@vibecodemax/cli 0.1.4 → 0.1.6

package/dist/cli.js

@@ -1,6 +1,5 @@
 #!/usr/bin/env node
 import * as fs from "node:fs";
-import * as os from "node:os";
 import * as path from "node:path";
 import { spawnSync } from "node:child_process";
 import { checkS3Context, setupS3Storage, smokeTestS3 } from "./storageS3.js";
@@ -41,6 +40,19 @@ function fail(code, message, exitCode = 1, extra = {}) {
     printJson({ ok: false, code, message, ...extra });
     process.exit(exitCode);
 }
+/** Extract a human-readable error message from a Supabase/provider JSON response. */
+function extractErrorMessage(json) {
+    if (!json || typeof json !== "object")
+        return null;
+    const obj = json;
+    if (isNonEmptyString(obj.error))
+        return obj.error;
+    if (isNonEmptyString(obj.message))
+        return obj.message;
+    if (isNonEmptyString(obj.msg))
+        return obj.msg;
+    return null;
+}
 function parseArgs(argv) {
     const [command, ...rest] = argv;
     let subcommand;
@@ -492,31 +504,44 @@ async function createAdminUser(supabaseUrl, serviceRoleKey, email, temporaryPass
     }
     return userId;
 }
-async function promoteAdminProfile(supabaseUrl, serviceRoleKey, userId, email) {
+async function findAdminMembership(supabaseUrl, serviceRoleKey, userId) {
+    const result = await supabaseAdminRequest({
+        supabaseUrl,
+        serviceRoleKey,
+        method: "GET",
+        endpoint: `/rest/v1/admin_users?user_id=eq.${userId}&select=user_id,role`,
+    });
+    const rows = Array.isArray(result) ? result : [];
+    const row = rows.find((candidate) => {
+        if (!candidate || typeof candidate !== "object")
+            return false;
+        return candidate.user_id === userId;
+    });
+    return {
+        exists: Boolean(row),
+        role: typeof row?.role === "string" ? row.role : null,
+    };
+}
+async function promoteAdminUser(supabaseUrl, serviceRoleKey, userId) {
+    const existing = await findAdminMembership(supabaseUrl, serviceRoleKey, userId);
+    if (existing.exists)
+        return;
     await supabaseAdminRequest({
         supabaseUrl,
         serviceRoleKey,
         method: "POST",
-        endpoint: "/rest/v1/profiles?on_conflict=id",
+        endpoint: "/rest/v1/admin_users",
         body: [
             {
-                id: userId,
-                email,
-                name: "Admin User",
-                role: "admin",
+                user_id: userId,
+                role: "super",
             },
         ],
     });
 }
-async function verifyAdminProfile(supabaseUrl, serviceRoleKey, userId) {
-    const result = await supabaseAdminRequest({
-        supabaseUrl,
-        serviceRoleKey,
-        method: "GET",
-        endpoint: `/rest/v1/profiles?id=eq.${userId}&select=id,role`,
-    });
-    const rows = Array.isArray(result) ? result : [];
-    return rows.some((row) => row && typeof row === "object" && row.role === "admin");
+async function verifyAdminUser(supabaseUrl, serviceRoleKey, userId) {
+    const membership = await findAdminMembership(supabaseUrl, serviceRoleKey, userId);
+    return membership.exists;
 }
 async function ensureAdmin(flags) {
     const { values } = loadLocalEnv();
@@ -538,8 +563,8 @@ async function ensureAdmin(flags) {
     if (!userId) {
         fail("INVALID_RESPONSE", "Resolved admin user ID is missing after ensure-admin.");
     }
-    await promoteAdminProfile(supabaseUrl, serviceRoleKey, userId, email);
-    const verified = await verifyAdminProfile(supabaseUrl, serviceRoleKey, userId);
+    await promoteAdminUser(supabaseUrl, serviceRoleKey, userId);
+    const verified = await verifyAdminUser(supabaseUrl, serviceRoleKey, userId);
     if (!verified) {
         fail("ADMIN_VERIFY_FAILED", "The admin role could not be verified after promotion.");
     }
@@ -553,7 +578,7 @@ async function ensureAdmin(flags) {
         promoted: true,
         verified: true,
         defaultName: "Admin User",
-        applied: ["auth_user", "admin_profile"],
+        applied: ["auth_user", "admin_users"],
     };
     if (temporaryPassword) {
         result.temporaryPassword = temporaryPassword;
@@ -617,6 +642,20 @@ function runShellCommand(command, cwd) {
     }
     return typeof result.stdout === "string" ? result.stdout.trim() : "";
 }
+function runLinkedSupabaseCommand(command, cwd, failureCode, fallbackMessage) {
+    const result = spawnSync(process.env.SHELL || "/bin/zsh", ["-lc", command], {
+        cwd,
+        env: process.env,
+        encoding: "utf8",
+    });
+    if (result.status !== 0) {
+        const message = [result.stderr, result.stdout]
+            .map((value) => (typeof value === "string" ? value.trim() : ""))
+            .find(Boolean) || fallbackMessage;
+        fail(failureCode, message);
+    }
+    return typeof result.stdout === "string" ? result.stdout.trim() : "";
+}
 function normalizeStorageMimeCategories(rawValue) {
     const requested = rawValue
         .split(",")
@@ -695,13 +734,7 @@ async function storageRequest(params) {
         json = null;
     }
     if (!response.ok) {
-        const message = isNonEmptyString(json?.error)
-            ? json.error
-            : isNonEmptyString(json?.message)
-                ? json.message
-                : isNonEmptyString(json?.msg)
-                    ? json.msg
-                    : `Supabase returned ${response.status}`;
+        const message = extractErrorMessage(json) || `Supabase returned ${response.status}`;
         fail("SUPABASE_STORAGE_ERROR", message, 1, { status: response.status });
     }
     return json;
@@ -751,14 +784,14 @@ async function readStorageBucket(supabaseUrl, serviceRoleKey, bucketId) {
     }
     if (response.status === 404)
         return null;
+    // Supabase may return 400 (not 404) for non-existent buckets in some API versions
+    if (response.status === 400) {
+        const extracted = extractErrorMessage(json);
+        if (extracted && /bucket\s*not\s*found/i.test(extracted))
+            return null;
+    }
     if (!response.ok) {
-        const message = isNonEmptyString(json?.error)
-            ? json.error
-            : isNonEmptyString(json?.message)
-                ? json.message
-                : isNonEmptyString(json?.msg)
-                    ? json.msg
-                    : `Supabase returned ${response.status}`;
+        const message = extractErrorMessage(json) || `Supabase returned ${response.status}`;
         fail("SUPABASE_STORAGE_ERROR", message, 1, { status: response.status });
     }
     return json && typeof json === "object" ? json : {};
@@ -809,13 +842,6 @@ async function ensureStorageBucket(supabaseUrl, serviceRoleKey, bucketId, isPubl
         verified: true,
     };
 }
-function verifyRequiredStoragePolicies(dumpContent) {
-    const normalized = dumpContent.toLowerCase();
-    const missing = STORAGE_REQUIRED_POLICY_NAMES.filter((policyName) => !normalized.includes(`create policy \"${policyName}\"`));
-    if (missing.length > 0) {
-        fail("STORAGE_POLICY_VERIFY_FAILED", `Missing required storage policies after local Supabase CLI apply: ${missing.join(", ")}.`);
-    }
-}
 function buildStorageHealthcheckObjectPath(runId) {
     return `${STORAGE_HEALTHCHECK_PREFIX}/${runId}/upload.txt`;
 }
@@ -856,20 +882,14 @@ async function setupSupabaseStorage(flags) {
     const supabaseRunner = getSupabaseRunner(dependencyManager);
     const mimeCategories = resolveStorageMimeCategories(flags);
     const allowedMimeTypes = expandStorageMimeCategories(mimeCategories);
+    const migrations = discoverStorageMigrationFiles(cwd);
+    runLinkedSupabaseCommand(`${supabaseRunner} db push --linked`, cwd, "STORAGE_POLICY_MIGRATION_APPLY_FAILED", "Failed to apply storage migrations to the linked Supabase project.");
     const publicBucket = await ensureStorageBucket(supabaseUrl, serviceRoleKey, STORAGE_PUBLIC_BUCKET, true, allowedMimeTypes);
     const privateBucket = await ensureStorageBucket(supabaseUrl, serviceRoleKey, STORAGE_PRIVATE_BUCKET, false, allowedMimeTypes);
     mergeEnvFile(envLocalPath, {
         SUPABASE_PUBLIC_BUCKET: STORAGE_PUBLIC_BUCKET,
         SUPABASE_PRIVATE_BUCKET: STORAGE_PRIVATE_BUCKET,
     });
-    const migrations = discoverStorageMigrationFiles(cwd);
-    runShellCommand(`${supabaseRunner} db push --linked`, cwd);
-    const dumpDir = fs.mkdtempSync(path.join(os.tmpdir(), "vibecodemax-storage-dump-"));
-    const dumpPath = path.join(dumpDir, "storage.sql");
-    runShellCommand(`${supabaseRunner} db dump --linked --schema storage -f ${shellQuote(dumpPath)} >/dev/null`, cwd);
-    const dumpContent = readFileIfExists(dumpPath);
-    verifyRequiredStoragePolicies(dumpContent);
-    fs.rmSync(dumpDir, { recursive: true, force: true });
     printJson({
         ok: true,
         command: "storage setup-supabase",
@@ -885,6 +905,7 @@ async function setupSupabaseStorage(flags) {
         policyMigrationsDiscovered: true,
         policyMigrationsApplied: true,
         policiesVerified: true,
+        policyVerificationMethod: "linked_db_push",
         envWritten: ["SUPABASE_PUBLIC_BUCKET", "SUPABASE_PRIVATE_BUCKET"],
     });
 }
@@ -954,6 +975,12 @@ async function main() {
         });
         return;
     }
+    // Handle --help for any resolved command before dispatching (avoids live API calls)
+    if (flags.help || flags.h) {
+        const resolvedCommand = subcommand ? `${command} ${subcommand}` : command;
+        printJson({ ok: true, command: resolvedCommand, help: true, message: `Usage: npx @vibecodemax/cli ${resolvedCommand} [options]` });
+        return;
+    }
     if (command === "read-setup-state")
         return readSetupState();
     if (command === "admin" && subcommand === "ensure-admin")

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vibecodemax/cli",
-  "version": "0.1.4",
+  "version": "0.1.6",
   "description": "VibeCodeMax CLI — local provider setup for bootstrap and project configuration",
   "type": "module",
   "bin": {