@rep-protocol/cli
v0.1.7
Published
CLI tool for the Runtime Environment Protocol (REP).
Readme
@rep-protocol/cli
Command-line tool for the Runtime Environment Protocol (REP).
Installation
npm install -g @rep-protocol/cliThe CLI automatically downloads the correct rep-gateway binary for your platform from GitHub Releases during installation.
Or use with npx:
npx @rep-protocol/cli [command]Commands
rep validate
Validate a .rep.yaml manifest file against the JSON schema.
rep validate --manifest .rep.yamlOptions:
-m, --manifest <path>- Path to .rep.yaml manifest file (default:.rep.yaml)
Example output:
✓ Manifest is valid
Version: 0.1.0
Variables: 11 total
- PUBLIC: 6
- SENSITIVE: 3
- SERVER: 2
Settings configured: 6rep typegen
Generate TypeScript type definitions from your manifest. This creates strongly-typed overloads for rep.get() and rep.getSecure() based on your declared variables.
rep typegen --manifest .rep.yaml --output src/rep.d.tsOptions:
-m, --manifest <path>- Path to .rep.yaml manifest file (default:.rep.yaml)-o, --output <path>- Output path for generated .d.ts file (default:src/rep.d.ts)
Generated output example:
declare module "@rep-protocol/sdk" {
export interface REP {
get(key: "API_URL" | "FEATURE_FLAGS"): string | undefined;
getSecure(key: "ANALYTICS_KEY"): Promise<string>;
// ... other methods
}
}rep lint
Scan built JavaScript bundles for accidentally leaked secrets. Uses the same guardrail detection as the gateway (Shannon entropy, known secret formats, length anomalies).
rep lint --dir ./distOptions:
-d, --dir <path>- Directory to scan (default:./dist)--pattern <glob>- File pattern to scan (default:**/*.{js,mjs,cjs})--exclude <patterns>- Comma-separated glob patterns to exclude (e.g.,"*.min.js,vendor/**")--strict- Exit with error code if warnings are found
Minified code handling:
The linter filters out false positives from minified/bundled code while still detecting real secrets embedded in your bundles.
- File-level skip:
.min.js/.min.mjs/.min.cjsfiles are skipped entirely, as these are typically third-party vendor bundles. If your build produces application code with.min.jsfilenames, rename the output or run lint against the non-minified build. - String-level filtering: For all other files (including Vite, webpack, and Rollup bundles), extracted string values containing JavaScript language constructs (
function,return,if,=>,===,&&,.method(),key:value, etc.) are recognised as compiled code and skipped. Real secrets embedded in bundles are still detected.
Use --exclude to skip additional files or directories:
rep lint --dir ./dist --exclude "vendor/**,*.chunk.js"Use cases:
- CI/CD pipeline step to catch secrets before deployment
- Pre-commit hook to prevent committing secrets
- Regular audits of production bundles
Example output:
⚠ dist/main.js
high_entropy:42: value has high entropy (5.23 bits/char) — may be a secret
const key = "sk_live_abc123..."
⚠ Found 1 potential secret(s) in 1 file(s)rep dev
Run a local development server with the REP gateway. Loads environment variables from a .env file and starts the gateway binary.
rep dev --env .env.local --port 8080 --proxy http://localhost:5173Options:
-e, --env <path>- Path to .env file (default:.env.local)-p, --port <number>- Gateway port (default:8080)--proxy <url>- Upstream proxy URL (e.g.,http://localhost:5173for Vite)--static <path>- Serve static files from directory (embedded mode)--hot-reload- Enable hot reload--gateway-bin <path>- Path to rep-gateway binary (default:rep-gatewayin PATH)
Example workflows:
With Vite:
# Terminal 1: Start Vite dev server
npm run dev
# Terminal 2: Start REP gateway proxy
rep dev --proxy http://localhost:5173With static files:
rep dev --static ./dist --port 8080Binary Resolution:
The CLI automatically looks for the gateway binary in this order:
- Bundled binary (downloaded during
npm install) - Custom path specified with
--gateway-bin rep-gatewayin system PATH
Development
Build the CLI from source:
cd cli
npm install # Downloads the gateway binary for your platform
npm run buildRun locally without installing:
node bin/rep.js [command]Manual Gateway Installation
If the automatic download fails (e.g., in an air-gapped environment), you can install the binary manually:
# Option 1: Build from source
cd gateway
make build
cp bin/rep-gateway ../cli/bin/gateway/
# Option 2: Download manually
curl -fsSL https://github.com/RuachTech/rep/releases/download/gateway/v0.1.2/rep-gateway_0.1.2_linux_amd64.tar.gz | tar -xz
mv rep-gateway /usr/local/bin/License
Apache 2.0
