npm - @axisagent/cli - Versions diffs - 0.1.2 → 0.1.3 - Mend

@axisagent/cli 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md CHANGED Viewed

@@ -13,7 +13,7 @@ npx @axisagent/cli list --chain Base
 npm run axis -- inspect bankr-launch-feed
 npx @axisagent/cli install bankr-launch-feed --target .axis/skills
 npx @axisagent/cli scan .axis/skills/bankr-launch-feed
-npx @axisagent/cli connect --pair AXIS-1234 --api https://api.axisagent.xyz
+npx @axisagent/cli connect --pair AXIS-1234 --api https://api.axisagent.xyz --run-approved
 npx @axisagent/cli serve --port 8788
 ```
@@ -24,10 +24,11 @@ The public dashboard should connect through Axis API, not direct browser-to-loca
 Flow:
 1. Dashboard creates a pairing code through `POST /v1/pairing/create`.
-2. User runs `npx @axisagent/cli connect --pair AXIS-1234 --api https://api.axisagent.xyz`.
+2. User runs `npx @axisagent/cli connect --pair AXIS-1234 --api https://api.axisagent.xyz --run-approved`.
 3. The local connector opens an outbound session to Axis API.
 4. The connector sends heartbeats, detected agents, capabilities and registry stats.
-5. The dashboard polls `GET /v1/pairing/:code/status`.
+5. When the user clicks `Authorize + send`, the connector can run approved Axis install+scan tasks locally.
+6. The dashboard polls the task result and opens the Axis approval ticket.
 For local API testing:

package/dist/cli.js CHANGED Viewed

@@ -26,7 +26,7 @@ Commands:
   install <skill-id> [--target .axis/skills] [--scan] [--json]
   scan <skill-dir> [--json]
   validate
-  connect [--pair AXIS-4821] [--api https://api.axisagent.xyz] [--once]
+  connect [--pair AXIS-4821] [--api https://api.axisagent.xyz] [--once] [--run-approved]
   serve [--port 8788]
 `);
 }
@@ -137,7 +137,8 @@ async function run() {
             pairingCode,
             baseDir: userCwd,
             heartbeatIntervalMs,
-            once: hasFlag("--once")
+            once: hasFlag("--once"),
+            runApprovedTasks: hasFlag("--run-approved")
         });
         return;
     }

package/dist/packageWriter.d.ts CHANGED Viewed

@@ -48,4 +48,38 @@ export declare function writeSkillPackage(skillId: string, targetDir: string): P
     skillDir: string;
     files: string[];
 }>;
+export declare function installAndScanSkillPackage(skillId: string, targetDir: string): Promise<{
+    scan: ScanResult;
+    skill: {
+        id: string;
+        title: string;
+        category: string;
+        summary: string;
+        useWhen: string;
+        chains: string[];
+        protocols: string[];
+        risk: "low" | "medium" | "high" | "critical";
+        executionMode: "read-only" | "approval-required" | "live-execution";
+        permissions: ("network" | "market-data" | "wallet-read" | "wallet-signature" | "transaction-preview" | "trading" | "api-key" | "notifications" | "contract-call" | "filesystem-read" | "filesystem-write" | "secrets-read" | "paid-api" | "governance" | "browser")[];
+        installTargets: ("codex" | "claude" | "openclaw" | "cursor" | "generic-mcp")[];
+        source: string;
+        tokenUtility: string;
+        auditNotes: string[];
+        operations: string[];
+        tests: string[];
+        policy: {
+            defaultMode: "read-only" | "approval-required" | "live-execution";
+            requiresApproval: boolean;
+            networkAccess: boolean;
+            walletWrite: boolean;
+            secrets: string[];
+            allowedChains: string[];
+            maxSpendUsd: number | null;
+            sessionLimitMinutes: number;
+            humanReadableRule: string;
+        };
+    };
+    skillDir: string;
+    files: string[];
+}>;
 export declare function scanSkillPackage(skillDir: string): Promise<ScanResult>;

package/dist/packageWriter.js CHANGED Viewed

@@ -17,6 +17,15 @@ export async function writeSkillPackage(skillId, targetDir) {
         files: ["SKILL.md", "policy.json", "README.md"]
     };
 }
+export async function installAndScanSkillPackage(skillId, targetDir) {
+    await mkdir(targetDir, { recursive: true });
+    const install = await writeSkillPackage(skillId, targetDir);
+    const scan = await scanSkillPackage(install.skillDir);
+    return {
+        ...install,
+        scan
+    };
+}
 export async function scanSkillPackage(skillDir) {
     const skillMarkdown = await readFile(join(skillDir, "SKILL.md"), "utf8");
     const policyRaw = await readFile(join(skillDir, "policy.json"), "utf8");

package/dist/relayClient.d.ts CHANGED Viewed

@@ -4,6 +4,7 @@ type RelayConnectOptions = {
     baseDir: string;
     heartbeatIntervalMs: number;
     once: boolean;
+    runApprovedTasks: boolean;
 };
 export declare function connectRelay(options: RelayConnectOptions): Promise<{
     status: string;

package/dist/relayClient.js CHANGED Viewed

@@ -1,7 +1,8 @@
 import { access, mkdir, readdir, writeFile } from "node:fs/promises";
 import { homedir } from "node:os";
-import { join } from "node:path";
-import { getRegistryStats } from "./skillRegistry.js";
+import { resolve, relative, join } from "node:path";
+import { installAndScanSkillPackage, scanSkillPackage } from "./packageWriter.js";
+import { getRegistryStats, getSkillById } from "./skillRegistry.js";
 async function pathExists(path) {
     try {
         await access(path);
@@ -73,6 +74,70 @@ async function postJson(url, body, token) {
     }
     return payload;
 }
+function getOptionFromCommand(command, name) {
+    if (!command)
+        return null;
+    const parts = command.trim().split(/\s+/);
+    const index = parts.indexOf(name);
+    if (index === -1)
+        return null;
+    return parts[index + 1] ?? null;
+}
+function resolveSafeTarget(baseDir, target) {
+    if (target.startsWith("/") || target.includes("..")) {
+        throw new Error(`Unsafe target path: ${target}`);
+    }
+    const resolved = resolve(baseDir, target);
+    const relation = relative(baseDir, resolved);
+    if (relation.startsWith("..") || relation === "") {
+        throw new Error(`Target must stay inside the connected workspace: ${target}`);
+    }
+    return resolved;
+}
+function validateInstallTask(task) {
+    if (task.kind !== "install") {
+        throw new Error(`Task kind ${task.kind} is not auto-executable`);
+    }
+    if (!task.skillId || !getSkillById(task.skillId)) {
+        throw new Error(`Unknown Axis skill: ${task.skillId ?? "missing"}`);
+    }
+    const target = getOptionFromCommand(task.command, "--target") ?? ".axis/skills";
+    const commandSkill = task.command?.split(/\s+/).includes(task.skillId) ?? false;
+    const hasScan = task.command?.split(/\s+/).includes("--scan") ?? false;
+    if (task.command && (!commandSkill || !hasScan)) {
+        throw new Error("Install task command does not match Axis install+scan policy");
+    }
+    return target;
+}
+async function runApprovedAxisTask(baseDir, task) {
+    if (task.kind === "install") {
+        const target = validateInstallTask(task);
+        const targetDir = resolveSafeTarget(baseDir, target);
+        const install = await installAndScanSkillPackage(task.skillId, targetDir);
+        return {
+            status: install.scan.ok ? "completed" : "failed",
+            summary: install.scan.ok
+                ? `Installed and scanned ${install.skill.title}. ${install.scan.findings.length} checks passed.`
+                : `Installed ${install.skill.title}, but Axis scan found blocked checks.`,
+            scan: install.scan,
+            path: install.skillDir
+        };
+    }
+    if (task.kind === "scan" || task.kind === "check") {
+        if (!task.skillId)
+            throw new Error("Scan task is missing skill id");
+        const target = getOptionFromCommand(task.command, "--target") ?? ".axis/skills";
+        const skillDir = resolveSafeTarget(baseDir, join(target, task.skillId));
+        const scan = await scanSkillPackage(skillDir);
+        return {
+            status: scan.ok ? "completed" : "failed",
+            summary: scan.ok ? `Axis scan passed for ${task.skillId}.` : `Axis scan blocked ${task.skillId}.`,
+            scan,
+            path: skillDir
+        };
+    }
+    throw new Error("Prompt-only tasks are written to inbox and require the agent to decide next steps");
+}
 function safeTaskFileName(task) {
     const title = task.title.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "").slice(0, 64) || "task";
     return `${new Date(task.createdAt).toISOString().replace(/[:.]/g, "-")}-${title}.md`;
@@ -103,7 +168,10 @@ async function writeTaskInbox(baseDir, task) {
     await writeFile(filePath, body, "utf8");
     return filePath;
 }
-async function processRelayTasks(baseDir, tasks) {
+async function postTaskResult(apiUrl, pairingCode, token, task, result) {
+    await postJson(`${apiUrl}/v1/relay/${pairingCode}/tasks/${task.id}/result`, result, token);
+}
+async function processRelayTasks(baseDir, apiUrl, pairingCode, token, tasks, runApprovedTasks) {
     for (const task of tasks) {
         const filePath = await writeTaskInbox(baseDir, task);
         console.log("");
@@ -114,6 +182,27 @@ async function processRelayTasks(baseDir, tasks) {
         console.log(`Inbox: ${filePath}`);
         console.log("Prompt:");
         console.log(task.prompt);
+        if (runApprovedTasks) {
+            try {
+                const result = await runApprovedAxisTask(baseDir, task);
+                await postTaskResult(apiUrl, pairingCode, token, task, result);
+                console.log(`Axis auto-run: ${result.summary}`);
+                if (result.path)
+                    console.log(`Path: ${result.path}`);
+            }
+            catch (error) {
+                const message = error instanceof Error ? error.message : "Unknown task execution error";
+                await postTaskResult(apiUrl, pairingCode, token, task, {
+                    status: "failed",
+                    summary: `Axis auto-run failed: ${message}`,
+                    error: message
+                });
+                console.log(`Axis auto-run failed: ${message}`);
+            }
+        }
+        else {
+            console.log("Auto-run disabled. Start the connector with --run-approved to execute Axis-approved install tasks locally.");
+        }
         console.log("");
     }
 }
@@ -125,7 +214,7 @@ async function createRelayPayload(baseDir, pairingCode) {
             version: "0.1.0",
             baseDir,
             runtime: `node ${process.version}`,
-            capabilities: ["heartbeat", "skill-install", "skill-scan", "axis-check", "approval-ticket"]
+            capabilities: ["heartbeat", "skill-install", "skill-scan", "axis-check", "approval-ticket", "approved-task-runner"]
         },
         agents: await detectAgents(baseDir),
         registry: getRegistryStats()
@@ -150,7 +239,7 @@ export async function connectRelay(options) {
         const heartbeat = await postJson(`${apiUrl}/v1/relay/${pairingCode}/heartbeat`, heartbeatPayload, connected.relayToken);
         console.log(`[${heartbeat.session.lastSeenAt}] relay ${heartbeat.session.status}`);
         if (heartbeat.tasks?.length) {
-            await processRelayTasks(options.baseDir, heartbeat.tasks);
+            await processRelayTasks(options.baseDir, apiUrl, pairingCode, connected.relayToken, heartbeat.tasks, options.runApprovedTasks);
         }
     }
 }

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@axisagent/cli",
   "private": false,
-  "version": "0.1.2",
+  "version": "0.1.3",
   "type": "module",
   "description": "Local Axis runtime, skill registry, policy validator, and CLI.",
   "license": "MIT",