lakebed 0.0.18 → 0.0.20

package/README.md

@@ -6,22 +6,16 @@ This package is an early public prototype. It includes the `lakebed` CLI, a loca
 
 ## Install
 
-```sh
-npm install -g lakebed
-lakebed new
-lakebed dev my-app
-```
-
-Enter `my-app` when `lakebed new` asks for a capsule name.
-
-Or run it without a global install:
+Run Lakebed through `npx` for now:
 
 ```sh
 npx lakebed new
-npm exec --package lakebed -- lakebed dev my-app
+npx lakebed dev my-app
 ```
 
-`lakebed create` is an alias for `lakebed new`. New capsules get a git repository and initial commit unless they are created inside an existing git repository or `--no-git` is passed.
+Enter `my-app` when `npx lakebed new` asks for a capsule name.
+
+`npx lakebed create` is an alias for `npx lakebed new`. New capsules get a git repository and initial commit unless they are created inside an existing git repository or `--no-git` is passed.
 
 ## Capsule Shape
 
@@ -114,23 +108,45 @@ queries: {
 }
 ```
 
-`lakebed dev` loads `.env.lakebed.server` locally. For hosted apps, claim the deploy, then run `lakebed deploy` to replace the deploy's server env with the file contents. Env values are not included in anonymous artifacts or source manifests.
+`npx lakebed dev` loads `.env.lakebed.server` locally. For hosted apps, claim the deploy, then run `npx lakebed deploy` to replace the deploy's server env with the file contents. Env values are not included in anonymous artifacts or source manifests.
+
+## External Endpoints
+
+Define app-relative HTTP endpoints for webhooks and external services:
+
+```ts
+import { endpoint, json, text } from "lakebed/server";
+
+endpoints: {
+  incoming: endpoint({ method: "POST", path: "/webhooks/incoming" }, async (ctx, req) => {
+    if (req.headers.get("x-webhook-secret") !== ctx.env.WEBHOOK_SECRET) {
+      return text("unauthorized", { status: 401 });
+    }
+
+    const payload = await req.json<{ body: string }>();
+    ctx.db.messages.insert({ body: payload.body, authorId: "webhook" });
+    return json({ ok: true });
+  })
+}
+```
+
+Endpoint handlers receive the same server context as queries and mutations. The request exposes headers, query params, and repeatable `text()`, `json()`, and `bytes()` body readers.
 
 ## Commands
 
 ```sh
-lakebed new [name] [--template todo] [--no-git]
-lakebed create [name] [--template todo] [--no-git]
-lakebed dev [capsule-dir] [--port 3000]
-lakebed build [capsule-dir] --target anonymous [--out .lakebed/artifacts/app.json] [--json]
-lakebed deploy [capsule-dir] [--api <url>] [--public-inspect] [--json]
-lakebed claim [capsule-dir] [--api <url>] [--json]
-lakebed domains add <subdomain.lakebed.app> [--api <url>] [--json]
-lakebed anonymous-server [--port 8787] [--public-root-url <url>] [--app-base-domain <domain>]
-lakebed inspect <deploy-id-or-url> [--api <url>] [--inspect-token <token>] [--json]
-lakebed db list [deploy-id-or-url] [--port 3000] [--inspect-token <token>]
-lakebed db dump [deploy-id-or-url] [--port 3000] [--inspect-token <token>]
-lakebed logs [deploy-id-or-url] [--port 3000] [--inspect-token <token>]
+npx lakebed new [name] [--template todo] [--no-git]
+npx lakebed create [name] [--template todo] [--no-git]
+npx lakebed dev [capsule-dir] [--port 3000]
+npx lakebed build [capsule-dir] --target anonymous [--out .lakebed/artifacts/app.json] [--json]
+npx lakebed deploy [capsule-dir] [--api <url>] [--public-inspect] [--json]
+npx lakebed claim [capsule-dir] [--api <url>] [--json]
+npx lakebed domains add <subdomain.lakebed.app> [--api <url>] [--json]
+npx lakebed anonymous-server [--port 8787] [--public-root-url <url>] [--app-base-domain <domain>]
+npx lakebed inspect <deploy-id-or-url> [--api <url>] [--inspect-token <token>] [--json]
+npx lakebed db list [deploy-id-or-url] [--port 3000] [--inspect-token <token>]
+npx lakebed db dump [deploy-id-or-url] [--port 3000] [--inspect-token <token>]
+npx lakebed logs [deploy-id-or-url] [--port 3000] [--inspect-token <token>]
 ```
 
 ## Current Constraints
@@ -149,15 +165,15 @@ Once a Lakebed deploy runner is available, deploy a capsule with:
 
 ```sh
 cd my-app
-lakebed deploy
+npx lakebed deploy
 ```
 
 For local deploy-runner testing:
 
 ```sh
-lakebed anonymous-server --port 8787
+npx lakebed anonymous-server --port 8787
 cd my-app
-lakebed deploy --api http://localhost:8787
+npx lakebed deploy --api http://localhost:8787
 ```
 
 In production, set `PUBLIC_ROOT_URL` to the deploy API origin and `LAKEBED_APP_BASE_DOMAIN` to the app domain without the wildcard prefix:
@@ -189,7 +205,7 @@ LAKEBED_ANONYMOUS_CLEANUP_RETENTION=7d
 LAKEBED_ANONYMOUS_CLEANUP_INTERVAL=1h
 ```
 
-Deploy responses include claim metadata. Configure GitHub OAuth on the runner, then run `lakebed claim` to open the claim page and attach the anonymous deploy to a developer account:
+Deploy responses include claim metadata. Configure GitHub OAuth on the runner, then run `npx lakebed claim` to open the claim page and attach the anonymous deploy to a developer account:
 
 ```sh
 LAKEBED_GITHUB_CLIENT_ID=...
@@ -198,9 +214,9 @@ LAKEBED_SESSION_SECRET=...
 LAKEBED_SERVER_ENV_SECRET=...
 ```
 
-Claimed deploys are listed at `/deploys` on the deploy API origin. They keep the same resource limits as anonymous deploys and do not expire. Anonymous deploys cannot use outbound `fetch` or hosted server env; after a deploy is claimed, `lakebed deploy` can update it with a source-backed server artifact that supports async handlers, server-side fetch, and `.env.lakebed.server` sync. If the first deploy already needs server-side `fetch` or server env, `lakebed deploy` creates a claim-required preview, saves its claim metadata, and prints the `lakebed claim` command. Run that command, then run `lakebed deploy` again to publish the real source-backed app. Set `LAKEBED_SERVER_ENV_SECRET` on Postgres-backed runners to encrypt stored server env values.
+Claimed deploys are listed at `/deploys` on the deploy API origin. They keep the same resource limits as anonymous deploys and do not expire. Anonymous deploys cannot use outbound `fetch` or hosted server env; after a deploy is claimed, `npx lakebed deploy` can update it with a source-backed server artifact that supports async handlers, server-side fetch, and `.env.lakebed.server` sync. If the first deploy already needs server-side `fetch` or server env, `npx lakebed deploy` creates a claim-required preview, saves its claim metadata, and prints the `npx lakebed claim` command. Run that command, then run `npx lakebed deploy` again to publish the real source-backed app. Set `LAKEBED_SERVER_ENV_SECRET` on Postgres-backed runners to encrypt stored server env values.
 
-Hosted inspection is private by default. `lakebed inspect`, `lakebed db list`, `lakebed db dump`, and `lakebed logs` send the saved claim token automatically when run from the capsule directory.
+Hosted inspection is private by default. `npx lakebed inspect`, `npx lakebed db list`, `npx lakebed db dump`, and `npx lakebed logs` send the saved claim token automatically when run from the capsule directory.
 
 After a deploy is claimed, reserve a Lakebed-owned app subdomain from the capsule directory:
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "lakebed",
-  "version": "0.0.18",
+  "version": "0.0.20",
   "description": "Agent-native CLI and runtime for building and deploying Lakebed capsules.",
   "license": "UNLICENSED",
   "type": "module",
@@ -52,6 +52,9 @@
   "publishConfig": {
     "access": "public"
   },
+  "scripts": {
+    "check": "node --check src/cli.js && node --check src/runtime.js && node --check src/server.js && node --check src/client.js && node --check src/source-store.js && node --check src/source-runtime.js && node --check src/source-runtime-worker.js && node --check src/source-runtime-loader.mjs && node --check src/anonymous.js && node --check src/anonymous-server.js && node --check src/auth.js && node --check src/version.js"
+  },
   "dependencies": {
     "esbuild": "^0.27.1",
     "pg": "^8.16.3",
@@ -60,8 +63,5 @@
   },
   "devDependencies": {
     "@types/ws": "^8.18.1"
-  },
-  "scripts": {
-    "check": "node --check src/cli.js && node --check src/runtime.js && node --check src/server.js && node --check src/client.js && node --check src/source-store.js && node --check src/source-runtime.js && node --check src/source-runtime-worker.js && node --check src/source-runtime-loader.mjs && node --check src/anonymous.js && node --check src/anonymous-server.js && node --check src/auth.js && node --check src/version.js"
   }
-}
+}

package/src/anonymous-server.js

@@ -8,6 +8,7 @@ import {
   createSlug,
   DEFAULT_ANONYMOUS_LIMITS,
   LAKEBED_VERSION,
+  executeAnonymousEndpoint,
   executeAnonymousMutation,
   executeAnonymousQuery,
   hashClaimToken,
@@ -27,6 +28,8 @@ function anonymousDeployExpiresAt() {
   return new Date(Date.now() + ttlSeconds * 1000).toISOString();
 }
 
+const endpointBodyMaxBytes = 2 * 1024 * 1024;
+
 function dayWindowStart() {
   return `${new Date().toISOString().slice(0, 10)}T00:00:00.000Z`;
 }
@@ -120,7 +123,7 @@ function websocketSend(ws, message) {
   ws.send(JSON.stringify(message));
 }
 
-async function readJsonBody(req, maxBytes = 2 * 1024 * 1024) {
+async function readRequestBody(req, maxBytes = endpointBodyMaxBytes) {
   const chunks = [];
   let total = 0;
   for await (const chunk of req) {
@@ -131,11 +134,72 @@ async function readJsonBody(req, maxBytes = 2 * 1024 * 1024) {
     chunks.push(chunk);
   }
 
-  if (chunks.length === 0) {
+  return Buffer.concat(chunks);
+}
+
+async function readJsonBody(req, maxBytes = 2 * 1024 * 1024) {
+  const body = await readRequestBody(req, maxBytes);
+  if (body.byteLength === 0) {
     return {};
   }
 
-  return JSON.parse(Buffer.concat(chunks).toString("utf8"));
+  return JSON.parse(body.toString("utf8"));
+}
+
+function headersFromNodeRequest(headers) {
+  const clean = {};
+  for (const [name, value] of Object.entries(headers ?? {})) {
+    if (Array.isArray(value)) {
+      clean[name.toLowerCase()] = value.join(", ");
+    } else if (value !== undefined) {
+      clean[name.toLowerCase()] = String(value);
+    }
+  }
+  return clean;
+}
+
+function endpointRequestPayload({ appPath, body, req, requestUrl }) {
+  return {
+    bodyBase64: body.toString("base64"),
+    headers: headersFromNodeRequest(req.headers),
+    method: String(req.method ?? "GET").toUpperCase(),
+    path: appPath,
+    url: requestUrl.href
+  };
+}
+
+function findArtifactEndpoint(artifact, method, path) {
+  const requestMethod = String(method ?? "GET").toUpperCase();
+  for (const [name, endpoint] of Object.entries(artifact.server?.endpoints ?? {})) {
+    if (endpoint?.method === requestMethod && endpoint?.path === path) {
+      return { ...endpoint, name };
+    }
+  }
+  return null;
+}
+
+function sanitizeEndpointResponseHeaders(headers = {}) {
+  const blocked = new Set(["connection", "content-length", "date", "keep-alive", "transfer-encoding", "upgrade"]);
+  const clean = {};
+  for (const [rawName, rawValue] of Object.entries(headers ?? {})) {
+    const name = String(rawName);
+    const lower = name.toLowerCase();
+    if (!/^[a-z0-9!#$%&'*+.^_`|~-]+$/i.test(name) || blocked.has(lower)) {
+      continue;
+    }
+    clean[name] = String(rawValue);
+  }
+  return clean;
+}
+
+function sendEndpointResponse(res, response) {
+  const body = Buffer.from(response?.bodyBase64 ?? "", "base64");
+  const status = Number.isInteger(response?.status) && response.status >= 100 && response.status <= 599 ? response.status : 200;
+  res.writeHead(status, {
+    ...sanitizeEndpointResponseHeaders(response?.headers),
+    "Content-Length": String(body.byteLength)
+  });
+  res.end(body);
 }
 
 function bearerToken(req) {
@@ -410,6 +474,26 @@ function routeSystemPath(pathname) {
   return pathname;
 }
 
+function wantsHtml(req) {
+  const accept = String(req.headers.accept ?? "");
+  return !accept || accept.includes("text/html");
+}
+
+function isReservedClientShellPath(pathname) {
+  return (
+    pathname === "/client.js" ||
+    pathname === "/__lakebed" ||
+    pathname.startsWith("/__lakebed/") ||
+    pathname === "/__span" ||
+    pathname.startsWith("/__span/") ||
+    (pathname.startsWith("/auth/") && pathname !== "/auth/callback")
+  );
+}
+
+function isClientShellRequest(req, pathname) {
+  return req.method === "GET" && wantsHtml(req) && !isReservedClientShellPath(pathname);
+}
+
 function parsePathDeploy(url) {
   const parts = url.pathname.split("/").filter(Boolean);
   if (parts[0] !== "d" || !parts[1]) {
@@ -2893,6 +2977,22 @@ function developerHtml({ authConfigured, deploys = [], user }) {
           ${quotaHtml("Requests", deploy.usage.requestsToday, deploy.limits.requestsPerDay)}
           ${quotaHtml("Mutations", deploy.usage.mutationsToday, deploy.limits.mutationsPerDay)}
         </div>
+        <div class="deploy-actions">
+          ${
+            deploy.status === "active"
+              ? `<button class="button danger terminate-button" type="button" data-terminate-deploy-id="${escapeHtml(deploy.deployId)}" data-terminate-deploy-name="${escapeHtml(deploy.name)}" aria-label="Terminate ${escapeHtml(deploy.name)}">
+                  <svg viewBox="0 0 24 24" aria-hidden="true" fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="2">
+                    <path d="M3 6h18"></path>
+                    <path d="M8 6V4h8v2"></path>
+                    <path d="M19 6l-1 14H6L5 6"></path>
+                    <path d="M10 11v6"></path>
+                    <path d="M14 11v6"></path>
+                  </svg>
+                  <span>Terminate</span>
+                </button>`
+              : ""
+          }
+        </div>
       </article>`;
     })
     .join("");
@@ -3004,11 +3104,30 @@ function developerHtml({ authConfigured, deploys = [], user }) {
         text-decoration: none;
       }
 
+      .button:disabled {
+        cursor: wait;
+        opacity: 0.55;
+      }
+
       .button.secondary {
         background: transparent;
         color: var(--text);
       }
 
+      .button.danger {
+        color: var(--danger);
+      }
+
+      .button.danger:hover {
+        border-color: var(--danger);
+      }
+
+      .button svg {
+        height: 16px;
+        margin-right: 8px;
+        width: 16px;
+      }
+
       .summary {
         background: var(--line);
         border: 1px solid var(--line);
@@ -3061,7 +3180,7 @@ function developerHtml({ authConfigured, deploys = [], user }) {
         align-items: center;
         display: grid;
         gap: 24px;
-        grid-template-columns: minmax(360px, 1fr) minmax(210px, 300px) minmax(360px, 430px);
+        grid-template-columns: minmax(360px, 1fr) minmax(210px, 300px) minmax(360px, 430px) minmax(120px, 150px);
       }
 
       .list-head {
@@ -3088,6 +3207,7 @@ function developerHtml({ authConfigured, deploys = [], user }) {
       .deploy-main,
       .activity,
       .usage-grid,
+      .deploy-actions,
       .quota {
         min-width: 0;
       }
@@ -3203,6 +3323,64 @@ function developerHtml({ authConfigured, deploys = [], user }) {
         width: var(--usage);
       }
 
+      .deploy-actions {
+        display: flex;
+        justify-content: flex-end;
+      }
+
+      .terminate-button {
+        min-width: 126px;
+      }
+
+      .confirm-dialog {
+        background: var(--panel-raised);
+        border: 1px solid var(--line-strong);
+        border-radius: 8px;
+        box-shadow: 0 24px 80px rgba(0, 0, 0, 0.55);
+        color: var(--text);
+        margin: auto;
+        max-width: 430px;
+        padding: 0;
+        width: calc(100% - 32px);
+      }
+
+      .confirm-dialog::backdrop {
+        background: rgba(0, 0, 0, 0.72);
+      }
+
+      .dialog-body {
+        display: grid;
+        gap: 14px;
+        padding: 20px;
+      }
+
+      .confirm-dialog h2 {
+        font-size: 20px;
+        line-height: 1.2;
+        margin: 0;
+      }
+
+      .confirm-dialog p {
+        color: var(--soft);
+        line-height: 1.5;
+        margin: 0;
+      }
+
+      .dialog-actions {
+        display: flex;
+        flex-wrap: wrap;
+        gap: 10px;
+        justify-content: flex-end;
+        margin-top: 4px;
+      }
+
+      .dialog-error {
+        color: var(--danger);
+        font-family: "SFMono-Regular", Consolas, monospace;
+        font-size: 12px;
+        min-height: 16px;
+      }
+
       @media (max-width: 980px) {
         .shell {
           padding: 24px 18px 40px;
@@ -3234,6 +3412,10 @@ function developerHtml({ authConfigured, deploys = [], user }) {
         .activity-item {
           justify-content: flex-start;
         }
+
+        .deploy-actions {
+          justify-content: flex-start;
+        }
       }
 
       @media (max-width: 640px) {
@@ -3298,12 +3480,122 @@ function developerHtml({ authConfigured, deploys = [], user }) {
                       <span>Deploy</span>
                       <span>Activity</span>
                       <span>Usage today</span>
+                      <span>Actions</span>
                     </div>
                     ${rows}
                   </div>
                 </section>`
       }
     </main>
+    ${
+      signedIn && activeDeploys > 0
+        ? `<dialog class="confirm-dialog" id="terminate-dialog" aria-describedby="terminate-description" aria-labelledby="terminate-title">
+            <div class="dialog-body">
+              <h2 id="terminate-title">Terminate app?</h2>
+              <p id="terminate-description">This stops serving <strong id="terminate-deploy-name">this app</strong>. Data and logs stay available for inspection.</p>
+              <div class="dialog-error" id="terminate-error" role="alert"></div>
+              <div class="dialog-actions">
+                <button class="button secondary" id="terminate-cancel" type="button">Cancel</button>
+                <button class="button danger" id="terminate-confirm" type="button">
+                  <svg viewBox="0 0 24 24" aria-hidden="true" fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="2">
+                    <path d="M3 6h18"></path>
+                    <path d="M8 6V4h8v2"></path>
+                    <path d="M19 6l-1 14H6L5 6"></path>
+                    <path d="M10 11v6"></path>
+                    <path d="M14 11v6"></path>
+                  </svg>
+                  <span>Terminate</span>
+                </button>
+              </div>
+            </div>
+          </dialog>
+          <script>
+            (() => {
+              const dialog = document.getElementById("terminate-dialog");
+              const name = document.getElementById("terminate-deploy-name");
+              const cancel = document.getElementById("terminate-cancel");
+              const confirm = document.getElementById("terminate-confirm");
+              const error = document.getElementById("terminate-error");
+              let pendingDeployId = "";
+
+              function setBusy(value) {
+                confirm.disabled = value;
+                cancel.disabled = value;
+              }
+
+              function closeDialog() {
+                if (typeof dialog.close === "function") {
+                  dialog.close();
+                } else {
+                  dialog.removeAttribute("open");
+                }
+              }
+
+              function openDialog(button) {
+                pendingDeployId = button.dataset.terminateDeployId || "";
+                name.textContent = button.dataset.terminateDeployName || "this app";
+                error.textContent = "";
+                setBusy(false);
+                if (typeof dialog.showModal === "function") {
+                  dialog.showModal();
+                } else {
+                  dialog.setAttribute("open", "");
+                }
+              }
+
+              async function errorMessage(response) {
+                const text = await response.text();
+                if (!text) {
+                  return response.statusText || "Terminate failed.";
+                }
+                try {
+                  const body = JSON.parse(text);
+                  return body.error || response.statusText || "Terminate failed.";
+                } catch {
+                  return text;
+                }
+              }
+
+              document.addEventListener("click", (event) => {
+                const button = event.target.closest("[data-terminate-deploy-id]");
+                if (!button) {
+                  return;
+                }
+                openDialog(button);
+              });
+
+              dialog.addEventListener("click", (event) => {
+                if (event.target === dialog && !confirm.disabled) {
+                  closeDialog();
+                }
+              });
+
+              cancel.addEventListener("click", closeDialog);
+              confirm.addEventListener("click", async () => {
+                if (!pendingDeployId) {
+                  return;
+                }
+                setBusy(true);
+                error.textContent = "";
+                const response = await fetch("/v1/me/deploys/" + encodeURIComponent(pendingDeployId) + "/terminate", {
+                  headers: { "Accept": "application/json" },
+                  method: "POST"
+                });
+                if (response.status === 401) {
+                  window.location.assign("/auth/github?return_to=" + encodeURIComponent("/deploys"));
+                  return;
+                }
+                if (!response.ok) {
+                  error.textContent = await errorMessage(response);
+                  setBusy(false);
+                  return;
+                }
+                window.location.assign("/deploys");
+              });
+            })();
+          </script>`
+        : ""
+    }
   </body>
 </html>`;
 }
@@ -5499,6 +5791,11 @@ function fullManifestForDeploy({ artifact, deploy, domains = [] }) {
     clientBundleHash: deploy.clientBundleHash,
     deployId: deploy.id,
     domains,
+    endpoints: Object.entries(artifact.server.endpoints ?? {}).map(([name, endpoint]) => ({
+      method: endpoint.method,
+      name,
+      path: endpoint.path
+    })),
     expiresAt: deploy.expiresAt,
     inspectPolicy: inspectPolicyForDeploy(deploy),
     limits: deploy.limits,
@@ -5516,15 +5813,15 @@ function fullManifestForDeploy({ artifact, deploy, domains = [] }) {
 
 function inspectCommandForPath(deploy, systemPath) {
   if (systemPath === "/__lakebed/db") {
-    return `lakebed db dump ${deploy.id}`;
+    return `npx lakebed db dump ${deploy.id}`;
   }
   if (systemPath === "/__lakebed/db/tables") {
-    return `lakebed db list ${deploy.id}`;
+    return `npx lakebed db list ${deploy.id}`;
   }
   if (systemPath === "/__lakebed/logs") {
-    return `lakebed logs ${deploy.id}`;
+    return `npx lakebed logs ${deploy.id}`;
   }
-  return `lakebed inspect ${deploy.id}`;
+  return `npx lakebed inspect ${deploy.id}`;
 }
 
 function inspectAuthFailure(deploy, systemPath) {
@@ -5749,6 +6046,15 @@ export async function startAnonymousServer({
     return resolvedStore.listDeploysForOwner(user.id);
   }
 
+  async function developerSummaryForDeploy(deploy) {
+    const artifact = await resolvedStore.getArtifact(deploy.artifactHash);
+    return developerDeploySummary({
+      artifact: artifact?.artifact,
+      deploy,
+      usage: await resolvedStore.readUsage(deploy.id)
+    });
+  }
+
   async function enforceAnonymousDeployCreation(req) {
     if (deployCreationPolicy.disabled) {
       const error = new LakebedQuotaError({
@@ -5923,6 +6229,43 @@ export async function startAnonymousServer({
         return;
       }
 
+      const developerTerminateMatch =
+        req.method === "POST" ? requestUrl.pathname.match(/^\/v1\/me\/deploys\/([^/]+)\/terminate$/) : null;
+      if (developerTerminateMatch) {
+        const user = currentDeveloper(req);
+        if (!developerAuthConfigured(resolvedGithubOAuth, resolvedDeveloperSessionSecret) || !user) {
+          sendJson(res, 401, { error: "Developer authentication required." });
+          return;
+        }
+
+        const deployId = decodeURIComponent(developerTerminateMatch[1]);
+        const currentDeploy = await resolvedStore.getDeployById(deployId);
+        if (!currentDeploy || currentDeploy.ownerId !== user.id) {
+          sendJson(res, 404, { error: "Unknown deploy." });
+          return;
+        }
+        if (currentDeploy.status !== "active" || isExpired(currentDeploy)) {
+          sendJson(res, 409, { error: "Deploy is not active." });
+          return;
+        }
+
+        const deploy = await resolvedStore.terminateDeploy(deployId);
+        if (!deploy || deploy.ownerId !== user.id) {
+          sendJson(res, 404, { error: "Unknown deploy." });
+          return;
+        }
+
+        await resolvedStore.appendLog(deploy.id, "warn", "anonymous deploy terminated", {
+          ownerId: user.id,
+          ownerLogin: user.login,
+          source: "developer"
+        });
+        await refreshDeploySubscriptions(deploy);
+        closeDeployConnections(deploy.id);
+        sendJson(res, 200, { deploy: await developerSummaryForDeploy(deploy) });
+        return;
+      }
+
       if (req.method === "GET" && requestUrl.pathname === "/auth/github") {
         if (!developerAuthConfigured(resolvedGithubOAuth, resolvedDeveloperSessionSecret)) {
           sendText(res, 503, "GitHub sign-in is not configured.\n", { "Content-Type": "text/plain; charset=utf-8" });
@@ -6414,6 +6757,48 @@ export async function startAnonymousServer({
         return;
       }
 
+      const endpoint = findArtifactEndpoint(loaded.artifact, req.method, appPath);
+      if (endpoint) {
+        await enforceClientTrafficQuota(clientKey, "mutations");
+        await resolvedStore.incrementQuota(
+          loaded.deploy.id,
+          "mutations",
+          quotaLimitForBucket("mutations", loaded.deploy)
+        );
+        const auth = await resolveAuthFromUrl({
+          defaultAuth: createGuestAuth("local"),
+          onError: (error) =>
+            resolvedStore.appendLog(loaded.deploy.id, "warn", "endpoint auth verification failed", {
+              error: error instanceof Error ? error.message : String(error)
+            }),
+          origin: requestOrigin(req, loaded.deploy.url),
+          shooBaseUrl,
+          url: requestUrl
+        });
+        const body = await readRequestBody(req);
+        const response = await executeAnonymousEndpoint({
+          artifact: loaded.artifact,
+          auth,
+          deployId: loaded.deploy.id,
+          limits: loaded.deploy.limits,
+          name: endpoint.name,
+          request: endpointRequestPayload({ appPath, body, req, requestUrl }),
+          sourceRuntime: resolvedSourceRuntime,
+          state: resolvedStore
+        });
+        sendEndpointResponse(res, response);
+        await publishDeploy(loaded.deploy.id);
+        return;
+      }
+
+      if (isClientShellRequest(req, appPath)) {
+        sendText(res, 200, html(loaded.artifact.name ?? "Lakebed Capsule", loaded.basePath, { clientBundleHash: loaded.deploy.clientBundleHash, shooBaseUrl }), {
+          "Cache-Control": "no-store",
+          "Content-Type": "text/html; charset=utf-8"
+        });
+        return;
+      }
+
       sendText(res, 404, "Not found\n", { "Content-Type": "text/plain; charset=utf-8" });
     } catch (error) {
       if (isQuotaError(error)) {