CLI safe guide
The CLI exists so operators and scripts can create controlled handoffs without putting secret values in command history, tickets, prompts, or CI logs.
01
Use interactive hidden prompt mode for manual text pushes. Avoid passing secrets as command arguments because shells, terminals, process lists, and CI systems can record them.
02
For automation, prefer stdin, environment references, files, or dotenv references resolved locally by the CLI. The CLI should encrypt locally and print only handoff metadata and links.
03
Team API keys authenticate automation and are separate from human login. Store them in local secret stores or CI secret managers, not in prompts, tickets, or public repositories.
04
Use JSON output for scripts, but treat links as sensitive metadata. Redact full links from logs unless the workflow explicitly requires a recipient handoff.
05
CI should use short TTLs, view limits, and request links where possible. Do not put secrets in build output, artifacts, failed test logs, or chat notifications.
06
CLI updates are explicit. There is no background updater. Release artifacts should be validated by checksum and tested with the CLI smoke before broad use.
No. Public guides never include secret identifiers, room ids, full private URLs, fragments, filenames, or payload-derived text.
No. It is product documentation for deployed boundaries. External audits, DPAs, SLAs, and certifications require separate evidence and review.
No. Shhhs support can help with billing and metadata-only support, but cannot decrypt or recover secret content.