troxy-cli 1.3.0 → 1.3.2

package/README.md

@@ -1,6 +1,6 @@
 # troxy-cli
 
-The official Troxy CLI — onboard AI agents, manage cards and policies from the terminal.
+The official Troxy CLI — onboard AI agents, manage MCPs and policies from the terminal.
 
 ## Prerequisites
 
@@ -48,12 +48,13 @@ npx troxy-cli <command>
 
 | Command | Description |
 |---------|-------------|
-| `troxy init` | Connect an agent to Troxy — validates API key, sets agent name, writes config |
-| `troxy login` | Authenticate via magic-link code (enter the code from your email) |
-| `troxy cards` | List card aliases |
-| `troxy policies` | List policies |
+| `troxy init` | Connect an agent to Troxy — validates API key, sets agent name, patches MCP configs |
+| `troxy login` | Start a 12-hour CLI session (opens browser → copy code → paste into terminal) |
+| `troxy mcps` | List connected MCP agents and their status |
+| `troxy policies` | List and manage policies |
 | `troxy activity` | View recent transaction audit log |
-| `troxy status` | Show current config and connection status |
+| `troxy insights` | Spending stats and decision breakdown |
+| `troxy status` | Show connection status and account overview |
 
 ## How it works
 
@@ -68,10 +69,11 @@ The CLI also ships an MCP server (`src/mcp-server.js`) that exposes Troxy as a t
 
 ## Auth flow
 
-`troxy login` triggers the same magic-link flow as the dashboard:
-- Sends a code to your email
-- Prompts you to enter the `XXXX-XXXX` code in the terminal
-- Stores the JWT locally for subsequent CLI calls
+`troxy login` uses a device-code flow:
+- Opens your browser to the Troxy login page
+- You log in and copy the code shown on the page
+- Paste the code into the terminal
+- Stores the JWT locally for 12 hours
 
 ## Stack
 

package/bin/troxy.js

@@ -31,13 +31,16 @@ try { await _run(); } catch (err) { _handleError(err); }
 function _handleError(err) {
   if (err.code === 'UNAUTHORIZED') {
     const source = getKeySource();
-    if (source === 'config') {
+    if (!source) {
+      // JWT-based command — session expired or not logged in
+      console.error('\n  Session expired or not logged in. Run: troxy login\n');
+    } else if (source === 'config') {
       console.error('\n  API key revoked or invalid.');
       console.error('  Your saved key is no longer accepted by Troxy.');
       console.error('  Run: npx troxy init --key <new-key>  to reconnect.\n');
     } else {
       console.error('\n  API key invalid or revoked.');
-      console.error('  Check the key in your Troxy dashboard → Connections.\n');
+      console.error('  Check the key in your Troxy dashboard → API Keys.\n');
     }
   } else {
     console.error(`\n  Error: ${err.message}\n`);
@@ -137,7 +140,8 @@ switch (command) {
     const category = flags.category;
     if (!merchant)    { console.error('  --merchant is required\n'); process.exit(1); }
     if (isNaN(amount)){ console.error('  --amount is required\n');   process.exit(1); }
-    const body = { card_alias: card, merchant_name: merchant, amount, agent: 'troxy-cli' };
+    const agentName = loadConfig()?.agentName || 'troxy-cli';
+    const body = { card_alias: card, merchant_name: merchant, amount, agent: agentName };
     if (category) body.merchant_category = category;
     const result = await api.evaluate(body, apiKey);
     const ICON = { ALLOW: '✓', BLOCK: '✗', ESCALATE: '⏳', NOTIFY: '~' };
@@ -251,6 +255,10 @@ switch (command) {
     console.log(`
   Troxy — AI payment control
 
+  First time? Run these two commands in order:
+    1) npx troxy-cli init --key txy-...   (get key from https://dash.troxy.io)
+    2) troxy login                         (start a 12h CLI session)
+
   MCP setup (once per machine):  troxy init --key <api-key>
   Login for CLI commands (12h):  troxy login
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "troxy-cli",
-  "version": "1.3.0",
+  "version": "1.3.2",
   "description": "AI payment control — protect your agent's payments with policies",
   "type": "module",
   "bin": {

package/src/auth.js

@@ -68,6 +68,10 @@ function loadConfig() {
 }
 
 function _openBrowser(url) {
+  const isHeadless = process.platform === 'linux'
+    && !process.env.DISPLAY
+    && !process.env.WAYLAND_DISPLAY;
+  if (isHeadless) return;
   const cmd = process.platform === 'darwin' ? `open "${url}"`
             : process.platform === 'win32'  ? `start "" "${url}"`
             : `xdg-open "${url}"`;
@@ -85,16 +89,53 @@ export async function runLogin() {
     process.exit(1);
   }
 
-  // 2. Open browser
-  console.log('\n  Opening browser to complete login...');
-  console.log(`  If it didn't open, visit:\n  ${session.url}\n`);
-  _openBrowser(session.url);
+  // 2. Open browser (or print URL on headless servers)
+  const isHeadless = process.platform === 'linux' && !process.env.DISPLAY && !process.env.WAYLAND_DISPLAY;
+  if (isHeadless) {
+    console.log('\n  Open this URL in your browser to get a login code:\n');
+    console.log(`  ${session.url}`);
+    console.log('\n  (You\'ll need to sign in to your Troxy account, then copy the displayed code.)\n');
+  } else {
+    console.log('\n  Opening browser to complete login...');
+    console.log(`  If it didn't open, visit:\n  ${session.url}\n`);
+    _openBrowser(session.url);
+  }
 
-  // 3. Prompt for the code shown in the browser
-  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-  const code = await new Promise(resolve =>
-    rl.question('  Paste the code from your browser: ', ans => { rl.close(); resolve(ans.trim()); })
-  );
+  // 3. Prompt for the code shown in the browser (masked like a password,
+  //    one bullet per char so the terminal doesn't look frozen)
+  const code = await new Promise(resolve => {
+    const rl = readline.createInterface({ input: process.stdin, output: null });
+    process.stdout.write('  Paste the code from your browser: ');
+    let buf = '';
+    process.stdin.setRawMode(true);
+    process.stdin.resume();
+    process.stdin.setEncoding('utf8');
+    const onData = chunk => {
+      for (const ch of chunk) {
+        if (ch === '\r' || ch === '\n') {
+          process.stdin.setRawMode(false);
+          process.stdin.pause();
+          process.stdin.removeListener('data', onData);
+          rl.close();
+          process.stdout.write('\n');
+          resolve(buf.trim());
+          return;
+        } else if (ch === '\u0003') { // Ctrl-C
+          process.stdout.write('\n');
+          process.exit(0);
+        } else if (ch === '\u007f' || ch === '\b') { // backspace
+          if (buf.length > 0) {
+            buf = buf.slice(0, -1);
+            process.stdout.write('\b \b');
+          }
+        } else if (ch >= ' ') {
+          buf += ch;
+          process.stdout.write('•');
+        }
+      }
+    };
+    process.stdin.on('data', onData);
+  });
 
   if (!code) {
     console.error('\n  No code entered. Run troxy login to try again.\n');

package/src/init.js

@@ -73,12 +73,10 @@ export async function runInit({ key } = {}) {
     console.log('✓');
   }
 
-  // Ask for agent name
-  const agentName = await prompt('  What would you like to name this agent? (e.g. "Shopping Bot"): ');
-  if (!agentName) {
-    console.error('\n  Error: agent name is required.\n');
-    process.exit(1);
-  }
+  // Ask for agent name (default to hostname so users don't get stuck)
+  const defaultName = os.hostname() || 'my-agent';
+  const answer = await prompt(`  Name this agent (press Enter for "${defaultName}"): `);
+  const agentName = answer || defaultName;
 
   // Save config
   saveConfig({ apiKey: key, agentName });
@@ -121,7 +119,10 @@ export async function runInit({ key } = {}) {
   }
 
   console.log('\n  Your payments are now protected.');
-  console.log('  Dashboard → https://dash.troxy.io\n');
+  console.log('  Dashboard → https://dash.troxy.io');
+  console.log('\n  Try it:');
+  console.log(`    troxy pay --merchant "Test" --amount 10`);
+  console.log('  This will appear in your dashboard within seconds.\n');
 }
 
 function installService(apiKey, agentName) {

package/src/policies.js

@@ -126,9 +126,11 @@ export async function runPolicies([sub, ...args], flags) {
   }
 }
 
+const _isAny = x => !x.field || x.field === 'any' || x.operator === 'any';
+
 function _condSummary(p) {
-  const c = p.conditions || [];
-  const o = p.or_conditions || [];
+  const c = (p.conditions || []).filter(x => !_isAny(x));
+  const o = (p.or_conditions || []).filter(row => (row.conditions || []).some(x => !_isAny(x)));
   const total = c.length + o.length;
   if (total === 0) return 'always';
   return `${total} condition${total > 1 ? 's' : ''}`;
@@ -138,13 +140,15 @@ function _condDetail(p) {
   const c  = p.conditions    || [];
   const or = p.or_conditions || [];
   const parts = [];
-  if (c.length) {
-    parts.push(c.map(x => `${x.field} ${x.operator} ${x.value || ''}${x.value2 ? '–'+x.value2 : ''}`).join(' AND '));
+  const real = c.filter(x => !_isAny(x));
+  if (real.length) {
+    parts.push(real.map(x => `${x.field} ${x.operator} ${x.value || ''}${x.value2 ? '–'+x.value2 : ''}`).join(' AND '));
   }
   if (or.length) {
     or.forEach(row => {
-      const conds = (row.conditions || []).map(x => `${x.field} ${x.operator} ${x.value || ''}`).join(' AND ');
-      parts.push(`${row.action}${conds ? ' if ' + conds : ''}`);
+      const realConds = (row.conditions || []).filter(x => !_isAny(x));
+      const conds = realConds.map(x => `${x.field} ${x.operator} ${x.value || ''}`).join(' AND ');
+      parts.push(`${row.action || ''}${conds ? ' if ' + conds : ''}`);
     });
   }
   return parts.length ? parts.join('\n             ') : 'none (always matches)';