@vellumai/cli 0.6.0 → 0.6.1

package/src/lib/platform-client.ts

@@ -68,19 +68,78 @@ export function clearPlatformToken(): void {
 const VAK_PREFIX = "vak_";
 
 /**
- * Returns the appropriate auth header for the given platform token.
+ * Sync helper – returns only the token-based auth header.
  *
- * - `vak_`-prefixed tokens are long-lived platform API keys and use
- *   `Authorization: Bearer`.
- * - All other tokens are allauth session tokens and use `X-Session-Token`.
+ * Used internally by {@link fetchOrganizationId} (which cannot call the
+ * async {@link authHeaders} without creating a cycle) and by functions
+ * that already have an org ID in hand.
  */
-export function authHeaders(token: string): Record<string, string> {
+function tokenAuthHeader(token: string): Record<string, string> {
   if (token.startsWith(VAK_PREFIX)) {
     return { Authorization: `Bearer ${token}` };
   }
   return { "X-Session-Token": token };
 }
 
+/** Module-level cache for org IDs to avoid redundant fetches in polling loops. */
+const orgIdCache = new Map<string, { orgId: string; expiresAt: number }>();
+const ORG_ID_CACHE_TTL_MS = 60_000; // 60 seconds
+
+/**
+ * Returns the full set of headers needed for an authenticated platform
+ * API request:
+ *
+ * - `Content-Type: application/json`
+ * - The appropriate auth header (`Authorization: Bearer` for `vak_`
+ *   API keys, `X-Session-Token` for session tokens).
+ * - `Vellum-Organization-Id` – fetched from the platform.  Only
+ *   included for session-token callers; API keys are already org-scoped.
+ *
+ * The org ID is cached per (token, platformUrl) for 60 seconds to avoid
+ * redundant HTTP requests in tight polling loops.
+ *
+ * Auth errors (401 / 403) from the org-ID fetch are logged with a
+ * user-friendly message before re-throwing, so callers don't need to
+ * repeat that logic.
+ */
+export async function authHeaders(
+  token: string,
+  platformUrl?: string,
+): Promise<Record<string, string>> {
+  const base: Record<string, string> = {
+    "Content-Type": "application/json",
+    ...tokenAuthHeader(token),
+  };
+
+  if (token.startsWith(VAK_PREFIX)) {
+    // API keys are org-scoped – no need to fetch the org ID.
+    return base;
+  }
+
+  const cacheKey = `${token}::${platformUrl ?? ""}`;
+  const cached = orgIdCache.get(cacheKey);
+  if (cached && Date.now() < cached.expiresAt) {
+    return { ...base, "Vellum-Organization-Id": cached.orgId };
+  }
+
+  try {
+    const orgId = await fetchOrganizationId(token, platformUrl);
+    orgIdCache.set(cacheKey, {
+      orgId,
+      expiresAt: Date.now() + ORG_ID_CACHE_TTL_MS,
+    });
+    return { ...base, "Vellum-Organization-Id": orgId };
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (msg.includes("401") || msg.includes("403")) {
+      console.error("Authentication failed. Run 'vellum login' to refresh.");
+    } else {
+      console.error(`Failed to fetch organization: ${msg}`);
+    }
+    throw err;
+  }
+}
+
 export interface HatchedAssistant {
   id: string;
   name: string;
@@ -89,7 +148,6 @@ export interface HatchedAssistant {
 
 export async function hatchAssistant(
   token: string,
-  orgId: string,
   platformUrl?: string,
 ): Promise<HatchedAssistant> {
   const resolvedUrl = platformUrl || getPlatformUrl();
@@ -97,11 +155,7 @@ export async function hatchAssistant(
 
   const response = await fetch(url, {
     method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      ...authHeaders(token),
-      "Vellum-Organization-Id": orgId,
-    },
+    headers: await authHeaders(token, platformUrl),
     body: JSON.stringify({}),
   });
 
@@ -149,7 +203,7 @@ export async function fetchOrganizationId(
   const resolvedUrl = platformUrl || getPlatformUrl();
   const url = `${resolvedUrl}/v1/organizations/`;
   const response = await fetch(url, {
-    headers: { ...authHeaders(token) },
+    headers: { ...tokenAuthHeader(token) },
   });
 
   if (!response.ok) {
@@ -210,18 +264,13 @@ export async function fetchCurrentUser(
 
 export async function rollbackPlatformAssistant(
   token: string,
-  orgId: string,
   version?: string,
   platformUrl?: string,
 ): Promise<{ detail: string; version: string | null }> {
   const resolvedUrl = platformUrl || getPlatformUrl();
   const response = await fetch(`${resolvedUrl}/v1/assistants/rollback/`, {
     method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      ...authHeaders(token),
-      "Vellum-Organization-Id": orgId,
-    },
+    headers: await authHeaders(token, platformUrl),
     body: JSON.stringify(version ? { version } : {}),
   });
 
@@ -255,18 +304,13 @@ export async function rollbackPlatformAssistant(
 
 export async function platformInitiateExport(
   token: string,
-  orgId: string,
   description?: string,
   platformUrl?: string,
 ): Promise<{ jobId: string; status: string }> {
   const resolvedUrl = platformUrl || getPlatformUrl();
   const response = await fetch(`${resolvedUrl}/v1/migrations/export/`, {
     method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      ...authHeaders(token),
-      "Vellum-Organization-Id": orgId,
-    },
+    headers: await authHeaders(token, platformUrl),
     body: JSON.stringify({ description: description ?? "CLI backup" }),
   });
 
@@ -290,17 +334,13 @@ export async function platformInitiateExport(
 export async function platformPollExportStatus(
   jobId: string,
   token: string,
-  orgId: string,
   platformUrl?: string,
 ): Promise<{ status: string; downloadUrl?: string; error?: string }> {
   const resolvedUrl = platformUrl || getPlatformUrl();
   const response = await fetch(
     `${resolvedUrl}/v1/migrations/export/${jobId}/status/`,
     {
-      headers: {
-        ...authHeaders(token),
-        "Vellum-Organization-Id": orgId,
-      },
+      headers: await authHeaders(token, platformUrl),
     },
   );
 
@@ -345,7 +385,6 @@ export async function platformDownloadExport(
 export async function platformImportPreflight(
   bundleData: Uint8Array<ArrayBuffer>,
   token: string,
-  orgId: string,
   platformUrl?: string,
 ): Promise<{ statusCode: number; body: Record<string, unknown> }> {
   const resolvedUrl = platformUrl || getPlatformUrl();
@@ -354,9 +393,8 @@ export async function platformImportPreflight(
     {
       method: "POST",
       headers: {
+        ...(await authHeaders(token, platformUrl)),
         "Content-Type": "application/octet-stream",
-        ...authHeaders(token),
-        "Vellum-Organization-Id": orgId,
       },
       body: new Blob([bundleData]),
       signal: AbortSignal.timeout(120_000),
@@ -373,19 +411,17 @@ export async function platformImportPreflight(
 export async function platformImportBundle(
   bundleData: Uint8Array<ArrayBuffer>,
   token: string,
-  orgId: string,
   platformUrl?: string,
 ): Promise<{ statusCode: number; body: Record<string, unknown> }> {
   const resolvedUrl = platformUrl || getPlatformUrl();
   const response = await fetch(`${resolvedUrl}/v1/migrations/import/`, {
     method: "POST",
     headers: {
+      ...(await authHeaders(token, platformUrl)),
       "Content-Type": "application/octet-stream",
-      ...authHeaders(token),
-      "Vellum-Organization-Id": orgId,
     },
     body: new Blob([bundleData]),
-    signal: AbortSignal.timeout(120_000),
+    signal: AbortSignal.timeout(300_000),
   });
 
   const body = (await response.json().catch(() => ({}))) as Record<
@@ -401,17 +437,12 @@ export async function platformImportBundle(
 
 export async function platformRequestUploadUrl(
   token: string,
-  orgId: string,
   platformUrl?: string,
 ): Promise<{ uploadUrl: string; bundleKey: string; expiresAt: string }> {
   const resolvedUrl = platformUrl || getPlatformUrl();
   const response = await fetch(`${resolvedUrl}/v1/migrations/upload-url/`, {
     method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      ...authHeaders(token),
-      "Vellum-Organization-Id": orgId,
-    },
+    headers: await authHeaders(token, platformUrl),
     body: JSON.stringify({ content_type: "application/octet-stream" }),
   });
 
@@ -466,7 +497,6 @@ export async function platformUploadToSignedUrl(
 export async function platformImportPreflightFromGcs(
   bundleKey: string,
   token: string,
-  orgId: string,
   platformUrl?: string,
 ): Promise<{ statusCode: number; body: Record<string, unknown> }> {
   const resolvedUrl = platformUrl || getPlatformUrl();
@@ -474,13 +504,9 @@ export async function platformImportPreflightFromGcs(
     `${resolvedUrl}/v1/migrations/import-preflight-from-gcs/`,
     {
       method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        ...authHeaders(token),
-        "Vellum-Organization-Id": orgId,
-      },
-      body: JSON.stringify({ bundle_key: bundleKey }),
+      headers: await authHeaders(token, platformUrl),
       signal: AbortSignal.timeout(120_000),
+      body: JSON.stringify({ bundle_key: bundleKey }),
     },
   );
 
@@ -494,7 +520,6 @@ export async function platformImportPreflightFromGcs(
 export async function platformImportBundleFromGcs(
   bundleKey: string,
   token: string,
-  orgId: string,
   platformUrl?: string,
 ): Promise<{ statusCode: number; body: Record<string, unknown> }> {
   const resolvedUrl = platformUrl || getPlatformUrl();
@@ -502,13 +527,9 @@ export async function platformImportBundleFromGcs(
     `${resolvedUrl}/v1/migrations/import-from-gcs/`,
     {
       method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        ...authHeaders(token),
-        "Vellum-Organization-Id": orgId,
-      },
+      headers: await authHeaders(token, platformUrl),
       body: JSON.stringify({ bundle_key: bundleKey }),
-      signal: AbortSignal.timeout(120_000),
+      signal: AbortSignal.timeout(300_000),
     },
   );
 

package/src/lib/upgrade-lifecycle.ts

@@ -16,7 +16,7 @@ import { loadGuardianToken } from "./guardian-token.js";
 import { getPlatformUrl } from "./platform-client.js";
 import { resolveImageRefs } from "./platform-releases.js";
 import { exec, execOutput } from "./step-runner.js";
-import { parseVersion } from "./version-compat.js";
+import { compareVersions } from "./version-compat.js";
 
 // ---------------------------------------------------------------------------
 // Shared constants & builders for upgrade / rollback lifecycle events
@@ -318,26 +318,16 @@ export async function performDockerRollback(
 
   // Validate target version < current version
   if (currentVersion) {
-    const current = parseVersion(currentVersion);
-    const target = parseVersion(targetVersion);
-    if (current && target) {
-      const isNewer = (() => {
-        if (target.major !== current.major) return target.major > current.major;
-        if (target.minor !== current.minor) return target.minor > current.minor;
-        return target.patch > current.patch;
-      })();
-      if (isNewer) {
+    const cmp = compareVersions(targetVersion, currentVersion);
+    if (cmp !== null) {
+      if (cmp > 0) {
         const msg =
           "Cannot roll back to a newer version. Use `vellum upgrade` instead.";
         console.error(msg);
         emitCliError("VERSION_DIRECTION", msg);
         process.exit(1);
       }
-      const isSame =
-        target.major === current.major &&
-        target.minor === current.minor &&
-        target.patch === current.patch;
-      if (isSame) {
+      if (cmp === 0) {
         const msg = `Already on version ${targetVersion}. Nothing to roll back to.`;
         console.error(msg);
         emitCliError("VERSION_DIRECTION", msg);

package/src/lib/version-compat.ts

@@ -1,13 +1,16 @@
 /**
- * Parse a version string into { major, minor, patch } components.
- * Handles optional `v` prefix (e.g., "v1.2.3" or "1.2.3").
+ * Parse a version string into { major, minor, patch, pre } components.
+ * Handles optional `v`/`V` prefix (e.g., "v1.2.3" or "1.2.3").
+ * Pre-release suffixes are captured (e.g., "0.6.0-staging.5" → pre: "staging.5").
  * Returns null if the string cannot be parsed as semver.
  */
 export function parseVersion(
   version: string,
-): { major: number; minor: number; patch: number } | null {
+): { major: number; minor: number; patch: number; pre: string | null } | null {
   const stripped = version.replace(/^[vV]/, "");
-  const segments = stripped.split(".");
+  const [core, ...rest] = stripped.split("-");
+  const pre = rest.length > 0 ? rest.join("-") : null;
+  const segments = (core ?? "").split(".");
 
   if (segments.length < 2) {
     return null;
@@ -21,7 +24,66 @@ export function parseVersion(
     return null;
   }
 
-  return { major, minor, patch };
+  return { major, minor, patch, pre };
+}
+
+/**
+ * Compare two pre-release strings per semver §11:
+ *   - Dot-separated identifiers compared left to right.
+ *   - Both numeric → compare as integers.
+ *   - Both non-numeric → compare lexically.
+ *   - Numeric vs non-numeric → numeric sorts lower (§11.4.4).
+ *   - Fewer identifiers sorts earlier when all preceding are equal.
+ */
+function comparePreRelease(a: string, b: string): number {
+  const pa = a.split(".");
+  const pb = b.split(".");
+  const len = Math.max(pa.length, pb.length);
+  for (let i = 0; i < len; i++) {
+    if (i >= pa.length) return -1; // a has fewer fields → a < b
+    if (i >= pb.length) return 1;
+    const aIsNum = /^\d+$/.test(pa[i]);
+    const bIsNum = /^\d+$/.test(pb[i]);
+    if (aIsNum && bIsNum) {
+      const diff = Number(pa[i]) - Number(pb[i]);
+      if (diff !== 0) return diff;
+    } else if (aIsNum !== bIsNum) {
+      return aIsNum ? -1 : 1; // numeric < non-numeric per §11.4.4
+    } else {
+      const cmp = (pa[i] ?? "").localeCompare(pb[i] ?? "");
+      if (cmp !== 0) return cmp;
+    }
+  }
+  return 0;
+}
+
+/**
+ * Compare two semver version strings.
+ * Returns negative if a < b, 0 if equal, positive if a > b.
+ *
+ * Handles pre-release suffixes per semver spec:
+ *   - `0.6.0-staging.1 < 0.6.0` (pre-release < release)
+ *   - `0.6.0-staging.1 < 0.6.0-staging.2` (numeric postfix comparison)
+ *
+ * Returns null if either version cannot be parsed.
+ */
+export function compareVersions(a: string, b: string): number | null {
+  const pa = parseVersion(a);
+  const pb = parseVersion(b);
+  if (pa === null || pb === null) return null;
+
+  const majorDiff = pa.major - pb.major;
+  if (majorDiff !== 0) return majorDiff;
+  const minorDiff = pa.minor - pb.minor;
+  if (minorDiff !== 0) return minorDiff;
+  const patchDiff = pa.patch - pb.patch;
+  if (patchDiff !== 0) return patchDiff;
+
+  // Same major.minor.patch — compare pre-release
+  if (pa.pre === null && pb.pre === null) return 0;
+  if (pa.pre !== null && pb.pre === null) return -1; // pre-release < release
+  if (pa.pre === null && pb.pre !== null) return 1;
+  return comparePreRelease(pa.pre!, pb.pre!);
 }
 
 /**