@liquidmetal-ai/raindrop 0.4.11 → 0.4.12

package/dist/base-command.d.ts

@@ -6,6 +6,7 @@ import { SearchAgentService } from '@liquidmetal-ai/drizzle/liquidmetal/v1alpha1
 import { AnnotationService } from '@liquidmetal-ai/drizzle/liquidmetal/v1alpha1/annotation_pb';
 import { EventStreamService } from '@liquidmetal-ai/drizzle/liquidmetal/v1alpha1/events_pb';
 import { RiverjackService } from '@liquidmetal-ai/drizzle/liquidmetal/v1alpha1/riverjack_pb';
+import { S3CredentialService } from '@liquidmetal-ai/drizzle/liquidmetal/v1alpha1/bucket_api_pb';
 import { Command, Interfaces } from '@oclif/core';
 import { Config } from './config.js';
 import { ServiceIdentity } from './index.js';
@@ -67,6 +68,11 @@ export declare abstract class BaseCommand<T extends typeof Command> extends Comm
         organizationId: string;
         userId: string;
     }>;
+    protected bucketApiService(baseUrl: string): Promise<{
+        client: StrictClient<typeof S3CredentialService>;
+        organizationId: string;
+        userId: string;
+    }>;
     protected rainbowAuthService(): Promise<{
         client: StrictClient<typeof RainbowAuthService>;
     }>;

package/dist/base-command.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"base-command.d.ts","sourceRoot":"","sources":["../src/base-command.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,sCAAsC,CAAC;AAEnE,OAAO,EAAE,cAAc,EAAE,MAAM,yDAAyD,CAAC;AACzF,OAAO,EAAE,aAAa,EAAE,MAAM,wDAAwD,CAAC;AACvF,OAAO,EAAE,kBAAkB,EAAE,MAAM,8DAA8D,CAAC;AAClG,OAAO,EAAE,kBAAkB,EAAE,MAAM,8DAA8D,CAAC;AAClG,OAAO,EAAE,iBAAiB,EAAE,MAAM,4DAA4D,CAAC;AAC/F,OAAO,EAAE,kBAAkB,EAAE,MAAM,wDAAwD,CAAC;AAC5F,OAAO,EAAE,gBAAgB,EAAE,MAAM,2DAA2D,CAAC;AAG7F,OAAO,EAAE,OAAO,EAAS,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzD,OAAO,EAAE,MAAM,EAA0B,MAAM,aAAa,CAAC;AAC7D,OAAO,EAML,eAAe,EAIhB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,MAAM,KAAK,CAAC,CAAC,SAAS,OAAO,OAAO,IAAI,UAAU,CAAC,aAAa,CAAC,CAAC,OAAO,WAAW,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;AACvH,MAAM,MAAM,IAAI,CAAC,CAAC,SAAS,OAAO,OAAO,IAAI,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;AAEhF,8BAAsB,WAAW,CAAC,CAAC,SAAS,OAAO,OAAO,CAAE,SAAQ,OAAO;IACzE,MAAM,CAAC,YAAY;;;;;;;;MAsCjB;IAEF,MAAM,CAAC,SAAS,KAAM;IACtB,MAAM,CAAC,QAAQ,KAAM;IAErB,SAAS,CAAC,KAAK,EAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAC3B,SAAS,CAAC,IAAI,EAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAEzB,SAAS,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IAErB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;cAclB,KAAK,CAAC,GAAG,EAAE,KAAK,GAAG;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,GAAG,CAAC;cAKvD,OAAO,CAAC,CAAC,EAAE,KAAK,GAAG,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC;IAIrD,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC;IAK7B,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIzC,YAAY,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;IAuB5C,SAAS,CAAC,SAAS,IAAI,MAAM;cAIb,eAAe,IAAI,OAAO,CAAC,eAAe,CAAC;IA6BrD,cAAc,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QAChD,MAAM,EAAE,YAAY,CAAC,OAAO,cAAc,CAAC,CAAC;QAC5C,MAAM,EAAE,MAAM,CAAC;QACf,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;cAec,kBAAkB,IAAI,OAAO,CAAC;QAC5C,MAAM,EAAE,YAAY,CAAC,OAAO,kBAAkB,CAAC,CAAC;QAChD,cAAc,EAAE,MAAM,CAAC;QACvB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;cAcc,aAAa,IAAI,OAAO,CAAC;QACvC,MAAM,EAAE,YAAY,CAAC,OAAO,aAAa,CAAC,CAAC;QAC3C,cAAc,EAAE,MAAM,CAAC;QACvB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;cAkBc,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC;QACT,MAAM,EAAE,YAAY,CAAC,OAAO,iBAAiB,CAAC,CAAC;QAC/C,cAAc,EAAE,MAAM,CAAC;QACvB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;cAiBc,kBAAkB,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QAC9D,MAAM,EAAE,YAAY,CAAC,OAAO,kBAAkB,CAAC,CAAC;QAChD,MAAM,EAAE,MAAM,CAAC;QACf,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;cAec,gBAAgB,CAC9B,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC;QACT,MAAM,EAAE,YAAY,CAAC,OAAO,gBAAgB,CAAC,CAAC;QAC9C,cAAc,EAAE,MAAM,CAAC;QACvB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;cAiBc,kBAAkB,IAAI,OAAO,CAAC;QAC5C,MAAM,EAAE,YAAY,CAAC,OAAO,kBAAkB,CAAC,CAAC;KACjD,CAAC;IAMI,wBAAwB,IAAI,OAAO,CAAC,MAAM,CAAC;IAWjD,GAAG,CAAC,OAAO,GAAE,MAAW,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,IAAI;CAGhD"}
+{"version":3,"file":"base-command.d.ts","sourceRoot":"","sources":["../src/base-command.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,sCAAsC,CAAC;AAEnE,OAAO,EAAE,cAAc,EAAE,MAAM,yDAAyD,CAAC;AACzF,OAAO,EAAE,aAAa,EAAE,MAAM,wDAAwD,CAAC;AACvF,OAAO,EAAE,kBAAkB,EAAE,MAAM,8DAA8D,CAAC;AAClG,OAAO,EAAE,kBAAkB,EAAE,MAAM,8DAA8D,CAAC;AAClG,OAAO,EAAE,iBAAiB,EAAE,MAAM,4DAA4D,CAAC;AAC/F,OAAO,EAAE,kBAAkB,EAAE,MAAM,wDAAwD,CAAC;AAC5F,OAAO,EAAE,gBAAgB,EAAE,MAAM,2DAA2D,CAAC;AAC7F,OAAO,EAAE,mBAAmB,EAAE,MAAM,4DAA4D,CAAC;AAGjG,OAAO,EAAE,OAAO,EAAS,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzD,OAAO,EAAE,MAAM,EAA0B,MAAM,aAAa,CAAC;AAC7D,OAAO,EAML,eAAe,EAKhB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,MAAM,KAAK,CAAC,CAAC,SAAS,OAAO,OAAO,IAAI,UAAU,CAAC,aAAa,CAAC,CAAC,OAAO,WAAW,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;AACvH,MAAM,MAAM,IAAI,CAAC,CAAC,SAAS,OAAO,OAAO,IAAI,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;AAEhF,8BAAsB,WAAW,CAAC,CAAC,SAAS,OAAO,OAAO,CAAE,SAAQ,OAAO;IACzE,MAAM,CAAC,YAAY;;;;;;;;MAsCjB;IAEF,MAAM,CAAC,SAAS,KAAM;IACtB,MAAM,CAAC,QAAQ,KAAM;IAErB,SAAS,CAAC,KAAK,EAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAC3B,SAAS,CAAC,IAAI,EAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAEzB,SAAS,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IAErB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;cAclB,KAAK,CAAC,GAAG,EAAE,KAAK,GAAG;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,GAAG,CAAC;cAKvD,OAAO,CAAC,CAAC,EAAE,KAAK,GAAG,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC;IAIrD,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC;IAK7B,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIzC,YAAY,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;IAuB5C,SAAS,CAAC,SAAS,IAAI,MAAM;cAIb,eAAe,IAAI,OAAO,CAAC,eAAe,CAAC;IA6BrD,cAAc,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QAChD,MAAM,EAAE,YAAY,CAAC,OAAO,cAAc,CAAC,CAAC;QAC5C,MAAM,EAAE,MAAM,CAAC;QACf,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;cAec,kBAAkB,IAAI,OAAO,CAAC;QAC5C,MAAM,EAAE,YAAY,CAAC,OAAO,kBAAkB,CAAC,CAAC;QAChD,cAAc,EAAE,MAAM,CAAC;QACvB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;cAcc,aAAa,IAAI,OAAO,CAAC;QACvC,MAAM,EAAE,YAAY,CAAC,OAAO,aAAa,CAAC,CAAC;QAC3C,cAAc,EAAE,MAAM,CAAC;QACvB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;cAkBc,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC;QACT,MAAM,EAAE,YAAY,CAAC,OAAO,iBAAiB,CAAC,CAAC;QAC/C,cAAc,EAAE,MAAM,CAAC;QACvB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;cAiBc,kBAAkB,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QAC9D,MAAM,EAAE,YAAY,CAAC,OAAO,kBAAkB,CAAC,CAAC;QAChD,MAAM,EAAE,MAAM,CAAC;QACf,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;cAec,gBAAgB,CAC9B,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC;QACT,MAAM,EAAE,YAAY,CAAC,OAAO,gBAAgB,CAAC,CAAC;QAC9C,cAAc,EAAE,MAAM,CAAC;QACvB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;cAiBc,gBAAgB,CAC9B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC;QACT,MAAM,EAAE,YAAY,CAAC,OAAO,mBAAmB,CAAC,CAAC;QACjD,cAAc,EAAE,MAAM,CAAC;QACvB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;cAgBc,kBAAkB,IAAI,OAAO,CAAC;QAC5C,MAAM,EAAE,YAAY,CAAC,OAAO,kBAAkB,CAAC,CAAC;KACjD,CAAC;IAMI,wBAAwB,IAAI,OAAO,CAAC,MAAM,CAAC;IAWjD,GAAG,CAAC,OAAO,GAAE,MAAW,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,IAAI;CAGhD"}

package/dist/base-command.js

@@ -5,7 +5,7 @@ import { Command, Flags } from '@oclif/core';
 import * as fs from 'node:fs/promises';
 import path from 'node:path';
 import { loadConfig, saveConfig } from './config.js';
-import { catalogService, objectService, rainbowAuthService, searchAgentService, selectedOrganization, annotationService, eventStreamService, riverjackService, } from './index.js';
+import { catalogService, objectService, rainbowAuthService, searchAgentService, selectedOrganization, annotationService, eventStreamService, riverjackService, bucketApiService, } from './index.js';
 export class BaseCommand extends Command {
     static HIDDEN_FLAGS = {
         config: Flags.string({
@@ -213,6 +213,21 @@ export class BaseCommand extends Command {
         });
         return result;
     }
+    async bucketApiService(baseUrl) {
+        const { client: rainbowAuth } = await this.rainbowAuthService();
+        const identity = await this.catalogIdentity();
+        const result = await bucketApiService({
+            rainbowAuth,
+            configDir: this.config.configDir,
+            identity: {
+                ...identity,
+                baseUrl,
+            },
+            logger: this,
+            enableSendVersion: this.flags.sendVersionMetadata === 'true',
+        });
+        return result;
+    }
     async rainbowAuthService() {
         const baseUrl = this.flags.rainbowAuthService;
         return rainbowAuthService(baseUrl);

package/dist/codegen.js

@@ -277,9 +277,9 @@ export function gatherEnvForHandler(handler, app) {
         bindings[kebabCaseToConstantCase(valueOf(appSmartBucket.name))] = 'SmartBucket';
         types.add('SmartBucket');
     }
-    for (const appAgentMemory of app.agentMemory) {
-        bindings[kebabCaseToConstantCase(valueOf(appAgentMemory.name))] = 'AgentMemory';
-        types.add('AgentMemory');
+    for (const appSmartMemory of app.smartMemory) {
+        bindings[kebabCaseToConstantCase(valueOf(appSmartMemory.name))] = 'SmartMemory';
+        types.add('SmartMemory');
     }
     for (const env of app.env) {
         bindings[kebabCaseToConstantCase(valueOf(env.name))] = 'string';

package/dist/codegen.test.js

@@ -130,10 +130,10 @@ test('kebabCaseToCamelCase', () => {
 test('kebabCaseToUpperCamelCase', () => {
     expect(kebabCaseToUpperCamelCase('my-variable')).toEqual('MyVariable');
 });
-test('generates AgentMemory type bindings', async () => {
+test('generates SmartMemory type bindings', async () => {
     const apps = await mustManifestFromString(`
     application "test-app" {
-      agent_memory "user-memory" {}
+      smartmemory "user-memory" {}
       
       service "test-service" {}
     }
@@ -141,10 +141,10 @@ test('generates AgentMemory type bindings', async () => {
     const app = apps[0];
     const service = app.service[0];
     const generated = gatherEnvForHandler(service, app);
-    // Should include AgentMemory import
-    expect(generated).toMatch(/import\s+{[^}]*AgentMemory[^}]*}\s+from\s+'@liquidmetal-ai\/raindrop-framework'/);
-    // Should include AgentMemory type binding with constant case naming
-    expect(generated).toMatch(/USER_MEMORY:\s*AgentMemory/);
+    // Should include SmartMemory import
+    expect(generated).toMatch(/import\s+{[^}]*SmartMemory[^}]*}\s+from\s+'@liquidmetal-ai\/raindrop-framework'/);
+    // Should include SmartMemory type binding with constant case naming
+    expect(generated).toMatch(/USER_MEMORY:\s*SmartMemory/);
 });
 test('generates SmartBucket type bindings', async () => {
     const apps = await mustManifestFromString(`

package/dist/commands/bucket/create-credential.d.ts

@@ -0,0 +1,25 @@
+import { BaseCommand } from '../../base-command.js';
+export default class CreateCredential extends BaseCommand<typeof CreateCredential> {
+    static description: string;
+    static examples: string[];
+    static flags: {
+        bucket: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        name: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        'expires-at': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        'api-url': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        application: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        version: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        output: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        impersonate: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        manifest: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        config: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        rainbowAuthService: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        raindropCatalogService: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        rainbowAuthToken: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        rainbowOrganizationId: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        rainbowUserId: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        sendVersionMetadata: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+}
+//# sourceMappingURL=create-credential.d.ts.map

package/dist/commands/bucket/create-credential.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-credential.d.ts","sourceRoot":"","sources":["../../../src/commands/bucket/create-credential.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAEpD,MAAM,CAAC,OAAO,OAAO,gBAAiB,SAAQ,WAAW,CAAC,OAAO,gBAAgB,CAAC;IAChF,MAAM,CAAC,WAAW,SAAwC;IAE1D,MAAM,CAAC,QAAQ,WAUb;IAEF,MAAM,CAAC,KAAK;;;;;;;;;;;;;;;;;MAqDV;IAEI,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;CA8G3B"}

package/dist/commands/bucket/create-credential.js

@@ -0,0 +1,171 @@
+import { toJsonString } from '@bufbuild/protobuf';
+import { timestampDate, timestampFromDate } from '@bufbuild/protobuf/wkt';
+import { valueOf } from '@liquidmetal-ai/drizzle/appify/build';
+import { CreateCredentialResponseSchema } from '@liquidmetal-ai/drizzle/liquidmetal/v1alpha1/bucket_api_pb';
+import { Flags } from '@oclif/core';
+import { BaseCommand } from '../../base-command.js';
+export default class CreateCredential extends BaseCommand {
+    static description = 'Create S3 credentials for a bucket';
+    static examples = [
+        `<%= config.bin %> bucket create-credential --bucket my-bucket --name "My API Key"
+Create a new S3 credential for my-bucket
+`,
+        `<%= config.bin %> bucket create-credential --bucket my-bucket --name "Temp Key" --expires-at "2024-12-31"
+Create a credential that expires on Dec 31, 2024
+`,
+        `<%= config.bin %> bucket create-credential --api-url https://bucket.example.com --name "Direct API Key"
+Create a credential using a direct API URL
+`,
+    ];
+    static flags = {
+        ...BaseCommand.HIDDEN_FLAGS,
+        bucket: Flags.string({
+            char: 'b',
+            description: 'bucket name',
+            required: false,
+            exclusive: ['api-url'],
+        }),
+        name: Flags.string({
+            char: 'n',
+            description: 'credential name',
+            required: true,
+        }),
+        'expires-at': Flags.string({
+            description: 'expiration date (ISO 8601 format)',
+            required: false,
+        }),
+        'api-url': Flags.string({
+            description: 'direct API URL (bypasses bucket discovery)',
+            required: false,
+            exclusive: ['bucket', 'application', 'version'],
+        }),
+        application: Flags.string({
+            char: 'a',
+            description: 'application name',
+            required: false,
+            exclusive: ['api-url'],
+        }),
+        version: Flags.string({
+            char: 'v',
+            description: 'application version',
+            required: false,
+            exclusive: ['api-url'],
+        }),
+        output: Flags.string({
+            char: 'o',
+            description: 'output format',
+            default: 'text',
+            options: ['text', 'json'],
+        }),
+        impersonate: Flags.string({
+            char: 'i',
+            description: 'impersonate organization',
+            required: false,
+            hidden: true,
+        }),
+        manifest: Flags.string({
+            char: 'M',
+            description: 'project manifest',
+            required: false,
+            default: 'raindrop.manifest',
+            hidden: true,
+        }),
+    };
+    async run() {
+        const { flags } = await this.parse(CreateCredential);
+        // Validate that we have either api-url or bucket
+        if (!flags['api-url'] && !flags.bucket) {
+            this.error('Either --api-url or --bucket must be specified');
+        }
+        let apiUrl;
+        let bucketName;
+        if (flags['api-url']) {
+            // Direct API URL provided, skip discovery
+            apiUrl = flags['api-url'];
+        }
+        else {
+            // Need to discover the bucket
+            bucketName = flags.bucket;
+            // Get application info from flags or config/manifest
+            let applicationName = flags.application;
+            let applicationVersionId = flags.version;
+            if (!applicationVersionId) {
+                const config = await this.loadConfig();
+                applicationVersionId = config.versionId;
+            }
+            if (!applicationName) {
+                const apps = await this.loadManifest();
+                const app = apps[0];
+                if (app === undefined) {
+                    this.error('No application provided or found in manifest', { exit: 1 });
+                }
+                applicationName = valueOf(app.name);
+            }
+            // Query for the bucket module
+            const { client: catalogService, userId, organizationId: defaultOrganizationId } = await this.catalogService();
+            const organizationId = flags.impersonate ?? defaultOrganizationId;
+            const modulesResp = await catalogService.queryModules({
+                userId,
+                applicationName,
+                applicationVersionId,
+                organizationId,
+                moduleType: 'bucket',
+            });
+            // Find the specific bucket
+            const bucketModule = modulesResp.modules.find(m => m.name === bucketName && m.type === 'bucket');
+            if (!bucketModule) {
+                this.error(`Bucket '${bucketName}' not found in application ${applicationName}@${applicationVersionId}`);
+            }
+            // Extract the API URL from the bucket module
+            apiUrl = bucketModule.bucket?.s3?.apiUrl;
+            if (!apiUrl) {
+                this.error(`Bucket '${bucketName}' does not have an API URL configured`);
+            }
+        }
+        // Parse expires_at if provided
+        let expiresAt;
+        if (flags['expires-at']) {
+            const expiresDate = new Date(flags['expires-at']);
+            if (isNaN(expiresDate.getTime())) {
+                this.error('Invalid expiration date format. Use ISO 8601 format (e.g., 2024-12-31 or 2024-12-31T23:59:59Z)');
+            }
+            if (expiresDate <= new Date()) {
+                this.error('Expiration date must be in the future');
+            }
+            expiresAt = timestampFromDate(expiresDate);
+        }
+        // Create the S3 credential service client
+        const { client: credentialService } = await this.bucketApiService(apiUrl);
+        try {
+            const response = await credentialService.createCredential({
+                name: flags.name,
+                expiresAt,
+            });
+            // Output the result
+            if (flags.output === 'json') {
+                console.log(toJsonString(CreateCredentialResponseSchema, response, { prettySpaces: 2 }));
+            }
+            else {
+                const cred = response.credential;
+                if (!cred) {
+                    this.error('No credential returned from service');
+                }
+                console.log(`Successfully created S3 credential${bucketName ? ` for bucket '${bucketName}'` : ''}`);
+                console.log(`\nAccess Key: ${cred.accessKey}`);
+                console.log(`Secret Key: ${cred.secretKey}`);
+                console.log(`Name: ${cred.name}`);
+                if (cred.createdAt) {
+                    console.log(`Created: ${timestampDate(cred.createdAt).toISOString()}`);
+                }
+                if (cred.expiresAt) {
+                    console.log(`Expires: ${timestampDate(cred.expiresAt).toISOString()}`);
+                }
+                console.log('\n⚠️  Save these credentials securely - the secret key cannot be retrieved again!');
+            }
+        }
+        catch (error) {
+            const err = error;
+            this.error(`Failed to create credential: ${err.message}`);
+        }
+    }
+}

package/dist/commands/bucket/delete-credential.d.ts

@@ -0,0 +1,24 @@
+import { BaseCommand } from '../../base-command.js';
+export default class DeleteCredential extends BaseCommand<typeof DeleteCredential> {
+    static description: string;
+    static examples: string[];
+    static flags: {
+        bucket: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        'access-key': import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        'api-url': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        application: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        version: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        output: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        impersonate: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        manifest: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        config: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        rainbowAuthService: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        raindropCatalogService: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        rainbowAuthToken: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        rainbowOrganizationId: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        rainbowUserId: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        sendVersionMetadata: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+}
+//# sourceMappingURL=delete-credential.d.ts.map

package/dist/commands/bucket/delete-credential.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"delete-credential.d.ts","sourceRoot":"","sources":["../../../src/commands/bucket/delete-credential.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAEpD,MAAM,CAAC,OAAO,OAAO,gBAAiB,SAAQ,WAAW,CAAC,OAAO,gBAAgB,CAAC;IAChF,MAAM,CAAC,WAAW,SAA6B;IAE/C,MAAM,CAAC,QAAQ,WAOb;IAEF,MAAM,CAAC,KAAK;;;;;;;;;;;;;;;;MAgDV;IAEI,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;CAqF3B"}

package/dist/commands/bucket/delete-credential.js

@@ -0,0 +1,140 @@
+import { toJsonString } from '@bufbuild/protobuf';
+import { valueOf } from '@liquidmetal-ai/drizzle/appify/build';
+import { DeleteCredentialResponseSchema } from '@liquidmetal-ai/drizzle/liquidmetal/v1alpha1/bucket_api_pb';
+import { Flags } from '@oclif/core';
+import { BaseCommand } from '../../base-command.js';
+export default class DeleteCredential extends BaseCommand {
+    static description = 'Delete an S3 credential';
+    static examples = [
+        `<%= config.bin %> bucket delete-credential --bucket my-bucket --access-key AKIAIOSFODNN7EXAMPLE
+Delete a specific credential
+`,
+        `<%= config.bin %> bucket delete-credential --api-url https://bucket.example.com --access-key AKIAIOSFODNN7EXAMPLE
+Delete credential using a direct API URL
+`,
+    ];
+    static flags = {
+        ...BaseCommand.HIDDEN_FLAGS,
+        bucket: Flags.string({
+            char: 'b',
+            description: 'bucket name',
+            required: false,
+            exclusive: ['api-url'],
+        }),
+        'access-key': Flags.string({
+            description: 'access key of the credential to delete',
+            required: true,
+        }),
+        'api-url': Flags.string({
+            description: 'direct API URL (bypasses bucket discovery)',
+            required: false,
+            exclusive: ['bucket', 'application', 'version'],
+        }),
+        application: Flags.string({
+            char: 'a',
+            description: 'application name',
+            required: false,
+            exclusive: ['api-url'],
+        }),
+        version: Flags.string({
+            char: 'v',
+            description: 'application version',
+            required: false,
+            exclusive: ['api-url'],
+        }),
+        output: Flags.string({
+            char: 'o',
+            description: 'output format',
+            default: 'text',
+            options: ['text', 'json'],
+        }),
+        impersonate: Flags.string({
+            char: 'i',
+            description: 'impersonate organization',
+            required: false,
+            hidden: true,
+        }),
+        manifest: Flags.string({
+            char: 'M',
+            description: 'project manifest',
+            required: false,
+            default: 'raindrop.manifest',
+            hidden: true,
+        }),
+    };
+    async run() {
+        const { flags } = await this.parse(DeleteCredential);
+        // Validate that we have either api-url or bucket
+        if (!flags['api-url'] && !flags.bucket) {
+            this.error('Either --api-url or --bucket must be specified');
+        }
+        let apiUrl;
+        let bucketName;
+        if (flags['api-url']) {
+            // Direct API URL provided, skip discovery
+            apiUrl = flags['api-url'];
+        }
+        else {
+            // Need to discover the bucket
+            bucketName = flags.bucket;
+            // Get application info from flags or config/manifest
+            let applicationName = flags.application;
+            let applicationVersionId = flags.version;
+            if (!applicationVersionId) {
+                const config = await this.loadConfig();
+                applicationVersionId = config.versionId;
+            }
+            if (!applicationName) {
+                const apps = await this.loadManifest();
+                const app = apps[0];
+                if (app === undefined) {
+                    this.error('No application provided or found in manifest', { exit: 1 });
+                }
+                applicationName = valueOf(app.name);
+            }
+            // Query for the bucket module
+            const { client: catalogService, userId, organizationId: defaultOrganizationId } = await this.catalogService();
+            const organizationId = flags.impersonate ?? defaultOrganizationId;
+            const modulesResp = await catalogService.queryModules({
+                userId,
+                applicationName,
+                applicationVersionId,
+                organizationId,
+                moduleType: 'bucket',
+            });
+            // Find the specific bucket
+            const bucketModule = modulesResp.modules.find(m => m.name === bucketName && m.type === 'bucket');
+            if (!bucketModule) {
+                this.error(`Bucket '${bucketName}' not found in application ${applicationName}@${applicationVersionId}`);
+            }
+            // Extract the API URL from the bucket module
+            apiUrl = bucketModule.bucket?.s3?.apiUrl;
+            if (!apiUrl) {
+                this.error(`Bucket '${bucketName}' does not have an API URL configured`);
+            }
+        }
+        // Create the S3 credential service client
+        const { client: credentialService } = await this.bucketApiService(apiUrl);
+        try {
+            const response = await credentialService.deleteCredential({
+                accessKey: flags['access-key'],
+            });
+            // Output the result
+            if (flags.output === 'json') {
+                console.log(toJsonString(DeleteCredentialResponseSchema, response, { prettySpaces: 2 }));
+            }
+            else {
+                if (response.deleted) {
+                    console.log(`Successfully deleted credential '${flags['access-key']}'${bucketName ? ` from bucket '${bucketName}'` : ''}`);
+                }
+                else {
+                    console.log(`Credential '${flags['access-key']}' not found${bucketName ? ` in bucket '${bucketName}'` : ''}`);
+                }
+            }
+        }
+        catch (error) {
+            const err = error;
+            this.error(`Failed to delete credential: ${err.message}`);
+        }
+    }
+}

package/dist/commands/bucket/get-credential.d.ts

@@ -0,0 +1,24 @@
+import { BaseCommand } from '../../base-command.js';
+export default class GetCredential extends BaseCommand<typeof GetCredential> {
+    static description: string;
+    static examples: string[];
+    static flags: {
+        bucket: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        'access-key': import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        'api-url': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        application: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        version: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        output: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        impersonate: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        manifest: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        config: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        rainbowAuthService: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        raindropCatalogService: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        rainbowAuthToken: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        rainbowOrganizationId: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        rainbowUserId: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        sendVersionMetadata: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+}
+//# sourceMappingURL=get-credential.d.ts.map

package/dist/commands/bucket/get-credential.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-credential.d.ts","sourceRoot":"","sources":["../../../src/commands/bucket/get-credential.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAEpD,MAAM,CAAC,OAAO,OAAO,aAAc,SAAQ,WAAW,CAAC,OAAO,aAAa,CAAC;IAC1E,MAAM,CAAC,WAAW,SAA6C;IAE/D,MAAM,CAAC,QAAQ,WAOb;IAEF,MAAM,CAAC,KAAK;;;;;;;;;;;;;;;;MAgDV;IAEI,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;CA+F3B"}