@rigkit/provider-freestyle 0.2.9 → 0.2.11

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Rigkit contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/package.json

@@ -1,6 +1,7 @@
 {
   "name": "@rigkit/provider-freestyle",
-  "version": "0.2.9",
+  "version": "0.2.11",
+  "license": "MIT",
   "type": "module",
   "repository": {
     "type": "git",
@@ -17,16 +18,16 @@
   ],
   "dependencies": {
     "zod": "^4",
-    "@rigkit/sdk": "0.2.9",
-    "@rigkit/engine": "0.2.9",
-    "@rigkit/provider-cmux": "0.2.9"
+    "@rigkit/sdk": "0.2.11",
+    "@rigkit/engine": "0.2.11",
+    "@rigkit/provider-cmux": "0.2.11"
   },
   "peerDependencies": {
-    "freestyle": "^0.1.51"
+    "freestyle": "^0.1.52"
   },
   "devDependencies": {
     "@types/bun": "latest",
-    "freestyle": "^0.1.51",
+    "freestyle": "^0.1.52",
     "typescript": "latest"
   },
   "publishConfig": {

package/src/host-auth.test.ts

@@ -1,6 +1,7 @@
 import { afterEach, describe, expect, test } from "bun:test";
 import type {
   JsonValue,
+  ProviderCheckContext,
   ProviderRuntimeContext,
   ProviderStorage,
   ProviderStorageRecord,
@@ -8,7 +9,7 @@ import type {
   WorkflowEvent,
 } from "@rigkit/engine";
 import { FREESTYLE_PROVIDER_ID, freestyle, freestyleProviderPlugin } from "./index.ts";
-import { createFreestyleProxyFetch } from "./host-auth.ts";
+import { createFreestyleProxyFetch, createFreestyleSdkFetch } from "./host-auth.ts";
 import type { FreestyleRuntime } from "./provider.ts";
 import { RIGKIT_PROVIDER_FREESTYLE_VERSION } from "./version.ts";
 
@@ -92,8 +93,8 @@ describe("Freestyle provider host auth", () => {
       });
 
       expect(projectStorage.entries()).toEqual([]);
-      expect(hostStorage.entries("identity:")).toHaveLength(1);
-      expect(requests).toHaveLength(2);
+      expect(hostStorage.entries("identity:")).toHaveLength(0);
+      expect(requests).toHaveLength(0);
 
       const runtime = await (controller as WorkflowProviderController<FreestyleRuntime>).runtime(providerContext([]));
 
@@ -174,6 +175,8 @@ describe("Freestyle provider host auth", () => {
         },
       });
 
+      await controller.checks?.(providerCheckContext("require"));
+
       expect(opened).toEqual([
         "https://dash.freestyle.sh/handler/cli-auth-confirm?login_code=login-code",
       ]);
@@ -222,6 +225,147 @@ describe("Freestyle provider host auth", () => {
     }
   });
 
+  test("reports a required browser auth check during plan without starting OAuth", async () => {
+    delete process.env.FREESTYLE_API_KEY;
+    delete process.env.FREESTYLE_TEAM_ID;
+
+    const projectStorage = new MemoryProviderStorage(FREESTYLE_PROVIDER_ID);
+    const hostStorage = new MemoryProviderStorage(FREESTYLE_PROVIDER_ID);
+    const previousFetch = globalThis.fetch;
+    globalThis.fetch = testFetch(async () =>
+      Response.json({ error: "plan should not fetch" }, { status: 500 })
+    );
+
+    try {
+      const controller = await freestyleProviderPlugin.createProvider({
+        provider: {
+          providerId: FREESTYLE_PROVIDER_ID,
+          config: {},
+        },
+        storage: projectStorage,
+        hostStorage,
+        local: { open: async () => {} },
+      });
+
+      expect(await controller.checks?.(providerCheckContext("plan"))).toEqual([{
+        id: "auth",
+        label: "Freestyle auth",
+        status: "required",
+        value: "login required",
+        message: "Run rig apply, rig create, or rig run to authenticate with Freestyle.",
+        fingerprint: "browser:default:auth:missing",
+      }]);
+      expect(hostStorage.entries()).toEqual([]);
+    } finally {
+      globalThis.fetch = previousFetch;
+    }
+  });
+
+  test("prompts for and persists a Freestyle team when browser auth has multiple teams", async () => {
+    delete process.env.FREESTYLE_API_KEY;
+    delete process.env.FREESTYLE_TEAM_ID;
+
+    const projectStorage = new MemoryProviderStorage(FREESTYLE_PROVIDER_ID);
+    const hostStorage = new MemoryProviderStorage(FREESTYLE_PROVIDER_ID);
+    const selectPrompts: unknown[] = [];
+    const proxyRequests: unknown[] = [];
+    const previousFetch = globalThis.fetch;
+    globalThis.fetch = testFetch(async (resource, init) => {
+      const url = resourceUrl(resource);
+      if (url.href === "https://api.stack-auth.com/api/v1/auth/cli") {
+        return Response.json({ polling_code: "poll-code", login_code: "login-code" });
+      }
+      if (url.href === "https://api.stack-auth.com/api/v1/auth/cli/poll") {
+        return Response.json({ status: "completed", refresh_token: "refresh-token" });
+      }
+      if (url.href === "https://api.stack-auth.com/api/v1/auth/sessions/current/refresh") {
+        return Response.json({ access_token: "stack-access-token", refresh_token: "refresh-token" });
+      }
+      if (url.href === "https://dash.freestyle.sh/api/cli/teams") {
+        return Response.json([
+          { id: "team_alpha", displayName: "Alpha" },
+          { id: "team_beta", displayName: "Beta", sandboxAccountId: "sandbox-beta" },
+        ]);
+      }
+      if (url.href === "https://dash.freestyle.sh/api/proxy/request") {
+        const body = JSON.parse(String(init?.body));
+        proxyRequests.push(body);
+        if (body.data.path === "identity/v1/identities") {
+          return Response.json({ id: "identity-browser" });
+        }
+        if (body.data.path === "identity/v1/identities/identity-browser/tokens") {
+          return Response.json({ id: "token-id-browser", token: "ssh-token-browser" });
+        }
+      }
+      return Response.json({ error: "unexpected request", url: url.href }, { status: 500 });
+    });
+
+    try {
+      const controller = await freestyleProviderPlugin.createProvider({
+        provider: {
+          providerId: FREESTYLE_PROVIDER_ID,
+          config: {},
+        },
+        storage: projectStorage,
+        hostStorage,
+        local: {
+          open: async () => {},
+          prompt: {
+            message: async () => {},
+            text: async () => "",
+            confirm: async () => true,
+            select: async (prompt) => {
+              selectPrompts.push(prompt);
+              return "team_beta";
+            },
+          },
+        },
+      });
+      const checks = await controller.checks?.(providerCheckContext("require"));
+
+      expect(selectPrompts).toEqual([{
+        message: "Choose Freestyle team",
+        options: [
+          { value: "team_alpha", label: "Alpha (team_alpha)", description: undefined },
+          { value: "team_beta", label: "Beta (team_beta)", description: "sandbox sandbox-beta" },
+        ],
+      }]);
+      expect(hostStorage.entries("stack-auth:")[0]?.value).toMatchObject({
+        refreshToken: "refresh-token",
+        accessToken: "stack-access-token",
+        defaultTeamId: "team_beta",
+        defaultTeamName: "Beta",
+      });
+      expect(proxyRequests).toEqual([
+        expect.objectContaining({
+          data: expect.objectContaining({
+            teamId: "team_beta",
+            path: "identity/v1/identities",
+          }),
+        }),
+        expect.objectContaining({
+          data: expect.objectContaining({
+            teamId: "team_beta",
+            path: "identity/v1/identities/identity-browser/tokens",
+          }),
+        }),
+      ]);
+      expect(checks).toContainEqual(expect.objectContaining({
+        id: "team",
+        label: "Freestyle team",
+        status: "ok",
+        value: "Beta (team_beta)",
+        detail: "team_beta",
+        metadata: {
+          teamId: "team_beta",
+          teamName: "Beta",
+        },
+      }));
+    } finally {
+      globalThis.fetch = previousFetch;
+    }
+  });
+
   test("ignores ambient FREESTYLE_API_KEY unless API-key auth is configured", async () => {
     process.env.FREESTYLE_API_KEY = "stale-api-key";
     delete process.env.FREESTYLE_TEAM_ID;
@@ -265,7 +409,7 @@ describe("Freestyle provider host auth", () => {
     });
 
     try {
-      await freestyleProviderPlugin.createProvider({
+      const controller = await freestyleProviderPlugin.createProvider({
         provider: {
           providerId: FREESTYLE_PROVIDER_ID,
           config: {},
@@ -278,6 +422,7 @@ describe("Freestyle provider host auth", () => {
           },
         },
       });
+      await controller.checks?.(providerCheckContext("require"));
 
       expect(opened).toEqual([
         "https://dash.freestyle.sh/handler/cli-auth-confirm?login_code=login-code",
@@ -293,6 +438,102 @@ describe("Freestyle provider host auth", () => {
 });
 
 describe("Freestyle provider proxy fetch", () => {
+  test("logs a replayable API-key fetch with the Freestyle API key redacted", async () => {
+    const sdkFetch = createFreestyleSdkFetch(testFetch(async () =>
+      Response.json({
+        code: "INTERNAL_ERROR",
+        message: "Internal server error",
+      }, { status: 500, statusText: "Internal Server Error" })
+    ));
+
+    const messages = await captureConsoleError(async () => {
+      const response = await sdkFetch("https://api.freestyle.sh/v1/vms", {
+        method: "POST",
+        headers: {
+          Authorization: "Bearer real-api-key",
+          "Content-Type": "application/json",
+        },
+        body: JSON.stringify({
+          image: "ubuntu-24.04",
+          apiKey: "body-api-key",
+        }),
+      });
+      expect(response.status).toBe(500);
+      await response.text();
+    });
+
+    expect(messages).toHaveLength(1);
+    expect(messages[0]).toContain('await fetch("https://api.freestyle.sh/v1/vms", {');
+    expect(messages[0]).toContain('"Authorization": "Bearer <redacted FREESTYLE_API_KEY>"');
+    expect(messages[0]).toContain('"image": "ubuntu-24.04"');
+    expect(messages[0]).toContain('"apiKey": "[redacted]"');
+    expect(messages[0]).toContain('Response: 500 Internal Server Error');
+    expect(messages[0]).not.toContain("real-api-key");
+    expect(messages[0]).not.toContain("body-api-key");
+  });
+
+  test("logs the original replayable request when a background request fails through the proxy", async () => {
+    const proxyFetch = createFreestyleProxyFetch({
+      dashboardUrl: "https://dash.freestyle.sh",
+      accessToken: "stack-access-token",
+      teamId: "team_123",
+      fetch: testFetch(async (resource, init) => {
+        const url = resourceUrl(resource);
+        expect(url.href).toBe("https://dash.freestyle.sh/api/proxy/request");
+        const body = JSON.parse(String(init?.body));
+        if (body.data.path === "v1/vms") {
+          return Response.json({
+            requestId: "ri_test_123",
+            status: "pending",
+          });
+        }
+        if (body.data.path === "auth/v1/background-requests/ri_test_123") {
+          return Response.json({
+            code: "INTERNAL_ERROR",
+            message: "Internal server error",
+            accessToken: "should-redact",
+          }, { status: 500, statusText: "Internal Server Error" });
+        }
+        return Response.json({ error: "unexpected request", body }, { status: 500 });
+      }),
+    });
+
+    const first = await proxyFetch("https://api.freestyle.sh/v1/vms", {
+      method: "POST",
+      headers: {
+        Authorization: "Bearer rigkit-browser-auth",
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify({
+        image: "ubuntu-24.04",
+      }),
+    });
+    expect(first.status).toBe(202);
+
+    const messages = await captureConsoleError(async () => {
+      const failed = await proxyFetch("https://api.freestyle.sh/auth/v1/background-requests/ri_test_123", {
+        method: "GET",
+        headers: {
+          Authorization: "Bearer rigkit-browser-auth",
+        },
+      });
+      expect(failed.status).toBe(500);
+      await failed.text();
+    });
+
+    expect(messages).toHaveLength(1);
+    expect(messages[0]).toContain("Freestyle background request ri_test_123 failed. Original API request:");
+    expect(messages[0]).toContain('await fetch("https://api.freestyle.sh/v1/vms", {');
+    expect(messages[0]).toContain('method: "POST"');
+    expect(messages[0]).toContain('"Authorization": "Bearer <redacted FREESTYLE_API_KEY>"');
+    expect(messages[0]).toContain('"image": "ubuntu-24.04"');
+    expect(messages[0]).toContain('Response: 500 Internal Server Error');
+    expect(messages[0]).toContain('"accessToken":"[redacted]"');
+    expect(messages[0]).not.toContain("stack-access-token");
+    expect(messages[0]).not.toContain("rigkit-browser-auth");
+    expect(messages[0]).not.toContain("should-redact");
+  });
+
   test("preserves Freestyle background request semantics through the browser-auth proxy", async () => {
     const proxyFetch = createFreestyleProxyFetch({
       dashboardUrl: "https://dash.freestyle.sh",
@@ -356,13 +597,16 @@ describe("Freestyle provider proxy fetch", () => {
       ),
     });
 
-    const response = await proxyFetch("https://api.freestyle.sh/v1/vms", {
-      method: "POST",
-      body: "{}",
+    let response: Response | undefined;
+    await captureConsoleError(async () => {
+      response = await proxyFetch("https://api.freestyle.sh/v1/vms", {
+        method: "POST",
+        body: "{}",
+      });
     });
 
-    expect(response.status).toBe(500);
-    await expect(response.json()).resolves.toEqual({
+    expect(response?.status).toBe(500);
+    await expect(response?.json()).resolves.toEqual({
       code: "INTERNAL_ERROR",
       message: "VM setup failed",
       details: {
@@ -389,10 +633,13 @@ describe("Freestyle provider proxy fetch", () => {
       ),
     });
 
-    const response = await proxyFetch("https://api.freestyle.sh/v1/vms");
+    let response: Response | undefined;
+    await captureConsoleError(async () => {
+      response = await proxyFetch("https://api.freestyle.sh/v1/vms");
+    });
 
-    expect(response.status).toBe(500);
-    await expect(response.json()).resolves.toEqual({
+    expect(response?.status).toBe(500);
+    await expect(response?.json()).resolves.toEqual({
       code: "INTERNAL_ERROR",
       message: "Internal server error",
       requestId: "req_123",
@@ -458,6 +705,14 @@ function providerContext(
   };
 }
 
+function providerCheckContext(mode: "plan" | "require"): ProviderCheckContext {
+  return {
+    mode,
+    workflow: "workflow",
+    local: providerContext([]).local,
+  };
+}
+
 function testFetch(
   handler: (
     resource: Parameters<typeof fetch>[0],
@@ -475,6 +730,20 @@ function resourceUrl(resource: Parameters<typeof fetch>[0]): URL {
   return new URL(resource.url);
 }
 
+async function captureConsoleError(action: () => Promise<void>): Promise<string[]> {
+  const previous = console.error;
+  const messages: string[] = [];
+  console.error = (...args: unknown[]) => {
+    messages.push(args.map((arg) => String(arg)).join(" "));
+  };
+  try {
+    await action();
+  } finally {
+    console.error = previous;
+  }
+  return messages;
+}
+
 function setEnv(name: string, value: string | undefined): void {
   if (value === undefined) {
     delete process.env[name];

package/src/host-auth.ts

@@ -1,6 +1,6 @@
 import { createHash } from "node:crypto";
 import { Freestyle } from "freestyle";
-import type { LocalWorkspaceRuntime, ProviderStorage } from "@rigkit/engine";
+import type { LocalWorkspaceRuntime, ProviderStorage, WorkflowProviderCheckResult } from "@rigkit/engine";
 import type { JsonValue } from "@rigkit/sdk";
 import { freestyleIdentityId, freestyleToken, freestyleTokenId } from "./auth.ts";
 import { createFreestyleStore } from "./store.ts";
@@ -8,6 +8,7 @@ import { RIGKIT_PROVIDER_FREESTYLE_VERSION } from "./version.ts";
 
 const DEFAULT_STACK_API_URL = "https://api.stack-auth.com";
 const DEFAULT_STACK_APP_URL = "https://dash.freestyle.sh";
+const DEFAULT_FREESTYLE_API_URL = "https://api.freestyle.sh";
 const DEFAULT_STACK_PROJECT_ID = "0edf478c-f123-46fb-818f-34c0024a9f35";
 const DEFAULT_STACK_PUBLISHABLE_CLIENT_KEY = "pck_h2aft7g9pqjzrkdnzs199h1may5wjtdtdxeex7m2wzp1r";
 const DEFAULT_CLI_AUTH_TIMEOUT_MILLIS = 10 * 60 * 1000;
@@ -28,6 +29,7 @@ export type FreestyleAuthenticatedClient = {
   identityId: ReturnType<typeof freestyleIdentityId>;
   tokenId: ReturnType<typeof freestyleTokenId>;
   token: ReturnType<typeof freestyleToken>;
+  team?: FreestyleResolvedTeam;
 };
 
 type CreateFreestyleAuthenticatedClientInput = {
@@ -42,6 +44,7 @@ type CreateFreestyleAuthenticatedClientInput = {
 type ResolvedClientAuth = {
   client: Freestyle;
   identityKey: string;
+  team?: FreestyleResolvedTeam;
 };
 
 type StackAuthConfig = {
@@ -57,6 +60,7 @@ type StackAuthState = {
   refreshToken: string;
   updatedAt: number;
   defaultTeamId?: string;
+  defaultTeamName?: string;
   accessToken?: string;
   accessTokenUpdatedAt?: number;
 };
@@ -72,6 +76,11 @@ type FreestyleTeam = {
   sandboxAccountId?: string | null;
 };
 
+export type FreestyleResolvedTeam = {
+  id: string;
+  displayName?: string;
+};
+
 export async function createFreestyleAuthenticatedClient(
   input: CreateFreestyleAuthenticatedClientInput,
 ): Promise<FreestyleAuthenticatedClient> {
@@ -84,6 +93,7 @@ export async function createFreestyleAuthenticatedClient(
       identityId: savedIdentity.identityId,
       tokenId: savedIdentity.tokenId,
       token: savedIdentity.token,
+      team: auth.team,
     };
   }
 
@@ -101,9 +111,103 @@ export async function createFreestyleAuthenticatedClient(
     identityId: createdIdentity.identityId,
     tokenId: createdIdentity.tokenId,
     token: createdIdentity.token,
+    team: auth.team,
   };
 }
 
+export function checkFreestyleProviderAuth(input: {
+  config?: FreestyleProviderConfig;
+  hostStorage: ProviderStorage;
+}): WorkflowProviderCheckResult[] {
+  const apiKey = nonEmpty(input.config?.apiKey);
+  const apiUrl = nonEmpty(input.config?.apiUrl) ?? nonEmpty(process.env.FREESTYLE_API_URL);
+  const store = createFreestyleStore(input.hostStorage);
+
+  if (apiKey) {
+    const identityKey = apiKeyIdentityKey({ apiUrl, apiKey });
+    return [{
+      id: "auth",
+      label: "Freestyle auth",
+      status: "ok",
+      value: "API key",
+      fingerprint: providerIdentityFingerprint(identityKey, store.getIdentity(identityKey)),
+    }];
+  }
+
+  const stack = resolveStackAuthConfig(input.config);
+  const stored = readStackAuthState(input.hostStorage.get(stackAuthStateKey(stack))?.value);
+  const configuredTeamId = nonEmpty(input.config?.teamId) ?? nonEmpty(process.env.FREESTYLE_TEAM_ID);
+
+  if (!stored?.refreshToken) {
+    return [{
+      id: "auth",
+      label: "Freestyle auth",
+      status: "required",
+      value: "login required",
+      message: "Run rig apply, rig create, or rig run to authenticate with Freestyle.",
+      fingerprint: `browser:${stack.profile}:auth:missing`,
+    }];
+  }
+
+  const teamId = configuredTeamId ?? stored.defaultTeamId;
+  if (!teamId) {
+    return [{
+      id: "team",
+      label: "Freestyle team",
+      status: "required",
+      value: "team selection required",
+      message: "Run rig apply, rig create, or rig run to choose a Freestyle team.",
+      fingerprint: `browser:${stack.profile}:team:missing`,
+    }];
+  }
+
+  const identityKey = browserIdentityKey({
+    apiUrl,
+    dashboardUrl: stack.dashboardUrl,
+    profile: stack.profile,
+    teamId,
+  });
+  const storedTeamName = teamId === stored.defaultTeamId ? stored.defaultTeamName : undefined;
+  return [{
+    id: "team",
+    label: "Freestyle team",
+    status: "ok",
+    value: formatFreestyleTeam({ id: teamId, displayName: storedTeamName }),
+    detail: teamId,
+    fingerprint: providerIdentityFingerprint(identityKey, store.getIdentity(identityKey)),
+    metadata: {
+      teamId,
+      ...(storedTeamName ? { teamName: storedTeamName } : {}),
+    },
+  }];
+}
+
+export function freestyleProviderChecksFromAuthenticated(
+  auth: FreestyleAuthenticatedClient,
+): WorkflowProviderCheckResult[] {
+  if (auth.team) {
+    return [{
+      id: "team",
+      label: "Freestyle team",
+      status: "ok",
+      value: formatFreestyleTeam(auth.team),
+      detail: auth.team.id,
+      fingerprint: `identity:${auth.identityId}`,
+      metadata: {
+        teamId: auth.team.id,
+        ...(auth.team.displayName ? { teamName: auth.team.displayName } : {}),
+      },
+    }];
+  }
+  return [{
+    id: "auth",
+    label: "Freestyle auth",
+    status: "ok",
+    value: "API key",
+    fingerprint: `identity:${auth.identityId}`,
+  }];
+}
+
 export function createFreestyleProxyFetch(input: {
   dashboardUrl: string;
   accessToken: string;
@@ -112,10 +216,15 @@ export function createFreestyleProxyFetch(input: {
 }): typeof fetch {
   const fetchFn = input.fetch ?? globalThis.fetch;
   const dashboardUrl = trimTrailingSlash(input.dashboardUrl);
+  const backgroundRequests = new Map<string, string>();
 
   const proxyFetch = async (resource: Parameters<typeof fetch>[0], init?: Parameters<typeof fetch>[1]) => {
     const url = resourceUrl(resource);
     const path = `${url.pathname}${url.search}`.replace(/^\/+/, "");
+    const freestyleRequestInit: RequestInit = {
+      ...init,
+      headers: withRigkitHeaders(init?.headers),
+    };
     const proxyResponse = await fetchFn(`${dashboardUrl}/api/proxy/request`, {
       method: "POST",
       headers: withRigkitHeaders({
@@ -126,8 +235,8 @@ export function createFreestyleProxyFetch(input: {
           accessToken: input.accessToken,
           teamId: input.teamId,
           path,
-          method: init?.method ?? "GET",
-          headers: Object.fromEntries(withRigkitHeaders(init?.headers).entries()),
+          method: resolveRequestMethod(resource, init),
+          headers: Object.fromEntries(new Headers(freestyleRequestInit.headers).entries()),
           body: init?.body ? String(init.body) : undefined,
         },
       }),
@@ -135,6 +244,13 @@ export function createFreestyleProxyFetch(input: {
 
     if (!proxyResponse.ok) {
       const errorText = await proxyResponse.text();
+      await logFreestyleApiRequestFailure({
+        backgroundRequests,
+        resource,
+        init: freestyleRequestInit,
+        response: proxyResponse,
+        responseText: errorText,
+      });
       const normalized = normalizeProxyError(errorText, proxyResponse.status);
       return new Response(normalized.body, {
         status: proxyResponse.status,
@@ -146,6 +262,9 @@ export function createFreestyleProxyFetch(input: {
     const data = await proxyResponse.json();
     if (isBackgroundRequestPending(data)) {
       const requestId = backgroundRequestId(data);
+      if (requestId) {
+        backgroundRequests.set(requestId, formatReplayableFetchRequest(resource, freestyleRequestInit));
+      }
       return Response.json(data, {
         status: 202,
         headers: {
@@ -162,11 +281,24 @@ export function createFreestyleProxyFetch(input: {
 }
 
 export function createFreestyleSdkFetch(fetchFn: typeof fetch = globalThis.fetch): typeof fetch {
-  const rigkitFetch = (async (resource, init) =>
-    await fetchFn(resource, {
+  const backgroundRequests = new Map<string, string>();
+  const rigkitFetch = (async (resource, init) => {
+    const requestInit: RequestInit = {
       ...init,
       headers: withRigkitHeaders(init?.headers),
-    })) as typeof fetch;
+    };
+    const response = await fetchFn(resource, requestInit);
+    await rememberBackgroundRequest(backgroundRequests, resource, requestInit, response);
+    if (!response.ok) {
+      await logFreestyleApiRequestFailure({
+        backgroundRequests,
+        resource,
+        init: requestInit,
+        response,
+      });
+    }
+    return response;
+  }) as typeof fetch;
   return Object.assign(rigkitFetch, {
     preconnect: fetchFn.preconnect?.bind(fetchFn) ?? (() => {}),
   }) as typeof fetch;
@@ -184,7 +316,7 @@ async function resolveClientAuth(input: CreateFreestyleAuthenticatedClientInput)
         ...(apiUrl ? { baseUrl: apiUrl } : {}),
         fetch: createFreestyleSdkFetch(fetchFn),
       }),
-      identityKey: `api-key:${fingerprint({ apiUrl: apiUrl ?? "default", apiKey })}`,
+      identityKey: apiKeyIdentityKey({ apiUrl, apiKey }),
     };
   }
 
@@ -201,7 +333,7 @@ async function resolveClientAuth(input: CreateFreestyleAuthenticatedClientInput)
     timeoutMs: input.timeoutMs ?? DEFAULT_CLI_AUTH_TIMEOUT_MILLIS,
     pollIntervalMs: input.pollIntervalMs ?? DEFAULT_POLL_INTERVAL_MILLIS,
   });
-  const teamId = await resolveTeamId({
+  const team = await resolveTeam({
     configuredTeamId: input.config?.teamId,
     stored: readStackAuthState(input.hostStorage.get(stackStateKey)?.value) ?? stored,
     accessToken: refreshed.accessToken,
@@ -209,6 +341,7 @@ async function resolveClientAuth(input: CreateFreestyleAuthenticatedClientInput)
     storage: input.hostStorage,
     storageKey: stackStateKey,
     fetch: fetchFn,
+    local: input.local,
   });
   const client = new Freestyle({
     apiKey: "rigkit-browser-auth",
@@ -216,19 +349,20 @@ async function resolveClientAuth(input: CreateFreestyleAuthenticatedClientInput)
     fetch: createFreestyleProxyFetch({
       dashboardUrl: stack.dashboardUrl,
       accessToken: refreshed.accessToken,
-      teamId,
+      teamId: team.id,
       fetch: fetchFn,
     }),
   });
 
   return {
     client,
-    identityKey: `browser:${fingerprint({
-      apiUrl: apiUrl ?? "default",
+    identityKey: browserIdentityKey({
+      apiUrl,
       dashboardUrl: stack.dashboardUrl,
       profile: stack.profile,
-      teamId,
-    })}`,
+      teamId: team.id,
+    }),
+    team,
   };
 }
 
@@ -269,6 +403,162 @@ function withRigkitHeaders(headers: HeadersInit | undefined): Headers {
   return next;
 }
 
+async function rememberBackgroundRequest(
+  backgroundRequests: Map<string, string>,
+  resource: Parameters<typeof fetch>[0],
+  init: RequestInit,
+  response: Response,
+): Promise<void> {
+  if (response.status !== 202) return;
+  const requestId = await responseBackgroundRequestId(response);
+  if (!requestId) return;
+  backgroundRequests.set(requestId, formatReplayableFetchRequest(resource, init));
+}
+
+async function logFreestyleApiRequestFailure(input: {
+  backgroundRequests: Map<string, string>;
+  resource: Parameters<typeof fetch>[0];
+  init: RequestInit;
+  response: Response;
+  responseText?: string;
+}): Promise<void> {
+  if (isFreestyleBackgroundLogRequest(input.resource)) return;
+
+  const requestId = backgroundRequestIdFromResource(input.resource);
+  const replayRequest = requestId ? input.backgroundRequests.get(requestId) : undefined;
+  const responseSummary = await formatResponseSummary(input.response, input.responseText);
+  const heading = requestId
+    ? `Freestyle background request ${requestId} failed. Original API request:`
+    : "Freestyle API request failed. Replay request:";
+  const request = replayRequest ?? formatReplayableFetchRequest(input.resource, input.init);
+  console.error(`${heading}\n${request}\n${responseSummary}`);
+}
+
+async function responseBackgroundRequestId(response: Response): Promise<string | undefined> {
+  const header = response.headers.get("x-freestyle-background-request-id");
+  if (header) return header;
+  const data = await response.clone().json().catch(() => undefined);
+  return backgroundRequestId(data);
+}
+
+function backgroundRequestIdFromResource(resource: Parameters<typeof fetch>[0]): string | undefined {
+  const path = resourceUrl(resource).pathname;
+  const match = path.match(/\/auth\/v1\/background-requests\/([^/]+)$/);
+  return match?.[1] ? decodeURIComponent(match[1]) : undefined;
+}
+
+function isFreestyleBackgroundLogRequest(resource: Parameters<typeof fetch>[0]): boolean {
+  return resourceUrl(resource).pathname === "/observability/v1/logs";
+}
+
+async function formatResponseSummary(response: Response, responseText?: string): Promise<string> {
+  const text = responseText ?? await response.clone().text().catch(() => "");
+  const status = [response.status, response.statusText].filter(Boolean).join(" ");
+  const redactedBody = formatRedactedResponseBody(text);
+  return [
+    `Response: ${status}`,
+    ...(redactedBody ? [`Response body: ${redactedBody}`] : []),
+  ].join("\n");
+}
+
+function formatRedactedResponseBody(text: string): string | undefined {
+  if (!text) return undefined;
+  try {
+    return JSON.stringify(redactSensitiveFields(JSON.parse(text)));
+  } catch {
+    return text;
+  }
+}
+
+function formatReplayableFetchRequest(resource: Parameters<typeof fetch>[0], init: RequestInit): string {
+  const lines = [
+    `await fetch(${JSON.stringify(resourceUrl(resource).href)}, {`,
+    `  method: ${JSON.stringify(resolveRequestMethod(resource, init))},`,
+  ];
+  const headers = replayableHeaders(resource, init);
+  if (Object.keys(headers).length > 0) {
+    lines.push(`  headers: ${indentContinuation(JSON.stringify(headers, null, 2), 2)},`);
+  }
+  const body = replayableBody(init.body);
+  if (body) {
+    lines.push(`  body: ${indentContinuation(body, 2)},`);
+  }
+  lines.push("});");
+  return lines.join("\n");
+}
+
+function replayableHeaders(resource: Parameters<typeof fetch>[0], init: RequestInit): Record<string, string> {
+  const headers = resource instanceof Request ? new Headers(resource.headers) : new Headers();
+  new Headers(init.headers).forEach((value, key) => {
+    headers.set(key, value);
+  });
+  const result: Record<string, string> = {};
+  headers.forEach((value, key) => {
+    result[displayHeaderName(key)] = redactHeaderValue(key, value);
+  });
+  return result;
+}
+
+function resolveRequestMethod(resource: Parameters<typeof fetch>[0], init?: RequestInit): string {
+  return init?.method ?? (resource instanceof Request ? resource.method : "GET");
+}
+
+function replayableBody(body: BodyInit | null | undefined): string | undefined {
+  if (body === undefined || body === null) return undefined;
+  if (typeof body === "string") {
+    try {
+      const parsed = JSON.parse(body) as unknown;
+      return `JSON.stringify(${JSON.stringify(redactSensitiveFields(parsed), null, 2)})`;
+    } catch {
+      return JSON.stringify(body);
+    }
+  }
+  if (body instanceof URLSearchParams) {
+    return `new URLSearchParams(${JSON.stringify(body.toString())})`;
+  }
+  return JSON.stringify(String(body));
+}
+
+function indentContinuation(value: string, spaces: number): string {
+  const lines = value.split("\n");
+  const indent = " ".repeat(spaces);
+  return [lines[0], ...lines.slice(1).map((line) => `${indent}${line}`)].join("\n");
+}
+
+function displayHeaderName(name: string): string {
+  const normalized = name.toLowerCase();
+  return {
+    authorization: "Authorization",
+    "content-type": "Content-Type",
+    "user-agent": "User-Agent",
+    "x-freestyle-identity-access-token": "X-Freestyle-Identity-Access-Token",
+    [RIGKIT_HEADER]: RIGKIT_HEADER,
+    [RIGKIT_VERSION_HEADER]: RIGKIT_VERSION_HEADER,
+  }[normalized] ?? name;
+}
+
+function redactHeaderValue(name: string, value: string): string {
+  if (name.toLowerCase() === "authorization" && /^Bearer\s+/i.test(value)) {
+    return "Bearer <redacted FREESTYLE_API_KEY>";
+  }
+  return isSensitiveFieldName(name) ? "[redacted]" : value;
+}
+
+function redactSensitiveFields(value: unknown): unknown {
+  if (Array.isArray(value)) return value.map(redactSensitiveFields);
+  if (!value || typeof value !== "object") return value;
+  const next: Record<string, unknown> = {};
+  for (const [key, field] of Object.entries(value)) {
+    next[key] = isSensitiveFieldName(key) ? "[redacted]" : redactSensitiveFields(field);
+  }
+  return next;
+}
+
+function isSensitiveFieldName(name: string): boolean {
+  return /authorization|api[-_]?key|access[-_]?token|refresh[-_]?token|password|secret|credential|cookie/i
+    .test(name);
+}
+
 async function resolveStackAccessToken(input: {
   config: StackAuthConfig;
   storage: ProviderStorage;
@@ -285,6 +575,7 @@ async function resolveStackAccessToken(input: {
     saveStackAuthState(input.storage, input.storageKey, {
       refreshToken,
       defaultTeamId: input.stored?.defaultTeamId,
+      defaultTeamName: input.stored?.defaultTeamName,
       updatedAt: Date.now(),
     });
   }
@@ -296,6 +587,7 @@ async function resolveStackAccessToken(input: {
     saveStackAuthState(input.storage, input.storageKey, {
       refreshToken,
       defaultTeamId: input.stored?.defaultTeamId,
+      defaultTeamName: input.stored?.defaultTeamName,
       updatedAt: Date.now(),
     });
     refreshed = await refreshStackAccessToken(input.config, refreshToken, input.fetch);
@@ -309,6 +601,7 @@ async function resolveStackAccessToken(input: {
   saveStackAuthState(input.storage, input.storageKey, {
     refreshToken: nextRefreshToken,
     defaultTeamId: input.stored?.defaultTeamId,
+    defaultTeamName: input.stored?.defaultTeamName,
     accessToken: refreshed.accessToken,
     accessTokenUpdatedAt: Date.now(),
     updatedAt: Date.now(),
@@ -404,7 +697,7 @@ async function refreshStackAccessToken(
   };
 }
 
-async function resolveTeamId(input: {
+async function resolveTeam(input: {
   configuredTeamId: string | undefined;
   stored: StackAuthState | undefined;
   accessToken: string;
@@ -412,19 +705,27 @@ async function resolveTeamId(input: {
   storage: ProviderStorage;
   storageKey: string;
   fetch: typeof fetch;
-}): Promise<string> {
+  local: LocalWorkspaceRuntime;
+}): Promise<FreestyleResolvedTeam> {
   const teamId =
     nonEmpty(input.configuredTeamId) ??
       nonEmpty(process.env.FREESTYLE_TEAM_ID) ??
       nonEmpty(input.stored?.defaultTeamId);
   if (teamId) {
+    const storedTeamName = teamId === input.stored?.defaultTeamId
+      ? input.stored?.defaultTeamName
+      : undefined;
     saveStackAuthState(input.storage, input.storageKey, {
       ...input.stored,
       refreshToken: input.stored?.refreshToken ?? "",
       defaultTeamId: teamId,
+      defaultTeamName: storedTeamName,
       updatedAt: Date.now(),
     });
-    return teamId;
+    return {
+      id: teamId,
+      ...(storedTeamName ? { displayName: storedTeamName } : {}),
+    };
   }
 
   const teams = await listTeams(input.config, input.accessToken, input.fetch);
@@ -434,19 +735,68 @@ async function resolveTeamId(input: {
       ...input.stored,
       refreshToken: input.stored?.refreshToken ?? "",
       defaultTeamId: onlyTeam.id,
+      defaultTeamName: nonEmpty(onlyTeam.displayName),
       updatedAt: Date.now(),
     });
-    return onlyTeam.id;
+    return freestyleResolvedTeam(onlyTeam);
   }
 
   if (teams.length === 0) {
     throw new Error("Freestyle authentication succeeded, but no teams were available for this account.");
   }
 
-  const choices = teams.map((team) => `${team.displayName ?? team.id} (${team.id})`).join(", ");
-  throw new Error(
-    `Freestyle authentication found multiple teams. Set freestyle.provider({ teamId }) or FREESTYLE_TEAM_ID. Teams: ${choices}`,
-  );
+  const selectedTeamId = await selectFreestyleTeam(input.local, teams);
+  const selectedTeam = teams.find((team) => team.id === selectedTeamId);
+  if (!selectedTeam) {
+    throw new Error(`Freestyle team selection returned unknown team ${selectedTeamId}.`);
+  }
+  saveStackAuthState(input.storage, input.storageKey, {
+    ...input.stored,
+    refreshToken: input.stored?.refreshToken ?? "",
+    defaultTeamId: selectedTeam.id,
+    defaultTeamName: nonEmpty(selectedTeam.displayName),
+    updatedAt: Date.now(),
+  });
+  return freestyleResolvedTeam(selectedTeam);
+}
+
+async function selectFreestyleTeam(
+  local: LocalWorkspaceRuntime,
+  teams: FreestyleTeam[],
+): Promise<string> {
+  if (!local.prompt?.select) {
+    const choices = teams.map((team) => `${team.displayName ?? team.id} (${team.id})`).join(", ");
+    throw new Error(
+      `Freestyle authentication found multiple teams. Set freestyle.provider({ teamId }) or FREESTYLE_TEAM_ID. Teams: ${choices}`,
+    );
+  }
+  return await local.prompt.select({
+    message: "Choose Freestyle team",
+    options: teams.map((team) => ({
+      value: team.id,
+      label: team.displayName ? `${team.displayName} (${team.id})` : team.id,
+      description: team.sandboxAccountId ? `sandbox ${team.sandboxAccountId}` : undefined,
+    })),
+  });
+}
+
+function freestyleResolvedTeam(team: FreestyleTeam): FreestyleResolvedTeam {
+  const displayName = nonEmpty(team.displayName);
+  return {
+    id: team.id,
+    ...(displayName ? { displayName } : {}),
+  };
+}
+
+function formatFreestyleTeam(team: FreestyleResolvedTeam): string {
+  return team.displayName ? `${team.displayName} (${team.id})` : team.id;
+}
+
+function providerIdentityFingerprint(
+  identityKey: string,
+  identity: { identityId: string } | undefined,
+): string {
+  return `${identityKey}:${identity?.identityId ?? "missing-identity"}`;
 }
 
 async function listTeams(config: StackAuthConfig, accessToken: string, fetchFn: typeof fetch): Promise<FreestyleTeam[]> {
@@ -487,6 +837,24 @@ function stackAuthStateKey(config: StackAuthConfig): string {
   })}`;
 }
 
+function apiKeyIdentityKey(input: { apiUrl: string | undefined; apiKey: string }): string {
+  return `api-key:${fingerprint({ apiUrl: input.apiUrl ?? "default", apiKey: input.apiKey })}`;
+}
+
+function browserIdentityKey(input: {
+  apiUrl: string | undefined;
+  dashboardUrl: string;
+  profile: string;
+  teamId: string;
+}): string {
+  return `browser:${fingerprint({
+    apiUrl: input.apiUrl ?? "default",
+    dashboardUrl: input.dashboardUrl,
+    profile: input.profile,
+    teamId: input.teamId,
+  })}`;
+}
+
 function readStackAuthState(value: JsonValue | undefined): StackAuthState | undefined {
   if (!isRecord(value)) return undefined;
   const refreshToken = typeof value.refreshToken === "string" ? value.refreshToken : undefined;
@@ -495,6 +863,7 @@ function readStackAuthState(value: JsonValue | undefined): StackAuthState | unde
     refreshToken,
     updatedAt: typeof value.updatedAt === "number" ? value.updatedAt : Date.now(),
     defaultTeamId: typeof value.defaultTeamId === "string" ? value.defaultTeamId : undefined,
+    defaultTeamName: typeof value.defaultTeamName === "string" ? value.defaultTeamName : undefined,
     accessToken: typeof value.accessToken === "string" ? value.accessToken : undefined,
     accessTokenUpdatedAt: typeof value.accessTokenUpdatedAt === "number" ? value.accessTokenUpdatedAt : undefined,
   };
@@ -506,13 +875,14 @@ function saveStackAuthState(storage: ProviderStorage, key: string, state: StackA
     refreshToken: state.refreshToken,
     updatedAt: state.updatedAt,
     ...(state.defaultTeamId ? { defaultTeamId: state.defaultTeamId } : {}),
+    ...(state.defaultTeamName ? { defaultTeamName: state.defaultTeamName } : {}),
     ...(state.accessToken ? { accessToken: state.accessToken } : {}),
     ...(state.accessTokenUpdatedAt ? { accessTokenUpdatedAt: state.accessTokenUpdatedAt } : {}),
   });
 }
 
 function resourceUrl(resource: Parameters<typeof fetch>[0]): URL {
-  if (typeof resource === "string") return new URL(resource);
+  if (typeof resource === "string") return new URL(resource, DEFAULT_FREESTYLE_API_URL);
   if (resource instanceof URL) return resource;
   return new URL(resource.url);
 }

package/src/index.ts

@@ -6,13 +6,16 @@ import type { BaseProviderPlugin } from "@rigkit/engine";
 import * as z from "zod/v4-mini";
 import { freestyleIdentityId, freestyleToken, freestyleTokenId } from "./auth.ts";
 import {
+  checkFreestyleProviderAuth,
   createFreestyleAuthenticatedClient,
   createFreestyleProxyFetch,
+  freestyleProviderChecksFromAuthenticated,
   type FreestyleProviderConfig,
 } from "./host-auth.ts";
 import {
   FREESTYLE_PROVIDER_ID,
   FREESTYLE_TERMINAL_PROVIDER_ID,
+  createLazyFreestyleWorkflowController,
   createFreestyleTerminalController,
   createFreestyleWorkflowProvider,
 } from "./provider.ts";
@@ -65,15 +68,20 @@ export const freestyleProviderPlugin: BaseProviderPlugin = {
   providerId: FREESTYLE_PROVIDER_ID,
   async createProvider({ provider, hostStorage, local }) {
     const config = parseFreestyleProviderConfig(provider.config);
-    const authenticated = await createFreestyleAuthenticatedClient({
+    let authenticated: ReturnType<typeof createFreestyleAuthenticatedClient> | undefined;
+    const authenticate = () => authenticated ??= createFreestyleAuthenticatedClient({
       config,
       hostStorage,
       local,
     });
-    return createFreestyleWorkflowProvider({
-      client: authenticated.client,
-      identityId: authenticated.identityId,
-      token: authenticated.token,
+    return createLazyFreestyleWorkflowController({
+      authenticate,
+      checks: async ({ mode }) => {
+        if (mode === "require") {
+          return freestyleProviderChecksFromAuthenticated(await authenticate());
+        }
+        return checkFreestyleProviderAuth({ config, hostStorage });
+      },
     });
   },
 };
@@ -86,9 +94,11 @@ export const freestyleTerminalPlugin: BaseProviderPlugin = {
 };
 
 export {
+  checkFreestyleProviderAuth,
   createFreestyleAuthenticatedClient,
   createFreestyleProxyFetch,
   createFreestyleSdkFetch,
+  freestyleProviderChecksFromAuthenticated,
 } from "./host-auth.ts";
 export {
   freestyleIdentityId,
@@ -102,6 +112,7 @@ export {
   FREESTYLE_PROVIDER_ID,
   FREESTYLE_TERMINAL_PROVIDER_ID,
   createFreestyleTerminalController,
+  createLazyFreestyleWorkflowController,
   createFreestyleWorkflowController,
   createFreestyleWorkflowProvider,
 } from "./provider.ts";
@@ -120,6 +131,7 @@ export type {
   FreestyleVscodeUrlOptions,
 } from "./provider.ts";
 export type { FreestyleGitRelationship, FreestyleIdentity } from "./store.ts";
+export type { FreestyleResolvedTeam } from "./host-auth.ts";
 
 function parseFreestyleProviderConfig(value: unknown): FreestyleProviderConfig {
   const result = z.safeParse(freestyleProviderConfigSchema, normalizeFreestyleProviderOptions(value));

package/src/provider.ts

@@ -2,10 +2,12 @@ import { Freestyle } from "freestyle";
 import type {
   SshConnection,
   SshOptions,
+  WorkflowProviderCheckResult,
   WorkflowProviderController,
 } from "@rigkit/engine";
 import type { CmuxOpenSshInput } from "@rigkit/provider-cmux";
 import type { FreestyleIdentityId, FreestyleToken } from "./auth.ts";
+import type { FreestyleResolvedTeam } from "./host-auth.ts";
 import { createFreestyleTerminalSession } from "./terminal-session.ts";
 
 export const FREESTYLE_PROVIDER_ID = "freestyle";
@@ -55,6 +57,7 @@ export function createFreestyleWorkflowProvider(input: {
   client: Freestyle;
   identityId: FreestyleIdentityId;
   token: FreestyleToken;
+  team?: FreestyleResolvedTeam;
 }): WorkflowProviderController<FreestyleRuntime> {
   return createFreestyleWorkflowController(input);
 }
@@ -63,15 +66,50 @@ export function createFreestyleWorkflowController(input: {
   client: Freestyle;
   identityId: FreestyleIdentityId;
   token: FreestyleToken;
+  team?: FreestyleResolvedTeam;
 }): WorkflowProviderController<FreestyleRuntime> {
   return {
     providerId: FREESTYLE_PROVIDER_ID,
+    checks() {
+      if (!input.team) return undefined;
+      return {
+        id: "team",
+        label: "Freestyle team",
+        status: "ok",
+        value: formatFreestyleTeam(input.team),
+        detail: input.team.id,
+        fingerprint: `identity:${input.identityId}`,
+        metadata: {
+          teamId: input.team.id,
+          ...(input.team.displayName ? { teamName: input.team.displayName } : {}),
+        },
+      };
+    },
     runtime() {
       return createFreestyleRuntime(input);
     },
   };
 }
 
+export function createLazyFreestyleWorkflowController(input: {
+  authenticate(): Promise<{
+    client: Freestyle;
+    identityId: FreestyleIdentityId;
+    token: FreestyleToken;
+    team?: FreestyleResolvedTeam;
+  }>;
+  checks(context: { mode: "plan" | "require" }): Promise<WorkflowProviderCheckResult[]>;
+}): WorkflowProviderController<FreestyleRuntime> {
+  return {
+    providerId: FREESTYLE_PROVIDER_ID,
+    checks: input.checks,
+    async runtime() {
+      const authenticated = await input.authenticate();
+      return createFreestyleRuntime(authenticated);
+    },
+  };
+}
+
 export function createFreestyleTerminalController(): WorkflowProviderController<FreestyleTerminalRuntime> {
   return {
     providerId: FREESTYLE_TERMINAL_PROVIDER_ID,
@@ -140,6 +178,10 @@ function createFreestyleRuntime(input: {
 
 const defaultFreestyleVmUser = "root";
 
+function formatFreestyleTeam(team: FreestyleResolvedTeam): string {
+  return team.displayName ? `${team.displayName} (${team.id})` : team.id;
+}
+
 function freestyleSshConnection(vmId: string, token: FreestyleToken, user: string | undefined): SshConnection {
   const userPart = `+${user ?? defaultFreestyleVmUser}`;
   const username = `${vmId}${userPart}`;

package/src/version.ts

@@ -1 +1 @@
-export const RIGKIT_PROVIDER_FREESTYLE_VERSION = "0.2.9";
+export const RIGKIT_PROVIDER_FREESTYLE_VERSION = "0.2.11";