@verentis/cli 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +157 -0
- package/dist/index.js +2585 -0
- package/dist/index.js.map +1 -0
- package/package.json +41 -0
package/README.md
ADDED
|
@@ -0,0 +1,157 @@
|
|
|
1
|
+
# @verentis/cli
|
|
2
|
+
|
|
3
|
+
The Verentis CLI is three tools in one:
|
|
4
|
+
|
|
5
|
+
1. **Admin** — manage accounts, workspaces, users, invitations, API keys and settings.
|
|
6
|
+
2. **Marketplace publishing** — pack, sign, publish and install `.vpkg` packages.
|
|
7
|
+
3. **Developer loop** — build and debug apps and execution engines **against a real workspace from your local machine**: mint scoped tokens, generate the platform's execution context, run scripts locally with full SDK access, stream execution logs, attach a debugger.
|
|
8
|
+
|
|
9
|
+
```bash
|
|
10
|
+
npm install -g @verentis/cli
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
## Sign in
|
|
14
|
+
|
|
15
|
+
```bash
|
|
16
|
+
verentis login --api-url https://api.verentis.dev
|
|
17
|
+
```
|
|
18
|
+
|
|
19
|
+
With no credential flags this starts a **device sign-in**: open the printed URL in any browser (works over SSH), confirm the code, done. Non-interactive alternatives:
|
|
20
|
+
|
|
21
|
+
```bash
|
|
22
|
+
verentis login --api-url … --api-key vrt_xxx # CI / scripts (create one with `verentis apikey create`)
|
|
23
|
+
verentis login --api-url … --token <identity token>
|
|
24
|
+
# VERENTIS_API_URL / VERENTIS_API_KEY / VERENTIS_TOKEN env vars also work
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
Set defaults once so you can stop repeating flags:
|
|
28
|
+
|
|
29
|
+
```bash
|
|
30
|
+
verentis use workspace <workspaceId>
|
|
31
|
+
verentis use account <accountId>
|
|
32
|
+
verentis context # show current defaults
|
|
33
|
+
verentis whoami # identity, account, publisher
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
## Admin
|
|
37
|
+
|
|
38
|
+
```bash
|
|
39
|
+
verentis workspace list
|
|
40
|
+
verentis workspace create "My Workspace" --use
|
|
41
|
+
verentis workspace invite create <workspaceId> dev@example.com --role member
|
|
42
|
+
verentis account invite list
|
|
43
|
+
verentis user list --workspace <id>
|
|
44
|
+
verentis user suspend <userId>
|
|
45
|
+
verentis apikey create ci-key --grant node.file.read --grant execution.execution.run
|
|
46
|
+
verentis apikey revoke <apiKeyId>
|
|
47
|
+
verentis settings set my.setting '{"enabled":true}' --workspace <id>
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
Anything without a dedicated command is one escape hatch away (auth handled for you):
|
|
51
|
+
|
|
52
|
+
```bash
|
|
53
|
+
verentis api GET /v1/roles --scope security.role.read-all
|
|
54
|
+
verentis api POST /v1/things --body @thing.json --workspace <id> --scope some.scope
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
## Workspace files
|
|
58
|
+
|
|
59
|
+
```bash
|
|
60
|
+
verentis files ls /scripts
|
|
61
|
+
verentis files cat /data/input.json
|
|
62
|
+
verentis files upload ./local-dir /scripts # recursive
|
|
63
|
+
verentis files upload build.zip /apps --extract # server-side archive extraction
|
|
64
|
+
verentis files download /data/report.json
|
|
65
|
+
verentis files mv /a.txt /archive/a.txt
|
|
66
|
+
verentis files rm /tmp-dir --recursive
|
|
67
|
+
```
|
|
68
|
+
|
|
69
|
+
All file commands take `--branch` (default `main`) and `--workspace`.
|
|
70
|
+
|
|
71
|
+
## Executions
|
|
72
|
+
|
|
73
|
+
```bash
|
|
74
|
+
verentis exec run /scripts/transform.py --follow # run remotely, stream logs live
|
|
75
|
+
verentis exec run /scripts/etl.py --arg --verbose --params '{"rows":10}'
|
|
76
|
+
verentis exec list
|
|
77
|
+
verentis exec logs <executionId> --follow # SSE log streaming
|
|
78
|
+
verentis exec cancel <executionId>
|
|
79
|
+
verentis engine list
|
|
80
|
+
verentis engine resolve text/x-python
|
|
81
|
+
```
|
|
82
|
+
|
|
83
|
+
## The developer loop
|
|
84
|
+
|
|
85
|
+
Write engine/app scripts locally, but read and write **real workspace files** through the [`verentis-engine-sdk`](https://pypi.org/project/verentis-engine-sdk/) — exactly like a platform run:
|
|
86
|
+
|
|
87
|
+
```bash
|
|
88
|
+
cd my-engine-project # has an engine.yaml with spec.permissions
|
|
89
|
+
|
|
90
|
+
# Run a local script with a real scoped token + injected context —
|
|
91
|
+
# engine.files / engine.http hit the actual workspace:
|
|
92
|
+
verentis dev run transform.py --workspace <id> --params '{"message":"hi"}'
|
|
93
|
+
|
|
94
|
+
# Debug: waits for your debugger before the first line runs
|
|
95
|
+
verentis dev run transform.py --debug # debugpy on :5678, --wait-for-client
|
|
96
|
+
verentis dev vscode # scaffolds .vscode/launch.json (attach + launch)
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
Lower-level building blocks:
|
|
100
|
+
|
|
101
|
+
```bash
|
|
102
|
+
verentis dev token --workspace <id> # scopes from ./engine.yaml spec.permissions
|
|
103
|
+
verentis dev token --scopes node.file.read --boundary /scripts # node-bounded, like platform runs
|
|
104
|
+
verentis dev context --file /scripts/transform.py --out .verentis/context.json
|
|
105
|
+
export VERENTIS_CONTEXT_PATH=$PWD/.verentis/context.json
|
|
106
|
+
python transform.py # SDK auto-loads the context
|
|
107
|
+
|
|
108
|
+
verentis validate engine.yaml # manifest checks before publish
|
|
109
|
+
```
|
|
110
|
+
|
|
111
|
+
`dev run` writes `.verentis/context.json` (mode 600 — contains a short-lived token; git-ignore `.verentis/`).
|
|
112
|
+
|
|
113
|
+
## Marketplace publishing
|
|
114
|
+
|
|
115
|
+
```bash
|
|
116
|
+
verentis publisher create --name acme --display-name "Acme Inc."
|
|
117
|
+
verentis keygen # Ed25519 signing key + register public half
|
|
118
|
+
verentis init my-app --kind application
|
|
119
|
+
verentis pack # signed .vpkg (--encrypt seals the payload)
|
|
120
|
+
verentis publish my-app-0.1.0.vpkg
|
|
121
|
+
verentis package list # your packages
|
|
122
|
+
verentis package versions acme/my-app
|
|
123
|
+
verentis package deprecate my-app --message "use my-app-2"
|
|
124
|
+
verentis package visibility set my-app Private
|
|
125
|
+
verentis package visibility grant my-app <workspaceId>
|
|
126
|
+
verentis package stats my-app
|
|
127
|
+
verentis search "image viewer" --kind Application
|
|
128
|
+
verentis install acme/my-app --workspace <id>
|
|
129
|
+
verentis installs --workspace <id>
|
|
130
|
+
verentis uninstall <installationId> --workspace <id>
|
|
131
|
+
verentis yank my-app 1.0.3
|
|
132
|
+
```
|
|
133
|
+
|
|
134
|
+
Published versions are `Submitted` for moderation; once approved the marketplace countersigns them and they become installable.
|
|
135
|
+
|
|
136
|
+
## The `.vpkg` format
|
|
137
|
+
|
|
138
|
+
A gzip tarball: `manifest.yaml` + `files/**` payload + `.verentis/` metadata (package.yaml, sha256 digests, DSSE signatures). Manifest references like `./schemas/x.json` resolve against `files/` — and against the children of the installed manifest node after installation. See the platform docs (`marketplace/packaging`) for the full specification.
|
|
139
|
+
|
|
140
|
+
Packing behaviour:
|
|
141
|
+
- `packaging.files` globs select the payload; without them, applications automatically include every `./…` schema `source` referenced by the manifest.
|
|
142
|
+
- Digests cover every payload entry; the registry rejects tampered packages.
|
|
143
|
+
- With a configured signing key the digests document is DSSE-signed (Ed25519). Publishers with registered keys **must** sign uploads.
|
|
144
|
+
- `pack --encrypt` seals the payload (AES-256-GCM, X25519 key wrapping per recipient — always including the `platform` escrow recipient so Verentis.Node can serve member reads).
|
|
145
|
+
|
|
146
|
+
## Output & scripting
|
|
147
|
+
|
|
148
|
+
Most read commands accept `--json` for machine-readable output, plus `--page/--page-size/--order-by` on paged listings. Errors render RFC 7807 problem details compactly.
|
|
149
|
+
|
|
150
|
+
## Development
|
|
151
|
+
|
|
152
|
+
```bash
|
|
153
|
+
npm install
|
|
154
|
+
npm test # vitest
|
|
155
|
+
npm run build # tsup → dist/
|
|
156
|
+
```
|
|
157
|
+
|