otter-axi 0.1.0

package/dist/src/otter/loopback.js

@@ -0,0 +1,68 @@
+import { createServer } from "node:http";
+import { createServer as netServer } from "node:net";
+import { AxiError } from "axi-sdk-js";
+/** Return the first port from `candidates` that is bindable on 127.0.0.1. */
+export async function pickPort(candidates) {
+    for (const port of candidates) {
+        const free = await new Promise((resolve) => {
+            const probe = netServer();
+            probe.once("error", () => resolve(false));
+            probe.listen(port, "127.0.0.1", () => probe.close(() => resolve(true)));
+        });
+        if (free)
+            return port;
+    }
+    throw new AxiError(`No free loopback port among ${candidates.join(", ")}`, "AUTH", ["Close whatever is using those ports and retry `otter-axi auth login`"]);
+}
+/**
+ * Start a loopback HTTP server on `127.0.0.1:port` that captures the OAuth redirect at
+ * `/callback`. The browser response is sent UTF-8 (so the em-dash renders correctly).
+ */
+export async function startLoopback(port) {
+    let resolveCode;
+    let rejectCode;
+    const codePromise = new Promise((res, rej) => {
+        resolveCode = res;
+        rejectCode = rej;
+    });
+    const server = createServer((req, res) => {
+        const u = new URL(req.url ?? "/", `http://127.0.0.1:${port}`);
+        if (u.pathname !== "/callback") {
+            res.writeHead(404).end();
+            return;
+        }
+        const code = u.searchParams.get("code");
+        const err = u.searchParams.get("error");
+        res.writeHead(200, { "content-type": "text/html; charset=utf-8" });
+        res.end(`<!doctype html><html><head><meta charset="utf-8"><title>otter-axi</title></head>` +
+            `<body style="font-family:system-ui;padding:2.5rem;color:#222">` +
+            `<h2>otter-axi: ${code ? "authorized — you can close this tab" : `error: ${err ?? "unknown"}`}</h2>` +
+            `</body></html>`);
+        if (code)
+            resolveCode(code);
+        else
+            rejectCode(new AxiError(`Authorization was denied (${err ?? "unknown"})`, "AUTH", [
+                "Run `otter-axi auth login` to try again",
+            ]));
+    });
+    await new Promise((resolve, reject) => {
+        server.once("error", reject);
+        server.listen(port, "127.0.0.1", resolve);
+    });
+    return {
+        port,
+        waitForCode(timeoutMs) {
+            let timer;
+            const timeout = new Promise((_, rej) => {
+                timer = setTimeout(() => rej(new AxiError("Timed out waiting for authorization", "AUTH", [
+                    "Run `otter-axi auth login` and approve promptly (codes are short-lived)",
+                ])), timeoutMs);
+            });
+            return Promise.race([codePromise, timeout]).finally(() => clearTimeout(timer));
+        },
+        close() {
+            server.close();
+        },
+    };
+}
+//# sourceMappingURL=loopback.js.map

package/dist/src/otter/loopback.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"loopback.js","sourceRoot":"","sources":["../../../src/otter/loopback.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAe,MAAM,WAAW,CAAC;AACtD,OAAO,EAAE,YAAY,IAAI,SAAS,EAAE,MAAM,UAAU,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAStC,6EAA6E;AAC7E,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,UAAoB;IACjD,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,IAAI,GAAG,MAAM,IAAI,OAAO,CAAU,CAAC,OAAO,EAAE,EAAE;YAClD,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;YAC1B,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;YAC1C,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;QACH,IAAI,IAAI;YAAE,OAAO,IAAI,CAAC;IACxB,CAAC;IACD,MAAM,IAAI,QAAQ,CAChB,+BAA+B,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EACtD,MAAM,EACN,CAAC,sEAAsE,CAAC,CACzE,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAAY;IAC9C,IAAI,WAAmC,CAAC;IACxC,IAAI,UAAkC,CAAC;IACvC,MAAM,WAAW,GAAG,IAAI,OAAO,CAAS,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACnD,WAAW,GAAG,GAAG,CAAC;QAClB,UAAU,GAAG,GAAG,CAAC;IACnB,CAAC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAW,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC/C,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;QAC9D,IAAI,CAAC,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YAC/B,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACzB,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,GAAG,GAAG,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACxC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;QACnE,GAAG,CAAC,GAAG,CACL,kFAAkF;YAChF,gEAAgE;YAChE,kBAAkB,IAAI,CAAC,CAAC,CAAC,qCAAqC,CAAC,CAAC,CAAC,UAAU,GAAG,IAAI,SAAS,EAAE,OAAO;YACpG,gBAAgB,CACnB,CAAC;QACF,IAAI,IAAI;YAAE,WAAW,CAAC,IAAI,CAAC,CAAC;;YAE1B,UAAU,CACR,IAAI,QAAQ,CAAC,6BAA6B,GAAG,IAAI,SAAS,GAAG,EAAE,MAAM,EAAE;gBACrE,yCAAyC;aAC1C,CAAC,CACH,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1C,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7B,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,IAAI;QACJ,WAAW,CAAC,SAAiB;YAC3B,IAAI,KAAqB,CAAC;YAC1B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAS,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE;gBAC7C,KAAK,GAAG,UAAU,CAChB,GAAG,EAAE,CACH,GAAG,CACD,IAAI,QAAQ,CAAC,qCAAqC,EAAE,MAAM,EAAE;oBAC1D,yEAAyE;iBAC1E,CAAC,CACH,EACH,SAAS,CACV,CAAC;YACJ,CAAC,CAAC,CAAC;YACH,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CACvD,YAAY,CAAC,KAAK,CAAC,CACpB,CAAC;QACJ,CAAC;QACD,KAAK;YACH,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/src/otter/oauth.d.ts

@@ -0,0 +1,32 @@
+import type { AuthorizationServerMetadata, OAuthClientInformationMixed } from "@modelcontextprotocol/sdk/shared/auth.js";
+import { type Config } from "../config.js";
+export declare const MCP_URL = "https://mcp.otter.ai/mcp";
+export declare const SCOPE = "profile:read conversations:read";
+/** Candidate loopback ports (all registered as redirect_uris so any may be bound). */
+export declare const LOOPBACK_PORTS: number[];
+interface Discovery {
+    resource: string;
+    authServer: string;
+    asMetadata: AuthorizationServerMetadata;
+}
+/** Discover the protected-resource + authorization-server metadata. */
+export declare function discover(): Promise<Discovery>;
+/** Register a public client via DCR if one isn't already stored. Persists it to config. */
+export declare function ensureClient(cfg: Config, disc: Discovery): Promise<{
+    cfg: Config;
+    client: OAuthClientInformationMixed;
+}>;
+/**
+ * Phase 1: discover, ensure a client, and build the PKCE authorize URL bound to `port`.
+ * Persists the verifier + redirect_uri so phase 2 (possibly a separate process) can finish.
+ */
+export declare function prepareLogin(port: number): Promise<{
+    url: string;
+}>;
+/** Phase 2: exchange the authorization code for tokens using the persisted pending state. */
+export declare function completeLogin(code: string): Promise<void>;
+/** Refresh the stored access token using the refresh_token grant. Persists the result. */
+export declare function refreshTokens(): Promise<void>;
+/** Best-effort token revocation at the authorization server's revocation endpoint. */
+export declare function revokeToken(): Promise<void>;
+export {};

package/dist/src/otter/oauth.js

@@ -0,0 +1,183 @@
+import { AxiError } from "axi-sdk-js";
+import { discoverAuthorizationServerMetadata, discoverOAuthProtectedResourceMetadata, exchangeAuthorization, refreshAuthorization, registerClient, startAuthorization, } from "@modelcontextprotocol/sdk/client/auth.js";
+import { clearPending, readConfig, readPending, writeConfig, writePending, } from "../config.js";
+export const MCP_URL = "https://mcp.otter.ai/mcp";
+export const SCOPE = "profile:read conversations:read";
+/** Candidate loopback ports (all registered as redirect_uris so any may be bound). */
+export const LOOPBACK_PORTS = [41789, 41790, 41791, 41792];
+function redirectUris() {
+    return LOOPBACK_PORTS.map((p) => `http://127.0.0.1:${p}/callback`);
+}
+/** Discover the protected-resource + authorization-server metadata. */
+export async function discover() {
+    const prm = await discoverOAuthProtectedResourceMetadata(MCP_URL);
+    const authServer = (prm.authorization_servers?.[0] ?? "https://otter.ai/").toString();
+    const asMetadata = await discoverAuthorizationServerMetadata(authServer);
+    if (!asMetadata) {
+        throw new AxiError("Could not discover Otter's OAuth authorization-server metadata", "AUTH", ["Check connectivity to https://otter.ai and retry"]);
+    }
+    return {
+        resource: (prm.resource ?? "https://mcp.otter.ai/").toString(),
+        authServer,
+        asMetadata,
+    };
+}
+/** Register a public client via DCR if one isn't already stored. Persists it to config. */
+export async function ensureClient(cfg, disc) {
+    if (cfg.client?.client_id) {
+        return {
+            cfg,
+            client: {
+                client_id: cfg.client.client_id,
+                ...(cfg.client.client_secret
+                    ? { client_secret: cfg.client.client_secret }
+                    : {}),
+            },
+        };
+    }
+    const full = await registerClient(disc.authServer, {
+        metadata: disc.asMetadata,
+        scope: SCOPE,
+        clientMetadata: {
+            client_name: "otter-axi",
+            redirect_uris: redirectUris(),
+            grant_types: ["authorization_code", "refresh_token"],
+            response_types: ["code"],
+            token_endpoint_auth_method: "none",
+            scope: SCOPE,
+        },
+    });
+    const stored = {
+        client_id: full.client_id,
+        ...(full.client_secret ? { client_secret: full.client_secret } : {}),
+        registered_at: new Date().toISOString(),
+    };
+    const next = { ...cfg, client: stored };
+    writeConfig(next);
+    return { cfg: next, client: full };
+}
+/**
+ * Phase 1: discover, ensure a client, and build the PKCE authorize URL bound to `port`.
+ * Persists the verifier + redirect_uri so phase 2 (possibly a separate process) can finish.
+ */
+export async function prepareLogin(port) {
+    const disc = await discover();
+    const { client } = await ensureClient(readConfig(), disc);
+    const redirect_uri = `http://127.0.0.1:${port}/callback`;
+    const { authorizationUrl, codeVerifier } = await startAuthorization(disc.authServer, {
+        metadata: disc.asMetadata,
+        clientInformation: client,
+        redirectUrl: redirect_uri,
+        scope: SCOPE,
+        resource: new URL(disc.resource),
+    });
+    writePending({
+        verifier: codeVerifier,
+        redirect_uri,
+        port,
+        resource: disc.resource,
+        auth_server: disc.authServer,
+        url: authorizationUrl.toString(),
+        expires_at: Date.now() + 10 * 60 * 1000,
+    });
+    return { url: authorizationUrl.toString() };
+}
+function tokensToConfig(t) {
+    return {
+        access_token: t.access_token,
+        refresh_token: t.refresh_token,
+        token_type: t.token_type,
+        scope: t.scope,
+        expires_at: typeof t.expires_in === "number"
+            ? Date.now() + t.expires_in * 1000
+            : undefined,
+    };
+}
+/** Phase 2: exchange the authorization code for tokens using the persisted pending state. */
+export async function completeLogin(code) {
+    const pending = readPending();
+    if (!pending) {
+        throw new AxiError("No pending login to complete", "AUTH", [
+            "Run `otter-axi auth login` to start over",
+        ]);
+    }
+    const disc = await discover();
+    const { client } = await ensureClient(readConfig(), disc);
+    let tokens;
+    try {
+        tokens = await exchangeAuthorization(disc.authServer, {
+            // Pass metadata so the SDK uses the real token_endpoint (/oauth/token)
+            // rather than guessing /token, which nginx rejects with 405.
+            metadata: disc.asMetadata,
+            clientInformation: client,
+            authorizationCode: code,
+            codeVerifier: pending.verifier,
+            redirectUri: pending.redirect_uri,
+            resource: new URL(pending.resource),
+        });
+    }
+    catch (e) {
+        throw new AxiError(`Token exchange failed: ${e.message}`, "AUTH", [
+            "Authorization codes are short-lived — run `otter-axi auth login` and approve promptly",
+        ]);
+    }
+    writeConfig({ ...readConfig(), tokens: tokensToConfig(tokens) });
+    clearPending();
+}
+/** Refresh the stored access token using the refresh_token grant. Persists the result. */
+export async function refreshTokens() {
+    const cfg = readConfig();
+    if (!cfg.tokens?.refresh_token || !cfg.client?.client_id) {
+        throw new AxiError("Cannot refresh — not fully logged in", "AUTH", [
+            "Run `otter-axi auth login`",
+        ]);
+    }
+    const disc = await discover();
+    let tokens;
+    try {
+        tokens = await refreshAuthorization(disc.authServer, {
+            metadata: disc.asMetadata,
+            clientInformation: {
+                client_id: cfg.client.client_id,
+                ...(cfg.client.client_secret
+                    ? { client_secret: cfg.client.client_secret }
+                    : {}),
+            },
+            refreshToken: cfg.tokens.refresh_token,
+            resource: new URL(disc.resource),
+        });
+    }
+    catch {
+        throw new AxiError("Session expired — please log in again", "AUTH", [
+            "Run `otter-axi auth login`",
+        ]);
+    }
+    // refreshAuthorization preserves the old refresh_token when the server omits a new one.
+    writeConfig({ ...readConfig(), tokens: tokensToConfig(tokens) });
+}
+/** Best-effort token revocation at the authorization server's revocation endpoint. */
+export async function revokeToken() {
+    const cfg = readConfig();
+    const token = cfg.tokens?.refresh_token ?? cfg.tokens?.access_token;
+    if (!token || !cfg.client?.client_id)
+        return;
+    try {
+        const disc = await discover();
+        const endpoint = disc.asMetadata
+            .revocation_endpoint;
+        if (!endpoint)
+            return;
+        await fetch(endpoint, {
+            method: "POST",
+            headers: { "content-type": "application/x-www-form-urlencoded" },
+            body: new URLSearchParams({
+                token,
+                client_id: cfg.client.client_id,
+            }),
+        });
+    }
+    catch {
+        // Revocation is best-effort; clearing local tokens is what matters.
+    }
+}
+//# sourceMappingURL=oauth.js.map

package/dist/src/otter/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../../src/otter/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,OAAO,EACL,mCAAmC,EACnC,sCAAsC,EACtC,qBAAqB,EACrB,oBAAoB,EACpB,cAAc,EACd,kBAAkB,GACnB,MAAM,0CAA0C,CAAC;AAMlD,OAAO,EACL,YAAY,EACZ,UAAU,EACV,WAAW,EACX,WAAW,EACX,YAAY,GAGb,MAAM,cAAc,CAAC;AAEtB,MAAM,CAAC,MAAM,OAAO,GAAG,0BAA0B,CAAC;AAClD,MAAM,CAAC,MAAM,KAAK,GAAG,iCAAiC,CAAC;AACvD,sFAAsF;AACtF,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;AAQ3D,SAAS,YAAY;IACnB,OAAO,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;AACrE,CAAC;AAED,uEAAuE;AACvE,MAAM,CAAC,KAAK,UAAU,QAAQ;IAC5B,MAAM,GAAG,GAAG,MAAM,sCAAsC,CAAC,OAAO,CAAC,CAAC;IAClE,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC,IAAI,mBAAmB,CAAC,CAAC,QAAQ,EAAE,CAAC;IACtF,MAAM,UAAU,GAAG,MAAM,mCAAmC,CAAC,UAAU,CAAC,CAAC;IACzE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,QAAQ,CAChB,gEAAgE,EAChE,MAAM,EACN,CAAC,kDAAkD,CAAC,CACrD,CAAC;IACJ,CAAC;IACD,OAAO;QACL,QAAQ,EAAE,CAAC,GAAG,CAAC,QAAQ,IAAI,uBAAuB,CAAC,CAAC,QAAQ,EAAE;QAC9D,UAAU;QACV,UAAU;KACX,CAAC;AACJ,CAAC;AAED,2FAA2F;AAC3F,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,GAAW,EACX,IAAe;IAEf,IAAI,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,CAAC;QAC1B,OAAO;YACL,GAAG;YACH,MAAM,EAAE;gBACN,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS;gBAC/B,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,aAAa;oBAC1B,CAAC,CAAC,EAAE,aAAa,EAAE,GAAG,CAAC,MAAM,CAAC,aAAa,EAAE;oBAC7C,CAAC,CAAC,EAAE,CAAC;aACR;SACF,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,UAAU,EAAE;QACjD,QAAQ,EAAE,IAAI,CAAC,UAAU;QACzB,KAAK,EAAE,KAAK;QACZ,cAAc,EAAE;YACd,WAAW,EAAE,WAAW;YACxB,aAAa,EAAE,YAAY,EAAE;YAC7B,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;YACpD,cAAc,EAAE,CAAC,MAAM,CAAC;YACxB,0BAA0B,EAAE,MAAM;YAClC,KAAK,EAAE,KAAK;SACb;KACF,CAAC,CAAC;IACH,MAAM,MAAM,GAAgB;QAC1B,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACpE,aAAa,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACxC,CAAC;IACF,MAAM,IAAI,GAAW,EAAE,GAAG,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAChD,WAAW,CAAC,IAAI,CAAC,CAAC;IAClB,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AACrC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAY;IAC7C,MAAM,IAAI,GAAG,MAAM,QAAQ,EAAE,CAAC;IAC9B,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC,UAAU,EAAE,EAAE,IAAI,CAAC,CAAC;IAC1D,MAAM,YAAY,GAAG,oBAAoB,IAAI,WAAW,CAAC;IACzD,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,UAAU,EAAE;QACnF,QAAQ,EAAE,IAAI,CAAC,UAAU;QACzB,iBAAiB,EAAE,MAAM;QACzB,WAAW,EAAE,YAAY;QACzB,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC;KACjC,CAAC,CAAC;IACH,YAAY,CAAC;QACX,QAAQ,EAAE,YAAY;QACtB,YAAY;QACZ,IAAI;QACJ,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,WAAW,EAAE,IAAI,CAAC,UAAU;QAC5B,GAAG,EAAE,gBAAgB,CAAC,QAAQ,EAAE;QAChC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;KACxC,CAAC,CAAC;IACH,OAAO,EAAE,GAAG,EAAE,gBAAgB,CAAC,QAAQ,EAAE,EAAE,CAAC;AAC9C,CAAC;AAED,SAAS,cAAc,CAAC,CAAc;IACpC,OAAO;QACL,YAAY,EAAE,CAAC,CAAC,YAAY;QAC5B,aAAa,EAAE,CAAC,CAAC,aAAa;QAC9B,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,UAAU,EACR,OAAO,CAAC,CAAC,UAAU,KAAK,QAAQ;YAC9B,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,UAAU,GAAG,IAAI;YAClC,CAAC,CAAC,SAAS;KAChB,CAAC;AACJ,CAAC;AAED,6FAA6F;AAC7F,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAAY;IAC9C,MAAM,OAAO,GAAG,WAAW,EAAE,CAAC;IAC9B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,QAAQ,CAAC,8BAA8B,EAAE,MAAM,EAAE;YACzD,0CAA0C;SAC3C,CAAC,CAAC;IACL,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,QAAQ,EAAE,CAAC;IAC9B,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC,UAAU,EAAE,EAAE,IAAI,CAAC,CAAC;IAC1D,IAAI,MAAmB,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,qBAAqB,CAAC,IAAI,CAAC,UAAU,EAAE;YACpD,uEAAuE;YACvE,6DAA6D;YAC7D,QAAQ,EAAE,IAAI,CAAC,UAAU;YACzB,iBAAiB,EAAE,MAAM;YACzB,iBAAiB,EAAE,IAAI;YACvB,YAAY,EAAE,OAAO,CAAC,QAAQ;YAC9B,WAAW,EAAE,OAAO,CAAC,YAAY;YACjC,QAAQ,EAAE,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC;SACpC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,QAAQ,CAChB,0BAA2B,CAAW,CAAC,OAAO,EAAE,EAChD,MAAM,EACN;YACE,uFAAuF;SACxF,CACF,CAAC;IACJ,CAAC;IACD,WAAW,CAAC,EAAE,GAAG,UAAU,EAAE,EAAE,MAAM,EAAE,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACjE,YAAY,EAAE,CAAC;AACjB,CAAC;AAED,0FAA0F;AAC1F,MAAM,CAAC,KAAK,UAAU,aAAa;IACjC,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,aAAa,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,CAAC;QACzD,MAAM,IAAI,QAAQ,CAAC,sCAAsC,EAAE,MAAM,EAAE;YACjE,4BAA4B;SAC7B,CAAC,CAAC;IACL,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,QAAQ,EAAE,CAAC;IAC9B,IAAI,MAAmB,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,oBAAoB,CAAC,IAAI,CAAC,UAAU,EAAE;YACnD,QAAQ,EAAE,IAAI,CAAC,UAAU;YACzB,iBAAiB,EAAE;gBACjB,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS;gBAC/B,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,aAAa;oBAC1B,CAAC,CAAC,EAAE,aAAa,EAAE,GAAG,CAAC,MAAM,CAAC,aAAa,EAAE;oBAC7C,CAAC,CAAC,EAAE,CAAC;aACR;YACD,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,aAAa;YACtC,QAAQ,EAAE,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC;SACjC,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,QAAQ,CAAC,uCAAuC,EAAE,MAAM,EAAE;YAClE,4BAA4B;SAC7B,CAAC,CAAC;IACL,CAAC;IACD,wFAAwF;IACxF,WAAW,CAAC,EAAE,GAAG,UAAU,EAAE,EAAE,MAAM,EAAE,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AACnE,CAAC;AAED,sFAAsF;AACtF,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,MAAM,KAAK,GAAG,GAAG,CAAC,MAAM,EAAE,aAAa,IAAI,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC;IACpE,IAAI,CAAC,KAAK,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS;QAAE,OAAO;IAC7C,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,QAAQ,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAI,IAAI,CAAC,UAAsC;aAC1D,mBAAyC,CAAC;QAC7C,IAAI,CAAC,QAAQ;YAAE,OAAO;QACtB,MAAM,KAAK,CAAC,QAAQ,EAAE;YACpB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,KAAK;gBACL,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS;aAChC,CAAC;SACH,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,oEAAoE;IACtE,CAAC;AACH,CAAC"}

package/dist/src/output.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Output helpers. Handlers return plain objects (StructuredOutput) and the AXI SDK
+ * serializes them to TOON at the boundary — never print here.
+ */
+export type StructuredOutput = Record<string, unknown>;
+/** Default caps for token-frugal output. */
+export declare const CELL_CHAR_CAP = 120;
+export declare const PREVIEW_ROW_CAP = 20;
+/** Truncate a cell value with a visible marker showing the full length. */
+export declare function truncateCell(value: string, cap?: number): string;
+/** Cap a list to `limit` rows, returning the kept rows and whether more exist. */
+export declare function capList<T>(rows: T[], limit?: number): {
+    rows: T[];
+    total: number;
+    capped: boolean;
+};
+/** "N of M" when a total is known, else "N". */
+export declare function countLabel(shown: number, total?: number): string;
+/** Compact relative time like "2h ago" / "3d ago" from an ISO/epoch input. */
+export declare function relativeTime(when: string | number | Date, now: Date): string;

package/dist/src/output.js

@@ -0,0 +1,44 @@
+/**
+ * Output helpers. Handlers return plain objects (StructuredOutput) and the AXI SDK
+ * serializes them to TOON at the boundary — never print here.
+ */
+/** Default caps for token-frugal output. */
+export const CELL_CHAR_CAP = 120;
+export const PREVIEW_ROW_CAP = 20;
+/** Truncate a cell value with a visible marker showing the full length. */
+export function truncateCell(value, cap = CELL_CHAR_CAP) {
+    if (value.length <= cap)
+        return value;
+    return `${value.slice(0, cap)}…(truncated, ${value.length} chars total)`;
+}
+/** Cap a list to `limit` rows, returning the kept rows and whether more exist. */
+export function capList(rows, limit = PREVIEW_ROW_CAP) {
+    if (rows.length <= limit)
+        return { rows, total: rows.length, capped: false };
+    return { rows: rows.slice(0, limit), total: rows.length, capped: true };
+}
+/** "N of M" when a total is known, else "N". */
+export function countLabel(shown, total) {
+    if (total === undefined || total === shown)
+        return `${shown}`;
+    return `${shown} of ${total}`;
+}
+/** Compact relative time like "2h ago" / "3d ago" from an ISO/epoch input. */
+export function relativeTime(when, now) {
+    const then = when instanceof Date ? when : new Date(when);
+    const ms = now.getTime() - then.getTime();
+    if (!Number.isFinite(ms))
+        return "unknown";
+    const s = Math.round(ms / 1000);
+    if (s < 60)
+        return `${s}s ago`;
+    const m = Math.round(s / 60);
+    if (m < 60)
+        return `${m}m ago`;
+    const h = Math.round(m / 60);
+    if (h < 24)
+        return `${h}h ago`;
+    const d = Math.round(h / 24);
+    return `${d}d ago`;
+}
+//# sourceMappingURL=output.js.map

package/dist/src/output.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"output.js","sourceRoot":"","sources":["../../src/output.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,4CAA4C;AAC5C,MAAM,CAAC,MAAM,aAAa,GAAG,GAAG,CAAC;AACjC,MAAM,CAAC,MAAM,eAAe,GAAG,EAAE,CAAC;AAElC,2EAA2E;AAC3E,MAAM,UAAU,YAAY,CAAC,KAAa,EAAE,GAAG,GAAG,aAAa;IAC7D,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG;QAAE,OAAO,KAAK,CAAC;IACtC,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,gBAAgB,KAAK,CAAC,MAAM,eAAe,CAAC;AAC3E,CAAC;AAED,kFAAkF;AAClF,MAAM,UAAU,OAAO,CACrB,IAAS,EACT,KAAK,GAAG,eAAe;IAEvB,IAAI,IAAI,CAAC,MAAM,IAAI,KAAK;QAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IAC7E,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAC1E,CAAC;AAED,gDAAgD;AAChD,MAAM,UAAU,UAAU,CAAC,KAAa,EAAE,KAAc;IACtD,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,KAAK;QAAE,OAAO,GAAG,KAAK,EAAE,CAAC;IAC9D,OAAO,GAAG,KAAK,OAAO,KAAK,EAAE,CAAC;AAChC,CAAC;AAED,8EAA8E;AAC9E,MAAM,UAAU,YAAY,CAAC,IAA4B,EAAE,GAAS;IAClE,MAAM,IAAI,GAAG,IAAI,YAAY,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1D,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;IAC1C,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QAAE,OAAO,SAAS,CAAC;IAC3C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,GAAG,EAAE;QAAE,OAAO,GAAG,CAAC,OAAO,CAAC;IAC/B,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7B,IAAI,CAAC,GAAG,EAAE;QAAE,OAAO,GAAG,CAAC,OAAO,CAAC;IAC/B,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7B,IAAI,CAAC,GAAG,EAAE;QAAE,OAAO,GAAG,CAAC,OAAO,CAAC;IAC/B,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7B,OAAO,GAAG,CAAC,OAAO,CAAC;AACrB,CAAC"}

package/dist/src/transcript.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Transcript parser. otter-axi owns this so consumers don't re-derive a fragile `[ts] speaker:`
+ * regex (see specs/principles.md). The parse is best-effort on *structure* but lossless on
+ * *content*: every character of the source survives — unrecognized lines are preserved as
+ * continuations of the current segment, never dropped.
+ */
+export interface Segment {
+    /** `H:MM:SS` timestamp without brackets, or "" for leading pre-timestamp text. */
+    start: string;
+    /** Speaker label as written ("Speaker 1" or a real name), or "" when unknown. */
+    speaker: string;
+    text: string;
+}
+/** Parse an Otter transcript string into ordered segments (lossless on content). */
+export declare function parseTranscript(transcript: string): Segment[];
+/** Reassemble segments into the original transcript text (inverse of parseTranscript). */
+export declare function segmentsToText(segments: Segment[]): string;
+/** Serialize segments to RFC-4180 CSV with a `start,speaker,text` header. */
+export declare function segmentsToCsv(segments: Segment[]): string;
+/** Serialize segments to TSV; tabs/newlines inside text are escaped so rows stay one-per-line. */
+export declare function segmentsToTsv(segments: Segment[]): string;

package/dist/src/transcript.js

@@ -0,0 +1,61 @@
+/**
+ * Transcript parser. otter-axi owns this so consumers don't re-derive a fragile `[ts] speaker:`
+ * regex (see specs/principles.md). The parse is best-effort on *structure* but lossless on
+ * *content*: every character of the source survives — unrecognized lines are preserved as
+ * continuations of the current segment, never dropped.
+ */
+const LINE = /^\[(\d+:\d{1,2}:\d{2})\]\s+(.+?):\s?(.*)$/;
+/** Parse an Otter transcript string into ordered segments (lossless on content). */
+export function parseTranscript(transcript) {
+    const segments = [];
+    let current;
+    const lines = transcript.split("\n");
+    lines.forEach((line, i) => {
+        const m = line.match(LINE);
+        if (m) {
+            current = { start: m[1], speaker: m[2], text: m[3] };
+            segments.push(current);
+            return;
+        }
+        // Continuation / blank / pre-timestamp line: append verbatim to the current segment.
+        if (!current) {
+            current = { start: "", speaker: "", text: line };
+            segments.push(current);
+        }
+        else {
+            current.text += `\n${line}`;
+        }
+        void i;
+    });
+    return segments;
+}
+/** Reassemble segments into the original transcript text (inverse of parseTranscript). */
+export function segmentsToText(segments) {
+    return segments
+        .map((s) => (s.start ? `[${s.start}] ${s.speaker}: ${s.text}` : s.text))
+        .join("\n");
+}
+function csvField(value) {
+    // RFC 4180: quote when the field contains a comma, quote, CR or LF; double internal quotes.
+    if (/[",\r\n]/.test(value))
+        return `"${value.replace(/"/g, '""')}"`;
+    return value;
+}
+/** Serialize segments to RFC-4180 CSV with a `start,speaker,text` header. */
+export function segmentsToCsv(segments) {
+    const rows = ["start,speaker,text"];
+    for (const s of segments) {
+        rows.push([s.start, s.speaker, s.text].map(csvField).join(","));
+    }
+    return `${rows.join("\r\n")}\r\n`;
+}
+/** Serialize segments to TSV; tabs/newlines inside text are escaped so rows stay one-per-line. */
+export function segmentsToTsv(segments) {
+    const esc = (v) => v.replace(/\\/g, "\\\\").replace(/\t/g, "\\t").replace(/\r?\n/g, "\\n");
+    const rows = ["start\tspeaker\ttext"];
+    for (const s of segments) {
+        rows.push([s.start, s.speaker, s.text].map(esc).join("\t"));
+    }
+    return `${rows.join("\n")}\n`;
+}
+//# sourceMappingURL=transcript.js.map

package/dist/src/transcript.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transcript.js","sourceRoot":"","sources":["../../src/transcript.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAUH,MAAM,IAAI,GAAG,2CAA2C,CAAC;AAEzD,oFAAoF;AACpF,MAAM,UAAU,eAAe,CAAC,UAAkB;IAChD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,OAA4B,CAAC;IAEjC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACrC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,IAAI,CAAC,EAAE,CAAC;YACN,OAAO,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACvB,OAAO;QACT,CAAC;QACD,qFAAqF;QACrF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YACjD,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;QAC9B,CAAC;QACD,KAAK,CAAC,CAAC;IACT,CAAC,CAAC,CAAC;IAEH,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,0FAA0F;AAC1F,MAAM,UAAU,cAAc,CAAC,QAAmB;IAChD,OAAO,QAAQ;SACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,OAAO,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;SACvE,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa;IAC7B,4FAA4F;IAC5F,IAAI,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC;IACpE,OAAO,KAAK,CAAC;AACf,CAAC;AAED,6EAA6E;AAC7E,MAAM,UAAU,aAAa,CAAC,QAAmB;IAC/C,MAAM,IAAI,GAAG,CAAC,oBAAoB,CAAC,CAAC;IACpC,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAClE,CAAC;IACD,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;AACpC,CAAC;AAED,kGAAkG;AAClG,MAAM,UAAU,aAAa,CAAC,QAAmB;IAC/C,MAAM,GAAG,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IACnG,MAAM,IAAI,GAAG,CAAC,sBAAsB,CAAC,CAAC;IACtC,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;AAChC,CAAC"}

package/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "otter-axi",
+  "version": "0.1.0",
+  "type": "module",
+  "description": "Find and pull Otter.ai meeting transcripts from the terminal with token-efficient output.",
+  "bin": {
+    "otter-axi": "dist/bin/otter-axi.js"
+  },
+  "files": [
+    "dist",
+    "skills/otter-axi",
+    "LICENSE",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "license": "MIT",
+  "scripts": {
+    "build": "tsc && chmod +x dist/bin/otter-axi.js",
+    "dev": "bun bin/otter-axi.ts",
+    "test": "vitest run --passWithNoTests",
+    "test:watch": "vitest",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.20.0",
+    "@toon-format/toon": "^2.3.0",
+    "axi-sdk-js": "^0.1.7"
+  },
+  "devDependencies": {
+    "@types/node": "^25.9.3",
+    "typescript": "^6.0.3",
+    "vitest": "^4.1.9"
+  },
+  "author": "Jarvus Innovations",
+  "keywords": [
+    "otter",
+    "otter.ai",
+    "axi",
+    "cli",
+    "agent",
+    "transcripts",
+    "mcp",
+    "toon"
+  ]
+}

package/skills/otter-axi/SKILL.md

@@ -0,0 +1,68 @@
+---
+name: otter-axi
+description: "AXI-compliant CLI for Otter.ai — find and pull meeting transcripts from the terminal with token-efficient TOON output. Use when the user wants to search their Otter meetings (by keyword, date range, title, attendee, channel, or folder), browse recent conversations, or pull a full meeting transcript by id/URL. Wraps Otter's hosted MCP server over OAuth; prefer this over the hosted MCP connector for scriptable, headless access."
+user-invocable: false
+author: Jarvus Innovations
+metadata:
+  hermes:
+    tags: [otter, transcripts, meetings, notes, mcp]
+    category: productivity
+---
+
+# otter-axi
+
+Agent-ergonomic CLI that wraps Otter.ai's hosted MCP server to **find and pull meeting
+transcripts**. Run `otter-axi --help` for the command list and `otter-axi <command> --help`
+for any command's usage. It does find-and-pull only — analysis is the caller's job.
+
+## Setup
+
+One-time browser approval, then headless forever after (tokens refresh silently):
+
+```sh
+otter-axi auth login     # opens your browser; approve access
+otter-axi doctor         # verify: config → credentials → MCP reachable
+```
+
+Agents driving the login over a relay: `otter-axi auth login --no-wait` prints the authorize
+URL and returns; relay it, then run `otter-axi auth login --wait` in a separate turn to capture
+the redirect. Authorization codes are short-lived — approve promptly.
+
+Tokens live in `~/.config/otter-axi/config.json` (mode 0600) and are never printed.
+
+## Core workflow
+
+1. **Find / browse** with `search` — returns meeting *metadata* (title, date, duration,
+   one-line summary, action-item count, and the id). An empty query plus a date range is
+   browse mode.
+
+   ```sh
+   otter-axi search "pricing discussion" --after 30d
+   otter-axi search --after 2026/05/01 --before 2026/05/07   # browse a window
+   otter-axi search --in-transcript "roadmap,milestones" --attended-by "Jane Doe"
+   ```
+
+   Flags: `-q/--query`, `--after`/`--before` (ISO `2026-05-01` or relative `7d`/`2w`/`3m`),
+   `--title-contains`, `--in-transcript`, `--attended-by`, `--channel`, `--folder`, `--mine`,
+   `--limit`, `--full`.
+
+2. **Pull a transcript** with `fetch` — takes an id (from search) or an `otter.ai/u/<id>` URL:
+
+   ```sh
+   otter-axi fetch <id>                    # metadata header + preview
+   otter-axi fetch <id> --full             # verbatim transcript to stdout (pipe it)
+   otter-axi fetch <id> --text-out t.txt   # verbatim transcript to a file
+   otter-axi fetch <id> --json-out t.json  # parsed segments [{start,speaker,text}]
+   otter-axi fetch <id> --csv-out t.csv    # parsed segments as CSV (--tsv-out for TSV)
+   ```
+
+   Transcripts are `[H:MM:SS] Speaker N: …`. Default/`--full`/`--text-out` are verbatim; the
+   `--json-out`/`--csv-out`/`--tsv-out` modes parse into `{start,speaker,text}` segments via
+   otter-axi's own lossless parser (so you don't re-derive it). At most one output mode per call.
+
+## Notes
+
+- Read-only: scopes are `profile:read` + `conversations:read`. No write/delete operations exist.
+- `otter-axi setup hooks` installs the SessionStart hook (Claude Code / Codex / OpenCode) that
+  surfaces the home view at session start; `OTTER_AXI_DISABLE_HOOKS=1` opts out.
+- Install ad hoc with `npx -y otter-axi <command>`.