chore: remove feature plan files after merge

2026-04-02 15:12:59 +03:00
parent c2289dc344
commit 1c37bb2ccf
8 changed files with 0 additions and 452 deletions
@@ -1,33 +0,0 @@
-# Feature Context: Cloudflare DNS Management
-
-## Configuration
- **Development mode:** Automated
- **Execution mode:** Direct
- **Strategy:** Big Bang
- **Build (Go):** `go build ./cmd/server`
- **Build (Frontend):** `cd web && npm run build`
- **Check (Frontend):** `cd web && npm run check`
- **Test:** `go test ./...`
- **Dev server:** `./scripts/dev-server.sh` (port 8090)
-
-## Current State
-Starting fresh — no implementation yet.
-
-## Cross-Phase Dependencies
- Phase 2 depends on Phase 1 (settings fields for Cloudflare credentials)
- Phase 3 depends on Phase 2 (dns.Provider interface)
- Phase 4 depends on Phase 1 (API endpoints for settings)
- Phase 5 depends on Phase 2 + Phase 6 (client + sync logic)
- Phase 6 depends on Phase 2 (Cloudflare client) + Phase 3 (dns_records table)
-
-## Key Architecture Decisions
- DNS provider abstraction via `internal/dns.Provider` interface
- Cloudflare API v4 via direct HTTP (no SDK) — keeps dependencies minimal
- Local `dns_records` table tracks managed records for reconciliation
- DNS operations are best-effort (log warnings, don't block deploys)
- A records only, pointing to `ServerIP` from settings
-
-## Environment & Runtime Notes
- Encryption key from `ENCRYPTION_KEY` env var (AES-256-GCM)
- SQLite with WAL mode, auto-migration on startup
- Frontend is SvelteKit 2 + Svelte 5 + Tailwind CSS 4
@@ -1,50 +0,0 @@
-# Feature: Cloudflare DNS Management
-
-**Branch:** `feature/cloudflare-dns-management`
-**Base branch:** `main`
-**Created:** 2026-04-02
-**Status:** 🟡 In Progress
-**Strategy:** Big Bang
-**Mode:** Automated
-**Execution:** Direct
-
-## Summary
-
-Introduce flexible DNS management. By default, wildcard DNS is assumed (current behavior).
-When disabled, the user selects a DNS provider (Cloudflare initially) and provides API
-credentials. DNS A records are then automatically kept in sync with proxy consumers
-(deployed instances and standalone proxies). A dedicated DNS Records page provides
-visibility, filtering, and manual sync/reconciliation.
-
-## Build & Test Commands
- **Build (Go):** `go build ./cmd/server`
- **Build (Frontend):** `cd web && npm run build`
- **Check (Frontend):** `cd web && npm run check`
- **Test (Go):** `go test ./...`
- **Dev server:** `./scripts/dev-server.sh`
-
-## Phases
-
- [ ] Phase 1: Settings model & API [domain: backend] → [subplan](./phase-1-settings-model.md)
- [ ] Phase 2: Cloudflare DNS client [domain: backend] → [subplan](./phase-2-cloudflare-client.md)
- [ ] Phase 3: DNS lifecycle hooks [domain: backend] → [subplan](./phase-3-dns-hooks.md)
- [ ] Phase 4: Settings UI — DNS configuration [domain: frontend] → [subplan](./phase-4-settings-ui.md)
- [ ] Phase 5: DNS Records page [domain: fullstack] → [subplan](./phase-5-dns-records-page.md)
- [ ] Phase 6: DNS sync & reconciliation [domain: backend] → [subplan](./phase-6-dns-sync.md)
-
-## Phase Progress Log
-
-| Phase | Domain | Status | Review | Build | Committed |
-|-------|--------|--------|--------|-------|-----------|
-| Phase 1: Settings model & API | backend | ⬜ Not Started | ⬜ | ⬜ | ⬜ |
-| Phase 2: Cloudflare DNS client | backend | ⬜ Not Started | ⬜ | ⬜ | ⬜ |
-| Phase 3: DNS lifecycle hooks | backend | ⬜ Not Started | ⬜ | ⬜ | ⬜ |
-| Phase 4: Settings UI — DNS config | frontend | ⬜ Not Started | ⬜ | ⬜ | ⬜ |
-| Phase 5: DNS Records page | fullstack | ⬜ Not Started | ⬜ | ⬜ | ⬜ |
-| Phase 6: DNS sync & reconciliation | backend | ⬜ Not Started | ⬜ | ⬜ | ⬜ |
-
-## Final Review
- [ ] Comprehensive code review
- [ ] Full build passes
- [ ] Full test suite passes
- [ ] Merged to `main`
@@ -1,59 +0,0 @@
-# Phase 1: Settings Model & API
-
-**Status:** ⬜ Not Started
-**Parent plan:** [PLAN.md](./PLAN.md)
-**Domain:** backend
-
-## Objective
-Extend the Settings model and API to support DNS provider configuration.
-
-## Tasks
-
- [ ] Task 1: Add new fields to `Settings` struct in `internal/store/models.go`
-  - `WildcardDNS` (bool, default true)
-  - `DNSProvider` (string, default "")
-  - `CloudflareAPIToken` (string, encrypted)
-  - `CloudflareZoneID` (string)
- [ ] Task 2: Add migration columns in `internal/store/store.go`
-  - `wildcard_dns` INTEGER DEFAULT 1
-  - `dns_provider` TEXT DEFAULT ''
-  - `cloudflare_api_token` TEXT DEFAULT ''
-  - `cloudflare_zone_id` TEXT DEFAULT ''
- [ ] Task 3: Update `GetSettings()` and `UpdateSettings()` in `internal/store/settings.go`
-  - Read/write new fields
-  - Encrypt/decrypt `cloudflare_api_token`
- [ ] Task 4: Update `GET /api/settings` handler to include new fields (mask token)
- [ ] Task 5: Update `PUT /api/settings` handler to accept new fields
- [ ] Task 6: Add `POST /api/settings/dns/test` endpoint — validate Cloudflare token + zone
- [ ] Task 7: Add `GET /api/settings/dns/zones` endpoint — list Cloudflare zones for picker
- [ ] Task 8: Register new routes in `internal/api/router.go`
-
-## Files to Modify/Create
- `internal/store/models.go` — add fields to Settings struct
- `internal/store/store.go` — add migration columns
- `internal/store/settings.go` — update read/write queries
- `internal/api/settings.go` — update handlers, add new endpoints
- `internal/api/router.go` — register new routes
-
-## Acceptance Criteria
- New settings fields are persisted and retrievable
- Cloudflare API token is encrypted at rest
- GET /api/settings returns new fields (token masked)
- PUT /api/settings accepts and stores new fields
- DNS test and zones endpoints registered (can return placeholder until Phase 2)
-
-## Notes
- Token encryption uses existing `crypto.Encrypt/Decrypt`
- `has_cloudflare_api_token` bool in GET response (same pattern as npm_password)
- DNS test/zones endpoints will make real Cloudflare API calls — Phase 2 client needed
-  for full implementation, but can use inline HTTP calls for these two endpoints
-
-## Review Checklist
- [ ] All tasks completed
- [ ] Code follows project conventions
- [ ] No unintended side effects
- [ ] Build passes
- [ ] Tests pass (new + existing)
-
-## Handoff to Next Phase
-<!-- Filled in after completion -->
@@ -1,61 +0,0 @@
-# Phase 2: Cloudflare DNS Client
-
-**Status:** ⬜ Not Started
-**Parent plan:** [PLAN.md](./PLAN.md)
-**Domain:** backend
-
-## Objective
-Create an `internal/dns` package with a `Provider` interface and a Cloudflare implementation
-using the Cloudflare API v4 (direct HTTP, no SDK).
-
-## Tasks
-
- [ ] Task 1: Define `Provider` interface in `internal/dns/provider.go`
-  - `EnsureRecord(ctx, fqdn, ip) error` — create or update A record
-  - `DeleteRecord(ctx, fqdn) error` — delete A record if exists
-  - `ListRecords(ctx) ([]Record, error)` — list all A records in the zone
-  - `Record` struct: ID, FQDN, Type, Content (IP), Proxied, TTL
- [ ] Task 2: Create `internal/dns/cloudflare.go` — Cloudflare implementation
-  - HTTP client with `Authorization: Bearer <token>` header
-  - Base URL: `https://api.cloudflare.com/client/v4`
-  - `EnsureRecord`: GET records by name, create if missing, update if IP differs
-  - `DeleteRecord`: GET record by name, DELETE if found
-  - `ListRecords`: GET all A records in zone
-  - `ListZones`: GET zones for the token (for zone picker)
-  - `TestConnection`: verify token works (GET /user/tokens/verify)
- [ ] Task 3: Create `internal/dns/dns.go` — factory function
-  - `NewProvider(providerName, config) (Provider, error)`
-  - Config struct with token, zoneID
-  - Returns `nil, nil` when providerName is empty (wildcard mode)
- [ ] Task 4: Wire DNS test/zones endpoints in `internal/api/settings.go`
-  - `POST /api/settings/dns/test` — create temp Cloudflare client, call TestConnection
-  - `GET /api/settings/dns/zones` — create temp client, call ListZones
-
-## Files to Modify/Create
- `internal/dns/provider.go` — interface + Record type
- `internal/dns/cloudflare.go` — Cloudflare implementation
- `internal/dns/dns.go` — factory function
- `internal/api/settings.go` — wire test/zones endpoints to real client
-
-## Acceptance Criteria
- Provider interface defined with EnsureRecord, DeleteRecord, ListRecords
- Cloudflare client makes correct API calls with proper auth headers
- EnsureRecord is idempotent (create if missing, update if changed, no-op if same)
- DeleteRecord is idempotent (no error if record doesn't exist)
- ListZones returns zone ID + name pairs
- TestConnection returns success/failure
-
-## Notes
- Cloudflare API v4 docs: zones endpoint, dns_records endpoint
- Use `context.Context` for timeout control on all HTTP calls
- A records only (type "A"), TTL=1 (auto), proxied=false (DNS only, not CF proxy)
-
-## Review Checklist
- [ ] All tasks completed
- [ ] Code follows project conventions
- [ ] No unintended side effects
- [ ] Build passes
- [ ] Tests pass (new + existing)
-
-## Handoff to Next Phase
-<!-- Filled in after completion -->
@@ -1,67 +0,0 @@
-# Phase 3: DNS Lifecycle Hooks
-
-**Status:** ⬜ Not Started
-**Parent plan:** [PLAN.md](./PLAN.md)
-**Domain:** backend
-
-## Objective
-Hook DNS record management into the deployer and standalone proxy manager so that DNS
-records are automatically created/updated/deleted in sync with proxy consumers.
-
-## Tasks
-
- [ ] Task 1: Create `dns_records` table for tracking managed records
-  - Columns: id, fqdn, provider_record_id, consumer_type (instance/standalone), consumer_id, created_at, updated_at
-  - Store queries: CreateDNSRecord, DeleteDNSRecord, GetDNSRecordByFQDN, ListDNSRecords, GetDNSRecordsByConsumer
- [ ] Task 2: Add DNS provider to `Deployer` struct
-  - Accept `dns.Provider` in constructor (can be nil for wildcard mode)
-  - Helper: `ensureDNS(ctx, fqdn, deployID)` — calls provider.EnsureRecord + saves to dns_records
-  - Helper: `removeDNS(ctx, fqdn, deployID)` — calls provider.DeleteRecord + removes from dns_records
- [ ] Task 3: Hook into deployer — instance creation
-  - After `configureProxy` succeeds in `deployer.go` and `bluegreen.go` → call `ensureDNS`
-  - FQDN = `subdomain + "." + settings.Domain`
- [ ] Task 4: Hook into deployer — instance removal
-  - In `removeInstance` after NPM proxy deletion → call `removeDNS`
-  - In `rollback` after NPM proxy deletion → call `removeDNS`
- [ ] Task 5: Hook into standalone proxy manager
-  - `CreateProxy` → after NPM host created, call `ensureDNS`
-  - `UpdateProxy` → if domain changed, `removeDNS(old)` + `ensureDNS(new)`
-  - `DeleteProxy` → call `removeDNS`
- [ ] Task 6: Wire DNS provider into main.go
-  - Read settings on startup, create provider if non-wildcard
-  - Pass provider to Deployer and proxy Manager constructors
-  - Handle provider being nil (wildcard mode = no DNS ops)
- [ ] Task 7: Add `DNSRecord` model to `internal/store/models.go`
-
-## Files to Modify/Create
- `internal/store/models.go` — add DNSRecord struct
- `internal/store/store.go` — add dns_records table migration
- `internal/store/dns_records.go` — CRUD queries
- `internal/deployer/deployer.go` — add DNS hooks
- `internal/deployer/bluegreen.go` — add DNS hooks
- `internal/deployer/rollback.go` — add DNS cleanup
- `internal/proxy/manager.go` — add DNS hooks
- `cmd/server/main.go` — wire DNS provider
-
-## Acceptance Criteria
- DNS records created when proxy consumers are created (if non-wildcard mode)
- DNS records deleted when proxy consumers are removed
- DNS records updated when standalone proxy domain changes
- All DNS operations are best-effort (log warning on failure, don't block)
- dns_records table tracks all managed records
- Wildcard mode (default) skips all DNS operations
-
-## Notes
- DNS operations must be wrapped in error handling that logs but doesn't fail the deploy
- The dns_records table is the local source of truth for reconciliation (Phase 6)
- Provider can be nil — all hooks must check for nil before calling
-
-## Review Checklist
- [ ] All tasks completed
- [ ] Code follows project conventions
- [ ] No unintended side effects
- [ ] Build passes
- [ ] Tests pass (new + existing)
-
-## Handoff to Next Phase
-<!-- Filled in after completion -->
@@ -1,55 +0,0 @@
-# Phase 4: Settings UI — DNS Configuration
-
-**Status:** ⬜ Not Started
-**Parent plan:** [PLAN.md](./PLAN.md)
-**Domain:** frontend
-
-## Objective
-Add a "DNS Configuration" section to the Settings page with wildcard toggle, provider
-selection, Cloudflare credential fields, and connection test.
-
-## Tasks
-
- [ ] Task 1: Add new API functions in `web/src/lib/api.ts`
-  - `testDnsConnection(token, zoneId)` → POST /api/settings/dns/test
-  - `listDnsZones(token)` → GET /api/settings/dns/zones
- [ ] Task 2: Add i18n keys for DNS settings in locale files
- [ ] Task 3: Add DNS Configuration section to `web/src/routes/settings/+page.svelte`
-  - Toggle: "Wildcard DNS is configured" (checkbox/switch)
-  - When unchecked, show:
-    - DNS Provider dropdown (only "Cloudflare" option)
-    - API Token field (password type, show `has_cloudflare_api_token` indicator)
-    - Zone picker (loaded from API after token provided)
-    - "Test Connection" button with success/error feedback
-  - All DNS fields hidden when wildcard is checked
- [ ] Task 4: Wire save logic — include new fields in `handleSave`
- [ ] Task 5: Wire load logic — populate DNS fields from settings response
-
-## Files to Modify/Create
- `web/src/lib/api.ts` — add DNS API functions
- `web/src/routes/settings/+page.svelte` — add DNS config section
- `web/src/lib/i18n/en.ts` (or equivalent locale file) — add DNS translation keys
-
-## Acceptance Criteria
- Wildcard toggle visible and functional (default: checked)
- Unchecking reveals Cloudflare configuration form
- API token field uses password masking
- Zone picker loads zones from Cloudflare API
- Test Connection button shows success/failure
- Settings save includes DNS fields
- Settings load populates DNS fields
-
-## Notes
- Follow existing settings page patterns (FormField, EntityPicker for zones)
- Zone picker similar to SSL certificate picker pattern
- Token field similar to NPM password field (has_token indicator)
-
-## Review Checklist
- [ ] All tasks completed
- [ ] Code follows project conventions
- [ ] No unintended side effects
- [ ] Build passes
- [ ] Tests pass (new + existing)
-
-## Handoff to Next Phase
-<!-- Filled in after completion -->
@@ -1,65 +0,0 @@
-# Phase 5: DNS Records Page
-
-**Status:** ⬜ Not Started
-**Parent plan:** [PLAN.md](./PLAN.md)
-**Domain:** fullstack
-
-## Objective
-Create a dedicated DNS Records page that lists all managed DNS records with filtering,
-consumer mapping, and sync status visibility.
-
-## Tasks
-
- [ ] Task 1: Add backend endpoint `GET /api/dns/records`
-  - Returns merged view: local dns_records + Cloudflare actual records
-  - Each record: fqdn, type, value (IP), consumer_type, consumer_name, status (synced/orphaned/missing)
-  - Orphaned = exists in Cloudflare but no local consumer
-  - Missing = local consumer exists but no Cloudflare record
- [ ] Task 2: Add API handler in `internal/api/dns.go`
-  - New handler file for DNS-related endpoints
-  - Register routes in router.go
- [ ] Task 3: Add frontend API function `getDnsRecords()` in `api.ts`
- [ ] Task 4: Create DNS Records page at `web/src/routes/dns/+page.svelte`
-  - Table with columns: FQDN, Type, Value, Consumer, Status
-  - Consumer column shows: instance name (project/stage) or standalone proxy name
-  - Status badges: synced (green), orphaned (yellow), missing (red)
-  - Search filter (by FQDN substring)
-  - Filter by consumer type: all / managed / standalone
-  - Filter by status: all / synced / orphaned / missing
-  - Manual sync button (calls POST /api/dns/sync — Phase 6)
-  - Refresh button to re-fetch from Cloudflare
- [ ] Task 5: Add navigation link to DNS page
-  - Only visible when wildcard DNS is disabled
-  - Add to sidebar/nav under Settings or as top-level
- [ ] Task 6: Add i18n keys for DNS records page
-
-## Files to Modify/Create
- `internal/api/dns.go` — new handler file
- `internal/api/router.go` — register DNS routes
- `web/src/lib/api.ts` — add DNS records API function
- `web/src/routes/dns/+page.svelte` — new page
- `web/src/routes/dns/+page.ts` — optional load function
- Navigation component — add DNS link
- Locale files — add i18n keys
-
-## Acceptance Criteria
- DNS Records page accessible at /dns
- Table shows all records with correct status
- Filtering works: search text, consumer type, sync status
- Only accessible/visible when wildcard DNS is disabled
- Consumer names resolve correctly (project/stage for managed, proxy name for standalone)
-
-## Notes
- Status computation: compare local dns_records table with Cloudflare ListRecords response
- Cache Cloudflare response for a few seconds to avoid rate limiting on page load
- Navigation link visibility tied to settings (may need a store or settings check)
-
-## Review Checklist
- [ ] All tasks completed
- [ ] Code follows project conventions
- [ ] No unintended side effects
- [ ] Build passes
- [ ] Tests pass (new + existing)
-
-## Handoff to Next Phase
-<!-- Filled in after completion -->
@@ -1,62 +0,0 @@
-# Phase 6: DNS Sync & Reconciliation
-
-**Status:** ⬜ Not Started
-**Parent plan:** [PLAN.md](./PLAN.md)
-**Domain:** backend
-
-## Objective
-Implement reconciliation logic that compares expected DNS records (from active consumers)
-with actual Cloudflare records, and provides a sync endpoint to fix discrepancies.
-
-## Tasks
-
- [ ] Task 1: Add `POST /api/dns/sync` endpoint
-  - Computes expected records from: active instances with proxy + standalone proxies
-  - Fetches actual records from Cloudflare via ListRecords
-  - Creates missing records (consumer exists, no CF record)
-  - Deletes orphaned records (CF record exists, no consumer) — only for records in dns_records table
-  - Updates dns_records table to reflect current state
-  - Returns sync report: created N, deleted N, already_synced N
- [ ] Task 2: Add helper to compute expected records
-  - Query all instances where npm_proxy_id > 0 and status = "running" → extract FQDN
-  - Query all standalone proxies → extract domain
-  - Return list of expected FQDNs
- [ ] Task 3: Add `DELETE /api/dns/records/{fqdn}` endpoint
-  - Manual deletion of a specific DNS record (for orphan cleanup)
-  - Calls provider.DeleteRecord + removes from dns_records
- [ ] Task 4: Wire sync endpoint in `internal/api/dns.go` and router
- [ ] Task 5: Add frontend sync button handler in DNS Records page
-  - Call POST /api/dns/sync
-  - Show sync report (toast or inline)
-  - Refresh records list after sync
-
-## Files to Modify/Create
- `internal/api/dns.go` — add sync + delete endpoints
- `internal/api/router.go` — register new routes
- `internal/store/dns_records.go` — add helper queries (list consumers with FQDNs)
- `web/src/lib/api.ts` — add syncDnsRecords(), deleteDnsRecord() functions
- `web/src/routes/dns/+page.svelte` — wire sync button
-
-## Acceptance Criteria
- POST /api/dns/sync creates missing and removes orphaned records
- Sync report returned with counts
- Manual delete endpoint works for individual records
- Frontend sync button triggers reconciliation and refreshes view
- Only records tracked in dns_records table are candidates for orphan deletion
-  (don't delete unrelated Cloudflare records)
-
-## Notes
- Safety: only delete Cloudflare records that are tracked in our dns_records table
-  (never touch records we didn't create)
- Rate limiting: Cloudflare API has rate limits, batch operations where possible
- Expected records query needs to join instances + standalone_proxies with settings.domain
-
-## Review Checklist
- [ ] All tasks completed
- [ ] Code follows project conventions
- [ ] No unintended side effects
- [ ] Build passes
- [ ] Tests pass (new + existing)
-
-## Handoff to Next Phase
-<!-- Filled in after completion -->