firebase-tools 13.29.2 → 13.30.0

package/lib/dataconnect/provisionCloudSql.js

@@ -33,6 +33,7 @@ async function provisionCloudSql(args) {
         if (err.status !== 404) {
             throw err;
         }
+        cmekWarning();
         const cta = dryRun ? "It will be created on your next deploy" : "Creating it now.";
         silent ||
             utils.logLabeledBullet("dataconnect", `CloudSQL instance '${instanceId}' not found.` +
@@ -112,3 +113,9 @@ function getUpdateReason(instance, requireGoogleMlIntegration) {
     return reason;
 }
 exports.getUpdateReason = getUpdateReason;
+function cmekWarning() {
+    const message = "The no-cost Cloud SQL trial instance does not support customer managed encryption keys.\n" +
+        "If you'd like to use a CMEK to encrypt your data, first create a CMEK encrypted instance (https://cloud.google.com/sql/docs/postgres/configure-cmek#createcmekinstance).\n" +
+        "Then, edit your `dataconnect.yaml` file to use the encrypted instance and redeploy.";
+    utils.logLabeledWarning("dataconnect", message);
+}

package/lib/deploy/functions/prepare.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.loadCodebases = exports.resolveCpuAndConcurrency = exports.inferBlockingDetails = exports.updateEndpointTargetedStatus = exports.inferDetailsFromExisting = exports.prepare = exports.EVENTARC_SOURCE_ENV = void 0;
+exports.warnIfNewGenkitFunctionIsMissingSecrets = exports.loadCodebases = exports.resolveCpuAndConcurrency = exports.inferBlockingDetails = exports.updateEndpointTargetedStatus = exports.inferDetailsFromExisting = exports.prepare = exports.EVENTARC_SOURCE_ENV = void 0;
 const clc = require("colorette");
 const backend = require("./backend");
 const build = require("./build");
@@ -28,6 +28,7 @@ const applyHash_1 = require("./cache/applyHash");
 const backend_1 = require("./backend");
 const functional_1 = require("../../functional");
 const prepare_1 = require("../extensions/prepare");
+const prompt = require("../../prompt");
 exports.EVENTARC_SOURCE_ENV = "EVENTARC_CLOUD_EVENT_SOURCE";
 async function prepare(context, options, payload) {
     var _a, _b;
@@ -170,6 +171,7 @@ async function prepare(context, options, payload) {
     }
     const wantBackend = backend.merge(...Object.values(wantBackends));
     const haveBackend = backend.merge(...Object.values(haveBackends));
+    await warnIfNewGenkitFunctionIsMissingSecrets(wantBackend, haveBackend, options);
     await Promise.all(Object.values(wantBackend.requiredAPIs).map(({ api }) => {
         return ensureApiEnabled.ensure(projectId, api, "functions", false);
     }));
@@ -324,3 +326,27 @@ async function loadCodebases(config, options, firebaseConfig, runtimeConfig, fil
     return wantBuilds;
 }
 exports.loadCodebases = loadCodebases;
+async function warnIfNewGenkitFunctionIsMissingSecrets(have, want, options) {
+    if (options.force) {
+        return;
+    }
+    const newAndMissingSecrets = backend.allEndpoints(backend.matchingBackend(want, (e) => {
+        var _a;
+        if (!backend.isCallableTriggered(e) || !e.callableTrigger.genkitAction) {
+            return false;
+        }
+        if ((_a = e.secretEnvironmentVariables) === null || _a === void 0 ? void 0 : _a.length) {
+            return false;
+        }
+        return !backend.hasEndpoint(have)(e);
+    }));
+    if (newAndMissingSecrets.length) {
+        const message = `The function(s) ${newAndMissingSecrets.map((e) => e.id).join(", ")} use Genkit but do not have access to a secret. ` +
+            "This may cause the function to fail if it depends on an API key. To learn more about granting a function access to " +
+            "secrets, see https://firebase.google.com/docs/functions/config-env?gen=2nd#secret_parameters. Continue?";
+        if (!(await prompt.confirm({ message, nonInteractive: options.nonInteractive }))) {
+            throw new error_1.FirebaseError("Aborted");
+        }
+    }
+}
+exports.warnIfNewGenkitFunctionIsMissingSecrets = warnIfNewGenkitFunctionIsMissingSecrets;

package/lib/emulator/dataconnect/pgliteServer.js

@@ -28,6 +28,7 @@ const index_1 = require("./pg-gateway/index");
 const node_1 = require("./pg-gateway/platforms/node");
 const logger_1 = require("../../logger");
 const error_1 = require("../../error");
+const node_string_decoder_1 = require("node:string_decoder");
 exports.TRUNCATE_TABLES_SQL = `
 DO $do$
 DECLARE _clear text;
@@ -52,6 +53,9 @@ class PostgresServer {
                         return;
                     }
                     const db = await getDb();
+                    if (data[0] === index_1.FrontendMessageCode.Terminate) {
+                        await db.query("DEALLOCATE ALL");
+                    }
                     const result = await db.execProtocolRaw(data);
                     return extendedQueryPatch.filterResponse(data, result);
                 },
@@ -151,6 +155,9 @@ class PGliteExtendedQueryPatch {
                 index_1.FrontendMessageCode.Bind,
                 index_1.FrontendMessageCode.Close,
             ];
+            const decoder = new node_string_decoder_1.StringDecoder();
+            const decoded = decoder.write(message);
+            logger_1.logger.debug(decoded);
             if (pipelineStartMessages.includes(message[0])) {
                 this.isExtendedQuery = true;
             }

package/lib/emulator/downloadableEmulators.js

@@ -48,20 +48,20 @@ const EMULATOR_UPDATE_DETAILS = {
     },
     dataconnect: process.platform === "darwin"
         ? {
-            version: "1.7.6",
-            expectedSize: 25322240,
-            expectedChecksum: "2dda7394330fd1aba37605466941eef0",
+            version: "1.7.7",
+            expectedSize: 25359104,
+            expectedChecksum: "c5481addc04e14d10538add7aabda183",
         }
         : process.platform === "win32"
             ? {
-                version: "1.7.6",
-                expectedSize: 25752064,
-                expectedChecksum: "283c11e28a0072b596531b79462a8e94",
+                version: "1.7.7",
+                expectedSize: 25788416,
+                expectedChecksum: "9f7e5b9bcbca47de509fbc26cc1e0fa8",
             }
             : {
-                version: "1.7.6",
-                expectedSize: 25235608,
-                expectedChecksum: "f66e24b3726df57cd1f1685a64a87904",
+                version: "1.7.7",
+                expectedSize: 25268376,
+                expectedChecksum: "fb239ecf5dcbf87b762d12a3e9dee012",
             },
 };
 exports.DownloadDetails = {

package/lib/extensions/provisioningHelper.js

@@ -97,7 +97,7 @@ async function isStorageProvisioned(projectId) {
     return !!((_b = (_a = resp.body) === null || _a === void 0 ? void 0 : _a.buckets) === null || _b === void 0 ? void 0 : _b.find((bucket) => {
         const bucketResourceName = bucket.name;
         const bucketResourceNameTokens = bucketResourceName.split("/");
-        const pattern = "^" + projectId + "(.[[a-z0-9]+)*.appspot.com$";
+        const pattern = "^" + projectId + "(.[[a-z0-9]+)*.(appspot.com|firebasestorage.app)$";
         return new RegExp(pattern).test(bucketResourceNameTokens[bucketResourceNameTokens.length - 1]);
     }));
 }

package/lib/frameworks/index.js

@@ -366,7 +366,7 @@ async function prepareFrameworks(purpose, targetNames, context, options, emulato
             await (0, promises_1.writeFile)((0, path_1.join)(functionsDist, ".env"), `${dotEnvContents}
 __FIREBASE_FRAMEWORKS_ENTRY__=${frameworksEntry}
 ${firebaseDefaults ? `__FIREBASE_DEFAULTS__=${JSON.stringify(firebaseDefaults)}\n` : ""}`.trimStart());
-            const envs = await (0, glob_1.glob)(getProjectPath(".env.*"));
+            const envs = await (0, glob_1.glob)(getProjectPath(".env.*"), { windowsPathsNoEscape: utils_2.IS_WINDOWS });
             await Promise.all(envs.map((path) => (0, promises_1.copyFile)(path, (0, path_1.join)(functionsDist, (0, path_1.basename)(path)))));
             (0, child_process_1.execSync)(`npm i --omit dev --no-audit`, {
                 cwd: functionsDist,

package/lib/frameworks/utils.js

@@ -123,7 +123,9 @@ function simpleProxy(hostOrRequestHandler) {
             });
         }
         else {
-            const proxiedRes = proxyResponse(originalReq, originalRes, next);
+            const proxiedRes = proxyResponse(originalReq, originalRes, () => {
+                void hostOrRequestHandler(originalReq, originalRes, next);
+            });
             await hostOrRequestHandler(originalReq, proxiedRes, next);
         }
     };

package/lib/gcp/cloudfunctionsv2.js

@@ -259,6 +259,9 @@ function functionFromEndpoint(endpoint) {
     }
     else if (backend.isCallableTriggered(endpoint)) {
         gcfFunction.labels = Object.assign(Object.assign({}, gcfFunction.labels), { "deployment-callable": "true" });
+        if (endpoint.callableTrigger.genkitAction) {
+            gcfFunction.labels["genkit-action"] = "true";
+        }
     }
     else if (backend.isBlockingTriggered(endpoint)) {
         gcfFunction.labels = Object.assign(Object.assign({}, gcfFunction.labels), { [constants_1.BLOCKING_LABEL]: constants_1.BLOCKING_EVENT_TO_LABEL_KEY[endpoint.blockingTrigger.eventType] });

package/lib/init/features/dataconnect/index.js

@@ -102,7 +102,8 @@ async function askQuestions(setup, isBillingEnabled) {
     else {
         const defaultServiceId = toDNSCompatibleId((0, path_1.basename)(process.cwd()));
         info.serviceId = info.serviceId || defaultServiceId;
-        info.cloudSqlInstanceId = info.cloudSqlInstanceId || `${info.serviceId || "app"}-fdc`;
+        info.cloudSqlInstanceId =
+            info.cloudSqlInstanceId || `${info.serviceId.toLowerCase() || "app"}-fdc`;
         info.locationId = info.locationId || `us-central1`;
         info.cloudSqlDatabase = info.cloudSqlDatabase || `fdcdb`;
     }
@@ -270,7 +271,7 @@ async function promptForCloudSQL(setup, info) {
         info.cloudSqlInstanceId = await (0, prompt_1.promptOnce)({
             message: `What ID would you like to use for your new CloudSQL instance?`,
             type: "input",
-            default: `${info.serviceId || "app"}-fdc`,
+            default: `${info.serviceId.toLowerCase() || "app"}-fdc`,
         });
     }
     if (info.locationId === "") {

package/lib/init/features/genkit/index.js

@@ -14,9 +14,11 @@ const ensureApiEnabled_1 = require("../../../ensureApiEnabled");
 const logger_1 = require("../../../logger");
 const error_1 = require("../../../error");
 const utils_1 = require("../../../utils");
+const UNKNOWN_VERSION_TOO_HIGH = "2.0.0";
+const LATEST_TEMPLATE = "1.0.0";
 async function getGenkitVersion() {
     let genkitVersion;
-    let templateVersion = "0.9.0";
+    let templateVersion = LATEST_TEMPLATE;
     let useInit = false;
     let stopInstall = false;
     if (process.env.GENKIT_DEV_VERSION && typeof process.env.GENKIT_DEV_VERSION === "string") {
@@ -39,7 +41,7 @@ async function getGenkitVersion() {
     if (!genkitVersion) {
         throw new error_1.FirebaseError("Unable to determine genkit version to install");
     }
-    if (semver.gte(genkitVersion, "1.0.0")) {
+    if (semver.gte(genkitVersion, UNKNOWN_VERSION_TOO_HIGH)) {
         const continueInstall = await (0, prompt_1.confirm)({
             message: clc.yellow(`WARNING: The latest version of Genkit (${genkitVersion}) isn't supported by this\n` +
                 "version of firebase-tools. You can proceed, but the provided sample code may\n" +
@@ -51,7 +53,11 @@ async function getGenkitVersion() {
             stopInstall = true;
         }
     }
+    else if (semver.gte(genkitVersion, "1.0.0-rc.1")) {
+        templateVersion = "1.0.0";
+    }
     else if (semver.gte(genkitVersion, "0.6.0")) {
+        templateVersion = "0.9.0";
     }
     else {
         templateVersion = "";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "firebase-tools",
-  "version": "13.29.2",
+  "version": "13.30.0",
   "description": "Command-Line Interface for Firebase",
   "main": "./lib/index.js",
   "bin": {
@@ -60,7 +60,7 @@
     ]
   },
   "dependencies": {
-    "@electric-sql/pglite": "^0.2.0",
+    "@electric-sql/pglite": "^0.2.16",
     "@google-cloud/cloud-sql-connector": "^1.3.3",
     "@google-cloud/pubsub": "^4.5.0",
     "abort-controller": "^3.0.0",

package/schema/dataconnect-yaml.json

@@ -17,6 +17,11 @@
             "instanceId": {
               "type": "string",
               "description": "The ID of the CloudSQL instance for this database"
+            },
+            "schemaValidation": {
+              "type": "string",
+              "enum": ["COMPATIBLE", "STRICT"],
+              "description": "Schema validation mode for schema migrations"
             }
           }
         }

package/templates/genkit/firebase.1.0.0.template

@@ -0,0 +1,66 @@
+// Import the Genkit core libraries and plugins.
+import {genkit, z} from "genkit";
+$GENKIT_CONFIG_IMPORTS
+$GENKIT_MODEL_IMPORT
+
+// Cloud Functions for Firebase supports Genkit natively. The onCallGenkit function creates a callable
+// function from a Genkit action. It automatically implements streaming if your flow does.
+// The https library also has other utility methods such as hasClaim, which verifies that
+// a caller's token has a specific claim (optionally matching a specific value)
+import { onCallGenkit, hasClaim } from "firebase-functions/https";
+
+// Genkit models generally depend on an API key. APIs should be stored in Cloud Secret Manager so that
+// access to these sensitive values can be controlled. defineSecret does this for you automatically.
+// If you are using Google generative AI you can get an API key at https://aistudio.google.com/app/apikey
+import { defineSecret } from "firebase-functions/params";
+const apiKey = defineSecret("GOOGLE_GENAI_API_KEY");
+
+const ai = genkit({
+  plugins: [
+$GENKIT_CONFIG_PLUGINS
+  ],
+});
+
+// Define a simple flow that prompts an LLM to generate menu suggestions.
+const menuSuggestionFlow = ai.defineFlow({
+    name: "menuSuggestionFlow",
+    inputSchema: z.string(),
+    outputSchema: z.string(),
+    streamSchema: z.string(),
+  }, async (subject, { sendChunk }) => {
+    // Construct a request and send it to the model API.
+    const prompt =
+      `Suggest an item for the menu of a ${subject} themed restaurant`;
+    const { response, stream } = ai.generateStream({
+      model: $GENKIT_MODEL,
+      prompt: prompt,
+      config: {
+        temperature: 1,
+      },
+    });
+
+    for await (const chunk of stream) {
+      sendChunk(chunk.text);
+    }
+
+    // Handle the response from the model API. In this sample, we just
+    // convert it to a string, but more complicated flows might coerce the
+    // response into structured output or chain the response into another
+    // LLM call, etc.
+    return (await response).text;
+  }
+);
+
+export const menuSuggestion = onCallGenkit({
+  // Uncomment to enable AppCheck. This can reduce costs by ensuring only your Verified
+  // app users can use your API. Read more at https://firebase.google.com/docs/app-check/cloud-functions
+  // enforceAppCheck: true,
+
+  // authPolicy can be any callback that accepts an AuthData (a uid and tokens dictionary) and the
+  // request data. The isSignedIn() and hasClaim() helpers can be used to simplify. The following
+  // will require the user to have the email_verified claim, for example.
+  // authPolicy: hasClaim("email_verified"),
+
+  // Grant access to the API key to this function:
+  secrets: [apiKey],
+}, menuSuggestionFlow);

package/templates/init/dataconnect/mutations.gql

@@ -1,36 +1,20 @@
 # # Example mutations for a simple movie app
 
 # # Create a movie based on user input
-# mutation CreateMovie(
-#   $title: String!
-#   $genre: String!
-#   $imageUrl: String!
-# ) @auth(level: USER_EMAIL_VERIFIED) {
-#   movie_insert(
-#     data: {
-#       title: $title
-#       genre: $genre
-#       imageUrl: $imageUrl
-#     }
-#   )
+# mutation CreateMovie($title: String!, $genre: String!, $imageUrl: String!)
+# @auth(level: USER_EMAIL_VERIFIED) {
+#   movie_insert(data: { title: $title, genre: $genre, imageUrl: $imageUrl })
 # }
 
 # # Upsert (update or insert) a user's username based on their auth.uid
 # mutation UpsertUser($username: String!) @auth(level: USER) {
-#   user_upsert(
-#     data: {
-#       id_expr: "auth.uid"
-#       username: $username
-#     }
-#   )
+#   # The "auth.uid" server value ensures that users can only register their own user.
+#   user_upsert(data: { id_expr: "auth.uid", username: $username })
 # }
 
 # # Add a review for a movie
-# mutation AddReview(
-#   $movieId: UUID!
-#   $rating: Int!
-#   $reviewText: String!
-# ) @auth(level: USER) {
+# mutation AddReview($movieId: UUID!, $rating: Int!, $reviewText: String!)
+# @auth(level: USER) {
 #   review_upsert(
 #     data: {
 #       userId_expr: "auth.uid"
@@ -43,8 +27,7 @@
 # }
 
 # # Logged in user can delete their review for a movie
-# mutation DeleteReview(
-#   $movieId: UUID!
-# ) @auth(level: USER) {
+# mutation DeleteReview($movieId: UUID!) @auth(level: USER) {
+#   # The "auth.uid" server value ensures that users can only delete their own reviews.
 #   review_delete(key: { userId_expr: "auth.uid", movieId: $movieId })
 # }

package/templates/init/dataconnect/queries.gql

@@ -13,19 +13,21 @@
 
 # # List all users, only admins should be able to list all users, so we use NO_ACCESS
 # query ListUsers @auth(level: NO_ACCESS) {
-#   users { id, username }
+#   users {
+#     id
+#     username
+#   }
 # }
 
-# # Logged in user can list all their reviews and movie titles associated with the review 
-# # Since the query requires the uid of the current authenticated user, the auth level is set to USER
+# # Logged in users can list all their reviews and movie titles associated with the review
+# # Since the query uses the uid of the current authenticated user, we set auth level to USER
 # query ListUserReviews @auth(level: USER) {
-#   user(key: {id_expr: "auth.uid"}) {
+#   user(key: { id_expr: "auth.uid" }) {
 #     id
 #     username
 #     # <field>_on_<foreign_key_field> makes it easy to grab info from another table
 #     # Here, we use it to grab all the reviews written by the user.
 #     reviews: reviews_on_user {
-#       id
 #       rating
 #       reviewDate
 #       reviewText
@@ -50,7 +52,6 @@
 #       description
 #     }
 #     reviews: reviews_on_movie {
-#       id
 #       reviewText
 #       reviewDate
 #       rating
@@ -63,16 +64,10 @@
 # }
 
 # # Search for movies, actors, and reviews
-# query SearchMovie(
-#   $titleInput: String
-#   $genre: String
-# ) @auth(level: PUBLIC) {
+# query SearchMovie($titleInput: String, $genre: String) @auth(level: PUBLIC) {
 #   movies(
 #     where: {
-#       _and: [
-#         { genre: { eq: $genre } }
-#         { title: { contains: $titleInput } }
-#       ]
+#       _and: [{ genre: { eq: $genre } }, { title: { contains: $titleInput } }]
 #     }
 #   ) {
 #     id

package/templates/init/dataconnect/schema.gql

@@ -1,44 +1,51 @@
 # # Example schema for simple movie review app
 
-# # Users
-# # Suppose a user can leave reviews for movies
-# # user  -> reviews is a one to many relationship,
-# # movie -> reviews is a one to many relationship
-# # movie <-> user is a many to many relationship
+# # User table is keyed by Firebase Auth UID.
 # type User @table {
-#   id: String! @col(name: "user_auth")
-#   username: String! @col(name: "username", dataType: "varchar(50)")
-#   # The following are generated by the user: User! field in the Review table
-#   # reviews_on_user 
-#   # movies_via_Review
+#   # `@default(expr: "auth.uid")` sets it to Firebase Auth UID during insert and upsert.
+#   id: String! @default(expr: "auth.uid")
+#   username: String! @col(dataType: "varchar(50)")
+#   # The `user: User!` field in the Review table generates the following one-to-many query field.
+#   #  reviews_on_user: [Review!]!
+#   # The `Review` join table the following many-to-many query field.
+#   #  movies_via_Review: [Movie!]!
 # }
 
-# # Movies
+# # Movie is keyed by a randomly generated UUID.
 # type Movie @table {
-#   # The below parameter values are generated by default with @table, and can be edited manually.
-#   # implies directive `@col(name: "movie_id")`, generating a column name
-#   id: UUID! @default(expr: "uuidV4()")
+#   # If you do not pass a 'key' to `@table`, Data Connect automatically adds the following 'id' column.
+#   # Feel free to uncomment and customize it.
+#   #  id: UUID! @default(expr: "uuidV4()")
 #   title: String!
 #   imageUrl: String!
 #   genre: String
 # }
 
-# # Movie Metadata
-# # Movie - MovieMetadata is a one-to-one relationship
+# # MovieMetadata is a metadata attached to a Movie.
+# # Movie <-> MovieMetadata is a one-to-one relationship
 # type MovieMetadata @table {
-#   # @unique indicates a 1-1 relationship
-#   movie: Movie! @unique 
-#   # movieId: UUID <- this is created by the above reference
+#   # @unique ensures each Movie can only one MovieMetadata.
+#   movie: Movie! @unique
+#   # The movie field adds the following foreign key field. Feel free to uncomment and customize it.
+#   #  movieId: UUID!
 #   rating: Float
 #   releaseYear: Int
 #   description: String
 # }
 
-# # Reviews
+# # Reviews is a join table between User and Movie.
+# # It has a composite primary keys `userUid` and `movieId`.
+# # A user can leave reviews for many movies. A movie can have reviews from many users.
+# # User  <-> Review is a one-to-many relationship
+# # Movie <-> Review is a one-to-many relationship
+# # Movie <-> User is a many-to-many relationship
 # type Review @table(name: "Reviews", key: ["movie", "user"]) {
-#   id: UUID! @default(expr: "uuidV4()")
 #   user: User!
+#   # The user field adds the following foreign key field. Feel free to uncomment and customize it.
+#   #  userUid: String!
 #   movie: Movie!
+#   # The movie field adds the following foreign key field. Feel free to uncomment and customize it.
+#   #  movieId: UUID!
 #   rating: Int
 #   reviewText: String
 #   reviewDate: Date! @default(expr: "request.time")