kasy-cli 1.21.6 → 1.21.8

package/lib/commands/new.js

@@ -131,20 +131,56 @@ async function promptOrganizationIfNeeded(tr, onCancel) {
  * bail out with the exact commands to switch.
  */
 async function confirmIdentities(backend, gcloudAccount, tr, cancel) {
-  const firebaseAccount = await getFirebaseAccount();
-  const notLogged = kleur.yellow(tr('new.accounts.notLoggedIn'));
-  const lines = [
-    `🔑 Google Cloud:  ${gcloudAccount ? kleur.cyan(gcloudAccount) : notLogged}`,
-    `🔥 Firebase:      ${firebaseAccount ? kleur.cyan(firebaseAccount) : notLogged}`,
-  ];
-  if (backend === 'supabase') {
-    const sb = await checkLoggedIn();
-    lines.push(`🟢 Supabase:      ${sb.ok ? kleur.cyan(tr('new.accounts.connected')) : notLogged}`);
+  let firebaseAccount = await getFirebaseAccount();
+  let supabaseLoggedIn = backend === 'supabase' ? (await checkLoggedIn()).ok : true;
+
+  const showStatus = () => {
+    const notLogged = kleur.yellow(tr('new.accounts.notLoggedIn'));
+    const lines = [
+      `🔑 Google Cloud:  ${gcloudAccount ? kleur.cyan(gcloudAccount) : notLogged}`,
+      `🔥 Firebase:      ${firebaseAccount ? kleur.cyan(firebaseAccount) : notLogged}`,
+    ];
+    if (backend === 'supabase') {
+      lines.push(`🟢 Supabase:      ${supabaseLoggedIn ? kleur.cyan(tr('new.accounts.connected')) : notLogged}`);
+    }
+    ui.note(lines.join('\n'), tr('new.accounts.title'));
+  };
+  showStatus();
+
+  // For any required service that's NOT logged in, offer to log in right here:
+  // Enter runs the service's own login command (which opens the browser / asks
+  // for the token), then we re-check. gcloud was already verified above.
+  const offerLogin = async (name, cmd, revalidate) => {
+    const doLogin = await ui.confirm({ message: tr('new.accounts.loginPrompt', { name }), initialValue: true, onCancel: cancel });
+    if (!doLogin) return;
+    ui.log.message(tr('new.accounts.loggingIn', { name }));
+    const { spawnSync } = require('node:child_process');
+    spawnSync(cmd, { stdio: 'inherit', shell: true });
+    await revalidate();
+  };
+
+  if (!firebaseAccount) {
+    await offerLogin('Firebase', 'firebase login', async () => { firebaseAccount = await getFirebaseAccount(); });
   }
+  if (backend === 'supabase' && !supabaseLoggedIn) {
+    await offerLogin('Supabase', 'supabase login', async () => { supabaseLoggedIn = (await checkLoggedIn()).ok; });
+  }
+
+  // Still missing a required login (user declined or it failed)? Stop with the
+  // exact command so they can do it and re-run.
+  const stillMissing = [];
+  if (!firebaseAccount) stillMissing.push(`🔥 Firebase:  ${kleur.cyan('firebase login')}`);
+  if (backend === 'supabase' && !supabaseLoggedIn) stillMissing.push(`🟢 Supabase:  ${kleur.cyan('supabase login')}`);
+  if (stillMissing.length > 0) {
+    ui.log.error(tr('new.accounts.needLogin'));
+    ui.note(stillMissing.join('\n'), tr('new.accounts.loginTitle'));
+    ui.cancel(tr('new.accounts.rerun'));
+    process.exit(0);
+  }
+
   if (gcloudAccount && firebaseAccount && gcloudAccount !== firebaseAccount) {
-    lines.push('', kleur.yellow(`⚠ ${tr('new.accounts.mismatch')}`));
+    ui.log.warn(`⚠ ${tr('new.accounts.mismatch')}`);
   }
-  ui.note(lines.join('\n'), tr('new.accounts.title'));
 
   const ok = await ui.confirm({ message: tr('new.accounts.confirm'), initialValue: true, onCancel: cancel });
   if (!ok) {

package/lib/scaffold/backends/firebase/setup-from-scratch.js

@@ -19,6 +19,7 @@ const path = require('node:path');
 const fs = require('fs-extra');
 const os = require('node:os');
 const { getInstallGuide } = require('../../../utils/checks');
+const { keytoolBin } = require('../../../utils/env-tools');
 
 const execAsync = promisify(exec);
 
@@ -536,7 +537,7 @@ async function ensureDebugKeystore() {
   if (!(await fs.pathExists(DEBUG_KEYSTORE))) {
     await fs.ensureDir(androidDir);
     const createResult = await run(
-      `keytool -genkeypair -v -keystore "${DEBUG_KEYSTORE}" -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000 -dname "CN=Android Debug,O=Android,C=US" -noprompt`
+      `${keytoolBin()} -genkeypair -v -keystore "${DEBUG_KEYSTORE}" -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000 -dname "CN=Android Debug,O=Android,C=US" -noprompt`
     );
     if (!createResult.ok) return { ok: false, error: createResult.stderr || createResult.error };
   }
@@ -552,7 +553,7 @@ async function extractSha1() {
   if (!ensureResult.ok) return ensureResult;
 
   const result = await run(
-    `keytool -list -v -keystore "${DEBUG_KEYSTORE}" -alias androiddebugkey -storepass android -keypass android`
+    `${keytoolBin()} -list -v -keystore "${DEBUG_KEYSTORE}" -alias androiddebugkey -storepass android -keypass android`
   );
   if (!result.ok) return { ok: false, error: result.stderr || result.error };
 

package/lib/scaffold/backends/supabase/deploy.js

@@ -13,16 +13,29 @@ const { exec, execFile } = require('node:child_process');
 const { promisify } = require('node:util');
 const path = require('node:path');
 const fs = require('fs-extra');
+const { augmentedEnv } = require('../../../utils/env-tools');
 
 const execAsync = promisify(exec);
 const execFileAsync = promisify(execFile);
 
+/**
+ * Parse JSON from a CLI's stdout tolerantly. The Supabase CLI sometimes prints
+ * an "update available" notice before the JSON payload (more often on Windows),
+ * which would break a strict JSON.parse — so we grab from the first [ or {.
+ */
+function parseJsonLoose(stdout) {
+  const s = (stdout || '').trim();
+  const start = s.search(/[[{]/);
+  if (start === -1) return null;
+  try { return JSON.parse(s.slice(start)); } catch { return null; }
+}
+
 async function run(cmd, cwd, env = {}) {
   try {
     const { stdout, stderr } = await execAsync(cmd, {
       cwd,
       maxBuffer: 10 * 1024 * 1024,
-      env: { ...process.env, ...env },
+      env: { ...augmentedEnv(), ...env },
     });
     return { ok: true, stdout, stderr };
   } catch (err) {
@@ -40,13 +53,14 @@ async function run(cmd, cwd, env = {}) {
  */
 async function checkLoggedIn() {
   const result = await run('supabase projects list -o json', process.cwd());
-  if (!result.ok) return { ok: false, error: result.error };
-  try {
-    const data = JSON.parse(result.stdout);
-    return { ok: true, projects: Array.isArray(data) ? data : [] };
-  } catch {
+  // Trust the exit code: a successful command means we're authenticated. Only a
+  // non-zero exit (e.g. "Access token not provided") means login is required.
+  // The list itself is parsed best-effort (tolerant of update notices).
+  if (!result.ok) {
     return { ok: false, error: 'Supabase login required. Run: supabase login' };
   }
+  const data = parseJsonLoose(result.stdout);
+  return { ok: true, projects: Array.isArray(data) ? data : [] };
 }
 
 /**
@@ -69,13 +83,9 @@ async function getProjectsByOrg(orgId) {
 async function getOrgsList() {
   const result = await run('supabase orgs list -o json', process.cwd());
   if (!result.ok) return { ok: false, error: result.error };
-  try {
-    const data = JSON.parse(result.stdout);
-    const orgs = Array.isArray(data) ? data : [];
-    return { ok: true, orgs: orgs.map((o) => ({ id: o.id, name: o.name || o.id })) };
-  } catch {
-    return { ok: false, error: 'Could not parse orgs list. Run: supabase login' };
-  }
+  const data = parseJsonLoose(result.stdout);
+  const orgs = Array.isArray(data) ? data : [];
+  return { ok: true, orgs: orgs.map((o) => ({ id: o.id, name: o.name || o.id })) };
 }
 
 /**

package/lib/scaffold/shared/fcm-service-account.js

@@ -101,11 +101,21 @@ async function createFcmServiceAccountKey(projectId) {
 
   const tmpPath = path.join(os.tmpdir(), `kasy-fcm-${Date.now()}.json`);
 
-  const keyResult = await run(
-    `gcloud iam service-accounts keys create "${tmpPath}"` +
-    ` --iam-account="${saEmail}"` +
-    ` --project=${projectId.trim()}`
-  );
+  // Right after granting the FCM admin role (and on a brand-new project), the
+  // IAM permission takes a moment to propagate — so the first key-create often
+  // fails with "permission still propagating". Back off and retry a few times
+  // before giving up, instead of leaving push half-configured.
+  const sleep = (ms) => new Promise((r) => setTimeout(r, ms));
+  let keyResult;
+  for (let attempt = 1; attempt <= 4; attempt++) {
+    keyResult = await run(
+      `gcloud iam service-accounts keys create "${tmpPath}"` +
+      ` --iam-account="${saEmail}"` +
+      ` --project=${projectId.trim()}`
+    );
+    if (keyResult.ok) break;
+    if (attempt < 4) await sleep(7000);
+  }
 
   if (!keyResult.ok) {
     await fs.remove(tmpPath).catch(() => {});

package/lib/utils/env-tools.js

@@ -69,6 +69,30 @@ function pubCacheBin(name) {
   return `"${file}"`;
 }
 
+/**
+ * Quoted path to `keytool` (used for the Android debug SHA-1). It ships with
+ * the JDK and is almost never on PATH on Windows, so we look in JAVA_HOME and
+ * Android Studio's bundled JBR before falling back to bare `keytool`.
+ */
+function keytoolBin() {
+  const exe = isWindows ? 'keytool.exe' : 'keytool';
+  const candidates = [];
+  if (process.env.JAVA_HOME) candidates.push(path.join(process.env.JAVA_HOME, 'bin', exe));
+  if (isWindows) {
+    const pf = process.env.ProgramFiles;
+    const local = process.env.LOCALAPPDATA;
+    if (pf) candidates.push(path.win32.join(pf, 'Android', 'Android Studio', 'jbr', 'bin', exe));
+    if (local) candidates.push(path.win32.join(local, 'Programs', 'Android Studio', 'jbr', 'bin', exe));
+    if (pf) candidates.push(path.win32.join(pf, 'Android', 'Android Studio', 'jre', 'bin', exe));
+  } else {
+    candidates.push('/Applications/Android Studio.app/Contents/jbr/Contents/Home/bin/keytool');
+  }
+  for (const candidate of candidates) {
+    if (fs.existsSync(candidate)) return `"${candidate}"`;
+  }
+  return 'keytool';
+}
+
 /**
  * Well-known install dirs of tools that may not be on the frozen session PATH
  * yet — e.g. the Google Cloud SDK right after it's installed mid-run. Only
@@ -114,5 +138,6 @@ module.exports = {
   homeDir,
   pubCacheBinDir,
   pubCacheBin,
+  keytoolBin,
   augmentedEnv,
 };

package/lib/utils/i18n/messages-en.js

@@ -223,6 +223,10 @@ module.exports = {
     'new.accounts.confirm': 'Create the project on these accounts?',
     'new.accounts.switchTitle': 'To switch accounts, run and try again:',
     'new.accounts.rerun': 'Switch the account and run `kasy new` again.',
+    'new.accounts.needLogin': 'You need to be logged in to continue.',
+    'new.accounts.loginTitle': 'Log in and run `kasy new` again:',
+    'new.accounts.loginPrompt': 'Log in to {name} now?',
+    'new.accounts.loggingIn': 'Opening {name} login…',
     'new.firebase.billing.required': 'You do not have a billing account on Google Cloud yet. Firebase needs the Blaze plan to use Storage and Cloud Functions.',
     'new.firebase.billing.create.steps': 'Opening the billing account creation page. Create the account (credit card required, no charges within the free quota) and come back here:',
     'new.firebase.billing.created.ready': 'I created the billing account, ready to continue?',

package/lib/utils/i18n/messages-es.js

@@ -223,6 +223,10 @@ module.exports = {
     'new.accounts.confirm': '¿Crear el proyecto en estas cuentas?',
     'new.accounts.switchTitle': 'Para cambiar de cuenta, ejecuta y prueba de nuevo:',
     'new.accounts.rerun': 'Cambia la cuenta y ejecuta `kasy new` de nuevo.',
+    'new.accounts.needLogin': 'Necesitas estar conectado para continuar.',
+    'new.accounts.loginTitle': 'Inicia sesión y ejecuta `kasy new` de nuevo:',
+    'new.accounts.loginPrompt': '¿Iniciar sesión en {name} ahora?',
+    'new.accounts.loggingIn': 'Abriendo el inicio de sesión de {name}…',
     'new.firebase.billing.required': 'Aún no tienes una cuenta de facturación en Google Cloud. Firebase necesita el plan Blaze para usar Storage y Cloud Functions.',
     'new.firebase.billing.create.steps': 'Abriendo la página de creación de cuenta de facturación. Crea la cuenta (tarjeta de crédito requerida, sin cargos dentro de la cuota gratuita) y vuelve aquí:',
     'new.firebase.billing.created.ready': 'Ya creé la cuenta de facturación, ¿puedo continuar?',

package/lib/utils/i18n/messages-pt.js

@@ -223,6 +223,10 @@ module.exports = {
     'new.accounts.confirm': 'É nessas contas que você quer criar o projeto?',
     'new.accounts.switchTitle': 'Para trocar de conta, rode e tente de novo:',
     'new.accounts.rerun': 'Troque a conta e rode `kasy new` novamente.',
+    'new.accounts.needLogin': 'Você precisa estar logado para continuar.',
+    'new.accounts.loginTitle': 'Faça login e rode `kasy new` de novo:',
+    'new.accounts.loginPrompt': 'Fazer login no {name} agora?',
+    'new.accounts.loggingIn': 'Abrindo login do {name}…',
     'new.firebase.billing.required': 'Você ainda não tem uma conta de faturamento no Google Cloud. O Firebase precisa do plano Blaze para usar Storage e Cloud Functions.',
     'new.firebase.billing.create.steps': 'Vou abrir a página de criação de conta de faturamento. Crie a conta (cartão de crédito, sem cobrança até bater a cota gratuita) e volte aqui:',
     'new.firebase.billing.created.ready': 'Já criei a conta de faturamento, pode seguir?',

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "kasy-cli",
-  "version": "1.21.6",
+  "version": "1.21.8",
   "description": "CLI for scaffolding production-ready Flutter SaaS apps with Firebase, Supabase, or API REST backends.",
   "bin": {
     "kasy": "./bin/kasy.js"