Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@cubis/foundry

Package Overview
Dependencies
Maintainers
2
Versions
52
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@cubis/foundry - npm Package Compare versions

Comparing version
0.3.15
 to
0.3.16
+1
-1
package.json
{
"name": "@cubis/foundry",
"version": "0.3.15",
"version": "0.3.16",
"description": "Cubis Foundry CLI for workflow-first AI agent environments",

@@ -5,0 +5,0 @@ "type": "module",

+42
-1
README.md

@@ -23,2 +23,19 @@ # Cubis Foundry CLI (`cbx`)

## Quick Setup (Simple)
```bash
# 1) Install CLI
npm install -g @cubis/foundry
# 2) Set Postman key once (recommended: env mode)
export POSTMAN_API_KEY="<your-postman-api-key>"
# 3) Install workflow bundle for your platform
cbx workflows install --platform codex --bundle agent-environment-setup --postman --yes
# 4) Optional: install for other platforms too
cbx workflows install --platform antigravity --bundle agent-environment-setup --postman --yes
cbx workflows install --platform copilot --bundle agent-environment-setup --postman --yes
```
## Command Model

@@ -40,2 +57,5 @@

cbx workflows install --platform codex --postman --postman-workspace-id null
cbx workflows install --platform codex --postman --postman-api-key "<key>"
cbx workflows install --platform antigravity --postman
cbx workflows install --platform copilot --postman
```

@@ -45,5 +65,12 @@

- `cbx workflows install` now also bootstraps `ENGINEERING_RULES.md` and `TECH.md` (creates when missing; keeps existing files unless explicitly regenerated).
- Optional `--postman` bootstrap creates `postman_setting.json` and installs/configures the Postman skill.
- Optional `--postman` bootstrap creates `postman_setting.json` and installs/configures the Postman skill/MCP for Codex, Antigravity, and Copilot.
- Use `cbx rules init --platform <platform> --overwrite` to force-regenerate both files.
Postman setup behavior:
- `postman_setting.json` is generated in project root (or `~/.cbx/postman_setting.json` with `--scope global`).
- Env-first auth is supported: when `POSTMAN_API_KEY` is set, generated settings keep `apiKey: null` and MCP config uses `Bearer ${POSTMAN_API_KEY}`.
- Inline auth is supported with `--postman-api-key <key>`.
- `--postman-workspace-id null` writes JSON `null` for `defaultWorkspaceId`.
- In project scope, `postman_setting.json` is auto-added to `.gitignore` (no duplicate entries).
`rules` manages strict engineering policy and a generated codebase tech map:

@@ -66,2 +93,10 @@

`TECH.md` scanner coverage (deterministic, no AI calls):
- Language/file signals from workspace scan.
- JS/TS package signals from `package.json` (including nested/monorepo package files).
- Flutter/Dart package signals from `pubspec.yaml`.
- Go module signals from `go.mod`.
- Python package signals from `requirements*.txt` and `pyproject.toml`.
- Rust crate signals from `Cargo.toml`.
### Deprecated Alias

@@ -324,2 +359,8 @@

Run TECH.md scanner integration tests:
```bash
npm run test:tech-md
```
Run full workflow smoke test:

@@ -326,0 +367,0 @@