oathbound 0.14.0 → 0.15.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oathbound",
-  "version": "0.14.0",
+  "version": "0.15.0",
   "description": "Install verified Claude Code skills and agents from the Oath Bound registry",
   "license": "MIT",
   "author": "Josh Anderson",
@@ -18,43 +18,21 @@
     "security",
     "ai-tools"
   ],
-  "type": "module",
   "bin": {
-    "oathbound": "./bin/cli.cjs"
+    "oathbound": "./dist/cli.cjs"
   },
   "files": [
-    "cli.ts",
-    "ui.ts",
-    "config.ts",
-    "update.ts",
-    "verify.ts",
-    "content-hash.ts",
-    "auth.ts",
-    "push.ts",
-    "search.ts",
-    "agent-push.ts",
-    "agent-search.ts",
-    "semver.ts",
-    "bin/cli.cjs",
-    "install.cjs"
+    "dist/cli.cjs"
   ],
   "publishConfig": {
     "access": "public",
     "provenance": true
   },
   "scripts": {
-    "build": "bun build ./cli.ts --compile --outfile dist/oathbound",
-    "build:macos-arm64": "bun build ./cli.ts --compile --target=bun-darwin-arm64 --outfile dist/oathbound-macos-arm64",
-    "build:macos-x64": "bun build ./cli.ts --compile --target=bun-darwin-x64 --outfile dist/oathbound-macos-x64",
-    "build:linux-x64": "bun build ./cli.ts --compile --target=bun-linux-x64 --outfile dist/oathbound-linux-x64",
-    "build:linux-arm64": "bun build ./cli.ts --compile --target=bun-linux-arm64 --outfile dist/oathbound-linux-arm64",
-    "build:windows-x64": "bun build ./cli.ts --compile --target=bun-windows-x64 --outfile dist/oathbound-windows-x64",
-    "build:windows-arm64": "bun build ./cli.ts --compile --target=bun-windows-arm64 --outfile dist/oathbound-windows-arm64",
-    "build:all": "bun run build:macos-arm64 && bun run build:macos-x64 && bun run build:linux-x64 && bun run build:linux-arm64 && bun run build:windows-x64 && bun run build:windows-arm64",
-    "test": "bun test",
-    "postinstall": "node install.cjs"
+    "build": "bun build cli.ts --outfile=dist/cli.cjs --target=node --format=cjs && node -e \"const f='dist/cli.cjs';let s=require('fs').readFileSync(f,'utf8');s=s.replace('require.main == require.module','require.main === module');require('fs').writeFileSync(f,s)\" && printf '%s\\n' '#!/usr/bin/env node' | cat - dist/cli.cjs > dist/tmp && mv dist/tmp dist/cli.cjs",
+    "test": "bun test"
   },
-  "dependencies": {
+  "devDependencies": {
     "@clack/prompts": "^1.1.0",
     "@supabase/supabase-js": "^2",
     "yaml": "^2.8.2"

package/agent-push.ts

@@ -1,170 +0,0 @@
-import { existsSync, readFileSync, readdirSync, statSync } from 'node:fs';
-import { join, resolve } from 'node:path';
-import { intro, outro } from '@clack/prompts';
-import { parse as yamlParse } from 'yaml';
-import { BRAND, GREEN, DIM, BOLD, RESET, fail, spinner } from './ui';
-import { getAccessToken } from './auth';
-import { isValidSemver } from './semver';
-
-const API_BASE = process.env.OATHBOUND_API_URL ?? 'https://www.oathbound.ai';
-
-/** Parse YAML frontmatter from an agent .md file. */
-function parseAgentFrontmatter(content: string): {
-  meta: Record<string, unknown>;
-  body: string;
-} {
-  const match = content.match(/^---\s*\n([\s\S]*?)\n---\s*\n([\s\S]*)$/);
-  if (!match) return { meta: {}, body: content };
-  const parsed = yamlParse(match[1]);
-  const meta: Record<string, unknown> =
-    parsed && typeof parsed === 'object' ? parsed : {};
-  return { meta, body: match[2] };
-}
-
-/** Resolve agent .md file path from user argument or auto-detect. */
-function resolveAgentFile(pathArg?: string): string {
-  if (pathArg) {
-    const resolved = resolve(pathArg);
-    if (!existsSync(resolved)) {
-      fail('File not found', resolved);
-    }
-    if (statSync(resolved).isDirectory()) {
-      // Look for a single .md file with agent frontmatter in the directory
-      return findAgentInDir(resolved);
-    }
-    if (!resolved.endsWith('.md')) {
-      fail('Invalid file', 'Agent files must be .md files');
-    }
-    return resolved;
-  }
-
-  // No path — look in cwd for a single .md with agent frontmatter
-  return findAgentInDir(process.cwd());
-}
-
-/** Find a single agent .md file in a directory. */
-function findAgentInDir(dir: string): string {
-  const mdFiles = readdirSync(dir)
-    .filter(f => f.endsWith('.md') && !f.startsWith('.'))
-    .map(f => join(dir, f));
-
-  const agents: string[] = [];
-  for (const file of mdFiles) {
-    try {
-      const content = readFileSync(file, 'utf-8');
-      const { meta, body } = parseAgentFrontmatter(content);
-      if (meta.name && meta.description && body.trim()) {
-        agents.push(file);
-      }
-    } catch {
-      // Skip unreadable files
-    }
-  }
-
-  if (agents.length === 0) {
-    fail(
-      'No agent file found',
-      'Run from a directory with an agent .md file, or pass a path: oathbound agent push ./my-agent.md',
-    );
-  }
-
-  if (agents.length > 1) {
-    fail(
-      'Multiple agent files found',
-      `Found ${agents.length} .md files with agent frontmatter. Specify which one: oathbound agent push ./file.md`,
-    );
-  }
-
-  return agents[0];
-}
-
-export async function agentPush(pathArg?: string, options?: { private?: boolean }): Promise<void> {
-  intro(BRAND);
-
-  const agentFile = resolveAgentFile(pathArg);
-  const content = readFileSync(agentFile, 'utf-8');
-  const { meta, body } = parseAgentFrontmatter(content);
-
-  // Validate required fields
-  const name = String(meta.name ?? '');
-  const description = String(meta.description ?? '');
-  const license = String(meta.license ?? '');
-  if (!name) fail('Frontmatter missing: name');
-  if (!description) fail('Frontmatter missing: description');
-  if (!license) fail('Frontmatter missing: license');
-  if (!body.trim()) fail('No system prompt (markdown body) after frontmatter');
-
-  const rawVersion = meta.version != null ? String(meta.version) : null;
-  const version = rawVersion && isValidSemver(rawVersion) ? rawVersion : null;
-
-  console.log(`${DIM}   file: ${agentFile}${RESET}`);
-  console.log(`${DIM}   name: ${name}${RESET}`);
-  console.log(`${DIM}   version: ${version ?? 'auto (next)'}${RESET}`);
-  console.log(`${DIM}   license: ${license}${RESET}`);
-  if (meta.model) console.log(`${DIM}   model: ${meta.model}${RESET}`);
-  if (meta.permissionMode) console.log(`${DIM}   permissionMode: ${meta.permissionMode}${RESET}`);
-
-  const visibility = options?.private ? 'private' : 'public';
-  if (options?.private) {
-    console.log(`${DIM}   visibility: ${BOLD}private${RESET}`);
-  }
-
-  // Authenticate
-  const token = await getAccessToken();
-
-  // Build request body
-  const requestBody: Record<string, unknown> = {
-    name,
-    description,
-    license,
-    version,
-    systemPrompt: body,
-    tools: meta.tools != null ? String(meta.tools) : null,
-    disallowedTools: meta.disallowedTools != null ? String(meta.disallowedTools) : null,
-    model: meta.model != null ? String(meta.model) : null,
-    permissionMode: meta.permissionMode != null ? String(meta.permissionMode) : null,
-    maxTurns: meta.maxTurns != null ? Number(meta.maxTurns) : null,
-    memoryScope: meta.memory != null ? String(meta.memory) : null,
-    background: meta.background != null ? Boolean(meta.background) : null,
-    effort: meta.effort != null ? String(meta.effort) : null,
-    isolation: meta.isolation != null ? String(meta.isolation) : null,
-    config: {
-      hooks: meta.hooks ?? null,
-      mcpServers: meta.mcpServers ?? null,
-      skillsRefs: Array.isArray(meta.skills) ? meta.skills : null,
-      initialPrompt: meta.initialPrompt != null ? String(meta.initialPrompt) : null,
-    },
-    compatibility: meta.compatibility != null ? String(meta.compatibility) : null,
-    originalAuthor: meta['original-author'] != null ? String(meta['original-author']) : null,
-    visibility,
-  };
-
-  // Push to API
-  const spin = spinner('Pushing...');
-
-  const response = await fetch(`${API_BASE}/api/agents`, {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-      Authorization: `Bearer ${token}`,
-    },
-    body: JSON.stringify(requestBody),
-  });
-
-  spin.stop();
-
-  if (!response.ok) {
-    const resBody = await response.json().catch(() => ({ error: 'Unknown error' }));
-    const details = Array.isArray(resBody.details)
-      ? '\n' + resBody.details.map((d: string) => `   - ${d}`).join('\n')
-      : '';
-    fail(`Push failed (${response.status})`, `${resBody.error}${details}`);
-  }
-
-  const result = await response.json();
-
-  outro(`${GREEN}✓ Published ${BOLD}${result.namespace}/${result.name}${RESET}${GREEN} v${result.version}${RESET}`);
-  if (result.suiObjectId) {
-    console.log(`${DIM}   on-chain: ${result.suiObjectId}${RESET}`);
-  }
-}

package/agent-search.ts

@@ -1,162 +0,0 @@
-import { BRAND, TEAL, GREEN, DIM, BOLD, RESET, fail, spinner } from './ui';
-
-const API_BASE = process.env.OATHBOUND_API_URL ?? 'https://www.oathbound.ai';
-
-export interface AgentSearchOptions {
-  query?: string;
-  namespace?: string;
-  sparse?: boolean;
-  sort?: 'downloads';
-  limit?: number;
-  offset?: number;
-}
-
-export function parseAgentSearchArgs(args: string[]): AgentSearchOptions {
-  const opts: AgentSearchOptions = {};
-  let i = 0;
-
-  while (i < args.length) {
-    const arg = args[i];
-
-    if (arg === '--user' || arg === '-u') {
-      opts.namespace = args[++i];
-    } else if (arg === '--sparse' || arg === '-s') {
-      opts.sparse = true;
-    } else if (arg === '--sort') {
-      const val = args[++i];
-      if (val === 'downloads') opts.sort = 'downloads';
-    } else if (arg === '--limit') {
-      opts.limit = parseInt(args[++i], 10);
-    } else if (arg === '--offset') {
-      opts.offset = parseInt(args[++i], 10);
-    } else if (!arg.startsWith('-')) {
-      opts.query = arg;
-    }
-
-    i++;
-  }
-
-  return opts;
-}
-
-interface AgentAuthor {
-  username: string;
-  display_name: string | null;
-  verified: boolean;
-}
-
-interface AgentResult {
-  name: string;
-  namespace: string;
-  description: string;
-  version: string;
-  license?: string;
-  visibility?: string;
-  model?: string | null;
-  tools?: string | null;
-  permission_mode?: string | null;
-  effort?: string | null;
-  author?: AgentAuthor;
-  download_count?: number;
-}
-
-interface AgentSearchResponse {
-  ok: boolean;
-  agents: AgentResult[];
-  total: number;
-  limit: number;
-  offset: number;
-  error?: string;
-}
-
-export async function agentSearch(opts: AgentSearchOptions): Promise<void> {
-  const params = new URLSearchParams();
-  if (opts.query) params.set('q', opts.query);
-  if (opts.namespace) params.set('namespace', opts.namespace);
-  if (opts.sparse) params.set('sparse', 'true');
-  if (opts.sort) params.set('sort', opts.sort);
-  if (opts.limit != null) params.set('limit', String(opts.limit));
-  if (opts.offset != null) params.set('offset', String(opts.offset));
-
-  const url = `${API_BASE}/api/agents?${params}`;
-
-  const sp = spinner('Searching agents...');
-
-  let res: Response;
-  try {
-    res = await fetch(url);
-  } catch (err) {
-    sp.stop();
-    const msg = err instanceof Error ? err.message : 'Unknown error';
-    fail('Search failed', msg);
-  }
-
-  sp.stop();
-
-  if (!res.ok) {
-    let detail = `HTTP ${res.status}`;
-    try {
-      const body = await res.json() as { error?: string };
-      if (body.error) detail = body.error;
-    } catch { /* ignore parse errors */ }
-    fail('Search failed', detail);
-  }
-
-  const data = await res.json() as AgentSearchResponse;
-
-  if (!data.ok || !data.agents) {
-    fail('Search failed', data.error ?? 'Unexpected response');
-  }
-
-  const { agents, total, offset } = data;
-
-  if (agents.length === 0) {
-    console.log(`\n${BRAND} ${DIM}No agents found.${RESET}`);
-    return;
-  }
-
-  const showing = offset > 0
-    ? `Showing ${offset + 1}–${offset + agents.length} of ${total}`
-    : `${total} agent${total === 1 ? '' : 's'} found`;
-
-  console.log(`\n${BRAND} ${TEAL}${showing}${RESET}\n`);
-
-  for (const agent of agents) {
-    const id = `${agent.namespace}/${agent.name}`;
-    const ver = `v${agent.version}`;
-
-    // Line 1: name + version
-    console.log(`  ${BOLD}${id}${RESET} ${DIM}${ver}${RESET}`);
-
-    // Line 2: description
-    if (agent.description) {
-      console.log(`  ${DIM}${agent.description}${RESET}`);
-    }
-
-    // Line 3: agent-specific metadata (non-sparse only)
-    if (!opts.sparse) {
-      const parts: string[] = [];
-      if (agent.author) {
-        const name = agent.author.display_name || agent.author.username;
-        parts.push(`by ${name}${agent.author.verified ? ' ✓' : ''}`);
-      }
-      if (agent.license) parts.push(agent.license);
-      if (agent.download_count != null) parts.push(`↓ ${agent.download_count}`);
-      if (agent.model) parts.push(`model: ${agent.model}`);
-      if (agent.permission_mode) parts.push(`mode: ${agent.permission_mode}`);
-      if (agent.effort) parts.push(`effort: ${agent.effort}`);
-      if (agent.visibility === 'private') parts.push('private');
-      if (parts.length > 0) {
-        console.log(`  ${DIM}${parts.join(' · ')}${RESET}`);
-      }
-    }
-
-    console.log(); // blank line between agents
-  }
-
-  // Pagination hint
-  if (offset + agents.length < total) {
-    const nextOffset = offset + agents.length;
-    console.log(`${DIM}  Use --offset ${nextOffset} to see more${RESET}\n`);
-  }
-}

package/auth.ts

@@ -1,219 +0,0 @@
-import { createClient } from '@supabase/supabase-js';
-import { spawn } from 'node:child_process';
-import {
-  mkdirSync, writeFileSync, readFileSync, unlinkSync, existsSync,
-} from 'node:fs';
-import { join } from 'node:path';
-import { homedir } from 'node:os';
-import { intro, outro } from '@clack/prompts';
-import { BRAND, GREEN, DIM, BOLD, RESET, fail, spinner } from './ui';
-
-const SUPABASE_URL = 'https://mjnfqagwuewhgwbtrdgs.supabase.co';
-const SUPABASE_ANON_KEY = 'sb_publishable_T-rk0azNRqAMLLGCyadyhQ_ulk9685n';
-const API_BASE = process.env.OATHBOUND_API_URL ?? 'https://www.oathbound.ai';
-
-const AUTH_DIR = join(homedir(), '.oathbound');
-const AUTH_FILE = join(AUTH_DIR, 'auth.json');
-
-interface StoredSession {
-  access_token: string;
-  refresh_token: string;
-  expires_at: number;
-}
-
-function saveSession(session: StoredSession): void {
-  mkdirSync(AUTH_DIR, { recursive: true, mode: 0o700 });
-  writeFileSync(AUTH_FILE, JSON.stringify(session, null, 2), { mode: 0o600 });
-}
-
-function loadSession(): StoredSession | null {
-  if (!existsSync(AUTH_FILE)) return null;
-  try {
-    return JSON.parse(readFileSync(AUTH_FILE, 'utf-8'));
-  } catch {
-    return null;
-  }
-}
-
-function clearSession(): void {
-  if (existsSync(AUTH_FILE)) unlinkSync(AUTH_FILE);
-}
-
-function openBrowser(url: string): void {
-  const cmd = process.platform === 'darwin' ? 'open'
-    : process.platform === 'win32' ? 'cmd'
-    : 'xdg-open';
-  const args = process.platform === 'win32' ? ['/c', 'start', '', url] : [url];
-  try {
-    spawn(cmd, args, { stdio: 'ignore', detached: true }).unref();
-  } catch {
-    // URL is already printed — user can open manually
-  }
-}
-
-const SUCCESS_HTML = `<!DOCTYPE html>
-<html><head><title>Oathbound CLI</title></head>
-<body style="font-family:system-ui;display:flex;justify-content:center;align-items:center;height:100vh;margin:0;background:#0a0a0a;color:#e5e5e5">
-<div style="text-align:center">
-<h1 style="color:#3fa8a4">&#10003; Logged in</h1>
-<p>You can close this tab and return to your terminal.</p>
-</div></body></html>`;
-
-const ERROR_HTML = `<!DOCTYPE html>
-<html><head><title>Oathbound CLI</title></head>
-<body style="font-family:system-ui;display:flex;justify-content:center;align-items:center;height:100vh;margin:0;background:#0a0a0a;color:#e5e5e5">
-<div style="text-align:center">
-<h1 style="color:#ef4444">Login failed</h1>
-<p>Missing session tokens. Please try again.</p>
-</div></body></html>`;
-
-export async function login(): Promise<void> {
-  intro(BRAND);
-
-  let resolveSession: (s: StoredSession) => void;
-  let rejectSession: (e: Error) => void;
-  const sessionPromise = new Promise<StoredSession>((res, rej) => {
-    resolveSession = res;
-    rejectSession = rej;
-  });
-
-  const server = Bun.serve({
-    port: 0,
-    fetch(req) {
-      const url = new URL(req.url);
-      if (url.pathname !== '/callback') {
-        return new Response('Not found', { status: 404 });
-      }
-
-      const accessToken = url.searchParams.get('access_token');
-      const refreshToken = url.searchParams.get('refresh_token');
-      const expiresAt = url.searchParams.get('expires_at');
-
-      if (!accessToken || !refreshToken || !expiresAt) {
-        rejectSession!(new Error('Missing session tokens from callback'));
-        setTimeout(() => server.stop(), 500);
-        return new Response(ERROR_HTML, { headers: { 'Content-Type': 'text/html' } });
-      }
-
-      resolveSession!({
-        access_token: accessToken,
-        refresh_token: refreshToken,
-        expires_at: Number(expiresAt),
-      });
-
-      setTimeout(() => server.stop(), 500);
-      return new Response(SUCCESS_HTML, { headers: { 'Content-Type': 'text/html' } });
-    },
-  });
-
-  const port = server.port;
-  const loginUrl = `${API_BASE}/cli-login?port=${port}`;
-
-  console.log(`${DIM}   Opening browser...${RESET}`);
-  console.log(`${DIM}   If it doesn't open, visit:${RESET}`);
-  console.log(`${DIM}   ${loginUrl}${RESET}\n`);
-
-  openBrowser(loginUrl);
-
-  const spin = spinner('Waiting for login...');
-
-  const timeout = new Promise<never>((_, rej) =>
-    setTimeout(() => rej(new Error('Login timed out (2 minutes). Please try again.')), 120_000),
-  );
-
-  let session: StoredSession;
-  try {
-    session = await Promise.race([sessionPromise, timeout]);
-  } catch (err) {
-    spin.stop();
-    server.stop();
-    fail('Login failed', err instanceof Error ? err.message : 'Unknown error');
-  }
-
-  spin.stop();
-  saveSession(session);
-
-  // Get username for display
-  const supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY, {
-    global: { headers: { Authorization: `Bearer ${session.access_token}` } },
-    auth: { autoRefreshToken: false, persistSession: false },
-  });
-
-  const { data: { user } } = await supabase.auth.getUser();
-  let displayName = user?.email ?? 'unknown';
-  if (user) {
-    const { data: userRecord } = await supabase
-      .from('users')
-      .select('username')
-      .eq('user_id', user.id)
-      .single();
-    if (userRecord?.username) displayName = userRecord.username;
-  }
-
-  outro(`Logged in as ${BOLD}${displayName}${RESET}`);
-}
-
-export async function logout(): Promise<void> {
-  clearSession();
-  console.log(`\n${BRAND} ${GREEN}✓ Logged out${RESET}`);
-}
-
-export async function getAccessToken(): Promise<string> {
-  const session = loadSession();
-  if (!session) {
-    fail('Not logged in', 'Run: oathbound login');
-  }
-
-  // Token still valid (with 60s buffer) — use it directly
-  const now = Math.floor(Date.now() / 1000);
-  if (session.expires_at > now + 60) {
-    return session.access_token;
-  }
-
-  // Token expired or expiring soon — refresh
-  const supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY, {
-    auth: { autoRefreshToken: false, persistSession: false },
-  });
-
-  const { data, error } = await supabase.auth.setSession({
-    access_token: session.access_token,
-    refresh_token: session.refresh_token,
-  });
-
-  if (error || !data.session) {
-    clearSession();
-    fail('Session expired', 'Run: oathbound login');
-  }
-
-  saveSession({
-    access_token: data.session.access_token,
-    refresh_token: data.session.refresh_token,
-    expires_at: data.session.expires_at!,
-  });
-
-  return data.session.access_token;
-}
-
-export async function whoami(): Promise<void> {
-  const token = await getAccessToken();
-
-  const supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY, {
-    global: { headers: { Authorization: `Bearer ${token}` } },
-    auth: { autoRefreshToken: false, persistSession: false },
-  });
-
-  const { data: { user }, error } = await supabase.auth.getUser();
-  if (error || !user) {
-    fail('Failed to get user', error?.message ?? 'Unknown error');
-  }
-
-  const { data: userRecord } = await supabase
-    .from('users')
-    .select('username')
-    .eq('user_id', user.id)
-    .single();
-
-  console.log(`\n${BRAND}`);
-  console.log(`  ${BOLD}Username:${RESET} ${userRecord?.username ?? 'not set'}`);
-  console.log(`  ${DIM}Email:${RESET}    ${user.email ?? 'unknown'}`);
-}

package/bin/cli.cjs

@@ -1,23 +0,0 @@
-#!/usr/bin/env node
-
-// Thin wrapper that spawns the platform binary downloaded by postinstall.
-
-const { execFileSync } = require("child_process");
-const path = require("path");
-const fs = require("fs");
-
-const ext = process.platform === "win32" ? ".exe" : "";
-const binary = path.join(__dirname, `oathbound${ext}`);
-
-if (!fs.existsSync(binary)) {
-  console.error(
-    "oathbound binary not found. Run `npm rebuild oathbound` or reinstall the package."
-  );
-  process.exit(1);
-}
-
-try {
-  execFileSync(binary, process.argv.slice(2), { stdio: "inherit" });
-} catch (err) {
-  process.exit(err.status ?? 1);
-}