run402 1.67.0 → 1.68.0

package/README.md

@@ -57,7 +57,7 @@ run402 projects schema <id>                              # introspect tables + R
 
 ```bash
 run402 sites deploy-dir ./dist                # incremental upload (plan/commit transport)
-run402 deploy --manifest app.json             # one-call full stack deploy
+run402 deploy apply --manifest app.json       # one-call full stack deploy
 run402 deploy release active                  # inspect current-live release inventory
 run402 deploy release diff --from empty --to active
 run402 deploy diagnose --project prj_123 https://example.com/events --method GET

package/cli.mjs

@@ -25,7 +25,7 @@ Commands:
   allowance   Manage your agent allowance (create, fund, balance, status)
   tier        Manage tier subscription (status, set)
   projects    Manage projects (provision, list, query, inspect, delete)
-  deploy      Deploy a full-stack app or static site (requires active tier)
+  deploy      Unified deploy operations (requires active tier)
   ci          Link GitHub Actions OIDC deploy bindings
   functions   Manage serverless functions (deploy, invoke, logs, list, delete)
   secrets     Manage project secrets (set, list, delete)
@@ -51,7 +51,7 @@ Run 'run402 <command> --help' for detailed usage of each command.
 Examples:
   run402 allowance create
   run402 allowance fund
-  run402 deploy --manifest app.json
+  run402 deploy apply --manifest app.json
   run402 projects list
   run402 projects sql <project_id> "SELECT * FROM users LIMIT 5"
   run402 functions deploy <project_id> my-fn --file handler.ts
@@ -62,7 +62,7 @@ Getting started:
   run402 init               Set up with x402 (Base Sepolia)
   run402 init mpp           Set up with MPP (Tempo Moderato)
   run402 tier set prototype  Subscribe to a tier
-  run402 deploy --manifest app.json
+  run402 deploy apply --manifest app.json
   run402 ci link github --project prj_... --manifest run402.deploy.json
 `;
 

package/lib/deploy-v2.mjs

@@ -2,10 +2,6 @@
  * `run402 deploy apply` and `run402 deploy resume` — CLI wrappers over the
  * unified deploy primitive (`r.deploy.apply` / `r.deploy.resume`).
  *
- * The legacy `run402 deploy --manifest …` command is preserved in
- * `cli/lib/deploy.mjs` and continues to work; this file adds the new
- * subcommand surface.
- *
  * Manifest format mirrors the MCP `deploy` tool's input schema:
  *   {
  *     "project_id": "...",
@@ -19,9 +15,8 @@
  *     "idempotency_key": "..."
  *   }
  *
- * File entries: `{ "data": "...", "encoding": "utf-8" | "base64", "contentType": "..." }`
- * — same shape used by `bundle_deploy`. UTF-8 is the default; binary files
- * pass `"encoding": "base64"`.
+ * File entries: `{ "data": "...", "encoding": "utf-8" | "base64", "contentType": "..." }`.
+ * UTF-8 is the default; binary files pass `"encoding": "base64"`.
  */
 
 import { readFileSync } from "node:fs";
@@ -315,8 +310,7 @@ async function applyCmd(args) {
   // GH-232: Reject empty specs client-side. Without this guard,
   // `run402 deploy apply --spec '{}'` (and `--manifest <empty>`) would silently
   // send an empty ReleaseSpec to /deploy/v2/plans with no signal that nothing
-  // was deployed. This mirrors the GH-185 guard already in place for the
-  // legacy `run402 deploy --manifest` path.
+  // was deployed.
   //
   // `deploy apply` is v2-only — only meaningful keys are the v2 ReleaseSpec
   // shape (database, site, functions, secrets, subdomains, domains).
@@ -797,9 +791,9 @@ async function releaseGetCmd(args) {
   const project = resolveProjectId(opts.project);
 
   try {
-    const sdkOpts = { project };
+    const sdkOpts = { project, releaseId: opts.releaseId };
     if (opts.siteLimit !== null) sdkOpts.siteLimit = opts.siteLimit;
-    const release = await getSdk().deploy.getRelease(opts.releaseId, sdkOpts);
+    const release = await getSdk().deploy.getRelease(sdkOpts);
     console.log(JSON.stringify({ status: "ok", release }, null, 2));
   } catch (err) {
     reportSdkError(err);

package/lib/deploy.mjs

@@ -1,317 +1,52 @@
-import { readFileSync } from "fs";
-import { dirname, resolve } from "path";
-import { resolveProjectId } from "./config.mjs";
-import { resolveFilePathsInManifest, resolveMigrationsFile } from "./manifest.mjs";
-import { getSdk } from "./sdk.mjs";
-import { reportSdkError, fail } from "./sdk-errors.mjs";
-import { normalizeDeployManifest } from "#sdk/node";
+import { fail } from "./sdk-errors.mjs";
 
-const HELP = `run402 deploy — Deploy to an existing project on Run402
+const HELP = `run402 deploy — Unified deploy operations
 
 Usage:
-  run402 deploy [options]
-  cat manifest.json | run402 deploy [options]
+  run402 deploy <subcommand> [options]
 
-Options:
-  --manifest <file>    Path to manifest JSON file  (default: read from stdin)
-  --project <id>       Project ID to deploy to     (default: active project)
-  --help, -h           Show this help message
+Subcommands:
+  apply --manifest <file>       Apply a v2 ReleaseSpec manifest
+  resume <operation_id>         Resume a stuck operation
+  list [--project <id>]         List recent deploy operations
+  events <operation_id>         Fetch event stream for an operation
+  diagnose <url>                Diagnose public URL routing
+  resolve --url <url>           Low-level resolve diagnostics
+  release ...                   Inspect release inventory and diffs
 
-Subcommands (recommended for new manifests):
-  run402 deploy apply --manifest <file>     unified deploy primitive (v1.34+)
-  run402 deploy resume <operation_id>       resume a stuck operation
-  run402 deploy list [--project <id>]       list recent deploy operations
-  run402 deploy events <operation_id>       fetch event stream for an operation
-  run402 deploy diagnose <url>              diagnose public URL routing
-  run402 deploy resolve --url <url>         low-level resolve diagnostics
-  run402 deploy release ...                 inspect release inventory and diffs
+Examples:
+  run402 deploy apply --manifest app.json
+  run402 deploy resume op_123
+  run402 deploy release active --project prj_123
 
-Manifest format (JSON, v2 ReleaseSpec — recommended):
+Manifest sketch:
   {
-    "project_id": "prj_...",
     "database": {
-      "migrations": [
-        { "id": "001_init", "sql": "CREATE TABLE IF NOT EXISTS items (...)" }
-      ],
-      "expose": {
-        "version": "1",
-        "tables": [
-          { "name": "items", "expose": true, "policy": "public_read_authenticated_write" }
-        ]
-      }
+      "migrations": [{ "id": "001_init", "sql_path": "schema.sql" }]
+    },
+    "site": {
+      "replace": { "index.html": { "path": "dist/index.html" } }
     },
-    "secrets":   { "require": ["OPENAI_API_KEY"], "delete": ["OLD_KEY"] },
     "functions": {
       "replace": {
         "api": {
           "runtime": "node22",
-          "source": { "data": "export default async (req) => new Response('ok')" }
+          "source": { "path": "api.mjs" }
         }
       }
     },
-    "site": {
-      "replace": {
-        "index.html": { "data": "<!doctype html><html>...</html>" },
-        "assets/logo.png": { "data": "iVBORw0KGgo...", "encoding": "base64" }
-      }
-    },
+    "secrets": { "require": ["OPENAI_API_KEY"] },
     "subdomains": { "set": ["my-app"] }
   }
-
-  project_id is required (provision first with 'run402 provision').
-  All other fields are optional. Top-level absence = "leave untouched".
-
-  Source of truth for the v2 ReleaseSpec shape:
-    https://run402.com/llms-cli.txt  (search for "Unified Deploy")
-
-  Replace vs patch semantics per resource:
-    "site": { "replace": {...} }        whole-site (omitted files removed)
-    "site": { "patch": { "put": {...}, "delete": [...] } }   surgical updates
-  Same for "functions". Secrets are value-free declarations:
-    "secrets": { "require": ["OPENAI_API_KEY"], "delete": ["OLD_KEY"] }
-  Secret values must be set outside deploy manifests with:
-    run402 secrets set prj_... OPENAI_API_KEY --file ./.secrets/openai-key
-  Migrations are always additive (each is keyed by id; re-shipping the same
-  id+sql is a registry noop, same id with different sql is a hard
-  MIGRATION_CHECKSUM_MISMATCH error).
-
-  File entries accept inline "data", a local "path", or a "sql_path"
-  (migrations only) — paths are resolved relative to the manifest file's
-  directory. Binary files (images, fonts, PDFs) take "encoding": "base64";
-  text defaults to UTF-8.
-
-  Authorization (database.expose):
-    Tables are dark by default — anon/authenticated can't read them until
-    you declare them via "database.expose". Per-table policies:
-      user_owns_rows                    users see only their own rows.
-                                        Requires "owner_column"; with
-                                        "force_owner_on_insert": true the
-                                        gateway sets it from auth.uid()
-                                        automatically.
-      public_read_authenticated_write   anyone reads; any authenticated
-                                        user can INSERT/UPDATE/DELETE any
-                                        row (not just their own).
-      public_read_write_UNRESTRICTED    ⚠  fully open — anon_key reads AND
-                                        writes. REQUIRES
-                                        "i_understand_this_is_unrestricted":
-                                        true on the table entry.
-      custom                            escape hatch. Provide "custom_sql"
-                                        with CREATE POLICY statements.
-  Schema for the expose section: https://run402.com/schemas/manifest.v1.json
-
-  ⚠️  Without an "expose" entry, tables are unreachable via anon_key.
-
-Legacy v1 bundle format (still accepted via compatibility shim):
-  Existing manifests with top-level "migrations" (string), "functions" (array),
-  "files" (array), "subdomain" (string), and the
-  "files[].file/data/path" + inline "manifest.json" entry continue to work —
-  the SDK translates them into a v2 ReleaseSpec under the hood. Prefer the
-  v2 shape above for new manifests; the legacy form is preserved for the
-  deprecation window so existing scripts don't break. Legacy file manifests
-  with secret values no longer deploy: run 'run402 secrets set' first, then
-  use 'run402 deploy apply' with 'secrets.require'.
-
-  "migrations_file": "setup.sql"   (legacy convenience) reads SQL from disk
-  relative to the manifest file. Useful when JSONB literals make inline
-  strings painful. Still supported on the legacy code path.
-
-Examples:
-  run402 deploy --manifest app.json
-  run402 deploy --manifest app.json --project prj_123_1
-  cat app.json | run402 deploy
-  run402 deploy apply --manifest app.json   # unified primitive (recommended)
-
-Prerequisites:
-  - run402 init                     Set up allowance and funding
-  - run402 tier set prototype       Subscribe to a tier
-  - run402 provision                Provision a project first
-
-Notes:
-  - Routes through the unified deploy primitive (POST /deploy/v2/plans);
-    bytes ride through the CAS substrate, only changed files get uploaded.
-  - Requires an active tier subscription (run402 tier set <tier>)
-  - Provision a project first with 'run402 provision', then deploy to it
-  - Use 'run402 projects list' to see all provisioned projects
 `;
 
-async function readStdin() {
-  const chunks = [];
-  for await (const chunk of process.stdin) chunks.push(chunk);
-  return Buffer.concat(chunks).toString("utf-8");
-}
-
-/**
- * Load + parse the manifest from --manifest file or stdin, and resolve any
- * referenced files[].path / migrations_file against the manifest's directory.
- *
- * Returns the parsed manifest on success. On any fs / parse failure, calls
- * `fail()` (which writes the canonical error envelope to stderr and exits 1).
- */
-async function loadManifest(opts) {
-  let raw;
-  let baseDir = null;
-
-  if (opts.manifest) {
-    const manifestAbs = resolve(opts.manifest);
-    baseDir = dirname(manifestAbs);
-    try {
-      raw = readFileSync(opts.manifest, "utf-8");
-    } catch (err) {
-      if (err && err.code === "ENOENT") {
-        fail({
-          code: "BAD_USAGE",
-          message: `File not found: ${manifestAbs}`,
-          hint: "Check that --manifest points to an existing JSON file.",
-          details: { field: "manifest", path: manifestAbs },
-        });
-      }
-      fail({
-        code: "BAD_USAGE",
-        message: err && err.message ? err.message : String(err),
-        details: { field: "manifest", path: manifestAbs, ...(err && err.code ? { syscall_code: err.code } : {}) },
-      });
-    }
-  } else {
-    raw = await readStdin();
-  }
-
-  let manifest;
-  try {
-    manifest = JSON.parse(raw);
-  } catch (err) {
-    fail({
-      code: "BAD_USAGE",
-      message: `Manifest is not valid JSON: ${err.message}`,
-      details: {
-        field: opts.manifest ? "manifest" : "stdin",
-        ...(opts.manifest ? { path: resolve(opts.manifest) } : {}),
-        parse_error: err.message,
-      },
-    });
-  }
-
-  // GH-185: Reject empty manifests client-side. Without this guard,
-  // `echo '{}' | run402 deploy` silently succeeds against the gateway with
-  // no signal that nothing was deployed. The MCP `deploy` tool was hardened
-  // for the same class of bug in #133; this is the CLI-side analog.
-  //
-  // "Meaningful" = at least one of these keys exists with non-empty content.
-  // We accept both shapes because this CLI path receives v1 manifests
-  // (translated by the bundleDeploy shim) and may also receive v2 manifests.
-  //   v1: migrations, migrations_file, secrets, functions, files, subdomain
-  //   v2: database, site, functions, secrets, subdomains, domains
-  // For object-typed v2 sections (site, database, functions, secrets,
-  // subdomains, domains) the "container is non-empty" check isn't enough —
-  // `site:{replace:{}}` has one key but ships nothing. We recurse one level
-  // so any object whose own values are all empty containers is still empty.
-  const meaningfulV1 = ["migrations", "migrations_file", "secrets", "functions", "files", "subdomain"];
-  const meaningfulV2 = ["database", "site", "functions", "secrets", "subdomains", "domains"];
-  const meaningful = [...new Set([...meaningfulV1, ...meaningfulV2])];
-
-  function hasContent(v) {
-    if (v == null) return false;
-    if (Array.isArray(v)) return v.length > 0;
-    if (typeof v === "object") {
-      const keys = Object.keys(v);
-      if (keys.length === 0) return false;
-      return keys.some((k) => hasContent(v[k]));
-    }
-    if (typeof v === "string") return v.length > 0;
-    return true;
-  }
-
-  const hasMeaningfulContent = manifest && typeof manifest === "object" && !Array.isArray(manifest) && meaningful.some((key) => hasContent(manifest[key]));
-  if (!hasMeaningfulContent) {
-    fail({
-      code: "MANIFEST_EMPTY",
-      message: `Manifest contains no deployable sections. Expected at least one of: ${meaningful.join(", ")}`,
-      hint: "Did you mean to write a 'site.replace' or 'database.migrations' block? See https://run402.com/schemas/manifest.v1.json",
-      details: {
-        field: opts.manifest ? "manifest" : "stdin",
-        ...(opts.manifest ? { path: resolve(opts.manifest) } : {}),
-        meaningful_keys: meaningful,
-      },
-    });
-  }
-
-  rejectUnsafeSecretManifest(manifest, {
-    source: opts.manifest ? "manifest" : "stdin",
-    ...(opts.manifest ? { path: resolve(opts.manifest) } : {}),
-  });
-
-  if (opts.manifest) {
-    try {
-      resolveMigrationsFile(manifest, baseDir);
-      resolveFilePathsInManifest(manifest, baseDir);
-    } catch (err) {
-      if (err && err.code === "ENOENT") {
-        fail({
-          code: "BAD_USAGE",
-          message: `File not found: ${err.absPath || err.path || "<unknown>"}`,
-          hint: `Paths in manifest.${err.field || "files[].path"} are resolved relative to the manifest file's directory (${baseDir}).`,
-          details: {
-            field: err.field || "manifest",
-            ...(err.absPath || err.path ? { path: err.absPath || err.path } : {}),
-          },
-        });
-      }
-      fail({
-        code: "BAD_USAGE",
-        message: err && err.message ? err.message : String(err),
-        details: {
-          ...(err && err.field ? { field: err.field } : {}),
-          ...(err && (err.absPath || err.path) ? { path: err.absPath || err.path } : {}),
-          ...(err && err.code ? { syscall_code: err.code } : {}),
-        },
-      });
-    }
-  }
-
-  return manifest;
-}
-
-function rejectUnsafeSecretManifest(manifest, details) {
-  if (!manifest || typeof manifest !== "object" || Array.isArray(manifest)) return;
-  const secrets = manifest.secrets;
-  if (secrets === undefined) return;
-  if (Array.isArray(secrets) && secrets.length > 0) {
-    fail({
-      code: "UNSAFE_SECRET_MANIFEST",
-      message: "Deploy manifests must not contain secret values. Legacy top-level secrets arrays are no longer supported.",
-      hint: "Run `run402 secrets set <project> <KEY> --file <path>` first, then use `run402 deploy apply` with `\"secrets\": { \"require\": [\"KEY\"] }`.",
-      details: { ...details, field: "secrets", legacy_shape: "array" },
-    });
-  }
-  if (!secrets || typeof secrets !== "object" || Array.isArray(secrets)) return;
-  if (Object.prototype.hasOwnProperty.call(secrets, "set")) {
-    fail({
-      code: "UNSAFE_SECRET_MANIFEST",
-      message: "Deploy manifests must not use secrets.set. Secret values are write-only and must be set outside deploy specs.",
-      hint: "Run `run402 secrets set <project> <KEY> --file <path>` first, then deploy with `\"secrets\": { \"require\": [\"KEY\"] }`.",
-      details: { ...details, field: "secrets.set" },
-    });
-  }
-  if (Object.prototype.hasOwnProperty.call(secrets, "replace_all")) {
-    fail({
-      code: "UNSAFE_SECRET_MANIFEST",
-      message: "Deploy manifests must not use secrets.replace_all. Exact replacement is not representable in the value-free deploy contract.",
-      hint: "Use `secrets.require` for keys that must exist and `secrets.delete` for explicit removals.",
-      details: { ...details, field: "secrets.replace_all" },
-    });
-  }
-}
-
 export async function run(args) {
-  // Subcommand dispatch (v1.34+):
-  //   run402 deploy apply  ...    → unified deploy primitive (deploy.apply)
-  //   run402 deploy resume <op>   → resume an activation_pending operation
-  //   run402 deploy list          → list recent deploy operations
-  //   run402 deploy events <op>   → fetch recorded event stream for an operation
-  //   run402 deploy diagnose ...  → URL-first public diagnostics
-  //   run402 deploy resolve ...   → lower-level resolve endpoint parity
-  //   run402 deploy release ...   → release inventory/diff observability
-  //   run402 deploy --manifest …  → legacy bundle deploy (routes through v2)
   const sub = args[0];
+  if (!sub || sub === "--help" || sub === "-h") {
+    console.log(HELP);
+    process.exit(0);
+  }
+
   switch (sub) {
     case "apply":
     case "resume":
@@ -324,78 +59,12 @@ export async function run(args) {
       await runDeployV2(sub, args.slice(1));
       return;
     }
-  }
-
-  const opts = { manifest: null, project: null };
-  for (let i = 0; i < args.length; i++) {
-    if (args[i] === "--help" || args[i] === "-h") { console.log(HELP); process.exit(0); }
-    if (args[i] === "--manifest" && args[i + 1]) opts.manifest = args[++i];
-    if (args[i] === "--project" && args[i + 1]) opts.project = args[++i];
-  }
-
-  const manifest = await loadManifest(opts);
-
-  // If both sources set project_id and they disagree, refuse to deploy rather
-  // than silently shipping to the wrong target.
-  if (opts.project && manifest.project_id && opts.project !== manifest.project_id) {
-    fail({
-      code: "BAD_USAGE",
-      message: `project_id conflict: manifest.project_id=${manifest.project_id} but --project=${opts.project}`,
-      hint: "Remove one of them or make them match. The --project flag and manifest.project_id must agree (or only one of them must be set).",
-      details: {
-        manifest_project_id: manifest.project_id,
-        flag_project_id: opts.project,
-      },
-    });
-  }
-
-  if (opts.project) manifest.project_id = opts.project;
-  if (!manifest.project_id) {
-    manifest.project_id = resolveProjectId(null);
-  }
-
-  const projectId = manifest.project_id;
-  delete manifest.name;
-
-  if (isV2Manifest(manifest)) {
-    try {
-      const normalized = await normalizeDeployManifest(manifest, {
-        baseDir: opts.manifest ? dirname(resolve(opts.manifest)) : process.cwd(),
-      });
-      const result = await getSdk().deploy.apply(normalized.spec, {
-        idempotencyKey: normalized.idempotencyKey,
+    default:
+      fail({
+        code: "BAD_USAGE",
+        message: `Unknown deploy subcommand: ${sub}`,
+        hint: "Use `run402 deploy apply --manifest <file>` for deployments.",
+        details: { subcommand: sub },
       });
-      console.log(JSON.stringify({ project_id: projectId, ...result }, null, 2));
-    } catch (err) {
-      reportSdkError(err);
-    }
-    return;
-  }
-
-  // Strip fields that aren't part of the bundleDeploy contract.
-  delete manifest.project_id;
-  delete manifest.migrations_file;
-
-  try {
-    const result = await getSdk().apps.bundleDeploy(projectId, manifest);
-    console.log(JSON.stringify(result, null, 2));
-  } catch (err) {
-    reportSdkError(err);
-  }
-}
-
-function isV2Manifest(manifest) {
-  if (!manifest || typeof manifest !== "object" || Array.isArray(manifest)) return false;
-  if (manifest.database !== undefined) return true;
-  if (manifest.site !== undefined) return true;
-  if (manifest.subdomains !== undefined) return true;
-  if (manifest.routes !== undefined) return true;
-  if (manifest.checks !== undefined) return true;
-  if (manifest.secrets && typeof manifest.secrets === "object" && !Array.isArray(manifest.secrets)) {
-    return true;
-  }
-  if (manifest.functions && typeof manifest.functions === "object" && !Array.isArray(manifest.functions)) {
-    return true;
   }
-  return false;
 }

package/lib/domains.mjs

@@ -9,7 +9,7 @@ Usage:
 
 Subcommands:
   add    <domain> <subdomain_name> [--project <id>]   Register a custom domain
-  list   [<id>] | list --project <id>                  List custom domains for a project
+  list   [--project <id>]                              List custom domains for a project
   status <domain> [--project <id>]                     Check domain DNS/SSL status
   delete <domain> --confirm [--project <id>]           Release a custom domain. Requires --confirm.
 
@@ -51,14 +51,14 @@ Examples:
   list: `run402 domains list — List custom domains for a project
 
 Usage:
-  run402 domains list [<id>]
+  run402 domains list [--project <id>]
 
 Arguments:
   <id>                Project ID (defaults to the active project)
 
 Examples:
   run402 domains list
-  run402 domains list prj_abc123
+  run402 domains list --project prj_abc123
 `,
   status: `run402 domains status — Check DNS/SSL status of a custom domain
 
@@ -127,11 +127,14 @@ async function add(args) {
 async function list(args) {
   const argList = Array.isArray(args) ? args : [];
   const { project, rest } = parseProjectFlag(argList);
-  // Either --project <id> or a positional id is accepted; --project wins
-  // when both are supplied. Falls back to the active project when neither
-  // is given. Keeps backward-compat with the legacy `domains list <id>`
-  // form (GH-209).
-  const projectId = resolveProjectId(project || rest[0]);
+  if (rest.length > 0) {
+    fail({
+      code: "BAD_USAGE",
+      message: `Unexpected argument for domains list: ${rest[0]}`,
+      hint: "Use `run402 domains list --project <id>`.",
+    });
+  }
+  const projectId = resolveProjectId(project);
   try {
     const data = await getSdk().domains.list(projectId);
     console.log(JSON.stringify(data, null, 2));

package/lib/init.mjs

@@ -243,11 +243,11 @@ export async function run(args = []) {
   write("");
   const nextStep = (!tierInfo || !tierInfo.tier || !tierInfo.active)
     ? "run402 tier set prototype"
-    : "run402 deploy --manifest app.json";
+    : "run402 deploy apply --manifest app.json";
   if (!tierInfo || !tierInfo.tier || !tierInfo.active) {
     write("  Next: run402 tier set prototype");
   } else {
-    write("  Ready to deploy. Run: run402 deploy --manifest app.json");
+    write("  Ready to deploy. Run: run402 deploy apply --manifest app.json");
   }
   write("");
   summary.next_step = nextStep;

package/lib/manifest.mjs

@@ -6,35 +6,6 @@ const TEXT_EXTS = new Set([
   ".json", ".svg", ".xml", ".txt", ".md", ".yaml", ".yml", ".toml", ".csv",
 ]);
 
-/**
- * If the manifest has `migrations_file` instead of (or in addition to) `migrations`,
- * read the SQL from that file path and set `migrations` to its contents.
- * `migrations_file` is resolved relative to `baseDir`.
- *
- * On read failure, re-throws the underlying fs error with additional context
- * attached:
- *   err.field = "migrations_file"
- *   err.absPath = <absolute path that was attempted>
- * (the original Error.code / Error.message / Error.path are preserved).
- *
- * @param {object} manifest  Parsed manifest JSON (mutated in place)
- * @param {string} baseDir   Directory to resolve relative paths from
- * @returns {object}         The same manifest object
- */
-export function resolveMigrationsFile(manifest, baseDir) {
-  if (!manifest.migrations_file) return manifest;
-  const abs = resolve(baseDir, manifest.migrations_file);
-  try {
-    manifest.migrations = readFileSync(abs, "utf-8");
-  } catch (err) {
-    err.field = "migrations_file";
-    err.absPath = abs;
-    throw err;
-  }
-  delete manifest.migrations_file;
-  return manifest;
-}
-
 /**
  * Resolve `path` fields in a manifest's files array.
  *

package/lib/manifest.test.mjs

@@ -3,7 +3,7 @@ import assert from "node:assert/strict";
 import { mkdtempSync, writeFileSync, rmSync } from "node:fs";
 import { join } from "node:path";
 import { tmpdir } from "node:os";
-import { resolveFilePathsInManifest, resolveMigrationsFile } from "./manifest.mjs";
+import { resolveFilePathsInManifest } from "./manifest.mjs";
 
 let tempDir;
 
@@ -13,7 +13,6 @@ before(() => {
   writeFileSync(join(tempDir, "index.html"), "<!DOCTYPE html><html><body>Hello</body></html>");
   writeFileSync(join(tempDir, "style.css"), "body { margin: 0; }");
   writeFileSync(join(tempDir, "logo.png"), Buffer.from([0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a])); // PNG header
-  writeFileSync(join(tempDir, "setup.sql"), "CREATE TABLE items (id serial PRIMARY KEY, data jsonb);\nINSERT INTO items (data) VALUES ('[{\"x\":0.5}]');");
 });
 
 after(() => {
@@ -89,40 +88,3 @@ describe("resolveFilePathsInManifest", () => {
     );
   });
 });
-
-describe("resolveMigrationsFile", () => {
-  it("reads SQL from migrations_file and sets migrations", () => {
-    const manifest = { migrations_file: "setup.sql" };
-    resolveMigrationsFile(manifest, tempDir);
-    assert.ok(manifest.migrations.includes("CREATE TABLE items"));
-    assert.ok(manifest.migrations.includes('[{"x":0.5}]'), "should preserve JSON literals without escaping issues");
-    assert.equal(manifest.migrations_file, undefined, "migrations_file should be removed");
-  });
-
-  it("overwrites inline migrations when migrations_file is present", () => {
-    const manifest = { migrations: "SELECT 1", migrations_file: "setup.sql" };
-    resolveMigrationsFile(manifest, tempDir);
-    assert.ok(manifest.migrations.includes("CREATE TABLE items"));
-    assert.equal(manifest.migrations_file, undefined);
-  });
-
-  it("leaves manifest untouched when no migrations_file", () => {
-    const manifest = { migrations: "SELECT 1" };
-    resolveMigrationsFile(manifest, tempDir);
-    assert.equal(manifest.migrations, "SELECT 1");
-  });
-
-  it("handles manifest with neither migrations nor migrations_file", () => {
-    const manifest = { files: [] };
-    resolveMigrationsFile(manifest, tempDir);
-    assert.equal(manifest.migrations, undefined);
-  });
-
-  it("throws on missing migrations file", () => {
-    const manifest = { migrations_file: "does-not-exist.sql" };
-    assert.throws(
-      () => resolveMigrationsFile(manifest, tempDir),
-      /ENOENT/,
-    );
-  });
-});