@canaryai/cli 0.2.7 → 0.2.9

package/README.md

@@ -1,6 +1,6 @@
 # Canary CLI
 
-Run local test runs, expose your local app via a tunnel, and stream results into Canary.
+Run tests, query issues, and manage AI agent skill templates from the command line.
 
 ## Install
 
@@ -12,122 +12,107 @@ bun add -g @canaryai/cli
 
 ## Login
 
+Authenticate with your Canary account before using the CLI:
+
 ```bash
-canary login              # production (default)
-canary login --env dev    # dev environment
-canary login --env local  # local development
+canary login
 ```
 
 Options:
-- `--env <env>` - Environment to login to: `prod`, `dev`, or `local`
-- `--api-url <url>` - Custom API URL (overrides --env)
-- `--app-url <url>` - Custom app URL (overrides --env)
+- `--org <name>` - Select organization by name or ID (for multi-org users)
+- `--app-url <url>` - Custom app URL (e.g. `http://localhost:5173` for local dev)
+- `--api-url <url>` - Custom API URL (e.g. `http://localhost:3000` for local dev)
 - `--no-open` - Don't auto-open browser
 
-## Quickstart (local testing)
-
-1) Start your app locally.
-2) Start a run (auto-tunnel + run):
+To switch environments, set `CANARY_API_URL`:
 
 ```bash
-canary run --port 5173 --title "Login smoke"
+export CANARY_API_URL=http://localhost:3000
+canary login --app-url http://localhost:5173
 ```
 
-3) Open the watch URL printed in the terminal.
+## Run Tests
 
-## Tunnel only
+### Local Playwright tests
 
 ```bash
-canary tunnel --port 5173
+canary test
+canary test --grep "login" --headed --workers 1
 ```
 
-## MCP server
+All standard Playwright options are passed through.
+
+### Remote workflow tests
 
 ```bash
-canary mcp
+canary test --remote
+canary test --remote --tag smoke
+canary test --remote --property "My App" --environment staging
 ```
 
-Tools:
-- `local_run_tests` (port, instructions, title)
-- `local_wait_for_results` (runId)
+Options:
+- `--token <key>` - API key (or set `CANARY_API_TOKEN`)
+- `--api-url <url>` - API URL (default: `https://api.trycanary.ai`)
+- `--property <name|id>` - Target a specific property
+- `--environment <name|id>` - Target a specific environment
+- `--tag <tag>` - Filter workflows by tag
+- `--name-pattern <pat>` - Filter workflows by name pattern
+- `--verbose, -v` - Show all events
+
+## Issues
 
-## PSQL (superadmin only)
+Search and inspect QA issues detected by Canary.
 
-Execute read-only SQL queries against the production database. Requires superadmin privileges and the `cli.psql.enabled` knob to be enabled.
+### List issues
 
 ```bash
-canary psql "SELECT id, status FROM jobs LIMIT 5"
-canary psql "SELECT * FROM jobs WHERE status = 'running'" --json
+canary issues list
+canary issues list --severity high --status open
+canary issues list --search "timeout" --format markdown
 ```
 
 Options:
-- `--json` - Output results as JSON instead of a table
-- `--query <sql>` - Alternative to positional query argument
-
-Limits:
-- Query size: 10KB max (for larger queries, use psql directly)
-- Query timeout: 30s default (configurable via `cli.psql.timeout_ms` knob)
-- Result rows: 10K max (results truncated if exceeded)
-
-### Security Model
-
-The read-only PostgreSQL user (`debug_agent`) provides the **primary security layer** - it has SELECT-only privileges enforced at the database level. Any modification attempts will fail at the database regardless of other controls.
-
-Keyword validation serves as a **secondary defense-in-depth** measure that:
-1. Prevents modification attempts from reaching the database
-2. Triggers Slack alerts and auto-disables the feature on suspicious activity
-3. Provides an audit trail of attempted misuse
-
-Blocked keywords include: INSERT, UPDATE, DELETE, DROP, ALTER, CREATE, TRUNCATE, GRANT, REVOKE, VACUUM, REINDEX, COPY, EXECUTE, CALL, DO, PREPARE, SET, RESET, LOCK, COMMIT, ROLLBACK, LISTEN, NOTIFY.
-
-### Security Controls Summary
-
-| Control | Purpose |
-|---------|---------|
-| Superadmin auth | Only trusted operators can access |
-| `cli.psql.enabled` knob | Feature disabled by default, requires explicit enablement |
-| Read-only DB user | Database-level protection against modifications |
-| Keyword detection | Early blocking + alerting on suspicious queries |
-| Auto-disable | Feature self-disables on modification attempts |
-| Slack alerts | Immediate notification to security team |
-| Query timeout | Prevents long-running queries from impacting production |
-| Row limits | Prevents accidental full table dumps |
-| RDS query logging | Infrastructure-level audit logging of all queries
-
-## Environment variables
-
-- `CANARY_API_URL` (default `https://api.trycanary.ai`)
-- `CANARY_APP_URL` (default `https://app.trycanary.ai`)
-- `CANARY_API_TOKEN` (optional; `canary login` stores a token automatically)
-- `CANARY_LOCAL_PORT` (optional default port for `canary run` / `canary tunnel`)
-
-## Programmatic usage
-
-You can trigger a suite programmatically without shelling out to the CLI:
-
-```ts
-import { canary } from "@canaryai/cli";
-
-const result = await canary.run({
-  projectRoot: "/path/to/repo",
-  testDir: ["tests/smoke"],
-  cliArgs: ["--grep", "login"],
-  healing: {
-    apiKey: process.env.AI_API_KEY,
-    provider: "openai",
-    model: "gpt-4o-mini",
-    timeoutMs: 120_000,
-    maxActions: 50,
-    warnOnly: true,
-  },
-  stdio: "pipe",
-});
-
-if (!result.ok) {
-  console.error("suite failed", result.summary);
-}
+- `--search <query>` - Full-text search
+- `--severity <level>` - Filter: `low`, `medium`, `high`, `unknown`
+- `--status <statuses>` - Filter: `open`, `closed`, `not_a_bug` (comma-separated)
+- `--property-id <uuid>` - Filter by property
+- `--page <n>` - Page number (default: 1)
+- `--page-size <n>` - Page size (default: 25)
+- `--json` - Output raw JSON
+- `--format markdown` - Output as markdown
+
+### Get issue details
+
+```bash
+canary issues get <issue-id>
+canary issues get <issue-id> --format markdown
 ```
 
-Notes:
-- Defaults mirror the CLI: healing on, Playwright config respected.
-- `result.summary` is derived from Playwright’s JSON reporter plus healed counts from the AI event log.
+## AI Agent Skill Templates
+
+Output reusable skill templates that teach AI agents (Claude Code, Cursor, etc.) how to use the Canary CLI:
+
+```bash
+canary skill help                    # list available templates
+canary skill issue-log-xref          # output a template to stdout
+canary skill issue-log-xref > .claude/skills/issue-log-xref.md  # install it
+```
+
+## Release QA (CI/CD)
+
+Trigger and monitor Release QA runs from CI pipelines:
+
+```bash
+canary release trigger --property-id <uuid>
+canary release status <run-id>
+canary release run --property-id <uuid> --timeout 600
+```
+
+## Environment Variables
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `CANARY_API_URL` | `https://api.trycanary.ai` | API endpoint |
+| `CANARY_APP_URL` | `https://app.trycanary.ai` | App URL for login |
+| `CANARY_API_TOKEN` | — | API key (alternative to `canary login`) |
+| `CANARY_LOCAL_PORT` | — | Default port for `canary run` / `canary tunnel` |

package/dist/chunk-C2PGZRYK.js

@@ -0,0 +1,167 @@
+import { createRequire as __cr } from "module"; const require = __cr(import.meta.url);
+
+// src/session/daemon-client.ts
+import { spawn } from "child_process";
+import fs from "fs/promises";
+import path from "path";
+import os from "os";
+var PIDFILE_DIR = path.join(os.homedir(), ".config", "canary-cli");
+var PIDFILE_PATH = path.join(PIDFILE_DIR, "daemon.json");
+var HEALTH_POLL_INTERVAL_MS = 100;
+var HEALTH_POLL_TIMEOUT_MS = 15e3;
+async function readPidfile() {
+  try {
+    const content = await fs.readFile(PIDFILE_PATH, "utf-8");
+    return JSON.parse(content);
+  } catch {
+    return null;
+  }
+}
+function isProcessAlive(pid) {
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function daemonFetch(port, method, path2, body) {
+  const url = `http://127.0.0.1:${port}${path2}`;
+  const res = await fetch(url, {
+    method,
+    headers: body ? { "Content-Type": "application/json" } : void 0,
+    body: body ? JSON.stringify(body) : void 0
+  });
+  return res.json();
+}
+async function healthCheck(port) {
+  try {
+    const res = await fetch(`http://127.0.0.1:${port}/health`, {
+      signal: AbortSignal.timeout(2e3)
+    });
+    return res.ok;
+  } catch {
+    return false;
+  }
+}
+async function spawnDaemon() {
+  const cliEntry = path.resolve(
+    path.dirname(new URL(import.meta.url).pathname),
+    "..",
+    "index.ts"
+  );
+  const child = spawn(process.execPath, ["--bun", cliEntry, "session", "daemon"], {
+    detached: true,
+    stdio: ["ignore", "pipe", "ignore"],
+    env: { ...process.env }
+  });
+  child.unref();
+  return new Promise((resolve, reject) => {
+    let output = "";
+    const timeout = setTimeout(() => {
+      reject(new Error("Daemon startup timed out"));
+    }, HEALTH_POLL_TIMEOUT_MS);
+    child.stdout.on("data", (data) => {
+      output += data.toString();
+      const match = output.match(/DAEMON_READY:(\d+)/);
+      if (match) {
+        clearTimeout(timeout);
+        resolve(parseInt(match[1], 10));
+      }
+    });
+    child.on("error", (err) => {
+      clearTimeout(timeout);
+      reject(err);
+    });
+    child.on("exit", (code) => {
+      clearTimeout(timeout);
+      if (!output.includes("DAEMON_READY")) {
+        reject(new Error(`Daemon exited with code ${code} before becoming ready`));
+      }
+    });
+  });
+}
+async function ensureDaemon() {
+  const state = await readPidfile();
+  if (state) {
+    if (isProcessAlive(state.pid)) {
+      if (await healthCheck(state.port)) {
+        return state.port;
+      }
+    }
+    try {
+      await fs.unlink(PIDFILE_PATH);
+    } catch {
+    }
+  }
+  const port = await spawnDaemon();
+  const deadline = Date.now() + HEALTH_POLL_TIMEOUT_MS;
+  while (Date.now() < deadline) {
+    if (await healthCheck(port)) return port;
+    await new Promise((r) => setTimeout(r, HEALTH_POLL_INTERVAL_MS));
+  }
+  throw new Error("Daemon failed to become healthy after spawn");
+}
+async function createSession(params) {
+  const port = await ensureDaemon();
+  return daemonFetch(port, "POST", "/sessions", params);
+}
+async function listSessions() {
+  const port = await ensureDaemon();
+  return daemonFetch(port, "GET", "/sessions");
+}
+async function getSession(sessionId) {
+  const port = await ensureDaemon();
+  return daemonFetch(port, "GET", `/sessions/${sessionId}`);
+}
+async function deleteSession(sessionId) {
+  const port = await ensureDaemon();
+  return daemonFetch(port, "DELETE", `/sessions/${sessionId}`);
+}
+async function deleteAllSessions() {
+  const port = await ensureDaemon();
+  return daemonFetch(port, "DELETE", "/sessions");
+}
+async function callTool(sessionId, toolName, args) {
+  const port = await ensureDaemon();
+  return daemonFetch(port, "POST", `/sessions/${sessionId}/tools/${toolName}`, args);
+}
+async function resolveTargetSession(sessionIdOrName) {
+  const result = await listSessions();
+  if (!result.ok || !result.data) {
+    throw new Error("Failed to list sessions");
+  }
+  const sessions = result.data;
+  if (sessions.length === 0) {
+    throw new Error("No active sessions. Start one with: canary session start");
+  }
+  if (sessionIdOrName) {
+    const match = sessions.find(
+      (s) => s.id === sessionIdOrName || s.name === sessionIdOrName
+    );
+    if (!match) {
+      throw new Error(
+        `Session "${sessionIdOrName}" not found. Active sessions: ${sessions.map((s) => s.id).join(", ")}`
+      );
+    }
+    return match;
+  }
+  if (sessions.length === 1) {
+    return sessions[0];
+  }
+  throw new Error(
+    `Multiple sessions active. Specify one with --session:
+${sessions.map((s) => `  ${s.id} (${s.name})`).join("\n")}`
+  );
+}
+
+export {
+  createSession,
+  listSessions,
+  getSession,
+  deleteSession,
+  deleteAllSessions,
+  callTool,
+  resolveTargetSession
+};
+//# sourceMappingURL=chunk-C2PGZRYK.js.map

package/dist/chunk-C2PGZRYK.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/session/daemon-client.ts"],"sourcesContent":["/**\n * Daemon client — HTTP client for the session daemon.\n *\n * Handles pidfile read/write, stale PID detection, auto-start,\n * and provides typed HTTP helpers for daemon communication.\n *\n * @module\n */\n\nimport { spawn } from 'node:child_process';\nimport fs from 'node:fs/promises';\nimport path from 'node:path';\nimport os from 'node:os';\nimport type {\n  DaemonState,\n  DaemonResponse,\n  SessionInfo,\n  CreateSessionRequest,\n  ToolResponse,\n} from './types.js';\n\nconst PIDFILE_DIR = path.join(os.homedir(), '.config', 'canary-cli');\nconst PIDFILE_PATH = path.join(PIDFILE_DIR, 'daemon.json');\nconst HEALTH_POLL_INTERVAL_MS = 100;\nconst HEALTH_POLL_TIMEOUT_MS = 15_000;\n\n/* ── Pidfile helpers ─────────────────────────────────────────────────── */\n\nasync function readPidfile(): Promise<DaemonState | null> {\n  try {\n    const content = await fs.readFile(PIDFILE_PATH, 'utf-8');\n    return JSON.parse(content) as DaemonState;\n  } catch {\n    return null;\n  }\n}\n\nfunction isProcessAlive(pid: number): boolean {\n  try {\n    process.kill(pid, 0);\n    return true;\n  } catch {\n    return false;\n  }\n}\n\n/* ── HTTP helpers ────────────────────────────────────────────────────── */\n\nasync function daemonFetch(\n  port: number,\n  method: string,\n  path: string,\n  body?: unknown\n): Promise<unknown> {\n  const url = `http://127.0.0.1:${port}${path}`;\n  const res = await fetch(url, {\n    method,\n    headers: body ? { 'Content-Type': 'application/json' } : undefined,\n    body: body ? JSON.stringify(body) : undefined,\n  });\n  return res.json();\n}\n\nasync function healthCheck(port: number): Promise<boolean> {\n  try {\n    const res = await fetch(`http://127.0.0.1:${port}/health`, {\n      signal: AbortSignal.timeout(2000),\n    });\n    return res.ok;\n  } catch {\n    return false;\n  }\n}\n\n/* ── Auto-start ──────────────────────────────────────────────────────── */\n\nasync function spawnDaemon(): Promise<number> {\n  // Resolve the canary CLI entry point\n  const cliEntry = path.resolve(\n    path.dirname(new URL(import.meta.url).pathname),\n    '..',\n    'index.ts'\n  );\n\n  const child = spawn(process.execPath, ['--bun', cliEntry, 'session', 'daemon'], {\n    detached: true,\n    stdio: ['ignore', 'pipe', 'ignore'],\n    env: { ...process.env },\n  });\n\n  child.unref();\n\n  // Wait for \"DAEMON_READY:<port>\" on stdout\n  return new Promise<number>((resolve, reject) => {\n    let output = '';\n    const timeout = setTimeout(() => {\n      reject(new Error('Daemon startup timed out'));\n    }, HEALTH_POLL_TIMEOUT_MS);\n\n    child.stdout!.on('data', (data: Buffer) => {\n      output += data.toString();\n      const match = output.match(/DAEMON_READY:(\\d+)/);\n      if (match) {\n        clearTimeout(timeout);\n        resolve(parseInt(match[1], 10));\n      }\n    });\n\n    child.on('error', (err) => {\n      clearTimeout(timeout);\n      reject(err);\n    });\n\n    child.on('exit', (code) => {\n      clearTimeout(timeout);\n      if (!output.includes('DAEMON_READY')) {\n        reject(new Error(`Daemon exited with code ${code} before becoming ready`));\n      }\n    });\n  });\n}\n\n/* ── Public API ──────────────────────────────────────────────────────── */\n\n/**\n * Ensure the daemon is running and return its port.\n * Starts the daemon if needed, cleans up stale pidfiles.\n */\nexport async function ensureDaemon(): Promise<number> {\n  const state = await readPidfile();\n\n  if (state) {\n    if (isProcessAlive(state.pid)) {\n      // Verify it actually responds\n      if (await healthCheck(state.port)) {\n        return state.port;\n      }\n    }\n    // Stale pidfile — clean up\n    try {\n      await fs.unlink(PIDFILE_PATH);\n    } catch {\n      // ignore\n    }\n  }\n\n  // Spawn new daemon\n  const port = await spawnDaemon();\n\n  // Poll until healthy\n  const deadline = Date.now() + HEALTH_POLL_TIMEOUT_MS;\n  while (Date.now() < deadline) {\n    if (await healthCheck(port)) return port;\n    await new Promise((r) => setTimeout(r, HEALTH_POLL_INTERVAL_MS));\n  }\n\n  throw new Error('Daemon failed to become healthy after spawn');\n}\n\n/**\n * Get daemon port if running, null otherwise.\n */\nexport async function getDaemonPort(): Promise<number | null> {\n  const state = await readPidfile();\n  if (!state) return null;\n  if (!isProcessAlive(state.pid)) return null;\n  if (!(await healthCheck(state.port))) return null;\n  return state.port;\n}\n\n/* ── Session operations ──────────────────────────────────────────────── */\n\nexport async function createSession(params: CreateSessionRequest): Promise<DaemonResponse<SessionInfo>> {\n  const port = await ensureDaemon();\n  return daemonFetch(port, 'POST', '/sessions', params) as Promise<DaemonResponse<SessionInfo>>;\n}\n\nexport async function listSessions(): Promise<DaemonResponse<SessionInfo[]>> {\n  const port = await ensureDaemon();\n  return daemonFetch(port, 'GET', '/sessions') as Promise<DaemonResponse<SessionInfo[]>>;\n}\n\nexport async function getSession(sessionId: string): Promise<DaemonResponse<SessionInfo>> {\n  const port = await ensureDaemon();\n  return daemonFetch(port, 'GET', `/sessions/${sessionId}`) as Promise<DaemonResponse<SessionInfo>>;\n}\n\nexport async function deleteSession(sessionId: string): Promise<DaemonResponse> {\n  const port = await ensureDaemon();\n  return daemonFetch(port, 'DELETE', `/sessions/${sessionId}`) as Promise<DaemonResponse>;\n}\n\nexport async function deleteAllSessions(): Promise<DaemonResponse> {\n  const port = await ensureDaemon();\n  return daemonFetch(port, 'DELETE', '/sessions') as Promise<DaemonResponse>;\n}\n\nexport async function callTool(\n  sessionId: string,\n  toolName: string,\n  args: Record<string, unknown>\n): Promise<ToolResponse> {\n  const port = await ensureDaemon();\n  return daemonFetch(port, 'POST', `/sessions/${sessionId}/tools/${toolName}`, args) as Promise<ToolResponse>;\n}\n\n/**\n * Resolve the target session for a command.\n * If there's exactly one session, auto-targets it.\n * If a sessionId or name is provided, looks it up.\n */\nexport async function resolveTargetSession(sessionIdOrName?: string): Promise<SessionInfo> {\n  const result = await listSessions();\n  if (!result.ok || !result.data) {\n    throw new Error('Failed to list sessions');\n  }\n  const sessions = result.data;\n\n  if (sessions.length === 0) {\n    throw new Error('No active sessions. Start one with: canary session start');\n  }\n\n  if (sessionIdOrName) {\n    const match = sessions.find(\n      (s) => s.id === sessionIdOrName || s.name === sessionIdOrName\n    );\n    if (!match) {\n      throw new Error(\n        `Session \"${sessionIdOrName}\" not found. Active sessions: ${sessions.map((s) => s.id).join(', ')}`\n      );\n    }\n    return match;\n  }\n\n  if (sessions.length === 1) {\n    return sessions[0];\n  }\n\n  throw new Error(\n    `Multiple sessions active. Specify one with --session:\\n${sessions.map((s) => `  ${s.id} (${s.name})`).join('\\n')}`\n  );\n}\n"],"mappings":";;;AASA,SAAS,aAAa;AACtB,OAAO,QAAQ;AACf,OAAO,UAAU;AACjB,OAAO,QAAQ;AASf,IAAM,cAAc,KAAK,KAAK,GAAG,QAAQ,GAAG,WAAW,YAAY;AACnE,IAAM,eAAe,KAAK,KAAK,aAAa,aAAa;AACzD,IAAM,0BAA0B;AAChC,IAAM,yBAAyB;AAI/B,eAAe,cAA2C;AACxD,MAAI;AACF,UAAM,UAAU,MAAM,GAAG,SAAS,cAAc,OAAO;AACvD,WAAO,KAAK,MAAM,OAAO;AAAA,EAC3B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,eAAe,KAAsB;AAC5C,MAAI;AACF,YAAQ,KAAK,KAAK,CAAC;AACnB,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAIA,eAAe,YACb,MACA,QACAA,OACA,MACkB;AAClB,QAAM,MAAM,oBAAoB,IAAI,GAAGA,KAAI;AAC3C,QAAM,MAAM,MAAM,MAAM,KAAK;AAAA,IAC3B;AAAA,IACA,SAAS,OAAO,EAAE,gBAAgB,mBAAmB,IAAI;AAAA,IACzD,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,EACtC,CAAC;AACD,SAAO,IAAI,KAAK;AAClB;AAEA,eAAe,YAAY,MAAgC;AACzD,MAAI;AACF,UAAM,MAAM,MAAM,MAAM,oBAAoB,IAAI,WAAW;AAAA,MACzD,QAAQ,YAAY,QAAQ,GAAI;AAAA,IAClC,CAAC;AACD,WAAO,IAAI;AAAA,EACb,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAIA,eAAe,cAA+B;AAE5C,QAAM,WAAW,KAAK;AAAA,IACpB,KAAK,QAAQ,IAAI,IAAI,YAAY,GAAG,EAAE,QAAQ;AAAA,IAC9C;AAAA,IACA;AAAA,EACF;AAEA,QAAM,QAAQ,MAAM,QAAQ,UAAU,CAAC,SAAS,UAAU,WAAW,QAAQ,GAAG;AAAA,IAC9E,UAAU;AAAA,IACV,OAAO,CAAC,UAAU,QAAQ,QAAQ;AAAA,IAClC,KAAK,EAAE,GAAG,QAAQ,IAAI;AAAA,EACxB,CAAC;AAED,QAAM,MAAM;AAGZ,SAAO,IAAI,QAAgB,CAAC,SAAS,WAAW;AAC9C,QAAI,SAAS;AACb,UAAM,UAAU,WAAW,MAAM;AAC/B,aAAO,IAAI,MAAM,0BAA0B,CAAC;AAAA,IAC9C,GAAG,sBAAsB;AAEzB,UAAM,OAAQ,GAAG,QAAQ,CAAC,SAAiB;AACzC,gBAAU,KAAK,SAAS;AACxB,YAAM,QAAQ,OAAO,MAAM,oBAAoB;AAC/C,UAAI,OAAO;AACT,qBAAa,OAAO;AACpB,gBAAQ,SAAS,MAAM,CAAC,GAAG,EAAE,CAAC;AAAA,MAChC;AAAA,IACF,CAAC;AAED,UAAM,GAAG,SAAS,CAAC,QAAQ;AACzB,mBAAa,OAAO;AACpB,aAAO,GAAG;AAAA,IACZ,CAAC;AAED,UAAM,GAAG,QAAQ,CAAC,SAAS;AACzB,mBAAa,OAAO;AACpB,UAAI,CAAC,OAAO,SAAS,cAAc,GAAG;AACpC,eAAO,IAAI,MAAM,2BAA2B,IAAI,wBAAwB,CAAC;AAAA,MAC3E;AAAA,IACF,CAAC;AAAA,EACH,CAAC;AACH;AAQA,eAAsB,eAAgC;AACpD,QAAM,QAAQ,MAAM,YAAY;AAEhC,MAAI,OAAO;AACT,QAAI,eAAe,MAAM,GAAG,GAAG;AAE7B,UAAI,MAAM,YAAY,MAAM,IAAI,GAAG;AACjC,eAAO,MAAM;AAAA,MACf;AAAA,IACF;AAEA,QAAI;AACF,YAAM,GAAG,OAAO,YAAY;AAAA,IAC9B,QAAQ;AAAA,IAER;AAAA,EACF;AAGA,QAAM,OAAO,MAAM,YAAY;AAG/B,QAAM,WAAW,KAAK,IAAI,IAAI;AAC9B,SAAO,KAAK,IAAI,IAAI,UAAU;AAC5B,QAAI,MAAM,YAAY,IAAI,EAAG,QAAO;AACpC,UAAM,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,uBAAuB,CAAC;AAAA,EACjE;AAEA,QAAM,IAAI,MAAM,6CAA6C;AAC/D;AAeA,eAAsB,cAAc,QAAoE;AACtG,QAAM,OAAO,MAAM,aAAa;AAChC,SAAO,YAAY,MAAM,QAAQ,aAAa,MAAM;AACtD;AAEA,eAAsB,eAAuD;AAC3E,QAAM,OAAO,MAAM,aAAa;AAChC,SAAO,YAAY,MAAM,OAAO,WAAW;AAC7C;AAEA,eAAsB,WAAW,WAAyD;AACxF,QAAM,OAAO,MAAM,aAAa;AAChC,SAAO,YAAY,MAAM,OAAO,aAAa,SAAS,EAAE;AAC1D;AAEA,eAAsB,cAAc,WAA4C;AAC9E,QAAM,OAAO,MAAM,aAAa;AAChC,SAAO,YAAY,MAAM,UAAU,aAAa,SAAS,EAAE;AAC7D;AAEA,eAAsB,oBAA6C;AACjE,QAAM,OAAO,MAAM,aAAa;AAChC,SAAO,YAAY,MAAM,UAAU,WAAW;AAChD;AAEA,eAAsB,SACpB,WACA,UACA,MACuB;AACvB,QAAM,OAAO,MAAM,aAAa;AAChC,SAAO,YAAY,MAAM,QAAQ,aAAa,SAAS,UAAU,QAAQ,IAAI,IAAI;AACnF;AAOA,eAAsB,qBAAqB,iBAAgD;AACzF,QAAM,SAAS,MAAM,aAAa;AAClC,MAAI,CAAC,OAAO,MAAM,CAAC,OAAO,MAAM;AAC9B,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AACA,QAAM,WAAW,OAAO;AAExB,MAAI,SAAS,WAAW,GAAG;AACzB,UAAM,IAAI,MAAM,0DAA0D;AAAA,EAC5E;AAEA,MAAI,iBAAiB;AACnB,UAAM,QAAQ,SAAS;AAAA,MACrB,CAAC,MAAM,EAAE,OAAO,mBAAmB,EAAE,SAAS;AAAA,IAChD;AACA,QAAI,CAAC,OAAO;AACV,YAAM,IAAI;AAAA,QACR,YAAY,eAAe,iCAAiC,SAAS,IAAI,CAAC,MAAM,EAAE,EAAE,EAAE,KAAK,IAAI,CAAC;AAAA,MAClG;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,MAAI,SAAS,WAAW,GAAG;AACzB,WAAO,SAAS,CAAC;AAAA,EACnB;AAEA,QAAM,IAAI;AAAA,IACR;AAAA,EAA0D,SAAS,IAAI,CAAC,MAAM,KAAK,EAAE,EAAE,KAAK,EAAE,IAAI,GAAG,EAAE,KAAK,IAAI,CAAC;AAAA,EACnH;AACF;","names":["path"]}

package/dist/{chunk-TEHABH2E.js → chunk-LC7ZVXPH.js}

@@ -1,7 +1,7 @@
 import { createRequire as __cr } from "module"; const require = __cr(import.meta.url);
 import {
   PlaywrightClient
-} from "./chunk-RL5Y6V3C.js";
+} from "./chunk-XGO62PO2.js";
 
 // src/local-browser/host.ts
 var HEARTBEAT_INTERVAL_MS = 3e4;
@@ -370,4 +370,4 @@ var LocalBrowserHost = class {
 export {
   LocalBrowserHost
 };
-//# sourceMappingURL=chunk-TEHABH2E.js.map
+//# sourceMappingURL=chunk-LC7ZVXPH.js.map

package/dist/{chunk-6WWHXWCS.js → chunk-QLFSJG5O.js}

@@ -2,8 +2,13 @@ import { createRequire as __cr } from "module"; const require = __cr(import.meta
 import {
   getArgValue
 } from "./chunk-PWWQGYFG.js";
+import {
+  getCanaryTmpDir
+} from "./chunk-XAA5VQ5N.js";
 
 // src/cli-helpers.ts
+import fs from "fs/promises";
+import path from "path";
 import process from "process";
 function toLifecycleLabel(stage) {
   switch (stage) {
@@ -23,8 +28,8 @@ function parseLifecycleStage(argv) {
   }
   return stage;
 }
-async function apiRequest(apiUrl, token, method, path, body) {
-  const res = await fetch(`${apiUrl}${path}`, {
+async function apiRequest(apiUrl, token, method, path2, body) {
+  const res = await fetch(`${apiUrl}${path2}`, {
     method,
     headers: {
       Authorization: `Bearer ${token}`,
@@ -39,8 +44,30 @@ async function apiRequest(apiUrl, token, method, path, body) {
   }
   return await res.json();
 }
-async function fetchList(apiUrl, token, path, listKey) {
-  const res = await fetch(`${apiUrl}${path}`, {
+async function downloadStorageState(opts) {
+  const tmpFile = path.join(
+    getCanaryTmpDir(),
+    `${opts.prefix ?? "canary-ss"}-${Date.now()}.json`
+  );
+  try {
+    const res = await fetch(
+      `${opts.apiUrl}/org/properties/${opts.propertyId}/credentials/${opts.credentialId}/storage-state/download`,
+      {
+        headers: { Authorization: `Bearer ${opts.token}` },
+        redirect: "follow"
+      }
+    );
+    if (res.ok) {
+      const body = await res.text();
+      await fs.writeFile(tmpFile, body, "utf-8");
+      return tmpFile;
+    }
+  } catch {
+  }
+  return void 0;
+}
+async function fetchList(apiUrl, token, path2, listKey) {
+  const res = await fetch(`${apiUrl}${path2}`, {
     headers: { Authorization: `Bearer ${token}` }
   });
   if (res.status === 401) {
@@ -60,6 +87,7 @@ export {
   toLifecycleLabel,
   parseLifecycleStage,
   apiRequest,
+  downloadStorageState,
   fetchList
 };
-//# sourceMappingURL=chunk-6WWHXWCS.js.map
+//# sourceMappingURL=chunk-QLFSJG5O.js.map

package/dist/chunk-QLFSJG5O.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/cli-helpers.ts"],"sourcesContent":["/**\n * Shared CLI helpers for superadmin management commands (knobs, feature-flags).\n */\n\nimport fs from \"node:fs/promises\";\nimport path from \"node:path\";\nimport process from \"node:process\";\nimport { getCanaryTmpDir } from \"@chatsdet/tmp\";\nimport { getArgValue } from \"./auth.js\";\n\nexport type LifecycleStage = \"active\" | \"deprecated\" | \"ready_for_cleanup\";\n\nexport function toLifecycleLabel(stage: LifecycleStage): string {\n  switch (stage) {\n    case \"deprecated\":\n      return \"deprecated\";\n    case \"ready_for_cleanup\":\n      return \"ready_for_cleanup\";\n    default:\n      return \"active\";\n  }\n}\n\nexport function parseLifecycleStage(argv: string[]): LifecycleStage {\n  const stage = getArgValue(argv, \"--stage\");\n  if (!stage || ![\"active\", \"deprecated\", \"ready_for_cleanup\"].includes(stage)) {\n    console.error(\"Error: --stage is required and must be one of: active, deprecated, ready_for_cleanup\");\n    process.exit(1);\n  }\n  return stage as LifecycleStage;\n}\n\nexport async function apiRequest<T extends { ok: boolean; error?: string }>(\n  apiUrl: string,\n  token: string,\n  method: string,\n  path: string,\n  body?: Record<string, unknown>\n): Promise<T> {\n  const res = await fetch(`${apiUrl}${path}`, {\n    method,\n    headers: {\n      Authorization: `Bearer ${token}`,\n      \"Content-Type\": \"application/json\",\n    },\n    ...(body ? { body: JSON.stringify(body) } : {}),\n  });\n\n  if (res.status === 401) {\n    console.error(\"Error: Unauthorized. Your session may have expired.\");\n    console.error(\"Run: canary login\");\n    process.exit(1);\n  }\n\n  return (await res.json()) as T;\n}\n\nexport async function downloadStorageState(opts: {\n  apiUrl: string;\n  token: string;\n  propertyId: string;\n  credentialId: string;\n  prefix?: string;\n}): Promise<string | undefined> {\n  const tmpFile = path.join(\n    getCanaryTmpDir(),\n    `${opts.prefix ?? \"canary-ss\"}-${Date.now()}.json`\n  );\n  try {\n    const res = await fetch(\n      `${opts.apiUrl}/org/properties/${opts.propertyId}/credentials/${opts.credentialId}/storage-state/download`,\n      {\n        headers: { Authorization: `Bearer ${opts.token}` },\n        redirect: \"follow\",\n      }\n    );\n    if (res.ok) {\n      const body = await res.text();\n      await fs.writeFile(tmpFile, body, \"utf-8\");\n      return tmpFile;\n    }\n  } catch {\n    // Caller handles missing storage state\n  }\n  return undefined;\n}\n\nexport async function fetchList<T>(\n  apiUrl: string,\n  token: string,\n  path: string,\n  listKey: string\n): Promise<T[]> {\n  const res = await fetch(`${apiUrl}${path}`, {\n    headers: { Authorization: `Bearer ${token}` },\n  });\n\n  if (res.status === 401) {\n    console.error(\"Error: Unauthorized. Your session may have expired.\");\n    console.error(\"Run: canary login\");\n    process.exit(1);\n  }\n\n  const json = (await res.json()) as Record<string, unknown>;\n\n  if (!json.ok) {\n    console.error(`Error: ${json.error}`);\n    process.exit(1);\n  }\n\n  return (json[listKey] as T[]) ?? [];\n}\n"],"mappings":";;;;;;;;;AAIA,OAAO,QAAQ;AACf,OAAO,UAAU;AACjB,OAAO,aAAa;AAMb,SAAS,iBAAiB,OAA+B;AAC9D,UAAQ,OAAO;AAAA,IACb,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT;AACE,aAAO;AAAA,EACX;AACF;AAEO,SAAS,oBAAoB,MAAgC;AAClE,QAAM,QAAQ,YAAY,MAAM,SAAS;AACzC,MAAI,CAAC,SAAS,CAAC,CAAC,UAAU,cAAc,mBAAmB,EAAE,SAAS,KAAK,GAAG;AAC5E,YAAQ,MAAM,sFAAsF;AACpG,YAAQ,KAAK,CAAC;AAAA,EAChB;AACA,SAAO;AACT;AAEA,eAAsB,WACpB,QACA,OACA,QACAA,OACA,MACY;AACZ,QAAM,MAAM,MAAM,MAAM,GAAG,MAAM,GAAGA,KAAI,IAAI;AAAA,IAC1C;AAAA,IACA,SAAS;AAAA,MACP,eAAe,UAAU,KAAK;AAAA,MAC9B,gBAAgB;AAAA,IAClB;AAAA,IACA,GAAI,OAAO,EAAE,MAAM,KAAK,UAAU,IAAI,EAAE,IAAI,CAAC;AAAA,EAC/C,CAAC;AAED,MAAI,IAAI,WAAW,KAAK;AACtB,YAAQ,MAAM,qDAAqD;AACnE,YAAQ,MAAM,mBAAmB;AACjC,YAAQ,KAAK,CAAC;AAAA,EAChB;AAEA,SAAQ,MAAM,IAAI,KAAK;AACzB;AAEA,eAAsB,qBAAqB,MAMX;AAC9B,QAAM,UAAU,KAAK;AAAA,IACnB,gBAAgB;AAAA,IAChB,GAAG,KAAK,UAAU,WAAW,IAAI,KAAK,IAAI,CAAC;AAAA,EAC7C;AACA,MAAI;AACF,UAAM,MAAM,MAAM;AAAA,MAChB,GAAG,KAAK,MAAM,mBAAmB,KAAK,UAAU,gBAAgB,KAAK,YAAY;AAAA,MACjF;AAAA,QACE,SAAS,EAAE,eAAe,UAAU,KAAK,KAAK,GAAG;AAAA,QACjD,UAAU;AAAA,MACZ;AAAA,IACF;AACA,QAAI,IAAI,IAAI;AACV,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,YAAM,GAAG,UAAU,SAAS,MAAM,OAAO;AACzC,aAAO;AAAA,IACT;AAAA,EACF,QAAQ;AAAA,EAER;AACA,SAAO;AACT;AAEA,eAAsB,UACpB,QACA,OACAA,OACA,SACc;AACd,QAAM,MAAM,MAAM,MAAM,GAAG,MAAM,GAAGA,KAAI,IAAI;AAAA,IAC1C,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG;AAAA,EAC9C,CAAC;AAED,MAAI,IAAI,WAAW,KAAK;AACtB,YAAQ,MAAM,qDAAqD;AACnE,YAAQ,MAAM,mBAAmB;AACjC,YAAQ,KAAK,CAAC;AAAA,EAChB;AAEA,QAAM,OAAQ,MAAM,IAAI,KAAK;AAE7B,MAAI,CAAC,KAAK,IAAI;AACZ,YAAQ,MAAM,UAAU,KAAK,KAAK,EAAE;AACpC,YAAQ,KAAK,CAAC;AAAA,EAChB;AAEA,SAAQ,KAAK,OAAO,KAAa,CAAC;AACpC;","names":["path"]}