v0.6.1

What's Changed

• docs(readme): refresh commands for v0.6.0; drop stripe live-mode note by @cvince in #220
• fix: read CLI version from package.json instead of hardcoded literal by @cvince in #221
• feat(deploy/vercel): auto-run vercel link when not linked by @cvince in #222
• fix(files): write .env and backups with mode 0o600 by @cvince in #223
• feat(cli): automated rotation — rotate → deploy, train-stop, agent mode by @cvince in #214
• fix: remove hardcoded version subcommand, source version from package.json by @cvince in #224
• fix(deploy/vercel): make Preview env's git branch explicit and decoupled by @cvince in #225
• chore: remove vestigial .capy/decrypt key cluster by @cvince in #226
• fix(sync): stop rewriting keep.lock on every sync by @cvince in #227
• release: Capy CLI v0.6.1 by @cvince in #228

Full Changelog: v0.6.0...v0.6.1

v0.6.0

What's Changed

• feat(cli): local-only offline mode by @cvince in #217
• release: Capy CLI v0.6.0 by @cvince in #218

Full Changelog: v0.5.1...v0.6.0

v0.5.1

What's new

capy byoc — bring-your-own-cloud onramp
Connect to a self-hosted Capy instance with one command. capy byoc probes capy.internal/health by default; falls back to prompting for an explicit URL or a CA bundle on self-signed TLS. Switches profiles automatically and persists the CA path so subsequent calls don't need NODE_EXTRA_CA_CERTS.

Named profiles
New capy use <name> and capy profile list|show|remove for managing multiple Capy environments side by side (cloud, BYOC, dev). Resolution precedence: CAPY_API_URL → CAPY_PROFILE → default → built-in cloud. Existing cloud users are untouched — no config file means the old default still wins.

Stripe connector — capy connect stripe + capy rotate
User-driven Stripe key flow with rotation support. capy rotate now handles externally-rotated Stripe keys and parses quoted TOML headers correctly. Forces fresh key issuance via logout-then-login, with a friendlier message when Stripe deduplicates a rapid second pairing attempt.

GitHub Actions connector for capy deploy (CAP-9)
Non-interactive connector pushes the encrypted secrets blob and project key into a repo or environment-scoped GitHub Actions secret store via gh. Prints the YAML patch you paste into your workflow. New flags for unattended use: --platform, --mode connector|token, --scope repo|env, --env-name, -y.

Fixes

• Membership revocation cleanup — Confirmed kicks (server-tagged MEMBERSHIP_REVOKED) once again clear stale local state. v0.3.2's "safe 403 cleanup" went too far and left stale keys behind after kicks, causing wrong-org key loads during recovery. Bare 403s (token-scope mismatches, RBAC checks, transient failures) still leave local state untouched.
• Edit TUI — r reveal hint now appears in the list-view footer, not just inside the popup.
• Stripe rotation — TOML section names are normalized before being passed back to stripe login, fixing an escape-cascade bug where repeated rotations against a project name containing spaces would spawn progressively more-escaped duplicate sections.

v0.5.0

What's Changed

• feat(cli): tier-aware quota errors for billing gates by @cvince in #186
• chore: remove dependabot config by @cvince in #198
• fix(cli): capy deploy opens the default browser, not Chrome by @cvince in #199
• feat: single-column edit TUI with inline popup detail by @cvince in #201
• fix: dev-state isolation + recover OAuth fallback (sync to capy/main) by @cvince in #203
• release: Capy CLI v0.5.0 by @cvince in #204

Full Changelog: v0.4.2...v0.5.0

v0.4.2

What's Changed

• Update explanation of service security in README by @cvince in #192
• fix(auth): force fresh login after capy logout by @cvince in #190
• docs: add Editing Secrets section with .env and TUI screenshots by @cvince in #194
• release: Capy CLI v0.4.2 by @cvince in #195

Full Changelog: v0.4.1...v0.4.2

v0.4.1

What's Changed

• docs: drop 'Keep coming soon' line from README by @cvince in #185
• Sync README from monorepo (incl. richer git-for-secrets lead) by @cvince in #187
• docs(readme): use richer git-for-secrets lead by @cvince in #188
• Sync README byte-identical with monorepo packages/cli/README.md by @cvince in #189
• fix: remove strict keep.lock version check (v0.4.1) by @cvince in #191

Full Changelog: v0.4.0...v0.4.1

v0.4.0 — capy deploy + zero-trust positioning

Headline

`capy deploy` ships. End-to-end deploy flow with platform connectors for Cloudflare Workers, Cloudflare Pages, and Vercel, plus a plugin test harness so future connectors can be added safely. Run `capy deploy` to walk through connector setup, issue a scoped deploy token, and wire up the platform-side env vars / build hooks needed for the target to pull decrypted secrets at deploy time.

What's new

• `capy deploy` with platform connectors (#180) — Cloudflare Workers, Cloudflare Pages, Vercel, plus the plugin framework for adding more.
• Plugin test suite (#180) — every connector exercised against a mock platform so adding a new one is a self-contained change.
• Zero-trust positioning in the README (#184) — the README now leads with the structural differentiator (the service can't read your secrets) instead of generic "encrypt your .env" framing. Links out to the new comparisons hub and AGPL explainer.

Install

```bash
npm install -g @capysc/cli@0.4.0

or

brew upgrade capysc/tap/capy
```

Upgrade notes

No breaking changes. `capy`, `capy run`, `capy edit`, `capy invite`, `capy kick`, and the rest of the existing surface are unchanged. New surface is additive — `capy deploy` and the connector subcommands.

Docs

• `capy deploy` reference
• Deploy guides per platform
• Comparisons

v0.3.2 — safer recovery, capy recover, capy info improvements

Hotfix.

Highlights

• Safer error handling. Fixes a class of edge cases where a transient backend response could cause the CLI to clear local state it shouldn't have. The CLI is now strictly conservative: it preserves your local data unless the backend explicitly confirms you've been removed from the organization.
• New capy recover — restore access on a new device (or after losing your local Capy data) by pasting the 24-word recovery phrase you saved when the org was created. The command always asks you which organization the phrase is for and verifies you have an active session for it.
• capy info no longer requires a project. Run it anywhere to see who you're signed in as and which organizations you belong to. The active organization for the current directory is marked.

This release is cut directly from a feature branch ahead of merge so the fix is available immediately on npm. Run npm install -g @capysc/cli@0.3.2 once published.

v0.3.1 — republish 0.3.0

capy edit — interactive secret inspector & editor

A new TUI for inspecting and rotating secrets without leaving the terminal.

capy edit

• Inspect. Two-pane TUI lists every variable known to the project (pinned ∪ local ∪ remote) with an abc…xyz snippet, drift status, and an updated label. Right pane shows the selected row in detail; r reveals the full plaintext (long values wrap).
• Edit. e opens an inline buffer; type the new value and press Enter to stage it. Edits buffer in memory until you commit.
• Commit & push, coupled. c commits and pushes in one step, running the same pipeline as the conflict-resolver's "commit local" action: re-encrypts the merged local state, updates keep.lock pins, uploads ciphertext, and bumps sync state.
• Discard. q with pending edits prompts: c commit & push · d discard · k keep working.

Conflict resolver: commit and push are now coupled

The "Commit all local values" action in capy's conflict resolver previously left changes local-only and asked you to run capy push. It now pushes in the same step. Menu labels updated to "Commit and push all local values".

Companion docs

• Editing secrets — capy edit and editing .env directly, side by side.
• capy edit CLI reference — every key the TUI listens to.

Compatibility

Drop-in. Existing keep.lock, .env, and sync state stay valid. Earlier versions of the CLI continue to work against the same projects.

Note on v0.3.0

The v0.3.0 npm tarball was built from a stale dist/ and shipped without dist/commands/editCommand.js / dist/ui/editScreen.js, so capy edit failed with a missing-module error. v0.3.1 is the corrected republish — same source as v0.3.0, complete dist/. If you installed v0.3.0, run bun upgrade -g @capysc/cli (or npm upgrade -g) to pick up the fix.

Full diff: v0.3.0...v0.3.1

v0.3.0 — capy edit

capy edit — interactive secret inspector & editor

A new TUI for inspecting and rotating secrets without leaving the terminal.

capy edit

• Inspect. Two-pane TUI lists every variable known to the project (pinned ∪ local ∪ remote) with an abc…xyz snippet, drift status, and an updated label. Right pane shows the selected row in detail; r reveals the full plaintext (long values wrap).
• Edit. e opens an inline buffer; type the new value and press Enter to stage it. Edits buffer in memory until you commit.
• Commit & push, coupled. c commits and pushes in one step, running the same pipeline as the conflict-resolver's "commit local" action: re-encrypts the merged local state, updates keep.lock pins, uploads ciphertext, and bumps sync state.
• Discard. q with pending edits prompts: c commit & push · d discard · k keep working.

Conflict resolver: commit and push are now coupled

The "Commit all local values" action in capy's conflict resolver previously left changes local-only and asked you to run capy push. It now pushes in the same step. Menu labels updated to "Commit and push all local values".

Companion docs

• Editing secrets — capy edit and editing .env directly, side by side.
• capy edit CLI reference — every key the TUI listens to.

Compatibility

Drop-in. Existing keep.lock, .env, and sync state stay valid. Earlier versions of the CLI continue to work against the same projects.

Full diff: v0.2.3...v0.3.0