@idapt/cli 1.8.1 → 1.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin.cjs +32 -9
- package/dist/bin.cjs.map +1 -1
- package/dist/bin.js +2 -2
- package/dist/{chunk-ZCMZH43X.js → chunk-TYSHO65D.js} +33 -10
- package/dist/chunk-TYSHO65D.js.map +1 -0
- package/dist/index.cjs +31 -8
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +1 -1
- package/package.json +1 -1
- package/dist/chunk-ZCMZH43X.js.map +0 -1
package/dist/bin.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
import { createFetchTransport, execute, autoMode, commandsForResource, findCommand, renderHelp, listResources, renderInstructions, quoteToken } from './chunk-
|
|
2
|
+
import { createFetchTransport, execute, autoMode, commandsForResource, findCommand, renderHelp, listResources, renderInstructions, quoteToken } from './chunk-TYSHO65D.js';
|
|
3
3
|
import { readFileSync, mkdirSync, writeFileSync, chmodSync, rmSync } from 'fs';
|
|
4
4
|
import { spawn } from 'child_process';
|
|
5
5
|
import { dirname, join } from 'path';
|
|
@@ -8,7 +8,7 @@ import { createServer } from 'http';
|
|
|
8
8
|
import { randomBytes, createHash } from 'crypto';
|
|
9
9
|
|
|
10
10
|
// src/version.ts
|
|
11
|
-
var VERSION = "1.
|
|
11
|
+
var VERSION = "1.9.0";
|
|
12
12
|
var USER_AGENT = `idapt-cli/${VERSION}`;
|
|
13
13
|
function canOpenBrowser(env, isTty) {
|
|
14
14
|
if (!isTty) return false;
|
|
@@ -534,7 +534,10 @@ var listCodeRunsRequestSchema = z.object({
|
|
|
534
534
|
var executeCodeRequestSchema = z.object({
|
|
535
535
|
file_id: z.string(),
|
|
536
536
|
timeout_seconds: z.number().int().min(1).max(300).default(30),
|
|
537
|
-
env: z.record(z.string(), z.string()).optional()
|
|
537
|
+
env: z.record(z.string(), z.string()).optional(),
|
|
538
|
+
// Names of workspace secrets to inject as env vars (resolved server-side; the
|
|
539
|
+
// values never appear in the response and are redacted from stdout/stderr).
|
|
540
|
+
secrets: z.array(z.string()).max(50).optional()
|
|
538
541
|
});
|
|
539
542
|
var emptyCodeRequestSchema = z.object({});
|
|
540
543
|
var RUN_COLUMNS = [
|
|
@@ -598,7 +601,7 @@ var codeCommands = [
|
|
|
598
601
|
async: true,
|
|
599
602
|
tags: ["Code Runs"],
|
|
600
603
|
summary: "Execute a code file (js/ts/py/sh) in a sandbox; returns the run.",
|
|
601
|
-
description: "Execute a code file (.js, .ts, .py, .sh) in a sandboxed Lambda environment. Returns stdout, stderr, exit code, and timing.",
|
|
604
|
+
description: "Execute a code file (.js, .ts, .py, .sh) in a sandboxed Lambda environment. Returns stdout, stderr, exit code, and timing. Pass `secrets` (workspace secret names) to inject them as env vars \u2014 resolved server-side, never returned, and redacted from output.",
|
|
602
605
|
errors: [403, 404, 429],
|
|
603
606
|
columns: RUN_COLUMNS
|
|
604
607
|
}),
|
|
@@ -815,7 +818,11 @@ var updateComputerRequestSchema = z.object({
|
|
|
815
818
|
var computerExecRequestSchema = z.object({
|
|
816
819
|
command: z.string().min(1).max(8192).describe("Shell command to run."),
|
|
817
820
|
timeout_seconds: z.number().int().min(1).max(900).optional(),
|
|
818
|
-
user: z.string().regex(usernamePattern).optional().describe("Unix user to run the command as.")
|
|
821
|
+
user: z.string().regex(usernamePattern).optional().describe("Unix user to run the command as."),
|
|
822
|
+
secrets: z.array(z.string()).max(50).optional().describe(
|
|
823
|
+
"Names of workspace secrets to inject. Resolved server-side, mounted by the daemon, never returned, and redacted from output."
|
|
824
|
+
),
|
|
825
|
+
secret_mount_mode: z.enum(["env", "file"]).optional().describe("env (default) exports vars; file writes /run/idapt-secrets/.")
|
|
819
826
|
});
|
|
820
827
|
var computerTmuxRequestSchema = z.object({
|
|
821
828
|
op: z.enum(["list", "run", "capture", "send", "kill"]).describe("Operation discriminator; the response shape depends on `op`."),
|
|
@@ -1734,7 +1741,6 @@ var agentResponseSchema = z.object({
|
|
|
1734
1741
|
workspace_id: z.string().nullish(),
|
|
1735
1742
|
type: z.string().nullish(),
|
|
1736
1743
|
permissions: z.array(z.record(z.string(), z.unknown())).nullish(),
|
|
1737
|
-
confirmation_required: z.array(z.string()).optional(),
|
|
1738
1744
|
compaction_preset: z.enum(["minimal", "normal", "detailed"]).nullish(),
|
|
1739
1745
|
compaction_summary_percent: z.number().nullish(),
|
|
1740
1746
|
compaction_summary_max_tokens: z.number().nullish(),
|
|
@@ -2067,7 +2073,6 @@ var createAgentRequestSchema = z.object({
|
|
|
2067
2073
|
authorization: z.record(z.string(), z.unknown()).nullish().describe(
|
|
2068
2074
|
"Agent authorization policy. Null clears explicit policy; omitted uses the default workspace-write policy."
|
|
2069
2075
|
),
|
|
2070
|
-
confirmation_required: z.array(z.string()).max(200).optional(),
|
|
2071
2076
|
...agentCompactionFields,
|
|
2072
2077
|
type: z.enum(["user", "generated"]).optional().describe("Agent type."),
|
|
2073
2078
|
memory_folder: z.string().max(500).nullish(),
|
|
@@ -2082,7 +2087,6 @@ var updateAgentRequestSchema = z.object({
|
|
|
2082
2087
|
description: z.string().max(2e3).nullish(),
|
|
2083
2088
|
system_prompt: z.string().max(131072).nullish(),
|
|
2084
2089
|
authorization: z.record(z.string(), z.unknown()).nullish().describe("Agent authorization policy. Null clears explicit policy."),
|
|
2085
|
-
confirmation_required: z.array(z.string()).max(200).optional(),
|
|
2086
2090
|
...agentCompactionFields,
|
|
2087
2091
|
type: z.enum(["user", "generated"]).optional(),
|
|
2088
2092
|
memory_folder: z.string().max(500).nullish(),
|
|
@@ -5190,6 +5194,10 @@ var secretResponseSchema = z.object({
|
|
|
5190
5194
|
type: z.string().nullish(),
|
|
5191
5195
|
/** Masked last-4 preview — never reconstructs the value. */
|
|
5192
5196
|
value_preview: z.string().nullish(),
|
|
5197
|
+
/** ISO-8601 expiry instant, or null. Past expiry blocks injection. */
|
|
5198
|
+
expires_at: z.string().nullish(),
|
|
5199
|
+
/** ISO-8601 of the last reveal/inject, or null if never used. */
|
|
5200
|
+
last_used_at: z.string().nullish(),
|
|
5193
5201
|
created_at: z.string(),
|
|
5194
5202
|
updated_at: z.string()
|
|
5195
5203
|
}).meta({ id: "Secret" });
|
|
@@ -5212,11 +5220,14 @@ var createSecretRequestSchema = z.object({
|
|
|
5212
5220
|
"ssh_private_key",
|
|
5213
5221
|
"ssh_public_key"
|
|
5214
5222
|
]).optional(),
|
|
5223
|
+
/** ISO-8601 expiry instant; null/omitted = never expires. */
|
|
5224
|
+
expires_at: z.string().datetime({ offset: true }).nullish(),
|
|
5215
5225
|
workspace_id: z.string().max(64).optional()
|
|
5216
5226
|
});
|
|
5217
5227
|
var updateSecretRequestSchema = z.object({
|
|
5218
5228
|
value: z.string().min(1).optional(),
|
|
5219
|
-
description: z.string().max(1e3).nullish()
|
|
5229
|
+
description: z.string().max(1e3).nullish(),
|
|
5230
|
+
expires_at: z.string().datetime({ offset: true }).nullish()
|
|
5220
5231
|
});
|
|
5221
5232
|
var secretsCommands = [
|
|
5222
5233
|
cmd({
|
|
@@ -5320,11 +5331,20 @@ var secretsPlaybook = {
|
|
|
5320
5331
|
" contents. Don't ask the user to paste a secret into the chat.",
|
|
5321
5332
|
"",
|
|
5322
5333
|
"- `create --name OPENAI_API_KEY --value <v>`: prefer ALL_CAPS names (they map",
|
|
5323
|
-
" cleanly to env vars).
|
|
5334
|
+
" cleanly to env vars). Optional `--expires-at <ISO-8601>`. Unique per workspace.",
|
|
5324
5335
|
"- `update` ROTATES: the old value is destroyed immediately and anything using",
|
|
5325
5336
|
" it breaks until re-pointed. There is no rename \u2014 create a new one.",
|
|
5326
5337
|
"- `delete` is immediate and irreversible.",
|
|
5327
5338
|
"",
|
|
5339
|
+
"Using a secret at run time (pass the NAME, never the value):",
|
|
5340
|
+
"- `code execute --secrets '[\"GITHUB_TOKEN\"]'` \u2192 the script sees it as the env",
|
|
5341
|
+
" var `GITHUB_TOKEN`; `bash --secrets [...]` and `computer exec --secrets [...]`",
|
|
5342
|
+
" work the same. The value is injected server-side and redacted from output.",
|
|
5343
|
+
// biome-ignore lint/suspicious/noTemplateCurlyInString: literal ${secret:NAME} reference syntax, not a template placeholder
|
|
5344
|
+
"- Or embed `${secret:NAME}` inside a free-form `env` value (e.g.",
|
|
5345
|
+
// biome-ignore lint/suspicious/noTemplateCurlyInString: literal example of the ${secret:NAME} syntax
|
|
5346
|
+
" `DATABASE_URL=postgres://app:${secret:DB_PASSWORD}@db`).",
|
|
5347
|
+
"",
|
|
5328
5348
|
"Anti-patterns: never print, log, or repeat a secret value the user gives you \u2014",
|
|
5329
5349
|
"create it and move on. Secrets live here, not as Drive files and not in chat."
|
|
5330
5350
|
].join("\n")
|
|
@@ -5681,6 +5701,7 @@ function parseIdaptCommand(cmd2) {
|
|
|
5681
5701
|
args: parsedFlags.args,
|
|
5682
5702
|
timeoutSeconds,
|
|
5683
5703
|
background: parsedFlags.args.background === true,
|
|
5704
|
+
requiresConfirmation: parsedFlags.args.requiresConfirmation === true || parsedFlags.args["requires-confirmation"] === true || parsedFlags.args.requires_confirmation === true,
|
|
5684
5705
|
help: parsedFlags.args.help === true,
|
|
5685
5706
|
instructions: parsedFlags.args.instructions === true
|
|
5686
5707
|
}
|
|
@@ -5963,6 +5984,8 @@ var VERB_OVERRIDES = {
|
|
|
5963
5984
|
"trigger read": "trigger get",
|
|
5964
5985
|
"trigger edit": "trigger update",
|
|
5965
5986
|
"trigger fire": "trigger test-fire",
|
|
5987
|
+
// secrets — `edit` is the natural verb; the contract op is `update` (rotate).
|
|
5988
|
+
"secret edit": "secret update",
|
|
5966
5989
|
// utility → catalog
|
|
5967
5990
|
"utility search-llm-models": "models search",
|
|
5968
5991
|
"utility search-image-models": "image search",
|
|
@@ -6404,5 +6427,5 @@ function createFetchTransport(opts) {
|
|
|
6404
6427
|
}
|
|
6405
6428
|
|
|
6406
6429
|
export { VERB_OVERRIDES, autoMode, commandsForResource, createFetchTransport, execute, executeCommand, findCommand, getResourcePlaybook, listCommands, listResources, mapArgsToV1, parseInvocation, quoteToken, reconcileToV1, render, renderHelp, renderInstructions, resolveCommand, toSnakeKey };
|
|
6407
|
-
//# sourceMappingURL=chunk-
|
|
6408
|
-
//# sourceMappingURL=chunk-
|
|
6430
|
+
//# sourceMappingURL=chunk-TYSHO65D.js.map
|
|
6431
|
+
//# sourceMappingURL=chunk-TYSHO65D.js.map
|