@better-update/cli 0.3.0 → 0.3.2

package/src/lib/pkcs12.ts

@@ -1,73 +0,0 @@
-/* eslint-disable typescript/no-unsafe-assignment, typescript/no-unsafe-member-access, typescript/no-unsafe-call -- @expo/pkcs12 exports declare node-forge cert shapes as `any`; this file is the narrowing boundary that produces the typed P12Info for the rest of the CLI */
-
-import { getFormattedSerialNumber, getX509Certificate, parsePKCS12 } from "@expo/pkcs12";
-import { Effect } from "effect";
-
-import { CredentialValidationError } from "./exit-codes";
-
-export interface P12Info {
-  readonly serialNumber: string;
-  readonly validFrom: Date | undefined;
-  readonly expiresAt: Date | undefined;
-  readonly subject: string;
-  readonly issuerCN: string | undefined;
-  readonly signingIdentity: string;
-  readonly teamId: string | undefined;
-}
-
-const APPLE_TEAM_ID_RE = /^[A-Z0-9]{10}$/u;
-
-const extractTeamId = (params: {
-  readonly signingIdentity: string;
-  readonly orgUnit: string | undefined;
-}): string | undefined => {
-  if (params.orgUnit && APPLE_TEAM_ID_RE.test(params.orgUnit)) {
-    return params.orgUnit;
-  }
-  const parenMatch = /\(([A-Z0-9]{10})\)\s*$/u.exec(params.signingIdentity);
-  return parenMatch?.[1];
-};
-
-/**
- * Parse a PKCS#12 (.p12) buffer and extract certificate metadata.
- */
-export const inspectP12 = (params: {
-  readonly data: Buffer;
-  readonly password: string;
-}): Effect.Effect<P12Info, CredentialValidationError> =>
-  Effect.try({
-    try: () => {
-      const p12 = parsePKCS12(params.data, params.password);
-      const cert = getX509Certificate(p12);
-
-      const serialNumber = getFormattedSerialNumber(cert) ?? "unknown";
-
-      const validFrom =
-        cert.validity.notBefore instanceof Date ? cert.validity.notBefore : undefined;
-      const expiresAt = cert.validity.notAfter instanceof Date ? cert.validity.notAfter : undefined;
-
-      const subjectParts = cert.subject.attributes.map(
-        (attr: { shortName?: string; name: string; value: unknown }) =>
-          `${attr.shortName ?? attr.name}=${String(attr.value)}`,
-      );
-      const subject = subjectParts.join(", ");
-
-      const issuerCNValue = cert.issuer.getField("CN")?.value;
-      const issuerCN = typeof issuerCNValue === "string" ? issuerCNValue : undefined;
-
-      // Signing identity = Common Name from subject, e.g. "Apple Distribution: Name (TEAMID)"
-      const cnValue = cert.subject.getField("CN")?.value;
-      const cn = typeof cnValue === "string" ? cnValue : undefined;
-      const signingIdentity = cn ?? subject;
-      const orgUnitValue = cert.subject.getField("OU")?.value;
-      const orgUnit = typeof orgUnitValue === "string" ? orgUnitValue : undefined;
-
-      const teamId = extractTeamId({ signingIdentity, orgUnit });
-
-      return { serialNumber, validFrom, expiresAt, subject, issuerCN, signingIdentity, teamId };
-    },
-    catch: (error) =>
-      new CredentialValidationError({
-        message: `Failed to parse P12 certificate: ${error instanceof Error ? error.message : String(error)}`,
-      }),
-  });

package/src/lib/plist.ts

@@ -1,39 +0,0 @@
-import plist from "@expo/plist";
-
-import type { PlistObject } from "@expo/plist";
-// eslint-disable-next-line import-plugin/no-namespace -- bplist-parser typings have no named export; used only as `typeof BplistParser` for the CJS require result
-import type * as BplistParser from "bplist-parser";
-
-export type { PlistObject, PlistValue } from "@expo/plist";
-
-/**
- * Parse an XML plist string into a typed object.
- * Throws on malformed XML — callers should wrap in Effect.try.
- */
-export const parsePlistXml = (xml: string): PlistObject =>
-  // eslint-disable-next-line typescript/no-unsafe-type-assertion -- @expo/plist.parse returns `any`; PlistObject is the library's declared shape for XML plists
-  plist.parse(xml) as PlistObject;
-
-/**
- * Parse a binary plist buffer into a typed object.
- * Uses bplist-parser for Apple's binary plist format.
- */
-export const parsePlistBinary = (buffer: Buffer): PlistObject => {
-  const bplistParser =
-    // eslint-disable-next-line typescript/no-unsafe-type-assertion -- CJS require returns `any`; narrow to the package's own typings at the boundary
-    require("bplist-parser") as typeof BplistParser;
-  // eslint-disable-next-line typescript/no-unsafe-assignment -- bplist-parser typings declare parseBuffer<T>(): T[] with T=any in the shipped .d.ts
-  const [result] = bplistParser.parseBuffer(buffer);
-  // eslint-disable-next-line typescript/no-unsafe-type-assertion -- bplist-parser typings return `any[]`; PlistObject is the superset shape we consume
-  return result as PlistObject;
-};
-
-const BPLIST_MAGIC = Buffer.from("bplist00");
-
-/**
- * Auto-detect plist format (binary vs XML) and parse accordingly.
- */
-export const parsePlist = (data: Buffer): PlistObject =>
-  data.subarray(0, 8).equals(BPLIST_MAGIC)
-    ? parsePlistBinary(data)
-    : parsePlistXml(data.toString("utf8"));

package/src/lib/post-build-validation.ts

@@ -1,146 +0,0 @@
-import path from "node:path";
-
-import { Command, FileSystem } from "@effect/platform";
-import { Console, Effect } from "effect";
-
-import type { CommandExecutor } from "@effect/platform";
-
-import { parsePlist, parsePlistXml } from "./plist";
-
-export interface IosValidationParams {
-  readonly archivePath: string;
-  readonly expectedBundleId: string;
-  readonly expectedTeamId: string;
-  readonly expectedProfileUuid: string;
-}
-
-export interface ValidationResult {
-  readonly passed: boolean;
-  readonly warnings: readonly string[];
-}
-
-/**
- * Validate an iOS build after xcodebuild completes. Checks:
- * 1. Bundle ID matches expected value
- * 2. Provisioning profile UUID matches
- * 3. Team ID matches
- *
- * All checks are non-blocking — returns warnings, never fails the build.
- */
-export const validateIosBuild = (
-  params: IosValidationParams,
-): Effect.Effect<
-  ValidationResult,
-  never,
-  CommandExecutor.CommandExecutor | FileSystem.FileSystem
-> =>
-  Effect.gen(function* () {
-    const appDir = yield* findAppDirectory(params.archivePath).pipe(
-      Effect.catchAll(() => Effect.succeed(undefined)),
-    );
-
-    if (!appDir) {
-      const warnings = ["Could not locate .app bundle in archive — skipping post-build validation"];
-      return { passed: false, warnings };
-    }
-
-    const bundleWarning = yield* checkBundleId(appDir, params.expectedBundleId).pipe(
-      Effect.catchAll(() => Effect.succeed(undefined)),
-    );
-
-    const profileWarnings = yield* checkEmbeddedProfile(
-      appDir,
-      params.expectedProfileUuid,
-      params.expectedTeamId,
-    ).pipe(Effect.catchAll(() => Effect.succeed([] as readonly string[])));
-
-    const warnings: readonly string[] = [
-      ...(bundleWarning ? [bundleWarning] : []),
-      ...profileWarnings,
-    ];
-
-    if (warnings.length > 0) {
-      yield* Console.warn("Post-build validation warnings:");
-      for (const warning of warnings) {
-        yield* Console.warn(`  - ${warning}`);
-      }
-    }
-
-    return { passed: warnings.length === 0, warnings };
-  });
-
-// ── helpers ──────────────────────────────────────────────────────
-
-const findAppDirectory = (
-  archivePath: string,
-): Effect.Effect<string, unknown, FileSystem.FileSystem> =>
-  Effect.gen(function* () {
-    const fs = yield* FileSystem.FileSystem;
-    const productsDir = path.join(archivePath, "Products", "Applications");
-    const entries = yield* fs.readDirectory(productsDir);
-    const appEntry = entries.find((entry) => entry.endsWith(".app"));
-    if (!appEntry) {
-      return yield* Effect.fail("No .app found");
-    }
-    return path.join(productsDir, appEntry);
-  });
-
-const checkBundleId = (
-  appDir: string,
-  expectedBundleId: string,
-): Effect.Effect<string | undefined, unknown, FileSystem.FileSystem> =>
-  Effect.gen(function* () {
-    const fs = yield* FileSystem.FileSystem;
-    const plistPath = path.join(appDir, "Info.plist");
-    const data = yield* fs.readFile(plistPath);
-    const parsed = parsePlist(Buffer.from(data));
-    const actualBundleId = parsed["CFBundleIdentifier"];
-
-    if (typeof actualBundleId === "string" && actualBundleId !== expectedBundleId) {
-      return `Bundle ID mismatch: expected "${expectedBundleId}", got "${actualBundleId}"`;
-    }
-    return undefined;
-  });
-
-const checkEmbeddedProfile = (
-  appDir: string,
-  expectedUuid: string,
-  expectedTeamId: string,
-): Effect.Effect<
-  readonly string[],
-  unknown,
-  CommandExecutor.CommandExecutor | FileSystem.FileSystem
-> =>
-  Effect.gen(function* () {
-    const warnings: string[] = [];
-    const profilePath = path.join(appDir, "embedded.mobileprovision");
-
-    // Use security cms to decrypt the profile (it's CMS-signed)
-    const plistXml = yield* Command.string(
-      Command.make("security", "cms", "-D", "-i", profilePath),
-    );
-
-    const parsed = parsePlistXml(plistXml);
-
-    const actualUuid = parsed["UUID"];
-    if (typeof actualUuid === "string" && actualUuid !== expectedUuid) {
-      warnings.push(`Profile UUID mismatch: expected "${expectedUuid}", got "${actualUuid}"`);
-    }
-
-    const teamIdentifiers = parsed["TeamIdentifier"];
-    if (Array.isArray(teamIdentifiers)) {
-      // eslint-disable-next-line typescript/no-unsafe-assignment -- @expo/plist types array entries as any; narrowed via typeof check below
-      const [actualTeamId] = teamIdentifiers;
-      if (typeof actualTeamId === "string" && actualTeamId !== expectedTeamId) {
-        warnings.push(`Team ID mismatch: expected "${expectedTeamId}", got "${actualTeamId}"`);
-      }
-    }
-
-    // Check expiration
-    const expirationDate = parsed["ExpirationDate"];
-    if (expirationDate instanceof Date && expirationDate.getTime() < Date.now()) {
-      warnings.push(`Embedded provisioning profile expired on ${expirationDate.toISOString()}`);
-    }
-
-    return warnings;
-  });

package/src/lib/presigned-upload.test.ts

@@ -1,140 +0,0 @@
-import { mkdtempSync, rmSync, writeFileSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
-
-import { HttpClient, HttpClientResponse, FileSystem } from "@effect/platform";
-import { BunFileSystem } from "@effect/platform-bun";
-import { it } from "@effect/vitest";
-import { Effect, Exit, Layer } from "effect";
-
-import { PresignedUploadClientLive } from "../services/presigned-upload";
-import { PresignedUrlExpiredError, UploadFailedError } from "./exit-codes";
-import { putToPresignedUrl } from "./presigned-upload";
-import { failureError } from "./test-utils";
-
-// ── helpers ───────────────────────────────────────────────────────
-
-const makeHttpClientLayer = (
-  respond: () => globalThis.Response,
-): Layer.Layer<HttpClient.HttpClient> =>
-  Layer.succeed(
-    HttpClient.HttpClient,
-    HttpClient.make((request) => Effect.sync(() => HttpClientResponse.fromWeb(request, respond()))),
-  );
-
-// In-memory noop filesystem for the "expired" branch where the file is never opened.
-const noopFsLayer: Layer.Layer<FileSystem.FileSystem> = FileSystem.layerNoop({});
-
-const makePresignedUploadLayer = (
-  fileSystemLayer: Layer.Layer<FileSystem.FileSystem>,
-  respond: () => globalThis.Response,
-) =>
-  PresignedUploadClientLive.pipe(
-    Layer.provide(Layer.mergeAll(fileSystemLayer, makeHttpClientLayer(respond))),
-  );
-
-const withTempFile = (bytes: Buffer): { path: string; dispose: () => void } => {
-  const dir = mkdtempSync(join(tmpdir(), "presigned-test-"));
-  const filePath = join(dir, "artifact.bin");
-  writeFileSync(filePath, bytes);
-  return {
-    path: filePath,
-    dispose: () => rmSync(dir, { recursive: true, force: true }),
-  };
-};
-
-const futureExpiry = () => new Date(Date.now() + 60 * 60 * 1000).toISOString();
-const pastExpiry = () => new Date(Date.now() - 1000).toISOString();
-
-// ── tests ─────────────────────────────────────────────────────────
-
-describe(putToPresignedUrl, () => {
-  it.effect("fails with PresignedUrlExpiredError when expiry is in the past", () =>
-    Effect.gen(function* () {
-      const exit = yield* putToPresignedUrl({
-        url: "https://example.com/upload",
-        filePath: "/dev/null",
-        byteSize: 0,
-        expiresAt: pastExpiry(),
-      }).pipe(
-        Effect.provide(
-          makePresignedUploadLayer(noopFsLayer, () => new Response(null, { status: 200 })),
-        ),
-        Effect.exit,
-      );
-      expect(Exit.isFailure(exit)).toBe(true);
-      if (Exit.isFailure(exit)) {
-        const error = failureError(exit);
-        expect(error).toBeInstanceOf(PresignedUrlExpiredError);
-      }
-    }),
-  );
-
-  it.effect("fails with PresignedUrlExpiredError within 30s safety margin", () =>
-    Effect.gen(function* () {
-      const inTenSeconds = new Date(Date.now() + 10_000).toISOString();
-      const exit = yield* putToPresignedUrl({
-        url: "https://example.com/upload",
-        filePath: "/dev/null",
-        byteSize: 0,
-        expiresAt: inTenSeconds,
-      }).pipe(
-        Effect.provide(
-          makePresignedUploadLayer(noopFsLayer, () => new Response(null, { status: 200 })),
-        ),
-        Effect.exit,
-      );
-      expect(Exit.isFailure(exit)).toBe(true);
-      if (Exit.isFailure(exit)) {
-        const error = failureError(exit);
-        expect(error).toBeInstanceOf(PresignedUrlExpiredError);
-      }
-    }),
-  );
-
-  it.effect("succeeds on 2xx response", () =>
-    Effect.gen(function* () {
-      const file = withTempFile(Buffer.from("hello world"));
-      const exit = yield* putToPresignedUrl({
-        url: "https://example.com/upload",
-        filePath: file.path,
-        byteSize: 11,
-        expiresAt: futureExpiry(),
-      }).pipe(
-        Effect.provide(
-          makePresignedUploadLayer(BunFileSystem.layer, () => new Response(null, { status: 200 })),
-        ),
-        Effect.ensuring(Effect.sync(file.dispose)),
-        Effect.exit,
-      );
-      expect(Exit.isSuccess(exit)).toBe(true);
-    }),
-  );
-
-  it.effect("fails with UploadFailedError on 403 response", () =>
-    Effect.gen(function* () {
-      const file = withTempFile(Buffer.from("hello world"));
-      const exit = yield* putToPresignedUrl({
-        url: "https://example.com/upload",
-        filePath: file.path,
-        byteSize: 11,
-        expiresAt: futureExpiry(),
-      }).pipe(
-        Effect.provide(
-          makePresignedUploadLayer(
-            BunFileSystem.layer,
-            () => new Response("AccessDenied", { status: 403, statusText: "Forbidden" }),
-          ),
-        ),
-        Effect.ensuring(Effect.sync(file.dispose)),
-        Effect.exit,
-      );
-      expect(Exit.isFailure(exit)).toBe(true);
-      if (Exit.isFailure(exit)) {
-        const error = failureError(exit);
-        expect(error).toBeInstanceOf(UploadFailedError);
-        expect((error as UploadFailedError).message).toContain("403");
-      }
-    }),
-  );
-});

package/src/lib/presigned-upload.ts

@@ -1,35 +0,0 @@
-import { Effect } from "effect";
-
-import { PresignedUploadClient } from "../services/presigned-upload";
-
-import type { PresignedUrlExpiredError, UploadFailedError } from "./exit-codes";
-
-export interface PutToPresignedUrlOptions {
-  readonly url: string;
-  readonly filePath: string;
-  readonly byteSize: number;
-  readonly expiresAt: string;
-  readonly headers?: Record<string, string>;
-}
-
-export const putToPresignedUrl = ({
-  url,
-  filePath,
-  byteSize,
-  expiresAt,
-  headers,
-}: PutToPresignedUrlOptions): Effect.Effect<
-  void,
-  PresignedUrlExpiredError | UploadFailedError,
-  PresignedUploadClient
-> =>
-  Effect.gen(function* () {
-    const presignedUploadClient = yield* PresignedUploadClient;
-    yield* presignedUploadClient.putToPresignedUrl({
-      url,
-      filePath,
-      byteSize,
-      expiresAt,
-      ...(headers === undefined ? {} : { headers }),
-    });
-  });

package/src/lib/record.ts

@@ -1,5 +0,0 @@
-export const isRecord = (value: unknown): value is Record<string, unknown> =>
-  value !== null && typeof value === "object" && !Array.isArray(value);
-
-export const asRecord = (value: unknown): Record<string, unknown> | undefined =>
-  isRecord(value) ? value : undefined;

package/src/lib/resolve-named-resource.ts

@@ -1,24 +0,0 @@
-import { Effect } from "effect";
-
-interface NamedResource {
-  readonly id: string;
-  readonly name: string;
-}
-
-export const resolveNamedResourceId = <Err>(
-  params: {
-    readonly items: readonly NamedResource[];
-    readonly kind: string;
-    readonly name: string;
-  },
-  makeError: (message: string) => Err,
-): Effect.Effect<string, Err> =>
-  Effect.gen(function* () {
-    const match = params.items.find((item) => item.name === params.name);
-    if (match === undefined) {
-      return yield* Effect.fail(
-        makeError(`${params.kind} "${params.name}" not found in the linked project.`),
-      );
-    }
-    return match.id;
-  });

package/src/lib/runtime-version.test.ts

@@ -1,119 +0,0 @@
-import { CommandExecutor } from "@effect/platform";
-import { it } from "@effect/vitest";
-import { Effect, Exit } from "effect";
-
-import { RuntimeVersionError } from "./exit-codes";
-import { resolveRuntimeVersion } from "./runtime-version";
-import { failureError } from "./test-utils";
-
-// ── helpers ───────────────────────────────────────────────────────
-
-const makeStubExecutor = (stdout: string): CommandExecutor.CommandExecutor =>
-  ({
-    [CommandExecutor.TypeId]: CommandExecutor.TypeId,
-    string: () => Effect.succeed(stdout),
-  }) as unknown as CommandExecutor.CommandExecutor;
-
-const provideStubExecutor = (stdout: string) =>
-  Effect.provideService(CommandExecutor.CommandExecutor, makeStubExecutor(stdout));
-
-// ── tests ─────────────────────────────────────────────────────────
-
-describe(resolveRuntimeVersion, () => {
-  it.effect("returns literal string as-is", () =>
-    Effect.gen(function* () {
-      const result = yield* resolveRuntimeVersion({
-        raw: "1.2.3",
-        appVersion: "9.9.9",
-        projectRoot: ".",
-      }).pipe(provideStubExecutor(""));
-      expect(result).toBe("1.2.3");
-    }),
-  );
-
-  it.effect('resolves {policy:"appVersion"} to appVersion', () =>
-    Effect.gen(function* () {
-      const result = yield* resolveRuntimeVersion({
-        raw: { policy: "appVersion" },
-        appVersion: "2.5.0",
-        projectRoot: ".",
-      }).pipe(provideStubExecutor(""));
-      expect(result).toBe("2.5.0");
-    }),
-  );
-
-  it.effect('fails when policy "appVersion" has no expo.version', () =>
-    Effect.gen(function* () {
-      const exit = yield* resolveRuntimeVersion({
-        raw: { policy: "appVersion" },
-        appVersion: undefined,
-        projectRoot: ".",
-      }).pipe(provideStubExecutor(""), Effect.exit);
-      expect(Exit.isFailure(exit)).toBe(true);
-    }),
-  );
-
-  it.effect('resolves {policy:"fingerprint"} via CommandExecutor JSON hash', () =>
-    Effect.gen(function* () {
-      const result = yield* resolveRuntimeVersion({
-        raw: { policy: "fingerprint" },
-        appVersion: undefined,
-        projectRoot: ".",
-      }).pipe(provideStubExecutor('{"hash":"abc123","sources":[]}'));
-      expect(result).toBe("abc123");
-    }),
-  );
-
-  it.effect("fails when fingerprint stdout is not JSON", () =>
-    Effect.gen(function* () {
-      const exit = yield* resolveRuntimeVersion({
-        raw: { policy: "fingerprint" },
-        appVersion: undefined,
-        projectRoot: ".",
-      }).pipe(provideStubExecutor("not-json"), Effect.exit);
-      expect(Exit.isFailure(exit)).toBe(true);
-      if (Exit.isFailure(exit)) {
-        const error = failureError(exit);
-        expect(error).toBeInstanceOf(RuntimeVersionError);
-      }
-    }),
-  );
-
-  it.effect("fails when fingerprint JSON has no hash field", () =>
-    Effect.gen(function* () {
-      const exit = yield* resolveRuntimeVersion({
-        raw: { policy: "fingerprint" },
-        appVersion: undefined,
-        projectRoot: ".",
-      }).pipe(provideStubExecutor('{"sources":[]}'), Effect.exit);
-      expect(Exit.isFailure(exit)).toBe(true);
-    }),
-  );
-
-  it.effect('fails with guidance on policy "nativeVersion"', () =>
-    Effect.gen(function* () {
-      const exit = yield* resolveRuntimeVersion({
-        raw: { policy: "nativeVersion" },
-        appVersion: undefined,
-        projectRoot: ".",
-      }).pipe(provideStubExecutor(""), Effect.exit);
-      expect(Exit.isFailure(exit)).toBe(true);
-      if (Exit.isFailure(exit)) {
-        const error = failureError(exit);
-        expect(error).toBeInstanceOf(RuntimeVersionError);
-        expect(error!.message).toContain("nativeVersion");
-      }
-    }),
-  );
-
-  it.effect("fails when runtimeVersion is missing entirely", () =>
-    Effect.gen(function* () {
-      const exit = yield* resolveRuntimeVersion({
-        raw: undefined,
-        appVersion: "1.0.0",
-        projectRoot: ".",
-      }).pipe(provideStubExecutor(""), Effect.exit);
-      expect(Exit.isFailure(exit)).toBe(true);
-    }),
-  );
-});

package/src/lib/runtime-version.ts

@@ -1,62 +0,0 @@
-import { Effect } from "effect";
-
-import type { CommandExecutor } from "@effect/platform";
-
-import { RuntimeVersionError } from "./exit-codes";
-import { runFingerprintFull } from "./fingerprint";
-
-import type { RawRuntimeVersion } from "./build-profile";
-
-export interface ResolveRuntimeVersionOptions {
-  readonly raw: RawRuntimeVersion | undefined;
-  readonly appVersion: string | undefined;
-  readonly projectRoot: string;
-}
-
-export const resolveRuntimeVersion = ({
-  raw,
-  appVersion,
-  projectRoot,
-}: ResolveRuntimeVersionOptions): Effect.Effect<
-  string,
-  RuntimeVersionError,
-  CommandExecutor.CommandExecutor
-> =>
-  Effect.gen(function* () {
-    if (typeof raw === "string") {
-      return raw;
-    }
-    if (raw === undefined) {
-      return yield* new RuntimeVersionError({
-        message: "No runtimeVersion configured in expo section of app.json.",
-      });
-    }
-
-    const { policy } = raw;
-    if (policy === "appVersion") {
-      if (appVersion === undefined) {
-        return yield* new RuntimeVersionError({
-          message: 'runtimeVersion policy is "appVersion" but expo.version is missing in app.json.',
-        });
-      }
-      return appVersion;
-    }
-
-    if (policy === "fingerprint") {
-      return yield* runFingerprintFull(projectRoot).pipe(
-        Effect.map((result) => result.hash),
-        Effect.mapError((cause) => new RuntimeVersionError({ message: cause.message })),
-      );
-    }
-
-    if (policy === "nativeVersion") {
-      return yield* new RuntimeVersionError({
-        message:
-          'runtimeVersion policy "nativeVersion" is not supported. Set a static runtimeVersion string in app.json.',
-      });
-    }
-
-    return yield* new RuntimeVersionError({
-      message: `Unsupported runtimeVersion policy "${policy}". Use a static string, "appVersion", or "fingerprint".`,
-    });
-  });