axexec 1.6.1 → 2.0.1

package/dist/run-agent.js

@@ -4,12 +4,16 @@
 import { installCredentials, cleanupCredentials, } from "./credentials/install-credentials.js";
 import { buildPermissionsConfig } from "./build-permissions-config.js";
 import { validateAgent } from "./validate-agent.js";
+import { validateCwd } from "./validate-cwd.js";
 import { parseCredentialsFromEnvironment } from "./parse-credentials.js";
 import { buildExecutionMetadata } from "./build-execution-metadata.js";
 import { executeAgent } from "./execute-agent.js";
 import { resolveDiagnostics, resolveExitCodeSetter, } from "./resolve-run-diagnostics.js";
 /**
- * Runs an agent with full isolation.
+ * Runs an agent with credential/config isolation.
+ *
+ * Note: axexec is not an OS sandbox. It runs agents in a non-interactive,
+ * permissive mode by default and should not be treated as a security boundary.
  *
  * 1. Validates the agent ID
  * 2. Uses provided credentials or parses from environment
@@ -35,12 +39,28 @@ async function runAgent(agentId, options) {
         };
     }
     const { adapter } = validation;
-    // Validate --model format for OpenCode (reject "provider/model" format)
-    if (validation.agentId === "opencode" && options.model?.includes("/")) {
-        const [provider, model] = options.model.split("/", 2);
+    // Validate cwd if provided (for programmatic API consumers)
+    if (options.cwd) {
+        const cwdValidation = await validateCwd(options.cwd);
+        if (!cwdValidation.ok) {
+            diagnostics.error(`Error: ${cwdValidation.error}`);
+            setExitCode(2);
+            return {
+                events: [],
+                success: false,
+                execution: { agent: validation.agentId, model: options.model },
+            };
+        }
+    }
+    // Validate --model format for OpenCode (reject "provider/model" format only when --provider is missing).
+    // Many legitimate model IDs contain slashes (e.g., nvidia/nemotron, google/gemma).
+    if (validation.agentId === "opencode" &&
+        !options.provider &&
+        options.model?.includes("/")) {
+        const [providerPart, modelPart] = options.model.split("/", 2);
         diagnostics.error(`Error: Model format 'provider/model' is no longer supported.\n` +
             `Use separate --provider and --model flags instead:\n` +
-            `  --provider ${provider} --model ${model}`);
+            `  --provider ${providerPart} --model ${modelPart}`);
         setExitCode(2);
         return {
             events: [],
@@ -63,20 +83,15 @@ async function runAgent(agentId, options) {
     }
     // Credentials are optional; isolation still applies even when none are found.
     const credentials = credentialsResult.credentials;
-    if (credentials && credentials.agent !== validation.agentId) {
-        diagnostics.error("Error: Credentials agent mismatch. " +
-            `Expected ${validation.agentId}, got ${credentials.agent}.`);
-        setExitCode(2);
-        return {
-            events: [],
-            success: false,
-            execution: { agent: validation.agentId, model: options.model },
-        };
-    }
+    // Normalize provider to lowercase for OpenCode (all OpenCode provider IDs are lowercase).
+    // This ensures consistent behavior for both CLI and programmatic API users.
+    const normalizedOptions = validation.agentId === "opencode" && options.provider
+        ? { ...options, provider: options.provider.toLowerCase() }
+        : options;
     // Always create isolated runtime directories; install credentials if provided.
     let credentialResult;
     try {
-        credentialResult = await installCredentials(validation.agentId, credentials, diagnostics.warn);
+        credentialResult = await installCredentials(validation.agentId, credentials, normalizedOptions.provider, diagnostics.warn);
     }
     catch (error) {
         const message = error instanceof Error ? error.message : String(error);
@@ -112,6 +127,6 @@ async function runAgent(agentId, options) {
         configEnvironment = configResult.env;
     }
     // Execute agent
-    return executeAgent(validation.agentId, adapter, options, configEnvironment, credentialResult, credentials, preserveConfigDirectory, diagnostics.error);
+    return executeAgent(validation.agentId, adapter, normalizedOptions, configEnvironment, credentialResult, credentials, preserveConfigDirectory, diagnostics.error);
 }
 export { runAgent };

package/dist/types/run-result.d.ts

@@ -10,6 +10,10 @@ interface RunAgentDiagnostics {
 }
 interface RunAgentOptions {
     prompt: string;
+    /**
+     * Working directory for the agent process.
+     */
+    cwd?: string;
     /**
      * Credentials to use. If not provided, parses from environment variables.
      * Accepts the canonical Credentials shape shared across ax* packages.

package/dist/validate-cwd.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Validate --cwd option points to an existing directory.
+ */
+type ValidateCwdResult = {
+    ok: true;
+} | {
+    ok: false;
+    error: string;
+};
+declare function validateCwd(cwd: string): Promise<ValidateCwdResult>;
+export { validateCwd };

package/dist/validate-cwd.js

@@ -0,0 +1,24 @@
+/**
+ * Validate --cwd option points to an existing directory.
+ */
+import { stat } from "node:fs/promises";
+async function validateCwd(cwd) {
+    try {
+        const stats = await stat(cwd);
+        if (!stats.isDirectory()) {
+            return {
+                ok: false,
+                error: `--cwd path is not a directory: ${cwd}`,
+            };
+        }
+        return { ok: true };
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+            ok: false,
+            error: `--cwd directory error: ${message}`,
+        };
+    }
+}
+export { validateCwd };

package/dist/validate-opencode-options.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Validate OpenCode-specific CLI options.
+ */
+type ProviderValidationResult = {
+    ok: true;
+    normalizedProvider: string | undefined;
+} | {
+    ok: false;
+    error: string;
+};
+/**
+ * Validate provider usage and OpenCode-specific options.
+ *
+ * - For non-OpenCode agents: provider must not be specified
+ * - For OpenCode: validates model format, requires provider
+ */
+declare function validateProviderOptions(agentId: string, model: string | undefined, provider: string | undefined): ProviderValidationResult;
+export { validateProviderOptions };

package/dist/validate-opencode-options.js

@@ -0,0 +1,50 @@
+/**
+ * Validate OpenCode-specific CLI options.
+ */
+/**
+ * Validate provider usage and OpenCode-specific options.
+ *
+ * - For non-OpenCode agents: provider must not be specified
+ * - For OpenCode: validates model format, requires provider
+ */
+function validateProviderOptions(agentId, model, provider) {
+    // --provider is only valid for OpenCode
+    if (provider && agentId !== "opencode") {
+        return {
+            ok: false,
+            error: "--provider is only supported for OpenCode agent",
+        };
+    }
+    // Non-OpenCode agents don't need further validation
+    if (agentId !== "opencode") {
+        return { ok: true, normalizedProvider: undefined };
+    }
+    // OpenCode-specific validation
+    return validateOpenCodeOptions(model, provider);
+}
+function validateOpenCodeOptions(model, provider) {
+    // Require --provider for OpenCode
+    if (!provider) {
+        // If model contains "/" and no provider given, suggest they might be using
+        // the old provider/model format, but primarily tell them --provider is required.
+        if (model?.includes("/")) {
+            const [providerPart, modelPart] = model.split("/", 2);
+            return {
+                ok: false,
+                error: `OpenCode requires --provider\n` +
+                    `If using the old 'provider/model' format, use separate flags:\n` +
+                    `  axexec -a opencode --provider ${providerPart} -m ${modelPart} ...`,
+            };
+        }
+        return {
+            ok: false,
+            error: `OpenCode requires --provider\n` +
+                `  axexec -a opencode --provider anthropic -m claude-sonnet-4 ...`,
+        };
+    }
+    // Normalize to lowercase to match OpenCode's provider ID format.
+    // OpenCode stores all provider IDs in lowercase (anthropic, openai, etc).
+    const normalizedProvider = provider.toLowerCase();
+    return { ok: true, normalizedProvider };
+}
+export { validateProviderOptions };

package/dist/validate-stdin-usage.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Validate stdin usage when credentials and prompt may both need stdin.
+ */
+type ValidateStdinResult = {
+    ok: true;
+} | {
+    ok: false;
+    error: string;
+};
+/**
+ * Validates that stdin usage is not conflicting.
+ *
+ * Returns an error if:
+ * - --credentials-file - is used with no prompt (both would read stdin)
+ * - --credentials-file - is used in interactive TTY mode (requires piping)
+ */
+declare function validateStdinUsage(credentialsFile: string | undefined, needsStdinPrompt: boolean, isTTY: boolean | undefined): ValidateStdinResult;
+export { validateStdinUsage };

package/dist/validate-stdin-usage.js

@@ -0,0 +1,28 @@
+/**
+ * Validate stdin usage when credentials and prompt may both need stdin.
+ */
+/**
+ * Validates that stdin usage is not conflicting.
+ *
+ * Returns an error if:
+ * - --credentials-file - is used with no prompt (both would read stdin)
+ * - --credentials-file - is used in interactive TTY mode (requires piping)
+ */
+function validateStdinUsage(credentialsFile, needsStdinPrompt, isTTY) {
+    if (credentialsFile === "-" && needsStdinPrompt) {
+        return {
+            ok: false,
+            error: "Cannot read both prompt and credentials from stdin\n" +
+                "Provide the prompt via --prompt or positional argument when using --credentials-file -",
+        };
+    }
+    if (credentialsFile === "-" && isTTY) {
+        return {
+            ok: false,
+            error: "Cannot read credentials from stdin in interactive mode\n" +
+                "Pipe credentials JSON to stdin or use a file path instead of '-'",
+        };
+    }
+    return { ok: true };
+}
+export { validateStdinUsage };

package/package.json

@@ -2,7 +2,7 @@
   "name": "axexec",
   "author": "Łukasz Jerciński",
   "license": "MIT",
-  "version": "1.6.1",
+  "version": "2.0.1",
   "description": "Unified CLI runner for AI coding agents with normalized event streaming",
   "repository": {
     "type": "git",
@@ -59,27 +59,27 @@
     "automation",
     "coding-assistant"
   ],
-  "packageManager": "pnpm@10.28.0",
+  "packageManager": "pnpm@10.28.1",
   "engines": {
     "node": ">=22.14.0"
   },
   "dependencies": {
     "@commander-js/extra-typings": "^14.0.0",
     "axconfig": "^3.6.3",
-    "axshared": "^4.0.0",
+    "axshared": "^5.0.0",
     "commander": "^14.0.2",
     "zod": "^4.3.5"
   },
   "devDependencies": {
     "@total-typescript/ts-reset": "^0.6.1",
-    "@types/node": "^25.0.9",
+    "@types/node": "^25.0.10",
     "@vitest/coverage-v8": "^4.0.17",
     "eslint": "^9.39.2",
     "eslint-config-axkit": "^1.1.0",
     "fta-check": "^1.5.1",
     "fta-cli": "^3.0.0",
-    "knip": "^5.82.0",
-    "prettier": "3.8.0",
+    "knip": "^5.82.1",
+    "prettier": "3.8.1",
     "semantic-release": "^25.0.2",
     "typescript": "^5.9.3",
     "vitest": "^4.0.17"