@runa-ai/runa-cli 0.10.0 → 0.10.1

package/dist/{dev-LGSMDFJN.js → dev-QR55VDNZ.js}

@@ -2,7 +2,7 @@
 import { createRequire } from 'module';
 import { startAppBackground, waitForAppReady, detectApp } from './chunk-EXR4J2JT.js';
 import { writeEnvLocalBridge } from './chunk-KUH3G522.js';
-import { generateTablesManifest } from './chunk-URWDB7YL.js';
+import { generateTablesManifest } from './chunk-O3M7A73M.js';
 import './chunk-A6A7JIRD.js';
 import { manifestActor, supabaseStartActor, envCheckActor, depsInstallActor, detectManifestTask, detectDatabase } from './chunk-MAFJAA2P.js';
 import { findRepoRoot } from './chunk-3WDV32GA.js';

package/dist/{error-handler-YRQWRDEF.js → error-handler-XUQOP4TU.js}

@@ -1,7 +1,6 @@
 #!/usr/bin/env node
 import { createRequire } from 'module';
-import './chunk-ZZOXM6Q4.js';
-import { ERROR_CATALOG } from './chunk-JQXOVCOP.js';
+import { ERROR_CATALOG } from './chunk-NIS77243.js';
 import { ErrorEnvelopeSchema, CLI_CONTRACT_VERSION, writeJsonEnvelope } from './chunk-WJXC4MVY.js';
 import { getOutputFormatFromEnv } from './chunk-HKUWEGUX.js';
 import { init_esm_shims } from './chunk-VRXHCR5K.js';

package/dist/{hotfix-RJIAPLAM.js → hotfix-JYHDY2M6.js}

@@ -1,7 +1,6 @@
 #!/usr/bin/env node
 import { createRequire } from 'module';
-import './chunk-ZZOXM6Q4.js';
-import { createError } from './chunk-JQXOVCOP.js';
+import { createError } from './chunk-NIS77243.js';
 import { tryResolveDatabaseUrl } from './chunk-WGRVAGSR.js';
 import './chunk-UHDAYPHH.js';
 import { loadEnvFiles } from './chunk-IWVXI5O4.js';

package/dist/index.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import { createRequire } from 'module';
 import { getRequestedCommandNameFromArgv } from './chunk-UWWSAPDR.js';
-import { CLI_VERSION } from './chunk-OXQISY3J.js';
+import { CLI_VERSION } from './chunk-ZPE52NEK.js';
 import { init_esm_shims } from './chunk-VRXHCR5K.js';
 import { realpathSync } from 'fs';
 import { fileURLToPath } from 'url';
@@ -36,7 +36,7 @@ async function getProgram(options) {
   };
   const nextKey = getProgramCacheKey(resolvedOptions);
   if (!programInstance || programCacheKey !== nextKey) {
-    const { createProgram } = await import('./cli-THEA6T7N.js');
+    const { createProgram } = await import('./cli-RES5QRC2.js');
     programInstance = await createProgram(resolvedOptions);
     programCacheKey = nextKey;
   }
@@ -60,7 +60,7 @@ async function runCliFromProcessArgv() {
     return;
   }
   const { setupSignalHandlers } = await import('./signal-handler-DO3OANW5.js');
-  const { executeProgram } = await import('./cli-THEA6T7N.js');
+  const { executeProgram } = await import('./cli-RES5QRC2.js');
   setupSignalHandlers();
   const options = getProgramLoadOptions(argv);
   const program = await getProgram(options);
@@ -68,7 +68,7 @@ async function runCliFromProcessArgv() {
 }
 if (isDirectlyExecuted()) {
   runCliFromProcessArgv().catch(async (error) => {
-    const { handleCLIError } = await import('./error-handler-YRQWRDEF.js');
+    const { handleCLIError } = await import('./error-handler-XUQOP4TU.js');
     handleCLIError(error);
   });
 }

package/dist/{init-2O6ODG5Z.js → init-4UAWYY75.js}

@@ -2,7 +2,7 @@
 import { createRequire } from 'module';
 import { diagnoseInitFailure } from './chunk-AAIE4F2U.js';
 import { getVercelRootDirectory } from './chunk-MXRWBNIY.js';
-import { fetchTemplates } from './chunk-IEKYTCYA.js';
+import { fetchTemplates } from './chunk-YTQS2O4H.js';
 import { syncRunaConfigWithVercel } from './chunk-6AALH2ED.js';
 import './chunk-B7C7CLW2.js';
 import './chunk-RZLYEO4U.js';

package/dist/{license-OB7GVJQ2.js → license-M6ODBV4X.js}

@@ -1,8 +1,6 @@
 #!/usr/bin/env node
 import { createRequire } from 'module';
-import { createError } from './chunk-JQXOVCOP.js';
 import { init_esm_shims } from './chunk-VRXHCR5K.js';
-import { createCLILogger as createCLILogger$1 } from '@runa-ai/runa/cli-runtime';
 import { createCLILogger, CLIError } from '@runa-ai/runa';
 import { execa } from 'execa';
 
@@ -11,6 +9,140 @@ createRequire(import.meta.url);
 // src/utils/license/index.ts
 init_esm_shims();
 
+// src/utils/license/ci-detector.ts
+init_esm_shims();
+var CI_PROVIDERS = {
+  // GitHub Actions
+  GITHUB_ACTIONS: "github-actions",
+  // GitLab CI
+  GITLAB_CI: "gitlab-ci",
+  // CircleCI
+  CIRCLECI: "circleci",
+  // Jenkins
+  JENKINS_URL: "jenkins",
+  // Travis CI
+  TRAVIS: "travis-ci",
+  // Bitbucket Pipelines
+  BITBUCKET_BUILD_NUMBER: "bitbucket-pipelines",
+  // Azure Pipelines
+  TF_BUILD: "azure-pipelines",
+  // AWS CodeBuild
+  CODEBUILD_BUILD_ID: "aws-codebuild",
+  // Google Cloud Build
+  CLOUD_BUILD_PROJECT: "google-cloud-build",
+  // Vercel
+  VERCEL: "vercel",
+  // Netlify
+  NETLIFY: "netlify"
+};
+function isCI() {
+  if (process.env.CI === "true" || process.env.CI === "1") {
+    return true;
+  }
+  for (const envVar of Object.keys(CI_PROVIDERS)) {
+    if (process.env[envVar]) {
+      return true;
+    }
+  }
+  return false;
+}
+function detectCIProvider() {
+  for (const [envVar, provider] of Object.entries(CI_PROVIDERS)) {
+    if (process.env[envVar]) {
+      return provider;
+    }
+  }
+  if (process.env.CI === "true" || process.env.CI === "1") {
+    return "generic-ci";
+  }
+  return void 0;
+}
+function detectCI() {
+  const provider = detectCIProvider();
+  return {
+    isCI: provider !== void 0,
+    provider
+  };
+}
+
+// src/utils/license/owner-resolver.ts
+init_esm_shims();
+function parseGitRemoteUrl(url) {
+  const sshMatch = url.match(/git@github\.com:([^/]+)\/([^/]+?)(?:\.git)?$/);
+  if (sshMatch?.[1] && sshMatch[2]) {
+    return { owner: sshMatch[1], repo: sshMatch[2] };
+  }
+  const httpsMatch = url.match(/https?:\/\/github\.com\/([^/]+)\/([^/]+?)(?:\.git)?$/);
+  if (httpsMatch?.[1] && httpsMatch[2]) {
+    return { owner: httpsMatch[1], repo: httpsMatch[2] };
+  }
+  const gitlabSshMatch = url.match(/git@gitlab\.com:([^/]+)\/([^/]+?)(?:\.git)?$/);
+  if (gitlabSshMatch?.[1] && gitlabSshMatch[2]) {
+    return { owner: gitlabSshMatch[1], repo: gitlabSshMatch[2] };
+  }
+  const gitlabHttpsMatch = url.match(/https?:\/\/gitlab\.com\/([^/]+)\/([^/]+?)(?:\.git)?$/);
+  if (gitlabHttpsMatch?.[1] && gitlabHttpsMatch[2]) {
+    return { owner: gitlabHttpsMatch[1], repo: gitlabHttpsMatch[2] };
+  }
+  return null;
+}
+function resolveFromGitHubActions() {
+  const githubRepo = process.env.GITHUB_REPOSITORY;
+  if (!githubRepo) return null;
+  if (process.env.GITHUB_ACTIONS !== "true") {
+    return null;
+  }
+  const [owner, repo] = githubRepo.split("/");
+  if (!owner) return null;
+  return { owner, repo, source: "github-env" };
+}
+function resolveFromGitLabCI() {
+  const projectPath = process.env.CI_PROJECT_PATH;
+  if (!projectPath) return null;
+  if (process.env.GITLAB_CI !== "true") {
+    return null;
+  }
+  const [owner, ...repoParts] = projectPath.split("/");
+  if (!owner) return null;
+  return {
+    owner,
+    repo: repoParts.join("/") || void 0,
+    source: "gitlab-env"
+  };
+}
+function resolveFromCircleCI() {
+  const owner = process.env.CIRCLE_PROJECT_USERNAME;
+  const repo = process.env.CIRCLE_PROJECT_REPONAME;
+  if (!owner) return null;
+  if (process.env.CIRCLECI !== "true") {
+    return null;
+  }
+  return { owner, repo: repo || void 0, source: "circleci-env" };
+}
+async function resolveFromGitRemote() {
+  try {
+    const { stdout } = await execa("git", ["remote", "get-url", "origin"], {
+      timeout: 5e3
+    });
+    const result = parseGitRemoteUrl(stdout.trim());
+    if (!result) return null;
+    return { owner: result.owner, repo: result.repo, source: "git-remote" };
+  } catch {
+    return null;
+  }
+}
+async function resolveGitHubOwner() {
+  const gitRemoteResult = await resolveFromGitRemote();
+  if (gitRemoteResult) return gitRemoteResult;
+  const githubResult = resolveFromGitHubActions();
+  if (githubResult) return githubResult;
+  const gitlabResult = resolveFromGitLabCI();
+  if (gitlabResult) return gitlabResult;
+  const circleciResult = resolveFromCircleCI();
+  if (circleciResult) return circleciResult;
+  return null;
+}
+
 // src/utils/license/allowlist-checker.ts
 init_esm_shims();
 var DEFAULT_ALLOWLIST_API_URL = "https://api.runa.dev/api/license/check";
@@ -151,140 +283,6 @@ function getAllowlistCacheStats() {
   };
 }
 
-// src/utils/license/ci-detector.ts
-init_esm_shims();
-var CI_PROVIDERS = {
-  // GitHub Actions
-  GITHUB_ACTIONS: "github-actions",
-  // GitLab CI
-  GITLAB_CI: "gitlab-ci",
-  // CircleCI
-  CIRCLECI: "circleci",
-  // Jenkins
-  JENKINS_URL: "jenkins",
-  // Travis CI
-  TRAVIS: "travis-ci",
-  // Bitbucket Pipelines
-  BITBUCKET_BUILD_NUMBER: "bitbucket-pipelines",
-  // Azure Pipelines
-  TF_BUILD: "azure-pipelines",
-  // AWS CodeBuild
-  CODEBUILD_BUILD_ID: "aws-codebuild",
-  // Google Cloud Build
-  CLOUD_BUILD_PROJECT: "google-cloud-build",
-  // Vercel
-  VERCEL: "vercel",
-  // Netlify
-  NETLIFY: "netlify"
-};
-function isCI() {
-  if (process.env.CI === "true" || process.env.CI === "1") {
-    return true;
-  }
-  for (const envVar of Object.keys(CI_PROVIDERS)) {
-    if (process.env[envVar]) {
-      return true;
-    }
-  }
-  return false;
-}
-function detectCIProvider() {
-  for (const [envVar, provider] of Object.entries(CI_PROVIDERS)) {
-    if (process.env[envVar]) {
-      return provider;
-    }
-  }
-  if (process.env.CI === "true" || process.env.CI === "1") {
-    return "generic-ci";
-  }
-  return void 0;
-}
-function detectCI() {
-  const provider = detectCIProvider();
-  return {
-    isCI: provider !== void 0,
-    provider
-  };
-}
-
-// src/utils/license/owner-resolver.ts
-init_esm_shims();
-function parseGitRemoteUrl(url) {
-  const sshMatch = url.match(/git@github\.com:([^/]+)\/([^/]+?)(?:\.git)?$/);
-  if (sshMatch?.[1] && sshMatch[2]) {
-    return { owner: sshMatch[1], repo: sshMatch[2] };
-  }
-  const httpsMatch = url.match(/https?:\/\/github\.com\/([^/]+)\/([^/]+?)(?:\.git)?$/);
-  if (httpsMatch?.[1] && httpsMatch[2]) {
-    return { owner: httpsMatch[1], repo: httpsMatch[2] };
-  }
-  const gitlabSshMatch = url.match(/git@gitlab\.com:([^/]+)\/([^/]+?)(?:\.git)?$/);
-  if (gitlabSshMatch?.[1] && gitlabSshMatch[2]) {
-    return { owner: gitlabSshMatch[1], repo: gitlabSshMatch[2] };
-  }
-  const gitlabHttpsMatch = url.match(/https?:\/\/gitlab\.com\/([^/]+)\/([^/]+?)(?:\.git)?$/);
-  if (gitlabHttpsMatch?.[1] && gitlabHttpsMatch[2]) {
-    return { owner: gitlabHttpsMatch[1], repo: gitlabHttpsMatch[2] };
-  }
-  return null;
-}
-function resolveFromGitHubActions() {
-  const githubRepo = process.env.GITHUB_REPOSITORY;
-  if (!githubRepo) return null;
-  if (process.env.GITHUB_ACTIONS !== "true") {
-    return null;
-  }
-  const [owner, repo] = githubRepo.split("/");
-  if (!owner) return null;
-  return { owner, repo, source: "github-env" };
-}
-function resolveFromGitLabCI() {
-  const projectPath = process.env.CI_PROJECT_PATH;
-  if (!projectPath) return null;
-  if (process.env.GITLAB_CI !== "true") {
-    return null;
-  }
-  const [owner, ...repoParts] = projectPath.split("/");
-  if (!owner) return null;
-  return {
-    owner,
-    repo: repoParts.join("/") || void 0,
-    source: "gitlab-env"
-  };
-}
-function resolveFromCircleCI() {
-  const owner = process.env.CIRCLE_PROJECT_USERNAME;
-  const repo = process.env.CIRCLE_PROJECT_REPONAME;
-  if (!owner) return null;
-  if (process.env.CIRCLECI !== "true") {
-    return null;
-  }
-  return { owner, repo: repo || void 0, source: "circleci-env" };
-}
-async function resolveFromGitRemote() {
-  try {
-    const { stdout } = await execa("git", ["remote", "get-url", "origin"], {
-      timeout: 5e3
-    });
-    const result = parseGitRemoteUrl(stdout.trim());
-    if (!result) return null;
-    return { owner: result.owner, repo: result.repo, source: "git-remote" };
-  } catch {
-    return null;
-  }
-}
-async function resolveGitHubOwner() {
-  const gitRemoteResult = await resolveFromGitRemote();
-  if (gitRemoteResult) return gitRemoteResult;
-  const githubResult = resolveFromGitHubActions();
-  if (githubResult) return githubResult;
-  const gitlabResult = resolveFromGitLabCI();
-  if (gitlabResult) return gitlabResult;
-  const circleciResult = resolveFromCircleCI();
-  if (circleciResult) return circleciResult;
-  return null;
-}
-
 // src/utils/license/validate-owner.ts
 init_esm_shims();
 var GITHUB_OWNER_PATTERN = /^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?$/;
@@ -422,7 +420,7 @@ function clearAdminAuthCache() {
 
 // src/utils/license/index.ts
 var TRUSTED_ORG = "r06-dev";
-var logger2 = createCLILogger$1("license");
+var logger2 = createCLILogger("license");
 function isTrustedOrg(owner) {
   return owner.toLowerCase() === TRUSTED_ORG.toLowerCase();
 }
@@ -439,30 +437,18 @@ async function checkLicense() {
   }
   const result = await resolveGitHubOwner();
   if (!result?.owner) {
-    logger2.warn("[license] Could not determine repository owner, denying access");
-    return { allowed: false, reason: "owner-resolution-failed" };
+    logger2.debug("[license] Could not determine repository owner; allowing CI execution");
+    return { allowed: true, reason: "ci-allowed" };
   }
   const owner = result.owner;
   if (isTrustedOrg(owner)) {
     return { allowed: true, reason: "trusted-org", owner };
   }
-  logger2.debug(`[license] External org detected: ${owner}`);
-  try {
-    const isAllowed = await checkAllowlist(owner);
-    if (isAllowed) {
-      return { allowed: true, reason: "allowlist", owner };
-    }
-    return { allowed: false, reason: "not-found", owner };
-  } catch (error) {
-    logger2.debug(`[license] Allowlist check failed with no fallback: ${error}`);
-    return { allowed: false, reason: "error", owner };
-  }
+  logger2.debug(`[license] External org detected: ${owner}; allowing CI execution`);
+  return { allowed: true, reason: "ci-allowed", owner };
 }
 async function enforceLicenseInCI() {
-  const result = await checkLicense();
-  if (!result.allowed) {
-    throw createError("LICENSE_UNAUTHORIZED", { owner: result.owner ?? "unknown" });
-  }
+  await checkLicense();
 }
 
 export { checkAllowlist, checkLicense, clearAdminAuthCache, clearAllowlistCache, detectCI, detectCIProvider, enforceLicenseInCI, getAllowlistCacheStats, getGitHubUserEmail, isCI, isValidOwner, resolveGitHubOwner, validateOwner, verifyAdminAuth };

package/dist/pg-schema-diff-helpers-JZO4GAQG.js

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+import { createRequire } from 'module';
+export { PG_SCHEMA_DIFF_APPLY_TIMEOUT_MS, buildIdleConnectionCleanupSql, detectDropTableStatements, detectExtensionFilePath, detectMissingExtensionType, detectMissingQualifiedFunction, detectPartitionPrivilegeError, executePgSchemaDiffPlan, formatDeclarativeDependencyBoundaryHint, formatExtensionErrorHint, formatPartitionPrivilegeHint, freeConnectionSlotsForPgSchemaDiff, startConnectionCleanupDaemon, stopConnectionCleanupDaemon, verifyDatabaseConnection, verifyPgSchemaDiffBinary } from './chunk-HWR5NUUZ.js';
+import './chunk-A6A7JIRD.js';
+import './chunk-VRXHCR5K.js';
+
+createRequire(import.meta.url);

package/dist/{upgrade-QZKEI3NJ.js → upgrade-LBO3Z3J7.js}

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 import { createRequire } from 'module';
-import { fetchTemplates } from './chunk-IEKYTCYA.js';
+import { fetchTemplates } from './chunk-YTQS2O4H.js';
 import { updateRunaConfigSdkVersion } from './chunk-6AALH2ED.js';
 import './chunk-B7C7CLW2.js';
 import './chunk-RZLYEO4U.js';

package/dist/utils/license/index.d.ts

@@ -1,45 +1,36 @@
 /**
  * AI HINT: License Enforcement Module
  *
- * Purpose: CI access control for runa CLI
- * Pattern: Allowlist model with trusted org (r06-dev) always allowed
+ * Purpose: CI compatibility guard for runa CLI
+ * Pattern: Public CLI/SDK/plugin commands are allowed in CI for any owner
  *
  * Design decisions:
- * - r06-dev: Instant allow, NO API call, NO log (zero-impact)
- * - External org: API check via allowlist with last-known-good fallback
- * - Fail-closed strategy (Issue #542):
- *   - Owner resolution failure: Deny access (prevents bypass via manipulation)
- *   - API available: Use live response
- *   - API error + cached: Use last-known-good (24h window)
- *   - API error + no cache: Deny access (new orgs blocked during outage)
- * - Escape hatch: RUNA_SKIP_LICENSE_CHECK=1 bypasses all checks (local only)
+ * - r06-dev: Instant allow, NO extra checks, NO log (zero-impact)
+ * - External org: Also allowed for normal CLI usage in CI
+ * - Owner resolution failures: Do not block CI execution
+ * - Escape hatch: RUNA_SKIP_LICENSE_CHECK=1 still bypasses checks in local dev
  *
- * Security model:
- * - Fail-closed: Any resolution/validation error denies access
- * - Known orgs protected during outages (last-known-good)
- * - Unknown orgs cannot bypass by causing errors (fail closed)
+ * Template access is intentionally NOT handled here.
+ * `runa init` / `runa upgrade` remain restricted by private GitHub Packages auth.
  */
 import type { LicenseCheckResult } from './types.js';
 /**
- * Perform license check and return result
+ * Perform CI compatibility check and return result
  *
- * @internal Used by enforceLicenseInCI()
+ * This no longer blocks external organizations. The result is retained so callers
+ * can inspect whether the run happened in local dev, trusted org CI, or general CI.
  */
 export declare function checkLicense(): Promise<LicenseCheckResult>;
 /**
- * Enforce license check in CI environments
+ * Enforce CI compatibility check in CI environments
  *
- * Call this at CLI startup to enforce access control.
+ * Call this at CLI startup so the runtime behavior stays centralized.
  *
  * Behavior:
  * - Local dev: Skip silently
  * - r06-dev: Skip silently (no API, no log)
- * - External org in allowlist: Allow (with 4h cache)
- * - External org NOT in allowlist: Throw CLIError
- * - API error + last-known-good: Use cached result (24h window)
- * - API error + no cache: Block (fail closed for unknown orgs)
- *
- * @throws CLIError when access is denied
+ * - External org: Allow for normal CLI usage in CI
+ * - Template commands still rely on private package auth in their own code paths
  */
 export declare function enforceLicenseInCI(): Promise<void>;
 export type { LicenseCheckResult, OwnerResolutionResult, CIDetectionResult } from './types.js';

package/dist/utils/license/types.d.ts

@@ -1,8 +1,8 @@
 /**
  * AI HINT: License Check Type Definitions
  *
- * Purpose: Type definitions for CI access control
- * Pattern: Allowlist model - r06-dev always allowed, others checked via API
+ * Purpose: Type definitions for CI access compatibility checks
+ * Pattern: CI is always allowed; reasons document how the decision was made
  */
 /**
  * Result of CI environment detection
@@ -38,7 +38,6 @@ export interface LicenseCheckResult {
 /**
  * Reasons for license check decisions
  *
- * SECURITY (Issue #542): Fail-closed design - errors result in denial
  */
-export type LicenseCheckReason = 'not-ci' | 'trusted-org' | 'allowlist' | 'not-found' | 'error' | 'owner-resolution-failed' | 'skip-flag';
+export type LicenseCheckReason = 'not-ci' | 'trusted-org' | 'ci-allowed' | 'skip-flag';
 //# sourceMappingURL=types.d.ts.map

package/dist/utils/template-access.d.ts

@@ -0,0 +1,20 @@
+/**
+ * AI HINT: Template Access Verification
+ *
+ * Purpose: Ensure template operations are limited to users who can access the
+ * private runa source repository.
+ *
+ * Design:
+ * - Access is checked before cached templates are returned
+ * - NODE_AUTH_TOKEN and GitHub CLI auth are both accepted proof sources
+ * - Normal CLI/SDK/plugin commands are not gated by this module
+ */
+/**
+ * Verify the current user can access the private runa source repository.
+ *
+ * This check is intentionally separate from CI compatibility checks:
+ * - Normal CLI/SDK/plugin commands remain public
+ * - Template operations stay restricted to authorized users
+ */
+export declare function verifyTemplateRepoAccess(): Promise<void>;
+//# sourceMappingURL=template-access.d.ts.map

package/dist/utils/template-fetcher.d.ts

@@ -17,19 +17,22 @@
  *
  * Authentication Flow:
  * ┌─────────────────────────────────────────────────────────────────┐
- * │ 1. Check workspace (runa-repo development)                      │
- * │    └─ Found → Use local packages/runa-templates/ (no auth)      │
+ * │ 1. Verify access to r06-dev/runa                                │
+ * │    └─ Required before workspace/cache/fetch paths               │
  * │                                                                 │
- * │ 2. Try auto-detect NODE_AUTH_TOKEN                              │
+ * │ 2. Check workspace (runa-repo development)                      │
+ * │    └─ Found → Use local packages/runa-templates/                │
+ * │                                                                 │
+ * │ 3. Check cache (~/.cache/runa/templates/{version}/)             │
+ * │    └─ Hit → Return cached path (no network)                     │
+ * │                                                                 │
+ * │ 4. Try auto-detect NODE_AUTH_TOKEN                              │
  * │    ├─ Already set → Continue                                    │
  * │    └─ Not set → Try `gh auth token` command                     │
  * │        ├─ Success → Set NODE_AUTH_TOKEN and continue            │
  * │        └─ Fail → CLIError with setup instructions               │
  * │                                                                 │
- * │ 3. Check cache (~/.cache/runa/templates/{version}/)             │
- * │    └─ Hit → Return cached path (no network)                     │
- * │                                                                 │
- * │ 4. Fetch from GitHub Packages                                   │
+ * │ 5. Fetch from GitHub Packages                                   │
  * │    └─ Success → Cache and return path                           │
  * └─────────────────────────────────────────────────────────────────┘
  *

package/dist/{vuln-check-JRPMUHLF.js → vuln-check-5JJ2YAJW.js}

@@ -71,7 +71,7 @@ var vulnCheckCommand = new Command("vuln-check").description("Run comprehensive
   const logger = createCLILogger("vuln-check");
   const isJsonMode = getOutputFormatFromEnv() === "json" || options.format === "json";
   try {
-    const { VulnChecker } = await import('./vuln-checker-Q7LSHUHJ.js');
+    const { VulnChecker } = await import('./vuln-checker-JF5234BL.js');
     const categoryMap = {
       code: ["injection", "auth", "crypto"],
       deps: ["dependency"],

package/dist/{vuln-checker-Q7LSHUHJ.js → vuln-checker-JF5234BL.js}

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 import { createRequire } from 'module';
-import { CLI_VERSION } from './chunk-OXQISY3J.js';
+import { CLI_VERSION } from './chunk-ZPE52NEK.js';
 import { init_esm_shims } from './chunk-VRXHCR5K.js';
 import { glob } from 'glob';
 import { exec } from 'child_process';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@runa-ai/runa-cli",
-  "version": "0.10.0",
+  "version": "0.10.1",
   "private": false,
   "description": "AI-powered DevOps CLI",
   "type": "module",

package/dist/chunk-ZZOXM6Q4.js

@@ -1,8 +0,0 @@
-#!/usr/bin/env node
-import { createRequire } from 'module';
-import { init_esm_shims } from './chunk-VRXHCR5K.js';
-
-createRequire(import.meta.url);
-
-// src/errors/index.ts
-init_esm_shims();

package/dist/pg-schema-diff-helpers-7377FS2D.js

@@ -1,7 +0,0 @@
-#!/usr/bin/env node
-import { createRequire } from 'module';
-export { PG_SCHEMA_DIFF_APPLY_TIMEOUT_MS, buildIdleConnectionCleanupSql, detectDropTableStatements, detectMissingExtensionType, detectMissingQualifiedFunction, detectPartitionPrivilegeError, executePgSchemaDiffPlan, formatDeclarativeDependencyBoundaryHint, formatExtensionErrorHint, formatPartitionPrivilegeHint, freeConnectionSlotsForPgSchemaDiff, startConnectionCleanupDaemon, stopConnectionCleanupDaemon, verifyDatabaseConnection, verifyPgSchemaDiffBinary } from './chunk-ZWDWFMOX.js';
-import './chunk-A6A7JIRD.js';
-import './chunk-VRXHCR5K.js';
-
-createRequire(import.meta.url);