@instafy/cli 0.1.8-staging.348 → 0.1.8

package/README.md

@@ -7,7 +7,6 @@ Run Instafy projects locally and connect them back to Instafy Studio — from an
 ## Quickstart
 
 0. Log in once: `instafy login`
-   - Also enables Git auth (credential helper) for Instafy Git Service. Disable with `instafy login --no-git-setup`.
    - Optional: set defaults with `instafy config set controller-url <url>` / `instafy config set studio-url <url>`
 1. Link a folder to a project:
    - VS Code: install the Instafy extension and run `Instafy: Link Workspace to Project`, or
@@ -22,10 +21,7 @@ Run Instafy projects locally and connect them back to Instafy Studio — from an
 - `instafy runtime:start` — start a local runtime (agent + origin).
 - `instafy runtime:status` — show health of the last started runtime.
 - `instafy runtime:stop` — stop the last started runtime.
-- `instafy tunnel` — start a detached tunnel for a local port.
-  - `instafy tunnel:list` — list local tunnels started by the CLI.
-  - `instafy tunnel:logs <tunnelId> --follow` — tail tunnel logs.
-  - `instafy tunnel:stop <tunnelId>` — stop + revoke a tunnel.
+- `instafy tunnel` — request a tunnel and forward a local port.
 - `instafy api:get` — query controller endpoints (conversations, messages, runs, etc).
 
 Run `instafy --help` for the full command list and options.

package/dist/auth.js

@@ -2,7 +2,6 @@ import kleur from "kleur";
 import { createInterface } from "node:readline/promises";
 import { stdin as input, stdout as output } from "node:process";
 import { clearInstafyCliConfig, getInstafyConfigPath, resolveConfiguredStudioUrl, resolveControllerUrl, resolveUserAccessToken, writeInstafyCliConfig, } from "./config.js";
-import { installGitCredentialHelper, uninstallGitCredentialHelper } from "./git-setup.js";
 function normalizeUrl(raw) {
     const trimmed = typeof raw === "string" ? raw.trim() : "";
     if (!trimmed) {
@@ -75,17 +74,6 @@ export async function login(options) {
         writeInstafyCliConfig({ controllerUrl, studioUrl, accessToken: token });
         console.log("");
         console.log(kleur.green(`Saved token to ${getInstafyConfigPath()}`));
-        if (options.gitSetup !== false) {
-            try {
-                const result = installGitCredentialHelper();
-                if (result.changed) {
-                    console.log(kleur.green("Enabled git auth (credential helper installed)."));
-                }
-            }
-            catch (error) {
-                console.log(kleur.yellow(`Warning: failed to configure git credential helper: ${error instanceof Error ? error.message : String(error)}`));
-            }
-        }
     }
     else if (existing) {
         console.log("");
@@ -98,12 +86,6 @@ export async function login(options) {
 }
 export async function logout(options) {
     clearInstafyCliConfig(["accessToken"]);
-    try {
-        uninstallGitCredentialHelper();
-    }
-    catch {
-        // ignore git helper cleanup failures
-    }
     if (options?.json) {
         console.log(JSON.stringify({ ok: true }));
         return;

package/dist/git.js

@@ -43,7 +43,6 @@ export async function mintGitAccessToken(params) {
             authorization: `Bearer ${params.controllerAccessToken}`,
             "content-type": "application/json",
         },
-        signal: params.signal,
         body: JSON.stringify({
             scopes,
             ttlSeconds: params.ttlSeconds,

package/dist/index.js

@@ -5,9 +5,8 @@ import kleur from "kleur";
 import { runtimeStart, runtimeStatus, runtimeStop, runtimeToken, findProjectManifest, } from "./runtime.js";
 import { login, logout } from "./auth.js";
 import { gitToken } from "./git.js";
-import { runGitCredentialHelper } from "./git-credential.js";
 import { projectInit } from "./project.js";
-import { listTunnelSessions, startTunnelDetached, stopTunnelSession, tailTunnelLogs, runTunnelCommand } from "./tunnel.js";
+import { runTunnelCommand } from "./tunnel.js";
 import { requestControllerApi } from "./api.js";
 import { configGet, configList, configPath, configSet, configUnset } from "./config-command.js";
 export const program = new Command();
@@ -41,7 +40,6 @@ program
     .option("--studio-url <url>", "Studio web URL (default: staging or localhost)")
     .option("--server-url <url>", "Instafy server/controller URL")
     .option("--token <token>", "Provide token directly (skips prompt)")
-    .option("--no-git-setup", "Do not configure git credential helper")
     .option("--no-store", "Do not save token to ~/.instafy/config.json")
     .option("--json", "Output JSON")
     .action(async (opts) => {
@@ -50,7 +48,6 @@ program
             controllerUrl: opts.serverUrl,
             studioUrl: opts.studioUrl,
             token: opts.token,
-            gitSetup: opts.gitSetup,
             noStore: opts.store === false,
             json: opts.json,
         });
@@ -282,19 +279,6 @@ gitTokenCommand
         process.exit(1);
     }
 });
-program
-    .command("git:credential", { hidden: true })
-    .description("Internal: git credential helper (used by Git when configured)")
-    .argument("<operation>", "Operation (get|store|erase)")
-    .action(async (operation) => {
-    try {
-        await runGitCredentialHelper(operation);
-    }
-    catch (error) {
-        console.error(String(error));
-        process.exit(1);
-    }
-});
 const projectInitCommand = program
     .command("project:init")
     .description("Create an Instafy project and link this folder (.instafy/project.json)")
@@ -329,130 +313,26 @@ projectInitCommand
 });
 const tunnelCommand = program
     .command("tunnel")
-    .description("Start a shareable tunnel URL for a local port (defaults to detached)")
+    .description("Create a shareable tunnel URL for a local port")
     .option("--port <port>", "Local port to expose (default 3000)")
     .option("--project <id>", "Project UUID (defaults to .instafy/project.json or PROJECT_ID)");
 addServerUrlOptions(tunnelCommand);
 addAccessTokenOptions(tunnelCommand, "Instafy access token (defaults to saved `instafy login` token)");
 addServiceTokenOptions(tunnelCommand, "Instafy service token (advanced)");
 tunnelCommand
-    .option("--no-detach", "Run in foreground until interrupted")
     .option("--rathole-bin <path>", "Path to rathole binary (or set RATHOLE_BIN)")
-    .option("--log-file <path>", "Write tunnel logs to a file (default: ~/.instafy/cli-tunnel-logs/*)")
-    .option("--json", "Output JSON")
     .action(async (opts) => {
     try {
         const port = opts.port ? Number(opts.port) : undefined;
-        const controllerToken = opts.serviceToken ??
-            opts.controllerToken ??
-            opts.accessToken ??
-            opts.controllerAccessToken;
-        if (opts.detach === false) {
-            await runTunnelCommand({
-                project: opts.project,
-                controllerUrl: opts.serverUrl ?? opts.controllerUrl,
-                controllerToken,
-                port,
-                ratholeBin: opts.ratholeBin,
-            });
-            return;
-        }
-        const started = await startTunnelDetached({
+        await runTunnelCommand({
             project: opts.project,
             controllerUrl: opts.serverUrl ?? opts.controllerUrl,
-            controllerToken,
+            controllerToken: opts.serviceToken ??
+                opts.controllerToken ??
+                opts.accessToken ??
+                opts.controllerAccessToken,
             port,
             ratholeBin: opts.ratholeBin,
-            logFile: opts.logFile,
-        });
-        if (opts.json) {
-            console.log(JSON.stringify(started, null, 2));
-            return;
-        }
-        console.log(kleur.green(`Tunnel started: ${started.url} (tunnelId=${started.tunnelId})`));
-        console.log(kleur.gray(`pid=${started.pid} · port=${started.localPort}`));
-        console.log(kleur.gray(`log: ${started.logFile}`));
-        console.log("");
-        console.log("Next:");
-        console.log(`- ${kleur.cyan(`instafy tunnel:list`)}`);
-        console.log(`- ${kleur.cyan(`instafy tunnel:logs ${started.tunnelId} --follow`)}`);
-        console.log(`- ${kleur.cyan(`instafy tunnel:stop ${started.tunnelId}`)}`);
-        if (process.platform !== "win32") {
-            console.log(kleur.gray(`(or) tail -n 200 -f ${started.logFile}`));
-        }
-    }
-    catch (error) {
-        console.error(kleur.red(String(error)));
-        process.exit(1);
-    }
-});
-program
-    .command("tunnel:list")
-    .description("List local tunnel sessions started by this CLI")
-    .option("--all", "Include stopped/stale tunnels")
-    .option("--json", "Output JSON")
-    .action(async (opts) => {
-    try {
-        const tunnels = listTunnelSessions({ all: Boolean(opts.all), json: Boolean(opts.json) });
-        if (opts.json) {
-            console.log(JSON.stringify(tunnels, null, 2));
-            return;
-        }
-        if (tunnels.length === 0) {
-            console.log(kleur.yellow("No tunnels found."));
-            return;
-        }
-        for (const tunnel of tunnels) {
-            console.log(`${tunnel.tunnelId} · ${tunnel.url} · port=${tunnel.localPort} · pid=${tunnel.pid}`);
-        }
-    }
-    catch (error) {
-        console.error(kleur.red(String(error)));
-        process.exit(1);
-    }
-});
-program
-    .command("tunnel:stop")
-    .description("Stop a local tunnel session and revoke it")
-    .argument("[tunnelId]", "Tunnel ID (defaults to the only active tunnel)")
-    .option("--server-url <url>", "Instafy server URL")
-    .option("--access-token <token>", "Instafy access token (defaults to saved `instafy login` token)")
-    .option("--service-token <token>", "Instafy service token (advanced)")
-    .option("--json", "Output JSON")
-    .action(async (tunnelId, opts) => {
-    try {
-        const result = await stopTunnelSession({
-            tunnelId,
-            controllerUrl: opts.serverUrl,
-            controllerToken: opts.serviceToken ?? opts.accessToken,
-            json: opts.json,
-        });
-        if (opts.json) {
-            console.log(JSON.stringify(result, null, 2));
-            return;
-        }
-        console.log(kleur.green(`Tunnel stopped: ${result.tunnelId}`));
-    }
-    catch (error) {
-        console.error(kleur.red(String(error)));
-        process.exit(1);
-    }
-});
-program
-    .command("tunnel:logs")
-    .description("Show logs for a local tunnel session")
-    .argument("[tunnelId]", "Tunnel ID (defaults to the only active tunnel)")
-    .option("--lines <n>", "Number of lines to show", "200")
-    .option("--follow", "Follow log output (like tail -f)")
-    .option("--json", "Output JSON")
-    .action(async (tunnelId, opts) => {
-    try {
-        const lines = typeof opts.lines === "string" ? Number(opts.lines) : undefined;
-        await tailTunnelLogs({
-            tunnelId,
-            lines,
-            follow: Boolean(opts.follow),
-            json: Boolean(opts.json),
         });
     }
     catch (error) {

package/dist/org.js

@@ -1,11 +1,13 @@
 import kleur from "kleur";
 import { resolveControllerUrl, resolveUserAccessToken } from "./config.js";
-import { formatAuthRequiredError } from "./errors.js";
+function formatAuthRequiredError() {
+    return new Error("Login required. Run `instafy login` (recommended) or pass --access-token / set SUPABASE_ACCESS_TOKEN.");
+}
 export async function listOrganizations(params) {
     const controllerUrl = resolveControllerUrl({ controllerUrl: params.controllerUrl ?? null });
     const token = resolveUserAccessToken({ accessToken: params.accessToken ?? null });
     if (!token) {
-        throw formatAuthRequiredError({ retryCommand: "instafy org:list" });
+        throw formatAuthRequiredError();
     }
     const response = await fetch(`${controllerUrl}/orgs`, {
         headers: { authorization: `Bearer ${token}` },

package/dist/project.js

@@ -2,7 +2,9 @@ import fs from "node:fs";
 import path from "node:path";
 import kleur from "kleur";
 import { resolveControllerUrl, resolveUserAccessToken } from "./config.js";
-import { formatAuthRequiredError } from "./errors.js";
+function formatAuthRequiredError() {
+    return new Error("Login required. Run `instafy login` (recommended) or pass --access-token / set SUPABASE_ACCESS_TOKEN.");
+}
 async function fetchOrganizations(controllerUrl, token) {
     const response = await fetch(`${controllerUrl}/orgs`, {
         headers: {
@@ -66,7 +68,7 @@ export async function listProjects(options) {
     const controllerUrl = resolveControllerUrl({ controllerUrl: options.controllerUrl ?? null });
     const token = resolveUserAccessToken({ accessToken: options.accessToken ?? null });
     if (!token) {
-        throw formatAuthRequiredError({ retryCommand: "instafy project:list" });
+        throw formatAuthRequiredError();
     }
     const orgs = await fetchOrganizations(controllerUrl, token);
     let targetOrgs = orgs;
@@ -114,10 +116,7 @@ export async function projectInit(options) {
     const controllerUrl = resolveControllerUrl({ controllerUrl: options.controllerUrl ?? null });
     const token = resolveUserAccessToken({ accessToken: options.accessToken ?? null });
     if (!token) {
-        throw formatAuthRequiredError({
-            retryCommand: "instafy project:init",
-            advancedHint: "pass --access-token or set INSTAFY_ACCESS_TOKEN / SUPABASE_ACCESS_TOKEN",
-        });
+        throw formatAuthRequiredError();
     }
     const org = await resolveOrg(controllerUrl, token, options);
     const body = {

package/dist/tunnel.js

@@ -2,15 +2,9 @@ import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import { spawn } from "node:child_process";
-import { randomUUID } from "node:crypto";
 import kleur from "kleur";
 import { findProjectManifest, resolveRatholeBinaryForCli } from "./runtime.js";
 import { resolveConfiguredControllerUrl, resolveUserAccessToken } from "./config.js";
-import { formatAuthRequiredError } from "./errors.js";
-const INSTAFY_DIR = path.join(os.homedir(), ".instafy");
-const TUNNEL_STATE_FILE = path.join(INSTAFY_DIR, "cli-tunnel-state.json");
-const TUNNEL_LOG_DIR = path.join(INSTAFY_DIR, "cli-tunnel-logs");
-const TUNNEL_WORKDIR_DIR = path.join(INSTAFY_DIR, "cli-tunnel-workdirs");
 function cleanUrl(raw) {
     return raw.replace(/\/+$/, "");
 }
@@ -32,7 +26,7 @@ function resolveProject(opts) {
     if (manifest?.projectId) {
         return manifest.projectId;
     }
-    throw new Error("No project configured for this folder.\n\nNext:\n- instafy project:init\n\nOr pass --project <uuid> / set PROJECT_ID.");
+    throw new Error("No project configured. Run `instafy project:init` or pass --project.");
 }
 function resolveControllerUrl(opts) {
     const explicit = opts.controllerUrl?.trim();
@@ -73,10 +67,7 @@ function resolveControllerToken(opts) {
     if (serviceToken) {
         return serviceToken;
     }
-    throw formatAuthRequiredError({
-        retryCommand: "instafy tunnel",
-        advancedHint: "pass --access-token / --service-token, or set INSTAFY_ACCESS_TOKEN / SUPABASE_ACCESS_TOKEN / INSTAFY_SERVICE_TOKEN",
-    });
+    throw new Error("Login required. Run `instafy login`, pass --access-token, or provide --service-token / INSTAFY_SERVICE_TOKEN.");
 }
 function resolvePort(opts) {
     const fromEnv = readEnv("WEBHOOK_LOCAL_PORT") ||
@@ -85,77 +76,6 @@ function resolvePort(opts) {
     const parsedEnv = fromEnv ? Number(fromEnv) : NaN;
     return opts.port ?? (Number.isFinite(parsedEnv) ? parsedEnv : 3000);
 }
-function ensureDir(dir) {
-    fs.mkdirSync(dir, { recursive: true });
-}
-function safePathSegment(value) {
-    const trimmed = value.trim();
-    if (!trimmed)
-        return randomUUID();
-    return trimmed.replace(/[^a-zA-Z0-9._-]/g, "_");
-}
-function writeStateFile(state) {
-    ensureDir(INSTAFY_DIR);
-    fs.writeFileSync(TUNNEL_STATE_FILE, JSON.stringify(state, null, 2), "utf8");
-    try {
-        fs.chmodSync(TUNNEL_STATE_FILE, 0o600);
-    }
-    catch {
-        // ignore chmod failures (windows / unusual fs)
-    }
-}
-function readStateFile() {
-    try {
-        const raw = fs.readFileSync(TUNNEL_STATE_FILE, "utf8");
-        const parsed = JSON.parse(raw);
-        if (!parsed || typeof parsed !== "object")
-            return { version: 1, tunnels: [] };
-        if (!Array.isArray(parsed.tunnels))
-            return { version: 1, tunnels: [] };
-        return {
-            version: 1,
-            tunnels: parsed.tunnels.filter(Boolean),
-        };
-    }
-    catch {
-        return { version: 1, tunnels: [] };
-    }
-}
-function isProcessAlive(pid) {
-    if (!Number.isFinite(pid) || pid <= 0)
-        return false;
-    try {
-        process.kill(pid, 0);
-        return true;
-    }
-    catch (error) {
-        const code = error instanceof Error ? error.code : null;
-        // EPERM means the process exists but we don't have permission to signal it.
-        return code === "EPERM";
-    }
-}
-async function waitForProcessExit(pid, timeoutMs) {
-    const deadline = Date.now() + timeoutMs;
-    while (Date.now() < deadline) {
-        if (!isProcessAlive(pid))
-            return true;
-        await new Promise((resolve) => setTimeout(resolve, 100));
-    }
-    return !isProcessAlive(pid);
-}
-function upsertTunnelState(entry) {
-    const state = readStateFile();
-    const next = state.tunnels.filter((tunnel) => tunnel.tunnelId !== entry.tunnelId);
-    next.unshift(entry);
-    writeStateFile({ version: 1, tunnels: next });
-}
-function removeTunnelState(tunnelId) {
-    const state = readStateFile();
-    const existing = state.tunnels.find((tunnel) => tunnel.tunnelId === tunnelId) ?? null;
-    const next = state.tunnels.filter((tunnel) => tunnel.tunnelId !== tunnelId);
-    writeStateFile({ version: 1, tunnels: next });
-    return existing;
-}
 async function requestTunnel(controllerUrl, token, projectId, metadata) {
     const target = `${cleanUrl(controllerUrl)}/projects/${encodeURIComponent(projectId)}/tunnels/request`;
     const response = await fetch(target, {
@@ -290,181 +210,3 @@ export async function runTunnelCommand(opts, options) {
         process.once("SIGTERM", handle);
     });
 }
-export async function startTunnelDetached(opts) {
-    const projectId = resolveProject(opts);
-    const controllerUrl = resolveControllerUrl(opts);
-    const controllerToken = resolveControllerToken(opts);
-    const port = resolvePort(opts);
-    if (opts.ratholeBin) {
-        process.env.RATHOLE_BIN = opts.ratholeBin;
-    }
-    const rathole = await resolveRatholeBinaryForCli({
-        env: process.env,
-        version: process.env.RATHOLE_VERSION ?? null,
-        cacheDir: process.env.RATHOLE_CACHE_DIR ?? null,
-        logger: (message) => console.log(kleur.cyan(`[rathole] ${message}`)),
-        warn: (message) => console.warn(kleur.yellow(message)),
-    });
-    if (!rathole) {
-        throw new Error("rathole is required to start a tunnel. Set RATHOLE_BIN or ensure it is on PATH.");
-    }
-    const metadata = { localPort: port, source: "instafy-cli" };
-    const grant = await requestTunnel(controllerUrl, controllerToken, projectId, metadata);
-    ensureDir(TUNNEL_WORKDIR_DIR);
-    ensureDir(TUNNEL_LOG_DIR);
-    const tunnelIdSafe = safePathSegment(grant.tunnelId);
-    const workdir = path.join(TUNNEL_WORKDIR_DIR, tunnelIdSafe);
-    ensureDir(workdir);
-    const creds = grant.credentials && typeof grant.credentials === "object"
-        ? grant.credentials
-        : {};
-    const configBody = buildRatholeConfig(creds, port);
-    const configPath = path.join(workdir, "rathole.toml");
-    fs.writeFileSync(configPath, configBody, { encoding: "utf8", mode: 0o600 });
-    const logFile = opts.logFile?.trim()
-        ? path.resolve(opts.logFile.trim())
-        : path.join(TUNNEL_LOG_DIR, `tunnel-${tunnelIdSafe}.log`);
-    const logFd = fs.openSync(logFile, "a");
-    const child = spawn(rathole, ["-c", configPath], {
-        stdio: ["ignore", logFd, logFd],
-        cwd: workdir,
-        detached: true,
-    });
-    let exitedEarly = false;
-    let exitMessage = "";
-    child.on("exit", (code, signal) => {
-        exitedEarly = true;
-        exitMessage = code !== null ? `code ${code}` : `signal ${signal}`;
-    });
-    // Give rathole a moment to fail fast, so `instafy tunnel` can report errors.
-    await new Promise((resolve) => setTimeout(resolve, 250));
-    if (exitedEarly || !isProcessAlive(child.pid ?? -1)) {
-        const logTail = (() => {
-            try {
-                const text = fs.readFileSync(logFile, "utf8");
-                const lines = text.split(/\r?\n/).filter(Boolean);
-                return lines.slice(-20).join("\n");
-            }
-            catch {
-                return "";
-            }
-        })();
-        const suffix = logTail ? `\n\nLast logs:\n${logTail}` : "";
-        throw new Error(`Tunnel process exited (${exitMessage || "unknown"}).${suffix}`);
-    }
-    child.unref();
-    const entry = {
-        tunnelId: grant.tunnelId,
-        projectId,
-        hostname: grant.hostname,
-        url: grant.url ?? `https://${grant.hostname}`,
-        localPort: port,
-        controllerUrl: cleanUrl(controllerUrl),
-        pid: child.pid ?? -1,
-        logFile,
-        workdir,
-        startedAt: new Date().toISOString(),
-    };
-    upsertTunnelState(entry);
-    return entry;
-}
-export function listTunnelSessions(options) {
-    const state = readStateFile();
-    if (options?.all) {
-        return state.tunnels;
-    }
-    return state.tunnels.filter((entry) => isProcessAlive(entry.pid));
-}
-export async function stopTunnelSession(opts) {
-    const tunnelId = opts.tunnelId?.trim() ?? "";
-    if (!tunnelId) {
-        const active = listTunnelSessions({ all: false });
-        if (active.length === 1) {
-            return stopTunnelSession({ ...opts, tunnelId: active[0]?.tunnelId });
-        }
-        throw new Error("Tunnel id is required. Use `instafy tunnel:list` to find it.");
-    }
-    const entry = removeTunnelState(tunnelId);
-    if (!entry) {
-        throw new Error(`Tunnel not found in local state: ${tunnelId}`);
-    }
-    if (isProcessAlive(entry.pid)) {
-        try {
-            process.kill(entry.pid, "SIGTERM");
-        }
-        catch {
-            // ignore
-        }
-        const stopped = await waitForProcessExit(entry.pid, 4000);
-        if (!stopped) {
-            try {
-                process.kill(entry.pid, "SIGKILL");
-            }
-            catch {
-                // ignore
-            }
-        }
-    }
-    const controllerToken = resolveControllerToken(opts);
-    await revokeTunnel(entry.controllerUrl, controllerToken, entry.projectId, entry.tunnelId);
-    try {
-        fs.rmSync(entry.workdir, { recursive: true, force: true });
-    }
-    catch {
-        // ignore
-    }
-    return { ok: true, tunnelId: entry.tunnelId };
-}
-export function resolveTunnelLogFile(tunnelId) {
-    const chosen = tunnelId?.trim() ?? "";
-    const all = readStateFile().tunnels;
-    if (chosen) {
-        const entry = all.find((tunnel) => tunnel.tunnelId === chosen);
-        if (!entry) {
-            throw new Error(`Tunnel not found in local state: ${chosen}`);
-        }
-        return entry;
-    }
-    const active = all.filter((entry) => isProcessAlive(entry.pid));
-    if (active.length === 1) {
-        return active[0];
-    }
-    throw new Error("Tunnel id is required. Use `instafy tunnel:list` to find it.");
-}
-export async function tailTunnelLogs(options) {
-    const entry = resolveTunnelLogFile(options.tunnelId);
-    const logFile = entry.logFile;
-    const lines = Number.isFinite(options.lines) ? options.lines : NaN;
-    const lineCount = Number.isFinite(lines) && lines > 0 ? Math.floor(lines) : 200;
-    const follow = Boolean(options.follow);
-    if (options.json) {
-        console.log(JSON.stringify({ tunnelId: entry.tunnelId, logFile, follow, lines: lineCount }, null, 2));
-        return;
-    }
-    if (!follow) {
-        const raw = fs.existsSync(logFile) ? fs.readFileSync(logFile, "utf8") : "";
-        const rows = raw.split(/\r?\n/);
-        const tail = rows.slice(Math.max(0, rows.length - lineCount));
-        console.log(tail.join("\n"));
-        return;
-    }
-    // Follow mode: prefer system tail tools.
-    const child = process.platform === "win32"
-        ? spawn("powershell.exe", [
-            "-NoProfile",
-            "-Command",
-            `Get-Content -LiteralPath '${logFile.replace(/'/g, "''")}' -Tail ${lineCount} -Wait`,
-        ], { stdio: "inherit" })
-        : spawn("tail", ["-n", String(lineCount), "-f", logFile], { stdio: "inherit" });
-    const handleExit = () => {
-        try {
-            child.kill("SIGTERM");
-        }
-        catch {
-            // ignore
-        }
-    };
-    process.once("SIGINT", handleExit);
-    process.once("SIGTERM", handleExit);
-    await new Promise((resolve) => child.on("exit", () => resolve()));
-}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@instafy/cli",
-  "version": "0.1.8-staging.348",
+  "version": "0.1.8",
   "description": "Run Instafy projects locally, link folders to Studio, and share previews/webhooks via tunnels.",
   "private": false,
   "publishConfig": {
@@ -17,7 +17,6 @@
   "type": "module",
   "scripts": {
     "build": "tsc -p tsconfig.json",
-    "prepack": "tsc -p tsconfig.json",
     "dev": "ts-node src/index.ts",
     "test": "pnpm test:unit",
     "test:unit": "pnpm build && vitest run",

package/dist/errors.js

@@ -1,10 +0,0 @@
-export function formatAuthRequiredError(params) {
-    const lines = ["Not authenticated. Run `instafy login` first."];
-    if (params?.retryCommand) {
-        lines.push("", `Then retry: ${params.retryCommand}`);
-    }
-    if (params?.advancedHint) {
-        lines.push("", `Advanced: ${params.advancedHint}`);
-    }
-    return new Error(lines.join("\n"));
-}

package/dist/git-credential.js

@@ -1,201 +0,0 @@
-import { spawnSync } from "node:child_process";
-import { resolveControllerUrl, resolveUserAccessToken } from "./config.js";
-import { mintGitAccessToken } from "./git.js";
-function parseCredentialRequest(raw) {
-    const request = {};
-    for (const line of raw.split(/\r?\n/)) {
-        if (!line.trim())
-            continue;
-        const idx = line.indexOf("=");
-        if (idx <= 0)
-            continue;
-        const key = line.slice(0, idx).trim();
-        const value = line.slice(idx + 1).trim();
-        if (!value)
-            continue;
-        if (key === "protocol")
-            request.protocol = value;
-        if (key === "host")
-            request.host = value;
-        if (key === "path")
-            request.path = value;
-        if (key === "url")
-            request.url = value;
-        if (key === "username")
-            request.username = value;
-    }
-    return request;
-}
-function normalizeHost(rawHost) {
-    const host = rawHost.trim();
-    if (!host)
-        return null;
-    const lowered = host.toLowerCase();
-    const bracketed = lowered.match(/^\[(.+)\](?::\d+)?$/);
-    if (bracketed) {
-        return { host: lowered, hostname: bracketed[1] ?? lowered };
-    }
-    const lastColon = lowered.lastIndexOf(":");
-    if (lastColon > 0) {
-        const possiblePort = lowered.slice(lastColon + 1);
-        if (/^\d+$/.test(possiblePort)) {
-            return { host: lowered, hostname: lowered.slice(0, lastColon) };
-        }
-    }
-    return { host: lowered, hostname: lowered };
-}
-function resolveRequestHost(request) {
-    if (request.host?.trim())
-        return request.host.trim();
-    if (request.url?.trim()) {
-        try {
-            const parsed = new URL(request.url.trim());
-            return parsed.host;
-        }
-        catch {
-            return null;
-        }
-    }
-    return null;
-}
-function splitCsv(value) {
-    return (value ?? "")
-        .split(",")
-        .map((entry) => entry.trim().toLowerCase())
-        .filter(Boolean);
-}
-function isAllowedGitHost(rawHost) {
-    if (!rawHost)
-        return false;
-    const normalized = normalizeHost(rawHost);
-    if (!normalized)
-        return false;
-    const allowHosts = splitCsv(process.env["INSTAFY_GIT_HOSTS"]);
-    if (allowHosts.includes(normalized.host) || allowHosts.includes(normalized.hostname)) {
-        return true;
-    }
-    // Safe-by-default allow-list: Instafy domains and local dev.
-    if (normalized.hostname === "localhost" ||
-        normalized.hostname === "127.0.0.1" ||
-        normalized.hostname === "::1" ||
-        normalized.hostname === "host.docker.internal") {
-        return true;
-    }
-    return normalized.hostname.endsWith(".instafy.dev");
-}
-function normalizeRepoName(raw) {
-    const trimmed = raw.trim().replace(/^\/+/, "");
-    if (!trimmed)
-        return null;
-    const first = trimmed.split("/")[0] ?? "";
-    if (!first.endsWith(".git"))
-        return null;
-    const withoutSuffix = first.slice(0, -".git".length);
-    return withoutSuffix || null;
-}
-function isUuid(value) {
-    return /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(value);
-}
-function parseProjectIdFromUrl(raw) {
-    const trimmed = raw.trim();
-    if (!trimmed)
-        return null;
-    try {
-        const parsed = new URL(trimmed);
-        const repo = normalizeRepoName(parsed.pathname);
-        return repo && isUuid(repo) ? repo : null;
-    }
-    catch {
-        // Not a WHATWG URL (e.g. scp-like).
-    }
-    const scpLike = trimmed.match(/^(?:[^@]+@)?([^:]+):(.+)$/);
-    if (scpLike) {
-        const repo = normalizeRepoName(scpLike[2] ?? "");
-        return repo && isUuid(repo) ? repo : null;
-    }
-    return null;
-}
-function resolveProjectIdFromRequest(request) {
-    const fromPath = request.path ? normalizeRepoName(request.path) : null;
-    if (fromPath && isUuid(fromPath))
-        return fromPath;
-    const fromUrl = request.url ? parseProjectIdFromUrl(request.url) : null;
-    if (fromUrl)
-        return fromUrl;
-    return null;
-}
-function resolveProjectIdFromGitRemotes(host) {
-    const result = spawnSync("git", ["config", "--get-regexp", "^remote\\..*\\.url$"], {
-        encoding: "utf8",
-    });
-    if (result.status !== 0) {
-        return null;
-    }
-    const lines = (result.stdout ?? "").split(/\r?\n/).map((line) => line.trim()).filter(Boolean);
-    for (const line of lines) {
-        const parts = line.split(/\s+/, 2);
-        const url = parts[1] ?? "";
-        if (!url)
-            continue;
-        if (host) {
-            try {
-                const parsed = new URL(url);
-                if (parsed.host !== host)
-                    continue;
-            }
-            catch {
-                // ignore non-url remotes when host is known
-                continue;
-            }
-        }
-        const projectId = parseProjectIdFromUrl(url);
-        if (projectId)
-            return projectId;
-    }
-    return null;
-}
-export async function runGitCredentialHelper(operation) {
-    const normalized = (operation ?? "").trim().toLowerCase();
-    if (!normalized) {
-        throw new Error("git credential helper requires an operation (get|store|erase)");
-    }
-    // We mint tokens on demand; no persistence needed.
-    if (normalized === "store" || normalized === "erase") {
-        return;
-    }
-    if (normalized !== "get") {
-        throw new Error(`unsupported git credential operation: ${operation}`);
-    }
-    const stdin = await new Promise((resolve) => {
-        let buffer = "";
-        process.stdin.setEncoding("utf8");
-        process.stdin.on("data", (chunk) => (buffer += chunk));
-        process.stdin.on("end", () => resolve(buffer));
-        process.stdin.resume();
-    });
-    const request = parseCredentialRequest(stdin);
-    const requestHost = resolveRequestHost(request);
-    if (!isAllowedGitHost(requestHost)) {
-        return;
-    }
-    const projectId = resolveProjectIdFromRequest(request) ??
-        resolveProjectIdFromGitRemotes(requestHost);
-    if (!projectId) {
-        return;
-    }
-    const controllerUrl = resolveControllerUrl({ controllerUrl: null });
-    const userAccessToken = resolveUserAccessToken({ accessToken: null });
-    if (!userAccessToken) {
-        throw new Error("Not authenticated. Run `instafy login` first.");
-    }
-    const abort = new AbortController();
-    const timeout = setTimeout(() => abort.abort(), 5000);
-    const minted = await mintGitAccessToken({
-        controllerUrl,
-        controllerAccessToken: userAccessToken,
-        projectId,
-        scopes: ["git.read", "git.write"],
-        signal: abort.signal,
-    }).finally(() => clearTimeout(timeout));
-    process.stdout.write(`username=instafy\npassword=${minted.token}\n`);
-}

package/dist/git-setup.js

@@ -1,56 +0,0 @@
-import { spawnSync } from "node:child_process";
-const INSTAFY_GIT_HELPER_VALUE = "!instafy git:credential";
-function isLikelySameHelper(value) {
-    return value.includes("instafy git:credential");
-}
-function runGit(args) {
-    const result = spawnSync("git", args, { encoding: "utf8" });
-    if (result.error) {
-        throw result.error;
-    }
-    return result;
-}
-export function isGitAvailable() {
-    try {
-        const result = runGit(["--version"]);
-        return result.status === 0;
-    }
-    catch {
-        return false;
-    }
-}
-export function installGitCredentialHelper() {
-    if (!isGitAvailable()) {
-        return { changed: false };
-    }
-    const existing = runGit(["config", "--global", "--get-all", "credential.helper"]);
-    const helpers = (existing.stdout ?? "")
-        .split(/\r?\n/)
-        .map((line) => line.trim())
-        .filter(Boolean);
-    if (helpers.some(isLikelySameHelper)) {
-        return { changed: false };
-    }
-    runGit(["config", "--global", "--add", "credential.helper", INSTAFY_GIT_HELPER_VALUE]);
-    return { changed: true };
-}
-export function uninstallGitCredentialHelper() {
-    if (!isGitAvailable()) {
-        return { changed: false };
-    }
-    const existing = runGit(["config", "--global", "--get-all", "credential.helper"]);
-    const helpers = (existing.stdout ?? "")
-        .split(/\r?\n/)
-        .map((line) => line.trim())
-        .filter(Boolean);
-    if (!helpers.some(isLikelySameHelper)) {
-        return { changed: false };
-    }
-    const remaining = helpers.filter((helper) => !isLikelySameHelper(helper));
-    // Remove all helpers, then re-add the ones we didn't own.
-    runGit(["config", "--global", "--unset-all", "credential.helper"]);
-    for (const helper of remaining) {
-        runGit(["config", "--global", "--add", "credential.helper", helper]);
-    }
-    return { changed: true };
-}