@vibes.diy/prompts 4.0.10 → 4.0.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -4
- package/llms/backend.md +9 -2
- package/package.json +4 -4
package/README.md
CHANGED
|
@@ -32,10 +32,7 @@ The whole platform is open source under Apache 2.0. Read the code, open an issue
|
|
|
32
32
|
## Quick Start
|
|
33
33
|
|
|
34
34
|
1. [Try the demo](https://vibes.diy/) — no setup required.
|
|
35
|
-
2. Or
|
|
36
|
-
- Clone the repository
|
|
37
|
-
- Install with `pnpm i`
|
|
38
|
-
- Run `pnpm dev`
|
|
35
|
+
2. Or hack on the code: clone the repo, `pnpm install`, and `pnpm build` — the build, lint, and test suite work from a fresh clone with no secrets. Running the full web app locally currently requires extra setup; the [Contributing Guide](CONTRIBUTING.md#getting-started) covers exactly what works out of the box and what doesn't yet.
|
|
39
36
|
|
|
40
37
|
## Community
|
|
41
38
|
|
package/llms/backend.md
CHANGED
|
@@ -51,6 +51,7 @@ identity `access.js` can genuinely restrict a database to.
|
|
|
51
51
|
```js
|
|
52
52
|
ctx.appInfo; // { ownerHandle, appSlug } — this app's identity
|
|
53
53
|
ctx.userInfo; // { userHandle } or null — who the handler is acting as
|
|
54
|
+
ctx.secrets; // Record<string,string> — the owner's per-vibe secrets; frozen, {} when none
|
|
54
55
|
await ctx.db.put(doc, { db: "notes", id: "optional-id" }); // resolves to the doc id AFTER commit
|
|
55
56
|
await ctx.db.delete(docId, { db: "notes" });
|
|
56
57
|
const docs = await ctx.db.query({ db: "notes" }); // latest non-deleted docs (each with _id)
|
|
@@ -67,9 +68,15 @@ const docs = await ctx.db.query({ db: "notes" }); // latest non-deleted docs (ea
|
|
|
67
68
|
access function cannot be queried from the backend (keep backend-read
|
|
68
69
|
databases on plain ACLs). Made for `scheduled` sweeps: read, decide, then
|
|
69
70
|
`put`/`delete`.
|
|
71
|
+
- `ctx.secrets` carries the owner's per-vibe secrets, set in the vibe's settings
|
|
72
|
+
page or with `vibes-diy secrets set KEY`. Use it to verify inbound credentials —
|
|
73
|
+
a webhook's shared secret or token — and never write a value anywhere users can
|
|
74
|
+
read it (a doc, a response body). Only the owner can set or rotate secrets;
|
|
75
|
+
handlers see the current values on every invocation.
|
|
70
76
|
- **No outside network access**: `fetch()` to external URLs is refused inside
|
|
71
|
-
`backend.js`,
|
|
72
|
-
|
|
77
|
+
`backend.js`, so secrets cannot be sent anywhere — they can only be compared
|
|
78
|
+
against or used to verify what arrives. Don't call third-party APIs from the
|
|
79
|
+
backend; AI calls stay in `App.jsx` via `callAI`.
|
|
73
80
|
|
|
74
81
|
## fetch — the app's HTTP endpoint
|
|
75
82
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@vibes.diy/prompts",
|
|
3
|
-
"version": "4.0.
|
|
3
|
+
"version": "4.0.11",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"main": "./index.js",
|
|
6
6
|
"description": "",
|
|
@@ -24,9 +24,9 @@
|
|
|
24
24
|
"license": "Apache-2.0",
|
|
25
25
|
"dependencies": {
|
|
26
26
|
"@adviser/cement": "~0.5.34",
|
|
27
|
-
"@vibes.diy/call-ai-v2": "^4.0.
|
|
28
|
-
"@vibes.diy/identity": "^4.0.
|
|
29
|
-
"@vibes.diy/use-vibes-types": "^4.0.
|
|
27
|
+
"@vibes.diy/call-ai-v2": "^4.0.11",
|
|
28
|
+
"@vibes.diy/identity": "^4.0.11",
|
|
29
|
+
"@vibes.diy/use-vibes-types": "^4.0.11",
|
|
30
30
|
"arktype": "~2.2.1",
|
|
31
31
|
"json-schema-faker": "~0.6.2"
|
|
32
32
|
},
|