@emulators/vercel 0.4.0 → 0.5.0

package/README.md

@@ -0,0 +1,90 @@
+# @emulators/vercel
+
+Fully stateful Vercel API emulation with Vercel-style JSON responses and cursor-based pagination.
+
+Part of [emulate](https://github.com/vercel-labs/emulate) — local drop-in replacement services for CI and no-network sandboxes.
+
+## Install
+
+```bash
+npm install @emulators/vercel
+```
+
+## Endpoints
+
+### User & Teams
+- `GET /v2/user` — authenticated user
+- `PATCH /v2/user` — update user
+- `GET /v2/teams` — list teams (cursor paginated)
+- `GET /v2/teams/:teamId` — get team (by ID or slug)
+- `POST /v2/teams` — create team
+- `PATCH /v2/teams/:teamId` — update team
+- `GET /v2/teams/:teamId/members` — list members
+- `POST /v2/teams/:teamId/members` — add member
+
+### Projects
+- `POST /v11/projects` — create project (with optional env vars and git integration)
+- `GET /v10/projects` — list projects (search, cursor pagination)
+- `GET /v9/projects/:idOrName` — get project (includes env vars)
+- `PATCH /v9/projects/:idOrName` — update project
+- `DELETE /v9/projects/:idOrName` — delete project (cascades)
+- `GET /v1/projects/:projectId/promote/aliases` — promote aliases status
+- `PATCH /v1/projects/:idOrName/protection-bypass` — manage bypass secrets
+
+### Deployments
+- `POST /v13/deployments` — create deployment (auto-transitions to READY)
+- `GET /v13/deployments/:idOrUrl` — get deployment (by ID or URL)
+- `GET /v6/deployments` — list deployments (filter by project, target, state)
+- `DELETE /v13/deployments/:id` — delete deployment (cascades)
+- `PATCH /v12/deployments/:id/cancel` — cancel building deployment
+- `GET /v2/deployments/:id/aliases` — list deployment aliases
+- `GET /v3/deployments/:idOrUrl/events` — get build events/logs
+- `GET /v6/deployments/:id/files` — list deployment files
+- `POST /v2/files` — upload file (by SHA digest)
+
+### Domains
+- `POST /v10/projects/:idOrName/domains` — add domain (with verification challenge)
+- `GET /v9/projects/:idOrName/domains` — list domains
+- `GET /v9/projects/:idOrName/domains/:domain` — get domain
+- `PATCH /v9/projects/:idOrName/domains/:domain` — update domain
+- `DELETE /v9/projects/:idOrName/domains/:domain` — remove domain
+- `POST /v9/projects/:idOrName/domains/:domain/verify` — verify domain
+
+### Environment Variables
+- `GET /v10/projects/:idOrName/env` — list env vars (with decrypt option)
+- `POST /v10/projects/:idOrName/env` — create env vars (single, batch, upsert)
+- `GET /v10/projects/:idOrName/env/:id` — get env var
+- `PATCH /v9/projects/:idOrName/env/:id` — update env var
+- `DELETE /v9/projects/:idOrName/env/:id` — delete env var
+
+## Auth
+
+All endpoints accept `teamId` or `slug` query params for team scoping. Pagination uses cursor-based `limit`/`since`/`until` with `pagination` response objects.
+
+## Seed Configuration
+
+```yaml
+vercel:
+  users:
+    - username: developer
+      name: Developer
+      email: dev@example.com
+  teams:
+    - slug: my-team
+      name: My Team
+  projects:
+    - name: my-app
+      team: my-team
+      framework: nextjs
+  integrations:
+    - client_id: "oac_abc123"
+      client_secret: "secret_abc123"
+      name: "My Vercel App"
+      redirect_uris:
+        - "http://localhost:3000/api/auth/callback/vercel"
+```
+
+## Links
+
+- [Full documentation](https://emulate.dev/vercel)
+- [GitHub](https://github.com/vercel-labs/emulate)

package/dist/index.js

@@ -6,7 +6,10 @@ function getVercelStore(store) {
     teamMembers: store.collection("vercel.team_members", ["teamId", "userId"]),
     projects: store.collection("vercel.projects", ["uid", "name", "accountId"]),
     deployments: store.collection("vercel.deployments", ["uid", "projectId", "url"]),
-    deploymentAliases: store.collection("vercel.deployment_aliases", ["deploymentId", "projectId"]),
+    deploymentAliases: store.collection("vercel.deployment_aliases", [
+      "deploymentId",
+      "projectId"
+    ]),
     builds: store.collection("vercel.builds", ["deploymentId"]),
     deploymentEvents: store.collection("vercel.deployment_events", ["deploymentId"]),
     files: store.collection("vercel.files", ["digest"]),
@@ -51,7 +54,7 @@ function resolveTeamScope(c, vs) {
   return { accountId: user.uid, team: null };
 }
 function lookupProject(vs, idOrName, accountId) {
-  let project = vs.projects.findOneBy("uid", idOrName);
+  const project = vs.projects.findOneBy("uid", idOrName);
   if (project && project.accountId === accountId) return project;
   const byName = vs.projects.findBy("name", idOrName);
   return byName.find((p) => p.accountId === accountId);
@@ -287,6 +290,7 @@ var FONTS = {
   "geist-sans.woff2": readFileSync(join(__dirname, "fonts", "geist-sans.woff2")),
   "GeistPixel-Square.woff2": readFileSync(join(__dirname, "fonts", "GeistPixel-Square.woff2"))
 };
+var FAVICON = readFileSync(join(__dirname, "fonts", "favicon.ico"));
 function escapeHtml(s) {
   return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
 }
@@ -438,6 +442,132 @@ body{
 .app-link-name{font-weight:600;font-size:.875rem;color:#33ff00;}
 .app-link-scopes{font-size:.6875rem;color:#1a8c00;margin-top:1px;}
 .empty{color:#1a8c00;text-align:center;padding:28px 0;font-size:.875rem;}
+
+.inspector-layout{max-width:960px;margin:0 auto;padding:28px 20px;}
+.inspector-tabs{display:flex;gap:4px;margin-bottom:20px;}
+.inspector-tabs a{
+  padding:7px 16px;border-radius:6px;text-decoration:none;
+  font-size:.8125rem;color:#1a8c00;border:1px solid transparent;
+  transition:color .15s,border-color .15s;
+}
+.inspector-tabs a:hover{color:#33ff00;}
+.inspector-tabs a.active{color:#33ff00;font-weight:600;border-color:#0a3300;background:#0a3300;}
+.inspector-section{margin-bottom:24px;}
+.inspector-section h2{
+  font-family:'Geist Pixel',monospace;
+  font-size:1rem;font-weight:600;color:#33ff00;margin-bottom:10px;
+}
+.inspector-section h3{
+  font-family:'Geist Pixel',monospace;
+  font-size:.875rem;font-weight:600;color:#1a8c00;margin:16px 0 8px;
+}
+.inspector-table{width:100%;border-collapse:collapse;margin-bottom:12px;}
+.inspector-table th,.inspector-table td{
+  text-align:left;padding:8px 12px;border-bottom:1px solid #0a3300;
+  font-size:.8125rem;
+}
+.inspector-table th{color:#1a8c00;font-weight:600;font-size:.75rem;text-transform:uppercase;letter-spacing:.04em;}
+.inspector-table td{color:#33ff00;}
+.inspector-table tbody tr{transition:background .1s;}
+.inspector-table tbody tr:hover{background:#0a3300;}
+.inspector-empty{color:#1a8c00;text-align:center;padding:20px 0;font-size:.8125rem;}
+
+.checkout-layout{
+  display:flex;min-height:calc(100vh - 42px);
+}
+.checkout-summary{
+  flex:1;background:#020;padding:48px 40px 48px 10%;
+  display:flex;flex-direction:column;justify-content:center;
+  border-right:1px solid #0a3300;
+}
+.checkout-form-side{
+  flex:1;background:#000;padding:48px 10% 48px 40px;
+  display:flex;flex-direction:column;justify-content:center;
+}
+.checkout-merchant{
+  display:flex;align-items:center;gap:10px;margin-bottom:6px;
+}
+.checkout-merchant-name{
+  font-family:'Geist Pixel',monospace;
+  font-size:.9375rem;font-weight:600;color:#33ff00;
+}
+.checkout-test-badge{
+  font-size:.625rem;font-weight:700;letter-spacing:.04em;text-transform:uppercase;
+  background:#0a3300;color:#1a8c00;padding:2px 8px;border-radius:4px;
+}
+.checkout-total{
+  font-family:'Geist Pixel',monospace;
+  font-size:2rem;font-weight:700;color:#33ff00;margin:8px 0 28px;
+}
+.checkout-line-item{
+  display:flex;align-items:center;gap:14px;padding:14px 0;
+  border-bottom:1px solid #0a3300;
+}
+.checkout-line-item:first-child{border-top:1px solid #0a3300;}
+.checkout-item-icon{
+  width:42px;height:42px;border-radius:6px;background:#0a3300;
+  display:flex;align-items:center;justify-content:center;flex-shrink:0;
+  font-family:'Geist Pixel',monospace;font-size:.875rem;font-weight:700;color:#116600;
+}
+.checkout-item-details{flex:1;min-width:0;}
+.checkout-item-name{font-size:.875rem;font-weight:600;color:#33ff00;}
+.checkout-item-qty{font-size:.75rem;color:#1a8c00;margin-top:2px;}
+.checkout-item-price{
+  font-size:.875rem;font-weight:600;color:#33ff00;text-align:right;white-space:nowrap;
+}
+.checkout-item-unit{font-size:.6875rem;color:#1a8c00;text-align:right;margin-top:2px;}
+.checkout-totals{margin-top:20px;}
+.checkout-totals-row{
+  display:flex;justify-content:space-between;padding:6px 0;
+  font-size:.8125rem;color:#1a8c00;
+}
+.checkout-totals-row.total{
+  border-top:1px solid #0a3300;margin-top:8px;padding-top:14px;
+  font-size:.9375rem;font-weight:600;color:#33ff00;
+}
+.checkout-form-section{margin-bottom:24px;}
+.checkout-form-label{
+  font-size:.8125rem;font-weight:600;color:#33ff00;margin-bottom:8px;display:block;
+}
+.checkout-input{
+  width:100%;padding:10px 12px;border:1px solid #0a3300;border-radius:6px;
+  background:#020;color:#33ff00;font:inherit;font-size:.875rem;
+  transition:border-color .15s;outline:none;
+}
+.checkout-input:focus{border-color:#33ff00;}
+.checkout-input::placeholder{color:#116600;}
+.checkout-card-box{
+  border:1px solid #0a3300;border-radius:6px;padding:14px;
+  background:#020;
+}
+.checkout-card-row{
+  display:flex;gap:12px;margin-top:10px;
+}
+.checkout-card-row .checkout-input{flex:1;}
+.checkout-sim-note{
+  font-size:.6875rem;color:#1a8c00;margin-top:10px;text-align:center;
+  font-style:italic;
+}
+.checkout-pay-btn{
+  width:100%;padding:14px;border:none;border-radius:8px;
+  background:#33ff00;color:#000;font:inherit;font-size:.9375rem;font-weight:700;
+  cursor:pointer;transition:background .15s;
+  font-family:'Geist Pixel',monospace;
+}
+.checkout-pay-btn:hover{background:#44ff22;}
+.checkout-cancel{
+  text-align:center;margin-top:14px;
+}
+.checkout-cancel a{
+  color:#1a8c00;text-decoration:none;font-size:.8125rem;
+  transition:color .15s;
+}
+.checkout-cancel a:hover{color:#33ff00;}
+@media(max-width:768px){
+  .checkout-layout{flex-direction:column;}
+  .checkout-summary{padding:32px 20px;border-right:none;border-bottom:1px solid #0a3300;}
+  .checkout-form-side{padding:32px 20px;}
+}
 `;
 var POWERED_BY = `<div class="powered-by">Powered by <a href="https://emulate.dev" target="_blank" rel="noopener">emulate</a></div>`;
 function emuBar(service) {
@@ -457,6 +587,7 @@ function head(title) {
 <head>
 <meta charset="utf-8"/>
 <meta name="viewport" content="width=device-width,initial-scale=1"/>
+<link rel="icon" href="/_emulate/favicon.ico"/>
 <title>${escapeHtml(title)} | emulate</title>
 <style>${CSS}</style>
 </head>`;
@@ -938,7 +1069,9 @@ function projectsRoutes({ app, store, baseUrl }) {
           key,
           value: typeof ev.value === "string" ? ev.value : String(ev.value ?? ""),
           type: ev.type === "system" || ev.type === "encrypted" || ev.type === "plain" || ev.type === "secret" || ev.type === "sensitive" ? ev.type : "encrypted",
-          target: Array.isArray(ev.target) ? ev.target.filter((t) => t === "production" || t === "preview" || t === "development") : ["production", "preview", "development"],
+          target: Array.isArray(ev.target) ? ev.target.filter(
+            (t) => t === "production" || t === "preview" || t === "development"
+          ) : ["production", "preview", "development"],
           gitBranch: typeof ev.gitBranch === "string" ? ev.gitBranch : null,
           customEnvironmentIds: Array.isArray(ev.customEnvironmentIds) ? ev.customEnvironmentIds : [],
           comment: typeof ev.comment === "string" ? ev.comment : null,
@@ -1927,11 +2060,17 @@ function parseEnvRow(body) {
   }
   const type = parseType(body.type);
   if (type === "invalid") {
-    return { row: {}, error: "Invalid value: type must be one of system, encrypted, plain, secret, sensitive" };
+    return {
+      row: {},
+      error: "Invalid value: type must be one of system, encrypted, plain, secret, sensitive"
+    };
   }
   const target = parseTarget(body.target);
   if (target === "invalid") {
-    return { row: {}, error: "Invalid value: target must be a non-empty array of production, preview, development" };
+    return {
+      row: {},
+      error: "Invalid value: target must be a non-empty array of production, preview, development"
+    };
   }
   const customEnvironmentIds = parseCustomEnvironmentIds(body.customEnvironmentIds);
   if (customEnvironmentIds === "invalid") {
@@ -2039,9 +2178,7 @@ function envRoutes({ app, store }) {
       }
       const { row } = parsed;
       const existingDb = findEnvByKeyAndTargetsOverlap(vs, project.uid, row.key, row.target);
-      const existingPending = pending.find(
-        (e) => e.key === row.key && targetsOverlap(e.target, row.target)
-      );
+      const existingPending = pending.find((e) => e.key === row.key && targetsOverlap(e.target, row.target));
       if (upsert) {
         const toUpdate = existingDb ?? existingPending;
         if (toUpdate) {
@@ -2140,14 +2277,24 @@ function envRoutes({ app, store }) {
     if ("type" in body) {
       const t = parseType(body.type);
       if (t === "invalid") {
-        return vercelErr5(c, 400, "bad_request", "Invalid value: type must be one of system, encrypted, plain, secret, sensitive");
+        return vercelErr5(
+          c,
+          400,
+          "bad_request",
+          "Invalid value: type must be one of system, encrypted, plain, secret, sensitive"
+        );
       }
       patch.type = t;
     }
     if ("target" in body) {
       const t = parseTarget(body.target);
       if (t === "invalid") {
-        return vercelErr5(c, 400, "bad_request", "Invalid value: target must be a non-empty array of production, preview, development");
+        return vercelErr5(
+          c,
+          400,
+          "bad_request",
+          "Invalid value: target must be a non-empty array of production, preview, development"
+        );
       }
       patch.target = t;
     }
@@ -2245,11 +2392,23 @@ function oauthRoutes({ app, store, tokenMap }) {
     if (integrationsConfigured) {
       const integration = vs.integrations.findOneBy("client_id", client_id);
       if (!integration) {
-        return c.html(renderErrorPage("Application not found", `The client_id '${client_id}' is not registered.`, SERVICE_LABEL), 400);
+        return c.html(
+          renderErrorPage("Application not found", `The client_id '${client_id}' is not registered.`, SERVICE_LABEL),
+          400
+        );
       }
       if (redirect_uri && !matchesRedirectUri(redirect_uri, integration.redirect_uris)) {
-        console.warn(`[OAuth] redirect_uri mismatch: got "${redirect_uri}", registered: ${JSON.stringify(integration.redirect_uris)}`);
-        return c.html(renderErrorPage("Redirect URI mismatch", "The redirect_uri is not registered for this application.", SERVICE_LABEL), 400);
+        console.warn(
+          `[OAuth] redirect_uri mismatch: got "${redirect_uri}", registered: ${JSON.stringify(integration.redirect_uris)}`
+        );
+        return c.html(
+          renderErrorPage(
+            "Redirect URI mismatch",
+            "The redirect_uri is not registered for this application.",
+            SERVICE_LABEL
+          ),
+          400
+        );
       }
       integrationName = integration.name;
     }
@@ -2297,7 +2456,10 @@ function oauthRoutes({ app, store, tokenMap }) {
       codeChallengeMethod: code_challenge_method || null,
       created_at: Date.now()
     });
-    debug("vercel.oauth", `[Vercel callback] generated code: ${code.slice(0, 8)}... for username=${username}, challenge=${code_challenge ? "present" : "none"}, pendingCodes size: ${pendingCodes.size}`);
+    debug(
+      "vercel.oauth",
+      `[Vercel callback] generated code: ${code.slice(0, 8)}... for username=${username}, challenge=${code_challenge ? "present" : "none"}, pendingCodes size: ${pendingCodes.size}`
+    );
     const url = new URL(redirect_uri);
     url.searchParams.set("code", code);
     if (state !== "") url.searchParams.set("state", state);
@@ -2309,7 +2471,10 @@ function oauthRoutes({ app, store, tokenMap }) {
     const pendingCodes = getPendingCodes(store);
     debug("vercel.oauth", `[Vercel token] Content-Type: ${contentType}`);
     debug("vercel.oauth", `[Vercel token] pendingCodes size: ${pendingCodes.size}`);
-    debug("vercel.oauth", `[Vercel token] pendingCodes keys: ${[...pendingCodes.keys()].map((k) => k.slice(0, 8) + "...").join(", ")}`);
+    debug(
+      "vercel.oauth",
+      `[Vercel token] pendingCodes keys: ${[...pendingCodes.keys()].map((k) => k.slice(0, 8) + "...").join(", ")}`
+    );
     const rawText = await c.req.text();
     debug("vercel.oauth", `[Vercel token] raw body: ${rawText.slice(0, 500)}`);
     let body;
@@ -2331,73 +2496,70 @@ function oauthRoutes({ app, store, tokenMap }) {
     debug("vercel.oauth", `[Vercel token] code: ${code.slice(0, 8)}... (len=${code.length})`);
     debug("vercel.oauth", `[Vercel token] client_id: ${bodyClientId}`);
     debug("vercel.oauth", `[Vercel token] client_secret: ${bodyClientSecret.slice(0, 4)}****`);
-    debug("vercel.oauth", `[Vercel token] code_verifier: ${code_verifier ? code_verifier.slice(0, 8) + "..." : "undefined"}`);
+    debug(
+      "vercel.oauth",
+      `[Vercel token] code_verifier: ${code_verifier ? code_verifier.slice(0, 8) + "..." : "undefined"}`
+    );
     const integrationsConfigured = vs.integrations.all().length > 0;
     if (integrationsConfigured) {
       const integration = vs.integrations.findOneBy("client_id", bodyClientId);
       if (!integration) {
         debug("vercel.oauth", `[Vercel token] REJECTED: client_id not found`);
-        return c.json({ error: "invalid_client", error_description: "The client_id and/or client_secret passed are incorrect." }, 401);
+        return c.json(
+          { error: "invalid_client", error_description: "The client_id and/or client_secret passed are incorrect." },
+          401
+        );
       }
       if (!constantTimeSecretEqual(bodyClientSecret, integration.client_secret)) {
         debug("vercel.oauth", `[Vercel token] REJECTED: client_secret mismatch`);
-        return c.json({ error: "invalid_client", error_description: "The client_id and/or client_secret passed are incorrect." }, 401);
+        return c.json(
+          { error: "invalid_client", error_description: "The client_id and/or client_secret passed are incorrect." },
+          401
+        );
       }
       debug("vercel.oauth", `[Vercel token] client credentials OK (${integration.name})`);
     }
     const pending = pendingCodes.get(code);
     if (!pending) {
       debug("vercel.oauth", `[Vercel token] REJECTED: code not found in pendingCodes`);
-      return c.json(
-        { error: "invalid_grant", error_description: "The code passed is incorrect or expired." },
-        400
-      );
+      return c.json({ error: "invalid_grant", error_description: "The code passed is incorrect or expired." }, 400);
     }
     if (isPendingCodeExpired(pending)) {
       debug("vercel.oauth", `[Vercel token] REJECTED: code expired`);
       pendingCodes.delete(code);
-      return c.json(
-        { error: "invalid_grant", error_description: "The code passed is incorrect or expired." },
-        400
-      );
+      return c.json({ error: "invalid_grant", error_description: "The code passed is incorrect or expired." }, 400);
     }
     debug("vercel.oauth", `[Vercel token] code valid, username=${pending.username}, scope=${pending.scope}`);
     if (redirect_uri && pending.redirectUri && redirect_uri !== pending.redirectUri) {
-      debug("vercel.oauth", `[Vercel token] REJECTED: redirect_uri mismatch (got "${redirect_uri}", expected "${pending.redirectUri}")`);
+      debug(
+        "vercel.oauth",
+        `[Vercel token] REJECTED: redirect_uri mismatch (got "${redirect_uri}", expected "${pending.redirectUri}")`
+      );
       pendingCodes.delete(code);
       return c.json(
-        { error: "invalid_grant", error_description: "The redirect_uri does not match the one used during authorization." },
+        {
+          error: "invalid_grant",
+          error_description: "The redirect_uri does not match the one used during authorization."
+        },
         400
       );
     }
     if (pending.codeChallenge != null) {
       if (code_verifier === void 0) {
-        return c.json(
-          { error: "invalid_grant", error_description: "PKCE verification failed." },
-          400
-        );
+        return c.json({ error: "invalid_grant", error_description: "PKCE verification failed." }, 400);
       }
       const method = (pending.codeChallengeMethod ?? "plain").toLowerCase();
       if (method === "s256") {
         const expected = createHash("sha256").update(code_verifier).digest("base64url");
         if (expected !== pending.codeChallenge) {
-          return c.json(
-            { error: "invalid_grant", error_description: "PKCE verification failed." },
-            400
-          );
+          return c.json({ error: "invalid_grant", error_description: "PKCE verification failed." }, 400);
         }
       } else if (method === "plain") {
         if (code_verifier !== pending.codeChallenge) {
-          return c.json(
-            { error: "invalid_grant", error_description: "PKCE verification failed." },
-            400
-          );
+          return c.json({ error: "invalid_grant", error_description: "PKCE verification failed." }, 400);
         }
       } else {
-        return c.json(
-          { error: "invalid_grant", error_description: "PKCE verification failed." },
-          400
-        );
+        return c.json({ error: "invalid_grant", error_description: "PKCE verification failed." }, 400);
       }
     }
     debug("vercel.oauth", `[Vercel token] PKCE OK (challenge=${pending.codeChallenge ? "present" : "none"})`);
@@ -2415,7 +2577,10 @@ function oauthRoutes({ app, store, tokenMap }) {
     if (tokenMap) {
       tokenMap.set(token, { login: user.username, id: user.id, scopes });
     }
-    debug("vercel.oauth", `[Vercel token] SUCCESS: issued token for ${user.username} (scopes: ${scopes.join(",") || "none"})`);
+    debug(
+      "vercel.oauth",
+      `[Vercel token] SUCCESS: issued token for ${user.username} (scopes: ${scopes.join(",") || "none"})`
+    );
     return c.json({
       access_token: token,
       token_type: "Bearer",