npm - @agentlink.sh/cli - Versions diffs - 0.11.0 → 0.12.0 - Mend

@agentlink.sh/cli 0.11.0 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/{chunk-2CNK2BQY.js → chunk-4EUOAXWZ.js} +38 -0
package/dist/{cloud-2AWCJAG5.js → cloud-QNZQNIS5.js} +5 -1
package/dist/index.js +357 -59
package/package.json +1 -1

package/dist/{chunk-2CNK2BQY.js → chunk-4EUOAXWZ.js} RENAMED Viewed

@@ -505,6 +505,42 @@ async function waitForProjectReady(ref, spinner, timeoutMs = 3e5) {
   Check status at: https://supabase.com/dashboard/project/${ref}`
   );
 }
+async function fetchPoolerUrl(projectRef) {
+  const token = process.env.SUPABASE_ACCESS_TOKEN;
+  if (!token) {
+    throw new Error("SUPABASE_ACCESS_TOKEN is required to fetch pooler config");
+  }
+  const res = await fetch(
+    `https://api.supabase.com/v1/projects/${projectRef}/config/database/pooler`,
+    {
+      headers: { Authorization: `Bearer ${token}` }
+    }
+  );
+  if (!res.ok) {
+    const body = await res.text();
+    throw new Error(`Failed to fetch pooler config (${res.status}): ${body}`);
+  }
+  const entries = await res.json();
+  const pooler = entries.find(
+    (e) => e.database_type === "PRIMARY" && e.pool_mode === "transaction"
+  ) ?? entries.find(
+    (e) => e.database_type === "PRIMARY"
+  ) ?? entries[0];
+  if (!pooler) {
+    throw new Error("No pooler configuration found for project");
+  }
+  return {
+    host: pooler.db_host,
+    port: pooler.db_port,
+    user: pooler.db_user,
+    dbName: pooler.db_name,
+    connectionString: pooler.connection_string
+  };
+}
+async function resolvePoolerDbUrl(projectRef, password) {
+  const pooler = await fetchPoolerUrl(projectRef);
+  return `postgresql://${pooler.user}:${encodeURIComponent(password)}@${pooler.host}:${pooler.port}/${pooler.dbName}`;
+}
 function saveProjectCredential(projectRef, dbPassword) {
   const creds = loadCredentials();
   if (!creds.project_credentials) {
@@ -584,6 +620,8 @@ export {
   updatePostgrestConfig,
   updateAuthConfig,
   waitForProjectReady,
+  fetchPoolerUrl,
+  resolvePoolerDbUrl,
   saveProjectCredential,
   loadProjectCredential,
   resolveDbUrlForEnv,

package/dist/{cloud-2AWCJAG5.js → cloud-QNZQNIS5.js} RENAMED Viewed

@@ -4,6 +4,7 @@ import {
   credentialsPath,
   detectClosestRegion,
   ensureAccessToken,
+  fetchPoolerUrl,
   getApiKeys,
   getProject,
   listOrganizations,
@@ -13,6 +14,7 @@ import {
   loadCredentials,
   loadProjectCredential,
   resolveDbUrlForEnv,
+  resolvePoolerDbUrl,
   runCloudSQL,
   saveCredentials,
   saveProjectCredential,
@@ -20,13 +22,14 @@ import {
   updateAuthConfig,
   updatePostgrestConfig,
   waitForProjectReady
-} from "./chunk-2CNK2BQY.js";
+} from "./chunk-4EUOAXWZ.js";
 import "./chunk-G3HVUCWY.js";
 export {
   createProject,
   credentialsPath,
   detectClosestRegion,
   ensureAccessToken,
+  fetchPoolerUrl,
   getApiKeys,
   getProject,
   listOrganizations,
@@ -36,6 +39,7 @@ export {
   loadCredentials,
   loadProjectCredential,
   resolveDbUrlForEnv,
+  resolvePoolerDbUrl,
   runCloudSQL,
   saveCredentials,
   saveProjectCredential,

package/dist/index.js CHANGED Viewed

@@ -16,6 +16,7 @@ import {
   loadCredentials,
   loadProjectCredential,
   resolveDbUrlForEnv,
+  resolvePoolerDbUrl,
   runCloudSQL,
   runCommand,
   saveCredentials,
@@ -26,7 +27,7 @@ import {
   updatePostgrestConfig,
   validateProjectName,
   waitForProjectReady
-} from "./chunk-2CNK2BQY.js";
+} from "./chunk-4EUOAXWZ.js";
 import {
   SKILLS_VERSION,
   SUPPORTED_SUPABASE_CLI,
@@ -186,20 +187,33 @@ function listEnvironments(cwd) {
 var check_setup_default = "SELECT jsonb_build_object(\n  'extensions', jsonb_build_object(\n    'pg_net',  EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_net'),\n    'pg_cron', EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_cron'),\n    'vault',   EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'supabase_vault'),\n    'pgmq',    EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pgmq')\n  ),\n  'queues', jsonb_build_object(\n    'agentlink_tasks', EXISTS (\n      SELECT 1 FROM information_schema.tables\n      WHERE table_schema = 'pgmq' AND table_name = 'q_agentlink_tasks'\n    )\n  ),\n  'tables', jsonb_build_object(\n    'profiles', EXISTS (\n      SELECT 1 FROM information_schema.tables\n      WHERE table_schema = 'public' AND table_name = 'profiles'\n    ),\n    'tenants', EXISTS (\n      SELECT 1 FROM information_schema.tables\n      WHERE table_schema = 'public' AND table_name = 'tenants'\n    ),\n    'memberships', EXISTS (\n      SELECT 1 FROM information_schema.tables\n      WHERE table_schema = 'public' AND table_name = 'memberships'\n    ),\n    'invitations', EXISTS (\n      SELECT 1 FROM information_schema.tables\n      WHERE table_schema = 'public' AND table_name = 'invitations'\n    )\n  ),\n  'functions', jsonb_build_object(\n    '_internal_admin_get_secret',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'public'\n          AND routine_name = '_internal_admin_get_secret'\n      ),\n    '_internal_admin_call_edge_function',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'public'\n          AND routine_name = '_internal_admin_call_edge_function'\n      ),\n    'api._admin_enqueue_task',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'api'\n          AND routine_name = '_admin_enqueue_task'\n      ),\n    'api._admin_queue_read',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'api'\n          AND routine_name = '_admin_queue_read'\n      ),\n    'api._admin_queue_delete',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'api'\n          AND routine_name = '_admin_queue_delete'\n      ),\n    'api._admin_queue_archive',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'api'\n          AND routine_name = '_admin_queue_archive'\n      ),\n    'set_updated_at',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'public'\n          AND routine_name = 'set_updated_at'\n      ),\n    '_internal_admin_handle_new_user',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'public'\n          AND routine_name = '_internal_admin_handle_new_user'\n      ),\n    'api.profile_get',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'api'\n          AND routine_name = 'profile_get'\n      ),\n    'api.profile_update',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'api'\n          AND routine_name = 'profile_update'\n      ),\n    '_hook_before_user_created',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'public'\n          AND routine_name = '_hook_before_user_created'\n      ),\n    '_hook_send_email',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'public'\n          AND routine_name = '_hook_send_email'\n      ),\n    '_auth_tenant_id',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'public'\n          AND routine_name = '_auth_tenant_id'\n      ),\n    '_auth_tenant_role',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'public'\n          AND routine_name = '_auth_tenant_role'\n      ),\n    '_auth_has_role',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'public'\n          AND routine_name = '_auth_has_role'\n      ),\n    '_auth_is_tenant_member',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'public'\n          AND routine_name = '_auth_is_tenant_member'\n      ),\n    'api.tenant_select',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'api'\n          AND routine_name = 'tenant_select'\n      ),\n    'api.tenant_list',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'api'\n          AND routine_name = 'tenant_list'\n      ),\n    'api.tenant_create',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'api'\n          AND routine_name = 'tenant_create'\n      ),\n    'api.invitation_create',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'api'\n          AND routine_name = 'invitation_create'\n      ),\n    'api.invitation_accept',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'api'\n          AND routine_name = 'invitation_accept'\n      ),\n    'api.membership_list',\n      EXISTS (\n        SELECT 1 FROM information_schema.routines\n        WHERE routine_schema = 'api'\n          AND routine_name = 'membership_list'\n      )\n  ),\n  'triggers', jsonb_build_object(\n    'trg_profiles_updated_at',\n      EXISTS (\n        SELECT 1 FROM pg_trigger WHERE tgname = 'trg_profiles_updated_at'\n      ),\n    'trg_auth_users_new_user',\n      EXISTS (\n        SELECT 1 FROM pg_trigger WHERE tgname = 'trg_auth_users_new_user'\n      ),\n    'trg_tenants_updated_at',\n      EXISTS (\n        SELECT 1 FROM pg_trigger WHERE tgname = 'trg_tenants_updated_at'\n      )\n  ),\n  'secrets', jsonb_build_object(\n    'SUPABASE_URL',\n      EXISTS (SELECT 1 FROM vault.secrets WHERE name = 'SUPABASE_URL'),\n    'SB_PUBLISHABLE_KEY',\n      EXISTS (SELECT 1 FROM vault.secrets WHERE name = 'SB_PUBLISHABLE_KEY'),\n    'SB_SECRET_KEY',\n      EXISTS (SELECT 1 FROM vault.secrets WHERE name = 'SB_SECRET_KEY')\n  ),\n  'api_schema', EXISTS (\n    SELECT 1 FROM information_schema.schemata WHERE schema_name = 'api'\n  ),\n  'ready', (\n    EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_net')\n    AND EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_cron')\n    AND EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'supabase_vault')\n    AND EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pgmq')\n    AND EXISTS (SELECT 1 FROM information_schema.schemata WHERE schema_name = 'api')\n    AND EXISTS (\n      SELECT 1 FROM information_schema.tables\n      WHERE table_schema = 'pgmq' AND table_name = 'q_agentlink_tasks'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'public' AND routine_name = '_internal_admin_get_secret'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'public' AND routine_name = '_internal_admin_call_edge_function'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'api' AND routine_name = '_admin_enqueue_task'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'api' AND routine_name = '_admin_queue_read'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'api' AND routine_name = '_admin_queue_delete'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'api' AND routine_name = '_admin_queue_archive'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.tables\n      WHERE table_schema = 'public' AND table_name = 'profiles'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.tables\n      WHERE table_schema = 'public' AND table_name = 'tenants'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.tables\n      WHERE table_schema = 'public' AND table_name = 'memberships'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.tables\n      WHERE table_schema = 'public' AND table_name = 'invitations'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'public' AND routine_name = 'set_updated_at'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'public' AND routine_name = '_internal_admin_handle_new_user'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'api' AND routine_name = 'profile_get'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'api' AND routine_name = 'profile_update'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'public' AND routine_name = '_hook_before_user_created'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'public' AND routine_name = '_hook_send_email'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'public' AND routine_name = '_auth_tenant_id'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'public' AND routine_name = '_auth_tenant_role'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'public' AND routine_name = '_auth_has_role'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'public' AND routine_name = '_auth_is_tenant_member'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'api' AND routine_name = 'tenant_select'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'api' AND routine_name = 'tenant_list'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'api' AND routine_name = 'tenant_create'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'api' AND routine_name = 'invitation_create'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'api' AND routine_name = 'invitation_accept'\n    )\n    AND EXISTS (\n      SELECT 1 FROM information_schema.routines\n      WHERE routine_schema = 'api' AND routine_name = 'membership_list'\n    )\n    AND EXISTS (\n      SELECT 1 FROM pg_trigger WHERE tgname = 'trg_profiles_updated_at'\n    )\n    AND EXISTS (\n      SELECT 1 FROM pg_trigger WHERE tgname = 'trg_auth_users_new_user'\n    )\n    AND EXISTS (\n      SELECT 1 FROM pg_trigger WHERE tgname = 'trg_tenants_updated_at'\n    )\n    AND EXISTS (SELECT 1 FROM vault.secrets WHERE name = 'SUPABASE_URL')\n    AND EXISTS (SELECT 1 FROM vault.secrets WHERE name = 'SB_PUBLISHABLE_KEY')\n    AND EXISTS (SELECT 1 FROM vault.secrets WHERE name = 'SB_SECRET_KEY')\n  )\n) AS setup_status;\n";
 // src/sql.ts
+function upsertSecret(value, name) {
+  const safeValue = value.replace(/'/g, "''");
+  return `DO $$ DECLARE
+  _id uuid;
+BEGIN
+  SELECT id INTO _id FROM vault.secrets WHERE name = '${name}';
+  IF _id IS NOT NULL THEN
+    PERFORM vault.update_secret(_id, '${safeValue}', '${name}');
+  ELSE
+    PERFORM vault.create_secret('${safeValue}', '${name}');
+  END IF;
+END $$;`;
+}
 function seedSQL(publishableKey, secretKey) {
   return [
-    "select vault.create_secret('http://host.docker.internal:54321', 'SUPABASE_URL');",
-    `select vault.create_secret('${publishableKey}', 'SB_PUBLISHABLE_KEY');`,
-    `select vault.create_secret('${secretKey}', 'SB_SECRET_KEY');`,
-    "select vault.create_secret('', 'ALLOWED_SIGNUP_DOMAINS');"
+    upsertSecret("http://host.docker.internal:54321", "SUPABASE_URL"),
+    upsertSecret(publishableKey, "SB_PUBLISHABLE_KEY"),
+    upsertSecret(secretKey, "SB_SECRET_KEY"),
+    upsertSecret("", "ALLOWED_SIGNUP_DOMAINS")
   ].join("\n");
 }
 function cloudSeedSQL(apiUrl, publishableKey, secretKey) {
   return [
-    `select vault.create_secret('${apiUrl}', 'SUPABASE_URL');`,
-    `select vault.create_secret('${publishableKey}', 'SB_PUBLISHABLE_KEY');`,
-    `select vault.create_secret('${secretKey}', 'SB_SECRET_KEY');`,
-    "select vault.create_secret('', 'ALLOWED_SIGNUP_DOMAINS');"
+    upsertSecret(apiUrl, "SUPABASE_URL"),
+    upsertSecret(publishableKey, "SB_PUBLISHABLE_KEY"),
+    upsertSecret(secretKey, "SB_SECRET_KEY"),
+    upsertSecret("", "ALLOWED_SIGNUP_DOMAINS")
   ].join("\n");
 }
@@ -1517,6 +1531,7 @@ async function check(envFlag) {
 import fs5 from "fs";
 import os from "os";
 import path5 from "path";
+import { input } from "@inquirer/prompts";
 function stripQuotes(val) {
   if (val.startsWith('"') && val.endsWith('"') || val.startsWith("'") && val.endsWith("'")) {
     return val.slice(1, -1);
@@ -1721,12 +1736,130 @@ Migration created: supabase/migrations/${filename}`);
     fs5.rmSync(tmpDir, { recursive: true, force: true });
   }
 }
+async function dbRebuild(options) {
+  const cwd = options.cwd;
+  const migrationsDir = path5.join(cwd, "supabase", "migrations");
+  if (fs5.existsSync(migrationsDir)) {
+    const files = fs5.readdirSync(migrationsDir).filter((f) => f.endsWith(".sql"));
+    for (const file of files) {
+      fs5.unlinkSync(path5.join(migrationsDir, file));
+    }
+    console.log(`Deleted ${files.length} migration file(s)`);
+  }
+  const progressPath2 = path5.join(cwd, ".agentlink-progress.json");
+  if (fs5.existsSync(progressPath2)) {
+    fs5.unlinkSync(progressPath2);
+    console.log("Cleared scaffold progress");
+  }
+  console.log("\nRe-applying schemas...");
+  await dbApply({ cwd, dbUrl: options.dbUrl, env: options.env, skipTypes: true });
+  console.log("\nRegenerating migration...");
+  await dbMigrate("agentlink_setup", { cwd, dbUrl: options.dbUrl, env: options.env });
+  console.log("\nGenerating types...");
+  try {
+    await dbTypes({ cwd, dbUrl: options.dbUrl, env: options.env });
+  } catch (err) {
+    console.warn(`Warning: type generation failed \u2014 ${err.message}`);
+  }
+  console.log("\nDone. Database rebuilt from schema files.");
+}
+async function dbUrlCheck(options) {
+  const mode = await resolveDbMode(options.cwd, options.dbUrl, options.env);
+  if (mode.kind !== "cloud" || !mode.projectRef) {
+    const dbUrl = await resolveDbUrl(options.cwd, options.dbUrl);
+    console.log(dbUrl);
+    return;
+  }
+  await ensureAccessToken(true, options.cwd);
+  const password = loadProjectCredential(mode.projectRef);
+  if (!password) {
+    throw new Error(
+      `No stored password for project ${mode.projectRef}.
+  Run: agentlink env relink dev`
+    );
+  }
+  const poolerUrl = await resolvePoolerDbUrl(mode.projectRef, password);
+  console.log(`Pooler URL: ${poolerUrl}`);
+  const currentUrl = readEnvValue(options.cwd, "SUPABASE_DB_URL");
+  if (currentUrl === poolerUrl) {
+    console.log("\u2714 .env.local is up to date");
+    return;
+  }
+  if (currentUrl) {
+    console.log(`
+Current:  ${currentUrl}`);
+    console.log(`Expected: ${poolerUrl}`);
+  }
+  if (options.fix) {
+    const envPath = path5.join(options.cwd, ".env.local");
+    if (fs5.existsSync(envPath)) {
+      let content = fs5.readFileSync(envPath, "utf-8");
+      if (/^SUPABASE_DB_URL=/m.test(content)) {
+        content = content.replace(/^SUPABASE_DB_URL=.*$/m, `SUPABASE_DB_URL=${poolerUrl}`);
+      } else {
+        content = content.trimEnd() + `
+SUPABASE_DB_URL=${poolerUrl}
+`;
+      }
+      fs5.writeFileSync(envPath, content);
+      console.log("\n\u2714 .env.local updated with correct pooler URL");
+    }
+  } else if (currentUrl !== poolerUrl) {
+    console.log("\nRun with --fix to update .env.local");
+  }
+}
+var passwordTheme = {
+  prefix: { idle: blue("?"), done: blue("\u2714") },
+  style: {
+    answer: (text) => amber(text),
+    message: (text) => bold(text),
+    help: (text) => dim(text)
+  }
+};
+async function dbPassword(cwd, value) {
+  const manifest = readManifest(cwd);
+  if (!manifest) {
+    throw new Error("No agentlink.json found. Run `agentlink` to scaffold a project first.");
+  }
+  const defaultEnv = manifest.cloud?.default;
+  if (!defaultEnv || defaultEnv === "local" || !manifest.cloud?.environments?.[defaultEnv]) {
+    throw new Error("No cloud environment configured. This command is for cloud projects.");
+  }
+  const env2 = manifest.cloud.environments[defaultEnv];
+  const projectRef = env2.projectRef;
+  if (value) {
+    saveProjectCredential(projectRef, value);
+    console.log(`Password saved for project ${dim(projectRef)}`);
+  } else {
+    const current = loadProjectCredential(projectRef);
+    if (current) {
+      const masked = current.length > 8 ? current.slice(0, 4) + "\u25CF".repeat(current.length - 8) + current.slice(-4) : "\u25CF".repeat(current.length);
+      console.log(`Current password: ${dim(masked)} (project: ${projectRef})`);
+      console.log();
+    }
+    const resetUrl = `https://supabase.com/dashboard/project/${projectRef}/settings/database`;
+    console.log(`  ${dim("Reset your password at:")}`);
+    console.log(`  ${dim(resetUrl)}`);
+    console.log();
+    const newPassword = await input({
+      message: "Database password:",
+      theme: passwordTheme,
+      transformer: (v, { isFinal }) => {
+        if (isFinal) return "\u25CF".repeat(Math.min(v.length, 8));
+        return "\u25CF".repeat(v.length);
+      },
+      validate: (val) => val.trim().length > 0 || "Password is required"
+    });
+    saveProjectCredential(projectRef, newPassword.trim());
+    console.log(`Password saved for project ${dim(projectRef)}`);
+  }
+}
 // src/deploy.ts
 import fs6 from "fs";
 import os2 from "os";
 import path6 from "path";
-import { confirm, input } from "@inquirer/prompts";
+import { confirm, input as input2 } from "@inquirer/prompts";
 // src/migration-analysis.ts
 var PATTERNS = [
@@ -1933,8 +2066,8 @@ async function resolveEnvironments(cwd, opts) {
   }
   await ensureAccessToken(opts.ci, cwd);
   const targetEnv = resolveCloudEnv(manifest.cloud, targetName);
-  const dbPassword = resolveTargetPassword(targetEnv.projectRef);
-  const targetDbUrl = resolveDbUrlForEnv(targetEnv, dbPassword);
+  const dbPassword2 = resolveTargetPassword(targetEnv.projectRef);
+  const targetDbUrl = resolveDbUrlForEnv(targetEnv, dbPassword2);
   const devDbUrl = await resolveDbUrl(cwd);
   return { devDbUrl, targetEnv, targetDbUrl, targetName };
 }
@@ -2099,7 +2232,7 @@ async function syncSecrets(cwd, resolved, opts) {
 `);
   const toSet = {};
   for (const key of missingKeys) {
-    const value = await input({
+    const value = await input2({
       message: `${key}:`,
       theme,
       validate: (val) => val.trim().length > 0 || "Value is required (press Ctrl+C to skip all)"
@@ -2115,7 +2248,7 @@ async function syncSecrets(cwd, resolved, opts) {
 // src/env.ts
 import fs8 from "fs";
 import path8 from "path";
-import { confirm as confirm2, input as input2, select } from "@inquirer/prompts";
+import { confirm as confirm2, input as input3, select } from "@inquirer/prompts";
 // src/claude-md.ts
 import fs7 from "fs";
@@ -2259,14 +2392,14 @@ async function envAdd(name, cwd, opts = {}) {
   }
   await ensureAccessToken(opts.nonInteractive, cwd);
   let env2;
-  let dbPassword;
+  let dbPassword2;
   if (opts.projectRef) {
     const projects = await listProjects();
     const project = projects.find((p) => p.id === opts.projectRef);
     if (!project) {
       throw new Error(`Project ${opts.projectRef} not found.`);
     }
-    dbPassword = await promptForPassword(opts.nonInteractive);
+    dbPassword2 = await promptForPassword(opts.nonInteractive, project.id);
     env2 = {
       projectRef: project.id,
       region: project.region,
@@ -2286,17 +2419,17 @@ async function envAdd(name, cwd, opts = {}) {
     if (method === "existing") {
       const result = await connectExistingProject();
       env2 = result.env;
-      dbPassword = result.dbPassword;
+      dbPassword2 = result.dbPassword;
     } else {
       const result = await createNewProject(name, opts);
       env2 = result.env;
-      dbPassword = result.dbPassword;
+      dbPassword2 = result.dbPassword;
     }
   }
   addCloudEnvironment(cwd, name, env2);
   console.log(`
   ${blue("\u2714")} Environment "${name}" added to agentlink.json`);
-  saveProjectCredential(env2.projectRef, dbPassword);
+  saveProjectCredential(env2.projectRef, dbPassword2);
   console.log(`  ${blue("\u2714")} Credentials stored securely`);
   if (name.startsWith("dev") || name === "staging") {
     const shouldSync = opts.nonInteractive ? false : await confirm2({
@@ -2318,7 +2451,7 @@ async function envAdd(name, cwd, opts = {}) {
     console.log(`  Deploy with: ${dim("npx @agentlink.sh/cli@latest deploy --env " + name)}`);
   }
 }
-async function promptForPassword(nonInteractive) {
+async function promptForPassword(nonInteractive, projectRef) {
   if (nonInteractive) {
     const envPass = process.env.SUPABASE_DB_PASSWORD;
     if (!envPass) {
@@ -2326,7 +2459,13 @@ async function promptForPassword(nonInteractive) {
     }
     return envPass;
   }
-  return await input2({
+  if (projectRef) {
+    const resetUrl = `https://supabase.com/dashboard/project/${projectRef}/settings/database`;
+    console.log(`  ${dim("Don't know the password? Reset it at:")}`);
+    console.log(`  ${dim(resetUrl)}`);
+    console.log();
+  }
+  return await input3({
     message: "Database password:",
     theme: theme2,
     transformer: (value, { isFinal }) => {
@@ -2350,18 +2489,18 @@ async function connectExistingProject() {
     }))
   });
   const project = projects.find((p) => p.id === projectRef);
-  const dbPassword = await promptForPassword();
+  const dbPassword2 = await promptForPassword(false, project.id);
   return {
     env: {
       projectRef: project.id,
       region: project.region,
       apiUrl: `https://${project.id}.supabase.co`
     },
-    dbPassword
+    dbPassword: dbPassword2
   };
 }
 async function createNewProject(envName, opts) {
-  const { listOrganizations: listOrganizations2, listRegions: listRegions2 } = await import("./cloud-2AWCJAG5.js");
+  const { listOrganizations: listOrganizations2, listRegions: listRegions2 } = await import("./cloud-QNZQNIS5.js");
   const orgs = await listOrganizations2();
   if (orgs.length === 0) {
     throw new Error("No Supabase organizations found. Create one at https://supabase.com/dashboard.");
@@ -2377,13 +2516,13 @@ async function createNewProject(envName, opts) {
     theme: theme2,
     choices: regions.map((r) => ({ name: `${r.name} (${r.id})`, value: r.id }))
   });
-  const projectName = await input2({
+  const projectName = await input3({
     message: "Project name:",
     default: `agentlink-${envName}`,
     theme: theme2
   });
   const { randomBytes } = await import("crypto");
-  const dbPassword = randomBytes(24).toString("base64url");
+  const dbPassword2 = randomBytes(24).toString("base64url");
   console.log(`
   Creating project "${projectName}" in ${region}...
 `);
@@ -2391,7 +2530,7 @@ async function createNewProject(envName, opts) {
     orgId,
     name: projectName,
     region,
-    dbPass: dbPassword
+    dbPass: dbPassword2
   });
   await waitForProjectReady(project.id);
   console.log(`  ${blue("\u2714")} Project created: ${project.id}`);
@@ -2401,7 +2540,7 @@ async function createNewProject(envName, opts) {
       region: project.region,
       apiUrl: `https://${project.id}.supabase.co`
     },
-    dbPassword
+    dbPassword: dbPassword2
   };
 }
 async function envUse(name, cwd) {
@@ -2450,7 +2589,7 @@ async function envUse(name, cwd) {
     await ensureAccessToken(true, cwd);
     const env2 = manifest.cloud.environments[name];
     const keys = await getApiKeys(env2.projectRef);
-    const dbPassword = loadProjectCredential(env2.projectRef);
+    const dbPassword2 = loadProjectCredential(env2.projectRef);
     const frontend = manifest.frontend;
     const urlKey = frontend === "nextjs" ? "NEXT_PUBLIC_SUPABASE_URL" : "VITE_SUPABASE_URL";
     const keyKey = frontend === "nextjs" ? "NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY" : "VITE_SUPABASE_PUBLISHABLE_KEY";
@@ -2460,8 +2599,8 @@ async function envUse(name, cwd) {
       SB_PUBLISHABLE_KEY: keys.publishableKey,
       SB_SECRET_KEY: keys.secretKey
     };
-    if (dbPassword) {
-      vars.SUPABASE_DB_URL = resolveDbUrlForEnv(env2, dbPassword);
+    if (dbPassword2) {
+      vars.SUPABASE_DB_URL = resolveDbUrlForEnv(env2, dbPassword2);
     }
   }
   writeManagedEnv(cwd, name, vars);
@@ -2516,6 +2655,120 @@ async function envRemove(name, cwd, opts = {}) {
   removeCloudEnvironment(cwd, name);
   console.log(`  ${blue("\u2714")} Environment "${name}" removed.`);
 }
+async function envRelink(name, cwd, opts = {}) {
+  const manifest = readManifest(cwd);
+  if (!manifest) {
+    throw new Error("No agentlink.json found. Run `agentlink` to scaffold a project first.");
+  }
+  if (opts.token) {
+    process.env.SUPABASE_ACCESS_TOKEN = opts.token;
+  }
+  await ensureAccessToken(opts.nonInteractive, cwd);
+  let env2;
+  let dbPassword2;
+  if (opts.projectRef) {
+    const projects = await listProjects();
+    const project = projects.find((p) => p.id === opts.projectRef);
+    if (!project) {
+      throw new Error(`Project ${opts.projectRef} not found.`);
+    }
+    dbPassword2 = await promptForPassword(opts.nonInteractive, project.id);
+    env2 = {
+      projectRef: project.id,
+      region: project.region,
+      apiUrl: `https://${project.id}.supabase.co`
+    };
+  } else if (opts.nonInteractive) {
+    throw new Error("--project-ref is required in non-interactive mode.");
+  } else {
+    const method = await select({
+      message: `How do you want to relink the "${name}" environment?`,
+      theme: theme2,
+      choices: [
+        { name: "Connect an existing Supabase project", value: "existing" },
+        { name: "Create a new Supabase project", value: "new" }
+      ]
+    });
+    if (method === "existing") {
+      const result = await connectExistingProject();
+      env2 = result.env;
+      dbPassword2 = result.dbPassword;
+    } else {
+      const result = await createNewProject(name, opts);
+      env2 = result.env;
+      dbPassword2 = result.dbPassword;
+    }
+  }
+  if (!manifest.cloud) {
+    manifest.cloud = { default: "local", environments: {} };
+  }
+  manifest.cloud.environments[name] = env2;
+  writeManifest(cwd, manifest);
+  console.log(`
+  ${blue("\u2714")} Environment "${name}" relinked to ${env2.projectRef}`);
+  saveProjectCredential(env2.projectRef, dbPassword2);
+  console.log(`  ${blue("\u2714")} Credentials stored securely`);
+  const keys = await getApiKeys(env2.projectRef);
+  let dbUrl;
+  try {
+    dbUrl = await resolvePoolerDbUrl(env2.projectRef, dbPassword2);
+  } catch {
+    dbUrl = resolveDbUrlForEnv(env2, dbPassword2);
+  }
+  const frontend = manifest.frontend;
+  const urlKey = frontend === "nextjs" ? "NEXT_PUBLIC_SUPABASE_URL" : "VITE_SUPABASE_URL";
+  const keyKey = frontend === "nextjs" ? "NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY" : "VITE_SUPABASE_PUBLISHABLE_KEY";
+  writeManagedEnv(cwd, name, {
+    [urlKey]: env2.apiUrl,
+    [keyKey]: keys.publishableKey,
+    SB_PUBLISHABLE_KEY: keys.publishableKey,
+    SB_SECRET_KEY: keys.secretKey,
+    SUPABASE_DB_URL: dbUrl
+  });
+  console.log(`  ${blue("\u2714")} .env.local updated (pooler URL from API)`);
+  writeClaudeMd({
+    projectDir: cwd,
+    mode: "cloud",
+    projectRef: env2.projectRef,
+    region: env2.region,
+    envName: name
+  });
+  console.log(`  ${blue("\u2714")} CLAUDE.md updated`);
+  console.log(`
+  ${blue("\u25CF")} Linking to Supabase project...`);
+  await runCommand(
+    `${sb()} link --project-ref ${env2.projectRef}`,
+    cwd,
+    void 0,
+    { SUPABASE_DB_PASSWORD: dbPassword2 }
+  );
+  console.log(`  ${blue("\u2714")} Linked`);
+  const migrationsDir = path8.join(cwd, "supabase", "migrations");
+  const hasMigrations = fs8.existsSync(migrationsDir) && fs8.readdirSync(migrationsDir).some((f) => f.endsWith(".sql"));
+  if (hasMigrations) {
+    console.log(`
+  ${blue("\u25CF")} Pushing migrations to new project...`);
+    await runCommand(
+      `${sb()} db push`,
+      cwd,
+      void 0,
+      { SUPABASE_DB_PASSWORD: dbPassword2 }
+    );
+    console.log(`  ${blue("\u2714")} Migrations pushed`);
+  }
+  const functionsDir = path8.join(cwd, "supabase", "functions");
+  if (fs8.existsSync(functionsDir)) {
+    const hasFunctions = fs8.readdirSync(functionsDir, { withFileTypes: true }).some((e) => e.isDirectory() && !e.name.startsWith("_"));
+    if (hasFunctions) {
+      console.log(`
+  ${blue("\u25CF")} Deploying edge functions...`);
+      await runCommand(`${sb()} functions deploy --project-ref ${env2.projectRef}`, cwd);
+      console.log(`  ${blue("\u2714")} Edge functions deployed`);
+    }
+  }
+  console.log(`
+  ${blue("Done.")} Environment "${name}" relinked to ${dim(env2.projectRef)}`);
+}
 async function scaffoldCiTemplate(cwd, envName) {
   const workflowDir = path8.join(cwd, ".github", "workflows");
   fs8.mkdirSync(workflowDir, { recursive: true });
@@ -3382,7 +3635,7 @@ import { execSync } from "child_process";
 import fs15 from "fs";
 import path15 from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
-import { confirm as confirm5, input as input4, select as select3 } from "@inquirer/prompts";
+import { confirm as confirm5, input as input5, select as select3 } from "@inquirer/prompts";
 // src/banner.ts
 var TITLE = [
@@ -3504,7 +3757,7 @@ function clearSession(name) {
 // src/scaffold.ts
 import fs13 from "fs";
 import path13 from "path";
-import { confirm as confirm3, input as input3 } from "@inquirer/prompts";
+import { confirm as confirm3, input as input4 } from "@inquirer/prompts";
 // src/claude-settings.ts
 import fs12 from "fs";
@@ -3521,7 +3774,7 @@ var CLAUDE_SETTINGS = {
       "Bash(supabase functions:*)",
       "Bash(psql:*)",
       "Bash(npx create-next-app@latest:*)",
-      "Bash(npx agentlinksh/cli?@latest:*)",
+      "Bash(npx @agentlink.sh/cli@latest:*)",
       "Bash(npm install:*)",
       "Bash(npx next:*)",
       "Bash(npx vite:*)",
@@ -3748,7 +4001,7 @@ async function scaffold(options) {
         console.log(dim(`  If you don't know this password you can reset it from your Supabase dashboard:`));
         console.log(dim(`  ${link(resetUrl)}`));
         console.log();
-        const dbPass2 = await input3({
+        const dbPass2 = await input4({
           message: "Database password for existing project",
           theme: theme3,
           validate: (val) => val.trim().length > 0 || "Password is required"
@@ -3836,16 +4089,19 @@ SUPABASE_DB_PASSWORD=${ctx.dbPass}
       }
       spinner.text = "Setting up database \u2014 Pushing infrastructure migrations";
       await runCommand(`${sb()} db push`, projectDir, void 0, cloudEnv);
-      spinner.text = "Setting up database \u2014 Writing application migration";
-      const setupBase = /* @__PURE__ */ new Date();
-      const setupContent = getTemplateSQLEntries().join("\n\n");
       const migrationsDir = path13.join(projectDir, "supabase", "migrations");
-      const setupVersion = setupBase.toISOString().replace(/\D/g, "").slice(0, 14);
-      const setupFilename = `${setupVersion}_agentlink_setup.sql`;
-      fs13.writeFileSync(path13.join(migrationsDir, setupFilename), setupContent);
-      spinner.text = "Setting up database \u2014 Writing post-setup migrations";
-      const postBase = new Date(setupBase.getTime() + 2e3);
-      writeMigrationTemplates(projectDir, POST_SETUP_MIGRATIONS, postBase);
+      const existingSetup = fs13.readdirSync(migrationsDir).find((f) => f.endsWith("_agentlink_setup.sql"));
+      if (!existingSetup) {
+        spinner.text = "Setting up database \u2014 Writing application migration";
+        const setupBase = /* @__PURE__ */ new Date();
+        const setupContent = getTemplateSQLEntries().join("\n\n");
+        const setupVersion = setupBase.toISOString().replace(/\D/g, "").slice(0, 14);
+        const setupFilename = `${setupVersion}_agentlink_setup.sql`;
+        fs13.writeFileSync(path13.join(migrationsDir, setupFilename), setupContent);
+        spinner.text = "Setting up database \u2014 Writing post-setup migrations";
+        const postBase = new Date(setupBase.getTime() + 2e3);
+        writeMigrationTemplates(projectDir, POST_SETUP_MIGRATIONS, postBase);
+      }
       spinner.text = "Setting up database \u2014 Pushing migrations";
       await runCommand(`${sb()} db push`, projectDir, void 0, cloudEnv);
       spinner.text = "Setting up database \u2014 Storing vault secrets";
@@ -3890,19 +4146,22 @@ SUPABASE_DB_PASSWORD=${ctx.dbPass}
       for (const sql of getTemplateSQLEntries()) {
         await runSQL(sql, ctx.dbUrl);
       }
-      spinner.text = "Setting up database \u2014 Writing application migration";
-      const setupBase = /* @__PURE__ */ new Date();
-      const setupContent = getTemplateSQLEntries().join("\n\n");
       const migrationsDir = path13.join(projectDir, "supabase", "migrations");
-      const setupVersion = setupBase.toISOString().replace(/\D/g, "").slice(0, 14);
-      const setupFilename = `${setupVersion}_agentlink_setup.sql`;
-      fs13.writeFileSync(path13.join(migrationsDir, setupFilename), setupContent);
-      await repairMigrations(projectDir, [setupVersion]);
-      spinner.text = "Setting up database \u2014 Writing post-setup migrations";
-      const postBase = new Date(setupBase.getTime() + 2e3);
-      const postVersions = writeMigrationTemplates(projectDir, POST_SETUP_MIGRATIONS, postBase);
-      if (postVersions.length > 0) {
-        await repairMigrations(projectDir, postVersions);
+      const existingSetup = fs13.readdirSync(migrationsDir).find((f) => f.endsWith("_agentlink_setup.sql"));
+      if (!existingSetup) {
+        spinner.text = "Setting up database \u2014 Writing application migration";
+        const setupBase = /* @__PURE__ */ new Date();
+        const setupContent = getTemplateSQLEntries().join("\n\n");
+        const setupVersion = setupBase.toISOString().replace(/\D/g, "").slice(0, 14);
+        const setupFilename = `${setupVersion}_agentlink_setup.sql`;
+        fs13.writeFileSync(path13.join(migrationsDir, setupFilename), setupContent);
+        await repairMigrations(projectDir, [setupVersion]);
+        spinner.text = "Setting up database \u2014 Writing post-setup migrations";
+        const postBase = new Date(setupBase.getTime() + 2e3);
+        const postVersions = writeMigrationTemplates(projectDir, POST_SETUP_MIGRATIONS, postBase);
+        if (postVersions.length > 0) {
+          await repairMigrations(projectDir, postVersions);
+        }
       }
       spinner.text = "Setting up database \u2014 Storing vault secrets";
       await runSQL(seedSQL(ctx.publishableKey, ctx.secretKey), ctx.dbUrl);
@@ -4720,7 +4979,7 @@ Run without --resume to start fresh.`
       if (nonInteractive) {
         throw new Error("Project name required in non-interactive mode. Provide a name as the first argument.");
       }
-      name = await input4({
+      name = await input5({
         message: "Project name",
         default: "my-app",
         theme: theme5,
@@ -4744,7 +5003,7 @@ ${red("Error:")} ${error}`);
     if (nonInteractive) {
       throw new Error("Project name required in non-interactive mode. Provide a name as the first argument.");
     }
-    name = await input4({
+    name = await input5({
       message: "Project name",
       default: "my-app",
       theme: theme5,
@@ -4959,7 +5218,7 @@ program.command("info [name]").description("Show documentation about AgentLink c
 program.command("login").description("Authenticate with Supabase via OAuth (opens browser)").action(async () => {
   try {
     const { oauthLogin } = await import("./oauth-VTSNCG7U.js");
-    const { saveCredentials: saveCredentials2, loadCredentials: loadCredentials2, credentialsPath: credentialsPath2 } = await import("./cloud-2AWCJAG5.js");
+    const { saveCredentials: saveCredentials2, loadCredentials: loadCredentials2, credentialsPath: credentialsPath2 } = await import("./cloud-QNZQNIS5.js");
     console.log();
     const tokens = await oauthLogin();
     saveCredentials2({
@@ -5073,6 +5332,35 @@ ${red("Error:")} ${err.message}`);
     process.exit(1);
   }
 });
+db.command("rebuild").description("Nuke migrations, re-apply schemas, and regenerate migration files").option("--debug", "Write debug log to agentlink-debug.log").option("--db-url <url>", "Database URL (auto-detects from .env.local or supabase status)").option("--env <name>", "Target cloud environment").action(async (opts) => {
+  if (opts.debug) initLog(true);
+  try {
+    await dbRebuild({ dbUrl: opts.dbUrl, cwd: process.cwd(), env: opts.env });
+  } catch (err) {
+    console.error(`
+${red("Error:")} ${err.message}`);
+    process.exit(1);
+  }
+});
+db.command("url").description("Show the correct pooler DB URL from Supabase (--fix to update .env.local)").option("--fix", "Update .env.local with the correct URL").option("--debug", "Write debug log to agentlink-debug.log").option("--db-url <url>", "Database URL (auto-detects from .env.local or supabase status)").option("--env <name>", "Target cloud environment").action(async (opts) => {
+  if (opts.debug) initLog(true);
+  try {
+    await dbUrlCheck({ dbUrl: opts.dbUrl, cwd: process.cwd(), env: opts.env, fix: opts.fix });
+  } catch (err) {
+    console.error(`
+${red("Error:")} ${err.message}`);
+    process.exit(1);
+  }
+});
+db.command("password [value]").description("Show or set the database password for the active cloud project").action(async (value) => {
+  try {
+    await dbPassword(process.cwd(), value);
+  } catch (err) {
+    console.error(`
+${red("Error:")} ${err.message}`);
+    process.exit(1);
+  }
+});
 program.addCommand(db);
 program.command("deploy").description("Deploy schema changes and edge functions to a target environment").option("--env <name>", "Target environment (default: prod)").option("--ci", "Non-interactive mode for CI/CD").option("--allow-warnings", "Proceed past data-risk warnings (CI only)").option("--dry-run", "Show what would be deployed without applying").option("--setup-ci", "Scaffold GitHub Actions workflow").option("--debug", "Write debug log to agentlink-debug.log").action(async (opts) => {
   if (opts.debug) initLog(true);
@@ -5114,6 +5402,16 @@ ${red("Error:")} ${err.message}`);
     process.exit(1);
   }
 });
+env.command("relink <name>").description("Relink an environment to a new Supabase project (keeps migrations)").option("--token <token>", "Supabase access token").option("--org <id>", "Supabase organization ID").option("--region <region>", "Supabase Cloud region").option("--project-ref <ref>", "Connect to an existing Supabase project").option("--non-interactive", "Error instead of prompting").option("--debug", "Write debug log to agentlink-debug.log").action(async (name, opts) => {
+  if (opts.debug) initLog(true);
+  try {
+    await envRelink(name, process.cwd(), opts);
+  } catch (err) {
+    console.error(`
+${red("Error:")} ${err.message}`);
+    process.exit(1);
+  }
+});
 env.command("remove <name>").description("Remove a cloud environment").option("-y, --yes", "Skip confirmation").option("--debug", "Write debug log to agentlink-debug.log").action(async (name, opts) => {
   if (opts.debug) initLog(true);
   try {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@agentlink.sh/cli",
-  "version": "0.11.0",
+  "version": "0.12.0",
   "description": "CLI for scaffolding Supabase apps with AI agents",
   "bin": {
     "agentlink": "dist/index.js"