creek 0.3.0 → 0.3.2

package/dist/commands/whoami.js

@@ -1,43 +0,0 @@
-import { defineCommand } from "citty";
-import consola from "consola";
-import { CreekClient } from "@solcreek/sdk";
-import { getToken, getApiUrl } from "../utils/config.js";
-import { globalArgs, resolveJsonMode, jsonOutput } from "../utils/output.js";
-export const whoamiCommand = defineCommand({
-    meta: {
-        name: "whoami",
-        description: "Show the currently authenticated user",
-    },
-    args: { ...globalArgs },
-    async run({ args }) {
-        const jsonMode = resolveJsonMode(args);
-        const token = getToken();
-        if (!token) {
-            if (jsonMode)
-                jsonOutput({ ok: false, authenticated: false, error: "not_authenticated" }, 1);
-            consola.error("Not authenticated. Run `creek login` first.");
-            process.exit(1);
-        }
-        const client = new CreekClient(getApiUrl(), token);
-        const session = await client.getSession();
-        if (!session?.user) {
-            if (jsonMode)
-                jsonOutput({ ok: false, authenticated: false, error: "session_expired" }, 1);
-            consola.error("Session expired or invalid. Run `creek login` to re-authenticate.");
-            process.exit(1);
-        }
-        if (jsonMode) {
-            jsonOutput({
-                ok: true,
-                authenticated: true,
-                user: session.user.name,
-                email: session.user.email,
-                api: getApiUrl(),
-            });
-        }
-        consola.log(`  User:  ${session.user.name}`);
-        consola.log(`  Email: ${session.user.email}`);
-        consola.log(`  API:   ${getApiUrl()}`);
-    },
-});
-//# sourceMappingURL=whoami.js.map

package/dist/index.d.ts

@@ -1,3 +0,0 @@
-#!/usr/bin/env node
-export {};
-//# sourceMappingURL=index.d.ts.map

package/dist/index.js

@@ -1,36 +0,0 @@
-#!/usr/bin/env node
-import { defineCommand, runMain } from "citty";
-import { readFileSync } from "node:fs";
-import { fileURLToPath } from "node:url";
-import { dirname, join } from "node:path";
-import { loginCommand } from "./commands/login.js";
-import { whoamiCommand } from "./commands/whoami.js";
-import { initCommand } from "./commands/init.js";
-import { deployCommand } from "./commands/deploy.js";
-import { claimCommand } from "./commands/claim.js";
-import { envCommand } from "./commands/env.js";
-import { projectsCommand } from "./commands/projects.js";
-import { deploymentsCommand } from "./commands/deployments.js";
-import { statusCommand } from "./commands/status.js";
-const __dirname = dirname(fileURLToPath(import.meta.url));
-const pkg = JSON.parse(readFileSync(join(__dirname, "..", "package.json"), "utf-8"));
-const main = defineCommand({
-    meta: {
-        name: "creek",
-        version: pkg.version,
-        description: "Deploy full-stack apps to the edge",
-    },
-    subCommands: {
-        deploy: deployCommand,
-        status: statusCommand,
-        projects: projectsCommand,
-        deployments: deploymentsCommand,
-        login: loginCommand,
-        whoami: whoamiCommand,
-        init: initCommand,
-        claim: claimCommand,
-        env: envCommand,
-    },
-});
-runMain(main);
-//# sourceMappingURL=index.js.map

package/dist/utils/auth-server.d.ts

@@ -1,22 +0,0 @@
-export interface AuthCallbackResult {
-    key: string;
-    state: string;
-}
-/**
- * Start a temporary local HTTP server to receive the OAuth-style callback
- * from the dashboard after CLI auth.
- *
- * Flow:
- * 1. Server starts on a random available port
- * 2. CLI opens browser to dashboard /cli-auth?port=X&state=Y
- * 3. Dashboard creates API key, redirects to http://localhost:X/callback?key=...&state=...
- * 4. This server receives the callback, validates state, resolves the promise
- * 5. Server auto-closes
- */
-export declare function startAuthServer(): {
-    port: number;
-    state: string;
-    waitForCallback: () => Promise<string>;
-    close: () => void;
-};
-//# sourceMappingURL=auth-server.d.ts.map

package/dist/utils/auth-server.js

@@ -1,91 +0,0 @@
-import { createServer } from "node:http";
-import { randomBytes } from "node:crypto";
-/**
- * Start a temporary local HTTP server to receive the OAuth-style callback
- * from the dashboard after CLI auth.
- *
- * Flow:
- * 1. Server starts on a random available port
- * 2. CLI opens browser to dashboard /cli-auth?port=X&state=Y
- * 3. Dashboard creates API key, redirects to http://localhost:X/callback?key=...&state=...
- * 4. This server receives the callback, validates state, resolves the promise
- * 5. Server auto-closes
- */
-export function startAuthServer() {
-    const state = randomBytes(16).toString("hex");
-    let resolveCallback;
-    let rejectCallback;
-    const callbackPromise = new Promise((resolve, reject) => {
-        resolveCallback = resolve;
-        rejectCallback = reject;
-    });
-    const server = createServer((req, res) => {
-        const url = new URL(req.url ?? "/", `http://localhost`);
-        if (url.pathname === "/callback") {
-            const key = url.searchParams.get("key");
-            const returnedState = url.searchParams.get("state");
-            if (returnedState !== state) {
-                res.writeHead(400, { "Content-Type": "text/html" });
-                res.end(htmlPage("Authentication Failed", "Invalid state parameter. Please try again."));
-                rejectCallback(new Error("State mismatch — possible CSRF attack"));
-                return;
-            }
-            if (!key) {
-                res.writeHead(400, { "Content-Type": "text/html" });
-                res.end(htmlPage("Authentication Failed", "No API key received. Please try again."));
-                rejectCallback(new Error("No API key in callback"));
-                return;
-            }
-            res.writeHead(200, { "Content-Type": "text/html" });
-            res.end(htmlPage("Authenticated!", "You can close this window and return to the terminal."));
-            resolveCallback(key);
-            setTimeout(() => server.close(), 500);
-            return;
-        }
-        res.writeHead(404);
-        res.end("Not found");
-    });
-    // Listen on port 0 = OS picks a random available port
-    server.listen(0, "localhost");
-    const address = server.address();
-    const port = typeof address === "object" && address ? address.port : 0;
-    // Timeout after 2 minutes
-    const timeout = setTimeout(() => {
-        rejectCallback(new Error("Login timed out after 2 minutes"));
-        server.close();
-    }, 120_000);
-    return {
-        port,
-        state,
-        waitForCallback: () => callbackPromise.finally(() => clearTimeout(timeout)),
-        close: () => {
-            clearTimeout(timeout);
-            server.close();
-        },
-    };
-}
-function escapeHtml(s) {
-    return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
-}
-function htmlPage(title, message) {
-    return `<!DOCTYPE html>
-<html>
-<head>
-  <meta charset="utf-8">
-  <title>Creek CLI - ${escapeHtml(title)}</title>
-  <style>
-    body { font-family: system-ui, sans-serif; display: flex; justify-content: center; align-items: center; min-height: 100vh; margin: 0; background: #0a0a0a; color: #eee; }
-    .card { text-align: center; padding: 2rem; }
-    h1 { font-size: 1.5rem; margin-bottom: 0.5rem; }
-    p { color: #888; }
-  </style>
-</head>
-<body>
-  <div class="card">
-    <h1>${escapeHtml(title)}</h1>
-    <p>${escapeHtml(message)}</p>
-  </div>
-</body>
-</html>`;
-}
-//# sourceMappingURL=auth-server.js.map

package/dist/utils/bundle.d.ts

@@ -1,6 +0,0 @@
-export interface BundleAssets {
-    assets: Record<string, string>;
-    fileList: string[];
-}
-export declare function collectAssets(dir: string, baseDir?: string): BundleAssets;
-//# sourceMappingURL=bundle.d.ts.map

package/dist/utils/bundle.js

@@ -1,39 +0,0 @@
-import { readFileSync, readdirSync } from "node:fs";
-import { join, relative } from "node:path";
-const IGNORED_DIRS = new Set([
-    "node_modules", ".git", ".svn", ".hg", ".next", ".nuxt", ".output",
-]);
-const IGNORED_FILES = new Set([
-    ".DS_Store", "Thumbs.db", ".env", ".env.local", ".env.production",
-    ".gitignore", ".npmrc", ".eslintcache",
-]);
-function isIgnored(name) {
-    return name.startsWith(".") && IGNORED_FILES.has(name)
-        || IGNORED_FILES.has(name)
-        || name.endsWith("~")
-        || name.endsWith(".swp");
-}
-export function collectAssets(dir, baseDir) {
-    const base = baseDir ?? dir;
-    const assets = {};
-    const fileList = [];
-    const entries = readdirSync(dir, { withFileTypes: true });
-    for (const entry of entries) {
-        if (IGNORED_DIRS.has(entry.name))
-            continue;
-        const fullPath = join(dir, entry.name);
-        if (entry.isDirectory()) {
-            const sub = collectAssets(fullPath, base);
-            Object.assign(assets, sub.assets);
-            fileList.push(...sub.fileList);
-        }
-        else if (entry.isFile() && !isIgnored(entry.name)) {
-            const relPath = relative(base, fullPath);
-            const content = readFileSync(fullPath);
-            assets[relPath] = content.toString("base64");
-            fileList.push(relPath);
-        }
-    }
-    return { assets, fileList };
-}
-//# sourceMappingURL=bundle.js.map

package/dist/utils/config.d.ts

@@ -1,12 +0,0 @@
-interface CliConfig {
-    token?: string;
-    apiUrl?: string;
-}
-export declare function getConfigDir(): string;
-export declare function readCliConfig(): CliConfig;
-export declare function writeCliConfig(config: CliConfig): void;
-export declare function getToken(): string | undefined;
-export declare function getApiUrl(): string;
-export declare function getSandboxApiUrl(): string;
-export {};
-//# sourceMappingURL=config.d.ts.map

package/dist/utils/config.js

@@ -1,37 +0,0 @@
-import { readFileSync, writeFileSync, existsSync, mkdirSync } from "node:fs";
-import { join } from "node:path";
-import { homedir } from "node:os";
-const CONFIG_DIR = join(homedir(), ".creek");
-const CONFIG_FILE = join(CONFIG_DIR, "config.json");
-export function getConfigDir() {
-    return CONFIG_DIR;
-}
-export function readCliConfig() {
-    if (!existsSync(CONFIG_FILE))
-        return {};
-    try {
-        return JSON.parse(readFileSync(CONFIG_FILE, "utf-8"));
-    }
-    catch {
-        return {};
-    }
-}
-export function writeCliConfig(config) {
-    if (!existsSync(CONFIG_DIR)) {
-        mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
-    }
-    writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2), { mode: 0o600 });
-}
-export function getToken() {
-    return process.env.CREEK_TOKEN ?? readCliConfig().token;
-}
-export function getApiUrl() {
-    return (process.env.CREEK_API_URL ??
-        readCliConfig().apiUrl ??
-        "https://api.creek.dev");
-}
-export function getSandboxApiUrl() {
-    return (process.env.CREEK_SANDBOX_API_URL ??
-        "https://sandbox-api.creek.dev");
-}
-//# sourceMappingURL=config.js.map

package/dist/utils/git-clone.d.ts

@@ -1,44 +0,0 @@
-import type { ParsedRepoUrl } from "./repo-url.js";
-export interface CloneOptions {
-    subpath?: string | null;
-    timeoutMs?: number;
-    maxSizeMb?: number;
-}
-export interface CloneResult {
-    tmpDir: string;
-    workDir: string;
-    sizeMb: number;
-}
-/**
- * Check if git CLI is available. Throws with install instructions if not.
- */
-export declare function checkGitInstalled(): void;
-/**
- * Clone a repository with full security hardening.
- *
- * Security measures:
- * - --depth 1 (shallow, limits disk usage)
- * - --single-branch (don't fetch other branches)
- * - --no-recurse-submodules (prevent submodule attacks)
- * - core.hooksPath=/dev/null (disable git hooks)
- * - protocol.ext.allow=never (block ext:: protocol handler)
- * - protocol.file.allow=never (block file:// protocol)
- * - GIT_TERMINAL_PROMPT=0 (disable interactive auth)
- * - .git directory deleted immediately after clone
- * - Post-clone size check
- */
-export declare function cloneRepo(parsed: ParsedRepoUrl, options?: CloneOptions): CloneResult;
-export type PackageManager = "npm" | "pnpm" | "yarn" | "bun";
-/**
- * Detect package manager from lock file.
- */
-export declare function detectPackageManager(cwd: string): PackageManager;
-/**
- * Install dependencies using the detected package manager.
- */
-export declare function installDependencies(cwd: string, pm: PackageManager): void;
-export declare function cleanupDir(dir: string): void;
-export declare class GitCloneError extends Error {
-    constructor(message: string);
-}
-//# sourceMappingURL=git-clone.d.ts.map

package/dist/utils/git-clone.js

@@ -1,193 +0,0 @@
-import { execFileSync } from "node:child_process";
-import { existsSync, mkdtempSync, rmSync, readdirSync } from "node:fs";
-import { join, resolve } from "node:path";
-import { tmpdir } from "node:os";
-/**
- * Check if git CLI is available. Throws with install instructions if not.
- */
-export function checkGitInstalled() {
-    try {
-        execFileSync("git", ["--version"], { stdio: "pipe" });
-    }
-    catch {
-        throw new GitCloneError("Git is not installed.\n" +
-            "  Install it from: https://git-scm.com/downloads\n" +
-            "  Or deploy a local directory: creek deploy ./my-project");
-    }
-}
-/**
- * Clone a repository with full security hardening.
- *
- * Security measures:
- * - --depth 1 (shallow, limits disk usage)
- * - --single-branch (don't fetch other branches)
- * - --no-recurse-submodules (prevent submodule attacks)
- * - core.hooksPath=/dev/null (disable git hooks)
- * - protocol.ext.allow=never (block ext:: protocol handler)
- * - protocol.file.allow=never (block file:// protocol)
- * - GIT_TERMINAL_PROMPT=0 (disable interactive auth)
- * - .git directory deleted immediately after clone
- * - Post-clone size check
- */
-export function cloneRepo(parsed, options = {}) {
-    const { subpath, timeoutMs = 60_000, maxSizeMb = 500 } = options;
-    const tmpDir = mkdtempSync(join(tmpdir(), "creek-repo-"));
-    try {
-        const args = [
-            "clone",
-            "--depth", "1",
-            "--single-branch",
-            ...(parsed.branch ? ["--branch", parsed.branch] : []),
-            "--no-recurse-submodules",
-            "--config", "core.hooksPath=/dev/null",
-            "--config", "protocol.ext.allow=never",
-            "--config", "protocol.file.allow=never",
-            parsed.cloneUrl,
-            tmpDir,
-        ];
-        execFileSync("git", args, {
-            stdio: "pipe",
-            timeout: timeoutMs,
-            env: {
-                ...process.env,
-                GIT_TERMINAL_PROMPT: "0",
-                GIT_ASKPASS: "/bin/echo",
-            },
-        });
-    }
-    catch (err) {
-        // Parse git error for helpful messages
-        const stderr = err instanceof Error && "stderr" in err
-            ? String(err.stderr)
-            : "";
-        cleanupDir(tmpDir);
-        if (stderr.includes("Repository not found") || stderr.includes("not found")) {
-            throw new GitCloneError(`Repository not found: ${parsed.displayUrl}`);
-        }
-        if (stderr.includes("Authentication failed") || stderr.includes("could not read Username")) {
-            throw new GitCloneError(`This appears to be a private repository: ${parsed.displayUrl}\n` +
-                "  Creek currently supports public repos only.\n" +
-                "  To deploy a private repo, clone it locally first:\n" +
-                `    git clone ${parsed.cloneUrl} && cd ${parsed.repo} && creek deploy`);
-        }
-        if (stderr.includes("empty repository") || stderr.includes("warning: You appear to have cloned an empty repository")) {
-            throw new GitCloneError(`Repository is empty: ${parsed.displayUrl}`);
-        }
-        if (err instanceof Error && "killed" in err && err.killed) {
-            throw new GitCloneError(`Clone timed out after ${Math.round(timeoutMs / 1000)}s: ${parsed.displayUrl}\n` +
-                "  The repository may be too large for direct deploy.\n" +
-                "  Try cloning locally: git clone --depth 1 " + parsed.cloneUrl);
-        }
-        if (stderr.includes("Remote branch") && stderr.includes("not found")) {
-            throw new GitCloneError(`Branch '${parsed.branch}' not found in ${parsed.displayUrl}`);
-        }
-        throw new GitCloneError(`Failed to clone ${parsed.displayUrl}: ${stderr || (err instanceof Error ? err.message : String(err))}`);
-    }
-    // Immediately remove .git directory (prevent hook attacks, save disk)
-    rmSync(join(tmpDir, ".git"), { recursive: true, force: true });
-    // Also remove .gitmodules if present (prevent submodule tricks)
-    const gitmodulesPath = join(tmpDir, ".gitmodules");
-    if (existsSync(gitmodulesPath)) {
-        rmSync(gitmodulesPath, { force: true });
-    }
-    // Check repo size
-    const sizeMb = getDirSizeMb(tmpDir);
-    if (sizeMb > maxSizeMb) {
-        cleanupDir(tmpDir);
-        throw new GitCloneError(`Repository is too large (${Math.round(sizeMb)}MB, limit is ${maxSizeMb}MB).\n` +
-            "  Clone locally and use creek deploy from the directory instead.");
-    }
-    // Resolve subpath if specified
-    let workDir = tmpDir;
-    if (subpath) {
-        workDir = resolve(tmpDir, subpath);
-        // Belt-and-suspenders: verify resolved path is within tmpDir
-        if (!resolve(workDir).startsWith(resolve(tmpDir))) {
-            cleanupDir(tmpDir);
-            throw new GitCloneError("Subpath resolved outside the repository (path traversal blocked)");
-        }
-        if (!existsSync(workDir)) {
-            cleanupDir(tmpDir);
-            throw new GitCloneError(`Subdirectory '${subpath}' not found in ${parsed.displayUrl}.\n` +
-                `  Available directories: ${listTopDirs(tmpDir).join(", ") || "(none)"}`);
-        }
-    }
-    return { tmpDir, workDir, sizeMb };
-}
-/**
- * Detect package manager from lock file.
- */
-export function detectPackageManager(cwd) {
-    if (existsSync(join(cwd, "pnpm-lock.yaml")))
-        return "pnpm";
-    if (existsSync(join(cwd, "yarn.lock")))
-        return "yarn";
-    if (existsSync(join(cwd, "bun.lockb")) || existsSync(join(cwd, "bun.lock")))
-        return "bun";
-    return "npm";
-}
-/**
- * Install dependencies using the detected package manager.
- */
-export function installDependencies(cwd, pm) {
-    const commands = {
-        npm: ["npm", "install", "--no-audit", "--no-fund"],
-        pnpm: ["pnpm", "install"],
-        yarn: ["yarn", "install"],
-        bun: ["bun", "install"],
-    };
-    const [cmd, ...args] = commands[pm];
-    try {
-        execFileSync(cmd, args, {
-            cwd,
-            stdio: "pipe",
-            timeout: 120_000,
-        });
-    }
-    catch (err) {
-        const stderr = err instanceof Error && "stderr" in err
-            ? String(err.stderr).slice(0, 500)
-            : "";
-        throw new GitCloneError(`Failed to install dependencies with ${pm}.\n` +
-            (stderr ? `  ${stderr}\n` : "") +
-            `  Try: cd ${cwd} && ${cmd} ${args.join(" ")}`);
-    }
-}
-// --- Helpers ---
-function getDirSizeMb(dir) {
-    try {
-        const output = execFileSync("du", ["-sk", dir], { stdio: "pipe" }).toString();
-        const kb = parseInt(output.split("\t")[0], 10);
-        return kb / 1024;
-    }
-    catch {
-        return 0; // Can't determine size, allow it
-    }
-}
-function listTopDirs(dir) {
-    try {
-        return readdirSync(dir, { withFileTypes: true })
-            .filter((d) => d.isDirectory() && !d.name.startsWith("."))
-            .map((d) => d.name)
-            .slice(0, 10);
-    }
-    catch {
-        return [];
-    }
-}
-export function cleanupDir(dir) {
-    try {
-        rmSync(dir, { recursive: true, force: true });
-    }
-    catch {
-        // Best effort
-    }
-}
-// --- Error ---
-export class GitCloneError extends Error {
-    constructor(message) {
-        super(message);
-        this.name = "GitCloneError";
-    }
-}
-//# sourceMappingURL=git-clone.js.map

package/dist/utils/nextjs.d.ts

@@ -1,48 +0,0 @@
-/**
- * Next.js-specific build utilities for Creek CLI.
- *
- * Two build paths:
- * - **Adapter path** (Next.js >= 16.2): Uses @solcreek/adapter-nextjs via
- *   NEXT_ADAPTER_PATH. Zero workarounds, typed outputs, direct esbuild bundle.
- * - **Legacy path** (Next.js < 16.2): Uses @opennextjs/cloudflare with
- *   workarounds (standalone patch, middleware manifest inline, etc.)
- *
- * The CLI auto-detects the Next.js version and picks the right path.
- */
-/** Read the installed Next.js version from node_modules. */
-export declare function getNextVersion(cwd: string): string | null;
-/**
- * Unified Next.js build entry point.
- *
- * - Next.js >= 16.2: Creek adapter path (recommended)
- * - Next.js < 16.2: legacy opennext path (best effort)
- */
-export declare function buildNextjs(cwd: string, isMonorepo: boolean, projectName?: string): void;
-/** Check if the adapter output exists (vs legacy opennext output). */
-export declare function hasAdapterOutput(cwd: string): boolean;
-/**
- * Patch the bundled worker to fix opennext's dynamic require issues.
- *
- * @deprecated Legacy path — only used for Next.js < 16.2. For >= 16.2,
- * the Creek adapter handles middleware via typed AdapterOutputs.
- */
-export declare function patchBundledWorker(bundleDir: string, openNextDir: string): void;
-/**
- * Fix the standalone output path for monorepo builds.
- *
- * When outputFileTracingRoot points to the monorepo root, Next.js outputs to:
- *   .next/standalone/{relative-app-path}/.next/
- * instead of:
- *   .next/standalone/.next/
- *
- * This breaks @opennextjs/cloudflare's createCacheAssets.
- */
-export declare function fixStandalonePath(appDir: string): boolean;
-/**
- * Build a Next.js app for Cloudflare Workers via legacy opennext path.
- *
- * @deprecated Legacy path for Next.js < 16.2. Use buildNextjs() which
- * auto-selects the adapter path for >= 16.2.
- */
-export declare function buildNextjsForWorkers(cwd: string, isMonorepo: boolean, projectName?: string): void;
-//# sourceMappingURL=nextjs.d.ts.map