@claryai/cli 0.1.0

package/dist/handlers/createProject.d.ts

@@ -0,0 +1,37 @@
+import { CreateProjectTableConfiguration, ProjectType, type ApiCreateProjectResults, type CreateWarehouseCredentials, type DbtVersionOption } from '@lightdash/common';
+export declare const resolveOrganizationCredentialsName: (name: string) => Promise<string>;
+type CreateProjectOptions = {
+    name: string;
+    projectDir: string;
+    profilesDir: string;
+    target: string | undefined;
+    profile: string | undefined;
+    type: ProjectType;
+    startOfWeek?: number;
+    upstreamProjectUuid?: string;
+    tableConfiguration?: CreateProjectTableConfiguration;
+    copyContent?: boolean;
+    warehouseCredentials?: boolean;
+    organizationCredentials?: string;
+    targetPath?: string;
+    assumeYes?: boolean;
+};
+type LoadWarehouseCredentialsOptions = {
+    projectDir: string;
+    profilesDir: string;
+    target?: string;
+    profile?: string;
+    startOfWeek?: number;
+    assumeYes?: boolean;
+    targetPath?: string;
+};
+type LoadWarehouseCredentialsResult = {
+    credentials: CreateWarehouseCredentials;
+    targetName: string;
+    dbtVersionOption: DbtVersionOption;
+    isDbtCloudCLI: boolean;
+};
+export declare const loadWarehouseCredentialsFromProfiles: (options: LoadWarehouseCredentialsOptions) => Promise<LoadWarehouseCredentialsResult | null>;
+export declare const createProject: (options: CreateProjectOptions) => Promise<ApiCreateProjectResults | undefined>;
+export {};
+//# sourceMappingURL=createProject.d.ts.map

package/dist/handlers/createProject.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"createProject.d.ts","sourceRoot":"","sources":["../../src/handlers/createProject.ts"],"names":[],"mappings":"AAAA,OAAO,EAEH,+BAA+B,EAI/B,WAAW,EAGX,KAAK,uBAAuB,EAC5B,KAAK,0BAA0B,EAC/B,KAAK,gBAAgB,EAExB,MAAM,mBAAmB,CAAC;AAgE3B,eAAO,MAAM,kCAAkC,GAC3C,MAAM,MAAM,KACb,OAAO,CAAC,MAAM,CAyChB,CAAC;AAEF,KAAK,oBAAoB,GAAG;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,IAAI,EAAE,WAAW,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,kBAAkB,CAAC,EAAE,+BAA+B,CAAC;IACrD,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,OAAO,CAAC;CACvB,CAAC;AAqDF,KAAK,+BAA+B,GAAG;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,KAAK,8BAA8B,GAAG;IAClC,WAAW,EAAE,0BAA0B,CAAC;IACxC,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,aAAa,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,eAAO,MAAM,oCAAoC,GAC7C,SAAS,+BAA+B,KACzC,OAAO,CAAC,8BAA8B,GAAG,IAAI,CA2F/C,CAAC;AAEF,eAAO,MAAM,aAAa,GACtB,SAAS,oBAAoB,KAC9B,OAAO,CAAC,uBAAuB,GAAG,SAAS,CAsG7C,CAAC"}

package/dist/handlers/createProject.js

@@ -0,0 +1,272 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createProject = exports.loadWarehouseCredentialsFromProfiles = exports.resolveOrganizationCredentialsName = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@lightdash/common");
+const inquirer_1 = tslib_1.__importDefault(require("inquirer"));
+const path_1 = tslib_1.__importDefault(require("path"));
+const config_1 = require("../config");
+const context_1 = require("../dbt/context");
+const globalState_1 = tslib_1.__importDefault(require("../globalState"));
+const styles = tslib_1.__importStar(require("../styles"));
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+const apiClient_1 = require("./dbt/apiClient");
+const getDbtProfileTargetName_1 = tslib_1.__importDefault(require("./dbt/getDbtProfileTargetName"));
+const getDbtVersion_1 = require("./dbt/getDbtVersion");
+const getWarehouseClient_1 = tslib_1.__importStar(require("./dbt/getWarehouseClient"));
+const askToRememberAnswer = async () => {
+    const answers = await inquirer_1.default.prompt([
+        {
+            type: 'confirm',
+            name: 'isConfirm',
+            message: 'Do you want to save this answer for next time?',
+        },
+    ]);
+    if (answers.isConfirm) {
+        await (0, config_1.setAnswer)({
+            permissionToStoreWarehouseCredentials: true,
+        });
+    }
+};
+const askPermissionToStoreWarehouseCredentials = async (assumeYes = false) => {
+    if (globalState_1.default.isNonInteractive() || assumeYes) {
+        globalState_1.default.debug('> Auto-accepting warehouse credentials storage');
+        return true;
+    }
+    const config = await (0, config_1.getConfig)();
+    const savedAnswer = config.answers?.permissionToStoreWarehouseCredentials;
+    if (!savedAnswer) {
+        const spinner = globalState_1.default.getActiveSpinner();
+        if (spinner) {
+            spinner.stop();
+        }
+        const answers = await inquirer_1.default.prompt([
+            {
+                type: 'confirm',
+                name: 'isConfirm',
+                message: 'Do you confirm Clary can store your warehouse credentials so you can run queries in Clary?',
+            },
+        ]);
+        if (answers.isConfirm) {
+            await askToRememberAnswer();
+        }
+        if (spinner) {
+            spinner.start();
+        }
+        return answers.isConfirm;
+    }
+    return savedAnswer;
+};
+const resolveOrganizationCredentialsName = async (name) => {
+    globalState_1.default.debug(`> Resolving organization warehouse credentials: ${name}`);
+    try {
+        const credentialsList = await (0, apiClient_1.lightdashApi)({
+            method: 'GET',
+            url: '/api/v1/org/warehouse-credentials?summary=true',
+            body: undefined,
+        });
+        const credential = credentialsList.find((cred) => cred.name === name);
+        if (!credential) {
+            const availableNames = credentialsList.length > 0
+                ? credentialsList
+                    .map((c) => `  - ${c.name} (${c.warehouseType})`)
+                    .join('\n')
+                : '  (none available)';
+            throw new Error(`Organization warehouse credentials "${name}" not found.\n\nAvailable credentials:\n${availableNames}`);
+        }
+        globalState_1.default.debug(`> Resolved "${name}" to UUID: ${credential.organizationWarehouseCredentialsUuid}`);
+        return credential.organizationWarehouseCredentialsUuid;
+    }
+    catch (error) {
+        if (error instanceof Error) {
+            throw error;
+        }
+        throw new Error('Failed to resolve organization warehouse credentials. This may be an Enterprise Edition feature that is not available.');
+    }
+};
+exports.resolveOrganizationCredentialsName = resolveOrganizationCredentialsName;
+const isSnowflakeSsoEnabled = async () => {
+    const response = await (0, apiClient_1.lightdashApi)({
+        method: 'GET',
+        url: `/api/v1/health`,
+        body: undefined,
+    });
+    return response?.auth?.snowflake?.enabled ?? false;
+};
+const applySnowflakeSsoHandling = async (credentials) => {
+    if (credentials.type !== common_1.WarehouseTypes.SNOWFLAKE ||
+        credentials.authenticationType !==
+            common_1.SnowflakeAuthenticationType.EXTERNAL_BROWSER) {
+        return credentials;
+    }
+    const snowflakeSsoEnabled = await isSnowflakeSsoEnabled();
+    if (snowflakeSsoEnabled) {
+        console.error(styles.info(`\nClary server has Snowflake OAuth authentication enabled.
+We will ask for user credentials again on the Clary UI.\n`));
+        return {
+            ...credentials,
+            requireUserCredentials: true,
+        };
+    }
+    console.error(styles.warning(`\nUser has externalbrowser snowflake authentication.
+We will generate programatically a temporary PAT to enable access on Clary which expires in 1 day.
+For a better user experience, we recommend enabling Snowflake OAuth authentication on the server.\n`));
+    const patToken = await (0, getWarehouseClient_1.createProgramaticallySnowflakePat)(credentials);
+    return {
+        ...credentials,
+        authenticationType: common_1.SnowflakeAuthenticationType.PASSWORD,
+        password: patToken,
+    };
+};
+const loadWarehouseCredentialsFromProfiles = async (options) => {
+    const absoluteProjectPath = path_1.default.resolve(options.projectDir);
+    const dbtVersionResult = await (0, getDbtVersion_1.tryGetDbtVersion)();
+    if (!dbtVersionResult.success) {
+        throw dbtVersionResult.error;
+    }
+    const { isDbtCloudCLI } = dbtVersionResult.version;
+    const dbtVersionOption = dbtVersionResult.version.versionOption;
+    const context = await (0, context_1.getDbtContext)({
+        projectDir: absoluteProjectPath,
+        targetPath: options.targetPath,
+    });
+    globalState_1.default.debug(`> Using profiles dir ${options.profilesDir} and profile ${options.profile || context.profileName}`);
+    const targetName = await (0, getDbtProfileTargetName_1.default)({
+        isDbtCloudCLI,
+        profilesDir: options.profilesDir,
+        profile: options.profile || context.profileName,
+        target: options.target,
+    });
+    globalState_1.default.debug(`> Using target name ${targetName}`);
+    const canStoreWarehouseCredentials = await askPermissionToStoreWarehouseCredentials(options.assumeYes);
+    if (!canStoreWarehouseCredentials) {
+        return null;
+    }
+    const result = await (0, getWarehouseClient_1.default)({
+        isDbtCloudCLI,
+        profilesDir: options.profilesDir,
+        profile: options.profile || context.profileName,
+        target: options.target,
+        startOfWeek: options.startOfWeek,
+    });
+    const { credentials } = result;
+    if (credentials.type === common_1.WarehouseTypes.BIGQUERY &&
+        credentials.keyfileContents.project_id &&
+        credentials.keyfileContents.project_id !== credentials.project) {
+        if (globalState_1.default.isNonInteractive() && !options.assumeYes) {
+            throw new Error(`BigQuery project mismatch: credentials file uses "${credentials.keyfileContents.project_id}" ` +
+                `but profiles.yml specifies "${credentials.project}". ` +
+                'This may cause permission issues. Use --assume-yes to bypass this warning.');
+        }
+        if (options.assumeYes) {
+            globalState_1.default.debug(`> Auto-accepting BigQuery project mismatch (credentials: ${credentials.keyfileContents.project_id}, profiles: ${credentials.project})`);
+        }
+        else {
+            const spinner = globalState_1.default.getActiveSpinner();
+            spinner?.stop();
+            const answers = await inquirer_1.default.prompt([
+                {
+                    type: 'confirm',
+                    name: 'isConfirm',
+                    message: `${styles.title('Warning')}: Your project on your credentials file ${styles.title(credentials.keyfileContents.project_id)} does not match your project on your profiles.yml ${styles.title(credentials.project)}, this might cause permission issues when accessing data on the warehouse. Are you sure you want to continue?`,
+                },
+            ]);
+            if (!answers.isConfirm) {
+                process.exit(1);
+            }
+            spinner?.start();
+        }
+    }
+    const finalCredentials = await applySnowflakeSsoHandling(credentials);
+    return {
+        credentials: finalCredentials,
+        targetName,
+        dbtVersionOption,
+        isDbtCloudCLI,
+    };
+};
+exports.loadWarehouseCredentialsFromProfiles = loadWarehouseCredentialsFromProfiles;
+const createProject = async (options) => {
+    await (0, apiClient_1.checkProjectCreationPermission)(options.upstreamProjectUuid, options.type);
+    // Resolve organization credentials early before doing any heavy work
+    let organizationWarehouseCredentialsUuid;
+    if (options.organizationCredentials) {
+        organizationWarehouseCredentialsUuid =
+            await (0, exports.resolveOrganizationCredentialsName)(options.organizationCredentials);
+    }
+    const absoluteProjectPath = path_1.default.resolve(options.projectDir);
+    let targetName;
+    let credentials;
+    let isDbtCloudCLI = false;
+    let dbtVersionOption = (0, common_1.getLatestSupportDbtVersion)();
+    // If using organization credentials, don't load warehouse credentials from profiles
+    if (organizationWarehouseCredentialsUuid) {
+        globalState_1.default.debug(`> Using organization warehouse credentials: ${options.organizationCredentials}`);
+        const dbtVersionResult = await (0, getDbtVersion_1.tryGetDbtVersion)();
+        if (!dbtVersionResult.success) {
+            throw dbtVersionResult.error;
+        }
+        isDbtCloudCLI = dbtVersionResult.version.isDbtCloudCLI;
+        dbtVersionOption = dbtVersionResult.version.versionOption;
+        // Still need to get target name for dbt connection
+        const context = await (0, context_1.getDbtContext)({
+            projectDir: absoluteProjectPath,
+            targetPath: options.targetPath,
+        });
+        globalState_1.default.debug(`> Using profiles dir ${options.profilesDir} and profile ${options.profile || context.profileName}`);
+        targetName = await (0, getDbtProfileTargetName_1.default)({
+            isDbtCloudCLI,
+            profilesDir: options.profilesDir,
+            profile: options.profile || context.profileName,
+            target: options.target,
+        });
+        globalState_1.default.debug(`> Using target name ${targetName}`);
+    }
+    else if (options.warehouseCredentials === false) {
+        globalState_1.default.debug('> Creating project without warehouse credentials');
+        // No dbt needed - use defaults set above
+    }
+    else {
+        const loaded = await (0, exports.loadWarehouseCredentialsFromProfiles)({
+            projectDir: options.projectDir,
+            profilesDir: options.profilesDir,
+            target: options.target,
+            profile: options.profile,
+            startOfWeek: options.startOfWeek,
+            assumeYes: options.assumeYes,
+            targetPath: options.targetPath,
+        });
+        if (!loaded) {
+            // User declined to store warehouse credentials
+            globalState_1.default.debug('> User declined to store warehouse credentials use --no-warehouse-credentials to create a project without warehouse credentials');
+            return undefined;
+        }
+        credentials = loaded.credentials;
+        targetName = loaded.targetName;
+        isDbtCloudCLI = loaded.isDbtCloudCLI;
+        dbtVersionOption = loaded.dbtVersionOption;
+    }
+    const project = {
+        name: options.name,
+        type: options.type,
+        warehouseConnection: credentials,
+        copyWarehouseConnectionFromUpstreamProject: isDbtCloudCLI ||
+            (options.warehouseCredentials === false &&
+                options.upstreamProjectUuid !== undefined),
+        dbtConnection: {
+            type: common_1.DbtProjectType.NONE,
+            target: targetName,
+        },
+        upstreamProjectUuid: options.upstreamProjectUuid,
+        dbtVersion: dbtVersionOption,
+        tableConfiguration: options.tableConfiguration,
+        copyContent: options.copyContent,
+        organizationWarehouseCredentialsUuid,
+    };
+    return (0, apiClient_1.lightdashApi)({
+        method: 'POST',
+        url: `/api/v1/org/projects`,
+        body: JSON.stringify(project),
+    });
+};
+exports.createProject = createProject;

package/dist/handlers/dbt/apiClient.d.ts

@@ -0,0 +1,14 @@
+import { ApiResponse, ProjectType, type LightdashUserWithAbilityRules } from '@lightdash/common';
+import { BodyInit } from 'node-fetch';
+type LightdashApiProps = {
+    method: 'GET' | 'POST' | 'PATCH' | 'DELETE' | 'PUT';
+    url: string;
+    body: BodyInit | undefined;
+};
+export declare const setGzipEnabled: (enabled: boolean) => void;
+export declare const lightdashApi: <T extends ApiResponse["results"]>({ method, url, body, }: LightdashApiProps) => Promise<T>;
+export declare const getUserContext: () => Promise<LightdashUserWithAbilityRules>;
+export declare const checkProjectCreationPermission: (upstreamProjectUuid: string | undefined, projectType: ProjectType) => Promise<void>;
+export declare const checkLightdashVersion: () => Promise<void>;
+export {};
+//# sourceMappingURL=apiClient.d.ts.map

package/dist/handlers/dbt/apiClient.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"apiClient.d.ts","sourceRoot":"","sources":["../../../src/handlers/dbt/apiClient.ts"],"names":[],"mappings":"AACA,OAAO,EAGH,WAAW,EAIX,WAAW,EACX,KAAK,6BAA6B,EAErC,MAAM,mBAAmB,CAAC;AAC3B,OAAc,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAS7C,KAAK,iBAAiB,GAAG;IACrB,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,OAAO,GAAG,QAAQ,GAAG,KAAK,CAAC;IACpD,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,QAAQ,GAAG,SAAS,CAAC;CAC9B,CAAC;AAKF,eAAO,MAAM,cAAc,GAAI,SAAS,OAAO,SAE9C,CAAC;AAEF,eAAO,MAAM,YAAY,GAAU,CAAC,SAAS,WAAW,CAAC,SAAS,CAAC,EAAE,wBAIlE,iBAAiB,KAAG,OAAO,CAAC,CAAC,CAqE/B,CAAC;AAEF,eAAO,MAAM,cAAc,QACb,OAAO,CAAC,6BAA6B,CAKzC,CAAC;AAEX,eAAO,MAAM,8BAA8B,GACvC,qBAAqB,MAAM,GAAG,SAAS,EACvC,aAAa,WAAW,KACzB,OAAO,CAAC,IAAI,CAkGd,CAAC;AAEF,eAAO,MAAM,qBAAqB,QAAa,OAAO,CAAC,IAAI,CAyB1D,CAAC"}

package/dist/handlers/dbt/apiClient.js

@@ -0,0 +1,167 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkLightdashVersion = exports.checkProjectCreationPermission = exports.getUserContext = exports.lightdashApi = exports.setGzipEnabled = void 0;
+const tslib_1 = require("tslib");
+const ability_1 = require("@casl/ability");
+const common_1 = require("@lightdash/common");
+const node_fetch_1 = tslib_1.__importDefault(require("node-fetch"));
+const url_1 = require("url");
+const zlib_1 = require("zlib");
+const config_1 = require("../../config");
+const env_1 = require("../../env");
+const globalState_1 = tslib_1.__importDefault(require("../../globalState"));
+const styles = tslib_1.__importStar(require("../../styles"));
+const utils_1 = require("../utils");
+const MIN_GZIP_SIZE = 1024;
+let gzipEnabled = false;
+const setGzipEnabled = (enabled) => {
+    gzipEnabled = enabled;
+};
+exports.setGzipEnabled = setGzipEnabled;
+const lightdashApi = async ({ method, url, body, }) => {
+    const config = await (0, config_1.getConfig)();
+    if (!(config.context?.apiKey && config.context.serverUrl)) {
+        throw new common_1.AuthorizationError(`Not logged in. Run 'clary login --help'`);
+    }
+    const headers = (0, utils_1.buildRequestHeaders)(config.context.apiKey);
+    const fullUrl = new url_1.URL(url, config.context.serverUrl).href;
+    globalState_1.default.debug(`> Making HTTP ${method} request to: ${fullUrl}`);
+    let requestBody = body;
+    if (gzipEnabled &&
+        body &&
+        typeof body === 'string' &&
+        Buffer.byteLength(body) > MIN_GZIP_SIZE) {
+        try {
+            const uncompressedSize = Buffer.byteLength(body);
+            const compressed = (0, zlib_1.gzipSync)(body);
+            globalState_1.default.debug(`> Compressed request body: ${uncompressedSize} bytes → ${compressed.byteLength} bytes (${Math.round((1 - compressed.byteLength / uncompressedSize) * 100)}% reduction)`);
+            requestBody = compressed;
+            headers['Content-Encoding'] = 'gzip';
+        }
+        catch (err) {
+            globalState_1.default.debug(`> Gzip compression failed, sending uncompressed: ${err}`);
+        }
+    }
+    return (0, node_fetch_1.default)(fullUrl, { method, headers, body: requestBody })
+        .then((r) => {
+        globalState_1.default.debug(`> HTTP request returned status: ${r.status}`);
+        if (!r.ok) {
+            const contentType = r.headers.get('content-type');
+            if (contentType && contentType.includes('application/json')) {
+                return r.json().then((d) => {
+                    throw new common_1.LightdashError(d.error);
+                });
+            }
+            return r.text().then((text) => {
+                throw new Error(`Received non-JSON response from server (status ${r.status}): ${text}`);
+            });
+        }
+        return r;
+    })
+        .then((r) => r.json())
+        .then((d) => {
+        globalState_1.default.debug(`> HTTP request returned status: ${d.status}`);
+        switch (d.status) {
+            case 'ok':
+                return d.results;
+            case 'error':
+                throw new common_1.LightdashError(d.error);
+            default:
+                throw new Error(d);
+        }
+    })
+        .catch((err) => {
+        // ApiErrorResponse
+        throw err;
+    });
+};
+exports.lightdashApi = lightdashApi;
+const getUserContext = async () => (0, exports.lightdashApi)({
+    method: 'GET',
+    url: `/api/v1/user`,
+    body: undefined,
+});
+exports.getUserContext = getUserContext;
+const checkProjectCreationPermission = async (upstreamProjectUuid, projectType) => {
+    try {
+        const user = await (0, exports.getUserContext)();
+        // Build CASL ability from user's ability rules (same as backend)
+        const ability = new ability_1.Ability(user.abilityRules);
+        if (!user.organizationUuid) {
+            throw new common_1.ForbiddenError(`You don't have permission to create projects. Please ensure you're a member of an organization.`);
+        }
+        // Replicates logic from ProjectService.validateProjectCreationPermissions
+        switch (projectType) {
+            case common_1.ProjectType.DEFAULT:
+                if (ability.can('create', (0, ability_1.subject)('Project', {
+                    organizationUuid: user.organizationUuid,
+                    type: common_1.ProjectType.DEFAULT,
+                }))) {
+                    return;
+                }
+                throw new common_1.ForbiddenError(`You don't have permission to create projects in this organization.\n` +
+                    `This typically requires the 'admin' or 'developer' role.\n` +
+                    `Contact your organization admin to request access.`);
+            case common_1.ProjectType.PREVIEW:
+                if (upstreamProjectUuid) {
+                    if (
+                    // checks if user has permission to access upstream project
+                    ability.cannot('view', (0, ability_1.subject)('Project', {
+                        organizationUuid: user.organizationUuid,
+                        projectUuid: upstreamProjectUuid,
+                    }))) {
+                        throw new common_1.ForbiddenError(`Unable to create preview project: you don't have permission to access the upstream project.\n` +
+                            `You need 'view' access to the project you're trying to preview from.\n` +
+                            `Contact your admin to request access.`);
+                    }
+                    if (
+                    // checks if user has permission to create project from an upstream project on a project level
+                    ability.can('create', (0, ability_1.subject)('Project', {
+                        upstreamProjectUuid,
+                        type: common_1.ProjectType.PREVIEW,
+                    }))) {
+                        return;
+                    }
+                }
+                if (
+                // checks if user has permission to create project on an organization level
+                ability.can('create', (0, ability_1.subject)('Project', {
+                    organizationUuid: user.organizationUuid,
+                    type: common_1.ProjectType.PREVIEW,
+                }))) {
+                    return;
+                }
+                throw new common_1.ForbiddenError(`You don't have permission to create preview projects in this organization.\n` +
+                    `This typically requires the 'developer' or 'admin' role.\n` +
+                    `Contact your organization admin to request access.`);
+            default:
+                throw new Error(`Unknown project type: ${projectType}`);
+        }
+    }
+    catch (err) {
+        if (err instanceof common_1.ForbiddenError ||
+            err instanceof common_1.AuthorizationError) {
+            throw err;
+        }
+        globalState_1.default.debug(`Failed to check permissions: ${err}`);
+        // If we can't check permissions, we'll let the API call fail with proper error
+    }
+};
+exports.checkProjectCreationPermission = checkProjectCreationPermission;
+const checkLightdashVersion = async () => {
+    try {
+        const health = await (0, exports.lightdashApi)({
+            method: 'GET',
+            url: `/api/v1/health`,
+            body: undefined,
+        });
+        if (health.version !== env_1.CLI_VERSION) {
+            const config = await (0, config_1.getConfig)();
+            console.error(`${styles.title('Warning')}: CLI (${env_1.CLI_VERSION}) is running a different version than Clary (${health.version}) on ${config.context?.serverUrl}.\n         Some commands may fail, consider upgrading your CLI by ${styles.secondary((0, env_1.getUpdateInstructions)(health.version))}`);
+        }
+    }
+    catch (err) {
+        globalState_1.default.debug(`> Health check failed: ${err}`);
+    }
+};
+exports.checkLightdashVersion = checkLightdashVersion;

package/dist/handlers/dbt/compile.d.ts

@@ -0,0 +1,35 @@
+import { LoadManifestArgs } from '../../dbt/manifest';
+export type DbtCompileOptions = {
+    profilesDir: string | undefined;
+    projectDir: string | undefined;
+    target: string | undefined;
+    profile: string | undefined;
+    select: string[] | undefined;
+    models: string[] | undefined;
+    vars: string | undefined;
+    threads: string | undefined;
+    noVersionCheck: boolean | undefined;
+    exclude: string[] | undefined;
+    selector: string | undefined;
+    state: string | undefined;
+    fullRefresh: boolean | undefined;
+    skipDbtCompile: boolean | undefined;
+    skipWarehouseCatalog: boolean | undefined;
+    useDbtList: boolean | undefined;
+    defer: boolean | undefined;
+    targetPath: string | undefined;
+    favorState: boolean | undefined;
+};
+export declare const dbtCompile: (options: DbtCompileOptions) => Promise<void>;
+export declare function dbtList(options: DbtCompileOptions): Promise<string[]>;
+export type CompileModelsResult = {
+    compiledModelIds: string[] | undefined;
+    /**
+     * The model IDs from the user's original selection (e.g. --select "tag:lightdash").
+     * When --defer is used, models NOT in this list were pulled in via joins
+     * and should use the production schema from the state manifest.
+     */
+    originallySelectedModelIds: string[] | undefined;
+};
+export declare function maybeCompileModelsAndJoins(loadManifestOpts: LoadManifestArgs, initialOptions: DbtCompileOptions): Promise<CompileModelsResult>;
+//# sourceMappingURL=compile.d.ts.map

package/dist/handlers/dbt/compile.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"compile.d.ts","sourceRoot":"","sources":["../../../src/handlers/dbt/compile.ts"],"names":[],"mappings":"AAYA,OAAO,EAAgB,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAIpE,MAAM,MAAM,iBAAiB,GAAG;IAC5B,WAAW,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,MAAM,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;IAC7B,MAAM,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;IAC7B,IAAI,EAAE,MAAM,GAAG,SAAS,CAAC;IACzB,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,cAAc,EAAE,OAAO,GAAG,SAAS,CAAC;IACpC,OAAO,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;IAC9B,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,KAAK,EAAE,MAAM,GAAG,SAAS,CAAC;IAC1B,WAAW,EAAE,OAAO,GAAG,SAAS,CAAC;IACjC,cAAc,EAAE,OAAO,GAAG,SAAS,CAAC;IACpC,oBAAoB,EAAE,OAAO,GAAG,SAAS,CAAC;IAC1C,UAAU,EAAE,OAAO,GAAG,SAAS,CAAC;IAChC,KAAK,EAAE,OAAO,GAAG,SAAS,CAAC;IAC3B,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,UAAU,EAAE,OAAO,GAAG,SAAS,CAAC;CACnC,CAAC;AAwCF,eAAO,MAAM,UAAU,GAAU,SAAS,iBAAiB,kBAW1D,CAAC;AAsEF,wBAAsB,OAAO,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAyC3E;AAED,MAAM,MAAM,mBAAmB,GAAG;IAC9B,gBAAgB,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;IACvC;;;;OAIG;IACH,0BAA0B,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;CACpD,CAAC;AAEF,wBAAsB,0BAA0B,CAC5C,gBAAgB,EAAE,gBAAgB,EAClC,cAAc,EAAE,iBAAiB,GAClC,OAAO,CAAC,mBAAmB,CAAC,CA0G9B"}