vellum-cli 0.3.2 → 0.3.4

package/README.md

@@ -39,11 +39,9 @@ env vars:
 | Flag         | Env var          | Description                                  |
 | ------------ | ---------------- | -------------------------------------------- |
 | `--url`      | `VELLUM_URL`     | Server base URL (default `https://vellumai.app`) |
-| `--api-key`  | `VELLUM_API_KEY` | Shared owner/agent key (`X-Api-Key`)         |
 
-Credential precedence for a write: an explicit `--api-key`/`VELLUM_API_KEY`
-(the shared owner key, e.g. for agents/CI) wins; otherwise the stored
-`vellum login` token is used.
+The CLI always uses the stored `vellum login` token. Commands are scoped to
+the logged-in page owner; the CLI does not accept the shared server API key.
 
 ## Commands
 

package/dist/index.js

@@ -15,13 +15,10 @@ function resolveBaseUrl(flags) {
   return normalizeUrl(flags.url ?? process.env.VELLUM_URL ?? DEFAULT_URL);
 }
 async function resolveCredential(flags, baseUrl) {
-  const apiKey = flags.apiKey ?? process.env.VELLUM_API_KEY;
-  if (apiKey)
-    return { apiKey };
   const token = await loadToken(baseUrl);
   if (token)
     return { token };
-  throw new ConfigError(`Not logged in to ${baseUrl}. Run \`vellum login\` (or set VELLUM_API_KEY / pass --api-key).`);
+  throw new ConfigError(`Not logged in to ${baseUrl}. Run \`vellum login\`.`);
 }
 function storePath() {
   const xdg = process.env.XDG_CONFIG_HOME;
@@ -204,12 +201,11 @@ Usage:
   vellum ${verb} <page-id> [options]
 
 ${verb === "archive" ? `Archiving keeps the bytes, versions, comments, and URLs intact — new
-versions and comments are paused until you unarchive. Owner/admin only.` : `Unarchiving restores the page to the gallery and re-opens it for new
-versions and comments. Owner/admin only.`}
+versions and comments are paused until you unarchive. Page owner only.` : `Unarchiving restores the page to the gallery and re-opens it for new
+versions and comments. Page owner only.`}
 
 Options:
   --url <url>        Server base URL          (env: VELLUM_URL)
-  --api-key <key>    Shared API key           (env: VELLUM_API_KEY)
   --json             Print the raw JSON response
   -h, --help         Show this help`;
 }
@@ -219,7 +215,6 @@ async function run(verb, argv) {
     allowPositionals: true,
     options: {
       url: { type: "string" },
-      "api-key": { type: "string" },
       json: { type: "boolean", default: false },
       help: { type: "boolean", short: "h", default: false }
     }
@@ -235,7 +230,7 @@ async function run(verb, argv) {
     console.error(help(verb));
     return 1;
   }
-  const flags = { url: values.url, apiKey: values["api-key"] };
+  const flags = { url: values.url };
   const baseUrl = resolveBaseUrl(flags);
   const credential = await resolveCredential(flags, baseUrl);
   const client2 = new VellumClient({ baseUrl, ...credential });
@@ -249,7 +244,11 @@ async function run(verb, argv) {
     return 0;
   } catch (err) {
     if (err instanceof VellumApiError && err.status === 401) {
-      console.error(`Error: ${verb} requires the owner API key. Set VELLUM_API_KEY or pass --api-key.`);
+      console.error(`Error: not logged in. Run \`vellum login\` as the page owner.`);
+      return 1;
+    }
+    if (err instanceof VellumApiError && err.status === 403) {
+      console.error(`Error: you don't own ${pageId}, so you can't ${verb} it.`);
       return 1;
     }
     if (err instanceof VellumApiError && err.status === 404) {
@@ -268,19 +267,18 @@ function unarchiveCommand(argv) {
 
 // src/commands/list.ts
 import { parseArgs as parseArgs2 } from "node:util";
-var HELP = `vellum list — list your artifacts (owner/admin only)
+var HELP = `vellum list — list your artifacts
 
 Usage:
   vellum list [options]
 
-By default only live pages are shown. Use --archived for archived-only, or
---all for both. Listing requires the owner API key (VELLUM_API_KEY / --api-key).
+Lists the pages you own (log in with \`vellum login\`). By default only live
+pages are shown; use --archived for archived-only, or --all for both.
 
 Options:
   --archived         Show only archived pages
   --all              Show both live and archived pages
   --url <url>        Server base URL          (env: VELLUM_URL)
-  --api-key <key>    Shared API key           (env: VELLUM_API_KEY)
   --json             Print the raw JSON response
   -h, --help         Show this help`;
 function cell(value, width) {
@@ -308,7 +306,6 @@ async function listCommand(argv) {
       archived: { type: "boolean", default: false },
       all: { type: "boolean", default: false },
       url: { type: "string" },
-      "api-key": { type: "string" },
       json: { type: "boolean", default: false },
       help: { type: "boolean", short: "h", default: false }
     }
@@ -317,7 +314,7 @@ async function listCommand(argv) {
     console.log(HELP);
     return 0;
   }
-  const flags = { url: values.url, apiKey: values["api-key"] };
+  const flags = { url: values.url };
   const baseUrl = resolveBaseUrl(flags);
   const credential = await resolveCredential(flags, baseUrl);
   const client2 = new VellumClient({ baseUrl, ...credential });
@@ -343,7 +340,7 @@ ${pages.length} page${pages.length === 1 ? "" : "s"}${suffix}`);
     return 0;
   } catch (err) {
     if (err instanceof VellumApiError && err.status === 401) {
-      console.error("Error: list requires the owner API key. Set VELLUM_API_KEY or pass --api-key.");
+      console.error("Error: not authenticated. Run `vellum login` as the page owner.");
       return 1;
     }
     throw err;
@@ -484,7 +481,6 @@ Options:
   --version <n>      Pin to a specific version number (default: current)
   --force            Post even if the quote isn't found in the version
   --url <url>        Server base URL          (env: VELLUM_URL)
-  --api-key <key>    Shared API key           (env: VELLUM_API_KEY)
   --json             Print the raw JSON response
   -h, --help         Show this help`;
 async function readStdin() {
@@ -518,7 +514,6 @@ async function markupCommand(argv) {
       version: { type: "string" },
       force: { type: "boolean", default: false },
       url: { type: "string" },
-      "api-key": { type: "string" },
       json: { type: "boolean", default: false },
       help: { type: "boolean", short: "h", default: false }
     }
@@ -552,7 +547,7 @@ async function markupCommand(argv) {
       return 1;
     }
   }
-  const flags = { url: values.url, apiKey: values["api-key"] };
+  const flags = { url: values.url };
   const baseUrl = resolveBaseUrl(flags);
   const credential = await resolveCredential(flags, baseUrl);
   const client2 = new VellumClient({ baseUrl, ...credential });
@@ -598,7 +593,6 @@ Usage:
 Options:
   --page-id <id>     Append a new version to an existing page
   --url <url>        Server base URL          (env: VELLUM_URL)
-  --api-key <key>    Shared API key           (env: VELLUM_API_KEY)
   --json             Print the raw JSON response
   -h, --help         Show this help`;
 async function readStdin2() {
@@ -614,7 +608,6 @@ async function pushCommand(argv) {
     options: {
       "page-id": { type: "string" },
       url: { type: "string" },
-      "api-key": { type: "string" },
       json: { type: "boolean", default: false },
       help: { type: "boolean", short: "h", default: false }
     }
@@ -629,7 +622,7 @@ async function pushCommand(argv) {
     console.error("Error: no HTML provided (empty file or stdin).");
     return 1;
   }
-  const flags = { url: values.url, apiKey: values["api-key"] };
+  const flags = { url: values.url };
   const baseUrl = resolveBaseUrl(flags);
   const credential = await resolveCredential(flags, baseUrl);
   const client2 = new VellumClient({ baseUrl, ...credential });
@@ -646,7 +639,7 @@ async function pushCommand(argv) {
 // package.json
 var package_default = {
   name: "vellum-cli",
-  version: "0.3.2",
+  version: "0.3.4",
   description: "The vellum CLI — publish agent-authored HTML artifacts to a Vellum server.",
   type: "module",
   license: "MIT",
@@ -700,14 +693,12 @@ Usage:
 
 Options:
   --url <url>        Server base URL          (env: VELLUM_URL)
-  --api-key <key>    Shared API key           (env: VELLUM_API_KEY)
   -h, --help         Show this help`;
 async function whoamiCommand(argv) {
   const { values } = parseArgs7({
     args: argv,
     options: {
       url: { type: "string" },
-      "api-key": { type: "string" },
       help: { type: "boolean", short: "h", default: false }
     }
   });
@@ -716,11 +707,7 @@ async function whoamiCommand(argv) {
     return 0;
   }
   const baseUrl = resolveBaseUrl({ url: values.url });
-  const credential = await resolveCredential({ url: values.url, apiKey: values["api-key"] }, baseUrl);
-  if ("apiKey" in credential) {
-    console.log(`Authenticated to ${baseUrl} with a shared API key (owner).`);
-    return 0;
-  }
+  const credential = await resolveCredential({ url: values.url }, baseUrl);
   const client2 = new VellumClient({ baseUrl, token: credential.token });
   const { email } = await client2.whoami();
   console.log(`${email ?? "(no email on record)"} — ${baseUrl}`);
@@ -738,7 +725,7 @@ Commands:
   logout    Remove this machine's stored CLI token
   whoami    Show the identity the CLI is authenticated as
   push      Create an artifact (page) from HTML (file or stdin)
-  list      List your artifacts (owner/admin only)
+  list      List artifacts owned by your logged-in identity
   markup    Pin a comment to a passage of a document
   archive   Archive a page (read-only, hidden from the gallery)
   unarchive Restore an archived page to live

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vellum-cli",
-  "version": "0.3.2",
+  "version": "0.3.4",
   "description": "The vellum CLI — publish agent-authored HTML artifacts to a Vellum server.",
   "type": "module",
   "license": "MIT",