@runa-ai/runa-cli 0.5.45 → 0.5.47

package/dist/commands/ci/utils/app-runtime.d.ts

@@ -23,6 +23,8 @@ export declare function startAppBackground(params: {
     tmpDir: string;
     /** App mode: 'dev' for development (hot reload), 'start' for production. Default: 'start' */
     mode?: AppMode;
+    /** Stream output to terminal in addition to log file. Default: false */
+    stream?: boolean;
 }): Promise<{
     pid: number;
     cleanupStreams: () => void;

package/dist/commands/ci/utils/app-runtime.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"app-runtime.d.ts","sourceRoot":"","sources":["../../../../src/commands/ci/utils/app-runtime.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAmGH,wBAAsB,aAAa,CAAC,MAAM,EAAE;IAC1C,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAChC,GAAG,OAAO,CAAC,IAAI,CAAC,CAMhB;AAiHD;;;;GAIG;AACH,MAAM,MAAM,OAAO,GAAG,KAAK,GAAG,OAAO,CAAC;AAwDtC,wBAAsB,kBAAkB,CAAC,MAAM,EAAE;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC,UAAU,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,6FAA6F;IAC7F,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB,GAAG,OAAO,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,cAAc,EAAE,MAAM,IAAI,CAAA;CAAE,CAAC,CA8DvD;AAED,wBAAsB,eAAe,CAAC,MAAM,EAAE;IAC5C,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,OAAO,CAAC,IAAI,CAAC,CAOhB"}
+{"version":3,"file":"app-runtime.d.ts","sourceRoot":"","sources":["../../../../src/commands/ci/utils/app-runtime.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AA+GH,wBAAsB,aAAa,CAAC,MAAM,EAAE;IAC1C,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAChC,GAAG,OAAO,CAAC,IAAI,CAAC,CAMhB;AAiHD;;;;GAIG;AACH,MAAM,MAAM,OAAO,GAAG,KAAK,GAAG,OAAO,CAAC;AA4DtC,wBAAsB,kBAAkB,CAAC,MAAM,EAAE;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC,UAAU,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,6FAA6F;IAC7F,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,wEAAwE;IACxE,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB,GAAG,OAAO,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,cAAc,EAAE,MAAM,IAAI,CAAA;CAAE,CAAC,CA+DvD;AAED,wBAAsB,eAAe,CAAC,MAAM,EAAE;IAC5C,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,OAAO,CAAC,IAAI,CAAC,CAOhB"}

package/dist/commands/db/utils/schema-sync.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"schema-sync.d.ts","sourceRoot":"","sources":["../../../../src/commands/db/utils/schema-sync.ts"],"names":[],"mappings":"AA0KA,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,QAAQ;IACvB,cAAc,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5B,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAC3C,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACtB,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAErC,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,mBAAmB,EAAE,KAAK,CAAC;QACzB,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC,CAAC;CACJ;AAMD;;;;;;;;;;;GAWG;AACH,wBAAsB,2BAA2B,CAC/C,aAAa,EAAE,MAAM,EACrB,WAAW,GAAE,MAAsB,GAClC,OAAO,CAAC;IACT,cAAc,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5B,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CAC5C,CAAC,CAoCD;AAED;;;;;;;GAOG;AACH,wBAAsB,qBAAqB,CACzC,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IACR,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;CACpC,GACA,OAAO,CAAC;IACT,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACtB,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CACtC,CAAC,CAoDD;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE;IACjC,cAAc,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5B,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAC3C,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACtB,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IACrC,uEAAuE;IACvE,0BAA0B,CAAC,EAAE,MAAM,EAAE,CAAC;CACvC,GAAG,QAAQ,CA0DX;AAMD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,8BAA8B,CAC5C,aAAa,EAAE,MAAM,EACrB,WAAW,GAAE,MAAsB,GAClC,MAAM,EAAE,CA0CV"}
+{"version":3,"file":"schema-sync.d.ts","sourceRoot":"","sources":["../../../../src/commands/db/utils/schema-sync.ts"],"names":[],"mappings":"AA0KA,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,QAAQ;IACvB,cAAc,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5B,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAC3C,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACtB,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAErC,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,mBAAmB,EAAE,KAAK,CAAC;QACzB,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC,CAAC;CACJ;AAMD;;;;;;;;;;;GAWG;AACH,wBAAsB,2BAA2B,CAC/C,aAAa,EAAE,MAAM,EACrB,WAAW,GAAE,MAAsB,GAClC,OAAO,CAAC;IACT,cAAc,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5B,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CAC5C,CAAC,CA6CD;AAED;;;;;;;GAOG;AACH,wBAAsB,qBAAqB,CACzC,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IACR,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;CACpC,GACA,OAAO,CAAC;IACT,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACtB,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CACtC,CAAC,CAoDD;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE;IACjC,cAAc,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5B,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAC3C,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACtB,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IACrC,uEAAuE;IACvE,0BAA0B,CAAC,EAAE,MAAM,EAAE,CAAC;CACvC,GAAG,QAAQ,CA0DX;AAMD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,8BAA8B,CAC5C,aAAa,EAAE,MAAM,EACrB,WAAW,GAAE,MAAsB,GAClC,MAAM,EAAE,CA0CV"}

package/dist/commands/dev/commands/dev.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"dev.d.ts","sourceRoot":"","sources":["../../../../src/commands/dev/commands/dev.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAuMpC,eAAO,MAAM,UAAU,SAiBnB,CAAC"}
+{"version":3,"file":"dev.d.ts","sourceRoot":"","sources":["../../../../src/commands/dev/commands/dev.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAuMpC,eAAO,MAAM,UAAU,SAmBnB,CAAC"}

package/dist/commands/dev/contract.d.ts

@@ -18,6 +18,7 @@ export declare const DevInputSchema: z.ZodObject<{
     skipDb: z.ZodDefault<z.ZodBoolean>;
     skipApp: z.ZodDefault<z.ZodBoolean>;
     verbose: z.ZodDefault<z.ZodBoolean>;
+    stream: z.ZodDefault<z.ZodBoolean>;
     targetDir: z.ZodOptional<z.ZodString>;
 }, z.core.$strict>;
 export type DevInput = z.infer<typeof DevInputSchema>;

package/dist/commands/dev/contract.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"contract.d.ts","sourceRoot":"","sources":["../../../src/commands/dev/contract.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAMxB;;GAEG;AACH,eAAO,MAAM,cAAc;;;;;;kBAahB,CAAC;AAEZ,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAMtD;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;;;EAAgE,CAAC;AAElG,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAMlE;;GAEG;AACH,eAAO,MAAM,eAAe;;;;;;kBAajB,CAAC;AAEZ,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC"}
+{"version":3,"file":"contract.d.ts","sourceRoot":"","sources":["../../../src/commands/dev/contract.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAMxB;;GAEG;AACH,eAAO,MAAM,cAAc;;;;;;;kBAehB,CAAC;AAEZ,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAMtD;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;;;EAAgE,CAAC;AAElG,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAMlE;;GAEG;AACH,eAAO,MAAM,eAAe;;;;;;kBAajB,CAAC;AAEZ,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC"}

package/dist/commands/dev/machine.d.ts

@@ -30,6 +30,7 @@ interface AppStartInput {
     appDir: string;
     port: number;
     tmpDir: string;
+    stream: boolean;
 }
 interface AppStartOutput {
     pid: number;

package/dist/commands/dev/machine.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"machine.d.ts","sourceRoot":"","sources":["../../../src/commands/dev/machine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAIH,OAAO,EAAiB,KAAK,YAAY,EAAE,MAAM,QAAQ,CAAC;AAS1D,OAAO,KAAK,EAAE,UAAU,EAAY,QAAQ,EAAa,MAAM,YAAY,CAAC;AAsF5E,UAAU,aAAa;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,UAAU,cAAc;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,cAAc,EAAE,MAAM,IAAI,CAAC;CAC5B;AAmCD,UAAU,aAAa;IACrB,GAAG,EAAE,MAAM,CAAC;CACb;AAoBD,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAIH,QAAQ;cAAY,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;EA6K5C,CAAC;AAMH,MAAM,MAAM,UAAU,GAAG,OAAO,UAAU,CAAC;AAC3C,MAAM,MAAM,WAAW,GAAG,YAAY,CAAC,OAAO,UAAU,CAAC,CAAC;AAM1D;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,WAAW,GAAG,MAAM,CAa1D;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,WAAW,GAAG,OAAO,CAEzD;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,QAAQ,EAAE,WAAW,GAAG,MAAM,GAAG,IAAI,CAE7D"}
+{"version":3,"file":"machine.d.ts","sourceRoot":"","sources":["../../../src/commands/dev/machine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAIH,OAAO,EAAiB,KAAK,YAAY,EAAE,MAAM,QAAQ,CAAC;AAS1D,OAAO,KAAK,EAAE,UAAU,EAAY,QAAQ,EAAa,MAAM,YAAY,CAAC;AAsF5E,UAAU,aAAa;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,OAAO,CAAC;CACjB;AAED,UAAU,cAAc;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,cAAc,EAAE,MAAM,IAAI,CAAC;CAC5B;AAoCD,UAAU,aAAa;IACrB,GAAG,EAAE,MAAM,CAAC;CACb;AAoBD,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAIH,QAAQ;cAAY,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;EA8K5C,CAAC;AAMH,MAAM,MAAM,UAAU,GAAG,OAAO,UAAU,CAAC;AAC3C,MAAM,MAAM,WAAW,GAAG,YAAY,CAAC,OAAO,UAAU,CAAC,CAAC;AAM1D;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,WAAW,GAAG,MAAM,CAa1D;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,WAAW,GAAG,OAAO,CAEzD;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,QAAQ,EAAE,WAAW,GAAG,MAAM,GAAG,IAAI,CAE7D"}

package/dist/commands/template-check/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/commands/template-check/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAMH;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,eAAe,2CAA4C,CAAC;AAMzE;;;;GAIG;AACH,eAAO,MAAM,eAAe,EAAE,SAAS,MAAM,EA4DnC,CAAC;AAEX;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,EAAE,SAAS,MAAM,EAwDvC,CAAC;AAMX;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8EvB,CAAC;AAMX;;;;;;GAMG;AACH,eAAO,MAAM,6BAA6B,EAAE,SAAS,MAAM,EA6DjD,CAAC"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/commands/template-check/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAMH;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,eAAe,2CAA4C,CAAC;AAMzE;;;;GAIG;AACH,eAAO,MAAM,eAAe,EAAE,SAAS,MAAM,EAuEnC,CAAC;AAEX;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,EAAE,SAAS,MAAM,EAwDvC,CAAC;AAMX;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8EvB,CAAC;AAMX;;;;;;GAMG;AACH,eAAO,MAAM,6BAA6B,EAAE,SAAS,MAAM,EA6DjD,CAAC"}

package/dist/index.js

@@ -929,7 +929,7 @@ var CLI_VERSION, HAS_ADMIN_COMMAND;
 var init_version = __esm({
   "src/version.ts"() {
     init_esm_shims();
-    CLI_VERSION = "0.5.45";
+    CLI_VERSION = "0.5.47";
     HAS_ADMIN_COMMAND = false;
   }
 });
@@ -1905,6 +1905,14 @@ function calculateConfidence(pattern) {
     "github-token",
     // ghp_/gho_/etc prefix is unique
     "github-oauth",
+    "openai-api-key",
+    // sk- prefix with length constraint
+    "openai-project-key",
+    // sk-proj- prefix is unique
+    "anthropic-api-key",
+    // sk-ant-api prefix is unique
+    "google-api-key",
+    // AIza prefix is unique to Google (Gemini, Vertex AI, etc.)
     "stripe-secret",
     // sk_live_ prefix is unique
     "stripe-test",
@@ -1926,8 +1934,6 @@ function calculateConfidence(pattern) {
     return 0.95;
   }
   const mediumConfidencePatterns = [
-    "google-api-key",
-    // AIza prefix is fairly unique
     "google-oauth",
     "database-url",
     // Has structure but could be example
@@ -2150,13 +2156,13 @@ var init_secret_analyzer = __esm({
         description: "GitHub OAuth Token detected",
         cweId: CWE.HARDCODED_CREDENTIALS
       },
-      // Google
+      // Google / Gemini
       {
         id: "google-api-key",
-        name: "Google API Key",
+        name: "Google / Gemini API Key",
         pattern: /AIza[0-9A-Za-z\-_]{35}/g,
-        severity: "high",
-        description: "Google API Key detected",
+        severity: "critical",
+        description: "Google API Key detected (used by Gemini, Vertex AI, Maps, etc.)",
         cweId: CWE.HARDCODED_CREDENTIALS
       },
       {
@@ -2190,7 +2196,12 @@ var init_secret_analyzer = __esm({
       {
         id: "supabase-service-role",
         name: "Supabase Service Role Key",
-        pattern: /eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Ilth-z0-9XXsyMH0iLCJyb2xlIjoic2VydmljZV9yb2xlIi/g,
+        // Supabase JWT: header.payload.signature
+        // Header: {"alg":"HS256","typ":"JWT"} (fixed)
+        // Payload prefix: {"iss":"supabase","ref": (24 bytes, 3-byte aligned = stable base64url)
+        // Service role marker: role":"service_role" = cm9sZSI6InNlcnZpY2Vfcm9sZSI (stable)
+        // Variable content between prefix and marker covers the encoded project ref
+        pattern: /eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6[A-Za-z0-9_-]+cm9sZSI6InNlcnZpY2Vfcm9sZSI[A-Za-z0-9_-]*\.[A-Za-z0-9_-]+/g,
         severity: "critical",
         description: "Supabase Service Role Key detected",
         cweId: CWE.HARDCODED_CREDENTIALS
@@ -2354,6 +2365,26 @@ var init_secret_analyzer = __esm({
       // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
       // AI Service API Keys (2024-2026 patterns)
       // ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+      {
+        id: "openai-api-key",
+        name: "OpenAI API Key",
+        // Format: sk-{48+ alphanumeric chars} (real keys are typically 51 chars)
+        // SECURITY: Bounded quantifier to prevent ReDoS
+        pattern: /sk-[a-zA-Z0-9]{48,200}/g,
+        severity: "critical",
+        description: "OpenAI API key detected",
+        cweId: CWE.HARDCODED_CREDENTIALS
+      },
+      {
+        id: "openai-project-key",
+        name: "OpenAI Project Key",
+        // Format: sk-proj-{48+ alphanumeric/dash/underscore chars}
+        // SECURITY: Bounded quantifier to prevent ReDoS
+        pattern: /sk-proj-[a-zA-Z0-9_-]{48,200}/g,
+        severity: "critical",
+        description: "OpenAI Project API key detected",
+        cweId: CWE.HARDCODED_CREDENTIALS
+      },
       {
         id: "anthropic-api-key",
         name: "Anthropic API Key",
@@ -7432,6 +7463,8 @@ z.object({
   skipApp: z.boolean().default(false),
   /** Show detailed output */
   verbose: z.boolean().default(false),
+  /** Stream app output to terminal (in addition to log file). Default: true */
+  stream: z.boolean().default(true),
   /** Target directory (defaults to cwd) */
   targetDir: z.string().optional()
 }).strict();
@@ -7653,9 +7686,9 @@ async function executePrSetupBase(input3, ensureTmpDir) {
 // src/commands/ci/utils/app-runtime.ts
 init_esm_shims();
 function pipeChildOutputToLog(params) {
-  const sources = [params.stdout, params.stderr].filter(
-    (s) => s != null
-  );
+  const sources = [];
+  if (params.stdout) sources.push({ stream: params.stdout, isStderr: false });
+  if (params.stderr) sources.push({ stream: params.stderr, isStderr: true });
   if (sources.length === 0) {
     params.logStream.end();
     return { cleanup: () => {
@@ -7669,10 +7702,14 @@ function pipeChildOutputToLog(params) {
       params.logStream.end();
     }
   };
-  for (const source of sources) {
+  for (const { stream: source, isStderr } of sources) {
     const onData = (chunk) => {
       if (cleanedUp) return;
       const canContinue = params.logStream.write(chunk);
+      if (params.streamToTerminal) {
+        const terminalStream = isStderr ? process.stderr : process.stdout;
+        terminalStream.write(chunk);
+      }
       if (!canContinue) {
         source.pause();
         params.logStream.once("drain", () => {
@@ -7690,7 +7727,7 @@ function pipeChildOutputToLog(params) {
   const cleanup = () => {
     if (cleanedUp) return;
     cleanedUp = true;
-    for (const source of sources) {
+    for (const { stream: source } of sources) {
       source.removeAllListeners("data");
       source.removeAllListeners("end");
       source.removeAllListeners("close");
@@ -7789,18 +7826,17 @@ async function readPackageScripts(pkgPath) {
 }
 function determineAppCommand(mode, isMonorepo2, rootScripts, appScripts, repoRoot, appDir, port) {
   const ciScriptName = mode === "dev" ? "dev:ci" : "start:ci";
-  const defaultScriptName = mode;
   const nextCommand = mode === "dev" ? "dev" : "start";
   const rootHasCiScript = Boolean(rootScripts?.[ciScriptName]);
-  const rootHasDefaultScript = Boolean(rootScripts?.[defaultScriptName]);
   const appHasCiScript = Boolean(appScripts?.[ciScriptName]);
-  const appHasDefaultScript = Boolean(appScripts?.[defaultScriptName]);
+  const rootHasDefaultScript = mode === "start" && Boolean(rootScripts?.["start"]);
+  const appHasDefaultScript = mode === "start" && Boolean(appScripts?.["start"]);
   if (isMonorepo2 && (rootHasCiScript || rootHasDefaultScript)) {
-    const scriptName = rootHasCiScript ? ciScriptName : defaultScriptName;
+    const scriptName = rootHasCiScript ? ciScriptName : "start";
     return { command: ["pnpm", scriptName], useRootScript: true };
   }
   if (appHasCiScript || appHasDefaultScript) {
-    const scriptName = appHasCiScript ? ciScriptName : defaultScriptName;
+    const scriptName = appHasCiScript ? ciScriptName : "start";
     const dirArgs2 = isMonorepo2 ? ["-C", path10__default.relative(repoRoot, appDir)] : [];
     return { command: ["pnpm", ...dirArgs2, scriptName], useRootScript: false };
   }
@@ -7852,7 +7888,8 @@ async function startAppBackground(params) {
   const { cleanup: cleanupStreams } = pipeChildOutputToLog({
     stdout: child.stdout,
     stderr: child.stderr,
-    logStream: out
+    logStream: out,
+    streamToTerminal: params.stream
   });
   const pid = child.pid ?? -1;
   await writeFile(path10__default.join(params.tmpDir, "app.pid"), `${pid}
@@ -7999,7 +8036,7 @@ var e2eMeta2 = {
 };
 var appStartActor = fromPromise(
   async ({ input: input3 }) => {
-    const { repoRoot, appDir, port, tmpDir } = input3;
+    const { repoRoot, appDir, port, tmpDir, stream } = input3;
     const fullTmpDir = path10__default.join(repoRoot, tmpDir);
     await mkdir(fullTmpDir, { recursive: true });
     const result = await startAppBackground({
@@ -8008,7 +8045,8 @@ var appStartActor = fromPromise(
       port,
       env: process.env,
       tmpDir: fullTmpDir,
-      mode: "dev"
+      mode: "dev",
+      stream
     });
     await waitForAppReady({
       port,
@@ -8047,7 +8085,7 @@ var devMachine = setup({
   id: "dev",
   initial: "idle",
   context: ({ input: input3 }) => {
-    const repoRoot = input3.repoRoot;
+    const repoRoot = input3.repoRoot ?? process.cwd();
     return {
       input: input3.input,
       repoRoot,
@@ -8141,7 +8179,8 @@ var devMachine = setup({
             repoRoot: context.repoRoot,
             appDir: detected?.appDir ?? context.repoRoot,
             port: context.input.port,
-            tmpDir: context.tmpDir
+            tmpDir: context.tmpDir,
+            stream: context.input.stream
           };
         },
         onDone: {
@@ -8344,12 +8383,13 @@ async function runDevAction(options, cmd) {
     );
   }
 }
-var devCommand = new Command("dev").description("Start development server (Supabase + Next.js)").option("--port <number>", "Port for Next.js dev server", (val) => Number.parseInt(val, 10), 3e3).option("--skip-db", "Skip Supabase start").option("--skip-app", "Start Supabase only (no app server)").option("--verbose", "Show detailed output").option("--target-dir <path>", "Target directory (defaults to repo root)").action(async (options, cmd) => {
+var devCommand = new Command("dev").description("Start development server (Supabase + Next.js)").option("--port <number>", "Port for Next.js dev server", (val) => Number.parseInt(val, 10), 3e3).option("--skip-db", "Skip Supabase start").option("--skip-app", "Start Supabase only (no app server)").option("--verbose", "Show detailed output").option("--no-stream", "Disable streaming app output to terminal (log to file only)").option("--target-dir <path>", "Target directory (defaults to repo root)").action(async (options, cmd) => {
   const input3 = {
     port: options.port,
     skipDb: options.skipDb ?? false,
     skipApp: options.skipApp ?? false,
     verbose: options.verbose ?? false,
+    stream: options.stream ?? true,
     targetDir: options.targetDir
   };
   await runDevAction(input3, cmd);
@@ -19823,7 +19863,14 @@ function uniqueSorted(values) {
 async function extractSchemaTablesAndEnums(dbPackagePath, projectRoot = process.cwd()) {
   const validatedSchemaPath = validateSchemaPath(dbPackagePath, projectRoot);
   const jiti = createJiti(projectRoot, { interopDefault: true });
-  const schemaModule = await jiti.import(validatedSchemaPath);
+  let schemaModule;
+  try {
+    schemaModule = await jiti.import(validatedSchemaPath);
+  } catch (error) {
+    const errorMessage = error instanceof Error ? error.message : String(error);
+    const hint = errorMessage.includes("unknown is not defined") ? "\n\nHint: Add 'unknown' to drizzle-orm/pg-core imports:\n  import { unknown, ... } from 'drizzle-orm/pg-core'" : "";
+    throw new Error(`Failed to load schema from ${validatedSchemaPath}: ${errorMessage}${hint}`);
+  }
   const expectedTables = /* @__PURE__ */ new Set();
   const expectedEnums = /* @__PURE__ */ new Map();
   for (const value of Object.values(schemaModule)) {
@@ -32785,7 +32832,18 @@ var RUNA_ONLY_FILES = [
   "packages/database/scripts/check-plpgsql.ts",
   "packages/database/scripts/run-splinter.ts",
   "packages/database/scripts/seed-generators/index.ts",
+  "packages/database/scripts/seed-generators/loader.ts",
+  "packages/database/scripts/seed-generators/types.ts",
   "packages/database/scripts/seed-plugins/supabase-auth.ts",
+  "packages/database/scripts/seed-data-sources/api-source.ts",
+  "packages/database/scripts/seed-data-sources/csv-source.ts",
+  "packages/database/scripts/seed-data-sources/index.ts",
+  "packages/database/scripts/seed-data-sources/json-source.ts",
+  "packages/database/scripts/seed-data-sources/types.ts",
+  "packages/database/scripts/seed-hooks/index.ts",
+  "packages/database/scripts/seed-hooks/types.ts",
+  "packages/database/scripts/seed-utils/index.ts",
+  "packages/database/scripts/seed-utils/security.ts",
   // === runa-repo Specific Tests ===
   "packages/database/tests/00_system-schemas.sql",
   "packages/database/tests/01_table-helpers.sql",

package/dist/internal/vuln-checker/analyzers/secret-analyzer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"secret-analyzer.d.ts","sourceRoot":"","sources":["../../../../src/internal/vuln-checker/analyzers/secret-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAKH,OAAO,KAAK,EAAE,QAAQ,EAAE,eAAe,EAAE,QAAQ,EAAE,OAAO,EAAoB,MAAM,aAAa,CAAC;AA2jClG;;GAEG;AACH,qBAAa,cAAe,YAAW,QAAQ;IAC7C,IAAI,SAAoB;IACxB,UAAU,EAAE,QAAQ,EAAE,CAAc;IAE9B,OAAO,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;YAkB7C,cAAc;IAY5B,OAAO,CAAC,UAAU;CAGnB"}
+{"version":3,"file":"secret-analyzer.d.ts","sourceRoot":"","sources":["../../../../src/internal/vuln-checker/analyzers/secret-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAKH,OAAO,KAAK,EAAE,QAAQ,EAAE,eAAe,EAAE,QAAQ,EAAE,OAAO,EAAoB,MAAM,aAAa,CAAC;AAulClG;;GAEG;AACH,qBAAa,cAAe,YAAW,QAAQ;IAC7C,IAAI,SAAoB;IACxB,UAAU,EAAE,QAAQ,EAAE,CAAc;IAE9B,OAAO,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;YAkB7C,cAAc;IAY5B,OAAO,CAAC,UAAU;CAGnB"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@runa-ai/runa-cli",
-  "version": "0.5.45",
+  "version": "0.5.47",
   "private": false,
   "description": "AI-powered DevOps CLI",
   "type": "module",
@@ -53,8 +53,8 @@
     "typescript": "5.9.3",
     "xstate": "5.25.0",
     "zod": "4.3.5",
-    "@runa-ai/runa-xstate-test-plugin": "0.5.35",
-    "@runa-ai/runa": "0.5.44"
+    "@runa-ai/runa": "0.5.44",
+    "@runa-ai/runa-xstate-test-plugin": "0.5.35"
   },
   "engines": {
     "node": ">=20.0.0"