cli: profiles aliases, global options, allow-devices RPC hardening#231
Merged
cli: profiles aliases, global options, allow-devices RPC hardening#231
Conversation
- Fail fast on stuck RPC (30s wrapper) and surface the hang as a clear error with a copy-paste retry command containing a chainlist-sourced alternative endpoint - Mask --private-key in the reconstructed retry command so shell-expanded secrets don't leak into the error hint - Add --rpc-url option to `allow-devices list` - Drop logger and chalk wrappers from allow-devices output; write progress to stderr directly and respect --json via a per-handler say closure
Leechael
changed the title
Contributor
📋 Check Results✨ JS SDK - Code FormattingShow format check results🔍 JS SDK - TypeScript Type CheckShow type check output🧪 JS SDK - Test ResultsShow test output📝 JS SDK - Lint CheckShow lint results🌐 JS SDK - Browser CompatibilityShow browser test results🌐 Browser Compatibility ReportBrowser compatibility tests completed across:
The SDK has been verified to work in modern browser environments. Check run: https://github.com/Phala-Network/phala-cloud/actions/runs/24237405225 |
When allowAnyDevice is true, getAllowedDevices short-circuits and echoes the queried device IDs back as if they were "allowed" — which is all platform nodes, not a real allowlist. Printing that table is misleading. Skip the table in human output and return an empty devices array in --json mode so consumers don't mistake the echo for a curated list.
Extract shared privateKeyOption / rpcUrlOption into core/common-flags.ts so on-chain KMS commands (deploy, allow-devices, cvms replicate, envs update) share a single definition and consistent help text. Add ETH_RPC_URL environment variable fallback to match foundry/cast convention: --rpc-url > ETH_RPC_URL > chain default. Users with an existing foundry workflow can reuse their RPC endpoint configuration. PRIVATE_KEY env var support was already present; its description is now surfaced uniformly in every command's help.
Introduces a lightweight help-topics system backed by markdown files in docs/help/topics/. A codegen step (`bun run gen:help`) reads those files and emits src/commands/help/topics.generated.ts, which is inlined into the CLI bundle at build time — no runtime file reads, no tsup loader tricks. The first topic is `envs`, a single-page reference for every environment variable the CLI recognizes: auth, on-chain KMS (PRIVATE_KEY, ETH_RPC_URL), DEBUG semantics, self-update flags, CLOUD_URL, and PHALA_CLOUD_DIR. The global help output gains a "Help topics" block listing available topics with a pointer to `phala help <topic>`. Adding a new topic only requires dropping a .md file into docs/help/topics/ and running `bun run gen:help`.
Collaborator
Author
|
!release js minor |
Contributor
|
🚀 @Leechael release command accepted: Target branch: |
Contributor
|
❌ @Leechael release failed: Branch: |
The owner pre-check added in 0c6a50c calls readContract({ functionName: "owner" }) expecting an address string, but the mock statically returned a tuple. Make the mock recognize the owner call and return the sender address derived from the test private key, aligning mockWalletClient.account.address so both privateKey and walletClient modes share the same sender.
Pre-commit protection previously covered python and go only, so JS/CLI regressions could slip into main. Mirror the release-npm.yml gates (lint → type-check → test) for both js/ and cli/, gated by file scope so Python/Go edits still skip the JS toolchain. Enable fail_fast so the first failing hook surfaces immediately, and assign priorities (10/20/30) so format/lint runs before type-check before tests. Build intentionally not hooked — CI is the source of truth for packaged output; pre-commit aims to catch logic regressions fast.
Collaborator
Author
|
!release js patch |
Contributor
|
🚀 @Leechael release command accepted: Target branch: |
Contributor
|
🎉 Release completed:
📦 Package Info
📄 Files included |
Collaborator
Author
|
!release cli patch |
Contributor
|
🚀 @Leechael release command accepted: Target branch: |
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
Contributor
|
🎉 Release completed:
📦 Package Info
📄 Files included |
All changes come from a copy review of user-facing strings added in the
cli-v1.1.14..HEAD delta.
Refactor:
- Extract transactionHashOption to common-flags with explicit documentation
of the `already-registered` sentinel. Share between deploy and cvms
replicate so the description stays in sync.
Fixes flagged in the audit:
- common-flags: globalInteractiveOption "when supported" is vague — clarify
as "for commands that support it". apiTokenOption drops passive phrasing.
rpcUrlOption drops the foundry/cast parenthetical (commit-message noise in
--help) and aligns with on-chain KMS language.
- allow-devices add/remove: drop `(s)` pseudo-pluralization; split the
compound device_id argument description into two sentences.
- allow-devices allow-any: note that --enable or --disable is required.
disallow-any: note the equivalence to `allow-any --disable`.
- profiles use/rename/delete: align with top-level "auth profile" wording.
- cvms replicate: tighten prepare-only ("Only ... without performing" hedge
stacking); drop redundant "Explicit" in compose-hash; normalize trailing
punctuation; correct --commit description to list --transaction-hash in
the requirements.
- deploy: tighten prepare-only wording for the same reason.
envs.md help topic:
- PRIVATE_KEY: align with the flag description ("for signing", active).
- ETH_RPC_URL: expand the "reuse existing setup" fragment into a full
sentence explaining the foundry/cast interop.
Regenerated topics.generated.ts via `bun run gen:help`.
The previous commit unified deploy and replicate --commit descriptions as "Requires --token, --compose-hash, and --transaction-hash", but that's accurate only for replicate. The deploy handler (commitCvmUpdate) only hard-requires --token and --cvm-id: --compose-hash is auto-read from the commit token when omitted, and --transaction-hash falls back to the already-registered sentinel. Restore the asymmetry so the --help text matches actual runtime behavior.
Collaborator
Author
|
!release cli patch |
Contributor
|
🚀 @Leechael release command accepted: Target branch: |
Contributor
|
🎉 Release completed:
📦 Package Info
📄 Files included |
pacoyang
approved these changes
Apr 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bundle of CLI improvements on top of the profiles-alias branch:
list,rm,mv) for theprofilessubcommandallow-devicesaccepts direct app identifiers (app_.../ raw 40-hex) to avoid CVM ambiguity when a CVM hasn't been created yetonTransactionSubmitted/onTransactionConfirmed/ state change callbacks) andhttp()transport timeouts on add/remove/set-allow-any-deviceallow-deviceswith a 30s CLI-levelPromise.racetimeout so a stuck viem default RPC (e.g. rate-limitedeth.merkle.io) surfaces as a clear error instead of an 8-minute hangHttpRequestError/ Cloudflare 1015 / 429 / etc.), print a ready-to-paste retry command that reconstructs the user's original invocation with--rpc-urlswapped in for a chainlist-sourced alternative endpoint, plus a link tohttps://chainlist.org/chain/<id>for more options and pointers to paid providers--private-keyvalue is masked back to$PRIVATE_KEYin the reconstructed command so shell-expanded secrets don't leak--rpc-urloption toallow-devices listwaitForAllowlistState) uses a 15s per-iteration budget so one stuck call can't starve the outer 60s timeoutallow-devices: dropped theloggerandchalkwrappers; progress now writes to stderr directly,--jsonis respected via a per-handlersayclosure, no more colored✓/✗/ℹ/⚠prefixes in this subcommandTest plan
bun run src profiles list/rm/mv— alias commands still workbun run src allow-devices ls <app_id>on Ethereum + Base — plain-text output, no colorbun run src allow-devices ls <app_id> --json— JSON mode stays clean, no stray progress textbun run src allow-devices add -i <app_id> --private-key $PRIVATE_KEYagainst a rate-limited RPC — fails within ~30s with the copy-paste retry hint, reconstructed command shows$PRIVATE_KEYliteral (not the real key)bun run src allow-devices add <app_id> <device_id> --private-key $PRIVATE_KEY --rpc-url <alt>— retry path works end-to-end--waitpath onadd/remove/allow-anystill observes the on-chain state