npm.io
0.1.2 • Published 21h agoCLI

@vivekmind/sw-agent

Licence
MIT
Version
0.1.2
Deps
4
Size
2.1 MB
Vulns
0
Weekly
0
Stars
1

@vivekmind/sw-agent

Bridge between the Schema Weaver browser IDE and your PostgreSQL databases. Runs near the DB. Never exposes credentials. Executes queries and migrations on demand.

npm version license node version

What is Schema Weaver?

Schema Weaver is a PostgreSQL schema management SaaS that helps teams visualize, edit, and migrate their database schemas from a browser-based IDE. SW Agent is the on-premises bridge that connects that IDE to your actual databases—without ever exposing credentials to the cloud.

What SW Agent Does

SW Agent is a lightweight daemon that:

  • Runs near your database — on your laptop, an EC2 instance, or a bastion host in your VPC
  • Holds DB credentials locally — never sends connection strings to the cloud
  • Enforces per-user permissions — 4 permission levels × 4 roles
  • Executes queries & migrations — on demand from the browser IDE
  • Streams results efficiently — chunked for large datasets (100 rows / 64KB / 100ms)
  • Writes a tamper-evident audit log — SHA-256 hash chain for compliance

Architecture

┌────────────────┐                    ┌────────────────┐                    ┌────────────────┐
│     Browser    │      WSS           │   Cloud User   │      WSS          │    SW Agent    │
│  (Schema       │◄──────────────────►│    Gateway     │◄──────────────────►│   (this pkg)   │
│   Weaver IDE)  │  www.worker-pod.io │                │                    │                │
└────────────────┘                    └────────────────┘                    └───────┬────────┘
                                                                                    │
                                                                          PostgreSQL │
                                                                                    │
                                                                           pg        ▼
                                                                           ┌────────────────┐
                                                                           │    Postgres    │
                                                                           │    Database   │
                                                                           └────────────────┘
                                                                                   
                                                                                   ┌────────────────┐
                                                                                   │   Audit Log    │
                                                                                   │ (JSONL + hash  │
                                                                                   │    chain)      │
                                                                                   └────────────────┘

The agent connects outbound to the cloud gateway — no inbound firewall changes required.

Install

As a CLI (run the agent daemon)
npm install -g @vivekmind/sw-agent

# Or use without installing:
npx @vivekmind/sw-agent init
As a library (programmatic API)
npm install @vivekmind/sw-agent

Quick Start (CLI)

# 1. Initialize the agent on your machine
sw-agent init
#  ✓ Machine label: my-laptop
#  ✓ Cloud URL: wss://agent.schema-weaver.dev
#  ✓ Permission: auto_upgrade
#  ✓ Agent ID: agt_v3_5556c36b
#  Token shown once — keep it safe to link browser projects.

# 2. Add a PostgreSQL database (interactive, with connection test)
sw-agent db add
#  ? Project name: myapp
#  ? Database alias: myapp-db
#  ? Host: localhost
#  ? Port: 5432
#  ? Database name: myapp
#  ? Username: myapp_user
#  ? Password storage: Environment variable
#  ? Environment variable name: DB_PASSWORD
#  ? SSL mode: require
#  ✓ Connected. PostgreSQL 16.3
#  ✓ Database added successfully!

# 3. List your databases
sw-agent db list
#  ┌────────┬─────────┬──────────────────┬──────────┬─────────┬────────┬─────┬──────────┐
#  │ ALIAS  │ PROJECT │ HOST             │ DATABASE │ USER    │ SSL    │ PWD │ PERM     │
#  ├────────┼─────────┼──────────────────┼──────────┼─────────┼────────┼─────┼──────────┤
#  │ myapp- │ myapp   │ localhost:5432   │ myapp    │ myapp_u │ require│ env │ default  │
#  │ db     │         │                  │          │ ser     │        │     │          │
#  └────────┴─────────┴──────────────────┴──────────┴─────────┴────────┴─────┴──────────┘

# 4. Test a connection
sw-agent db test myapp-db
#  ✓ Connected in 12ms
#    PostgreSQL 16.3
#    Database: myapp
#    User: myapp_user
#    Latency: 12ms

# 5. Verify everything works
sw-agent doctor
#  ✓ SW Agent directory exists
#  ✓ Machine config valid         Agent ID: agt_v3_5556c36b
#  ✓ Token format
#  ⚠ Databases config valid       No databases configured
#  ⚠ Databases reachable          No databases configured to test
#  ✓ Audit directory writable
#  ✓ Disk space                   Skipped (platform check)
#  ✓ Node version                 v24.15.0
#  ✓ PID file                     No PID file (agent not running)

# 6. Start the agent daemon
sw-agent agent start
#  Starting SW Agent
#    Agent ID: agt_v3_5556c36b
#    Cloud:    wss://agent.schema-weaver.dev
#    Databases: 1

# 7. Check status
sw-agent agent status
#  Agent Status
#    Running          Yes
#    PID              12345
#    Version          0.1.2
#    Started          2025-01-15 10:23:00
#    Uptime           2h 34m
#    Last heartbeat   2025-01-15 12:57:00
#    Status           ✓ OK
#  Channels
#    SSE              connected
#    WSS              idle
#  Stats
#    Queries served   42
#    Streams served   5
#    Migrations run   3
#    ...

Quick Start (Programmatic)

import { AgentClient } from '@vivekmind/sw-agent';

const client = new AgentClient({
  relayUrl: 'wss://www.worker-pod.io',
  agentId: 'agt_laptop_a1b2c3d4',
  token: 'swagt_7Kk2mP9xQr4T...',
});

await client.connect();

const ctx = { project: 'myapp', role: 'admin' as const, userId: 'alice' };

// Run a query
const result = await client.query('SELECT * FROM users LIMIT 10', ctx);
console.log(result.rows);

// Stream a large result
for await (const chunk of client.streamQuery('SELECT * FROM big_table', ctx)) {
  console.log(`Chunk ${chunk.chunkIndex}: ${chunk.rows.length} rows`);
}

// Run a migration
const migration = await client.migrate(
  'CREATE TABLE foo (id serial PRIMARY KEY);',
  ctx,
  { strategy: 'single_tx' }
);

// Introspect the schema
const schema = await client.introspect(ctx);
console.log(schema.tables);

await client.disconnect();

CLI Reference

Command Description
sw-agent init Initialize agent on this machine (generate ID + token)
sw-agent db add Add a PostgreSQL database (interactive, with connection test)
sw-agent db list List configured databases (pretty table)
sw-agent db remove <alias> Remove a database entry
sw-agent db test <alias> Test database connection (with latency)
sw-agent db edit <alias> Edit a database entry (interactive)
sw-agent project list List all linked projects
sw-agent agent start Start agent daemon (foreground)
sw-agent agent start --daemon Start as background daemon
sw-agent agent stop Stop running agent (cleans up PID file)
sw-agent agent stop --force Force kill (SIGKILL)
sw-agent agent status Show daemon health and stats
sw-agent doctor Run pre-flight diagnostic checks (includes DB reachability)
sw-agent logs View/filter the audit log
sw-agent logs --follow Follow audit log in real-time
sw-agent audit verify Verify audit log hash chain integrity
sw-agent link <project> Link to a browser project

Permission Model

Each project has a permission level:

Level Behavior
read_only Only SELECT queries allowed
auto_upgrade Reads + pre-registered migrations auto-approved
manual Every query/migration requires browser approval
full All queries and migrations auto-approved

Each request is stamped with a role from the browser:

Role query write migrate cancel introspect
admin
developer
data_reader
viewer

Audit Log

Every action is logged to ~/.sw-agent/audit/audit.jsonl with a SHA-256 hash chain:

# View recent events
sw-agent logs --limit 20

# Filter by user
sw-agent logs --user alice

# Verify chain integrity
sw-agent audit:verify
# ✓ Verified 1,247 entries, chain intact

Each entry includes: timestamp, user, role, action, decision (allow/deny), outcome, SQL fingerprint, and duration.

Interactive REPL

Running sw-agent with no arguments launches an interactive REPL with tab completion:

$ sw-agent

  ╔══════════════════════════════════════════════════╗
  ║                                                  ║
  ║    Schema Weaver Agent    v0.1.1                ║
  ║                                                  ║
  ║    Bridge between your browser IDE and PG.       ║
  ║                                                  ║
  ╚══════════════════════════════════════════════════╝

  Agent ID:  agt_v3_5556c36b  ✓ running
  Config:    ~/.sw-agent

  Type help for commands, exit to quit.

sw-agent › help
  Commands:
    init              First-time setup
    status            Agent status
    doctor            Diagnostics
    db add            Add database
    db ls             List databases
    db remove         Remove database
    db test           Test connection
    db edit           Edit database
    projects          Linked projects
    link              Link project
    start             Start daemon
    stop              Stop daemon
    logs              Audit logs
    audit verify      Verify audit chain
    config show       Show config
    help              Show help
    clear             Clear screen
    exit              Quit

sw-agent › 

Modern UI Features

The CLI uses a modern terminal UI inspired by Vite, Claude Code, and Cargo:

  • Green checkmarks (✓) for success states
  • Red crosses (✗) for errors
  • Yellow warnings () for warnings
  • Animated spinner for long-running operations (connection tests, audit verification)
  • Pretty tables with Unicode box drawing for database lists and status output
  • Cyan brand accents for links and commands
  • Dim gray for metadata and timestamps
  • Password masking with dots in interactive prompts
  • Tab completion in the REPL

Files live in ~/.sw-agent/ with 0600 permissions:

File Description
sw-agent.config.json Machine config (agent_id, token, version)
databases.config.json Registered databases (one per project)
audit/audit.jsonl Tamper-evident audit log
agent.pid Daemon PID file (runtime)
agent.status.json Daemon health (runtime)

Features

  • Query execution — Run SQL with automatic timeout and cancellation
  • Streaming — Chunked results for large datasets (async iterable)
  • Migrations — Single-transaction or per-statement strategies
  • Advisory locks — Prevent concurrent migrations on the same DB
  • Schema introspection — List tables, columns, indexes, constraints
  • Query cancellation — In-flight queries can be cancelled via control channel
  • Manual approval flow — Browser prompts for sensitive operations
  • Auto-upgrade — Pre-register migration plans for auto-approval
  • Mock relay — Built-in development relay for local testing

Development

cd sw-agent

# Install dependencies
npm install

# Build
npm run build

# Type check
npm run typecheck

# Lint
npm run lint

# Run unit tests
npm test

# Run E2E tests (requires PostgreSQL)
TEST_PG_URL=postgresql://localhost:5432/test npm run test:e2e

API Exports

@vivekmind/sw-agent (Client SDK)

Browser-safe exports for connecting to agents:

export { AgentClient } from '@vivekmind/sw-agent';
export { AgentClientError, AgentClientTimeoutError, AgentClientDisconnectedError } from '@vivekmind/sw-agent';
export { MessageType, ErrorCode } from '@vivekmind/sw-agent';
@vivekmind/sw-agent (Server Runtime)

Full exports including PostgreSQL execution:

// Config
export { loadMachineConfig, saveMachineConfig } from '@vivekmind/sw-agent';
export { loadDatabaseConfig, saveDatabaseConfig, getDatabase } from '@vivekmind/sw-agent';

// Protocol
export { MessageType, ErrorCode, createMessage, serialize, deserialize } from '@vivekmind/sw-agent';

// Execution
export { PoolManager, QueryRunner, MigrationRunner, Introspector, Canceller } from '@vivekmind/sw-agent';

// Permissions
export { PermissionChecker, AutoUpgradeChecker, ManualApprovalHandler, PlanRegistry } from '@vivekmind/sw-agent';

// Audit
export { AuditSink, LocalAuditWriter, CloudAuditWriter, verifyChain } from '@vivekmind/sw-agent';

// Channels
export { AgentSession, WakeChannel, DataChannel } from '@vivekmind/sw-agent';

Test Coverage

  • 240+ tests across protocol, channels, execution, permissions, audit, and CLI
  • E2E tests for full agent relay client flows
  • Mock relay for isolated testing

License

MIT 2026 Schema Weaver

Keywords