optimal-cli 1.0.0 → 1.0.1

package/dist/lib/assets/index.d.ts

@@ -0,0 +1,79 @@
+/**
+ * Asset tracking — manage digital infrastructure items
+ * (domains, servers, API keys, services, repos).
+ * Stores in the OptimalOS Supabase instance.
+ */
+export type AssetType = 'domain' | 'server' | 'api_key' | 'service' | 'repo' | 'other';
+export type AssetStatus = 'active' | 'inactive' | 'expired' | 'pending';
+export interface Asset {
+    id: string;
+    name: string;
+    type: AssetType;
+    status: AssetStatus;
+    metadata: Record<string, unknown>;
+    owner: string | null;
+    expires_at: string | null;
+    created_at: string;
+    updated_at: string;
+}
+export interface CreateAssetInput {
+    name: string;
+    type: AssetType;
+    status?: AssetStatus;
+    metadata?: Record<string, unknown>;
+    owner?: string;
+    expires_at?: string;
+}
+export interface UpdateAssetInput {
+    name?: string;
+    type?: AssetType;
+    status?: AssetStatus;
+    metadata?: Record<string, unknown>;
+    owner?: string;
+    expires_at?: string | null;
+}
+export interface AssetFilters {
+    type?: AssetType;
+    status?: AssetStatus;
+    owner?: string;
+}
+export interface AssetUsageEvent {
+    id: string;
+    asset_id: string;
+    event: string;
+    actor: string | null;
+    metadata: Record<string, unknown>;
+    created_at: string;
+}
+/**
+ * List assets, optionally filtered by type, status, or owner.
+ */
+export declare function listAssets(filters?: AssetFilters): Promise<Asset[]>;
+/**
+ * Create a new asset.
+ */
+export declare function createAsset(input: CreateAssetInput): Promise<Asset>;
+/**
+ * Update an existing asset by ID.
+ */
+export declare function updateAsset(id: string, updates: UpdateAssetInput): Promise<Asset>;
+/**
+ * Get a single asset by ID.
+ */
+export declare function getAsset(id: string): Promise<Asset>;
+/**
+ * Delete an asset by ID.
+ */
+export declare function deleteAsset(id: string): Promise<void>;
+/**
+ * Log a usage event against an asset.
+ */
+export declare function trackAssetUsage(assetId: string, event: string, actor?: string, metadata?: Record<string, unknown>): Promise<AssetUsageEvent>;
+/**
+ * List usage events for a given asset.
+ */
+export declare function listAssetUsage(assetId: string, limit?: number): Promise<AssetUsageEvent[]>;
+/**
+ * Format assets into a table string for CLI display.
+ */
+export declare function formatAssetTable(assets: Asset[]): string;

package/dist/lib/assets/index.js

@@ -0,0 +1,153 @@
+/**
+ * Asset tracking — manage digital infrastructure items
+ * (domains, servers, API keys, services, repos).
+ * Stores in the OptimalOS Supabase instance.
+ */
+import { getSupabase } from '../supabase.js';
+// ── Supabase accessor ────────────────────────────────────────────────
+const sb = () => getSupabase('optimal');
+// ── CRUD operations ──────────────────────────────────────────────────
+/**
+ * List assets, optionally filtered by type, status, or owner.
+ */
+export async function listAssets(filters) {
+    let query = sb().from('assets').select('*');
+    if (filters?.type)
+        query = query.eq('type', filters.type);
+    if (filters?.status)
+        query = query.eq('status', filters.status);
+    if (filters?.owner)
+        query = query.eq('owner', filters.owner);
+    const { data, error } = await query.order('updated_at', { ascending: false });
+    if (error)
+        throw new Error(`Failed to list assets: ${error.message}`);
+    return (data ?? []);
+}
+/**
+ * Create a new asset.
+ */
+export async function createAsset(input) {
+    const { data, error } = await sb()
+        .from('assets')
+        .insert({
+        name: input.name,
+        type: input.type,
+        status: input.status ?? 'active',
+        metadata: input.metadata ?? {},
+        owner: input.owner ?? null,
+        expires_at: input.expires_at ?? null,
+    })
+        .select()
+        .single();
+    if (error)
+        throw new Error(`Failed to create asset: ${error.message}`);
+    return data;
+}
+/**
+ * Update an existing asset by ID.
+ */
+export async function updateAsset(id, updates) {
+    const { data, error } = await sb()
+        .from('assets')
+        .update(updates)
+        .eq('id', id)
+        .select()
+        .single();
+    if (error)
+        throw new Error(`Failed to update asset: ${error.message}`);
+    return data;
+}
+/**
+ * Get a single asset by ID.
+ */
+export async function getAsset(id) {
+    const { data, error } = await sb()
+        .from('assets')
+        .select('*')
+        .eq('id', id)
+        .single();
+    if (error)
+        throw new Error(`Asset not found: ${error.message}`);
+    return data;
+}
+/**
+ * Delete an asset by ID.
+ */
+export async function deleteAsset(id) {
+    const { error } = await sb()
+        .from('assets')
+        .delete()
+        .eq('id', id);
+    if (error)
+        throw new Error(`Failed to delete asset: ${error.message}`);
+}
+// ── Usage tracking ───────────────────────────────────────────────────
+/**
+ * Log a usage event against an asset.
+ */
+export async function trackAssetUsage(assetId, event, actor, metadata) {
+    const { data, error } = await sb()
+        .from('asset_usage_log')
+        .insert({
+        asset_id: assetId,
+        event,
+        actor: actor ?? null,
+        metadata: metadata ?? {},
+    })
+        .select()
+        .single();
+    if (error)
+        throw new Error(`Failed to track usage: ${error.message}`);
+    return data;
+}
+/**
+ * List usage events for a given asset.
+ */
+export async function listAssetUsage(assetId, limit = 50) {
+    const { data, error } = await sb()
+        .from('asset_usage_log')
+        .select('*')
+        .eq('asset_id', assetId)
+        .order('created_at', { ascending: false })
+        .limit(limit);
+    if (error)
+        throw new Error(`Failed to list usage: ${error.message}`);
+    return (data ?? []);
+}
+// ── Formatting ───────────────────────────────────────────────────────
+const TYPE_LABELS = {
+    domain: 'Domain',
+    server: 'Server',
+    api_key: 'API Key',
+    service: 'Service',
+    repo: 'Repo',
+    other: 'Other',
+};
+/**
+ * Format assets into a table string for CLI display.
+ */
+export function formatAssetTable(assets) {
+    if (assets.length === 0)
+        return 'No assets found.';
+    const headers = ['Type', 'Status', 'Name', 'Owner', 'Expires'];
+    const rows = assets.map(a => [
+        TYPE_LABELS[a.type] ?? a.type,
+        a.status,
+        a.name.length > 35 ? a.name.slice(0, 32) + '...' : a.name,
+        a.owner ?? '-',
+        a.expires_at ? a.expires_at.slice(0, 10) : '-',
+    ]);
+    // Compute column widths
+    const widths = headers.map((h, i) => {
+        let max = h.length;
+        for (const row of rows) {
+            if ((row[i]?.length ?? 0) > max)
+                max = row[i].length;
+        }
+        return max;
+    });
+    const sep = '+-' + widths.map(w => '-'.repeat(w)).join('-+-') + '-+';
+    const headerRow = '| ' + headers.map((h, i) => h.padEnd(widths[i])).join(' | ') + ' |';
+    const bodyRows = rows.map(row => '| ' + row.map((cell, i) => (cell ?? '').padEnd(widths[i])).join(' | ') + ' |');
+    return [sep, headerRow, sep, ...bodyRows, sep, `\nTotal: ${assets.length} assets`].join('\n');
+}

package/dist/lib/assets.d.ts

@@ -0,0 +1,20 @@
+export interface ScannedAsset {
+    type: 'skill' | 'cli' | 'cron' | 'repo' | 'env' | 'ssh_key' | 'plugin';
+    name: string;
+    version?: string;
+    path: string;
+    hash: string;
+    content?: string;
+    metadata: Record<string, unknown>;
+}
+export declare function scanSkills(): ScannedAsset[];
+export declare function scanPlugins(): ScannedAsset[];
+export declare function scanCLIs(): ScannedAsset[];
+export declare function scanRepos(): ScannedAsset[];
+export declare function scanAllAssets(): ScannedAsset[];
+export declare function pushAssets(agentName: string): Promise<{
+    pushed: number;
+    updated: number;
+}>;
+export declare function listAssets(agentName?: string): Promise<any[]>;
+export declare function getInventory(): Promise<any[]>;

package/dist/lib/assets.js

@@ -0,0 +1,112 @@
+import { createClient } from '@supabase/supabase-js';
+import { readFileSync, readdirSync, statSync, existsSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { createHash } from 'node:crypto';
+const CONFIG_DIR = join(homedir(), '.openclaw');
+const SKILLS_DIR = join(CONFIG_DIR, 'skills');
+const PLUGINS_DIR = join(CONFIG_DIR, 'plugins');
+const WORKSPACE_DIR = join(homedir(), '.openclaw', 'workspace');
+const ALGORITHM = 'aes-256-gcm';
+function getSupabase() {
+    const url = process.env.OPTIMAL_SUPABASE_URL;
+    const key = process.env.OPTIMAL_SUPABASE_SERVICE_KEY;
+    if (!url || !key)
+        throw new Error('OPTIMAL_SUPABASE_URL and OPTIMAL_SUPABASE_SERVICE_KEY required');
+    return createClient(url, key);
+}
+function hashContent(content) {
+    return createHash('sha256').update(content).digest('hex');
+}
+export function scanSkills() {
+    const assets = [];
+    if (!existsSync(SKILLS_DIR))
+        return assets;
+    for (const dir of readdirSync(SKILLS_DIR)) {
+        const skillPath = join(SKILLS_DIR, dir);
+        if (!statSync(skillPath).isDirectory())
+            continue;
+        const skillFile = join(skillPath, 'SKILL.md');
+        if (existsSync(skillFile)) {
+            const content = readFileSync(skillFile, 'utf-8');
+            assets.push({ type: 'skill', name: dir, path: skillFile, hash: hashContent(content), content, metadata: {} });
+        }
+    }
+    return assets;
+}
+export function scanPlugins() {
+    const assets = [];
+    if (!existsSync(PLUGINS_DIR))
+        return assets;
+    for (const dir of readdirSync(PLUGINS_DIR)) {
+        const pluginPath = join(PLUGINS_DIR, dir);
+        if (!statSync(pluginPath).isDirectory())
+            continue;
+        assets.push({ type: 'plugin', name: dir, path: pluginPath, hash: hashContent(dir), metadata: {} });
+    }
+    return assets;
+}
+export function scanCLIs() {
+    const assets = [];
+    const knownCLIs = ['vercel', 'supabase', 'gh', 'openclaw'];
+    for (const cli of knownCLIs) {
+        try {
+            const { execSync } = require('node:child_process');
+            const version = execSync(`${cli} --version 2>/dev/null || echo ""`).toString().trim();
+            if (version) {
+                assets.push({ type: 'cli', name: cli, version: version.slice(0, 20), path: '', hash: hashContent(version), metadata: {} });
+            }
+        }
+        catch { }
+    }
+    return assets;
+}
+export function scanRepos() {
+    const assets = [];
+    if (!existsSync(WORKSPACE_DIR))
+        return assets;
+    for (const dir of readdirSync(WORKSPACE_DIR)) {
+        const repoPath = join(WORKSPACE_DIR, dir);
+        if (!statSync(repoPath).isDirectory())
+            continue;
+        if (existsSync(join(repoPath, '.git'))) {
+            assets.push({ type: 'repo', name: dir, path: repoPath, hash: '', metadata: {} });
+        }
+    }
+    return assets;
+}
+export function scanAllAssets() {
+    return [...scanSkills(), ...scanPlugins(), ...scanCLIs(), ...scanRepos()];
+}
+export async function pushAssets(agentName) {
+    const supabase = getSupabase();
+    const assets = scanAllAssets();
+    let pushed = 0, updated = 0;
+    for (const asset of assets) {
+        const { data: existing } = await supabase.from('agent_assets').select('id, asset_hash').eq('agent_name', agentName).eq('asset_type', asset.type).eq('asset_name', asset.name).single();
+        if (existing) {
+            if (existing.asset_hash !== asset.hash) {
+                await supabase.from('agent_assets').update({ asset_version: asset.version, asset_path: asset.path, asset_hash: asset.hash, content: asset.content, metadata: asset.metadata, updated_at: new Date().toISOString() }).eq('id', existing.id);
+                updated++;
+            }
+        }
+        else {
+            await supabase.from('agent_assets').insert({ agent_name: agentName, asset_type: asset.type, asset_name: asset.name, asset_version: asset.version, asset_path: asset.path, asset_hash: asset.hash, content: asset.content, metadata: asset.metadata });
+            pushed++;
+        }
+    }
+    return { pushed, updated };
+}
+export async function listAssets(agentName) {
+    const supabase = getSupabase();
+    let query = supabase.from('agent_assets').select('*');
+    if (agentName)
+        query = query.eq('agent_name', agentName);
+    const { data } = await query.order('updated_at', { ascending: false });
+    return data || [];
+}
+export async function getInventory() {
+    const supabase = getSupabase();
+    const { data } = await supabase.from('agent_inventory').select('*');
+    return data || [];
+}

package/dist/lib/auth/index.d.ts

@@ -0,0 +1,83 @@
+/**
+ * Auth module — ported from optimalOS Supabase auth patterns.
+ *
+ * OptimalOS uses three client tiers:
+ *   1. Browser client  (anon key + cookie session)  — N/A for CLI
+ *   2. Server client   (anon key + SSR cookies)      — N/A for CLI
+ *   3. Admin client    (service_role key, no session) — primary CLI path
+ *
+ * In a headless CLI context there are no cookies or browser sessions.
+ * Auth reduces to two modes:
+ *   - Service-role access  (bot / automation operations)
+ *   - User-scoped access   (pass an access_token obtained externally)
+ *
+ * Environment variables (defined in .env):
+ *   OPTIMAL_SUPABASE_URL          — Supabase project URL
+ *   OPTIMAL_SUPABASE_SERVICE_KEY  — service_role secret
+ */
+import { type SupabaseClient } from '@supabase/supabase-js';
+import 'dotenv/config';
+/** Describes how the current invocation is authenticated. */
+export interface AuthContext {
+    /** 'service' when using service_role key, 'user' when using a user JWT */
+    mode: 'service' | 'user';
+    /** The Supabase client for this context */
+    client: SupabaseClient;
+    /** User ID (only set when mode === 'user') */
+    userId?: string;
+    /** User email (only set when mode === 'user' and resolvable) */
+    email?: string;
+}
+/** Minimal session shape returned by getSession(). */
+export interface Session {
+    accessToken: string;
+    user: {
+        id: string;
+        email?: string;
+    };
+}
+/**
+ * Return a service-role Supabase client.
+ *
+ * Mirrors optimalOS `createAdminClient()` from lib/supabase/admin.ts:
+ *   - Uses SUPABASE_SERVICE_ROLE_KEY
+ *   - persistSession: false, autoRefreshToken: false
+ *   - Singleton — safe to call repeatedly
+ */
+export declare function getServiceClient(): SupabaseClient;
+/**
+ * Return a user-scoped Supabase client authenticated with the given JWT.
+ *
+ * This is the CLI equivalent of optimalOS browser/server clients that carry
+ * a user session via cookies. The caller is responsible for obtaining the
+ * access token (e.g., via `supabase login`, OAuth device flow, or env var).
+ *
+ * A new client is created on every call — callers should cache if needed.
+ */
+export declare function getUserClient(accessToken: string): SupabaseClient;
+/**
+ * Attempt to retrieve the current session.
+ *
+ * In the CLI there is no implicit cookie jar. A session exists only when:
+ *   1. OPTIMAL_ACCESS_TOKEN env var is set (user JWT), or
+ *   2. A future `optimal login` command has cached a token locally.
+ *
+ * Returns null if no user session is available (service-role only mode).
+ */
+export declare function getSession(): Promise<Session | null>;
+/**
+ * Guard that throws if no user session is present.
+ *
+ * Use at the top of CLI commands that require a logged-in user:
+ *
+ *   const session = await requireAuth()
+ *   // session.user.id is guaranteed
+ */
+export declare function requireAuth(): Promise<Session>;
+/**
+ * Build an AuthContext describing the current invocation's auth state.
+ *
+ * Prefers user-scoped auth when OPTIMAL_ACCESS_TOKEN is set;
+ * falls back to service-role.
+ */
+export declare function resolveAuthContext(): Promise<AuthContext>;

package/dist/lib/auth/index.js

@@ -0,0 +1,146 @@
+/**
+ * Auth module — ported from optimalOS Supabase auth patterns.
+ *
+ * OptimalOS uses three client tiers:
+ *   1. Browser client  (anon key + cookie session)  — N/A for CLI
+ *   2. Server client   (anon key + SSR cookies)      — N/A for CLI
+ *   3. Admin client    (service_role key, no session) — primary CLI path
+ *
+ * In a headless CLI context there are no cookies or browser sessions.
+ * Auth reduces to two modes:
+ *   - Service-role access  (bot / automation operations)
+ *   - User-scoped access   (pass an access_token obtained externally)
+ *
+ * Environment variables (defined in .env):
+ *   OPTIMAL_SUPABASE_URL          — Supabase project URL
+ *   OPTIMAL_SUPABASE_SERVICE_KEY  — service_role secret
+ */
+import { createClient } from '@supabase/supabase-js';
+import 'dotenv/config';
+// ---------------------------------------------------------------------------
+// Internal helpers
+// ---------------------------------------------------------------------------
+function envOrThrow(name) {
+    const value = process.env[name];
+    if (!value) {
+        throw new Error(`Missing required environment variable: ${name}`);
+    }
+    return value;
+}
+/** Singleton service-role client (matches optimalOS admin.ts pattern). */
+let _serviceClient = null;
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/**
+ * Return a service-role Supabase client.
+ *
+ * Mirrors optimalOS `createAdminClient()` from lib/supabase/admin.ts:
+ *   - Uses SUPABASE_SERVICE_ROLE_KEY
+ *   - persistSession: false, autoRefreshToken: false
+ *   - Singleton — safe to call repeatedly
+ */
+export function getServiceClient() {
+    if (_serviceClient)
+        return _serviceClient;
+    const url = envOrThrow('OPTIMAL_SUPABASE_URL');
+    const key = envOrThrow('OPTIMAL_SUPABASE_SERVICE_KEY');
+    _serviceClient = createClient(url, key, {
+        auth: {
+            persistSession: false,
+            autoRefreshToken: false,
+        },
+    });
+    return _serviceClient;
+}
+/**
+ * Return a user-scoped Supabase client authenticated with the given JWT.
+ *
+ * This is the CLI equivalent of optimalOS browser/server clients that carry
+ * a user session via cookies. The caller is responsible for obtaining the
+ * access token (e.g., via `supabase login`, OAuth device flow, or env var).
+ *
+ * A new client is created on every call — callers should cache if needed.
+ */
+export function getUserClient(accessToken) {
+    const url = envOrThrow('OPTIMAL_SUPABASE_URL');
+    // Use service key as the initial key — the global auth header override
+    // ensures all requests are scoped to the user's JWT instead.
+    const anonOrServiceKey = process.env.OPTIMAL_SUPABASE_ANON_KEY
+        ?? envOrThrow('OPTIMAL_SUPABASE_SERVICE_KEY');
+    return createClient(url, anonOrServiceKey, {
+        global: {
+            headers: { Authorization: `Bearer ${accessToken}` },
+        },
+        auth: {
+            persistSession: false,
+            autoRefreshToken: false,
+        },
+    });
+}
+/**
+ * Attempt to retrieve the current session.
+ *
+ * In the CLI there is no implicit cookie jar. A session exists only when:
+ *   1. OPTIMAL_ACCESS_TOKEN env var is set (user JWT), or
+ *   2. A future `optimal login` command has cached a token locally.
+ *
+ * Returns null if no user session is available (service-role only mode).
+ */
+export async function getSession() {
+    const token = process.env.OPTIMAL_ACCESS_TOKEN;
+    if (!token)
+        return null;
+    try {
+        const client = getUserClient(token);
+        const { data: { user }, error } = await client.auth.getUser(token);
+        if (error || !user)
+            return null;
+        return {
+            accessToken: token,
+            user: {
+                id: user.id,
+                email: user.email,
+            },
+        };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Guard that throws if no user session is present.
+ *
+ * Use at the top of CLI commands that require a logged-in user:
+ *
+ *   const session = await requireAuth()
+ *   // session.user.id is guaranteed
+ */
+export async function requireAuth() {
+    const session = await getSession();
+    if (!session) {
+        throw new Error('Authentication required. Set OPTIMAL_ACCESS_TOKEN or run `optimal login`.');
+    }
+    return session;
+}
+/**
+ * Build an AuthContext describing the current invocation's auth state.
+ *
+ * Prefers user-scoped auth when OPTIMAL_ACCESS_TOKEN is set;
+ * falls back to service-role.
+ */
+export async function resolveAuthContext() {
+    const session = await getSession();
+    if (session) {
+        return {
+            mode: 'user',
+            client: getUserClient(session.accessToken),
+            userId: session.user.id,
+            email: session.user.email,
+        };
+    }
+    return {
+        mode: 'service',
+        client: getServiceClient(),
+    };
+}

package/dist/lib/board/index.d.ts

@@ -0,0 +1,39 @@
+import type { Project, Task, Label, Comment, Milestone, ActivityEntry, CreateProjectInput, CreateTaskInput, CreateCommentInput, CreateMilestoneInput, UpdateTaskInput, TaskStatus } from './types.js';
+export * from './types.js';
+export declare function formatBoardTable(tasks: Task[]): string;
+export declare function getNextClaimable(readyTasks: Task[], allTasks: Task[]): Task | null;
+export declare function createProject(input: CreateProjectInput): Promise<Project>;
+export declare function getProjectBySlug(slug: string): Promise<Project>;
+export declare function listProjects(): Promise<Project[]>;
+export declare function updateProject(slug: string, updates: Partial<Pick<Project, 'status' | 'owner' | 'priority' | 'description'>>): Promise<Project>;
+export declare function createMilestone(input: CreateMilestoneInput): Promise<Milestone>;
+export declare function listMilestones(projectId?: string): Promise<Milestone[]>;
+export declare function createLabel(name: string, color?: string): Promise<Label>;
+export declare function listLabels(): Promise<Label[]>;
+export declare function getLabelByName(name: string): Promise<Label | null>;
+export declare function createTask(input: CreateTaskInput): Promise<Task>;
+export declare function updateTask(taskId: string, updates: UpdateTaskInput, actor?: string): Promise<Task>;
+export declare function getTask(taskId: string): Promise<Task>;
+export declare function listTasks(opts?: {
+    project_id?: string;
+    status?: TaskStatus;
+    claimed_by?: string;
+    assigned_to?: string;
+}): Promise<Task[]>;
+export declare function claimTask(taskId: string, agent: string): Promise<Task>;
+export declare function completeTask(taskId: string, actor: string): Promise<Task>;
+export declare function addComment(input: CreateCommentInput): Promise<Comment>;
+export declare function listComments(taskId: string): Promise<Comment[]>;
+export declare function logActivity(entry: {
+    task_id?: string;
+    project_id?: string;
+    actor: string;
+    action: string;
+    old_value?: Record<string, unknown>;
+    new_value?: Record<string, unknown>;
+}): Promise<void>;
+export declare function listActivity(opts?: {
+    task_id?: string;
+    actor?: string;
+    limit?: number;
+}): Promise<ActivityEntry[]>;