Fix: Vercel and resend triggers

Author: ekaone

src/catalogs/base.ts

@@ -169,7 +169,7 @@ export function validateStep(
     .map((a) => a.flag);
   for (const flag of requiredFlags) {
     const present = step.args.some(
-      (a) => a === flag || a.startsWith(flag + "=") || a.startsWith(flag + " "),
+      (a) => a === flag || a.startsWith(flag + "="),
     );
     if (!present) {
       return {

src/catalogs/resend/index.ts

@@ -5,14 +5,9 @@ const resendCommands: readonly CommandDef[] = [
     name: "emails",
     subcommands: ["send", "get", "list"],
     args: [
-      { flag: "--from", required: true, valueHint: "onboarding@resend.dev" },
-      {
-        flag: "--to",
-        required: true,
-        multiple: true,
-        valueHint: "user@example.com",
-      },
-      { flag: "--subject", required: true },
+      { flag: "--from", valueHint: "onboarding@resend.dev" },
+      { flag: "--to", multiple: true, valueHint: "user@example.com" },
+      { flag: "--subject" },
       { flag: "--html", conflictsWith: "--text" },
       { flag: "--text", conflictsWith: "--html" },
       { flag: "--reply-to", valueHint: "reply@example.com" },
@@ -49,9 +44,9 @@ const resendCommands: readonly CommandDef[] = [
     name: "broadcasts",
     subcommands: ["create", "get", "list", "send", "delete"],
     args: [
-      { flag: "--name", required: true },
-      { flag: "--from", required: true, valueHint: "onboarding@resend.dev" },
-      { flag: "--subject", required: true },
+      { flag: "--name" },
+      { flag: "--from", valueHint: "onboarding@resend.dev" },
+      { flag: "--subject" },
       { flag: "--html" },
       { flag: "--text" },
       { flag: "--json", default: true },
@@ -115,14 +110,12 @@ export const resendCatalog: CatalogModule = {
   commands: resendCommands,
   detectors: [],
   triggers: [
-    "email",
     "resend",
-    "broadcast",
-    "audience",
-    "contact",
-    "webhook",
-    "template",
-    "domain",
+    "send email",
+    "broadcast email",
+    "email audience",
+    "email webhook",
+    "email template",
   ],
   typeEnum: ["resend"],
   buildPrompt() {
@@ -146,6 +139,8 @@ export const resendCatalog: CatalogModule = {
 - Everything after the top-level command goes into args[] as separate tokens.
 - Never include secrets in args[] (no API keys, tokens, passwords). Auth comes from env vars or prior login.
 - Prefer --json flag for non-interactive/automation output.
+- For "emails send": --from, --to, and --subject are required. Include --html or --text (not both).
+- For "broadcasts create/send": --name, --from, and --subject are required for create; only broadcast id needed for send.
 - Do not combine tokens. Example: Good: ["--subject", "Hello world"] Bad: ["--subject Hello world"]
 - If a value contains spaces, keep it as a single element: "Hello world".`,
 };

src/catalogs/vercel/index.ts

@@ -99,11 +99,9 @@ export const vercelCatalog: CatalogModule = {
   commands: vercelCommands,
   detectors: ["vercel.json", ".vercel"],
   triggers: [
-    "deploy",
     "vercel",
-    "serverless",
-    "preview",
-    "production",
+    "vercel deploy",
+    "serverless function",
     "env var",
     "env vars",
   ],

src/guardrails.ts

@@ -9,47 +9,40 @@ const SECRET_PATTERNS = [
   /--token\b/i,
   /--password\b/i,
   /--secret\b/i,
-  /--key\b/i,
+  /^--key$/i,
   /\bsk-[a-zA-Z0-9]{20,}\b/, // OpenAI-style keys
   /\bre_[a-zA-Z0-9]{20,}\b/, // Resend-style keys
   /\bghp_[a-zA-Z0-9]{30,}\b/, // GitHub PATs
   /\bxox[bpas]-[a-zA-Z0-9-]+\b/, // Slack tokens
 ];
 
-const DANGEROUS_KEYWORDS = [
-  /\bdeploy\b/i,
-  /\bpublish\b/i,
-  /\bsend\b/i,
-  /\bdelete\b/i,
-  /\bremove\b/i,
-  /\bdestroy\b/i,
-  /\bpush\b.*\b--force\b/i,
-  /\bdrop\b/i,
-  /\bpurge\b/i,
-  /\boverwrite\b/i,
-];
-
 const MAX_ARG_LENGTH = 500;
 const SHORT_FLAG_PATTERN = /^-[a-zA-Z0-9]{1,3}$/;
 
+export interface GuardrailError {
+  stepId: number;
+  message: string;
+}
+
 export interface GuardrailResult {
   ok: boolean;
-  errors: string[];
+  errors: GuardrailError[];
   warnings: string[];
 }
 
 export function applyGuardrails(steps: Step[]): GuardrailResult {
-  const errors: string[] = [];
+  const errors: GuardrailError[] = [];
   const warnings: string[] = [];
 
   for (const step of steps) {
     // 1. No secrets in args
     for (const arg of step.args) {
       for (const pattern of SECRET_PATTERNS) {
         if (pattern.test(arg)) {
-          errors.push(
-            `Step ${step.id}: potential secret detected in args ("${arg.slice(0, 30)}...") - secrets should come from env vars or prior login`,
-          );
+          errors.push({
+            stepId: step.id,
+            message: `potential secret detected in args ("${arg.slice(0, 30)}...") - secrets should come from env vars or prior login`,
+          });
         }
       }
     }
@@ -62,9 +55,10 @@ export function applyGuardrails(steps: Step[]): GuardrailResult {
         !arg.startsWith("--") &&
         !SHORT_FLAG_PATTERN.test(arg)
       ) {
-        errors.push(
-          `Step ${step.id}: malformed single-dash flag "${arg}" - use short flags like -m or long flags like --message`,
-        );
+        errors.push({
+          stepId: step.id,
+          message: `malformed single-dash flag "${arg}" - use short flags like -m or long flags like --message`,
+        });
       }
       // No giant inline blobs
       if (arg.length > MAX_ARG_LENGTH) {
@@ -73,17 +67,6 @@ export function applyGuardrails(steps: Step[]): GuardrailResult {
         );
       }
     }
-
-    // 3. High-impact confirmation
-    const cmdStr = `${step.command} ${step.args.join(" ")}`.toLowerCase();
-    for (const pattern of DANGEROUS_KEYWORDS) {
-      if (pattern.test(cmdStr)) {
-        warnings.push(
-          `Step ${step.id}: potentially destructive action ("${step.command}") - review carefully`,
-        );
-        break; // one warning per step is enough
-      }
-    }
   }
 
   return {

src/planner.ts

@@ -139,21 +139,10 @@ function findGuardrailFailure(plan: Plan): { failure?: StepFailure; warnings: st
   if (guardrailResult.ok) return { warnings: guardrailResult.warnings };
 
   const firstError = guardrailResult.errors[0];
-  const match = firstError.match(/^Step\s+(\d+):\s*(.+)$/i);
-  if (!match) {
-    return {
-      failure: {
-        stepId: plan.steps[0]?.id ?? 1,
-        reason: firstError,
-      },
-      warnings: guardrailResult.warnings,
-    };
-  }
-
   return {
     failure: {
-      stepId: Number(match[1]),
-      reason: match[2],
+      stepId: firstError.stepId,
+      reason: firstError.message,
     },
     warnings: guardrailResult.warnings,
   };
@@ -477,7 +466,3 @@ export async function generatePlan(
   };
 }
 
-
-
-
-

tests/catalogs-detection.test.ts

@@ -0,0 +1,66 @@
+import { mkdtempSync, mkdirSync, rmSync, writeFileSync } from "fs";
+import { tmpdir } from "os";
+import { join } from "path";
+import { afterEach, describe, expect, it } from "vitest";
+import { detectCatalogs } from "../src/catalogs/index.js";
+
+const tempDirs: string[] = [];
+
+function makeTempDir(): string {
+  const dir = mkdtempSync(join(tmpdir(), "json-cli-catalogs-"));
+  tempDirs.push(dir);
+  return dir;
+}
+
+afterEach(() => {
+  while (tempDirs.length > 0) {
+    const dir = tempDirs.pop();
+    if (dir) rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+describe("catalog auto-detection", () => {
+  it("detects trigger-based catalogs without --catalogs", () => {
+    const cwd = makeTempDir();
+    const catalogs = detectCatalogs(
+      cwd,
+      undefined,
+      "deploy to vercel production then send email",
+    ).map((c) => c.name);
+
+    expect(catalogs).toContain("vercel");
+    expect(catalogs).toContain("resend");
+    expect(catalogs).toContain("fs");
+    expect(catalogs).toContain("shell");
+  });
+
+  it("detects file-based catalogs from project structure", () => {
+    const cwd = makeTempDir();
+    writeFileSync(join(cwd, "package.json"), '{"name":"tmp"}');
+    mkdirSync(join(cwd, ".git"));
+    writeFileSync(join(cwd, "vercel.json"), "{}");
+
+    const catalogs = detectCatalogs(cwd).map((c) => c.name);
+    expect(catalogs).toContain("package");
+    expect(catalogs).toContain("git");
+    expect(catalogs).toContain("vercel");
+  });
+
+  it("uses forced catalogs only when --catalogs is provided", () => {
+    const cwd = makeTempDir();
+    const catalogs = detectCatalogs(
+      cwd,
+      ["resend"],
+      "deploy to vercel and send email",
+    ).map((c) => c.name);
+
+    expect(catalogs).toEqual(["resend"]);
+  });
+
+  it("throws on unknown forced catalog", () => {
+    const cwd = makeTempDir();
+    expect(() => detectCatalogs(cwd, ["unknown"])).toThrow(
+      'Unknown catalog "unknown"',
+    );
+  });
+});

tests/guardrails.test.ts

@@ -32,6 +32,7 @@ describe("applyGuardrails flag checks", () => {
 
     const result = applyGuardrails(steps);
     expect(result.ok).toBe(false);
-    expect(result.errors[0]).toContain("malformed single-dash flag");
+    expect(result.errors[0].stepId).toBe(1);
+    expect(result.errors[0].message).toContain("malformed single-dash flag");
   });
 });

tests/resend.test.ts

@@ -32,20 +32,18 @@ describe("resend catalog validation", () => {
     expect(result.valid).toBe(true);
   });
 
-  it("rejects resend emails send step missing required flags", () => {
+  it("accepts resend emails list step without send-specific flags", () => {
     const step: Step = {
       id: 1,
       type: "resend",
       command: "emails",
-      args: ["send", "--from", "no-reply@support.com", "--to", "ekaone@gmail.com"],
-      description: "Missing subject",
+      args: ["list", "--json"],
+      description: "List emails",
       cwd: null,
     };
 
     const result = validateStep(step, catalogMap);
-    expect(result.valid).toBe(false);
-    expect(result.reason).toContain("Missing required flag");
-    expect(result.reason).toContain("--subject");
+    expect(result.valid).toBe(true);
   });
 
   it("rejects conflicting --html and --text flags", () => {