npm - @eve-horizon/cli - Versions diffs - 0.2.28 → 0.2.30 - Mend

@eve-horizon/cli 0.2.28 → 0.2.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +272 -46
package/package.json +8 -8

package/dist/index.js CHANGED Viewed

@@ -48721,6 +48721,7 @@ function resolveContext(flags, credentials) {
   const projectId = getStringFlag(flags, ["project"]) || process.env.EVE_PROJECT_ID || profile.project_id;
   const authKey = toAuthKey(apiUrl);
   const tokenEntry = credentials.tokens[authKey] || credentials.profiles?.[profileName];
+  const jobToken = process.env.EVE_JOB_TOKEN;
   return {
     apiUrl,
     orgId,
@@ -48728,9 +48729,9 @@ function resolveContext(flags, credentials) {
     profileName,
     profile,
     authKey,
-    token: tokenEntry?.access_token,
-    refreshToken: tokenEntry?.refresh_token,
-    expiresAt: tokenEntry?.expires_at,
+    token: jobToken || tokenEntry?.access_token,
+    refreshToken: jobToken ? void 0 : tokenEntry?.refresh_token,
+    expiresAt: jobToken ? void 0 : tokenEntry?.expires_at,
     profileSource
   };
 }
@@ -50288,7 +50289,7 @@ for cloud deployments. Credentials are stored globally per API URL.`,
     ]
   },
   admin: {
-    description: "Administrative commands for user and identity management.",
+    description: "Administrative commands for user, identity, and platform operations.",
     usage: "eve admin <subcommand> [options]",
     subcommands: {
       invite: {
@@ -50304,11 +50305,24 @@ for cloud deployments. Credentials are stored globally per API URL.`,
           "eve admin invite --email user@example.com --github octocat",
           "eve admin invite --email user@example.com --github octocat --role admin --org org_xxx"
         ]
+      },
+      "ingress-aliases": {
+        description: "Inspect and reclaim ingress alias claims (system admin)",
+        usage: "eve admin ingress-aliases <list|reclaim> [options]",
+        options: [
+          "list options: --alias <name> --project <id> --environment <id|null> --limit <n> --offset <n>",
+          'reclaim usage: eve admin ingress-aliases reclaim <alias> --reason "<text>"'
+        ],
+        examples: [
+          "eve admin ingress-aliases list --project proj_xxx",
+          'eve admin ingress-aliases reclaim eve-pm --reason "Reserved org rename"'
+        ]
       }
     },
     examples: [
       "eve admin invite --email user@example.com --github octocat",
-      "eve admin invite --email user@example.com --github octocat --org org_xxx"
+      "eve admin invite --email user@example.com --github octocat --org org_xxx",
+      "eve admin ingress-aliases list"
     ]
   },
   release: {
@@ -51321,7 +51335,7 @@ function showMainHelp() {
   console.log("  analytics  Org analytics (jobs, pipelines, env health)");
   console.log("  ollama     Manage inference targets, aliases, and model routes");
   console.log("  access     Access control: permissions, roles, bindings, policy-as-code sync");
-  console.log("  admin      User and identity management (invite)");
+  console.log("  admin      User and platform admin operations");
   console.log("  skills     Install skills from skills.txt (skills CLI)");
   console.log("  migrate    Migration helpers for upgrading config formats");
   console.log("  system     System health and status checks");
@@ -51403,6 +51417,7 @@ function showSubcommandHelp(command, subcommand) {
 // src/lib/client.ts
 async function requestJson(context2, path6, options = {}) {
   const response = await requestRaw(context2, path6, options);
+  const method = options.method ?? "GET";
   if (response.status === 401 && options.tokenOverride === void 0) {
     const refreshed = await attemptRefresh(context2);
     if (refreshed?.access_token) {
@@ -51414,14 +51429,16 @@ async function requestJson(context2, path6, options = {}) {
         tokenOverride: refreshed.access_token
       });
       if (!retry.ok && !options.allowError) {
-        const message = typeof retry.data === "string" ? retry.data : retry.text;
-        throw new Error(`HTTP ${retry.status}: ${message}`);
+        const message = formatErrorMessage(retry);
+        throw new Error(`HTTP ${retry.status}: ${method} ${path6}: ${message}`);
       }
       return retry.data;
     }
   }
   if (!response.ok && !options.allowError) {
-    const message = typeof response.data === "string" ? response.data : response.text;
+    const message = formatErrorMessage(response);
+    const requestTarget = `${method} ${path6}`;
+    const requestFailedContext = `while calling ${requestTarget}: ${message}`;
     if ((response.status === 404 || response.status === 500) && message.includes("Project not found")) {
       const projectIdMatch = message.match(/Project not found: (proj_[a-z0-9]+)/);
       const projectId = projectIdMatch?.[1] ?? "unknown";
@@ -51439,7 +51456,7 @@ To fix this, either:
 To list available projects: eve project list`
       );
     }
-    throw new Error(`HTTP ${response.status}: ${message}`);
+    throw new Error(`HTTP ${response.status}: ${requestFailedContext}`);
   }
   return response.data;
 }
@@ -51463,11 +51480,19 @@ async function requestRaw(context2, path6, options = {}) {
   if (token) {
     headers.Authorization = `Bearer ${token}`;
   }
-  const response = await fetch(`${context2.apiUrl}${path6}`, {
-    method: options.method ?? "GET",
-    headers,
-    body: options.body ? JSON.stringify(options.body) : void 0
-  });
+  const url = `${context2.apiUrl}${path6}`;
+  const method = options.method ?? "GET";
+  let response;
+  try {
+    response = await fetch(url, {
+      method: options.method ?? "GET",
+      headers,
+      body: options.body ? JSON.stringify(options.body) : void 0
+    });
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    throw new Error(`Request failed for ${method} ${url}: ${message}`);
+  }
   const text = await response.text();
   let data = null;
   if (text) {
@@ -51479,6 +51504,19 @@ async function requestRaw(context2, path6, options = {}) {
   }
   return { status: response.status, ok: response.ok, data, text };
 }
+function formatErrorMessage(response) {
+  if (typeof response.data === "string") {
+    return response.data;
+  }
+  if (response.data && typeof response.data === "object") {
+    const payload = response.data;
+    return [payload.message, payload.error, payload.detail, response.text].map((entry) => {
+      if (typeof entry === "string" && entry.trim()) return entry;
+      return "";
+    }).find((entry) => entry.length > 0) ?? response.text;
+  }
+  return response.text;
+}
 async function attemptRefresh(context2) {
   if (!context2.refreshToken) return void 0;
   if (!context2.profile.supabase_url || !context2.profile.supabase_anon_key) return void 0;
@@ -52116,7 +52154,12 @@ async function fetchProfileStatus(ctx, envFilter) {
     let services = [];
     try {
       const diagnose = await requestJson(ctx, `/projects/${ctx.projectId}/envs/${env.name}/diagnose`);
-      services = buildStatusServices(diagnose.pods, diagnose.namespace ?? env.namespace, domain);
+      services = buildStatusServices(
+        diagnose.pods,
+        diagnose.namespace ?? env.namespace,
+        domain,
+        env.ingress_aliases ?? []
+      );
     } catch {
     }
     environments.push({
@@ -52135,7 +52178,7 @@ async function fetchProfileStatus(ctx, envFilter) {
     environments
   };
 }
-function buildStatusServices(pods, namespace, domain) {
+function buildStatusServices(pods, namespace, domain, ingressAliases) {
   const services = /* @__PURE__ */ new Map();
   for (const pod of pods) {
     const component = pod.labels["eve.component"] || pod.labels["app.kubernetes.io/name"] || pod.labels["app"] || pod.labels["component"] || "unknown";
@@ -52149,12 +52192,14 @@ function buildStatusServices(pods, namespace, domain) {
     const allDone = info.phases.size > 0 && [...info.phases].every((p) => p === "Succeeded" || p === "Failed");
     const status = allDone ? "completed" : info.ready === info.total ? "ready" : "not-ready";
     const url = !allDone && namespace && domain ? buildServiceUrl(name, namespace, domain) : null;
+    const aliasUrls = !allDone && domain ? ingressAliases.filter((entry) => entry.service_name === name).map((entry) => buildAliasUrl(entry.alias, domain)).sort((a, b2) => a.localeCompare(b2)) : [];
     return {
       name,
       pods_ready: info.ready,
       pods_total: info.total,
       status,
-      url
+      url,
+      alias_urls: aliasUrls
     };
   });
 }
@@ -52173,6 +52218,10 @@ function buildServiceUrl(component, namespace, domain) {
   const secure = !domain.includes("lvh.me") && !domain.includes("localhost");
   return `${secure ? "https" : "http"}://${component}.${slug}.${domain}`;
 }
+function buildAliasUrl(alias, domain) {
+  const secure = !domain.includes("lvh.me") && !domain.includes("localhost");
+  return `${secure ? "https" : "http"}://${alias}.${domain}`;
+}
 function formatStatusOutput(results) {
   for (let i = 0; i < results.length; i++) {
     const r = results[i];
@@ -52211,10 +52260,25 @@ function formatStatusOutput(results) {
       const podsW = Math.max(...env.services.map((s) => `${s.pods_ready}/${s.pods_total}`.length));
       for (const svc of env.services) {
         const pods = `${svc.pods_ready}/${svc.pods_total}`;
-        const urlPart = svc.url ? `  ${svc.url}` : "";
+        const urls = [];
+        if (svc.url) {
+          urls.push(svc.url);
+        }
+        for (const aliasUrl of svc.alias_urls ?? []) {
+          if (!urls.includes(aliasUrl)) {
+            urls.push(aliasUrl);
+          }
+        }
+        const urlPart = urls.length > 0 ? `  ${urls[0]}` : "";
         console.log(
           `    ${padRight(svc.name, nameW)}  ${padRight(pods, podsW)}  ${padRight(svc.status, 9)}${urlPart}`
         );
+        if (urls.length > 1) {
+          const prefix = `    ${padRight("", nameW)}  ${padRight("", podsW)}  ${padRight("", 9)}`;
+          for (const aliasUrl of urls.slice(1)) {
+            console.log(`${prefix}  ${aliasUrl}`);
+          }
+        }
       }
     }
   }
@@ -56731,6 +56795,10 @@ var EnvironmentResponseSchema = external_exports.object({
   labels: EnvironmentLabelsSchema.nullable(),
   current_release_id: external_exports.string().nullable(),
   last_failed_release_id: external_exports.string().nullable(),
+  ingress_aliases: external_exports.array(external_exports.object({
+    alias: external_exports.string(),
+    service_name: external_exports.string()
+  })).optional(),
   status: EnvironmentStatusSchema,
   suspended_at: external_exports.string().nullable(),
   suspension_reason: external_exports.string().nullable(),
@@ -56741,6 +56809,9 @@ var EnvironmentListResponseSchema = external_exports.object({
   data: external_exports.array(EnvironmentResponseSchema),
   pagination: PaginationSchema
 });
+var DeleteEnvironmentRequestSchema = external_exports.object({
+  force: external_exports.boolean().optional()
+}).optional().default({});
 var EnvLogEntrySchema = external_exports.object({
   timestamp: external_exports.string(),
   line: external_exports.string(),
@@ -57795,7 +57866,8 @@ var SecretResolveResponseSchema = external_exports.object({
 });
 var SecretMissingItemSchema = external_exports.object({
   key: external_exports.string(),
-  hints: external_exports.array(external_exports.string())
+  hints: external_exports.array(external_exports.string()),
+  suggestion: external_exports.string().optional()
 });
 var SecretValidationResultSchema = external_exports.object({
   missing: external_exports.array(SecretMissingItemSchema)
@@ -58109,9 +58181,15 @@ var ManagedDbConfigSchema = external_exports.object({
   engine_version: external_exports.string().optional()
   // e.g., '16'
 });
+var IngressAliasPattern = /^[a-z][a-z0-9-]*[a-z0-9]$/;
+var IngressConfigSchema = external_exports.object({
+  public: external_exports.boolean().optional(),
+  port: external_exports.number().optional(),
+  alias: external_exports.string().min(3).max(63).regex(IngressAliasPattern).optional()
+}).passthrough();
 var ServiceXeveSchema = external_exports.object({
   role: external_exports.string().optional(),
-  ingress: external_exports.record(external_exports.unknown()).optional(),
+  ingress: IngressConfigSchema.optional(),
   api_spec: ApiSpecSchema.optional(),
   api_specs: external_exports.array(ApiSpecSchema).optional(),
   external: external_exports.boolean().optional(),
@@ -59529,7 +59607,7 @@ var ManagedModelRegistrySchema = external_exports.record(ManagedModelConfigSchem
 var InferenceScopeKindSchema = external_exports.enum(["platform", "org", "project"]);
 var InferenceTargetTypeSchema = external_exports.enum(["ollama_pool", "external_ollama", "openai_compat"]);
 var InferenceTransportProfileSchema = external_exports.enum(["ollama_api", "openai_compat"]);
-var InferenceTargetStatusSchema = external_exports.enum(["unknown", "healthy", "unhealthy", "draining", "disabled"]);
+var InferenceTargetStatusSchema = external_exports.enum(["unknown", "healthy", "unhealthy", "waking", "draining", "disabled"]);
 var InferenceTargetSchema = external_exports.object({
   id: external_exports.string(),
   scope_kind: InferenceScopeKindSchema,
@@ -61682,6 +61760,8 @@ var HARNESS_ENV_MAP = deriveHarnessEnvMap();
 // ../shared/dist/permissions.js
 var ALL_PERMISSIONS = [
+  // Inference
+  "inference:write",
   // Jobs
   "jobs:read",
   "jobs:write",
@@ -67266,7 +67346,8 @@ async function handleDelete(positionals, flags, context2, json) {
       context2,
       `/projects/${projectId}/envs/${envName}`,
       {
-        method: "DELETE"
+        method: "DELETE",
+        ...force ? { body: { force: true } } : {}
       }
     );
     if (json) {
@@ -67479,6 +67560,12 @@ function formatEnvironmentDetails(env, health) {
   console.log(`  Database Ref:    ${env.db_ref || "(none)"}`);
   console.log(`  Current Release: ${env.current_release_id || "(none)"}`);
   console.log(`  Last Failed:     ${env.last_failed_release_id || "(none)"}`);
+  if (env.ingress_aliases && env.ingress_aliases.length > 0) {
+    console.log("  Ingress Aliases:");
+    for (const entry of env.ingress_aliases) {
+      console.log(`    ${entry.alias} -> ${entry.service_name}`);
+    }
+  }
   if (health) {
     console.log("");
     console.log(`  Deployment Status: ${health.status}`);
@@ -71404,6 +71491,7 @@ async function applyMigrations(options) {
     `;
     const appliedMap = new Map(appliedRows.map((row) => [row.name, row.checksum]));
     const results = [];
+    const isBaseline = appliedMap.size === 0;
     for (const migration of migrations) {
       const checksum = (0, import_crypto6.createHash)("sha256").update(migration.sql).digest("hex");
       const existingChecksum = appliedMap.get(migration.name);
@@ -71420,10 +71508,25 @@ Current checksum:  ${checksum}`);
         });
         continue;
       }
-      await db.begin(async (tx) => {
-        await tx.unsafe(migration.sql);
-        await tx.unsafe("INSERT INTO schema_migrations (name, checksum) VALUES ($1, $2)", [migration.name, checksum]);
-      });
+      try {
+        await db.begin(async (tx) => {
+          await tx.unsafe(migration.sql);
+          await tx.unsafe("INSERT INTO schema_migrations (name, checksum) VALUES ($1, $2)", [migration.name, checksum]);
+        });
+      } catch (error) {
+        const msg = error instanceof Error ? error.message : String(error);
+        const isAlreadyExists = /already exists/i.test(msg);
+        if (isBaseline && isAlreadyExists) {
+          console.log(`  \u2192 ${migration.name} (baselined \u2014 schema already present)`);
+          await db`
+            INSERT INTO schema_migrations (name, checksum)
+            VALUES (${migration.name}, ${checksum})
+          `;
+          results.push({ filename: migration.name, applied: true, checksum });
+          continue;
+        }
+        throw error;
+      }
       results.push({
         filename: migration.name,
         applied: true,
@@ -73035,6 +73138,61 @@ ${response.length} record(s)`);
           throw new Error("Usage: eve admin usage <list|summary> --org <orgId> [--since] [--until] [--limit] [--json]");
       }
     }
+    case "ingress-aliases": {
+      const action = positionals[0] ?? "list";
+      switch (action) {
+        case "list": {
+          const params = new URLSearchParams();
+          const alias = getStringFlag(flags, ["alias"]);
+          const projectId = getStringFlag(flags, ["project", "project_id"]);
+          const environmentId = getStringFlag(flags, ["environment", "env", "environment_id"]);
+          const limit = getStringFlag(flags, ["limit"]);
+          const offset = getStringFlag(flags, ["offset"]);
+          if (alias) params.set("alias", alias);
+          if (projectId) params.set("project_id", projectId);
+          if (environmentId) params.set("environment_id", environmentId);
+          if (limit) params.set("limit", limit);
+          if (offset) params.set("offset", offset);
+          const query = params.toString();
+          const path6 = `/admin/ingress-aliases${query ? `?${query}` : ""}`;
+          const response = await requestJson(context2, path6);
+          if (json) {
+            outputJson(response, true);
+            return;
+          }
+          const rows = Array.isArray(response.data) ? response.data : [];
+          if (rows.length === 0) {
+            console.log("No ingress aliases found.");
+            return;
+          }
+          for (const row of rows) {
+            console.log(`${row.alias}  project=${row.project_id}  env=${row.environment_id ?? "(reserved)"}  service=${row.service_name}`);
+          }
+          console.log(`
+${rows.length} alias(es)`);
+          return;
+        }
+        case "reclaim": {
+          const alias = positionals[1] ?? getStringFlag(flags, ["alias"]);
+          const reason = getStringFlag(flags, ["reason"]);
+          if (!alias || !reason) {
+            throw new Error('Usage: eve admin ingress-aliases reclaim <alias> --reason "<text>"');
+          }
+          const response = await requestJson(context2, `/admin/ingress-aliases/${encodeURIComponent(alias)}/reclaim`, {
+            method: "POST",
+            body: { reason }
+          });
+          outputJson(
+            response,
+            json,
+            `+ Reclaimed ${response.alias} (project=${response.project_id}, env=${response.environment_id ?? "(reserved)"})`
+          );
+          return;
+        }
+        default:
+          throw new Error("Usage: eve admin ingress-aliases <list|reclaim> [options]");
+      }
+    }
     case "access-requests": {
       const action = positionals[0];
       switch (action) {
@@ -73097,7 +73255,7 @@ ${response.length} record(s)`);
       }
     }
     default:
-      throw new Error("Usage: eve admin <invite|pricing|receipts|balance|usage|access-requests>");
+      throw new Error("Usage: eve admin <invite|pricing|receipts|balance|usage|ingress-aliases|access-requests>");
   }
 }
 function formatBalanceSummary(data) {
@@ -78003,7 +78161,36 @@ async function handleOllama(subcommand, positionals, flags, context2) {
         if (!json) console.log("Target test completed");
         return;
       }
-      throw new Error("Usage: eve ollama target <add|rm|test> ...");
+      if (action === "wake") {
+        const targetId = positionals[1];
+        if (!targetId) throw new Error("Usage: eve ollama target wake <target-id> [--wait=true] [--timeout-ms <ms>]");
+        const query = new URLSearchParams();
+        const wait = asString(flags, "wait");
+        const timeoutMs = asString(flags, "timeout-ms");
+        if (wait === "true" || wait === "1") query.set("wait", "true");
+        if (timeoutMs) query.set("timeout_ms", timeoutMs);
+        const suffix = query.toString() ? `?${query.toString()}` : "";
+        const result = await requestJson(context2, `/inference/targets/${targetId}/wake${suffix}`, {
+          method: "POST"
+        });
+        outputJson(result, json);
+        if (!json) {
+          const nextState = result.ready ? "ready" : result.state;
+          console.log(`Wake request state: ${result.state}`);
+          console.log(`Target: ${result.target_id}`);
+          if (result.waited_ms !== void 0) {
+            console.log(`Waited: ${result.waited_ms}ms`);
+          } else {
+            console.log(`Retry after: ${result.retry_after_seconds}s`);
+          }
+          console.log(`Message: ${result.message}`);
+          if (result.ready) {
+            console.log(`Wake result: ${nextState}`);
+          }
+        }
+        return;
+      }
+      throw new Error("Usage: eve ollama target <add|rm|test|wake> ...");
     }
     case "models": {
       const models = await requestJson(context2, "/inference/models");
@@ -78552,6 +78739,10 @@ var KUBECTL_STABLE_URL = "https://dl.k8s.io/release/stable.txt";
 var LOCAL_STACK_ROOT = (0, import_node_path18.resolve)(__dirname, "..", "assets", "local-k8s");
 var LOCAL_STACK_OVERLAY = (0, import_node_path18.join)(LOCAL_STACK_ROOT, "overlays", "local");
 var LOCAL_STACK_BASE = (0, import_node_path18.join)(LOCAL_STACK_ROOT, "base");
+var DEFAULT_PLATFORM_NAMESPACE = "eve-horizon";
+var CONFIGURED_REGISTRY = process.env.ECR_REGISTRY?.trim();
+var CONFIGURED_NAMESPACE = process.env.ECR_NAMESPACE?.trim() || DEFAULT_PLATFORM_NAMESPACE;
+var PLATFORM_IMAGE_REGISTRY = buildPlatformImageRegistry();
 var SERVICE_DEFINITIONS = [
   { id: "api", workload: "eve-api", kind: "deployment" },
   { id: "orchestrator", workload: "eve-orchestrator", kind: "deployment" },
@@ -78562,14 +78753,7 @@ var SERVICE_DEFINITIONS = [
   { id: "mailpit", workload: "mailpit", kind: "deployment" },
   { id: "sso", workload: "eve-sso", kind: "deployment" }
 ];
-var PLATFORM_IMAGES = [
-  { component: "api", remote: "ghcr.io/eve-horizon/api", local: "eve-horizon/api:local" },
-  { component: "orchestrator", remote: "ghcr.io/eve-horizon/orchestrator", local: "eve-horizon/orchestrator:local" },
-  { component: "worker", remote: "ghcr.io/eve-horizon/worker", local: "eve-horizon/worker:local" },
-  { component: "gateway", remote: "ghcr.io/eve-horizon/gateway", local: "eve-horizon/gateway:local" },
-  { component: "agent-runtime", remote: "ghcr.io/eve-horizon/agent-runtime", local: "eve-horizon/agent-runtime:local" },
-  { component: "sso", remote: "ghcr.io/eve-horizon/sso", local: "eve-horizon/sso:local" }
-];
+var PLATFORM_IMAGES = buildPlatformImages();
 var LOG_TARGETS = {
   api: { resource: "eve-api", kind: "deployment" },
   orchestrator: { resource: "eve-orchestrator", kind: "deployment" },
@@ -78624,9 +78808,21 @@ async function handleUp(flags, json) {
   await ensureClusterReady(runtimeOptions);
   let deployedVersion = null;
   if (!skipDeploy) {
+    const kubectl = requireToolPath("kubectl", "Run 'eve local up' again to auto-install managed tools.");
+    const marker = readManagerMarker(kubectl);
+    if (marker && marker !== "cli") {
+      throw new Error(
+        `This local stack is managed by './bin/eh k8s deploy' (marker: ${marker}).
+'eve local up' would overwrite source-built images with released registry images.
+To switch to CLI management: eve local reset --force
+To continue with repo scripts: ./bin/eh k8s deploy`
+      );
+    }
     deployedVersion = await resolveRequestedVersion(requestedVersion, runtimeOptions);
     await importPlatformImages(deployedVersion, runtimeOptions);
     applyLocalManifests(runtimeOptions);
+    writeManagerMarker(kubectl, runtimeOptions);
     waitForStatefulSetRollout("postgres", Math.max(timeoutSeconds, 180), runtimeOptions);
     runDbMigration(Math.max(timeoutSeconds, 180), runtimeOptions);
     generateAuthSecrets(runtimeOptions);
@@ -79114,22 +79310,21 @@ async function resolveLatestPlatformVersion() {
   const candidates = Array.from(intersection);
   if (candidates.length === 0) {
     throw new Error(
-      "Unable to resolve a common platform version from GHCR tags. Re-run with --version <x.y.z>."
+      "Unable to resolve a common platform version from configured registry tags. Re-run with --version <x.y.z>."
     );
   }
   candidates.sort(compareSemverDesc);
   return candidates[0];
 }
 async function fetchRegistryTags(imageRef) {
-  const repository = imageRef.replace(/^ghcr\.io\//, "");
-  const tokenPayload = await fetchText(`https://ghcr.io/token?scope=repository:${repository}:pull`);
-  const token = JSON.parse(tokenPayload).token;
-  if (!token) {
-    throw new Error(`Unable to fetch GHCR token for ${imageRef}.`);
+  const slashIndex = imageRef.indexOf("/");
+  if (slashIndex < 0) {
+    throw new Error(`Invalid image reference '${imageRef}'.`);
   }
+  const registry = imageRef.slice(0, slashIndex);
+  const repository = imageRef.slice(slashIndex + 1);
   const tagsPayload = await fetchText(
-    `https://ghcr.io/v2/${repository}/tags/list?n=200`,
-    { Authorization: `Bearer ${token}` }
+    `https://${registry}/v2/${repository}/tags/list?n=200`
   );
   return JSON.parse(tagsPayload).tags ?? [];
 }
@@ -79165,7 +79360,7 @@ async function importPlatformImages(version2, runtimeOptions) {
     const pull = pullImageWithRetry(docker, remoteTag, stdio, runtimeOptions);
     if (pull.status !== 0) {
       throw new Error(
-        `Failed to pull ${remoteTag}. Ensure GHCR image visibility is public and the version exists. Try: eve local up --version <x.y.z>`
+        `Failed to pull ${remoteTag}. Ensure image availability/access at ${image.remote} and the version exists. Try: eve local up --version <x.y.z>`
       );
     }
     run(docker, ["tag", remoteTag, image.local], { stdio });
@@ -79214,6 +79409,37 @@ function applyLocalManifests(runtimeOptions) {
     { stdio: runtimeOptions.verbose && !runtimeOptions.quiet ? "inherit" : "pipe" }
   );
 }
+function buildPlatformImageRegistry() {
+  if (CONFIGURED_REGISTRY) {
+    return `${CONFIGURED_REGISTRY}/${CONFIGURED_NAMESPACE}`;
+  }
+  return `public.ecr.aws/w7c4v0w3/${DEFAULT_PLATFORM_NAMESPACE}`;
+}
+function buildPlatformImages() {
+  return [
+    { component: "api", remote: `${PLATFORM_IMAGE_REGISTRY}/api`, local: "eve-horizon/api:local" },
+    { component: "orchestrator", remote: `${PLATFORM_IMAGE_REGISTRY}/orchestrator`, local: "eve-horizon/orchestrator:local" },
+    { component: "worker", remote: `${PLATFORM_IMAGE_REGISTRY}/worker`, local: "eve-horizon/worker:local" },
+    { component: "gateway", remote: `${PLATFORM_IMAGE_REGISTRY}/gateway`, local: "eve-horizon/gateway:local" },
+    { component: "agent-runtime", remote: `${PLATFORM_IMAGE_REGISTRY}/agent-runtime`, local: "eve-horizon/agent-runtime:local" },
+    { component: "sso", remote: `${PLATFORM_IMAGE_REGISTRY}/sso`, local: "eve-horizon/sso:local" }
+  ];
+}
+function readManagerMarker(kubectl) {
+  const result = run(
+    kubectl,
+    ["--context", DEFAULT_KUBE_CONTEXT, "get", "namespace", "eve", "-o", "jsonpath={.metadata.annotations.eve-managed-by}"],
+    { stdio: "pipe", allowFailure: true }
+  );
+  return result.status === 0 ? result.stdout.trim() : "";
+}
+function writeManagerMarker(kubectl, runtimeOptions) {
+  run(
+    kubectl,
+    ["--context", DEFAULT_KUBE_CONTEXT, "annotate", "namespace", "eve", "eve-managed-by=cli", "--overwrite"],
+    { stdio: runtimeOptions.verbose && !runtimeOptions.quiet ? "inherit" : "pipe", allowFailure: true }
+  );
+}
 function runDbMigration(timeoutSeconds, runtimeOptions) {
   const kubectl = requireToolPath("kubectl", "Run 'eve local up' again to auto-install managed tools.");
   const migrateJobPath = (0, import_node_path18.join)(LOCAL_STACK_BASE, "db-migrate-job.yaml");

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@eve-horizon/cli",
-  "version": "0.2.28",
+  "version": "0.2.30",
   "description": "Eve Horizon CLI",
   "license": "MIT",
   "repository": {
@@ -18,9 +18,6 @@
     "assets",
     "README.md"
   ],
-  "scripts": {
-    "build": "rm -rf dist && esbuild src/index.ts --bundle --platform=node --target=node22 --outfile=dist/index.js --format=cjs --external:yaml"
-  },
   "publishConfig": {
     "access": "public"
   },
@@ -31,11 +28,14 @@
     "yaml": "^2.5.1"
   },
   "devDependencies": {
-    "@eve/migrate": "workspace:*",
-    "@eve/shared": "workspace:*",
     "@types/node": "^22.0.0",
     "esbuild": "^0.27.3",
     "postgres": "^3.4.0",
-    "typescript": "^5.7.0"
+    "typescript": "^5.7.0",
+    "@eve/shared": "0.0.1",
+    "@eve/migrate": "0.0.1"
+  },
+  "scripts": {
+    "build": "rm -rf dist && esbuild src/index.ts --bundle --platform=node --target=node22 --outfile=dist/index.js --format=cjs --external:yaml"
   }
-}
+}