lakebed 0.0.14 → 0.0.15

package/README.md

@@ -122,7 +122,7 @@ lakebed new [name] [--template todo] [--no-git]
 lakebed create [name] [--template todo] [--no-git]
 lakebed dev [capsule-dir] [--port 3000]
 lakebed build [capsule-dir] --target anonymous [--out .lakebed/artifacts/app.json] [--json]
-lakebed deploy [capsule-dir] [--ttl 7d] [--api <url>] [--json]
+lakebed deploy [capsule-dir] [--api <url>] [--json]
 lakebed claim [capsule-dir] [--api <url>] [--json]
 lakebed anonymous-server [--port 8787] [--public-root-url <url>] [--app-base-domain <domain>]
 lakebed inspect <deploy-id-or-url> [--api <url>] [--json]
@@ -167,7 +167,7 @@ LAKEBED_APP_BASE_DOMAIN=lakebed.app
 
 With a verified `*.lakebed.app` custom domain on the runner, deploy responses use `https://<slug>.lakebed.app`.
 
-Deploy responses include a claim URL. Configure GitHub OAuth on the runner, then open that claim URL to attach the anonymous deploy to a developer account:
+Deploy responses include claim metadata. Configure GitHub OAuth on the runner, then run `lakebed claim` to open the claim page and attach the anonymous deploy to a developer account:
 
 ```sh
 LAKEBED_GITHUB_CLIENT_ID=...
@@ -176,7 +176,7 @@ LAKEBED_SESSION_SECRET=...
 LAKEBED_SERVER_ENV_SECRET=...
 ```
 
-Claimed deploys are listed at `/deploys` on the deploy API origin. They keep the same resource limits as anonymous deploys and do not expire. Anonymous deploys cannot use outbound `fetch` or hosted server env; after a deploy is claimed, `lakebed deploy` can update it with a source-backed server artifact that supports async handlers, server-side fetch, and `.env.lakebed.server` sync. If the first deploy already needs server-side `fetch` or server env, `lakebed deploy` creates a claim-required preview, saves its claim metadata, and prints the claim URL. Open that URL, then run `lakebed deploy` again to publish the real source-backed app. Set `LAKEBED_SERVER_ENV_SECRET` on Postgres-backed runners to encrypt stored server env values.
+Claimed deploys are listed at `/deploys` on the deploy API origin. They keep the same resource limits as anonymous deploys and do not expire. Anonymous deploys cannot use outbound `fetch` or hosted server env; after a deploy is claimed, `lakebed deploy` can update it with a source-backed server artifact that supports async handlers, server-side fetch, and `.env.lakebed.server` sync. If the first deploy already needs server-side `fetch` or server env, `lakebed deploy` creates a claim-required preview, saves its claim metadata, and prints the `lakebed claim` command. Run that command, then run `lakebed deploy` again to publish the real source-backed app. Set `LAKEBED_SERVER_ENV_SECRET` on Postgres-backed runners to encrypt stored server env values.
 
 ## Admin Dashboard
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "lakebed",
-  "version": "0.0.14",
+  "version": "0.0.15",
   "description": "Agent-native CLI and runtime for building and deploying Lakebed capsules.",
   "license": "UNLICENSED",
   "type": "module",

package/src/anonymous-server.js

@@ -19,6 +19,11 @@ function now() {
   return new Date().toISOString();
 }
 
+function anonymousDeployExpiresAt() {
+  const ttlSeconds = parseTtlSeconds();
+  return new Date(Date.now() + ttlSeconds * 1000).toISOString();
+}
+
 function dayWindowStart() {
   return `${new Date().toISOString().slice(0, 10)}T00:00:00.000Z`;
 }
@@ -2609,7 +2614,7 @@ export class MemoryAnonymousStore {
     });
   }
 
-  async createDeploy({ appBaseDomain, artifact, artifactHash, clientBundleBase64, clientBundleHash, publicRootUrl, requestedTtlSeconds, serverEnv }) {
+  async createDeploy({ appBaseDomain, artifact, artifactHash, clientBundleBase64, clientBundleHash, publicRootUrl, serverEnv }) {
     const deployId = createDeployId();
     const normalizedAppBaseDomain = normalizeAppBaseDomain(appBaseDomain);
     let slug = createSlug();
@@ -2619,8 +2624,7 @@ export class MemoryAnonymousStore {
 
     const token = createClaimToken();
     const createdAt = now();
-    const ttlSeconds = parseTtlSeconds(requestedTtlSeconds);
-    const expiresAt = new Date(Date.now() + ttlSeconds * 1000).toISOString();
+    const expiresAt = anonymousDeployExpiresAt();
     const url = appUrlForSlug({ appBaseDomain: normalizedAppBaseDomain, publicRootUrl, slug });
 
     this.storeArtifact({
@@ -2665,7 +2669,6 @@ export class MemoryAnonymousStore {
     clientBundleHash,
     deployId,
     publicRootUrl,
-    requestedTtlSeconds,
     serverEnv
   }) {
     const currentDeploy = await this.getStoredDeployById(deployId);
@@ -2674,7 +2677,6 @@ export class MemoryAnonymousStore {
     }
 
     const updatedAt = now();
-    const ttlSeconds = parseTtlSeconds(requestedTtlSeconds);
     const nextAppBaseDomain = normalizeAppBaseDomain(appBaseDomain ?? currentDeploy.appBaseDomain);
     const nextPublicRootUrl = publicRootUrl ?? currentDeploy.publicRootUrl;
     const deploy = {
@@ -2682,7 +2684,7 @@ export class MemoryAnonymousStore {
       appBaseDomain: nextAppBaseDomain,
       artifactHash,
       clientBundleHash,
-      expiresAt: currentDeploy.ownerId ? null : new Date(Date.now() + ttlSeconds * 1000).toISOString(),
+      expiresAt: currentDeploy.ownerId ? null : anonymousDeployExpiresAt(),
       publicRootUrl: nextPublicRootUrl,
       url: appUrlForSlug({ appBaseDomain: nextAppBaseDomain, publicRootUrl: nextPublicRootUrl, slug: currentDeploy.slug }),
       status: "active",
@@ -3318,11 +3320,10 @@ export class PostgresAnonymousStore {
     );
   }
 
-  async createDeploy({ appBaseDomain, artifact, artifactHash, clientBundleBase64, clientBundleHash, publicRootUrl, requestedTtlSeconds, serverEnv }) {
+  async createDeploy({ appBaseDomain, artifact, artifactHash, clientBundleBase64, clientBundleHash, publicRootUrl, serverEnv }) {
     const createdAt = now();
     const normalizedAppBaseDomain = normalizeAppBaseDomain(appBaseDomain);
-    const ttlSeconds = parseTtlSeconds(requestedTtlSeconds);
-    const expiresAt = new Date(Date.now() + ttlSeconds * 1000).toISOString();
+    const expiresAt = anonymousDeployExpiresAt();
     const token = createClaimToken();
     const deployId = createDeployId();
 
@@ -3397,7 +3398,6 @@ export class PostgresAnonymousStore {
     clientBundleHash,
     deployId,
     publicRootUrl,
-    requestedTtlSeconds,
     serverEnv
   }) {
     const currentDeploy = await this.getBaseDeployById(deployId);
@@ -3406,8 +3406,7 @@ export class PostgresAnonymousStore {
     }
 
     const updatedAt = now();
-    const ttlSeconds = parseTtlSeconds(requestedTtlSeconds);
-    const expiresAt = currentDeploy.ownerId ? null : new Date(Date.now() + ttlSeconds * 1000).toISOString();
+    const expiresAt = currentDeploy.ownerId ? null : anonymousDeployExpiresAt();
     const nextAppBaseDomain = normalizeAppBaseDomain(appBaseDomain ?? currentDeploy.appBaseDomain);
     const nextPublicRootUrl = publicRootUrl ?? currentDeploy.publicRootUrl;
     const url = appUrlForSlug({ appBaseDomain: nextAppBaseDomain, publicRootUrl: nextPublicRootUrl, slug: currentDeploy.slug });
@@ -4393,7 +4392,6 @@ export async function startAnonymousServer({
           clientBundleBase64: payload.clientBundleBase64,
           clientBundleHash: payload.clientBundleHash,
           publicRootUrl: resolvedPublicRootUrl,
-          requestedTtlSeconds: body.requestedTtlSeconds ?? requestUrl.searchParams.get("ttl") ?? undefined,
           serverEnv: payload.serverEnv
         });
         await resolvedStore.appendLog(deploy.id, "info", "anonymous deploy created", { artifactHash: deploy.artifactHash });
@@ -4428,7 +4426,6 @@ export async function startAnonymousServer({
           clientBundleHash: payload.clientBundleHash,
           deployId,
           publicRootUrl: resolvedPublicRootUrl,
-          requestedTtlSeconds: body.requestedTtlSeconds ?? requestUrl.searchParams.get("ttl") ?? undefined,
           serverEnv: payload.serverEnv
         });
         if (!deploy) {

package/src/cli.js

@@ -17,7 +17,6 @@ import {
   SERVER_ENV_FILE,
   createAnonymousArtifact,
   createClaimedArtifact,
-  parseTtlSeconds,
   stableStringify,
   validateServerEnvValues
 } from "./anonymous.js";
@@ -41,7 +40,7 @@ Usage:
   lakebed create [name] [--template todo] [--no-git]
   lakebed dev [capsule-dir] [--port 3000]
   lakebed build [capsule-dir] --target anonymous [--out .lakebed/artifacts/app.json] [--json]
-  lakebed deploy [capsule-dir] [--ttl 7d] [--api <url>] [--json]
+  lakebed deploy [capsule-dir] [--api <url>] [--json]
   lakebed claim [capsule-dir] [--api <url>] [--json]
   lakebed anonymous-server [--port 8787] [--public-root-url <url>] [--app-base-domain <domain>]
   lakebed inspect <deploy-id-or-url> [--api <url>] [--json]
@@ -72,8 +71,7 @@ const optionsWithValues = new Set([
   "--port",
   "--public-root-url",
   "--target",
-  "--template",
-  "--ttl"
+  "--template"
 ]);
 
 function positionals(args) {
@@ -948,12 +946,39 @@ function claimUrlFromDeployMetadata(metadata) {
   return `${String(metadata.api).replace(/\/+$/g, "")}/claim/${encodeURIComponent(metadata.deployId)}/${encodeURIComponent(metadata.claimToken)}`;
 }
 
-function deployRequestBody(envelope, ttl, { serverEnv } = {}) {
+function claimCommandText({ api, capsuleArg }) {
+  const parts = ["lakebed", "claim"];
+  if (capsuleArg) {
+    parts.push(capsuleArg);
+  }
+  if (api !== defaultDeployApiUrl) {
+    parts.push("--api", api);
+  }
+  return parts.map(shellQuote).join(" ");
+}
+
+function browserOpenInvocation(url) {
+  if (process.platform === "darwin") {
+    return { command: "open", args: [url] };
+  }
+
+  if (process.platform === "win32") {
+    return { command: "cmd", args: ["/c", "start", "", url] };
+  }
+
+  return { command: "xdg-open", args: [url] };
+}
+
+async function openUrlInBrowser(url) {
+  const invocation = browserOpenInvocation(url);
+  await execFileAsync(invocation.command, invocation.args, { windowsHide: true });
+}
+
+function deployRequestBody(envelope, { serverEnv } = {}) {
   const body = {
     artifact: envelope.artifact,
     clientBundle: envelope.clientBundle,
-    clientVersion: LAKEBED_VERSION,
-    requestedTtlSeconds: ttl
+    clientVersion: LAKEBED_VERSION
   };
   if (serverEnv !== undefined) {
     body.serverEnv = {
@@ -1012,6 +1037,10 @@ async function readResponseJson(response) {
 }
 
 async function deployCommand(args) {
+  if (args.some((arg) => arg === "--ttl" || arg.startsWith("--ttl="))) {
+    throw new Error("lakebed deploy no longer accepts --ttl. Deploy expiry is set by the server.");
+  }
+
   const [capsuleArg] = positionals(args);
   const capsuleDir = resolveCapsuleDir(capsuleArg);
   const sourceStore = await createMemorySourceStoreFromDirectory(capsuleDir);
@@ -1019,7 +1048,6 @@ async function deployCommand(args) {
   const serverEnv = await readCapsuleServerEnv(sourceStore);
   const serverEnvKeys = Object.keys(serverEnv).sort();
   const hasServerEnvValues = serverEnvKeys.length > 0;
-  const ttl = parseTtlSeconds(readArg(args, "--ttl", "7d"));
   const api = deployApiUrl(args);
   const metadata = await readDeployMetadata(capsuleDir);
   const canUpdate =
@@ -1071,7 +1099,7 @@ async function deployCommand(args) {
 
   if (canUpdate) {
     response = await fetch(`${api}/v1/deploys/${encodeURIComponent(metadata.deployId)}`, {
-      body: deployRequestBody(envelope, ttl, { serverEnv: serverEnvForUpdate }),
+      body: deployRequestBody(envelope, { serverEnv: serverEnvForUpdate }),
       headers: {
         "Authorization": `Bearer ${metadata.claimToken}`,
         "Content-Type": "application/json"
@@ -1092,7 +1120,7 @@ async function deployCommand(args) {
   }
 
   response ??= await fetch(`${api}/v1/anonymous-deploys`, {
-    body: deployRequestBody(envelope, ttl),
+    body: deployRequestBody(envelope),
     headers: {
       "Content-Type": "application/json"
     },
@@ -1133,7 +1161,7 @@ async function deployCommand(args) {
   console.log(`Updated:    ${formatOptionalTimestamp(deployed.updatedAt, "unknown")}`);
   console.log(`Expires:    ${formatOptionalTimestamp(deployed.expiresAt)}`);
   if (deployed.claimUrl) {
-    console.log(`Claim:      ${deployed.claimUrl}`);
+    console.log(`Claim:      ${claimCommandText({ api, capsuleArg })}`);
   }
   console.log(`Inspect:    lakebed inspect ${deployed.deployId}`);
   console.log("\nLimits:");
@@ -1150,7 +1178,7 @@ async function deployCommand(args) {
   }
   if (envelope.claimRequired) {
     console.log("\nThis app needs a claimed deploy before server-side fetch or server env can run.");
-    console.log("Open the claim URL, then run lakebed deploy again.");
+    console.log(`Run ${claimCommandText({ api, capsuleArg })}, then run lakebed deploy again.`);
   }
 }
 
@@ -1203,8 +1231,15 @@ async function claimCommand(args) {
     return;
   }
 
-  console.log("Open this URL to claim the current project's deploy:");
-  console.log(claimUrl);
+  try {
+    await openUrlInBrowser(claimUrl);
+  } catch (error) {
+    throw new Error(
+      `Unable to open the claim page in your browser: ${error instanceof Error ? error.message : String(error)}\n\nRun ${claimCommandText({ api, capsuleArg })} --json to read the claim URL.`
+    );
+  }
+
+  console.log(`Opened claim page for deploy ${result.deployId} in your browser.`);
 }
 
 async function anonymousServerCommand(args) {
@@ -1565,11 +1600,12 @@ async function isInsideGitWorkTree(cwd) {
 }
 
 function shellQuote(value) {
-  if (/^[A-Za-z0-9_./:-]+$/.test(value)) {
-    return value;
+  const text = String(value);
+  if (/^[A-Za-z0-9_./:=,@%+-]+$/.test(text)) {
+    return text;
   }
 
-  return `'${value.replaceAll("'", "'\\''")}'`;
+  return `'${text.replaceAll("'", "'\\''")}'`;
 }
 
 async function promptForCapsuleName() {

package/src/version.js

@@ -1 +1 @@
-export const LAKEBED_VERSION = "0.0.14";
+export const LAKEBED_VERSION = "0.0.15";