@run402/sdk 1.69.8 → 1.70.0

package/README.md

@@ -192,9 +192,10 @@ const resumed = await r.deploy.resume("op_...");
 - **Per-resource semantics on the spec.** `site.replace` = "this is the whole site" (files absent are removed). `site.patch.put` / `patch.delete` are surgical updates. `site.public_paths` controls browser-visible static paths separately from backing release asset paths: explicit mode uses a complete map such as `{ "/events": { asset: "events.html", cache_class: "html" } }`, so `/events` serves `events.html` while `/events.html` is not public unless separately declared. Implicit mode restores filename-derived reachability and can widen access. A public-path-only site spec is deployable. `functions.replace` / `functions.patch.set` / `functions.patch.delete` mirror that. Secrets are value-free: set values first with `r.secrets.set(project, key, value)`, then deploy with `secrets.require` and/or `secrets.delete`. `subdomains.set` / `subdomains.add` / `subdomains.remove` use their own shape. Top-level absence = leave untouched.
 - **Same-origin web routes.** `routes` is `undefined | null | { replace: RouteSpec[] }`. Omit it or pass `null` to carry forward base routes, pass `{ replace: [] }` to clear routes, or pass route entries to replace the table. Function targets use `{ type: "function", name }`; exact static route targets use `{ type: "static", file }` with methods `["GET"]` or `["GET","HEAD"]`, no wildcard pattern, and a relative deployed asset path with no leading slash. `file` is not a public path, URL, CAS hash, rewrite, or redirect. Prefer `site.public_paths` for ordinary clean static URLs like `/events -> events.html`; use static route targets for method-aware aliases such as static `GET /login` plus function `POST /login`. Routed browser ingress invokes Node 22 Fetch Request -> Response handlers; `req.url` is the full public URL on managed subdomains, deployment hosts, and verified custom domains. Direct `/functions/v1/:name` invocation remains API-key protected. Runtime route failure codes include `ROUTE_MANIFEST_LOAD_FAILED`, `ROUTED_INVOKE_WORKER_SECRET_MISSING`, `ROUTED_INVOKE_AUTH_FAILED`, `ROUTED_ROUTE_STALE`, `ROUTE_METHOD_NOT_ALLOWED`, and `ROUTED_RESPONSE_TOO_LARGE`.
 - **Strict spec validation happens before network calls.** Raw `ReleaseSpec` objects reject unknown fields (for example `project_id` or `subdomain`) instead of silently dropping them during normalization, and project/base-only or empty nested specs fail with `Run402DeployError.code === "MANIFEST_EMPTY"`. Use the Node manifest helpers when starting from CLI/MCP-style JSON.
-- **Warnings are structured.** `DeployResult.warnings` contains `WarningEntry[]` (`code`, `severity`, `requires_confirmation`, `message`, optional `affected`/`details`/`confidence`); the type preserves legacy low/medium/high plan warnings and modern deploy-observability info/warn/high warnings. `apply()` emits `plan.warnings` and stops before upload/commit on confirmation-required warnings unless `allowWarnings` is set. For `MISSING_REQUIRED_SECRET`, set the affected keys with `r.secrets.set`, then retry.
+- **Tier preflight happens before deploy side effects.** After normalization and before manifest CAS upload or `/deploy/v2/plans`, deploy checks literal function timeout, memory, cron minimum interval, and scheduled-function count when known. Violations throw `Run402DeployError.code === "BAD_FIELD"` with `details.field`, `details.value`, `details.tier`, the relevant cap, and `details.limit_source`; gateway validation remains authoritative.
+- **Warnings are structured.** `DeployResult.warnings` contains `WarningEntry[]` (`code`, `severity`, `requires_confirmation`, `message`, optional `affected`/`details`/`confidence`); the type preserves legacy low/medium/high plan warnings and modern deploy-observability info/warn/high warnings. `apply()` emits `plan.warnings` and stops before upload/commit on confirmation-required warnings unless broad `allowWarnings` is set or every blocking code is listed in `allowWarningCodes`. For `MISSING_REQUIRED_SECRET`, set the affected keys with `r.secrets.set`, then retry.
 - **Deploy summaries are SDK-owned convenience.** `summarizeDeployResult(result)` returns `DeploySummary` (`schema_version: "deploy-summary.v1"`) with a headline plus reliable current buckets for site path counts, CAS new/reused bytes, functions, migrations, routes, secrets, subdomains, and warning counts. It is derived from `DeployResult.diff` / `DeployResult.warnings`; it makes no extra gateway calls, omits sections the gateway did not return, and intentionally excludes timings, client-side duration estimates, and function old/new code hashes.
-- **Safe release-race retries are SDK-owned.** `deploy.apply()` automatically re-plans and retries omitted/current-base specs when the gateway returns `BASE_RELEASE_CONFLICT` with `safe_to_retry: true`. The default budget is two retries after the initial attempt; pass `{ maxRetries: 0 }` to opt out. Each retry emits `deploy.retry`; exhausted retries keep the last `Run402DeployError` and add `attempts`, `maxRetries`, and `lastRetryCode`.
+- **Safe release-race retries are SDK-owned.** `deploy.apply()` automatically re-plans and retries omitted/current-base specs when the gateway returns `BASE_RELEASE_CONFLICT` with `safe_to_retry: true`. Static activation/config failures reported from `activation_pending` throw immediately with gateway metadata preserved. The default retry budget is two retries after the initial attempt; pass `{ maxRetries: 0 }` to opt out.
 - **Planning supports dry-runs.** `r.deploy.plan(spec, { dryRun: true })` calls the server-authoritative dry-run route and returns the normalized v2 plan envelope without uploading bytes or creating plan/operation rows (`plan_id` and `operation_id` are `null`).
 - **Release observability is typed.** Use `r.deploy.getRelease({ project, releaseId, siteLimit? })`, `r.deploy.getActiveRelease({ project, siteLimit? })`, and `r.deploy.diff({ project, from, to, limit? })` to inspect release inventory and release-to-release diffs. Inventories include `release_generation`, `static_manifest_sha256`, nullable `static_manifest_metadata` (`file_count`, `total_bytes`, `cache_classes`, `cache_class_sources`, `spa_fallback`), and `static_public_paths[]` when returned. `site.paths` lists release static assets; `static_public_paths[]` lists browser reachability with `public_path`, `asset_path`, `reachability_authority`, `direct`, cache class, and content type. `diff` returns `ReleaseToReleaseDiff` with `migrations.applied_between_releases`; secret diffs expose keys only; `static_assets` exposes unchanged/changed/added/removed files, CAS byte reuse, eliminated deployment-copy bytes, and immutable/CAS warning counts.
 - **Server-authoritative manifest digest** — no byte-for-byte canonicalize requirement on the client.
@@ -281,11 +282,11 @@ const resumed = await r.deploy.resume("op_...");
 
   | Code | Why it matters | Recovery |
   |------|----------------|----------|
-  | `PUBLIC_ROUTED_FUNCTION` | Function becomes public same-origin browser ingress. | Review app auth, CSRF, CORS/`OPTIONS`, and cookies; direct `/functions/v1/:name` remains API-key protected. Retry with `allowWarnings` only after review. |
+  | `PUBLIC_ROUTED_FUNCTION` | Function becomes public same-origin browser ingress. | Review app auth, CSRF, CORS/`OPTIONS`, and cookies; direct `/functions/v1/:name` remains API-key protected. Prefer `allowWarningCodes` after review; broad `allowWarnings` only after every warning was reviewed. |
   | `ROUTE_TARGET_CARRIED_FORWARD` | Carried-forward route still targets a base-release function. | Inspect active routes and deploy `routes.replace` if the target should change. |
   | `ROUTE_SHADOWS_STATIC_PATH` / `WILDCARD_ROUTE_SHADOWS_STATIC_PATHS` | Dynamic route shadows direct public static content. | Inspect warning details, active routes, `static_public_paths`, and resolve diagnostics; confirm only when intentional. |
   | `METHOD_SPECIFIC_ROUTE_ALLOWS_GET_STATIC_FALLBACK` | Unmatched methods can serve static content. | Confirm fallback is intended or add method coverage. |
-  | `WILDCARD_ROUTE_EXCLUDES_MUTATION_METHODS` | Wildcard function route only allows `GET`/`HEAD`. | Add mutation methods such as `POST`, omit methods for an API prefix, or confirm it is read-only. |
+  | `WILDCARD_ROUTE_EXCLUDES_MUTATION_METHODS` | Wildcard function route only allows `GET`/`HEAD`. | Add mutation methods such as `POST`, omit methods for an API prefix, or set `acknowledge_readonly: true` on an intentionally read-only GET/HEAD final-wildcard function route. |
   | `ROUTE_TABLE_NEAR_LIMIT` | Route table is near a limit. | Consolidate or remove routes. |
   | `ROUTES_NOT_ENABLED` | Routes are disabled for the project/environment. | Deploy without `routes` or request enablement; direct function invoke is not a browser-route substitute. |
   | `STATIC_ALIAS_SHADOWS_STATIC_PATH` / `STATIC_ALIAS_RELATIVE_ASSET_RISK` | Route-only static alias conflicts with a direct public static path or has relative-asset risk. | Inspect active routes, `static_public_paths`, and the backing `asset_path`; prefer `site.public_paths` for ordinary clean URLs and confirm only when intentional. |

package/dist/namespaces/deploy.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"deploy.d.ts","sourceRoot":"","sources":["../../src/namespaces/deploy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAiB3C,OAAO,KAAK,EACV,YAAY,EACZ,sBAAsB,EAKtB,WAAW,EACX,oBAAoB,EAEpB,iBAAiB,EACjB,kBAAkB,EAClB,eAAe,EACf,YAAY,EACZ,oBAAoB,EACpB,qBAAqB,EAWrB,iBAAiB,EAGjB,YAAY,EACZ,kBAAkB,EAClB,gBAAgB,EAChB,2BAA2B,EAC3B,uBAAuB,EACvB,WAAW,EACX,oBAAoB,EACpB,YAAY,EAEb,MAAM,mBAAmB,CAAC;AAgC3B,qBAAa,MAAM;IACL,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAE3C;;;;OAIG;IACG,KAAK,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,GAAE,YAAiB,GAAG,OAAO,CAAC,YAAY,CAAC;IA4C9E;;;OAGG;IACH,KAAK,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,GAAE,YAAiB,GAAG,OAAO,CAAC,eAAe,CAAC;IAI3E;;;;OAIG;IACG,IAAI,CACR,IAAI,EAAE,WAAW,EACjB,IAAI,GAAE;QAAE,cAAc,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,OAAO,CAAA;KAAO,GACvD,OAAO,CAAC;QAAE,IAAI,EAAE,YAAY,CAAC;QAAC,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAA;KAAE,CAAC;IAIxE;;;;;OAKG;IACG,MAAM,CACV,IAAI,EAAE,YAAY,EAClB,IAAI,EAAE;QACJ,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACrC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,WAAW,KAAK,IAAI,CAAC;KACxC,GACA,OAAO,CAAC,IAAI,CAAC;IAWhB;;;;;OAKG;IACG,MAAM,CACV,MAAM,EAAE,MAAM,EACd,IAAI,GAAE;QACJ,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,WAAW,KAAK,IAAI,CAAC;QACvC,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,OAAO,CAAC,EAAE,MAAM,CAAC;KACb,GACL,OAAO,CAAC,YAAY,CAAC;IAMxB;;;;;;;;;OASG;IACG,MAAM,CACV,WAAW,EAAE,MAAM,EACnB,IAAI,GAAE;QAAE,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,WAAW,KAAK,IAAI,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAO,GACtE,OAAO,CAAC,YAAY,CAAC;IAqBxB;;;;OAIG;IACG,MAAM,CACV,WAAW,EAAE,MAAM,EACnB,IAAI,GAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAO,GAC9B,OAAO,CAAC,iBAAiB,CAAC;IAmB7B;;;;;;OAMG;IACG,IAAI,CACR,IAAI,EAAE,MAAM,GAAG,iBAAiB,GAC/B,OAAO,CAAC,kBAAkB,CAAC;IA6B9B;;;;;;;;OAQG;IACG,MAAM,CACV,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,GACxB,OAAO,CAAC,oBAAoB,CAAC;IAmBhC;;;;OAIG;IACG,UAAU,CAAC,IAAI,EAAE,2BAA2B,GAAG,OAAO,CAAC,gBAAgB,CAAC;IA2B9E;;;;OAIG;IACG,gBAAgB,CACpB,IAAI,EAAE,uBAAuB,GAC5B,OAAO,CAAC,sBAAsB,CAAC;IAqBlC;;;;OAIG;IACG,IAAI,CAAC,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IA+BnE;;;;OAIG;IACG,OAAO,CAAC,IAAI,EAAE,oBAAoB,GAAG,OAAO,CAAC,qBAAqB,CAAC;CAW1E;AAizBD;;;;;GAKG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,OAAO,CAAC,UAAU,CAAC,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB"}
+{"version":3,"file":"deploy.d.ts","sourceRoot":"","sources":["../../src/namespaces/deploy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAiB3C,OAAO,KAAK,EACV,YAAY,EACZ,sBAAsB,EAKtB,WAAW,EACX,oBAAoB,EAEpB,iBAAiB,EACjB,kBAAkB,EAClB,eAAe,EACf,YAAY,EACZ,oBAAoB,EACpB,qBAAqB,EAWrB,iBAAiB,EAGjB,YAAY,EACZ,kBAAkB,EAClB,gBAAgB,EAChB,2BAA2B,EAC3B,uBAAuB,EACvB,WAAW,EACX,oBAAoB,EACpB,YAAY,EAEb,MAAM,mBAAmB,CAAC;AAiE3B,qBAAa,MAAM;IACL,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAE3C;;;;OAIG;IACG,KAAK,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,GAAE,YAAiB,GAAG,OAAO,CAAC,YAAY,CAAC;IA4C9E;;;OAGG;IACH,KAAK,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,GAAE,YAAiB,GAAG,OAAO,CAAC,eAAe,CAAC;IAI3E;;;;OAIG;IACG,IAAI,CACR,IAAI,EAAE,WAAW,EACjB,IAAI,GAAE;QAAE,cAAc,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,OAAO,CAAA;KAAO,GACvD,OAAO,CAAC;QAAE,IAAI,EAAE,YAAY,CAAC;QAAC,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAA;KAAE,CAAC;IAIxE;;;;;OAKG;IACG,MAAM,CACV,IAAI,EAAE,YAAY,EAClB,IAAI,EAAE;QACJ,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACrC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,WAAW,KAAK,IAAI,CAAC;KACxC,GACA,OAAO,CAAC,IAAI,CAAC;IAWhB;;;;;OAKG;IACG,MAAM,CACV,MAAM,EAAE,MAAM,EACd,IAAI,GAAE;QACJ,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,WAAW,KAAK,IAAI,CAAC;QACvC,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,OAAO,CAAC,EAAE,MAAM,CAAC;KACb,GACL,OAAO,CAAC,YAAY,CAAC;IAMxB;;;;;;;;;OASG;IACG,MAAM,CACV,WAAW,EAAE,MAAM,EACnB,IAAI,GAAE;QAAE,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,WAAW,KAAK,IAAI,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAO,GACtE,OAAO,CAAC,YAAY,CAAC;IAqBxB;;;;OAIG;IACG,MAAM,CACV,WAAW,EAAE,MAAM,EACnB,IAAI,GAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAO,GAC9B,OAAO,CAAC,iBAAiB,CAAC;IAmB7B;;;;;;OAMG;IACG,IAAI,CACR,IAAI,EAAE,MAAM,GAAG,iBAAiB,GAC/B,OAAO,CAAC,kBAAkB,CAAC;IA6B9B;;;;;;;;OAQG;IACG,MAAM,CACV,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,GACxB,OAAO,CAAC,oBAAoB,CAAC;IAmBhC;;;;OAIG;IACG,UAAU,CAAC,IAAI,EAAE,2BAA2B,GAAG,OAAO,CAAC,gBAAgB,CAAC;IA2B9E;;;;OAIG;IACG,gBAAgB,CACpB,IAAI,EAAE,uBAAuB,GAC5B,OAAO,CAAC,sBAAsB,CAAC;IAqBlC;;;;OAIG;IACG,IAAI,CAAC,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IA+BnE;;;;OAIG;IACG,OAAO,CAAC,IAAI,EAAE,oBAAoB,GAAG,OAAO,CAAC,qBAAqB,CAAC;CAW1E;AAyyCD;;;;;GAKG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,OAAO,CAAC,UAAU,CAAC,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB"}

package/dist/namespaces/deploy.js

@@ -37,6 +37,38 @@ const SECRET_KEY_RE = /^[A-Z_][A-Z0-9_]{0,127}$/;
 const APPLY_SAFE_RETRY_CODES = new Set([
     "BASE_RELEASE_CONFLICT",
 ]);
+const STATIC_ACTIVATION_FAILURE_CODES = new Set([
+    "BAD_FIELD",
+    "INVALID_SPEC",
+    "FUNCTION_ACTIVATE_FAILED",
+    "FUNCTION_CONFIG_INVALID",
+    "FUNCTION_TIMEOUT_EXCEEDS_TIER",
+    "FUNCTION_MEMORY_EXCEEDS_TIER",
+    "FUNCTION_SCHEDULE_EXCEEDS_TIER",
+    "FUNCTION_SCHEDULE_INTERVAL_TOO_SHORT",
+    "FUNCTION_SCHEDULE_LIMIT_EXCEEDED",
+    "TIER_LIMIT_EXCEEDED",
+]);
+const STATIC_FUNCTION_LIMITS_BY_TIER = {
+    prototype: {
+        maxTimeoutSeconds: 10,
+        maxMemoryMb: 128,
+        maxScheduledFunctions: 1,
+        minCronIntervalMinutes: 15,
+    },
+    hobby: {
+        maxTimeoutSeconds: 30,
+        maxMemoryMb: 256,
+        maxScheduledFunctions: 3,
+        minCronIntervalMinutes: 5,
+    },
+    team: {
+        maxTimeoutSeconds: 60,
+        maxMemoryMb: 512,
+        maxScheduledFunctions: 10,
+        minCronIntervalMinutes: 1,
+    },
+};
 const MANIFEST_CONTENT_TYPE = "application/vnd.run402.deploy-manifest+json";
 const TERMINAL_STATUSES = [
     "ready",
@@ -331,11 +363,12 @@ function requireNonEmptyStringQueryOption(value, label, context) {
 }
 // ─── Internal pipeline ───────────────────────────────────────────────────────
 async function applyOnce(client, spec, opts, emit) {
+    const allowWarningCodes = normalizeAllowWarningCodes(opts.allowWarningCodes);
     emit({ type: "plan.started" });
     const { plan, byteReaders } = await planInternal(client, spec, opts.idempotencyKey);
     emit({ type: "plan.diff", diff: plan.diff });
     emitPlanWarnings(plan, emit);
-    abortOnConfirmationWarnings(plan, opts);
+    abortOnConfirmationWarnings(plan, opts, allowWarningCodes);
     if (plan.payment_required) {
         emit({
             type: "payment.required",
@@ -420,6 +453,7 @@ async function planInternal(client, spec, idempotencyKey, dryRun = false) {
     if (ciCredentials)
         assertCiDeployableSpec(spec);
     const { normalized, byteReaders } = await normalizeReleaseSpec(client, spec);
+    await preflightTierFunctionLimits(client, normalized, ciCredentials);
     // The gateway expects { spec, manifest_ref?, idempotency_key? } with
     // ReleaseSpec.project (singular). For oversized specs the SDK uploads
     // the manifest JSON to CAS first and references it; the gateway still
@@ -474,6 +508,338 @@ async function planInternal(client, spec, idempotencyKey, dryRun = false) {
     }
     return { plan, byteReaders };
 }
+async function preflightTierFunctionLimits(client, spec, ciCredentials) {
+    if (ciCredentials)
+        return;
+    if (!hasFunctionTierPreflightInputs(spec.functions))
+        return;
+    const limits = await readTierFunctionLimits(client);
+    if (!limits)
+        return;
+    const entries = collectFunctionPreflightEntries(spec.functions);
+    for (const entry of entries) {
+        const timeout = entry.fn.config?.timeoutSeconds;
+        if (timeout !== undefined &&
+            limits.maxTimeoutSeconds &&
+            timeout > limits.maxTimeoutSeconds.value) {
+            throw tierLimitError(`Function ${entry.name} timeoutSeconds ${timeout} exceeds the ${limits.tier} tier maximum of ${limits.maxTimeoutSeconds.value}.`, `${entry.fieldPrefix}.config.timeoutSeconds`, timeout, limits, limits.maxTimeoutSeconds, {
+                tier_max: limits.maxTimeoutSeconds.value,
+                max_function_timeout_seconds: limits.maxTimeoutSeconds.value,
+            });
+        }
+        const memory = entry.fn.config?.memoryMb;
+        if (memory !== undefined &&
+            limits.maxMemoryMb &&
+            memory > limits.maxMemoryMb.value) {
+            throw tierLimitError(`Function ${entry.name} memoryMb ${memory} exceeds the ${limits.tier} tier maximum of ${limits.maxMemoryMb.value}.`, `${entry.fieldPrefix}.config.memoryMb`, memory, limits, limits.maxMemoryMb, {
+                tier_max: limits.maxMemoryMb.value,
+                max_function_memory_mb: limits.maxMemoryMb.value,
+            });
+        }
+        if (isScheduledCron(entry.fn.schedule) && limits.minCronIntervalMinutes) {
+            const intervalMinutes = estimateCronMinimumIntervalMinutes(entry.fn.schedule);
+            if (intervalMinutes !== null &&
+                intervalMinutes < limits.minCronIntervalMinutes.value) {
+                throw tierLimitError(`Function ${entry.name} schedule runs every ${intervalMinutes} minute(s), below the ${limits.tier} tier minimum interval of ${limits.minCronIntervalMinutes.value} minutes.`, `${entry.fieldPrefix}.schedule`, entry.fn.schedule, limits, limits.minCronIntervalMinutes, {
+                    interval_minutes: intervalMinutes,
+                    min_interval_minutes: limits.minCronIntervalMinutes.value,
+                    min_cron_interval_minutes: limits.minCronIntervalMinutes.value,
+                });
+            }
+        }
+    }
+    if (limits.maxScheduledFunctions) {
+        const lowerBound = countScheduledFunctionsInSetEntries(spec.functions);
+        if (lowerBound > limits.maxScheduledFunctions.value) {
+            throw scheduledCountTierLimitError(lowerBound, limits, limits.maxScheduledFunctions, "manifest");
+        }
+        const desired = await computeDesiredScheduledFunctionCount(client, spec);
+        if (desired && desired.count > limits.maxScheduledFunctions.value) {
+            throw scheduledCountTierLimitError(desired.count, limits, limits.maxScheduledFunctions, desired.source);
+        }
+    }
+}
+function hasFunctionTierPreflightInputs(functions) {
+    if (!functions)
+        return false;
+    return collectFunctionPreflightEntries(functions).some((entry) => (entry.fn.config?.timeoutSeconds !== undefined ||
+        entry.fn.config?.memoryMb !== undefined ||
+        isScheduledCron(entry.fn.schedule)));
+}
+function collectFunctionPreflightEntries(functions) {
+    if (!functions)
+        return [];
+    const entries = [];
+    for (const [name, fn] of Object.entries(functions.replace ?? {})) {
+        entries.push({ name, fn, fieldPrefix: `functions.${name}` });
+    }
+    for (const [name, fn] of Object.entries(functions.patch?.set ?? {})) {
+        entries.push({ name, fn, fieldPrefix: `functions.${name}` });
+    }
+    return entries;
+}
+async function readTierFunctionLimits(client) {
+    let status;
+    try {
+        status = await client.request("/tiers/v1/status", {
+            context: "checking tier status for deploy preflight",
+        });
+    }
+    catch {
+        return null;
+    }
+    if (typeof status.tier !== "string" || status.tier.length === 0) {
+        return null;
+    }
+    const tierKey = status.tier.toLowerCase();
+    const fallback = STATIC_FUNCTION_LIMITS_BY_TIER[tierKey];
+    const limits = { tier: status.tier };
+    limits.maxTimeoutSeconds = tierStatusLimitOrFallback(status, [
+        "max_function_timeout_seconds",
+        "max_timeout_seconds",
+        "timeout_seconds_max",
+        "function_timeout_seconds_max",
+    ], fallback?.maxTimeoutSeconds);
+    limits.maxMemoryMb = tierStatusLimitOrFallback(status, [
+        "max_function_memory_mb",
+        "max_memory_mb",
+        "memory_mb_max",
+        "function_memory_mb_max",
+    ], fallback?.maxMemoryMb);
+    limits.maxScheduledFunctions = tierStatusLimitOrFallback(status, [
+        "max_scheduled_functions",
+        "scheduled_functions_limit",
+        "scheduled_function_limit",
+        "max_function_schedules",
+    ], fallback?.maxScheduledFunctions);
+    limits.minCronIntervalMinutes = tierStatusLimitOrFallback(status, [
+        "min_cron_interval_minutes",
+        "minimum_cron_interval_minutes",
+        "min_schedule_interval_minutes",
+        "min_scheduled_function_interval_minutes",
+    ], fallback?.minCronIntervalMinutes);
+    limits.currentScheduledFunctions = tierStatusLimit(status, [
+        "current_scheduled_functions",
+        "current_scheduled_function_count",
+        "scheduled_function_count",
+        "scheduled_functions",
+    ]);
+    return hasAnyTierFunctionLimit(limits) ? limits : null;
+}
+function tierStatusLimitOrFallback(status, keys, fallback) {
+    return tierStatusLimit(status, keys) ?? (fallback === undefined
+        ? undefined
+        : { value: fallback, source: "local_static_fallback" });
+}
+function tierStatusLimit(status, keys) {
+    const limits = objectField(status, "limits");
+    const containers = [
+        objectField(status, "function_limits"),
+        objectField(limits, "functions"),
+        objectField(limits, "function_limits"),
+        objectField(status, "pool_usage"),
+        status,
+    ];
+    for (const container of containers) {
+        if (!container || typeof container !== "object" || Array.isArray(container))
+            continue;
+        const obj = container;
+        for (const key of keys) {
+            const value = obj[key];
+            if (typeof value === "number" && Number.isFinite(value) && value >= 0) {
+                return { value, source: "tier_status" };
+            }
+        }
+    }
+    return undefined;
+}
+function hasAnyTierFunctionLimit(limits) {
+    return Boolean(limits.maxTimeoutSeconds ||
+        limits.maxMemoryMb ||
+        limits.maxScheduledFunctions ||
+        limits.minCronIntervalMinutes ||
+        limits.currentScheduledFunctions);
+}
+async function computeDesiredScheduledFunctionCount(client, spec) {
+    const functions = spec.functions;
+    if (!functions)
+        return null;
+    const replaceScheduled = scheduledFunctionNames(functions.replace);
+    if (replaceScheduled) {
+        applyScheduledFunctionPatch(replaceScheduled, functions.patch);
+        return { count: replaceScheduled.size, source: "manifest" };
+    }
+    if (!functions.patch)
+        return null;
+    const activeScheduled = await readActiveScheduledFunctionNames(client, spec.project);
+    if (!activeScheduled)
+        return null;
+    applyScheduledFunctionPatch(activeScheduled, functions.patch);
+    return { count: activeScheduled.size, source: "active_release_inventory" };
+}
+function countScheduledFunctionsInSetEntries(functions) {
+    if (!functions)
+        return 0;
+    const names = new Set();
+    for (const [name, fn] of Object.entries(functions.replace ?? {})) {
+        if (isScheduledCron(fn.schedule))
+            names.add(name);
+    }
+    for (const [name, fn] of Object.entries(functions.patch?.set ?? {})) {
+        if (isScheduledCron(fn.schedule))
+            names.add(name);
+    }
+    return names.size;
+}
+function scheduledFunctionNames(functions) {
+    if (!functions)
+        return null;
+    const scheduled = new Set();
+    for (const [name, fn] of Object.entries(functions)) {
+        if (isScheduledCron(fn.schedule))
+            scheduled.add(name);
+    }
+    return scheduled;
+}
+function applyScheduledFunctionPatch(scheduled, patch) {
+    for (const name of patch?.delete ?? []) {
+        scheduled.delete(name);
+    }
+    for (const [name, fn] of Object.entries(patch?.set ?? {})) {
+        if (fn.schedule === null)
+            scheduled.delete(name);
+        else if (isScheduledCron(fn.schedule))
+            scheduled.add(name);
+    }
+}
+async function readActiveScheduledFunctionNames(client, projectId) {
+    let inventory;
+    try {
+        inventory = await client.request(appendQuery("/deploy/v2/releases/active", { site_limit: 1 }), {
+            headers: await apikeyHeaders(client, projectId),
+            context: "fetching active release inventory for deploy preflight",
+        });
+    }
+    catch {
+        return null;
+    }
+    const scheduled = new Set();
+    for (const fn of inventory.functions ?? []) {
+        if (isScheduledCron(fn.schedule))
+            scheduled.add(fn.name);
+    }
+    return scheduled;
+}
+function scheduledCountTierLimitError(count, limits, limit, countSource) {
+    return tierLimitError(`Deploy would have ${count} scheduled function(s), exceeding the ${limits.tier} tier maximum of ${limit.value}.`, "functions.scheduled_count", count, limits, limit, {
+        tier_max: limit.value,
+        max_scheduled_functions: limit.value,
+        count_source: countSource,
+    });
+}
+function tierLimitError(message, field, value, limits, limit, extraDetails) {
+    const hint = limit.source === "local_static_fallback"
+        ? "Tier limits came from the SDK's static fallback because /tiers/v1/status did not expose function caps. Run `run402 tier status` to refresh, lower the function setting, upgrade the tier, or retry and let gateway validation decide if this seems stale."
+        : "Lower the function setting or upgrade the tier before deploying.";
+    const details = {
+        field,
+        value,
+        tier: limits.tier,
+        limit_source: limit.source,
+        ...extraDetails,
+    };
+    const body = {
+        code: "BAD_FIELD",
+        category: "deploy",
+        message,
+        retryable: false,
+        details,
+        hint,
+    };
+    return new Run402DeployError(message, {
+        code: "BAD_FIELD",
+        phase: "validate",
+        resource: field,
+        retryable: false,
+        body,
+        context: "validating deploy tier limits",
+    });
+}
+function isScheduledCron(value) {
+    return typeof value === "string" && value.trim().length > 0;
+}
+function estimateCronMinimumIntervalMinutes(expression) {
+    const parts = expression.trim().split(/\s+/);
+    if (parts.length !== 5)
+        return null;
+    const minutes = expandCronNumberField(parts[0], 0, 59);
+    const hours = expandCronNumberField(parts[1], 0, 23);
+    if (!minutes || !hours || minutes.length === 0 || hours.length === 0)
+        return null;
+    const occurrences = [];
+    for (const hour of hours) {
+        for (const minute of minutes) {
+            occurrences.push(hour * 60 + minute);
+        }
+    }
+    occurrences.sort((a, b) => a - b);
+    if (occurrences.length <= 1)
+        return 24 * 60;
+    let minGap = Number.POSITIVE_INFINITY;
+    for (let i = 1; i < occurrences.length; i += 1) {
+        minGap = Math.min(minGap, occurrences[i] - occurrences[i - 1]);
+    }
+    minGap = Math.min(minGap, 24 * 60 - occurrences[occurrences.length - 1] + occurrences[0]);
+    return Number.isFinite(minGap) ? minGap : null;
+}
+function expandCronNumberField(field, min, max) {
+    const values = new Set();
+    for (const part of field.split(",")) {
+        const expanded = expandCronNumberPart(part.trim(), min, max);
+        if (!expanded)
+            return null;
+        for (const value of expanded)
+            values.add(value);
+    }
+    return [...values].sort((a, b) => a - b);
+}
+function expandCronNumberPart(part, min, max) {
+    if (!part)
+        return null;
+    const [rangePart, stepPart] = part.split("/");
+    if (part.split("/").length > 2)
+        return null;
+    const step = stepPart === undefined ? 1 : Number(stepPart);
+    if (!Number.isSafeInteger(step) || step < 1)
+        return null;
+    let start;
+    let end;
+    if (rangePart === "*") {
+        start = min;
+        end = max;
+    }
+    else if (rangePart?.includes("-")) {
+        const [rawStart, rawEnd] = rangePart.split("-");
+        start = Number(rawStart);
+        end = Number(rawEnd);
+    }
+    else {
+        start = Number(rangePart);
+        end = stepPart === undefined ? start : max;
+    }
+    if (!Number.isSafeInteger(start) ||
+        !Number.isSafeInteger(end) ||
+        start < min ||
+        end > max ||
+        start > end) {
+        return null;
+    }
+    const values = [];
+    for (let value = start; value <= end; value += step) {
+        values.push(value);
+    }
+    return values;
+}
 async function commitInternal(client, planId, idempotencyKey) {
     try {
         return await client.request(`/deploy/v2/plans/${encodeURIComponent(planId)}/commit`, {
@@ -781,6 +1147,11 @@ async function pollSnapshotUntilReady(client, initial, diff, warnings, emit, pro
             closePreviousPhase(undefined, "failed");
             throw translateGatewayError(snapshot.error, snapshot.status, snapshot.plan_id, snapshot.operation_id);
         }
+        if (snapshot.status === "activation_pending" &&
+            isTerminalStaticActivationError(snapshot.error)) {
+            closePreviousPhase(undefined, "failed");
+            throw translateGatewayError(snapshot.error, "activate", snapshot.plan_id, snapshot.operation_id);
+        }
         if (Date.now() - start > COMMIT_POLL_TIMEOUT_MS) {
             throw new Run402DeployError(`Timed out waiting for operation ${snapshot.operation_id} to reach ready`, {
                 code: "INTERNAL_ERROR",
@@ -798,8 +1169,18 @@ async function pollSnapshotUntilReady(client, initial, diff, warnings, emit, pro
         snapshot = await client.request(`/deploy/v2/operations/${encodeURIComponent(snapshot.operation_id)}`, { headers: opHeaders, context: "polling deploy operation" });
     }
 }
+function isTerminalStaticActivationError(error) {
+    if (!error?.code)
+        return false;
+    if (error.retryable === false)
+        return true;
+    if (error.safe_to_retry === false)
+        return true;
+    return STATIC_ACTIVATION_FAILURE_CODES.has(error.code.toUpperCase());
+}
 // ─── start() implementation ──────────────────────────────────────────────────
 async function startInternal(client, spec, opts) {
+    const allowWarningCodes = normalizeAllowWarningCodes(opts.allowWarningCodes);
     const buffered = [];
     const subscribers = [];
     const emit = (event) => {
@@ -825,7 +1206,7 @@ async function startInternal(client, spec, opts) {
     const { plan, byteReaders } = await planInternal(client, spec, opts.idempotencyKey);
     emit({ type: "plan.diff", diff: plan.diff });
     emitPlanWarnings(plan, emit);
-    abortOnConfirmationWarnings(plan, opts);
+    abortOnConfirmationWarnings(plan, opts, allowWarningCodes);
     if (plan.payment_required) {
         emit({
             type: "payment.required",
@@ -937,6 +1318,7 @@ async function startInternal(client, spec, opts) {
     };
 }
 const RELEASE_SPEC_FIELDS = new Set([
+    "$schema",
     "project",
     "base",
     "database",
@@ -976,7 +1358,7 @@ const SITE_PUBLIC_PATHS_FIELDS = new Set(["mode", "replace"]);
 const PUBLIC_STATIC_PATH_FIELDS = new Set(["asset", "cache_class"]);
 const SUBDOMAINS_SPEC_FIELDS = new Set(["set", "add", "remove"]);
 const ROUTES_SPEC_FIELDS = new Set(["replace"]);
-const ROUTE_ENTRY_FIELDS = new Set(["pattern", "methods", "target"]);
+const ROUTE_ENTRY_FIELDS = new Set(["pattern", "methods", "target", "acknowledge_readonly"]);
 const FUNCTION_ROUTE_TARGET_FIELDS = new Set(["type", "name"]);
 const STATIC_ROUTE_TARGET_FIELDS = new Set(["type", "file"]);
 const ROUTE_METHOD_SET = new Set(ROUTE_HTTP_METHODS);
@@ -1223,10 +1605,24 @@ function validateRouteEntry(route, resource) {
         }
     }
     const targetType = validateRouteTarget(entry.target, `${resource}.target`);
+    validateRouteReadOnlyAcknowledgement(entry, targetType, resource);
     if (targetType === "static") {
         validateStaticRouteEntry(entry, resource);
     }
 }
+function validateRouteReadOnlyAcknowledgement(entry, targetType, resource) {
+    if (entry.acknowledge_readonly === undefined)
+        return;
+    if (entry.acknowledge_readonly !== true) {
+        throw invalidRouteSpec(`ReleaseSpec.${resource}.acknowledge_readonly must be true when present`, `${resource}.acknowledge_readonly`);
+    }
+    if (targetType !== "function" ||
+        typeof entry.pattern !== "string" ||
+        !isFinalWildcardRoutePattern(entry.pattern) ||
+        !isReadOnlyRouteMethods(entry.methods)) {
+        throw invalidRouteSpec(`ReleaseSpec.${resource}.acknowledge_readonly applies only to GET/HEAD final-wildcard function routes`, `${resource}.acknowledge_readonly`);
+    }
+}
 function validateRouteTarget(target, resource) {
     const obj = requireObject(target, resource);
     if ((hasOwn(obj, "function") || hasOwn(obj, "static")) && !hasOwn(obj, "type")) {
@@ -1482,13 +1878,13 @@ function clientRoutePlanWarnings(spec) {
         .filter((route) => {
         if (route.target.type !== "function")
             return false;
-        if (!route.pattern.endsWith("/*"))
+        if (!isFinalWildcardRoutePattern(route.pattern))
             return false;
         if (!route.methods)
             return false;
-        const methods = new Set(route.methods);
-        return (methods.size > 0 &&
-            [...methods].every((method) => method === "GET" || method === "HEAD"));
+        if (route.acknowledge_readonly === true)
+            return false;
+        return isReadOnlyRouteMethods(route.methods);
     })
         .map((route) => route.pattern)
         .sort();
@@ -1509,21 +1905,65 @@ function clientRoutePlanWarnings(spec) {
         },
     ];
 }
-function abortOnConfirmationWarnings(plan, opts) {
+function isFinalWildcardRoutePattern(pattern) {
+    return pattern.endsWith("/*");
+}
+function isReadOnlyRouteMethods(methods) {
+    if (!Array.isArray(methods) || methods.length === 0)
+        return false;
+    return methods.every((method) => method === "GET" || method === "HEAD");
+}
+function normalizeAllowWarningCodes(value) {
+    if (value === undefined)
+        return new Set();
+    if (!Array.isArray(value)) {
+        throw new Run402DeployError("ApplyOptions.allowWarningCodes must be an array of warning-code strings", {
+            code: "INVALID_SPEC",
+            phase: "validate",
+            resource: "allowWarningCodes",
+            retryable: false,
+            context: "validating deploy warning options",
+        });
+    }
+    const codes = new Set();
+    for (const code of value) {
+        if (typeof code !== "string" || code.length === 0) {
+            throw new Run402DeployError("ApplyOptions.allowWarningCodes entries must be non-empty strings", {
+                code: "INVALID_SPEC",
+                phase: "validate",
+                resource: "allowWarningCodes",
+                retryable: false,
+                context: "validating deploy warning options",
+            });
+        }
+        codes.add(code);
+    }
+    return codes;
+}
+function abortOnConfirmationWarnings(plan, opts, allowWarningCodes) {
     if (opts.allowWarnings)
         return;
     const blocking = plan.warnings.filter((w) => w.requires_confirmation || w.code === "MISSING_REQUIRED_SECRET");
     if (blocking.length === 0)
         return;
-    const missing = blocking.find((w) => w.code === "MISSING_REQUIRED_SECRET");
-    const first = missing ?? blocking[0];
-    throw new Run402DeployError(`Deploy plan returned warning ${first.code} that requires confirmation; resolve it or retry with allowWarnings after explicit review.`, {
+    const unacknowledged = blocking.filter((w) => !allowWarningCodes.has(w.code));
+    if (unacknowledged.length === 0)
+        return;
+    const missing = unacknowledged.find((w) => w.code === "MISSING_REQUIRED_SECRET");
+    const first = missing ?? unacknowledged[0];
+    const unacknowledgedCodes = Array.from(new Set(unacknowledged.map((w) => w.code))).sort();
+    throw new Run402DeployError(`Deploy plan returned unacknowledged warning ${first.code}; resolve it, retry with allowWarningCodes for reviewed warning codes, or retry with allowWarnings after explicit review.`, {
         code: first.code || "DEPLOY_WARNING_REQUIRES_CONFIRMATION",
         phase: "plan",
         resource: "warnings",
         retryable: false,
         fix: { action: "review_warnings", path: "warnings" },
-        body: { warnings: blocking },
+        body: {
+            warnings: blocking,
+            unacknowledged_warnings: unacknowledged,
+            unacknowledged_warning_codes: unacknowledgedCodes,
+            allowed_warning_codes: Array.from(allowWarningCodes).sort(),
+        },
         context: "planning deploy",
     });
 }