@agentuity/cli 0.0.42 → 0.0.43

package/src/cmd/env/push.ts

@@ -0,0 +1,55 @@
+import { z } from 'zod';
+import { createSubcommand } from '../../types';
+import * as tui from '../../tui';
+import { projectEnvUpdate } from '@agentuity/server';
+import { getAPIBaseURL, APIClient } from '../../api';
+import { loadProjectConfig } from '../../config';
+import { findExistingEnvFile, readEnvFile, filterAgentuitySdkKeys } from '../../env-util';
+
+export const pushSubcommand = createSubcommand({
+	name: 'push',
+	description: 'Push environment variables from local .env.production file to cloud',
+	requiresAuth: true,
+	schema: {
+		options: z.object({
+			dir: z.string().optional().describe('project directory (default: current directory)'),
+		}),
+	},
+
+	async handler(ctx) {
+		const { opts, config } = ctx;
+		const dir = opts?.dir ?? process.cwd();
+
+		// Load project config to get project ID
+		const projectConfig = await loadProjectConfig(dir);
+		if (!projectConfig) {
+			tui.fatal(`No Agentuity project found in ${dir}. Missing agentuity.json`);
+		}
+
+		// Read local env file (prefer .env.production, fallback to .env)
+		const envFilePath = await findExistingEnvFile(dir);
+		const localEnv = await readEnvFile(envFilePath);
+
+		// Filter out AGENTUITY_ prefixed keys (don't push SDK keys)
+		const filteredEnv = filterAgentuitySdkKeys(localEnv);
+
+		if (Object.keys(filteredEnv).length === 0) {
+			tui.warning('No environment variables to push');
+			return;
+		}
+
+		const apiUrl = getAPIBaseURL(config);
+		const client = new APIClient(apiUrl, config);
+
+		// Push to cloud
+		await tui.spinner('Pushing environment variables to cloud', () => {
+			return projectEnvUpdate(client, {
+				id: projectConfig.projectId,
+				env: filteredEnv,
+			});
+		});
+
+		const count = Object.keys(filteredEnv).length;
+		tui.success(`Pushed ${count} environment variable${count !== 1 ? 's' : ''} to cloud`);
+	},
+});

package/src/cmd/env/set.ts

@@ -0,0 +1,86 @@
+import { z } from 'zod';
+import { createSubcommand } from '../../types';
+import * as tui from '../../tui';
+import { projectEnvUpdate } from '@agentuity/server';
+import { getAPIBaseURL, APIClient } from '../../api';
+import { loadProjectConfig } from '../../config';
+import {
+	findEnvFile,
+	readEnvFile,
+	writeEnvFile,
+	filterAgentuitySdkKeys,
+	looksLikeSecret,
+} from '../../env-util';
+import { getCommand } from '../../command-prefix';
+
+export const setSubcommand = createSubcommand({
+	name: 'set',
+	description: 'Set an environment variable',
+	requiresAuth: true,
+	schema: {
+		args: z.object({
+			key: z.string().describe('the environment variable key'),
+			value: z.string().describe('the environment variable value'),
+		}),
+		options: z.object({
+			dir: z.string().optional().describe('project directory (default: current directory)'),
+		}),
+	},
+
+	async handler(ctx) {
+		const { args, opts, config } = ctx;
+		const dir = opts?.dir ?? process.cwd();
+
+		// Validate key doesn't start with AGENTUITY_
+		if (args.key.startsWith('AGENTUITY_')) {
+			tui.fatal('Cannot set AGENTUITY_ prefixed variables. These are reserved for system use.');
+		}
+
+		// Detect if this looks like a secret
+		if (looksLikeSecret(args.key, args.value)) {
+			tui.warning(`The variable '${args.key}' looks like it should be a secret.`);
+			tui.info(`Secrets should be stored using: ${getCommand('secret set <key> <value>')}`);
+			tui.info('This keeps them more secure and properly masked in the cloud.');
+
+			const response = await tui.confirm(
+				'Do you still want to store this as a regular environment variable?',
+				false
+			);
+
+			if (!response) {
+				tui.info(
+					`Cancelled. Use "${getCommand('secret set')}" to store this as a secret instead.`
+				);
+				return;
+			}
+		}
+
+		// Load project config to get project ID
+		const projectConfig = await loadProjectConfig(dir);
+		if (!projectConfig) {
+			tui.fatal(`No Agentuity project found in ${dir}. Missing agentuity.json`);
+		}
+
+		const apiUrl = getAPIBaseURL(config);
+		const client = new APIClient(apiUrl, config);
+
+		// Set in cloud
+		await tui.spinner('Setting environment variable in cloud', () => {
+			return projectEnvUpdate(client, {
+				id: projectConfig.projectId,
+				env: { [args.key]: args.value },
+			});
+		});
+
+		// Update local .env.production file
+		const envFilePath = await findEnvFile(dir);
+		const currentEnv = await readEnvFile(envFilePath);
+		currentEnv[args.key] = args.value;
+
+		// Filter out AGENTUITY_ keys before writing
+		const filteredEnv = filterAgentuitySdkKeys(currentEnv);
+		await writeEnvFile(envFilePath, filteredEnv);
+
+		tui.success(`Environment variable '${args.key}' set successfully (cloud + ${envFilePath})`);
+	},
+});

package/src/cmd/project/download.ts

@@ -13,7 +13,7 @@ import { tmpdir } from 'node:os';
 import { finished } from 'node:stream/promises';
 import { createGunzip } from 'node:zlib';
 import { extract, type Headers } from 'tar-fs';
-import type { Logger } from '../../logger';
+import type { Logger } from '@agentuity/core';
 import * as tui from '../../tui';
 import { downloadWithSpinner } from '../../download';
 import type { TemplateInfo } from './templates';

package/src/cmd/project/template-flow.ts

@@ -7,9 +7,10 @@ import {
 	projectCreate,
 	projectExists,
 	listOrganizations,
+	projectEnvUpdate,
 	type OrganizationList,
 } from '@agentuity/server';
-import type { Logger } from '../../logger';
+import type { Logger } from '@agentuity/core';
 import * as tui from '../../tui';
 import { playSound } from '../../sound';
 import { fetchTemplates, type TemplateInfo } from './templates';
@@ -17,7 +18,13 @@ import { downloadTemplate, setupProject } from './download';
 import { showBanner } from '../../banner';
 import type { AuthData, Config } from '../../types';
 import { getAPIBaseURL, APIClient } from '../../api';
-import { createProjectConfig } from '../../config';
+import { createProjectConfig, saveOrgId } from '../../config';
+import {
+	findEnvFile,
+	readEnvFile,
+	filterAgentuitySdkKeys,
+	splitEnvAndSecrets,
+} from '../../env-util';
 
 interface CreateFlowOptions {
 	projectName?: string;
@@ -81,6 +88,10 @@ export async function runCreateFlow(options: CreateFlowOptions): Promise<void> {
 			tui.fatal('no organizations could be found for your login');
 		}
 		orgId = await tui.selectOrganization(orgs, config?.preferences?.orgId);
+
+		if (orgId && orgId !== config?.preferences?.orgId) {
+			await saveOrgId(orgId);
+		}
 	}
 
 	if (!projectName && !skipPrompts) {
@@ -201,6 +212,8 @@ export async function runCreateFlow(options: CreateFlowOptions): Promise<void> {
 	});
 
 	if (auth && client && orgId) {
+		let projectId: string | undefined;
+
 		await tui.spinner('Registering your project', async () => {
 			const res = await projectCreate(client, {
 				name: projectName,
@@ -208,6 +221,7 @@ export async function runCreateFlow(options: CreateFlowOptions): Promise<void> {
 				provider: 'bunjs',
 			});
 			if (res.success && res.data) {
+				projectId = res.data.id;
 				return createProjectConfig(dest, {
 					projectId: res.data.id,
 					orgId,
@@ -216,6 +230,32 @@ export async function runCreateFlow(options: CreateFlowOptions): Promise<void> {
 			}
 			tui.fatal(res.message ?? 'failed to register project');
 		});
+
+		// After registration, push any existing env/secrets from .env.production
+		if (projectId) {
+			await tui.spinner('Syncing environment variables', async () => {
+				try {
+					const envFilePath = await findEnvFile(dest);
+					const localEnv = await readEnvFile(envFilePath);
+					const filteredEnv = filterAgentuitySdkKeys(localEnv);
+
+					if (Object.keys(filteredEnv).length > 0) {
+						const { env, secrets } = splitEnvAndSecrets(filteredEnv);
+						await projectEnvUpdate(client, {
+							id: projectId!,
+							env,
+							secrets,
+						});
+						logger.debug(
+							`Synced ${Object.keys(filteredEnv).length} environment variables to cloud`
+						);
+					}
+				} catch (error) {
+					// Non-fatal: just log the error
+					logger.debug('Failed to sync environment variables:', error);
+				}
+			});
+		}
 	}
 
 	// Step 8: Show completion message

package/src/cmd/secret/delete.ts

@@ -0,0 +1,55 @@
+import { z } from 'zod';
+import { createSubcommand } from '../../types';
+import * as tui from '../../tui';
+import { projectEnvDelete } from '@agentuity/server';
+import { getAPIBaseURL, APIClient } from '../../api';
+import { loadProjectConfig } from '../../config';
+import { findEnvFile, readEnvFile, writeEnvFile, filterAgentuitySdkKeys } from '../../env-util';
+
+export const deleteSubcommand = createSubcommand({
+	name: 'delete',
+	aliases: ['del', 'remove', 'rm'],
+	description: 'Delete a secret',
+	requiresAuth: true,
+	schema: {
+		args: z.object({
+			key: z.string().describe('the secret key to delete'),
+		}),
+		options: z.object({
+			dir: z.string().optional().describe('project directory (default: current directory)'),
+		}),
+	},
+
+	async handler(ctx) {
+		const { args, opts, config } = ctx;
+		const dir = opts?.dir ?? process.cwd();
+
+		// Load project config to get project ID
+		const projectConfig = await loadProjectConfig(dir);
+		if (!projectConfig) {
+			tui.fatal(`No Agentuity project found in ${dir}. Missing agentuity.json`);
+		}
+
+		const apiUrl = getAPIBaseURL(config);
+		const client = new APIClient(apiUrl, config);
+
+		// Delete from cloud (using secrets field)
+		await tui.spinner('Deleting secret from cloud', () => {
+			return projectEnvDelete(client, {
+				id: projectConfig.projectId,
+				secrets: [args.key],
+			});
+		});
+
+		// Update local .env.production file
+		const envFilePath = await findEnvFile(dir);
+		const currentEnv = await readEnvFile(envFilePath);
+		delete currentEnv[args.key];
+
+		// Filter out AGENTUITY_ keys before writing
+		const filteredEnv = filterAgentuitySdkKeys(currentEnv);
+		await writeEnvFile(envFilePath, filteredEnv);
+
+		tui.success(`Secret '${args.key}' deleted successfully (cloud + ${envFilePath})`);
+	},
+});

package/src/cmd/secret/get.ts

@@ -0,0 +1,67 @@
+import { z } from 'zod';
+import { createSubcommand } from '../../types';
+import * as tui from '../../tui';
+import { projectGet } from '@agentuity/server';
+import { getAPIBaseURL, APIClient } from '../../api';
+import { loadProjectConfig } from '../../config';
+import { maskSecret } from '../../env-util';
+
+export const getSubcommand = createSubcommand({
+	name: 'get',
+	description: 'Get a secret value',
+	requiresAuth: true,
+	schema: {
+		args: z.object({
+			key: z.string().describe('the secret key'),
+		}),
+		options: z.object({
+			dir: z.string().optional().describe('project directory (default: current directory)'),
+			mask: z
+				.boolean()
+				.default(!!process.stdout.isTTY)
+				.describe('mask the value in output (default: true in TTY, false otherwise)'),
+		}),
+	},
+
+	async handler(ctx) {
+		const { args, opts, config } = ctx;
+		const dir = opts?.dir ?? process.cwd();
+
+		// Load project config to get project ID
+		const projectConfig = await loadProjectConfig(dir);
+		if (!projectConfig) {
+			tui.fatal(`No Agentuity project found in ${dir}. Missing agentuity.json`);
+		}
+
+		const apiUrl = getAPIBaseURL(config);
+		const client = new APIClient(apiUrl, config);
+
+		// Fetch project with unmasked secrets
+		const project = await tui.spinner('Fetching secrets', () => {
+			return projectGet(client, { id: projectConfig.projectId, mask: false });
+		});
+
+		// Look for the key in secrets
+		const value = project.secrets?.[args.key];
+
+		if (value === undefined) {
+			tui.fatal(`Secret '${args.key}' not found`);
+		}
+
+		if (process.stdout.isTTY) {
+			// Display the value, masked by default
+			if (opts?.mask) {
+				tui.success(`${args.key}=${maskSecret(value)}`);
+			} else {
+				tui.success(`${args.key}=${value}`);
+			}
+		} else {
+			// Display the value, masked by default
+			if (opts?.mask) {
+				console.log(`${args.key}=${maskSecret(value)}`);
+			} else {
+				console.log(`${args.key}=${value}`);
+			}
+		}
+	},
+});

package/src/cmd/secret/import.ts

@@ -0,0 +1,79 @@
+import { z } from 'zod';
+import { createSubcommand } from '../../types';
+import * as tui from '../../tui';
+import { projectEnvUpdate } from '@agentuity/server';
+import { getAPIBaseURL, APIClient } from '../../api';
+import { loadProjectConfig } from '../../config';
+import {
+	findEnvFile,
+	readEnvFile,
+	writeEnvFile,
+	filterAgentuitySdkKeys,
+	mergeEnvVars,
+} from '../../env-util';
+
+export const importSubcommand = createSubcommand({
+	name: 'import',
+	description: 'Import secrets from a file to cloud and local .env.production',
+	requiresAuth: true,
+	schema: {
+		args: z.object({
+			file: z.string().describe('path to the .env file to import'),
+		}),
+		options: z.object({
+			dir: z.string().optional().describe('project directory (default: current directory)'),
+		}),
+	},
+
+	async handler(ctx) {
+		const { args, opts, config } = ctx;
+		const dir = opts?.dir ?? process.cwd();
+
+		// Load project config to get project ID
+		const projectConfig = await loadProjectConfig(dir);
+		if (!projectConfig) {
+			tui.fatal(`No Agentuity project found in ${dir}. Missing agentuity.json`);
+		}
+
+		// Read the import file
+		const importedSecrets = await readEnvFile(args.file);
+
+		if (Object.keys(importedSecrets).length === 0) {
+			tui.warning(`No secrets found in ${args.file}`);
+			return;
+		}
+
+		// Filter out AGENTUITY_ prefixed keys
+		const filteredSecrets = filterAgentuitySdkKeys(importedSecrets);
+
+		if (Object.keys(filteredSecrets).length === 0) {
+			tui.warning('No valid secrets to import (all were AGENTUITY_ prefixed)');
+			return;
+		}
+
+		const apiUrl = getAPIBaseURL(config);
+		const client = new APIClient(apiUrl, config);
+
+		// Push to cloud (using secrets field)
+		await tui.spinner('Importing secrets to cloud', () => {
+			return projectEnvUpdate(client, {
+				id: projectConfig.projectId,
+				secrets: filteredSecrets,
+			});
+		});
+
+		// Merge with local .env.production file
+		const localEnvPath = await findEnvFile(dir);
+		const localEnv = await readEnvFile(localEnvPath);
+		const mergedEnv = mergeEnvVars(localEnv, filteredSecrets);
+
+		await writeEnvFile(localEnvPath, mergedEnv, {
+			skipKeys: Object.keys(mergedEnv).filter((k) => k.startsWith('AGENTUITY_')),
+		});
+
+		const count = Object.keys(filteredSecrets).length;
+		tui.success(
+			`Imported ${count} secret${count !== 1 ? 's' : ''} from ${args.file} to cloud and ${localEnvPath}`
+		);
+	},
+});

package/src/cmd/secret/index.ts

@@ -0,0 +1,22 @@
+import { createCommand } from '../../types';
+import { pullSubcommand } from './pull';
+import { pushSubcommand } from './push';
+import { setSubcommand } from './set';
+import { getSubcommand } from './get';
+import { deleteSubcommand } from './delete';
+import { importSubcommand } from './import';
+import { listSubcommand } from './list';
+
+export const command = createCommand({
+	name: 'secret',
+	description: 'Manage secrets for your project',
+	subcommands: [
+		listSubcommand,
+		pullSubcommand,
+		pushSubcommand,
+		setSubcommand,
+		getSubcommand,
+		deleteSubcommand,
+		importSubcommand,
+	],
+});

package/src/cmd/secret/list.ts

@@ -0,0 +1,69 @@
+import { z } from 'zod';
+import { createSubcommand } from '../../types';
+import * as tui from '../../tui';
+import { projectGet } from '@agentuity/server';
+import { getAPIBaseURL, APIClient } from '../../api';
+import { loadProjectConfig } from '../../config';
+import { maskSecret } from '../../env-util';
+
+export const listSubcommand = createSubcommand({
+	name: 'list',
+	aliases: ['ls'],
+	description: 'List all secrets',
+	requiresAuth: true,
+	schema: {
+		options: z.object({
+			dir: z.string().optional().describe('project directory (default: current directory)'),
+			mask: z
+				.boolean()
+				.default(!!process.stdout.isTTY)
+				.describe('mask the values in output (default: true in TTY for secrets)'),
+		}),
+	},
+
+	async handler(ctx) {
+		const { opts, config } = ctx;
+		const dir = opts?.dir ?? process.cwd();
+
+		// Load project config to get project ID
+		const projectConfig = await loadProjectConfig(dir);
+		if (!projectConfig) {
+			tui.fatal(`No Agentuity project found in ${dir}. Missing agentuity.json`);
+		}
+
+		const apiUrl = getAPIBaseURL(config);
+		const client = new APIClient(apiUrl, config);
+
+		// Fetch project with unmasked secrets
+		const project = await tui.spinner('Fetching secrets', () => {
+			return projectGet(client, { id: projectConfig.projectId, mask: false });
+		});
+
+		const secrets = project.secrets || {};
+
+		if (Object.keys(secrets).length === 0) {
+			tui.info('No secrets found');
+			return;
+		}
+
+		// Display the secrets
+		if (process.stdout.isTTY) {
+			tui.newline();
+			tui.success(`Secrets (${Object.keys(secrets).length}):`);
+			tui.newline();
+		}
+
+		const sortedKeys = Object.keys(secrets).sort();
+		// For secrets, masking is enabled by default in TTY (can be disabled with --no-mask)
+		const shouldMask = opts?.mask !== false;
+		for (const key of sortedKeys) {
+			const value = secrets[key];
+			const displayValue = shouldMask ? maskSecret(value) : value;
+			if (process.stdout.isTTY) {
+				console.log(`${tui.bold(key)}=${displayValue}`);
+			} else {
+				console.log(`${key}=${displayValue}`);
+			}
+		}
+	},
+});

package/src/cmd/secret/pull.ts

@@ -0,0 +1,91 @@
+import { z } from 'zod';
+import { join } from 'node:path';
+import { createSubcommand } from '../../types';
+import * as tui from '../../tui';
+import { projectGet } from '@agentuity/server';
+import { getAPIBaseURL, APIClient } from '../../api';
+import { loadProjectConfig } from '../../config';
+import {
+	findEnvFile,
+	findExistingEnvFile,
+	readEnvFile,
+	writeEnvFile,
+	mergeEnvVars,
+} from '../../env-util';
+
+export const pullSubcommand = createSubcommand({
+	name: 'pull',
+	description: 'Pull secrets from cloud to local .env.production file',
+	requiresAuth: true,
+	schema: {
+		options: z.object({
+			dir: z.string().optional().describe('project directory (default: current directory)'),
+			force: z.boolean().default(false).describe('overwrite local values with cloud values'),
+		}),
+	},
+
+	async handler(ctx) {
+		const { opts, config } = ctx;
+		const dir = opts?.dir ?? process.cwd();
+
+		// Load project config to get project ID
+		const projectConfig = await loadProjectConfig(dir);
+		if (!projectConfig) {
+			tui.fatal(`No Agentuity project found in ${dir}. Missing agentuity.json`);
+		}
+
+		const apiUrl = getAPIBaseURL(config);
+		const client = new APIClient(apiUrl, config);
+
+		// Fetch project with unmasked secrets
+		const project = await tui.spinner('Pulling secrets from cloud', () => {
+			return projectGet(client, { id: projectConfig.projectId, mask: false });
+		});
+
+		const cloudSecrets = project.secrets || {};
+
+		// Read current local env from existing file (.env.production or .env)
+		const existingEnvPath = await findExistingEnvFile(dir);
+		const localEnv = await readEnvFile(existingEnvPath);
+
+		// Target file is always .env.production
+		const targetEnvPath = await findEnvFile(dir);
+
+		// Merge: cloud values override local if force=true, otherwise keep local
+		let mergedEnv: Record<string, string>;
+		if (opts?.force) {
+			// Cloud values take priority
+			mergedEnv = mergeEnvVars(localEnv, cloudSecrets);
+		} else {
+			// Local values take priority (only add new keys from cloud)
+			mergedEnv = mergeEnvVars(cloudSecrets, localEnv);
+		}
+
+		// Write to .env.production (skip AGENTUITY_ keys)
+		await writeEnvFile(targetEnvPath, mergedEnv, {
+			skipKeys: Object.keys(mergedEnv).filter((k) => k.startsWith('AGENTUITY_')),
+		});
+
+		// Write AGENTUITY_SDK_KEY to .env if present and missing locally
+		if (project.api_key) {
+			const dotEnvPath = join(dir, '.env');
+			const dotEnv = await readEnvFile(dotEnvPath);
+
+			if (!dotEnv.AGENTUITY_SDK_KEY) {
+				dotEnv.AGENTUITY_SDK_KEY = project.api_key;
+				await writeEnvFile(dotEnvPath, dotEnv, {
+					addComment: (key) => {
+						if (key === 'AGENTUITY_SDK_KEY') {
+							return 'AGENTUITY_SDK_KEY is a sensitive value and should not be committed to version control.';
+						}
+						return null;
+					},
+				});
+				tui.info(`Wrote AGENTUITY_SDK_KEY to ${dotEnvPath}`);
+			}
+		}
+
+		const count = Object.keys(cloudSecrets).length;
+		tui.success(`Pulled ${count} secret${count !== 1 ? 's' : ''} to ${targetEnvPath}`);
+	},
+});

package/src/cmd/secret/push.ts

@@ -0,0 +1,55 @@
+import { z } from 'zod';
+import { createSubcommand } from '../../types';
+import * as tui from '../../tui';
+import { projectEnvUpdate } from '@agentuity/server';
+import { getAPIBaseURL, APIClient } from '../../api';
+import { loadProjectConfig } from '../../config';
+import { findEnvFile, readEnvFile, filterAgentuitySdkKeys } from '../../env-util';
+
+export const pushSubcommand = createSubcommand({
+	name: 'push',
+	description: 'Push secrets from local .env.production file to cloud',
+	requiresAuth: true,
+	schema: {
+		options: z.object({
+			dir: z.string().optional().describe('project directory (default: current directory)'),
+		}),
+	},
+
+	async handler(ctx) {
+		const { opts, config } = ctx;
+		const dir = opts?.dir ?? process.cwd();
+
+		// Load project config to get project ID
+		const projectConfig = await loadProjectConfig(dir);
+		if (!projectConfig) {
+			tui.fatal(`No Agentuity project found in ${dir}. Missing agentuity.json`);
+		}
+
+		// Read local env file
+		const envFilePath = await findEnvFile(dir);
+		const localEnv = await readEnvFile(envFilePath);
+
+		// Filter out AGENTUITY_ prefixed keys (don't push SDK keys)
+		const filteredSecrets = filterAgentuitySdkKeys(localEnv);
+
+		if (Object.keys(filteredSecrets).length === 0) {
+			tui.warning('No secrets to push');
+			return;
+		}
+
+		const apiUrl = getAPIBaseURL(config);
+		const client = new APIClient(apiUrl, config);
+
+		// Push to cloud (using secrets field)
+		await tui.spinner('Pushing secrets to cloud', () => {
+			return projectEnvUpdate(client, {
+				id: projectConfig.projectId,
+				secrets: filteredSecrets,
+			});
+		});
+
+		const count = Object.keys(filteredSecrets).length;
+		tui.success(`Pushed ${count} secret${count !== 1 ? 's' : ''} to cloud`);
+	},
+});