refactor(cli): wire commandRole into dispatch; doc + comment cleanup
Resolve final-review findings: commandRole is now the single source of truth (Run resolves role once and threads it to handlers, replacing hardcoded openStore roles). Tighten crypto/SKILL/SPEC/USER-MANUAL wording and document init's agent-key-on-first-init-only semantics. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -21,9 +21,8 @@ sets its exit code to match.
|
||||
provided only `EMCLI_KEY` (the agent key), which authorises these commands and nothing else.
|
||||
Account setup, passwords, whitelists, and config are the **user's** job (admin commands that
|
||||
require `EMCLI_ADMIN_KEY`) — do not run or suggest running `account`, `whitelist`, `config`,
|
||||
`audit`, or `init` unless the user explicitly asks you to help administer and confirms they have
|
||||
provided `EMCLI_ADMIN_KEY` in your environment. Attempting admin commands with only `EMCLI_KEY`
|
||||
will be refused by `emcli` with a privilege error.
|
||||
`audit`, or `init`. You have only `EMCLI_KEY` (agent key); `emcli` will refuse admin commands
|
||||
with a privilege error.
|
||||
- **Never touch the secret key.** `EMCLI_KEY` is supplied in the environment by whoever launched
|
||||
you. Do not read it, print it, log it, pass it as an argument, or try to generate one. If it is
|
||||
missing, stop and tell the user (see "Files & first run").
|
||||
|
||||
Reference in New Issue
Block a user