libretto 0.6.24 → 0.6.25

package/src/cli/core/deploy-artifact.ts

@@ -21,6 +21,7 @@ import {
   getWorkflowsFromModuleExports,
   LIBRETTO_WORKFLOW_BRAND,
 } from "../../shared/workflow/workflow.js";
+import { normalizeCredentialNames } from "../../shared/workflow/credentials.js";
 
 type PackageManifest = {
   name?: string;
@@ -48,6 +49,14 @@ type HostedDeployPackage = {
   cleanup: () => void;
   entryPoint: string;
   outputDir: string;
+  workflows: WorkflowDeployMetadata[];
+};
+
+export type WorkflowDeployMetadata = {
+  name: string;
+  credentialNames: string[];
+  authProfileName?: string;
+  authProfileRefresh?: boolean;
 };
 
 type BuildHostedDeployTarballArgs = {
@@ -66,6 +75,7 @@ const DEFAULT_RUNTIME_EXTERNALS = [
   "chromium-bidi",
 ] as const;
 const BUILT_IN_MANIFEST_DEPENDENCIES = ["libretto"] as const;
+const DEPLOY_METADATA_FILENAME = ".libretto-workflows.json";
 const SOURCE_FILE_EXTENSIONS = [
   "",
   ".ts",
@@ -598,6 +608,16 @@ function writeDeployManifest(args: {
   );
 }
 
+function writeDeployMetadata(args: {
+  outputDir: string;
+  workflows: readonly WorkflowDeployMetadata[];
+}): void {
+  writeFileSync(
+    join(args.outputDir, DEPLOY_METADATA_FILENAME),
+    JSON.stringify({ workflows: args.workflows }, null, 2) + "\n",
+  );
+}
+
 function shouldVendorCurrentLibretto(versionSpec: string): boolean {
   return (
     versionSpec.startsWith("file:") ||
@@ -696,11 +716,17 @@ function createExternalDiscoveryStub(): object {
   });
 }
 
-function createDiscoveryLibrettoModule(workflowNames: Set<string>): object {
+function createDiscoveryLibrettoModule(
+  workflowsByName: Map<string, WorkflowDeployMetadata>,
+): object {
   const moduleShape: Record<PropertyKey, unknown> = {
     LIBRETTO_WORKFLOW_BRAND,
-    workflow: (name: string) => {
-      workflowNames.add(name);
+    workflow: (name: string, definitionOrHandler?: unknown) => {
+      workflowsByName.set(name, {
+        name,
+        ...extractDiscoveryCredentialMetadata(definitionOrHandler),
+        ...extractDiscoveryAuthProfileMetadata(definitionOrHandler),
+      });
       return {
         [LIBRETTO_WORKFLOW_BRAND]: true,
         name,
@@ -724,19 +750,64 @@ function createDiscoveryLibrettoModule(workflowNames: Set<string>): object {
   });
 }
 
-function discoverBundledWorkflowNames(args: {
+function extractDiscoveryCredentialMetadata(
+  definitionOrHandler: unknown,
+): Pick<WorkflowDeployMetadata, "credentialNames"> {
+  if (
+    !definitionOrHandler ||
+    typeof definitionOrHandler !== "object" ||
+    !("credentials" in definitionOrHandler)
+  ) {
+    return { credentialNames: [] };
+  }
+  const rawCredentials = (definitionOrHandler as { credentials?: unknown })
+    .credentials;
+  return {
+    credentialNames: Array.isArray(rawCredentials)
+      ? normalizeCredentialNames(rawCredentials)
+      : [],
+  };
+}
+
+function extractDiscoveryAuthProfileMetadata(
+  definitionOrHandler: unknown,
+): Omit<WorkflowDeployMetadata, "name" | "credentialNames"> {
+  if (
+    !definitionOrHandler ||
+    typeof definitionOrHandler !== "object" ||
+    !("authProfile" in definitionOrHandler)
+  ) {
+    return {};
+  }
+  const authProfile = (definitionOrHandler as { authProfile?: unknown }).authProfile;
+  if (typeof authProfile === "string") return { authProfileName: authProfile };
+  if (!authProfile || typeof authProfile !== "object") return {};
+  const record = authProfile as {
+    name?: unknown;
+    refresh?: unknown;
+  };
+  if (typeof record.name !== "string") return {};
+  return {
+    authProfileName: record.name,
+    ...(typeof record.refresh === "boolean"
+      ? { authProfileRefresh: record.refresh }
+      : {}),
+  };
+}
+
+function discoverBundledWorkflows(args: {
   absEntryPoint: string;
   absSourceDir: string;
   bundleBuffer: Buffer;
   externalPackages: ReadonlySet<string>;
-}): string[] {
+}): WorkflowDeployMetadata[] {
   const discoveryPath = join(
     args.absSourceDir,
     `.libretto-deploy-discovery-${process.pid}-${Date.now()}.cjs`,
   );
   const originalRequire = Module.prototype.require;
-  const workflowNames = new Set<string>();
-  const discoveryLibrettoModule = createDiscoveryLibrettoModule(workflowNames);
+  const workflowsByName = new Map<string, WorkflowDeployMetadata>();
+  const discoveryLibrettoModule = createDiscoveryLibrettoModule(workflowsByName);
   let loadedModuleExports: Record<string, unknown> | null = null;
 
   try {
@@ -764,11 +835,11 @@ function discoverBundledWorkflowNames(args: {
     rmSync(discoveryPath, { force: true });
   }
 
-  const discoveredWorkflowNames = [...workflowNames].sort((left, right) =>
-    left.localeCompare(right),
+  const discoveredWorkflows = [...workflowsByName.values()].sort((left, right) =>
+    left.name.localeCompare(right.name),
   );
 
-  if (discoveredWorkflowNames.length === 0) {
+  if (discoveredWorkflows.length === 0) {
     throw new Error(
       `No workflows were found in ${args.absEntryPoint}. Import the workflow files you want to deploy from the entry point, or export a workflow directly from it.`,
     );
@@ -779,23 +850,23 @@ function discoverBundledWorkflowNames(args: {
       (workflow) => workflow.name,
     ),
   );
-  const nonExportedWorkflowNames = discoveredWorkflowNames.filter(
-    (name) => !exportedWorkflowNames.has(name),
+  const nonExportedWorkflowNames = discoveredWorkflows.filter(
+    (workflow) => !exportedWorkflowNames.has(workflow.name),
   );
 
   if (nonExportedWorkflowNames.length > 0) {
     throw new Error(
-      `Workflows discovered in ${args.absEntryPoint} must be exported from the deploy entry point. Re-export them from the entry point or export them through a \`workflows\` object. Non-exported workflows: ${nonExportedWorkflowNames.join(", ")}`,
+      `Workflows discovered in ${args.absEntryPoint} must be exported from the deploy entry point. Re-export them from the entry point or export them through a \`workflows\` object. Non-exported workflows: ${nonExportedWorkflowNames.map((workflow) => workflow.name).join(", ")}`,
     );
   }
 
-  return discoveredWorkflowNames;
+  return discoveredWorkflows;
 }
 
 function createBootstrapSource(args: {
   bundleBuffer: Buffer;
   deploymentName: string;
-  workflowNames: readonly string[];
+  workflows: readonly WorkflowDeployMetadata[];
 }): string {
   const bundleHash = createHash("sha256")
     .update(args.bundleBuffer)
@@ -805,10 +876,14 @@ function createBootstrapSource(args: {
     "base64",
   );
   const outputPrefix = `${normalizePackageName(args.deploymentName)}-`;
-  const exportLines = args.workflowNames
+  const exportLines = args.workflows
     .map(
-      (name, index) =>
-        `export const ${getGeneratedWorkflowExportName(index)} = createWorkflowProxy(${JSON.stringify(name)});`,
+      (workflow, index) =>
+        `export const ${getGeneratedWorkflowExportName(index)} = createWorkflowProxy(${JSON.stringify(workflow.name)}, ${JSON.stringify({
+          credentialNames: workflow.credentialNames,
+          authProfileName: workflow.authProfileName,
+          authProfileRefresh: workflow.authProfileRefresh,
+        })});`,
     )
     .join("\n");
 
@@ -844,8 +919,8 @@ function ensureBundleFile() {
   return BUNDLE_FILENAME;
 }
 
-function createWorkflowProxy(workflowName) {
-  return workflow(workflowName, async (ctx, input) => {
+function createWorkflowProxy(workflowName, metadata) {
+  const handler = async (ctx, input) => {
     const impl = nativeRequire(ensureBundleFile());
     const target = getWorkflowFromModuleExports(impl, workflowName);
     if (!target || typeof target.run !== "function") {
@@ -854,6 +929,26 @@ function createWorkflowProxy(workflowName) {
       );
     }
     return await target.run(ctx, input);
+  };
+
+  if (!metadata?.authProfileName) {
+    return workflow(workflowName, {
+      credentials: Array.isArray(metadata?.credentialNames)
+        ? metadata.credentialNames
+        : [],
+      handler,
+    });
+  }
+
+  return workflow(workflowName, {
+    credentials: Array.isArray(metadata.credentialNames)
+      ? metadata.credentialNames
+      : [],
+    authProfile: {
+      name: metadata.authProfileName,
+      ...(typeof metadata.authProfileRefresh === "boolean" ? { refresh: metadata.authProfileRefresh } : {}),
+    },
+    handler,
   });
 }
 
@@ -868,7 +963,7 @@ async function writeBundledDeployEntrypoint(args: {
   externalPackages: ReadonlySet<string>;
   outputDir: string;
   workspacePackages: Map<string, WorkspacePackage>;
-}): Promise<void> {
+}): Promise<WorkflowDeployMetadata[]> {
   try {
     // The implementation bundle is CommonJS so the bootstrap can load it lazily
     // with createRequire() after workflow discovery, while external packages
@@ -898,7 +993,7 @@ async function writeBundledDeployEntrypoint(args: {
       );
     }
 
-    const workflowNames = discoverBundledWorkflowNames({
+    const workflows = discoverBundledWorkflows({
       absEntryPoint: args.absEntryPoint,
       absSourceDir: args.absSourceDir,
       bundleBuffer: Buffer.from(bundledImplementation.contents),
@@ -910,9 +1005,10 @@ async function writeBundledDeployEntrypoint(args: {
       createBootstrapSource({
         bundleBuffer: Buffer.from(bundledImplementation.contents),
         deploymentName: args.deploymentName,
-        workflowNames,
+        workflows,
       }),
     );
+    return workflows;
   } catch (error) {
     throw new Error(
       `Failed to bundle deploy entry point ${args.absEntryPoint}.\n${formatBuildError(error)}`,
@@ -944,7 +1040,7 @@ export async function createHostedDeployPackage(
   let callerOwnsTempRoot = false;
 
   try {
-    await writeBundledDeployEntrypoint({
+    const workflows = await writeBundledDeployEntrypoint({
       absEntryPoint,
       absSourceDir,
       deploymentName: args.deploymentName,
@@ -967,17 +1063,19 @@ export async function createHostedDeployPackage(
       outputDir,
       sourceDir: absSourceDir,
     });
+    writeDeployMetadata({ outputDir, workflows });
 
     // Success transfers ownership of the temp directory to the caller, who is
     // responsible for invoking cleanup() after the tarball/upload step.
     callerOwnsTempRoot = true;
-    return {
-      cleanup: () => {
-        rmSync(tempRoot, { force: true, recursive: true });
-      },
-      entryPoint: "index.js",
-      outputDir,
-    };
+      return {
+        cleanup: () => {
+          rmSync(tempRoot, { force: true, recursive: true });
+        },
+        entryPoint: "index.js",
+        outputDir,
+        workflows,
+      };
   } finally {
     // On any failure before we return, this function still owns the temp dir
     // and must remove it to avoid leaking deploy workspaces in /tmp.
@@ -989,7 +1087,7 @@ export async function createHostedDeployPackage(
 
 export async function buildHostedDeployTarball(
   args: BuildHostedDeployTarballArgs,
-): Promise<{ entryPoint: string; source: string }> {
+): Promise<{ entryPoint: string; source: string; workflows: WorkflowDeployMetadata[] }> {
   const deployPackage = await createHostedDeployPackage(args);
 
   try {
@@ -1001,6 +1099,7 @@ export async function buildHostedDeployTarball(
     return {
       entryPoint: deployPackage.entryPoint,
       source: readFileSync(tarPath).toString("base64"),
+      workflows: deployPackage.workflows,
     };
   } finally {
     deployPackage.cleanup();

package/src/cli/core/profiles.ts

@@ -0,0 +1,53 @@
+import { existsSync, readFileSync } from "node:fs";
+import { mkdir, writeFile } from "node:fs/promises";
+import { dirname, join } from "node:path";
+import { PROFILES_DIR } from "./context.js";
+import type { AuthProfileStorageState } from "../../shared/workflow/auth-profile-state.js";
+import { normalizeProfileName } from "../../shared/workflow/auth-profile-name.js";
+
+export { normalizeProfileName } from "../../shared/workflow/auth-profile-name.js";
+
+export function getProfilePath(profileName: string): string {
+  return join(PROFILES_DIR, `${normalizeProfileName(profileName)}.json`);
+}
+
+export function hasProfile(profileName: string): boolean {
+  return existsSync(getProfilePath(profileName));
+}
+
+export function readProfile(profileName: string): AuthProfileStorageState {
+  const profilePath = getProfilePath(profileName);
+  const parsed = JSON.parse(readFileSync(profilePath, "utf8")) as unknown;
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+    throw new Error(`Saved auth profile "${profileName}" is not a JSON object.`);
+  }
+  return parsed as AuthProfileStorageState;
+}
+
+export async function writeProfile(
+  profileName: string,
+  profile: AuthProfileStorageState,
+): Promise<string> {
+  const profilePath = getProfilePath(profileName);
+  await mkdir(dirname(profilePath), { recursive: true });
+  await writeFile(profilePath, JSON.stringify(profile, null, 2), "utf8");
+  return profilePath;
+}
+
+export function formatMissingLocalAuthProfileMessage(args: {
+  profileName: string;
+  profilePath: string;
+  session: string;
+}): string {
+  return [
+    `Local auth profile not found: "${args.profileName}".`,
+    `Expected profile file: ${args.profilePath}`,
+    "To create it locally:",
+    `  1. libretto open <site-url> --headed --session ${args.session}`,
+    "  2. Log in manually in the browser window.",
+    `  3. libretto save ${args.profileName} --session ${args.session} --sites <site>`,
+    "Or import site-scoped state from Chrome with:",
+    `  libretto import-chrome-profiles ${args.profileName} --cdp-url <url> --sites <site>`,
+    "Local profile files are not uploaded to cloud profiles.",
+  ].join("\n");
+}

package/src/cli/core/prompt.ts

@@ -26,6 +26,21 @@ export async function prompt(
   }
 }
 
+export async function promptConfirm(
+  question: string,
+  opts: { defaultValue?: boolean } = {},
+): Promise<boolean> {
+  const defaultValue = opts.defaultValue ?? false;
+  if (!stdin.isTTY) return defaultValue;
+
+  const suffix = defaultValue ? "[Y/n]" : "[y/N]";
+  const answer = (await prompt(`${question} ${suffix}`)).trim().toLowerCase();
+
+  if (answer.length === 0) return defaultValue;
+
+  return answer === "y" || answer === "yes";
+}
+
 const CTRL_C = "";
 const CR = "\r";
 const LF = "\n";

package/src/cli/core/providers/libretto-cloud.ts

@@ -23,7 +23,7 @@ export function createLibrettoCloudProvider(): ProviderApi {
   // The Libretto Cloud API is an oRPC RPCHandler, not plain REST, so inputs
   // must be wrapped as { json: ... } and outputs arrive the same way.
   return {
-    async createSession() {
+    async createSession(options) {
       const browserSessionTimeoutSeconds = readPositiveNumberEnv(
         "LIBRETTO_TIMEOUT_SECONDS",
         DEFAULT_BROWSER_SESSION_TIMEOUT_SECONDS,
@@ -35,7 +35,11 @@ export function createLibrettoCloudProvider(): ProviderApi {
           "Content-Type": "application/json",
         },
         body: JSON.stringify({
-          json: { timeout_seconds: browserSessionTimeoutSeconds },
+          json: {
+            timeout_seconds: browserSessionTimeoutSeconds,
+            profile_name: options?.authProfileName,
+            profile_persist: options?.authProfilePersist,
+          },
         }),
       });
       if (!resp.ok) {

package/src/cli/core/providers/types.ts

@@ -18,6 +18,9 @@ export type ProviderCloseResult = {
 };
 
 export type ProviderApi = {
-  createSession(): Promise<ProviderSession>;
+  createSession(options?: {
+    authProfileName?: string;
+    authProfilePersist?: boolean;
+  }): Promise<ProviderSession>;
   closeSession(sessionId: string): Promise<ProviderCloseResult>;
 };