@arbiterai/cli 0.1.0 → 0.1.1

package/dist/index.js

@@ -31,7 +31,7 @@ var require_package = __commonJS({
   "package.json"(exports2, module2) {
     module2.exports = {
       name: "@arbiterai/cli",
-      version: "0.1.0",
+      version: "0.1.1",
       description: "Official CLI for Arbiter \u2014 the developer-first MCP gateway",
       license: "MIT",
       keywords: [
@@ -305,9 +305,6 @@ function printError(msg) {
   console.error(import_chalk.default.red("\u2717") + "  " + msg);
   process.exit(1);
 }
-function printWarning(msg) {
-  console.warn(import_chalk.default.yellow("\u26A0") + "  " + msg);
-}
 
 // src/commands/login.ts
 function registerLogin(program2) {
@@ -502,6 +499,44 @@ function registerAgentCommands(program2) {
   registerAgentDelete(agentCmd);
 }
 
+// src/commands/mcp-servers/list.ts
+function registerMcpServersList(mcpServersCmd) {
+  mcpServersCmd.command("list").description("List registered MCP servers").option("--json", "Output raw JSON").action(async (opts) => {
+    requireAuth();
+    let page;
+    try {
+      page = await get("/api/v1/mcp-servers", { skip: 0, limit: 200 });
+    } catch (err) {
+      if (err instanceof ApiError) {
+        printError(`API error: ${err.detail}`);
+      }
+      throw err;
+    }
+    if (opts.json) {
+      console.log(JSON.stringify(page, null, 2));
+      return;
+    }
+    if (page.items.length === 0) {
+      printTable(["Name", "Base URL", "Cache", "Active"], []);
+      console.log("No MCP servers registered.");
+      return;
+    }
+    const rows = page.items.map((s) => [
+      s.name,
+      s.base_url,
+      s.cache_enabled ? "yes" : "no",
+      s.is_active ? "yes" : "no"
+    ]);
+    printTable(["Name", "Base URL", "Cache", "Active"], rows);
+  });
+}
+
+// src/commands/mcp-servers/index.ts
+function registerMcpServersCommands(program2) {
+  const mcpServersCmd = program2.command("mcp-servers").description("Manage registered MCP servers");
+  registerMcpServersList(mcpServersCmd);
+}
+
 // src/commands/permissions/grant.ts
 function registerPermissionsGrant(permissionsCmd) {
   permissionsCmd.command("grant").description("Grant a tool permission to an agent").requiredOption("--agent <id>", "Agent ID").requiredOption("--tool <tool>", "Tool name (e.g. read_file, or * for all tools)").requiredOption("--server <name>", "MCP server name").option("--json", "Output raw JSON").action(async (opts) => {
@@ -578,57 +613,116 @@ function formatDate2(iso) {
   return d.toISOString().replace("T", " ").slice(0, 16);
 }
 
+// src/commands/permissions/revoke.ts
+function registerPermissionsRevoke(permissionsCmd) {
+  permissionsCmd.command("revoke").description("Revoke a tool permission from an agent").requiredOption("--agent <id>", "Agent ID").requiredOption("--tool <tool>", "Tool name (e.g. read_file, or * for wildcard)").requiredOption("--server <name>", "MCP server name").action(async (opts) => {
+    requireAuth();
+    const serverPage = await get("/api/v1/mcp-servers", { skip: 0, limit: 200 });
+    const server = serverPage.items.find(
+      (s) => s.name.toLowerCase() === opts.server.toLowerCase()
+    );
+    if (!server) {
+      printError(`MCP server '${opts.server}' not found.`);
+    }
+    let page;
+    try {
+      page = await get(`/api/v1/agents/${opts.agent}/permissions`);
+    } catch (err) {
+      if (err instanceof ApiError && err.status === 404) {
+        printError("Agent not found.");
+      }
+      throw err;
+    }
+    const permission = page.items.find(
+      (p) => p.mcp_server_id === server.id && p.tool_name === opts.tool
+    );
+    if (!permission) {
+      printError(`No permission found for tool '${opts.tool}' on server '${opts.server}'.`);
+    }
+    try {
+      await del(`/api/v1/agents/${opts.agent}/permissions/${permission.id}`);
+    } catch (err) {
+      if (err instanceof ApiError) {
+        printError(`API error: ${err.detail}`);
+      }
+      throw err;
+    }
+    printSuccess(`Permission revoked: ${opts.agent} \u2192 ${opts.server}/${opts.tool}`);
+  });
+}
+
 // src/commands/permissions/index.ts
 function registerPermissionsCommands(program2) {
   const permissionsCmd = program2.command("permissions").description("Manage agent tool permissions");
   registerPermissionsGrant(permissionsCmd);
   registerPermissionsList(permissionsCmd);
+  registerPermissionsRevoke(permissionsCmd);
 }
 
 // src/commands/vault/set.ts
+var readline2 = __toESM(require("readline"));
 var SECRET_NAME_RE = /^[A-Za-z0-9_]+$/;
+function promptSecret(prompt) {
+  return new Promise((resolve) => {
+    const rl = readline2.createInterface({ input: process.stdin, output: process.stdout });
+    process.stdout.write(prompt);
+    rl.output.write = () => true;
+    rl.question("", (answer) => {
+      rl.close();
+      process.stdout.write("\n");
+      resolve(answer);
+    });
+  });
+}
 function registerVaultSet(vaultCmd) {
-  vaultCmd.command("set").description("Store a secret in the vault").requiredOption("--agent <id>", "Agent ID to scope the secret to").requiredOption("--key <key>", "Secret key name (e.g. OPENAI_API_KEY)").requiredOption("--value <value>", "Secret value").option("--json", "Output raw JSON").action(async (opts) => {
-    requireAuth();
-    if (!SECRET_NAME_RE.test(opts.key)) {
-      printError(
-        "Secret key must contain only letters, numbers, and underscores (A-Za-z0-9_)."
-      );
-    }
-    if (process.stdout.isTTY) {
-      printWarning(
-        "Secret value provided via --value flag will appear in shell history."
-      );
-      console.warn(
-        `   Consider using: read -s VAL && arbiter vault set --agent ${opts.agent} --key ${opts.key} --value "$VAL"`
-      );
-      console.warn("");
-    }
-    let secret;
-    try {
-      secret = await post("/api/v1/vault/secrets", {
-        name: opts.key,
-        value: opts.value,
-        agent_id: opts.agent
-      });
-    } catch (err) {
-      if (err instanceof ApiError) {
-        if (err.status === 404) {
-          printError("Agent not found.");
-        }
-        if (err.status === 402) {
-          printError("Plan limit reached. Upgrade at https://arbiterai.dev/pricing");
+  vaultCmd.command("set").description("Store a secret in the vault").option("--agent <id>", "Agent ID to scope the secret to (omit for org-level secrets)").requiredOption("--key <key>", "Secret key name (e.g. OPENAI_API_KEY)").option(
+    "--value <value>",
+    "Secret value (omit to be prompted with masked input \u2014 keeps value out of ps aux)"
+  ).option("--json", "Output raw JSON").action(
+    async (opts) => {
+      requireAuth();
+      if (!SECRET_NAME_RE.test(opts.key)) {
+        printError(
+          "Secret key must contain only letters, numbers, and underscores (A-Za-z0-9_)."
+        );
+      }
+      let secretValue;
+      if (opts.value !== void 0) {
+        secretValue = opts.value;
+      } else if (process.stdin.isTTY) {
+        secretValue = await promptSecret(`Secret value for ${opts.key}: `);
+        if (!secretValue) printError("Secret value cannot be empty.");
+      } else {
+        secretValue = await new Promise((resolve) => {
+          let data = "";
+          process.stdin.on("data", (chunk) => data += chunk);
+          process.stdin.on("end", () => resolve(data.trim()));
+        });
+      }
+      let secret;
+      try {
+        secret = await post("/api/v1/vault/secrets", {
+          name: opts.key,
+          value: secretValue,
+          agent_id: opts.agent ?? null
+        });
+      } catch (err) {
+        if (err instanceof ApiError) {
+          if (err.status === 404) printError("Agent not found.");
+          if (err.status === 402)
+            printError("Plan limit reached. Upgrade at https://arbiterai.dev/pricing");
+          printError(`API error: ${err.detail}`);
         }
-        printError(`API error: ${err.detail}`);
+        throw err;
       }
-      throw err;
-    }
-    if (opts.json) {
-      console.log(JSON.stringify(secret, null, 2));
-      return;
+      if (opts.json) {
+        console.log(JSON.stringify(secret, null, 2));
+        return;
+      }
+      const scope = opts.agent ? `agent ${opts.agent}` : "org-level";
+      printSuccess(`Secret '${opts.key}' set (${scope}).`);
     }
-    printSuccess(`Secret '${opts.key}' set for agent ${opts.agent}.`);
-  });
+  );
 }
 
 // src/commands/vault/index.ts
@@ -637,6 +731,62 @@ function registerVaultCommands(program2) {
   registerVaultSet(vaultCmd);
 }
 
+// src/commands/test-call.ts
+var import_axios3 = __toESM(require("axios"));
+function registerTestCall(program2) {
+  program2.command("test-call").description("Fire a tool call through the gateway from the terminal").requiredOption("--server <name>", "MCP server name").requiredOption("--tool <tool>", "Tool name to invoke").option("--params <json>", "Tool arguments as a JSON string (default: {})", "{}").option("--agent-key <key>", "Agent API key (overrides config)").option("--json", "Output raw JSON response").action(
+    async (opts) => {
+      requireAuth();
+      const serverPage = await get("/api/v1/mcp-servers", { skip: 0, limit: 200 });
+      const server = serverPage.items.find(
+        (s) => s.name.toLowerCase() === opts.server.toLowerCase()
+      );
+      if (!server) {
+        printError(`MCP server '${opts.server}' not found.`);
+      }
+      let params;
+      try {
+        params = JSON.parse(opts.params);
+      } catch {
+        printError(`--params must be valid JSON, e.g. '{"path": "/tmp/test.txt"}'`);
+      }
+      const cfg = getConfig();
+      const apiKey = opts.agentKey;
+      if (!apiKey) {
+        printError(
+          "An agent API key is required for proxy calls.\nPass --agent-key <key> or create an agent with `arbiter agent create`."
+        );
+      }
+      const baseUrl = (process.env["ARBITER_API_URL"] ?? cfg?.api_url ?? "https://api.arbiterai.dev").replace(/\/$/, "");
+      let result;
+      try {
+        const res = await import_axios3.default.post(
+          `${baseUrl}/api/v1/proxy/tool-call`,
+          { server_name: opts.server, tool_name: opts.tool, params },
+          { headers: { Authorization: `Bearer ${apiKey}`, "Content-Type": "application/json" } }
+        );
+        result = res.data;
+      } catch (err) {
+        if (import_axios3.default.isAxiosError(err)) {
+          const detail = err.response?.data?.detail ?? err.message;
+          printError(`Tool call failed (HTTP ${err.response?.status ?? 0}): ${detail}`);
+        }
+        throw err;
+      }
+      if (opts.json) {
+        console.log(JSON.stringify(result, null, 2));
+        return;
+      }
+      const cacheTag = result.cache_hit ? " [cached]" : "";
+      console.log(`
+  \u2713  ${opts.tool} on ${opts.server}${cacheTag} \u2014 ${result.duration_ms}ms
+`);
+      console.log(JSON.stringify(result.result, null, 2));
+      console.log();
+    }
+  );
+}
+
 // src/index.ts
 var pkg = require_package();
 var program = new import_commander.Command();
@@ -648,8 +798,10 @@ registerLogin(program);
 registerLogout(program);
 registerStatus(program);
 registerAgentCommands(program);
+registerMcpServersCommands(program);
 registerPermissionsCommands(program);
 registerVaultCommands(program);
+registerTestCall(program);
 program.parseAsync(process.argv).catch((err) => {
   if (err instanceof Error) {
     console.error(err.message);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@arbiterai/cli",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "Official CLI for Arbiter — the developer-first MCP gateway",
   "license": "MIT",
   "keywords": [
@@ -25,13 +25,6 @@
   "engines": {
     "node": ">=18.0.0"
   },
-  "scripts": {
-    "build": "tsup",
-    "dev": "tsup --watch",
-    "lint": "eslint src --max-warnings 0",
-    "type-check": "tsc --noEmit",
-    "prepublishOnly": "npm run build"
-  },
   "dependencies": {
     "axios": "^1.7.7",
     "chalk": "^5.3.0",
@@ -47,5 +40,11 @@
     "tsup": "^8.3.0",
     "typescript": "^5.6.3",
     "typescript-eslint": "^8.57.2"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "lint": "eslint src --max-warnings 0",
+    "type-check": "tsc --noEmit"
   }
-}
+}