@griffin-app/griffin-cli 1.0.9 → 1.0.11

package/dist/cli.js

@@ -18,6 +18,7 @@ import { executeLogin } from "./commands/hub/login.js";
 import { executeLogout } from "./commands/hub/logout.js";
 import { executeNotificationsList, executeNotificationsTest, } from "./commands/hub/notifications.js";
 import { executeSecretsList, executeSecretsSet, executeSecretsGet, executeSecretsDelete, } from "./commands/hub/secrets.js";
+import { executeIntegrationsList, executeIntegrationsShow, executeIntegrationsAdd, executeIntegrationsUpdate, executeIntegrationsRemove, } from "./commands/hub/integrations.js";
 const program = new Command();
 program
     .name("griffin")
@@ -161,6 +162,93 @@ notifications
         webhook: options.webhook,
     });
 });
+// Integrations command group
+const integrations = hub
+    .command("integrations")
+    .description("Manage integrations (notifications, secrets, metrics)");
+integrations
+    .command("list")
+    .description("List integrations")
+    .option("--category <cat>", "Filter by category: secrets, notifications, metrics")
+    .option("--provider-type <type>", "Filter by provider type")
+    .option("--environment <env>", "Filter by environment")
+    .option("--enabled", "Filter by enabled status")
+    .option("--json", "Output as JSON")
+    .action(async (options) => {
+    await executeIntegrationsList({
+        category: options.category,
+        providerType: options.providerType,
+        environment: options.environment,
+        enabled: options.enabled ? true : undefined,
+        json: options.json,
+    });
+});
+integrations
+    .command("show <id>")
+    .description("Show integration details")
+    .option("--json", "Output as JSON")
+    .action(async (id, options) => {
+    await executeIntegrationsShow({ id, json: options.json });
+});
+integrations
+    .command("add")
+    .description("Add an integration (no credentials in Phase 1; use API for credentials)")
+    .requiredOption("--category <cat>", "Category: secrets, notifications, metrics")
+    .requiredOption("--provider-type <type>", "Provider type (e.g. slack_webhook, datadog)")
+    .requiredOption("--name <name>", "Display name")
+    .option("--environment <env>", "Environment scope (omit for org-wide)")
+    .option("--enabled", "Enabled")
+    .option("--json", "Output as JSON")
+    .action(async (options) => {
+    await executeIntegrationsAdd({
+        category: options.category,
+        providerType: options.providerType,
+        name: options.name,
+        environment: options.environment,
+        enabled: options.enabled,
+        json: options.json,
+    });
+});
+integrations
+    .command("update <id>")
+    .description("Update an integration")
+    .option("--name <name>", "Display name")
+    .option("--environment <env>", "Environment scope")
+    .option("--enabled", "Enabled")
+    .option("--json", "Output as JSON")
+    .action(async (id, options) => {
+    await executeIntegrationsUpdate({
+        id,
+        name: options.name,
+        environment: options.environment,
+        enabled: options.enabled,
+        json: options.json,
+    });
+});
+integrations
+    .command("remove <id>")
+    .description("Remove an integration")
+    .option("--force", "Skip confirmation")
+    .action(async (id) => {
+    await executeIntegrationsRemove({ id });
+});
+integrations
+    .command("connect <provider>")
+    .description("Connect an OAuth integration (opens browser)")
+    .option("--name <name>", "Display name for the integration")
+    .option("--environment <env>", "Environment scope")
+    .option("--category <cat>", "Category (default: notifications)")
+    .option("--json", "Output integration ID as JSON")
+    .action(async (provider, options) => {
+    const { executeIntegrationsConnect } = await import("./commands/hub/integrations.js");
+    await executeIntegrationsConnect({
+        providerType: provider,
+        name: options.name,
+        environment: options.environment,
+        category: options.category,
+        json: options.json,
+    });
+});
 // Secrets command group
 const secrets = hub
     .command("secrets")

package/dist/commands/hub/integrations.d.ts

@@ -0,0 +1,45 @@
+export interface IntegrationsListOptions {
+    category?: string;
+    providerType?: string;
+    environment?: string;
+    enabled?: boolean;
+    json?: boolean;
+}
+export declare function executeIntegrationsList(options: IntegrationsListOptions): Promise<void>;
+export interface IntegrationsShowOptions {
+    id: string;
+    json?: boolean;
+}
+export declare function executeIntegrationsShow(options: IntegrationsShowOptions): Promise<void>;
+export interface IntegrationsAddOptions {
+    category: string;
+    providerType: string;
+    name: string;
+    config?: Record<string, string>;
+    environment?: string;
+    enabled?: boolean;
+    json?: boolean;
+}
+export declare function executeIntegrationsAdd(options: IntegrationsAddOptions): Promise<void>;
+export interface IntegrationsUpdateOptions {
+    id: string;
+    name?: string;
+    config?: Record<string, string>;
+    environment?: string;
+    enabled?: boolean;
+    json?: boolean;
+}
+export declare function executeIntegrationsUpdate(options: IntegrationsUpdateOptions): Promise<void>;
+export interface IntegrationsRemoveOptions {
+    id: string;
+    force?: boolean;
+}
+export declare function executeIntegrationsRemove(options: IntegrationsRemoveOptions): Promise<void>;
+export interface IntegrationsConnectOptions {
+    providerType: string;
+    name?: string;
+    environment?: string;
+    category?: string;
+    json?: boolean;
+}
+export declare function executeIntegrationsConnect(options: IntegrationsConnectOptions): Promise<void>;

package/dist/commands/hub/integrations.js

@@ -0,0 +1,255 @@
+import { exec } from "node:child_process";
+import { platform } from "node:os";
+import { loadState } from "../../core/state.js";
+import { getHubCredentials } from "../../core/credentials.js";
+import { terminal } from "../../utils/terminal.js";
+async function hubFetch(path, options = {}) {
+    const state = await loadState();
+    if (!state.hub?.baseUrl) {
+        terminal.error("Hub connection not configured.");
+        terminal.dim("Connect with: griffin hub connect --url <url> --token <token>");
+        process.exit(1);
+    }
+    const credentials = await getHubCredentials();
+    const url = `${state.hub.baseUrl.replace(/\/$/, "")}${path}`;
+    const headers = {
+        "Content-Type": "application/json",
+    };
+    if (credentials?.token) {
+        headers["Authorization"] = `Bearer ${credentials.token}`;
+    }
+    const res = await fetch(url, {
+        method: options.method ?? "GET",
+        headers,
+        body: options.body ? JSON.stringify(options.body) : undefined,
+    });
+    const text = await res.text();
+    let json;
+    try {
+        json = text ? JSON.parse(text) : {};
+    }
+    catch {
+        return { error: res.ok ? "Invalid response" : text || res.statusText };
+    }
+    if (!res.ok) {
+        return { error: json.error ?? res.statusText };
+    }
+    return json;
+}
+export async function executeIntegrationsList(options) {
+    const params = new URLSearchParams();
+    if (options.category)
+        params.set("category", options.category);
+    if (options.providerType)
+        params.set("providerType", options.providerType);
+    if (options.environment != null)
+        params.set("environment", options.environment);
+    if (options.enabled != null)
+        params.set("enabled", String(options.enabled));
+    const qs = params.toString();
+    const path = `/integrations${qs ? `?${qs}` : ""}`;
+    const result = await hubFetch(path);
+    if (result.error) {
+        terminal.error(result.error);
+        process.exit(1);
+    }
+    const list = result.data ?? [];
+    if (options.json) {
+        terminal.log(JSON.stringify(list, null, 2));
+        return;
+    }
+    if (list.length === 0) {
+        terminal.info("No integrations found.");
+        return;
+    }
+    terminal.info("Integrations");
+    terminal.blank();
+    const table = terminal.table({
+        head: ["ID", "Category", "Provider", "Name", "Environment", "Enabled"],
+    });
+    for (const i of list) {
+        table.push([
+            i.id.substring(0, 12) + (i.id.length > 12 ? "…" : ""),
+            i.category,
+            i.providerType,
+            i.name,
+            i.environment ?? "(all)",
+            i.enabled ? "✓" : "✗",
+        ]);
+    }
+    terminal.log(table.toString());
+}
+export async function executeIntegrationsShow(options) {
+    const result = await hubFetch(`/integrations/${encodeURIComponent(options.id)}`);
+    if (result.error) {
+        terminal.error(result.error);
+        process.exit(1);
+    }
+    const integration = result.data;
+    if (!integration) {
+        terminal.error("Integration not found.");
+        process.exit(1);
+    }
+    if (options.json) {
+        terminal.log(JSON.stringify(integration, null, 2));
+        return;
+    }
+    terminal.info(integration.name);
+    terminal.dim(`ID: ${integration.id}`);
+    terminal.log(`Category: ${integration.category}`);
+    terminal.log(`Provider: ${integration.providerType}`);
+    terminal.log(`Environment: ${integration.environment ?? "(all)"}`);
+    terminal.log(`Enabled: ${integration.enabled ? "Yes" : "No"}`);
+    terminal.log(`Has credentials: ${integration.hasCredentials ? "Yes" : "No"}`);
+    if (Object.keys(integration.config).length > 0) {
+        terminal.log("Config: " + JSON.stringify(integration.config));
+    }
+}
+export async function executeIntegrationsAdd(options) {
+    const body = {
+        category: options.category,
+        providerType: options.providerType,
+        name: options.name,
+        config: options.config ?? {},
+        environment: options.environment ?? null,
+        enabled: options.enabled ?? true,
+    };
+    const result = await hubFetch("/integrations", {
+        method: "POST",
+        body,
+    });
+    if (result.error) {
+        terminal.error(result.error);
+        process.exit(1);
+    }
+    const integration = result.data;
+    if (!integration) {
+        terminal.error("Create failed.");
+        process.exit(1);
+    }
+    if (options.json) {
+        terminal.log(JSON.stringify(integration, null, 2));
+        return;
+    }
+    terminal.info(`Created integration ${integration.name} (${integration.id})`);
+}
+export async function executeIntegrationsUpdate(options) {
+    const body = {};
+    if (options.name !== undefined)
+        body.name = options.name;
+    if (options.config !== undefined)
+        body.config = options.config;
+    if (options.environment !== undefined)
+        body.environment = options.environment;
+    if (options.enabled !== undefined)
+        body.enabled = options.enabled;
+    const result = await hubFetch(`/integrations/${encodeURIComponent(options.id)}`, { method: "PATCH", body });
+    if (result.error) {
+        terminal.error(result.error);
+        process.exit(1);
+    }
+    const integration = result.data;
+    if (!integration) {
+        terminal.error("Update failed.");
+        process.exit(1);
+    }
+    if (options.json) {
+        terminal.log(JSON.stringify(integration, null, 2));
+        return;
+    }
+    terminal.info(`Updated integration ${integration.name}`);
+}
+export async function executeIntegrationsRemove(options) {
+    const result = await hubFetch(`/integrations/${encodeURIComponent(options.id)}`, { method: "DELETE" });
+    if (result.error) {
+        terminal.error(result.error);
+        process.exit(1);
+    }
+    terminal.info("Integration removed.");
+}
+function openBrowser(url) {
+    const cmd = platform() === "darwin"
+        ? "open"
+        : platform() === "win32"
+            ? "start"
+            : "xdg-open";
+    exec(`${cmd} "${url.replace(/"/g, '\\"')}"`, (err) => {
+        if (err) {
+            terminal.dim(`Could not open browser: ${err.message}`);
+        }
+    });
+}
+const POLL_INITIAL_MS = 2000;
+const POLL_MAX_MS = 10000;
+const POLL_TIMEOUT_MS = 15 * 60 * 1000; // 15 minutes
+export async function executeIntegrationsConnect(options) {
+    const category = options.category ?? "notifications";
+    const body = {
+        category,
+        providerType: options.providerType,
+        name: options.name ?? undefined,
+        environment: options.environment ?? undefined,
+    };
+    const result = await hubFetch("/integrations/oauth/initiate", { method: "POST", body });
+    if (result.error) {
+        terminal.error(result.error);
+        process.exit(1);
+    }
+    const data = result.data;
+    if (!data) {
+        terminal.error("Initiate failed.");
+        process.exit(1);
+    }
+    terminal.info("Open this URL in your browser to authorize:");
+    terminal.log(data.authUrl);
+    terminal.blank();
+    openBrowser(data.authUrl);
+    terminal.info("Waiting for authorization… (polling)");
+    const start = Date.now();
+    let interval = POLL_INITIAL_MS;
+    const poll = async () => {
+        const statusResult = await hubFetch(`/integrations/oauth/status/${encodeURIComponent(data.transactionId)}`);
+        if (statusResult.error) {
+            throw new Error(statusResult.error);
+        }
+        const status = statusResult.data;
+        if (!status) {
+            throw new Error("Invalid status response");
+        }
+        if (status.status !== "pending") {
+            return status;
+        }
+        if (Date.now() - start >= POLL_TIMEOUT_MS) {
+            return { status: "expired", errorMessage: "Polling timed out" };
+        }
+        await new Promise((resolve) => setTimeout(resolve, interval));
+        interval = Math.min(interval + 1000, POLL_MAX_MS);
+        return poll();
+    };
+    try {
+        const status = await poll();
+        if (status.status === "completed" && status.integrationId) {
+            if (options.json) {
+                terminal.log(JSON.stringify({ integrationId: status.integrationId }, null, 2));
+            }
+            else {
+                terminal.success(`Integration connected: ${status.integrationId}`);
+            }
+            return;
+        }
+        if (status.status === "failed") {
+            terminal.error(status.errorMessage ?? "Authorization failed");
+            process.exit(1);
+        }
+        if (status.status === "expired") {
+            terminal.error(status.errorMessage ?? "Transaction expired");
+            process.exit(1);
+        }
+        terminal.error("Unexpected status");
+        process.exit(1);
+    }
+    catch (err) {
+        terminal.error(err instanceof Error ? err.message : "Polling failed");
+        process.exit(1);
+    }
+}

package/dist/commands/hub/secrets.d.ts

@@ -18,7 +18,9 @@ export interface SecretsDeleteOptions {
     force?: boolean;
 }
 /**
- * List secrets (metadata only)
+ * List secrets (metadata only).
+ * Uses the resolved secrets integration for the organization and environment
+ * (from hub integrations API or platform default / legacy config).
  */
 export declare function executeSecretsList(options: SecretsListOptions): Promise<void>;
 /**

package/dist/commands/hub/secrets.js

@@ -5,7 +5,9 @@ import { withSDKErrorHandling } from "../../utils/sdk-error.js";
 import { createSdkWithCredentials } from "../../core/sdk.js";
 const SECRET_NAME_REGEX = /^[A-Za-z_][A-Za-z0-9_]*$/;
 /**
- * List secrets (metadata only)
+ * List secrets (metadata only).
+ * Uses the resolved secrets integration for the organization and environment
+ * (from hub integrations API or platform default / legacy config).
  */
 export async function executeSecretsList(options) {
     try {

package/dist/commands/local/run.js

@@ -1,5 +1,5 @@
-import { findTestFiles } from "../../test-discovery.js";
-import { runTestFile } from "../../test-runner.js";
+import { findTestFiles } from "../../monitor-discovery.js";
+import { runTestFile } from "../../monitor-runner.js";
 import { resolveEnvironment } from "../../core/state.js";
 import { terminal } from "../../utils/terminal.js";
 import { basename } from "path";

package/dist/core/secrets.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Secrets configuration for CLI local runs.
+ * Reads configuration from environment variables to construct a secret provider.
+ */
+import { type SecretProvider, type SecretProviderConfig } from "@griffin-app/griffin-plan-executor";
+/**
+ * Read secrets provider configuration from environment variables.
+ *
+ * Supported configurations:
+ *
+ * 1. Environment provider (default if no config):
+ *    GRIFFIN_SECRETS_PROVIDER=env
+ *    GRIFFIN_SECRETS_ENV_PREFIX=APP_
+ *
+ * 2. AWS Secrets Manager:
+ *    GRIFFIN_SECRETS_PROVIDER=aws
+ *    GRIFFIN_SECRETS_AWS_REGION=us-east-1
+ *    GRIFFIN_SECRETS_AWS_PREFIX=myapp/
+ *    GRIFFIN_SECRETS_AWS_ROLE_ARN=arn:aws:iam::123:role/griffin
+ *    GRIFFIN_SECRETS_AWS_EXTERNAL_ID=xyz
+ *    GRIFFIN_SECRETS_AWS_ACCESS_KEY_ID=...
+ *    GRIFFIN_SECRETS_AWS_SECRET_ACCESS_KEY=...
+ *
+ * 3. HashiCorp Vault:
+ *    GRIFFIN_SECRETS_PROVIDER=vault
+ *    GRIFFIN_SECRETS_VAULT_ADDRESS=https://vault.example.com
+ *    GRIFFIN_SECRETS_VAULT_TOKEN=...
+ *    GRIFFIN_SECRETS_VAULT_NAMESPACE=myapp
+ *    GRIFFIN_SECRETS_VAULT_KV_VERSION=2
+ *    GRIFFIN_SECRETS_VAULT_PREFIX=myapp/
+ */
+export declare function getSecretsConfigFromEnv(): SecretProviderConfig;
+/**
+ * Create a secret provider for CLI local runs.
+ * Reads configuration from environment variables.
+ */
+export declare function createSecretsProviderForCLI(): Promise<SecretProvider>;

package/dist/core/secrets.js

@@ -0,0 +1,96 @@
+/**
+ * Secrets configuration for CLI local runs.
+ * Reads configuration from environment variables to construct a secret provider.
+ */
+import { createSecretProvider, } from "@griffin-app/griffin-plan-executor";
+/**
+ * Environment variable prefixes for secrets configuration.
+ */
+const ENV_PREFIX = "GRIFFIN_SECRETS_";
+/**
+ * Read secrets provider configuration from environment variables.
+ *
+ * Supported configurations:
+ *
+ * 1. Environment provider (default if no config):
+ *    GRIFFIN_SECRETS_PROVIDER=env
+ *    GRIFFIN_SECRETS_ENV_PREFIX=APP_
+ *
+ * 2. AWS Secrets Manager:
+ *    GRIFFIN_SECRETS_PROVIDER=aws
+ *    GRIFFIN_SECRETS_AWS_REGION=us-east-1
+ *    GRIFFIN_SECRETS_AWS_PREFIX=myapp/
+ *    GRIFFIN_SECRETS_AWS_ROLE_ARN=arn:aws:iam::123:role/griffin
+ *    GRIFFIN_SECRETS_AWS_EXTERNAL_ID=xyz
+ *    GRIFFIN_SECRETS_AWS_ACCESS_KEY_ID=...
+ *    GRIFFIN_SECRETS_AWS_SECRET_ACCESS_KEY=...
+ *
+ * 3. HashiCorp Vault:
+ *    GRIFFIN_SECRETS_PROVIDER=vault
+ *    GRIFFIN_SECRETS_VAULT_ADDRESS=https://vault.example.com
+ *    GRIFFIN_SECRETS_VAULT_TOKEN=...
+ *    GRIFFIN_SECRETS_VAULT_NAMESPACE=myapp
+ *    GRIFFIN_SECRETS_VAULT_KV_VERSION=2
+ *    GRIFFIN_SECRETS_VAULT_PREFIX=myapp/
+ */
+export function getSecretsConfigFromEnv() {
+    const provider = process.env[`${ENV_PREFIX}PROVIDER`] || "env";
+    switch (provider) {
+        case "env":
+            return {
+                provider: "env",
+                prefix: process.env[`${ENV_PREFIX}ENV_PREFIX`] || "",
+                env: process.env,
+            };
+        case "aws": {
+            const region = process.env[`${ENV_PREFIX}AWS_REGION`];
+            if (!region) {
+                throw new Error(`${ENV_PREFIX}AWS_REGION is required when GRIFFIN_SECRETS_PROVIDER=aws`);
+            }
+            const accessKeyId = process.env[`${ENV_PREFIX}AWS_ACCESS_KEY_ID`];
+            const secretAccessKey = process.env[`${ENV_PREFIX}AWS_SECRET_ACCESS_KEY`];
+            return {
+                provider: "aws",
+                region,
+                prefix: process.env[`${ENV_PREFIX}AWS_PREFIX`],
+                roleArn: process.env[`${ENV_PREFIX}AWS_ROLE_ARN`],
+                externalId: process.env[`${ENV_PREFIX}AWS_EXTERNAL_ID`],
+                credentials: accessKeyId && secretAccessKey
+                    ? { accessKeyId, secretAccessKey }
+                    : undefined,
+            };
+        }
+        case "vault": {
+            const address = process.env[`${ENV_PREFIX}VAULT_ADDRESS`];
+            const token = process.env[`${ENV_PREFIX}VAULT_TOKEN`];
+            if (!address) {
+                throw new Error(`${ENV_PREFIX}VAULT_ADDRESS is required when GRIFFIN_SECRETS_PROVIDER=vault`);
+            }
+            if (!token) {
+                throw new Error(`${ENV_PREFIX}VAULT_TOKEN is required when GRIFFIN_SECRETS_PROVIDER=vault`);
+            }
+            const kvVersionStr = process.env[`${ENV_PREFIX}VAULT_KV_VERSION`];
+            const kvVersion = kvVersionStr === "1" || kvVersionStr === "2"
+                ? parseInt(kvVersionStr)
+                : 2;
+            return {
+                provider: "vault",
+                address,
+                token,
+                namespace: process.env[`${ENV_PREFIX}VAULT_NAMESPACE`],
+                kvVersion,
+                prefix: process.env[`${ENV_PREFIX}VAULT_PREFIX`],
+            };
+        }
+        default:
+            throw new Error(`Unknown secrets provider: ${provider}. Supported: env, aws, vault`);
+    }
+}
+/**
+ * Create a secret provider for CLI local runs.
+ * Reads configuration from environment variables.
+ */
+export async function createSecretsProviderForCLI() {
+    const config = getSecretsConfigFromEnv();
+    return createSecretProvider(config);
+}

package/dist/monitor-discovery.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Discovers test files in __griffin__ directories.
+ */
+export declare function findTestFiles(basePath?: string): string[];

package/dist/monitor-discovery.js

@@ -0,0 +1,25 @@
+import * as path from "path";
+import { glob } from "glob";
+/**
+ * Discovers test files in __griffin__ directories.
+ */
+export function findTestFiles(basePath = ".") {
+    const absolutePath = path.resolve(basePath);
+    // Find all __griffin__ directories
+    const griffinDirs = findgriffinDirectories(absolutePath);
+    // Find all .ts files in those directories
+    const testFiles = [];
+    for (const griffinDir of griffinDirs) {
+        const tsFiles = findTsFiles(griffinDir);
+        testFiles.push(...tsFiles);
+    }
+    return testFiles;
+}
+function findgriffinDirectories(basePath) {
+    const pattern = path.join(basePath, "**", "__griffin__");
+    return glob.sync(pattern, { absolute: true });
+}
+function findTsFiles(griffinDir) {
+    const pattern = path.join(griffinDir, "*.ts");
+    return glob.sync(pattern, { absolute: true });
+}

package/dist/monitor-runner.d.ts

@@ -0,0 +1,6 @@
+import "tsx";
+import { ExecutionResult } from "@griffin-app/griffin-plan-executor";
+/**
+ * Runs a TypeScript test file and executes the resulting JSON monitor.
+ */
+export declare function runTestFile(filePath: string, envName: string): Promise<ExecutionResult>;

package/dist/monitor-runner.js

@@ -0,0 +1,56 @@
+import "tsx";
+import { Value } from "typebox/value";
+import { executeMonitorV1, AxiosAdapter, } from "@griffin-app/griffin-plan-executor";
+import { MonitorDSLSchema } from "@griffin-app/griffin-ts/schema";
+import { randomUUID } from "crypto";
+import { loadVariables } from "./core/variables.js";
+import { getProjectId } from "./core/state.js";
+import { resolveMonitor } from "./resolve.js";
+import { terminal } from "./utils/terminal.js";
+import { createSecretsProviderForCLI } from "./core/secrets.js";
+function validateDsl(monitor) {
+    const errors = Value.Errors(MonitorDSLSchema, monitor);
+    if (errors.length > 0) {
+        throw new Error(`Invalid monitor: ${JSON.stringify([...errors], null, 2)}`);
+    }
+    return monitor;
+}
+/**
+ * Runs a TypeScript test file and executes the resulting JSON monitor.
+ */
+export async function runTestFile(filePath, envName) {
+    const variables = await loadVariables(envName);
+    const projectId = await getProjectId();
+    const defaultExport = await import(filePath);
+    const rawMonitor = validateDsl(defaultExport.default);
+    terminal.dim(`Project ID: ${projectId}`);
+    const resolvedMonitor = resolveMonitor(rawMonitor, projectId, envName, variables);
+    // Create secret provider from environment configuration
+    const secretProvider = await createSecretsProviderForCLI();
+    try {
+        const result = await executeMonitorV1({
+            ...resolvedMonitor,
+            id: randomUUID(),
+        }, "default-org", {
+            mode: "local",
+            httpClient: new AxiosAdapter(),
+            secretProvider,
+        });
+        return result;
+    }
+    catch (error) {
+        throw new Error(`Error executing monitor: ${error instanceof Error ? error.message : String(error)}`);
+    }
+}
+//function findWorkspaceRoot(): string {
+//  let current = process.cwd();
+//  while (current !== path.dirname(current)) {
+//    const testCliPath = path.join(current, "griffin-cli");
+//    const testSystemPath = path.join(current, "griffin-ts");
+//    if (fs.existsSync(testCliPath) && fs.existsSync(testSystemPath)) {
+//      return current;
+//    }
+//    current = path.dirname(current);
+//  }
+//  return process.cwd();
+//}

package/dist/test-runner.js

@@ -1,12 +1,13 @@
 import "tsx";
 import { Value } from "typebox/value";
-import { executeMonitorV1, AxiosAdapter, EnvSecretProvider, SecretProviderRegistry, } from "@griffin-app/griffin-plan-executor";
+import { executeMonitorV1, AxiosAdapter, } from "@griffin-app/griffin-plan-executor";
 import { MonitorDSLSchema } from "@griffin-app/griffin-ts/schema";
 import { randomUUID } from "crypto";
 import { loadVariables } from "./core/variables.js";
 import { getProjectId } from "./core/state.js";
 import { resolveMonitor } from "./resolve.js";
 import { terminal } from "./utils/terminal.js";
+import { createSecretsProviderForCLI } from "./core/secrets.js";
 function validateDsl(monitor) {
     const errors = Value.Errors(MonitorDSLSchema, monitor);
     if (errors.length > 0) {
@@ -24,8 +25,8 @@ export async function runTestFile(filePath, envName) {
     const rawMonitor = validateDsl(defaultExport.default);
     terminal.dim(`Project ID: ${projectId}`);
     const resolvedMonitor = resolveMonitor(rawMonitor, projectId, envName, variables);
-    const secretRegistry = new SecretProviderRegistry();
-    secretRegistry.setProvider(new EnvSecretProvider());
+    // Create secret provider from environment configuration
+    const secretProvider = await createSecretsProviderForCLI();
     try {
         const result = await executeMonitorV1({
             ...resolvedMonitor,
@@ -33,7 +34,7 @@ export async function runTestFile(filePath, envName) {
         }, "default-org", {
             mode: "local",
             httpClient: new AxiosAdapter(),
-            secretRegistry: secretRegistry,
+            secretProvider,
         });
         return result;
     }

package/package.json

@@ -1,11 +1,12 @@
 {
   "name": "@griffin-app/griffin-cli",
-  "version": "1.0.9",
+  "version": "1.0.11",
   "description": "CLI tool for running and managing griffin API tests",
   "type": "module",
   "main": "dist/index.js",
   "bin": {
-    "griffin": "./dist/cli.js"
+    "griffin": "./dist/cli.js",
+    "gr": "./dist/cli.js"
   },
   "scripts": {
     "build": "tsc",
@@ -23,9 +24,9 @@
   "author": "",
   "license": "MIT",
   "dependencies": {
-    "@griffin-app/griffin-hub-sdk": "1.0.10",
-    "@griffin-app/griffin-plan-executor": "0.1.16",
-    "@griffin-app/griffin-ts": "0.1.15",
+    "@griffin-app/griffin-hub-sdk": "1.0.14",
+    "@griffin-app/griffin-plan-executor": "0.1.18",
+    "@griffin-app/griffin-ts": "0.1.16",
     "better-auth": "^1.4.17",
     "cli-table3": "^0.6.5",
     "commander": "^12.1.0",