lakebed 0.0.15 → 0.0.16

package/README.md

@@ -124,6 +124,7 @@ lakebed dev [capsule-dir] [--port 3000]
 lakebed build [capsule-dir] --target anonymous [--out .lakebed/artifacts/app.json] [--json]
 lakebed deploy [capsule-dir] [--api <url>] [--json]
 lakebed claim [capsule-dir] [--api <url>] [--json]
+lakebed domains add <subdomain.lakebed.app> [--api <url>] [--json]
 lakebed anonymous-server [--port 8787] [--public-root-url <url>] [--app-base-domain <domain>]
 lakebed inspect <deploy-id-or-url> [--api <url>] [--json]
 lakebed db list [deploy-id-or-url] [--port 3000]
@@ -167,6 +168,26 @@ LAKEBED_APP_BASE_DOMAIN=lakebed.app
 
 With a verified `*.lakebed.app` custom domain on the runner, deploy responses use `https://<slug>.lakebed.app`.
 
+Anonymous deploy creation is relaxed for local `localhost` runners. When `PUBLIC_ROOT_URL` points at a non-local origin, the runner defaults to 50 anonymous deploy creates per forwarded client per UTC day and 5,000 globally. Override those with:
+
+```sh
+LAKEBED_ANONYMOUS_DEPLOY_CREATE_PER_CLIENT_PER_DAY=50
+LAKEBED_ANONYMOUS_DEPLOY_CREATE_GLOBAL_PER_DAY=5000
+LAKEBED_ANONYMOUS_DEPLOY_CREATE_DISABLED=0
+LAKEBED_ANONYMOUS_REQUESTS_PER_CLIENT_PER_DAY=100000
+LAKEBED_ANONYMOUS_MUTATIONS_PER_CLIENT_PER_DAY=10000
+```
+
+Deploy creation, app requests, and app mutations also have per-client IP backstops. Forwarded client IP headers are trusted automatically on Railway only when the request comes through Railway's edge proxy. For other proxy setups, set `LAKEBED_TRUST_PROXY_HEADERS=1` only when your proxy strips untrusted inbound forwarding headers before adding its own.
+
+Expired unclaimed deploys are cleaned up by the runner. By default, cleanup marks expired anonymous deploys terminated after a 1 hour grace window and deletes their state, logs, env, quota rows, slug mapping, and unreferenced artifacts after 7 days:
+
+```sh
+LAKEBED_ANONYMOUS_CLEANUP_GRACE=1h
+LAKEBED_ANONYMOUS_CLEANUP_RETENTION=7d
+LAKEBED_ANONYMOUS_CLEANUP_INTERVAL=1h
+```
+
 Deploy responses include claim metadata. Configure GitHub OAuth on the runner, then run `lakebed claim` to open the claim page and attach the anonymous deploy to a developer account:
 
 ```sh
@@ -178,6 +199,14 @@ LAKEBED_SERVER_ENV_SECRET=...
 
 Claimed deploys are listed at `/deploys` on the deploy API origin. They keep the same resource limits as anonymous deploys and do not expire. Anonymous deploys cannot use outbound `fetch` or hosted server env; after a deploy is claimed, `lakebed deploy` can update it with a source-backed server artifact that supports async handlers, server-side fetch, and `.env.lakebed.server` sync. If the first deploy already needs server-side `fetch` or server env, `lakebed deploy` creates a claim-required preview, saves its claim metadata, and prints the `lakebed claim` command. Run that command, then run `lakebed deploy` again to publish the real source-backed app. Set `LAKEBED_SERVER_ENV_SECRET` on Postgres-backed runners to encrypt stored server env values.
 
+After a deploy is claimed, reserve a Lakebed-owned app subdomain from the capsule directory:
+
+```sh
+npx lakebed domains add my-app.lakebed.app
+```
+
+Reserved product names such as `api`, `admin`, `docs`, and `www` are rejected.
+
 ## Admin Dashboard
 
 Set `LAKEBED_ADMIN_PASSWORD` on the anonymous deploy runner, then open `/admin` on the runner origin. The password is exchanged for an HttpOnly cookie so the dashboard stays unlocked until the cookie expires or the password changes. The resource table can terminate active deploys while preserving their resource history, and the users table can set per-user request and mutation limit overrides for claimed deploys.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "lakebed",
-  "version": "0.0.15",
+  "version": "0.0.16",
   "description": "Agent-native CLI and runtime for building and deploying Lakebed capsules.",
   "license": "UNLICENSED",
   "type": "module",