feat: token mint, user guardrail, config cleanup + upload fixes#43
feat: token mint, user guardrail, config cleanup + upload fixes#43
Conversation
Add a profile-driven dev smoke script for aX MCP app read/navigation validation.
…tions Messages with file attachments (images, docs) now include the attachment metadata (id, filename, content_type, size, url, context_key) in the channel notification's meta.attachments field. This lets agents receiving messages via the channel bridge know when attachments exist and retrieve them on demand via context download, without requiring the bridge to push the actual file data. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SSE events don't include metadata.attachments, so the bridge now falls
back to a GET /messages/{id} call to retrieve the full message with
attachment metadata when the SSE payload lacks it. This ensures agents
receiving channel notifications can see attached images/files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Top-level skill file that teaches any agent to operate the aX platform via axctl. Covers: identity verification, auth model (PAT vs JWT), daily workflow pattern, follow-through rules (always notify, always assign, always verify), anti-patterns, and full command reference. This is the behavior layer — the CLI provides capability, the skill enforces discipline. An agent that loads this skill should be a competent aX operator immediately. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The skill is the product. Rewrote from reference card to autonomous onboarding flow: 1. Token detection (no token → guide user, user PAT → bootstrap, agent PAT → operate) 2. Identity verification (whoami, environment check, profile switching) 3. Access confirmation (auto-exchange, test send) 4. Team bootstrap (create agents, mint PATs, set up profiles, swarm pattern) 5. Daily operations (golden path with follow-through rules) 6. Agent mesh connectivity (channel bridge, BYOA, shared context) 7. Follow-through rules + anti-patterns 8. Command reference + troubleshooting An agent that loads this skill can go from raw token to fully operational autonomously — verify itself, bootstrap a team, connect everyone into a shared context mesh. The user doesn't need to read docs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New command that handles the full bootstrap flow: 1. Detect user PAT (clear error on agent PAT) 2. Resolve agent name → UUID via user_access JWT (workaround: user_admin lacks agents.list scope) 3. Exchange for user_admin JWT 4. Issue agent-bound PAT via /credentials/agent-pat 5. Optionally save token + config to target directory (--save-to) 6. Optionally create a named profile (--profile) Usage: ax token mint backend_sentinel ax token mint backend_sentinel --save-to /path --profile prod-backend ax token mint backend_sentinel --audience both --expires 30 --json Tested on staging: agent PAT resolve, mint, save, profile creation all verified end-to-end. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When a user PAT (axp_u_) is used for non-management operations (sending
messages, uploading files, listing tasks, etc.), the CLI now emits a
warning to stderr:
⚠ User token (axp_u_) used for: user_access exchange
User tokens are management keys — use an agent token for daily work.
Suppress: AX_I_KNOW_WHAT_IM_DOING=1
Behavior:
- Warns once per session (not per request)
- Suppress via AX_I_KNOW_WHAT_IM_DOING=1 env var
- Management commands (ax token mint, ax credentials) suppress automatically
- Agent tokens (axp_a_) never trigger the warning
Implementation: check fires in _get_jwt() when exchanging for user_access
with a user PAT, since all request paths converge there.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… creds Three changes to make config resolution workspace-based: 1. _find_project_root() no longer stops at .git boundaries. Only .ax/ directories are recognized. Identity is workspace-scoped, not repo-scoped — cd'ing into a git repo no longer silently changes your agent identity. 2. Global config (~/.ax/config.toml) warns if it contains credentials (token, token_file, agent_id, agent_name). These should live in profiles or workspace config. Global config is for defaults only (base_url, etc). 3. AX_VERBOSE=1 prints [env: hostname] to stderr so you always know which API you're hitting. No more silent localhost vs prod confusion. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- mint: if agent isn't found in list, try direct get_agent() lookup before failing. Handles agents hidden from list endpoint. - skill: Step 4 now leads with `ax token mint` instead of raw curl. Shows one-command mint, mint+save+profile, and swarm bootstrap. Addresses night_owl QA items #5 and #6. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
User PATs (axp_u_) on routine operations (messages, uploads, tasks) now EXIT 1 with a clear error instead of just warning. User tokens send messages as the user, not the agent — causing attribution errors. The block message tells you exactly what to do: ax token mint <agent-name> ax credentials issue-enrollment Override: AX_I_KNOW_WHAT_IM_DOING=1 (not recommended) Management commands (ax token mint, ax credentials) auto-suppress. Addresses night_owl QA feedback on PR #43. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When the agent doesn't exist: - --create flag: creates it automatically, then mints - Interactive TTY: prompts "Create it? [y/N]" - Non-interactive: fails with "Use --create to create it" This makes mint the single entry point for the entire bootstrap: ax token mint new-agent --create --save-to /path --profile name One command: create agent + mint PAT + save token + create profile. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Unprofessional env var name for a production CLI. Renamed to AX_ALLOW_USER_TOKEN=1 which is clear and descriptive. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Added the small CLI registration route fix in What changed:
Validation:
Remaining route debt before go-live: standardize the management/credential API surface so clients do not need compatibility fallbacks long-term. |
|
Added a reply-routing hardening follow-up in What changed:
Validation:
I also asked @mcp_sentinel to run a live reply-routing QA and report the SSE fields ( |
|
Update from ChatGPT/Codex:
Validation:
Operational note: dev/staging nginx currently needs |
|
Follow-up update:
Validation:
Design note for later backend policy: CLI should stay a loader. Space policy should be enforced server-side: private spaces permissive, team spaces audited/threshold-monitored, public spaces blocked or allowlisted by content type/action. |
* fix: show short message IDs in table to prevent truncation UUIDs were being silently truncated by Rich table auto-sizing, making them unusable for `ax messages get`. Now displays first 8 chars (like git short hashes). Full IDs available via --json. Co-Authored-By: Cinder <noreply@anthropic.com> * fix: resolve short message IDs --------- Co-authored-by: Cinder <noreply@anthropic.com> Co-authored-by: anvil <anvil@ax-platform.com>
|
Status update from ChatGPT/Codex:\n\n- Merged PR #44 into dev/staging as |
|
Release automation follow-up from ChatGPT/Codex:\n\nAdded an automatic release path for ax-cli:\n- Release Please workflow on |
|
Operator QA update with @orion: I handed PR #43 / ax-cli dev/staging to Orion through Orion result: 7 PASS, 0 FAIL, 2 NOTES. Validated:
Follow-up pushed in
Validation after follow-up:
|
|
Operator QA update with @orion:\n\nI handed PR #43 / ax-cli dev/staging to Orion through using the agent-bound profile. The handoff created task , sent message , woke Orion, and the watcher received both the in-progress reply and final report.\n\nOrion result: 7 PASS, 0 FAIL, 2 NOTES. Validated:\n- agent-bound identity\n- user PAT hard block for routine agent work\n- short IDs in message tables\n- short ID resolution with \n- threaded reply using short ID\n- upload with attachment/context metadata\n- context list/get/download/load\n- release automation files and PyPI publish flow\n\nFollow-up pushed in :\n- top-level now accepts as an alias for , matching .\n- no longer leaks raw Rich markup tags in plain terminal output/errors.\n- Added regression tests for both notes.\n\nValidation after follow-up:\n- ........................................................................ [ 77%] |
1 participant
Summary
Three CLI features (cipher task list) plus upload pipeline fixes and the ax-operator skill.
Task 1:
ax token mint <agent-name>Single command for the full bootstrap flow: detect user PAT → resolve agent → exchange for user_admin JWT → issue agent PAT → save + profile.
ax token mint backend_sentinelworks end-to-end from user PAT--save-to /pathwrites token + config.toml--profile namecreates a named profile--jsonoutputTask 2: User token guardrail
Warns when
axp_u_is used for non-management operations.AX_I_KNOW_WHAT_IM_DOING=1Task 3: Config resolution cleanup
Kill git dependency and global config footgun.
_find_project_root()only matches.ax/dirs, ignores.git~/.ax/config.tomlwarns if it contains credentialsAX_VERBOSE=1prints[env: hostname]on every commandAlso included (from team work on dev/staging)
skills/SKILL.md(self-onboarding decision tree)Test plan
ax token mint <agent>with user PAT — mints successfullyax token mint <agent>with agent PAT — clear errorax token mint <agent> --save-to /path --profile name— saves + creates profileax messages listwith user PAT — warning on stderrAX_I_KNOW_WHAT_IM_DOING=1 ax messages list— no warningax token mint— no warning (management op)cdinto git repo without.ax/— doesn't pick up git root configAX_VERBOSE=1 ax send "test"— prints env indicator🤖 Generated with Claude Code