@orchagent/cli 0.2.22 → 0.2.23

package/README.md

@@ -1,6 +1,6 @@
-# OrchAgent CLI
+# orchagent CLI
 
-Minimal CLI for interacting with the OrchAgent platform.
+Minimal CLI for interacting with the orchagent platform.
 
 ## Commands
 

package/dist/commands/doctor.js

@@ -6,7 +6,7 @@ const output_1 = require("../lib/output");
 function registerDoctorCommand(program) {
     program
         .command('doctor')
-        .description('Diagnose setup issues with OrchAgent CLI')
+        .description('Diagnose setup issues with orchagent CLI')
         .option('-v, --verbose', 'Show detailed output for each check')
         .option('--json', 'Output results as JSON')
         .action(async (options) => {

package/dist/commands/github.js

@@ -55,7 +55,7 @@ function successHtml() {
 <html>
 <head>
   <meta charset="utf-8">
-  <title>OrchAgent CLI - GitHub Connected</title>
+  <title>orchagent CLI - GitHub Connected</title>
   <style>
     body {
       font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
@@ -114,7 +114,7 @@ function errorHtml(message) {
 <html>
 <head>
   <meta charset="utf-8">
-  <title>OrchAgent CLI - GitHub Connection Error</title>
+  <title>orchagent CLI - GitHub Connection Error</title>
   <style>
     body {
       font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;

package/dist/commands/login.js

@@ -23,7 +23,7 @@ async function promptForKey() {
 function registerLoginCommand(program) {
     program
         .command('login')
-        .description('Authenticate with OrchAgent via browser or API key')
+        .description('Authenticate with orchagent via browser or API key')
         .option('--key <key>', 'API key (for CI/CD, non-interactive)')
         .option('--port <port>', `Localhost port for browser callback (default: ${DEFAULT_AUTH_PORT})`, String(DEFAULT_AUTH_PORT))
         .action(async (options) => {

package/dist/commands/publish.js

@@ -13,6 +13,36 @@ const api_1 = require("../lib/api");
 const errors_1 = require("../lib/errors");
 const analytics_1 = require("../lib/analytics");
 const bundle_1 = require("../lib/bundle");
+/**
+ * Handle security flagged error response (422 with error: 'content_flagged')
+ * Returns true if the error was handled, false otherwise
+ */
+function handleSecurityFlaggedError(err) {
+    if (!(err instanceof api_1.ApiError) || err.status !== 422) {
+        return false;
+    }
+    const payload = err.payload;
+    if (payload?.error !== 'content_flagged') {
+        return false;
+    }
+    process.stderr.write('\n');
+    process.stderr.write('Error: Skill flagged for security review\n\n');
+    if (payload.concerns && payload.concerns.length > 0) {
+        process.stderr.write('Concerns found:\n');
+        for (const concern of payload.concerns) {
+            const severityLabel = concern.severity.toUpperCase();
+            const fileInfo = concern.file_path ? ` in ${concern.file_path}` : '';
+            process.stderr.write(`  [${severityLabel}] ${concern.category}${fileInfo}\n`);
+            process.stderr.write(`    "${concern.description}"\n\n`);
+        }
+    }
+    if (payload.summary) {
+        process.stderr.write(`Summary: ${payload.summary}\n\n`);
+    }
+    process.stderr.write('Please review and remove suspicious patterns before publishing.\n');
+    process.stderr.write('If you believe this is a false positive, contact support@orchagent.com\n');
+    return true;
+}
 /**
  * Check if orchagent-sdk is listed in requirements.txt or pyproject.toml
  */
@@ -60,6 +90,65 @@ async function parseSkillMd(filePath) {
         return null;
     }
 }
+/**
+ * Binary file extensions to skip when collecting skill files (SC-05)
+ */
+const BINARY_EXTENSIONS = new Set([
+    '.png', '.jpg', '.jpeg', '.gif', '.ico', '.webp', '.bmp', '.tiff',
+    '.pdf', '.zip', '.tar', '.gz', '.7z', '.rar',
+    '.exe', '.dll', '.so', '.dylib', '.bin',
+    '.woff', '.woff2', '.ttf', '.eot', '.otf',
+    '.mp3', '.mp4', '.wav', '.avi', '.mov', '.mkv',
+    '.pyc', '.pyo', '.class', '.o', '.obj',
+]);
+/**
+ * Collect all text files in the skill directory for SC-05 multi-file support
+ */
+async function collectSkillFiles(skillDir, maxFiles = 20, maxTotalSize = 500_000) {
+    const files = [];
+    let totalSize = 0;
+    async function walkDir(dir, relativePath = '') {
+        if (files.length >= maxFiles || totalSize >= maxTotalSize)
+            return;
+        const entries = await promises_1.default.readdir(dir, { withFileTypes: true });
+        for (const entry of entries) {
+            if (files.length >= maxFiles || totalSize >= maxTotalSize)
+                break;
+            const fullPath = path_1.default.join(dir, entry.name);
+            const relPath = relativePath ? `${relativePath}/${entry.name}` : entry.name;
+            // Skip hidden files and common non-content directories
+            if (entry.name.startsWith('.') || entry.name === 'node_modules' || entry.name === '__pycache__') {
+                continue;
+            }
+            if (entry.isDirectory()) {
+                await walkDir(fullPath, relPath);
+            }
+            else if (entry.isFile()) {
+                // Skip binary files
+                const ext = path_1.default.extname(entry.name).toLowerCase();
+                if (BINARY_EXTENSIONS.has(ext))
+                    continue;
+                try {
+                    const stat = await promises_1.default.stat(fullPath);
+                    if (totalSize + stat.size > maxTotalSize)
+                        continue;
+                    const content = await promises_1.default.readFile(fullPath, 'utf-8');
+                    files.push({
+                        path: relPath,
+                        content,
+                        size: stat.size,
+                    });
+                    totalSize += stat.size;
+                }
+                catch {
+                    // Skip files that can't be read (binary, permissions, etc.)
+                }
+            }
+        }
+    }
+    await walkDir(skillDir);
+    return files;
+}
 function registerPublishCommand(program) {
     program
         .command('publish')
@@ -86,10 +175,14 @@ function registerPublishCommand(program) {
         if (skillData) {
             // Publish as a skill (server auto-assigns version)
             const org = await (0, api_1.getOrg)(config);
+            // SC-05: Collect all files in the skill directory for multi-file support
+            const skillFiles = await collectSkillFiles(cwd);
+            const hasMultipleFiles = skillFiles.length > 1;
             // Handle dry-run for skills
             if (options.dryRun) {
                 const preview = await (0, api_1.previewAgentVersion)(config, skillData.frontmatter.name);
                 const skillBodyBytes = Buffer.byteLength(skillData.body, 'utf-8');
+                const totalFilesSize = skillFiles.reduce((sum, f) => sum + f.size, 0);
                 const versionInfo = preview.existing_versions.length > 0
                     ? `${preview.next_version} (new version, ${preview.existing_versions[preview.existing_versions.length - 1]} exists)`
                     : `${preview.next_version} (first version)`;
@@ -97,6 +190,9 @@ function registerPublishCommand(program) {
                 process.stderr.write('Validating...\n');
                 process.stderr.write(`  ✓ SKILL.md found and valid\n`);
                 process.stderr.write(`  ✓ Skill prompt (${skillBodyBytes.toLocaleString()} bytes)\n`);
+                if (hasMultipleFiles) {
+                    process.stderr.write(`  ✓ Skill files: ${skillFiles.length} files (${(totalFilesSize / 1024).toFixed(1)} KB)\n`);
+                }
                 process.stderr.write(`  ✓ Authentication valid (org: ${org.slug})\n`);
                 process.stderr.write('\nSkill Preview:\n');
                 process.stderr.write(`  Name:        ${skillData.frontmatter.name}\n`);
@@ -104,25 +200,47 @@ function registerPublishCommand(program) {
                 process.stderr.write(`  Version:     ${versionInfo}\n`);
                 process.stderr.write(`  Visibility:  ${options.public ? 'public' : 'private'}\n`);
                 process.stderr.write(`  Providers:   any\n`);
+                if (hasMultipleFiles) {
+                    process.stderr.write(`  Files:       ${skillFiles.length} files\n`);
+                    for (const f of skillFiles.slice(0, 5)) {
+                        process.stderr.write(`               - ${f.path}\n`);
+                    }
+                    if (skillFiles.length > 5) {
+                        process.stderr.write(`               ... and ${skillFiles.length - 5} more\n`);
+                    }
+                }
                 process.stderr.write(`\nWould publish: ${preview.org_slug}/${skillData.frontmatter.name}@${preview.next_version}\n`);
                 process.stderr.write(`API endpoint: POST ${config.apiUrl}/${preview.org_slug}/${skillData.frontmatter.name}/${preview.next_version}/run\n\n`);
                 process.stderr.write('No changes made (dry run)\n');
                 return;
             }
-            const skillResult = await (0, api_1.createAgent)(config, {
-                name: skillData.frontmatter.name,
-                type: 'skill',
-                description: skillData.frontmatter.description,
-                prompt: skillData.body,
-                is_public: options.public ? true : false,
-                supported_providers: ['any'],
-                default_skills: skillsFromFlag,
-                skills_locked: options.skillsLocked || undefined,
-            });
-            const skillVersion = skillResult.agent?.version || 'v1';
-            await (0, analytics_1.track)('cli_publish', { agent_type: 'skill' });
-            process.stdout.write(`\nPublished skill: ${org.slug}/${skillData.frontmatter.name}@${skillVersion}\n`);
-            process.stdout.write(`Public: ${options.public ? 'yes' : 'no'}\n`);
+            try {
+                const skillResult = await (0, api_1.createAgent)(config, {
+                    name: skillData.frontmatter.name,
+                    type: 'skill',
+                    description: skillData.frontmatter.description,
+                    prompt: skillData.body,
+                    is_public: options.public ? true : false,
+                    supported_providers: ['any'],
+                    default_skills: skillsFromFlag,
+                    skills_locked: options.skillsLocked || undefined,
+                    // SC-05: Include all skill files for UI preview
+                    skill_files: hasMultipleFiles ? skillFiles : undefined,
+                });
+                const skillVersion = skillResult.agent?.version || 'v1';
+                await (0, analytics_1.track)('cli_publish', { agent_type: 'skill', multi_file: hasMultipleFiles });
+                process.stdout.write(`\nPublished skill: ${org.slug}/${skillData.frontmatter.name}@${skillVersion}\n`);
+                if (hasMultipleFiles) {
+                    process.stdout.write(`Files: ${skillFiles.length} files included\n`);
+                }
+                process.stdout.write(`Public: ${options.public ? 'yes' : 'no'}\n`);
+            }
+            catch (err) {
+                if (handleSecurityFlaggedError(err)) {
+                    process.exit(1);
+                }
+                throw err;
+            }
             return;
         }
         // Read manifest
@@ -290,29 +408,38 @@ function registerPublishCommand(program) {
             return;
         }
         // Create the agent (server auto-assigns version)
-        const result = await (0, api_1.createAgent)(config, {
-            name: manifest.name,
-            type: manifest.type,
-            description: manifest.description,
-            prompt,
-            url: agentUrl,
-            input_schema: inputSchema,
-            output_schema: outputSchema,
-            tags: manifest.tags,
-            is_public: options.public ? true : false,
-            supported_providers: supportedProviders,
-            default_models: manifest.default_models,
-            // Local run fields for code agents
-            source_url: manifest.source_url,
-            pip_package: manifest.pip_package,
-            run_command: manifest.run_command,
-            // SDK compatibility flag
-            sdk_compatible: sdkCompatible || undefined,
-            // Orchestration manifest (includes dependencies)
-            manifest: manifest.manifest,
-            default_skills: skillsFromFlag || manifest.default_skills,
-            skills_locked: manifest.skills_locked || options.skillsLocked || undefined,
-        });
+        let result;
+        try {
+            result = await (0, api_1.createAgent)(config, {
+                name: manifest.name,
+                type: manifest.type,
+                description: manifest.description,
+                prompt,
+                url: agentUrl,
+                input_schema: inputSchema,
+                output_schema: outputSchema,
+                tags: manifest.tags,
+                is_public: options.public ? true : false,
+                supported_providers: supportedProviders,
+                default_models: manifest.default_models,
+                // Local run fields for code agents
+                source_url: manifest.source_url,
+                pip_package: manifest.pip_package,
+                run_command: manifest.run_command,
+                // SDK compatibility flag
+                sdk_compatible: sdkCompatible || undefined,
+                // Orchestration manifest (includes dependencies)
+                manifest: manifest.manifest,
+                default_skills: skillsFromFlag || manifest.default_skills,
+                skills_locked: manifest.skills_locked || options.skillsLocked || undefined,
+            });
+        }
+        catch (err) {
+            if (handleSecurityFlaggedError(err)) {
+                process.exit(1);
+            }
+            throw err;
+        }
         const assignedVersion = result.agent?.version || 'v1';
         const agentId = result.agent?.id;
         // Upload code bundle if this is a hosted code agent

package/dist/commands/skill.js

@@ -11,6 +11,7 @@ const config_1 = require("../lib/config");
 const api_1 = require("../lib/api");
 const errors_1 = require("../lib/errors");
 const analytics_1 = require("../lib/analytics");
+const package_json_1 = __importDefault(require("../../package.json"));
 const DEFAULT_VERSION = 'v1';
 /**
  * AI tool skill directories.
@@ -220,6 +221,11 @@ ${skillData.prompt}
             skill: `${org}/${parsed.skill}`,
             global: Boolean(options.global),
         });
+        // Report authenticated install to backend (fire-and-forget)
+        // This tracks unique installers for manipulation-resistant metrics
+        if (resolved.apiKey) {
+            (0, api_1.reportInstall)(resolved, org, parsed.skill, parsed.version, package_json_1.default.version).catch(() => { });
+        }
         process.stdout.write(`Installed ${org}/${parsed.skill}@${parsed.version}\n`);
         process.stdout.write(`\nAvailable for:\n`);
         for (const tool of installed) {

package/dist/commands/status.js

@@ -51,7 +51,7 @@ function formatLatency(latencyMs) {
 }
 function printHumanStatus(data) {
     const overallStatus = getOverallStatus(data.services);
-    process.stdout.write(`\nOrchAgent Status: ${overallStatus}\n\n`);
+    process.stdout.write(`\norchagent Status: ${overallStatus}\n\n`);
     for (const service of data.services) {
         const icon = getStatusIcon(service.status);
         const label = getStatusLabel(service.status);
@@ -64,7 +64,7 @@ function printHumanStatus(data) {
 function registerStatusCommand(program) {
     program
         .command('status')
-        .description('Check OrchAgent service status')
+        .description('Check orchagent service status')
         .option('--json', 'Output raw JSON')
         .action(async (options) => {
         try {

package/dist/index.js

@@ -53,12 +53,12 @@ const package_json_1 = __importDefault(require("../package.json"));
 const program = new commander_1.Command();
 program
     .name('orchagent')
-    .description('OrchAgent CLI')
+    .description('orchagent CLI')
     .version(package_json_1.default.version)
     .addHelpText('after', `
 Quick Reference:
   run   Download and run an agent locally (your machine)
-  call  Execute an agent on OrchAgent servers (requires login)
+  call  Execute an agent on orchagent servers (requires login)
   info  Show agent details and input/output schemas
 `);
 (0, commands_1.registerCommands)(program);

package/dist/lib/api.js

@@ -56,6 +56,7 @@ exports.downloadCodeBundleAuthenticated = downloadCodeBundleAuthenticated;
 exports.checkAgentDelete = checkAgentDelete;
 exports.deleteAgent = deleteAgent;
 exports.previewAgentVersion = previewAgentVersion;
+exports.reportInstall = reportInstall;
 const errors_1 = require("./errors");
 const DEFAULT_TIMEOUT_MS = 15000;
 async function safeFetch(url, options) {
@@ -301,3 +302,15 @@ async function deleteAgent(config, agentId, confirmationName) {
 async function previewAgentVersion(config, agentName) {
     return request(config, 'GET', `/agents/preview?name=${encodeURIComponent(agentName)}`);
 }
+/**
+ * Report a skill installation to the backend.
+ * Only tracks authenticated installs (requires API key).
+ * Fire-and-forget - errors are silently ignored.
+ */
+async function reportInstall(config, org, skill, version, cliVersion) {
+    if (!config.apiKey)
+        return;
+    await request(config, 'POST', `/agents/${org}/${skill}/${version}/install`, {
+        headers: { 'X-CLI-Version': cliVersion },
+    });
+}

package/dist/lib/browser-auth.js

@@ -160,7 +160,7 @@ function successHtml() {
 <html>
 <head>
   <meta charset="utf-8">
-  <title>OrchAgent CLI - Authentication Successful</title>
+  <title>orchagent CLI - Authentication Successful</title>
   <style>
     body {
       font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
@@ -219,7 +219,7 @@ function errorHtml(message) {
 <html>
 <head>
   <meta charset="utf-8">
-  <title>OrchAgent CLI - Authentication Error</title>
+  <title>orchagent CLI - Authentication Error</title>
   <style>
     body {
       font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;

package/dist/lib/bundle.js

@@ -2,7 +2,7 @@
 /**
  * Code bundling utilities for hosted code agents.
  *
- * Creates zip bundles from project directories for upload to OrchAgent.
+ * Creates zip bundles from project directories for upload to orchagent.
  */
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
@@ -91,7 +91,7 @@ const DEFAULT_EXCLUDES = [
     'pytest.ini',
     '.coveragerc',
     'coverage/**',
-    // OrchAgent
+    // orchagent
     'orchagent.json',
     'bundle.zip',
     '*.zip',

package/dist/lib/doctor/checks/connectivity.js

@@ -24,7 +24,7 @@ async function checkGatewayHealth() {
                     name: 'gateway_reachable',
                     status: 'error',
                     message: `Gateway returned ${response.status}`,
-                    fix: 'Check if OrchAgent API is operational at https://status.orchagent.io',
+                    fix: 'Check if orchagent API is operational at https://status.orchagent.io',
                     details: {
                         url: healthUrl,
                         status: response.status,

package/dist/lib/doctor/output.js

@@ -58,7 +58,7 @@ function groupByCategory(results) {
 function printHumanOutput(results, summary, verbose) {
     // Header
     process.stdout.write('\n');
-    process.stdout.write(chalk_1.default.bold('OrchAgent Doctor\n'));
+    process.stdout.write(chalk_1.default.bold('orchagent Doctor\n'));
     process.stdout.write('================\n\n');
     // Group and print results
     const groups = groupByCategory(results);

package/package.json

@@ -1,9 +1,9 @@
 {
   "name": "@orchagent/cli",
-  "version": "0.2.22",
-  "description": "Command-line interface for the OrchAgent AI agent marketplace",
+  "version": "0.2.23",
+  "description": "Command-line interface for the orchagent AI agent marketplace",
   "license": "MIT",
-  "author": "OrchAgent <hello@orchagent.io>",
+  "author": "orchagent <hello@orchagent.io>",
   "homepage": "https://orchagent.io",
   "repository": {
     "type": "git",