framer-dalton 0.0.8 → 0.0.10

package/dist/cli.js

@@ -1,16 +1,39 @@
 #!/usr/bin/env node
+import fs2 from 'fs';
 import path3 from 'path';
 import { Command } from 'commander';
-import fs2 from 'fs';
+import crypto from 'crypto';
+import http from 'http';
+import { spawn, execFile } from 'child_process';
 import os from 'os';
 import { z } from 'zod';
-import { spawn } from 'child_process';
 import { fileURLToPath } from 'url';
 import { createTRPCClient, httpLink } from '@trpc/client';
 
-/* @framer/ai CLI v0.0.8 */
+/* @framer/ai CLI v0.0.10 */
 var __defProp = Object.defineProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+function openUrl(url) {
+  const platform = process.platform;
+  let cmd;
+  let args;
+  if (platform === "darwin") {
+    cmd = "open";
+    args = [url];
+  } else if (platform === "win32") {
+    cmd = "cmd";
+    args = ["/c", "start", "", url];
+  } else {
+    cmd = "xdg-open";
+    args = [url];
+  }
+  return new Promise((resolve) => {
+    const child = execFile(cmd, args);
+    child.on("error", () => resolve(false));
+    child.on("exit", (code) => resolve(code === 0));
+  });
+}
+__name(openUrl, "openUrl");
 function getConfigDir() {
   if (process.env.XDG_CONFIG_HOME) {
     return path3.join(process.env.XDG_CONFIG_HOME, "framer");
@@ -149,6 +172,245 @@ function saveProject(project2) {
   writeProjectsConfig(config);
 }
 __name(saveProject, "saveProject");
+function clearApiKey(projectId) {
+  const config = readProjectsConfig();
+  if (!(projectId in config.projects)) return false;
+  delete config.projects[projectId];
+  writeProjectsConfig(config);
+  return true;
+}
+__name(clearApiKey, "clearApiKey");
+
+// src/utils.ts
+function formatError(error) {
+  if (error instanceof Error) {
+    return error.message;
+  }
+  return String(error);
+}
+__name(formatError, "formatError");
+function printJson(value) {
+  console.log(JSON.stringify(value, null, 2));
+}
+__name(printJson, "printJson");
+function print(message) {
+  console.log(message);
+}
+__name(print, "print");
+function printError(message) {
+  console.error(message);
+}
+__name(printError, "printError");
+
+// src/auth-callback.ts
+var TIMEOUT_MS = 3e5;
+var themes = {
+  dark: {
+    pageBackground: "rgb(17, 17, 17)",
+    modalBackground: "rgb(17, 17, 17)",
+    modalBorder: "rgba(255, 255, 255, 0.07)",
+    titleColor: "#fff",
+    textColor: "rgb(102, 102, 102)",
+    separatorColor: "rgba(255, 255, 255, 0.07)",
+    buttonBackground: "#333",
+    buttonBackgroundHover: "#3a3a3a",
+    buttonText: "#fff",
+    shadow: "0px 10px 30px 0px rgba(0, 0, 0, 0.15)"
+  },
+  light: {
+    pageBackground: "#eee",
+    modalBackground: "#fff",
+    modalBorder: "rgba(0, 0, 0, 0.07)",
+    titleColor: "#333",
+    textColor: "rgb(102, 102, 102)",
+    separatorColor: "rgba(0, 0, 0, 0.07)",
+    buttonBackground: "rgba(0, 0, 0, 0.05)",
+    buttonBackgroundHover: "rgba(0, 0, 0, 0.08)",
+    buttonText: "#333",
+    shadow: "0px 10px 30px 0px rgba(0, 0, 0, 0.15)"
+  }
+};
+function htmlPage(opts) {
+  const t = themes[opts.theme];
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width,initial-scale=1">
+<title>${opts.title}</title>
+<link rel="preconnect" href="https://fonts.googleapis.com">
+<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+<link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Inter:wght@500;600&display=swap">
+<style>
+*{margin:0;padding:0;box-sizing:border-box}
+body{font-family:"Inter",system-ui,-apple-system,sans-serif;font-feature-settings:"cv01" 1,"cv05" 1,"cv09" 1,"cv11" 1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;display:flex;justify-content:center;align-items:center;min-height:100vh;background:${t.pageBackground}}
+.modal{width:260px;padding:0 10px;border-radius:18px;background:${t.modalBackground};border:1px solid ${t.modalBorder};box-shadow:${t.shadow}}
+.header{display:flex;align-items:center;height:50px;border-bottom:1px solid ${t.separatorColor};color:${t.titleColor};font-size:12px;font-weight:600;line-height:1}
+.content{padding:10px 0}
+.text{color:${t.textColor};font-size:12px;font-weight:500;line-height:1.5;text-wrap:balance}
+.footer{padding:10px 0;border-top:1px solid ${t.separatorColor}}
+.footer button{display:block;width:100%;height:30px;border:none;border-radius:8px;background:${t.buttonBackground};color:${t.buttonText};font-size:12px;font-weight:600;cursor:pointer;font-family:inherit}
+.footer button:hover{background:${t.buttonBackgroundHover}}
+</style>
+</head>
+<body>
+<div class="modal">
+<div class="header">${opts.heading}</div>
+<div class="content"><span class="text">${opts.message}</span></div>
+</div>
+</body>
+</html>`;
+}
+__name(htmlPage, "htmlPage");
+function successHtml(theme) {
+  return htmlPage({
+    title: "Framer \u2014 Agent Approved",
+    heading: "Agent Approved",
+    message: "Your local agent now has edit access to the project. You can close this tab and continue with the local agent.",
+    theme
+  });
+}
+__name(successHtml, "successHtml");
+function deniedHtml(theme) {
+  return htmlPage({
+    title: "Framer \u2014 Authorization Denied",
+    heading: "Authorization Denied",
+    message: "Agent access was denied. You can close this tab.",
+    theme
+  });
+}
+__name(deniedHtml, "deniedHtml");
+function errorHtml(theme) {
+  return htmlPage({
+    title: "Framer \u2014 Authorization Failed",
+    heading: "Authorization Failed",
+    message: "Missing or invalid parameters. Please try again.",
+    theme
+  });
+}
+__name(errorHtml, "errorHtml");
+function parseTheme(value) {
+  return value === "light" ? "light" : "dark";
+}
+__name(parseTheme, "parseTheme");
+async function acquireKeyFromBrowser(projectId) {
+  const state = crypto.randomBytes(16).toString("hex");
+  return new Promise((resolve, reject) => {
+    let pendingResult = null;
+    const server = http.createServer((req, res) => {
+      const url = new URL(req.url ?? "/", `http://127.0.0.1`);
+      if (url.pathname === "/done") {
+        const theme2 = parseTheme(url.searchParams.get("theme"));
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end(successHtml(theme2));
+        if (pendingResult) {
+          const { apiKey: apiKey2 } = pendingResult;
+          pendingResult = null;
+          cleanup();
+          print("\u2713 Agent authorized");
+          resolve(apiKey2);
+        }
+        return;
+      }
+      if (url.pathname === "/error") {
+        const theme2 = parseTheme(url.searchParams.get("theme"));
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end(errorHtml(theme2));
+        return;
+      }
+      if (url.pathname !== "/callback") {
+        res.writeHead(404);
+        res.end();
+        return;
+      }
+      const theme = parseTheme(url.searchParams.get("theme"));
+      const error = url.searchParams.get("error");
+      if (error === "denied") {
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end(deniedHtml(theme));
+        cleanup();
+        reject(new Error("Authorization denied by user."));
+        return;
+      }
+      const apiKey = url.searchParams.get("apiKey");
+      const returnedState = url.searchParams.get("state");
+      if (!apiKey || returnedState !== state) {
+        res.writeHead(302, { Location: `/error?theme=${theme}` });
+        res.end();
+        return;
+      }
+      pendingResult = { apiKey, theme };
+      res.writeHead(302, { Location: `/done?theme=${theme}` });
+      res.end();
+    });
+    const POLL_INTERVAL_MS = 1e3;
+    const pollTimer = setInterval(() => {
+      const apiKey = getApiKey(projectId);
+      if (apiKey) {
+        cleanup();
+        print("\u2713 API key detected from config");
+        resolve(apiKey);
+      }
+    }, POLL_INTERVAL_MS);
+    const HINT_MS = 55e3;
+    const hintTimer = setTimeout(() => {
+      const settingsUrl = `https://framer.com/projects/${projectId}?view=settings%3Aproject`;
+      print("");
+      printError("Taking a while? You can generate an API key manually:");
+      printError(`  1. Open Site Settings \u2192 General: ${settingsUrl}`);
+      printError("  2. Scroll to API Keys and create a new key");
+      printError(
+        `  3. In another terminal, run: framer project auth ${projectId} <your-api-key>`
+      );
+      print("");
+      print("Waiting for authorization in browser...");
+    }, HINT_MS);
+    const timer = setTimeout(() => {
+      cleanup();
+      reject(
+        new Error(
+          "Browser authorization timed out. Use `framer project auth <projectUrlOrId> <apiKey>` instead."
+        )
+      );
+    }, TIMEOUT_MS);
+    function cleanup() {
+      clearTimeout(timer);
+      clearTimeout(hintTimer);
+      clearInterval(pollTimer);
+      server.close();
+    }
+    __name(cleanup, "cleanup");
+    server.listen(0, "127.0.0.1", async () => {
+      const addr = server.address();
+      if (!addr || typeof addr === "string") {
+        cleanup();
+        reject(new Error("Failed to start callback server."));
+        return;
+      }
+      const callbackUrl = `http://127.0.0.1:${addr.port}/callback`;
+      const deeplink = new URL("https://framer.com/projects/server-api/auth");
+      deeplink.searchParams.set("callback", callbackUrl);
+      deeplink.searchParams.set("state", state);
+      deeplink.searchParams.set("projectId", projectId);
+      const deeplinkStr = deeplink.toString();
+      const opened = await openUrl(deeplinkStr);
+      if (opened) {
+        print("Waiting for authorization in browser...");
+      } else {
+        printError("Could not open browser. Open this URL manually:");
+        printError(deeplinkStr);
+      }
+    });
+  });
+}
+__name(acquireKeyFromBrowser, "acquireKeyFromBrowser");
+
+// src/connection-errors.ts
+var AUTH_ERROR_PATTERNS = ["does not have access", "UNAUTHORIZED"];
+function isAuthError(errorMessage) {
+  return AUTH_ERROR_PATTERNS.some((p) => errorMessage.includes(p));
+}
+__name(isAuthError, "isAuthError");
 
 // src/types-data.ts
 var types = {
@@ -2320,6 +2582,20 @@ var types = {
       }
     ]
   },
+  designpagecloneoptions: {
+    name: "DesignPageCloneOptions",
+    description: "",
+    kind: "interface",
+    references: [],
+    members: [
+      {
+        name: "name",
+        type: "string",
+        description: "",
+        optional: true
+      }
+    ]
+  },
   diagnosticbase: {
     name: "DiagnosticBase",
     description: "",
@@ -4495,7 +4771,7 @@ var types = {
     name: "LocationControl",
     description: "",
     kind: "interface",
-    references: ["ControlBase", "Location"],
+    references: ["ControlBase", "Location", "UnsupportedVariable"],
     members: [
       {
         name: "type",
@@ -4505,7 +4781,7 @@ var types = {
       },
       {
         name: "value",
-        type: "Location | undefined",
+        type: "Location | UnsupportedVariable | undefined",
         description: "",
         optional: true
       }
@@ -5549,6 +5825,18 @@ var types = {
         description: "",
         optional: false
       },
+      {
+        name: "cloneWebPage",
+        type: "(nodeId: NodeId, options?: WebPageCloneOptions) => Promise<SomeNodeData | null>",
+        description: "",
+        optional: false
+      },
+      {
+        name: "cloneDesignPage",
+        type: "(nodeId: NodeId, options?: DesignPageCloneOptions) => Promise<SomeNodeData | null>",
+        description: "",
+        optional: false
+      },
       {
         name: "getNode",
         type: "(nodeId: NodeId) => Promise<SomeNodeData | null>",
@@ -8300,6 +8588,20 @@ var types = {
       }
     ]
   },
+  webpagecloneoptions: {
+    name: "WebPageCloneOptions",
+    description: "",
+    kind: "interface",
+    references: [],
+    members: [
+      {
+        name: "path",
+        type: "string",
+        description: "",
+        optional: true
+      }
+    ]
+  },
   widthconstraint: {
     name: "WidthConstraint",
     description: "",
@@ -10425,7 +10727,7 @@ var methodsByCategory = {
     {
       name: "clone",
       category: "ComponentInstanceNode",
-      signature: 'clone(): Promise<(typeof this)[ClassKey] extends "UnknownNode" ? never : typeof this | null>',
+      signature: "clone(): Promise<typeof this | null>",
       description: 'Clone this node, creating a duplicate in the canvas tree.\n\n@returns The cloned node, or `null` if the clone failed.\n@throws If the node is an `UnknownNode`.\n\nUse `"Node.clone"` to check if this method is allowed.',
       references: []
     },
@@ -10704,7 +11006,7 @@ var methodsByCategory = {
     {
       name: "clone",
       category: "ComponentNode",
-      signature: 'clone(): Promise<(typeof this)[ClassKey] extends "UnknownNode" ? never : typeof this | null>',
+      signature: "clone(): Promise<typeof this | null>",
       description: 'Clone this node, creating a duplicate in the canvas tree.\n\n@returns The cloned node, or `null` if the clone failed.\n@throws If the node is an `UnknownNode`.\n\nUse `"Node.clone"` to check if this method is allowed.',
       references: []
     },
@@ -10943,9 +11245,9 @@ var methodsByCategory = {
     {
       name: "clone",
       category: "DesignPageNode",
-      signature: 'clone(): Promise<(typeof this)[ClassKey] extends "UnknownNode" ? never : typeof this | null>',
-      description: 'Clone this node, creating a duplicate in the canvas tree.\n\n@returns The cloned node, or `null` if the clone failed.\n@throws If the node is an `UnknownNode`.\n\nUse `"Node.clone"` to check if this method is allowed.',
-      references: []
+      signature: "clone(options?: DesignPageCloneOptions): Promise<this>",
+      description: "Clone the DesignPageNode into a new one with the same content\nIf the given name already exists, the cloned page will be created with a unique name.",
+      references: ["DesignPageCloneOptions"]
     },
     {
       name: "getChildren",
@@ -11457,7 +11759,7 @@ var methodsByCategory = {
     {
       name: "clone",
       category: "FrameNode",
-      signature: 'clone(): Promise<(typeof this)[ClassKey] extends "UnknownNode" ? never : typeof this | null>',
+      signature: "clone(): Promise<typeof this | null>",
       description: 'Clone this node, creating a duplicate in the canvas tree.\n\n@returns The cloned node, or `null` if the clone failed.\n@throws If the node is an `UnknownNode`.\n\nUse `"Node.clone"` to check if this method is allowed.',
       references: []
     },
@@ -13046,7 +13348,7 @@ var methodsByCategory = {
     {
       name: "clone",
       category: "SVGNode",
-      signature: 'clone(): Promise<(typeof this)[ClassKey] extends "UnknownNode" ? never : typeof this | null>',
+      signature: "clone(): Promise<typeof this | null>",
       description: 'Clone this node, creating a duplicate in the canvas tree.\n\n@returns The cloned node, or `null` if the clone failed.\n@throws If the node is an `UnknownNode`.\n\nUse `"Node.clone"` to check if this method is allowed.',
       references: []
     },
@@ -13265,7 +13567,7 @@ var methodsByCategory = {
     {
       name: "clone",
       category: "TextNode",
-      signature: 'clone(): Promise<(typeof this)[ClassKey] extends "UnknownNode" ? never : typeof this | null>',
+      signature: "clone(): Promise<typeof this | null>",
       description: 'Clone this node, creating a duplicate in the canvas tree.\n\n@returns The cloned node, or `null` if the clone failed.\n@throws If the node is an `UnknownNode`.\n\nUse `"Node.clone"` to check if this method is allowed.',
       references: []
     },
@@ -13813,7 +14115,7 @@ var methodsByCategory = {
     {
       name: "clone",
       category: "UnknownNode",
-      signature: 'clone(): Promise<(typeof this)[ClassKey] extends "UnknownNode" ? never : typeof this | null>',
+      signature: "clone(): Promise<typeof this | null>",
       description: 'Clone this node, creating a duplicate in the canvas tree.\n\n@returns The cloned node, or `null` if the clone failed.\n@throws If the node is an `UnknownNode`.\n\nUse `"Node.clone"` to check if this method is allowed.',
       references: []
     },
@@ -14012,7 +14314,7 @@ var methodsByCategory = {
     {
       name: "clone",
       category: "VectorSetItemNode",
-      signature: 'clone(): Promise<(typeof this)[ClassKey] extends "UnknownNode" ? never : typeof this | null>',
+      signature: "clone(): Promise<typeof this | null>",
       description: 'Clone this node, creating a duplicate in the canvas tree.\n\n@returns The cloned node, or `null` if the clone failed.\n@throws If the node is an `UnknownNode`.\n\nUse `"Node.clone"` to check if this method is allowed.',
       references: []
     },
@@ -14182,7 +14484,7 @@ var methodsByCategory = {
     {
       name: "clone",
       category: "VectorSetNode",
-      signature: 'clone(): Promise<(typeof this)[ClassKey] extends "UnknownNode" ? never : typeof this | null>',
+      signature: "clone(): Promise<typeof this | null>",
       description: 'Clone this node, creating a duplicate in the canvas tree.\n\n@returns The cloned node, or `null` if the clone failed.\n@throws If the node is an `UnknownNode`.\n\nUse `"Node.clone"` to check if this method is allowed.',
       references: []
     },
@@ -14303,9 +14605,9 @@ var methodsByCategory = {
     {
       name: "clone",
       category: "WebPageNode",
-      signature: 'clone(): Promise<(typeof this)[ClassKey] extends "UnknownNode" ? never : typeof this | null>',
-      description: 'Clone this node, creating a duplicate in the canvas tree.\n\n@returns The cloned node, or `null` if the clone failed.\n@throws If the node is an `UnknownNode`.\n\nUse `"Node.clone"` to check if this method is allowed.',
-      references: []
+      signature: "clone(options?: WebPageCloneOptions): Promise<this>",
+      description: "Clone the WebPageNode into a new one with the same content and settings, as a draft\nIf the given path already exists, the cloned page will be created with a unique path.",
+      references: ["WebPageCloneOptions"]
     },
     {
       name: "collectionId",
@@ -14608,7 +14910,7 @@ ${typeDef}`);
 __name(renderDocs, "renderDocs");
 var __filename$1 = fileURLToPath(import.meta.url);
 var __dirname$1 = path3.dirname(__filename$1);
-var VERSION = "0.0.8" ;
+var VERSION = "0.0.10" ;
 var RELAY_PORT = Number(process.env.FRAMER_CLI_PORT) || 19988;
 var client = createTRPCClient({
   links: [
@@ -14793,27 +15095,6 @@ function installSkills(options = { type: "base" }) {
 }
 __name(installSkills, "installSkills");
 
-// src/utils.ts
-function formatError(error) {
-  if (error instanceof Error) {
-    return error.message;
-  }
-  return String(error);
-}
-__name(formatError, "formatError");
-function printJson(value) {
-  console.log(JSON.stringify(value, null, 2));
-}
-__name(printJson, "printJson");
-function print(message) {
-  console.log(message);
-}
-__name(print, "print");
-function printError(message) {
-  console.error(message);
-}
-__name(printError, "printError");
-
 // src/cli.ts
 var program = new Command();
 program.name("framer").version(VERSION).description("Framer Server API CLI");
@@ -14892,22 +15173,18 @@ async function refreshSkillsFromSession(sessionId, projectId) {
   }
 }
 __name(refreshSkillsFromSession, "refreshSkillsFromSession");
-function resolveSessionCredentials(projectUrlOrId, apiKey) {
+async function resolveSessionCredentials(projectUrlOrId) {
   try {
     const projectId = extractProjectId(projectUrlOrId);
-    if (apiKey) {
-      return { projectId, apiKey };
-    }
     const cachedApiKey = getApiKey(projectId);
     if (cachedApiKey) {
       return { projectId, apiKey: cachedApiKey };
     }
-    printError("No API key provided and none cached for this project.");
-    printError("");
-    printError("Usage: framer session new <projectUrl> <apiKey>");
-    process.exit(1);
+    const newApiKey = await acquireKeyFromBrowser(projectId);
+    saveProject({ projectId, apiKey: newApiKey });
+    return { projectId, apiKey: newApiKey };
   } catch (err) {
-    printError(`Failed to create session: ${formatError(err)}`);
+    printError(`Failed to resolve credentials: ${formatError(err)}`);
     process.exit(1);
   }
 }
@@ -14937,9 +15214,17 @@ async function ensureRelayForCli() {
   }
 }
 __name(ensureRelayForCli, "ensureRelayForCli");
-program.option("-s, --session <id>", "Session ID (required for code execution)").option("-e, --eval <code>", "Code to execute (or pipe via stdin)").action(async (options) => {
-  const { session: sessionId, eval: evalCode } = options;
+program.option("-s, --session <id>", "Session ID (required for code execution)").option("-e, --eval <code>", "Code to execute (or pipe via stdin)").option("-f, --file <path>", "File containing code to execute").action(async (options) => {
+  const { session: sessionId, eval: evalCode, file: filePath } = options;
   let code = evalCode;
+  if (!code && filePath) {
+    try {
+      code = fs2.readFileSync(filePath, "utf-8");
+    } catch (err) {
+      printError(`Failed to read file: ${formatError(err)}`);
+      process.exit(1);
+    }
+  }
   if (!code && !process.stdin.isTTY) {
     code = await readStdin();
   }
@@ -14950,7 +15235,7 @@ program.option("-s, --session <id>", "Session ID (required for code execution)")
   if (!sessionId) {
     printError("Error: -s/--session is required.");
     printError(
-      "Run `framer session new <projectUrl> <apiKey>` first to get a session ID."
+      "Run `framer session new <projectUrlOrId>` first to get a session ID."
     );
     process.exit(1);
   }
@@ -14974,9 +15259,11 @@ program.option("-s, --session <id>", "Session ID (required for code execution)")
   }
 });
 var session = program.command("session").description("Manage sessions");
-session.command("new <projectUrlOrId> [apiKey]").description("Create a new session and print the session ID").action(async (projectUrlOrId, apiKey) => {
-  const credentials = resolveSessionCredentials(projectUrlOrId, apiKey);
-  await ensureRelayForCli();
+session.command("new <projectUrlOrId>").description("Create a new session and print the session ID").action(async (projectUrlOrId) => {
+  const [credentials] = await Promise.all([
+    resolveSessionCredentials(projectUrlOrId),
+    ensureRelayForCli()
+  ]);
   try {
     const result = await client.createSession.mutate({
       projectId: credentials.projectId,
@@ -14995,7 +15282,15 @@ session.command("new <projectUrlOrId> [apiKey]").description("Create a new sessi
     });
     print(sessionId);
   } catch (err) {
-    printError(`Failed to create session: ${formatError(err)}`);
+    const message = formatError(err);
+    printError(`Failed to create session: ${message}`);
+    if (isAuthError(message)) {
+      clearApiKey(credentials.projectId);
+      printError("The stored API key was invalid and has been removed.");
+      printError(
+        `Please try creating a session again. This will start a browser authentication flow`
+      );
+    }
     process.exit(1);
   }
 });
@@ -15023,6 +15318,16 @@ project.command("list").description("List recently used projects").action(() =>
     }))
   );
 });
+project.command("auth <projectUrlOrId> [apiKey]").description("Authorize and save a project").action(async (projectUrlOrId, apiKey) => {
+  const projectId = extractProjectId(projectUrlOrId);
+  if (apiKey) {
+    saveProject({ projectId, apiKey });
+  } else {
+    const credentials = await resolveSessionCredentials(projectUrlOrId);
+    saveProject(credentials);
+  }
+  print(`Project ${projectId} saved`);
+});
 session.command("destroy <sessionId>").description("Destroy a session").action(async (sessionId) => {
   await ensureRelayForCli();
   try {

package/dist/start-relay-server.js

@@ -13,9 +13,50 @@ import { createRequire } from 'module';
 import * as vm from 'vm';
 import { connect } from 'framer-api';
 
-/* @framer/ai relay server v0.0.8 */
+/* @framer/ai relay server v0.0.10 */
 var __defProp = Object.defineProperty;
+var __knownSymbol = (name, symbol) => (symbol = Symbol[name]) ? symbol : /* @__PURE__ */ Symbol.for("Symbol." + name);
+var __typeError = (msg) => {
+  throw TypeError(msg);
+};
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __using = (stack, value, async) => {
+  if (value != null) {
+    if (typeof value !== "object" && typeof value !== "function") __typeError("Object expected");
+    var dispose, inner;
+    if (dispose === void 0) {
+      dispose = value[__knownSymbol("dispose")];
+    }
+    if (typeof dispose !== "function") __typeError("Object not disposable");
+    if (inner) dispose = function() {
+      try {
+        inner.call(this);
+      } catch (e) {
+        return Promise.reject(e);
+      }
+    };
+    stack.push([async, dispose, value]);
+  }
+  return value;
+};
+var __callDispose = (stack, error, hasError) => {
+  var E = typeof SuppressedError === "function" ? SuppressedError : function(e, s, m, _) {
+    return _ = Error(m), _.name = "SuppressedError", _.error = e, _.suppressed = s, _;
+  };
+  var fail = (e) => error = hasError ? new E(e, error, "An error was suppressed during disposal") : (hasError = true, e);
+  var next = (it) => {
+    while (it = stack.pop()) {
+      try {
+        var result = it[1] && it[1].call(it[2]);
+        if (it[0]) return Promise.resolve(result).then(next, (e) => (fail(e), next()));
+      } catch (e) {
+        fail(e);
+      }
+    }
+    if (hasError) throw error;
+  };
+  return next();
+};
 function getLogPath() {
   if (process.env.XDG_STATE_HOME) {
     return path.join(process.env.XDG_STATE_HOME, "framer", "relay.log");
@@ -50,7 +91,7 @@ function log(message) {
 __name(log, "log");
 var __filename$1 = fileURLToPath(import.meta.url);
 path.dirname(__filename$1);
-var VERSION = "0.0.8" ;
+var VERSION = "0.0.10" ;
 var RELAY_PORT = Number(process.env.FRAMER_CLI_PORT) || 19988;
 createTRPCClient({
   links: [
@@ -85,6 +126,11 @@ function isConnectionError(errorMessage) {
   );
 }
 __name(isConnectionError, "isConnectionError");
+var AUTH_ERROR_PATTERNS = ["does not have access", "UNAUTHORIZED"];
+function isAuthError(errorMessage) {
+  return AUTH_ERROR_PATTERNS.some((p) => errorMessage.includes(p));
+}
+__name(isAuthError, "isAuthError");
 var ScopedFS = class {
   static {
     __name(this, "ScopedFS");
@@ -481,7 +527,8 @@ var ConnectionPool = class {
     const connection = await connect(projectId, apiKey);
     this.pool.set(projectId, {
       connection,
-      sessions: /* @__PURE__ */ new Set([session])
+      sessions: /* @__PURE__ */ new Set([session]),
+      connected: true
     });
     return connection;
   }
@@ -510,11 +557,26 @@ var ConnectionPool = class {
     if (!entry) return null;
     try {
       await entry.connection.reconnect();
+      entry.connected = true;
       return entry.connection;
     } catch {
       return null;
     }
   }
+  /**
+   * Disconnect a project's connection without removing sessions.
+   * The next exec will trigger a reconnect via executeWithReconnect.
+   */
+  async disconnect(projectId) {
+    const entry = this.pool.get(projectId);
+    if (!entry || !entry.connected) return;
+    entry.connected = false;
+    await entry.connection.disconnect();
+  }
+  isConnected(projectId) {
+    const entry = this.pool.get(projectId);
+    return entry?.connected ?? false;
+  }
   /**
    * Release a session from a connection.
    * If no sessions remain, the connection is disconnected and removed.
@@ -543,11 +605,14 @@ var ConnectionPool = class {
 var connectionPool = new ConnectionPool();
 
 // src/session-manager.ts
+var SESSION_IDLE_TIMEOUT_MS = 60 * 1e3;
+var SESSION_IDLE_CHECK_INTERVAL_MS = 30 * 1e3;
 var SessionManager = class {
   static {
     __name(this, "SessionManager");
   }
   sessions = /* @__PURE__ */ new Map();
+  idleCheck = null;
   async create(projectId, apiKey) {
     let id = 1;
     while (this.sessions.has(String(id))) {
@@ -557,9 +622,13 @@ var SessionManager = class {
       id: String(id),
       projectId,
       apiKey,
-      state: {}
+      state: {},
+      lastActivityAt: 0,
+      inflight: 0
     };
+    this.startIdleCheck();
     await connectionPool.acquire(projectId, apiKey, session);
+    session.lastActivityAt = Date.now();
     this.sessions.set(String(id), session);
     return String(id);
   }
@@ -579,6 +648,21 @@ var SessionManager = class {
   async reconnect(session) {
     return connectionPool.reconnect(session.projectId);
   }
+  /** Marks session as actively executing. Dispose to release. */
+  exec(id) {
+    const session = this.sessions.get(id);
+    if (session) {
+      session.inflight++;
+    }
+    return {
+      [Symbol.dispose]: () => {
+        if (session) {
+          session.inflight--;
+          session.lastActivityAt = Date.now();
+        }
+      }
+    };
+  }
   async destroy(id) {
     const session = this.sessions.get(id);
     if (!session) {
@@ -586,12 +670,50 @@ var SessionManager = class {
     }
     await connectionPool.release(session.projectId, session);
     this.sessions.delete(id);
+    if (this.sessions.size === 0) {
+      this.stopIdleCheck();
+    }
   }
   async destroyAll() {
     for (const id of this.sessions.keys()) {
       await this.destroy(id);
     }
   }
+  startIdleCheck() {
+    if (this.idleCheck) return;
+    this.idleCheck = setInterval(() => {
+      this.reapIdleSessions().catch((err) => {
+        log(`reap error: ${err instanceof Error ? err.message : err}`);
+      });
+    }, SESSION_IDLE_CHECK_INTERVAL_MS);
+    this.idleCheck.unref();
+  }
+  stopIdleCheck() {
+    if (this.idleCheck) {
+      clearInterval(this.idleCheck);
+      this.idleCheck = null;
+    }
+  }
+  async reapIdleSessions() {
+    const now = Date.now();
+    const disconnects = [];
+    for (const session of this.sessions.values()) {
+      if (session.inflight > 0) continue;
+      if (now - session.lastActivityAt < SESSION_IDLE_TIMEOUT_MS) continue;
+      if (!connectionPool.isConnected(session.projectId)) continue;
+      const { projectId } = session;
+      log(`idle disconnect project=${projectId}`);
+      disconnects.push(connectionPool.disconnect(projectId));
+    }
+    const results = await Promise.allSettled(disconnects);
+    for (const result of results) {
+      if (result.status === "rejected") {
+        log(
+          `disconnect error: ${result.reason instanceof Error ? result.reason.message : result.reason}`
+        );
+      }
+    }
+  }
 };
 var sessionManager = new SessionManager();
 
@@ -605,9 +727,17 @@ var appRouter = t.router({
     return sessionManager.list();
   }),
   createSession: t.procedure.input(z.object({ projectId: z.string(), apiKey: z.string() })).mutation(async ({ input }) => {
-    const id = await sessionManager.create(input.projectId, input.apiKey);
-    log(`session.new id=${id} project=${input.projectId}`);
-    return { id };
+    try {
+      const id = await sessionManager.create(input.projectId, input.apiKey);
+      log(`session.new id=${id} project=${input.projectId}`);
+      return { id };
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      throw new TRPCError({
+        code: isAuthError(message) ? "UNAUTHORIZED" : "INTERNAL_SERVER_ERROR",
+        message
+      });
+    }
   }),
   destroySession: t.procedure.input(z.object({ sessionId: z.string() })).mutation(async ({ input }) => {
     await sessionManager.destroy(input.sessionId);
@@ -620,35 +750,43 @@ var appRouter = t.router({
       cwd: z.string().optional()
     })
   ).mutation(async ({ input }) => {
-    const { sessionId, code, cwd } = input;
-    const session = sessionManager.get(sessionId);
-    if (!session) {
-      throw new TRPCError({
-        code: "NOT_FOUND",
-        message: `Session ${sessionId} not found`
-      });
-    }
-    log(
-      `exec session=${sessionId} code=${JSON.stringify(code).slice(0, 100)}`
-    );
-    const framer = sessionManager.getFramer(session);
-    if (!framer) {
-      return {
-        output: [],
-        error: "Failed to get connection for session"
-      };
-    }
-    const result = await executeWithReconnect(
-      session,
-      framer,
-      code,
-      { cwd },
-      () => sessionManager.reconnect(session)
-    );
-    if (result.error) {
-      log(`exec.error session=${sessionId} error="${result.error}"`);
+    var _stack = [];
+    try {
+      const { sessionId, code, cwd } = input;
+      const session = sessionManager.get(sessionId);
+      if (!session) {
+        throw new TRPCError({
+          code: "NOT_FOUND",
+          message: `Session ${sessionId} not found`
+        });
+      }
+      const _guard = __using(_stack, sessionManager.exec(sessionId));
+      log(
+        `exec session=${sessionId} code=${JSON.stringify(code).slice(0, 100)}`
+      );
+      const framer = sessionManager.getFramer(session);
+      if (!framer) {
+        return {
+          output: [],
+          error: "Failed to get connection for session"
+        };
+      }
+      const result = await executeWithReconnect(
+        session,
+        framer,
+        code,
+        { cwd },
+        () => sessionManager.reconnect(session)
+      );
+      if (result.error) {
+        log(`exec.error session=${sessionId} error="${result.error}"`);
+      }
+      return result;
+    } catch (_) {
+      var _error = _, _hasError = true;
+    } finally {
+      __callDispose(_stack, _error, _hasError);
     }
-    return result;
   }),
   shutdown: t.procedure.mutation(() => {
     log("shutdown requested");
@@ -659,11 +797,25 @@ var appRouter = t.router({
 });
 
 // src/relay-server.ts
+var IDLE_TIMEOUT_MS = 24 * 60 * 60 * 1e3;
+var IDLE_CHECK_INTERVAL_MS = 60 * 1e3;
 var trpcHandler = createHTTPHandler({ router: appRouter });
 async function startRelayServer(port = RELAY_PORT) {
+  let lastActivityAt = Date.now();
   const server = http.createServer((req, res) => {
+    lastActivityAt = Date.now();
     trpcHandler(req, res);
   });
+  const idleCheck = setInterval(() => {
+    const idleMs = Date.now() - lastActivityAt;
+    if (idleMs >= IDLE_TIMEOUT_MS) {
+      log(`idle for ${Math.round(idleMs / 1e3)}s, shutting down`);
+      clearInterval(idleCheck);
+      server.close();
+      process.exit(0);
+    }
+  }, IDLE_CHECK_INTERVAL_MS);
+  idleCheck.unref();
   return new Promise((resolve, reject) => {
     server.on("error", reject);
     server.listen(port, "127.0.0.1", () => {

package/docs/skills/framer-canvas-editing-project.md

@@ -1,7 +1,7 @@
 ---
 name: {{SKILL_NAME}}
 description: "Project-scoped Framer canvas editing skill for project {{PROJECT_ID}}. Very important: never load this skill without having already read the `framer` skill and without having already run `session new`, which will dynamically update this skill."
-allowed-tools: ["Bash(npx framer-dalton:*)", "Bash(npx framer-dalton@latest:*)"]
+allowed-tools: ["Bash(npx framer-dalton:*)", "Bash(npx framer-dalton@latest:*)", "Write(/tmp/framer-*)"]
 ---
 
 ## Project Scope
@@ -27,26 +27,26 @@ allowed-tools: ["Bash(npx framer-dalton:*)", "Bash(npx framer-dalton@latest:*)"]
 ## Workflow Loop
 
 ```bash
-# 1) Read page structure first
-framer -s <sessionId> <<'EOF'
-const { results } = await framer.readProjectForAgent(
-  [{ type: "page", path: "/" }],
-  { pagePath: "/" }
-);
+# 1) Read page structure first — write code to /tmp/framer-<sessionId>.js, then execute with -f
+# /tmp/framer-<sessionId>.js:
+#   const { results } = await framer.readProjectForAgent(
+#     [{ type: "page", path: "/" }],
+#     { pagePath: "/" }
+#   );
+#   console.log(results);
 
-console.log(results);
-EOF
+framer -s <sessionId> -f /tmp/framer-<sessionId>.js
 
 # 2) Request additional targeted queries only if needed
 
 # 3) Apply changes in a later call, once `dsl` has been prepared
-framer -s <sessionId> <<'EOF'
-const dsl = `
-...your canvas DSL...
-`;
+# /tmp/framer-<sessionId>.js:
+#   const dsl = `
+#   ...your canvas DSL...
+#   `;
+#   await framer.applyAgentChanges(dsl, { pagePath: "/" });
 
-await framer.applyAgentChanges(dsl, { pagePath: "/" });
-EOF
+framer -s <sessionId> -f /tmp/framer-<sessionId>.js
 ```
 
 ## Live Agent System Prompt
@@ -61,6 +61,6 @@ This is the static canvas-editing prompt returned by `framer.getAgentSystemPromp
 
 ## Live Agent Context (/)
 
-This is the dynamic project context returned by `framer.getAgentContext({ pagePath: "/" })`. It contains project-specific data for the current page, including available fonts, components and their controls, design tokens, style presets, and icon sets.
+This is the dynamic project context returned by `framer.getAgentContext({ pagePath: "/" })`. It contains project-specific data for the current page, including available fonts, available components, design tokens, style presets, and icon sets.
 
 {{AGENT_CONTEXT}}

package/docs/skills/framer.md

@@ -3,7 +3,7 @@ name: framer
 description: >
   Use when the user wants to design, edit, or publish a website or web page — creating layouts, editing sections, updating text or images, managing CMS collections and content, syncing external data, creating or modifying code components, managing color and text styles, handling localization, or publishing deployments. Trigger when the user mentions Framer, references their website or web pages, asks to edit designs, update site content, or work with any Framer project — even if they don't explicitly say 'Framer'. 
   **Mandatory precondition**: run `npx framer-dalton@latest setup` and let it complete **BEFORE** loading this skill.
-allowed-tools: ["Bash(npx framer-dalton:*)", "Bash(npx framer-dalton@latest:*)"]
+allowed-tools: ["Bash(npx framer-dalton:*)", "Bash(npx framer-dalton@latest:*)", "Write(/tmp/framer-*)"]
 ---
 
 If you didn't run this command before loading the skill, run it now:
@@ -45,8 +45,7 @@ Use that list to infer the likely project from the names and recency. If the rig
 Create a session:
 
 ```bash
-npx framer-dalton session new "<url or id>"           # Uses cached API key
-npx framer-dalton session new "<url or id>" "<apiKey>" # First time: needs API key (Project Settings > General > API Keys)
+npx framer-dalton session new "<url or id>"
 ```
 
 #### 2. Look up the API (before EVERY code execution)
@@ -60,12 +59,14 @@ npx framer-dalton docs Collection.getItems  # What are the parameters and return
 
 #### 3. Execute code
 
-Only after checking docs:
+Only after checking docs, write your code to a `framer-<sessionId>.js` file in the OS temp directory and execute with `-f`. Use the session ID in the filename to avoid collisions between parallel sessions:
 
 ```bash
-npx framer-dalton -s 1 -e "state.collections = await framer.getCollections(); console.log(state.collections.length)"
+npx framer-dalton -s 1 -f /tmp/framer-1.js
 ```
 
+On Windows, use the equivalent temp directory (e.g. `%TEMP%\framer-1.js`).
+
 #### 4. Store results in `state`
 
 Always save results you'll need again. Don't repeat API calls.
@@ -91,13 +92,23 @@ Always save results you'll need again. Don't repeat API calls.
 
 **Always store results in `state` when you'll need them again.** API calls are slow - don't repeat them.
 
+```js
+// /tmp/framer-1.js
+state.collections = await framer.getCollections();
+```
+
 ```bash
-# First call: fetch and store
-npx framer-dalton -s 1 -e "state.collections = await framer.getCollections()"
+npx framer-dalton -s 1 -f /tmp/framer-1.js
+```
 
-# Later calls: reuse from state
-npx framer-dalton -s 1 -e "const team = state.collections.find(c => c.name === 'Team')"
-npx framer-dalton -s 1 -e "state.teamItems = await state.collections.find(c => c.name === 'Team').getItems()"
+```js
+// /tmp/framer-1.js — reuse from state
+state.teamItems = await state.collections.find(c => c.name === 'Team').getItems();
+console.log(state.teamItems.length);
+```
+
+```bash
+npx framer-dalton -s 1 -f /tmp/framer-1.js
 ```
 
 Store anything you'll reference again.
@@ -113,7 +124,7 @@ Each session maintains a persistent connection to a Framer project. Use sessions
 Get a new session ID:
 
 ```bash
-npx framer-dalton session new "https://framer.com/projects/Website--abc123" "framer_api_xxx"
+npx framer-dalton session new "https://framer.com/projects/Website--abc123"
 # outputs: 1
 ```
 
@@ -133,55 +144,10 @@ After session creation, load the dynamically created project-scoped skill `frame
 
 ## Execute Code
 
-```bash
-npx framer-dalton -s <sessionId> -e "<code>"
-```
-
-**Escaping:** For code containing `$` (e.g. `$control__` properties), HTML, or nested quotes, use a heredoc (see below). `-e "..."` works for everything else, including multiline.
-
-**Examples:**
-
-```bash
-# Fetch collections and store in state (always store results you'll reuse)
-npx framer-dalton -s 1 -e "state.collections = await framer.getCollections(); console.log(state.collections.map(c => c.name))"
-
-# Use stored data in subsequent calls
-npx framer-dalton -s 1 -e "state.team = state.collections.find(c => c.name === 'Team')"
-npx framer-dalton -s 1 -e "state.teamItems = await state.team.getItems(); console.log(state.teamItems.length)"
-```
-
-**Multiline code with heredoc (recommended for complex strings):**
-
-For code containing HTML, quotes, or special characters, use a heredoc to avoid escaping issues:
+Write your code to `framer-<sessionId>.js` in the OS temp directory and execute with `-f`:
 
 ```bash
-npx framer-dalton -s 1 <<'EOF'
-const translations = {
-  "node-id": "<h2>Ship's Treasures</h2>",
-  "other-id": "<p>Text with "quotes" and <tags></p>"
-};
-await framer.setLocalizationData({ valuesBySource: translations });
-EOF
-```
-
-The `<<'EOF'` syntax (with quotes around EOF) prevents shell interpolation.
-
-**Alternative: pipe from file:**
-
-```bash
-cat script.js | npx framer-dalton -s 1
-```
-
-**Multiline inline code:**
-
-```bash
-npx framer-dalton -s 1 -e "
-const collections = await framer.getCollections();
-for (const c of collections) {
-  const items = await c.getItems();
-  console.log(c.name, items.length);
-}
-"
+npx framer-dalton -s <sessionId> -f /tmp/framer-<sessionId>.js
 ```
 
 ## API Documentation

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "framer-dalton",
-  "version": "0.0.8",
+  "version": "0.0.10",
   "type": "module",
   "bin": {
     "framer-dalton": "./dist/cli.js"