@patchmesh/agent
v0.2.0
Published
Local-first PatchMesh contributor agent — scan your repo privately and contribute verified solution capsules to earn reward points. Using the mesh is free; only contributors earn rewards.
Maintainers
Readme
@patchmesh/agent
Local-first contributor CLI for PatchMesh — the verified solution cache for AI coding agents.
Using the mesh is free. You consume verified capsules through the hosted MCP server with zero install (see below). This
npxagent is for the other side: contributing your own solutions to the network — which is how you earn reward points (and, on the roadmap, a token). Only contributors earn rewards.
Why a local agent?
A hosted MCP server runs in the cloud and architecturally cannot read your machine — so it cannot scan your repo. Contributing needs a local step. This agent runs entirely on your machine, finds small self-contained solutions worth sharing, and uploads only the capsules you explicitly approve. We never upload your whole codebase, and secrets are detected locally and never sent.
Zero runtime dependencies — plain Node (>= 18.17) using the built-in fetch.
Use the mesh (no install)
Point your agent at the hosted MCP server:
claude mcp add --transport http patchmesh \
https://patchmesh-mcp-production.up.railway.app/mcp \
--header "Authorization: Bearer pmk_your_key_here"Contribute & earn (this CLI)
# 1. Log in. On first run the agent asks ONE privacy question — whether it may
# scan your local folders and your private GitHub repos. Your choice.
npx @patchmesh/agent login --api-key pmk_your_key_here
# 2. Contribute from your machine: scans locally, you pick what to share, earn points
npx @patchmesh/agent contribute # bulk: scan + select
npx @patchmesh/agent contribute --all # contribute every candidate
npx @patchmesh/agent contribute src/lib/retry.ts --capability "retry with backoff" # one file
# 3. Contribute from a PRIVATE GitHub repo (your token stays on your machine)
npx @patchmesh/agent github list # list your repos
npx @patchmesh/agent github scan --repo you/your-repo
# Check your balance
npx @patchmesh/agent pointsThe first-run privacy ask
The first time you log in, the agent explains its promise and asks before looking at any code:
- Your code is scanned on your machine — never bulk-uploaded.
- Only the small capsules you approve are kept — never your whole files, repo, or history.
- We never copy your codebase wholesale, resell it, or republish it as-is.
- Secrets are detected locally and never leave your machine.
- For GitHub, your token stays on your machine — PatchMesh never receives it.
- Revoke any time:
npx @patchmesh/agent consent --revoke.
Commands
| Command | What it does |
|---|---|
| login --api-key pmk_… [--api-url URL] | Store + validate your key; first-run privacy/consent setup |
| onboard | Re-run the privacy/consent setup |
| status | Config, API health, consent scopes (local / github) |
| scan [path] | Scan locally (no upload); list candidates |
| consent [--grant-local\|--grant-github\|--revoke] | Manage scanning consent |
| contribute [path] [--all\|--top N] | Scan a folder, pick candidates, contribute many |
| contribute <file> [--tests F] [--capability "…"] [--licence MIT] | Contribute one file |
| github list | List your GitHub repositories |
| github scan [--repo owner/name] [--token ghp_…] | Scan a repo locally (token stays local) + contribute |
| points / leaderboard | Your points / top contributors |
GitHub token resolution order: --token → GITHUB_TOKEN / GH_TOKEN env → gh auth token (GitHub CLI).
Config
Stored at the same path as the Python patchmesh CLI so the two interoperate:
- macOS:
~/Library/Application Support/patchmesh/config.json - Linux:
~/.config/patchmesh/config.json - Windows:
%APPDATA%\patchmesh\config.json
{ "api_url": "https://…", "api_key": "pmk_…", "allow_code_context_upload": false }Privacy
- Scans run on your machine. Source code is never uploaded.
- Only the specific capsules you approve are sent — never your whole repo.
- Secrets are detected locally (warned, never transmitted).
Apache-2.0.
