@rely-ai/caliber 1.30.3 → 1.30.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/bin.js +57 -51
  2. package/package.json +1 -1
package/dist/bin.js CHANGED
@@ -67,13 +67,13 @@ function resolveFromEnv() {
67
67
  if (process.env.CALIBER_USE_CURSOR_SEAT === "1" || process.env.CALIBER_USE_CURSOR_SEAT === "true") {
68
68
  return {
69
69
  provider: "cursor",
70
- model: DEFAULT_MODELS.cursor
70
+ model: process.env.CALIBER_MODEL || DEFAULT_MODELS.cursor
71
71
  };
72
72
  }
73
73
  if (process.env.CALIBER_USE_CLAUDE_CLI === "1" || process.env.CALIBER_USE_CLAUDE_CLI === "true") {
74
74
  return {
75
75
  provider: "claude-cli",
76
- model: DEFAULT_MODELS["claude-cli"]
76
+ model: process.env.CALIBER_MODEL || DEFAULT_MODELS["claude-cli"]
77
77
  };
78
78
  }
79
79
  return null;
@@ -803,6 +803,47 @@ function readExistingConfigs(dir) {
803
803
  import fs3 from "fs";
804
804
  import path4 from "path";
805
805
  import { execSync as execSync3 } from "child_process";
806
+
807
+ // src/lib/sanitize.ts
808
+ var KNOWN_PREFIX_PATTERNS = [
809
+ // Anthropic (before generic sk- pattern)
810
+ [/sk-ant-[A-Za-z0-9_-]{20,}/g, "[REDACTED]"],
811
+ // AWS access key IDs
812
+ [/AKIA[0-9A-Z]{16}/g, "[REDACTED]"],
813
+ // AWS secret keys in assignments
814
+ [/(?:aws)?_?secret_?(?:access)?_?key\s*[:=]\s*['"]?[A-Za-z0-9/+=]{40}['"]?/gi, "[REDACTED]"],
815
+ // GitHub tokens (PAT, OAuth, server, app install, fine-grained)
816
+ [/gh[pousr]_[A-Za-z0-9_]{36,}/g, "[REDACTED]"],
817
+ [/github_pat_[A-Za-z0-9_]{22,}/g, "[REDACTED]"],
818
+ // Stripe keys
819
+ [/[sr]k_(live|test)_[A-Za-z0-9]{20,}/g, "[REDACTED]"],
820
+ // Slack tokens
821
+ [/xox[bpsar]-[A-Za-z0-9-]{10,}/g, "[REDACTED]"],
822
+ // JWTs (3-segment base64url)
823
+ [/eyJ[A-Za-z0-9_-]{20,}\.eyJ[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}/g, "[REDACTED]"],
824
+ // OpenAI keys (after sk-ant- to avoid false match)
825
+ [/sk-[A-Za-z0-9-]{20,}/g, "[REDACTED]"],
826
+ // Google API keys
827
+ [/AIza[A-Za-z0-9_-]{35}/g, "[REDACTED]"],
828
+ // Bearer tokens
829
+ [/[Bb]earer\s+[A-Za-z0-9_\-.]{20,}/g, "[REDACTED]"],
830
+ // PEM private keys
831
+ [/-----BEGIN[A-Z ]+KEY-----[\s\S]+?-----END[A-Z ]+KEY-----/g, "[REDACTED]"]
832
+ ];
833
+ var SENSITIVE_ASSIGNMENT = /(?:api[_-]?key|secret[_-]?key|password|token|credential|auth[_-]?token|private[_-]?key)\s*[:=]\s*['"]?([^\s'"]{8,500})['"]?/gi;
834
+ function sanitizeSecrets(text) {
835
+ let result = text;
836
+ for (const [pattern, replacement] of KNOWN_PREFIX_PATTERNS) {
837
+ result = result.replace(pattern, replacement);
838
+ }
839
+ result = result.replace(
840
+ SENSITIVE_ASSIGNMENT,
841
+ (match, value) => match.replace(value, "[REDACTED]")
842
+ );
843
+ return result;
844
+ }
845
+
846
+ // src/fingerprint/code-analysis.ts
806
847
  var IGNORE_DIRS2 = /* @__PURE__ */ new Set([
807
848
  "node_modules",
808
849
  ".git",
@@ -878,7 +919,6 @@ var TEXT_EXTENSIONS = /* @__PURE__ */ new Set([
878
919
  ".toml",
879
920
  ".ini",
880
921
  ".cfg",
881
- ".env",
882
922
  ".xml",
883
923
  ".plist",
884
924
  ".md",
@@ -908,7 +948,8 @@ var SKIP_PATTERNS = [
908
948
  /\.map$/,
909
949
  /\.d\.ts$/,
910
950
  /\.generated\./,
911
- /\.snap$/
951
+ /\.snap$/,
952
+ /^\.env($|\.)/
912
953
  ];
913
954
  var COMMENT_LINE = {
914
955
  "c": /^\s*\/\//,
@@ -949,7 +990,6 @@ var EXT_COMMENT = {
949
990
  ".toml": "h",
950
991
  ".ini": "h",
951
992
  ".cfg": "h",
952
- ".env": "h",
953
993
  ".html": "x",
954
994
  ".xml": "x",
955
995
  ".vue": "x",
@@ -1223,7 +1263,7 @@ function analyzeCode(dir) {
1223
1263
  const repFP = structuralFingerprint(rep.compressed, rep.ext);
1224
1264
  const similar = group.slice(1).filter((f) => structuralFingerprint(f.compressed, f.ext) === repFP);
1225
1265
  const unique = group.slice(1).filter((f) => structuralFingerprint(f.compressed, f.ext) !== repFP);
1226
- const repEntry = { path: rep.path, content: rep.compressed, size: rep.compressed.length, priority: rep.score };
1266
+ const repEntry = { path: rep.path, content: sanitizeSecrets(rep.compressed), size: rep.compressed.length, priority: rep.score };
1227
1267
  const repSize = rep.path.length + rep.compressed.length + 10;
1228
1268
  if (includedChars + repSize <= CHAR_BUDGET) {
1229
1269
  result.push(repEntry);
@@ -1242,7 +1282,7 @@ function analyzeCode(dir) {
1242
1282
  for (const f of unique) {
1243
1283
  const skeletonSize = f.path.length + f.skeleton.length + 10;
1244
1284
  if (includedChars + skeletonSize <= CHAR_BUDGET) {
1245
- result.push({ path: f.path, content: f.skeleton, size: f.skeleton.length, priority: f.score });
1285
+ result.push({ path: f.path, content: sanitizeSecrets(f.skeleton), size: f.skeleton.length, priority: f.score });
1246
1286
  includedChars += skeletonSize;
1247
1287
  }
1248
1288
  }
@@ -1252,7 +1292,7 @@ function analyzeCode(dir) {
1252
1292
  if (includedPaths.has(f.path)) continue;
1253
1293
  const skeletonSize = f.path.length + f.skeleton.length + 10;
1254
1294
  if (includedChars + skeletonSize > CHAR_BUDGET) continue;
1255
- result.push({ path: f.path, content: f.skeleton, size: f.skeleton.length, priority: f.score });
1295
+ result.push({ path: f.path, content: sanitizeSecrets(f.skeleton), size: f.skeleton.length, priority: f.score });
1256
1296
  includedChars += skeletonSize;
1257
1297
  }
1258
1298
  return {
@@ -1311,7 +1351,7 @@ function filePriority(filePath) {
1311
1351
  "lib.rs"
1312
1352
  ]);
1313
1353
  if (entryPoints.has(base)) return 40;
1314
- if (/\.(json|ya?ml|toml|ini|cfg|env)$|config\.|Makefile|Dockerfile/i.test(filePath)) return 35;
1354
+ if (/\.(json|ya?ml|toml|ini|cfg)$|config\.|Makefile|Dockerfile/i.test(filePath)) return 35;
1315
1355
  if (/(route|api|controller|endpoint|handler)/i.test(filePath)) return 30;
1316
1356
  if (/(types|schema|models|entities|migration)/i.test(filePath)) return 25;
1317
1357
  if (/(service|lib|utils|helper|middleware)/i.test(filePath)) return 20;
@@ -1606,6 +1646,7 @@ init_resolve_caliber();
1606
1646
  var ERROR_PATTERNS = [
1607
1647
  { pattern: /not logged in|not authenticated|login required|unauthorized/i, message: "Authentication required. Run the login command for your provider to re-authenticate." },
1608
1648
  { pattern: /rate limit|too many requests|429/i, message: "Rate limit exceeded. Retrying..." },
1649
+ { pattern: /usage limit|out of usage|budget.*limit|limit.*reached/i, message: () => `Usage limit reached. Run \`${resolveCaliber()} config\` to switch models (e.g. auto or composer-1.5).` },
1609
1650
  { pattern: /model.*not found|invalid model|model.*unavailable/i, message: () => `The requested model is not available. Run \`${resolveCaliber()} config\` to select a different model.` }
1610
1651
  ];
1611
1652
  function parseSeatBasedError(stderr, exitCode) {
@@ -1675,7 +1716,7 @@ var CursorAcpProvider = class {
1675
1716
  }
1676
1717
  buildArgs(model, streaming) {
1677
1718
  const args = ["--print", "--trust", "--workspace", os3.tmpdir()];
1678
- if (model && model !== "auto" && model !== "default") {
1719
+ if (model && model !== "default") {
1679
1720
  args.push("--model", model);
1680
1721
  }
1681
1722
  if (streaming) {
@@ -2109,7 +2150,7 @@ var KNOWN_MODELS = {
2109
2150
  "gpt-4o-mini",
2110
2151
  "o3-mini"
2111
2152
  ],
2112
- cursor: [],
2153
+ cursor: ["auto", "composer-1.5"],
2113
2154
  "claude-cli": []
2114
2155
  };
2115
2156
  function isModelNotAvailableError(error) {
@@ -2120,6 +2161,7 @@ function isModelNotAvailableError(error) {
2120
2161
  if (msg.includes("model") && msg.includes("not available")) return true;
2121
2162
  if (msg.includes("model") && msg.includes("does not exist")) return true;
2122
2163
  if (msg.includes("publisher model")) return true;
2164
+ if (msg.includes("usage limit") || msg.includes("out of usage")) return true;
2123
2165
  return false;
2124
2166
  }
2125
2167
  function filterRelevantModels(models, provider) {
@@ -2131,6 +2173,9 @@ function filterRelevantModels(models, provider) {
2131
2173
  return models.filter(
2132
2174
  (m) => m.startsWith("gpt-4") || m.startsWith("gpt-3.5") || m.startsWith("o1") || m.startsWith("o3")
2133
2175
  );
2176
+ case "cursor":
2177
+ case "claude-cli":
2178
+ return models;
2134
2179
  default:
2135
2180
  return models;
2136
2181
  }
@@ -5145,7 +5190,6 @@ async function runInteractiveProviderSetup(options) {
5145
5190
  break;
5146
5191
  }
5147
5192
  case "cursor": {
5148
- config.model = DEFAULT_MODELS.cursor;
5149
5193
  if (!isCursorAgentAvailable()) {
5150
5194
  console.log(chalk3.yellow("\n Cursor Agent CLI not found."));
5151
5195
  console.log(chalk3.dim(" Install it: ") + chalk3.hex("#83D1EB")("curl https://cursor.com/install -fsS | bash"));
@@ -5158,6 +5202,7 @@ async function runInteractiveProviderSetup(options) {
5158
5202
  const proceed = await confirm({ message: "Continue anyway?" });
5159
5203
  if (!proceed) throw new Error("__exit__");
5160
5204
  }
5205
+ config.model = await promptInput(`Model (default: ${DEFAULT_MODELS.cursor}):`) || DEFAULT_MODELS.cursor;
5161
5206
  break;
5162
5207
  }
5163
5208
  case "anthropic": {
@@ -10735,45 +10780,6 @@ function releaseFinalizeLock() {
10735
10780
  }
10736
10781
  }
10737
10782
 
10738
- // src/lib/sanitize.ts
10739
- var KNOWN_PREFIX_PATTERNS = [
10740
- // Anthropic (before generic sk- pattern)
10741
- [/sk-ant-[A-Za-z0-9_-]{20,}/g, "[REDACTED]"],
10742
- // AWS access key IDs
10743
- [/AKIA[0-9A-Z]{16}/g, "[REDACTED]"],
10744
- // AWS secret keys in assignments
10745
- [/(?:aws)?_?secret_?(?:access)?_?key\s*[:=]\s*['"]?[A-Za-z0-9/+=]{40}['"]?/gi, "[REDACTED]"],
10746
- // GitHub tokens (PAT, OAuth, server, app install, fine-grained)
10747
- [/gh[pousr]_[A-Za-z0-9_]{36,}/g, "[REDACTED]"],
10748
- [/github_pat_[A-Za-z0-9_]{22,}/g, "[REDACTED]"],
10749
- // Stripe keys
10750
- [/[sr]k_(live|test)_[A-Za-z0-9]{20,}/g, "[REDACTED]"],
10751
- // Slack tokens
10752
- [/xox[bpsar]-[A-Za-z0-9-]{10,}/g, "[REDACTED]"],
10753
- // JWTs (3-segment base64url)
10754
- [/eyJ[A-Za-z0-9_-]{20,}\.eyJ[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}/g, "[REDACTED]"],
10755
- // OpenAI keys (after sk-ant- to avoid false match)
10756
- [/sk-[A-Za-z0-9-]{20,}/g, "[REDACTED]"],
10757
- // Google API keys
10758
- [/AIza[A-Za-z0-9_-]{35}/g, "[REDACTED]"],
10759
- // Bearer tokens
10760
- [/[Bb]earer\s+[A-Za-z0-9_\-.]{20,}/g, "[REDACTED]"],
10761
- // PEM private keys
10762
- [/-----BEGIN[A-Z ]+KEY-----[\s\S]+?-----END[A-Z ]+KEY-----/g, "[REDACTED]"]
10763
- ];
10764
- var SENSITIVE_ASSIGNMENT = /(?:api[_-]?key|secret[_-]?key|password|token|credential|auth[_-]?token|private[_-]?key)\s*[:=]\s*['"]?([^\s'"]{8,500})['"]?/gi;
10765
- function sanitizeSecrets(text) {
10766
- let result = text;
10767
- for (const [pattern, replacement] of KNOWN_PREFIX_PATTERNS) {
10768
- result = result.replace(pattern, replacement);
10769
- }
10770
- result = result.replace(
10771
- SENSITIVE_ASSIGNMENT,
10772
- (match, value) => match.replace(value, "[REDACTED]")
10773
- );
10774
- return result;
10775
- }
10776
-
10777
10783
  // src/lib/notifications.ts
10778
10784
  import fs42 from "fs";
10779
10785
  import path33 from "path";
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rely-ai/caliber",
3
- "version": "1.30.3",
3
+ "version": "1.30.5",
4
4
  "description": "AI context infrastructure for coding agents — keeps CLAUDE.md, Cursor rules, and skills in sync as your codebase evolves",
5
5
  "type": "module",
6
6
  "bin": {