@inteeka/task-cli 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +141 -0
  2. package/dist/cli.js +2604 -0
  3. package/dist/cli.js.map +1 -0
  4. package/package.json +49 -0
package/README.md ADDED
@@ -0,0 +1,141 @@
1
+ # @inteeka/task-cli
2
+
3
+ The standalone agentic CLI for [Inteeka Task](https://task.inteeka.com). Authenticate with your dashboard account, link a repo to a project, fetch CLI-eligible tickets, and let Claude Code work through them — with hard guardrails that never let the agent touch configuration, lockfiles, or anything outside source code.
4
+
5
+ ## Install
6
+
7
+ ```bash
8
+ npm i -g @inteeka/task-cli
9
+ # or, in a workspace:
10
+ pnpm add -g @inteeka/task-cli
11
+ ```
12
+
13
+ You'll also need [Claude Code](https://www.anthropic.com/claude-code) on your `PATH`. `task doctor` will tell you if it's missing.
14
+
15
+ ## Quickstart
16
+
17
+ ```bash
18
+ task login # OAuth device flow against your dashboard
19
+ cd /path/to/your/repo
20
+ task link --project myproj # writes .task/config.json
21
+ task tickets # lists CLI-eligible tickets
22
+ task work --next # picks the next eligible ticket and runs the agent
23
+ ```
24
+
25
+ ## Authorisation model — why some commands fail with "CLI access is not enabled"
26
+
27
+ Three independent gates protect every CLI run. All three must be true at the moment of the request:
28
+
29
+ 1. **Per-membership** `cli_access` — your membership on the org has the toggle enabled by an admin from the dashboard's _Agentic CLI_ page.
30
+ 2. **Per-ticket** `cli_eligible` — a human has explicitly opted this ticket in for autonomous work, with a confirmation step in the dashboard.
31
+ 3. **Per-schedule** `enabled` — for scheduled runs, the schedule isn't paused locally or remotely disabled by an admin.
32
+
33
+ Default-deny on all three. A leaked credential lands the attacker on a CLI that can't see any tickets.
34
+
35
+ ## Source-code guardrail (Layer A + Layer B)
36
+
37
+ The CLI never lets the agent modify configuration, lockfiles, env files, CI files, or anything matching `*.config.*` at the repo root.
38
+
39
+ - **Layer A** — the system prompt that ships to Claude includes the denylist verbatim and tells the agent to stop if the ticket needs such a change.
40
+ - **Layer B** — after the agent finishes, `git diff --cached --name-only` (and the unstaged diff + untracked files) is intersected against the denylist. If anything matches: the working tree is restored, the commit is aborted, the run is recorded as `guardrail_blocked`, and the CLI exits with code 4. **No commit ever lands when Layer B fires.**
41
+
42
+ Project admins can extend the denylist via the _Protected Paths_ tab on the dashboard's _Agentic CLI_ page (e.g. `prisma/schema.prisma`, `terraform/**`).
43
+
44
+ ## Commands
45
+
46
+ ### Auth
47
+
48
+ | Command | What it does |
49
+ | ------------------- | -------------------------------------------------------------------------------------------------- |
50
+ | `task login` | OAuth device flow; stores access + refresh tokens in `~/.config/task/credentials.json` (mode 0600) |
51
+ | `task logout` | Revoke the session server-side and clear local credentials |
52
+ | `task whoami` | Show signed-in user, session, and authorised projects |
53
+ | `task auth refresh` | Force a token refresh (mostly automatic) |
54
+
55
+ ### Project linking
56
+
57
+ | Command | What it does |
58
+ | --------------------------------------------- | --------------------------------------------------------------- |
59
+ | `task link [--org <slug>] [--project <slug>]` | Link the current repo to a project, writing `.task/config.json` |
60
+ | `task unlink` | Remove the link |
61
+ | `task projects` | List authorised projects |
62
+ | `task status` | Show auth + link + git state |
63
+
64
+ ### Tickets
65
+
66
+ | Command | What it does |
67
+ | -------------------------------------------------------- | ----------------------------------------------- |
68
+ | `task tickets [--status <s>] [--limit N] [--cursor <c>]` | List CLI-eligible tickets in the linked project |
69
+ | `task ticket show <id>` | Show one ticket |
70
+ | `task ticket open <id>` | Open the ticket in your browser |
71
+ | `task ticket status <id> <slug>` | Update a ticket status |
72
+ | `task ticket comment <id> "<text>"` | Add a comment (author type `cli`) |
73
+
74
+ ### Agentic execution
75
+
76
+ ```bash
77
+ task work [<id>] [--auto] [--dry-run] [--no-push] [--max N] [--silent]
78
+ task work --next # alias for --auto --max 1
79
+ ```
80
+
81
+ The `work` pipeline:
82
+
83
+ 1. POST `cli.run.started` to the server.
84
+ 2. Spawn `claude` with the source-code denylist + `--allowedTools` whitelist.
85
+ 3. Run the post-agent diff guardrail.
86
+ 4. On violation → restore working tree, POST `cli.run.guardrail_blocked`, exit 4.
87
+ 5. On clean diff → commit (and push by default), POST `cli.run.completed`.
88
+ 6. If `--max > 1`, loop to next eligible ticket.
89
+
90
+ ### Scheduled tasks
91
+
92
+ ```bash
93
+ task scheduled-task add nightly --cron "0 2 * * *" --max 5
94
+ task scheduled-task list
95
+ task scheduled-task pause nightly
96
+ task scheduled-task resume nightly
97
+ task scheduled-task remove nightly
98
+ task scheduled-task run nightly # run once now
99
+ task scheduled-task logs nightly --limit 20
100
+ ```
101
+
102
+ Schedules register with the host OS (launchd / cron / Task Scheduler) AND mirror to the server. Admins can remotely disable a schedule from the dashboard; the next run detects it and exits with code 6 — **without** retry-storming.
103
+
104
+ ### Run history
105
+
106
+ | Command | What it does |
107
+ | -------------------------------------------------------------- | ---------------------------------------------------- |
108
+ | `task runs list [--limit N] [--ticket <id>] [--schedule <id>]` | List runs |
109
+ | `task runs show <id>` | Show a single run |
110
+ | `task runs logs <id>` | Stream agent output captured during a `--silent` run |
111
+
112
+ ### Config + diagnostics
113
+
114
+ | Command | What it does |
115
+ | -------------------------- | ----------------------------------------------------- |
116
+ | `task config get/set/list` | Read or update `~/.config/task/config.json` |
117
+ | `task doctor` | Verify auth, claude, git, scheduler, API connectivity |
118
+ | `task version` | Print the version |
119
+
120
+ ## Exit codes
121
+
122
+ | Code | Meaning |
123
+ | ---- | -------------------------------------------------------------------------- |
124
+ | 0 | Success (or "no eligible tickets" — scheduled runs treat this as expected) |
125
+ | 1 | Generic error |
126
+ | 2 | Misconfiguration (no creds, no link, missing `claude`) |
127
+ | 3 | Unauthorised — credentials wiped |
128
+ | 4 | Guardrail blocked the run |
129
+ | 5 | Network unreachable |
130
+ | 6 | Schedule was disabled by an admin |
131
+
132
+ ## Threat model summary
133
+
134
+ - Credentials live in `~/.config/task/credentials.json` mode `0600`. No tokens are logged.
135
+ - Refresh tokens are one-time-use; rotation is enforced server-side. Replay of a rotated refresh token revokes the entire session and writes a `cli.token.replay_detected` audit row.
136
+ - All authorisation logic lives in the API. The CLI never decides "you have access" client-side beyond holding the access token.
137
+ - The agent's `--allowedTools` whitelist and the protected-paths denylist are imported from `@task/constants` — one source of truth across the dashboard, the system prompt, and the diff guardrail.
138
+
139
+ ## Source
140
+
141
+ [github.com/inteeka/task](https://github.com/inteeka/task) (private). The CLI lives in `apps/cli/`.