creek 0.3.0 → 0.3.2

package/dist/utils/repo-url.js

@@ -1,201 +0,0 @@
-/**
- * Git repository URL parsing and security validation.
- *
- * Security model:
- * - HTTPS only (no git://, ssh://, file://, ext::)
- * - Hostname allowlist (github.com, gitlab.com, bitbucket.org only)
- * - Owner/repo validated against strict character set
- * - No embedded credentials
- * - Subpath validated against traversal attacks
- */
-// --- Allowed hostnames (SSRF prevention) ---
-const PROVIDER_HOSTS = {
-    "github.com": "github",
-    "www.github.com": "github",
-    "gitlab.com": "gitlab",
-    "www.gitlab.com": "gitlab",
-    "bitbucket.org": "bitbucket",
-    "www.bitbucket.org": "bitbucket",
-};
-const SHORTHAND_PREFIXES = {
-    "github:": "github",
-    "gitlab:": "gitlab",
-    "bitbucket:": "bitbucket",
-};
-// Strict character set for owner and repo names
-const SAFE_NAME = /^[a-zA-Z0-9._-]+$/;
-// --- Public API ---
-/**
- * Quick check: does this string look like a repo URL or shorthand?
- * Used to route between directory deploy and repo deploy.
- */
-export function isRepoUrl(input) {
-    if (!input)
-        return false;
-    // Shorthand: github:user/repo
-    for (const prefix of Object.keys(SHORTHAND_PREFIXES)) {
-        if (input.startsWith(prefix))
-            return true;
-    }
-    // HTTPS URL to known host
-    try {
-        const url = new URL(input.split("#")[0]);
-        return url.protocol === "https:" && url.hostname in PROVIDER_HOSTS;
-    }
-    catch {
-        return false;
-    }
-}
-/**
- * Parse a repo URL or shorthand into structured components.
- * Supports:
- *   https://github.com/owner/repo
- *   https://github.com/owner/repo.git
- *   https://github.com/owner/repo#branch
- *   https://github.com/owner/repo/tree/branch
- *   github:owner/repo
- *   github:owner/repo#branch
- */
-export function parseRepoUrl(input) {
-    if (!input || typeof input !== "string") {
-        throw new RepoUrlError("Empty or invalid input");
-    }
-    // Shorthand: github:owner/repo#branch
-    for (const [prefix, provider] of Object.entries(SHORTHAND_PREFIXES)) {
-        if (input.startsWith(prefix)) {
-            return parseShorthand(input.slice(prefix.length), provider);
-        }
-    }
-    // Full URL
-    return parseFullUrl(input);
-}
-/**
- * Validate a parsed repo URL for security.
- * Throws RepoUrlError on any violation.
- */
-export function validateRepoUrl(parsed) {
-    // Protocol: only HTTPS (enforced during parsing, but belt-and-suspenders)
-    if (!parsed.cloneUrl.startsWith("https://")) {
-        throw new RepoUrlError("Only HTTPS URLs are allowed");
-    }
-    // Owner and repo name: strict character set
-    if (!SAFE_NAME.test(parsed.owner)) {
-        throw new RepoUrlError(`Invalid owner name: ${JSON.stringify(parsed.owner)}`);
-    }
-    if (!SAFE_NAME.test(parsed.repo)) {
-        throw new RepoUrlError(`Invalid repo name: ${JSON.stringify(parsed.repo)}`);
-    }
-    // Branch: strict character set (if present)
-    if (parsed.branch !== null && !/^[a-zA-Z0-9._\/-]+$/.test(parsed.branch)) {
-        throw new RepoUrlError(`Invalid branch name: ${JSON.stringify(parsed.branch)}`);
-    }
-    // No null bytes anywhere
-    const allParts = [parsed.owner, parsed.repo, parsed.branch, parsed.cloneUrl].filter(Boolean);
-    for (const part of allParts) {
-        if (part.includes("\0")) {
-            throw new RepoUrlError("Null bytes are not allowed");
-        }
-    }
-}
-/**
- * Validate a --path subdirectory argument.
- * Prevents path traversal and other filesystem attacks.
- */
-export function validateSubpath(path) {
-    if (!path || !path.trim()) {
-        throw new RepoUrlError("Subpath cannot be empty");
-    }
-    // No absolute paths
-    if (path.startsWith("/") || path.startsWith("\\")) {
-        throw new RepoUrlError("Subpath must be relative, not absolute");
-    }
-    // No path traversal
-    const segments = path.split(/[/\\]/);
-    if (segments.some((s) => s === "..")) {
-        throw new RepoUrlError("Path traversal (..) is not allowed in subpath");
-    }
-    // No null bytes
-    if (path.includes("\0")) {
-        throw new RepoUrlError("Null bytes are not allowed in subpath");
-    }
-    // Only safe characters
-    if (!/^[a-zA-Z0-9._\/-]+$/.test(path)) {
-        throw new RepoUrlError("Subpath contains invalid characters");
-    }
-}
-// --- Internal parsers ---
-function parseShorthand(rest, provider) {
-    // Split on # for branch
-    const [pathPart, ...branchParts] = rest.split("#");
-    const branch = branchParts.length > 0 ? branchParts.join("#") : null;
-    const segments = pathPart.replace(/\.git$/, "").split("/").filter(Boolean);
-    if (segments.length !== 2) {
-        throw new RepoUrlError(`Expected owner/repo format, got: ${pathPart}`);
-    }
-    const [owner, repo] = segments;
-    const host = provider === "github" ? "github.com" : provider === "gitlab" ? "gitlab.com" : "bitbucket.org";
-    return {
-        provider,
-        owner,
-        repo,
-        branch: branch || null,
-        cloneUrl: `https://${host}/${owner}/${repo}.git`,
-        displayUrl: `${owner}/${repo}${branch ? `#${branch}` : ""}`,
-    };
-}
-function parseFullUrl(input) {
-    // Extract branch from fragment before parsing URL
-    const [urlPart, ...fragmentParts] = input.split("#");
-    const fragment = fragmentParts.length > 0 ? fragmentParts.join("#") : null;
-    let url;
-    try {
-        // Strip query params and trailing slash
-        const cleanUrl = urlPart.split("?")[0].replace(/\/$/, "");
-        url = new URL(cleanUrl);
-    }
-    catch {
-        throw new RepoUrlError(`Invalid URL: ${input}`);
-    }
-    // Protocol check
-    if (url.protocol !== "https:") {
-        throw new RepoUrlError(`Only HTTPS URLs are allowed. Got: ${url.protocol}`);
-    }
-    // Hostname allowlist (SSRF prevention)
-    const hostname = url.hostname.toLowerCase();
-    const provider = PROVIDER_HOSTS[hostname];
-    if (!provider) {
-        throw new RepoUrlError(`Unsupported host: ${hostname}. Supported: github.com, gitlab.com, bitbucket.org`);
-    }
-    // No embedded credentials
-    if (url.username || url.password) {
-        throw new RepoUrlError("URLs with embedded credentials are not allowed");
-    }
-    // Parse path segments: /owner/repo[/tree/branch][.git]
-    const pathSegments = url.pathname.split("/").filter(Boolean);
-    if (pathSegments.length < 2) {
-        throw new RepoUrlError(`Expected /{owner}/{repo} in URL path, got: ${url.pathname}`);
-    }
-    const owner = pathSegments[0];
-    const repo = pathSegments[1].replace(/\.git$/, "");
-    // Extract branch from /tree/branch path (GitHub convention)
-    let branch = fragment;
-    if (pathSegments.length >= 4 && pathSegments[2] === "tree") {
-        branch = pathSegments.slice(3).join("/");
-    }
-    return {
-        provider,
-        owner,
-        repo,
-        branch: branch || null,
-        cloneUrl: `https://${hostname}/${owner}/${repo}.git`,
-        displayUrl: `${owner}/${repo}${branch ? `#${branch}` : ""}`,
-    };
-}
-// --- Error ---
-export class RepoUrlError extends Error {
-    constructor(message) {
-        super(message);
-        this.name = "RepoUrlError";
-    }
-}
-//# sourceMappingURL=repo-url.js.map

package/dist/utils/sandbox.d.ts

@@ -1,50 +0,0 @@
-import type { TosAcceptance } from "./tos.js";
-interface SandboxDeployResponse {
-    sandboxId: string;
-    status: string;
-    statusUrl: string;
-    previewUrl: string;
-    expiresAt: string;
-    tier?: string;
-}
-interface SandboxStatusResponse {
-    sandboxId: string;
-    status: string;
-    previewUrl: string;
-    deployDurationMs?: number;
-    expiresAt: string;
-    expiresInSeconds: number;
-    claimable: boolean;
-    failedStep?: string;
-    errorMessage?: string;
-}
-/**
- * Deploy a bundle to the sandbox API (no auth required).
- * Manifest is optional — the API derives asset list from the assets keys.
- */
-export declare function sandboxDeploy(bundle: {
-    manifest?: {
-        assets: string[];
-        hasWorker: boolean;
-        entrypoint: string | null;
-        renderMode: string;
-    };
-    assets: Record<string, string>;
-    serverFiles?: Record<string, string>;
-    framework?: string;
-    templateId?: string;
-    source: string;
-}, opts?: {
-    tos?: TosAcceptance;
-    agentToken?: string;
-}): Promise<SandboxDeployResponse>;
-/**
- * Poll sandbox status until terminal state.
- */
-export declare function pollSandboxStatus(statusUrl: string): Promise<SandboxStatusResponse>;
-/**
- * Print sandbox success message with claim instructions.
- */
-export declare function printSandboxSuccess(previewUrl: string, expiresAt: string, sandboxId: string): void;
-export {};
-//# sourceMappingURL=sandbox.d.ts.map

package/dist/utils/sandbox.js

@@ -1,69 +0,0 @@
-import consola from "consola";
-import { getSandboxApiUrl } from "./config.js";
-import { isTTY } from "./output.js";
-/**
- * Deploy a bundle to the sandbox API (no auth required).
- * Manifest is optional — the API derives asset list from the assets keys.
- */
-export async function sandboxDeploy(bundle, opts) {
-    const apiUrl = getSandboxApiUrl();
-    const headers = {
-        "Content-Type": "application/json",
-    };
-    // Signal TTY status for tiered rate limiting
-    if (isTTY)
-        headers["X-Creek-TTY"] = "1";
-    // Agent token for elevated rate limit
-    if (opts?.agentToken)
-        headers["Authorization"] = `Bearer ${opts.agentToken}`;
-    // ToS acceptance metadata
-    if (opts?.tos) {
-        headers["X-Creek-ToS-Version"] = opts.tos.version;
-        headers["X-Creek-ToS-Accepted-At"] = opts.tos.acceptedAt;
-    }
-    const res = await fetch(`${apiUrl}/api/sandbox/deploy`, {
-        method: "POST",
-        headers,
-        body: JSON.stringify(bundle),
-    });
-    if (!res.ok) {
-        const err = await res.json().catch(() => ({ message: res.statusText }));
-        throw new Error(err.message ?? `Sandbox deploy failed (${res.status})`);
-    }
-    return res.json();
-}
-/**
- * Poll sandbox status until terminal state.
- */
-export async function pollSandboxStatus(statusUrl) {
-    const POLL_INTERVAL = 1000;
-    const POLL_TIMEOUT = 60_000;
-    const start = Date.now();
-    while (Date.now() - start < POLL_TIMEOUT) {
-        const res = await fetch(statusUrl);
-        if (!res.ok)
-            throw new Error(`Status check failed (${res.status})`);
-        const status = (await res.json());
-        if (status.status === "active")
-            return status;
-        if (status.status === "failed") {
-            const step = status.failedStep ? ` at ${status.failedStep}` : "";
-            throw new Error(`Sandbox deploy failed${step}: ${status.errorMessage ?? "Unknown error"}`);
-        }
-        if (status.status === "expired") {
-            throw new Error("Sandbox expired before activation");
-        }
-        await new Promise((r) => setTimeout(r, POLL_INTERVAL));
-    }
-    throw new Error("Sandbox deploy timed out");
-}
-/**
- * Print sandbox success message with claim instructions.
- */
-export function printSandboxSuccess(previewUrl, expiresAt, sandboxId) {
-    consola.success(`  Live → ${previewUrl}`);
-    consola.info("");
-    consola.info("  Free preview — available for 60 minutes.");
-    consola.info("  Make it permanent: creek login && creek claim " + sandboxId);
-}
-//# sourceMappingURL=sandbox.js.map

package/dist/utils/ssr-bundle.d.ts

@@ -1,6 +0,0 @@
-/**
- * Bundle an SSR server entry point into a single standalone worker script.
- * Uses esbuild (same bundler as wrangler) with node: builtins as externals.
- */
-export declare function bundleSSRServer(entryPoint: string): Promise<string>;
-//# sourceMappingURL=ssr-bundle.d.ts.map

package/dist/utils/ssr-bundle.js

@@ -1,48 +0,0 @@
-import { build } from "esbuild";
-/**
- * Bundle an SSR server entry point into a single standalone worker script.
- * Uses esbuild (same bundler as wrangler) with node: builtins as externals.
- */
-export async function bundleSSRServer(entryPoint) {
-    const result = await build({
-        entryPoints: [entryPoint],
-        bundle: true,
-        format: "esm",
-        platform: "neutral",
-        target: "es2022",
-        write: false,
-        minify: false,
-        external: [
-            "node:async_hooks",
-            "node:stream",
-            "node:stream/web",
-            "node:buffer",
-            "node:util",
-            "node:events",
-            "node:crypto",
-            "node:path",
-            "node:url",
-            "node:string_decoder",
-            "node:diagnostics_channel",
-            "node:process",
-            "node:fs",
-            "node:os",
-            "node:child_process",
-            "node:http",
-            "node:https",
-            "node:net",
-            "node:tls",
-            "node:zlib",
-            "node:perf_hooks",
-            "node:worker_threads",
-        ],
-        conditions: ["workerd", "worker", "import"],
-        mainFields: ["module", "main"],
-        logLevel: "warning",
-    });
-    if (result.errors.length > 0) {
-        throw new Error(`esbuild: ${result.errors.map((e) => e.text).join(", ")}`);
-    }
-    return result.outputFiles[0].text;
-}
-//# sourceMappingURL=ssr-bundle.js.map

package/dist/utils/tos.d.ts

@@ -1,28 +0,0 @@
-/**
- * Terms of Service acceptance for CLI.
- *
- * - First deploy: shows ToS notice + URL + interactive y/N prompt
- * - Stored locally in ~/.creek/tos-accepted (version + timestamp)
- * - --yes / non-TTY: implicit accept with notice printed
- * - Sends tosVersion + tosAcceptedAt in deploy requests
- */
-export declare const CURRENT_TOS_VERSION = "2026-03-28";
-export interface TosAcceptance {
-    version: string;
-    acceptedAt: string;
-}
-/** Read stored ToS acceptance, if any. */
-export declare function readTosAcceptance(): TosAcceptance | null;
-/** Store ToS acceptance locally. */
-export declare function writeTosAcceptance(acceptance: TosAcceptance): void;
-/** Check if current ToS version has been accepted. */
-export declare function isTosAccepted(): boolean;
-/**
- * Ensure ToS is accepted before proceeding.
- *
- * @param autoConfirm - true if --yes flag is set
- * @returns TosAcceptance record to send with deploy request
- * @throws if user rejects ToS
- */
-export declare function ensureTosAccepted(autoConfirm: boolean): Promise<TosAcceptance>;
-//# sourceMappingURL=tos.d.ts.map

package/dist/utils/tos.js

@@ -1,95 +0,0 @@
-/**
- * Terms of Service acceptance for CLI.
- *
- * - First deploy: shows ToS notice + URL + interactive y/N prompt
- * - Stored locally in ~/.creek/tos-accepted (version + timestamp)
- * - --yes / non-TTY: implicit accept with notice printed
- * - Sends tosVersion + tosAcceptedAt in deploy requests
- */
-import { readFileSync, writeFileSync, existsSync, mkdirSync } from "node:fs";
-import { join } from "node:path";
-import consola from "consola";
-import { getConfigDir } from "./config.js";
-import { isTTY } from "./output.js";
-const TOS_FILE = join(getConfigDir(), "tos-accepted");
-// Bump this when ToS content changes — forces re-acceptance
-export const CURRENT_TOS_VERSION = "2026-03-28";
-const TOS_URL = "https://creek.dev/legal/terms";
-const AUP_URL = "https://creek.dev/legal/acceptable-use";
-/** Read stored ToS acceptance, if any. */
-export function readTosAcceptance() {
-    if (!existsSync(TOS_FILE))
-        return null;
-    try {
-        const data = JSON.parse(readFileSync(TOS_FILE, "utf-8"));
-        if (data.version && data.acceptedAt)
-            return data;
-        return null;
-    }
-    catch {
-        return null;
-    }
-}
-/** Store ToS acceptance locally. */
-export function writeTosAcceptance(acceptance) {
-    const dir = getConfigDir();
-    if (!existsSync(dir)) {
-        mkdirSync(dir, { recursive: true, mode: 0o700 });
-    }
-    writeFileSync(TOS_FILE, JSON.stringify(acceptance, null, 2), { mode: 0o600 });
-}
-/** Check if current ToS version has been accepted. */
-export function isTosAccepted() {
-    const acceptance = readTosAcceptance();
-    return acceptance?.version === CURRENT_TOS_VERSION;
-}
-/**
- * Ensure ToS is accepted before proceeding.
- *
- * @param autoConfirm - true if --yes flag is set
- * @returns TosAcceptance record to send with deploy request
- * @throws if user rejects ToS
- */
-export async function ensureTosAccepted(autoConfirm) {
-    // Already accepted current version?
-    const existing = readTosAcceptance();
-    if (existing?.version === CURRENT_TOS_VERSION)
-        return existing;
-    // Show ToS notice
-    consola.log("");
-    consola.log("  By deploying, you agree to Creek's Terms of Service");
-    consola.log("  and Acceptable Use Policy:");
-    consola.log(`  ${TOS_URL}`);
-    consola.log(`  ${AUP_URL}`);
-    consola.log("");
-    if (autoConfirm || !isTTY) {
-        // Non-interactive: implicit acceptance
-        consola.log("  Continuing implies acceptance of the above terms.");
-        consola.log("");
-    }
-    else {
-        // Interactive: ask for explicit acceptance
-        const readline = await import("node:readline");
-        const rl = readline.createInterface({
-            input: process.stdin,
-            output: process.stdout,
-        });
-        const answer = await new Promise((resolve) => {
-            rl.question("  Accept? [y/N] ", (ans) => {
-                rl.close();
-                resolve(ans.trim().toLowerCase());
-            });
-        });
-        if (answer !== "y" && answer !== "yes") {
-            consola.error("You must accept the Terms of Service to use Creek.");
-            process.exit(1);
-        }
-    }
-    const acceptance = {
-        version: CURRENT_TOS_VERSION,
-        acceptedAt: new Date().toISOString(),
-    };
-    writeTosAcceptance(acceptance);
-    return acceptance;
-}
-//# sourceMappingURL=tos.js.map