@tarout/cli 0.10.1 → 0.11.0

package/dist/index.js

@@ -62,7 +62,7 @@ import { Command } from "commander";
 // package.json
 var package_default = {
   name: "@tarout/cli",
-  version: "0.10.1",
+  version: "0.11.0",
   description: "Tarout CLI \u2014 the Saudi cloud platform for coding agents",
   type: "module",
   bin: {
@@ -753,8 +753,12 @@ don't hand-edit infrastructure.
 - **Run locally** with cloud env vars: \`tarout dev\`.
 - **Full agent guide:** https://tarout.sa/docs/for-ai/onboarding
 
-Run Tarout commands with \`--json\` for machine-readable output. On a \`NEEDS_UPGRADE\`
-error, surface it to the user and follow the upgrade flow instead of auto-retrying.
+Run Tarout commands with \`--json\` for machine-readable output. New apps and
+databases automatically use your org's **subscribed tier** \u2014 don't pass
+\`--plan free\` / \`--database-plan free\`. \`tarout login\` opens the browser for you;
+the user just signs in. A \`NEEDS_UPGRADE\` error means the org is out of slots for
+its tier: surface the two options (buy the add-on vs upgrade the plan) and let the
+user pick \u2014 the chosen command opens the payment page and waits until it's confirmed.
 Ask before destructive actions (delete, rollback, revealing secrets).
 ${BLOCK_END}`;
 function markdownTargetFor(agent) {
@@ -3274,21 +3278,24 @@ function shouldAutoConfirmPaidCheckout(amountDueHalalas) {
 }
 
 // src/commands/auth.ts
-function refuseBrowserAuthForAgent(action) {
-  const message = `tarout ${action} requires a browser. Agents should ask the user to run \`tarout token <api-token>\` or set TAROUT_TOKEN \u2014 generate one at https://tarout.sa/dashboard/settings/profile.`;
+function announceAuthUrl(authUrl, callbackPort, launched) {
   if (isJsonMode()) {
-    outputError("AUTH_BOOTSTRAP_REQUIRED", message, {
-      action,
-      recommendedFlags: [
-        "export TAROUT_TOKEN=<token>",
-        "tarout token <api-token>"
-      ]
+    outputJsonLine({
+      type: "event",
+      event: "auth_url",
+      authUrl,
+      browserLaunched: launched,
+      callbackPort
     });
-  } else {
-    process.stderr.write(`error: ${message}
-`);
+    return;
+  }
+  if (!canLaunchBrowser()) {
+    log(
+      colors.dim(
+        "On a remote/headless host? Run `tarout token <api-token>` instead \u2014 generate one at https://tarout.sa/dashboard/settings/profile."
+      )
+    );
   }
-  exit(ExitCode.AUTH_ERROR);
 }
 function registerAuthCommands(program2) {
   program2.command("login").description("Authenticate with Tarout via browser").option("--api-url <url>", "Custom API URL", "https://tarout.sa").action(async (options) => {
@@ -3311,18 +3318,16 @@ function registerAuthCommands(program2) {
           return;
         }
       }
-      if (isJsonMode() || !canLaunchBrowser()) {
-        refuseBrowserAuthForAgent("login");
-      }
       const apiUrl = options.apiUrl;
       log("");
       log("Opening browser to authenticate...");
       const authServer = await startAuthServer();
       const callbackUrl = `http://localhost:${authServer.port}/callback?state=${encodeURIComponent(authServer.state)}`;
       const authUrl = `${apiUrl}/cli-authorize?callback=${encodeURIComponent(callbackUrl)}`;
-      await openInBrowser(authUrl, {
+      const launched = await openInBrowser(authUrl, {
         hint: "If the browser didn't open, visit this URL to authenticate:"
       });
+      announceAuthUrl(authUrl, authServer.port, launched);
       const _spinner = startSpinner("Waiting for authentication...");
       try {
         const authData = await authServer.waitForCallback();
@@ -3422,18 +3427,16 @@ function registerAuthCommands(program2) {
           return;
         }
       }
-      if (isJsonMode() || !canLaunchBrowser()) {
-        refuseBrowserAuthForAgent("register");
-      }
       const apiUrl = options.apiUrl;
       log("");
       log("Opening browser to create your account...");
       const authServer = await startAuthServer();
       const callbackUrl = `http://localhost:${authServer.port}/callback?state=${encodeURIComponent(authServer.state)}`;
       const authUrl = `${apiUrl}/cli-authorize?action=register&callback=${encodeURIComponent(callbackUrl)}`;
-      await openInBrowser(authUrl, {
+      const launched = await openInBrowser(authUrl, {
         hint: "If the browser didn't open, visit this URL to create your account:"
       });
+      announceAuthUrl(authUrl, authServer.port, launched);
       const _spinner = startSpinner("Waiting for account creation...");
       try {
         const authData = await authServer.waitForCallback();
@@ -4144,7 +4147,7 @@ function emitBillingResult(result, opts) {
     case "payment_required":
       outputData({
         ...envelope,
-        hint: `Open paymentUrl to complete checkout, then run \`${nextCommand}\` \u2014 or re-run with --wait.`
+        hint: `Open paymentUrl to complete checkout, then run \`${nextCommand}\` \u2014 or re-run without --no-wait (waiting is the default).`
       });
       box("Payment required", [
         `${label}`,
@@ -4230,6 +4233,16 @@ function isPaidFamily(planKey) {
   const family = planFamily(planKey);
   return family === "SHARED" || family === "DEDICATED";
 }
+function dbAddonKeyForPlanFamily(planKey) {
+  switch (planFamily(planKey)) {
+    case "SHARED":
+      return "db.standard";
+    case "DEDICATED":
+      return "db.pro";
+    default:
+      return null;
+  }
+}
 function resourceAddonKeysForPlan(planKey) {
   switch (planFamily(planKey)) {
     case "SHARED":
@@ -4378,8 +4391,8 @@ function registerBillingCommands(program2) {
     collectAddon,
     []
   ).option(
-    "-w, --wait",
-    "After hosted-checkout opens, poll status until the payment is confirmed"
+    "--no-wait",
+    "Return as soon as the hosted checkout opens, without polling for confirmation (default: wait until paid)"
   ).option(
     "--timeout <seconds>",
     "Maximum wait time in seconds (default 600)",
@@ -4656,8 +4669,8 @@ function registerBillingCommands(program2) {
     }
   });
   billing.command("addon:add").argument("<addon>", "Addon key to add").option("-q, --quantity <n>", "Addon quantity", Number.parseInt).option(
-    "-w, --wait",
-    "After hosted-checkout opens, poll status until the payment is confirmed"
+    "--no-wait",
+    "Return as soon as the hosted checkout opens, without polling for confirmation (default: wait until paid)"
   ).option(
     "--timeout <seconds>",
     "Maximum wait time in seconds (default 600)",
@@ -4769,8 +4782,8 @@ Adding ${colors.cyan(addonKey)} \xD7 ${quantity} \u2014 opening the secure payme
     }
   });
   billing.command("plan:quantity").argument("<quantity>", "New plan quantity", Number.parseInt).option(
-    "-w, --wait",
-    "After hosted-checkout opens, poll status until the payment is confirmed"
+    "--no-wait",
+    "Return as soon as the hosted checkout opens, without polling for confirmation (default: wait until paid)"
   ).option(
     "--timeout <seconds>",
     "Maximum wait time in seconds (default 600)",
@@ -4843,8 +4856,8 @@ Adding ${colors.cyan(addonKey)} \xD7 ${quantity} \u2014 opening the secure payme
     }
   });
   billing.command("addon:buy").argument("<addon>", "Addon key").option("-q, --quantity <n>", "Quantity", Number.parseInt).option(
-    "-w, --wait",
-    "After hosted-checkout opens, poll status until the payment is confirmed"
+    "--no-wait",
+    "Return as soon as the hosted checkout opens, without polling for confirmation (default: wait until paid)"
   ).option(
     "--timeout <seconds>",
     "Maximum wait time in seconds (default 600)",
@@ -7040,7 +7053,7 @@ async function emitNeedsUpgrade(client, err, requestedPlan, retryCommand) {
     catalog,
     currentPlanKey
   );
-  const hint = options.length > 1 ? `Two ways to resolve this \u2014 ask the user which they prefer, do not choose for them: (1) ${options[0]?.label}: \`${options[0]?.command}\`; (2) ${options[1]?.label}: \`${options[1]?.command}\`. Then retry: ${retryCommand}.` : `${remedy.hint} Then retry: ${retryCommand}.`;
+  const hint = options.length > 1 ? `Two ways to resolve this \u2014 ask the user which they prefer, do not choose for them: (1) ${options[0]?.label}: \`${options[0]?.command}\`; (2) ${options[1]?.label}: \`${options[1]?.command}\`. The chosen command opens the payment page and waits until it's confirmed, then retry: ${retryCommand}.` : `${remedy.hint} That command opens the payment page and waits until it's confirmed, then retry: ${retryCommand}.`;
   outputError("NEEDS_UPGRADE", message, {
     failedEntitlementKey: failedKey,
     remedyKind: remedy.kind,
@@ -7411,6 +7424,57 @@ async function resolveResourcePlan(client, kind, value, message) {
     }
   });
 }
+function dbTierForAddonKey(addonKey) {
+  if (addonKey === "db.pro") return "PRO";
+  if (addonKey === "db.standard") return "STANDARD";
+  return "STARTER";
+}
+async function ensureDatabasePlan(client, requested) {
+  const currentPlanKey = await getCurrentPlanKeySafely(client);
+  const addonKey = dbAddonKeyForPlanFamily(currentPlanKey);
+  const orgIsPaid = addonKey !== null;
+  if (requested && !(requested === "FREE" && orgIsPaid)) {
+    return { ok: true, plan: requested };
+  }
+  const tiers = await loadResourceTiers(client, "database");
+  const hasCreatable = tiers.some((t) => t.canCreate);
+  if (hasCreatable || !orgIsPaid) {
+    return { ok: true, plan: pickDefaultResourceTier(tiers) };
+  }
+  if (!isJsonMode()) {
+    log("");
+    log(
+      colors.dim(
+        `Your plan has no open database slot \u2014 adding the ${addonKey} add-on. Complete payment in the browser to continue.`
+      )
+    );
+  }
+  const result = await performBillingChange(client, {
+    kind: "addon",
+    addonKey,
+    quantity: 1,
+    wait: true,
+    timeoutMs: 6e5,
+    openBrowser: paymentBrowserOpener(),
+    onCheckoutOpened: ({ orderId, paymentUrl }) => {
+      if (!isJsonMode()) {
+        log("");
+        log("Open this URL to complete payment:");
+        log(`  ${colors.cyan(paymentUrl)}`);
+        log(`Order ID: ${colors.dim(orderId)}`);
+      }
+    }
+  });
+  if (result.status === "applied" || result.status === "paid") {
+    return { ok: true, plan: dbTierForAddonKey(addonKey) };
+  }
+  return { ok: false, result };
+}
+async function resolveDatabasePlanOrExit(client, requested) {
+  const resolution = await ensureDatabasePlan(client, requested);
+  if (resolution.ok) return resolution.plan;
+  exit(emitBillingResult(resolution.result, { label: "Database add-on" }));
+}
 async function createAndAttachDatabase(client, profile, app, input2) {
   const appName = generateResourceSlug(app.name, input2.kind);
   const label = input2.kind === "postgres" ? "Postgres" : "MySQL";
@@ -7548,12 +7612,7 @@ async function resolveDatabaseProvisioning(client, profile, app, kind, options)
     }
   );
   if (picked === "__create__") {
-    const plan = requestedPlan ?? await resolveResourcePlan(
-      client,
-      "database",
-      void 0,
-      "Database plan:"
-    );
+    const plan = await resolveDatabasePlanOrExit(client, requestedPlan);
     return {
       action: "create",
       plan,
@@ -7918,7 +7977,7 @@ async function attachExistingStorage(client, app, decision) {
   }
 }
 async function buildDatabaseCreateDecision(client, app, kind, requestedPlan) {
-  const plan = requestedPlan ?? await resolveResourcePlan(client, "database", void 0, "Database plan:");
+  const plan = await resolveDatabasePlanOrExit(client, requestedPlan);
   return {
     action: "create",
     plan,
@@ -9015,10 +9074,7 @@ function normalizeDbPlan(value) {
   );
 }
 async function resolveDbPlan(client, explicit) {
-  const normalized = normalizeDbPlan(explicit);
-  if (normalized) return normalized;
-  const tiers = await loadResourceTiers(client, "database");
-  return pickDefaultResourceTier(tiers);
+  return resolveDatabasePlanOrExit(client, normalizeDbPlan(explicit));
 }
 function registerDbCommands(program2) {
   const db = program2.command("db").description("Manage databases");
@@ -13390,8 +13446,7 @@ function registerInitCommand(program2) {
     "Custom API URL (defaults to saved profile or https://tarout.sa)"
   ).option("--token <token>", "API token for this run").option("--name <name>", "Application name (defaults to directory name)").option(
     "--plan <plan>",
-    "App hosting plan: free, shared, or dedicated",
-    "free"
+    "App hosting plan: free, shared, or dedicated (defaults to your org's subscribed tier)"
   ).option("-r, --region <region>", "Deployment region", DEFAULT_REGION2).option("--description <text>", "Description for the newly created app").option(
     "--database <type>",
     "Provision a database: none, postgres, or mysql (defaults to auto-detected)"

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@tarout/cli",
-	"version": "0.10.1",
+	"version": "0.11.0",
 	"description": "Tarout CLI — the Saudi cloud platform for coding agents",
 	"type": "module",
 	"bin": {