convex 1.36.0 → 1.37.0

package/dist/esm/cli/lib/login.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../src/cli/lib/login.ts"],
-  "sourcesContent": ["import { errors, BaseClient, custom } from \"openid-client\";\nimport {\n  bigBrainAPI,\n  logAndHandleFetchError,\n  throwingFetch,\n  isWebContainer,\n} from \"./utils/utils.js\";\nimport open from \"open\";\nimport { chalkStderr } from \"chalk\";\nimport { provisionHost } from \"./config.js\";\nimport { version } from \"../version.js\";\nimport { Context } from \"../../bundler/context.js\";\nimport {\n  changeSpinner,\n  logError,\n  logFailure,\n  logFinishedStep,\n  logMessage,\n  logOutput,\n  logVerbose,\n  showSpinner,\n} from \"../../bundler/log.js\";\nimport { Issuer } from \"openid-client\";\nimport { hostname } from \"os\";\nimport { execSync } from \"child_process\";\nimport { promptString, promptYesNo } from \"./utils/prompts.js\";\nimport {\n  formatPathForPrinting,\n  globalConfigPath,\n  modifyGlobalConfig,\n} from \"./utils/globalConfig.js\";\nimport { updateBigBrainAuthAfterLogin } from \"./deploymentSelection.js\";\n\n// Per https://github.com/panva/node-openid-client/tree/main/docs#customizing\ncustom.setHttpOptionsDefaults({\n  timeout: parseInt(process.env.OPENID_CLIENT_TIMEOUT || \"10000\"),\n});\n\ninterface AuthorizeArgs {\n  authnToken: string;\n  deviceName: string;\n  anonymousId?: string | undefined;\n}\n\nexport async function checkAuthorization(\n  ctx: Context,\n  acceptOptIns: boolean,\n): Promise<boolean> {\n  const header = ctx.bigBrainAuth()?.header ?? null;\n  if (header === null) {\n    return false;\n  }\n  try {\n    const resp = await fetch(`${provisionHost}/api/authorize`, {\n      method: \"HEAD\",\n      headers: {\n        Authorization: header,\n        \"Convex-Client\": `npm-cli-${version}`,\n      },\n    });\n    // Don't throw an error if this request returns a non-200 status.\n    // Big Brain responds with a variety of error codes -- 401 if the token is correctly-formed but not valid, and either 400 or 500 if the token is ill-formed.\n    // We only care if this check returns a 200 code (so we can skip logging in again) -- any other errors should be silently skipped and we'll run the whole login flow again.\n    if (resp.status !== 200) {\n      return false;\n    }\n  } catch (e: any) {\n    // This `catch` block should only be hit if a network error was encountered\n    logError(\n      `Unexpected error when authorizing - are you connected to the internet?`,\n    );\n    return await logAndHandleFetchError(ctx, e);\n  }\n\n  // Check that we have optin as well\n  const shouldContinue = await optins(ctx, acceptOptIns);\n  if (!shouldContinue) {\n    return await ctx.crash({\n      exitCode: 1,\n      errorType: \"fatal\",\n      printedMessage: null,\n    });\n  }\n  return true;\n}\n\nasync function performDeviceAuthorization(\n  ctx: Context,\n  authClient: BaseClient,\n  shouldOpen: boolean,\n  vercel?: boolean,\n  vercelOverride?: string,\n): Promise<string> {\n  // Device authorization flow follows this guide: https://github.com/auth0/auth0-device-flow-cli-sample/blob/9f0f3b76a6cd56ea8d99e76769187ea5102d519d/cli.js\n  // License: MIT License\n  // Copyright (c) 2019 Auth0 Samples\n  /*\n  The MIT License (MIT)\n\n  Copyright (c) 2019 Auth0 Samples\n\n  Permission is hereby granted, free of charge, to any person obtaining a copy\n  of this software and associated documentation files (the \"Software\"), to deal\n  in the Software without restriction, including without limitation the rights\n  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n  copies of the Software, and to permit persons to whom the Software is\n  furnished to do so, subject to the following conditions:\n\n  The above copyright notice and this permission notice shall be included in all\n  copies or substantial portions of the Software.\n\n  THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\n  SOFTWARE.\n  */\n\n  // Device Authorization Request - https://tools.ietf.org/html/rfc8628#section-3.1\n  // Get authentication URL\n  let handle;\n  try {\n    handle = await authClient.deviceAuthorization();\n  } catch {\n    // We couldn't get verification URL from the auth provider, proceed with manual auth\n    return promptString(ctx, {\n      message:\n        \"Open https://dashboard.convex.dev/auth, log in and paste the token here:\",\n    });\n  }\n\n  // Device Authorization Response - https://tools.ietf.org/html/rfc8628#section-3.2\n  // Open authentication URL\n  const { verification_uri_complete, user_code, expires_in } = handle;\n\n  // Construct Vercel URL if --vercel flag is used\n  const urlToOpen = vercel\n    ? `https://vercel.com/sso/integrations/${vercelOverride || \"convex\"}?url=${verification_uri_complete}`\n    : verification_uri_complete;\n\n  logMessage(\n    `Visit ${urlToOpen} to finish logging in.\\n` +\n      `You should see the following code which expires in ${\n        expires_in % 60 === 0\n          ? `${expires_in / 60} minutes`\n          : `${expires_in} seconds`\n      }: ${user_code}`,\n  );\n  if (shouldOpen) {\n    shouldOpen = await promptYesNo(ctx, {\n      message: `Open the browser?`,\n      default: true,\n    });\n  }\n\n  if (shouldOpen) {\n    showSpinner(`Opening ${urlToOpen} in your browser to log in...\\n`);\n    try {\n      const p = await open(urlToOpen);\n      p.once(\"error\", () => {\n        changeSpinner(`Manually open ${urlToOpen} in your browser to log in.`);\n      });\n      changeSpinner(\"Waiting for the confirmation...\");\n    } catch {\n      logError(chalkStderr.red(`Unable to open browser.`));\n      changeSpinner(`Manually open ${urlToOpen} in your browser to log in.`);\n    }\n  } else {\n    showSpinner(`Open ${urlToOpen} in your browser to log in.`);\n  }\n\n  // Device Access Token Request - https://tools.ietf.org/html/rfc8628#section-3.4\n  // Device Access Token Response - https://tools.ietf.org/html/rfc8628#section-3.5\n  try {\n    const tokens = await handle.poll();\n    if (typeof tokens.access_token === \"string\") {\n      return tokens.access_token;\n    } else {\n      // Unexpected error\n      // eslint-disable-next-line no-restricted-syntax\n      throw Error(\"Access token is missing\");\n    }\n  } catch (err: any) {\n    switch (err.error) {\n      case \"access_denied\": // end-user declined the device confirmation prompt, consent or rules failed\n        return await ctx.crash({\n          exitCode: 1,\n          errorType: \"fatal\",\n          printedMessage: \"Access denied.\",\n          errForSentry: err,\n        });\n      case \"expired_token\": // end-user did not complete the interaction in time\n        return await ctx.crash({\n          exitCode: 1,\n          errorType: \"fatal\",\n          printedMessage: \"Device flow expired.\",\n          errForSentry: err,\n        });\n      default: {\n        const message =\n          err instanceof errors.OPError\n            ? `Error = ${err.error}; error_description = ${err.error_description}`\n            : `Login failed with error: ${err}`;\n        return await ctx.crash({\n          exitCode: 1,\n          errorType: \"fatal\",\n          printedMessage: message,\n          errForSentry: err,\n        });\n      }\n    }\n  }\n}\n\nasync function performPasswordAuthentication(\n  ctx: Context,\n  clientId: string,\n  username: string,\n  password: string,\n): Promise<string> {\n  if (!process.env.WORKOS_API_SECRET) {\n    return await ctx.crash({\n      exitCode: 1,\n      errorType: \"fatal\",\n      printedMessage: \"WORKOS_API_SECRET environment variable is not set\",\n    });\n  }\n\n  // Unfortunately, `openid-client` doesn't support the resource owner password credentials flow so we need to manually send the requests.\n  const options: Parameters<typeof throwingFetch>[1] = {\n    method: \"POST\",\n    headers: { \"Content-Type\": \"application/json\" },\n    body: JSON.stringify({\n      grant_type: \"password\",\n      email: username,\n      password: password,\n      client_id: clientId,\n      client_secret: process.env.WORKOS_API_SECRET,\n    }),\n  };\n\n  try {\n    const response = await throwingFetch(\n      \"https://apiauth.convex.dev/user_management/authenticate\",\n      options,\n    );\n    const data = await response.json();\n    if (typeof data.access_token === \"string\") {\n      return data.access_token;\n    } else {\n      // Unexpected error\n      // eslint-disable-next-line no-restricted-syntax\n      throw Error(\"Access token is missing\");\n    }\n  } catch (err: any) {\n    logFailure(`Password flow failed: ${err}`);\n    if (err.response) {\n      logError(chalkStderr.red(`${JSON.stringify(err.response.data)}`));\n    }\n    return await ctx.crash({\n      exitCode: 1,\n      errorType: \"fatal\",\n      errForSentry: err,\n      printedMessage: null,\n    });\n  }\n}\n\nexport async function performLogin(\n  ctx: Context,\n  {\n    overrideAuthUrl,\n    overrideAuthClient,\n    overrideAuthUsername,\n    overrideAuthPassword,\n    overrideAccessToken,\n    loginFlow,\n    open,\n    acceptOptIns,\n    dumpAccessToken,\n    deviceName: deviceNameOverride,\n    anonymousId,\n    vercel,\n    vercelOverride,\n  }: {\n    overrideAuthUrl?: string | undefined;\n    overrideAuthClient?: string | undefined;\n    overrideAuthUsername?: string | undefined;\n    overrideAuthPassword?: string | undefined;\n    overrideAccessToken?: string | undefined;\n    loginFlow?: \"auto\" | \"paste\" | \"poll\" | undefined;\n    // default `true`\n    open?: boolean | undefined;\n    // default `false`\n    acceptOptIns?: boolean | undefined;\n    dumpAccessToken?: boolean | undefined;\n    deviceName?: string | undefined;\n    anonymousId?: string | undefined;\n    vercel?: boolean | undefined;\n    vercelOverride?: string | undefined;\n  } = {},\n) {\n  loginFlow = loginFlow || \"auto\";\n  // Get access token from big-brain\n  // Default the device name to the hostname, but allow the user to change this if the terminal is interactive.\n  // On Macs, the `hostname()` may be a weirdly-truncated form of the computer name. Attempt to read the \"real\" name before falling back to hostname.\n  let deviceName = deviceNameOverride ?? \"\";\n  if (!deviceName && process.platform === \"darwin\") {\n    try {\n      deviceName = execSync(\"scutil --get ComputerName\").toString().trim();\n    } catch {\n      // Just fall back to the hostname default below.\n    }\n  }\n  if (!deviceName) {\n    deviceName = hostname();\n  }\n  if (!deviceNameOverride) {\n    logMessage(\n      chalkStderr.bold(\n        `Welcome to developing with Convex, let's get you logged in.`,\n      ),\n    );\n    deviceName = await promptString(ctx, {\n      message: \"Device name:\",\n      default: deviceName,\n    });\n  }\n\n  const issuer = overrideAuthUrl ?? \"https://auth.convex.dev\";\n  let authIssuer;\n  let accessToken: string;\n\n  if (loginFlow === \"paste\" || (loginFlow === \"auto\" && isWebContainer())) {\n    accessToken = await promptString(ctx, {\n      message:\n        \"Open https://dashboard.convex.dev/auth, log in and paste the token here:\",\n    });\n  } else {\n    try {\n      authIssuer = await Issuer.discover(issuer);\n    } catch {\n      // Couldn't contact https://auth.convex.dev/.well-known/openid-configuration,\n      // proceed with manual auth.\n      accessToken = await promptString(ctx, {\n        message:\n          \"Open https://dashboard.convex.dev/auth, log in and paste the token here:\",\n      });\n    }\n  }\n\n  // typical path\n  if (authIssuer) {\n    const clientId = overrideAuthClient ?? \"HFtA247jp9iNs08NTLIB7JsNPMmRIyfi\";\n    const authClient = new authIssuer.Client({\n      client_id: clientId,\n      token_endpoint_auth_method: \"none\",\n      id_token_signed_response_alg: \"RS256\",\n    });\n\n    if (overrideAccessToken) {\n      accessToken = overrideAccessToken;\n    } else if (overrideAuthUsername && overrideAuthPassword) {\n      accessToken = await performPasswordAuthentication(\n        ctx,\n        clientId,\n        overrideAuthUsername,\n        overrideAuthPassword,\n      );\n    } else {\n      accessToken = await performDeviceAuthorization(\n        ctx,\n        authClient,\n        open ?? true,\n        vercel,\n        vercelOverride,\n      );\n    }\n  }\n\n  if (dumpAccessToken) {\n    logOutput(`${accessToken!}`);\n    return await ctx.crash({\n      exitCode: 0,\n      errorType: \"fatal\",\n      printedMessage: null,\n    });\n  }\n\n  const authorizeArgs: AuthorizeArgs = {\n    authnToken: accessToken!,\n    deviceName: deviceName,\n    anonymousId: anonymousId,\n  };\n  const data = await bigBrainAPI({\n    ctx,\n    method: \"POST\",\n    path: \"authorize\",\n    data: authorizeArgs,\n  });\n  const globalConfig = { accessToken: data.accessToken };\n  try {\n    await modifyGlobalConfig(ctx, globalConfig);\n    const path = globalConfigPath();\n    logFinishedStep(`Saved credentials to ${formatPathForPrinting(path)}`);\n  } catch (err: unknown) {\n    return await ctx.crash({\n      exitCode: 1,\n      errorType: \"invalid filesystem data\",\n      errForSentry: err,\n      printedMessage: null,\n    });\n  }\n\n  logVerbose(`performLogin: updating big brain auth after login`);\n  await updateBigBrainAuthAfterLogin(ctx, data.accessToken);\n\n  logVerbose(`performLogin: checking opt ins, acceptOptIns: ${acceptOptIns}`);\n  // Do opt in to TOS and Privacy Policy stuff\n  const shouldContinue = await optins(ctx, acceptOptIns ?? false);\n  if (!shouldContinue) {\n    return await ctx.crash({\n      exitCode: 1,\n      errorType: \"fatal\",\n      printedMessage: null,\n    });\n  }\n}\n\n/// There are fields like version, but we keep them opaque\ntype OptIn = Record<string, unknown>;\n\ntype OptInToAccept = {\n  optIn: OptIn;\n  message: string;\n};\n\ntype AcceptOptInsArgs = {\n  optInsAccepted: OptIn[];\n};\n\n// Returns whether we can proceed or not.\nasync function optins(ctx: Context, acceptOptIns: boolean): Promise<boolean> {\n  const bbAuth = ctx.bigBrainAuth();\n  if (bbAuth === null) {\n    // This should never happen, but if we're not even logged in, we can't proceed.\n    return false;\n  }\n  switch (bbAuth.kind) {\n    case \"accessToken\":\n      break;\n    case \"deploymentKey\":\n    case \"projectKey\":\n    case \"previewDeployKey\":\n      // If we have a key configured as auth, we do not need to check opt ins.\n      return true;\n    default: {\n      bbAuth satisfies never;\n      return await ctx.crash({\n        exitCode: 1,\n        errorType: \"fatal\",\n        errForSentry: `Unexpected auth kind ${(bbAuth as any).kind}`,\n        printedMessage: \"Hit an unexpected error while logging in.\",\n      });\n    }\n  }\n  const data = await bigBrainAPI({\n    ctx,\n    method: \"POST\",\n    path: \"check_opt_ins\",\n  });\n  if (data.optInsToAccept.length === 0) {\n    return true;\n  }\n  for (const optInToAccept of data.optInsToAccept) {\n    const confirmed =\n      acceptOptIns ||\n      (await promptYesNo(ctx, {\n        message: optInToAccept.message,\n      }));\n    if (!confirmed) {\n      logFailure(\"Please accept the Terms of Service to use Convex.\");\n      return Promise.resolve(false);\n    }\n  }\n\n  const optInsAccepted = data.optInsToAccept.map((o: OptInToAccept) => o.optIn);\n  const args: AcceptOptInsArgs = { optInsAccepted };\n  await bigBrainAPI({\n    ctx,\n    method: \"POST\",\n    path: \"accept_opt_ins\",\n    data: args,\n  });\n  return true;\n}\n\nexport async function ensureLoggedIn(\n  ctx: Context,\n  options?: {\n    message?: string | undefined;\n    overrideAuthUrl?: string | undefined;\n    overrideAuthClient?: string | undefined;\n    overrideAuthUsername?: string | undefined;\n    overrideAuthPassword?: string | undefined;\n  },\n) {\n  const isLoggedIn = await checkAuthorization(ctx, false);\n  if (!isLoggedIn) {\n    if (options?.message) {\n      logMessage(options.message);\n    }\n    await performLogin(ctx, {\n      acceptOptIns: false,\n      overrideAuthUrl: options?.overrideAuthUrl,\n      overrideAuthClient: options?.overrideAuthClient,\n      overrideAuthUsername: options?.overrideAuthUsername,\n      overrideAuthPassword: options?.overrideAuthPassword,\n    });\n  }\n}\n"],
-  "mappings": ";AAAA,SAAS,QAAoB,cAAc;AAC3C;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,OAAO,UAAU;AACjB,SAAS,mBAAmB;AAC5B,SAAS,qBAAqB;AAC9B,SAAS,eAAe;AAExB;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,cAAc;AACvB,SAAS,gBAAgB;AACzB,SAAS,gBAAgB;AACzB,SAAS,cAAc,mBAAmB;AAC1C;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,oCAAoC;AAG7C,OAAO,uBAAuB;AAAA,EAC5B,SAAS,SAAS,QAAQ,IAAI,yBAAyB,OAAO;AAChE,CAAC;AAQD,sBAAsB,mBACpB,KACA,cACkB;AAClB,QAAM,SAAS,IAAI,aAAa,GAAG,UAAU;AAC7C,MAAI,WAAW,MAAM;AACnB,WAAO;AAAA,EACT;AACA,MAAI;AACF,UAAM,OAAO,MAAM,MAAM,GAAG,aAAa,kBAAkB;AAAA,MACzD,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,eAAe;AAAA,QACf,iBAAiB,WAAW,OAAO;AAAA,MACrC;AAAA,IACF,CAAC;AAID,QAAI,KAAK,WAAW,KAAK;AACvB,aAAO;AAAA,IACT;AAAA,EACF,SAAS,GAAQ;AAEf;AAAA,MACE;AAAA,IACF;AACA,WAAO,MAAM,uBAAuB,KAAK,CAAC;AAAA,EAC5C;AAGA,QAAM,iBAAiB,MAAM,OAAO,KAAK,YAAY;AACrD,MAAI,CAAC,gBAAgB;AACnB,WAAO,MAAM,IAAI,MAAM;AAAA,MACrB,UAAU;AAAA,MACV,WAAW;AAAA,MACX,gBAAgB;AAAA,IAClB,CAAC;AAAA,EACH;AACA,SAAO;AACT;AAEA,eAAe,2BACb,KACA,YACA,YACA,QACA,gBACiB;AA8BjB,MAAI;AACJ,MAAI;AACF,aAAS,MAAM,WAAW,oBAAoB;AAAA,EAChD,QAAQ;AAEN,WAAO,aAAa,KAAK;AAAA,MACvB,SACE;AAAA,IACJ,CAAC;AAAA,EACH;AAIA,QAAM,EAAE,2BAA2B,WAAW,WAAW,IAAI;AAG7D,QAAM,YAAY,SACd,uCAAuC,kBAAkB,QAAQ,QAAQ,yBAAyB,KAClG;AAEJ;AAAA,IACE,SAAS,SAAS;AAAA,qDAEd,aAAa,OAAO,IAChB,GAAG,aAAa,EAAE,aAClB,GAAG,UAAU,UACnB,KAAK,SAAS;AAAA,EAClB;AACA,MAAI,YAAY;AACd,iBAAa,MAAM,YAAY,KAAK;AAAA,MAClC,SAAS;AAAA,MACT,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,MAAI,YAAY;AACd,gBAAY,WAAW,SAAS;AAAA,CAAiC;AACjE,QAAI;AACF,YAAM,IAAI,MAAM,KAAK,SAAS;AAC9B,QAAE,KAAK,SAAS,MAAM;AACpB,sBAAc,iBAAiB,SAAS,6BAA6B;AAAA,MACvE,CAAC;AACD,oBAAc,iCAAiC;AAAA,IACjD,QAAQ;AACN,eAAS,YAAY,IAAI,yBAAyB,CAAC;AACnD,oBAAc,iBAAiB,SAAS,6BAA6B;AAAA,IACvE;AAAA,EACF,OAAO;AACL,gBAAY,QAAQ,SAAS,6BAA6B;AAAA,EAC5D;AAIA,MAAI;AACF,UAAM,SAAS,MAAM,OAAO,KAAK;AACjC,QAAI,OAAO,OAAO,iBAAiB,UAAU;AAC3C,aAAO,OAAO;AAAA,IAChB,OAAO;AAGL,YAAM,MAAM,yBAAyB;AAAA,IACvC;AAAA,EACF,SAAS,KAAU;AACjB,YAAQ,IAAI,OAAO;AAAA,MACjB,KAAK;AACH,eAAO,MAAM,IAAI,MAAM;AAAA,UACrB,UAAU;AAAA,UACV,WAAW;AAAA,UACX,gBAAgB;AAAA,UAChB,cAAc;AAAA,QAChB,CAAC;AAAA,MACH,KAAK;AACH,eAAO,MAAM,IAAI,MAAM;AAAA,UACrB,UAAU;AAAA,UACV,WAAW;AAAA,UACX,gBAAgB;AAAA,UAChB,cAAc;AAAA,QAChB,CAAC;AAAA,MACH,SAAS;AACP,cAAM,UACJ,eAAe,OAAO,UAClB,WAAW,IAAI,KAAK,yBAAyB,IAAI,iBAAiB,KAClE,4BAA4B,GAAG;AACrC,eAAO,MAAM,IAAI,MAAM;AAAA,UACrB,UAAU;AAAA,UACV,WAAW;AAAA,UACX,gBAAgB;AAAA,UAChB,cAAc;AAAA,QAChB,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACF;AAEA,eAAe,8BACb,KACA,UACA,UACA,UACiB;AACjB,MAAI,CAAC,QAAQ,IAAI,mBAAmB;AAClC,WAAO,MAAM,IAAI,MAAM;AAAA,MACrB,UAAU;AAAA,MACV,WAAW;AAAA,MACX,gBAAgB;AAAA,IAClB,CAAC;AAAA,EACH;AAGA,QAAM,UAA+C;AAAA,IACnD,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C,MAAM,KAAK,UAAU;AAAA,MACnB,YAAY;AAAA,MACZ,OAAO;AAAA,MACP;AAAA,MACA,WAAW;AAAA,MACX,eAAe,QAAQ,IAAI;AAAA,IAC7B,CAAC;AAAA,EACH;AAEA,MAAI;AACF,UAAM,WAAW,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,IACF;AACA,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,QAAI,OAAO,KAAK,iBAAiB,UAAU;AACzC,aAAO,KAAK;AAAA,IACd,OAAO;AAGL,YAAM,MAAM,yBAAyB;AAAA,IACvC;AAAA,EACF,SAAS,KAAU;AACjB,eAAW,yBAAyB,GAAG,EAAE;AACzC,QAAI,IAAI,UAAU;AAChB,eAAS,YAAY,IAAI,GAAG,KAAK,UAAU,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;AAAA,IAClE;AACA,WAAO,MAAM,IAAI,MAAM;AAAA,MACrB,UAAU;AAAA,MACV,WAAW;AAAA,MACX,cAAc;AAAA,MACd,gBAAgB;AAAA,IAClB,CAAC;AAAA,EACH;AACF;AAEA,sBAAsB,aACpB,KACA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,MAAAA;AAAA,EACA;AAAA,EACA;AAAA,EACA,YAAY;AAAA,EACZ;AAAA,EACA;AAAA,EACA;AACF,IAgBI,CAAC,GACL;AACA,cAAY,aAAa;AAIzB,MAAI,aAAa,sBAAsB;AACvC,MAAI,CAAC,cAAc,QAAQ,aAAa,UAAU;AAChD,QAAI;AACF,mBAAa,SAAS,2BAA2B,EAAE,SAAS,EAAE,KAAK;AAAA,IACrE,QAAQ;AAAA,IAER;AAAA,EACF;AACA,MAAI,CAAC,YAAY;AACf,iBAAa,SAAS;AAAA,EACxB;AACA,MAAI,CAAC,oBAAoB;AACvB;AAAA,MACE,YAAY;AAAA,QACV;AAAA,MACF;AAAA,IACF;AACA,iBAAa,MAAM,aAAa,KAAK;AAAA,MACnC,SAAS;AAAA,MACT,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,QAAM,SAAS,mBAAmB;AAClC,MAAI;AACJ,MAAI;AAEJ,MAAI,cAAc,WAAY,cAAc,UAAU,eAAe,GAAI;AACvE,kBAAc,MAAM,aAAa,KAAK;AAAA,MACpC,SACE;AAAA,IACJ,CAAC;AAAA,EACH,OAAO;AACL,QAAI;AACF,mBAAa,MAAM,OAAO,SAAS,MAAM;AAAA,IAC3C,QAAQ;AAGN,oBAAc,MAAM,aAAa,KAAK;AAAA,QACpC,SACE;AAAA,MACJ,CAAC;AAAA,IACH;AAAA,EACF;AAGA,MAAI,YAAY;AACd,UAAM,WAAW,sBAAsB;AACvC,UAAM,aAAa,IAAI,WAAW,OAAO;AAAA,MACvC,WAAW;AAAA,MACX,4BAA4B;AAAA,MAC5B,8BAA8B;AAAA,IAChC,CAAC;AAED,QAAI,qBAAqB;AACvB,oBAAc;AAAA,IAChB,WAAW,wBAAwB,sBAAsB;AACvD,oBAAc,MAAM;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF,OAAO;AACL,oBAAc,MAAM;AAAA,QAClB;AAAA,QACA;AAAA,QACAA,SAAQ;AAAA,QACR;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,MAAI,iBAAiB;AACnB,cAAU,GAAG,WAAY,EAAE;AAC3B,WAAO,MAAM,IAAI,MAAM;AAAA,MACrB,UAAU;AAAA,MACV,WAAW;AAAA,MACX,gBAAgB;AAAA,IAClB,CAAC;AAAA,EACH;AAEA,QAAM,gBAA+B;AAAA,IACnC,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF;AACA,QAAM,OAAO,MAAM,YAAY;AAAA,IAC7B;AAAA,IACA,QAAQ;AAAA,IACR,MAAM;AAAA,IACN,MAAM;AAAA,EACR,CAAC;AACD,QAAM,eAAe,EAAE,aAAa,KAAK,YAAY;AACrD,MAAI;AACF,UAAM,mBAAmB,KAAK,YAAY;AAC1C,UAAM,OAAO,iBAAiB;AAC9B,oBAAgB,wBAAwB,sBAAsB,IAAI,CAAC,EAAE;AAAA,EACvE,SAAS,KAAc;AACrB,WAAO,MAAM,IAAI,MAAM;AAAA,MACrB,UAAU;AAAA,MACV,WAAW;AAAA,MACX,cAAc;AAAA,MACd,gBAAgB;AAAA,IAClB,CAAC;AAAA,EACH;AAEA,aAAW,mDAAmD;AAC9D,QAAM,6BAA6B,KAAK,KAAK,WAAW;AAExD,aAAW,iDAAiD,YAAY,EAAE;AAE1E,QAAM,iBAAiB,MAAM,OAAO,KAAK,gBAAgB,KAAK;AAC9D,MAAI,CAAC,gBAAgB;AACnB,WAAO,MAAM,IAAI,MAAM;AAAA,MACrB,UAAU;AAAA,MACV,WAAW;AAAA,MACX,gBAAgB;AAAA,IAClB,CAAC;AAAA,EACH;AACF;AAeA,eAAe,OAAO,KAAc,cAAyC;AAC3E,QAAM,SAAS,IAAI,aAAa;AAChC,MAAI,WAAW,MAAM;AAEnB,WAAO;AAAA,EACT;AACA,UAAQ,OAAO,MAAM;AAAA,IACnB,KAAK;AACH;AAAA,IACF,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAEH,aAAO;AAAA,IACT,SAAS;AACP;AACA,aAAO,MAAM,IAAI,MAAM;AAAA,QACrB,UAAU;AAAA,QACV,WAAW;AAAA,QACX,cAAc,wBAAyB,OAAe,IAAI;AAAA,QAC1D,gBAAgB;AAAA,MAClB,CAAC;AAAA,IACH;AAAA,EACF;AACA,QAAM,OAAO,MAAM,YAAY;AAAA,IAC7B;AAAA,IACA,QAAQ;AAAA,IACR,MAAM;AAAA,EACR,CAAC;AACD,MAAI,KAAK,eAAe,WAAW,GAAG;AACpC,WAAO;AAAA,EACT;AACA,aAAW,iBAAiB,KAAK,gBAAgB;AAC/C,UAAM,YACJ,gBACC,MAAM,YAAY,KAAK;AAAA,MACtB,SAAS,cAAc;AAAA,IACzB,CAAC;AACH,QAAI,CAAC,WAAW;AACd,iBAAW,mDAAmD;AAC9D,aAAO,QAAQ,QAAQ,KAAK;AAAA,IAC9B;AAAA,EACF;AAEA,QAAM,iBAAiB,KAAK,eAAe,IAAI,CAAC,MAAqB,EAAE,KAAK;AAC5E,QAAM,OAAyB,EAAE,eAAe;AAChD,QAAM,YAAY;AAAA,IAChB;AAAA,IACA,QAAQ;AAAA,IACR,MAAM;AAAA,IACN,MAAM;AAAA,EACR,CAAC;AACD,SAAO;AACT;AAEA,sBAAsB,eACpB,KACA,SAOA;AACA,QAAM,aAAa,MAAM,mBAAmB,KAAK,KAAK;AACtD,MAAI,CAAC,YAAY;AACf,QAAI,SAAS,SAAS;AACpB,iBAAW,QAAQ,OAAO;AAAA,IAC5B;AACA,UAAM,aAAa,KAAK;AAAA,MACtB,cAAc;AAAA,MACd,iBAAiB,SAAS;AAAA,MAC1B,oBAAoB,SAAS;AAAA,MAC7B,sBAAsB,SAAS;AAAA,MAC/B,sBAAsB,SAAS;AAAA,IACjC,CAAC;AAAA,EACH;AACF;",
-  "names": ["open"]
+  "sourcesContent": ["import { errors, BaseClient, custom } from \"openid-client\";\nimport {\n  bigBrainAPI,\n  bigBrainFetch,\n  logAndHandleFetchError,\n  throwingFetch,\n  isWebContainer,\n} from \"./utils/utils.js\";\nimport open from \"open\";\nimport { chalkStderr } from \"chalk\";\nimport { provisionHost } from \"./config.js\";\nimport { version } from \"../version.js\";\nimport { Context } from \"../../bundler/context.js\";\nimport {\n  changeSpinner,\n  logError,\n  logFailure,\n  logFinishedStep,\n  logMessage,\n  logOutput,\n  logVerbose,\n  showSpinner,\n} from \"../../bundler/log.js\";\nimport { Issuer } from \"openid-client\";\nimport { hostname } from \"os\";\nimport { execSync } from \"child_process\";\nimport { promptString, promptYesNo } from \"./utils/prompts.js\";\nimport {\n  formatPathForPrinting,\n  globalConfigPath,\n  modifyGlobalConfig,\n} from \"./utils/globalConfig.js\";\nimport { updateBigBrainAuthAfterLogin } from \"./deploymentSelection.js\";\n\n// Per https://github.com/panva/node-openid-client/tree/main/docs#customizing\ncustom.setHttpOptionsDefaults({\n  timeout: parseInt(process.env.OPENID_CLIENT_TIMEOUT || \"10000\"),\n});\n\ninterface AuthorizeArgs {\n  authnToken: string;\n  deviceName: string;\n  anonymousId?: string | undefined;\n}\n\nexport async function checkAuthorization(\n  ctx: Context,\n  acceptOptIns: boolean,\n): Promise<boolean> {\n  const header = ctx.bigBrainAuth()?.header ?? null;\n  if (header === null) {\n    return false;\n  }\n  try {\n    const resp = await fetch(`${provisionHost}/api/authorize`, {\n      method: \"HEAD\",\n      headers: {\n        Authorization: header,\n        \"Convex-Client\": `npm-cli-${version}`,\n      },\n    });\n    // Don't throw an error if this request returns a non-200 status.\n    // Big Brain responds with a variety of error codes -- 401 if the token is correctly-formed but not valid, and either 400 or 500 if the token is ill-formed.\n    // We only care if this check returns a 200 code (so we can skip logging in again) -- any other errors should be silently skipped and we'll run the whole login flow again.\n    if (resp.status !== 200) {\n      return false;\n    }\n  } catch (e: any) {\n    // This `catch` block should only be hit if a network error was encountered\n    logError(\n      `Unexpected error when authorizing - are you connected to the internet?`,\n    );\n    return await logAndHandleFetchError(ctx, e);\n  }\n\n  // Check that we have optin as well\n  const shouldContinue = await optins(ctx, acceptOptIns);\n  if (!shouldContinue) {\n    return await ctx.crash({\n      exitCode: 1,\n      errorType: \"fatal\",\n      printedMessage: null,\n    });\n  }\n  return true;\n}\n\nasync function performDeviceAuthorization(\n  ctx: Context,\n  authClient: BaseClient,\n  shouldOpen: boolean,\n  vercel?: boolean,\n  vercelOverride?: string,\n): Promise<string> {\n  // Device authorization flow follows this guide: https://github.com/auth0/auth0-device-flow-cli-sample/blob/9f0f3b76a6cd56ea8d99e76769187ea5102d519d/cli.js\n  // License: MIT License\n  // Copyright (c) 2019 Auth0 Samples\n  /*\n  The MIT License (MIT)\n\n  Copyright (c) 2019 Auth0 Samples\n\n  Permission is hereby granted, free of charge, to any person obtaining a copy\n  of this software and associated documentation files (the \"Software\"), to deal\n  in the Software without restriction, including without limitation the rights\n  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n  copies of the Software, and to permit persons to whom the Software is\n  furnished to do so, subject to the following conditions:\n\n  The above copyright notice and this permission notice shall be included in all\n  copies or substantial portions of the Software.\n\n  THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\n  SOFTWARE.\n  */\n\n  // Device Authorization Request - https://tools.ietf.org/html/rfc8628#section-3.1\n  // Get authentication URL\n  let handle;\n  try {\n    handle = await authClient.deviceAuthorization();\n  } catch {\n    // We couldn't get verification URL from the auth provider, proceed with manual auth\n    return promptString(ctx, {\n      message:\n        \"Open https://dashboard.convex.dev/auth, log in and paste the token here:\",\n    });\n  }\n\n  // Device Authorization Response - https://tools.ietf.org/html/rfc8628#section-3.2\n  // Open authentication URL\n  const { verification_uri_complete, user_code, expires_in } = handle;\n\n  // Construct Vercel URL if --vercel flag is used\n  const urlToOpen = vercel\n    ? `https://vercel.com/sso/integrations/${vercelOverride || \"convex\"}?url=${verification_uri_complete}`\n    : verification_uri_complete;\n\n  logMessage(\n    `Visit ${urlToOpen} to finish logging in.\\n` +\n      `You should see the following code which expires in ${\n        expires_in % 60 === 0\n          ? `${expires_in / 60} minutes`\n          : `${expires_in} seconds`\n      }: ${user_code}`,\n  );\n  if (shouldOpen) {\n    shouldOpen = await promptYesNo(ctx, {\n      message: `Open the browser?`,\n      default: true,\n    });\n  }\n\n  if (shouldOpen) {\n    showSpinner(`Opening ${urlToOpen} in your browser to log in...\\n`);\n    try {\n      const p = await open(urlToOpen);\n      p.once(\"error\", () => {\n        changeSpinner(`Manually open ${urlToOpen} in your browser to log in.`);\n      });\n      changeSpinner(\"Waiting for the confirmation...\");\n    } catch {\n      logError(chalkStderr.red(`Unable to open browser.`));\n      changeSpinner(`Manually open ${urlToOpen} in your browser to log in.`);\n    }\n  } else {\n    showSpinner(`Open ${urlToOpen} in your browser to log in.`);\n  }\n\n  // Device Access Token Request - https://tools.ietf.org/html/rfc8628#section-3.4\n  // Device Access Token Response - https://tools.ietf.org/html/rfc8628#section-3.5\n  try {\n    const tokens = await handle.poll();\n    if (typeof tokens.access_token === \"string\") {\n      return tokens.access_token;\n    } else {\n      // Unexpected error\n      // eslint-disable-next-line no-restricted-syntax\n      throw Error(\"Access token is missing\");\n    }\n  } catch (err: any) {\n    switch (err.error) {\n      case \"access_denied\": // end-user declined the device confirmation prompt, consent or rules failed\n        return await ctx.crash({\n          exitCode: 1,\n          errorType: \"fatal\",\n          printedMessage: \"Access denied.\",\n          errForSentry: err,\n        });\n      case \"expired_token\": // end-user did not complete the interaction in time\n        return await ctx.crash({\n          exitCode: 1,\n          errorType: \"fatal\",\n          printedMessage: \"Device flow expired.\",\n          errForSentry: err,\n        });\n      default: {\n        const message =\n          err instanceof errors.OPError\n            ? `Error = ${err.error}; error_description = ${err.error_description}`\n            : `Login failed with error: ${err}`;\n        return await ctx.crash({\n          exitCode: 1,\n          errorType: \"fatal\",\n          printedMessage: message,\n          errForSentry: err,\n        });\n      }\n    }\n  }\n}\n\nasync function performPasswordAuthentication(\n  ctx: Context,\n  clientId: string,\n  username: string,\n  password: string,\n): Promise<string> {\n  if (!process.env.WORKOS_API_SECRET) {\n    return await ctx.crash({\n      exitCode: 1,\n      errorType: \"fatal\",\n      printedMessage: \"WORKOS_API_SECRET environment variable is not set\",\n    });\n  }\n\n  // Unfortunately, `openid-client` doesn't support the resource owner password credentials flow so we need to manually send the requests.\n  const options: Parameters<typeof throwingFetch>[1] = {\n    method: \"POST\",\n    headers: { \"Content-Type\": \"application/json\" },\n    body: JSON.stringify({\n      grant_type: \"password\",\n      email: username,\n      password: password,\n      client_id: clientId,\n      client_secret: process.env.WORKOS_API_SECRET,\n    }),\n  };\n\n  try {\n    const response = await throwingFetch(\n      \"https://apiauth.convex.dev/user_management/authenticate\",\n      options,\n    );\n    const data = await response.json();\n    if (typeof data.access_token === \"string\") {\n      return data.access_token;\n    } else {\n      // Unexpected error\n      // eslint-disable-next-line no-restricted-syntax\n      throw Error(\"Access token is missing\");\n    }\n  } catch (err: any) {\n    logFailure(`Password flow failed: ${err}`);\n    if (err.response) {\n      logError(chalkStderr.red(`${JSON.stringify(err.response.data)}`));\n    }\n    return await ctx.crash({\n      exitCode: 1,\n      errorType: \"fatal\",\n      errForSentry: err,\n      printedMessage: null,\n    });\n  }\n}\n\nexport async function performLogin(\n  ctx: Context,\n  {\n    overrideAuthUrl,\n    overrideAuthClient,\n    overrideAuthUsername,\n    overrideAuthPassword,\n    overrideAccessToken,\n    loginFlow,\n    open,\n    acceptOptIns,\n    dumpAccessToken,\n    deviceName: deviceNameOverride,\n    anonymousId,\n    vercel,\n    vercelOverride,\n  }: {\n    overrideAuthUrl?: string | undefined;\n    overrideAuthClient?: string | undefined;\n    overrideAuthUsername?: string | undefined;\n    overrideAuthPassword?: string | undefined;\n    overrideAccessToken?: string | undefined;\n    loginFlow?: \"auto\" | \"paste\" | \"poll\" | undefined;\n    // default `true`\n    open?: boolean | undefined;\n    // default `false`\n    acceptOptIns?: boolean | undefined;\n    dumpAccessToken?: boolean | undefined;\n    deviceName?: string | undefined;\n    anonymousId?: string | undefined;\n    vercel?: boolean | undefined;\n    vercelOverride?: string | undefined;\n  } = {},\n) {\n  loginFlow = loginFlow || \"auto\";\n  // Get access token from big-brain\n  // Default the device name to the hostname, but allow the user to change this if the terminal is interactive.\n  // On Macs, the `hostname()` may be a weirdly-truncated form of the computer name. Attempt to read the \"real\" name before falling back to hostname.\n  let deviceName = deviceNameOverride ?? \"\";\n  if (!deviceName && process.platform === \"darwin\") {\n    try {\n      deviceName = execSync(\"scutil --get ComputerName\").toString().trim();\n    } catch {\n      // Just fall back to the hostname default below.\n    }\n  }\n  if (!deviceName) {\n    deviceName = hostname();\n  }\n  if (!deviceNameOverride) {\n    logMessage(\n      chalkStderr.bold(\n        `Welcome to developing with Convex, let's get you logged in.`,\n      ),\n    );\n    deviceName = await promptString(ctx, {\n      message: \"Device name:\",\n      default: deviceName,\n    });\n  }\n\n  const issuer = overrideAuthUrl ?? \"https://auth.convex.dev\";\n  let authIssuer;\n  let accessToken: string;\n\n  if (loginFlow === \"paste\" || (loginFlow === \"auto\" && isWebContainer())) {\n    accessToken = await promptString(ctx, {\n      message:\n        \"Open https://dashboard.convex.dev/auth, log in and paste the token here:\",\n    });\n  } else {\n    try {\n      authIssuer = await Issuer.discover(issuer);\n    } catch {\n      // Couldn't contact https://auth.convex.dev/.well-known/openid-configuration,\n      // proceed with manual auth.\n      accessToken = await promptString(ctx, {\n        message:\n          \"Open https://dashboard.convex.dev/auth, log in and paste the token here:\",\n      });\n    }\n  }\n\n  // typical path\n  if (authIssuer) {\n    const clientId = overrideAuthClient ?? \"HFtA247jp9iNs08NTLIB7JsNPMmRIyfi\";\n    const authClient = new authIssuer.Client({\n      client_id: clientId,\n      token_endpoint_auth_method: \"none\",\n      id_token_signed_response_alg: \"RS256\",\n    });\n\n    if (overrideAccessToken) {\n      accessToken = overrideAccessToken;\n    } else if (overrideAuthUsername && overrideAuthPassword) {\n      accessToken = await performPasswordAuthentication(\n        ctx,\n        clientId,\n        overrideAuthUsername,\n        overrideAuthPassword,\n      );\n    } else {\n      accessToken = await performDeviceAuthorization(\n        ctx,\n        authClient,\n        open ?? true,\n        vercel,\n        vercelOverride,\n      );\n    }\n  }\n\n  if (dumpAccessToken) {\n    logOutput(`${accessToken!}`);\n    return await ctx.crash({\n      exitCode: 0,\n      errorType: \"fatal\",\n      printedMessage: null,\n    });\n  }\n\n  const authorizeArgs: AuthorizeArgs = {\n    authnToken: accessToken!,\n    deviceName: deviceName,\n    anonymousId: anonymousId,\n  };\n  const data = await bigBrainAPI({\n    ctx,\n    method: \"POST\",\n    path: \"authorize\",\n    data: authorizeArgs,\n  });\n  const globalConfig = { accessToken: data.accessToken };\n  try {\n    await modifyGlobalConfig(ctx, globalConfig);\n    const path = globalConfigPath();\n    logFinishedStep(`Saved credentials to ${formatPathForPrinting(path)}`);\n  } catch (err: unknown) {\n    return await ctx.crash({\n      exitCode: 1,\n      errorType: \"invalid filesystem data\",\n      errForSentry: err,\n      printedMessage: null,\n    });\n  }\n\n  logVerbose(`performLogin: updating big brain auth after login`);\n  await updateBigBrainAuthAfterLogin(ctx, data.accessToken);\n\n  logVerbose(`performLogin: checking opt ins, acceptOptIns: ${acceptOptIns}`);\n  // Do opt in to TOS and Privacy Policy stuff\n  const shouldContinue = await optins(ctx, acceptOptIns ?? false);\n  if (!shouldContinue) {\n    return await ctx.crash({\n      exitCode: 1,\n      errorType: \"fatal\",\n      printedMessage: null,\n    });\n  }\n\n  if (vercel) {\n    await promptJoinVercelTeams(ctx);\n  }\n}\n\ntype PotentialVercelTeam = {\n  teamId: number;\n  teamName: string;\n  teamSlug: string;\n  planId: string;\n  planName: string;\n  pricingNotice: string | null;\n};\n\n// After `--vercel` login, surface any Vercel-marketplace teams the user has\n// access to but isn't yet a member of, and prompt to join each.\nasync function promptJoinVercelTeams(ctx: Context): Promise<void> {\n  const fetch = bigBrainFetch(ctx);\n  let teams: PotentialVercelTeam[];\n  try {\n    const res = await fetch(\n      new URL(\"vercel/potential_teams\", `${provisionHost}/`),\n    );\n    if (!res.ok) {\n      logVerbose(\n        `vercel/potential_teams returned ${res.status}; skipping team-join prompt`,\n      );\n      return;\n    }\n    teams = await res.json();\n  } catch (err) {\n    logVerbose(`Failed to fetch potential Vercel teams: ${String(err)}`);\n    return;\n  }\n  if (teams.length === 0) return;\n\n  for (const [index, team] of teams.entries()) {\n    const displayName = team.teamName.replace(/ \\(Vercel\\)$/, \"\");\n    const counter = teams.length > 1 ? `[${index + 1}/${teams.length}] ` : \"\";\n    const lines = [\n      chalkStderr.bold(`${counter}You've been invited to join ${displayName}`) +\n        ` (${team.planName}) through the Vercel marketplace.`,\n    ];\n    if (team.pricingNotice) {\n      lines.push(chalkStderr.yellow(team.pricingNotice));\n    }\n    lines.push(`Join \"${displayName}\"?`);\n    const join = await promptYesNo(ctx, {\n      message: `${lines.join(\"\\n\")}`,\n      default: true,\n    });\n    if (!join) continue;\n    try {\n      await fetch(\n        new URL(\n          `vercel/potential_teams/${team.teamId}/join`,\n          `${provisionHost}/`,\n        ),\n        { method: \"POST\" },\n      );\n      logFinishedStep(`Joined ${displayName}`);\n    } catch (err) {\n      logFailure(`Failed to join ${displayName}: ${String(err)}`);\n    }\n  }\n}\n\n/// There are fields like version, but we keep them opaque\ntype OptIn = Record<string, unknown>;\n\ntype OptInToAccept = {\n  optIn: OptIn;\n  message: string;\n};\n\ntype AcceptOptInsArgs = {\n  optInsAccepted: OptIn[];\n};\n\n// Returns whether we can proceed or not.\nasync function optins(ctx: Context, acceptOptIns: boolean): Promise<boolean> {\n  const bbAuth = ctx.bigBrainAuth();\n  if (bbAuth === null) {\n    // This should never happen, but if we're not even logged in, we can't proceed.\n    return false;\n  }\n  switch (bbAuth.kind) {\n    case \"accessToken\":\n      break;\n    case \"deploymentKey\":\n    case \"projectKey\":\n    case \"previewDeployKey\":\n      // If we have a key configured as auth, we do not need to check opt ins.\n      return true;\n    default: {\n      bbAuth satisfies never;\n      return await ctx.crash({\n        exitCode: 1,\n        errorType: \"fatal\",\n        errForSentry: `Unexpected auth kind ${(bbAuth as any).kind}`,\n        printedMessage: \"Hit an unexpected error while logging in.\",\n      });\n    }\n  }\n  const data = await bigBrainAPI({\n    ctx,\n    method: \"POST\",\n    path: \"check_opt_ins\",\n  });\n  if (data.optInsToAccept.length === 0) {\n    return true;\n  }\n  for (const optInToAccept of data.optInsToAccept) {\n    const confirmed =\n      acceptOptIns ||\n      (await promptYesNo(ctx, {\n        message: optInToAccept.message,\n      }));\n    if (!confirmed) {\n      logFailure(\"Please accept the Terms of Service to use Convex.\");\n      return Promise.resolve(false);\n    }\n  }\n\n  const optInsAccepted = data.optInsToAccept.map((o: OptInToAccept) => o.optIn);\n  const args: AcceptOptInsArgs = { optInsAccepted };\n  await bigBrainAPI({\n    ctx,\n    method: \"POST\",\n    path: \"accept_opt_ins\",\n    data: args,\n  });\n  return true;\n}\n\nexport async function ensureLoggedIn(\n  ctx: Context,\n  options?: {\n    message?: string | undefined;\n    overrideAuthUrl?: string | undefined;\n    overrideAuthClient?: string | undefined;\n    overrideAuthUsername?: string | undefined;\n    overrideAuthPassword?: string | undefined;\n  },\n) {\n  const isLoggedIn = await checkAuthorization(ctx, false);\n  if (!isLoggedIn) {\n    if (options?.message) {\n      logMessage(options.message);\n    }\n    await performLogin(ctx, {\n      acceptOptIns: false,\n      overrideAuthUrl: options?.overrideAuthUrl,\n      overrideAuthClient: options?.overrideAuthClient,\n      overrideAuthUsername: options?.overrideAuthUsername,\n      overrideAuthPassword: options?.overrideAuthPassword,\n    });\n  }\n}\n"],
+  "mappings": ";AAAA,SAAS,QAAoB,cAAc;AAC3C;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,OAAO,UAAU;AACjB,SAAS,mBAAmB;AAC5B,SAAS,qBAAqB;AAC9B,SAAS,eAAe;AAExB;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,cAAc;AACvB,SAAS,gBAAgB;AACzB,SAAS,gBAAgB;AACzB,SAAS,cAAc,mBAAmB;AAC1C;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,oCAAoC;AAG7C,OAAO,uBAAuB;AAAA,EAC5B,SAAS,SAAS,QAAQ,IAAI,yBAAyB,OAAO;AAChE,CAAC;AAQD,sBAAsB,mBACpB,KACA,cACkB;AAClB,QAAM,SAAS,IAAI,aAAa,GAAG,UAAU;AAC7C,MAAI,WAAW,MAAM;AACnB,WAAO;AAAA,EACT;AACA,MAAI;AACF,UAAM,OAAO,MAAM,MAAM,GAAG,aAAa,kBAAkB;AAAA,MACzD,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,eAAe;AAAA,QACf,iBAAiB,WAAW,OAAO;AAAA,MACrC;AAAA,IACF,CAAC;AAID,QAAI,KAAK,WAAW,KAAK;AACvB,aAAO;AAAA,IACT;AAAA,EACF,SAAS,GAAQ;AAEf;AAAA,MACE;AAAA,IACF;AACA,WAAO,MAAM,uBAAuB,KAAK,CAAC;AAAA,EAC5C;AAGA,QAAM,iBAAiB,MAAM,OAAO,KAAK,YAAY;AACrD,MAAI,CAAC,gBAAgB;AACnB,WAAO,MAAM,IAAI,MAAM;AAAA,MACrB,UAAU;AAAA,MACV,WAAW;AAAA,MACX,gBAAgB;AAAA,IAClB,CAAC;AAAA,EACH;AACA,SAAO;AACT;AAEA,eAAe,2BACb,KACA,YACA,YACA,QACA,gBACiB;AA8BjB,MAAI;AACJ,MAAI;AACF,aAAS,MAAM,WAAW,oBAAoB;AAAA,EAChD,QAAQ;AAEN,WAAO,aAAa,KAAK;AAAA,MACvB,SACE;AAAA,IACJ,CAAC;AAAA,EACH;AAIA,QAAM,EAAE,2BAA2B,WAAW,WAAW,IAAI;AAG7D,QAAM,YAAY,SACd,uCAAuC,kBAAkB,QAAQ,QAAQ,yBAAyB,KAClG;AAEJ;AAAA,IACE,SAAS,SAAS;AAAA,qDAEd,aAAa,OAAO,IAChB,GAAG,aAAa,EAAE,aAClB,GAAG,UAAU,UACnB,KAAK,SAAS;AAAA,EAClB;AACA,MAAI,YAAY;AACd,iBAAa,MAAM,YAAY,KAAK;AAAA,MAClC,SAAS;AAAA,MACT,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,MAAI,YAAY;AACd,gBAAY,WAAW,SAAS;AAAA,CAAiC;AACjE,QAAI;AACF,YAAM,IAAI,MAAM,KAAK,SAAS;AAC9B,QAAE,KAAK,SAAS,MAAM;AACpB,sBAAc,iBAAiB,SAAS,6BAA6B;AAAA,MACvE,CAAC;AACD,oBAAc,iCAAiC;AAAA,IACjD,QAAQ;AACN,eAAS,YAAY,IAAI,yBAAyB,CAAC;AACnD,oBAAc,iBAAiB,SAAS,6BAA6B;AAAA,IACvE;AAAA,EACF,OAAO;AACL,gBAAY,QAAQ,SAAS,6BAA6B;AAAA,EAC5D;AAIA,MAAI;AACF,UAAM,SAAS,MAAM,OAAO,KAAK;AACjC,QAAI,OAAO,OAAO,iBAAiB,UAAU;AAC3C,aAAO,OAAO;AAAA,IAChB,OAAO;AAGL,YAAM,MAAM,yBAAyB;AAAA,IACvC;AAAA,EACF,SAAS,KAAU;AACjB,YAAQ,IAAI,OAAO;AAAA,MACjB,KAAK;AACH,eAAO,MAAM,IAAI,MAAM;AAAA,UACrB,UAAU;AAAA,UACV,WAAW;AAAA,UACX,gBAAgB;AAAA,UAChB,cAAc;AAAA,QAChB,CAAC;AAAA,MACH,KAAK;AACH,eAAO,MAAM,IAAI,MAAM;AAAA,UACrB,UAAU;AAAA,UACV,WAAW;AAAA,UACX,gBAAgB;AAAA,UAChB,cAAc;AAAA,QAChB,CAAC;AAAA,MACH,SAAS;AACP,cAAM,UACJ,eAAe,OAAO,UAClB,WAAW,IAAI,KAAK,yBAAyB,IAAI,iBAAiB,KAClE,4BAA4B,GAAG;AACrC,eAAO,MAAM,IAAI,MAAM;AAAA,UACrB,UAAU;AAAA,UACV,WAAW;AAAA,UACX,gBAAgB;AAAA,UAChB,cAAc;AAAA,QAChB,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACF;AAEA,eAAe,8BACb,KACA,UACA,UACA,UACiB;AACjB,MAAI,CAAC,QAAQ,IAAI,mBAAmB;AAClC,WAAO,MAAM,IAAI,MAAM;AAAA,MACrB,UAAU;AAAA,MACV,WAAW;AAAA,MACX,gBAAgB;AAAA,IAClB,CAAC;AAAA,EACH;AAGA,QAAM,UAA+C;AAAA,IACnD,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C,MAAM,KAAK,UAAU;AAAA,MACnB,YAAY;AAAA,MACZ,OAAO;AAAA,MACP;AAAA,MACA,WAAW;AAAA,MACX,eAAe,QAAQ,IAAI;AAAA,IAC7B,CAAC;AAAA,EACH;AAEA,MAAI;AACF,UAAM,WAAW,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,IACF;AACA,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,QAAI,OAAO,KAAK,iBAAiB,UAAU;AACzC,aAAO,KAAK;AAAA,IACd,OAAO;AAGL,YAAM,MAAM,yBAAyB;AAAA,IACvC;AAAA,EACF,SAAS,KAAU;AACjB,eAAW,yBAAyB,GAAG,EAAE;AACzC,QAAI,IAAI,UAAU;AAChB,eAAS,YAAY,IAAI,GAAG,KAAK,UAAU,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;AAAA,IAClE;AACA,WAAO,MAAM,IAAI,MAAM;AAAA,MACrB,UAAU;AAAA,MACV,WAAW;AAAA,MACX,cAAc;AAAA,MACd,gBAAgB;AAAA,IAClB,CAAC;AAAA,EACH;AACF;AAEA,sBAAsB,aACpB,KACA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,MAAAA;AAAA,EACA;AAAA,EACA;AAAA,EACA,YAAY;AAAA,EACZ;AAAA,EACA;AAAA,EACA;AACF,IAgBI,CAAC,GACL;AACA,cAAY,aAAa;AAIzB,MAAI,aAAa,sBAAsB;AACvC,MAAI,CAAC,cAAc,QAAQ,aAAa,UAAU;AAChD,QAAI;AACF,mBAAa,SAAS,2BAA2B,EAAE,SAAS,EAAE,KAAK;AAAA,IACrE,QAAQ;AAAA,IAER;AAAA,EACF;AACA,MAAI,CAAC,YAAY;AACf,iBAAa,SAAS;AAAA,EACxB;AACA,MAAI,CAAC,oBAAoB;AACvB;AAAA,MACE,YAAY;AAAA,QACV;AAAA,MACF;AAAA,IACF;AACA,iBAAa,MAAM,aAAa,KAAK;AAAA,MACnC,SAAS;AAAA,MACT,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,QAAM,SAAS,mBAAmB;AAClC,MAAI;AACJ,MAAI;AAEJ,MAAI,cAAc,WAAY,cAAc,UAAU,eAAe,GAAI;AACvE,kBAAc,MAAM,aAAa,KAAK;AAAA,MACpC,SACE;AAAA,IACJ,CAAC;AAAA,EACH,OAAO;AACL,QAAI;AACF,mBAAa,MAAM,OAAO,SAAS,MAAM;AAAA,IAC3C,QAAQ;AAGN,oBAAc,MAAM,aAAa,KAAK;AAAA,QACpC,SACE;AAAA,MACJ,CAAC;AAAA,IACH;AAAA,EACF;AAGA,MAAI,YAAY;AACd,UAAM,WAAW,sBAAsB;AACvC,UAAM,aAAa,IAAI,WAAW,OAAO;AAAA,MACvC,WAAW;AAAA,MACX,4BAA4B;AAAA,MAC5B,8BAA8B;AAAA,IAChC,CAAC;AAED,QAAI,qBAAqB;AACvB,oBAAc;AAAA,IAChB,WAAW,wBAAwB,sBAAsB;AACvD,oBAAc,MAAM;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF,OAAO;AACL,oBAAc,MAAM;AAAA,QAClB;AAAA,QACA;AAAA,QACAA,SAAQ;AAAA,QACR;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,MAAI,iBAAiB;AACnB,cAAU,GAAG,WAAY,EAAE;AAC3B,WAAO,MAAM,IAAI,MAAM;AAAA,MACrB,UAAU;AAAA,MACV,WAAW;AAAA,MACX,gBAAgB;AAAA,IAClB,CAAC;AAAA,EACH;AAEA,QAAM,gBAA+B;AAAA,IACnC,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF;AACA,QAAM,OAAO,MAAM,YAAY;AAAA,IAC7B;AAAA,IACA,QAAQ;AAAA,IACR,MAAM;AAAA,IACN,MAAM;AAAA,EACR,CAAC;AACD,QAAM,eAAe,EAAE,aAAa,KAAK,YAAY;AACrD,MAAI;AACF,UAAM,mBAAmB,KAAK,YAAY;AAC1C,UAAM,OAAO,iBAAiB;AAC9B,oBAAgB,wBAAwB,sBAAsB,IAAI,CAAC,EAAE;AAAA,EACvE,SAAS,KAAc;AACrB,WAAO,MAAM,IAAI,MAAM;AAAA,MACrB,UAAU;AAAA,MACV,WAAW;AAAA,MACX,cAAc;AAAA,MACd,gBAAgB;AAAA,IAClB,CAAC;AAAA,EACH;AAEA,aAAW,mDAAmD;AAC9D,QAAM,6BAA6B,KAAK,KAAK,WAAW;AAExD,aAAW,iDAAiD,YAAY,EAAE;AAE1E,QAAM,iBAAiB,MAAM,OAAO,KAAK,gBAAgB,KAAK;AAC9D,MAAI,CAAC,gBAAgB;AACnB,WAAO,MAAM,IAAI,MAAM;AAAA,MACrB,UAAU;AAAA,MACV,WAAW;AAAA,MACX,gBAAgB;AAAA,IAClB,CAAC;AAAA,EACH;AAEA,MAAI,QAAQ;AACV,UAAM,sBAAsB,GAAG;AAAA,EACjC;AACF;AAaA,eAAe,sBAAsB,KAA6B;AAChE,QAAMC,SAAQ,cAAc,GAAG;AAC/B,MAAI;AACJ,MAAI;AACF,UAAM,MAAM,MAAMA;AAAA,MAChB,IAAI,IAAI,0BAA0B,GAAG,aAAa,GAAG;AAAA,IACvD;AACA,QAAI,CAAC,IAAI,IAAI;AACX;AAAA,QACE,mCAAmC,IAAI,MAAM;AAAA,MAC/C;AACA;AAAA,IACF;AACA,YAAQ,MAAM,IAAI,KAAK;AAAA,EACzB,SAAS,KAAK;AACZ,eAAW,2CAA2C,OAAO,GAAG,CAAC,EAAE;AACnE;AAAA,EACF;AACA,MAAI,MAAM,WAAW,EAAG;AAExB,aAAW,CAAC,OAAO,IAAI,KAAK,MAAM,QAAQ,GAAG;AAC3C,UAAM,cAAc,KAAK,SAAS,QAAQ,gBAAgB,EAAE;AAC5D,UAAM,UAAU,MAAM,SAAS,IAAI,IAAI,QAAQ,CAAC,IAAI,MAAM,MAAM,OAAO;AACvE,UAAM,QAAQ;AAAA,MACZ,YAAY,KAAK,GAAG,OAAO,+BAA+B,WAAW,EAAE,IACrE,KAAK,KAAK,QAAQ;AAAA,IACtB;AACA,QAAI,KAAK,eAAe;AACtB,YAAM,KAAK,YAAY,OAAO,KAAK,aAAa,CAAC;AAAA,IACnD;AACA,UAAM,KAAK,SAAS,WAAW,IAAI;AACnC,UAAM,OAAO,MAAM,YAAY,KAAK;AAAA,MAClC,SAAS,GAAG,MAAM,KAAK,IAAI,CAAC;AAAA,MAC5B,SAAS;AAAA,IACX,CAAC;AACD,QAAI,CAAC,KAAM;AACX,QAAI;AACF,YAAMA;AAAA,QACJ,IAAI;AAAA,UACF,0BAA0B,KAAK,MAAM;AAAA,UACrC,GAAG,aAAa;AAAA,QAClB;AAAA,QACA,EAAE,QAAQ,OAAO;AAAA,MACnB;AACA,sBAAgB,UAAU,WAAW,EAAE;AAAA,IACzC,SAAS,KAAK;AACZ,iBAAW,kBAAkB,WAAW,KAAK,OAAO,GAAG,CAAC,EAAE;AAAA,IAC5D;AAAA,EACF;AACF;AAeA,eAAe,OAAO,KAAc,cAAyC;AAC3E,QAAM,SAAS,IAAI,aAAa;AAChC,MAAI,WAAW,MAAM;AAEnB,WAAO;AAAA,EACT;AACA,UAAQ,OAAO,MAAM;AAAA,IACnB,KAAK;AACH;AAAA,IACF,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAEH,aAAO;AAAA,IACT,SAAS;AACP;AACA,aAAO,MAAM,IAAI,MAAM;AAAA,QACrB,UAAU;AAAA,QACV,WAAW;AAAA,QACX,cAAc,wBAAyB,OAAe,IAAI;AAAA,QAC1D,gBAAgB;AAAA,MAClB,CAAC;AAAA,IACH;AAAA,EACF;AACA,QAAM,OAAO,MAAM,YAAY;AAAA,IAC7B;AAAA,IACA,QAAQ;AAAA,IACR,MAAM;AAAA,EACR,CAAC;AACD,MAAI,KAAK,eAAe,WAAW,GAAG;AACpC,WAAO;AAAA,EACT;AACA,aAAW,iBAAiB,KAAK,gBAAgB;AAC/C,UAAM,YACJ,gBACC,MAAM,YAAY,KAAK;AAAA,MACtB,SAAS,cAAc;AAAA,IACzB,CAAC;AACH,QAAI,CAAC,WAAW;AACd,iBAAW,mDAAmD;AAC9D,aAAO,QAAQ,QAAQ,KAAK;AAAA,IAC9B;AAAA,EACF;AAEA,QAAM,iBAAiB,KAAK,eAAe,IAAI,CAAC,MAAqB,EAAE,KAAK;AAC5E,QAAM,OAAyB,EAAE,eAAe;AAChD,QAAM,YAAY;AAAA,IAChB;AAAA,IACA,QAAQ;AAAA,IACR,MAAM;AAAA,IACN,MAAM;AAAA,EACR,CAAC;AACD,SAAO;AACT;AAEA,sBAAsB,eACpB,KACA,SAOA;AACA,QAAM,aAAa,MAAM,mBAAmB,KAAK,KAAK;AACtD,MAAI,CAAC,YAAY;AACf,QAAI,SAAS,SAAS;AACpB,iBAAW,QAAQ,OAAO;AAAA,IAC5B;AACA,UAAM,aAAa,KAAK;AAAA,MACtB,cAAc;AAAA,MACd,iBAAiB,SAAS;AAAA,MAC1B,oBAAoB,SAAS;AAAA,MAC7B,sBAAsB,SAAS;AAAA,MAC/B,sBAAsB,SAAS;AAAA,IACjC,CAAC;AAAA,EACH;AACF;",
+  "names": ["open", "fetch"]
 }

package/dist/esm/cli/lib/usage.js

@@ -1,10 +1,10 @@
 "use strict";
 import { chalkStderr } from "chalk";
-import { logWarning } from "../../bundler/log.js";
+import { logVerbose, logWarning } from "../../bundler/log.js";
 import { teamDashboardUrl } from "./dashboard.js";
 import { fetchTeamAndProject } from "./api.js";
 import { isAnonymousDeployment } from "./deployment.js";
-import { bigBrainAPI } from "./utils/utils.js";
+import { bigBrainAPIMaybeThrows } from "./utils/utils.js";
 async function warn(ctx, options) {
   const { title, subtitle, teamSlug } = options;
   logWarning(chalkStderr.bold.yellow(title));
@@ -14,7 +14,7 @@ async function warn(ctx, options) {
   );
 }
 async function teamUsageState(ctx, teamId) {
-  const { usageState } = await bigBrainAPI({
+  const { usageState } = await bigBrainAPIMaybeThrows({
     ctx,
     method: "GET",
     path: "dashboard/teams/" + teamId + "/usage/team_usage_state"
@@ -22,7 +22,7 @@ async function teamUsageState(ctx, teamId) {
   return usageState;
 }
 async function teamSpendingLimitsState(ctx, teamId) {
-  const response = await bigBrainAPI({
+  const response = await bigBrainAPIMaybeThrows({
     ctx,
     method: "GET",
     path: "dashboard/teams/" + teamId + "/get_spending_limits"
@@ -35,10 +35,17 @@ export async function usageStateWarning(ctx, targetDeployment) {
     return;
   }
   const { teamId, team } = await fetchTeamAndProject(ctx, targetDeployment);
-  const [usageState, spendingLimitsState] = await Promise.all([
-    teamUsageState(ctx, teamId),
-    teamSpendingLimitsState(ctx, teamId)
-  ]);
+  let usageState;
+  let spendingLimitsState;
+  try {
+    [usageState, spendingLimitsState] = await Promise.all([
+      teamUsageState(ctx, teamId),
+      teamSpendingLimitsState(ctx, teamId)
+    ]);
+  } catch (err) {
+    logVerbose("Skipping usage state warning:", err);
+    return;
+  }
   if (spendingLimitsState === "Disabled") {
     await warn(ctx, {
       title: "Your projects are disabled because you exceeded your spending limit.",

package/dist/esm/cli/lib/usage.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../src/cli/lib/usage.ts"],
-  "sourcesContent": ["import { chalkStderr } from \"chalk\";\nimport { Context } from \"../../bundler/context.js\";\nimport { logWarning } from \"../../bundler/log.js\";\nimport { teamDashboardUrl } from \"./dashboard.js\";\nimport { fetchTeamAndProject } from \"./api.js\";\nimport { isAnonymousDeployment } from \"./deployment.js\";\nimport { bigBrainAPI } from \"./utils/utils.js\";\n\nasync function warn(\n  ctx: Context,\n  options: { title: string; subtitle: string; teamSlug: string },\n) {\n  const { title, subtitle, teamSlug } = options;\n  logWarning(chalkStderr.bold.yellow(title));\n  logWarning(chalkStderr.yellow(subtitle));\n  logWarning(\n    chalkStderr.yellow(`Visit ${teamDashboardUrl(teamSlug)} to learn more.`),\n  );\n}\n\nasync function teamUsageState(ctx: Context, teamId: number) {\n  const { usageState } = (await bigBrainAPI({\n    ctx,\n    method: \"GET\",\n    path: \"dashboard/teams/\" + teamId + \"/usage/team_usage_state\",\n  })) as {\n    usageState: \"Default\" | \"Approaching\" | \"Exceeded\" | \"Disabled\" | \"Paused\";\n  };\n\n  return usageState;\n}\n\nasync function teamSpendingLimitsState(ctx: Context, teamId: number) {\n  const response = (await bigBrainAPI({\n    ctx,\n    method: \"GET\",\n    path: \"dashboard/teams/\" + teamId + \"/get_spending_limits\",\n  })) as {\n    disableThresholdCents: number | null;\n    state: null | \"Running\" | \"Disabled\" | \"Warning\";\n  };\n\n  return response.state;\n}\n\nexport async function usageStateWarning(\n  ctx: Context,\n  targetDeployment: string,\n) {\n  // Skip the warning if the user doesn\u2019t have an auth token\n  // (which can happen for instance when using a deploy key)\n  const auth = ctx.bigBrainAuth();\n  if (\n    auth === null ||\n    auth.kind === \"projectKey\" ||\n    auth.kind === \"deploymentKey\" ||\n    process.env.CONVEX_AGENT_MODE === \"anonymous\" ||\n    isAnonymousDeployment(targetDeployment)\n  ) {\n    return;\n  }\n  const { teamId, team } = await fetchTeamAndProject(ctx, targetDeployment);\n\n  const [usageState, spendingLimitsState] = await Promise.all([\n    teamUsageState(ctx, teamId),\n    teamSpendingLimitsState(ctx, teamId),\n  ]);\n  if (spendingLimitsState === \"Disabled\") {\n    await warn(ctx, {\n      title:\n        \"Your projects are disabled because you exceeded your spending limit.\",\n      subtitle: \"Increase it from the dashboard to re-enable your projects.\",\n      teamSlug: team,\n    });\n  } else if (usageState === \"Approaching\") {\n    await warn(ctx, {\n      title: \"Your projects are approaching the Free plan limits.\",\n      subtitle: \"Consider upgrading to avoid service interruption.\",\n      teamSlug: team,\n    });\n  } else if (usageState === \"Exceeded\") {\n    await warn(ctx, {\n      title: \"Your projects are above the Free plan limits.\",\n      subtitle: \"Decrease your usage or upgrade to avoid service interruption.\",\n      teamSlug: team,\n    });\n  } else if (usageState === \"Disabled\") {\n    await warn(ctx, {\n      title:\n        \"Your projects are disabled because the team exceeded Free plan limits.\",\n      subtitle: \"Decrease your usage or upgrade to reenable your projects.\",\n      teamSlug: team,\n    });\n  } else if (usageState === \"Paused\") {\n    await warn(ctx, {\n      title:\n        \"Your projects are disabled because the team previously exceeded Free plan limits.\",\n      subtitle: \"Restore your projects by going to the dashboard.\",\n      teamSlug: team,\n    });\n  }\n}\n"],
-  "mappings": ";AAAA,SAAS,mBAAmB;AAE5B,SAAS,kBAAkB;AAC3B,SAAS,wBAAwB;AACjC,SAAS,2BAA2B;AACpC,SAAS,6BAA6B;AACtC,SAAS,mBAAmB;AAE5B,eAAe,KACb,KACA,SACA;AACA,QAAM,EAAE,OAAO,UAAU,SAAS,IAAI;AACtC,aAAW,YAAY,KAAK,OAAO,KAAK,CAAC;AACzC,aAAW,YAAY,OAAO,QAAQ,CAAC;AACvC;AAAA,IACE,YAAY,OAAO,SAAS,iBAAiB,QAAQ,CAAC,iBAAiB;AAAA,EACzE;AACF;AAEA,eAAe,eAAe,KAAc,QAAgB;AAC1D,QAAM,EAAE,WAAW,IAAK,MAAM,YAAY;AAAA,IACxC;AAAA,IACA,QAAQ;AAAA,IACR,MAAM,qBAAqB,SAAS;AAAA,EACtC,CAAC;AAID,SAAO;AACT;AAEA,eAAe,wBAAwB,KAAc,QAAgB;AACnE,QAAM,WAAY,MAAM,YAAY;AAAA,IAClC;AAAA,IACA,QAAQ;AAAA,IACR,MAAM,qBAAqB,SAAS;AAAA,EACtC,CAAC;AAKD,SAAO,SAAS;AAClB;AAEA,sBAAsB,kBACpB,KACA,kBACA;AAGA,QAAM,OAAO,IAAI,aAAa;AAC9B,MACE,SAAS,QACT,KAAK,SAAS,gBACd,KAAK,SAAS,mBACd,QAAQ,IAAI,sBAAsB,eAClC,sBAAsB,gBAAgB,GACtC;AACA;AAAA,EACF;AACA,QAAM,EAAE,QAAQ,KAAK,IAAI,MAAM,oBAAoB,KAAK,gBAAgB;AAExE,QAAM,CAAC,YAAY,mBAAmB,IAAI,MAAM,QAAQ,IAAI;AAAA,IAC1D,eAAe,KAAK,MAAM;AAAA,IAC1B,wBAAwB,KAAK,MAAM;AAAA,EACrC,CAAC;AACD,MAAI,wBAAwB,YAAY;AACtC,UAAM,KAAK,KAAK;AAAA,MACd,OACE;AAAA,MACF,UAAU;AAAA,MACV,UAAU;AAAA,IACZ,CAAC;AAAA,EACH,WAAW,eAAe,eAAe;AACvC,UAAM,KAAK,KAAK;AAAA,MACd,OAAO;AAAA,MACP,UAAU;AAAA,MACV,UAAU;AAAA,IACZ,CAAC;AAAA,EACH,WAAW,eAAe,YAAY;AACpC,UAAM,KAAK,KAAK;AAAA,MACd,OAAO;AAAA,MACP,UAAU;AAAA,MACV,UAAU;AAAA,IACZ,CAAC;AAAA,EACH,WAAW,eAAe,YAAY;AACpC,UAAM,KAAK,KAAK;AAAA,MACd,OACE;AAAA,MACF,UAAU;AAAA,MACV,UAAU;AAAA,IACZ,CAAC;AAAA,EACH,WAAW,eAAe,UAAU;AAClC,UAAM,KAAK,KAAK;AAAA,MACd,OACE;AAAA,MACF,UAAU;AAAA,MACV,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AACF;",
+  "sourcesContent": ["import { chalkStderr } from \"chalk\";\nimport { Context } from \"../../bundler/context.js\";\nimport { logVerbose, logWarning } from \"../../bundler/log.js\";\nimport { teamDashboardUrl } from \"./dashboard.js\";\nimport { fetchTeamAndProject } from \"./api.js\";\nimport { isAnonymousDeployment } from \"./deployment.js\";\nimport { bigBrainAPIMaybeThrows } from \"./utils/utils.js\";\n\nasync function warn(\n  ctx: Context,\n  options: { title: string; subtitle: string; teamSlug: string },\n) {\n  const { title, subtitle, teamSlug } = options;\n  logWarning(chalkStderr.bold.yellow(title));\n  logWarning(chalkStderr.yellow(subtitle));\n  logWarning(\n    chalkStderr.yellow(`Visit ${teamDashboardUrl(teamSlug)} to learn more.`),\n  );\n}\n\nasync function teamUsageState(ctx: Context, teamId: number) {\n  const { usageState } = (await bigBrainAPIMaybeThrows({\n    ctx,\n    method: \"GET\",\n    path: \"dashboard/teams/\" + teamId + \"/usage/team_usage_state\",\n  })) as {\n    usageState: \"Default\" | \"Approaching\" | \"Exceeded\" | \"Disabled\" | \"Paused\";\n  };\n\n  return usageState;\n}\n\nasync function teamSpendingLimitsState(ctx: Context, teamId: number) {\n  const response = (await bigBrainAPIMaybeThrows({\n    ctx,\n    method: \"GET\",\n    path: \"dashboard/teams/\" + teamId + \"/get_spending_limits\",\n  })) as {\n    disableThresholdCents: number | null;\n    state: null | \"Running\" | \"Disabled\" | \"Warning\";\n  };\n\n  return response.state;\n}\n\nexport async function usageStateWarning(\n  ctx: Context,\n  targetDeployment: string,\n) {\n  // Skip the warning if the user doesn\u2019t have an auth token\n  // (which can happen for instance when using a deploy key)\n  const auth = ctx.bigBrainAuth();\n  if (\n    auth === null ||\n    auth.kind === \"projectKey\" ||\n    auth.kind === \"deploymentKey\" ||\n    process.env.CONVEX_AGENT_MODE === \"anonymous\" ||\n    isAnonymousDeployment(targetDeployment)\n  ) {\n    return;\n  }\n\n  const { teamId, team } = await fetchTeamAndProject(ctx, targetDeployment);\n\n  let usageState: Awaited<ReturnType<typeof teamUsageState>>;\n  let spendingLimitsState: Awaited<ReturnType<typeof teamSpendingLimitsState>>;\n  try {\n    [usageState, spendingLimitsState] = await Promise.all([\n      teamUsageState(ctx, teamId),\n      teamSpendingLimitsState(ctx, teamId),\n    ]);\n  } catch (err) {\n    // Non-fatal: usage warnings are advisory, so don't block `convex dev`\n    // if these endpoints error.\n    logVerbose(\"Skipping usage state warning:\", err);\n    return;\n  }\n  if (spendingLimitsState === \"Disabled\") {\n    await warn(ctx, {\n      title:\n        \"Your projects are disabled because you exceeded your spending limit.\",\n      subtitle: \"Increase it from the dashboard to re-enable your projects.\",\n      teamSlug: team,\n    });\n  } else if (usageState === \"Approaching\") {\n    await warn(ctx, {\n      title: \"Your projects are approaching the Free plan limits.\",\n      subtitle: \"Consider upgrading to avoid service interruption.\",\n      teamSlug: team,\n    });\n  } else if (usageState === \"Exceeded\") {\n    await warn(ctx, {\n      title: \"Your projects are above the Free plan limits.\",\n      subtitle: \"Decrease your usage or upgrade to avoid service interruption.\",\n      teamSlug: team,\n    });\n  } else if (usageState === \"Disabled\") {\n    await warn(ctx, {\n      title:\n        \"Your projects are disabled because the team exceeded Free plan limits.\",\n      subtitle: \"Decrease your usage or upgrade to reenable your projects.\",\n      teamSlug: team,\n    });\n  } else if (usageState === \"Paused\") {\n    await warn(ctx, {\n      title:\n        \"Your projects are disabled because the team previously exceeded Free plan limits.\",\n      subtitle: \"Restore your projects by going to the dashboard.\",\n      teamSlug: team,\n    });\n  }\n}\n"],
+  "mappings": ";AAAA,SAAS,mBAAmB;AAE5B,SAAS,YAAY,kBAAkB;AACvC,SAAS,wBAAwB;AACjC,SAAS,2BAA2B;AACpC,SAAS,6BAA6B;AACtC,SAAS,8BAA8B;AAEvC,eAAe,KACb,KACA,SACA;AACA,QAAM,EAAE,OAAO,UAAU,SAAS,IAAI;AACtC,aAAW,YAAY,KAAK,OAAO,KAAK,CAAC;AACzC,aAAW,YAAY,OAAO,QAAQ,CAAC;AACvC;AAAA,IACE,YAAY,OAAO,SAAS,iBAAiB,QAAQ,CAAC,iBAAiB;AAAA,EACzE;AACF;AAEA,eAAe,eAAe,KAAc,QAAgB;AAC1D,QAAM,EAAE,WAAW,IAAK,MAAM,uBAAuB;AAAA,IACnD;AAAA,IACA,QAAQ;AAAA,IACR,MAAM,qBAAqB,SAAS;AAAA,EACtC,CAAC;AAID,SAAO;AACT;AAEA,eAAe,wBAAwB,KAAc,QAAgB;AACnE,QAAM,WAAY,MAAM,uBAAuB;AAAA,IAC7C;AAAA,IACA,QAAQ;AAAA,IACR,MAAM,qBAAqB,SAAS;AAAA,EACtC,CAAC;AAKD,SAAO,SAAS;AAClB;AAEA,sBAAsB,kBACpB,KACA,kBACA;AAGA,QAAM,OAAO,IAAI,aAAa;AAC9B,MACE,SAAS,QACT,KAAK,SAAS,gBACd,KAAK,SAAS,mBACd,QAAQ,IAAI,sBAAsB,eAClC,sBAAsB,gBAAgB,GACtC;AACA;AAAA,EACF;AAEA,QAAM,EAAE,QAAQ,KAAK,IAAI,MAAM,oBAAoB,KAAK,gBAAgB;AAExE,MAAI;AACJ,MAAI;AACJ,MAAI;AACF,KAAC,YAAY,mBAAmB,IAAI,MAAM,QAAQ,IAAI;AAAA,MACpD,eAAe,KAAK,MAAM;AAAA,MAC1B,wBAAwB,KAAK,MAAM;AAAA,IACrC,CAAC;AAAA,EACH,SAAS,KAAK;AAGZ,eAAW,iCAAiC,GAAG;AAC/C;AAAA,EACF;AACA,MAAI,wBAAwB,YAAY;AACtC,UAAM,KAAK,KAAK;AAAA,MACd,OACE;AAAA,MACF,UAAU;AAAA,MACV,UAAU;AAAA,IACZ,CAAC;AAAA,EACH,WAAW,eAAe,eAAe;AACvC,UAAM,KAAK,KAAK;AAAA,MACd,OAAO;AAAA,MACP,UAAU;AAAA,MACV,UAAU;AAAA,IACZ,CAAC;AAAA,EACH,WAAW,eAAe,YAAY;AACpC,UAAM,KAAK,KAAK;AAAA,MACd,OAAO;AAAA,MACP,UAAU;AAAA,MACV,UAAU;AAAA,IACZ,CAAC;AAAA,EACH,WAAW,eAAe,YAAY;AACpC,UAAM,KAAK,KAAK;AAAA,MACd,OACE;AAAA,MACF,UAAU;AAAA,MACV,UAAU;AAAA,IACZ,CAAC;AAAA,EACH,WAAW,eAAe,UAAU;AAClC,UAAM,KAAK,KAAK;AAAA,MACd,OACE;AAAA,MACF,UAAU;AAAA,MACV,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AACF;",
   "names": []
 }

package/dist/esm/cli/lib/workos/environmentApi.js

@@ -12,13 +12,10 @@ export async function createRedirectURI(ctx, apiKey, uri) {
     }
   );
   if (!response.ok) {
-    if (response.status === 422) {
-      const errorText2 = await response.text();
-      if (errorText2.includes("already exists")) {
-        return { modified: false };
-      }
-    }
     const errorText = await response.text();
+    if (response.status === 422 && errorText.includes("already exists")) {
+      return { modified: false };
+    }
     return await ctx.crash({
       exitCode: 1,
       errorType: "fatal",
@@ -65,13 +62,10 @@ export async function createCORSOrigin(ctx, apiKey, origin) {
     }
   );
   if (!response.ok) {
-    if (response.status === 409) {
-      const errorText2 = await response.text();
-      if (errorText2.includes("duplicate_cors_origin") || errorText2.includes("already exists")) {
-        return { modified: false };
-      }
-    }
     const errorText = await response.text();
+    if (response.status === 409 && (errorText.includes("duplicate_cors_origin") || errorText.includes("already exists"))) {
+      return { modified: false };
+    }
     return await ctx.crash({
       exitCode: 1,
       errorType: "fatal",

package/dist/esm/cli/lib/workos/environmentApi.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/cli/lib/workos/environmentApi.ts"],
-  "sourcesContent": ["import { Context } from \"../../../bundler/context.js\";\n\nexport interface RedirectUriResponse {\n  object: \"redirect_uri\";\n  id: string;\n  uri: string;\n  default: boolean;\n  created_at: string;\n  updated_at: string;\n}\n\nexport interface CorsOriginResponse {\n  object: \"cors_origin\";\n  id: string;\n  origin: string;\n  created_at: string;\n  updated_at: string;\n}\n\nexport async function createRedirectURI(\n  ctx: Context,\n  apiKey: string,\n  uri: string,\n): Promise<{ modified: boolean }> {\n  const response = await fetch(\n    \"https://api.workos.com/user_management/redirect_uris\",\n    {\n      method: \"POST\",\n      headers: {\n        \"Content-Type\": \"application/json\",\n        Authorization: `Bearer ${apiKey}`,\n      },\n      body: JSON.stringify({ uri }),\n    },\n  );\n\n  if (!response.ok) {\n    if (response.status === 422) {\n      const errorText = await response.text();\n      if (errorText.includes(\"already exists\")) {\n        // This redirect URI already exists.\n        return { modified: false };\n      }\n    }\n\n    const errorText = await response.text();\n    return await ctx.crash({\n      exitCode: 1,\n      errorType: \"fatal\",\n      printedMessage: `Failed to create redirect URI: ${response.status} ${errorText}`,\n    });\n  }\n\n  return { modified: true };\n}\n\nexport async function updateAppHomepageUrl(\n  ctx: Context,\n  apiKey: string,\n  url: string,\n): Promise<{ modified: boolean; previousUrl?: string }> {\n  const response = await fetch(\n    \"https://api.workos.com/user_management/app_homepage_url\",\n    {\n      method: \"PUT\",\n      headers: {\n        \"Content-Type\": \"application/json\",\n        Authorization: `Bearer ${apiKey}`,\n      },\n      body: JSON.stringify({ url }),\n    },\n  );\n\n  if (!response.ok) {\n    const errorText = await response.text();\n\n    if (response.status === 422) {\n      // Validation error - likely localhost URL or other invalid format\n      // Don't crash, just return that we couldn't modify it\n      return { modified: false };\n    }\n\n    return await ctx.crash({\n      exitCode: 1,\n      errorType: \"fatal\",\n      printedMessage: `Failed to update app homepage URL: ${response.status} ${errorText}`,\n    });\n  }\n\n  // Always returns modified: true since PUT always updates (or sets the same value)\n  return { modified: true };\n}\n\nexport async function createCORSOrigin(\n  ctx: Context,\n  apiKey: string,\n  origin: string,\n): Promise<{ modified: boolean }> {\n  const response = await fetch(\n    \"https://api.workos.com/user_management/cors_origins\",\n    {\n      method: \"POST\",\n      headers: {\n        \"Content-Type\": \"application/json\",\n        Authorization: `Bearer ${apiKey}`,\n      },\n      body: JSON.stringify({ origin }),\n    },\n  );\n\n  if (!response.ok) {\n    if (response.status === 409) {\n      const errorText = await response.text();\n      if (\n        errorText.includes(\"duplicate_cors_origin\") ||\n        errorText.includes(\"already exists\")\n      ) {\n        // This CORS origin already exists.\n        return { modified: false };\n      }\n    }\n\n    const errorText = await response.text();\n    return await ctx.crash({\n      exitCode: 1,\n      errorType: \"fatal\",\n      printedMessage: `Failed to create CORS origin: ${response.status} ${errorText}`,\n    });\n  }\n  return { modified: true };\n}\n"],
-  "mappings": ";AAmBA,sBAAsB,kBACpB,KACA,QACA,KACgC;AAChC,QAAM,WAAW,MAAM;AAAA,IACrB;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,eAAe,UAAU,MAAM;AAAA,MACjC;AAAA,MACA,MAAM,KAAK,UAAU,EAAE,IAAI,CAAC;AAAA,IAC9B;AAAA,EACF;AAEA,MAAI,CAAC,SAAS,IAAI;AAChB,QAAI,SAAS,WAAW,KAAK;AAC3B,YAAMA,aAAY,MAAM,SAAS,KAAK;AACtC,UAAIA,WAAU,SAAS,gBAAgB,GAAG;AAExC,eAAO,EAAE,UAAU,MAAM;AAAA,MAC3B;AAAA,IACF;AAEA,UAAM,YAAY,MAAM,SAAS,KAAK;AACtC,WAAO,MAAM,IAAI,MAAM;AAAA,MACrB,UAAU;AAAA,MACV,WAAW;AAAA,MACX,gBAAgB,kCAAkC,SAAS,MAAM,IAAI,SAAS;AAAA,IAChF,CAAC;AAAA,EACH;AAEA,SAAO,EAAE,UAAU,KAAK;AAC1B;AAEA,sBAAsB,qBACpB,KACA,QACA,KACsD;AACtD,QAAM,WAAW,MAAM;AAAA,IACrB;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,eAAe,UAAU,MAAM;AAAA,MACjC;AAAA,MACA,MAAM,KAAK,UAAU,EAAE,IAAI,CAAC;AAAA,IAC9B;AAAA,EACF;AAEA,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,YAAY,MAAM,SAAS,KAAK;AAEtC,QAAI,SAAS,WAAW,KAAK;AAG3B,aAAO,EAAE,UAAU,MAAM;AAAA,IAC3B;AAEA,WAAO,MAAM,IAAI,MAAM;AAAA,MACrB,UAAU;AAAA,MACV,WAAW;AAAA,MACX,gBAAgB,sCAAsC,SAAS,MAAM,IAAI,SAAS;AAAA,IACpF,CAAC;AAAA,EACH;AAGA,SAAO,EAAE,UAAU,KAAK;AAC1B;AAEA,sBAAsB,iBACpB,KACA,QACA,QACgC;AAChC,QAAM,WAAW,MAAM;AAAA,IACrB;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,eAAe,UAAU,MAAM;AAAA,MACjC;AAAA,MACA,MAAM,KAAK,UAAU,EAAE,OAAO,CAAC;AAAA,IACjC;AAAA,EACF;AAEA,MAAI,CAAC,SAAS,IAAI;AAChB,QAAI,SAAS,WAAW,KAAK;AAC3B,YAAMA,aAAY,MAAM,SAAS,KAAK;AACtC,UACEA,WAAU,SAAS,uBAAuB,KAC1CA,WAAU,SAAS,gBAAgB,GACnC;AAEA,eAAO,EAAE,UAAU,MAAM;AAAA,MAC3B;AAAA,IACF;AAEA,UAAM,YAAY,MAAM,SAAS,KAAK;AACtC,WAAO,MAAM,IAAI,MAAM;AAAA,MACrB,UAAU;AAAA,MACV,WAAW;AAAA,MACX,gBAAgB,iCAAiC,SAAS,MAAM,IAAI,SAAS;AAAA,IAC/E,CAAC;AAAA,EACH;AACA,SAAO,EAAE,UAAU,KAAK;AAC1B;",
-  "names": ["errorText"]
+  "sourcesContent": ["import { Context } from \"../../../bundler/context.js\";\n\nexport interface RedirectUriResponse {\n  object: \"redirect_uri\";\n  id: string;\n  uri: string;\n  default: boolean;\n  created_at: string;\n  updated_at: string;\n}\n\nexport interface CorsOriginResponse {\n  object: \"cors_origin\";\n  id: string;\n  origin: string;\n  created_at: string;\n  updated_at: string;\n}\n\nexport async function createRedirectURI(\n  ctx: Context,\n  apiKey: string,\n  uri: string,\n): Promise<{ modified: boolean }> {\n  const response = await fetch(\n    \"https://api.workos.com/user_management/redirect_uris\",\n    {\n      method: \"POST\",\n      headers: {\n        \"Content-Type\": \"application/json\",\n        Authorization: `Bearer ${apiKey}`,\n      },\n      body: JSON.stringify({ uri }),\n    },\n  );\n\n  if (!response.ok) {\n    const errorText = await response.text();\n    if (response.status === 422 && errorText.includes(\"already exists\")) {\n      // This redirect URI already exists.\n      return { modified: false };\n    }\n    return await ctx.crash({\n      exitCode: 1,\n      errorType: \"fatal\",\n      printedMessage: `Failed to create redirect URI: ${response.status} ${errorText}`,\n    });\n  }\n\n  return { modified: true };\n}\n\nexport async function updateAppHomepageUrl(\n  ctx: Context,\n  apiKey: string,\n  url: string,\n): Promise<{ modified: boolean; previousUrl?: string }> {\n  const response = await fetch(\n    \"https://api.workos.com/user_management/app_homepage_url\",\n    {\n      method: \"PUT\",\n      headers: {\n        \"Content-Type\": \"application/json\",\n        Authorization: `Bearer ${apiKey}`,\n      },\n      body: JSON.stringify({ url }),\n    },\n  );\n\n  if (!response.ok) {\n    const errorText = await response.text();\n\n    if (response.status === 422) {\n      // Validation error - likely localhost URL or other invalid format\n      // Don't crash, just return that we couldn't modify it\n      return { modified: false };\n    }\n\n    return await ctx.crash({\n      exitCode: 1,\n      errorType: \"fatal\",\n      printedMessage: `Failed to update app homepage URL: ${response.status} ${errorText}`,\n    });\n  }\n\n  // Always returns modified: true since PUT always updates (or sets the same value)\n  return { modified: true };\n}\n\nexport async function createCORSOrigin(\n  ctx: Context,\n  apiKey: string,\n  origin: string,\n): Promise<{ modified: boolean }> {\n  const response = await fetch(\n    \"https://api.workos.com/user_management/cors_origins\",\n    {\n      method: \"POST\",\n      headers: {\n        \"Content-Type\": \"application/json\",\n        Authorization: `Bearer ${apiKey}`,\n      },\n      body: JSON.stringify({ origin }),\n    },\n  );\n\n  if (!response.ok) {\n    const errorText = await response.text();\n    if (\n      response.status === 409 &&\n      (errorText.includes(\"duplicate_cors_origin\") ||\n        errorText.includes(\"already exists\"))\n    ) {\n      // This CORS origin already exists.\n      return { modified: false };\n    }\n    return await ctx.crash({\n      exitCode: 1,\n      errorType: \"fatal\",\n      printedMessage: `Failed to create CORS origin: ${response.status} ${errorText}`,\n    });\n  }\n  return { modified: true };\n}\n"],
+  "mappings": ";AAmBA,sBAAsB,kBACpB,KACA,QACA,KACgC;AAChC,QAAM,WAAW,MAAM;AAAA,IACrB;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,eAAe,UAAU,MAAM;AAAA,MACjC;AAAA,MACA,MAAM,KAAK,UAAU,EAAE,IAAI,CAAC;AAAA,IAC9B;AAAA,EACF;AAEA,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,YAAY,MAAM,SAAS,KAAK;AACtC,QAAI,SAAS,WAAW,OAAO,UAAU,SAAS,gBAAgB,GAAG;AAEnE,aAAO,EAAE,UAAU,MAAM;AAAA,IAC3B;AACA,WAAO,MAAM,IAAI,MAAM;AAAA,MACrB,UAAU;AAAA,MACV,WAAW;AAAA,MACX,gBAAgB,kCAAkC,SAAS,MAAM,IAAI,SAAS;AAAA,IAChF,CAAC;AAAA,EACH;AAEA,SAAO,EAAE,UAAU,KAAK;AAC1B;AAEA,sBAAsB,qBACpB,KACA,QACA,KACsD;AACtD,QAAM,WAAW,MAAM;AAAA,IACrB;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,eAAe,UAAU,MAAM;AAAA,MACjC;AAAA,MACA,MAAM,KAAK,UAAU,EAAE,IAAI,CAAC;AAAA,IAC9B;AAAA,EACF;AAEA,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,YAAY,MAAM,SAAS,KAAK;AAEtC,QAAI,SAAS,WAAW,KAAK;AAG3B,aAAO,EAAE,UAAU,MAAM;AAAA,IAC3B;AAEA,WAAO,MAAM,IAAI,MAAM;AAAA,MACrB,UAAU;AAAA,MACV,WAAW;AAAA,MACX,gBAAgB,sCAAsC,SAAS,MAAM,IAAI,SAAS;AAAA,IACpF,CAAC;AAAA,EACH;AAGA,SAAO,EAAE,UAAU,KAAK;AAC1B;AAEA,sBAAsB,iBACpB,KACA,QACA,QACgC;AAChC,QAAM,WAAW,MAAM;AAAA,IACrB;AAAA,IACA;AAAA,MACE,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,eAAe,UAAU,MAAM;AAAA,MACjC;AAAA,MACA,MAAM,KAAK,UAAU,EAAE,OAAO,CAAC;AAAA,IACjC;AAAA,EACF;AAEA,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,YAAY,MAAM,SAAS,KAAK;AACtC,QACE,SAAS,WAAW,QACnB,UAAU,SAAS,uBAAuB,KACzC,UAAU,SAAS,gBAAgB,IACrC;AAEA,aAAO,EAAE,UAAU,MAAM;AAAA,IAC3B;AACA,WAAO,MAAM,IAAI,MAAM;AAAA,MACrB,UAAU;AAAA,MACV,WAAW;AAAA,MACX,gBAAgB,iCAAiC,SAAS,MAAM,IAAI,SAAS;AAAA,IAC/E,CAAC;AAAA,EACH;AACA,SAAO,EAAE,UAAU,KAAK;AAC1B;",
+  "names": []
 }

package/dist/esm/index.js

@@ -1,3 +1,3 @@
 "use strict";
-export const version = "1.36.0";
+export const version = "1.37.0";
 //# sourceMappingURL=index.js.map

package/dist/esm/index.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/index.ts"],
-  "sourcesContent": ["export const version = \"1.36.0\";\n"],
+  "sourcesContent": ["export const version = \"1.37.0\";\n"],
   "mappings": ";AAAO,aAAM,UAAU;",
   "names": []
 }

package/dist/esm/react/client.js

@@ -445,26 +445,33 @@ export const ConvexProvider = ({ client, children }) => {
     children
   );
 };
-export function useQuery(queryOrOptions, ...args) {
-  const isObjectOptions = typeof queryOrOptions === "object" && queryOrOptions !== null && "query" in queryOrOptions;
-  const throwOnError = isObjectOptions ? queryOrOptions.throwOnError ?? false : true;
-  let queryReference;
-  let argsObject = {};
-  if (isObjectOptions) {
-    const query = queryOrOptions.query;
-    queryReference = typeof query === "string" ? makeFunctionReference(query) : query;
-    if (queryOrOptions.args !== "skip") {
-      argsObject = parseArgs(queryOrOptions.args);
-    }
-  } else {
-    const query = queryOrOptions;
-    queryReference = typeof query === "string" ? makeFunctionReference(query) : query;
-    argsObject = args[0] === "skip" ? {} : parseArgs(args[0]);
+export function useQuery(query, ...args) {
+  const skip = args[0] === "skip";
+  const argsObject = args[0] === "skip" ? {} : parseArgs(args[0]);
+  const queryReference = typeof query === "string" ? makeFunctionReference(query) : query;
+  const queryName = getFunctionName(queryReference);
+  const queries = useMemo(
+    () => skip ? {} : { query: { query: queryReference, args: argsObject } },
+    // Stringify args so args that are semantically the same don't trigger a
+    // rerender. Saves developers from adding `useMemo` on every args usage.
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+    [JSON.stringify(convexToJson(argsObject)), queryName, skip]
+  );
+  const results = useQueries(queries);
+  const result = results["query"];
+  if (result instanceof Error) {
+    throw result;
   }
-  const queryName = queryReference ? getFunctionName(queryReference) : void 0;
-  const skip = isObjectOptions && queryOrOptions.args === "skip" || !isObjectOptions && args[0] === "skip";
+  return result;
+}
+export function useQuery_experimental(options) {
+  const throwOnError = options.throwOnError ?? false;
+  const queryReference = typeof options.query === "string" ? makeFunctionReference(options.query) : options.query;
+  const skip = options.args === "skip";
+  const argsObject = !skip ? parseArgs(options.args) : {};
+  const queryName = getFunctionName(queryReference);
   const queries = useMemo(
-    () => skip || !queryReference ? {} : { query: { query: queryReference, args: argsObject } },
+    () => skip ? {} : { query: { query: queryReference, args: argsObject } },
     // Stringify args so args that are semantically the same don't trigger a
     // rerender. Saves developers from adding `useMemo` on every args usage.
     // eslint-disable-next-line react-hooks/exhaustive-deps
@@ -472,34 +479,24 @@ export function useQuery(queryOrOptions, ...args) {
   );
   const results = useQueries(queries);
   const result = results["query"];
-  if (isObjectOptions) {
-    if (result instanceof Error) {
-      if (throwOnError) {
-        throw result;
-      }
-      return {
-        data: void 0,
-        error: result,
-        status: "error"
-      };
-    }
-    if (result === void 0) {
-      return {
-        data: void 0,
-        error: void 0,
-        status: "pending"
-      };
+  if (result instanceof Error) {
+    if (throwOnError) {
+      throw result;
     }
     return {
-      data: result,
-      error: void 0,
-      status: "success"
+      error: result,
+      status: "error"
     };
   }
-  if (result instanceof Error) {
-    throw result;
+  if (result === void 0) {
+    return {
+      status: "pending"
+    };
   }
-  return result;
+  return {
+    data: result,
+    status: "success"
+  };
 }
 export function useMutation(mutation) {
   const mutationReference = typeof mutation === "string" ? makeFunctionReference(mutation) : mutation;