@dashclaw/cli 0.2.0 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md ADDED
@@ -0,0 +1,179 @@
1
+ # @dashclaw/cli
2
+
3
+ Terminal client for [DashClaw](https://dashclaw.io) — approve agent actions and diagnose your instance without leaving the shell.
4
+
5
+ ## Install
6
+
7
+ ```bash
8
+ npm install -g @dashclaw/cli
9
+ ```
10
+
11
+ ## Configure
12
+
13
+ The CLI resolves config in this order:
14
+
15
+ 1. Environment variables (`DASHCLAW_BASE_URL`, `DASHCLAW_API_KEY`, optional `DASHCLAW_AGENT_ID`)
16
+ 2. Saved config at `~/.dashclaw/config.json` (mode `600`)
17
+ 3. Interactive prompt (first run)
18
+
19
+ On first run, if neither env vars nor a saved config are present, the CLI walks you through setup and offers to save the values to `~/.dashclaw/config.json`. Env vars always override saved values.
20
+
21
+ ```bash
22
+ # Option A: env vars (one-shot or CI)
23
+ export DASHCLAW_BASE_URL="https://your-dashclaw.example.com"
24
+ export DASHCLAW_API_KEY="oc_live_..."
25
+
26
+ # Option B: interactive first run (persists)
27
+ dashclaw doctor
28
+ # → DashClaw instance URL: ...
29
+ # → API key: ********
30
+ # → Save to ~/.dashclaw/config.json? [Y/n]
31
+
32
+ # Later: remove the saved config
33
+ dashclaw logout
34
+ ```
35
+
36
+ Optionally set `DASHCLAW_AGENT_ID` (defaults to `cli-operator`) for audit attribution.
37
+
38
+ ## Commands
39
+
40
+ ### `dashclaw approvals`
41
+
42
+ Interactive inbox for all pending approval requests. Use arrow keys to navigate, `A` to approve, `D` to deny, `O` to open the replay link, `Q` to quit.
43
+
44
+ ### `dashclaw approve <actionId>`
45
+
46
+ Approve a single action by ID.
47
+
48
+ ```bash
49
+ dashclaw approve act_01h... --reason "Verified change window"
50
+ ```
51
+
52
+ ### `dashclaw deny <actionId>`
53
+
54
+ Deny a single action by ID.
55
+
56
+ ```bash
57
+ dashclaw deny act_01h... --reason "Outside change window"
58
+ ```
59
+
60
+ ### `dashclaw install claude`
61
+
62
+ Provision DashClaw governance into Claude Code without cloning the repo.
63
+
64
+ ```bash
65
+ dashclaw install claude # prompts for endpoint + API key
66
+ dashclaw install claude --endpoint <url> --key <oc_live_...>
67
+ dashclaw install claude --trial # browser signup on a hosted instance, paste the key
68
+ ```
69
+
70
+ Flow: preflight (`/api/health` + an authenticated read — nothing is written until it passes), hooks downloaded from your instance's `/downloads/dashclaw-claude-code-hooks.zip` (or copied from a repo checkout), `python3`/`python` resolved automatically, managed hook entries merged into `~/.claude/settings.json` (`.dashclaw-bak` backup, replace-on-reinstall), credentials written to `~/.dashclaw/claude-hooks/.env` (mode 600 — no secret lands in settings.json). Installs in **observe mode**; flip to enforce by setting `DASHCLAW_HOOK_MODE=enforce` in that `.env`. For `--trial`, set `DASHCLAW_HOSTED_URL` (or `--endpoint`) to the hosted instance if it isn't prompted.
71
+
72
+ ### `dashclaw cost`
73
+
74
+ Spend readback from `GET /api/finops/spend` — your own Claude Code cost or the fleet rollup, straight from the terminal.
75
+
76
+ ```bash
77
+ dashclaw cost # Claude Code spend, last 7 days (defaults)
78
+ dashclaw cost --lens claude-code --period 30d
79
+ dashclaw cost --lens fleet --period 90d # agent LLM cost + x402 purchases
80
+ ```
81
+
82
+ Outputs an aligned table (total, sessions, cache savings, by-project breakdown for the Claude-Code lens; Agent LLM / x402 / Total for the Fleet lens) plus a one-line summary. Unconfigured exits non-zero with a `dashclaw install claude` hint; bad `--lens`/`--period` values are rejected with usage text.
83
+
84
+ ### `dashclaw doctor`
85
+
86
+ Diagnose your DashClaw instance and auto-fix safe issues. Checks database, configuration, auth, deployment, SDK reachability, and governance.
87
+
88
+ ```bash
89
+ dashclaw doctor # rich terminal output, auto-fix what it can
90
+ dashclaw doctor --json # JSON output for CI/scripts
91
+ dashclaw doctor --no-fix # diagnose only
92
+ dashclaw doctor --category database,config
93
+ ```
94
+
95
+ The CLI invokes your instance's `/api/doctor` endpoints, so fixes that need filesystem access (env writes) are handled separately by self-hosters running `npm run doctor` locally.
96
+
97
+ ### `dashclaw code`
98
+
99
+ Subcommand group for Code Sessions (Claude Code analytics, ported from AgentLens). Three actions:
100
+
101
+ ```bash
102
+ dashclaw code ingest # walk ~/.claude/projects and POST every .jsonl
103
+ dashclaw code ingest --dry-run # preview the file list and payload shape without POSTing
104
+ dashclaw code ingest --projects-dir <p> # override the default projects directory (also reads $CLAUDE_PROJECTS_DIR)
105
+
106
+ dashclaw code memo --project <slug> # show the most recent weekly memo for a project
107
+ dashclaw code memo --project <slug> --save # write the memo to ./memos/<iso-week>.md
108
+
109
+ dashclaw code apply <manifest-id> --dest=<project-cwd> # apply an Optimal Files manifest locally
110
+ dashclaw code apply <manifest-id> --dest=<project-cwd> --dry-run
111
+ ```
112
+
113
+ `ingest` stream-reads each session JSONL line-by-line and ships raw lines; large request bodies are brotli-compressed on the wire (via the `x-dashclaw-encoding: br` header — no base64 inflation) to fit Vercel's 4.5 MB per-request limit. It retries 429s and 5xxs with exponential backoff and throttles 150 ms between POSTs. Files over 40 MB raw are skipped with a `too_large` log entry. Never logs raw transcript content.
114
+
115
+ There is also `dashclaw code ingest-codex [--dry-run]`, which backfills Codex CLI transcripts from `~/.codex/sessions` (`--sessions-dir <path>` to override; `--out <dir>` for the local output directory).
116
+
117
+ `apply` fetches a manifest from `/api/code-sessions/manifests/<id>`, re-runs the secret scan, and writes the bundled files to `--dest`. Existing files get a three-way merge via the section-aware markdown merger; new files are written directly. Refuses any path outside `--dest` (path-traversal guard).
118
+
119
+ ### `dashclaw install codex`
120
+
121
+ Provision DashClaw governance into the Codex CLI: writes an AGENTS.md governance block into the target project and (optionally) wires Codex's notify config.
122
+
123
+ ```bash
124
+ dashclaw install codex --project <path> # default: current directory
125
+ dashclaw install codex --approval-policy on-request
126
+ dashclaw install codex --include-notify # also wire notify → dashclaw codex notify
127
+ ```
128
+
129
+ ### `dashclaw codex notify '<json>'`
130
+
131
+ Records a Codex turn-complete event as a DashClaw action record. Called by Codex's notify config (wired by `install codex --include-notify`); always exits 0 so Codex never sees an error from the spawn.
132
+
133
+ ### `dashclaw prompts`
134
+
135
+ Prompt-library client: `list [--category C]`, `get <id>`, `versions <id>`, `render <templateId> [--version-id <vid>] [--var key=value] [--record]`, `create --name N --description D --category C` (admin), `add-version <id> --content C` (admin), `activate <id> <vid>` (admin), `stats [--template-id X]`.
136
+
137
+ ### `dashclaw inbox`
138
+
139
+ Agent message inbox: `inbox list [--unread] [--limit N]`, `inbox read <id> [...]`, `inbox archive <id> [...]`.
140
+
141
+ ### `dashclaw behavior`
142
+
143
+ Behavior Learning readback: `behavior status` (local recorder sample counts) and `behavior suggestions [--agent-id <id>]` (evidence-backed policy suggestions).
144
+
145
+ ### `dashclaw posture` / `dashclaw next`
146
+
147
+ `posture` prints the governance posture score and the remediation queue; `posture resolve <key> [--snooze | --accept-risk] [--note "..."]` dispositions a finding. `next` prints the single top open governance gap and its fix.
148
+
149
+ ### `dashclaw env`
150
+
151
+ Run a command with managed secrets injected in-memory (values never touch disk or the terminal):
152
+
153
+ ```bash
154
+ dashclaw env [--agent <id>] -- node my-agent.js # inject managed secrets into the child env
155
+ dashclaw env # list secret NAMES + count (never values)
156
+ ```
157
+
158
+ Fail-closed: if the secrets fetch fails, the child is not spawned.
159
+
160
+ ### `dashclaw logout`
161
+
162
+ Remove the saved config at `~/.dashclaw/config.json`.
163
+
164
+ ### `dashclaw version`
165
+
166
+ Print the CLI version (`--version` / `-v` also work).
167
+
168
+ ### `dashclaw help`
169
+
170
+ Show all commands and flags.
171
+
172
+ ## Exit codes
173
+
174
+ - `0` — healthy
175
+ - `1` — warnings present, failures, or the instance was unreachable
176
+
177
+ ## License
178
+
179
+ MIT.