@specific.dev/cli 0.1.68 → 0.1.70

package/dist/cli.js

@@ -183842,6 +183842,18 @@ var RefreshTokenExpiredError = class extends Error {
 
 // src/lib/auth/workos.ts
 var WORKOS_CLIENT_ID = "client_01K4HSP8CE0R73V7Z67WE9CC86";
+function getTokenExpiresAt(accessToken) {
+  try {
+    const payload = accessToken.split(".")[1];
+    const decoded = JSON.parse(Buffer.from(payload, "base64url").toString());
+    if (typeof decoded.exp === "number") {
+      return decoded.exp * 1e3;
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
 async function initiateDeviceAuthorization() {
   const response = await fetch(
     "https://api.workos.com/user_management/authorize/device",
@@ -183906,6 +183918,157 @@ import React from "react";
 import { render, Box, Text } from "ink";
 import Spinner from "ink-spinner";
 
+// src/lib/auth/login-flow.ts
+function runLoginFlow(options2) {
+  const { setState, isReauthentication } = options2;
+  let cancelled = false;
+  async function run() {
+    try {
+      setState({ phase: "initiating" });
+      writeLog("auth", "Starting login flow");
+      if (isReauthentication) {
+        clearUserCredentials();
+      }
+      writeLog("auth", "Initiating device authorization with WorkOS");
+      const deviceAuth = await initiateDeviceAuthorization();
+      writeLog(
+        "auth",
+        `Device authorization received: user_code=${deviceAuth.user_code}`
+      );
+      if (cancelled) return;
+      setState({
+        phase: "waiting-for-browser",
+        userCode: deviceAuth.user_code,
+        verificationUri: deviceAuth.verification_uri_complete
+      });
+      const { default: open3 } = await Promise.resolve().then(() => (init_open(), open_exports));
+      await open3(deviceAuth.verification_uri_complete);
+      const token = await pollUntilToken(deviceAuth, () => cancelled);
+      if (cancelled || !token) return;
+      writeLog("auth", "Fetching user info and saving credentials...");
+      await saveCredentialsFromToken(token);
+      if (cancelled) return;
+      writeLog("auth", "Credentials written successfully");
+      setState({ phase: "success", email: token.user.email });
+      writeLog("auth", "Login flow completed successfully");
+    } catch (err) {
+      if (cancelled) return;
+      const message = err instanceof Error ? err.message : String(err);
+      writeLog("auth", `Login error: ${message}`);
+      setState({ phase: "error", message });
+    }
+  }
+  run();
+  return {
+    cancel: () => {
+      cancelled = true;
+    }
+  };
+}
+async function pollUntilToken(deviceAuth, isCancelled) {
+  let interval = deviceAuth.interval * 1e3;
+  const expiresAt = Date.now() + deviceAuth.expires_in * 1e3;
+  while (!isCancelled() && Date.now() < expiresAt) {
+    await sleep(interval);
+    if (isCancelled()) return null;
+    writeLog(
+      "auth",
+      `Polling for token (timeRemaining=${Math.round((expiresAt - Date.now()) / 1e3)}s)`
+    );
+    const response = await pollForToken(deviceAuth.device_code);
+    writeLog(
+      "auth",
+      `Poll response: ${JSON.stringify(response).substring(0, 200)}`
+    );
+    if (!("error" in response)) {
+      writeLog("auth", "Token received successfully from WorkOS");
+      return response;
+    }
+    if (response.error === "slow_down") {
+      interval += 1e3;
+      writeLog("auth", `Slowing down, new interval: ${interval}ms`);
+    } else if (response.error !== "authorization_pending") {
+      throw new Error(`Authentication failed: ${response.error}`);
+    }
+  }
+  if (!isCancelled()) {
+    throw new Error("Authentication timed out. Please try again.");
+  }
+  return null;
+}
+function sleep(ms) {
+  return new Promise((resolve10) => setTimeout(resolve10, ms));
+}
+
+// src/lib/auth/login.tsx
+function LoginUI({
+  state,
+  isReauthentication
+}) {
+  if (state.phase === "error") {
+    return /* @__PURE__ */ React.createElement(Text, { color: "red" }, "Error: ", state.message);
+  }
+  if (state.phase === "success") {
+    return /* @__PURE__ */ React.createElement(Text, { color: "green" }, isReauthentication ? "Re-authenticated" : "Logged in", " as ", state.email);
+  }
+  return /* @__PURE__ */ React.createElement(Box, { flexDirection: "column", gap: 1 }, isReauthentication && /* @__PURE__ */ React.createElement(Text, { color: "yellow" }, "Session expired. Please log in again."), /* @__PURE__ */ React.createElement(Text, { bold: true }, "Log in to Specific"), state.phase === "waiting-for-browser" ? /* @__PURE__ */ React.createElement(React.Fragment, null, /* @__PURE__ */ React.createElement(Box, { flexDirection: "column" }, /* @__PURE__ */ React.createElement(Text, null, "Your authentication code:", " ", /* @__PURE__ */ React.createElement(Text, { color: "cyan", bold: true }, state.userCode))), /* @__PURE__ */ React.createElement(Box, null, /* @__PURE__ */ React.createElement(Text, { color: "blue" }, /* @__PURE__ */ React.createElement(Spinner, { type: "dots" })), /* @__PURE__ */ React.createElement(Text, null, " Waiting for authentication in browser...")), /* @__PURE__ */ React.createElement(Text, { dimColor: true }, "If the browser didn't open, visit: ", state.verificationUri)) : /* @__PURE__ */ React.createElement(Box, null, /* @__PURE__ */ React.createElement(Text, { color: "blue" }, /* @__PURE__ */ React.createElement(Spinner, { type: "dots" })), /* @__PURE__ */ React.createElement(Text, null, " Initiating login...")));
+}
+function performLogin(options2 = {}) {
+  return new Promise((resolve10) => {
+    let currentState = { phase: "initiating" };
+    let flowHandle;
+    const instance = render(
+      /* @__PURE__ */ React.createElement(
+        LoginUI,
+        {
+          state: currentState,
+          isReauthentication: options2.isReauthentication
+        }
+      )
+    );
+    const cleanup = () => {
+      flowHandle?.cancel();
+      instance.unmount();
+    };
+    const handleExit = () => {
+      cleanup();
+      process.exit(0);
+    };
+    process.on("SIGINT", handleExit);
+    process.on("SIGTERM", handleExit);
+    flowHandle = runLoginFlow({
+      isReauthentication: options2.isReauthentication,
+      setState: (newState) => {
+        currentState = newState;
+        instance.rerender(
+          /* @__PURE__ */ React.createElement(
+            LoginUI,
+            {
+              state: currentState,
+              isReauthentication: options2.isReauthentication
+            }
+          )
+        );
+        if (newState.phase === "success") {
+          setTimeout(() => {
+            process.off("SIGINT", handleExit);
+            process.off("SIGTERM", handleExit);
+            instance.unmount();
+            resolve10({ success: true, userEmail: newState.email });
+          }, 100);
+        } else if (newState.phase === "error") {
+          setTimeout(() => {
+            process.off("SIGINT", handleExit);
+            process.off("SIGTERM", handleExit);
+            instance.unmount();
+            resolve10({ success: false, error: new Error(newState.message) });
+          }, 100);
+        }
+      }
+    });
+  });
+}
+
 // src/lib/api/client.ts
 var ApiClient = class {
   baseUrl;
@@ -184217,166 +184380,6 @@ var ApiClient = class {
   }
 };
 
-// src/lib/auth/login-flow.ts
-function runLoginFlow(options2) {
-  const { setState, isReauthentication } = options2;
-  let cancelled = false;
-  async function run() {
-    try {
-      setState({ phase: "initiating" });
-      writeLog("auth", "Starting login flow");
-      if (isReauthentication) {
-        clearUserCredentials();
-      }
-      writeLog("auth", "Initiating device authorization with WorkOS");
-      const deviceAuth = await initiateDeviceAuthorization();
-      writeLog(
-        "auth",
-        `Device authorization received: user_code=${deviceAuth.user_code}`
-      );
-      if (cancelled) return;
-      setState({
-        phase: "waiting-for-browser",
-        userCode: deviceAuth.user_code,
-        verificationUri: deviceAuth.verification_uri_complete
-      });
-      const { default: open3 } = await Promise.resolve().then(() => (init_open(), open_exports));
-      await open3(deviceAuth.verification_uri_complete);
-      const token = await pollUntilToken(deviceAuth, () => cancelled);
-      if (cancelled || !token) return;
-      writeLog("auth", "Fetching user info from platform API...");
-      const client2 = new ApiClient({ token: token.access_token });
-      const user = await client2.getMe();
-      writeLog("auth", `User info received: id=${user.id}`);
-      if (cancelled) return;
-      writeLog("auth", "Writing credentials to disk...");
-      writeUserCredentials({
-        accessToken: token.access_token,
-        refreshToken: token.refresh_token,
-        expiresAt: Date.now() + token.expires_in * 1e3,
-        userId: user.id
-      });
-      writeLog("auth", "Credentials written successfully");
-      setState({ phase: "success", email: token.user.email });
-      writeLog("auth", "Login flow completed successfully");
-    } catch (err) {
-      if (cancelled) return;
-      const message = err instanceof Error ? err.message : String(err);
-      writeLog("auth", `Login error: ${message}`);
-      setState({ phase: "error", message });
-    }
-  }
-  run();
-  return {
-    cancel: () => {
-      cancelled = true;
-    }
-  };
-}
-async function pollUntilToken(deviceAuth, isCancelled) {
-  let interval = deviceAuth.interval * 1e3;
-  const expiresAt = Date.now() + deviceAuth.expires_in * 1e3;
-  while (!isCancelled() && Date.now() < expiresAt) {
-    await sleep(interval);
-    if (isCancelled()) return null;
-    writeLog(
-      "auth",
-      `Polling for token (timeRemaining=${Math.round((expiresAt - Date.now()) / 1e3)}s)`
-    );
-    const response = await pollForToken(deviceAuth.device_code);
-    writeLog(
-      "auth",
-      `Poll response: ${JSON.stringify(response).substring(0, 200)}`
-    );
-    if (!("error" in response)) {
-      writeLog("auth", "Token received successfully from WorkOS");
-      return response;
-    }
-    if (response.error === "slow_down") {
-      interval += 1e3;
-      writeLog("auth", `Slowing down, new interval: ${interval}ms`);
-    } else if (response.error !== "authorization_pending") {
-      throw new Error(`Authentication failed: ${response.error}`);
-    }
-  }
-  if (!isCancelled()) {
-    throw new Error("Authentication timed out. Please try again.");
-  }
-  return null;
-}
-function sleep(ms) {
-  return new Promise((resolve10) => setTimeout(resolve10, ms));
-}
-
-// src/lib/auth/login.tsx
-function LoginUI({
-  state,
-  isReauthentication
-}) {
-  if (state.phase === "error") {
-    return /* @__PURE__ */ React.createElement(Text, { color: "red" }, "Error: ", state.message);
-  }
-  if (state.phase === "success") {
-    return /* @__PURE__ */ React.createElement(Text, { color: "green" }, isReauthentication ? "Re-authenticated" : "Logged in", " as ", state.email);
-  }
-  return /* @__PURE__ */ React.createElement(Box, { flexDirection: "column", gap: 1 }, isReauthentication && /* @__PURE__ */ React.createElement(Text, { color: "yellow" }, "Session expired. Please log in again."), /* @__PURE__ */ React.createElement(Text, { bold: true }, "Log in to Specific"), state.phase === "waiting-for-browser" ? /* @__PURE__ */ React.createElement(React.Fragment, null, /* @__PURE__ */ React.createElement(Box, { flexDirection: "column" }, /* @__PURE__ */ React.createElement(Text, null, "Your authentication code:", " ", /* @__PURE__ */ React.createElement(Text, { color: "cyan", bold: true }, state.userCode))), /* @__PURE__ */ React.createElement(Box, null, /* @__PURE__ */ React.createElement(Text, { color: "blue" }, /* @__PURE__ */ React.createElement(Spinner, { type: "dots" })), /* @__PURE__ */ React.createElement(Text, null, " Waiting for authentication in browser...")), /* @__PURE__ */ React.createElement(Text, { dimColor: true }, "If the browser didn't open, visit: ", state.verificationUri)) : /* @__PURE__ */ React.createElement(Box, null, /* @__PURE__ */ React.createElement(Text, { color: "blue" }, /* @__PURE__ */ React.createElement(Spinner, { type: "dots" })), /* @__PURE__ */ React.createElement(Text, null, " Initiating login...")));
-}
-function performLogin(options2 = {}) {
-  return new Promise((resolve10) => {
-    let currentState = { phase: "initiating" };
-    let flowHandle;
-    const instance = render(
-      /* @__PURE__ */ React.createElement(
-        LoginUI,
-        {
-          state: currentState,
-          isReauthentication: options2.isReauthentication
-        }
-      )
-    );
-    const cleanup = () => {
-      flowHandle?.cancel();
-      instance.unmount();
-    };
-    const handleExit = () => {
-      cleanup();
-      process.exit(0);
-    };
-    process.on("SIGINT", handleExit);
-    process.on("SIGTERM", handleExit);
-    flowHandle = runLoginFlow({
-      isReauthentication: options2.isReauthentication,
-      setState: (newState) => {
-        currentState = newState;
-        instance.rerender(
-          /* @__PURE__ */ React.createElement(
-            LoginUI,
-            {
-              state: currentState,
-              isReauthentication: options2.isReauthentication
-            }
-          )
-        );
-        if (newState.phase === "success") {
-          setTimeout(() => {
-            process.off("SIGINT", handleExit);
-            process.off("SIGTERM", handleExit);
-            instance.unmount();
-            resolve10({ success: true, userEmail: newState.email });
-          }, 100);
-        } else if (newState.phase === "error") {
-          setTimeout(() => {
-            process.off("SIGINT", handleExit);
-            process.off("SIGTERM", handleExit);
-            instance.unmount();
-            resolve10({ success: false, error: new Error(newState.message) });
-          }, 100);
-        }
-      }
-    });
-  });
-}
-
 // src/lib/auth/credentials.ts
 function getUserCredentialsDir() {
   return path6.join(os5.homedir(), ".specific");
@@ -184419,11 +184422,33 @@ function getUserId() {
   const credentials = readUserCredentials();
   return credentials?.userId ?? null;
 }
+async function saveCredentialsFromToken(token) {
+  const client2 = new ApiClient({ token: token.access_token });
+  const user = await client2.getMe();
+  const expiresAt = getTokenExpiresAt(token.access_token) ?? Date.now() + 3600 * 1e3;
+  writeUserCredentials({
+    accessToken: token.access_token,
+    refreshToken: token.refresh_token,
+    expiresAt,
+    userId: user.id
+  });
+}
 async function getValidAccessToken() {
   const credentials = readUserCredentials();
   if (!credentials) {
     throw new Error("Not logged in. Run 'specific login' first.");
   }
+  if (!credentials.userId) {
+    const result = await performLogin({ isReauthentication: true });
+    if (!result.success) {
+      throw result.error || new Error("Re-authentication failed");
+    }
+    const newCredentials = readUserCredentials();
+    if (!newCredentials) {
+      throw new Error("Failed to read credentials after re-authentication");
+    }
+    return newCredentials.accessToken;
+  }
   const now = Date.now();
   const bufferMs = 5 * 60 * 1e3;
   if (credentials.expiresAt - bufferMs > now) {
@@ -184431,10 +184456,12 @@ async function getValidAccessToken() {
   }
   try {
     const response = await refreshAccessToken(credentials.refreshToken);
+    const expiresAt = getTokenExpiresAt(response.access_token) ?? Date.now() + 3600 * 1e3;
     const updatedCredentials = {
       accessToken: response.access_token,
       refreshToken: response.refresh_token,
-      expiresAt: now + response.expires_in * 1e3
+      expiresAt,
+      userId: credentials.userId
     };
     writeUserCredentials(updatedCredentials);
     return updatedCredentials.accessToken;
@@ -184458,6 +184485,7 @@ async function getValidAccessToken() {
 var POSTHOG_HOST = "https://eu.i.posthog.com";
 var client = null;
 var anonymousId = null;
+var identified = false;
 function isEnabled() {
   return true;
 }
@@ -184491,16 +184519,29 @@ function getClient() {
 function trackEvent(event, properties) {
   const ph = getClient();
   if (!ph) return;
+  const userId = getUserId();
+  if (userId && !identified) {
+    identified = true;
+    ph.identify({
+      distinctId: userId,
+      properties: {
+        anonymous_id: getAnonymousId()
+      }
+    });
+    ph.alias({
+      distinctId: userId,
+      alias: getAnonymousId()
+    });
+  }
   ph.capture({
-    distinctId: getAnonymousId(),
+    distinctId: userId ?? getAnonymousId(),
     event,
     properties: {
       ...properties,
-      cli_version: "0.1.68",
+      cli_version: "0.1.70",
       platform: process.platform,
       node_version: process.version,
-      project_id: getProjectId(),
-      user_id: getUserId() ?? void 0
+      project_id: getProjectId()
     }
   });
 }
@@ -193090,11 +193131,7 @@ function DeployUI({ environment, config, skipBuildTest }) {
             }
           } else {
             const successResponse = response;
-            writeUserCredentials({
-              accessToken: successResponse.access_token,
-              refreshToken: successResponse.refresh_token,
-              expiresAt: Date.now() + successResponse.expires_in * 1e3
-            });
+            await saveCredentialsFromToken(successResponse);
             setState(
               (s) => s.projectId ? { phase: "testing-builds", projectId: s.projectId } : { phase: "loading-projects" }
             );
@@ -194601,8 +194638,8 @@ function compareVersions(a, b) {
   return 0;
 }
 async function checkForUpdate() {
-  const currentVersion = "0.1.68";
-  const response = await fetch(`${BINARIES_BASE_URL}/latest`);
+  const currentVersion = "0.1.70";
+  const response = await fetch(`${BINARIES_BASE_URL}/latest?t=${Date.now()}`);
   if (!response.ok) {
     throw new Error(`Failed to check for updates: HTTP ${response.status}`);
   }
@@ -194739,7 +194776,8 @@ function UpdateUI() {
         if (cancelled) return;
         trackEvent("cli_updated", {
           from_version: state.checkResult.currentVersion,
-          to_version: state.checkResult.latestVersion
+          to_version: state.checkResult.latestVersion,
+          source: "manual"
         });
         writeCheckTimestamp();
         setState((s) => ({ ...s, phase: "success" }));
@@ -194799,7 +194837,7 @@ function updateCommand() {
 var program = new Command();
 var env = "production";
 var envLabel = env !== "production" ? `[${env.toUpperCase()}] ` : "";
-program.name("specific").description(`${envLabel}Infrastructure-as-code for coding agents`).version("0.1.68").enablePositionalOptions();
+program.name("specific").description(`${envLabel}Infrastructure-as-code for coding agents`).version("0.1.70").enablePositionalOptions();
 program.command("init").description("Initialize project for use with a coding agent").option("--agent <name...>", "Agents to configure (cursor, claude, codex, other)").action((options2) => initCommand(options2));
 program.command("docs [topic]").description("Fetch LLM-optimized documentation").action(docsCommand);
 program.command("check").description("Validate specific.hcl configuration").action(checkCommand);

package/dist/docs/index.md

@@ -35,6 +35,7 @@ A full development environment can be started with `specific dev`. To deploy any
 
 The following is a list of common frameworks and libraries with guidance on how to use them with Specific:
 
+- [Python](/integrations/python): Flask, FastAPI, Django, and other Python frameworks
 - [Next.js](/integrations/nextjs): full-stack React framework
 - [Drizzle ORM](/integrations/drizzle): TypeScript ORM with type safety
 - [Prisma](/integrations/prisma): TypeScript ORM with auto-generated client

package/dist/docs/integrations/python.md

@@ -0,0 +1,220 @@
+# Python
+
+Python is supported out of the box with Specific. This guide covers running Python services with virtual environments, module resolution, and common frameworks.
+
+## Basic configuration
+
+Use `base = "python"` for builds. For development, point the dev command at your virtual environment's Python binary:
+
+```hcl
+build "api" {
+  base = "python"
+}
+
+service "api" {
+  build = build.api
+  command = "python app.py"
+
+  endpoint {
+    public = true
+  }
+
+  env = {
+    PORT = port
+    DATABASE_URL = postgres.main.url
+  }
+
+  dev {
+    command = ".venv/bin/python app.py"
+  }
+}
+
+postgres "main" {}
+```
+
+In production, `base = "python"` handles dependency installation automatically (see [Builds](/builds) for details). In development, you manage your own virtual environment.
+
+## Virtual environments
+
+Create a virtual environment in your project before running `specific dev`:
+
+```sh
+python3 -m venv .venv
+.venv/bin/pip install -r requirements.txt
+```
+
+Or with `uv`:
+
+```sh
+uv venv .venv
+uv pip install -r requirements.txt
+```
+
+There are two ways to reference the venv in your dev command:
+
+**Direct path (recommended):**
+
+```hcl
+dev {
+  command = ".venv/bin/python app.py"
+}
+```
+
+**Shell activation:**
+
+```hcl
+dev {
+  command = "source .venv/bin/activate && python app.py"
+}
+```
+
+Both work because service commands run in a shell. The direct path is simpler and avoids potential issues with shell activation scripts.
+
+## Module resolution
+
+Python module imports work naturally because `specific dev` sets the working directory to the service's `root` (or the project root if no `root` is set). Standard imports resolve as expected:
+
+```
+myproject/
+  specific.hcl
+  app.py
+  myapp/
+    __init__.py
+    utils.py
+```
+
+```python
+# app.py
+from myapp.utils import get_greeting  # works
+```
+
+You can also use `python -m` to run modules:
+
+```hcl
+dev {
+  command = ".venv/bin/python -m myapp"
+}
+```
+
+## Monorepo support
+
+For monorepos, use `root` to set the working directory. The venv path is relative to `root`:
+
+```hcl
+build "api" {
+  base = "python"
+  root = "backend"
+}
+
+service "api" {
+  build = build.api
+  command = "python app.py"
+
+  endpoint {
+    public = true
+  }
+
+  env = {
+    PORT = port
+  }
+
+  dev {
+    command = ".venv/bin/python app.py"
+  }
+}
+```
+
+Here `.venv/bin/python` resolves to `backend/.venv/bin/python`.
+
+## Common frameworks
+
+### Flask
+
+```hcl
+build "api" {
+  base = "python"
+}
+
+service "api" {
+  build = build.api
+  command = "flask run --host 0.0.0.0 --port $PORT"
+
+  endpoint {
+    public = true
+  }
+
+  env = {
+    PORT = port
+    FLASK_APP = "app"
+  }
+
+  dev {
+    command = ".venv/bin/flask run --host 0.0.0.0 --port $PORT --reload"
+  }
+}
+```
+
+### FastAPI with uvicorn
+
+```hcl
+build "api" {
+  base = "python"
+}
+
+service "api" {
+  build = build.api
+  command = "uvicorn app:app --host 0.0.0.0 --port $PORT"
+
+  endpoint {
+    public = true
+  }
+
+  env = {
+    PORT = port
+  }
+
+  dev {
+    command = ".venv/bin/uvicorn app:app --host 0.0.0.0 --port $PORT --reload"
+  }
+}
+```
+
+### Django
+
+```hcl
+build "web" {
+  base = "python"
+}
+
+service "web" {
+  build = build.web
+  command = "gunicorn myproject.wsgi --bind 0.0.0.0:$PORT"
+
+  endpoint {
+    public = true
+  }
+
+  env = {
+    PORT = port
+    DATABASE_URL = postgres.main.url
+  }
+
+  pre_deploy {
+    command = "python manage.py migrate"
+  }
+
+  dev {
+    command = ".venv/bin/python manage.py runserver 0.0.0.0:$PORT"
+  }
+}
+
+postgres "main" {}
+```
+
+## Database migrations
+
+Use `pre_deploy` hooks for production migrations and `specific exec` for development:
+
+```sh
+specific exec api -- .venv/bin/python manage.py migrate
+```