@leeguoo/wrangler-accounts 1.6.5 → 1.6.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/.claude-plugin/marketplace.json +2 -2
  2. package/.claude-plugin/plugin.json +1 -1
  3. package/lib/isolation.js +22 -0
  4. package/package.json +1 -1
  5. package/plugins/wrangler-accounts/.claude-plugin/plugin.json +1 -1
package/.claude-plugin/marketplace.json CHANGED
@@ -5,14 +5,14 @@
5
5
  },
6
6
  "metadata": {
7
7
  "description": "Claude Code plugins for practical developer workflows from the wrangler-accounts author.",
8
- "version": "1.6.5"
8
+ "version": "1.6.6"
9
9
  },
10
10
  "plugins": [
11
11
  {
12
12
  "name": "wrangler-accounts",
13
13
  "source": "./plugins/wrangler-accounts",
14
14
  "description": "Cloudflare Wrangler multi-account skill plus a Bash hook that blocks raw wrangler calls when local profiles are configured.",
15
- "version": "1.6.5",
15
+ "version": "1.6.6",
16
16
  "author": {
17
17
  "name": "Lee Guo"
18
18
  },
package/.claude-plugin/plugin.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "wrangler-accounts",
3
3
  "description": "Cloudflare Wrangler multi-account helper with a bundled skill and Bash guard hook for Claude Code.",
4
- "version": "1.6.5",
4
+ "version": "1.6.6",
5
5
  "author": {
6
6
  "name": "Lee Guo"
7
7
  },
package/lib/isolation.js CHANGED
@@ -103,6 +103,28 @@ function buildIsolatedEnv({
103
103
  cloudflaredPath = null,
104
104
  }) {
105
105
  const env = { ...baseEnv };
106
+
107
+ // CRITICAL: the isolated child must be the SOLE authority on which
108
+ // Cloudflare identity it talks to — the resolved profile, nothing else.
109
+ // Any Cloudflare credential inherited from the parent shell
110
+ // (`CLOUDFLARE_ACCOUNT_ID`, `CLOUDFLARE_API_TOKEN`, `CLOUDFLARE_API_KEY`,
111
+ // `CLOUDFLARE_EMAIL`) is ambient state that does NOT belong to this
112
+ // profile and must be cleared before we layer the profile's own values
113
+ // back on below. Otherwise an exported `CLOUDFLARE_ACCOUNT_ID` (a very
114
+ // common wrangler setup, and the exact "workaround" users reach for)
115
+ // silently overrides the profile's account: wrangler keeps using the
116
+ // profile's OAuth/token credential but routes account-scoped operations
117
+ // (KV `--namespace-id`, R2, D1, ...) to the LEAKED account. The damage is
118
+ // invisible for symmetric read/write pairs — `kv key put` and a follow-up
119
+ // `kv key get` both hit the same wrong account, so the CLI reports success
120
+ // and reads the value back — while the value never lands in the account
121
+ // the user's Worker is actually bound to. Strip them here so the only
122
+ // identity in play is the one we set from the resolved profile.
123
+ delete env.CLOUDFLARE_ACCOUNT_ID;
124
+ delete env.CLOUDFLARE_API_TOKEN;
125
+ delete env.CLOUDFLARE_API_KEY;
126
+ delete env.CLOUDFLARE_EMAIL;
127
+
106
128
  env.HOME = shadow;
107
129
  env.WRANGLER_PROFILE = profile;
108
130
  env.WRANGLER_ACCOUNT = profile;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@leeguoo/wrangler-accounts",
3
- "version": "1.6.5",
3
+ "version": "1.6.6",
4
4
  "description": "Cloudflare Wrangler multi-account manager — save, switch, and run wrangler against multiple Cloudflare Workers accounts with AWS-style --profile and per-invocation shadow HOME isolation.",
5
5
  "license": "MIT",
6
6
  "bin": {
package/plugins/wrangler-accounts/.claude-plugin/plugin.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "wrangler-accounts",
3
3
  "description": "Cloudflare Wrangler multi-account helper with a bundled skill and Bash guard hook for Claude Code.",
4
- "version": "1.6.5",
4
+ "version": "1.6.6",
5
5
  "author": {
6
6
  "name": "Lee Guo"
7
7
  },