chore(internal): codegen related update

stainless-app[bot] · stainless-app[bot] · commit efd701434f04 · 2026-01-29T07:47:52.000Z
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -20,7 +20,7 @@ jobs:
     if: github.event_name == 'push' || github.event.pull_request.head.repo.fork
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Setup go
         uses: actions/setup-go@v5
@@ -39,7 +39,7 @@ jobs:
     runs-on: ${{ github.repository == 'stainless-sdks/hypeman-cli' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }}
     if: github.event_name == 'push' || github.event.pull_request.head.repo.fork
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Setup go
         uses: actions/setup-go@v5
diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
       with:
         fetch-depth: 0
     - name: Set up Go
diff --git a/.github/workflows/release-doctor.yml b/.github/workflows/release-doctor.yml
@@ -12,7 +12,7 @@ jobs:
     if: github.repository == 'kernel/hypeman-cli' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || startsWith(github.head_ref, 'release-please') || github.head_ref == 'next')
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Check release environment
         run: |
diff --git a/README.md b/README.md
@@ -2,6 +2,8 @@
 
 The official CLI for [Hypeman](https://github.com/kernel/hypeman/).
 
+<!-- x-release-please-start-version -->
+
 ## Installation
 
 ### Installing with Homebrew
@@ -12,22 +14,18 @@ brew install kernel/tap/hypeman
 
 ### Installing with Go
 
-<!-- x-release-please-start-version -->
-
 ```sh
 go install 'github.com/kernel/hypeman-cli/cmd/hypeman@latest'
 ```
 
-### Running Locally
+<!-- x-release-please-end -->
 
-<!-- x-release-please-start-version -->
+### Running Locally
 
 ```sh
-go run cmd/hypeman/main.go
+./scripts/run args...
 ```
 
-<!-- x-release-please-end -->
-
 ## Usage
 
 ```sh
@@ -265,9 +263,15 @@ hypeman [resource] [command] [flags]
 
 ## Global Flags
 
+- `--help` - Show command line usage
 - `--debug` - Enable debug logging (includes HTTP request/response details)
 - `--version`, `-v` - Show the CLI version
 
+- `--base-url` - Use a custom API backend URL
+- `--format` - Change the output format (`auto`, `explore`, `json`, `jsonl`, `pretty`, `raw`, `yaml`)
+- `--format-error` - Change the output format for errors (`auto`, `explore`, `json`, `jsonl`, `pretty`, `raw`, `yaml`)
+- `--transform` - Transform the data output using [GJSON syntax](https://github.com/tidwall/gjson/blob/master/SYNTAX.md)
+- `--transform-error` - Transform the error output using [GJSON syntax](https://github.com/tidwall/gjson/blob/master/SYNTAX.md)
 ## Development
 
 ### Testing Preview Branches
diff --git a/internal/debugmiddleware/debug_middleware.go b/internal/debugmiddleware/debug_middleware.go
@@ -1,11 +1,13 @@
 package debugmiddleware
 
 import (
+	"bytes"
+	"io"
 	"log"
 	"net/http"
 	"net/http/httputil"
+	"reflect"
 	"strings"
-	"sync"
 )
 
 // For the time being these type definitions are duplicated here so that we can
@@ -17,7 +19,8 @@ type (
 
 const redactedPlaceholder = "<REDACTED>"
 
-// Headers known to contain sensitive information like an API key.
+// Headers known to contain sensitive information like an API key. Note that this exclude `Authorization`,
+// which is handled specially in `redactRequest` below.
 var sensitiveHeaders = []string{}
 
 // RequestLogger is a middleware that logs HTTP requests and responses.
@@ -36,7 +39,11 @@ func NewRequestLogger() *RequestLogger {
 
 func (m *RequestLogger) Middleware() Middleware {
 	return func(req *http.Request, mn MiddlewareNext) (*http.Response, error) {
-		if reqBytes, err := httputil.DumpRequest(m.redactRequest(req), true); err == nil {
+		redacted, err := m.redactRequest(req)
+		if err != nil {
+			return nil, err
+		}
+		if reqBytes, err := httputil.DumpRequest(redacted, true); err == nil {
 			m.logger.Printf("Request Content:\n%s\n", reqBytes)
 		}
 
@@ -57,42 +64,64 @@ func (m *RequestLogger) Middleware() Middleware {
 // purposes. If redaction is necessary, the request is cloned before mutating
 // the original and that clone is returned. As a small optimization, the
 // original is request is returned unchanged if no redaction is necessary.
-func (m *RequestLogger) redactRequest(req *http.Request) *http.Request {
-	cloneReq := sync.OnceFunc(func() {
-		req = req.Clone(req.Context())
-	})
+func (m *RequestLogger) redactRequest(req *http.Request) (*http.Request, error) {
+	redactedHeaders := req.Header.Clone()
 
 	// Notably, the clauses below are written so they can redact multiple
 	// headers of the same name if necessary.
-	if values := req.Header.Values("Authorization"); len(values) > 0 {
-		cloneReq()
-		req.Header.Del("Authorization")
+	if values := redactedHeaders.Values("Authorization"); len(values) > 0 {
+		redactedHeaders.Del("Authorization")
 
 		for _, value := range values {
 			// In case we're using something like a bearer token (e.g. `Bearer
 			// <my_token>`), keep the `Bearer` part for more debugging
 			// information.
 			if authKind, _, ok := strings.Cut(value, " "); ok {
-				req.Header.Add("Authorization", authKind+" "+redactedPlaceholder)
+				redactedHeaders.Add("Authorization", authKind+" "+redactedPlaceholder)
 			} else {
-				req.Header.Add("Authorization", redactedPlaceholder)
+				redactedHeaders.Add("Authorization", redactedPlaceholder)
 			}
 		}
 	}
 
 	for _, header := range m.sensitiveHeaders {
-		values := req.Header.Values(header)
+		values := redactedHeaders.Values(header)
 		if len(values) == 0 {
 			continue
 		}
 
-		cloneReq()
-		req.Header.Del(header)
+		redactedHeaders.Del(header)
 
 		for range values {
-			req.Header.Add(header, redactedPlaceholder)
+			redactedHeaders.Add(header, redactedPlaceholder)
 		}
 	}
 
-	return req
+	if reflect.DeepEqual(req.Header, redactedHeaders) {
+		return req, nil
+	}
+
+	redacted := req.Clone(req.Context())
+	redacted.Header = redactedHeaders
+	var err error
+	redacted.Body, req.Body, err = cloneBody(req.Body)
+	return redacted, err
+}
+
+// This function returns two copies of an HTTP request body that can each be
+// read independently without affecting the other.
+// This logic is taken from `drainBody` in net/http/httputil.
+func cloneBody(b io.ReadCloser) (r1, r2 io.ReadCloser, err error) {
+	if b == nil || b == http.NoBody {
+		// No copying needed. Preserve the magic sentinel meaning of NoBody.
+		return http.NoBody, http.NoBody, nil
+	}
+	var buf bytes.Buffer
+	if _, err = buf.ReadFrom(b); err != nil {
+		return nil, b, err
+	}
+	if err = b.Close(); err != nil {
+		return nil, b, err
+	}
+	return io.NopCloser(&buf), io.NopCloser(bytes.NewReader(buf.Bytes())), nil
 }
diff --git a/internal/debugmiddleware/debug_middleware_test.go b/internal/debugmiddleware/debug_middleware_test.go
@@ -2,6 +2,7 @@ package debugmiddleware
 
 import (
 	"bytes"
+	"io"
 	"log"
 	"net/http"
 	"net/http/httptest"
@@ -166,4 +167,35 @@ func TestDebugMiddleware(t *testing.T) {
 		require.True(t, nextMiddlewareRan)
 		require.Equal(t, 2, strings.Count(logBuf.String(), customAPIKeyHeader+": "+redactedPlaceholder))
 	})
+
+	t.Run("DoesNotConsumeRequestBodyWhenIoReader", func(t *testing.T) {
+		t.Parallel()
+
+		middleware, logBuf := setup()
+		middleware.sensitiveHeaders = []string{customAPIKeyHeader}
+
+		const bodyContent = "test request body content"
+		bodyReader := strings.NewReader(bodyContent)
+
+		req := httptest.NewRequest("POST", "https://example.com", bodyReader)
+		req.Header.Set("Authorization", secretToken)
+
+		var nextMiddlewareRan bool
+		middleware.Middleware()(req, func(req *http.Request) (*http.Response, error) {
+			nextMiddlewareRan = true
+
+			// The request body should still be fully readable after the middleware runs
+			body, err := io.ReadAll(req.Body)
+			require.NoError(t, err)
+			require.Equal(t, bodyContent, string(body))
+
+			// The request sent down through middleware shouldn't be mutated.
+			require.Equal(t, secretToken, req.Header.Get("Authorization"))
+
+			return &http.Response{}, nil
+		})
+
+		require.True(t, nextMiddlewareRan)
+		require.Contains(t, logBuf.String(), "Authorization: "+redactedPlaceholder)
+	})
 }
diff --git a/internal/requestflag/innerflag.go b/internal/requestflag/innerflag.go
@@ -192,19 +192,17 @@ func WithInnerFlags(cmd cli.Command, innerFlagMap map[string][]HasOuterFlag) cli
 
 	updatedFlags := make([]cli.Flag, 0, len(cmd.Flags))
 	for _, flag := range cmd.Flags {
+		updatedFlags = append(updatedFlags, flag)
 		for _, name := range flag.Names() {
 			// Check if this flag has inner flags in our map
 			innerFlags, hasInnerFlags := innerFlagMap[name]
 			if !hasInnerFlags {
-				// No inner flags for this one, add it as-is
-				updatedFlags = append(updatedFlags, flag)
 				continue
 			}
 
 			// Mark this inner flag key as used
 			delete(unusedInnerFlagKeys, name)
 
-			updatedFlags = append(updatedFlags, flag)
 			for _, innerFlag := range innerFlags {
 				innerFlag.SetOuterFlag(flag)
 				updatedFlags = append(updatedFlags, innerFlag)
diff --git a/pkg/cmd/cmdutil.go b/pkg/cmd/cmdutil.go
@@ -298,7 +298,7 @@ func ShowJSONIterator[T any](stdout *os.File, title string, iter jsonview.Iterat
 
 	terminalWidth, terminalHeight, err := term.GetSize(os.Stdout.Fd())
 	if err != nil {
-		return err
+		terminalHeight = 100
 	}
 
 	// Decide whether or not to use a pager based on whether it's a short output or a long output
diff --git a/pkg/cmd/instance.go b/pkg/cmd/instance.go
@@ -83,11 +83,13 @@ var instancesCreate = requestflag.WithInnerFlags(cli.Command{
 		&requestflag.Flag[bool]{
 			Name:     "skip-guest-agent",
 			Usage:    "Skip guest-agent installation during boot.\nWhen true, the exec and stat APIs will not work for this instance.\nThe instance will still run, but remote command execution will be unavailable.\n",
+			Default:  false,
 			BodyPath: "skip_guest_agent",
 		},
 		&requestflag.Flag[bool]{
 			Name:     "skip-kernel-headers",
 			Usage:    "Skip kernel headers installation during boot for faster startup.\nWhen true, DKMS (Dynamic Kernel Module Support) will not work,\npreventing compilation of out-of-tree kernel modules (e.g., NVIDIA vGPU drivers).\nRecommended for workloads that don't need kernel module compilation.\n",
+			Default:  false,
 			BodyPath: "skip_kernel_headers",
 		},
 		&requestflag.Flag[int64]{
@@ -193,6 +195,7 @@ var instancesLogs = cli.Command{
 		&requestflag.Flag[bool]{
 			Name:      "follow",
 			Usage:     "Continue streaming new lines after initial output",
+			Default:   false,
 			QueryPath: "follow",
 		},
 		&requestflag.Flag[string]{
@@ -272,6 +275,7 @@ var instancesStat = cli.Command{
 		&requestflag.Flag[bool]{
 			Name:      "follow-links",
 			Usage:     "Follow symbolic links (like stat vs lstat)",
+			Default:   false,
 			QueryPath: "follow_links",
 		},
 	},
diff --git a/pkg/cmd/instancevolume.go b/pkg/cmd/instancevolume.go
@@ -37,6 +37,7 @@ var instancesVolumesAttach = cli.Command{
 		&requestflag.Flag[bool]{
 			Name:     "readonly",
 			Usage:    "Mount as read-only",
+			Default:  false,
 			BodyPath: "readonly",
 		},
 	},
diff --git a/scripts/bootstrap b/scripts/bootstrap
@@ -19,8 +19,5 @@ if [ -f "Brewfile" ] && [ "$(uname -s)" = "Darwin" ] && [ "$SKIP_BREW" != "1" ]
   }
 fi
 
-# Enable access to private Go modules in the Stainless staging repos
-go env -w 'GOPRIVATE=github.com/stainless-sdks/*'
-
 echo "==> Installing Go dependencies…"
 go mod tidy

Original file line number	Diff line number	Diff line change
`@@ -298,7 +298,7 @@ func ShowJSONIterator[T any](stdout *os.File, title string, iter jsonview.Iterat`
`298`	`298`
`299`	`299`	`terminalWidth, terminalHeight, err := term.GetSize(os.Stdout.Fd())`
`300`	`300`	`if err != nil {`
`301`		`- return err`
	`301`	`+ terminalHeight = 100`
`302`	`302`	`}`
`303`	`303`
`304`	`304`	`// Decide whether or not to use a pager based on whether it's a short output or a long output`