@agentuity/cli 1.0.6 → 1.0.7

package/src/cmd/cloud/env/push.ts

@@ -1,7 +1,7 @@
 import { z } from 'zod';
 import { createSubcommand } from '../../../types';
 import * as tui from '../../../tui';
-import { projectEnvUpdate, orgEnvUpdate } from '@agentuity/server';
+import { projectEnvUpdate, orgEnvUpdate, projectGet, orgEnvGet } from '@agentuity/server';
 import {
 	findExistingEnvFile,
 	readEnvFile,
@@ -11,14 +11,19 @@ import {
 } from '../../../env-util';
 import { getCommand } from '../../../command-prefix';
 import { resolveOrgId, isOrgScope } from './org-util';
+import { computeEnvDiff, displayEnvDiff } from './env-diff';
 
 const EnvPushResponseSchema = z.object({
 	success: z.boolean().describe('Whether push succeeded'),
 	pushed: z.number().describe('Number of items pushed'),
 	envCount: z.number().describe('Number of env vars pushed'),
 	secretCount: z.number().describe('Number of secrets pushed'),
+	newCount: z.number().describe('Number of new variables added'),
+	changedCount: z.number().describe('Number of existing variables overwritten'),
+	unchangedCount: z.number().describe('Number of unchanged variables'),
 	source: z.string().describe('Source file path'),
 	scope: z.enum(['project', 'org']).describe('The scope where variables were pushed'),
+	force: z.boolean().describe('Whether force mode was used'),
 });
 
 export const pushSubcommand = createSubcommand({
@@ -39,6 +44,7 @@ export const pushSubcommand = createSubcommand({
 				.union([z.boolean(), z.string()])
 				.optional()
 				.describe('push to organization level (use --org for default org)'),
+			force: z.boolean().default(false).describe('overwrite remote values without confirmation'),
 		}),
 		response: EnvPushResponseSchema,
 	},
@@ -59,6 +65,8 @@ export const pushSubcommand = createSubcommand({
 		// Filter out reserved AGENTUITY_ prefixed keys
 		const filteredEnv = filterAgentuitySdkKeys(localEnv);
 
+		const forceMode = opts?.force ?? false;
+
 		if (Object.keys(filteredEnv).length === 0) {
 			tui.warning('No variables to push');
 			return {
@@ -66,8 +74,12 @@ export const pushSubcommand = createSubcommand({
 				pushed: 0,
 				envCount: 0,
 				secretCount: 0,
+				newCount: 0,
+				changedCount: 0,
+				unchangedCount: 0,
 				source: envFilePath,
 				scope: useOrgScope ? ('org' as const) : ('project' as const),
+				force: forceMode,
 			};
 		}
 
@@ -93,6 +105,38 @@ export const pushSubcommand = createSubcommand({
 			// Organization scope
 			const orgId = await resolveOrgId(apiClient, config, opts!.org!);
 
+			// Fetch remote state to compute diff
+			const orgData = await tui.spinner('Fetching remote variables', () => {
+				return orgEnvGet(apiClient, { id: orgId, mask: false });
+			});
+
+			const diff = computeEnvDiff(env, secrets, orgData.env || {}, orgData.secrets || {});
+
+			displayEnvDiff(diff, { direction: 'push' });
+
+			// Prompt for confirmation if there are changes to existing variables
+			if (diff.changedEntries.length > 0 && !forceMode) {
+				const confirmed = await tui.confirm(
+					`${diff.changedEntries.length} existing variable${diff.changedEntries.length !== 1 ? 's' : ''} will be overwritten. Continue?`,
+					true
+				);
+				if (!confirmed) {
+					tui.info('Push cancelled');
+					return {
+						success: false,
+						pushed: 0,
+						envCount: 0,
+						secretCount: 0,
+						newCount: 0,
+						changedCount: 0,
+						unchangedCount: 0,
+						source: envFilePath,
+						scope: 'org' as const,
+						force: forceMode,
+					};
+				}
+			}
+
 			await tui.spinner('Pushing variables to organization', () => {
 				return orgEnvUpdate(apiClient, {
 					id: orgId,
@@ -106,7 +150,7 @@ export const pushSubcommand = createSubcommand({
 			const totalCount = envCount + secretCount;
 
 			tui.success(
-				`Pushed ${totalCount} variable${totalCount !== 1 ? 's' : ''} to organization (${envCount} env, ${secretCount} secret${secretCount !== 1 ? 's' : ''})`
+				`Pushed ${totalCount} variable${totalCount !== 1 ? 's' : ''} to organization (${diff.newEntries.length} new, ${diff.changedEntries.length} updated, ${diff.unchangedEntries.length} unchanged)`
 			);
 
 			return {
@@ -114,17 +158,58 @@ export const pushSubcommand = createSubcommand({
 				pushed: totalCount,
 				envCount,
 				secretCount,
+				newCount: diff.newEntries.length,
+				changedCount: diff.changedEntries.length,
+				unchangedCount: diff.unchangedEntries.length,
 				source: envFilePath,
 				scope: 'org' as const,
+				force: forceMode,
 			};
 		} else {
-			// Project scope (existing behavior)
+			// Project scope
 			if (!project) {
 				tui.fatal(
 					'Project context required. Run from a project directory or use --org for organization scope.'
 				);
 			}
 
+			// Fetch remote state to compute diff
+			const projectData = await tui.spinner('Fetching remote variables', () => {
+				return projectGet(apiClient, { id: project.projectId, mask: false });
+			});
+
+			const diff = computeEnvDiff(
+				env,
+				secrets,
+				projectData.env || {},
+				projectData.secrets || {}
+			);
+
+			displayEnvDiff(diff, { direction: 'push' });
+
+			// Prompt for confirmation if there are changes to existing variables
+			if (diff.changedEntries.length > 0 && !forceMode) {
+				const confirmed = await tui.confirm(
+					`${diff.changedEntries.length} existing variable${diff.changedEntries.length !== 1 ? 's' : ''} will be overwritten. Continue?`,
+					true
+				);
+				if (!confirmed) {
+					tui.info('Push cancelled');
+					return {
+						success: false,
+						pushed: 0,
+						envCount: 0,
+						secretCount: 0,
+						newCount: 0,
+						changedCount: 0,
+						unchangedCount: 0,
+						source: envFilePath,
+						scope: 'project' as const,
+						force: forceMode,
+					};
+				}
+			}
+
 			await tui.spinner('Pushing variables to cloud', () => {
 				return projectEnvUpdate(apiClient, {
 					id: project.projectId,
@@ -138,7 +223,7 @@ export const pushSubcommand = createSubcommand({
 			const totalCount = envCount + secretCount;
 
 			tui.success(
-				`Pushed ${totalCount} variable${totalCount !== 1 ? 's' : ''} to cloud (${envCount} env, ${secretCount} secret${secretCount !== 1 ? 's' : ''})`
+				`Pushed ${totalCount} variable${totalCount !== 1 ? 's' : ''} to cloud (${diff.newEntries.length} new, ${diff.changedEntries.length} updated, ${diff.unchangedEntries.length} unchanged)`
 			);
 
 			return {
@@ -146,8 +231,12 @@ export const pushSubcommand = createSubcommand({
 				pushed: totalCount,
 				envCount,
 				secretCount,
+				newCount: diff.newEntries.length,
+				changedCount: diff.changedEntries.length,
+				unchangedCount: diff.unchangedEntries.length,
 				source: envFilePath,
 				scope: 'project' as const,
+				force: forceMode,
 			};
 		}
 	},

package/src/cmd/cloud/env/set.ts

@@ -13,20 +13,80 @@ import {
 import { getCommand } from '../../../command-prefix';
 import { resolveOrgId, isOrgScope } from './org-util';
 
+interface ParsedEnvPair {
+	key: string;
+	value: string;
+}
+
+/**
+ * Parse env set arguments into key-value pairs.
+ * Supports two formats:
+ * - Legacy: KEY VALUE (exactly 2 args)
+ * - KEY=VALUE format: KEY1=VALUE1 [KEY2=VALUE2 ...]
+ */
+function parseEnvArgs(rawArgs: string[]): ParsedEnvPair[] {
+	if (rawArgs.length === 0) {
+		tui.fatal(
+			'No arguments provided. Usage: env set KEY VALUE or env set KEY=VALUE [KEY2=VALUE2 ...]'
+		);
+	}
+
+	// Check if first arg contains '=' — if so, treat ALL args as KEY=VALUE format
+	const firstArg = rawArgs[0]!;
+	if (firstArg.includes('=')) {
+		const pairs: ParsedEnvPair[] = [];
+		for (const arg of rawArgs) {
+			const eqIndex = arg.indexOf('=');
+			if (eqIndex === -1 || eqIndex === 0) {
+				tui.fatal(`Invalid format: '${arg}'. Expected KEY=VALUE format.`);
+			}
+			const key = arg.substring(0, eqIndex);
+			const value = arg.substring(eqIndex + 1);
+			if (!key) {
+				tui.fatal(`Invalid format: '${arg}'. Key cannot be empty.`);
+			}
+			pairs.push({ key, value });
+		}
+		return pairs;
+	}
+
+	// Legacy format: exactly 2 args = KEY VALUE
+	if (rawArgs.length === 2) {
+		const key = rawArgs[0]!.trim();
+		if (!key) {
+			tui.fatal(
+				'Invalid format: key cannot be empty. Usage: env set KEY VALUE or env set KEY=VALUE'
+			);
+		}
+		return [{ key, value: rawArgs[1]! }];
+	}
+
+	// Ambiguous: 1 arg without '=' or 3+ args without '='
+	if (rawArgs.length === 1) {
+		tui.fatal(`Missing value for '${rawArgs[0]}'. Usage: env set KEY VALUE or env set KEY=VALUE`);
+	}
+
+	// 3+ args without '=' in first arg
+	tui.fatal(
+		'Multiple variables must use KEY=VALUE format. Usage: env set KEY1=VALUE1 KEY2=VALUE2 ...'
+	);
+}
+
 const EnvSetResponseSchema = z.object({
 	success: z.boolean().describe('Whether the operation succeeded'),
-	key: z.string().describe('Environment variable key'),
+	keys: z.array(z.string()).describe('Environment variable keys that were set'),
 	path: z
 		.string()
 		.optional()
-		.describe('Local file path where env var was saved (project scope only)'),
-	secret: z.boolean().describe('Whether the value was stored as a secret'),
-	scope: z.enum(['project', 'org']).describe('The scope where the variable was set'),
+		.describe('Local file path where env vars were saved (project scope only)'),
+	secretKeys: z.array(z.string()).describe('Keys that were stored as secrets'),
+	envKeys: z.array(z.string()).describe('Keys that were stored as env vars'),
+	scope: z.enum(['project', 'org']).describe('The scope where the variables were set'),
 });
 
 export const setSubcommand = createSubcommand({
 	name: 'set',
-	description: 'Set an environment variable or secret',
+	description: 'Set one or more environment variables or secrets',
 	tags: ['mutating', 'updates-resource', 'slow', 'requires-auth'],
 	idempotent: true,
 	requires: { auth: true, apiClient: true },
@@ -36,7 +96,15 @@ export const setSubcommand = createSubcommand({
 			command: getCommand('env set NODE_ENV production'),
 			description: 'Set environment variable',
 		},
+		{
+			command: getCommand('env set NODE_ENV=production'),
+			description: 'Set using KEY=VALUE format',
+		},
 		{ command: getCommand('env set PORT 3000'), description: 'Set port number' },
+		{
+			command: getCommand('env set NODE_ENV=production LOG_LEVEL=info PORT=3000'),
+			description: 'Set multiple variables at once',
+		},
 		{
 			command: getCommand('env set API_KEY "sk_..." --secret'),
 			description: 'Set a secret value',
@@ -48,8 +116,7 @@ export const setSubcommand = createSubcommand({
 	],
 	schema: {
 		args: z.object({
-			key: z.string().describe('the environment variable key'),
-			value: z.string().describe('the environment variable value'),
+			args: z.array(z.string()).describe('KEY VALUE or KEY=VALUE [KEY2=VALUE2 ...]'),
 		}),
 		options: z.object({
 			secret: z
@@ -67,8 +134,9 @@ export const setSubcommand = createSubcommand({
 	},
 
 	async handler(ctx) {
-		const { args, opts, apiClient, project, projectDir, config } = ctx;
+		const { args: cmdArgs, opts, apiClient, project, projectDir, config } = ctx;
 		const useOrgScope = isOrgScope(opts?.org);
+		const forceSecret = opts?.secret ?? false;
 
 		// Require project context if not using org scope
 		if (!useOrgScope && !project) {
@@ -77,86 +145,145 @@ export const setSubcommand = createSubcommand({
 			);
 		}
 
-		let isSecret = opts?.secret ?? false;
-		const isPublic = isPublicVarKey(args.key);
+		const pairs = parseEnvArgs(cmdArgs.args);
 
-		// Validate key doesn't start with reserved AGENTUITY_ prefix (except AGENTUITY_PUBLIC_)
-		if (isReservedAgentuityKey(args.key)) {
-			tui.fatal('Cannot set AGENTUITY_ prefixed variables. These are reserved for system use.');
+		// Validate all keys first
+		for (const pair of pairs) {
+			if (isReservedAgentuityKey(pair.key)) {
+				tui.fatal(
+					`Cannot set AGENTUITY_ prefixed variables: '${pair.key}'. These are reserved for system use.`
+				);
+			}
 		}
 
-		// Validate public vars cannot be secrets
-		if (isSecret && isPublic) {
-			tui.fatal(
-				`Cannot set public variables as secrets. Keys with prefixes (${PUBLIC_VAR_PREFIXES.join(', ')}) are exposed to the frontend.`
-			);
+		// Reject duplicate keys
+		const seenKeys = new Set<string>();
+		for (const pair of pairs) {
+			if (seenKeys.has(pair.key)) {
+				tui.fatal(`Duplicate key '${pair.key}'. Each variable may only be specified once.`);
+			}
+			seenKeys.add(pair.key);
 		}
 
-		// Auto-detect if this looks like a secret and offer to store as secret
-		// Skip auto-detect for public vars since they can never be secrets
-		if (!isSecret && !isPublic && looksLikeSecret(args.key, args.value)) {
-			tui.warning(`The variable '${args.key}' looks like it should be a secret.`);
+		// Classify each pair as env or secret
+		const envPairs: Record<string, string> = {};
+		const secretPairs: Record<string, string> = {};
+		const secretKeysList: string[] = [];
+		const envKeysList: string[] = [];
+
+		for (const pair of pairs) {
+			const isPublic = isPublicVarKey(pair.key);
+			let isSecret = forceSecret;
 
-			const storeAsSecret = await tui.confirm('Store as a secret instead?', true);
+			// Validate public vars cannot be secrets
+			if (isSecret && isPublic) {
+				tui.fatal(
+					`Cannot set public variables as secrets. '${pair.key}' (prefix ${PUBLIC_VAR_PREFIXES.join(', ')}) is exposed to the frontend.`
+				);
+			}
+
+			// Auto-detect if this looks like a secret and offer to store as secret
+			// Skip auto-detect for public vars since they can never be secrets
+			if (!isSecret && !isPublic && looksLikeSecret(pair.key, pair.value)) {
+				if (pairs.length === 1) {
+					// Single pair: offer interactive prompt (existing behavior)
+					tui.warning(`The variable '${pair.key}' looks like it should be a secret.`);
+					const storeAsSecret = await tui.confirm('Store as a secret instead?', true);
+					if (storeAsSecret) {
+						isSecret = true;
+					}
+				} else {
+					// Multiple pairs: auto-detect silently
+					isSecret = true;
+					tui.info(`Auto-detected '${pair.key}' as a secret`);
+				}
+			}
 
-			if (storeAsSecret) {
-				isSecret = true;
+			if (isSecret) {
+				secretPairs[pair.key] = pair.value;
+				secretKeysList.push(pair.key);
+			} else {
+				envPairs[pair.key] = pair.value;
+				envKeysList.push(pair.key);
 			}
 		}
 
-		const label = isSecret ? 'secret' : 'environment variable';
+		const totalCount = pairs.length;
+		const allKeys = [...envKeysList, ...secretKeysList];
+		const secretSuffix =
+			secretKeysList.length > 0
+				? ` (${secretKeysList.length} secret${secretKeysList.length !== 1 ? 's' : ''})`
+				: '';
 
 		if (useOrgScope) {
 			// Organization scope
 			const orgId = await resolveOrgId(apiClient, config, opts!.org!);
 
-			const updatePayload = isSecret
-				? { id: orgId, secrets: { [args.key]: args.value } }
-				: { id: orgId, env: { [args.key]: args.value } };
+			const updatePayload: {
+				id: string;
+				env?: Record<string, string>;
+				secrets?: Record<string, string>;
+			} = { id: orgId };
+			if (Object.keys(envPairs).length > 0) updatePayload.env = envPairs;
+			if (Object.keys(secretPairs).length > 0) updatePayload.secrets = secretPairs;
 
-			await tui.spinner(`Setting organization ${label} in cloud`, () => {
-				return orgEnvUpdate(apiClient, updatePayload);
-			});
+			await tui.spinner(
+				`Setting ${totalCount} organization variable${totalCount !== 1 ? 's' : ''} in cloud`,
+				() => {
+					return orgEnvUpdate(apiClient, updatePayload);
+				}
+			);
 
 			tui.success(
-				`Organization ${isSecret ? 'secret' : 'environment variable'} '${args.key}' set successfully (affects all projects in org)`
+				`Organization variable${totalCount !== 1 ? 's' : ''} set successfully: ${allKeys.join(', ')}${secretSuffix}`
 			);
 
 			return {
 				success: true,
-				key: args.key,
-				secret: isSecret,
+				keys: allKeys,
+				secretKeys: secretKeysList,
+				envKeys: envKeysList,
 				scope: 'org' as const,
 			};
 		} else {
-			// Project scope (existing behavior)
-			const updatePayload = isSecret
-				? { id: project!.projectId, secrets: { [args.key]: args.value } }
-				: { id: project!.projectId, env: { [args.key]: args.value } };
+			// Project scope
+			const updatePayload: {
+				id: string;
+				env?: Record<string, string>;
+				secrets?: Record<string, string>;
+			} = { id: project!.projectId };
+			if (Object.keys(envPairs).length > 0) updatePayload.env = envPairs;
+			if (Object.keys(secretPairs).length > 0) updatePayload.secrets = secretPairs;
 
-			await tui.spinner(`Setting ${label} in cloud`, () => {
-				return projectEnvUpdate(apiClient, updatePayload);
-			});
+			await tui.spinner(
+				`Setting ${totalCount} variable${totalCount !== 1 ? 's' : ''} in cloud`,
+				() => {
+					return projectEnvUpdate(apiClient, updatePayload);
+				}
+			);
 
 			// Update local .env file only if we have a project directory
-			// (not when using --project-id without being in a project folder)
 			let envFilePath: string | undefined;
 			if (projectDir) {
 				envFilePath = await findExistingEnvFile(projectDir);
-				// Write only the new key - writeEnvFile preserves existing keys by default
-				await writeEnvFile(envFilePath, { [args.key]: args.value });
+				const allPairsForLocal: Record<string, string> = {
+					...envPairs,
+					...secretPairs,
+				};
+				await writeEnvFile(envFilePath, allPairsForLocal);
 			}
 
-			const successMsg = envFilePath
-				? `${isSecret ? 'Secret' : 'Environment variable'} '${args.key}' set successfully (cloud + ${envFilePath})`
-				: `${isSecret ? 'Secret' : 'Environment variable'} '${args.key}' set successfully (cloud only)`;
-			tui.success(successMsg);
+			const locationMsg = envFilePath ? ` (cloud + ${envFilePath})` : ' (cloud only)';
+			tui.success(
+				`Variable${totalCount !== 1 ? 's' : ''} set successfully: ${allKeys.join(', ')}${secretSuffix}${locationMsg}`
+			);
 
 			return {
 				success: true,
-				key: args.key,
+				keys: allKeys,
 				path: envFilePath,
-				secret: isSecret,
+				secretKeys: secretKeysList,
+				envKeys: envKeysList,
 				scope: 'project' as const,
 			};
 		}