@tenderprompt/cli 0.1.11 → 0.1.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +69 -8
- package/dist/index.js +703 -275
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -34,6 +34,8 @@ session:
|
|
|
34
34
|
- build and preview a commit through the Tender API
|
|
35
35
|
- publish only after a dry run or explicit `--confirm publish`
|
|
36
36
|
- inspect artifact-scoped analytics without SQL or platform credentials
|
|
37
|
+
- inspect artifact-scoped app database tables, schema, and bounded read-only
|
|
38
|
+
query output
|
|
37
39
|
- run server-validated chart specs and export aggregate rows
|
|
38
40
|
- generate starter analytics suggestions
|
|
39
41
|
- create, list, update, and delete saved analytics dashboards and charts, with
|
|
@@ -87,6 +89,8 @@ TTL values are intentionally bounded:
|
|
|
87
89
|
|
|
88
90
|
Use `--profile publish` only when the token should be allowed to publish.
|
|
89
91
|
Publish still requires explicit confirmation with `--confirm publish`.
|
|
92
|
+
Use `--profile db-read --artifact <app-id>` for read-only app database
|
|
93
|
+
inspection.
|
|
90
94
|
|
|
91
95
|
Credential precedence is explicit-first:
|
|
92
96
|
|
|
@@ -128,6 +132,10 @@ tender app validate artifact_123 --json
|
|
|
128
132
|
tender app build artifact_123 --commit "$(git rev-parse HEAD)" --json
|
|
129
133
|
tender app preview artifact_123 --commit "$(git rev-parse HEAD)" --stream --json
|
|
130
134
|
tender app publish artifact_123 --dry-run --json
|
|
135
|
+
tender app db capabilities artifact_123 --json
|
|
136
|
+
tender app db tables artifact_123 --json
|
|
137
|
+
tender app db schema artifact_123 --table votes --json
|
|
138
|
+
tender app db query artifact_123 --sql "select * from votes limit 20" --json
|
|
131
139
|
```
|
|
132
140
|
|
|
133
141
|
## Analytics
|
|
@@ -169,7 +177,7 @@ tender app analytics suggestions artifact_123 --range 30d --json
|
|
|
169
177
|
|
|
170
178
|
tender app analytics charts templates --json
|
|
171
179
|
|
|
172
|
-
tender app analytics
|
|
180
|
+
tender app analytics properties list artifact_123 --json
|
|
173
181
|
```
|
|
174
182
|
|
|
175
183
|
Safe write previews:
|
|
@@ -177,7 +185,7 @@ Safe write previews:
|
|
|
177
185
|
```bash
|
|
178
186
|
tender app analytics dashboards artifact_123 --create "Agent dashboard" --dry-run --json
|
|
179
187
|
|
|
180
|
-
tender app analytics
|
|
188
|
+
tender app analytics properties activate artifact_123 \
|
|
181
189
|
--event signup_started \
|
|
182
190
|
--property plan \
|
|
183
191
|
--type dimension \
|
|
@@ -217,14 +225,65 @@ inspection. For example, inspect where the app calls
|
|
|
217
225
|
`__TP_ANALYTICS.invoke(...)`, propose a chart spec, validate it with
|
|
218
226
|
`analytics query`, and only then create a saved chart.
|
|
219
227
|
Use `charts templates --json` for reusable chart shapes; adapt any placeholders
|
|
220
|
-
to observed events, paths, or
|
|
221
|
-
Property group-bys and property metrics need
|
|
222
|
-
and `charts update` activate
|
|
223
|
-
|
|
224
|
-
`
|
|
228
|
+
to observed events, paths, or queryable property keys before querying or saving.
|
|
229
|
+
Property group-bys and property metrics need the custom event property to be
|
|
230
|
+
available for dashboard queries; `charts create` and `charts update` activate
|
|
231
|
+
missing properties automatically when the spec includes an `event_name = ...`
|
|
232
|
+
filter. `analytics query` is read-only, so use
|
|
233
|
+
`properties activate` first when trying an ad hoc property query. When a
|
|
225
234
|
query fails for a missing dashboard-query property, the CLI prints the exact
|
|
226
235
|
activation commands to run and does not perform that write automatically.
|
|
227
236
|
|
|
237
|
+
Event payload properties can be tracked by the app, observed in bounded catalog
|
|
238
|
+
samples, and still not be queryable in fast dashboard charts. Register intended
|
|
239
|
+
dashboard dimensions and metrics before meaningful traffic starts. Use
|
|
240
|
+
dimensions for grouping values such as variant, plan, step, source, or outcome,
|
|
241
|
+
and metrics for numeric values such as score, amount, duration, or quantity.
|
|
242
|
+
Making a property queryable does not require an app redeploy, but older
|
|
243
|
+
dashboard-query rows may not fully populate grouped charts until new traffic
|
|
244
|
+
arrives. Do not make every property queryable; avoid PII, secrets, free text,
|
|
245
|
+
ids, URLs, or high-cardinality values unless the chart has a clear purpose.
|
|
246
|
+
|
|
247
|
+
## App Database
|
|
248
|
+
|
|
249
|
+
App database commands are artifact-scoped and go through Tender's server-side
|
|
250
|
+
authorization and read-only query checks. The CLI only accepts an app id; it
|
|
251
|
+
does not accept tenant ids, runner names, provider account ids, or runtime
|
|
252
|
+
storage identifiers.
|
|
253
|
+
|
|
254
|
+
Start with capabilities:
|
|
255
|
+
|
|
256
|
+
```bash
|
|
257
|
+
tender auth login --device --profile db-read --artifact artifact_123 --ttl 7d --save-profile db --json
|
|
258
|
+
|
|
259
|
+
tender app db capabilities artifact_123 --profile db --json
|
|
260
|
+
```
|
|
261
|
+
|
|
262
|
+
Common read-only commands:
|
|
263
|
+
|
|
264
|
+
```bash
|
|
265
|
+
tender app db tables artifact_123 --profile db --json
|
|
266
|
+
|
|
267
|
+
tender app db schema artifact_123 --table votes --profile db --json
|
|
268
|
+
|
|
269
|
+
tender app db query artifact_123 --sql "select * from votes limit 20" --profile db --json
|
|
270
|
+
|
|
271
|
+
tender app db query artifact_123 \
|
|
272
|
+
--sql "select * from votes where choice = ?" \
|
|
273
|
+
--param coffee \
|
|
274
|
+
--profile db \
|
|
275
|
+
--json
|
|
276
|
+
|
|
277
|
+
tender app db query artifact_123 --file ./debug.sql --limit 50 --profile db --json
|
|
278
|
+
|
|
279
|
+
tender app db query artifact_123 --file - --profile db --json < debug.sql
|
|
280
|
+
```
|
|
281
|
+
|
|
282
|
+
The query command sends one read-only statement with positional bindings.
|
|
283
|
+
Client and server limits include a 100 KB statement cap and at most 100 bound
|
|
284
|
+
parameters. The server enforces the final policy, row limits, response limits,
|
|
285
|
+
artifact scope, and audit logging.
|
|
286
|
+
|
|
228
287
|
## Safety Model
|
|
229
288
|
|
|
230
289
|
- Local agents run in the user's environment, not in Tender.
|
|
@@ -237,10 +296,12 @@ activation commands to run and does not perform that write automatically.
|
|
|
237
296
|
remote URLs.
|
|
238
297
|
- Analytics commands use tenant/artifact-scoped API routes. They do not expose
|
|
239
298
|
raw query credentials or raw SQL.
|
|
240
|
-
-
|
|
299
|
+
- Dashboard-query property activation is an explicit analytics write and remains
|
|
241
300
|
tenant/artifact-scoped.
|
|
242
301
|
- Raw analytics event export is intentionally not available; exports are bounded
|
|
243
302
|
catalog metadata or validated aggregate query rows.
|
|
303
|
+
- App database commands require `db:read`, should use artifact-scoped tokens,
|
|
304
|
+
and never require provider account ids or runtime storage identifiers.
|
|
244
305
|
|
|
245
306
|
## Related Package
|
|
246
307
|
|