@behalfid/cli 0.1.0

package/dist/lib/mcp-server.js

@@ -0,0 +1,140 @@
+import { createInterface } from "node:readline";
+import { readCachedDetail, fetchAndCacheDetail } from "./passport-cache.js";
+import { apiRequest } from "./client.js";
+function respond(id, result) {
+    process.stdout.write(JSON.stringify({ jsonrpc: "2.0", id, result }) + "\n");
+}
+function respondError(id, code, message) {
+    process.stdout.write(JSON.stringify({ jsonrpc: "2.0", id, error: { code, message } }) + "\n");
+}
+const TOOLS = [
+    {
+        name: "verify_action",
+        description: "Verify whether this agent is permitted to perform an action BEFORE executing it. " +
+            "You MUST call this before any action that touches an external service. " +
+            "If the response contains `\"allowed\": false`, do NOT proceed — explain the reason to the user instead.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                action: {
+                    type: "string",
+                    description: 'The action to verify. Common values: "purchase", "access_data", "browse_web", "schedule", "create_content", "send_message". Use the most specific value that describes what you are about to do.',
+                },
+                vendor: {
+                    type: "string",
+                    description: 'The vendor, service, or domain being accessed (e.g. "amazon.com", "gmail.com", "google-calendar"). Omit for generic actions.',
+                },
+                amount: {
+                    type: "number",
+                    description: "Transaction amount in dollars. Only required for purchase-type actions.",
+                },
+            },
+            required: ["action"],
+        },
+    },
+    {
+        name: "get_permissions",
+        description: "Get the current active permissions for this agent — what actions are allowed, on which resources, and under what constraints.",
+        inputSchema: {
+            type: "object",
+            properties: {},
+        },
+    },
+];
+export async function startMcpServer(config) {
+    const rl = createInterface({ input: process.stdin, terminal: false });
+    rl.on("line", async (line) => {
+        const raw = line.trim();
+        if (!raw)
+            return;
+        let req;
+        try {
+            req = JSON.parse(raw);
+        }
+        catch {
+            return;
+        }
+        // Notifications have no id — no response needed
+        if (req.id === undefined || req.id === null) {
+            return;
+        }
+        try {
+            switch (req.method) {
+                case "initialize":
+                    respond(req.id, {
+                        protocolVersion: "2024-11-05",
+                        capabilities: { tools: {} },
+                        serverInfo: { name: "behalfid", version: "0.1.0" },
+                    });
+                    break;
+                case "ping":
+                    respond(req.id, {});
+                    break;
+                case "tools/list":
+                    respond(req.id, { tools: TOOLS });
+                    break;
+                case "tools/call": {
+                    const params = req.params;
+                    const toolName = params?.name;
+                    const args = params?.arguments ?? {};
+                    if (toolName === "verify_action") {
+                        const body = {
+                            agentId: config.agentId,
+                            action: args.action,
+                        };
+                        if (args.vendor)
+                            body.vendor = args.vendor;
+                        if (args.amount !== undefined)
+                            body.amount = args.amount;
+                        const result = await apiRequest("/api/verify", {
+                            method: "POST",
+                            body,
+                            apiKey: config.apiKey,
+                            baseUrl: config.baseUrl,
+                            skipAuth: false,
+                        });
+                        respond(req.id, {
+                            content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
+                        });
+                    }
+                    else if (toolName === "get_permissions") {
+                        let detail = readCachedDetail(config.agentId);
+                        if (!detail) {
+                            try {
+                                detail = await fetchAndCacheDetail(config.agentId, config.baseUrl);
+                            }
+                            catch {
+                                respond(req.id, {
+                                    content: [
+                                        {
+                                            type: "text",
+                                            text: JSON.stringify({
+                                                error: "Permissions cache is empty. Run `behalf mcp init` to populate it.",
+                                            }),
+                                        },
+                                    ],
+                                    isError: true,
+                                });
+                                break;
+                            }
+                        }
+                        respond(req.id, {
+                            content: [{ type: "text", text: JSON.stringify(detail, null, 2) }],
+                        });
+                    }
+                    else {
+                        respondError(req.id, -32601, `Unknown tool: ${toolName ?? "(none)"}`);
+                    }
+                    break;
+                }
+                default:
+                    respondError(req.id, -32601, `Method not found: ${req.method}`);
+            }
+        }
+        catch (err) {
+            respondError(req.id, -32603, err instanceof Error ? err.message : "Internal error");
+        }
+    });
+    // Keep alive until stdin closes
+    process.stdin.resume();
+}

package/dist/lib/output.d.ts

@@ -0,0 +1,10 @@
+export declare function setJsonMode(on: boolean): void;
+export declare function isJsonMode(): boolean;
+export declare function printJson(data: unknown): void;
+export declare function printError(message: string): void;
+export declare function printSuccess(message: string): void;
+type Row = Record<string, string | number | boolean | null | undefined>;
+export declare function printTable(rows: Row[], columns?: string[]): void;
+export declare function printKv(pairs: Record<string, string | number | boolean | null | undefined>): void;
+export declare function runAction(fn: (...args: any[]) => Promise<void>): (...args: any[]) => void;
+export {};

package/dist/lib/output.js

@@ -0,0 +1,48 @@
+let _json = false;
+export function setJsonMode(on) { _json = on; }
+export function isJsonMode() { return _json; }
+export function printJson(data) {
+    console.log(JSON.stringify(data, null, 2));
+}
+export function printError(message) {
+    if (_json) {
+        console.error(JSON.stringify({ error: message }));
+    }
+    else {
+        console.error(`Error: ${message}`);
+    }
+}
+export function printSuccess(message) {
+    if (!_json)
+        console.log(message);
+}
+export function printTable(rows, columns) {
+    if (rows.length === 0) {
+        console.log("(none)");
+        return;
+    }
+    const keys = columns ?? Object.keys(rows[0]);
+    const widths = keys.map(k => Math.max(k.length, ...rows.map(r => String(r[k] ?? "").length)));
+    const sep = widths.map(w => "─".repeat(w)).join("  ");
+    console.log(keys.map((k, i) => k.toUpperCase().padEnd(widths[i])).join("  "));
+    console.log(sep);
+    for (const row of rows) {
+        console.log(keys.map((k, i) => String(row[k] ?? "").padEnd(widths[i])).join("  "));
+    }
+}
+export function printKv(pairs) {
+    const keyWidth = Math.max(...Object.keys(pairs).map(k => k.length));
+    for (const [k, v] of Object.entries(pairs)) {
+        console.log(`${k.padEnd(keyWidth)}  ${v ?? ""}`);
+    }
+}
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export function runAction(fn) {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    return (...args) => {
+        fn(...args).catch((err) => {
+            printError(err instanceof Error ? err.message : String(err));
+            process.exit(1);
+        });
+    };
+}

package/dist/lib/passport-cache.d.ts

@@ -0,0 +1,31 @@
+export type PermissionEntry = {
+    permissionId: string;
+    action: string;
+    description?: string | null;
+    resource?: string | null;
+    scope?: string | null;
+    allowedActions?: string[] | null;
+    blockedActions?: string[] | null;
+    requiresApproval?: boolean | null;
+    template?: string | null;
+    constraints?: {
+        maxAmount?: number | null;
+        allowedVendors?: string[] | null;
+        expiresAt?: string | null;
+    } | null;
+    status: string;
+};
+export type AgentDetail = {
+    agent: {
+        agentId: string;
+        name: string;
+        status: string;
+        agentType?: string | null;
+        provider?: string | null;
+        description?: string | null;
+    };
+    permissions: PermissionEntry[];
+};
+export declare function readCachedDetail(agentId: string): AgentDetail | null;
+export declare function writeCachedDetail(agentId: string, data: AgentDetail): void;
+export declare function fetchAndCacheDetail(agentId: string, baseUrl?: string, forceRefresh?: boolean): Promise<AgentDetail>;

package/dist/lib/passport-cache.js

@@ -0,0 +1,43 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { apiRequest } from "./client.js";
+const CACHE_DIR = join(homedir(), ".behalf", "cache");
+const TTL_MS = 5 * 60 * 1000;
+function cacheFile(agentId) {
+    return join(CACHE_DIR, `${agentId}.json`);
+}
+function ensureCacheDir() {
+    if (!existsSync(CACHE_DIR))
+        mkdirSync(CACHE_DIR, { recursive: true });
+}
+export function readCachedDetail(agentId) {
+    const path = cacheFile(agentId);
+    if (!existsSync(path))
+        return null;
+    try {
+        const entry = JSON.parse(readFileSync(path, "utf-8"));
+        const age = Date.now() - new Date(entry.fetchedAt).getTime();
+        if (age > TTL_MS)
+            return null;
+        return entry.data;
+    }
+    catch {
+        return null;
+    }
+}
+export function writeCachedDetail(agentId, data) {
+    ensureCacheDir();
+    const entry = { agentId, fetchedAt: new Date().toISOString(), data };
+    writeFileSync(cacheFile(agentId), JSON.stringify(entry, null, 2) + "\n");
+}
+export async function fetchAndCacheDetail(agentId, baseUrl, forceRefresh = false) {
+    if (!forceRefresh) {
+        const cached = readCachedDetail(agentId);
+        if (cached)
+            return cached;
+    }
+    const data = await apiRequest(`/api/dashboard/agents/${encodeURIComponent(agentId)}`, { baseUrl });
+    writeCachedDetail(agentId, data);
+    return data;
+}

package/dist/lib/prompt.d.ts

@@ -0,0 +1,3 @@
+export declare function ask(question: string, defaultValue?: string): Promise<string>;
+export declare function askPassword(question: string): Promise<string>;
+export declare function confirm(question: string, defaultYes?: boolean): Promise<boolean>;

package/dist/lib/prompt.js

@@ -0,0 +1,53 @@
+import { createInterface } from "node:readline/promises";
+export async function ask(question, defaultValue) {
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    const suffix = defaultValue ? ` [${defaultValue}]: ` : ": ";
+    const answer = await rl.question(question + suffix);
+    rl.close();
+    return answer.trim() || defaultValue || "";
+}
+export async function askPassword(question) {
+    return new Promise((resolve) => {
+        process.stdout.write(question + ": ");
+        const chars = [];
+        const cleanup = () => {
+            process.stdin.setRawMode(false);
+            process.stdin.pause();
+            process.stdin.removeAllListeners("data");
+            process.stdout.write("\n");
+        };
+        process.stdin.setRawMode(true);
+        process.stdin.resume();
+        process.stdin.setEncoding("utf-8");
+        process.stdin.on("data", (chunk) => {
+            for (const char of chunk) {
+                if (char === "\r" || char === "\n") {
+                    cleanup();
+                    resolve(chars.join(""));
+                    return;
+                }
+                else if (char === "\x7f" || char === "\b") {
+                    if (chars.length > 0) {
+                        chars.pop();
+                        process.stdout.write("\b \b");
+                    }
+                }
+                else if (char === "\x03") {
+                    cleanup();
+                    process.exit(0);
+                }
+                else {
+                    chars.push(char);
+                    process.stdout.write("*");
+                }
+            }
+        });
+    });
+}
+export async function confirm(question, defaultYes = false) {
+    const hint = defaultYes ? "Y/n" : "y/N";
+    const answer = await ask(`${question} (${hint})`);
+    if (!answer)
+        return defaultYes;
+    return answer.toLowerCase().startsWith("y");
+}

package/package.json

@@ -0,0 +1,33 @@
+{
+  "name": "@behalfid/cli",
+  "version": "0.1.0",
+  "description": "Official CLI for BehalfID — agent permission management",
+  "type": "module",
+  "bin": {
+    "behalf": "./dist/index.js"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "dev": "tsc -p tsconfig.json --watch"
+  },
+  "dependencies": {
+    "commander": "^13.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^25.6.0",
+    "typescript": "^6.0.3"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/potatobeyonddefeat/behalf.git",
+    "directory": "packages/cli"
+  }
+}