@kirkelliott/zap 0.1.20 → 0.1.22

package/README.md

@@ -211,15 +211,69 @@ Both pages share `lib/page.zap`. Update that one file in S3 — both pages chang
 
 ---
 
+## Environments
+
+Each environment is a fully isolated AWS stack — its own S3 bucket, Lambda function, KV table, and URL. `prod` is the default. No flags needed for prod.
+
+```bash
+# spin up staging (takes ~30 seconds, same as init)
+zap init --env staging
+
+# deploy and test there
+zap deploy --env staging api.zap
+curl https://staging-url.lambda-url.us-east-1.on.aws/api
+
+# promote to prod when ready
+zap promote api --from staging --to prod
+```
+
+`promote` copies the file from one bucket to the other. The prod URL is live instantly.
+
+`.zaprc` stores each environment under its own key:
+
+```json
+{
+  "prod":    { "bucket": "zap-a3f2b8c1", "url": "https://abc.lambda-url…", … },
+  "staging": { "bucket": "zap-f9e2d4c7", "url": "https://xyz.lambda-url…", … }
+}
+```
+
+Every command accepts `--env`:
+
+```bash
+zap ls --env staging
+zap rollback api --env staging
+zap rm old-handler --env staging
+```
+
+---
+
+## rollback — undo a deploy
+
+Every `zap deploy` creates a new S3 version. Roll back to the previous one instantly:
+
+```bash
+zap rollback hello
+# ↩  hello  restored to 2026-02-28T19:35:00.000Z
+```
+
+Works per-environment: `zap rollback hello --env staging`
+
+No revert commits. No redeploy. The old code is live immediately.
+
+---
+
 ## CLI
 
 ```
-zap init                        Provision AWS and deploy the runtime
-zap deploy <file|directory>     Upload .zap file(s) to S3
-zap rm <name>                   Remove a handler (and its cron rule)
-zap ls                          List deployed handlers
-zap demo                        Deploy the built-in demo handlers
-zap repair                      Fix Lambda permissions if the URL stops working
+zap init [--env <env>]              Provision AWS and deploy the runtime
+zap deploy <file|dir> [--env <env>] Upload .zap file(s) to S3
+zap promote <name> [--from] [--to]  Copy a handler between environments
+zap rollback <name> [--env <env>]   Restore the previous version of a handler
+zap rm <name> [--env <env>]         Remove a handler (and its cron rule)
+zap ls [--env <env>]                List deployed handlers
+zap demo [--env <env>]              Deploy the built-in demo handlers
+zap repair [--env <env>]            Fix Lambda permissions if the URL stops working
 ```
 
 `init` writes a `.zaprc` to the project directory. All other commands read bucket and region from it — no flags needed.
@@ -272,23 +326,4 @@ MIT
 
 ---
 
-The file in S3 is just a carrier. You don't need it.
-
-```js
-// live.zap
-export default async (req) => {
-  if (!req.body) return { status: 400, body: 'POST a function' }
-  return { body: await eval(`(${req.body})`)({ kv, fetch }) }
-}
-```
-
-```bash
-curl -X POST https://your-endpoint/live \
-  -d 'async ({ kv }) => kv.get("visits")'
-```
-
-Deploy `live.zap` once. Then POST JavaScript directly — no S3, no CLI, no deploy step. The runtime running inside itself.
-
----
-
 **[live demo →](https://zn2qgaqlofvauxmoncf36m4ynq0pfarj.lambda-url.us-east-1.on.aws/)**

package/dist/cli.js

@@ -42,18 +42,21 @@ const node_fs_1 = require("node:fs");
 const node_path_1 = require("node:path");
 const cron_1 = require("./cron");
 const s3 = new client_s3_1.S3Client({});
-function readConfig() {
+function readConfig(env = 'prod') {
     try {
-        return JSON.parse((0, node_fs_1.readFileSync)('.zaprc', 'utf8'));
+        const raw = JSON.parse((0, node_fs_1.readFileSync)('.zaprc', 'utf8'));
+        if (raw.bucket)
+            return raw; // old flat format — treat as prod
+        return raw[env] ?? {};
     }
     catch {
         return {};
     }
 }
 function bucket(opts) {
-    const b = opts.bucket ?? process.env.ZAP_BUCKET ?? readConfig().bucket;
+    const b = opts.bucket ?? process.env.ZAP_BUCKET ?? readConfig(opts.env).bucket;
     if (!b) {
-        console.error('error: bucket required (--bucket, ZAP_BUCKET, or run: npm run init)');
+        console.error('error: bucket required (--bucket, ZAP_BUCKET, or run: zap init)');
         process.exit(1);
     }
     return b;
@@ -79,7 +82,7 @@ async function deployFile(b, filePath, key, baseUrl) {
     if (cronExpr) {
         const { functionArn } = readConfig();
         if (!functionArn) {
-            console.error('run npm run init first');
+            console.error('run zap init first');
             process.exit(1);
         }
         await (0, cron_1.upsertCron)(name, cronExpr, functionArn);
@@ -98,14 +101,16 @@ program
     .command('init')
     .description('provision AWS infrastructure and deploy the runtime')
     .option('-r, --region <region>', 'AWS region', 'us-east-1')
+    .option('-e, --env <env>', 'environment name', 'prod')
     .action(async (opts) => {
     const { init } = await Promise.resolve().then(() => __importStar(require('./init')));
-    await init(opts.region);
+    await init(opts.region, opts.env);
 });
 program
     .command('deploy <path>')
     .description('upload a .zap file or directory to S3')
     .option('-b, --bucket <bucket>', 'S3 bucket (or set ZAP_BUCKET)')
+    .option('-e, --env <env>', 'environment', 'prod')
     .action(async (path, opts) => {
     const b = bucket(opts);
     const info = await (0, promises_1.stat)(path);
@@ -118,15 +123,60 @@ program
         await deployFile(b, path, key);
     }
 });
+program
+    .command('promote <name>')
+    .description('copy a handler from one environment to another')
+    .option('--from <env>', 'source environment', 'staging')
+    .option('--to <env>', 'target environment', 'prod')
+    .action(async (name, opts) => {
+    const srcCfg = readConfig(opts.from);
+    const dstCfg = readConfig(opts.to);
+    if (!srcCfg.bucket) {
+        console.error(`no config for env: ${opts.from}`);
+        process.exit(1);
+    }
+    if (!dstCfg.bucket) {
+        console.error(`no config for env: ${opts.to}`);
+        process.exit(1);
+    }
+    const key = name.endsWith('.zap') ? name : `${name}.zap`;
+    const { Body } = await s3.send(new client_s3_1.GetObjectCommand({ Bucket: srcCfg.bucket, Key: key }));
+    const source = await Body.transformToString();
+    await s3.send(new client_s3_1.PutObjectCommand({ Bucket: dstCfg.bucket, Key: key, Body: source, ContentType: 'application/javascript' }));
+    console.log(`↑  ${name}  ${opts.from} → ${opts.to}`);
+});
+program
+    .command('rollback <name>')
+    .description('restore the previous version of a handler')
+    .option('-b, --bucket <bucket>', 'S3 bucket (or set ZAP_BUCKET)')
+    .option('-e, --env <env>', 'environment', 'prod')
+    .action(async (name, opts) => {
+    const b = bucket(opts);
+    const key = name.endsWith('.zap') ? name : `${name}.zap`;
+    const { Versions = [] } = await s3.send(new client_s3_1.ListObjectVersionsCommand({ Bucket: b, Prefix: key }));
+    const sorted = Versions
+        .filter(v => v.Key === key)
+        .sort((a, b) => (b.LastModified?.getTime() ?? 0) - (a.LastModified?.getTime() ?? 0));
+    if (sorted.length < 2) {
+        console.error(`no previous version found for ${name}`);
+        process.exit(1);
+    }
+    const prev = sorted[1];
+    const { Body } = await s3.send(new client_s3_1.GetObjectCommand({ Bucket: b, Key: key, VersionId: prev.VersionId }));
+    const source = await Body.transformToString();
+    await s3.send(new client_s3_1.PutObjectCommand({ Bucket: b, Key: key, Body: source, ContentType: 'application/javascript' }));
+    console.log(`↩  ${name}  restored to ${prev.LastModified?.toISOString()}`);
+});
 program
     .command('rm <name>')
     .description('remove a handler from S3')
     .option('-b, --bucket <bucket>', 'S3 bucket (or set ZAP_BUCKET)')
+    .option('-e, --env <env>', 'environment', 'prod')
     .action(async (name, opts) => {
     const b = bucket(opts);
     const key = name.endsWith('.zap') ? name : `${name}.zap`;
     await s3.send(new client_s3_1.DeleteObjectCommand({ Bucket: b, Key: key }));
-    const { functionArn } = readConfig();
+    const { functionArn } = readConfig(opts.env);
     if (functionArn)
         await (0, cron_1.removeCron)(name.replace(/\.zap$/, ''), functionArn);
     console.log(`- ${name.replace(/\.zap$/, '')}`);
@@ -135,6 +185,7 @@ program
     .command('ls')
     .description('list deployed handlers')
     .option('-b, --bucket <bucket>', 'S3 bucket (or set ZAP_BUCKET)')
+    .option('-e, --env <env>', 'environment', 'prod')
     .action(async (opts) => {
     const b = bucket(opts);
     const { Contents = [] } = await s3.send(new client_s3_1.ListObjectsV2Command({ Bucket: b }));
@@ -147,9 +198,10 @@ program
     .command('demo')
     .description('deploy the built-in demo handlers')
     .option('-b, --bucket <bucket>', 'S3 bucket (or set ZAP_BUCKET)')
+    .option('-e, --env <env>', 'environment', 'prod')
     .action(async (opts) => {
     const b = bucket(opts);
-    const { url } = readConfig();
+    const { url } = readConfig(opts.env);
     const demoDir = (0, node_path_1.resolve)(__dirname, '..', 'demo');
     const files = await walkZap(demoDir, 'demo');
     const remapped = files.map(f => f.key === 'demo/index.zap' ? { ...f, key: 'index.zap' } : f);
@@ -160,8 +212,9 @@ program
 program
     .command('debug')
     .description('show Lambda function URL auth config and resource-based policy')
-    .action(async () => {
-    const cfg = readConfig();
+    .option('-e, --env <env>', 'environment', 'prod')
+    .action(async (opts) => {
+    const cfg = readConfig(opts.env);
     const region = cfg.region ?? 'us-east-1';
     const fn = cfg.functionArn ?? cfg.function ?? 'zap-runtime';
     const lambda = new client_lambda_1.LambdaClient({ region });
@@ -198,10 +251,9 @@ program
     catch (err) {
         console.log('\ndirect invoke failed:', err.message);
     }
-    const urlCfg = readConfig();
-    if (urlCfg.url) {
+    if (cfg.url) {
         try {
-            const res = await fetch(urlCfg.url);
+            const res = await fetch(cfg.url);
             console.log(`\nurl fetch: HTTP ${res.status}`);
             console.log('headers:', Object.fromEntries([...res.headers.entries()].filter(([k]) => k.startsWith('x-amzn') || k === 'content-type')));
             console.log('body:', await res.text());
@@ -214,16 +266,13 @@ program
 program
     .command('repair')
     .description('re-apply Lambda Function URL public access permissions')
-    .action(async () => {
-    const cfg = readConfig();
+    .option('-e, --env <env>', 'environment', 'prod')
+    .action(async (opts) => {
+    const cfg = readConfig(opts.env);
     const region = cfg.region ?? 'us-east-1';
     const fn = cfg.functionArn ?? cfg.function ?? 'zap-runtime';
     const lambda = new client_lambda_1.LambdaClient({ region });
     await lambda.send(new client_lambda_1.UpdateFunctionUrlConfigCommand({ FunctionName: fn, AuthType: 'NONE', Cors: { AllowOrigins: ['*'], AllowMethods: ['*'], AllowHeaders: ['*'] } }));
-    try {
-        await lambda.send(new client_lambda_1.RemovePermissionCommand({ FunctionName: fn, StatementId: 'public-access' }));
-    }
-    catch { }
     for (const sid of ['public-access', 'public-invoke', 'FunctionURLAllowPublicAccess']) {
         try {
             await lambda.send(new client_lambda_1.RemovePermissionCommand({ FunctionName: fn, StatementId: sid }));
@@ -236,25 +285,4 @@ program
     if (cfg.url)
         console.log(`\n  → ${cfg.url.trim()}\n`);
 });
-program
-    .command('rollback <name>')
-    .description('restore the previous version of a handler')
-    .option('-b, --bucket <bucket>', 'S3 bucket (or set ZAP_BUCKET)')
-    .action(async (name, opts) => {
-    const b = bucket(opts);
-    const key = name.endsWith('.zap') ? name : `${name}.zap`;
-    const { Versions = [] } = await s3.send(new client_s3_1.ListObjectVersionsCommand({ Bucket: b, Prefix: key }));
-    const sorted = Versions
-        .filter(v => v.Key === key)
-        .sort((a, b) => (b.LastModified?.getTime() ?? 0) - (a.LastModified?.getTime() ?? 0));
-    if (sorted.length < 2) {
-        console.error(`no previous version found for ${name}`);
-        process.exit(1);
-    }
-    const prev = sorted[1];
-    const { Body } = await s3.send(new client_s3_1.GetObjectCommand({ Bucket: b, Key: key, VersionId: prev.VersionId }));
-    const source = await Body.transformToString();
-    await s3.send(new client_s3_1.PutObjectCommand({ Bucket: b, Key: key, Body: source, ContentType: 'application/javascript' }));
-    console.log(`↩  ${name}  restored to ${prev.LastModified?.toISOString()}`);
-});
 program.parse();

package/dist/init.js

@@ -10,18 +10,16 @@ const node_crypto_1 = require("node:crypto");
 const node_fs_1 = require("node:fs");
 const node_path_1 = require("node:path");
 const node_os_1 = require("node:os");
-const ROLE = 'zap-runtime-role';
-const FUNCTION = 'zap-runtime';
-const TABLE = 'zap-kv';
+const sfx = (env) => env === 'prod' ? '' : `-${env}`;
 const TRUST = JSON.stringify({
     Version: '2012-10-17',
     Statement: [{ Effect: 'Allow', Principal: { Service: 'lambda.amazonaws.com' }, Action: 'sts:AssumeRole' }],
 });
-const policy = (bucket) => JSON.stringify({
+const policy = (bucket, table) => JSON.stringify({
     Version: '2012-10-17',
     Statement: [
         { Effect: 'Allow', Action: ['s3:GetObject', 's3:ListBucket'], Resource: [`arn:aws:s3:::${bucket}`, `arn:aws:s3:::${bucket}/*`] },
-        { Effect: 'Allow', Action: ['dynamodb:GetItem', 'dynamodb:PutItem', 'dynamodb:DeleteItem'], Resource: `arn:aws:dynamodb:*:*:table/${TABLE}` },
+        { Effect: 'Allow', Action: ['dynamodb:GetItem', 'dynamodb:PutItem', 'dynamodb:DeleteItem'], Resource: `arn:aws:dynamodb:*:*:table/${table}` },
     ],
 });
 async function allowPublicUrl(lambda, functionArn) {
@@ -49,16 +47,22 @@ function step(label) {
     process.stdout.write(`  ${label.padEnd(24)}`);
     return (note = '') => console.log(`✓${note ? '  ' + note : ''}`);
 }
-async function init(region) {
+async function init(region, env = 'prod') {
+    const ROLE = `zap-runtime-role${sfx(env)}`;
+    const FUNCTION = `zap-runtime${sfx(env)}`;
+    const TABLE = `zap-kv${sfx(env)}`;
     const s3 = new client_s3_1.S3Client({ region });
     const iam = new client_iam_1.IAMClient({ region: 'us-east-1' });
     const lambda = new client_lambda_1.LambdaClient({ region });
     const dynamo = new client_dynamodb_1.DynamoDBClient({ region });
-    let config = {};
+    // Load existing config — migrate old flat format to per-env format
+    let allConfig = {};
     try {
-        config = JSON.parse((0, node_fs_1.readFileSync)('.zaprc', 'utf8'));
+        const raw = JSON.parse((0, node_fs_1.readFileSync)('.zaprc', 'utf8'));
+        allConfig = raw.bucket ? { prod: raw } : raw;
     }
     catch { }
+    const config = allConfig[env] ?? {};
     // Build — compile from source if running in the repo, otherwise use pre-built dist
     let done = step('packaging runtime');
     const distDir = (0, node_path_1.join)(__dirname, '.');
@@ -107,7 +111,7 @@ async function init(region) {
     try {
         const { Role } = await iam.send(new client_iam_1.GetRoleCommand({ RoleName: ROLE }));
         roleArn = Role.Arn;
-        await iam.send(new client_iam_1.PutRolePolicyCommand({ RoleName: ROLE, PolicyName: 'zap-access', PolicyDocument: policy(bucket) }));
+        await iam.send(new client_iam_1.PutRolePolicyCommand({ RoleName: ROLE, PolicyName: 'zap-access', PolicyDocument: policy(bucket, TABLE) }));
     }
     catch (err) {
         if (err.name !== 'NoSuchEntityException')
@@ -116,7 +120,7 @@ async function init(region) {
         const { Role } = await iam.send(new client_iam_1.CreateRoleCommand({ RoleName: ROLE, AssumeRolePolicyDocument: TRUST }));
         roleArn = Role.Arn;
         await iam.send(new client_iam_1.AttachRolePolicyCommand({ RoleName: ROLE, PolicyArn: 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole' }));
-        await iam.send(new client_iam_1.PutRolePolicyCommand({ RoleName: ROLE, PolicyName: 'zap-access', PolicyDocument: policy(bucket) }));
+        await iam.send(new client_iam_1.PutRolePolicyCommand({ RoleName: ROLE, PolicyName: 'zap-access', PolicyDocument: policy(bucket, TABLE) }));
     }
     if (isNew) {
         process.stdout.write('propagating...');
@@ -127,7 +131,7 @@ async function init(region) {
     // Lambda
     done = step('deploying lambda');
     const zip = (0, node_fs_1.readFileSync)(zipPath);
-    const env = { ZAP_BUCKET: bucket, ZAP_TABLE: TABLE };
+    const lambdaEnv = { ZAP_BUCKET: bucket, ZAP_TABLE: TABLE };
     let functionArn;
     try {
         const { Configuration } = await lambda.send(new client_lambda_1.GetFunctionCommand({ FunctionName: FUNCTION }));
@@ -135,7 +139,7 @@ async function init(region) {
         await (0, client_lambda_1.waitUntilFunctionUpdated)({ client: lambda, maxWaitTime: 60 }, { FunctionName: FUNCTION });
         await lambda.send(new client_lambda_1.UpdateFunctionCodeCommand({ FunctionName: FUNCTION, ZipFile: zip }));
         await (0, client_lambda_1.waitUntilFunctionUpdated)({ client: lambda, maxWaitTime: 60 }, { FunctionName: FUNCTION });
-        await lambda.send(new client_lambda_1.UpdateFunctionConfigurationCommand({ FunctionName: FUNCTION, Environment: { Variables: env } }));
+        await lambda.send(new client_lambda_1.UpdateFunctionConfigurationCommand({ FunctionName: FUNCTION, Environment: { Variables: lambdaEnv } }));
     }
     catch (err) {
         if (err.name !== 'ResourceNotFoundException')
@@ -146,7 +150,7 @@ async function init(region) {
             Role: roleArn,
             Handler: 'handler.handler',
             Code: { ZipFile: zip },
-            Environment: { Variables: env },
+            Environment: { Variables: lambdaEnv },
             Timeout: 30,
             MemorySize: 256,
         }));
@@ -173,6 +177,9 @@ async function init(region) {
     }
     await allowPublicUrl(lambda, functionArn);
     done();
-    (0, node_fs_1.writeFileSync)('.zaprc', JSON.stringify({ bucket, function: FUNCTION, table: TABLE, region, url, functionArn }, null, 2));
+    allConfig[env] = { bucket, function: FUNCTION, table: TABLE, region, url, functionArn };
+    (0, node_fs_1.writeFileSync)('.zaprc', JSON.stringify(allConfig, null, 2));
+    if (env !== 'prod')
+        process.stdout.write(`\n  env: ${env}`);
     console.log(`\n  → ${url.trim()}\n`);
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kirkelliott/zap",
-  "version": "0.1.20",
+  "version": "0.1.22",
   "description": "Drop a .zap file in S3. It becomes an API endpoint.",
   "main": "dist/handler.js",
   "bin": {

package/demo/live.zap

@@ -1,4 +0,0 @@
-export default async (req) => {
-  if (!req.body) return { status: 400, body: 'POST a function' }
-  return { body: await eval(`(${req.body})`)({ kv, fetch }) }
-}