Jake/tab from prompt#138
Closed
jakehulberg wants to merge 15 commits into
Closed
Conversation
Adds a new `infisical tui` command that launches an interactive terminal UI powered by Bubble Tea and Gemini AI. Users can manage secrets via natural language prompts instead of memorizing CLI flags. Features: - AI prompt bar (Gemini 3.1) for NL -> CLI command translation - Secret browser with keyboard navigation and search/filter - Secret detail view with reveal/mask toggle - Create, update, and delete secrets - Environment switcher (dev/staging/prod) - Command preview with safety confirmation for destructive ops - Production environment warning banners - Help modal with keyboard shortcut reference - Auth detection and setup guidance Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…dit log Secret values are now redacted before reaching the Gemini API via a sanitize → placeholder → hydrate pipeline. Commands are validated against an allowlist and checked for shell injection before execution. All AI- generated commands are logged to ~/.itui/audit.log. Adds standalone `itui` binary entry point (cmd/itui/main.go). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The secrets set command was failing with "unable to process update" because splitArgs() broke KEY=VALUE pairs when values contained spaces. Now uses RunSecretSet() which passes each KEY=VALUE as a single arg to exec.Command. Security validator also updated to skip dangerous-pattern checks inside the VALUE portion of KEY=VALUE args (safe because exec.Command never invokes a shell). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
fixed secret nav
…rowser - Forward unhandled keys in handleGlobalKeys to the active component so up/down/j/k reach the secret browser list model instead of being silently dropped - Set secretBrowser.Active = true at startup so the pane accepts input immediately without requiring a tab/esc cycle Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
fix(itui): restore arrow key navigation and default focus to secret b…
…alyzer - Command palette (Ctrl+K): fuzzy search across secrets, envs, recents, pins - Copy to clipboard (c): copies secret value or command output from detail pane - Copy CLI deep link (Ctrl+L): copies infisical CLI command for current view - Paste & analyze (Ctrl+V): detect common Infisical errors from terminal output - Persistent state (~/.itui/state.json): tracks recent secrets and pinned items - Clipboard utilities: ANSI stripping, prompt prefix cleanup, one-liner join - Help modal updated with new Clipboard & Tools section Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
feat: add navigation + clipboard UX — command palette, copy, paste an…
Extend the command palette with create-secret actions, environment-aware "Switch to" labels, and alias-based fuzzy matching (prod/production, etc.). Add smart navigation hints to the secret browser so filtering by env name offers inline suggestions and Enter auto-navigates. Introduce PendingAction for deferred post-reload operations like opening the secret form after an environment switch. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
feat(itui): smart navigation, env aliases, and create-secret actions
…ggle When AI commands return JSON secret data (e.g. infisical export --format=json), parse and display as a formatted, aligned list with masked values instead of dumping raw JSON. Press 'r' to reveal/hide values, same UX as single secret view. - Add DetailModeSecretList mode with SetSecretList() method - Add renderSecretList() with aligned key/value columns and masked values - Extend ToggleReveal and CopyableContent to cover the new mode - Auto-detect JSON secret output in commandExecutedMsg handler Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
feat(itui): pretty-print secret lists from AI commands with reveal to…
Tab and shift+tab now cycle panes when the prompt is focused, instead of being swallowed by the text input. Esc still works as a quick shortcut back to the secrets pane. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Contributor
Greptile SummaryThis PR adds tab and shift+tab navigation to cycle focus out of the AI prompt in the ITUI terminal interface. The actual code change is minimal (8 lines) and well-implemented. However, the PR has critical issues that must be addressed:
The tab navigation fix itself is good - it properly calls Confidence Score: 2/5
Important Files Changed
Last reviewed commit: f4bad2c |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Comment on lines
+11
to
+20
| var valuePatterns = []*regexp.Regexp{ | ||
| // "set KEY to VALUE" or "set KEY to VALUE in env" | ||
| regexp.MustCompile(`(?i)\bto\s+(.+?)(?:\s+(?:in|on|for|--)\s|\s*$)`), | ||
| // "set KEY=VALUE" | ||
| regexp.MustCompile(`=(\S+)`), | ||
| // "set KEY as VALUE" | ||
| regexp.MustCompile(`(?i)\bas\s+(.+?)(?:\s+(?:in|on|for|--)\s|\s*$)`), | ||
| // "with value VALUE" | ||
| regexp.MustCompile(`(?i)with\s+value\s+(.+?)(?:\s+(?:in|on|for|--)\s|\s*$)`), | ||
| } |
Contributor
There was a problem hiding this comment.
Native Go regexp package used instead of re2 (ReDoS prevention). Per repository security guidelines: "Any new usage of Regex should be done with re2 package. Avoid the use of all native regex built into string or any other native js tool."
These patterns process user input and could be vulnerable to Regular Expression Denial of Service (ReDoS) attacks. A malicious user could craft input that causes catastrophic backtracking.
Replace with re2 package for all regex operations.
| "github.com/atotto/clipboard" | ||
| ) | ||
|
|
||
| var ansiRegex = regexp.MustCompile(`\x1b\[[0-9;]*[a-zA-Z]`) |
Contributor
There was a problem hiding this comment.
Native Go regexp package used instead of re2 (ReDoS prevention). Per repository security guidelines: "Any new usage of Regex should be done with re2 package."
While this specific pattern \x1b\[[0-9;]*[a-zA-Z] appears safe, following the security policy prevents future ReDoS vulnerabilities.
Use re2 package instead of native regexp.
Comment on lines
+26
to
+62
| var errorPatterns = []errorPattern{ | ||
| { | ||
| Pattern: regexp.MustCompile(`(?i)(not logged in|login.*expired|unauthorized|401|auth.*fail)`), | ||
| Diagnosis: "Authentication error — you may need to log in again", | ||
| Command: "infisical login", | ||
| }, | ||
| { | ||
| Pattern: regexp.MustCompile(`(?i)(project not found|workspace.*not found|no \.infisical\.json|run infisical init)`), | ||
| Diagnosis: "Project not linked — connect to a project first", | ||
| Command: "infisical init", | ||
| }, | ||
| { | ||
| Pattern: regexp.MustCompile(`(?i)(secret.*not found|key.*not found|no secrets found)`), | ||
| Diagnosis: "Secret not found — check the key name and environment", | ||
| Command: "", | ||
| }, | ||
| { | ||
| Pattern: regexp.MustCompile(`(?i)(permission denied|forbidden|403|access denied)`), | ||
| Diagnosis: "Permission denied — check your access level for this project/environment", | ||
| Command: "", | ||
| }, | ||
| { | ||
| Pattern: regexp.MustCompile(`(?i)(ECONNREFUSED|connection refused|timeout|network|DNS|resolve)`), | ||
| Diagnosis: "Network connectivity issue — check your internet connection or VPN", | ||
| Command: "", | ||
| }, | ||
| { | ||
| Pattern: regexp.MustCompile(`(?i)(rate limit|too many requests|429)`), | ||
| Diagnosis: "Rate limited — wait a moment and try again", | ||
| Command: "", | ||
| }, | ||
| { | ||
| Pattern: regexp.MustCompile(`(?i)(command not found|not recognized|unknown command)`), | ||
| Diagnosis: "Command not found — is the Infisical CLI installed?", | ||
| Command: "", | ||
| }, | ||
| } |
Contributor
There was a problem hiding this comment.
Native Go regexp package used instead of re2 (ReDoS prevention). Per repository security guidelines: "Any new usage of Regex should be done with re2 package."
These patterns ((?i), alternations, wildcards) process potentially untrusted user input and could be vulnerable to ReDoS attacks. An attacker could paste malicious input causing catastrophic backtracking.
Use re2 package for all pattern matching.
Contributor
Additional Comments (2)
Add
Add |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description 📣
Type ✨
Tests 🛠️
# Here's some code block to paste some code snippets