@idapt/cli 1.8.1 → 1.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin.cjs +32 -9
- package/dist/bin.cjs.map +1 -1
- package/dist/bin.js +2 -2
- package/dist/{chunk-ZCMZH43X.js → chunk-TYSHO65D.js} +33 -10
- package/dist/chunk-TYSHO65D.js.map +1 -0
- package/dist/index.cjs +31 -8
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +1 -1
- package/package.json +1 -1
- package/dist/chunk-ZCMZH43X.js.map +0 -1
package/dist/bin.cjs
CHANGED
|
@@ -79,6 +79,7 @@ function parseIdaptCommand(cmd2) {
|
|
|
79
79
|
args: parsedFlags.args,
|
|
80
80
|
timeoutSeconds,
|
|
81
81
|
background: parsedFlags.args.background === true,
|
|
82
|
+
requiresConfirmation: parsedFlags.args.requiresConfirmation === true || parsedFlags.args["requires-confirmation"] === true || parsedFlags.args.requires_confirmation === true,
|
|
82
83
|
help: parsedFlags.args.help === true,
|
|
83
84
|
instructions: parsedFlags.args.instructions === true
|
|
84
85
|
}
|
|
@@ -325,7 +326,7 @@ function createFetchTransport(opts) {
|
|
|
325
326
|
}
|
|
326
327
|
|
|
327
328
|
// src/version.ts
|
|
328
|
-
var VERSION = "1.
|
|
329
|
+
var VERSION = "1.9.0";
|
|
329
330
|
var USER_AGENT = `idapt-cli/${VERSION}`;
|
|
330
331
|
function canOpenBrowser(env, isTty) {
|
|
331
332
|
if (!isTty) return false;
|
|
@@ -1364,7 +1365,10 @@ var listCodeRunsRequestSchema = zod.z.object({
|
|
|
1364
1365
|
var executeCodeRequestSchema = zod.z.object({
|
|
1365
1366
|
file_id: zod.z.string(),
|
|
1366
1367
|
timeout_seconds: zod.z.number().int().min(1).max(300).default(30),
|
|
1367
|
-
env: zod.z.record(zod.z.string(), zod.z.string()).optional()
|
|
1368
|
+
env: zod.z.record(zod.z.string(), zod.z.string()).optional(),
|
|
1369
|
+
// Names of workspace secrets to inject as env vars (resolved server-side; the
|
|
1370
|
+
// values never appear in the response and are redacted from stdout/stderr).
|
|
1371
|
+
secrets: zod.z.array(zod.z.string()).max(50).optional()
|
|
1368
1372
|
});
|
|
1369
1373
|
var emptyCodeRequestSchema = zod.z.object({});
|
|
1370
1374
|
var RUN_COLUMNS = [
|
|
@@ -1428,7 +1432,7 @@ var codeCommands = [
|
|
|
1428
1432
|
async: true,
|
|
1429
1433
|
tags: ["Code Runs"],
|
|
1430
1434
|
summary: "Execute a code file (js/ts/py/sh) in a sandbox; returns the run.",
|
|
1431
|
-
description: "Execute a code file (.js, .ts, .py, .sh) in a sandboxed Lambda environment. Returns stdout, stderr, exit code, and timing.",
|
|
1435
|
+
description: "Execute a code file (.js, .ts, .py, .sh) in a sandboxed Lambda environment. Returns stdout, stderr, exit code, and timing. Pass `secrets` (workspace secret names) to inject them as env vars \u2014 resolved server-side, never returned, and redacted from output.",
|
|
1432
1436
|
errors: [403, 404, 429],
|
|
1433
1437
|
columns: RUN_COLUMNS
|
|
1434
1438
|
}),
|
|
@@ -1645,7 +1649,11 @@ var updateComputerRequestSchema = zod.z.object({
|
|
|
1645
1649
|
var computerExecRequestSchema = zod.z.object({
|
|
1646
1650
|
command: zod.z.string().min(1).max(8192).describe("Shell command to run."),
|
|
1647
1651
|
timeout_seconds: zod.z.number().int().min(1).max(900).optional(),
|
|
1648
|
-
user: zod.z.string().regex(usernamePattern).optional().describe("Unix user to run the command as.")
|
|
1652
|
+
user: zod.z.string().regex(usernamePattern).optional().describe("Unix user to run the command as."),
|
|
1653
|
+
secrets: zod.z.array(zod.z.string()).max(50).optional().describe(
|
|
1654
|
+
"Names of workspace secrets to inject. Resolved server-side, mounted by the daemon, never returned, and redacted from output."
|
|
1655
|
+
),
|
|
1656
|
+
secret_mount_mode: zod.z.enum(["env", "file"]).optional().describe("env (default) exports vars; file writes /run/idapt-secrets/.")
|
|
1649
1657
|
});
|
|
1650
1658
|
var computerTmuxRequestSchema = zod.z.object({
|
|
1651
1659
|
op: zod.z.enum(["list", "run", "capture", "send", "kill"]).describe("Operation discriminator; the response shape depends on `op`."),
|
|
@@ -2564,7 +2572,6 @@ var agentResponseSchema = zod.z.object({
|
|
|
2564
2572
|
workspace_id: zod.z.string().nullish(),
|
|
2565
2573
|
type: zod.z.string().nullish(),
|
|
2566
2574
|
permissions: zod.z.array(zod.z.record(zod.z.string(), zod.z.unknown())).nullish(),
|
|
2567
|
-
confirmation_required: zod.z.array(zod.z.string()).optional(),
|
|
2568
2575
|
compaction_preset: zod.z.enum(["minimal", "normal", "detailed"]).nullish(),
|
|
2569
2576
|
compaction_summary_percent: zod.z.number().nullish(),
|
|
2570
2577
|
compaction_summary_max_tokens: zod.z.number().nullish(),
|
|
@@ -2897,7 +2904,6 @@ var createAgentRequestSchema = zod.z.object({
|
|
|
2897
2904
|
authorization: zod.z.record(zod.z.string(), zod.z.unknown()).nullish().describe(
|
|
2898
2905
|
"Agent authorization policy. Null clears explicit policy; omitted uses the default workspace-write policy."
|
|
2899
2906
|
),
|
|
2900
|
-
confirmation_required: zod.z.array(zod.z.string()).max(200).optional(),
|
|
2901
2907
|
...agentCompactionFields,
|
|
2902
2908
|
type: zod.z.enum(["user", "generated"]).optional().describe("Agent type."),
|
|
2903
2909
|
memory_folder: zod.z.string().max(500).nullish(),
|
|
@@ -2912,7 +2918,6 @@ var updateAgentRequestSchema = zod.z.object({
|
|
|
2912
2918
|
description: zod.z.string().max(2e3).nullish(),
|
|
2913
2919
|
system_prompt: zod.z.string().max(131072).nullish(),
|
|
2914
2920
|
authorization: zod.z.record(zod.z.string(), zod.z.unknown()).nullish().describe("Agent authorization policy. Null clears explicit policy."),
|
|
2915
|
-
confirmation_required: zod.z.array(zod.z.string()).max(200).optional(),
|
|
2916
2921
|
...agentCompactionFields,
|
|
2917
2922
|
type: zod.z.enum(["user", "generated"]).optional(),
|
|
2918
2923
|
memory_folder: zod.z.string().max(500).nullish(),
|
|
@@ -6020,6 +6025,10 @@ var secretResponseSchema = zod.z.object({
|
|
|
6020
6025
|
type: zod.z.string().nullish(),
|
|
6021
6026
|
/** Masked last-4 preview — never reconstructs the value. */
|
|
6022
6027
|
value_preview: zod.z.string().nullish(),
|
|
6028
|
+
/** ISO-8601 expiry instant, or null. Past expiry blocks injection. */
|
|
6029
|
+
expires_at: zod.z.string().nullish(),
|
|
6030
|
+
/** ISO-8601 of the last reveal/inject, or null if never used. */
|
|
6031
|
+
last_used_at: zod.z.string().nullish(),
|
|
6023
6032
|
created_at: zod.z.string(),
|
|
6024
6033
|
updated_at: zod.z.string()
|
|
6025
6034
|
}).meta({ id: "Secret" });
|
|
@@ -6042,11 +6051,14 @@ var createSecretRequestSchema = zod.z.object({
|
|
|
6042
6051
|
"ssh_private_key",
|
|
6043
6052
|
"ssh_public_key"
|
|
6044
6053
|
]).optional(),
|
|
6054
|
+
/** ISO-8601 expiry instant; null/omitted = never expires. */
|
|
6055
|
+
expires_at: zod.z.string().datetime({ offset: true }).nullish(),
|
|
6045
6056
|
workspace_id: zod.z.string().max(64).optional()
|
|
6046
6057
|
});
|
|
6047
6058
|
var updateSecretRequestSchema = zod.z.object({
|
|
6048
6059
|
value: zod.z.string().min(1).optional(),
|
|
6049
|
-
description: zod.z.string().max(1e3).nullish()
|
|
6060
|
+
description: zod.z.string().max(1e3).nullish(),
|
|
6061
|
+
expires_at: zod.z.string().datetime({ offset: true }).nullish()
|
|
6050
6062
|
});
|
|
6051
6063
|
var secretsCommands = [
|
|
6052
6064
|
cmd({
|
|
@@ -6150,11 +6162,20 @@ var secretsPlaybook = {
|
|
|
6150
6162
|
" contents. Don't ask the user to paste a secret into the chat.",
|
|
6151
6163
|
"",
|
|
6152
6164
|
"- `create --name OPENAI_API_KEY --value <v>`: prefer ALL_CAPS names (they map",
|
|
6153
|
-
" cleanly to env vars).
|
|
6165
|
+
" cleanly to env vars). Optional `--expires-at <ISO-8601>`. Unique per workspace.",
|
|
6154
6166
|
"- `update` ROTATES: the old value is destroyed immediately and anything using",
|
|
6155
6167
|
" it breaks until re-pointed. There is no rename \u2014 create a new one.",
|
|
6156
6168
|
"- `delete` is immediate and irreversible.",
|
|
6157
6169
|
"",
|
|
6170
|
+
"Using a secret at run time (pass the NAME, never the value):",
|
|
6171
|
+
"- `code execute --secrets '[\"GITHUB_TOKEN\"]'` \u2192 the script sees it as the env",
|
|
6172
|
+
" var `GITHUB_TOKEN`; `bash --secrets [...]` and `computer exec --secrets [...]`",
|
|
6173
|
+
" work the same. The value is injected server-side and redacted from output.",
|
|
6174
|
+
// biome-ignore lint/suspicious/noTemplateCurlyInString: literal ${secret:NAME} reference syntax, not a template placeholder
|
|
6175
|
+
"- Or embed `${secret:NAME}` inside a free-form `env` value (e.g.",
|
|
6176
|
+
// biome-ignore lint/suspicious/noTemplateCurlyInString: literal example of the ${secret:NAME} syntax
|
|
6177
|
+
" `DATABASE_URL=postgres://app:${secret:DB_PASSWORD}@db`).",
|
|
6178
|
+
"",
|
|
6158
6179
|
"Anti-patterns: never print, log, or repeat a secret value the user gives you \u2014",
|
|
6159
6180
|
"create it and move on. Secrets live here, not as Drive files and not in chat."
|
|
6160
6181
|
].join("\n")
|
|
@@ -6595,6 +6616,8 @@ var VERB_OVERRIDES = {
|
|
|
6595
6616
|
"trigger read": "trigger get",
|
|
6596
6617
|
"trigger edit": "trigger update",
|
|
6597
6618
|
"trigger fire": "trigger test-fire",
|
|
6619
|
+
// secrets — `edit` is the natural verb; the contract op is `update` (rotate).
|
|
6620
|
+
"secret edit": "secret update",
|
|
6598
6621
|
// utility → catalog
|
|
6599
6622
|
"utility search-llm-models": "models search",
|
|
6600
6623
|
"utility search-image-models": "image search",
|