CodeCow/stack
1
0
Fork 0
mirror of https://github.com/stack-auth/stack.git synced 2026-06-13 21:01:21 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
57ff5d3ce9
stack/packages/stack-cli/src/commands/dev.ts
BilalG1 57ff5d3ce9
Some checks failed
all-good: Did all the other checks pass? / all-good (push) Has been cancelled
Details
Ensure Prisma migrations are in sync with the schema / check_prisma_migrations (22.x) (push) Has been cancelled
Details
DB migration compat / Check if migrations changed (push) Has been cancelled
Details
Docker Server Build and Push / Docker Build and Push Server (push) Has been cancelled
Details
Docker Server Build and Run / docker (push) Has been cancelled
Details
Runs E2E API Tests (Local Emulator) / E2E Tests (Local Emulator, Node ${{ matrix.node-version }}) (22.x) (push) Has been cancelled
Details
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (mock, 22.x) (push) Has been cancelled
Details
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (prod, 22.x) (push) Has been cancelled
Details
Runs E2E API Tests with custom port prefix / build (22.x) (push) Has been cancelled
Details
Runs E2E Fallback Tests / E2E Fallback Tests (Node ${{ matrix.node-version }}) (22.x) (push) Has been cancelled
Details
Lint & build / lint_and_build (24) (push) Has been cancelled
Details
TOC Generator / TOC Generator (push) Has been cancelled
Details
DB migration compat / Back-compat — Current branch migrations with ${{ needs.check-migrations-changed.outputs.base_branch }} branch code (push) Has been cancelled
Details
DB migration compat / Forward-compat — Current branch code with ${{ needs.check-migrations-changed.outputs.base_branch }} branch migrations (push) Has been cancelled
Details
DB migration compat / No migration changes (skipped) (push) Has been cancelled
Details
feat(hexclave): PR 2 — visible rebrand (Hexclave brand goes public) (#1481) 
## Summary

**Stacked on [#1475](https://github.com/hexclave/stack-auth/pull/1475)**
(`cl/hexclave-pr1`, the invisible compatibility layer). Diff vs that
base = the actual PR 2 code.

This is **PR 2 of the Stack Auth → Hexclave rebrand: the visible flip**.
Old wire identifiers (cookies, request/response headers, Bearer prefix,
JWT issuers, MCP tool name) keep working indefinitely via PR 1's
dual-accept. This PR flips every user-visible surface — package names
taught in docs, SDK class names in code examples, dashboard setup
snippets, page titles, error messages, email content, CLI binary,
default base URLs, GitHub repo slug, contributor guidance — to the
Hexclave brand.

See [`RENAME-TO-HEXCLAVE.md`](./RENAME-TO-HEXCLAVE.md) → *"PR 2: Rebrand
to Hexclave (visible)"* for the full per-work-area spec.

## What's implemented (per the plan's PR 2 scope)

- **SDK base URLs** flipped: `defaultBaseUrl` and
`defaultAnalyticsBaseUrl` in
[common.ts](packages/template/src/lib/stack-app/apps/implementations/common.ts:127)
→ `https://api.hexclave.com` / `https://r.hexclave.com`. PR 1's
[`getHardcodedFallbackUrls`](packages/stack-shared/src/utils/urls.tsx:199)
table now keys on the Hexclave domain.

- **Domain inventory sweep** (16 subdomains from the plan): every
`api/app/docs/discord/demo/mcp/skill/feedback/test/preview/r/api2/api.staging/idp-jwk-audience/built-with.stack-auth.com`
reference in production code, docs-mintlify, examples, READMEs, and
contributor guidance flipped to `*.hexclave.com`. Carve-outs: PR 1's
intentional JWT issuer dual-accept table in
[tokens.tsx](apps/backend/src/lib/tokens.tsx), the legacy `./docs/`
folder, the `unified-docs-widget` allowlist (deliberately accepts both
during DNS transition), and `url-targets.ts` hosted-component default
(baked into existing customer deploys).

- **`@deprecated` JSDoc** on every `Stack*` public export
([packages/template/src/lib/stack-app/index.ts](packages/template/src/lib/stack-app/index.ts)
+ [packages/template/src/index.ts](packages/template/src/index.ts)) —
`StackClientApp`, `StackServerApp`, `StackAdminApp` + every
constructor/options/JSON type, `StackHandler`, `StackProvider`,
`StackTheme`, `useStackApp`, `defineStackConfig`, `StackConfig`.
Hexclave\* aliases are now canonical.

- **Runtime `console.warn`**
([packages/template/src/internal/deprecation-warning.ts](packages/template/src/internal/deprecation-warning.ts))
— once-per-process when the SDK is loaded from a `@stackframe/*`
artifact. Detection uses the existing
`STACK_COMPILE_TIME_CLIENT_PACKAGE_VERSION_SENTINEL` (rewritten at build
time to e.g. `js @stackframe/stack@2.8.92` or `js
@hexclave/next@1.0.0`); `@hexclave/*` mirror artifacts short-circuit the
warning.

- **Tier 3 data migration**: new idempotent SQL migration
[`20260523000000_rename_internal_project_to_hexclave`](apps/backend/prisma/migrations/20260523000000_rename_internal_project_to_hexclave/migration.sql)
— updates the internal Project `displayName` 'Stack Dashboard' →
'Hexclave Dashboard' and `description` only if both still hold the
pre-rebrand defaults. Operator-renamed projects untouched, missing row
no-ops, re-runs are no-ops. [`seed.ts`](apps/backend/prisma/seed.ts:87)
default flipped. `getSharedEmailConfig("Stack Auth")` → `("Hexclave")`.

- **Tier 4 brand strings** (mechanical sweep, ~340 files):
- Page + OpenAPI titles (Hexclave API / Dashboard / REST API / Webhooks
API / Documentation). OpenAPI `info.description` documents
`X-Hexclave-*` headers as canonical with compat note on `X-Stack-*`.
- `HexclaveAssertionError` message text
([errors.tsx:71](packages/stack-shared/src/utils/errors.tsx:71)) — "an
error in Stack." → "an error in Hexclave."
- Known-error message templates
([known-errors.tsx](packages/stack-shared/src/known-errors.tsx)) flipped
to lead with `x-hexclave-*` + the new `docs.hexclave.com` URL; legacy
`x-stack-*` mentioned as compat aliases. **25 e2e test files updated in
lockstep**.
- Email content: failed-emails-digest body, sendTestEmail recipient (now
`sent-with-hexclave.com`), test-email-recipient default.
  - `CHANGELOG.md` title → "Hexclave Changelog".
- `AGENTS.md` env var convention: new vars prefix `HEXCLAVE_` /
`NEXT_PUBLIC_HEXCLAVE_` for Category A/B; legacy `STACK_*` explicitly
noted as accepted via PR 1's dual-read.

- **CLI / init wizard**:
- Every dashboard setup snippet, init-stack template, and docs-mintlify
page teaches `npx @hexclave/cli@latest init` (was
`@stackframe/stack-cli`).
[setup-page.tsx](apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/(overview)/setup-page.tsx)
+
[link-existing-onboarding](apps/dashboard/src/app/(main)/(protected)/(outside-dashboard)/new-project/page-client-parts/link-existing-onboarding.tsx).
- [init-stack](packages/init-stack/src/index.ts:634)
`STACK_*_INSTALL_PACKAGE_NAME_OVERRIDE` defaults flipped to
`@hexclave/*`.
- Generated `stack/client.ts` / `stack/server.ts` import from
`@hexclave/next` and reference `HexclaveClientApp` /
`HexclaveServerApp`.
- Internal `StackAuthKeys` dashboard component renamed to
`HexclaveKeys`.

- **docs-mintlify rewrite** (legacy `./docs/` intentionally untouched
per scoping decision):
- **78 MDX files swept**.
`@stackframe/{react,stack,js,tanstack-start,...}` →
`@hexclave/{react,stack,js,...}` in install snippets and code blocks;
`Stack*` SDK class names → `Hexclave*` in all code examples; 'Stack
Auth' brand phrase → 'Hexclave'.
- `openapi/{server,admin,client,webhooks}.json` titles → 'Hexclave REST
API' / 'Hexclave Webhooks API'.

- **Generators flipped before regeneration**:
-
[`packages/stack-shared/src/helpers/init-prompt.ts`](packages/stack-shared/src/helpers/init-prompt.ts),
[`/ai/prompts.ts`](packages/stack-shared/src/ai/prompts.ts),
[`apps/backend/src/lib/ai/prompts.ts`](apps/backend/src/lib/ai/prompts.ts),
[`apps/backend/src/lib/ai/tools/create-email-{template,draft}.ts`](apps/backend/src/lib/ai/tools/create-email-template.ts),
[`apps/skills/src/app/route.ts`](apps/skills/src/app/route.ts) (taught
MCP tool → `ask_hexclave` with compat note; CLI binary teach →
`hexclave`),
[`docs-mintlify/snippets/home-prompt-island.jsx`](docs-mintlify/snippets/home-prompt-island.jsx),
[`packages/template/README.md`](packages/template/README.md) +
integrations/convex/component/README.md.
  - `generate-sdks` propagated changes to `packages/{react,stack,js}`.

- **OpenAPI dual-documentation**:
[`apps/backend/src/app/api/latest/route.ts`](apps/backend/src/app/api/latest/route.ts)
now lists `X-Hexclave-*` headers as primary documented schemas with
`X-Stack-*` duplicates marked `.optional()` (both accepted at runtime by
PR 1's normalize-at-proxy shim).

- **`@stackframe/emails` virtual module**: dual-aliased to
`@hexclave/emails` at the bundler boundary
([email-rendering.tsx:89](apps/backend/src/lib/email-rendering.tsx:89)).
Stored email templates continue to import from either name; new
AI-generated templates and the system prompt teach `@hexclave/emails`.

- **Tier 2 mirror-publish wiring** (new this PR, lays the groundwork for
`@hexclave/*` first publish):
-
[`scripts/rewrite-packages-to-hexclave.ts`](scripts/rewrite-packages-to-hexclave.ts)
— rewrites 9 publishable `@stackframe/*` → `@hexclave/*` `package.json`
files (reads `HEXCLAVE_VERSION` env or `--version=` flag), pins
cross-deps to the shared `@hexclave` version, registers `hexclave` bin
alongside `stack` for `@hexclave/cli`.
-
[`.github/workflows/npm-publish.yaml`](.github/workflows/npm-publish.yaml)
appended with rewrite-then-republish step. `pnpm publish` skips
already-on-npm versions so reruns are safe.

- **Sender email domain**: `noreply@stackframe.co` →
`noreply@sent-with-hexclave.com` (the dedicated transactional-sender
domain split per the plan, to isolate bulk deliverability from
`hexclave.com` reputation); `security@` / `team@stack-auth.com` inbound
mailboxes → `@hexclave.com`.

- **Self-host docs**: docker network / container names in the bash
examples flipped from `stack-auth` to `hexclave` (`hexclave-postgres`,
`hexclave-clickhouse`, `hexclave.env`). The docker image tag
`stackauth/server:latest` stays per the plan's locked decision.

- **GitHub repo slug**: `hexclave/stack-auth` → `hexclave/hexclave` in
every `package.json` `repository` field, README link, CHANGELOG
raw-asset URL.

## Carve-outs (deliberately untouched)

-
**[`apps/backend/src/lib/tokens.tsx`](apps/backend/src/lib/tokens.tsx)**
JWT issuer dual-accept table — PR 1 intentional infrastructure, kept
indefinitely.
- **Legacy `./docs/` folder** — per scoping decision (only
`docs-mintlify/` rewritten).
- **`unified-docs-widget` hostname allowlist** — accepts both
`.hexclave.com` (canonical) and `.stack-auth.com` (transition window)
for DNS rollout.
- **`url-targets.ts`** hosted-domain default
`.built-with-stack-auth.com` — wire identifier baked into existing
customer deploys; indefinite read-fallback.
- **Binary visual assets** (logos, favicons, OG images, README
screenshots) — out of scope for this PR. Need design work; tracked
separately.

## Verification

- **`pnpm typecheck`** on
`packages/{template,stack-shared,react,stack,js}` + `apps/dashboard`:
**all green**. The remaining backend / e-commerce-demo typecheck errors
are pre-existing (Prisma codegen output +
`./generated/api-versions.json` not present in fresh worktrees without
`pnpm run codegen-prisma` + a live DB) and unrelated to this diff.
- **`pnpm lint`** on the same 6 packages: all green.
- **Final grep** for residual `Stack Auth` / `stack-auth.com` /
`@stackframe/stack-cli@latest` references: zero outside the intentional
carve-outs above.
- **25 e2e test files updated in lockstep** with the known-error message
changes (asserted strings flipped to match the new x-hexclave-* +
compat-note messages).

## Deploy blockers (ops sequencing before this rebrand goes live)

This PR is code-complete, but the rebrand's visible surfaces (SDK
default URLs, dashboard links, npm READMEs, REST error messages, runtime
deprecation warning) all point at `*.hexclave.com` / `@hexclave/*`
resources that don't exist yet. None of these are fixable from a PR —
they're ops/registrar/npm work that has to be sequenced before merging
this to a release tag.

Suggested ordering, hardest blockers first:

### Tier 1 — required before customer-facing deploy (everything below
this line *will visibly break customers on day 1* if skipped)

1. **DNS + TLS for `api.hexclave.com` + `api1./api2.hexclave.com`** →
must point at the same backend that serves `api.stack-auth.com` (or a
backend that mirrors PR 1's dual-accept). The SDK's new `defaultBaseUrl`
is `https://api.hexclave.com`; every customer that relied on the old
default and upgrades to a post-PR2 SDK build sends API requests here.
Until this resolves, every default-config customer's API call NXDOMAINs.
2. **DNS for `app.hexclave.com`** → the dashboard. Referenced in the
SDK's default-error messages ("Please create a project on the Hexclave
dashboard at https://app.hexclave.com"), the init-stack flow's
`wizard-congrats` redirect, and the OAuth dashboard handoff.
3. **DNS for `docs.hexclave.com`** + Mintlify deploy → the SDK runtime
deprecation warning (`https://docs.hexclave.com/migration`), every
README, every "Learn more" link in the dashboard, and every REST API
error body (`/api/overview#authentication`) points here. The MDX is in
this PR; the docs build target needs DNS.
4. **DNS for `mcp.hexclave.com`** → the MCP server endpoint that every
taught agent integration (`claude mcp add ...`, `cursor`, `codex`,
`vscode`) registers. Until this resolves, every `npx
@hexclave/cli@latest init` MCP-registration step fails.
5. **Reserve the `@hexclave` npm scope + set repo variable
`HEXCLAVE_VERSION`** → the mirror-publish step in
`.github/workflows/npm-publish.yaml` is gated on this variable. Without
it, the entire taught onboarding command `npx @hexclave/cli@latest init`
404s from the npm registry, *and* every README that says "install
`@hexclave/next`" leads to install failure. Pick the initial version
intentionally (`1.0.0` or aligned to `@stackframe/stack`); don't accept
a silent default.

### Tier 2 — required before announcing the rebrand publicly (lookalike
or low-traffic surfaces, but visibly broken)

6. **DNS for `r.hexclave.com`** → the analytics beacon
`defaultAnalyticsBaseUrl`. Silent failure if missing (analytics drops),
but should land alongside Tier 1.
7. **Register `sent-with-hexclave.com` + full email auth (SPF / DKIM /
DMARC)** → the new default sender domain for shared-sender transactional
emails. Without it the dashboard "send test email" path emits bounces,
and shared-sender flows (`getSharedEmailConfig("Hexclave")`) deliver to
spam at best.
8. **MX + SPF / DMARC for `hexclave.com`** → `team@hexclave.com` and
`security@hexclave.com` mailboxes. The security disclosure mailbox is
referenced in [`.github/SECURITY.md`](.github/SECURITY.md);
`team@hexclave.com` is the actual recipient of internal feedback emails
sent at runtime by
[`apps/backend/src/lib/internal-feedback-emails.tsx`](apps/backend/src/lib/internal-feedback-emails.tsx).
Today, every runtime feedback email bounces.
9. **DNS for `skill.hexclave.com`** → the canonical AI-agent skill fetch
URL (the agent bootstrap pivot). Without it, the entire "agent downloads
`SKILL.md` from a known URL" flow taught in
[`packages/stack-shared/src/helpers/init-prompt.ts`](packages/stack-shared/src/helpers/init-prompt.ts)
fails.
10. **Create `github.com/hexclave/hexclave` as a public repo** (even as
a redirect to `hexclave/stack-auth`) **OR** rewrite every `package.json`
`"repository"` field + dashboard footer "view on GitHub" link to point
at `hexclave/stack-auth` (which already exists). Currently every npm
package page's "Repository" link is dead, and the dashboard's GitHub
button + dev-tool repo link are dead.

### Tier 3 — broken but low-visibility / low-traffic

11. **DNS for `discord.hexclave.com`** → Discord invite redirect, used
in every README's chip and the dashboard footer.
12. **DNS for `demo.hexclave.com`** → " Demo" badge in every npm
package README. Broken-image badge on the package page.
13. **DNS + TLS for `built-with-hexclave.com`** → optional
hosted-handler domain (the default reverted to
`.built-with-stack-auth.com` in this PR's carve-outs, so this only
matters for projects that manually flip).

## Other follow-ups (not deploy-blocking)

- **E2E snapshot regen across the full suite** for the dual-emitted
`x-hexclave-*` response headers (PR 1 follow-up; `vitest -u` in CI
absorbs).
- **Binary visual assets** — logos, favicons, OG images, README
screenshots; need design pass.
- **Backend OpenAPI fumadocs regen** in CI flow — the JSON files in
`docs-mintlify/openapi/` are committed but regen runs in CI. Verify the
workflow that does this still works against the post-PR2 source.
- **Backend typecheck infra debt** — needs `codegen-prisma` +
`codegen-route-info` to clear; pre-existing, unaffected by this PR.

## Test plan

- [ ] CI runs full e2e suite (with `vitest -u` to absorb residual
snapshot deltas, then committed back).
- [ ] Spot-check: new `@hexclave/cli init` (once published) generates
`hexclave.config.ts` and works against a fresh project.
- [ ] Spot-check: existing customer with `@stackframe/stack` import sees
the once-per-process `console.warn` recommending `@hexclave/next` on SDK
init.
- [ ] Manual: dashboard setup page renders the `npx @hexclave/cli@latest
init` snippet and the `x-hexclave-publishable-client-key` API header in
the curl example.
- [ ] Manual: a fresh `pnpm run prisma migrate` against a clean DB sets
the internal project displayName to 'Hexclave Dashboard'.

---------

Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>
2026-05-26 19:18:20 -07:00

541 lines
18 KiB
TypeScript
Raw Blame History

import { execFileSync, spawn } from "child_process";
import { Command } from "commander";
import { chmodSync, closeSync, cpSync, existsSync, mkdirSync, openSync, readdirSync, readFileSync, rmSync, writeFileSync, writeSync } from "fs";
import { dirname, join, resolve } from "path";
import { fileURLToPath } from "url";
import { DEFAULT_API_URL, DEFAULT_PUBLISHABLE_CLIENT_KEY, resolveLoginConfig } from "../lib/auth.js";
import { resolveConfigFilePathOption } from "../lib/config-file-path.js";
import { devEnvStatePath, ensureLocalDashboardSecret, recordLocalDashboardProcess } from "../lib/dev-env-state.js";
import { CliError } from "../lib/errors.js";
type ChildCommand = {
command: string,
args: string[],
};
type DevOptions = {
configFile?: string,
};
type SessionResponse = {
session_id: string,
env: Record<string, string>,
project_id: string,
onboarding_outstanding: boolean,
};
const HEARTBEAT_INTERVAL_MS = 5_000;
const HEARTBEAT_STOP_POLL_MS = 100;
const DASHBOARD_RESTART_MIN_UPTIME_MS = 5_000;
const DASHBOARD_PORT = 26700;
const DASHBOARD_START_TIMEOUT_MS = 60_000;
const BUNDLED_DASHBOARD_DIR_NAME = "dashboard";
const BUNDLED_DASHBOARD_SERVER_PATH = join("apps", "dashboard", "server.js");
const DASHBOARD_RUNTIME_DIR_NAME = "rde-dashboard-runtime";
const SENTINEL_PREFIX = "STACK_ENV_VAR_SENTINEL_";
const USE_INLINE_ENV_VARS_SENTINEL = "STACK_ENV_VAR_SENTINEL_USE_INLINE_ENV_VARS";
const SENTINEL_REGEX = /STACK_ENV_VAR_SENTINEL(?:_[A-Z0-9_]+)?/g;
const LOG_PREFIX = "[Hexclave] ";
const REQUIRED_DASHBOARD_RUNTIME_ENV_VARS = new Set([
"NEXT_PUBLIC_STACK_API_URL",
"NEXT_PUBLIC_BROWSER_STACK_API_URL",
"NEXT_PUBLIC_SERVER_STACK_API_URL",
"NEXT_PUBLIC_STACK_DASHBOARD_URL",
"NEXT_PUBLIC_BROWSER_STACK_DASHBOARD_URL",
"NEXT_PUBLIC_SERVER_STACK_DASHBOARD_URL",
"NEXT_PUBLIC_STACK_PROJECT_ID",
"NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY",
"NEXT_PUBLIC_STACK_IS_LOCAL_EMULATOR",
"NEXT_PUBLIC_STACK_IS_REMOTE_DEVELOPMENT_ENVIRONMENT",
"NEXT_PUBLIC_STACK_IS_PREVIEW",
]);
type ProgressLogger = {
stop: (finalMessage?: string) => void,
};
type DashboardSessionState = {
session: SessionResponse,
dashboardReachableSinceMs: number,
};
function wait(ms: number): Promise<void> {
return new Promise((resolvePromise) => setTimeout(resolvePromise, ms));
}
function errorMessage(error: unknown): string {
return error instanceof Error ? error.message : String(error);
}
function splitDevCommandArgs(commandArgs: string[]): ChildCommand {
if (commandArgs.length === 0) {
throw new CliError("Missing command. Usage: stack dev --config-file <path> -- <command> [args...]");
}
const command = commandArgs[0];
return { command, args: commandArgs.slice(1) };
}
function dashboardUrl(): string {
return `http://127.0.0.1:${DASHBOARD_PORT}`;
}
function normalizeApiBaseUrl(apiBaseUrl: string): string {
const url = new URL(apiBaseUrl);
if (url.hostname === "localhost") {
url.hostname = "127.0.0.1";
}
return url.toString().replace(/\/$/, "");
}
function logDev(message: string): void {
console.warn(`${LOG_PREFIX}${message}`);
}
function openUrlInBrowser(url: string): boolean {
try {
if (process.platform === "darwin") {
execFileSync("open", [url], { stdio: "ignore" });
return true;
}
if (process.platform === "win32") {
execFileSync("cmd", ["/c", "start", "", url], { stdio: "ignore" });
return true;
}
execFileSync("xdg-open", [url], { stdio: "ignore" });
return true;
} catch {
return false;
}
}
function maybeOpenOnboardingPage(session: SessionResponse): void {
if (!session.onboarding_outstanding) {
return;
}
const url = `${dashboardUrl()}/new-project?project_id=${encodeURIComponent(session.project_id)}`;
const opened = openUrlInBrowser(url);
if (opened) {
logDev(`Onboarding is still pending for project ${session.project_id}. Opened: ${url}`);
} else {
logDev(`Onboarding is still pending for project ${session.project_id}. Open this URL manually: ${url}`);
}
}
function startProgressLog(message: string): ProgressLogger {
if (!process.stderr.isTTY) {
logDev(`${message}...`);
return {
stop() {
logDev(`${message}... done!`);
},
};
}
let dotCount = 0;
let stopped = false;
const render = () => {
process.stderr.write(`\r\x1b[2K${LOG_PREFIX}${message}${".".repeat(dotCount)}`);
dotCount = (dotCount + 1) % 4;
};
render();
const timer = setInterval(render, 400);
timer.unref();
return {
stop() {
if (stopped) return;
stopped = true;
clearInterval(timer);
process.stderr.write("\r\x1b[2K");
logDev(`${message}... done!`);
},
};
}
function bundledDashboardRoot(): string {
return join(dirname(fileURLToPath(import.meta.url)), BUNDLED_DASHBOARD_DIR_NAME);
}
function assertBundledDashboardExists(): void {
const serverPath = join(bundledDashboardRoot(), BUNDLED_DASHBOARD_SERVER_PATH);
if (!existsSync(serverPath)) {
throw new CliError([
"This stack-cli build does not include the bundled development-environment dashboard.",
"Build the CLI package with the dashboard standalone assets before running `stack dev`.",
].join(" "));
}
}
function dashboardRuntimeRoot(): string {
return join(dirname(devEnvStatePath()), DASHBOARD_RUNTIME_DIR_NAME);
}
function dashboardLogPath(): string {
return join(dirname(devEnvStatePath()), "rde-dashboard.log");
}
function replaceSentinels(content: string, env: NodeJS.ProcessEnv): string {
return content.replace(SENTINEL_REGEX, (sentinel) => {
if (sentinel === USE_INLINE_ENV_VARS_SENTINEL) {
return "true";
}
if (!sentinel.startsWith(SENTINEL_PREFIX)) {
return sentinel;
}
const envVarName = sentinel.slice(SENTINEL_PREFIX.length);
const value = env[envVarName];
if (value == null) {
if (REQUIRED_DASHBOARD_RUNTIME_ENV_VARS.has(envVarName)) {
throw new CliError(`Missing environment variable ${envVarName} while preparing the bundled dashboard runtime.`);
}
return sentinel;
}
return value;
});
}
function replaceDashboardRuntimeSentinels(root: string, env: NodeJS.ProcessEnv): void {
for (const entry of readdirSync(root, { withFileTypes: true })) {
const path = join(root, entry.name);
if (entry.isDirectory()) {
replaceDashboardRuntimeSentinels(path, env);
continue;
}
if (!entry.isFile()) {
continue;
}
const buffer = readFileSync(path);
if (!buffer.includes("STACK_ENV_VAR_SENTINEL")) {
continue;
}
writeFileSync(path, replaceSentinels(buffer.toString("utf-8"), env));
}
}
function prepareDashboardRuntime(env: NodeJS.ProcessEnv): string {
assertBundledDashboardExists();
const runtimeRoot = dashboardRuntimeRoot();
mkdirSync(dirname(runtimeRoot), { recursive: true });
rmSync(runtimeRoot, { recursive: true, force: true });
cpSync(bundledDashboardRoot(), runtimeRoot, { recursive: true });
replaceDashboardRuntimeSentinels(runtimeRoot, env);
const runtimeServerPath = join(runtimeRoot, BUNDLED_DASHBOARD_SERVER_PATH);
if (!existsSync(runtimeServerPath)) {
throw new CliError("The bundled development-environment dashboard is missing its server entrypoint.");
}
return runtimeServerPath;
}
async function isDashboardReachable(url: string): Promise<boolean> {
try {
const response = await fetch(`${url}/health`);
return response.ok;
} catch {
return false;
}
}
async function startDashboardIfNeeded(options: { apiBaseUrl: string, secret: string }): Promise<void> {
const url = dashboardUrl();
if (await isDashboardReachable(url)) {
logDev(`Using existing Hexclave dashboard on ${url}.`);
return;
}
const progress = startProgressLog(`Hexclave dashboard not found on port ${DASHBOARD_PORT}. Starting now`);
const dashboardEnv = {
...process.env,
NODE_ENV: "production",
PORT: String(DASHBOARD_PORT),
HOSTNAME: "127.0.0.1",
STACK_API_URL: options.apiBaseUrl,
NEXT_PUBLIC_STACK_API_URL: options.apiBaseUrl,
NEXT_PUBLIC_BROWSER_STACK_API_URL: options.apiBaseUrl,
NEXT_PUBLIC_SERVER_STACK_API_URL: options.apiBaseUrl,
NEXT_PUBLIC_STACK_DASHBOARD_URL: url,
NEXT_PUBLIC_BROWSER_STACK_DASHBOARD_URL: url,
NEXT_PUBLIC_SERVER_STACK_DASHBOARD_URL: url,
NEXT_PUBLIC_STACK_PROJECT_ID: "internal",
NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY: DEFAULT_PUBLISHABLE_CLIENT_KEY,
NEXT_PUBLIC_STACK_IS_LOCAL_EMULATOR: "false",
NEXT_PUBLIC_STACK_IS_REMOTE_DEVELOPMENT_ENVIRONMENT: "true",
NEXT_PUBLIC_STACK_IS_PREVIEW: "false",
};
try {
const dashboardServerPath = prepareDashboardRuntime(dashboardEnv);
const logPath = dashboardLogPath();
mkdirSync(dirname(logPath), { recursive: true });
const logFd = openSync(logPath, "a", 0o600);
chmodSync(logPath, 0o600);
writeSync(logFd, `\n[${new Date().toISOString()}] Starting Hexclave development-environment dashboard on ${url}\n`);
const child = (() => {
try {
return spawn(process.execPath, [dashboardServerPath], {
cwd: resolve(dirname(dashboardServerPath), "../.."),
detached: true,
stdio: ["ignore", logFd, logFd],
env: dashboardEnv,
});
} finally {
closeSync(logFd);
}
})();
if (child.pid == null) {
throw new CliError(`Failed to start the development environment dashboard process. Dashboard logs: ${logPath}`);
}
recordLocalDashboardProcess(DASHBOARD_PORT, options.secret, child.pid, logPath);
child.unref();
const startedAt = performance.now();
while (performance.now() - startedAt < DASHBOARD_START_TIMEOUT_MS) {
if (await isDashboardReachable(url)) {
progress.stop(`Started Hexclave dashboard`);
return;
}
await wait(500);
}
throw new CliError(`Timed out waiting for the development environment dashboard to start at ${url}. Dashboard logs: ${logPath}`);
} catch (error) {
progress.stop();
throw error;
}
}
async function dashboardRequest(path: string, options: RequestInit, secret: string): Promise<Response> {
const url = `${dashboardUrl()}${path}`;
try {
return await fetch(url, {
...options,
headers: {
Authorization: `Bearer ${secret}`,
...options.headers,
},
});
} catch (error) {
throw new CliError(`Failed to reach local Hexclave dashboard at ${url}: ${errorMessage(error)}`);
}
}
function isStringRecord(value: unknown): value is Record<string, string> {
return (
typeof value === "object" &&
value !== null &&
!Array.isArray(value) &&
Object.values(value).every((entry) => typeof entry === "string")
);
}
function isSessionResponse(value: unknown): value is SessionResponse {
return (
typeof value === "object" &&
value !== null &&
!Array.isArray(value) &&
"session_id" in value &&
typeof value.session_id === "string" &&
"project_id" in value &&
typeof value.project_id === "string" &&
"onboarding_outstanding" in value &&
typeof value.onboarding_outstanding === "boolean" &&
"env" in value &&
isStringRecord(value.env)
);
}
async function createRemoteDevelopmentEnvironmentSession(options: {
apiBaseUrl: string,
configFilePath: string,
secret: string,
}): Promise<SessionResponse> {
const response = await dashboardRequest("/api/remote-development-environment/sessions", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
api_base_url: options.apiBaseUrl,
config_path: options.configFilePath,
}),
}, options.secret);
if (!response.ok) {
throw new CliError(`Failed to register development environment session (${response.status}): ${await response.text()}`);
}
const body: unknown = await response.json();
if (!isSessionResponse(body)) {
throw new CliError("Local dashboard returned an invalid development environment session response.");
}
return body;
}
function runChildProcess(command: ChildCommand, env: NodeJS.ProcessEnv): Promise<number> {
return new Promise((resolvePromise, reject) => {
const child = spawn(command.command, command.args, { stdio: "inherit", env });
const forward = (signal: NodeJS.Signals) => () => child.kill(signal);
const onSigint = forward("SIGINT");
const onSigterm = forward("SIGTERM");
const cleanup = () => {
process.off("SIGINT", onSigint);
process.off("SIGTERM", onSigterm);
};
process.on("SIGINT", onSigint);
process.on("SIGTERM", onSigterm);
child.on("close", (code) => {
cleanup();
resolvePromise(code ?? 1);
});
child.on("error", (err) => {
cleanup();
reject(new CliError(`Failed to run ${command.command}: ${err.message}`));
});
});
}
async function restartDashboardForHeartbeat(options: {
apiBaseUrl: string,
configFilePath: string,
dashboardReachableSinceMs: number,
secret: string,
}): Promise<SessionResponse> {
const dashboardUptimeMs = performance.now() - options.dashboardReachableSinceMs;
if (dashboardUptimeMs < DASHBOARD_RESTART_MIN_UPTIME_MS) {
throw new CliError(`Local Hexclave dashboard stopped before it had been running for ${DASHBOARD_RESTART_MIN_UPTIME_MS / 1000} seconds. Not restarting to avoid a restart loop.`);
}
logDev("Local Hexclave dashboard stopped. Restarting...");
await startDashboardIfNeeded({ apiBaseUrl: options.apiBaseUrl, secret: options.secret });
return await createRemoteDevelopmentEnvironmentSession({
apiBaseUrl: options.apiBaseUrl,
configFilePath: options.configFilePath,
secret: options.secret,
});
}
async function waitForHeartbeatIntervalOrStop(shouldStop: () => boolean): Promise<boolean> {
const startedAtMs = performance.now();
while (!shouldStop()) {
const remainingMs = HEARTBEAT_INTERVAL_MS - (performance.now() - startedAtMs);
if (remainingMs <= 0) return false;
await wait(Math.min(remainingMs, HEARTBEAT_STOP_POLL_MS));
}
return true;
}
async function heartbeatUntilStopped(sessionState: DashboardSessionState, options: {
apiBaseUrl: string,
configFilePath: string,
secret: string,
shouldStop: () => boolean,
}): Promise<void> {
while (!options.shouldStop()) {
if (await waitForHeartbeatIntervalOrStop(options.shouldStop)) return;
let response: Response;
const controller = new AbortController();
const abortOnStop = setInterval(() => {
if (options.shouldStop()) {
controller.abort();
}
}, HEARTBEAT_STOP_POLL_MS);
try {
response = await dashboardRequest(`/api/remote-development-environment/sessions/${encodeURIComponent(sessionState.session.session_id)}/heartbeat`, {
method: "POST",
signal: controller.signal,
}, options.secret);
} catch {
if (options.shouldStop()) return;
sessionState.session = await restartDashboardForHeartbeat({
apiBaseUrl: options.apiBaseUrl,
configFilePath: options.configFilePath,
dashboardReachableSinceMs: sessionState.dashboardReachableSinceMs,
secret: options.secret,
});
sessionState.dashboardReachableSinceMs = performance.now();
logDev(`Hexclave dashboard running at ${dashboardUrl()}`);
continue;
} finally {
clearInterval(abortOnStop);
}
if (!response.ok) {
logDev(`Development environment heartbeat failed (${response.status}): ${await response.text()}`);
sessionState.session = await restartDashboardForHeartbeat({
apiBaseUrl: options.apiBaseUrl,
configFilePath: options.configFilePath,
dashboardReachableSinceMs: sessionState.dashboardReachableSinceMs,
secret: options.secret,
});
sessionState.dashboardReachableSinceMs = performance.now();
logDev(`Hexclave dashboard running at ${dashboardUrl()}`);
}
}
}
async function closeSession(sessionId: string, secret: string): Promise<void> {
let response: Response;
try {
response = await dashboardRequest(`/api/remote-development-environment/sessions/${encodeURIComponent(sessionId)}`, {
method: "DELETE",
}, secret);
} catch (error) {
logDev(`Failed to close development environment session: ${errorMessage(error)}`);
return;
}
if (!response.ok) {
logDev(`Failed to close development environment session (${response.status}): ${await response.text()}`);
}
}
export function registerDevCommand(program: Command) {
program
.command("dev")
.usage("--config-file <path> -- <command> [args...]")
.description("Run a command with Hexclave development-environment credentials")
.requiredOption("--config-file <path>", "Path to stack.config.ts")
.argument("<command...>", "Command and arguments to run after --")
.action(async (commandArgs: string[], opts: DevOptions) => {
if (opts.configFile == null) {
throw new CliError("--config-file is required.");
}
const childCommand = splitDevCommandArgs(commandArgs);
const localDashboardUrl = dashboardUrl();
const secret = ensureLocalDashboardSecret(DASHBOARD_PORT);
const config = resolveLoginConfig();
const apiBaseUrl = normalizeApiBaseUrl(config.apiUrl || DEFAULT_API_URL);
const configFilePath = resolveConfigFilePathOption(opts.configFile, { mustExist: false });
await startDashboardIfNeeded({ apiBaseUrl, secret });
const sessionState: DashboardSessionState = {
session: await createRemoteDevelopmentEnvironmentSession({
apiBaseUrl,
configFilePath,
secret,
}),
dashboardReachableSinceMs: performance.now(),
};
logDev(`Hexclave dashboard running at ${localDashboardUrl}`);
maybeOpenOnboardingPage(sessionState.session);
let stopped = false;
const heartbeat = heartbeatUntilStopped(sessionState, {
apiBaseUrl,
configFilePath,
secret,
shouldStop: () => stopped,
});
let exitCode = 1;
try {
exitCode = await runChildProcess(childCommand, {
...process.env,
...sessionState.session.env,
});
} finally {
stopped = true;
await heartbeat;
await closeSession(sessionState.session.session_id, secret);
}
process.exit(exitCode);
});
}
Reference in New Issue View Git Blame Copy Permalink