cisco-axl 2.0.0 → 2.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,85 @@
1
+ # Claude Code Hooks for cisco-axl
2
+
3
+ [Claude Code hooks](https://docs.anthropic.com/en/docs/claude-code/hooks) let you enforce guardrails when AI agents use the CLI. The examples below block write operations so Claude can only read from CUCM.
4
+
5
+ ## Quick Install
6
+
7
+ Install the write-safety hook with one command using [cc-hooks-install](https://github.com/sieteunoseis/cc-hooks-install):
8
+
9
+ ```bash
10
+ npx cc-hooks-install add sieteunoseis/cisco-axl
11
+ ```
12
+
13
+ This fetches the hook definitions from this repo, shows an interactive prompt to select which hooks to install, and merges them into your `~/.claude/settings.json`.
14
+
15
+ If you prefer to install manually, see below.
16
+
17
+ ## Block Write Operations
18
+
19
+ Add this to your `~/.claude/settings.json` (global) or `.claude/settings.json` (project-level) under `hooks.PreToolUse`:
20
+
21
+ ```json
22
+ {
23
+ "hooks": {
24
+ "PreToolUse": [
25
+ {
26
+ "matcher": "Bash",
27
+ "hooks": [
28
+ {
29
+ "type": "command",
30
+ "command": "jq -r '.tool_input.command' | { read -r cmd; if echo \"$cmd\" | grep -qE '^(npx )?cisco-axl (add|update|remove|execute|sql update)'; then echo '{\"decision\":\"block\",\"reason\":\"BLOCKED: cisco-axl write operation. Use --read-only or get explicit user approval.\"}'; fi; }"
31
+ }
32
+ ]
33
+ }
34
+ ]
35
+ }
36
+ }
37
+ ```
38
+
39
+ ### What it blocks
40
+
41
+ | Command | Blocked | Why |
42
+ | ---------------------------------------------- | ------- | ------------------- |
43
+ | `cisco-axl get Phone SEP...` | No | Read operation |
44
+ | `cisco-axl list Phone --search "name=SEP%"` | No | Read operation |
45
+ | `cisco-axl sql query "SELECT ..."` | No | Read-only SQL |
46
+ | `cisco-axl operations --filter phone` | No | Schema discovery |
47
+ | `cisco-axl describe getPhone` | No | Schema discovery |
48
+ | `cisco-axl add Phone --data '{...}'` | **Yes** | Creates a resource |
49
+ | `cisco-axl update Phone SEP... --data '{...}'` | **Yes** | Modifies a resource |
50
+ | `cisco-axl remove Phone SEP...` | **Yes** | Deletes a resource |
51
+ | `cisco-axl execute applyPhone --tags '{...}'` | **Yes** | Executes an action |
52
+ | `cisco-axl sql update "UPDATE ..."` | **Yes** | Modifies database |
53
+
54
+ ### Alternative: Use the built-in `--read-only` flag
55
+
56
+ The CLI has a native `--read-only` flag that restricts to `get`, `list`, `describe`, `operations`, and `sql query`:
57
+
58
+ ```bash
59
+ cisco-axl --read-only add Phone --data '{...}'
60
+ # Error: Write operations are not allowed in read-only mode
61
+ ```
62
+
63
+ You can enforce this globally by adding a hook that appends `--read-only` to every command:
64
+
65
+ ```json
66
+ {
67
+ "hooks": {
68
+ "PreToolUse": [
69
+ {
70
+ "matcher": "Bash",
71
+ "hooks": [
72
+ {
73
+ "type": "command",
74
+ "command": "jq -r '.tool_input.command' | { read -r cmd; if echo \"$cmd\" | grep -qE '^(npx )?cisco-axl ' && ! echo \"$cmd\" | grep -q '\\-\\-read-only'; then echo '{\"decision\":\"block\",\"reason\":\"BLOCKED: cisco-axl must be run with --read-only. Retry with the flag.\"}'; fi; }"
75
+ }
76
+ ]
77
+ }
78
+ ]
79
+ }
80
+ }
81
+ ```
82
+
83
+ ## Audit Logging
84
+
85
+ All cisco-axl operations are logged to `~/.cisco-axl/audit.jsonl` by default. This provides a record of every command run by Claude or any other agent.
package/docs/cli.md ADDED
@@ -0,0 +1,109 @@
1
+ # CLI Reference
2
+
3
+ The CLI provides full AXL access from the command line — CRUD operations, SQL queries, operation discovery, bulk provisioning from CSV, and a raw execute escape hatch for any AXL operation.
4
+
5
+ ## Commands
6
+
7
+ | Command | Description |
8
+ |---------|-------------|
9
+ | `config add/use/list/show/remove/test` | Manage multi-cluster configurations |
10
+ | `get <type> <identifier>` | Get a single item |
11
+ | `list <type>` | List items with search, pagination, returned tags |
12
+ | `add <type>` | Add an item (inline JSON, template, or bulk CSV) |
13
+ | `update <type> <identifier>` | Update an item |
14
+ | `remove <type> <identifier>` | Remove an item |
15
+ | `sql query/update` | Execute SQL against CUCM |
16
+ | `execute <operation>` | Run any raw AXL operation |
17
+ | `operations` | List available operations with `--filter` and `--type crud\|action` |
18
+ | `describe <operation>` | Show tag schema with `--detailed` for required/optional/type info |
19
+ | `doctor` | Check AXL connectivity and configuration health |
20
+
21
+ ## Operation Discovery
22
+
23
+ ```bash
24
+ # Discover available operations
25
+ cisco-axl operations --filter phone
26
+ cisco-axl operations --type action --filter phone
27
+
28
+ # Describe what tags an operation needs
29
+ cisco-axl describe getPhone --detailed
30
+
31
+ # Execute any AXL operation
32
+ cisco-axl execute doLdapSync --tags '{"name":"LDAP_Main"}'
33
+ ```
34
+
35
+ ## Bulk Operations from CSV
36
+
37
+ Requires optional packages: `npm install json-variables csv-parse`
38
+
39
+ ```bash
40
+ # Bulk add phones from template + CSV
41
+ cisco-axl add Phone --template phone-template.json --csv phones.csv
42
+ cisco-axl add Phone --template phone-template.json --csv phones.csv --dry-run # preview first
43
+
44
+ # Single template with inline vars
45
+ cisco-axl add Phone --template phone-template.json --vars '{"mac":"001122334455","dp":"DP_HQ"}'
46
+ ```
47
+
48
+ Template file (`phone-template.json`):
49
+ ```json
50
+ {
51
+ "name": "SEP%%mac%%",
52
+ "devicePoolName": "%%devicePool%%",
53
+ "description": "%%description%%",
54
+ "protocol": "SIP"
55
+ }
56
+ ```
57
+
58
+ ## Command Chaining
59
+
60
+ Shell `&&` chains commands sequentially — each waits for the previous to complete, and the chain stops on the first failure:
61
+
62
+ ```bash
63
+ # Create a partition, CSS, and line in order
64
+ cisco-axl add RoutePartition --data '{"name":"PT_INTERNAL","description":"Internal"}' && \
65
+ cisco-axl add Css --data '{"name":"CSS_INTERNAL","members":{"member":{"routePartitionName":"PT_INTERNAL","index":"1"}}}' && \
66
+ cisco-axl add Line --data '{"pattern":"1000","routePartitionName":"PT_INTERNAL"}'
67
+ ```
68
+
69
+ ## Piping with --stdin
70
+
71
+ Use `--stdin` to pipe JSON between commands or from other tools like `jq`:
72
+
73
+ ```bash
74
+ # Get a phone's config, modify it with jq, update it
75
+ cisco-axl get Phone SEP001122334455 --format json | \
76
+ jq '.description = "Updated via pipe"' | \
77
+ cisco-axl update Phone SEP001122334455 --stdin
78
+
79
+ # Pipe JSON from a file
80
+ cat phone-config.json | cisco-axl add Phone --stdin
81
+
82
+ # Discover tags, fill them in, execute
83
+ cisco-axl describe applyPhone --format json | \
84
+ jq '.name = "SEP001122334455"' | \
85
+ cisco-axl execute applyPhone --stdin
86
+ ```
87
+
88
+ The `--stdin` flag is available on `add`, `update`, and `execute`. It is mutually exclusive with `--data`/`--tags` and `--template`.
89
+
90
+ ## Global Flags
91
+
92
+ ```
93
+ --format table|json|toon|csv Output format (default: table)
94
+ --insecure Skip TLS certificate verification
95
+ --clean Remove empty/null values from results
96
+ --no-attributes Remove XML attributes from results
97
+ --read-only Restrict to read-only operations
98
+ --no-audit Disable audit logging for this command
99
+ --debug Enable debug logging
100
+ ```
101
+
102
+ ## Output Formats
103
+
104
+ ```bash
105
+ cisco-axl list Phone --search "name=SEP%" --format table # default, human-readable
106
+ cisco-axl list Phone --search "name=SEP%" --format json # structured JSON
107
+ cisco-axl list Phone --search "name=SEP%" --format toon # token-efficient for AI agents
108
+ cisco-axl list Phone --search "name=SEP%" --format csv # spreadsheet export
109
+ ```
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cisco-axl",
3
- "version": "2.0.0",
3
+ "version": "2.1.2",
4
4
  "description": "A library and CLI for Cisco CUCM AXL operations",
5
5
  "main": "dist/index.js",
6
6
  "module": "main.mjs",
@@ -50,7 +50,8 @@
50
50
  "cli-table3": "^0.6.5",
51
51
  "commander": "^14.0.3",
52
52
  "csv-stringify": "^6.7.0",
53
- "strong-soap": "^5.0.8"
53
+ "strong-soap": "5.0.10",
54
+ "update-notifier": "^7.3.1"
54
55
  },
55
56
  "devDependencies": {
56
57
  "@types/node": "^22.19.15",
@@ -1,6 +1,10 @@
1
1
  ---
2
2
  name: cisco-axl-cli
3
3
  description: Use when managing Cisco CUCM via the cisco-axl CLI — phones, lines, route patterns, partitions, calling search spaces, SIP profiles, and any AXL operation. Covers CRUD operations, SQL queries, operation discovery, bulk provisioning from CSV, and raw AXL execute commands.
4
+ license: MIT
5
+ metadata:
6
+ author: sieteunoseis
7
+ version: "1.0.0"
4
8
  ---
5
9
 
6
10
  # Cisco AXL CLI
@@ -9,18 +13,35 @@ A CLI for Cisco Unified Communications Manager (CUCM) Administrative XML (AXL) o
9
13
 
10
14
  ## Setup
11
15
 
12
- Configure a CUCM cluster:
16
+ The CLI must be available. Either:
13
17
 
14
18
  ```bash
15
- cisco-axl config add <name> --host <hostname> --username <user> --password <pass> --cucm-version <ver> --insecure
19
+ # Option 1: Use npx (no install needed, works immediately)
20
+ npx cisco-axl --help
21
+
22
+ # Option 2: Install globally for faster repeated use
23
+ npm install -g cisco-axl
24
+ ```
25
+
26
+ If using npx, prefix all commands with `npx`: `npx cisco-axl list Phone ...`
27
+ If installed globally, use directly: `cisco-axl list Phone ...`
28
+
29
+ ### Configuration
30
+
31
+ Configure a CUCM cluster (interactive prompt for password — never pass credentials on the command line):
32
+
33
+ ```bash
34
+ cisco-axl config add <name> --host <hostname> --username <user> --cucm-version <ver> --insecure
35
+ # You will be prompted securely for the password
16
36
  ```
17
37
 
18
38
  Valid versions: 11.0, 11.5, 12.0, 12.5, 14.0, 15.0. Use `--insecure` for self-signed certificates (common in CUCM).
19
39
 
20
- Or use environment variables:
40
+ Or use environment variables (set via your shell profile, a `.env` file, or a secrets manager — never hardcode credentials):
21
41
 
22
42
  ```bash
23
- export CUCM_HOST=10.0.0.1 CUCM_USERNAME=admin CUCM_PASSWORD=secret CUCM_VERSION=14.0
43
+ # These should be set securely, e.g. via dotenv, vault, or shell profile
44
+ # CUCM_HOST, CUCM_USERNAME, CUCM_PASSWORD, CUCM_VERSION
24
45
  ```
25
46
 
26
47
  Test the connection:
@@ -29,7 +50,7 @@ Test the connection:
29
50
  cisco-axl config test
30
51
  ```
31
52
 
32
- ## Common Operations
53
+ ## Common Workflows
33
54
 
34
55
  ### Get a single item
35
56
 
@@ -75,7 +96,7 @@ cisco-axl sql query "SELECT name, description FROM device WHERE name LIKE 'SEP%'
75
96
  cisco-axl sql update "UPDATE device SET description='test' WHERE name='SEP001122334455'"
76
97
  ```
77
98
 
78
- ## Discovering Operations
99
+ ### Discovering Operations
79
100
 
80
101
  This is the CLI's most powerful feature. Discover and use ANY AXL operation dynamically — no static command definitions.
81
102
 
@@ -102,7 +123,7 @@ cisco-axl execute doLdapSync --tags '{"name":"LDAP_Main"}'
102
123
  cisco-axl execute applyPhone --tags '{"name":"SEP001122334455"}'
103
124
  ```
104
125
 
105
- ## Bulk Operations from CSV
126
+ ### Bulk Operations from CSV
106
127
 
107
128
  For provisioning multiple items, use templates with CSV files. Requires optional packages: `npm install json-variables csv-parse`
108
129
 
@@ -158,16 +179,45 @@ Use `--format` to control output:
158
179
 
159
180
  **For AI agents:** Use `--format toon` for list queries to reduce token usage. Use `--format json` when you need to parse nested structures.
160
181
 
161
- ## Multiple Clusters
182
+ ### Multiple Clusters
162
183
 
163
184
  ```bash
164
- cisco-axl config add lab --host 10.0.0.1 --username admin --password pass --cucm-version 14.0 --insecure
165
- cisco-axl config add prod --host 10.0.0.2 --username axladmin --password pass --cucm-version 15.0 --insecure
185
+ cisco-axl config add lab --host 10.0.0.1 --username admin --cucm-version 14.0 --insecure
186
+ cisco-axl config add prod --host 10.0.0.2 --username axladmin --cucm-version 15.0 --insecure
187
+ # You will be prompted securely for each password
166
188
  cisco-axl config use prod
167
189
  cisco-axl list Phone --search "name=SEP%" --cluster lab # override per-command
168
190
  ```
169
191
 
170
- ## Tips
192
+ ### Command Chaining
193
+
194
+ Shell `&&` chains commands sequentially — each waits for the previous to complete, and the chain stops on the first failure:
195
+
196
+ ```bash
197
+ # Create a partition, CSS, and line in order
198
+ cisco-axl add RoutePartition --data '{"name":"PT_INTERNAL","description":"Internal"}' && \
199
+ cisco-axl add Css --data '{"name":"CSS_INTERNAL","members":{"member":{"routePartitionName":"PT_INTERNAL","index":"1"}}}' && \
200
+ cisco-axl add Line --data '{"pattern":"1000","routePartitionName":"PT_INTERNAL"}'
201
+ ```
202
+
203
+ ### Piping with --stdin
204
+
205
+ Use `--stdin` to pipe JSON between commands or from other tools:
206
+
207
+ ```bash
208
+ # Get a phone's config, modify it with jq, update it
209
+ cisco-axl get Phone SEP001122334455 --format json | jq '.description = "Updated via pipe"' | cisco-axl update Phone SEP001122334455 --stdin
210
+
211
+ # Pipe JSON from a file
212
+ cat phone-config.json | cisco-axl add Phone --stdin
213
+
214
+ # Chain get → transform → execute
215
+ cisco-axl describe applyPhone --format json | jq '.name = "SEP001122334455"' | cisco-axl execute applyPhone --stdin
216
+ ```
217
+
218
+ The `--stdin` flag is available on `add`, `update`, and `execute` commands. It is mutually exclusive with `--data`/`--tags` and `--template`.
219
+
220
+ ## Global Flags
171
221
 
172
222
  - Item types are PascalCase matching AXL: `Phone`, `Line`, `RoutePartition`, `Css`, `DevicePool`, `SipTrunk`, `TransPattern`, `RouteGroup`, `RouteList`, etc.
173
223
  - Use `cisco-axl operations` to discover exact type names.