@axisagent/cli 0.1.1 → 0.1.3

package/README.md

@@ -13,7 +13,7 @@ npx @axisagent/cli list --chain Base
 npm run axis -- inspect bankr-launch-feed
 npx @axisagent/cli install bankr-launch-feed --target .axis/skills
 npx @axisagent/cli scan .axis/skills/bankr-launch-feed
-npx @axisagent/cli connect --pair AXIS-1234 --api https://api.axisagent.xyz
+npx @axisagent/cli connect --pair AXIS-1234 --api https://api.axisagent.xyz --run-approved
 npx @axisagent/cli serve --port 8788
 ```
 
@@ -24,10 +24,11 @@ The public dashboard should connect through Axis API, not direct browser-to-loca
 Flow:
 
 1. Dashboard creates a pairing code through `POST /v1/pairing/create`.
-2. User runs `npx @axisagent/cli connect --pair AXIS-1234 --api https://api.axisagent.xyz`.
+2. User runs `npx @axisagent/cli connect --pair AXIS-1234 --api https://api.axisagent.xyz --run-approved`.
 3. The local connector opens an outbound session to Axis API.
 4. The connector sends heartbeats, detected agents, capabilities and registry stats.
-5. The dashboard polls `GET /v1/pairing/:code/status`.
+5. When the user clicks `Authorize + send`, the connector can run approved Axis install+scan tasks locally.
+6. The dashboard polls the task result and opens the Axis approval ticket.
 
 For local API testing:
 

package/dist/cli.js

@@ -26,7 +26,7 @@ Commands:
   install <skill-id> [--target .axis/skills] [--scan] [--json]
   scan <skill-dir> [--json]
   validate
-  connect [--pair AXIS-4821] [--api https://api.axisagent.xyz] [--once]
+  connect [--pair AXIS-4821] [--api https://api.axisagent.xyz] [--once] [--run-approved]
   serve [--port 8788]
 `);
 }
@@ -137,7 +137,8 @@ async function run() {
             pairingCode,
             baseDir: userCwd,
             heartbeatIntervalMs,
-            once: hasFlag("--once")
+            once: hasFlag("--once"),
+            runApprovedTasks: hasFlag("--run-approved")
         });
         return;
     }

package/dist/packageWriter.d.ts

@@ -48,4 +48,38 @@ export declare function writeSkillPackage(skillId: string, targetDir: string): P
     skillDir: string;
     files: string[];
 }>;
+export declare function installAndScanSkillPackage(skillId: string, targetDir: string): Promise<{
+    scan: ScanResult;
+    skill: {
+        id: string;
+        title: string;
+        category: string;
+        summary: string;
+        useWhen: string;
+        chains: string[];
+        protocols: string[];
+        risk: "low" | "medium" | "high" | "critical";
+        executionMode: "read-only" | "approval-required" | "live-execution";
+        permissions: ("network" | "market-data" | "wallet-read" | "wallet-signature" | "transaction-preview" | "trading" | "api-key" | "notifications" | "contract-call" | "filesystem-read" | "filesystem-write" | "secrets-read" | "paid-api" | "governance" | "browser")[];
+        installTargets: ("codex" | "claude" | "openclaw" | "cursor" | "generic-mcp")[];
+        source: string;
+        tokenUtility: string;
+        auditNotes: string[];
+        operations: string[];
+        tests: string[];
+        policy: {
+            defaultMode: "read-only" | "approval-required" | "live-execution";
+            requiresApproval: boolean;
+            networkAccess: boolean;
+            walletWrite: boolean;
+            secrets: string[];
+            allowedChains: string[];
+            maxSpendUsd: number | null;
+            sessionLimitMinutes: number;
+            humanReadableRule: string;
+        };
+    };
+    skillDir: string;
+    files: string[];
+}>;
 export declare function scanSkillPackage(skillDir: string): Promise<ScanResult>;

package/dist/packageWriter.js

@@ -17,6 +17,15 @@ export async function writeSkillPackage(skillId, targetDir) {
         files: ["SKILL.md", "policy.json", "README.md"]
     };
 }
+export async function installAndScanSkillPackage(skillId, targetDir) {
+    await mkdir(targetDir, { recursive: true });
+    const install = await writeSkillPackage(skillId, targetDir);
+    const scan = await scanSkillPackage(install.skillDir);
+    return {
+        ...install,
+        scan
+    };
+}
 export async function scanSkillPackage(skillDir) {
     const skillMarkdown = await readFile(join(skillDir, "SKILL.md"), "utf8");
     const policyRaw = await readFile(join(skillDir, "policy.json"), "utf8");

package/dist/relayClient.d.ts

@@ -4,6 +4,7 @@ type RelayConnectOptions = {
     baseDir: string;
     heartbeatIntervalMs: number;
     once: boolean;
+    runApprovedTasks: boolean;
 };
 export declare function connectRelay(options: RelayConnectOptions): Promise<{
     status: string;

package/dist/relayClient.js

@@ -1,7 +1,8 @@
-import { access, readdir } from "node:fs/promises";
+import { access, mkdir, readdir, writeFile } from "node:fs/promises";
 import { homedir } from "node:os";
-import { join } from "node:path";
-import { getRegistryStats } from "./skillRegistry.js";
+import { resolve, relative, join } from "node:path";
+import { installAndScanSkillPackage, scanSkillPackage } from "./packageWriter.js";
+import { getRegistryStats, getSkillById } from "./skillRegistry.js";
 async function pathExists(path) {
     try {
         await access(path);
@@ -73,6 +74,138 @@ async function postJson(url, body, token) {
     }
     return payload;
 }
+function getOptionFromCommand(command, name) {
+    if (!command)
+        return null;
+    const parts = command.trim().split(/\s+/);
+    const index = parts.indexOf(name);
+    if (index === -1)
+        return null;
+    return parts[index + 1] ?? null;
+}
+function resolveSafeTarget(baseDir, target) {
+    if (target.startsWith("/") || target.includes("..")) {
+        throw new Error(`Unsafe target path: ${target}`);
+    }
+    const resolved = resolve(baseDir, target);
+    const relation = relative(baseDir, resolved);
+    if (relation.startsWith("..") || relation === "") {
+        throw new Error(`Target must stay inside the connected workspace: ${target}`);
+    }
+    return resolved;
+}
+function validateInstallTask(task) {
+    if (task.kind !== "install") {
+        throw new Error(`Task kind ${task.kind} is not auto-executable`);
+    }
+    if (!task.skillId || !getSkillById(task.skillId)) {
+        throw new Error(`Unknown Axis skill: ${task.skillId ?? "missing"}`);
+    }
+    const target = getOptionFromCommand(task.command, "--target") ?? ".axis/skills";
+    const commandSkill = task.command?.split(/\s+/).includes(task.skillId) ?? false;
+    const hasScan = task.command?.split(/\s+/).includes("--scan") ?? false;
+    if (task.command && (!commandSkill || !hasScan)) {
+        throw new Error("Install task command does not match Axis install+scan policy");
+    }
+    return target;
+}
+async function runApprovedAxisTask(baseDir, task) {
+    if (task.kind === "install") {
+        const target = validateInstallTask(task);
+        const targetDir = resolveSafeTarget(baseDir, target);
+        const install = await installAndScanSkillPackage(task.skillId, targetDir);
+        return {
+            status: install.scan.ok ? "completed" : "failed",
+            summary: install.scan.ok
+                ? `Installed and scanned ${install.skill.title}. ${install.scan.findings.length} checks passed.`
+                : `Installed ${install.skill.title}, but Axis scan found blocked checks.`,
+            scan: install.scan,
+            path: install.skillDir
+        };
+    }
+    if (task.kind === "scan" || task.kind === "check") {
+        if (!task.skillId)
+            throw new Error("Scan task is missing skill id");
+        const target = getOptionFromCommand(task.command, "--target") ?? ".axis/skills";
+        const skillDir = resolveSafeTarget(baseDir, join(target, task.skillId));
+        const scan = await scanSkillPackage(skillDir);
+        return {
+            status: scan.ok ? "completed" : "failed",
+            summary: scan.ok ? `Axis scan passed for ${task.skillId}.` : `Axis scan blocked ${task.skillId}.`,
+            scan,
+            path: skillDir
+        };
+    }
+    throw new Error("Prompt-only tasks are written to inbox and require the agent to decide next steps");
+}
+function safeTaskFileName(task) {
+    const title = task.title.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "").slice(0, 64) || "task";
+    return `${new Date(task.createdAt).toISOString().replace(/[:.]/g, "-")}-${title}.md`;
+}
+async function writeTaskInbox(baseDir, task) {
+    const inboxDir = join(baseDir, ".axis", "inbox");
+    await mkdir(inboxDir, { recursive: true });
+    const filePath = join(inboxDir, safeTaskFileName(task));
+    const body = [
+        `# ${task.title}`,
+        "",
+        `- Task: ${task.id}`,
+        `- Kind: ${task.kind}`,
+        `- Target: ${task.targetAgent}`,
+        `- Skill: ${task.skillId ?? "n/a"}`,
+        `- Created: ${task.createdAt}`,
+        "",
+        task.command ? "## Command\n" : "",
+        task.command ? `\`\`\`bash\n${task.command}\n\`\`\`\n` : "",
+        "## Prompt",
+        "",
+        task.prompt,
+        "",
+        "## Axis Rule",
+        "",
+        "Do not execute wallet, API, market, or payment actions until the user approves the Axis review ticket."
+    ].filter(Boolean).join("\n");
+    await writeFile(filePath, body, "utf8");
+    return filePath;
+}
+async function postTaskResult(apiUrl, pairingCode, token, task, result) {
+    await postJson(`${apiUrl}/v1/relay/${pairingCode}/tasks/${task.id}/result`, result, token);
+}
+async function processRelayTasks(baseDir, apiUrl, pairingCode, token, tasks, runApprovedTasks) {
+    for (const task of tasks) {
+        const filePath = await writeTaskInbox(baseDir, task);
+        console.log("");
+        console.log(`Axis task received: ${task.title}`);
+        console.log(`Target: ${task.targetAgent}`);
+        if (task.command)
+            console.log(`Command: ${task.command}`);
+        console.log(`Inbox: ${filePath}`);
+        console.log("Prompt:");
+        console.log(task.prompt);
+        if (runApprovedTasks) {
+            try {
+                const result = await runApprovedAxisTask(baseDir, task);
+                await postTaskResult(apiUrl, pairingCode, token, task, result);
+                console.log(`Axis auto-run: ${result.summary}`);
+                if (result.path)
+                    console.log(`Path: ${result.path}`);
+            }
+            catch (error) {
+                const message = error instanceof Error ? error.message : "Unknown task execution error";
+                await postTaskResult(apiUrl, pairingCode, token, task, {
+                    status: "failed",
+                    summary: `Axis auto-run failed: ${message}`,
+                    error: message
+                });
+                console.log(`Axis auto-run failed: ${message}`);
+            }
+        }
+        else {
+            console.log("Auto-run disabled. Start the connector with --run-approved to execute Axis-approved install tasks locally.");
+        }
+        console.log("");
+    }
+}
 async function createRelayPayload(baseDir, pairingCode) {
     return {
         pairingCode,
@@ -81,7 +214,7 @@ async function createRelayPayload(baseDir, pairingCode) {
             version: "0.1.0",
             baseDir,
             runtime: `node ${process.version}`,
-            capabilities: ["heartbeat", "skill-install", "skill-scan", "axis-check", "approval-ticket"]
+            capabilities: ["heartbeat", "skill-install", "skill-scan", "axis-check", "approval-ticket", "approved-task-runner"]
         },
         agents: await detectAgents(baseDir),
         registry: getRegistryStats()
@@ -105,5 +238,8 @@ export async function connectRelay(options) {
         const heartbeatPayload = await createRelayPayload(options.baseDir, pairingCode);
         const heartbeat = await postJson(`${apiUrl}/v1/relay/${pairingCode}/heartbeat`, heartbeatPayload, connected.relayToken);
         console.log(`[${heartbeat.session.lastSeenAt}] relay ${heartbeat.session.status}`);
+        if (heartbeat.tasks?.length) {
+            await processRelayTasks(options.baseDir, apiUrl, pairingCode, connected.relayToken, heartbeat.tasks, options.runApprovedTasks);
+        }
     }
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@axisagent/cli",
   "private": false,
-  "version": "0.1.1",
+  "version": "0.1.3",
   "type": "module",
   "description": "Local Axis runtime, skill registry, policy validator, and CLI.",
   "license": "MIT",