@opentrust/cli 7.0.0 → 7.1.0

package/README.md

@@ -14,48 +14,68 @@ Or run directly with `npx`:
 npx @opentrust/cli <command>
 ```
 
-## Prerequisites
+## Quick Start
 
-- **Node.js** >= 18
-- **pnpm** >= 9 (Dashboard uses pnpm monorepo)
-- Clone the [opentrust](https://github.com/opentrust-dev/opentrust) repo first
+```bash
+# 1. Initialize project (clone repo into current directory)
+mkdir my-project && cd my-project
+opentrust init
 
-## Usage
+# 2a. Local mode — install dependencies and start
+opentrust setup
+opentrust start
 
-Navigate to your opentrust project directory, then:
+# 2b. Docker mode — build and start via Docker Compose
+opentrust start --docker
+```
 
-```bash
-# Install all dependencies, build, and initialize databases
-opentrust setup
+## Commands
 
-# Start all services (core + dashboard + gateway)
-opentrust start
+| Command | Description |
+|---------|-------------|
+| `opentrust init` | Clone OpenTrust repository into current directory |
+| `opentrust setup` | Install dependencies, build, and initialize databases |
+| `opentrust start [service]` | Start services (core, dashboard, gateway, or all) |
+| `opentrust stop [service]` | Stop services |
+| `opentrust status` | Show status of all services |
+| `opentrust logs <service>` | Tail logs for a service |
 
-# Start a single service
-opentrust start core
+### Docker Mode
 
-# Check status of all services
-opentrust status
+All service commands support `--docker` (`-d`) flag to use Docker Compose:
 
-# Stop all services
-opentrust stop
+```bash
+opentrust start --docker        # docker compose up -d --build
+opentrust stop --docker         # docker compose down
+opentrust status --docker       # docker compose ps + health checks
+opentrust logs --docker core    # docker compose logs core
+opentrust setup --docker        # docker compose build
+```
 
-# Stop a single service
-opentrust stop gateway
+### Init Options
 
-# View logs
-opentrust logs core
-opentrust logs dashboard -f        # follow mode
-opentrust logs gateway -n 100      # last 100 lines
+```bash
+opentrust init --repo <url>     # Custom git repository URL
+opentrust init --branch <name>  # Specific branch (default: main)
 ```
 
 ## Services
 
 | Service | Port | Description |
 |---------|------|-------------|
-| **Core** | 53666 | Security engine — content detection (S01-S10), behavior assessment, Agent registry |
-| **Dashboard** | 53667/53668 | Management panel — Agent assets, risk graph, policy management, detection logs |
-| **Gateway** | 8900 | AI security gateway — LLM API proxy with automatic PII/credential sanitization |
+| **Core** | 53666 | Security engine — content detection (S01-S10), behavior assessment |
+| **Dashboard** | 53667/53668 | Management panel — Agent assets, risk graph, policies, logs |
+| **Gateway** | 8900 | AI security gateway — LLM API proxy with PII/credential sanitization |
+
+## Prerequisites
+
+**Docker mode (recommended):**
+- Docker >= 20.10
+- Docker Compose >= 2.0
+
+**Local mode:**
+- Node.js >= 18 (Gateway requires >= 22)
+- pnpm >= 9 (Dashboard uses pnpm monorepo)
 
 ## Environment Variables
 

package/dist/commands/init.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare function registerInitCommand(program: Command): void;

package/dist/commands/init.js

@@ -0,0 +1,75 @@
+import { execSync } from "node:child_process";
+import fs from "node:fs";
+import path from "node:path";
+const DEFAULT_REPO = "https://github.com/anthropics/opentrust.git";
+export function registerInitCommand(program) {
+    program
+        .command("init")
+        .description("Initialize OpenTrust project (clone repository into current directory)")
+        .option("--repo <url>", "Git repository URL", DEFAULT_REPO)
+        .option("--branch <name>", "Git branch to clone", "main")
+        .action(async (options) => {
+        const cwd = process.cwd();
+        const pkgPath = path.join(cwd, "package.json");
+        if (fs.existsSync(pkgPath)) {
+            try {
+                const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
+                if (pkg.name === "opentrust") {
+                    console.log("OpenTrust project already exists in current directory.");
+                    console.log("Run 'opentrust setup' to install dependencies.");
+                    return;
+                }
+            }
+            catch { }
+        }
+        try {
+            execSync("git --version", { stdio: "ignore" });
+        }
+        catch {
+            console.error("Error: git is not installed. Please install git first.");
+            process.exit(1);
+        }
+        const isEmpty = fs.readdirSync(cwd).filter(f => !f.startsWith(".")).length === 0;
+        const targetDir = isEmpty ? cwd : path.join(cwd, "opentrust");
+        if (!isEmpty && fs.existsSync(targetDir)) {
+            console.error(`Directory already exists: ${targetDir}`);
+            console.error("Remove it or choose a different location.");
+            process.exit(1);
+        }
+        console.log("Initializing OpenTrust project...\n");
+        console.log(`  Repository: ${options.repo}`);
+        console.log(`  Branch:     ${options.branch}`);
+        console.log(`  Target:     ${targetDir}\n`);
+        try {
+            if (isEmpty) {
+                execSync(`git clone --depth 1 --branch ${options.branch} ${options.repo} .`, { cwd, stdio: "inherit" });
+            }
+            else {
+                execSync(`git clone --depth 1 --branch ${options.branch} ${options.repo} opentrust`, { cwd, stdio: "inherit" });
+            }
+        }
+        catch {
+            console.error("\nFailed to clone repository.");
+            process.exit(1);
+        }
+        console.log("\n-------------------------------------------");
+        console.log("OpenTrust project initialized!");
+        console.log("-------------------------------------------\n");
+        if (isEmpty) {
+            console.log("Next steps:");
+            console.log("  opentrust setup          # Install dependencies (local mode)");
+            console.log("  opentrust start          # Start all services\n");
+            console.log("Or use Docker:");
+            console.log("  opentrust start --docker # Start via Docker Compose");
+        }
+        else {
+            console.log("Next steps:");
+            console.log("  cd opentrust");
+            console.log("  opentrust setup          # Install dependencies (local mode)");
+            console.log("  opentrust start          # Start all services\n");
+            console.log("Or use Docker:");
+            console.log("  cd opentrust");
+            console.log("  opentrust start --docker # Start via Docker Compose");
+        }
+    });
+}

package/dist/commands/logs.js

@@ -1,13 +1,27 @@
 import { spawn } from "node:child_process";
 import fs from "node:fs";
 import { SERVICES, getAllServiceKeys } from "../lib/process-manager.js";
+import { requireProject } from "../lib/paths.js";
+import { dockerLogs, getAllDockerServiceKeys } from "../lib/docker-manager.js";
 export function registerLogsCommand(program) {
     program
         .command("logs <service>")
         .description("Tail logs for a service (core, dashboard, gateway)")
         .option("-n, --lines <n>", "Number of lines to show", "50")
         .option("-f, --follow", "Follow log output", false)
+        .option("-d, --docker", "Use Docker Compose logs")
         .action(async (service, options) => {
+        if (options.docker) {
+            requireProject();
+            if (!getAllDockerServiceKeys().includes(service)) {
+                console.error(`Unknown service: ${service}`);
+                console.error(`Available: ${getAllDockerServiceKeys().join(", ")}`);
+                process.exit(1);
+            }
+            dockerLogs(service, options);
+            return;
+        }
+        requireProject();
         const svc = SERVICES[service];
         if (!svc) {
             console.error(`Unknown service: ${service}`);

package/dist/commands/setup.js

@@ -1,11 +1,19 @@
 import { execSync } from "node:child_process";
 import fs from "node:fs";
-import { paths } from "../lib/paths.js";
+import { paths, requireProject } from "../lib/paths.js";
+import { dockerSetup } from "../lib/docker-manager.js";
 export function registerSetupCommand(program) {
     program
         .command("setup")
         .description("Install dependencies, build, and initialize databases")
-        .action(async () => {
+        .option("-d, --docker", "Build Docker images instead of local setup")
+        .action(async (options) => {
+        if (options.docker) {
+            requireProject();
+            dockerSetup();
+            return;
+        }
+        requireProject();
         console.log("OpenTrust Setup\n");
         const steps = [
             {

package/dist/commands/start.js

@@ -1,9 +1,23 @@
 import { startService, getAllServiceKeys, SERVICES } from "../lib/process-manager.js";
+import { requireProject } from "../lib/paths.js";
+import { dockerStart, getAllDockerServiceKeys } from "../lib/docker-manager.js";
 export function registerStartCommand(program) {
     program
         .command("start [service]")
         .description("Start services (core, dashboard, gateway, or all)")
-        .action(async (service) => {
+        .option("-d, --docker", "Use Docker Compose to start services")
+        .action(async (service, options) => {
+        if (options.docker) {
+            requireProject();
+            if (service && !getAllDockerServiceKeys().includes(service)) {
+                console.error(`Unknown service: ${service}`);
+                console.error(`Available: ${getAllDockerServiceKeys().join(", ")}`);
+                process.exit(1);
+            }
+            dockerStart(service);
+            return;
+        }
+        requireProject();
         const keys = service ? [service] : getAllServiceKeys();
         for (const key of keys) {
             if (!SERVICES[key]) {

package/dist/commands/status.js

@@ -1,9 +1,18 @@
 import { getStatus, checkHealth, getAllServiceKeys, SERVICES } from "../lib/process-manager.js";
+import { requireProject } from "../lib/paths.js";
+import { dockerStatus } from "../lib/docker-manager.js";
 export function registerStatusCommand(program) {
     program
         .command("status")
         .description("Show status of all OpenTrust services")
-        .action(async () => {
+        .option("-d, --docker", "Show Docker Compose service status")
+        .action(async (options) => {
+        if (options.docker) {
+            requireProject();
+            await dockerStatus();
+            return;
+        }
+        requireProject();
         console.log("OpenTrust Service Status\n");
         const keys = getAllServiceKeys();
         for (const key of keys) {

package/dist/commands/stop.js

@@ -1,9 +1,23 @@
 import { stopService, getAllServiceKeys, SERVICES } from "../lib/process-manager.js";
+import { requireProject } from "../lib/paths.js";
+import { dockerStop, getAllDockerServiceKeys } from "../lib/docker-manager.js";
 export function registerStopCommand(program) {
     program
         .command("stop [service]")
         .description("Stop services (core, dashboard, gateway, or all)")
-        .action(async (service) => {
+        .option("-d, --docker", "Use Docker Compose to stop services")
+        .action(async (service, options) => {
+        if (options.docker) {
+            requireProject();
+            if (service && !getAllDockerServiceKeys().includes(service)) {
+                console.error(`Unknown service: ${service}`);
+                console.error(`Available: ${getAllDockerServiceKeys().join(", ")}`);
+                process.exit(1);
+            }
+            dockerStop(service);
+            return;
+        }
+        requireProject();
         const keys = service ? [service] : getAllServiceKeys();
         for (const key of keys) {
             if (!SERVICES[key]) {

package/dist/index.js

@@ -3,6 +3,7 @@ import { Command } from "commander";
 import { readFileSync } from "node:fs";
 import { fileURLToPath } from "node:url";
 import { dirname, join } from "node:path";
+import { registerInitCommand } from "./commands/init.js";
 import { registerStartCommand } from "./commands/start.js";
 import { registerStopCommand } from "./commands/stop.js";
 import { registerStatusCommand } from "./commands/status.js";
@@ -13,11 +14,12 @@ const pkg = JSON.parse(readFileSync(join(__dirname, "../package.json"), "utf-8")
 const program = new Command();
 program
     .name("opentrust")
-    .description("OpenTrust — manage local AI security services")
+    .description("OpenTrust — AI Agent Runtime Security Platform")
     .version(pkg.version);
+registerInitCommand(program);
+registerSetupCommand(program);
 registerStartCommand(program);
 registerStopCommand(program);
 registerStatusCommand(program);
-registerSetupCommand(program);
 registerLogsCommand(program);
 program.parse();

package/dist/lib/docker-manager.d.ts

@@ -0,0 +1,9 @@
+export declare function dockerStart(service?: string): void;
+export declare function dockerStop(service?: string): void;
+export declare function dockerStatus(): Promise<void>;
+export declare function dockerLogs(service: string, options: {
+    lines: string;
+    follow: boolean;
+}): void;
+export declare function dockerSetup(): void;
+export declare function getAllDockerServiceKeys(): string[];

package/dist/lib/docker-manager.js

@@ -0,0 +1,175 @@
+import { execSync, spawn } from "node:child_process";
+import fs from "node:fs";
+import path from "node:path";
+import { paths } from "./paths.js";
+const DOCKER_SERVICES = ["core", "dashboard", "gateway"];
+const SERVICE_PORTS = {
+    core: 53666,
+    dashboard: 53667,
+    gateway: 8900,
+};
+const HEALTH_URLS = {
+    core: "http://localhost:53666/health",
+    dashboard: "http://localhost:53667/health",
+    gateway: "http://localhost:8900/health",
+};
+function getComposeCwd() {
+    return paths.projectRoot;
+}
+function ensureDockerCompose() {
+    const composePath = path.join(getComposeCwd(), "docker-compose.yml");
+    if (!fs.existsSync(composePath)) {
+        console.error("docker-compose.yml not found in project root.");
+        console.error("Run 'opentrust init' first to initialize the project.");
+        process.exit(1);
+    }
+}
+function getComposeCommand() {
+    try {
+        execSync("docker compose version", { stdio: "ignore" });
+        return "docker compose";
+    }
+    catch {
+        try {
+            execSync("docker-compose --version", { stdio: "ignore" });
+            return "docker-compose";
+        }
+        catch {
+            console.error("Error: Docker Compose not found.");
+            console.error("Install Docker Desktop or Docker Compose: https://docs.docker.com/compose/install/");
+            process.exit(1);
+        }
+    }
+}
+export function dockerStart(service) {
+    ensureDockerCompose();
+    const compose = getComposeCommand();
+    const cwd = getComposeCwd();
+    const services = service ? service : "";
+    console.log(service
+        ? `Starting ${service} via Docker Compose...`
+        : "Starting all services via Docker Compose...");
+    try {
+        execSync(`${compose} up -d --build ${services}`, { cwd, stdio: "inherit" });
+    }
+    catch {
+        console.error("\nDocker Compose failed. Check the output above for details.");
+        process.exit(1);
+    }
+    console.log("\nUse 'opentrust status --docker' to check health.");
+    console.log("Use 'opentrust logs --docker <service>' to view output.");
+}
+export function dockerStop(service) {
+    ensureDockerCompose();
+    const compose = getComposeCommand();
+    const cwd = getComposeCwd();
+    if (service) {
+        console.log(`Stopping ${service} via Docker Compose...`);
+        try {
+            execSync(`${compose} stop ${service}`, { cwd, stdio: "inherit" });
+        }
+        catch {
+            console.error(`Failed to stop ${service}.`);
+        }
+    }
+    else {
+        console.log("Stopping all services via Docker Compose...");
+        try {
+            execSync(`${compose} down`, { cwd, stdio: "inherit" });
+        }
+        catch {
+            console.error("Failed to stop services.");
+        }
+    }
+}
+export async function dockerStatus() {
+    ensureDockerCompose();
+    const compose = getComposeCommand();
+    const cwd = getComposeCwd();
+    console.log("OpenTrust Service Status (Docker)\n");
+    let psOutput = "";
+    try {
+        psOutput = execSync(`${compose} ps --format json`, { cwd, encoding: "utf-8" });
+    }
+    catch {
+        // fallback to non-json
+        try {
+            execSync(`${compose} ps`, { cwd, stdio: "inherit" });
+        }
+        catch { }
+        return;
+    }
+    const containers = psOutput.trim()
+        ? psOutput.trim().split("\n").map(line => {
+            try {
+                return JSON.parse(line);
+            }
+            catch {
+                return null;
+            }
+        }).filter(Boolean)
+        : [];
+    for (const svcKey of DOCKER_SERVICES) {
+        const port = SERVICE_PORTS[svcKey];
+        const container = containers.find((c) => c.Service === svcKey || c.Name?.includes(`opentrust-${svcKey}`));
+        let running = false;
+        let healthy = false;
+        let statusText = "not created";
+        if (container) {
+            const state = (container.State || "").toLowerCase();
+            const health = (container.Health || "").toLowerCase();
+            running = state === "running";
+            healthy = health === "healthy";
+            statusText = running
+                ? healthy ? "running (healthy)" : "running (starting...)"
+                : state || "stopped";
+        }
+        const icon = running
+            ? healthy ? "\x1b[32m●\x1b[0m" : "\x1b[33m●\x1b[0m"
+            : "\x1b[31m●\x1b[0m";
+        const name = svcKey.charAt(0).toUpperCase() + svcKey.slice(1);
+        console.log(`  ${icon} ${name.padEnd(12)} ${statusText.padEnd(35)} port ${port}`);
+    }
+    console.log("");
+}
+export function dockerLogs(service, options) {
+    ensureDockerCompose();
+    const compose = getComposeCommand();
+    const cwd = getComposeCwd();
+    const args = [`--tail=${options.lines}`];
+    if (options.follow)
+        args.push("-f");
+    args.push(service);
+    const child = spawn(compose.split(" ")[0], [...compose.split(" ").slice(1), "logs", ...args], {
+        cwd,
+        stdio: "inherit",
+    });
+    child.on("error", (err) => {
+        console.error(`Failed to get logs: ${err.message}`);
+    });
+    process.on("SIGINT", () => {
+        child.kill();
+        process.exit(0);
+    });
+}
+export function dockerSetup() {
+    ensureDockerCompose();
+    const compose = getComposeCommand();
+    const cwd = getComposeCwd();
+    console.log("OpenTrust Setup (Docker)\n");
+    console.log("Building Docker images...\n");
+    try {
+        execSync(`${compose} build`, { cwd, stdio: "inherit" });
+    }
+    catch {
+        console.error("\nDocker build failed. Check the output above for details.");
+        process.exit(1);
+    }
+    console.log("\n-------------------------------------------");
+    console.log("Setup complete!");
+    console.log("-------------------------------------------");
+    console.log("\nRun 'opentrust start --docker' to launch all services.");
+}
+export function getAllDockerServiceKeys() {
+    return [...DOCKER_SERVICES];
+}

package/dist/lib/paths.d.ts

@@ -1,3 +1,6 @@
+export declare function isProjectAvailable(): boolean;
+export declare function requireProject(): void;
+export declare function hasDockerCompose(): boolean;
 export declare const paths: {
     projectRoot: string;
     runtime: string;

package/dist/lib/paths.js

@@ -44,6 +44,24 @@ function isOpenTrustRoot(dir) {
     }
 }
 const projectRoot = findProjectRoot();
+export function isProjectAvailable() {
+    return isOpenTrustRoot(projectRoot);
+}
+export function requireProject() {
+    if (!isProjectAvailable()) {
+        console.error("OpenTrust project not found in current directory.");
+        console.error("");
+        console.error("To initialize a new project:");
+        console.error("  opentrust init");
+        console.error("");
+        console.error("Or set OPENTRUST_HOME to point to your project:");
+        console.error("  export OPENTRUST_HOME=/path/to/opentrust");
+        process.exit(1);
+    }
+}
+export function hasDockerCompose() {
+    return fs.existsSync(path.join(projectRoot, "docker-compose.yml"));
+}
 /** ~/.opentrust/ — runtime data (pid files, logs) */
 const runtimeDir = path.join(os.homedir(), ".opentrust");
 export const paths = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opentrust/cli",
-  "version": "7.0.0",
+  "version": "7.1.0",
   "description": "CLI tool to manage OpenTrust AI Agent Runtime Security Platform — setup, start, stop, status, logs",
   "type": "module",
   "bin": {