@whatalo/cli-kit 1.0.0

package/dist/index.mjs

@@ -0,0 +1,978 @@
+// src/session/store.ts
+import fs from "fs/promises";
+import os from "os";
+import path from "path";
+function getSessionDir() {
+  return path.join(os.homedir(), ".whatalo");
+}
+function getSessionPath() {
+  return path.join(getSessionDir(), "session.json");
+}
+async function saveSession(session) {
+  const dir = getSessionDir();
+  const filePath = getSessionPath();
+  await fs.mkdir(dir, { recursive: true, mode: 448 });
+  await fs.writeFile(filePath, JSON.stringify(session, null, 2), {
+    encoding: "utf-8",
+    mode: 384
+  });
+  await fs.chmod(filePath, 384);
+}
+async function getSession() {
+  try {
+    const raw = await fs.readFile(getSessionPath(), { encoding: "utf-8" });
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+async function clearSession() {
+  try {
+    await fs.unlink(getSessionPath());
+  } catch (err) {
+    const error2 = err;
+    if (error2.code !== "ENOENT") throw err;
+  }
+}
+function isSessionValid(session) {
+  const expiresAt = new Date(session.expiresAt).getTime();
+  const now = Date.now();
+  const SKEW_BUFFER_MS = 6e4;
+  return expiresAt - SKEW_BUFFER_MS > now;
+}
+
+// src/session/types.ts
+var POLL_STATUS = {
+  PENDING: "pending",
+  AUTHORIZED: "authorized",
+  EXPIRED: "expired",
+  DENIED: "denied"
+};
+
+// src/session/device-flow.ts
+var sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
+async function requestDeviceCode(portalUrl) {
+  const res = await fetch(`${portalUrl}/api/auth/device-code`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ clientId: "whatalo-cli" }),
+    signal: AbortSignal.timeout(3e4)
+  });
+  if (!res.ok) {
+    const body = await res.text().catch(() => "Unknown error");
+    throw new Error(`Failed to request device code (${res.status}): ${body}`);
+  }
+  return await res.json();
+}
+async function* pollForToken(portalUrl, deviceCode, initialInterval) {
+  let interval = Math.max(initialInterval, 5);
+  while (true) {
+    await sleep(interval * 1e3);
+    const res = await fetch(`${portalUrl}/api/auth/device-token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        deviceCode,
+        grantType: "urn:ietf:params:oauth:grant-type:device_code"
+      }),
+      signal: AbortSignal.timeout(3e4)
+    });
+    if (res.ok) {
+      const data = await res.json();
+      yield { status: POLL_STATUS.AUTHORIZED, token: data };
+      return;
+    }
+    let errorCode = "unknown";
+    try {
+      const errorBody = await res.json();
+      errorCode = errorBody.error ?? "unknown";
+    } catch {
+      yield { status: POLL_STATUS.EXPIRED };
+      return;
+    }
+    switch (errorCode) {
+      case "authorization_pending":
+        yield { status: POLL_STATUS.PENDING };
+        break;
+      case "slow_down":
+        interval += 5;
+        yield { status: POLL_STATUS.PENDING };
+        break;
+      case "expired_token":
+        yield { status: POLL_STATUS.EXPIRED };
+        return;
+      case "access_denied":
+        yield { status: POLL_STATUS.DENIED };
+        return;
+      default:
+        yield { status: POLL_STATUS.EXPIRED };
+        return;
+    }
+  }
+}
+async function refreshAccessToken(portalUrl, refreshToken) {
+  const res = await fetch(`${portalUrl}/api/auth/refresh`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      refreshToken,
+      grantType: "refresh_token"
+    }),
+    signal: AbortSignal.timeout(3e4)
+  });
+  if (!res.ok) {
+    const body = await res.text().catch(() => "Unknown error");
+    throw new Error(`Failed to refresh token (${res.status}): ${body}`);
+  }
+  return await res.json();
+}
+
+// src/output/format.ts
+import chalk from "chalk";
+function banner(title, version) {
+  console.log();
+  console.log(`  ${chalk.bold.cyan(title)} ${chalk.dim(`v${version}`)}`);
+  console.log();
+}
+function success(message) {
+  console.log(`  ${chalk.green("\u2713")} ${message}`);
+}
+function error(message) {
+  console.log(`  ${chalk.red("\u2717")} ${message}`);
+}
+function warn(message) {
+  console.log(`  ${chalk.yellow("\u26A0")} ${message}`);
+}
+function info(message) {
+  console.log(`  ${chalk.blue("\u2139")} ${message}`);
+}
+function link(url) {
+  return chalk.underline.cyan(url);
+}
+function code(text) {
+  return chalk.dim("`") + chalk.bold(text) + chalk.dim("`");
+}
+function table(headers, rows) {
+  if (headers.length === 0) return;
+  const widths = headers.map(
+    (h, i) => Math.max(h.length, ...rows.map((r) => (r[i] ?? "").length))
+  );
+  const headerLine = headers.map((h, i) => h.padEnd(widths[i] ?? h.length)).join("  ");
+  console.log(`  ${chalk.bold(headerLine)}`);
+  const separator = widths.map((w) => "\u2500".repeat(w)).join("  ");
+  console.log(`  ${separator}`);
+  for (const row of rows) {
+    const line = row.map((cell, i) => cell.padEnd(widths[i] ?? cell.length)).join("  ");
+    console.log(`  ${line}`);
+  }
+}
+var STATUS_ICONS = {
+  pending: chalk.dim("\u25CB"),
+  running: chalk.cyan("\u25C9"),
+  success: chalk.green("\u2713"),
+  error: chalk.red("\u2717"),
+  warning: chalk.yellow("\u26A0"),
+  skipped: chalk.dim("\u2013")
+};
+function renderTasks(tasks) {
+  for (const task of tasks) {
+    const icon = STATUS_ICONS[task.status];
+    const label = task.status === "error" ? chalk.red(task.label) : task.status === "warning" ? chalk.yellow(task.label) : task.status === "skipped" ? chalk.dim(task.label) : task.label;
+    console.log(`  ${icon} ${label}`);
+    if (task.detail) {
+      console.log(`    ${chalk.dim(task.detail)}`);
+    }
+  }
+}
+function renderInfoPanel(title, sections) {
+  console.log();
+  console.log(`  ${chalk.bold(title)}`);
+  console.log(`  ${"\u2550".repeat(title.length)}`);
+  for (const section of sections) {
+    console.log();
+    console.log(`  ${chalk.bold.dim(section.heading)}`);
+    const maxKeyLen = Math.max(...section.rows.map((r) => r.key.length));
+    for (const row of section.rows) {
+      console.log(
+        `    ${chalk.dim(row.key.padEnd(maxKeyLen))}  ${row.value}`
+      );
+    }
+  }
+  console.log();
+}
+function renderTable(options) {
+  table(options.headers, options.rows);
+}
+
+// src/output/spinner.ts
+import chalk2 from "chalk";
+var SPINNER_FRAMES = ["\u25D2", "\u25D0", "\u25D3", "\u25D1"];
+var FRAME_INTERVAL_MS = 100;
+function createSpinner(message) {
+  let frameIndex = 0;
+  let stopped = false;
+  const timer = setInterval(() => {
+    if (stopped) return;
+    const frame = SPINNER_FRAMES[frameIndex % SPINNER_FRAMES.length];
+    process.stdout.write(`\x1B[2K\r  ${chalk2.magenta(frame)} ${message}`);
+    frameIndex++;
+  }, FRAME_INTERVAL_MS);
+  const firstFrame = SPINNER_FRAMES[0];
+  process.stdout.write(`  ${chalk2.magenta(firstFrame)} ${message}`);
+  return {
+    stop(finalMessage) {
+      if (stopped) return;
+      stopped = true;
+      clearInterval(timer);
+      process.stdout.write(`\x1B[2K\r`);
+      if (finalMessage) {
+        console.log(`  ${chalk2.green("\u2713")} ${finalMessage}`);
+      }
+    }
+  };
+}
+
+// src/output/errors.ts
+var WhataloAuthError = class extends Error {
+  constructor(message = "Authentication required") {
+    super(message);
+    this.name = "WhataloAuthError";
+  }
+};
+var WhataloConfigError = class extends Error {
+  suggestion;
+  constructor(message, suggestion) {
+    super(message);
+    this.name = "WhataloConfigError";
+    this.suggestion = suggestion;
+  }
+};
+var WhataloNetworkError = class extends Error {
+  statusCode;
+  constructor(message, statusCode) {
+    super(message);
+    this.name = "WhataloNetworkError";
+    this.statusCode = statusCode;
+  }
+};
+var WhataloValidationError = class extends Error {
+  field;
+  constructor(message, field) {
+    super(message);
+    this.name = "WhataloValidationError";
+    this.field = field;
+  }
+};
+
+// src/output/error-handler.ts
+function withErrorHandler(fn) {
+  return async (...args) => {
+    try {
+      await fn(...args);
+    } catch (err) {
+      handleCliError(err);
+    }
+  };
+}
+function handleCliError(error2) {
+  if (error2 instanceof WhataloAuthError) {
+    error(error2.message);
+    info("Run `whatalo login` to re-authenticate.");
+    process.exit(1);
+  }
+  if (error2 instanceof WhataloConfigError) {
+    error(error2.message);
+    if (error2.suggestion) {
+      info(`Fix: ${error2.suggestion}`);
+    }
+    process.exit(2);
+  }
+  if (error2 instanceof WhataloNetworkError) {
+    error("Could not connect to Whatalo API.");
+    if (error2.statusCode === 429) {
+      warn("Rate limit reached. Wait a moment and try again.");
+    } else {
+      info("Check your internet connection and try again.");
+    }
+    if (error2.message && error2.message !== "Could not connect to Whatalo API.") {
+      info(`Details: ${error2.message}`);
+    }
+    process.exit(1);
+  }
+  if (error2 instanceof WhataloValidationError) {
+    error(error2.message);
+    if (error2.field) {
+      info(`Field: ${error2.field}`);
+    }
+    process.exit(1);
+  }
+  error("An unexpected error occurred.");
+  if (error2 instanceof Error) {
+    info(`Details: ${error2.message}`);
+  }
+  info(
+    "If this persists, run `whatalo info --json` and report the issue."
+  );
+  process.exit(1);
+}
+
+// src/output/non-tty.ts
+function failMissingNonTTYFlags(requiredFlags, options) {
+  if (process.stdout.isTTY) return;
+  const missing = requiredFlags.filter((flag) => !options[flag]);
+  if (missing.length > 0) {
+    throw new WhataloValidationError(
+      `${missing.map((f) => `--${f}`).join(", ")} required in non-interactive environments (CI/CD).`,
+      missing[0]
+    );
+  }
+}
+
+// src/http/client.ts
+import { readFileSync } from "fs";
+import { join, dirname } from "path";
+import { fileURLToPath } from "url";
+var DEFAULT_TIMEOUT_MS = 3e4;
+var MAX_RETRIES = 3;
+var BASE_BACKOFF_MS = 1e3;
+function getCliVersion() {
+  try {
+    const __dirname = dirname(fileURLToPath(import.meta.url));
+    const pkg = JSON.parse(
+      readFileSync(join(__dirname, "..", "package.json"), "utf-8")
+    );
+    return pkg.version ?? "unknown";
+  } catch {
+    return "unknown";
+  }
+}
+function buildUserAgent() {
+  const cliVersion = getCliVersion();
+  const nodeVersion = process.version;
+  const platform = process.platform;
+  const arch = process.arch;
+  return `whatalo-cli/${cliVersion} node/${nodeVersion} ${platform}/${arch}`;
+}
+var WhataloApiClient = class {
+  options;
+  timeout;
+  userAgent;
+  constructor(options) {
+    this.options = options;
+    this.timeout = options.timeout ?? DEFAULT_TIMEOUT_MS;
+    this.userAgent = buildUserAgent();
+  }
+  /** Sends an authenticated GET request and returns the parsed JSON body */
+  async get(path6) {
+    return this.request("GET", path6);
+  }
+  /** Sends an authenticated POST request with an optional JSON body */
+  async post(path6, body) {
+    return this.request("POST", path6, body);
+  }
+  /** Sends an authenticated PATCH request with an optional JSON body */
+  async patch(path6, body) {
+    return this.request("PATCH", path6, body);
+  }
+  /** Sends an authenticated DELETE request */
+  async delete(path6) {
+    return this.request("DELETE", path6);
+  }
+  /**
+   * Core request method with automatic token refresh on 401,
+   * retry with exponential backoff on 5xx, and rate limit handling.
+   */
+  async request(method, path6, body) {
+    const session = await this.options.getSession();
+    if (!session) {
+      throw new WhataloAuthError("Not logged in. Run `whatalo login` first.");
+    }
+    const doFetch = async (token) => {
+      const url = `${this.options.portalUrl}${path6}`;
+      return fetch(url, {
+        method,
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${token}`,
+          "User-Agent": this.userAgent
+        },
+        body: body !== void 0 ? JSON.stringify(body) : void 0,
+        signal: AbortSignal.timeout(this.timeout)
+      });
+    };
+    let res;
+    try {
+      res = await this.executeWithRetry(doFetch, session.accessToken);
+    } catch (err) {
+      if (err instanceof WhataloAuthError || err instanceof WhataloNetworkError) {
+        throw err;
+      }
+      const message = err instanceof Error ? err.message : "Unknown error";
+      throw new WhataloNetworkError(message);
+    }
+    if (res.status === 401) {
+      try {
+        const refreshed = await this.options.refreshSession();
+        res = await this.executeWithRetry(doFetch, refreshed.accessToken);
+      } catch (refreshErr) {
+        if (refreshErr instanceof WhataloNetworkError) throw refreshErr;
+        throw new WhataloAuthError(
+          "Session expired. Run `whatalo login` to re-authenticate."
+        );
+      }
+      if (res.status === 401) {
+        throw new WhataloAuthError(
+          "Session expired. Run `whatalo login` to re-authenticate."
+        );
+      }
+    }
+    if (!res.ok) {
+      const errorBody = await res.text().catch(() => "Unknown error");
+      throw new WhataloNetworkError(
+        `API error ${res.status}: ${errorBody}`,
+        res.status
+      );
+    }
+    return await res.json();
+  }
+  /**
+   * Executes a fetch with retry on 5xx and rate-limit (429) handling.
+   * Uses exponential backoff: 1s, 2s, 4s.
+   */
+  async executeWithRetry(doFetch, token) {
+    let lastResponse;
+    for (let attempt = 0; attempt < MAX_RETRIES; attempt++) {
+      try {
+        lastResponse = await doFetch(token);
+      } catch (err) {
+        if (attempt === MAX_RETRIES - 1) {
+          const message = err instanceof Error ? err.message : "Network error";
+          throw new WhataloNetworkError(message);
+        }
+        await this.sleep(BASE_BACKOFF_MS * Math.pow(2, attempt));
+        continue;
+      }
+      if (lastResponse.status === 429) {
+        const retryAfter = lastResponse.headers.get("Retry-After");
+        const waitMs = retryAfter ? parseInt(retryAfter, 10) * 1e3 : BASE_BACKOFF_MS * Math.pow(2, attempt);
+        if (attempt === MAX_RETRIES - 1) {
+          throw new WhataloNetworkError("Rate limit exceeded", 429);
+        }
+        await this.sleep(Math.min(waitMs, 3e4));
+        continue;
+      }
+      if (lastResponse.status >= 500 && attempt < MAX_RETRIES - 1) {
+        await this.sleep(BASE_BACKOFF_MS * Math.pow(2, attempt));
+        continue;
+      }
+      return lastResponse;
+    }
+    return lastResponse;
+  }
+  sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+};
+
+// src/config/toml.ts
+import { readFile, writeFile } from "fs/promises";
+import path2 from "path";
+import TOML from "@iarna/toml";
+
+// src/config/types.ts
+var REQUIRED_FIELDS = [
+  "plugin.name",
+  "plugin.plugin_id",
+  "plugin.slug",
+  "build.dev_command",
+  "build.build_command",
+  "build.output_dir",
+  "dev.port"
+];
+var CONFIG_FILE_NAME = "whatalo.app.toml";
+
+// src/config/toml.ts
+async function readConfig(dir) {
+  const filePath = path2.join(dir, CONFIG_FILE_NAME);
+  let raw;
+  try {
+    raw = await readFile(filePath, "utf-8");
+  } catch {
+    throw new Error(
+      `Could not find ${CONFIG_FILE_NAME} in "${dir}". Run \`whatalo init\` to set up your project.`
+    );
+  }
+  let parsed;
+  try {
+    parsed = TOML.parse(raw);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    throw new Error(
+      `Failed to parse ${CONFIG_FILE_NAME}: ${message}. Check for syntax errors.`
+    );
+  }
+  validateRequiredFields(parsed);
+  return parsed;
+}
+async function writeConfig(dir, config) {
+  const filePath = path2.join(dir, CONFIG_FILE_NAME);
+  const content = TOML.stringify(config);
+  await writeFile(filePath, content, "utf-8");
+}
+function validateRequiredFields(obj) {
+  for (const fieldPath of REQUIRED_FIELDS) {
+    const parts = fieldPath.split(".");
+    let current = obj;
+    for (const part of parts) {
+      if (current === null || current === void 0 || typeof current !== "object") {
+        throw new Error(
+          `Missing \`${fieldPath}\` in ${CONFIG_FILE_NAME}. Run \`whatalo init\` to set up your project.`
+        );
+      }
+      current = current[part];
+    }
+    if (current === null || current === void 0 || current === "") {
+      throw new Error(
+        `Missing \`${fieldPath}\` in ${CONFIG_FILE_NAME}. Run \`whatalo init\` to set up your project.`
+      );
+    }
+  }
+}
+
+// src/config/env-file.ts
+import { readFile as readFile2, writeFile as writeFile2 } from "fs/promises";
+function parseEnvFile(content) {
+  const lines = content.split("\n");
+  return lines.map((raw) => {
+    const trimmed = raw.trim();
+    if (trimmed === "" || trimmed.startsWith("#")) {
+      return { raw };
+    }
+    const eqIndex = trimmed.indexOf("=");
+    if (eqIndex === -1) {
+      return { raw };
+    }
+    const key = trimmed.slice(0, eqIndex).trim();
+    let value = trimmed.slice(eqIndex + 1).trim();
+    if (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'")) {
+      value = value.slice(1, -1);
+    }
+    return { raw, key, value };
+  });
+}
+async function updateEnvFile(filePath, vars) {
+  let existingContent = "";
+  try {
+    existingContent = await readFile2(filePath, "utf-8");
+  } catch {
+  }
+  const entries = existingContent ? parseEnvFile(existingContent) : [];
+  const updatedKeys = /* @__PURE__ */ new Set();
+  const updatedLines = entries.map((entry) => {
+    if (entry.key && entry.key in vars) {
+      updatedKeys.add(entry.key);
+      return `${entry.key}=${vars[entry.key]}`;
+    }
+    return entry.raw;
+  });
+  const newVars = Object.entries(vars).filter(
+    ([key]) => !updatedKeys.has(key)
+  );
+  if (newVars.length > 0) {
+    if (updatedLines.length > 0 && updatedLines[updatedLines.length - 1] !== "") {
+      updatedLines.push("");
+    }
+    updatedLines.push("# Whatalo Plugin Variables");
+    for (const [key, value] of newVars) {
+      updatedLines.push(`${key}=${value}`);
+    }
+  }
+  const output = updatedLines.join("\n");
+  await writeFile2(filePath, output.endsWith("\n") ? output : output + "\n", "utf-8");
+}
+
+// src/tunnel/cloudflared.ts
+import { spawnSync, spawn } from "child_process";
+import { existsSync, chmodSync, mkdirSync, createWriteStream } from "fs";
+import { unlink, rename } from "fs/promises";
+import path3 from "path";
+import os2 from "os";
+import https from "https";
+var TUNNEL_START_TIMEOUT_MS = 15e3;
+var TUNNEL_URL_REGEX = /https:\/\/[a-z0-9-]+\.trycloudflare\.com/;
+function getBinDir() {
+  return path3.join(os2.homedir(), ".whatalo", "bin");
+}
+function getManagedBinaryPath() {
+  return path3.join(getBinDir(), "cloudflared");
+}
+function findOnSystemPath() {
+  const cmd = process.platform === "win32" ? "where" : "which";
+  const result = spawnSync(cmd, ["cloudflared"], { encoding: "utf-8" });
+  if (result.status === 0 && result.stdout.trim()) {
+    return result.stdout.trim().split("\n")[0] ?? null;
+  }
+  return null;
+}
+async function ensureCloudflared() {
+  const systemPath = findOnSystemPath();
+  if (systemPath) return systemPath;
+  const managedPath = getManagedBinaryPath();
+  if (existsSync(managedPath)) return managedPath;
+  return downloadCloudflared(managedPath);
+}
+function resolvePlatformInfo() {
+  const platform = process.platform;
+  const arch = process.arch === "x64" ? "amd64" : process.arch;
+  if (platform === "darwin") {
+    return { os: "darwin", arch, ext: "tgz" };
+  }
+  if (platform === "linux") {
+    return { os: "linux", arch, ext: "binary" };
+  }
+  throw new Error(
+    `Unsupported platform: ${platform}. Install cloudflared manually: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/`
+  );
+}
+function buildDownloadUrl(osName, arch, ext) {
+  const base = "https://github.com/cloudflare/cloudflared/releases/latest/download";
+  if (ext === "tgz") {
+    return `${base}/cloudflared-${osName}-${arch}.tgz`;
+  }
+  return `${base}/cloudflared-${osName}-${arch}`;
+}
+async function downloadFile(url, dest) {
+  return new Promise((resolve, reject) => {
+    const follow = (targetUrl) => {
+      https.get(targetUrl, (res) => {
+        if ((res.statusCode === 301 || res.statusCode === 302) && res.headers.location) {
+          follow(res.headers.location);
+          return;
+        }
+        if (res.statusCode !== 200) {
+          reject(
+            new Error(
+              `Download failed with HTTP ${res.statusCode}: ${targetUrl}`
+            )
+          );
+          return;
+        }
+        const file = createWriteStream(dest);
+        res.pipe(file);
+        file.on("finish", () => file.close(() => resolve()));
+        file.on("error", (err) => {
+          file.close();
+          reject(err);
+        });
+      }).on("error", reject);
+    };
+    follow(url);
+  });
+}
+async function downloadCloudflared(targetPath) {
+  const { os: osName, arch, ext } = resolvePlatformInfo();
+  const downloadUrl = buildDownloadUrl(osName, arch, ext);
+  mkdirSync(path3.dirname(targetPath), { recursive: true });
+  info(`Downloading cloudflared for ${osName}/${arch}\u2026`);
+  info(`Source: ${downloadUrl}`);
+  const tmpPath = `${targetPath}.tmp`;
+  try {
+    await downloadFile(downloadUrl, tmpPath);
+    if (ext === "tgz") {
+      const tarResult = spawnSync(
+        "tar",
+        ["xzf", tmpPath, "-C", path3.dirname(targetPath), "cloudflared"],
+        { encoding: "utf-8" }
+      );
+      if (tarResult.status !== 0) {
+        throw new Error(
+          `tar extraction failed: ${tarResult.stderr || (tarResult.error?.message ?? "unknown error")}`
+        );
+      }
+      await unlink(tmpPath).catch(() => void 0);
+    } else {
+      await rename(tmpPath, targetPath);
+    }
+    if (!existsSync(targetPath)) {
+      throw new Error(
+        "Binary extraction completed but cloudflared was not found at the expected path."
+      );
+    }
+    chmodSync(targetPath, 493);
+  } catch (err) {
+    await unlink(tmpPath).catch(() => void 0);
+    throw new Error(
+      `Could not download cloudflared. Install manually: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/
+  Original error: ${err.message}`
+    );
+  }
+  info(`cloudflared saved to ${targetPath}`);
+  return targetPath;
+}
+async function createTunnel(options) {
+  const { localPort, protocol = "http" } = options;
+  const binaryPath = await ensureCloudflared();
+  return new Promise((resolve, reject) => {
+    const child = spawn(
+      binaryPath,
+      [
+        "tunnel",
+        "--url",
+        `${protocol}://localhost:${localPort}`,
+        "--no-autoupdate"
+      ],
+      {
+        // Inherit environment so cloudflared can read system certificates
+        env: { ...process.env },
+        // stdout flows to the terminal; stderr is captured for URL extraction
+        stdio: ["ignore", "inherit", "pipe"]
+      }
+    );
+    let urlFound = false;
+    let lineBuffer = "";
+    const timeout = setTimeout(() => {
+      if (!urlFound) {
+        child.kill("SIGTERM");
+        reject(
+          new Error(
+            `Tunnel failed to start. Check if port ${localPort} is accessible.`
+          )
+        );
+      }
+    }, TUNNEL_START_TIMEOUT_MS);
+    child.stderr?.on("data", (chunk) => {
+      lineBuffer += chunk.toString("utf-8");
+      const lines = lineBuffer.split("\n");
+      lineBuffer = lines.pop() ?? "";
+      for (const line of lines) {
+        const match = TUNNEL_URL_REGEX.exec(line);
+        if (match && !urlFound) {
+          urlFound = true;
+          clearTimeout(timeout);
+          const tunnelUrl = match[0];
+          const kill = () => new Promise((res) => {
+            if (child.exitCode !== null) {
+              res();
+              return;
+            }
+            child.once("exit", () => res());
+            child.kill("SIGTERM");
+          });
+          resolve({ url: tunnelUrl, process: child, kill });
+        }
+      }
+    });
+    child.on("error", (err) => {
+      clearTimeout(timeout);
+      if (!urlFound) {
+        reject(
+          new Error(
+            `Tunnel failed to start. Check if port ${localPort} is accessible.
+  Original error: ${err.message}`
+          )
+        );
+      }
+    });
+    child.on("exit", (code2) => {
+      clearTimeout(timeout);
+      if (!urlFound) {
+        reject(
+          new Error(
+            code2 != null && code2 !== 0 ? `Could not extract tunnel URL. Try with \`--tunnel-url\` flag.` : `Tunnel failed to start. Check if port ${localPort} is accessible.`
+          )
+        );
+      }
+    });
+  });
+}
+
+// src/version/check.ts
+import { readFile as readFile3, writeFile as writeFile3, mkdir } from "fs/promises";
+import path4 from "path";
+import chalk3 from "chalk";
+var CHECK_INTERVAL_MS = 24 * 60 * 60 * 1e3;
+var REGISTRY_TIMEOUT_MS = 3e3;
+function getCachePath() {
+  return path4.join(getSessionDir(), "version-check.json");
+}
+async function readCache() {
+  try {
+    const raw = await readFile3(getCachePath(), "utf-8");
+    const cache = JSON.parse(raw);
+    const lastCheck = new Date(cache.lastCheck).getTime();
+    if (Date.now() - lastCheck < CHECK_INTERVAL_MS) {
+      return cache;
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+async function writeCache(cache) {
+  try {
+    const dir = getSessionDir();
+    await mkdir(dir, { recursive: true, mode: 448 });
+    await writeFile3(getCachePath(), JSON.stringify(cache, null, 2), "utf-8");
+  } catch {
+  }
+}
+async function fetchLatestVersion(packageName) {
+  try {
+    const res = await fetch(
+      `https://registry.npmjs.org/${packageName}/latest`,
+      { signal: AbortSignal.timeout(REGISTRY_TIMEOUT_MS) }
+    );
+    if (!res.ok) return null;
+    const data = await res.json();
+    return data.version ?? null;
+  } catch {
+    return null;
+  }
+}
+function isNewerVersion(current, latest) {
+  const parse = (v) => v.replace(/^v/, "").split(".").map(Number);
+  const c = parse(current);
+  const l = parse(latest);
+  for (let i = 0; i < 3; i++) {
+    if ((l[i] ?? 0) > (c[i] ?? 0)) return true;
+    if ((l[i] ?? 0) < (c[i] ?? 0)) return false;
+  }
+  return false;
+}
+function getUpgradeCommand() {
+  const pm = detectPackageManager();
+  switch (pm) {
+    case "pnpm":
+      return "pnpm add -g @whatalo/cli";
+    case "yarn":
+      return "yarn global add @whatalo/cli";
+    case "npm":
+      return "npm install -g @whatalo/cli";
+  }
+}
+function detectPackageManager() {
+  const userAgent = process.env.npm_config_user_agent ?? "";
+  if (userAgent.includes("pnpm")) return "pnpm";
+  if (userAgent.includes("yarn")) return "yarn";
+  if (userAgent.includes("npm")) return "npm";
+  return "pnpm";
+}
+function scheduleVersionCheck(currentVersion) {
+  const checkPromise = (async () => {
+    const cached = await readCache();
+    if (cached && cached.currentVersion === currentVersion) {
+      return cached.latestVersion !== currentVersion && isNewerVersion(currentVersion, cached.latestVersion) ? cached.latestVersion : null;
+    }
+    const latestVersion = await fetchLatestVersion("@whatalo/cli");
+    if (!latestVersion) return null;
+    await writeCache({
+      lastCheck: (/* @__PURE__ */ new Date()).toISOString(),
+      latestVersion,
+      currentVersion
+    });
+    return isNewerVersion(currentVersion, latestVersion) ? latestVersion : null;
+  })();
+  process.on("exit", () => {
+    checkPromise.then((latestVersion) => {
+      if (!latestVersion) return;
+      const upgradeCmd = getUpgradeCommand();
+      const box = [
+        "",
+        chalk3.yellow("\u256D\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256E"),
+        chalk3.yellow("\u2502                                          \u2502"),
+        chalk3.yellow("\u2502") + `   Update available: ${chalk3.dim(currentVersion)} ${chalk3.yellow("\u2192")} ${chalk3.green(latestVersion)}       ` + chalk3.yellow("\u2502"),
+        chalk3.yellow("\u2502") + `   Run: ${chalk3.cyan(upgradeCmd)}          ` + chalk3.yellow("\u2502"),
+        chalk3.yellow("\u2502                                          \u2502"),
+        chalk3.yellow("\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256F"),
+        ""
+      ];
+      for (const line of box) {
+        process.stderr.write(line + "\n");
+      }
+    }).catch(() => {
+    });
+  });
+}
+
+// src/version/compatibility.ts
+import { readFileSync as readFileSync2 } from "fs";
+import path5 from "path";
+function checkSdkCompatibility(cliVersion, projectDir) {
+  const sdkVersion = getSdkVersion(projectDir);
+  if (!sdkVersion) return null;
+  const cliMajor = parseMajor(cliVersion);
+  const sdkMajor = parseMajor(sdkVersion);
+  if (cliMajor !== sdkMajor) {
+    return `SDK version ${sdkVersion} may not be compatible with CLI ${cliVersion}. Run: pnpm update @whatalo/app-sdk`;
+  }
+  const cliMinor = parseMinor(cliVersion);
+  const sdkMinor = parseMinor(sdkVersion);
+  if (cliMinor - sdkMinor > 1) {
+    return `SDK version ${sdkVersion} is behind CLI ${cliVersion}. Run: pnpm update @whatalo/app-sdk`;
+  }
+  return null;
+}
+function getSdkVersion(projectDir) {
+  try {
+    const pkgPath = path5.join(
+      projectDir,
+      "node_modules",
+      "@whatalo",
+      "app-sdk",
+      "package.json"
+    );
+    const raw = readFileSync2(pkgPath, "utf-8");
+    const pkg = JSON.parse(raw);
+    return pkg.version ?? null;
+  } catch {
+    return null;
+  }
+}
+function parseMajor(version) {
+  return parseInt(version.replace(/^v/, "").split(".")[0] ?? "0", 10);
+}
+function parseMinor(version) {
+  return parseInt(version.replace(/^v/, "").split(".")[1] ?? "0", 10);
+}
+export {
+  CONFIG_FILE_NAME,
+  POLL_STATUS,
+  WhataloApiClient,
+  WhataloAuthError,
+  WhataloConfigError,
+  WhataloNetworkError,
+  WhataloValidationError,
+  banner,
+  checkSdkCompatibility,
+  clearSession,
+  code,
+  createSpinner,
+  createTunnel,
+  ensureCloudflared,
+  error,
+  failMissingNonTTYFlags,
+  getSession,
+  getSessionDir,
+  getUpgradeCommand,
+  handleCliError,
+  info,
+  isNewerVersion,
+  isSessionValid,
+  link,
+  parseEnvFile,
+  pollForToken,
+  readConfig,
+  refreshAccessToken,
+  renderInfoPanel,
+  renderTable,
+  renderTasks,
+  requestDeviceCode,
+  saveSession,
+  scheduleVersionCheck,
+  success,
+  table,
+  updateEnvFile,
+  warn,
+  withErrorHandler,
+  writeConfig
+};