npm - @tamyla/clodo-framework - Versions diffs - 3.0.11 → 3.0.12 - Mend

@tamyla/clodo-framework 3.0.11 → 3.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md +9 -0
package/dist/orchestration/multi-domain-orchestrator.js +65 -18
package/dist/service-management/InputCollector.js +19 -2
package/dist/utils/cloudflare/api.js +41 -1
package/dist/utils/deployment/wrangler-config-manager.js +32 -7
package/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,12 @@
+## [3.0.12](https://github.com/tamylaa/clodo-framework/compare/v3.0.11...v3.0.12) (2025-10-14)
+### Bug Fixes
+* Add graceful API token permission handling and validation ([6c973b0](https://github.com/tamylaa/clodo-framework/commit/6c973b077b6e2a80b7a6d93f0b39070925bb89af))
+* Add missing exists() method to WranglerConfigManager class ([44ee17c](https://github.com/tamylaa/clodo-framework/commit/44ee17c8931db085ccef502e7e7ac15209b222a5))
+* Ensure wrangler uses correct account for API token operations ([f671b10](https://github.com/tamylaa/clodo-framework/commit/f671b1004057b94dd8ba55c5c1f3c2d5bca54706))
 ## [3.0.11](https://github.com/tamylaa/clodo-framework/compare/v3.0.10...v3.0.11) (2025-10-14)

package/dist/orchestration/multi-domain-orchestrator.js CHANGED Viewed

@@ -39,6 +39,13 @@ export class MultiDomainOrchestrator {
     this.cloudflareToken = options.cloudflareToken;
     this.cloudflareAccountId = options.cloudflareAccountId;
+    // Configure wrangler to use API token when available
+    // This ensures all wrangler operations use the same account as API operations
+    if (this.cloudflareToken) {
+      process.env.CLOUDFLARE_API_TOKEN = this.cloudflareToken;
+      console.log(`🔑 Configured wrangler to use API token authentication`);
+    }
     // Initialize modular components
     this.domainResolver = new DomainResolver({
       environment: this.environment,
@@ -74,7 +81,8 @@ export class MultiDomainOrchestrator {
     this.wranglerConfigManager = new WranglerConfigManager({
       projectRoot: this.servicePath,
       dryRun: this.dryRun,
-      verbose: options.verbose || false
+      verbose: options.verbose || false,
+      accountId: this.cloudflareAccountId
     });
     // ConfigurationValidator is a static class - don't instantiate
@@ -283,26 +291,60 @@ export class MultiDomainOrchestrator {
       // Use API-based operations if credentials are available
       if (this.cloudflareToken && this.cloudflareAccountId) {
         console.log(`     🔑 Using API token authentication for account: ${this.cloudflareAccountId}`);
-        exists = await databaseExists(databaseName, {
-          apiToken: this.cloudflareToken,
-          accountId: this.cloudflareAccountId
-        });
-        if (exists) {
-          console.log(`   ✅ Database already exists: ${databaseName}`);
-          databaseId = await getDatabaseId(databaseName, {
-            apiToken: this.cloudflareToken,
-            accountId: this.cloudflareAccountId
-          });
-          console.log(`   📊 Existing Database ID: ${databaseId}`);
-        } else {
-          console.log(`     📦 Creating database: ${databaseName}`);
-          databaseId = await createDatabase(databaseName, {
+        try {
+          exists = await databaseExists(databaseName, {
             apiToken: this.cloudflareToken,
             accountId: this.cloudflareAccountId
           });
-          console.log(`   ✅ Database created: ${databaseName}`);
-          console.log(`   📊 Database ID: ${databaseId}`);
-          created = true;
+          if (exists) {
+            console.log(`   ✅ Database already exists: ${databaseName}`);
+            databaseId = await getDatabaseId(databaseName, {
+              apiToken: this.cloudflareToken,
+              accountId: this.cloudflareAccountId
+            });
+            console.log(`   📊 Existing Database ID: ${databaseId}`);
+          } else {
+            console.log(`     📦 Creating database: ${databaseName}`);
+            databaseId = await createDatabase(databaseName, {
+              apiToken: this.cloudflareToken,
+              accountId: this.cloudflareAccountId
+            });
+            console.log(`   ✅ Database created: ${databaseName}`);
+            console.log(`   📊 Database ID: ${databaseId}`);
+            created = true;
+          }
+        } catch (apiError) {
+          // Check if this is an authentication or permission error
+          if (apiError.message.includes('permission denied') || apiError.message.includes('403') || apiError.message.includes('authentication failed') || apiError.message.includes('401')) {
+            if (apiError.message.includes('401')) {
+              console.log(`   ❌ API token authentication failed (invalid/expired token)`);
+              console.log(`   🔗 Check/create token at: https://dash.cloudflare.com/profile/api-tokens`);
+            } else {
+              console.log(`   ⚠️  API token lacks D1 database permissions`);
+              console.log(`   💡 Required permission: 'Cloudflare D1:Edit'`);
+              console.log(`   🔗 Update token at: https://dash.cloudflare.com/profile/api-tokens`);
+            }
+            console.log(`   🔄 Falling back to OAuth authentication...`);
+            console.log(`   ⚠️  WARNING: OAuth uses your personal account, not the API token account!`);
+            // Fall back to OAuth-based operations with warning
+            console.log(`     🔐 Using OAuth authentication (wrangler CLI)`);
+            exists = await databaseExists(databaseName);
+            if (exists) {
+              console.log(`   ✅ Database already exists: ${databaseName}`);
+              databaseId = await getDatabaseId(databaseName);
+              console.log(`   📊 Existing Database ID: ${databaseId}`);
+            } else {
+              console.log(`     📦 Creating database: ${databaseName}`);
+              databaseId = await createDatabase(databaseName);
+              console.log(`   ✅ Database created: ${databaseName}`);
+              console.log(`   📊 Database ID: ${databaseId}`);
+              created = true;
+            }
+          } else {
+            // Re-throw non-auth/permission errors
+            throw apiError;
+          }
         }
       } else {
         // Fallback to CLI-based operations (OAuth)
@@ -333,6 +375,11 @@ export class MultiDomainOrchestrator {
       console.log(`   📁 Service path: ${this.servicePath}`);
       console.log(`   📁 Current working directory: ${process.cwd()}`);
       try {
+        // Set account_id if API credentials are available
+        if (this.cloudflareAccountId) {
+          await this.wranglerConfigManager.setAccountId(this.cloudflareAccountId);
+        }
         // Ensure environment section exists
         await this.wranglerConfigManager.ensureEnvironment(this.environment);

package/dist/service-management/InputCollector.js CHANGED Viewed

@@ -386,8 +386,25 @@ export class InputCollector {
             CloudflareAPI
           } = await import('../utils/cloudflare/api.js');
           const cfApi = new CloudflareAPI(token);
-          const isValid = await cfApi.verifyToken();
-          if (isValid) {
+          const tokenCheck = await cfApi.verifyToken();
+          if (tokenCheck.valid) {
+            // Check D1 permissions
+            const permissionCheck = await cfApi.checkD1Permissions();
+            if (!permissionCheck.hasPermission) {
+              console.log(chalk.yellow(`⚠️  ${permissionCheck.error}`));
+              console.log(chalk.white('   💡 You can update permissions at: https://dash.cloudflare.com/profile/api-tokens'));
+              console.log(chalk.white('   💡 Or continue and the framework will fall back to OAuth authentication'));
+              console.log('');
+              const {
+                askYesNo
+              } = await import('../utils/interactive-prompts.js');
+              const continueAnyway = await askYesNo('Continue with limited API token permissions?', false);
+              if (!continueAnyway) {
+                console.log(chalk.blue('Please update your API token permissions and try again.'));
+                process.exit(0);
+              }
+              console.log(chalk.yellow('⚠️  Proceeding with limited permissions - database operations will use OAuth'));
+            }
             console.log(chalk.green('✓ API token verified successfully'));
             return token;
           }

package/dist/utils/cloudflare/api.js CHANGED Viewed

@@ -34,7 +34,20 @@ export class CloudflareAPI {
     const data = await response.json();
     if (!response.ok) {
       const errorMsg = data.errors?.[0]?.message || 'Unknown error';
-      throw new Error(`Cloudflare API error: ${errorMsg} (${response.status})`);
+      const statusCode = response.status;
+      // Provide specific guidance for common authentication/permission errors
+      if (statusCode === 401) {
+        throw new Error(`Cloudflare API authentication failed (401). Your API token may be invalid or expired. Please check your token at https://dash.cloudflare.com/profile/api-tokens`);
+      }
+      if (statusCode === 403) {
+        // Check if this is a D1-related endpoint to provide specific guidance
+        if (endpoint.includes('/d1/')) {
+          throw new Error(`Cloudflare API permission denied (403). Your API token lacks D1 database permissions. Required permissions: 'Cloudflare D1:Edit'. Update your token at https://dash.cloudflare.com/profile/api-tokens`);
+        }
+        throw new Error(`Cloudflare API permission denied (403). Your API token lacks required permissions for this operation. Please check your token permissions at https://dash.cloudflare.com/profile/api-tokens`);
+      }
+      throw new Error(`Cloudflare API error: ${errorMsg} (${statusCode})`);
     }
     if (!data.success) {
       const errorMsg = data.errors?.[0]?.message || 'Request failed';
@@ -65,6 +78,33 @@ export class CloudflareAPI {
     }
   }
+  /**
+   * Check if API token has D1 database permissions
+   * @returns {Promise<Object>} Permission check result
+   */
+  async checkD1Permissions() {
+    try {
+      // Try to list D1 databases - this will fail if no D1 permissions
+      // We use a dummy account ID that should fail safely if permissions are missing
+      await this.request('/accounts/dummy/d1/database');
+      return {
+        hasPermission: true
+      };
+    } catch (error) {
+      if (error.message.includes('403') || error.message.includes('permission denied')) {
+        return {
+          hasPermission: false,
+          error: 'API token lacks D1 database permissions. Required: Cloudflare D1:Edit'
+        };
+      }
+      // If it's a different error (like invalid account), assume permissions are OK
+      // The actual permission check happens during real operations
+      return {
+        hasPermission: true
+      };
+    }
+  }
   /**
    * List all zones (domains) accessible with this API token
    * @param {Object} options - Query options

package/dist/utils/deployment/wrangler-config-manager.js CHANGED Viewed

@@ -19,11 +19,13 @@ export class WranglerConfigManager {
       this.projectRoot = dirname(options);
       this.dryRun = false;
       this.verbose = false;
+      this.accountId = null;
     } else {
       this.projectRoot = options.projectRoot || process.cwd();
       this.configPath = options.configPath || join(this.projectRoot, 'wrangler.toml');
       this.dryRun = options.dryRun || false;
       this.verbose = options.verbose || false;
+      this.accountId = options.accountId || null;
     }
   }
@@ -52,6 +54,19 @@ export class WranglerConfigManager {
     }
   }
+  /**
+   * Check if wrangler.toml file exists
+   * @returns {Promise<boolean>} True if file exists, false otherwise
+   */
+  async exists() {
+    try {
+      await access(this.configPath, constants.F_OK);
+      return true;
+    } catch (error) {
+      return false;
+    }
+  }
   /**
    * Write configuration back to wrangler.toml
    * @param {Object} config - Configuration object to write
@@ -82,16 +97,26 @@ export class WranglerConfigManager {
   }
   /**
-   * Check if wrangler.toml exists
-   * @returns {Promise<boolean>}
+   * Set account_id in wrangler.toml
+   * @param {string} accountId - Cloudflare account ID
+   * @returns {Promise<boolean>} True if account_id was set
    */
-  async exists() {
-    try {
-      await access(this.configPath, constants.F_OK);
-      return true;
-    } catch {
+  async setAccountId(accountId) {
+    if (!accountId) {
       return false;
     }
+    const config = await this.readConfig();
+    if (config.account_id === accountId) {
+      if (this.verbose) {
+        console.log(`   ✓ account_id already set to ${accountId}`);
+      }
+      return false;
+    }
+    console.log(`   📝 Setting account_id to ${accountId} in wrangler.toml`);
+    config.account_id = accountId;
+    await this.writeConfig(config);
+    console.log(`   ✅ account_id updated in wrangler.toml`);
+    return true;
   }
   /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@tamyla/clodo-framework",
-  "version": "3.0.11",
+  "version": "3.0.12",
   "description": "Reusable framework for Clodo-style software architecture on Cloudflare Workers + D1",
   "type": "module",
   "sideEffects": [