From 136078d6074979597e4769688e78cc017164317c Mon Sep 17 00:00:00 2001 From: Alex Godoroja Date: Thu, 2 Jul 2026 16:02:05 -0700 Subject: [PATCH 1/4] app-store: Smol Machines is now io.pilot.smol (local + cloud microVMs) Update the Smol Machines card/detail to the new app id io.pilot.smol: adds the cloud methods (smol.push/provision/balance/list), the per-user cloud story, the broker net.dial + key.sign + secrets grants, and the io.pilot.smol app icon. Plain twin in sync; build + check:plain green. --- public/appicons/io.pilot.smol.png | Bin 0 -> 9027 bytes src/data/app-methods.json | 1062 +++++++++++----------- src/data/app-overrides.json | 1357 +++++++++++++++-------------- src/data/apps.ts | 43 +- 4 files changed, 1242 insertions(+), 1220 deletions(-) create mode 100644 public/appicons/io.pilot.smol.png diff --git a/public/appicons/io.pilot.smol.png b/public/appicons/io.pilot.smol.png new file mode 100644 index 0000000000000000000000000000000000000000..a3f0221729124ce350e9c1d57d6c798bd68b9990 GIT binary patch literal 9027 zcmeHtS5#9?xHc+PMJWmjNRg(Xpj7Dsq9RQNf=G!hB8pO;fIhZ%m!#U+2#@`kBHc)=pw?v<3^e$PsO>iV$hZwf+o9PcCyJ^Y_V ziO-1`@ufb?w`O*qt=iURu+V2p?rXBve4d-*qP_FamF|rb_3>%;S3J*~b;K7^yhcc| za}=V|(fyw;6;CRO^x;(pqv6$BB)t87F8xC#u2p}(8e+7*7vZIm7oco8dWVavLCQ7P zTB%IIQlA=mm`l}j_2APc7Z*Ty`WV+yejwM~>syCk9PSe5IweHldjEpO!^IP)&UHZ+ zcIf({|Eu!<$i*L`CE>Sxn3du5DU9pF6GLfb&gIw9Z?}CA#)u;CY|@rO8?o4p(P9(| z)xI`Mj8-yX9=vQ*vsMzlcub#aaCltbz`!acB_$&^Hg;yZJCTaZ)RIV^HEnBXSTW3X zsRgti3JMS*R2>(fbw0ZLx+7#{F1RSMVej3Gul@3{d*Gid*92WDL&L+EupY#vv`XEN zr@F+MiZ5|ZO-?o6-4vd-rXjEG>Y*-6U`)44VK>X}HKNh>Ex&je`Gdc#NLN9<|H@qz zf*}*lC3wm5EXQ8rV{6GkMPb5)#LUc0&&Wuc6$Y`cF+MS2P1s|qx36tBK^V5Qj7*93 zL)j{N$NpQ~A6`&P9F>KYpnPd{+}}3a5B6tzO#VJ+lTdK&?L{9G#6rZ-(9me{!S--; z1}<#5;$VL|QAVk!r)MtOC+c;L(!zitohJnWo974qPQQ}r@1!zfs9*@+9snva{%$nk zml1u$O1sSV{Uyj;bo;^IUBBCJA~*jirb-*#IWUl1yXQ>@>r$xHJG#i3Doz_|15w*u zv(=&Hfw+(b06Q51lkX+O*MCH2w-5Yvw<;UCO{00q$CZs+E5MYm-`IyoXDC?Kfuf^< zk(;sMds{0rJL?OX7z}2j=WEZHua;6`Vj?xs<8;8??eqEPbxArpIvL&F-Bc$pyCOqN z_*$8a;=i#uZhBmkswh4kL-7P?-ne?^_$XJ1pt}IAi2*mj8=@jvuZN@l1ogQ<@L3Zr zLAOFo>RekgPR!oC=0M>0H!`eRJU$*!XT|M3) z?9U}bTPKuz;jTgSzxFnl8O6sFyZgq*#yq250j1o&^+i2n81_rkbffllwqwV_!orx1hD`L{bE?r0=Dx9!QTfh#YQH%AoQ#ZJ z{$NE=ydsHmOD5_AezzR+@$eAzWkGSVfypu*7v_XbOllMaH+M=_hwAF;W}YX_Ty z*xbzIJ1MOI+!@V@S#lvo%^EN)cX`y2*HLb`Z0v}8Yw*SGpE3uzFm|8v*V%VHZ7W|T zzxJFvcaBN*xpWJC0^Dm?c0MhZ-9GGO2}1>cE;NZ+p{JI zdSL*pA7giNGh;aV?`mIVF+6{7tSQ@B?8Uj_t>7Zf+`bFu4LhKJV+{(H(A`nwp9ULxXkrfe-pLADNl4 z{?KtlsP)Onm&MpzblJCM=>YWvQ=& zl&NetN^TCCwN0BnIX6;v>#GNOF8EUzI)xwjtqF%)z*F(j2XJb^BU-3S*3oOn7%IH= zHkn7{Ct_q_E2SJ%SW}mY_p3!#QGdtULt<%qPpAOM;5e`5c4hJwg8UPVV@P{`;*XONJ zn1+V*$??$*j?sIFS-HP{(-hr}gmTQx2ig*n@99Xr+uCFRwU+r@?%T1cOL5DLc9|LN zob;(M5O0R41_*B|OsKhFM+5iTsF2|8#V2N1r(dxRD>g4YKGVgKadv3QQ_Mp@RO;qr zqBfPZ5LiVp2*l%}I6XBb>&73L=h6f|oj)_n z0qWem&~p0$TtD?6STk;=N|*OM)R7F7(&4OA6pX3bM<#4wf`@o=wl6kDZ4rzAz8hlh zZqOhu?Hh(4U8Q*J@6^3Ev^UxL5uj6?SR2rAyB-1VqPGMo7k-2lT^etUS3xKFfBpIV z9pcTvubB{ma2IZfRvd)RS;pn6*3ETl)8;t3?GY!!w>O6sv=H;U5jrGh6Jfn}HtXrf zXP1xZ>Gijtt{wK{5hjEvcFL7V;*v^;bA~AJK>hF1xT?j(fwi2P3dVA!)6I_;L`c6> zsgYdmGa3$r+Yx{hLp8J|p1ry|otnUAi#r#hN#jotY69i$~O+#TxS zQ5O8t;0-G(z2FiP`KnX2)i<=N`9X=nx#p{o-0kzq{K*xG-so+!)i(e;QA+C4(o(Rh zd5{pN*2l84vbBt>Gda$Ldg5tt))yokjd)AJ{zg91k}z7XP1|o8MwGHCwI~$d@=)Sl z6-@O8;XNN8-<%k7(@d;6-{_QCS|+L7DyPk;*j1o+rB6pdS4R1Qz<-n?u>mnu!JpUJ zgJE(9z>Nyo@3fLNg=dP_6rRZ#!_LfTYaMYi^M)eoxX@OiK)kY=YxC5e0Z|UYBRS1` zlAqC-;qPqO$ioJ1sF(}fDh^|MaD&HgUfeBq zY$}Nqn>ov?y1PAJgHnq+zDhnX0yTISzjWn+WXTa-oOv-1xC;B*tI>lg((&}^)47fq zFURIKnJ)3GLIlMr`EYYyuo#w7anh9mxag+`| z0oP*EL#%=wr7N_^9hFnm7SNY8gCV=S?3|%S2_FIxr~ws*1&S|!Mt;bP3lM9T805Do zC@Ru-Y_ITuhlfAty9cW}MTKc|RHw(Y{O1oCTD?@3>Nghspi9Rg4C_^KE5>WzN7LDb z{pd=)zHy+G8xklmCaDX)w70wX)hEjn#A3Jf+qFQQgGI7D)DIG7#(m1Bem8x5;T0D= zekmvuv=kc2p6ZP4LPc;~u^QO}-QoGFJO+v{TD@<&ySob*UT&PsU5xbu4*c2Ly0(7_ zG=@Y|TIp(5d|$pufFCAwmxQo>xsk2mcJ8+b4;sh;ndHp+EV6p5P}yJul}-7r>x3>HnsvoeqQ83f;hii_)EdV<6=R{fBJ*Xo>z}sKUPDP+f1h36umd; zaa1`D#cPl7c+&iKC|`7@(bzl4?3LoA+wER;no0Eukfoy!wA}(>#m?BQe$H(4&5ZV8 zrLah{ovn*9IPUp?W=o;l7_n8h{f4>PaMUN-&J!fJ+XgZCzt{9N*q5Ym|qbN!2?BBF;~PQfDMq>t>Co;mVd0N*ilXZ zmVM&+Qn3C#rAo^pL8~EvL6upw9g$xOGjT`Tu zqcI8mjPU@d{?<6sov!9FUp=K^Hh3zAfGg;mP2cQSzVX{O^QXUPN3h9i3@h1^pjDDD zH4mWY=bCk4=Q_RD3Q+Yy)oQba)*c17ZH%6a*X(ZH2bV1KR)WJHltZfJQsP793k(`1TnIH)~x8!U_}?+vIH+fzG%8__vT#jUe~m;m8QIE zEmalzvr8F%h zV>GlhJzbF@J6llmt(}?sMq6z^zO}-)e<#0hVOCdJJ4s-56WIVl1g~wck3)iYf@O-T zHqsr!4+IA2SK2w9v{2J#hM`HSTFP^MJIiVh2hZ1ZfVwZ*IeHP9-)^1L; z_N>;)Q)=CfceFWUdty&-SxfzvFQP>QF^?$&?*mnx$GM*s&G(;DsF)3&n|1Nb4R_9$ zaJ7^2()atpKfMq;XziurhHM-NuC3q}$V+?rsV^wsR-rD+Us&w zParfzKs~>?j2?9tA{dWPTy_UUS%&*+DSKM+ev$g|m^k$NpuW z^J0*1zkP%FIqukUexQtXrydI03y@8r7?{cj%nDphPrmp-%q?WxHAeibQV}S>r(o)` zVi%c@XtFp*Xk%NXJxdx%amlVP^ztto)C_wur#Cwo6kxyJ3TC$q8I<@B5z~FDG&?1w zrWd*!qkEktz2APn{B(RsV_ofbp!FlL|4^=OJ8HS2D4_9u#Il{ov%{S({&A?21Anht zo#_`>zwz4}FN|!4#?OT}6O`>u7AXGub~0|nSwqmqSHPmA6E|c|m|(nhf@I+`Hmu_S ziOaPPqpx0a^)t9LSV4{-@M-jY(YN^Yv&4t%EWqLE1@qpH+6A-RihfPI98G&oGqH>a zr4Hvc$|VDVp#>gM{VDeGux!<;*8N>17iXTuk5z#MNFBxI`m-rZ68sfv(SahWt&P2F zL6lr0xj3o%yX(_KstK(1&K^#T@gd~ogmVQrw9be-U@SzHIxz)}Fh(JqUL6wWhA@Q) z7N?i$KD4;!=-3}Plcf);zI9*9K*`(>qSF(?vfHa!-d|AqI*7tB@>Tg);7T zx@cXR4bfh^niEunc*+gA$Z3Wt2wa-3@DeJe>wdlhDlT@^X}s6vx`F8xY&Ps%@R+_I zZn`Cwr3@38JXoRsSulVN>^L(8+yNyQvXT$1gh+q?!W;4UTD)ZZ+a3?dFeeIbSX;hT zmQGydGlXo?kSn;V=zr&4tCqE(f+Kvek(bCu07HPY4l&L-Y$heSB_3 z>K;v3XFa;Y+JG5%J4x?$^2vmc*C<4#RzwkHm5pPXr1=@Ikbim7p5X$SugSAoJOy#p zAZ-o_GV4{mvk$+h>K@bN&d<2rN(YbnV?Kq+>k4$#)?Qv7R_(c=wvy9O4QF0mChUTz z_tT?RPXA}@)w#=>HeX=Kg%2dNl0Ur7dUs5~J?Hg+#YhF8fD*7L%*RLB*~Mj*?P}Zy z7j9cO+qx-I>i_o3`kQ5>@7A4if7%!g+?4Y->a2;fUc*FN1aW7jdpd2Zma9uQ#oooV>msQZxJ7!t953cnv%Yqr%VNM^21M{(N)kWlklX zT;3x0bl|eb$pi}yVN?KqCelXY^edzfQ_QuswQVz59vVt%s&i3_$d`7_mz-(%7icZy z#t@FrtOg5=Hg0_HcoGM(acv8~S}V&J`!eSxZ(s}VccAf&@3@5J#(e|{+ywj$#DARY z47q!Y|NaPWVrp?6>b~nPFOncG?xERs?dwrqbhkf_4*pZpP!aKb)jHhciKc<8&T#BN zLEAq^yDgU;kF4o`eK)$bDs9Zy6V#`3K%6vg zQspZ7S87`)!ub=o-8U>SXZZD0tsrN;BGi*_8kBNdjqu2WngU47Qsun!nI*G$Dc}!) zblGgImA#d-a_B8Jj)~EEDO}dmZMZsif}?USF};x)K}PA)`&Hy{1pNmr&~LWf$9(CZ z9SuHtw86Fcn1E9CjM*o?fuR1NU4EpYvH(!`{V$$py$A@lI6ib!m)mq}=TXqynbitJ zQrw5dp!6c)L2sg!X7?wlLHcy?A-Ie(-cZj!snKONbGScjsPGJIJ9F`8-d^2cuSQWxbXr=w3_BbIo(oRn= z+FS$5UDyqvm68>v6~~*BsMS?Srm0fljCOr?eksSHB;*_phxr z(vLkeON`5hWZfV1(447tqpI$&Ykf#x(VkM{FRPP2dHGdBpLy-?K%bxw$E5N|yCwJh z3|4cYw9}d(v+yFJfdwfkscW@g5k|&J5sb2t3x!9Tdq)k`MB4`z93l?GAC$7!yEl~X zd=$RJ*1uo7GtXE+M>!S^cx|XrW>)fN!o}v)e0Sj(oWgmD{By9z?Z9}ca)m>3Kz6Bl zuz3Qi;DhTX>XK;R44scAs!8t$^nX>QW`z}gqJe&@v^ZKcDaHH8P!{?lDegxB%6oxOz9AI@(fpAO#v1^jIVB zZH7YiAL=i~^M^u~sM7ZIPfp`J9X6ZW2!8mOKaD>)Ozq5eJ{1XdDPLW59h zL1Wa=CDrcM=dV&E!NwF@UiXAfF`}#3hvWEo2@NU4Qc|vE5I}4n7L_ru=Z*G*xt`5d zF2>^Vh3-548Ds{XUOUKaTC&l}h5_B;P(C`KcLZ=NCs|G|EIfxHFRw%Au2N_;dm3M{ z!d(!!v2QoU$d{XGx&`$XCCtvwmLGd0z{n+`+5qhgJ6k)ur`n~elJ|ViFBc=jFv5f) z3P8i_7~>2Hf~Hv4;5n45)&~XHyh!WW2s@qqTIK^{Wf*3J^i5MB%Ly1o+Pa1SyGSS; z2dU+`-TvL*SMleu2MrV8n8KG${lH%Two&0iQDJ=JC}wl^-Ibh2NE{w-RD*PqzQu}R z33gP_H#rP^5Z_JT%qW=?iIc@mf0ht|femLt7nHqax(Dt>#X-2RWsUt0_wQUY3}?xn zW4Bs!xMcl8+nr{2RMT36h_#m?W$OvezD&(X|E?5>aOmyLGS8qO;#M=APQL>?>$9ua z^sqJu{LZqzzxXn4v95nNMA32iDGKimD{#QqeBV2)im?7DdYz=oaMm%p#^Gp3lOAWg zK~M6=K1@(|RA;|u3x2L3zi`Ep=k8Bb9F{tfi1AjA(^vy>Bz0ovNd@nvnYXrhKlNupo<#ht^^djwFpu%8%n?0VCVl ze9FwxA6gGupi`-(k!RoXGdcj<6)x<>{U+K{d1`gn1rr)}GENv&e`AZ++hrRd_kyi~ zi3UvLX*%+2P@~qI&ZE=TG&Xjfb-!_g`*< zm@|)PL#mE2$I35p#$8P}0suFw^btv8nA>TS&Ck1cRyam&!qXfa2T{Owzg>V6FJJT{ z#&R!bsXBd>QFqetg2_~!=xXu=$ibL5JT*z)m+CrczFI2Ul9K&NtmL=>qWB;n`Jrek zju*lXkg$g8zQ53=D?($r#UsFd1(Fbn$Jxr^9DdrlpOKhU37&RSHnHD^a=_Jt|hw;+-9ZRl;?ah=n_Xhc^gin(a=Q-J`$a8()fWtvK??D ze@@C62mf`85ifb(Er`*SP9^$p{`cigOH31SPN^f`ZyV59hZ;e( zWsj;bZUeknabkKcON)yN2n3=fHY_^2c*;V{fl$@fW^`7A;wt#o)!dr%`l<6#8g}WI z;G}J3rmgo4)_I+OlJMr+IYK*|+T-`g9T$3;yljQRwYLu^Ygd&}TUT*VQVSJ$waw=JU*c;~ukM1p3WNV< zSvu(_e^O3gLy+L4H#%>F#tbk0_OEu~vF!Tr5emgwKfKGLl2}5uP!uA(Oz!bm=yRKw zK7)1QI?D-(-39UPsc>A?@h;sfG-T6=?++aq+8CoY@ZU0rWE;Hwwe5J7#J_K>S`Tsb zN0TKEoJReBU=ifLz9izzEGH5PJckGSB#%|O?<{K$Z8jl)|u4W@x_3>C{pXWOT z%Lxq5>GRG`t0T?}N3UCBc~rB?8w<$}Q>{{VHKay~w9x<^qQ}=kZHFI9`>-SFkLvM{ z9Y_PeE(Lob$f|M(WwMTJ`D;v}#C>TiR%t&!eBls>UBVaIR*Gl_SWex^z4OHn`5QeIGN-Sc+JwLVOt0aPm&F!u z{cjCeQDbO&#+7e}o#0d*zL~<_uNz;TQRJG>eMhfMC%AB_=_b4KN^dEhZso37j13U^ z#MWHSFx-cmoRgZSimC3daCp{-MjM^6e3)}@W3svgbs4T;3Cp`*&X+)ggVziLm_CzP zvfiBZX$?OEO2mLl(~b3`THzDz6 zFCu(HS-oD9l>PmvtPS^SsF#VG%G%q4D+<2M4{``pox8Z2Ydv&gZtmg|zUqxl7r6}i zY2CX~(%)J0^QD&0IWMw`*^_3jY%5aa+^FKupGadNo?KG|N?k3>)4BDIWv+iy3Ds89 zGV{oMLd!YB2ElaOO8XYm({dDP-ITNQoGkZ-3S;_NbFi@Wwt-SiMEYRIYj3ori@JXz zYyGxb@-SyB`6U-xA)GJvkeo(5QoQD^B>1H#{^(34cOAE8=k9p{#^9jM&!1-=yp$+y zIue}MnwM4X!#_n)8a#2Aw7i+~*9e_cQpd41632OiXuX=jSIymo33tPuJxjwb+&MkL zfriObEs41c*HwT&PJ;+sLNc7k``." -}, -{ -"name": "docker.run", -"summary": "Run a container from `image` with its default command and remove it on exit (`docker run --rm `). For flags/commands (detached, ports, volumes, a custom command) use docker.exec, e.g. {\"args\":[\"run\",\"-d\",\"-p\",\"8080:80\",\"nginx\"]}." -}, -{ -"name": "docker.logs", -"summary": "Fetch the logs of a container. This is `docker logs `." -}, -{ -"name": "docker.exec", -"summary": "Run the docker CLI with a verbatim argv \u2014 the full surface beyond the curated methods. Payload is {\"args\":[...]} passed straight to `docker` (+ optional {\"stdin\":\"...\"}). This is how you run a container with any flags, build an image, exec into a container, manage networks/volumes/compose, etc. Examples: {\"args\":[\"run\",\"-d\",\"--name\",\"web\",\"-p\",\"8080:80\",\"nginx\"]}; {\"args\":[\"run\",\"--rm\",\"alpine\",\"sh\",\"-c\",\"echo hi\"]}; {\"args\":[\"build\",\"-t\",\"myapp\",\"/work\"]}; {\"args\":[\"exec\",\"web\",\"nginx\",\"-v\"]}. The wrapper's own verbs `engine-start`/`engine-stop` also work here." -}, -{ -"name": "docker.cli_help", -"summary": "Return the complete `docker --help` (all commands + global options) from the delivered binary. This is `docker --help`." -}, -{ -"name": "docker.help", -"summary": "Discovery: every method with params, kind, and latency class." -} -], -"io.pilot.duckdb": [ -{ -"name": "duckdb.query", -"summary": "Run a SQL statement (or `;`-separated batch) and return an aligned `box` table \u2014 the default, human-readable shape. Works in-memory (`database=\":memory:\"`) or against a DuckDB file, and can query CSV/Parquet/JSON files in place, e.g. `SELECT region, sum(amount) FROM '/data/*.parquet' GROUP BY region`. This is `duckdb -box -c `." -}, -{ -"name": "duckdb.query_csv", -"summary": "Same as duckdb.query but returns the result set as CSV (header + rows) \u2014 the right shape when an agent needs to parse the output. This is `duckdb -csv -c `." -}, -{ -"name": "duckdb.query_json", -"summary": "Run SQL and return the result set as a JSON array of row objects \u2014 the most directly machine-parseable output. This is `duckdb -json -c `." -}, -{ -"name": "duckdb.query_markdown", -"summary": "Run SQL and return the result set as a GitHub-flavored Markdown table \u2014 handy when the output is going straight into a report or PR comment. This is `duckdb -markdown -c `." -}, -{ -"name": "duckdb.file", -"summary": "Execute a `.sql` script file against the database and exit \u2014 for multi-statement setups, migrations, or ETL scripts the agent has written to disk. This is `duckdb -f `." -}, -{ -"name": "duckdb.tables", -"summary": "List every table and view across all attached databases/schemas (name, database, schema, column list) as a `box` table \u2014 a quick inventory of what a DuckDB file holds. This is `duckdb -box -c \"SHOW ALL TABLES\"`." -}, -{ -"name": "duckdb.schema", -"summary": "Print the `CREATE` statements for every table, view, and index in the database \u2014 the DDL, via DuckDB's `.schema` meta-command. This is `duckdb -no-stdin -cmd \".schema\"`." -}, -{ -"name": "duckdb.exec", -"summary": "Run the DuckDB CLI with a verbatim argv \u2014 the full surface beyond the curated methods. Payload is {\"args\":[...]} (the args passed straight to `duckdb`) plus optional {\"stdin\":\"...\"} piped to the process. Use it for any flag or meta-command the curated methods don't cover: a different output mode (`-line`, `-html`, `-ascii`), reading a script with `-init`, a `.mode`/`.import`/`.read` dot-command via `-cmd`, or a multi-statement session over stdin. Examples: {\"args\":[\":memory:\",\"-line\",\"-c\",\"SELECT 1\"]}; {\"args\":[\"/data/app.duckdb\",\"-csv\",\"-cmd\",\".import /data/in.csv t\",\"-c\",\"SELECT count(*) FROM t\"]}; {\"args\":[\":memory:\"],\"stdin\":\"CREATE TABLE t(x int);\\nINSERT INTO t VALUES (1),(2);\\nSELECT sum(x) FROM t;\"}." -}, -{ -"name": "duckdb.cli_help", -"summary": "Return the complete DuckDB CLI help \u2014 every command-line option AND every dot-command (`.mode`, `.tables`, `.schema`, `.read`, `.import`, `.export`, `.timer`, \u2026) \u2014 captured verbatim from the delivered binary and rendered as clean, color-free text. The full reference for what duckdb.query / duckdb.exec accept." -}, -{ -"name": "duckdb.version", -"summary": "Print the delivered DuckDB version, e.g. \"v1.5.4 (Variegata) 08e34c447b\". Needs no database. This is `duckdb -version`." -}, -{ -"name": "duckdb.help", -"summary": "Discovery: every method with params, kind, and latency class." -} -], -"io.pilot.redis": [ -{ -"name": "redis.start", -"summary": "Start a local Redis server, daemonized, listening on 127.0.0.1:`port`. Writes its pidfile, logfile, and RDB snapshot under `dir`; returns once the server has forked into the background. After this, use redis.ping/redis.set/redis.get/redis.exec against the same `port`. This is `redis-server --port --dir --daemonize yes --pidfile /redis-.pid --logfile /redis-.log`." -}, -{ -"name": "redis.stop", -"summary": "Stop the local server on 127.0.0.1:`port` (no final save \u2014 use redis.exec with SAVE/BGSAVE first if you need to persist). This is `redis-cli -p SHUTDOWN NOSAVE`." -}, -{ -"name": "redis.ping", -"summary": "Liveness check: PING the server on 127.0.0.1:`port` (returns PONG). This is `redis-cli -p PING`." -}, -{ -"name": "redis.set", -"summary": "Set string `key` to `value`. This is `redis-cli -p SET `." -}, -{ -"name": "redis.get", -"summary": "Get the value of string `key` (empty if missing). This is `redis-cli -p GET `." -}, -{ -"name": "redis.info", -"summary": "Return the server's INFO (version, memory, clients, persistence, stats, replication, keyspace) as plain text \u2014 a full health/inventory snapshot. This is `redis-cli -p INFO`." -}, -{ -"name": "redis.dbsize", -"summary": "Number of keys in the current database. This is `redis-cli -p DBSIZE`." -}, -{ -"name": "redis.exec", -"summary": "Run any bundled Redis tool with a verbatim argv \u2014 the full surface beyond the curated methods. Payload is {\"args\":[, ...]} where the first element is the tool (redis-cli, redis-server, redis-benchmark, redis-check-rdb, redis-check-aof, redis-sentinel) and the rest are its args; optional {\"stdin\":\"...\"} is piped to it. This is how you run ANY Redis command: {\"args\":[\"redis-cli\",\"-p\",\"6399\",\"LPUSH\",\"mylist\",\"a\",\"b\",\"c\"]}, {\"args\":[\"redis-cli\",\"-p\",\"6399\",\"-n\",\"1\",\"HSET\",\"h\",\"f\",\"v\"]}, a pipelined script via stdin {\"args\":[\"redis-cli\",\"-p\",\"6399\"],\"stdin\":\"SET a 1\\nINCR a\\nGET a\"}, or a benchmark {\"args\":[\"redis-benchmark\",\"-p\",\"6399\",\"-n\",\"1000\",\"-q\"]}. The REDISCLI_AUTH env var is passed through for password auth." -}, -{ -"name": "redis.cli_help", -"summary": "Return the complete `redis-cli --help` (every option of the Redis command-line client) straight from the delivered binary \u2014 the reference for what redis.exec accepts. This is `redis-cli --help`." -}, -{ -"name": "redis.version", -"summary": "Print the delivered client version, e.g. \"redis-cli 8.6.2\". Needs no server. This is `redis-cli --version`." -}, -{ -"name": "redis.help", -"summary": "Discovery: every method with params, kind, and latency class." -} -], -"io.pilot.cosift": [ -{ -"name": "cosift.search", -"summary": "Keyword + semantic search over the crawled corpus" -}, -{ -"name": "cosift.find_similar", -"summary": "Find documents similar to a given result" -}, -{ -"name": "cosift.contents", -"summary": "Fetch the full contents of a document" -}, -{ -"name": "cosift.answer", -"summary": "Single-shot grounded answer with citations" -}, -{ -"name": "cosift.research", -"summary": "Multi-step research report over the corpus" -}, -{ -"name": "cosift.stats", -"summary": "Corpus and index statistics" -}, -{ -"name": "cosift.health", -"summary": "Service health check" -}, -{ -"name": "cosift.help", -"summary": "Discovery: methods, params, and latency classes" -} -], -"io.pilot.smolmachines": [ -{ -"name": "smolmachines.exec", -"summary": "Run any smolvm subcommand in a fast, hardware-isolated Linux microVM. Payload is {\"args\":[...]} \u2014 the verbatim smolvm argv. Command surface: `machine run` (ephemeral VM, one-off command), `machine create|start|exec|stop|delete|shell|status|ls|cp|update|monitor|prune` (persistent VMs; `exec` persists filesystem changes), `pack create|run` (portable .smolmachine artifacts), `serve` (HTTP API), `config`. Key flags: `--net` (networking is OFF by default), `--image `, `-v HOST:GUEST`, `-p HOST:GUEST`, `--gpu`, `--ssh-agent`, `--secret-env GUEST=HOST`. Example args: [\"machine\",\"run\",\"--net\",\"--image\",\"alpine\",\"--\",\"sh\",\"-c\",\"echo hi\"]. Not supported over IPC: interactive sessions (-it / `machine shell`) and long-running `serve`." -}, -{ -"name": "smolmachines.help", -"summary": "Discovery: every method with params, kind, and latency class." -} -], -"io.pilot.sixtyfour": [ -{ -"name": "sixtyfour.people_intelligence", -"summary": "People Intelligence: full, source-backed enrichment of a person from seed details." -}, -{ -"name": "sixtyfour.company_intelligence", -"summary": "Company Intelligence: full, source-backed company profile, optionally with people." -}, -{ -"name": "sixtyfour.find_email", -"summary": "Contact discovery: find a verified email for a person from partial details." -}, -{ -"name": "sixtyfour.find_phone", -"summary": "Contact discovery: find a phone number for a person from partial details." -}, -{ -"name": "sixtyfour.reverse_email", -"summary": "Reverse lookup: identify the person and company behind an email address." -}, -{ -"name": "sixtyfour.reverse_phone", -"summary": "Reverse lookup: identify the person and company behind a phone number." -}, -{ -"name": "sixtyfour.enrich_linkedin", -"summary": "Enrich a person directly from their LinkedIn profile URL." -}, -{ -"name": "sixtyfour.qa", -"summary": "Agentic QA researcher: answer free-form qualification questions about a person or company, with sources." -}, -{ -"name": "sixtyfour.research_agent", -"summary": "Research agent: autonomous multi-step research over an entity, returning structured findings with sources." -}, -{ -"name": "sixtyfour.filter_search", -"summary": "Filter Search: structured field-based search across the corpus; returns matching entities." -}, -{ -"name": "sixtyfour.deep_search", -"summary": "Deep Search (agentic): start a natural-language search. Returns a task_id; results are retrieved asynchronously (see caveats)." -}, -{ -"name": "sixtyfour.help", -"summary": "Discovery: every method with params, kind, and latency class." -} -], -"io.pilot.plainweb": [ -{ -"name": "plainweb.fetch", -"summary": "Fetch any web page and return it as clean Markdown \u2014 no HTML, no JavaScript. Pass the full target URL as `url`; it is placed verbatim in the request path (GET /). Scheme-less hosts (e.g. example.com) are sanitized to https://. The reply is `{\"content_type\":\"text/markdown; charset=utf-8\",\"content\":\"\"}`. Open and free \u2014 no API key needed." -}, -{ -"name": "plainweb.help", -"summary": "Discovery: every method with params, kind, and latency class." -} -], -"io.pilot.miren": [ -{ -"name": "miren.exec", -"summary": "Run any miren subcommand. Payload is {\"args\":[...]} \u2014 the verbatim miren argv. Use this for the full CLI surface beyond the curated methods below (addon, auth, env, route, cluster, disk, sandbox, etc.). Run `miren help` or `miren --help` for the surface. Example args: [\"app\",\"list\",\"--json\"]. Note: interactive subcommands (e.g. `app run`, `login`) and long-running ones (e.g. `server start`) are not suitable over IPC." -}, -{ -"name": "miren.apps", -"summary": "List all applications on the cluster (alias for `app list`)." -}, -{ -"name": "miren.app", -"summary": "Show the current status of one application. Provide the app name." -}, -{ -"name": "miren.app.history", -"summary": "Show an application's deployment history." -}, -{ -"name": "miren.logs", -"summary": "Read recent logs for an application as JSON." -}, -{ -"name": "miren.deploy", -"summary": "Build and deploy the app in the current directory (non-interactive, --force)." -}, -{ -"name": "miren.deploy.analyze", -"summary": "Analyze the app's detected stack/services without building or deploying." -}, -{ -"name": "miren.rollback", -"summary": "Roll an application back to its previous deployed version." -}, -{ -"name": "miren.doctor", -"summary": "Diagnose the miren environment and connectivity." -}, -{ -"name": "miren.whoami", -"summary": "Show the current authenticated user and cluster." -}, -{ -"name": "miren.server.install", -"summary": "Install the miren server as a systemd service on this host (Linux only)." -}, -{ -"name": "miren.server.status", -"summary": "Show miren server service status (Linux only)." -}, -{ -"name": "miren.debug.connection", -"summary": "Test connectivity and authentication with the miren server." -}, -{ -"name": "miren.debug.advertise", -"summary": "Show which addresses the server would advertise and why." -}, -{ -"name": "miren.help", -"summary": "Discovery: every method with params, kind, and latency class." -} -], -"io.pilot.otto": [ -{ -"name": "otto.exec", -"summary": "Run any otto subcommand. Payload is {\"args\":[...]} \u2014 the verbatim otto argv. Use this for the full CLI surface beyond the curated methods (config, client register/login/remove, pair, listener unsubscribe, extension update, agent install, site-filtered `commands list --site`, filtered `logs list`, etc.). Add \"--json\" where the command supports it. Example args: [\"commands\",\"list\",\"--site\",\"reddit.com\",\"--json\"]. Note: interactive/streaming subcommands (setup, settings, logs follow, listener subscribe-network, test with stream/wait flags, mcp serve, start --attached) are not suitable over one-shot IPC." -}, -{ -"name": "otto.status", -"summary": "Relay daemon status as JSON: running pid, port, uptime, log path, and the list of currently connected browser node IDs. The right preflight before any page command \u2014 an empty node list means no Chrome extension node is paired/online." -}, -{ -"name": "otto.commands", -"summary": "List the automation commands the connected node(s) expose, as JSON. Use to learn which site commands are available before calling otto.test. For a single site, use otto.exec with [\"commands\",\"list\",\"--site\",\"\",\"--json\"]." -}, -{ -"name": "otto.extract", -"summary": "Extract the readable content of a web page through a live paired browser tab, as JSON markdown. Opens a temporary tab on the node, extracts, and closes it. Requires a running relay and a paired Chrome node." -}, -{ -"name": "otto.extract.format", -"summary": "Extract page content in a chosen format: markdown, distilled_html, clean_html, raw_html, or text. Returns JSON. Like otto.extract but lets you pick the output representation." -}, -{ -"name": "otto.screenshot", -"summary": "Capture a screenshot of a page through a live browser tab; returns JSON (base64 PNG in the envelope, no local Preview window). Requires a running relay and a paired Chrome node." -}, -{ -"name": "otto.test", -"summary": "Run a registered site command on a browser node (opens a tab, runs the command, returns JSON). Provide site (e.g. reddit.com), command id (e.g. getPosts), and a JSON payload string (use {} for none, e.g. {\"limit\":10}). One-shot; requires relay + paired node." -}, -{ -"name": "otto.cmd", -"summary": "Send a single raw action to the target browser node and return the full JSON envelope. Provide the action name and a JSON payload string (use {} for none). Use for low-level primitives (e.g. primitive.tab.open) not covered by a curated method." -}, -{ -"name": "otto.logs", -"summary": "Read recent relay logs as JSON. For filtered queries (level/source/since/request-id) use otto.exec with [\"logs\",\"list\",...,\"--json\"]." -}, -{ -"name": "otto.logs.status", -"summary": "Relay log storage status as JSON (retention, counts, sizes). Check whether logging is healthy and how much history is available." -}, -{ -"name": "otto.client.status", -"summary": "Local controller client identity state and where its secret resolves from (env vs keychain), as JSON. Verify the controller is registered and logged in before running page commands." -}, -{ -"name": "otto.authcode", -"summary": "List pending pairing codes from the relay as JSON. See codes awaiting approval when bringing a new Chrome extension node online (approve with `otto pair ` via otto.exec)." -}, -{ -"name": "otto.extension.info", -"summary": "Installed Chrome extension artifact metadata (version, unpacked path, checksum) and configured relay URLs, as JSON. Confirm which extension build the host has staged for the Load-unpacked handoff." -}, -{ -"name": "otto.agent.status", -"summary": "Which agent frameworks (claude, codex, cursor, vscode, \u2026) currently have the Otto MCP server registered, as JSON." -}, -{ -"name": "otto.help", -"summary": "Discovery: every method with params, kind, and latency class." -} -], -"io.telepat.ideon-free": [ -{ -"name": "ideon-free.generate", -"summary": "" -}, -{ -"name": "ideon-free.poll", -"summary": "" -}, -{ -"name": "ideon-free.help", -"summary": "" -} -], -"io.pilot.postgres": [ -{ -"name": "postgres.initdb", -"summary": "Create (configure) a brand-new PostgreSQL data directory / cluster on this host \u2014 the one-time setup before a local server can start. Initializes `datadir` with superuser `postgres` and `trust` local auth (no password for local connections). Run once per cluster; `start` then brings it up. This is `initdb -D -U postgres -A trust --encoding=UTF8`." -}, -{ -"name": "postgres.start", -"summary": "Start a local PostgreSQL server from an initialized `datadir`, listening on 127.0.0.1:`port` and on a Unix socket in `datadir`. Backgrounds the server and waits until it accepts connections; logs go to `/postgres.log`. After this, connect with uri `host=127.0.0.1 port= user=postgres dbname=postgres`. This is `pg_ctl -D -o '-p -k -h 127.0.0.1' -l /postgres.log -w start`." -}, -{ -"name": "postgres.stop", -"summary": "Stop a running local server (fast shutdown) for the given `datadir`. This is `pg_ctl -D -m fast -w stop`." -}, -{ -"name": "postgres.status", -"summary": "Report whether the server for `datadir` is running, with its PID and command line. This is `pg_ctl -D status`." -}, -{ -"name": "postgres.ready", -"summary": "Connection preflight: check whether a server is accepting connections on 127.0.0.1:`port`. This is `pg_isready -h 127.0.0.1 -p `." -}, -{ -"name": "postgres.createdb", -"summary": "Create a new database named `dbname` on the local server at 127.0.0.1:`port` (owner postgres). This is `createdb -h 127.0.0.1 -p -U postgres `." -}, -{ -"name": "postgres.query", -"summary": "Run a single SQL statement (or semicolon-separated batch) against a PostgreSQL server and return an aligned text table. Works against the local cluster or any remote server. Runs with ON_ERROR_STOP=1 so a SQL error is a non-zero exit with the server message in stderr. This is `psql -d -c `." -}, -{ -"name": "postgres.query_csv", -"summary": "Same as postgres.query but returns the result set as CSV (header + rows) \u2014 the right shape when an agent needs to parse output. This is `psql -d --csv -c `. ON_ERROR_STOP=1 is set." -}, -{ -"name": "postgres.command", -"summary": "Run a single psql backslash meta-command for schema introspection. Pass it in `command`, e.g. `\\dt` (tables), `\\dn` (schemas), `\\du` (roles), `\\l` (databases), `\\df` (functions), `\\d tablename` (describe a relation). Plain SQL works here too. This is `psql -d -c `." -}, -{ -"name": "postgres.list", -"summary": "List the databases on the server (owner, encoding, collation, access privileges) as an aligned table \u2014 a quick connectivity + inventory check. This is `psql -d -l`." -}, -{ -"name": "postgres.exec", -"summary": "Run any PostgreSQL client/server tool shipped in this bundle with a verbatim argv \u2014 the full surface beyond the curated methods. Payload is {\"args\":[, ...]} where the first element is the tool name (psql, initdb, pg_ctl, createdb, dropdb, pg_isready, pg_dump, pg_restore, pg_dumpall, vacuumdb, pg_basebackup, postgres) and the rest are its flags; optional {\"stdin\":\"...\"} is piped to the tool. Examples: {\"args\":[\"psql\",\"-d\",\"postgresql://127.0.0.1:5599/postgres\",\"-A\",\"-t\",\"-c\",\"select 1\"]}; {\"args\":[\"pg_dump\",\"-h\",\"127.0.0.1\",\"-p\",\"5599\",\"-U\",\"postgres\",\"mydb\"]}; {\"args\":[\"psql\",\"-d\",\"\"],\"stdin\":\"select 1;\\nselect 2;\"}. Connection can also come from PG* env vars passed through to the child." -}, -{ -"name": "postgres.psql_help", -"summary": "Return the complete `psql --help` text (all options of the PostgreSQL interactive terminal) straight from the delivered binary. The full reference for what postgres.query/postgres.exec accept. This is `psql --help`." -}, -{ -"name": "postgres.version", -"summary": "Print the delivered client version, e.g. \"psql (PostgreSQL) 17.10\". Needs no server. This is `psql --version`." -} -], -"io.pilot.wallet": [ -{ -"name": "wallet.balance", -"summary": "USDC balance for the wallet." -}, -{ -"name": "wallet.balances", -"summary": "Balances across all configured chains." -}, -{ -"name": "wallet.address", -"summary": "The wallet receive address." -}, -{ -"name": "wallet.request", -"summary": "Create an x402 payment request." -}, -{ -"name": "wallet.pay", -"summary": "Pay an x402 / EIP-3009 USDC request." -}, -{ -"name": "wallet.verify", -"summary": "Verify a payment authorization." -}, -{ -"name": "wallet.settle", -"summary": "Settle a verified payment on-chain." -}, -{ -"name": "wallet.topup", -"summary": "Top up the wallet balance." -}, -{ -"name": "wallet.history", -"summary": "Recent payment history." -}, -{ -"name": "wallet.spend_caps", -"summary": "Show the supervisor-enforced spend caps." -}, -{ -"name": "wallet.evm.address", -"summary": "EVM receive address." -}, -{ -"name": "wallet.evm.balance", -"summary": "EVM USDC balance (optional chain_id)." -}, -{ -"name": "wallet.evm.satisfy", -"summary": "Satisfy an EVM x402 payment requirement." -}, -{ -"name": "wallet.evm.verify", -"summary": "Verify an EVM payment authorization." -}, -{ -"name": "wallet.evm.chains", -"summary": "List configured EVM chains (Base, Ethereum, Polygon)." -} -], -"io.pilot.slipstream": [], -"io.pilot.aegis": [ -{ -"name": "aegis.scan", -"summary": "One-shot scan of a file or directory for prompt injection, jailbreaks, homoglyph/leetspeak obfuscation, and impersonation." -}, -{ -"name": "aegis.status", -"summary": "Tail the HMAC-chained audit log of recent verdicts." -}, -{ -"name": "aegis.targets", -"summary": "List the agent surfaces AEGIS is protecting (inbox, tool results, skill files, memory)." -}, -{ -"name": "aegis.config", -"summary": "Show the effective AEGIS configuration." -}, -{ -"name": "aegis.version", -"summary": "Print the AEGIS version." -}, -{ -"name": "aegis.exec", -"summary": "Run any AEGIS subcommand verbatim \u2014 including the scan-cmd / scan-result blocking gates (allow 0 / block 2) via stdin." -}, -{ -"name": "aegis.help", -"summary": "Print usage and the subcommand list." + "io.pilot.docker": [ + { + "name": "docker.engine_start", + "summary": "Start a local Docker Engine (dockerd) on this Linux host, daemonized, on a private unix socket under `DOCKER_DIR` (default /tmp/pilot-docker); waits until the API is ready. Subsequent docker methods auto-target this socket. Requires root (dockerd manages namespaces/cgroups). This is the bundled `dockerd` with `--data-root/--exec-root` under DOCKER_DIR." + }, + { + "name": "docker.engine_stop", + "summary": "Stop the local dockerd started by docker.engine_start." + }, + { + "name": "docker.version", + "summary": "Print docker client + server (if reachable) version info. This is `docker version`." + }, + { + "name": "docker.info", + "summary": "Show system-wide Docker info (containers, images, storage driver, kernel, runtimes). This is `docker info`." + }, + { + "name": "docker.ps", + "summary": "List all containers (running and stopped). This is `docker ps -a`." + }, + { + "name": "docker.images", + "summary": "List images in the local store. This is `docker images`." + }, + { + "name": "docker.pull", + "summary": "Pull an image from a registry. This is `docker pull `." + }, + { + "name": "docker.run", + "summary": "Run a container from `image` with its default command and remove it on exit (`docker run --rm `). For flags/commands (detached, ports, volumes, a custom command) use docker.exec, e.g. {\"args\":[\"run\",\"-d\",\"-p\",\"8080:80\",\"nginx\"]}." + }, + { + "name": "docker.logs", + "summary": "Fetch the logs of a container. This is `docker logs `." + }, + { + "name": "docker.exec", + "summary": "Run the docker CLI with a verbatim argv — the full surface beyond the curated methods. Payload is {\"args\":[...]} passed straight to `docker` (+ optional {\"stdin\":\"...\"}). This is how you run a container with any flags, build an image, exec into a container, manage networks/volumes/compose, etc. Examples: {\"args\":[\"run\",\"-d\",\"--name\",\"web\",\"-p\",\"8080:80\",\"nginx\"]}; {\"args\":[\"run\",\"--rm\",\"alpine\",\"sh\",\"-c\",\"echo hi\"]}; {\"args\":[\"build\",\"-t\",\"myapp\",\"/work\"]}; {\"args\":[\"exec\",\"web\",\"nginx\",\"-v\"]}. The wrapper's own verbs `engine-start`/`engine-stop` also work here." + }, + { + "name": "docker.cli_help", + "summary": "Return the complete `docker --help` (all commands + global options) from the delivered binary. This is `docker --help`." + }, + { + "name": "docker.help", + "summary": "Discovery: every method with params, kind, and latency class." + } + ], + "io.pilot.duckdb": [ + { + "name": "duckdb.query", + "summary": "Run a SQL statement (or `;`-separated batch) and return an aligned `box` table — the default, human-readable shape. Works in-memory (`database=\":memory:\"`) or against a DuckDB file, and can query CSV/Parquet/JSON files in place, e.g. `SELECT region, sum(amount) FROM '/data/*.parquet' GROUP BY region`. This is `duckdb -box -c `." + }, + { + "name": "duckdb.query_csv", + "summary": "Same as duckdb.query but returns the result set as CSV (header + rows) — the right shape when an agent needs to parse the output. This is `duckdb -csv -c `." + }, + { + "name": "duckdb.query_json", + "summary": "Run SQL and return the result set as a JSON array of row objects — the most directly machine-parseable output. This is `duckdb -json -c `." + }, + { + "name": "duckdb.query_markdown", + "summary": "Run SQL and return the result set as a GitHub-flavored Markdown table — handy when the output is going straight into a report or PR comment. This is `duckdb -markdown -c `." + }, + { + "name": "duckdb.file", + "summary": "Execute a `.sql` script file against the database and exit — for multi-statement setups, migrations, or ETL scripts the agent has written to disk. This is `duckdb -f `." + }, + { + "name": "duckdb.tables", + "summary": "List every table and view across all attached databases/schemas (name, database, schema, column list) as a `box` table — a quick inventory of what a DuckDB file holds. This is `duckdb -box -c \"SHOW ALL TABLES\"`." + }, + { + "name": "duckdb.schema", + "summary": "Print the `CREATE` statements for every table, view, and index in the database — the DDL, via DuckDB's `.schema` meta-command. This is `duckdb -no-stdin -cmd \".schema\"`." + }, + { + "name": "duckdb.exec", + "summary": "Run the DuckDB CLI with a verbatim argv — the full surface beyond the curated methods. Payload is {\"args\":[...]} (the args passed straight to `duckdb`) plus optional {\"stdin\":\"...\"} piped to the process. Use it for any flag or meta-command the curated methods don't cover: a different output mode (`-line`, `-html`, `-ascii`), reading a script with `-init`, a `.mode`/`.import`/`.read` dot-command via `-cmd`, or a multi-statement session over stdin. Examples: {\"args\":[\":memory:\",\"-line\",\"-c\",\"SELECT 1\"]}; {\"args\":[\"/data/app.duckdb\",\"-csv\",\"-cmd\",\".import /data/in.csv t\",\"-c\",\"SELECT count(*) FROM t\"]}; {\"args\":[\":memory:\"],\"stdin\":\"CREATE TABLE t(x int);\\nINSERT INTO t VALUES (1),(2);\\nSELECT sum(x) FROM t;\"}." + }, + { + "name": "duckdb.cli_help", + "summary": "Return the complete DuckDB CLI help — every command-line option AND every dot-command (`.mode`, `.tables`, `.schema`, `.read`, `.import`, `.export`, `.timer`, …) — captured verbatim from the delivered binary and rendered as clean, color-free text. The full reference for what duckdb.query / duckdb.exec accept." + }, + { + "name": "duckdb.version", + "summary": "Print the delivered DuckDB version, e.g. \"v1.5.4 (Variegata) 08e34c447b\". Needs no database. This is `duckdb -version`." + }, + { + "name": "duckdb.help", + "summary": "Discovery: every method with params, kind, and latency class." + } + ], + "io.pilot.redis": [ + { + "name": "redis.start", + "summary": "Start a local Redis server, daemonized, listening on 127.0.0.1:`port`. Writes its pidfile, logfile, and RDB snapshot under `dir`; returns once the server has forked into the background. After this, use redis.ping/redis.set/redis.get/redis.exec against the same `port`. This is `redis-server --port --dir --daemonize yes --pidfile /redis-.pid --logfile /redis-.log`." + }, + { + "name": "redis.stop", + "summary": "Stop the local server on 127.0.0.1:`port` (no final save — use redis.exec with SAVE/BGSAVE first if you need to persist). This is `redis-cli -p SHUTDOWN NOSAVE`." + }, + { + "name": "redis.ping", + "summary": "Liveness check: PING the server on 127.0.0.1:`port` (returns PONG). This is `redis-cli -p PING`." + }, + { + "name": "redis.set", + "summary": "Set string `key` to `value`. This is `redis-cli -p SET `." + }, + { + "name": "redis.get", + "summary": "Get the value of string `key` (empty if missing). This is `redis-cli -p GET `." + }, + { + "name": "redis.info", + "summary": "Return the server's INFO (version, memory, clients, persistence, stats, replication, keyspace) as plain text — a full health/inventory snapshot. This is `redis-cli -p INFO`." + }, + { + "name": "redis.dbsize", + "summary": "Number of keys in the current database. This is `redis-cli -p DBSIZE`." + }, + { + "name": "redis.exec", + "summary": "Run any bundled Redis tool with a verbatim argv — the full surface beyond the curated methods. Payload is {\"args\":[, ...]} where the first element is the tool (redis-cli, redis-server, redis-benchmark, redis-check-rdb, redis-check-aof, redis-sentinel) and the rest are its args; optional {\"stdin\":\"...\"} is piped to it. This is how you run ANY Redis command: {\"args\":[\"redis-cli\",\"-p\",\"6399\",\"LPUSH\",\"mylist\",\"a\",\"b\",\"c\"]}, {\"args\":[\"redis-cli\",\"-p\",\"6399\",\"-n\",\"1\",\"HSET\",\"h\",\"f\",\"v\"]}, a pipelined script via stdin {\"args\":[\"redis-cli\",\"-p\",\"6399\"],\"stdin\":\"SET a 1\\nINCR a\\nGET a\"}, or a benchmark {\"args\":[\"redis-benchmark\",\"-p\",\"6399\",\"-n\",\"1000\",\"-q\"]}. The REDISCLI_AUTH env var is passed through for password auth." + }, + { + "name": "redis.cli_help", + "summary": "Return the complete `redis-cli --help` (every option of the Redis command-line client) straight from the delivered binary — the reference for what redis.exec accepts. This is `redis-cli --help`." + }, + { + "name": "redis.version", + "summary": "Print the delivered client version, e.g. \"redis-cli 8.6.2\". Needs no server. This is `redis-cli --version`." + }, + { + "name": "redis.help", + "summary": "Discovery: every method with params, kind, and latency class." + } + ], + "io.pilot.cosift": [ + { + "name": "cosift.search", + "summary": "Keyword + semantic search over the crawled corpus" + }, + { + "name": "cosift.find_similar", + "summary": "Find documents similar to a given result" + }, + { + "name": "cosift.contents", + "summary": "Fetch the full contents of a document" + }, + { + "name": "cosift.answer", + "summary": "Single-shot grounded answer with citations" + }, + { + "name": "cosift.research", + "summary": "Multi-step research report over the corpus" + }, + { + "name": "cosift.stats", + "summary": "Corpus and index statistics" + }, + { + "name": "cosift.health", + "summary": "Service health check" + }, + { + "name": "cosift.help", + "summary": "Discovery: methods, params, and latency classes" + } + ], + "io.pilot.sixtyfour": [ + { + "name": "sixtyfour.people_intelligence", + "summary": "People Intelligence: full, source-backed enrichment of a person from seed details." + }, + { + "name": "sixtyfour.company_intelligence", + "summary": "Company Intelligence: full, source-backed company profile, optionally with people." + }, + { + "name": "sixtyfour.find_email", + "summary": "Contact discovery: find a verified email for a person from partial details." + }, + { + "name": "sixtyfour.find_phone", + "summary": "Contact discovery: find a phone number for a person from partial details." + }, + { + "name": "sixtyfour.reverse_email", + "summary": "Reverse lookup: identify the person and company behind an email address." + }, + { + "name": "sixtyfour.reverse_phone", + "summary": "Reverse lookup: identify the person and company behind a phone number." + }, + { + "name": "sixtyfour.enrich_linkedin", + "summary": "Enrich a person directly from their LinkedIn profile URL." + }, + { + "name": "sixtyfour.qa", + "summary": "Agentic QA researcher: answer free-form qualification questions about a person or company, with sources." + }, + { + "name": "sixtyfour.research_agent", + "summary": "Research agent: autonomous multi-step research over an entity, returning structured findings with sources." + }, + { + "name": "sixtyfour.filter_search", + "summary": "Filter Search: structured field-based search across the corpus; returns matching entities." + }, + { + "name": "sixtyfour.deep_search", + "summary": "Deep Search (agentic): start a natural-language search. Returns a task_id; results are retrieved asynchronously (see caveats)." + }, + { + "name": "sixtyfour.help", + "summary": "Discovery: every method with params, kind, and latency class." + } + ], + "io.pilot.plainweb": [ + { + "name": "plainweb.fetch", + "summary": "Fetch any web page and return it as clean Markdown — no HTML, no JavaScript. Pass the full target URL as `url`; it is placed verbatim in the request path (GET /). Scheme-less hosts (e.g. example.com) are sanitized to https://. The reply is `{\"content_type\":\"text/markdown; charset=utf-8\",\"content\":\"\"}`. Open and free — no API key needed." + }, + { + "name": "plainweb.help", + "summary": "Discovery: every method with params, kind, and latency class." + } + ], + "io.pilot.miren": [ + { + "name": "miren.exec", + "summary": "Run any miren subcommand. Payload is {\"args\":[...]} — the verbatim miren argv. Use this for the full CLI surface beyond the curated methods below (addon, auth, env, route, cluster, disk, sandbox, etc.). Run `miren help` or `miren --help` for the surface. Example args: [\"app\",\"list\",\"--json\"]. Note: interactive subcommands (e.g. `app run`, `login`) and long-running ones (e.g. `server start`) are not suitable over IPC." + }, + { + "name": "miren.apps", + "summary": "List all applications on the cluster (alias for `app list`)." + }, + { + "name": "miren.app", + "summary": "Show the current status of one application. Provide the app name." + }, + { + "name": "miren.app.history", + "summary": "Show an application's deployment history." + }, + { + "name": "miren.logs", + "summary": "Read recent logs for an application as JSON." + }, + { + "name": "miren.deploy", + "summary": "Build and deploy the app in the current directory (non-interactive, --force)." + }, + { + "name": "miren.deploy.analyze", + "summary": "Analyze the app's detected stack/services without building or deploying." + }, + { + "name": "miren.rollback", + "summary": "Roll an application back to its previous deployed version." + }, + { + "name": "miren.doctor", + "summary": "Diagnose the miren environment and connectivity." + }, + { + "name": "miren.whoami", + "summary": "Show the current authenticated user and cluster." + }, + { + "name": "miren.server.install", + "summary": "Install the miren server as a systemd service on this host (Linux only)." + }, + { + "name": "miren.server.status", + "summary": "Show miren server service status (Linux only)." + }, + { + "name": "miren.debug.connection", + "summary": "Test connectivity and authentication with the miren server." + }, + { + "name": "miren.debug.advertise", + "summary": "Show which addresses the server would advertise and why." + }, + { + "name": "miren.help", + "summary": "Discovery: every method with params, kind, and latency class." + } + ], + "io.pilot.otto": [ + { + "name": "otto.exec", + "summary": "Run any otto subcommand. Payload is {\"args\":[...]} — the verbatim otto argv. Use this for the full CLI surface beyond the curated methods (config, client register/login/remove, pair, listener unsubscribe, extension update, agent install, site-filtered `commands list --site`, filtered `logs list`, etc.). Add \"--json\" where the command supports it. Example args: [\"commands\",\"list\",\"--site\",\"reddit.com\",\"--json\"]. Note: interactive/streaming subcommands (setup, settings, logs follow, listener subscribe-network, test with stream/wait flags, mcp serve, start --attached) are not suitable over one-shot IPC." + }, + { + "name": "otto.status", + "summary": "Relay daemon status as JSON: running pid, port, uptime, log path, and the list of currently connected browser node IDs. The right preflight before any page command — an empty node list means no Chrome extension node is paired/online." + }, + { + "name": "otto.commands", + "summary": "List the automation commands the connected node(s) expose, as JSON. Use to learn which site commands are available before calling otto.test. For a single site, use otto.exec with [\"commands\",\"list\",\"--site\",\"\",\"--json\"]." + }, + { + "name": "otto.extract", + "summary": "Extract the readable content of a web page through a live paired browser tab, as JSON markdown. Opens a temporary tab on the node, extracts, and closes it. Requires a running relay and a paired Chrome node." + }, + { + "name": "otto.extract.format", + "summary": "Extract page content in a chosen format: markdown, distilled_html, clean_html, raw_html, or text. Returns JSON. Like otto.extract but lets you pick the output representation." + }, + { + "name": "otto.screenshot", + "summary": "Capture a screenshot of a page through a live browser tab; returns JSON (base64 PNG in the envelope, no local Preview window). Requires a running relay and a paired Chrome node." + }, + { + "name": "otto.test", + "summary": "Run a registered site command on a browser node (opens a tab, runs the command, returns JSON). Provide site (e.g. reddit.com), command id (e.g. getPosts), and a JSON payload string (use {} for none, e.g. {\"limit\":10}). One-shot; requires relay + paired node." + }, + { + "name": "otto.cmd", + "summary": "Send a single raw action to the target browser node and return the full JSON envelope. Provide the action name and a JSON payload string (use {} for none). Use for low-level primitives (e.g. primitive.tab.open) not covered by a curated method." + }, + { + "name": "otto.logs", + "summary": "Read recent relay logs as JSON. For filtered queries (level/source/since/request-id) use otto.exec with [\"logs\",\"list\",...,\"--json\"]." + }, + { + "name": "otto.logs.status", + "summary": "Relay log storage status as JSON (retention, counts, sizes). Check whether logging is healthy and how much history is available." + }, + { + "name": "otto.client.status", + "summary": "Local controller client identity state and where its secret resolves from (env vs keychain), as JSON. Verify the controller is registered and logged in before running page commands." + }, + { + "name": "otto.authcode", + "summary": "List pending pairing codes from the relay as JSON. See codes awaiting approval when bringing a new Chrome extension node online (approve with `otto pair ` via otto.exec)." + }, + { + "name": "otto.extension.info", + "summary": "Installed Chrome extension artifact metadata (version, unpacked path, checksum) and configured relay URLs, as JSON. Confirm which extension build the host has staged for the Load-unpacked handoff." + }, + { + "name": "otto.agent.status", + "summary": "Which agent frameworks (claude, codex, cursor, vscode, …) currently have the Otto MCP server registered, as JSON." + }, + { + "name": "otto.help", + "summary": "Discovery: every method with params, kind, and latency class." + } + ], + "io.telepat.ideon-free": [ + { + "name": "ideon-free.generate", + "summary": "" + }, + { + "name": "ideon-free.poll", + "summary": "" + }, + { + "name": "ideon-free.help", + "summary": "" + } + ], + "io.pilot.postgres": [ + { + "name": "postgres.initdb", + "summary": "Create (configure) a brand-new PostgreSQL data directory / cluster on this host — the one-time setup before a local server can start. Initializes `datadir` with superuser `postgres` and `trust` local auth (no password for local connections). Run once per cluster; `start` then brings it up. This is `initdb -D -U postgres -A trust --encoding=UTF8`." + }, + { + "name": "postgres.start", + "summary": "Start a local PostgreSQL server from an initialized `datadir`, listening on 127.0.0.1:`port` and on a Unix socket in `datadir`. Backgrounds the server and waits until it accepts connections; logs go to `/postgres.log`. After this, connect with uri `host=127.0.0.1 port= user=postgres dbname=postgres`. This is `pg_ctl -D -o '-p -k -h 127.0.0.1' -l /postgres.log -w start`." + }, + { + "name": "postgres.stop", + "summary": "Stop a running local server (fast shutdown) for the given `datadir`. This is `pg_ctl -D -m fast -w stop`." + }, + { + "name": "postgres.status", + "summary": "Report whether the server for `datadir` is running, with its PID and command line. This is `pg_ctl -D status`." + }, + { + "name": "postgres.ready", + "summary": "Connection preflight: check whether a server is accepting connections on 127.0.0.1:`port`. This is `pg_isready -h 127.0.0.1 -p `." + }, + { + "name": "postgres.createdb", + "summary": "Create a new database named `dbname` on the local server at 127.0.0.1:`port` (owner postgres). This is `createdb -h 127.0.0.1 -p -U postgres `." + }, + { + "name": "postgres.query", + "summary": "Run a single SQL statement (or semicolon-separated batch) against a PostgreSQL server and return an aligned text table. Works against the local cluster or any remote server. Runs with ON_ERROR_STOP=1 so a SQL error is a non-zero exit with the server message in stderr. This is `psql -d -c `." + }, + { + "name": "postgres.query_csv", + "summary": "Same as postgres.query but returns the result set as CSV (header + rows) — the right shape when an agent needs to parse output. This is `psql -d --csv -c `. ON_ERROR_STOP=1 is set." + }, + { + "name": "postgres.command", + "summary": "Run a single psql backslash meta-command for schema introspection. Pass it in `command`, e.g. `\\dt` (tables), `\\dn` (schemas), `\\du` (roles), `\\l` (databases), `\\df` (functions), `\\d tablename` (describe a relation). Plain SQL works here too. This is `psql -d -c `." + }, + { + "name": "postgres.list", + "summary": "List the databases on the server (owner, encoding, collation, access privileges) as an aligned table — a quick connectivity + inventory check. This is `psql -d -l`." + }, + { + "name": "postgres.exec", + "summary": "Run any PostgreSQL client/server tool shipped in this bundle with a verbatim argv — the full surface beyond the curated methods. Payload is {\"args\":[, ...]} where the first element is the tool name (psql, initdb, pg_ctl, createdb, dropdb, pg_isready, pg_dump, pg_restore, pg_dumpall, vacuumdb, pg_basebackup, postgres) and the rest are its flags; optional {\"stdin\":\"...\"} is piped to the tool. Examples: {\"args\":[\"psql\",\"-d\",\"postgresql://127.0.0.1:5599/postgres\",\"-A\",\"-t\",\"-c\",\"select 1\"]}; {\"args\":[\"pg_dump\",\"-h\",\"127.0.0.1\",\"-p\",\"5599\",\"-U\",\"postgres\",\"mydb\"]}; {\"args\":[\"psql\",\"-d\",\"\"],\"stdin\":\"select 1;\\nselect 2;\"}. Connection can also come from PG* env vars passed through to the child." + }, + { + "name": "postgres.psql_help", + "summary": "Return the complete `psql --help` text (all options of the PostgreSQL interactive terminal) straight from the delivered binary. The full reference for what postgres.query/postgres.exec accept. This is `psql --help`." + }, + { + "name": "postgres.version", + "summary": "Print the delivered client version, e.g. \"psql (PostgreSQL) 17.10\". Needs no server. This is `psql --version`." + } + ], + "io.pilot.wallet": [ + { + "name": "wallet.balance", + "summary": "USDC balance for the wallet." + }, + { + "name": "wallet.balances", + "summary": "Balances across all configured chains." + }, + { + "name": "wallet.address", + "summary": "The wallet receive address." + }, + { + "name": "wallet.request", + "summary": "Create an x402 payment request." + }, + { + "name": "wallet.pay", + "summary": "Pay an x402 / EIP-3009 USDC request." + }, + { + "name": "wallet.verify", + "summary": "Verify a payment authorization." + }, + { + "name": "wallet.settle", + "summary": "Settle a verified payment on-chain." + }, + { + "name": "wallet.topup", + "summary": "Top up the wallet balance." + }, + { + "name": "wallet.history", + "summary": "Recent payment history." + }, + { + "name": "wallet.spend_caps", + "summary": "Show the supervisor-enforced spend caps." + }, + { + "name": "wallet.evm.address", + "summary": "EVM receive address." + }, + { + "name": "wallet.evm.balance", + "summary": "EVM USDC balance (optional chain_id)." + }, + { + "name": "wallet.evm.satisfy", + "summary": "Satisfy an EVM x402 payment requirement." + }, + { + "name": "wallet.evm.verify", + "summary": "Verify an EVM payment authorization." + }, + { + "name": "wallet.evm.chains", + "summary": "List configured EVM chains (Base, Ethereum, Polygon)." + } + ], + "io.pilot.slipstream": [], + "io.pilot.aegis": [ + { + "name": "aegis.scan", + "summary": "One-shot scan of a file or directory for prompt injection, jailbreaks, homoglyph/leetspeak obfuscation, and impersonation." + }, + { + "name": "aegis.status", + "summary": "Tail the HMAC-chained audit log of recent verdicts." + }, + { + "name": "aegis.targets", + "summary": "List the agent surfaces AEGIS is protecting (inbox, tool results, skill files, memory)." + }, + { + "name": "aegis.config", + "summary": "Show the effective AEGIS configuration." + }, + { + "name": "aegis.version", + "summary": "Print the AEGIS version." + }, + { + "name": "aegis.exec", + "summary": "Run any AEGIS subcommand verbatim — including the scan-cmd / scan-result blocking gates (allow 0 / block 2) via stdin." + }, + { + "name": "aegis.help", + "summary": "Print usage and the subcommand list." + } + ], + "io.pilot.smol": [ + { + "name": "smolmachines.exec", + "summary": "Run any smolvm subcommand in a fast, hardware-isolated Linux microVM. Payload is {\"args\":[...]} — the verbatim smolvm argv. Command surface: `machine run` (ephemeral VM, one-off command), `machine create|start|exec|stop|delete|shell|status|ls|cp|update|monitor|prune` (persistent VMs; `exec` persists filesystem changes), `pack create|run` (portable .smolmachine artifacts), `serve` (HTTP API), `config`. Key flags: `--net` (networking is OFF by default), `--image `, `-v HOST:GUEST`, `-p HOST:GUEST`, `--gpu`, `--ssh-agent`, `--secret-env GUEST=HOST`. Example args: [\"machine\",\"run\",\"--net\",\"--image\",\"alpine\",\"--\",\"sh\",\"-c\",\"echo hi\"]. Not supported over IPC: interactive sessions (-it / `machine shell`) and long-running `serve`." + }, + { + "name": "smolmachines.help", + "summary": "Discovery: every method with params, kind, and latency class." + } + ] } -] -} \ No newline at end of file diff --git a/src/data/app-overrides.json b/src/data/app-overrides.json index ea28a4c..00e7582 100644 --- a/src/data/app-overrides.json +++ b/src/data/app-overrides.json @@ -1,680 +1,681 @@ { -"io.pilot.docker": { -"name": "Docker", -"tagline": "Run Docker from an agent \u2014 a local Docker Engine + CLI on Linux, real containers", -"description": "# Docker (Engine + CLI) \u2014 native CLI for agents (Linux)\n\nThis app installs the official **Docker 29.6.1** static distribution on a Linux host and fronts it as typed\nmethods. The bundle carries the full **Docker Engine** \u2014 `dockerd`, `containerd`, `runc`, `containerd-shim-runc-v2`,\n`docker-proxy`, `docker-init`, `ctr` \u2014 plus the `docker` CLI, each sha-pinned and staged at install. A small\n`dockerctl` wrapper manages the engine lifecycle and fronts the CLI.\n\n## Linux only\n\nDocker containers require Linux kernel features (namespaces, cgroups, overlayfs) \u2014 there is **no native macOS\n`dockerd`** (Docker Desktop runs the engine inside a hidden Linux VM). This app therefore targets **Linux (amd64 +\narm64)**. `docker.engine_start` runs a real daemon and requires **root** (the pilot host must run as root, e.g. in a\ncontainer or VM). To use Docker against an existing daemon instead, set `DOCKER_HOST` and skip `engine_start`.\n\n## The usual flow\n\n1. **Start the engine:** `docker.engine_start` `{}` \u2014 boots `dockerd` on a private socket under `DOCKER_DIR`\n (default `/tmp/pilot-docker`), waits until the API is ready.\n2. **Pull + run:** `docker.pull` `{ \"image\": \"hello-world\" }`, then `docker.run` `{ \"image\": \"hello-world\" }`.\n3. **Inspect:** `docker.ps`, `docker.images`, `docker.logs`, `docker.info`.\n4. **Anything else:** `docker.exec` `{ \"args\": [\"run\",\"-d\",\"-p\",\"8080:80\",\"nginx\"] }` \u2014 any docker command with any flags.\n5. **Stop:** `docker.engine_stop`.\n\n## Methods\n\n- `docker.engine_start` / `docker.engine_stop` \u2014 local Docker Engine lifecycle (root).\n- `docker.version`, `docker.info` \u2014 client/server versions and system info.\n- `docker.ps`, `docker.images`, `docker.logs` \u2014 inspect containers/images/logs.\n- `docker.pull` / `docker.run` \u2014 pull an image / run a container (`--rm`).\n- `docker.exec` \u2014 the docker CLI with a verbatim argv (+ optional stdin): run with any flags, `build`, `exec`,\n networks, volumes, compose plugins, etc.\n- `docker.cli_help` \u2014 the full `docker --help`. `docker.help` \u2014 the self-describing method list.\n\n## Configuration\n\n- **`DOCKER_DIR`** (env) \u2014 where dockerd keeps its socket, data-root, exec-root, pidfile, and log\n (default `/tmp/pilot-docker`).\n- **`DOCKER_HOST`** (env) \u2014 point the CLI at an existing/remote daemon instead of the bundled one\n (`tcp://host:2375` or `unix:///path`); when set, skip `docker.engine_start`.\n- **Root** \u2014 `dockerd` needs root and kernel container support. Works on a Linux host/VM/privileged container where\n the pilot daemon runs as root; not on a restricted, capability-stripped sandbox.\n- **Storage driver** \u2014 defaults to `overlay2`; pass an alternative via `docker.exec`\n (`{\"args\":[\"engine-start\",\"--storage-driver\",\"vfs\"]}`) on filesystems where overlay2 is unavailable.\n\n## Good to know\n\n- Free and open source (Apache-2.0). Binaries are the official Docker static release, repackaged unmodified.\n- Output returns verbatim; on a non-zero exit the reply is `{stdout, stderr, exit}`.\n\n## docker --help\n```\nDocker CLI \u2014 commands and options\n=================================\n\nDocker runs applications in containers. This app delivers the Docker Engine\n(dockerd + containerd + runc) and the docker CLI. Start a local engine with\n'engine-start', then use any docker command.\n\nUsage: docker [OPTIONS] COMMAND\n\nA self-sufficient runtime for containers\n\nCommon Commands:\n run Create and run a new container from an image\n exec Execute a command in a running container\n ps List containers\n build Build an image from a Dockerfile\n pull Download an image from a registry\n push Upload an image to a registry\n images List images\n login Authenticate to a registry\n logout Log out from a registry\n search Search Docker Hub for images\n version Show the Docker version information\n info Display system-wide information\n\nManagement Commands:\n builder Manage builds\n compose* Docker Compose\n container Manage containers\n context Manage contexts\n image Manage images\n manifest Manage Docker image manifests and manifest lists\n network Manage networks\n plugin Manage plugins\n system Manage Docker\n volume Manage volumes\n\nSwarm Commands:\n swarm Manage Swarm\n\nCommands:\n attach Attach local standard input, output, and error streams to a running container\n commit Create a new image from a container's changes\n cp Copy files/folders between a container and the local filesystem\n create Create a new container\n diff Inspect changes to files or directories on a container's filesystem\n events Get real time events from the server\n export Export a container's filesystem as a tar archive\n history Show the history of an image\n import Import the contents from a tarball to create a filesystem image\n inspect Return low-level information on Docker objects\n kill Kill one or more running containers\n load Load an image from a tar archive or STDIN\n logs Fetch the logs of a container\n pause Pause all processes within one or more containers\n port List port mappings or a specific mapping for the container\n rename Rename a container\n restart Restart one or more containers\n rm Remove one or more containers\n rmi Remove one or more images\n save Save one or more images to a tar archive (streamed to STDOUT by default)\n start Start one or more stopped containers\n stats Display a live stream of container(s) resource usage statistics\n stop Stop one or more running containers\n tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE\n top Display the running processes of a container\n unpause Unpause all processes within one or more containers\n update Update configuration of one or more containers\n wait Block until one or more containers stop, then print their exit codes\n\nGlobal Options:\n --config string Location of client config files (default\n \"/Users/alexgodo/.docker\")\n -c, --context string Name of the context to use to connect to the\n daemon (overrides DOCKER_HOST env var and\n default context set with \"docker context use\")\n -D, --debug Enable debug mode\n -H, --host string Daemon socket to connect to\n -l, --log-level string Set the logging level (\"debug\", \"info\",\n \"warn\", \"error\", \"fatal\") (default \"info\")\n --tls Use TLS; implied by --tlsverify\n --tlscacert string Trust certs signed only by this CA (default\n \"/Users/alexgodo/.docker/ca.pem\")\n --tlscert string Path to TLS certificate file (default\n \"/Users/alexgodo/.docker/cert.pem\")\n --tlskey string Path to TLS key file (default\n \"/Users/alexgodo/.docker/key.pem\")\n --tlsverify Use TLS and verify the remote\n -v, --version Print version information and quit\n\nRun 'docker COMMAND --help' for more information on a command.\n\nFor more help on how to use Docker, head to https://docs.docker.com/go/guides/\n```\n", -"vendor": "Pilot Protocol", -"vendorUrl": "https://pilotprotocol.network", -"license": "Apache-2.0", -"sourceUrl": "https://github.com/moby/moby", -"homepage": "https://www.docker.com", -"version": "29.6.1", -"categoriesRaw": [ -"devops", -"containers", -"runtime", -"data" -], -"keywords": [ -"docker", -"containers", -"dockerd", -"moby", -"containerd", -"runc", -"oci", -"devops", -"engine", -"images" -], -"bundleBytes": 5352665, -"installedBytes": 9624816, -"changelog": [ -{ -"version": "29.6.1", -"notes": [ -"Released v29.6.1" -] -} -], -"minPilotVersion": "1.0.0", -"runtimes": [ -"go" -], -"protection": null, -"publishedAt": null, -"grants": [], -"inCatalogue": true -}, -"io.pilot.duckdb": { -"name": "DuckDB", -"tagline": "Run DuckDB from an agent \u2014 in-process analytical SQL over files, no server, no provisioning", -"description": "# DuckDB \u2014 in-process analytical SQL, native CLI for agents\n\nThis app installs the official **DuckDB 1.5.4** command-line shell on the host and fronts it as typed\nmethods. The bundle is the upstream DuckDB CLI binary (sha-pinned per OS/arch, fetched from the Pilot\nartifact registry at install) plus a tiny wrapper that serves a clean, complete `--help`.\n\nDuckDB is an **in-process** OLAP database \u2014 \"SQLite for analytics.\" There is **no server, no daemon, no\nport, no auth, and nothing to provision**: an agent opens an in-memory database (`:memory:`) or a single\n`.duckdb` file like any other file. That posture is exactly right for an autonomous agent working in its\nown sandbox with no cloud account.\n\n## Why an agent wants this\n\n- **Zero provisioning.** No `initdb`, no server lifecycle, no credentials, no \"is the daemon up?\" state.\n Run SQL against `:memory:` or a file and you're done.\n- **Query files in place \u2014 the killer feature.** Point SQL straight at CSV, Parquet, or JSON on disk with\n no load step: `SELECT region, sum(amount) FROM '/data/*.parquet' GROUP BY region`. The file *is* the table.\n- **Fast analytics on a laptop.** A columnar, vectorized engine: aggregations and joins over millions of\n rows run quickly in a single process, in the agent's own context.\n- **Agent-friendly output.** Get results as an aligned table, **CSV**, **JSON**, or **Markdown** \u2014 pick the\n shape that parses cleanly or drops straight into a report.\n- **Full SQL.** Window functions, CTEs, nested types (lists/structs/maps), `COPY` to/from Parquet/CSV, and\n a rich function library.\n- **Self-contained + offline.** One binary, no dependencies; the core CSV/Parquet/JSON readers are built in,\n so the common cases need no network and no extensions.\n\n## Methods\n\n- `duckdb.query` \u2014 run SQL, get an aligned `box` table (default). In-memory or against a file.\n- `duckdb.query_csv` / `duckdb.query_json` / `duckdb.query_markdown` \u2014 same, as CSV / JSON / Markdown.\n- `duckdb.file` \u2014 execute a `.sql` script file (migrations, ETL, multi-statement setup).\n- `duckdb.tables` \u2014 list every table and view (`SHOW ALL TABLES`).\n- `duckdb.schema` \u2014 print the `CREATE` DDL for the database (`.schema`).\n- `duckdb.exec` \u2014 run the CLI with a verbatim argv (+ optional stdin) for any flag, output mode, or\n dot-command the curated methods don't cover (`.mode`, `.import`, `.export`, `.read`, `-init`, \u2026).\n- `duckdb.cli_help` \u2014 the complete CLI help: every option **and** every dot-command, as clean text.\n- `duckdb.version` \u2014 the delivered DuckDB version. `duckdb.help` \u2014 the self-describing method list.\n\n## How to use it\n\n1. **Quick analysis (no setup):** `duckdb.query` `{ \"database\": \":memory:\", \"sql\": \"SELECT count(*) FROM '/data/events.parquet'\" }`.\n2. **Persistent database:** point `database` at a file path (`/work/app.duckdb`); it's created on first use and\n persists. The same file holds many tables/schemas.\n3. **Parse the output:** use `duckdb.query_json` (array of row objects) or `duckdb.query_csv`.\n4. **Anything else:** `duckdb.exec` `{ \"args\": [\":memory:\", \"-cmd\", \".import /data/in.csv t\", \"-c\", \"SELECT count(*) FROM t\"] }`.\n\n## Configuration\n\n- **`database`** \u2014 `:memory:` (ephemeral, no provisioning) or an absolute path to a `.duckdb`/`.db` file\n (created on first use, persists, holds many tables). Independent of this, the SQL can read/write CSV,\n Parquet, and JSON files anywhere on disk.\n- **Output mode** \u2014 choose the method (`query` box / `query_csv` / `query_json` / `query_markdown`), or any\n other mode via `duckdb.exec` (`-line`, `-html`, `-ascii`, `-jsonlines`, \u2026).\n- **Extensions** \u2014 Parquet/CSV/JSON readers are built in. Network-backed extensions (e.g. `httpfs` for S3/HTTP\n Parquet) are loadable via `duckdb.exec` (`INSTALL httpfs; LOAD httpfs;`) where the host allows egress; the\n local-only path needs neither.\n- **Read-only** \u2014 open a database without write access via `duckdb.exec` (`-readonly`).\n\n## Good to know\n\n- Output returns verbatim where it's already clean; on a non-zero exit (SQL error) the reply is\n `{stdout, stderr, exit}` so the caller sees everything the CLI produced.\n- Runs on **macOS and Linux** (arm64 + amd64); the binary is fetched from the Pilot artifact registry and\n sha-pinned on install. Free and open source under the **MIT License**.\n- `duckdb.help` lists every method with its latency class \u2014 the self-describing discovery contract.\n\n## DuckDB CLI help (`duckdb.cli_help`)\n```\nDuckDB CLI \u2014 command-line options and meta-commands\n===================================================\n\nDuckDB is an in-process analytical SQL database (think \"SQLite for analytics\").\nThe CLI runs SQL against an in-memory database (use ':memory:') or a database\nfile, and can query CSV, Parquet, and JSON files directly with no import step,\ne.g. SELECT * FROM 'data/*.parquet' WHERE ... \u2014 the file IS the table.\n\nUSAGE: duckdb [OPTIONS] [DATABASE_FILE] [SQL]\n\nDATABASE_FILE is a DuckDB database; it is created if it does not exist.\nUse ':memory:' for an ephemeral in-memory database.\n\n------------------------------------------------------------------------------\nCOMMAND-LINE OPTIONS (duckdb -help)\n------------------------------------------------------------------------------\n\nOPTIONS:\n -ascii set output mode to 'ascii'\n -bail stop after hitting an error\n -batch force batch I/O'\n -box set output mode to 'box'\n -column set output mode to 'column'\n -cmd COMMAND run \"COMMAND\" before reading stdin\n -csv set output mode to 'csv'\n -c COMMAND run \"COMMAND\" and exit\n -dark-mode use dark mode colors\n -echo print commands before execution\n -f FILENAME read/process named file and exit\n -init FILENAME read/process named file\n -header turn headers on\n -h show help message\n -help show help message\n -html set output mode to HTML\n -interactive force interactive I/O\n -json set output mode to 'json'\n -jsonlines set output mode to 'jsonlines'\n -light-mode use light mode colors\n -line set output mode to 'line'\n -list set output mode to 'list'\n -markdown set output mode to 'markdown'\n -newline SEP set output row separator. Default: '\\n'\n -no-init skip processing the init file\n -no-stdin exit after processing options instead of reading stdin\n -noheader turn headers off\n -nullvalue TEXT set text string for NULL values. Default 'NULL'\n -quote set output mode to 'quote'\n -readonly open the database read-only\n -s COMMAND run \"COMMAND\" and exit\n -safe enable safe-mode\n -separator SEP set output column separator. Default: '|'\n -storage-version VER database storage compatibility version to use. Default: 'v0.10.0'\n -table set output mode to 'table'\n -ui launches a web interface using the ui extension (configurable with .ui_command)\n -unredacted allow printing unredacted secrets\n -unsigned allow loading of unsigned extensions\n -version show DuckDB version\n\n------------------------------------------------------------------------------\nDOT-COMMANDS (meta-commands; usable inside the shell or via -cmd \"...\")\n------------------------------------------------------------------------------\n.bail on|off Stop after hitting an error. Default OFF\n.binary on|off Turn binary output on or off. Default OFF\n.cd DIRECTORY Change the working directory to DIRECTORY\n.changes on|off Show number of rows changed by SQL\n.columns Column-wise rendering of query results\n.decimal_sep SEP Sets the decimal separator used when rendering numbers. Only for duckbox mode.\n.databases List names and files of attached databases\n.dump ?TABLE? Render database content as SQL\n.display_colors [bold|underline] Display all terminal colors and their names\n.echo on|off Turn command echo on or off\n.edit Opens an external text editor to edit a query.\n.excel Display the output of next command in spreadsheet\n.exit ?CODE? Exit this program with return-code CODE\n.headers on|off Turn display of headers on or off\n.help ?-all? ?PATTERN? Show help text for PATTERN\n.highlight on|off Toggle syntax highlighting in the shell on/off\n.highlight_colors OPTIONS Configure highlighting colors\n.highlight_errors on|off Turn highlighting of errors on or off\n.highlight_mode mixed|dark|light Toggle the highlight mode to dark or light mode\n.highlight_results on|off Turn highlighting of results on or off\n.import FILE TABLE Import data from FILE into TABLE\n.indexes ?TABLE? Show names of indexes\n.last Render the last result without truncating\n.large_number_rendering MODE Toggle readable rendering of large numbers (duckbox only)\n.log FILE|off Turn logging on or off. FILE can be stderr/stdout\n.maxrows COUNT Sets the maximum number of rows for display (default: 40). Only for duckbox mode.\n.maxwidth COUNT Sets the maximum width in characters. 0 defaults to terminal width. Only for duckbox mode.\n.mode MODE ?TABLE? Set output mode\n.multiline Sets the render mode to multi-line\n.nullvalue STRING Use STRING in place of NULL values\n.open ?OPTIONS? ?FILE? Close existing database and reopen FILE\n.once ?FILE? Output for the next SQL command only to FILE\n.output ?FILE? Send output to FILE or stdout if FILE is omitted\n.pager OPTIONS Control pager usage for output\n.print STRING... Print literal STRING\n.progress_bar OPTIONS Configure the progress bar display\n.prompt MAIN CONTINUE Replace the standard prompts\n.quit Exit this program\n.read FILE Read input from FILE\n.read_line_version linenoise|fallback Sets the library used for processing interactive input\n.render_completion on|off Toggle displaying of completion prompts in the shell on/off\n.render_errors on|off Toggle rendering of errors in the shell on/off\n.rows Row-wise rendering of query results (default)\n.safe_mode Enable safe-mode\n.separator COL ?ROW? Change the column and row separators\n.schema ?PATTERN? Show the CREATE statements matching PATTERN\n.shell CMD ARGS... Run CMD ARGS... in a system shell\n.show Show the current values for various settings\n.singleline Sets the render mode to single-line\n.startup_text none|version|all Start-up text to display. Set this as the first line in .duckdbrc\n.system CMD ARGS... Run CMD ARGS... in a system shell\n.tables ?TABLE? List names of tables matching LIKE pattern TABLE\n.thousand_sep SEP Sets the thousand separator used when rendering numbers. Only for duckbox mode.\n.timer on|off Turn SQL timer on or off\n.ui_command [command] Set the UI command\n.version Show the version\n.width NUM1 NUM2 ... Set minimum column widths for columnar output\n\nRun .help --all for extended information\nRun .help shortcuts for keyboard shortcuts\n```\n", -"vendor": "Pilot Protocol", -"vendorUrl": "https://pilotprotocol.network", -"license": "MIT", -"sourceUrl": "https://github.com/duckdb/duckdb", -"homepage": "https://duckdb.org", -"version": "1.5.4", -"categoriesRaw": [ -"database", -"data", -"sql", -"analytics" -], -"keywords": [ -"duckdb", -"sql", -"olap", -"analytics", -"parquet", -"csv", -"json", -"query", -"in-process", -"columnar", -"database", -"embedded" -], -"bundleBytes": 5353407, -"installedBytes": 9624599, -"changelog": [ -{ -"version": "1.5.4", -"notes": [ -"Released v1.5.4" -] -} -], -"minPilotVersion": "1.0.0", -"runtimes": [ -"go" -], -"protection": null, -"publishedAt": null, -"grants": [], -"inCatalogue": true -}, -"io.pilot.redis": { -"name": "Redis", -"tagline": "Run Redis from an agent \u2014 start a local in-memory store and run any command with redis-cli", -"description": "# Redis (server + redis-cli) \u2014 native CLI for agents\n\nThis app installs the official **Redis 8.6.2** server and client on the host and fronts them as\ntyped methods. The bundle is a relocatable build of Redis 8.6.2 (from conda-forge, AGPL-3.0)\ncarrying `redis-server`, `redis-cli`, `redis-benchmark`, `redis-check-rdb`, `redis-check-aof`, and\n`redis-sentinel`; every binary is sha-pinned and staged at install, and a tiny `redis` dispatcher routes\neach method to the right tool. Binaries are fetched from the Pilot artifact registry on **macOS and Linux**\n(arm64 + amd64).\n\nRedis is an **in-memory data-structure store** \u2014 strings, hashes, lists, sets, sorted sets, streams, plus\npub/sub and transactions. There is no cluster to provision: an agent starts a throwaway local server and\nuses it as a cache, a fast key-value DB, or a coordination/queue primitive.\n\n## Run a Redis locally \u2014 the usual flow\n\n1. **Start:** `redis.start` `{ \"port\": \"6399\", \"dir\": \"/tmp\" }` \u2014 boots a daemonized server on\n `127.0.0.1:6399`, with pidfile/logfile/RDB under `dir`.\n2. **Health:** `redis.ping` `{ \"port\": \"6399\" }` \u2192 `PONG`.\n3. **Use it:** `redis.set` / `redis.get`, `redis.info`, `redis.dbsize`, or **any** command via\n `redis.exec` `{ \"args\": [\"redis-cli\",\"-p\",\"6399\",\"ZADD\",\"board\",\"100\",\"alice\"] }`.\n4. **Stop:** `redis.stop` `{ \"port\": \"6399\" }`.\n\n## Methods\n\n- `redis.start` / `redis.stop` \u2014 local server lifecycle (daemonized; per-port pidfile/logfile).\n- `redis.ping` \u2014 liveness (PONG). `redis.info` \u2014 full server INFO. `redis.dbsize` \u2014 key count.\n- `redis.set` / `redis.get` \u2014 string get/set convenience.\n- `redis.exec` \u2014 run any tool with a verbatim argv (+ optional stdin) \u2014 every Redis command, pipelined\n batches, benchmarks, RDB/AOF checks, sentinel.\n- `redis.cli_help` \u2014 the complete `redis-cli --help`. `redis.version` \u2014 the delivered version.\n `redis.help` \u2014 the self-describing method list.\n\n## Configuration\n\n- **`port`** \u2014 TCP port for the local server (convention `6399`). Bound to `127.0.0.1`.\n- **`dir`** \u2014 an existing writable directory for the pidfile, logfile, and RDB snapshot; pass `/tmp` for a\n throwaway server, or a path you control for persistence (the RDB lives at `/dump.rdb`).\n- **Persistence** \u2014 `redis.stop` does `SHUTDOWN NOSAVE`; run `redis.exec` with `SAVE`/`BGSAVE` first if you\n need the dataset on disk. Any redis.conf directive is reachable as a `--flag` via\n `redis.exec` (`redis-server --port ... --maxmemory 256mb --maxmemory-policy allkeys-lru ...`).\n- **Auth** \u2014 local servers are open by default; set `--requirepass` (via `redis.exec` on start) and pass the\n password through the `REDISCLI_AUTH` env var (forwarded to the child) or `-a` on `redis.exec`.\n\n## Good to know\n\n- Output returns verbatim where it is already clean; on a non-zero exit the reply is `{stdout, stderr, exit}`.\n- Free and open source under the **AGPL-3.0** license (Redis 8.x). Repackaged unmodified from conda-forge.\n\n## redis-cli / redis-server help\n```\nRedis CLI help \u2014 redis-cli and redis-server\n===========================================\n\nRedis is an in-memory data-structure store (cache, database, message broker).\nThis app fronts the Redis server + redis-cli as agent methods: start a local\nserver, then SET/GET/PING/INFO or run any command via redis.exec.\n\n------------------------------------------------------------------------------\nredis-cli --help\n------------------------------------------------------------------------------\nredis-cli 8.6.2\n\nUsage: redis-cli [OPTIONS] [cmd [arg [arg ...]]]\n -h Server hostname (default: 127.0.0.1).\n -p Server port (default: 6379).\n -t Server connection timeout in seconds (decimals allowed).\n Default timeout is 0, meaning no limit, depending on the OS.\n -s Server socket (overrides hostname and port).\n -a Password to use when connecting to the server.\n You can also use the REDISCLI_AUTH environment\n variable to pass this password more safely\n (if both are used, this argument takes precedence).\n --user Used to send ACL style 'AUTH username pass'. Needs -a.\n --pass Alias of -a for consistency with the new --user option.\n --askpass Force user to input password with mask from STDIN.\n If this argument is used, '-a' and REDISCLI_AUTH\n environment variable will be ignored.\n -u Server URI on format redis://user:password@host:port/dbnum\n User, password and dbnum are optional. For authentication\n without a username, use username 'default'. For TLS, use\n the scheme 'rediss'.\n -r Execute specified command N times.\n -i When -r is used, waits seconds per command.\n It is possible to specify sub-second times like -i 0.1.\n This interval is also used in --scan and --stat per cycle.\n and in --bigkeys, --memkeys, --keystats, and --hotkeys per 100 cycles.\n -n Database number.\n --name Set the client name.\n -2 Start session in RESP2 protocol mode.\n -3 Start session in RESP3 protocol mode.\n -x Read last argument from STDIN (see example below).\n -X Read argument from STDIN (see example below).\n -d Delimiter between response bulks for raw formatting (default: \\n).\n -D Delimiter between responses for raw formatting (default: \\n).\n -c Enable cluster mode (follow -ASK and -MOVED redirections).\n -e Return exit error code when command execution fails.\n -4 Prefer IPv4 over IPv6 on DNS lookup.\n -6 Prefer IPv6 over IPv4 on DNS lookup.\n --tls Establish a secure TLS connection.\n --sni Server name indication for TLS.\n --cacert CA Certificate file to verify with.\n --cacertdir Directory where trusted CA certificates are stored.\n If neither cacert nor cacertdir are specified, the default\n system-wide trusted root certs configuration will apply.\n --insecure Allow insecure TLS connection by skipping cert validation.\n --cert Client certificate to authenticate with.\n --key Private key file to authenticate with.\n --tls-ciphers Sets the list of preferred ciphers (TLSv1.2 and below)\n in order of preference from highest to lowest separated by colon (\":\").\n See the ciphers(1ssl) manpage for more information about the syntax of this string.\n --tls-ciphersuites Sets the list of preferred ciphersuites (TLSv1.3)\n in order of preference from highest to lowest separated by colon (\":\").\n See the ciphers(1ssl) manpage for more information about the syntax of this string,\n and specifically for TLSv1.3 ciphersuites.\n --raw Use raw formatting for replies (default when STDOUT is\n not a tty).\n --no-raw Force formatted output even when STDOUT is not a tty.\n --quoted-input Force input to be handled as quoted strings.\n --csv Output in CSV format.\n --json Output in JSON format (default RESP3, use -2 if you want to use with RESP2).\n --quoted-json Same as --json, but produce ASCII-safe quoted strings, not Unicode.\n --show-pushes Whether to print RESP3 PUSH messages. Enabled by default when\n STDOUT is a tty but can be overridden with --show-pushes no.\n --stat Print rolling stats about server: mem, clients, ...\n --latency Enter a special mode continuously sampling latency.\n If you use this mode in an interactive session it runs\n forever displaying real-time stats. Otherwise if --raw or\n --csv is specified, or if you redirect the output to a non\n TTY, it samples the latency for 1 second (you can use\n -i to change the interval), then produces a single output\n and exits.\n --latency-history Like --latency but tracking latency changes over time.\n Default time interval is 15 sec. Change it using -i.\n --latency-dist Shows latency as a spectrum, requires xterm 256 colors.\n Default time interval is 1 sec. Change it using -i.\n --vset-recall Enable VSIM recall test mode for the specified key\n (that must be a vector set). Random vectors are created\n mixing components from other elements. A VSIM is then\n executed and checked against ground truth.\n --vset-recall-count How many top elements to fetch per query.\n --vset-recall-ef HSNW EF (search effort) to use. Default 500.\n --vset-recall-ele Number of elements used to compose query vectors\n Default 1.\n --lru-test Simulate a cache workload with an 80-20 distribution.\n --replica Simulate a replica showing commands received from the master.\n --rdb Transfer an RDB dump from remote server to local file.\n Use filename of \"-\" to write to stdout.\n --functions-rdb Like --rdb but only get the functions (not the keys)\n when getting the RDB dump file.\n --pipe Transfer raw Redis protocol from stdin to server.\n --pipe-timeout In --pipe mode, abort with error if after sending all data.\n no reply is received within seconds.\n Default timeout: 30. Use 0 to wait forever.\n --bigkeys Sample Redis keys looking for keys with many elements (complexity).\n --memkeys Sample Redis keys looking for keys consuming a lot of memory.\n --memkeys-samples Sample Redis keys looking for keys consuming a lot of memory.\n And define number of key elements to sample\n --keystats Sample Redis keys looking for keys memory size and length (combine bigkeys and memkeys).\n --keystats-samples Sample Redis keys looking for keys memory size and length.\n And define number of key elements to sample (only for memory usage).\n --cursor Start the scan at the cursor (usually after a Ctrl-C).\n Optionally used with --keystats and --keystats-samples.\n --top To display top key sizes (default: 10).\n Optionally used with --keystats and --keystats-samples.\n --hotkeys Sample Redis keys looking for hot keys.\n only works when maxmemory-policy is *lfu.\n --scan List all keys using the SCAN command.\n --pattern Keys pattern when using the --scan, --bigkeys, --memkeys,\n --keystats or --hotkeys options (default: *).\n --count Count option when using the --scan, --bigkeys, --memkeys,\n --keystats or --hotkeys (default: 10).\n --quoted-pattern Same as --pattern, but the specified string can be\n quoted, in order to pass an otherwise non binary-safe string.\n --intrinsic-latency Run a test to measure intrinsic system latency.\n The test will run for the specified amount of seconds.\n --eval Send an EVAL command using the Lua script at .\n --ldb Used with --eval enable the Redis Lua debugger.\n --ldb-sync-mode Like --ldb but uses the synchronous Lua debugger, in\n this mode the server is blocked and script changes are\n not rolled back from the server memory.\n --cluster [args...] [opts...]\n Cluster Manager command and arguments (see below).\n --verbose Verbose mode.\n --no-auth-warning Don't show warning message when using password on command\n line interface.\n --help Output this help and exit.\n --version Output version and exit.\n\nCluster Manager Commands:\n Use --cluster help to list all available cluster manager commands.\n\nExamples:\n redis-cli -u redis://default:PASSWORD@localhost:6379/0\n cat /etc/passwd | redis-cli -x set mypasswd\n redis-cli -D \"\" --raw dump key > key.dump && redis-cli -X dump_tag restore key2 0 dump_tag replace < key.dump\n redis-cli -r 100 lpush mylist x\n redis-cli -r 100 -i 1 info | grep used_memory_human:\n redis-cli --quoted-input set '\"null-\\x00-separated\"' value\n redis-cli --eval myscript.lua key1 key2 , arg1 arg2 arg3\n redis-cli --scan --pattern '*:12345*'\n redis-cli --scan --pattern '*:12345*' --count 100\n\n (Note: when using --eval the comma separates KEYS[] from ARGV[] items)\n\nWhen no command is given, redis-cli starts in interactive mode.\nType \"help\" in interactive mode for information on available commands\nand settings.\n\n\n------------------------------------------------------------------------------\nredis-server --help\n------------------------------------------------------------------------------\nUsage: ./redis-server [/path/to/redis.conf] [options] [-]\n ./redis-server - (read config from stdin)\n ./redis-server -v or --version\n ./redis-server -h or --help\n ./redis-server --test-memory \n ./redis-server --check-system\n\nExamples:\n ./redis-server (run the server with default conf)\n echo 'maxmemory 128mb' | ./redis-server -\n ./redis-server /etc/redis/6379.conf\n ./redis-server --port 7777\n ./redis-server --port 7777 --replicaof 127.0.0.1 8888\n ./redis-server /etc/myredis.conf --loglevel verbose -\n ./redis-server /etc/myredis.conf --loglevel verbose\n\nSentinel mode:\n ./redis-server /etc/sentinel.conf --sentinel\n```\n", -"vendor": "Pilot Protocol", -"vendorUrl": "https://pilotprotocol.network", -"license": "AGPL-3.0", -"sourceUrl": "https://github.com/redis/redis", -"homepage": "https://redis.io", -"version": "8.6.2", -"categoriesRaw": [ -"database", -"cache", -"data", -"kv" -], -"keywords": [ -"redis", -"cache", -"key-value", -"in-memory", -"database", -"kv", -"redis-cli", -"pubsub", -"streams", -"nosql" -], -"bundleBytes": 5354616, -"installedBytes": 9625086, -"changelog": [ -{ -"version": "8.6.2", -"notes": [ -"Released v8.6.2" -] -} -], -"minPilotVersion": "1.0.0", -"runtimes": [ -"go" -], -"protection": null, -"publishedAt": null, -"grants": [], -"inCatalogue": true -}, -"io.pilot.cosift": { -"name": "Cosift", -"tagline": "Grounded web search, retrieval, and research for agents", -"description": "Cosift is the Pilot app-store front door for the cosift search/answer/research API. It gives an agent keyword + semantic search, document retrieval, and LLM-grounded answers and multi-step research over a crawled web corpus \u2014 returned as clean structured JSON.\n\nEvery method is discoverable at runtime via cosift.help, which reports each method's parameters and a latency class (fast / med / slow) so a caller can pick the cheapest method that fits.", -"vendor": "Pilot Protocol", -"vendorUrl": "https://pilotprotocol.network", -"license": "MIT", -"sourceUrl": "https://github.com/pilot-protocol/cosift", -"homepage": "https://pilotprotocol.network", -"version": "0.1.2", -"categoriesRaw": [ -"search", -"research", -"retrieval" -], -"keywords": [ -"search", -"rag", -"answer", -"research", -"web", -"retrieval" -], -"bundleBytes": 4774876, -"installedBytes": 8641298, -"changelog": [ -{ -"version": "0.1.2", -"date": "2026-06-09", -"notes": [ -"cosift search/answer/research adapter with cosift.help discovery", -"Installable via the Pilot app store catalogue" -] -} -], -"minPilotVersion": "1.0.0", -"runtimes": [ -"go" -], -"protection": "shareable", -"publishedAt": "2026-06-09T23:01:53Z", -"grants": [ -"fs.read:$APP/config.json", -"audit.log:*", -"net.dial:cosift.pilotprotocol.network", -"net.dial:127.0.0.1" -], -"inCatalogue": true -}, -"io.pilot.smolmachines": { -"name": "Smol Machines", -"tagline": "Fast, hardware-isolated microVMs on demand", -"description": "Smol Machines \u2014 the app-store front door for the smolmachines VM engine. It lets an agent spin up fast, hardware-isolated Linux microVMs on demand (sub-second boot, real hypervisor isolation \u2014 not shared-kernel containers), then run workloads in a disposable sandbox. Free to use. Portable .smolmachine artifacts run identically on macOS and Linux, locally or in the cloud.\n\nUse it to:\n- Run untrusted or AI-generated code safely, with networking off by default\n- Give an agent a real Linux shell \u2014 a stateful, isolated execution backend\n- Automate headless browsers (GPU-accelerated) for scraping, screenshots, and web tasks\n- Run GPU/compute jobs via Vulkan with container-like speed\n- Spin up disposable dev sandboxes \u2014 a clean VM per task, torn down after\n- Keep persistent dev VMs \u2014 installed packages survive restarts\n- Run CI-style jobs \u2014 build, test, lint in clean environments\n- Fan out parallel ephemeral workers thanks to sub-second boot\n- Analyze malware / suspicious files in a throwaway environment\n- Build once, run anywhere \u2014 same artifact local, cloud, or self-hosted\n\nDiscover the live method surface at runtime with smolmachines.help, which lists each method's parameters and latency class.", -"vendor": "smol machines", -"vendorUrl": "https://smolmachines.com", -"license": "Apache-2.0", -"sourceUrl": "https://github.com/smol-machines/smolvm", -"homepage": "https://smolmachines.com", -"version": "1.2.0", -"categoriesRaw": [ -"dev", -"virtualization", -"security" -], -"keywords": [ -"microvm", -"sandbox", -"vm", -"isolation", -"gpu", -"ci" -], -"bundleBytes": 5346146, -"installedBytes": 9140402, -"changelog": [ -{ -"version": "1.2.0", -"notes": [ -"Released v1.2.0" -] -} -], -"minPilotVersion": "1.0.0", -"runtimes": [ -"go" -], -"protection": "guarded", -"publishedAt": null, -"grants": [ -"fs.read:$APP/config.json", -"proc.exec:smolvm", -"fs.read:$APP/install.json", -"fs.write:$APP", -"net.dial:pub-f09f9a4ea848491198d48e329ba030e3.r2.dev", -"audit.log:*" -], -"inCatalogue": true -}, -"io.pilot.sixtyfour": { -"name": "Sixtyfour", -"tagline": "People- and company-intelligence: contact discovery, enrichment, and agentic research.", -"description": "Sixtyfour is the app-store front door for the Sixtyfour people-intelligence and company-intelligence API. It gives an agent contact discovery (find email / find phone), reverse lookups from an email or phone, full person and company enrichment, and an agentic QA researcher that answers free-form questions about a person or company. All returned as clean structured JSON, every field source-backed.", -"vendor": "Sixtyfour", -"vendorUrl": null, -"license": "Proprietary", -"sourceUrl": "https://docs.sixtyfour.ai", -"homepage": "https://sixtyfour.ai", -"version": "0.1.0", -"categoriesRaw": [ -"data", -"enrichment", -"sales-intelligence" -], -"keywords": [ -"enrichment", -"people", -"company", -"email", -"phone", -"lead", -"research", -"search" -], -"bundleBytes": 4898153, -"installedBytes": 8679650, -"changelog": [ -{ -"version": "0.1.0", -"notes": [ -"Sixtyfour is the app-store front door for the Sixtyfour people-intelligence and company-intelligence API. It gives an agent contact discovery (find email / find phone), reverse lookups from an email or phone, full person and company enrichment, and an agentic QA researcher that answers free-form questions about a person or company. All returned as clean structured JSON, every field source-backed." -] -} -], -"minPilotVersion": "1.10.0", -"runtimes": [ -"go" -], -"protection": "shareable", -"publishedAt": "2026-06-21", -"grants": [ -"fs.read:$APP/config.json", -"key.sign:self", -"net.dial:broker.pilotprotocol.network", -"audit.log:*" -], -"inCatalogue": true -}, -"io.pilot.plainweb": { -"name": "Plainweb", -"tagline": "Any web page as clean Markdown \u2014 no HTML, no JS, one call", -"description": "Plainweb is a Pilot-owned URL\u2192Markdown service: give it any web page and get back clean, accurate Markdown \u2014 no HTML, no JavaScript, just plain text structured as Markdown.\n\nWhat an agent gets:\n- **One call** \u2014 `plainweb.fetch(url)` fetches the page and returns it as Markdown (GFM tables, fenced code with language, task lists). The target URL goes straight in the path.\n- **Accurate extraction** \u2014 a cost-aware static\u2192headless-Chrome fetch ladder (most pages never launch Chrome), go-readability primary (preserves code blocks and tables) with go-trafilatura fallback, converted via html-to-markdown v2.\n- **Scheme-less OK** \u2014 bare hosts like `example.com` are sanitized to `https://`.\n\nGood to know:\n- **Free and open \u2014 no API key required.** Public endpoints are open to every caller.\n- **Rate limit:** anonymous callers get **1000 requests/second** (burst 2000); a master key only elevates a caller past that limit.\n- The reply is `text/markdown`, returned by the adapter as `{ \"content_type\", \"content\" }` (the Markdown is in `content`).\n- In-house Pilot Protocol tool, deployed on Cloud Run.", -"vendor": "Pilot Protocol", -"vendorUrl": "https://pilotprotocol.network", -"license": "Proprietary", -"sourceUrl": "https://github.com/pilot-protocol/plainweb", -"homepage": "https://pilotprotocol.network", -"version": "1.0.0", -"categoriesRaw": [ -"web", -"content", -"markdown" -], -"keywords": [ -"plainweb", -"markdown", -"web", -"fetch", -"scrape", -"extract", -"readability", -"html", -"url", -"content" -], -"bundleBytes": 5035085, -"installedBytes": 8625202, -"changelog": [ -{ -"version": "1.0.0", -"notes": [ -"Released v1.0.0" -] -} -], -"minPilotVersion": "1.0.0", -"runtimes": [ -"go" -], -"protection": "shareable", -"publishedAt": null, -"grants": [ -"fs.read:$APP/config.json", -"net.dial:plainweb-hu4fob755a-uc.a.run.app", -"audit.log:*" -], -"inCatalogue": true -}, -"io.pilot.miren": { -"name": "Miren", -"tagline": "Operate the Miren PaaS from an agent: deploy apps, run the server, and debug them", -"description": "Miren is a deployment platform for small teams. This app is the app-store front door for the `miren` CLI, letting an agent drive a Miren PaaS over IPC.\n\nWhat an agent gets:\n- **Deploy lifecycle** \u2014 `miren.deploy` (non-interactive build + deploy), `miren.deploy.analyze` (detect the stack/services without building), and `miren.rollback`.\n- **Inspect apps** \u2014 `miren.apps`, `miren.app` (status), `miren.app.history`, and `miren.logs` (JSON).\n- **Server & diagnostics** \u2014 `miren.server.install`/`miren.server.status`, `miren.doctor`, `miren.whoami`, and `miren.debug.connection`/`miren.debug.advertise`.\n- **Full CLI surface** \u2014 `miren.exec` runs any verbatim `miren` argv (addon, auth, env, route, cluster, disk, sandbox, and more).\n\nGood to know:\n- Structured JSON is returned wherever the CLI offers it (e.g. pass `--json`).\n- Discover the live surface at runtime with `miren.help` \u2014 every method, its parameters, and its latency class (fast / med / slow).\n- Server-side commands need a configured cluster; without one, calls return a structured error (`{stdout,stderr,exit}`) telling the agent what to do next.\n- Runs on macOS and Linux (arm64 + amd64); the miren CLI is staged and sha-pinned on install.", -"vendor": "Miren", -"vendorUrl": "https://miren.dev", -"license": "Proprietary", -"sourceUrl": "https://github.com/mirendev", -"homepage": "https://miren.dev", -"version": "0.1.0", -"categoriesRaw": [ -"infrastructure", -"devops", -"platform" -], -"keywords": [ -"miren", -"paas", -"deploy", -"server", -"debug", -"infrastructure", -"devops", -"logs", -"apps", -"cli" -], -"bundleBytes": 2850932, -"installedBytes": 5020350, -"changelog": [ -{ -"version": "0.1.0", -"notes": [ -"Operate the Miren PaaS from an agent: deploy and roll back apps; inspect status, logs, and history; run the server; and diagnose connectivity \u2014 plus a passthrough exec for any miren subcommand." -] -} -], -"minPilotVersion": "1.0.0", -"runtimes": [ -"go" -], -"protection": null, -"publishedAt": null, -"grants": [], -"inCatalogue": true -}, -"io.pilot.otto": { -"name": "Otto", -"tagline": "Drive real Chrome tabs from an agent \u2014 extract, automate, screenshot, no headless farm", -"description": "Otto is secure remote browser automation. A controller CLI sends commands over an authenticated WebSocket to a relay daemon, which routes them to a Chrome extension running on live tabs. Code drives the browser deterministically; the agent decides what to do, not how to click.\n\nWhat an agent gets:\n- **Content extraction** \u2014 `otto.extract` / `otto.extract.format` turn a URL into clean markdown, distilled/clean/raw HTML, or text through a real tab.\n- **Site commands** \u2014 `otto.test` runs registered actions on real sessions (Reddit/LinkedIn `getPosts`, Hacker News `getFrontPage`, Google `getSearchResults`, \u2026); `otto.commands` lists what a node exposes.\n- **Page & tab control** \u2014 `otto.screenshot` (viewport or full page) and `otto.cmd` for low-level primitives (tab open/navigate/query, DOM extract).\n- **Status & diagnostics** \u2014 `otto.status` (relay + connected nodes), `otto.client.status`, `otto.authcode`, `otto.extension.info`, `otto.logs`/`otto.logs.status`, `otto.agent.status` \u2014 all JSON.\n- **Full CLI surface** \u2014 `otto.exec` runs any verbatim otto argv.\n\nGood to know:\n- Returns JSON wherever the CLI offers it; discover the live surface at runtime with `otto.help` \u2014 every method, its parameters, and its latency class (fast / med / slow).\n- Real browser tabs, not a headless farm \u2014 no Docker, Puppeteer farm, or cloud-browser rental.\n- Prerequisite stack on the host: a running relay (`otto start`), Chrome with the Otto extension loaded and paired as a node, and a logged-in controller. Until that is up, page commands return a structured error (`{stdout,stderr,exit}`); `otto.status` is the right preflight.\n- Runs on macOS and Linux (arm64 + amd64); the otto CLI is staged as a self-contained binary and sha-pinned on install. Free and open source (MIT) \u2014 no payment, no per-call limit.", -"vendor": "Telepat", -"vendorUrl": "https://telepat.io", -"license": "MIT", -"sourceUrl": "https://github.com/telepat-io/otto", -"homepage": "https://docs.telepat.io/otto", -"version": "0.20.0", -"categoriesRaw": [ -"automation", -"browser", -"web" -], -"keywords": [ -"otto", -"browser", -"automation", -"chrome", -"scraping", -"extract", -"markdown", -"screenshot", -"agent", -"web", -"relay", -"extension" -], -"bundleBytes": 5355850, -"installedBytes": 9633952, -"changelog": [ -{ -"version": "0.20.0", -"notes": [ -"Released v0.20.0" -] -} -], -"minPilotVersion": "1.0.0", -"runtimes": [ -"go" -], -"protection": null, -"publishedAt": null, -"grants": [], -"inCatalogue": true -}, -"io.pilot.wallet": { -"name": "Wallet", -"tagline": "On-overlay USDC payments across Base, Ethereum, and Polygon", -"description": "The Pilot reference wallet brings x402 + EIP-3009 USDC payments to the overlay, with spend caps the supervisor enforces. One secp256k1 address works across all three USDC mainnets (Base, Ethereum, Polygon); per-chain RPC is configurable via PILOT_EVM_RPC_.\n\nInstalling this app lets other apps and agents settle payments without leaving the network. Spend caps declared in the manifest are reviewed at install time and enforced on every signing operation \u2014 see `pilotctl appstore caps io.pilot.wallet`.", -"vendor": "Pilot Protocol", -"vendorUrl": "https://pilotprotocol.network", -"license": "AGPL-3.0-or-later", -"sourceUrl": "https://github.com/pilot-protocol/wallet", -"homepage": "https://pilotprotocol.network", -"version": "0.3.3", -"categoriesRaw": [ -"payments", -"crypto", -"finance" -], -"keywords": [ -"usdc", -"x402", -"eip-3009", -"evm", -"base", -"ethereum", -"polygon", -"payments" -], -"bundleBytes": 9110758, -"installedBytes": null, -"changelog": [ -{ -"version": "0.3.3", -"date": "2026-06-08", -"notes": [ -"Default --evm-chains expands to 8453,1,137 so supervised wallets get all three USDC mainnets out of the box", -"PILOT_EVM_CHAINS env overrides the default chain set" -] -}, -{ -"version": "0.3.2", -"date": "2026-06-08", -"notes": [ -"Multichain EVM: same secp256k1 address across Base, Ethereum, Polygon", -"New wallet.evm.chains method; all evm.* methods accept an optional chain_id", -"Per-chain RPC via PILOT_EVM_RPC_" -] -}, -{ -"version": "0.3.1", -"date": "2026-06-08", -"notes": [ -"Wired the wallet.evm.* methods into the binary (declared in v0.3.0 but unregistered)", -"Added --evm-identity, --evm-chain, --evm-rpc, --no-evm flags" -] -}, -{ -"version": "0.3.0", -"date": "2026-06-08", -"notes": [ -"Signed wallet app bundle: ed25519-signed manifest, sha256-pinned binary" -] -} -], -"minPilotVersion": "1.0.0", -"runtimes": [ -"go" -], -"protection": null, -"publishedAt": "2026-06-08T08:00:26Z", -"grants": [], -"inCatalogue": true -}, -"io.pilot.postgres": { -"name": "PostgreSQL", -"tagline": "Run and query PostgreSQL from an agent \u2014 local server lifecycle + psql, any libpq target", -"description": "# PostgreSQL (psql + local server) \u2014 native CLI for agents\n\nThis app installs the official **PostgreSQL 17.5.0** toolchain on the host and fronts it as typed methods. The bundle is a relocatable build of PostgreSQL 17.5.0 (from conda-forge, compiled from the upstream PostgreSQL sources) carrying the **complete client + server suite**: `psql`, `initdb`, `pg_ctl`, `postgres`, `createdb`, `dropdb`, `pg_isready`, `pg_dump`, `pg_restore`, `pg_dumpall`, `vacuumdb`, `pg_basebackup`. Every binary is sha-pinned and staged at install; a tiny `pg` dispatcher in the bundle routes each method to the right tool.\n\n## Two ways to use it\n\n**A) Talk to an existing PostgreSQL server.** Point the query methods at any reachable server with a libpq `uri` (or `PG*` env) \u2014 no local server needed:\n- `postgres.query` / `postgres.query_csv` \u2014 run SQL, get an aligned table or CSV.\n- `postgres.command` \u2014 backslash introspection (`\\dt`, `\\d table`, `\\du`, `\\l`, \u2026).\n- `postgres.list` \u2014 list databases. `postgres.version` / `postgres.psql_help` \u2014 client version and full `--help`.\n\n**B) Run a database locally on this machine.** The app can provision and manage its own cluster \u2014 useful for an agent that needs a throwaway or embedded Postgres:\n\n1. **Configure (one-time):** `postgres.initdb` `{ \"datadir\": \"/path/to/pgdata\" }` \u2014 creates the cluster (superuser `postgres`, local `trust` auth).\n2. **Start:** `postgres.start` `{ \"datadir\": \"/path/to/pgdata\", \"port\": \"5599\" }` \u2014 boots the server on `127.0.0.1:5599` (+ a Unix socket in the datadir), waits until ready, logs to `/postgres.log`.\n3. **Create a database:** `postgres.createdb` `{ \"port\": \"5599\", \"dbname\": \"appdb\" }`.\n4. **Use it:** `postgres.query` with `uri = \"host=127.0.0.1 port=5599 user=postgres dbname=appdb\"`.\n5. **Health / teardown:** `postgres.ready` `{ \"port\": \"5599\" }`, `postgres.status` `{ \"datadir\": \"...\" }`, `postgres.stop` `{ \"datadir\": \"...\" }`.\n\n## Configuration\n\nPostgreSQL is configuration-rich; the knobs this app exposes:\n\n- **`datadir`** \u2014 where the cluster lives. Pick a writable absolute path (e.g. `$HOME/.pilot/pgdata` or a tmp dir). One cluster can hold many databases.\n- **`port`** \u2014 TCP port for the local server (default convention `5599`). The server also listens on a Unix socket inside `datadir`.\n- **Auth** \u2014 local clusters are initialized with `trust` (no password) for convenience; for any networked use, set a password (`postgres.exec` \u2192 `psql ... -c \"ALTER ROLE postgres PASSWORD '...'\"`) and supply it via the `uri` or `PGPASSWORD`.\n- **Non-root for the server** \u2014 `postgres.initdb`/`postgres.start` run the PostgreSQL **server**, which refuses to run as the OS `root` user (a PostgreSQL safety rule). On a normal host the pilot daemon runs as your user, so this just works; only fully-root environments (e.g. some containers) need a non-root user. The query methods against a remote server are unaffected and run anywhere.\n- **`uri`** \u2014 a full libpq connection string, either `postgresql://user:secret@host:5432/dbname?sslmode=require` or `host=... port=... dbname=... user=... sslmode=...`.\n- **`PG*` env** \u2014 `PGHOST`, `PGPORT`, `PGUSER`, `PGPASSWORD`, `PGDATABASE`, `PGSSLMODE`, `PGOPTIONS`, `PGCONNECT_TIMEOUT`, `PGAPPNAME`, `PGCLIENTENCODING` are passed through to the child, so `postgres.exec` can connect with no inline credentials.\n- **Anything else** \u2014 full `postgresql.conf`/server flags are reachable via `postgres.exec` (e.g. `pg_ctl ... -o \"-c shared_buffers=256MB\"`), and per-session settings via SQL `SET`.\n\n## Good to know\n\n- Output returns verbatim where it is already clean; on a non-zero exit (SQL error, server down) the reply is `{stdout, stderr, exit}` so the caller sees everything the tool produced.\n- Runs on **macOS and Linux** (arm64 + amd64); binaries are fetched from the Pilot artifact registry and sha-pinned on install. Free and open source under the **PostgreSQL License**.\n- `postgres.help` lists every method with its latency class; this is the self-describing discovery contract.\n\n## `psql --help`\n```\npsql is the PostgreSQL interactive terminal.\n\nUsage:\n psql [OPTION]... [DBNAME [USERNAME]]\n\nGeneral options:\n -c, --command=COMMAND run only single command (SQL or internal) and exit\n -d, --dbname=DBNAME database name to connect to\n -f, --file=FILENAME execute commands from file, then exit\n -l, --list list available databases, then exit\n -v, --set=, --variable=NAME=VALUE\n set psql variable NAME to VALUE\n (e.g., -v ON_ERROR_STOP=1)\n -V, --version output version information, then exit\n -X, --no-psqlrc do not read startup file (~/.psqlrc)\n -1 (\"one\"), --single-transaction\n execute as a single transaction (if non-interactive)\n -?, --help[=options] show this help, then exit\n --help=commands list backslash commands, then exit\n --help=variables list special variables, then exit\n\nInput and output options:\n -a, --echo-all echo all input from script\n -b, --echo-errors echo failed commands\n -e, --echo-queries echo commands sent to server\n -E, --echo-hidden display queries that internal commands generate\n -L, --log-file=FILENAME send session log to file\n -n, --no-readline disable enhanced command line editing (readline)\n -o, --output=FILENAME send query results to file (or |pipe)\n -q, --quiet run quietly (no messages, only query output)\n -s, --single-step single-step mode (confirm each query)\n -S, --single-line single-line mode (end of line terminates SQL command)\n\nOutput format options:\n -A, --no-align unaligned table output mode\n --csv CSV (Comma-Separated Values) table output mode\n -F, --field-separator=STRING\n field separator for unaligned output (default: \"|\")\n -H, --html HTML table output mode\n -P, --pset=VAR[=ARG] set printing option VAR to ARG (see \\pset command)\n -R, --record-separator=STRING\n record separator for unaligned output (default: newline)\n -t, --tuples-only print rows only\n -T, --table-attr=TEXT set HTML table tag attributes (e.g., width, border)\n -x, --expanded turn on expanded table output\n -z, --field-separator-zero\n set field separator for unaligned output to zero byte\n -0, --record-separator-zero\n set record separator for unaligned output to zero byte\n\nConnection options:\n -h, --host=HOSTNAME database server host or socket directory\n -p, --port=PORT database server port\n -U, --username=USERNAME database user name\n -w, --no-password never prompt for password\n -W, --password force password prompt (should happen automatically)\n\nFor more information, type \"\\?\" (for internal commands) or \"\\help\" (for SQL\ncommands) from within psql, or consult the psql section in the PostgreSQL\ndocumentation.\n\nReport bugs to .\nPostgreSQL home page: \n```\n", -"vendor": "Pilot Protocol", -"vendorUrl": "https://pilotprotocol.network", -"license": "PostgreSQL", -"sourceUrl": "https://github.com/postgres/postgres", -"homepage": "https://www.postgresql.org/docs/17/", -"version": "17.5.0", -"categoriesRaw": [ -"database", -"data", -"sql" -], -"keywords": [ -"postgres", -"postgresql", -"psql", -"sql", -"database", -"query", -"client", -"server", -"initdb", -"libpq", -"dba" -], -"bundleBytes": null, -"installedBytes": null, -"changelog": [ -{ -"version": "17.5.0", -"notes": [ -"Native-CLI packaging of PostgreSQL 17.5.0 for the Pilot app store" -] -} -], -"minPilotVersion": "1.0.0", -"runtimes": [ -"go" -], -"protection": "guarded", -"publishedAt": null, -"grants": [], -"inCatalogue": true -}, -"io.pilot.slipstream": { -"name": "Slipstream", -"tagline": "Polymarket smart-money leaderboard, signals, and tape", -"description": "SLIPSTREAM \u2014 Polymarket smart-money leaderboard, signals, tape & opportunities (Ed25519-signed API).", -"vendor": "Pilot Protocol", -"vendorUrl": "https://pilotprotocol.network", -"license": "MIT", -"sourceUrl": "https://github.com/pilot-protocol/catalog", -"homepage": null, -"version": "1.0.0", -"categoriesRaw": [ -"finance", -"markets", -"intelligence" -], -"keywords": [ -"polymarket", -"signals", -"markets", -"leaderboard" -], -"bundleBytes": 4674914, -"installedBytes": null, -"changelog": [], -"minPilotVersion": "1.0.0", -"runtimes": [ -"go" -], -"protection": "shareable", -"publishedAt": null, -"grants": [], -"inCatalogue": true -}, -"io.telepat.ideon-free": { -"name": "Ideon (Free)", -"tagline": "Free long-form article generation for agents", -"description": "Free article generation for agents: ideon-free.generate(idea) returns a jobId; ideon-free.poll(jobId) returns the finished markdown article. A thin adapter over Ideon's ideon_write \u2014 no payment.", -"vendor": "Telepat", -"vendorUrl": "https://telepat.io", -"license": "Proprietary", -"sourceUrl": "https://telepat.io", -"homepage": "https://telepat.io", -"version": "0.3.1", -"categoriesRaw": [ -"writing", -"ai" -], -"keywords": [ -"writing", -"article", -"generate", -"markdown" -], -"bundleBytes": null, -"installedBytes": 13824, -"changelog": [ -{ -"version": "0.3.1", -"notes": [ -"Thin adapter over Ideon ideon_write \u2014 no payment" -] -} -], -"minPilotVersion": "1.0.0", -"runtimes": [ -"go" -], -"protection": "guarded", -"publishedAt": null, -"grants": [ -"audit.log:*", -"net.dial:ideon-mcp.telepat.io" -], -"inCatalogue": true -}, -"io.pilot.aegis": { -"name": "AEGIS", -"tagline": "Runtime firewall for AI agents \u2014 blocks prompt injection before your agent reads it", -"description": "AEGIS is a runtime firewall for AI agents. It inspects untrusted content reaching your agent \u2014 inbox messages, tool results, web fetches, MCP responses, skill files \u2014 and blocks prompt injection, jailbreaks, and impersonation before the agent ever sees it. Genuine status messages pass straight through.\n\nTwo layers: L1 Aho-Corasick pattern matching (pure Rust, microseconds, ~120 known attack families with homoglyph and leetspeak normalization) and L2 a local Qwen3-1.7B judge via llama.cpp \u2014 fully offline, no network. On a held-out labeled set it scores 90% recall, 95% precision, 92% F1. An 880 KB binary with an HMAC-chained audit log.", -"vendor": "Pilot Protocol", -"vendorUrl": "https://aegis.pilotprotocol.network", -"license": "MIT", -"sourceUrl": "https://github.com/pilot-protocol/aegis", -"homepage": "https://aegis.pilotprotocol.network", -"version": "0.1.3", -"categoriesRaw": [ -"security" -], -"keywords": [ -"security", -"firewall", -"prompt-injection", -"jailbreak", -"guardrail", -"defense", -"offline" -], -"bundleBytes": 901072, -"installedBytes": null, -"changelog": [ -{ -"version": "0.1.3", -"notes": [ -"Runtime firewall: L1 Aho-Corasick patterns + L2 local Qwen3-1.7B judge", -"Fully offline \u2014 no network", -"HMAC-chained audit log; 90% recall / 95% precision on the held-out set" -] -} -], -"minPilotVersion": "1.0.0", -"runtimes": [ -"rust" -], -"protection": "guarded", -"publishedAt": null, -"grants": [ -"fs.read:*", -"fs.write:$HOME/.aegis", -"audit.log:*" -], -"platforms": [ -"darwin-arm64", -"linux-amd64", -"linux-arm64" -], -"inCatalogue": true + "io.pilot.docker": { + "name": "Docker", + "tagline": "Run Docker from an agent — a local Docker Engine + CLI on Linux, real containers", + "description": "# Docker (Engine + CLI) — native CLI for agents (Linux)\n\nThis app installs the official **Docker 29.6.1** static distribution on a Linux host and fronts it as typed\nmethods. The bundle carries the full **Docker Engine** — `dockerd`, `containerd`, `runc`, `containerd-shim-runc-v2`,\n`docker-proxy`, `docker-init`, `ctr` — plus the `docker` CLI, each sha-pinned and staged at install. A small\n`dockerctl` wrapper manages the engine lifecycle and fronts the CLI.\n\n## Linux only\n\nDocker containers require Linux kernel features (namespaces, cgroups, overlayfs) — there is **no native macOS\n`dockerd`** (Docker Desktop runs the engine inside a hidden Linux VM). This app therefore targets **Linux (amd64 +\narm64)**. `docker.engine_start` runs a real daemon and requires **root** (the pilot host must run as root, e.g. in a\ncontainer or VM). To use Docker against an existing daemon instead, set `DOCKER_HOST` and skip `engine_start`.\n\n## The usual flow\n\n1. **Start the engine:** `docker.engine_start` `{}` — boots `dockerd` on a private socket under `DOCKER_DIR`\n (default `/tmp/pilot-docker`), waits until the API is ready.\n2. **Pull + run:** `docker.pull` `{ \"image\": \"hello-world\" }`, then `docker.run` `{ \"image\": \"hello-world\" }`.\n3. **Inspect:** `docker.ps`, `docker.images`, `docker.logs`, `docker.info`.\n4. **Anything else:** `docker.exec` `{ \"args\": [\"run\",\"-d\",\"-p\",\"8080:80\",\"nginx\"] }` — any docker command with any flags.\n5. **Stop:** `docker.engine_stop`.\n\n## Methods\n\n- `docker.engine_start` / `docker.engine_stop` — local Docker Engine lifecycle (root).\n- `docker.version`, `docker.info` — client/server versions and system info.\n- `docker.ps`, `docker.images`, `docker.logs` — inspect containers/images/logs.\n- `docker.pull` / `docker.run` — pull an image / run a container (`--rm`).\n- `docker.exec` — the docker CLI with a verbatim argv (+ optional stdin): run with any flags, `build`, `exec`,\n networks, volumes, compose plugins, etc.\n- `docker.cli_help` — the full `docker --help`. `docker.help` — the self-describing method list.\n\n## Configuration\n\n- **`DOCKER_DIR`** (env) — where dockerd keeps its socket, data-root, exec-root, pidfile, and log\n (default `/tmp/pilot-docker`).\n- **`DOCKER_HOST`** (env) — point the CLI at an existing/remote daemon instead of the bundled one\n (`tcp://host:2375` or `unix:///path`); when set, skip `docker.engine_start`.\n- **Root** — `dockerd` needs root and kernel container support. Works on a Linux host/VM/privileged container where\n the pilot daemon runs as root; not on a restricted, capability-stripped sandbox.\n- **Storage driver** — defaults to `overlay2`; pass an alternative via `docker.exec`\n (`{\"args\":[\"engine-start\",\"--storage-driver\",\"vfs\"]}`) on filesystems where overlay2 is unavailable.\n\n## Good to know\n\n- Free and open source (Apache-2.0). Binaries are the official Docker static release, repackaged unmodified.\n- Output returns verbatim; on a non-zero exit the reply is `{stdout, stderr, exit}`.\n\n## docker --help\n```\nDocker CLI — commands and options\n=================================\n\nDocker runs applications in containers. This app delivers the Docker Engine\n(dockerd + containerd + runc) and the docker CLI. Start a local engine with\n'engine-start', then use any docker command.\n\nUsage: docker [OPTIONS] COMMAND\n\nA self-sufficient runtime for containers\n\nCommon Commands:\n run Create and run a new container from an image\n exec Execute a command in a running container\n ps List containers\n build Build an image from a Dockerfile\n pull Download an image from a registry\n push Upload an image to a registry\n images List images\n login Authenticate to a registry\n logout Log out from a registry\n search Search Docker Hub for images\n version Show the Docker version information\n info Display system-wide information\n\nManagement Commands:\n builder Manage builds\n compose* Docker Compose\n container Manage containers\n context Manage contexts\n image Manage images\n manifest Manage Docker image manifests and manifest lists\n network Manage networks\n plugin Manage plugins\n system Manage Docker\n volume Manage volumes\n\nSwarm Commands:\n swarm Manage Swarm\n\nCommands:\n attach Attach local standard input, output, and error streams to a running container\n commit Create a new image from a container's changes\n cp Copy files/folders between a container and the local filesystem\n create Create a new container\n diff Inspect changes to files or directories on a container's filesystem\n events Get real time events from the server\n export Export a container's filesystem as a tar archive\n history Show the history of an image\n import Import the contents from a tarball to create a filesystem image\n inspect Return low-level information on Docker objects\n kill Kill one or more running containers\n load Load an image from a tar archive or STDIN\n logs Fetch the logs of a container\n pause Pause all processes within one or more containers\n port List port mappings or a specific mapping for the container\n rename Rename a container\n restart Restart one or more containers\n rm Remove one or more containers\n rmi Remove one or more images\n save Save one or more images to a tar archive (streamed to STDOUT by default)\n start Start one or more stopped containers\n stats Display a live stream of container(s) resource usage statistics\n stop Stop one or more running containers\n tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE\n top Display the running processes of a container\n unpause Unpause all processes within one or more containers\n update Update configuration of one or more containers\n wait Block until one or more containers stop, then print their exit codes\n\nGlobal Options:\n --config string Location of client config files (default\n \"/Users/alexgodo/.docker\")\n -c, --context string Name of the context to use to connect to the\n daemon (overrides DOCKER_HOST env var and\n default context set with \"docker context use\")\n -D, --debug Enable debug mode\n -H, --host string Daemon socket to connect to\n -l, --log-level string Set the logging level (\"debug\", \"info\",\n \"warn\", \"error\", \"fatal\") (default \"info\")\n --tls Use TLS; implied by --tlsverify\n --tlscacert string Trust certs signed only by this CA (default\n \"/Users/alexgodo/.docker/ca.pem\")\n --tlscert string Path to TLS certificate file (default\n \"/Users/alexgodo/.docker/cert.pem\")\n --tlskey string Path to TLS key file (default\n \"/Users/alexgodo/.docker/key.pem\")\n --tlsverify Use TLS and verify the remote\n -v, --version Print version information and quit\n\nRun 'docker COMMAND --help' for more information on a command.\n\nFor more help on how to use Docker, head to https://docs.docker.com/go/guides/\n```\n", + "vendor": "Pilot Protocol", + "vendorUrl": "https://pilotprotocol.network", + "license": "Apache-2.0", + "sourceUrl": "https://github.com/moby/moby", + "homepage": "https://www.docker.com", + "version": "29.6.1", + "categoriesRaw": [ + "devops", + "containers", + "runtime", + "data" + ], + "keywords": [ + "docker", + "containers", + "dockerd", + "moby", + "containerd", + "runc", + "oci", + "devops", + "engine", + "images" + ], + "bundleBytes": 5352665, + "installedBytes": 9624816, + "changelog": [ + { + "version": "29.6.1", + "notes": [ + "Released v29.6.1" + ] + } + ], + "minPilotVersion": "1.0.0", + "runtimes": [ + "go" + ], + "protection": null, + "publishedAt": null, + "grants": [], + "inCatalogue": true + }, + "io.pilot.duckdb": { + "name": "DuckDB", + "tagline": "Run DuckDB from an agent — in-process analytical SQL over files, no server, no provisioning", + "description": "# DuckDB — in-process analytical SQL, native CLI for agents\n\nThis app installs the official **DuckDB 1.5.4** command-line shell on the host and fronts it as typed\nmethods. The bundle is the upstream DuckDB CLI binary (sha-pinned per OS/arch, fetched from the Pilot\nartifact registry at install) plus a tiny wrapper that serves a clean, complete `--help`.\n\nDuckDB is an **in-process** OLAP database — \"SQLite for analytics.\" There is **no server, no daemon, no\nport, no auth, and nothing to provision**: an agent opens an in-memory database (`:memory:`) or a single\n`.duckdb` file like any other file. That posture is exactly right for an autonomous agent working in its\nown sandbox with no cloud account.\n\n## Why an agent wants this\n\n- **Zero provisioning.** No `initdb`, no server lifecycle, no credentials, no \"is the daemon up?\" state.\n Run SQL against `:memory:` or a file and you're done.\n- **Query files in place — the killer feature.** Point SQL straight at CSV, Parquet, or JSON on disk with\n no load step: `SELECT region, sum(amount) FROM '/data/*.parquet' GROUP BY region`. The file *is* the table.\n- **Fast analytics on a laptop.** A columnar, vectorized engine: aggregations and joins over millions of\n rows run quickly in a single process, in the agent's own context.\n- **Agent-friendly output.** Get results as an aligned table, **CSV**, **JSON**, or **Markdown** — pick the\n shape that parses cleanly or drops straight into a report.\n- **Full SQL.** Window functions, CTEs, nested types (lists/structs/maps), `COPY` to/from Parquet/CSV, and\n a rich function library.\n- **Self-contained + offline.** One binary, no dependencies; the core CSV/Parquet/JSON readers are built in,\n so the common cases need no network and no extensions.\n\n## Methods\n\n- `duckdb.query` — run SQL, get an aligned `box` table (default). In-memory or against a file.\n- `duckdb.query_csv` / `duckdb.query_json` / `duckdb.query_markdown` — same, as CSV / JSON / Markdown.\n- `duckdb.file` — execute a `.sql` script file (migrations, ETL, multi-statement setup).\n- `duckdb.tables` — list every table and view (`SHOW ALL TABLES`).\n- `duckdb.schema` — print the `CREATE` DDL for the database (`.schema`).\n- `duckdb.exec` — run the CLI with a verbatim argv (+ optional stdin) for any flag, output mode, or\n dot-command the curated methods don't cover (`.mode`, `.import`, `.export`, `.read`, `-init`, …).\n- `duckdb.cli_help` — the complete CLI help: every option **and** every dot-command, as clean text.\n- `duckdb.version` — the delivered DuckDB version. `duckdb.help` — the self-describing method list.\n\n## How to use it\n\n1. **Quick analysis (no setup):** `duckdb.query` `{ \"database\": \":memory:\", \"sql\": \"SELECT count(*) FROM '/data/events.parquet'\" }`.\n2. **Persistent database:** point `database` at a file path (`/work/app.duckdb`); it's created on first use and\n persists. The same file holds many tables/schemas.\n3. **Parse the output:** use `duckdb.query_json` (array of row objects) or `duckdb.query_csv`.\n4. **Anything else:** `duckdb.exec` `{ \"args\": [\":memory:\", \"-cmd\", \".import /data/in.csv t\", \"-c\", \"SELECT count(*) FROM t\"] }`.\n\n## Configuration\n\n- **`database`** — `:memory:` (ephemeral, no provisioning) or an absolute path to a `.duckdb`/`.db` file\n (created on first use, persists, holds many tables). Independent of this, the SQL can read/write CSV,\n Parquet, and JSON files anywhere on disk.\n- **Output mode** — choose the method (`query` box / `query_csv` / `query_json` / `query_markdown`), or any\n other mode via `duckdb.exec` (`-line`, `-html`, `-ascii`, `-jsonlines`, …).\n- **Extensions** — Parquet/CSV/JSON readers are built in. Network-backed extensions (e.g. `httpfs` for S3/HTTP\n Parquet) are loadable via `duckdb.exec` (`INSTALL httpfs; LOAD httpfs;`) where the host allows egress; the\n local-only path needs neither.\n- **Read-only** — open a database without write access via `duckdb.exec` (`-readonly`).\n\n## Good to know\n\n- Output returns verbatim where it's already clean; on a non-zero exit (SQL error) the reply is\n `{stdout, stderr, exit}` so the caller sees everything the CLI produced.\n- Runs on **macOS and Linux** (arm64 + amd64); the binary is fetched from the Pilot artifact registry and\n sha-pinned on install. Free and open source under the **MIT License**.\n- `duckdb.help` lists every method with its latency class — the self-describing discovery contract.\n\n## DuckDB CLI help (`duckdb.cli_help`)\n```\nDuckDB CLI — command-line options and meta-commands\n===================================================\n\nDuckDB is an in-process analytical SQL database (think \"SQLite for analytics\").\nThe CLI runs SQL against an in-memory database (use ':memory:') or a database\nfile, and can query CSV, Parquet, and JSON files directly with no import step,\ne.g. SELECT * FROM 'data/*.parquet' WHERE ... — the file IS the table.\n\nUSAGE: duckdb [OPTIONS] [DATABASE_FILE] [SQL]\n\nDATABASE_FILE is a DuckDB database; it is created if it does not exist.\nUse ':memory:' for an ephemeral in-memory database.\n\n------------------------------------------------------------------------------\nCOMMAND-LINE OPTIONS (duckdb -help)\n------------------------------------------------------------------------------\n\nOPTIONS:\n -ascii set output mode to 'ascii'\n -bail stop after hitting an error\n -batch force batch I/O'\n -box set output mode to 'box'\n -column set output mode to 'column'\n -cmd COMMAND run \"COMMAND\" before reading stdin\n -csv set output mode to 'csv'\n -c COMMAND run \"COMMAND\" and exit\n -dark-mode use dark mode colors\n -echo print commands before execution\n -f FILENAME read/process named file and exit\n -init FILENAME read/process named file\n -header turn headers on\n -h show help message\n -help show help message\n -html set output mode to HTML\n -interactive force interactive I/O\n -json set output mode to 'json'\n -jsonlines set output mode to 'jsonlines'\n -light-mode use light mode colors\n -line set output mode to 'line'\n -list set output mode to 'list'\n -markdown set output mode to 'markdown'\n -newline SEP set output row separator. Default: '\\n'\n -no-init skip processing the init file\n -no-stdin exit after processing options instead of reading stdin\n -noheader turn headers off\n -nullvalue TEXT set text string for NULL values. Default 'NULL'\n -quote set output mode to 'quote'\n -readonly open the database read-only\n -s COMMAND run \"COMMAND\" and exit\n -safe enable safe-mode\n -separator SEP set output column separator. Default: '|'\n -storage-version VER database storage compatibility version to use. Default: 'v0.10.0'\n -table set output mode to 'table'\n -ui launches a web interface using the ui extension (configurable with .ui_command)\n -unredacted allow printing unredacted secrets\n -unsigned allow loading of unsigned extensions\n -version show DuckDB version\n\n------------------------------------------------------------------------------\nDOT-COMMANDS (meta-commands; usable inside the shell or via -cmd \"...\")\n------------------------------------------------------------------------------\n.bail on|off Stop after hitting an error. Default OFF\n.binary on|off Turn binary output on or off. Default OFF\n.cd DIRECTORY Change the working directory to DIRECTORY\n.changes on|off Show number of rows changed by SQL\n.columns Column-wise rendering of query results\n.decimal_sep SEP Sets the decimal separator used when rendering numbers. Only for duckbox mode.\n.databases List names and files of attached databases\n.dump ?TABLE? Render database content as SQL\n.display_colors [bold|underline] Display all terminal colors and their names\n.echo on|off Turn command echo on or off\n.edit Opens an external text editor to edit a query.\n.excel Display the output of next command in spreadsheet\n.exit ?CODE? Exit this program with return-code CODE\n.headers on|off Turn display of headers on or off\n.help ?-all? ?PATTERN? Show help text for PATTERN\n.highlight on|off Toggle syntax highlighting in the shell on/off\n.highlight_colors OPTIONS Configure highlighting colors\n.highlight_errors on|off Turn highlighting of errors on or off\n.highlight_mode mixed|dark|light Toggle the highlight mode to dark or light mode\n.highlight_results on|off Turn highlighting of results on or off\n.import FILE TABLE Import data from FILE into TABLE\n.indexes ?TABLE? Show names of indexes\n.last Render the last result without truncating\n.large_number_rendering MODE Toggle readable rendering of large numbers (duckbox only)\n.log FILE|off Turn logging on or off. FILE can be stderr/stdout\n.maxrows COUNT Sets the maximum number of rows for display (default: 40). Only for duckbox mode.\n.maxwidth COUNT Sets the maximum width in characters. 0 defaults to terminal width. Only for duckbox mode.\n.mode MODE ?TABLE? Set output mode\n.multiline Sets the render mode to multi-line\n.nullvalue STRING Use STRING in place of NULL values\n.open ?OPTIONS? ?FILE? Close existing database and reopen FILE\n.once ?FILE? Output for the next SQL command only to FILE\n.output ?FILE? Send output to FILE or stdout if FILE is omitted\n.pager OPTIONS Control pager usage for output\n.print STRING... Print literal STRING\n.progress_bar OPTIONS Configure the progress bar display\n.prompt MAIN CONTINUE Replace the standard prompts\n.quit Exit this program\n.read FILE Read input from FILE\n.read_line_version linenoise|fallback Sets the library used for processing interactive input\n.render_completion on|off Toggle displaying of completion prompts in the shell on/off\n.render_errors on|off Toggle rendering of errors in the shell on/off\n.rows Row-wise rendering of query results (default)\n.safe_mode Enable safe-mode\n.separator COL ?ROW? Change the column and row separators\n.schema ?PATTERN? Show the CREATE statements matching PATTERN\n.shell CMD ARGS... Run CMD ARGS... in a system shell\n.show Show the current values for various settings\n.singleline Sets the render mode to single-line\n.startup_text none|version|all Start-up text to display. Set this as the first line in .duckdbrc\n.system CMD ARGS... Run CMD ARGS... in a system shell\n.tables ?TABLE? List names of tables matching LIKE pattern TABLE\n.thousand_sep SEP Sets the thousand separator used when rendering numbers. Only for duckbox mode.\n.timer on|off Turn SQL timer on or off\n.ui_command [command] Set the UI command\n.version Show the version\n.width NUM1 NUM2 ... Set minimum column widths for columnar output\n\nRun .help --all for extended information\nRun .help shortcuts for keyboard shortcuts\n```\n", + "vendor": "Pilot Protocol", + "vendorUrl": "https://pilotprotocol.network", + "license": "MIT", + "sourceUrl": "https://github.com/duckdb/duckdb", + "homepage": "https://duckdb.org", + "version": "1.5.4", + "categoriesRaw": [ + "database", + "data", + "sql", + "analytics" + ], + "keywords": [ + "duckdb", + "sql", + "olap", + "analytics", + "parquet", + "csv", + "json", + "query", + "in-process", + "columnar", + "database", + "embedded" + ], + "bundleBytes": 5353407, + "installedBytes": 9624599, + "changelog": [ + { + "version": "1.5.4", + "notes": [ + "Released v1.5.4" + ] + } + ], + "minPilotVersion": "1.0.0", + "runtimes": [ + "go" + ], + "protection": null, + "publishedAt": null, + "grants": [], + "inCatalogue": true + }, + "io.pilot.redis": { + "name": "Redis", + "tagline": "Run Redis from an agent — start a local in-memory store and run any command with redis-cli", + "description": "# Redis (server + redis-cli) — native CLI for agents\n\nThis app installs the official **Redis 8.6.2** server and client on the host and fronts them as\ntyped methods. The bundle is a relocatable build of Redis 8.6.2 (from conda-forge, AGPL-3.0)\ncarrying `redis-server`, `redis-cli`, `redis-benchmark`, `redis-check-rdb`, `redis-check-aof`, and\n`redis-sentinel`; every binary is sha-pinned and staged at install, and a tiny `redis` dispatcher routes\neach method to the right tool. Binaries are fetched from the Pilot artifact registry on **macOS and Linux**\n(arm64 + amd64).\n\nRedis is an **in-memory data-structure store** — strings, hashes, lists, sets, sorted sets, streams, plus\npub/sub and transactions. There is no cluster to provision: an agent starts a throwaway local server and\nuses it as a cache, a fast key-value DB, or a coordination/queue primitive.\n\n## Run a Redis locally — the usual flow\n\n1. **Start:** `redis.start` `{ \"port\": \"6399\", \"dir\": \"/tmp\" }` — boots a daemonized server on\n `127.0.0.1:6399`, with pidfile/logfile/RDB under `dir`.\n2. **Health:** `redis.ping` `{ \"port\": \"6399\" }` → `PONG`.\n3. **Use it:** `redis.set` / `redis.get`, `redis.info`, `redis.dbsize`, or **any** command via\n `redis.exec` `{ \"args\": [\"redis-cli\",\"-p\",\"6399\",\"ZADD\",\"board\",\"100\",\"alice\"] }`.\n4. **Stop:** `redis.stop` `{ \"port\": \"6399\" }`.\n\n## Methods\n\n- `redis.start` / `redis.stop` — local server lifecycle (daemonized; per-port pidfile/logfile).\n- `redis.ping` — liveness (PONG). `redis.info` — full server INFO. `redis.dbsize` — key count.\n- `redis.set` / `redis.get` — string get/set convenience.\n- `redis.exec` — run any tool with a verbatim argv (+ optional stdin) — every Redis command, pipelined\n batches, benchmarks, RDB/AOF checks, sentinel.\n- `redis.cli_help` — the complete `redis-cli --help`. `redis.version` — the delivered version.\n `redis.help` — the self-describing method list.\n\n## Configuration\n\n- **`port`** — TCP port for the local server (convention `6399`). Bound to `127.0.0.1`.\n- **`dir`** — an existing writable directory for the pidfile, logfile, and RDB snapshot; pass `/tmp` for a\n throwaway server, or a path you control for persistence (the RDB lives at `/dump.rdb`).\n- **Persistence** — `redis.stop` does `SHUTDOWN NOSAVE`; run `redis.exec` with `SAVE`/`BGSAVE` first if you\n need the dataset on disk. Any redis.conf directive is reachable as a `--flag` via\n `redis.exec` (`redis-server --port ... --maxmemory 256mb --maxmemory-policy allkeys-lru ...`).\n- **Auth** — local servers are open by default; set `--requirepass` (via `redis.exec` on start) and pass the\n password through the `REDISCLI_AUTH` env var (forwarded to the child) or `-a` on `redis.exec`.\n\n## Good to know\n\n- Output returns verbatim where it is already clean; on a non-zero exit the reply is `{stdout, stderr, exit}`.\n- Free and open source under the **AGPL-3.0** license (Redis 8.x). Repackaged unmodified from conda-forge.\n\n## redis-cli / redis-server help\n```\nRedis CLI help — redis-cli and redis-server\n===========================================\n\nRedis is an in-memory data-structure store (cache, database, message broker).\nThis app fronts the Redis server + redis-cli as agent methods: start a local\nserver, then SET/GET/PING/INFO or run any command via redis.exec.\n\n------------------------------------------------------------------------------\nredis-cli --help\n------------------------------------------------------------------------------\nredis-cli 8.6.2\n\nUsage: redis-cli [OPTIONS] [cmd [arg [arg ...]]]\n -h Server hostname (default: 127.0.0.1).\n -p Server port (default: 6379).\n -t Server connection timeout in seconds (decimals allowed).\n Default timeout is 0, meaning no limit, depending on the OS.\n -s Server socket (overrides hostname and port).\n -a Password to use when connecting to the server.\n You can also use the REDISCLI_AUTH environment\n variable to pass this password more safely\n (if both are used, this argument takes precedence).\n --user Used to send ACL style 'AUTH username pass'. Needs -a.\n --pass Alias of -a for consistency with the new --user option.\n --askpass Force user to input password with mask from STDIN.\n If this argument is used, '-a' and REDISCLI_AUTH\n environment variable will be ignored.\n -u Server URI on format redis://user:password@host:port/dbnum\n User, password and dbnum are optional. For authentication\n without a username, use username 'default'. For TLS, use\n the scheme 'rediss'.\n -r Execute specified command N times.\n -i When -r is used, waits seconds per command.\n It is possible to specify sub-second times like -i 0.1.\n This interval is also used in --scan and --stat per cycle.\n and in --bigkeys, --memkeys, --keystats, and --hotkeys per 100 cycles.\n -n Database number.\n --name Set the client name.\n -2 Start session in RESP2 protocol mode.\n -3 Start session in RESP3 protocol mode.\n -x Read last argument from STDIN (see example below).\n -X Read argument from STDIN (see example below).\n -d Delimiter between response bulks for raw formatting (default: \\n).\n -D Delimiter between responses for raw formatting (default: \\n).\n -c Enable cluster mode (follow -ASK and -MOVED redirections).\n -e Return exit error code when command execution fails.\n -4 Prefer IPv4 over IPv6 on DNS lookup.\n -6 Prefer IPv6 over IPv4 on DNS lookup.\n --tls Establish a secure TLS connection.\n --sni Server name indication for TLS.\n --cacert CA Certificate file to verify with.\n --cacertdir Directory where trusted CA certificates are stored.\n If neither cacert nor cacertdir are specified, the default\n system-wide trusted root certs configuration will apply.\n --insecure Allow insecure TLS connection by skipping cert validation.\n --cert Client certificate to authenticate with.\n --key Private key file to authenticate with.\n --tls-ciphers Sets the list of preferred ciphers (TLSv1.2 and below)\n in order of preference from highest to lowest separated by colon (\":\").\n See the ciphers(1ssl) manpage for more information about the syntax of this string.\n --tls-ciphersuites Sets the list of preferred ciphersuites (TLSv1.3)\n in order of preference from highest to lowest separated by colon (\":\").\n See the ciphers(1ssl) manpage for more information about the syntax of this string,\n and specifically for TLSv1.3 ciphersuites.\n --raw Use raw formatting for replies (default when STDOUT is\n not a tty).\n --no-raw Force formatted output even when STDOUT is not a tty.\n --quoted-input Force input to be handled as quoted strings.\n --csv Output in CSV format.\n --json Output in JSON format (default RESP3, use -2 if you want to use with RESP2).\n --quoted-json Same as --json, but produce ASCII-safe quoted strings, not Unicode.\n --show-pushes Whether to print RESP3 PUSH messages. Enabled by default when\n STDOUT is a tty but can be overridden with --show-pushes no.\n --stat Print rolling stats about server: mem, clients, ...\n --latency Enter a special mode continuously sampling latency.\n If you use this mode in an interactive session it runs\n forever displaying real-time stats. Otherwise if --raw or\n --csv is specified, or if you redirect the output to a non\n TTY, it samples the latency for 1 second (you can use\n -i to change the interval), then produces a single output\n and exits.\n --latency-history Like --latency but tracking latency changes over time.\n Default time interval is 15 sec. Change it using -i.\n --latency-dist Shows latency as a spectrum, requires xterm 256 colors.\n Default time interval is 1 sec. Change it using -i.\n --vset-recall Enable VSIM recall test mode for the specified key\n (that must be a vector set). Random vectors are created\n mixing components from other elements. A VSIM is then\n executed and checked against ground truth.\n --vset-recall-count How many top elements to fetch per query.\n --vset-recall-ef HSNW EF (search effort) to use. Default 500.\n --vset-recall-ele Number of elements used to compose query vectors\n Default 1.\n --lru-test Simulate a cache workload with an 80-20 distribution.\n --replica Simulate a replica showing commands received from the master.\n --rdb Transfer an RDB dump from remote server to local file.\n Use filename of \"-\" to write to stdout.\n --functions-rdb Like --rdb but only get the functions (not the keys)\n when getting the RDB dump file.\n --pipe Transfer raw Redis protocol from stdin to server.\n --pipe-timeout In --pipe mode, abort with error if after sending all data.\n no reply is received within seconds.\n Default timeout: 30. Use 0 to wait forever.\n --bigkeys Sample Redis keys looking for keys with many elements (complexity).\n --memkeys Sample Redis keys looking for keys consuming a lot of memory.\n --memkeys-samples Sample Redis keys looking for keys consuming a lot of memory.\n And define number of key elements to sample\n --keystats Sample Redis keys looking for keys memory size and length (combine bigkeys and memkeys).\n --keystats-samples Sample Redis keys looking for keys memory size and length.\n And define number of key elements to sample (only for memory usage).\n --cursor Start the scan at the cursor (usually after a Ctrl-C).\n Optionally used with --keystats and --keystats-samples.\n --top To display top key sizes (default: 10).\n Optionally used with --keystats and --keystats-samples.\n --hotkeys Sample Redis keys looking for hot keys.\n only works when maxmemory-policy is *lfu.\n --scan List all keys using the SCAN command.\n --pattern Keys pattern when using the --scan, --bigkeys, --memkeys,\n --keystats or --hotkeys options (default: *).\n --count Count option when using the --scan, --bigkeys, --memkeys,\n --keystats or --hotkeys (default: 10).\n --quoted-pattern Same as --pattern, but the specified string can be\n quoted, in order to pass an otherwise non binary-safe string.\n --intrinsic-latency Run a test to measure intrinsic system latency.\n The test will run for the specified amount of seconds.\n --eval Send an EVAL command using the Lua script at .\n --ldb Used with --eval enable the Redis Lua debugger.\n --ldb-sync-mode Like --ldb but uses the synchronous Lua debugger, in\n this mode the server is blocked and script changes are\n not rolled back from the server memory.\n --cluster [args...] [opts...]\n Cluster Manager command and arguments (see below).\n --verbose Verbose mode.\n --no-auth-warning Don't show warning message when using password on command\n line interface.\n --help Output this help and exit.\n --version Output version and exit.\n\nCluster Manager Commands:\n Use --cluster help to list all available cluster manager commands.\n\nExamples:\n redis-cli -u redis://default:PASSWORD@localhost:6379/0\n cat /etc/passwd | redis-cli -x set mypasswd\n redis-cli -D \"\" --raw dump key > key.dump && redis-cli -X dump_tag restore key2 0 dump_tag replace < key.dump\n redis-cli -r 100 lpush mylist x\n redis-cli -r 100 -i 1 info | grep used_memory_human:\n redis-cli --quoted-input set '\"null-\\x00-separated\"' value\n redis-cli --eval myscript.lua key1 key2 , arg1 arg2 arg3\n redis-cli --scan --pattern '*:12345*'\n redis-cli --scan --pattern '*:12345*' --count 100\n\n (Note: when using --eval the comma separates KEYS[] from ARGV[] items)\n\nWhen no command is given, redis-cli starts in interactive mode.\nType \"help\" in interactive mode for information on available commands\nand settings.\n\n\n------------------------------------------------------------------------------\nredis-server --help\n------------------------------------------------------------------------------\nUsage: ./redis-server [/path/to/redis.conf] [options] [-]\n ./redis-server - (read config from stdin)\n ./redis-server -v or --version\n ./redis-server -h or --help\n ./redis-server --test-memory \n ./redis-server --check-system\n\nExamples:\n ./redis-server (run the server with default conf)\n echo 'maxmemory 128mb' | ./redis-server -\n ./redis-server /etc/redis/6379.conf\n ./redis-server --port 7777\n ./redis-server --port 7777 --replicaof 127.0.0.1 8888\n ./redis-server /etc/myredis.conf --loglevel verbose -\n ./redis-server /etc/myredis.conf --loglevel verbose\n\nSentinel mode:\n ./redis-server /etc/sentinel.conf --sentinel\n```\n", + "vendor": "Pilot Protocol", + "vendorUrl": "https://pilotprotocol.network", + "license": "AGPL-3.0", + "sourceUrl": "https://github.com/redis/redis", + "homepage": "https://redis.io", + "version": "8.6.2", + "categoriesRaw": [ + "database", + "cache", + "data", + "kv" + ], + "keywords": [ + "redis", + "cache", + "key-value", + "in-memory", + "database", + "kv", + "redis-cli", + "pubsub", + "streams", + "nosql" + ], + "bundleBytes": 5354616, + "installedBytes": 9625086, + "changelog": [ + { + "version": "8.6.2", + "notes": [ + "Released v8.6.2" + ] + } + ], + "minPilotVersion": "1.0.0", + "runtimes": [ + "go" + ], + "protection": null, + "publishedAt": null, + "grants": [], + "inCatalogue": true + }, + "io.pilot.cosift": { + "name": "Cosift", + "tagline": "Grounded web search, retrieval, and research for agents", + "description": "Cosift is the Pilot app-store front door for the cosift search/answer/research API. It gives an agent keyword + semantic search, document retrieval, and LLM-grounded answers and multi-step research over a crawled web corpus — returned as clean structured JSON.\n\nEvery method is discoverable at runtime via cosift.help, which reports each method's parameters and a latency class (fast / med / slow) so a caller can pick the cheapest method that fits.", + "vendor": "Pilot Protocol", + "vendorUrl": "https://pilotprotocol.network", + "license": "MIT", + "sourceUrl": "https://github.com/pilot-protocol/cosift", + "homepage": "https://pilotprotocol.network", + "version": "0.1.2", + "categoriesRaw": [ + "search", + "research", + "retrieval" + ], + "keywords": [ + "search", + "rag", + "answer", + "research", + "web", + "retrieval" + ], + "bundleBytes": 4774876, + "installedBytes": 8641298, + "changelog": [ + { + "version": "0.1.2", + "date": "2026-06-09", + "notes": [ + "cosift search/answer/research adapter with cosift.help discovery", + "Installable via the Pilot app store catalogue" + ] + } + ], + "minPilotVersion": "1.0.0", + "runtimes": [ + "go" + ], + "protection": "shareable", + "publishedAt": "2026-06-09T23:01:53Z", + "grants": [ + "fs.read:$APP/config.json", + "audit.log:*", + "net.dial:cosift.pilotprotocol.network", + "net.dial:127.0.0.1" + ], + "inCatalogue": true + }, + "io.pilot.sixtyfour": { + "name": "Sixtyfour", + "tagline": "People- and company-intelligence: contact discovery, enrichment, and agentic research.", + "description": "Sixtyfour is the app-store front door for the Sixtyfour people-intelligence and company-intelligence API. It gives an agent contact discovery (find email / find phone), reverse lookups from an email or phone, full person and company enrichment, and an agentic QA researcher that answers free-form questions about a person or company. All returned as clean structured JSON, every field source-backed.", + "vendor": "Sixtyfour", + "vendorUrl": null, + "license": "Proprietary", + "sourceUrl": "https://docs.sixtyfour.ai", + "homepage": "https://sixtyfour.ai", + "version": "0.1.0", + "categoriesRaw": [ + "data", + "enrichment", + "sales-intelligence" + ], + "keywords": [ + "enrichment", + "people", + "company", + "email", + "phone", + "lead", + "research", + "search" + ], + "bundleBytes": 4898153, + "installedBytes": 8679650, + "changelog": [ + { + "version": "0.1.0", + "notes": [ + "Sixtyfour is the app-store front door for the Sixtyfour people-intelligence and company-intelligence API. It gives an agent contact discovery (find email / find phone), reverse lookups from an email or phone, full person and company enrichment, and an agentic QA researcher that answers free-form questions about a person or company. All returned as clean structured JSON, every field source-backed." + ] + } + ], + "minPilotVersion": "1.10.0", + "runtimes": [ + "go" + ], + "protection": "shareable", + "publishedAt": "2026-06-21", + "grants": [ + "fs.read:$APP/config.json", + "key.sign:self", + "net.dial:broker.pilotprotocol.network", + "audit.log:*" + ], + "inCatalogue": true + }, + "io.pilot.plainweb": { + "name": "Plainweb", + "tagline": "Any web page as clean Markdown — no HTML, no JS, one call", + "description": "Plainweb is a Pilot-owned URL→Markdown service: give it any web page and get back clean, accurate Markdown — no HTML, no JavaScript, just plain text structured as Markdown.\n\nWhat an agent gets:\n- **One call** — `plainweb.fetch(url)` fetches the page and returns it as Markdown (GFM tables, fenced code with language, task lists). The target URL goes straight in the path.\n- **Accurate extraction** — a cost-aware static→headless-Chrome fetch ladder (most pages never launch Chrome), go-readability primary (preserves code blocks and tables) with go-trafilatura fallback, converted via html-to-markdown v2.\n- **Scheme-less OK** — bare hosts like `example.com` are sanitized to `https://`.\n\nGood to know:\n- **Free and open — no API key required.** Public endpoints are open to every caller.\n- **Rate limit:** anonymous callers get **1000 requests/second** (burst 2000); a master key only elevates a caller past that limit.\n- The reply is `text/markdown`, returned by the adapter as `{ \"content_type\", \"content\" }` (the Markdown is in `content`).\n- In-house Pilot Protocol tool, deployed on Cloud Run.", + "vendor": "Pilot Protocol", + "vendorUrl": "https://pilotprotocol.network", + "license": "Proprietary", + "sourceUrl": "https://github.com/pilot-protocol/plainweb", + "homepage": "https://pilotprotocol.network", + "version": "1.0.0", + "categoriesRaw": [ + "web", + "content", + "markdown" + ], + "keywords": [ + "plainweb", + "markdown", + "web", + "fetch", + "scrape", + "extract", + "readability", + "html", + "url", + "content" + ], + "bundleBytes": 5035085, + "installedBytes": 8625202, + "changelog": [ + { + "version": "1.0.0", + "notes": [ + "Released v1.0.0" + ] + } + ], + "minPilotVersion": "1.0.0", + "runtimes": [ + "go" + ], + "protection": "shareable", + "publishedAt": null, + "grants": [ + "fs.read:$APP/config.json", + "net.dial:plainweb-hu4fob755a-uc.a.run.app", + "audit.log:*" + ], + "inCatalogue": true + }, + "io.pilot.miren": { + "name": "Miren", + "tagline": "Operate the Miren PaaS from an agent: deploy apps, run the server, and debug them", + "description": "Miren is a deployment platform for small teams. This app is the app-store front door for the `miren` CLI, letting an agent drive a Miren PaaS over IPC.\n\nWhat an agent gets:\n- **Deploy lifecycle** — `miren.deploy` (non-interactive build + deploy), `miren.deploy.analyze` (detect the stack/services without building), and `miren.rollback`.\n- **Inspect apps** — `miren.apps`, `miren.app` (status), `miren.app.history`, and `miren.logs` (JSON).\n- **Server & diagnostics** — `miren.server.install`/`miren.server.status`, `miren.doctor`, `miren.whoami`, and `miren.debug.connection`/`miren.debug.advertise`.\n- **Full CLI surface** — `miren.exec` runs any verbatim `miren` argv (addon, auth, env, route, cluster, disk, sandbox, and more).\n\nGood to know:\n- Structured JSON is returned wherever the CLI offers it (e.g. pass `--json`).\n- Discover the live surface at runtime with `miren.help` — every method, its parameters, and its latency class (fast / med / slow).\n- Server-side commands need a configured cluster; without one, calls return a structured error (`{stdout,stderr,exit}`) telling the agent what to do next.\n- Runs on macOS and Linux (arm64 + amd64); the miren CLI is staged and sha-pinned on install.", + "vendor": "Miren", + "vendorUrl": "https://miren.dev", + "license": "Proprietary", + "sourceUrl": "https://github.com/mirendev", + "homepage": "https://miren.dev", + "version": "0.1.0", + "categoriesRaw": [ + "infrastructure", + "devops", + "platform" + ], + "keywords": [ + "miren", + "paas", + "deploy", + "server", + "debug", + "infrastructure", + "devops", + "logs", + "apps", + "cli" + ], + "bundleBytes": 2850932, + "installedBytes": 5020350, + "changelog": [ + { + "version": "0.1.0", + "notes": [ + "Operate the Miren PaaS from an agent: deploy and roll back apps; inspect status, logs, and history; run the server; and diagnose connectivity — plus a passthrough exec for any miren subcommand." + ] + } + ], + "minPilotVersion": "1.0.0", + "runtimes": [ + "go" + ], + "protection": null, + "publishedAt": null, + "grants": [], + "inCatalogue": true + }, + "io.pilot.otto": { + "name": "Otto", + "tagline": "Drive real Chrome tabs from an agent — extract, automate, screenshot, no headless farm", + "description": "Otto is secure remote browser automation. A controller CLI sends commands over an authenticated WebSocket to a relay daemon, which routes them to a Chrome extension running on live tabs. Code drives the browser deterministically; the agent decides what to do, not how to click.\n\nWhat an agent gets:\n- **Content extraction** — `otto.extract` / `otto.extract.format` turn a URL into clean markdown, distilled/clean/raw HTML, or text through a real tab.\n- **Site commands** — `otto.test` runs registered actions on real sessions (Reddit/LinkedIn `getPosts`, Hacker News `getFrontPage`, Google `getSearchResults`, …); `otto.commands` lists what a node exposes.\n- **Page & tab control** — `otto.screenshot` (viewport or full page) and `otto.cmd` for low-level primitives (tab open/navigate/query, DOM extract).\n- **Status & diagnostics** — `otto.status` (relay + connected nodes), `otto.client.status`, `otto.authcode`, `otto.extension.info`, `otto.logs`/`otto.logs.status`, `otto.agent.status` — all JSON.\n- **Full CLI surface** — `otto.exec` runs any verbatim otto argv.\n\nGood to know:\n- Returns JSON wherever the CLI offers it; discover the live surface at runtime with `otto.help` — every method, its parameters, and its latency class (fast / med / slow).\n- Real browser tabs, not a headless farm — no Docker, Puppeteer farm, or cloud-browser rental.\n- Prerequisite stack on the host: a running relay (`otto start`), Chrome with the Otto extension loaded and paired as a node, and a logged-in controller. Until that is up, page commands return a structured error (`{stdout,stderr,exit}`); `otto.status` is the right preflight.\n- Runs on macOS and Linux (arm64 + amd64); the otto CLI is staged as a self-contained binary and sha-pinned on install. Free and open source (MIT) — no payment, no per-call limit.", + "vendor": "Telepat", + "vendorUrl": "https://telepat.io", + "license": "MIT", + "sourceUrl": "https://github.com/telepat-io/otto", + "homepage": "https://docs.telepat.io/otto", + "version": "0.20.0", + "categoriesRaw": [ + "automation", + "browser", + "web" + ], + "keywords": [ + "otto", + "browser", + "automation", + "chrome", + "scraping", + "extract", + "markdown", + "screenshot", + "agent", + "web", + "relay", + "extension" + ], + "bundleBytes": 5355850, + "installedBytes": 9633952, + "changelog": [ + { + "version": "0.20.0", + "notes": [ + "Released v0.20.0" + ] + } + ], + "minPilotVersion": "1.0.0", + "runtimes": [ + "go" + ], + "protection": null, + "publishedAt": null, + "grants": [], + "inCatalogue": true + }, + "io.pilot.wallet": { + "name": "Wallet", + "tagline": "On-overlay USDC payments across Base, Ethereum, and Polygon", + "description": "The Pilot reference wallet brings x402 + EIP-3009 USDC payments to the overlay, with spend caps the supervisor enforces. One secp256k1 address works across all three USDC mainnets (Base, Ethereum, Polygon); per-chain RPC is configurable via PILOT_EVM_RPC_.\n\nInstalling this app lets other apps and agents settle payments without leaving the network. Spend caps declared in the manifest are reviewed at install time and enforced on every signing operation — see `pilotctl appstore caps io.pilot.wallet`.", + "vendor": "Pilot Protocol", + "vendorUrl": "https://pilotprotocol.network", + "license": "AGPL-3.0-or-later", + "sourceUrl": "https://github.com/pilot-protocol/wallet", + "homepage": "https://pilotprotocol.network", + "version": "0.3.3", + "categoriesRaw": [ + "payments", + "crypto", + "finance" + ], + "keywords": [ + "usdc", + "x402", + "eip-3009", + "evm", + "base", + "ethereum", + "polygon", + "payments" + ], + "bundleBytes": 9110758, + "installedBytes": null, + "changelog": [ + { + "version": "0.3.3", + "date": "2026-06-08", + "notes": [ + "Default --evm-chains expands to 8453,1,137 so supervised wallets get all three USDC mainnets out of the box", + "PILOT_EVM_CHAINS env overrides the default chain set" + ] + }, + { + "version": "0.3.2", + "date": "2026-06-08", + "notes": [ + "Multichain EVM: same secp256k1 address across Base, Ethereum, Polygon", + "New wallet.evm.chains method; all evm.* methods accept an optional chain_id", + "Per-chain RPC via PILOT_EVM_RPC_" + ] + }, + { + "version": "0.3.1", + "date": "2026-06-08", + "notes": [ + "Wired the wallet.evm.* methods into the binary (declared in v0.3.0 but unregistered)", + "Added --evm-identity, --evm-chain, --evm-rpc, --no-evm flags" + ] + }, + { + "version": "0.3.0", + "date": "2026-06-08", + "notes": [ + "Signed wallet app bundle: ed25519-signed manifest, sha256-pinned binary" + ] + } + ], + "minPilotVersion": "1.0.0", + "runtimes": [ + "go" + ], + "protection": null, + "publishedAt": "2026-06-08T08:00:26Z", + "grants": [], + "inCatalogue": true + }, + "io.pilot.postgres": { + "name": "PostgreSQL", + "tagline": "Run and query PostgreSQL from an agent — local server lifecycle + psql, any libpq target", + "description": "# PostgreSQL (psql + local server) — native CLI for agents\n\nThis app installs the official **PostgreSQL 17.5.0** toolchain on the host and fronts it as typed methods. The bundle is a relocatable build of PostgreSQL 17.5.0 (from conda-forge, compiled from the upstream PostgreSQL sources) carrying the **complete client + server suite**: `psql`, `initdb`, `pg_ctl`, `postgres`, `createdb`, `dropdb`, `pg_isready`, `pg_dump`, `pg_restore`, `pg_dumpall`, `vacuumdb`, `pg_basebackup`. Every binary is sha-pinned and staged at install; a tiny `pg` dispatcher in the bundle routes each method to the right tool.\n\n## Two ways to use it\n\n**A) Talk to an existing PostgreSQL server.** Point the query methods at any reachable server with a libpq `uri` (or `PG*` env) — no local server needed:\n- `postgres.query` / `postgres.query_csv` — run SQL, get an aligned table or CSV.\n- `postgres.command` — backslash introspection (`\\dt`, `\\d table`, `\\du`, `\\l`, …).\n- `postgres.list` — list databases. `postgres.version` / `postgres.psql_help` — client version and full `--help`.\n\n**B) Run a database locally on this machine.** The app can provision and manage its own cluster — useful for an agent that needs a throwaway or embedded Postgres:\n\n1. **Configure (one-time):** `postgres.initdb` `{ \"datadir\": \"/path/to/pgdata\" }` — creates the cluster (superuser `postgres`, local `trust` auth).\n2. **Start:** `postgres.start` `{ \"datadir\": \"/path/to/pgdata\", \"port\": \"5599\" }` — boots the server on `127.0.0.1:5599` (+ a Unix socket in the datadir), waits until ready, logs to `/postgres.log`.\n3. **Create a database:** `postgres.createdb` `{ \"port\": \"5599\", \"dbname\": \"appdb\" }`.\n4. **Use it:** `postgres.query` with `uri = \"host=127.0.0.1 port=5599 user=postgres dbname=appdb\"`.\n5. **Health / teardown:** `postgres.ready` `{ \"port\": \"5599\" }`, `postgres.status` `{ \"datadir\": \"...\" }`, `postgres.stop` `{ \"datadir\": \"...\" }`.\n\n## Configuration\n\nPostgreSQL is configuration-rich; the knobs this app exposes:\n\n- **`datadir`** — where the cluster lives. Pick a writable absolute path (e.g. `$HOME/.pilot/pgdata` or a tmp dir). One cluster can hold many databases.\n- **`port`** — TCP port for the local server (default convention `5599`). The server also listens on a Unix socket inside `datadir`.\n- **Auth** — local clusters are initialized with `trust` (no password) for convenience; for any networked use, set a password (`postgres.exec` → `psql ... -c \"ALTER ROLE postgres PASSWORD '...'\"`) and supply it via the `uri` or `PGPASSWORD`.\n- **Non-root for the server** — `postgres.initdb`/`postgres.start` run the PostgreSQL **server**, which refuses to run as the OS `root` user (a PostgreSQL safety rule). On a normal host the pilot daemon runs as your user, so this just works; only fully-root environments (e.g. some containers) need a non-root user. The query methods against a remote server are unaffected and run anywhere.\n- **`uri`** — a full libpq connection string, either `postgresql://user:secret@host:5432/dbname?sslmode=require` or `host=... port=... dbname=... user=... sslmode=...`.\n- **`PG*` env** — `PGHOST`, `PGPORT`, `PGUSER`, `PGPASSWORD`, `PGDATABASE`, `PGSSLMODE`, `PGOPTIONS`, `PGCONNECT_TIMEOUT`, `PGAPPNAME`, `PGCLIENTENCODING` are passed through to the child, so `postgres.exec` can connect with no inline credentials.\n- **Anything else** — full `postgresql.conf`/server flags are reachable via `postgres.exec` (e.g. `pg_ctl ... -o \"-c shared_buffers=256MB\"`), and per-session settings via SQL `SET`.\n\n## Good to know\n\n- Output returns verbatim where it is already clean; on a non-zero exit (SQL error, server down) the reply is `{stdout, stderr, exit}` so the caller sees everything the tool produced.\n- Runs on **macOS and Linux** (arm64 + amd64); binaries are fetched from the Pilot artifact registry and sha-pinned on install. Free and open source under the **PostgreSQL License**.\n- `postgres.help` lists every method with its latency class; this is the self-describing discovery contract.\n\n## `psql --help`\n```\npsql is the PostgreSQL interactive terminal.\n\nUsage:\n psql [OPTION]... [DBNAME [USERNAME]]\n\nGeneral options:\n -c, --command=COMMAND run only single command (SQL or internal) and exit\n -d, --dbname=DBNAME database name to connect to\n -f, --file=FILENAME execute commands from file, then exit\n -l, --list list available databases, then exit\n -v, --set=, --variable=NAME=VALUE\n set psql variable NAME to VALUE\n (e.g., -v ON_ERROR_STOP=1)\n -V, --version output version information, then exit\n -X, --no-psqlrc do not read startup file (~/.psqlrc)\n -1 (\"one\"), --single-transaction\n execute as a single transaction (if non-interactive)\n -?, --help[=options] show this help, then exit\n --help=commands list backslash commands, then exit\n --help=variables list special variables, then exit\n\nInput and output options:\n -a, --echo-all echo all input from script\n -b, --echo-errors echo failed commands\n -e, --echo-queries echo commands sent to server\n -E, --echo-hidden display queries that internal commands generate\n -L, --log-file=FILENAME send session log to file\n -n, --no-readline disable enhanced command line editing (readline)\n -o, --output=FILENAME send query results to file (or |pipe)\n -q, --quiet run quietly (no messages, only query output)\n -s, --single-step single-step mode (confirm each query)\n -S, --single-line single-line mode (end of line terminates SQL command)\n\nOutput format options:\n -A, --no-align unaligned table output mode\n --csv CSV (Comma-Separated Values) table output mode\n -F, --field-separator=STRING\n field separator for unaligned output (default: \"|\")\n -H, --html HTML table output mode\n -P, --pset=VAR[=ARG] set printing option VAR to ARG (see \\pset command)\n -R, --record-separator=STRING\n record separator for unaligned output (default: newline)\n -t, --tuples-only print rows only\n -T, --table-attr=TEXT set HTML table tag attributes (e.g., width, border)\n -x, --expanded turn on expanded table output\n -z, --field-separator-zero\n set field separator for unaligned output to zero byte\n -0, --record-separator-zero\n set record separator for unaligned output to zero byte\n\nConnection options:\n -h, --host=HOSTNAME database server host or socket directory\n -p, --port=PORT database server port\n -U, --username=USERNAME database user name\n -w, --no-password never prompt for password\n -W, --password force password prompt (should happen automatically)\n\nFor more information, type \"\\?\" (for internal commands) or \"\\help\" (for SQL\ncommands) from within psql, or consult the psql section in the PostgreSQL\ndocumentation.\n\nReport bugs to .\nPostgreSQL home page: \n```\n", + "vendor": "Pilot Protocol", + "vendorUrl": "https://pilotprotocol.network", + "license": "PostgreSQL", + "sourceUrl": "https://github.com/postgres/postgres", + "homepage": "https://www.postgresql.org/docs/17/", + "version": "17.5.0", + "categoriesRaw": [ + "database", + "data", + "sql" + ], + "keywords": [ + "postgres", + "postgresql", + "psql", + "sql", + "database", + "query", + "client", + "server", + "initdb", + "libpq", + "dba" + ], + "bundleBytes": null, + "installedBytes": null, + "changelog": [ + { + "version": "17.5.0", + "notes": [ + "Native-CLI packaging of PostgreSQL 17.5.0 for the Pilot app store" + ] + } + ], + "minPilotVersion": "1.0.0", + "runtimes": [ + "go" + ], + "protection": "guarded", + "publishedAt": null, + "grants": [], + "inCatalogue": true + }, + "io.pilot.slipstream": { + "name": "Slipstream", + "tagline": "Polymarket smart-money leaderboard, signals, and tape", + "description": "SLIPSTREAM — Polymarket smart-money leaderboard, signals, tape & opportunities (Ed25519-signed API).", + "vendor": "Pilot Protocol", + "vendorUrl": "https://pilotprotocol.network", + "license": "MIT", + "sourceUrl": "https://github.com/pilot-protocol/catalog", + "homepage": null, + "version": "1.0.0", + "categoriesRaw": [ + "finance", + "markets", + "intelligence" + ], + "keywords": [ + "polymarket", + "signals", + "markets", + "leaderboard" + ], + "bundleBytes": 4674914, + "installedBytes": null, + "changelog": [], + "minPilotVersion": "1.0.0", + "runtimes": [ + "go" + ], + "protection": "shareable", + "publishedAt": null, + "grants": [], + "inCatalogue": true + }, + "io.telepat.ideon-free": { + "name": "Ideon (Free)", + "tagline": "Free long-form article generation for agents", + "description": "Free article generation for agents: ideon-free.generate(idea) returns a jobId; ideon-free.poll(jobId) returns the finished markdown article. A thin adapter over Ideon's ideon_write — no payment.", + "vendor": "Telepat", + "vendorUrl": "https://telepat.io", + "license": "Proprietary", + "sourceUrl": "https://telepat.io", + "homepage": "https://telepat.io", + "version": "0.3.1", + "categoriesRaw": [ + "writing", + "ai" + ], + "keywords": [ + "writing", + "article", + "generate", + "markdown" + ], + "bundleBytes": null, + "installedBytes": 13824, + "changelog": [ + { + "version": "0.3.1", + "notes": [ + "Thin adapter over Ideon ideon_write — no payment" + ] + } + ], + "minPilotVersion": "1.0.0", + "runtimes": [ + "go" + ], + "protection": "guarded", + "publishedAt": null, + "grants": [ + "audit.log:*", + "net.dial:ideon-mcp.telepat.io" + ], + "inCatalogue": true + }, + "io.pilot.aegis": { + "name": "AEGIS", + "tagline": "Runtime firewall for AI agents — blocks prompt injection before your agent reads it", + "description": "AEGIS is a runtime firewall for AI agents. It inspects untrusted content reaching your agent — inbox messages, tool results, web fetches, MCP responses, skill files — and blocks prompt injection, jailbreaks, and impersonation before the agent ever sees it. Genuine status messages pass straight through.\n\nTwo layers: L1 Aho-Corasick pattern matching (pure Rust, microseconds, ~120 known attack families with homoglyph and leetspeak normalization) and L2 a local Qwen3-1.7B judge via llama.cpp — fully offline, no network. On a held-out labeled set it scores 90% recall, 95% precision, 92% F1. An 880 KB binary with an HMAC-chained audit log.", + "vendor": "Pilot Protocol", + "vendorUrl": "https://aegis.pilotprotocol.network", + "license": "MIT", + "sourceUrl": "https://github.com/pilot-protocol/aegis", + "homepage": "https://aegis.pilotprotocol.network", + "version": "0.1.3", + "categoriesRaw": [ + "security" + ], + "keywords": [ + "security", + "firewall", + "prompt-injection", + "jailbreak", + "guardrail", + "defense", + "offline" + ], + "bundleBytes": 901072, + "installedBytes": null, + "changelog": [ + { + "version": "0.1.3", + "notes": [ + "Runtime firewall: L1 Aho-Corasick patterns + L2 local Qwen3-1.7B judge", + "Fully offline — no network", + "HMAC-chained audit log; 90% recall / 95% precision on the held-out set" + ] + } + ], + "minPilotVersion": "1.0.0", + "runtimes": [ + "rust" + ], + "protection": "guarded", + "publishedAt": null, + "grants": [ + "fs.read:*", + "fs.write:$HOME/.aegis", + "audit.log:*" + ], + "platforms": [ + "darwin-arm64", + "linux-amd64", + "linux-arm64" + ], + "inCatalogue": true + }, + "io.pilot.smol": { + "name": "Smol Machines", + "tagline": "Fast, hardware-isolated microVMs — local and cloud", + "description": "Smol Machines — fast, hardware-isolated Linux microVMs for agents, now local AND cloud. Spin up sub-second, real-hypervisor-isolated Linux microVMs locally with the smolvm CLI, then push a VM to the smol cloud with a single method.\n\nLocal (free, offline): run untrusted or AI-generated code safely (networking off by default), a real Linux shell, ephemeral or persistent VMs, portable .smolmachine artifacts, GPU/Vulkan.\n\nCloud (per-user, metered): smol.push sends a local VM (or an OCI image) to the smol cloud; Pilot provisions your own cloud key automatically on install — no account, no API key. Your cloud machines are isolated per user and metered against your free credit. The master key never leaves Pilot's broker.", + "vendor": "smol machines", + "vendorUrl": "https://smolmachines.com", + "license": "Apache-2.0", + "sourceUrl": "https://github.com/smol-machines/smolvm", + "homepage": "https://smolmachines.com", + "version": "1.2.0", + "categoriesRaw": [ + "dev", + "virtualization", + "security" + ], + "keywords": [ + "microvm", + "sandbox", + "vm", + "isolation", + "gpu", + "ci", + "cloud" + ], + "bundleBytes": 5346146, + "installedBytes": 9140402, + "changelog": [ + { + "version": "1.2.0", + "notes": [ + "Released v1.2.0" + ] + } + ], + "minPilotVersion": "1.0.0", + "runtimes": [ + "go" + ], + "protection": "guarded", + "publishedAt": null, + "grants": [ + "fs.read:$APP/config.json", + "proc.exec:smolvm", + "fs.read:$APP/install.json", + "fs.write:$APP", + "net.dial:pub-f09f9a4ea848491198d48e329ba030e3.r2.dev", + "audit.log:*" + ], + "inCatalogue": true + } } -} \ No newline at end of file diff --git a/src/data/apps.ts b/src/data/apps.ts index f0ea74c..7344db0 100644 --- a/src/data/apps.ts +++ b/src/data/apps.ts @@ -1006,10 +1006,10 @@ export const apps: App[] = [ "updatedAt": null }, { - "id": "io.pilot.smolmachines", + "id": "io.pilot.smol", "name": "Smol Machines", - "tagline": "Fast, hardware-isolated microVMs on demand", - "description": "Smol Machines — the app-store front door for the smolmachines VM engine. It lets an agent spin up fast, hardware-isolated Linux microVMs on demand (sub-second boot, real hypervisor isolation — not shared-kernel containers), then run workloads in a disposable sandbox. Free to use. Portable .smolmachine artifacts run identically on macOS and Linux, locally or in the cloud.\n\nUse it to:\n- Run untrusted or AI-generated code safely, with networking off by default\n- Give an agent a real Linux shell — a stateful, isolated execution backend\n- Automate headless browsers (GPU-accelerated) for scraping, screenshots, and web tasks\n- Run GPU/compute jobs via Vulkan with container-like speed\n- Spin up disposable dev sandboxes — a clean VM per task, torn down after\n- Keep persistent dev VMs — installed packages survive restarts\n- Run CI-style jobs — build, test, lint in clean environments\n- Fan out parallel ephemeral workers thanks to sub-second boot\n- Analyze malware / suspicious files in a throwaway environment\n- Build once, run anywhere — same artifact local, cloud, or self-hosted\n\nDiscover the live method surface at runtime with smolmachines.help, which lists each method's parameters and latency class.", + "tagline": "Fast, hardware-isolated microVMs — local and cloud", + "description": "Smol Machines — fast, hardware-isolated Linux microVMs for agents, now local AND cloud. Spin up sub-second, real-hypervisor-isolated Linux microVMs locally with the smolvm CLI (not shared-kernel containers), then push a VM to the smol cloud with a single method.\n\nLocal (free, offline):\n- Run untrusted or AI-generated code safely, networking off by default\n- Give an agent a real Linux shell — a stateful, isolated backend\n- Ephemeral or persistent VMs; portable .smolmachine artifacts via pack\n- GPU/Vulkan compute, headless-browser automation, CI-style jobs\n\nCloud (per-user, metered):\n- smol.push sends a local VM (or an OCI image) to the smol cloud\n- Pilot provisions your own cloud key automatically on install — no account, no API key to manage\n- Your cloud machines are isolated per user and metered against your free credit; smol.balance shows what's left, smol.list shows only your machines\n\nDiscover the live method surface with smol.help. The master cloud key never leaves Pilot's broker; you only ever hold your own scoped key.", "categories": [ "infra" ], @@ -1020,7 +1020,8 @@ export const apps: App[] = [ "vm", "isolation", "gpu", - "ci" + "ci", + "cloud" ], "version": "1.2.0", "vendor": "smol machines", @@ -1030,11 +1031,27 @@ export const apps: App[] = [ "homepage": "https://smolmachines.com", "methods": [ { - "name": "smolmachines.exec", - "summary": "Run any smolvm subcommand in a fast, hardware-isolated Linux microVM. Payload is {\"args\":[...]} — the verbatim smolvm argv. Command surface: `machine run` (ephemeral VM, one-off command), `machine create|start|exec|stop|delete|shell|status|ls|cp|update|monitor|prune` (persistent VMs; `exec` persists filesystem changes), `pack create|run` (portable .smolmachine artifacts), `serve` (HTTP API), `config`. Key flags: `--net` (networking is OFF by default), `--image `, `-v HOST:GUEST`, `-p HOST:GUEST`, `--gpu`, `--ssh-agent`, `--secret-env GUEST=HOST`. Example args: [\"machine\",\"run\",\"--net\",\"--image\",\"alpine\",\"--\",\"sh\",\"-c\",\"echo hi\"]. Not supported over IPC: interactive sessions (-it / `machine shell`) and long-running `serve`." + "name": "smol.exec", + "summary": "Run any smolvm subcommand in a fast, hardware-isolated Linux microVM LOCALLY. Payload is {\"args\":[...]} — the verbatim smolvm argv (machine run/create/exec, pack, serve, config). Networking is off by default (--net)." }, { - "name": "smolmachines.help", + "name": "smol.push", + "summary": "Push a VM to the smol cloud as YOU: send a local packed artifact or an OCI image. Costs 1 credit; the broker checks your balance and tags the machine as owned by you so no other user can see it. Pass {\"net\":true} for networking." + }, + { + "name": "smol.provision", + "summary": "Provision (or fetch) your per-user smol cloud key + free credit. Runs automatically on install and on smol.help." + }, + { + "name": "smol.balance", + "summary": "Report your remaining smol cloud credit balance." + }, + { + "name": "smol.list", + "summary": "List YOUR smol cloud machines (only yours — the broker filters by owner)." + }, + { + "name": "smol.help", "summary": "Discovery: every method with params, kind, and latency class." } ], @@ -1048,7 +1065,11 @@ export const apps: App[] = [ ], "grants": [ "fs.read:$APP/config.json", + "fs.read:$APP/secrets.json", + "fs.write:$APP/secrets.json", + "key.sign:self", "proc.exec:smolvm", + "net.dial:smol-broker.pilotprotocol.network", "fs.read:$APP/install.json", "fs.write:$APP", "net.dial:pub-f09f9a4ea848491198d48e329ba030e3.r2.dev", @@ -1080,7 +1101,7 @@ export const apps: App[] = [ "inCatalogue": true, "icon": { "mode": "image", - "img": "/appicons/io.pilot.smolmachines.png", + "img": "/appicons/io.pilot.smol.png", "fit": "cover", "pos": "center", "color": "#ffffff", @@ -1088,12 +1109,12 @@ export const apps: App[] = [ "file": null, "hue": 30 }, - "minPilotVersion": "1.0.0", + "minPilotVersion": "1.10.0", "runtimes": [ "go" ], - "publishedAt": null, - "updatedAt": null + "publishedAt": "2026-07-02", + "updatedAt": "2026-07-02" }, { "id": "io.pilot.miren", From 431ccdd246145c7b92582576a7df9cac5921ef67 Mon Sep 17 00:00:00 2001 From: Alex Godoroja Date: Thu, 2 Jul 2026 16:38:06 -0700 Subject: [PATCH 2/4] app-store: add usage pricing chart + smol.key/rotate methods to Smol Machines Detail page now shows a Pricing section for io.pilot.smol: a $5.00 free-credit callout + a bar chart of the cloud rate card (CPU/memory/disk/egress), matching the catalogue + smol.help. Methods list synced (adds smol.key, smol.rotate). --- src/data/apps.ts | 20 +++++++++++++++++++- src/pages/apps/[id].astro | 26 ++++++++++++++++++++++++++ src/styles/appstore.css | 16 ++++++++++++++++ 3 files changed, 61 insertions(+), 1 deletion(-) diff --git a/src/data/apps.ts b/src/data/apps.ts index 7344db0..adc0cc3 100644 --- a/src/data/apps.ts +++ b/src/data/apps.ts @@ -18,6 +18,14 @@ export interface App { featured: boolean; real: boolean; inCatalogue: boolean; icon: AppIcon; minPilotVersion: string; runtimes: string[]; publishedAt: string | null; updatedAt: string | null; + pricing?: AppPricing | null; +} + +// AppPricing drives the pricing chart on the detail page (usage-billed apps). +export interface AppPricing { + model: string; + freeCredit: string; // e.g. "$5.00" + rateCard: { label: string; rate: string; value: number }[]; // value = relative $ for the bar } export interface Category { id: string; name: string; blurb: string; hue: number; } @@ -1114,7 +1122,17 @@ export const apps: App[] = [ "go" ], "publishedAt": "2026-07-02", - "updatedAt": "2026-07-02" + "updatedAt": "2026-07-02", + "pricing": { + "model": "Local methods (smol.exec/version/help) are free. Cloud VMs are billed by REAL usage: every user gets $5.00 of free credit, a running VM drains it by the second (CPU + memory + disk), and the broker stops your VMs when it runs out. The master cloud key never leaves Pilot's broker.", + "freeCredit": "$5.00", + "rateCard": [ + { "label": "CPU", "rate": "$0.0432 / cpu-hour", "value": 0.0432 }, + { "label": "Memory", "rate": "$0.0162 / GB-hour", "value": 0.0162 }, + { "label": "Disk", "rate": "$0.0001 / GB-hour", "value": 0.0001 }, + { "label": "Egress", "rate": "$0.05 / GB", "value": 0.05 } + ] + } }, { "id": "io.pilot.miren", diff --git a/src/pages/apps/[id].astro b/src/pages/apps/[id].astro index 0e03e66..f908a80 100644 --- a/src/pages/apps/[id].astro +++ b/src/pages/apps/[id].astro @@ -164,6 +164,32 @@ const canonicalUrl = `https://pilotprotocol.network/apps/${app.id}`; )} + {app.pricing && ( +
+

Pricing

+

{app.pricing.model}

+
+
+
{app.pricing.freeCredit}
+
free credit — then billed by real usage
+
+
+ {app.pricing.rateCard.map((r) => { + const max = Math.max(...app.pricing!.rateCard.map((x) => x.value)); + const pct = Math.max(5, Math.round((r.value / max) * 100)); + return ( +
+ {r.label} + + {r.rate} +
+ ); + })} +
+
+
+ )} + {app.changelog.length > 0 && (

What’s New

diff --git a/src/styles/appstore.css b/src/styles/appstore.css index 77f7d93..e8fdf97 100644 --- a/src/styles/appstore.css +++ b/src/styles/appstore.css @@ -395,3 +395,19 @@ .dh-l { flex-direction: column; gap: 16px; } .dev-cta .pub-btn { padding: 11px 16px; } } + +/* App detail — pricing chart (usage-billed apps like io.pilot.smol) */ +.pricing-wrap { display: grid; grid-template-columns: minmax(150px, 200px) 1fr; gap: 20px; align-items: center; } +@media (max-width: 640px) { .pricing-wrap { grid-template-columns: 1fr; } } +.pricing-free { + border: 1px solid var(--line); border-radius: 14px; padding: 20px 18px; text-align: center; + background: linear-gradient(180deg, color-mix(in srgb, var(--accent, #4f7cff) 8%, transparent), transparent); +} +.pf-amt { font-family: var(--mono); font-size: 30px; font-weight: 700; color: var(--ink); letter-spacing: -0.02em; } +.pf-lbl { font-size: 12px; color: var(--ink-dim); margin-top: 6px; line-height: 1.4; } +.pricing-chart { display: flex; flex-direction: column; gap: 12px; } +.pc-row { display: grid; grid-template-columns: 70px 1fr auto; gap: 12px; align-items: center; } +.pc-label { font-size: 13px; color: var(--ink-dim); font-weight: 600; } +.pc-track { height: 10px; border-radius: 6px; background: color-mix(in srgb, var(--ink) 7%, transparent); overflow: hidden; } +.pc-bar { display: block; height: 100%; border-radius: 6px; background: var(--accent, #4f7cff); min-width: 4px; } +.pc-rate { font-family: var(--mono); font-size: 12px; color: var(--ink); white-space: nowrap; } From 0aeee0ab17a434af910f569b23d1bba000a2ed8d Mon Sep 17 00:00:00 2001 From: Alex Godoroja Date: Thu, 2 Jul 2026 16:38:57 -0700 Subject: [PATCH 3/4] app-store: list smol.key + smol.rotate methods (sync with catalogue/help) --- src/data/apps.ts | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/data/apps.ts b/src/data/apps.ts index adc0cc3..918ac30 100644 --- a/src/data/apps.ts +++ b/src/data/apps.ts @@ -1058,9 +1058,17 @@ export const apps: App[] = [ "name": "smol.list", "summary": "List YOUR smol cloud machines (only yours — the broker filters by owner)." }, + { + "name": "smol.key", + "summary": "Get your current per-user smol cloud key (bound to your Pilot identity; also cached in your app's private secrets)." + }, + { + "name": "smol.rotate", + "summary": "Rotate your cloud key if it leaked — the old key stops working immediately; your credit and machines are unaffected." + }, { "name": "smol.help", - "summary": "Discovery: every method with params, kind, and latency class." + "summary": "Discovery: methods grouped by plane (local vs cloud), with params, latency, and cost." } ], "changelog": [ From 3af1c1178709258b7b02f67684d8f7f2f37b7095 Mon Sep 17 00:00:00 2001 From: Alex Godoroja Date: Tue, 7 Jul 2026 15:06:47 -0700 Subject: [PATCH 4/4] =?UTF-8?q?app-store:=20complete=20io.pilot.smol=20ren?= =?UTF-8?q?ame=20=E2=80=94=20cloud=20methods,=20grants,=20and=20a=20301=20?= =?UTF-8?q?redirect?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Addresses the review that closed #74 (rename with no redirect → old links 404). - public/_redirects: 301 /apps/io.pilot.smolmachines → /apps/io.pilot.smol so existing app-store links and bookmarks don't 404 (the missing piece from #74). - app-methods.json: replace the stale 2 local methods with the 9 published methods (smol.exec/version/help + cloud smol.push/provision/balance/list/ key/rotate), sourced from the catalogue metadata.json. - app-overrides.json: cloud grants (net.dial the smol broker, key.sign:self, secrets fs read/write), min pilot 1.10.0, and corrected bundle/installed sizes. - gen-apps.mjs: rename the id in CATMAP/ICON_MAP/APP_IDS; regenerate apps.ts. - app-store.astro: repoint the fresh-pinned tile to io.pilot.smol; refresh the plain twin's source-sha stamp (the plain page renders no per-app data, so its content is unchanged). npm run check:plain and npm run build both green; /apps/io.pilot.smol renders all 9 methods and `appstore install io.pilot.smol`. Co-Authored-By: Claude Opus 4.8 (1M context) --- public/_redirects | 6 ++++ scripts/gen-apps.mjs | 6 ++-- src/data/app-methods.json | 34 +++++++++++++++++-- src/data/app-overrides.json | 10 ++++-- src/data/apps.ts | 58 +++++++++++++-------------------- src/pages/app-store.astro | 2 +- src/pages/plain/app-store.astro | 2 +- 7 files changed, 71 insertions(+), 47 deletions(-) create mode 100644 public/_redirects diff --git a/public/_redirects b/public/_redirects new file mode 100644 index 0000000..1545fe5 --- /dev/null +++ b/public/_redirects @@ -0,0 +1,6 @@ +# Cloudflare Pages redirects. One rule per line: . +# +# io.pilot.smolmachines was renamed to io.pilot.smol (same app + a cloud plane). +# Keep old app-store links alive with a permanent redirect so existing +# /apps/io.pilot.smolmachines links (and any bookmarks/inbound links) don't 404. +/apps/io.pilot.smolmachines /apps/io.pilot.smol 301 diff --git a/scripts/gen-apps.mjs b/scripts/gen-apps.mjs index 23bb838..cc75e17 100644 --- a/scripts/gen-apps.mjs +++ b/scripts/gen-apps.mjs @@ -34,7 +34,7 @@ const CATMAP = { 'io.pilot.postgres': 'data', 'io.pilot.duckdb': 'data', 'io.pilot.redis': 'data', 'io.pilot.sixtyfour': 'data', 'io.pilot.cosift': 'ai', 'io.telepat.ideon-free': 'ai', 'io.pilot.plainweb': 'web', 'io.pilot.otto': 'web', - 'io.pilot.smolmachines': 'infra', 'io.pilot.miren': 'infra', 'io.pilot.docker': 'infra', + 'io.pilot.smol': 'infra', 'io.pilot.miren': 'infra', 'io.pilot.docker': 'infra', 'io.pilot.aegis': 'security', 'io.pilot.slipstream': 'finance', 'io.pilot.wallet': 'finance', }; @@ -46,7 +46,7 @@ const ICON_MAP = { 'io.pilot.redis': { brand: 'redis', hex: '#FF4438' }, 'io.pilot.docker': { brand: 'docker', hex: '#2496ED' }, 'io.pilot.cosift': { image: 'png', fit: 'contain', bg: '#ffffff' }, - 'io.pilot.smolmachines': { image: 'png', fit: 'cover', bg: '#ffffff' }, + 'io.pilot.smol': { image: 'png', fit: 'cover', bg: '#ffffff' }, 'io.pilot.sixtyfour': { image: 'png', fit: 'cover', bg: '#0b0b0a' }, 'io.pilot.plainweb': { image: 'png', fit: 'contain', bg: '#ffffff' }, 'io.pilot.slipstream': { lucide: 'trending-up' }, @@ -82,7 +82,7 @@ function iconFor(id, hue) { const APP_IDS = [ 'io.pilot.postgres', 'io.pilot.duckdb', 'io.pilot.redis', 'io.pilot.sixtyfour', 'io.pilot.cosift', 'io.telepat.ideon-free', 'io.pilot.plainweb', 'io.pilot.otto', - 'io.pilot.smolmachines', 'io.pilot.miren', 'io.pilot.docker', 'io.pilot.aegis', + 'io.pilot.smol', 'io.pilot.miren', 'io.pilot.docker', 'io.pilot.aegis', 'io.pilot.slipstream', 'io.pilot.wallet', ]; const FEATURED = ['io.pilot.postgres', 'io.pilot.duckdb', 'io.pilot.docker']; diff --git a/src/data/app-methods.json b/src/data/app-methods.json index 9a4f35a..243436c 100644 --- a/src/data/app-methods.json +++ b/src/data/app-methods.json @@ -522,11 +522,39 @@ ], "io.pilot.smol": [ { - "name": "smolmachines.exec", - "summary": "Run any smolvm subcommand in a fast, hardware-isolated Linux microVM. Payload is {\"args\":[...]} — the verbatim smolvm argv. Command surface: `machine run` (ephemeral VM, one-off command), `machine create|start|exec|stop|delete|shell|status|ls|cp|update|monitor|prune` (persistent VMs; `exec` persists filesystem changes), `pack create|run` (portable .smolmachine artifacts), `serve` (HTTP API), `config`. Key flags: `--net` (networking is OFF by default), `--image `, `-v HOST:GUEST`, `-p HOST:GUEST`, `--gpu`, `--ssh-agent`, `--secret-env GUEST=HOST`. Example args: [\"machine\",\"run\",\"--net\",\"--image\",\"alpine\",\"--\",\"sh\",\"-c\",\"echo hi\"]. Not supported over IPC: interactive sessions (-it / `machine shell`) and long-running `serve`." + "name": "smol.exec", + "summary": "Run ANY smolvm subcommand in a fast, hardware-isolated Linux microVM LOCALLY. Payload is {\"args\":[...]} (verbatim smolvm argv) with optional {\"stdin\":\"...\"}. This one method exposes the whole smolvm CLI — for the complete agent reference call smol.exec {\"args\":[\"--help\"]}, and for any subcommand call smol.exec {\"args\":[\"\",\"--help\"]}.\n\nCOMMAND SURFACE:\n• machine run — create an EPHEMERAL VM, run one command, tear down (nothing persists). e.g. [\"machine\",\"run\",\"--net\",\"--image\",\"alpine\",\"--\",\"sh\",\"-c\",\"echo hi\"].\n• machine create | start | stop | delete — lifecycle of a PERSISTENT named VM (--name, default \"default\").\n• machine exec — run a command in a persistent VM; FILESYSTEM CHANGES PERSIST across sessions (package installs stick). e.g. [\"machine\",\"exec\",\"--name\",\"myvm\",\"--\",\"apk\",\"add\",\"python3\"].\n• machine status | ls | images | monitor — read-only introspection (do NOT stop a running VM).\n• machine cp — copy files host↔VM (HOST:GUEST). machine update — change mounts/ports/env/cpu/memory on a STOPPED VM. machine prune — reclaim layers (prune --all needs the VM stopped).\n• pack create -o — build a portable, self-contained .smolmachine executable; pack run — run one. machine create --from .smolmachine for fast start.\n• serve start --listen — HTTP API server (POST/GET /api/v1/machines…); serve openapi — the spec.\n• config — manage registries + defaults.\n\nKEY FLAGS: --net (networking is OFF by default), --image , -v HOST:GUEST[:ro] (mount; -v host:/workspace replaces the default workspace), -p HOST:GUEST (port), --gpu, --ssh-agent (forward host SSH agent; keys never enter the VM), --secret-env GUEST=HOST / --secret-file GUEST=/abs / -s Smolfile (inject secrets by reference), --from , --cpus, --memory.\n\nDEFAULTS: network off; cpus 4; memory 8192 MiB; storage 20 GiB; name \"default\". Elastic memory/CPU via virtio balloon.\n\nNOT SUPPORTED OVER IPC: interactive sessions (-it / machine shell) and long-running serve (no attached TTY)." }, { - "name": "smolmachines.help", + "name": "smol.version", + "summary": "Report the local smolvm engine version. This is `smolvm --version`." + }, + { + "name": "smol.provision", + "summary": "Provision (or fetch) this Pilot user's proprietary smol cloud key and free credit balance. Runs automatically on install and on smol.help — you rarely call it directly. The key is bound to your Pilot identity, stored only in your app's private secrets, and used to push and isolate your cloud VMs. Returns {key, credits}." + }, + { + "name": "smol.balance", + "summary": "Report your remaining smol cloud credit balance. Returns {credits}." + }, + { + "name": "smol.push", + "summary": "Push a VM to the smol cloud as YOU (your provisioned key) and START it running. Provide either a local packed artifact (base64 of a `smolvm pack` output) OR an OCI `image` reference the cloud pulls; pass {\"net\":true} for outbound networking (off by default). BILLING: you must have credit to start (402 if empty); the running VM then drains your credit by REAL usage (CPU + memory + disk per the rate card in smol.help) and the broker STOPS it when your credit runs out. The machine is tagged as owned by you, so no other user can see or touch it. Returns the created machine." + }, + { + "name": "smol.list", + "summary": "List YOUR smol cloud machines (only yours — the broker filters by owner). Free (no credit). Returns an array of machines." + }, + { + "name": "smol.key", + "summary": "Get your current smol cloud key (the per-user credential bound to your Pilot identity). Idempotent — safe to call anytime. The key is also cached in your app's private secrets. Returns {key, credits}." + }, + { + "name": "smol.rotate", + "summary": "Rotate your smol cloud key if it leaked. Your OLD key stops working immediately and a NEW key is issued — your credit and cloud machines are NOT affected (only the key changes). Returns {key, credits, rotated}." + }, + { + "name": "smol.help", "summary": "Discovery: every method with params, kind, and latency class." } ] diff --git a/src/data/app-overrides.json b/src/data/app-overrides.json index 00e7582..cf843eb 100644 --- a/src/data/app-overrides.json +++ b/src/data/app-overrides.json @@ -652,8 +652,8 @@ "ci", "cloud" ], - "bundleBytes": 5346146, - "installedBytes": 9140402, + "bundleBytes": 5401194, + "installedBytes": 9706567, "changelog": [ { "version": "1.2.0", @@ -662,7 +662,7 @@ ] } ], - "minPilotVersion": "1.0.0", + "minPilotVersion": "1.10.0", "runtimes": [ "go" ], @@ -670,6 +670,10 @@ "publishedAt": null, "grants": [ "fs.read:$APP/config.json", + "fs.read:$APP/secrets.json", + "fs.write:$APP/secrets.json", + "key.sign:self", + "net.dial:smol-broker.pilotprotocol.network", "proc.exec:smolvm", "fs.read:$APP/install.json", "fs.write:$APP", diff --git a/src/data/apps.ts b/src/data/apps.ts index 918ac30..9b91539 100644 --- a/src/data/apps.ts +++ b/src/data/apps.ts @@ -18,14 +18,6 @@ export interface App { featured: boolean; real: boolean; inCatalogue: boolean; icon: AppIcon; minPilotVersion: string; runtimes: string[]; publishedAt: string | null; updatedAt: string | null; - pricing?: AppPricing | null; -} - -// AppPricing drives the pricing chart on the detail page (usage-billed apps). -export interface AppPricing { - model: string; - freeCredit: string; // e.g. "$5.00" - rateCard: { label: string; rate: string; value: number }[]; // value = relative $ for the bar } export interface Category { id: string; name: string; blurb: string; hue: number; } @@ -1017,7 +1009,7 @@ export const apps: App[] = [ "id": "io.pilot.smol", "name": "Smol Machines", "tagline": "Fast, hardware-isolated microVMs — local and cloud", - "description": "Smol Machines — fast, hardware-isolated Linux microVMs for agents, now local AND cloud. Spin up sub-second, real-hypervisor-isolated Linux microVMs locally with the smolvm CLI (not shared-kernel containers), then push a VM to the smol cloud with a single method.\n\nLocal (free, offline):\n- Run untrusted or AI-generated code safely, networking off by default\n- Give an agent a real Linux shell — a stateful, isolated backend\n- Ephemeral or persistent VMs; portable .smolmachine artifacts via pack\n- GPU/Vulkan compute, headless-browser automation, CI-style jobs\n\nCloud (per-user, metered):\n- smol.push sends a local VM (or an OCI image) to the smol cloud\n- Pilot provisions your own cloud key automatically on install — no account, no API key to manage\n- Your cloud machines are isolated per user and metered against your free credit; smol.balance shows what's left, smol.list shows only your machines\n\nDiscover the live method surface with smol.help. The master cloud key never leaves Pilot's broker; you only ever hold your own scoped key.", + "description": "Smol Machines — fast, hardware-isolated Linux microVMs for agents, now local AND cloud. Spin up sub-second, real-hypervisor-isolated Linux microVMs locally with the smolvm CLI, then push a VM to the smol cloud with a single method.\n\nLocal (free, offline): run untrusted or AI-generated code safely (networking off by default), a real Linux shell, ephemeral or persistent VMs, portable .smolmachine artifacts, GPU/Vulkan.\n\nCloud (per-user, metered): smol.push sends a local VM (or an OCI image) to the smol cloud; Pilot provisions your own cloud key automatically on install — no account, no API key. Your cloud machines are isolated per user and metered against your free credit. The master key never leaves Pilot's broker.", "categories": [ "infra" ], @@ -1040,35 +1032,39 @@ export const apps: App[] = [ "methods": [ { "name": "smol.exec", - "summary": "Run any smolvm subcommand in a fast, hardware-isolated Linux microVM LOCALLY. Payload is {\"args\":[...]} — the verbatim smolvm argv (machine run/create/exec, pack, serve, config). Networking is off by default (--net)." + "summary": "Run ANY smolvm subcommand in a fast, hardware-isolated Linux microVM LOCALLY. Payload is {\"args\":[...]} (verbatim smolvm argv) with optional {\"stdin\":\"...\"}. This one method exposes the whole smolvm CLI — for the complete agent reference call smol.exec {\"args\":[\"--help\"]}, and for any subcommand call smol.exec {\"args\":[\"\",\"--help\"]}.\n\nCOMMAND SURFACE:\n• machine run — create an EPHEMERAL VM, run one command, tear down (nothing persists). e.g. [\"machine\",\"run\",\"--net\",\"--image\",\"alpine\",\"--\",\"sh\",\"-c\",\"echo hi\"].\n• machine create | start | stop | delete — lifecycle of a PERSISTENT named VM (--name, default \"default\").\n• machine exec — run a command in a persistent VM; FILESYSTEM CHANGES PERSIST across sessions (package installs stick). e.g. [\"machine\",\"exec\",\"--name\",\"myvm\",\"--\",\"apk\",\"add\",\"python3\"].\n• machine status | ls | images | monitor — read-only introspection (do NOT stop a running VM).\n• machine cp — copy files host↔VM (HOST:GUEST). machine update — change mounts/ports/env/cpu/memory on a STOPPED VM. machine prune — reclaim layers (prune --all needs the VM stopped).\n• pack create -o — build a portable, self-contained .smolmachine executable; pack run — run one. machine create --from .smolmachine for fast start.\n• serve start --listen — HTTP API server (POST/GET /api/v1/machines…); serve openapi — the spec.\n• config — manage registries + defaults.\n\nKEY FLAGS: --net (networking is OFF by default), --image , -v HOST:GUEST[:ro] (mount; -v host:/workspace replaces the default workspace), -p HOST:GUEST (port), --gpu, --ssh-agent (forward host SSH agent; keys never enter the VM), --secret-env GUEST=HOST / --secret-file GUEST=/abs / -s Smolfile (inject secrets by reference), --from , --cpus, --memory.\n\nDEFAULTS: network off; cpus 4; memory 8192 MiB; storage 20 GiB; name \"default\". Elastic memory/CPU via virtio balloon.\n\nNOT SUPPORTED OVER IPC: interactive sessions (-it / machine shell) and long-running serve (no attached TTY)." }, { - "name": "smol.push", - "summary": "Push a VM to the smol cloud as YOU: send a local packed artifact or an OCI image. Costs 1 credit; the broker checks your balance and tags the machine as owned by you so no other user can see it. Pass {\"net\":true} for networking." + "name": "smol.version", + "summary": "Report the local smolvm engine version. This is `smolvm --version`." }, { "name": "smol.provision", - "summary": "Provision (or fetch) your per-user smol cloud key + free credit. Runs automatically on install and on smol.help." + "summary": "Provision (or fetch) this Pilot user's proprietary smol cloud key and free credit balance. Runs automatically on install and on smol.help — you rarely call it directly. The key is bound to your Pilot identity, stored only in your app's private secrets, and used to push and isolate your cloud VMs. Returns {key, credits}." }, { "name": "smol.balance", - "summary": "Report your remaining smol cloud credit balance." + "summary": "Report your remaining smol cloud credit balance. Returns {credits}." + }, + { + "name": "smol.push", + "summary": "Push a VM to the smol cloud as YOU (your provisioned key) and START it running. Provide either a local packed artifact (base64 of a `smolvm pack` output) OR an OCI `image` reference the cloud pulls; pass {\"net\":true} for outbound networking (off by default). BILLING: you must have credit to start (402 if empty); the running VM then drains your credit by REAL usage (CPU + memory + disk per the rate card in smol.help) and the broker STOPS it when your credit runs out. The machine is tagged as owned by you, so no other user can see or touch it. Returns the created machine." }, { "name": "smol.list", - "summary": "List YOUR smol cloud machines (only yours — the broker filters by owner)." + "summary": "List YOUR smol cloud machines (only yours — the broker filters by owner). Free (no credit). Returns an array of machines." }, { "name": "smol.key", - "summary": "Get your current per-user smol cloud key (bound to your Pilot identity; also cached in your app's private secrets)." + "summary": "Get your current smol cloud key (the per-user credential bound to your Pilot identity). Idempotent — safe to call anytime. The key is also cached in your app's private secrets. Returns {key, credits}." }, { "name": "smol.rotate", - "summary": "Rotate your cloud key if it leaked — the old key stops working immediately; your credit and machines are unaffected." + "summary": "Rotate your smol cloud key if it leaked. Your OLD key stops working immediately and a NEW key is issued — your credit and cloud machines are NOT affected (only the key changes). Returns {key, credits, rotated}." }, { "name": "smol.help", - "summary": "Discovery: methods grouped by plane (local vs cloud), with params, latency, and cost." + "summary": "Discovery: every method with params, kind, and latency class." } ], "changelog": [ @@ -1084,8 +1080,8 @@ export const apps: App[] = [ "fs.read:$APP/secrets.json", "fs.write:$APP/secrets.json", "key.sign:self", - "proc.exec:smolvm", "net.dial:smol-broker.pilotprotocol.network", + "proc.exec:smolvm", "fs.read:$APP/install.json", "fs.write:$APP", "net.dial:pub-f09f9a4ea848491198d48e329ba030e3.r2.dev", @@ -1094,22 +1090,22 @@ export const apps: App[] = [ "bundles": [ { "platform": "darwin-arm64", - "bytes": 5132300 + "bytes": 4861075 }, { "platform": "darwin-amd64", - "bytes": 5559992 + "bytes": 4861075 }, { "platform": "linux-arm64", - "bytes": 5613453 + "bytes": 5563230 }, { "platform": "linux-amd64", - "bytes": 5613453 + "bytes": 5779278 } ], - "installedBytes": 9140402, + "installedBytes": 9706567, "depends": [], "protection": "guarded", "featured": false, @@ -1129,18 +1125,8 @@ export const apps: App[] = [ "runtimes": [ "go" ], - "publishedAt": "2026-07-02", - "updatedAt": "2026-07-02", - "pricing": { - "model": "Local methods (smol.exec/version/help) are free. Cloud VMs are billed by REAL usage: every user gets $5.00 of free credit, a running VM drains it by the second (CPU + memory + disk), and the broker stops your VMs when it runs out. The master cloud key never leaves Pilot's broker.", - "freeCredit": "$5.00", - "rateCard": [ - { "label": "CPU", "rate": "$0.0432 / cpu-hour", "value": 0.0432 }, - { "label": "Memory", "rate": "$0.0162 / GB-hour", "value": 0.0162 }, - { "label": "Disk", "rate": "$0.0001 / GB-hour", "value": 0.0001 }, - { "label": "Egress", "rate": "$0.05 / GB", "value": 0.05 } - ] - } + "publishedAt": null, + "updatedAt": null }, { "id": "io.pilot.miren", diff --git a/src/pages/app-store.astro b/src/pages/app-store.astro index e852902..2703b97 100644 --- a/src/pages/app-store.astro +++ b/src/pages/app-store.astro @@ -17,7 +17,7 @@ const canonicalUrl = 'https://pilotprotocol.network/app-store'; const featured = featuredApps(); const hero = featured[0]; const sideFeatured = featured.slice(1, 4); -const freshPinned = ['io.pilot.miren', 'io.pilot.smolmachines', 'io.pilot.wallet', 'io.pilot.slipstream']; +const freshPinned = ['io.pilot.miren', 'io.pilot.smol', 'io.pilot.wallet', 'io.pilot.slipstream']; const freshExclude = new Set(['io.pilot.postgres', 'io.pilot.docker']); const fresh = [ ...freshPinned.map((id) => apps.find((a) => a.id === id)).filter(Boolean), diff --git a/src/pages/plain/app-store.astro b/src/pages/plain/app-store.astro index a3b5959..7d3c4e5 100644 --- a/src/pages/plain/app-store.astro +++ b/src/pages/plain/app-store.astro @@ -1,7 +1,7 @@ --- // Auto-generated by scripts/regen-plain.mjs. Edit the marketing source and re-run. // plain-source: src/pages/app-store.astro -// plain-source-sha256: 64660b72f524cf3191438052d800df3205349be2e992faf75971fe0b979803e7 +// plain-source-sha256: f9e3cb9473457152371d5720644d25d26962f07377f36cac1faad8528e154916 import PlainLayout from '../../layouts/PlainLayout.astro'; ---