Add -a <instance> flag to all Authentik wrapper scripts, matching the
existing multi-instance pattern used by Woodpecker and Cloudflare.
credentials.json now supports per-instance Authentik config:
authentik.<instance>.url — instance URL
authentik.<instance>.token — API token (admin wrappers)
authentik.<instance>.test_user — username/password (Playwright/agent tests)
authentik.default — default instance name
Legacy flat structure (authentik.url) still works as fallback.
Token cache is now per-instance (~/.cache/mosaic/authentik-token-<name>).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Woodpecker tokens from credentials.json now always override env vars,
preventing stale .bashrc or env leakage from silently winning
- After loading, credentials are synced to ~/.woodpecker/<instance>.env
so the wp CLI wrapper stays current automatically
- Sync only writes when values differ to avoid unnecessary disk I/O
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add named instance support matching the existing cloudflare pattern:
- credentials.sh: woodpecker-<name> loads .woodpecker.<name>.{url,token}
- credentials.sh: bare woodpecker resolves via .woodpecker.default or
WOODPECKER_INSTANCE env, with legacy flat-key fallback
- All 3 pipeline tools accept -a <instance> flag to select instance
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- zone-list, record-list, record-create, record-update, record-delete
- Named instance support (-a flag) with configurable default
- Zone name-to-ID auto-resolution in shared _lib.sh
- Updated credentials loader with cloudflare/cloudflare-<name> services
- TOOLS.md and INFRASTRUCTURE.md guide documentation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
