npm - @agentuity/cli - Versions diffs - 2.0.5 → 2.0.7 - Mend

@agentuity/cli 2.0.5 → 2.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (128) hide show

package/README.md +11 -0
package/dist/cmd/build/patch/otel-llm.js +2 -2
package/dist/cmd/build/patch/otel-llm.js.map +1 -1
package/dist/cmd/build/vite/bun-dev-server.d.ts.map +1 -1
package/dist/cmd/build/vite/bun-dev-server.js +1 -0
package/dist/cmd/build/vite/bun-dev-server.js.map +1 -1
package/dist/cmd/build/vite/index.d.ts +0 -28
package/dist/cmd/build/vite/index.d.ts.map +1 -1
package/dist/cmd/build/vite/index.js +1 -104
package/dist/cmd/build/vite/index.js.map +1 -1
package/dist/cmd/build/vite/metadata-generator.d.ts.map +1 -1
package/dist/cmd/build/vite/metadata-generator.js +8 -2
package/dist/cmd/build/vite/metadata-generator.js.map +1 -1
package/dist/cmd/build/vite/vite-asset-server-config.d.ts +2 -0
package/dist/cmd/build/vite/vite-asset-server-config.d.ts.map +1 -1
package/dist/cmd/build/vite/vite-asset-server-config.js +5 -1
package/dist/cmd/build/vite/vite-asset-server-config.js.map +1 -1
package/dist/cmd/build/vite/vite-asset-server.d.ts +2 -0
package/dist/cmd/build/vite/vite-asset-server.d.ts.map +1 -1
package/dist/cmd/build/vite/vite-asset-server.js +2 -1
package/dist/cmd/build/vite/vite-asset-server.js.map +1 -1
package/dist/cmd/build/vite/vite-builder.d.ts.map +1 -1
package/dist/cmd/build/vite/vite-builder.js +143 -2
package/dist/cmd/build/vite/vite-builder.js.map +1 -1
package/dist/cmd/cloud/task/close.d.ts +3 -0
package/dist/cmd/cloud/task/close.d.ts.map +1 -0
package/dist/cmd/cloud/task/close.js +286 -0
package/dist/cmd/cloud/task/close.js.map +1 -0
package/dist/cmd/cloud/task/delete.d.ts +1 -5
package/dist/cmd/cloud/task/delete.d.ts.map +1 -1
package/dist/cmd/cloud/task/delete.js +15 -38
package/dist/cmd/cloud/task/delete.js.map +1 -1
package/dist/cmd/cloud/task/index.d.ts.map +1 -1
package/dist/cmd/cloud/task/index.js +10 -0
package/dist/cmd/cloud/task/index.js.map +1 -1
package/dist/cmd/cloud/task/list.d.ts.map +1 -1
package/dist/cmd/cloud/task/list.js +97 -3
package/dist/cmd/cloud/task/list.js.map +1 -1
package/dist/cmd/cloud/task/util.d.ts +10 -0
package/dist/cmd/cloud/task/util.d.ts.map +1 -1
package/dist/cmd/cloud/task/util.js +47 -3
package/dist/cmd/cloud/task/util.js.map +1 -1
package/dist/cmd/coder/config/index.d.ts +2 -0
package/dist/cmd/coder/config/index.d.ts.map +1 -0
package/dist/cmd/coder/config/index.js +20 -0
package/dist/cmd/coder/config/index.js.map +1 -0
package/dist/cmd/coder/config/set.d.ts +2 -0
package/dist/cmd/coder/config/set.d.ts.map +1 -0
package/dist/cmd/coder/config/set.js +100 -0
package/dist/cmd/coder/config/set.js.map +1 -0
package/dist/cmd/coder/hub-url.d.ts +21 -10
package/dist/cmd/coder/hub-url.d.ts.map +1 -1
package/dist/cmd/coder/hub-url.js +97 -55
package/dist/cmd/coder/hub-url.js.map +1 -1
package/dist/cmd/coder/index.d.ts.map +1 -1
package/dist/cmd/coder/index.js +6 -1
package/dist/cmd/coder/index.js.map +1 -1
package/dist/cmd/coder/inspect.d.ts.map +1 -1
package/dist/cmd/coder/inspect.js +15 -7
package/dist/cmd/coder/inspect.js.map +1 -1
package/dist/cmd/coder/list.d.ts.map +1 -1
package/dist/cmd/coder/list.js +14 -7
package/dist/cmd/coder/list.js.map +1 -1
package/dist/cmd/coder/start.d.ts.map +1 -1
package/dist/cmd/coder/start.js +38 -23
package/dist/cmd/coder/start.js.map +1 -1
package/dist/cmd/coder/tui-init.d.ts +4 -1
package/dist/cmd/coder/tui-init.d.ts.map +1 -1
package/dist/cmd/coder/tui-init.js +3 -2
package/dist/cmd/coder/tui-init.js.map +1 -1
package/dist/cmd/dev/index.d.ts.map +1 -1
package/dist/cmd/dev/index.js +1 -0
package/dist/cmd/dev/index.js.map +1 -1
package/dist/cmd/dev/sync.js +5 -5
package/dist/cmd/dev/sync.js.map +1 -1
package/dist/coder-config.d.ts +14 -0
package/dist/coder-config.d.ts.map +1 -0
package/dist/coder-config.js +119 -0
package/dist/coder-config.js.map +1 -0
package/dist/coder-hub-url.d.ts +3 -0
package/dist/coder-hub-url.d.ts.map +1 -0
package/dist/coder-hub-url.js +32 -0
package/dist/coder-hub-url.js.map +1 -0
package/dist/config.d.ts +1 -0
package/dist/config.d.ts.map +1 -1
package/dist/config.js +11 -0
package/dist/config.js.map +1 -1
package/dist/internal-logger.d.ts +4 -0
package/dist/internal-logger.d.ts.map +1 -1
package/dist/internal-logger.js +64 -2
package/dist/internal-logger.js.map +1 -1
package/dist/keychain.d.ts +3 -0
package/dist/keychain.d.ts.map +1 -1
package/dist/keychain.js +47 -28
package/dist/keychain.js.map +1 -1
package/dist/types.d.ts +4 -0
package/dist/types.d.ts.map +1 -1
package/dist/types.js +10 -0
package/dist/types.js.map +1 -1
package/package.json +6 -6
package/src/cmd/build/patch/otel-llm.ts +2 -2
package/src/cmd/build/vite/bun-dev-server.ts +1 -0
package/src/cmd/build/vite/index.ts +1 -148
package/src/cmd/build/vite/metadata-generator.ts +8 -2
package/src/cmd/build/vite/vite-asset-server-config.ts +16 -1
package/src/cmd/build/vite/vite-asset-server.ts +4 -0
package/src/cmd/build/vite/vite-builder.ts +171 -9
package/src/cmd/cloud/task/close.ts +319 -0
package/src/cmd/cloud/task/delete.ts +15 -43
package/src/cmd/cloud/task/index.ts +10 -0
package/src/cmd/cloud/task/list.ts +111 -4
package/src/cmd/cloud/task/util.ts +59 -5
package/src/cmd/coder/config/index.ts +20 -0
package/src/cmd/coder/config/set.ts +112 -0
package/src/cmd/coder/hub-url.ts +147 -53
package/src/cmd/coder/index.ts +6 -1
package/src/cmd/coder/inspect.ts +33 -10
package/src/cmd/coder/list.ts +33 -10
package/src/cmd/coder/start.ts +62 -26
package/src/cmd/coder/tui-init.ts +7 -2
package/src/cmd/dev/index.ts +1 -0
package/src/cmd/dev/sync.ts +5 -5
package/src/coder-config.ts +141 -0
package/src/coder-hub-url.ts +32 -0
package/src/config.ts +13 -0
package/src/internal-logger.ts +83 -2
package/src/keychain.ts +68 -39
package/src/types.ts +10 -0

package/src/internal-logger.ts CHANGED Viewed

@@ -43,6 +43,16 @@ const SENSITIVE_ENV_PATTERNS = [
 	/AUTH/i,
 ];
+const MASKED_ARG_VALUE = '***MASKED***';
+const SENSITIVE_ARG_PATTERNS = [
+	/^--?api[-_]?key$/i,
+	/^--?token$/i,
+	/^--?secret$/i,
+	/^--?password$/i,
+	/^--?client[-_]?secret$/i,
+	/^--?auth[-_]?value$/i,
+];
 interface SessionMetadata {
 	sessionId: string;
 	bucket: number;
@@ -102,6 +112,75 @@ function maskEnvironment(): Record<string, string> {
 	return masked;
 }
+function isSensitiveArgFlag(arg: string): boolean {
+	return SENSITIVE_ARG_PATTERNS.some((pattern) => pattern.test(arg));
+}
+function sanitizeArgsForLogging(args: string[]): string[] {
+	const sanitized: string[] = [];
+	let maskNextValue = false;
+	for (let i = 0; i < args.length; i += 1) {
+		const arg = args[i]!;
+		if (maskNextValue) {
+			if (!arg.startsWith('-')) {
+				sanitized.push(MASKED_ARG_VALUE);
+				maskNextValue = false;
+				continue;
+			}
+			sanitized.push(MASKED_ARG_VALUE);
+			maskNextValue = false;
+			i -= 1;
+			continue;
+		}
+		if (!arg.startsWith('-')) {
+			sanitized.push(arg);
+			continue;
+		}
+		const equalsIndex = arg.indexOf('=');
+		if (equalsIndex > 0) {
+			const flag = arg.slice(0, equalsIndex);
+			if (isSensitiveArgFlag(flag)) {
+				sanitized.push(`${flag}=${MASKED_ARG_VALUE}`);
+				continue;
+			}
+		}
+		sanitized.push(arg);
+		if (isSensitiveArgFlag(arg)) {
+			maskNextValue = true;
+		}
+	}
+	return sanitized;
+}
+export function sanitizeCliCommandForLogging(
+	command: string,
+	args: string[]
+): { command: string; args: string[] } {
+	const commandTokens = command ? command.split(' ') : [];
+	if (
+		commandTokens.length >= 5 &&
+		commandTokens[0] === 'coder' &&
+		commandTokens[1] === 'config' &&
+		commandTokens[2] === 'set' &&
+		commandTokens[3] === 'apikey'
+	) {
+		commandTokens[4] = MASKED_ARG_VALUE;
+	}
+	return {
+		command: commandTokens.join(' '),
+		args: sanitizeArgsForLogging(args),
+	};
+}
 /**
  * Get the logs directory path
  */
@@ -266,14 +345,16 @@ export class InternalLogger implements Logger {
 			// Use workingDir as cwd in session metadata
 			const cwd = workingDir;
+			const sanitizedInvocation = sanitizeCliCommandForLogging(command, args);
 			// Gather session metadata
 			const sessionMetadata: SessionMetadata = {
 				sessionId: this.sessionId,
 				bucket: this.bucket,
 				pid: process.pid,
 				ppid: process.ppid,
-				command,
-				args,
+				command: sanitizedInvocation.command,
+				args: sanitizedInvocation.args,
 				timestamp: new Date().toISOString(),
 				cli: {
 					version: this.cliVersion,

package/src/keychain.ts CHANGED Viewed

@@ -7,6 +7,8 @@
 const SERVICE_PREFIX = 'com.agentuity.cli';
 const KEY_ACCOUNT = 'aes-encryption-key';
+const AUTH_ACCOUNT = 'auth-token';
+const CODER_API_KEY_ACCOUNT = 'coder-hub-api-key';
 /**
  * Check if we're running on macOS
@@ -88,26 +90,15 @@ async function decrypt(combined: Uint8Array, keyBytes: Uint8Array): Promise<stri
 	return new TextDecoder().decode(plaintext);
 }
-/**
- * Store auth data in macOS Keychain
- */
-export async function saveAuthToKeychain(
-	profileName: string,
-	authData: { api_key: string; user_id: string; expires: number }
+async function saveEncryptedValueToKeychain(
+	service: string,
+	account: string,
+	value: string
 ): Promise<void> {
-	const service = `${SERVICE_PREFIX}.${profileName}`;
-	const account = 'auth-token';
-	// Get or create encryption key
 	const key = await ensureEncryptionKey(service);
-	// Encrypt the auth data
-	const json = JSON.stringify(authData);
-	const encrypted = await encrypt(json, key);
+	const encrypted = await encrypt(value, key);
 	const b64 = Buffer.from(encrypted).toString('base64');
-	// Store encrypted auth in keychain
-	// First try to delete if exists, then add
 	const del = Bun.spawn(['security', 'delete-generic-password', '-s', service, '-a', account], {
 		stderr: 'ignore',
 	});
@@ -127,6 +118,43 @@ export async function saveAuthToKeychain(
 	await add.exited;
 }
+async function getEncryptedValueFromKeychain(
+	service: string,
+	account: string
+): Promise<string | null> {
+	const find = Bun.spawn(
+		['security', 'find-generic-password', '-s', service, '-a', account, '-w'],
+		{ stderr: 'ignore' }
+	);
+	const stdout = await new Response(find.stdout).text();
+	if (stdout.length === 0) {
+		return null;
+	}
+	const encrypted = Uint8Array.from(Buffer.from(stdout.trim(), 'base64'));
+	const key = await ensureEncryptionKey(service);
+	return decrypt(encrypted, key);
+}
+async function deleteValueFromKeychain(service: string, account: string): Promise<void> {
+	const del = Bun.spawn(['security', 'delete-generic-password', '-s', service, '-a', account], {
+		stderr: 'ignore',
+	});
+	await del.exited;
+}
+/**
+ * Store auth data in macOS Keychain
+ */
+export async function saveAuthToKeychain(
+	profileName: string,
+	authData: { api_key: string; user_id: string; expires: number }
+): Promise<void> {
+	const service = `${SERVICE_PREFIX}.${profileName}`;
+	await saveEncryptedValueToKeychain(service, AUTH_ACCOUNT, JSON.stringify(authData));
+}
 /**
  * Retrieve auth data from macOS Keychain
  */
@@ -134,28 +162,12 @@ export async function getAuthFromKeychain(
 	profileName: string
 ): Promise<{ api_key: string; user_id: string; expires: number } | null> {
 	const service = `${SERVICE_PREFIX}.${profileName}`;
-	const account = 'auth-token';
 	try {
-		// Get the encrypted auth data
-		const find = Bun.spawn(
-			['security', 'find-generic-password', '-s', service, '-a', account, '-w'],
-			{ stderr: 'ignore' }
-		);
-		const stdout = await new Response(find.stdout).text();
-		if (stdout.length === 0) {
+		const json = await getEncryptedValueFromKeychain(service, AUTH_ACCOUNT);
+		if (!json) {
 			return null;
 		}
-		const b64 = stdout.trim();
-		const encrypted = Uint8Array.from(Buffer.from(b64, 'base64'));
-		// Get the encryption key
-		const key = await ensureEncryptionKey(service);
-		// Decrypt the auth data
-		const json = await decrypt(encrypted, key);
 		return JSON.parse(json);
 	} catch {
 		return null;
@@ -167,10 +179,27 @@ export async function getAuthFromKeychain(
  */
 export async function deleteAuthFromKeychain(profileName: string): Promise<void> {
 	const service = `${SERVICE_PREFIX}.${profileName}`;
-	const account = 'auth-token';
+	await deleteValueFromKeychain(service, AUTH_ACCOUNT);
+}
-	const del = Bun.spawn(['security', 'delete-generic-password', '-s', service, '-a', account], {
-		stderr: 'ignore',
-	});
-	await del.exited;
+export async function saveCoderApiKeyToKeychain(
+	profileName: string,
+	apiKey: string
+): Promise<void> {
+	const service = `${SERVICE_PREFIX}.${profileName}`;
+	await saveEncryptedValueToKeychain(service, CODER_API_KEY_ACCOUNT, apiKey);
+}
+export async function getCoderApiKeyFromKeychain(profileName: string): Promise<string | null> {
+	const service = `${SERVICE_PREFIX}.${profileName}`;
+	try {
+		return await getEncryptedValueFromKeychain(service, CODER_API_KEY_ACCOUNT);
+	} catch {
+		return null;
+	}
+}
+export async function deleteCoderApiKeyFromKeychain(profileName: string): Promise<void> {
+	const service = `${SERVICE_PREFIX}.${profileName}`;
+	await deleteValueFromKeychain(service, CODER_API_KEY_ACCOUNT);
 }

package/src/types.ts CHANGED Viewed

@@ -61,6 +61,16 @@ export const ConfigSchema = zod.object({
 		})
 		.optional()
 		.describe('User preferences'),
+	coder: zod
+		.object({
+			hubUrl: zod.string().optional().describe('Default Coder Hub URL'),
+			apiKey: zod
+				.string()
+				.optional()
+				.describe('Stored Coder Hub API key when secure keychain storage is unavailable'),
+		})
+		.optional()
+		.describe('Coder Hub configuration managed by coder config commands'),
 	gravity: zod
 		.object({
 			version: zod.string().optional().describe('The current gravity version'),