@dirxai/cli 0.1.0 → 0.2.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 DirX AI
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,101 +1,91 @@
 # DirX — Unified Gateway & CLI for Agents
 
-DirX provides a single CLI that lets AI agents **discover**, **navigate**, and **execute** across any API — GitHub, OpenAI, custom services, and more.
+[![npm version](https://img.shields.io/npm/v/@dirxai/cli.svg)](https://www.npmjs.com/package/@dirxai/cli)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 
-```
-dirx ls /                          # discover registered services
-dirx cat /net/api.github.com       # read service info
-dirx grep "issues" api.github.com  # search endpoints
-dirx write /net/api.github.com/owner/repo/issues --json '{"title":"Bug"}'
-dirx bash 'cat /net | cat /net/api.github.com'
-```
+DirX gives AI agents a unified, file-system-like interface to discover and interact with internet APIs — with built-in governance, access control, and auditing.
 
 ## Install
 
-### npm (recommended)
-
 ```bash
 npm install -g @dirxai/cli
 ```
 
-### Homebrew (macOS/Linux)
+## Quick Start
 
 ```bash
-brew tap dirxai/dirx
-brew install dirx
-```
+# Authenticate with the gateway
+dirx auth
 
-### Binary download
+# Browse the API directory
+dirx ls /
+dirx ls /net/
 
-Download from [Releases](https://github.com/dirxai/dirx/releases) and add to your PATH.
+# Read service descriptions
+dirx cat /net/api.github.com/DIR.md
 
-| Platform | Archive |
-|----------|---------|
-| macOS ARM64 | `dirx-aarch64-apple-darwin.tar.gz` |
-| macOS x86_64 | `dirx-x86_64-apple-darwin.tar.gz` |
-| Linux x86_64 | `dirx-x86_64-unknown-linux-gnu.tar.gz` |
+# Search across services
+dirx grep "weather" /net/
 
-Install:
+# Write data
+dirx write /net/api.example.com/data -d '{"key": "value"}'
 
-```bash
-tar xzf dirx-*.tar.gz
-sudo mv dirx /usr/local/bin/
+# Manage API keys (BYOK)
+dirx keys set api.github.com --token ghp_xxxx --sync
 ```
 
-## Quick Start
-
-```bash
-# 1. Authenticate
-dirx auth --server https://api.dirx.ai --json '{}'
+## Commands
 
-# 2. Browse
-dirx ls /
-dirx ls /net
+### Agent Commands
 
-# 3. Read
-dirx cat /net/api.github.com
+| Command | Description |
+|---------|-------------|
+| `dirx ls <path>` | List directory contents |
+| `dirx cat <path>` | Read file contents |
+| `dirx write <path>` | Write data |
+| `dirx edit <path>` | Partial update |
+| `dirx rm <path>` | Remove a resource |
+| `dirx grep <pattern> <path>` | Search across services |
+| `dirx bash <pipeline>` | Execute multi-step pipeline |
 
-# 4. Search
-dirx grep "pull requests"
+### Developer Tools
 
-# 5. Manage API keys (BYOK)
-dirx keys set api.github.com --token ghp_your_token
-dirx keys list
+| Command | Description |
+|---------|-------------|
+| `dirx init [dir]` | Initialize DirX in a project |
+| `dirx generate [dir]` | Scan and detect route definitions |
+| `dirx generate --register` | Scan and auto-register with the gateway |
+| `dirx claim <domain>` | Claim domain via DNS verification |
+| `dirx register` | Register DIR.md with the gateway |
 
-# 6. Pipeline
-dirx bash 'cat /net/api.github.com | write /log'
-```
+### Configuration
 
-## For Service Developers
+| Command | Description |
+|---------|-------------|
+| `dirx auth` | Authenticate with the gateway |
+| `dirx keys set <domain>` | Set an API key |
+| `dirx keys list` | List stored keys |
+| `dirx keys remove <domain>` | Remove a key |
+| `dirx status` | Show CLI config and auth status |
 
-Register your API with DirX:
+## Environment Variables
 
-```bash
-dirx init my-service/        # generate DIR.md + dir.json
-dirx claim api.example.com   # start domain verification
-dirx claim api.example.com --verify  # complete verification
-dirx register --domain api.example.com  # publish to registry
-```
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `DIRX_GATEWAY_URL` | Gateway URL | `https://api.dirx.ai` |
+| `DIRX_TOKEN` | Agent token | — |
+| `DIRX_HOME` | Config directory | `~/.dirx` |
 
-## Architecture
+## Development
 
+```bash
+git clone https://github.com/dirxai/dirx.git
+cd dirx
+npm install
+npm run build
+npm run lint
 ```
-CLI (Rust) ──HTTP──▶ DirX Server (Go) ──▶ Adapters ──▶ External APIs
-                     │ Registry          │ GitHub
-                     │ Router            │ OpenAI
-                     │ Auth (JWKS)       │ Custom...
-                     │ Policy
-                     │ Audit
-                     │ BYOK
-                     │ Search
-```
-
-## Documentation
-
-- [dirx.ai](https://dirx.ai) — official site
-- [API Reference](https://dirx.ai/docs/api)
-- [Developer Guide](https://dirx.ai/docs/developers)
 
 ## License
 
-MIT
+MIT

package/dist/index.js

@@ -0,0 +1,985 @@
+#!/usr/bin/env node
+import { readFileSync, existsSync, mkdirSync, writeFileSync, readdirSync, statSync, chmodSync } from 'fs';
+import { dirname, resolve, join, extname, relative } from 'path';
+import { homedir } from 'os';
+import { readFile } from 'fs/promises';
+import { fileURLToPath } from 'url';
+import { Command } from 'commander';
+
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/credentials.ts
+var credentials_exports = {};
+__export(credentials_exports, {
+  getAgentToken: () => getAgentToken,
+  getToken: () => getToken,
+  saveAgentToken: () => saveAgentToken,
+  saveToken: () => saveToken
+});
+function credentialsPath() {
+  const dirxHome = process.env.DIRX_HOME ?? join(homedir(), ".dirx");
+  return join(dirxHome, "credentials.json");
+}
+function loadStore() {
+  try {
+    const text = readFileSync(credentialsPath(), "utf-8");
+    return JSON.parse(text);
+  } catch {
+    return {};
+  }
+}
+function saveStore(store) {
+  const filePath = credentialsPath();
+  const dir = join(filePath, "..");
+  mkdirSync(dir, { recursive: true });
+  writeFileSync(filePath, JSON.stringify(store, null, 2));
+  try {
+    chmodSync(filePath, 384);
+  } catch {
+  }
+}
+function decodeJwtPayload(token) {
+  try {
+    const parts = token.split(".");
+    if (parts.length !== 3) return {};
+    const payload = JSON.parse(
+      Buffer.from(parts[1], "base64url").toString("utf-8")
+    );
+    return { iat: payload.iat, exp: payload.exp };
+  } catch {
+    return {};
+  }
+}
+async function saveAgentToken(gatewayUrl, token) {
+  const store = loadStore();
+  const { iat, exp } = decodeJwtPayload(token);
+  store.agentToken = {
+    gatewayUrl,
+    token,
+    issuedAt: iat,
+    expiresAt: exp
+  };
+  saveStore(store);
+}
+async function getAgentToken() {
+  const store = loadStore();
+  if (!store.agentToken) return null;
+  if (store.agentToken.expiresAt) {
+    const now = Math.floor(Date.now() / 1e3);
+    if (now >= store.agentToken.expiresAt) return null;
+  }
+  return store.agentToken;
+}
+async function saveToken(domain, token) {
+  const store = loadStore();
+  const { iat, exp } = decodeJwtPayload(token);
+  if (!store.tokens) store.tokens = {};
+  store.tokens[domain] = { token, issuedAt: iat, expiresAt: exp };
+  saveStore(store);
+}
+async function getToken(domain) {
+  const store = loadStore();
+  const entry = store.tokens?.[domain];
+  if (!entry) return null;
+  if (entry.expiresAt) {
+    const now = Math.floor(Date.now() / 1e3);
+    if (now >= entry.expiresAt) return null;
+  }
+  return entry.token;
+}
+var init_credentials = __esm({
+  "src/credentials.ts"() {
+  }
+});
+
+// src/commands/auth.ts
+var auth_exports = {};
+__export(auth_exports, {
+  runAuth: () => runAuth
+});
+async function runAuth(opts) {
+  const gatewayUrl = opts.gatewayUrl ?? process.env.DIRX_GATEWAY_URL ?? "https://api.dirx.ai";
+  const sub = `agent-${Date.now()}`;
+  const res = await fetch(`${gatewayUrl.replace(/\/$/, "")}/auth/token`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      sub,
+      svc: "gateway",
+      roles: ["agent"],
+      expiresIn: "24h"
+    })
+  });
+  if (!res.ok) {
+    const body = await res.text();
+    throw new Error(`Auth failed (${res.status}): ${body}`);
+  }
+  const { token } = await res.json();
+  await saveAgentToken(gatewayUrl, token);
+  console.log("Authenticated with gateway");
+  console.log(`  Token saved to ~/.dirx/credentials.json`);
+  console.log(`  Gateway: ${gatewayUrl}`);
+}
+var init_auth = __esm({
+  "src/commands/auth.ts"() {
+    init_credentials();
+  }
+});
+
+// src/commands/init.ts
+var init_exports = {};
+__export(init_exports, {
+  runInit: () => runInit
+});
+async function runInit(dir) {
+  const target = dir === "." ? process.cwd() : dir;
+  const dirMdPath = join(target, "DIR.md");
+  const dirJsonPath = join(target, "dir.json");
+  if (existsSync(dirMdPath)) {
+    console.log(`Already initialized: ${dirMdPath} exists`);
+    return;
+  }
+  const { lang, framework } = detectFramework(target);
+  mkdirSync(target, { recursive: true });
+  const mdContent = [
+    "# My Service",
+    "",
+    "Describe your service here.",
+    "",
+    "## Stack",
+    "",
+    `- Language: ${lang}`,
+    `- Framework: ${framework}`,
+    "",
+    "## Endpoints",
+    "",
+    "- `GET /` \u2014 health check",
+    ""
+  ].join("\n");
+  const jsonContent = {
+    title: "My Service",
+    description: "A DirX-compatible service",
+    base_url: "https://api.example.com",
+    actions: ["ls", "read"],
+    endpoints: [
+      { path: "/", method: "GET", description: "Health check" }
+    ]
+  };
+  writeFileSync(dirMdPath, mdContent);
+  writeFileSync(dirJsonPath, JSON.stringify(jsonContent, null, 2));
+  console.log(`Initialized DirX project in ${target}`);
+  console.log(`  Detected: ${lang} / ${framework}`);
+  console.log(`  Created: DIR.md, dir.json`);
+  console.log(`
+Next steps:`);
+  console.log(`  1. Edit DIR.md to describe your service`);
+  console.log(`  2. Run 'dirx generate' to scan routes`);
+  console.log(`  3. Run 'dirx register --domain <your-domain>' to publish`);
+}
+function detectFramework(target) {
+  if (existsSync(join(target, "Cargo.toml"))) {
+    return { lang: "rust", framework: "axum" };
+  }
+  if (existsSync(join(target, "go.mod"))) {
+    return { lang: "go", framework: "net/http" };
+  }
+  if (existsSync(join(target, "package.json"))) {
+    if (existsSync(join(target, "next.config.js")) || existsSync(join(target, "next.config.mjs"))) {
+      return { lang: "node", framework: "nextjs" };
+    }
+    return { lang: "node", framework: "express" };
+  }
+  if (existsSync(join(target, "requirements.txt")) || existsSync(join(target, "pyproject.toml"))) {
+    return { lang: "python", framework: "fastapi" };
+  }
+  return { lang: "unknown", framework: "generic" };
+}
+var init_init = __esm({
+  "src/commands/init.ts"() {
+  }
+});
+
+// src/commands/register.ts
+var register_exports = {};
+__export(register_exports, {
+  runRegister: () => runRegister
+});
+async function runRegister(options) {
+  const projectDir = options.dir ?? process.cwd();
+  const gatewayUrl = options.gatewayUrl ?? process.env.DIRX_GATEWAY_URL ?? "https://api.dirx.ai";
+  const domain = options.domain ?? process.env.DIRX_DOMAIN;
+  if (!domain) {
+    throw new Error(
+      "Domain is required. Use --domain or DIRX_DOMAIN env var."
+    );
+  }
+  const token = await resolveToken({
+    token: options.token,
+    domain,
+    gatewayUrl
+  });
+  const dirMdPath = join(projectDir, "DIR.md");
+  let dirMd;
+  try {
+    dirMd = await readFile(dirMdPath, "utf-8");
+  } catch {
+    throw new Error(
+      `DIR.md not found at ${dirMdPath}. Run 'dirx init' first.`
+    );
+  }
+  if (!dirMd.trim()) {
+    throw new Error(`DIR.md is empty at ${dirMdPath}`);
+  }
+  const baseUrl = gatewayUrl.replace(/\/$/, "");
+  const url = `${baseUrl}/registry/services?domain=${encodeURIComponent(domain)}`;
+  const res = await fetch(url, {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${token}`,
+      "Content-Type": "text/markdown"
+    },
+    body: dirMd
+  });
+  if (!res.ok) {
+    const body = await res.text();
+    throw new Error(`Registration failed (${res.status}): ${body}`);
+  }
+  const result = await res.json();
+  console.log(`Registered ${result.name} as ${result.domain}`);
+}
+async function resolveToken(options) {
+  if (options.token) return options.token;
+  if (process.env.DIRX_PUBLISH_TOKEN) return process.env.DIRX_PUBLISH_TOKEN;
+  if (options.domain) {
+    const stored = await getToken(options.domain);
+    if (stored) return stored;
+    const gw = options.gatewayUrl ?? process.env.DIRX_GATEWAY_URL;
+    if (gw) {
+      const renewed = await renewToken(gw, options.domain);
+      if (renewed) return renewed;
+    }
+  }
+  throw new Error(
+    "No auth token found. Use `dirx claim <domain>` to obtain a publish token, or provide --token."
+  );
+}
+async function renewToken(gatewayUrl, domain) {
+  const baseUrl = gatewayUrl.replace(/\/$/, "");
+  try {
+    const res = await fetch(`${baseUrl}/domains/verify`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ domain })
+    });
+    if (!res.ok) return null;
+    const data = await res.json();
+    if (!data.publishToken) return null;
+    await saveToken(domain, data.publishToken);
+    console.log(`Token renewed for ${domain}`);
+    return data.publishToken;
+  } catch {
+    return null;
+  }
+}
+var init_register = __esm({
+  "src/commands/register.ts"() {
+    init_credentials();
+  }
+});
+
+// src/commands/generate.ts
+var generate_exports = {};
+__export(generate_exports, {
+  runGenerate: () => runGenerate
+});
+async function runGenerate(dir, opts) {
+  const target = dir === "." ? process.cwd() : dir;
+  const dirJsonPath = join(target, "dir.json");
+  if (!existsSync(dirJsonPath)) {
+    console.error(
+      `dir.json not found in ${target}. Run 'dirx init' first.`
+    );
+    process.exitCode = 1;
+    return;
+  }
+  const { framework } = detectFrameworkFromPackage(target);
+  const patterns = getRoutePatterns(framework);
+  const routes = [];
+  if (patterns.length > 0) {
+    scanDir(target, target, patterns, framework, routes, 0);
+  }
+  console.log(`Scanned ${target} (${framework})`);
+  if (routes.length > 0) {
+    console.log(`
+Found ${routes.length} file(s) with route definitions:
+`);
+    for (const r of routes) {
+      console.log(`  ${r.file}  (${r.framework})`);
+    }
+  } else {
+    console.log(`
+No route definitions detected.`);
+  }
+  console.log(`
+Edit DIR.md and dir.json to describe your API.`);
+  if (opts?.register) {
+    console.log(`
+Registering with gateway...`);
+    const { runRegister: runRegister2 } = await Promise.resolve().then(() => (init_register(), register_exports));
+    await runRegister2({
+      gatewayUrl: opts.gatewayUrl,
+      token: opts.token,
+      domain: opts.domain,
+      dir: target
+    });
+  }
+}
+function detectFrameworkFromPackage(target) {
+  const pkgPath = join(target, "package.json");
+  if (existsSync(pkgPath)) {
+    try {
+      const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
+      const deps = {
+        ...pkg.dependencies,
+        ...pkg.devDependencies
+      };
+      if (deps.next) return { framework: "nextjs" };
+      if (deps.hono) return { framework: "hono" };
+      if (deps.fastify) return { framework: "fastify" };
+      if (deps.express) return { framework: "express" };
+    } catch {
+    }
+  }
+  if (existsSync(join(target, "go.mod")))
+    return { framework: "go" };
+  if (existsSync(join(target, "Cargo.toml")))
+    return { framework: "axum" };
+  if (existsSync(join(target, "requirements.txt")) || existsSync(join(target, "pyproject.toml")))
+    return { framework: "fastapi" };
+  return { framework: "generic" };
+}
+function getRoutePatterns(framework) {
+  switch (framework) {
+    case "express":
+    case "hono":
+    case "fastify":
+      return [".get(", ".post(", ".put(", ".delete(", ".patch(", "router."];
+    case "nextjs":
+      return ["export default", "export async function"];
+    case "fastapi":
+      return ["@app.get", "@app.post", "@app.put", "@app.delete", "@router."];
+    case "go":
+      return ["HandleFunc(", "Get(", "Post(", "Put(", "Delete(", "r.Route("];
+    case "axum":
+      return [".route(", ".get(", ".post(", ".put(", ".delete("];
+    default:
+      return [];
+  }
+}
+function scanDir(root, dir, patterns, framework, routes, depth) {
+  if (depth > MAX_SCAN_DEPTH) return;
+  let entries;
+  try {
+    entries = readdirSync(dir);
+  } catch {
+    return;
+  }
+  for (const name of entries) {
+    if (SKIP_DIRS.has(name)) continue;
+    const fullPath = join(dir, name);
+    let stat;
+    try {
+      stat = statSync(fullPath);
+    } catch {
+      continue;
+    }
+    if (stat.isDirectory()) {
+      scanDir(root, fullPath, patterns, framework, routes, depth + 1);
+      continue;
+    }
+    if (!stat.isFile()) continue;
+    if (!SCAN_EXTENSIONS.has(extname(name))) continue;
+    try {
+      const content = readFileSync(fullPath, "utf-8");
+      if (patterns.some((p) => content.includes(p))) {
+        routes.push({
+          file: relative(root, fullPath),
+          framework
+        });
+      }
+    } catch {
+    }
+  }
+}
+var MAX_SCAN_DEPTH, SKIP_DIRS, SCAN_EXTENSIONS;
+var init_generate = __esm({
+  "src/commands/generate.ts"() {
+    MAX_SCAN_DEPTH = 8;
+    SKIP_DIRS = /* @__PURE__ */ new Set([
+      "node_modules",
+      ".git",
+      "target",
+      "__pycache__",
+      "vendor",
+      "dist",
+      "build",
+      ".next"
+    ]);
+    SCAN_EXTENSIONS = /* @__PURE__ */ new Set([
+      ".ts",
+      ".tsx",
+      ".js",
+      ".jsx",
+      ".py",
+      ".go",
+      ".rs"
+    ]);
+  }
+});
+
+// src/commands/claim.ts
+var claim_exports = {};
+__export(claim_exports, {
+  runClaim: () => runClaim
+});
+async function runClaim(options) {
+  const { gatewayUrl, domain, verify } = options;
+  const baseUrl = gatewayUrl.replace(/\/$/, "");
+  if (verify) {
+    await verifyClaim(baseUrl, domain);
+  } else {
+    await requestChallenge(baseUrl, domain);
+  }
+}
+async function requestChallenge(baseUrl, domain) {
+  const res = await fetch(`${baseUrl}/domains/challenge`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ domain })
+  });
+  if (!res.ok) {
+    const body = await res.text();
+    throw new Error(`Challenge request failed (${res.status}): ${body}`);
+  }
+  const data = await res.json();
+  const expires = new Date(data.expiresAt).toISOString();
+  console.log(`
+Domain claim initiated for ${data.domain}
+`);
+  console.log(`Add the following DNS TXT record:
+`);
+  console.log(`  Name:  ${data.txtRecord}`);
+  console.log(`  Value: ${data.txtValue}
+`);
+  console.log(`This challenge expires at ${expires}.
+`);
+  console.log(`After adding the record, verify with:`);
+  console.log(`  dirx claim ${domain} --verify
+`);
+  console.log(`Tip: You can check propagation with:`);
+  console.log(`  dig TXT ${data.txtRecord}`);
+}
+async function verifyClaim(baseUrl, domain) {
+  const res = await fetch(`${baseUrl}/domains/verify`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ domain })
+  });
+  const data = await res.json();
+  if (!res.ok) {
+    const error = data.error || "Verification failed";
+    console.error(`
+Verification failed: ${error}
+`);
+    console.log(`Troubleshooting:`);
+    console.log(
+      `  1. Check the record exists: dig TXT _dirx.${domain}`
+    );
+    console.log(`  2. DNS propagation can take up to 5 minutes`);
+    console.log(
+      `  3. Ensure the TXT value matches exactly (including "dirx-verify=" prefix)
+`
+    );
+    process.exitCode = 1;
+    return;
+  }
+  const publishToken = data.publishToken;
+  await saveToken(domain, publishToken);
+  console.log(`
+Domain ${domain} verified successfully!`);
+  console.log(`Publish token saved to ~/.dirx/credentials.json
+`);
+  console.log(`You can now register services:`);
+  console.log(`  dirx register --domain ${domain}`);
+}
+var init_claim = __esm({
+  "src/commands/claim.ts"() {
+    init_credentials();
+  }
+});
+
+// src/commands/status.ts
+var status_exports = {};
+__export(status_exports, {
+  runStatus: () => runStatus
+});
+async function runStatus() {
+  const gatewayUrl = process.env.DIRX_GATEWAY_URL ?? "https://api.dirx.ai";
+  console.log(`DirX CLI Status
+`);
+  console.log(`  Gateway:  ${gatewayUrl}`);
+  const stored = await getAgentToken();
+  if (stored) {
+    const hint = stored.token.length > 8 ? `${stored.token.slice(0, 4)}...${stored.token.slice(-4)}` : "********";
+    console.log(`  Token:    ${hint}`);
+    console.log(`  Server:   ${stored.gatewayUrl}`);
+    if (stored.expiresAt) {
+      const expDate = new Date(stored.expiresAt * 1e3);
+      const now = /* @__PURE__ */ new Date();
+      if (expDate > now) {
+        console.log(`  Expires:  ${expDate.toISOString()}`);
+      } else {
+        console.log(`  Expires:  EXPIRED (${expDate.toISOString()})`);
+      }
+    }
+  } else {
+    console.log(`  Token:    not set (run 'dirx auth')`);
+  }
+}
+var init_status = __esm({
+  "src/commands/status.ts"() {
+    init_credentials();
+  }
+});
+
+// src/gateway/client.ts
+async function createClient() {
+  const { getAgentToken: getAgentToken2 } = await Promise.resolve().then(() => (init_credentials(), credentials_exports));
+  const stored = await getAgentToken2();
+  const gatewayUrl = process.env.DIRX_GATEWAY_URL ?? stored?.gatewayUrl ?? "https://api.dirx.ai";
+  const token = process.env.DIRX_TOKEN ?? stored?.token ?? null;
+  if (!token) {
+    throw new Error(
+      "No token found. Run 'dirx auth' first, or set DIRX_TOKEN."
+    );
+  }
+  return new GatewayClient(gatewayUrl, token);
+}
+var GatewayClient;
+var init_client = __esm({
+  "src/gateway/client.ts"() {
+    GatewayClient = class {
+      constructor(gatewayUrl, token) {
+        this.gatewayUrl = gatewayUrl;
+        this.token = token;
+      }
+      baseUrl() {
+        return this.gatewayUrl.replace(/\/$/, "");
+      }
+      /** Send a command string to the gateway /execute endpoint. */
+      async execute(command) {
+        const url = `${this.baseUrl()}/execute`;
+        const res = await fetch(url, {
+          method: "POST",
+          headers: {
+            Authorization: `Bearer ${this.token}`,
+            "Content-Type": "application/json"
+          },
+          body: JSON.stringify({ command })
+        });
+        if (!res.ok) {
+          const body = await res.text();
+          throw new Error(`Gateway error ${res.status}: ${body}`);
+        }
+        return res.json();
+      }
+      // --- BYOK methods ---
+      async uploadByok(domain, auth) {
+        const url = `${this.baseUrl()}/byok/${encodeURIComponent(domain)}`;
+        const res = await fetch(url, {
+          method: "PUT",
+          headers: {
+            Authorization: `Bearer ${this.token}`,
+            "Content-Type": "application/json"
+          },
+          body: JSON.stringify({ auth })
+        });
+        if (!res.ok) {
+          const body = await res.text();
+          throw new Error(`BYOK upload failed (${res.status}): ${body}`);
+        }
+      }
+      async listByok() {
+        const url = `${this.baseUrl()}/byok`;
+        const res = await fetch(url, {
+          headers: { Authorization: `Bearer ${this.token}` }
+        });
+        if (!res.ok) {
+          const body = await res.text();
+          throw new Error(`BYOK list failed (${res.status}): ${body}`);
+        }
+        return res.json();
+      }
+      async deleteByok(domain) {
+        const url = `${this.baseUrl()}/byok/${encodeURIComponent(domain)}`;
+        const res = await fetch(url, {
+          method: "DELETE",
+          headers: { Authorization: `Bearer ${this.token}` }
+        });
+        if (!res.ok) {
+          const body = await res.text();
+          throw new Error(`BYOK delete failed (${res.status}): ${body}`);
+        }
+      }
+    };
+  }
+});
+
+// src/keys/provider-map.ts
+function getAuthHint(domain) {
+  return providers[domain] ?? null;
+}
+var providers;
+var init_provider_map = __esm({
+  "src/keys/provider-map.ts"() {
+    providers = {
+      "api.github.com": {
+        envVar: "GITHUB_TOKEN",
+        guideUrl: "https://github.com/settings/tokens"
+      },
+      "api.openai.com": {
+        envVar: "OPENAI_API_KEY",
+        guideUrl: "https://platform.openai.com/api-keys"
+      },
+      "api.anthropic.com": {
+        envVar: "ANTHROPIC_API_KEY",
+        guideUrl: "https://console.anthropic.com/settings/keys"
+      },
+      "generativelanguage.googleapis.com": {
+        envVar: "GOOGLE_API_KEY",
+        guideUrl: "https://aistudio.google.com/apikey"
+      },
+      "api.stripe.com": {
+        envVar: "STRIPE_SECRET_KEY",
+        guideUrl: "https://dashboard.stripe.com/apikeys"
+      }
+    };
+  }
+});
+
+// src/commands/fs.ts
+var fs_exports = {};
+__export(fs_exports, {
+  registerFsCommands: () => registerFsCommands
+});
+function output(result) {
+  console.log(JSON.stringify(result, null, 2));
+}
+function extractDomain(path) {
+  const cleaned = path.replace(/^\/+/, "");
+  const segments = cleaned.split("/");
+  const candidate = segments.length > 1 ? segments[1] : segments[0];
+  if (!candidate) return null;
+  return candidate.includes(".") ? candidate : null;
+}
+function isAuthError(message) {
+  if (/Gateway error (401|403):/.test(message)) return true;
+  if (/Gateway error 500:/.test(message) && /\b(Unauthorized|Unauthenticated|authenticate|API key|api[_-]?key)\b/i.test(
+    message
+  ))
+    return true;
+  return false;
+}
+function handleError(err, cmdPath) {
+  const message = err instanceof Error ? err.message : String(err);
+  if (isAuthError(message)) {
+    const domain = cmdPath && extractDomain(cmdPath) || message.match(/([a-z0-9-]+(?:\.[a-z0-9-]+){1,})/i)?.[1] || null;
+    if (domain) {
+      const hint = getAuthHint(domain);
+      console.error(`Error: Authentication required for ${domain}`);
+      if (hint?.guideUrl) {
+        console.error(`  Get your key:  ${hint.guideUrl}`);
+      } else {
+        console.error(
+          `  Get your key:  https://${domain} (check the developer/API settings)`
+        );
+      }
+      console.error(
+        `  Set your key:  dirx keys set ${domain} --token <YOUR_KEY> --sync`
+      );
+      console.error(`  Then retry your command.`);
+      process.exit(1);
+    }
+  }
+  console.error(JSON.stringify({ error: message }));
+  process.exit(1);
+}
+function registerFsCommands(program2) {
+  program2.command("ls").description("List directory contents in the DirX path space").argument("<path>", "Directory path (e.g. /net/)").action(async (path) => {
+    try {
+      const client = await createClient();
+      const result = await client.execute(`ls ${path}`);
+      output(result);
+    } catch (err) {
+      handleError(err, path);
+    }
+  });
+  program2.command("cat").description("Read file contents from a DirX path").argument("<path>", "File path").action(async (path) => {
+    try {
+      const client = await createClient();
+      const result = await client.execute(`cat ${path}`);
+      output(result);
+    } catch (err) {
+      handleError(err, path);
+    }
+  });
+  program2.command("read").description("Read file contents (alias for cat)").argument("<path>", "File path").action(async (path) => {
+    try {
+      const client = await createClient();
+      const result = await client.execute(`cat ${path}`);
+      output(result);
+    } catch (err) {
+      handleError(err, path);
+    }
+  });
+  program2.command("write").description("Write data to a DirX path").argument("<path>", "File path").option("-d, --data <json>", "JSON data to write").option("-f, --file <file>", "Read data from file").action(
+    async (path, opts) => {
+      try {
+        let payload = opts.data ?? "";
+        if (opts.file) {
+          const { readFileSync: readFileSync4 } = await import('fs');
+          payload = readFileSync4(opts.file, "utf-8");
+        }
+        const client = await createClient();
+        const result = await client.execute(`write ${path} ${payload}`);
+        output(result);
+      } catch (err) {
+        handleError(err, path);
+      }
+    }
+  );
+  program2.command("edit").description("Edit (partial update) data at a DirX path").argument("<path>", "File path").option("-d, --data <json>", "JSON data for partial update").option("-f, --file <file>", "Read data from file").action(
+    async (path, opts) => {
+      try {
+        let payload = opts.data ?? "";
+        if (opts.file) {
+          const { readFileSync: readFileSync4 } = await import('fs');
+          payload = readFileSync4(opts.file, "utf-8");
+        }
+        const client = await createClient();
+        const result = await client.execute(`edit ${path} ${payload}`);
+        output(result);
+      } catch (err) {
+        handleError(err, path);
+      }
+    }
+  );
+  program2.command("rm").description("Remove a resource at a DirX path").argument("<path>", "Resource path").action(async (path) => {
+    try {
+      const client = await createClient();
+      const result = await client.execute(`rm ${path}`);
+      output(result);
+    } catch (err) {
+      handleError(err, path);
+    }
+  });
+  program2.command("bash").description("Execute a multi-step pipeline on the gateway").argument("<pipeline>", "Pipeline expression").action(async (pipeline) => {
+    try {
+      const client = await createClient();
+      const result = await client.execute(`bash ${pipeline}`);
+      output(result);
+    } catch (err) {
+      handleError(err);
+    }
+  });
+  program2.command("grep").description("Search across services in the DirX path space").argument("<pattern>", "Search pattern").argument("<path>", "Search scope path").action(async (pattern, path) => {
+    try {
+      const client = await createClient();
+      const result = await client.execute(`grep ${pattern} ${path}`);
+      output(result);
+    } catch (err) {
+      handleError(err, path);
+    }
+  });
+}
+var init_fs = __esm({
+  "src/commands/fs.ts"() {
+    init_client();
+    init_provider_map();
+  }
+});
+
+// src/commands/keys.ts
+var keys_exports = {};
+__export(keys_exports, {
+  registerKeysCommand: () => registerKeysCommand
+});
+async function loadKeyStore() {
+  const { readFileSync: readFileSync4 } = await import('fs');
+  const { join: join5 } = await import('path');
+  const { homedir: homedir2 } = await import('os');
+  const dirxHome = process.env.DIRX_HOME ?? join5(homedir2(), ".dirx");
+  const filePath = join5(dirxHome, "keys.json");
+  try {
+    const text = readFileSync4(filePath, "utf-8");
+    return JSON.parse(text);
+  } catch {
+    return { keys: {} };
+  }
+}
+async function saveKeyStore(store) {
+  const { writeFileSync: writeFileSync3, mkdirSync: mkdirSync3, chmodSync: chmodSync2 } = await import('fs');
+  const { join: join5 } = await import('path');
+  const { homedir: homedir2 } = await import('os');
+  const dirxHome = process.env.DIRX_HOME ?? join5(homedir2(), ".dirx");
+  const filePath = join5(dirxHome, "keys.json");
+  mkdirSync3(dirxHome, { recursive: true });
+  writeFileSync3(filePath, JSON.stringify(store, null, 2));
+  try {
+    chmodSync2(filePath, 384);
+  } catch {
+  }
+}
+function registerKeysCommand(program2) {
+  const keys = program2.command("keys").description("Manage external API keys (BYOK)");
+  keys.command("set").description("Set an API key for a domain").argument("<domain>", "API domain (e.g. api.github.com)").requiredOption("--token <token>", "API token/key").option("--type <type>", "Auth type (bearer, header, query)", "bearer").option("--sync", "Also upload to the gateway").action(
+    async (domain, opts) => {
+      const store = await loadKeyStore();
+      store.keys[domain] = {
+        type: opts.type,
+        token: opts.token,
+        updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+      };
+      await saveKeyStore(store);
+      console.log(`Key saved for ${domain}`);
+      if (opts.sync) {
+        try {
+          const client = await createClient();
+          await client.uploadByok(domain, {
+            type: opts.type,
+            token: opts.token
+          });
+          console.log(`Key synced to gateway`);
+        } catch (err) {
+          const msg = err instanceof Error ? err.message : String(err);
+          console.error(`Sync failed: ${msg}`);
+        }
+      }
+    }
+  );
+  keys.command("list").description("List stored API keys").option("--remote", "List keys stored on the gateway").action(async (opts) => {
+    if (opts.remote) {
+      try {
+        const client = await createClient();
+        const result = await client.listByok();
+        console.log(JSON.stringify(result, null, 2));
+      } catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        console.error(`Error: ${msg}`);
+        process.exit(1);
+      }
+    } else {
+      const store = await loadKeyStore();
+      const domains = Object.keys(store.keys);
+      if (domains.length === 0) {
+        console.log("No keys stored locally.");
+        return;
+      }
+      for (const domain of domains) {
+        const entry = store.keys[domain];
+        const hint = entry.token ? `${entry.token.slice(0, 4)}...${entry.token.slice(-4)}` : "(set)";
+        console.log(`  ${domain}  ${entry.type}  ${hint}  ${entry.updatedAt}`);
+      }
+    }
+  });
+  keys.command("remove").description("Remove an API key for a domain").argument("<domain>", "API domain").option("--remote", "Also delete from the gateway").action(async (domain, opts) => {
+    const store = await loadKeyStore();
+    if (store.keys[domain]) {
+      delete store.keys[domain];
+      await saveKeyStore(store);
+      console.log(`Key removed for ${domain}`);
+    } else {
+      console.log(`No key found for ${domain}`);
+    }
+    if (opts.remote) {
+      try {
+        const client = await createClient();
+        await client.deleteByok(domain);
+        console.log(`Key deleted from gateway`);
+      } catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        console.error(`Remote delete failed: ${msg}`);
+      }
+    }
+  });
+}
+var init_keys = __esm({
+  "src/commands/keys.ts"() {
+    init_client();
+  }
+});
+var __dirname$1 = dirname(fileURLToPath(import.meta.url));
+var version = "0.0.0";
+try {
+  const pkg = JSON.parse(
+    readFileSync(resolve(__dirname$1, "../package.json"), "utf-8")
+  );
+  version = pkg.version;
+} catch {
+}
+var program = new Command();
+program.name("dirx").description("DirX \u2014 Unified Gateway & CLI for Agents").version(version);
+program.command("auth").description("Authenticate with the DirX gateway").option("--gateway-url <url>", "Gateway URL (default: https://api.dirx.ai)").action(async (opts) => {
+  const { runAuth: runAuth2 } = await Promise.resolve().then(() => (init_auth(), auth_exports));
+  await runAuth2({ gatewayUrl: opts.gatewayUrl });
+});
+program.command("init").description("Initialize DirX in the current project").argument("[dir]", "Project directory", ".").action(async (dir) => {
+  const { runInit: runInit2 } = await Promise.resolve().then(() => (init_init(), init_exports));
+  await runInit2(dir);
+});
+program.command("generate").description("Scan project and generate DIR.md, optionally register").argument("[dir]", "Project directory", ".").option("--register", "Register the service with the gateway after generating").option("--gateway-url <url>", "Gateway URL for registration").option("--token <token>", "Auth token for registration").option("--domain <domain>", "Domain name for the service").action(async (dir, opts) => {
+  const { runGenerate: runGenerate2 } = await Promise.resolve().then(() => (init_generate(), generate_exports));
+  await runGenerate2(dir, {
+    register: opts.register,
+    gatewayUrl: opts.gatewayUrl,
+    token: opts.token,
+    domain: opts.domain
+  });
+});
+program.command("claim").description("Claim domain ownership via DNS verification").argument("<domain>", "Domain to claim").option("--verify", "Verify DNS record and obtain publish token").option("--gateway-url <url>", "Gateway URL").action(
+  async (domain, opts) => {
+    const { runClaim: runClaim2 } = await Promise.resolve().then(() => (init_claim(), claim_exports));
+    const gatewayUrl = opts.gatewayUrl ?? process.env.DIRX_GATEWAY_URL ?? "https://api.dirx.ai";
+    await runClaim2({
+      gatewayUrl,
+      domain,
+      verify: opts.verify
+    });
+  }
+);
+program.command("register").description("Register DIR.md with the gateway").option("--gateway-url <url>", "Gateway URL").option("--token <token>", "Auth token (publish token)").option("--domain <domain>", "Domain name for the service").option("--dir <dir>", "Project directory", ".").action(async (opts) => {
+  const { runRegister: runRegister2 } = await Promise.resolve().then(() => (init_register(), register_exports));
+  await runRegister2({
+    gatewayUrl: opts.gatewayUrl,
+    token: opts.token,
+    domain: opts.domain,
+    dir: opts.dir === "." ? process.cwd() : opts.dir
+  });
+});
+program.command("status").description("Show current CLI configuration and auth status").action(async () => {
+  const { runStatus: runStatus2 } = await Promise.resolve().then(() => (init_status(), status_exports));
+  await runStatus2();
+});
+var { registerFsCommands: registerFsCommands2 } = await Promise.resolve().then(() => (init_fs(), fs_exports));
+registerFsCommands2(program);
+var { registerKeysCommand: registerKeysCommand2 } = await Promise.resolve().then(() => (init_keys(), keys_exports));
+registerKeysCommand2(program);
+program.parse();

package/package.json

@@ -1,40 +1,47 @@
 {
-  "name": "@dirxai/cli",
-  "version": "0.1.0",
-  "description": "DirX — Unified Gateway & CLI for Agents",
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/dirxai/dirx"
-  },
-  "homepage": "https://dirx.ai",
-  "keywords": [
-    "dirx",
-    "agent",
-    "cli",
-    "gateway",
-    "api"
-  ],
-  "bin": {
-    "dirx": "bin/dirx"
-  },
-  "scripts": {
-    "postinstall": "node install.js"
-  },
-  "files": [
-    "bin/",
-    "install.js",
-    "README.md"
-  ],
-  "os": [
-    "darwin",
-    "linux"
-  ],
-  "cpu": [
-    "x64",
-    "arm64"
-  ],
-  "engines": {
-    "node": ">=16"
-  }
+    "name": "@dirxai/cli",
+    "version": "0.2.1",
+    "description": "DirX — Unified Gateway & CLI for Agents",
+    "license": "MIT",
+    "type": "module",
+    "bin": {
+        "dirx": "./dist/index.js"
+    },
+    "scripts": {
+        "build": "tsup",
+        "dev": "tsup --watch",
+        "lint": "tsc --noEmit",
+        "test": "vitest run"
+    },
+    "dependencies": {
+        "commander": "^13.0.0"
+    },
+    "devDependencies": {
+        "@types/node": "^22.0.0",
+        "tsup": "^8.0.0",
+        "typescript": "^5.7.0",
+        "vitest": "^4.0.0"
+    },
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/dirxai/dirx.git"
+    },
+    "homepage": "https://dirx.ai",
+    "keywords": [
+        "dirx",
+        "agent",
+        "cli",
+        "gateway",
+        "api",
+        "mcp"
+    ],
+    "publishConfig": {
+        "access": "public"
+    },
+    "files": [
+        "dist"
+    ],
+    "engines": {
+        "node": ">=18"
+    }
 }

package/install.js

@@ -1,92 +0,0 @@
-#!/usr/bin/env node
-
-const https = require("https");
-const http = require("http");
-const fs = require("fs");
-const os = require("os");
-const path = require("path");
-const { execSync } = require("child_process");
-
-const VERSION = require("./package.json").version;
-const REPO = "dirxai/dirx";
-const BIN_DIR = path.join(__dirname, "bin");
-
-const PLATFORM_MAP = {
-  darwin: "apple-darwin",
-  linux: "unknown-linux-gnu",
-};
-
-const ARCH_MAP = {
-  x64: "x86_64",
-  arm64: "aarch64",
-};
-
-function getArchiveName() {
-  const platform = PLATFORM_MAP[process.platform];
-  const arch = ARCH_MAP[process.arch];
-  if (!platform || !arch) {
-    throw new Error(
-      `Unsupported platform: ${process.platform}-${process.arch}`
-    );
-  }
-  return `dirx-${arch}-${platform}.tar.gz`;
-}
-
-function getDownloadUrl(archiveName) {
-  return `https://github.com/${REPO}/releases/download/v${VERSION}/${archiveName}`;
-}
-
-function download(url) {
-  return new Promise((resolve, reject) => {
-    const client = url.startsWith("https") ? https : http;
-    client.get(url, { headers: { "User-Agent": "dirx-npm-installer" } }, (res) => {
-      if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
-        return download(res.headers.location).then(resolve).catch(reject);
-      }
-      if (res.statusCode !== 200) {
-        return reject(new Error(`Download failed: HTTP ${res.statusCode} from ${url}`));
-      }
-      const chunks = [];
-      res.on("data", (chunk) => chunks.push(chunk));
-      res.on("end", () => resolve(Buffer.concat(chunks)));
-      res.on("error", reject);
-    }).on("error", reject);
-  });
-}
-
-async function main() {
-  const archiveName = getArchiveName();
-  const url = getDownloadUrl(archiveName);
-  const archivePath = path.join(os.tmpdir(), archiveName);
-  const binPath = path.join(BIN_DIR, "dirx");
-
-  console.log(`Downloading DirX v${VERSION} for ${process.platform}-${process.arch}...`);
-  console.log(`  ${url}`);
-
-  fs.mkdirSync(BIN_DIR, { recursive: true });
-
-  try {
-    const data = await download(url);
-    fs.writeFileSync(archivePath, data);
-
-    execSync(`tar xzf "${archivePath}" -C "${BIN_DIR}"`, { stdio: "inherit" });
-    fs.chmodSync(binPath, 0o755);
-    fs.unlinkSync(archivePath);
-
-    console.log(`DirX v${VERSION} installed to ${binPath}`);
-
-    try {
-      const version = execSync(`"${binPath}" --version`, { encoding: "utf8" }).trim();
-      console.log(`  ${version}`);
-    } catch {
-      // binary works but --version might not exist yet
-    }
-  } catch (err) {
-    console.error(`Failed to install DirX: ${err.message}`);
-    console.error("You can download manually from:");
-    console.error(`  https://github.com/${REPO}/releases/tag/v${VERSION}`);
-    process.exit(1);
-  }
-}
-
-main();