troxy-cli 1.2.5 → 1.2.7

package/bin/troxy.js

@@ -2,7 +2,8 @@
 import { runInit }                     from '../src/init.js';
 import { runUninstall }                from '../src/uninstall.js';
 import { runMcp }                      from '../src/mcp-server.js';
-import { runLogin, clearSession, requireKey, requireJwt, getKeySource } from '../src/auth.js';
+import { runLogin, clearSession, requireKey, requireJwt, loadSession, getKeySource } from '../src/auth.js';
+import { loadConfig } from '../src/config.js';
 import { runPolicies }                 from '../src/policies.js';
 import { runMcps }                     from '../src/mcps.js';
 import { runActivity }                 from '../src/activity.js';
@@ -141,7 +142,8 @@ switch (command) {
     const result = await api.evaluate(body, apiKey);
     const ICON = { ALLOW: '✓', BLOCK: '✗', ESCALATE: '⏳', NOTIFY: '~' };
     const icon = ICON[result.decision] || '?';
-    console.log(`\n  ${icon} ${result.decision}${result.policy ? `  ←  "${result.policy}"` : '  (default action)'}`);
+    const suffix = result.policy ? `  ←  "${result.policy}"` : result.reason ? `  —  ${result.reason}` : '  (default action)';
+    console.log(`\n  ${icon} ${result.decision}${suffix}`);
     if (result.audit_id) console.log(`  audit: ${result.audit_id}`);
     console.log();
     break;
@@ -161,9 +163,9 @@ switch (command) {
     break;
 
   case 'insights': {
-    const apiKey = requireKey(flags);
+    const jwt    = requireJwt();
     const period = Number(flags.period || 30);
-    const data   = await api.agentInsights(apiKey, period);
+    const data   = await api.agentInsights(jwt, period);
     const d      = data;
     console.log(`
   Insights — last ${d.period_days} days
@@ -203,27 +205,29 @@ switch (command) {
     process.stdout.write(`  DB:   ${health.db}\n`);
     process.stdout.write(`  Env:  ${health.env}\n`);
 
-    // If we have a key, show enriched status
-    try {
-      const apiKey  = requireKey(flags);
-      const source  = getKeySource();
-      const data    = await api.agentStatus(apiKey);
-      const { token, account } = data;
-      const keyNote = source === 'config'
-        ? '(saved — run `troxy init` to change)'
-        : source === 'env' ? '(from TROXY_API_KEY env)' : '(passed via --key)';
-      console.log(`
-  Key:      ${token.prefix}  ${keyNote}
-  MCP:      ${token.connected ? '● connected' : '○ offline'}  last seen ${token.last_seen}
-  Fallback: ${token.default_action}
-
+    // Account info from login session
+    const session = loadSession();
+    if (session?.jwt) {
+      try {
+        const data = await api.agentStatus(session.jwt);
+        const { account } = data;
+        console.log(`
   Account
     Active policies:  ${account.active_policies}
     MCPs total:       ${account.total_mcps}  (${account.connected_mcps} connected)
     Requests 24h:     ${account.requests_24h}
     Default action:   ${account.default_action}
 `);
-    } catch (err) { if (err.code === 'UNAUTHORIZED') throw err; console.log(); }
+      } catch { console.log(); }
+    } else {
+      console.log('\n  Not logged in. Run: troxy login\n');
+    }
+
+    // MCP connection info from local config (set by troxy init)
+    const localKey = loadConfig()?.apiKey;
+    if (localKey) {
+      console.log(`  MCP key:  ${localKey.substring(0, 12)}...  (saved — run \`troxy init\` to change)\n`);
+    }
 
     // Version check
     try {
@@ -248,34 +252,32 @@ switch (command) {
   Troxy — AI payment control
 
   First time on a machine?  Run: npx troxy init --key <api-key>
-  This saves your key to ~/.troxy/config.json — no need to pass --key again.
+  MCP setup (once per machine):   troxy init --key <api-key>
+  Login for CLI commands (12h):   troxy login
 
-  Setup
-    troxy connect --key <api-key>  Save API key (CLI only — no MCP setup)
-    troxy init --key <api-key>     Full setup: save key + configure MCP
-    troxy rotate-key               Create new key + save it (requires login)
+  MCP Setup
+    troxy init --key <api-key>     Connect this machine as an MCP + save key
+    troxy rotate-key               Create new MCP key + save it
     troxy rotate-key --revoke-old  Same + revoke the old key immediately
     troxy uninstall                Remove Troxy from this machine
-    troxy status                   API health + which key is in use
+    troxy status                   API health + account overview
 
-  Simulate
-    troxy pay --merchant "Amazon" --amount 50 --card "Work"
-    troxy pay --merchant "Google" --amount 300 --card "Work" --category software
-
-  Inspect  (uses saved key — no flags needed after init)
+  Inspect  (requires: troxy login)
     troxy policies list
     troxy policies describe --name "Block Amazon"
     troxy mcps list
     troxy activity [--limit 50] [--mine]
     troxy insights [--period 7]
 
-  Manage  (requires: npx troxy login)
+  Manage  (requires: troxy login)
     troxy policies create --name "X" --action BLOCK --field amount --operator gte --value 500
     troxy policies enable  --name "X"
     troxy policies disable --name "X"
     troxy policies delete  --name "X"
 
-  Override key for a single command:  --key txy-...
+  Simulate  (requires MCP key — run troxy init first)
+    troxy pay --merchant "Amazon" --amount 50 --card "Work"
+    troxy pay --merchant "Google" --amount 300 --card "Work" --category software
 `);
     process.exit(command ? 1 : 0);
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "troxy-cli",
-  "version": "1.2.5",
+  "version": "1.2.7",
   "description": "AI payment control — protect your agent's payments with policies",
   "type": "module",
   "bin": {

package/src/activity.js

@@ -1,22 +1,22 @@
 import { api }               from './api.js';
-import { requireKey }        from './auth.js';
+import { requireJwt }        from './auth.js';
 import { table }             from './print.js';
 
 const ICON = { ALLOW: '✓', BLOCK: '✗', ESCALATE: '⏳', NOTIFY: '~' };
 
 export async function runActivity(flags) {
-  const apiKey = requireKey(flags);
-  const limit  = Number(flags.limit || 20);
-  const mine   = !!flags.mine;
+  const jwt   = requireJwt();
+  const limit = Number(flags.limit || 20);
+  const mine  = !!flags.mine;
 
-  const data = await api.agentActivity(apiKey, limit, mine);
+  const data = await api.agentActivity(jwt, limit, mine);
   const rows = data?.activity || [];
 
   if (!rows.length) { console.log('\n  No activity yet.\n'); return; }
 
   console.log();
   table(
-    ['Decision', 'Merchant', 'Category', 'Amount', 'Policy', 'Card', 'Agent', 'When'],
+    ['Decision', 'Merchant', 'Category', 'Amount', 'Policy', 'Agent', 'When'],
     rows.map(r => {
       const icon = ICON[r.decision?.split('→')[0]] || ' ';
       return [
@@ -24,8 +24,7 @@ export async function runActivity(flags) {
         r.merchant,
         r.category,
         r.amount ? `$${Number(r.amount).toFixed(2)}` : '—',
-        r.policy,
-        r.card,
+        r.decision_source === 'budget' ? 'budget limit' : r.policy,
         r.agent,
         r.when,
       ];

package/src/api.js

@@ -55,13 +55,13 @@ export const api = {
   // MCP heartbeat (agent API key)
   mcpHeartbeat: (apiKey, agentName) => request('POST', '/mcp/heartbeat', { apiKey, body: agentName ? { agent_name: agentName } : undefined }),
 
-  // Agent read-only API (API key auth — no JWT required)
-  agentStatus:   (apiKey)              => request('GET', '/agent/status',   { apiKey }),
-  agentPolicies: (apiKey)              => request('GET', '/agent/policies',  { apiKey }),
-  agentMcps:     (apiKey)              => request('GET', '/agent/mcps',      { apiKey }),
-  agentCards:    (apiKey)              => request('GET', '/agent/cards',      { apiKey }),
-  agentActivity: (apiKey, limit, mine) => request('GET', `/agent/activity?limit=${limit || 20}${mine ? '&mine=true' : ''}`, { apiKey }),
-  agentInsights: (apiKey, period)      => request('GET', `/agent/insights?period=${period || 30}`, { apiKey }),
+  // Agent read-only API (JWT session auth — run: troxy login)
+  agentStatus:   (jwt)              => request('GET', '/agent/status',   { jwt }),
+  agentPolicies: (jwt)              => request('GET', '/agent/policies',  { jwt }),
+  agentMcps:     (jwt)              => request('GET', '/agent/mcps',      { jwt }),
+  agentCards:    (jwt)              => request('GET', '/agent/cards',      { jwt }),
+  agentActivity: (jwt, limit, mine) => request('GET', `/agent/activity?limit=${limit || 20}${mine ? '&mine=true' : ''}`, { jwt }),
+  agentInsights: (jwt, period)      => request('GET', `/agent/insights?period=${period || 30}`, { jwt }),
 };
 
 // Named export for backwards compat with init.js + mcp-server.js

package/src/auth.js

@@ -27,7 +27,7 @@ export function clearSession() {
 export function requireJwt() {
   const session = loadSession();
   if (!session?.jwt) {
-    console.error('\n  Not logged in. Run: npx troxy login\n');
+    console.error('\n  Not logged in. Run: troxy login\n');
     process.exit(1);
   }
   return session.jwt;

package/src/mcps.js

@@ -1,14 +1,14 @@
-import { api }       from './api.js';
-import { loadConfig } from './config.js';
-import { requireKey } from './auth.js';
-import { table }      from './print.js';
+import { api }        from './api.js';
+import { loadConfig }  from './config.js';
+import { requireJwt }  from './auth.js';
+import { table }       from './print.js';
 
 export async function runMcps([sub], flags) {
-  const apiKey = requireKey(flags);
+  const jwt = requireJwt();
 
   switch (sub || 'list') {
     case 'list': {
-      const data = await api.agentMcps(apiKey);
+      const data = await api.agentMcps(jwt);
       const mcps = data?.mcps || [];
       if (!mcps.length) { console.log('\n  No MCP connections yet.\n'); return; }
       console.log();

package/src/policies.js

@@ -1,5 +1,5 @@
 import { api }               from './api.js';
-import { requireJwt, requireKey } from './auth.js';
+import { requireJwt } from './auth.js';
 import { table }             from './print.js';
 
 const DECISION_ICON = { ALLOW: '✓', BLOCK: '✗', ESCALATE: '⏳', NOTIFY: '~', TIERED: '⊕' };
@@ -11,14 +11,14 @@ function _scope(p) {
 }
 
 export async function runPolicies([sub, ...args], flags) {
-  // Read-only subcommands work with just an API key
+  // Read-only subcommands work with a login session
   const readOnly = !sub || sub === 'list' || sub === 'describe';
 
   if (readOnly) {
-    const apiKey = requireKey(flags);
+    const jwt = requireJwt();
     switch (sub || 'list') {
       case 'list': {
-        const data = await api.agentPolicies(apiKey);
+        const data = await api.agentPolicies(jwt);
         const policies = data?.policies || [];
         if (!policies.length) { console.log('\n  No policies yet.\n'); return; }
         console.log();
@@ -39,8 +39,8 @@ export async function runPolicies([sub, ...args], flags) {
 
       case 'describe': {
         const name = flags.name;
-        if (!name) { console.error('  --name is required\n'); process.exit(1); }
-        const data = await api.agentPolicies(apiKey);
+        if (!name) { console.error('  --name is required  (tip: use single quotes for names with special chars)\n'); process.exit(1); }
+        const data = await api.agentPolicies(jwt);
         const p = (data?.policies || []).find(x => x.name.toLowerCase() === name.toLowerCase());
         if (!p) { console.error(`  Policy "${name}" not found\n`); process.exit(1); }
 
@@ -105,7 +105,16 @@ export async function runPolicies([sub, ...args], flags) {
       const { policies = [] } = await api.listPolicies(jwt);
       const policy = policies.find(p => p.name === name);
       if (!policy) { console.error(`  Policy "${name}" not found\n`); process.exit(1); }
-      await api.updatePolicy(jwt, policy.id, { enabled: sub === 'enable' });
+      await api.updatePolicy(jwt, policy.id, {
+        name:          policy.name,
+        action:        policy.action,
+        description:   policy.description || '',
+        conditions:    policy.conditions || [],
+        or_conditions: policy.or_conditions || [],
+        tiers:         policy.tiers || null,
+        global:        policy.global !== false,
+        enabled:       sub === 'enable',
+      });
       console.log(`\n  Policy "${name}" ${sub}d ✓\n`);
       break;
     }

package/src/cards.js

@@ -1,63 +0,0 @@
-import { api }               from './api.js';
-import { requireJwt, requireKey } from './auth.js';
-import { table }             from './print.js';
-
-export async function runCards([sub, ...args], flags) {
-  // list is read-only — works with API key
-  if (!sub || sub === 'list') {
-    const apiKey = requireKey(flags);
-    const data   = await api.agentCards(apiKey);
-    const cards  = data?.cards || [];
-    if (!cards.length) { console.log('\n  No cards yet.\n'); return; }
-    console.log();
-    table(
-      ['Name', 'Last 4', 'Status', 'Budget', 'Used', 'Remaining', 'Default Action'],
-      cards.map(c => [
-        c.name,
-        c.last_four ? `···${c.last_four}` : '—',
-        c.status,
-        c.monthly_budget ? `$${c.monthly_budget}` : 'no limit',
-        `$${Number(c.budget_used || 0).toFixed(2)}`,
-        c.budget_remaining != null ? `$${Number(c.budget_remaining).toFixed(2)}` : '—',
-        c.default_action || 'ALLOW',
-      ]),
-    );
-    return;
-  }
-
-  // Write operations need JWT
-  const jwt = requireJwt();
-
-  switch (sub) {
-    case 'create': {
-      const name = flags.name;
-      if (!name) { console.error('  --name is required\n'); process.exit(1); }
-      const body = {
-        alias_name:     name,
-        monthly_budget: flags.budget ? Number(flags.budget) : null,
-        provider:       flags.provider || null,
-        card_number:    flags['card-number'] || null,
-        status:         'active',
-      };
-      const card = await api.createCard(jwt, body);
-      console.log(`\n  Card "${card.alias_name}" created ✓\n`);
-      break;
-    }
-
-    case 'delete': {
-      const name = flags.name;
-      if (!name) { console.error('  --name is required\n'); process.exit(1); }
-      const data = await api.listCards(jwt);
-      const card = (data?.cards || []).find(c => c.name === name);
-      if (!card) { console.error(`  Card "${name}" not found\n`); process.exit(1); }
-      await api.deleteCard(jwt, card.id);
-      console.log(`\n  Card "${name}" deleted ✓\n`);
-      break;
-    }
-
-    default:
-      console.error(`  Unknown subcommand: ${sub}`);
-      console.error('  Usage: troxy cards [list|create|delete]\n');
-      process.exit(1);
-  }
-}