- new `orama sandbox reset` deletes Hetzner resources (IPs, firewall, SSH key) and local config
- interactive location/server type selection during `setup`
- add Hetzner API methods for listing locations/types, deleting resources
- update defaults to nbg1/cx23
- integrate Zig-built vault-guardian into cross-compile process
- add `orama sandbox` for ephemeral Hetzner Cloud clusters
- update docs for `orama node` subcommands and new guides
Replaces plaintext password-based SSH authentication (sshpass) across
the entire Go CLI with wallet-derived ed25519 keys via RootWallet.
- Add `rw vault ssh agent-load` command to RootWallet CLI for SSH
agent forwarding in push fanout
- Create wallet.go bridge: PrepareNodeKeys resolves keys from `rw
vault ssh get --priv`, writes temp PEMs (0600), zero-overwrites
on cleanup
- Remove Password field from Node struct, update config parser to
new 3-field format (env|user@host|role)
- Remove all sshpass branches from inspector/ssh.go and
remotessh/ssh.go, require SSHKey on all SSH paths
- Add WithAgentForward() option to RunSSHStreaming for hub fanout
- Add PrepareNodeKeys + defer cleanup to all 7 entry points:
inspect, monitor, push, upgrade, clean, recover, install
- Update push fanout to use SSH agent forwarding instead of sshpass
on hub
- Delete install/ssh.go duplicate, replace with remotessh calls
- Create nodes.conf from remote-nodes.conf (topology only, no
secrets)
- Update all config defaults and help text from remote-nodes.conf
to nodes.conf
- Use StrictHostKeyChecking=accept-new consistently everywhere
- Deleted redeploy.sh, which handled redeployment to nodes in devnet/testnet environments.
- Removed upgrade-nodes.sh, responsible for rolling upgrades of nodes.
- Eliminated upload-source-fanout.sh, which uploaded source archives to nodes in parallel.
- Removed upload-source.sh, used for uploading and extracting source archives to VPS nodes.
- Introduced `secrets` command for managing function secrets, including set, list, and delete operations.
- Added `triggers` command for managing PubSub triggers associated with functions, allowing addition, listing, and deletion of triggers.
- Implemented API handlers for secrets management, including setting, listing, and deleting secrets.
- Updated serverless handlers to support new secrets and triggers functionalities.
- Enhanced tests for the new features, ensuring proper functionality and error handling.
- Add signaling package with message types and structures for SFU communication.
- Implement client and server message serialization/deserialization tests.
- Enhance systemd manager to handle SFU and TURN services, including start/stop logic.
- Create TURN server configuration and main server logic with HMAC-SHA1 authentication.
- Add tests for TURN server credential generation and validation.
- Define systemd service files for SFU and TURN services.
- Added documentation for wallet-based SSH authentication in WALLET_SSH_AUTH.md.
- Introduced SSH key derivation and management in rootwallet core and CLI.
- Created commands for generating, loading, and unloading SSH keys in the CLI.
- Updated Orama network to support SSH key authentication.
- Added migration steps for nodes to transition from password-based to key-based authentication.
feat: add serverless function management commands
- Implemented function command structure in CLI for managing serverless functions.
- Added commands for initializing, building, deploying, invoking, deleting, and listing functions.
- Created helper functions for handling function configuration and API requests.
- Integrated TinyGo for building functions to WASM.
- Added logging and version management for deployed functions.
