@curenorway/kode-cli 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +37 -2
- package/dist/{chunk-NWXEBN2N.js → chunk-Q64DBAYJ.js} +884 -42
- package/dist/cli.js +171 -4
- package/dist/index.d.ts +96 -1
- package/dist/index.js +25 -3
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -124,7 +124,7 @@ Global configuration is stored in `~/.config/cure-kode/config.json`:
|
|
|
124
124
|
|
|
125
125
|
```json
|
|
126
126
|
{
|
|
127
|
-
"apiUrl": "https://
|
|
127
|
+
"apiUrl": "https://app.cure.no"
|
|
128
128
|
}
|
|
129
129
|
```
|
|
130
130
|
|
|
@@ -195,7 +195,7 @@ kode deploy --promote
|
|
|
195
195
|
## API Key
|
|
196
196
|
|
|
197
197
|
Get your API key from the Cure app:
|
|
198
|
-
1. Go to https://
|
|
198
|
+
1. Go to https://app.cure.no/tools/kode
|
|
199
199
|
2. Open your site settings
|
|
200
200
|
3. Generate an API key with appropriate permissions
|
|
201
201
|
|
|
@@ -211,6 +211,41 @@ Get your API key from the Cure app:
|
|
|
211
211
|
- Node.js 18 or later
|
|
212
212
|
- Cure Kode API key
|
|
213
213
|
|
|
214
|
+
## Security
|
|
215
|
+
|
|
216
|
+
### API Key Storage
|
|
217
|
+
|
|
218
|
+
- API keys stored locally in `.cure-kode/config.json`
|
|
219
|
+
- Directory is automatically gitignored during `kode init`
|
|
220
|
+
- Keys are **SHA256 hashed** before server storage
|
|
221
|
+
|
|
222
|
+
### Permissions Model
|
|
223
|
+
|
|
224
|
+
API keys have granular, site-scoped permissions:
|
|
225
|
+
|
|
226
|
+
| Permission | CLI Commands |
|
|
227
|
+
|------------|--------------|
|
|
228
|
+
| `read` | `pull`, `status`, `html`, `pages`, `context` |
|
|
229
|
+
| `write` | `push`, `watch` |
|
|
230
|
+
| `deploy` | `deploy` |
|
|
231
|
+
| `delete` | (delete scripts) |
|
|
232
|
+
|
|
233
|
+
### Network Security
|
|
234
|
+
|
|
235
|
+
The HTML fetch feature (`kode html`) includes **SSRF protection**:
|
|
236
|
+
|
|
237
|
+
- Blocks private IP ranges (127.x.x.x, 10.x.x.x, 172.16-31.x.x, 192.168.x.x)
|
|
238
|
+
- Blocks localhost and internal domain names
|
|
239
|
+
- Blocks cloud metadata endpoints (169.254.169.254)
|
|
240
|
+
- Only allows HTTP/HTTPS protocols
|
|
241
|
+
|
|
242
|
+
### Best Practices
|
|
243
|
+
|
|
244
|
+
1. **Never commit** `.cure-kode/config.json` to version control
|
|
245
|
+
2. Use **separate keys** for different environments
|
|
246
|
+
3. Use **read-only keys** when possible
|
|
247
|
+
4. **Rotate keys** periodically and when team members leave
|
|
248
|
+
|
|
214
249
|
## Troubleshooting
|
|
215
250
|
|
|
216
251
|
### "No project found"
|