@idapt/cli 1.8.1 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/bin.js CHANGED
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- import { createFetchTransport, execute, autoMode, commandsForResource, findCommand, renderHelp, listResources, renderInstructions, quoteToken } from './chunk-ZCMZH43X.js';
2
+ import { createFetchTransport, execute, autoMode, commandsForResource, findCommand, renderHelp, listResources, renderInstructions, quoteToken } from './chunk-TYSHO65D.js';
3
3
  import { readFileSync, mkdirSync, writeFileSync, chmodSync, rmSync } from 'fs';
4
4
  import { spawn } from 'child_process';
5
5
  import { dirname, join } from 'path';
@@ -8,7 +8,7 @@ import { createServer } from 'http';
8
8
  import { randomBytes, createHash } from 'crypto';
9
9
 
10
10
  // src/version.ts
11
- var VERSION = "1.8.1";
11
+ var VERSION = "1.9.0";
12
12
  var USER_AGENT = `idapt-cli/${VERSION}`;
13
13
  function canOpenBrowser(env, isTty) {
14
14
  if (!isTty) return false;
@@ -534,7 +534,10 @@ var listCodeRunsRequestSchema = z.object({
534
534
  var executeCodeRequestSchema = z.object({
535
535
  file_id: z.string(),
536
536
  timeout_seconds: z.number().int().min(1).max(300).default(30),
537
- env: z.record(z.string(), z.string()).optional()
537
+ env: z.record(z.string(), z.string()).optional(),
538
+ // Names of workspace secrets to inject as env vars (resolved server-side; the
539
+ // values never appear in the response and are redacted from stdout/stderr).
540
+ secrets: z.array(z.string()).max(50).optional()
538
541
  });
539
542
  var emptyCodeRequestSchema = z.object({});
540
543
  var RUN_COLUMNS = [
@@ -598,7 +601,7 @@ var codeCommands = [
598
601
  async: true,
599
602
  tags: ["Code Runs"],
600
603
  summary: "Execute a code file (js/ts/py/sh) in a sandbox; returns the run.",
601
- description: "Execute a code file (.js, .ts, .py, .sh) in a sandboxed Lambda environment. Returns stdout, stderr, exit code, and timing.",
604
+ description: "Execute a code file (.js, .ts, .py, .sh) in a sandboxed Lambda environment. Returns stdout, stderr, exit code, and timing. Pass `secrets` (workspace secret names) to inject them as env vars \u2014 resolved server-side, never returned, and redacted from output.",
602
605
  errors: [403, 404, 429],
603
606
  columns: RUN_COLUMNS
604
607
  }),
@@ -815,7 +818,11 @@ var updateComputerRequestSchema = z.object({
815
818
  var computerExecRequestSchema = z.object({
816
819
  command: z.string().min(1).max(8192).describe("Shell command to run."),
817
820
  timeout_seconds: z.number().int().min(1).max(900).optional(),
818
- user: z.string().regex(usernamePattern).optional().describe("Unix user to run the command as.")
821
+ user: z.string().regex(usernamePattern).optional().describe("Unix user to run the command as."),
822
+ secrets: z.array(z.string()).max(50).optional().describe(
823
+ "Names of workspace secrets to inject. Resolved server-side, mounted by the daemon, never returned, and redacted from output."
824
+ ),
825
+ secret_mount_mode: z.enum(["env", "file"]).optional().describe("env (default) exports vars; file writes /run/idapt-secrets/.")
819
826
  });
820
827
  var computerTmuxRequestSchema = z.object({
821
828
  op: z.enum(["list", "run", "capture", "send", "kill"]).describe("Operation discriminator; the response shape depends on `op`."),
@@ -1734,7 +1741,6 @@ var agentResponseSchema = z.object({
1734
1741
  workspace_id: z.string().nullish(),
1735
1742
  type: z.string().nullish(),
1736
1743
  permissions: z.array(z.record(z.string(), z.unknown())).nullish(),
1737
- confirmation_required: z.array(z.string()).optional(),
1738
1744
  compaction_preset: z.enum(["minimal", "normal", "detailed"]).nullish(),
1739
1745
  compaction_summary_percent: z.number().nullish(),
1740
1746
  compaction_summary_max_tokens: z.number().nullish(),
@@ -2067,7 +2073,6 @@ var createAgentRequestSchema = z.object({
2067
2073
  authorization: z.record(z.string(), z.unknown()).nullish().describe(
2068
2074
  "Agent authorization policy. Null clears explicit policy; omitted uses the default workspace-write policy."
2069
2075
  ),
2070
- confirmation_required: z.array(z.string()).max(200).optional(),
2071
2076
  ...agentCompactionFields,
2072
2077
  type: z.enum(["user", "generated"]).optional().describe("Agent type."),
2073
2078
  memory_folder: z.string().max(500).nullish(),
@@ -2082,7 +2087,6 @@ var updateAgentRequestSchema = z.object({
2082
2087
  description: z.string().max(2e3).nullish(),
2083
2088
  system_prompt: z.string().max(131072).nullish(),
2084
2089
  authorization: z.record(z.string(), z.unknown()).nullish().describe("Agent authorization policy. Null clears explicit policy."),
2085
- confirmation_required: z.array(z.string()).max(200).optional(),
2086
2090
  ...agentCompactionFields,
2087
2091
  type: z.enum(["user", "generated"]).optional(),
2088
2092
  memory_folder: z.string().max(500).nullish(),
@@ -5190,6 +5194,10 @@ var secretResponseSchema = z.object({
5190
5194
  type: z.string().nullish(),
5191
5195
  /** Masked last-4 preview — never reconstructs the value. */
5192
5196
  value_preview: z.string().nullish(),
5197
+ /** ISO-8601 expiry instant, or null. Past expiry blocks injection. */
5198
+ expires_at: z.string().nullish(),
5199
+ /** ISO-8601 of the last reveal/inject, or null if never used. */
5200
+ last_used_at: z.string().nullish(),
5193
5201
  created_at: z.string(),
5194
5202
  updated_at: z.string()
5195
5203
  }).meta({ id: "Secret" });
@@ -5212,11 +5220,14 @@ var createSecretRequestSchema = z.object({
5212
5220
  "ssh_private_key",
5213
5221
  "ssh_public_key"
5214
5222
  ]).optional(),
5223
+ /** ISO-8601 expiry instant; null/omitted = never expires. */
5224
+ expires_at: z.string().datetime({ offset: true }).nullish(),
5215
5225
  workspace_id: z.string().max(64).optional()
5216
5226
  });
5217
5227
  var updateSecretRequestSchema = z.object({
5218
5228
  value: z.string().min(1).optional(),
5219
- description: z.string().max(1e3).nullish()
5229
+ description: z.string().max(1e3).nullish(),
5230
+ expires_at: z.string().datetime({ offset: true }).nullish()
5220
5231
  });
5221
5232
  var secretsCommands = [
5222
5233
  cmd({
@@ -5320,11 +5331,20 @@ var secretsPlaybook = {
5320
5331
  " contents. Don't ask the user to paste a secret into the chat.",
5321
5332
  "",
5322
5333
  "- `create --name OPENAI_API_KEY --value <v>`: prefer ALL_CAPS names (they map",
5323
- " cleanly to env vars). Names are unique per workspace.",
5334
+ " cleanly to env vars). Optional `--expires-at <ISO-8601>`. Unique per workspace.",
5324
5335
  "- `update` ROTATES: the old value is destroyed immediately and anything using",
5325
5336
  " it breaks until re-pointed. There is no rename \u2014 create a new one.",
5326
5337
  "- `delete` is immediate and irreversible.",
5327
5338
  "",
5339
+ "Using a secret at run time (pass the NAME, never the value):",
5340
+ "- `code execute --secrets '[\"GITHUB_TOKEN\"]'` \u2192 the script sees it as the env",
5341
+ " var `GITHUB_TOKEN`; `bash --secrets [...]` and `computer exec --secrets [...]`",
5342
+ " work the same. The value is injected server-side and redacted from output.",
5343
+ // biome-ignore lint/suspicious/noTemplateCurlyInString: literal ${secret:NAME} reference syntax, not a template placeholder
5344
+ "- Or embed `${secret:NAME}` inside a free-form `env` value (e.g.",
5345
+ // biome-ignore lint/suspicious/noTemplateCurlyInString: literal example of the ${secret:NAME} syntax
5346
+ " `DATABASE_URL=postgres://app:${secret:DB_PASSWORD}@db`).",
5347
+ "",
5328
5348
  "Anti-patterns: never print, log, or repeat a secret value the user gives you \u2014",
5329
5349
  "create it and move on. Secrets live here, not as Drive files and not in chat."
5330
5350
  ].join("\n")
@@ -5681,6 +5701,7 @@ function parseIdaptCommand(cmd2) {
5681
5701
  args: parsedFlags.args,
5682
5702
  timeoutSeconds,
5683
5703
  background: parsedFlags.args.background === true,
5704
+ requiresConfirmation: parsedFlags.args.requiresConfirmation === true || parsedFlags.args["requires-confirmation"] === true || parsedFlags.args.requires_confirmation === true,
5684
5705
  help: parsedFlags.args.help === true,
5685
5706
  instructions: parsedFlags.args.instructions === true
5686
5707
  }
@@ -5963,6 +5984,8 @@ var VERB_OVERRIDES = {
5963
5984
  "trigger read": "trigger get",
5964
5985
  "trigger edit": "trigger update",
5965
5986
  "trigger fire": "trigger test-fire",
5987
+ // secrets — `edit` is the natural verb; the contract op is `update` (rotate).
5988
+ "secret edit": "secret update",
5966
5989
  // utility → catalog
5967
5990
  "utility search-llm-models": "models search",
5968
5991
  "utility search-image-models": "image search",
@@ -6404,5 +6427,5 @@ function createFetchTransport(opts) {
6404
6427
  }
6405
6428
 
6406
6429
  export { VERB_OVERRIDES, autoMode, commandsForResource, createFetchTransport, execute, executeCommand, findCommand, getResourcePlaybook, listCommands, listResources, mapArgsToV1, parseInvocation, quoteToken, reconcileToV1, render, renderHelp, renderInstructions, resolveCommand, toSnakeKey };
6407
- //# sourceMappingURL=chunk-ZCMZH43X.js.map
6408
- //# sourceMappingURL=chunk-ZCMZH43X.js.map
6430
+ //# sourceMappingURL=chunk-TYSHO65D.js.map
6431
+ //# sourceMappingURL=chunk-TYSHO65D.js.map