+### underpost ssh
 
 Manages SSH credentials and sessions for remote access to cluster nodes or services.
 
@@ -749,7 +802,9 @@ Manages SSH credentials and sessions for remote access to cluster nodes or servi
 | `--copy` | Copies the connection URI to clipboard. |
 | `-h, --help` | display help for command |
 
-### `underpost run`
+---
+
+### underpost run
 
 Runs specified scripts using various runners.
 
@@ -759,7 +814,7 @@ Runs specified scripts using various runners.
 
 | Argument | Description |
 | --- | --- |
-| `runner-id` | The runner ID to run. Options: dev-cluster,ipfs-expose,metadata,svc-ls,svc-rm,ssh-deploy-info,dev-hosts-expose,dev-hosts-restore,cluster-build,template-deploy,template-deploy-local,docker-image,clean,pull,release-deploy,ssh-deploy,ide,crypto-policy,sync,stop,ssh-deploy-stop,ssh-deploy-db-rollback,ssh-deploy-db,ssh-deploy-db-status,tz,get-proxy,instance-promote,instance,instance-build-manifest,ls-deployments,host-update,install-crio,dd-container,ip-info,db-client,git-conf,promote,metrics,cluster,deploy,disk-clean,disk-devices,disk-usage,dev,service,etc-hosts,sh,log,ps,pid-info,background,ports,deploy-test,tf-vae-test,spark-template,pull-rocky-image,rmi,kill,generate-pass,secret,underpost-config,gpu-env,tf-gpu-test,deploy-job,push-bundle,pull-bundle,monitor-ui,shared-dir. |
+| `runner-id` | The runner ID to run. Options: dev-cluster,etc-hosts,ipfs-expose,metadata,svc-ls,svc-rm,ssh-deploy-info,dev-hosts-expose,dev-hosts-restore,cluster-build,template-deploy,template-deploy-local,docker-image,clean,pull,release-deploy,ssh-deploy,ide,crypto-policy,sync,stop,ssh-deploy-stop,ssh-deploy-db-rollback,ssh-deploy-db,ssh-deploy-db-status,tz,get-proxy,instance-promote,instance,instance-build-manifest,ls-deployments,host-update,install-crio,dd-container,ip-info,db-client,git-conf,promote,metrics,cluster,deploy,disk-clean,disk-devices,disk-usage,dev,service,sh,log,ps,pid-info,background,ports,deploy-test,tf-vae-test,spark-template,pull-rocky-image,rmi,kill,generate-pass,secret,underpost-config,gpu-env,tf-gpu-test,deploy-job,push-bundle,pull-bundle,build-cluster-deployment-manifests,monitor-ui,shared-dir. |
 | `path` | The input value, identifier, or path for the operation. |
 
 #### Options
@@ -835,7 +890,9 @@ Runs specified scripts using various runners.
 | `--remove` | Remove/teardown resources |
 | `-h, --help` | display help for command |
 
-### `underpost lxd`
+---
+
+### underpost lxd
 
 Manages LXD virtual machines as K3s nodes (control plane or workers).
 
@@ -880,7 +937,9 @@ Manages LXD virtual machines as K3s nodes (control plane or workers).
 | `--move-to-project` | Stop the [vm-id] VM in the default project, move it to --maas-project, then start it so MAAS picks it up. Requires --maas-project. |
 | `-h, --help` | display help for command |
 
-### `underpost baremetal`
+---
+
+### underpost baremetal
 
 Manages baremetal server operations, including installation, database setup, commissioning, and user management.
 
@@ -938,7 +997,9 @@ Manages baremetal server operations, including installation, database setup, com
 | `--ls` | Lists available boot resources and machines. |
 | `-h, --help` | display help for command |
 
-### `underpost release`
+---
+
+### underpost release
 
 Release orchestrator for building new versions and deploying releases of the Underpost CLI.
 
@@ -960,4 +1021,10 @@ Release orchestrator for building new versions and deploying releases of the Und
 | `--message <message>` | Commit message for --ci-push or --pwa-build (defaults to last commit of the engine repository). |
 | `--pwa-build` | Runs the pwa-microservices-template update flow: always re-clones, syncs engine sources, installs, builds, and pushes. |
 | `--dry-run` | For --build: previews version-bump changes (per-file substitution counts) without writing files or running downstream commands. |
+| `--mongo-host <host>` | For --build: override DB_HOST in the template .env.example for the smoke test (e.g., "192.168.1.82:27017"). |
+| `--mongo-user <user>` | For --build: override DB_USER in the template .env.example for the smoke test. |
+| `--mongo-password <password>` | For --build: override DB_PASSWORD in the template .env.example for the smoke test. |
+| `--valkey-host <host>` | For --build: override VALKEY_HOST in the template .env.example for the smoke test (e.g., "192.168.1.82"). |
 | `-h, --help` | display help for command |
+
+---

package/README.md

@@ -16,7 +16,7 @@
 
 <div align="center">
 
-[![Node.js CI](https://github.com/underpostnet/engine/actions/workflows/docker-image.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/docker-image.ci.yml) [![Test](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml) [![Downloads](https://img.shields.io/npm/dm/underpost.svg)](https://www.npmjs.com/package/underpost) [![](https://data.jsdelivr.com/v1/package/npm/underpost/badge)](https://www.jsdelivr.com/package/npm/underpost) [![Socket Badge](https://socket.dev/api/badge/npm/package/underpost/3.2.14)](https://socket.dev/npm/package/underpost/overview/3.2.14) [![Coverage Status](https://coveralls.io/repos/github/underpostnet/engine/badge.svg?branch=master)](https://coveralls.io/github/underpostnet/engine?branch=master) [![Version](https://img.shields.io/npm/v/underpost.svg)](https://www.npmjs.org/package/underpost) [![License](https://img.shields.io/npm/l/underpost.svg)](https://www.npmjs.com/package/underpost)
+[![Node.js CI](https://github.com/underpostnet/engine/actions/workflows/docker-image.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/docker-image.ci.yml) [![Test](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml) [![Downloads](https://img.shields.io/npm/dm/underpost.svg)](https://www.npmjs.com/package/underpost) [![](https://data.jsdelivr.com/v1/package/npm/underpost/badge)](https://www.jsdelivr.com/package/npm/underpost) [![Socket Badge](https://socket.dev/api/badge/npm/package/underpost/3.2.21)](https://socket.dev/npm/package/underpost/overview/3.2.21) [![Coverage Status](https://coveralls.io/repos/github/underpostnet/engine/badge.svg?branch=master)](https://coveralls.io/github/underpostnet/engine?branch=master) [![Version](https://img.shields.io/npm/v/underpost.svg)](https://www.npmjs.org/package/underpost) [![License](https://img.shields.io/npm/l/underpost.svg)](https://www.npmjs.com/package/underpost)
 
 </div>
 
@@ -88,7 +88,7 @@ npm run dev
 <!-- cli-index-start -->
 ## Underpost CLI
 
-> underpost ci/cd cli v3.2.14
+> underpost ci/cd cli v3.2.21
 
 **Usage:** `underpost [options] [command]`
 

package/bin/build.template.js

@@ -4,7 +4,7 @@ import { Command } from 'commander';
 import fs from 'fs-extra';
 import dotenv from 'dotenv';
 import { loggerFactory } from '../src/server/logger.js';
-import { buildTemplate } from '../src/server/conf.js';
+import { buildTemplate, updatePrivateTemplateRepo } from '../src/server/conf.js';
 
 if (fs.existsSync('./engine-private/conf/dd-cron/.env.production'))
   dotenv.config({ path: `./engine-private/conf/dd-cron/.env.production`, override: true });
@@ -19,8 +19,10 @@ program
   .description('Rebuild the standalone pwa-microservices-template from scratch out of the engine source tree.')
   .argument('[src-path]', 'Engine source root to sync from.', './')
   .argument('[to-path]', 'Template output path.', '../pwa-microservices-template')
-  .action(async (srcPath, toPath) => {
+  .option('--update-private', 'Update private template repository', false)
+  .action(async (srcPath, toPath, options) => {
     try {
+      if (options.updatePrivate) return await updatePrivateTemplateRepo();
       await buildTemplate({ srcPath: srcPath.replaceAll(`'`, ''), toPath: toPath.replaceAll(`'`, '') });
     } catch (error) {
       logger.error(error, error.stack);

package/manifests/cronjobs/dd-cron/dd-cron-backup.yaml

@@ -23,7 +23,7 @@ spec:
         spec:
           containers:
             - name: dd-cron-backup
-              image: underpost/underpost-engine:v3.2.14
+              image: underpost/underpost-engine:v3.2.21
               command:
                 - /bin/sh
                 - -c

package/manifests/cronjobs/dd-cron/dd-cron-dns.yaml

@@ -23,7 +23,7 @@ spec:
         spec:
           containers:
             - name: dd-cron-dns
-              image: underpost/underpost-engine:v3.2.14
+              image: underpost/underpost-engine:v3.2.21
               command:
                 - /bin/sh
                 - -c

package/manifests/deployment/dd-default-development/deployment.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: dd-default-development-blue
-          image: underpost/underpost-engine:v3.2.14
+          image: underpost/underpost-engine:v3.2.21
           #          resources:
           #            requests:
           #              memory: "124Ki"
@@ -98,7 +98,7 @@ spec:
     spec:
       containers:
         - name: dd-default-development-green
-          image: underpost/underpost-engine:v3.2.14
+          image: underpost/underpost-engine:v3.2.21
           #          resources:
           #            requests:
           #              memory: "124Ki"

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "3.2.14",
+    "version": "3.2.21",
     "description": "Underpost Platform — end-to-end CI/CD and application-delivery toolchain CLI. Covers bare metal, Kubernetes, K3s, kubeadm, LXD, container/image orchestration, secrets, databases, cron jobs, monitoring, SSH, runners, PWA + Workbox delivery, and release orchestration. Extensible via downstream CLIs.",
     "scripts": {
         "start": "node --max-old-space-size=8192 src/server",

package/scripts/link-local-underpost-cli.sh

@@ -0,0 +1,6 @@
+
+#!/usr/bin/env bash
+set -euo pipefail
+
+cd /home/dd && underpost clone underpostnet/pwa-microservices-template
+cd /home/dd/pwa-microservices-template && npm install && npm link

package/scripts/test-monitor.sh

@@ -0,0 +1,86 @@
+
+#!/usr/bin/env bash
+set -euo pipefail
+
+ENV=development
+DEPLOY_ID=dd-test
+IMAGE=underpost/wp:v3.2.14
+USE_CERT=false           # Set to true to use --cert, false to use --disable-update-proxy
+USE_PULL_BUNDLE=false     # Set to true to include --pull-bundle in start command, false to omit it
+USE_TLS=false            # Set to true to generate self-signed certs and expose via HTTPS
+VERSIONS=green
+
+# Parse --tls flag from script arguments
+for arg in "$@"; do
+    case $arg in
+        --tls) USE_TLS=true ;;
+    esac
+done
+
+# Optional to concat in link cmd:
+# underpost secret underpost --create-from-env
+
+LINK_CMD="cd /home/dd,underpost clone underpostnet/pwa-microservices-template-private,cd /home/dd/pwa-microservices-template-private,npm install,npm link"
+PROXY_FLAG=""
+CLUSTER_FLAG=""
+EXPOSE_FLAGS=""
+
+node bin run build-cluster-deployment-manifests
+node bin/build.template --update-private
+
+if [ "$USE_PULL_BUNDLE" = true ]; then
+    DEPLOY_CMD="$LINK_CMD,underpost start --build --run --pull-bundle $DEPLOY_ID $ENV"
+else
+    DEPLOY_CMD="$LINK_CMD,underpost start --build --run $DEPLOY_ID $ENV"
+fi
+
+if [ "$USE_CERT" = true ]; then
+    PROXY_FLAG="--cert"
+fi
+
+if [ "$USE_TLS" = true ]; then
+    PROXY_FLAG="--self-signed"
+fi
+
+node bin deploy $DEPLOY_ID $ENV $CLUSTER_FLAG --sync --build-manifest --image $IMAGE --timeout-response 300000ms --versions $VERSIONS --replicas 1 --cmd "$DEPLOY_CMD"
+node bin deploy $DEPLOY_ID $ENV $CLUSTER_FLAG --disable-update-proxy $PROXY_FLAG
+node bin monitor $DEPLOY_ID $ENV --ready-deployment --promote --timeout-response 300000ms --versions $VERSIONS --replicas 1
+
+node bin run etc-hosts --deploy-id $DEPLOY_ID
+
+# Generate self-signed TLS certs and create k8s TLS secrets for all hosts
+if [ "$USE_TLS" = true ]; then
+    SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+    ENGINE_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)"
+    SSL_BASE="${ENGINE_DIR}/engine-private/ssl"
+    NAMESPACE=default
+    
+    # Extract hosts from conf.server.json
+    HOSTS=$(node -e "
+      const conf = require('./engine-private/conf/${DEPLOY_ID}/conf.server.json');
+      console.log(Object.keys(conf).join(' '));
+    ")
+    
+    for HOST in $HOSTS; do
+        CERT_DIR="${SSL_BASE}/${HOST}"
+        mkdir -p "$CERT_DIR"
+        
+        # Regenerate self-signed cert (idempotent — overwrites existing files)
+        bash "${SCRIPT_DIR}/ssl.sh" "$CERT_DIR" "$HOST"
+        
+        NAME_SAFE="${HOST//[^a-zA-Z0-9_.-]/_}"
+        CERT_FILE="${CERT_DIR}/${NAME_SAFE}.pem"
+        KEY_FILE="${CERT_DIR}/${NAME_SAFE}-key.pem"
+        
+        # Create / replace k8s TLS secret (name matches host, as referenced by HTTPProxy)
+        kubectl delete secret "$HOST" -n "$NAMESPACE" --ignore-not-found
+        kubectl create secret tls "$HOST" \
+        --cert="$CERT_FILE" \
+        --key="$KEY_FILE" \
+        -n "$NAMESPACE"
+    done
+    
+    EXPOSE_FLAGS="--tls"
+fi
+
+node bin deploy --expose --local-proxy $DEPLOY_ID $ENV $EXPOSE_FLAGS