Skip to content

Version Packages#597

Open
github-actions[bot] wants to merge 1 commit into
mainfrom
changeset-release/main
Open

Version Packages#597
github-actions[bot] wants to merge 1 commit into
mainfrom
changeset-release/main

Conversation

@github-actions

@github-actions github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

stash@0.17.2

Patch Changes

  • f23f952: Remove the leftovers from the secrets removal (1929c8fe), which deleted
    packages/stack/src/secrets/ but left its export, build entry, skill, and docs
    behind. Secrets tooling is not ready; nothing here was functional.

    • Drop the dead @cipherstash/stack/secrets subpath export. It pointed at
      ./dist/secrets/index.js, which has no source and is not in the tarball, so
      import '@cipherstash/stack/secrets' has been throwing ERR_MODULE_NOT_FOUND
      for every consumer since the source was removed. Also drops the dangling
      src/secrets/index.ts entry from tsup.config.ts. Removing an export that
      cannot resolve breaks nothing.
    • Remove the stash-secrets agent skill and its references in AGENTS.md
      and the init setup-prompt skill index. It was never installed by stash init
      (it is absent from SKILL_MAP), so no user project ever received it.
    • Remove the secrets documentation from both published READMEs: the
      Secrets class API and the npx stash secrets command reference in
      @cipherstash/stack, and the npx stash secrets section in stash. The CLI
      command does not exist — stash secrets returns Unknown command.
  • 1a9d190: Refresh the bundled stash-cli agent skill and the CLI README against the current
    command surface. The skills directory ships inside the stash tarball and is copied
    into the user's .claude/skills/ / .codex/skills/ (or inlined into AGENTS.md) at
    handoff time, so a stale skill becomes stale guidance in the user's project.

    • New Start here and Authentication sections. Setup is driven through the CLI:
      agents read stash manifest --json first, then trigger stash auth login --json and
      surface the verification URL for a human to approve, then run stash init. Authenticating
      before init matters — init's auth step is interactive and would otherwise try to open
      a browser on the agent's host.
    • New Never read these invariant, mirrored into the AGENTS.md doctrine: agents must
      never read ~/.cipherstash/secretkey.json, ~/.cipherstash/auth.json, anything under
      ~/.cipherstash/workspaces/, or .env*. The wizard already blocks these paths in code;
      the other handoff targets had no written rule.
    • Documents manifest, doctor, wizard, and auth regions, which the skill omitted
      entirely, plus the non-interactive interface (per-command escape hatches, exit codes, the
      DATABASE_URL resolution order, the auth login --json NDJSON event contract).
    • Corrects the dbeql move. db install, db upgrade, and db status are
      deprecated aliases that warn and forward; db push, db activate, db validate,
      db test-connection, and db migrate remain in the db group.
    • Scopes db push / db activate as EQL v2 + CipherStash Proxy only, in both the skill
      and the README's recommended flow. SDK users hold their encryption config in application
      code and don't need them.
    • Adds the missing --database-url, --eql-version, --prisma-next, --proxy/--no-proxy,
      and --region flags; corrects six programmatic API signatures; fixes the README's claim
      that stash init ends in an agent-handoff menu (that belongs to stash plan / stash impl);
      and marks stash env as the non-functional stub it currently is.
    • @cipherstash/migrate@0.2.0

@cipherstash/prisma-next@0.3.3

Patch Changes

  • Updated dependencies [f23f952]
    • @cipherstash/stack@0.19.1

@cipherstash/stack@0.19.1

Patch Changes

  • f23f952: Remove the leftovers from the secrets removal (1929c8fe), which deleted
    packages/stack/src/secrets/ but left its export, build entry, skill, and docs
    behind. Secrets tooling is not ready; nothing here was functional.

    • Drop the dead @cipherstash/stack/secrets subpath export. It pointed at
      ./dist/secrets/index.js, which has no source and is not in the tarball, so
      import '@cipherstash/stack/secrets' has been throwing ERR_MODULE_NOT_FOUND
      for every consumer since the source was removed. Also drops the dangling
      src/secrets/index.ts entry from tsup.config.ts. Removing an export that
      cannot resolve breaks nothing.
    • Remove the stash-secrets agent skill and its references in AGENTS.md
      and the init setup-prompt skill index. It was never installed by stash init
      (it is absent from SKILL_MAP), so no user project ever received it.
    • Remove the secrets documentation from both published READMEs: the
      Secrets class API and the npx stash secrets command reference in
      @cipherstash/stack, and the npx stash secrets section in stash. The CLI
      command does not exist — stash secrets returns Unknown command.

@cipherstash/wizard@0.4.1

Patch Changes

  • 9c673bb: Stop the agent guard from blocking .env.example.

    SENSITIVE_FILE_PATTERNS matched /\.env($|\.)/, which tests true against
    .env.example. Because the guard covers Edit and Write as well as Read,
    the wizard's agent was blocked from creating or editing the very file the
    CipherStash doctrine tells it to write ("New env keys go in .env.example with
    placeholders"). Committed env templates carry placeholder key names, not values.

    .env.example, .env.sample and .env.template are now readable and writable.
    Everything else is unchanged: .env, .env.local, .env.production, and
    value-bearing files that merely start with a template name
    (.env.example.local, .env.example.bak) stay blocked, as do auth.json,
    secretkey.json and credential files. Bash access to any env file — including
    the templates — remains blocked; Read/Write is the sanctioned path.

@cipherstash/e2e@0.0.3

Patch Changes

  • Updated dependencies [f23f952]
  • Updated dependencies [1a9d190]
  • Updated dependencies [9c673bb]
    • @cipherstash/stack@0.19.1
    • stash@0.17.2
    • @cipherstash/wizard@0.4.1

@cipherstash/basic-example@1.2.14

Patch Changes

  • Updated dependencies [f23f952]
    • @cipherstash/stack@0.19.1

@cipherstash/prisma-next-example@0.0.6

Patch Changes

  • Updated dependencies [f23f952]
    • @cipherstash/stack@0.19.1
    • @cipherstash/prisma-next@0.3.3

@cipherstash/bench@0.0.5

Patch Changes

  • Updated dependencies [f23f952]
    • @cipherstash/stack@0.19.1

@github-actions github-actions Bot requested a review from a team as a code owner July 9, 2026 06:35
@github-actions github-actions Bot closed this Jul 9, 2026
@github-actions github-actions Bot force-pushed the changeset-release/main branch from 8ef060a to f435ce5 Compare July 9, 2026 07:14
@github-actions github-actions Bot reopened this Jul 9, 2026
@github-actions github-actions Bot closed this Jul 9, 2026
@github-actions github-actions Bot force-pushed the changeset-release/main branch from 78e0aa0 to a91c0db Compare July 9, 2026 07:24
@github-actions github-actions Bot reopened this Jul 9, 2026
@github-actions github-actions Bot closed this Jul 9, 2026
@github-actions github-actions Bot force-pushed the changeset-release/main branch from f2a607b to 8ac66a8 Compare July 9, 2026 10:12
@calvinbrewer calvinbrewer reopened this Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant