Skip to content

Releases: 1set/starcli

v0.1.2

Choose a tag to compare

@github-actions github-actions released this 22 Jun 16:16
4233d4a

Changelog

  • 4233d4a: [build] goreleaser cross-platform binaries + release workflow (STAR-53) (#24) (@vt128)

starcli v0.1.1 — Sure Footing

Choose a tag to compare

@vt128 vt128 released this 22 Jun 07:10
6129e13

The breadth StarCLI shipped in First Light is now wired, tested, and portable.

⚠️ Behavior changes

  • Host command execution (cmd) is off by default. Opt in with --allow-cmd (run any command) or the new --dangerously-allow-all. Previously cmd loaded but run() never executed (a wiring gap); the flags now genuinely enable it.

Added

  • Seven more domain modules wired into the default set — cache, emoji, qrcode, totp, liquid, toml, yaml (all pure; loadable even under --caps safe).
  • --dangerously-allow-all: one flag opens network + filesystem + host command execution of any command.
  • Embedded IANA time-zone database, so named time zones resolve in minimal / scratch / distroless images and slim binaries.

Fixed

  • --allow-cmd now actually enables command execution (it was previously a no-op).

Quality & internals

  • End-to-end test suite that builds the binary and runs sample scripts (asserting stdout + exit), web-server handler httptest coverage, and real domain-module integration (sqlite / markdown / gum); the web package went from 0% to 50% coverage.
  • Logging and terminal initialization consolidated onto zap, the standard library, and golang.org/x/sys.

Built test-first on Go 1.25; CI green across ubuntu / macOS / Windows.

starcli v0.1.0 — First Light

Choose a tag to compare

@vt128 vt128 released this 21 Jun 17:18
0ea78e4

starcli is the turnkey command-line interpreter for the Star* ecosystem — it
wires Google's Starlark-in-Go (via starbox + starlet + the starpkg
domain modules) into a single executable that runs .star scripts. It is the
ecosystem's front door: python to its CPython.

This first release was built test-first — a characterization safety net was
laid over the legacy code, the internals were refactored behind it, and every
feature since landed with tests, a race + coverage gate, and a Docker floor
check.

Run modes

REPL · direct code (-c) · a script file · a web server (-w).

Modules out of the box

The Starlark stdlib (math, json, re, time, string, struct, …) plus
the starpkg domain modules: sys, gum, cmd, email, llm, markdown,
sqlite, web, and an args parser.

Capabilities — secure when you want it

  • Open by default: every wired module loads, so scripts just work.
  • Tighten on purpose with --caps safe|network|full (or the STAR_CAPS env var)
    and the granular --allow-net / --allow-fs / --allow-cmd.
  • Host command execution (cmd) is gated alone — never granted by a tier,
    not even full.

Guardrails

  • Execution budgets: --max-steps bounds runaway loops, --max-output caps
    result size.
  • Classified exit codes: 2 syntax · 3 compile · 4 module-withheld ·
    5 max-steps · 6 output-limit.
  • --check resolves a script without running it, reporting
    file:line:col: message.

Output & I/O

  • --record <file> saves the complete session transcript (stdout + stderr)
    for replay and review.
  • --log-file <file> + --log-format console|json route the script log
    module to a file.
  • sys.read() / lazy sys.lines() / sys.isatty() consume piped stdin data.
  • An argparse-style args module (ArgumentParseradd_argument
    parse_args) for the script's own arguments.

Behavior notes

  • The capability posture is open by default — sandboxing is opt-in.
  • Built on Go 1.25 (gum v0.2.0 / Charm v2).

Built on starbox v0.2.0 · starlet v0.2.2 · gum v0.2.0 · go.starlark.net (ffb3f39 baseline).