diff --git a/.changeset/0000-api-key-value.md b/.changeset/0000-api-key-value.md deleted file mode 100644 index dcf239a..0000000 --- a/.changeset/0000-api-key-value.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": patch ---- - -Display API key value on create/regenerate and last 8 characters in list views. diff --git a/.changeset/0001-debug-api-logging.md b/.changeset/0001-debug-api-logging.md deleted file mode 100644 index 0f24639..0000000 --- a/.changeset/0001-debug-api-logging.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": patch ---- - -Added `--debug` global flag that logs all AIRS/SCM API requests and responses to a JSONL file for troubleshooting rate limits and API issues. diff --git a/.changeset/0002-rate-limit-flag.md b/.changeset/0002-rate-limit-flag.md deleted file mode 100644 index 260dcf3..0000000 --- a/.changeset/0002-rate-limit-flag.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": patch ---- - -Added `--rate ` flag to guardrail generate and resume commands that caps AIRS scan API calls to N per second, preventing rate limit errors during intensive scan loops. diff --git a/.changeset/0003-autoresearch-refactor.md b/.changeset/0003-autoresearch-refactor.md deleted file mode 100644 index 763a72d..0000000 --- a/.changeset/0003-autoresearch-refactor.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": major ---- - -Replace LLM-driven guardrail generation loop with atomic CLI commands following the autoresearch pattern. Added `topics create`, `topics apply`, `topics eval`, and `topics revert` commands. Removed `topics generate`, `topics resume`, `topics report`, and `topics runs` commands. Removed memory system and persistence layer. diff --git a/.changeset/0005-backup-restore-targets.md b/.changeset/0005-backup-restore-targets.md deleted file mode 100644 index 99a5ef0..0000000 --- a/.changeset/0005-backup-restore-targets.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": minor ---- - -Add `airs redteam targets backup` and `airs redteam targets restore` subcommands for exporting/importing redteam target configurations to/from local JSON/YAML files. Supports single-target and bulk modes, with `--overwrite` for collision handling on restore. diff --git a/.changeset/0005-profiles-cleanup.md b/.changeset/0005-profiles-cleanup.md deleted file mode 100644 index 84bda4d..0000000 --- a/.changeset/0005-profiles-cleanup.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": minor ---- - -Add `airs runtime profiles cleanup` command to remove old profile revisions, keeping only the latest per name. Supports `--force` to skip confirmation, `--updated-by` (defaults to git email), and `--output json`. diff --git a/.changeset/0005-target-init-command.md b/.changeset/0005-target-init-command.md deleted file mode 100644 index a226baa..0000000 --- a/.changeset/0005-target-init-command.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"prisma-airs-cli": minor ---- - -Add `airs redteam targets init ` command that scaffolds a target config JSON from provider templates (OPENAI, HUGGING_FACE, DATABRICKS, BEDROCK, REST, STREAMING, WEBSOCKET). diff --git a/.changeset/0007-backup-restructure-full-fields.md b/.changeset/0007-backup-restructure-full-fields.md deleted file mode 100644 index 3b3eac8..0000000 --- a/.changeset/0007-backup-restructure-full-fields.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": minor ---- - -Move backup/restore from top-level to `airs redteam targets backup/restore`. Backup now captures all target fields (routing tuple, auth config, network broker UUID, extra info). Restore supplies routing defaults for targets with null routing fields. Strip null values from backup output. diff --git a/.changeset/0008-sdk-080-upgrade.md b/.changeset/0008-sdk-080-upgrade.md deleted file mode 100644 index 17deb12..0000000 --- a/.changeset/0008-sdk-080-upgrade.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": patch ---- - -Upgrade `@cdot65/prisma-airs-sdk` from `0.7.1` to `0.8.0`. SDK adds runtime Zod validation on every response and tightens `ScanResponse`/`CustomTopic` field requiredness. No CLI behavior changes — public surface is unchanged. Test fixtures updated to match the now-required `revision`/`description`/`examples` fields on `CustomTopic` responses. diff --git a/.changeset/0009-smoke-tests-doc.md b/.changeset/0009-smoke-tests-doc.md deleted file mode 100644 index d0c3752..0000000 --- a/.changeset/0009-smoke-tests-doc.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": patch ---- - -Add a live smoke test reference (`docs/development/smoke-tests.md`) covering 16 read-only commands across install/version verification, runtime security, red team, and model security. The unit suite is fully mocked — zero tests hit a real AIRS tenant — so this reference is the standing checklist for catching wire-format drift after CLI releases or SDK upgrades. diff --git a/.changeset/0010-fix-testing-doc.md b/.changeset/0010-fix-testing-doc.md deleted file mode 100644 index 694f769..0000000 --- a/.changeset/0010-fix-testing-doc.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": patch ---- - -Rewrite `docs/development/testing.md` to accurately describe the test suite. The page previously claimed MSW intercepted HTTP requests and listed test directories that don't exist (`memory/`, `persistence/`, `integration/`, `report/`). The unit suite actually injects in-memory service mocks from `tests/helpers/mocks.ts` — the SDK and its HTTP layer are never instantiated. Also removes the unused `msw` devDependency and links the page to the new live AIRS smoke test reference for API coverage that the unit suite intentionally does not provide. diff --git a/.changeset/0011-sdk-081-upgrade.md b/.changeset/0011-sdk-081-upgrade.md deleted file mode 100644 index f639bb2..0000000 --- a/.changeset/0011-sdk-081-upgrade.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": patch ---- - -Upgrade `@cdot65/prisma-airs-sdk` from `0.8.0` to `0.8.1`. Picks up a fix to the `TopicArraySchema.topic` field, which was strict-array in 0.8.0 but the AIRS API legitimately returns `null` for empty action buckets. SDK 0.8.0 + live tenants would fail `airs runtime profiles list` with `RESPONSE_VALIDATION` for any profile that had an empty allow or block bucket; 0.8.1 fixes this. No CLI behavior changes. diff --git a/.changeset/0012-fix-smoke-rule-instances.md b/.changeset/0012-fix-smoke-rule-instances.md deleted file mode 100644 index 2c154c0..0000000 --- a/.changeset/0012-fix-smoke-rule-instances.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": patch ---- - -Fix `airs model-security rule-instances list` entry in the live smoke test reference. The CLI requires a positional `` argument (rule instances are scoped to a security group); the doc was missing it. Discovered during the first live run of the smoke checklist on a real tenant. diff --git a/.changeset/0013-full-cli-sweep.md b/.changeset/0013-full-cli-sweep.md deleted file mode 100644 index 0ac676b..0000000 --- a/.changeset/0013-full-cli-sweep.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": patch ---- - -Add `docs/development/full-cli-sweep.md` — a copy-paste-runnable walkthrough of every CLI command for a deep audit against a real tenant. Covers all read paths, every CRUD resource type with cleanup, long-running workflows (bulk-scan, audit, red team scan, model security install), and a suggested teardown order. Linked from the Live Smoke Tests page as the heavier deep-dive companion. diff --git a/.changeset/0014-fix-cli-sweep-doc.md b/.changeset/0014-fix-cli-sweep-doc.md deleted file mode 100644 index c41c16e..0000000 --- a/.changeset/0014-fix-cli-sweep-doc.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": patch ---- - -Fix ~20 incorrect command signatures in `docs/development/full-cli-sweep.md`. The previous version listed nonexistent commands (`redteam instances list`, `redteam devices list`, `redteam devices registry-credentials`) and used wrong flags throughout the write/CRUD sections (`topics create --topic` should be `--name`/`--description`/`--examples`; `topics apply/revert --topic` should be `--name`; `topics eval --input` should be `--prompts`; `redteam scan --custom-prompt-sets` should be `--prompt-sets`; `api-keys create --name` should be `--config `; profile-protection flags take action values not bare booleans; many `update` commands take `--config` rather than per-field flags; `validate-auth` requires `--auth-type` and `--config`). All commands now match `src/cli/commands/*.ts`. Adds a Known Issues section documenting the `scan-logs query` SDK schema bug, the `prompt-sets get` follow-up 500, and the `customer-apps get` permission boundary. diff --git a/.changeset/0015-fix-csv-upload-filename.md b/.changeset/0015-fix-csv-upload-filename.md deleted file mode 100644 index 0c4f601..0000000 --- a/.changeset/0015-fix-csv-upload-filename.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": patch ---- - -Fix `airs redteam prompt-sets upload` failing with `File must be a CSV` (400). The upload now sends a `File` (with filename) instead of a bare `Blob`, so the server can identify the content type from the multipart header. diff --git a/.changeset/0016-dynamic-scan-flags.md b/.changeset/0016-dynamic-scan-flags.md deleted file mode 100644 index f602d40..0000000 --- a/.changeset/0016-dynamic-scan-flags.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": minor ---- - -Add `--goals`, `--depth`, and `--breadth` flags to `airs redteam scan --type DYNAMIC` for human-augmented agent scans. `--goals` accepts an inline JSON array or a path to a JSON file of goal strings. Inputs are validated (positive integers; non-empty string array). Without `--goals`, DYNAMIC scans still run in fully automated mode (no behavior change). diff --git a/.changeset/0017-fix-download-template.md b/.changeset/0017-fix-download-template.md deleted file mode 100644 index 36bf341..0000000 --- a/.changeset/0017-fix-download-template.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": patch ---- - -Fix `airs redteam prompt-sets download` crashing with `Cannot read properties of undefined (reading 'getToken')`. The previous workaround reached into SDK internals that no longer exist. With `@cdot65/prisma-airs-sdk` 0.8.3 the SDK now returns CSV correctly, so the workaround is removed and the method delegates straight to `customAttacks.downloadTemplate()`. diff --git a/.changeset/0018-runtime-dlp-gen.md b/.changeset/0018-runtime-dlp-gen.md deleted file mode 100644 index 9e86e4d..0000000 --- a/.changeset/0018-runtime-dlp-gen.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": minor ---- - -Add `airs runtime dlp-gen` to generate DLP test corpora: clean carrier files plus "dirty" copies with synthetic sensitive data embedded across PDF, PNG, JPEG, SVG, and DOCX via multiple hiding techniques (metadata, hidden text, container trailers, PNG chunks, LSB steganography, EXIF/COM, DOCX core-props/hidden-run). Writes `clean/`, `dirty/`, and a `manifest.json` mapping each dirty file to its technique and embedded values for scanner scoring. All values are synthetic / reserved-for-testing. Adds a companion `dlp-test-files` skill. diff --git a/.changeset/0019-dlp-ux.md b/.changeset/0019-dlp-ux.md deleted file mode 100644 index 6a095d3..0000000 --- a/.changeset/0019-dlp-ux.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": minor ---- - -DLP UX overhaul. `dlp patterns|profiles|filtering-profiles` now accept structured CLI flags (`--name`, `--regex`, `--pattern-id`, `--file-based`, …) instead of forcing `--body-file pattern.json`. All output formats now route through a curated projection — `--output json` returns `{items, page}` and ack `{action,id,name,…}` instead of the raw SDK envelope. diff --git a/.changeset/lazy-load-docx.md b/.changeset/lazy-load-docx.md deleted file mode 100644 index c818ab5..0000000 --- a/.changeset/lazy-load-docx.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cdot65/prisma-airs-cli": patch ---- - -Lazy-load the `docx` dependency so it only loads when generating DOCX output. Previously `docx` was imported eagerly, pulling in browserify polyfills whose `util-deprecate` shim reads `localStorage` at import time and triggered a Node Web Storage warning (`--localstorage-file was provided without a valid path`) on every command. The import is now deferred into the DOCX builders, so unrelated commands (scan, profiles, etc.) no longer emit the warning and start slightly faster.