@opentrust/cli 7.0.0 → 7.1.1

package/README.md

@@ -1,6 +1,6 @@
 # @opentrust/cli
 
-CLI tool to manage [OpenTrust](https://github.com/opentrust-dev/opentrust) — an open-source AI Agent Runtime Security Platform.
+CLI tool to manage [OpenTrust](https://github.com/opentrust/opentrust) — an open-source AI Agent Runtime Security Platform.
 
 ## Install
 
@@ -14,48 +14,68 @@ Or run directly with `npx`:
 npx @opentrust/cli <command>
 ```
 
-## Prerequisites
+## Quick Start
 
-- **Node.js** >= 18
-- **pnpm** >= 9 (Dashboard uses pnpm monorepo)
-- Clone the [opentrust](https://github.com/opentrust-dev/opentrust) repo first
+```bash
+# 1. Initialize project (clone repo into current directory)
+mkdir my-project && cd my-project
+opentrust init
 
-## Usage
+# 2a. Local mode — install dependencies and start
+opentrust setup
+opentrust start
 
-Navigate to your opentrust project directory, then:
+# 2b. Docker mode — build and start via Docker Compose
+opentrust start --docker
+```
 
-```bash
-# Install all dependencies, build, and initialize databases
-opentrust setup
+## Commands
 
-# Start all services (core + dashboard + gateway)
-opentrust start
+| Command | Description |
+|---------|-------------|
+| `opentrust init` | Clone OpenTrust repository into current directory |
+| `opentrust setup` | Install dependencies, build, and initialize databases |
+| `opentrust start [service]` | Start services (core, dashboard, gateway, or all) |
+| `opentrust stop [service]` | Stop services |
+| `opentrust status` | Show status of all services |
+| `opentrust logs <service>` | Tail logs for a service |
 
-# Start a single service
-opentrust start core
+### Docker Mode
 
-# Check status of all services
-opentrust status
+All service commands support `--docker` (`-d`) flag to use Docker Compose:
 
-# Stop all services
-opentrust stop
+```bash
+opentrust start --docker        # docker compose up -d --build
+opentrust stop --docker         # docker compose down
+opentrust status --docker       # docker compose ps + health checks
+opentrust logs --docker core    # docker compose logs core
+opentrust setup --docker        # docker compose build
+```
 
-# Stop a single service
-opentrust stop gateway
+### Init Options
 
-# View logs
-opentrust logs core
-opentrust logs dashboard -f        # follow mode
-opentrust logs gateway -n 100      # last 100 lines
+```bash
+opentrust init --repo <url>     # Custom git repository URL
+opentrust init --branch <name>  # Specific branch (default: main)
 ```
 
 ## Services
 
 | Service | Port | Description |
 |---------|------|-------------|
-| **Core** | 53666 | Security engine — content detection (S01-S10), behavior assessment, Agent registry |
-| **Dashboard** | 53667/53668 | Management panel — Agent assets, risk graph, policy management, detection logs |
-| **Gateway** | 8900 | AI security gateway — LLM API proxy with automatic PII/credential sanitization |
+| **Core** | 53666 | Security engine — content detection (S01-S10), behavior assessment |
+| **Dashboard** | 53667/53668 | Management panel — Agent assets, risk graph, policies, logs |
+| **Gateway** | 8900 | AI security gateway — LLM API proxy with PII/credential sanitization |
+
+## Prerequisites
+
+**Docker mode (recommended):**
+- Docker >= 20.10
+- Docker Compose >= 2.0
+
+**Local mode:**
+- Node.js >= 18 (Gateway requires >= 22)
+- pnpm >= 9 (Dashboard uses pnpm monorepo)
 
 ## Environment Variables
 

package/dist/commands/init.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare function registerInitCommand(program: Command): void;

package/dist/commands/init.js

@@ -0,0 +1,94 @@
+import { execSync } from "node:child_process";
+import fs from "node:fs";
+import path from "node:path";
+const SCAFFOLD_PKG = {
+    name: "opentrust-project",
+    version: "1.0.0",
+    private: true,
+    description: "OpenTrust local deployment",
+    scripts: {
+        setup: "opentrust setup",
+        start: "opentrust start",
+        stop: "opentrust stop",
+        status: "opentrust status",
+    },
+    dependencies: {
+        "@opentrust/core": "^7.1.0",
+        "@opentrust/gateway": "^7.1.0",
+        "@opentrust/dashboard": "^7.1.0",
+    },
+};
+const ENV_TEMPLATE = `# OpenTrust Configuration
+
+# Dashboard
+DEV_MODE=true
+DASHBOARD_MODE=embedded
+DASHBOARD_DATA_DIR=./data
+
+# Core
+CORE_PORT=53666
+
+# Gateway
+GATEWAY_PORT=8900
+# ANTHROPIC_API_KEY=sk-ant-xxx
+# OPENAI_API_KEY=sk-xxx
+# GEMINI_API_KEY=xxx
+`;
+export function registerInitCommand(program) {
+    program
+        .command("init")
+        .description("Initialize an OpenTrust project (install packages via npm)")
+        .option("--registry <url>", "npm registry URL")
+        .action(async (options) => {
+        const cwd = process.cwd();
+        const pkgPath = path.join(cwd, "package.json");
+        if (fs.existsSync(pkgPath)) {
+            try {
+                const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
+                if (pkg.name === "opentrust" || pkg.name === "opentrust-project") {
+                    console.log("OpenTrust project already exists in current directory.");
+                    console.log("Run 'opentrust setup' to install dependencies.");
+                    return;
+                }
+            }
+            catch { }
+        }
+        console.log("Initializing OpenTrust project...\n");
+        // Write package.json
+        fs.writeFileSync(pkgPath, JSON.stringify(SCAFFOLD_PKG, null, 2) + "\n", "utf-8");
+        console.log("  Created package.json");
+        // Write .env
+        const envPath = path.join(cwd, ".env");
+        if (!fs.existsSync(envPath)) {
+            fs.writeFileSync(envPath, ENV_TEMPLATE, "utf-8");
+            console.log("  Created .env");
+        }
+        // Create data directory
+        const dataDir = path.join(cwd, "data");
+        if (!fs.existsSync(dataDir)) {
+            fs.mkdirSync(dataDir, { recursive: true });
+            console.log("  Created data/");
+        }
+        // Install dependencies
+        console.log("\nInstalling packages...\n");
+        const registryArg = options.registry ? ` --registry ${options.registry}` : "";
+        try {
+            execSync(`npm install${registryArg}`, { cwd, stdio: "inherit" });
+        }
+        catch {
+            console.error("\nnpm install failed. Check the output above for details.");
+            process.exit(1);
+        }
+        console.log("\n-------------------------------------------");
+        console.log("OpenTrust project initialized!");
+        console.log("-------------------------------------------\n");
+        console.log("Next steps:");
+        console.log("  opentrust setup    # Run database migrations");
+        console.log("  opentrust start    # Start all services");
+        console.log("  opentrust status   # Check service health\n");
+        console.log("Services:");
+        console.log("  Core       http://localhost:53666");
+        console.log("  Dashboard  http://localhost:53667/dashboard/");
+        console.log("  Gateway    http://localhost:8900");
+    });
+}

package/dist/commands/logs.js

@@ -1,13 +1,27 @@
 import { spawn } from "node:child_process";
 import fs from "node:fs";
 import { SERVICES, getAllServiceKeys } from "../lib/process-manager.js";
+import { requireProject } from "../lib/paths.js";
+import { dockerLogs, getAllDockerServiceKeys } from "../lib/docker-manager.js";
 export function registerLogsCommand(program) {
     program
         .command("logs <service>")
         .description("Tail logs for a service (core, dashboard, gateway)")
         .option("-n, --lines <n>", "Number of lines to show", "50")
         .option("-f, --follow", "Follow log output", false)
+        .option("-d, --docker", "Use Docker Compose logs")
         .action(async (service, options) => {
+        if (options.docker) {
+            requireProject();
+            if (!getAllDockerServiceKeys().includes(service)) {
+                console.error(`Unknown service: ${service}`);
+                console.error(`Available: ${getAllDockerServiceKeys().join(", ")}`);
+                process.exit(1);
+            }
+            dockerLogs(service, options);
+            return;
+        }
+        requireProject();
         const svc = SERVICES[service];
         if (!svc) {
             console.error(`Unknown service: ${service}`);

package/dist/commands/setup.js

@@ -1,57 +1,137 @@
 import { execSync } from "node:child_process";
 import fs from "node:fs";
-import { paths } from "../lib/paths.js";
+import path from "node:path";
+import { paths, requireProject, projectMode, projectRoot } from "../lib/paths.js";
+import { dockerSetup } from "../lib/docker-manager.js";
 export function registerSetupCommand(program) {
     program
         .command("setup")
         .description("Install dependencies, build, and initialize databases")
-        .action(async () => {
-        console.log("OpenTrust Setup\n");
-        const steps = [
-            {
-                label: "Core",
-                cwd: paths.core,
-                commands: ["npm install"],
-            },
-            {
-                label: "Dashboard",
-                cwd: paths.dashboard,
-                commands: [
-                    "pnpm install",
-                    "pnpm build",
-                    "pnpm db:generate",
-                    "pnpm db:migrate",
-                    "pnpm db:seed",
-                ],
-            },
-            {
-                label: "Gateway",
-                cwd: paths.gateway,
-                commands: ["npm install"],
-            },
-        ];
-        for (const step of steps) {
-            if (!fs.existsSync(step.cwd)) {
-                console.log(`  ⚠ ${step.label}: directory not found, skipping`);
-                continue;
+        .option("-d, --docker", "Build Docker images instead of local setup")
+        .action(async (options) => {
+        if (options.docker) {
+            requireProject();
+            dockerSetup();
+            return;
+        }
+        requireProject();
+        if (projectMode === "npm") {
+            runNpmSetup();
+        }
+        else {
+            runMonorepoSetup();
+        }
+    });
+}
+function runMonorepoSetup() {
+    console.log("OpenTrust Setup (monorepo)\n");
+    const steps = [
+        {
+            label: "Core",
+            cwd: paths.core,
+            commands: ["npm install"],
+        },
+        {
+            label: "Dashboard",
+            cwd: paths.dashboard,
+            commands: [
+                "pnpm install",
+                "pnpm build",
+                "pnpm db:generate",
+                "pnpm db:migrate",
+                "pnpm db:seed",
+            ],
+        },
+        {
+            label: "Gateway",
+            cwd: paths.gateway,
+            commands: ["npm install"],
+        },
+    ];
+    for (const step of steps) {
+        if (!fs.existsSync(step.cwd)) {
+            console.log(`  ⚠ ${step.label}: directory not found, skipping`);
+            continue;
+        }
+        console.log(`Setting up ${step.label}...`);
+        for (const cmd of step.commands) {
+            try {
+                console.log(`  $ ${cmd}`);
+                execSync(cmd, { cwd: step.cwd, stdio: "inherit" });
             }
-            console.log(`Setting up ${step.label}...`);
-            for (const cmd of step.commands) {
-                try {
-                    console.log(`  $ ${cmd}`);
-                    execSync(cmd, { cwd: step.cwd, stdio: "inherit" });
-                }
-                catch (err) {
-                    console.error(`  Failed: ${cmd}`);
-                    process.exit(1);
-                }
+            catch (err) {
+                console.error(`  Failed: ${cmd}`);
+                process.exit(1);
             }
-            console.log(`  ${step.label} ready.\n`);
         }
-        console.log("-------------------------------------------");
-        console.log("Setup complete!");
-        console.log("-------------------------------------------");
-        console.log("\nRun 'opentrust start' to launch all services.");
-        console.log("Or start individually: 'opentrust start core'");
-    });
+        console.log(`  ${step.label} ready.\n`);
+    }
+    printSetupDone();
+}
+function runNpmSetup() {
+    console.log("OpenTrust Setup (npm packages)\n");
+    const dataDir = path.join(projectRoot, "data");
+    if (!fs.existsSync(dataDir)) {
+        fs.mkdirSync(dataDir, { recursive: true });
+    }
+    const env = {
+        ...process.env,
+        DASHBOARD_DATA_DIR: dataDir,
+        DEV_MODE: "true",
+    };
+    // Load .env from project root if exists
+    const envFile = path.join(projectRoot, ".env");
+    if (fs.existsSync(envFile)) {
+        const content = fs.readFileSync(envFile, "utf-8");
+        for (const line of content.split("\n")) {
+            const trimmed = line.trim();
+            if (!trimmed || trimmed.startsWith("#"))
+                continue;
+            const eqIdx = trimmed.indexOf("=");
+            if (eqIdx > 0) {
+                const key = trimmed.slice(0, eqIdx).trim();
+                const val = trimmed.slice(eqIdx + 1).trim();
+                if (!env[key])
+                    env[key] = val;
+            }
+        }
+    }
+    // Run db:migrate
+    const migrateScript = path.join(projectRoot, "node_modules", "@opentrust", "db", "dist", "migrate.js");
+    if (fs.existsSync(migrateScript)) {
+        console.log("Running database migrations...");
+        try {
+            execSync(`node ${migrateScript}`, { cwd: projectRoot, stdio: "inherit", env });
+        }
+        catch {
+            console.error("  Migration failed.");
+            process.exit(1);
+        }
+        console.log("  Migrations complete.\n");
+    }
+    else {
+        console.log("  ⚠ @opentrust/db not found, skipping migrations.");
+        console.log("  Run 'npm install' first.\n");
+    }
+    // Run db:seed
+    const seedScript = path.join(projectRoot, "node_modules", "@opentrust", "db", "dist", "seed.js");
+    if (fs.existsSync(seedScript)) {
+        console.log("Seeding database...");
+        try {
+            execSync(`node ${seedScript}`, { cwd: projectRoot, stdio: "inherit", env });
+        }
+        catch {
+            console.error("  Seed failed.");
+            process.exit(1);
+        }
+        console.log("  Seed complete.\n");
+    }
+    printSetupDone();
+}
+function printSetupDone() {
+    console.log("-------------------------------------------");
+    console.log("Setup complete!");
+    console.log("-------------------------------------------");
+    console.log("\nRun 'opentrust start' to launch all services.");
+    console.log("Or start individually: 'opentrust start core'");
 }

package/dist/commands/start.js

@@ -1,9 +1,23 @@
 import { startService, getAllServiceKeys, SERVICES } from "../lib/process-manager.js";
+import { requireProject } from "../lib/paths.js";
+import { dockerStart, getAllDockerServiceKeys } from "../lib/docker-manager.js";
 export function registerStartCommand(program) {
     program
         .command("start [service]")
         .description("Start services (core, dashboard, gateway, or all)")
-        .action(async (service) => {
+        .option("-d, --docker", "Use Docker Compose to start services")
+        .action(async (service, options) => {
+        if (options.docker) {
+            requireProject();
+            if (service && !getAllDockerServiceKeys().includes(service)) {
+                console.error(`Unknown service: ${service}`);
+                console.error(`Available: ${getAllDockerServiceKeys().join(", ")}`);
+                process.exit(1);
+            }
+            dockerStart(service);
+            return;
+        }
+        requireProject();
         const keys = service ? [service] : getAllServiceKeys();
         for (const key of keys) {
             if (!SERVICES[key]) {

package/dist/commands/status.js

@@ -1,9 +1,18 @@
 import { getStatus, checkHealth, getAllServiceKeys, SERVICES } from "../lib/process-manager.js";
+import { requireProject } from "../lib/paths.js";
+import { dockerStatus } from "../lib/docker-manager.js";
 export function registerStatusCommand(program) {
     program
         .command("status")
         .description("Show status of all OpenTrust services")
-        .action(async () => {
+        .option("-d, --docker", "Show Docker Compose service status")
+        .action(async (options) => {
+        if (options.docker) {
+            requireProject();
+            await dockerStatus();
+            return;
+        }
+        requireProject();
         console.log("OpenTrust Service Status\n");
         const keys = getAllServiceKeys();
         for (const key of keys) {

package/dist/commands/stop.js

@@ -1,9 +1,23 @@
 import { stopService, getAllServiceKeys, SERVICES } from "../lib/process-manager.js";
+import { requireProject } from "../lib/paths.js";
+import { dockerStop, getAllDockerServiceKeys } from "../lib/docker-manager.js";
 export function registerStopCommand(program) {
     program
         .command("stop [service]")
         .description("Stop services (core, dashboard, gateway, or all)")
-        .action(async (service) => {
+        .option("-d, --docker", "Use Docker Compose to stop services")
+        .action(async (service, options) => {
+        if (options.docker) {
+            requireProject();
+            if (service && !getAllDockerServiceKeys().includes(service)) {
+                console.error(`Unknown service: ${service}`);
+                console.error(`Available: ${getAllDockerServiceKeys().join(", ")}`);
+                process.exit(1);
+            }
+            dockerStop(service);
+            return;
+        }
+        requireProject();
         const keys = service ? [service] : getAllServiceKeys();
         for (const key of keys) {
             if (!SERVICES[key]) {

package/dist/index.js

@@ -3,6 +3,7 @@ import { Command } from "commander";
 import { readFileSync } from "node:fs";
 import { fileURLToPath } from "node:url";
 import { dirname, join } from "node:path";
+import { registerInitCommand } from "./commands/init.js";
 import { registerStartCommand } from "./commands/start.js";
 import { registerStopCommand } from "./commands/stop.js";
 import { registerStatusCommand } from "./commands/status.js";
@@ -13,11 +14,12 @@ const pkg = JSON.parse(readFileSync(join(__dirname, "../package.json"), "utf-8")
 const program = new Command();
 program
     .name("opentrust")
-    .description("OpenTrust — manage local AI security services")
+    .description("OpenTrust — AI Agent Runtime Security Platform")
     .version(pkg.version);
+registerInitCommand(program);
+registerSetupCommand(program);
 registerStartCommand(program);
 registerStopCommand(program);
 registerStatusCommand(program);
-registerSetupCommand(program);
 registerLogsCommand(program);
 program.parse();

package/dist/lib/docker-manager.d.ts

@@ -0,0 +1,9 @@
+export declare function dockerStart(service?: string): void;
+export declare function dockerStop(service?: string): void;
+export declare function dockerStatus(): Promise<void>;
+export declare function dockerLogs(service: string, options: {
+    lines: string;
+    follow: boolean;
+}): void;
+export declare function dockerSetup(): void;
+export declare function getAllDockerServiceKeys(): string[];

package/dist/lib/docker-manager.js

@@ -0,0 +1,175 @@
+import { execSync, spawn } from "node:child_process";
+import fs from "node:fs";
+import path from "node:path";
+import { paths } from "./paths.js";
+const DOCKER_SERVICES = ["core", "dashboard", "gateway"];
+const SERVICE_PORTS = {
+    core: 53666,
+    dashboard: 53667,
+    gateway: 8900,
+};
+const HEALTH_URLS = {
+    core: "http://localhost:53666/health",
+    dashboard: "http://localhost:53667/health",
+    gateway: "http://localhost:8900/health",
+};
+function getComposeCwd() {
+    return paths.projectRoot;
+}
+function ensureDockerCompose() {
+    const composePath = path.join(getComposeCwd(), "docker-compose.yml");
+    if (!fs.existsSync(composePath)) {
+        console.error("docker-compose.yml not found in project root.");
+        console.error("Run 'opentrust init' first to initialize the project.");
+        process.exit(1);
+    }
+}
+function getComposeCommand() {
+    try {
+        execSync("docker compose version", { stdio: "ignore" });
+        return "docker compose";
+    }
+    catch {
+        try {
+            execSync("docker-compose --version", { stdio: "ignore" });
+            return "docker-compose";
+        }
+        catch {
+            console.error("Error: Docker Compose not found.");
+            console.error("Install Docker Desktop or Docker Compose: https://docs.docker.com/compose/install/");
+            process.exit(1);
+        }
+    }
+}
+export function dockerStart(service) {
+    ensureDockerCompose();
+    const compose = getComposeCommand();
+    const cwd = getComposeCwd();
+    const services = service ? service : "";
+    console.log(service
+        ? `Starting ${service} via Docker Compose...`
+        : "Starting all services via Docker Compose...");
+    try {
+        execSync(`${compose} up -d --build ${services}`, { cwd, stdio: "inherit" });
+    }
+    catch {
+        console.error("\nDocker Compose failed. Check the output above for details.");
+        process.exit(1);
+    }
+    console.log("\nUse 'opentrust status --docker' to check health.");
+    console.log("Use 'opentrust logs --docker <service>' to view output.");
+}
+export function dockerStop(service) {
+    ensureDockerCompose();
+    const compose = getComposeCommand();
+    const cwd = getComposeCwd();
+    if (service) {
+        console.log(`Stopping ${service} via Docker Compose...`);
+        try {
+            execSync(`${compose} stop ${service}`, { cwd, stdio: "inherit" });
+        }
+        catch {
+            console.error(`Failed to stop ${service}.`);
+        }
+    }
+    else {
+        console.log("Stopping all services via Docker Compose...");
+        try {
+            execSync(`${compose} down`, { cwd, stdio: "inherit" });
+        }
+        catch {
+            console.error("Failed to stop services.");
+        }
+    }
+}
+export async function dockerStatus() {
+    ensureDockerCompose();
+    const compose = getComposeCommand();
+    const cwd = getComposeCwd();
+    console.log("OpenTrust Service Status (Docker)\n");
+    let psOutput = "";
+    try {
+        psOutput = execSync(`${compose} ps --format json`, { cwd, encoding: "utf-8" });
+    }
+    catch {
+        // fallback to non-json
+        try {
+            execSync(`${compose} ps`, { cwd, stdio: "inherit" });
+        }
+        catch { }
+        return;
+    }
+    const containers = psOutput.trim()
+        ? psOutput.trim().split("\n").map(line => {
+            try {
+                return JSON.parse(line);
+            }
+            catch {
+                return null;
+            }
+        }).filter(Boolean)
+        : [];
+    for (const svcKey of DOCKER_SERVICES) {
+        const port = SERVICE_PORTS[svcKey];
+        const container = containers.find((c) => c.Service === svcKey || c.Name?.includes(`opentrust-${svcKey}`));
+        let running = false;
+        let healthy = false;
+        let statusText = "not created";
+        if (container) {
+            const state = (container.State || "").toLowerCase();
+            const health = (container.Health || "").toLowerCase();
+            running = state === "running";
+            healthy = health === "healthy";
+            statusText = running
+                ? healthy ? "running (healthy)" : "running (starting...)"
+                : state || "stopped";
+        }
+        const icon = running
+            ? healthy ? "\x1b[32m●\x1b[0m" : "\x1b[33m●\x1b[0m"
+            : "\x1b[31m●\x1b[0m";
+        const name = svcKey.charAt(0).toUpperCase() + svcKey.slice(1);
+        console.log(`  ${icon} ${name.padEnd(12)} ${statusText.padEnd(35)} port ${port}`);
+    }
+    console.log("");
+}
+export function dockerLogs(service, options) {
+    ensureDockerCompose();
+    const compose = getComposeCommand();
+    const cwd = getComposeCwd();
+    const args = [`--tail=${options.lines}`];
+    if (options.follow)
+        args.push("-f");
+    args.push(service);
+    const child = spawn(compose.split(" ")[0], [...compose.split(" ").slice(1), "logs", ...args], {
+        cwd,
+        stdio: "inherit",
+    });
+    child.on("error", (err) => {
+        console.error(`Failed to get logs: ${err.message}`);
+    });
+    process.on("SIGINT", () => {
+        child.kill();
+        process.exit(0);
+    });
+}
+export function dockerSetup() {
+    ensureDockerCompose();
+    const compose = getComposeCommand();
+    const cwd = getComposeCwd();
+    console.log("OpenTrust Setup (Docker)\n");
+    console.log("Building Docker images...\n");
+    try {
+        execSync(`${compose} build`, { cwd, stdio: "inherit" });
+    }
+    catch {
+        console.error("\nDocker build failed. Check the output above for details.");
+        process.exit(1);
+    }
+    console.log("\n-------------------------------------------");
+    console.log("Setup complete!");
+    console.log("-------------------------------------------");
+    console.log("\nRun 'opentrust start --docker' to launch all services.");
+}
+export function getAllDockerServiceKeys() {
+    return [...DOCKER_SERVICES];
+}

package/dist/lib/paths.d.ts

@@ -1,3 +1,13 @@
+export type ProjectMode = "monorepo" | "npm" | "none";
+export declare const projectMode: ProjectMode;
+export declare const projectRoot: string;
+export declare function isProjectAvailable(): boolean;
+export declare function requireProject(): void;
+export declare function hasDockerCompose(): boolean;
+/** Resolve a node_modules package entry point */
+export declare function resolveNpmPackage(packageName: string): string | null;
+/** Resolve a bin script from a node_modules package */
+export declare function resolveNpmBin(packageName: string, binName: string): string | null;
 export declare const paths: {
     projectRoot: string;
     runtime: string;

package/dist/lib/paths.js

@@ -3,35 +3,41 @@ import os from "node:os";
 import fs from "node:fs";
 import { fileURLToPath } from "node:url";
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
-function findProjectRoot() {
+function detectProjectMode() {
     // 1. OPENTRUST_HOME env var takes priority
     if (process.env.OPENTRUST_HOME) {
-        return path.resolve(process.env.OPENTRUST_HOME);
+        const dir = path.resolve(process.env.OPENTRUST_HOME);
+        if (isMonorepoRoot(dir))
+            return { mode: "monorepo", root: dir };
+        if (isNpmProject(dir))
+            return { mode: "npm", root: dir };
+        return { mode: "none", root: dir };
     }
-    // 2. Check if cwd looks like the opentrust project root
     const cwd = process.cwd();
-    if (isOpenTrustRoot(cwd)) {
-        return cwd;
-    }
-    // 3. Walk up from cwd looking for the project root
+    // 2. Check cwd
+    if (isMonorepoRoot(cwd))
+        return { mode: "monorepo", root: cwd };
+    if (isNpmProject(cwd))
+        return { mode: "npm", root: cwd };
+    // 3. Walk up from cwd
     let dir = cwd;
     while (true) {
         const parent = path.dirname(dir);
         if (parent === dir)
             break;
         dir = parent;
-        if (isOpenTrustRoot(dir))
-            return dir;
+        if (isMonorepoRoot(dir))
+            return { mode: "monorepo", root: dir };
+        if (isNpmProject(dir))
+            return { mode: "npm", root: dir };
     }
-    // 4. Fallback: resolve relative to __dirname (works inside monorepo)
+    // 4. Fallback: resolve relative to __dirname (within monorepo)
     const fallback = path.resolve(__dirname, "../../..");
-    if (isOpenTrustRoot(fallback)) {
-        return fallback;
-    }
-    // 5. Last resort: use cwd and let commands fail with meaningful errors
-    return cwd;
+    if (isMonorepoRoot(fallback))
+        return { mode: "monorepo", root: fallback };
+    return { mode: "none", root: cwd };
 }
-function isOpenTrustRoot(dir) {
+function isMonorepoRoot(dir) {
     try {
         const pkgPath = path.join(dir, "package.json");
         if (!fs.existsSync(pkgPath))
@@ -43,7 +49,57 @@ function isOpenTrustRoot(dir) {
         return false;
     }
 }
-const projectRoot = findProjectRoot();
+function isNpmProject(dir) {
+    try {
+        const pkgPath = path.join(dir, "package.json");
+        if (!fs.existsSync(pkgPath))
+            return false;
+        const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
+        if (pkg.name === "opentrust-project")
+            return true;
+        const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+        return !!deps["@opentrust/core"] || !!deps["@opentrust/dashboard"];
+    }
+    catch {
+        return false;
+    }
+}
+const detected = detectProjectMode();
+export const projectMode = detected.mode;
+export const projectRoot = detected.root;
+export function isProjectAvailable() {
+    return detected.mode !== "none";
+}
+export function requireProject() {
+    if (!isProjectAvailable()) {
+        console.error("OpenTrust project not found in current directory.");
+        console.error("");
+        console.error("To initialize a new project:");
+        console.error("  opentrust init");
+        console.error("");
+        console.error("Or set OPENTRUST_HOME to point to your project:");
+        console.error("  export OPENTRUST_HOME=/path/to/opentrust");
+        process.exit(1);
+    }
+}
+export function hasDockerCompose() {
+    return fs.existsSync(path.join(projectRoot, "docker-compose.yml"));
+}
+/** Resolve a node_modules package entry point */
+export function resolveNpmPackage(packageName) {
+    const entryPoints = [
+        path.join(projectRoot, "node_modules", packageName, "dist", "index.js"),
+        path.join(projectRoot, "node_modules", packageName, "index.js"),
+    ];
+    return entryPoints.find(p => fs.existsSync(p)) ?? null;
+}
+/** Resolve a bin script from a node_modules package */
+export function resolveNpmBin(packageName, binName) {
+    const binPath = path.join(projectRoot, "node_modules", ".bin", binName);
+    if (fs.existsSync(binPath))
+        return binPath;
+    return null;
+}
 /** ~/.opentrust/ — runtime data (pid files, logs) */
 const runtimeDir = path.join(os.homedir(), ".opentrust");
 export const paths = {

package/dist/lib/process-manager.d.ts

@@ -7,6 +7,7 @@ export interface ServiceDef {
     logFile: string;
     port: number;
     healthUrl?: string;
+    env?: Record<string, string>;
 }
 export declare const SERVICES: Record<string, ServiceDef>;
 export declare function startService(key: string): boolean;

package/dist/lib/process-manager.js

@@ -1,38 +1,91 @@
 import { spawn } from "node:child_process";
 import fs from "node:fs";
-import { paths } from "./paths.js";
-export const SERVICES = {
-    core: {
-        name: "Core",
-        cwd: paths.core,
-        command: "npx",
-        args: ["tsx", "src/index.ts"],
-        pidFile: paths.corePid,
-        logFile: paths.coreLog,
-        port: 53666,
-        healthUrl: "http://localhost:53666/health",
-    },
-    dashboard: {
-        name: "Dashboard",
-        cwd: paths.dashboard,
-        command: "npx",
-        args: ["turbo", "dev"],
-        pidFile: paths.dashboardPid,
-        logFile: paths.dashboardLog,
-        port: 53667,
-        healthUrl: "http://localhost:53667/health",
-    },
-    gateway: {
-        name: "Gateway",
-        cwd: paths.gateway,
-        command: "npx",
-        args: ["tsx", "src/index.ts"],
-        pidFile: paths.gatewayPid,
-        logFile: paths.gatewayLog,
-        port: 8900,
-        healthUrl: "http://localhost:8900/health",
-    },
-};
+import path from "node:path";
+import { paths, projectMode, projectRoot, resolveNpmPackage } from "./paths.js";
+function buildServices() {
+    if (projectMode === "npm") {
+        return buildNpmServices();
+    }
+    return buildMonorepoServices();
+}
+function buildMonorepoServices() {
+    return {
+        core: {
+            name: "Core",
+            cwd: paths.core,
+            command: "npx",
+            args: ["tsx", "src/index.ts"],
+            pidFile: paths.corePid,
+            logFile: paths.coreLog,
+            port: 53666,
+            healthUrl: "http://localhost:53666/health",
+        },
+        dashboard: {
+            name: "Dashboard",
+            cwd: paths.dashboard,
+            command: "npx",
+            args: ["turbo", "dev"],
+            pidFile: paths.dashboardPid,
+            logFile: paths.dashboardLog,
+            port: 53667,
+            healthUrl: "http://localhost:53667/health",
+        },
+        gateway: {
+            name: "Gateway",
+            cwd: paths.gateway,
+            command: "npx",
+            args: ["tsx", "src/index.ts"],
+            pidFile: paths.gatewayPid,
+            logFile: paths.gatewayLog,
+            port: 8900,
+            healthUrl: "http://localhost:8900/health",
+        },
+    };
+}
+function buildNpmServices() {
+    const coreEntry = resolveNpmPackage("@opentrust/core");
+    const dashboardEntry = resolveNpmPackage("@opentrust/dashboard");
+    const gatewayEntry = resolveNpmPackage("@opentrust/gateway");
+    const dataDir = path.join(projectRoot, "data");
+    return {
+        core: {
+            name: "Core",
+            cwd: projectRoot,
+            command: "node",
+            args: [coreEntry || "node_modules/@opentrust/core/dist/index.js"],
+            pidFile: paths.corePid,
+            logFile: paths.coreLog,
+            port: 53666,
+            healthUrl: "http://localhost:53666/health",
+        },
+        dashboard: {
+            name: "Dashboard",
+            cwd: projectRoot,
+            command: "node",
+            args: [dashboardEntry || "node_modules/@opentrust/dashboard/dist/index.js"],
+            pidFile: paths.dashboardPid,
+            logFile: paths.dashboardLog,
+            port: 53667,
+            healthUrl: "http://localhost:53667/health",
+            env: {
+                DASHBOARD_MODE: "embedded",
+                DEV_MODE: "true",
+                DASHBOARD_DATA_DIR: dataDir,
+            },
+        },
+        gateway: {
+            name: "Gateway",
+            cwd: projectRoot,
+            command: "node",
+            args: [gatewayEntry || "node_modules/@opentrust/gateway/dist/index.js"],
+            pidFile: paths.gatewayPid,
+            logFile: paths.gatewayLog,
+            port: 8900,
+            healthUrl: "http://localhost:8900/health",
+        },
+    };
+}
+export const SERVICES = buildServices();
 function ensureDirs() {
     for (const dir of [paths.runtime, paths.logs]) {
         if (!fs.existsSync(dir))
@@ -45,7 +98,7 @@ export function startService(key) {
         console.error(`Unknown service: ${key}`);
         return false;
     }
-    if (!fs.existsSync(svc.cwd)) {
+    if (projectMode === "monorepo" && !fs.existsSync(svc.cwd)) {
         console.error(`  ${svc.name}: directory not found at ${svc.cwd}`);
         return false;
     }
@@ -58,7 +111,7 @@ export function startService(key) {
     const logFd = fs.openSync(svc.logFile, "a");
     const child = spawn(svc.command, svc.args, {
         cwd: svc.cwd,
-        env: { ...process.env, FORCE_COLOR: "0" },
+        env: { ...process.env, FORCE_COLOR: "0", ...svc.env },
         stdio: ["ignore", logFd, logFd],
         detached: true,
     });
@@ -85,7 +138,6 @@ export function stopService(key) {
         return false;
     }
     try {
-        // Kill the process group (negative PID) to stop all children
         process.kill(-status.pid, "SIGTERM");
     }
     catch (err) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opentrust/cli",
-  "version": "7.0.0",
+  "version": "7.1.1",
   "description": "CLI tool to manage OpenTrust AI Agent Runtime Security Platform — setup, start, stop, status, logs",
   "type": "module",
   "bin": {
@@ -33,14 +33,14 @@
     "llm-security",
     "ai-agent"
   ],
-  "homepage": "https://github.com/opentrust-dev/opentrust#readme",
+  "homepage": "https://github.com/opentrust/opentrust#readme",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/opentrust-dev/opentrust.git",
+    "url": "git+https://github.com/opentrust/opentrust.git",
     "directory": "cli"
   },
   "bugs": {
-    "url": "https://github.com/opentrust-dev/opentrust/issues"
+    "url": "https://github.com/opentrust/opentrust/issues"
   },
   "author": "OpenTrust",
   "license": "Apache-2.0",