chore: pre-migration snapshot

Layer0, MCP servers, Terraform consolidation

scripts/setup_credentials.sh

@@ -0,0 +1,190 @@
+#!/bin/bash
+
+# Cloudflare Credential Setup Script
+# Interactive script to configure Cloudflare API credentials
+
+set -e
+
+echo "🚀 Cloudflare Credential Setup Wizard"
+echo "=================================================="
+echo
+
+echo "This script will help you configure your Cloudflare API credentials."
+echo "You'll need:"
+echo "1. Cloudflare API Token (with appropriate permissions)"
+echo "2. Cloudflare Account ID"
+echo "3. Optional: Zone ID for specific domain management"
+echo
+
+# Check if we're in the right directory
+if [[ ! "$PWD" =~ "cloudflare" ]]; then
+    echo "⚠️  Warning: This script should be run from the cloudflare directory"
+    echo "   Current directory: $PWD"
+    read -p "Continue anyway? (y/n): " -n 1 -r
+    echo
+    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+        echo "Please navigate to the cloudflare directory and run this script again."
+        exit 1
+    fi
+fi
+
+# Function to validate API token format
+validate_api_token() {
+    local token="$1"
+    # Cloudflare API tokens are typically 40+ characters
+    [[ ${#token} -ge 40 ]]
+}
+
+# Function to validate Account ID format
+validate_account_id() {
+    local account_id="$1"
+    # Account IDs are 32-character hex strings
+    [[ "$account_id" =~ ^[a-f0-9]{32}$ ]]
+}
+
+# Function to validate Zone ID format
+validate_zone_id() {
+    local zone_id="$1"
+    # Zone IDs are 32-character hex strings
+    [[ "$zone_id" =~ ^[a-f0-9]{32}$ ]]
+}
+
+# Function to get validated input
+get_validated_input() {
+    local prompt="$1"
+    local validation_func="$2"
+    local secret="$3"
+    
+    while true; do
+        if [[ "$secret" == "true" ]]; then
+            read -s -p "$prompt" value
+            echo
+        else
+            read -p "$prompt" value
+        fi
+        
+        if [[ -n "$validation_func" ]]; then
+            if $validation_func "$value"; then
+                echo "$value"
+                return
+            else
+                echo "❌ Invalid format. Please try again."
+            fi
+        else
+            echo "$value"
+            return
+        fi
+    done
+}
+
+# Collect credentials
+echo "🔐 Cloudflare API Configuration"
+echo "------------------------------"
+echo
+
+# API Token
+echo "📋 Step 1: Cloudflare API Token"
+echo "Get your token from: https://dash.cloudflare.com/profile/api-tokens"
+echo "Required permissions: Zone:DNS:Edit, Zone:Page Rules:Edit, Account:Read"
+API_TOKEN=$(get_validated_input "API Token: " validate_api_token true)
+
+# Account ID
+echo
+echo "🏢 Step 2: Cloudflare Account ID"
+echo "Find your Account ID in the Cloudflare dashboard sidebar"
+echo "Format: 32-character hex string (e.g., 1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p)"
+ACCOUNT_ID=$(get_validated_input "Account ID: " validate_account_id false)
+
+# Zone ID (optional)
+echo
+echo "🌐 Step 3: Zone ID (Optional)"
+echo "If you want to manage a specific domain, provide its Zone ID"
+echo "Leave blank to skip"
+ZONE_ID=$(get_validated_input "Zone ID (optional): " "[[ -z \"\$1\" ]] || validate_zone_id \"\$1\"" false)
+
+# Create .env file
+echo
+echo "💾 Saving credentials..."
+
+# Read existing .env if it exists
+ENV_CONTENT=""
+if [[ -f ".env" ]]; then
+    # Preserve existing non-Cloudflare variables
+    while IFS= read -r line; do
+        if [[ ! "$line" =~ ^CLOUDFLARE_ ]] && [[ ! "$line" =~ ^#.*CLOUDFLARE ]]; then
+            ENV_CONTENT="$ENV_CONTENT$line\n"
+        fi
+    done < ".env"
+fi
+
+# Create new .env content
+cat > .env << EOF
+# OpenCode Environment Variables
+# Generated by setup_credentials.sh
+# IMPORTANT: Never commit this file to git
+
+# ============================================================================
+# CLOUDFLARE API CONFIGURATION
+# ============================================================================
+CLOUDFLARE_API_TOKEN="$API_TOKEN"
+CLOUDFLARE_ACCOUNT_ID="$ACCOUNT_ID"
+EOF
+
+# Add Zone ID if provided
+if [[ -n "$ZONE_ID" ]]; then
+    echo "CLOUDFLARE_ZONE_ID=\"$ZONE_ID\"" >> .env
+fi
+
+# Add preserved content
+if [[ -n "$ENV_CONTENT" ]]; then
+    echo >> .env
+    echo "$ENV_CONTENT" >> .env
+fi
+
+# Set secure permissions
+chmod 600 .env
+
+echo "✅ Credentials saved to: .env"
+echo "🔒 File permissions set to 600 (owner read/write only)"
+
+# Basic validation
+echo
+echo "🧪 Validating credentials..."
+if validate_api_token "$API_TOKEN" && validate_account_id "$ACCOUNT_ID"; then
+    echo "✅ Credential formats are valid"
+    echo "⚠️  Note: Full API connectivity test requires curl or python requests"
+else
+    echo "❌ Credential validation failed"
+    echo "   Please check your inputs and try again"
+fi
+
+# Final instructions
+echo
+echo "🎉 Setup Complete!"
+echo "=================================================="
+echo
+echo "Next steps:"
+echo "1. Source the environment file:"
+echo "   source .env"
+echo
+echo "2. Test Terraform configuration:"
+echo "   cd terraform && terraform init && terraform plan"
+echo
+echo "3. Deploy infrastructure:"
+echo "   terraform apply"
+echo
+echo "4. Start MCP servers:"
+echo "   Check MCP_GUIDE.md for server startup instructions"
+echo
+echo "📚 Documentation:"
+echo "- USAGE_GUIDE.md - Complete usage instructions"
+echo "- DEPLOYMENT_GUIDE.md - Deployment procedures"
+echo "- MCP_GUIDE.md - MCP server management"
+echo
+echo "🔐 Security Reminder:"
+echo "- Never commit .env to version control"
+echo "- Use .gitignore to exclude .env files"
+echo "- Consider using environment-specific .env files (.env.production, etc.)"
+
+# Make script executable
+chmod +x "$0"