keystone-cli 2.0.0 → 2.0.1

package/README.md

@@ -237,6 +237,10 @@ storage:
 
 expression:
   strict: false
+
+logging:
+  suppress_security_warning: false
+  suppress_ai_sdk_warnings: false
 ```
 
 ### Storage Configuration
@@ -246,6 +250,13 @@ The `storage` section controls data retention and security for workflow runs:
 - **`retention_days`**: Sets the default window used by `keystone maintenance` / `keystone prune` commands to clean up old run data.
 - **`redact_secrets_at_rest`**: Controls whether secret inputs and known secrets are redacted before storing run data (default `true`).
 
+### Logging Configuration
+
+The `logging` section allows you to suppress warnings:
+
+- **`suppress_security_warning`**: Silences the "Security Warning" about running workflows from untrusted sources (default `false`).
+- **`suppress_ai_sdk_warnings`**: Silences internal warnings from the Vercel AI SDK, such as compatibility mode messages (default `false`).
+
 ### Bring Your Own Provider (BYOP)
 
 Keystone uses the **Vercel AI SDK**, allowing you to use any compatible provider. You must install the provider package (e.g., `@ai-sdk/openai`, `ai-sdk-provider-gemini-cli`) so Keystone can resolve it.
@@ -1246,6 +1257,8 @@ Request steps enforce SSRF protections and require HTTPS by default. Cross-origi
 graph TD
     CLI[CLI Entry Point] --> WR[WorkflowRunner]
     CLI --> MCPServer[MCP Server]
+    Config[ConfigLoader] --> WR
+    Config --> Adapter
 
     subgraph "Core Orchestration"
         WR --> Scheduler[WorkflowScheduler]

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "keystone-cli",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "description": "A local-first, declarative, agentic workflow orchestrator built on Bun",
   "type": "module",
   "bin": {

package/src/parser/config-schema.ts

@@ -116,6 +116,12 @@ export const ConfigSchema = z.object({
         .optional(),
     })
     .optional(),
+  logging: z
+    .object({
+      suppress_security_warning: z.boolean().default(false),
+      suppress_ai_sdk_warnings: z.boolean().default(false),
+    })
+    .default({}),
 });
 
 export type Config = z.infer<typeof ConfigSchema>;

package/src/runner/llm-adapter.ts

@@ -55,7 +55,7 @@ class LocalEmbeddingModel {
         return Array.from(output.data) as number[];
       })
     );
-    return { embeddings };
+    return { embeddings, warnings: [] };
   }
 
   /**
@@ -298,6 +298,11 @@ async function prepareProvider(
 }
 
 export async function getModel(model: string): Promise<LanguageModel> {
+  const configValues = ConfigLoader.load();
+  if (configValues.logging?.suppress_ai_sdk_warnings) {
+    process.env.AI_SDK_LOG_WARNINGS = 'false';
+  }
+
   const { provider, resolvedModel } = await prepareProvider(model);
 
   // AI SDK convention: provider(modelId)
@@ -321,6 +326,11 @@ export async function getModel(model: string): Promise<LanguageModel> {
 }
 
 export async function getEmbeddingModel(model: string): Promise<EmbeddingModel> {
+  const configValues = ConfigLoader.load();
+  if (configValues.logging?.suppress_ai_sdk_warnings) {
+    process.env.AI_SDK_LOG_WARNINGS = 'false';
+  }
+
   // 1. Check for local fallback
   if (model === 'local' || model === 'keystone-local') {
     return new LocalEmbeddingModel();

package/src/runner/workflow-runner.ts

@@ -46,7 +46,7 @@ class RedactingLogger implements Logger {
   constructor(
     private inner: Logger,
     private redactor: Redactor
-  ) {}
+  ) { }
 
   log(msg: string): void {
     this.inner.log(this.redactor.redact(msg));
@@ -193,7 +193,7 @@ export class WorkflowRunner {
 
     if (parentSignal.aborted) {
       controller.abort();
-      return { controller, cleanup: () => {} };
+      return { controller, cleanup: () => { } };
     }
 
     parentSignal.addEventListener('abort', onAbort, { once: true });
@@ -816,11 +816,11 @@ export class WorkflowRunner {
     const idempotencyContextForRetry =
       idempotencyClaimed && scopedIdempotencyKey
         ? {
-            rawKey: idempotencyKey || scopedIdempotencyKey,
-            scopedKey: scopedIdempotencyKey,
-            ttlSeconds: idempotencyTtlSeconds,
-            claimed: true,
-          }
+          rawKey: idempotencyKey || scopedIdempotencyKey,
+          scopedKey: scopedIdempotencyKey,
+          ttlSeconds: idempotencyTtlSeconds,
+          claimed: true,
+        }
         : undefined;
 
     let stepToExecute = step;
@@ -932,9 +932,9 @@ export class WorkflowRunner {
         try {
           const outputForValidation =
             stepToExecute.type === 'engine' &&
-            result.output &&
-            typeof result.output === 'object' &&
-            'summary' in result.output
+              result.output &&
+              typeof result.output === 'object' &&
+              'summary' in result.output
               ? (result.output as { summary?: unknown }).summary
               : result.output;
           this.validator.validateSchema(
@@ -2076,12 +2076,16 @@ Revise the output to address the feedback. Return only the corrected output.`;
 
     this.logger.log(`\n🏛️  ${isResume ? 'Resuming' : 'Running'} workflow: ${this.workflow.name}`);
     this.logger.log(`Run ID: ${this.runId}`);
-    this.logger.log(
-      '\n⚠️  Security Warning: Only run workflows from trusted sources.\n' +
+
+    const config = ConfigLoader.load();
+    if (!config.logging?.suppress_security_warning) {
+      this.logger.log(
+        '\n⚠️  Security Warning: Only run workflows from trusted sources.\n' +
         '   Workflows can execute arbitrary shell commands and access your environment.\n'
-    );
+      );
+    }
 
-    this.secretManager.redactAtRest = ConfigLoader.load().storage?.redact_secrets_at_rest ?? true;
+    this.secretManager.redactAtRest = config.storage?.redact_secrets_at_rest ?? true;
 
     // Apply defaults and validate inputs
     const validated = this.validator.applyDefaultsAndValidate();