lakebed 0.0.3-alpha.0 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/README.md +56 -2
  2. package/package.json +6 -5
  3. package/src/anonymous-server.js +1874 -58
  4. package/src/anonymous.js +14 -5
  5. package/src/auth.js +155 -0
  6. package/src/cli.js +40 -42
  7. package/src/client.d.ts +55 -0
  8. package/src/client.js +445 -9
  9. package/src/server.d.ts +7 -0
package/README.md CHANGED
@@ -55,6 +55,37 @@ export default capsule({
55
55
  });
56
56
  ```
57
57
 
58
+ ## Auth
59
+
60
+ Every app starts with local guest auth. To let users sign in with Google, render the built-in button. Lakebed always asks Shoo for profile fields so the app can show a useful identifier like `auth.email` or `auth.displayName`.
61
+
62
+ ```tsx
63
+ import { SignInWithGoogle, signOut, useAuth } from "lakebed/client";
64
+
65
+ export function App() {
66
+ const auth = useAuth();
67
+ const authLabel = auth.email ?? auth.displayName;
68
+
69
+ return auth.isGuest ? (
70
+ <SignInWithGoogle />
71
+ ) : (
72
+ <button type="button" onClick={() => signOut()}>
73
+ Sign out {authLabel}
74
+ </button>
75
+ );
76
+ }
77
+ ```
78
+
79
+ After sign-in, server handlers receive the verified Google identity through `ctx.auth`:
80
+
81
+ ```ts
82
+ mutations: {
83
+ save: mutation((ctx) => {
84
+ ctx.log.info("signed in user", { userId: ctx.auth.userId, email: ctx.auth.email });
85
+ });
86
+ }
87
+ ```
88
+
58
89
  ## Commands
59
90
 
60
91
  ```sh
@@ -62,7 +93,7 @@ lakebed new <name> [--template todo]
62
93
  lakebed dev <capsule-dir> [--port 3000]
63
94
  lakebed build <capsule-dir> --target anonymous [--out .lakebed/artifacts/app.json] [--json]
64
95
  lakebed deploy [capsule-dir] [--ttl 7d] [--api <url>] [--json]
65
- lakebed anonymous-server [--port 8787] [--public-root-url <url>]
96
+ lakebed anonymous-server [--port 8787] [--public-root-url <url>] [--app-base-domain <domain>]
66
97
  lakebed inspect <deploy-id-or-url> [--api <url>] [--json]
67
98
  lakebed db list [deploy-id-or-url] [--port 3000]
68
99
  lakebed db dump [deploy-id-or-url] [--port 3000]
@@ -75,7 +106,7 @@ lakebed logs [deploy-id-or-url] [--port 3000]
75
106
  - Arbitrary npm imports inside capsules are not supported yet.
76
107
  - Node built-ins are not available inside capsule modules.
77
108
  - Tailwind classes in JSX are the only styling path in v0.
78
- - Guest auth is the only auth mode.
109
+ - Guest auth works by default. Google sign-in is built in through Shoo and exposes verified identity on `ctx.auth`.
79
110
  - Anonymous deploys disable outbound `fetch`.
80
111
 
81
112
  ## Hosted Deploys
@@ -94,3 +125,26 @@ lakebed anonymous-server --port 8787
94
125
  cd my-app
95
126
  lakebed deploy --api http://localhost:8787
96
127
  ```
128
+
129
+ In production, set `PUBLIC_ROOT_URL` to the deploy API origin and `LAKEBED_APP_BASE_DOMAIN` to the app domain without the wildcard prefix:
130
+
131
+ ```sh
132
+ PUBLIC_ROOT_URL=https://api.lakebed.app
133
+ LAKEBED_APP_BASE_DOMAIN=lakebed.app
134
+ ```
135
+
136
+ With a verified `*.lakebed.app` custom domain on the runner, deploy responses use `https://<slug>.lakebed.app`.
137
+
138
+ Deploy responses include a claim URL. Configure GitHub OAuth on the runner, then open that claim URL to attach the anonymous deploy to a developer account:
139
+
140
+ ```sh
141
+ LAKEBED_GITHUB_CLIENT_ID=...
142
+ LAKEBED_GITHUB_CLIENT_SECRET=...
143
+ LAKEBED_SESSION_SECRET=...
144
+ ```
145
+
146
+ Claimed deploys are listed at `/deploys` on the deploy API origin. They keep the same resource limits as anonymous deploys. The current hosted runner still uses the anonymous interpreter artifact, so outbound `fetch` remains blocked until Lakebed has a claimed runtime target that can safely execute server code.
147
+
148
+ ## Admin Dashboard
149
+
150
+ Set `LAKEBED_ADMIN_PASSWORD` on the anonymous deploy runner, then open `/admin` on the runner origin. The password is exchanged for an HttpOnly cookie so the dashboard stays unlocked until the cookie expires or the password changes. The resource table can terminate active deploys while preserving their resource history.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "lakebed",
3
- "version": "0.0.3-alpha.0",
3
+ "version": "0.0.3",
4
4
  "description": "Agent-native CLI and runtime for building and deploying Lakebed capsules.",
5
5
  "license": "UNLICENSED",
6
6
  "type": "module",
@@ -22,6 +22,7 @@
22
22
  "files": [
23
23
  "src/anonymous-server.js",
24
24
  "src/anonymous.js",
25
+ "src/auth.js",
25
26
  "src/cli.js",
26
27
  "src/client.d.ts",
27
28
  "src/client.js",
@@ -47,9 +48,6 @@
47
48
  "publishConfig": {
48
49
  "access": "public"
49
50
  },
50
- "scripts": {
51
- "check": "node --check src/cli.js && node --check src/runtime.js && node --check src/server.js && node --check src/client.js && node --check src/source-store.js && node --check src/anonymous.js && node --check src/anonymous-server.js"
52
- },
53
51
  "dependencies": {
54
52
  "esbuild": "^0.27.1",
55
53
  "pg": "^8.16.3",
@@ -58,5 +56,8 @@
58
56
  },
59
57
  "devDependencies": {
60
58
  "@types/ws": "^8.18.1"
59
+ },
60
+ "scripts": {
61
+ "check": "node --check src/cli.js && node --check src/runtime.js && node --check src/server.js && node --check src/client.js && node --check src/source-store.js && node --check src/anonymous.js && node --check src/anonymous-server.js && node --check src/auth.js"
61
62
  }
62
- }
63
+ }