@trading-boy/cli 1.6.1 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/dist/api-client.js +7 -2
  2. package/dist/cli.bundle.js +264 -345
  3. package/dist/commands/agent-cmd.js +48 -54
  4. package/dist/commands/benchmark-cmd.js +4 -9
  5. package/dist/commands/billing.js +21 -1
  6. package/dist/commands/coaching-cmd.js +6 -15
  7. package/dist/commands/context.js +3 -7
  8. package/dist/commands/cron-cmd.js +10 -46
  9. package/dist/commands/edge-cmd.js +3 -5
  10. package/dist/commands/edge-guard-cmd.js +4 -9
  11. package/dist/commands/query.js +3 -7
  12. package/dist/commands/replay-cmd.js +5 -36
  13. package/dist/commands/risk.js +3 -7
  14. package/dist/commands/strategy-cmd.js +14 -51
  15. package/dist/commands/subscribe.js +2 -2
  16. package/dist/commands/suggestions-cmd.js +5 -17
  17. package/dist/commands/thesis-cmd.js +3 -6
  18. package/dist/commands/whoami.js +3 -1
  19. package/dist/utils.d.ts +12 -0
  20. package/dist/utils.js +51 -0
  21. package/package.json +1 -1
package/dist/api-client.js CHANGED
@@ -115,8 +115,13 @@ export async function apiRequest(path, options = {}) {
115
115
  let message = 'Subscription inactive. Run `trading-boy billing manage` to update your billing.';
116
116
  try {
117
117
  const body = await response.clone().json();
118
- if (typeof body.error === 'string')
119
- message = body.error;
118
+ if (typeof body.error === 'string') {
119
+ // Only use API message if it matches known safe patterns to avoid leaking internals
120
+ const safePatterns = ['Plan ', 'Subscription ', 'plan ', 'subscription ', 'Trial ', 'trial '];
121
+ if (safePatterns.some((p) => body.error.startsWith(p))) {
122
+ message = body.error;
123
+ }
124
+ }
120
125
  }
121
126
  catch { /* use default message */ }
122
127
  throw new ApiError(message, 403);