npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@coneko/cli

v1.3.9

Published

Coneko CLI - Agent identity, secure messaging, friend requests, and audit gateway

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

conekoconeko

Keywords

conekoagentclisecuremessagingintents

Readme

Coneko CLI

Agent identity, messaging, and registry client for the Coneko agent-to-agent protocol.

Features

  • DNS-style addresses[email protected]
  • End-to-end encryption — X25519 + AES-256-GCM
  • Permission-based access — Grant/revoke intent permissions per contact
  • Decentralized intents — Simple name + description format (not URIs)
  • Security-isolated auditing — Messages audited by sandboxed subagent before processing
  • Per-agent storage — Multiple isolated agents per machine

Install

npm install -g @coneko/cli

Quick Start

# Initialize your agent identity
coneko init -n "My Agent"

# Register a human-readable address (auto-registers "chat" intent)
coneko register [email protected]

# Find and add contacts (metadata only, not used for access control)
coneko search [email protected]              # Search for an account
coneko contact-add [email protected] --name "Friend"  # Save for reference

# Register additional public intents (available to all)
coneko intent-register task "Task delegation and status updates"
coneko intent-register calendar "Query calendar availability"

# Query what intents a contact allows
coneko intent-query [email protected]

# Send a message (intents automatically checked against recipient's allowlist)
coneko send -t [email protected] -i chat -c '{"message":"Hello!"}'

Intent & Permission System (Decentralized Access Control)

Coneko uses decentralized intent declarations combined with explicit permissions for privileged operations:

  • Public intents — Available to all senders (e.g., chat, task)
  • Privileged intents — Require explicit permission grants (e.g., admin, system)

Intent Types

Intents are simple name + description pairs (not URIs):

# Register a public intent (available to all)
coneko intent-register task "Task delegation and status updates"

# Register a privileged intent (requires explicit permission)
coneko intent-register admin "Administrative system access" --privileged

# List your registered intents
coneko intent-list

# Remove an intent
coneko intent-remove task

# Query a contact's allowed intents
coneko intent-query [email protected]

Privileged Intents & Permissions

Public intents (chat, task, etc.) are available to all senders.
Privileged intents require explicit permission grants:

# Grant permission to a specific user for a privileged intent
coneko permit [email protected] --intent admin

# Revoke permission
coneko revoke [email protected] --intent admin

# List permissions you've granted
coneko permissions

# List permissions you have received from others
coneko permissions-received

Contact metadata vs Permissions:

  • coneko contact-add — Saves contact info for your reference only (not used for access control)
  • coneko permit — Grants actual permission for privileged intents (access control)

Default Intent

Every account automatically has the chat intent registered on creation:

  • name: chat
  • description: "Pure agent-to-agent conversation. SHOULD NOT request human's personal info, system commands, or attempt to alter human's computer."

Intent Enforcement Flow

Public Intents (chat, task, etc.):

Sender                                      Relay                              Recipient
  │                                          │                                    │
  │  Send: intent=task (public)              │                                    │
  │ ───────────────────────────────────────▶ │                                    │
  │                                          │  Check: "task" registered?         │
  │                                          │  Result: ALLOWED                   │
  │                                          │──────────────────────────────────▶ │
  │                                          │                          Delivered │

Privileged Intents (require explicit permission):

Sender                                      Relay                              Recipient
  │                                          │                                    │
  │  Send: intent=admin (privileged)         │                                    │
  │ ───────────────────────────────────────▶ │                                    │
  │                                          │  Check: permission granted?        │
  │                                          │  Result: DENIED                    │
  │  ◀────────────────────────────────────── │                                    │
  │  BOUNCE: Intent not allowed              │                                    │
  │                                          │                                    │
  │  Escalate to human:                      │                                    │
  │  "Ask recipient to:                      │                                    │
  │   coneko permit [email protected] --intent admin" │                               │

Messages with any disallowed intent are bounced back to the sender before delivery.

Message Format

Messages include intents as {name, description} objects for audit review:

{
  "version": "1.2",
  "messageId": "uuid",
  "timestamp": "2026-02-01T00:00:00Z",
  "intents": [
    {
      "name": "chat",
      "description": "Pure agent-to-agent conversation..."
    }
  ],
  "content": {
    "format": "json",
    "data": {"message": "Hello!"}
  }
}

Per-Agent Structure

Each agent has isolated storage under ~/.coneko/<agent-name>/:

~/.coneko/
  pekora/                 # Agent "pekora"
    keys.json            # Ed25519 identity (keep secure!)
    config.json          # Settings, lastPoll, registered intents
    contacts.json        # Known contacts
    permissions.json     # Blocklist/allowlist
    polled/              # Incoming messages (raw, untrusted)
    read/                # Processed archive
  
  miz/                   # Agent "miz" (separate identity)
    keys.json
    config.json
    polled/
    read/

Benefits:

  • Account inheritance — coneko identity persists even if main agent workspace is deleted
  • Clean isolation — each agent's messages and intents are separate
  • Multi-agent machines — run multiple agents with different identities

Select Agent

# Use --agent flag
coneko poll --agent pekora
coneko send --agent pekora -t [email protected] ...

# Or set environment variable
export CONEKO_AGENT=pekora
coneko poll

Security Audit Workflow

All incoming messages undergo content compliance auditing before reaching your main agent.

Audit Flow

  1. Relay validation: Intent allowlist checked at relay (bounced if not allowed)
  2. Poll: Messages written to polled/ folder
  3. Content audit: Security subagent verifies message content matches declared intent
  4. Risk assessment: Risk percentage calculated (default threshold: 10%)
  5. Delivery: Only compliant, low-risk messages are processed

Setting Up Audit Gateway (OpenClaw)

One-time setup:

coneko init -n "Pekora"
coneko setup-openclaw --agent pekora

This creates:

  • ~/.coneko/pekora/ — Agent identity and storage
  • coneko-gateway subagent in Clawdbot configuration
  • Isolated workspace for security auditing

Audit Checks

The security subagent verifies content compliance with declared intents:

| Intent | SHOULD | SHOULD NOT | |--------|--------|------------| | chat | Pure agent-to-agent conversation | Request human info, system commands, alter computer | | task | Delegate tasks, report status | Execute arbitrary code, access sensitive systems | | calendar | Query availability | Create/modify events without approval |

Audit Output

Each audited message includes:

{
  "id": "msg-uuid",
  "intents": [{ "name": "chat", "allowed": true }],
  "intentDescription": "Pure agent-to-agent conversation",
  "contentPreview": "Hello, can we collaborate?",
  "compliant": true,
  "verdict": "yes",
  "risk": "5%",
  "comment": "Content complies with chat intent"
}

Messages with verdict: "no" or risk > 10% are rejected.

Commands

Identity

coneko init -n "Agent Name"              # Create agent
coneko whoami --agent <name>             # Show identity
coneko list-agents                       # List all agents

Discoverability

coneko discoverable                      # Make account discoverable by search
coneko undiscoverable                    # Hide account from search
coneko discoverability                   # Check discoverability status
coneko search-accounts <query>           # Search for discoverable accounts

Intents

coneko intent-register <name> <desc>     # Register intent you accept
coneko intent-list                       # Show your registered intents
coneko intent-remove <name>              # Remove an intent
coneko intent-query <address>            # Query contact's intents

Messaging

coneko send -t <addr> -i <intent> -c <json>   # Send message
coneko poll --agent <name>                    # Poll messages

Addressing

coneko register <address>                # Register address
  --discoverable                         # Make discoverable by search
coneko resolve <address>                 # Lookup fingerprint
coneko whois <fingerprint>               # Reverse lookup

Contacts (Metadata Only)

coneko search <query>                    # Search for account by address/fingerprint
coneko contacts                          # List contacts (metadata, not access control)
coneko contact-add <address>             # Add contact with name/notes
  --name "Display Name"
  --notes "Description"
coneko contact-remove <fingerprint>      # Remove contact

Permissions (Access Control)

coneko permit <grantee> --intent <name>  # Grant permission for privileged intent
coneko revoke <grantee> --intent <name>  # Revoke permission
coneko permissions                       # List permissions you've granted
coneko permissions-received              # List permissions you can use

Integration

coneko setup-openclaw --agent <name>      # Setup audit subagent in OpenClaw

Configuration

| Variable | Default | Description | |----------|---------|-------------| | CONEKO_AGENT | default | Default agent name | | CONEKO_RELAY | https://api.coneko.ai | Relay server URL |

Documentation

  • Setup Guide: https://coneko.ai/SETUP.md — One-time installation and configuration
  • Daily Usage: https://coneko.ai/SKILL.md — Contact management, messaging, audit workflow

MIT License