@secapi/cli 1.0.2 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +52 -10
- package/dist/index.js +29450 -528
- package/package.json +12 -10
package/README.md
CHANGED
|
@@ -20,16 +20,53 @@ SECAPI_API_KEY="$SECAPI_API_KEY" bun packages/cli/src/index.ts me --json=false
|
|
|
20
20
|
printf "%s" "$SECAPI_API_KEY" | bun packages/cli/src/index.ts health --api-key-stdin
|
|
21
21
|
```
|
|
22
22
|
|
|
23
|
-
|
|
23
|
+
### Verify recipe (canonical gate)
|
|
24
|
+
|
|
25
|
+
Every CLI change must pass this six-command gate before review and before a Draft
|
|
26
|
+
PR is marked ready. Run it from the repo root:
|
|
24
27
|
|
|
25
28
|
```bash
|
|
26
|
-
bun --
|
|
29
|
+
bun install --frozen-lockfile
|
|
30
|
+
bun --filter @secapi/cli test # 128 black-box tests; the pipe-safe JSON contract
|
|
27
31
|
bun --filter @secapi/cli typecheck
|
|
28
|
-
bun run bench:cli-response-shape
|
|
29
|
-
bun run smoke:cli-release
|
|
32
|
+
bun run bench:cli-response-shape # cold-start latency + stdout byte caps (runs the source file)
|
|
33
|
+
bun run smoke:cli-release # packs + installs the tarball; asserts zero runtime deps + both bins
|
|
30
34
|
bun run scripts/validate/check_cli_doc_snippets.ts
|
|
31
35
|
```
|
|
32
36
|
|
|
37
|
+
### Interactive TUI (Ink)
|
|
38
|
+
|
|
39
|
+
Running `secapi` with no arguments in a real terminal (or `secapi chat` /
|
|
40
|
+
`secapi tui`) opens an interactive session built with
|
|
41
|
+
[Ink](https://github.com/vadimdemedes/ink) (React for CLIs) — *the trading desk
|
|
42
|
+
in your terminal*. Piped, redirected, `--json`, CI, and dumb-terminal
|
|
43
|
+
invocations keep the exact one-shot behavior, so agents and the gate above (all
|
|
44
|
+
non-TTY) are unaffected.
|
|
45
|
+
|
|
46
|
+
Inside the REPL:
|
|
47
|
+
|
|
48
|
+
- **Type any command** without the `secapi` prefix (e.g. `filings latest --ticker AAPL`); results render as themed cards with an inline cost footer.
|
|
49
|
+
- **`Tab`** opens a fuzzy command palette over all commands; **`shift+Tab`** cycles the run / plan / ask mode; **`↑/↓`** history; **`ctrl+l`** clear; **`ctrl+c`** aborts a running command then exits.
|
|
50
|
+
- **Slash commands:** `/help` `/login` `/logout` `/whoami` `/status` `/cost` `/theme` `/config` `/skills` `/personas` `/prompts` `/export` `/resume` `/sessions` `/clear` `/quit`.
|
|
51
|
+
- **Workflow shortcuts** (`/skills`): `/due-diligence AAPL`, `/analyze AAPL`, `/track-insiders AAPL`, `/factor-dashboard`, `/decompose AAPL`, `/footnotes AAPL`, `/factor-neutral`, `/regime-screen`, `/country-report US` — each expands the matching `@secapi/skills` workflow into a guided recipe of `secapi` commands (AI-metered steps flagged 💲).
|
|
52
|
+
- **Live cost meter** in the status line (`◷ $0.04 · 18 calls · 61% cache`); `/cost` for the session total.
|
|
53
|
+
- **Sessions** auto-save to `~/.config/secapi/sessions`; `/export [json|ndjson|md]`, `/resume`.
|
|
54
|
+
|
|
55
|
+
Other surfaces:
|
|
56
|
+
|
|
57
|
+
- **`secapi login`** verifies your key via `/v1/me` and saves a no-secret profile (it records *which env var* holds the key, never the value). `--print` previews without writing.
|
|
58
|
+
- **`config theme [<name>]`** / `--theme <name>` / `--accent <#rrggbb>` — 6 themes (`terminal`, `lights-out`, `light`, `xai`, `daltonized`, `ansi`), honoring `NO_COLOR`/`FORCE_COLOR`/`COLORTERM`.
|
|
59
|
+
- **`<command> --watch`** opens a live full-screen dashboard for watchable commands (`factors dashboard`, `factors extreme-moves`, `macro regimes`, `dilution score`, …); `--interval <seconds>`, `--once`. Non-TTY/`--json` run a single shot.
|
|
60
|
+
- **`secapi schedule add --when "every weekday 7am" --run "filings latest --ticker AAPL"`** persists NL schedules (`schedule list`/`remove`/`run-due`) to wire into cron/launchd.
|
|
61
|
+
|
|
62
|
+
Ink and React are **devDependencies only** — the build bundles them into the
|
|
63
|
+
single `dist/index.js`, so the published package keeps `dependencies: {}` and
|
|
64
|
+
installs instantly (the `smoke:cli-release` gate enforces this). The interactive
|
|
65
|
+
code is reached via a dynamic `import()` so one-shot startup never pays
|
|
66
|
+
React/Ink's cost. Test interactive components with Ink's injected-stream
|
|
67
|
+
rendering (`render(tree, { stdout, stdin })`) — deterministic and PTY-free (no
|
|
68
|
+
native `node-pty` dependency, which also keeps the API Docker image build clean).
|
|
69
|
+
|
|
33
70
|
`bun run bench:cli-response-shape` exercises representative local-only help,
|
|
34
71
|
example, config, and agent discovery commands with no credentials and fails if
|
|
35
72
|
their latency or output size drifts past conservative agent-friendly budgets.
|
|
@@ -40,10 +77,6 @@ Run `bun run scripts/validate/check_cli_doc_snippets.ts` whenever CLI examples,
|
|
|
40
77
|
command names, or public Mintlify snippets change; it rewrites
|
|
41
78
|
`ops/docs-health/cli-doc-snippets/latest.json`.
|
|
42
79
|
|
|
43
|
-
Release order: publish `@secapi/sdk-js@1.0.2` before `@secapi/cli@1.0.2`.
|
|
44
|
-
The CLI package depends on `@secapi/sdk-js@^1.0.2`; validating the CLI against a
|
|
45
|
-
local sibling SDK is not enough until the SDK version is available on npm.
|
|
46
|
-
|
|
47
80
|
## Connect an agent
|
|
48
81
|
|
|
49
82
|
Wire the hosted MCP server into your agent client in one command:
|
|
@@ -106,7 +139,7 @@ secapi config profiles
|
|
|
106
139
|
Two binaries are installed: the preferred `secapi` and the compatibility alias `omni-sec`.
|
|
107
140
|
|
|
108
141
|
```bash
|
|
109
|
-
secapi --version # prints the bare package version, e.g. 1.0
|
|
142
|
+
secapi --version # prints the bare package version, e.g. 1.2.0
|
|
110
143
|
secapi --help # short task-oriented help for common workflows
|
|
111
144
|
secapi help all # full command inventory
|
|
112
145
|
secapi examples # local starter workflows for humans and agents
|
|
@@ -137,7 +170,7 @@ secapi streams create --event-types artifact.created --transport poll --dry-run
|
|
|
137
170
|
|
|
138
171
|
Supported dry-run previews: `api-keys create`, `billing budget`, `billing
|
|
139
172
|
checkout`, `billing portal`, `webhooks create`, `webhooks rotate-secret`,
|
|
140
|
-
`webhooks replay-delivery`, and `streams create`.
|
|
173
|
+
`webhooks test`, `webhooks replay-delivery`, and `streams create`.
|
|
141
174
|
|
|
142
175
|
Boolean flags accept bare flags plus explicit `true`, `false`, `yes`, `no`,
|
|
143
176
|
`on`, `off`, `1`, and `0` values. Use `--include-v2=false` or `--print=false`
|
|
@@ -165,6 +198,15 @@ Run `secapi doctor` when local setup is suspect. It reports the active base URL,
|
|
|
165
198
|
credential source names, API health, authenticated account context when
|
|
166
199
|
available, and the hosted MCP URL without printing credential values.
|
|
167
200
|
|
|
201
|
+
Run `secapi support bundle` when you need a copy-paste packet for support or an
|
|
202
|
+
agent handoff. It combines local config, `doctor` checks, request summaries, and
|
|
203
|
+
optional request drilldown into one JSON object while recursively redacting
|
|
204
|
+
credential values:
|
|
205
|
+
|
|
206
|
+
```bash
|
|
207
|
+
secapi support bundle --request-id req_...
|
|
208
|
+
```
|
|
209
|
+
|
|
168
210
|
Run `secapi config show` when you only need the local CLI configuration. It
|
|
169
211
|
prints the active base URL, source names for configured credentials, and hosted
|
|
170
212
|
MCP URL without reading stdin, calling the API, or printing credential values.
|