carp-cli 0.2.1

Command-line tool for the Claude Agent Registry Portal
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253

# Carp CLI

Command-line tool for the Claude Agent Registry Portal (Carp).

## Features

- **Search Agents**: Find agents in the registry with powerful search functionality
- **List Agents**: Browse all available agents in the registry
- **Pull Agents**: Download and extract agents locally for use
- **Upload Agents**: Upload your agents to the registry
- **Health Checks**: Verify API connectivity and status
- **Authentication**: Manage API keys for registry access

## Installation

### From Source

```bash
git clone https://github.com/refcell/carp
cd carp
just build-cli
```

The binary will be available at `cli/target/release/carp`.

### From Crates.io

```bash
cargo install carp-cli
```

## Usage

### Health Check

```bash
# Check API connectivity and status
carp healthcheck
```

### Authentication

```bash
# Login with API key
carp auth login

# Check authentication status
carp auth status

# Logout (clear stored API key)
carp auth logout
```

You can also provide API keys via:
- Command line: `--api-key YOUR_KEY`
- Environment variable: `CARP_API_KEY=YOUR_KEY`
- Global flags work with all commands for authentication

### List All Agents

```bash
# List all available agents
carp list
```

### Search for Agents

```bash
# Basic search
carp search "text processing"

# Limit results  
carp search "claude" --limit 5

# Exact match only
carp search "my-agent" --exact

# Search with verbose output
carp search "claude" --verbose
```

### Pull an Agent

```bash
# Interactive selection (shows available agents)
carp pull

# Pull specific agent (latest version)
carp pull agent-name

# Pull specific version
carp pull agent-name@1.2.0

# Pull to specific directory
carp pull agent-name --output ./my-agents/

# Force overwrite existing directory
carp pull agent-name --force

# Pull with verbose output
carp pull agent-name --verbose
```

### Upload an Agent

```bash
# Upload from current directory (requires Carp.toml)
carp upload

# Upload from specific directory
carp upload --directory ./path/to/agent

# Upload with API key (if not configured)
carp upload --api-key YOUR_API_KEY

# Upload with verbose output
carp upload --verbose
```

## Configuration

Configuration is stored in `~/.config/carp/config.toml`:

```toml
api_key = "your-api-key"
```

### Authentication Methods

1. **Config file** (persistent): `~/.config/carp/config.toml`
2. **Environment variable**: `export CARP_API_KEY="your-api-key"`
3. **Command line flag**: `--api-key YOUR_API_KEY` (works with any command)

### Global Options

All commands support these global options:
- `--verbose`: Enable detailed output
- `--quiet`: Suppress all output except errors
- `--api-key`: Provide API key for authentication

## Agent Manifest (Carp.toml)

```toml
name = "my-agent"
version = "1.0.0"
description = "A Claude AI agent that does amazing things"
author = "Your Name <your.email@example.com>"
license = "MIT"
tags = ["claude", "ai", "automation"]
files = ["README.md", "agent.py"]
main = "agent.py"
```

## Development

### Building

```bash
# Build CLI only
just build-cli

# Or from CLI directory
cd cli && cargo build --release
```

### Testing

```bash
# Test CLI only  
just test-cli

# Or run specific tests
cargo nextest run --package carp-cli
```

### Linting & Formatting

```bash
# Lint (treats warnings as errors)
just lint-cli

# Format code
just fmt-cli

# Format with nightly rustfmt
cargo +nightly fmt
```

### All Checks

```bash
# Run full test suite
just tests

# Or workspace-wide checks
just build && just lint && just test
```

## Security

The Carp CLI includes several security features:

- **Secure Config Storage**: API tokens stored with restricted file permissions (600)
- **Path Traversal Protection**: ZIP extraction validates paths to prevent directory traversal
- **HTTPS by Default**: All network requests use HTTPS
- **URL Validation**: Registry URLs are validated for format and security
- **Input Validation**: All user inputs are validated and sanitized

## Architecture

The CLI is built with a modular architecture:

```
src/
├── main.rs              # CLI entry point and argument parsing
├── lib.rs              # Library exports
├── commands/           # Command implementations
│   ├── healthcheck.rs  # API health check
│   ├── list.rs         # List all agents
│   ├── search.rs       # Agent search functionality
│   ├── pull.rs         # Agent download and extraction
│   └── upload.rs       # Agent upload functionality
├── config/             # Configuration management
├── api/                # HTTP client for registry API
├── auth/               # Authentication handling
└── utils/              # Shared utilities and error handling
```

## Error Handling

The CLI provides comprehensive error handling with user-friendly messages:

- Network connectivity issues
- Authentication failures
- File system errors
- Agent manifest validation errors
- API rate limiting and server errors
- ZIP extraction and path traversal protection

## Contributing

This CLI tool follows Rust best practices:

- MSRV: 1.82
- No warnings policy (clippy warnings treated as errors)
- Comprehensive error handling with `anyhow`
- Security-first design with input validation
- Type-safe APIs and strong typing
- Performance-conscious implementation

## License

MIT License - see [LICENSE](../LICENSE) for details.