npm - @skillrecordings/cli - Versions diffs - 0.14.2 → 0.14.3 - Mend

@skillrecordings/cli 0.14.2 → 0.14.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/.env.encrypted +0 -0
package/dist/{chunk-FT5L3SDS.js → chunk-A5RBWKVF.js} +8 -8
package/dist/chunk-JMAMXCWW.js +192 -0
package/dist/chunk-JMAMXCWW.js.map +1 -0
package/dist/{chunk-RA5G6CYF.js → chunk-L6YTBYNV.js} +11 -11
package/dist/{config-AKU2GEMV.js → config-44V5DJBS.js} +5 -5
package/dist/crypto-MTXIOCYL.js +23 -0
package/dist/crypto-MTXIOCYL.js.map +1 -0
package/dist/index.js +141 -200
package/dist/index.js.map +1 -1
package/dist/{pipeline-MJVBAX5W.js → pipeline-FGI6ICWM.js} +4 -4
package/dist/secrets-MGVPGMFJ.js +14 -0
package/dist/secrets-MGVPGMFJ.js.map +1 -0
package/package.json +2 -2
/package/dist/{chunk-FT5L3SDS.js.map → chunk-A5RBWKVF.js.map} +0 -0
/package/dist/{chunk-RA5G6CYF.js.map → chunk-L6YTBYNV.js.map} +0 -0
/package/dist/{config-AKU2GEMV.js.map → config-44V5DJBS.js.map} +0 -0
/package/dist/{pipeline-MJVBAX5W.js.map → pipeline-FGI6ICWM.js.map} +0 -0

package/dist/index.js CHANGED Viewed

@@ -1,23 +1,4 @@
 #!/usr/bin/env bun
-import {
-  createFilterStats,
-  formatFilterStats,
-  shouldFilter,
-  updateFilterStats
-} from "./chunk-5ACOI6Z3.js";
-import {
-  Blob as Blob2,
-  File as File2,
-  isFile,
-  isFunction
-} from "./chunk-PWWRCN5W.js";
-import {
-  SUPPORT_AGENT_PROMPT,
-  getApp,
-  getOutcomeHistory,
-  getRedis
-} from "./chunk-RA5G6CYF.js";
-import "./chunk-F4EM72IH.js";
 import {
   DEFAULT_CATEGORY_TAG_MAPPING,
   FrontApiError,
@@ -39,15 +20,44 @@ import {
   runPipeline,
   validate,
   validateSync
-} from "./chunk-FT5L3SDS.js";
-import "./chunk-KEV3QKXP.js";
+} from "./chunk-A5RBWKVF.js";
 import "./chunk-HK3PEWFD.js";
+import {
+  createFilterStats,
+  formatFilterStats,
+  shouldFilter,
+  updateFilterStats
+} from "./chunk-5ACOI6Z3.js";
+import {
+  Blob as Blob2,
+  File as File2,
+  isFile,
+  isFunction
+} from "./chunk-PWWRCN5W.js";
+import {
+  SUPPORT_AGENT_PROMPT,
+  getApp,
+  getOutcomeHistory,
+  getRedis
+} from "./chunk-L6YTBYNV.js";
+import "./chunk-KEV3QKXP.js";
+import "./chunk-ZNF7XD2S.js";
+import {
+  upsertVector
+} from "./chunk-H3D6VCME.js";
+import "./chunk-F4EM72IH.js";
 import "./chunk-WYKL32C3.js";
 import {
   MemoryService,
   VotingService,
   calculateConfidence
 } from "./chunk-MLNDSBZ4.js";
+import "./chunk-MG37YDAK.js";
+import {
+  OnePasswordProvider,
+  SECRET_REFS,
+  createSecretsProvider
+} from "./chunk-JMAMXCWW.js";
 import {
   ActionsTable,
   AppsTable,
@@ -62,11 +72,6 @@ import {
   or,
   sql
 } from "./chunk-V34YUISF.js";
-import "./chunk-ZNF7XD2S.js";
-import {
-  upsertVector
-} from "./chunk-H3D6VCME.js";
-import "./chunk-MG37YDAK.js";
 import {
   __commonJS,
   __dirname,
@@ -74567,6 +74572,29 @@ async function copy(src, dest) {
   await cp(src, dest, { recursive: true, force: true });
 }
+// src/core/user-config.ts
+var USER_CONFIG_DIR_NAME = "skill";
+var USER_CONFIG_PATHS = {
+  /** Age encryption private key file */
+  ageKey: "age.key",
+  /** Encrypted environment variables file */
+  envEncrypted: ".env.user.encrypted",
+  /** Optional plaintext config file */
+  configJson: "config.json"
+};
+function getUserConfigDir(configDir) {
+  if (configDir) return configDir;
+  const xdgConfigHome = process.env.XDG_CONFIG_HOME;
+  if (xdgConfigHome && xdgConfigHome.trim() !== "") {
+    return join(xdgConfigHome, USER_CONFIG_DIR_NAME);
+  }
+  const home = homedir() || process.env.HOME || "/tmp";
+  return join(home, ".config", USER_CONFIG_DIR_NAME);
+}
+function getUserConfigPath(fileName, configDir) {
+  return join(getUserConfigDir(configDir), fileName);
+}
 // src/core/config-loader.ts
 function parseEnvContent(content) {
   const env = {};
@@ -74582,7 +74610,85 @@ function parseEnvContent(content) {
   }
   return env;
 }
+async function decryptEnvFile(encryptedPath) {
+  const { existsSync: existsSync15 } = await import("fs");
+  const { readFile: readFile10 } = await import("fs/promises");
+  if (!existsSync15(encryptedPath)) {
+    return {};
+  }
+  const ageKey = await getAgeKeyFrom1Password();
+  if (!ageKey) {
+    return {};
+  }
+  try {
+    const { decrypt } = await import("./crypto-MTXIOCYL.js");
+    const encrypted = await readFile10(encryptedPath);
+    const decrypted = await decrypt(encrypted, ageKey);
+    return parseEnvContent(decrypted);
+  } catch {
+    return {};
+  }
+}
+async function getAgeKeyFrom1Password() {
+  if (!process.env.OP_SERVICE_ACCOUNT_TOKEN) {
+    return null;
+  }
+  try {
+    const { OnePasswordProvider: OnePasswordProvider2 } = await import("./secrets-MGVPGMFJ.js");
+    const op = new OnePasswordProvider2();
+    if (!await op.isAvailable()) {
+      return null;
+    }
+    return await op.resolve("op://Support/skill-cli-age-key/private_key");
+  } catch {
+    return null;
+  }
+}
+async function loadShippedDefaults(cliRoot2) {
+  const encryptedPath = resolve(cliRoot2, ".env.encrypted");
+  try {
+    return await decryptEnvFile(encryptedPath);
+  } catch {
+    return {};
+  }
+}
+async function loadUserOverrides(configDir) {
+  const encryptedPath = getUserConfigPath(
+    USER_CONFIG_PATHS.envEncrypted,
+    configDir
+  );
+  try {
+    return await decryptEnvFile(encryptedPath);
+  } catch {
+    return {};
+  }
+}
+async function loadConfigChain(cliRoot2, configDir) {
+  const root2 = cliRoot2 ?? resolve(import.meta.dirname, "../..");
+  const shipped = await loadShippedDefaults(root2);
+  const user = await loadUserOverrides(configDir);
+  const env = {};
+  const provenance = /* @__PURE__ */ new Map();
+  for (const [key, value] of Object.entries(shipped)) {
+    env[key] = value;
+    provenance.set(key, "shipped");
+  }
+  for (const [key, value] of Object.entries(user)) {
+    env[key] = value;
+    provenance.set(key, "user");
+  }
+  return { env, provenance };
+}
 var globalProvenance = /* @__PURE__ */ new Map();
+async function initConfig(cliRoot2, configDir) {
+  const result = await loadConfigChain(cliRoot2, configDir);
+  globalProvenance = result.provenance;
+  for (const [key, value] of Object.entries(result.env)) {
+    if (!process.env[key]) {
+      process.env[key] = value;
+    }
+  }
+}
 function getKeyProvenance(key) {
   return globalProvenance.get(key);
 }
@@ -74857,172 +74963,6 @@ var TableFormatter = class extends BaseFormatter {
   }
 };
-// src/core/secrets.ts
-init_esm_shims();
-// src/core/secret-refs.ts
-init_esm_shims();
-var SECRET_REFS = {
-  DATABASE_URL: "op://Support/skill-cli/DATABASE_URL",
-  FRONT_API_TOKEN: "op://Support/skill-cli/FRONT_API_TOKEN",
-  FRONT_WEBHOOK_SECRET: "op://Support/skill-cli/FRONT_WEBHOOK_SECRET",
-  SUPPORT_WEBHOOK_SECRET: "op://Support/skill-cli/SUPPORT_WEBHOOK_SECRET",
-  INNGEST_SIGNING_KEY: "op://Support/skill-cli/INNGEST_SIGNING_KEY",
-  INNGEST_EVENT_KEY: "op://Support/skill-cli/INNGEST_EVENT_KEY",
-  SLACK_BOT_TOKEN: "op://Support/skill-cli/SLACK_BOT_TOKEN",
-  SLACK_SIGNING_SECRET: "op://Support/skill-cli/SLACK_SIGNING_SECRET",
-  SLACK_APPROVAL_CHANNEL: "op://Support/skill-cli/SLACK_APPROVAL_CHANNEL",
-  UPSTASH_REDIS_REST_URL: "op://Support/skill-cli/UPSTASH_REDIS_REST_URL",
-  UPSTASH_REDIS_REST_TOKEN: "op://Support/skill-cli/UPSTASH_REDIS_REST_TOKEN",
-  UPSTASH_VECTOR_REST_URL: "op://Support/skill-cli/UPSTASH_VECTOR_REST_URL",
-  UPSTASH_VECTOR_REST_TOKEN: "op://Support/skill-cli/UPSTASH_VECTOR_REST_TOKEN",
-  STRIPE_SECRET_KEY: "op://Support/skill-cli/STRIPE_SECRET_KEY",
-  STRIPE_CONNECT_CLIENT_ID: "op://Support/skill-cli/STRIPE_CONNECT_CLIENT_ID",
-  STRIPE_WEBHOOK_SECRET: "op://Support/skill-cli/STRIPE_WEBHOOK_SECRET",
-  AXIOM_TOKEN: "op://Support/skill-cli/AXIOM_TOKEN",
-  LANGFUSE_PUBLIC_KEY: "op://Support/skill-cli/LANGFUSE_PUBLIC_KEY",
-  LANGFUSE_SECRET_KEY: "op://Support/skill-cli/LANGFUSE_SECRET_KEY",
-  BETTERAUTH_SECRET: "op://Support/skill-cli/BETTERAUTH_SECRET",
-  MYSQL_HOST: "op://Support/skill-cli/MYSQL_HOST",
-  MYSQL_PORT: "op://Support/skill-cli/MYSQL_PORT",
-  MYSQL_USER: "op://Support/skill-cli/MYSQL_USER",
-  MYSQL_PASSWORD: "op://Support/skill-cli/MYSQL_PASSWORD",
-  MYSQL_DATABASE: "op://Support/skill-cli/MYSQL_DATABASE",
-  QDRANT_URL: "op://Support/skill-cli/QDRANT_URL",
-  QDRANT_COLLECTION: "op://Support/skill-cli/QDRANT_COLLECTION",
-  OLLAMA_BASE_URL: "op://Support/skill-cli/OLLAMA_BASE_URL",
-  EMBEDDING_MODEL: "op://Support/skill-cli/EMBEDDING_MODEL",
-  AGE_SECRET_KEY: "op://Support/skill-cli-age-key/private_key"
-};
-// src/core/secrets.ts
-var REF_TO_ENV_KEY = new Map(
-  Object.entries(SECRET_REFS).map(([envKey, ref]) => [ref, envKey])
-);
-var OnePasswordProvider = class {
-  name = "1password";
-  cache = /* @__PURE__ */ new Map();
-  clientPromise;
-  sdkPromise;
-  integrationName;
-  integrationVersion;
-  constructor(options = {}) {
-    this.integrationName = options.integrationName ?? "skill-cli";
-    this.integrationVersion = options.integrationVersion ?? "0.0.0";
-  }
-  async isAvailable() {
-    if (!process.env.OP_SERVICE_ACCOUNT_TOKEN) {
-      return false;
-    }
-    try {
-      await this.getClient();
-      return true;
-    } catch {
-      return false;
-    }
-  }
-  async resolve(ref) {
-    if (this.cache.has(ref)) {
-      return this.cache.get(ref);
-    }
-    const client = await this.getClient();
-    const secretsClient = client.secrets;
-    const value = await secretsClient.resolve(ref);
-    if (!value) {
-      throw new Error(`1Password returned empty secret for ${ref}`);
-    }
-    this.cache.set(ref, value);
-    return value;
-  }
-  async resolveAll(refs) {
-    if (refs.length === 0) {
-      return {};
-    }
-    const client = await this.getClient();
-    const secrets = await this.resolveAllWithClient(client, refs);
-    for (const [ref, value] of Object.entries(secrets)) {
-      this.cache.set(ref, value);
-    }
-    return secrets;
-  }
-  async getClient() {
-    if (this.clientPromise) {
-      return this.clientPromise;
-    }
-    const token = process.env.OP_SERVICE_ACCOUNT_TOKEN;
-    if (!token) {
-      throw new Error("OP_SERVICE_ACCOUNT_TOKEN not set");
-    }
-    const { createClient } = await this.getSdk();
-    this.clientPromise = createClient({
-      auth: token,
-      integrationName: this.integrationName,
-      integrationVersion: this.integrationVersion
-    });
-    return this.clientPromise;
-  }
-  async getSdk() {
-    if (this.sdkPromise) {
-      return this.sdkPromise;
-    }
-    this.sdkPromise = import("@1password/sdk");
-    return this.sdkPromise;
-  }
-  async resolveAllWithClient(client, refs) {
-    const secretsClient = client.secrets;
-    if (typeof secretsClient.resolveAll === "function") {
-      const resolved = await secretsClient.resolveAll(refs);
-      if (Array.isArray(resolved)) {
-        const entries2 = resolved.map((item) => {
-          if (item && typeof item === "object" && "reference" in item && "value" in item) {
-            return [
-              item.reference,
-              String(item.value)
-            ];
-          }
-          return null;
-        }).filter((entry) => Boolean(entry));
-        return Object.fromEntries(entries2);
-      }
-      return resolved;
-    }
-    const entries = await Promise.all(
-      refs.map(async (ref) => [ref, await this.resolve(ref)])
-    );
-    return Object.fromEntries(entries);
-  }
-};
-var EnvProvider = class {
-  name = "env";
-  async isAvailable() {
-    return true;
-  }
-  async resolve(ref) {
-    const envKey = REF_TO_ENV_KEY.get(ref);
-    if (!envKey) {
-      throw new Error(`No env mapping found for secret ref: ${ref}`);
-    }
-    const value = process.env[envKey];
-    if (!value) {
-      throw new Error(`Missing environment secret for ${envKey}`);
-    }
-    return value;
-  }
-  async resolveAll(refs) {
-    const entries = await Promise.all(
-      refs.map(async (ref) => [ref, await this.resolve(ref)])
-    );
-    return Object.fromEntries(entries);
-  }
-};
-async function createSecretsProvider() {
-  const onePassword = new OnePasswordProvider();
-  if (await onePassword.isAvailable()) {
-    return onePassword;
-  }
-  return new EnvProvider();
-}
 // src/core/context.ts
 async function createContext(overrides = {}) {
   const signal = overrides.signal ?? new AbortController().signal;
@@ -77088,16 +77028,16 @@ import { existsSync as existsSync3, mkdirSync, writeFileSync as writeFileSync3 }
 import { homedir as homedir2 } from "os";
 import { join as join2 } from "path";
 import { generateIdentity, identityToRecipient } from "age-encryption";
-function getUserConfigDir() {
+function getUserConfigDir2() {
   return join2(homedir2(), ".config", "skill");
 }
 function getAgeKeyPath() {
-  return join2(getUserConfigDir(), "age.key");
+  return join2(getUserConfigDir2(), "age.key");
 }
 async function configInitAction(ctx, options = {}) {
   const outputJson = options.json === true || ctx.format === "json";
   const keyPath = getAgeKeyPath();
-  const configDir = getUserConfigDir();
+  const configDir = getUserConfigDir2();
   if (existsSync3(keyPath) && !options.force) {
     const result = {
       success: false,
@@ -77158,7 +77098,7 @@ init_esm_shims();
 import { existsSync as existsSync4, readFileSync as readFileSync2, writeFileSync as writeFileSync4 } from "fs";
 import { Decrypter, Encrypter, identityToRecipient as identityToRecipient2 } from "age-encryption";
 function getEncryptedConfigPath() {
-  return `${getUserConfigDir()}/.env.user.encrypted`;
+  return `${getUserConfigDir2()}/.env.user.encrypted`;
 }
 function parseKeyValue(input2) {
   const match = input2.match(/^([A-Z_][A-Z0-9_]*)=(.*)$/);
@@ -81270,7 +81210,7 @@ async function runValidateEval(ctx, scenarios, options) {
   return results;
 }
 async function runE2EEval(ctx, scenarios, options) {
-  const { runPipeline: runPipeline2 } = await import("./pipeline-MJVBAX5W.js");
+  const { runPipeline: runPipeline2 } = await import("./pipeline-FGI6ICWM.js");
   const concurrency = options.parallel || 1;
   let completed = 0;
   const outputJson = options.outputJson ?? false;
@@ -117427,7 +117367,7 @@ var handlePipelineError = (ctx, error, message, suggestion = "Verify inputs and
 async function runPipelineCommand(ctx, opts) {
   const outputJson = opts.json === true || ctx.format === "json";
   try {
-    const { runPipeline: runPipeline2 } = await import("./pipeline-MJVBAX5W.js");
+    const { runPipeline: runPipeline2 } = await import("./pipeline-FGI6ICWM.js");
     const result = await runPipeline2({
       message: {
         subject: opts.subject,
@@ -119890,6 +119830,7 @@ function createMcpServer(options = {}) {
 // src/index.ts
 var cliRoot = resolve8(import.meta.dirname, "..");
+await initConfig(cliRoot);
 var plaintextEnv = loadPlaintextEnv(cliRoot);
 var envLoaded = false;
 for (const [key, value] of Object.entries(plaintextEnv)) {
@@ -119902,8 +119843,8 @@ if (!envLoaded && !process.env.DATABASE_URL) {
   process.env.SKIP_ENV_VALIDATION = "1";
 }
 var runtimeTarget = `bun-${process.platform}-${process.arch}`;
-var buildVersion = "0.14.2".length > 0 ? "0.14.2" : "0.0.0-dev";
-var buildCommit = "6c31f79".length > 0 ? "6c31f79" : "dev";
+var buildVersion = "0.14.3".length > 0 ? "0.14.3" : "0.0.0-dev";
+var buildCommit = "ba0a512".length > 0 ? "ba0a512" : "dev";
 var buildTarget = "node".length > 0 ? "node" : runtimeTarget;
 var isDevBuild = buildVersion.includes("dev") || buildCommit === "dev";
 var versionLabel = `skill v${buildVersion} (${buildCommit}) ${buildTarget}`;