https://github.com/kychee-com/eleanor4devs

Public npm packages for eleanor4devs — provider-contract, sdk, mcp, cli. Voice-first developer assistant orchestrating Claude Code and Codex sessions.
https://github.com/kychee-com/eleanor4devs

Last synced: 18 days ago
JSON representation

Public npm packages for eleanor4devs — provider-contract, sdk, mcp, cli. Voice-first developer assistant orchestrating Claude Code and Codex sessions.

• Host: GitHub
• URL: https://github.com/kychee-com/eleanor4devs
• Owner: kychee-com
• Created: 2026-05-20T21:13:26.000Z (about 1 month ago)
• Default Branch: main
• Last Pushed: 2026-06-11T07:25:41.000Z (19 days ago)
• Last Synced: 2026-06-11T09:14:28.155Z (19 days ago)
• Language: TypeScript
• Homepage: https://eleanor4devs.com
• Size: 256 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# eleanor4devs — public packages

Public npm packages for [eleanor4devs](https://eleanor4devs.com), a voice-first developer assistant that orchestrates Claude Code and Codex sessions.

This repo holds the source for the 4 `@eleanor4devs/*` packages on npm:

| Package | npm | Description |

|---|---|---|

| [`@eleanor4devs/provider-contract`](https://www.npmjs.com/package/@eleanor4devs/provider-contract) | [![npm](https://img.shields.io/npm/v/@eleanor4devs/provider-contract.svg)](https://www.npmjs.com/package/@eleanor4devs/provider-contract) | Common Provider Contract — shared TypeScript types for Eleanor's Provider Boxes (Claude Local, Codex Local). |

| [`@eleanor4devs/sdk`](https://www.npmjs.com/package/@eleanor4devs/sdk) | [![npm](https://img.shields.io/npm/v/@eleanor4devs/sdk.svg)](https://www.npmjs.com/package/@eleanor4devs/sdk) | Canonical TypeScript SDK — typed entry points for MCP verbs, thread orchestration, status, auth. |

| [`@eleanor4devs/mcp`](https://www.npmjs.com/package/@eleanor4devs/mcp) | [![npm](https://img.shields.io/npm/v/@eleanor4devs/mcp.svg)](https://www.npmjs.com/package/@eleanor4devs/mcp) | MCP server — single declarative verb `report({event, ...})`. Strict credential isolation. |

| [`@eleanor4devs/cli`](https://www.npmjs.com/package/@eleanor4devs/cli) | [![npm](https://img.shields.io/npm/v/@eleanor4devs/cli.svg)](https://www.npmjs.com/package/@eleanor4devs/cli) | CLI — `eleanor4devs install`, skill packs, Telegram auth, status. |

## Install

```bash

npm install -g @eleanor4devs/cli

eleanor4devs install

```

Then visit the Telegram bot at [`@eleanor4devs_bot`](https://t.me/eleanor4devs_bot).

Full install instructions: https://eleanor4devs.com/install/

## Repository structure

```

packages/

├── provider-contract/   Shared TypeScript types (the 8-verb common contract).

├── sdk/                 Canonical TypeScript SDK consumed by 3rd-party code + this repo's other packages.

├── mcp/                 Single-verb MCP server for Claude Code / Codex.

└── cli/                 `eleanor4devs` CLI — install + auth + status.

.github/workflows/

└── publish-all.yml      Trusted Publisher OIDC publish pipeline.

```

This is a monorepo using npm workspaces. All 4 packages release lockstep at the same version via the `publish-all.yml` workflow.

## Validation profiles (test tiers)

Tests follow the product's three-profile partition (spec AC-145):

- **Core** — offline: `ELEANOR4DEVS_SKIP_LIVE_NPM=1 npm test`. Every live-network regression test self-gates on that env var (pinned monorepo-wide by `packages/sdk/test/core_profile_offline.test.ts`), so the gated run passes with no network access (AC-102).

- **Extension** — real network against the npm registry and the deployed surfaces: `npm test` (the default — includes the live tests).

- **Real Integration** — real vendor APIs; exercised by the private repo's backend suite and the Red Team's `/systemtest` cycles against the deployed product, not from this repo.

## Release process

All releases go through the GitHub Actions `publish-all.yml` workflow using npm's Trusted Publisher OIDC federation — **no stored npm tokens**. Each published version has cryptographic provenance attestation linking the binary to the GitHub Actions run that produced it. Verify any release via:

```bash

npm audit signatures @eleanor4devs/

```

Or via the published shasum + the workflow's GitHub Release attachment.

## Privacy & Security

See https://eleanor4devs.com/privacy/. Short version:

- The MCP server exposes **exactly one verb** (`report`). No file I/O, no shell exec, no arbitrary network egress.

- Local audit log at `~/.eleanor4devs/audit.log` records every call's hashed digest. Raw payloads stay local.

- Only **hashed payload digests** + session metadata leave the user's machine, not raw `report` contents.

- Sign out a CLI install (revokes its backend token, then deletes the local credential) with `eleanor4devs logout`.

- Remove eleanor4devs entirely with `eleanor4devs uninstall` — it sweeps every local artifact (hooks, MCP entry, slash commands, skill packs, `~/.eleanor4devs`), best-effort disables your opted-in sessions and revokes the credential when linked, and finishes by printing the one remaining step: `npm uninstall -g @eleanor4devs/cli`.

## Reporting issues

Open an issue: https://github.com/kychee-com/eleanor4devs/issues

For security disclosures, please email volinskey@gmail.com instead of opening a public issue.

## License

UNLICENSED — code shipped publicly for consumer access only. Contact for licensing terms.

Internal product spec, plan documents, backend implementation, and infrastructure code live in a separate private repository.