@eve-horizon/cli 0.2.29 → 0.2.30

package/dist/index.js

@@ -48721,6 +48721,7 @@ function resolveContext(flags, credentials) {
   const projectId = getStringFlag(flags, ["project"]) || process.env.EVE_PROJECT_ID || profile.project_id;
   const authKey = toAuthKey(apiUrl);
   const tokenEntry = credentials.tokens[authKey] || credentials.profiles?.[profileName];
+  const jobToken = process.env.EVE_JOB_TOKEN;
   return {
     apiUrl,
     orgId,
@@ -48728,9 +48729,9 @@ function resolveContext(flags, credentials) {
     profileName,
     profile,
     authKey,
-    token: tokenEntry?.access_token,
-    refreshToken: tokenEntry?.refresh_token,
-    expiresAt: tokenEntry?.expires_at,
+    token: jobToken || tokenEntry?.access_token,
+    refreshToken: jobToken ? void 0 : tokenEntry?.refresh_token,
+    expiresAt: jobToken ? void 0 : tokenEntry?.expires_at,
     profileSource
   };
 }
@@ -51416,6 +51417,7 @@ function showSubcommandHelp(command, subcommand) {
 // src/lib/client.ts
 async function requestJson(context2, path6, options = {}) {
   const response = await requestRaw(context2, path6, options);
+  const method = options.method ?? "GET";
   if (response.status === 401 && options.tokenOverride === void 0) {
     const refreshed = await attemptRefresh(context2);
     if (refreshed?.access_token) {
@@ -51427,14 +51429,16 @@ async function requestJson(context2, path6, options = {}) {
         tokenOverride: refreshed.access_token
       });
       if (!retry.ok && !options.allowError) {
-        const message = typeof retry.data === "string" ? retry.data : retry.text;
-        throw new Error(`HTTP ${retry.status}: ${message}`);
+        const message = formatErrorMessage(retry);
+        throw new Error(`HTTP ${retry.status}: ${method} ${path6}: ${message}`);
       }
       return retry.data;
     }
   }
   if (!response.ok && !options.allowError) {
-    const message = typeof response.data === "string" ? response.data : response.text;
+    const message = formatErrorMessage(response);
+    const requestTarget = `${method} ${path6}`;
+    const requestFailedContext = `while calling ${requestTarget}: ${message}`;
     if ((response.status === 404 || response.status === 500) && message.includes("Project not found")) {
       const projectIdMatch = message.match(/Project not found: (proj_[a-z0-9]+)/);
       const projectId = projectIdMatch?.[1] ?? "unknown";
@@ -51452,7 +51456,7 @@ To fix this, either:
 To list available projects: eve project list`
       );
     }
-    throw new Error(`HTTP ${response.status}: ${message}`);
+    throw new Error(`HTTP ${response.status}: ${requestFailedContext}`);
   }
   return response.data;
 }
@@ -51476,11 +51480,19 @@ async function requestRaw(context2, path6, options = {}) {
   if (token) {
     headers.Authorization = `Bearer ${token}`;
   }
-  const response = await fetch(`${context2.apiUrl}${path6}`, {
-    method: options.method ?? "GET",
-    headers,
-    body: options.body ? JSON.stringify(options.body) : void 0
-  });
+  const url = `${context2.apiUrl}${path6}`;
+  const method = options.method ?? "GET";
+  let response;
+  try {
+    response = await fetch(url, {
+      method: options.method ?? "GET",
+      headers,
+      body: options.body ? JSON.stringify(options.body) : void 0
+    });
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    throw new Error(`Request failed for ${method} ${url}: ${message}`);
+  }
   const text = await response.text();
   let data = null;
   if (text) {
@@ -51492,6 +51504,19 @@ async function requestRaw(context2, path6, options = {}) {
   }
   return { status: response.status, ok: response.ok, data, text };
 }
+function formatErrorMessage(response) {
+  if (typeof response.data === "string") {
+    return response.data;
+  }
+  if (response.data && typeof response.data === "object") {
+    const payload = response.data;
+    return [payload.message, payload.error, payload.detail, response.text].map((entry) => {
+      if (typeof entry === "string" && entry.trim()) return entry;
+      return "";
+    }).find((entry) => entry.length > 0) ?? response.text;
+  }
+  return response.text;
+}
 async function attemptRefresh(context2) {
   if (!context2.refreshToken) return void 0;
   if (!context2.profile.supabase_url || !context2.profile.supabase_anon_key) return void 0;
@@ -56784,6 +56809,9 @@ var EnvironmentListResponseSchema = external_exports.object({
   data: external_exports.array(EnvironmentResponseSchema),
   pagination: PaginationSchema
 });
+var DeleteEnvironmentRequestSchema = external_exports.object({
+  force: external_exports.boolean().optional()
+}).optional().default({});
 var EnvLogEntrySchema = external_exports.object({
   timestamp: external_exports.string(),
   line: external_exports.string(),
@@ -57838,7 +57866,8 @@ var SecretResolveResponseSchema = external_exports.object({
 });
 var SecretMissingItemSchema = external_exports.object({
   key: external_exports.string(),
-  hints: external_exports.array(external_exports.string())
+  hints: external_exports.array(external_exports.string()),
+  suggestion: external_exports.string().optional()
 });
 var SecretValidationResultSchema = external_exports.object({
   missing: external_exports.array(SecretMissingItemSchema)
@@ -59578,7 +59607,7 @@ var ManagedModelRegistrySchema = external_exports.record(ManagedModelConfigSchem
 var InferenceScopeKindSchema = external_exports.enum(["platform", "org", "project"]);
 var InferenceTargetTypeSchema = external_exports.enum(["ollama_pool", "external_ollama", "openai_compat"]);
 var InferenceTransportProfileSchema = external_exports.enum(["ollama_api", "openai_compat"]);
-var InferenceTargetStatusSchema = external_exports.enum(["unknown", "healthy", "unhealthy", "draining", "disabled"]);
+var InferenceTargetStatusSchema = external_exports.enum(["unknown", "healthy", "unhealthy", "waking", "draining", "disabled"]);
 var InferenceTargetSchema = external_exports.object({
   id: external_exports.string(),
   scope_kind: InferenceScopeKindSchema,
@@ -61731,6 +61760,8 @@ var HARNESS_ENV_MAP = deriveHarnessEnvMap();
 
 // ../shared/dist/permissions.js
 var ALL_PERMISSIONS = [
+  // Inference
+  "inference:write",
   // Jobs
   "jobs:read",
   "jobs:write",
@@ -67315,7 +67346,8 @@ async function handleDelete(positionals, flags, context2, json) {
       context2,
       `/projects/${projectId}/envs/${envName}`,
       {
-        method: "DELETE"
+        method: "DELETE",
+        ...force ? { body: { force: true } } : {}
       }
     );
     if (json) {
@@ -71459,6 +71491,7 @@ async function applyMigrations(options) {
     `;
     const appliedMap = new Map(appliedRows.map((row) => [row.name, row.checksum]));
     const results = [];
+    const isBaseline = appliedMap.size === 0;
     for (const migration of migrations) {
       const checksum = (0, import_crypto6.createHash)("sha256").update(migration.sql).digest("hex");
       const existingChecksum = appliedMap.get(migration.name);
@@ -71475,10 +71508,25 @@ Current checksum:  ${checksum}`);
         });
         continue;
       }
-      await db.begin(async (tx) => {
-        await tx.unsafe(migration.sql);
-        await tx.unsafe("INSERT INTO schema_migrations (name, checksum) VALUES ($1, $2)", [migration.name, checksum]);
-      });
+      try {
+        await db.begin(async (tx) => {
+          await tx.unsafe(migration.sql);
+          await tx.unsafe("INSERT INTO schema_migrations (name, checksum) VALUES ($1, $2)", [migration.name, checksum]);
+        });
+      } catch (error) {
+        const msg = error instanceof Error ? error.message : String(error);
+        const isAlreadyExists = /already exists/i.test(msg);
+        if (isBaseline && isAlreadyExists) {
+          console.log(`  \u2192 ${migration.name} (baselined \u2014 schema already present)`);
+          await db`
+            INSERT INTO schema_migrations (name, checksum)
+            VALUES (${migration.name}, ${checksum})
+          `;
+          results.push({ filename: migration.name, applied: true, checksum });
+          continue;
+        }
+        throw error;
+      }
       results.push({
         filename: migration.name,
         applied: true,
@@ -78113,7 +78161,36 @@ async function handleOllama(subcommand, positionals, flags, context2) {
         if (!json) console.log("Target test completed");
         return;
       }
-      throw new Error("Usage: eve ollama target <add|rm|test> ...");
+      if (action === "wake") {
+        const targetId = positionals[1];
+        if (!targetId) throw new Error("Usage: eve ollama target wake <target-id> [--wait=true] [--timeout-ms <ms>]");
+        const query = new URLSearchParams();
+        const wait = asString(flags, "wait");
+        const timeoutMs = asString(flags, "timeout-ms");
+        if (wait === "true" || wait === "1") query.set("wait", "true");
+        if (timeoutMs) query.set("timeout_ms", timeoutMs);
+        const suffix = query.toString() ? `?${query.toString()}` : "";
+        const result = await requestJson(context2, `/inference/targets/${targetId}/wake${suffix}`, {
+          method: "POST"
+        });
+        outputJson(result, json);
+        if (!json) {
+          const nextState = result.ready ? "ready" : result.state;
+          console.log(`Wake request state: ${result.state}`);
+          console.log(`Target: ${result.target_id}`);
+          if (result.waited_ms !== void 0) {
+            console.log(`Waited: ${result.waited_ms}ms`);
+          } else {
+            console.log(`Retry after: ${result.retry_after_seconds}s`);
+          }
+          console.log(`Message: ${result.message}`);
+          if (result.ready) {
+            console.log(`Wake result: ${nextState}`);
+          }
+        }
+        return;
+      }
+      throw new Error("Usage: eve ollama target <add|rm|test|wake> ...");
     }
     case "models": {
       const models = await requestJson(context2, "/inference/models");
@@ -78662,6 +78739,10 @@ var KUBECTL_STABLE_URL = "https://dl.k8s.io/release/stable.txt";
 var LOCAL_STACK_ROOT = (0, import_node_path18.resolve)(__dirname, "..", "assets", "local-k8s");
 var LOCAL_STACK_OVERLAY = (0, import_node_path18.join)(LOCAL_STACK_ROOT, "overlays", "local");
 var LOCAL_STACK_BASE = (0, import_node_path18.join)(LOCAL_STACK_ROOT, "base");
+var DEFAULT_PLATFORM_NAMESPACE = "eve-horizon";
+var CONFIGURED_REGISTRY = process.env.ECR_REGISTRY?.trim();
+var CONFIGURED_NAMESPACE = process.env.ECR_NAMESPACE?.trim() || DEFAULT_PLATFORM_NAMESPACE;
+var PLATFORM_IMAGE_REGISTRY = buildPlatformImageRegistry();
 var SERVICE_DEFINITIONS = [
   { id: "api", workload: "eve-api", kind: "deployment" },
   { id: "orchestrator", workload: "eve-orchestrator", kind: "deployment" },
@@ -78672,14 +78753,7 @@ var SERVICE_DEFINITIONS = [
   { id: "mailpit", workload: "mailpit", kind: "deployment" },
   { id: "sso", workload: "eve-sso", kind: "deployment" }
 ];
-var PLATFORM_IMAGES = [
-  { component: "api", remote: "ghcr.io/eve-horizon/api", local: "eve-horizon/api:local" },
-  { component: "orchestrator", remote: "ghcr.io/eve-horizon/orchestrator", local: "eve-horizon/orchestrator:local" },
-  { component: "worker", remote: "ghcr.io/eve-horizon/worker", local: "eve-horizon/worker:local" },
-  { component: "gateway", remote: "ghcr.io/eve-horizon/gateway", local: "eve-horizon/gateway:local" },
-  { component: "agent-runtime", remote: "ghcr.io/eve-horizon/agent-runtime", local: "eve-horizon/agent-runtime:local" },
-  { component: "sso", remote: "ghcr.io/eve-horizon/sso", local: "eve-horizon/sso:local" }
-];
+var PLATFORM_IMAGES = buildPlatformImages();
 var LOG_TARGETS = {
   api: { resource: "eve-api", kind: "deployment" },
   orchestrator: { resource: "eve-orchestrator", kind: "deployment" },
@@ -78734,9 +78808,21 @@ async function handleUp(flags, json) {
   await ensureClusterReady(runtimeOptions);
   let deployedVersion = null;
   if (!skipDeploy) {
+    const kubectl = requireToolPath("kubectl", "Run 'eve local up' again to auto-install managed tools.");
+    const marker = readManagerMarker(kubectl);
+    if (marker && marker !== "cli") {
+      throw new Error(
+        `This local stack is managed by './bin/eh k8s deploy' (marker: ${marker}).
+'eve local up' would overwrite source-built images with released registry images.
+
+To switch to CLI management: eve local reset --force
+To continue with repo scripts: ./bin/eh k8s deploy`
+      );
+    }
     deployedVersion = await resolveRequestedVersion(requestedVersion, runtimeOptions);
     await importPlatformImages(deployedVersion, runtimeOptions);
     applyLocalManifests(runtimeOptions);
+    writeManagerMarker(kubectl, runtimeOptions);
     waitForStatefulSetRollout("postgres", Math.max(timeoutSeconds, 180), runtimeOptions);
     runDbMigration(Math.max(timeoutSeconds, 180), runtimeOptions);
     generateAuthSecrets(runtimeOptions);
@@ -79224,22 +79310,21 @@ async function resolveLatestPlatformVersion() {
   const candidates = Array.from(intersection);
   if (candidates.length === 0) {
     throw new Error(
-      "Unable to resolve a common platform version from GHCR tags. Re-run with --version <x.y.z>."
+      "Unable to resolve a common platform version from configured registry tags. Re-run with --version <x.y.z>."
     );
   }
   candidates.sort(compareSemverDesc);
   return candidates[0];
 }
 async function fetchRegistryTags(imageRef) {
-  const repository = imageRef.replace(/^ghcr\.io\//, "");
-  const tokenPayload = await fetchText(`https://ghcr.io/token?scope=repository:${repository}:pull`);
-  const token = JSON.parse(tokenPayload).token;
-  if (!token) {
-    throw new Error(`Unable to fetch GHCR token for ${imageRef}.`);
+  const slashIndex = imageRef.indexOf("/");
+  if (slashIndex < 0) {
+    throw new Error(`Invalid image reference '${imageRef}'.`);
   }
+  const registry = imageRef.slice(0, slashIndex);
+  const repository = imageRef.slice(slashIndex + 1);
   const tagsPayload = await fetchText(
-    `https://ghcr.io/v2/${repository}/tags/list?n=200`,
-    { Authorization: `Bearer ${token}` }
+    `https://${registry}/v2/${repository}/tags/list?n=200`
   );
   return JSON.parse(tagsPayload).tags ?? [];
 }
@@ -79275,7 +79360,7 @@ async function importPlatformImages(version2, runtimeOptions) {
     const pull = pullImageWithRetry(docker, remoteTag, stdio, runtimeOptions);
     if (pull.status !== 0) {
       throw new Error(
-        `Failed to pull ${remoteTag}. Ensure GHCR image visibility is public and the version exists. Try: eve local up --version <x.y.z>`
+        `Failed to pull ${remoteTag}. Ensure image availability/access at ${image.remote} and the version exists. Try: eve local up --version <x.y.z>`
       );
     }
     run(docker, ["tag", remoteTag, image.local], { stdio });
@@ -79324,6 +79409,37 @@ function applyLocalManifests(runtimeOptions) {
     { stdio: runtimeOptions.verbose && !runtimeOptions.quiet ? "inherit" : "pipe" }
   );
 }
+function buildPlatformImageRegistry() {
+  if (CONFIGURED_REGISTRY) {
+    return `${CONFIGURED_REGISTRY}/${CONFIGURED_NAMESPACE}`;
+  }
+  return `public.ecr.aws/w7c4v0w3/${DEFAULT_PLATFORM_NAMESPACE}`;
+}
+function buildPlatformImages() {
+  return [
+    { component: "api", remote: `${PLATFORM_IMAGE_REGISTRY}/api`, local: "eve-horizon/api:local" },
+    { component: "orchestrator", remote: `${PLATFORM_IMAGE_REGISTRY}/orchestrator`, local: "eve-horizon/orchestrator:local" },
+    { component: "worker", remote: `${PLATFORM_IMAGE_REGISTRY}/worker`, local: "eve-horizon/worker:local" },
+    { component: "gateway", remote: `${PLATFORM_IMAGE_REGISTRY}/gateway`, local: "eve-horizon/gateway:local" },
+    { component: "agent-runtime", remote: `${PLATFORM_IMAGE_REGISTRY}/agent-runtime`, local: "eve-horizon/agent-runtime:local" },
+    { component: "sso", remote: `${PLATFORM_IMAGE_REGISTRY}/sso`, local: "eve-horizon/sso:local" }
+  ];
+}
+function readManagerMarker(kubectl) {
+  const result = run(
+    kubectl,
+    ["--context", DEFAULT_KUBE_CONTEXT, "get", "namespace", "eve", "-o", "jsonpath={.metadata.annotations.eve-managed-by}"],
+    { stdio: "pipe", allowFailure: true }
+  );
+  return result.status === 0 ? result.stdout.trim() : "";
+}
+function writeManagerMarker(kubectl, runtimeOptions) {
+  run(
+    kubectl,
+    ["--context", DEFAULT_KUBE_CONTEXT, "annotate", "namespace", "eve", "eve-managed-by=cli", "--overwrite"],
+    { stdio: runtimeOptions.verbose && !runtimeOptions.quiet ? "inherit" : "pipe", allowFailure: true }
+  );
+}
 function runDbMigration(timeoutSeconds, runtimeOptions) {
   const kubectl = requireToolPath("kubectl", "Run 'eve local up' again to auto-install managed tools.");
   const migrateJobPath = (0, import_node_path18.join)(LOCAL_STACK_BASE, "db-migrate-job.yaml");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@eve-horizon/cli",
-  "version": "0.2.29",
+  "version": "0.2.30",
   "description": "Eve Horizon CLI",
   "license": "MIT",
   "repository": {
@@ -18,9 +18,6 @@
     "assets",
     "README.md"
   ],
-  "scripts": {
-    "build": "rm -rf dist && esbuild src/index.ts --bundle --platform=node --target=node22 --outfile=dist/index.js --format=cjs --external:yaml"
-  },
   "publishConfig": {
     "access": "public"
   },
@@ -31,11 +28,14 @@
     "yaml": "^2.5.1"
   },
   "devDependencies": {
-    "@eve/migrate": "workspace:*",
-    "@eve/shared": "workspace:*",
     "@types/node": "^22.0.0",
     "esbuild": "^0.27.3",
     "postgres": "^3.4.0",
-    "typescript": "^5.7.0"
+    "typescript": "^5.7.0",
+    "@eve/shared": "0.0.1",
+    "@eve/migrate": "0.0.1"
+  },
+  "scripts": {
+    "build": "rm -rf dist && esbuild src/index.ts --bundle --platform=node --target=node22 --outfile=dist/index.js --format=cjs --external:yaml"
   }
-}
+}