npm - eigen-skills - Versions diffs - 1.1.3 → 1.1.4 - Mend

eigen-skills 1.1.3 → 1.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/.env +5 -0
package/package.json +1 -1
package/skills/eigen-compute/SKILL.md +65 -1

package/.env ADDED Viewed

@@ -0,0 +1,5 @@
+# EigenCloud Skills — Environment Variables
+# NEVER commit this file to git
+PRIVATE_KEY= cc3071c6fc7f35b0ba595b67cb5cace750dd88c0ee80970a14d846afc3347ed2
+EIGEN_API_KEY=

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "eigen-skills",
-    "version": "1.1.3",
+    "version": "1.1.4",
     "description": "EigenCompute TEE deployment skills for AI agents — encrypted memory, sealed secrets, cryptographic attestation",
     "main": "index.js",
     "agents": {

package/skills/eigen-compute/SKILL.md CHANGED Viewed

@@ -63,6 +63,7 @@ ecloud compute app create --name my-app --language typescript
 ### Deploy from Dockerfile (recommended)
+**Interactive deploy:**
 ```bash
 ecloud compute app deploy
 ```
@@ -70,8 +71,46 @@ ecloud compute app deploy
 - Choose **Linux/AMD64** (standard TEE architecture)
 - Estimated cost: ~0.008 ETH per deploy (Sepolia testnet)
+**Non-interactive deploy (for scripting / CI):**
+```bash
+ecloud compute app deploy \
+  --name my-app \
+  --skip-profile \
+  --image-ref my-app:latest \
+  --build-caddyfile
+```
+| Flag | Purpose |
+|------|---------|
+| `--name <name>` | App name (skips interactive prompt) |
+| `--skip-profile` | Skip machine profile selection (uses default) |
+| `--image-ref <ref>` | Docker image reference tag |
+| `--build-caddyfile` | **Auto-inject Caddy + TLS** — the CLI reads your `Caddyfile`, installs Caddy into the image, and wires up TLS certs automatically. You do NOT need to install Caddy in your Dockerfile or reference TLS cert paths. |
 **IMPORTANT:** "Deploy from registry" method is unreliable — apps often end up in `Status: Unknown` with no error. Always use "Build from Dockerfile".
+### TLS with `--build-caddyfile` (recommended)
+When you pass `--build-caddyfile`, the ecloud CLI handles all TLS setup. Your project only needs a minimal `Caddyfile` that reverse-proxies to your app:
+```caddyfile
+:80 {
+    reverse_proxy 127.0.0.1:3000
+}
+```
+The CLI automatically:
+- Installs Caddy into the Docker image
+- Mounts TLS certs from the TEE's `/run/tls/` directory
+- Sources sealed env vars via `compute-source-env.sh`
+- Configures HTTPS on the deployed domain
+**You do NOT need to:**
+- Add `RUN apk add caddy` (or equivalent) in your Dockerfile
+- Reference `/run/tls/fullchain.pem` or `/run/tls/privkey.pem` in your Caddyfile
+- Source `compute-source-env.sh` manually in your entrypoint
+- Expose ports 80 or 443 — only expose your app port (e.g., 3000)
 ### Check app status
 ```bash
@@ -125,6 +164,16 @@ Inside the TEE container, these are available:
 ### Entrypoint pattern for TEE
+**With `--build-caddyfile` (recommended)** — no manual env sourcing needed:
+```bash
+#!/bin/sh
+set -e
+node server.js
+```
+**Without `--build-caddyfile`** — you must source sealed secrets manually:
 ```bash
 #!/bin/bash
 # Source sealed secrets
@@ -138,13 +187,28 @@ node server.js
 ### Dockerfile pattern for TEE
+**With `--build-caddyfile` (recommended)** — minimal Dockerfile, only expose your app port:
 ```dockerfile
-FROM node:20-slim
+FROM --platform=linux/amd64 node:20-slim
 WORKDIR /app
 COPY package*.json ./
 RUN npm ci --production
 COPY . .
 EXPOSE 3000
+CMD ["./start.sh"]
+```
+**Without `--build-caddyfile`** — you must install Caddy and expose TLS ports yourself:
+```dockerfile
+FROM --platform=linux/amd64 node:20-slim
+WORKDIR /app
+RUN apt-get update && apt-get install -y caddy
+COPY package*.json ./
+RUN npm ci --production
+COPY . .
+EXPOSE 80 443 3000
 ENTRYPOINT ["bash", "entrypoint.sh"]
 ```