@solcreek/cli 0.4.21 → 0.4.22

package/dist/commands/init.js

@@ -5,21 +5,39 @@ import { join, basename } from "node:path";
 import { stringify } from "smol-toml";
 import { detectFramework } from "@solcreek/sdk";
 import { globalArgs, resolveJsonMode, jsonOutput, shouldAutoConfirm } from "../utils/output.js";
+import { readHosts, writeHosts, upsertHost, HOSTS_SCHEMA_VERSION } from "../utils/hosts.js";
+import { fetchHostkey, parsePastedFingerprint, HostkeyResponseError, } from "../utils/hostkey.js";
+import { ensureGitignoreEntries } from "../utils/gitignore.js";
 export const initCommand = defineCommand({
     meta: {
         name: "init",
-        description: "Initialize a new Creek project",
+        description: "Initialize a new Creek project (or register a self-host creekd via --adopt / --hostkey-fingerprint)",
     },
     args: {
         name: {
             type: "string",
-            description: "Project name",
+            description: "Project name (project init) OR host short-name (self-host init)",
+            required: false,
+        },
+        adopt: {
+            type: "string",
+            description: "TOFU-pin a creekd host at <addr> (Path B). Fetches GET /v1/hostkey, prompts to verify, writes ~/.creek/hosts.json.",
+            required: false,
+        },
+        "hostkey-fingerprint": {
+            type: "string",
+            description: "Out-of-band fingerprint paste (Path C). \"sha256:<hex>\" — pasted from provider console or paper bundle. Requires --adopt for the addr.",
             required: false,
         },
         ...globalArgs,
     },
     async run({ args }) {
         const jsonMode = resolveJsonMode(args);
+        // Self-host registration path — DESIGN §"TOFU hostkey discovery".
+        // Diverges from project-init entirely; mutually exclusive paths.
+        if (args.adopt || args["hostkey-fingerprint"]) {
+            return await initHostAdopt(args.adopt, args["hostkey-fingerprint"], args.name, jsonMode, shouldAutoConfirm(args));
+        }
         const cwd = process.cwd();
         const configPath = join(cwd, "creek.toml");
         if (existsSync(configPath)) {
@@ -62,6 +80,7 @@ export const initCommand = defineCommand({
             ...(useDb ? { resources: { database: true } } : {}),
         };
         writeFileSync(configPath, stringify(config));
+        ensureGitignoreEntries(cwd);
         // Scaffold worker + d1-schema example when database enabled
         if (useDb) {
             const workerDir = join(cwd, "worker");
@@ -122,4 +141,141 @@ export default app;
         }
     },
 });
+/**
+ * Self-host adopt flow per DESIGN §"TOFU hostkey discovery".
+ *
+ * Two paths:
+ *
+ *   Path B: --adopt=<addr> [--name <name>]
+ *     Fetches GET /v1/hostkey, recomputes the fingerprint from the
+ *     returned publicKey, prompts the operator to verify against
+ *     the provider console / paper bundle, and writes the pinned
+ *     entry to ~/.creek/hosts.json. Operator MUST visually
+ *     confirm — MITM on first contact is otherwise undetectable.
+ *
+ *   Path C: --hostkey-fingerprint=<sha256:...> --adopt=<addr>
+ *     The operator has the fingerprint from out-of-band (provider
+ *     console, paper bundle, etc.). We still fetch GET /v1/hostkey
+ *     to capture the publicKey bytes + verify the daemon
+ *     self-reports the same fingerprint, but the trust comes from
+ *     the operator's paste, not from the wire.
+ *
+ * Path A (capstan-provisioned) is deferred — needs capstan
+ * integration.
+ */
+async function initHostAdopt(addr, pastedFingerprint, hostName, jsonMode, autoConfirm) {
+    if (!addr) {
+        const msg = "--hostkey-fingerprint requires --adopt=<addr> for the daemon to talk to";
+        if (jsonMode)
+            jsonOutput({ ok: false, error: "missing_addr", message: msg }, 1, []);
+        consola.error(msg);
+        process.exit(1);
+    }
+    const name = hostName ?? defaultHostName(addr);
+    // Path C — validate the pasted fingerprint shape BEFORE talking
+    // to the network. If the paste is malformed there's no point
+    // continuing.
+    let expectFingerprint;
+    if (pastedFingerprint) {
+        try {
+            expectFingerprint = parsePastedFingerprint(pastedFingerprint);
+        }
+        catch (e) {
+            const msg = e instanceof Error ? e.message : String(e);
+            if (jsonMode)
+                jsonOutput({ ok: false, error: "bad_fingerprint_paste", message: msg }, 1, []);
+            consola.error(msg);
+            process.exit(1);
+        }
+    }
+    // Fetch the daemon's hostkey. validateHostkey() inside
+    // fetchHostkey recomputes the fingerprint from the returned
+    // publicKey — protects against a daemon that lies about its own
+    // fingerprint.
+    let info;
+    try {
+        info = await fetchHostkey(addr);
+    }
+    catch (e) {
+        if (e instanceof HostkeyResponseError) {
+            if (jsonMode)
+                jsonOutput({ ok: false, error: "hostkey_fetch_failed", message: e.message }, 1, []);
+            consola.error(e.message);
+            process.exit(1);
+        }
+        const msg = e instanceof Error ? e.message : String(e);
+        if (jsonMode)
+            jsonOutput({ ok: false, error: "hostkey_fetch_failed", message: msg }, 1, []);
+        consola.error(`failed to fetch hostkey from ${addr}: ${msg}`);
+        process.exit(1);
+    }
+    // Path C — the paste MUST match the wire fingerprint. Mismatch
+    // means either the wire is being MITM'd (the dangerous case) or
+    // the paste was for a different host (the human-error case).
+    // Either way refuse to pin.
+    if (expectFingerprint && expectFingerprint !== info.fingerprint) {
+        const msg = `fingerprint mismatch: pasted ${expectFingerprint}, daemon at ${addr} returned ${info.fingerprint}`;
+        if (jsonMode)
+            jsonOutput({ ok: false, error: "hostkey_fingerprint_mismatch", message: msg, expected: expectFingerprint, got: info.fingerprint }, 1, []);
+        consola.error(msg);
+        consola.info("Possible MITM on first-contact wire, or you pasted the wrong fingerprint. Verify against provider console before retrying.");
+        process.exit(1);
+    }
+    // Path B — no paste. Prompt the operator to verify out-of-band
+    // before pinning. Auto-confirm bypass only fires in non-TTY
+    // (CI / scripts that have already verified externally).
+    if (!expectFingerprint && !autoConfirm) {
+        consola.info(`Fingerprint from ${addr}:`);
+        consola.info(`  ${info.fingerprint}`);
+        consola.info("");
+        consola.info("Verify this matches the provider console / serial output / paper bundle BEFORE confirming.");
+        const ok = (await consola.prompt("Pin this host?", { type: "confirm" }));
+        if (!ok) {
+            if (jsonMode)
+                jsonOutput({ ok: false, error: "user_aborted", message: "operator declined to pin fingerprint" }, 1, []);
+            consola.warn("Aborted — host not pinned.");
+            process.exit(1);
+        }
+    }
+    // Persist. upsertHost replaces by name; the operator can re-run
+    // with the same --adopt to refresh lastSeen.
+    const entry = {
+        name,
+        addr,
+        creekdPubkey: info.publicKey,
+        fingerprint: info.fingerprint,
+        lastSeen: new Date().toISOString(),
+    };
+    const file = readHosts();
+    const next = upsertHost(file, entry);
+    writeHosts(next);
+    if (jsonMode) {
+        jsonOutput({
+            ok: true,
+            name,
+            addr,
+            fingerprint: info.fingerprint,
+            path: "~/.creek/hosts.json",
+        }, 0, [
+            { command: `creek deploy --host ${name}`, description: "Deploy to this host" },
+        ]);
+    }
+    consola.success(`Pinned ${name} → ${addr}`);
+    consola.info(`  fingerprint: ${info.fingerprint}`);
+    console.log("");
+    consola.info("  Next steps:");
+    consola.info(`    creek deploy --host ${name}    Deploy to this host`);
+    void HOSTS_SCHEMA_VERSION; // re-exported for tests; silence "imported but unused" guards in some setups
+}
+/**
+ * Derive a short host name from the adopt address. e.g.
+ *   --adopt=5.75.231.44:9080 → "h-5-75-231-44"
+ *   --adopt=my.host.dev      → "h-my-host-dev"
+ * Operator may override via --name.
+ */
+function defaultHostName(addr) {
+    const noScheme = addr.replace(/^https?:\/\//, "").replace(/[:/].*$/, "");
+    const safe = noScheme.replace(/[^a-z0-9]/gi, "-").toLowerCase();
+    return `h-${safe}`;
+}
 //# sourceMappingURL=init.js.map

package/dist/commands/logs.d.ts

@@ -71,5 +71,17 @@ export declare const logsCommand: import("citty").CommandDef<{
         type: "boolean";
         description: string;
     };
+    server: {
+        type: "string";
+        description: string;
+    };
+    "creekd-token": {
+        type: "string";
+        description: string;
+    };
+    tail: {
+        type: "string";
+        description: string;
+    };
 }>;
 //# sourceMappingURL=logs.d.ts.map

package/dist/commands/logs.js

@@ -5,6 +5,7 @@ import { CreekClient, resolveConfig, ConfigNotFoundError, } from "@solcreek/sdk"
 import { getToken, getApiUrl } from "../utils/config.js";
 import { globalArgs, resolveJsonMode, jsonOutput, AUTH_BREADCRUMBS, NO_PROJECT_BREADCRUMBS, } from "../utils/output.js";
 import { matchesClientSide, describeFilters, safeStringify as ssExport } from "./logs-filter.js";
+import { CreekdClient, CreekdApiError, getCreekdUrl } from "../utils/creekd-client.js";
 /**
  * `creek logs` — read structured tenant logs from R2 archive.
  *
@@ -26,7 +27,7 @@ import { matchesClientSide, describeFilters, safeStringify as ssExport } from ".
 export const logsCommand = defineCommand({
     meta: {
         name: "logs",
-        description: "Read recent log entries for a project",
+        description: "Read recent log entries for a project. Only worker invocations appear — edge-cached requests don't invoke the worker and won't show here. Use `creek metrics` for total traffic including cache hits.",
     },
     args: {
         project: {
@@ -73,10 +74,25 @@ export const logsCommand = defineCommand({
             type: "boolean",
             description: "Live tail via WebSocket. Prints recent context first, then streams new entries until Ctrl+C.",
         },
+        server: {
+            type: "string",
+            description: "creekd admin API URL — routes to creekd log tail instead of control-plane (or $CREEKD_URL)",
+        },
+        "creekd-token": {
+            type: "string",
+            description: "Bearer token for creekd (or $CREEKD_TOKEN)",
+        },
+        tail: {
+            type: "string",
+            description: "Number of lines (creekd mode only, default 100)",
+        },
         ...globalArgs,
     },
     async run({ args }) {
         const jsonMode = resolveJsonMode(args);
+        if (args.server || process.env.CREEKD_URL) {
+            return creekdLogs(args, jsonMode);
+        }
         const token = getToken();
         if (!token) {
             if (jsonMode)
@@ -269,6 +285,38 @@ async function follow(client, projectSlug, filters, initialSeenAfter, jsonMode)
         backoffMs = Math.min(backoffMs * 2, BACKOFF_MAX_MS);
     }
 }
+async function creekdLogs(args, jsonMode) {
+    const client = new CreekdClient(args.server || getCreekdUrl(), args["creekd-token"] || process.env.CREEKD_TOKEN || process.env.CREEKCTL_TOKEN || "");
+    const id = args.project || args.id;
+    if (!id) {
+        if (jsonMode)
+            jsonOutput({ ok: false, error: "missing_id", message: "App ID required" }, 1, [
+                { command: "creek logs --server <url> --project <id>", description: "Specify app ID" },
+            ]);
+        consola.error("App ID required. Use --project <id>.");
+        process.exit(1);
+    }
+    const tail = args.tail ? Number(args.tail) : 100;
+    try {
+        const text = await client.getAppLogs(id, tail);
+        if (jsonMode) {
+            const lines = text.split("\n").filter(Boolean);
+            jsonOutput({ ok: true, app_id: id, lines, count: lines.length }, 0, [
+                { command: `creek logs --server ${args.server || getCreekdUrl()} --project ${id} --follow`, description: "Stream live logs" },
+            ]);
+        }
+        printCreekdLogs(text);
+    }
+    catch (err) {
+        if (err instanceof CreekdApiError) {
+            if (jsonMode)
+                jsonOutput({ ok: false, error: err.code, message: err.message }, 1);
+            consola.error(err.status === 404 ? `App "${id}" not found.` : `Logs failed: ${err.message}`);
+            process.exit(1);
+        }
+        throw err;
+    }
+}
 function sleep(ms) {
     return new Promise((r) => setTimeout(r, ms));
 }
@@ -355,4 +403,24 @@ function printEntry(entry) {
 // safeStringify lives in logs-filter.js (re-exported for nested
 // console.log message rendering in printEntry below).
 const safeStringify = ssExport;
+function printCreekdLogs(text) {
+    const lines = text.split("\n").filter(Boolean);
+    for (const line of lines) {
+        let rec;
+        try {
+            rec = JSON.parse(line);
+        }
+        catch {
+            process.stdout.write(line + "\n");
+            continue;
+        }
+        const ts = rec.ts
+            ? color(new Date(rec.ts).toISOString().replace("T", " ").slice(0, 23), "dim")
+            : "";
+        const stream = rec.stream === "stderr"
+            ? color("err", "red")
+            : color("out", "cyan");
+        process.stdout.write(`${ts} ${stream} ${rec.msg ?? ""}\n`);
+    }
+}
 //# sourceMappingURL=logs.js.map

package/dist/commands/restart.d.ts

@@ -0,0 +1,26 @@
+export declare const restartCommand: import("citty").CommandDef<{
+    json: {
+        type: "boolean";
+        description: string;
+        default: boolean;
+    };
+    yes: {
+        type: "boolean";
+        description: string;
+        default: boolean;
+    };
+    id: {
+        type: "positional";
+        description: string;
+        required: true;
+    };
+    server: {
+        type: "string";
+        description: string;
+    };
+    token: {
+        type: "string";
+        description: string;
+    };
+}>;
+//# sourceMappingURL=restart.d.ts.map

package/dist/commands/restart.js

@@ -0,0 +1,55 @@
+import { defineCommand } from "citty";
+import consola from "consola";
+import { globalArgs, resolveJsonMode, jsonOutput } from "../utils/output.js";
+import { CreekdClient, CreekdApiError, getCreekdUrl } from "../utils/creekd-client.js";
+export const restartCommand = defineCommand({
+    meta: {
+        name: "restart",
+        description: "Restart an app on a creekd instance",
+    },
+    args: {
+        id: {
+            type: "positional",
+            description: "App ID to restart",
+            required: true,
+        },
+        server: {
+            type: "string",
+            description: "creekd admin API URL (or $CREEKD_URL)",
+        },
+        token: {
+            type: "string",
+            description: "Bearer token (or $CREEKD_TOKEN)",
+        },
+        ...globalArgs,
+    },
+    async run({ args }) {
+        const jsonMode = resolveJsonMode(args);
+        const client = new CreekdClient(args.server || getCreekdUrl(), args.token || process.env.CREEKD_TOKEN || process.env.CREEKCTL_TOKEN || "");
+        try {
+            const app = await client.restartApp(args.id);
+            if (jsonMode) {
+                jsonOutput({ ok: true, app }, 0, [
+                    { command: `creek logs ${app.id}`, description: "Stream app logs" },
+                    { command: `creek top`, description: "Live process overview" },
+                ]);
+            }
+            consola.success(`Restarted ${app.id} (pid ${app.pid})`);
+        }
+        catch (err) {
+            if (err instanceof CreekdApiError) {
+                if (jsonMode)
+                    jsonOutput({ ok: false, error: err.code, message: err.message }, 1);
+                if (err.status === 404) {
+                    consola.error(`App "${args.id}" not found.`);
+                }
+                else {
+                    consola.error(`Restart failed: ${err.message}`);
+                }
+                process.exit(1);
+            }
+            throw err;
+        }
+    },
+});
+//# sourceMappingURL=restart.js.map

package/dist/commands/rollback.d.ts

@@ -23,5 +23,18 @@ export declare const rollbackCommand: import("citty").CommandDef<{
         type: "string";
         description: string;
     };
+    host: {
+        type: "string";
+        description: string;
+    };
+    to: {
+        type: "string";
+        description: string;
+    };
+    "bypass-rv": {
+        type: "boolean";
+        description: string;
+        default: false;
+    };
 }>;
 //# sourceMappingURL=rollback.d.ts.map

package/dist/commands/rollback.js

@@ -5,6 +5,9 @@ import { getToken, getApiUrl } from "../utils/config.js";
 import { existsSync, readFileSync } from "node:fs";
 import { join } from "node:path";
 import { globalArgs, resolveJsonMode, jsonOutput, AUTH_BREADCRUMBS } from "../utils/output.js";
+import { CreekdClient, CreekdResourceVersionMismatchError } from "../utils/creekd-client.js";
+import { readHosts, findHost } from "../utils/hosts.js";
+import { cachedResourceVersion, recordLastDeploy, } from "../utils/local-cache.js";
 function getProjectSlug(args) {
     if (args?.project)
         return args.project;
@@ -23,7 +26,7 @@ export const rollbackCommand = defineCommand({
     args: {
         deployment: {
             type: "positional",
-            description: "Deployment ID to rollback to (default: previous)",
+            description: "Deployment ID to rollback to (default: previous, CF Workers target)",
             required: false,
         },
         message: {
@@ -35,10 +38,37 @@ export const rollbackCommand = defineCommand({
             type: "string",
             description: "Project slug (default: from creek.toml)",
         },
+        host: {
+            type: "string",
+            description: "Roll back on the named self-host creekd (from ~/.creek/hosts.json). Requires --to.",
+        },
+        to: {
+            type: "string",
+            description: "Target release seq for self-host rollback (--host required).",
+        },
+        "bypass-rv": {
+            type: "boolean",
+            description: "On 412 If-Match mismatch, auto-fetch current rv and retry (self-host only).",
+            default: false,
+        },
         ...globalArgs,
     },
     async run({ args }) {
         const jsonMode = resolveJsonMode(args);
+        // Self-host path — bypass the CF Workers / CreekClient flow.
+        // Mutually exclusive with the existing CF rollback semantics:
+        // --host pivots into the creekd HTTP API per
+        // DESIGN-self-host-state.md §"The Release resource".
+        if (args.host) {
+            return await rollbackSelfHost(args.host, args.to, args.project, args["bypass-rv"] === true, jsonMode);
+        }
+        if (args.to) {
+            const msg = "--to requires --host (use --deployment for CF Workers rollback)";
+            if (jsonMode)
+                jsonOutput({ ok: false, error: "missing_host", message: msg }, 1, []);
+            consola.error(msg);
+            process.exit(1);
+        }
         const token = getToken();
         if (!token) {
             if (jsonMode)
@@ -79,4 +109,161 @@ export const rollbackCommand = defineCommand({
         }
     },
 });
+/**
+ * Self-host rollback per DESIGN-self-host-state.md §"The Release
+ * resource":
+ *
+ *   creek rollback --host=<name> --to=<seq>
+ *
+ * Reads the host from ~/.creek/hosts.json (must be pinned via
+ * `creek init --adopt` first), resolves If-Match from
+ * .creek/local.json (or falls back to a fresh GET), calls
+ * POST /v1/apps/{appId}/rollback?to=<seq>, and writes the new rv
+ * back to the local cache on success.
+ *
+ * 412 behaviour: emits a structured error with the daemon's
+ * current rv. Does NOT auto-retry unless --bypass-rv is set
+ * (DESIGN §"First-party CLI MUST send If-Match": "does NOT
+ * auto-retry by default").
+ */
+async function rollbackSelfHost(hostName, toRaw, projectArg, bypassRv, jsonMode) {
+    if (!toRaw) {
+        const msg = "self-host rollback requires --to=<releaseSeq>";
+        if (jsonMode)
+            jsonOutput({ ok: false, error: "missing_to", message: msg }, 1, []);
+        consola.error(msg);
+        process.exit(1);
+    }
+    const toSeq = Number.parseInt(toRaw, 10);
+    if (!Number.isFinite(toSeq) || toSeq <= 0) {
+        const msg = `--to must be a positive integer (got "${toRaw}")`;
+        if (jsonMode)
+            jsonOutput({ ok: false, error: "bad_to", message: msg }, 1, []);
+        consola.error(msg);
+        process.exit(1);
+    }
+    // Resolve host from hosts.json.
+    const hostsFile = readHosts();
+    const host = findHost(hostsFile, hostName);
+    if (!host) {
+        const msg = `host "${hostName}" not found in ~/.creek/hosts.json (run \`creek init --adopt=<addr>\` to pin it first)`;
+        if (jsonMode)
+            jsonOutput({ ok: false, error: "host_not_pinned", message: msg, host: hostName }, 1, []);
+        consola.error(msg);
+        process.exit(1);
+    }
+    // Project name = creekd app ID.
+    const cwd = process.cwd();
+    const appId = resolveAppId(projectArg, cwd);
+    if (!appId) {
+        const msg = "no creek.toml in cwd and --project not specified";
+        if (jsonMode)
+            jsonOutput({ ok: false, error: "no_project", message: msg }, 1, []);
+        consola.error(msg);
+        process.exit(1);
+    }
+    const client = new CreekdClient(host.addr);
+    const release = await doRollbackWithIfMatch(client, appId, toSeq, cwd, host.name, bypassRv, jsonMode);
+    // The Release wire shape doesn't carry the app's new
+    // resourceVersion directly — fetch the envelope to capture it
+    // for the local cache. Failure here doesn't roll back the
+    // rollback; we just lose cache freshness and the next mutation
+    // does a fresh GET. Log and continue.
+    try {
+        const envelope = await client.getApp(appId);
+        recordLastDeploy(cwd, {
+            appId,
+            host: host.name,
+            resourceVersion: envelope.metadata.resourceVersion,
+            generation: envelope.metadata.generation,
+            at: new Date().toISOString(),
+        });
+    }
+    catch (e) {
+        if (!jsonMode) {
+            const msg = e instanceof Error ? e.message : String(e);
+            consola.warn(`rollback succeeded but local cache refresh failed: ${msg}`);
+        }
+    }
+    if (jsonMode) {
+        jsonOutput({
+            ok: true,
+            host: host.name,
+            app: appId,
+            release,
+        }, 0, [
+            { command: `creek status --host ${host.name}`, description: "Check rollback status" },
+        ]);
+    }
+    consola.success(`Rolled back ${appId} on ${host.name} to release seq ${release.spec.rolledBackFrom}`);
+    consola.info(`  new release seq: ${release.spec.releaseSeq} (phase=${release.phase})`);
+    if (release.spec.originalArtifactRelease && release.spec.originalArtifactRelease !== release.spec.rolledBackFrom) {
+        consola.info(`  original artifact: seq ${release.spec.originalArtifactRelease}`);
+    }
+}
+/**
+ * Run the rollback POST with If-Match resolved from the local
+ * cache. On 412 mismatch, either re-fetch + retry (when
+ * --bypass-rv is set) or surface a structured error so the
+ * operator can decide.
+ */
+async function doRollbackWithIfMatch(client, appId, toSeq, cwd, hostName, bypassRv, jsonMode) {
+    // Read cached rv. If absent, fall back to a fresh GET — better
+    // to send a real If-Match (gets a clean 412 on drift) than to
+    // emit Warning: 299 "unconditional-write".
+    let ifMatch = cachedResourceVersion(cwd, appId, hostName);
+    if (!ifMatch) {
+        try {
+            const envelope = await client.getApp(appId);
+            ifMatch = envelope.metadata.resourceVersion;
+        }
+        catch (e) {
+            // App might not exist on this host yet; let the rollback
+            // itself surface 404 release_artifact_pruned with full
+            // detail rather than guessing.
+            ifMatch = undefined;
+        }
+    }
+    try {
+        return await client.rollbackApp(appId, toSeq, ifMatch ? { ifMatch } : {});
+    }
+    catch (e) {
+        if (e instanceof CreekdResourceVersionMismatchError && bypassRv) {
+            // --bypass-rv: auto-refetch current rv and retry exactly
+            // once. A second 412 means concurrent writers; that's a
+            // real conflict and surfaces normally.
+            const envelope = await client.getApp(appId);
+            return await client.rollbackApp(appId, toSeq, {
+                ifMatch: envelope.metadata.resourceVersion,
+            });
+        }
+        if (e instanceof CreekdResourceVersionMismatchError) {
+            const msg = `resource version drifted (sent ${e.attemptedResourceVersion}, current ${e.currentResourceVersion}) — re-run with --bypass-rv to auto-refresh, or refresh the local cache manually`;
+            if (jsonMode) {
+                jsonOutput({
+                    ok: false,
+                    error: "resource_version_mismatch",
+                    message: msg,
+                    attemptedResourceVersion: e.attemptedResourceVersion,
+                    currentResourceVersion: e.currentResourceVersion,
+                }, 1, [
+                    { command: `creek rollback --host ${hostName} --to ${toSeq} --bypass-rv`, description: "Auto-refresh and retry" },
+                ]);
+            }
+            consola.error(msg);
+            process.exit(1);
+        }
+        throw e;
+    }
+}
+/** Resolve creekd app ID — either explicit --project or
+ *  parsed from creek.toml. Returns "" when neither is available. */
+function resolveAppId(projectArg, cwd) {
+    if (projectArg)
+        return projectArg;
+    const configPath = join(cwd, "creek.toml");
+    if (!existsSync(configPath))
+        return "";
+    return parseConfig(readFileSync(configPath, "utf-8")).project.name;
+}
 //# sourceMappingURL=rollback.js.map

package/dist/commands/stop.d.ts

@@ -0,0 +1,26 @@
+export declare const stopCommand: import("citty").CommandDef<{
+    json: {
+        type: "boolean";
+        description: string;
+        default: boolean;
+    };
+    yes: {
+        type: "boolean";
+        description: string;
+        default: boolean;
+    };
+    id: {
+        type: "positional";
+        description: string;
+        required: true;
+    };
+    server: {
+        type: "string";
+        description: string;
+    };
+    token: {
+        type: "string";
+        description: string;
+    };
+}>;
+//# sourceMappingURL=stop.d.ts.map