@contextableai/openclaw-memory-rebac 0.1.0 → 0.1.1

package/dist/authorization.d.ts

@@ -0,0 +1,57 @@
+/**
+ * Authorization Logic
+ *
+ * Bridges SpiceDB and the memory backend by managing:
+ * - Looking up which group_ids a subject can access
+ * - Writing fragment authorization relationships when memories are stored
+ * - Checking delete permissions
+ */
+import type { SpiceDbClient } from "./spicedb.js";
+export type Subject = {
+    type: "agent" | "person";
+    id: string;
+};
+export type FragmentRelationships = {
+    fragmentId: string;
+    groupId: string;
+    sharedBy: Subject;
+    involves?: Subject[];
+};
+/**
+ * Look up all group IDs that a subject has access to.
+ * Returns group resource IDs from SpiceDB where the subject has the "access" permission.
+ */
+export declare function lookupAuthorizedGroups(spicedb: SpiceDbClient, subject: Subject, zedToken?: string): Promise<string[]>;
+/**
+ * Look up all memory fragment IDs that a subject can view.
+ * Used for fine-grained post-filtering when needed.
+ */
+export declare function lookupViewableFragments(spicedb: SpiceDbClient, subject: Subject, zedToken?: string): Promise<string[]>;
+/**
+ * Write authorization relationships for a newly stored memory fragment.
+ *
+ * Creates:
+ * - memory_fragment:<id> #source_group group:<groupId>
+ * - memory_fragment:<id> #shared_by <sharedBy>
+ * - memory_fragment:<id> #involves <person> (for each involved person)
+ */
+export declare function writeFragmentRelationships(spicedb: SpiceDbClient, params: FragmentRelationships): Promise<string | undefined>;
+/**
+ * Remove all authorization relationships for a memory fragment.
+ * Uses filter-based deletion — no need to know the group, sharer, or involved parties.
+ */
+export declare function deleteFragmentRelationships(spicedb: SpiceDbClient, fragmentId: string): Promise<string | undefined>;
+/**
+ * Check if a subject has delete permission on a memory fragment.
+ */
+export declare function canDeleteFragment(spicedb: SpiceDbClient, subject: Subject, fragmentId: string, zedToken?: string): Promise<boolean>;
+/**
+ * Check if a subject has write (contribute) permission on a group.
+ * Used to gate writes to non-session groups — prevents unauthorized memory injection.
+ */
+export declare function canWriteToGroup(spicedb: SpiceDbClient, subject: Subject, groupId: string, zedToken?: string): Promise<boolean>;
+/**
+ * Ensure a subject is registered as a member of a group.
+ * Idempotent (uses TOUCH operation).
+ */
+export declare function ensureGroupMembership(spicedb: SpiceDbClient, groupId: string, member: Subject): Promise<string | undefined>;

package/dist/authorization.js

@@ -0,0 +1,133 @@
+/**
+ * Authorization Logic
+ *
+ * Bridges SpiceDB and the memory backend by managing:
+ * - Looking up which group_ids a subject can access
+ * - Writing fragment authorization relationships when memories are stored
+ * - Checking delete permissions
+ */
+// ============================================================================
+// Helpers
+// ============================================================================
+function tokenConsistency(zedToken) {
+    return zedToken ? { mode: "at_least_as_fresh", token: zedToken } : undefined;
+}
+// ============================================================================
+// Authorization Operations
+// ============================================================================
+/**
+ * Look up all group IDs that a subject has access to.
+ * Returns group resource IDs from SpiceDB where the subject has the "access" permission.
+ */
+export async function lookupAuthorizedGroups(spicedb, subject, zedToken) {
+    return spicedb.lookupResources({
+        resourceType: "group",
+        permission: "access",
+        subjectType: subject.type,
+        subjectId: subject.id,
+        consistency: tokenConsistency(zedToken),
+    });
+}
+/**
+ * Look up all memory fragment IDs that a subject can view.
+ * Used for fine-grained post-filtering when needed.
+ */
+export async function lookupViewableFragments(spicedb, subject, zedToken) {
+    return spicedb.lookupResources({
+        resourceType: "memory_fragment",
+        permission: "view",
+        subjectType: subject.type,
+        subjectId: subject.id,
+        consistency: tokenConsistency(zedToken),
+    });
+}
+/**
+ * Write authorization relationships for a newly stored memory fragment.
+ *
+ * Creates:
+ * - memory_fragment:<id> #source_group group:<groupId>
+ * - memory_fragment:<id> #shared_by <sharedBy>
+ * - memory_fragment:<id> #involves <person> (for each involved person)
+ */
+export async function writeFragmentRelationships(spicedb, params) {
+    const tuples = [
+        {
+            resourceType: "memory_fragment",
+            resourceId: params.fragmentId,
+            relation: "source_group",
+            subjectType: "group",
+            subjectId: params.groupId,
+        },
+        {
+            resourceType: "memory_fragment",
+            resourceId: params.fragmentId,
+            relation: "shared_by",
+            subjectType: params.sharedBy.type,
+            subjectId: params.sharedBy.id,
+        },
+    ];
+    if (params.involves) {
+        for (const person of params.involves) {
+            tuples.push({
+                resourceType: "memory_fragment",
+                resourceId: params.fragmentId,
+                relation: "involves",
+                subjectType: person.type,
+                subjectId: person.id,
+            });
+        }
+    }
+    return spicedb.writeRelationships(tuples);
+}
+/**
+ * Remove all authorization relationships for a memory fragment.
+ * Uses filter-based deletion — no need to know the group, sharer, or involved parties.
+ */
+export async function deleteFragmentRelationships(spicedb, fragmentId) {
+    return spicedb.deleteRelationshipsByFilter({
+        resourceType: "memory_fragment",
+        resourceId: fragmentId,
+    });
+}
+/**
+ * Check if a subject has delete permission on a memory fragment.
+ */
+export async function canDeleteFragment(spicedb, subject, fragmentId, zedToken) {
+    return spicedb.checkPermission({
+        resourceType: "memory_fragment",
+        resourceId: fragmentId,
+        permission: "delete",
+        subjectType: subject.type,
+        subjectId: subject.id,
+        consistency: tokenConsistency(zedToken),
+    });
+}
+/**
+ * Check if a subject has write (contribute) permission on a group.
+ * Used to gate writes to non-session groups — prevents unauthorized memory injection.
+ */
+export async function canWriteToGroup(spicedb, subject, groupId, zedToken) {
+    return spicedb.checkPermission({
+        resourceType: "group",
+        resourceId: groupId,
+        permission: "contribute",
+        subjectType: subject.type,
+        subjectId: subject.id,
+        consistency: tokenConsistency(zedToken),
+    });
+}
+/**
+ * Ensure a subject is registered as a member of a group.
+ * Idempotent (uses TOUCH operation).
+ */
+export async function ensureGroupMembership(spicedb, groupId, member) {
+    return spicedb.writeRelationships([
+        {
+            resourceType: "group",
+            resourceId: groupId,
+            relation: "member",
+            subjectType: member.type,
+            subjectId: member.id,
+        },
+    ]);
+}

package/dist/backend.d.ts

@@ -0,0 +1,135 @@
+/**
+ * MemoryBackend interface
+ *
+ * All storage-engine specifics live here. The rest of the plugin
+ * (SpiceDB auth, search orchestration, tool registration, CLI skeleton)
+ * is backend-agnostic and never imports from backends/.
+ *
+ * Implementing a new backend means satisfying this interface and adding
+ * an entry to the factory in config.ts. That's it.
+ */
+import type { Command } from "commander";
+/**
+ * A single memory item returned by searchGroup().
+ * Backends are responsible for mapping their native result shape to this.
+ */
+export type SearchResult = {
+    /** "node"/"fact" for graph backends; "chunk"/"summary"/"completion" for doc backends */
+    type: "node" | "fact" | "chunk" | "summary" | "completion";
+    /** Stable ID used by memory_forget. Must be unique within the backend. */
+    uuid: string;
+    group_id: string;
+    summary: string;
+    /** Human-readable context hint (entity names, dataset, etc.) */
+    context: string;
+    created_at: string;
+    /** Relevance score [0,1] when available */
+    score?: number;
+};
+/**
+ * Returned by store(). The fragmentId resolves to the UUID that will be
+ * registered in SpiceDB.
+ *
+ * - Graphiti: Resolves once the server has processed the episode (polled in the background).
+ *
+ * index.ts chains SpiceDB writeFragmentRelationships() to this Promise,
+ * so it always fires at the right time.
+ */
+export type StoreResult = {
+    fragmentId: Promise<string>;
+};
+/**
+ * A single conversation turn, used for episodic recall.
+ * Backends that don't support conversation history return [].
+ */
+export type ConversationTurn = {
+    query: string;
+    answer: string;
+    context?: string;
+    created_at?: string;
+};
+/**
+ * Minimal dataset descriptor for the CLI `datasets` command.
+ */
+export type BackendDataset = {
+    name: string;
+    /** Group ID this dataset maps to (backend-specific derivation) */
+    groupId: string;
+    /** Optional backend-specific dataset ID */
+    id?: string;
+};
+export interface MemoryBackend {
+    /** Human-readable backend name for logs and status output */
+    readonly name: string;
+    /**
+     * Ingest content into the group's storage partition.
+     * The returned StoreResult.fragmentId resolves when the backend has
+     * produced a stable UUID suitable for SpiceDB registration.
+     */
+    store(params: {
+        content: string;
+        groupId: string;
+        sourceDescription?: string;
+        customPrompt?: string;
+    }): Promise<StoreResult>;
+    /**
+     * Search within a single group's storage partition.
+     * Called in parallel per-group by searchAuthorizedMemories() in search.ts.
+     * Backends map their native result shape to SearchResult[].
+     */
+    searchGroup(params: {
+        query: string;
+        groupId: string;
+        limit: number;
+        sessionId?: string;
+    }): Promise<SearchResult[]>;
+    /**
+     * Optional backend-specific session enrichment, called from agent_end
+     * after store() for conversation auto-capture.
+     *
+     * Graphiti: no-op (addEpisode already handles episodic memory).
+     */
+    enrichSession?(params: {
+        sessionId: string;
+        groupId: string;
+        userMsg: string;
+        assistantMsg: string;
+    }): Promise<void>;
+    /**
+     * Retrieve conversation history for a session.
+     * Graphiti maps getEpisodes() to this shape.
+     * Backends that don't support it return [].
+     */
+    getConversationHistory(sessionId: string, lastN?: number): Promise<ConversationTurn[]>;
+    healthCheck(): Promise<boolean>;
+    getStatus(): Promise<Record<string, unknown>>;
+    /**
+     * Delete a group's entire storage partition.
+     * Used by `rebac-mem clear-group --confirm`.
+     */
+    deleteGroup(groupId: string): Promise<void>;
+    /**
+     * List all storage partitions (datasets/groups) managed by this backend.
+     */
+    listGroups(): Promise<BackendDataset[]>;
+    /**
+     * Delete a single memory fragment by UUID.
+     * Optional: not all backends support sub-dataset deletion.
+     * Returns true if deleted, false if the backend doesn't support it.
+     */
+    deleteFragment?(uuid: string): Promise<boolean>;
+    /**
+     * Discover fragment (fact/edge) UUIDs that were extracted from a stored episode.
+     * Called after store() resolves the episode ID to write per-fragment SpiceDB
+     * relationships with the correct fact-level UUIDs.
+     * Optional: not all backends separate episodes from fragments.
+     */
+    discoverFragmentIds?(episodeId: string): Promise<string[]>;
+    /**
+     * Register backend-specific CLI subcommands onto the shared `rebac-mem` command.
+     * Called once during CLI setup. Backend may register any commands it needs.
+     *
+     * Example: Graphiti registers episodes, fact, clear-graph
+     */
+    registerCliCommands?(cmd: Command): void;
+}

package/dist/backend.js

@@ -0,0 +1,11 @@
+/**
+ * MemoryBackend interface
+ *
+ * All storage-engine specifics live here. The rest of the plugin
+ * (SpiceDB auth, search orchestration, tool registration, CLI skeleton)
+ * is backend-agnostic and never imports from backends/.
+ *
+ * Implementing a new backend means satisfying this interface and adding
+ * an entry to the factory in config.ts. That's it.
+ */
+export {};

package/dist/backends/graphiti.d.ts

@@ -0,0 +1,72 @@
+/**
+ * GraphitiBackend — MemoryBackend implementation backed by the Graphiti FastAPI REST server.
+ *
+ * Graphiti communicates via standard HTTP REST endpoints.
+ * Episodes are processed asynchronously by Graphiti's LLM pipeline;
+ * the real server-side UUID is discovered by polling GET /episodes/{group_id}.
+ *
+ * store() returns immediately; fragmentId resolves once Graphiti finishes
+ * processing and the UUID becomes visible in the episodes list.
+ */
+import type { Command } from "commander";
+import type { MemoryBackend, SearchResult, StoreResult, ConversationTurn, BackendDataset } from "../backend.js";
+type GraphitiEpisode = {
+    uuid: string;
+    name: string;
+    content: string;
+    source_description: string;
+    group_id: string;
+    created_at: string;
+};
+type FactResult = {
+    uuid: string;
+    name: string;
+    fact: string;
+    valid_at: string | null;
+    invalid_at: string | null;
+    created_at: string;
+    expired_at: string | null;
+};
+export type GraphitiConfig = {
+    endpoint: string;
+    defaultGroupId: string;
+    uuidPollIntervalMs: number;
+    uuidPollMaxAttempts: number;
+    requestTimeoutMs?: number;
+    customInstructions: string;
+};
+export declare class GraphitiBackend implements MemoryBackend {
+    private readonly config;
+    readonly name = "graphiti";
+    readonly uuidPollIntervalMs: number;
+    readonly uuidPollMaxAttempts: number;
+    private readonly requestTimeoutMs;
+    constructor(config: GraphitiConfig);
+    private restCall;
+    store(params: {
+        content: string;
+        groupId: string;
+        sourceDescription?: string;
+        customPrompt?: string;
+    }): Promise<StoreResult>;
+    private resolveEpisodeUuid;
+    searchGroup(params: {
+        query: string;
+        groupId: string;
+        limit: number;
+        sessionId?: string;
+    }): Promise<SearchResult[]>;
+    getConversationHistory(sessionId: string, lastN?: number): Promise<ConversationTurn[]>;
+    healthCheck(): Promise<boolean>;
+    getStatus(): Promise<Record<string, unknown>>;
+    deleteGroup(groupId: string): Promise<void>;
+    listGroups(): Promise<BackendDataset[]>;
+    deleteFragment(uuid: string): Promise<boolean>;
+    getEpisodes(groupId: string, lastN: number): Promise<GraphitiEpisode[]>;
+    discoverFragmentIds(episodeId: string): Promise<string[]>;
+    getEntityEdge(uuid: string): Promise<FactResult>;
+    registerCliCommands(cmd: Command): void;
+}
+export declare const defaults: Record<string, unknown>;
+export declare function create(config: Record<string, unknown>): MemoryBackend;
+export {};

package/dist/backends/graphiti.js

@@ -0,0 +1,222 @@
+/**
+ * GraphitiBackend — MemoryBackend implementation backed by the Graphiti FastAPI REST server.
+ *
+ * Graphiti communicates via standard HTTP REST endpoints.
+ * Episodes are processed asynchronously by Graphiti's LLM pipeline;
+ * the real server-side UUID is discovered by polling GET /episodes/{group_id}.
+ *
+ * store() returns immediately; fragmentId resolves once Graphiti finishes
+ * processing and the UUID becomes visible in the episodes list.
+ */
+import { randomUUID } from "node:crypto";
+export class GraphitiBackend {
+    config;
+    name = "graphiti";
+    uuidPollIntervalMs;
+    uuidPollMaxAttempts;
+    requestTimeoutMs;
+    constructor(config) {
+        this.config = config;
+        this.uuidPollIntervalMs = config.uuidPollIntervalMs;
+        this.uuidPollMaxAttempts = config.uuidPollMaxAttempts;
+        this.requestTimeoutMs = config.requestTimeoutMs ?? 30000;
+    }
+    // --------------------------------------------------------------------------
+    // REST transport
+    // --------------------------------------------------------------------------
+    async restCall(method, path, body) {
+        const url = `${this.config.endpoint}${path}`;
+        const opts = {
+            method,
+            headers: { "Content-Type": "application/json" },
+            signal: AbortSignal.timeout(this.requestTimeoutMs),
+        };
+        if (body !== undefined) {
+            opts.body = JSON.stringify(body);
+        }
+        const response = await fetch(url, opts);
+        if (!response.ok) {
+            const text = await response.text().catch(() => "");
+            throw new Error(`Graphiti REST ${method} ${path} failed: ${response.status} ${text}`);
+        }
+        const ct = response.headers.get("content-type") ?? "";
+        if (ct.includes("application/json")) {
+            return (await response.json());
+        }
+        return {};
+    }
+    // --------------------------------------------------------------------------
+    // MemoryBackend implementation
+    // --------------------------------------------------------------------------
+    async store(params) {
+        const episodeName = `memory_${randomUUID()}`;
+        let effectiveBody = params.content;
+        if (params.customPrompt) {
+            effectiveBody = `[Extraction Instructions]\n${params.customPrompt}\n[End Instructions]\n\n${params.content}`;
+        }
+        const request = {
+            group_id: params.groupId,
+            messages: [
+                {
+                    name: episodeName,
+                    content: effectiveBody,
+                    timestamp: new Date().toISOString(),
+                    role_type: "user",
+                    role: "user",
+                    source_description: params.sourceDescription,
+                },
+            ],
+        };
+        await this.restCall("POST", "/messages", request);
+        // POST /messages returns 202 (async processing).
+        // Poll GET /episodes until the episode appears, then return its real UUID.
+        const fragmentId = this.resolveEpisodeUuid(episodeName, params.groupId);
+        fragmentId.catch(() => { }); // Prevent unhandled rejection if caller drops it
+        return { fragmentId };
+    }
+    async resolveEpisodeUuid(name, groupId) {
+        for (let i = 0; i < this.uuidPollMaxAttempts; i++) {
+            await new Promise((r) => setTimeout(r, this.uuidPollIntervalMs));
+            try {
+                const episodes = await this.getEpisodes(groupId, 50);
+                const match = episodes.find((ep) => ep.name === name);
+                if (match)
+                    return match.uuid;
+            }
+            catch {
+                // Transient error — keep polling
+            }
+        }
+        throw new Error(`Timed out resolving episode UUID for "${name}" in group "${groupId}"`);
+    }
+    async searchGroup(params) {
+        const { query, groupId, limit } = params;
+        const searchRequest = {
+            group_ids: [groupId],
+            query,
+            max_facts: limit,
+        };
+        const response = await this.restCall("POST", "/search", searchRequest);
+        const facts = response.facts ?? [];
+        return facts.map((f) => ({
+            type: "fact",
+            uuid: f.uuid,
+            group_id: groupId,
+            summary: f.fact,
+            context: f.name,
+            created_at: f.created_at,
+        }));
+    }
+    async getConversationHistory(sessionId, lastN = 10) {
+        const sessionGroup = `session-${sessionId.replace(/[^a-zA-Z0-9_-]/g, "-")}`;
+        try {
+            const episodes = await this.getEpisodes(sessionGroup, lastN);
+            return episodes.map((ep) => ({
+                query: ep.name,
+                answer: ep.content,
+                created_at: ep.created_at,
+            }));
+        }
+        catch {
+            return [];
+        }
+    }
+    async healthCheck() {
+        try {
+            const response = await fetch(`${this.config.endpoint}/healthcheck`, {
+                signal: AbortSignal.timeout(5000),
+            });
+            return response.ok;
+        }
+        catch {
+            return false;
+        }
+    }
+    async getStatus() {
+        return {
+            backend: "graphiti",
+            endpoint: this.config.endpoint,
+            healthy: await this.healthCheck(),
+        };
+    }
+    async deleteGroup(groupId) {
+        await this.restCall("DELETE", `/group/${encodeURIComponent(groupId)}`);
+    }
+    async listGroups() {
+        // Graphiti has no list-groups API; the CLI can query SpiceDB for this
+        return [];
+    }
+    async deleteFragment(uuid) {
+        await this.restCall("DELETE", `/episode/${encodeURIComponent(uuid)}`);
+        return true;
+    }
+    // --------------------------------------------------------------------------
+    // Graphiti-specific helpers (used by CLI commands and UUID polling)
+    // --------------------------------------------------------------------------
+    async getEpisodes(groupId, lastN) {
+        return this.restCall("GET", `/episodes/${encodeURIComponent(groupId)}?last_n=${lastN}`);
+    }
+    async discoverFragmentIds(episodeId) {
+        const edges = await this.restCall("GET", `/episodes/${encodeURIComponent(episodeId)}/edges`);
+        return edges.map((e) => e.uuid);
+    }
+    async getEntityEdge(uuid) {
+        return this.restCall("GET", `/entity-edge/${encodeURIComponent(uuid)}`);
+    }
+    // --------------------------------------------------------------------------
+    // Backend-specific CLI commands
+    // --------------------------------------------------------------------------
+    registerCliCommands(cmd) {
+        cmd
+            .command("episodes")
+            .description("[graphiti] List recent episodes for a group")
+            .option("--last <n>", "Number of episodes", "10")
+            .option("--group <id>", "Group ID")
+            .action(async (opts) => {
+            const groupId = opts.group ?? this.config.defaultGroupId;
+            const episodes = await this.getEpisodes(groupId, parseInt(opts.last));
+            console.log(JSON.stringify(episodes, null, 2));
+        });
+        cmd
+            .command("fact")
+            .description("[graphiti] Get a specific fact (entity edge) by UUID")
+            .argument("<uuid>", "Fact UUID")
+            .action(async (uuid) => {
+            try {
+                const fact = await this.getEntityEdge(uuid);
+                console.log(JSON.stringify(fact, null, 2));
+            }
+            catch (err) {
+                console.error(`Failed to get fact: ${err instanceof Error ? err.message : String(err)}`);
+            }
+        });
+        cmd
+            .command("clear-graph")
+            .description("[graphiti] Clear graph data for a group (destructive!)")
+            .option("--group <id...>", "Group ID(s)")
+            .option("--confirm", "Required safety flag", false)
+            .action(async (opts) => {
+            if (!opts.confirm) {
+                console.log("Destructive operation. Pass --confirm to proceed.");
+                return;
+            }
+            const groups = opts.group ?? [];
+            if (groups.length === 0) {
+                console.log("No groups specified. Use --group <id> to specify groups.");
+                return;
+            }
+            for (const g of groups) {
+                await this.deleteGroup(g);
+                console.log(`Cleared group: ${g}`);
+            }
+        });
+    }
+}
+// ============================================================================
+// Backend module exports (used by backends/registry.ts)
+// ============================================================================
+import graphitiDefaults from "./graphiti.defaults.json" with { type: "json" };
+export const defaults = graphitiDefaults;
+export function create(config) {
+    return new GraphitiBackend(config);
+}

package/dist/backends/registry.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Backend registry — statically imported from backends.json keys.
+ *
+ * To add a new backend:
+ *   1. Create backends/<name>.ts  (exports `defaults` and `create`)
+ *   2. Create backends/<name>.defaults.json
+ *   3. Import and register it here
+ */
+import type { MemoryBackend } from "../backend.js";
+export type BackendModule = {
+    create: (config: Record<string, unknown>) => MemoryBackend;
+    defaults: Record<string, unknown>;
+};
+export declare const backendRegistry: Readonly<Record<string, BackendModule>>;

package/dist/backends/registry.js

@@ -0,0 +1,12 @@
+/**
+ * Backend registry — statically imported from backends.json keys.
+ *
+ * To add a new backend:
+ *   1. Create backends/<name>.ts  (exports `defaults` and `create`)
+ *   2. Create backends/<name>.defaults.json
+ *   3. Import and register it here
+ */
+import * as graphiti from "./graphiti.js";
+export const backendRegistry = {
+    graphiti,
+};

package/dist/cli.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Shared CLI command registration for rebac-mem.
+ *
+ * Registers backend-agnostic commands (search, status, schema-write, groups,
+ * add-member, import) then calls backend.registerCliCommands() for
+ * backend-specific extensions (e.g., graphiti: episodes, fact, clear-graph).
+ *
+ * Used by both the OpenClaw plugin (index.ts) and the standalone CLI
+ * (bin/rebac-mem.ts).
+ */
+import type { Command } from "commander";
+import type { MemoryBackend } from "./backend.js";
+import type { SpiceDbClient } from "./spicedb.js";
+import type { RebacMemoryConfig } from "./config.js";
+import { type Subject } from "./authorization.js";
+export type CliContext = {
+    backend: MemoryBackend;
+    spicedb: SpiceDbClient;
+    cfg: RebacMemoryConfig;
+    currentSubject: Subject;
+    getLastWriteToken: () => string | undefined;
+};
+export declare function registerCommands(cmd: Command, ctx: CliContext): void;