Add function secrets commands

[giordano-lucas]

Summary

• add notte function secrets / notte functions secrets commands for list, get, set, and delete
• wire function secrets to /secrets with function_env namespace
• add unit coverage for request methods, query params, and request body namespace
• add integration lifecycle coverage for set/get/list/delete

Tests

• go test ./internal/cmd ./internal/testutil
• go test ./...
• NOTTE_API_KEY=dummy go test -tags integration ./tests/integration -run '^$'\n- go run ./cmd/notte function secrets --help\n\nNote: live integration test was not run locally because no real NOTTE_API_KEY was available in this shell.

[giordano-lucas]

Live integration verification now run with env from ~/Desktop/projects/anything-api/.env + .env.anything-start against https://us-dev.notte.cc:

go test -tags integration ./tests/integration -run TestFunctionSecretsLifecycle -count=1 -v

Result: passed.

[greptile-apps]

Greptile Summary

This PR adds notte function secrets (aliased from functions secrets) subcommands — list, get, set, and delete — wiring them to the /secrets API endpoint with the function_env namespace. It also enhances the mock HTTP server to capture query strings and request bodies, enabling richer unit-test assertions.

• New subcommands cover the full CRUD lifecycle; all four are covered by both unit tests (verifying HTTP method, query params, and request-body namespace) and an integration test with proper deferred cleanup.
• The httpserver.go changes correctly buffer and restore r.Body so the HTTP handler can still read it after the body is recorded.
• A --value flag is provided as an alternative to the positional value argument for set; the validation logic allows explicitly storing an empty secret via --value "" while rejecting a bare empty positional argument.

Confidence Score: 5/5

The change is self-contained new functionality with no modifications to existing command paths, making it safe to merge.

All four new commands follow the same established pattern as the rest of the file, the API types are used correctly (namespace pointer for list, value type for get), the mock server body-buffering fix is correct, and both unit and integration test coverage are present. The only note is a minor UX inconsistency where passing both a positional argument and --value silently drops the flag value.

No files require special attention.

Important Files Changed

Filename	Overview
internal/cmd/functions.go	Adds four function-secrets subcommands (list/get/set/delete) wired to /secrets with function_env namespace; logic, validation, and flag wiring are correct
internal/cmd/functions_test.go	Adds unit tests for all four secrets operations; correctly saves/restores global state, verifies HTTP method, query params, and request body namespace
internal/testutil/httpserver.go	Extends RecordedRequest with Query and Body fields; body is correctly buffered and restored so the HTTP handler can still read it after recording
tests/integration/functions_test.go	Adds full set/get/list/delete lifecycle integration test with proper deferred cleanup and unique timestamped secret names

Prompt To Fix All With AI

Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
internal/cmd/functions.go:937-943
When both a positional argument and the `--value` flag are provided simultaneously (e.g. `set NAME positional --value flag`), the positional argument silently wins because `value = args[1]` overwrites `functionSecretValue` without any warning. A user who sets `--value flag` would be silently ignored, which is surprising. Consider returning an error when both are provided.

```suggestion
	value := functionSecretValue
	if len(args) == 2 {
		if cmd.Flags().Changed("value") {
			return fmt.Errorf("secret value is ambiguous: do not provide both a positional argument and --value")
		}
		value = args[1]
	}
	if value == "" && !cmd.Flags().Changed("value") {
		return fmt.Errorf("secret value required: pass it as an argument or with --value")
	}
```

_{Reviews (2): Last reviewed commit: "Add function secrets commands" | Re-trigger Greptile}