{"id":51055838,"url":"https://github.com/sawfwair/merekit-link","last_synced_at":"2026-06-22T21:01:30.806Z","repository":{"id":366211840,"uuid":"1233784002","full_name":"sawfwair/merekit-link","owner":"sawfwair","description":"MereKit CLI for declaring workspace links, sync policy, and Executor-backed integrations.","archived":false,"fork":false,"pushed_at":"2026-06-20T18:50:28.000Z","size":191,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-20T20:12:14.362Z","etag":null,"topics":["agents","cli","executor","github-pages","link-graph","merekit","policy","vitepress","workspace"],"latest_commit_sha":null,"homepage":"https://sawfwair.github.io/merekit-link/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sawfwair.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-05-09T11:00:12.000Z","updated_at":"2026-06-20T18:50:32.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/sawfwair/merekit-link","commit_stats":null,"previous_names":["sawfwair/merekit-link"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/sawfwair/merekit-link","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sawfwair%2Fmerekit-link","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sawfwair%2Fmerekit-link/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sawfwair%2Fmerekit-link/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sawfwair%2Fmerekit-link/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sawfwair","download_url":"https://codeload.github.com/sawfwair/merekit-link/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sawfwair%2Fmerekit-link/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34665261,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-22T02:00:06.391Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agents","cli","executor","github-pages","link-graph","merekit","policy","vitepress","workspace"],"created_at":"2026-06-22T21:01:24.533Z","updated_at":"2026-06-22T21:01:30.798Z","avatar_url":"https://github.com/sawfwair.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# MereKit Link\n\n`@merekit/link` is a standalone CLI for declaring and resolving links between work surfaces.\n\nIt works in three modes:\n\n- No Mere platform: validate and inspect a local `mere.link.yaml`.\n- Partial Mere: combine local URLs, repos, channels, files, and selected Mere apps.\n- Full Mere: generate starter YAML from `mere ops workspace-snapshot`.\n\nBuilt-in integration plugins include `mere`, `executor`, `url`, `local`, and `generic`.\n\n`executor` is the runtime bridge for product integrations. Link keeps the declarative graph and write policy in `mere.link.yaml`; Executor owns tool discovery, schemas, auth, approvals, and invocation for systems such as Monday, SharePoint, GitHub, Slack, OpenAPI, MCP, and GraphQL.\n\nOperator policy adds a neutral capability gate for agent and human operators. When policy is configured, Link enforces operator identity, provider, client, account class, trust tier, environment, and requested capabilities before context export, sync planning/apply, or Executor tool invocation.\n\n## Executor Runtime\n\nThe core Link commands work without Executor. The `mere-link executor ...` commands require an [Executor](https://github.com/RhysSullivan/executor)-compatible HTTP runtime.\n\nFor local development, install and start Executor separately:\n\n```sh\nnpm install -g executor\nexecutor web\n```\n\nExecutor's default local runtime is `http://127.0.0.1:4788`. Link defaults to `http://localhost:4788`, supports both scoped and current unscoped Executor runtimes, and can be overridden with either config or flags:\n\n```yaml\nintegrations:\n  executor:\n    plugin: executor\n    baseUrl: http://127.0.0.1:4788\n```\n\n```sh\nmere-link executor sources --executor-base-url http://127.0.0.1:4788 --json\nmere-link executor tools search \"github issue\" --executor-base-url http://127.0.0.1:4788 --json\n```\n\nIf the runtime requires a bearer token, set `MERE_LINK_EXECUTOR_TOKEN`, declare `tokenEnv` on the Executor integration, or pass `--executor-token-env ENV_NAME`. For non-local Executor URLs declared in config, use `tokenEnv`; Link refuses to forward the global `MERE_LINK_EXECUTOR_TOKEN` to those runtimes.\n\n## Docs\n\n- [Published Docs](https://sawfwair.github.io/merekit-link/)\n- [Codebase Map](CODEBASE.md)\n- [Design Decisions](DECISIONS.md)\n- [Agent Guide](AGENTS.md)\n- [Contributing](CONTRIBUTING.md)\n- [Operations](docs/operations.md)\n- [Security](SECURITY.md)\n\n```sh\nnpm install -g @merekit/link\nmere-link config init --output mere.link.yaml\nmere-link config validate --config mere.link.yaml\nmere-link context inspect workspace workspace --role work --config mere.link.yaml --json\nmere-link policy evaluate workspace workspace --capability project.context.export --operator approved-agent --json\nmere-link sync projects --config mere.link.yaml --json\nmere-link executor tools search \"monday item\" --json\nmere-link executor policy compile --config mere.link.yaml --json\n```\n\nWhen bundled by `@merekit/cli`, the same command surface is available as:\n\n```sh\nnpm install -g @merekit/cli\nmere link config init --output mere.link.yaml\nmere link generate workspace --workspace ws_123 --output mere.link.yaml --yes\nmere link policy evaluate workspace workspace --capability project.context.export --operator approved-agent --json\nmere link sync projects --config mere.link.yaml --json\nmere link executor tools search \"monday item\" --json\n```\n\n`@merekit/cli` publishes the root `mere` command and bundles a generated Link adapter for convenience. Link remains the source package for the command behavior, docs, YAML model, and safety policy; the root CLI discovers the Link command manifest and delegates `mere link ...` through that adapter.\n\n`sync projects` plans Mere Projects records and URL links from configured work surfaces. It is a dry run unless `--apply` is passed, and planning/applying requires a `mere` Projects app surface with `policy.writes: [sync]`.\n\nExisting Mere Projects records can be attached with a project surface such as `mere-project: { integration: mere, kind: record, id: prj_123 }`; Link will use that record for link upserts without touching the project narrative.\n\nExecutor-backed integrations can declare product namespaces while retaining Link's surface graph:\n\n```yaml\nintegrations:\n  executor:\n    plugin: executor\n    runtime: local\n    baseUrl: http://localhost:4788\n  monday:\n    plugin: executor\n    namespace: monday\n  sharepoint:\n    plugin: executor\n    namespace: sharepoint\n\nentities:\n  example:\n    name: Example Organization\n    projects:\n      rollout:\n        name: Rollout\n        surfaces:\n          planning:\n            integration: monday\n            kind: board\n            id: \"1234567890\"\n            policy:\n              writes: [sync]\n          docs:\n            integration: sharepoint\n            kind: site\n            id: example.sharepoint.com/sites/project\n```\n\nCompile Link policy into deterministic Executor rules before applying:\n\n```sh\nmere-link executor policy compile --config mere.link.yaml --json\nmere-link executor policy apply --config mere.link.yaml --yes --json\n```\n\nExecutor reads and writes through Link require a declared surface and matching resource arguments unless the config declares an explicit broad `namespace`, `source`, or exact `tool` surface. Writes also require compiled write policy and `--apply`.\nCompiled plans expose Link's local resource checks as `resourceGuards`, made from `ArgumentPredicate` entries such as `boardId equals \u003cdeclared board\u003e`.\n\nRelay-backed local capabilities use the same pattern. A Mac or local AI node can be declared as Executor namespaces while Relay owns the live outbound tunnel:\n\n```yaml\nintegrations:\n  localai:\n    plugin: executor\n    namespace: localai\n  imessage:\n    plugin: executor\n    namespace: imessage\n\nentities:\n  personal:\n    projects:\n      relay:\n        surfaces:\n          local-ai:\n            integration: localai\n            kind: source\n            id: mere-run\n            policy:\n              writes: [create, message]\n          psi-model:\n            integration: localai\n            kind: model\n            id: psi\n            policy:\n              writes: [message]\n          imessage-line:\n            integration: imessage\n            kind: source\n            id: default\n            policy:\n              writes: [message]\n```\n\n## YAML Shape\n\n```yaml\nschemaVersion: 1\noperators:\n  approved-agent:\n    name: Approved Agent\n    type: agent\n    provider: managed-runtime\n    client: agent-shell\n    accountClass: org-managed\n    trustTier: approved\npolicy:\n  defaultEffect: deny\n  rules:\n    - id: allow-approved-context\n      effect: allow\n      capabilities: [project.context.export, sync.plan, repo.documentation.write]\n      providers: [managed-runtime]\n      clients: [agent-shell]\n      accountClasses: [org-managed]\n      trustTiers: [approved]\n    - id: deny-code-write\n      effect: deny\n      capabilities: [repo.code.write]\nintegrations:\n  mere:\n    plugin: mere\n    workspace: ws_123\n  executor:\n    plugin: executor\n  github:\n    plugin: executor\n    namespace: github\n  url:\n    plugin: url\n\nentities:\n  workspace:\n    name: Workspace\n    projects:\n      workspace:\n        name: Workspace\n        surfaces:\n          work:\n            integration: mere\n            kind: workspace\n            id: ws_123\n          code:\n            integration: github\n            kind: repo\n            id: owner/repo\n            optional: true\n          docs:\n            integration: url\n            kind: link\n            id: https://example.com/docs\n            optional: true\n\nlinks:\n  - from: workspace/workspace:work\n    to: workspace/workspace:docs\n    label: Documentation\n```\n\nEvaluate operator policy before exporting context or preparing write payloads:\n\n```sh\nmere-link policy taxonomy --json\nmere-link policy evaluate workspace workspace --capability project.context.export --operator approved-agent --json\nmere-link policy guidance\n```\n\n## Development\n\n```sh\npnpm install\nnvm use 24\npnpm hooks:install\npnpm lint\npnpm check\npnpm test\npnpm coverage\npnpm smoke\npnpm verify\n```\n\n`pnpm verify` is the release gate: lint with zero warnings, typecheck source and tests, run integration tests, enforce coverage, smoke the built CLI, and dry-run the npm package.\n\n## Publish\n\n`@merekit/link` publishes the standalone `mere-link` binary, generated `dist/` files, docs, and package metadata. It does not bundle Executor, local state, dependency trees, test output, coverage artifacts, or secrets.\n\nUse [docs/guides/publish-checklist.md](docs/guides/publish-checklist.md) before a release. The `Publish` GitHub Actions workflow uses npm Trusted Publishing through GitHub Actions OIDC. Configure `@merekit/link` on npm with repository `sawfwair/merekit-link`, workflow filename `publish.yml`, and environment `npm`; no long-lived `NPM_TOKEN` is required.\n\n```sh\npnpm release:check\n```\n\n## License\n\nApache-2.0.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsawfwair%2Fmerekit-link","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsawfwair%2Fmerekit-link","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsawfwair%2Fmerekit-link/lists"}