@enactprotocol/cli 2.2.4 → 2.3.4

package/src/commands/install/index.ts

@@ -2,7 +2,7 @@
  * enact install command
  *
  * Install a tool to the project or globally.
- * All tools are extracted to ~/.enact/cache/{tool}/{version}/
+ * All tools are extracted to ~/.agent/skills/{tool}/
  * - Project install: Adds entry to .enact/tools.json
  * - Global install: Adds entry to ~/.enact/tools.json
  *
@@ -25,7 +25,6 @@ import {
   addAlias,
   addMcpTool,
   addToolToRegistry,
-  getCacheDir,
   getInstalledVersion,
   getMinimumAttestations,
   getProjectEnactDir,
@@ -110,7 +109,8 @@ function isLocalPath(toolName: string): boolean {
  */
 async function extractBundle(bundleData: ArrayBuffer, destPath: string): Promise<void> {
   // Create a temporary file for the bundle
-  const tempFile = join(getCacheDir(), `bundle-${Date.now()}.tar.gz`);
+  const { tmpdir } = await import("node:os");
+  const tempFile = join(tmpdir(), `enact-bundle-${Date.now()}.tar.gz`);
   mkdirSync(dirname(tempFile), { recursive: true });
   writeFileSync(tempFile, Buffer.from(bundleData));
 
@@ -149,6 +149,40 @@ function formatBytes(bytes: number): string {
   return `${(bytes / k ** i).toFixed(1)} ${sizes[i]}`;
 }
 
+/**
+ * Run postinstall hook commands in the tool directory.
+ * Runs each command sequentially; throws on first failure.
+ */
+async function runPostinstallHook(
+  toolDir: string,
+  hookCommands: string | string[],
+  _toolName: string,
+  verbose?: boolean
+): Promise<void> {
+  const commands = Array.isArray(hookCommands) ? hookCommands : [hookCommands];
+
+  for (const cmd of commands) {
+    if (verbose) {
+      dim(`  Running: ${cmd}`);
+    }
+
+    const proc = Bun.spawn(["sh", "-c", cmd], {
+      cwd: toolDir,
+      stdout: verbose ? "inherit" : "pipe",
+      stderr: "pipe",
+      env: { ...process.env },
+    });
+
+    const exitCode = await proc.exited;
+    if (exitCode !== 0) {
+      const stderr = await new Response(proc.stderr).text();
+      throw new Error(
+        `postinstall hook failed (exit ${exitCode}): ${cmd}${stderr ? `\n${stderr.trim()}` : ""}`
+      );
+    }
+  }
+}
+
 /**
  * Install from the registry
  */
@@ -258,25 +292,29 @@ async function installFromRegistry(
     const attestations = attestationsResponse.attestations;
 
     if (attestations.length === 0) {
-      // No attestations found
-      info(`${symbols.warning} Tool ${toolName}@${targetVersion} has no attestations.`);
-
-      if (trustPolicy === "require_attestation") {
-        error("Trust policy requires attestations. Installation blocked.");
-        info("Configure trust policy in ~/.enact/config.yaml");
-        process.exit(EXIT_TRUST_ERROR);
-      } else if (ctx.isInteractive && trustPolicy === "prompt") {
-        const proceed = await confirm("Install unverified tool?");
-        if (!proceed) {
-          info("Installation cancelled.");
-          process.exit(0);
+      // No attestations found — but if minimum_attestations is 0, that's fine
+      if (minimumAttestations === 0) {
+        // User explicitly configured zero required attestations — allow installation
+      } else {
+        info(`${symbols.warning} Tool ${toolName}@${targetVersion} has no attestations.`);
+
+        if (trustPolicy === "require_attestation") {
+          error("Trust policy requires attestations. Installation blocked.");
+          info("Configure trust policy in ~/.enact/config.yaml");
+          process.exit(EXIT_TRUST_ERROR);
+        } else if (ctx.isInteractive && trustPolicy === "prompt") {
+          const proceed = await confirm("Install unverified tool?");
+          if (!proceed) {
+            info("Installation cancelled.");
+            process.exit(0);
+          }
+        } else if (!ctx.isInteractive && trustPolicy === "prompt") {
+          error("Cannot install unverified tools in non-interactive mode.");
+          info("Run interactively to confirm installation.");
+          process.exit(EXIT_TRUST_ERROR);
         }
-      } else if (!ctx.isInteractive && trustPolicy === "prompt") {
-        error("Cannot install unverified tools in non-interactive mode.");
-        info("Run interactively to confirm installation.");
-        process.exit(EXIT_TRUST_ERROR);
       }
-      // trustPolicy === "allow" - continue without prompting
+      // trustPolicy === "allow" or minimumAttestations === 0 - continue without prompting
     } else {
       // Verify attestations locally (never trust registry's verification status)
       const verifiedAuditors = await verifyAllAttestations(
@@ -438,6 +476,26 @@ async function installFromRegistry(
     throw new RegistryError(`Failed to extract bundle: ${formatError(err)}`);
   }
 
+  // Run postinstall hook if the manifest defines one
+  const extractedManifest = loadManifestFromDir(cachePath);
+  if (extractedManifest?.manifest.hooks?.postinstall) {
+    try {
+      await withSpinner(
+        "Running postinstall hook...",
+        async () =>
+          runPostinstallHook(
+            cachePath,
+            extractedManifest.manifest.hooks!.postinstall!,
+            toolName,
+            options.verbose
+          ),
+        `${symbols.success} postinstall complete`
+      );
+    } catch (err) {
+      info(`${symbols.warning} postinstall hook failed: ${formatError(err)}`);
+    }
+  }
+
   // Update tools.json for the appropriate scope
   addToolToRegistry(toolName, targetVersion!, scope, isGlobal ? undefined : ctx.cwd);
 
@@ -485,7 +543,7 @@ async function installFromRegistry(
  * Install from a local path
  *
  * Both global and project installs:
- * 1. Copy tool to cache (~/.enact/cache/{tool}/{version}/)
+ * 1. Copy tool to ~/.agent/skills/{tool}/
  * 2. Update tools.json (global: ~/.enact/tools.json, project: .enact/tools.json)
  */
 async function installFromPath(
@@ -547,6 +605,25 @@ async function installFromPath(
     `${symbols.success} Installed ${manifest.name}`
   );
 
+  // Run postinstall hook if the manifest defines one
+  if (manifest.hooks?.postinstall) {
+    try {
+      await withSpinner(
+        "Running postinstall hook...",
+        async () =>
+          runPostinstallHook(
+            cachePath,
+            manifest.hooks!.postinstall!,
+            manifest.name,
+            options.verbose
+          ),
+        `${symbols.success} postinstall complete`
+      );
+    } catch (err) {
+      info(`${symbols.warning} postinstall hook failed: ${formatError(err)}`);
+    }
+  }
+
   // Update tools.json for the appropriate scope
   addToolToRegistry(manifest.name, version, scope, isGlobal ? undefined : ctx.cwd);
 

package/src/commands/learn/index.ts

@@ -18,6 +18,7 @@ import {
   verifyAllAttestations,
 } from "@enactprotocol/api";
 import {
+  type ActionsManifest,
   getMinimumAttestations,
   getTrustPolicy,
   getTrustedAuditors,
@@ -45,6 +46,48 @@ interface LearnOptions extends GlobalOptions {
   local?: boolean;
 }
 
+/**
+ * Display available actions from an ActionsManifest
+ */
+function displayActions(actionsManifest: ActionsManifest): void {
+  newline();
+  header("Available Actions");
+  newline();
+
+  // Iterate over action map (name is the key)
+  for (const [actionName, action] of Object.entries(actionsManifest.actions)) {
+    info(`  ${actionName}`);
+    if (action.description) {
+      dim(`    ${action.description}`);
+    }
+
+    // Show input parameters
+    if (action.inputSchema?.properties) {
+      const required = new Set(
+        Array.isArray(action.inputSchema.required) ? action.inputSchema.required : []
+      );
+      const props = action.inputSchema.properties as Record<
+        string,
+        { type?: string; description?: string }
+      >;
+      const paramNames = Object.keys(props);
+
+      if (paramNames.length > 0) {
+        dim("    Parameters:");
+        for (const paramName of paramNames) {
+          const prop = props[paramName];
+          const isRequired = required.has(paramName);
+          const reqLabel = isRequired ? " (required)" : "";
+          dim(`      - ${paramName}: ${prop?.type ?? "any"}${reqLabel}`);
+        }
+      }
+    }
+    newline();
+  }
+
+  dim("Run an action with: enact run <skill>:<action> --args '{...}'");
+}
+
 /**
  * Learn command handler
  */
@@ -69,6 +112,13 @@ async function learnHandler(
           version: resolution.manifest.version,
           documentation: content,
           source: "local",
+          actions: resolution.actionsManifest
+            ? Object.entries(resolution.actionsManifest.actions).map(([name, a]) => ({
+                name,
+                description: a.description,
+                inputSchema: a.inputSchema,
+              }))
+            : null,
         });
         return;
       }
@@ -77,6 +127,11 @@ async function learnHandler(
       dim("(installed locally)");
       newline();
       console.log(content);
+
+      // Display actions if available
+      if (resolution.actionsManifest) {
+        displayActions(resolution.actionsManifest);
+      }
       return;
     }
 
@@ -87,6 +142,13 @@ async function learnHandler(
         version: resolution.manifest.version,
         documentation: resolution.manifest.doc ?? resolution.manifest.description ?? null,
         source: "local",
+        actions: resolution.actionsManifest
+          ? Object.entries(resolution.actionsManifest.actions).map(([name, a]) => ({
+              name,
+              description: a.description,
+              inputSchema: a.inputSchema,
+            }))
+          : null,
       });
       return;
     }
@@ -97,6 +159,11 @@ async function learnHandler(
     console.log(
       resolution.manifest.doc ?? resolution.manifest.description ?? "No documentation available."
     );
+
+    // Display actions if available
+    if (resolution.actionsManifest) {
+      displayActions(resolution.actionsManifest);
+    }
     return;
   }
 
@@ -158,27 +225,31 @@ async function learnHandler(
     const attestations = attestationsResponse.attestations;
 
     if (attestations.length === 0) {
-      // No attestations found
-      info(`${symbols.warning} Tool ${toolName}@${version} has no attestations.`);
+      // No attestations found — but if minimum_attestations is 0, that's fine
+      if (minimumAttestations === 0) {
+        // User explicitly configured zero required attestations — allow access
+      } else {
+        info(`${symbols.warning} Tool ${toolName}@${version} has no attestations.`);
 
-      if (trustPolicy === "require_attestation") {
-        throw new TrustError(
-          "Trust policy requires attestations. Cannot display documentation from unverified tools."
-        );
-      }
-      if (ctx.isInteractive && trustPolicy === "prompt") {
-        dim("Documentation from unverified tools may contain malicious content.");
-        const proceed = await confirm("View documentation from unverified tool?");
-        if (!proceed) {
-          info("Cancelled.");
-          process.exit(0);
+        if (trustPolicy === "require_attestation") {
+          throw new TrustError(
+            "Trust policy requires attestations. Cannot display documentation from unverified tools."
+          );
+        }
+        if (ctx.isInteractive && trustPolicy === "prompt") {
+          dim("Documentation from unverified tools may contain malicious content.");
+          const proceed = await confirm("View documentation from unverified tool?");
+          if (!proceed) {
+            info("Cancelled.");
+            process.exit(0);
+          }
+        } else if (!ctx.isInteractive && trustPolicy === "prompt") {
+          throw new TrustError(
+            "Cannot display documentation from unverified tools in non-interactive mode."
+          );
         }
-      } else if (!ctx.isInteractive && trustPolicy === "prompt") {
-        throw new TrustError(
-          "Cannot display documentation from unverified tools in non-interactive mode."
-        );
       }
-      // trustPolicy === "allow" - continue without prompting
+      // trustPolicy === "allow" or minimumAttestations === 0 - continue without prompting
     } else {
       // Verify attestations locally (never trust registry's verification status)
       const verifiedAuditors = await verifyAllAttestations(

package/src/commands/list/index.ts

@@ -5,7 +5,7 @@
  * - Default: project tools (via .enact/tools.json)
  * - --global/-g: global tools (via ~/.enact/tools.json)
  *
- * All tools are stored in ~/.enact/cache/{tool}/{version}/
+ * All tools are stored in ~/.agent/skills/{tool}/
  */
 
 import {

package/src/commands/run/README.md

@@ -10,7 +10,7 @@ enact run <tool> [options]
 
 ## Description
 
-The `run` command executes a tool using the command defined in its manifest (`enact.yaml` or `enact.md`). The tool runs in an isolated container environment with:
+The `run` command executes a tool using the command defined in its manifest (`skill.yaml` or `SKILL.md`). The tool runs in an isolated container environment with:
 
 - Input validation against the tool's JSON Schema
 - Automatic secret resolution from the OS keyring