npm - relic - Versions diffs - 0.4.0 → 0.4.1 - Mend

relic 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/dist/cli.js +464 -0
package/package.json +17 -17
package/prebuilds/win32-x64/relic_runner.dll +0 -0
package/commands/init.ts +0 -105
package/commands/login.ts +0 -85
package/commands/logout.ts +0 -39
package/commands/projects.ts +0 -154
package/commands/run.api-key.test.ts +0 -240
package/commands/run.test.ts +0 -404
package/commands/run.ts +0 -532
package/commands/run.validation.test.ts +0 -135
package/commands/telemetry.ts +0 -28
package/commands/whoami.ts +0 -45
package/ffi/bridge.ts +0 -36
package/ffi/constants.ts +0 -3
package/ffi/helper.ts +0 -134
package/index.ts +0 -116
package/lib/api.ts +0 -411
package/lib/config.ts +0 -118
package/lib/crypto.ts +0 -81
package/lib/types.ts +0 -1

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "relic",
-  "version": "0.4.0",
+  "version": "0.4.1",
   "description": "The Relic CLI for managing and sharing secrets. Encrypted on your device, never exposed to anyone else. Not even us.",
   "keywords": [
     "cli",
@@ -16,10 +16,12 @@
   "module": "index.ts",
   "type": "module",
   "bin": {
-    "relic": "index.ts"
+    "relic": "dist/cli.js"
   },
   "scripts": {
+    "build": "bun run scripts/build.ts",
     "build:runner": "cd ../../packages/runner && cargo build --release",
+    "prepublishOnly": "bun run build",
     "dev:cli": "DEV=true bun run build:runner && bun run index.ts",
     "log:watch": "bun run ../../packages/logger/scripts/watch.ts",
     "lint": "biome check --write .",
@@ -28,36 +30,34 @@
     "test": "bun test"
   },
   "files": [
-    "index.ts",
-    "commands/**",
-    "lib/**",
-    "ffi/**",
+    "dist/**",
     "prebuilds/**",
     "README.md"
   ],
-  "devDependencies": {
-    "@repo/typescript-config": "*",
-    "@types/bun": "latest",
-    "bun-types": "^1.3.1"
-  },
-  "peerDependencies": {
-    "typescript": "^5"
-  },
-  "engines": {
-    "node": ">=18"
-  },
   "dependencies": {
+    "argon2": "^0.41.1"
+  },
+  "devDependencies": {
     "@clack/prompts": "^0.11.0",
     "@repo/auth": "*",
     "@repo/backend": "*",
     "@repo/crypto": "*",
     "@repo/logger": "*",
     "@repo/tui": "*",
+    "@repo/typescript-config": "*",
+    "@types/bun": "latest",
+    "bun-types": "^1.3.1",
     "commander": "^13.1.0",
     "convex": "catalog:",
     "open": "^11.0.0",
     "ora": "^8.2.0",
     "picocolors": "^1.1.1",
     "smol-toml": "^1.6.0"
+  },
+  "peerDependencies": {
+    "typescript": "^5"
+  },
+  "engines": {
+    "node": ">=18"
   }
 }

package/prebuilds/win32-x64/relic_runner.dll CHANGED Viewed

Binary file

package/commands/init.ts DELETED Viewed

@@ -1,105 +0,0 @@
-import * as p from "@clack/prompts";
-import { AuthenticationError, validateSession } from "@repo/auth";
-import { createLogger, trackEvent } from "@repo/logger";
-import pc from "picocolors";
-const log = createLogger("cli");
-import { getApi, type ProjectListItem } from "../lib/api";
-import {
-  configExists,
-  createConfig,
-  createRelicDir,
-  getConfigFilePath,
-  saveConfig,
-} from "../lib/config";
-interface ProjectOption extends ProjectListItem {
-  isShared: boolean;
-}
-export default async function init() {
-  p.intro(pc.bgCyan(pc.black(" relic init ")));
-  if (await configExists()) {
-    p.log.warn(pc.yellow("Already initialized"));
-    p.outro(pc.dim("Delete relic.toml to re-initialize"));
-    return;
-  }
-  const spinner = p.spinner();
-  spinner.start("Checking authentication...");
-  const sessionValidation = await validateSession();
-  if (!sessionValidation.isValid || sessionValidation.isExpired) {
-    spinner.stop("Not logged in");
-    p.log.error(pc.yellow("Not logged in"));
-    p.outro(pc.dim("Run `relic login` to authenticate"));
-    process.exit(1);
-  }
-  spinner.message("Loading projects...");
-  try {
-    const api = getApi();
-    const [ownedProjects, sharedProjects] = await Promise.all([
-      api.listProjects(),
-      api.listSharedProjects(),
-    ]);
-    const allProjects: ProjectOption[] = [
-      ...ownedProjects.filter((p) => !p.isArchived).map((p) => ({ ...p, isShared: false })),
-      ...sharedProjects.filter((p) => !p.isArchived).map((p) => ({ ...p, isShared: true })),
-    ];
-    spinner.stop("Projects loaded");
-    if (allProjects.length === 0) {
-      p.log.warn(pc.yellow("No projects found. Run `relic` to create a new project"));
-      process.exit(1);
-    }
-    const selectedProjectId = await p.select({
-      message: "Select a project",
-      options: allProjects.map((project) => ({
-        value: project.id,
-        label: project.isShared ? `${project.name} ${pc.dim("(shared)")}` : project.name,
-      })),
-    });
-    if (p.isCancel(selectedProjectId)) {
-      p.cancel("Operation cancelled");
-      process.exit(0);
-    }
-    const selectedProject = allProjects.find((p) => p.id === selectedProjectId);
-    if (!selectedProject) {
-      p.log.error(pc.red("Failed to find selected project"));
-      process.exit(1);
-    }
-    spinner.start("Saving configuration...");
-    const config = createConfig(selectedProject.id);
-    await saveConfig(config);
-    await createRelicDir();
-    spinner.stop("Configuration saved");
-    trackEvent("cli_project_initialized", { success: true });
-    p.log.success(pc.green(`Initialized Relic for ${selectedProject.name}`));
-    p.outro(pc.dim(`Config saved to ${getConfigFilePath()}`));
-  } catch (err) {
-    spinner.stop("Failed");
-    if (err instanceof AuthenticationError) {
-      p.log.error(pc.yellow("Not logged in"));
-      p.outro(pc.dim("Run `relic login` to authenticate"));
-      process.exit(1);
-    }
-    log.error("Init failed", err);
-    trackEvent("cli_project_initialized", { success: false });
-    const message = err instanceof Error ? err.message : "Failed to initialize";
-    p.log.error(pc.red(`Error: ${message}`));
-    process.exit(1);
-  }
-}

package/commands/login.ts DELETED Viewed

@@ -1,85 +0,0 @@
-import {
-  type DeviceAuthStatus,
-  type DeviceCodeResponse,
-  deviceAuth,
-  validateSession,
-} from "@repo/auth";
-import { createLogger, trackEvent } from "@repo/logger";
-import ora from "ora";
-import pc from "picocolors";
-const log = createLogger("cli");
-function formatCode(code: string): string {
-  if (code.includes("-")) return code;
-  if (code.length === 8) return `${code.slice(0, 4)}-${code.slice(4)}`;
-  return code;
-}
-export default async function login() {
-  const spinner = ora("Connecting to server...").start();
-  try {
-    // Check if already logged in
-    const sessionValidation = await validateSession();
-    if (sessionValidation.isValid && !sessionValidation.isExpired) {
-      spinner.succeed(pc.green("Already logged in"));
-      return;
-    }
-    trackEvent("cli_login_started");
-    let userCode: string | null = null;
-    let verificationUri: string | null = null;
-    let currentStatus: DeviceAuthStatus | "starting" | "approved" = "starting";
-    const result = await deviceAuth.startAuth({
-      onCodeReceived: (code: DeviceCodeResponse) => {
-        userCode = code.user_code;
-        verificationUri = code.verification_uri_complete;
-        spinner.stop();
-        console.log();
-        console.log("Your verification code:");
-        console.log();
-        console.log(`  ${pc.bold(pc.green(formatCode(userCode)))}`);
-        console.log();
-        if (verificationUri) {
-          console.log(pc.dim(`Opening browser to: ${verificationUri}`));
-        }
-        console.log();
-        spinner.start("Waiting for authorization...");
-      },
-      onStatusChange: (newStatus: DeviceAuthStatus) => {
-        currentStatus = newStatus;
-      },
-      onSuccess: () => {
-        currentStatus = "approved";
-      },
-      onError: (error: Error) => {
-        spinner.fail(pc.red(`Error: ${error.message}`));
-        process.exit(1);
-      },
-    });
-    if (result.success) {
-      trackEvent("cli_login_completed", { success: true });
-      spinner.succeed(pc.green("Login successful!"));
-    } else if (result.error) {
-      trackEvent("cli_login_completed", { success: false, reason: currentStatus });
-      if ((currentStatus as string) === "denied") {
-        spinner.fail(pc.red("Authorization denied"));
-      } else if ((currentStatus as string) === "expired") {
-        spinner.fail(pc.red("Code expired. Please try again."));
-      } else {
-        spinner.fail(pc.red(`Error: ${result.error.message}`));
-      }
-      process.exit(1);
-    }
-  } catch (err) {
-    log.error("Login failed", err);
-    trackEvent("cli_login_completed", { success: false });
-    spinner.fail(pc.red(err instanceof Error ? err.message : String(err)));
-    process.exit(1);
-  }
-}

package/commands/logout.ts DELETED Viewed

@@ -1,39 +0,0 @@
-import {
-  clearCachedUserKeys,
-  clearPassword,
-  clearSession,
-  getUserKeyCacheDb,
-  validateSession,
-} from "@repo/auth";
-import { createLogger, trackEvent } from "@repo/logger";
-import ora from "ora";
-import pc from "picocolors";
-const log = createLogger("cli");
-export default async function logout() {
-  const spinner = ora("Checking session...").start();
-  try {
-    const session = await validateSession();
-    if (!session.isValid) {
-      spinner.warn(pc.yellow("Not logged in"));
-      return;
-    }
-    spinner.text = "Logging out...";
-    const userKeyDb = await getUserKeyCacheDb();
-    clearCachedUserKeys(userKeyDb);
-    await clearSession();
-    await clearPassword();
-    trackEvent("cli_logout", { success: true });
-    spinner.succeed(pc.green("Logged out"));
-  } catch (err) {
-    log.error("Logout failed", err);
-    trackEvent("cli_logout", { success: false });
-    const message = err instanceof Error ? err.message : "Failed to logout";
-    spinner.fail(pc.red(`Error: ${message}`));
-    process.exit(1);
-  }
-}

package/commands/projects.ts DELETED Viewed

@@ -1,154 +0,0 @@
-import { validateSession } from "@repo/auth";
-import { trackEvent } from "@repo/logger";
-import ora from "ora";
-import pc from "picocolors";
-import { type Environment, type Folder, getApi, type ProjectListItem } from "../lib/api";
-interface ProjectWithDetails extends ProjectListItem {
-  isShared: boolean;
-  environments: Array<Environment & { folders: Folder[] }>;
-}
-const TREE = {
-  BRANCH: "├── ",
-  LAST_BRANCH: "└── ",
-  VERTICAL: "│   ",
-  EMPTY: "    ",
-} as const;
-function renderProjectTree(projects: ProjectWithDetails[]): void {
-  if (projects.length === 0) {
-    console.log(pc.dim("No projects found"));
-    console.log(pc.dim("Create one at app.relic.so"));
-    return;
-  }
-  console.log(pc.bold("Your Projects"));
-  console.log();
-  for (let projectIndex = 0; projectIndex < projects.length; projectIndex++) {
-    const project = projects[projectIndex]!;
-    const isLastProject = projectIndex === projects.length - 1;
-    const projectPrefix = isLastProject ? TREE.LAST_BRANCH : TREE.BRANCH;
-    const childPrefix = isLastProject ? TREE.EMPTY : TREE.VERTICAL;
-    const badges: string[] = [];
-    if (project.isShared) badges.push("shared");
-    if (project.isArchived) badges.push("archived");
-    const badgeText = badges.length > 0 ? pc.dim(` (${badges.join(", ")})`) : "";
-    const projectName = project.isArchived ? pc.dim(project.name) : pc.bold(project.name);
-    console.log(`${pc.dim(projectPrefix)}${projectName}${badgeText}`);
-    for (let envIndex = 0; envIndex < project.environments.length; envIndex++) {
-      const env = project.environments[envIndex]!;
-      const isLastEnv = envIndex === project.environments.length - 1;
-      const envPrefix = isLastEnv ? TREE.LAST_BRANCH : TREE.BRANCH;
-      const envChildPrefix = isLastEnv ? TREE.EMPTY : TREE.VERTICAL;
-      const envColor = env.color || "white";
-      const colorFn =
-        envColor in pc
-          ? (pc as unknown as Record<string, (s: string) => string>)[envColor]!
-          : (s: string) => s;
-      console.log(`${pc.dim(childPrefix)}${pc.dim(envPrefix)}${colorFn(env.name)}`);
-      for (let folderIndex = 0; folderIndex < env.folders.length; folderIndex++) {
-        const folder = env.folders[folderIndex]!;
-        const isLastFolder = folderIndex === env.folders.length - 1;
-        const folderPrefix = isLastFolder ? TREE.LAST_BRANCH : TREE.BRANCH;
-        console.log(
-          `${pc.dim(childPrefix)}${pc.dim(envChildPrefix)}${pc.dim(folderPrefix)}${pc.dim(`${folder.name}/`)}`,
-        );
-      }
-    }
-  }
-}
-export default async function projects() {
-  const spinner = ora("Connecting...").start();
-  try {
-    const sessionValidation = await validateSession();
-    if (!sessionValidation.isValid || sessionValidation.isExpired) {
-      spinner.stop();
-      console.log(pc.yellow("Not logged in"));
-      console.log(pc.dim("Run `relic login` to authenticate"));
-      return;
-    }
-    const api = getApi();
-    spinner.text = "Fetching projects...";
-    const [ownedProjects, sharedProjects] = await Promise.all([
-      api.listProjects(),
-      api.listSharedProjects(),
-    ]);
-    const allProjects: ProjectWithDetails[] = [
-      ...ownedProjects.map((p) => ({
-        ...p,
-        isShared: false,
-        environments: [] as Array<Environment & { folders: Folder[] }>,
-      })),
-      ...sharedProjects.map((p) => ({
-        ...p,
-        isShared: true,
-        environments: [] as Array<Environment & { folders: Folder[] }>,
-      })),
-    ];
-    spinner.text = "Fetching environments...";
-    const projectsWithEnvs = await Promise.all(
-      allProjects.map(async (project) => {
-        try {
-          const environments = await api.getProjectEnvironments(project.id);
-          return {
-            ...project,
-            environments: environments.map((e) => ({ ...e, folders: [] as Folder[] })),
-          };
-        } catch {
-          return { ...project, environments: [] };
-        }
-      }),
-    );
-    spinner.text = "Fetching folders...";
-    const projectsWithFolders = await Promise.all(
-      projectsWithEnvs.map(async (project) => {
-        const environmentsWithFolders = await Promise.all(
-          project.environments.map(async (env) => {
-            try {
-              const data = await api.getEnvironmentData(env.id);
-              return { ...env, folders: data.folders };
-            } catch {
-              return { ...env, folders: [] };
-            }
-          }),
-        );
-        return { ...project, environments: environmentsWithFolders };
-      }),
-    );
-    trackEvent("cli_command_executed", { command: "projects", count: projectsWithFolders.length });
-    spinner.stop();
-    renderProjectTree(projectsWithFolders);
-  } catch (err) {
-    const message = err instanceof Error ? err.message : "Failed to fetch projects";
-    // Handle auth-related errors more gracefully
-    if (
-      message.includes("Not authenticated") ||
-      message.includes("JWT") ||
-      message.includes("token")
-    ) {
-      spinner.stop();
-      console.log(pc.yellow("Not logged in"));
-      console.log(pc.dim("Run `relic login` to authenticate"));
-      return;
-    }
-    spinner.fail(pc.red(`Error: ${message}`));
-    process.exit(1);
-  }
-}

package/commands/run.api-key.test.ts DELETED Viewed

@@ -1,240 +0,0 @@
-import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
-import type { CachedUserKeys } from "@repo/auth";
-import type { RunOptions } from "./run";
-const userKeyState: { value: CachedUserKeys | null } = { value: null };
-const mockGetCachedUserKeys = mock(() => userKeyState.value);
-const mockCacheUserKeys = mock((_db: unknown, keys: CachedUserKeys) => {
-  userKeyState.value = keys;
-});
-const mockClearCachedUserKeys = mock(() => {
-  userKeyState.value = null;
-});
-const mockGetPasswordFromStorage = mock(() => Promise.resolve("test-password"));
-const mockGetUserKeyCacheDb = mock(() => Promise.resolve({}));
-const mockExportSecretsViaApiKey = mock(() =>
-  Promise.resolve({
-    secrets: [{ key: "API_KEY", encryptedValue: "enc_val_1" }],
-    count: 1,
-    encryptedProjectKey: "enc_project_key",
-    environmentId: "env_123",
-    folderId: null,
-  }),
-);
-const mockFetchUserKeysViaApiKey = mock(() =>
-  Promise.resolve({
-    encryptedPrivateKey: "fresh_encrypted_private_key",
-    salt: "fresh_salt",
-    publicKey: "fresh_public_key",
-  }),
-);
-const mockDecryptSecrets = mock(() =>
-  Promise.resolve([{ key: "API_KEY", value: "decrypted-value" }]),
-);
-const mockUnwrapProjectKey = mock(() =>
-  Promise.resolve("mock_project_key" as unknown as CryptoKey),
-);
-mock.module("@repo/auth", () => ({
-  cacheUserKeys: mockCacheUserKeys,
-  clearCachedUserKeys: mockClearCachedUserKeys,
-  getCachedUserKeys: mockGetCachedUserKeys,
-  getPasswordFromStorage: mockGetPasswordFromStorage,
-  getUserKeyCacheDb: mockGetUserKeyCacheDb,
-  hasPassword: mock(() => Promise.resolve(true)),
-  validateSession: mock(() => Promise.resolve({ isValid: true, isExpired: false })),
-}));
-class ProPlanRequiredError extends Error {
-  upgradeUrl: string;
-  constructor(message: string, upgradeUrl: string) {
-    super(message);
-    this.name = "ProPlanRequiredError";
-    this.upgradeUrl = upgradeUrl;
-  }
-}
-mock.module("../lib/api", () => ({
-  exportSecretsViaApiKey: mockExportSecretsViaApiKey,
-  fetchUserKeysViaApiKey: mockFetchUserKeysViaApiKey,
-  getApi: mock(() => ({})),
-  ProPlanRequiredError,
-}));
-mock.module("../lib/crypto", () => ({
-  decryptSecrets: mockDecryptSecrets,
-  getProjectKey: mock(() => Promise.resolve("unused_project_key")),
-  ProjectKeyError: class ProjectKeyError extends Error {
-    code: string;
-    constructor(message: string, code: string) {
-      super(message);
-      this.code = code;
-    }
-  },
-}));
-mock.module("@repo/crypto", () => ({
-  unwrapProjectKey: mockUnwrapProjectKey,
-}));
-const { prepareSecretsWithApiKey } = await import("./run");
-const DEFAULT_OPTIONS: RunOptions = {
-  environment: "development",
-};
-describe("prepareSecretsWithApiKey", () => {
-  beforeEach(() => {
-    process.env.RELIC_API_KEY = "test-api-key";
-    userKeyState.value = null;
-    mockGetCachedUserKeys.mockClear();
-    mockCacheUserKeys.mockClear();
-    mockClearCachedUserKeys.mockClear();
-    mockGetPasswordFromStorage.mockClear();
-    mockGetUserKeyCacheDb.mockClear();
-    mockExportSecretsViaApiKey.mockClear();
-    mockFetchUserKeysViaApiKey.mockClear();
-    mockDecryptSecrets.mockClear();
-    mockUnwrapProjectKey.mockClear();
-    mockGetPasswordFromStorage.mockImplementation(() => Promise.resolve("test-password"));
-    mockExportSecretsViaApiKey.mockImplementation(() =>
-      Promise.resolve({
-        secrets: [{ key: "API_KEY", encryptedValue: "enc_val_1" }],
-        count: 1,
-        encryptedProjectKey: "enc_project_key",
-        environmentId: "env_123",
-        folderId: null,
-      }),
-    );
-    mockFetchUserKeysViaApiKey.mockImplementation(() =>
-      Promise.resolve({
-        encryptedPrivateKey: "fresh_encrypted_private_key",
-        salt: "fresh_salt",
-        publicKey: "fresh_public_key",
-      }),
-    );
-    mockDecryptSecrets.mockImplementation(() =>
-      Promise.resolve([{ key: "API_KEY", value: "decrypted-value" }]),
-    );
-    mockUnwrapProjectKey.mockImplementation(() =>
-      Promise.resolve("mock_project_key" as unknown as CryptoKey),
-    );
-  });
-  afterEach(() => {
-    delete process.env.RELIC_API_KEY;
-  });
-  test("retries with fresh keys when cached API-key keys are stale", async () => {
-    userKeyState.value = {
-      encryptedPrivateKey: "stale_encrypted_private_key",
-      salt: "stale_salt",
-      keysUpdatedAt: 1,
-    };
-    let unwrapCalls = 0;
-    mockUnwrapProjectKey.mockImplementation(() => {
-      unwrapCalls++;
-      if (unwrapCalls === 1) {
-        return Promise.reject(new Error("Failed to unwrap project key"));
-      }
-      return Promise.resolve("mock_project_key" as unknown as CryptoKey);
-    });
-    const result = await prepareSecretsWithApiKey("project_123", DEFAULT_OPTIONS);
-    expect(mockClearCachedUserKeys).toHaveBeenCalledTimes(1);
-    expect(mockFetchUserKeysViaApiKey).toHaveBeenCalledTimes(1);
-    expect(mockUnwrapProjectKey).toHaveBeenCalledTimes(2);
-    expect(mockUnwrapProjectKey).toHaveBeenNthCalledWith(
-      1,
-      "enc_project_key",
-      "stale_encrypted_private_key",
-      "test-password",
-      "stale_salt",
-    );
-    expect(mockUnwrapProjectKey).toHaveBeenNthCalledWith(
-      2,
-      "enc_project_key",
-      "fresh_encrypted_private_key",
-      "test-password",
-      "fresh_salt",
-    );
-    expect(userKeyState.value?.encryptedPrivateKey).toBe("fresh_encrypted_private_key");
-    expect(userKeyState.value?.salt).toBe("fresh_salt");
-    expect(result.secrets).toEqual({ API_KEY: "decrypted-value" });
-  });
-  test("does not retry when keys are not from cache", async () => {
-    userKeyState.value = null;
-    mockUnwrapProjectKey.mockImplementation(() =>
-      Promise.reject(new Error("Failed to unwrap project key")),
-    );
-    await expect(prepareSecretsWithApiKey("project_123", DEFAULT_OPTIONS)).rejects.toThrow(
-      "Failed to unwrap project key",
-    );
-    // first fetch is for normal key resolution; there should be no extra fetch for retry
-    expect(mockFetchUserKeysViaApiKey).toHaveBeenCalledTimes(1);
-    expect(mockClearCachedUserKeys).not.toHaveBeenCalled();
-    expect(mockUnwrapProjectKey).toHaveBeenCalledTimes(1);
-  });
-  test("bubbles error when retry with fresh keys also fails", async () => {
-    userKeyState.value = {
-      encryptedPrivateKey: "stale_encrypted_private_key",
-      salt: "stale_salt",
-      keysUpdatedAt: 1,
-    };
-    mockUnwrapProjectKey.mockImplementation(() =>
-      Promise.reject(new Error("Failed to unwrap project key")),
-    );
-    await expect(prepareSecretsWithApiKey("project_123", DEFAULT_OPTIONS)).rejects.toThrow(
-      "Failed to unwrap project key",
-    );
-    expect(mockClearCachedUserKeys).toHaveBeenCalledTimes(1);
-    expect(mockFetchUserKeysViaApiKey).toHaveBeenCalledTimes(1);
-    expect(mockUnwrapProjectKey).toHaveBeenCalledTimes(2);
-  });
-  test("propagates ProPlanRequiredError from export", async () => {
-    mockExportSecretsViaApiKey.mockImplementation(() =>
-      Promise.reject(
-        new ProPlanRequiredError(
-          "API keys require a Pro plan.",
-          "https://relic.so/dashboard?action=upgrade",
-        ),
-      ),
-    );
-    const err = await prepareSecretsWithApiKey("project_123", DEFAULT_OPTIONS).catch((e) => e);
-    expect(err).toBeInstanceOf(ProPlanRequiredError);
-    expect(err.message).toBe("API keys require a Pro plan.");
-    expect(err.upgradeUrl).toBe("https://relic.so/dashboard?action=upgrade");
-  });
-  test("propagates ProPlanRequiredError from user keys fetch", async () => {
-    mockFetchUserKeysViaApiKey.mockImplementation(() =>
-      Promise.reject(
-        new ProPlanRequiredError(
-          "API keys require a Pro plan.",
-          "https://relic.so/dashboard?action=upgrade",
-        ),
-      ),
-    );
-    const err = await prepareSecretsWithApiKey("project_123", DEFAULT_OPTIONS).catch((e) => e);
-    expect(err).toBeInstanceOf(ProPlanRequiredError);
-    expect(err.upgradeUrl).toBe("https://relic.so/dashboard?action=upgrade");
-  });
-});