neonctl 2.10.1 → 2.12.0

package/analytics.js

@@ -25,13 +25,26 @@ export const analyticsMiddleware = async (args) => {
         log.debug('Failed to read credentials file', err);
     }
     try {
-        if (!userId && args.apiKey) {
+        if (args.apiKey) {
             const apiClient = getApiClient({
                 apiKey: args.apiKey,
                 apiHost: args.apiHost,
             });
-            const resp = await apiClient?.getCurrentUserInfo?.();
-            userId = resp?.data?.id;
+            // Populating api key details for analytics
+            const authDetailsResponse = await apiClient.getAuthDetails();
+            const authDetails = authDetailsResponse.data;
+            args.accountId = authDetails.account_id;
+            args.authMethod = authDetails.auth_method;
+            args.authData = authDetails.auth_data;
+            // Get user id if not org api key
+            if (!userId && authDetails.auth_method !== 'api_key_org') {
+                const resp = await apiClient?.getCurrentUserInfo?.();
+                userId = resp?.data?.id;
+            }
+        }
+        else {
+            args.accountId = userId;
+            args.authMethod = 'oauth';
         }
     }
     catch (err) {

package/commands/auth.js

@@ -1,4 +1,4 @@
-import { existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { existsSync, readFileSync, writeFileSync, rmSync } from 'node:fs';
 import { join } from 'node:path';
 import { createHash } from 'node:crypto';
 import { TokenSet } from 'openid-client';
@@ -41,6 +41,7 @@ export const authFlow = async ({ configDir, oauthHost, clientId, apiHost, forceA
 const preserveCredentials = async (path, credentials, apiClient) => {
     const { data: { id }, } = await apiClient.getCurrentUserInfo();
     const contents = JSON.stringify({
+        // Making the linter happy by explicitly confirming we don't care about @typescript-eslint/no-misused-spread
         ...credentials,
         user_id: id,
     });
@@ -152,4 +153,25 @@ export const ensureAuth = async (props) => {
         apiHost: props.apiHost,
     });
 };
+/**
+ * Deletes the credentials file at the specified path
+ * @param configDir Directory where credentials file is stored
+ */
+export const deleteCredentials = (configDir) => {
+    const credentialsPath = join(configDir, CREDENTIALS_FILE);
+    try {
+        if (existsSync(credentialsPath)) {
+            rmSync(credentialsPath);
+            log.info('Deleted credentials from %s', credentialsPath);
+        }
+        else {
+            log.debug('Credentials file %s does not exist', credentialsPath);
+        }
+    }
+    catch (err) {
+        const typedErr = err instanceof Error ? err : new Error('Unknown error');
+        log.error('Failed to delete credentials: %s', typedErr.message);
+        throw new Error('CREDENTIALS_DELETE_FAILED');
+    }
+};
 const md5hash = (s) => createHash('md5').update(s).digest('hex');

package/commands/auth.test.js

@@ -6,7 +6,7 @@ import { afterAll, beforeAll, beforeEach, describe, expect, vi } from 'vitest';
 import * as authModule from '../auth';
 import { test } from '../test_utils/fixtures';
 import { startOauthServer } from '../test_utils/oauth_server';
-import { authFlow, ensureAuth } from './auth';
+import { authFlow, ensureAuth, deleteCredentials } from './auth';
 vi.mock('open', () => ({ default: vi.fn((url) => axios.get(url)) }));
 vi.mock('../pkg.ts', () => ({ default: { version: '0.0.0' } }));
 describe('auth', () => {
@@ -163,3 +163,33 @@ describe('ensureAuth', () => {
         expect(props.apiKey).toBe('new-token');
     });
 });
+describe('deleteCredentials', () => {
+    let configDir = '';
+    beforeAll(() => {
+        configDir = mkdtempSync('test-config-delete');
+    });
+    afterAll(() => {
+        rmSync(configDir, { recursive: true });
+    });
+    test('should successfully delete credentials file', () => {
+        const credentialsPath = join(configDir, 'credentials.json');
+        writeFileSync(credentialsPath, 'test-content', { mode: 0o700 });
+        expect(existsSync(credentialsPath)).toBe(true);
+        deleteCredentials(configDir);
+        expect(existsSync(credentialsPath)).toBe(false);
+    });
+    test('should handle non-existent file gracefully', () => {
+        const nonExistentDir = mkdtempSync('test-config-nonexistent');
+        // Ensure the file doesn't exist
+        const credentialsPath = join(nonExistentDir, 'credentials.json');
+        if (existsSync(credentialsPath)) {
+            rmSync(credentialsPath);
+        }
+        expect(existsSync(credentialsPath)).toBe(false);
+        // Should not throw an error
+        expect(() => {
+            deleteCredentials(nonExistentDir);
+        }).not.toThrow();
+        rmSync(nonExistentDir, { recursive: true });
+    });
+});

package/commands/branches.js

@@ -142,6 +142,10 @@ export const builder = (argv) => argv
         describe: 'The number of Compute Units. Could be a fixed size (e.g. "2") or a range delimited by a dash (e.g. "0.5-3").',
         type: 'string',
     },
+    name: {
+        type: 'string',
+        describe: 'Optional name of the compute',
+    },
 }), (args) => addCompute(args))
     .command('delete <id|name>', 'Delete a branch', (yargs) => yargs, (args) => deleteBranch(args))
     .command('get <id|name>', 'Get a branch', (yargs) => yargs, (args) => get(args))
@@ -319,11 +323,13 @@ const get = async (props) => {
 };
 const addCompute = async (props) => {
     const branchId = await branchIdFromProps(props);
+    const computeName = props.name ? { name: props.name } : null;
     const { data } = await retryOnLock(() => props.apiClient.createProjectEndpoint(props.projectId, {
         endpoint: {
             branch_id: branchId,
             type: props.type,
             ...(props.cu ? getComputeUnits(props.cu) : undefined),
+            ...computeName,
         },
     }));
     writer(props).end(data.endpoint, {

package/commands/branches.test.js

@@ -274,6 +274,19 @@ describe('branches', () => {
             '0.5-2',
         ]);
     });
+    test('add compute with a name', async ({ testCliCommand }) => {
+        await testCliCommand([
+            'branches',
+            'add-compute',
+            'test_branch_with_autoscaling',
+            '--project-id',
+            'test',
+            '--cu',
+            '0.5-2',
+            '--name',
+            'My fancy new compute',
+        ]);
+    });
     /* reset */
     test('reset branch to parent', async ({ testCliCommand }) => {
         await testCliCommand([

package/commands/projects.js

@@ -52,6 +52,10 @@ export const builder = (argv) => {
                 .description,
             type: 'boolean',
         },
+        hipaa: {
+            describe: projectCreateRequest['project.settings.hipaa'].description,
+            type: 'boolean',
+        },
         name: {
             describe: projectCreateRequest['project.name'].description,
             type: 'string',
@@ -102,6 +106,10 @@ export const builder = (argv) => {
                 ' Use --block-public-connections=false to set the value to false.',
             type: 'boolean',
         },
+        hipaa: {
+            describe: projectUpdateRequest['project.settings.hipaa'].description,
+            type: 'boolean',
+        },
         cu: {
             describe: 'The number of Compute Units. Could be a fixed size (e.g. "2") or a range delimited by a dash (e.g. "0.5-3").',
             type: 'string',
@@ -164,6 +172,12 @@ const list = async (props) => {
 };
 const create = async (props) => {
     const project = {};
+    if (props.hipaa !== undefined) {
+        if (!project.settings) {
+            project.settings = {};
+        }
+        project.settings.hipaa = props.hipaa;
+    }
     if (props.blockPublicConnections !== undefined) {
         if (!project.settings) {
             project.settings = {};
@@ -226,6 +240,12 @@ const deleteProject = async (props) => {
 };
 const update = async (props) => {
     const project = {};
+    if (props.hipaa !== undefined) {
+        if (!project.settings) {
+            project.settings = {};
+        }
+        project.settings.hipaa = props.hipaa;
+    }
     if (props.blockPublicConnections !== undefined) {
         if (!project.settings) {
             project.settings = {};

package/commands/projects.test.js

@@ -13,6 +13,15 @@ describe('projects', () => {
     test('create', async ({ testCliCommand }) => {
         await testCliCommand(['projects', 'create', '--name', 'test_project']);
     });
+    test('create with hipaa flag', async ({ testCliCommand }) => {
+        await testCliCommand([
+            'projects',
+            'create',
+            '--name',
+            'test_project',
+            '--hipaa',
+        ]);
+    });
     test('create with org id', async ({ testCliCommand }) => {
         await testCliCommand([
             'projects',
@@ -102,6 +111,9 @@ describe('projects', () => {
             'test_project_new_name',
         ]);
     });
+    test('update hipaa flag', async ({ testCliCommand }) => {
+        await testCliCommand(['projects', 'update', 'test', '--hipaa']);
+    });
     test('update project with default fixed size CU', async ({ testCliCommand, }) => {
         await testCliCommand([
             'projects',

package/commands/schema_diff.js

@@ -59,14 +59,13 @@ const createSchemaDiff = async (baseBranch, pointInTime, database, props) => {
 };
 const fetchSchema = async (pointInTime, database, props) => {
     try {
-        return props.apiClient
-            .getProjectBranchSchema({
+        const response = await props.apiClient.getProjectBranchSchema({
             projectId: props.projectId,
             branchId: pointInTime.branchId,
             db_name: database.name,
             ...pointInTimeParams(pointInTime),
-        })
-            .then((response) => response.data.sql ?? '');
+        });
+        return response.data.sql ?? '';
     }
     catch (error) {
         if (isAxiosError(error)) {

package/index.js

@@ -13,7 +13,7 @@ axiosDebug({
         debug(error);
     },
 });
-import { ensureAuth } from './commands/auth.js';
+import { ensureAuth, deleteCredentials } from './commands/auth.js';
 import { defaultDir, ensureConfigDir } from './config.js';
 import { log } from './log.js';
 import { defaultClientID } from './auth.js';
@@ -143,19 +143,33 @@ builder = builder
     .scriptName(basename(process.argv[1]) === 'neon' ? 'neon' : 'neonctl')
     .epilog('For more information, visit https://neon.tech/docs/reference/neon-cli')
     .wrap(null)
-    .fail(async (msg, err) => {
+    .fail(false);
+async function handleError(msg, err) {
     if (process.argv.some((arg) => arg === '--help' || arg === '-h')) {
         await showHelp(builder);
         process.exit(0);
     }
+    // Log stack trace if available
+    if (err instanceof Error && err.stack) {
+        log.debug('Stack: %s', err.stack);
+    }
     if (isAxiosError(err)) {
         if (err.code === 'ECONNABORTED') {
             log.error('Request timed out');
             sendError(err, 'REQUEST_TIMEOUT');
+            return false;
         }
         else if (err.response?.status === 401) {
             sendError(err, 'AUTH_FAILED');
-            log.error('Authentication failed, please run `neonctl auth`');
+            log.info('Authentication failed, deleting credentials...');
+            try {
+                deleteCredentials(defaultDir);
+                return true; // Allow retry for auth failures
+            }
+            catch (deleteErr) {
+                log.debug('Failed to delete credentials: %s', deleteErr instanceof Error ? deleteErr.message : 'unknown error');
+                return false;
+            }
         }
         else {
             if (err.response?.data?.message) {
@@ -163,33 +177,47 @@ builder = builder
             }
             log.debug('status: %d %s | path: %s', err.response?.status, err.response?.statusText, err.request?.path);
             sendError(err, 'API_ERROR');
+            return false;
         }
     }
     else {
-        sendError(err || new Error(msg), matchErrorCode(msg || err?.message));
-        log.error(msg || err?.message);
-    }
-    await closeAnalytics();
-    if (err?.stack) {
-        log.debug('Stack: %s', err.stack);
+        const error = err instanceof Error ? err : new Error(msg || 'Unknown error');
+        sendError(error, matchErrorCode(error.message));
+        log.error(error.message);
+        return false;
     }
-    process.exit(1);
-});
+}
 void (async () => {
-    try {
-        const args = await builder.argv;
-        trackEvent('cli_command_success', {
-            ...getAnalyticsEventProperties(args),
-            projectId: args.projectId,
-            branchId: args.branchId,
-        });
-        if (args._.length === 0 || args.help) {
-            await showHelp(builder);
+    // Main loop with max 2 attempts (initial + 1 retry):
+    let attempts = 0;
+    const MAX_ATTEMPTS = 2;
+    while (attempts < MAX_ATTEMPTS) {
+        try {
+            const args = await builder.argv;
+            // Send analytics for a successful attempt
+            trackEvent('cli_command_success', {
+                ...getAnalyticsEventProperties(args),
+                projectId: args.projectId,
+                branchId: args.branchId,
+                accountId: args.accountId,
+                authMethod: args.authMethod,
+                authData: args.authData,
+            });
+            if (args._.length === 0 || args.help) {
+                await showHelp(builder);
+                process.exit(0);
+            }
+            await closeAnalytics();
             process.exit(0);
         }
-        await closeAnalytics();
-    }
-    catch {
-        // noop
+        catch (err) {
+            attempts++;
+            const shouldRetry = await handleError('', err);
+            if (!shouldRetry || attempts >= MAX_ATTEMPTS) {
+                await closeAnalytics();
+                process.exit(1);
+            }
+            // If shouldRetry is true and we haven't hit max attempts, loop continues
+        }
     }
 })();

package/package.json

@@ -5,7 +5,7 @@
     "url": "git+ssh://git@github.com/neondatabase/neonctl.git"
   },
   "type": "module",
-  "version": "2.10.1",
+  "version": "2.12.0",
   "description": "CLI tool for NeonDB Cloud management",
   "main": "index.js",
   "author": "NeonDB",
@@ -22,7 +22,7 @@
     "@apidevtools/swagger-parser": "^10.1.0",
     "@commitlint/cli": "^17.6.5",
     "@commitlint/config-conventional": "^17.6.5",
-    "@eslint/js": "^9.6.0",
+    "@eslint/js": "^9.23.0",
     "@rollup/plugin-commonjs": "^25.0.2",
     "@rollup/plugin-json": "^6.0.0",
     "@rollup/plugin-node-resolve": "^15.1.0",
@@ -39,7 +39,7 @@
     "@types/which": "^3.0.0",
     "@types/yargs": "^17.0.24",
     "emocks": "^3.0.1",
-    "eslint": "^9.6.0",
+    "eslint": "^9.23.0",
     "express": "^4.18.2",
     "husky": "^8.0.3",
     "lint-staged": "^13.0.3",
@@ -50,11 +50,11 @@
     "semantic-release": "^23.0.8",
     "strip-ansi": "^7.1.0",
     "typescript": "^4.7.4",
-    "typescript-eslint": "v8.0.0-alpha.41",
-    "vitest": "^1.6.1"
+    "typescript-eslint": "8.28.0",
+    "vitest": "^1.6.0"
   },
   "dependencies": {
-    "@neondatabase/api-client": "1.12.0",
+    "@neondatabase/api-client": "2.1.0",
     "@segment/analytics-node": "^1.0.0-beta.26",
     "axios": "^1.4.0",
     "axios-debug-log": "^1.0.0",

package/parameters.gen.js

@@ -22,7 +22,7 @@ export const projectCreateRequest = {
     },
     'project.settings.quota.logical_size_bytes': {
         type: "number",
-        description: "Limit on the logical size of every project's branch.\n",
+        description: "Limit on the logical size of every project's branch.\n\nIf a branch exceeds its `logical_size_bytes` quota, computes can still be started,\nbut write operations will fail—allowing data to be deleted to free up space.\nComputes on other branches are not affected.\n\nSetting `logical_size_bytes` overrides any lower value set by the `neon.max_cluster_size` Postgres setting.\n",
         demandOption: false,
     },
     'project.settings.allowed_ips.ips': {
@@ -65,9 +65,30 @@ export const projectCreateRequest = {
         description: "When set, connections using VPC endpoints are disallowed.\nThis parameter is under active development and its semantics may change in the future.\n",
         demandOption: false,
     },
+    'project.settings.audit_log_level': {
+        type: "string",
+        description: undefined,
+        demandOption: false,
+        choices: ["base", "extended", "full"],
+    },
+    'project.settings.hipaa': {
+        type: "boolean",
+        description: undefined,
+        demandOption: false,
+    },
+    'project.settings.preload_libraries.use_defaults': {
+        type: "boolean",
+        description: undefined,
+        demandOption: false,
+    },
+    'project.settings.preload_libraries.enabled_libraries': {
+        type: "array",
+        description: undefined,
+        demandOption: false,
+    },
     'project.name': {
         type: "string",
-        description: "The project name",
+        description: "The project name. If not specified, the name will be identical to the generated project ID",
         demandOption: false,
     },
     'project.branch.name': {
@@ -144,7 +165,7 @@ export const projectUpdateRequest = {
     },
     'project.settings.quota.logical_size_bytes': {
         type: "number",
-        description: "Limit on the logical size of every project's branch.\n",
+        description: "Limit on the logical size of every project's branch.\n\nIf a branch exceeds its `logical_size_bytes` quota, computes can still be started,\nbut write operations will fail—allowing data to be deleted to free up space.\nComputes on other branches are not affected.\n\nSetting `logical_size_bytes` overrides any lower value set by the `neon.max_cluster_size` Postgres setting.\n",
         demandOption: false,
     },
     'project.settings.allowed_ips.ips': {
@@ -187,6 +208,27 @@ export const projectUpdateRequest = {
         description: "When set, connections using VPC endpoints are disallowed.\nThis parameter is under active development and its semantics may change in the future.\n",
         demandOption: false,
     },
+    'project.settings.audit_log_level': {
+        type: "string",
+        description: undefined,
+        demandOption: false,
+        choices: ["base", "extended", "full"],
+    },
+    'project.settings.hipaa': {
+        type: "boolean",
+        description: undefined,
+        demandOption: false,
+    },
+    'project.settings.preload_libraries.use_defaults': {
+        type: "boolean",
+        description: undefined,
+        demandOption: false,
+    },
+    'project.settings.preload_libraries.enabled_libraries': {
+        type: "array",
+        description: undefined,
+        demandOption: false,
+    },
     'project.name': {
         type: "string",
         description: "The project name",
@@ -241,7 +283,7 @@ export const branchCreateRequest = {
     },
     'branch.init_source': {
         type: "string",
-        description: "The initialization source type for the branch. Valid values are `schema-only` and `parent-data`.\nThis parameter is under active development and may change its semantics in the future.\n",
+        description: "The source of initialization for the branch. Valid values are `schema-only` and `parent-data` (default).\n  * `schema-only` - creates a new root branch containing only the schema. Use `parent_id` to specify the source branch. Optionally, you can provide `parent_lsn` or `parent_timestamp` to branch from a specific point in time or LSN. These fields define which branch to copy the schema from and at what point—they do not establish a parent-child relationship between the `parent_id` branch and the new schema-only branch.\n  * `parent-data` - creates the branch with both schema and data from the parent.\n",
         demandOption: false,
     },
 };