Version Packages#383
Merged
calvinbrewer merged 1 commit intomainfrom May 1, 2026
Merged
Conversation
github-actions
Bot
force-pushed
the
changeset-release/main
branch
from
1ad98f2 to
bd77e01
Compare
github-actions
Bot
force-pushed
the
changeset-release/main
branch
from
a593547 to
3dd9d78
Compare
github-actions
Bot
force-pushed
the
changeset-release/main
branch
from
53f0787 to
209aabe
Compare
calvinbrewer
approved these changes
May 1, 2026
coderdan
added a commit
that referenced
this pull request
May 2, 2026
…n prompt Three changes that turn the agent handoff from "here are the rules, figure it out" into "here's exactly what to do": 1. **Resolve DATABASE_URL upfront and require it.** New resolve-database step wraps the existing resolveDatabaseUrl resolver (--flag → env → supabase status → interactive prompt → hard fail). The URL is threaded through state so downstream steps don't re-prompt. 2. **Introspect the database and let the user pick columns.** build-schema now connects, lists tables in the public schema, and runs the same multi-select UX as `stash schema build` (lifted into a shared lib). Empty databases still fall back to the placeholder users/email/name client; the action prompt notes that and asks the agent to reshape it. 3. **Install EQL during init.** New install-eql step runs `stash db install` programmatically after a y/N confirm, using the URL we already resolved. No second credential prompt. Skipping isn't a dead end — the action prompt's first TODO becomes "run stash db install". 4. **Write `.cipherstash/setup-prompt.md`** — a per-project action plan generated from init state. Lists what init already did and what's left with exact commands and paths (drizzle-kit generate / migrate, supabase migration new, etc.) tailored to the detected integration and package manager. Claude / Codex launch prompts now point the agent at this file first; the skill / AGENTS.md provides the reusable rulebook the prompt references. For IDE users, it's ready to paste into the first chat. Renames install-forge → install-deps. "Forge" was the legacy name for the CLI itself (renamed to `stash` in #383); the step installs `@cipherstash/stack` and `stash`, so install-deps says what it actually does. Refactor: introspectDatabase + selectTableColumns lifted from schema/build.ts into init/lib/introspect.ts so both the standalone command and the new init step share one codepath. generateClientFromSchemas similarly consolidated into init/utils.ts.
coderdan
added a commit
that referenced
this pull request
May 3, 2026
…n prompt Three changes that turn the agent handoff from "here are the rules, figure it out" into "here's exactly what to do": 1. **Resolve DATABASE_URL upfront and require it.** New resolve-database step wraps the existing resolveDatabaseUrl resolver (--flag → env → supabase status → interactive prompt → hard fail). The URL is threaded through state so downstream steps don't re-prompt. 2. **Introspect the database and let the user pick columns.** build-schema now connects, lists tables in the public schema, and runs the same multi-select UX as `stash schema build` (lifted into a shared lib). Empty databases still fall back to the placeholder users/email/name client; the action prompt notes that and asks the agent to reshape it. 3. **Install EQL during init.** New install-eql step runs `stash db install` programmatically after a y/N confirm, using the URL we already resolved. No second credential prompt. Skipping isn't a dead end — the action prompt's first TODO becomes "run stash db install". 4. **Write `.cipherstash/setup-prompt.md`** — a per-project action plan generated from init state. Lists what init already did and what's left with exact commands and paths (drizzle-kit generate / migrate, supabase migration new, etc.) tailored to the detected integration and package manager. Claude / Codex launch prompts now point the agent at this file first; the skill / AGENTS.md provides the reusable rulebook the prompt references. For IDE users, it's ready to paste into the first chat. Renames install-forge → install-deps. "Forge" was the legacy name for the CLI itself (renamed to `stash` in #383); the step installs `@cipherstash/stack` and `stash`, so install-deps says what it actually does. Refactor: introspectDatabase + selectTableColumns lifted from schema/build.ts into init/lib/introspect.ts so both the standalone command and the new init step share one codepath. generateClientFromSchemas similarly consolidated into init/utils.ts.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.
Releases
stash@0.11.0
Minor Changes
de9c02c: Rename the CLI package from
@cipherstash/clitostash. The published code, commands, and flags are unchanged — this is a pure rename so the day-to-day invocation drops fromnpx @cipherstash/cli ...tonpx stash ....Migration
Update your
package.jsondevDependencies:Update the
defineConfigimport instash.config.ts:Update any
npx @cipherstash/cli .../bunx @cipherstash/cli .../pnpm dlx @cipherstash/cli .../yarn dlx @cipherstash/cli ...invocations in scripts, CI, READMEs, and team docs to usestashinstead. Programmatic exports (defineConfig,loadStashConfig,EQLInstaller,loadBundledEqlSql,downloadEqlSql,PermissionCheckResult) are re-exported fromstashwith the same shapes.Wizard impact (
@cipherstash/wizard)The wizard's post-agent step and its prerequisite / agent-error hints now reference
stash(e.g.Run: bunx stash auth login,Running bunx stash db install...) rather than@cipherstash/cli. The wizard package name andstash-wizardbinary are unchanged — only the strings the wizard prints and the commands it shells out to are affected.8ee11fd: Layered
DATABASE_URLresolution for DB / schema commands.Previously, any DB-touching command (
db install,db push,db upgrade,db status,db validate,db test-connection,schema build) failed with the cryptic Zod error:if
DATABASE_URLwasn't already in the environment. The CLI auto-loaded.env.local/.env.development.local/.env.development/.env, but had no story for--database-urlflags, local Supabase, or pasted-once values.The scaffolded
stash.config.tsnow calls a resolver directly:resolveDatabaseUrl()walks sources in order; first hit wins:--database-url <url>flag — new, accepted on all seven DB / schema commands. Used for this run only; never written to disk.process.env.DATABASE_URL— covers shell exports, mise, direnv, dotenv-cli, the existing dotenv loads.supabase status --output env→DB_URL— auto-engaged when--supabaseis set or asupabase/config.tomlis detected. Useful for local Supabase users who haven't exported the URL yet.CI=trueor non-TTY stdin.The connection string is never persisted to disk —
stash.config.tsonly contains theawait resolveDatabaseUrl()call, never a literal URL. The resolver also doesn't mutateprocess.env; CLI flag context is threaded into the config evaluation viaAsyncLocalStorageso concurrent loads stay isolated. Source labels are logged on non-env paths (Using DATABASE_URL from --database-url flag/from supabase status/from prompt) but the URL itself is never echoed.db test-connection's connection-failure hint is now source-aware: it points users at--database-url, the env var, and the actual dotenv file in their project (.env.localif present,.envotherwise) — not the misleadingstash.config.tsit used to suggest.@cipherstash/protect@11.1.1
Patch Changes
@cipherstash/protect-dynamodb@11.0.1
Patch Changes
@cipherstash/stack@0.15.3
Patch Changes
@cipherstash/wizard@0.1.2
Patch Changes
de9c02c: Rename the CLI package from
@cipherstash/clitostash. The published code, commands, and flags are unchanged — this is a pure rename so the day-to-day invocation drops fromnpx @cipherstash/cli ...tonpx stash ....Migration
Update your
package.jsondevDependencies:Update the
defineConfigimport instash.config.ts:Update any
npx @cipherstash/cli .../bunx @cipherstash/cli .../pnpm dlx @cipherstash/cli .../yarn dlx @cipherstash/cli ...invocations in scripts, CI, READMEs, and team docs to usestashinstead. Programmatic exports (defineConfig,loadStashConfig,EQLInstaller,loadBundledEqlSql,downloadEqlSql,PermissionCheckResult) are re-exported fromstashwith the same shapes.Wizard impact (
@cipherstash/wizard)The wizard's post-agent step and its prerequisite / agent-error hints now reference
stash(e.g.Run: bunx stash auth login,Running bunx stash db install...) rather than@cipherstash/cli. The wizard package name andstash-wizardbinary are unchanged — only the strings the wizard prints and the commands it shells out to are affected.@cipherstash/basic-example@1.2.9
Patch Changes