@defai.digital/automatosx 12.8.7 → 13.1.3

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,cAAc,oBAAoB,CAAC"}

package/package.json

@@ -1,181 +1,56 @@
 {
   "name": "@defai.digital/automatosx",
-  "version": "12.8.7",
-  "description": "AI Agent Orchestration Platform with 20+ specialized agents, persistent memory, MCP server, and intelligent multi-provider routing for Claude Code, Gemini CLI, Codex CLI, GLM, Grok, and Qwen",
+  "version": "13.1.3",
+  "description": "AutomatosX CLI - AI-powered workflow automation (wrapper for @defai.digital/cli)",
   "type": "module",
-  "publishConfig": {
-    "access": "public"
-  },
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
   "bin": {
-    "automatosx": "dist/index.js",
-    "ax": "dist/index.js",
-    "automatosx-mcp": "dist/mcp/index.js"
-  },
-  "engines": {
-    "node": ">=24.0.0"
+    "automatosx": "./dist/bin.js"
   },
-  "packageManager": "pnpm@9.14.2",
-  "scripts": {
-    "prebuild:config": "node tools/prebuild-config.cjs",
-    "generate:claude-manifests": "tsx tools/generate-claude-manifests.ts",
-    "clean:dist": "node -e \"require('fs').rmSync('dist', { recursive: true, force: true })\"",
-    "build": "npm run clean:dist && npm run prebuild:config && tsup",
-    "build:sequential": "npm run clean:dist && npm run prebuild:config && tsup --config tsup.config.cli.ts && tsup --config tsup.config.mcp.ts",
-    "dev": "tsx src/cli/index.ts",
-    "test": "npm run test:unit && npm run test:integration && npm run test:smoke",
-    "test:unit": "vitest run tests/unit",
-    "test:integration": "vitest run tests/integration",
-    "test:all": "vitest run",
-    "test:ci": "vitest run --config vitest.config.ci.ts",
-    "test:release": "vitest run --config vitest.config.ci.ts",
-    "test:smoke": "bash tests/smoke/smoke-test.sh",
-    "test:real-providers": "bash tools/real-provider-test.sh",
-    "test:coverage": "vitest run --coverage",
-    "test:watch": "vitest watch",
-    "test:typecheck": "vitest typecheck --run",
-    "test:debug": "vitest --inspect-brk --no-coverage",
-    "test:memory": "node --expose-gc --max-old-space-size=4096 node_modules/.bin/vitest run",
-    "lint": "eslint src tests --ext .ts",
-    "lint:fix": "eslint src tests --ext .ts --fix",
-    "typecheck": "tsc --noEmit",
-    "typecheck:incremental": "tsc --noEmit --incremental",
-    "verify": "npm run typecheck:incremental && npm run build && npm run test:unit",
-    "prepublishOnly": "node tools/check-ci-env.js && npm run build && npm run typecheck && ([ -n \"$CI\" ] || npm run test:all)",
-    "prepack": "npm run build",
-    "postpack": "echo '✅ Package created successfully'",
-    "version": "node tools/sync-all-versions.js && git add README.md CLAUDE.md",
-    "version:patch": "npm version patch -m 'chore: bump version to %s'",
-    "version:minor": "npm version minor -m 'chore: bump version to %s'",
-    "version:major": "npm version major -m 'chore: bump version to %s'",
-    "version:beta": "npm version prerelease --preid=beta -m 'chore: bump version to %s'",
-    "version:rc": "npm version prerelease --preid=rc -m 'chore: bump version to %s'",
-    "sync:all-versions": "node tools/sync-all-versions.js",
-    "prerelease": "npm run sync:all-versions && npm run typecheck && npm run test:all",
-    "release:check": "node tools/check-release.js",
-    "check:size": "bash tools/check-package-size.sh",
-    "tools:check": "bash -c 'echo \"🔍 Checking shell scripts syntax...\"; for f in tools/*.sh; do echo \"  Checking $f...\"; bash -n \"$f\" && echo \"  ✓ $f OK\" || echo \"  ✗ $f FAILED\"; done; echo \"✅ All tools checked\"'",
-    "check:timers": "bash tools/check-timer-cleanup.sh",
-    "validate:native": "node tools/validate-native-modules.js",
-    "rebuild:native": "npm rebuild better-sqlite3 sqlite-vec",
-    "postinstall": "node tools/validate-native-modules.js || echo '⚠️  Native module validation failed. Run: npm run rebuild:native'",
-    "prepare": "[ -n \"$CI\" ] || husky",
-    "commit": "cz",
-    "release": "node tools/release.js",
-    "release:patch": "node tools/release.js patch",
-    "release:minor": "node tools/release.js minor",
-    "release:major": "node tools/release.js major",
-    "release:spec": "ax spec run examples/specs/automatosx-release.ax.yaml",
-    "release:standard": "commit-and-tag-version",
-    "release:beta": "commit-and-tag-version --prerelease beta",
-    "release:rc": "commit-and-tag-version --prerelease rc",
-    "release:first": "commit-and-tag-version --first-release"
-  },
-  "devDependencies": {
-    "@commitlint/cli": "^20.1.0",
-    "@commitlint/config-conventional": "^20.0.0",
-    "@eslint/js": "^9.39.1",
-    "@faker-js/faker": "^10.1.0",
-    "@types/better-sqlite3": "^7.6.13",
-    "@types/inquirer": "^9.0.9",
-    "@types/js-yaml": "^4.0.9",
-    "@types/node": "^24.7.1",
-    "@types/yargs": "^17.0.33",
-    "@vitest/coverage-v8": "^4.0.15",
-    "commit-and-tag-version": "^12.6.1",
-    "commitizen": "^4.3.1",
-    "cz-conventional-changelog": "^3.0.1",
-    "globals": "^16.5.0",
-    "husky": "^9.1.7",
-    "markdownlint-cli": "^0.46.0",
-    "memfs": "^4.51.1",
-    "msw": "^2.12.4",
-    "strip-ansi": "^7.1.0",
-    "tsup": "^8.0.0",
-    "tsx": "^4.7.0",
-    "typescript": "^5.3.0",
-    "typescript-eslint": "^8.49.0",
-    "vitest": "^4.0.15"
-  },
-  "dependencies": {
-    "@defai.digital/ax-cli": "^4.1.15",
-    "@iarna/toml": "^2.2.5",
-    "@openai/codex-sdk": "^0.65.0",
-    "ajv": "^8.17.1",
-    "ajv-formats": "^3.0.1",
-    "async-mutex": "^0.5.0",
-    "better-sqlite3": "^12.4.1",
-    "boxen": "^8.0.1",
-    "chalk": "^5.6.2",
-    "cli-table3": "^0.6.5",
-    "effect": "^3.19.3",
-    "find-up": "^8.0.0",
-    "glob": "^13.0.0",
-    "inquirer": "^13.0.0",
-    "js-yaml": "^4.1.0",
-    "openai": "^6.7.0",
-    "ora": "^9.0.0",
-    "sqlite-vec": "^0.1.7-alpha.2",
-    "yaml": "^2.8.1",
-    "yargs": "^18.0.0",
-    "zod": "^4.1.12"
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
   },
   "files": [
     "dist",
-    "examples",
-    "schema",
-    "templates",
-    ".github/assets",
-    "README.md",
-    "LICENSE",
-    "CHANGELOG.md",
-    "FAQ.md",
-    "TROUBLESHOOTING.md",
-    "MIGRATION.md",
-    "CODE_OF_CONDUCT.md",
-    "CONTRIBUTING.md",
-    "SECURITY.md"
+    "LICENSE"
   ],
+  "dependencies": {
+    "@defai.digital/cli": "13.1.3"
+  },
   "keywords": [
-    "multi-agent",
-    "openai",
-    "developer-tools",
-    "glm",
-    "grok",
-    "workflow-orchestration",
-    "ai-automation",
-    "ai-runtime",
-    "qwen",
-    "aicoding",
-    "agentic-framework",
-    "gemini-cli",
-    "claude-code",
-    "codex-cli"
+    "ai",
+    "llm",
+    "cli",
+    "automation",
+    "workflow",
+    "mcp",
+    "claude",
+    "gemini",
+    "codex"
   ],
-  "author": "AutomatosX Team",
+  "author": "DEFAI Private Limited",
   "license": "Apache-2.0",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/defai-digital/automatosx.git"
+    "url": "https://github.com/defai-digital/automatosx.git",
+    "directory": "packages/automatosx"
   },
+  "homepage": "https://github.com/defai-digital/automatosx#readme",
   "bugs": {
     "url": "https://github.com/defai-digital/automatosx/issues"
   },
-  "homepage": "https://automatosx.com",
-  "overrides": {
-    "esbuild": "^0.25.0",
-    "tmp": "^0.2.4",
-    "glob": "^13.0.0",
-    "@ax-cli/schemas": "zod@^3.23.8",
-    "@modelcontextprotocol/sdk": "^1.24.0"
+  "engines": {
+    "node": ">=20.0.0"
   },
-  "pnpm": {
-    "overrides": {
-      "tmp": "^0.2.4"
-    }
+  "publishConfig": {
+    "access": "public"
   },
-  "config": {
-    "commitizen": {
-      "path": "cz-conventional-changelog"
-    }
+  "scripts": {
+    "build": "tsc",
+    "clean": "rm -rf dist"
   }
-}
+}

package/CHANGELOG.md

@@ -1,81 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-## [12.3.0] - 2025-12-08
-
-### Fixed
-- **MCP Configuration for ax-glm & ax-grok**: Fixed `ax setup` to create MCP config files in the correct format and location
-  - Changed from legacy `mcp-config.json` to Claude Code format `.mcp.json`
-  - ax-cli loads MCP config with priority: `.ax-glm/.mcp.json` > `.ax-glm/mcp-config.json`
-  - Now ax-glm and ax-grok can properly connect to AutomatosX MCP server
-
-### Changed
-- Updated `setupGlmMCPConfig()` and `setupGrokMCPConfig()` to write `.mcp.json` in Claude Code format
-- MCP configuration now uses the recommended format: `{ "mcpServers": { "automatosx": { "command": "automatosx", "args": ["mcp", "server"] } } }`
-
-## [12.1.1] - 2025-12-07
-
-### Fixed
-- Security update: Updated tmp to 0.2.4+ via pnpm override (CVE-2025-54798)
-
-## [12.1.0] - 2025-12-07
-
-### Added
-- MCP-First Architecture redesign
-- Removed ax-cli dependency for direct provider integration
-
-## [11.3.4] - 2025-12-05
-
-### Added
-- Comprehensive iterate mode controller tests with multi-phase orchestration
-- Mock executor and provider helpers for improved test coverage
-- Budget enforcement tests for iteration and token limits
-
-### Changed
-- Enhanced executeWithIterate() with executor injection support
-- Improved test structure with Phase 3 & 4 orchestration tests
-- Better action handling tests for completion and pause scenarios
-
-### Fixed
-- Test alignment for handleResponse() behavior when state not initialized
-- Classification history tracking in multi-iteration execution
-
-## [11.3.3] - 2025-12-05
-
-### Added
-- New iterate mode auto-responder system with intelligent classification
-- Enhanced iterate mode controller with improved state management
-- Unit tests for iterate classifier and auto-responder components
-
-### Changed
-- Improved iterate classifier patterns for better accuracy
-- Enhanced iterate mode controller with better pause/resume handling
-- Updated setup command with additional configuration options
-
-### Fixed
-- Iterate mode pattern improvements for edge cases
-- Auto-response handling for confirmation prompts
-
-## [11.3.2] - 2025-12-04
-
-### Fixed
-- SDK bug fixes and resource management improvements
-
-## [11.3.1] - 2025-12-03
-
-### Added
-- Mode persistence across sessions
-- CLI shortcuts for common operations
-
-### Fixed
-- Various bug fixes
-
-## [11.3.0] - 2025-12-02
-
-### Added
-- Embedded Instructions System
-- Orchestration Service
-- Token budget management
-
-For earlier versions, see the git history.

package/SECURITY.md

@@ -1,173 +0,0 @@
-# Security Policy
-
-## Supported Versions
-
-| Version | Supported          |
-| ------- | ------------------ |
-| 11.0.x  | :white_check_mark: |
-| < 11.0  | :x:                |
-
-## Package Provenance
-
-All AutomatosX releases are published with npm provenance, which:
-
-- Verifies packages were built in our GitHub Actions environment
-- Links each package to its source code commit
-- Provides cryptographic proof of authenticity
-- Follows [SLSA Build Level 2](https://slsa.dev/spec/v1.0/levels)
-
-### Verify Provenance
-
-```bash
-npm view @defai.digital/automatosx --json | jq .dist.attestations
-```
-
-## Reporting a Vulnerability
-
-We take security vulnerabilities seriously. **Please DO NOT open a public GitHub issue for security vulnerabilities.**
-
-### How to Report
-
-1. **Email**: Send details to [support@defai.digital](mailto:support@defai.digital)
-   - Use subject line: `[SECURITY] Brief description`
-
-2. **GitHub Security Advisory**: https://github.com/defai-digital/automatosx/security/advisories/new
-
-### What to Include
-
-- **Type of vulnerability** (e.g., command injection, XSS, SQL injection)
-- **Affected component** (file path and line number if possible)
-- **Steps to reproduce** (detailed reproduction steps)
-- **Proof of concept** (code snippet or screenshot)
-- **Impact assessment** (what an attacker could achieve)
-- **Suggested fix** (if you have one)
-
-### Response Timeline
-
-- **Initial Response**: Within 48 hours
-- **Status Update**: Within 7 days
-- **Fix Timeline**: Depends on severity
-  - Critical: 7-14 days
-  - High: 14-30 days
-  - Medium: 30-60 days
-  - Low: Next release cycle
-
-### Disclosure Policy
-
-- We follow **coordinated disclosure**
-- We'll credit you in the security advisory (unless you prefer anonymity)
-- We'll publish a security advisory after the fix is released
-- Please allow us reasonable time to fix before public disclosure
-
-## Security Best Practices
-
-### For Users
-
-#### 1. Environment Variables
-
-Never commit sensitive data to the repository:
-
-```bash
-# Store API keys in .env (already in .gitignore)
-ANTHROPIC_API_KEY=your-key-here
-OPENAI_API_KEY=your-key-here
-GOOGLE_API_KEY=your-key-here
-```
-
-#### 2. Provider CLI Security
-
-- Install provider CLIs from official sources only
-- Keep provider CLIs updated to latest versions
-- Review provider CLI permissions and capabilities
-
-#### 3. Agent Profiles
-
-- Review agent profiles before running (`~/.automatosx/agents/`)
-- Be cautious with custom agents from untrusted sources
-- Agents can execute code - only use trusted profiles
-
-#### 4. File Operations
-
-AutomatosX respects path validation settings in `ax.config.json`:
-
-```json
-{
-  "advanced": {
-    "security": {
-      "pathValidation": true,
-      "allowedExtensions": [".js", ".ts", ".py", ".md", ".json", ".yaml"]
-    }
-  }
-}
-```
-
-#### 5. Package Security
-
-- Always use the latest stable version
-- Verify package provenance before installation
-- Use `npm ci` instead of `npm install` in CI/CD
-- Enable dependency scanning (Dependabot)
-- Review the GitHub Releases (https://github.com/defai-digital/automatosx/releases) for security updates
-
-#### 6. Memory Database
-
-- Memory is stored locally in `.automatosx/memory/memories.db`
-- Contains conversation history and context
-- Backup regularly if it contains important data
-- Never commit to version control
-
-## Known Security Considerations
-
-### Command Injection Protection
-
-- Provider names are whitelisted (`BaseProvider.ALLOWED_PROVIDER_NAMES`)
-- Path validation enabled by default
-- SQL injection prevented via prepared statements
-
-### Data Privacy
-
-- All data stored locally by default
-- No telemetry sent to AutomatosX servers
-- AI provider calls respect your privacy settings
-- Review each provider's privacy policy
-
-### Supply Chain Security
-
-- Dependencies audited regularly via `npm audit`
-- Native modules (`better-sqlite3`, `sqlite-vec`) from trusted sources
-- Lock file (`package-lock.json`) committed to repo
-
-## Security Updates
-
-Security updates are published via:
-
-1. **GitHub Security Advisories**
-2. **Release notes** in `GitHub Releases (https://github.com/defai-digital/automatosx/releases)`
-3. **npm security advisories**
-
-To stay informed:
-
-```bash
-# Check for updates
-npm outdated -g @defai.digital/automatosx
-
-# Update to latest
-npm update -g @defai.digital/automatosx
-```
-
-## Security Hall of Fame
-
-We appreciate security researchers who help make AutomatosX safer:
-
-- *Be the first to responsibly disclose a vulnerability!*
-
-## Questions?
-
-If you have questions about security but don't have a vulnerability to report:
-
-- Open a [GitHub Discussion](https://github.com/defai-digital/AutomatosX/discussions)
-- Email us at [support@defai.digital](mailto:support@defai.digital)
-
----
-
-**Thank you for helping keep AutomatosX and our users safe!**

package/dist/mcp/index.d.ts

@@ -1,2 +0,0 @@
-
-export {  }