libretto 0.6.31 → 0.6.33

package/src/cli/commands/profiles.ts

@@ -1,7 +1,8 @@
 import { z } from "zod";
 import { SimpleCLI } from "affordance";
-import { orpcCall, resolveApiUrl } from "../core/auth-fetch.js";
+import { orpcCall } from "../core/auth-fetch.js";
 import { normalizeProfileName } from "../core/profiles.js";
+import { withCloudApiKey } from "./shared.js";
 
 type ListProfilesResponse = {
   profiles: Array<{
@@ -17,30 +18,17 @@ type DeleteProfileResponse = {
   deleted_count: number;
 };
 
-function requireApiKeyCredential() {
-  const apiKey = process.env.LIBRETTO_API_KEY?.trim();
-  if (!apiKey) {
-    throw new Error(
-      "LIBRETTO_API_KEY is required to manage Libretto Cloud profiles. Issue one with `libretto cloud auth api-key issue --label <label>`.",
-    );
-  }
-  return {
-    apiUrl: resolveApiUrl(null),
-    credential: { source: "env-api-key" as const, apiKey },
-  };
-}
-
 export const listProfilesCommand = SimpleCLI.command({
   description: "List Libretto Cloud auth profiles",
 })
   .input(SimpleCLI.input({ positionals: [], named: {} }))
-  .handle(async () => {
-    const { apiUrl, credential } = requireApiKeyCredential();
+  .use(withCloudApiKey("manage Libretto Cloud profiles"))
+  .handle(async ({ ctx }) => {
     const response = await orpcCall<ListProfilesResponse>({
-      apiUrl,
+      apiUrl: ctx.apiUrl,
       path: "/v1/browserProfiles/list",
       input: {},
-      credential,
+      credential: ctx.credential,
     });
     if (response.profiles.length === 0) {
       console.log("No cloud profiles found.");
@@ -65,14 +53,14 @@ export const deleteProfileCommand = SimpleCLI.command({
     ],
     named: {},
   }))
-  .handle(async ({ input }) => {
+  .use(withCloudApiKey("manage Libretto Cloud profiles"))
+  .handle(async ({ input, ctx }) => {
     const profileName = normalizeProfileName(input.profileName);
-    const { apiUrl, credential } = requireApiKeyCredential();
     const response = await orpcCall<DeleteProfileResponse>({
-      apiUrl,
+      apiUrl: ctx.apiUrl,
       path: "/v1/browserProfiles/delete",
       input: { name: profileName },
-      credential,
+      credential: ctx.credential,
     });
     if (!response.success || response.deleted_count === 0) {
       console.log(`No cloud profile found for ${profileName}.`);

package/src/cli/commands/shared.ts

@@ -9,6 +9,7 @@ import {
   type SessionState,
   validateSessionName,
 } from "../core/session.js";
+import { resolveApiUrl } from "../core/auth-fetch.js";
 import {
   SimpleCLI,
   type SimpleCLIContext,
@@ -40,6 +41,11 @@ export type ExperimentsContext = {
   experiments: Experiments;
 };
 
+export type CloudApiKeyContext = {
+  apiUrl: string;
+  credential: { source: "env-api-key"; apiKey: string };
+};
+
 export function withExperiments<
   TContext extends SimpleCLIContext,
 >(): SimpleCLIMiddleware<unknown, TContext, TContext & ExperimentsContext> {
@@ -49,6 +55,29 @@ export function withExperiments<
   });
 }
 
+export function withCloudApiKey<
+  TContext extends SimpleCLIContext,
+>(
+  action: string,
+  formatMissingMessage?: () => string | Promise<string>,
+): SimpleCLIMiddleware<unknown, TContext, TContext & CloudApiKeyContext> {
+  return async ({ ctx }) => {
+    const apiKey = process.env.LIBRETTO_API_KEY?.trim();
+    if (!apiKey) {
+      throw new Error(
+        formatMissingMessage
+          ? await formatMissingMessage()
+          : `LIBRETTO_API_KEY is required to ${action}. Issue one with \`libretto cloud auth api-key issue --label <label>\`.`,
+      );
+    }
+    return {
+      ...ctx,
+      apiUrl: resolveApiUrl(null),
+      credential: { source: "env-api-key", apiKey },
+    };
+  };
+}
+
 export function withRequiredSession(): SimpleCLIMiddleware<
   { session?: string },
   {},

package/src/cli/core/browser.ts

@@ -529,6 +529,7 @@ export async function runOpen(
 export async function runOpenWithProvider(
   rawUrl: string,
   providerName: string,
+  headless: boolean,
   session: string,
   logger: LoggerApi,
   accessMode: SessionAccessMode,
@@ -557,6 +558,7 @@ export async function runOpenWithProvider(
       browser: {
         kind: "provider",
         providerName,
+        headless,
         initialUrl: url,
       },
     },

package/src/cli/core/daemon/config.ts

@@ -39,6 +39,7 @@ export type DaemonBrowserConnectConfig = {
 export type DaemonBrowserProviderConfig = {
   kind: "provider";
   providerName: string;
+  headless?: boolean;
   initialUrl?: string;
   authProfileName?: string;
   authProfilePersist?: boolean;

package/src/cli/core/daemon/daemon.ts

@@ -479,6 +479,7 @@ class BrowserDaemon {
       providerSession = await provider.createSession({
         authProfileName: config.authProfileName,
         authProfilePersist: config.authProfilePersist,
+        headless: config.headless,
       });
       const browser = await chromium.connectOverCDP(
         providerSession.cdpEndpoint,

package/src/cli/core/daemon/ipc.ts

@@ -2,7 +2,7 @@ import { createHash } from "node:crypto";
 import type { ChildProcess } from "node:child_process";
 import { spawn } from "node:child_process";
 import { openSync, closeSync } from "node:fs";
-import { createRequire } from "node:module";
+import * as moduleBuiltin from "node:module";
 import { homedir, userInfo } from "node:os";
 import { fileURLToPath } from "node:url";
 import { createIpcPeer, type IpcPeer } from "../../../shared/ipc/ipc.js";
@@ -246,25 +246,34 @@ export class DaemonClient {
     const daemonEntryPath = fileURLToPath(
       new URL("./daemon.js", import.meta.url),
     );
-    const require = createRequire(import.meta.url);
-    const tsxCliPath = require.resolve("tsx/cli");
+    const childArgs = [daemonEntryPath, JSON.stringify(config)];
+    const childEnv: NodeJS.ProcessEnv = { ...process.env };
+
+    if (config.workflow) {
+      const tsxPreflightPath = fileURLToPath(
+        import.meta.resolve("tsx/preflight"),
+      );
+      const tsxLoaderFlag =
+        typeof moduleBuiltin.register === "function" ? "--import" : "--loader";
+
+      childArgs.unshift(
+        "--require",
+        tsxPreflightPath,
+        tsxLoaderFlag,
+        import.meta.resolve("tsx"),
+      );
+
+      if (config.workflow.tsconfigPath) {
+        childEnv.TSX_TSCONFIG_PATH = config.workflow.tsconfigPath;
+      }
+    }
 
     const childStderrFd = openSync(logPath, "a");
-    const child = spawn(
-      process.execPath,
-      [
-        tsxCliPath,
-        ...(config.workflow?.tsconfigPath
-          ? ["--tsconfig", config.workflow.tsconfigPath]
-          : []),
-        daemonEntryPath,
-        JSON.stringify(config),
-      ],
-      {
-        detached: true,
-        stdio: ["ignore", "ignore", childStderrFd, "ipc"],
-      },
-    );
+    const child = spawn(process.execPath, childArgs, {
+      detached: true,
+      stdio: ["ignore", "ignore", childStderrFd, "ipc"],
+      env: childEnv,
+    });
     closeSync(childStderrFd);
 
     const pid = child.pid!;

package/src/cli/core/deploy-artifact.ts

@@ -22,6 +22,10 @@ import {
   LIBRETTO_WORKFLOW_BRAND,
 } from "../../shared/workflow/workflow.js";
 import { normalizeCredentialNames } from "../../shared/workflow/credentials.js";
+import {
+  ViewportConfigSchema,
+  type ViewportConfig,
+} from "./config.js";
 
 type PackageManifest = {
   name?: string;
@@ -57,6 +61,9 @@ export type WorkflowDeployMetadata = {
   credentialNames: string[];
   authProfileName?: string;
   authProfileRefresh?: boolean;
+  startUrl?: string;
+  gpu?: boolean;
+  viewport?: ViewportConfig;
   sourceFile?: string;
   sourceFiles?: string[];
 };
@@ -825,6 +832,7 @@ function createDiscoveryLibrettoModule(
         name,
         ...extractDiscoveryCredentialMetadata(definitionOrHandler),
         ...extractDiscoveryAuthProfileMetadata(definitionOrHandler),
+        ...extractDiscoveryLaunchMetadata(definitionOrHandler),
       });
       return {
         [LIBRETTO_WORKFLOW_BRAND]: true,
@@ -849,6 +857,46 @@ function createDiscoveryLibrettoModule(
   });
 }
 
+function extractDiscoveryLaunchMetadata(
+  definitionOrHandler: unknown,
+): Omit<
+  WorkflowDeployMetadata,
+  "name" | "credentialNames" | "authProfileName" | "authProfileRefresh"
+> {
+  if (!definitionOrHandler || typeof definitionOrHandler !== "object") {
+    return {};
+  }
+
+  const record = definitionOrHandler as {
+    startUrl?: unknown;
+    gpu?: unknown;
+    viewport?: unknown;
+  };
+  const metadata: Omit<
+    WorkflowDeployMetadata,
+    "name" | "credentialNames" | "authProfileName" | "authProfileRefresh"
+  > = {};
+
+  if (typeof record.startUrl === "string") {
+    metadata.startUrl = record.startUrl;
+  }
+  if (typeof record.gpu === "boolean") {
+    metadata.gpu = record.gpu;
+  }
+  if (
+    record.viewport &&
+    typeof record.viewport === "object" &&
+    !Array.isArray(record.viewport)
+  ) {
+    const viewport = ViewportConfigSchema.safeParse(record.viewport);
+    if (viewport.success) {
+      metadata.viewport = viewport.data;
+    }
+  }
+
+  return metadata;
+}
+
 function extractDiscoveryCredentialMetadata(
   definitionOrHandler: unknown,
 ): Pick<WorkflowDeployMetadata, "credentialNames"> {
@@ -982,6 +1030,9 @@ function createBootstrapSource(args: {
           credentialNames: workflow.credentialNames,
           authProfileName: workflow.authProfileName,
           authProfileRefresh: workflow.authProfileRefresh,
+          startUrl: workflow.startUrl,
+          gpu: workflow.gpu,
+          viewport: workflow.viewport,
         })});`,
     )
     .join("\n");
@@ -1069,23 +1120,21 @@ function createWorkflowProxy(workflowName, metadata) {
     return await target.run(ctx, input);
   };
 
-  if (!metadata?.authProfileName) {
-    return workflow(workflowName, {
-      credentials: Array.isArray(metadata?.credentialNames)
-        ? metadata.credentialNames
-        : [],
-      handler,
-    });
-  }
-
   return workflow(workflowName, {
-    credentials: Array.isArray(metadata.credentialNames)
+    credentials: Array.isArray(metadata?.credentialNames)
       ? metadata.credentialNames
       : [],
-    authProfile: {
-      name: metadata.authProfileName,
-      ...(typeof metadata.authProfileRefresh === "boolean" ? { refresh: metadata.authProfileRefresh } : {}),
-    },
+    ...(metadata?.authProfileName
+      ? {
+          authProfile: {
+            name: metadata.authProfileName,
+            ...(typeof metadata.authProfileRefresh === "boolean" ? { refresh: metadata.authProfileRefresh } : {}),
+          },
+        }
+      : {}),
+    ...(typeof metadata?.startUrl === "string" ? { startUrl: metadata.startUrl } : {}),
+    ...(typeof metadata?.gpu === "boolean" ? { gpu: metadata.gpu } : {}),
+    ...(metadata?.viewport ? { viewport: metadata.viewport } : {}),
     handler,
   });
 }

package/src/cli/core/providers/kernel.ts

@@ -99,7 +99,8 @@ export function createKernelProvider(
   >();
 
   return {
-    async createSession() {
+    async createSession(sessionOptions) {
+      const sessionHeadless = sessionOptions?.headless ?? headless;
       const json = await kernelFetchJson<KernelBrowserResponse>(
         endpoint,
         apiKey,
@@ -107,7 +108,7 @@ export function createKernelProvider(
         {
           method: "POST",
           body: JSON.stringify({
-            headless,
+            headless: sessionHeadless,
             stealth,
             timeout_seconds: timeoutSeconds,
           }),

package/src/cli/core/providers/libretto-cloud.ts

@@ -39,6 +39,7 @@ export function createLibrettoCloudProvider(): ProviderApi {
             timeout_seconds: browserSessionTimeoutSeconds,
             profile_name: options?.authProfileName,
             profile_persist: options?.authProfilePersist,
+            headless: options?.headless,
           },
         }),
       });

package/src/cli/core/providers/types.ts

@@ -21,6 +21,7 @@ export type ProviderApi = {
   createSession(options?: {
     authProfileName?: string;
     authProfilePersist?: boolean;
+    headless?: boolean;
   }): Promise<ProviderSession>;
   closeSession(sessionId: string): Promise<ProviderCloseResult>;
 };

package/src/cli/core/telemetry.ts

@@ -6,6 +6,7 @@ import { basename, dirname, join } from "node:path";
 import { fileURLToPath } from "node:url";
 import type { SimpleCLICommandMeta, SimpleCLIMiddleware } from "affordance";
 import { resolveHostedApiUrl } from "./auth-fetch.js";
+import { readAuthState } from "./auth-storage.js";
 
 const TELEMETRY_FILE_NAME = "telemetry.json";
 const TELEMETRY_ENDPOINT_PATH = "/v1/telemetry/recordCliEvent";
@@ -25,6 +26,7 @@ type CliTelemetryPayload = {
   error: boolean;
   packageVersion: string;
   buildChannel: BuildChannel;
+  cloudUserId?: string;
 };
 
 type PackageJson = {
@@ -109,7 +111,7 @@ function writeTelemetryNotice(): void {
   if (!process.stderr.isTTY) return;
   process.stderr.write(
     [
-      "Libretto collects anonymous CLI telemetry: install id, timestamp, command event, error status, package version, and build channel only.",
+      "Libretto collects CLI telemetry: install id, timestamp, command event, error status, package version, build channel, and signed-in cloud user id only.",
       "Set LIBRETTO_TELEMETRY_DISABLED=1 or DO_NOT_TRACK=1 to disable it, or set enabled:false in ~/.libretto/telemetry.json.",
     ].join(" ") + "\n",
   );
@@ -130,6 +132,7 @@ async function recordCliTelemetryEvent(
   if (isTelemetryDisabled()) return;
   const installId = await readOrCreateInstallId();
   if (!installId) return;
+  const cloudUserId = await readConfiguredCloudUserId();
 
   await sendWithTimeout({
     installId,
@@ -138,9 +141,20 @@ async function recordCliTelemetryEvent(
     error,
     packageVersion,
     buildChannel,
+    ...(cloudUserId ? { cloudUserId } : {}),
   });
 }
 
+async function readConfiguredCloudUserId(): Promise<string | null> {
+  try {
+    const state = await readAuthState();
+    const cloudUserId = state?.session?.userId;
+    return cloudUserId && cloudUserId.length > 0 ? cloudUserId : null;
+  } catch {
+    return null;
+  }
+}
+
 async function sendWithTimeout(payload: CliTelemetryPayload): Promise<void> {
   const controller = new AbortController();
   const timeout = setTimeout(() => controller.abort(), TELEMETRY_TIMEOUT_MS);

package/src/cli/router.ts

@@ -2,6 +2,9 @@ import { authCommands } from "./commands/auth.js";
 import { billingCommands } from "./commands/billing.js";
 import { browserCommands } from "./commands/browser.js";
 import { cloudCredentialCommands } from "./commands/cloud-credentials.js";
+import { cloudJobCommands } from "./commands/cloud-jobs.js";
+import { cloudScheduleCommands } from "./commands/cloud-schedules.js";
+import { settingsCommands } from "./commands/cloud-settings.js";
 import { codeSharingCommands, shareWorkflowCommand } from "./commands/cloud-sharing.js";
 import { deployCommand } from "./commands/deploy.js";
 import { executionCommands } from "./commands/execution.js";
@@ -25,7 +28,10 @@ export const cliRoutes = {
       auth: authCommands,
       billing: billingCommands,
       credentials: cloudCredentialCommands,
+      jobs: cloudJobCommands,
       profiles: profileCommands,
+      schedules: cloudScheduleCommands,
+      settings: settingsCommands,
       share: shareWorkflowCommand,
       sharing: codeSharingCommands,
     },

package/src/index.ts

@@ -128,6 +128,7 @@ export {
   workflow,
   type ExportedLibrettoWorkflow,
   type LibrettoWorkflowContext,
+  type LibrettoWorkflowDefinition,
   type LibrettoWorkflowHandler,
   type LibrettoWorkflowOptions,
   type WorkflowInputValidator,

package/src/shared/workflow/workflow.ts

@@ -4,6 +4,7 @@ import {
   createRecoveryPage,
   type RecoveryAction,
 } from "../../runtime/recovery/page-fallbacks.js";
+import type { ViewportConfig } from "../../cli/core/config.js";
 import { normalizeProfileName } from "./auth-profile-name.js";
 import {
   mergeCredentialsIntoInput,
@@ -37,6 +38,9 @@ export type LibrettoWorkflowDefinition<
   output?: OutputSchema;
   credentials?: readonly string[];
   authProfile?: LibrettoWorkflowAuthProfile;
+  startUrl?: string;
+  gpu?: boolean;
+  viewport?: ViewportConfig;
   recoveryAction?: RecoveryAction;
 };
 
@@ -155,6 +159,9 @@ export class LibrettoWorkflow<
   public readonly credentialNames: readonly string[];
   public readonly authProfileName?: string;
   public readonly authProfileRefresh?: boolean;
+  public readonly startUrl?: string;
+  public readonly gpu?: boolean;
+  public readonly viewport?: ViewportConfig;
   public readonly recoveryAction?: RecoveryAction;
   private readonly handler: LibrettoWorkflowHandler<
     z.infer<InputSchema>,
@@ -170,6 +177,9 @@ export class LibrettoWorkflow<
           credentialNames?: readonly string[];
           authProfileName?: string;
           authProfileRefresh?: boolean;
+          startUrl?: string;
+          gpu?: boolean;
+          viewport?: ViewportConfig;
           recoveryAction?: RecoveryAction;
         }
       | undefined,
@@ -184,6 +194,9 @@ export class LibrettoWorkflow<
     this.credentialNames = options?.credentialNames ?? [];
     this.authProfileName = options?.authProfileName;
     this.authProfileRefresh = options?.authProfileRefresh;
+    this.startUrl = options?.startUrl;
+    this.gpu = options?.gpu;
+    this.viewport = options?.viewport;
     this.recoveryAction = options?.recoveryAction;
     this.handler = handler;
   }
@@ -218,6 +231,9 @@ export type ExportedLibrettoWorkflow = {
   readonly credentialNames: readonly string[];
   readonly authProfileName?: string;
   readonly authProfileRefresh?: boolean;
+  readonly startUrl?: string;
+  readonly gpu?: boolean;
+  readonly viewport?: ViewportConfig;
   readonly recoveryAction?: RecoveryAction;
   run: (ctx: LibrettoWorkflowContext, input: unknown) => Promise<unknown>;
 };
@@ -322,6 +338,9 @@ function getWorkflowConstructorOptions<
   credentialNames: readonly string[];
   authProfileName?: string;
   authProfileRefresh?: boolean;
+  startUrl?: string;
+  gpu?: boolean;
+  viewport?: ViewportConfig;
   recoveryAction?: RecoveryAction;
 } {
   const authProfile = normalizeWorkflowAuthProfile(options.authProfile);
@@ -331,6 +350,9 @@ function getWorkflowConstructorOptions<
     credentialNames: normalizeCredentialNames(options.credentials),
     authProfileName: authProfile?.name,
     authProfileRefresh: authProfile?.refresh,
+    startUrl: options.startUrl,
+    gpu: options.gpu,
+    viewport: options.viewport,
     recoveryAction: options.recoveryAction,
   };
 }