Skip to content

docs(peek-cli): document connect + sessions search; refresh whats-new + THREATMODEL header#149

Merged
harry-harish merged 2 commits into
mainfrom
docs/pre-release-cli-readme-whatsnew
Jul 8, 2026
Merged

docs(peek-cli): document connect + sessions search; refresh whats-new + THREATMODEL header#149
harry-harish merged 2 commits into
mainfrom
docs/pre-release-cli-readme-whatsnew

Conversation

@harry-harish

@harry-harish harry-harish commented Jul 8, 2026

Copy link
Copy Markdown
Member

Summary

Pre-release doc fix so the next npm alpha ships with correct docs. Three edits:

  1. packages/peek-cli/README.md — adds peek sessions search (all flags: --q, --origin, --since, --until, --status, --errors, --limit, --json) and the full peek connect subcommand surface (add <surface> [--name] [--command] [--args=<a>], list, remove, start, stop, status [name], logs [name] [--follow] [--lines N]) to the Commands code block. Also adds a ### Connector daemon subsection explaining the supervised-daemon architecture (registry in ~/.peek/connect/connectors.json, detached supervisor, per-connector log files).

  2. apps/peek-docs/src/pages/whats-new.astro — adds three new sections (5, 6, 7) for shipped-but-unlisted items: search_sessions / verify_audit_log CLI + MCP tools, the peek connect supervised connector daemon (Slack surface), and the Claude Code plugin (peekdev@peek). Consistent with the existing entry format; no version numbers invented.

  3. docs/peek/THREATMODEL.md — replaces the stale "stub / to be filled in before CWS submission" header with an accurate "substantive" status. The body already covers all eight attack surfaces with mitigations; the header was the only stale part. Residual gaps (content-script isolation, fuzz coverage, CWS 2FA recovery, CDP UX wording, schema versioning) are noted as accepted pre-1.0 scope.

Changeset: .changeset/peek-cli-readme-connect-search.md@peekdev/cli patch, since the README is in a published package. The whats-new.astro and THREATMODEL.md are app/docs files with no changeset needed.

Build/lint: pnpm build (all 16 packages + both Astro docs sites) and pnpm lint (biome, 588 files) both pass clean.

🤖 Generated with Claude Code

Summary by CodeRabbit

  • New Features

    • Added support for searching sessions from the CLI with rich filters and JSON output.
    • Added a supervised connector workflow for managing background connectors, including status, logs, start/stop, and add/remove actions.
    • Introduced an easier one-line install flow for the Claude Code integration.
  • Documentation

    • Expanded CLI and docs site guidance for new commands, connector-daemon usage, and updated security/threat-model information.

…s-new + THREATMODEL header

- packages/peek-cli/README.md: add peek sessions search and peek connect
  (add/list/remove/start/stop/status/logs) to the Commands code block; add a
  "Connector daemon" subsection describing the supervised daemon architecture.
- apps/peek-docs/src/pages/whats-new.astro: add sections 5-7 for
  search_sessions/verify_audit_log, peek connect daemon, and the Claude Code
  plugin (peekdev@peek) — all shipped but previously unlisted.
- docs/peek/THREATMODEL.md: replace the stub header with an accurate
  "substantive" status noting the extension is CWS-live and residual gaps are
  accepted pre-1.0 scope.
- .changeset/peek-cli-readme-connect-search.md: patch changeset for the
  README documentation update.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: harry-harish <22562634+harry-harish@users.noreply.github.com>
@harry-harish

Copy link
Copy Markdown
Member Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@harry-harish, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 34 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 10e1d760-ab6c-4bf7-8929-6255f354e391

📥 Commits

Reviewing files that changed from the base of the PR and between 4a22113 and 64fb3a2.

📒 Files selected for processing (4)
  • .changeset/peek-cli-readme-connect-search.md
  • apps/peek-docs/src/pages/whats-new.astro
  • docs/peek/THREATMODEL.md
  • packages/peek-cli/README.md
📝 Walkthrough

Walkthrough

This PR is documentation-only: it adds a changeset for @peekdev/cli, expands the CLI README with peek sessions search and peek connect daemon documentation, adds three changelog entries to the "what's new" page, and substantively expands the threat model with attack surfaces, mitigations, and delegated-consent design details.

Changes

Documentation Updates

Layer / File(s) Summary
Changeset entry
.changeset/peek-cli-readme-connect-search.md
Adds a patch-version changeset noting README updates for peek connect and peek sessions search.
CLI README command docs
packages/peek-cli/README.md
Documents peek sessions search filters, the full peek connect subcommand set (add/list/remove/start/stop/status/logs), and a new "Connector daemon" section covering storage paths, usage example, and --args/--command flags.
Changelog entries
apps/peek-docs/src/pages/whats-new.astro
Adds three "what's new" entries: session search and audit hash-chain verification (with MCP tools), supervised connect daemon for Slack, and one-line Claude Code plugin install.
Threat model expansion
docs/peek/THREATMODEL.md
Updates document status from draft to substantive; adds attack surfaces, mitigations already in place, outstanding pre-1.0 items, delegated-consent (SP3b/SP4) design, unconditional local guards, auditability notes, an attack-surface table, and cross-references.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main docs updates: connect and sessions search, plus whats-new and THREATMODEL header refresh.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch docs/pre-release-cli-readme-whatsnew

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
docs/peek/THREATMODEL.md (1)

48-49: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Remove the leftover stub wording.

"To be expanded inline once the real threat model is written" still reads like an unfinished draft and clashes with the new substantive status in the header. Drop or rewrite it so the file reflects its current state.

♻️ Minimal cleanup
-Reference Phase 4a/c artifacts and ADRs. To be expanded inline once the real threat model is written.
+Reference Phase 4a/c artifacts and ADRs.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/peek/THREATMODEL.md` around lines 48 - 49, Remove the leftover
draft/stub sentence in the THREATMODEL content and replace it with wording that
matches the current substantive state. Update the referenced threat model
section so it no longer says “To be expanded inline once the real threat model
is written,” and make the text align with the existing Phase 4a/c artifacts and
ADR references.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@apps/peek-docs/src/pages/whats-new.astro`:
- Around line 168-170: The CLI docs are missing the implemented peek audit
bundle subcommand, leaving the documented command list out of sync with the
router and release note. Update the command list in whats-new.astro to include
peek audit bundle alongside the existing audit commands, matching the
implemented surface in the audit CLI so the docs reflect log, verify, and bundle
consistently.

---

Outside diff comments:
In `@docs/peek/THREATMODEL.md`:
- Around line 48-49: Remove the leftover draft/stub sentence in the THREATMODEL
content and replace it with wording that matches the current substantive state.
Update the referenced threat model section so it no longer says “To be expanded
inline once the real threat model is written,” and make the text align with the
existing Phase 4a/c artifacts and ADR references.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 0e46d258-3730-485e-8ab9-b39051492e8f

📥 Commits

Reviewing files that changed from the base of the PR and between 4a22113 and c206e38.

📒 Files selected for processing (4)
  • .changeset/peek-cli-readme-connect-search.md
  • apps/peek-docs/src/pages/whats-new.astro
  • docs/peek/THREATMODEL.md
  • packages/peek-cli/README.md

Comment thread apps/peek-docs/src/pages/whats-new.astro
CodeRabbit flagged the audit command list as out of sync: it showed only
`log` and `verify` and omitted the shipped `peek audit bundle` subcommand.

- Add `peek audit bundle [--dir <path>] [--out <file>]` to the Commands block.
- Update `peek audit verify` to show its real flags (`--dir`, `--bundle`,
  `--json`) in both the Commands block and the Audit-log-integrity prose.
- Add a parallel prose sentence describing `peek audit bundle` and how a
  recipient verifies a received *.peekaudit archive.

Flags sourced verbatim from packages/peek-cli/src/commands/audit.ts USAGE and
audit-bundle.ts. Docs-only; changeset unchanged (@peekdev/cli patch).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: harry-harish <22562634+harry-harish@users.noreply.github.com>
@harry-harish

Copy link
Copy Markdown
Member Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@harry-harish

Copy link
Copy Markdown
Member Author

@coderabbitai full review

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
✅ Action performed

Full review finished.


Your plan includes PR reviews subject to rate limits. More reviews will be available in 34 minutes.

@harry-harish harry-harish merged commit c4d65b0 into main Jul 8, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant