Version Packages#597
Open
github-actions[bot] wants to merge 1 commit into
Open
Conversation
8ef060a to
f435ce5
Compare
78e0aa0 to
a91c0db
Compare
f2a607b to
8ac66a8
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.
Releases
stash@0.17.2
Patch Changes
f23f952: Remove the leftovers from the secrets removal (
1929c8fe), which deletedpackages/stack/src/secrets/but left its export, build entry, skill, and docsbehind. Secrets tooling is not ready; nothing here was functional.
@cipherstash/stack/secretssubpath export. It pointed at./dist/secrets/index.js, which has no source and is not in the tarball, soimport '@cipherstash/stack/secrets'has been throwingERR_MODULE_NOT_FOUNDfor every consumer since the source was removed. Also drops the dangling
src/secrets/index.tsentry fromtsup.config.ts. Removing an export thatcannot resolve breaks nothing.
stash-secretsagent skill and its references inAGENTS.mdand the init setup-prompt skill index. It was never installed by
stash init(it is absent from
SKILL_MAP), so no user project ever received it.Secretsclass API and thenpx stash secretscommand reference in@cipherstash/stack, and thenpx stash secretssection instash. The CLIcommand does not exist —
stash secretsreturnsUnknown command.1a9d190: Refresh the bundled
stash-cliagent skill and the CLI README against the currentcommand surface. The skills directory ships inside the
stashtarball and is copiedinto the user's
.claude/skills//.codex/skills/(or inlined intoAGENTS.md) athandoff time, so a stale skill becomes stale guidance in the user's project.
Start hereandAuthenticationsections. Setup is driven through the CLI:agents read
stash manifest --jsonfirst, then triggerstash auth login --jsonandsurface the verification URL for a human to approve, then run
stash init. Authenticatingbefore
initmatters —init's auth step is interactive and would otherwise try to opena browser on the agent's host.
Never read theseinvariant, mirrored into theAGENTS.mddoctrine: agents mustnever read
~/.cipherstash/secretkey.json,~/.cipherstash/auth.json, anything under~/.cipherstash/workspaces/, or.env*. The wizard already blocks these paths in code;the other handoff targets had no written rule.
manifest,doctor,wizard, andauth regions, which the skill omittedentirely, plus the non-interactive interface (per-command escape hatches, exit codes, the
DATABASE_URLresolution order, theauth login --jsonNDJSON event contract).db→eqlmove.db install,db upgrade, anddb statusaredeprecated aliases that warn and forward;
db push,db activate,db validate,db test-connection, anddb migrateremain in thedbgroup.db push/db activateas EQL v2 + CipherStash Proxy only, in both the skilland the README's recommended flow. SDK users hold their encryption config in application
code and don't need them.
--database-url,--eql-version,--prisma-next,--proxy/--no-proxy,and
--regionflags; corrects six programmatic API signatures; fixes the README's claimthat
stash initends in an agent-handoff menu (that belongs tostash plan/stash impl);and marks
stash envas the non-functional stub it currently is.@cipherstash/prisma-next@0.3.3
Patch Changes
@cipherstash/stack@0.19.1
Patch Changes
f23f952: Remove the leftovers from the secrets removal (
1929c8fe), which deletedpackages/stack/src/secrets/but left its export, build entry, skill, and docsbehind. Secrets tooling is not ready; nothing here was functional.
@cipherstash/stack/secretssubpath export. It pointed at./dist/secrets/index.js, which has no source and is not in the tarball, soimport '@cipherstash/stack/secrets'has been throwingERR_MODULE_NOT_FOUNDfor every consumer since the source was removed. Also drops the dangling
src/secrets/index.tsentry fromtsup.config.ts. Removing an export thatcannot resolve breaks nothing.
stash-secretsagent skill and its references inAGENTS.mdand the init setup-prompt skill index. It was never installed by
stash init(it is absent from
SKILL_MAP), so no user project ever received it.Secretsclass API and thenpx stash secretscommand reference in@cipherstash/stack, and thenpx stash secretssection instash. The CLIcommand does not exist —
stash secretsreturnsUnknown command.@cipherstash/wizard@0.4.1
Patch Changes
9c673bb: Stop the agent guard from blocking
.env.example.SENSITIVE_FILE_PATTERNSmatched/\.env($|\.)/, which tests true against.env.example. Because the guard coversEditandWriteas well asRead,the wizard's agent was blocked from creating or editing the very file the
CipherStash doctrine tells it to write ("New env keys go in
.env.examplewithplaceholders"). Committed env templates carry placeholder key names, not values.
.env.example,.env.sampleand.env.templateare now readable and writable.Everything else is unchanged:
.env,.env.local,.env.production, andvalue-bearing files that merely start with a template name
(
.env.example.local,.env.example.bak) stay blocked, as doauth.json,secretkey.jsonand credential files. Bash access to any env file — includingthe templates — remains blocked;
Read/Writeis the sanctioned path.@cipherstash/e2e@0.0.3
Patch Changes
@cipherstash/basic-example@1.2.14
Patch Changes
@cipherstash/prisma-next-example@0.0.6
Patch Changes
@cipherstash/bench@0.0.5
Patch Changes