@skillrecordings/cli 0.18.1 → 0.19.0

package/README.md

@@ -2,6 +2,20 @@
 
 CLI for the support platform. Agent-friendly with non-interactive defaults.
 
+## Install
+
+```bash
+curl -fsSL https://raw.githubusercontent.com/skillrecordings/support/main/packages/cli/install.sh | bash
+```
+
+Installs to `~/.local/bin/skill`. Add to your PATH if needed:
+
+```bash
+echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.zshrc && source ~/.zshrc
+```
+
+After install, run `skill auth setup` to configure credentials.
+
 ## Usage
 
 ```bash
@@ -14,6 +28,38 @@ skill <command> [options]
 All commands support `--json` for machine-readable output and reliable exit
 codes.
 
+## 1Password Quickstart (60 seconds)
+
+If you already have access to the Support vault:
+
+```bash
+# 1) Install required CLI
+brew install 1password-cli
+
+# 2) Optional but recommended: cache OP token in local secrets CLI
+secrets add skill_support_1password_service_account_token
+
+# 3) Run one setup command
+skill auth setup
+
+# 4) Verify
+skill doctor
+```
+
+Notes:
+- `secrets` CLI is optional. If missing, `skill auth setup` falls back to `op signin`.
+- Setup writes `SKILL_AGE_KEY` to `~/.config/skill/age.key` so `.env.encrypted` works without keychain.
+
+## OAuth Broker Spike
+
+Use this to inspect the planned GitHub OAuth + broker auth model that reduces
+local dependencies for team members:
+
+```bash
+skill auth oauth-spike
+skill auth oauth-spike --json
+```
+
 ## Adaptive Hints
 
 The CLI prints adaptive onboarding/discovery hints to `stderr` for new users.
@@ -206,7 +252,7 @@ The CLI uses a layered secrets system:
 1Password (OP_SERVICE_ACCOUNT_TOKEN set?)
     ↓ yes → resolve from 1Password vault
     ↓ no
-.env.encrypted exists + AGE_SECRET_KEY available?
+.env.encrypted exists + SKILL_AGE_KEY available?
     ↓ yes → decrypt and load
     ↓ no
 .env.local exists?
@@ -241,7 +287,7 @@ op item edit "skill-cli" --vault "Support" "MY_NEW_KEY=your-secret-value"
 
 ```bash
 # Decrypt current secrets
-AGE_KEY=$(op read "op://Support/skill-cli-age-key/password")
+AGE_KEY=$(op read "op://Support/skill-cli-age-key/private_key")
 age -d -i <(echo "$AGE_KEY") .env.encrypted > .env.local
 
 # Add new secret to .env.local
@@ -269,7 +315,7 @@ git commit -m "chore(cli): add MY_NEW_KEY secret"
 op item edit "skill-cli" --vault "Support" "MY_KEY=new-value"
 
 # 2. Update .env.encrypted (same process as adding)
-AGE_KEY=$(op read "op://Support/skill-cli-age-key/password")
+AGE_KEY=$(op read "op://Support/skill-cli-age-key/private_key")
 age -d -i <(echo "$AGE_KEY") .env.encrypted > .env.local
 
 # Edit .env.local with new value
@@ -301,7 +347,7 @@ skill auth setup
 | Item | Location |
 |------|----------|
 | Secrets | `op://Support/skill-cli/*` |
-| Age keypair | `op://Support/skill-cli-age-key/password` |
+| Age keypair | `op://Support/skill-cli-age-key/private_key` |
 | Encrypted env | `packages/cli/.env.encrypted` |
 | Secret refs | `packages/cli/src/core/secret-refs.ts` |
 
@@ -311,7 +357,7 @@ For CI environments without 1Password:
 
 ```bash
 # Set age key as CI secret, then:
-echo "$AGE_SECRET_KEY" > /tmp/age.key
+echo "$SKILL_AGE_KEY" > /tmp/age.key
 age -d -i /tmp/age.key .env.encrypted > .env.local
 rm /tmp/age.key
 ```

package/dist/{chunk-ZCWCT4ES.js → chunk-F3WI3BN5.js}

@@ -11,7 +11,7 @@ import {
 import {
   Redis2,
   log
-} from "./chunk-KEV3QKXP.js";
+} from "./chunk-HKRLO2GE.js";
 import {
   queryVectors
 } from "./chunk-H3D6VCME.js";
@@ -3560,7 +3560,7 @@ ${message.body}
 ---
 Write your response:`;
   if (useAgentMode && appId) {
-    const { runSupportAgent } = await import("./config-6PEJQQJY.js");
+    const { runSupportAgent } = await import("./config-HHQF5U6R.js");
     await log("debug", "draft using agent mode", {
       workflow: "pipeline",
       step: "draft",
@@ -7096,4 +7096,4 @@ export {
   runPipeline,
   runThreadPipeline
 };
-//# sourceMappingURL=chunk-ZCWCT4ES.js.map
+//# sourceMappingURL=chunk-F3WI3BN5.js.map

package/dist/{chunk-LV53JZHC.js → chunk-GNPR4OKX.js}

@@ -5,7 +5,7 @@ import {
   traceMemoryStore,
   traceMemoryVote,
   traceWorkflowStep
-} from "./chunk-KEV3QKXP.js";
+} from "./chunk-HKRLO2GE.js";
 import {
   MemoryService,
   VotingService,
@@ -15606,4 +15606,4 @@ export {
   DEFAULT_AGENT_MODEL,
   runSupportAgent
 };
-//# sourceMappingURL=chunk-LV53JZHC.js.map
+//# sourceMappingURL=chunk-GNPR4OKX.js.map

package/dist/{chunk-KEV3QKXP.js → chunk-HKRLO2GE.js}

@@ -6,6 +6,24 @@ import {
 init_esm_shims();
 import { Axiom } from "@axiomhq/js";
 var axiomClient = null;
+var hasLoggedTransientAxiomIngestWarning = false;
+function isTransientAxiomIngestError(error) {
+  if (!(error instanceof Error)) return false;
+  const message = error.message || "";
+  return error instanceof SyntaxError && message.includes("Unexpected end of JSON input") || error.name === "TimeoutError" || message.includes("The operation timed out");
+}
+function handleAxiomError(error, context) {
+  if (isTransientAxiomIngestError(error)) {
+    if (!hasLoggedTransientAxiomIngestWarning) {
+      hasLoggedTransientAxiomIngestWarning = true;
+      console.warn(
+        "[Axiom] Transient ingest response issue detected; suppressing repeated warnings"
+      );
+    }
+    return;
+  }
+  console.error(`[Axiom] Failed to ${context}:`, error);
+}
 async function sendTrace(trace) {
   if (!axiomClient) {
     return;
@@ -17,7 +35,7 @@ async function sendTrace(trace) {
       ...trace
     });
   } catch (error) {
-    console.error("[Axiom] Failed to send trace:", error);
+    handleAxiomError(error, "send trace");
   }
 }
 async function log(level, message, metadata) {
@@ -4492,4 +4510,4 @@ export {
   traceMemoryCite,
   Redis2
 };
-//# sourceMappingURL=chunk-KEV3QKXP.js.map
+//# sourceMappingURL=chunk-HKRLO2GE.js.map