fix(dashmate): cleanup zerossl certs command

[shumkov]

Issue being fixed or feature implemented

Due to recent bugs (#2297 and #2296), the dashmate helper created thousands of draft certificates. Free accounts allow only 3 certificates and paid 10000+. Multiple users reported that these limits were reached. We need to provide a simple way to cleanup accounts from created certs.

What was done?

• Implemented the dashmate ssl cleanup command

How Has This Been Tested?

Running command with account contained 10123 drafts.

Breaking Changes

None

Checklist:

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have added or updated relevant unit/integration/functional/e2e tests
• I have added "!" to the title and described breaking changes in the corresponding section if my code contains any
• I have made corresponding changes to the documentation if needed

For repository code-owners and collaborators only

• I have assigned this pull request to a milestone

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced a CleanupCommand for managing Zero SSL certificate cleanup, allowing users to cancel drafted or pending validation certificates.
  • Added a factory function for creating cleanup tasks related to ZeroSSL certificates, improving task management and execution.

• Improvements

  • Enhanced the listCertificates function to support pagination, enabling users to retrieve results across multiple pages.
  • Updated the ObtainCommand to streamline task execution by changing the task to synchronous.
  • Modified the scheduleRenewZeroSslCertificate function to improve control flow by removing asynchronous handling.

• Bug Fixes

  • Updated import paths for consistency without affecting functionality.

These updates enhance SSL management capabilities and improve user experience when handling certificates.

[coderabbitai]

Walkthrough

A new command class CleanupCommand has been introduced to manage the cleanup of Zero SSL certificates by canceling drafted or pending validation certificates. This command includes a verbose output option and utilizes the Listr library for task execution. Additionally, the dependency injection container has been updated to include new factories related to SSL management. A new factory function for creating cleanup tasks has also been added, enhancing the task management capabilities. Minor adjustments were made to existing functions for improved functionality, including pagination support in the listCertificates function.

Changes

File Path	Change Summary
packages/dashmate/src/commands/ssl/cleanup.js	Added CleanupCommand class with runWithDependencies method, description, and flags properties.
packages/dashmate/src/createDIContainer.js	Added cancelCertificate and cleanupZeroSSLCertificatesTask methods to the DI container.
packages/dashmate/src/listr/tasks/ssl/zerossl/cleanupZeroSSLCertificatesTaskFactory.js	Introduced cleanupZeroSSLCertificatesTaskFactory function for creating cleanup tasks with Listr.
packages/dashmate/src/ssl/zerossl/cancelCertificate.js	Updated import path for requestApi module; no functional changes.
packages/dashmate/src/ssl/zerossl/listCertificates.js	Modified listCertificates function to include a new page parameter for pagination in API requests.
packages/dashmate/src/commands/ssl/obtain.js	Changed runWithDependencies method to remove async from task definition, altering task execution to synchronous.
packages/dashmate/src/helper/scheduleRenewZeroSslCertificateFactory.js	Removed await from obtainZeroSSLCertificateTask invocation, changing it from asynchronous to synchronous.
packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js	Changed return type of obtainZeroSSLCertificateTask from Promise<Listr> to Listr, simplifying control flow.

Possibly related PRs

• fix(dashmate): invalid drive status check #2248: The changes in this PR involve the cleanup of Zero SSL certificates, which is related to the management of SSL tasks, similar to the cleanup functionality introduced in the main PR.
• fix(dashmate): invalid platform version in the status command #2249: This PR modifies the status command to correctly display the platform version, which may involve interactions with SSL management tasks, as both are part of the broader SSL and platform management functionalities.

Suggested reviewers

• QuantumExplorer
• pshenmic

🐰 In the meadow, I hop and play,
New commands for SSL, hip-hip-hooray!
Cleanup tasks, oh what a treat,
With Listr's help, they can't be beat!
Certificates gone, a clean slate,
In the world of code, we celebrate! 🎉

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 5

🧹 Outside diff range and nitpick comments (2)

packages/dashmate/src/commands/ssl/cleanup.js (1)

6-10: Enhance command description with account limits and impact.

Consider adding more context to help users understand the importance and impact of this command.

 static description = `Cleanup Zero SSL certificate

-Cancel all drafted or pending validation certificates on ZeroSSL
+Cancel all drafted or pending validation certificates on ZeroSSL.
+
+This command helps prevent reaching ZeroSSL certificate limits:
+- Free accounts: 3 certificates
+- Paid accounts: 10,000 certificates
+
+Note: Only draft and pending validation certificates will be removed.
`;

packages/dashmate/src/listr/tasks/ssl/zerossl/cleanupZeroSSLCertificatesTaskFactory.js (1)

72-72: Enhance progress output for clarity

Make the progress output more descriptive to improve the user experience.

Apply this diff to update the progress message:

-            observer.next(chalk`{green ${ctx.canceled}} / {red ${ctx.errored}} / ${ctx.total}`);
+            observer.next(chalk`Canceled: {green ${ctx.canceled}}, Failed: {red ${ctx.errored}}, Total: ${ctx.total}`);

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 5d82eca and 1064027.

📒 Files selected for processing (5)

• packages/dashmate/src/commands/ssl/cleanup.js (1 hunks)
• packages/dashmate/src/createDIContainer.js (3 hunks)
• packages/dashmate/src/listr/tasks/ssl/zerossl/cleanupZeroSSLCertificatesTaskFactory.js (1 hunks)
• packages/dashmate/src/ssl/zerossl/cancelCertificate.js (1 hunks)
• packages/dashmate/src/ssl/zerossl/listCertificates.js (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• packages/dashmate/src/ssl/zerossl/cancelCertificate.js

🔇 Additional comments (13)

packages/dashmate/src/ssl/zerossl/listCertificates.js (2)

11-11: LGTM! Documentation is clear and consistent.

The JSDoc update properly documents the new page parameter while maintaining the existing documentation style.

---

16-17: Consider enhancing the pagination implementation.

The pagination implementation looks good and maintains backward compatibility. However, consider these improvements:

1. Make the page size limit configurable instead of hard-coding 1000
2. Add input validation for the page parameter
3. Add error handling for cases where the response doesn't contain results

Here's a suggested implementation:

- export default async function listCertificates(apiKey, statuses = [], page = 1, search = undefined) {
-   let url = `https://api.zerossl.com/certificates?access_key=${apiKey}&limit=1000&page=${page}`;
+ const DEFAULT_PAGE_SIZE = 1000;
+ 
+ export default async function listCertificates(apiKey, statuses = [], page = 1, search = undefined, pageSize = DEFAULT_PAGE_SIZE) {
+   if (!Number.isInteger(page) || page < 1) {
+     throw new Error('Page must be a positive integer');
+   }
+   
+   let url = `https://api.zerossl.com/certificates?access_key=${apiKey}&limit=${pageSize}&page=${page}`;

Let's verify the response structure handling across the codebase:

packages/dashmate/src/commands/ssl/cleanup.js (3)

1-4: LGTM! Clean and necessary imports.

The imports are well-organized and include all required dependencies for command implementation, task execution, and error handling.

---

12-15: LGTM! Well-structured command flags.

The verbose flag is properly implemented with clear description and appropriate default value.

---

52-56: Verify successful cleanup of certificates.

The error handling is good, but we should verify that the cleanup was successful.

packages/dashmate/src/createDIContainer.js (4)

26-28: LGTM! Clean import additions.

The new imports follow the existing code organization pattern and maintain consistency with the project structure.

---

212-212: LGTM! Proper SSL function registration.

The cancelCertificate is correctly registered as a value in the SSL section, consistent with other similar SSL-related function registrations.

---

306-306: LGTM! Task registration follows patterns.

The cleanupZeroSSLCertificatesTask is properly registered as a singleton function, maintaining consistency with other task registrations in the container.

---

Line range hint 26-306: Verify integration with cleanup command.

The container changes look good and support the new cleanup functionality. Let's verify that the cleanup command properly utilizes these registered dependencies.

✅ Verification successful

Let me gather more information about the cleanup command implementation to verify the proper integration.

---

Dependencies are properly integrated and utilized

The verification confirms that:

• The cleanup command correctly imports and uses the registered dependencies
• The implementation follows the established patterns:
  • Uses dependency injection through the container
  • Properly utilizes cleanupZeroSSLCertificatesTask and cancelCertificate
  • Implements proper error handling and progress reporting
• The task factory correctly consumes the injected dependencies and implements the cleanup logic

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify that the cleanup command properly imports and uses these dependencies

# Test 1: Check if cleanup command imports these dependencies
rg -l "cleanupZeroSSLCertificatesTask|cancelCertificate" "packages/dashmate/src/commands/"

# Test 2: Check the cleanup command implementation
rg -A 10 "class.*Cleanup.*Command" "packages/dashmate/src/commands/"

Length of output: 1058

---

Script:

#!/bin/bash
# Check the complete implementation of cleanup command
cat packages/dashmate/src/commands/ssl/cleanup.js

# Check the implementation of cleanupZeroSSLCertificatesTaskFactory
cat packages/dashmate/src/listr/tasks/ssl/zerossl/cleanupZeroSSLCertificatesTaskFactory.js

Length of output: 4570

packages/dashmate/src/listr/tasks/ssl/zerossl/cleanupZeroSSLCertificatesTaskFactory.js (4)

74-74: Review the necessity of the fixed delay in the loop

The 100ms delay between cancellations may slow down the process unnecessarily. Confirm if this delay is needed and remove it if not.

---

36-44: Confirm the pagination limit and make it configurable

Hardcoding the pagination limit to 1000 may lead to issues if the ZeroSSL API changes its limits. Consider making the limit a constant or fetching it dynamically.

---

43-43: ⚠️ Potential issue

Fix string interpolation in task output

To properly interpolate ctx.certificates.length, use backticks instead of single quotes.

Apply this diff to fix the string interpolation:

-                task.output = 'Found ${ctx.certificates.length} certificates';
+                task.output = `Found ${ctx.certificates.length} certificates`;

Likely invalid or redundant comment.

---

54-54: ⚠️ Potential issue

Correct string interpolation in task title

Use backticks for string interpolation to display the correct number of certificates.

Apply this diff:

-              task.title = 'Cancel ${ctx.certificates.length} certificates';
+              task.title = `Cancel ${ctx.certificates.length} certificates`;

Likely invalid or redundant comment.

[coderabbitai]

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (6)

packages/dashmate/src/helper/scheduleRenewZeroSslCertificateFactory.js (1)

Line range hint 62-64: Consider implementing the suggested dynamic configuration update.

The TODO comment suggests using Envoy's dynamic filesystem configuration, which would be a valuable improvement. This could eliminate the need for Gateway restarts when certificates are updated.

Would you like me to create a GitHub issue to track the implementation of dynamic configuration updates using Envoy's filesystem-based configuration?

packages/dashmate/src/listr/tasks/ssl/zerossl/cleanupZeroSSLCertificatesTaskFactory.js (2)

86-94: Consider adding more detailed renderer options for better progress tracking

The current renderer configuration could be enhanced to provide better visibility of the cleanup progress.

Apply this diff to add more renderer options:

         options: {
           persistentOutput: true,
+          bottomBar: true,
         },
       },
     ], {
       rendererOptions: {
         showErrorMessage: true,
+        collapseErrors: false,
+        collapseSubtasks: false,
       },
     });

---

20-21: Add a warning message before certificate cleanup

Since this is a destructive operation that cancels certificates, it would be helpful to add a warning message.

Add a new task at the beginning of the Listr tasks:

   function cleanupZeroSSLCertificatesTask(config) {
     const apiKey = config.get('platform.gateway.ssl.providerConfigs.zerossl.apiKey', true);
 
     return new Listr([
+      {
+        title: 'Warning',
+        task: (_, task) => {
+          task.output = chalk.yellow(
+            'This operation will cancel all draft and pending validation certificates.\n' +
+            'This action cannot be undone.'
+          );
+        },
+        options: { persistentOutput: true },
+      },
       {
         title: 'Collect drafted and pending validation certificates',

packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js (3)

Line range hint 123-134: Add cleanup of draft certificates before creating new ones.

To prevent accumulation of draft certificates (as mentioned in PR #2297), consider adding a cleanup step before creating a new certificate. This would help prevent hitting account limits, especially for free accounts limited to three certificates.

      {
        title: 'Create a certificate',
        skip: (ctx) => ctx.certificate,
        task: async (ctx) => {
+         // Clean up any existing draft certificates before creating a new one
+         const certificates = await listCertificates(ctx.apiKey);
+         const draftCerts = certificates.filter(cert => 
+           ['draft', 'pending_validation'].includes(cert.status));
+         for (const cert of draftCerts) {
+           await cancelCertificate(cert.id, ctx.apiKey);
+         }
+
          ctx.certificate = await createZeroSSLCertificate(
            ctx.csr,
            ctx.externalIp,
            ctx.apiKey,

---

Line range hint 190-217: Consider making retry parameters configurable.

The certificate download retry mechanism uses hard-coded values:

• 50 retry attempts
• 5-second wait between attempts
• Total potential wait time: 250 seconds

Consider making these parameters configurable to allow users to adjust based on their needs and network conditions.

+     const DEFAULT_DOWNLOAD_RETRY_COUNT = 50;
+     const DEFAULT_DOWNLOAD_RETRY_DELAY = 5000;
      {
        title: 'Download certificate file',
        skip: (ctx) => ctx.isBundleFilePresent,
        task: async (ctx, task) => {
-         for (let retry = 0; retry <= 50; retry += 1) {
-           await wait(5000);
+         const retryCount = ctx.downloadRetryCount || DEFAULT_DOWNLOAD_RETRY_COUNT;
+         const retryDelay = ctx.downloadRetryDelay || DEFAULT_DOWNLOAD_RETRY_DELAY;
+         for (let retry = 0; retry <= retryCount; retry += 1) {
+           await wait(retryDelay);

---

Line range hint 218-249: Set secure file permissions for sensitive files.

The code writes sensitive cryptographic materials (private key, CSR, certificate) without explicitly setting secure file permissions. This could potentially expose these files if default permissions are too permissive.

      {
        title: 'Save certificate private key file',
        enabled: (ctx) => !ctx.isPrivateKeyFilePresent,
        task: async (ctx, task) => {
-         fs.writeFileSync(ctx.privateKeyFilePath, ctx.privateKeyFile, 'utf8');
+         fs.writeFileSync(ctx.privateKeyFilePath, ctx.privateKeyFile, {
+           encoding: 'utf8',
+           mode: 0o600  // Read/write for owner only
+         });

          // eslint-disable-next-line no-param-reassign
          task.output = ctx.privateKeyFilePath;
        },
      },
      {
        title: 'Save certificate request file',
        enabled: (ctx) => !ctx.isCsrFilePresent,
        task: async (ctx, task) => {
-         fs.writeFileSync(ctx.csrFilePath, ctx.csr, 'utf8');
+         fs.writeFileSync(ctx.csrFilePath, ctx.csr, {
+           encoding: 'utf8',
+           mode: 0o644  // World-readable but only owner-writable
+         });

          // eslint-disable-next-line no-param-reassign
          task.output = ctx.csrFilePath;
        },
      },

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 098f8b0 and 057ec02.

📒 Files selected for processing (5)

• packages/dashmate/src/commands/ssl/cleanup.js (1 hunks)
• packages/dashmate/src/commands/ssl/obtain.js (1 hunks)
• packages/dashmate/src/helper/scheduleRenewZeroSslCertificateFactory.js (1 hunks)
• packages/dashmate/src/listr/tasks/ssl/zerossl/cleanupZeroSSLCertificatesTaskFactory.js (1 hunks)
• packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/dashmate/src/commands/ssl/cleanup.js

🧰 Additional context used

📓 Learnings (2)

packages/dashmate/src/listr/tasks/ssl/zerossl/cleanupZeroSSLCertificatesTaskFactory.js (3)

Learnt from: shumkov
PR: dashpay/platform#2298
File: packages/dashmate/src/listr/tasks/ssl/zerossl/cleanupZeroSSLCertificatesTaskFactory.js:77-81
Timestamp: 2024-10-31T15:44:50.617Z
Learning: In the `cleanupZeroSSLCertificatesTask`, if some certificates are not canceled, we want to abort listr, as it's the last task.

Learnt from: shumkov
PR: dashpay/platform#2298
File: packages/dashmate/src/listr/tasks/ssl/zerossl/cleanupZeroSSLCertificatesTaskFactory.js:66-69
Timestamp: 2024-10-31T15:43:16.094Z
Learning: In Listr tasks, when in debug mode, prefer using `console.warn` for logging instead of `task.output`.

Learnt from: shumkov
PR: dashpay/platform#2298
File: packages/dashmate/src/commands/ssl/cleanup.js:33-50
Timestamp: 2024-10-31T15:37:28.986Z
Learning: In `packages/dashmate/src/commands/ssl/cleanup.js`, the `cleanupZeroSSLCertificatesTask` function already includes progress reporting within its nested `Listr` tasks, so additional progress reporting in the `CleanupCommand` is unnecessary.

packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js (1)

Learnt from: shumkov
PR: dashpay/platform#2297
File: packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js:148-150
Timestamp: 2024-10-31T14:41:42.158Z
Learning: In the `obtainZeroSSLCertificateTaskFactory` function in `packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js`, the application already fails appropriately if `configFileRepository.write(configFile)` fails, so additional error handling around this operation is unnecessary.

🔇 Additional comments (3)

packages/dashmate/src/commands/ssl/obtain.js (1)

48-48: Verify async handling in obtainZeroSSLCertificateTask

The removal of async is correct if obtainZeroSSLCertificateTask now returns a Listr instance directly. However, let's verify the implementation to ensure proper async operation handling.

✅ Verification successful

Removal of async is correct and safe

The removal of async from the task definition is correct because obtainZeroSSLCertificateTask directly returns a Listr instance without any async operations. The async operations are properly handled within individual task definitions using async/await in the task handlers. The function itself is synchronous and serves as a task factory.

Key points verified:

• Task factory returns a Listr instance directly
• All async operations are properly contained within individual task handlers
• No top-level await operations that would require the factory to be async

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the implementation of obtainZeroSSLCertificateTask
# to ensure it properly handles async operations after the refactor

# Search for the task factory implementation
ast-grep --pattern 'obtainZeroSSLCertificateTask = $$$'

# Look for any Listr usage in the implementation
rg -A 5 'new Listr' packages/dashmate/src/ssl

Length of output: 105

---

Script:

#!/bin/bash
# Let's try a different approach to find the implementation

# Search for the file containing obtainZeroSSLCertificateTask
rg -l "obtainZeroSSLCertificateTask" packages/dashmate/src

# Search for the implementation with more context
rg -B 2 -A 10 "obtainZeroSSLCertificateTask" packages/dashmate/src

# Look for Listr usage in SSL-related files
fd . packages/dashmate/src/ssl --type f --exec rg -l "Listr" {}

Length of output: 19735

---

Script:

#!/bin/bash
# Let's examine the implementation of obtainZeroSSLCertificateTaskFactory to verify async handling

# Get the full content of the task factory implementation
cat packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js

Length of output: 10391

packages/dashmate/src/helper/scheduleRenewZeroSslCertificateFactory.js (1)

54-57: Verify task execution behavior change.

The removal of await from task creation while maintaining it in tasks.run() appears intentional. This change aligns with the PR's goal of improving certificate handling. However, we should verify that error propagation still works as expected.

✅ Verification successful

Task execution behavior change is safe and consistent

The removal of await from obtainZeroSSLCertificateTask(config) is correct as the task factory returns a Listr instance that is properly awaited in the run() call. This pattern is consistently used across the codebase, where task factories create Listr instances that are executed later via run(). The change aligns with the codebase's task execution pattern and maintains proper error propagation through Listr's task management.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for similar patterns in other task factories to confirm consistency
ast-grep --pattern 'const tasks = $_($$$);
  await tasks.run($$$);'

Length of output: 69

---

Script:

#!/bin/bash
# Let's try a broader search for task execution patterns
rg -U "const tasks.*\n.*await.*run" --type js

# Also search for obtainZeroSSLCertificateTask usage
rg "obtainZeroSSLCertificateTask" --type js -A 3

# And check the implementation of obtainZeroSSLCertificateTask
ast-grep --pattern 'const obtainZeroSSLCertificateTask = $_($$$)'

Length of output: 7508

---

Script:

#!/bin/bash
# Let's examine the implementation of obtainZeroSSLCertificateTaskFactory to understand the task structure
cat packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js

# Also check the Listr task implementation pattern in other similar files
rg "new Listr\(\[" --type js -A 3

Length of output: 22483

packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js (1)

39-39: LGTM: Return type change is correct.

The change from Promise<Listr> to Listr better reflects the actual behavior where task creation is synchronous while task execution remains asynchronous.

Also applies to: 41-41