@keystrokehq/cli 0.1.24 → 0.1.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (31) hide show
  1. package/dist/index.mjs +216 -153
  2. package/dist/index.mjs.map +1 -1
  3. package/dist/{maybe-auto-update-q5MthdI8.mjs → maybe-auto-update-BDvSKDZp.mjs} +2 -2
  4. package/dist/{maybe-auto-update-q5MthdI8.mjs.map → maybe-auto-update-BDvSKDZp.mjs.map} +1 -1
  5. package/dist/skills-bundle/_AGENTS.md +1 -1
  6. package/dist/templates/hello-world/README.md +3 -2
  7. package/dist/{version-DcR3O1UD.mjs → version-pY9N8XlL.mjs} +1 -2
  8. package/dist/version-pY9N8XlL.mjs.map +1 -0
  9. package/package.json +1 -1
  10. package/dist/skills-bundle/skills/keystroke-actions/SKILL.md +0 -160
  11. package/dist/skills-bundle/skills/keystroke-actions/references/catalog-and-imports.md +0 -71
  12. package/dist/skills-bundle/skills/keystroke-agents/SKILL.md +0 -115
  13. package/dist/skills-bundle/skills/keystroke-agents/references/models.md +0 -23
  14. package/dist/skills-bundle/skills/keystroke-agents/references/tools-mcp-codemode.md +0 -85
  15. package/dist/skills-bundle/skills/keystroke-agents/references/workflows-and-testing.md +0 -26
  16. package/dist/skills-bundle/skills/keystroke-apps/SKILL.md +0 -151
  17. package/dist/skills-bundle/skills/keystroke-apps/references/cli-and-catalog.md +0 -104
  18. package/dist/skills-bundle/skills/keystroke-channels/SKILL.md +0 -66
  19. package/dist/skills-bundle/skills/keystroke-channels/references/slack-setup.md +0 -41
  20. package/dist/skills-bundle/skills/keystroke-cli/SKILL.md +0 -93
  21. package/dist/skills-bundle/skills/keystroke-deploy/SKILL.md +0 -93
  22. package/dist/skills-bundle/skills/keystroke-deploy/references/build-and-full-deploy.md +0 -30
  23. package/dist/skills-bundle/skills/keystroke-deploy/references/filtered-deploy.md +0 -50
  24. package/dist/skills-bundle/skills/keystroke-deploy/references/wip-ignore.md +0 -35
  25. package/dist/skills-bundle/skills/keystroke-files/SKILL.md +0 -43
  26. package/dist/skills-bundle/skills/keystroke-skills/SKILL.md +0 -42
  27. package/dist/skills-bundle/skills/keystroke-triggers/SKILL.md +0 -143
  28. package/dist/skills-bundle/skills/keystroke-workflows/SKILL.md +0 -78
  29. package/dist/skills-bundle/skills/keystroke-workflows/references/authoring.md +0 -168
  30. package/dist/skills-bundle/skills/keystroke-workflows/references/testing.md +0 -138
  31. package/dist/version-DcR3O1UD.mjs.map +0 -1
@@ -1,85 +0,0 @@
1
- # Tools, MCP, and codemode
2
-
3
- ## Integration actions as tools
4
-
5
- Most agents use imported integration actions:
6
-
7
- ```ts
8
- import { exaSearch, exaAnswer } from "@keystrokehq/exa/actions";
9
- import { googlesuperFetchEmails, googlesuperSendEmail } from "@keystrokehq/googlesuper/actions";
10
-
11
- tools: [exaSearch, exaAnswer, googlesuperFetchEmails, googlesuperSendEmail],
12
- ```
13
-
14
- See each integration package's `actions` export for available tools.
15
-
16
- ## Your own actions as tools
17
-
18
- ```ts
19
- import { triage } from "../actions/triage";
20
- tools: [triage],
21
- ```
22
-
23
- Same action works in workflows and on agents.
24
-
25
- ## Subagents (delegate to another agent)
26
-
27
- Import another agent into `tools` and the parent delegates a scoped task to the child agent:
28
-
29
- ```ts
30
- import { defineAgent } from "@keystrokehq/keystroke/agent";
31
- import researcher from "./researcher";
32
-
33
- export default defineAgent({
34
- slug: "planner",
35
- systemPrompt: "Plan work. Delegate research to the researcher subagent.",
36
- model: "anthropic/claude-sonnet-4.6",
37
- tools: [researcher],
38
- });
39
- ```
40
-
41
- The tool name is the subagent's `slug`. The tool expects a `message` string parameter.
42
-
43
- ## Workflows as tools
44
-
45
- Import a workflow into `tools` when the agent should trigger a fixed multi-step sequence as one durable tool call:
46
-
47
- ```ts
48
- import { defineAgent } from "@keystrokehq/keystroke/agent";
49
- import refundOrder from "../workflows/refund-order";
50
-
51
- export default defineAgent({
52
- slug: "support",
53
- systemPrompt: "Help customers. To issue a refund, call the refund-order tool.",
54
- model: "anthropic/claude-sonnet-4.6",
55
- tools: [refundOrder],
56
- });
57
- ```
58
-
59
- The tool name is the workflow's `slug`; parameters come from the workflow's `input` schema (must be a Zod object). The workflow runs inline as a tool — it cannot use `ctx.sleep()` or `ctx.hook()`. To run a workflow as its own tracked run instead, call it over HTTP or from a trigger; to reuse it inside another workflow, import it and call `await otherWorkflow.run(input)`.
60
-
61
- ## MCP
62
-
63
- Point an agent at an MCP server with `defineMcp` (from `@keystrokehq/keystroke/agent`) and add the definition to `tools` alongside actions. Each tool the server lists becomes available, prefixed with the server `key` (e.g. `mcp__deepwiki__ask_question`).
64
-
65
- ```ts
66
- import { defineAgent, defineMcp } from "@keystrokehq/keystroke/agent";
67
-
68
- const deepwiki = defineMcp({
69
- key: "deepwiki",
70
- transport: { type: "http", url: "https://mcp.deepwiki.com/mcp" },
71
- });
72
-
73
- export default defineAgent({
74
- slug: "researcher",
75
- systemPrompt: "Use the DeepWiki tools to answer questions about repos.",
76
- model: "anthropic/claude-sonnet-4.6",
77
- tools: [deepwiki],
78
- });
79
- ```
80
-
81
- For servers that require auth, declare credentials on the definition.
82
-
83
- ## Codemode (advanced)
84
-
85
- Default sandbox has bash. For batch tool calls, agents can run js-exec scripts that call `await tools['action-slug'](args)` (the tool name is the action's slug; MCP tools keep their `mcp__<key>__<tool>` prefix). Optional VM runtime via `sandbox: defineSandbox({ mode: "vm" })` (from `@keystrokehq/keystroke/sandbox`).
@@ -1,26 +0,0 @@
1
- # Sessions and workflow handoff
2
-
3
- ## Multi-turn CLI
4
-
5
- ```bash
6
- keystroke agent prompt support --message "What is the refund policy?"
7
- keystroke agent sessions list support
8
- keystroke agent prompt support --message "Summarize that" --session-id <id>
9
- ```
10
-
11
- ## Inspect a session
12
-
13
- ```bash
14
- keystroke agent sessions get support <session-id> --include messages,trace
15
- ```
16
-
17
- Use this when an agent misbehaves or a channel reply looks wrong.
18
-
19
- ## Agent called from a workflow
20
-
21
- Actions invoke agents with `.prompt()` inside `defineAction`. Audit the workflow run, not just the agent session:
22
-
23
- ```bash
24
- keystroke workflow runs list signup-pipeline
25
- keystroke workflow runs get signup-pipeline <run-id> --include steps,trace
26
- ```
@@ -1,151 +0,0 @@
1
- ---
2
- name: keystroke-apps
3
- description: Connectable apps — defineApp, app.action, catalog discovery via keystroke app search, custom app create/sync, and connect. Use when wiring integrations, OAuth, API keys, or a deployed run fails because an app is not connected.
4
- metadata:
5
- keystroke-domain: apps
6
- ---
7
-
8
- # Apps
9
-
10
- An **app** is a connectable integration: a slug, an auth kind, and (for custom apps) a field template. **Connected** = secrets for that app have been uploaded via the connect flow.
11
-
12
- Secrets never live in source or `.env`. `keystroke deploy` uploads code only, not connections — connect the apps your project needs with the connect flow.
13
-
14
- Custom actions that call external APIs need a **credential**. The simplest path is a standalone `defineCredential` declared on a `defineAction`. Reach for an **app** (`defineApp` + `app.action()`) when several actions share one connection, or when you've synced a catalog/custom app into `src/apps/`. See [actions skill](.agents/skills/keystroke-actions/SKILL.md).
15
-
16
- ## Two sources of apps
17
-
18
- | Source | How you get it | Author in code |
19
- | ------ | -------------- | -------------- |
20
- | **Catalog** | ~1000 Composio integrations + first-party (`exa`, `slack`, `googlesuper`) | npm package `@keystrokehq/<slug>` — discover via CLI |
21
- | **Custom** | Dashboard UI or `keystroke app create`, then `keystroke app sync <slug>` | `src/apps/<name>/app.ts` from sync |
22
-
23
- ## Discover catalog integrations
24
-
25
- ```bash
26
- keystroke auth login
27
- keystroke app search github # live Composio catalog
28
- keystroke app show github
29
- keystroke app actions github --search issue
30
- keystroke app action GITHUB_CREATE_ISSUE
31
- keystroke app list # apps registered in your org
32
- ```
33
-
34
- Discovery is read-only — there is no `app install` yet. To connect an app, its slug must be in your org registry (`app list`).
35
-
36
- ## Create and sync custom apps
37
-
38
- Create in the dashboard or CLI, then pull the template into your project:
39
-
40
- ```bash
41
- # Manual custom app (api_key fields)
42
- keystroke app create \
43
- --name "Internal API" \
44
- --description "Our internal service" \
45
- --field apiKey:secret
46
-
47
- # Auto-detect from URL (same as dashboard Create custom app)
48
- keystroke app create --mcp https://mcp.example.com/mcp --preview
49
- keystroke app create --openapi https://example.com/openapi.yaml --name "Example API"
50
-
51
- keystroke app sync acme/internal-api # writes src/apps/internal-api/app.ts
52
- ```
53
-
54
- Re-run `sync` after template changes on the platform. Then author actions with `app.action()` in `src/actions/`.
55
-
56
- ## Author with defineApp
57
-
58
- Synced apps land as `defineApp` in `src/apps/<name>/app.ts`:
59
-
60
- ```ts
61
- import { defineApp } from "@keystrokehq/keystroke/app";
62
- import { z } from "zod";
63
-
64
- export const kwatch = defineApp({
65
- slug: "keystroke/kwatch",
66
- auth: "api_key",
67
- credential: { apiKey: z.string() },
68
- });
69
- ```
70
-
71
- Actions use `app.action()` — the app binding is automatic:
72
-
73
- ```ts
74
- import { kwatch } from "../apps/kwatch/app";
75
-
76
- export const kwatchListAlerts = kwatch.action({
77
- slug: "kwatch-list-alerts",
78
- input: z.object({}),
79
- output: z.object({ ok: z.boolean(), alertCount: z.number() }),
80
- async run(_input, credentials) {
81
- const { apiKey } = credentials["keystroke/kwatch"];
82
- return { ok: true, alertCount: 0 };
83
- },
84
- });
85
- ```
86
-
87
- Auth kinds: `keystroke` (MCP/Composio catalog apps), `api_key` (custom fields), `oauth` (token resolved at runtime). In `run`, read connected fields as `credentials[app.slug]`.
88
-
89
- ## Connect an app
90
-
91
- `keystroke connect <slug>` opens the web app connect flow (OAuth or API-key form, depending on the app). This is how secrets get attached to an app — not via `.env`.
92
-
93
- **Official integrations** — the cleanest path:
94
-
95
- ```bash
96
- keystroke connect google
97
- keystroke connect slack
98
- keystroke connect exa
99
- ```
100
-
101
- **Custom apps** — sync the template first, then connect:
102
-
103
- ```bash
104
- keystroke app sync acme/internal-api
105
- keystroke connect acme/internal-api
106
- ```
107
-
108
- The web app **Apps** page offers the same flow.
109
-
110
- Field names in the connect form match the app's synced template. You pick the scope (project / org / user) in the web connect flow — `keystroke connect` has no `--scope` flag. See [cli-and-catalog.md](references/cli-and-catalog.md).
111
-
112
- ## Connect what your project needs
113
-
114
- A new project starts with **no connected apps**. After deploy, connect the apps it uses:
115
-
116
- ```bash
117
- keystroke deploy --project <id>
118
- keystroke connect google
119
- keystroke connect exa
120
- keystroke app list
121
- ```
122
-
123
- A runtime error about a missing connection almost always means the app hasn't been connected for this project.
124
-
125
- ## Manage & bind credentials
126
-
127
- `keystroke credentials list / get / update --default / rotate-key / delete` manage instances. When several instances share a scope and none is the default, a run can't auto-resolve — set a default, or **bind** an exact instance to one step/tool:
128
-
129
- ```bash
130
- keystroke credentials consumers list --workflow sync # step:<slug>#<n>
131
- keystroke credentials assignments assign --workflow sync --credential org/work --consumer step:fetch-gmail#0
132
- keystroke credentials assignments assign --agent support --credential vault-prod --consumer vault-lookup # tool slug
133
- ```
134
-
135
- An assignment is the explicit selection at the top of the resolution order, so it overrides scope defaults. Full surface: [cli-and-catalog.md](references/cli-and-catalog.md).
136
-
137
- ## Audit
138
-
139
- ```bash
140
- keystroke app list # org-registered apps
141
- keystroke credentials list # connected instances + scope + default
142
- keystroke credentials assignments list --workflow <slug> # which instance is pinned where
143
- ```
144
-
145
- Failed integration call → confirm the app is connected for your project, the action uses the right slug, and (if multiple instances) a default or assignment resolves the right one.
146
-
147
- ## Next references
148
-
149
- - [cli-and-catalog.md](references/cli-and-catalog.md) — `keystroke app` commands, connect, scopes, credential management & binding
150
-
151
- Related: [cli](.agents/skills/keystroke-cli/SKILL.md), [actions](.agents/skills/keystroke-actions/SKILL.md), [channels](.agents/skills/keystroke-channels/SKILL.md).
@@ -1,104 +0,0 @@
1
- # CLI, catalog, connect
2
-
3
- ## Log in once
4
-
5
- ```bash
6
- keystroke auth login
7
- keystroke auth status
8
- ```
9
-
10
- Token is stored in the OS keychain and reused for all CLI commands. See [cli skill](.agents/skills/keystroke-cli/SKILL.md).
11
-
12
- ## keystroke app commands
13
-
14
- All org-scoped; output is JSON.
15
-
16
- | Command | Purpose |
17
- | ------- | ------- |
18
- | `app list` | Apps registered/connectable in your org |
19
- | `app search <query>` | Search live Composio catalog (`--category`, `--limit`, `--cursor`) |
20
- | `app show <slug>` | Single catalog app details |
21
- | `app actions [slug]` | List actions for an app, or global search with `--search` (no slug) |
22
- | `app action <tool-slug>` | Full input/output JSON schema for one action |
23
- | `app create` | Create custom org app — manual (`--name`, `--slug`, `--description`, `--field`) or auto-detect (`--mcp`, `--openapi`, `--graphql`, `--preview`, `--auth`) |
24
- | `app sync <slug>` | Write `src/apps/<name>/app.ts` from platform template (`--dir`) |
25
-
26
- `--field` syntax: `key`, `key:secret`, `key:optional`, `key:public`, or combinations like `key:secret:optional` (repeatable). A bare `key` is **secret by default**; `:public` forces a non-secret field. Manual custom apps require at least one `--field`, and at least one of them must be required (not `:optional`).
27
-
28
- With `--mcp`, `--openapi`, or `--graphql`, auth and credential fields are auto-detected from the URL (same as the dashboard Create custom app dialog). Use `--preview` to print the assembled request without creating; override detected values with `--name`, `--slug`, `--description`, `--field`, or `--auth` (`oauth` / `api_key`, MCP only).
29
-
30
- ```bash
31
- keystroke app create --mcp https://mcp.example.com/mcp --preview
32
- keystroke app create --openapi https://example.com/openapi.yaml --name "Example API"
33
- ```
34
-
35
- ## Connect an app
36
-
37
- `keystroke connect <slug>` attaches secrets to an app via the web app connect flow:
38
-
39
- ```bash
40
- keystroke connect google # official OAuth
41
- keystroke connect slack
42
- keystroke connect exa # official API key
43
- keystroke connect acme/internal-api # custom app (sync first)
44
- keystroke connect <slug> --print-url # deeplink without opening browser
45
- ```
46
-
47
- - **Official integrations** — always prefer `keystroke connect <slug>`
48
- - **Custom apps** — `keystroke app sync <slug>` first, then `keystroke connect <slug>`
49
- - Slug must exist in your org registry (`app list`)
50
- - The web app **Apps** page offers the same flow
51
-
52
- ## Scopes
53
-
54
- A connection is stored at one scope. `keystroke connect` has **no** `--scope` flag — you choose the scope in the web connect flow. To set scope from the CLI, use `keystroke credentials set <key> --scope <scope> [--project-slug <slug>]` (that command defaults to `org`).
55
-
56
- | Scope | When |
57
- | ----- | ---- |
58
- | `project` | Tie to one project |
59
- | `org` | Share with every user and project |
60
- | `user` | Single user's personal connection |
61
-
62
- At runtime resolution prefers the **project default first, then the org default**. Get the active project id from `keystroke config show`.
63
-
64
- ## Manage & bind credentials
65
-
66
- Day-to-day management (output is JSON):
67
-
68
- ```bash
69
- keystroke credentials list # every instance + scope + default flag
70
- keystroke credentials get <credential-id>
71
- keystroke credentials update <credential-id> --label "Prod" --default
72
- keystroke credentials rotate-key <credential-id> --set apiKey=@env:ACME_API_KEY
73
- keystroke credentials delete <credential-id>
74
- ```
75
-
76
- `--default` marks one instance as the default for its app + scope. When several instances share a scope and none is the default, a run can't auto-resolve — set a default, or **bind** a specific instance to the step/tool that needs it.
77
-
78
- ### Bind a specific instance to a step or tool
79
-
80
- An assignment pins an exact credential instance to one consumer. It's the **explicit selection** at the top of the resolution order, so it wins over scope defaults. List the bindable consumers first, then assign:
81
-
82
- ```bash
83
- # Workflow consumers are step correlation ids from recent runs (step:<slug>#<n>)
84
- keystroke credentials consumers list --workflow sync
85
- keystroke credentials assignments assign --workflow sync --credential org/work --consumer step:fetch-gmail#0
86
-
87
- # Agent consumers are tool slugs
88
- keystroke credentials consumers list --agent support
89
- keystroke credentials assignments assign --agent support --credential vault-prod --consumer vault-lookup
90
-
91
- # Omit --consumer (or pass "*") to bind every consumer on the target
92
- keystroke credentials assignments assign --workflow sync --credential work
93
-
94
- keystroke credentials assignments list --workflow sync # inspect bindings
95
- keystroke credentials assignments unassign <assignment-id> # remove one
96
- ```
97
-
98
- - Exactly one of `--workflow <slug>` or `--agent <slug>` is required.
99
- - `--credential` takes an instance slug: `work`, `org/work`, or `<app>/<slug>` (e.g. `linear/work`).
100
- - Workflow consumer ids only appear after a run has produced `step_completed` events; `consumers list` reads them from recent runs.
101
-
102
- ## Where secrets live
103
-
104
- App secrets are **not** read from `.env` and are **never** uploaded by `keystroke deploy` — it ships code only. Attach integration secrets by connecting the app with `keystroke connect <slug>`; they're resolved at runtime for your project.
@@ -1,66 +0,0 @@
1
- ---
2
- name: keystroke-channels
3
- description: Let people use keystroke agents from Slack (external channels) — connect Slack, bind channels with `keystroke channel bind`, pick a listen mode. Use when setting up messaging for agents.
4
- metadata:
5
- keystroke-domain: channels
6
- ---
7
-
8
- # External channels
9
-
10
- External channels route **Slack (and similar) messages** to an agent — people chat in-channel instead of using the CLI. Slack is the only channel today.
11
-
12
- ## Setup (Slack)
13
-
14
- 1. Deploy the agent you want to chat with (`keystroke deploy`)
15
- 2. Connect Slack once for the org: `keystroke connect slack` (or the web app **Apps** page); complete OAuth
16
- 3. Bind a channel to the agent (CLI below, or the agent's **External Channels** panel in the web app)
17
- 4. Message the bound channel per its listen mode
18
-
19
- ## Bind from the CLI
20
-
21
- ```bash
22
- keystroke channel platforms list # supported platforms
23
- keystroke channel accounts --platform slack # connected workspaces (team ids)
24
- keystroke channel directory --platform slack --account <team-id> # channels you can bind
25
- keystroke channel bind \
26
- --agent support \
27
- --platform slack \
28
- --account <team-id> \
29
- --channel <channel-id> \
30
- --mode mention
31
- keystroke channel list --agent support # bindings for an agent
32
- ```
33
-
34
- Listen modes (`--mode`): `mention` (only when @mentioned), `all` (every message), `dm` (direct messages). Update or remove a binding with `keystroke channel update-binding --agent <id> --binding <id> --mode all` / `keystroke channel unbind --agent <id> --binding <id>`.
35
-
36
- `channel bind` also takes an optional `--channel-name <name>` (defaults to the channel id). Every `keystroke channel` subcommand accepts `--project <slug>` to target a non-active project; otherwise they use the active project.
37
-
38
- ## What happens at runtime
39
-
40
- Inbound Slack event → lookup channel binding → `runPrompt` for the bound agent → reply in thread.
41
-
42
- The agent acts **on behalf of the channel**, not the sender: it runs with its own tools, actions, and credentials regardless of who messaged. Only bind agents to channels whose members you trust with everything the agent can do.
43
-
44
- ## Audit channel-driven sessions
45
-
46
- The CLI session source is still named `gateway`:
47
-
48
- ```bash
49
- keystroke agent sessions list <agent-key> --source gateway
50
- keystroke agent sessions get <agent-key> <session-id> --include messages,trace
51
- ```
52
-
53
- ## Troubleshooting
54
-
55
- | Issue | Check |
56
- | ----------- | ------------------------------------------------------------------- |
57
- | Bot silent | `keystroke agent sessions list` for errors; agent on the binding |
58
- | "Choose an agent" prompt | The channel has no agent bound — bind one with `keystroke channel bind` |
59
- | OAuth fails | Slack redirect URLs match your project's web app origin |
60
- | Wrong agent | Re-bind with `keystroke channel bind` (or the web app panel) |
61
-
62
- ## Next references
63
-
64
- - [slack-setup.md](references/slack-setup.md) — connect flow, testing against a deployed project
65
-
66
- Related: [agents](.agents/skills/keystroke-agents/SKILL.md), [apps](.agents/skills/keystroke-apps/SKILL.md).
@@ -1,41 +0,0 @@
1
- # Slack channel setup
2
-
3
- ## Connect Slack
4
-
5
- Connect the Slack app once for the org with `keystroke connect slack` — the Slack app credentials are entered in the web connect flow, not in your project's `.env`. The connected workspace stays connected; adding more agents is just a bind step.
6
-
7
- Slack OAuth and the inbound routes mount automatically on your **deployed** project, so connecting against the cloud target works out of the box — you don't add Slack to `keystroke.config.ts`.
8
-
9
- ## Bind a channel
10
-
11
- ```bash
12
- keystroke channel accounts --platform slack # find the team id
13
- keystroke channel directory --platform slack --account <team-id> # find the channel id
14
- keystroke channel bind --agent support --platform slack \
15
- --account <team-id> --channel <channel-id> --mode mention
16
- ```
17
-
18
- `--mode` is `mention`, `all`, or `dm`. Thread follow-up is on by default; toggle it with `keystroke channel update-binding --agent <id> --binding <id> --threads` / `--no-threads`.
19
-
20
- The web app offers the same flow from each agent's **External Channels** panel.
21
-
22
- ## Testing
23
-
24
- Slack OAuth and the inbound event routes are handled by your **deployed** project — `keystroke dev` (local watch/rebuild) is not in the Slack delivery path. To test Slack end-to-end: `keystroke deploy`, `keystroke connect slack`, `keystroke channel bind …`, then message the bound channel and inspect the session (below).
25
-
26
- > Self-hosting the keystroke platform is a separate concern: that setup seeds Slack app credentials via platform env vars (`SLACK_CLIENT_ID/SECRET/SIGNING_SECRET`) and a public origin (`PUBLIC_PLATFORM_PROXY_URL`). Those are **platform** vars, not part of a scaffolded user project, and `keystroke dev` does not read them.
27
-
28
- ## Audit
29
-
30
- ```bash
31
- keystroke agent sessions list <agent-key> --source gateway
32
- keystroke agent sessions get <agent-key> <session-id> --include messages,trace
33
- ```
34
-
35
- ## Common fixes
36
-
37
- | Issue | Fix |
38
- | ------------- | -------------------------------------------------- |
39
- | 401 on events | Check the signing secret in the Slack connection |
40
- | No reply | Session errors via `keystroke agent sessions list` |
41
- | Wrong agent | Re-bind with `keystroke channel bind` |
@@ -1,93 +0,0 @@
1
- ---
2
- name: keystroke-cli
3
- description: Keystroke CLI — log in, manage projects, deploy your src/, and run/inspect what's deployed (workflows, agents, triggers, apps). Use when running keystroke commands for a project.
4
- metadata:
5
- keystroke-domain: cli
6
- ---
7
-
8
- # CLI
9
-
10
- The CLI is the primary interface for keystroke projects. You build in `src/`, deploy to your project on the platform, then run and inspect what's deployed. The loop is **edit → deploy → run/inspect → repeat**; deploy often.
11
-
12
- ## Log in
13
-
14
- ```bash
15
- keystroke auth login # once; token stored in the OS keychain and reused
16
- keystroke auth login --org <org-slug> # headless org pick
17
- keystroke config org # list org memberships
18
- keystroke config use org <org-slug> # switch active org
19
- ```
20
-
21
- One login covers every command. `auth login` auto-picks your org if you have one and prompts if there are several.
22
-
23
- ## Projects
24
-
25
- A **project** is your deploy target on the platform. `keystroke init` scaffolds the local repo; the platform project is where it runs.
26
-
27
- ```bash
28
- keystroke project list
29
- keystroke project create --name "My app" --description "Optional"
30
- keystroke deploy --project <id> # build + upload src/; see deploy skill for --filter
31
- ```
32
-
33
- `--project` selects the deploy target. It's a global flag that works before or after the subcommand (`keystroke deploy --project <id>`).
34
-
35
- New projects are **inactive** until the first deploy. After a deploy, `keystroke deploy` remembers the project (saved in `~/.keystroke`), so later commands target it without `--project`. To switch which project later commands use:
36
-
37
- ```bash
38
- keystroke config use project <id>
39
- ```
40
-
41
- To target a different project for a single command without changing the default:
42
-
43
- ```bash
44
- keystroke workflow runs list greeting --project <id>
45
- ```
46
-
47
- By default the CLI targets the cloud platform. To run commands against a locally running server (`keystroke start` / `keystroke dev`), use the global `--local` flag for one command, or `keystroke config use local` / `keystroke config use cloud` to switch the default target.
48
-
49
- Full deploy, filtered module redeploy, and WIP ignore: [deploy skill](../keystroke-deploy/SKILL.md).
50
-
51
- ## Pull an existing project
52
-
53
- `keystroke pull` is the inverse of `deploy`: it downloads a project's **active deploy source** into a local directory, installs dependencies, and syncs bundled skills. Use it to start working on a project that was created or deployed elsewhere (e.g. on a fresh machine).
54
-
55
- ```bash
56
- keystroke pull --project <id> # into the current directory
57
- keystroke pull --project <id> --dir ./my-app
58
- keystroke pull --project <id> --force # overwrite an existing local tree
59
- ```
60
-
61
- It targets the active project when `--project` is omitted. A directory that already holds an unrelated project is refused unless you pass `--force`; a directory from a prior pull of the **same** project refreshes in place, and a no-op pull (already on the active artifact) exits without changes.
62
-
63
- ## Run & inspect
64
-
65
- After deploy, runtime commands operate on your project:
66
-
67
- ```bash
68
- keystroke workflow run greeting --input '{"name":"Ada"}'
69
- keystroke workflow runs list greeting
70
- keystroke workflow runs get greeting <run-id> --include steps,trace
71
- keystroke agent prompt hello --message "Hi"
72
- keystroke agent sessions get support <session-id> --include messages,trace
73
- keystroke app list
74
- keystroke trigger list
75
- keystroke trigger list --endpoint stripe # all webhooks on a shared endpoint
76
- keystroke trigger url stripe # shared route URL (or a trigger key)
77
- ```
78
-
79
- Always use the CLI to inspect runs and sessions — do not hand-craft HTTP requests.
80
-
81
- ## Commands at a glance
82
-
83
- | Command | What it does |
84
- | -------------------------------------------------- | -------------------------------------------------------- |
85
- | `auth login` | Authenticate; token reused for all commands |
86
- | `project list`, `project create` | Manage deploy targets in the active org |
87
- | `deploy` | Build `src/` and ship it; sets the active project |
88
- | `pull` | Download a project's active deploy source into a local dir |
89
- | `workflow`, `agent`, `trigger`, `app` | Run and inspect resources on your project |
90
- | `connect <slug>` | Connect an integration (see apps skill) |
91
- | `config use project <id>`, `config show` | Set/inspect the active project |
92
-
93
- Related: [deploy](../keystroke-deploy/SKILL.md), [apps](../keystroke-apps/SKILL.md), [workflows](../keystroke-workflows/SKILL.md), [agents](../keystroke-agents/SKILL.md), [triggers](../keystroke-triggers/SKILL.md).
@@ -1,93 +0,0 @@
1
- ---
2
- name: keystroke-deploy
3
- description: Build and deploy keystroke projects — full deploy, filtered module redeploy, @keystroke ignore for WIP modules. Use when shipping to the platform or keeping draft code out of production.
4
- metadata:
5
- keystroke-domain: deploy
6
- ---
7
-
8
- # Deploy
9
-
10
- Deploy uploads a `dist/` tarball to the keystroke **platform** and promotes a new project-server runtime (blue/green). Use this skill when shipping your project to the platform.
11
-
12
- ## Prerequisites
13
-
14
- ```bash
15
- keystroke auth login
16
- keystroke project list # or: project create --name "My app"
17
- keystroke deploy --project <slug> # first deploy must be full (no --filter)
18
- ```
19
-
20
- `--project` selects the deploy target; as a global flag it works before or after `deploy`. After a successful deploy the project becomes the active target (saved in `~/.keystroke`), so later commands (including subsequent deploys) can omit it.
21
-
22
- Deploy always **builds before upload**. Full deploy wipes `dist/` (`clean: true`), rebuilds all modules, regenerates `route-manifest.json`, then packs and uploads.
23
-
24
- ## Full deploy
25
-
26
- ```bash
27
- keystroke build # optional preview; deploy rebuilds anyway
28
- keystroke deploy --project <slug>
29
- keystroke deploy --project <slug> --dir ./my-app
30
- ```
31
-
32
- After success the project becomes the active target for later commands. Verify with `keystroke workflow run <key> --input '{}'`.
33
-
34
- ## Filtered deploy (one module)
35
-
36
- Redeploy a single agent/workflow/trigger without rebuilding everything. Requires an **active** artifact from a prior full deploy.
37
-
38
- ```bash
39
- keystroke deploy --project <slug> --filter workflows/morning-check
40
- keystroke deploy --project <slug> --filter agents/support --filter workflows/signup-pipeline
41
- ```
42
-
43
- `--filter` matches exact build entry keys (`agents/foo`, `workflows/bar`, `triggers/baz`) — the paths under `src/` without extension. Repeat the flag for multiple modules. No globs.
44
-
45
- **How it works:** isolated rebuild of each matched module → download active prod tarball → overlay rebuilt `.mjs` files → merge `route-manifest.json` by module → upload as a normal full deploy.
46
-
47
- **Carried forward from prod:** `config.mjs`, bundled assets, skills metadata, and all untouched modules. Skill/asset drift is not validated in v1.
48
-
49
- Detail: [filtered-deploy.md](references/filtered-deploy.md).
50
-
51
- ## WIP modules (`@keystroke ignore`)
52
-
53
- Keep draft agents/workflows/triggers in `src/` but out of the runtime:
54
-
55
- ```ts
56
- // @keystroke ignore // skip local build, dev, and deploy
57
- // @keystroke ignore:deploy // local build + dev only; omitted from deploy
58
- ```
59
-
60
- - `ignore` — broken or not-ready; stays out of `dist/` everywhere.
61
- - `ignore:deploy` — runs locally; excluded from deploy only.
62
-
63
- Import guard: a shipped module that **imports** an `@keystroke ignore` file fails the build in **every** phase; importing an `@keystroke ignore:deploy` file builds fine locally and fails only at **deploy** time. Triggers attached to an ignored workflow need the same directive.
64
-
65
- Detail: [wip-ignore.md](references/wip-ignore.md).
66
-
67
- ## Build vs deploy
68
-
69
- | Command | Phase | Output |
70
- | ------------------ | ------- | ------------------------------------------- |
71
- | `keystroke build` | `build` | `dist/` for inspection |
72
- | `keystroke deploy` | `deploy`| `dist/` + upload; honors `ignore:deploy` |
73
-
74
- Deploy always runs a fresh, clean build before upload.
75
-
76
- Detail: [build-and-full-deploy.md](references/build-and-full-deploy.md).
77
-
78
- ## Common mistakes
79
-
80
- - **First deploy with `--filter`** — fails; run full deploy once.
81
- - **Wrong `--dir`** — builds a different tree than you edited.
82
- - **Expecting full refresh with `--filter`** — only matched modules rebuild; rest comes from active prod.
83
- - **Connected apps aren't in `.env`** — deploy never uploads `.env`; connect apps for your project. See [apps skill](../keystroke-apps/SKILL.md).
84
-
85
- ## Audit deployed runtime
86
-
87
- ```bash
88
- keystroke project deployments list --project <slug>
89
- keystroke workflow run morning-check --input '{}'
90
- keystroke trigger list
91
- ```
92
-
93
- Related: [cli skill](../keystroke-cli/SKILL.md), [apps skill](../keystroke-apps/SKILL.md).