@decocms/start 3.0.0 → 4.1.0

package/.github/workflows/sync-secrets.yml

@@ -1,171 +0,0 @@
-name: sync-secrets (central)
-
-# Reusable workflow. Reconciles the per-storefront `SECRET_*` values stored in
-# this repo's `<site_name>-secrets` GitHub Environment with the Cloudflare
-# Worker's runtime secrets (with the `SECRET_` prefix stripped).
-#
-# Examples:
-#   SECRET_STRIPE_KEY in deco-start env  ->  STRIPE_KEY on the worker
-#
-# v3 architecture (D6.2 / S1): SECRET_* values live in deco-start environments
-# named `<site_name>-secrets` (e.g. `baggagio-tanstack-secrets`). Site teams
-# get per-environment edit/approve permissions via GitHub Environment
-# protection rules, enforced by GitHub itself. CF credentials never leave
-# decocms/deco-start, AND site secrets never leave decocms/deco-start either.
-# The storefront repo holds zero credentials.
-#
-# Defaults to dry-run; the caller must pass `mode=apply` to actually write.
-# Orphans on the worker (present on worker but not in the env as SECRET_*) are
-# warned about, never deleted.
-#
-# Caller usage (in the storefront repo, `.github/workflows/sync-secrets.yml`):
-#
-#   on:
-#     workflow_dispatch:
-#       inputs:
-#         mode:
-#           type: choice
-#           options: [dry-run, apply]
-#           default: dry-run
-#   permissions:
-#     contents: read
-#   jobs:
-#     trigger:
-#       runs-on: ubuntu-latest
-#       steps:
-#         - uses: actions/create-github-app-token@v1
-#           id: app-token
-#           with:
-#             app-id: ${{ secrets.DECOCMS_DEPLOYER_APP_ID }}
-#             private-key: ${{ secrets.DECOCMS_DEPLOYER_APP_PRIVATE_KEY }}
-#             owner: decocms
-#             repositories: deco-start
-#         - env:
-#             GH_TOKEN: ${{ steps.app-token.outputs.token }}
-#           run: |
-#             gh workflow run sync-secrets.yml \
-#               --repo decocms/deco-start \
-#               --ref v3 \
-#               -f site_name=${GITHUB_REPOSITORY##*/} \
-#               -f mode=${{ inputs.mode }}
-
-on:
-  workflow_dispatch:
-    inputs:
-      site_name:
-        description: "Storefront repo basename. Becomes the Cloudflare worker name AND the environment name (`<site_name>-secrets`)."
-        type: string
-        required: true
-      mode:
-        description: "dry-run = print diff only | apply = set secrets on worker"
-        type: string
-        required: false
-        default: "dry-run"
-
-permissions:
-  contents: read
-
-concurrency:
-  group: sync-secrets-${{ inputs.site_name }}
-  cancel-in-progress: false
-
-jobs:
-  sync:
-    runs-on: ubuntu-latest
-    # Dynamic per-storefront environment. Site teams get edit/approve
-    # permissions on their own environment via GitHub Environment protection
-    # rules (set up in this repo's Settings -> Environments).
-    environment: ${{ inputs.site_name }}-secrets
-    steps:
-      - name: Checkout deco-start (template + scripts)
-        uses: actions/checkout@v4
-
-      - name: Generate wrangler.jsonc (so wrangler knows which worker to target)
-        env:
-          DECO_START_PATH: "."
-          WORKER_NAME: ${{ inputs.site_name }}
-          OUTPUT_PATH: "./wrangler.jsonc"
-        run: node scripts/deploy/build-wrangler-config.mjs
-
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 22
-
-      - name: Install wrangler
-        run: npm install --no-save wrangler@4
-
-      - name: Plan and (optionally) apply
-        env:
-          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
-          # ALL_SECRETS includes both repo secrets (CLOUDFLARE_*) AND
-          # environment secrets (SECRET_*) because we're bound to the env.
-          ALL_SECRETS: ${{ toJSON(secrets) }}
-          MODE: ${{ inputs.mode }}
-        run: |
-          set -euo pipefail
-
-          desired_json=$(printf '%s' "$ALL_SECRETS" | jq '
-            to_entries
-            | map(select(.key | startswith("SECRET_")))
-            | map({ key: (.key | sub("^SECRET_"; "")), value: .value })
-            | from_entries
-          ')
-
-          desired_names=$(printf '%s' "$desired_json" | jq -r 'keys[]' | sort)
-
-          while IFS= read -r name; do
-            [ -z "$name" ] && continue
-            if ! [[ "$name" =~ ^[A-Z][A-Z0-9_]{0,63}$ ]]; then
-              echo "::error::Invalid worker secret name derived from SECRET_${name}: must match ^[A-Z][A-Z0-9_]{0,63}$"
-              exit 1
-            fi
-          done <<< "$desired_names"
-
-          existing=$(npx wrangler secret list --format=json | jq -r '.[].name' | sort)
-
-          to_set="$desired_names"
-          orphans=$(comm -23 <(printf '%s\n' "$existing") <(printf '%s\n' "$desired_names") || true)
-
-          {
-            echo "## Diff for ${{ inputs.site_name }}"
-            echo ""
-            echo "### Will set (from SECRET_* in \`${{ inputs.site_name }}-secrets\` environment):"
-            if [ -z "$to_set" ]; then
-              echo "  (none -- environment has no SECRET_* values)"
-            else
-              echo "$to_set" | sed 's/^/  + /'
-            fi
-            echo ""
-            echo "### Orphans (on worker, not in env as SECRET_*):"
-            if [ -z "$orphans" ]; then
-              echo "  (none)"
-            else
-              echo "$orphans" | sed 's/^/  ! /'
-              echo ""
-              echo "  These will NOT be deleted automatically. To remove manually:"
-              echo "$orphans" | sed 's|^|    npx wrangler secret delete "|; s|$|" --force|'
-            fi
-          } | tee -a "$GITHUB_STEP_SUMMARY"
-
-          if [ -n "$orphans" ]; then
-            echo "::warning::${orphans//$'\n'/, } exist on the worker but not in env as SECRET_*. Not deleting."
-          fi
-
-          if [ "$MODE" = "dry-run" ]; then
-            echo "::notice::dry-run mode -- no changes applied"
-            exit 0
-          fi
-
-          if [ -z "$to_set" ]; then
-            echo "Nothing to apply."
-            exit 0
-          fi
-
-          printf '%s' "$desired_json" | jq -r 'to_entries[] | "\(.key)\t\(.value)"' \
-            | while IFS=$'\t' read -r name value; do
-                echo "Setting $name..."
-                printf '%s' "$value" | npx wrangler secret put "$name"
-              done
-
-          echo "::notice::Applied $(echo "$to_set" | wc -l | tr -d ' ') secrets."

package/deploy/README.md

@@ -1,121 +0,0 @@
-# `deploy/` — central wrangler template
-
-This directory holds **`wrangler-template.jsonc`** — the canonical wrangler config
-that every storefront on the platform inherits. It is consumed by the reusable
-GitHub workflows under [`.github/workflows/`](../.github/workflows/)
-(`deploy.yml`, `preview.yml`, `sync-secrets.yml`) and by the local
-`deco-wrangler` CLI.
-
-There is **no per-site registry**. Worker name is the storefront repo basename
-by convention (`deco-sites/baggagio-tanstack` → worker `baggagio-tanstack`).
-Anything that must vary deterministically per worker (like the Analytics Engine
-dataset name) is encoded as a substitution token in the template — see
-[Substitution tokens](#substitution-tokens) below.
-
-## Trust model
-
-The deploy is gated by the `decocms-deployer` **GitHub App** being installed on
-the target storefront repo:
-
-1. The storefront's caller workflow mints a short-lived App-installation token.
-2. It calls `gh workflow run deploy.yml --repo decocms/deco-start -f site_owner=… -f site_name=…`.
-3. The central deploy workflow runs **in this repo's context** and itself mints
-   another short-lived App-installation token to check out the storefront. If
-   the App isn't installed on `<site_owner>/<site_name>`, the mint fails and
-   the deploy never starts.
-4. The central workflow then runs build + `wrangler deploy` using
-   `CLOUDFLARE_API_TOKEN` and `CLOUDFLARE_ACCOUNT_ID` from this repo's plain
-   repo secrets.
-
-Properties this gives:
-
-- **CF credentials never leave decocms/deco-start.** The storefront repo holds
-  zero Cloudflare credentials — it only has the GitHub App credentials, which
-  can be used solely to trigger workflows on this repo.
-- **Worker naming is convention-based and not customer-controlled.** A
-  customer with push access to their own storefront cannot rename the worker
-  their deploy lands on (the central workflow always uses
-  `inputs.site_name` as the worker name; modifying the caller stub to pass a
-  different `site_name` would also require the App to be installed on that
-  other repo).
-- **Force-rollback is impossible for production.** The central deploy
-  workflow ignores any caller-supplied sha and always resolves the
-  storefront's current default-branch HEAD itself. The worst a compromised
-  storefront can do across tenants is trigger a no-op redeploy of another
-  storefront's current main.
-
-`deploy/` and `scripts/deploy/` and the central workflow files are
-CODEOWNERS-protected — only the platform team approves changes.
-
-### Where Cloudflare credentials live
-
-| Secret class | Lives in | How it reaches the worker |
-|---|---|---|
-| `CLOUDFLARE_API_TOKEN` / `CLOUDFLARE_ACCOUNT_ID` | this repo's **repo secrets** | central workflow runs in this repo's context, env-var resolves natively |
-| `DECOCMS_DEPLOYER_APP_ID` / `DECOCMS_DEPLOYER_APP_PRIVATE_KEY` | this repo's repo secrets AND deco-sites org-level secrets | mints short-lived installation tokens for both directions of the dispatch flow |
-| `SECRET_*` runtime secrets (per site) | this repo's `<site_name>-secrets` GitHub Environment | `sync-secrets.yml` binds to that environment, reads `SECRET_*` from `${{ secrets }}`, runs `wrangler secret put` |
-
-To rotate Cloudflare credentials, edit them in this repo only. To rotate a
-runtime secret for one storefront, edit the corresponding environment in this
-repo only. No storefront PR needed for either.
-
-## How `wrangler.jsonc` is generated
-
-At deploy time, the central workflow runs
-[`scripts/deploy/build-wrangler-config.mjs`](../scripts/deploy/build-wrangler-config.mjs),
-which:
-
-1. Loads `deploy/wrangler-template.jsonc`.
-2. Substitutes `$WORKER_*` tokens (see below) using the worker name passed by
-   the central workflow (= storefront repo basename).
-3. Writes the result to `./wrangler.jsonc` in the storefront checkout, with
-   `name` injected as the first key.
-
-`account_id` is never written to JSON — wrangler reads it from
-`CLOUDFLARE_ACCOUNT_ID` (env var in CI; `wrangler login` locally). This way a
-typo cannot misroute a deploy to a different Cloudflare account.
-
-### Substitution tokens
-
-Any string in the template containing one of these literals is replaced at
-build time:
-
-| Token | Replacement | Example use |
-|---|---|---|
-| `$WORKER_NAME` | worker name verbatim | rare; mostly available for parity |
-| `$WORKER_UNDERSCORE` | worker name with `-` → `_` | `analytics_engine_datasets[].dataset` (must be a valid Postgres-style identifier) |
-
-To add a new derived field, add the token wherever it makes sense in
-`wrangler-template.jsonc`. Anything not in the substitution table appears
-verbatim in the generated config.
-
-## Adding a new site
-
-1. Install the `decocms-deployer` GitHub App on the new storefront repo
-   (Settings → Integrations → GitHub Apps in the deco-sites org).
-2. Add the four caller workflow stubs to the new repo (copy from any existing
-   storefront's `.github/workflows/{deploy,preview,sync-secrets,regen-blocks}.yml`).
-3. Add `wrangler.jsonc` to the new repo's `.gitignore` and add the
-   `gen:wrangler` / `predev` / `prebuild` / `types` scripts to `package.json`
-   so local dev still works (use any existing storefront as a template).
-4. If the site needs runtime secrets, create a new environment in this repo
-   named `<repo-basename>-secrets` and add the `SECRET_*` values there. Set
-   environment protection rules to grant the site team self-service access to
-   their own environment.
-5. Push to `main` and verify the deploy lands on a worker named after the repo.
-
-## Migrating an existing site whose worker name doesn't match its repo
-
-Two cases to be aware of:
-
-- **Worker rename.** The worker created by the first deploy will use the repo
-  basename. If an old worker exists with a different name (e.g.
-  `miess-01-tanstack` repo whose old worker was `miess-tanstack`), you'll need
-  a manual cutover: deploy the new worker, re-attach custom domain routes via
-  the Cloudflare dashboard, copy any wrangler secrets, then delete the old
-  worker. There is intentionally no per-site override for this — these cases
-  are rare and best resolved at the CF layer.
-- **AE dataset rename.** The dataset name is derived from worker name, so a
-  worker rename also changes the AE dataset. Old data remains queryable under
-  the old dataset name; new data goes to the new name. Update Grafana panels
-  and saved queries accordingly.

package/deploy/wrangler-template.jsonc

@@ -1,46 +0,0 @@
-// Canonical wrangler.jsonc template for every storefront on the platform.
-//
-// There is no per-site registry. Worker name == storefront repo basename by
-// convention; the central deploy workflows pass `WORKER_NAME` to the build
-// script, which substitutes `$WORKER_*` tokens in this template and writes
-// the result to `wrangler.jsonc` in the caller checkout.
-//
-// Substitution tokens (see scripts/deploy/site-registry.mjs):
-//   $WORKER_NAME        -> worker name verbatim         (e.g. "als-tanstack")
-//   $WORKER_UNDERSCORE  -> worker name, `-` -> `_`      (e.g. "als_tanstack")
-//
-// To upgrade compatibility flags, observability, KV bindings, or any field
-// that should change for every site at once, change this file and tag a new
-// deco-start release.
-//
-// Notes on what is INTENTIONALLY missing here:
-//   - "name" -- always derived from the per-site `worker_name`.
-//   - "account_id" -- never lives in the JSON. Wrangler reads it from the
-//     CLOUDFLARE_ACCOUNT_ID env var in CI and from local config otherwise.
-//     This way, a typo in JSON cannot misroute a deploy.
-//   - "routes" -- production custom domains are managed in the Cloudflare
-//     dashboard, not in JSON. Avoids drift between JSON and CF reality and
-//     means a site going live doesn't need a deco-start PR.
-//
-// To upgrade compatibility flags, observability, or worker-entry path across
-// every site at once, change this file and tag a new deco-start release.
-{
-  "compatibility_date": "2026-02-14",
-  "compatibility_flags": ["nodejs_compat", "no_handle_cross_request_promise_resolution"],
-  "main": "./src/worker-entry.ts",
-  "workers_dev": true,
-  "preview_urls": true,
-  "kv_namespaces": [
-    { "binding": "SITES_KV", "id": "ad0b74fc4d9341c9af9149c4ab85132f" }
-  ],
-  "version_metadata": { "binding": "CF_VERSION_METADATA" },
-  "analytics_engine_datasets": [
-    { "binding": "DECO_METRICS", "dataset": "deco_metrics_$WORKER_UNDERSCORE" }
-  ],
-  "observability": {
-    "logs": {
-      "enabled": true,
-      "invocation_logs": true
-    }
-  }
-}

package/scripts/deploy/build-wrangler-config.mjs

@@ -1,47 +0,0 @@
-#!/usr/bin/env node
-// build-wrangler-config.mjs
-//
-// Materializes a `wrangler.jsonc` from the canonical template, with
-// $WORKER_* tokens substituted. The output file is what `wrangler deploy` /
-// `wrangler versions upload` / `wrangler secret put` will read.
-//
-// Required env:
-//   DECO_START_PATH  - path to a checked-out deco-start (e.g. ".deco-start")
-//   WORKER_NAME      - the Cloudflare worker name (= storefront repo basename
-//                      by convention; passed by the central CI workflows)
-//   OUTPUT_PATH      - where to write the merged wrangler.jsonc
-//                      (e.g. "./wrangler.jsonc" in the caller checkout)
-
-import { writeFileSync } from "node:fs";
-import { resolve } from "node:path";
-import { applyWorkerName, loadTemplate } from "./site-registry.mjs";
-
-function fail(message) {
-  console.error(`::error::${message}`);
-  process.exit(1);
-}
-
-const decoStartPath = process.env.DECO_START_PATH;
-const workerName = process.env.WORKER_NAME;
-const outputPath = process.env.OUTPUT_PATH;
-
-if (!decoStartPath) fail("DECO_START_PATH env var is required");
-if (!workerName) fail("WORKER_NAME env var is required");
-if (!outputPath) fail("OUTPUT_PATH env var is required");
-
-let merged;
-try {
-  merged = applyWorkerName(loadTemplate(decoStartPath), workerName);
-} catch (err) {
-  fail(err instanceof Error ? err.message : String(err));
-}
-
-const header = `// AUTOGENERATED by @decocms/start at deploy time.
-// Do not edit -- changes will be overwritten on the next deploy.
-// Source: decocms/deco-start deploy/wrangler-template.jsonc + worker name "${workerName}"
-`;
-
-const body = JSON.stringify(merged, null, 2);
-writeFileSync(resolve(outputPath), `${header}${body}\n`);
-
-console.log(`Wrote ${outputPath} (worker "${workerName}")`);

package/scripts/deploy/jsonc.mjs

@@ -1,76 +0,0 @@
-// Minimal JSONC -> JSON parser used by the deploy scripts.
-//
-// Strips // line comments and /* block comments */ outside of string literals
-// and tolerates trailing commas in objects/arrays. Dependency-free so the
-// deploy scripts can run with vanilla `node` in CI.
-
-import { readFileSync } from "node:fs";
-
-/**
- * @param {string} input
- * @returns {string}
- */
-function stripComments(input) {
-  let out = "";
-  let i = 0;
-  let inStr = false;
-  let strChar = "";
-  while (i < input.length) {
-    const c = input[i];
-    const n = input[i + 1];
-    if (inStr) {
-      out += c;
-      if (c === "\\" && i + 1 < input.length) {
-        out += input[i + 1];
-        i += 2;
-        continue;
-      }
-      if (c === strChar) inStr = false;
-      i++;
-      continue;
-    }
-    if (c === '"') {
-      inStr = true;
-      strChar = c;
-      out += c;
-      i++;
-      continue;
-    }
-    if (c === "/" && n === "/") {
-      while (i < input.length && input[i] !== "\n") i++;
-      continue;
-    }
-    if (c === "/" && n === "*") {
-      i += 2;
-      while (i < input.length && !(input[i] === "*" && input[i + 1] === "/")) i++;
-      i += 2;
-      continue;
-    }
-    out += c;
-    i++;
-  }
-  return out;
-}
-
-/**
- * @param {string} text
- * @returns {unknown}
- */
-export function parseJsonc(text) {
-  const stripped = stripComments(text).replace(/,\s*([}\]])/g, "$1");
-  return JSON.parse(stripped);
-}
-
-/**
- * @param {string} path
- * @returns {unknown}
- */
-export function readJsoncFile(path) {
-  const raw = readFileSync(path, "utf8");
-  try {
-    return parseJsonc(raw);
-  } catch (err) {
-    const message = err instanceof Error ? err.message : String(err);
-    throw new Error(`Failed to parse JSONC at ${path}: ${message}`);
-  }
-}

package/scripts/deploy/site-registry.mjs

@@ -1,95 +0,0 @@
-// Template loader + token substitution for the canonical wrangler config.
-//
-// There is no per-site "registry" anymore: every site's wrangler config is
-// produced from `deploy/wrangler-template.jsonc` plus the worker name (which
-// equals the storefront repo basename by convention). To accommodate fields
-// that must vary deterministically per worker, the template can use these
-// substitution tokens, which are replaced at config-build time:
-//
-//   $WORKER_NAME        -> worker name verbatim     (e.g. "als-tanstack")
-//   $WORKER_UNDERSCORE  -> worker name, `-` -> `_`  (e.g. "als_tanstack")
-//
-// Trust model: callers cannot pass a fabricated worker name to the central
-// CI workflows -- the deploy is gated by the `decocms-deployer` GitHub App
-// being installed on the target storefront repo. If the App isn't installed
-// there, the App-token mint fails and the deploy never starts.
-
-import { existsSync } from "node:fs";
-import { join } from "node:path";
-import { readJsoncFile } from "./jsonc.mjs";
-
-/**
- * @param {string} decoStartPath
- * @returns {string}
- */
-export function templatePath(decoStartPath) {
-  return join(decoStartPath, "deploy", "wrangler-template.jsonc");
-}
-
-/**
- * @param {string} decoStartPath
- * @returns {Record<string, unknown>}
- */
-export function loadTemplate(decoStartPath) {
-  const path = templatePath(decoStartPath);
-  if (!existsSync(path)) {
-    throw new Error(`wrangler-template.jsonc not found at ${path}.`);
-  }
-  const raw = readJsoncFile(path);
-  if (raw === null || typeof raw !== "object" || Array.isArray(raw)) {
-    throw new Error(`Template at ${path} must be a JSON object.`);
-  }
-  return /** @type {Record<string, unknown>} */ (raw);
-}
-
-/**
- * Recursively replace `$WORKER_*` tokens in any string value of an
- * object/array tree. Returns a new tree.
- *
- * @param {unknown} value
- * @param {Record<string, string>} replacements
- * @returns {unknown}
- */
-function substituteTokens(value, replacements) {
-  if (typeof value === "string") {
-    let out = value;
-    for (const [token, repl] of Object.entries(replacements)) {
-      out = out.split(token).join(repl);
-    }
-    return out;
-  }
-  if (Array.isArray(value)) {
-    return value.map((v) => substituteTokens(v, replacements));
-  }
-  if (value && typeof value === "object") {
-    const out = /** @type {Record<string, unknown>} */ ({});
-    for (const [k, v] of Object.entries(value)) {
-      out[k] = substituteTokens(v, replacements);
-    }
-    return out;
-  }
-  return value;
-}
-
-/**
- * Produce the wrangler config object by substituting `$WORKER_*` tokens in
- * the template and prepending `name`.
- *
- * @param {Record<string, unknown>} template
- * @param {string} workerName
- * @returns {Record<string, unknown>}
- */
-export function applyWorkerName(template, workerName) {
-  if (typeof workerName !== "string" || !/^[a-z0-9][a-z0-9-]*$/.test(workerName)) {
-    throw new Error(
-      `Invalid worker name: ${JSON.stringify(workerName)}. Use lowercase, hyphen-separated.`,
-    );
-  }
-  const substituted = /** @type {Record<string, unknown>} */ (
-    substituteTokens(template, {
-      $WORKER_UNDERSCORE: workerName.replace(/-/g, "_"),
-      $WORKER_NAME: workerName,
-    })
-  );
-  return { name: workerName, ...substituted };
-}

package/scripts/deploy/wrangler-wrapper.mjs

@@ -1,118 +0,0 @@
-#!/usr/bin/env node
-// deco-wrangler
-//
-// Local-dev wrapper around `wrangler` for storefront repos that no longer
-// commit a `wrangler.jsonc`. Generates the canonical config from
-// `@decocms/start`'s template into `./wrangler.jsonc` (gitignored), then
-// optionally execs the real `wrangler` with that config in cwd.
-//
-// Usage from a customer repo (after `npm i -D @decocms/start@latest`):
-//
-//   npx deco-wrangler gen          # generate ./wrangler.jsonc and exit
-//                                  # (used by predev/prebuild/prepare hooks)
-//   npx deco-wrangler tail         # tail prod logs (worker name resolved automatically)
-//   npx deco-wrangler types        # regenerate worker-configuration.d.ts
-//   npx deco-wrangler deploy       # discouraged in dev; deploys go via CI
-//   npx deco-wrangler --help       # passes through to wrangler
-//
-// All non-`gen` invocations also (re)generate ./wrangler.jsonc first so the
-// file is always in sync with the template before wrangler runs. The
-// `@cloudflare/vite-plugin` and the `wrangler` CLI both auto-discover
-// ./wrangler.jsonc in cwd, so no extra config plumbing is required.
-//
-// Worker name resolves in this order:
-//
-//   1. DECO_WORKER_NAME env var (explicit override)
-//   2. git remote `origin` URL parsed for the GitHub repo basename
-//   3. package.json `name` field
-//
-// By convention worker name == storefront repo basename. The CI deploys use
-// the same convention. Local dev never deploys -- this wrapper is purely for
-// generating a config that matches what the central workflow will produce.
-
-import { execSync, spawnSync } from "node:child_process";
-import { readFileSync, writeFileSync } from "node:fs";
-import { dirname, resolve } from "node:path";
-import { fileURLToPath } from "node:url";
-import { applyWorkerName, loadTemplate } from "./site-registry.mjs";
-
-const SCRIPT_DIR = dirname(fileURLToPath(import.meta.url));
-// scripts/deploy/wrangler-wrapper.mjs -> deco-start root
-const DECO_START_PATH = resolve(SCRIPT_DIR, "..", "..");
-
-function eprintln(msg) {
-  process.stderr.write(`[deco-wrangler] ${msg}\n`);
-}
-
-function tryGitRemoteWorkerName() {
-  try {
-    const url = execSync("git remote get-url origin", {
-      stdio: ["ignore", "pipe", "ignore"],
-    })
-      .toString()
-      .trim();
-    // matches both git@github.com:org/repo(.git) and https://github.com/org/repo(.git)
-    const m = url.match(/github\.com[:/][^/]+\/([^/]+?)(?:\.git)?$/);
-    return m?.[1];
-  } catch {
-    return undefined;
-  }
-}
-
-function tryPackageJsonName() {
-  try {
-    const pkg = JSON.parse(readFileSync(resolve(process.cwd(), "package.json"), "utf8"));
-    return typeof pkg.name === "string" ? pkg.name : undefined;
-  } catch {
-    return undefined;
-  }
-}
-
-function resolveWorkerName() {
-  const envName = process.env.DECO_WORKER_NAME?.trim();
-  if (envName) return { name: envName, source: "DECO_WORKER_NAME env var" };
-  const gitName = tryGitRemoteWorkerName();
-  if (gitName) return { name: gitName, source: "git remote origin" };
-  const pkgName = tryPackageJsonName();
-  if (pkgName) return { name: pkgName, source: "package.json name" };
-  return undefined;
-}
-
-const resolved = resolveWorkerName();
-if (!resolved) {
-  eprintln(
-    "Could not determine worker name. Set DECO_WORKER_NAME or run from a repo with a github.com 'origin' remote.",
-  );
-  process.exit(1);
-}
-
-let merged;
-try {
-  merged = applyWorkerName(loadTemplate(DECO_START_PATH), resolved.name);
-} catch (err) {
-  eprintln(err instanceof Error ? err.message : String(err));
-  eprintln(`Worker name "${resolved.name}" was inferred from ${resolved.source}.`);
-  process.exit(1);
-}
-
-const outputPath = resolve(process.cwd(), "wrangler.jsonc");
-const header = `// AUTOGENERATED by deco-wrangler -- DO NOT COMMIT.
-// Add wrangler.jsonc to .gitignore. Regenerated on every \`deco-wrangler\` run.
-// Source: @decocms/start deploy/wrangler-template.jsonc + worker name "${resolved.name}"
-`;
-writeFileSync(outputPath, `${header}${JSON.stringify(merged, null, 2)}\n`);
-
-eprintln(`Resolved worker name "${resolved.name}" (via ${resolved.source})`);
-eprintln(`Generated ${outputPath}`);
-
-const argv = process.argv.slice(2);
-// `gen` mode: just write the config and exit. Used by package.json
-// predev/prebuild/prepare hooks to keep wrangler.jsonc in sync with the
-// template without invoking wrangler itself.
-if (argv[0] === "gen" || argv[0] === "generate") {
-  process.exit(0);
-}
-
-const wranglerArgs = ["wrangler", ...argv];
-const result = spawnSync("npx", wranglerArgs, { stdio: "inherit" });
-process.exit(result.status ?? 1);