cisco-axl 2.0.0 → 2.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +26 -0
- package/.github/FUNDING.yml +1 -0
- package/.github/workflows/ci.yml +1 -1
- package/.github/workflows/release.yml +6 -6
- package/README.md +50 -272
- package/claude-hooks.json +30 -0
- package/cli/commands/add.js +15 -5
- package/cli/commands/config.js +17 -23
- package/cli/commands/doctor.js +134 -0
- package/cli/commands/execute.js +15 -5
- package/cli/commands/remove.js +1 -1
- package/cli/commands/sql.js +1 -1
- package/cli/commands/update.js +15 -5
- package/cli/index.js +15 -2
- package/cli/utils/config.js +19 -4
- package/cli/utils/confirm.js +34 -0
- package/cli/utils/connection.js +5 -1
- package/cli/utils/readonly.js +13 -18
- package/cli/utils/stdin.js +20 -0
- package/cli/utils/wordlist.js +9 -0
- package/docs/api.md +191 -0
- package/docs/claude-code-hooks.md +85 -0
- package/docs/cli.md +109 -0
- package/package.json +3 -2
- package/skills/cisco-axl-cli/SKILL.md +61 -11
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
# Claude Code Hooks for cisco-axl
|
|
2
|
+
|
|
3
|
+
[Claude Code hooks](https://docs.anthropic.com/en/docs/claude-code/hooks) let you enforce guardrails when AI agents use the CLI. The examples below block write operations so Claude can only read from CUCM.
|
|
4
|
+
|
|
5
|
+
## Quick Install
|
|
6
|
+
|
|
7
|
+
Install the write-safety hook with one command using [cc-hooks-install](https://github.com/sieteunoseis/cc-hooks-install):
|
|
8
|
+
|
|
9
|
+
```bash
|
|
10
|
+
npx cc-hooks-install add sieteunoseis/cisco-axl
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
This fetches the hook definitions from this repo, shows an interactive prompt to select which hooks to install, and merges them into your `~/.claude/settings.json`.
|
|
14
|
+
|
|
15
|
+
If you prefer to install manually, see below.
|
|
16
|
+
|
|
17
|
+
## Block Write Operations
|
|
18
|
+
|
|
19
|
+
Add this to your `~/.claude/settings.json` (global) or `.claude/settings.json` (project-level) under `hooks.PreToolUse`:
|
|
20
|
+
|
|
21
|
+
```json
|
|
22
|
+
{
|
|
23
|
+
"hooks": {
|
|
24
|
+
"PreToolUse": [
|
|
25
|
+
{
|
|
26
|
+
"matcher": "Bash",
|
|
27
|
+
"hooks": [
|
|
28
|
+
{
|
|
29
|
+
"type": "command",
|
|
30
|
+
"command": "jq -r '.tool_input.command' | { read -r cmd; if echo \"$cmd\" | grep -qE '^(npx )?cisco-axl (add|update|remove|execute|sql update)'; then echo '{\"decision\":\"block\",\"reason\":\"BLOCKED: cisco-axl write operation. Use --read-only or get explicit user approval.\"}'; fi; }"
|
|
31
|
+
}
|
|
32
|
+
]
|
|
33
|
+
}
|
|
34
|
+
]
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
### What it blocks
|
|
40
|
+
|
|
41
|
+
| Command | Blocked | Why |
|
|
42
|
+
| ---------------------------------------------- | ------- | ------------------- |
|
|
43
|
+
| `cisco-axl get Phone SEP...` | No | Read operation |
|
|
44
|
+
| `cisco-axl list Phone --search "name=SEP%"` | No | Read operation |
|
|
45
|
+
| `cisco-axl sql query "SELECT ..."` | No | Read-only SQL |
|
|
46
|
+
| `cisco-axl operations --filter phone` | No | Schema discovery |
|
|
47
|
+
| `cisco-axl describe getPhone` | No | Schema discovery |
|
|
48
|
+
| `cisco-axl add Phone --data '{...}'` | **Yes** | Creates a resource |
|
|
49
|
+
| `cisco-axl update Phone SEP... --data '{...}'` | **Yes** | Modifies a resource |
|
|
50
|
+
| `cisco-axl remove Phone SEP...` | **Yes** | Deletes a resource |
|
|
51
|
+
| `cisco-axl execute applyPhone --tags '{...}'` | **Yes** | Executes an action |
|
|
52
|
+
| `cisco-axl sql update "UPDATE ..."` | **Yes** | Modifies database |
|
|
53
|
+
|
|
54
|
+
### Alternative: Use the built-in `--read-only` flag
|
|
55
|
+
|
|
56
|
+
The CLI has a native `--read-only` flag that restricts to `get`, `list`, `describe`, `operations`, and `sql query`:
|
|
57
|
+
|
|
58
|
+
```bash
|
|
59
|
+
cisco-axl --read-only add Phone --data '{...}'
|
|
60
|
+
# Error: Write operations are not allowed in read-only mode
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
You can enforce this globally by adding a hook that appends `--read-only` to every command:
|
|
64
|
+
|
|
65
|
+
```json
|
|
66
|
+
{
|
|
67
|
+
"hooks": {
|
|
68
|
+
"PreToolUse": [
|
|
69
|
+
{
|
|
70
|
+
"matcher": "Bash",
|
|
71
|
+
"hooks": [
|
|
72
|
+
{
|
|
73
|
+
"type": "command",
|
|
74
|
+
"command": "jq -r '.tool_input.command' | { read -r cmd; if echo \"$cmd\" | grep -qE '^(npx )?cisco-axl ' && ! echo \"$cmd\" | grep -q '\\-\\-read-only'; then echo '{\"decision\":\"block\",\"reason\":\"BLOCKED: cisco-axl must be run with --read-only. Retry with the flag.\"}'; fi; }"
|
|
75
|
+
}
|
|
76
|
+
]
|
|
77
|
+
}
|
|
78
|
+
]
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
```
|
|
82
|
+
|
|
83
|
+
## Audit Logging
|
|
84
|
+
|
|
85
|
+
All cisco-axl operations are logged to `~/.cisco-axl/audit.jsonl` by default. This provides a record of every command run by Claude or any other agent.
|
package/docs/cli.md
ADDED
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
# CLI Reference
|
|
2
|
+
|
|
3
|
+
The CLI provides full AXL access from the command line — CRUD operations, SQL queries, operation discovery, bulk provisioning from CSV, and a raw execute escape hatch for any AXL operation.
|
|
4
|
+
|
|
5
|
+
## Commands
|
|
6
|
+
|
|
7
|
+
| Command | Description |
|
|
8
|
+
|---------|-------------|
|
|
9
|
+
| `config add/use/list/show/remove/test` | Manage multi-cluster configurations |
|
|
10
|
+
| `get <type> <identifier>` | Get a single item |
|
|
11
|
+
| `list <type>` | List items with search, pagination, returned tags |
|
|
12
|
+
| `add <type>` | Add an item (inline JSON, template, or bulk CSV) |
|
|
13
|
+
| `update <type> <identifier>` | Update an item |
|
|
14
|
+
| `remove <type> <identifier>` | Remove an item |
|
|
15
|
+
| `sql query/update` | Execute SQL against CUCM |
|
|
16
|
+
| `execute <operation>` | Run any raw AXL operation |
|
|
17
|
+
| `operations` | List available operations with `--filter` and `--type crud\|action` |
|
|
18
|
+
| `describe <operation>` | Show tag schema with `--detailed` for required/optional/type info |
|
|
19
|
+
| `doctor` | Check AXL connectivity and configuration health |
|
|
20
|
+
|
|
21
|
+
## Operation Discovery
|
|
22
|
+
|
|
23
|
+
```bash
|
|
24
|
+
# Discover available operations
|
|
25
|
+
cisco-axl operations --filter phone
|
|
26
|
+
cisco-axl operations --type action --filter phone
|
|
27
|
+
|
|
28
|
+
# Describe what tags an operation needs
|
|
29
|
+
cisco-axl describe getPhone --detailed
|
|
30
|
+
|
|
31
|
+
# Execute any AXL operation
|
|
32
|
+
cisco-axl execute doLdapSync --tags '{"name":"LDAP_Main"}'
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
## Bulk Operations from CSV
|
|
36
|
+
|
|
37
|
+
Requires optional packages: `npm install json-variables csv-parse`
|
|
38
|
+
|
|
39
|
+
```bash
|
|
40
|
+
# Bulk add phones from template + CSV
|
|
41
|
+
cisco-axl add Phone --template phone-template.json --csv phones.csv
|
|
42
|
+
cisco-axl add Phone --template phone-template.json --csv phones.csv --dry-run # preview first
|
|
43
|
+
|
|
44
|
+
# Single template with inline vars
|
|
45
|
+
cisco-axl add Phone --template phone-template.json --vars '{"mac":"001122334455","dp":"DP_HQ"}'
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
Template file (`phone-template.json`):
|
|
49
|
+
```json
|
|
50
|
+
{
|
|
51
|
+
"name": "SEP%%mac%%",
|
|
52
|
+
"devicePoolName": "%%devicePool%%",
|
|
53
|
+
"description": "%%description%%",
|
|
54
|
+
"protocol": "SIP"
|
|
55
|
+
}
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
## Command Chaining
|
|
59
|
+
|
|
60
|
+
Shell `&&` chains commands sequentially — each waits for the previous to complete, and the chain stops on the first failure:
|
|
61
|
+
|
|
62
|
+
```bash
|
|
63
|
+
# Create a partition, CSS, and line in order
|
|
64
|
+
cisco-axl add RoutePartition --data '{"name":"PT_INTERNAL","description":"Internal"}' && \
|
|
65
|
+
cisco-axl add Css --data '{"name":"CSS_INTERNAL","members":{"member":{"routePartitionName":"PT_INTERNAL","index":"1"}}}' && \
|
|
66
|
+
cisco-axl add Line --data '{"pattern":"1000","routePartitionName":"PT_INTERNAL"}'
|
|
67
|
+
```
|
|
68
|
+
|
|
69
|
+
## Piping with --stdin
|
|
70
|
+
|
|
71
|
+
Use `--stdin` to pipe JSON between commands or from other tools like `jq`:
|
|
72
|
+
|
|
73
|
+
```bash
|
|
74
|
+
# Get a phone's config, modify it with jq, update it
|
|
75
|
+
cisco-axl get Phone SEP001122334455 --format json | \
|
|
76
|
+
jq '.description = "Updated via pipe"' | \
|
|
77
|
+
cisco-axl update Phone SEP001122334455 --stdin
|
|
78
|
+
|
|
79
|
+
# Pipe JSON from a file
|
|
80
|
+
cat phone-config.json | cisco-axl add Phone --stdin
|
|
81
|
+
|
|
82
|
+
# Discover tags, fill them in, execute
|
|
83
|
+
cisco-axl describe applyPhone --format json | \
|
|
84
|
+
jq '.name = "SEP001122334455"' | \
|
|
85
|
+
cisco-axl execute applyPhone --stdin
|
|
86
|
+
```
|
|
87
|
+
|
|
88
|
+
The `--stdin` flag is available on `add`, `update`, and `execute`. It is mutually exclusive with `--data`/`--tags` and `--template`.
|
|
89
|
+
|
|
90
|
+
## Global Flags
|
|
91
|
+
|
|
92
|
+
```
|
|
93
|
+
--format table|json|toon|csv Output format (default: table)
|
|
94
|
+
--insecure Skip TLS certificate verification
|
|
95
|
+
--clean Remove empty/null values from results
|
|
96
|
+
--no-attributes Remove XML attributes from results
|
|
97
|
+
--read-only Restrict to read-only operations
|
|
98
|
+
--no-audit Disable audit logging for this command
|
|
99
|
+
--debug Enable debug logging
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
## Output Formats
|
|
103
|
+
|
|
104
|
+
```bash
|
|
105
|
+
cisco-axl list Phone --search "name=SEP%" --format table # default, human-readable
|
|
106
|
+
cisco-axl list Phone --search "name=SEP%" --format json # structured JSON
|
|
107
|
+
cisco-axl list Phone --search "name=SEP%" --format toon # token-efficient for AI agents
|
|
108
|
+
cisco-axl list Phone --search "name=SEP%" --format csv # spreadsheet export
|
|
109
|
+
```
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cisco-axl",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.1.2",
|
|
4
4
|
"description": "A library and CLI for Cisco CUCM AXL operations",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "main.mjs",
|
|
@@ -50,7 +50,8 @@
|
|
|
50
50
|
"cli-table3": "^0.6.5",
|
|
51
51
|
"commander": "^14.0.3",
|
|
52
52
|
"csv-stringify": "^6.7.0",
|
|
53
|
-
"strong-soap": "
|
|
53
|
+
"strong-soap": "5.0.10",
|
|
54
|
+
"update-notifier": "^7.3.1"
|
|
54
55
|
},
|
|
55
56
|
"devDependencies": {
|
|
56
57
|
"@types/node": "^22.19.15",
|
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: cisco-axl-cli
|
|
3
3
|
description: Use when managing Cisco CUCM via the cisco-axl CLI — phones, lines, route patterns, partitions, calling search spaces, SIP profiles, and any AXL operation. Covers CRUD operations, SQL queries, operation discovery, bulk provisioning from CSV, and raw AXL execute commands.
|
|
4
|
+
license: MIT
|
|
5
|
+
metadata:
|
|
6
|
+
author: sieteunoseis
|
|
7
|
+
version: "1.0.0"
|
|
4
8
|
---
|
|
5
9
|
|
|
6
10
|
# Cisco AXL CLI
|
|
@@ -9,18 +13,35 @@ A CLI for Cisco Unified Communications Manager (CUCM) Administrative XML (AXL) o
|
|
|
9
13
|
|
|
10
14
|
## Setup
|
|
11
15
|
|
|
12
|
-
|
|
16
|
+
The CLI must be available. Either:
|
|
13
17
|
|
|
14
18
|
```bash
|
|
15
|
-
|
|
19
|
+
# Option 1: Use npx (no install needed, works immediately)
|
|
20
|
+
npx cisco-axl --help
|
|
21
|
+
|
|
22
|
+
# Option 2: Install globally for faster repeated use
|
|
23
|
+
npm install -g cisco-axl
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
If using npx, prefix all commands with `npx`: `npx cisco-axl list Phone ...`
|
|
27
|
+
If installed globally, use directly: `cisco-axl list Phone ...`
|
|
28
|
+
|
|
29
|
+
### Configuration
|
|
30
|
+
|
|
31
|
+
Configure a CUCM cluster (interactive prompt for password — never pass credentials on the command line):
|
|
32
|
+
|
|
33
|
+
```bash
|
|
34
|
+
cisco-axl config add <name> --host <hostname> --username <user> --cucm-version <ver> --insecure
|
|
35
|
+
# You will be prompted securely for the password
|
|
16
36
|
```
|
|
17
37
|
|
|
18
38
|
Valid versions: 11.0, 11.5, 12.0, 12.5, 14.0, 15.0. Use `--insecure` for self-signed certificates (common in CUCM).
|
|
19
39
|
|
|
20
|
-
Or use environment variables:
|
|
40
|
+
Or use environment variables (set via your shell profile, a `.env` file, or a secrets manager — never hardcode credentials):
|
|
21
41
|
|
|
22
42
|
```bash
|
|
23
|
-
|
|
43
|
+
# These should be set securely, e.g. via dotenv, vault, or shell profile
|
|
44
|
+
# CUCM_HOST, CUCM_USERNAME, CUCM_PASSWORD, CUCM_VERSION
|
|
24
45
|
```
|
|
25
46
|
|
|
26
47
|
Test the connection:
|
|
@@ -29,7 +50,7 @@ Test the connection:
|
|
|
29
50
|
cisco-axl config test
|
|
30
51
|
```
|
|
31
52
|
|
|
32
|
-
## Common
|
|
53
|
+
## Common Workflows
|
|
33
54
|
|
|
34
55
|
### Get a single item
|
|
35
56
|
|
|
@@ -75,7 +96,7 @@ cisco-axl sql query "SELECT name, description FROM device WHERE name LIKE 'SEP%'
|
|
|
75
96
|
cisco-axl sql update "UPDATE device SET description='test' WHERE name='SEP001122334455'"
|
|
76
97
|
```
|
|
77
98
|
|
|
78
|
-
|
|
99
|
+
### Discovering Operations
|
|
79
100
|
|
|
80
101
|
This is the CLI's most powerful feature. Discover and use ANY AXL operation dynamically — no static command definitions.
|
|
81
102
|
|
|
@@ -102,7 +123,7 @@ cisco-axl execute doLdapSync --tags '{"name":"LDAP_Main"}'
|
|
|
102
123
|
cisco-axl execute applyPhone --tags '{"name":"SEP001122334455"}'
|
|
103
124
|
```
|
|
104
125
|
|
|
105
|
-
|
|
126
|
+
### Bulk Operations from CSV
|
|
106
127
|
|
|
107
128
|
For provisioning multiple items, use templates with CSV files. Requires optional packages: `npm install json-variables csv-parse`
|
|
108
129
|
|
|
@@ -158,16 +179,45 @@ Use `--format` to control output:
|
|
|
158
179
|
|
|
159
180
|
**For AI agents:** Use `--format toon` for list queries to reduce token usage. Use `--format json` when you need to parse nested structures.
|
|
160
181
|
|
|
161
|
-
|
|
182
|
+
### Multiple Clusters
|
|
162
183
|
|
|
163
184
|
```bash
|
|
164
|
-
cisco-axl config add lab --host 10.0.0.1 --username admin --
|
|
165
|
-
cisco-axl config add prod --host 10.0.0.2 --username axladmin --
|
|
185
|
+
cisco-axl config add lab --host 10.0.0.1 --username admin --cucm-version 14.0 --insecure
|
|
186
|
+
cisco-axl config add prod --host 10.0.0.2 --username axladmin --cucm-version 15.0 --insecure
|
|
187
|
+
# You will be prompted securely for each password
|
|
166
188
|
cisco-axl config use prod
|
|
167
189
|
cisco-axl list Phone --search "name=SEP%" --cluster lab # override per-command
|
|
168
190
|
```
|
|
169
191
|
|
|
170
|
-
|
|
192
|
+
### Command Chaining
|
|
193
|
+
|
|
194
|
+
Shell `&&` chains commands sequentially — each waits for the previous to complete, and the chain stops on the first failure:
|
|
195
|
+
|
|
196
|
+
```bash
|
|
197
|
+
# Create a partition, CSS, and line in order
|
|
198
|
+
cisco-axl add RoutePartition --data '{"name":"PT_INTERNAL","description":"Internal"}' && \
|
|
199
|
+
cisco-axl add Css --data '{"name":"CSS_INTERNAL","members":{"member":{"routePartitionName":"PT_INTERNAL","index":"1"}}}' && \
|
|
200
|
+
cisco-axl add Line --data '{"pattern":"1000","routePartitionName":"PT_INTERNAL"}'
|
|
201
|
+
```
|
|
202
|
+
|
|
203
|
+
### Piping with --stdin
|
|
204
|
+
|
|
205
|
+
Use `--stdin` to pipe JSON between commands or from other tools:
|
|
206
|
+
|
|
207
|
+
```bash
|
|
208
|
+
# Get a phone's config, modify it with jq, update it
|
|
209
|
+
cisco-axl get Phone SEP001122334455 --format json | jq '.description = "Updated via pipe"' | cisco-axl update Phone SEP001122334455 --stdin
|
|
210
|
+
|
|
211
|
+
# Pipe JSON from a file
|
|
212
|
+
cat phone-config.json | cisco-axl add Phone --stdin
|
|
213
|
+
|
|
214
|
+
# Chain get → transform → execute
|
|
215
|
+
cisco-axl describe applyPhone --format json | jq '.name = "SEP001122334455"' | cisco-axl execute applyPhone --stdin
|
|
216
|
+
```
|
|
217
|
+
|
|
218
|
+
The `--stdin` flag is available on `add`, `update`, and `execute` commands. It is mutually exclusive with `--data`/`--tags` and `--template`.
|
|
219
|
+
|
|
220
|
+
## Global Flags
|
|
171
221
|
|
|
172
222
|
- Item types are PascalCase matching AXL: `Phone`, `Line`, `RoutePartition`, `Css`, `DevicePool`, `SipTrunk`, `TransPattern`, `RouteGroup`, `RouteList`, etc.
|
|
173
223
|
- Use `cisco-axl operations` to discover exact type names.
|