@devicecloud.dev/dcd 4.4.9 → 5.0.0-beta.1

package/dist/methods.js

@@ -1,86 +1,101 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.formatDurationSeconds = exports.writeJSONFile = exports.uploadBinary = exports.verifyAppZip = exports.compressFilesFromRelativePath = exports.compressFolderToBlob = exports.toBuffer = void 0;
-const core_1 = require("@oclif/core");
-const archiver = require("archiver");
-const node_crypto_1 = require("node:crypto");
-const node_fs_1 = require("node:fs");
-const promises_1 = require("node:fs/promises");
-const path = require("node:path");
-const node_stream_1 = require("node:stream");
-const StreamZip = require("node-stream-zip");
-const api_gateway_1 = require("./gateways/api-gateway");
-const supabase_gateway_1 = require("./gateways/supabase-gateway");
-const metadata_extractor_service_1 = require("./services/metadata-extractor.service");
-const styling_1 = require("./utils/styling");
+import { ux } from './utils/progress.js';
+import { createHash } from 'node:crypto';
+import { createReadStream, createWriteStream, mkdirSync, readdirSync, writeFileSync, } from 'node:fs';
+import { access, mkdtemp, readFile, rm, stat, writeFile } from 'node:fs/promises';
+import * as os from 'node:os';
+import * as path from 'node:path';
+import { pipeline } from 'node:stream/promises';
+import StreamZip from 'node-stream-zip';
+import * as yazl from 'yazl';
+import { inferEnvFromApiUrl } from './config/environments.js';
+import { ApiError, ApiGateway } from './gateways/api-gateway.js';
+import { SupabaseGateway } from './gateways/supabase-gateway.js';
+import { MetadataExtractorService } from './services/metadata-extractor.service.js';
+import { colors, formatId } from './utils/styling.js';
 const mimeTypeLookupByExtension = {
     apk: 'application/vnd.android.package-archive',
     yaml: 'application/x-yaml',
     zip: 'application/zip',
 };
-const toBuffer = async (archive) => {
-    const chunks = [];
-    const writable = new node_stream_1.Writable();
-    writable._write = (chunk, _, callback) => {
-        // save to array to concatenate later
-        chunks.push(chunk);
-        callback();
-    };
-    // pipe to writable
-    archive.pipe(writable);
-    await archive.finalize();
-    // once done, concatenate chunks
-    return Buffer.concat(chunks);
-};
-exports.toBuffer = toBuffer;
-const compressFolderToBlob = async (sourceDir) => {
-    const archive = archiver('zip', {
-        zlib: { level: 9 },
-    });
-    archive.on('error', (err) => {
-        throw err;
-    });
-    archive.directory(sourceDir, sourceDir.split('/').pop());
-    const buffer = await (0, exports.toBuffer)(archive);
-    return new Blob([buffer], { type: 'application/zip' });
-};
-exports.compressFolderToBlob = compressFolderToBlob;
-const compressFilesFromRelativePath = async (basePath, files, commonRoot) => {
-    const archive = archiver('zip', {
-        zlib: { level: 9 },
+async function zipToBuffer(zipfile) {
+    return new Promise((resolve, reject) => {
+        // Typed as Uint8Array[] so Buffer.concat infers Buffer<ArrayBuffer> — matches
+        // the `BlobPart` shape that callers pass to `new Blob([...])`.
+        const chunks = [];
+        zipfile.outputStream.on('data', (chunk) => chunks.push(chunk));
+        zipfile.outputStream.on('end', () => resolve(Buffer.concat(chunks)));
+        zipfile.outputStream.on('error', reject);
+        zipfile.end();
     });
-    archive.on('error', (err) => {
-        throw err;
+}
+/** Normalize a filesystem path to a POSIX-style zip entry name. */
+function toZipEntryName(relativePath) {
+    return relativePath.split(path.sep).join('/').replace(/^\/+/, '');
+}
+/**
+ * Zip a .app directory to a temp file on disk, streaming entries through
+ * yazl so the archive is never held in memory (iOS bundles run to GBs).
+ * Returns the temp directory holding the zip — callers remove it after the
+ * upload completes.
+ */
+async function compressFolderToTempZip(sourceDir) {
+    const zipfile = new yazl.ZipFile();
+    const rootName = path.basename(sourceDir);
+    const entries = readdirSync(sourceDir, {
+        recursive: true,
+        withFileTypes: true,
     });
+    for (const entry of entries) {
+        if (!entry.isFile())
+            continue;
+        const absolutePath = path.join(entry.parentPath, entry.name);
+        const relativePath = path.relative(sourceDir, absolutePath);
+        zipfile.addFile(absolutePath, toZipEntryName(path.join(rootName, relativePath)));
+    }
+    const tempDir = await mkdtemp(path.join(os.tmpdir(), 'dcd-app-zip-'));
+    const zipPath = path.join(tempDir, `${rootName}.zip`);
+    zipfile.end();
+    await pipeline(zipfile.outputStream, createWriteStream(zipPath));
+    return { tempDir, zipPath };
+}
+export const compressFilesFromRelativePath = async (basePath, files, commonRoot) => {
+    const zipfile = new yazl.ZipFile();
     for (const file of files) {
-        archive.file(path.resolve(basePath, file), {
-            name: file.replace(commonRoot, ''),
-        });
+        // Anchored prefix strip — replace() would remove the first occurrence
+        // of commonRoot anywhere in the path, not just at the start.
+        zipfile.addFile(path.resolve(basePath, file), toZipEntryName(file.startsWith(commonRoot) ? file.slice(commonRoot.length) : file));
     }
-    const buffer = await (0, exports.toBuffer)(archive);
-    // await writeFile('./my-zip.zip', buffer);
-    return buffer;
+    return zipToBuffer(zipfile);
 };
-exports.compressFilesFromRelativePath = compressFilesFromRelativePath;
-const verifyAppZip = async (zipPath) => {
+export const verifyAppZip = async (zipPath) => {
     // eslint-disable-next-line import/namespace, new-cap
     const zip = await new StreamZip.async({
         file: zipPath,
         storeEntries: true,
     });
-    const entries = await zip.entries();
-    const topLevelEntries = Object.values(entries).filter((entry) => !entry.name.split('/')[1]);
-    if (topLevelEntries.length !== 1 ||
-        !topLevelEntries[0].name.endsWith('.app/')) {
-        throw new Error('Zip file must contain exactly one entry which is a .app, check the contents of the zip file');
+    try {
+        const entries = await zip.entries();
+        // Derive top-level names from all entries rather than requiring an
+        // explicit directory entry — zips created without directory entries
+        // (e.g. Python's zipfile) are valid but have no ".app/" entry itself.
+        // macOS metadata (__MACOSX resource forks, .DS_Store) doesn't count
+        // toward the "exactly one .app" rule.
+        const topLevelNames = new Set(Object.values(entries)
+            .filter((entry) => !entry.name.startsWith('__MACOSX/') &&
+            entry.name.split('/').pop() !== '.DS_Store')
+            .map((entry) => entry.name.split('/')[0]));
+        if (topLevelNames.size !== 1 || ![...topLevelNames][0].endsWith('.app')) {
+            throw new Error('Zip file must contain exactly one entry which is a .app, check the contents of the zip file');
+        }
+    }
+    finally {
+        zip.close();
     }
-    zip.close();
 };
-exports.verifyAppZip = verifyAppZip;
-const uploadBinary = async (config) => {
-    const { filePath, apiUrl, apiKey, ignoreShaCheck = false, log = true, debug = false } = config;
+export const uploadBinary = async (config) => {
+    const { filePath, apiUrl, auth, ignoreShaCheck = false, log = true, debug = false } = config;
     if (log) {
-        core_1.ux.action.start(styling_1.colors.bold('Checking and uploading binary'), styling_1.colors.dim('Initializing'), {
+        ux.action.start(colors.bold('Checking and uploading binary'), colors.dim('Initializing'), {
             stdout: true,
         });
     }
@@ -91,32 +106,33 @@ const uploadBinary = async (config) => {
         console.log(`[DEBUG] Ignore SHA check: ${ignoreShaCheck}`);
     }
     const startTime = Date.now();
+    let source;
     try {
         // Prepare file for upload
-        const file = await prepareFileForUpload(filePath, debug, startTime);
+        source = await prepareFileForUpload(filePath, debug, startTime);
         // Calculate SHA hash
-        const sha = await calculateFileHash(file, debug, log);
+        const sha = await calculateFileHash(source, debug, log);
         // Check for existing upload with same SHA
         if (!ignoreShaCheck && sha) {
-            const { exists, binaryId } = await checkExistingUpload(apiUrl, apiKey, sha, debug);
+            const { exists, binaryId } = await checkExistingUpload(apiUrl, auth, sha, debug);
             if (exists && binaryId) {
                 if (log) {
-                    core_1.ux.info(styling_1.colors.dim('SHA hash matches existing binary with ID: ') + (0, styling_1.formatId)(binaryId) + styling_1.colors.dim(', skipping upload. Force upload with --ignore-sha-check'));
-                    core_1.ux.action.stop(styling_1.colors.info('Skipping upload'));
+                    ux.info(colors.dim('SHA hash matches existing binary with ID: ') + formatId(binaryId) + colors.dim(', skipping upload. Force upload with --ignore-sha-check'));
+                    ux.action.stop(colors.info('Skipping upload'));
                 }
                 return binaryId;
             }
         }
         // Perform the upload
-        const uploadId = await performUpload({ apiKey, apiUrl, debug, file, filePath, sha, startTime });
+        const uploadId = await performUpload({ auth, apiUrl, debug, filePath, sha, source, startTime });
         if (log) {
-            core_1.ux.action.stop(styling_1.colors.success('\n✓ Binary uploaded with ID: ') + (0, styling_1.formatId)(uploadId));
+            ux.action.stop(colors.success('\n✓ Binary uploaded with ID: ') + formatId(uploadId));
         }
         return uploadId;
     }
     catch (error) {
         if (log) {
-            core_1.ux.action.stop(styling_1.colors.error('✗ Failed'));
+            ux.action.stop(colors.error('✗ Failed'));
         }
         if (debug) {
             console.error('[DEBUG] === BINARY UPLOAD FAILED ===');
@@ -128,38 +144,35 @@ const uploadBinary = async (config) => {
             }
             console.error(`[DEBUG] Failed after ${Date.now() - startTime}ms`);
         }
-        // Add helpful context for common errors
-        if (error instanceof Error) {
-            if (error.name === 'NetworkError') {
-                throw error; // NetworkError already has detailed troubleshooting info
-            }
-            // Re-throw with original message
-            throw error;
-        }
         throw error;
     }
+    finally {
+        if (source?.cleanupDir) {
+            await rm(source.cleanupDir, { recursive: true, force: true }).catch(() => { });
+        }
+    }
 };
-exports.uploadBinary = uploadBinary;
 /**
- * Prepares a file for upload by reading or compressing it
+ * Prepares a file for upload: .app directories are zipped to a temp file on
+ * disk; everything else is described in place. Nothing is read into memory.
  * @param filePath Path to the file to upload
  * @param debug Whether debug logging is enabled
  * @param startTime Timestamp when upload started
- * @returns Promise resolving to prepared File object
+ * @returns Promise resolving to the upload source descriptor
  */
 async function prepareFileForUpload(filePath, debug, startTime) {
     if (debug) {
         console.log('[DEBUG] Preparing file for upload...');
     }
-    let file;
+    let source;
     if (filePath?.endsWith('.app')) {
         if (debug) {
             console.log('[DEBUG] Compressing .app folder to zip...');
         }
-        // Validate that the .app directory exists before attempting to compress
-        // Without this check, archiver silently creates an empty 22-byte zip for non-existent paths
+        // Validate that the .app directory exists before attempting to compress —
+        // zipping a non-existent path silently produces an empty 22-byte zip.
         try {
-            await (0, promises_1.access)(filePath);
+            await access(filePath);
         }
         catch {
             // Provide helpful error message for common quoting issues
@@ -181,29 +194,36 @@ async function prepareFileForUpload(filePath, debug, startTime) {
                 .join('\n');
             throw new Error(errorMessage);
         }
-        const zippedAppBlob = await (0, exports.compressFolderToBlob)(filePath);
-        file = new File([zippedAppBlob], filePath + '.zip');
+        const { tempDir, zipPath } = await compressFolderToTempZip(filePath);
+        const { size } = await stat(zipPath);
+        source = {
+            contentType: 'application/zip',
+            cleanupDir: tempDir,
+            diskPath: zipPath,
+            name: filePath + '.zip',
+            size,
+        };
         if (debug) {
-            console.log(`[DEBUG] Compressed file size: ${(zippedAppBlob.size / 1024 / 1024).toFixed(2)} MB`);
+            console.log(`[DEBUG] Compressed file size: ${(size / 1024 / 1024).toFixed(2)} MB`);
         }
     }
     else {
+        const { size } = await stat(filePath);
         if (debug) {
-            console.log('[DEBUG] Reading binary file...');
-        }
-        const fileBuffer = await (0, promises_1.readFile)(filePath);
-        if (debug) {
-            console.log(`[DEBUG] File size: ${(fileBuffer.length / 1024 / 1024).toFixed(2)} MB`);
-        }
-        const binaryBlob = new Blob([new Uint8Array(fileBuffer)], {
-            type: mimeTypeLookupByExtension[filePath.split('.').pop()],
-        });
-        file = new File([binaryBlob], filePath);
+            console.log(`[DEBUG] File size: ${(size / 1024 / 1024).toFixed(2)} MB`);
+        }
+        source = {
+            contentType: mimeTypeLookupByExtension[filePath.split('.').pop()] ||
+                'application/octet-stream',
+            diskPath: filePath,
+            name: filePath,
+            size,
+        };
     }
     if (debug) {
         console.log(`[DEBUG] File preparation completed in ${Date.now() - startTime}ms`);
     }
-    return file;
+    return source;
 }
 /**
  * Calculates SHA-256 hash for a file
@@ -212,13 +232,13 @@ async function prepareFileForUpload(filePath, debug, startTime) {
  * @param log Whether to log warnings
  * @returns Promise resolving to SHA-256 hash or undefined if failed
  */
-async function calculateFileHash(file, debug, log) {
+async function calculateFileHash(source, debug, log) {
     try {
         if (debug) {
             console.log('[DEBUG] Calculating SHA-256 hash...');
         }
         const hashStartTime = Date.now();
-        const sha = await getFileHashFromFile(file);
+        const sha = await getFileHashFromPath(source.diskPath);
         if (debug) {
             console.log(`[DEBUG] SHA-256 hash: ${sha}`);
             console.log(`[DEBUG] Hash calculation completed in ${Date.now() - hashStartTime}ms`);
@@ -238,19 +258,19 @@ async function calculateFileHash(file, debug, log) {
 /**
  * Checks if an upload with the same SHA already exists
  * @param apiUrl API base URL
- * @param apiKey API authentication key
+ * @param auth AuthContext carrying request headers
  * @param sha SHA-256 hash to check
  * @param debug Whether debug logging is enabled
  * @returns Promise resolving to object with exists flag and optional binaryId
  */
-async function checkExistingUpload(apiUrl, apiKey, sha, debug) {
+async function checkExistingUpload(apiUrl, auth, sha, debug) {
     try {
         if (debug) {
             console.log('[DEBUG] Checking for existing upload with matching SHA...');
             console.log(`[DEBUG] Target endpoint: ${apiUrl}/uploads/checkForExistingUpload`);
         }
         const shaCheckStartTime = Date.now();
-        const { appBinaryId, exists } = await api_gateway_1.ApiGateway.checkForExistingUpload(apiUrl, apiKey, sha);
+        const { appBinaryId, exists } = await ApiGateway.checkForExistingUpload(apiUrl, auth, sha);
         if (debug) {
             console.log(`[DEBUG] SHA check completed in ${Date.now() - shaCheckStartTime}ms`);
             console.log(`[DEBUG] Existing binary found: ${exists}`);
@@ -261,6 +281,11 @@ async function checkExistingUpload(apiUrl, apiKey, sha, debug) {
         return { binaryId: appBinaryId, exists };
     }
     catch (error) {
+        // Invalid credentials will fail every subsequent request — surface now
+        // rather than after the user has waited through a potentially huge upload.
+        if (error instanceof ApiError && (error.status === 401 || error.status === 403)) {
+            throw error;
+        }
         if (debug) {
             console.error('[DEBUG] === SHA CHECK FAILED ===');
             console.error('[DEBUG] Continuing with upload despite SHA check failure');
@@ -286,19 +311,19 @@ async function checkExistingUpload(apiUrl, apiKey, sha, debug) {
  * @param debug - Enable debug logging
  * @returns Upload result with success status and any error
  */
-async function uploadToSupabase(env, tempPath, file, debug) {
+async function uploadToSupabase(env, tempPath, source, debug) {
     if (debug) {
         console.log(`[DEBUG] Uploading to Supabase storage (${env}) using resumable uploads...`);
         console.log(`[DEBUG] Staging path: ${tempPath}`);
-        console.log(`[DEBUG] File size: ${(file.size / 1024 / 1024).toFixed(2)} MB`);
+        console.log(`[DEBUG] File size: ${(source.size / 1024 / 1024).toFixed(2)} MB`);
     }
     try {
         const uploadStartTime = Date.now();
-        await supabase_gateway_1.SupabaseGateway.uploadResumable(env, tempPath, file, debug);
+        await SupabaseGateway.uploadResumable(env, tempPath, source, debug);
         if (debug) {
             const uploadDuration = Date.now() - uploadStartTime;
             const uploadDurationSeconds = uploadDuration / 1000;
-            const uploadSpeed = (file.size / 1024 / 1024) / uploadDurationSeconds;
+            const uploadSpeed = (source.size / 1024 / 1024) / uploadDurationSeconds;
             console.log(`[DEBUG] Supabase resumable upload completed in ${uploadDurationSeconds.toFixed(2)}s (${uploadDuration}ms)`);
             console.log(`[DEBUG] Average upload speed: ${uploadSpeed.toFixed(2)} MB/s`);
         }
@@ -314,7 +339,7 @@ async function uploadToSupabase(env, tempPath, file, debug) {
                 console.error(`[DEBUG] Error stack:\n${uploadError.stack}`);
             }
             console.error(`[DEBUG] Staging path: ${tempPath}`);
-            console.error(`[DEBUG] File size: ${file.size} bytes`);
+            console.error(`[DEBUG] File size: ${source.size} bytes`);
             console.log('[DEBUG] Will attempt Backblaze fallback if available...');
         }
         return { error: uploadError, success: false };
@@ -326,7 +351,7 @@ async function uploadToSupabase(env, tempPath, file, debug) {
  * @returns Upload result with success status and any error
  */
 async function handleBackblazeUpload(config) {
-    const { b2, apiUrl, apiKey, finalPath, file, filePath, debug } = config;
+    const { b2, apiUrl, auth, finalPath, source, debug } = config;
     if (!b2) {
         if (debug) {
             console.log('[DEBUG] Backblaze not configured, will fall back to Supabase');
@@ -341,19 +366,18 @@ async function handleBackblazeUpload(config) {
         let backblazeSuccess = false;
         if (b2.strategy === 'simple' && b2.simple) {
             const simple = b2.simple;
-            backblazeSuccess = await uploadToBackblaze(simple.uploadUrl, simple.authorizationToken, `organizations/${finalPath}`, file, debug);
+            backblazeSuccess = await uploadToBackblaze(simple.uploadUrl, simple.authorizationToken, `organizations/${finalPath}`, source, debug);
         }
         else if (b2.strategy === 'large' && b2.large) {
             const large = b2.large;
             backblazeSuccess = await uploadLargeFileToBackblaze({
-                apiKey,
+                auth,
                 apiUrl,
                 debug,
                 fileId: large.fileId,
                 fileName: `organizations/${finalPath}`,
-                fileObject: file,
-                filePath,
-                fileSize: file.size,
+                filePath: source.diskPath,
+                fileSize: source.size,
                 uploadPartUrls: large.uploadPartUrls,
             });
         }
@@ -383,13 +407,13 @@ async function handleBackblazeUpload(config) {
 /**
  * Requests upload URL and paths from API
  * @param apiUrl - API base URL
- * @param apiKey - API authentication key
+ * @param auth - AuthContext carrying request headers
  * @param filePath - Path to the file being uploaded
  * @param fileSize - Size of the file in bytes
  * @param debug - Enable debug logging
  * @returns Promise resolving to upload paths and configuration
  */
-async function requestUploadPaths(apiUrl, apiKey, filePath, fileSize, debug) {
+async function requestUploadPaths(apiUrl, auth, filePath, fileSize, debug) {
     const platform = filePath?.endsWith('.apk') ? 'android' : 'ios';
     if (debug) {
         console.log('[DEBUG] Requesting upload URL...');
@@ -398,7 +422,7 @@ async function requestUploadPaths(apiUrl, apiKey, filePath, fileSize, debug) {
     }
     try {
         const urlRequestStartTime = Date.now();
-        const { id, tempPath, finalPath, b2 } = await api_gateway_1.ApiGateway.getBinaryUploadUrl(apiUrl, apiKey, platform, fileSize);
+        const { id, tempPath, finalPath, b2 } = await ApiGateway.getBinaryUploadUrl(apiUrl, auth, platform, fileSize);
         if (debug) {
             const hasStrategy = b2 && typeof b2 === 'object' && 'strategy' in b2;
             console.log(`[DEBUG] Upload URL request completed in ${Date.now() - urlRequestStartTime}ms`);
@@ -421,9 +445,11 @@ async function requestUploadPaths(apiUrl, apiKey, filePath, fileSize, debug) {
         // Add context to the error
         if (error instanceof Error) {
             if (error.name === 'NetworkError') {
-                throw new Error(`Failed to request upload URL from API.\n\n${error.message}`);
+                throw new Error(`Failed to request upload URL from API.\n\n${error.message}`, { cause: error });
             }
-            throw new Error(`Failed to request upload URL: ${error.message}`);
+            throw new Error(`Failed to request upload URL: ${error.message}`, {
+                cause: error,
+            });
         }
         throw error;
     }
@@ -437,7 +463,7 @@ async function requestUploadPaths(apiUrl, apiKey, filePath, fileSize, debug) {
 async function extractBinaryMetadata(filePath, debug) {
     if (debug)
         console.log('[DEBUG] Extracting app metadata...');
-    const metadataExtractor = new metadata_extractor_service_1.MetadataExtractorService();
+    const metadataExtractor = new MetadataExtractorService();
     const metadata = await metadataExtractor.extract(filePath);
     if (!metadata) {
         throw new Error(`Failed to extract metadata from ${filePath}. Supported formats: .apk, .app, .zip`);
@@ -478,29 +504,27 @@ function validateUploadResults(supabaseSuccess, backblazeSuccess, lastError, b2,
  * @returns Promise resolving to upload ID
  */
 async function performUpload(config) {
-    const { filePath, apiUrl, apiKey, file, sha, debug, startTime } = config;
+    const { filePath, apiUrl, auth, source, sha, debug, startTime } = config;
     // Request upload URL and paths
-    const { id, tempPath, finalPath, b2 } = await requestUploadPaths(apiUrl, apiKey, filePath, file.size, debug);
+    const { id, tempPath, finalPath, b2 } = await requestUploadPaths(apiUrl, auth, filePath, source.size, debug);
     // Extract app metadata
     const metadata = await extractBinaryMetadata(filePath, debug);
-    const env = apiUrl === 'https://api.devicecloud.dev' ? 'prod' : 'dev';
+    const env = inferEnvFromApiUrl(apiUrl);
     // Upload to Backblaze first (primary)
     const backblazeResult = await handleBackblazeUpload({
-        apiKey,
+        auth,
         apiUrl,
         b2: b2,
         debug,
-        file,
-        filePath,
         finalPath,
+        source,
     });
     let lastError = backblazeResult.error;
     // Always upload to Supabase (re-enabled as always-on alongside Backblaze)
-    let supabaseResult = { error: null, success: false };
     if (debug) {
         console.log('[DEBUG] Uploading to Supabase...');
     }
-    supabaseResult = await uploadToSupabase(env, tempPath, file, debug);
+    const supabaseResult = await uploadToSupabase(env, tempPath, source, debug);
     if (!supabaseResult.success && supabaseResult.error) {
         lastError = supabaseResult.error;
     }
@@ -520,15 +544,16 @@ async function performUpload(config) {
     }
     // Finalize upload
     const finalizeStartTime = Date.now();
-    await api_gateway_1.ApiGateway.finaliseUpload({
-        apiKey,
+    await ApiGateway.finaliseUpload({
+        auth,
         backblazeSuccess: backblazeResult.success,
         baseUrl: apiUrl,
-        bytes: file.size,
+        bytes: source.size,
         id,
         metadata,
         path: tempPath,
-        sha: sha,
+        // sha is undefined when hash calculation failed — omit it explicitly
+        ...(sha ? { sha } : {}),
         supabaseSuccess: supabaseResult.success,
     });
     if (debug) {
@@ -537,21 +562,89 @@ async function performUpload(config) {
     }
     return id;
 }
+/**
+ * Uploads an already-built flow zip directly to storage, mirroring the binary
+ * client-direct path: getFlowUploadUrl → upload to storage (Backblaze if
+ * offered + TUS to Supabase) → return the storage reference for submitFlowTest.
+ *
+ * The zip arrives as an in-memory Buffer (from `compressFilesFromRelativePath`);
+ * it's written to a temp file so the exact same disk-streaming uploaders the
+ * binary path uses can be reused unchanged. `supabaseSuccess`/`backblazeSuccess`
+ * are reported honestly based on which uploads succeeded.
+ *
+ * Errors from `getFlowUploadUrl` propagate untouched so callers can detect a
+ * 404 from an older API and fall back to the legacy multipart endpoint.
+ */
+export const uploadFlowZip = async (config) => {
+    const { apiUrl, auth, buffer, debug = false } = config;
+    const tempDir = await mkdtemp(path.join(os.tmpdir(), 'dcd-flow-zip-'));
+    const diskPath = path.join(tempDir, 'flowFile.zip');
+    try {
+        await writeFile(diskPath, buffer);
+        const source = {
+            contentType: 'application/zip',
+            diskPath,
+            name: 'flowFile.zip',
+            size: buffer.length,
+        };
+        // Same response shape as getBinaryUploadUrl. A 404 here means the API
+        // predates the client-direct flow path — let it propagate so the caller
+        // falls back to the multipart endpoint.
+        const { id, tempPath, finalPath, b2 } = await ApiGateway.getFlowUploadUrl(apiUrl, auth, buffer.length);
+        if (!tempPath)
+            throw new Error('No upload path provided by API');
+        const env = inferEnvFromApiUrl(apiUrl);
+        // Upload to Backblaze first (primary, if configured)
+        const backblazeResult = await handleBackblazeUpload({
+            auth,
+            apiUrl,
+            b2: b2,
+            debug,
+            finalPath,
+            source,
+        });
+        let lastError = backblazeResult.error;
+        // Always upload to Supabase (always-on alongside Backblaze)
+        const supabaseResult = await uploadToSupabase(env, tempPath, source, debug);
+        if (!supabaseResult.success && supabaseResult.error) {
+            lastError = supabaseResult.error;
+        }
+        validateUploadResults(supabaseResult.success, backblazeResult.success, lastError, b2, debug);
+        if (debug) {
+            console.log(`[DEBUG] Flow zip upload summary - Backblaze: ${backblazeResult.success ? '✓' : '✗'}, Supabase: ${supabaseResult.success ? '✓' : '✗'}`);
+        }
+        return {
+            backblazeSuccess: backblazeResult.success,
+            bytes: buffer.length,
+            id,
+            path: tempPath,
+            supabaseSuccess: supabaseResult.success,
+            useTus: true,
+        };
+    }
+    finally {
+        await rm(tempDir, { recursive: true, force: true }).catch(() => { });
+    }
+};
 /**
  * Upload file to Backblaze using signed URL (simple upload for files < 100MB)
  * @param uploadUrl - Backblaze upload URL
  * @param authorizationToken - Authorization token for the upload
  * @param fileName - Name/path of the file
- * @param file - File to upload
+ * @param source - Upload source descriptor (streamed from disk)
  * @param debug - Whether debug logging is enabled
  * @returns Promise that resolves when upload completes or fails gracefully
  */
-async function uploadToBackblaze(uploadUrl, authorizationToken, fileName, file, debug) {
+async function uploadToBackblaze(uploadUrl, authorizationToken, fileName, source, debug) {
     try {
-        const arrayBuffer = await file.arrayBuffer();
+        // The API only picks the simple strategy for small binaries (large files
+        // get the multi-part path), so one transient buffer here is bounded.
+        // S3 pre-signed PUTs reject chunked transfer encoding, which rules out a
+        // plain stream body.
+        const body = await readFile(source.diskPath);
         // Calculate SHA1 hash for Backblaze (B2 requires SHA1, not SHA256)
-        const sha1 = (0, node_crypto_1.createHash)('sha1');
-        sha1.update(Buffer.from(arrayBuffer));
+        const sha1 = createHash('sha1');
+        sha1.update(body);
         const sha1Hex = sha1.digest('hex');
         // Detect if this is an S3 pre-signed URL (authorization token is empty)
         const isS3PreSignedUrl = !authorizationToken || authorizationToken === '';
@@ -563,8 +656,8 @@ async function uploadToBackblaze(uploadUrl, authorizationToken, fileName, file,
         }
         // Build headers based on upload method
         const headers = {
-            'Content-Length': file.size.toString(),
-            'Content-Type': file.type || 'application/octet-stream',
+            'Content-Length': body.length.toString(),
+            'Content-Type': source.contentType || 'application/octet-stream',
             'X-Bz-Content-Sha1': sha1Hex,
         };
         // S3 pre-signed URLs have auth embedded in URL, native B2 uses Authorization header
@@ -573,7 +666,8 @@ async function uploadToBackblaze(uploadUrl, authorizationToken, fileName, file,
             headers['X-Bz-File-Name'] = encodeURIComponent(fileName);
         }
         const response = await fetch(uploadUrl, {
-            body: arrayBuffer,
+            // Zero-copy view over the buffer (new Uint8Array(buffer) would clone it).
+            body: new Uint8Array(body.buffer, body.byteOffset, body.byteLength),
             headers,
             method: isS3PreSignedUrl ? 'PUT' : 'POST',
         });
@@ -625,7 +719,7 @@ async function uploadToBackblaze(uploadUrl, authorizationToken, fileName, file,
 async function readFileChunk(filePath, start, end) {
     return new Promise((resolve, reject) => {
         const chunks = [];
-        const stream = (0, node_fs_1.createReadStream)(filePath, { start, end: end - 1 }); // end is inclusive in createReadStream
+        const stream = createReadStream(filePath, { start, end: end - 1 }); // end is inclusive in createReadStream
         stream.on('data', (chunk) => {
             chunks.push(chunk);
         });
@@ -637,38 +731,13 @@ async function readFileChunk(filePath, start, end) {
         });
     });
 }
-/**
- * Helper function to read a chunk from a File/Blob object
- * @param file - File or Blob object
- * @param start - Start byte position
- * @param end - End byte position (exclusive)
- * @returns Promise resolving to Buffer containing the chunk
- */
-async function readFileObjectChunk(file, start, end) {
-    const slice = file.slice(start, end);
-    const arrayBuffer = await slice.arrayBuffer();
-    return Buffer.from(arrayBuffer);
-}
-/**
- * Reads a file chunk from either a File object or disk
- * @param fileObject - Optional File object to read from
- * @param filePath - Path to file on disk
- * @param start - Start byte position
- * @param end - End byte position
- * @returns Promise resolving to Buffer containing the chunk
- */
-async function readChunk(fileObject, filePath, start, end) {
-    return fileObject
-        ? readFileObjectChunk(fileObject, start, end)
-        : readFileChunk(filePath, start, end);
-}
 /**
  * Calculates SHA1 hash for a buffer
  * @param buffer - Buffer to hash
  * @returns SHA1 hash as hex string
  */
 function calculateSha1(buffer) {
-    const sha1 = (0, node_crypto_1.createHash)('sha1');
+    const sha1 = createHash('sha1');
     sha1.update(buffer);
     return sha1.digest('hex');
 }
@@ -706,7 +775,9 @@ async function uploadPartToBackblaze(config) {
             if (debug) {
                 console.error(`[DEBUG] Network error uploading part ${partNumber} - could be DNS, connection, or SSL issue`);
             }
-            throw new Error(`Part ${partNumber} upload failed due to network error`);
+            throw new Error(`Part ${partNumber} upload failed due to network error`, {
+                cause: error,
+            });
         }
         throw error;
     }
@@ -744,14 +815,14 @@ function logBackblazeUploadError(error, debug) {
  * @returns Promise that resolves when upload completes or fails gracefully
  */
 async function uploadLargeFileToBackblaze(config) {
-    const { apiUrl, apiKey, fileId, uploadPartUrls, filePath, fileSize, debug, fileObject } = config;
+    const { apiUrl, auth, fileId, uploadPartUrls, filePath, fileSize, debug } = config;
     try {
         const partSha1Array = [];
         const partSize = Math.ceil(fileSize / uploadPartUrls.length);
         if (debug) {
             console.log(`[DEBUG] Uploading large file in ${uploadPartUrls.length} parts (streaming mode)`);
             console.log(`[DEBUG] Part size: ${(partSize / 1024 / 1024).toFixed(2)} MB`);
-            console.log(`[DEBUG] Reading from: ${fileObject ? 'in-memory File object' : filePath}`);
+            console.log(`[DEBUG] Reading from: ${filePath}`);
         }
         // Upload each part using streaming to avoid loading entire file into memory
         for (let i = 0; i < uploadPartUrls.length; i++) {
@@ -762,7 +833,7 @@ async function uploadLargeFileToBackblaze(config) {
             if (debug) {
                 console.log(`[DEBUG] Reading part ${partNumber}/${uploadPartUrls.length} bytes ${start}-${end}`);
             }
-            const partBuffer = await readChunk(fileObject, filePath, start, end);
+            const partBuffer = await readFileChunk(filePath, start, end);
             const sha1Hex = calculateSha1(partBuffer);
             partSha1Array.push(sha1Hex);
             await uploadPartToBackblaze({
@@ -776,18 +847,11 @@ async function uploadLargeFileToBackblaze(config) {
                 uploadUrl: uploadPartUrls[i].uploadUrl,
             });
         }
-        // Validate all parts were uploaded
-        if (partSha1Array.length !== uploadPartUrls.length) {
-            const errorMsg = `Part count mismatch: uploaded ${partSha1Array.length} parts but expected ${uploadPartUrls.length}`;
-            if (debug)
-                console.error(`[DEBUG] ${errorMsg}`);
-            throw new Error(errorMsg);
-        }
         if (debug) {
             console.log('[DEBUG] Finishing large file upload...');
             console.log(`[DEBUG] Finalizing ${partSha1Array.length} parts with fileId: ${fileId}`);
         }
-        await api_gateway_1.ApiGateway.finishLargeFile(apiUrl, apiKey, fileId, partSha1Array);
+        await ApiGateway.finishLargeFile(apiUrl, auth, fileId, partSha1Array);
         if (debug)
             console.log('[DEBUG] Large file upload completed successfully');
         return true;
@@ -797,27 +861,12 @@ async function uploadLargeFileToBackblaze(config) {
         return false;
     }
 }
-async function getFileHashFromFile(file) {
-    return new Promise((resolve, reject) => {
-        const hash = (0, node_crypto_1.createHash)('sha256');
-        const stream = file.stream();
-        const reader = stream.getReader();
-        const processChunks = async () => {
-            try {
-                let readerResult = await reader.read();
-                while (!readerResult.done) {
-                    const { value } = readerResult;
-                    hash.update(value);
-                    readerResult = await reader.read();
-                }
-                resolve(hash.digest('hex'));
-            }
-            catch (error) {
-                reject(error);
-            }
-        };
-        processChunks();
-    });
+async function getFileHashFromPath(filePath) {
+    const hash = createHash('sha256');
+    for await (const chunk of createReadStream(filePath)) {
+        hash.update(chunk);
+    }
+    return hash.digest('hex');
 }
 /**
  * Writes JSON data to a file with error handling
@@ -826,33 +875,36 @@ async function getFileHashFromFile(file) {
  * @param logger - Logger object with log and warn methods
  * @returns true if successful, false if an error occurred
  */
-const writeJSONFile = (filePath, data, logger) => {
+export const writeJSONFile = (filePath, data, logger) => {
     try {
-        (0, node_fs_1.writeFileSync)(filePath, JSON.stringify(data, null, 2));
-        logger.log(styling_1.colors.dim('JSON output written to: ') + styling_1.colors.highlight(path.resolve(filePath)));
+        const directory = path.dirname(filePath);
+        if (directory !== '.') {
+            mkdirSync(directory, { recursive: true });
+        }
+        writeFileSync(filePath, JSON.stringify(data, null, 2));
+        logger.log(colors.dim('JSON output written to: ') + colors.highlight(path.resolve(filePath)));
     }
     catch (error) {
         const errorMessage = error instanceof Error ? error.message : String(error);
         const isPermissionError = errorMessage.includes('EACCES') || errorMessage.includes('EPERM');
         const isNoSuchFileError = errorMessage.includes('ENOENT');
-        logger.warn(styling_1.colors.warning('⚠') + '  ' + styling_1.colors.error(`Failed to write JSON output to file: ${filePath}`));
+        logger.warn(colors.error(`Failed to write JSON output to file: ${filePath}`));
         if (isPermissionError) {
-            logger.warn(styling_1.colors.dim('   Permission denied - check file/directory write permissions'));
-            logger.warn(styling_1.colors.dim('   Try running with appropriate permissions or choose a different output location'));
+            logger.warn(colors.dim('   Permission denied - check file/directory write permissions'));
+            logger.warn(colors.dim('   Try running with appropriate permissions or choose a different output location'));
         }
         else if (isNoSuchFileError) {
-            logger.warn(styling_1.colors.dim('   Directory does not exist - create the directory first or choose an existing path'));
+            logger.warn(colors.dim('   Directory does not exist - create the directory first or choose an existing path'));
         }
-        logger.warn(styling_1.colors.dim('   Error details: ') + errorMessage);
+        logger.warn(colors.dim('   Error details: ') + errorMessage);
     }
 };
-exports.writeJSONFile = writeJSONFile;
 /**
  * Formats duration in seconds into a human readable string
  * @param durationSeconds - Duration in seconds
  * @returns Formatted duration string (e.g. "2m 30s" or "45s")
  */
-const formatDurationSeconds = (durationSeconds) => {
+export const formatDurationSeconds = (durationSeconds) => {
     const minutes = Math.floor(durationSeconds / 60);
     const seconds = durationSeconds % 60;
     if (minutes > 0) {
@@ -860,4 +912,3 @@ const formatDurationSeconds = (durationSeconds) => {
     }
     return `${durationSeconds}s`;
 };
-exports.formatDurationSeconds = formatDurationSeconds;