@matthesketh/fleet 1.8.0 → 1.11.0

package/dist/tui/views/Dashboard.js

@@ -5,16 +5,20 @@ import Spinner from 'ink-spinner';
 import { useRegisterHandler } from '@matthesketh/ink-input-dispatcher';
 import { ScrollableList } from '@matthesketh/ink-scrollable-list';
 import { useAvailableHeight } from '@matthesketh/ink-viewport';
-import { useAppState, useAppDispatch, useRedact } from '../state.js';
+import { useAppState, useAppDispatch, redactName } from '../state.js';
 import { useFleetData } from '../hooks/use-fleet-data.js';
 import { colors } from '../theme.js';
 export function Dashboard() {
     const state = useAppState();
     const dispatch = useAppDispatch();
     const { status, loading, error } = useFleetData();
-    const redact = useRedact();
     const availableHeight = useAvailableHeight();
-    const items = useMemo(() => status?.apps.map(app => ({ ...app, name: app.name })) ?? [], [status]);
+    const items = useMemo(() => (status?.apps ?? []).map(app => ({
+        ...app,
+        // bake the redacted label onto the item: ScrollableList memoises rows by
+        // item identity, so a redaction toggle must yield fresh item objects.
+        displayLabel: state.redacted ? redactName(app.name) : app.name,
+    })), [status, state.redacted]);
     const handler = (input, key) => {
         if (items.length === 0)
             return false;
@@ -46,9 +50,8 @@ export function Dashboard() {
     if (!status)
         return _jsx(Text, { color: colors.muted, children: "No data" });
     const listHeight = Math.max(5, availableHeight - 4);
-    return (_jsxs(Box, { flexDirection: "column", padding: 1, children: [_jsxs(Box, { marginBottom: 1, gap: 2, children: [_jsxs(Text, { bold: true, children: [status.totalApps, " apps"] }), _jsxs(Text, { color: colors.success, children: [status.healthy, " healthy"] }), status.unhealthy > 0 && (_jsxs(Text, { color: colors.error, children: [status.unhealthy, " unhealthy"] })), loading && _jsx(Text, { color: colors.muted, children: _jsx(Spinner, { type: "dots" }) })] }), _jsx(Box, { marginBottom: 1, children: _jsxs(Text, { bold: true, children: ['APP'.padEnd(24), 'SYSTEMD'.padEnd(14), 'CONTAINERS'.padEnd(14), 'HEALTH'.padEnd(12)] }) }), _jsx(ScrollableList, { items: items, selectedIndex: Math.min(state.dashboardIndex, items.length - 1), maxVisible: listHeight, renderItem: (item, selected) => {
-                    const app = status.apps.find(a => a.name === item.name);
-                    const displayName = redact(app.name);
-                    return (_jsxs(Box, { children: [_jsx(Text, { bold: true, color: selected ? colors.primary : colors.muted, children: selected ? '> ' : '  ' }), _jsx(Box, { width: 24, children: _jsx(Text, { bold: selected, color: selected ? colors.primary : colors.text, children: displayName.length > 22 ? displayName.slice(0, 19) + '...' : displayName }) }), _jsx(Box, { width: 14, children: _jsx(Text, { children: app.systemd.slice(0, 12) }) }), _jsx(Box, { width: 14, children: _jsx(Text, { children: app.containers }) }), _jsx(Box, { width: 12, children: _jsx(Text, { children: app.health.slice(0, 10) }) })] }));
+    return (_jsxs(Box, { flexDirection: "column", padding: 1, children: [_jsxs(Box, { marginBottom: 1, gap: 2, children: [_jsxs(Text, { bold: true, children: [status.totalApps, " apps"] }), _jsxs(Text, { color: colors.success, children: [status.healthy, " healthy"] }), status.unhealthy > 0 && (_jsxs(Text, { color: colors.error, children: [status.unhealthy, " unhealthy"] }))] }), _jsx(Box, { marginBottom: 1, children: _jsxs(Text, { bold: true, children: ['APP'.padEnd(24), 'SYSTEMD'.padEnd(14), 'CONTAINERS'.padEnd(14), 'HEALTH'.padEnd(12)] }) }), _jsx(ScrollableList, { items: items, selectedIndex: Math.min(state.dashboardIndex, items.length - 1), maxVisible: listHeight, renderItem: (item, selected) => {
+                    const label = item.displayLabel;
+                    return (_jsxs(Box, { children: [_jsx(Text, { bold: true, color: selected ? colors.primary : colors.muted, children: selected ? '> ' : '  ' }), _jsx(Box, { width: 24, children: _jsx(Text, { bold: selected, color: selected ? colors.primary : colors.text, children: label.length > 22 ? label.slice(0, 19) + '...' : label }) }), _jsx(Box, { width: 14, children: _jsx(Text, { children: item.systemd.slice(0, 12) }) }), _jsx(Box, { width: 14, children: _jsx(Text, { children: item.containers }) }), _jsx(Box, { width: 12, children: _jsx(Text, { children: item.health.slice(0, 10) }) })] }));
                 } })] }));
 }

package/dist/tui/views/HealthView.js

@@ -7,19 +7,28 @@ import { ScrollableList } from '@matthesketh/ink-scrollable-list';
 import { useAvailableHeight } from '@matthesketh/ink-viewport';
 import { useHealth } from '../hooks/use-health.js';
 import { StatusBadge } from '../components/StatusBadge.js';
-import { useAppState, useAppDispatch, useRedact } from '../state.js';
+import { useAppState, useAppDispatch, redactName } from '../state.js';
 import { colors } from '../theme.js';
 export function HealthView() {
     const state = useAppState();
     const dispatch = useAppDispatch();
     const { results, loading, error } = useHealth();
-    const redact = useRedact();
+    // only show spinner during the very first load. background polls (every
+    // 15s) flip `loading` true/false too, but the data is already on screen —
+    // ticking a spinner there causes the whole table to redraw at frame rate.
+    const initialLoad = loading && results.length === 0;
     const availableHeight = useAvailableHeight();
     const counts = useMemo(() => ({
         healthy: results.filter(r => r.overall === 'healthy').length,
         degraded: results.filter(r => r.overall === 'degraded').length,
         down: results.filter(r => r.overall === 'down').length,
     }), [results]);
+    const items = useMemo(() => results.map(r => ({
+        ...r,
+        // same reasoning as the dashboard view — ScrollableList memoises rows by
+        // item identity, so the redacted label must live on the item itself.
+        displayApp: state.redacted ? redactName(r.app) : r.app,
+    })), [results, state.redacted]);
     const handler = (input, key) => {
         if (results.length === 0)
             return false;
@@ -34,14 +43,14 @@ export function HealthView() {
         return false;
     };
     useRegisterHandler(handler);
-    if (loading && results.length === 0) {
+    if (initialLoad) {
         return (_jsx(Box, { padding: 1, children: _jsxs(Text, { children: [_jsx(Spinner, { type: "dots" }), " Running health checks..."] }) }));
     }
     if (error && results.length === 0) {
         return (_jsx(Box, { padding: 1, children: _jsxs(Text, { color: colors.error, children: ["Error: ", error] }) }));
     }
     const listHeight = Math.max(5, availableHeight - 4);
-    return (_jsxs(Box, { flexDirection: "column", padding: 1, children: [_jsxs(Box, { marginBottom: 1, gap: 2, children: [_jsx(Text, { bold: true, children: "Health Monitor" }), _jsxs(Text, { color: colors.success, children: [counts.healthy, " healthy"] }), counts.degraded > 0 && _jsxs(Text, { color: colors.warning, children: [counts.degraded, " degraded"] }), counts.down > 0 && _jsxs(Text, { color: colors.error, children: [counts.down, " down"] }), loading && _jsx(Text, { color: colors.muted, children: _jsx(Spinner, { type: "dots" }) })] }), _jsxs(Text, { bold: true, children: ['  APP'.padEnd(26), 'SYSTEMD'.padEnd(12), 'CONTAINERS'.padEnd(20), 'HTTP'.padEnd(10), "OVERALL"] }), _jsx(ScrollableList, { items: results, selectedIndex: Math.min(state.healthIndex, results.length - 1), maxVisible: listHeight, renderItem: (result, selected) => {
+    return (_jsxs(Box, { flexDirection: "column", padding: 1, children: [_jsxs(Box, { marginBottom: 1, gap: 2, children: [_jsx(Text, { bold: true, children: "Health Monitor" }), _jsxs(Text, { color: colors.success, children: [counts.healthy, " healthy"] }), counts.degraded > 0 && _jsxs(Text, { color: colors.warning, children: [counts.degraded, " degraded"] }), counts.down > 0 && _jsxs(Text, { color: colors.error, children: [counts.down, " down"] })] }), _jsxs(Text, { bold: true, children: ['  APP'.padEnd(26), 'SYSTEMD'.padEnd(12), 'CONTAINERS'.padEnd(20), 'HTTP'.padEnd(10), "OVERALL"] }), _jsx(ScrollableList, { items: items, selectedIndex: Math.min(state.healthIndex, items.length - 1), maxVisible: listHeight, renderItem: (result, selected) => {
                     const runningCount = result.containers.filter(c => c.running).length;
                     const containerStr = `${runningCount}/${result.containers.length}`;
                     // 404 → "no /health" (app never implemented one — distinct from a real failure).
@@ -53,6 +62,6 @@ export function HealthView() {
                                 ? 'no /health'
                                 : `${result.http.status ?? 'err'}`
                         : 'n/a';
-                    return (_jsxs(Box, { children: [_jsx(Text, { bold: true, color: selected ? colors.primary : colors.muted, children: selected ? '> ' : '  ' }), _jsx(Text, { children: redact(result.app).padEnd(24) }), _jsx(Box, { width: 12, children: _jsx(StatusBadge, { value: result.systemd.state, type: "systemd" }) }), _jsx(Text, { children: containerStr.padEnd(20) }), _jsx(Box, { width: 10, children: _jsx(Text, { color: result.http?.ok ? colors.success : result.http ? colors.error : colors.muted, children: httpStr }) }), _jsx(StatusBadge, { value: result.overall, type: "health" })] }));
+                    return (_jsxs(Box, { children: [_jsx(Text, { bold: true, color: selected ? colors.primary : colors.muted, children: selected ? '> ' : '  ' }), _jsx(Text, { children: result.displayApp.padEnd(24) }), _jsx(Box, { width: 12, children: _jsx(StatusBadge, { value: result.systemd.state, type: "systemd" }) }), _jsx(Text, { children: containerStr.padEnd(20) }), _jsx(Box, { width: 10, children: _jsx(Text, { color: result.http?.ok ? colors.success : result.http ? colors.error : colors.muted, children: httpStr }) }), _jsx(StatusBadge, { value: result.overall, type: "health" })] }));
                 } })] }));
 }

package/dist/tui/views/SecretEdit.js

@@ -5,7 +5,6 @@ import TextInput from 'ink-text-input';
 import { useRegisterHandler } from '@matthesketh/ink-input-dispatcher';
 import { useAppState, useAppDispatch } from '../state.js';
 import { useSecrets } from '../hooks/use-secrets.js';
-import { getSecret as getCoreSecret } from '../../core/secrets-ops.js';
 import { colors } from '../theme.js';
 export function SecretEdit() {
     const { selectedApp, selectedSecret } = useAppState();
@@ -23,22 +22,20 @@ export function SecretEdit() {
                 clearTimeout(timerRef.current);
         };
     }, []);
-    useEffect(() => {
-        if (!isNew && selectedApp && selectedSecret) {
-            try {
-                const existing = getCoreSecret(selectedApp, selectedSecret);
-                if (existing)
-                    setValue(existing);
-            }
-            catch {
-                // ignore
-            }
-        }
-    }, [isNew, selectedApp, selectedSecret]);
-    const save = () => {
+    // SECURITY: existing secret values are NEVER preloaded into editor state.
+    // The TextInput's `mask="*"` only changes the rendered glyph — the
+    // underlying React state would still hold plaintext, exposing it to
+    // DevTools dumps, error boundary captures, and process memory dumps.
+    // Editing requires re-typing the value, matching the CLI posture in
+    // `src/commands/secrets.ts` which rejects argv values for the same reason.
+    const save = async () => {
         if (!selectedApp || !keyName)
             return;
-        const result = secrets.saveSecret(selectedApp, keyName, value);
+        const result = await secrets.saveSecret(selectedApp, keyName, value);
+        // Clear the local plaintext from React state immediately, regardless of
+        // success/failure. The state holds plaintext only for the duration of
+        // the save call.
+        setValue('');
         if (result.ok) {
             setStatus('Saved and re-sealed');
             timerRef.current = setTimeout(() => {
@@ -60,5 +57,7 @@ export function SecretEdit() {
     return (_jsxs(Box, { flexDirection: "column", padding: 1, children: [_jsxs(Text, { bold: true, color: colors.primary, children: [isNew ? 'Add Secret' : 'Edit Secret', " - ", selectedApp] }), _jsxs(Box, { marginTop: 1, flexDirection: "column", gap: 1, children: [_jsxs(Box, { children: [_jsx(Text, { color: colors.muted, children: "Key:   " }), isNew && phase === 'key' ? (_jsx(TextInput, { value: keyName, onChange: setKeyName, onSubmit: () => {
                                     if (keyName)
                                         setPhase('value');
-                                } })) : (_jsx(Text, { bold: true, children: keyName }))] }), _jsxs(Box, { children: [_jsx(Text, { color: colors.muted, children: "Value: " }), phase === 'value' ? (_jsx(TextInput, { value: value, onChange: setValue, onSubmit: save, mask: "*" })) : (_jsx(Text, { color: colors.muted, children: "(press Enter on key first)" }))] })] }), status && (_jsx(Box, { marginTop: 1, children: _jsx(Text, { color: status.startsWith('Error') ? colors.error : colors.success, children: status }) })), _jsx(Box, { marginTop: 1, children: _jsx(Text, { color: colors.muted, children: "Enter to save | Esc to cancel" }) })] }));
+                                } })) : (_jsx(Text, { bold: true, children: keyName }))] }), _jsxs(Box, { children: [_jsx(Text, { color: colors.muted, children: "Value: " }), phase === 'value' ? (_jsx(TextInput, { value: value, onChange: setValue, onSubmit: save, mask: "*" })) : (_jsx(Text, { color: colors.muted, children: "(press Enter on key first)" }))] })] }), status && (_jsx(Box, { marginTop: 1, children: _jsx(Text, { color: status.startsWith('Error') ? colors.error : colors.success, children: status }) })), _jsx(Box, { marginTop: 1, children: _jsx(Text, { color: colors.muted, children: isNew
+                        ? 'Adding new secret. Type the key name, then the value.'
+                        : `Editing ${keyName} - paste new value to replace. (Current value not displayed.)` }) }), _jsx(Box, { marginTop: 1, children: _jsx(Text, { color: colors.muted, children: "Enter to save | Esc to cancel" }) })] }));
 }

package/dist/tui/views/SecretEdit.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/tui/views/SecretEdit.test.js

@@ -0,0 +1,82 @@
+import { jsx as _jsx } from "react/jsx-runtime";
+import { render } from 'ink-testing-library';
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { InputDispatcher } from '@matthesketh/ink-input-dispatcher';
+import { AppStateContext, AppDispatchContext, initialState } from '../state.js';
+import { SecretEdit } from './SecretEdit.js';
+// Mock useSecrets so the component doesn't try to touch the real vault.
+vi.mock('../hooks/use-secrets.js', () => ({
+    useSecrets: () => ({
+        initialized: true,
+        sealed: false,
+        apps: [],
+        secrets: [],
+        revealedValues: {},
+        loading: false,
+        error: null,
+        refresh: () => { },
+        loadAppSecrets: () => { },
+        saveSecret: () => ({ ok: true }),
+        deleteSecret: () => ({ ok: true }),
+        revealSecret: () => { },
+        hideSecret: () => { },
+        unseal: () => ({ ok: true }),
+        seal: () => ({ ok: true }),
+        importEnv: () => ({ ok: true }),
+    }),
+}));
+function renderWithState(state) {
+    const dispatch = () => { };
+    return render(_jsx(AppStateContext.Provider, { value: state, children: _jsx(AppDispatchContext.Provider, { value: dispatch, children: _jsx(InputDispatcher, { globalHandler: () => false, children: _jsx(SecretEdit, {}) }) }) }));
+}
+describe('SecretEdit (security policy: never preload secret values)', () => {
+    beforeEach(() => {
+        vi.clearAllMocks();
+    });
+    it('Edit case: shows the existing key but the value field starts empty', () => {
+        // Policy: editing an existing secret means re-typing the value.
+        // The TUI must NOT decrypt the existing value into React state because
+        // mask="*" only affects rendering, not the underlying string.
+        const state = {
+            ...initialState,
+            selectedApp: 'my-app',
+            selectedSecret: 'API_KEY',
+        };
+        const { lastFrame } = renderWithState(state);
+        const frame = lastFrame();
+        expect(frame).toContain('Edit Secret');
+        expect(frame).toContain('API_KEY');
+        // Helper text must announce the policy.
+        expect(frame).toContain('Current value not displayed');
+        // Even though TextInput is rendered for the value, no plaintext or
+        // mask glyphs should appear for the value (it is empty).
+        // The "Value:" label is present, and any content after it on that
+        // line must not contain '*' characters from a preloaded masked value.
+        const valueLine = frame.split('\n').find(l => l.includes('Value:'));
+        expect(valueLine).not.toMatch(/\*/);
+    });
+    it('New case: prompts for key first and shows the new-secret helper text', () => {
+        const state = {
+            ...initialState,
+            selectedApp: 'my-app',
+            selectedSecret: null,
+        };
+        const { lastFrame } = renderWithState(state);
+        const frame = lastFrame();
+        expect(frame).toContain('Add Secret');
+        expect(frame).toContain('Adding new secret');
+        // Until the user enters a key, the value field shows the placeholder
+        // and is NOT yet active.
+        expect(frame).toContain('press Enter on key first');
+    });
+    it('does not import getSecret (no preload code path remains)', async () => {
+        // Static guard: the SecretEdit module must not import getCoreSecret
+        // from secrets-ops. If a future change re-introduces the preload,
+        // this test fails.
+        const fs = await import('node:fs');
+        const url = await import('node:url');
+        const source = fs.readFileSync(url.fileURLToPath(new URL('./SecretEdit.tsx', import.meta.url)), 'utf8');
+        expect(source).not.toMatch(/getSecret as getCoreSecret/);
+        expect(source).not.toMatch(/from '\.\.\/\.\.\/core\/secrets-ops/);
+    });
+});

package/dist/tui/views/SecretsView.js

@@ -1,10 +1,10 @@
 import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
-import { useEffect, useCallback } from 'react';
+import { useEffect, useCallback, useMemo } from 'react';
 import { Box, Text } from 'ink';
 import { useRegisterHandler } from '@matthesketh/ink-input-dispatcher';
 import { ScrollableList } from '@matthesketh/ink-scrollable-list';
 import { useAvailableHeight } from '@matthesketh/ink-viewport';
-import { useAppState, useAppDispatch, useRedact } from '../state.js';
+import { useAppState, useAppDispatch, useRedact, redactName } from '../state.js';
 import { useSecrets } from '../hooks/use-secrets.js';
 import { colors } from '../theme.js';
 export function SecretsView() {
@@ -14,6 +14,12 @@ export function SecretsView() {
     const secrets = useSecrets();
     const availableHeight = useAvailableHeight();
     const { secretsSubView: subView, secretsIndex: selectedIndex, selectedApp } = state;
+    const appItems = useMemo(() => secrets.apps.map(a => ({
+        ...a,
+        // same reasoning as the dashboard view — ScrollableList memoises rows by
+        // item identity, so the redacted label must live on the item itself.
+        displayApp: state.redacted ? redactName(a.app) : a.app,
+    })), [secrets.apps, state.redacted]);
     const refresh = secrets.refresh;
     useEffect(() => {
         refresh();
@@ -47,11 +53,14 @@ export function SecretsView() {
                 return true;
             }
             if (input === 'l') {
-                const result = secrets.seal();
-                if (!result.ok) {
-                    dispatch({ type: 'SET_ERROR', error: result.error ?? 'Seal failed' });
-                }
-                secrets.refresh();
+                // Seal acquires a manifest lock and may take a moment; fire-and-forget
+                // from the input handler, dispatch errors / refresh on completion.
+                secrets.seal().then(result => {
+                    if (!result.ok) {
+                        dispatch({ type: 'SET_ERROR', error: result.error ?? 'Seal failed' });
+                    }
+                    secrets.refresh();
+                });
                 return true;
             }
         }
@@ -89,14 +98,15 @@ export function SecretsView() {
                         label: `Delete secret "${secretKey}"?`,
                         description: `This will remove ${secretKey} from ${redact(appName)}'s vault.`,
                         onConfirm: () => {
-                            const result = secrets.deleteSecret(appName, secretKey);
-                            if (result.ok) {
-                                secrets.loadAppSecrets(appName);
-                                secrets.refresh();
-                            }
-                            else {
-                                dispatch({ type: 'SET_ERROR', error: result.error ?? 'Delete failed' });
-                            }
+                            secrets.deleteSecret(appName, secretKey).then(result => {
+                                if (result.ok) {
+                                    secrets.loadAppSecrets(appName);
+                                    secrets.refresh();
+                                }
+                                else {
+                                    dispatch({ type: 'SET_ERROR', error: result.error ?? 'Delete failed' });
+                                }
+                            });
                         },
                     },
                 });
@@ -117,7 +127,7 @@ export function SecretsView() {
     }, [subView, selectedIndex, selectedApp, secrets, dispatch, redact]);
     useRegisterHandler(handler);
     const listHeight = Math.max(5, availableHeight - 5);
-    return (_jsxs(Box, { flexDirection: "column", padding: 1, children: [_jsxs(Box, { marginBottom: 1, paddingX: 1, gap: 2, children: [_jsx(Text, { bold: true, children: "Vault:" }), !secrets.initialized ? (_jsx(Text, { color: colors.error, children: "Not initialized" })) : secrets.sealed ? (_jsx(Text, { color: colors.warning, bold: true, children: "SEALED" })) : (_jsx(Text, { color: colors.success, bold: true, children: "UNSEALED" })), _jsxs(Text, { color: colors.muted, children: [secrets.apps.length, " apps | ", secrets.apps.reduce((sum, a) => sum + a.keyCount, 0), " keys"] })] }), secrets.error && (_jsx(Box, { marginBottom: 1, children: _jsx(Text, { color: colors.error, children: secrets.error }) })), subView === 'app-list' ? (_jsxs(Box, { flexDirection: "column", children: [_jsx(Text, { bold: true, children: "Apps with secrets:" }), _jsx(ScrollableList, { items: secrets.apps, selectedIndex: Math.min(selectedIndex, secrets.apps.length - 1), maxVisible: listHeight, emptyText: "  No secrets managed", renderItem: (app, selected) => (_jsxs(Box, { children: [_jsx(Text, { color: colors.primary, children: selected ? '> ' : '  ' }), _jsx(Text, { bold: selected, color: selected ? colors.primary : colors.text, children: redact(app.app).padEnd(24) }), _jsx(Text, { color: colors.muted, children: app.type.padEnd(14) }), _jsxs(Text, { children: [String(app.keyCount).padEnd(8), " keys"] })] })) })] })) : (_jsxs(Box, { flexDirection: "column", children: [_jsx(Text, { bold: true, color: colors.primary, children: redact(selectedApp ?? '') }), _jsx(Box, { marginTop: 1, flexDirection: "column", children: _jsx(ScrollableList, { items: secrets.secrets, selectedIndex: Math.min(selectedIndex, secrets.secrets.length - 1), maxVisible: listHeight, emptyText: "  No secrets found", renderItem: (secret, selected) => {
+    return (_jsxs(Box, { flexDirection: "column", padding: 1, children: [_jsxs(Box, { marginBottom: 1, paddingX: 1, gap: 2, children: [_jsx(Text, { bold: true, children: "Vault:" }), !secrets.initialized ? (_jsx(Text, { color: colors.error, children: "Not initialized" })) : secrets.sealed ? (_jsx(Text, { color: colors.warning, bold: true, children: "SEALED" })) : (_jsx(Text, { color: colors.success, bold: true, children: "UNSEALED" })), _jsxs(Text, { color: colors.muted, children: [secrets.apps.length, " apps | ", secrets.apps.reduce((sum, a) => sum + a.keyCount, 0), " keys"] })] }), secrets.error && (_jsx(Box, { marginBottom: 1, children: _jsx(Text, { color: colors.error, children: secrets.error }) })), subView === 'app-list' ? (_jsxs(Box, { flexDirection: "column", children: [_jsx(Text, { bold: true, children: "Apps with secrets:" }), _jsx(ScrollableList, { items: appItems, selectedIndex: Math.min(selectedIndex, appItems.length - 1), maxVisible: listHeight, emptyText: "  No secrets managed", renderItem: (app, selected) => (_jsxs(Box, { children: [_jsx(Text, { color: colors.primary, children: selected ? '> ' : '  ' }), _jsx(Text, { bold: selected, color: selected ? colors.primary : colors.text, children: app.displayApp.padEnd(24) }), _jsx(Text, { color: colors.muted, children: app.type.padEnd(14) }), _jsxs(Text, { children: [String(app.keyCount).padEnd(8), " keys"] })] })) })] })) : (_jsxs(Box, { flexDirection: "column", children: [_jsx(Text, { bold: true, color: colors.primary, children: redact(selectedApp ?? '') }), _jsx(Box, { marginTop: 1, flexDirection: "column", children: _jsx(ScrollableList, { items: secrets.secrets, selectedIndex: Math.min(selectedIndex, secrets.secrets.length - 1), maxVisible: listHeight, emptyText: "  No secrets found", renderItem: (secret, selected) => {
                                 const revealed = secrets.revealedValues[secret.key];
                                 return (_jsxs(Box, { children: [_jsx(Text, { color: colors.primary, children: selected ? '> ' : '  ' }), _jsx(Text, { bold: selected, color: selected ? colors.primary : colors.text, children: secret.key.padEnd(30) }), _jsx(Text, { color: revealed ? colors.warning : colors.muted, children: revealed ?? secret.maskedValue })] }));
                             } }) })] }))] }));

package/package.json

@@ -1,11 +1,12 @@
 {
   "name": "@matthesketh/fleet",
-  "version": "1.8.0",
+  "version": "1.11.0",
   "description": "Docker production management CLI + MCP server for Claude Code",
   "type": "module",
   "main": "dist/index.js",
   "bin": {
-    "fleet": "dist/index.js"
+    "fleet": "dist/index.js",
+    "fleet-agent": "dist/bin/fleet-agent.js"
   },
   "files": [
     "dist/",
@@ -15,9 +16,10 @@
     "README.md"
   ],
   "scripts": {
-    "build": "tsc && tsc-alias",
+    "build": "tsc && tsc-alias --resolve-full-paths",
     "dev": "tsx src/index.ts",
     "test": "vitest run",
+    "changelog": "node scripts/gen-changelog.mjs > CHANGELOG.md",
     "prepublishOnly": "npm run build"
   },
   "keywords": [
@@ -59,7 +61,7 @@
     "@matthesketh/ink-modal": "^0.1.0",
     "@matthesketh/ink-pipeline": "^0.1.0",
     "@matthesketh/ink-rule": "^0.1.0",
-    "@matthesketh/ink-scrollable-list": "^0.1.1",
+    "@matthesketh/ink-scrollable-list": "0.2.0",
     "@matthesketh/ink-split-pane": "^0.1.0",
     "@matthesketh/ink-stable-state": "^0.1.0",
     "@matthesketh/ink-status-bar": "^0.1.0",
@@ -68,7 +70,7 @@
     "@matthesketh/ink-task-list": "0.1.0",
     "@matthesketh/ink-timeline": "0.1.0",
     "@matthesketh/ink-toast": "^0.1.0",
-    "@matthesketh/ink-viewport": "^0.1.0",
+    "@matthesketh/ink-viewport": "^0.1.1",
     "@modelcontextprotocol/sdk": "1.29.0",
     "better-sqlite3": "12.9.0",
     "chokidar": "5.0.0",
@@ -77,6 +79,7 @@
     "ink-text-input": "^6.0.0",
     "proper-lockfile": "4.1.2",
     "react": "^18.3.1",
+    "yaml": "2.8.4",
     "zod": "^3.24.0"
   },
   "devDependencies": {
@@ -90,4 +93,4 @@
     "typescript": "5.6.3",
     "vitest": "4.0.18"
   }
-}
+}