@treeseed/sdk 0.10.20 → 0.10.22

package/dist/operations/services/deploy.d.ts

@@ -1005,7 +1005,7 @@ export declare function destroyCloudflareResources(tenantRoot: any, options?: {}
     };
     operations: {
         worker: {
-            status: string;
+            status: any;
             name: any;
         };
         formGuard: {
@@ -1013,7 +1013,7 @@ export declare function destroyCloudflareResources(tenantRoot: any, options?: {}
             id: any;
             preview?: undefined;
         } | {
-            status: string;
+            status: any;
             id: any;
             preview: boolean;
         };

package/dist/operations/services/deploy.js

@@ -1083,6 +1083,7 @@ function shouldManageCloudflareWebCacheRules(deployConfig, target) {
 }
 function cloudflareApiRequest(path, { method = "GET", body, env, allowFailure = false } = {}) {
   const requestScript = `import { readFileSync } from 'node:fs';
+import { request } from 'node:https';
 const input = JSON.parse(readFileSync(0, 'utf8') || '{}');
 function errorMessage(error) {
   const parts = [];
@@ -1099,15 +1100,32 @@ function errorMessage(error) {
   return [...new Set(parts.filter(Boolean))].join('; ') || String(error);
 }
 try {
-  const response = await fetch(input.url, {
-    method: input.method,
-    headers: {
-      authorization: 'Bearer ' + input.token,
-      'content-type': 'application/json',
-    },
-    body: input.body ? JSON.stringify(input.body) : undefined,
+  const body = input.body ? JSON.stringify(input.body) : undefined;
+  const response = await new Promise((resolve, reject) => {
+    const req = request(input.url, {
+      method: input.method,
+      headers: {
+        authorization: 'Bearer ' + input.token,
+        'content-type': 'application/json',
+      },
+      timeout: input.timeoutMs ?? 12000,
+    }, (res) => {
+      const chunks = [];
+      res.setEncoding('utf8');
+      res.on('data', (chunk) => chunks.push(chunk));
+      res.on('end', () => resolve({
+        ok: typeof res.statusCode === 'number' && res.statusCode >= 200 && res.statusCode < 300,
+        text: chunks.join(''),
+      }));
+    });
+    req.on('timeout', () => {
+      req.destroy(new Error('Cloudflare API request timed out'));
+    });
+    req.on('error', reject);
+    if (body) req.write(body);
+    req.end();
   });
-  const rawBody = await response.text();
+  const rawBody = response.text;
   let payload;
   try {
     payload = rawBody ? JSON.parse(rawBody) : {};
@@ -1126,6 +1144,7 @@ try {
     url: `https://api.cloudflare.com/client/v4${path}`,
     method,
     body,
+    timeoutMs: 12e3,
     token: env?.CLOUDFLARE_API_TOKEN ?? process.env.CLOUDFLARE_API_TOKEN ?? ""
   });
   const isTransient = (text) => /fetch failed|timed out|etimedout|econnreset|enetunreach|temporarily unavailable|aborted/iu.test(text || "");
@@ -1679,22 +1698,10 @@ function deleteKvNamespace(tenantRoot, namespaceId, { env, dryRun, preview = fal
   if (dryRun) {
     return { status: "planned", id: namespaceId, preview };
   }
-  const args = ["kv", "namespace", "delete", "--namespace-id", namespaceId, "--skip-confirmation"];
-  if (preview) {
-    args.push("--preview");
-  }
-  const result = runWrangler(args, {
-    cwd: tenantRoot,
-    allowFailure: true,
-    capture: true,
-    env
-  });
-  const output = `${result.stdout ?? ""}
-${result.stderr ?? ""}`;
-  if (result.status !== 0 && !looksLikeMissingResource(output)) {
-    throw new Error(output.trim() || `Failed to delete KV namespace ${namespaceId}.`);
-  }
-  return { status: result.status === 0 ? "deleted" : "missing", id: namespaceId, preview };
+  const accountId = env?.CLOUDFLARE_ACCOUNT_ID ?? process.env.CLOUDFLARE_ACCOUNT_ID ?? "";
+  const path = accountId ? `/accounts/${encodeURIComponent(accountId)}/storage/kv/namespaces/${encodeURIComponent(namespaceId)}` : null;
+  const deleted = deleteCloudflareApiResource(path, { env, dryRun: false, name: namespaceId, type: "kv-namespace" });
+  return { status: deleted.status, id: namespaceId, preview };
 }
 function deleteD1Database(tenantRoot, databaseName, { env, dryRun }) {
   if (!databaseName) {
@@ -1703,18 +1710,12 @@ function deleteD1Database(tenantRoot, databaseName, { env, dryRun }) {
   if (dryRun) {
     return { status: "planned", name: databaseName };
   }
-  const result = runWrangler(["d1", "delete", databaseName, "--skip-confirmation"], {
-    cwd: tenantRoot,
-    allowFailure: true,
-    capture: true,
-    env
-  });
-  const output = `${result.stdout ?? ""}
-${result.stderr ?? ""}`;
-  if (result.status !== 0 && !looksLikeMissingResource(output)) {
-    throw new Error(output.trim() || `Failed to delete D1 database ${databaseName}.`);
-  }
-  return { status: result.status === 0 ? "deleted" : "missing", name: databaseName };
+  const accountId = env?.CLOUDFLARE_ACCOUNT_ID ?? process.env.CLOUDFLARE_ACCOUNT_ID ?? "";
+  const database = accountId ? listD1Databases(tenantRoot, env).find((entry) => entry?.name === databaseName) : null;
+  const databaseId = database?.uuid ?? database?.id ?? null;
+  const path = accountId && databaseId ? `/accounts/${encodeURIComponent(accountId)}/d1/database/${encodeURIComponent(databaseId)}` : null;
+  const deleted = deleteCloudflareApiResource(path, { env, dryRun: false, name: databaseName, type: "d1-database" });
+  return { status: deleted.status, name: databaseName, id: databaseId };
 }
 function deleteWorker(tenantRoot, workerName, { env, dryRun, force = false }) {
   if (!workerName) {
@@ -1723,23 +1724,10 @@ function deleteWorker(tenantRoot, workerName, { env, dryRun, force = false }) {
   if (dryRun) {
     return { status: "planned", name: workerName };
   }
-  const args = ["delete", workerName];
-  if (force) {
-    args.push("--force");
-  }
-  const result = runWrangler(args, {
-    cwd: tenantRoot,
-    allowFailure: true,
-    capture: true,
-    env,
-    input: "y\n"
-  });
-  const output = `${result.stdout ?? ""}
-${result.stderr ?? ""}`;
-  if (result.status !== 0 && !looksLikeMissingResource(output)) {
-    throw new Error(output.trim() || `Failed to delete Worker ${workerName}.`);
-  }
-  return { status: result.status === 0 ? "deleted" : "missing", name: workerName };
+  const accountId = env?.CLOUDFLARE_ACCOUNT_ID ?? process.env.CLOUDFLARE_ACCOUNT_ID ?? "";
+  const path = accountId ? `/accounts/${encodeURIComponent(accountId)}/workers/services/${encodeURIComponent(workerName)}` : null;
+  const deleted = deleteCloudflareApiResource(path, { env, dryRun: false, name: workerName, type: "worker" });
+  return { status: deleted.status, name: workerName };
 }
 function resourceOperation(provider, type, name, status, extra = {}) {
   return {
@@ -1768,7 +1756,7 @@ function formatCloudflareErrors(payload) {
 }
 function deleteQueueByName(tenantRoot, queue, { env, dryRun }) {
   const name = queueName(queue) ?? queue?.name ?? null;
-  const id = queueId(queue);
+  let id = queueId(queue);
   if (!name) {
     return resourceOperation("cloudflare", "queue", name, "missing");
   }
@@ -1776,6 +1764,10 @@ function deleteQueueByName(tenantRoot, queue, { env, dryRun }) {
     return resourceOperation("cloudflare", "queue", name, "planned", { id });
   }
   const accountId = env?.CLOUDFLARE_ACCOUNT_ID ?? process.env.CLOUDFLARE_ACCOUNT_ID ?? "";
+  if (!id && accountId) {
+    const live = listQueues(tenantRoot, env).find((entry) => queueName(entry) === name);
+    id = queueId(live);
+  }
   const path = id ? `/accounts/${encodeURIComponent(accountId)}/queues/${encodeURIComponent(id)}` : null;
   if (path) {
     const deleted = deleteCloudflareApiResource(path, { env, dryRun: false, name, type: "queue" });
@@ -1783,19 +1775,10 @@ function deleteQueueByName(tenantRoot, queue, { env, dryRun }) {
       return { ...deleted, id };
     }
   }
-  const result = runWrangler(["queues", "delete", name], {
-    cwd: tenantRoot,
-    allowFailure: true,
-    capture: true,
-    env,
-    input: "y\n"
-  });
-  const output = `${result.stdout ?? ""}
-${result.stderr ?? ""}`;
-  if (result.status !== 0 && !looksLikeMissingResource(output)) {
-    throw new Error(output.trim() || `Failed to delete queue ${name}.`);
+  if (accountId) {
+    return resourceOperation("cloudflare", "queue", name, "missing", { id });
   }
-  return resourceOperation("cloudflare", "queue", name, result.status === 0 ? "deleted" : "missing", { id });
+  throw new Error(`Failed to delete queue ${name}: CLOUDFLARE_ACCOUNT_ID is not configured.`);
 }
 function isLegacyTreeseedQueueName(name, scope) {
   if (!name || !scope) {
@@ -1827,19 +1810,10 @@ function deleteR2Bucket(tenantRoot, bucketName, { env, dryRun, deleteData }) {
     return resourceOperation("cloudflare", "r2-bucket", bucketName, "planned");
   }
   const drained = drainR2Bucket(bucketName, { env });
-  const result = runWrangler(["r2", "bucket", "delete", bucketName], {
-    cwd: tenantRoot,
-    allowFailure: true,
-    capture: true,
-    env,
-    input: "y\n"
-  });
-  const output = `${result.stdout ?? ""}
-${result.stderr ?? ""}`;
-  if (result.status !== 0 && !looksLikeMissingResource(output)) {
-    throw new Error(output.trim() || `Failed to delete R2 bucket ${bucketName}.`);
-  }
-  return resourceOperation("cloudflare", "r2-bucket", bucketName, result.status === 0 ? "deleted" : "missing", drained);
+  const accountId = env?.CLOUDFLARE_ACCOUNT_ID ?? process.env.CLOUDFLARE_ACCOUNT_ID ?? "";
+  const path = accountId ? `/accounts/${encodeURIComponent(accountId)}/r2/buckets/${encodeURIComponent(bucketName)}` : null;
+  const deleted = deleteCloudflareApiResource(path, { env, dryRun: false, name: bucketName, type: "r2-bucket" });
+  return resourceOperation("cloudflare", "r2-bucket", bucketName, deleted.status, drained);
 }
 function r2ObjectKey(entry) {
   return typeof entry?.key === "string" ? entry.key : typeof entry?.name === "string" ? entry.name : "";
@@ -2408,7 +2382,7 @@ async function destroyTreeseedEnvironmentResources(tenantRoot, options = {}) {
   const force = options.force ?? false;
   const kvNamespaces = dryRun ? [] : listKvNamespaces(tenantRoot, env);
   const d1Databases = dryRun ? [] : listD1Databases(tenantRoot, env);
-  const queues = listQueues(tenantRoot, env);
+  const queues = dryRun ? [] : listQueues(tenantRoot, env);
   const buckets = dryRun ? [] : listR2Buckets(tenantRoot, env);
   const pagesProjects = dryRun ? [] : listPagesProjects(tenantRoot, env);
   state.kvNamespaces.FORM_GUARD_KV.id = resolveExistingKvIdByName(

package/dist/operations/services/railway-api.js

@@ -1,3 +1,4 @@
+import { request as httpsRequest } from "node:https";
 const DEFAULT_RAILWAY_API_URL = "https://backboard.railway.com/graphql/v2";
 const DEFAULT_RAILWAY_WORKSPACE = "knowledge-coop";
 const RAILWAY_POSTGRES_TEMPLATE_ID = "b55da7dc-09be-4140-bc65-1284d15d349c";
@@ -295,7 +296,7 @@ async function railwayGraphqlRequest({
     const controller = new AbortController();
     let timer = null;
     try {
-      const response = await Promise.race([
+      const response = fetchImpl === fetch ? await railwayGraphqlHttpsRequest(apiUrl || resolveRailwayApiUrl(env), token, { query, variables }, timeoutMs) : await Promise.race([
         fetchImpl(apiUrl || resolveRailwayApiUrl(env), {
           method: "POST",
           headers: {
@@ -304,7 +305,12 @@ async function railwayGraphqlRequest({
           },
           body: JSON.stringify({ query, variables }),
           signal: controller.signal
-        }),
+        }).then(async (fetchResponse) => ({
+          ok: fetchResponse.ok,
+          status: fetchResponse.status,
+          payload: await fetchResponse.json().catch(() => ({})),
+          retryAfter: fetchResponse.headers.get("retry-after")
+        })),
         new Promise((_, reject) => {
           timer = setTimeout(() => {
             controller.abort();
@@ -312,11 +318,11 @@ async function railwayGraphqlRequest({
           }, timeoutMs);
         })
       ]);
-      const payload = await response.json().catch(() => ({}));
+      const payload = response.payload;
       if (!response.ok || Array.isArray(payload.errors) && payload.errors.length > 0) {
         const message = normalizeRailwayErrorMessage(payload, response.status);
         const hasGraphqlErrors = Array.isArray(payload.errors) && payload.errors.length > 0;
-        const retryAfterMs = parseRetryAfterMs(response.headers.get("retry-after"));
+        const retryAfterMs = parseRetryAfterMs(response.retryAfter);
         const shouldRetry = isRetryableRailwayStatus(response.status) || /rate limit|too many requests/iu.test(message);
         const error = new Error(message);
         if (shouldRetry || hasGraphqlErrors && /rate limit|too many requests/iu.test(message)) {
@@ -340,6 +346,47 @@ async function railwayGraphqlRequest({
     }
   }
 }
+async function railwayGraphqlHttpsRequest(url, token, body, timeoutMs) {
+  const rawBody = JSON.stringify(body);
+  return new Promise((resolve, reject) => {
+    const req = httpsRequest(url, {
+      method: "POST",
+      headers: {
+        authorization: `Bearer ${token}`,
+        "content-type": "application/json",
+        "content-length": Buffer.byteLength(rawBody)
+      },
+      timeout: timeoutMs
+    }, (res) => {
+      const chunks = [];
+      res.setEncoding("utf8");
+      res.on("data", (chunk) => chunks.push(chunk));
+      res.on("end", () => {
+        const text = chunks.join("");
+        let payload = {};
+        try {
+          payload = text ? JSON.parse(text) : {};
+        } catch {
+          payload = {};
+        }
+        const status = res.statusCode ?? 0;
+        const retryAfterHeader = res.headers["retry-after"];
+        resolve({
+          ok: status >= 200 && status < 300,
+          status,
+          payload,
+          retryAfter: Array.isArray(retryAfterHeader) ? retryAfterHeader[0] ?? null : retryAfterHeader ?? null
+        });
+      });
+    });
+    req.on("timeout", () => {
+      req.destroy(markRailwayTransientError(new Error(`Railway API request timed out after ${timeoutMs}ms.`)));
+    });
+    req.on("error", reject);
+    req.write(rawBody);
+    req.end();
+  });
+}
 async function getRailwayAuthProfile({
   env = process.env,
   fetchImpl = fetch
@@ -839,13 +886,13 @@ async function ensureRailwayServiceInstanceConfiguration({
   runtimeMode,
   env = process.env,
   fetchImpl = fetch,
-  settleAttempts = 24,
+  settleAttempts = 60,
   settleDelayMs = 5e3
 }) {
   let current = await getRailwayServiceInstance({ serviceId, environmentId, env, fetchImpl });
   if (!current.id) {
-    for (let attempt = 0; attempt < 8 && !current.id; attempt += 1) {
-      await new Promise((resolve) => setTimeout(resolve, 1500));
+    for (let attempt = 0; attempt < settleAttempts && !current.id; attempt += 1) {
+      await new Promise((resolve) => setTimeout(resolve, settleDelayMs));
       current = await getRailwayServiceInstance({ serviceId, environmentId, env, fetchImpl });
     }
   }

package/dist/reconcile/builtin-adapters.js

@@ -2133,7 +2133,8 @@ async function verifyRailwayUnit(input) {
       const topology = await resolveRailwayTopologyForScope(input, scope, {
         serviceKeys: [serviceKey],
         includeInstances: true,
-        includeVariables: true
+        includeVariables: true,
+        refresh: true
       });
       const entry = topology.services.get(serviceKey) ?? null;
       const service = entry?.configuredService ?? null;

package/dist/workflow/operations.d.ts

@@ -408,7 +408,7 @@ export declare function workflowSave(helpers: WorkflowOperationHelpers, input: T
     };
     ciMode: "hosted" | "off";
     verifyMode: "action-first" | "local-only" | import("../workflow.ts").TreeseedWorkflowVerifyMode;
-    workflowGates: Record<string, unknown>[] | {
+    workflowGates: (Record<string, unknown> | {
         name: string;
         repository: string | null;
         workflow: string;
@@ -423,7 +423,7 @@ export declare function workflowSave(helpers: WorkflowOperationHelpers, input: T
         updatedAt: null;
         timeoutSeconds: number | null;
         cached: boolean;
-    }[];
+    })[];
     releaseCandidate: ReleaseCandidateReport | null;
     hostingAudit: import("../workflow-support.ts").TreeseedHostingAuditReport | null;
 } & {
@@ -551,7 +551,7 @@ export declare function workflowClose(helpers: WorkflowOperationHelpers, input:
         };
         ciMode: "hosted" | "off";
         verifyMode: "action-first" | "local-only" | import("../workflow.ts").TreeseedWorkflowVerifyMode;
-        workflowGates: Record<string, unknown>[] | {
+        workflowGates: (Record<string, unknown> | {
             name: string;
             repository: string | null;
             workflow: string;
@@ -566,7 +566,7 @@ export declare function workflowClose(helpers: WorkflowOperationHelpers, input:
             updatedAt: null;
             timeoutSeconds: number | null;
             cached: boolean;
-        }[];
+        })[];
         releaseCandidate: ReleaseCandidateReport | null;
         hostingAudit: import("../workflow-support.ts").TreeseedHostingAuditReport | null;
     } & {
@@ -735,7 +735,7 @@ export declare function workflowStage(helpers: WorkflowOperationHelpers, input:
         };
         ciMode: "hosted" | "off";
         verifyMode: "action-first" | "local-only" | import("../workflow.ts").TreeseedWorkflowVerifyMode;
-        workflowGates: Record<string, unknown>[] | {
+        workflowGates: (Record<string, unknown> | {
             name: string;
             repository: string | null;
             workflow: string;
@@ -750,7 +750,7 @@ export declare function workflowStage(helpers: WorkflowOperationHelpers, input:
             updatedAt: null;
             timeoutSeconds: number | null;
             cached: boolean;
-        }[];
+        })[];
         releaseCandidate: ReleaseCandidateReport | null;
         hostingAudit: import("../workflow-support.ts").TreeseedHostingAuditReport | null;
     } & {

package/dist/workflow/operations.js

@@ -3134,7 +3134,7 @@ async function workflowSave(helpers, input) {
         const saveWorkflowGates = shouldUseHostedSaveCi(effectiveInput, branch) ? await executeJournalStep(root, workflowRun.runId, "hosted-ci", async () => {
           if (branch === STAGING_BRANCH) {
             const workflowGates = saveResult?.workflowGates ?? [];
-            if (workflowGates.length > 0 || effectiveInput.verifyDeployedResources !== true || scope === "local" || !savedRootRepo.commitSha) {
+            if (effectiveInput.verifyDeployedResources !== true || scope === "local" || !savedRootRepo.commitSha) {
               return { workflowGates };
             }
             helpers.write("[save][workflow] Dispatching hosted market deploy gate for deployed resource verification.");
@@ -3163,7 +3163,12 @@ async function workflowSave(helpers, input) {
               runId: workflowRun.runId,
               onProgress: (line, stream) => helpers.write(line, stream)
             });
-            return { workflowGates: dispatchedGates };
+            return {
+              workflowGates: [
+                ...workflowGates.filter((gate) => !(gate.repository === repository && gate.workflow === "deploy.yml")),
+                ...dispatchedGates
+              ]
+            };
           }
           helpers.write("[save][workflow] Waiting for hosted save workflow gates.");
           return waitForWorkflowGates("save", [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@treeseed/sdk",
-  "version": "0.10.20",
+  "version": "0.10.22",
   "description": "Shared Treeseed SDK for content-backed and D1-backed object models.",
   "license": "AGPL-3.0-only",
   "repository": {