Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 0cfec105df
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
will fixl ater |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 59443ee99f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7ac2ba893f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| !timingSafeEqual( | ||
| Buffer.from(signature, "utf8"), | ||
| Buffer.from(expectedSignature, "utf8") | ||
| ) |
There was a problem hiding this comment.
decodeOpaquePageToken calls timingSafeEqual on user-supplied signature bytes without checking length first, but Node throws RangeError when buffer lengths differ. A malformed page token with a short/long signature will therefore raise an untyped exception instead of returning a deterministic SourceApiInvalidRequestError, which surfaces as an internal failure path once opaque-token pagination is used.
Useful? React with 👍 / 👎.
You can install any of these versions: `npm install -g @onequery/cli@<version>` ## [0.1.22] - 2026-04-10 ### 🚀 Features - *(web)* Update PostHog connection guide (#62) - Prepare landing deployment on cloudflare pages (#66) - Readme self host priority (#67) - *(cli)* Cut over use to source API (#65) <!-- generated - do not edit -->
1 participant
One-Line Summary
Replaces
onequery usewith a source-key based source API client that can describe, dry-run, and execute supported source operations through Connect.User-Facing Changes
onequery usenow requires--source <SOURCE_KEY>and resolves operations against the connected source instead of provider-specific markdown skills.onequery use --source <SOURCE_KEY>now describes the source API surface, while--dry-runreturns a redacted normalized plan before execution.onequery usenow supports source API pagination, slurp, include, silent, jq, typed field patching, raw field patching, and binary/text/JSON response rendering through the same command surface.Why This Changed
The previous
onequery useflow mixed two unrelated responsibilities: markdown skill discovery and direct provider relay execution. That split duplicated source metadata across Rust, protobuf, and TypeScript, bypassed Connect for execution, and kept request validation, authorization, pagination, and output handling fragmented across the stack. Movinguseonto a single source API contract makes the source descriptor, normalization rules, and execution path authoritative on the server, while keeping the CLI responsible for deterministic parsing and rendering.How It Changed
use.protocontract withsource_api.proto, addedDescribeSourceApi,NormalizeSourceApi, andExecuteSourceApiRPCs, and regenerated the CLI transport bindings.onequery useresolves describe, dry-run, and execute modes from explicit state, then validates headers, fields, input, pagination, and selector rules locally before dispatch.useskill registry and direct provider relay path in favor of source-key based descriptor and execution handlers.Bug Fixes
--silent, JSON mode, and verbatim response modes,onequery usenow preserves the intended source API output contract instead of rewrapping or dropping response semantics.Extra Context / Decisions (Optional)
usetransport and skill registry are not kept for backward compatibility.docs/cli-source-api-spec.mdis now the active design reference for this command surface, anddocs/connect-migration-spec.mdis removed.Verification
bun run formatcargo test -p onequery-clibun run proto:checkbunx turbo test --json --filter=@onequery/cli-server --filter=@onequery/serverapps/cli/crates/onequery-cli/src/cli_tests.rsplus the source API, gateway, org, query, and output test modules covering parse outcomes, snapshots, pagination assembly, dry-run rendering, and output-write edge cases.packages/cli-server/src/connect/service/source_api.test.ts,packages/cli-server/src/connect/service/conversions.test.ts, andpackages/server/src/source-api/**/*.test.tscovering authorization, descriptor conversion, normalization, execution, pagination helpers, and adapter content-type handling.Video / Screenshot (Optional)