Skip to content

CRE: CLI 1.9.0 release #3616

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dev-dist merged 1 commit into from
Apr 2, 2026
Merged

CRE: CLI 1.9.0 release #3616

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions public/changelog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -398,6 +398,13 @@
}
},
"data": [
{
"category": "release",
"date": "2026-04-02",
"description": "CRE CLI version 1.9.0 is now available. This release adds browser-based OAuth (PKCE) for vault secrets operations — running `cre secrets create`, `cre secrets update`, `cre secrets delete`, or `cre secrets list` now opens your browser to authorize Vault DON access and submits your encrypted secrets automatically. It also adds a `--skip-type-checks` flag to `cre workflow build`, `cre workflow simulate`, `cre workflow deploy`, and `cre workflow hash` to skip TypeScript type checking for faster development iteration.\n\nUpdate your CLI by running `cre update` when prompted, or follow the [CLI Installation guide](https://docs.chain.link/cre/getting-started/cli-installation) for fresh installations.\n\n[See all changes on GitHub](https://github.com/smartcontractkit/cre-cli/compare/v1.8.0...v1.9.0)",
"title": "CRE CLI v1.9.0 — Vault Secrets OAuth and Skip Type Checks",
"topic": "CRE"
},
{
"category": "integration",
"date": "2026-03-29",
Expand Down Expand Up @@ -614,6 +621,13 @@
"title": "Self-Managed Data Feeds",
"topic": "Data Feeds"
},
{
"category": "release",
"date": "2026-03-27",
"description": "TypeScript SDK version 1.5.0 improves type checking accuracy and build reproducibility for TypeScript workflows. The SDK now runs type checks using your workflow's own `tsconfig.json` instead of its internal configuration, giving you more accurate, project-specific type errors. TypeScript workflow binaries are also now reproducible on the same OS, making it easier to verify build integrity across CI runs.\n\n[See all changes on GitHub](https://github.com/smartcontractkit/cre-sdk-typescript/compare/v1.4.0...v1.5.0)",
"title": "CRE TS SDK v1.5.0 — Workflow-Aware Type Checking and Reproducible Builds",
"topic": "CRE"
},
{
"category": "release",
"date": "2026-03-26",
Expand Down
80 changes: 59 additions & 21 deletions src/content/cre/llms-full-go.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -448,10 +448,33 @@ To help us assist you faster, please include:

# Release Notes
Source: https://docs.chain.link/cre/release-notes
Last Updated: 2026-03-26
Last Updated: 2026-04-02

This page provides detailed release notes for CRE. It includes information on new features, significant changes, and known limitations.

## CLI v1.9.0 - April 2, 2026

**<a href="https://github.com/smartcontractkit/cre-cli/releases/tag/v1.9.0" target="_blank">CRE CLI version 1.9.0</a> is now available.**

- **Browser-based OAuth for vault secrets**: `cre secrets create`, `cre secrets update`, `cre secrets delete`, and `cre secrets list` now use a browser-based OAuth (PKCE) flow to authorize Vault DON access. When you run a secrets operation, the CLI starts a local callback server, opens your browser to complete authorization, exchanges the code for a short-lived vault JWT, and submits your encrypted secrets directly to the Vault DON gateway — all automatically. Your existing CLI login session (`~/.cre/cre.yaml`) is not affected; the vault authorization uses a separate short-lived token. API key authentication is not supported for this flow; interactive login (`cre login`) is required. See [Secrets Management Commands](/cre/reference/cli/secrets) for details.
- **`--skip-type-checks` flag**: The `cre workflow build`, `cre workflow simulate`, `cre workflow deploy`, and `cre workflow hash` commands now accept a `--skip-type-checks` flag. When set, the CLI skips the TypeScript type-checking step during compilation. This can significantly speed up iteration in development, but should not be used for production builds where type safety is important. See [Workflow Commands](/cre/reference/cli/workflow) for the updated flag reference.

**How to update:**

- **Automatic update**: When you run any CRE command, the CLI will automatically detect if a newer version is available and prompt you to update. Simply run `cre update` to install the latest version.
- **Fresh installation**: If you're installing the CLI for the first time, follow the [CLI Installation guide](/cre/getting-started/cli-installation).

[See all changes on GitHub](https://github.com/smartcontractkit/cre-cli/compare/v1.8.0...v1.9.0)

## TS SDK v1.5.0 - March 27, 2026

**TypeScript SDK version 1.5.0** improves type checking accuracy and build reproducibility for TypeScript workflows.

- **Workflow-aware type checking**: The SDK now runs TypeScript type checks using your workflow's own `tsconfig.json` instead of its internal configuration. This gives you more accurate, project-specific type errors and lets you enforce your own strict settings during compilation.
- **Reproducible builds**: TypeScript workflow binaries are now reproducible on the same OS, making it easier to verify build integrity across CI runs and environments.

[See all changes on GitHub](https://github.com/smartcontractkit/cre-sdk-typescript/compare/v1.4.0...v1.5.0)

## CLI v1.8.0 - March 26, 2026

**<a href="https://github.com/smartcontractkit/cre-cli/releases/tag/v1.8.0" target="_blank">CRE CLI version 1.8.0</a> is now available.**
Expand Down Expand Up @@ -8535,7 +8558,7 @@ When you run this command, the CLI will:

# Workflow Commands
Source: https://docs.chain.link/cre/reference/cli/workflow
Last Updated: 2026-03-17
Last Updated: 2026-04-02

The `cre workflow` commands manage workflows throughout their entire lifecycle, from local testing to deployment and ongoing management.

Expand All @@ -8555,9 +8578,10 @@ cre workflow build <workflow-folder-path> [flags]

**Flags:**

| Flag | Description |
| -------------- | ---------------------------------------------------------------------------------------- |
| `-o, --output` | Output file path for the compiled WASM binary (default: `<workflow-folder>/binary.wasm`) |
| Flag | Description |
| -------------------- | --------------------------------------------------------------------------------------------------------------------------- |
| `-o, --output` | Output file path for the compiled WASM binary (default: `<workflow-folder>/binary.wasm`) |
| `--skip-type-checks` | Skip TypeScript type checking during compilation. Speeds up iteration in development; not recommended for production builds |

**Example:**

Expand Down Expand Up @@ -8612,6 +8636,7 @@ cre workflow simulate <workflow-name-or-path> [flags]
| `--evm-tx-hash <string>` | Transaction hash (`0x...`) containing the event that triggered your workflow. For EVM log triggers only |
| `--evm-event-index <int>` | Which log/event within the transaction to use (0-based position). If the transaction emitted multiple events, `0` is the first, `1` is the second, etc. For EVM log triggers only |
| `--limits <string>` | Production limits to enforce during simulation: `default` (embedded prod limits), a path to a limits JSON file (e.g. from `cre workflow limits export`), or `none` to disable. See [Testing Production Limits](/cre/guides/operations/understanding-limits) (default: `default`) |
| `--skip-type-checks` | Skip TypeScript type checking during compilation. Speeds up iteration in development; not recommended for production builds |

**Examples:**

Expand Down Expand Up @@ -8676,14 +8701,15 @@ cre workflow deploy <workflow-name-or-path> [flags]

**Flags:**

| Flag | Description |
| -------------- | ----------------------------------------------------------------------------------------------------------------------------- |
| `-o, --output` | Output file for the compiled WASM binary encoded in base64 (default: `"./binary.wasm.br.b64"`) |
| `--wasm` | Path to a pre-built WASM binary (skips compilation). Use with [`cre workflow build`](#cre-workflow-build) for CI/CD pipelines |
| `--config` | Override the config file path from `workflow.yaml` |
| `--no-config` | Deploy without a config file |
| `--unsigned` | Return the raw transaction instead of sending it to the network |
| `--yes` | Skip the confirmation prompt and proceed with the operation |
| Flag | Description |
| -------------------- | ----------------------------------------------------------------------------------------------------------------------------- |
| `-o, --output` | Output file for the compiled WASM binary encoded in base64 (default: `"./binary.wasm.br.b64"`) |
| `--wasm` | Path to a pre-built WASM binary (skips compilation). Use with [`cre workflow build`](#cre-workflow-build) for CI/CD pipelines |
| `--config` | Override the config file path from `workflow.yaml` |
| `--no-config` | Deploy without a config file |
| `--unsigned` | Return the raw transaction instead of sending it to the network |
| `--yes` | Skip the confirmation prompt and proceed with the operation |
| `--skip-type-checks` | Skip TypeScript type checking during compilation. Speeds up iteration in development; not recommended for production builds |

**Examples:**

Expand Down Expand Up @@ -8886,12 +8912,13 @@ cre workflow hash <workflow-folder-path> [flags]

**Flags:**

| Flag | Description |
| -------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--public_key` | Owner address to use when computing the workflow hash. Required when `CRE_ETH_PRIVATE_KEY` is not set and no `workflow-owner-address` is configured in your settings |
| `--wasm` | Path or URL to a pre-built WASM binary (skips compilation) |
| `--config` | Override the config file path from `workflow.yaml` |
| `--no-config` | Compute hash without a config file |
| Flag | Description |
| -------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `--public_key` | Owner address to use when computing the workflow hash. Required when `CRE_ETH_PRIVATE_KEY` is not set and no `workflow-owner-address` is configured in your settings |
| `--wasm` | Path or URL to a pre-built WASM binary (skips compilation) |
| `--config` | Override the config file path from `workflow.yaml` |
| `--no-config` | Compute hash without a config file |
| `--skip-type-checks` | Skip TypeScript type checking during compilation. Speeds up iteration in development; not recommended for production builds |


<Aside type="note" title="Owner address required">
Expand Down Expand Up @@ -8989,7 +9016,7 @@ The typical workflow lifecycle uses these commands in sequence:

# Secrets Management Commands
Source: https://docs.chain.link/cre/reference/cli/secrets
Last Updated: 2026-03-26
Last Updated: 2026-04-02

<Aside type="note" title="Authentication required">
Running the commands on this page requires you to be logged in with the CRE CLI. Run `cre whoami` in your terminal to
Expand All @@ -8999,13 +9026,24 @@ Last Updated: 2026-03-26

The `cre secrets` commands manage secrets stored in the Vault DON (Decentralized Oracle Network) for deployed workflows. These commands allow you to create, update, delete, and list secrets that your workflows can access at runtime.

## Authorization flow

Starting with CLI v1.9.0, secrets operations use a **browser-based OAuth (PKCE) flow** to authorize Vault DON access:

1. You run a `cre secrets` command (e.g., `cre secrets create my-secrets.yaml`).
2. The CLI starts a local callback server and opens your browser to a Vault authorization URL.
3. You authenticate in the browser. When complete, the browser redirects back to the local callback.
4. The CLI exchanges the authorization code for a short-lived vault JWT and submits your encrypted secrets directly to the Vault DON gateway (CLI v1.8.2+).

Your existing CLI login session (`~/.cre/cre.yaml`) is **not** affected — the vault authorization uses a separate short-lived token. **API key authentication is not supported** for this flow; you must be logged in with `cre login`.

## Namespaces

Secrets are organized into **namespaces**, which act as logical groupings (e.g., `"main"`, `"staging"`, `"production"`). All secrets are stored in the `"main"` namespace by default. Currently, `create`, `update`, and `delete` commands only support the default namespace. Custom namespace support may be added in future CLI versions.


<Aside type="note" title="Prerequisites">
- You must be logged in with `cre login`
- You must be logged in with `cre login` (interactive login required; API keys are not supported for secrets operations)
- Your `workflow-owner-address` must be configured in your project
- **Production CRE:** only **linked workflow owner** vault authorization is supported for these commands. See ([Using Secrets with Deployed Workflows](/cre/guides/workflow/secrets/using-secrets-deployed))
- For comprehensive guides on using secrets, see [Managing Secrets](/cre/guides/workflow/secrets)
Expand Down
Loading
Loading