@runloop/rl-cli 1.4.1 → 1.5.0

package/README.md

@@ -140,6 +140,16 @@ rli network-policy create                # Create a new network policy
 rli network-policy delete <id>           # Delete a network policy
 ```
 
+### Secret Commands (alias: `s`)
+
+```bash
+rli secret create <name>                 # Create a new secret. Value can be pip...
+rli secret list                          # List all secrets
+rli secret get <name>                    # Get secret metadata by name
+rli secret update <name>                 # Update a secret value (value from std...
+rli secret delete <name>                 # Delete a secret
+```
+
 ### Mcp Commands
 
 ```bash

package/dist/commands/secret/create.js

@@ -0,0 +1,27 @@
+/**
+ * Create secret command
+ */
+import { getClient } from "../../utils/client.js";
+import { output, outputError } from "../../utils/output.js";
+import { getSecretValue } from "../../utils/stdin.js";
+export async function createSecret(name, options = {}) {
+    try {
+        // Get secret value from stdin (piped) or interactive prompt
+        const value = await getSecretValue();
+        if (!value) {
+            outputError("Secret value cannot be empty", new Error("Empty value"));
+        }
+        const client = getClient();
+        const secret = await client.secrets.create({ name, value });
+        // Default: just output the ID for easy scripting
+        if (!options.output || options.output === "text") {
+            console.log(secret.id);
+        }
+        else {
+            output(secret, { format: options.output, defaultFormat: "json" });
+        }
+    }
+    catch (error) {
+        outputError("Failed to create secret", error);
+    }
+}

package/dist/commands/secret/delete.js

@@ -0,0 +1,54 @@
+/**
+ * Delete secret command
+ */
+import * as readline from "readline";
+import { getClient } from "../../utils/client.js";
+import { output } from "../../utils/output.js";
+/**
+ * Prompt for confirmation
+ */
+async function confirm(message) {
+    return new Promise((resolve) => {
+        const rl = readline.createInterface({
+            input: process.stdin,
+            output: process.stdout,
+        });
+        rl.question(`${message} [y/N] `, (answer) => {
+            rl.close();
+            resolve(answer.toLowerCase() === "y" || answer.toLowerCase() === "yes");
+        });
+    });
+}
+export async function deleteSecret(name, options = {}) {
+    try {
+        const client = getClient();
+        // Confirm deletion unless --yes flag is passed
+        if (!options.yes) {
+            const confirmed = await confirm(`Are you sure you want to delete secret "${name}"?`);
+            if (!confirmed) {
+                console.log("Aborted.");
+                return;
+            }
+        }
+        // Delete by name
+        const secret = await client.secrets.delete(name);
+        // Default: show confirmation message
+        if (!options.output || options.output === "text") {
+            console.log(`Deleted secret "${name}" (${secret.id})`);
+        }
+        else {
+            output({ id: secret.id, name, status: "deleted" }, { format: options.output, defaultFormat: "json" });
+        }
+    }
+    catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        if (errorMessage.includes("404") || errorMessage.includes("not found")) {
+            console.error(`Error: Secret "${name}" not found`);
+        }
+        else {
+            console.error(`Error: Failed to delete secret`);
+            console.error(`  ${errorMessage}`);
+        }
+        process.exit(1);
+    }
+}

package/dist/commands/secret/get.js

@@ -0,0 +1,23 @@
+/**
+ * Get secret metadata command
+ *
+ * Note: The API doesn't have a direct "get by name" endpoint,
+ * so we list all secrets and filter by name.
+ */
+import { getClient } from "../../utils/client.js";
+import { output, outputError } from "../../utils/output.js";
+export async function getSecret(name, options = {}) {
+    try {
+        const client = getClient();
+        // List all secrets and find by name
+        const result = await client.secrets.list({ limit: 5000 });
+        const secret = result.secrets?.find((s) => s.name === name);
+        if (!secret) {
+            outputError(`Secret "${name}" not found`, new Error("Secret not found"));
+        }
+        output(secret, { format: options.output, defaultFormat: "json" });
+    }
+    catch (error) {
+        outputError("Failed to get secret", error);
+    }
+}

package/dist/commands/secret/list.js

@@ -0,0 +1,23 @@
+/**
+ * List secrets command
+ */
+import { getClient } from "../../utils/client.js";
+import { output, outputError } from "../../utils/output.js";
+const DEFAULT_PAGE_SIZE = 20;
+export async function listSecrets(options = {}) {
+    try {
+        const client = getClient();
+        const limit = options.limit
+            ? parseInt(options.limit, 10)
+            : DEFAULT_PAGE_SIZE;
+        // Fetch secrets
+        const result = await client.secrets.list({ limit });
+        // Extract secrets array
+        const secrets = result.secrets || [];
+        // Default: output JSON for lists
+        output(secrets, { format: options.output, defaultFormat: "json" });
+    }
+    catch (error) {
+        outputError("Failed to list secrets", error);
+    }
+}

package/dist/commands/secret/update.js

@@ -0,0 +1,27 @@
+/**
+ * Update secret command
+ */
+import { getClient } from "../../utils/client.js";
+import { output, outputError } from "../../utils/output.js";
+import { getSecretValue } from "../../utils/stdin.js";
+export async function updateSecret(name, options = {}) {
+    try {
+        // Get new secret value from stdin (piped) or interactive prompt
+        const value = await getSecretValue();
+        if (!value) {
+            outputError("Secret value cannot be empty", new Error("Empty value"));
+        }
+        const client = getClient();
+        const secret = await client.secrets.update(name, { value });
+        // Default: just output the ID for easy scripting
+        if (!options.output || options.output === "text") {
+            console.log(secret.id);
+        }
+        else {
+            output(secret, { format: options.output, defaultFormat: "json" });
+        }
+    }
+    catch (error) {
+        outputError("Failed to update secret", error);
+    }
+}

package/dist/utils/commands.js

@@ -439,6 +439,53 @@ export function createProgram() {
         const { deleteNetworkPolicy } = await import("../commands/network-policy/delete.js");
         await deleteNetworkPolicy(id, options);
     });
+    // Secret commands
+    const secret = program
+        .command("secret")
+        .description("Manage secrets")
+        .alias("s");
+    secret
+        .command("create <name>")
+        .description("Create a new secret. Value can be piped via stdin (e.g., echo 'val' | rli secret create name) or entered interactively with masked input for security.")
+        .option("-o, --output [format]", "Output format: text|json|yaml (default: text)")
+        .action(async (name, options) => {
+        const { createSecret } = await import("../commands/secret/create.js");
+        await createSecret(name, options);
+    });
+    secret
+        .command("list")
+        .description("List all secrets")
+        .option("--limit <n>", "Max results", "20")
+        .option("-o, --output [format]", "Output format: text|json|yaml (default: json)")
+        .action(async (options) => {
+        const { listSecrets } = await import("../commands/secret/list.js");
+        await listSecrets(options);
+    });
+    secret
+        .command("get <name>")
+        .description("Get secret metadata by name")
+        .option("-o, --output [format]", "Output format: text|json|yaml (default: json)")
+        .action(async (name, options) => {
+        const { getSecret } = await import("../commands/secret/get.js");
+        await getSecret(name, options);
+    });
+    secret
+        .command("update <name>")
+        .description("Update a secret value (value from stdin or secure prompt)")
+        .option("-o, --output [format]", "Output format: text|json|yaml (default: text)")
+        .action(async (name, options) => {
+        const { updateSecret } = await import("../commands/secret/update.js");
+        await updateSecret(name, options);
+    });
+    secret
+        .command("delete <name>")
+        .description("Delete a secret")
+        .option("-y, --yes", "Skip confirmation prompt")
+        .option("-o, --output [format]", "Output format: text|json|yaml (default: text)")
+        .action(async (name, options) => {
+        const { deleteSecret } = await import("../commands/secret/delete.js");
+        await deleteSecret(name, options);
+    });
     // MCP server commands
     const mcp = program
         .command("mcp")

package/dist/utils/stdin.js

@@ -0,0 +1,66 @@
+/**
+ * Utilities for reading secure input from stdin
+ */
+/**
+ * Prompt for a secret value with masked input (shows * for each character)
+ * Only works when stdin is a TTY (interactive terminal)
+ */
+export async function promptSecretValue(prompt = "Enter secret value: ") {
+    return new Promise((resolve) => {
+        process.stdout.write(prompt);
+        let value = "";
+        process.stdin.setRawMode(true);
+        process.stdin.resume();
+        process.stdin.setEncoding("utf8");
+        const onData = (char) => {
+            if (char === "\n" || char === "\r") {
+                process.stdin.setRawMode(false);
+                process.stdin.removeListener("data", onData);
+                process.stdin.pause();
+                process.stdout.write("\n");
+                resolve(value);
+            }
+            else if (char === "\u0003") {
+                // Ctrl+C
+                process.stdin.setRawMode(false);
+                process.stdout.write("\n");
+                process.exit(0);
+            }
+            else if (char === "\u007F" || char === "\b") {
+                // Backspace (0x7F) or Ctrl+H (0x08)
+                if (value.length > 0) {
+                    value = value.slice(0, -1);
+                    process.stdout.write("\b \b");
+                }
+            }
+            else if (char >= " ") {
+                // Only add printable characters
+                value += char;
+                process.stdout.write("*");
+            }
+        };
+        process.stdin.on("data", onData);
+    });
+}
+/**
+ * Read all data from stdin (for piped input)
+ */
+export async function readStdin() {
+    const chunks = [];
+    for await (const chunk of process.stdin) {
+        chunks.push(Buffer.from(chunk));
+    }
+    return Buffer.concat(chunks).toString().trim();
+}
+/**
+ * Get a secret value from either piped stdin or interactive prompt
+ * Automatically detects whether input is piped or interactive
+ */
+export async function getSecretValue(prompt = "Enter secret value: ") {
+    if (process.stdin.isTTY) {
+        return promptSecretValue(prompt);
+    }
+    else {
+        return readStdin();
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@runloop/rl-cli",
-  "version": "1.4.1",
+  "version": "1.5.0",
   "description": "Beautiful CLI for the Runloop platform",
   "type": "module",
   "bin": {