npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@meego-harness/credential

v0.9.0

Published

Credential upload CLI and adapters for meego-harness

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

boenfuboenfumeego-horsemeego-horse

Keywords

Readme

@meego-harness/credential

Credential upload CLI and adapters for Meego Harness.

Supported credential kinds currently include lark-cli, bytedcli, codem, gh, and meegle. Uploading stores local CLI authorization material in Gateway as an encrypted workspace credential. Uploading does not bind the credential to a worker; bind it from the Gateway UI after upload.

Upload lark-cli Credential

Prerequisites:

  • Gateway is running and the target workspace already exists.
  • lark-cli has already completed login on the machine where you run the upload command.
  • You have a Gateway OpenAPI token for the target workspace. In the Gateway dashboard, select the workspace, open 集成入口, open 访问令牌, create a token, then copy it.

Run:

MEEGO_HARNESS_TOKEN=<gateway-token> npx @meego-harness/credential upload lark-cli \
  --gateway http://127.0.0.1:3000 \
  --workspace workspace-alpha \
  --name "Lark CLI" \
  --user-email [email protected]

Parameter meaning:

  • MEEGO_HARNESS_TOKEN: Gateway workspace OpenAPI token.
  • --gateway: Gateway base URL, without a trailing /api.
  • --workspace: Gateway workspace key.
  • --name: display name in the Gateway credential list.
  • --user-email: optional account email for display, filtering, and audit. If omitted, the lark-cli adapter tries to detect it from local credential files.
  • --clear-source-dirs-after-upload: optional. After a successful upload, delete the local credential files that were uploaded in this run and prune any now-empty credential directories. Default behavior keeps the local directories untouched.

By default, the CLI reads local lark-cli files from the standard config directory and the standard application support directory. To upload from another config directory, pass:

MEEGO_HARNESS_TOKEN=<gateway-token> npx @meego-harness/credential upload lark-cli \
  --gateway http://127.0.0.1:3000 \
  --workspace workspace-alpha \
  --name "Lark CLI" \
  --source-dir ./.local-lark-cli

To upload a paired custom application support directory as well, pass:

MEEGO_HARNESS_TOKEN=<gateway-token> npx @meego-harness/credential upload lark-cli \
  --gateway http://127.0.0.1:3000 \
  --workspace workspace-alpha \
  --name "Lark CLI" \
  --source-dir ./.local-lark-cli \
  --application-support-dir ./.local-lark-cli-app-support

Upload bytedcli Credential

Prerequisites are the same as lark-cli, except the local bytedcli login state must already exist on the machine where you run the upload command.

Run:

MEEGO_HARNESS_TOKEN=<gateway-token> npx @meego-harness/credential upload bytedcli \
  --gateway http://127.0.0.1:3000 \
  --workspace workspace-alpha \
  --name "bytedcli" \
  --user-email [email protected]

By default, the adapter reads the standard bytedcli data directory and the standard bytedcli config directory. To upload from custom locations, pass:

MEEGO_HARNESS_TOKEN=<gateway-token> npx @meego-harness/credential upload bytedcli \
  --gateway http://127.0.0.1:3000 \
  --workspace workspace-alpha \
  --name "bytedcli" \
  --user-email [email protected] \
  --source-dir ./.local-bytedcli-data \
  --config-dir ./.local-bytedcli-config

To remove the uploaded local credential material right after a successful upload, append:

  --clear-source-dirs-after-upload

Upload gh Credential

Prerequisites are the same as lark-cli, except the local gh auth status state must already exist on the machine where you run the upload command.

Run:

MEEGO_HARNESS_TOKEN=<gateway-token> npx @meego-harness/credential upload gh \
  --gateway http://127.0.0.1:3000 \
  --workspace workspace-alpha \
  --name "GitHub CLI" \
  --user-email [email protected]

By default, the adapter reads the standard GH_CONFIG_DIR / ~/.config/gh location. To upload from another config directory, pass --source-dir <dir>.

Upload codem Credential

Prerequisites are the same as lark-cli, except the local CodeM login state must already exist on the machine where you run the upload command.

Run:

MEEGO_HARNESS_TOKEN=<gateway-token> npx @meego-harness/credential upload codem \
  --gateway http://127.0.0.1:3000 \
  --workspace workspace-alpha \
  --name "CodeM CLI" \
  --user-email [email protected]

By default, the adapter reads ~/.codem/config.json. It uploads only the CodeM login config and does not include sessions/, logs, or other local runtime files. To upload from another CODEM_HOME, pass --source-dir <dir>.

During task execution, the worker materializes the uploaded config into an isolated CODEM_HOME. codem currently does not support scheduled refresh.

Upload meegle Credential

Prerequisites are the same as lark-cli, except the local meegle login state must already exist on the machine where you run the upload command.

Run:

MEEGO_HARNESS_TOKEN=<gateway-token> npx @meego-harness/credential upload meegle \
  --gateway http://127.0.0.1:3000 \
  --workspace workspace-alpha \
  --name "meegle" \
  --user-email [email protected] \
  --profile prod

By default, the adapter reads the standard ~/.meegle directory. To upload from another config directory, pass --source-dir <dir>. Use --profile <name> to select which local profile should be uploaded.

The command prints the uploaded credential id:

uploaded credential <credential-id>

Bind After Upload

After upload:

  1. Open Gateway dashboard.
  2. Select the same workspace.
  3. Open the top-level Credentials tab to confirm the credential exists under the matching kind sub tab.
  4. Open a worker detail page.
  5. Bind the uploaded credential from the worker credential section.

One credential can be bound to multiple workers. For one worker, only one active credential of the same kind can be bound at the same time.

If a worker login payload declares expectedCredentialKinds, Gateway may auto-bind one matching owner-only credential for the worker email and kind before task lease creation. This is best-effort: missing matches do not block task dispatch.

Runtime Behavior

When a task is sent to a worker with credential delivery enabled, Gateway creates a task-level credential lease. worker-sdk materializes the lease into an isolated temporary directory and injects an environment overlay before invoking the worker task handler. Business worker code does not need to parse credential payloads or manage CLI profiles directly.

If a supported CLI refreshes local tokens during the task, worker-sdk releases the updated material back to Gateway through the worker outbox. Gateway applies the update only when the credential id and version still match.