npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

salambo

v0.1.4

Published

Salambo CLI for API workflows

Readme

Salambo CLI

Command-line tooling for Salambo agent source deployments.

First-agent quickstart

salambo init my-agent
cd my-agent
salambo auth set --api-url https://app.salambo.ai
salambo auth set --key <api_key>
salambo auth status
salambo deploy

salambo deploy is the main deployment path for the current template. It uploads your agent source and compiled Pi manifest to Salambo; the hosted deployment worker builds the sandbox image, creates the Daytona snapshot, and activates the agent.

Current template model

The default Pi template is worker-owned:

Salambo worker = brain, model loop, run lifecycle
template repo  = agent config + sandbox image inputs

There is intentionally no app server, no /agent/query, and no local Pi brain in the template repo.

Agent behavior belongs in:

agent/settings.json
agent/system.md
agent/skills/**
agent/prompts/**
agent/extensions/**

Sandbox machine setup belongs in:

sandbox/Dockerfile
sandbox/packages.mjs
sandbox/workspace/**

Primary commands

salambo init <name>
salambo auth set --api-url https://app.salambo.ai
salambo auth set --key <api_key>
salambo auth status
salambo auth whoami
salambo deploy
salambo manifest --path . --json
salambo doctor

salambo init

Creates a starter agent repo from the hosted template and writes a local salambo.yaml for the chosen agent name.

salambo auth

Stores, checks, or removes the API URL and key used by later CLI commands. auth set can update the URL and key together or one at a time; setting a new key keeps the existing URL.

salambo auth set --api-url https://app.salambo.ai
salambo auth set --key <api_key>
salambo auth status
salambo auth whoami
salambo auth logout

salambo deploy

Packages the source directory into a .tar.gz archive, excludes generated/dependency directories (.git, node_modules, dist, .next, .turbo, coverage), compiles and uploads the Pi manifest, creates an immutable deployment record, uploads the source archive, verifies its SHA-256, and leaves the deployment in source_uploaded for the Salambo deployment worker.

The hosted deployment worker owns the remaining server-side steps:

source_uploaded -> Depot image build -> Daytona snapshot -> ready -> agents.active_deployment_id

GitHub Actions/CI should not build Docker images and should not receive Depot or Daytona credentials. CI only needs Salambo API auth plus any environment variables referenced by salambo.yaml secrets.

salambo smoke

Calls the real Salambo Responses API for the deployed agent. This validates the hosted API/runtime path. It is useful after the agent is ready and the account has the required runtime scopes/billing state.

salambo manifest

Compiles and prints the deploy manifest for review/debugging without uploading source.

salambo doctor

Read-only diagnostics for local config, auth profile, and required secret env vars.

Agent API commands

These remain available for lower-level agent API workflows:

salambo agent create --template ./agent.template.json --profile default
salambo agent config set --id <agent_id> --file ./agent.config.json --profile default

Legacy local-harness commands

The old local Docker image/snapshot workflow is not exposed in the first-agent CLI. salambo deploy now always means source deploy from the current project directory unless --source <path> points at another directory.

The current template runs Pi in Salambo's hosted worker. There is no supported salambo dev, salambo pi, salambo build, or salambo snapshot push path for the first-agent release.

salambo.yaml

A minimal source-deploy config looks like:

version: 1
name: my-agent
runtime: pi

image:
  context: .
  dockerfile: sandbox/Dockerfile
  platform: linux/amd64
  buildArgs: {}

snapshot:
  name: my-agent
  entrypoint: /app/start.sh
  size: s

agent:
  name: My Agent
  slug: my-agent
  description: General-purpose Pi agent.
  icon: 🤖
  isActive: true

runtimeConfig:
  egressPolicyMode: restricted
  egressAllowlist:
    - api.openai.com

env:
  MODEL:
    value: gpt-5.2
    description: Default model.

secrets:
  OPENAI_API_KEY:
    fromEnv: OPENAI_API_KEY
    description: OpenAI provider key.
    exposeTo:
      - runtime

Rules:

  • MVP runtime is pi.
  • agent.slug is used to find/update the deployed agent.
  • agent.isActive controls deployed active/inactive state.
  • env entries are non-secret configuration.
  • secrets entries use fromEnv and must never store raw secret values in YAML.
  • exposeTo controls where an entry is available: runtime for the Salambo/Pi worker brain, sandbox for Daytona hands/tools/extensions.
  • Sandbox-exposed secrets require allowedHosts and are injected as sealed egress tokens, not plaintext env vars.

Install / run from repo

In the monorepo:

pnpm --filter salambo build
node packages/cli/build/index.js --help

For local package validation:

pnpm --filter salambo test
pnpm --filter salambo typecheck
pnpm --filter salambo build
cd packages/cli && npm pack --dry-run