@roleplay-sh/cli 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +19 -7
- package/CONTRIBUTING.md +1 -1
- package/SECURITY.md +1 -3
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,21 @@ All notable changes to roleplay.sh will be documented in this file.
|
|
|
4
4
|
|
|
5
5
|
This project follows semantic versioning after the public `0.1.0` release.
|
|
6
6
|
|
|
7
|
+
## 0.1.2 - 2026-06-03
|
|
8
|
+
|
|
9
|
+
### Changed
|
|
10
|
+
|
|
11
|
+
- Corrected packaged documentation to match the public launch scope.
|
|
12
|
+
|
|
13
|
+
## 0.1.1 - 2026-06-03
|
|
14
|
+
|
|
15
|
+
### Added
|
|
16
|
+
|
|
17
|
+
- Dedicated public CLI package for local attack-pack execution.
|
|
18
|
+
- Built-in `social-engineering-core` attack pack.
|
|
19
|
+
- Local reports and replayable transcripts.
|
|
20
|
+
- Sanitized Team Cloud upload support.
|
|
21
|
+
|
|
7
22
|
## 0.1.0 - 2026-05-17
|
|
8
23
|
|
|
9
24
|
### Added
|
|
@@ -11,21 +26,18 @@ This project follows semantic versioning after the public `0.1.0` release.
|
|
|
11
26
|
- Initial `roleplay` CLI.
|
|
12
27
|
- Scenario YAML validation with Zod.
|
|
13
28
|
- HTTP, CLI, and mock target adapters.
|
|
14
|
-
-
|
|
15
|
-
-
|
|
29
|
+
- Local deterministic roleplayed-user provider.
|
|
30
|
+
- Local deterministic judge implementation.
|
|
16
31
|
- Local run storage under `.roleplay/runs`.
|
|
17
32
|
- JSON and Markdown report generation.
|
|
18
|
-
- `init`, `
|
|
33
|
+
- `init`, `run`, `report`, `replay`, `list`, `upload`, `doctor`, and `mcp` commands.
|
|
19
34
|
- Example agents and scenarios.
|
|
20
35
|
- Vitest test suite, linting, strict TypeScript, tsup build, CI, and npm publish workflow.
|
|
21
36
|
- Package smoke test that verifies tarball contents and installed CLI behavior.
|
|
22
37
|
- Failed-run artifact persistence for target/provider/judge errors.
|
|
23
38
|
- Safer CLI target execution defaults and explicit `shell: true` opt-in.
|
|
24
|
-
- Red-team target validation and optional `--save` for generated scenarios.
|
|
25
39
|
- HTTP target diagnostics for text responses, missing fields, and timeouts.
|
|
26
40
|
|
|
27
41
|
### Notes
|
|
28
42
|
|
|
29
|
-
-
|
|
30
|
-
- Mock provider and mock judge are the stable path for first local usage.
|
|
31
|
-
- OpenAI mode requires `OPENAI_API_KEY` and should be treated as experimental until more live usage is collected.
|
|
43
|
+
- Local attack-pack execution is the supported path for first usage.
|
package/CONTRIBUTING.md
CHANGED
|
@@ -11,7 +11,7 @@ pnpm test
|
|
|
11
11
|
pnpm build
|
|
12
12
|
```
|
|
13
13
|
|
|
14
|
-
Use
|
|
14
|
+
Use local attack-pack execution for tests and examples. Do not add external model-provider behavior to the public CLI without an explicit product decision.
|
|
15
15
|
|
|
16
16
|
## Pull requests
|
|
17
17
|
|
package/SECURITY.md
CHANGED
|
@@ -12,9 +12,7 @@ Do not include real API keys, customer data, private prompts, transcripts, or pr
|
|
|
12
12
|
|
|
13
13
|
## Data Handling
|
|
14
14
|
|
|
15
|
-
roleplay.sh stores runs locally under `.roleplay/runs`. Scenario files, hidden context, transcripts, and reports may contain sensitive information.
|
|
16
|
-
|
|
17
|
-
When using OpenAI providers or judges, scenario data and transcripts are sent to the external provider. Use `--provider mock --judge mock` for local-only testing.
|
|
15
|
+
roleplay.sh stores runs locally under `.roleplay/runs`. Scenario files, hidden context, transcripts, and reports may contain sensitive information. Full transcripts stay local unless you explicitly upload them to Team Cloud with full-transcript mode enabled in both the project policy and the CLI command.
|
|
18
16
|
|
|
19
17
|
## CLI Target Execution
|
|
20
18
|
|