libretto 0.6.8 → 0.6.10

package/src/cli/core/exec-compiler.ts

@@ -0,0 +1,169 @@
+/**
+ * Shared exec compilation utilities.
+ *
+ * Used by both the daemon (daemon/exec.ts) and the connect-based
+ * session path (execution.ts) to compile user-provided code strings
+ * into callable async functions.
+ */
+
+import * as moduleBuiltin from "node:module";
+
+export type ExecFunction = (...args: unknown[]) => Promise<unknown>;
+
+type StripTypeScriptTypesFn = (
+  code: string,
+  options?: { mode?: "strip" | "transform" },
+) => string;
+
+const stripTypeScriptTypes = (
+  moduleBuiltin as { stripTypeScriptTypes?: StripTypeScriptTypesFn }
+).stripTypeScriptTypes;
+
+export function withSuppressedStripTypeScriptWarning<T>(action: () => T): T {
+  type EmitWarningFn = (...args: unknown[]) => void;
+  const mutableProcess = process as unknown as { emitWarning: EmitWarningFn };
+  const originalEmitWarning = mutableProcess.emitWarning;
+
+  mutableProcess.emitWarning = (...args: unknown[]) => {
+    const warning = args[0];
+    const typeOrOptions = args[1];
+    const warningMessage =
+      typeof warning === "string"
+        ? warning
+        : warning instanceof Error
+          ? warning.message
+          : "";
+    const warningType =
+      typeof typeOrOptions === "string"
+        ? typeOrOptions
+        : typeof typeOrOptions === "object" &&
+            typeOrOptions !== null &&
+            "type" in typeOrOptions &&
+            typeof (typeOrOptions as { type?: unknown }).type === "string"
+          ? ((typeOrOptions as { type?: string }).type ?? "")
+          : "";
+
+    if (
+      warningType === "ExperimentalWarning" &&
+      warningMessage.includes("stripTypeScriptTypes")
+    ) {
+      return;
+    }
+    originalEmitWarning(...args);
+  };
+
+  try {
+    return action();
+  } finally {
+    mutableProcess.emitWarning = originalEmitWarning;
+  }
+}
+
+export function compileTypeScriptExecFunction(
+  code: string,
+  helperNames: string[],
+): ExecFunction | null {
+  if (!stripTypeScriptTypes) return null;
+
+  const wrappedSource = `(async function __librettoExec(${helperNames.join(", ")}) {\n${code}\n})`;
+  const jsSource = withSuppressedStripTypeScriptWarning(() =>
+    stripTypeScriptTypes(wrappedSource, { mode: "strip" }),
+  );
+  const createFunction = new Function(
+    `return ${jsSource}`,
+  ) as () => ExecFunction;
+  return createFunction();
+}
+
+export function compileExecFunction(
+  code: string,
+  helperNames: string[],
+): ExecFunction {
+  const typeStripped = compileTypeScriptExecFunction(code, helperNames);
+  if (typeStripped) return typeStripped;
+
+  const AsyncFunction = Object.getPrototypeOf(async function () {})
+    .constructor as new (...args: string[]) => ExecFunction;
+  return new AsyncFunction(...helperNames, code);
+}
+
+/**
+ * Strip `.catch(() => {})` / `?.catch(() => {})` from executable code,
+ * skipping occurrences inside string literals (single, double, backtick)
+ * and single-line / multi-line comments so we never corrupt non-code text.
+ */
+export function stripEmptyCatchHandlers(code: string): {
+  cleaned: string;
+  strippedCount: number;
+} {
+  const catchRe = /\??\s*\.catch\(\s*\(\)\s*=>\s*\{\s*\}\s*\)/g;
+  let strippedCount = 0;
+  let result = "";
+  let i = 0;
+
+  while (i < code.length) {
+    // Single-line comment
+    if (code[i] === "/" && code[i + 1] === "/") {
+      const end = code.indexOf("\n", i);
+      const slice = end === -1 ? code.slice(i) : code.slice(i, end + 1);
+      result += slice;
+      i += slice.length;
+      continue;
+    }
+    // Multi-line comment
+    if (code[i] === "/" && code[i + 1] === "*") {
+      const end = code.indexOf("*/", i + 2);
+      const slice = end === -1 ? code.slice(i) : code.slice(i, end + 2);
+      result += slice;
+      i += slice.length;
+      continue;
+    }
+    // String literals
+    if (code[i] === '"' || code[i] === "'" || code[i] === "`") {
+      const quote = code[i];
+      let j = i + 1;
+      while (j < code.length) {
+        if (code[j] === "\\" && quote !== "`") {
+          j += 2;
+          continue;
+        }
+        if (code[j] === "\\" && quote === "`") {
+          j += 2;
+          continue;
+        }
+        if (code[j] === quote) {
+          j++;
+          break;
+        }
+        // Template literal interpolation — skip nested braces
+        if (quote === "`" && code[j] === "$" && code[j + 1] === "{") {
+          let depth = 1;
+          j += 2;
+          while (j < code.length && depth > 0) {
+            if (code[j] === "{") depth++;
+            else if (code[j] === "}") depth--;
+            j++;
+          }
+          continue;
+        }
+        j++;
+      }
+      result += code.slice(i, j);
+      i = j;
+      continue;
+    }
+    // Try to match the catch pattern at the current position
+    catchRe.lastIndex = i;
+    const match = catchRe.exec(code);
+    if (match && match.index === i) {
+      strippedCount++;
+      i += match[0].length;
+      continue;
+    }
+    // Regular character
+    result += code[i];
+    i++;
+  }
+
+  return { cleaned: result, strippedCount };
+}

package/src/cli/core/prompt.ts

@@ -0,0 +1,94 @@
+/**
+ * Minimal interactive prompts for the auth CLI commands. Uses node:readline
+ * for normal input and a raw-mode terminal for password entry so the
+ * password is masked as the user types.
+ */
+
+import { createInterface } from "node:readline/promises";
+import { stdin, stdout } from "node:process";
+
+export async function prompt(
+  question: string,
+  opts: { defaultValue?: string } = {},
+): Promise<string> {
+  const rl = createInterface({ input: stdin, output: stdout });
+  try {
+    const display = opts.defaultValue
+      ? `${question} (${opts.defaultValue}) `
+      : `${question} `;
+    const answer = (await rl.question(display)).trim();
+    if (answer.length === 0 && opts.defaultValue !== undefined) {
+      return opts.defaultValue;
+    }
+    return answer;
+  } finally {
+    rl.close();
+  }
+}
+
+const CTRL_C = "";
+const CR = "\r";
+const LF = "\n";
+const BACKSPACE = "";
+const DELETE = "";
+
+export async function promptPassword(question: string): Promise<string> {
+  if (!stdin.isTTY) {
+    // Non-interactive (piped input) — fall back to plain readline so
+    // scripted tests still work; the password just won't be masked.
+    return prompt(question);
+  }
+
+  process.stdout.write(`${question} `);
+
+  return new Promise<string>((resolve, reject) => {
+    let buffer = "";
+    const wasRaw = stdin.isRaw;
+    stdin.setRawMode(true);
+    stdin.resume();
+    stdin.setEncoding("utf8");
+
+    const cleanup = (): void => {
+      stdin.setRawMode(wasRaw);
+      stdin.pause();
+      stdin.removeListener("data", onData);
+      process.stdout.write("\n");
+    };
+
+    const onData = (chunk: string): void => {
+      for (const ch of chunk) {
+        if (ch === LF || ch === CR) {
+          cleanup();
+          resolve(buffer);
+          return;
+        }
+        if (ch === CTRL_C) {
+          cleanup();
+          reject(new Error("Aborted."));
+          return;
+        }
+        if (ch === BACKSPACE || ch === DELETE) {
+          if (buffer.length > 0) {
+            buffer = buffer.slice(0, -1);
+            process.stdout.write("\b \b");
+          }
+          continue;
+        }
+        // Skip other control bytes (escape sequences from arrow keys, etc).
+        if (ch.charCodeAt(0) < 0x20) continue;
+        buffer += ch;
+        process.stdout.write("*");
+      }
+    };
+
+    stdin.on("data", onData);
+  });
+}
+
+export function slugify(name: string): string {
+  return name
+    .trim()
+    .toLowerCase()
+    .replace(/[^a-z0-9]+/g, "-")
+    .replace(/^-+|-+$/g, "");
+}

package/src/cli/core/providers/browserbase.ts

@@ -52,6 +52,7 @@ export function createBrowserbaseProvider(): ProviderApi {
           `Browserbase API error closing session ${sessionId} (${resp.status}): ${body}`,
         );
       }
+      return {};
     },
   };
 }

package/src/cli/core/providers/kernel.ts

@@ -44,6 +44,7 @@ export function createKernelProvider(): ProviderApi {
           `Kernel API error closing session ${sessionId} (${resp.status}): ${body}`,
         );
       }
+      return {};
     },
   };
 }

package/src/cli/core/providers/libretto-cloud.ts

@@ -1,3 +1,4 @@
+import { HOSTED_API_URL } from "../auth-fetch.js";
 import type { ProviderApi } from "./types.js";
 
 export function createLibrettoCloudProvider(): ProviderApi {
@@ -6,12 +7,7 @@ export function createLibrettoCloudProvider(): ProviderApi {
     throw new Error(
       "LIBRETTO_API_KEY is required for the Libretto Cloud provider.",
     );
-  const apiUrl = process.env.LIBRETTO_API_URL;
-  if (!apiUrl)
-    throw new Error(
-      "LIBRETTO_API_URL is required for the Libretto Cloud provider.",
-    );
-  const endpoint = apiUrl.replace(/\/$/, "");
+  const endpoint = HOSTED_API_URL;
 
   // The Libretto Cloud API is an oRPC RPCHandler, not plain REST, so inputs
   // must be wrapped as { json: ... } and outputs arrive the same way.
@@ -37,11 +33,17 @@ export function createLibrettoCloudProvider(): ProviderApi {
         );
       }
       const { json } = (await resp.json()) as {
-        json: { session_id: string; cdp_url: string };
+        json: {
+          session_id: string;
+          cdp_url: string;
+          live_view_url: string | null;
+          recording_url: string | null;
+        };
       };
       return {
         sessionId: json.session_id,
         cdpEndpoint: json.cdp_url,
+        liveViewUrl: json.live_view_url ?? undefined,
       };
     },
     async closeSession(sessionId) {
@@ -59,6 +61,10 @@ export function createLibrettoCloudProvider(): ProviderApi {
           `Libretto Cloud API error closing session ${sessionId} (${resp.status}): ${body}`,
         );
       }
+      const { json } = (await resp.json()) as {
+        json: { replay_url: string | null };
+      };
+      return { replayUrl: json.replay_url ?? undefined };
     },
   };
 }

package/src/cli/core/providers/types.ts

@@ -1,9 +1,20 @@
 export type ProviderSession = {
   sessionId: string; // remote session id for cleanup
   cdpEndpoint: string; // CDP WebSocket URL
+  // Provider-hosted URL for watching the session live while it's running.
+  // Only libretto-cloud surfaces this today; direct-SDK providers leave it
+  // undefined.
+  liveViewUrl?: string;
+};
+
+export type ProviderCloseResult = {
+  // Provider-hosted URL for playback of the session recording, surfaced on
+  // successful close. Undefined when the provider didn't capture a
+  // recording or doesn't return one on close.
+  replayUrl?: string;
 };
 
 export type ProviderApi = {
   createSession(): Promise<ProviderSession>;
-  closeSession(sessionId: string): Promise<void>;
+  closeSession(sessionId: string): Promise<ProviderCloseResult>;
 };

package/src/cli/core/readonly-exec.ts

@@ -68,6 +68,7 @@ const LOCATOR_ALLOWED_PROPERTIES = new Set<string>([]);
 
 type ReadonlyExecOptions = {
   onActivity?: () => void;
+  console?: Console;
 };
 
 const readonlyPageCache = new WeakMap<Page, Page>();
@@ -273,7 +274,7 @@ export function createReadonlyExecHelpers(
         "fetch is blocked in readonly-exec; use get() instead",
       );
     },
-    console,
+    console: options.console ?? console,
     setTimeout,
     setInterval,
     clearTimeout,

package/src/cli/router.ts

@@ -1,4 +1,6 @@
 import { aiCommands } from "./commands/ai.js";
+import { authCommands } from "./commands/auth.js";
+import { billingCommands } from "./commands/billing.js";
 import { browserCommands } from "./commands/browser.js";
 import { deployCommand } from "./commands/deploy.js";
 import { executionCommands } from "./commands/execution.js";
@@ -12,6 +14,8 @@ export const cliRoutes = {
   deploy: deployCommand,
   ...executionCommands,
   ai: aiCommands,
+  auth: authCommands,
+  billing: billingCommands,
   setup: setupCommand,
   status: statusCommand,
   snapshot: snapshotCommand,

package/src/cli/workers/run-integration-runtime.ts

@@ -4,7 +4,6 @@ import { mkdir, writeFile } from "node:fs/promises";
 import { cwd } from "node:process";
 import { isAbsolute, resolve } from "node:path";
 import { pathToFileURL } from "node:url";
-import { loadEnv } from "../../shared/env/load-env.js";
 import {
   getDefaultWorkflowFromModuleExports,
   getWorkflowsFromModuleExports,
@@ -196,11 +195,6 @@ async function runIntegrationInternal(
   const { logger } = options;
   const absolutePath = getAbsoluteIntegrationPath(args.integrationPath);
 
-  const envPath = loadEnv();
-  if (envPath) {
-    logger.info("loaded-env", { path: envPath });
-  }
-
   const workflow = await loadDefaultWorkflow(absolutePath);
   const signalPaths = getPauseSignalPaths(args.session);
   await removeSignalIfExists(signalPaths.pausedSignalPath);

package/src/shared/state/session-state.ts

@@ -32,6 +32,7 @@ export const SessionStateFileSchema = z.object({
   mode: SessionAccessModeSchema.default("write-access"),
   viewport: SessionViewportSchema.optional(),
   provider: ProviderStateSchema.optional(),
+  daemonSocketPath: z.string().optional(),
 });
 
 export type SessionStatus = z.infer<typeof SessionStatusSchema>;

package/dist/cli/core/browser-daemon.js

@@ -1,122 +0,0 @@
-import { chromium } from "playwright";
-import { mkdir, unlink } from "node:fs/promises";
-import { appendFileSync } from "node:fs";
-import { installSessionTelemetry } from "./session-telemetry.js";
-import {
-  getSessionDir,
-  getSessionLogsPath,
-  getSessionNetworkLogPath,
-  getSessionActionsLogPath,
-  getSessionStatePath
-} from "./context.js";
-const config = JSON.parse(process.argv[2]);
-const sessionDir = getSessionDir(config.session);
-await mkdir(sessionDir, { recursive: true });
-const logFile = getSessionLogsPath(config.session);
-const networkLogFile = getSessionNetworkLogPath(config.session);
-const actionsLogFile = getSessionActionsLogPath(config.session);
-function childLog(level, event, data = {}) {
-  const entry = JSON.stringify({
-    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-    id: Math.random().toString(36).slice(2, 10),
-    level,
-    scope: "libretto.child",
-    event,
-    data
-  });
-  appendFileSync(logFile, entry + "\n");
-}
-function logAction(entry) {
-  appendFileSync(actionsLogFile, JSON.stringify(entry) + "\n");
-}
-function logNetwork(entry) {
-  appendFileSync(networkLogFile, JSON.stringify(entry) + "\n");
-}
-const windowPositionArg = config.windowPosition ? `--window-position=${config.windowPosition.x},${config.windowPosition.y}` : void 0;
-const launchArgs = [
-  "--disable-blink-features=AutomationControlled",
-  `--remote-debugging-port=${config.port}`,
-  "--remote-debugging-address=127.0.0.1",
-  "--no-focus-on-check",
-  ...windowPositionArg ? [windowPositionArg] : []
-];
-const browser = await chromium.launch({
-  headless: !config.headed,
-  args: launchArgs
-});
-async function cleanupSessionState() {
-  const sessionStatePath = getSessionStatePath(config.session);
-  try {
-    await unlink(sessionStatePath);
-  } catch (err) {
-    if (err.code !== "ENOENT") throw err;
-  }
-}
-let shuttingDown = false;
-let wakeDaemon;
-const sleepPromise = new Promise((resolve) => {
-  wakeDaemon = resolve;
-});
-async function shutdown(reason, closeBrowser) {
-  if (shuttingDown) return;
-  shuttingDown = true;
-  try {
-    childLog("info", reason, { port: config.port });
-    await cleanupSessionState();
-    if (closeBrowser) await browser.close();
-  } finally {
-    wakeDaemon();
-  }
-}
-browser.on("disconnected", () => {
-  void shutdown("browser-disconnected-exiting", false);
-});
-const context = await browser.newContext({
-  ...config.storageStatePath ? { storageState: config.storageStatePath } : {},
-  viewport: {
-    width: config.viewport.width,
-    height: config.viewport.height
-  },
-  userAgent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
-});
-const page = await context.newPage();
-page.setDefaultTimeout(3e4);
-page.setDefaultNavigationTimeout(45e3);
-await installSessionTelemetry({
-  context,
-  initialPage: page,
-  includeUserDomActions: true,
-  logAction,
-  logNetwork
-});
-await page.goto(config.url);
-process.on("SIGTERM", () => {
-  void shutdown("child-sigterm", true);
-});
-process.on("SIGINT", () => {
-  void shutdown("child-sigint", true);
-});
-process.on("uncaughtException", (err) => {
-  childLog("error", "uncaught-exception", {
-    message: err.message,
-    stack: err.stack
-  });
-  process.exit(1);
-});
-process.on("unhandledRejection", (reason) => {
-  childLog("warn", "unhandled-rejection", { reason: String(reason) });
-});
-process.on("exit", (code) => {
-  childLog("info", "child-exit", {
-    code,
-    pid: process.pid,
-    port: config.port
-  });
-});
-childLog("info", "child-launched", {
-  port: config.port,
-  pid: process.pid,
-  session: config.session
-});
-await sleepPromise;
-process.exit(0);