mpb-localkit 1.3.7 → 1.4.2

package/dist/cli/index.js

@@ -1,9 +1,10 @@
 #!/usr/bin/env node
 import { Command } from 'commander';
 import { createRequire } from 'module';
-import { existsSync, mkdirSync, writeFileSync } from 'fs';
-import { resolve, join } from 'path';
-import { spawnSync, execSync } from 'child_process';
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'fs';
+import { resolve, join, dirname } from 'path';
+import { execSync, spawnSync } from 'child_process';
+import { randomBytes } from 'crypto';
 
 var colors = {
   green: (s) => `\x1B[32m${s}\x1B[0m`,
@@ -21,23 +22,6 @@ var log = {
   bold: (msg) => console.log(colors.bold(msg)),
   dim: (msg) => console.log(colors.dim(msg))
 };
-var CONFIG_CANDIDATES = [
-  "offlinekit.config.ts",
-  "offlinekit.config.js",
-  "offlinekit.schema.ts",
-  "offlinekit.schema.js"
-];
-function findSchemaFile(cwd = process.cwd()) {
-  for (const candidate of CONFIG_CANDIDATES) {
-    const p = resolve(cwd, candidate);
-    if (existsSync(p)) return p;
-  }
-  return null;
-}
-async function loadSchema(filePath) {
-  const mod = await import(filePath);
-  return mod.default ?? mod;
-}
 
 // src/cli/commands/dev.ts
 function registerDev(program2) {
@@ -114,7 +98,7 @@ export async function authMiddleware(c: any, next: () => Promise<void>) {
   const token = header.startsWith('Bearer ') ? header.slice(7) : null
   if (!token) return c.json({ error: 'Unauthorized' }, 401)
   try {
-    const payload = await verify(token, c.env.JWT_SECRET) as { sub: string }
+    const payload = await verify(token, c.env.JWT_SECRET, 'HS256') as { sub: string }
     c.set('userId', payload.sub)
   } catch {
     return c.json({ error: 'Invalid token' }, 401)
@@ -133,7 +117,7 @@ auth.post('/signup', async (c) => {
   const user: StoredUser = { userId, email, passwordHash }
   await c.env.KV.put(AUTH_KEY(email), JSON.stringify(user))
 
-  const token = await sign({ sub: userId, email, exp: Math.floor(Date.now() / 1000) + 60 * 60 * 24 * 30 }, c.env.JWT_SECRET)
+  const token = await sign({ sub: userId, email, exp: Math.floor(Date.now() / 1000) + 60 * 60 * 24 * 30 }, c.env.JWT_SECRET, 'HS256')
   return c.json({ user: { id: userId, email }, token }, 201)
 })
 
@@ -147,7 +131,7 @@ auth.post('/signin', async (c) => {
   const user = JSON.parse(raw) as StoredUser
   if (!timingSafeEqual(user.passwordHash, passwordHash)) return c.json({ error: 'Invalid credentials' }, 401)
 
-  const token = await sign({ sub: user.userId, email, exp: Math.floor(Date.now() / 1000) + 60 * 60 * 24 * 30 }, c.env.JWT_SECRET)
+  const token = await sign({ sub: user.userId, email, exp: Math.floor(Date.now() / 1000) + 60 * 60 * 24 * 30 }, c.env.JWT_SECRET, 'HS256')
   return c.json({ user: { id: user.userId, email }, token })
 })
 
@@ -299,7 +283,7 @@ export class WsSessions {
   private async handle(ws: WebSocket, session: { userId: string | null }, msg: WsMsg): Promise<void> {
     if (msg.type === 'auth') {
       try {
-        const payload = await verify(msg.token ?? '', this.env.JWT_SECRET) as { sub?: string }
+        const payload = await verify(msg.token ?? '', this.env.JWT_SECRET, 'HS256') as { sub?: string }
         if (!payload.sub) throw new Error('Missing sub')
         session.userId = payload.sub
         ws.send(JSON.stringify({ type: 'auth_ack', id: msg.id }))
@@ -440,7 +424,7 @@ export interface StoredSession {
 }
 
 // src/cli/generator/templates/wrangler.ts
-function wranglerTemplate(appName) {
+function wranglerTemplate(appName, kvNamespaceId) {
   const name = appName.toLowerCase().replace(/[^a-z0-9-]/g, "-");
   return `name = "${name}-worker"
 main = "src/index.ts"
@@ -453,7 +437,7 @@ bucket_name = "${name}-storage"
 
 [[kv_namespaces]]
 binding = "KV"
-id = "REPLACE_WITH_KV_NAMESPACE_ID"
+id = "${kvNamespaceId ?? "REPLACE_WITH_KV_NAMESPACE_ID"}"
 
 [[durable_objects.bindings]]
 name = "WS_SESSIONS"
@@ -461,7 +445,7 @@ class_name = "WsSessions"
 
 [[migrations]]
 tag = "v1"
-new_classes = ["WsSessions"]
+new_sqlite_classes = ["WsSessions"]
 
 # Security: Set secrets via Cloudflare dashboard or CLI:
 #   wrangler secret put JWT_SECRET
@@ -470,7 +454,7 @@ new_classes = ["WsSessions"]
 
 // src/cli/generator/index.ts
 function generateWorker(options) {
-  const { appName, outDir } = options;
+  const { appName, outDir, kvNamespaceId } = options;
   const dirs = [
     outDir,
     join(outDir, "src"),
@@ -479,7 +463,7 @@ function generateWorker(options) {
   ];
   for (const dir of dirs) mkdirSync(dir, { recursive: true });
   const files = [
-    [join(outDir, "wrangler.toml"), wranglerTemplate(appName)],
+    [join(outDir, "wrangler.toml"), wranglerTemplate(appName, kvNamespaceId)],
     [join(outDir, "src", "index.ts"), workerIndexTemplate()],
     [join(outDir, "src", "routes", "auth.ts"), authTemplate()],
     [join(outDir, "src", "routes", "sync.ts"), syncTemplate()],
@@ -494,8 +478,9 @@ function generateWorker(options) {
   for (const [path, content] of files) {
     writeFileSync(path, content, "utf8");
   }
+  const kvWarning = kvNamespaceId ? "" : "   - KV namespace id                     \u2192  set your actual KV namespace ID\n";
   console.warn(
-    '\n\u26A0  Remember to replace placeholder values in wrangler.toml before deploying:\n   - JWT_SECRET = "REPLACE_WITH_SECRET"  \u2192  set a strong random secret\n   - KV namespace id                     \u2192  set your actual KV namespace ID\n'
+    '\n\u26A0  Remember to replace placeholder values in wrangler.toml before deploying:\n   - JWT_SECRET = "REPLACE_WITH_SECRET"  \u2192  set a strong random secret\n' + kvWarning
   );
 }
 function workerPackageJson(appName) {
@@ -545,8 +530,8 @@ function workerTsConfig() {
 // src/cli/targets/cloudflare.ts
 var cloudflareTarget = {
   name: "cloudflare",
-  generate({ appName, outDir }) {
-    generateWorker({ appName, outDir });
+  generate({ appName, outDir, kvNamespaceId }) {
+    generateWorker({ appName, outDir, kvNamespaceId });
   }
 };
 var nodeTarget = {
@@ -700,19 +685,6 @@ function registerBuild(program2) {
       log.error(`Unknown target: ${opts.target}. Valid targets: ${Object.keys(targets).join(", ")}`);
       process.exit(1);
     }
-    const schemaFile = findSchemaFile();
-    if (!schemaFile) {
-      log.error("No schema file found. Create offlinekit.config.ts in your project root.");
-      process.exit(1);
-    }
-    log.info(`Found schema: ${schemaFile}`);
-    try {
-      await loadSchema(schemaFile);
-      log.success("Schema loaded successfully");
-    } catch (err) {
-      log.error(`Schema load failed: ${err instanceof Error ? err.message : String(err)}`);
-      process.exit(1);
-    }
     const outDir = resolve(process.cwd(), opts.out);
     log.info(`Generating ${target.name} backend to: ${outDir}`);
     try {
@@ -729,66 +701,305 @@ function registerBuild(program2) {
     }
   });
 }
+function runWrangler(args, options) {
+  const result = spawnSync("wrangler", args, {
+    encoding: "utf8",
+    stdio: ["pipe", "pipe", "pipe"],
+    ...options
+  });
+  return {
+    stdout: result.stdout ?? "",
+    stderr: result.stderr ?? "",
+    status: result.status
+  };
+}
 function checkWrangler() {
   try {
-    const result = execSync("wrangler --version", { encoding: "utf8", stdio: ["ignore", "pipe", "ignore"] });
+    const result = execSync("wrangler --version", {
+      encoding: "utf8",
+      stdio: ["ignore", "pipe", "ignore"]
+    });
     return result.trim();
   } catch {
     return null;
   }
 }
-function registerDeploy(program2) {
-  program2.command("deploy").description("Deploy the LocalKit Worker to Cloudflare via Wrangler").option("-d, --dir <dir>", "Worker output directory", ".offlinekit/worker").option("-e, --env <env>", "Wrangler environment (e.g. production, staging)").option("-t, --target <target>", "Deploy target (default: cloudflare)", "cloudflare").option("--dry-run", "Print the wrangler command without running it").action((opts) => {
-    log.bold("LocalKit Deploy");
-    const serverDir = resolve(process.cwd(), "server");
-    if (existsSync(serverDir)) {
-      log.info("Warning: This project has been ejected (./server/ exists).");
-      log.dim("You can deploy the ejected code directly with `cd server && wrangler deploy`.");
-    }
-    if (opts.target !== "cloudflare") {
-      log.error(`Deploy target "${opts.target}" is not supported yet. Only "cloudflare" is deployable.`);
-      log.dim("For Node.js targets, run `npx mpb-localkit build --target node` then deploy the output manually.");
-      process.exit(1);
-    }
-    const version = checkWrangler();
-    if (!version) {
-      log.error("wrangler is not installed or not in PATH.");
-      log.dim("Install it with: npm install -g wrangler");
-      process.exit(1);
+function checkAuth() {
+  const result = runWrangler(["whoami"]);
+  return result.status === 0;
+}
+function createR2Bucket(name) {
+  log.info(`Creating R2 bucket: ${name}`);
+  const result = runWrangler(["r2", "bucket", "create", name]);
+  if (result.status !== 0) {
+    if (result.stderr.includes("already exists")) {
+      log.info(`R2 bucket "${name}" already exists, continuing`);
+      return;
     }
-    log.success(`wrangler ${version}`);
-    const outDir = resolve(process.cwd(), opts.dir);
-    if (!existsSync(outDir)) {
-      log.error(`Worker directory not found: ${outDir}`);
-      log.dim("Run `npx mpb-localkit build` first to generate the worker.");
-      process.exit(1);
+    if (result.stderr.includes("R2") || result.stderr.includes("not allowed") || result.stderr.includes("not enabled")) {
+      throw new Error(
+        `Failed to create R2 bucket: ${result.stderr}
+Hint: Enable R2 in your Cloudflare dashboard at https://dash.cloudflare.com \u2192 R2 Object Storage before deploying.`
+      );
     }
-    const tomlPath = resolve(outDir, "wrangler.toml");
-    if (!existsSync(tomlPath)) {
-      log.error(`wrangler.toml not found in ${outDir}`);
-      log.dim("Run `npx mpb-localkit build` to regenerate the worker.");
-      process.exit(1);
+    throw new Error(`Failed to create R2 bucket: ${result.stderr}`);
+  }
+  log.success(`R2 bucket "${name}" created`);
+}
+function kvNamespaceExists(id) {
+  const result = runWrangler(["kv", "namespace", "list", "--json"]);
+  if (result.status !== 0) return false;
+  try {
+    const namespaces = JSON.parse(result.stdout);
+    return namespaces.some((ns) => ns.id === id);
+  } catch {
+    return false;
+  }
+}
+function createKvNamespace(name) {
+  log.info(`Creating KV namespace: ${name}`);
+  const result = runWrangler(["kv", "namespace", "create", name]);
+  if (result.status === 0) {
+    const match = result.stdout.match(/id\s*=\s*"([a-f0-9]+)"/);
+    if (match) {
+      log.success(`KV namespace "${name}" created with ID: ${match[1]}`);
+      return match[1];
     }
-    const args = ["deploy"];
-    if (opts.env) args.push("--env", opts.env);
-    log.info(`Deploying from: ${outDir}`);
-    if (opts.env) log.info(`Environment: ${opts.env}`);
-    if (opts.dryRun) {
-      log.dim(`[dry-run] wrangler ${args.join(" ")}`);
-      log.dim(`[dry-run] cwd: ${outDir}`);
-      return;
+    try {
+      const parsed = JSON.parse(result.stdout);
+      if (parsed.id) return parsed.id;
+    } catch {
     }
-    const result = spawnSync("wrangler", args, {
-      cwd: outDir,
-      stdio: "inherit",
-      encoding: "utf8"
-    });
-    if (result.status !== 0) {
-      log.error(`wrangler deploy failed (exit ${result.status ?? "unknown"})`);
-      process.exit(result.status ?? 1);
+  }
+  if (result.stderr.includes("already exists") || result.status !== 0) {
+    log.info(`KV namespace "${name}" may already exist, looking up ID...`);
+    const listResult = runWrangler(["kv", "namespace", "list", "--json"]);
+    if (listResult.status === 0) {
+      try {
+        const namespaces = JSON.parse(listResult.stdout);
+        const found = namespaces.find((ns) => ns.title === name);
+        if (found) {
+          log.success(`Found existing KV namespace "${name}" with ID: ${found.id}`);
+          return found.id;
+        }
+      } catch {
+        log.warn("Failed to parse KV namespace list JSON, falling back to regex");
+      }
+      const idMatch = listResult.stdout.match(/id\s*=\s*"([a-f0-9]+)"/);
+      if (idMatch) return idMatch[1];
     }
-    log.success("Deployed successfully!");
+  }
+  throw new Error(
+    `Failed to create or find KV namespace "${name}". stdout: ${result.stdout}, stderr: ${result.stderr}`
+  );
+}
+function setSecret(name, value, cwd) {
+  log.info(`Setting secret: ${name}`);
+  const result = runWrangler(["secret", "put", name], { cwd, input: value });
+  if (result.status !== 0) {
+    throw new Error(`Failed to set secret ${name}: ${result.stderr}`);
+  }
+  log.success(`Secret "${name}" set`);
+}
+function readDeployState(outDir) {
+  const statePath = resolve(outDir, "..", "deploy-state.json");
+  if (!existsSync(statePath)) return null;
+  try {
+    return JSON.parse(readFileSync(statePath, "utf8"));
+  } catch {
+    return null;
+  }
+}
+function writeDeployState(outDir, state) {
+  const statePath = resolve(outDir, "..", "deploy-state.json");
+  mkdirSync(dirname(statePath), { recursive: true });
+  writeFileSync(statePath, JSON.stringify(state, null, 2), "utf8");
+}
+function provisionCloudflare(appName, _outDir, dryRun) {
+  const name = appName.toLowerCase().replace(/[^a-z0-9-]/g, "-");
+  const r2BucketName = `${name}-storage`;
+  const kvTitle = `${name}-kv`;
+  const workerName = `${name}-worker`;
+  if (dryRun) {
+    log.dim("[dry-run] Would check wrangler auth (wrangler whoami)");
+    log.dim(`[dry-run] Would create R2 bucket: ${r2BucketName}`);
+    log.dim(`[dry-run] Would create KV namespace: ${kvTitle}`);
+    log.dim("[dry-run] Would set JWT_SECRET");
+    return { kvNamespaceId: "DRY_RUN_PLACEHOLDER", r2BucketName, workerName };
+  }
+  if (!checkAuth()) {
+    log.error("Not authenticated with Cloudflare.");
+    log.dim("Run `wrangler login` to authenticate, then try again.");
+    process.exit(1);
+  }
+  log.success("Authenticated with Cloudflare");
+  createR2Bucket(r2BucketName);
+  const kvNamespaceId = createKvNamespace(kvTitle);
+  return { kvNamespaceId, r2BucketName, workerName };
+}
+function generateAndDeploy(appName, outDir, kvNamespaceId, env, dryRun) {
+  if (dryRun) {
+    log.dim(`[dry-run] Would generate worker code to: ${outDir}`);
+    log.dim(`[dry-run] Would run: npm install (in ${outDir})`);
+    log.dim(`[dry-run] Would run: wrangler deploy${env ? ` --env ${env}` : ""}`);
+    return void 0;
+  }
+  log.info("Generating worker code...");
+  cloudflareTarget.generate({ appName, outDir, kvNamespaceId });
+  log.success("Worker code generated");
+  log.info("Installing dependencies...");
+  const installResult = spawnSync("npm", ["install"], {
+    cwd: outDir,
+    encoding: "utf8",
+    stdio: ["pipe", "pipe", "pipe"]
+  });
+  if (installResult.status !== 0) {
+    throw new Error(`npm install failed: ${installResult.stderr}`);
+  }
+  log.success("Dependencies installed");
+  log.info("Deploying to Cloudflare...");
+  const deployArgs = ["deploy"];
+  if (env) deployArgs.push("--env", env);
+  const deployResult = spawnSync("wrangler", deployArgs, {
+    cwd: outDir,
+    encoding: "utf8",
+    stdio: ["pipe", "pipe", "pipe"]
   });
+  if (deployResult.status !== 0) {
+    throw new Error(
+      `wrangler deploy failed (exit ${deployResult.status}): ${deployResult.stderr}`
+    );
+  }
+  const urlMatch = deployResult.stdout.match(/https:\/\/[^\s]+\.workers\.dev/);
+  const workerUrl = urlMatch ? urlMatch[0] : void 0;
+  if (workerUrl) {
+    log.success(`Deployed to: ${workerUrl}`);
+  } else {
+    log.success("Deployed successfully!");
+  }
+  return workerUrl;
+}
+function registerDeploy(program2) {
+  program2.command("deploy").description("Deploy the LocalKit Worker to Cloudflare via Wrangler").option("-d, --dir <dir>", "Worker output directory", ".offlinekit/worker").option("-n, --name <name>", "App name for the worker", "localkit-app").option("-e, --env <env>", "Wrangler environment (e.g. production, staging)").option("-t, --target <target>", "Deploy target (default: cloudflare)", "cloudflare").option("--dry-run", "Show what would happen without executing").action(
+    (opts) => {
+      log.bold("LocalKit Deploy");
+      const dryRun = opts.dryRun ?? false;
+      const serverDir = resolve(process.cwd(), "server");
+      if (existsSync(serverDir)) {
+        log.info(
+          "Warning: This project has been ejected (./server/ exists)."
+        );
+        log.dim(
+          "You can deploy the ejected code directly with `cd server && wrangler deploy`."
+        );
+      }
+      if (opts.target !== "cloudflare") {
+        log.error(
+          `Deploy target "${opts.target}" is not supported yet. Only "cloudflare" is deployable.`
+        );
+        log.dim(
+          "For Node.js targets, run `npx mpb-localkit build --target node` then deploy the output manually."
+        );
+        process.exit(1);
+      }
+      const version = checkWrangler();
+      if (!version) {
+        log.error("wrangler is not installed or not in PATH.");
+        log.dim("Install it with: npm install -g wrangler");
+        process.exit(1);
+      }
+      log.success(`wrangler ${version}`);
+      const outDir = resolve(process.cwd(), opts.dir);
+      const appName = opts.name;
+      const existingState = readDeployState(outDir);
+      let kvNamespaceId;
+      let r2BucketName;
+      let workerName;
+      if (existingState?.kvNamespaceId && existingState?.r2BucketName) {
+        log.info("Found existing deploy state, validating resources...");
+        r2BucketName = existingState.r2BucketName;
+        workerName = existingState.workerName;
+        if (dryRun) {
+          log.dim("[dry-run] Would validate KV namespace exists");
+          kvNamespaceId = existingState.kvNamespaceId;
+        } else if (kvNamespaceExists(existingState.kvNamespaceId)) {
+          log.success("KV namespace validated");
+          kvNamespaceId = existingState.kvNamespaceId;
+        } else {
+          log.warn("KV namespace no longer exists, re-creating...");
+          const name = appName.toLowerCase().replace(/[^a-z0-9-]/g, "-");
+          kvNamespaceId = createKvNamespace(`${name}-kv`);
+          writeDeployState(outDir, {
+            ...existingState,
+            kvNamespaceId
+          });
+          log.success("Deploy state updated with new KV namespace ID");
+        }
+      } else {
+        const provisioned = provisionCloudflare(appName, outDir, dryRun);
+        kvNamespaceId = provisioned.kvNamespaceId;
+        r2BucketName = provisioned.r2BucketName;
+        workerName = provisioned.workerName;
+        if (!dryRun) {
+          writeDeployState(outDir, {
+            kvNamespaceId,
+            r2BucketName,
+            workerName,
+            jwtSecretSet: false
+          });
+          log.success("Deploy state saved to .offlinekit/deploy-state.json");
+        }
+      }
+      if (kvNamespaceId === "REPLACE_WITH_KV_NAMESPACE_ID" || !kvNamespaceId) {
+        log.error(
+          "KV namespace ID is missing or still a placeholder. Run `mpb-localkit deploy` (not `wrangler deploy` directly) to auto-provision resources, or create one manually: wrangler kv namespace create KV"
+        );
+        process.exit(1);
+      }
+      const alreadyHasSecret = existingState?.jwtSecretSet ?? false;
+      let workerUrl;
+      try {
+        workerUrl = generateAndDeploy(appName, outDir, kvNamespaceId, opts.env, dryRun);
+      } catch (err) {
+        log.error(`Deploy failed: ${err instanceof Error ? err.message : String(err)}`);
+        process.exit(1);
+      }
+      if (dryRun) {
+        if (!alreadyHasSecret) {
+          log.dim("[dry-run] Would set JWT_SECRET (first deploy only)");
+        }
+        log.bold("Dry run complete. No changes were made.");
+        return;
+      }
+      let jwtSecretSet = alreadyHasSecret;
+      if (!jwtSecretSet) {
+        try {
+          setSecret("JWT_SECRET", randomBytes(32).toString("hex"), outDir);
+          log.success("JWT_SECRET set");
+          jwtSecretSet = true;
+        } catch (err) {
+          log.warn(`Could not set JWT_SECRET: ${err instanceof Error ? err.message : String(err)}`);
+          log.dim("Set it manually: wrangler secret put JWT_SECRET");
+        }
+      }
+      writeDeployState(outDir, { kvNamespaceId, r2BucketName, workerName, workerUrl, jwtSecretSet });
+      if (workerUrl) {
+        const envPath = resolve(process.cwd(), ".env");
+        if (existsSync(envPath)) {
+          let envContent = readFileSync(envPath, "utf8");
+          if (envContent.includes("VITE_SYNC_URL=")) {
+            envContent = envContent.replace(/VITE_SYNC_URL=.*/, `VITE_SYNC_URL=${workerUrl}`);
+          } else {
+            envContent += `
+VITE_SYNC_URL=${workerUrl}
+`;
+          }
+          writeFileSync(envPath, envContent, "utf8");
+          log.info(`Updated .env with VITE_SYNC_URL=${workerUrl}`);
+        }
+      }
+    }
+  );
 }
 var targets2 = {
   cloudflare: cloudflareTarget,