npm - @sylphx/cli - Versions diffs - 0.7.5 → 0.8.0 - Mend

@sylphx/cli 0.7.5 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,29 @@
 # @sylphx/cli
+## 0.8.0
+### Minor Changes
+- [#1004](https://github.com/SylphxAI/platform/pull/1004) [`e51d39c`](https://github.com/SylphxAI/platform/commit/e51d39c47da0efd26c676f5908035e6c6b0fa3f7) Thanks [@shtse8](https://github.com/shtse8)! - Add `SYLPHX_TOKEN_FILE` as a non-interactive CLI auth source for local agent fleets, with explicit doctor/whoami reporting and hard-fail behavior when the configured token file is unreadable or empty.
+- [#759](https://github.com/SylphxAI/platform/pull/759) [`3257675`](https://github.com/SylphxAI/platform/commit/325767586a2fa5e53f00cd81e438d561d0e37c41) Thanks [@shtse8](https://github.com/shtse8)! - Align the Management SDK runners module with the contract-derived runner API surface.
+  Runner management methods now derive request paths, HTTP methods, input types, and result types from `@sylphx/contract`. The create input no longer advertises unsupported `labels` or `maxJobs` fields; callers should pass the contract-owned `name`, `platform`, and `arch` fields.
+  The `sylphx runners register` CLI command no longer exposes the unsupported `--labels` or `--max-jobs` flags and now submits only the contract-owned runner registration fields.
+### Patch Changes
+- Updated dependencies []:
+  - @sylphx/sdk@0.11.1
+## 0.7.6
+### Patch Changes
+- Updated dependencies [[`df3c86e`](https://github.com/SylphxAI/platform/commit/df3c86e210f165070ed1e2f715eeed11ece6f07b), [`af6c46f`](https://github.com/SylphxAI/platform/commit/af6c46fa785acf52da428d19db50da3d834ef873)]:
+  - @sylphx/sdk@0.11.0
 ## 0.7.5
 ### Patch Changes

package/README.md CHANGED Viewed

@@ -6,7 +6,7 @@
 The official CLI for the [Sylphx Platform](https://sylphx.com). Deploy and operate your applications across deployment, logs, env vars, domains, managed databases, object storage, monitoring, webhooks, feature flags, and more directly from your terminal.
-Full documentation: [sylphx.com/docs/cli](https://sylphx.com/docs/cli)
+Full documentation: [sylphx.com/docs](https://sylphx.com/docs)
 ## Installation
@@ -36,16 +36,17 @@ sylphx deploy
 ## Authentication
-The CLI supports two auth paths (ADR-059 + ADR-074):
+The CLI supports three auth paths (ADR-059 + ADR-074):
 | Mode | Use case | How |
 |---|---|---|
 | **OAuth device flow** (default) | Interactive dev | `sylphx login` — browser-backed device flow, 15-min access + 30-day refresh token stored at `~/.sylphx/config.json` (`0600`), auto-refresh built in |
 | **`SYLPHX_TOKEN` env var** | CI / CD / agents | `export SYLPHX_TOKEN=svc_...` — no login step, no disk write, stateless. Service tokens (`svc_*`, ADR-089 §2.10) or short-lived OAuth access JWTs (`eyJ…`) both work |
+| **`SYLPHX_TOKEN_FILE` env var** | Local agent fleets | `export SYLPHX_TOKEN_FILE=~/.config/sylphx/agent.token` — reads a raw token or dotenv-style `SYLPHX_TOKEN=...` from a local file, with the same stateless refresh behavior as `SYLPHX_TOKEN` |
 Legacy `slx_*` personal access tokens were eliminated 2026-04-21 (ADR-059 §1.4) and are no longer accepted by the API.
-Under ADR-059, OAuth tokens are stored as an atomic `{ accessToken, refreshToken, expiresAt }` triple with mode `0600` on disk. The refresh interceptor (`utils/oauth-refresh.ts`) transparently rotates the access token when it's within the refresh window; a failed refresh prompts re-login.
+Under ADR-059, OAuth tokens are stored as an atomic `{ accessToken, refreshToken, expiresAt, refreshExpiresAt }` credential with mode `0600` on disk. The refresh interceptor (`utils/oauth-refresh.ts`) transparently rotates the access token when it's within the refresh window; a failed refresh prompts re-login.
 ```bash
 # Interactive (developers)
@@ -57,6 +58,12 @@ sylphx logout
 export SYLPHX_TOKEN=svc_…
 sylphx whoami        # → "Auth: SYLPHX_TOKEN env var"
 sylphx deploy --env=production
+# Local agent fleet, shared shell, or secret-file handoff
+printf '%s\n' 'SYLPHX_TOKEN=svc_…' > ~/.config/sylphx/agent.token
+chmod 600 ~/.config/sylphx/agent.token
+export SYLPHX_TOKEN_FILE=~/.config/sylphx/agent.token
+sylphx whoami        # → "Auth: SYLPHX_TOKEN_FILE (...)"
 sylphx status --project=proj_abc123 --org=my-org
 sylphx logs --project=proj_abc123 --org=my-org --tail=100
 sylphx env set DATABASE_URL=postgres://... --project=proj_abc123 --org=my-org --secret
@@ -72,16 +79,22 @@ sylphx releases list --project=proj_abc123 --org=my-org
 ### Non-interactive use (CI / agents)
-Set `SYLPHX_TOKEN` and every CLI command honours it as a Bearer token —
-no `sylphx login`, no browser, no `~/.sylphx/config.json` write:
+Set `SYLPHX_TOKEN` or `SYLPHX_TOKEN_FILE` and every CLI command honours
+it as a Bearer token — no `sylphx login`, no browser, no
+`~/.sylphx/config.json` write:
-- The env var **wins** over any stored OAuth session — useful when a
-  developer's machine doubles as a CI runner.
-- The OAuth refresh interceptor is **skipped** when the env var is
+- `SYLPHX_TOKEN` **wins** over `SYLPHX_TOKEN_FILE`, and both win over any
+  stored OAuth session — useful when a developer's machine doubles as a
+  CI runner.
+- The OAuth refresh interceptor is **skipped** when external auth is
   active. Service tokens have no refresh token (rotate via `sylphx
   tokens rotate` instead); JWTs supplied here are operator-rotated.
 - Empty string (`SYLPHX_TOKEN=`) is treated as unset and falls back to
   the stored session — defends against misconfigured CI shell exports.
+- If `SYLPHX_TOKEN_FILE` is set but unreadable or empty, auth fails
+  loudly and does not fall back to a stored interactive session. This
+  prevents local agents from accidentally operating as the human logged
+  into the same machine.
 - The same `SYLPHX_TOKEN` GitHub Actions output minted by `sylphx ci
   github-actions` is the variable the CLI itself consumes. One contract,
   no shell glue.
@@ -103,7 +116,8 @@ Stored at `~/.sylphx/config.json`:
   "oauth": {
     "accessToken": "eyJ...",
     "refreshToken": "ref_...",
-    "expiresAt": "2026-04-23T15:00:00.000Z"
+    "expiresAt": "2026-04-23T15:00:00.000Z",
+    "refreshExpiresAt": "2026-05-23T15:00:00.000Z"
   },
   "defaultOrg": "my-org",
   "apps": {
@@ -123,6 +137,7 @@ Per-project deployment intent lives in `./sylphx.toml` (git-committable); the ho
 | Variable | Description |
 |---|---|
 | `SYLPHX_TOKEN` | Bearer token for non-interactive auth (CI / agents). Accepts `svc_*` service tokens or `eyJ…` OAuth access JWTs. Wins over any stored OAuth session; refresh interceptor is skipped (stateless). Empty string is treated as unset. |
+| `SYLPHX_TOKEN_FILE` | Path to a local file containing a raw token or `SYLPHX_TOKEN=...`. Used for local agent fleets and secret-file handoff. Used after `SYLPHX_TOKEN`, before stored OAuth; unreadable/empty files fail loudly instead of falling back. |
 | `SYLPHX_CONFIG_DIR` | Advanced automation override for the CLI config directory. Use in CI, tests, and hermetic agent sandboxes to avoid reading or writing the operator's real `~/.sylphx` credentials. |
 | `SYLPHX_API_URL` | Override API base URL (default: `https://sylphx.com`) |