agentspd 1.0.0

package/dist/commands/auth.js

@@ -0,0 +1,226 @@
+import { Command } from 'commander';
+import inquirer from 'inquirer';
+import ora from 'ora';
+import { api } from '../api.js';
+import { setConfig, clearConfig, getConfig, isAuthenticated } from '../config.js';
+import * as output from '../output.js';
+export function createAuthCommand() {
+    const auth = new Command('auth')
+        .description('Authentication commands');
+    auth
+        .command('login')
+        .description('Log in to Emotos')
+        .option('-e, --email <email>', 'Email address')
+        .option('-p, --password <password>', 'Password')
+        .option('-k, --api-key <key>', 'Use API key instead of email/password')
+        .action(async (options) => {
+        if (options.apiKey) {
+            setConfig('apiKey', options.apiKey);
+            const spinner = ora('Verifying API key...').start();
+            const result = await api.me();
+            if (result.error) {
+                spinner.fail('Invalid API key');
+                clearConfig();
+                return;
+            }
+            spinner.succeed('Logged in successfully');
+            if (result.data) {
+                setConfig('orgId', result.data.org.id);
+                setConfig('orgName', result.data.org.name);
+                output.info(`Organization: ${result.data.org.name}`);
+            }
+            return;
+        }
+        let email = options.email;
+        let password = options.password;
+        if (!email) {
+            const answers = await inquirer.prompt([
+                {
+                    type: 'input',
+                    name: 'email',
+                    message: 'Email:',
+                    validate: (input) => input.includes('@') || 'Please enter a valid email',
+                },
+            ]);
+            email = answers.email;
+        }
+        if (!password) {
+            const answers = await inquirer.prompt([
+                {
+                    type: 'password',
+                    name: 'password',
+                    message: 'Password:',
+                    mask: '*',
+                },
+            ]);
+            password = answers.password;
+        }
+        const spinner = ora('Logging in...').start();
+        const result = await api.login(email, password);
+        if (result.error) {
+            spinner.fail('Login failed');
+            output.error(result.error.message);
+            return;
+        }
+        if (result.data) {
+            setConfig('sessionToken', result.data.sessionToken);
+            setConfig('orgId', result.data.org.id);
+            setConfig('orgName', result.data.org.name);
+            setConfig('userId', result.data.user.id);
+            setConfig('userName', result.data.user.name);
+            spinner.succeed(`Logged in as ${result.data.user.name}`);
+            output.info(`Organization: ${result.data.org.name}`);
+            output.info(`Role: ${result.data.user.role}`);
+        }
+    });
+    auth
+        .command('signup')
+        .description('Create a new Emotos account')
+        .option('-e, --email <email>', 'Email address')
+        .option('-p, --password <password>', 'Password')
+        .option('-n, --name <name>', 'Your name')
+        .option('-r, --role <role>', 'Role (provider or consumer)', 'provider')
+        .option('-o, --org-name <name>', 'Organization name')
+        .action(async (options) => {
+        let email = options.email;
+        let password = options.password;
+        let name = options.name;
+        let role = options.role;
+        let orgName = options.orgName;
+        const prompts = [];
+        if (!email) {
+            prompts.push({
+                type: 'input',
+                name: 'email',
+                message: 'Email:',
+                validate: (input) => input.includes('@') || 'Please enter a valid email',
+            });
+        }
+        if (!password) {
+            prompts.push({
+                type: 'password',
+                name: 'password',
+                message: 'Password (min 8 characters):',
+                mask: '*',
+                validate: (input) => input.length >= 8 || 'Password must be at least 8 characters',
+            });
+        }
+        if (!name) {
+            prompts.push({
+                type: 'input',
+                name: 'name',
+                message: 'Your name:',
+                validate: (input) => input.length > 0 || 'Name is required',
+            });
+        }
+        if (!role) {
+            prompts.push({
+                type: 'list',
+                name: 'role',
+                message: 'Select your role:',
+                choices: [
+                    { name: 'Agent Provider - I build and deploy AI agents', value: 'provider' },
+                    { name: 'Agent Consumer - I use AI agents and need to protect my systems', value: 'consumer' },
+                ],
+            });
+        }
+        if (!orgName) {
+            prompts.push({
+                type: 'input',
+                name: 'orgName',
+                message: 'Organization name (optional):',
+            });
+        }
+        if (prompts.length > 0) {
+            const answers = await inquirer.prompt(prompts);
+            email = email || answers.email;
+            password = password || answers.password;
+            name = name || answers.name;
+            role = role || answers.role;
+            orgName = orgName || answers.orgName;
+        }
+        const spinner = ora('Creating account...').start();
+        const result = await api.signup({ email, password, name, role, orgName: orgName || undefined });
+        if (result.error) {
+            spinner.fail('Signup failed');
+            output.error(result.error.message);
+            return;
+        }
+        if (result.data) {
+            setConfig('sessionToken', result.data.sessionToken);
+            setConfig('orgId', result.data.org.id);
+            setConfig('orgName', result.data.org.name);
+            setConfig('userId', result.data.user.id);
+            setConfig('userName', result.data.user.name);
+            spinner.succeed('Account created successfully!');
+            output.info(`Welcome, ${result.data.user.name}!`);
+            output.info(`Organization: ${result.data.org.name}`);
+            output.info(`Role: ${result.data.user.role}`);
+            console.log();
+            output.info('Next steps:');
+            console.log('  1. Create a security policy: emotos policies create');
+            console.log('  2. Register an agent: emotos agents create');
+            console.log('  3. Connect your agent via the MCP proxy');
+        }
+    });
+    auth
+        .command('logout')
+        .description('Log out of Emotos')
+        .action(async () => {
+        if (!isAuthenticated()) {
+            output.info('Not logged in');
+            return;
+        }
+        const spinner = ora('Logging out...').start();
+        await api.logout();
+        clearConfig();
+        spinner.succeed('Logged out successfully');
+    });
+    auth
+        .command('whoami')
+        .description('Show current user information')
+        .action(async () => {
+        if (!isAuthenticated()) {
+            output.error('Not logged in. Run `emotos auth login` first.');
+            return;
+        }
+        const spinner = ora('Fetching user info...').start();
+        const result = await api.me();
+        if (result.error) {
+            spinner.fail('Failed to fetch user info');
+            output.error(result.error.message);
+            return;
+        }
+        spinner.stop();
+        if (result.data) {
+            output.heading('Current User');
+            output.printKeyValue([
+                ['Name', result.data.user.name],
+                ['Email', result.data.user.email],
+                ['Role', result.data.user.role],
+                ['Organization', result.data.org.name],
+                ['Org ID', result.data.org.id],
+                ['Tier', result.data.org.tier],
+            ]);
+        }
+    });
+    auth
+        .command('status')
+        .description('Check authentication status')
+        .action(() => {
+        const config = getConfig();
+        if (!isAuthenticated()) {
+            output.error('Not authenticated');
+            output.info('Run `emotos auth login` to authenticate');
+            return;
+        }
+        output.success('Authenticated');
+        output.printKeyValue([
+            ['API URL', config.apiUrl],
+            ['Organization', config.orgName],
+            ['User', config.userName],
+            ['Auth Method', config.apiKey ? 'API Key' : 'Session'],
+        ]);
+    });
+    return auth;
+}

package/dist/commands/config-cmd.d.ts

@@ -0,0 +1,3 @@
+import { Command } from 'commander';
+export declare function createConfigCommand(): Command;
+//# sourceMappingURL=config-cmd.d.ts.map

package/dist/commands/config-cmd.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-cmd.d.ts","sourceRoot":"","sources":["../../src/commands/config-cmd.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAKpC,wBAAgB,mBAAmB,IAAI,OAAO,CAsH7C"}

package/dist/commands/config-cmd.js

@@ -0,0 +1,111 @@
+import { Command } from 'commander';
+import inquirer from 'inquirer';
+import * as configModule from '../config.js';
+import * as output from '../output.js';
+export function createConfigCommand() {
+    const config = new Command('config')
+        .description('Manage CLI configuration');
+    config
+        .command('list')
+        .alias('ls')
+        .description('Show all configuration values')
+        .option('--json', 'Output as JSON')
+        .action((options) => {
+        const cfg = configModule.getConfig();
+        if (options.json) {
+            // Hide sensitive values
+            const safe = {
+                ...cfg,
+                apiKey: cfg.apiKey ? '***' : undefined,
+                sessionToken: cfg.sessionToken ? '***' : undefined,
+            };
+            output.printJson(safe);
+        }
+        else {
+            output.heading('Configuration');
+            output.printKeyValue([
+                ['API URL', cfg.apiUrl],
+                ['Organization ID', cfg.orgId],
+                ['Organization Name', cfg.orgName],
+                ['User ID', cfg.userId],
+                ['User Name', cfg.userName],
+                ['Default Environment', cfg.defaultEnvironment],
+                ['Output Format', cfg.outputFormat],
+                ['Auth Method', cfg.apiKey ? 'API Key' : cfg.sessionToken ? 'Session' : 'None'],
+            ]);
+        }
+    });
+    config
+        .command('get <key>')
+        .description('Get a configuration value')
+        .action((key) => {
+        const cfg = configModule.getConfig();
+        const value = cfg[key];
+        if (value === undefined) {
+            output.error(`Unknown configuration key: ${key}`);
+            return;
+        }
+        // Hide sensitive values
+        if (key === 'apiKey' || key === 'sessionToken') {
+            console.log(value ? '***' : '(not set)');
+        }
+        else {
+            console.log(value);
+        }
+    });
+    config
+        .command('set <key> <value>')
+        .description('Set a configuration value')
+        .action((key, value) => {
+        const validKeys = ['apiUrl', 'defaultEnvironment', 'outputFormat'];
+        if (!validKeys.includes(key)) {
+            output.error(`Cannot set ${key}. Valid keys: ${validKeys.join(', ')}`);
+            return;
+        }
+        if (key === 'defaultEnvironment') {
+            const validEnvs = ['development', 'staging', 'production'];
+            if (!validEnvs.includes(value)) {
+                output.error(`Invalid environment. Valid values: ${validEnvs.join(', ')}`);
+                return;
+            }
+        }
+        if (key === 'outputFormat') {
+            const validFormats = ['table', 'json', 'yaml'];
+            if (!validFormats.includes(value)) {
+                output.error(`Invalid format. Valid values: ${validFormats.join(', ')}`);
+                return;
+            }
+        }
+        configModule.setConfig(key, value);
+        output.success(`Set ${key} = ${value}`);
+    });
+    config
+        .command('reset')
+        .description('Reset all configuration to defaults')
+        .option('-f, --force', 'Skip confirmation')
+        .action(async (options) => {
+        if (!options.force) {
+            const answers = await inquirer.prompt([
+                {
+                    type: 'confirm',
+                    name: 'confirm',
+                    message: 'Reset all configuration to defaults? This will log you out.',
+                    default: false,
+                },
+            ]);
+            if (!answers.confirm) {
+                output.info('Operation cancelled');
+                return;
+            }
+        }
+        configModule.clearConfig();
+        output.success('Configuration reset to defaults');
+    });
+    config
+        .command('path')
+        .description('Show configuration file path')
+        .action(() => {
+        console.log(configModule.config.path);
+    });
+    return config;
+}

package/dist/commands/index.d.ts

@@ -0,0 +1,9 @@
+export { createAuthCommand } from './auth.js';
+export { createAgentsCommand } from './agents.js';
+export { createPoliciesCommand } from './policies.js';
+export { createAuditCommand } from './audit.js';
+export { createThreatsCommand } from './threats.js';
+export { createWebhooksCommand } from './webhooks.js';
+export { createConfigCommand } from './config-cmd.js';
+export { createInitCommand } from './init.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/commands/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/commands/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC"}

package/dist/commands/index.js

@@ -0,0 +1,8 @@
+export { createAuthCommand } from './auth.js';
+export { createAgentsCommand } from './agents.js';
+export { createPoliciesCommand } from './policies.js';
+export { createAuditCommand } from './audit.js';
+export { createThreatsCommand } from './threats.js';
+export { createWebhooksCommand } from './webhooks.js';
+export { createConfigCommand } from './config-cmd.js';
+export { createInitCommand } from './init.js';

package/dist/commands/init.d.ts

@@ -0,0 +1,3 @@
+import { Command } from 'commander';
+export declare function createInitCommand(): Command;
+//# sourceMappingURL=init.d.ts.map

package/dist/commands/init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAuLpC,wBAAgB,iBAAiB,IAAI,OAAO,CA+H3C"}

package/dist/commands/init.js

@@ -0,0 +1,275 @@
+import { Command } from 'commander';
+import inquirer from 'inquirer';
+import ora from 'ora';
+import * as fs from 'node:fs';
+import { api } from '../api.js';
+import { setConfig, isAuthenticated } from '../config.js';
+import * as output from '../output.js';
+const CREDENTIAL_PATTERNS = [
+    { name: 'AWS access key', re: /AKIA[0-9A-Z]{16}/ },
+    { name: 'Private key', re: /-----BEGIN (RSA|DSA|EC|OPENSSH) PRIVATE KEY-----/ },
+    { name: 'Generic secret', re: /(?:secret|password|api[_-]?key)\s*[:=]\s*["']?[A-Za-z0-9_/+=]{20,}/ },
+];
+const SCAN_TARGETS = [
+    'openclaw.json',
+    '.env',
+    '.env.local',
+    '.env.development',
+    '.env.production',
+];
+const DEFAULT_POLICY_CONTENT = `version: "1.0"
+name: "default-policy"
+description: "Default security policy created by agentspd init"
+
+settings:
+  default_action: deny
+  require_identity: true
+
+tools:
+  - pattern: "read_*"
+    action: allow
+  - pattern: "exec_*"
+    action: deny
+    reason: "Shell execution not permitted"
+  - pattern: "web_*"
+    action: allow
+    rate_limit:
+      requests_per_minute: 10
+
+prompt_injection:
+  enabled: true
+  action: block
+
+exfiltration:
+  enabled: true
+  block_patterns:
+    - name: "aws_keys"
+      pattern: "AKIA[0-9A-Z]{16}"
+    - name: "private_keys"
+      pattern: "-----BEGIN (RSA|DSA|EC|OPENSSH) PRIVATE KEY-----"
+`;
+function scanForCredentials() {
+    const hits = [];
+    for (const target of SCAN_TARGETS) {
+        if (!fs.existsSync(target))
+            continue;
+        let content;
+        try {
+            content = fs.readFileSync(target, 'utf-8');
+        }
+        catch {
+            continue;
+        }
+        for (const { name, re } of CREDENTIAL_PATTERNS) {
+            if (re.test(content)) {
+                hits.push({ file: target, label: name });
+            }
+        }
+    }
+    return hits;
+}
+async function runSignup() {
+    console.log();
+    output.info('You need an account first. Let\'s create one.');
+    console.log();
+    const answers = await inquirer.prompt([
+        {
+            type: 'input',
+            name: 'email',
+            message: 'Email:',
+            validate: (input) => input.includes('@') || 'Please enter a valid email',
+        },
+        {
+            type: 'password',
+            name: 'password',
+            message: 'Password (min 8 characters):',
+            mask: '*',
+            validate: (input) => input.length >= 8 || 'Password must be at least 8 characters',
+        },
+        {
+            type: 'input',
+            name: 'name',
+            message: 'Your name:',
+            validate: (input) => input.length > 0 || 'Name is required',
+        },
+        {
+            type: 'input',
+            name: 'orgName',
+            message: 'Organization name:',
+            validate: (input) => input.length > 0 || 'Organization name is required',
+        },
+    ]);
+    const spinner = ora('Creating account...').start();
+    const result = await api.signup({
+        email: answers.email,
+        password: answers.password,
+        name: answers.name,
+        role: 'provider',
+        orgName: answers.orgName,
+    });
+    if (result.error) {
+        spinner.fail('Account creation failed');
+        output.error(result.error.message);
+        return false;
+    }
+    if (result.data) {
+        setConfig('sessionToken', result.data.sessionToken);
+        setConfig('orgId', result.data.org.id);
+        setConfig('orgName', result.data.org.name);
+        setConfig('userId', result.data.user.id);
+        setConfig('userName', result.data.user.name);
+        spinner.succeed(`Welcome, ${result.data.user.name}!`);
+    }
+    return true;
+}
+async function runLogin() {
+    console.log();
+    output.info('Log in to your existing account.');
+    console.log();
+    const answers = await inquirer.prompt([
+        {
+            type: 'input',
+            name: 'email',
+            message: 'Email:',
+            validate: (input) => input.includes('@') || 'Please enter a valid email',
+        },
+        {
+            type: 'password',
+            name: 'password',
+            message: 'Password:',
+            mask: '*',
+        },
+    ]);
+    const spinner = ora('Logging in...').start();
+    const result = await api.login(answers.email, answers.password);
+    if (result.error) {
+        spinner.fail('Login failed');
+        output.error(result.error.message);
+        return false;
+    }
+    if (result.data) {
+        setConfig('sessionToken', result.data.sessionToken);
+        setConfig('orgId', result.data.org.id);
+        setConfig('orgName', result.data.org.name);
+        setConfig('userId', result.data.user.id);
+        setConfig('userName', result.data.user.name);
+        spinner.succeed(`Logged in as ${result.data.user.name}`);
+    }
+    return true;
+}
+export function createInitCommand() {
+    return new Command('init')
+        .description('Initialize Emotos security for your project — end-to-end in one command')
+        .option('-n, --name <name>', 'Agent name (skips prompt)')
+        .action(async (options) => {
+        console.log();
+        console.log(output.highlight('  ╔═══════════════════════════════════════╗'));
+        console.log(output.highlight('  ║       agentspd init                   ║'));
+        console.log(output.highlight('  ╚═══════════════════════════════════════╝'));
+        console.log();
+        // ── 1. Auth ─────────────────────────────────────────────────────
+        if (!isAuthenticated()) {
+            const { action } = await inquirer.prompt([
+                {
+                    type: 'list',
+                    name: 'action',
+                    message: 'No account detected. What would you like to do?',
+                    choices: [
+                        { name: 'Create a new account', value: 'signup' },
+                        { name: 'Log in to existing account', value: 'login' },
+                    ],
+                },
+            ]);
+            const ok = action === 'signup' ? await runSignup() : await runLogin();
+            if (!ok)
+                return;
+            console.log();
+        }
+        // ── 2. Scan ─────────────────────────────────────────────────────
+        const scanSpinner = ora('🔍  Scanning for plaintext credentials...').start();
+        const hits = scanForCredentials();
+        if (hits.length > 0) {
+            scanSpinner.warn(`⚠️  ${hits.length} plaintext credential${hits.length === 1 ? '' : 's'} detected`);
+            for (const hit of hits) {
+                console.log(`     ${output.dim(`${hit.file} — ${hit.label}`)}`);
+            }
+            console.log();
+            output.warn('Move these secrets into environment variables or a secrets manager before deploying.');
+            console.log();
+        }
+        else {
+            scanSpinner.succeed('🔍  Scan complete — no plaintext credentials found');
+        }
+        // ── 3. Agent name ───────────────────────────────────────────────
+        let agentName = options.name;
+        if (!agentName) {
+            const answers = await inquirer.prompt([
+                {
+                    type: 'input',
+                    name: 'name',
+                    message: 'Agent name:',
+                    default: 'my-agent',
+                    validate: (input) => input.trim().length > 0 || 'Name is required',
+                },
+            ]);
+            agentName = answers.name;
+        }
+        // ── 4. Register agent ───────────────────────────────────────────
+        const registerSpinner = ora('📋  Registering agent identity...').start();
+        const agentResult = await api.createAgent({
+            name: agentName,
+            description: `Created by agentspd init`,
+            environment: 'development',
+        });
+        if (agentResult.error) {
+            registerSpinner.fail('Failed to register agent');
+            output.error(agentResult.error.message);
+            return;
+        }
+        const agent = agentResult.data;
+        registerSpinner.succeed(`✅  Agent "${agent.name}" registered  (ID: ${agent.id})`);
+        // Show API key if the server returned one
+        const apiKey = agent.metadata?.apiKey;
+        if (apiKey && typeof apiKey === 'string') {
+            output.printSecret('Agent API Key', apiKey);
+        }
+        // ── 5. Create & activate policy ─────────────────────────────────
+        const policySpinner = ora('🛡️  Creating security policy...').start();
+        const policyResult = await api.createPolicy({
+            name: `${agentName}-policy`,
+            description: 'Default deny-by-default policy from agentspd init',
+            content: DEFAULT_POLICY_CONTENT,
+        });
+        if (policyResult.error) {
+            policySpinner.warn('Could not create policy — you can add one later with `agentspd policies create`');
+        }
+        else {
+            const policy = policyResult.data;
+            // Activate it
+            await api.activatePolicy(policy.id);
+            policySpinner.succeed('🛡️  Security policy applied — deny by default');
+        }
+        // ── 6. Issue JWT ────────────────────────────────────────────────
+        const tokenSpinner = ora('🔑  Issuing JWT token...').start();
+        const tokenResult = await api.issueToken(agent.id, 3600);
+        if (tokenResult.error) {
+            tokenSpinner.warn('Could not issue token — run `agentspd agents token ' + agent.id + '` later');
+        }
+        else {
+            tokenSpinner.succeed('🔑  JWT token issued  (TTL: 3600s)');
+            output.printSecret('JWT Token', tokenResult.data.token);
+        }
+        // ── 7. Summary ──────────────────────────────────────────────────
+        console.log();
+        console.log(output.highlight('  📡  MCP proxy activated'));
+        console.log(output.highlight('  🔒  Audit trail armed — all activity signed'));
+        console.log();
+        console.log(output.highlight('  🚨  Patrol is active. Your agents are protected.'));
+        console.log();
+        output.heading('What\'s next');
+        console.log(`  Monitor your agent:   ${output.highlight(`agentspd agents monitor ${agent.id}`)}`);
+        console.log(`  View threats:         ${output.highlight('agentspd threats list')}`);
+        console.log(`  Review audit logs:    ${output.highlight('agentspd audit events')}`);
+        console.log();
+    });
+}

package/dist/commands/policies.d.ts

@@ -0,0 +1,3 @@
+import { Command } from 'commander';
+export declare function createPoliciesCommand(): Command;
+//# sourceMappingURL=policies.d.ts.map

package/dist/commands/policies.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policies.d.ts","sourceRoot":"","sources":["../../src/commands/policies.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAkDpC,wBAAgB,qBAAqB,IAAI,OAAO,CA8V/C"}