lakebed 0.0.13 → 0.0.15

package/README.md

@@ -122,7 +122,7 @@ lakebed new [name] [--template todo] [--no-git]
 lakebed create [name] [--template todo] [--no-git]
 lakebed dev [capsule-dir] [--port 3000]
 lakebed build [capsule-dir] --target anonymous [--out .lakebed/artifacts/app.json] [--json]
-lakebed deploy [capsule-dir] [--ttl 7d] [--api <url>] [--json]
+lakebed deploy [capsule-dir] [--api <url>] [--json]
 lakebed claim [capsule-dir] [--api <url>] [--json]
 lakebed anonymous-server [--port 8787] [--public-root-url <url>] [--app-base-domain <domain>]
 lakebed inspect <deploy-id-or-url> [--api <url>] [--json]
@@ -167,7 +167,7 @@ LAKEBED_APP_BASE_DOMAIN=lakebed.app
 
 With a verified `*.lakebed.app` custom domain on the runner, deploy responses use `https://<slug>.lakebed.app`.
 
-Deploy responses include a claim URL. Configure GitHub OAuth on the runner, then open that claim URL to attach the anonymous deploy to a developer account:
+Deploy responses include claim metadata. Configure GitHub OAuth on the runner, then run `lakebed claim` to open the claim page and attach the anonymous deploy to a developer account:
 
 ```sh
 LAKEBED_GITHUB_CLIENT_ID=...
@@ -176,7 +176,7 @@ LAKEBED_SESSION_SECRET=...
 LAKEBED_SERVER_ENV_SECRET=...
 ```
 
-Claimed deploys are listed at `/deploys` on the deploy API origin. They keep the same resource limits as anonymous deploys. Anonymous deploys cannot use outbound `fetch` or hosted server env; after a deploy is claimed, `lakebed deploy` can update it with a source-backed server artifact that supports async handlers, server-side fetch, and `.env.lakebed.server` sync. If the first deploy already needs server-side `fetch` or server env, `lakebed deploy` creates a claim-required preview, saves its claim metadata, and prints the claim URL. Open that URL, then run `lakebed deploy` again to publish the real source-backed app. Set `LAKEBED_SERVER_ENV_SECRET` on Postgres-backed runners to encrypt stored server env values.
+Claimed deploys are listed at `/deploys` on the deploy API origin. They keep the same resource limits as anonymous deploys and do not expire. Anonymous deploys cannot use outbound `fetch` or hosted server env; after a deploy is claimed, `lakebed deploy` can update it with a source-backed server artifact that supports async handlers, server-side fetch, and `.env.lakebed.server` sync. If the first deploy already needs server-side `fetch` or server env, `lakebed deploy` creates a claim-required preview, saves its claim metadata, and prints the `lakebed claim` command. Run that command, then run `lakebed deploy` again to publish the real source-backed app. Set `LAKEBED_SERVER_ENV_SECRET` on Postgres-backed runners to encrypt stored server env values.
 
 ## Admin Dashboard
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "lakebed",
-  "version": "0.0.13",
+  "version": "0.0.15",
   "description": "Agent-native CLI and runtime for building and deploying Lakebed capsules.",
   "license": "UNLICENSED",
   "type": "module",

package/src/anonymous-server.js

@@ -19,6 +19,11 @@ function now() {
   return new Date().toISOString();
 }
 
+function anonymousDeployExpiresAt() {
+  const ttlSeconds = parseTtlSeconds();
+  return new Date(Date.now() + ttlSeconds * 1000).toISOString();
+}
+
 function dayWindowStart() {
   return `${new Date().toISOString().slice(0, 10)}T00:00:00.000Z`;
 }
@@ -190,11 +195,16 @@ function responseForDeploy({ deploy, token }) {
     expiresAt: deploy.expiresAt,
     inspect: inspectUrls(deploy.url),
     limits: deploy.limits,
+    updatedAt: deploy.updatedAt,
     url: deploy.url
   };
 }
 
 function isExpired(deploy) {
+  if (deploy?.ownerId) {
+    return false;
+  }
+
   return Boolean(deploy.expiresAt) && Date.parse(deploy.expiresAt) <= Date.now();
 }
 
@@ -705,6 +715,7 @@ function adminDeploySummary({ artifact, artifactBytes = 0, deploy, logBytes = 0,
     stateRows,
     status: isExpired(deploy) ? "expired" : deploy.status,
     tableCount: Object.keys(artifact?.server?.schema ?? {}).length,
+    updatedAt: deploy.updatedAt,
     url: deploy.url,
     ...usageCounts(usage)
   };
@@ -1286,6 +1297,7 @@ function adminHtml() {
                   <th>User</th>
                   <th>Status</th>
                   <th>Created</th>
+                  <th>Updated</th>
                   <th>Expires</th>
                   <th>Usage</th>
                   <th>Storage</th>
@@ -1389,6 +1401,7 @@ function adminHtml() {
                     <th>User</th>
                     <th>Status</th>
                     <th>Created</th>
+                    <th>Updated</th>
                     <th>Expires</th>
                     <th>Usage</th>
                     <th>Storage</th>
@@ -1464,6 +1477,10 @@ function adminHtml() {
         }).format(new Date(value));
       }
 
+      function formatExpiry(value) {
+        return value ? formatTime(value) : "never";
+      }
+
       function plural(count, label) {
         return formatNumber(count) + " " + label + (count === 1 ? "" : "s");
       }
@@ -1715,7 +1732,7 @@ function adminHtml() {
         if (!deploys.length) {
           const tr = document.createElement("tr");
           const td = textCell(emptyText, "mono");
-          td.colSpan = 9;
+          td.colSpan = 10;
           tr.appendChild(td);
           tbody.appendChild(tr);
           return;
@@ -1727,7 +1744,8 @@ function adminHtml() {
           tr.appendChild(deployUserCell(deploy));
           tr.appendChild(statusCell(deploy));
           tr.appendChild(textCell(formatTime(deploy.createdAt), "mono"));
-          tr.appendChild(textCell(formatTime(deploy.expiresAt), "mono"));
+          tr.appendChild(textCell(formatTime(deploy.updatedAt), "mono"));
+          tr.appendChild(textCell(formatExpiry(deploy.expiresAt), "mono"));
           tr.appendChild(usageCell(deploy));
           tr.appendChild(storageCell(deploy));
           tr.appendChild(textCell(formatNumber(deploy.connections), "mono"));
@@ -2207,6 +2225,14 @@ function escapeHtml(value) {
     .replace(/"/g, "&quot;");
 }
 
+function formatHtmlTime(value) {
+  return value ? new Date(value).toLocaleString() : "unknown";
+}
+
+function formatHtmlExpiry(value) {
+  return value ? formatHtmlTime(value) : "never";
+}
+
 function developerDeploySummary({ artifact, deploy, usage }) {
   return {
     artifactHash: deploy.artifactHash,
@@ -2221,6 +2247,7 @@ function developerDeploySummary({ artifact, deploy, usage }) {
     ownerId: deploy.ownerId,
     slug: deploy.slug,
     status: isExpired(deploy) ? "expired" : deploy.status,
+    updatedAt: deploy.updatedAt,
     url: deploy.url,
     usage: usageCounts(usage)
   };
@@ -2233,8 +2260,9 @@ function developerHtml({ authConfigured, deploys = [], user }) {
       (deploy) => `<tr>
         <td><a href="${escapeHtml(deploy.url)}" target="_blank" rel="noopener noreferrer">${escapeHtml(deploy.name)}</a><small>${escapeHtml(deploy.deployId)} / ${escapeHtml(deploy.slug)}</small></td>
         <td><span class="pill ${escapeHtml(deploy.status)}">${escapeHtml(deploy.status)}</span></td>
-        <td>${escapeHtml(new Date(deploy.createdAt).toLocaleString())}</td>
-        <td>${escapeHtml(new Date(deploy.expiresAt).toLocaleString())}</td>
+        <td>${escapeHtml(formatHtmlTime(deploy.createdAt))}</td>
+        <td>${escapeHtml(formatHtmlTime(deploy.updatedAt))}</td>
+        <td>${escapeHtml(formatHtmlExpiry(deploy.expiresAt))}</td>
         <td>${escapeHtml(deploy.usage.requestsToday)} / ${escapeHtml(deploy.limits.requestsPerDay)}</td>
         <td>${escapeHtml(deploy.usage.mutationsToday)} / ${escapeHtml(deploy.limits.mutationsPerDay)}</td>
       </tr>`
@@ -2434,6 +2462,7 @@ function developerHtml({ authConfigured, deploys = [], user }) {
                         <th>Deploy</th>
                         <th>Status</th>
                         <th>Created</th>
+                        <th>Updated</th>
                         <th>Expires</th>
                         <th>Requests</th>
                         <th>Mutations</th>
@@ -2585,7 +2614,7 @@ export class MemoryAnonymousStore {
     });
   }
 
-  async createDeploy({ appBaseDomain, artifact, artifactHash, clientBundleBase64, clientBundleHash, publicRootUrl, requestedTtlSeconds, serverEnv }) {
+  async createDeploy({ appBaseDomain, artifact, artifactHash, clientBundleBase64, clientBundleHash, publicRootUrl, serverEnv }) {
     const deployId = createDeployId();
     const normalizedAppBaseDomain = normalizeAppBaseDomain(appBaseDomain);
     let slug = createSlug();
@@ -2595,8 +2624,7 @@ export class MemoryAnonymousStore {
 
     const token = createClaimToken();
     const createdAt = now();
-    const ttlSeconds = parseTtlSeconds(requestedTtlSeconds);
-    const expiresAt = new Date(Date.now() + ttlSeconds * 1000).toISOString();
+    const expiresAt = anonymousDeployExpiresAt();
     const url = appUrlForSlug({ appBaseDomain: normalizedAppBaseDomain, publicRootUrl, slug });
 
     this.storeArtifact({
@@ -2622,6 +2650,7 @@ export class MemoryAnonymousStore {
       publicRootUrl,
       slug,
       status: "active",
+      updatedAt: createdAt,
       url
     };
     this.deploys.set(deployId, deploy);
@@ -2640,7 +2669,6 @@ export class MemoryAnonymousStore {
     clientBundleHash,
     deployId,
     publicRootUrl,
-    requestedTtlSeconds,
     serverEnv
   }) {
     const currentDeploy = await this.getStoredDeployById(deployId);
@@ -2648,8 +2676,7 @@ export class MemoryAnonymousStore {
       return null;
     }
 
-    const createdAt = now();
-    const ttlSeconds = parseTtlSeconds(requestedTtlSeconds);
+    const updatedAt = now();
     const nextAppBaseDomain = normalizeAppBaseDomain(appBaseDomain ?? currentDeploy.appBaseDomain);
     const nextPublicRootUrl = publicRootUrl ?? currentDeploy.publicRootUrl;
     const deploy = {
@@ -2657,10 +2684,11 @@ export class MemoryAnonymousStore {
       appBaseDomain: nextAppBaseDomain,
       artifactHash,
       clientBundleHash,
-      expiresAt: new Date(Date.now() + ttlSeconds * 1000).toISOString(),
+      expiresAt: currentDeploy.ownerId ? null : anonymousDeployExpiresAt(),
       publicRootUrl: nextPublicRootUrl,
       url: appUrlForSlug({ appBaseDomain: nextAppBaseDomain, publicRootUrl: nextPublicRootUrl, slug: currentDeploy.slug }),
-      status: "active"
+      status: "active",
+      updatedAt
     };
 
     this.storeArtifact({
@@ -2668,7 +2696,7 @@ export class MemoryAnonymousStore {
       artifactHash,
       clientBundleBase64,
       clientBundleHash,
-      createdAt
+      createdAt: updatedAt
     });
     this.deploys.set(deployId, deploy);
     if (serverEnv !== undefined) {
@@ -2691,11 +2719,14 @@ export class MemoryAnonymousStore {
       return { deploy: currentDeploy, status: "conflict" };
     }
 
+    const updatedAt = now();
     const deploy = {
       ...currentDeploy,
-      claimedAt: currentDeploy.claimedAt ?? now(),
+      claimedAt: currentDeploy.claimedAt ?? updatedAt,
+      expiresAt: null,
       owner,
-      ownerId: owner.id
+      ownerId: owner.id,
+      updatedAt
     };
     await this.rememberUser(owner);
     this.deploys.set(deployId, deploy);
@@ -2710,7 +2741,8 @@ export class MemoryAnonymousStore {
 
     const deploy = {
       ...currentDeploy,
-      status: "terminated"
+      status: "terminated",
+      updatedAt: now()
     };
     this.deploys.set(deployId, deploy);
     return this.deployWithUserLimitOverrides(deploy);
@@ -2938,7 +2970,8 @@ export class PostgresAnonymousStore {
         artifact_hash text not null,
         client_bundle_hash text not null,
         created_at timestamptz not null,
-        expires_at timestamptz not null,
+        updated_at timestamptz not null,
+        expires_at timestamptz,
         claimed_at timestamptz,
         owner_id text,
         owner_json jsonb,
@@ -2953,6 +2986,11 @@ export class PostgresAnonymousStore {
     await this.query("alter table deploys add column if not exists claimed_at timestamptz");
     await this.query("alter table deploys add column if not exists owner_id text");
     await this.query("alter table deploys add column if not exists owner_json jsonb");
+    await this.query("alter table deploys add column if not exists updated_at timestamptz");
+    await this.query("update deploys set updated_at = created_at where updated_at is null");
+    await this.query("alter table deploys alter column updated_at set not null");
+    await this.query("alter table deploys alter column expires_at drop not null");
+    await this.query("update deploys set expires_at = null where owner_id is not null and expires_at is not null");
     await this.query(`
       create table if not exists artifacts(
         hash text primary key,
@@ -3188,7 +3226,7 @@ export class PostgresAnonymousStore {
         select
           owner_id,
           count(*)::int as deploy_count,
-          count(*) filter (where status = 'active' and expires_at > now())::int as active_deploy_count
+          count(*) filter (where status = 'active')::int as active_deploy_count
         from deploys
         where owner_id is not null
         group by owner_id
@@ -3238,7 +3276,7 @@ export class PostgresAnonymousStore {
         select
           owner_id,
           count(*)::int as deploy_count,
-          count(*) filter (where status = 'active' and expires_at > now())::int as active_deploy_count
+          count(*) filter (where status = 'active')::int as active_deploy_count
         from deploys
         where owner_id is not null
         group by owner_id
@@ -3282,11 +3320,10 @@ export class PostgresAnonymousStore {
     );
   }
 
-  async createDeploy({ appBaseDomain, artifact, artifactHash, clientBundleBase64, clientBundleHash, publicRootUrl, requestedTtlSeconds, serverEnv }) {
+  async createDeploy({ appBaseDomain, artifact, artifactHash, clientBundleBase64, clientBundleHash, publicRootUrl, serverEnv }) {
     const createdAt = now();
     const normalizedAppBaseDomain = normalizeAppBaseDomain(appBaseDomain);
-    const ttlSeconds = parseTtlSeconds(requestedTtlSeconds);
-    const expiresAt = new Date(Date.now() + ttlSeconds * 1000).toISOString();
+    const expiresAt = anonymousDeployExpiresAt();
     const token = createClaimToken();
     const deployId = createDeployId();
 
@@ -3310,6 +3347,7 @@ export class PostgresAnonymousStore {
         publicRootUrl,
         slug,
         status: "active",
+        updatedAt: createdAt,
         url
       };
 
@@ -3317,10 +3355,10 @@ export class PostgresAnonymousStore {
         await this.query(
           `
           insert into deploys(
-            id, slug, status, artifact_hash, client_bundle_hash, created_at, expires_at,
+            id, slug, status, artifact_hash, client_bundle_hash, created_at, updated_at, expires_at,
             claim_token_hash, limits_json, counters_json, public_root_url, app_base_domain, url
           )
-          values($1, $2, $3, $4, $5, $6, $7, $8, $9::jsonb, '{}'::jsonb, $10, $11, $12)
+          values($1, $2, $3, $4, $5, $6, $7, $8, $9, $10::jsonb, '{}'::jsonb, $11, $12, $13)
           `,
           [
             deploy.id,
@@ -3329,6 +3367,7 @@ export class PostgresAnonymousStore {
             deploy.artifactHash,
             deploy.clientBundleHash,
             deploy.createdAt,
+            deploy.updatedAt,
             deploy.expiresAt,
             deploy.claimTokenHash,
             JSON.stringify(deploy.limits),
@@ -3359,7 +3398,6 @@ export class PostgresAnonymousStore {
     clientBundleHash,
     deployId,
     publicRootUrl,
-    requestedTtlSeconds,
     serverEnv
   }) {
     const currentDeploy = await this.getBaseDeployById(deployId);
@@ -3367,13 +3405,12 @@ export class PostgresAnonymousStore {
       return null;
     }
 
-    const createdAt = now();
-    const ttlSeconds = parseTtlSeconds(requestedTtlSeconds);
-    const expiresAt = new Date(Date.now() + ttlSeconds * 1000).toISOString();
+    const updatedAt = now();
+    const expiresAt = currentDeploy.ownerId ? null : anonymousDeployExpiresAt();
     const nextAppBaseDomain = normalizeAppBaseDomain(appBaseDomain ?? currentDeploy.appBaseDomain);
     const nextPublicRootUrl = publicRootUrl ?? currentDeploy.publicRootUrl;
     const url = appUrlForSlug({ appBaseDomain: nextAppBaseDomain, publicRootUrl: nextPublicRootUrl, slug: currentDeploy.slug });
-    await this.storeArtifact({ artifact, artifactHash, clientBundleBase64, clientBundleHash, createdAt });
+    await this.storeArtifact({ artifact, artifactHash, clientBundleBase64, clientBundleHash, createdAt: updatedAt });
 
     const result = await this.query(
       `
@@ -3384,14 +3421,15 @@ export class PostgresAnonymousStore {
         expires_at = $4,
         public_root_url = $5,
         app_base_domain = $6,
-        url = $7
+        url = $7,
+        updated_at = $8
       where id = $1
       returning *
       `,
-      [deployId, artifactHash, clientBundleHash, expiresAt, nextPublicRootUrl, nextAppBaseDomain || null, url]
+      [deployId, artifactHash, clientBundleHash, expiresAt, nextPublicRootUrl, nextAppBaseDomain || null, url, updatedAt]
     );
     if (serverEnv !== undefined) {
-      await this.replaceServerEnv(deployId, serverEnv, createdAt);
+      await this.replaceServerEnv(deployId, serverEnv, updatedAt);
     }
     return this.deployWithUserLimitOverrides(this.rowToDeploy(result.rows[0]));
   }
@@ -3410,17 +3448,20 @@ export class PostgresAnonymousStore {
       return { deploy: currentDeploy, status: "conflict" };
     }
 
-    const claimedAt = currentDeploy.claimedAt ?? now();
+    const updatedAt = now();
+    const claimedAt = currentDeploy.claimedAt ?? updatedAt;
     const result = await this.query(
       `
       update deploys
       set claimed_at = coalesce(claimed_at, $3),
         owner_id = $2,
-        owner_json = $4::jsonb
+        owner_json = $4::jsonb,
+        expires_at = null,
+        updated_at = $5
       where id = $1
       returning *
       `,
-      [deployId, owner.id, claimedAt, JSON.stringify(owner)]
+      [deployId, owner.id, claimedAt, JSON.stringify(owner), updatedAt]
     );
     await this.rememberUser(owner);
     return {
@@ -3430,14 +3471,16 @@ export class PostgresAnonymousStore {
   }
 
   async terminateDeploy(deployId) {
+    const updatedAt = now();
     const result = await this.query(
       `
       update deploys
-      set status = 'terminated'
+      set status = 'terminated',
+        updated_at = $2
       where id = $1
       returning *
       `,
-      [deployId]
+      [deployId, updatedAt]
     );
     return this.deployWithUserLimitOverrides(this.rowToDeploy(result.rows[0]));
   }
@@ -3454,7 +3497,7 @@ export class PostgresAnonymousStore {
       claimTokenHash: row.claim_token_hash,
       clientBundleHash: row.client_bundle_hash,
       createdAt: new Date(row.created_at).toISOString(),
-      expiresAt: new Date(row.expires_at).toISOString(),
+      expiresAt: row.expires_at ? new Date(row.expires_at).toISOString() : null,
       id: row.id,
       limits: row.limits_json,
       owner: row.owner_json ?? null,
@@ -3462,6 +3505,7 @@ export class PostgresAnonymousStore {
       publicRootUrl: row.public_root_url,
       slug: row.slug,
       status: row.status,
+      updatedAt: new Date(row.updated_at).toISOString(),
       url: row.url
     };
   }
@@ -3808,6 +3852,7 @@ async function serveInspect({ artifact, deploy, route, store, systemPath }, res)
       queries: Object.keys(artifact.server.queries ?? {}),
       schema: artifact.server.schema,
       slug: deploy.slug,
+      updatedAt: deploy.updatedAt,
       url: deploy.url
     });
     return true;
@@ -4347,7 +4392,6 @@ export async function startAnonymousServer({
           clientBundleBase64: payload.clientBundleBase64,
           clientBundleHash: payload.clientBundleHash,
           publicRootUrl: resolvedPublicRootUrl,
-          requestedTtlSeconds: body.requestedTtlSeconds ?? requestUrl.searchParams.get("ttl") ?? undefined,
           serverEnv: payload.serverEnv
         });
         await resolvedStore.appendLog(deploy.id, "info", "anonymous deploy created", { artifactHash: deploy.artifactHash });
@@ -4382,7 +4426,6 @@ export async function startAnonymousServer({
           clientBundleHash: payload.clientBundleHash,
           deployId,
           publicRootUrl: resolvedPublicRootUrl,
-          requestedTtlSeconds: body.requestedTtlSeconds ?? requestUrl.searchParams.get("ttl") ?? undefined,
           serverEnv: payload.serverEnv
         });
         if (!deploy) {

package/src/cli.js

@@ -4,6 +4,7 @@ import { createServer } from "node:http";
 import { existsSync, realpathSync } from "node:fs";
 import { mkdir, readdir, readFile, rm, stat, writeFile } from "node:fs/promises";
 import { basename, dirname, isAbsolute, join, relative, resolve, sep } from "node:path";
+import { clearLine, cursorTo } from "node:readline";
 import { createInterface } from "node:readline/promises";
 import { promisify } from "node:util";
 import { fileURLToPath, pathToFileURL } from "node:url";
@@ -16,7 +17,6 @@ import {
   SERVER_ENV_FILE,
   createAnonymousArtifact,
   createClaimedArtifact,
-  parseTtlSeconds,
   stableStringify,
   validateServerEnvValues
 } from "./anonymous.js";
@@ -40,7 +40,7 @@ Usage:
   lakebed create [name] [--template todo] [--no-git]
   lakebed dev [capsule-dir] [--port 3000]
   lakebed build [capsule-dir] --target anonymous [--out .lakebed/artifacts/app.json] [--json]
-  lakebed deploy [capsule-dir] [--ttl 7d] [--api <url>] [--json]
+  lakebed deploy [capsule-dir] [--api <url>] [--json]
   lakebed claim [capsule-dir] [--api <url>] [--json]
   lakebed anonymous-server [--port 8787] [--public-root-url <url>] [--app-base-domain <domain>]
   lakebed inspect <deploy-id-or-url> [--api <url>] [--json]
@@ -71,8 +71,7 @@ const optionsWithValues = new Set([
   "--port",
   "--public-root-url",
   "--target",
-  "--template",
-  "--ttl"
+  "--template"
 ]);
 
 function positionals(args) {
@@ -105,6 +104,89 @@ function hasFlag(args, name) {
   return args.includes(name);
 }
 
+function formatDevUpdateAge(updatedAt, now = new Date()) {
+  const elapsedSeconds = Math.max(0, Math.floor((now.getTime() - updatedAt.getTime()) / 1000));
+  if (elapsedSeconds < 30) {
+    return `${elapsedSeconds} ${elapsedSeconds === 1 ? "second" : "seconds"} ago`;
+  }
+
+  if (elapsedSeconds < 60) {
+    return "under 1 minute ago";
+  }
+
+  const elapsedMinutes = Math.floor(elapsedSeconds / 60);
+  return `${elapsedMinutes} ${elapsedMinutes === 1 ? "minute" : "minutes"} ago`;
+}
+
+function formatOptionalTimestamp(value, fallback = "never") {
+  return value || fallback;
+}
+
+function devUpdateRefreshDelay(updatedAt, now = new Date()) {
+  const elapsedSeconds = Math.max(0, Math.floor((now.getTime() - updatedAt.getTime()) / 1000));
+  return elapsedSeconds < 30 ? 1_000 : 30_000;
+}
+
+function createDevStatusWriter({ quiet = false } = {}) {
+  let wroteStatusLine = false;
+  let lastUpdatedAt = null;
+  let refreshTimer = null;
+
+  function clearRefreshTimer() {
+    if (refreshTimer) {
+      clearTimeout(refreshTimer);
+      refreshTimer = null;
+    }
+  }
+
+  function render() {
+    if (quiet || !process.stdout.isTTY || !lastUpdatedAt) {
+      return;
+    }
+
+    const message = `Live updated with your changes ${formatDevUpdateAge(lastUpdatedAt)}`;
+    clearLine(process.stdout, 0);
+    cursorTo(process.stdout, 0);
+    process.stdout.write(message);
+    wroteStatusLine = true;
+  }
+
+  function scheduleRefresh() {
+    clearRefreshTimer();
+    if (quiet || !process.stdout.isTTY || !lastUpdatedAt) {
+      return;
+    }
+
+    refreshTimer = setTimeout(() => {
+      refreshTimer = null;
+      render();
+      scheduleRefresh();
+    }, devUpdateRefreshDelay(lastUpdatedAt));
+  }
+
+  return {
+    close() {
+      clearRefreshTimer();
+      this.finish();
+    },
+    finish() {
+      if (wroteStatusLine && process.stdout.isTTY) {
+        process.stdout.write("\n");
+      }
+      wroteStatusLine = false;
+    },
+    update(date = new Date()) {
+      if (quiet || !process.stdout.isTTY) {
+        return;
+      }
+
+      lastUpdatedAt = date;
+      render();
+      scheduleRefresh();
+    }
+  };
+}
+
 function resolveCapsuleDir(value) {
   if (!value) {
     return root;
@@ -446,7 +528,8 @@ export async function startDevServer({
   let currentBuild = await buildCapsule({ capsuleDir: resolvedCapsuleDir, sourceStore, capsuleId });
   const defaultAuth = await readAuth();
   const stateCell = new StateCell(currentBuild.app.schema);
-  const logs = new LogBuffer();
+  const devStatus = createDevStatusWriter({ quiet });
+  const logs = new LogBuffer({ beforeConsoleWrite: () => devStatus.finish() });
   const subscriptions = new Map();
   let fileFingerprint = sourceStore ? "" : await capsuleFileFingerprint(resolvedCapsuleDir);
   let rebuildTimer = null;
@@ -457,7 +540,7 @@ export async function startDevServer({
       const nextBuild = await buildCapsule({ capsuleDir: resolvedCapsuleDir, sourceStore, capsuleId });
       currentBuild = nextBuild;
       stateCell.updateSchema(nextBuild.app.schema);
-      logs.append("info", "dev server rebuilt capsule", { capsuleDir: resolvedCapsuleDir });
+      devStatus.update();
       for (const client of wss.clients) {
         sendJson(client, { op: "refresh" });
       }
@@ -675,6 +758,7 @@ export async function startDevServer({
         clearTimeout(rebuildTimer);
       }
       await rebuildPromise.catch(() => {});
+      devStatus.close();
       for (const client of wss.clients) {
         client.close();
       }
@@ -862,12 +946,39 @@ function claimUrlFromDeployMetadata(metadata) {
   return `${String(metadata.api).replace(/\/+$/g, "")}/claim/${encodeURIComponent(metadata.deployId)}/${encodeURIComponent(metadata.claimToken)}`;
 }
 
-function deployRequestBody(envelope, ttl, { serverEnv } = {}) {
+function claimCommandText({ api, capsuleArg }) {
+  const parts = ["lakebed", "claim"];
+  if (capsuleArg) {
+    parts.push(capsuleArg);
+  }
+  if (api !== defaultDeployApiUrl) {
+    parts.push("--api", api);
+  }
+  return parts.map(shellQuote).join(" ");
+}
+
+function browserOpenInvocation(url) {
+  if (process.platform === "darwin") {
+    return { command: "open", args: [url] };
+  }
+
+  if (process.platform === "win32") {
+    return { command: "cmd", args: ["/c", "start", "", url] };
+  }
+
+  return { command: "xdg-open", args: [url] };
+}
+
+async function openUrlInBrowser(url) {
+  const invocation = browserOpenInvocation(url);
+  await execFileAsync(invocation.command, invocation.args, { windowsHide: true });
+}
+
+function deployRequestBody(envelope, { serverEnv } = {}) {
   const body = {
     artifact: envelope.artifact,
     clientBundle: envelope.clientBundle,
-    clientVersion: LAKEBED_VERSION,
-    requestedTtlSeconds: ttl
+    clientVersion: LAKEBED_VERSION
   };
   if (serverEnv !== undefined) {
     body.serverEnv = {
@@ -926,6 +1037,10 @@ async function readResponseJson(response) {
 }
 
 async function deployCommand(args) {
+  if (args.some((arg) => arg === "--ttl" || arg.startsWith("--ttl="))) {
+    throw new Error("lakebed deploy no longer accepts --ttl. Deploy expiry is set by the server.");
+  }
+
   const [capsuleArg] = positionals(args);
   const capsuleDir = resolveCapsuleDir(capsuleArg);
   const sourceStore = await createMemorySourceStoreFromDirectory(capsuleDir);
@@ -933,7 +1048,6 @@ async function deployCommand(args) {
   const serverEnv = await readCapsuleServerEnv(sourceStore);
   const serverEnvKeys = Object.keys(serverEnv).sort();
   const hasServerEnvValues = serverEnvKeys.length > 0;
-  const ttl = parseTtlSeconds(readArg(args, "--ttl", "7d"));
   const api = deployApiUrl(args);
   const metadata = await readDeployMetadata(capsuleDir);
   const canUpdate =
@@ -985,7 +1099,7 @@ async function deployCommand(args) {
 
   if (canUpdate) {
     response = await fetch(`${api}/v1/deploys/${encodeURIComponent(metadata.deployId)}`, {
-      body: deployRequestBody(envelope, ttl, { serverEnv: serverEnvForUpdate }),
+      body: deployRequestBody(envelope, { serverEnv: serverEnvForUpdate }),
       headers: {
         "Authorization": `Bearer ${metadata.claimToken}`,
         "Content-Type": "application/json"
@@ -1006,7 +1120,7 @@ async function deployCommand(args) {
   }
 
   response ??= await fetch(`${api}/v1/anonymous-deploys`, {
-    body: deployRequestBody(envelope, ttl),
+    body: deployRequestBody(envelope),
     headers: {
       "Content-Type": "application/json"
     },
@@ -1044,9 +1158,10 @@ async function deployCommand(args) {
     console.log(`${mode === "updated" ? "Updated" : "Created"} anonymous preview.\n`);
   }
   console.log(`App:        ${deployed.url}`);
-  console.log(`Expires:    ${deployed.expiresAt}`);
+  console.log(`Updated:    ${formatOptionalTimestamp(deployed.updatedAt, "unknown")}`);
+  console.log(`Expires:    ${formatOptionalTimestamp(deployed.expiresAt)}`);
   if (deployed.claimUrl) {
-    console.log(`Claim:      ${deployed.claimUrl}`);
+    console.log(`Claim:      ${claimCommandText({ api, capsuleArg })}`);
   }
   console.log(`Inspect:    lakebed inspect ${deployed.deployId}`);
   console.log("\nLimits:");
@@ -1063,7 +1178,7 @@ async function deployCommand(args) {
   }
   if (envelope.claimRequired) {
     console.log("\nThis app needs a claimed deploy before server-side fetch or server env can run.");
-    console.log("Open the claim URL, then run lakebed deploy again.");
+    console.log(`Run ${claimCommandText({ api, capsuleArg })}, then run lakebed deploy again.`);
   }
 }
 
@@ -1116,8 +1231,15 @@ async function claimCommand(args) {
     return;
   }
 
-  console.log("Open this URL to claim the current project's deploy:");
-  console.log(claimUrl);
+  try {
+    await openUrlInBrowser(claimUrl);
+  } catch (error) {
+    throw new Error(
+      `Unable to open the claim page in your browser: ${error instanceof Error ? error.message : String(error)}\n\nRun ${claimCommandText({ api, capsuleArg })} --json to read the claim URL.`
+    );
+  }
+
+  console.log(`Opened claim page for deploy ${result.deployId} in your browser.`);
 }
 
 async function anonymousServerCommand(args) {
@@ -1163,7 +1285,8 @@ async function inspectCommand(args) {
 
   console.log(`Deploy:   ${manifest.deployId}`);
   console.log(`URL:      ${manifest.url}`);
-  console.log(`Expires:  ${manifest.expiresAt}`);
+  console.log(`Updated:  ${formatOptionalTimestamp(manifest.updatedAt, "unknown")}`);
+  console.log(`Expires:  ${formatOptionalTimestamp(manifest.expiresAt)}`);
   console.log(`Artifact: ${manifest.artifactHash}`);
   console.log(`Queries:  ${manifest.queries.join(", ") || "(none)"}`);
   console.log(`Mutations: ${manifest.mutations.join(", ") || "(none)"}`);
@@ -1477,11 +1600,12 @@ async function isInsideGitWorkTree(cwd) {
 }
 
 function shellQuote(value) {
-  if (/^[A-Za-z0-9_./:-]+$/.test(value)) {
-    return value;
+  const text = String(value);
+  if (/^[A-Za-z0-9_./:=,@%+-]+$/.test(text)) {
+    return text;
   }
 
-  return `'${value.replaceAll("'", "'\\''")}'`;
+  return `'${text.replaceAll("'", "'\\''")}'`;
 }
 
 async function promptForCapsuleName() {

package/src/client.js

@@ -6,6 +6,7 @@ const AUTH_STORAGE_KEY = "lakebed_identity";
 const LEGACY_SHOO_STORAGE_KEY = "shoo_identity";
 const PKCE_STORAGE_KEY = "lakebed_google_pkce";
 const RETURN_TO_STORAGE_KEY = "lakebed_google_return_to";
+const AUTH_RESUME_STORAGE_KEY = "lakebed_google_resume_attempt";
 const PKCE_MAX_AGE_MS = 10 * 60 * 1000;
 const encoder = new TextEncoder();
 
@@ -19,6 +20,7 @@ const pending = new Map();
 const activeSubscriptions = new Set();
 let authInitPromise = null;
 let authInitialized = false;
+let authResumeStarted = false;
 let refreshRequested = false;
 
 function toGuestName(name) {
@@ -67,6 +69,18 @@ function browserStorage() {
   }
 }
 
+function browserSessionStorage() {
+  if (typeof window === "undefined") {
+    return null;
+  }
+
+  try {
+    return window.sessionStorage;
+  } catch {
+    return null;
+  }
+}
+
 function currentGuestName() {
   if (typeof window === "undefined") {
     return "local";
@@ -236,7 +250,11 @@ export function decodeIdentityClaims(idToken) {
   return parseJson(decodeBase64Url(parts[1]));
 }
 
-function readStoredIdentity() {
+function isExpiredClaims(claims) {
+  return typeof claims?.exp === "number" && claims.exp * 1000 <= Date.now();
+}
+
+function readStoredIdentity({ allowExpired = false } = {}) {
   const storage = browserStorage();
   if (!storage) {
     return { userId: null };
@@ -260,12 +278,13 @@ function readStoredIdentity() {
 
   const token = typeof parsed.token === "string" ? parsed.token : undefined;
   const claims = decodeIdentityClaims(token);
-  if (typeof claims?.exp === "number" && claims.exp * 1000 <= Date.now()) {
-    clearStoredIdentity();
-    return { userId: null };
+  const expired = isExpiredClaims(claims);
+  if (expired && !allowExpired) {
+    return { expired, userId: null };
   }
 
   return {
+    expired,
     token,
     userId: typeof parsed.userId === "string" ? parsed.userId : (typeof parsed.pairwiseSub === "string" ? parsed.pairwiseSub : null)
   };
@@ -306,6 +325,19 @@ function clearStoredIdentity() {
   }
 }
 
+function clearAuthResumeAttempt() {
+  const storage = browserSessionStorage();
+  if (!storage) {
+    return;
+  }
+
+  try {
+    storage.removeItem(AUTH_RESUME_STORAGE_KEY);
+  } catch {
+    // Ignore storage failures; resume attempts are best effort.
+  }
+}
+
 function storedAuthToken() {
   return readStoredIdentity().token ?? "";
 }
@@ -431,6 +463,7 @@ async function handleGoogleCallback() {
     throw new Error("Google sign-in token response was missing identity claims.");
   }
   persistIdentity(token.pairwise_sub, token.id_token, token.expires_in);
+  clearAuthResumeAttempt();
   window.sessionStorage.removeItem(PKCE_STORAGE_KEY);
 
   const localAuth = createGoogleAuthFromToken(token.id_token);
@@ -445,11 +478,78 @@ async function handleGoogleCallback() {
   return token;
 }
 
+function authResumeAttemptKey(identity) {
+  const claims = decodeIdentityClaims(identity.token);
+  return [identity.userId, claims?.jti, claims?.exp].filter(Boolean).join(":") || identity.token;
+}
+
+function beginStoredGoogleSessionResume() {
+  if (typeof window === "undefined" || authResumeStarted) {
+    return false;
+  }
+
+  if (parseCallback()) {
+    return false;
+  }
+
+  const search = new URLSearchParams(window.location.search);
+  if (search.has("error") || window.location.pathname === callbackPath()) {
+    return false;
+  }
+
+  if (search.has("lakebed_guest") || search.has("guest")) {
+    return false;
+  }
+
+  const identity = readStoredIdentity({ allowExpired: true });
+  if (!identity.token || !identity.expired) {
+    return false;
+  }
+
+  const claims = decodeIdentityClaims(identity.token);
+  if (!claims?.pairwise_sub && !claims?.sub) {
+    clearStoredIdentity();
+    return false;
+  }
+
+  const storage = browserSessionStorage();
+  const attemptKey = authResumeAttemptKey(identity);
+  try {
+    if (storage?.getItem(AUTH_RESUME_STORAGE_KEY) === attemptKey) {
+      return false;
+    }
+    storage?.setItem(AUTH_RESUME_STORAGE_KEY, attemptKey);
+  } catch {
+    // Without sessionStorage, the page navigation below is still safe.
+  }
+
+  authResumeStarted = true;
+  auth = withAuthLoading(createGuestAuth(currentGuestName()), true);
+  emitAuth();
+
+  void signInWithGoogle({ returnTo: currentRoute() }).catch((error) => {
+    console.error("[lakebed] Google session resume failed", error);
+    authResumeStarted = false;
+    clearStoredIdentity();
+    clearAuthResumeAttempt();
+    auth = withAuthLoading(createGuestAuth(currentGuestName()), false);
+    emitAuth();
+    reconnect();
+  });
+
+  return true;
+}
+
 function ensureAuthInitialized() {
   if (authInitialized) {
     return Promise.resolve();
   }
 
+  if (beginStoredGoogleSessionResume()) {
+    authInitialized = true;
+    return Promise.resolve();
+  }
+
   authInitPromise ??= handleGoogleCallback()
     .catch((error) => {
       console.error("[lakebed] Google sign-in failed", error);
@@ -501,6 +601,9 @@ function connect() {
     const message = JSON.parse(String(event.data));
 
     if (message.op === "auth.result") {
+      if (authResumeStarted) {
+        return;
+      }
       auth = withAuthLoading(message.auth, false);
       emitAuth();
       return;
@@ -592,6 +695,7 @@ export async function signInWithGoogle(options = {}) {
 
 export function signOut() {
   clearStoredIdentity();
+  clearAuthResumeAttempt();
   auth = withAuthLoading(createGuestAuth(currentGuestName()), true);
   emitAuth();
   reconnect();

package/src/runtime.js

@@ -243,8 +243,9 @@ export class StateCell {
 }
 
 export class LogBuffer {
-  constructor() {
+  constructor({ beforeConsoleWrite } = {}) {
     this.entries = [];
+    this.beforeConsoleWrite = beforeConsoleWrite;
   }
 
   append(level, message, data) {
@@ -255,6 +256,7 @@ export class LogBuffer {
       at: now()
     };
     this.entries.push(entry);
+    this.beforeConsoleWrite?.();
     console[level === "error" ? "error" : level === "warn" ? "warn" : "log"](`[lakebed:${level}] ${message}`, data ?? "");
   }
 

package/src/version.js

@@ -1 +1 @@
-export const LAKEBED_VERSION = "0.0.13";
+export const LAKEBED_VERSION = "0.0.15";