@keystrokehq/cli 0.0.1

package/dist/env.handler-BAzBuMzQ.mjs

@@ -0,0 +1,277 @@
+#!/usr/bin/env node
+
+import { C as CliExitError, D as throwReportedCliExit, h as toErrorMessage, m as isNetworkError, o as ANSI, p as isAuthError, s as style, t as ui, u as REAUTH_HINT } from "./keystroke.mjs";
+import { d as trackProject } from "./dist-CUK7yBM0.mjs";
+import { i as writeJson } from "./output-DM4b7KgY.mjs";
+import { n as CredentialScopeSchema, t as ConnectionStatusSchema } from "./schema-17qMfNyI.mjs";
+import { a as readManifestsFromOutDir } from "./dist-BkJUoBiG.mjs";
+import { t as requireWorkflowsDir } from "./resolve-project-DDJ29sCF.mjs";
+import { i as requireClient } from "./context-T7HZuB97.mjs";
+import { t as getIntegrationCatalog } from "./integration-catalog-Bt-L3GjF.mjs";
+import { t as groupCredentialRequirements } from "./credentials-OfVHOtG3.mjs";
+import { z } from "zod";
+import Table from "cli-table3";
+//#region ../../packages/shared-types/src/credentials/api/responses.ts
+/**
+* credentials/api/responses.ts
+*
+* Response types for credential management endpoints.
+*/
+/** Schema for a credential set in API responses (no values) */
+const CredentialSetResponseSchema = z.object({
+	id: z.string(),
+	organizationId: z.string(),
+	credentialSetId: z.string(),
+	name: z.string(),
+	scope: CredentialScopeSchema,
+	userId: z.string().nullable(),
+	/** Set for project-scoped credential sets; null for all other scopes. */
+	projectId: z.uuid().nullable(),
+	isDefault: z.boolean(),
+	/** Whether this connection was established through Keystroke's platform OAuth flow. */
+	platformConnected: z.boolean(),
+	/** Health status of this connection. */
+	connectionStatus: ConnectionStatusSchema,
+	/** Token expiry for refreshable platform OAuth connections. Null for long-lived and user-managed. */
+	expiresAt: z.string().nullable(),
+	createdAt: z.string(),
+	updatedAt: z.string(),
+	/** Keys present in this credential set (values are never returned) */
+	keys: z.array(z.string()).optional()
+});
+z.object({ 
+/** All credential sets created, one per requested scope. */
+credentialSets: z.array(CredentialSetResponseSchema) });
+z.object({
+	credentialSets: z.array(CredentialSetResponseSchema),
+	pagination: z.object({
+		limit: z.number(),
+		offset: z.number(),
+		total: z.number()
+	})
+});
+z.object({ credentialSet: CredentialSetResponseSchema });
+z.object({ credentialSet: CredentialSetResponseSchema });
+z.object({ success: z.literal(true) });
+z.object({
+	success: z.literal(true),
+	updatedKeys: z.array(z.string())
+});
+z.object({ 
+/** Decrypted credential key-value pairs (e.g., { "SLACK_BOT_TOKEN": "xoxb-..." }) */
+credentials: z.record(z.string(), z.string()) });
+const CredentialResolutionRemediationSchema = z.object({
+	/** Human-friendly credential or integration label. */
+	displayName: z.string(),
+	/** High-level auth model for the missing or incomplete requirement. */
+	connectionType: z.enum([
+		"oauth",
+		"manual",
+		"internal"
+	]),
+	/** Primary action a user should take next. */
+	action: z.enum([
+		"connect",
+		"reconnect",
+		"upload",
+		"contact_admin"
+	]),
+	/** Human-facing fix summary that should avoid internal credential-set IDs. */
+	summary: z.string(),
+	/** Suggested CLI command when Keystroke can point to one. */
+	command: z.string().optional(),
+	/** Missing keys when a credential set exists but is incomplete. */
+	missingKeys: z.array(z.string()).optional()
+});
+const ResolveCredentialsErrorResponseSchema = z.object({
+	error: z.string(),
+	message: z.string().optional(),
+	detail: z.string().optional(),
+	remediation: CredentialResolutionRemediationSchema.optional(),
+	requestedKeys: z.array(z.string()).optional()
+});
+z.discriminatedUnion("status", [z.object({
+	status: z.literal("exchanged"),
+	/** The credential set the server persisted values into. */
+	credentialSetId: z.string(),
+	/** Keys persisted from the exchange hook's returned `stored` payload. */
+	keys: z.array(z.string()),
+	/** ISO timestamp when the stored payload expires, if any. */
+	expiresAt: z.string().datetime().nullable().optional()
+}), z.object({
+	status: z.literal("needs-reinput"),
+	/** Optional user-facing message provided by the connection author. */
+	message: z.string().optional()
+})]);
+//#endregion
+//#region src/commands/workflows/env/env.handler.ts
+/** 404 = no credential set, 422 = missing keys — these are expected "not configured" responses */
+function isCredentialNotConfiguredError(error) {
+	if (typeof error === "object" && error !== null && "response" in error && typeof error.response?.status === "number") {
+		const status = error.response.status;
+		return status === 404 || status === 422;
+	}
+	return false;
+}
+async function handleWorkflowsEnv(options, ctx) {
+	const client = requireClient(ctx);
+	const workflowsDir = await requireWorkflowsDir(options.path);
+	trackProject(workflowsDir);
+	const manifests = await readManifestsFromOutDir(workflowsDir, options.workflow);
+	if (manifests.length === 0) if (options.workflow) {
+		ui.error(`Workflow "${options.workflow}" not found.`);
+		ui.hint("Run `keystroke workflows build` first, then re-run this command.");
+		throwReportedCliExit(`Workflow "${options.workflow}" not found.`);
+	} else {
+		ui.hint("No built manifests found.");
+		ui.hint("Run `keystroke workflows build` first, then re-run this command.");
+		return;
+	}
+	const catalog = await getIntegrationCatalog(ctx);
+	const results = [];
+	for (const { manifest } of manifests) try {
+		const result = await buildWorkflowEnvResult(manifest, client, catalog);
+		results.push(result);
+	} catch (error) {
+		if (isNetworkError(error)) {
+			const url = ctx.baseUrl ?? "unknown";
+			ui.error(`Cannot reach the server. Tried: ${url}`);
+			ui.hint(`  ${toErrorMessage(error)}`);
+			ui.hint("  Credential status cannot be verified when the server is unreachable.");
+			throwReportedCliExit("Cannot verify credential status because the server is unreachable.", { cause: error });
+		}
+		if (isAuthError(error)) {
+			ui.error(`Invalid or expired credentials. ${REAUTH_HINT}`);
+			ui.hint(toErrorMessage(error));
+			throwReportedCliExit("Invalid or expired credentials.", { cause: error });
+		}
+		throw error;
+	}
+	if (ctx.jsonMode) writeJson(results.map((r) => ({
+		workflowName: r.workflowName,
+		requirements: r.requirements.map((req) => ({
+			varName: req.varName,
+			credentialSetId: req.credentialSetId,
+			sourceLabel: req.sourceLabel,
+			scope: req.scope,
+			isPresent: req.status === "set"
+		}))
+	})));
+	else renderTable(results);
+	if (options.check) {
+		if (results.some((r) => r.requirements.some((req) => req.status === "missing"))) throw new CliExitError("Missing workflow environment requirements.", {
+			exitCode: 1,
+			reported: true
+		});
+	}
+}
+async function buildWorkflowEnvResult(manifest, client, catalog) {
+	const seen = /* @__PURE__ */ new Set();
+	const requirements = [];
+	const fixes = [];
+	const groups = groupCredentialRequirements(manifest);
+	for (const group of groups) {
+		const defaultSourceLabel = getCredentialSourceLabel(catalog, group.credentialSetId);
+		try {
+			const scope = group.scope === "organization" || group.scope === "project" ? group.scope : void 0;
+			const response = await client.credentials.resolve({
+				credentialSetId: group.credentialSetId,
+				keys: group.keys,
+				...scope && { scope }
+			});
+			const configuredKeys = new Set(Object.keys(response.credentials));
+			for (const key of group.keys) {
+				if (seen.has(key)) continue;
+				seen.add(key);
+				requirements.push({
+					varName: key,
+					credentialSetId: group.credentialSetId,
+					sourceLabel: defaultSourceLabel,
+					scope: group.scope,
+					status: configuredKeys.has(key) ? "set" : "missing"
+				});
+			}
+		} catch (err) {
+			if (!isCredentialNotConfiguredError(err)) throw err;
+			const resolutionError = await readCredentialResolutionError(err);
+			if (resolutionError?.remediation?.summary) addWorkflowFix(fixes, {
+				displayName: resolutionError.remediation.displayName,
+				summary: resolutionError.remediation.summary
+			});
+			for (const key of group.keys) {
+				if (seen.has(key)) continue;
+				seen.add(key);
+				requirements.push({
+					varName: key,
+					credentialSetId: group.credentialSetId,
+					sourceLabel: resolutionError?.remediation?.displayName ?? defaultSourceLabel,
+					scope: group.scope,
+					status: "missing"
+				});
+			}
+		}
+	}
+	return {
+		workflowName: manifest.name,
+		requirements,
+		fixes
+	};
+}
+function renderTable(results) {
+	for (const result of results) {
+		ui.text(style(`◆  Workflow: ${result.workflowName}`, ANSI.bold));
+		if (result.requirements.length === 0) {
+			ui.hint("  No environment variables required.");
+			ui.br();
+			continue;
+		}
+		const table = new Table({
+			head: [
+				"Variable",
+				"Source",
+				"Scope",
+				"Status"
+			],
+			style: { head: [] }
+		});
+		for (const req of result.requirements) {
+			const statusText = req.status === "set" ? style("set", `${ANSI.bold}${ANSI.green}`) : style("missing", `${ANSI.bold}${ANSI.red}`);
+			table.push([
+				req.varName,
+				req.sourceLabel ?? req.credentialSetId ?? style("—", ANSI.dim),
+				req.scope ?? style("—", ANSI.dim),
+				statusText
+			]);
+		}
+		ui.text(table.toString());
+		const missingCount = result.requirements.filter((r) => r.status === "missing").length;
+		const total = result.requirements.length;
+		if (missingCount > 0) {
+			ui.warn(`${missingCount} of ${total} required credential(s) are missing on the server.`);
+			if (result.fixes.length > 0) {
+				ui.text("Suggested fixes:");
+				for (const fix of result.fixes) ui.hint(`  ${fix.summary}`);
+			}
+		} else if (total > 0) ui.success(`All ${total} required credential(s) are set on the server.`);
+		ui.br();
+	}
+}
+async function readCredentialResolutionError(error) {
+	if (typeof error !== "object" || error === null || !("response" in error) || typeof error.response?.clone !== "function") return;
+	try {
+		const response = error.response;
+		return ResolveCredentialsErrorResponseSchema.parse(await response.clone().json());
+	} catch {
+		return;
+	}
+}
+function getCredentialSourceLabel(catalog, credentialSetId) {
+	if (!credentialSetId) return null;
+	return catalog.byResolvedCredentialSetId.get(credentialSetId)?.label ?? credentialSetId;
+}
+function addWorkflowFix(fixes, fix) {
+	if (fixes.some((existing) => existing.summary === fix.summary)) return;
+	fixes.push(fix);
+}
+//#endregion
+export { handleWorkflowsEnv };

package/dist/error-boundary-VL-JLfIa.mjs

@@ -0,0 +1,34 @@
+#!/usr/bin/env node
+
+import { C as CliExitError, h as toErrorMessage, i as logger, m as isNetworkError, t as ui } from "./keystroke.mjs";
+import { r as isJsonMode } from "./output-DM4b7KgY.mjs";
+import { n as renderCredentialSchemaMismatchText, r as writeCredentialSchemaMismatchJson, t as isCredentialSchemaMismatchErrorLike } from "./credential-schema-mismatch-BKo5PjcQ.mjs";
+//#region src/lib/error-boundary.ts
+async function withErrorBoundary(commandName, fn, options = {}) {
+	const jsonMode = options.json ?? isJsonMode({});
+	try {
+		await fn();
+	} catch (error) {
+		if (error instanceof CliExitError) throw error.markReported();
+		if (isCredentialSchemaMismatchErrorLike(error)) {
+			const message = toErrorMessage(error);
+			logger.error(`${commandName} error`, { error: message });
+			if (jsonMode) writeCredentialSchemaMismatchJson(error);
+			else renderCredentialSchemaMismatchText(ui, error);
+			throw new CliExitError(message, {
+				cause: error,
+				reported: true
+			});
+		}
+		const message = toErrorMessage(error);
+		logger.error(`${commandName} error`, { error: message });
+		ui.error(`${commandName} error: ${message}`);
+		if (isNetworkError(error)) ui.hint("Tip: If using a local server, ensure it is running (e.g. turbo dev) and that the database is available.");
+		throw new CliExitError(message, {
+			cause: error,
+			reported: true
+		});
+	}
+}
+//#endregion
+export { withErrorBoundary as t };

package/dist/file-metadata-D1vm-XY2.mjs

@@ -0,0 +1,191 @@
+#!/usr/bin/env node
+
+import { S as SourceLocationSchema, b as CapturedVariableSchema } from "./schedule-BXx3uXwr.mjs";
+import { z } from "zod";
+z.enum([
+	"pending",
+	"running",
+	"completed",
+	"failed",
+	"cancelled",
+	"expired",
+	"suspended",
+	"suspended_cred_wait"
+]);
+z.enum([
+	"queued",
+	"running",
+	"completed",
+	"failed",
+	"suspended",
+	"cancelled"
+]);
+z.enum([
+	"queued",
+	"running",
+	"completed",
+	"failed",
+	"suspended",
+	"cancelled"
+]);
+z.enum(["workflow", "step"]);
+const TriggerTypeSchema = z.enum([
+	"webhook",
+	"cron",
+	"polling"
+]);
+z.enum(["custom", "app"]);
+z.enum([
+	"cli-test",
+	"webhook",
+	"cron",
+	"polling"
+]);
+z.enum([
+	"GET",
+	"POST",
+	"PUT",
+	"PATCH"
+]);
+z.enum([
+	"filter",
+	"idempotencyKey",
+	"verify",
+	"callback"
+]);
+//#endregion
+//#region ../../packages/shared-types/src/workflows/build-output/file-metadata.ts
+function isNormalizedRelativePath(value) {
+	if (value.length === 0) return false;
+	if (value.startsWith("/") || value.startsWith("./") || value.startsWith("../")) return false;
+	if (value.split("/").some((segment) => segment.length === 0 || segment === "." || segment === "..")) return false;
+	return !value.includes("\\");
+}
+const FILE_METADATA_SCHEMA_VERSION = "1.0.0";
+const RelativeFilePathSchema = z.string().min(1).refine(isNormalizedRelativePath, { error: "Expected a normalized project-relative path" });
+const WorkflowDelegatedAgentRefSchema = z.object({
+	exportName: z.string().min(1),
+	authoredAgentId: z.string().min(1).optional(),
+	agentName: z.string().min(1),
+	sourceFilePath: RelativeFilePathSchema.optional()
+});
+const WorkflowDelegatedWorkflowRefSchema = z.object({
+	exportName: z.string().min(1),
+	authoredWorkflowId: z.string().min(1).optional(),
+	workflowName: z.string().min(1),
+	sourceFilePath: RelativeFilePathSchema.optional()
+});
+const FileWorkflowDefinitionSchema = z.object({
+	name: z.string().min(1),
+	exportName: z.string().min(1),
+	workflowId: z.string().min(1).optional(),
+	description: z.string().optional(),
+	delegatedAgents: z.array(WorkflowDelegatedAgentRefSchema).optional(),
+	delegatedWorkflows: z.array(WorkflowDelegatedWorkflowRefSchema).optional(),
+	source: SourceLocationSchema,
+	capturedVariables: z.array(CapturedVariableSchema).optional()
+});
+const FileOperationDefinitionSchema = z.object({
+	name: z.string().min(1),
+	exportName: z.string().min(1),
+	source: SourceLocationSchema,
+	capturedVariables: z.array(CapturedVariableSchema).optional(),
+	isBundle: z.boolean().optional()
+});
+const FileAgentDefinitionSchema = z.object({
+	agentName: z.string().min(1),
+	exportName: z.string().min(1),
+	factoryName: z.string().min(1).optional(),
+	source: SourceLocationSchema,
+	capturedVariables: z.array(CapturedVariableSchema).optional()
+});
+const FileTriggerDefinitionSchema = z.object({
+	name: z.string().min(1).optional(),
+	triggerType: TriggerTypeSchema,
+	exportName: z.string().min(1),
+	source: SourceLocationSchema
+});
+const FileCredentialSetDefinitionSchema = z.object({
+	credentialSetName: z.string().min(1),
+	resolvedCredentialSetId: z.string().min(1).optional(),
+	exportName: z.string().min(1),
+	source: SourceLocationSchema
+});
+const FileSandboxDefinitionSchema = z.object({
+	sandboxName: z.string().min(1),
+	exportName: z.string().min(1),
+	source: SourceLocationSchema
+});
+const FileMcpServerDefinitionSchema = z.object({
+	mcpServerName: z.string().min(1),
+	exportName: z.string().min(1),
+	source: SourceLocationSchema
+});
+const FileDefinitionsSchema = z.object({
+	workflows: z.array(FileWorkflowDefinitionSchema).default([]),
+	operations: z.array(FileOperationDefinitionSchema).default([]),
+	agents: z.array(FileAgentDefinitionSchema).default([]),
+	triggers: z.object({ defined: z.array(FileTriggerDefinitionSchema).default([]) }).default({ defined: [] }),
+	credentialSets: z.array(FileCredentialSetDefinitionSchema).default([]),
+	sandboxes: z.array(FileSandboxDefinitionSchema).default([]),
+	mcpServers: z.array(FileMcpServerDefinitionSchema).default([])
+});
+const StepConsumptionEntrySchema = z.object({
+	stepName: z.string().min(1),
+	consumedInFile: RelativeFilePathSchema,
+	workflowName: z.string().min(1),
+	nodeId: z.string().min(1)
+});
+const FileConsumptionSchema = z.object({ stepsConsumedBy: z.array(StepConsumptionEntrySchema).default([]) });
+const FileCredentialRefSchema = z.object({
+	resolvedId: z.string().min(1),
+	scope: z.string().optional(),
+	credentialKeys: z.array(z.string()).optional()
+});
+const FileImportEntrySchema = z.object({
+	moduleSpecifier: z.string().min(1),
+	importNames: z.array(z.string()).default([]),
+	isNamespaceImport: z.boolean().optional(),
+	namespaceName: z.string().optional(),
+	resolvedPath: RelativeFilePathSchema.optional()
+});
+const FileExportEntrySchema = z.object({
+	exportName: z.string().min(1),
+	kind: z.enum([
+		"workflow",
+		"operation",
+		"agent",
+		"trigger",
+		"credential-set",
+		"sandbox",
+		"mcp-server",
+		"other"
+	])
+});
+const FileMetadataBuildInfoSchema = z.object({
+	generatedAt: z.iso.datetime(),
+	sourceChecksum: z.string().length(64).regex(/^[a-f0-9]{64}$/i)
+});
+const FileConventionSchema = z.enum([
+	"workflow",
+	"operation",
+	"trigger",
+	"agent",
+	"credential-set",
+	"sandbox",
+	"mcp-server"
+]).nullable().optional();
+const FileMetadataSchema = z.object({
+	schemaVersion: z.literal(FILE_METADATA_SCHEMA_VERSION),
+	filePath: RelativeFilePathSchema,
+	absoluteFilePath: z.string().min(1).optional(),
+	fileConvention: FileConventionSchema,
+	definitions: FileDefinitionsSchema,
+	consumption: FileConsumptionSchema.default({ stepsConsumedBy: [] }),
+	credentials: z.array(FileCredentialRefSchema).default([]),
+	imports: z.array(FileImportEntrySchema).default([]),
+	exports: z.array(FileExportEntrySchema).default([]),
+	buildInfo: FileMetadataBuildInfoSchema
+});
+//#endregion
+export { FileMetadataSchema as n, RelativeFilePathSchema as r, FILE_METADATA_SCHEMA_VERSION as t };