@roleplay-sh/cli 0.1.3 → 0.1.5

package/.env.example

@@ -1,7 +1,7 @@
 # Optional agent credentials used by your own HTTP/CLI target.
 AGENT_API_KEY=
 
-# Team Cloud upload settings.
+# Cloud workbench upload settings. Requires a trial workspace and project API key.
 ROLEPLAY_CLOUD_URL=https://app.roleplay.sh
 ROLEPLAY_PROJECT_ID=
 ROLEPLAY_API_KEY=

package/CHANGELOG.md

@@ -4,6 +4,14 @@ All notable changes to roleplay.sh will be documented in this file.
 
 This project follows semantic versioning after the public `0.1.0` release.
 
+## 0.1.4 - Unreleased
+
+### Changed
+
+- Updated CLI upload, doctor, and setup copy for the paid roleplay.sh cloud workbench.
+- Clarified that production uploads require a Builder or Team trial, project API key, and sanitized upload policy.
+- Kept public command syntax stable while preserving mock smoke tests and BYO provider usage for real runs.
+
 ## 0.1.3 - 2026-06-06
 
 ### Added
@@ -31,7 +39,7 @@ This project follows semantic versioning after the public `0.1.0` release.
 - Dedicated public CLI package for local attack-pack execution.
 - Built-in `social-engineering-core` attack pack.
 - Local reports and replayable transcripts.
-- Sanitized Team Cloud upload support.
+- Sanitized cloud workbench upload support.
 
 ## 0.1.0 - 2026-05-17
 

package/README.md

@@ -2,7 +2,7 @@
 
 Social-engineering regression tests for AI agents.
 
-`roleplay` runs adversarial roleplay scenarios against local, HTTP, CLI, or mock agents, records replayable evidence, and can upload sanitized findings to Team Cloud.
+`roleplay` runs adversarial roleplay scenarios against local, HTTP, CLI, or mock agents, records replayable evidence, and uploads sanitized findings to the roleplay.sh cloud workbench.
 
 ## Install
 
@@ -54,9 +54,9 @@ export ROLEPLAY_OPENAI_API_KEY="your-openai-key"
 
 Supported providers are `openai`, `anthropic`, `google`, and `openai-compatible`. Use `--attacker-provider` and `--judge-provider` when you want different providers for adaptive attacker turns and transcript judging. Use `--target mock --provider mock` for deterministic local smoke tests.
 
-## Upload Sanitized Findings To Team Cloud
+## Upload Sanitized Findings To The Cloud Workbench
 
-Create a project and API key in Team Cloud at `https://app.roleplay.sh`, then run:
+Start a Builder or Team trial at `https://app.roleplay.sh`, create a workspace project and API key, then run:
 
 ```bash
 ROLEPLAY_CLOUD_URL=https://app.roleplay.sh \
@@ -73,7 +73,7 @@ Sanitized upload is the default. Full transcripts, raw scenario YAML, and local
 - `roleplay run` runs a scenario file or built-in attack pack.
 - `roleplay report` prints a saved run report.
 - `roleplay replay` replays transcript evidence.
-- `roleplay upload` uploads sanitized findings to Team Cloud.
+- `roleplay upload` uploads sanitized findings to the roleplay.sh cloud workbench.
 - `roleplay list` lists local runs.
 - `roleplay doctor` checks local and Cloud configuration.
 - `roleplay mcp` exposes roleplay.sh through MCP.

package/RELEASE.md

@@ -29,8 +29,8 @@ The publish workflow uses GitHub OIDC and intentionally does not require an npm
 Create a GitHub release or push a version tag:
 
 ```bash
-git tag v0.1.3
-git push origin v0.1.3
+git tag v0.1.4
+git push origin v0.1.4
 ```
 
 The publish workflow runs checks and then publishes with:
@@ -58,7 +58,7 @@ export ROLEPLAY_OPENAI_API_KEY=<openai-key>
 roleplay run social-engineering-core --target http://localhost:3000/agent --provider openai --max-turns 1 --fail-on critical
 ```
 
-For Team Cloud upload verification, create a project API key at `https://app.roleplay.sh` and run:
+For cloud workbench upload verification, start a Builder or Team trial, create a project API key at `https://app.roleplay.sh`, and run:
 
 ```bash
 ROLEPLAY_CLOUD_URL=https://app.roleplay.sh \

package/SECURITY.md

@@ -12,7 +12,7 @@ Do not include real API keys, customer data, private prompts, transcripts, or pr
 
 ## Data Handling
 
-roleplay.sh stores runs locally under `.roleplay/runs`. Scenario files, hidden context, transcripts, and reports may contain sensitive information. Full transcripts stay local unless you explicitly upload them to Team Cloud with full-transcript mode enabled in both the project policy and the CLI command.
+roleplay.sh stores runs locally under `.roleplay/runs`. Scenario files, hidden context, transcripts, and reports may contain sensitive information. Full transcripts stay local unless you explicitly upload them to the cloud workbench with full-transcript mode enabled in both the project policy and the CLI command.
 
 ## CLI Target Execution
 

package/dist/cli.js

@@ -1024,7 +1024,7 @@ var init_init = __esm({
     envExample = `# Optional agent credentials used by your own HTTP/CLI target.
 AGENT_API_KEY=
 
-# Team Cloud upload settings.
+# cloud workbench upload settings.
 ROLEPLAY_CLOUD_URL=http://127.0.0.1:3000
 ROLEPLAY_PROJECT_ID=proj_support
 ROLEPLAY_API_KEY=
@@ -2917,7 +2917,7 @@ function requireUploadApiKey(apiKey) {
   if (normalized) return normalized;
   throw new AppError({
     code: "UPLOAD_API_KEY_REQUIRED",
-    message: "ROLEPLAY_API_KEY or --api-key is required to upload to Team Cloud.",
+    message: "ROLEPLAY_API_KEY or --api-key is required to upload to cloud workbench.",
     suggestion: "Create or copy a project API key from CI & Uploads, then pass --api-key or set ROLEPLAY_API_KEY.",
     exitCode: 1
   });
@@ -2927,7 +2927,7 @@ function requireUploadProjectId(projectId) {
   if (normalized) return normalized;
   throw new AppError({
     code: "UPLOAD_PROJECT_REQUIRED",
-    message: "ROLEPLAY_PROJECT_ID or --project is required to upload to Team Cloud.",
+    message: "ROLEPLAY_PROJECT_ID or --project is required to upload to cloud workbench.",
     suggestion: "Copy the project ID from CI & Uploads, then pass --project or set ROLEPLAY_PROJECT_ID.",
     exitCode: 1
   });
@@ -2998,8 +2998,8 @@ async function uploadToCloud(input) {
   } catch (error) {
     throw new AppError({
       code: "UPLOAD_FAILED",
-      message: `Could not reach Team Cloud at ${endpoint}.`,
-      suggestion: "Check ROLEPLAY_CLOUD_URL, ROLEPLAY_API_KEY, and that Team Cloud is running.",
+      message: `Could not reach cloud workbench at ${endpoint}.`,
+      suggestion: "Check ROLEPLAY_CLOUD_URL, ROLEPLAY_API_KEY, and that cloud workbench is running.",
       cause: error,
       exitCode: 1
     });
@@ -3009,7 +3009,7 @@ async function uploadToCloud(input) {
     throw new AppError({
       code: "UPLOAD_FAILED",
       message: body && "error" in body && body.error ? body.error : `Cloud upload failed with HTTP ${response.status}.`,
-      suggestion: "Check ROLEPLAY_CLOUD_URL, ROLEPLAY_API_KEY, and that Team Cloud is running.",
+      suggestion: "Check ROLEPLAY_CLOUD_URL, ROLEPLAY_API_KEY, and that cloud workbench is running.",
       exitCode: 1
     });
   }
@@ -3034,8 +3034,8 @@ async function verifyCloudCredentials(input) {
   } catch (error) {
     throw new AppError({
       code: "UPLOAD_CREDENTIALS_FAILED",
-      message: `Could not reach Team Cloud at ${endpoint}.`,
-      suggestion: "Check ROLEPLAY_CLOUD_URL, ROLEPLAY_PROJECT_ID, ROLEPLAY_API_KEY, and that Team Cloud is running.",
+      message: `Could not reach cloud workbench at ${endpoint}.`,
+      suggestion: "Check ROLEPLAY_CLOUD_URL, ROLEPLAY_PROJECT_ID, ROLEPLAY_API_KEY, and that cloud workbench is running.",
       cause: error,
       exitCode: 1
     });
@@ -3045,7 +3045,7 @@ async function verifyCloudCredentials(input) {
     throw new AppError({
       code: "UPLOAD_CREDENTIALS_FAILED",
       message: body && "error" in body && body.error ? body.error : `Cloud API key verification failed with HTTP ${response.status}.`,
-      suggestion: "Check ROLEPLAY_CLOUD_URL, ROLEPLAY_PROJECT_ID, ROLEPLAY_API_KEY, and that Team Cloud is running.",
+      suggestion: "Check ROLEPLAY_CLOUD_URL, ROLEPLAY_PROJECT_ID, ROLEPLAY_API_KEY, and that cloud workbench is running.",
       exitCode: 1
     });
   }
@@ -3061,8 +3061,8 @@ function parseUploadResponse(body) {
   }
   throw new AppError({
     code: "UPLOAD_RESPONSE_INVALID",
-    message: "Team Cloud returned an invalid upload response.",
-    suggestion: "Check that ROLEPLAY_CLOUD_URL points to a compatible roleplay.sh Team Cloud backend.",
+    message: "cloud workbench returned an invalid upload response.",
+    suggestion: "Check that ROLEPLAY_CLOUD_URL points to a compatible roleplay.sh cloud workbench backend.",
     exitCode: 1
   });
 }
@@ -3075,8 +3075,8 @@ function parseCredentialVerification(body) {
   }
   throw new AppError({
     code: "UPLOAD_CREDENTIALS_INVALID",
-    message: "Team Cloud returned an invalid API key verification response.",
-    suggestion: "Check that ROLEPLAY_CLOUD_URL points to a compatible roleplay.sh Team Cloud backend.",
+    message: "cloud workbench returned an invalid API key verification response.",
+    suggestion: "Check that ROLEPLAY_CLOUD_URL points to a compatible roleplay.sh cloud workbench backend.",
     exitCode: 1
   });
 }
@@ -3086,8 +3086,8 @@ function assertUploadResponseMatchesPayload(response, payload) {
   }
   throw new AppError({
     code: "UPLOAD_RESPONSE_INVALID",
-    message: "Team Cloud upload response did not match the requested project, run, or mode.",
-    suggestion: "Check that ROLEPLAY_CLOUD_URL points to a compatible roleplay.sh Team Cloud backend.",
+    message: "cloud workbench upload response did not match the requested project, run, or mode.",
+    suggestion: "Check that ROLEPLAY_CLOUD_URL points to a compatible roleplay.sh cloud workbench backend.",
     exitCode: 1
   });
 }
@@ -3097,8 +3097,8 @@ function assertCredentialVerificationMatchesRequest(response, projectId) {
   }
   throw new AppError({
     code: "UPLOAD_CREDENTIALS_INVALID",
-    message: "Team Cloud API key verification response did not match the requested project.",
-    suggestion: "Check that ROLEPLAY_CLOUD_URL points to a compatible roleplay.sh Team Cloud backend.",
+    message: "cloud workbench API key verification response did not match the requested project.",
+    suggestion: "Check that ROLEPLAY_CLOUD_URL points to a compatible roleplay.sh cloud workbench backend.",
     exitCode: 1
   });
 }
@@ -3212,21 +3212,21 @@ var init_upload = __esm({
     init_output();
     init_base();
     UploadCommand = class _UploadCommand extends BaseCommand {
-      static description = "Upload one run or all local runs to roleplay.sh Team Cloud.";
+      static description = "Upload one run or all local runs to roleplay.sh cloud workbench.";
       static args = {
         run: Args3.string({ required: false, default: "latest" })
       };
       static flags = {
         endpoint: Flags4.string({
-          description: "Team Cloud URL.",
+          description: "cloud workbench URL.",
           default: process.env.ROLEPLAY_CLOUD_URL ?? "http://127.0.0.1:3000"
         }),
         project: Flags4.string({
-          description: "Team Cloud project ID.",
+          description: "cloud workbench project ID.",
           default: process.env.ROLEPLAY_PROJECT_ID
         }),
         "api-key": Flags4.string({
-          description: "Team Cloud API key. Defaults to ROLEPLAY_API_KEY.",
+          description: "cloud workbench API key. Defaults to ROLEPLAY_API_KEY.",
           default: process.env.ROLEPLAY_API_KEY
         }),
         mode: Flags4.string({
@@ -3302,7 +3302,7 @@ var init_upload = __esm({
               this.log(JSON.stringify(result2));
               return;
             }
-            this.log(`${chalk4.cyan("roleplay.sh Team Cloud")}
+            this.log(`${chalk4.cyan("roleplay.sh cloud workbench")}
 
 Project: ${result2.projectId}
 Runs uploaded: ${result2.uploaded}
@@ -3333,7 +3333,7 @@ Mode: ${result2.mode}`);
             this.log(JSON.stringify(result));
             return;
           }
-          this.log(`${chalk4.cyan("roleplay.sh Team Cloud")}
+          this.log(`${chalk4.cyan("roleplay.sh cloud workbench")}
 
 Project: ${result.projectId}
 Run: ${result.runId}
@@ -3497,19 +3497,19 @@ async function checkCloudHealth(cloudUrl) {
     const body = await response.json().catch(() => void 0);
     if (response.ok && body?.status === "ok") {
       return {
-        name: "Team Cloud health",
+        name: "cloud workbench health",
         ok: true,
         detail: cloudHealthDetail(body, endpoint)
       };
     }
     return {
-      name: "Team Cloud health",
+      name: "cloud workbench health",
       ok: false,
       detail: `HTTP ${response.status} from ${endpoint}`
     };
   } catch (error) {
     return {
-      name: "Team Cloud health",
+      name: "cloud workbench health",
       ok: false,
       detail: error instanceof Error ? error.message : `Could not reach ${endpoint}`
     };
@@ -3520,7 +3520,7 @@ async function checkCloudCredentials(cloudUrl, projectId, apiKey) {
   const normalizedApiKey = apiKey?.trim();
   if (!normalizedProjectId || !normalizedApiKey) {
     return {
-      name: "Team Cloud API key",
+      name: "cloud workbench API key",
       ok: false,
       detail: "ROLEPLAY_PROJECT_ID/--project and ROLEPLAY_API_KEY/--api-key are both required for credential verification"
     };
@@ -3533,20 +3533,20 @@ async function checkCloudCredentials(cloudUrl, projectId, apiKey) {
     });
     const policy = verification.uploadPolicy;
     return {
-      name: "Team Cloud API key",
+      name: "cloud workbench API key",
       ok: true,
       detail: `${verification.key.name} (${verification.key.preview}) can upload to ${verification.projectId} with ${policy.mode}, ${policy.retentionDays}d retention`
     };
   } catch (error) {
     return {
-      name: "Team Cloud API key",
+      name: "cloud workbench API key",
       ok: false,
-      detail: error instanceof Error ? error.message : "Could not verify Team Cloud API key"
+      detail: error instanceof Error ? error.message : "Could not verify cloud workbench API key"
     };
   }
 }
 function cloudHealthDetail(body, endpoint) {
-  const service = body.service ?? "Team Cloud";
+  const service = body.service ?? "cloud workbench";
   const privacy = body.privacy;
   if (!privacy) return `${service} at ${endpoint}`;
   const mode = privacy.defaultUploadMode ?? (privacy.fullTranscriptUpload ? "full_transcript_opt_in" : "sanitized_findings");
@@ -3575,17 +3575,17 @@ var init_doctor = __esm({
       static description = "Check local roleplay.sh setup.";
       static flags = {
         json: Flags8.boolean({ description: "Output JSON only." }),
-        cloud: Flags8.boolean({ description: "Check Team Cloud connectivity through /api/health." }),
+        cloud: Flags8.boolean({ description: "Check cloud workbench connectivity through /api/health." }),
         "cloud-url": Flags8.string({
-          description: "Team Cloud base URL.",
+          description: "cloud workbench base URL.",
           default: process.env.ROLEPLAY_CLOUD_URL ?? "http://127.0.0.1:3000"
         }),
         project: Flags8.string({
-          description: "Team Cloud project ID for API-key verification. Defaults to ROLEPLAY_PROJECT_ID.",
+          description: "cloud workbench project ID for API-key verification. Defaults to ROLEPLAY_PROJECT_ID.",
           default: process.env.ROLEPLAY_PROJECT_ID
         }),
         "api-key": Flags8.string({
-          description: "Team Cloud API key for credential verification. Defaults to ROLEPLAY_API_KEY.",
+          description: "cloud workbench API key for credential verification. Defaults to ROLEPLAY_API_KEY.",
           default: process.env.ROLEPLAY_API_KEY
         })
       };