You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A review of the CLI against open issues (here and in denoland/deno), recurring
user reports, and a feature-parity comparison with the web dashboard and the
public API (https://api.deno.com/v2/docs). Baseline: main @ 2c7421b
(@deno/deploy@0.0.99).
This is meant as a tracking/roadmap issue. Findings are grouped into: ship what's
already built, confirmed bugs, remaining CI/agent rough edges, and missing
feature areas.
0. A finished overhaul is unreleased
The CI / AI-agent readiness work that landed on main (#86, #91–#102) is not yet
released, so the version most users run is the older CLI. Releasing it resolves a
large share of common complaints by itself:
--debug now defaults to false (previously noisy + wrote a debug tarball on every deploy)
global --json, NDJSON logs, --non-interactive/-y, -q/--quiet
structured error envelope { error: { code, message, hint, traceId } } and exit-code taxonomy (0 OK, 1 GENERIC, 2 USAGE, 3 AUTH, 4 NOT_FOUND, 5 CONFLICT, 6 NETWORK) — replaces the old opaque "internal error + trace id" output that is the single most common CLI complaint
database link unusable: --hostname is required: true and options declare conflicts: ["connectionString"], but connectionString is a positional arg, so the two documented forms are mutually unreachable; --port is passed as a string.
Production app URL not exposed machine-readably. --json deploy emits revisionId, a url (the builds page, not the app URL), and timelines[].domains, but no explicit productionUrl; and --no-wait --json emits empty stdout (no revision id).
sandbox create --json blocks forever in non-interactive/CI: the default timeout=session installs a SIGINT keep-alive with no TTY/--non-interactive guard; the JSON/exit path only runs for non-session timeouts.
--json stdout pollution: env add/update/delete, all database mutations, switch, and the setup-aws/setup-gcp wizards print human text to stdout and never emit a JSON result, corrupting piped output.
Exit code 2 (USAGE) is not actually delivered for bad flags — Cliffy ValidationError exits 1; code 2 only fires on the CLI's own requireInteractive/missing-flag paths.
setup-aws/setup-gcp bypass the error envelope on cancel / missing external CLI using bare Deno.exit(1); agents get no JSON envelope or stable code.
setup-* auto-applies infra (creates IAM roles / service accounts) under --non-interactive with no confirmation.
logs has no --once/tail-then-exit for bounded non-interactive capture without --end.
Thin tests: the publish/deploy --json success envelope, --no-wait --json, the entire database command, env subcommands, switch, orgs/apps/deployments, and the sandbox create hang are untested.
3. Feature parity vs dashboard / public API
The guiding principle: anything you can do in the dashboard or via the public
API should be doable from the CLI — independent of whether a user has filed a
ticket for it. Many of the gaps below have no associated report; they are listed
because completeness (and scriptability/IaC) requires them.
A concrete example with no ticket behind it: custom timelines. The dashboard
can create, update, and delete named deployment timelines (e.g. production, preview, per-branch or per-environment targets) and route revisions/domains to
them. The public API only exposes this read-only
(GET /v2/revisions/{revision}/timelines reports the timelines a revision
serves) — there is no create/update/delete — and the CLI has no timelines
command at all, so this entire named-environment workflow is unscriptable today. Other completeness-only gaps in
the same vein: layers (shared env/config across apps), rate limits /
firewall (WAF), cron management, org members & roles, token CRUD,
and cloud-connection list/test/delete.
Summary
A review of the CLI against open issues (here and in
denoland/deno), recurringuser reports, and a feature-parity comparison with the web dashboard and the
public API (https://api.deno.com/v2/docs). Baseline:
main@2c7421b(
@deno/deploy@0.0.99).This is meant as a tracking/roadmap issue. Findings are grouped into: ship what's
already built, confirmed bugs, remaining CI/agent rough edges, and missing
feature areas.
0. A finished overhaul is unreleased
The CI / AI-agent readiness work that landed on
main(#86, #91–#102) is not yetreleased, so the version most users run is the older CLI. Releasing it resolves a
large share of common complaints by itself:
--debugnow defaults to false (previously noisy + wrote a debug tarball on every deploy)--json, NDJSONlogs,--non-interactive/-y,-q/--quiet{ error: { code, message, hint, traceId } }and exit-code taxonomy (0 OK, 1 GENERIC, 2 USAGE, 3 AUTH, 4 NOT_FOUND, 5 CONFLICT, 6 NETWORK) — replaces the old opaque "internal error + trace id" output that is the single most common CLI complaintwhoami,apps list,orgs list,deployments list,database *,switch,--version--ignorefile exclusion (addressesdenoland/deno#31113), static-app create flow (addressesdenoland/deno#32236), scriptablesetup-aws/setup-gcpAction: cut the release tracked in #109. Highest-leverage single step.
1. Current command surface (v0.0.99)
2. Confirmed bugs still on
maindatabase linkunusable:--hostnameisrequired: trueand options declareconflicts: ["connectionString"], butconnectionStringis a positional arg, so the two documented forms are mutually unreachable;--portis passed as a string.deploy.includefrom a workspace root collects no workspace-member files.denoland/deno#33365(os error 123): readfile '/C:/...'.authedFetchURL resolution breaks whenDENO_DEPLOY_ENDPOINTcontains a path.deploy.*fields and printsCreated configuration file…to stdout (pollutes--json).--jsondeploy emitsrevisionId, aurl(the builds page, not the app URL), andtimelines[].domains, but no explicitproductionUrl; and--no-wait --jsonemits empty stdout (no revision id).database listexposes only a generatedclientIdfor Deno KV, not the connect database ID needed foropenKv.cache-invalidatesubcommand.Remaining CI / agent rough edges in current code
sandbox create --jsonblocks forever in non-interactive/CI: the defaulttimeout=sessioninstalls a SIGINT keep-alive with no TTY/--non-interactiveguard; the JSON/exit path only runs for non-session timeouts.--jsonstdout pollution:env add/update/delete, alldatabasemutations,switch, and thesetup-aws/setup-gcpwizards print human text to stdout and never emit a JSON result, corrupting piped output.ValidationErrorexits 1; code 2 only fires on the CLI's ownrequireInteractive/missing-flag paths.setup-aws/setup-gcpbypass the error envelope on cancel / missing external CLI using bareDeno.exit(1); agents get no JSON envelope or stable code.setup-*auto-applies infra (creates IAM roles / service accounts) under--non-interactivewith no confirmation.logshas no--once/tail-then-exit for bounded non-interactive capture without--end.publish/deploy--jsonsuccess envelope,--no-wait --json, the entiredatabasecommand,envsubcommands,switch,orgs/apps/deployments, and thesandbox createhang are untested.3. Feature parity vs dashboard / public API
The guiding principle: anything you can do in the dashboard or via the public
API should be doable from the CLI — independent of whether a user has filed a
ticket for it. Many of the gaps below have no associated report; they are listed
because completeness (and scriptability/IaC) requires them.
A concrete example with no ticket behind it: custom timelines. The dashboard
can create, update, and delete named deployment timelines (e.g.
production,preview, per-branch or per-environment targets) and route revisions/domains tothem. The public API only exposes this read-only
(
GET /v2/revisions/{revision}/timelinesreports the timelines a revisionserves) — there is no create/update/delete — and the CLI has no
timelinescommand at all, so this entire named-environment workflow is unscriptable today. Other completeness-only gaps in
the same vein: layers (shared env/config across apps), rate limits /
firewall (WAF), cron management, org members & roles, token CRUD,
and cloud-connection list/test/delete.
Legend: Y available, P partial, N none.
apps listonly)--proddoes not reliably promote and there is no workarounddeployments list; no cancel/delete/restart)GET /v2/revisions/{revision}/timelines; no create/update/delete)tunnel-login)4. Prioritized roadmap
P0 — ship and stabilize
database linkusable (crash + port type + payload key) #105, fix(rs_lib): restore stripped deploy.include for workspace-member paths #99, fix: (os error 123): readfile '/C:/path/to/project/index.ts' #89, fix: authedFetch URL resolution breaks when DENO_DEPLOY_ENDPOINT contains a path #82, fix(config): preserve other deploy fields when writing org/app #103.sandbox create --jsonCI hang and the--jsonstdout pollution in env/database/switch/setup (route human text to stderr; emit JSON).--prodpromotion; emit an explicitproductionUrlin deploy JSON; emit JSON under--no-wait(Expose an app's production URL in a machine-readable CLI command #108).P1 — highest-demand feature gaps
deployments build-logs/logs --build).deployments promote|rollback).apps/deploymentsbeyond list:get/inspect,delete,cancel; appdelete/rename/settings.cache-invalidate(deno deploy cache-invalidatesubcommand #55 / PR feat: cache subcommand #64) and a Classic to newmigratecommand.tokens create/list/revoke).P2 — full parity (largely completeness-driven, not ticket-driven)
timelines create|update|delete, route revisions/domains to named environments).References
deno deploy cache-invalidatesubcommand #55, Unable to always load env file in CI #79, OIDC deployments? #81, deploy.include from workspace root collects no workspace member files #90, database link crashes: Unknown conflicting option "connectionString" #104, Expose Deno KV connect database IDs in database list #106, Treat positional file arguments as deploy roots, not config files #107, Expose an app's production URL in a machine-readable CLI command #108, Cut a new deploy-cli release for JSON/non-interactive commands #109; PRs feat: cache subcommand #64, feat: deno sandbox quickstart #70, sandbox dashboard #77, fix: authedFetch URL resolution breaks when DENO_DEPLOY_ENDPOINT contains a path #82, fix: (os error 123): readfile '/C:/path/to/project/index.ts' #89, fix(rs_lib): restore stripped deploy.include for workspace-member paths #99, fix(config): preserve other deploy fields when writing org/app #103, fix(database): makedatabase linkusable (crash + port type + payload key) #105, docs: add AGENTS.md for non-interactive / agent usage #110, test: cover publish flow non-interactive --json output #111.denoland/deno: #31113, #31699, #32101, #32197, #32199, #32236, #32436, #32875, #33365, #35181.