create-svc 0.1.5 → 0.1.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-svc",
-  "version": "0.1.5",
+  "version": "0.1.7",
   "description": "Bun-authored CLI to scaffold Go Cloud Run services with Chi, ConnectRPC, Vault, and Cloudflare examples.",
   "module": "index.ts",
   "type": "module",

package/src/cli.ts

@@ -1,4 +1,5 @@
 import {
+  autocomplete,
   cancel,
   confirm,
   intro,
@@ -20,15 +21,18 @@ import {
   BILLING_ACCOUNT_DEFAULT,
   FRAMEWORKS_BY_RUNTIME,
   QUOTA_PROJECT_DEFAULT,
-  buildCreateProjectLabel,
-  buildGcpProjectOptions,
   deriveDefaults,
   slugify,
   type Framework,
   type GcpProjectMode,
   type Runtime,
 } from "./naming";
-import { scaffoldProject, type ScaffoldConfig } from "./scaffold";
+import {
+  DirectoryConflictError,
+  assertTargetDirectoryIsEmpty,
+  scaffoldProject,
+  type ScaffoldConfig,
+} from "./scaffold";
 
 type ParsedArgs = {
   directory?: string;
@@ -57,55 +61,59 @@ type DiscoveryState = {
 const DEFAULT_REGION = "us-west1";
 
 export async function run(argv: string[]) {
-  const args = parseArgs(argv);
-  if (args.help) {
-    printHelp();
-    return;
-  }
+  try {
+    const args = parseArgs(argv);
+    if (args.help) {
+      printHelp();
+      return;
+    }
+
+    intro(`${pc.bold("create-svc")} ${pc.dim("Cloud Run scaffold")}`);
+
+    const config = await resolveConfig(args);
+    const targetDir = resolve(process.cwd(), config.directory);
 
-  intro(`${pc.bold("create-svc")} ${pc.dim("Cloud Run scaffold")}`);
-
-  const config = await resolveConfig(args);
-  const targetDir = resolve(process.cwd(), config.directory);
-
-  note(
-    [
-      `${pc.bold("Output")}: ${targetDir}`,
-      `${pc.bold("Runtime")}: ${config.runtime} + ${config.framework}`,
-      `${pc.bold("Project")}: ${config.gcpProjectMode === "create_new" ? "create" : "use"} ${config.gcpProjectName} (${config.gcpProject})`,
-      `${pc.bold("GitHub")}: ${config.githubRepo}`,
-      `${pc.bold("Neon")}: ${config.neonProjectId || "(set later)"} / ${config.neonBaseBranchName || "(set later)"}`,
-    ].join("\n"),
-    "Scaffold"
-  );
-
-  const buildSpinner = spinner();
-  buildSpinner.start("Generating project files");
-  await scaffoldProject(config);
-  buildSpinner.stop("Project files generated");
-
-  const shouldRunPostScaffoldFlow = Boolean(process.stdout.isTTY && process.stdin.isTTY && (config.createGithubRepo || config.autoDeploy));
-  if (shouldRunPostScaffoldFlow) {
-    const automationSpinner = spinner();
-    automationSpinner.start("Running post-scaffold automation");
-    try {
-      const result = await runPostScaffoldFlow(config, targetDir);
-      automationSpinner.stop(result.message);
-    } catch (error) {
-      automationSpinner.stop("Post-scaffold automation skipped");
-      log.warn(error instanceof Error ? error.message : String(error));
+    note(
+      [
+        `${pc.bold("Output")}: ${targetDir}`,
+        `${pc.bold("Runtime")}: ${config.runtime} + ${config.framework}`,
+        `${pc.bold("Project")}: ${config.gcpProjectMode === "create_new" ? "create" : "use"} ${config.gcpProjectName} (${config.gcpProject})`,
+        `${pc.bold("GitHub")}: ${config.githubRepo}`,
+        `${pc.bold("Neon")}: ${config.neonProjectId || "(set later)"} / ${config.neonBaseBranchName || "(set later)"}`,
+      ].join("\n"),
+      "Scaffold"
+    );
+
+    const buildSpinner = spinner();
+    buildSpinner.start("Generating project files");
+    await scaffoldProject(config);
+    buildSpinner.stop("Project files generated");
+
+    const shouldRunPostScaffoldFlow = Boolean(process.stdout.isTTY && process.stdin.isTTY && (config.createGithubRepo || config.autoDeploy));
+    if (shouldRunPostScaffoldFlow) {
+      const automationSpinner = spinner();
+      automationSpinner.start("Running post-scaffold automation");
+      try {
+        const result = await runPostScaffoldFlow(config, targetDir);
+        automationSpinner.stop(result.message);
+      } catch (error) {
+        automationSpinner.stop("Post-scaffold automation skipped");
+        log.warn(error instanceof Error ? error.message : String(error));
+      }
     }
-  }
 
-  outro(
-    [
-      `Next: ${pc.cyan(`cd ${config.directory}`)}`,
-      `Local dev: ${pc.cyan("bun dev")}`,
-      `Bootstrap: ${pc.cyan("bun run bootstrap")}`,
-      `Deploy: ${pc.cyan("bun run deploy")}`,
-      `Personal env: ${pc.cyan(`bun run deploy -- --environment personal --name ${config.serviceName}`)}`,
-    ].join("\n")
-  );
+    outro(
+      [
+        `Next: ${pc.cyan(`cd ${config.directory}`)}`,
+        `Local dev: ${pc.cyan("bun dev")}`,
+        `Bootstrap: ${pc.cyan("bun run bootstrap")}`,
+        `Deploy: ${pc.cyan("bun run deploy")}`,
+        `Personal env: ${pc.cyan(`bun run deploy -- --environment personal --name ${config.serviceName}`)}`,
+      ].join("\n")
+    );
+  } catch (error) {
+    handleCliError(error);
+  }
 }
 
 function parseArgs(argv: string[]): ParsedArgs {
@@ -247,20 +255,23 @@ function parseArgs(argv: string[]): ParsedArgs {
 
 export async function resolveConfig(args: ParsedArgs): Promise<ScaffoldConfig> {
   const inferredName = slugify(basename(args.directory ?? "my-service"));
+  const discoveryPromise = discoverCloudInputs();
   const serviceName = args.yes
     ? inferredName
     : await promptText("Service name", inferredName, (value) => slugify(value).length > 0 || "Service name is required");
+  const directory = args.directory ?? serviceName;
+  const targetDir = resolve(process.cwd(), directory);
+  await assertTargetDirectoryIsEmpty(targetDir);
 
   const defaults = deriveDefaults(serviceName);
-  const discovery = await discoverCloudInputs(serviceName);
   const runtime = await resolveRuntime(args);
   const framework = await resolveFramework(args, runtime);
+  const discovery = await discoveryPromise;
   const gcpSelection = await resolveGcpSelection(args, defaults, discovery);
   const githubRepo = args.githubRepo ?? defaults.githubRepo;
   const region = args.region ?? DEFAULT_REGION;
   const billingAccount = chooseBillingAccount(args.billingAccount, discovery.billingAccounts);
   const autoDeploy = resolveAutoDeploy(args.autoDeploy);
-  const directory = args.directory ?? serviceName;
 
   if (!args.yes) {
     const okay = await confirm({
@@ -408,7 +419,8 @@ async function resolveGcpSelection(
       {
         value: "use_existing",
         label: "Use existing project...",
-        hint: `${discovery.projects.length} available`,
+        hint: discovery.projects.length > 0 ? `${discovery.projects.length} available` : "Unavailable",
+        disabled: discovery.projects.length === 0,
       },
     ],
   });
@@ -450,7 +462,7 @@ async function resolveGcpSelection(
   };
 }
 
-async function discoverCloudInputs(serviceName: string): Promise<DiscoveryState> {
+async function discoverCloudInputs(): Promise<DiscoveryState> {
   const result: DiscoveryState = {
     projects: [],
     billingAccounts: [],
@@ -470,7 +482,7 @@ async function discoverCloudInputs(serviceName: string): Promise<DiscoveryState>
   }
 
   try {
-    const neonDefaults = await discoverNeonDefaults(serviceName);
+    const neonDefaults = await discoverNeonDefaults();
     result.neonProjectId = neonDefaults.projectId;
     result.neonBaseBranchId = neonDefaults.baseBranchId;
     result.neonBaseBranchName = neonDefaults.baseBranchName;
@@ -524,73 +536,65 @@ function formatError(error: unknown) {
   return error instanceof Error ? error.message : String(error);
 }
 
-async function promptForExistingProject(projects: GcpProject[]) {
-  const pageSize = 10;
-  let page = 0;
-
-  while (true) {
-    const totalPages = Math.max(1, Math.ceil(projects.length / pageSize));
-    const pageProjects = projects.slice(page * pageSize, (page + 1) * pageSize);
-
-    const value = await select({
-      message: `Existing GCP project (${page + 1}/${totalPages})`,
-      options: [
-        {
-          value: "__back__",
-          label: "Back",
-        },
-        ...pageProjects.map((project) => ({
-          value: project.projectId,
-          label: project.name,
-          hint: project.projectId,
-        })),
-        ...(page > 0
-          ? [
-              {
-                value: "__previous__",
-                label: "Previous page",
-              },
-            ]
-          : []),
-        ...(page < totalPages - 1
-          ? [
-              {
-                value: "__next__",
-                label: "Next page",
-              },
-            ]
-          : []),
-      ],
-    });
+function handleCliError(error: unknown) {
+  if (error instanceof DirectoryConflictError) {
+    log.error(`The directory ${error.targetDir} contains files that could conflict.`);
+    note(formatConflictEntries(error.entries), "Conflicting files");
+    log.message("Either try using a new directory name, or remove the files listed above.");
+    process.exit(1);
+  }
 
-    if (isCancel(value)) {
-      cancel("Aborted");
-      process.exit(1);
-    }
+  log.error(formatError(error));
+  process.exit(1);
+}
 
-    if (value === "__previous__") {
-      page -= 1;
-      continue;
-    }
+function formatConflictEntries(entries: string[]) {
+  const visibleEntries = entries.slice(0, 12);
+  const lines = visibleEntries.map((entry) => `- ${entry}`);
+  if (entries.length > visibleEntries.length) {
+    lines.push(`- ...and ${entries.length - visibleEntries.length} more`);
+  }
+  return lines.join("\n");
+}
 
-    if (value === "__back__") {
-      return undefined;
-    }
+async function promptForExistingProject(projects: GcpProject[]) {
+  const value = await autocomplete({
+    message: "Existing GCP project",
+    placeholder: "Search by project name or id",
+    maxItems: 10,
+    options: [
+      {
+        value: "__back__",
+        label: "Back",
+        hint: "Return to project mode",
+      },
+      ...projects.map((project) => ({
+        value: project.projectId,
+        label: project.name,
+        hint: project.projectId,
+      })),
+    ],
+  });
 
-    if (value === "__next__") {
-      page += 1;
-      continue;
-    }
+  if (isCancel(value)) {
+    cancel("Aborted");
+    process.exit(1);
+  }
 
-    const project = projects.find((candidate) => candidate.projectId === value);
-    if (project) {
-      return {
-        mode: "use_existing" as const,
-        projectId: project.projectId,
-        projectName: project.name,
-      };
-    }
+  if (value === "__back__") {
+    return undefined;
   }
+
+  const project = projects.find((candidate) => candidate.projectId === value);
+  if (project) {
+    return {
+      mode: "use_existing" as const,
+      projectId: project.projectId,
+      projectName: project.name,
+    };
+  }
+
+  return undefined;
 }
 
 export function normalizeValidationResult(result: true | string): string | undefined {

package/src/neon.ts

@@ -1,4 +1,5 @@
 import { createApiClient } from "@neondatabase/api-client";
+import { resolveNeonApiKey } from "./vault";
 
 export type NeonProject = {
   id: string;
@@ -16,14 +17,9 @@ export type NeonApi = {
 };
 
 export function createNeonApi(apiKey = process.env.NEON_API_KEY): NeonApi {
-  if (!apiKey?.trim()) {
-    throw new Error("NEON_API_KEY is not set");
-  }
-
-  const client = createApiClient({ apiKey });
-
   return {
     async listProjects() {
+      const client = createApiClient({ apiKey: (apiKey?.trim() || (await resolveNeonApiKey())) });
       const payload = await client.listProjects({ limit: 100 });
       return (payload.projects ?? [])
         .map((project) => ({
@@ -35,6 +31,7 @@ export function createNeonApi(apiKey = process.env.NEON_API_KEY): NeonApi {
     },
 
     async listBranches(projectId: string) {
+      const client = createApiClient({ apiKey: (apiKey?.trim() || (await resolveNeonApiKey())) });
       const payload = await client.listProjectBranches({ projectId });
       return (payload.branches ?? [])
         .map((branch) => ({
@@ -55,11 +52,11 @@ export async function listBranches(projectId: string, api = createNeonApi()): Pr
   return api.listBranches(projectId);
 }
 
-export async function discoverNeonDefaults(serviceName: string, api = createNeonApi()) {
+export async function discoverNeonDefaults(serviceLabel = "this service", api = createNeonApi()) {
   const projects = await listProjects(api);
   const project = projects[0];
   if (!project) {
-    throw new Error(`No Neon projects are available for ${serviceName}`);
+    throw new Error(`No Neon projects are available for ${serviceLabel}`);
   }
 
   const branches = await listBranches(project.id, api);

package/src/post-scaffold.ts

@@ -21,6 +21,7 @@ export async function runPostScaffoldFlow(config: ScaffoldConfig, cwd: string) {
   }
 
   if (config.autoDeploy) {
+    installProjectDependencies(cwd);
     run("bun", ["run", "bootstrap"], { cwd });
     run("bun", ["run", "deploy"], { cwd });
     return { message: "Repository initialized, pushed, and first deploy started" };
@@ -47,6 +48,11 @@ function createGitHubRepo(config: ScaffoldConfig, cwd: string) {
   run("git", ["push", "-u", "origin", "main"], { cwd, allowFailure: true });
 }
 
+function installProjectDependencies(cwd: string) {
+  requireCommand("bun");
+  run("bun", ["install"], { cwd });
+}
+
 function requireCommand(name: string) {
   if (!Bun.which(name)) {
     throw new Error(`missing required command for post-scaffold automation: ${name}`);

package/src/scaffold.test.ts

@@ -1,8 +1,8 @@
 import { expect, test } from "bun:test";
-import { mkdtemp } from "node:fs/promises";
+import { mkdtemp, mkdir, writeFile } from "node:fs/promises";
 import { join } from "node:path";
 import { tmpdir } from "node:os";
-import { scaffoldProject, type ScaffoldConfig } from "./scaffold";
+import { DirectoryConflictError, assertTargetDirectoryIsEmpty, scaffoldProject, type ScaffoldConfig } from "./scaffold";
 
 function baseConfig(overrides: Partial<ScaffoldConfig> = {}): ScaffoldConfig {
   return {
@@ -79,3 +79,12 @@ test("scaffolds all runtime/framework variants with shared cloudrun config", asy
     }
   }
 });
+
+test("detects conflicting files before scaffold generation", async () => {
+  const root = await mkdtemp(join(tmpdir(), "create-svc-conflict-"));
+  const generatedRoot = join(root, "existing");
+  await mkdir(generatedRoot, { recursive: true });
+  await writeFile(join(generatedRoot, "README.md"), "hello");
+
+  await expect(assertTargetDirectoryIsEmpty(generatedRoot)).rejects.toBeInstanceOf(DirectoryConflictError);
+});

package/src/scaffold.ts

@@ -29,6 +29,18 @@ export type ScaffoldConfig = {
   generatorRoot: string;
 };
 
+export class DirectoryConflictError extends Error {
+  targetDir: string;
+  entries: string[];
+
+  constructor(targetDir: string, entries: string[]) {
+    super(`Target directory already exists and is not empty: ${targetDir}`);
+    this.name = "DirectoryConflictError";
+    this.targetDir = targetDir;
+    this.entries = entries;
+  }
+}
+
 export async function scaffoldProject(config: ScaffoldConfig) {
   const targetDir = resolve(process.cwd(), config.directory);
   await ensureTargetDirectory(targetDir);
@@ -53,14 +65,18 @@ export async function scaffoldProject(config: ScaffoldConfig) {
 }
 
 async function ensureTargetDirectory(targetDir: string) {
+  await assertTargetDirectoryIsEmpty(targetDir);
+  await mkdir(targetDir, { recursive: true });
+}
+
+export async function assertTargetDirectoryIsEmpty(targetDir: string) {
   try {
     const entries = await readdir(targetDir);
     if (entries.length > 0) {
-      throw new Error(`Target directory already exists and is not empty: ${targetDir}`);
+      throw new DirectoryConflictError(targetDir, entries.sort());
     }
   } catch (error) {
     if ((error as NodeJS.ErrnoException).code === "ENOENT") {
-      await mkdir(targetDir, { recursive: true });
       return;
     }
     throw error;

package/src/vault.test.ts

@@ -0,0 +1,42 @@
+import { afterEach, expect, mock, test } from "bun:test";
+import { readVaultSecret, resolveNeonApiKey } from "./vault";
+
+const originalEnv = { ...process.env };
+
+afterEach(() => {
+  process.env = { ...originalEnv };
+  mock.restore();
+});
+
+test("resolveNeonApiKey prefers NEON_API_KEY from env", async () => {
+  process.env.NEON_API_KEY = "direct-token";
+  await expect(resolveNeonApiKey()).resolves.toBe("direct-token");
+});
+
+test("readVaultSecret reads KV v2 secret data using existing vault login env", async () => {
+  process.env.VAULT_ADDR = "https://vault.example.com";
+  process.env.VAULT_TOKEN = "token-123";
+
+  const fetchMock = mock(async (input: string | URL | Request) => {
+    expect(String(input)).toBe("https://vault.example.com/v1/secret/data/provider/neon-api-key");
+    return new Response(
+      JSON.stringify({
+        data: {
+          data: {
+            value: "vault-token",
+          },
+        },
+      }),
+      { status: 200 }
+    );
+  });
+
+  globalThis.fetch = fetchMock as typeof fetch;
+
+  await expect(
+    readVaultSecret({
+      path: "provider/neon-api-key",
+      field: "value",
+    })
+  ).resolves.toBe("vault-token");
+});

package/src/vault.ts

@@ -0,0 +1,63 @@
+const DEFAULT_VAULT_SECRET_MOUNT = "secret";
+const DEFAULT_NEON_API_KEY_PATH = "provider/neon-api-key";
+const DEFAULT_NEON_API_KEY_FIELD = "value";
+
+type VaultSecretOptions = {
+  addr?: string;
+  token?: string;
+  mount?: string;
+  path?: string;
+  field?: string;
+};
+
+export async function resolveNeonApiKey() {
+  const direct = process.env.NEON_API_KEY?.trim();
+  if (direct) {
+    return direct;
+  }
+
+  return readVaultSecret({
+    path: process.env.VAULT_NEON_API_KEY_PATH ?? DEFAULT_NEON_API_KEY_PATH,
+    field: process.env.VAULT_NEON_API_KEY_FIELD ?? DEFAULT_NEON_API_KEY_FIELD,
+  });
+}
+
+export async function readVaultSecret(options: VaultSecretOptions = {}) {
+  const addr = options.addr ?? process.env.VAULT_ADDR?.trim() ?? "";
+  const token = options.token ?? process.env.VAULT_TOKEN?.trim() ?? "";
+  const mount = options.mount ?? process.env.VAULT_SECRET_MOUNT?.trim() ?? DEFAULT_VAULT_SECRET_MOUNT;
+  const path = options.path?.trim() ?? "";
+  const field = options.field?.trim() ?? "value";
+
+  if (!addr || !token || !path) {
+    throw new Error("Vault secret resolution requires VAULT_ADDR, VAULT_TOKEN, and a secret path");
+  }
+
+  const normalizedAddr = addr.replace(/\/+$/g, "");
+  const normalizedMount = mount.replace(/^\/+|\/+$/g, "");
+  const normalizedPath = path.replace(/^\/+/g, "");
+  const url = `${normalizedAddr}/v1/${normalizedMount}/data/${normalizedPath}`;
+
+  const response = await fetch(url, {
+    headers: {
+      "X-Vault-Token": token,
+    },
+  });
+
+  if (!response.ok) {
+    throw new Error(`Vault read failed: ${response.status} ${response.statusText}`);
+  }
+
+  const payload = (await response.json()) as {
+    data?: {
+      data?: Record<string, string | undefined>;
+    };
+  };
+
+  const value = payload.data?.data?.[field]?.trim();
+  if (!value) {
+    throw new Error(`Vault secret field ${field} is empty at ${normalizedMount}/${normalizedPath}`);
+  }
+
+  return value;
+}

package/templates/shared/.env.example

@@ -0,0 +1,10 @@
+# Stable repo-local settings for Neon admin key lookup via Vault.
+# Copy to .env.local and adjust as needed.
+
+VAULT_ADDR=https://vault.example.com
+VAULT_SECRET_MOUNT=secret
+VAULT_NEON_API_KEY_PATH=provider/neon-api-key
+VAULT_NEON_API_KEY_FIELD=value
+
+# Do not commit VAULT_TOKEN. Prefer `vault login` in your shell session.
+

package/templates/shared/README.md

@@ -31,7 +31,33 @@ Bootstrap and deploy use:
 
 - `gcloud`
 - `gh`
-- `NEON_API_KEY`
+- `NEON_API_KEY`, or a working Vault login via `VAULT_ADDR` + `VAULT_TOKEN`
 
-The generator only stores application-facing connection material in Secret Manager. Neon admin credentials stay local to bootstrap and deploy.
+## Environment setup
+
+For project-specific Vault settings, prefer repo-local config over shell startup files:
+
+```bash
+cp .env.example .env.local
+```
+
+Then edit `.env.local` with your Vault address and secret path overrides.
 
+For the token itself, prefer a live shell session:
+
+```bash
+vault login
+export VAULT_TOKEN="$(vault print token)"
+```
+
+or however your existing Vault login flow exposes `VAULT_TOKEN`.
+
+That keeps stable settings in the repo and keeps the token out of `~/.zshrc`.
+
+Optional Vault overrides for Neon admin key lookup:
+
+- `VAULT_SECRET_MOUNT` default `secret`
+- `VAULT_NEON_API_KEY_PATH` default `provider/neon-api-key`
+- `VAULT_NEON_API_KEY_FIELD` default `value`
+
+The generator only stores application-facing connection material in Secret Manager. Neon admin credentials stay local to bootstrap and deploy.

package/templates/shared/scripts/cloudrun/neon.ts

@@ -6,17 +6,56 @@ type NeonBranch = {
   name: string;
 };
 
-function neonClient() {
-  const apiKey = process.env.NEON_API_KEY?.trim();
+async function resolveNeonApiKey() {
+  const direct = process.env.NEON_API_KEY?.trim();
+  if (direct) {
+    return direct;
+  }
+
+  const addr = process.env.VAULT_ADDR?.trim() ?? "";
+  const token = process.env.VAULT_TOKEN?.trim() ?? "";
+  const mount = process.env.VAULT_SECRET_MOUNT?.trim() ?? "secret";
+  const path = process.env.VAULT_NEON_API_KEY_PATH?.trim() ?? "provider/neon-api-key";
+  const field = process.env.VAULT_NEON_API_KEY_FIELD?.trim() ?? "value";
+
+  if (!addr || !token) {
+    throw new Error("NEON_API_KEY is required for Neon provisioning, or set VAULT_ADDR and VAULT_TOKEN");
+  }
+
+  const normalizedAddr = addr.replace(/\/+$/g, "");
+  const normalizedMount = mount.replace(/^\/+|\/+$/g, "");
+  const normalizedPath = path.replace(/^\/+/g, "");
+  const response = await fetch(`${normalizedAddr}/v1/${normalizedMount}/data/${normalizedPath}`, {
+    headers: {
+      "X-Vault-Token": token,
+    },
+  });
+
+  if (!response.ok) {
+    throw new Error(`Vault read failed: ${response.status} ${response.statusText}`);
+  }
+
+  const payload = (await response.json()) as {
+    data?: {
+      data?: Record<string, string | undefined>;
+    };
+  };
+
+  const apiKey = payload.data?.data?.[field]?.trim();
   if (!apiKey) {
-    throw new Error("NEON_API_KEY is required for Neon provisioning");
+    throw new Error(`Vault secret field ${field} is empty at ${normalizedMount}/${normalizedPath}`);
   }
 
+  return apiKey;
+}
+
+async function neonClient() {
+  const apiKey = await resolveNeonApiKey();
   return createApiClient({ apiKey });
 }
 
 export async function listBranches(projectId: string) {
-  const payload = await neonClient().listProjectBranches({ projectId });
+  const payload = await (await neonClient()).listProjectBranches({ projectId });
   return (payload.branches ?? [])
     .map((branch) => ({
       id: branch.id ?? "",
@@ -27,7 +66,7 @@ export async function listBranches(projectId: string) {
 }
 
 export async function ensureDatabase(projectId: string, branchId: string, databaseName: string) {
-  const client = neonClient();
+  const client = await neonClient();
 
   try {
     await client.getProjectBranchDatabase(projectId, branchId, databaseName);
@@ -52,7 +91,7 @@ export async function ensureBranch(projectId: string, branchName: string, parent
     return existing;
   }
 
-  const payload = await neonClient().createProjectBranch(projectId, {
+  const payload = await (await neonClient()).createProjectBranch(projectId, {
     branch: {
       name: branchName,
       parent_id: parentId,
@@ -77,7 +116,7 @@ export async function ensureBranch(projectId: string, branchName: string, parent
 
 export async function deleteBranch(projectId: string, branchId: string) {
   try {
-    await neonClient().deleteProjectBranch(projectId, branchId);
+    await (await neonClient()).deleteProjectBranch(projectId, branchId);
   } catch (error) {
     const status = (error as { response?: { status?: number } })?.response?.status;
     if (status === 404) {
@@ -88,7 +127,7 @@ export async function deleteBranch(projectId: string, branchId: string) {
 }
 
 export async function getConnectionUri(projectId: string, branchId: string, databaseName: string, roleName: string) {
-  const payload = await neonClient().getConnectionUri({
+  const payload = await (await neonClient()).getConnectionUri({
     projectId,
     branchId,
     databaseName,