fix(secrets): hero_proc secret CLI sends correct RPC params

omarz commented

2026-04-27 16:28:56 +00:00

Member

Summary

hero_proc secret <set|get|list|delete> now accept --context (default core) and send the right JSON-RPC param shape the server expects.
secret set accepts --description and repeatable --tag; secret list accepts --context, --filter <pattern>, --tag, and renders a table (-v shows values).
secret get prints the full record (key, context, value, description, tags) instead of just a bare value.
secret pull / secret push forward FORGE_TOKEN (or FORGEJO_TOKEN) from the env to the server, with a clear error when neither is set.
Secret.created_at / Secret.updated_at are now #[serde(default)] (server overwrites them in handle_set anyway). Also unblocks demo.js, which already omits timestamps.

Test plan

cargo build --release -p hero_proc_cli -p hero_proc_server clean.
Smoke against running daemon (rebuilt + restarted on this branch):
- secret list --tag database and secret list --filter 'POSTGRES_*' return the expected table.
- secret list (no flags) returns all 51 keys + new probe.
- secret set HEROPROC_CLI_SMOKE 'hello-world' --description ... --tag test --tag smoke succeeds.
- secret get HEROPROC_CLI_SMOKE prints key, context, value, description, tags.
- secret list --tag smoke -v shows the row with its value.
- secret delete HEROPROC_CLI_SMOKE succeeds; subsequent secret list --tag smoke is empty.
- secret get/secret delete for a missing key return RPC error -32000: secret 'X' not found.
- secret pull with no FORGE_TOKEN/FORGEJO_TOKEN exits with the new env-required error.
secret pull / secret push round-trip against a real Forgejo secrets repo — not exercised here to avoid touching the user's remote.

#52

## Summary - `hero_proc secret <set|get|list|delete>` now accept `--context` (default `core`) and send the right JSON-RPC param shape the server expects. - `secret set` accepts `--description` and repeatable `--tag`; `secret list` accepts `--context`, `--filter <pattern>`, `--tag`, and renders a table (`-v` shows values). - `secret get` prints the full record (key, context, value, description, tags) instead of just a bare value. - `secret pull` / `secret push` forward `FORGE_TOKEN` (or `FORGEJO_TOKEN`) from the env to the server, with a clear error when neither is set. - `Secret.created_at` / `Secret.updated_at` are now `#[serde(default)]` (server overwrites them in `handle_set` anyway). Also unblocks `demo.js`, which already omits timestamps. ## Test plan - [x] `cargo build --release -p hero_proc_cli -p hero_proc_server` clean. - [x] Smoke against running daemon (rebuilt + restarted on this branch): - [x] `secret list --tag database` and `secret list --filter 'POSTGRES_*'` return the expected table. - [x] `secret list` (no flags) returns all 51 keys + new probe. - [x] `secret set HEROPROC_CLI_SMOKE 'hello-world' --description ... --tag test --tag smoke` succeeds. - [x] `secret get HEROPROC_CLI_SMOKE` prints key, context, value, description, tags. - [x] `secret list --tag smoke -v` shows the row with its value. - [x] `secret delete HEROPROC_CLI_SMOKE` succeeds; subsequent `secret list --tag smoke` is empty. - [x] `secret get`/`secret delete` for a missing key return `RPC error -32000: secret 'X' not found`. - [x] `secret pull` with no `FORGE_TOKEN`/`FORGEJO_TOKEN` exits with the new env-required error. - [ ] `secret pull` / `secret push` round-trip against a real Forgejo `secrets` repo — not exercised here to avoid touching the user's remote. https://forge.ourworld.tf/lhumina_code/hero_proc/issues/52

omarz added 1 commit

2026-04-27 16:28:56 +00:00

fix(secrets): hero_proc secret CLI sends correct RPC params

Tests / test (pull_request) Successful in 4m2s

Details

Build and Test / build (pull_request) Successful in 5m39s

Details

e57a9ef247

Every `hero_proc secret` subcommand was wired to the wrong JSON-RPC
param shape, so the only working path to manage secrets was the web UI.
Symptoms: `secret list` always reported "No secrets configured" because
the response shape `{secrets:[...]}` was parsed as `Vec<String>`;
`secret get`/`delete <NAME>` failed with `missing 'key' parameter`;
`secret set` and `secret pull/push` could not work at all.

Changes:
- CLI: add `--context` (default `core`) to set/get/list/delete, plus
  `--description` and repeatable `--tag` for set, and `--filter`/`--tag`
  for list. Send the shapes the server actually expects, parse the
  `{secrets:[...]}` envelope, and forward `FORGE_TOKEN` /
  `FORGEJO_TOKEN` from env into `secret.pull` / `secret.push`.
- CLI: render `secret list` as a table; `-v` shows values, otherwise
  just `set`/`empty` plus tags. `secret get` prints key, context,
  value, description and tags.
- Model: mark `Secret.created_at` / `Secret.updated_at` `#[serde(default)]`
  so clients can omit them (the server overwrites both in handle_set
  anyway). Also unblocks `demo.js` which omits timestamps.

Verified against a running daemon: `secret list`, `secret list --tag`,
`secret list --filter`, and `secret get` round-trip the expected data;
`secret delete` returns the proper not-found error for missing keys.
`secret set` requires the model relaxation above and was confirmed to
build; live verification needs the daemon to restart onto the new
server binary.

#52

omarz changed title from ~~WIP: fix(secrets): hero_proc secret CLI sends correct RPC params~~ to fix(secrets): hero_proc secret CLI sends correct RPC params

2026-04-27 17:06:18 +00:00

omarz merged commit 49bd3a9032 into development

2026-04-27 17:06:31 +00:00

omarz deleted branch development_omarz_secrets_cli

2026-04-27 17:06:31 +00:00

Rows
Columns

fix(secrets): hero_proc secret CLI sends correct RPC params #53

Summary

Test plan