Skip to content

feat(runtime): add safe secret input modes#75

Merged
samzong merged 1 commit into
mainfrom
feat/safe-secret-input-modes
Jun 26, 2026
Merged

feat(runtime): add safe secret input modes#75
samzong merged 1 commit into
mainfrom
feat/safe-secret-input-modes

Conversation

@samzong

@samzong samzong commented Jun 26, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Add safe input modes for generated sensitive string flags so credentials can be supplied through --<flag>-env, --<flag>-file, or --<flag>-stdin instead of direct shell arguments.
  • Expose safe input support through commands show --json via flags[].input_modes and bump the catalog schema from 7 to 8.
  • Update generated Skill guidance and CLI usage docs so agents prefer safe input modes when command detail exposes them.

Closes #71.

Scope comparison

Area Issue direction This PR direction Status
Safe input modes Support env, stdin, file, and no-echo prompt Support env, file, and stdin Done
High-value credential path Avoid putting provider API keys in shell arguments --input-api-key-env OPENAI_API_KEY and sibling modes work for generated sensitive string flags Done
Backward compatibility Keep direct flags where needed Existing --input-api-key sk-... style flags still work Done
Mode conflicts Avoid ambiguous secret sources Using more than one input mode for the same flag returns an error Done
Detection Use schema metadata, overlays, and conservative names Runtime uses conservative name matching plus format: password; no new overlay/schema surface Done
Catalog Expose safe modes through command detail flags[].input_modes=[\"flag\",\"env\",\"file\",\"stdin\"] and catalog schema 8 Done
Prompt input Add no-echo prompt Not included in this first cut Deferred
x-sensitive Honor OpenAPI vendor extension Not included Deferred
Overlay metadata Add explicit overlay sensitive control Not included Deferred
Request body schema fields Support safe modes for arbitrary body fields Not included; existing --set and --file remain unchanged Deferred
Codegen architecture Model sensitivity through the full IR/render pipeline Not changed; this stays in the runtime/catalog boundary Deferred

Verification

  • make check

Compatibility

  • Generated command behavior changes only for string flags inferred as sensitive by name or format: password; those flags gain additional sibling safe-input flags while preserving the direct flag.
  • commands show --json adds flags[].input_modes for sensitive flags, and commands schema --json now reports catalog schema version 8.
  • Request body handling, generated command paths, auth resolution, and generated output files are unchanged.

Checklist

  • Tests or focused verification cover the changed surface.
  • User-facing behavior changes are documented.
  • Generated output under internal/generated/, .cache/, and ad-hoc skills/<cli-name>/ directories is not committed.
  • Commits are signed off when this is ready to merge.

Signed-off-by: samzong <samzong.lu@gmail.com>
@samzong samzong merged commit 25c2eef into main Jun 26, 2026
3 checks passed
@samzong samzong deleted the feat/safe-secret-input-modes branch June 26, 2026 17:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat(runtime): add safe secret input modes for generated commands

1 participant