@shaferllc/keel 0.83.3 → 0.83.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -23
- package/dist/billing/billable.d.ts +1 -0
- package/dist/billing/billable.js +8 -0
- package/dist/billing/drivers/fake.d.ts +4 -0
- package/dist/billing/drivers/fake.js +5 -0
- package/dist/billing/drivers/stripe.d.ts +1 -0
- package/dist/billing/drivers/stripe.js +7 -0
- package/dist/billing/gateway.d.ts +7 -0
- package/dist/billing/index.d.ts +1 -1
- package/dist/core/index.d.ts +1 -1
- package/dist/core/index.js +1 -1
- package/dist/core/tokens.d.ts +2 -0
- package/dist/core/tokens.js +24 -0
- package/dist/mcp/cloud.d.ts +9 -0
- package/dist/mcp/cloud.js +179 -0
- package/dist/mcp/server.d.ts +2 -0
- package/dist/mcp/server.js +20 -1
- package/docs/ai-manifest.json +13 -1
- package/docs/ai.md +36 -0
- package/docs/billing.md +10 -1
- package/docs/changelog.md +17 -0
- package/docs/examples/hosting.ts +37 -0
- package/docs/hosting.md +97 -0
- package/llms-full.txt +150 -1
- package/llms.txt +2 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -206,6 +206,7 @@ See [docs/architecture.md](./docs/architecture.md) for the full picture.
|
|
|
206
206
|
| [Sessions](./docs/sessions.md) | Cookie-backed sessions, flash messages |
|
|
207
207
|
| [Authentication](./docs/authentication.md) | Session auth, guards, user provider |
|
|
208
208
|
| [Gates](./docs/gates.md) | Signup gating — invite codes & email allowlist |
|
|
209
|
+
| [Hosting](./docs/hosting.md) | Cloudflare, SQL dump, secrets for hosted Workers |
|
|
209
210
|
| [Authorization](./docs/authorization.md) | Ability gates & policies, `can`/`authorize` |
|
|
210
211
|
| [Database](./docs/database.md) | Driver-agnostic query builder |
|
|
211
212
|
| [Models](./docs/models.md) | Active-record: find/create/save, casts, relations |
|
|
@@ -269,29 +270,8 @@ lines / ~91% branches**.
|
|
|
269
270
|
|
|
270
271
|
## Roadmap
|
|
271
272
|
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
- [x] View / templating layer (Hono JSX) — **v0.2.0**
|
|
276
|
-
- [x] Cloudflare Workers–safe core — **v0.2.0**
|
|
277
|
-
- [x] Global helpers: `config()`, `app()`, `view()` — **v0.3.0 / v0.4.0**
|
|
278
|
-
- [x] Error & exception handling — **v0.5.0**
|
|
279
|
-
- [x] Request/response + container helpers — **v0.6.0–v0.9.0**
|
|
280
|
-
- [x] Validation (Zod-compatible) — **v0.10.0**
|
|
281
|
-
- [x] First-class routing (groups, resources, named routes) — **v0.11.0**
|
|
282
|
-
- [x] Domain routing, matchers, Inertia adapter — **v0.12.0**
|
|
283
|
-
- [x] Test suite (~99% coverage)
|
|
284
|
-
- [x] Query builder (driver-agnostic) — **v0.28.0**
|
|
285
|
-
- [x] Active-record Model layer — **v0.29.0**
|
|
286
|
-
- [x] Migrations (schema builder) — **v0.30.0**
|
|
287
|
-
- [x] Model relationships (hasMany / belongsTo / belongsToMany) — **v0.31.0**
|
|
288
|
-
- [x] Factories & seeders (built-in Faker) — **v0.32.0**
|
|
289
|
-
- [x] Model attribute casts + mass-assignment guarding — **v0.33.0**
|
|
290
|
-
- [x] Mail (fluent mailer, pluggable transports) — **v0.34.0**
|
|
291
|
-
- [x] Queues / background jobs (pluggable drivers) — **v0.35.0**
|
|
292
|
-
- [x] Notifications (multi-channel, queueable) — **v0.36.0**
|
|
293
|
-
- [ ] Publish `src/core` as the `@keel/core` package
|
|
294
|
-
|
|
273
|
+
The MVP core and the major subsystems are shipped. Recent focus is Keel Cloud
|
|
274
|
+
support (gates, hosting, MCP Cloud tools, billing portal) and starter kits.
|
|
295
275
|
See [CHANGELOG.md](./CHANGELOG.md) for release history.
|
|
296
276
|
|
|
297
277
|
## Contributing
|
|
@@ -67,6 +67,7 @@ export interface BillableInstance {
|
|
|
67
67
|
checkout(prices: string | PriceRef | (string | PriceRef)[], options?: ProductCheckoutOptions): Promise<CheckoutSession>;
|
|
68
68
|
createSetupIntent(): Promise<SetupIntent>;
|
|
69
69
|
paymentMethods(): Promise<PaymentMethod[]>;
|
|
70
|
+
billingPortal(returnUrl: string): Promise<import("./gateway.js").BillingPortalSession>;
|
|
70
71
|
}
|
|
71
72
|
/**
|
|
72
73
|
* The class a `Billable(Base)` call returns: billing instances plus all of
|
package/dist/billing/billable.js
CHANGED
|
@@ -171,6 +171,14 @@ export function Billable(Base) {
|
|
|
171
171
|
return [];
|
|
172
172
|
return gateway.paymentMethods(this.billing_customer_id);
|
|
173
173
|
}
|
|
174
|
+
/** Open the hosted customer portal (manage card / cancel). */
|
|
175
|
+
async billingPortal(returnUrl) {
|
|
176
|
+
const gateway = this.billingGateway();
|
|
177
|
+
if (!gateway.createBillingPortalSession) {
|
|
178
|
+
throw new BillingError(`The "${gateway.name}" gateway does not support a billing portal.`, gateway.name);
|
|
179
|
+
}
|
|
180
|
+
return gateway.createBillingPortalSession(await this.getCustomerId(), returnUrl);
|
|
181
|
+
}
|
|
174
182
|
}
|
|
175
183
|
return BillableModel;
|
|
176
184
|
}
|
|
@@ -42,6 +42,10 @@ export declare class FakeGateway implements BillingGateway {
|
|
|
42
42
|
refund(params: RefundParams): Promise<GatewayRefund>;
|
|
43
43
|
listInvoices(customer: string): Promise<GatewayInvoice[]>;
|
|
44
44
|
createCheckoutSession(params: CheckoutParams): Promise<CheckoutSession>;
|
|
45
|
+
createBillingPortalSession(customer: string, returnUrl: string): Promise<{
|
|
46
|
+
id: string;
|
|
47
|
+
url: string;
|
|
48
|
+
}>;
|
|
45
49
|
createSetupIntent(customer: string): Promise<SetupIntent>;
|
|
46
50
|
paymentMethods(customer: string): Promise<PaymentMethod[]>;
|
|
47
51
|
verifyWebhook(rawBody: string, headers: HeaderBag, secret: string): Promise<import("../gateway.js").WebhookEvent | null>;
|
|
@@ -129,6 +129,11 @@ export class FakeGateway {
|
|
|
129
129
|
const id = this.id("cs");
|
|
130
130
|
return { id, url: `https://fake.checkout/${id}`, clientToken: `ctok_${id}` };
|
|
131
131
|
}
|
|
132
|
+
async createBillingPortalSession(customer, returnUrl) {
|
|
133
|
+
this.record("createBillingPortalSession", customer, returnUrl);
|
|
134
|
+
const id = this.id("bps");
|
|
135
|
+
return { id, url: `https://fake.portal/${id}?return=${encodeURIComponent(returnUrl)}` };
|
|
136
|
+
}
|
|
132
137
|
async createSetupIntent(customer) {
|
|
133
138
|
this.record("createSetupIntent", customer);
|
|
134
139
|
const id = this.id("seti");
|
|
@@ -28,6 +28,7 @@ export declare class StripeGateway implements BillingGateway {
|
|
|
28
28
|
createCheckoutSession(params: CheckoutParams): Promise<CheckoutSession>;
|
|
29
29
|
createSetupIntent(customer: string): Promise<SetupIntent>;
|
|
30
30
|
paymentMethods(customer: string): Promise<PaymentMethod[]>;
|
|
31
|
+
createBillingPortalSession(customer: string, returnUrl: string): Promise<import("../gateway.js").BillingPortalSession>;
|
|
31
32
|
verifyWebhook(rawBody: string, headers: HeaderBag, secret: string): Promise<WebhookEvent | null>;
|
|
32
33
|
private normalize;
|
|
33
34
|
}
|
|
@@ -219,6 +219,13 @@ export class StripeGateway {
|
|
|
219
219
|
};
|
|
220
220
|
});
|
|
221
221
|
}
|
|
222
|
+
async createBillingPortalSession(customer, returnUrl) {
|
|
223
|
+
const session = await this.call("POST", "/billing_portal/sessions", {
|
|
224
|
+
customer,
|
|
225
|
+
return_url: returnUrl,
|
|
226
|
+
});
|
|
227
|
+
return { id: String(session.id), url: String(session.url ?? "") };
|
|
228
|
+
}
|
|
222
229
|
/* ------------------------------ webhooks ------------------------------- */
|
|
223
230
|
async verifyWebhook(rawBody, headers, secret) {
|
|
224
231
|
const header = headers("stripe-signature");
|
|
@@ -162,6 +162,13 @@ export interface BillingGateway {
|
|
|
162
162
|
verifyWebhook(rawBody: string, headers: HeaderBag, secret: string): Promise<WebhookEvent | null>;
|
|
163
163
|
createSetupIntent?(customer: string): Promise<SetupIntent>;
|
|
164
164
|
paymentMethods?(customer: string): Promise<PaymentMethod[]>;
|
|
165
|
+
/** Hosted customer portal (manage card / cancel). Stripe-style. */
|
|
166
|
+
createBillingPortalSession?(customer: string, returnUrl: string): Promise<BillingPortalSession>;
|
|
167
|
+
}
|
|
168
|
+
/** A hosted billing-portal redirect. */
|
|
169
|
+
export interface BillingPortalSession {
|
|
170
|
+
id: string;
|
|
171
|
+
url: string;
|
|
165
172
|
}
|
|
166
173
|
/** Raised for gateway/config problems and unsupported-capability calls. */
|
|
167
174
|
export declare class BillingError extends Error {
|
package/dist/billing/index.d.ts
CHANGED
|
@@ -16,7 +16,7 @@ export type { BillableTarget, CheckoutOptions } from "./builder.js";
|
|
|
16
16
|
export { BillingManager, billing, setBilling } from "./manager.js";
|
|
17
17
|
export type { GatewayFactory } from "./manager.js";
|
|
18
18
|
export { BillingError } from "./gateway.js";
|
|
19
|
-
export type { BillingGateway, HeaderBag, CustomerDetails, GatewayCustomer, PriceRef, CreateSubscriptionParams, GatewaySubscription, GatewaySubscriptionItem, SwapParams, CancelParams, ChargeParams, GatewayCharge, RefundParams, GatewayRefund, GatewayInvoice, CheckoutParams, CheckoutSession, SetupIntent, PaymentMethod, WebhookEvent, } from "./gateway.js";
|
|
19
|
+
export type { BillingGateway, HeaderBag, CustomerDetails, GatewayCustomer, PriceRef, CreateSubscriptionParams, GatewaySubscription, GatewaySubscriptionItem, SwapParams, CancelParams, ChargeParams, GatewayCharge, RefundParams, GatewayRefund, GatewayInvoice, CheckoutParams, CheckoutSession, SetupIntent, PaymentMethod, BillingPortalSession, WebhookEvent, } from "./gateway.js";
|
|
20
20
|
export { registerDefaultGateways, StripeGateway, PaddleGateway, FakeGateway } from "./drivers/index.js";
|
|
21
21
|
export type { FakeCall } from "./drivers/index.js";
|
|
22
22
|
export { handleWebhook, resolveBillableUsing } from "./webhooks.js";
|
package/dist/core/index.d.ts
CHANGED
|
@@ -102,7 +102,7 @@ export { Session, session, sessionMiddleware } from "./session.js";
|
|
|
102
102
|
export type { SessionOptions } from "./session.js";
|
|
103
103
|
export { Auth, auth, authGuard, bearerAuth, basicAuth, tokenAuth, token, tokenCan, setUserProvider } from "./auth.js";
|
|
104
104
|
export type { UserProvider, BasicVerifier } from "./auth.js";
|
|
105
|
-
export { createToken, verifyToken, revokeToken, revokeTokens, listTokens, tokenAllows, tokenDenies, setTokensTable, } from "./tokens.js";
|
|
105
|
+
export { createToken, verifyToken, revokeToken, revokeTokens, listTokens, tokenAllows, tokenDenies, setTokensTable, tokensMigration, } from "./tokens.js";
|
|
106
106
|
export type { AccessToken, CreateTokenOptions, IssuedToken } from "./tokens.js";
|
|
107
107
|
export { social, github, google, discord, oauthDriver, oauthState, OAuthDriver, OAuthError, twitter, oauth1Driver, oauth1Signature, OAuth1Driver, } from "./social.js";
|
|
108
108
|
export type { SocialUser, OAuthToken, OAuthConfig, ProviderSpec, RedirectOptions, OAuth1Config, OAuth1Token, OAuth1ProviderSpec, } from "./social.js";
|
package/dist/core/index.js
CHANGED
|
@@ -54,7 +54,7 @@ export { HttpException, BadRequestException, UnauthorizedException, PaymentRequi
|
|
|
54
54
|
export { validate, validateRequest, validated } from "./validation.js";
|
|
55
55
|
export { Session, session, sessionMiddleware } from "./session.js";
|
|
56
56
|
export { Auth, auth, authGuard, bearerAuth, basicAuth, tokenAuth, token, tokenCan, setUserProvider } from "./auth.js";
|
|
57
|
-
export { createToken, verifyToken, revokeToken, revokeTokens, listTokens, tokenAllows, tokenDenies, setTokensTable, } from "./tokens.js";
|
|
57
|
+
export { createToken, verifyToken, revokeToken, revokeTokens, listTokens, tokenAllows, tokenDenies, setTokensTable, tokensMigration, } from "./tokens.js";
|
|
58
58
|
export { social, github, google, discord, oauthDriver, oauthState, OAuthDriver, OAuthError, twitter, oauth1Driver, oauth1Signature, OAuth1Driver, } from "./social.js";
|
|
59
59
|
export { define, policy, gateBefore, gateAfter, setUserResolver, clearAuthorization, can, cannot, canFor, authorize, authorizeFor, } from "./authorization.js";
|
|
60
60
|
export { Transformer } from "./transformer.js";
|
package/dist/core/tokens.d.ts
CHANGED
|
@@ -72,3 +72,5 @@ export declare function revokeToken(selector: string, connection?: string): Prom
|
|
|
72
72
|
export declare function revokeTokens(tokenableId: string | number, connection?: string): Promise<void>;
|
|
73
73
|
/** List an entity's tokens (metadata only — the secret is never stored). */
|
|
74
74
|
export declare function listTokens(tokenableId: string | number, connection?: string): Promise<AccessToken[]>;
|
|
75
|
+
/** Schema for personal access tokens (SQLite-friendly; works on Postgres with minor tweaks). */
|
|
76
|
+
export declare function tokensMigration(tableName?: string): import("./migrations.js").Migration;
|
package/dist/core/tokens.js
CHANGED
|
@@ -153,3 +153,27 @@ function parseAbilities(value) {
|
|
|
153
153
|
return ["*"];
|
|
154
154
|
}
|
|
155
155
|
}
|
|
156
|
+
/** Schema for personal access tokens (SQLite-friendly; works on Postgres with minor tweaks). */
|
|
157
|
+
export function tokensMigration(tableName = "personal_access_tokens") {
|
|
158
|
+
return {
|
|
159
|
+
name: `tokens_00_${tableName}`,
|
|
160
|
+
async up(schema) {
|
|
161
|
+
await schema.raw(`
|
|
162
|
+
CREATE TABLE IF NOT EXISTS ${tableName} (
|
|
163
|
+
selector TEXT NOT NULL UNIQUE,
|
|
164
|
+
hash TEXT NOT NULL,
|
|
165
|
+
tokenable_id TEXT NOT NULL,
|
|
166
|
+
name TEXT,
|
|
167
|
+
abilities TEXT,
|
|
168
|
+
last_used_at INTEGER,
|
|
169
|
+
expires_at INTEGER,
|
|
170
|
+
created_at INTEGER
|
|
171
|
+
)
|
|
172
|
+
`);
|
|
173
|
+
await schema.raw(`CREATE INDEX IF NOT EXISTS idx_${tableName}_tokenable ON ${tableName} (tokenable_id)`);
|
|
174
|
+
},
|
|
175
|
+
async down(schema) {
|
|
176
|
+
await schema.dropTable(tableName).catch(() => { });
|
|
177
|
+
},
|
|
178
|
+
};
|
|
179
|
+
}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Keel Cloud MCP tools — registered only when KEEL_CLOUD_TOKEN is set.
|
|
3
|
+
*
|
|
4
|
+
* Talks to a Keel Cloud control plane over HTTP (Bearer token). Agents use these
|
|
5
|
+
* to create sites, preview/publish, and manage secrets without leaving the IDE.
|
|
6
|
+
*/
|
|
7
|
+
import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
|
|
8
|
+
/** Register Cloud tools on an existing MCP server when a Cloud token is present. */
|
|
9
|
+
export declare function registerCloudTools(server: McpServer): boolean;
|
|
@@ -0,0 +1,179 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Keel Cloud MCP tools — registered only when KEEL_CLOUD_TOKEN is set.
|
|
3
|
+
*
|
|
4
|
+
* Talks to a Keel Cloud control plane over HTTP (Bearer token). Agents use these
|
|
5
|
+
* to create sites, preview/publish, and manage secrets without leaving the IDE.
|
|
6
|
+
*/
|
|
7
|
+
import { z } from "zod";
|
|
8
|
+
const PRESETS = ["minimal", "api", "app", "saas"];
|
|
9
|
+
function cloudConfig() {
|
|
10
|
+
const token = String(process.env.KEEL_CLOUD_TOKEN ?? "").trim();
|
|
11
|
+
if (!token)
|
|
12
|
+
return null;
|
|
13
|
+
const url = String(process.env.KEEL_CLOUD_URL ?? "http://localhost:3000").replace(/\/$/, "");
|
|
14
|
+
return { url, token };
|
|
15
|
+
}
|
|
16
|
+
async function cloudFetch(path, init = {}) {
|
|
17
|
+
const cfg = cloudConfig();
|
|
18
|
+
if (!cfg)
|
|
19
|
+
throw new Error("KEEL_CLOUD_TOKEN is not set");
|
|
20
|
+
const response = await fetch(`${cfg.url}${path}`, {
|
|
21
|
+
...init,
|
|
22
|
+
headers: {
|
|
23
|
+
authorization: `Bearer ${cfg.token}`,
|
|
24
|
+
accept: "application/json",
|
|
25
|
+
...(init.body ? { "content-type": "application/json" } : {}),
|
|
26
|
+
...(init.headers ?? {}),
|
|
27
|
+
},
|
|
28
|
+
});
|
|
29
|
+
const text = await response.text();
|
|
30
|
+
let body = text;
|
|
31
|
+
try {
|
|
32
|
+
body = text ? JSON.parse(text) : null;
|
|
33
|
+
}
|
|
34
|
+
catch {
|
|
35
|
+
/* keep text */
|
|
36
|
+
}
|
|
37
|
+
return { ok: response.ok, status: response.status, body };
|
|
38
|
+
}
|
|
39
|
+
function jsonText(data, isError = false) {
|
|
40
|
+
return {
|
|
41
|
+
content: [{ type: "text", text: typeof data === "string" ? data : JSON.stringify(data, null, 2) }],
|
|
42
|
+
...(isError ? { isError: true } : {}),
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
/** Register Cloud tools on an existing MCP server when a Cloud token is present. */
|
|
46
|
+
export function registerCloudTools(server) {
|
|
47
|
+
if (!cloudConfig())
|
|
48
|
+
return false;
|
|
49
|
+
server.registerTool("keel_cloud_me", {
|
|
50
|
+
title: "Keel Cloud — who am I",
|
|
51
|
+
description: "Return the Keel Cloud user authenticated by KEEL_CLOUD_TOKEN.",
|
|
52
|
+
inputSchema: {},
|
|
53
|
+
}, async () => {
|
|
54
|
+
const res = await cloudFetch("/api/v1/me");
|
|
55
|
+
return jsonText(res.body, !res.ok);
|
|
56
|
+
});
|
|
57
|
+
server.registerTool("keel_cloud_list_sites", {
|
|
58
|
+
title: "Keel Cloud — list sites",
|
|
59
|
+
description: "List sites on the current Keel Cloud team. Includes storage_path for local editing and hostnames.",
|
|
60
|
+
inputSchema: {},
|
|
61
|
+
}, async () => {
|
|
62
|
+
const res = await cloudFetch("/api/v1/sites");
|
|
63
|
+
return jsonText(res.body, !res.ok);
|
|
64
|
+
});
|
|
65
|
+
server.registerTool("keel_cloud_get_site", {
|
|
66
|
+
title: "Keel Cloud — get site",
|
|
67
|
+
description: "Fetch one Keel Cloud site by id (paths, hostnames, status).",
|
|
68
|
+
inputSchema: {
|
|
69
|
+
site_id: z.number().int().describe("Site id from keel_cloud_list_sites"),
|
|
70
|
+
},
|
|
71
|
+
}, async ({ site_id }) => {
|
|
72
|
+
const res = await cloudFetch(`/api/v1/sites/${site_id}`);
|
|
73
|
+
return jsonText(res.body, !res.ok);
|
|
74
|
+
});
|
|
75
|
+
server.registerTool("keel_cloud_create_site", {
|
|
76
|
+
title: "Keel Cloud — create site",
|
|
77
|
+
description: "Create a new Keel Cloud site from a preset (minimal|api|app|saas). Scaffolds source under storage/sites/{slug} and returns storage_path for editing.",
|
|
78
|
+
inputSchema: {
|
|
79
|
+
name: z.string().min(1).describe("Human-readable site name"),
|
|
80
|
+
preset: z.enum(PRESETS).optional().describe("Keel preset (default minimal)"),
|
|
81
|
+
},
|
|
82
|
+
}, async ({ name, preset }) => {
|
|
83
|
+
const res = await cloudFetch("/api/v1/sites", {
|
|
84
|
+
method: "POST",
|
|
85
|
+
body: JSON.stringify({ name, preset: preset ?? "minimal" }),
|
|
86
|
+
});
|
|
87
|
+
return jsonText(res.body, !res.ok);
|
|
88
|
+
});
|
|
89
|
+
server.registerTool("keel_cloud_preview", {
|
|
90
|
+
title: "Keel Cloud — deploy preview",
|
|
91
|
+
description: "Deploy the site's preview Worker (and attach preview hostname when Cloudflare is configured). Safe to call freely while iterating.",
|
|
92
|
+
inputSchema: {
|
|
93
|
+
site_id: z.number().int().describe("Site id"),
|
|
94
|
+
},
|
|
95
|
+
}, async ({ site_id }) => {
|
|
96
|
+
const res = await cloudFetch(`/api/v1/sites/${site_id}/preview`, { method: "POST", body: "{}" });
|
|
97
|
+
return jsonText(res.body, !res.ok);
|
|
98
|
+
});
|
|
99
|
+
server.registerTool("keel_cloud_publish", {
|
|
100
|
+
title: "Keel Cloud — publish production",
|
|
101
|
+
description: "Publish the site to its production Worker/hostname. Requires confirm=true (explicit user approval).",
|
|
102
|
+
inputSchema: {
|
|
103
|
+
site_id: z.number().int().describe("Site id"),
|
|
104
|
+
confirm: z
|
|
105
|
+
.boolean()
|
|
106
|
+
.describe("Must be true to publish — ask the user before setting this"),
|
|
107
|
+
},
|
|
108
|
+
}, async ({ site_id, confirm }) => {
|
|
109
|
+
if (!confirm) {
|
|
110
|
+
return jsonText({
|
|
111
|
+
error: "Publish requires confirm=true. Ask the user to confirm before calling again.",
|
|
112
|
+
}, true);
|
|
113
|
+
}
|
|
114
|
+
const res = await cloudFetch(`/api/v1/sites/${site_id}/publish`, {
|
|
115
|
+
method: "POST",
|
|
116
|
+
body: JSON.stringify({ confirm: true }),
|
|
117
|
+
});
|
|
118
|
+
return jsonText(res.body, !res.ok);
|
|
119
|
+
});
|
|
120
|
+
server.registerTool("keel_cloud_deploys", {
|
|
121
|
+
title: "Keel Cloud — deploy history",
|
|
122
|
+
description: "List recent preview/production deploys and logs for a site.",
|
|
123
|
+
inputSchema: {
|
|
124
|
+
site_id: z.number().int().describe("Site id"),
|
|
125
|
+
},
|
|
126
|
+
}, async ({ site_id }) => {
|
|
127
|
+
const res = await cloudFetch(`/api/v1/sites/${site_id}/deploys`);
|
|
128
|
+
return jsonText(res.body, !res.ok);
|
|
129
|
+
});
|
|
130
|
+
server.registerTool("keel_cloud_set_secret", {
|
|
131
|
+
title: "Keel Cloud — set secret",
|
|
132
|
+
description: "Store a secret in the site vault (never in git). Injected into the Worker on the next preview/publish.",
|
|
133
|
+
inputSchema: {
|
|
134
|
+
site_id: z.number().int().describe("Site id"),
|
|
135
|
+
key: z.string().min(1).describe("Env-style key, e.g. STRIPE_SECRET_KEY"),
|
|
136
|
+
value: z.string().describe("Secret value (will not be echoed by the dashboard)"),
|
|
137
|
+
},
|
|
138
|
+
}, async ({ site_id, key, value }) => {
|
|
139
|
+
const res = await cloudFetch(`/api/v1/sites/${site_id}/secrets`, {
|
|
140
|
+
method: "PUT",
|
|
141
|
+
body: JSON.stringify({ key, value }),
|
|
142
|
+
});
|
|
143
|
+
return jsonText(res.body, !res.ok);
|
|
144
|
+
});
|
|
145
|
+
server.registerTool("keel_cloud_export", {
|
|
146
|
+
title: "Keel Cloud — export manifest",
|
|
147
|
+
description: "Return the site's export manifest (paths, hostnames, Keel version, SQL dump URLs). Use storage_path / git_url for code; use keel_cloud_export_sql for data.",
|
|
148
|
+
inputSchema: {
|
|
149
|
+
site_id: z.number().int().describe("Site id"),
|
|
150
|
+
},
|
|
151
|
+
}, async ({ site_id }) => {
|
|
152
|
+
const res = await cloudFetch(`/api/v1/sites/${site_id}/export`);
|
|
153
|
+
return jsonText(res.body, !res.ok);
|
|
154
|
+
});
|
|
155
|
+
server.registerTool("keel_cloud_export_sql", {
|
|
156
|
+
title: "Keel Cloud — export SQL dump",
|
|
157
|
+
description: "Download a portable .sql dump for local sqlite, preview D1, or production D1. Prefer production after publish for a full escape hatch.",
|
|
158
|
+
inputSchema: {
|
|
159
|
+
site_id: z.number().int().describe("Site id"),
|
|
160
|
+
env: z
|
|
161
|
+
.enum(["local", "preview", "production"])
|
|
162
|
+
.optional()
|
|
163
|
+
.describe("Which database to dump (default local)"),
|
|
164
|
+
},
|
|
165
|
+
}, async ({ site_id, env }) => {
|
|
166
|
+
const environment = env ?? "local";
|
|
167
|
+
const res = await cloudFetch(`/api/v1/sites/${site_id}/export/sql?env=${environment}`);
|
|
168
|
+
if (!res.ok)
|
|
169
|
+
return jsonText(res.body, true);
|
|
170
|
+
const sql = typeof res.body === "string" ? res.body : JSON.stringify(res.body);
|
|
171
|
+
return jsonText({
|
|
172
|
+
site_id,
|
|
173
|
+
env: environment,
|
|
174
|
+
sql,
|
|
175
|
+
hint: "Write this to a .sql file and restore with sqlite3 / D1 import on a real Keel app.",
|
|
176
|
+
});
|
|
177
|
+
});
|
|
178
|
+
return true;
|
|
179
|
+
}
|
package/dist/mcp/server.d.ts
CHANGED
|
@@ -11,6 +11,8 @@
|
|
|
11
11
|
* keel_search_api search the public export surface
|
|
12
12
|
* keel_list_generators the `keel make:*` generators
|
|
13
13
|
* keel_scaffold generate a controller/provider/job/… stub (no write)
|
|
14
|
+
* When KEEL_CLOUD_TOKEN is set, also:
|
|
15
|
+
* keel_cloud_* create/list/preview/publish sites on Keel Cloud
|
|
14
16
|
* Resources: keel://overview, keel://llms-full, and keel://docs/<slug> per guide.
|
|
15
17
|
*/
|
|
16
18
|
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
|
package/dist/mcp/server.js
CHANGED
|
@@ -11,6 +11,8 @@
|
|
|
11
11
|
* keel_search_api search the public export surface
|
|
12
12
|
* keel_list_generators the `keel make:*` generators
|
|
13
13
|
* keel_scaffold generate a controller/provider/job/… stub (no write)
|
|
14
|
+
* When KEEL_CLOUD_TOKEN is set, also:
|
|
15
|
+
* keel_cloud_* create/list/preview/publish sites on Keel Cloud
|
|
14
16
|
* Resources: keel://overview, keel://llms-full, and keel://docs/<slug> per guide.
|
|
15
17
|
*/
|
|
16
18
|
import { readFile, readdir, stat } from "node:fs/promises";
|
|
@@ -20,6 +22,7 @@ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
|
|
|
20
22
|
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
|
|
21
23
|
import { z } from "zod";
|
|
22
24
|
import { controllerStub, resourceControllerStub, providerStub, middlewareStub, factoryStub, seederStub, jobStub, notificationStub, transformerStub, } from "../core/cli/stubs.js";
|
|
25
|
+
import { registerCloudTools } from "./cloud.js";
|
|
23
26
|
async function exists(p) {
|
|
24
27
|
try {
|
|
25
28
|
await stat(p);
|
|
@@ -183,6 +186,18 @@ export async function createServer() {
|
|
|
183
186
|
"",
|
|
184
187
|
"## Generators — use keel_scaffold or `keel make:*`",
|
|
185
188
|
...manifest.generators.map((g) => `- ${g.command} → ${g.produces}`),
|
|
189
|
+
...(process.env.KEEL_CLOUD_TOKEN?.trim()
|
|
190
|
+
? [
|
|
191
|
+
"",
|
|
192
|
+
"## Keel Cloud (token detected)",
|
|
193
|
+
"Cloud tools are enabled. Typical loop:",
|
|
194
|
+
"1. keel_cloud_create_site { name, preset }",
|
|
195
|
+
"2. Edit files at the returned storage_path (real Keel app)",
|
|
196
|
+
"3. keel_cloud_preview { site_id }",
|
|
197
|
+
"4. keel_cloud_publish { site_id, confirm: true } after user approval",
|
|
198
|
+
"Also: keel_cloud_list_sites, keel_cloud_get_site, keel_cloud_set_secret, keel_cloud_deploys, keel_cloud_export.",
|
|
199
|
+
]
|
|
200
|
+
: []),
|
|
186
201
|
].join("\n");
|
|
187
202
|
// ---- tools ----
|
|
188
203
|
server.registerTool("keel_overview", {
|
|
@@ -343,6 +358,7 @@ export async function createServer() {
|
|
|
343
358
|
for (const doc of manifest.docs) {
|
|
344
359
|
server.registerResource(`doc:${doc.slug}`, `keel://docs/${doc.slug}`, { title: doc.title, description: doc.summary || doc.title, mimeType: "text/markdown" }, async (uri) => ({ contents: [{ uri: uri.href, text: await readFile(join(root, doc.path), "utf8") }] }));
|
|
345
360
|
}
|
|
361
|
+
registerCloudTools(server);
|
|
346
362
|
return server;
|
|
347
363
|
}
|
|
348
364
|
/** Boot the server on stdio. Called by the `keel-mcp` bin and `keel mcp`. */
|
|
@@ -351,5 +367,8 @@ export async function runMcpServer() {
|
|
|
351
367
|
const transport = new StdioServerTransport();
|
|
352
368
|
await server.connect(transport);
|
|
353
369
|
// stdout is the protocol channel — log to stderr only.
|
|
354
|
-
|
|
370
|
+
const cloud = Boolean(process.env.KEEL_CLOUD_TOKEN?.trim());
|
|
371
|
+
console.error(cloud
|
|
372
|
+
? "⚓ Keel MCP server running on stdio (Cloud tools enabled)"
|
|
373
|
+
: "⚓ Keel MCP server running on stdio");
|
|
355
374
|
}
|
package/docs/ai-manifest.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@shaferllc/keel",
|
|
3
|
-
"version": "0.83.
|
|
3
|
+
"version": "0.83.4",
|
|
4
4
|
"description": "The house framework for Node.js — a service container, providers, routing, JSX views, and a code-generating console.",
|
|
5
5
|
"repo": "https://github.com/shaferllc/keel",
|
|
6
6
|
"generated": "run `npm run build:ai` to regenerate",
|
|
@@ -208,6 +208,13 @@
|
|
|
208
208
|
"path": "docs/hooks.md",
|
|
209
209
|
"example": "docs/examples/hooks.ts"
|
|
210
210
|
},
|
|
211
|
+
{
|
|
212
|
+
"slug": "hosting",
|
|
213
|
+
"title": "Hosting",
|
|
214
|
+
"summary": "Keel Hosting is a small toolkit for hosted Workers / D1 apps: a Cloudflare REST client, hostname helpers, a SQLite-compatible SQL dump, and purpose-scoped secret encryption.",
|
|
215
|
+
"path": "docs/hosting.md",
|
|
216
|
+
"example": "docs/examples/hosting.ts"
|
|
217
|
+
},
|
|
211
218
|
{
|
|
212
219
|
"slug": "i18n",
|
|
213
220
|
"title": "Internationalization",
|
|
@@ -3084,6 +3091,11 @@
|
|
|
3084
3091
|
"kind": "value",
|
|
3085
3092
|
"module": "tokens"
|
|
3086
3093
|
},
|
|
3094
|
+
{
|
|
3095
|
+
"name": "tokensMigration",
|
|
3096
|
+
"kind": "value",
|
|
3097
|
+
"module": "tokens"
|
|
3098
|
+
},
|
|
3087
3099
|
{
|
|
3088
3100
|
"name": "TooManyRequestsException",
|
|
3089
3101
|
"kind": "value",
|
package/docs/ai.md
CHANGED
|
@@ -61,6 +61,35 @@ package, so it always matches your installed version.
|
|
|
61
61
|
| `keel_list_generators` | The `keel make:*` generators, what they produce, and their flags. |
|
|
62
62
|
| `keel_scaffold` | Generate a controller/provider/middleware/factory/seeder/job/notification/transformer stub. Returns code + target path — it does **not** write to disk. |
|
|
63
63
|
|
|
64
|
+
When `KEEL_CLOUD_TOKEN` (and optional `KEEL_CLOUD_URL`) is set, Cloud tools are
|
|
65
|
+
also registered:
|
|
66
|
+
|
|
67
|
+
| Tool | What it does |
|
|
68
|
+
|------|--------------|
|
|
69
|
+
| `keel_cloud_me` | Authenticated Cloud user |
|
|
70
|
+
| `keel_cloud_list_sites` / `keel_cloud_get_site` | List or fetch a site (includes `storage_path`) |
|
|
71
|
+
| `keel_cloud_create_site` | Create from preset (`minimal` \| `api` \| `app` \| `saas`) |
|
|
72
|
+
| `keel_cloud_preview` | Deploy preview Worker |
|
|
73
|
+
| `keel_cloud_publish` | Publish production — requires `confirm: true` |
|
|
74
|
+
| `keel_cloud_set_secret` | Vault a secret (injected on next deploy) |
|
|
75
|
+
| `keel_cloud_deploys` / `keel_cloud_export` | Deploy history and export manifest |
|
|
76
|
+
| `keel_cloud_export_sql` | Portable `.sql` dump (`local` \| `preview` \| `production`) |
|
|
77
|
+
|
|
78
|
+
```json
|
|
79
|
+
{
|
|
80
|
+
"mcpServers": {
|
|
81
|
+
"keel": {
|
|
82
|
+
"command": "npx",
|
|
83
|
+
"args": ["-y", "keel-mcp"],
|
|
84
|
+
"env": {
|
|
85
|
+
"KEEL_CLOUD_TOKEN": "kc_…",
|
|
86
|
+
"KEEL_CLOUD_URL": "https://app.keeljs.cloud"
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
```
|
|
92
|
+
|
|
64
93
|
### Resources
|
|
65
94
|
|
|
66
95
|
- `keel://overview` — the same orientation text as `keel_overview`
|
|
@@ -75,6 +104,13 @@ package, so it always matches your installed version.
|
|
|
75
104
|
4. `keel_scaffold { kind: "controller", name: "Post", resource: true }` → get the stub.
|
|
76
105
|
5. Write the file, add the route, run `npm run typecheck`.
|
|
77
106
|
|
|
107
|
+
### A typical Keel Cloud loop
|
|
108
|
+
|
|
109
|
+
1. `keel_cloud_create_site { name: "Acme", preset: "app" }`
|
|
110
|
+
2. Edit the returned `storage_path` (real Keel app + git)
|
|
111
|
+
3. `keel_cloud_preview { site_id }`
|
|
112
|
+
4. `keel_cloud_publish { site_id, confirm: true }` after the user approves
|
|
113
|
+
|
|
78
114
|
## `llms.txt` and `llms-full.txt`
|
|
79
115
|
|
|
80
116
|
At the package root:
|
package/docs/billing.md
CHANGED
|
@@ -157,6 +157,15 @@ const intent = await user.createSetupIntent(); // return intent.clientSecret to
|
|
|
157
157
|
const methods = await user.paymentMethods();
|
|
158
158
|
```
|
|
159
159
|
|
|
160
|
+
### Customer portal (Stripe)
|
|
161
|
+
|
|
162
|
+
Send the customer to Stripe's hosted portal to update their card or cancel:
|
|
163
|
+
|
|
164
|
+
```ts
|
|
165
|
+
const portal = await user.billingPortal("https://app.example.com/billing");
|
|
166
|
+
// redirect to portal.url
|
|
167
|
+
```
|
|
168
|
+
|
|
160
169
|
These are Stripe-only capabilities; calling them on the Paddle gateway throws a
|
|
161
170
|
`BillingError` (Paddle collects cards in its own hosted checkout).
|
|
162
171
|
|
|
@@ -251,7 +260,7 @@ real gateway from `config/billing.ts` and `.env`.
|
|
|
251
260
|
|---------|--------|--------|
|
|
252
261
|
| Create a subscription server-side | `create(pmId)` | Not supported — use `checkout()`; the webhook creates the local row |
|
|
253
262
|
| One-off `charge()` | Confirms a PaymentIntent | Not supported — use `checkout({ mode })` / transactions |
|
|
254
|
-
| SetupIntent / `paymentMethods()` | Supported | Throws `BillingError` (hosted checkout) |
|
|
263
|
+
| SetupIntent / `paymentMethods()` / `billingPortal()` | Supported | Throws `BillingError` (hosted checkout) |
|
|
255
264
|
| Checkout handle | `session.url` (redirect) | `session.clientToken` (overlay/inline) |
|
|
256
265
|
| Webhook signature | `Stripe-Signature: t=…,v1=…` | `Paddle-Signature: ts=…;h1=…` |
|
|
257
266
|
|
package/docs/changelog.md
CHANGED
|
@@ -4,6 +4,23 @@ All notable changes to Keel are documented here. The format follows
|
|
|
4
4
|
[Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and the project aims to
|
|
5
5
|
adhere to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
6
6
|
|
|
7
|
+
## [0.83.4] — 2026-07-13
|
|
8
|
+
|
|
9
|
+
### Added
|
|
10
|
+
|
|
11
|
+
- **MCP Cloud tools** (`keel_cloud_*`) — when `KEEL_CLOUD_TOKEN` is set,
|
|
12
|
+
`keel-mcp` registers create/list/preview/publish/secrets/export tools against
|
|
13
|
+
a Keel Cloud control plane. Documented in [Building with AI](./docs/ai.md).
|
|
14
|
+
- **`tokensMigration()`** — personal access tokens schema helper for apps that
|
|
15
|
+
need the table via `keel migrate`.
|
|
16
|
+
- **Billing customer portal** — `user.billingPortal(returnUrl)` (Stripe + Fake
|
|
17
|
+
gateway); opens the hosted portal to manage card / cancel.
|
|
18
|
+
- **Hosting guide** — [`docs/hosting.md`](./docs/hosting.md) + example harness
|
|
19
|
+
for `@shaferllc/keel/hosting`.
|
|
20
|
+
- **Tests** for gates, hosting, billing portal, and `tokensMigration`.
|
|
21
|
+
|
|
22
|
+
[0.83.4]: https://github.com/shaferllc/keel/releases/tag/v0.83.4
|
|
23
|
+
|
|
7
24
|
## [0.83.3] — 2026-07-12
|
|
8
25
|
|
|
9
26
|
### Added
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
// Type-check harness for docs/hosting.md. Compile-only — never executed.
|
|
2
|
+
import type { Connection } from "@shaferllc/keel/core";
|
|
3
|
+
import {
|
|
4
|
+
CloudflareClient,
|
|
5
|
+
cloudflareConfigured,
|
|
6
|
+
normalizeHostname,
|
|
7
|
+
isValidHostname,
|
|
8
|
+
zoneCandidates,
|
|
9
|
+
dumpConnection,
|
|
10
|
+
normalizeSecretKey,
|
|
11
|
+
encryptSecretValue,
|
|
12
|
+
decryptSecretValue,
|
|
13
|
+
resolveSecretRows,
|
|
14
|
+
} from "@shaferllc/keel/hosting";
|
|
15
|
+
|
|
16
|
+
export function client() {
|
|
17
|
+
const creds = { accountId: "acct", apiToken: "tok" };
|
|
18
|
+
if (!cloudflareConfigured(creds)) throw new Error("missing");
|
|
19
|
+
return new CloudflareClient(creds);
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
export function hostnames(raw: string) {
|
|
23
|
+
const host = normalizeHostname(raw);
|
|
24
|
+
return { host, valid: isValidHostname(host), zones: zoneCandidates(host) };
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
export async function dump(conn: Connection) {
|
|
28
|
+
return dumpConnection(conn, "Acme local D1", { generatedBy: "Keel Cloud" });
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
export async function vault(secret: string) {
|
|
32
|
+
const key = normalizeSecretKey("stripe-secret-key");
|
|
33
|
+
const encrypted = await encryptSecretValue(secret, "app-secret");
|
|
34
|
+
const plain = await decryptSecretValue(encrypted, "app-secret");
|
|
35
|
+
const env = await resolveSecretRows([{ key, value_encrypted: encrypted }], "app-secret");
|
|
36
|
+
return { key, plain, env };
|
|
37
|
+
}
|
package/docs/hosting.md
ADDED
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
# Hosting
|
|
2
|
+
|
|
3
|
+
Keel Hosting is a small toolkit for **hosted Workers / D1 apps**: a Cloudflare
|
|
4
|
+
REST client, hostname helpers, a SQLite-compatible SQL dump, and purpose-scoped
|
|
5
|
+
secret encryption. It ships as `@shaferllc/keel/hosting`.
|
|
6
|
+
|
|
7
|
+
This is infrastructure — not a control plane. Site orchestration, plans, and
|
|
8
|
+
deploy loops live in your app (for example Keel Cloud).
|
|
9
|
+
|
|
10
|
+
## Install
|
|
11
|
+
|
|
12
|
+
```ts
|
|
13
|
+
import {
|
|
14
|
+
CloudflareClient,
|
|
15
|
+
cloudflareConfigured,
|
|
16
|
+
normalizeHostname,
|
|
17
|
+
isValidHostname,
|
|
18
|
+
zoneCandidates,
|
|
19
|
+
dumpConnection,
|
|
20
|
+
normalizeSecretKey,
|
|
21
|
+
encryptSecretValue,
|
|
22
|
+
decryptSecretValue,
|
|
23
|
+
resolveSecretRows,
|
|
24
|
+
} from "@shaferllc/keel/hosting";
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
No service provider — import what you need.
|
|
28
|
+
|
|
29
|
+
## Cloudflare
|
|
30
|
+
|
|
31
|
+
```ts
|
|
32
|
+
const creds = {
|
|
33
|
+
accountId: process.env.CF_ACCOUNT_ID!,
|
|
34
|
+
apiToken: process.env.CF_API_TOKEN!,
|
|
35
|
+
};
|
|
36
|
+
|
|
37
|
+
if (!cloudflareConfigured(creds)) {
|
|
38
|
+
throw new Error("Cloudflare credentials missing");
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
const cf = new CloudflareClient(creds);
|
|
42
|
+
const db = await cf.createD1Database("kc-acme");
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
Credentials are constructor args — no app config coupling. Optional
|
|
46
|
+
`pinnedZoneId` / `pinnedZoneName` skip a zone lookup when you already know the
|
|
47
|
+
primary zone.
|
|
48
|
+
|
|
49
|
+
## Hostnames
|
|
50
|
+
|
|
51
|
+
```ts
|
|
52
|
+
const host = normalizeHostname("https://App.Example.com/"); // "app.example.com"
|
|
53
|
+
isValidHostname(host); // true
|
|
54
|
+
zoneCandidates(host); // ["app.example.com", "example.com"]
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
`zoneCandidates` walks from most-specific to apex — useful when attaching a
|
|
58
|
+
Workers Custom Domain and you need to find which zone owns the name.
|
|
59
|
+
|
|
60
|
+
## SQL dump
|
|
61
|
+
|
|
62
|
+
Dump any SQLite-compatible `Connection` to a portable `.sql` script (schema +
|
|
63
|
+
data). Useful for export / escape hatches:
|
|
64
|
+
|
|
65
|
+
```ts
|
|
66
|
+
import { db } from "@shaferllc/keel/core";
|
|
67
|
+
import { dumpConnection } from "@shaferllc/keel/hosting";
|
|
68
|
+
|
|
69
|
+
const sql = await dumpConnection(db(), "Acme local D1", { generatedBy: "Keel Cloud" });
|
|
70
|
+
// write sql to a .sql file; restore with sqlite3 / D1 import
|
|
71
|
+
```
|
|
72
|
+
|
|
73
|
+
## Secrets
|
|
74
|
+
|
|
75
|
+
Encrypt vault values with Keel's purpose-scoped encryption (`config('app.key')`
|
|
76
|
+
must be set). Keys are normalized to `ENV_STYLE` identifiers:
|
|
77
|
+
|
|
78
|
+
```ts
|
|
79
|
+
const key = normalizeSecretKey("stripe-secret-key"); // "STRIPE_SECRET_KEY"
|
|
80
|
+
const encrypted = await encryptSecretValue(secret, "app-secret");
|
|
81
|
+
const plain = await decryptSecretValue(encrypted, "app-secret");
|
|
82
|
+
|
|
83
|
+
const env = await resolveSecretRows(
|
|
84
|
+
[{ key: "STRIPE_SECRET_KEY", value_encrypted: encrypted }],
|
|
85
|
+
"app-secret",
|
|
86
|
+
);
|
|
87
|
+
// { STRIPE_SECRET_KEY: "…" }
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
Your app owns the table of rows (`owner_id`, `key`, `value_encrypted`); hosting
|
|
91
|
+
only encrypts and decrypts.
|
|
92
|
+
|
|
93
|
+
## Related
|
|
94
|
+
|
|
95
|
+
- [Gates](./gates.md) — private-alpha signup gating used by hosted control planes
|
|
96
|
+
- [Starter kits](./starter-kits.md) — presets Cloud scaffolds from
|
|
97
|
+
- [Building with AI](./ai.md) — MCP Cloud tools (`keel_cloud_*`) that drive hosting
|
package/llms-full.txt
CHANGED
|
@@ -4725,6 +4725,35 @@ package, so it always matches your installed version.
|
|
|
4725
4725
|
| `keel_list_generators` | The `keel make:*` generators, what they produce, and their flags. |
|
|
4726
4726
|
| `keel_scaffold` | Generate a controller/provider/middleware/factory/seeder/job/notification/transformer stub. Returns code + target path — it does **not** write to disk. |
|
|
4727
4727
|
|
|
4728
|
+
When `KEEL_CLOUD_TOKEN` (and optional `KEEL_CLOUD_URL`) is set, Cloud tools are
|
|
4729
|
+
also registered:
|
|
4730
|
+
|
|
4731
|
+
| Tool | What it does |
|
|
4732
|
+
|------|--------------|
|
|
4733
|
+
| `keel_cloud_me` | Authenticated Cloud user |
|
|
4734
|
+
| `keel_cloud_list_sites` / `keel_cloud_get_site` | List or fetch a site (includes `storage_path`) |
|
|
4735
|
+
| `keel_cloud_create_site` | Create from preset (`minimal` \| `api` \| `app` \| `saas`) |
|
|
4736
|
+
| `keel_cloud_preview` | Deploy preview Worker |
|
|
4737
|
+
| `keel_cloud_publish` | Publish production — requires `confirm: true` |
|
|
4738
|
+
| `keel_cloud_set_secret` | Vault a secret (injected on next deploy) |
|
|
4739
|
+
| `keel_cloud_deploys` / `keel_cloud_export` | Deploy history and export manifest |
|
|
4740
|
+
| `keel_cloud_export_sql` | Portable `.sql` dump (`local` \| `preview` \| `production`) |
|
|
4741
|
+
|
|
4742
|
+
```json
|
|
4743
|
+
{
|
|
4744
|
+
"mcpServers": {
|
|
4745
|
+
"keel": {
|
|
4746
|
+
"command": "npx",
|
|
4747
|
+
"args": ["-y", "keel-mcp"],
|
|
4748
|
+
"env": {
|
|
4749
|
+
"KEEL_CLOUD_TOKEN": "kc_…",
|
|
4750
|
+
"KEEL_CLOUD_URL": "https://app.keeljs.cloud"
|
|
4751
|
+
}
|
|
4752
|
+
}
|
|
4753
|
+
}
|
|
4754
|
+
}
|
|
4755
|
+
```
|
|
4756
|
+
|
|
4728
4757
|
### Resources
|
|
4729
4758
|
|
|
4730
4759
|
- `keel://overview` — the same orientation text as `keel_overview`
|
|
@@ -4739,6 +4768,13 @@ package, so it always matches your installed version.
|
|
|
4739
4768
|
4. `keel_scaffold { kind: "controller", name: "Post", resource: true }` → get the stub.
|
|
4740
4769
|
5. Write the file, add the route, run `npm run typecheck`.
|
|
4741
4770
|
|
|
4771
|
+
### A typical Keel Cloud loop
|
|
4772
|
+
|
|
4773
|
+
1. `keel_cloud_create_site { name: "Acme", preset: "app" }`
|
|
4774
|
+
2. Edit the returned `storage_path` (real Keel app + git)
|
|
4775
|
+
3. `keel_cloud_preview { site_id }`
|
|
4776
|
+
4. `keel_cloud_publish { site_id, confirm: true }` after the user approves
|
|
4777
|
+
|
|
4742
4778
|
## `llms.txt` and `llms-full.txt`
|
|
4743
4779
|
|
|
4744
4780
|
At the package root:
|
|
@@ -5716,6 +5752,15 @@ const intent = await user.createSetupIntent(); // return intent.clientSecret to
|
|
|
5716
5752
|
const methods = await user.paymentMethods();
|
|
5717
5753
|
```
|
|
5718
5754
|
|
|
5755
|
+
### Customer portal (Stripe)
|
|
5756
|
+
|
|
5757
|
+
Send the customer to Stripe's hosted portal to update their card or cancel:
|
|
5758
|
+
|
|
5759
|
+
```ts
|
|
5760
|
+
const portal = await user.billingPortal("https://app.example.com/billing");
|
|
5761
|
+
// redirect to portal.url
|
|
5762
|
+
```
|
|
5763
|
+
|
|
5719
5764
|
These are Stripe-only capabilities; calling them on the Paddle gateway throws a
|
|
5720
5765
|
`BillingError` (Paddle collects cards in its own hosted checkout).
|
|
5721
5766
|
|
|
@@ -5810,7 +5855,7 @@ real gateway from `config/billing.ts` and `.env`.
|
|
|
5810
5855
|
|---------|--------|--------|
|
|
5811
5856
|
| Create a subscription server-side | `create(pmId)` | Not supported — use `checkout()`; the webhook creates the local row |
|
|
5812
5857
|
| One-off `charge()` | Confirms a PaymentIntent | Not supported — use `checkout({ mode })` / transactions |
|
|
5813
|
-
| SetupIntent / `paymentMethods()` | Supported | Throws `BillingError` (hosted checkout) |
|
|
5858
|
+
| SetupIntent / `paymentMethods()` / `billingPortal()` | Supported | Throws `BillingError` (hosted checkout) |
|
|
5814
5859
|
| Checkout handle | `session.url` (redirect) | `session.clientToken` (overlay/inline) |
|
|
5815
5860
|
| Webhook signature | `Stripe-Signature: t=…,v1=…` | `Paddle-Signature: ts=…;h1=…` |
|
|
5816
5861
|
|
|
@@ -10679,6 +10724,110 @@ The signature of `onReady` / `onShutdown` hooks.
|
|
|
10679
10724
|
|
|
10680
10725
|
|
|
10681
10726
|
|
|
10727
|
+
---
|
|
10728
|
+
|
|
10729
|
+
<!-- source: docs/hosting.md -->
|
|
10730
|
+
|
|
10731
|
+
# Hosting
|
|
10732
|
+
|
|
10733
|
+
Keel Hosting is a small toolkit for **hosted Workers / D1 apps**: a Cloudflare
|
|
10734
|
+
REST client, hostname helpers, a SQLite-compatible SQL dump, and purpose-scoped
|
|
10735
|
+
secret encryption. It ships as `@shaferllc/keel/hosting`.
|
|
10736
|
+
|
|
10737
|
+
This is infrastructure — not a control plane. Site orchestration, plans, and
|
|
10738
|
+
deploy loops live in your app (for example Keel Cloud).
|
|
10739
|
+
|
|
10740
|
+
## Install
|
|
10741
|
+
|
|
10742
|
+
```ts
|
|
10743
|
+
import {
|
|
10744
|
+
CloudflareClient,
|
|
10745
|
+
cloudflareConfigured,
|
|
10746
|
+
normalizeHostname,
|
|
10747
|
+
isValidHostname,
|
|
10748
|
+
zoneCandidates,
|
|
10749
|
+
dumpConnection,
|
|
10750
|
+
normalizeSecretKey,
|
|
10751
|
+
encryptSecretValue,
|
|
10752
|
+
decryptSecretValue,
|
|
10753
|
+
resolveSecretRows,
|
|
10754
|
+
} from "@shaferllc/keel/hosting";
|
|
10755
|
+
```
|
|
10756
|
+
|
|
10757
|
+
No service provider — import what you need.
|
|
10758
|
+
|
|
10759
|
+
## Cloudflare
|
|
10760
|
+
|
|
10761
|
+
```ts
|
|
10762
|
+
const creds = {
|
|
10763
|
+
accountId: process.env.CF_ACCOUNT_ID!,
|
|
10764
|
+
apiToken: process.env.CF_API_TOKEN!,
|
|
10765
|
+
};
|
|
10766
|
+
|
|
10767
|
+
if (!cloudflareConfigured(creds)) {
|
|
10768
|
+
throw new Error("Cloudflare credentials missing");
|
|
10769
|
+
}
|
|
10770
|
+
|
|
10771
|
+
const cf = new CloudflareClient(creds);
|
|
10772
|
+
const db = await cf.createD1Database("kc-acme");
|
|
10773
|
+
```
|
|
10774
|
+
|
|
10775
|
+
Credentials are constructor args — no app config coupling. Optional
|
|
10776
|
+
`pinnedZoneId` / `pinnedZoneName` skip a zone lookup when you already know the
|
|
10777
|
+
primary zone.
|
|
10778
|
+
|
|
10779
|
+
## Hostnames
|
|
10780
|
+
|
|
10781
|
+
```ts
|
|
10782
|
+
const host = normalizeHostname("https://App.Example.com/"); // "app.example.com"
|
|
10783
|
+
isValidHostname(host); // true
|
|
10784
|
+
zoneCandidates(host); // ["app.example.com", "example.com"]
|
|
10785
|
+
```
|
|
10786
|
+
|
|
10787
|
+
`zoneCandidates` walks from most-specific to apex — useful when attaching a
|
|
10788
|
+
Workers Custom Domain and you need to find which zone owns the name.
|
|
10789
|
+
|
|
10790
|
+
## SQL dump
|
|
10791
|
+
|
|
10792
|
+
Dump any SQLite-compatible `Connection` to a portable `.sql` script (schema +
|
|
10793
|
+
data). Useful for export / escape hatches:
|
|
10794
|
+
|
|
10795
|
+
```ts
|
|
10796
|
+
import { db } from "@shaferllc/keel/core";
|
|
10797
|
+
import { dumpConnection } from "@shaferllc/keel/hosting";
|
|
10798
|
+
|
|
10799
|
+
const sql = await dumpConnection(db(), "Acme local D1", { generatedBy: "Keel Cloud" });
|
|
10800
|
+
// write sql to a .sql file; restore with sqlite3 / D1 import
|
|
10801
|
+
```
|
|
10802
|
+
|
|
10803
|
+
## Secrets
|
|
10804
|
+
|
|
10805
|
+
Encrypt vault values with Keel's purpose-scoped encryption (`config('app.key')`
|
|
10806
|
+
must be set). Keys are normalized to `ENV_STYLE` identifiers:
|
|
10807
|
+
|
|
10808
|
+
```ts
|
|
10809
|
+
const key = normalizeSecretKey("stripe-secret-key"); // "STRIPE_SECRET_KEY"
|
|
10810
|
+
const encrypted = await encryptSecretValue(secret, "app-secret");
|
|
10811
|
+
const plain = await decryptSecretValue(encrypted, "app-secret");
|
|
10812
|
+
|
|
10813
|
+
const env = await resolveSecretRows(
|
|
10814
|
+
[{ key: "STRIPE_SECRET_KEY", value_encrypted: encrypted }],
|
|
10815
|
+
"app-secret",
|
|
10816
|
+
);
|
|
10817
|
+
// { STRIPE_SECRET_KEY: "…" }
|
|
10818
|
+
```
|
|
10819
|
+
|
|
10820
|
+
Your app owns the table of rows (`owner_id`, `key`, `value_encrypted`); hosting
|
|
10821
|
+
only encrypts and decrypts.
|
|
10822
|
+
|
|
10823
|
+
## Related
|
|
10824
|
+
|
|
10825
|
+
- [Gates](./gates.md) — private-alpha signup gating used by hosted control planes
|
|
10826
|
+
- [Starter kits](./starter-kits.md) — presets Cloud scaffolds from
|
|
10827
|
+
- [Building with AI](./ai.md) — MCP Cloud tools (`keel_cloud_*`) that drive hosting
|
|
10828
|
+
|
|
10829
|
+
|
|
10830
|
+
|
|
10682
10831
|
---
|
|
10683
10832
|
|
|
10684
10833
|
<!-- source: docs/i18n.md -->
|
package/llms.txt
CHANGED
|
@@ -37,6 +37,7 @@ Userland imports everything from `@shaferllc/keel/core`.
|
|
|
37
37
|
- [Helpers](https://github.com/shaferllc/keel/blob/main/docs/helpers.md): Keel gives you a handful of global helper functions so you can reach the running application from anywhere — a route handler, a model, a plain function — without threading a container reference through every call.
|
|
38
38
|
- [Built on Hono](https://github.com/shaferllc/keel/blob/main/docs/hono.md): Keel's HTTP layer is Hono — an ultrafast, web-standard router that runs on Node, Cloudflare Workers, Deno, Bun, and more.
|
|
39
39
|
- [Lifecycle Hooks](https://github.com/shaferllc/keel/blob/main/docs/hooks.md): Tap into the application lifecycle — run code once the app is ready, clean up on shutdown, and observe route registration.
|
|
40
|
+
- [Hosting](https://github.com/shaferllc/keel/blob/main/docs/hosting.md): Keel Hosting is a small toolkit for hosted Workers / D1 apps: a Cloudflare REST client, hostname helpers, a SQLite-compatible SQL dump, and purpose-scoped secret encryption.
|
|
40
41
|
- [Internationalization](https://github.com/shaferllc/keel/blob/main/docs/i18n.md): Translations with ICU message formatting, plus the Intl formatters that go with them.
|
|
41
42
|
- [Inertia](https://github.com/shaferllc/keel/blob/main/docs/inertia.md): Keel ships a server-side Inertia.js adapter.
|
|
42
43
|
- [Locks](https://github.com/shaferllc/keel/blob/main/docs/locks.md): "Only one of you may do this at a time" — across processes, across nodes.
|
|
@@ -104,6 +105,7 @@ Every topic has a runnable, type-checked example:
|
|
|
104
105
|
- [Helpers example](https://github.com/shaferllc/keel/blob/main/docs/examples/helpers.ts)
|
|
105
106
|
- [Built on Hono example](https://github.com/shaferllc/keel/blob/main/docs/examples/hono.ts)
|
|
106
107
|
- [Lifecycle Hooks example](https://github.com/shaferllc/keel/blob/main/docs/examples/hooks.ts)
|
|
108
|
+
- [Hosting example](https://github.com/shaferllc/keel/blob/main/docs/examples/hosting.ts)
|
|
107
109
|
- [Internationalization example](https://github.com/shaferllc/keel/blob/main/docs/examples/i18n.ts)
|
|
108
110
|
- [Inertia example](https://github.com/shaferllc/keel/blob/main/docs/examples/inertia.ts)
|
|
109
111
|
- [Locks example](https://github.com/shaferllc/keel/blob/main/docs/examples/locks.ts)
|
package/package.json
CHANGED