@superblocksteam/sdk 2.0.119 → 2.0.120-next.0

package/src/cli-replacement/dev.mts

@@ -26,6 +26,7 @@ import {
   AiServiceFeatureFlags,
   SnapshotManager,
   isSdkApiTemplate,
+  stripResolvedFromLockfile,
 } from "@superblocksteam/vite-plugin-file-sync/ai-service";
 import type { DraftInterface } from "@superblocksteam/vite-plugin-file-sync/draft-interface";
 import { createGitService } from "@superblocksteam/vite-plugin-file-sync/git-service";
@@ -295,7 +296,7 @@ async function installPackages(cwd: string, logger: Logger) {
     logger.info("Package installation completed successfully");
     logger.info(stdout);
   } catch (error) {
-    logger.error(`Error during package installation: ${error}`);
+    logger.error("Error during package installation", getErrorMeta(error));
     throw error;
   }
 }
@@ -351,6 +352,13 @@ export async function dev(options: {
   /** Pre-existing HTTP server from warm standby mode (avoids port gap on transition). */
   existingServer?: HttpServer;
 
+  /**
+   * Wall-clock timestamp (Date.now()) when the warm-standby /_sb_activate
+   * POST was accepted. Forwarded to createDevServer so the warm-activation
+   * handoff histogram can be recorded.
+   */
+  warmActivationStart?: number;
+
   /** Force package installation when the caller has detected dependency drift. */
   forcePackageInstall?: boolean;
 
@@ -383,8 +391,26 @@ export async function dev(options: {
   let snapshotManager: SnapshotManager | undefined;
   let gitUserName: string | undefined;
   let gitUserEmail: string | undefined;
+  // In-flight install handle. We launch the install while the upload/restart
+  // decisions are still being evaluated and join at every gate that depends
+  // on post-install state. See the install block and `joinPackageInstall`.
+  let packageInstallPromise: Promise<void> | undefined;
   const tracer = getTracer();
   const logger = getLogger(options.logger);
+  // Joins the in-flight install at any step that depends on a settled
+  // node_modules / lockfile state. Clears the handle so later joins are
+  // no-ops. The rejection (if any) propagates so the caller's step can
+  // abort cleanly. Defined at outer scope so the post-sync `createDevServer`
+  // gate and the abort handler can call it too.
+  const joinPackageInstall = async (reason: string): Promise<void> => {
+    if (!packageInstallPromise) {
+      return;
+    }
+    logger.info(`Waiting for background package install (${reason})…`);
+    const promise = packageInstallPromise;
+    packageInstallPromise = undefined;
+    await promise;
+  };
   const skipAutoUpgrade = autoUpgradeMode === DevServerAutoUpgradeMode.SKIP;
   const skipCliUpgrade =
     skipAutoUpgrade ||
@@ -804,6 +830,16 @@ export async function dev(options: {
               logger.info("[dev-startup] Skipping download, already in sync");
             }
 
+            // Unconditional lockfile sanitation: strip cross-registry
+            // `resolved` URLs from any lockfile on disk regardless of whether
+            // install runs next. The lockfile here is whatever survived the
+            // DBFS path (downloadFirst overwrite, prior boot, brownfield
+            // import); npm honors `resolved` verbatim and would bypass the
+            // active registry. `integrity` is preserved, so genuine
+            // cross-registry tarball drift surfaces as EINTEGRITY. No-op when
+            // there's no lockfile or no `resolved` entries.
+            await stripResolvedFromLockfile(cwd);
+
             let hasCliUpdated = false;
             let upgradePromises: Promise<void>[] = [];
             const forceUpgrade =
@@ -917,17 +953,42 @@ export async function dev(options: {
               upgradePromises.length > 0 ||
               forcePackageInstall
             ) {
-              logger.info("Installing packages…");
-              await tracer.startActiveSpan("installPackages", async (span) => {
-                try {
-                  // Upgrade global CLI and local packages in parallel - improves performance
-                  await Promise.all([
-                    ...upgradePromises,
-                    installPackages(cwd, logger),
-                  ]);
-                } finally {
-                  span.end();
-                }
+              // Launch the install while the upload/restart decisions below
+              // are still being evaluated. The synchronous joins at upload,
+              // CLI restart, and pre-Vite-startup all observe and surface
+              // any rejection; the `.catch` backstop only fires if every
+              // join was skipped (rare — would mean no upload, no restart,
+              // and a re-throw before reaching createDevServer).
+              logger.info("Starting package install in background…");
+              packageInstallPromise = tracer.startActiveSpan(
+                "installPackages",
+                async (span) => {
+                  try {
+                    // Upgrade global CLI and local packages in parallel - improves performance
+                    await Promise.all([
+                      ...upgradePromises,
+                      installPackages(cwd, logger),
+                    ]);
+                  } finally {
+                    span.end();
+                  }
+                },
+              );
+              // Backstop: assigning `.catch` to a separate (discarded) promise
+              // keeps `packageInstallPromise` itself rejecting, so the joins
+              // can still observe and abort. Without this, an install that
+              // fails before any join fires becomes an unhandled rejection.
+              const installApplicationId = applicationConfig.id;
+              const installUpgradeCount = upgradePromises.length;
+              packageInstallPromise.catch((err) => {
+                logger.error(
+                  // errorId is encoded into the message body because the
+                  // logger.error contract limits structured attributes to
+                  // `{ error: { kind, message, stack } }`. The id stays
+                  // grep-able for Datadog/Sentry alert rules.
+                  `Background package install failed [errorId=DEV_SERVER_BG_INSTALL_FAILED applicationId=${installApplicationId} cwd=${cwd} upgradePromiseCount=${installUpgradeCount}]`,
+                  getErrorMeta(err),
+                );
               });
             } else {
               logger.info(
@@ -938,6 +999,9 @@ export async function dev(options: {
             const shouldUploadPackageState =
               hasPackageChanged || forcePackageInstall;
             if (shouldUploadPackageState || uploadFirst) {
+              // Upload serializes the post-install lockfile + node_modules
+              // tree to DBFS, so it must observe a quiesced install.
+              await joinPackageInstall("before upload");
               logger.info(
                 `Uploading local files to branch '${activeDbfsBranchName}' on server before starting`,
               );
@@ -952,6 +1016,9 @@ export async function dev(options: {
             }
 
             if (hasCliUpdated) {
+              // Exiting mid-install would leave a half-written lockfile that
+              // the next boot would have to recover from.
+              await joinPackageInstall("before CLI restart");
               try {
                 logger.info("Releasing lock before restarting the dev server");
                 await aiService?.removeIntegrationCache();
@@ -967,9 +1034,9 @@ export async function dev(options: {
             }
           });
         } catch (error: any) {
-          const msg = error instanceof Error ? error.message : String(error);
           logger.error(
-            `[dev-server] Startup failed during sync/lock/setup (exiting with code 1): ${msg}`,
+            "[dev-server] Startup failed during sync/lock/setup (exiting with code 1)",
+            getErrorMeta(error),
           );
           try {
             await aiService?.removeIntegrationCache();
@@ -983,6 +1050,15 @@ export async function dev(options: {
         logger.info("Skipping directory sync");
       }
 
+      // Drain the install before Vite starts. Vite's createServer eagerly
+      // scans `node_modules` for `optimizeDeps` pre-bundling; if that scan
+      // observes a mid-install state (npm moves per-package directories via
+      // rename, so a reader can race the rename), the resulting `.vite/deps`
+      // cache embeds partial state that survives across reloads. Awaiting
+      // here costs at most the install's remaining wall time — the upload
+      // and CLI-restart joins above usually drain it first.
+      await joinPackageInstall("before Vite startup");
+
       const activateRuntimeGitService = async (): Promise<
         GitService | undefined
       > => {
@@ -1098,6 +1174,7 @@ export async function dev(options: {
             sdk,
             superblocksBaseUrl: tokenConfig.superblocksBaseUrl,
             existingServer: options.existingServer,
+            warmActivationStart: options.warmActivationStart,
             // TODO: Remove this cast — build the options object to match
             // CreateDevServerOptions directly so new required fields cause a
             // compile error instead of silently passing undefined.
@@ -1117,6 +1194,19 @@ export async function dev(options: {
             logger.warn(`Error stopping auth hot-reload server: ${error}`);
           });
         }
+        // Drain any straggler install before tear-down. By this point the
+        // pre-Vite join has already run on the success path, so usually
+        // `packageInstallPromise` is undefined and this is a no-op; if abort
+        // races createDevServer (or fires during the inner sync block on
+        // some error path), draining here keeps the spawned npm child from
+        // being SIGKILL'd mid-rename. Errors only get logged — we are tearing
+        // down anyway.
+        joinPackageInstall("during abort").catch((error: unknown) => {
+          logger.warn(
+            "Error draining background install during abort",
+            getErrorMeta(error),
+          );
+        });
         // Clean up AI service cache (must happen before app switches directories)
         aiService?.removeIntegrationCache().catch((error: any) => {
           logger.warn(`Error removing integration cache: ${error}`);

package/src/client.ts

@@ -2796,21 +2796,71 @@ export interface UsageRecordRow {
   source: string;
 }
 
+export interface UserCreditLimit {
+  amountLimitCents: number | null;
+  creditLimit: number | null;
+  id: string;
+  orgId: string;
+  updatedAt: string;
+  updatedBy: string | null;
+  userId: string | null;
+}
+
+export type OrgCreditLimit = Omit<UserCreditLimit, "userId">;
+
+export interface BillingUsageLimitsResponse {
+  limits: UserCreditLimit[];
+  orgLimit: OrgCreditLimit | null;
+}
+
+type BillingUsageLimitValue =
+  | {
+      amountLimitCents: number;
+      creditLimit?: never;
+    }
+  | {
+      amountLimitCents?: never;
+      creditLimit: number;
+    };
+
+export type UpdateUserBillingUsageLimitRequest = BillingUsageLimitValue & {
+  userId: string | null;
+};
+
+export type UpdateOrgBillingUsageLimitRequest = BillingUsageLimitValue;
+
 export interface PlanSummary {
   billingInterval: "annual" | "monthly";
+  builderSeatsAssigned?: number;
+  builderSeatsTotal?: number;
+  contractEnd?: string | null;
+  contractStart?: string | null;
+  contractType?: string | null;
   currentPlanCredits: number;
   currentUsageCredits: number;
   cycleStart: string | null;
   cycleEnd: string | null;
   creditsPerSeat: number | null;
-  pricePerSeatAnnual: number | null;
-  pricePerSeatMonthly: number | null;
-  deployedAppsUsed: number;
-  deployedAppsLimit: number;
-  deployedAppsIncluded: number;
   deployedAppsAdditional: number;
-  deployedAppPriceMonthly: number | null;
   deployedAppPriceAnnual: number | null;
+  deployedAppPriceMonthly: number | null;
+  deployedAppsIncluded: number;
+  deployedAppsLimit: number;
+  deployedAppsUsed: number;
+  deployedAppCostCents?: number | null;
+  dollarCommitAmountCents?: number | null;
+  dollarCommitUsedCents?: number | null;
+  overageAppsEnabled?: boolean;
+  overageCreditsEnabled?: boolean;
+  overageSeatsEnabled?: boolean;
+  pricePerSeatAnnual: number | null;
+  pricePerSeatMonthly: number | null;
+  seatsUnlimited?: boolean;
+  subscriptionStatus: string | null;
+  topupCreditsPurchased: number;
+  topupCreditsUsed: number;
+  usageResetPeriodLimit: number;
+  usageResetPeriodType: "annual" | "contract_term" | "monthly";
 }
 
 export async function fetchBillingUsageDaily({
@@ -2945,6 +2995,139 @@ export async function fetchBillingPlanSummary({
   }
 }
 
+export async function fetchBillingUsageLimits({
+  cliVersion,
+  token,
+  superblocksBaseUrl,
+}: {
+  cliVersion: string;
+  token: string;
+  superblocksBaseUrl: string;
+}): Promise<BillingUsageLimitsResponse> {
+  try {
+    const url = new URL(
+      `${BASE_SERVER_API_URL_V1}/billing/user-credit-limits`,
+      superblocksBaseUrl,
+    );
+
+    const config: AxiosRequestConfig = {
+      method: "get",
+      url: url.toString(),
+      headers: {
+        Authorization: "Bearer " + token,
+        [CLI_VERSION_HEADER]: cliVersion,
+      },
+    };
+    const response = await axios(config);
+    return response.data.data as BillingUsageLimitsResponse;
+  } catch (e: any) {
+    let message: string;
+    if (e instanceof AxiosError) {
+      message =
+        (e.response?.data?.responseMeta?.message as string) ??
+        JSON.stringify(e.response?.data) ??
+        e.response?.statusText ??
+        e?.message;
+    } else {
+      message = `${e?.message ? e?.message : e}`;
+    }
+    throw new Error(`Could not fetch billing usage limits: ${message}`);
+  }
+}
+
+export async function updateUserBillingUsageLimit({
+  amountLimitCents,
+  cliVersion,
+  creditLimit,
+  token,
+  superblocksBaseUrl,
+  userId,
+}: UpdateUserBillingUsageLimitRequest & {
+  cliVersion: string;
+  token: string;
+  superblocksBaseUrl: string;
+}): Promise<{ success: boolean }> {
+  try {
+    const url = new URL(
+      `${BASE_SERVER_API_URL_V1}/billing/user-credit-limits`,
+      superblocksBaseUrl,
+    );
+
+    const config: AxiosRequestConfig = {
+      method: "put",
+      url: url.toString(),
+      headers: {
+        Authorization: "Bearer " + token,
+        [CLI_VERSION_HEADER]: cliVersion,
+      },
+      data: {
+        userId,
+        ...(amountLimitCents !== undefined
+          ? { amountLimitCents }
+          : { creditLimit }),
+      },
+    };
+    const response = await axios(config);
+    return response.data.data as { success: boolean };
+  } catch (e: any) {
+    let message: string;
+    if (e instanceof AxiosError) {
+      message =
+        (e.response?.data?.responseMeta?.message as string) ??
+        JSON.stringify(e.response?.data) ??
+        e.response?.statusText ??
+        e?.message;
+    } else {
+      message = `${e?.message ? e?.message : e}`;
+    }
+    throw new Error(`Could not update user billing usage limit: ${message}`);
+  }
+}
+
+export async function updateOrgBillingUsageLimit({
+  amountLimitCents,
+  cliVersion,
+  creditLimit,
+  token,
+  superblocksBaseUrl,
+}: UpdateOrgBillingUsageLimitRequest & {
+  cliVersion: string;
+  token: string;
+  superblocksBaseUrl: string;
+}): Promise<{ success: boolean }> {
+  try {
+    const url = new URL(
+      `${BASE_SERVER_API_URL_V1}/billing/user-credit-limits/org`,
+      superblocksBaseUrl,
+    );
+
+    const config: AxiosRequestConfig = {
+      method: "put",
+      url: url.toString(),
+      headers: {
+        Authorization: "Bearer " + token,
+        [CLI_VERSION_HEADER]: cliVersion,
+      },
+      data:
+        amountLimitCents !== undefined ? { amountLimitCents } : { creditLimit },
+    };
+    const response = await axios(config);
+    return response.data.data as { success: boolean };
+  } catch (e: any) {
+    let message: string;
+    if (e instanceof AxiosError) {
+      message =
+        (e.response?.data?.responseMeta?.message as string) ??
+        JSON.stringify(e.response?.data) ??
+        e.response?.statusText ??
+        e?.message;
+    } else {
+      message = `${e?.message ? e?.message : e}`;
+    }
+    throw new Error(`Could not update org billing usage limit: ${message}`);
+  }
+}
+
 // ---------------------------------------------------------------------------
 // Knowledge (Facts)
 // ---------------------------------------------------------------------------

package/src/dev-utils/dedupe-async.test.ts

@@ -0,0 +1,151 @@
+// Regression tests for the in-flight dedupe used by the dev-server graceful
+// shutdown path (hq-o55a). The bug being guarded against: multiple signals
+// (SIGINT, SIGTERM, SIGABRT, uncaughtException) fire in rapid succession during
+// shutdown and each handler re-runs cleanup against already-freed native state,
+// surfacing as `double free or corruption (fasttop)` from glibc.
+
+import { describe, expect, it, vi } from "vitest";
+
+import { dedupeAsync } from "./dedupe-async.js";
+
+describe("dedupeAsync", () => {
+  it("invokes the wrapped function exactly once across concurrent calls", async () => {
+    const inner = vi.fn(async () => "ok");
+    const wrapped = dedupeAsync(inner);
+
+    const results = await Promise.all([
+      wrapped(),
+      wrapped(),
+      wrapped(),
+      wrapped(),
+    ]);
+
+    expect(inner).toHaveBeenCalledTimes(1);
+    expect(results).toEqual(["ok", "ok", "ok", "ok"]);
+  });
+
+  it("returns the same promise instance to all concurrent callers", () => {
+    const inner = vi.fn(async () => 42);
+    const wrapped = dedupeAsync(inner);
+
+    const p1 = wrapped();
+    const p2 = wrapped();
+
+    expect(p1).toBe(p2);
+  });
+
+  it("invokes onDuplicate for each call after the first", async () => {
+    let resolveInner: (v: string) => void = () => {};
+    const inner = vi.fn(
+      () =>
+        new Promise<string>((resolve) => {
+          resolveInner = resolve;
+        }),
+    );
+    const onDuplicate = vi.fn();
+    const wrapped = dedupeAsync(inner, { onDuplicate });
+
+    const p1 = wrapped();
+    wrapped();
+    wrapped();
+    wrapped();
+
+    expect(onDuplicate).toHaveBeenCalledTimes(3);
+    expect(inner).toHaveBeenCalledTimes(1);
+
+    resolveInner("done");
+    await expect(p1).resolves.toBe("done");
+  });
+
+  it("retains the cached promise after the inner call settles — post-settle callers get the same outcome", async () => {
+    const inner = vi.fn(async () => "shutdown-complete");
+    const wrapped = dedupeAsync(inner);
+
+    await expect(wrapped()).resolves.toBe("shutdown-complete");
+    // Second invocation AFTER the first settled — must NOT re-trigger.
+    await expect(wrapped()).resolves.toBe("shutdown-complete");
+    expect(inner).toHaveBeenCalledTimes(1);
+  });
+
+  it("propagates rejection to all callers without re-running the inner function", async () => {
+    const inner = vi.fn(async () => {
+      throw new Error("boom");
+    });
+    const wrapped = dedupeAsync(inner);
+
+    const p1 = wrapped();
+    const p2 = wrapped();
+    const p3 = wrapped();
+
+    await expect(p1).rejects.toThrow(/boom/);
+    await expect(p2).rejects.toThrow(/boom/);
+    await expect(p3).rejects.toThrow(/boom/);
+    expect(inner).toHaveBeenCalledTimes(1);
+  });
+
+  it("retains the cached rejection after the inner call settles — post-settle callers get the same rejection without re-run", async () => {
+    // Guards against a future change that resets `inFlight = null` on
+    // rejection (a plausible "retry on failure" tweak). The shutdown
+    // contract is that BOTH outcomes are sticky — resolve and reject —
+    // because re-entering cleanup after a failed first attempt is what
+    // caused the original double-free. A passing test for the resolve path
+    // alone would let that regression slip through.
+    const inner = vi.fn(async () => {
+      throw new Error("boom");
+    });
+    const wrapped = dedupeAsync(inner);
+
+    await expect(wrapped()).rejects.toThrow(/boom/);
+    // Second invocation AFTER the first rejection settled — must NOT
+    // re-trigger and must surface the same rejection.
+    await expect(wrapped()).rejects.toThrow(/boom/);
+    expect(inner).toHaveBeenCalledTimes(1);
+  });
+
+  it("forwards args to the inner function on the first call only", async () => {
+    const inner = vi.fn(async (a: number, b: string) => `${a}-${b}`);
+    const wrapped = dedupeAsync(inner);
+
+    const p1 = wrapped(1, "first");
+    // Second call passes different args, but is short-circuited — inner
+    // should NOT be invoked again. The dedupe is intentionally
+    // input-agnostic: shutdown semantics don't depend on the second
+    // signal's arguments.
+    const p2 = wrapped(2, "second");
+
+    await expect(p1).resolves.toBe("1-first");
+    await expect(p2).resolves.toBe("1-first");
+    expect(inner).toHaveBeenCalledTimes(1);
+    expect(inner).toHaveBeenCalledWith(1, "first");
+  });
+
+  it("passes the duplicate caller's args to onDuplicate (for source-tagged logging)", async () => {
+    // The dev-server graceful shutdown threads a `source` field through
+    // (signal name, "uncaughtException", "/_sb_disconnect") so the
+    // duplicate-suppression log can tell apart "4 OS signals fired" from
+    // "1 signal fired and cleanup panicked 3 times". The dedupe must
+    // forward each duplicate's own args, not the first caller's.
+    let resolveInner: () => void = () => {};
+    const inner = vi.fn(
+      (arg: { source: string }): Promise<{ source: string }> =>
+        new Promise((resolve) => {
+          resolveInner = () => resolve(arg);
+        }),
+    );
+    const onDuplicate = vi.fn();
+    const wrapped = dedupeAsync(inner, { onDuplicate });
+
+    const p1 = wrapped({ source: "SIGTERM" });
+    wrapped({ source: "SIGINT" });
+    wrapped({ source: "SIGABRT" });
+
+    expect(onDuplicate).toHaveBeenCalledTimes(2);
+    expect(onDuplicate).toHaveBeenNthCalledWith(1, { source: "SIGINT" });
+    expect(onDuplicate).toHaveBeenNthCalledWith(2, { source: "SIGABRT" });
+    expect(inner).toHaveBeenCalledTimes(1);
+    expect(inner).toHaveBeenCalledWith({ source: "SIGTERM" });
+
+    resolveInner();
+    await p1;
+  });
+});

package/src/dev-utils/dedupe-async.ts

@@ -0,0 +1,45 @@
+// In-flight call deduper. Wraps an async function so that concurrent invocations
+// share the same promise — subsequent callers get the original in-flight result
+// instead of triggering another execution.
+//
+// After the wrapped function settles (resolves OR rejects) the cached promise is
+// retained so all post-settle callers receive the same outcome. There is no
+// reset path: callers that want to "run again later" should use a fresh
+// `dedupeAsync` instance.
+//
+// Used by the dev-server graceful shutdown path (hq-o55a). Multiple signals
+// (SIGINT, SIGTERM, SIGABRT, uncaughtException) can fire in rapid succession
+// during shutdown. Without a dedupe, every handler re-runs lockService /
+// vite / httpServer cleanup against already-freed native state, which surfaces
+// as `double free or corruption (fasttop)` from glibc and SIGABRT killing the
+// process before it can exit cleanly.
+
+export interface DedupeAsyncOptions<TArgs extends unknown[]> {
+  /**
+   * Optional callback invoked when a duplicate call is detected. The first
+   * caller's invocation runs normally; this fires for the 2nd, 3rd, …
+   * Useful for logging "shutdown already in progress; ignoring duplicate
+   * signal".
+   *
+   * Receives the *duplicate* call's args (not the first call's). The first
+   * call's args are what the wrapped function actually ran with — duplicates
+   * are intentionally short-circuited and their args are dropped from
+   * execution but surfaced here for logging.
+   */
+  onDuplicate?: (...args: TArgs) => void;
+}
+
+export function dedupeAsync<TArgs extends unknown[], TResult>(
+  fn: (...args: TArgs) => Promise<TResult>,
+  options: DedupeAsyncOptions<TArgs> = {},
+): (...args: TArgs) => Promise<TResult> {
+  let inFlight: Promise<TResult> | null = null;
+  return (...args: TArgs) => {
+    if (inFlight) {
+      options.onDuplicate?.(...args);
+      return inFlight;
+    }
+    inFlight = fn(...args);
+    return inFlight;
+  };
+}