@enactprotocol/cli 2.1.21 → 2.1.23

package/dist/index.js

@@ -9,7 +9,7 @@ import { ensureGlobalSetup } from "@enactprotocol/shared";
 import { Command } from "commander";
 import { configureAuthCommand, configureCacheCommand, configureConfigCommand, configureEnvCommand, configureExecCommand, configureInfoCommand, configureInitCommand, configureInspectCommand, configureInstallCommand, configureLearnCommand, configureListCommand, configurePublishCommand, configureReportCommand, configureRunCommand, configureSearchCommand, configureSetupCommand, configureSignCommand, configureTrustCommand, configureUnyankCommand, configureVisibilityCommand, configureYankCommand, } from "./commands";
 import { error, formatError } from "./utils";
-export const version = "2.1.21";
+export const version = "2.1.23";
 // Main CLI entry point
 async function main() {
     // Ensure global setup is complete on first run

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@enactprotocol/cli",
-  "version": "2.1.21",
+  "version": "2.1.23",
   "description": "Command-line interface for Enact - the npm for AI tools",
   "type": "module",
   "main": "./dist/index.js",
@@ -34,10 +34,10 @@
   },
   "dependencies": {
     "@clack/prompts": "^0.11.0",
-    "@enactprotocol/api": "2.1.21",
-    "@enactprotocol/execution": "2.1.21",
-    "@enactprotocol/secrets": "2.1.21",
-    "@enactprotocol/shared": "2.1.21",
+    "@enactprotocol/api": "2.1.23",
+    "@enactprotocol/execution": "2.1.23",
+    "@enactprotocol/secrets": "2.1.23",
+    "@enactprotocol/shared": "2.1.23",
     "commander": "^12.1.0",
     "picocolors": "^1.1.1"
   },

package/src/commands/auth/index.ts

@@ -151,45 +151,63 @@ export async function getValidToken(): Promise<string | null> {
     return null;
   }
 
-  // Check if token is expired
+  // Check if token is expired using stored expiry or JWT exp claim
   const expiryStr = await getSecret(AUTH_NAMESPACE, TOKEN_EXPIRY_KEY);
+  let isExpiredOrExpiring = false;
+
   if (expiryStr) {
     const expiry = new Date(expiryStr);
-    if (expiry.getTime() - Date.now() < 60000) {
-      // Less than 1 minute left, try to refresh
-      const refreshToken = await getStoredRefreshToken();
-      if (refreshToken) {
-        const authMethod = await getSecret(AUTH_NAMESPACE, AUTH_METHOD_KEY);
-
-        if (authMethod === "supabase") {
-          // Use Supabase refresh
-          const result = await refreshSupabaseToken(refreshToken);
-          if (result) {
-            await storeTokens(
-              result.access_token,
-              result.refresh_token,
-              result.expires_in,
-              "supabase"
-            );
-            return result.access_token;
-          }
-        } else {
-          // Use legacy API refresh
-          try {
-            const client = createApiClient();
-            const result = await refreshAccessToken(client, refreshToken);
-            await storeTokens(result.access_token, refreshToken, result.expires_in, "legacy");
-            return result.access_token;
-          } catch {
-            // Refresh failed
-          }
+    isExpiredOrExpiring = expiry.getTime() - Date.now() < 60000; // Less than 1 minute left
+  } else {
+    // No stored expiry - check JWT exp claim directly
+    try {
+      const [, payloadBase64] = accessToken.split(".");
+      if (payloadBase64) {
+        const payload = JSON.parse(Buffer.from(payloadBase64, "base64").toString());
+        if (payload.exp) {
+          isExpiredOrExpiring = payload.exp * 1000 - Date.now() < 60000;
         }
+      }
+    } catch {
+      // Can't parse JWT, assume it might be expired
+      isExpiredOrExpiring = true;
+    }
+  }
 
-        // Refresh failed, need to re-authenticate
-        await clearStoredTokens();
-        return null;
+  if (isExpiredOrExpiring) {
+    // Try to refresh
+    const refreshToken = await getStoredRefreshToken();
+    if (refreshToken) {
+      const authMethod = await getSecret(AUTH_NAMESPACE, AUTH_METHOD_KEY);
+
+      if (authMethod === "supabase") {
+        // Use Supabase refresh
+        const result = await refreshSupabaseToken(refreshToken);
+        if (result) {
+          await storeTokens(
+            result.access_token,
+            result.refresh_token,
+            result.expires_in,
+            "supabase"
+          );
+          return result.access_token;
+        }
+      } else {
+        // Use legacy API refresh
+        try {
+          const client = createApiClient();
+          const result = await refreshAccessToken(client, refreshToken);
+          await storeTokens(result.access_token, refreshToken, result.expires_in, "legacy");
+          return result.access_token;
+        } catch {
+          // Refresh failed
+        }
       }
     }
+
+    // Refresh failed or no refresh token, need to re-authenticate
+    await clearStoredTokens();
+    return null;
   }
 
   return accessToken;

package/src/commands/info/index.ts

@@ -218,11 +218,16 @@ async function infoHandler(
     config.registry?.url ??
     "https://siikwkfgsmouioodghho.supabase.co/functions/v1";
 
-  // Get auth token - try stored JWT first (for private tools), then fall back to config
+  // Get auth token - try stored JWT first (for private tools), then fall back to config/env/anon
   const { getValidToken } = await import("../auth/index.js");
   let authToken: string | undefined = (await getValidToken()) ?? undefined;
   if (!authToken) {
-    authToken = config.registry?.authToken;
+    authToken = config.registry?.authToken ?? process.env.ENACT_AUTH_TOKEN;
+  }
+  // Fall back to anon key for unauthenticated public access
+  if (!authToken && registryUrl.includes("siikwkfgsmouioodghho.supabase.co")) {
+    authToken =
+      "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InNpaWt3a2Znc21vdWlvb2RnaGhvIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NjQ2MTkzMzksImV4cCI6MjA4MDE5NTMzOX0.kxnx6-IPFhmGx6rzNx36vbyhFMFZKP_jFqaDbKnJ_E0";
   }
 
   const client = createApiClient({

package/src/commands/init/templates/agent-agents.ts

@@ -49,4 +49,17 @@ Run with: \`enact run ./tools/<name> --args '{"name": "World"}'\`
 enact env set API_KEY --secret --namespace author/tool  # Set secret
 enact env list                                          # List env vars
 \`\`\`
+
+## Creating Your Own Tools
+To scaffold a new publishable tool with SKILL.md and AGENTS.md templates:
+\`\`\`bash
+enact init --tool                                       # Create tool in current directory
+enact init --tool --name username/my-tool              # Create with specific name
+\`\`\`
+
+## Getting Help
+\`\`\`bash
+enact help                                              # Show all commands
+enact <command> --help                                  # Help for specific command
+\`\`\`
 `;

package/src/commands/inspect/index.ts

@@ -130,11 +130,16 @@ async function inspectHandler(
     return;
   }
 
-  // Get auth token - try stored JWT first (for private tools), then fall back to config
+  // Get auth token - try stored JWT first (for private tools), then fall back to config/env/anon
   const { getValidToken } = await import("../auth/index.js");
   let authToken: string | undefined = (await getValidToken()) ?? undefined;
   if (!authToken) {
-    authToken = config.registry?.authToken;
+    authToken = config.registry?.authToken ?? process.env.ENACT_AUTH_TOKEN;
+  }
+  // Fall back to anon key for unauthenticated public access
+  if (!authToken && registryUrl.includes("siikwkfgsmouioodghho.supabase.co")) {
+    authToken =
+      "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InNpaWt3a2Znc21vdWlvb2RnaGhvIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NjQ2MTkzMzksImV4cCI6MjA4MDE5NTMzOX0.kxnx6-IPFhmGx6rzNx36vbyhFMFZKP_jFqaDbKnJ_E0";
   }
 
   const client = createApiClient({

package/src/commands/install/index.ts

@@ -161,11 +161,16 @@ async function installFromRegistry(
     config.registry?.url ??
     "https://siikwkfgsmouioodghho.supabase.co/functions/v1";
 
-  // Get auth token - try stored JWT first (for private tools), then fall back to config
+  // Get auth token - try stored JWT first (for private tools), then fall back to config/env/anon
   const { getValidToken } = await import("../auth/index.js");
   let authToken: string | undefined = (await getValidToken()) ?? undefined;
   if (!authToken) {
-    authToken = config.registry?.authToken;
+    authToken = config.registry?.authToken ?? process.env.ENACT_AUTH_TOKEN;
+  }
+  // Fall back to anon key for unauthenticated public access
+  if (!authToken && registryUrl.includes("siikwkfgsmouioodghho.supabase.co")) {
+    authToken =
+      "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InNpaWt3a2Znc21vdWlvb2RnaGhvIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NjQ2MTkzMzksImV4cCI6MjA4MDE5NTMzOX0.kxnx6-IPFhmGx6rzNx36vbyhFMFZKP_jFqaDbKnJ_E0";
   }
 
   const client = createApiClient({

package/src/commands/run/index.ts

@@ -597,8 +597,15 @@ async function runHandler(tool: string, options: RunOptions, ctx: CommandContext
     return;
   }
 
-  // Prepare command
-  const command = prepareCommand(manifest.command, finalInputs);
+  // Prepare command - only substitute ${...} patterns that match inputSchema properties
+  const knownParameters = manifest.inputSchema?.properties
+    ? new Set(Object.keys(manifest.inputSchema.properties))
+    : undefined;
+  const command = prepareCommand(
+    manifest.command,
+    finalInputs,
+    knownParameters ? { knownParameters } : {}
+  );
 
   // Resolve environment variables (non-secrets)
   const { resolved: envResolved } = resolveToolEnv(manifest.env ?? {}, ctx.cwd);

package/src/index.ts

@@ -34,7 +34,7 @@ import {
 } from "./commands";
 import { error, formatError } from "./utils";
 
-export const version = "2.1.21";
+export const version = "2.1.23";
 
 // Export types for external use
 export type { GlobalOptions, CommandContext } from "./types";