ardent-cli 0.0.41 → 0.0.43

package/dist/index.js

@@ -1247,6 +1247,43 @@ async function multiSelect(items, promptForItem, options = {}) {
   return accepted;
 }
 
+// src/lib/postgres_url.ts
+var VALID_SSL_MODES = /* @__PURE__ */ new Set([
+  "disable",
+  "prefer",
+  "require"
+]);
+function parsePostgresUrl(url) {
+  const atIndex = url.lastIndexOf("@");
+  const credentialsPart = atIndex > 0 ? url.substring(0, atIndex) : url;
+  const hostPart = atIndex > 0 ? url.substring(atIndex) : "";
+  const cleanedUrl = credentialsPart.replace(/\\!/g, "!") + hostPart;
+  const parsed = new URL(cleanedUrl);
+  const host = parsed.hostname;
+  const port = parsed.port || "5432";
+  const username = decodeURIComponent(parsed.username);
+  const password = parsed.password ? decodeURIComponent(parsed.password) : "";
+  const databasePath = parsed.pathname.replace(/^\/+/, "");
+  const database = databasePath ? decodeURIComponent(databasePath) : void 0;
+  if (!host) throw new Error("Host required in connection URL");
+  if (!username) throw new Error("Username required in connection URL");
+  const result = { host, port, username, password };
+  if (database !== void 0) {
+    result.database = database;
+  }
+  const sslMode = parsed.searchParams.get("sslmode");
+  if (sslMode !== null) {
+    const normalized = sslMode.trim().toLowerCase();
+    if (!VALID_SSL_MODES.has(normalized)) {
+      throw new Error(
+        `Invalid sslmode '${sslMode}' in connection URL. Must be one of: ${Array.from(VALID_SSL_MODES).join(", ")}.`
+      );
+    }
+    result.ssl_mode = normalized;
+  }
+  return result;
+}
+
 // src/lib/replica_identity_prompt.ts
 import { createInterface as createInterface2 } from "readline/promises";
 
@@ -1593,20 +1630,6 @@ async function handleReplicaIdentityPreflight(connectorId, options, behavior = {
 }
 
 // src/commands/connector/create.ts
-function parsePostgresUrl(url) {
-  const atIndex = url.lastIndexOf("@");
-  const credentialsPart = atIndex > 0 ? url.substring(0, atIndex) : url;
-  const hostPart = atIndex > 0 ? url.substring(atIndex) : "";
-  const cleanedUrl = credentialsPart.replace(/\\!/g, "!") + hostPart;
-  const parsed = new URL(cleanedUrl);
-  const host = parsed.hostname;
-  const port = parsed.port || "5432";
-  const username = decodeURIComponent(parsed.username);
-  const password = parsed.password ? decodeURIComponent(parsed.password) : "";
-  if (!host) throw new Error("Host required in connection URL");
-  if (!username) throw new Error("Username required in connection URL");
-  return { host, port, username, password };
-}
 function printEngineSetupRecoveryHint(connectorName) {
   console.error("\u2717 Engine setup did not complete for this connector.");
   console.error("  Inspect: ardent connector list");
@@ -1754,16 +1777,23 @@ async function createAction2(type, url, options) {
       console.log(
         `Creating connector${useByocEnvironment ? " (BYOC environment)" : ""}...`
       );
+      const connectionDetails = {
+        host: parsed.host,
+        port: parsed.port,
+        username: parsed.username,
+        password: parsed.password
+      };
+      if (parsed.ssl_mode !== void 0) {
+        connectionDetails.ssl_mode = parsed.ssl_mode;
+      }
+      if (parsed.database !== void 0) {
+        connectionDetails.database = parsed.database;
+      }
       createPayload = {
         name: connectorName,
         service_name: "postgresql",
         project_id: currentProjectId,
-        connection_details: {
-          host: parsed.host,
-          port: parsed.port,
-          username: parsed.username,
-          password: parsed.password
-        }
+        connection_details: connectionDetails
       };
     }
     if (useByocEnvironment) {
@@ -2122,6 +2152,195 @@ async function deleteAction2(name, options = {}) {
   }
 }
 
+// src/commands/connector/preflight.ts
+var CHECK_RENDER_ORDER = [
+  "tcp_reachable",
+  "auth",
+  "postgres_metadata",
+  "is_writer",
+  "wal_level",
+  "replication_slots",
+  "wal_senders",
+  "wal2json",
+  "can_replicate",
+  "can_read_tables",
+  "can_write_tables",
+  "can_modify_schema",
+  "create_event_triggers",
+  "duplicate_source"
+];
+function isCheck(value) {
+  return typeof value === "object" && value !== null && "pass" in value;
+}
+function renderCheck(name, check) {
+  const mark = check.unverified ? "?" : check.pass ? "\u2713" : "\u2717";
+  const label = name.replace(/_/g, " ");
+  let line = `  ${mark} ${label}`;
+  if (check.actual !== void 0) line += ` (actual: ${check.actual})`;
+  if (check.max !== void 0 && check.used !== void 0) {
+    line += ` (${check.used}/${check.max} used)`;
+  } else if (check.max !== void 0) {
+    line += ` (max: ${check.max})`;
+  }
+  if (!check.pass && !check.unverified && check.error)
+    line += `
+      ${check.error}`;
+  if (check.unverified && check.error) line += `
+      ${check.error}`;
+  if (!check.pass && check.remediation) {
+    if (check.remediation.message)
+      line += `
+      ${check.remediation.message}`;
+    if (check.remediation.suggestion)
+      line += `
+      \u2192 ${check.remediation.suggestion}`;
+    if (check.remediation.hint)
+      line += `
+      hint: ${check.remediation.hint}`;
+  }
+  if (check.existing_connector_id) {
+    line += `
+      existing connector: ${check.existing_connector_id}`;
+    if (check.existing_connector_name)
+      line += ` (${check.existing_connector_name})`;
+  }
+  return line;
+}
+function renderChecks(checks) {
+  const rendered = [];
+  const seen = /* @__PURE__ */ new Set();
+  for (const name of CHECK_RENDER_ORDER) {
+    const entry = checks[name];
+    if (entry === void 0) continue;
+    seen.add(name);
+    if (!isCheck(entry)) continue;
+    rendered.push(renderCheck(name, entry));
+  }
+  const SKIP = /* @__PURE__ */ new Set(["pass", "missing", "engine_config", "warnings"]);
+  for (const [name, entry] of Object.entries(checks)) {
+    if (seen.has(name) || SKIP.has(name)) continue;
+    if (!isCheck(entry)) continue;
+    rendered.push(renderCheck(name, entry));
+  }
+  return rendered;
+}
+function allChecksPass(checks) {
+  for (const entry of Object.values(checks)) {
+    if (!isCheck(entry)) continue;
+    if (entry.unverified === true) continue;
+    if (entry.pass !== true) return false;
+  }
+  return true;
+}
+async function preflightAction(type, url, options) {
+  if (type !== "postgresql") {
+    console.error(
+      `\u2717 Preflight is currently only supported for postgresql connectors.`
+    );
+    console.error(`  Got: ${type}`);
+    process.exit(1);
+  }
+  if (!url) {
+    console.error("\u2717 Connection URL required");
+    console.error(
+      "  Example: ardent connector preflight postgresql postgresql://user:pass@host:5432/db"
+    );
+    process.exit(1);
+  }
+  let parsed;
+  try {
+    parsed = parsePostgresUrl(url);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(`\u2717 ${message}`);
+    process.exit(1);
+  }
+  if (!parsed.password) {
+    console.error("\u2717 Password required in connection URL");
+    process.exit(1);
+  }
+  if (options.environmentId && !options.byoc) {
+    console.error("\u2717 --environment-id requires --byoc");
+    process.exit(1);
+  }
+  if (options.privateLinkId && !options.byoc) {
+    console.error("\u2717 --private-link-id requires --byoc");
+    process.exit(1);
+  }
+  const connectionDetails = {
+    host: parsed.host,
+    port: parsed.port,
+    username: parsed.username,
+    password: parsed.password
+  };
+  if (parsed.ssl_mode !== void 0) {
+    connectionDetails.ssl_mode = parsed.ssl_mode;
+  }
+  if (parsed.database !== void 0) {
+    connectionDetails.database = parsed.database;
+  }
+  const payload = {
+    service_name: "postgresql",
+    connection_details: connectionDetails
+  };
+  if (parsed.database !== void 0) {
+    payload.database = parsed.database;
+  }
+  if (options.byoc) {
+    payload.use_environment = true;
+    if (options.environmentId) payload.environment_id = options.environmentId;
+    if (options.privateLinkId) payload.private_link_id = options.privateLinkId;
+  }
+  if (options.schemas) {
+    payload.selected_schemas = options.schemas.split(",").map((s) => s.trim()).filter((s) => s.length > 0);
+  }
+  console.log(`Running preflight against ${parsed.host}:${parsed.port}\u2026`);
+  let response;
+  try {
+    response = await api.post(
+      "/v1/connectors/preflight",
+      payload
+    );
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(`\u2717 Preflight request failed: ${message}`);
+    process.exit(1);
+  }
+  console.log("");
+  console.log("Connection checks:");
+  for (const line of renderChecks(response.checks)) {
+    console.log(line);
+  }
+  if (response.source_provider) {
+    console.log("");
+    console.log(`Detected source provider: ${response.source_provider}`);
+  }
+  if (response.grant_script) {
+    console.log("");
+    console.log("--- Grant script ---");
+    console.log(response.grant_script.sql);
+  }
+  const overallPass = response.preflight_pass ?? (response.branching_prerequisites_pass && allChecksPass(response.checks));
+  console.log("");
+  if (overallPass) {
+    console.log(
+      "\u2713 Preflight checks passed. You're ready to create this connector."
+    );
+  } else {
+    console.log(
+      "\u2717 Preflight checks did NOT pass. Fix the failures above before creating."
+    );
+  }
+  trackEvent("CLI: connector preflight", {
+    source_provider: response.source_provider,
+    branching_prerequisites_pass: response.branching_prerequisites_pass,
+    preflight_pass: overallPass,
+    byoc: Boolean(options.byoc),
+    private_link: Boolean(options.privateLinkId)
+  });
+  process.exit(overallPass ? 0 : 2);
+}
+
 // src/commands/connector/retry-setup.ts
 function connectorRetrySetupFailureTelemetry(err) {
   if (isPermissionError(err)) {
@@ -2375,6 +2594,21 @@ async function updateAction(name, options = {}) {
 
 // src/commands/connector/index.ts
 var connectorCommand = new Command2("connector").description("Manage database connectors");
+connectorCommand.command("preflight <type> [url]").description(
+  "Validate a source database without persisting a connector row (no Key Vault write)"
+).option(
+  "--byoc",
+  "Route preflight through the customer's BYOC environment (requires an active environment)"
+).option(
+  "--environment-id <id>",
+  "BYOC environment to probe through (required with --byoc when you have more than one)"
+).option(
+  "--private-link-id <id>",
+  "Private connection to use for the source database (requires --byoc)"
+).option(
+  "--schemas <list>",
+  "Comma-separated schema names to include in the rendered grant script"
+).action(preflightAction);
 connectorCommand.command("create <type> [url]").description("Create a new connector").option("-n, --name <name>", "Connector name").option(
   "--byoc [provider]",
   "Deploy connector on your BYOC environment, or legacy BYOC Neon provider form: --byoc neon"
@@ -4401,14 +4635,14 @@ function logoutAction() {
 
 // src/commands/auth/status.ts
 function statusAction() {
-  const token = getConfig("token");
+  const token = getToken();
   if (!token) {
     trackEvent("CLI: auth status", { authenticated: false });
     console.log("\u2717 Not authenticated");
     console.log("  Run: ardent login");
     return;
   }
-  const user = getConfig("user");
+  const user = getConfig("token") ? getConfig("user") : void 0;
   console.log("\u2713 Authenticated");
   if (user?.full_name) {
     console.log(`  Account: ${user.full_name}`);
@@ -4427,7 +4661,12 @@ function statusAction() {
 }
 
 // src/commands/auth/index.ts
-var loginCommand = new Command7("login").description("Login to Ardent").option("-t, --token <token>", "API token (skip browser login)").action(loginAction);
+var loginCommand = new Command7("login").description(
+  "Login to Ardent. Defaults to GitHub OAuth in the browser; pass --token for headless auth, or set the ARDENT_TOKEN env var to skip 'ardent login' entirely."
+).option(
+  "-t, --token <token>",
+  "API token for headless auth (skip browser login). For repeat headless use, prefer the ARDENT_TOKEN env var."
+).action(loginAction);
 var logoutCommand = new Command7("logout").description("Logout from Ardent").action(logoutAction);
 var statusCommand = new Command7("status").description("Show status").action(statusAction);
 
@@ -4513,6 +4752,7 @@ USAGE
 
 AUTHENTICATION
   login                  Login via browser (GitHub OAuth)
+  login --token <token>  Login with an API token (headless, no browser)
   logout                 Clear stored credentials
   status                 Check authentication status
 
@@ -4554,12 +4794,29 @@ OPTIONS
   --help                 Show help for any command
   --version              Show CLI version
 
+ENVIRONMENT
+  ARDENT_TOKEN           API token used for every request. When set, no
+                         'ardent login' is needed \u2014 ideal for CI and other
+                         headless contexts. Generate one in the web app
+                         under Settings > API Keys.
+  ARDENT_API_URL         Override the API endpoint
+                         (default: https://api.tryardent.com).
+
 EXAMPLES
   ardent login
   ardent connector create postgresql postgresql://user:password@your-db-host.com:5432/database
   ardent branch create my-feature
   ardent branch switch my-feature
   ardent org members
+
+  # Headless / CI (GitHub Actions)
+  #   env:
+  #     ARDENT_TOKEN: \${{ secrets.ARDENT_TOKEN }}
+  #   run: |
+  #     BRANCH="pr-\${{ github.event.number }}-\${{ github.run_id }}"
+  #     ardent branch create "$BRANCH"
+  #     # ... run your migration / tests against the branch ...
+  #     ardent branch delete "$BRANCH"
 `;
 var program = new Command8();
 program.name("ardent").description("CLI for Ardent database branching").version(CLI_VERSION).configureHelp({

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ardent-cli",
-  "version": "0.0.41",
+  "version": "0.0.43",
   "description": "Git for Data infrastructure",
   "type": "module",
   "bin": {