@myvillage/cli 1.49.0 → 1.51.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@myvillage/cli",
-  "version": "1.49.0",
+  "version": "1.51.0",
   "description": "MyVillageOS CLI for community developers",
   "type": "module",
   "bin": {

package/src/agent-runtime/loop.js

@@ -245,16 +245,38 @@ Guidelines:
       // "find any README under the workspace" can do
       // list_allowed_directories → list_directory → search_files → ...
       // until it's actually done.
+      //
+      // Anthropic prompt caching: we mark the system block as ephemeral so
+      // everything before it (tool schemas + system prompt) is cached.
+      // For Anthropic, cached reads are ~10x cheaper than fresh input —
+      // critical because MCP tool schemas alone can be 20–40k tokens that
+      // would otherwise be re-billed at every step of every loop iteration.
+      // The breakpoint is namespaced under `anthropic`, so OpenAI calls
+      // silently ignore it. Cache TTL is ~5 min; agents that loop more
+      // often than that stay warm and pay full price only on the first hit.
       const result = await generateText({
         model,
-        system: systemPrompt,
-        prompt: context,
+        messages: [
+          {
+            role: 'system',
+            content: systemPrompt,
+            providerOptions: {
+              anthropic: { cacheControl: { type: 'ephemeral' } },
+            },
+          },
+          { role: 'user', content: context },
+        ],
         tools,
         stopWhen: stepCountIs(10),
         maxOutputTokens: maxTokens,
       });
 
-      // Log LLM response
+      // Log LLM response. Cache metrics come from the Anthropic provider
+      // metadata — surfacing them lets `agent logs` show whether caching is
+      // landing. `cacheReadInputTokens` should grow on the 2nd+ iteration in
+      // a 5-min window; if it stays 0, the prefix isn't matching (usually
+      // because something upstream of the breakpoint is varying per call).
+      const anthropicMeta = result.providerMetadata?.anthropic || {};
       logActivity(agentDir, {
         type: 'llm_response',
         text: (result.text || '').slice(0, 500),
@@ -262,6 +284,8 @@ Guidelines:
           prompt: result.usage?.inputTokens || 0,
           completion: result.usage?.outputTokens || 0,
           total: result.usage?.totalTokens || 0,
+          cacheCreate: anthropicMeta.cacheCreationInputTokens || 0,
+          cacheRead: anthropicMeta.cacheReadInputTokens || 0,
         },
       });
 

package/src/commands/agent-local.js

@@ -919,6 +919,10 @@ export async function agentTaskAssignCommand(name, options = {}) {
       instruction: options.instruction,
       input: inputObj,
       priority: options.priority ? Number(options.priority) : 5,
+      // Identifies the agent making the request so the target's policy can
+      // match against `allowedAgents`. Server verifies the caller owns this
+      // handle; coarse villager/village checks still apply if absent.
+      ...(options.as && { callingAgentHandle: options.as }),
     });
     const task = result.task || result;
     console.log(brand.green(`  \u2713 Task ${task.id} assigned (${task.taskType}, status=${task.status}).\n`));

package/src/commands/agent-permissions.js

@@ -0,0 +1,172 @@
+import chalk from 'chalk';
+import { villageSpinner, brand } from '../utils/brand.js';
+import { isAuthenticated } from '../utils/auth.js';
+import {
+  listMyAgents,
+  getVillageAgentPolicy,
+  setVillageAgentPolicy,
+} from '../utils/api.js';
+
+// Resolve a CLI-friendly handle to the underlying VillageAgent id.
+async function resolveVillageAgentId(handle) {
+  const result = await listMyAgents();
+  const agents = result.data || result;
+  if (!Array.isArray(agents)) return null;
+  const match = agents.find(
+    (a) => a.handle === handle || a.villageAgent?.handle === handle,
+  );
+  if (!match) return null;
+  return match.villageAgent?.id || match.villageAgentId || match.id;
+}
+
+function printPolicy(policy) {
+  const { allowedAgents = [], allowedVillagers = [], allowedVillages = [] } = policy || {};
+  if (
+    allowedAgents.length === 0 &&
+    allowedVillagers.length === 0 &&
+    allowedVillages.length === 0
+  ) {
+    console.log(brand.teal('\n  Policy is empty — only the agent owner can assign tasks.\n'));
+    return;
+  }
+  console.log('');
+  console.log(chalk.bold('  Task-Assignment Allowlist'));
+  console.log('');
+  if (allowedAgents.length) {
+    console.log(`  ${chalk.dim('Agents    ')}  ${allowedAgents.join(', ')}`);
+  }
+  if (allowedVillagers.length) {
+    console.log(`  ${chalk.dim('Villagers ')}  ${allowedVillagers.join(', ')}`);
+  }
+  if (allowedVillages.length) {
+    console.log(`  ${chalk.dim('Villages  ')}  ${allowedVillages.join(', ')}`);
+  }
+  console.log('');
+}
+
+function fail(message) {
+  console.log(chalk.red(`  ✗ ${message}`));
+  process.exitCode = 1;
+}
+
+async function loadCurrentPolicy(agentId) {
+  const result = await getVillageAgentPolicy(agentId);
+  return {
+    allowedAgents: [],
+    allowedVillagers: [],
+    allowedVillages: [],
+    ...(result.policy || {}),
+  };
+}
+
+export async function agentPermissionsShowCommand(handle) {
+  if (!isAuthenticated()) return fail('Authentication required. Run `myvillage login` first.');
+
+  const spinner = villageSpinner(`Loading policy for ${handle}...`).start();
+  try {
+    const agentId = await resolveVillageAgentId(handle);
+    if (!agentId) {
+      spinner.fail(`No agent found with handle: ${handle}`);
+      return;
+    }
+    const policy = await loadCurrentPolicy(agentId);
+    spinner.stop();
+    printPolicy(policy);
+  } catch (err) {
+    const message = err.response?.data?.error || err.message;
+    spinner.fail(`Failed to load policy: ${message}`);
+  }
+}
+
+export async function agentPermissionsAllowCommand(handle, options) {
+  if (!isAuthenticated()) return fail('Authentication required. Run `myvillage login` first.');
+
+  const newAgents = toArray(options.agent);
+  const newVillagers = toArray(options.villager);
+  const newVillages = toArray(options.village);
+
+  if (newAgents.length + newVillagers.length + newVillages.length === 0) {
+    return fail('Specify at least one of --agent, --villager, or --village');
+  }
+
+  const spinner = villageSpinner(`Updating policy for ${handle}...`).start();
+  try {
+    const agentId = await resolveVillageAgentId(handle);
+    if (!agentId) {
+      spinner.fail(`No agent found with handle: ${handle}`);
+      return;
+    }
+    const current = await loadCurrentPolicy(agentId);
+    const next = {
+      allowedAgents: union(current.allowedAgents, newAgents),
+      allowedVillagers: union(current.allowedVillagers, newVillagers),
+      allowedVillages: union(current.allowedVillages, newVillages),
+    };
+    const result = await setVillageAgentPolicy(agentId, next);
+    spinner.succeed(`Allowlist updated for ${handle}`);
+    printPolicy(result.policy);
+  } catch (err) {
+    const data = err.response?.data;
+    if (data?.unknown?.length) {
+      spinner.fail(`Unknown entries: ${data.unknown.join(', ')}`);
+      return;
+    }
+    const message = data?.error || err.message;
+    spinner.fail(`Failed to update policy: ${message}`);
+  }
+}
+
+export async function agentPermissionsRevokeCommand(handle, options) {
+  if (!isAuthenticated()) return fail('Authentication required. Run `myvillage login` first.');
+
+  const dropAgents = toArray(options.agent);
+  const dropVillagers = toArray(options.villager);
+  const dropVillages = toArray(options.village);
+  const clearAll = options.all === true;
+
+  if (
+    !clearAll &&
+    dropAgents.length + dropVillagers.length + dropVillages.length === 0
+  ) {
+    return fail('Specify --all to clear, or at least one of --agent/--villager/--village');
+  }
+
+  const spinner = villageSpinner(`Updating policy for ${handle}...`).start();
+  try {
+    const agentId = await resolveVillageAgentId(handle);
+    if (!agentId) {
+      spinner.fail(`No agent found with handle: ${handle}`);
+      return;
+    }
+    const next = clearAll
+      ? { allowedAgents: [], allowedVillagers: [], allowedVillages: [] }
+      : await (async () => {
+          const current = await loadCurrentPolicy(agentId);
+          return {
+            allowedAgents: difference(current.allowedAgents, dropAgents),
+            allowedVillagers: difference(current.allowedVillagers, dropVillagers),
+            allowedVillages: difference(current.allowedVillages, dropVillages),
+          };
+        })();
+    const result = await setVillageAgentPolicy(agentId, next);
+    spinner.succeed(`Allowlist updated for ${handle}`);
+    printPolicy(result.policy);
+  } catch (err) {
+    const message = err.response?.data?.error || err.message;
+    spinner.fail(`Failed to update policy: ${message}`);
+  }
+}
+
+function toArray(v) {
+  if (!v) return [];
+  return Array.isArray(v) ? v : [v];
+}
+
+function union(a, b) {
+  return Array.from(new Set([...(a || []), ...b]));
+}
+
+function difference(a, b) {
+  const drop = new Set(b);
+  return (a || []).filter((x) => !drop.has(x));
+}

package/src/index.js

@@ -50,6 +50,11 @@ import {
   agentLeaveCommand,
   agentRunCommand,
 } from './commands/agent.js';
+import {
+  agentPermissionsShowCommand,
+  agentPermissionsAllowCommand,
+  agentPermissionsRevokeCommand,
+} from './commands/agent-permissions.js';
 import {
   agentStartCommand,
   agentStopCommand,
@@ -419,6 +424,33 @@ export function run() {
     .description('Deactivate an agent')
     .action(agentDeleteCommand);
 
+  // ── Agent permissions (task-assignment allowlist) ───
+  const agentPermissionsCmd = agentCmd
+    .command('permissions')
+    .description('Manage who else can assign tasks to this agent');
+
+  agentPermissionsCmd
+    .command('show <handle>')
+    .description('Show the task-assignment allowlist for an agent')
+    .action(agentPermissionsShowCommand);
+
+  agentPermissionsCmd
+    .command('allow <handle>')
+    .description('Add entries to the allowlist (repeat flags to add multiple)')
+    .option('-a, --agent <handle...>', 'AgentProfile handle, e.g. teacher_mvp')
+    .option('-v, --villager <id...>', 'Villager id, e.g. MVP-99057')
+    .option('-V, --village <id...>', 'Village id, e.g. VLG-JAX-001')
+    .action(agentPermissionsAllowCommand);
+
+  agentPermissionsCmd
+    .command('revoke <handle>')
+    .description('Remove entries from the allowlist, or pass --all to clear it')
+    .option('-a, --agent <handle...>', 'AgentProfile handle to remove')
+    .option('-v, --villager <id...>', 'Villager id to remove')
+    .option('-V, --village <id...>', 'Village id to remove')
+    .option('--all', 'Clear the entire allowlist (back to owner-only)')
+    .action(agentPermissionsRevokeCommand);
+
   agentCmd
     .command('join <handle> <community-slug>')
     .description('Join a community as an agent')
@@ -509,6 +541,7 @@ export function run() {
     .option('--instruction <text>', 'Free-text instruction (required for CLIENT_TASK)')
     .option('--input <json>', 'JSON-encoded structured input payload')
     .option('--priority <n>', 'Priority 1-10 (lower runs first)', '5')
+    .option('--as <handle>', "Handle of the agent making this call (matches target's allowedAgents policy)")
     .action(agentTaskAssignCommand);
 
   agentCmd

package/src/utils/api.js

@@ -616,6 +616,28 @@ export async function updateVillageAgent(id, data) {
   return response.data;
 }
 
+// ── Task-assignment policy ──────────────────────────────
+// Controls which non-owner callers (other villagers / their agents) may POST
+// tasks to this agent's queue. Server stores readable identifiers:
+//   { allowedAgents: ["handle"], allowedVillagers: ["MVP-..."], allowedVillages: ["VLG-..."] }
+
+export async function getVillageAgentPolicy(villageAgentId) {
+  const client = getPlatformClient();
+  const response = await client.get(
+    `/village-agents/${encodeURIComponent(villageAgentId)}/policy`,
+  );
+  return response.data;
+}
+
+export async function setVillageAgentPolicy(villageAgentId, policy) {
+  const client = getPlatformClient();
+  const response = await client.put(
+    `/village-agents/${encodeURIComponent(villageAgentId)}/policy`,
+    policy,
+  );
+  return response.data;
+}
+
 // ── Agent Task Queue ────────────────────────────────────
 
 export async function listAgentTasks(villageAgentId, params = {}) {