npm - incremnt - Versions diffs - 0.7.2 → 0.8.0 - Mend

incremnt 0.7.2 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/README.md +57 -1
package/package.json +2 -1
package/src/ask-answer-verifier.js +857 -0
package/src/ask-coach.js +2634 -0
package/src/ask-replay.js +358 -0
package/src/auth.js +169 -15
package/src/contract.js +160 -3
package/src/format.js +24 -1
package/src/lib.js +205 -17
package/src/mcp.js +88 -24
package/src/openrouter.js +242 -19
package/src/plan-changeset.js +132 -0
package/src/program-draft.js +230 -0
package/src/prompt-changelog.js +90 -0
package/src/promptfoo-evals.js +10 -4
package/src/promptfoo-langfuse-scores.js +55 -0
package/src/queries.js +992 -987
package/src/remote.js +465 -12
package/src/score-context.js +14 -7
package/src/score-prelude.js +113 -0
package/src/service-url.js +9 -0
package/src/summary-evals.js +677 -42
package/src/sync-service.js +1259 -352
package/src/transport.js +119 -3

package/README.md CHANGED Viewed

@@ -33,6 +33,46 @@ incremnt exercises history --name "Bench Press"
 incremnt browse
 ```
+### Headless agents
+Agent tokens are named bearer tokens for cron jobs, MCP servers, and other non-browser clients. They default to read-only access and expire after 90 days.
+Create and use a read-only token:
+```bash
+incremnt login
+incremnt agents create --name "morning report"
+export INCREMNT_AGENT_TOKEN=incr_agent_...
+export INCREMNT_BASE_URL=https://incremnt-sync.onrender.com
+incremnt sessions list --limit 5
+```
+Create a write-capable token only for workflows that need existing write commands such as Ask/proposals or observation lifecycle actions:
+```bash
+incremnt agents create --name "coach writer" --access write --expires-days 30
+```
+Persist an agent token into the normal CLI session file:
+```bash
+incremnt agents create --name "local mcp" --store
+incremnt login --agent-token incr_agent_...
+```
+Manage tokens from a human session:
+```bash
+incremnt agents list
+incremnt agents revoke --id agt_...
+```
+Token safety:
+- Agent token plaintext is shown once on create.
+- Store secrets in your shell, process manager, or MCP host secret mechanism, not in source control.
+- `INCREMNT_AGENT_TOKEN` takes precedence over the stored session and is never persisted by `status` or read commands.
+- Agent tokens cannot create, list, or revoke other agent tokens.
 ### Local snapshot
 If you prefer to work offline, import a snapshot into the local session:
@@ -82,6 +122,11 @@ incremnt login --session-file ~/Downloads/session.json
 | `mcp install` | Register `incremnt-mcp` with Claude Desktop, Claude Code, and Codex CLI |
 | `login` | Authenticate with the hosted sync service (opens browser) |
 | `login --no-browser` | Headless login flow for SSH/Termius/remote shells |
+| `login --agent-token <token>` | Store direct agent-token auth for CLI/MCP |
+| `agents create --name <name>` | Create a read-only named agent token |
+| `agents create --name <name> --access <read\|write>` | Create a named agent token with explicit access |
+| `agents list` | List agent token metadata and token hints |
+| `agents revoke --id <id>` | Revoke an agent token |
 | `logout` | Clear stored session |
 | `status` | Show current mode, auth state, and config paths |
 | `contract` | Machine-readable command surface for scripts |
@@ -98,6 +143,7 @@ incremnt login --session-file ~/Downloads/session.json
 | `--snapshot <file>` | Bootstrap login from a local snapshot |
 | `--session-file <file>` | Import an existing session file |
 | `--token <token>` / `--email <email>` | Non-interactive bootstrap login options |
+| `--agent-token <token>` | Store direct agent-token auth with `login` |
 ### Browse mode key bindings
@@ -139,7 +185,17 @@ To register manually instead, add to your Claude Code project config (`.mcp.json
 }
 ```
-The MCP server uses the same auth session as the CLI — run `incremnt login` first.
+The MCP server uses the same auth resolver as the CLI. It prefers `INCREMNT_AGENT_TOKEN`, then the stored session from `incremnt login` or `incremnt login --agent-token`.
+For a headless MCP host:
+```bash
+export INCREMNT_BASE_URL=https://incremnt-sync.onrender.com
+export INCREMNT_AGENT_TOKEN=incr_agent_...
+incremnt-mcp
+```
+Read-only agent tokens can call read tools. Write tools return structured JSON with `code: "INSUFFICIENT_SCOPE"` unless the active token has write access. Missing, expired, or incompatible auth also returns structured JSON errors so agents can reauth or downgrade cleanly.
 ### MCP tool surface

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "incremnt",
-  "version": "0.7.2",
+  "version": "0.8.0",
   "description": "Command-line tool for querying your incremnt strength training data",
   "license": "MIT",
   "type": "module",
@@ -25,6 +25,7 @@
     "evals:promptfoo": "promptfoo eval -c promptfooconfig.yaml",
     "evals:promptfoo:production-replay": "SUMMARY_EVAL_CASE_SET=production-replay promptfoo eval -c promptfooconfig.yaml",
     "evals:promptfoo:live": "PROMPTFOO_LIVE=1 SUMMARY_EVALS_LIVE=1 promptfoo eval -c promptfooconfig.yaml",
+    "evals:ask-replay": "node ./scripts/run-ask-replay.js",
     "evals:workout-bakeoff": "node ./scripts/run-workout-prompt-bakeoff.js",
     "evals:coach-bakeoff": "node ./scripts/run-production-coach-bakeoff.js",
     "evals:coach-replay": "node ./scripts/run-production-coach-replay.js",