autark-cli 0.4.0 → 0.4.2

package/autark.mjs

@@ -859,10 +859,84 @@ async function mail(command, rest) {
   if (command === 'suppress')   return mailSuppress(rest)
   if (command === 'unsuppress') return mailUnsuppress(rest)
   if (command === 'suppressed') return mailSuppressed(rest)
+  if (command === 'lint')       return mailLint(rest)
   mailUsage()
   process.exit(1)
 }
 
+// Read a draft from stdin or a @file path and grade against the AI-tells
+// rules defined in the outreach skill. Exits 0 on clean, 1 on violations.
+// The lint rules are intentionally aggressive and slightly opinionated —
+// the goal is to make agents abstain on slop, not to nitpick humans.
+async function mailLint(rest) {
+  const opts = parseArgs(rest)
+  let body = ''
+  if (opts.body && String(opts.body).startsWith('@')) {
+    body = fs.readFileSync(String(opts.body).slice(1), 'utf8')
+  } else if (opts._?.[0] && String(opts._[0]).startsWith('@')) {
+    body = fs.readFileSync(String(opts._[0]).slice(1), 'utf8')
+  } else if (!process.stdin.isTTY) {
+    body = await new Promise((resolve) => {
+      const chunks = []
+      process.stdin.on('data', (c) => chunks.push(c))
+      process.stdin.on('end', () => resolve(Buffer.concat(chunks).toString('utf8')))
+    })
+  } else {
+    console.error('autark mail lint: pass a draft via --body @./draft.txt or pipe on stdin')
+    process.exit(2)
+  }
+
+  const STRUCTURE_WORDS = [
+    'structurally', 'structurally different', 'fundamentally', 'specifically',
+    'essentially', 'actually', 'notably',
+    'the key insight', 'what this means is', 'the answer is', 'the trick is',
+    'that\'s exactly', 'that\'s precisely', 'that\'s the whole point',
+  ]
+
+  const violations = []
+  const lower = body.toLowerCase()
+
+  // 1. structure-words
+  for (const w of STRUCTURE_WORDS) {
+    if (lower.includes(w)) violations.push({ rule: 'structure-word', detail: w })
+  }
+  // 2. em-dash
+  if (/—/.test(body)) violations.push({ rule: 'em-dash', detail: 'use a period or comma instead' })
+  // 3. URLs in body (allow only inside markdown anchor [text](url) or HTML <a href>)
+  const urlMatches = body.match(/https?:\/\/[^\s<>"')]+/g) || []
+  for (const u of urlMatches) {
+    const idx = body.indexOf(u)
+    const before = body.slice(Math.max(0, idx - 40), idx)
+    const after = body.slice(idx + u.length, idx + u.length + 10)
+    const insideMdAnchor = /\]\(\s*$/.test(before)
+    const insideHtmlAnchor = /href\s*=\s*["'][^"']*$/.test(before) || /<a\b[^>]*$/.test(before)
+    if (!insideMdAnchor && !insideHtmlAnchor) violations.push({ rule: 'body-url', detail: u })
+  }
+  // 4. multiple question marks (more than one ? in the body)
+  const qmarks = (body.match(/\?/g) || []).length
+  if (qmarks > 1) violations.push({ rule: 'too-many-questions', detail: `${qmarks} question marks; cold outreach gets one max` })
+  // 5. compound question with "or" connecting clauses
+  const compoundQ = /\b(are|is|do|does|did|will|would|can|could|should|have|has)\b[^?]{0,200}\bor\b[^?]{0,200}\?/i
+  if (compoundQ.test(body)) violations.push({ rule: 'compound-question', detail: 'a/b question with "or" splits attention; ask one thing' })
+  // 6. body length (excluding signature heuristically)
+  const sigSplit = body.split(/\n\s*\n(?:best|thanks|cheers|—|-)[\s,]*\n/i)[0] || body
+  const len = sigSplit.trim().length
+  if (len > 400) violations.push({ rule: 'too-long', detail: `${len} chars of body; cold outreach should fit in ~400` })
+  // 7. signature presence: should have `- <name>` and an anchor (md or html)
+  const hasMdAnchor = /\[[^\]]+\]\(https?:\/\/[^)]+\)/.test(body)
+  const hasHtmlAnchor = /<a\b[^>]*href\s*=\s*["']https?:\/\/[^"']+["'][^>]*>[^<]+<\/a>/i.test(body)
+  if (!hasMdAnchor && !hasHtmlAnchor) {
+    violations.push({ rule: 'no-anchor-sig', detail: 'signature must include a clickable link via [name](url) or <a href="url">name</a>' })
+  }
+
+  if (violations.length === 0) {
+    console.log(JSON.stringify({ clean: true, length: len }, null, 2))
+    return
+  }
+  console.error(JSON.stringify({ clean: false, length: len, violations }, null, 2))
+  process.exit(1)
+}
+
 async function mailSuppress(rest) {
   const opts = parseArgs(rest)
   const entry = required(opts.email || opts._[0], 'email')
@@ -916,9 +990,10 @@ async function mailSend(rest) {
   rejectUnsendableAddress(to)
   const subject = opts.subject || ''
   const body = mailBody(opts, { to, subject })
+  const anchor = readAnchorOpts(opts)
   const dryRun = opts['dry-run'] === true || opts.dry_run === true
   if (dryRun) {
-    printJson({ dry_run: true, would_send: { inbox: creds.inboxId, to, subject, body } })
+    printJson({ dry_run: true, would_send: { inbox: creds.inboxId, to, subject, body, anchor } })
     return
   }
   const result = await agentmailRequest('POST', `/inboxes/${encodeURIComponent(creds.inboxId)}/messages/send`, body)
@@ -928,10 +1003,30 @@ async function mailSend(rest) {
     recipient: to.join(','),
     subject,
     response: result,
+    metadata: anchor ? { anchor_quote: anchor.quote, anchor_url: anchor.url } : {},
   })
   printJson({ ...result, autark_action_id: action?.id })
 }
 
+// Optional anchor-quote primitive. The cold-outreach skill recommends that
+// every send carry a verbatim quote from the recipient's public surface
+// (HN comment, GitHub issue, tweet) plus the URL it was lifted from. The
+// CLI doesn't (yet) enforce — when both are present they're validated and
+// logged into the action's metadata; when absent the send still goes
+// through. Flip to required once the prompt-side discipline catches up.
+function readAnchorOpts(opts) {
+  let quote = opts['anchor-quote'] || opts.anchor_quote
+  const url = opts['anchor-url'] || opts.anchor_url
+  if (quote && String(quote).startsWith('@')) {
+    quote = fs.readFileSync(String(quote).slice(1), 'utf8').trim()
+  }
+  if (!quote && !url) return null
+  if (!quote || !url) throw new Error('--anchor-quote and --anchor-url must both be provided (or both omitted)')
+  if (String(quote).length < 30) throw new Error(`--anchor-quote too short (${String(quote).length} chars); need >=30 chars of verbatim recipient text`)
+  if (!/^https?:\/\//.test(String(url))) throw new Error(`--anchor-url must be a full URL, got: ${url}`)
+  return { quote: String(quote).trim(), url: String(url).trim() }
+}
+
 async function mailReply(rest, mode) {
   const opts = parseArgs(rest)
   const creds = requireAgentmailCredentials()
@@ -1330,6 +1425,7 @@ function mailUsage() {
 
   setup       --prefix <name> [--force]
   send        --to <email[,email]> --subject <s> --text @body.txt [--run-id <id>] [--dry-run]
+              [--anchor-quote @./q.txt --anchor-url <url>]   record the recipient's verbatim public quote
   reply       --message-id <id> --text @reply.txt [--run-id <id>]
   reply-all   --message-id <id> --text @reply.txt [--run-id <id>]
   forward     --message-id <id> --to <email> [--text @body.txt] [--run-id <id>]
@@ -1343,10 +1439,12 @@ function mailUsage() {
   suppress    <email> [--reason "<text>"]    add to org-wide send-block list
   unsuppress  <email>                         remove from send-block list
   suppressed  [--limit N]                     list blocked addresses
+  lint        --body @draft.txt | <stdin>     grade a draft for AI-tells; exit 1 on violations
 
 Mail uses the inbox-scoped token in ~/.autark/credentials.json. Suppression
 verbs proxy through the autark worker (org-scoped). --dry-run prints the
-payload without hitting SES.`)
+payload without hitting SES. lint is fully local — runs the outreach skill's
+hard-fail checks against a draft.`)
 }
 
 function usage() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "autark-cli",
-  "version": "0.4.0",
+  "version": "0.4.2",
   "description": "CLI for autark \u2014 hypothesis-driven product runbooks. Track products, hypotheses, runs, and actions from the terminal.",
   "type": "module",
   "license": "MIT",