@papercraneai/cli 1.9.0 → 1.9.1-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/dev-server.js +12 -1
- package/lib/resolver.js +22 -0
- package/package.json +1 -2
package/lib/dev-server.js
CHANGED
|
@@ -335,7 +335,18 @@ export async function generateScaffolding(workspaceDir, { npmInstall = false, ke
|
|
|
335
335
|
// NOTE: next is pinned to 16.1.7 in package.json. Next.js 16.2.0 introduced
|
|
336
336
|
// a cross-origin HMR block that breaks webpack-hmr over Daytona proxy domains.
|
|
337
337
|
// To upgrade past 16.1.7, add allowedDevOrigins: ['*.daytonaproxy01.net'] to
|
|
338
|
-
// the config below.
|
|
338
|
+
// the config below. A bare '*' does NOT work — Next's allowedDevOrigins only
|
|
339
|
+
// supports exact hosts or subdomain patterns like '*.domain.com' (see
|
|
340
|
+
// https://github.com/vercel/next.js/discussions/76999), so a true catch-all
|
|
341
|
+
// is not available and each preview domain must be enumerated.
|
|
342
|
+
//
|
|
343
|
+
// Security caveat for staying on 16.1.7: GHSA-q4gf-8mx6-v5v3 (CVE-2026-23869,
|
|
344
|
+
// CVSS 7.5) is a DoS in App Router Server Function deserialization that
|
|
345
|
+
// affects all 16.x < 16.2.3. The 16.1.x branch was NOT backported — only
|
|
346
|
+
// 15.5.15 and 16.2.3 are patched. Any unauthenticated POST to a Server
|
|
347
|
+
// Function endpoint can pin a worker's CPU. Acceptable for sandboxed dev
|
|
348
|
+
// environments behind Daytona proxy auth, but revisit before exposing
|
|
349
|
+
// dashboards on an untrusted network.
|
|
339
350
|
const nextConfig = `/** @type {import('next').NextConfig} */
|
|
340
351
|
const nextConfig = {
|
|
341
352
|
transpilePackages: ['@papercraneai/cli', '@papercrane/dashboard-grid'],
|
package/lib/resolver.js
CHANGED
|
@@ -307,6 +307,28 @@ export async function resolve(node, path, ctx, params, method, inheritedScopes)
|
|
|
307
307
|
return { ok: true, result };
|
|
308
308
|
} catch (err) {
|
|
309
309
|
const upstreamError = err.response?.data || err.response?.body;
|
|
310
|
+
|
|
311
|
+
// Google Ads API errors come as { errors: [{ message, error_code, location }], request_id }
|
|
312
|
+
if (err.errors?.length) {
|
|
313
|
+
const details = err.errors.map((e) => {
|
|
314
|
+
const fieldPath = e.location?.field_path_elements
|
|
315
|
+
?.map((f) => f.field_name + (f.index != null ? `[${f.index}]` : ''))
|
|
316
|
+
.join('.');
|
|
317
|
+
return {
|
|
318
|
+
message: e.message || 'Unknown error',
|
|
319
|
+
error_code: e.error_code,
|
|
320
|
+
field: fieldPath || undefined,
|
|
321
|
+
};
|
|
322
|
+
});
|
|
323
|
+
return {
|
|
324
|
+
ok: false,
|
|
325
|
+
error: details.map((d) => d.field ? `${d.message} (field: ${d.field})` : d.message).join('; '),
|
|
326
|
+
details,
|
|
327
|
+
request_id: err.request_id,
|
|
328
|
+
status: 400,
|
|
329
|
+
};
|
|
330
|
+
}
|
|
331
|
+
|
|
310
332
|
return {
|
|
311
333
|
ok: false,
|
|
312
334
|
error: upstreamError || (err instanceof Error ? err.message : 'Unknown error occurred'),
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@papercraneai/cli",
|
|
3
|
-
"version": "1.9.
|
|
3
|
+
"version": "1.9.1-beta.1",
|
|
4
4
|
"description": "CLI tool for managing OAuth credentials for LLM integrations",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"type": "module",
|
|
@@ -75,7 +75,6 @@
|
|
|
75
75
|
"https-proxy-agent": "^7.0.4",
|
|
76
76
|
"input-otp": "^1.4.2",
|
|
77
77
|
"jiti": "^2.4.2",
|
|
78
|
-
"inquirer": "^8.2.6",
|
|
79
78
|
"lucide-react": "^0.559.0",
|
|
80
79
|
"next": "16.1.7",
|
|
81
80
|
"next-themes": "^0.4.6",
|