[subtask] [Subtask 2/4] Implement `wassette secret` CLI commands over IPC

[github-actions]

Parent Issue: #177

Objective

Implement the wassette secret CLI commands that communicate with the running Wassette server via IPC to dynamically manage secrets without requiring server restart.

Context

Building on the IPC server infrastructure from Subtask 1, this task implements the client-side CLI commands that allow users to set, delete, and list secrets for running components. This replaces the current file-based CLI with dynamic IPC-based commands.

Implementation Details

Files to Create/Modify

• New file: src/ipc_client.rs - IPC client for CLI commands
• Modify: src/commands.rs - Update SecretCommands to support IPC mode
• Modify: src/main.rs - Wire up IPC client for secret commands
• New file: crates/wassette/src/ipc_protocol.rs - Shared protocol definitions

Key Implementation Points

IPC Client Implementation:

• Connect to Unix domain socket or Windows named pipe
• Send JSON requests, receive JSON responses
• Handle connection failures with helpful error messages
• Timeout handling for unresponsive server

CLI Command Updates:

1. wassette secret set --component COMPONENT_ID KEY=VALUE

   • Non-interactive mode (default): read from args
   • Interactive mode with --stdin: read from stdin pipe
   • Support multiple KEY=VALUE pairs in one command
   • Example: echo "API_KEY=secret" | wassette secret set --component weather --stdin

2. wassette secret delete --component COMPONENT_ID KEY [KEY...]

   • Delete one or more secret keys
   • Confirm deletion unless --yes flag provided

3. wassette secret list --component COMPONENT_ID [--show-values]

   • List all secrets for a component (keys only by default)
   • With --show-values: prompt for confirmation, then show values
   • Skip confirmation with --yes flag

Protocol Definitions (ipc_protocol.rs):

#[derive(Serialize, Deserialize)]
pub enum IpcCommand {
    SetSecret { component_id: String, key: String, value: SecretString },
    DeleteSecret { component_id: String, key: String },
    ListSecrets { component_id: String, show_values: bool },
}

#[derive(Serialize, Deserialize)]
pub enum IpcResponse {
    Success { message: String },
    SecretsList { secrets: HashMap(String, Option<String)> },
    Error { message: String },
}

Error Handling:

• Detect when server is not running → helpful error message
• Detect connection permission failures → explain authentication issue
• Handle malformed responses from server
• Provide actionable error messages for users

Acceptance Criteria

• wassette secret set successfully sets secrets via IPC
• wassette secret delete successfully deletes secrets via IPC
• wassette secret list successfully lists secrets via IPC
• --stdin flag works for secure secret input
• --show-values prompts for confirmation before showing values
• --yes flag skips confirmation prompts
• Clear error message when server is not running
• Clear error message when connection is denied due to permissions
• CLI commands work on both Unix/macOS and Windows
• Documentation updated with new CLI usage examples

Testing Strategy

• Integration tests with running IPC server
• Test all command variations (with/without flags)
• Test error conditions:
  • Server not running
  • Invalid component ID
  • Permission denied
  • Network timeouts
• Test stdin input mode for secrets
• Cross-platform tests (Unix and Windows)

Dependencies

Required: Subtask 1 (IPC server infrastructure) must be completed first.

Example Usage

# Terminal 1: Start Wassette server
wassette serve --sse

# Terminal 2: Set secrets dynamically
wassette secret set --component weather API_KEY=secret123
echo "TOKEN=ghp_abc123" | wassette secret set --component github --stdin

# List secrets
wassette secret list --component weather
wassette secret list --component weather --show-values --yes

# Delete secrets
wassette secret delete --component weather API_KEY

Notes

• Maintain backward compatibility with file-based secrets for now
• Consider migration path from file-based to IPC-based in future
• Use secrecy crate to protect secret values in memory
• Ensure secrets are zeroized after transmission
  Related to Proposal: secret injection and management #177

AI generated by Plan for #177

[asw101]

Closing [subtask]s of parent issues.