fix: harden client validation and secret stdin handling

Validate SDK auth, billing, email, and project inputs before network requests.

Stream MCP blob local_path uploads through upload sessions and map local file errors.

Support run402 secrets set from stdin sources and document the safer flow.

Author: MajorTal

cli-argv.test.mjs

@@ -578,6 +578,65 @@ describe("2026-05 CLI bug backlog argv validation", () => {
     assert.ok(call, `expected secrets set request, got ${JSON.stringify(calls)}`);
     assert.equal(JSON.parse(call.init.body).value, "");
   });
+
+  it("GH-336: secrets set --stdin reads the secret from stdin", async () => {
+    const { readSecretValueForSet } = await import("./cli/lib/secrets.mjs");
+    const value = readSecretValueForSet(["--stdin"], [], {
+      readStdin: () => "pipe_secret",
+    });
+
+    assert.equal(value, "pipe_secret");
+    assert.equal(calls.length, 0, "stdin value resolution must not hit the network");
+  });
+
+  it("GH-336: secrets set --file stdin aliases read stdin", async () => {
+    const { readSecretValueForSet } = await import("./cli/lib/secrets.mjs");
+    const seen = [];
+    const readers = {
+      readStdin: () => "pipe_secret",
+      readFile: (path) => {
+        seen.push(["readFile", path]);
+        return "file_secret";
+      },
+      validateFile: (path) => {
+        seen.push(["validateFile", path]);
+      },
+    };
+
+    assert.equal(readSecretValueForSet(["--file", "/dev/stdin"], [], readers), "pipe_secret");
+    assert.equal(readSecretValueForSet(["--file", "-"], [], readers), "pipe_secret");
+    assert.deepEqual(seen, []);
+    assert.equal(calls.length, 0, "stdin value resolution must not hit the network");
+  });
+
+  it("GH-336: secrets set normal --file still validates and reads the file", async () => {
+    const { readSecretValueForSet } = await import("./cli/lib/secrets.mjs");
+    const seen = [];
+    const value = readSecretValueForSet(["--file", "./secret.txt"], [], {
+      validateFile: (path, flag) => seen.push(["validateFile", path, flag]),
+      readFile: (path) => {
+        seen.push(["readFile", path]);
+        return "file_secret";
+      },
+    });
+
+    assert.equal(value, "file_secret");
+    assert.deepEqual(seen, [
+      ["validateFile", "./secret.txt", "--file"],
+      ["readFile", "./secret.txt"],
+    ]);
+    assert.equal(calls.length, 0, "file value resolution must not hit the network");
+  });
+
+  it("GH-336: secrets set rejects inline values combined with --stdin", async () => {
+    const { readSecretValueForSet } = await import("./cli/lib/secrets.mjs");
+    const err = await expectExit1(() =>
+      readSecretValueForSet(["--stdin"], ["inline"], { readStdin: () => "pipe_secret" }));
+
+    assert.equal(err.code, "BAD_USAGE");
+    assert.match(err.message, /exactly one secret value source/);
+    assert.equal(calls.length, 0, "invalid value source selection must not hit the network");
+  });
 });
 
 describe("--flag=value", () => {

cli-e2e.test.mjs

@@ -2876,6 +2876,7 @@ describe("CLI e2e happy path", () => {
 
   it("secrets set", async () => {
     const { run } = await import("./cli/lib/secrets.mjs");
+    await seedTestProject();
     captureStart();
     await run("set", ["prj_test123", "TEST_KEY", "secret_value"]);
     captureStop();
@@ -2885,6 +2886,7 @@ describe("CLI e2e happy path", () => {
   it("secrets set --file", async () => {
     const { run } = await import("./cli/lib/secrets.mjs");
     const { writeFileSync: wf } = await import("node:fs");
+    await seedTestProject();
     const valPath = join(tempDir, "secret.txt");
     wf(valPath, "file_secret_value");
     captureStart();

cli/README.md

@@ -136,6 +136,7 @@ import { db, adminDb, getUser, email, ai } from "@run402/functions";
 
 ```bash
 run402 secrets set <id> OPENAI_API_KEY --file ./.secrets/openai-key
+printf %s "$OPENAI_API_KEY" | run402 secrets set <id> OPENAI_API_KEY --stdin
 run402 secrets list <id>
 run402 deploy apply --manifest run402.deploy.json   # manifest uses secrets.require, not values
 ```

cli/lib/secrets.mjs

@@ -9,12 +9,13 @@ Usage:
   run402 secrets <subcommand> [args...]
 
 Subcommands:
-  set    <id> <key> <value> [--file <path>]  Set a secret on a project
+  set    <id> <key> <value> [--file <path>|--stdin]  Set a secret on a project
   list   <id>                  List all secrets for a project
   delete <id> <key>            Delete a secret from a project
 
 Examples:
   run402 secrets set prj_abc123 STRIPE_KEY --file ./.secrets/stripe-key
+  printf %s "$STRIPE_KEY" | run402 secrets set prj_abc123 STRIPE_KEY --stdin
   run402 secrets set prj_abc123 TLS_CERT --file cert.pem
   run402 secrets list prj_abc123
   run402 secrets delete prj_abc123 STRIPE_KEY
@@ -31,22 +32,25 @@ const SUB_HELP = {
 Usage:
   run402 secrets set <id> <key> <value> [--file <path>]
   run402 secrets set <id> <key> --file <path>
+  run402 secrets set <id> <key> --stdin
 
 Arguments:
   <id>                Project ID (from 'run402 projects list')
   <key>               Secret key name (exposed as process.env.<key>)
   <value>             Inline secret value (omit if using --file)
 
 Options:
-  --file <path>       Read the secret value from a file instead of inline
+  --file <path>       Read the secret value from a file instead of inline. Use - or /dev/stdin to read stdin.
+  --stdin             Read the secret value from stdin until EOF
 
 Notes:
   - Secrets are injected as process.env in serverless functions
   - Values are write-only; 'list' cannot verify values by hash
-  - Prefer --file for real secrets so values do not land in shell history
+  - Prefer --file or --stdin for real secrets so values do not land in shell history
 
 Examples:
   run402 secrets set prj_abc123 STRIPE_KEY --file ./.secrets/stripe-key
+  printf %s "$STRIPE_KEY" | run402 secrets set prj_abc123 STRIPE_KEY --stdin
   run402 secrets set prj_abc123 TLS_CERT --file cert.pem
 `,
   list: `run402 secrets list — List all secrets for a project
@@ -77,25 +81,44 @@ Examples:
 `,
 };
 
+export function readSecretValueForSet(parsedArgs, values, readers = {}) {
+  const readStdin = readers.readStdin ?? (() => readFileSync(0, "utf-8"));
+  const readFile = readers.readFile ?? ((path) => readFileSync(path, "utf-8"));
+  const validateFile = readers.validateFile ?? validateRegularFile;
+  const file = flagValue(parsedArgs, "--file");
+  const stdinRequested = parsedArgs.includes("--stdin");
+  const stdinFile = file === "-" || file === "/dev/stdin";
+  const valueSources = [
+    values.length === 1 ? "inline value" : null,
+    file ? "--file" : null,
+    stdinRequested ? "--stdin" : null,
+  ].filter(Boolean);
+
+  if (valueSources.length > 1) {
+    fail({ code: "BAD_USAGE", message: `Provide exactly one secret value source, got: ${valueSources.join(", ")}.` });
+  }
+  if (file && !stdinFile) validateFile(file, "--file");
+
+  if (stdinRequested || stdinFile) return readStdin();
+  if (file) return readFile(file);
+  if (values.length === 1) return values[0];
+  return undefined;
+}
+
 async function set(projectId, key, args = []) {
   const parsedArgs = normalizeArgv(args);
   const valueFlags = ["--file"];
-  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  assertKnownFlags(parsedArgs, [...valueFlags, "--stdin", "--help", "-h"], valueFlags);
   const values = positionalArgs(parsedArgs, valueFlags);
   if (values.length > 1) {
     fail({ code: "BAD_USAGE", message: `Unexpected argument for secrets set: ${values[1]}` });
   }
-  const file = flagValue(parsedArgs, "--file");
-  if (file && values.length > 0) {
-    fail({ code: "BAD_USAGE", message: "Provide either an inline value or --file, not both." });
-  }
-  if (file) validateRegularFile(file, "--file");
-  const val = file ? readFileSync(file, "utf-8") : values.length === 1 ? values[0] : undefined;
+  const val = readSecretValueForSet(parsedArgs, values);
   if (val === undefined) {
     fail({
       code: "BAD_USAGE",
       message: "Missing secret value.",
-      hint: "Provide inline or use --file <path>",
+      hint: "Provide inline, use --file <path>, or pipe with --stdin.",
     });
   }
   try {

cli/llms-cli.txt

@@ -753,9 +753,9 @@ Deploying a scheduled function beyond your tier's limit returns a 403 error. Upg
 Secrets available as `process.env` (see secrets below).
 
 ### secrets
-Injected as `process.env` in functions. Values are write-only — `list` returns keys and timestamps only, never values or value-derived hashes. Prefer `--file` for real values so they do not land in shell history.
+Injected as `process.env` in functions. Values are write-only — `list` returns keys and timestamps only, never values or value-derived hashes. Prefer `--file` or `--stdin` for real values so they do not land in shell history. `--file -` and `--file /dev/stdin` read stdin too.
 
-- `run402 secrets set <id> <KEY> [<VALUE>] [--file <path>]`
+- `run402 secrets set <id> <KEY> [<VALUE>] [--file <path>|--stdin]`
 - `run402 secrets <list|delete> <id> [<KEY>]`
 
 ### blob (primary storage API)

openclaw/SKILL.md

@@ -490,6 +490,7 @@ Injected as `process.env.<KEY>` inside every function. Values are write-only —
 
 ```bash
 run402 secrets set    <id> STRIPE_KEY --file ./.secrets/stripe-key
+printf %s "$STRIPE_KEY" | run402 secrets set <id> STRIPE_KEY --stdin
 run402 secrets set    <id> JWT_PRIVATE --file ./private.pem
 run402 secrets list   <id>
 run402 secrets delete <id> STALE_KEY

sdk/src/namespaces/auth.test.ts

@@ -11,6 +11,11 @@ import assert from "node:assert/strict";
 import { Run402 } from "../index.js";
 import { LocalError, ProjectNotFound } from "../errors.js";
 import type { CredentialsProvider } from "../credentials.js";
+import type {
+  CreateAuthUserOptions,
+  MagicLinkOptions,
+  SetPasswordOptions,
+} from "./auth.js";
 
 interface FetchCall {
   url: string;
@@ -129,6 +134,22 @@ describe("auth.settings", () => {
     assert.equal(calls.length, 0);
   });
 
+  it("rejects unknown settings keys before requesting", async () => {
+    const { fetch, calls } = mockFetch(() => {
+      throw new Error("unexpected fetch for unknown auth setting");
+    });
+    const sdk = makeSdk(makeCreds(), fetch);
+
+    await assert.rejects(
+      sdk.auth.settings("prj_known", { allow_passwrod_login: true } as any),
+      (err: unknown) =>
+        err instanceof LocalError &&
+        err.context === "updating auth settings" &&
+        /Unknown auth settings field: allow_passwrod_login/.test(err.message),
+    );
+    assert.equal(calls.length, 0);
+  });
+
   it("throws ProjectNotFound for unknown ids before hitting the network", async () => {
     const { fetch, calls } = mockFetch(() => jsonResponse({}));
     const sdk = makeSdk(makeCreds(), fetch);
@@ -211,6 +232,28 @@ describe("auth.requestMagicLink", () => {
     );
     assert.equal(calls.length, 0);
   });
+
+  it("rejects malformed email, redirect URL, and intent before requesting", async () => {
+    const invalid: MagicLinkOptions[] = [
+      { email: "not an email", redirectUrl: "https://app.example.com/callback" },
+      { email: "user@example.com", redirectUrl: "javascript:alert(1)" },
+      { email: "user@example.com", redirectUrl: "https://app.example.com/callback", intent: "bogus" as any },
+    ];
+
+    for (const opts of invalid) {
+      const { fetch, calls } = mockFetch(() => {
+        throw new Error("unexpected fetch for invalid magic-link options");
+      });
+      const sdk = makeSdk(makeCreds(), fetch);
+      await assert.rejects(
+        sdk.auth.requestMagicLink("prj_known", opts),
+        (err: unknown) =>
+          err instanceof LocalError &&
+          err.context === "requesting magic link",
+      );
+      assert.equal(calls.length, 0);
+    }
+  });
 });
 
 describe("auth.createUser", () => {
@@ -245,6 +288,43 @@ describe("auth.createUser", () => {
       client_state: "state-1",
     });
   });
+
+  it("rejects malformed email and redirect URL before requesting", async () => {
+    const invalid: CreateAuthUserOptions[] = [
+      { email: "not an email" },
+      { email: "admin@example.com", redirectUrl: "javascript:alert(1)" },
+    ];
+
+    for (const opts of invalid) {
+      const { fetch, calls } = mockFetch(() => {
+        throw new Error("unexpected fetch for invalid admin user options");
+      });
+      const sdk = makeSdk(makeCreds(), fetch);
+      await assert.rejects(
+        sdk.auth.createUser("prj_known", opts),
+        (err: unknown) =>
+          err instanceof LocalError &&
+          err.context === "creating auth user",
+      );
+      assert.equal(calls.length, 0);
+    }
+  });
+
+  it("inviteUser reuses createUser validation", async () => {
+    const { fetch, calls } = mockFetch(() => {
+      throw new Error("unexpected fetch for invalid invite user options");
+    });
+    const sdk = makeSdk(makeCreds(), fetch);
+
+    await assert.rejects(
+      sdk.auth.inviteUser("prj_known", {
+        email: "bad",
+        redirectUrl: "javascript:alert(1)",
+      }),
+      LocalError,
+    );
+    assert.equal(calls.length, 0);
+  });
 });
 
 describe("auth.passkeys", () => {
@@ -375,4 +455,46 @@ describe("auth.setUserPassword", () => {
     );
     assert.equal(calls.length, 0);
   });
+
+  it("rejects empty access token, new password, and current password before requesting", async () => {
+    const invalid: SetPasswordOptions[] = [
+      { accessToken: "", newPassword: "new-password" },
+      { accessToken: "user_jwt", newPassword: "" },
+      { accessToken: "user_jwt", newPassword: "new-password", currentPassword: "" },
+    ];
+
+    for (const opts of invalid) {
+      const { fetch, calls } = mockFetch(() => {
+        throw new Error("unexpected fetch for invalid password options");
+      });
+      const sdk = makeSdk(makeCreds(), fetch);
+      await assert.rejects(
+        sdk.auth.setUserPassword("prj_known", opts),
+        (err: unknown) =>
+          err instanceof LocalError &&
+          err.context === "setting user password",
+      );
+      assert.equal(calls.length, 0);
+    }
+  });
+});
+
+describe("auth.verifyMagicLink", () => {
+  it("rejects empty or non-string tokens before requesting", async () => {
+    const invalid = ["", null, 42];
+
+    for (const token of invalid) {
+      const { fetch, calls } = mockFetch(() => {
+        throw new Error("unexpected fetch for invalid magic-link token");
+      });
+      const sdk = makeSdk(makeCreds(), fetch);
+      await assert.rejects(
+        sdk.auth.verifyMagicLink("prj_known", token as any),
+        (err: unknown) =>
+          err instanceof LocalError &&
+          err.context === "verifying magic link",
+      );
+      assert.equal(calls.length, 0);
+    }
+  });
 });