Merged
Conversation
Adds a one-key path from the SuperShell TUI to a KeeperPAM connection for pamMachine and pamDatabase records. * `is_launchable(params, record_uid)` and `get_launch_info(...)` exposed as module-level helpers in `pam_launch/launch.py` so the TUI and CLI share the same eligibility/protocol logic without duplicating it. * SuperShell `L` keybinding suspends the Textual app, runs `PAMLaunchCommand` in the released terminal, and resumes the TUI when the session ends. `CommandError` failures show a clean message; other exceptions still log a traceback. Both pause for Enter so the user sees the message before the TUI redraws. * Detail view for pamMachine/pamDatabase strips the noisy `pamHostname`, `pamSettings`, `trafficEncryptionSeed`, and `checkbox:*` fields (multi-line dict continuations included via brace counting). JSON view is unchanged. * New "Launch" section rendered after the Title shows protocol, host, credential, and a visual "Press L to Launch <PROTOCOL>" button. `(prompted at launch)` placeholders cover `allowSupplyHost` / `allowSupplyUser` records that have no static value. * `pam launch` now prompts for `host:port` instead of erroring when `allowSupplyHost: True`, no `--host` is given, and the record has no static hostname. Up to 3 retries on bad input with the expected format shown in the prompt; non-TTY behavior preserved. * Help modal lists the new `L` action.
When `keeper login` runs from the system shell (batch mode), the hint to change the data center previously suggested `login --server <region>` which dispatches to macOS/Linux `login(1)` instead of Commander. The hint now reads `keeper login --server <region>` in batch mode and keeps `login --server <region>` for the interactive Keeper shell.
sk-keeper
approved these changes
May 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
L) from the SuperShell TUI to a KeeperPAM terminal session forpamMachineandpamDatabaserecords, suspending Textual while the session is live.pamHostname/pamSettings/trafficEncryptionSeed/checkbox:*fields and replaces them with a parsed Launch section showing protocol, host, credential, and a visual "Press L to Launch " button. JSON view is unchanged.pam launchinteractive whenallowSupplyHost: Trueand the record has no static hostname — prompts forhost:portinstead of erroring out, with retries and the format spelled out in the prompt.Use login --server <region>hint thatkeeper loginprints in batch mode (it was dispatching tologin(1)instead ofkeeper).Notable design choices
is_launchable()andget_launch_info()are now module-level helpers inpam_launch/launch.pyso the TUI and the CLI share eligibility logic. Both read only cached vault data — safe for SuperShell's render path (no API calls during init/sync).App.suspend()to release the terminal during launch, then resumes after the session ends.CommandErroris caught and shown without a traceback; generic exceptions still log with traceback. Both pause for Enter so the user sees the message before the TUI redraws.pamSettings) are stripped from Detail view via brace-counting in_strip_pam_internal_fields, so continuation lines don't leak through.Lfollows the existing capital-letter action convention (P,W,D); lowercaselis taken by vim cursor-right.Test plan
keeper supershell— pamMachine record with static host + userRecords (image Make loading of a record from data into a utility function #1 in design discussion): Detail panel shows Launch section with resolved host:port and credential title; pressingLconnects.allowSupplyHost: Trueand no hostname: Launch section showsHost: (prompted at launch); pressingLprompts forhost:portwith the format hint, accepts a valid value, and connects. Bad input (e.g.127.0.0.1with no port) re-prompts with the validation error in red rather than crashing.allowSupplyUser: Trueplus a static credential: Launch section showsCredential: <title> (or supplied at launch).Lhint in shortcuts bar; pressingLshows "This record is not launchable".ttoggle) on a pamMachine: still shows fullpamSettings/pamHostnameraw — only Detail view is filtered.keeper pam launch <uid>fromkeeper shell(no SuperShell): existing CLI behavior unchanged for records with static hostnames.keeper loginfrom system shell (batch mode): hint readskeeper login --server <region>. Insidekeeper shell: hint readslogin --server <region>.?in SuperShell: Help modal lists the newLshortcut under Actions.