@tamyla/clodo-framework 3.0.10 → 3.0.12

package/CHANGELOG.md

@@ -1,3 +1,19 @@
+## [3.0.12](https://github.com/tamylaa/clodo-framework/compare/v3.0.11...v3.0.12) (2025-10-14)
+
+
+### Bug Fixes
+
+* Add graceful API token permission handling and validation ([6c973b0](https://github.com/tamylaa/clodo-framework/commit/6c973b077b6e2a80b7a6d93f0b39070925bb89af))
+* Add missing exists() method to WranglerConfigManager class ([44ee17c](https://github.com/tamylaa/clodo-framework/commit/44ee17c8931db085ccef502e7e7ac15209b222a5))
+* Ensure wrangler uses correct account for API token operations ([f671b10](https://github.com/tamylaa/clodo-framework/commit/f671b1004057b94dd8ba55c5c1f3c2d5bca54706))
+
+## [3.0.11](https://github.com/tamylaa/clodo-framework/compare/v3.0.10...v3.0.11) (2025-10-14)
+
+
+### Bug Fixes
+
+* Update all bin/ imports from src/ to dist/ for published package compatibility ([c476528](https://github.com/tamylaa/clodo-framework/commit/c476528b575cf9d6338a967e740252ed4d41f66f))
+
 ## [3.0.10](https://github.com/tamylaa/clodo-framework/compare/v3.0.9...v3.0.10) (2025-10-14)
 
 

package/bin/shared/cloudflare/ops.js

@@ -232,7 +232,7 @@ export async function listDatabases(options = {}) {
   
   // Use API-based operation if credentials provided
   if (apiToken && accountId) {
-    const { CloudflareAPI } = await import('../../../src/utils/cloudflare/api.js');
+    const { CloudflareAPI } = await import('../../../dist/utils/cloudflare/api.js');
     const cf = new CloudflareAPI(apiToken);
     return await cf.listD1Databases(accountId);
   }
@@ -251,7 +251,7 @@ export async function databaseExists(databaseName, options = {}) {
   
   // Use API-based operation if credentials provided
   if (apiToken && accountId) {
-    const { CloudflareAPI } = await import('../../../src/utils/cloudflare/api.js');
+    const { CloudflareAPI } = await import('../../../dist/utils/cloudflare/api.js');
     const cf = new CloudflareAPI(apiToken);
     return await cf.d1DatabaseExists(accountId, databaseName);
   }
@@ -270,7 +270,7 @@ export async function createDatabase(name, options = {}) {
   
   // Use API-based operation if credentials provided
   if (apiToken && accountId) {
-    const { CloudflareAPI } = await import('../../../src/utils/cloudflare/api.js');
+    const { CloudflareAPI } = await import('../../../dist/utils/cloudflare/api.js');
     const cf = new CloudflareAPI(apiToken);
     const result = await cf.createD1Database(accountId, name);
     return result.uuid; // Return UUID to match CLI behavior
@@ -355,7 +355,7 @@ export async function getDatabaseId(databaseName, options = {}) {
   
   // Use API-based operation if credentials provided
   if (apiToken && accountId) {
-    const { CloudflareAPI } = await import('../../../src/utils/cloudflare/api.js');
+    const { CloudflareAPI } = await import('../../../dist/utils/cloudflare/api.js');
     const cf = new CloudflareAPI(apiToken);
     const db = await cf.getD1Database(accountId, databaseName);
     return db?.uuid || null;

package/bin/shared/database/connection-manager.js

@@ -20,7 +20,7 @@ export class DatabaseConnectionManager {
    */
   async initialize() {
     // Import framework config for consistent database connection settings
-    const { frameworkConfig } = await import('../../../src/utils/framework-config.js');
+    const { frameworkConfig } = await import('../../../dist/utils/framework-config.js');
     const timing = frameworkConfig.getTiming();
     const database = frameworkConfig.getDatabaseConfig();
     

package/bin/shared/database/orchestrator.js

@@ -115,7 +115,7 @@ export class DatabaseOrchestrator {
    */
   async initialize() {
     // Import framework config for consistent timing and database settings
-    const { frameworkConfig } = await import('../../../src/utils/framework-config.js');
+    const { frameworkConfig } = await import('../../../dist/utils/framework-config.js');
     const timing = frameworkConfig.getTiming();
     const database = frameworkConfig.getDatabaseConfig();
     

package/bin/shared/deployment/validator.js

@@ -556,7 +556,7 @@ export class DeploymentValidator {
     
     try {
       // Import WranglerDeployer for D1 validation capabilities
-      const { WranglerDeployer } = await import('../../../src/deployment/wrangler-deployer.js');
+      const { WranglerDeployer } = await import('../../../dist/deployment/wrangler-deployer.js');
       
       // Check if this is a framework-level validation (no specific service)
       if (!this.options?.servicePath) {

package/bin/shared/monitoring/health-checker.js

@@ -13,7 +13,7 @@ import http from 'http';
 const execAsync = promisify(exec);
 
 // Load framework configuration
-const { frameworkConfig } = await import('../../../src/utils/framework-config.js');
+const { frameworkConfig } = await import('../../../dist/utils/framework-config.js');
 const timing = frameworkConfig.getTiming();
 
 function makeHttpRequest(url, method = 'GET', timeout = 5000) {

package/bin/shared/security/secret-generator.js

@@ -65,7 +65,7 @@ export class EnhancedSecretManager {
    */
   async initialize() {
     // Import framework config for consistent timing and retry settings
-    const { frameworkConfig } = await import('../../../src/utils/framework-config.js');
+    const { frameworkConfig } = await import('../../../dist/utils/framework-config.js');
     const timing = frameworkConfig.getTiming();
     const security = frameworkConfig.getSecurity();
     const configPaths = frameworkConfig.getPaths();

package/bin/shared/security/secure-token-manager.js

@@ -34,7 +34,7 @@ export class SecureTokenManager {
   async initialize() {
     try {
       // Load framework configuration
-      const { frameworkConfig } = await import('../../../src/utils/framework-config.js');
+      const { frameworkConfig } = await import('../../../dist/utils/framework-config.js');
       this.frameworkConfig = frameworkConfig;
       
       // Update paths with framework config

package/dist/deployment/validator.js

@@ -470,7 +470,7 @@ export class DeploymentValidator {
       // Import WranglerDeployer for D1 validation capabilities
       const {
         WranglerDeployer
-      } = await import('../../../src/deployment/wrangler-deployer.js');
+      } = await import('../../../dist/deployment/wrangler-deployer.js');
 
       // Check if this is a framework-level validation (no specific service)
       if (!this.options?.servicePath) {

package/dist/orchestration/multi-domain-orchestrator.js

@@ -39,6 +39,13 @@ export class MultiDomainOrchestrator {
     this.cloudflareToken = options.cloudflareToken;
     this.cloudflareAccountId = options.cloudflareAccountId;
 
+    // Configure wrangler to use API token when available
+    // This ensures all wrangler operations use the same account as API operations
+    if (this.cloudflareToken) {
+      process.env.CLOUDFLARE_API_TOKEN = this.cloudflareToken;
+      console.log(`🔑 Configured wrangler to use API token authentication`);
+    }
+
     // Initialize modular components
     this.domainResolver = new DomainResolver({
       environment: this.environment,
@@ -74,7 +81,8 @@ export class MultiDomainOrchestrator {
     this.wranglerConfigManager = new WranglerConfigManager({
       projectRoot: this.servicePath,
       dryRun: this.dryRun,
-      verbose: options.verbose || false
+      verbose: options.verbose || false,
+      accountId: this.cloudflareAccountId
     });
 
     // ConfigurationValidator is a static class - don't instantiate
@@ -283,26 +291,60 @@ export class MultiDomainOrchestrator {
       // Use API-based operations if credentials are available
       if (this.cloudflareToken && this.cloudflareAccountId) {
         console.log(`     🔑 Using API token authentication for account: ${this.cloudflareAccountId}`);
-        exists = await databaseExists(databaseName, {
-          apiToken: this.cloudflareToken,
-          accountId: this.cloudflareAccountId
-        });
-        if (exists) {
-          console.log(`   ✅ Database already exists: ${databaseName}`);
-          databaseId = await getDatabaseId(databaseName, {
-            apiToken: this.cloudflareToken,
-            accountId: this.cloudflareAccountId
-          });
-          console.log(`   📊 Existing Database ID: ${databaseId}`);
-        } else {
-          console.log(`     📦 Creating database: ${databaseName}`);
-          databaseId = await createDatabase(databaseName, {
+        try {
+          exists = await databaseExists(databaseName, {
             apiToken: this.cloudflareToken,
             accountId: this.cloudflareAccountId
           });
-          console.log(`   ✅ Database created: ${databaseName}`);
-          console.log(`   📊 Database ID: ${databaseId}`);
-          created = true;
+          if (exists) {
+            console.log(`   ✅ Database already exists: ${databaseName}`);
+            databaseId = await getDatabaseId(databaseName, {
+              apiToken: this.cloudflareToken,
+              accountId: this.cloudflareAccountId
+            });
+            console.log(`   📊 Existing Database ID: ${databaseId}`);
+          } else {
+            console.log(`     📦 Creating database: ${databaseName}`);
+            databaseId = await createDatabase(databaseName, {
+              apiToken: this.cloudflareToken,
+              accountId: this.cloudflareAccountId
+            });
+            console.log(`   ✅ Database created: ${databaseName}`);
+            console.log(`   📊 Database ID: ${databaseId}`);
+            created = true;
+          }
+        } catch (apiError) {
+          // Check if this is an authentication or permission error
+          if (apiError.message.includes('permission denied') || apiError.message.includes('403') || apiError.message.includes('authentication failed') || apiError.message.includes('401')) {
+            if (apiError.message.includes('401')) {
+              console.log(`   ❌ API token authentication failed (invalid/expired token)`);
+              console.log(`   🔗 Check/create token at: https://dash.cloudflare.com/profile/api-tokens`);
+            } else {
+              console.log(`   ⚠️  API token lacks D1 database permissions`);
+              console.log(`   💡 Required permission: 'Cloudflare D1:Edit'`);
+              console.log(`   🔗 Update token at: https://dash.cloudflare.com/profile/api-tokens`);
+            }
+            console.log(`   🔄 Falling back to OAuth authentication...`);
+            console.log(`   ⚠️  WARNING: OAuth uses your personal account, not the API token account!`);
+
+            // Fall back to OAuth-based operations with warning
+            console.log(`     🔐 Using OAuth authentication (wrangler CLI)`);
+            exists = await databaseExists(databaseName);
+            if (exists) {
+              console.log(`   ✅ Database already exists: ${databaseName}`);
+              databaseId = await getDatabaseId(databaseName);
+              console.log(`   📊 Existing Database ID: ${databaseId}`);
+            } else {
+              console.log(`     📦 Creating database: ${databaseName}`);
+              databaseId = await createDatabase(databaseName);
+              console.log(`   ✅ Database created: ${databaseName}`);
+              console.log(`   📊 Database ID: ${databaseId}`);
+              created = true;
+            }
+          } else {
+            // Re-throw non-auth/permission errors
+            throw apiError;
+          }
         }
       } else {
         // Fallback to CLI-based operations (OAuth)
@@ -333,6 +375,11 @@ export class MultiDomainOrchestrator {
       console.log(`   📁 Service path: ${this.servicePath}`);
       console.log(`   📁 Current working directory: ${process.cwd()}`);
       try {
+        // Set account_id if API credentials are available
+        if (this.cloudflareAccountId) {
+          await this.wranglerConfigManager.setAccountId(this.cloudflareAccountId);
+        }
+
         // Ensure environment section exists
         await this.wranglerConfigManager.ensureEnvironment(this.environment);
 

package/dist/service-management/InputCollector.js

@@ -386,8 +386,25 @@ export class InputCollector {
             CloudflareAPI
           } = await import('../utils/cloudflare/api.js');
           const cfApi = new CloudflareAPI(token);
-          const isValid = await cfApi.verifyToken();
-          if (isValid) {
+          const tokenCheck = await cfApi.verifyToken();
+          if (tokenCheck.valid) {
+            // Check D1 permissions
+            const permissionCheck = await cfApi.checkD1Permissions();
+            if (!permissionCheck.hasPermission) {
+              console.log(chalk.yellow(`⚠️  ${permissionCheck.error}`));
+              console.log(chalk.white('   💡 You can update permissions at: https://dash.cloudflare.com/profile/api-tokens'));
+              console.log(chalk.white('   💡 Or continue and the framework will fall back to OAuth authentication'));
+              console.log('');
+              const {
+                askYesNo
+              } = await import('../utils/interactive-prompts.js');
+              const continueAnyway = await askYesNo('Continue with limited API token permissions?', false);
+              if (!continueAnyway) {
+                console.log(chalk.blue('Please update your API token permissions and try again.'));
+                process.exit(0);
+              }
+              console.log(chalk.yellow('⚠️  Proceeding with limited permissions - database operations will use OAuth'));
+            }
             console.log(chalk.green('✓ API token verified successfully'));
             return token;
           }

package/dist/shared/cloudflare/ops.js

@@ -240,7 +240,7 @@ export async function listDatabases(options = {}) {
   if (apiToken && accountId) {
     const {
       CloudflareAPI
-    } = await import('../../../src/utils/cloudflare/api.js');
+    } = await import('../../../dist/utils/cloudflare/api.js');
     const cf = new CloudflareAPI(apiToken);
     return await cf.listD1Databases(accountId);
   }
@@ -265,7 +265,7 @@ export async function databaseExists(databaseName, options = {}) {
   if (apiToken && accountId) {
     const {
       CloudflareAPI
-    } = await import('../../../src/utils/cloudflare/api.js');
+    } = await import('../../../dist/utils/cloudflare/api.js');
     const cf = new CloudflareAPI(apiToken);
     return await cf.d1DatabaseExists(accountId, databaseName);
   }
@@ -288,7 +288,7 @@ export async function createDatabase(name, options = {}) {
   if (apiToken && accountId) {
     const {
       CloudflareAPI
-    } = await import('../../../src/utils/cloudflare/api.js');
+    } = await import('../../../dist/utils/cloudflare/api.js');
     const cf = new CloudflareAPI(apiToken);
     const result = await cf.createD1Database(accountId, name);
     return result.uuid; // Return UUID to match CLI behavior
@@ -403,7 +403,7 @@ export async function getDatabaseId(databaseName, options = {}) {
   if (apiToken && accountId) {
     const {
       CloudflareAPI
-    } = await import('../../../src/utils/cloudflare/api.js');
+    } = await import('../../../dist/utils/cloudflare/api.js');
     const cf = new CloudflareAPI(apiToken);
     const db = await cf.getD1Database(accountId, databaseName);
     return db?.uuid || null;

package/dist/shared/database/connection-manager.js

@@ -21,7 +21,7 @@ export class DatabaseConnectionManager {
     // Import framework config for consistent database connection settings
     const {
       frameworkConfig
-    } = await import('../../../src/utils/framework-config.js');
+    } = await import('../../../dist/utils/framework-config.js');
     const timing = frameworkConfig.getTiming();
     const database = frameworkConfig.getDatabaseConfig();
     this.config = {

package/dist/shared/database/orchestrator.js

@@ -110,7 +110,7 @@ export class DatabaseOrchestrator {
     // Import framework config for consistent timing and database settings
     const {
       frameworkConfig
-    } = await import('../../../src/utils/framework-config.js');
+    } = await import('../../../dist/utils/framework-config.js');
     const timing = frameworkConfig.getTiming();
     const database = frameworkConfig.getDatabaseConfig();
     this.config = {

package/dist/shared/deployment/validator.js

@@ -470,7 +470,7 @@ export class DeploymentValidator {
       // Import WranglerDeployer for D1 validation capabilities
       const {
         WranglerDeployer
-      } = await import('../../../src/deployment/wrangler-deployer.js');
+      } = await import('../../../dist/deployment/wrangler-deployer.js');
 
       // Check if this is a framework-level validation (no specific service)
       if (!this.options?.servicePath) {

package/dist/shared/monitoring/health-checker.js

@@ -14,7 +14,7 @@ const execAsync = promisify(exec);
 // Load framework configuration
 const {
   frameworkConfig
-} = await import('../../../src/utils/framework-config.js');
+} = await import('../../../dist/utils/framework-config.js');
 const timing = frameworkConfig.getTiming();
 function makeHttpRequest(url, method = 'GET', timeout = 5000) {
   return new Promise((resolve, reject) => {

package/dist/shared/security/secret-generator.js

@@ -105,7 +105,7 @@ export class EnhancedSecretManager {
     // Import framework config for consistent timing and retry settings
     const {
       frameworkConfig
-    } = await import('../../../src/utils/framework-config.js');
+    } = await import('../../../dist/utils/framework-config.js');
     const timing = frameworkConfig.getTiming();
     const security = frameworkConfig.getSecurity();
     const configPaths = frameworkConfig.getPaths();

package/dist/shared/security/secure-token-manager.js

@@ -36,7 +36,7 @@ export class SecureTokenManager {
       // Load framework configuration
       const {
         frameworkConfig
-      } = await import('../../../src/utils/framework-config.js');
+      } = await import('../../../dist/utils/framework-config.js');
       this.frameworkConfig = frameworkConfig;
 
       // Update paths with framework config

package/dist/utils/cloudflare/api.js

@@ -34,7 +34,20 @@ export class CloudflareAPI {
     const data = await response.json();
     if (!response.ok) {
       const errorMsg = data.errors?.[0]?.message || 'Unknown error';
-      throw new Error(`Cloudflare API error: ${errorMsg} (${response.status})`);
+      const statusCode = response.status;
+
+      // Provide specific guidance for common authentication/permission errors
+      if (statusCode === 401) {
+        throw new Error(`Cloudflare API authentication failed (401). Your API token may be invalid or expired. Please check your token at https://dash.cloudflare.com/profile/api-tokens`);
+      }
+      if (statusCode === 403) {
+        // Check if this is a D1-related endpoint to provide specific guidance
+        if (endpoint.includes('/d1/')) {
+          throw new Error(`Cloudflare API permission denied (403). Your API token lacks D1 database permissions. Required permissions: 'Cloudflare D1:Edit'. Update your token at https://dash.cloudflare.com/profile/api-tokens`);
+        }
+        throw new Error(`Cloudflare API permission denied (403). Your API token lacks required permissions for this operation. Please check your token permissions at https://dash.cloudflare.com/profile/api-tokens`);
+      }
+      throw new Error(`Cloudflare API error: ${errorMsg} (${statusCode})`);
     }
     if (!data.success) {
       const errorMsg = data.errors?.[0]?.message || 'Request failed';
@@ -65,6 +78,33 @@ export class CloudflareAPI {
     }
   }
 
+  /**
+   * Check if API token has D1 database permissions
+   * @returns {Promise<Object>} Permission check result
+   */
+  async checkD1Permissions() {
+    try {
+      // Try to list D1 databases - this will fail if no D1 permissions
+      // We use a dummy account ID that should fail safely if permissions are missing
+      await this.request('/accounts/dummy/d1/database');
+      return {
+        hasPermission: true
+      };
+    } catch (error) {
+      if (error.message.includes('403') || error.message.includes('permission denied')) {
+        return {
+          hasPermission: false,
+          error: 'API token lacks D1 database permissions. Required: Cloudflare D1:Edit'
+        };
+      }
+      // If it's a different error (like invalid account), assume permissions are OK
+      // The actual permission check happens during real operations
+      return {
+        hasPermission: true
+      };
+    }
+  }
+
   /**
    * List all zones (domains) accessible with this API token
    * @param {Object} options - Query options

package/dist/utils/deployment/wrangler-config-manager.js

@@ -19,11 +19,13 @@ export class WranglerConfigManager {
       this.projectRoot = dirname(options);
       this.dryRun = false;
       this.verbose = false;
+      this.accountId = null;
     } else {
       this.projectRoot = options.projectRoot || process.cwd();
       this.configPath = options.configPath || join(this.projectRoot, 'wrangler.toml');
       this.dryRun = options.dryRun || false;
       this.verbose = options.verbose || false;
+      this.accountId = options.accountId || null;
     }
   }
 
@@ -52,6 +54,19 @@ export class WranglerConfigManager {
     }
   }
 
+  /**
+   * Check if wrangler.toml file exists
+   * @returns {Promise<boolean>} True if file exists, false otherwise
+   */
+  async exists() {
+    try {
+      await access(this.configPath, constants.F_OK);
+      return true;
+    } catch (error) {
+      return false;
+    }
+  }
+
   /**
    * Write configuration back to wrangler.toml
    * @param {Object} config - Configuration object to write
@@ -82,16 +97,26 @@ export class WranglerConfigManager {
   }
 
   /**
-   * Check if wrangler.toml exists
-   * @returns {Promise<boolean>}
+   * Set account_id in wrangler.toml
+   * @param {string} accountId - Cloudflare account ID
+   * @returns {Promise<boolean>} True if account_id was set
    */
-  async exists() {
-    try {
-      await access(this.configPath, constants.F_OK);
-      return true;
-    } catch {
+  async setAccountId(accountId) {
+    if (!accountId) {
       return false;
     }
+    const config = await this.readConfig();
+    if (config.account_id === accountId) {
+      if (this.verbose) {
+        console.log(`   ✓ account_id already set to ${accountId}`);
+      }
+      return false;
+    }
+    console.log(`   📝 Setting account_id to ${accountId} in wrangler.toml`);
+    config.account_id = accountId;
+    await this.writeConfig(config);
+    console.log(`   ✅ account_id updated in wrangler.toml`);
+    return true;
   }
 
   /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tamyla/clodo-framework",
-  "version": "3.0.10",
+  "version": "3.0.12",
   "description": "Reusable framework for Clodo-style software architecture on Cloudflare Workers + D1",
   "type": "module",
   "sideEffects": [