@prisma/cli 3.0.0-alpha.2 → 3.0.0-alpha.3

package/dist/commands/app/index.js

@@ -4,7 +4,7 @@ import { configureRuntimeCommand } from "../../shell/runtime.js";
 import { PREVIEW_BUILD_TYPES } from "../../lib/app/preview-build.js";
 import { runAppBuild, runAppDeploy, runAppListDeploys, runAppListEnv, runAppLogs, runAppOpen, runAppPromote, runAppRemove, runAppRollback, runAppRun, runAppShow, runAppShowDeploy, runAppUpdateEnv } from "../../controllers/app.js";
 import { renderAppBuild, renderAppDeploy, renderAppListDeploys, renderAppListEnv, renderAppOpen, renderAppPromote, renderAppRemove, renderAppRollback, renderAppRun, renderAppShow, renderAppShowDeploy, renderAppUpdateEnv, serializeAppBuild, serializeAppDeploy, serializeAppListDeploys, serializeAppListEnv, serializeAppOpen, serializeAppPromote, serializeAppRemove, serializeAppRollback, serializeAppRun, serializeAppShow, serializeAppShowDeploy, serializeAppUpdateEnv } from "../../presenters/app.js";
-import { runCommand } from "../../shell/command-runner.js";
+import { runCommand, runStreamingCommand } from "../../shell/command-runner.js";
 import { Command, Option } from "commander";
 //#region src/commands/app/index.ts
 function createAppCommand(runtime) {
@@ -140,7 +140,7 @@ function createLogsCommand(runtime) {
 	command.action(async (options) => {
 		const appName = options.app;
 		const deploymentId = options.deployment;
-		await runCommand(runtime, "app.logs", options, (context) => runAppLogs(context, appName, deploymentId), { renderHuman: () => [] });
+		await runStreamingCommand(runtime, "app.logs", options, (context) => runAppLogs(context, appName, deploymentId));
 	});
 	return command;
 }

package/dist/commands/env.js

@@ -0,0 +1,71 @@
+import { attachCommandDescriptor } from "../shell/command-meta.js";
+import { addGlobalFlags } from "../shell/global-flags.js";
+import { configureRuntimeCommand } from "../shell/runtime.js";
+import { runCommand } from "../shell/command-runner.js";
+import { runEnvAdd, runEnvList, runEnvRm, runEnvUpdate } from "../controllers/app-env.js";
+import { renderEnvAdd, renderEnvList, renderEnvRm, renderEnvUpdate, serializeEnvAdd, serializeEnvList, serializeEnvRm, serializeEnvUpdate } from "../presenters/app-env.js";
+import { Command, Option } from "commander";
+//#region src/commands/env.ts
+function createEnvCommand(runtime) {
+	const env = attachCommandDescriptor(configureRuntimeCommand(new Command("env"), runtime), "project.env");
+	env.description("Manage environment variables for the linked project.");
+	env.addCommand(createEnvAddCommand(runtime));
+	env.addCommand(createEnvUpdateCommand(runtime));
+	env.addCommand(createEnvListCommand(runtime));
+	env.addCommand(createEnvRmCommand(runtime));
+	return env;
+}
+function createEnvAddCommand(runtime) {
+	const command = attachCommandDescriptor(configureRuntimeCommand(new Command("add"), runtime), "project.env.add");
+	command.argument("<assignment>", "Variable assignment in KEY=VALUE form").addOption(new Option("--role <role>", "Project template scope (production or preview)").choices(["production", "preview"]));
+	addGlobalFlags(command);
+	command.action(async (assignment, options) => {
+		const roleName = options.role;
+		await runCommand(runtime, "project.env.add", options, (context) => runEnvAdd(context, assignment, { roleName }), {
+			renderHuman: (context, descriptor, result) => renderEnvAdd(context, descriptor, result),
+			renderJson: (result) => serializeEnvAdd(result)
+		});
+	});
+	return command;
+}
+function createEnvUpdateCommand(runtime) {
+	const command = attachCommandDescriptor(configureRuntimeCommand(new Command("update"), runtime), "project.env.update");
+	command.argument("<assignment>", "Variable assignment in KEY=VALUE form").addOption(new Option("--role <role>", "Project template scope (production or preview)").choices(["production", "preview"]));
+	addGlobalFlags(command);
+	command.action(async (assignment, options) => {
+		const roleName = options.role;
+		await runCommand(runtime, "project.env.update", options, (context) => runEnvUpdate(context, assignment, { roleName }), {
+			renderHuman: (context, descriptor, result) => renderEnvUpdate(context, descriptor, result),
+			renderJson: (result) => serializeEnvUpdate(result)
+		});
+	});
+	return command;
+}
+function createEnvListCommand(runtime) {
+	const command = attachCommandDescriptor(configureRuntimeCommand(new Command("list"), runtime), "project.env.list");
+	command.addOption(new Option("--role <role>", "Project template scope").choices(["production", "preview"]));
+	addGlobalFlags(command);
+	command.action(async (options) => {
+		const roleName = options.role;
+		await runCommand(runtime, "project.env.list", options, (context) => runEnvList(context, { roleName }), {
+			renderHuman: (context, descriptor, result) => renderEnvList(context, descriptor, result),
+			renderJson: (result) => serializeEnvList(result)
+		});
+	});
+	return command;
+}
+function createEnvRmCommand(runtime) {
+	const command = attachCommandDescriptor(configureRuntimeCommand(new Command("rm"), runtime), "project.env.rm");
+	command.argument("<key>", "Variable key to remove").addOption(new Option("--role <role>", "Project template scope (production or preview)").choices(["production", "preview"]));
+	addGlobalFlags(command);
+	command.action(async (key, options) => {
+		const roleName = options.role;
+		await runCommand(runtime, "project.env.rm", options, (context) => runEnvRm(context, key, { roleName }), {
+			renderHuman: (context, descriptor, result) => renderEnvRm(context, descriptor, result),
+			renderJson: (result) => serializeEnvRm(result)
+		});
+	});
+	return command;
+}
+//#endregion
+export { createEnvCommand };

package/dist/commands/project/index.js

@@ -4,6 +4,7 @@ import { configureRuntimeCommand } from "../../shell/runtime.js";
 import { runCommand } from "../../shell/command-runner.js";
 import { runProjectLink, runProjectList, runProjectShow } from "../../controllers/project.js";
 import { renderProjectLink, renderProjectList, renderProjectShow, serializeProjectList } from "../../presenters/project.js";
+import { createEnvCommand } from "../env.js";
 import { Command } from "commander";
 //#region src/commands/project/index.ts
 function createProjectCommand(runtime) {
@@ -12,6 +13,7 @@ function createProjectCommand(runtime) {
 	project.addCommand(createProjectListCommand(runtime));
 	project.addCommand(createProjectShowCommand(runtime));
 	project.addCommand(createProjectLinkCommand(runtime));
+	project.addCommand(createEnvCommand(runtime));
 	return project;
 }
 function createProjectListCommand(runtime) {

package/dist/controllers/app-env.js

@@ -0,0 +1,221 @@
+import { readLinkedProjectId } from "../adapters/config.js";
+import { CliError, authRequiredError, usageError } from "../shell/errors.js";
+import { requireComputeAuth } from "../lib/auth/guard.js";
+import { formatScopeLabel, parseKeyValuePositional, resolveEnvScope } from "../lib/app/env-config.js";
+//#region src/controllers/app-env.ts
+function defaultRoleScope() {
+	return {
+		kind: "role",
+		role: "production"
+	};
+}
+async function runEnvAdd(context, rawAssignment, flags) {
+	const { key, value } = parseKeyValuePositional(rawAssignment, "add");
+	const scope = resolveEnvScope(flags, {
+		requireExplicit: true,
+		command: "add"
+	});
+	if (!scope) throw usageError(`prisma-cli project env add requires --role`, "Writing without an explicit scope is rejected.", "Pass --role production or --role preview.", [`prisma-cli project env add ${key}=${value} --role production`], "app");
+	const { client, projectId } = await requireClientAndProject(context);
+	const resolved = resolveScopeToApi(scope);
+	if (await findVariableByNaturalKey(client, projectId, key, resolved)) throw new CliError({
+		code: "ENV_VARIABLE_ALREADY_EXISTS",
+		domain: "app",
+		summary: `Variable "${key}" already exists in ${formatScopeLabel(scope)}`,
+		why: "A variable with this key already exists in the targeted scope.",
+		fix: "Use `prisma-cli project env update` to change an existing variable's value.",
+		exitCode: 1,
+		nextSteps: [`prisma-cli project env update ${key}=<new-value> --role ${scope.role}`]
+	});
+	const { data, error, response } = await client.POST("/v1/environment-variables", { body: {
+		projectId,
+		class: resolved.apiTarget.class,
+		key,
+		value
+	} });
+	if (error || !data) throw apiCallError(`Failed to add ${key}`, response, error);
+	return {
+		command: "project.env.add",
+		result: {
+			projectId,
+			scope: resolved.descriptor,
+			variable: toMetadata(data.data, resolved.descriptor)
+		},
+		warnings: [],
+		nextSteps: []
+	};
+}
+async function runEnvUpdate(context, rawAssignment, flags) {
+	const { key, value } = parseKeyValuePositional(rawAssignment, "update");
+	const scope = resolveEnvScope(flags, {
+		requireExplicit: true,
+		command: "update"
+	});
+	if (!scope) throw usageError(`prisma-cli project env update requires --role`, "Writing without an explicit scope is rejected.", "Pass --role production or --role preview.", [`prisma-cli project env update ${key}=${value} --role production`], "app");
+	const { client, projectId } = await requireClientAndProject(context);
+	const resolved = resolveScopeToApi(scope);
+	const existing = await findVariableByNaturalKey(client, projectId, key, resolved);
+	if (!existing) throw new CliError({
+		code: "ENV_VARIABLE_NOT_FOUND",
+		domain: "app",
+		summary: `Variable "${key}" not found in ${formatScopeLabel(scope)}`,
+		why: "No variable with this key exists in the targeted scope.",
+		fix: "Use `prisma-cli project env add` to create a new variable.",
+		exitCode: 1,
+		nextSteps: [`prisma-cli project env add ${key}=<value> --role ${scope.role}`]
+	});
+	const { data, error, response } = await client.PATCH("/v1/environment-variables/{envVarId}", {
+		params: { path: { envVarId: existing.id } },
+		body: { value }
+	});
+	if (error || !data) throw apiCallError(`Failed to update value for ${key}`, response, error);
+	return {
+		command: "project.env.update",
+		result: {
+			projectId,
+			scope: resolved.descriptor,
+			variable: toMetadata(data.data, resolved.descriptor)
+		},
+		warnings: [],
+		nextSteps: []
+	};
+}
+async function runEnvList(context, flags) {
+	const scope = resolveEnvScope(flags, {
+		requireExplicit: false,
+		command: "list"
+	}) ?? defaultRoleScope();
+	const { client, projectId } = await requireClientAndProject(context);
+	const resolved = resolveScopeToApi(scope);
+	const variables = await listVariables(client, projectId, resolved);
+	return {
+		command: "project.env.list",
+		result: {
+			projectId,
+			scope: resolved.descriptor,
+			variables: variables.map((row) => toMetadata(row, resolved.descriptor))
+		},
+		warnings: [],
+		nextSteps: variables.length === 0 ? [`prisma-cli project env add KEY=value --role ${scope.role}`] : []
+	};
+}
+async function runEnvRm(context, key, flags) {
+	if (!key) throw usageError("prisma-cli project env rm requires KEY", "No KEY positional argument was supplied.", "Pass the variable name to remove, e.g. STRIPE_KEY.", ["prisma-cli project env rm STRIPE_KEY --role production"], "app");
+	const scope = resolveEnvScope(flags, {
+		requireExplicit: true,
+		command: "rm"
+	});
+	if (!scope) throw usageError("prisma-cli project env rm requires --role", "Writing without an explicit scope is rejected.", "Pass --role production or --role preview.", [`prisma-cli project env rm ${key} --role production`], "app");
+	const { client, projectId } = await requireClientAndProject(context);
+	const resolved = resolveScopeToApi(scope);
+	const existing = await findVariableByNaturalKey(client, projectId, key, resolved);
+	if (!existing) throw new CliError({
+		code: "ENV_VARIABLE_NOT_FOUND",
+		domain: "app",
+		summary: `Variable "${key}" not found in ${formatScopeLabel(scope)}`,
+		why: "No variable with this key exists in the targeted scope, so there is nothing to remove.",
+		fix: "Run prisma-cli project env list with the same scope to see the available variables.",
+		exitCode: 1,
+		nextSteps: [`prisma-cli project env list --role ${scope.role}`]
+	});
+	const { error, response } = await client.DELETE("/v1/environment-variables/{envVarId}", { params: { path: { envVarId: existing.id } } });
+	if (error) throw apiCallError(`Failed to remove ${key}`, response, error);
+	return {
+		command: "project.env.rm",
+		result: {
+			projectId,
+			scope: resolved.descriptor,
+			key
+		},
+		warnings: [],
+		nextSteps: []
+	};
+}
+async function requireClientAndProject(context) {
+	const projectId = await readLinkedProjectId(context.runtime.cwd);
+	if (!projectId) throw new CliError({
+		code: "PROJECT_NOT_LINKED",
+		domain: "project",
+		summary: "Project link required",
+		why: "prisma-cli project env needs a linked project for the current repo.",
+		fix: "Run prisma project link before managing environment variables.",
+		exitCode: 1,
+		nextSteps: ["prisma project link"]
+	});
+	const client = await requireComputeAuth(context.runtime.env);
+	if (!client) throw authRequiredError(["prisma auth login"]);
+	return {
+		client,
+		projectId
+	};
+}
+function resolveScopeToApi(scope) {
+	return {
+		scope,
+		descriptor: {
+			kind: "role",
+			role: scope.role
+		},
+		apiTarget: {
+			class: scope.role,
+			branchId: null
+		}
+	};
+}
+async function findVariableByNaturalKey(client, projectId, key, resolved) {
+	const { data, error, response } = await client.GET("/v1/environment-variables", { params: { query: {
+		projectId,
+		class: resolved.apiTarget.class,
+		key
+	} } });
+	if (error || !data) throw apiCallError(`Failed to look up ${key}`, response, error);
+	return data.data.filter((row) => rowMatchesScope(row, resolved))[0] ?? null;
+}
+async function listVariables(client, projectId, resolved) {
+	const collected = [];
+	let cursor;
+	while (true) {
+		const query = {
+			projectId,
+			class: resolved.apiTarget.class
+		};
+		if (cursor !== void 0) query.cursor = cursor;
+		const result = await client.GET("/v1/environment-variables", { params: { query } });
+		if (result.error || !result.data) throw apiCallError(`Failed to list environment variables`, result.response, result.error);
+		const page = result.data.data.filter((row) => rowMatchesScope(row, resolved));
+		collected.push(...page);
+		if (!result.data.pagination.hasMore || !result.data.pagination.nextCursor) break;
+		cursor = result.data.pagination.nextCursor;
+	}
+	return collected;
+}
+function rowMatchesScope(row, resolved) {
+	return row.branchId === null && row.class === resolved.apiTarget.class;
+}
+function toMetadata(row, scope) {
+	return {
+		id: row.id,
+		key: row.key,
+		scope,
+		isManagedBySystem: row.isManagedBySystem,
+		updatedAt: row.updatedAt
+	};
+}
+function apiCallError(summary, response, error) {
+	const status = response?.status ?? 0;
+	const apiCode = error?.error?.code;
+	const apiMessage = error?.error?.message;
+	const apiHint = error?.error?.hint;
+	if (status === 401 || status === 403) return authRequiredError(["prisma auth login"]);
+	return new CliError({
+		code: apiCode ?? "ENV_API_ERROR",
+		domain: "app",
+		summary,
+		why: apiMessage ?? `The Management API returned status ${status || "unknown"}.`,
+		fix: apiHint ?? "Re-run with --trace for the underlying API response details.",
+		exitCode: 1,
+		nextSteps: []
+	});
+}
+//#endregion
+export { runEnvAdd, runEnvList, runEnvRm, runEnvUpdate };

package/dist/controllers/app.js

@@ -1,5 +1,9 @@
 import { UnsafeConfigWriteError, assertLinkedProjectIdWritable, readLinkedProjectId, writeLinkedProjectId } from "../adapters/config.js";
+import { SERVICE_TOKEN_ENV_VAR, getApiBaseUrl } from "../lib/auth/client.js";
+import { FileTokenStorage } from "../adapters/token-storage.js";
 import { CliError, authRequiredError, featureUnavailableError, usageError } from "../shell/errors.js";
+import { renderCommandHeader } from "../shell/ui.js";
+import { writeJsonEvent } from "../shell/output.js";
 import { canPrompt } from "../shell/runtime.js";
 import { textPrompt } from "../shell/prompt.js";
 import { requireComputeAuth } from "../lib/auth/guard.js";
@@ -118,6 +122,7 @@ async function runAppDeploy(context, appName, options) {
 }
 async function runAppUpdateEnv(context, appName, envAssignments) {
 	ensurePreviewAppMode(context);
+	emitLegacyEnvDeprecationWarning(context, "app update-env", "project env add");
 	const envVars = parseEnvAssignments(envAssignments, {
 		commandName: "update-env",
 		requireAtLeastOne: true
@@ -160,6 +165,7 @@ async function runAppUpdateEnv(context, appName, envAssignments) {
 }
 async function runAppListEnv(context, appName) {
 	ensurePreviewAppMode(context);
+	emitLegacyEnvDeprecationWarning(context, "app list-env", "project env list");
 	const projectId = await requireLinkedProjectId(context);
 	const provider = await requirePreviewAppProvider(context);
 	const selectedApp = await resolveExistingAppSelection(context, projectId, await listApps(context, provider, projectId), appName);
@@ -395,9 +401,130 @@ async function runAppOpen(context, appName) {
 		nextSteps: ["prisma-cli app show", `prisma-cli app show-deploy ${liveDeployment.id}`]
 	};
 }
-async function runAppLogs(context, _appName, _deploymentId) {
+async function runAppLogs(context, appName, deploymentId) {
 	ensurePreviewAppMode(context);
-	throw blockedPreviewAppCommandError("App logs are not available in this preview", "The current preview cannot stream app logs yet.");
+	const projectId = await requireLinkedProjectId(context);
+	const provider = await requirePreviewAppProvider(context);
+	const target = deploymentId ? await resolveExplicitLogDeployment(context, provider, projectId, appName, deploymentId) : await resolveLiveLogDeployment(context, provider, projectId, appName);
+	if (!context.flags.json && !context.flags.quiet) {
+		const lines = renderCommandHeader(context.ui, {
+			commandLabel: "app logs",
+			description: "Streaming logs for the selected deployment.",
+			docsPath: "docs/product/command-spec.md#prisma-cli-app-logs---app-name---deployment-id",
+			rows: [
+				{
+					key: "project",
+					value: projectId
+				},
+				{
+					key: "app",
+					value: target.app.name
+				},
+				{
+					key: "deployment",
+					value: target.deployment.id
+				}
+			]
+		});
+		if (lines.length > 0) context.output.stderr.write(`${lines.join("\n")}\n`);
+	}
+	await provider.streamDeploymentLogs({
+		deploymentId: target.deployment.id,
+		onRecord: (record) => writeLogRecord(context, record)
+	}).catch((error) => {
+		throw deployFailedError("Failed to stream app logs", error, [`prisma-cli app show-deploy ${target.deployment.id}`, "prisma-cli app list-deploys"]);
+	});
+}
+async function resolveExplicitLogDeployment(context, provider, projectId, appName, deploymentId) {
+	if (appName) {
+		const selectedApp = await resolveExistingAppSelection(context, projectId, await listApps(context, provider, projectId), appName);
+		if (!selectedApp) throw noDeploymentsError("No deployments available to stream logs", "The linked project does not have any deployed app yet.");
+		const deploymentsResult = await provider.listDeployments(selectedApp.id).catch((error) => {
+			throw deployFailedError("Failed to list app deployments", error, ["prisma-cli app list-deploys"]);
+		});
+		const deployment = requireDeploymentForApp(deploymentsResult.deployments, deploymentId, selectedApp.name);
+		await context.stateStore.setSelectedApp(projectId, {
+			id: deploymentsResult.app.id,
+			name: deploymentsResult.app.name
+		});
+		return {
+			app: deploymentsResult.app,
+			deployment
+		};
+	}
+	const shown = await provider.showDeployment(deploymentId).catch((error) => {
+		throw deployFailedError("Failed to show deployment", error, ["prisma-cli app list-deploys"]);
+	});
+	if (!shown) throw new CliError({
+		code: "DEPLOYMENT_NOT_FOUND",
+		domain: "app",
+		summary: `Deployment "${deploymentId}" not found`,
+		why: "The requested deployment does not exist or is no longer available.",
+		fix: "Run prisma-cli app list-deploys to choose an available deployment id.",
+		exitCode: 1,
+		nextSteps: ["prisma-cli app list-deploys"]
+	});
+	if (!shown.app) throw new CliError({
+		code: "DEPLOYMENT_NOT_FOUND",
+		domain: "app",
+		summary: `Deployment "${deploymentId}" is not attached to an app`,
+		why: "The requested deployment could be found, but its app could not be resolved.",
+		fix: "Run prisma-cli app list-deploys to choose an available deployment id for the selected app.",
+		exitCode: 1,
+		nextSteps: ["prisma-cli app list-deploys"]
+	});
+	const linkedProjectApp = (await listApps(context, provider, projectId)).find((app) => app.id === shown.app?.id);
+	if (!linkedProjectApp) throw new CliError({
+		code: "DEPLOYMENT_NOT_FOUND",
+		domain: "app",
+		summary: `Deployment "${deploymentId}" not found in the linked project`,
+		why: "The requested deployment does not belong to an app in the linked project.",
+		fix: "Run prisma-cli app list-deploys to choose an available deployment id for this project.",
+		exitCode: 1,
+		nextSteps: ["prisma-cli app list-deploys"]
+	});
+	await context.stateStore.setSelectedApp(projectId, {
+		id: linkedProjectApp.id,
+		name: linkedProjectApp.name
+	});
+	return {
+		app: linkedProjectApp,
+		deployment: shown.deployment
+	};
+}
+async function resolveLiveLogDeployment(context, provider, projectId, appName) {
+	const selectedApp = await resolveExistingAppSelection(context, projectId, await listApps(context, provider, projectId), appName);
+	if (!selectedApp) throw noDeploymentsError("No deployments available to stream logs", "The linked project does not have any deployed app yet.");
+	const deploymentsResult = await provider.listDeployments(selectedApp.id).catch((error) => {
+		throw deployFailedError("Failed to list app deployments", error, ["prisma-cli app list-deploys"]);
+	});
+	const currentLiveDeploymentId = await resolveCurrentLiveDeploymentId(context, projectId, deploymentsResult.app, deploymentsResult.deployments);
+	const deployments = applyLiveDeploymentHint(deploymentsResult.deployments, currentLiveDeploymentId);
+	const deployment = currentLiveDeploymentId ? deployments.find((candidate) => candidate.id === currentLiveDeploymentId) ?? null : null;
+	await context.stateStore.setSelectedApp(projectId, {
+		id: deploymentsResult.app.id,
+		name: deploymentsResult.app.name
+	});
+	if (!deployment) throw noDeploymentsError("No deployments available to stream logs", `The selected app "${deploymentsResult.app.name}" does not have any deployments yet.`);
+	return {
+		app: deploymentsResult.app,
+		deployment
+	};
+}
+function writeLogRecord(context, record) {
+	if (context.flags.json) {
+		writeJsonEvent(context.output, {
+			type: record.type,
+			command: "app.logs",
+			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+			data: record
+		});
+		return;
+	}
+	if (record.type === "log") {
+		context.output.stdout.write(record.text);
+		if (!record.text.endsWith("\n")) context.output.stdout.write("\n");
+	}
 }
 async function runAppPromote(context, deploymentId, appName) {
 	ensurePreviewAppMode(context);
@@ -658,7 +785,23 @@ async function listApps(context, provider, projectId) {
 async function requirePreviewAppProvider(context) {
 	const client = await requireComputeAuth(context.runtime.env);
 	if (!client) throw authRequiredError(["prisma-cli auth login"]);
-	return createPreviewAppProvider(client);
+	return createPreviewAppProvider(client, createPreviewLogAuthOptions(context.runtime.env));
+}
+function createPreviewLogAuthOptions(env) {
+	const rawToken = env[SERVICE_TOKEN_ENV_VAR]?.trim();
+	if (rawToken) return {
+		baseUrl: getApiBaseUrl(env),
+		getToken: async () => rawToken
+	};
+	const tokenStorage = new FileTokenStorage(env);
+	return {
+		baseUrl: getApiBaseUrl(env),
+		getToken: async () => {
+			const tokens = await tokenStorage.getTokens();
+			if (!tokens) throw new Error("Authentication token is no longer available. Run prisma-cli auth login and try again.");
+			return tokens.accessToken;
+		}
+	};
 }
 async function requireLinkedProjectId(context) {
 	const projectId = await readLinkedProjectId(context.runtime.cwd);
@@ -734,9 +877,6 @@ function ensurePreviewAppMode(context) {
 	if (isRealMode(context)) return;
 	throw featureUnavailableError("App commands are not available in fixture mode", "Preview app commands require live app deployment integration.", "Rerun without fixture mode enabled to use preview app deployment workflows.", ["prisma-cli auth login", "prisma-cli project link"], "app");
 }
-function blockedPreviewAppCommandError(summary, why) {
-	return featureUnavailableError(summary, why, "Use prisma-cli app show, prisma-cli app open, prisma-cli app deploy, or prisma-cli app list-deploys in the current preview.", ["prisma-cli app show", "prisma-cli app list-deploys"], "app");
-}
 function deployFailedError(summary, error, nextSteps) {
 	return new CliError({
 		code: "DEPLOY_FAILED",
@@ -830,5 +970,21 @@ function sortApps(apps) {
 function toOptionalEnvVars(envVars) {
 	return Object.keys(envVars).length > 0 ? envVars : void 0;
 }
+/**
+* Emits a deprecation banner to stderr when the legacy single-shot
+* env-var commands are invoked. The banner is suppressed in --json
+* mode so machine consumers keep their JSON channel clean; --json
+* users discover the deprecation via release notes and the new
+* `prisma-cli project env` namespace's output anyway.
+*
+* Removal of these legacy commands is deliberately scoped out of the
+* Public Beta — see the Compute Beta plan, sub-track 3B.1, where the
+* Terminal team picks an explicit removal milestone.
+*/
+function emitLegacyEnvDeprecationWarning(context, legacyCommand, replacement) {
+	if (context.flags.json) return;
+	const message = `[deprecation] \`prisma-cli ${legacyCommand}\` is deprecated. Use \`prisma-cli ${replacement}\` instead.`;
+	context.runtime.stderr.write(`${message}\n`);
+}
 //#endregion
 export { runAppBuild, runAppDeploy, runAppListDeploys, runAppListEnv, runAppLogs, runAppOpen, runAppPromote, runAppRemove, runAppRollback, runAppRun, runAppShow, runAppShowDeploy, runAppUpdateEnv };

package/dist/lib/app/env-config.js

@@ -0,0 +1,46 @@
+import { usageError } from "../../shell/errors.js";
+//#region src/lib/app/env-config.ts
+const VALID_ROLES = new Set(["production", "preview"]);
+function positionalHint(command) {
+	if (command === "add" || command === "update") return "KEY=value ";
+	if (command === "rm") return "KEY ";
+	return "";
+}
+function resolveEnvScope(flags, options) {
+	if (flags.roleName) {
+		if (!VALID_ROLES.has(flags.roleName)) throw usageError(`Unknown role "${flags.roleName}"`, "--role accepts production or preview.", "Pass --role production or --role preview.", [`prisma-cli project env ${options.command} --role production`, `prisma-cli project env ${options.command} --role preview`], "app");
+		return {
+			kind: "role",
+			role: flags.roleName
+		};
+	}
+	if (options.requireExplicit) {
+		const positional = positionalHint(options.command);
+		throw usageError(`prisma-cli project env ${options.command} requires --role`, "Writing without an explicit scope is rejected so the command never silently targets production.", "Pass --role production or --role preview.", [`prisma-cli project env ${options.command} ${positional}--role production`, `prisma-cli project env ${options.command} ${positional}--role preview`], "app");
+	}
+	return null;
+}
+function parseKeyValuePositional(raw, command) {
+	if (!raw) throw usageError(`prisma-cli project env ${command} requires KEY=VALUE`, "No KEY=VALUE positional argument was supplied.", "Pass the variable as KEY=VALUE, e.g. STRIPE_KEY=sk_test_xxx.", [`prisma-cli project env ${command} STRIPE_KEY=sk_test_xxx --role production`], "app");
+	const separatorIndex = raw.indexOf("=");
+	if (separatorIndex === -1) throw usageError(`KEY=VALUE argument is missing the = separator`, `"${raw}" does not contain an = character.`, "Pass the variable as KEY=VALUE, e.g. STRIPE_KEY=sk_test_xxx.", [`prisma-cli project env ${command} STRIPE_KEY=sk_test_xxx --role production`], "app");
+	const key = raw.slice(0, separatorIndex);
+	const value = raw.slice(separatorIndex + 1);
+	validateKey(key, command);
+	if (value.length === 0) throw usageError(`KEY=VALUE argument has an empty value`, `"${raw}" has an empty value after the = separator.`, `Pass a non-empty value, or use prisma-cli project env rm to remove a variable.`, [`prisma-cli project env ${command} ${key}=value --role production`], "app");
+	return {
+		key,
+		value
+	};
+}
+const KEY_SHAPE = /^[A-Z_][A-Z0-9_]*$/;
+function validateKey(key, command) {
+	if (key.length === 0) throw usageError(`Variable key cannot be empty`, "An empty key was passed.", "Pass an env-var key, e.g. STRIPE_KEY.", [`prisma-cli project env ${command} STRIPE_KEY${command === "rm" ? "" : "=value"} --role production`], "app");
+	if (key.length > 256) throw usageError(`Variable key "${key}" exceeds the 256-character limit`, "Env-var keys are capped at 256 characters by the platform.", "Use a shorter key.", [], "app");
+	if (!KEY_SHAPE.test(key)) throw usageError(`Variable key "${key}" must match the POSIX env-var shape`, "Keys must start with an uppercase letter or underscore and contain only uppercase letters, digits, and underscores.", "Rename the key to match [A-Z_][A-Z0-9_]*.", [`prisma-cli project env ${command} STRIPE_KEY${command === "rm" ? "" : "=value"} --role production`], "app");
+}
+function formatScopeLabel(scope) {
+	return scope.role;
+}
+//#endregion
+export { formatScopeLabel, parseKeyValuePositional, resolveEnvScope };

package/dist/lib/app/preview-provider.js

@@ -1,9 +1,9 @@
 import { envVarNames } from "./env-vars.js";
 import { PreviewBuildStrategy } from "./preview-build.js";
 import path from "node:path";
-import { ApiError, ComputeClient } from "@prisma/compute-sdk";
+import { ApiError, CancelledError, ComputeClient, streamLogs } from "@prisma/compute-sdk";
 //#region src/lib/app/preview-provider.ts
-function createPreviewAppProvider(client) {
+function createPreviewAppProvider(client, options) {
 	const sdk = new ComputeClient(client);
 	return {
 		async createProject(options) {
@@ -197,6 +197,19 @@ function createPreviewAppProvider(client) {
 					live: null
 				}
 			};
+		},
+		async streamDeploymentLogs(streamOptions) {
+			if (!options?.baseUrl || !options.getToken) throw new Error("Log streaming requires an authenticated API base URL and token.");
+			const result = await streamLogs({
+				baseUrl: options.baseUrl,
+				token: await options.getToken(),
+				versionId: streamOptions.deploymentId,
+				signal: streamOptions.signal
+			}, streamOptions.onRecord);
+			if (result.isErr()) {
+				if (CancelledError.is(result.error)) return;
+				throw result.error;
+			}
 		}
 	};
 }

package/dist/lib/auth/auth-ops.js

@@ -11,6 +11,10 @@ function decodeJwtPayload(token) {
 		return {};
 	}
 }
+function emailFromClaims(claims) {
+	const email = claims.email;
+	return typeof email === "string" && email.trim().length > 0 ? email.trim() : null;
+}
 async function performLogin(env) {
 	await login({
 		tokenStorage: new FileTokenStorage(env),
@@ -26,7 +30,7 @@ async function readAuthState(env) {
 		workspace: null,
 		linkedProjectId: null
 	};
-	const claims = decodeJwtPayload(tokens.accessToken);
+	const email = emailFromClaims(decodeJwtPayload(tokens.accessToken));
 	const client = await requireComputeAuth(env);
 	let workspaceId = tokens.workspaceId;
 	let workspaceName = tokens.workspaceId;
@@ -38,11 +42,7 @@ async function readAuthState(env) {
 	return {
 		authenticated: true,
 		provider: null,
-		user: {
-			id: claims.sub ?? "",
-			name: claims.name ?? "",
-			email: claims.email ?? ""
-		},
+		user: email ? { email } : null,
 		workspace: {
 			id: workspaceId,
 			name: workspaceName

package/dist/output/patterns.js

@@ -1,5 +1,5 @@
-import { formatDescriptorLabel } from "../shell/command-meta.js";
 import { maskValue, padDisplay, renderSummaryLine } from "../shell/ui.js";
+import { formatDescriptorLabel } from "../shell/command-meta.js";
 import stringWidth from "string-width";
 //#region src/output/patterns.ts
 function renderList(input, ui) {

package/dist/presenters/app-env.js

@@ -0,0 +1,129 @@
+import { renderList, renderShow, serializeList } from "../output/patterns.js";
+//#region src/presenters/app-env.ts
+function scopeLabel(scope) {
+	return scope.role;
+}
+function renderEnvAdd(context, descriptor, result) {
+	return renderShow({
+		title: "Setting a new environment variable.",
+		descriptor,
+		fields: [
+			{
+				key: "project",
+				value: result.projectId
+			},
+			{
+				key: "scope",
+				value: scopeLabel(result.scope)
+			},
+			{
+				key: "key",
+				value: result.variable.key
+			},
+			{
+				key: "id",
+				value: result.variable.id,
+				tone: "dim"
+			},
+			{
+				key: "last updated",
+				value: result.variable.updatedAt,
+				tone: "dim"
+			}
+		]
+	}, context.ui);
+}
+function serializeEnvAdd(result) {
+	return result;
+}
+function renderEnvUpdate(context, descriptor, result) {
+	return renderShow({
+		title: "Replacing the environment variable's value.",
+		descriptor,
+		fields: [
+			{
+				key: "project",
+				value: result.projectId
+			},
+			{
+				key: "scope",
+				value: scopeLabel(result.scope)
+			},
+			{
+				key: "key",
+				value: result.variable.key
+			},
+			{
+				key: "id",
+				value: result.variable.id,
+				tone: "dim"
+			},
+			{
+				key: "last updated",
+				value: result.variable.updatedAt,
+				tone: "dim"
+			}
+		]
+	}, context.ui);
+}
+function serializeEnvUpdate(result) {
+	return result;
+}
+function renderEnvList(context, descriptor, result) {
+	return renderList({
+		title: "Listing environment variables for the selected scope.",
+		descriptor,
+		parentContext: {
+			key: "scope",
+			value: scopeLabel(result.scope)
+		},
+		items: result.variables.map((variable) => ({
+			noun: "variable",
+			label: variable.key,
+			id: variable.id,
+			status: variable.isManagedBySystem ? "default" : null
+		})),
+		emptyMessage: "No environment variables defined in this scope."
+	}, context.ui);
+}
+function serializeEnvList(result) {
+	return {
+		projectId: result.projectId,
+		scope: result.scope,
+		...serializeList({
+			context: { scope: scopeLabel(result.scope) },
+			items: result.variables.map((variable) => ({
+				noun: "variable",
+				label: variable.key,
+				id: variable.id,
+				status: variable.isManagedBySystem ? "default" : null
+			}))
+		}),
+		variables: result.variables
+	};
+}
+function renderEnvRm(context, descriptor, result) {
+	return renderShow({
+		title: "Removing the environment variable from the scope.",
+		descriptor,
+		fields: [
+			{
+				key: "project",
+				value: result.projectId
+			},
+			{
+				key: "scope",
+				value: scopeLabel(result.scope)
+			},
+			{
+				key: "key",
+				value: result.key
+			}
+		]
+	}, context.ui);
+}
+function serializeEnvRm(result) {
+	return result;
+}
+//#endregion
+export { renderEnvAdd, renderEnvList, renderEnvRm, renderEnvUpdate, serializeEnvAdd, serializeEnvList, serializeEnvRm, serializeEnvUpdate };

package/dist/presenters/auth.js

@@ -9,7 +9,7 @@ function renderAuthSuccess(context, descriptor, command, result) {
 		});
 		if (result.user) rows.push({
 			key: "user",
-			value: `${result.user.name} <${result.user.email}>`
+			value: result.user.email
 		});
 		if (result.workspace?.name) rows.push({
 			key: "workspace",
@@ -47,7 +47,7 @@ function renderAuthSuccess(context, descriptor, command, result) {
 			},
 			...result.user ? [{
 				key: "user",
-				value: `${result.user.name} <${result.user.email}>`
+				value: result.user.email
 			}] : [],
 			...result.provider ? [{
 				key: "provider",

package/dist/shell/command-meta.js

@@ -260,6 +260,64 @@ const DESCRIPTORS = [
 		],
 		description: "Remove the app from the current branch",
 		examples: ["prisma-cli app remove --app hello-world", "prisma-cli app remove --app hello-world --yes"]
+	},
+	{
+		id: "project.env",
+		path: [
+			"prisma",
+			"project",
+			"env"
+		],
+		description: "Manage environment variables for the linked project.",
+		examples: [
+			"prisma-cli project env list --role production",
+			"prisma-cli project env add STRIPE_KEY=sk_test_xxx --role production",
+			"prisma-cli project env rm STRIPE_KEY --role preview"
+		]
+	},
+	{
+		id: "project.env.add",
+		path: [
+			"prisma",
+			"project",
+			"env",
+			"add"
+		],
+		description: "Create a new environment variable.",
+		examples: ["prisma-cli project env add STRIPE_KEY=sk_test_xxx --role production", "prisma-cli project env add STRIPE_KEY=sk_test_xxx --role preview"]
+	},
+	{
+		id: "project.env.update",
+		path: [
+			"prisma",
+			"project",
+			"env",
+			"update"
+		],
+		description: "Replace an existing environment variable's value.",
+		examples: ["prisma-cli project env update STRIPE_KEY=sk_new_xxx --role production", "prisma-cli project env update STRIPE_KEY=sk_new_xxx --role preview"]
+	},
+	{
+		id: "project.env.list",
+		path: [
+			"prisma",
+			"project",
+			"env",
+			"list"
+		],
+		description: "List environment variable metadata for a scope (no values).",
+		examples: ["prisma-cli project env list --role production", "prisma-cli project env list --role preview"]
+	},
+	{
+		id: "project.env.rm",
+		path: [
+			"prisma",
+			"project",
+			"env",
+			"rm"
+		],
+		description: "Remove an environment variable from a scope.",
+		examples: ["prisma-cli project env rm STRIPE_KEY --role production", "prisma-cli project env rm STRIPE_KEY --role preview"]
 	}
 ];
 const DESCRIPTORS_BY_ID = new Map(DESCRIPTORS.map((descriptor) => [descriptor.id, descriptor]));

package/dist/shell/command-runner.js

@@ -1,8 +1,8 @@
 import { CliError } from "./errors.js";
+import { cliErrorToJson, writeHumanError, writeHumanLines, writeJsonError, writeJsonEvent, writeJsonSuccess } from "./output.js";
 import { getCommandDescriptor } from "./command-meta.js";
 import { resolveGlobalFlags } from "./global-flags.js";
 import { createCommandContext } from "./runtime.js";
-import { writeHumanError, writeHumanLines, writeJsonError, writeJsonSuccess } from "./output.js";
 //#region src/shell/command-runner.ts
 async function runCommand(runtime, commandName, options, handler, presenter) {
 	const flags = resolveGlobalFlags(runtime.argv, options);
@@ -29,5 +29,35 @@ async function runCommand(runtime, commandName, options, handler, presenter) {
 		throw error;
 	}
 }
+async function runStreamingCommand(runtime, commandName, options, handler) {
+	const flags = resolveGlobalFlags(runtime.argv, options);
+	const context = await createCommandContext(runtime, flags);
+	try {
+		await handler(context);
+		if (flags.json) writeJsonEvent(context.output, {
+			type: "success",
+			command: commandName,
+			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+			result: null,
+			warnings: [],
+			nextSteps: []
+		});
+	} catch (error) {
+		if (error instanceof CliError) {
+			if (flags.json) writeJsonEvent(context.output, {
+				type: "error",
+				command: commandName,
+				timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+				error: cliErrorToJson(error),
+				warnings: [],
+				nextSteps: error.nextSteps
+			});
+			else writeHumanError(context.output, context.ui, error, { trace: flags.trace });
+			process.exitCode = error.exitCode;
+			return;
+		}
+		throw error;
+	}
+}
 //#endregion
-export { runCommand };
+export { runCommand, runStreamingCommand };

package/dist/shell/help.js

@@ -1,6 +1,6 @@
+import { createShellUi, padDisplay, wrapText } from "./ui.js";
 import { formatDescriptorLabel, getDescriptorForCommand } from "./command-meta.js";
 import { COMPACT_GLOBAL_OPTION_FLAGS, resolveGlobalFlags } from "./global-flags.js";
-import { createShellUi, padDisplay, wrapText } from "./ui.js";
 //#region src/shell/help.ts
 function renderHelp(command, runtime) {
 	const descriptor = getDescriptorForCommand(command);

package/dist/shell/output.js

@@ -6,21 +6,27 @@ function writeJsonSuccess(output, success) {
 		...success
 	}, null, 2)}\n`);
 }
+function writeJsonEvent(output, event) {
+	output.stdout.write(`${JSON.stringify(event)}\n`);
+}
+function cliErrorToJson(error) {
+	return {
+		code: error.code,
+		domain: error.domain,
+		severity: error.severity,
+		summary: error.summary,
+		why: error.why,
+		fix: error.fix,
+		where: error.where,
+		meta: error.meta,
+		docsUrl: error.docsUrl
+	};
+}
 function writeJsonError(output, command, error) {
 	output.stdout.write(`${JSON.stringify({
 		ok: false,
 		command,
-		error: {
-			code: error.code,
-			domain: error.domain,
-			severity: error.severity,
-			summary: error.summary,
-			why: error.why,
-			fix: error.fix,
-			where: error.where,
-			meta: error.meta,
-			docsUrl: error.docsUrl
-		},
+		error: cliErrorToJson(error),
 		warnings: [],
 		nextSteps: error.nextSteps
 	}, null, 2)}\n`);
@@ -51,4 +57,4 @@ function writeHumanError(output, ui, error, options) {
 	writeHumanLines(output, lines);
 }
 //#endregion
-export { writeHumanError, writeHumanLines, writeJsonError, writeJsonSuccess };
+export { cliErrorToJson, writeHumanError, writeHumanLines, writeJsonError, writeJsonEvent, writeJsonSuccess };

package/dist/shell/runtime.js

@@ -1,6 +1,6 @@
+import { createShellUi } from "./ui.js";
 import { LocalStateStore } from "../adapters/local-state.js";
 import { MockApi } from "../adapters/mock-api.js";
-import { createShellUi } from "./ui.js";
 import { renderHelp } from "./help.js";
 import path from "node:path";
 //#region src/shell/runtime.ts

package/dist/shell/ui.js

@@ -25,6 +25,18 @@ function createShellUi(runtime, flags) {
 		strong: (text) => colors.bold(text)
 	};
 }
+function renderCommandHeader(ui, options) {
+	if (!ui.isTTY) return [];
+	const rows = options.rows ?? [];
+	const lines = [`${ui.strong(options.commandLabel)} ${ui.dim("→")} ${ui.dim(options.description)}`, ""];
+	const rail = ui.dim("│");
+	const keyWidth = rows.length > 0 ? Math.max(...rows.map((row) => stringWidth(`${row.key}:`)), stringWidth("Read more")) : stringWidth("Read more");
+	for (const row of rows) lines.push(`${rail}  ${ui.accent(padDisplay(`${row.key}:`, keyWidth))}  ${formatHeaderValue(ui, row)}`);
+	if (rows.length > 0 || options.docsPath) lines.push(rail);
+	if (options.docsPath) lines.push(`${rail}  ${ui.accent(padDisplay("Read more", keyWidth))}  ${ui.link(options.docsPath)}`);
+	lines.push("");
+	return lines;
+}
 function renderSummaryLine(ui, status, text) {
 	return `${status === "success" ? ui.success("✔") : status === "error" ? ui.error("✘") : status === "warning" ? ui.warning("⚠") : ui.info("ℹ")} ${text}`;
 }
@@ -55,5 +67,11 @@ function resolveColorEnabled(runtime, flags, isTTY) {
 	if (runtime.env.NO_COLOR !== void 0) return false;
 	return isTTY;
 }
+function formatHeaderValue(ui, row) {
+	const value = row.sensitive ? maskValue(row.value) : row.value;
+	if (row.tone === "dim") return ui.dim(value);
+	if (row.tone === "link") return ui.link(value);
+	return value;
+}
 //#endregion
-export { createShellUi, maskValue, padDisplay, renderNextSteps, renderSummaryLine, wrapText };
+export { createShellUi, maskValue, padDisplay, renderCommandHeader, renderNextSteps, renderSummaryLine, wrapText };

package/dist/use-cases/auth.js

@@ -61,7 +61,7 @@ async function resolveCurrentAuthState(dependencies) {
 	return {
 		authenticated: true,
 		provider: provider.id,
-		user,
+		user: { email: user.email },
 		workspace,
 		linkedProjectId
 	};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@prisma/cli",
-  "version": "3.0.0-alpha.2",
+  "version": "3.0.0-alpha.3",
   "description": "Preview of the unified Prisma CLI.",
   "type": "module",
   "bin": {
@@ -39,7 +39,7 @@
     "@prisma/compute-sdk": "^0.17.0",
     "c12": "4.0.0-beta.4",
     "@prisma/credentials-store": "^7.7.0",
-    "@prisma/management-api-sdk": "^1.24.0",
+    "@prisma/management-api-sdk": "^1.27.0",
     "colorette": "^2.0.20",
     "commander": "^12.1.0",
     "magicast": "^0.3.5",