add Installer.run() API for simplified Lovable integration

Author: jumski

pkgs/edge-worker/src/index.ts

@@ -9,6 +9,9 @@ export { FlowWorkerLifecycle } from './flow/FlowWorkerLifecycle.js';
 // Export ControlPlane for HTTP-based flow compilation
 export { ControlPlane } from './control-plane/index.js';
 
+// Export Installer for no-CLI platforms (e.g., Lovable)
+export { Installer } from './installer/index.js';
+
 // Export platform adapters
 export * from './platform/index.js';
 

pkgs/edge-worker/src/installer/index.ts

@@ -0,0 +1,8 @@
+import { createInstallerHandler } from './server.ts';
+
+export const Installer = {
+  run: (token: string) => {
+    const handler = createInstallerHandler(token);
+    Deno.serve({}, handler);
+  },
+};

pkgs/edge-worker/src/installer/server.ts

@@ -0,0 +1,140 @@
+import type { InstallerResult, StepResult } from './types.ts';
+
+// Simplified fetch type for dependency injection (allows easier mocking)
+type FetchFn = (
+  url: string,
+  init?: RequestInit
+) => Promise<Response>;
+
+// Dependency injection for testability
+export interface InstallerDeps {
+  fetch: FetchFn;
+  getEnv: (key: string) => string | undefined;
+}
+
+const defaultDeps: InstallerDeps = {
+  fetch: globalThis.fetch,
+  getEnv: (key) => Deno.env.get(key),
+};
+
+async function callControlPlane(
+  endpoint: string,
+  method: 'GET' | 'POST',
+  supabaseUrl: string,
+  serviceRoleKey: string,
+  fetchFn: FetchFn
+): Promise<StepResult> {
+  try {
+    const response = await fetchFn(
+      `${supabaseUrl}/functions/v1/pgflow${endpoint}`,
+      {
+        method,
+        headers: {
+          Authorization: `Bearer ${serviceRoleKey}`,
+          'Content-Type': 'application/json',
+        },
+      }
+    );
+
+    const data = await response.json();
+    return { success: response.ok, status: response.status, data };
+  } catch (error) {
+    return {
+      success: false,
+      status: 0,
+      error: error instanceof Error ? error.message : 'Unknown error',
+    };
+  }
+}
+
+export function createInstallerHandler(
+  expectedToken: string,
+  deps: InstallerDeps = defaultDeps
+): (req: Request) => Promise<Response> {
+  return async (req: Request) => {
+    // Validate token from query params first (fail fast)
+    const url = new URL(req.url);
+    const token = url.searchParams.get('token');
+
+    if (token !== expectedToken) {
+      return jsonResponse(
+        {
+          success: false,
+          message:
+            'Invalid or missing token. Use the exact URL from your Lovable prompt.',
+        },
+        401
+      );
+    }
+
+    // Read env vars inside handler (not at module level)
+    const supabaseUrl = deps.getEnv('SUPABASE_URL');
+    const serviceRoleKey = deps.getEnv('SUPABASE_SERVICE_ROLE_KEY');
+
+    if (!supabaseUrl || !serviceRoleKey) {
+      return jsonResponse(
+        {
+          success: false,
+          message: 'Missing SUPABASE_URL or SUPABASE_SERVICE_ROLE_KEY',
+        },
+        500
+      );
+    }
+
+    console.log('pgflow installer starting...');
+
+    // Step 1: Configure vault secrets
+    console.log('Configuring vault secrets...');
+    const secrets = await callControlPlane(
+      '/secrets/configure',
+      'POST',
+      supabaseUrl,
+      serviceRoleKey,
+      deps.fetch
+    );
+
+    if (!secrets.success) {
+      const result: InstallerResult = {
+        success: false,
+        secrets,
+        migrations: {
+          success: false,
+          status: 0,
+          error: 'Skipped - secrets failed',
+        },
+        message:
+          'Failed to configure vault secrets. Check the pgflow Control Plane is deployed.',
+      };
+      return jsonResponse(result, 500);
+    }
+
+    // Step 2: Run migrations
+    console.log('Running migrations...');
+    const migrations = await callControlPlane(
+      '/migrations/up',
+      'POST',
+      supabaseUrl,
+      serviceRoleKey,
+      deps.fetch
+    );
+
+    const result: InstallerResult = {
+      success: secrets.success && migrations.success,
+      secrets,
+      migrations,
+      message: migrations.success
+        ? 'pgflow installed successfully! Vault secrets configured and migrations applied.'
+        : 'Secrets configured but migrations failed. Check the error details.',
+    };
+
+    console.log('Installer complete:', result.message);
+    return jsonResponse(result, result.success ? 200 : 500);
+  };
+}
+
+function jsonResponse(data: unknown, status: number): Response {
+  return new Response(JSON.stringify(data, null, 2), {
+    status,
+    headers: { 'Content-Type': 'application/json' },
+  });
+}

pkgs/edge-worker/src/installer/types.ts

@@ -0,0 +1,13 @@
+export interface StepResult {
+  success: boolean;
+  status: number;
+  data?: unknown;
+  error?: string;
+}
+
+export interface InstallerResult {
+  success: boolean;
+  secrets: StepResult;
+  migrations: StepResult;
+  message: string;
+}