Skip to content

Releases: cicicalex/zpl-engine-cli

v1.2.1 — metadata cleanup

19 May 18:16
@cicicalex cicicalex
v1.2.1
e68008b

Choose a tag to compare

View all tags
v1.2.1 — metadata cleanup Latest
Latest

Scrubs legal name from package author, LICENSE, and README. CLI behaviour unchanged.

Assets 2
Loading

zpl-engine-cli v1.2.0

16 May 08:08
@cicicalex cicicalex
v1.2.0
f5b84c5

Choose a tag to compare

View all tags
zpl-engine-cli v1.2.0

Auto-promote to @latest on 426 Upgrade Required from engine. See CHANGELOG.md.

Contributors

latest
Loading

v1.1.9 — atomic config write + cmd-injection-safe Windows browser open

14 May 20:52
@cicicalex cicicalex
v1.1.9
5064272

Choose a tag to compare

View all tags
v1.1.9 — atomic config write + cmd-injection-safe Windows browser open

Highlights

  • Config file write is now atomic on all platforms (tmp + fsync + rename). Killing the CLI mid-write no longer leaves a half-written config.toml that would force a re-login next run.
  • Windows zpl login browser launcher switched from cmd /c start "" URL to rundll32 url.dll,FileProtocolHandler URL, plus a https:// + host allowlist check. cmd /c start was open to command injection if the URL ever came from an untrusted source — this hardens it even though our URLs are internal.
  • SECURITY.md fallback contact is now security@zeropointlogic.io.

Install / upgrade

npm install -g zpl-engine-cli@1.1.9

Compatibility

  • Engine: any
  • Node: ≥18 (unchanged)
Loading

v0.1.3 — Forced upgrade check + stability

22 Apr 18:04
@cicicalex cicicalex
v0.1.3
b0f4679

Choose a tag to compare

View all tags
v0.1.3 — Forced upgrade check + stability

What's New

  • Forced upgrade on MAJOR version behind — exit 1, parity with zpl-engine-mcp. Stale clients can't miss a security patch or breaking change.
  • Soft warning on MINOR/PATCH behind — visible in stderr, non-blocking.
  • 1 h on-disk cache at the OS tmpdir so npm isn't hit every invocation.
  • 2.5 s timeout on the npm registry fetch — never blocks CLI startup on slow or unreachable npm.
  • ZPL_SKIP_UPDATE_CHECK=1 escape hatch for offline, self-hosted, or CI contexts.
  • Network errors are swallowed — best-effort, never a DoS on the user.

Why

Without this, CLI users could sit on stale versions indefinitely and miss security patches that the MCP side would force. This brings the CLI to parity with the MCP's upgrade policy.

Files

  • NEW: src/update-check.ts — mirror of MCP's checkLatestVersion logic
  • Updated: src/index.ts — async IIFE wraps commander.parseAsync so the version check runs before any command dispatch
  • Bumped: package.json 0.1.2 → 0.1.3

Install

npm i -g zpl-engine-cli@latest
# or
npx zpl-engine-cli@latest <command>

No Breaking Changes

Additive only. Existing commands unchanged. The new startup check is best-effort and non-blocking on network failure.

Loading