npm - @agenttower/cli - Versions diffs - 0.1.1 → 0.3.1 - Mend

@agenttower/cli 0.1.1 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -1,7 +1,9 @@
 # @agenttower/cli — `atc`
 The Agent Tower CLI. Coordinate multiple coding agents working one repo: claim
-scope before editing, get inline conflict verdicts, and share a decision log.
+scope before editing, get inline conflict verdicts, share a decision log, and
+receive your **standing orders** at every checkin. Also the terminal for humans —
+`atc login` manages projects, tokens, and standing orders without the dashboard.
 ## Install
@@ -9,28 +11,53 @@ scope before editing, get inline conflict verdicts, and share a decision log.
 npm i -g @agenttower/cli
 ```
-## Configure
+## Wire a repo (fast path)
-Get a **frequency token** from the dashboard (https://app.agenttower.dev → your
-project → Mint token), then:
+```bash
+atc init          # scaffolds .mcp.json + the AGENTS.md compliance block + .gitignore
+```
+## Agent plane (frequency token)
+Get a **frequency token** (dashboard https://app.agenttower.dev → project →
+Mint token, or `atc tokens mint` after login), then:
 ```bash
 export ATC_TOKEN=atcf_…        # required
 # export ATC_API=…            # optional; defaults to the hosted prod API
 ```
-## Use
 ```bash
-atc checkin --task "refactor auth"   # contact the Tower, get your callsign + a brief
-atc brief                            # roster + claims + conflicts touching you + NOTAMs
+atc checkin --task "refactor auth"   # contact the Tower; the brief arrives with
+                                     # your standing orders first — follow them
+atc standing                         # your assigned standing orders, in full
+atc brief                            # roster + claims + conflicts + NOTAMs
 atc claim "src/auth/**"              # request scope; exit code 3 if it conflicts
 atc squawk "rewriting User model"    # status + heartbeat
-atc note "auth uses JWT, 15min TTL"  # write to the decision log (--pin to pin)
+atc note "auth uses JWT, 15min TTL"  # decision log (--pin to pin; note show <id> for full)
+atc standing propose handoff --body "…"  # propose a DRAFT standing order (a human assigns)
 atc clear ["src/auth/**"]            # release scope (all, or one glob)
 atc checkout                         # leave; releases your claims
 ```
-Session state lives in `.atc/` in the worktree (gitignore it). Add `--json` to any
-command for machine-readable output (useful in hooks). See the project docs for the
-full protocol.
+## Human plane (`atc login`)
+```bash
+atc login                            # opens the browser; approve; 30-day session
+atc whoami / atc logout
+atc projects [create "<name>"]
+atc tokens --project <p>             # list (shows each token's alignment)
+atc tokens mint --project <p> --label colby --orders relay-agent
+atc tokens align <tokenId> --orders a,b | --default
+atc standing ls|show|create|edit|rm|assign --project <p>
+```
+**Standing orders** are a per-project library of named instructions. Which orders
+an agent receives is decided by its token's **alignment** (`mint --orders`,
+realign anytime — it lands at the agent's next brief); unaligned tokens get the
+project default set (`atc standing assign`).
+Agent session state lives in `.atc/` in the worktree (gitignore it); your login
+session lives in `~/.config/atc/`. Add `--json` to any command for
+machine-readable output. Full protocol: https://app.agenttower.dev/docs

package/bin/atc.js CHANGED Viewed

File without changes

package/dist/human.js ADDED Viewed

@@ -0,0 +1,86 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadHuman = loadHuman;
+exports.saveHuman = saveHuman;
+exports.clearHuman = clearHuman;
+exports.humanApi = humanApi;
+exports.requireHuman = requireHuman;
+/**
+ * Human-plane session store for `atc login` / management commands.
+ * Stores the `atcu_` CLI session token at ~/.config/atc/session.json (chmod 0600).
+ * Deliberately separate from the agent session in .atc/session.json.
+ */
+const fs = __importStar(require("node:fs"));
+const os = __importStar(require("node:os"));
+const path = __importStar(require("node:path"));
+const client_1 = require("./client");
+const CONFIG_DIR = path.join(os.homedir(), '.config', 'atc');
+const SESSION_FILE = path.join(CONFIG_DIR, 'session.json');
+function loadHuman() {
+    try {
+        const raw = fs.readFileSync(SESSION_FILE, 'utf8');
+        const s = JSON.parse(raw);
+        if (typeof s?.token === 'string' && s.token)
+            return s;
+    }
+    catch {
+        /* missing or unreadable */
+    }
+    return null;
+}
+function saveHuman(session) {
+    fs.mkdirSync(CONFIG_DIR, { recursive: true });
+    fs.writeFileSync(SESSION_FILE, JSON.stringify(session, null, 2), { mode: 0o600 });
+}
+function clearHuman() {
+    try {
+        fs.rmSync(SESSION_FILE);
+    }
+    catch {
+        /* already gone */
+    }
+}
+/** Return an api() wrapper that uses the atcu_ token from the saved human session. */
+function humanApi(session, method, apiPath, body) {
+    return (0, client_1.api)({ api: session.api, token: session.token }, session.token, method, apiPath, body);
+}
+/** Fail with a friendly message if no human session exists. */
+function requireHuman(fail) {
+    const s = loadHuman();
+    if (!s)
+        fail("not logged in — run 'atc login'");
+    return s;
+}

package/dist/index.js CHANGED Viewed

@@ -1,13 +1,54 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 /**
  * atc — the Agent Tower CLI. Thin client of the hosted /v1 API.
  * Config: ATC_API + ATC_TOKEN (frequency token from the dashboard). See
  * docs/AGENT-INTERFACE.md. Exit codes: 0 ok · 1 usage/error · 2 unexpected · 3 conflict.
  */
+const fs = __importStar(require("node:fs"));
+const child_process = __importStar(require("node:child_process"));
 const client_1 = require("./client");
-const VERSION = '0.1.0';
-const COMMANDS = ['checkin', 'brief', 'squawk', 'claim', 'clear', 'note', 'notes', 'checkout', 'config'];
+const init_1 = require("./init");
+const human_1 = require("./human");
+const VERSION = '0.3.1';
+const COMMANDS = [
+    'init', 'checkin', 'brief', 'standing', 'squawk', 'claim', 'clear',
+    'note', 'notes', 'checkout', 'config',
+    'login', 'logout', 'whoami', 'projects', 'tokens',
+];
 function parseArgs(argv) {
     const positionals = [];
     const flags = {};
@@ -17,7 +58,7 @@ function parseArgs(argv) {
         if (a.startsWith('--')) {
             const key = a.slice(2);
             const next = argv[i + 1];
-            const boolFlags = ['pin', 'json'];
+            const boolFlags = ['pin', 'json', 'yes', 'manual', 'draft', 'activate', 'default', 'none', 'save-token'];
             if (boolFlags.includes(key)) {
                 flags[key] = true;
             }
@@ -65,16 +106,89 @@ function renderConflicts(conflicts) {
 function printHelp() {
     process.stdout.write(`atc ${VERSION} — Agent Tower CLI\n\n` +
         `Usage: atc <command> [args]\n\n` +
+        `Session commands (human login):\n` +
+        `  login    [--api <url>] [--dashboard <url>] [--manual]\n` +
+        `  logout\n` +
+        `  whoami\n\n` +
+        `Management commands (require atc login):\n` +
+        `  projects [create "<name>"]\n` +
+        `  tokens   --project <id|name>                  list tokens\n` +
+        `  tokens   mint --project <p> [--label l] [--orders a,b,c]\n` +
+        `  tokens   revoke <tokenId>\n` +
+        `  tokens   align <tokenId> --orders a,b,c | --default\n` +
+        `  standing ls     --project <p>\n` +
+        `  standing show   <ref> --project <p>\n` +
+        `  standing create <name> --project <p> (--body "…" | --file f) [--draft]\n` +
+        `  standing edit   <ref>  --project <p> (--body "…" | --file f) [--name n] [--activate|--draft]\n` +
+        `  standing rm     <ref>  --project <p>\n` +
+        `  standing assign --project <p> <name1,name2,…> | --none\n` +
+        `  standing propose <name> (--body "…" | --file f)   (agent plane, uses ATC_TOKEN)\n\n` +
+        `Agent commands (require ATC_API + ATC_TOKEN):\n` +
+        `  init     [--token <freq-token>] [--save-token] [--yes]  wire a project to Agent Tower\n` +
+        `           --save-token persists the token to .claude/settings.local.json (gitignored)\n` +
         `  checkin  [--task "..."] [--as <callsign>] [--cli <name>]\n` +
         `  brief\n` +
+        `  standing               print the frequency's standing orders in full\n` +
         `  squawk   "<status>" [--code working|blocked|review|mayday]\n` +
         `  claim    "<glob>"      (exit 3 if it conflicts)\n` +
         `  clear    ["<glob>"]    (omit glob to release all)\n` +
         `  note     "<body>" [--tag <t>]... [--pin] [--supersede <id>]\n` +
+        `  note     show <id>     full body of one NOTAM (briefs truncate)\n` +
         `  notes    [--tag <t>]   list the decision log\n` +
         `  checkout\n` +
         `  config\n\n` +
-        `Env: ATC_API, ATC_TOKEN. Add --json for raw output.\n`);
+        `Env: ATC_API, ATC_TOKEN, ATC_DASHBOARD. Add --json for raw output.\n`);
+}
+/** Try to open a URL in the default browser (best-effort, never throws). */
+function tryOpenBrowser(url) {
+    const cmds = {
+        darwin: ['open', [url]],
+        linux: ['xdg-open', [url]],
+        win32: ['cmd', ['/c', 'start', url]],
+    };
+    const entry = cmds[process.platform];
+    if (!entry)
+        return;
+    const [bin, args] = entry;
+    try {
+        child_process.spawn(bin, args, { detached: true, stdio: 'ignore' }).unref();
+    }
+    catch {
+        /* ignore */
+    }
+}
+/** Resolve a project ref (id or name) to an id via GET /v1/projects. */
+async function resolveProject(session, ref) {
+    if (ref.startsWith('prj_'))
+        return ref;
+    const r = await (0, human_1.humanApi)(session, 'GET', '/v1/projects');
+    if (!r.ok)
+        fail(r.body?.error ?? `could not list projects (${r.status})`);
+    const projects = r.body.projects ?? [];
+    const byId = projects.find((p) => p.id === ref);
+    if (byId)
+        return byId.id;
+    const matches = projects.filter((p) => p.name.toLowerCase() === ref.toLowerCase());
+    if (matches.length === 1)
+        return matches[0].id;
+    if (matches.length === 0)
+        fail(`no project named "${ref}"`);
+    fail(`ambiguous project name "${ref}" — matches: ${matches.map((p) => `${p.id} (${p.name})`).join(', ')}`);
+}
+/** Read body text from --body "…" or --file f flags. */
+function readBodyFlag(flags) {
+    if (typeof flags.body === 'string')
+        return flags.body;
+    if (typeof flags.file === 'string') {
+        try {
+            return fs.readFileSync(flags.file, 'utf8');
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            fail(`could not read file "${flags.file}": ${msg}`);
+        }
+    }
+    return undefined;
 }
 async function main(argv) {
     const [cmd, ...rest] = argv;
@@ -87,12 +201,336 @@ async function main(argv) {
     const { positionals, flags, tags } = parseArgs(rest);
     const json = flags.json === true;
     const cfg = (0, client_1.loadConfig)();
+    if (cmd === 'init') {
+        return (0, init_1.runInit)({
+            token: typeof flags.token === 'string' ? flags.token : undefined,
+            saveToken: flags['save-token'] === true,
+            yes: flags.yes === true,
+            json,
+        });
+    }
     if (cmd === 'config') {
         return out(json, `api: ${cfg.api || '(unset)'}\ntoken: ${cfg.token ? '(set)' : '(unset)'}`, {
             api: cfg.api || null,
             token: cfg.token ? 'set' : null,
         });
     }
+    // ---- Human-plane session commands ----
+    if (cmd === 'login') {
+        const apiBase = (typeof flags.api === 'string' ? flags.api : cfg.api || client_1.DEFAULT_API).replace(/\/$/, '');
+        const dashboardBase = (typeof flags.dashboard === 'string'
+            ? flags.dashboard
+            : process.env.ATC_DASHBOARD || 'https://app.agenttower.dev').replace(/\/$/, '');
+        const manual = flags.manual === true;
+        // Start the device flow
+        const startRes = await (0, client_1.api)({ api: apiBase, token: '' }, '', 'POST', '/v1/cli-auth/start').catch((err) => {
+            const msg = err instanceof Error ? err.message : String(err);
+            fail(`login failed: ${msg}`);
+        });
+        if (!startRes.ok) {
+            fail(startRes.body?.error ?? `login start failed (${startRes.status})`);
+        }
+        const { authId, pollSecret, expiresInSeconds } = startRes.body;
+        const verifyUrl = `${dashboardBase}/cli-auth?code=${authId}`;
+        process.stdout.write(`Open this URL to approve the login:\n  ${verifyUrl}\n`);
+        if (!manual) {
+            tryOpenBrowser(verifyUrl);
+        }
+        // Poll until approved or expired
+        const deadline = Date.now() + expiresInSeconds * 1000;
+        let approved = false;
+        let token = '';
+        let orgId = '';
+        process.stderr.write('Waiting for browser approval');
+        const interval = setInterval(() => process.stderr.write('.'), 2000);
+        const cleanup = () => {
+            clearInterval(interval);
+            process.stderr.write('\n');
+        };
+        // Handle Ctrl-C gracefully
+        process.on('SIGINT', () => {
+            cleanup();
+            process.stderr.write('atc: login cancelled\n');
+            process.exit(1);
+        });
+        while (Date.now() < deadline && !approved) {
+            await new Promise((r) => setTimeout(r, 2000));
+            try {
+                const pollRes = await (0, client_1.api)({ api: apiBase, token: '' }, '', 'GET', `/v1/cli-auth/${encodeURIComponent(authId)}?secret=${encodeURIComponent(pollSecret)}`);
+                if (pollRes.ok && pollRes.body?.status === 'approved') {
+                    approved = true;
+                    token = pollRes.body.token;
+                    orgId = pollRes.body.orgId;
+                }
+            }
+            catch {
+                /* transient network error — keep polling */
+            }
+        }
+        cleanup();
+        if (!approved) {
+            fail('login timed out — run atc login again');
+        }
+        // Fetch identity
+        let userId;
+        try {
+            const meRes = await (0, client_1.api)({ api: apiBase, token }, token, 'GET', '/v1/me');
+            if (meRes.ok) {
+                userId = meRes.body?.userId;
+                orgId = meRes.body?.orgId || orgId;
+            }
+        }
+        catch {
+            /* best-effort */
+        }
+        (0, human_1.saveHuman)({ api: apiBase, token, orgId, userId });
+        return out(json, `logged in as ${userId ?? '(unknown)'} (org ${orgId})`, { userId, orgId });
+    }
+    if (cmd === 'logout') {
+        const session = (0, human_1.loadHuman)();
+        if (session) {
+            try {
+                await (0, human_1.humanApi)(session, 'DELETE', '/v1/cli-auth/session');
+            }
+            catch {
+                /* best-effort */
+            }
+        }
+        (0, human_1.clearHuman)();
+        return out(json, 'logged out', { ok: true });
+    }
+    if (cmd === 'whoami') {
+        const session = (0, human_1.requireHuman)(fail);
+        const r = await (0, human_1.humanApi)(session, 'GET', '/v1/me');
+        if (!r.ok)
+            fail(r.body?.error ?? `whoami failed (${r.status})`);
+        return out(json, `userId: ${r.body.userId}\norgId:  ${r.body.orgId}\nrole:   ${r.body.orgRole ?? '(unknown)'}`, r.body);
+    }
+    if (cmd === 'projects') {
+        const session = (0, human_1.requireHuman)(fail);
+        const sub = positionals[0];
+        if (!sub || sub === 'list') {
+            const r = await (0, human_1.humanApi)(session, 'GET', '/v1/projects');
+            if (!r.ok)
+                fail(r.body?.error ?? `projects failed (${r.status})`);
+            const rows = (r.body.projects ?? []);
+            const human = rows.length
+                ? rows.map((p) => `${p.id}  ${p.name}  (${p.status})`).join('\n')
+                : '(no projects)';
+            return out(json, human, r.body);
+        }
+        if (sub === 'create') {
+            const name = positionals[1] ?? (typeof flags.name === 'string' ? flags.name : undefined);
+            if (!name)
+                fail('usage: atc projects create "<name>"');
+            const r = await (0, human_1.humanApi)(session, 'POST', '/v1/projects', { name });
+            if (!r.ok)
+                fail(r.body?.error ?? `projects create failed (${r.status})`);
+            return out(json, `created project ${r.body.id} — ${r.body.name}`, r.body);
+        }
+        fail(`unknown projects subcommand "${sub}"`);
+    }
+    if (cmd === 'tokens') {
+        const session = (0, human_1.requireHuman)(fail);
+        const sub = positionals[0];
+        if (!sub || sub === 'list') {
+            const projectRef = typeof flags.project === 'string' ? flags.project : undefined;
+            if (!projectRef)
+                fail('usage: atc tokens --project <id|name>');
+            const pid = await resolveProject(session, projectRef);
+            const r = await (0, human_1.humanApi)(session, 'GET', `/v1/projects/${encodeURIComponent(pid)}/tokens`);
+            if (!r.ok)
+                fail(r.body?.error ?? `tokens list failed (${r.status})`);
+            const rows = (r.body.tokens ?? []);
+            const human = rows.length
+                ? rows.map((t) => `${t.tokenId}  ${t.label ?? '(no label)'}  ${t.revoked ? '[revoked]' : '[active]'}  ${t.createdAt}`).join('\n')
+                : '(no tokens)';
+            return out(json, human, r.body);
+        }
+        if (sub === 'mint') {
+            const projectRef = typeof flags.project === 'string' ? flags.project : undefined;
+            if (!projectRef)
+                fail('usage: atc tokens mint --project <p> [--label l] [--orders a,b,c]');
+            const pid = await resolveProject(session, projectRef);
+            const label = typeof flags.label === 'string' ? flags.label : undefined;
+            const ordersRaw = typeof flags.orders === 'string' ? flags.orders : undefined;
+            const standingOrderIds = ordersRaw ? ordersRaw.split(',').map((s) => s.trim()).filter(Boolean) : undefined;
+            const r = await (0, human_1.humanApi)(session, 'POST', `/v1/projects/${encodeURIComponent(pid)}/tokens`, {
+                label,
+                standingOrderIds,
+            });
+            if (!r.ok)
+                fail(r.body?.error ?? `tokens mint failed (${r.status})`);
+            const body = r.body;
+            // Token shown ONCE — warning on stderr so --json stdout stays parseable.
+            process.stderr.write(`WARNING: copy this token now — it will not be shown again.\n`);
+            return out(json, `token: ${body.token}\nid:    ${body.tokenId}${body.label ? `\nlabel: ${body.label}` : ''}`, r.body);
+        }
+        if (sub === 'revoke') {
+            const tokenId = positionals[1];
+            if (!tokenId)
+                fail('usage: atc tokens revoke <tokenId>');
+            const r = await (0, human_1.humanApi)(session, 'DELETE', `/v1/tokens/${encodeURIComponent(tokenId)}`);
+            if (!r.ok)
+                fail(r.body?.error ?? `tokens revoke failed (${r.status})`);
+            return out(json, `revoked ${tokenId}`, r.body);
+        }
+        if (sub === 'align') {
+            const tokenId = positionals[1];
+            if (!tokenId)
+                fail('usage: atc tokens align <tokenId> --orders a,b,c | --default');
+            let orders;
+            if (flags.default === true) {
+                orders = null;
+            }
+            else {
+                const ordersRaw = typeof flags.orders === 'string' ? flags.orders : undefined;
+                if (!ordersRaw)
+                    fail('usage: atc tokens align <tokenId> --orders a,b,c | --default');
+                orders = ordersRaw.split(',').map((s) => s.trim()).filter(Boolean);
+            }
+            const r = await (0, human_1.humanApi)(session, 'PUT', `/v1/tokens/${encodeURIComponent(tokenId)}/standing`, { orders });
+            if (!r.ok)
+                fail(r.body?.error ?? `tokens align failed (${r.status})`);
+            return out(json, orders === null ? `${tokenId} → project default` : `${tokenId} → [${orders.join(', ')}]`, r.body);
+        }
+        fail(`unknown tokens subcommand "${sub}"`);
+    }
+    // ---- standing subcommands (management + agent) ----
+    if (cmd === 'standing') {
+        // No sub → agent plane read (existing behaviour; requires ATC_TOKEN session)
+        if (!positionals[0]) {
+            if (!cfg.api || !cfg.token) {
+                fail('ATC_API and ATC_TOKEN must be set (get a frequency token from the dashboard)');
+            }
+            const session = requireSession();
+            const tok = session.sessionToken;
+            const r = await (0, client_1.api)(cfg, tok, 'GET', '/v1/standing');
+            if (!r.ok)
+                fail(r.body?.error ?? `standing failed (${r.status})`, 2);
+            const s = r.body.standing;
+            return out(json, s
+                ? `standing orders (${s.source}): ${s.orders.map((o) => `${o.name} v${o.version}`).join(', ')}\n\n${s.body}`
+                : '(no standing orders assigned to this session)', r.body);
+        }
+        const sub = positionals[0];
+        // propose — agent plane: uses the existing repo session token
+        if (sub === 'propose') {
+            if (!cfg.api || !cfg.token) {
+                fail('ATC_API and ATC_TOKEN must be set (get a frequency token from the dashboard)');
+            }
+            const session = requireSession();
+            const tok = session.sessionToken;
+            const name = positionals[1];
+            if (!name)
+                fail('usage: atc standing propose <name> (--body "…" | --file f)');
+            const body = readBodyFlag(flags);
+            if (!body)
+                fail('usage: atc standing propose <name> (--body "…" | --file f)');
+            const r = await (0, client_1.api)(cfg, tok, 'POST', '/v1/standing-orders', { name, body });
+            if (!r.ok)
+                fail(r.body?.error ?? `standing propose failed (${r.status})`, 2);
+            const order = r.body.order ?? r.body;
+            return out(json, `draft ${order.id ?? order.orderId} proposed — a human can activate/assign it`, r.body);
+        }
+        // Management subcommands below all require human login
+        const humanSession = (0, human_1.requireHuman)(fail);
+        const projectRef = typeof flags.project === 'string' ? flags.project : undefined;
+        if (!projectRef && sub !== 'propose') {
+            fail('--project <id|name> is required for standing management commands');
+        }
+        const pid = projectRef ? await resolveProject(humanSession, projectRef) : '';
+        if (sub === 'ls') {
+            const r = await (0, human_1.humanApi)(humanSession, 'GET', `/v1/projects/${encodeURIComponent(pid)}/standing-orders`);
+            if (!r.ok)
+                fail(r.body?.error ?? `standing ls failed (${r.status})`);
+            const { orders, defaultAssignment } = r.body;
+            if (!orders.length)
+                return out(json, '(no standing orders)', r.body);
+            const human = orders
+                .map((o) => {
+                const marker = defaultAssignment.includes(o.id) ? ' [default]' : '';
+                return `${o.id}  ${o.name}  ${o.status}  v${o.version}  ${o.updatedAt}${marker}`;
+            })
+                .join('\n');
+            return out(json, human, r.body);
+        }
+        if (sub === 'show') {
+            const ref = positionals[1];
+            if (!ref)
+                fail('usage: atc standing show <ref> --project <p>');
+            const r = await (0, human_1.humanApi)(humanSession, 'GET', `/v1/projects/${encodeURIComponent(pid)}/standing-orders/${encodeURIComponent(ref)}`);
+            if (!r.ok)
+                fail(r.body?.error ?? `standing show failed (${r.status})`);
+            const { order, history } = r.body;
+            const histLine = history?.length
+                ? `\nhistory: ${history.map((h) => `v${h.version} (${h.updatedAt})`).join(', ')}`
+                : '';
+            return out(json, `[${order.id}] ${order.name}  ${order.status}  v${order.version}  ${order.updatedAt}${histLine}\n\n${order.body}`, r.body);
+        }
+        if (sub === 'create') {
+            const name = positionals[1];
+            if (!name)
+                fail('usage: atc standing create <name> --project <p> (--body "…" | --file f) [--draft]');
+            const body = readBodyFlag(flags);
+            if (!body)
+                fail('--body "…" or --file <path> is required');
+            const status = flags.draft === true ? 'draft' : 'active';
+            const r = await (0, human_1.humanApi)(humanSession, 'POST', `/v1/projects/${encodeURIComponent(pid)}/standing-orders`, {
+                name,
+                body,
+                status,
+            });
+            if (!r.ok)
+                fail(r.body?.error ?? `standing create failed (${r.status})`);
+            const order = r.body.order;
+            return out(json, `created ${order.id}  ${order.name}  ${order.status}`, r.body);
+        }
+        if (sub === 'edit') {
+            const ref = positionals[1];
+            if (!ref)
+                fail('usage: atc standing edit <ref> --project <p> (--body "…" | --file f) [--name n] [--activate|--draft]');
+            const body = readBodyFlag(flags);
+            const name = typeof flags.name === 'string' ? flags.name : undefined;
+            const status = flags.activate === true ? 'active' : flags.draft === true ? 'draft' : undefined;
+            if (!body && !name && !status) {
+                fail('standing edit requires at least one of --body/--file, --name, --activate, or --draft');
+            }
+            const r = await (0, human_1.humanApi)(humanSession, 'PUT', `/v1/projects/${encodeURIComponent(pid)}/standing-orders/${encodeURIComponent(ref)}`, { body, name, status });
+            if (!r.ok)
+                fail(r.body?.error ?? `standing edit failed (${r.status})`);
+            const order = r.body.order;
+            return out(json, `updated ${order.id}  ${order.name}  ${order.status}  v${order.version}`, r.body);
+        }
+        if (sub === 'rm') {
+            const ref = positionals[1];
+            if (!ref)
+                fail('usage: atc standing rm <ref> --project <p>');
+            const r = await (0, human_1.humanApi)(humanSession, 'DELETE', `/v1/projects/${encodeURIComponent(pid)}/standing-orders/${encodeURIComponent(ref)}`);
+            if (!r.ok)
+                fail(r.body?.error ?? `standing rm failed (${r.status})`);
+            return out(json, `deleted ${r.body.deleted ?? ref}`, r.body);
+        }
+        if (sub === 'assign') {
+            if (flags.none === true) {
+                const r = await (0, human_1.humanApi)(humanSession, 'PUT', `/v1/projects/${encodeURIComponent(pid)}/standing-assignment`, { orders: [] });
+                if (!r.ok)
+                    fail(r.body?.error ?? `standing assign failed (${r.status})`);
+                return out(json, 'default assignment cleared', r.body);
+            }
+            // positionals[1] is the comma-separated list, or could be positionals[1..n]
+            const ordersRaw = positionals.slice(1).join(',');
+            if (!ordersRaw)
+                fail('usage: atc standing assign --project <p> <name1,name2,…> | --none');
+            const orders = ordersRaw.split(',').map((s) => s.trim()).filter(Boolean);
+            const r = await (0, human_1.humanApi)(humanSession, 'PUT', `/v1/projects/${encodeURIComponent(pid)}/standing-assignment`, { orders });
+            if (!r.ok)
+                fail(r.body?.error ?? `standing assign failed (${r.status})`);
+            return out(json, `default assignment → [${(r.body.defaultAssignment ?? orders).join(', ')}]`, r.body);
+        }
+        fail(`unknown standing subcommand "${sub}"`);
+    }
+    // ---- Agent-plane commands: require ATC_API + ATC_TOKEN ----
     if (!cfg.api || !cfg.token) {
         fail('ATC_API and ATC_TOKEN must be set (get a frequency token from the dashboard)');
     }
@@ -109,7 +547,11 @@ async function main(argv) {
             fail(r.body?.error ?? `checkin failed (${r.status})`, 2);
         (0, client_1.saveSession)({ callsign: r.body.callsign, sessionToken: r.body.sessionToken, api: cfg.api });
         const c = r.body.brief?.counts ?? {};
-        return out(json, `checked in as ${r.body.callsign} · ${c.sessions ?? 0} on board, ${c.claims ?? 0} claims, ${c.notams ?? 0} notams`, r.body);
+        const so = r.body.brief?.standing;
+        const standing = so
+            ? `\n⚑ standing orders present (${(so.orders ?? []).map((o) => o.name).join(', ') || 'assigned'}) — read them: atc standing`
+            : '';
+        return out(json, `checked in as ${r.body.callsign} · ${c.sessions ?? 0} on board, ${c.claims ?? 0} claims, ${c.notams ?? 0} notams${standing}`, r.body);
     }
     const session = requireSession();
     const tok = session.sessionToken;
@@ -119,10 +561,18 @@ async function main(argv) {
             if (!r.ok)
                 fail(r.body?.error ?? `brief failed (${r.status})`, 2);
             const b = r.body;
-            const human = `roster: ${b.roster.map((x) => `${x.callsign}(${x.status})`).join(', ') || '(none)'}\n` +
-                `claims: ${b.claims.map((x) => `${x.callsign}:${x.glob}`).join(', ') || '(none)'}\n` +
+            const standingLine = b.standing
+                ? `standing orders (${b.standing.source}): ${b.standing.orders.map((o) => o.name).join(', ')}` +
+                    `${b.standing.truncated ? ' (truncated here — atc standing for full)' : ''}\n${b.standing.body}\n---\n`
+                : '';
+            const who = (x) => `${x.callsign}(${x.code ?? x.statusText ?? x.status ?? 'working'}${x.claimCount ? `, ${x.claimCount} claims` : ''})`;
+            const human = standingLine +
+                `roster: ${b.roster.map(who).join(', ') || '(none)'}\n` +
+                `claims: ${b.claims.map((x) => `${x.callsign}:${x.glob}`).join(', ') || '(none)'}` +
+                (b.counts.claims > b.claims.length ? ` (+${b.counts.claims - b.claims.length} more on board)` : '') +
+                `\n` +
                 renderConflicts(b.conflictsWithMine) +
-                `\nnotams: ${b.notams.length}/${b.counts.notams}`;
+                `\nnotams: ${b.notams.length} shown (pinned + recent; truncated bodies — 'atc note show <id>' for full)`;
             return out(json, human, b);
         }
         case 'squawk': {
@@ -154,9 +604,20 @@ async function main(argv) {
             return out(json, `cleared: ${(r.body.cleared ?? []).join(', ') || '(none)'}`, r.body);
         }
         case 'note': {
+            if (positionals[0] === 'show') {
+                const id = positionals[1];
+                if (!id)
+                    fail('usage: atc note show <id>');
+                const r = await (0, client_1.api)(cfg, tok, 'GET', `/v1/notams/${encodeURIComponent(id)}`);
+                if (!r.ok)
+                    fail(r.body?.error ?? `note show failed (${r.status})`, 2);
+                const n = r.body.notam;
+                return out(json, `${n.pinned ? '📌 ' : ''}[${n.id}] by ${n.author} at ${n.createdAt}` +
+                    `${n.tags?.length ? '  #' + n.tags.join(' #') : ''}${n.superseded ? '  (superseded)' : ''}\n${n.body}`, r.body);
+            }
             const body = positionals.join(' ');
             if (!body)
-                fail('usage: atc note "<body>" [--tag t] [--pin] [--supersede <id>]');
+                fail('usage: atc note "<body>" [--tag t] [--pin] [--supersede <id>] | atc note show <id>');
             const supersedes = typeof flags.supersede === 'string' ? flags.supersede : undefined;
             const r = await (0, client_1.api)(cfg, tok, 'POST', '/v1/notams', { body, tags, pinned: flags.pin === true, supersedes });
             if (!r.ok)

package/dist/init.js ADDED Viewed

@@ -0,0 +1,447 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runInit = runInit;
+/**
+ * atc init — wire a project to Agent Tower in one command.
+ *
+ * Steps (idempotent, fail-open per step):
+ *   1. Plan + confirm (unless --yes)
+ *   2. .mcp.json — create or merge agent-tower entry
+ *   3. AGENTS.md — append compliance block if absent
+ *   4. .gitignore — ensure .atc/ (and, with --save-token, the local settings file)
+ *   5. --save-token: persist ATC_TOKEN into .claude/settings.local.json (gitignored)
+ *   6. Checkin + brief if a frequency token is available
+ */
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+const readline = __importStar(require("node:readline"));
+const client_1 = require("./client");
+// ---------------------------------------------------------------------------
+// Embedded compliance block (adapted from templates/agent-tower.md).
+// The CLI ships standalone via npm and cannot read repo files at runtime.
+// ---------------------------------------------------------------------------
+const COMPLIANCE_BLOCK = `
+## Agent Tower coordination
+You are one of several agents working this repository. Coordinate through the
+**Agent Tower** so you don't collide with other agents' edits, duplicate work, or
+re-decide settled questions. Prefer the \`atc_*\` MCP tools; if they're unavailable,
+use the \`atc\` CLI (same actions).
+**At the start of a session:**
+- \`atc_checkin\` (state your task) — establishes your callsign.
+- \`atc_brief\` — read the roster, active claims, conflicts touching you, and NOTAMs
+  (the decision log) so you catch up on what's already been decided.
+- **Brief and checkin return this frequency's standing orders first — read and follow
+  them.** For the full text: \`atc standing\` / \`atc_standing\`.
+**Before editing any area:**
+- \`atc_claim "<glob>"\` (e.g. \`src/auth/**\`) **before** you start editing it.
+- If the response lists **conflicts**, another agent holds overlapping scope —
+  **do not edit.** \`atc_squawk\` with code \`blocked\` and surface it to the human.
+  If it can't be resolved, \`atc_squawk\` code \`mayday\` and stop.
+**As you work:**
+- \`atc_squawk "<what you're doing>"\` at checkpoints — it's also your heartbeat and
+  shows conflicts that have appeared on your claims.
+**When you settle a cross-cutting decision** (a contract, convention, TTL, etc.):
+- \`atc_note "<the decision>"\` so the next agent reads it in their brief. Pin
+  durable contracts.
+**When you finish / end the session:**
+- \`atc_clear\` to release scope you no longer need; \`atc_checkout\` on session end.
+Claims are **advisory** — the Tower detects and surfaces conflicts; it never blocks
+your edits. Respect them anyway: that's the whole point.
+<!-- CLI equivalents: atc checkin --task "…" · atc brief · atc claim "<glob>" ·
+     atc squawk "…" [--code blocked|mayday] · atc note "…" [--pin] · atc clear · atc checkout
+     Standing orders: atc standing -->
+`.trimStart();
+const COMPLIANCE_MARKER = '## Agent Tower coordination';
+// ---------------------------------------------------------------------------
+// MCP entry we always want present
+// ---------------------------------------------------------------------------
+const MCP_SERVER_KEY = 'agent-tower';
+const MCP_SERVER_ENTRY = {
+    command: 'npx',
+    args: ['-y', '@agenttower/mcp'],
+    env: {
+        ATC_API: '${ATC_API}',
+        ATC_TOKEN: '${ATC_TOKEN}',
+    },
+};
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function readText(file) {
+    try {
+        return fs.readFileSync(file, 'utf8');
+    }
+    catch {
+        return null;
+    }
+}
+function readJson(file) {
+    const text = readText(file);
+    if (!text)
+        return null;
+    try {
+        return JSON.parse(text);
+    }
+    catch {
+        return null;
+    }
+}
+/** Deep-equal check limited to what we need for the MCP entry. */
+function mcpEntryMatches(existing) {
+    if (!existing || typeof existing !== 'object')
+        return false;
+    const e = existing;
+    if (e.command !== 'npx')
+        return false;
+    const args = e.args;
+    if (!Array.isArray(args))
+        return false;
+    return args.includes('@agenttower/mcp');
+}
+async function confirm(question) {
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    return new Promise((resolve) => {
+        rl.question(question, (answer) => {
+            rl.close();
+            resolve(answer.trim().toLowerCase() === 'y');
+        });
+    });
+}
+function planMcp(cwd) {
+    const file = path.join(cwd, '.mcp.json');
+    const existing = readJson(file);
+    if (!existing) {
+        return {
+            action: 'created',
+            preview: `+ mcpServers["${MCP_SERVER_KEY}"] = { command: "npx", args: ["-y", "@agenttower/mcp"], env: {...} }`,
+        };
+    }
+    const servers = existing.mcpServers;
+    if (servers && mcpEntryMatches(servers[MCP_SERVER_KEY])) {
+        return { action: 'unchanged' };
+    }
+    return {
+        action: 'updated',
+        preview: `+ mcpServers["${MCP_SERVER_KEY}"] = { command: "npx", args: ["-y", "@agenttower/mcp"], env: {...} }`,
+    };
+}
+function applyMcp(cwd) {
+    const file = path.join(cwd, '.mcp.json');
+    const existing = readJson(file) ?? {};
+    const servers = existing.mcpServers ?? {};
+    servers[MCP_SERVER_KEY] = MCP_SERVER_ENTRY;
+    const updated = { ...existing, mcpServers: servers };
+    fs.writeFileSync(file, JSON.stringify(updated, null, 2) + '\n');
+}
+function planAgentsMd(cwd) {
+    const file = path.join(cwd, 'AGENTS.md');
+    const existing = readText(file);
+    if (existing && existing.includes(COMPLIANCE_MARKER)) {
+        return { action: 'unchanged' };
+    }
+    return {
+        action: existing ? 'updated' : 'created',
+        preview: `+ ## Agent Tower coordination\\n+ (compliance block, ~30 lines)`,
+    };
+}
+function applyAgentsMd(cwd) {
+    const file = path.join(cwd, 'AGENTS.md');
+    const existing = readText(file);
+    if (existing && existing.includes(COMPLIANCE_MARKER))
+        return; // idempotent guard
+    const separator = existing && !existing.endsWith('\n\n') ? '\n' : '';
+    const content = existing ? existing + separator + COMPLIANCE_BLOCK : COMPLIANCE_BLOCK;
+    fs.writeFileSync(file, content);
+}
+function planGitignore(cwd, needed) {
+    const file = path.join(cwd, '.gitignore');
+    const existing = readText(file);
+    if (existing) {
+        const lines = existing.split('\n').map((l) => l.trim());
+        const missing = needed.filter((n) => !lines.includes(n));
+        if (missing.length === 0)
+            return { action: 'unchanged' };
+        return { action: 'updated', preview: missing.map((m) => `+ ${m}`).join('  ') };
+    }
+    return { action: 'created', preview: needed.map((m) => `+ ${m}`).join('  ') };
+}
+function applyGitignore(cwd, needed) {
+    const file = path.join(cwd, '.gitignore');
+    const existing = readText(file);
+    const lines = (existing ?? '').split('\n').map((l) => l.trim());
+    const missing = needed.filter((n) => !lines.includes(n));
+    if (existing && missing.length === 0)
+        return; // idempotent guard
+    const base = existing ? (existing.endsWith('\n') ? existing : existing + '\n') : '';
+    fs.writeFileSync(file, base + missing.join('\n') + '\n');
+}
+// ---------------------------------------------------------------------------
+// --save-token: persist ATC_TOKEN into .claude/settings.local.json so this
+// repo's Claude Code sessions get their own frequency without a global export.
+// The file is local-only and we make sure it's gitignored above.
+// ---------------------------------------------------------------------------
+const SETTINGS_REL = path.join('.claude', 'settings.local.json');
+function planSettings(cwd, token) {
+    const file = path.join(cwd, SETTINGS_REL);
+    const existing = readJson(file);
+    const env = existing?.env ?? {};
+    const masked = `ATC_TOKEN=atcf_…${token.slice(-4)}`;
+    if (env.ATC_TOKEN === token)
+        return { action: 'unchanged' };
+    return { action: existing ? 'updated' : 'created', preview: `+ env.${masked}` };
+}
+function applySettings(cwd, token, apiUrl) {
+    const file = path.join(cwd, SETTINGS_REL);
+    const existing = readJson(file) ?? {};
+    const env = (existing.env ?? {});
+    env.ATC_TOKEN = token;
+    if (apiUrl)
+        env.ATC_API = apiUrl; // only when targeting a non-default API
+    fs.mkdirSync(path.dirname(file), { recursive: true });
+    fs.writeFileSync(file, JSON.stringify({ ...existing, env }, null, 2) + '\n', { mode: 0o600 });
+    try {
+        fs.chmodSync(file, 0o600);
+    }
+    catch {
+        /* best-effort on platforms without chmod */
+    }
+}
+async function runInit(args) {
+    const cwd = process.cwd();
+    const json = args.json === true;
+    const token = args.token || process.env.ATC_TOKEN || '';
+    if (args.saveToken && !token) {
+        process.stderr.write("atc: --save-token needs a token — pass --token <atcf_…> or set ATC_TOKEN\n");
+        process.exit(1);
+    }
+    // -------------------------------------------------------------------------
+    // Step 1: Plan
+    // -------------------------------------------------------------------------
+    const gitignoreLines = ['.atc/', ...(args.saveToken ? ['.claude/settings.local.json'] : [])];
+    const mcpPlan = planMcp(cwd);
+    const agentsPlan = planAgentsMd(cwd);
+    const gitignorePlan = planGitignore(cwd, gitignoreLines);
+    const settingsPlan = args.saveToken ? planSettings(cwd, token) : null;
+    const steps = [
+        { file: '.mcp.json', action: mcpPlan.action, preview: mcpPlan.preview },
+        { file: 'AGENTS.md', action: agentsPlan.action, preview: agentsPlan.preview },
+        { file: '.gitignore', action: gitignorePlan.action, preview: gitignorePlan.preview },
+        ...(settingsPlan
+            ? [{ file: SETTINGS_REL, action: settingsPlan.action, preview: settingsPlan.preview }]
+            : []),
+    ];
+    if (!json) {
+        process.stdout.write('atc init — changes planned:\n\n');
+        for (const s of steps) {
+            const icon = s.action === 'unchanged' ? '·' : s.action === 'created' ? '+' : '~';
+            process.stdout.write(`  ${icon} ${s.file.padEnd(14)} ${s.action}\n`);
+            if (s.preview && s.action !== 'unchanged') {
+                process.stdout.write(`    ${s.preview}\n`);
+            }
+        }
+        process.stdout.write('\n');
+    }
+    const anyChanges = steps.some((s) => s.action !== 'unchanged');
+    if (!args.yes) {
+        if (!anyChanges) {
+            if (!json)
+                process.stdout.write('All files already up to date. Nothing to do.\n');
+            else
+                process.stdout.write(JSON.stringify({ actions: steps, checkin: null }, null, 2) + '\n');
+            return;
+        }
+        // Ask on stdin only when changes would be made
+        const proceed = await confirm('Proceed? [y/N] ');
+        if (!proceed) {
+            if (!json)
+                process.stdout.write('Aborted.\n');
+            else
+                process.stdout.write(JSON.stringify({ actions: steps, checkin: null, aborted: true }, null, 2) + '\n');
+            return;
+        }
+    }
+    if (!anyChanges) {
+        if (!json)
+            process.stdout.write('All files already up to date. Nothing to do.\n');
+        else
+            process.stdout.write(JSON.stringify({ actions: steps, checkin: null }, null, 2) + '\n');
+        return;
+    }
+    // -------------------------------------------------------------------------
+    // Step 2: .mcp.json
+    // -------------------------------------------------------------------------
+    if (mcpPlan.action !== 'unchanged') {
+        try {
+            applyMcp(cwd);
+            if (!json)
+                process.stdout.write(`  wrote .mcp.json\n`);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            process.stderr.write(`atc: warning: could not write .mcp.json: ${msg}\n`);
+        }
+    }
+    // -------------------------------------------------------------------------
+    // Step 3: AGENTS.md
+    // -------------------------------------------------------------------------
+    if (agentsPlan.action !== 'unchanged') {
+        try {
+            applyAgentsMd(cwd);
+            if (!json)
+                process.stdout.write(`  wrote AGENTS.md\n`);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            process.stderr.write(`atc: warning: could not write AGENTS.md: ${msg}\n`);
+        }
+    }
+    // Note about CLAUDE.md if it exists but doesn't reference AGENTS.md
+    try {
+        const claudeMd = readText(path.join(cwd, 'CLAUDE.md'));
+        if (claudeMd !== null &&
+            !claudeMd.includes('@AGENTS.md') &&
+            !claudeMd.includes(COMPLIANCE_MARKER)) {
+            if (!json) {
+                process.stdout.write('\n  note: CLAUDE.md exists but does not include @AGENTS.md.\n' +
+                    '        Consider adding "@AGENTS.md" to CLAUDE.md so Claude Code picks up the block.\n\n');
+            }
+        }
+    }
+    catch {
+        // best-effort
+    }
+    // -------------------------------------------------------------------------
+    // Step 4: .gitignore
+    // -------------------------------------------------------------------------
+    if (gitignorePlan.action !== 'unchanged') {
+        try {
+            applyGitignore(cwd, gitignoreLines);
+            if (!json)
+                process.stdout.write(`  wrote .gitignore\n`);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            process.stderr.write(`atc: warning: could not write .gitignore: ${msg}\n`);
+        }
+    }
+    // -------------------------------------------------------------------------
+    // Step 5: --save-token → .claude/settings.local.json (gitignored above)
+    // -------------------------------------------------------------------------
+    if (settingsPlan && settingsPlan.action !== 'unchanged') {
+        try {
+            const cfgForApi = (0, client_1.loadConfig)();
+            const apiOverride = process.env.ATC_API ? cfgForApi.api : undefined;
+            applySettings(cwd, token, apiOverride);
+            if (!json)
+                process.stdout.write(`  wrote ${SETTINGS_REL} (token saved for this repo's sessions)\n`);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            process.stderr.write(`atc: warning: could not write ${SETTINGS_REL}: ${msg}\n`);
+        }
+    }
+    // -------------------------------------------------------------------------
+    // Step 6: Checkin + brief (fail-open)
+    // -------------------------------------------------------------------------
+    let checkinResult = null;
+    if (token) {
+        const cfg = (0, client_1.loadConfig)();
+        // If --token was passed, use it in-process only — never written to any file
+        const effectiveCfg = args.token ? { ...cfg, token: args.token } : cfg;
+        if (!json)
+            process.stdout.write('\nChecking in to Agent Tower...\n');
+        try {
+            const r = await (0, client_1.api)(effectiveCfg, effectiveCfg.token, 'POST', '/v1/sessions', {
+                workspaceId: (0, client_1.workspaceId)(),
+                cli: process.env.ATC_CLI || 'cli',
+                worktree: cwd,
+                branch: (0, client_1.currentBranch)(),
+                task: 'atc init',
+            });
+            if (r.ok) {
+                (0, client_1.saveSession)({ callsign: r.body.callsign, sessionToken: r.body.sessionToken, api: effectiveCfg.api });
+                const c = r.body.brief?.counts ?? {};
+                const so = r.body.brief?.standing;
+                const standing = so
+                    ? `\n⚑ standing orders present (${(so.orders ?? []).map((o) => o.name).join(', ') || 'assigned'}) — read them: atc standing`
+                    : '';
+                checkinResult = r.body;
+                if (!json) {
+                    process.stdout.write(`checked in as ${r.body.callsign} · ${c.sessions ?? 0} on board, ` +
+                        `${c.claims ?? 0} claims, ${c.notams ?? 0} notams${standing}\n`);
+                }
+            }
+            else {
+                const msg = r.body?.error ?? `checkin failed (${r.status})`;
+                process.stderr.write(`atc: warning: could not check in: ${msg}\n`);
+                if (!json) {
+                    process.stdout.write('\nNext steps:\n' +
+                        '  1. Set ATC_TOKEN to your frequency token (get one at https://app.agenttower.dev)\n' +
+                        '  2. Run: atc checkin\n');
+                }
+            }
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            process.stderr.write(`atc: warning: checkin failed (network error): ${msg}\n`);
+            if (!json) {
+                process.stdout.write('\nNext steps:\n' +
+                    '  1. Ensure ATC_API is reachable (default: https://api.agenttower.dev)\n' +
+                    '  2. Set ATC_TOKEN to your frequency token\n' +
+                    '  3. Run: atc checkin\n');
+            }
+        }
+    }
+    else {
+        if (!json) {
+            process.stdout.write('\nDone. To land on the board:\n' +
+                '  1. Get a frequency token at https://app.agenttower.dev\n' +
+                '  2. export ATC_TOKEN=<your-token>\n' +
+                '  3. Run: atc checkin\n');
+        }
+    }
+    if (json) {
+        process.stdout.write(JSON.stringify({ actions: steps, checkin: checkinResult }, null, 2) + '\n');
+    }
+}

package/package.json CHANGED Viewed

@@ -1,16 +1,38 @@
 {
   "name": "@agenttower/cli",
-  "version": "0.1.1",
+  "version": "0.3.1",
   "description": "atc — the Agent Tower CLI. Coordinate multiple coding agents on one repo (claims, conflicts, decision log).",
   "license": "MIT",
-  "repository": { "type": "git", "url": "https://github.com/manateeit/agent-tower.git", "directory": "cli" },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/manateeit/agent-tower.git",
+    "directory": "cli"
+  },
   "homepage": "https://app.agenttower.dev",
-  "keywords": ["agent-tower", "atc", "coding-agents", "coordination", "cli", "claude", "mcp"],
+  "keywords": [
+    "agent-tower",
+    "atc",
+    "coding-agents",
+    "coordination",
+    "cli",
+    "claude",
+    "mcp"
+  ],
   "type": "commonjs",
-  "bin": { "atc": "bin/atc.js" },
-  "files": ["bin", "dist", "README.md"],
-  "engines": { "node": ">=18" },
-  "publishConfig": { "access": "public" },
+  "bin": {
+    "atc": "bin/atc.js"
+  },
+  "files": [
+    "bin",
+    "dist",
+    "README.md"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
   "scripts": {
     "build": "tsc",
     "typecheck": "tsc --noEmit",