@secapi/cli 0.4.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +201 -5
- package/dist/index.js +4404 -369
- package/package.json +8 -8
package/README.md
CHANGED
|
@@ -8,29 +8,207 @@ Command-line interface for SEC API factor data, SEC filings, financial statement
|
|
|
8
8
|
npm install -g @secapi/cli
|
|
9
9
|
```
|
|
10
10
|
|
|
11
|
+
## Local development
|
|
12
|
+
|
|
13
|
+
Run the TypeScript entrypoint directly while iterating. Keep credentials in the
|
|
14
|
+
environment or stdin; never add real keys to command history, fixtures, or docs:
|
|
15
|
+
|
|
16
|
+
```bash
|
|
17
|
+
bun packages/cli/src/index.ts --help
|
|
18
|
+
bun packages/cli/src/index.ts agent-context --output secapi-cli-context.json
|
|
19
|
+
SECAPI_API_KEY="$SECAPI_API_KEY" bun packages/cli/src/index.ts me --json=false
|
|
20
|
+
printf "%s" "$SECAPI_API_KEY" | bun packages/cli/src/index.ts health --api-key-stdin
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
Use the focused package checks before committing CLI changes:
|
|
24
|
+
|
|
25
|
+
```bash
|
|
26
|
+
bun --filter @secapi/cli test
|
|
27
|
+
bun --filter @secapi/cli typecheck
|
|
28
|
+
bun run bench:cli-response-shape
|
|
29
|
+
bun run smoke:cli-release
|
|
30
|
+
bun run scripts/validate/check_cli_doc_snippets.ts
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
`bun run bench:cli-response-shape` exercises representative local-only help,
|
|
34
|
+
example, config, and agent discovery commands with no credentials and fails if
|
|
35
|
+
their latency or output size drifts past conservative agent-friendly budgets.
|
|
36
|
+
|
|
37
|
+
`bun run smoke:cli-release` builds, packs, installs the tarball in a clean
|
|
38
|
+
temporary project, and verifies the installed `secapi` and `omni-sec` binaries.
|
|
39
|
+
Run `bun run scripts/validate/check_cli_doc_snippets.ts` whenever CLI examples,
|
|
40
|
+
command names, or public Mintlify snippets change; it rewrites
|
|
41
|
+
`ops/docs-health/cli-doc-snippets/latest.json`.
|
|
42
|
+
|
|
43
|
+
## Connect an agent
|
|
44
|
+
|
|
45
|
+
Wire the hosted MCP server into your agent client in one command:
|
|
46
|
+
|
|
47
|
+
```bash
|
|
48
|
+
secapi init --client claude-code # prints the `claude mcp add` command
|
|
49
|
+
secapi init --client cursor # writes .cursor/mcp.json
|
|
50
|
+
secapi init --client claude-desktop # writes the Claude Desktop config
|
|
51
|
+
secapi init --client windsurf # writes ~/.codeium/windsurf/mcp_config.json
|
|
52
|
+
secapi init --client project # writes ./.mcp.json
|
|
53
|
+
secapi init --client cursor --print # dry-run: print the config, write nothing
|
|
54
|
+
secapi mcp install --client cursor # alias for agent-client MCP setup
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
`secapi init` reads your key from `SECAPI_API_KEY` (or `--api-key-stdin`) and never
|
|
58
|
+
accepts it as an argv flag. `secapi agent-context` prints a machine-readable JSON
|
|
59
|
+
description of the whole CLI surface, including the full current command group
|
|
60
|
+
inventory, auth needs, mutating/read-only posture, output shape, required flags,
|
|
61
|
+
and examples, so an agent can learn the tool in one call.
|
|
62
|
+
|
|
11
63
|
## Configuration
|
|
12
64
|
|
|
13
65
|
```bash
|
|
14
|
-
export SECAPI_API_KEY="
|
|
66
|
+
export SECAPI_API_KEY="secapi_live_..."
|
|
15
67
|
export SECAPI_BASE_URL="https://api.secapi.ai"
|
|
16
68
|
```
|
|
17
69
|
|
|
18
70
|
`SECAPI_BASE_URL` is optional. The CLI defaults to `https://api.secapi.ai`.
|
|
71
|
+
Use `--base-url <url>` when a single command should target a local, staging,
|
|
72
|
+
proxy, or replay origin without changing your shell environment:
|
|
73
|
+
|
|
74
|
+
```bash
|
|
75
|
+
secapi health --base-url http://127.0.0.1:8787
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
Use a no-secret profile when you switch between local, staging, and production
|
|
79
|
+
often. Profiles live at `~/.config/secapi/profiles.json` by default and may set
|
|
80
|
+
`baseUrl`, `apiKeyEnv`, and `bearerTokenEnv`. The file stores environment
|
|
81
|
+
variable names, not credential values. Set `SECAPI_CONFIG_FILE` when CI or an
|
|
82
|
+
agent runner should read profiles from a different path:
|
|
83
|
+
|
|
84
|
+
```json
|
|
85
|
+
{
|
|
86
|
+
"profiles": {
|
|
87
|
+
"local": {
|
|
88
|
+
"baseUrl": "http://127.0.0.1:8787",
|
|
89
|
+
"apiKeyEnv": "SECAPI_LOCAL_API_KEY"
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
```
|
|
94
|
+
|
|
95
|
+
```bash
|
|
96
|
+
export SECAPI_LOCAL_API_KEY="secapi_live_..."
|
|
97
|
+
SECAPI_PROFILE=local secapi health
|
|
98
|
+
secapi --profile local config show
|
|
99
|
+
secapi config profiles
|
|
100
|
+
```
|
|
19
101
|
|
|
20
102
|
Two binaries are installed: the preferred `secapi` and the compatibility alias `omni-sec`.
|
|
21
103
|
|
|
22
104
|
```bash
|
|
23
|
-
secapi --version # prints the bare package version, e.g. 0.
|
|
24
|
-
secapi --help #
|
|
105
|
+
secapi --version # prints the bare package version, e.g. 1.0.1
|
|
106
|
+
secapi --help # short task-oriented help for common workflows
|
|
107
|
+
secapi help all # full command inventory
|
|
108
|
+
secapi examples # local starter workflows for humans and agents
|
|
109
|
+
secapi config show # local config/auth-source summary; no API request
|
|
110
|
+
secapi config profiles # list no-secret profiles; no API request
|
|
111
|
+
secapi doctor # checks base URL, auth source, health, account context, and MCP setup
|
|
112
|
+
secapi filings latest --help # command-specific help; no API request
|
|
113
|
+
secapi completion zsh # shell completions for secapi and omni-sec
|
|
114
|
+
```
|
|
115
|
+
|
|
116
|
+
Unknown commands fail locally with nearest-command suggestions, so a typo like
|
|
117
|
+
`secapi filings latset` points back to `secapi filings latest` without making an
|
|
118
|
+
API request.
|
|
119
|
+
|
|
120
|
+
Unknown option typos fail locally too, so `secapi filings search --limt 5`
|
|
121
|
+
points back to `--limit` before credentials are read or an API request is sent.
|
|
122
|
+
|
|
123
|
+
Preview high-impact mutating commands before they touch account state by adding
|
|
124
|
+
`--dry-run`. The CLI prints the method, endpoint, and JSON body locally without
|
|
125
|
+
reading credentials or making an API request:
|
|
126
|
+
|
|
127
|
+
```bash
|
|
128
|
+
secapi api-keys create --label local-dev --scopes read:sec --dry-run
|
|
129
|
+
secapi billing checkout --plan personal --dry-run
|
|
130
|
+
secapi webhooks create --destination-url https://example.com/hooks/sec --event-types artifact.created --dry-run
|
|
131
|
+
secapi streams create --event-types artifact.created --transport poll --dry-run
|
|
132
|
+
```
|
|
133
|
+
|
|
134
|
+
Supported dry-run previews: `api-keys create`, `billing budget`, `billing
|
|
135
|
+
checkout`, `billing portal`, `webhooks create`, `webhooks rotate-secret`,
|
|
136
|
+
`webhooks replay-delivery`, and `streams create`.
|
|
137
|
+
|
|
138
|
+
Boolean flags accept bare flags plus explicit `true`, `false`, `yes`, `no`,
|
|
139
|
+
`on`, `off`, `1`, and `0` values. Use `--include-v2=false` or `--print=false`
|
|
140
|
+
when generated commands need to force an opt-in flag off without changing the
|
|
141
|
+
command shape.
|
|
142
|
+
|
|
143
|
+
Write structured JSON or generated scripts directly to a file with
|
|
144
|
+
`--output <path>`, for example:
|
|
145
|
+
|
|
146
|
+
```bash
|
|
147
|
+
secapi agent-context --output secapi-cli-context.json
|
|
148
|
+
```
|
|
149
|
+
|
|
150
|
+
When you need diagnostics without breaking a stdout pipeline, add
|
|
151
|
+
`--request-summary`. The command response stays on stdout while a compact JSON
|
|
152
|
+
summary of method, path, status, request id, trace context, cost, token count,
|
|
153
|
+
cache status, maturity, and duration is written to stderr.
|
|
154
|
+
On nonzero exits, stderr includes the formatted error before the summary JSON.
|
|
155
|
+
|
|
156
|
+
```bash
|
|
157
|
+
secapi health --request-summary
|
|
158
|
+
```
|
|
159
|
+
|
|
160
|
+
Run `secapi doctor` when local setup is suspect. It reports the active base URL,
|
|
161
|
+
credential source names, API health, authenticated account context when
|
|
162
|
+
available, and the hosted MCP URL without printing credential values.
|
|
163
|
+
|
|
164
|
+
Run `secapi config show` when you only need the local CLI configuration. It
|
|
165
|
+
prints the active base URL, source names for configured credentials, and hosted
|
|
166
|
+
MCP URL without reading stdin, calling the API, or printing credential values.
|
|
167
|
+
|
|
168
|
+
Run `secapi config profiles` to list configured profiles, normalized base URLs,
|
|
169
|
+
credential environment variable names, and whether each referenced env var is
|
|
170
|
+
currently set. It is also local-only and never prints credential values.
|
|
171
|
+
|
|
172
|
+
Install shell completions by printing the script for your shell and wiring it
|
|
173
|
+
into that shell's normal completion loader:
|
|
174
|
+
|
|
175
|
+
```bash
|
|
176
|
+
mkdir -p ~/.zfunc && secapi completion zsh > ~/.zfunc/_secapi
|
|
177
|
+
echo 'fpath=(~/.zfunc $fpath); autoload -Uz compinit; compinit' >> ~/.zshrc
|
|
178
|
+
|
|
179
|
+
secapi completion bash > ~/.secapi-completion.bash
|
|
180
|
+
echo 'source ~/.secapi-completion.bash' >> ~/.bashrc
|
|
181
|
+
|
|
182
|
+
mkdir -p ~/.config/fish/completions
|
|
183
|
+
secapi completion fish > ~/.config/fish/completions/secapi.fish
|
|
25
184
|
```
|
|
26
185
|
|
|
27
186
|
## Five-minute Quickstart
|
|
28
187
|
|
|
29
|
-
|
|
188
|
+
Start local, then run five copy-paste API examples that exercise the core
|
|
189
|
+
surfaces:
|
|
190
|
+
|
|
191
|
+
```bash
|
|
192
|
+
secapi examples
|
|
193
|
+
secapi examples --json=false
|
|
194
|
+
```
|
|
195
|
+
|
|
196
|
+
The API examples read
|
|
30
197
|
`SECAPI_API_KEY` from the environment — credentials are never accepted as
|
|
31
198
|
argv flags (they leak through shell history); pipe them via `--api-key-stdin`
|
|
32
199
|
if you cannot set an env var.
|
|
33
200
|
|
|
201
|
+
Account-oriented commands keep JSON as the default for pipes and agents. In an
|
|
202
|
+
interactive terminal they render compact human summaries; pass `--json=false`
|
|
203
|
+
when you want that same summary explicitly:
|
|
204
|
+
|
|
205
|
+
```bash
|
|
206
|
+
secapi me --json=false
|
|
207
|
+
secapi billing show --json=false
|
|
208
|
+
secapi usage show --json=false
|
|
209
|
+
secapi limits show --json=false
|
|
210
|
+
```
|
|
211
|
+
|
|
34
212
|
```bash
|
|
35
213
|
# 1. Confirm auth and see your plan/limits
|
|
36
214
|
secapi me
|
|
@@ -48,6 +226,24 @@ secapi search semantic --q "revenue concentration risk" --ticker AAPL --mode hyb
|
|
|
48
226
|
secapi facts get --ticker AAPL --tag Assets --form 10-K
|
|
49
227
|
```
|
|
50
228
|
|
|
229
|
+
`secapi examples` is local-only. It prints a structured starter catalog by
|
|
230
|
+
default and a concise human version with `--json=false`. Portfolio and model
|
|
231
|
+
workflow examples include reusable `holdings.json`, `benchmark.json`, and
|
|
232
|
+
`model.json` templates so you can avoid fragile inline shell JSON.
|
|
233
|
+
|
|
234
|
+
## Trace Hydration
|
|
235
|
+
|
|
236
|
+
When filing-derived or source-backed responses include a trace reference, use
|
|
237
|
+
the CLI to hydrate the trace without switching back to curl or an SDK script.
|
|
238
|
+
|
|
239
|
+
```bash
|
|
240
|
+
# Resolve one trace id
|
|
241
|
+
secapi traces get --trace-id trc_...
|
|
242
|
+
|
|
243
|
+
# Batch resolve up to 50 trace ids
|
|
244
|
+
secapi traces list --ids trc_1,trc_2
|
|
245
|
+
```
|
|
246
|
+
|
|
51
247
|
## Search
|
|
52
248
|
|
|
53
249
|
```bash
|
|
@@ -63,7 +259,7 @@ secapi sections search --ticker AAPL --q risk --form 10-K
|
|
|
63
259
|
|
|
64
260
|
## Factor Quickstart
|
|
65
261
|
|
|
66
|
-
Use `--response-mode compact` when you are feeding an agent, LLM, notebook, or UI card and want the smallest useful payload. Add `--include trust` when you need freshness, methodology, and materialization metadata for citations or launch checks.
|
|
262
|
+
Use `--response-mode compact` when you are feeding an agent, LLM, notebook, or UI card and want the smallest useful payload. Add `--include trust` when you need freshness, methodology, and materialization metadata for citations or launch checks. Compact catalog responses still include readiness/proof summaries for catalog/tool-discovery calls, while the full trust/provenance envelope plus full methodology/materialization/revision/source-rights objects are available when auditors need them. The full trust envelope can be larger than a simple picker payload, so prefer compact mode for interactive discovery and expand only when you need citation-grade provenance.
|
|
67
263
|
|
|
68
264
|
```bash
|
|
69
265
|
# Factor catalog for picker UIs and agent tool discovery
|