@liquidmetal-ai/raindrop 0.13.0 → 0.15.0

package/bundle/{chunk-5245CEUM.js → chunk-AGG7JZVH.js}

@@ -1,12 +1,12 @@
 import {
   source_default
-} from "./chunk-36GNZK4A.js";
+} from "./chunk-V6J23FL2.js";
 import {
   UnitState,
   init_cjs_shims,
   timestampDate,
   valueOf
-} from "./chunk-V5LHJTYS.js";
+} from "./chunk-KLOYSTZY.js";
 
 // src/status.ts
 init_cjs_shims();

package/bundle/{chunk-3GFKUF5D.js → chunk-B3IY2XS6.js}

@@ -1,7 +1,9 @@
 import {
-  RecurringInterval,
+  RecurringInterval
+} from "./chunk-6L4V66WZ.js";
+import {
   init_cjs_shims
-} from "./chunk-V5LHJTYS.js";
+} from "./chunk-5XHDP4VK.js";
 
 // src/utils/price-utils.ts
 init_cjs_shims();

package/bundle/{chunk-WIDI65NO.js → chunk-CBAXTRCS.js}

@@ -1,6 +1,6 @@
 import {
   init_cjs_shims
-} from "./chunk-PS3WZBDF.js";
+} from "./chunk-5XHDP4VK.js";
 
 // ../drizzle/dist/mrn.js
 init_cjs_shims();

package/bundle/{chunk-JLVDTXO2.js → chunk-DPV5HIG7.js}

@@ -1,13 +1,13 @@
 import {
   FileSystemBundle,
   archive
-} from "./chunk-KQZJHBNG.js";
+} from "./chunk-MJBLNWG3.js";
 import {
   buildHandlers
-} from "./chunk-DLH7MI57.js";
+} from "./chunk-JQONDSHY.js";
 import {
   tmpdir
-} from "./chunk-LDFYPOXJ.js";
+} from "./chunk-TFQY5TSY.js";
 import {
   BundleArchiveType,
   Code,
@@ -17,7 +17,7 @@ import {
   init_cjs_shims,
   listEnvVars,
   valueOf
-} from "./chunk-V5LHJTYS.js";
+} from "./chunk-KLOYSTZY.js";
 
 // src/deploy.ts
 init_cjs_shims();

package/bundle/{chunk-36GNZK4A.js → chunk-EVXLXWP7.js}

@@ -1,6 +1,6 @@
 import {
   init_cjs_shims
-} from "./chunk-V5LHJTYS.js";
+} from "./chunk-5XHDP4VK.js";
 
 // ../../node_modules/.pnpm/chalk@5.4.1/node_modules/chalk/source/index.js
 init_cjs_shims();

package/bundle/{chunk-4YVU5KEQ.js → chunk-HN3AAKRY.js}

@@ -1,7 +1,9 @@
 import {
-  init_cjs_shims,
   timestampMs
-} from "./chunk-FTPZ6SQW.js";
+} from "./chunk-6L4V66WZ.js";
+import {
+  init_cjs_shims
+} from "./chunk-5XHDP4VK.js";
 
 // src/log-helpers.ts
 init_cjs_shims();

package/bundle/{chunk-NVNEQXHN.js → chunk-IGLE4Y3B.js}

@@ -1,13 +1,15 @@
 import {
-  __commonJS,
-  __require,
-  __toESM,
-  init_cjs_shims,
   require_ansi_escapes,
   require_ansi_styles,
   require_string_width,
   require_strip_ansi
-} from "./chunk-PS3WZBDF.js";
+} from "./chunk-6L4V66WZ.js";
+import {
+  __commonJS,
+  __require,
+  __toESM,
+  init_cjs_shims
+} from "./chunk-5XHDP4VK.js";
 
 // ../../node_modules/.pnpm/yoctocolors-cjs@2.1.2/node_modules/yoctocolors-cjs/index.js
 var require_yoctocolors_cjs = __commonJS({

package/bundle/{chunk-FGSYWVBA.js → chunk-IQ6HFRA6.js}

@@ -1,7 +1,7 @@
 import {
   init_cjs_shims,
   valueOf
-} from "./chunk-PS3WZBDF.js";
+} from "./chunk-5XHDP4VK.js";
 
 // src/lib/env-validation.ts
 init_cjs_shims();

package/bundle/{chunk-O3QZDJ75.js → chunk-JQONDSHY.js}

@@ -1,12 +1,12 @@
 import {
   HANDLERS_DIR
-} from "./chunk-J7HN6XF2.js";
+} from "./chunk-L6FRQULN.js";
 import {
   Actor,
   Service,
   init_cjs_shims,
   valueOf
-} from "./chunk-FTPZ6SQW.js";
+} from "./chunk-KLOYSTZY.js";
 
 // src/build.ts
 init_cjs_shims();

package/bundle/{chunk-W4IPOFZC.js → chunk-KADMFJLN.js}

@@ -1,23 +1,25 @@
 import {
   FileSystemBundle,
   archive
-} from "./chunk-7ZJWA6HP.js";
+} from "./chunk-MBLKVNI5.js";
 import {
   buildHandlers
-} from "./chunk-XKKPPSPC.js";
+} from "./chunk-OCYTN4IH.js";
 import {
   tmpdir
-} from "./chunk-MSJ33O5Y.js";
+} from "./chunk-NRCQIE3Z.js";
 import {
   BundleArchiveType,
   Code,
   ConnectError,
   ReleaseRequest_LockSchema,
   create,
+  listEnvVars
+} from "./chunk-6L4V66WZ.js";
+import {
   init_cjs_shims,
-  listEnvVars,
   valueOf
-} from "./chunk-PS3WZBDF.js";
+} from "./chunk-5XHDP4VK.js";
 
 // src/deploy.ts
 init_cjs_shims();
@@ -35,7 +37,7 @@ async function deploy(options) {
   const app = apps[0];
   const manifestContents = await fs.readFile(manifestPath, "utf8");
   await buildHandlers(command, apps, buildDir, root);
-  const runtimeVersion = await command.raindropFrameworkVersion();
+  const runtimeVersion = await command.raindropFrameworkVersion(root);
   const { client: catalogService, userId, organizationId: defaultOrganizationId } = await command.catalogService();
   const organizationId = options.impersonate ?? defaultOrganizationId;
   let deployResp;

package/bundle/chunk-KG5BLUGU.js

@@ -0,0 +1,246 @@
+import {
+  open_default
+} from "./chunk-NRCQIE3Z.js";
+import {
+  init_cjs_shims
+} from "./chunk-5XHDP4VK.js";
+
+// src/lib/workos-test-server.ts
+init_cjs_shims();
+import * as crypto from "node:crypto";
+import * as fs from "node:fs/promises";
+import * as http from "node:http";
+var AUTH_URL = "https://api.workos.com/user_management/authorize";
+var TOKEN_URL = "https://api.workos.com/user_management/authenticate";
+function base64URLEncode(buffer) {
+  return buffer.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+function sha256(input) {
+  return crypto.createHash("sha256").update(input).digest();
+}
+async function readSession(sessionFile) {
+  try {
+    const data = await fs.readFile(sessionFile, "utf8");
+    return JSON.parse(data);
+  } catch {
+    return null;
+  }
+}
+async function saveSession(sessionFile, newData, oldSession = {}) {
+  const session = {
+    access_token: newData.access_token || newData.token || "",
+    // OAuth Spec: If new refresh token is NOT returned, keep the old one
+    refresh_token: newData.refresh_token || oldSession.refresh_token,
+    user: newData.user || oldSession.user,
+    updated_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  await fs.writeFile(sessionFile, JSON.stringify(session, null, 2), "utf8");
+  try {
+    await fs.chmod(sessionFile, 384);
+  } catch {
+  }
+  return session;
+}
+async function refreshToken(options) {
+  const { clientId, sessionFile, onLog } = options;
+  const log = onLog || (() => {
+  });
+  const session = await readSession(sessionFile);
+  if (!session) {
+    throw new Error("No session file found. Run interactive login first.");
+  }
+  if (!session.refresh_token) {
+    throw new Error("No refresh token available in session.");
+  }
+  log("Refreshing token...");
+  const response = await fetch(TOKEN_URL, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      client_id: clientId,
+      grant_type: "refresh_token",
+      refresh_token: session.refresh_token
+    })
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Token refresh failed: ${errorText}`);
+  }
+  const data = await response.json();
+  const newSession = await saveSession(sessionFile, data, session);
+  log("Token refreshed successfully.");
+  return newSession;
+}
+async function startTestServer(options) {
+  const { port, host, clientId, sessionFile, onLog } = options;
+  const log = onLog || (() => {
+  });
+  const verifier = base64URLEncode(crypto.randomBytes(32));
+  const challenge = base64URLEncode(sha256(verifier));
+  const state = base64URLEncode(crypto.randomBytes(16));
+  const redirectUri = `http://${host}:${port}/callback`;
+  return new Promise((resolve, reject) => {
+    const server = http.createServer(async (req, res) => {
+      const requestUrl = new URL(req.url || "", `http://${host}:${port}`);
+      const pathname = requestUrl.pathname;
+      const searchParams = requestUrl.searchParams;
+      if (pathname === "/callback") {
+        const code = searchParams.get("code");
+        const returnedState = searchParams.get("state");
+        const error = searchParams.get("error");
+        const error_description = searchParams.get("error_description");
+        if (error) {
+          const errorMessage = `OAuth error: ${error}${error_description ? ` - ${error_description}` : ""}`;
+          log(`Error: ${errorMessage}`);
+          res.writeHead(400, { "Content-Type": "text/html" });
+          res.end(`<h1>Authentication Failed</h1><p>${errorMessage}</p>`);
+          server.close();
+          reject(new Error(errorMessage));
+          return;
+        }
+        if (returnedState !== state) {
+          const errorMessage = "Security Error: State mismatch (possible CSRF attack)";
+          log(`Error: ${errorMessage}`);
+          res.writeHead(400, { "Content-Type": "text/html" });
+          res.end(`<h1>Security Error</h1><p>State mismatch. Please try again.</p>`);
+          server.close();
+          reject(new Error(errorMessage));
+          return;
+        }
+        if (!code) {
+          const errorMessage = "No authorization code received";
+          log(`Error: ${errorMessage}`);
+          res.writeHead(400, { "Content-Type": "text/html" });
+          res.end(`<h1>Error</h1><p>${errorMessage}</p>`);
+          server.close();
+          reject(new Error(errorMessage));
+          return;
+        }
+        try {
+          log("Callback received. Exchanging code for token...");
+          const response = await fetch(TOKEN_URL, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+              client_id: clientId,
+              grant_type: "authorization_code",
+              code,
+              code_verifier: verifier
+            })
+          });
+          if (!response.ok) {
+            const errorText = await response.text();
+            throw new Error(`Token exchange failed: ${errorText}`);
+          }
+          const data = await response.json();
+          const session = await saveSession(sessionFile, data);
+          res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+          res.end(`<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Authentication Successful</title>
+  <style>
+    * { box-sizing: border-box; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, sans-serif;
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      min-height: 100vh;
+      margin: 0;
+      background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+    }
+    .card {
+      text-align: center;
+      padding: 3rem 4rem;
+      background: white;
+      border-radius: 16px;
+      box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.25);
+    }
+    .checkmark {
+      width: 80px;
+      height: 80px;
+      margin: 0 auto 1.5rem;
+      background: #22c55e;
+      border-radius: 50%;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+    }
+    .checkmark svg {
+      width: 40px;
+      height: 40px;
+      stroke: white;
+      stroke-width: 3;
+      fill: none;
+    }
+    h1 {
+      color: #1f2937;
+      font-size: 1.5rem;
+      font-weight: 600;
+      margin: 0 0 0.5rem;
+    }
+    p {
+      color: #6b7280;
+      margin: 0;
+      font-size: 1rem;
+    }
+  </style>
+</head>
+<body>
+  <div class="card">
+    <div class="checkmark">
+      <svg viewBox="0 0 24 24"><polyline points="20 6 9 17 4 12"></polyline></svg>
+    </div>
+    <h1>Authentication Successful</h1>
+    <p>You can close this tab and return to your terminal.</p>
+  </div>
+</body>
+</html>`);
+          log("Authentication complete. Session saved.");
+          resolve({ server, session });
+        } catch (err) {
+          const error2 = err;
+          log(`Error: Token exchange failed: ${error2.message}`);
+          res.writeHead(500, { "Content-Type": "text/html" });
+          res.end(`<h1>Error</h1><p>Token exchange failed: ${error2.message}</p>`);
+          server.close();
+          reject(error2);
+        }
+      } else {
+        res.writeHead(404, { "Content-Type": "text/plain" });
+        res.end("Not Found");
+      }
+    });
+    server.on("error", (err) => {
+      reject(new Error(`Server error: ${err.message}`));
+    });
+    server.listen(port, host, async () => {
+      const authUrl = new URL(AUTH_URL);
+      authUrl.searchParams.set("client_id", clientId);
+      authUrl.searchParams.set("redirect_uri", redirectUri);
+      authUrl.searchParams.set("response_type", "code");
+      authUrl.searchParams.set("provider", "authkit");
+      authUrl.searchParams.set("code_challenge", challenge);
+      authUrl.searchParams.set("code_challenge_method", "S256");
+      authUrl.searchParams.set("state", state);
+      log(`Server listening on http://${host}:${port}`);
+      log(`Authorization URL: ${authUrl.toString()}`);
+      log(`Opening browser for authentication...`);
+      try {
+        await open_default(authUrl.toString());
+      } catch (err) {
+        const error = err;
+        log(`Warning: Could not open browser automatically: ${error.message}`);
+        log(`Please open the URL above manually.`);
+      }
+    });
+  });
+}
+
+export {
+  refreshToken,
+  startTestServer
+};

package/bundle/{chunk-V5LHJTYS.js → chunk-KLOYSTZY.js}

@@ -238777,10 +238777,21 @@ async function getFrameworkVersion() {
     const packageJsonPath = path2.resolve(__dirname2, "..", "package.json");
     const packageJsonContent = await fs.readFile(packageJsonPath, "utf8");
     const packageJson = JSON.parse(packageJsonContent);
-    return packageJson.dependencies["@liquidmetal-ai/raindrop-framework"] || "unknown";
+    let version = packageJson.dependencies["@liquidmetal-ai/raindrop-framework"] || "unknown";
+    if (version === "workspace:*" || version.startsWith("workspace:")) {
+      try {
+        const frameworkPkgPath = path2.resolve(__dirname2, "..", "..", "raindrop-framework", "package.json");
+        const frameworkContent = await fs.readFile(frameworkPkgPath, "utf8");
+        const frameworkPkg = JSON.parse(frameworkContent);
+        version = frameworkPkg.version || version;
+      } catch {
+        version = "*";
+      }
+    }
+    return version;
   } catch (error) {
     console.error("Error reading framework version:", error);
-    return "unknown";
+    return "*";
   }
 }
 async function getCLIVersion() {

package/bundle/{chunk-ETC5VU7H.js → chunk-KXHVSLAI.js}

@@ -1,7 +1,7 @@
 import {
   init_cjs_shims,
   valueOf
-} from "./chunk-V5LHJTYS.js";
+} from "./chunk-KLOYSTZY.js";
 
 // src/lib/env-validation.ts
 init_cjs_shims();

package/bundle/{chunk-Y4WFGNPM.js → chunk-L6FRQULN.js}

@@ -5,7 +5,7 @@ import {
   init_cjs_shims,
   require_source_map,
   valueOf
-} from "./chunk-PS3WZBDF.js";
+} from "./chunk-KLOYSTZY.js";
 
 // ../../node_modules/.pnpm/handlebars@4.7.8/node_modules/handlebars/dist/cjs/handlebars/utils.js
 var require_utils = __commonJS({

package/bundle/{chunk-3QCVYSRU.js → chunk-LT3BFQ4O.js}

@@ -1,7 +1,7 @@
 import {
   init_cjs_shims,
   timestampMs
-} from "./chunk-V5LHJTYS.js";
+} from "./chunk-KLOYSTZY.js";
 
 // src/log-helpers.ts
 init_cjs_shims();

package/bundle/{chunk-KQZJHBNG.js → chunk-MBLKVNI5.js}

@@ -1,6 +1,6 @@
 import {
   init_cjs_shims
-} from "./chunk-V5LHJTYS.js";
+} from "./chunk-5XHDP4VK.js";
 
 // ../drizzle/dist/codestore.js
 init_cjs_shims();

package/bundle/{chunk-6AIUQUUM.js → chunk-MFMVJZW6.js}

@@ -1,23 +1,25 @@
-import {
-  tmpdir
-} from "./chunk-IMP7O5AC.js";
 import {
   FileSystemBundle,
   archive
-} from "./chunk-25T7MEKO.js";
+} from "./chunk-MBLKVNI5.js";
 import {
   buildHandlers
-} from "./chunk-O3QZDJ75.js";
+} from "./chunk-OCYTN4IH.js";
+import {
+  tmpdir
+} from "./chunk-NRCQIE3Z.js";
 import {
   BundleArchiveType,
   Code,
   ConnectError,
   ReleaseRequest_LockSchema,
   create,
+  listEnvVars
+} from "./chunk-6L4V66WZ.js";
+import {
   init_cjs_shims,
-  listEnvVars,
   valueOf
-} from "./chunk-FTPZ6SQW.js";
+} from "./chunk-5XHDP4VK.js";
 
 // src/deploy.ts
 init_cjs_shims();
@@ -35,7 +37,7 @@ async function deploy(options) {
   const app = apps[0];
   const manifestContents = await fs.readFile(manifestPath, "utf8");
   await buildHandlers(command, apps, buildDir, root);
-  const runtimeVersion = await command.raindropFrameworkVersion();
+  const runtimeVersion = await command.raindropFrameworkVersion(root);
   const { client: catalogService, userId, organizationId: defaultOrganizationId } = await command.catalogService();
   const organizationId = options.impersonate ?? defaultOrganizationId;
   let deployResp;
@@ -122,21 +124,75 @@ async function checkEnvironmentVariables(command, app, catalogService, userId, o
     });
     let unset = false;
     const remoteEnvVars = Object.fromEntries(getEnvsResp.envs.map((env) => [env.key, env.value]));
+    const missingVars = [];
     for (const key of Object.keys(envVars)) {
       const manifestDefault = envVars[key]?.default;
       const remoteValue = remoteEnvVars[key];
       if (remoteValue === void 0 && manifestDefault === void 0) {
-        if (!unset) {
-          command.warn(`The following environment variables were not set and are required for deployment:`);
-        }
         unset = true;
-        command.warn(key);
+        missingVars.push(key);
       }
     }
     if (unset) {
-      command.error(
-        "Please set environment variables before deploying. You can resume using `raindrop build deploy --amend`"
-      );
+      const config = await command.loadConfig();
+      if (!config.lock) {
+        config.sandbox = true;
+        await command.saveConfig(config);
+      }
+      const varCount = missingVars.length;
+      const secretCount = missingVars.filter((key) => envVars[key]?.secret).length;
+      const allMissing = Object.keys(envVars).length === missingVars.length;
+      if (allMissing) {
+        command.warn("First-Time Setup Required: Environment Variables Missing\n");
+        command.warn(`Setup Required Variables:`);
+        command.warn(`   \u2022 ${varCount} required environment variable${varCount !== 1 ? "s" : ""}`);
+        if (secretCount > 0) {
+          command.warn(`   \u2022 ${secretCount} secret${secretCount !== 1 ? "s" : ""} (will be stored securely)`);
+        }
+        command.warn(`
+Missing Variables:`);
+        missingVars.forEach((key, index) => {
+          const isSecret = envVars[key]?.secret;
+          command.warn(`   ${index + 1}. ${key} ${isSecret ? "(secret)" : ""}`);
+        });
+        command.warn(`
+Quick Setup (recommended for secrets):`);
+        command.warn(`   raindrop build env setup`);
+        command.warn(`
+Manual Setup:`);
+        missingVars.forEach((key) => {
+          const isSecret = envVars[key]?.secret;
+          command.warn(`   raindrop build env set ${key} ${isSecret ? "<value>" : "<value>"}`);
+          if (isSecret) {
+            command.warn(`   echo "your-secret" | raindrop build env set ${key} -  # Secure input`);
+          }
+        });
+        command.warn(`
+Discovery Commands:`);
+        command.warn(`   raindrop build env list    # See count (secure)`);
+        command.warn(`   raindrop build env list --show-details --acknowledge-risk    # See names`);
+      } else {
+        command.warn(`Environment Variables Missing:`);
+        command.warn(`   Missing: ${missingVars.length}/${Object.keys(envVars).length} variables`);
+        command.warn(`
+Missing Variables:`);
+        missingVars.forEach((key, index) => {
+          const isSecret = envVars[key]?.secret;
+          command.warn(`   ${index + 1}. ${key} ${isSecret ? "(secret)" : ""}`);
+        });
+        command.warn(`
+Update Missing Variables:`);
+        missingVars.forEach((key) => {
+          command.warn(`   raindrop build env set ${key} <value>`);
+        });
+        command.warn(`
+Interactive Update:`);
+        command.warn(`   raindrop build env setup    # Will prompt for missing variables only`);
+      }
+      command.warn(`
+Then resume deployment:`);
+      command.warn(`   raindrop build deploy --amend`);
+      command.error("Environment variables must be set before deployment");
     }
   }
 }

package/bundle/{chunk-25T7MEKO.js → chunk-MJBLNWG3.js}

@@ -1,6 +1,6 @@
 import {
   init_cjs_shims
-} from "./chunk-FTPZ6SQW.js";
+} from "./chunk-KLOYSTZY.js";
 
 // ../drizzle/dist/codestore.js
 init_cjs_shims();