npm - @myvillage/cli - Versions diffs - 1.18.0 → 1.22.0 - Mend

@myvillage/cli 1.18.0 → 1.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/package.json +1 -1
package/src/agent-runtime/loop.js +12 -2
package/src/commands/api-key.js +172 -0
package/src/index.js +35 -0
package/src/utils/api.js +26 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@myvillage/cli",
-  "version": "1.18.0",
+  "version": "1.22.0",
   "description": "MyVillageOS CLI for community developers",
   "type": "module",
   "bin": {

package/src/agent-runtime/loop.js CHANGED Viewed

@@ -152,8 +152,18 @@ export async function agentLoop(agentName, { signal }) {
       mentionsFound = contextResult.mentionsCount;
       if (activeTask) {
-        const taskLine = `TASK ${activeTask.id} (${activeTask.taskType}): ${activeTask.instruction || JSON.stringify(activeTask.input || {})}`;
-        context = `${taskLine}\n\n${context}`;
+        // A claimed task takes over the iteration. The default monitoring
+        // context becomes secondary background; the instruction is the
+        // primary user prompt and the system prompt switches to a
+        // task-execution framing so the LLM doesn't drift back into
+        // "report on the feed" mode.
+        const instructionText = activeTask.instruction
+          || (activeTask.input ? JSON.stringify(activeTask.input, null, 2) : '');
+        systemPrompt = `${systemPrompt}\n\n## ACTIVE TASK MODE\nA client has assigned you a task. Your job this iteration is to execute the instruction below using your available tools. The feed context is provided only for situational awareness — do not let "no new feed activity" prevent you from carrying out the task.`;
+        context = `## TASK (id=${activeTask.id}, type=${activeTask.taskType})\n${instructionText}\n\n---\n\n## FEED CONTEXT (for awareness only)\n${context}`;
         logActivity(agentDir, { type: 'task_claimed', taskId: activeTask.id, taskType: activeTask.taskType });
       }

package/src/commands/api-key.js ADDED Viewed

@@ -0,0 +1,172 @@
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import { villageSpinner, brand } from '../utils/brand.js';
+import { isAuthenticated } from '../utils/auth.js';
+import {
+  createApiKey,
+  listApiKeys,
+  revokeApiKey,
+  listAllowedScopes,
+} from '../utils/api.js';
+// ── create ──────────────────────────────────────────────
+export async function apiKeyCreateCommand(options = {}) {
+  if (!isAuthenticated()) {
+    console.log(chalk.red('  ✗ Authentication required. Run \'myvillage login\' first.'));
+    return;
+  }
+  if (!options.name) {
+    console.log(chalk.red('  ✗ --name is required (e.g. --name "claude-desktop")\n'));
+    return;
+  }
+  let scopes;
+  if (options.scopes) {
+    scopes = options.scopes.split(',').map(s => s.trim()).filter(Boolean);
+  } else {
+    // Interactive picker — fetch what the caller is allowed to mint
+    const spinner = villageSpinner('Loading available scopes...').start();
+    let allowed;
+    try {
+      const result = await listAllowedScopes();
+      allowed = result.allowedScopes || {};
+      spinner.stop();
+    } catch (err) {
+      spinner.fail(`Failed to load scopes: ${err.response?.data?.error || err.message}`);
+      return;
+    }
+    const scopeKeys = Object.keys(allowed);
+    if (scopeKeys.length === 0) {
+      console.log(chalk.yellow('  ⚠ Your account has no API scopes available.\n'));
+      return;
+    }
+    const { picked } = await inquirer.prompt([{
+      type: 'checkbox',
+      name: 'picked',
+      message: 'Pick the scopes this key should carry (Space to toggle, Enter to confirm):',
+      pageSize: Math.min(scopeKeys.length, 15),
+      choices: scopeKeys.map(s => ({
+        name: `${s}  ${chalk.dim('— ' + allowed[s])}`,
+        value: s,
+        checked: s === 'agents:tasks:read' || s === 'agents:tasks:write',
+      })),
+      validate: (input) => input.length > 0 || 'Pick at least one scope.',
+    }]);
+    scopes = picked;
+  }
+  const body = { name: options.name, scopes };
+  if (options.expiresInDays) {
+    body.expiresInDays = Number(options.expiresInDays);
+  }
+  const spinner = villageSpinner('Creating API key...').start();
+  try {
+    const result = await createApiKey(body);
+    spinner.succeed('API key created.');
+    console.log(brand.teal('\n  Key (shown ONCE — copy it now):\n'));
+    console.log('  ' + chalk.bold(result.key));
+    console.log('');
+    console.log(brand.teal(`  Id:      ${result.apiKey.id}`));
+    console.log(brand.teal(`  Prefix:  ${result.apiKey.prefix}`));
+    console.log(brand.teal(`  Scopes:  ${result.apiKey.scopes.join(', ')}`));
+    if (result.apiKey.expiresAt) {
+      console.log(brand.teal(`  Expires: ${result.apiKey.expiresAt}`));
+    } else {
+      console.log(brand.teal('  Expires: never (revoke manually when no longer needed)'));
+    }
+    console.log(chalk.yellow('\n  ⚠ Treat this key like a password. Anyone with it can act as you'));
+    console.log(chalk.yellow('    within the scopes you selected. Store it in an env var, not in git.\n'));
+    console.log(brand.teal('  Use in REST calls:'));
+    console.log('  ' + chalk.dim(`curl -H "Authorization: Bearer ${result.key.slice(0, 12)}..." https://portal.myvillageproject.ai/api/...\n`));
+    console.log(brand.teal('  Use in Claude Desktop / Cursor MCP config:'));
+    console.log('  ' + chalk.dim(`"headers": { "Authorization": "Bearer ${result.key.slice(0, 12)}..." }\n`));
+  } catch (err) {
+    const msg = err.response?.data?.error || err.message;
+    spinner.fail(`Failed to create API key: ${msg}`);
+  }
+}
+// ── list ────────────────────────────────────────────────
+export async function apiKeyListCommand() {
+  if (!isAuthenticated()) {
+    console.log(chalk.red('  ✗ Authentication required. Run \'myvillage login\' first.'));
+    return;
+  }
+  try {
+    const result = await listApiKeys();
+    const keys = result.apiKeys || [];
+    if (keys.length === 0) {
+      console.log(brand.teal('  No API keys yet. Create one with: myvillage api-key create --name "..."\n'));
+      return;
+    }
+    console.log(brand.teal(`\n  ${keys.length} API key(s):\n`));
+    for (const k of keys) {
+      const status = k.isActive ? brand.green('active') : chalk.dim('revoked');
+      console.log(`  ${chalk.bold(k.name)}  ${status}`);
+      console.log(`    id:      ${k.id}`);
+      console.log(`    prefix:  ${k.prefix}`);
+      console.log(`    scopes:  ${(k.scopes || []).join(', ')}`);
+      if (k.lastUsedAt) console.log(`    used:    ${k.lastUsedAt}`);
+      if (k.expiresAt) console.log(`    expires: ${k.expiresAt}`);
+      console.log('');
+    }
+  } catch (err) {
+    const msg = err.response?.data?.error || err.message;
+    console.log(chalk.red(`  ✗ Failed to list API keys: ${msg}\n`));
+  }
+}
+// ── revoke ──────────────────────────────────────────────
+export async function apiKeyRevokeCommand(id) {
+  if (!isAuthenticated()) {
+    console.log(chalk.red('  ✗ Authentication required. Run \'myvillage login\' first.'));
+    return;
+  }
+  if (!id) {
+    console.log(chalk.red('  ✗ Usage: myvillage api-key revoke <id>\n'));
+    return;
+  }
+  try {
+    await revokeApiKey(id);
+    console.log(brand.green(`  ✓ API key ${id} revoked. Any further requests using it will fail.\n`));
+  } catch (err) {
+    const msg = err.response?.data?.error || err.message;
+    console.log(chalk.red(`  ✗ Failed to revoke API key: ${msg}\n`));
+  }
+}
+// ── show-scopes ─────────────────────────────────────────
+export async function apiKeyShowScopesCommand() {
+  if (!isAuthenticated()) {
+    console.log(chalk.red('  ✗ Authentication required. Run \'myvillage login\' first.'));
+    return;
+  }
+  try {
+    const result = await listAllowedScopes();
+    const allowed = result.allowedScopes || {};
+    const keys = Object.keys(allowed);
+    if (keys.length === 0) {
+      console.log(brand.teal('  No API scopes available for your account.\n'));
+      return;
+    }
+    console.log(brand.teal(`\n  ${keys.length} scope(s) available to you:\n`));
+    for (const k of keys) {
+      console.log(`  ${chalk.bold(k)}`);
+      console.log(`    ${chalk.dim(allowed[k])}`);
+    }
+    console.log('');
+  } catch (err) {
+    const msg = err.response?.data?.error || err.message;
+    console.log(chalk.red(`  ✗ Failed to load allowed scopes: ${msg}\n`));
+  }
+}

package/src/index.js CHANGED Viewed

@@ -9,6 +9,12 @@ import {
   mediaDraftStatusCommand,
 } from './commands/media.js';
 import { logoutCommand } from './commands/logout.js';
+import {
+  apiKeyCreateCommand,
+  apiKeyListCommand,
+  apiKeyRevokeCommand,
+  apiKeyShowScopesCommand,
+} from './commands/api-key.js';
 import { createGameCommand } from './commands/create-game.js';
 import { createCommand } from './commands/create-app.js';
 import { deployCommand } from './commands/deploy.js';
@@ -141,6 +147,35 @@ export function run() {
     .description('Clear stored credentials')
     .action(logoutCommand);
+  // ── API Keys (developer self-service) ──────────────────
+  const apiKeyCmd = program
+    .command('api-key')
+    .description('Manage your API keys (used for REST and MCP authentication)');
+  apiKeyCmd
+    .command('create')
+    .description('Create a new API key. Shown ONCE — copy it immediately.')
+    .requiredOption('--name <name>', 'Friendly name for this key (e.g. "claude-desktop")')
+    .option('--scopes <list>', 'Comma-separated scopes (omit for interactive picker)')
+    .option('--expires-in-days <n>', 'Number of days until expiry (default: never)')
+    .action(apiKeyCreateCommand);
+  apiKeyCmd
+    .command('list')
+    .description('List your API keys (names, prefixes, scopes — never the secret)')
+    .action(apiKeyListCommand);
+  apiKeyCmd
+    .command('revoke <id>')
+    .description('Revoke an API key by id so further requests using it are rejected')
+    .action(apiKeyRevokeCommand);
+  apiKeyCmd
+    .command('show-scopes')
+    .description('Print the API scopes your account is allowed to mint into a key')
+    .action(apiKeyShowScopesCommand);
   program
     .command('create-game')
     .description('Create a new game project with interactive wizard')

package/src/utils/api.js CHANGED Viewed

@@ -701,6 +701,32 @@ export async function retryFailedAgentTasks(villageAgentId, errorPattern) {
   return response.data;
 }
+// ── API Key management ─────────────────────────────────
+export async function createApiKey(data) {
+  const client = getPlatformClient();
+  const response = await client.post('/api-keys', data);
+  return response.data;
+}
+export async function listApiKeys() {
+  const client = getPlatformClient();
+  const response = await client.get('/api-keys');
+  return response.data;
+}
+export async function revokeApiKey(id) {
+  const client = getPlatformClient();
+  const response = await client.delete(`/api-keys/${encodeURIComponent(id)}`);
+  return response.data;
+}
+export async function listAllowedScopes() {
+  const client = getPlatformClient();
+  const response = await client.get('/api-keys/allowed-scopes');
+  return response.data;
+}
 // ── Wisdom (VillageBooks repurposed as agent skill packs) ──────────
 export async function listVillageBooks(params = {}) {