@keystrokehq/cli 0.1.38 → 0.1.39
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +63 -74
- package/dist/index.mjs.map +1 -1
- package/dist/skills-bundle/_AGENTS.mcp.md +5 -2
- package/dist/skills-bundle/_AGENTS.md +17 -11
- package/package.json +3 -3
|
@@ -38,7 +38,7 @@ Agents are useful when a task needs judgment, language understanding, tool use,
|
|
|
38
38
|
| -------------------- | --------------------------------------------------- |
|
|
39
39
|
| **Instructions** | `systemPrompt` tells the model how to behave |
|
|
40
40
|
| **Models** | `model` uses `vendor/model-id`, with optional `thinkingLevel` |
|
|
41
|
-
| **File system** |
|
|
41
|
+
| **File system** | Isolated workspace per session — `/workspace/agent` persists across sessions (skills, files); `/workspace/session` is per-session scratch. Built-in file system and bash (code execution) tools |
|
|
42
42
|
| **Web search** | Built-in `web_search` and `web_fetch` tools when a web provider is configured |
|
|
43
43
|
| **Tools** | Attach custom tools, MCP tools, subagents, and workflows as tools |
|
|
44
44
|
| **Skills and files** | Attach skills from `src/skills/` and context files from `src/files/` |
|
|
@@ -66,6 +66,7 @@ Workflows also render as an interactive **canvas** in the platform. Keep durable
|
|
|
66
66
|
- **Research real APIs before mirroring them** — building actions for custom integrations is very common; web search and fetch the actual reference & explore relevant docs, don't guess endpoints or payload shapes.
|
|
67
67
|
- **Run before you claim you are finished** — deploy with `deploy_project`, run it in the cloud via `exec_command`, and read the real output before activating live triggers or claiming you are finished. Chat with agents and run workflows to confirm they behave correctly.
|
|
68
68
|
- **Cover obvious edge cases** and write simple tests as needed (null field, empty array, a step that throws).
|
|
69
|
+
- **Verify integration prerequisites** — before composing a catalog action into a workflow, run it once with `keystroke app execute` (via `exec_command`) to confirm the IDs and fields exist in the connected account.
|
|
69
70
|
- **Connected apps aren't in `.env`** — deploy never uploads `.env`; use the `connect_app` tool to get a link for the user to connect integrations in the web app (a browser cannot open in this workspace).
|
|
70
71
|
- **Filtered deploys** — determine if you should do a full vs filtered deploy, or use WIP ignore directives (`search_docs "filtered deploy"`).
|
|
71
72
|
- **Dependencies** — use the project's existing package manager (`package.json` `packageManager` field or lockfile); default to npm only on a freshly created project with no lockfile.
|
|
@@ -107,11 +108,13 @@ keystroke app search <query> # find an app and its slug i
|
|
|
107
108
|
keystroke app actions <app> --search <q> # actions an app exposes
|
|
108
109
|
keystroke app action <app> <tool> # schema + how to run/import one action
|
|
109
110
|
keystroke app execute <app> <tool> --input '{...}' # run a connected catalog action (no server)
|
|
110
|
-
keystroke credentials list #
|
|
111
|
+
keystroke credentials list # what's already connected — check before asking the user to connect
|
|
111
112
|
```
|
|
112
113
|
|
|
113
114
|
To connect an app's credentials, use the `connect_app` tool to get a link for the user — a browser cannot open in this workspace, so do not use `keystroke connect`. See `search_docs "use credentials"` for binding credentials to workflow steps and agent tools.
|
|
114
115
|
|
|
116
|
+
Credentials are for secrets. Non-secret config — spreadsheet IDs, channel names, base URLs — belongs in code as a literal constant or a workflow input. There is no platform variable store and deploy never uploads `.env`.
|
|
117
|
+
|
|
115
118
|
If an integration or a required action isn't supported, it is *extremely* easy to build a custom one — connections to any HTTP API or MCP server, including internal or private ones. `search_docs "custom integration"`.
|
|
116
119
|
|
|
117
120
|
## Docs
|
|
@@ -53,11 +53,12 @@ Each primitive imports from `@keystrokehq/keystroke/<piece>` (`/agent`, `/action
|
|
|
53
53
|
Keystroke is deploy-first: build, ship, then run and inspect what's live. Deploy often.
|
|
54
54
|
|
|
55
55
|
1. **Auth once** — `keystroke auth login` (token is stored and reused).
|
|
56
|
-
2. **
|
|
57
|
-
3. **
|
|
58
|
-
4. **
|
|
59
|
-
5. **
|
|
60
|
-
6.
|
|
56
|
+
2. **Verify prerequisites** — `keystroke app execute <app> <tool> --input '{...}'` runs any connected catalog action against the cloud with no deploy and no server. Before wiring an integration into a workflow, execute it once for real: confirm the IDs, custom fields, and labels you're about to hard-code actually exist in the *connected* account. Schema inspection and hand-rolled dry-run flags prove nothing about the mutating path.
|
|
57
|
+
3. **Edit** primitives under `src/`. Unit-test workflow logic in-process with `executeWorkflow` (`/learn/workflows/test-workflows`) — that's the fast loop; deploying is the shipping checkpoint.
|
|
58
|
+
4. **Deploy** — `keystroke deploy` (full) or `keystroke deploy --filter agents/support` (one module).
|
|
59
|
+
5. **Run** — `keystroke workflow run <slug> --input '{...}'` / `keystroke agent prompt <slug> --message "..."`.
|
|
60
|
+
6. **Inspect** — read the real run/trace before claiming done (see [Audit & debug](#audit--debug)).
|
|
61
|
+
7. Repeat.
|
|
61
62
|
|
|
62
63
|
```bash
|
|
63
64
|
keystroke auth status # current user + org
|
|
@@ -99,7 +100,7 @@ export default defineAgent({
|
|
|
99
100
|
|
|
100
101
|
- **Model** — exact catalog id in `vendor/model-id` format from https://keystroke.ai/models.md. Do **not** kebab-case the version (`anthropic/claude-sonnet-4.6` is valid; `...-4-6` fails at deploy).
|
|
101
102
|
- **Tools** — attach actions, subagents, workflows, and MCP tools directly in `tools: [...]`. Do **not** hand-roll a `defineTool` + `executeWorkflow()` wrapper. A subagent's tool name is its `slug` and takes a `message`.
|
|
102
|
-
- **Built in**: isolated
|
|
103
|
+
- **Built in**: isolated workspace with file + `bash` tools — `/workspace/agent` persists across sessions (skills, `src/files/`, anything worth keeping); `/workspace/session` is per-session scratch. Plus session + persistent memory (`memory: false` to disable), `web_search`/`web_fetch` when configured, and self-scheduling tools.
|
|
103
104
|
- **Credentials** are declared on actions, not agents — the agent gets them by calling those actions as tools.
|
|
104
105
|
- **Sandbox** — default in-process bash covers most needs. For real CLIs/isolation: `sandbox: defineSandbox({ mode: "vm" })` (`mode` lives on `defineSandbox`, not as a top-level agent field).
|
|
105
106
|
|
|
@@ -195,12 +196,14 @@ export default defineWebhookSource({
|
|
|
195
196
|
|
|
196
197
|
| Source | Use when |
|
|
197
198
|
| --- | --- |
|
|
198
|
-
| **Schedule** (`defineCronSource`) |
|
|
199
|
+
| **Schedule** (`defineCronSource`) | The workflow should run **every** tick, unconditionally — no filters exist on cron (UTC in prod). Passes `{}`; workflow `input` must accept an empty object. |
|
|
199
200
|
| **Webhook** (`defineWebhookSource`) | Another system pushes events. Best option when available. |
|
|
200
|
-
| **Poll** (`definePollSource`) |
|
|
201
|
+
| **Poll** (`definePollSource`) | Check an external system each tick and fire the workflow **only when the result passes `.filter(...)`**. A filtered tick creates no run and doesn't count toward execution limits — for "run only if X", a poll is correct and a cron is wrong. |
|
|
201
202
|
|
|
202
203
|
Filters live on the source; `transform` lives on the workflow attachment. Agents use `.attach({ agent, prompt })` (not `transform`). Attachment id: `{sourceSlug}:{targetSlug}`.
|
|
203
204
|
|
|
205
|
+
**Deploy timing** — webhooks are passive and safe to deploy any time. A poll fires immediately on deploy; a cron waits for its next scheduled slot, then runs unattended. Until the workflow is verified, pause with `keystroke trigger attachment disable` — the disabled state survives redeploys.
|
|
206
|
+
|
|
204
207
|
## Integrations & credentials
|
|
205
208
|
|
|
206
209
|
Keystroke has 1,000+ built-in integrations, and it's easy to build a custom one for any HTTP API or MCP server (including private/internal).
|
|
@@ -215,12 +218,14 @@ keystroke app search <query> # find an app + slug in the full cat
|
|
|
215
218
|
keystroke app actions <app> --search <q> # actions an app exposes
|
|
216
219
|
keystroke app action <app> <tool> # schema + how to run/import one action
|
|
217
220
|
keystroke app execute <app> <tool> --input '{...}' # run a connected catalog action (no server)
|
|
221
|
+
keystroke credentials list # what's already connected — check before asking the user to connect
|
|
218
222
|
keystroke connect <slug> # connect an app credential (opens web OAuth/api key flow for the user)
|
|
219
|
-
keystroke credentials list # stored credential instances
|
|
220
223
|
keystroke credentials set <key> --set apiKey=@env:MY_KEY # static API key
|
|
221
224
|
```
|
|
222
225
|
|
|
223
|
-
`keystroke
|
|
226
|
+
Check `keystroke credentials list` before telling the user to connect anything — the credential often already exists (each row shows the app and scope; `app action` output does *not* show connection status, so the list is the only reliable check).
|
|
227
|
+
|
|
228
|
+
Credentials are for secrets. Non-secret config — spreadsheet IDs, channel names, base URLs — belongs in code as a literal constant or a workflow input. There is no platform variable store and `keystroke deploy` **never uploads `.env`**, so a constant in source is the correct home, not a workaround. Missing a built-in integration? Use `defineCredential` + an action, `defineApp`, or `defineMcp`. See `/learn/credentials/custom-integrations`.
|
|
224
229
|
|
|
225
230
|
## Skills & files
|
|
226
231
|
|
|
@@ -261,8 +266,9 @@ Invoke/inspect commands print JSON to stdout (exit 0 on success, 1 on failure)
|
|
|
261
266
|
- [ ] Deployed the change and read the real run output/trace — not just "it should work".
|
|
262
267
|
- [ ] Prompted agents / ran workflows with realistic input and verified behavior.
|
|
263
268
|
- [ ] Researched real APIs before mirroring them in custom integration actions — no guessed endpoints or payloads.
|
|
269
|
+
- [ ] Executed each mutating integration action once via `keystroke app execute` before composing it — a passing dry-run flag doesn't count.
|
|
264
270
|
- [ ] Covered obvious edge cases (null field, empty array, a step that throws) with a simple test where warranted.
|
|
265
|
-
- [ ]
|
|
271
|
+
- [ ] Checked `keystroke credentials list` before connecting; connected any new apps with `keystroke connect` (not `.env`).
|
|
266
272
|
- [ ] Tested manually before deploying attached cron/polling triggers, or used `trigger attachment disable` to pause until ready.
|
|
267
273
|
|
|
268
274
|
## Common gotchas
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@keystrokehq/cli",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.39",
|
|
4
4
|
"repository": {
|
|
5
5
|
"type": "git",
|
|
6
6
|
"url": "git+https://github.com/keystrokehq/keystroke.git",
|
|
@@ -40,10 +40,10 @@
|
|
|
40
40
|
"tsdown": "^0.22.0",
|
|
41
41
|
"tsx": "^4.22.3",
|
|
42
42
|
"vitest": "^4.1.7",
|
|
43
|
-
"@keystrokehq/oxlint-config": "0.0.4",
|
|
44
43
|
"@keystrokehq/tsconfig": "0.0.3",
|
|
45
44
|
"@keystrokehq/tsdown-config": "0.0.5",
|
|
46
|
-
"@keystrokehq/vitest-config": "0.0.7"
|
|
45
|
+
"@keystrokehq/vitest-config": "0.0.7",
|
|
46
|
+
"@keystrokehq/oxlint-config": "0.0.4"
|
|
47
47
|
},
|
|
48
48
|
"scripts": {
|
|
49
49
|
"build": "tsx scripts/generate-catalog-versions.ts && tsdown && node scripts/copy-templates.mjs && node scripts/copy-skills-bundle.mjs",
|