@vibecodemax/cli 0.1.6 → 0.1.7

package/dist/cli.js

@@ -2,14 +2,14 @@
 import * as fs from "node:fs";
 import * as path from "node:path";
 import { spawnSync } from "node:child_process";
-import { checkS3Context, setupS3Storage, smokeTestS3 } from "./storageS3.js";
+import { checkS3Context, setupS3Storage } from "./storageS3.js";
 const SETUP_STATE_PATH = path.join(".vibecodemax", "setup-state.json");
+const SETUP_CONFIG_PATH = path.join(".vibecodemax", "setup-config.json");
 const MANAGEMENT_API_BASE = "https://api.supabase.com";
 const DEFAULT_LOCALHOST_URL = "http://localhost:3000";
 const STORAGE_PUBLIC_BUCKET = "public-assets";
 const STORAGE_PRIVATE_BUCKET = "private-uploads";
 const STORAGE_REQUIRED_FILE_SIZE_LIMIT = 10 * 1024 * 1024;
-const STORAGE_HEALTHCHECK_PREFIX = "_vibecodemax/healthcheck/default";
 const STORAGE_MIME_TYPES_BY_CATEGORY = {
     images: ["image/jpeg", "image/png", "image/webp", "image/gif"],
     documents: [
@@ -23,16 +23,6 @@ const STORAGE_MIME_TYPES_BY_CATEGORY = {
     video: ["video/mp4", "video/webm", "video/quicktime"],
 };
 const STORAGE_DEFAULT_MIME_CATEGORIES = ["images"];
-const STORAGE_REQUIRED_POLICY_NAMES = [
-    "public_assets_select_own",
-    "public_assets_insert_own",
-    "public_assets_update_own",
-    "public_assets_delete_own",
-    "private_uploads_select_own",
-    "private_uploads_insert_own",
-    "private_uploads_update_own",
-    "private_uploads_delete_own",
-];
 function printJson(value) {
     process.stdout.write(`${JSON.stringify(value)}\n`);
 }
@@ -114,6 +104,18 @@ function loadLocalEnv(cwd = process.cwd()) {
         },
     };
 }
+function readSetupConfig(cwd = process.cwd()) {
+    const raw = readFileIfExists(path.join(cwd, SETUP_CONFIG_PATH)).trim();
+    if (!raw)
+        return {};
+    try {
+        const parsed = JSON.parse(raw);
+        return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : {};
+    }
+    catch {
+        return {};
+    }
+}
 function isNonEmptyString(value) {
     return typeof value === "string" && value.trim().length > 0;
 }
@@ -656,6 +658,44 @@ function runLinkedSupabaseCommand(command, cwd, failureCode, fallbackMessage) {
     }
     return typeof result.stdout === "string" ? result.stdout.trim() : "";
 }
+function isMigrationOrderingConflict(message) {
+    return /Found local migration files to be inserted before the last migration on remote database\./i.test(message);
+}
+function runStorageMigrationPush(commandBase, cwd) {
+    const firstResult = spawnSync(process.env.SHELL || "/bin/zsh", ["-lc", commandBase], {
+        cwd,
+        env: process.env,
+        encoding: "utf8",
+    });
+    if (firstResult.status === 0) {
+        return {
+            stdout: typeof firstResult.stdout === "string" ? firstResult.stdout.trim() : "",
+            includeAll: false,
+        };
+    }
+    const firstMessage = [firstResult.stderr, firstResult.stdout]
+        .map((value) => (typeof value === "string" ? value.trim() : ""))
+        .find(Boolean) || "Failed to apply storage migrations to the linked Supabase project.";
+    if (!isMigrationOrderingConflict(firstMessage)) {
+        fail("STORAGE_POLICY_MIGRATION_APPLY_FAILED", firstMessage);
+    }
+    const retryCommand = `${commandBase} --include-all`;
+    const retryResult = spawnSync(process.env.SHELL || "/bin/zsh", ["-lc", retryCommand], {
+        cwd,
+        env: process.env,
+        encoding: "utf8",
+    });
+    if (retryResult.status !== 0) {
+        const retryMessage = [retryResult.stderr, retryResult.stdout]
+            .map((value) => (typeof value === "string" ? value.trim() : ""))
+            .find(Boolean) || "Failed to apply storage migrations to the linked Supabase project.";
+        fail("STORAGE_POLICY_MIGRATION_APPLY_FAILED", retryMessage);
+    }
+    return {
+        stdout: typeof retryResult.stdout === "string" ? retryResult.stdout.trim() : "",
+        includeAll: true,
+    };
+}
 function normalizeStorageMimeCategories(rawValue) {
     const requested = rawValue
         .split(",")
@@ -664,11 +704,18 @@ function normalizeStorageMimeCategories(rawValue) {
     const selected = requested.filter((value) => Object.prototype.hasOwnProperty.call(STORAGE_MIME_TYPES_BY_CATEGORY, value));
     return selected.length > 0 ? [...new Set(selected)] : [...STORAGE_DEFAULT_MIME_CATEGORIES];
 }
-function resolveStorageMimeCategories(flags) {
-    const raw = readStringFlag(flags, "mime-categories");
-    if (!raw)
+function resolveStorageMimeCategories(cwd) {
+    const setupConfig = readSetupConfig(cwd);
+    const storageConfig = setupConfig.storage && typeof setupConfig.storage === "object"
+        ? setupConfig.storage
+        : {};
+    const rawCategories = Array.isArray(storageConfig.mimeCategories)
+        ? storageConfig.mimeCategories.filter((value) => isNonEmptyString(value))
+        : [];
+    if (rawCategories.length === 0) {
         return [...STORAGE_DEFAULT_MIME_CATEGORIES];
-    return normalizeStorageMimeCategories(raw);
+    }
+    return normalizeStorageMimeCategories(rawCategories.join(","));
 }
 function expandStorageMimeCategories(categories) {
     const mimeTypes = [];
@@ -694,28 +741,47 @@ function parseStorageMigrationFilename(filename) {
     return null;
 }
 function discoverStorageMigrationFiles(cwd) {
-    const migrationsRoot = path.join(cwd, "supabase", "migrations");
-    if (!fs.existsSync(migrationsRoot)) {
+    const storageMigrationsRoot = path.join(cwd, "supabase", "storage-migrations");
+    const activeMigrationsRoot = path.join(cwd, "supabase", "migrations");
+    if (!fs.existsSync(activeMigrationsRoot)) {
         fail("MISSING_STORAGE_MIGRATIONS", "supabase/migrations is missing. Run bootstrap.base first so the local Supabase project is initialized.");
     }
-    const selected = fs.readdirSync(migrationsRoot)
+    if (!fs.existsSync(storageMigrationsRoot)) {
+        fail("MISSING_STORAGE_MIGRATIONS", "supabase/storage-migrations is missing. Regenerate the project so storage-owned migrations are available locally.");
+    }
+    const policyFiles = fs.readdirSync(storageMigrationsRoot)
         .map((filename) => parseStorageMigrationFilename(filename))
-        .filter((entry) => entry !== null && entry.scope.startsWith("storage_"))
+        .filter((entry) => entry !== null && /(^|_)storage_policies$/.test(entry.scope))
         .sort((a, b) => a.filename.localeCompare(b.filename));
-    if (selected.length === 0) {
-        fail("MISSING_STORAGE_MIGRATIONS", "No storage migration files were found. Add a migration matching YYYYMMDDHHMMSS_storage_*.sql in supabase/migrations.");
-    }
-    const policyFiles = selected
-        .filter((entry) => /(^|_)storage_policies\.sql$/.test(entry.filename))
-        .map((entry) => entry.filename);
     if (policyFiles.length === 0) {
-        fail("MISSING_STORAGE_POLICY_MIGRATION", "No storage policy migration file was found. Add a migration ending in storage_policies.sql in supabase/migrations.");
+        fail("MISSING_STORAGE_POLICY_MIGRATION", "No storage policy migration file was found in supabase/storage-migrations. This directory is for storage policy SQL only. Buckets are created by storage bootstrap through the Supabase Storage API. Regenerate the project or add a file ending in _storage_policies.sql.");
     }
     return {
-        files: selected.map((entry) => entry.filename),
-        policyFiles,
+        files: policyFiles.map((entry) => entry.filename),
+        policyFiles: policyFiles.map((entry) => entry.filename),
     };
 }
+function materializeStorageMigrationFiles(cwd, files) {
+    const storageMigrationsRoot = path.join(cwd, "supabase", "storage-migrations");
+    const activeMigrationsRoot = path.join(cwd, "supabase", "migrations");
+    const preparedFiles = [];
+    for (const filename of files) {
+        const sourcePath = path.join(storageMigrationsRoot, filename);
+        const targetPath = path.join(activeMigrationsRoot, filename);
+        const sourceSql = fs.readFileSync(sourcePath, "utf8");
+        if (fs.existsSync(targetPath)) {
+            const existingSql = fs.readFileSync(targetPath, "utf8");
+            if (existingSql !== sourceSql) {
+                fail("STORAGE_MIGRATION_CONFLICT", `Active migration ${filename} does not match supabase/storage-migrations/${filename}.`);
+            }
+        }
+        else {
+            fs.copyFileSync(sourcePath, targetPath);
+        }
+        preparedFiles.push(filename);
+    }
+    return preparedFiles;
+}
 async function storageRequest(params) {
     const response = await fetch(`${params.supabaseUrl}${params.endpoint}`, {
         method: params.method,
@@ -842,9 +908,6 @@ async function ensureStorageBucket(supabaseUrl, serviceRoleKey, bucketId, isPubl
         verified: true,
     };
 }
-function buildStorageHealthcheckObjectPath(runId) {
-    return `${STORAGE_HEALTHCHECK_PREFIX}/${runId}/upload.txt`;
-}
 async function checkSupabaseContext() {
     const { values, envLocalPath } = loadLocalEnv();
     const missingKeys = [];
@@ -880,10 +943,11 @@ async function setupSupabaseStorage(flags) {
     const serviceRoleKey = requireServiceRoleKey(values);
     const dependencyManager = detectDependencyManager(cwd, flags);
     const supabaseRunner = getSupabaseRunner(dependencyManager);
-    const mimeCategories = resolveStorageMimeCategories(flags);
+    const mimeCategories = resolveStorageMimeCategories(cwd);
     const allowedMimeTypes = expandStorageMimeCategories(mimeCategories);
     const migrations = discoverStorageMigrationFiles(cwd);
-    runLinkedSupabaseCommand(`${supabaseRunner} db push --linked`, cwd, "STORAGE_POLICY_MIGRATION_APPLY_FAILED", "Failed to apply storage migrations to the linked Supabase project.");
+    const preparedMigrationFiles = materializeStorageMigrationFiles(cwd, migrations.files);
+    const migrationPush = runStorageMigrationPush(`${supabaseRunner} db push --linked`, cwd);
     const publicBucket = await ensureStorageBucket(supabaseUrl, serviceRoleKey, STORAGE_PUBLIC_BUCKET, true, allowedMimeTypes);
     const privateBucket = await ensureStorageBucket(supabaseUrl, serviceRoleKey, STORAGE_PRIVATE_BUCKET, false, allowedMimeTypes);
     mergeEnvFile(envLocalPath, {
@@ -902,57 +966,13 @@ async function setupSupabaseStorage(flags) {
         fileSizeLimit: STORAGE_REQUIRED_FILE_SIZE_LIMIT,
         migrationFiles: migrations.files,
         policyFiles: migrations.policyFiles,
+        preparedMigrationFiles,
         policyMigrationsDiscovered: true,
         policyMigrationsApplied: true,
-        policiesVerified: true,
-        policyVerificationMethod: "linked_db_push",
+        migrationPushIncludeAll: migrationPush.includeAll,
         envWritten: ["SUPABASE_PUBLIC_BUCKET", "SUPABASE_PRIVATE_BUCKET"],
     });
 }
-async function smokeTestSupabase() {
-    const { values } = loadLocalEnv();
-    const supabaseUrl = requireSupabaseUrl(values);
-    const serviceRoleKey = requireServiceRoleKey(values);
-    const runId = `run_${Date.now()}`;
-    const objectPath = buildStorageHealthcheckObjectPath(runId);
-    const prefix = `${STORAGE_HEALTHCHECK_PREFIX}/${runId}/`;
-    await storageRequest({
-        supabaseUrl,
-        serviceRoleKey,
-        method: "POST",
-        endpoint: `/storage/v1/object/${STORAGE_PUBLIC_BUCKET}/${objectPath}`,
-        rawBody: "healthcheck probe",
-        contentType: "text/plain",
-    });
-    const listResult = await storageRequest({
-        supabaseUrl,
-        serviceRoleKey,
-        method: "POST",
-        endpoint: `/storage/v1/object/list/${STORAGE_PUBLIC_BUCKET}`,
-        body: { prefix },
-        contentType: "application/json",
-    });
-    await storageRequest({
-        supabaseUrl,
-        serviceRoleKey,
-        method: "DELETE",
-        endpoint: `/storage/v1/object/${STORAGE_PUBLIC_BUCKET}`,
-        body: { prefixes: [objectPath] },
-        contentType: "application/json",
-    });
-    printJson({
-        ok: true,
-        command: "storage smoke-test-supabase",
-        runId,
-        bucketId: STORAGE_PUBLIC_BUCKET,
-        objectPath,
-        prefix,
-        upload: true,
-        list: true,
-        delete: true,
-        listedItems: Array.isArray(listResult) ? listResult.length : 0,
-    });
-}
 async function main() {
     const { command, subcommand, flags } = parseArgs(process.argv.slice(2));
     if (!command || command === "--help" || command === "help") {
@@ -963,10 +983,8 @@ async function main() {
                 "admin ensure-admin",
                 "storage check-supabase-context",
                 "storage setup-supabase",
-                "storage smoke-test-supabase",
                 "storage check-s3-context",
                 "storage setup-s3",
-                "storage smoke-test-s3",
                 "configure-site-redirects",
                 "configure-email-password",
                 "enable-google-provider",
@@ -989,14 +1007,10 @@ async function main() {
         return checkSupabaseContext();
     if (command === "storage" && subcommand === "setup-supabase")
         return setupSupabaseStorage(flags);
-    if (command === "storage" && subcommand === "smoke-test-supabase")
-        return smokeTestSupabase();
     if (command === "storage" && subcommand === "check-s3-context")
         return checkS3Context(flags);
     if (command === "storage" && subcommand === "setup-s3")
         return setupS3Storage(flags);
-    if (command === "storage" && subcommand === "smoke-test-s3")
-        return smokeTestS3(flags);
     if (command === "configure-site-redirects")
         return configureSiteRedirects(flags);
     if (command === "configure-email-password")

package/dist/storageS3.js

@@ -1,7 +1,7 @@
 import * as fs from "node:fs";
 import * as path from "node:path";
 import * as crypto from "node:crypto";
-import { S3Client, HeadBucketCommand, CreateBucketCommand, PutPublicAccessBlockCommand, PutBucketEncryptionCommand, PutBucketOwnershipControlsCommand, PutBucketPolicyCommand, PutBucketCorsCommand, GetBucketLocationCommand, GetPublicAccessBlockCommand, GetBucketEncryptionCommand, GetBucketOwnershipControlsCommand, GetBucketPolicyCommand, GetBucketCorsCommand, PutObjectCommand, ListObjectsV2Command, DeleteObjectCommand, GetObjectCommand, } from "@aws-sdk/client-s3";
+import { S3Client, HeadBucketCommand, CreateBucketCommand, PutPublicAccessBlockCommand, PutBucketEncryptionCommand, PutBucketOwnershipControlsCommand, PutBucketPolicyCommand, PutBucketCorsCommand, GetBucketLocationCommand, GetPublicAccessBlockCommand, GetBucketEncryptionCommand, GetBucketOwnershipControlsCommand, GetBucketPolicyCommand, GetBucketCorsCommand, } from "@aws-sdk/client-s3";
 import { STSClient, GetCallerIdentityCommand } from "@aws-sdk/client-sts";
 const SETUP_CONFIG_PATH = path.join(".vibecodemax", "setup-config.json");
 const DEFAULT_BUCKETS = {
@@ -10,7 +10,6 @@ const DEFAULT_BUCKETS = {
 };
 const DEFAULT_PROJECT_SLUG = "vibecodemax";
 const DEFAULT_REGION = "us-east-1";
-const HEALTHCHECK_PREFIX = "_vibecodemax/healthcheck/default";
 const PUBLIC_ACCESS_BLOCK_PRIVATE = {
     BlockPublicAcls: true,
     IgnorePublicAcls: true,
@@ -482,55 +481,6 @@ async function verifyTwoBuckets(region, credentials, buckets) {
         });
     }
 }
-function buildObjectUrl(bucket, region, key) {
-    const encoded = key.split("/").map((segment) => encodeURIComponent(segment)).join("/");
-    if (region === "us-east-1")
-        return `https://${bucket}.s3.amazonaws.com/${encoded}`;
-    return `https://${bucket}.s3.${region}.amazonaws.com/${encoded}`;
-}
-async function smokeTestBuckets(region, credentials, buckets) {
-    const { s3Client } = createAwsClients(region, credentials);
-    const runId = `run_${Date.now()}`;
-    const prefix = `${HEALTHCHECK_PREFIX}/${runId}`;
-    const publicKey = `${prefix}/public-probe.txt`;
-    const privateKey = `${prefix}/private-probe.txt`;
-    await s3Client.send(new PutObjectCommand({ Bucket: buckets.public, Key: publicKey, Body: "public healthcheck probe", ContentType: "text/plain" }));
-    await s3Client.send(new PutObjectCommand({ Bucket: buckets.private, Key: privateKey, Body: "private healthcheck probe", ContentType: "text/plain" }));
-    const publicList = await s3Client.send(new ListObjectsV2Command({ Bucket: buckets.public, Prefix: prefix }));
-    const privateList = await s3Client.send(new ListObjectsV2Command({ Bucket: buckets.private, Prefix: prefix }));
-    const listPassed = Number(publicList.KeyCount || 0) > 0 && Number(privateList.KeyCount || 0) > 0;
-    if (!listPassed) {
-        fail("AWS_SMOKE_TEST_FAILED", "AWS S3 smoke-test list operation did not return the uploaded healthcheck objects.", 1, { prefix });
-    }
-    const publicUrl = buildObjectUrl(buckets.public, region, publicKey);
-    const privateUrl = buildObjectUrl(buckets.private, region, privateKey);
-    const publicReadResponse = await fetch(publicUrl);
-    const privateReadResponse = await fetch(privateUrl);
-    const publicRead = publicReadResponse.ok;
-    const privateReadBlocked = !privateReadResponse.ok;
-    if (!publicRead || !privateReadBlocked) {
-        fail("AWS_SMOKE_TEST_FAILED", "AWS S3 smoke-test public/private read checks failed.", 1, {
-            publicReadStatus: publicReadResponse.status,
-            privateReadStatus: privateReadResponse.status,
-        });
-    }
-    await s3Client.send(new GetObjectCommand({ Bucket: buckets.private, Key: privateKey }));
-    await s3Client.send(new DeleteObjectCommand({ Bucket: buckets.public, Key: publicKey }));
-    await s3Client.send(new DeleteObjectCommand({ Bucket: buckets.private, Key: privateKey }));
-    return {
-        ok: true,
-        command: "storage smoke-test-s3",
-        runId,
-        prefix,
-        buckets,
-        upload: true,
-        list: true,
-        publicRead: true,
-        privateRead: true,
-        delete: true,
-        publicObjectUrl: publicUrl,
-    };
-}
 export async function checkS3Context(flags) {
     const context = readAwsContext(flags);
     if (context.missingKeys.length > 0) {
@@ -603,28 +553,6 @@ export async function setupS3Storage(flags) {
         envWritten: ["AWS_REGION", "AWS_S3_PUBLIC_BUCKET", "AWS_S3_PRIVATE_BUCKET"],
     });
 }
-export async function smokeTestS3(flags) {
-    const context = readAwsContext(flags);
-    const publicBucket = context.localEnv.values.AWS_S3_PUBLIC_BUCKET || "";
-    const privateBucket = context.localEnv.values.AWS_S3_PRIVATE_BUCKET || "";
-    if (context.missingKeys.length > 0) {
-        fail("MISSING_ENV", `Missing required AWS values: ${context.missingKeys.join(", ")}. Add them to .env.bootstrap.local.`);
-    }
-    if (!isNonEmptyString(publicBucket) || !isNonEmptyString(privateBucket)) {
-        fail("MISSING_ENV", "AWS_S3_PUBLIC_BUCKET or AWS_S3_PRIVATE_BUCKET is missing. Run storage setup first so .env.local is populated.");
-    }
-    const credentials = {
-        accessKeyId: context.accessKeyId,
-        secretAccessKey: context.secretAccessKey,
-        ...(context.sessionToken ? { sessionToken: context.sessionToken } : {}),
-    };
-    await validateCredentials(context.region, credentials);
-    const result = await smokeTestBuckets(context.region, credentials, {
-        public: publicBucket.trim(),
-        private: privateBucket.trim(),
-    });
-    printJson(result);
-}
 export function __testOnlyDeterministicBuckets(projectSlug, accountId) {
     return deterministicBuckets({ projectSlug, accountId });
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vibecodemax/cli",
-  "version": "0.1.6",
+  "version": "0.1.7",
   "description": "VibeCodeMax CLI — local provider setup for bootstrap and project configuration",
   "type": "module",
   "bin": {