apunkt/plano
1
0
Fork 0
mirror of https://github.com/katanemo/plano.git synced 2026-05-03 21:02:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
plano/cli
History
Adil Hafeez 1df43872a6
Fix code scanning and dependabot security alerts (#756) 
* Fix code scanning and dependabot security alerts

Code scanning fixes (14 alerts):
- Fix XSS in OG image route by validating request origin against allowlist
- Fix incomplete URL sanitization in blog layout using exact hostname matching
- Bind port-check socket to 127.0.0.1 instead of 0.0.0.0
- Add explicit permissions to 7 GitHub Actions workflows

Dependabot fixes:
- Update @isaacs/brace-expansion 5.0.0 -> 5.0.1 (CVE-2026-25547)
- Update bytes 1.10.1 -> 1.11.1 (CVE-2026-25541)
- Update time 0.3.41 -> 0.3.47 (CVE-2026-25727)
- Update cryptography 45.0.7 -> 46.0.5 (CVE-2026-26007)
- Update python-multipart 0.0.20 -> 0.0.22 (CVE-2026-24486)
- Update urllib3 2.6.2 -> 2.6.3 in test lockfiles (CVE-2026-21441)
- Update Werkzeug 3.1.4 -> 3.1.5 (CVE-2026-21860)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Address PR review feedback

- Replace plano.katanemo.com with planoai.dev in allowed hosts
- Add planoai.dev to OG route and blog layout allowlists
- Revert socket bind to 0.0.0.0 (intentional for port-in-use check)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 12:27:07 -08:00
..
planoai Fix code scanning and dependabot security alerts (#756) 2026-02-14 12:27:07 -08:00
test Rename all arch references to plano (#745) 2026-02-13 15:16:56 -08:00
build_cli.sh use uv instead of poetry (#663) 2025-12-26 11:21:42 -08:00
pyproject.toml Add Trivy Docker security scan to CI (#755) 2026-02-13 19:53:49 -08:00
README.md add instructions about uv build/sync in cli (#675) 2026-01-05 13:46:58 -08:00
uv.lock Add Trivy Docker security scan to CI (#755) 2026-02-13 19:53:49 -08:00

README.md

plano CLI - Local Development

This guide will walk you through setting up the plano CLI for local development using uv.

Install uv

First, install the uv package manager. This is required for managing dependencies and running the development version of planoai.

On macOS and Linux:

curl -LsSf https://astral.sh/uv/install.sh | sh

On Windows:

powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"

Setup

  1. Install dependencies

    In the cli directory, run:

    uv sync

    This will create a virtual environment in .venv and install all dependencies from pyproject.toml.

  2. Install the CLI tool globally (optional)

    To install planoai as a global tool on your system:

    uv tool install --editable .

    This installs planoai globally in editable mode, allowing you to run planoai commands from anywhere while still using the source code from this directory. Any changes you make to the code will be reflected immediately.

  3. Run plano commands

    Use uv run to execute plano commands with the development version:

    uv run planoai build

    Or, if you installed globally with uv tool install .:

    planoai build

    Note: uv run automatically uses the virtual environment - no activation needed.

Development Workflow

Build plano:

uv run planoai build

View logs:

uv run planoai logs --follow

Run other plano commands:

uv run planoai <command> [options]

Optional: Manual Virtual Environment Activation

While uv run handles the virtual environment automatically, you can activate it manually if needed:

source .venv/bin/activate
planoai build  # No need for 'uv run' when activated

Note: For end-user installation instructions, see the plano documentation.