flowsh-cli 0.3.0__tar.gz → 0.4.0__tar.gz

{flowsh_cli-0.3.0 → flowsh_cli-0.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: flowsh-cli
-Version: 0.3.0
+Version: 0.4.0
 Summary: Generate Bash harness scripts from workflow YAML files.
 License-Expression: MIT
 Classifier: Programming Language :: Python :: 3.11
@@ -38,13 +38,15 @@ workflows:
       - type: agent
         name: Ask OpenCode
         agent: general
+        model: openai/gpt-5
+        command: review
         prompt: |
           Summarize the current repository state.
 ```
 
 Supported step types are only `vars`, `bash`, and `agent`.
 
-The input path must be a regular file no larger than 1 MiB. The input file must be valid UTF-8, non-empty YAML with a mapping root, no duplicate mapping keys, and no YAML aliases. Workflow and step names are single-line labels. Executable fields reject unsafe control bytes while allowing normal newlines and tabs. `vars` keys must be uppercase shell variable names, and `agent` names may contain only letters, digits, `_`, and `-`.
+The input path must be a regular file no larger than 1 MiB. The input file must be valid UTF-8, non-empty YAML with a mapping root, no duplicate mapping keys, and no YAML aliases. Workflow and step names are single-line labels. Executable fields reject unsafe control bytes while allowing normal newlines and tabs. `vars` keys must be uppercase shell variable names, and `agent` names may contain only letters, digits, `_`, and `-`. Agent `model` values are passed through to OpenCode, so provider/model IDs such as `openai/gpt-5` are valid. Agent `command` values map to OpenCode `--command`; the prompt remains the message/arguments after `--`.
 
 Agent prompts are literal by default. Set `expandPrompt: true` on an `agent` step only when the prompt should be expanded by Bash at harness runtime, for example to insert values exported by earlier `vars` steps:
 
@@ -59,6 +61,8 @@ Agent prompts are literal by default. Set `expandPrompt: true` on an `agent` ste
 
 `expandPrompt: true` is a security-sensitive opt-in: Bash also performs command substitution such as `$(...)` and backticks in the prompt body before OpenCode receives it. Keep it disabled for prompts that contain shell examples or untrusted content.
 
+Set `dangerouslySkipPermissions: true` on an `agent` step only when the generated harness should pass OpenCode `--dangerously-skip-permissions`. The flag is false by default, accepts the YAML alias `dangerously-skip-permissions`, and auto-approves permissions that are not explicitly denied. Treat it as security-sensitive and avoid it for untrusted workflows.
+
 Harness paths are derived from workflow ids. `wf_example` writes `.harness/example.sh`.
 
 ## Commands
@@ -130,7 +134,7 @@ Generated harnesses are also non-interactive. `harness.sh --dry-run` exits `0` a
 
 Generated harnesses are written with owner-only executable permissions and refuse to overwrite existing paths unless `--force` is passed. Multi-workflow generation preflights overwrite conflicts before writing any harness. `--force` replaces regular harness files and harness-file symlinks, but never replaces a directory at a harness file path. The `.harness` output directory must be a real directory, not a symlink or file. Harness dry runs do not create log files or directories. Real harness logs go to `.flowsh/logs` by default with owner-private directory and file permissions. Set `FLOWSH_LOG_DIR` when running a harness to use another local relative log directory; absolute paths, `..` path segments, symlinked path components, and non-directory log paths are refused. Logging setup and write failures fail the harness instead of being silently ignored.
 
-Generated `bash` and `vars` bodies run with `bash -euo pipefail`, so command failures stop the workflow instead of being masked by later successful commands. Captured `vars` values are exported for later `bash` steps. `agent` prompt heredocs are quoted by default and unquoted only when `expandPrompt: true` is set. `agent` steps invoke only `opencode run --format json -- <prompt>` with optional `--agent <agent>` before `--`, so dash-prefixed prompts are message content rather than OpenCode flags. Agent steps fail with a clear error if `opencode` is not on `PATH`.
+Generated `bash` and `vars` bodies run with `bash -euo pipefail`, so command failures stop the workflow instead of being masked by later successful commands. Captured `vars` values are exported for later `bash` steps. `agent` prompt heredocs are quoted by default and unquoted only when `expandPrompt: true` is set. `agent` steps invoke only `opencode run --format json` with optional `--agent <agent>`, `--model <provider/model>`, `--command <command>`, and `--dangerously-skip-permissions` flags before `-- <prompt>`, so dash-prefixed prompts are message content rather than OpenCode flags. Agent steps fail with a clear error if `opencode` is not on `PATH`.
 
 ## Development
 

{flowsh_cli-0.3.0 → flowsh_cli-0.4.0}/README.md

@@ -22,13 +22,15 @@ workflows:
       - type: agent
         name: Ask OpenCode
         agent: general
+        model: openai/gpt-5
+        command: review
         prompt: |
           Summarize the current repository state.
 ```
 
 Supported step types are only `vars`, `bash`, and `agent`.
 
-The input path must be a regular file no larger than 1 MiB. The input file must be valid UTF-8, non-empty YAML with a mapping root, no duplicate mapping keys, and no YAML aliases. Workflow and step names are single-line labels. Executable fields reject unsafe control bytes while allowing normal newlines and tabs. `vars` keys must be uppercase shell variable names, and `agent` names may contain only letters, digits, `_`, and `-`.
+The input path must be a regular file no larger than 1 MiB. The input file must be valid UTF-8, non-empty YAML with a mapping root, no duplicate mapping keys, and no YAML aliases. Workflow and step names are single-line labels. Executable fields reject unsafe control bytes while allowing normal newlines and tabs. `vars` keys must be uppercase shell variable names, and `agent` names may contain only letters, digits, `_`, and `-`. Agent `model` values are passed through to OpenCode, so provider/model IDs such as `openai/gpt-5` are valid. Agent `command` values map to OpenCode `--command`; the prompt remains the message/arguments after `--`.
 
 Agent prompts are literal by default. Set `expandPrompt: true` on an `agent` step only when the prompt should be expanded by Bash at harness runtime, for example to insert values exported by earlier `vars` steps:
 
@@ -43,6 +45,8 @@ Agent prompts are literal by default. Set `expandPrompt: true` on an `agent` ste
 
 `expandPrompt: true` is a security-sensitive opt-in: Bash also performs command substitution such as `$(...)` and backticks in the prompt body before OpenCode receives it. Keep it disabled for prompts that contain shell examples or untrusted content.
 
+Set `dangerouslySkipPermissions: true` on an `agent` step only when the generated harness should pass OpenCode `--dangerously-skip-permissions`. The flag is false by default, accepts the YAML alias `dangerously-skip-permissions`, and auto-approves permissions that are not explicitly denied. Treat it as security-sensitive and avoid it for untrusted workflows.
+
 Harness paths are derived from workflow ids. `wf_example` writes `.harness/example.sh`.
 
 ## Commands
@@ -114,7 +118,7 @@ Generated harnesses are also non-interactive. `harness.sh --dry-run` exits `0` a
 
 Generated harnesses are written with owner-only executable permissions and refuse to overwrite existing paths unless `--force` is passed. Multi-workflow generation preflights overwrite conflicts before writing any harness. `--force` replaces regular harness files and harness-file symlinks, but never replaces a directory at a harness file path. The `.harness` output directory must be a real directory, not a symlink or file. Harness dry runs do not create log files or directories. Real harness logs go to `.flowsh/logs` by default with owner-private directory and file permissions. Set `FLOWSH_LOG_DIR` when running a harness to use another local relative log directory; absolute paths, `..` path segments, symlinked path components, and non-directory log paths are refused. Logging setup and write failures fail the harness instead of being silently ignored.
 
-Generated `bash` and `vars` bodies run with `bash -euo pipefail`, so command failures stop the workflow instead of being masked by later successful commands. Captured `vars` values are exported for later `bash` steps. `agent` prompt heredocs are quoted by default and unquoted only when `expandPrompt: true` is set. `agent` steps invoke only `opencode run --format json -- <prompt>` with optional `--agent <agent>` before `--`, so dash-prefixed prompts are message content rather than OpenCode flags. Agent steps fail with a clear error if `opencode` is not on `PATH`.
+Generated `bash` and `vars` bodies run with `bash -euo pipefail`, so command failures stop the workflow instead of being masked by later successful commands. Captured `vars` values are exported for later `bash` steps. `agent` prompt heredocs are quoted by default and unquoted only when `expandPrompt: true` is set. `agent` steps invoke only `opencode run --format json` with optional `--agent <agent>`, `--model <provider/model>`, `--command <command>`, and `--dangerously-skip-permissions` flags before `-- <prompt>`, so dash-prefixed prompts are message content rather than OpenCode flags. Agent steps fail with a clear error if `opencode` is not on `PATH`.
 
 ## Development
 

{flowsh_cli-0.3.0 → flowsh_cli-0.4.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "uv_build"
 
 [project]
 name = "flowsh-cli"
-version = "0.3.0"
+version = "0.4.0"
 description = "Generate Bash harness scripts from workflow YAML files."
 readme = "README.md"
 requires-python = ">=3.11"

{flowsh_cli-0.3.0 → flowsh_cli-0.4.0}/src/flowsh_cli/__init__.py

@@ -3,7 +3,7 @@
 from flowsh_cli.models import Workflow, WorkflowParseError, parse_workflows
 from flowsh_cli.render import harness_path, render_harness
 
-__version__ = "0.3.0"
+__version__ = "0.4.0"
 
 __all__ = [
     "Workflow",

{flowsh_cli-0.3.0 → flowsh_cli-0.4.0}/src/flowsh_cli/models.py

@@ -7,7 +7,15 @@ from pathlib import Path
 from typing import Annotated, Literal
 
 import yaml
-from pydantic import BaseModel, ConfigDict, Field, ValidationError, field_validator
+from pydantic import (
+    AliasChoices,
+    BaseModel,
+    ConfigDict,
+    Field,
+    ValidationError,
+    field_validator,
+    model_validator,
+)
 
 MAX_WORKFLOW_YAML_BYTES = 1_048_576
 
@@ -67,9 +75,31 @@ class AgentStep(BaseStep):
     type: Literal["agent"]
     prompt: str
     agent: str | None = None
+    model: str | None = None
+    command: str | None = None
+    dangerouslySkipPermissions: bool = Field(
+        default=False,
+        validation_alias=AliasChoices(
+            "dangerouslySkipPermissions",
+            "dangerously-skip-permissions",
+        ),
+    )
     expandPrompt: bool = False
 
-    @field_validator("prompt", "agent")
+    @model_validator(mode="before")
+    @classmethod
+    def reject_ambiguous_dangerous_aliases(cls, data: object) -> object:
+        if (
+            isinstance(data, Mapping)
+            and "dangerouslySkipPermissions" in data
+            and "dangerously-skip-permissions" in data
+        ):
+            raise ValueError(
+                "dangerouslySkipPermissions and dangerously-skip-permissions must not both be set"
+            )
+        return data
+
+    @field_validator("prompt", "agent", "model", "command")
     @classmethod
     def validate_strings(cls, value: str | None) -> str | None:
         if value is not None and value.strip() == "":

{flowsh_cli-0.3.0 → flowsh_cli-0.4.0}/src/flowsh_cli/render.py

@@ -174,11 +174,23 @@ def render_harness(workflow: Workflow) -> str:
         "run_agent() {",
         '  local prompt="$1"',
         '  local agent="${2:-}"',
+        '  local model="${3:-}"',
+        '  local command="${4:-}"',
+        '  local dangerously_skip_permissions="${5:-false}"',
         "",
         "  local cmd=(opencode run --format json)",
         '  if [[ -n "$agent" ]]; then',
         '    cmd+=(--agent "$agent")',
         "  fi",
+        '  if [[ -n "$model" ]]; then',
+        '    cmd+=(--model "$model")',
+        "  fi",
+        '  if [[ -n "$command" ]]; then',
+        '    cmd+=(--command "$command")',
+        "  fi",
+        '  if [[ "$dangerously_skip_permissions" == true ]]; then',
+        "    cmd+=(--dangerously-skip-permissions)",
+        "  fi",
         "",
         '  if [[ "$DRY_RUN" == true ]]; then',
         '    log INFO "[DRY-RUN] would run: $(printf \'%q \' "${cmd[@]}") (with prompt)"',
@@ -255,11 +267,14 @@ def render_step(index: int, step: Step, used_function_names: set[str] | None = N
                 "  )",
             ]
         )
-        if step.agent:
-            lines.append(f"  local agent={bash_quote(step.agent)}")
-            lines.append('  run_agent "$prompt" "$agent"')
-        else:
-            lines.append('  run_agent "$prompt"')
+        lines.append(f"  local agent={bash_quote(step.agent or '')}")
+        lines.append(f"  local model={bash_quote(step.model or '')}")
+        lines.append(f"  local command={bash_quote(step.command or '')}")
+        dangerous_skip_permissions = "true" if step.dangerouslySkipPermissions else "false"
+        lines.append(f"  local dangerously_skip_permissions={dangerous_skip_permissions}")
+        lines.append(
+            '  run_agent "$prompt" "$agent" "$model" "$command" "$dangerously_skip_permissions"'
+        )
     else:
         raise AssertionError(f"Unsupported step type: {step}")