@agent-team-foundation/first-tree-hub 0.11.2 → 0.11.3

package/dist/{bootstrap-B-FRMuvL.mjs → bootstrap-D4rdqM2F.mjs}

@@ -1,5 +1,6 @@
 import { r as __exportAll } from "./chunk-BSw8zbkd.mjs";
 import { o as logFormatSchema, s as logLevelSchema } from "./logger-core-BTmvdflj-DjW8FM4T.mjs";
+import { t as cliFetch } from "./cli-fetch--tiwKm5S.mjs";
 import { z } from "zod";
 import { dirname, join } from "node:path";
 import { homedir } from "node:os";
@@ -784,7 +785,7 @@ async function ensureFreshAccessToken(opts) {
 	if (!isTokenStale(creds.accessToken, minValidityMs)) return creds.accessToken;
 	if (inflightRefresh) return inflightRefresh;
 	inflightRefresh = (async () => {
-		const res = await fetch(`${creds.serverUrl}/api/v1/auth/refresh`, {
+		const res = await cliFetch(`${creds.serverUrl}/api/v1/auth/refresh`, {
 			method: "POST",
 			headers: { "Content-Type": "application/json" },
 			body: JSON.stringify({ refreshToken: creds.refreshToken }),

package/dist/cli/index.mjs

@@ -1,14 +1,15 @@
 #!/usr/bin/env node
-import "../observability-C3nY6Jcz-Bk7FX689.mjs";
-import { $ as findStaleAliases, A as checkDatabase, B as installClientService, C as runHomeMigration, D as checkAgentConfigs, E as runMigrations, F as checkServerReachable, G as stopClientService, I as checkWebSocket, L as printResults, M as checkNodeVersion, N as checkServerConfig, O as checkBackgroundService, P as checkServerHealth, R as reconcileAgentConfigs, S as saveOnboardState, T as migrateLocalAgentDirs, U as restartClientService, V as isServiceSupported, W as startClientService, X as ClientRuntime, Y as stopPostgres, Z as handleClientOrgMismatch, _ as promptMissingFields, _t as probeCapabilities, a as declineUpdate, at as fail, b as onboardCheck, c as detectInstallMode, ct as print, d as startServer, dt as ClientOrgMismatchError, et as formatStaleReason, f as COMMAND_VERSION, ft as ClientUserMismatchError, g as promptAddAgent, gt as cleanWorkspaces, h as isInteractive, ht as SessionRegistry, i as createExecuteUpdate, it as resolveReplyToFromEnv, j as checkDocker, k as checkClientConfig, l as fetchLatestVersion, lt as setJsonMode, m as uploadClientCapabilities, mt as SdkError, nt as createOwner, o as promptUpdate, ot as success, p as reconcileLocalRuntimeProviders, pt as FirstTreeHubSDK, r as registerSaaSConnectCommand, s as PACKAGE_NAME, tt as removeLocalAgent, u as installGlobalLatest, v as formatCheckReport, vt as applyClientLoggerConfig, w as createApiNameResolver, x as onboardCreate, y as loadOnboardState, yt as configureClientLoggerForService, z as getClientServiceStatus } from "../saas-connect-Df2CVAGp.mjs";
+import "../observability-BAScT_5S-gw1ODB_o.mjs";
+import { $ as formatStaleReason, A as checkDocker, B as isServiceSupported, C as createApiNameResolver, D as checkBackgroundService, E as checkAgentConfigs, F as checkWebSocket, H as restartClientService, I as printResults, J as stopPostgres, L as reconcileAgentConfigs, M as checkServerConfig, N as checkServerHealth, O as checkClientConfig, P as checkServerReachable, Q as findStaleAliases, R as getClientServiceStatus, S as runHomeMigration, T as runMigrations, U as startClientService, W as stopClientService, X as handleClientOrgMismatch, Y as ClientRuntime, _ as formatCheckReport, a as declineUpdate, at as success, b as onboardCreate, c as detectInstallMode, ct as FirstTreeHubSDK, d as startServer, dt as cleanWorkspaces, et as removeLocalAgent, f as reconcileLocalRuntimeProviders, ft as probeCapabilities, g as promptMissingFields, h as promptAddAgent, i as createExecuteUpdate, it as fail, j as checkNodeVersion, k as checkDatabase, l as fetchLatestVersion, lt as SdkError, m as isInteractive, mt as configureClientLoggerForService, o as promptUpdate, ot as ClientOrgMismatchError, p as uploadClientCapabilities, pt as applyClientLoggerConfig, r as registerSaaSConnectCommand, rt as resolveReplyToFromEnv, s as PACKAGE_NAME, st as ClientUserMismatchError, tt as createOwner, u as installGlobalLatest, ut as SessionRegistry, v as loadOnboardState, w as migrateLocalAgentDirs, x as saveOnboardState, y as onboardCheck, z as installClientService } from "../saas-connect-gcT6Q10z.mjs";
 import "../logger-core-BTmvdflj-DjW8FM4T.mjs";
-import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, _ as getConfigValue, a as ensureFreshAdminToken, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, x as readConfigFile, y as loadAgents } from "../bootstrap-B-FRMuvL.mjs";
-import "../dist-FuUBFTEB.mjs";
-import { n as bindFeishuUser, t as bindFeishuBot } from "../feishu-GvFABWW5.mjs";
-import "../errors-BmyRwN0Y-CIZZ_sDc.mjs";
-import "../client-CLdRbuml-B416INrm.mjs";
-import "../src-DNBS5Yjj.mjs";
-import "../invitation-Dnn5gGGX-Ce7zbZpn.mjs";
+import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, _ as getConfigValue, a as ensureFreshAdminToken, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, x as readConfigFile, y as loadAgents } from "../bootstrap-D4rdqM2F.mjs";
+import { a as print, n as CLI_USER_AGENT, o as setJsonMode, r as COMMAND_VERSION, t as cliFetch } from "../cli-fetch--tiwKm5S.mjs";
+import "../dist-BAqGZkco.mjs";
+import { n as bindFeishuUser, t as bindFeishuBot } from "../feishu-Th_-ivJ7.mjs";
+import "../errors-BmyRwN0Y-Dad3eV8F.mjs";
+import "../client-CLdRbuml-BRtalKpQ.mjs";
+import "../src-aJMV60mR.mjs";
+import "../invitation-Dnn5gGGX-DXryyvRG.mjs";
 import { join } from "node:path";
 import { existsSync, mkdirSync, readFileSync, readdirSync } from "node:fs";
 import * as semver from "semver";
@@ -16,7 +17,7 @@ import { Command } from "commander";
 import { confirm, input, password, select } from "@inquirer/prompts";
 //#region src/commands/agent-config.ts
 async function resolveAgentRecord(serverUrl, adminToken, agentName) {
-	const res = await fetch(`${serverUrl}/api/v1/me/managed-agents`, {
+	const res = await cliFetch(`${serverUrl}/api/v1/me/managed-agents`, {
 		headers: { Authorization: `Bearer ${adminToken}` },
 		signal: AbortSignal.timeout(1e4)
 	});
@@ -27,7 +28,7 @@ async function resolveAgentRecord(serverUrl, adminToken, agentName) {
 }
 async function adminFetch(url, init) {
 	const { adminToken, headers, ...rest } = init;
-	const res = await fetch(url, {
+	const res = await cliFetch(url, {
 		...rest,
 		headers: {
 			Authorization: `Bearer ${adminToken}`,
@@ -240,7 +241,8 @@ function createSdk(agentName) {
 	return new FirstTreeHubSDK({
 		serverUrl,
 		getAccessToken: (opts) => ensureFreshAccessToken(opts),
-		agentId
+		agentId,
+		userAgent: CLI_USER_AGENT
 	});
 }
 function handleSdkError(error) {
@@ -276,7 +278,7 @@ function readStdin() {
 	});
 }
 async function resolveAgent(serverUrl, adminToken, agentName) {
-	const res = await fetch(`${serverUrl}/api/v1/me/managed-agents`, {
+	const res = await cliFetch(`${serverUrl}/api/v1/me/managed-agents`, {
 		headers: { Authorization: `Bearer ${adminToken}` },
 		signal: AbortSignal.timeout(1e4)
 	});
@@ -339,7 +341,8 @@ function registerAgentCommands(program) {
 			const clientId = readClientId();
 			const sdk = new FirstTreeHubSDK({
 				serverUrl,
-				getAccessToken: (opts) => ensureFreshAccessToken(opts)
+				getAccessToken: (opts) => ensureFreshAccessToken(opts),
+				userAgent: CLI_USER_AGENT
 			});
 			const stale = await findStaleAliases({
 				clientId,
@@ -406,7 +409,7 @@ function registerAgentCommands(program) {
 		try {
 			const serverUrl = resolveServerUrl(options.server);
 			const token = await ensureFreshAccessToken();
-			const res = await fetch(`${serverUrl}/api/v1/me/managed-agents`, {
+			const res = await cliFetch(`${serverUrl}/api/v1/me/managed-agents`, {
 				headers: { Authorization: `Bearer ${token}` },
 				signal: AbortSignal.timeout(1e4)
 			});
@@ -433,7 +436,7 @@ function registerAgentCommands(program) {
 				Authorization: `Bearer ${adminToken}`,
 				"Content-Type": "application/json"
 			};
-			const meRes = await fetch(`${serverUrl}/api/v1/me`, {
+			const meRes = await cliFetch(`${serverUrl}/api/v1/me`, {
 				headers: { Authorization: `Bearer ${adminToken}` },
 				signal: AbortSignal.timeout(1e4)
 			});
@@ -456,7 +459,7 @@ function registerAgentCommands(program) {
 				runtimeProvider: options.runtime
 			};
 			if (options.displayName) createBody.displayName = options.displayName;
-			const createRes = await fetch(`${serverUrl}/api/v1/orgs/${encodeURIComponent(orgId)}/agents`, {
+			const createRes = await cliFetch(`${serverUrl}/api/v1/orgs/${encodeURIComponent(orgId)}/agents`, {
 				method: "POST",
 				headers,
 				body: JSON.stringify(createBody),
@@ -476,14 +479,14 @@ function registerAgentCommands(program) {
 		try {
 			const serverUrl = resolveServerUrl(options.server);
 			const accessToken = await ensureFreshAccessToken();
-			const meRes = await fetch(`${serverUrl}/api/v1/me`, {
+			const meRes = await cliFetch(`${serverUrl}/api/v1/me`, {
 				headers: { Authorization: `Bearer ${accessToken}` },
 				signal: AbortSignal.timeout(1e4)
 			});
 			if (!meRes.ok) fail("ME_ERROR", `Failed to fetch current member (HTTP ${meRes.status})`, 1);
 			const me = await meRes.json();
 			const target = await resolveAgent(serverUrl, accessToken, agentName);
-			const patchRes = await fetch(`${serverUrl}/api/v1/agents/${target.uuid}`, {
+			const patchRes = await cliFetch(`${serverUrl}/api/v1/agents/${target.uuid}`, {
 				method: "PATCH",
 				headers: {
 					Authorization: `Bearer ${accessToken}`,
@@ -526,7 +529,7 @@ function registerAgentCommands(program) {
 			const serverUrl = resolveServerUrl(options.server);
 			const accessToken = await ensureFreshAccessToken();
 			const target = await resolveAgent(serverUrl, accessToken, agentName);
-			const patchRes = await fetch(`${serverUrl}/api/v1/agents/${target.uuid}`, {
+			const patchRes = await cliFetch(`${serverUrl}/api/v1/agents/${target.uuid}`, {
 				method: "PATCH",
 				headers: {
 					Authorization: `Bearer ${accessToken}`,
@@ -636,7 +639,7 @@ function registerAgentCommands(program) {
 		try {
 			const serverUrl = resolveServerUrl(options?.server);
 			const accessToken = await ensureFreshAccessToken();
-			const meRes = await fetch(`${serverUrl}/api/v1/me`, {
+			const meRes = await cliFetch(`${serverUrl}/api/v1/me`, {
 				headers: { Authorization: `Bearer ${accessToken}` },
 				signal: AbortSignal.timeout(1e4)
 			});
@@ -655,7 +658,7 @@ function registerAgentCommands(program) {
 				agents: []
 			};
 			for (const m of me.memberships) {
-				const r = await fetch(`${serverUrl}/api/v1/orgs/${encodeURIComponent(m.organizationId)}/activity`, {
+				const r = await cliFetch(`${serverUrl}/api/v1/orgs/${encodeURIComponent(m.organizationId)}/activity`, {
 					headers: { Authorization: `Bearer ${accessToken}` },
 					signal: AbortSignal.timeout(1e4)
 				});
@@ -704,8 +707,7 @@ function registerAgentCommands(program) {
 	});
 	agent.command("reset <name>").description("Reset agent error state to idle").option("--server <url>", "Hub server URL").action(async (name, options) => {
 		try {
-			const serverUrl = resolveServerUrl(options.server);
-			const response = await fetch(`${serverUrl}/api/v1/agents/${name}/reset-activity`, {
+			const response = await cliFetch(`${resolveServerUrl(options.server)}/api/v1/agents/${name}/reset-activity`, {
 				method: "POST",
 				headers: { Authorization: `Bearer ${await ensureFreshAccessToken()}` },
 				signal: AbortSignal.timeout(1e4)
@@ -721,8 +723,7 @@ function registerAgentCommands(program) {
 			const serverUrl = resolveServerUrl(options.server);
 			const adminToken = await ensureFreshAccessToken();
 			const agentId = (await resolveAgent(serverUrl, adminToken, agentName)).uuid;
-			const qs = options.state ? `?state=${options.state}` : "";
-			const response = await fetch(`${serverUrl}/api/v1/agents/${agentId}/sessions${qs}`, {
+			const response = await cliFetch(`${serverUrl}/api/v1/agents/${agentId}/sessions${options.state ? `?state=${options.state}` : ""}`, {
 				headers: { Authorization: `Bearer ${adminToken}` },
 				signal: AbortSignal.timeout(1e4)
 			});
@@ -751,7 +752,7 @@ function registerAgentCommands(program) {
 			const serverUrl = resolveServerUrl(options.server);
 			const adminToken = await ensureFreshAccessToken();
 			const agentId = (await resolveAgent(serverUrl, adminToken, agentName)).uuid;
-			const response = await fetch(`${serverUrl}/api/v1/agents/${agentId}/sessions/${chatId}/${cmd}`, {
+			const response = await cliFetch(`${serverUrl}/api/v1/agents/${agentId}/sessions/${chatId}/${cmd}`, {
 				method: "POST",
 				headers: { Authorization: `Bearer ${adminToken}` },
 				signal: AbortSignal.timeout(1e4)
@@ -774,7 +775,7 @@ function registerAgentCommands(program) {
 				"Content-Type": "application/json"
 			};
 			const targetAgent = await resolveAgent(serverUrl, adminToken, agentName);
-			const dmRes = await fetch(`${serverUrl}/api/v1/agents/${targetAgent.uuid}/chats`, {
+			const dmRes = await cliFetch(`${serverUrl}/api/v1/agents/${targetAgent.uuid}/chats`, {
 				method: "POST",
 				headers,
 				signal: AbortSignal.timeout(1e4)
@@ -796,7 +797,7 @@ function registerAgentCommands(program) {
 			const pollMessages = async () => {
 				try {
 					const qs = lastSeenAt ? `?limit=50` : `?limit=10`;
-					const msgRes = await fetch(`${serverUrl}/api/v1/chats/${dm.id}/messages${qs}`, {
+					const msgRes = await cliFetch(`${serverUrl}/api/v1/chats/${dm.id}/messages${qs}`, {
 						headers,
 						signal: AbortSignal.timeout(1e4)
 					});
@@ -827,7 +828,7 @@ function registerAgentCommands(program) {
 					return;
 				}
 				try {
-					const sendRes = await fetch(`${serverUrl}/api/v1/chats/${dm.id}/messages`, {
+					const sendRes = await cliFetch(`${serverUrl}/api/v1/chats/${dm.id}/messages`, {
 						method: "POST",
 						headers,
 						body: JSON.stringify({
@@ -963,7 +964,7 @@ function printIsolationGuide(newServerUrl) {
 * Authenticate via connect token — exchange for full JWT credentials.
 */
 async function authenticateWithToken(url, token) {
-	const res = await fetch(`${url}/api/v1/auth/connect-token`, {
+	const res = await cliFetch(`${url}/api/v1/auth/connect-token`, {
 		method: "POST",
 		headers: { "Content-Type": "application/json" },
 		body: JSON.stringify({ token }),
@@ -979,7 +980,7 @@ async function authenticateInteractive(url) {
 	print.line("\n  Log in to Hub:\n");
 	const username = await input({ message: "  Username:" });
 	const pw = await password({ message: "  Password:" });
-	const loginRes = await fetch(`${url}/api/v1/auth/login`, {
+	const loginRes = await cliFetch(`${url}/api/v1/auth/login`, {
 		method: "POST",
 		headers: { "Content-Type": "application/json" },
 		body: JSON.stringify({
@@ -1270,7 +1271,8 @@ function registerClientCommands(program) {
 			});
 			const sdk = new FirstTreeHubSDK({
 				serverUrl,
-				getAccessToken: (opts) => ensureFreshAccessToken(opts)
+				getAccessToken: (opts) => ensureFreshAccessToken(opts),
+				userAgent: CLI_USER_AGENT
 			});
 			agentCheck = await reconcileAgentConfigs({
 				clientId: cfg.client.id,
@@ -1396,7 +1398,7 @@ function registerClientCommands(program) {
 		try {
 			const serverUrl = resolveServerUrl(options.server);
 			const token = await ensureFreshAccessToken();
-			const meRes = await fetch(`${serverUrl}/api/v1/me`, {
+			const meRes = await cliFetch(`${serverUrl}/api/v1/me`, {
 				headers: { Authorization: `Bearer ${token}` },
 				signal: AbortSignal.timeout(1e4)
 			});
@@ -1404,7 +1406,7 @@ function registerClientCommands(program) {
 			const adminOrgs = (await meRes.json()).memberships.filter((m) => m.role === "admin");
 			const clients = [];
 			for (const m of adminOrgs) {
-				const r = await fetch(`${serverUrl}/api/v1/orgs/${encodeURIComponent(m.organizationId)}/clients`, {
+				const r = await cliFetch(`${serverUrl}/api/v1/orgs/${encodeURIComponent(m.organizationId)}/clients`, {
 					headers: { Authorization: `Bearer ${token}` },
 					signal: AbortSignal.timeout(1e4)
 				});
@@ -1453,7 +1455,7 @@ function registerClientCommands(program) {
 				}
 			}
 			const token = await ensureFreshAccessToken();
-			const response = await fetch(`${serverUrl}/api/v1/clients/${encodeURIComponent(clientId)}/claim`, {
+			const response = await cliFetch(`${serverUrl}/api/v1/clients/${encodeURIComponent(clientId)}/claim`, {
 				method: "POST",
 				headers: {
 					Authorization: `Bearer ${token}`,
@@ -1471,7 +1473,8 @@ function registerClientCommands(program) {
 			try {
 				const sdk = new FirstTreeHubSDK({
 					serverUrl,
-					getAccessToken: (opts) => ensureFreshAccessToken(opts)
+					getAccessToken: (opts) => ensureFreshAccessToken(opts),
+					userAgent: CLI_USER_AGENT
 				});
 				const stale = await findStaleAliases({
 					clientId,
@@ -1520,7 +1523,7 @@ function registerClientCommands(program) {
 		try {
 			const serverUrl = resolveServerUrl(options.server);
 			const token = await ensureFreshAccessToken();
-			const response = await fetch(`${serverUrl}/api/v1/clients/${encodeURIComponent(clientId)}/disconnect`, {
+			const response = await cliFetch(`${serverUrl}/api/v1/clients/${encodeURIComponent(clientId)}/disconnect`, {
 				method: "POST",
 				headers: { Authorization: `Bearer ${token}` },
 				signal: AbortSignal.timeout(1e4)
@@ -1667,13 +1670,13 @@ function isSecretField(schema, dotPath) {
 //#region src/commands/onboard.ts
 async function promptMissing(args) {
 	if (!args.server) try {
-		const { resolveServerUrl } = await import("../bootstrap-B-FRMuvL.mjs").then((n) => n.r);
+		const { resolveServerUrl } = await import("../bootstrap-D4rdqM2F.mjs").then((n) => n.r);
 		resolveServerUrl();
 	} catch {
 		args.server = await input({ message: "Hub server URL:" });
 		saveOnboardState(args);
 	}
-	const { loadCredentials } = await import("../bootstrap-B-FRMuvL.mjs").then((n) => n.r);
+	const { loadCredentials } = await import("../bootstrap-D4rdqM2F.mjs").then((n) => n.r);
 	if (!loadCredentials()) throw new Error("No saved credentials. Run `first-tree-hub client connect <server-url>` before onboarding.");
 	if (!args.id) {
 		args.id = await input({ message: "Agent ID:" });
@@ -1833,7 +1836,7 @@ function registerServerCommands(program) {
 	server.command("status").description("Show server health and status").action(async () => {
 		const url = process.env.FIRST_TREE_HUB_SERVER_URL ?? "http://localhost:8000";
 		try {
-			const res = await fetch(`${url}/api/v1/health`);
+			const res = await cliFetch(`${url}/api/v1/health`);
 			if (res.ok) {
 				const data = await res.json();
 				process.stdout.write(`${JSON.stringify(data, null, 2)}\n`);

package/dist/cli-fetch--tiwKm5S.mjs

@@ -0,0 +1,167 @@
+import { dirname, resolve } from "node:path";
+import { readFileSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+//#region src/core/output.ts
+/**
+* Print layer — the only place CLI code should write to stdout/stderr.
+*
+* Contract:
+* - `print.result(data)` / `print.fail(...)` emit machine-readable JSON on
+*   stdout / stderr respectively. Scripts pipe into `jq` and expect a clean
+*   envelope, so nothing else may touch stdout.
+* - `print.status` / `print.check` / `print.blank` / `print.line` are
+*   human-friendly and go to stderr so they never pollute a redirected stdout.
+*   In `--json` mode they are silenced — scripted consumers only care about
+*   the envelope.
+*/
+let jsonMode = false;
+function setJsonMode(enabled) {
+	jsonMode = enabled;
+}
+function result(data) {
+	process.stdout.write(`${JSON.stringify({
+		ok: true,
+		data
+	})}\n`);
+}
+function fail(code, message, exitCode = 1) {
+	process.stderr.write(`${JSON.stringify({
+		ok: false,
+		error: {
+			code,
+			message
+		}
+	})}\n`);
+	process.exit(exitCode);
+}
+function status(label, message) {
+	if (jsonMode) return;
+	process.stderr.write(`  ${label.padEnd(20)} ${message}\n`);
+}
+function check(pass, label, detail = "") {
+	if (jsonMode) return;
+	const icon = pass ? "✓" : "✗";
+	const tail = detail ? ` ${detail}` : "";
+	process.stderr.write(`  ${icon} ${label.padEnd(22)}${tail}\n`);
+}
+function blank() {
+	if (jsonMode) return;
+	process.stderr.write("\n");
+}
+/**
+* Generic stderr writer for pre-formatted human text (multi-line tables,
+* interactive prompts). Prefer `status` / `check` when the text fits; this
+* exists so the `--json` mode gate can silence arbitrary human chatter.
+*/
+function line(text) {
+	if (jsonMode) return;
+	process.stderr.write(text);
+}
+const print = {
+	result,
+	fail,
+	status,
+	check,
+	blank,
+	line
+};
+//#endregion
+//#region src/core/version.ts
+/**
+* Version of the consumer-facing `@agent-team-foundation/first-tree-hub`
+* package. Read once at module load so the CLI, client runtime, and server
+* bootstrap all quote the same string.
+*
+* Path-based lookups (`require("../../package.json")`) do not survive the
+* tsdown bundle: the source lives at `src/core/version.ts` but every
+* emitted chunk lands in `dist/` — shifting the relative depth by one and
+* pointing at `packages/package.json` instead of our own manifest (the
+* v0.9.1 "Cannot find module ../../package.json" crash). Walk up from this
+* module's URL and accept the first `package.json` whose `name` matches, so
+* dev runs (`tsx src/cli/index.ts`) and the published bundle
+* (`dist/cli/index.mjs`) both resolve the same file.
+*/
+const PACKAGE_NAME = "@agent-team-foundation/first-tree-hub";
+/**
+* Sentinel returned when the walker exhausts every parent directory without
+* finding our manifest. Deliberately NOT valid SemVer so the client-side
+* `UpdateManager` drops into its `semver.valid(current) === false` warn-and-
+* skip branch instead of treating it as `< target` and triggering a spurious
+* self-update loop (the scenario where the startup crash this module fixes
+* would otherwise quietly reincarnate as repeated `npm install -g @latest`).
+*/
+const UNRESOLVED_VERSION = "unknown";
+/**
+* Exported for tests. Walks up from `moduleUrl`'s directory looking for a
+* `package.json` whose `name` field equals {@link PACKAGE_NAME}. Returns
+* {@link UNRESOLVED_VERSION} as a last-resort fallback so the CLI never
+* crashes on a missing manifest.
+*/
+function resolveCommandVersion(moduleUrl = import.meta.url) {
+	let dir = dirname(fileURLToPath(moduleUrl));
+	for (let i = 0; i < 10; i++) {
+		try {
+			const pkg = JSON.parse(readFileSync(resolve(dir, "package.json"), "utf8"));
+			if (pkg.name === PACKAGE_NAME && typeof pkg.version === "string" && pkg.version.length > 0) return pkg.version;
+		} catch (err) {
+			const code = err.code;
+			if (code !== "ENOENT" && code !== "ENOTDIR") {
+				const message = err instanceof Error ? err.message : String(err);
+				print.line(`[first-tree-hub] warning: could not read ${dir}/package.json: ${message}\n`);
+			}
+		}
+		const parent = dirname(dir);
+		if (parent === dir) break;
+		dir = parent;
+	}
+	return UNRESOLVED_VERSION;
+}
+const COMMAND_VERSION = resolveCommandVersion();
+/**
+* `User-Agent` string sent on every CLI-originated HTTP request (SDK fetches,
+* `/auth/refresh`, etc.). Without this Node defaults to `User-Agent: node`,
+* which hides install / version / platform context from server-side trace
+* backends — see issue #246. The format follows RFC 7231 §5.5.3 conventions
+* (`product/version (comment)`).
+*/
+const CLI_USER_AGENT = `first-tree-hub-cli/${COMMAND_VERSION} (${process.platform} ${process.arch})`;
+//#endregion
+//#region src/core/cli-fetch.ts
+/**
+* Drop-in `fetch` wrapper that stamps `User-Agent: first-tree-hub-cli/<version> (<platform> <arch>)`
+* on every request.
+*
+* Issue #246: every CLI-originated HTTP request must carry a stable
+* `User-Agent` so trace backends can group failures (401 / 429 / 5xx) by
+* install. Plain `globalThis.fetch` defaults to `User-Agent: node`, which
+* collapses every install into a single bucket. Centralising the header
+* here means new direct-fetch sites pick the right UA up automatically —
+* no need to remember at each call site.
+*
+* SDK-routed requests stamp UA via {@link FirstTreeHubSDK} (see
+* `packages/client/src/sdk.ts`). This helper is for the
+* direct-`fetch` paths the SDK doesn't cover (auth bootstrap,
+* doctor probes, raw admin calls).
+*
+* Header precedence: caller-provided `User-Agent` in `init.headers` wins,
+* so callers can override (e.g. tests injecting a deterministic UA).
+*/
+function cliFetch(input, init) {
+	const merged = mergeHeaders(init?.headers);
+	return fetch(input, {
+		...init,
+		headers: merged
+	});
+}
+function mergeHeaders(provided) {
+	const out = {};
+	if (provided) if (provided instanceof Headers) provided.forEach((v, k) => {
+		out[k] = v;
+	});
+	else if (Array.isArray(provided)) for (const [k, v] of provided) out[k] = v;
+	else Object.assign(out, provided);
+	if (!Object.keys(out).some((k) => k.toLowerCase() === "user-agent")) out["User-Agent"] = CLI_USER_AGENT;
+	return out;
+}
+//#endregion
+export { print as a, blank as i, CLI_USER_AGENT as n, setJsonMode as o, COMMAND_VERSION as r, status as s, cliFetch as t };

package/dist/client-By1K4VVT-C5K7WZo6.mjs

@@ -0,0 +1,4 @@
+import "./dist-BAqGZkco.mjs";
+import "./errors-BmyRwN0Y-Dad3eV8F.mjs";
+import { y as listMyPinnedAgents } from "./client-CLdRbuml-BRtalKpQ.mjs";
+export { listMyPinnedAgents };

package/dist/{client-CLdRbuml-B416INrm.mjs → client-CLdRbuml-BRtalKpQ.mjs}

@@ -1,5 +1,5 @@
-import { C as clientCapabilitiesSchema } from "./dist-FuUBFTEB.mjs";
-import { a as ConflictError, i as ClientUserMismatchError, l as organizations, n as BadRequestError, s as NotFoundError, u as users } from "./errors-BmyRwN0Y-CIZZ_sDc.mjs";
+import { C as clientCapabilitiesSchema } from "./dist-BAqGZkco.mjs";
+import { a as ConflictError, i as ClientUserMismatchError, l as organizations, n as BadRequestError, s as NotFoundError, u as users } from "./errors-BmyRwN0Y-Dad3eV8F.mjs";
 import { and, eq, inArray, ne, sql } from "drizzle-orm";
 import { index, integer, jsonb, pgTable, text, timestamp, unique } from "drizzle-orm/pg-core";
 //#region ../server/dist/client-CLdRbuml.mjs

package/dist/{dist-BLY7Bu-l.mjs → dist-BQtAQNRD.mjs}

@@ -1,5 +1,5 @@
 import { i as __require, t as __commonJSMin } from "./chunk-BSw8zbkd.mjs";
-import { t as require_src } from "./src-DNBS5Yjj.mjs";
+import { t as require_src } from "./src-aJMV60mR.mjs";
 //#region ../../node_modules/.pnpm/agent-base@7.1.4/node_modules/agent-base/dist/helpers.js
 var require_helpers = /* @__PURE__ */ __commonJSMin(((exports) => {
 	var __createBinding = exports && exports.__createBinding || (Object.create ? (function(o, m, k, k2) {

package/dist/{feishu-GvFABWW5.mjs → feishu-Th_-ivJ7.mjs}

@@ -1,5 +1,6 @@
 import { r as __exportAll } from "./chunk-BSw8zbkd.mjs";
-import { r as AGENT_SELECTOR_HEADER } from "./dist-FuUBFTEB.mjs";
+import { t as cliFetch } from "./cli-fetch--tiwKm5S.mjs";
+import { r as AGENT_SELECTOR_HEADER } from "./dist-BAqGZkco.mjs";
 //#region src/core/feishu.ts
 var feishu_exports = /* @__PURE__ */ __exportAll({
 	bindFeishuBot: () => bindFeishuBot,
@@ -13,7 +14,7 @@ var feishu_exports = /* @__PURE__ */ __exportAll({
 * middleware enforces Rule R-RUN.
 */
 async function bindFeishuBot(serverUrl, accessToken, agentId, appId, appSecret) {
-	const res = await fetch(`${serverUrl}/api/v1/agent/me/feishu-bot`, {
+	const res = await cliFetch(`${serverUrl}/api/v1/agent/me/feishu-bot`, {
 		method: "PUT",
 		headers: {
 			Authorization: `Bearer ${accessToken}`,
@@ -31,7 +32,7 @@ async function bindFeishuBot(serverUrl, accessToken, agentId, appId, appSecret)
 	}
 }
 async function bindFeishuUser(serverUrl, accessToken, agentId, humanAgentId, feishuUserId, displayName) {
-	const res = await fetch(`${serverUrl}/api/v1/agent/delegated/${encodeURIComponent(humanAgentId)}/feishu-user`, {
+	const res = await cliFetch(`${serverUrl}/api/v1/agent/delegated/${encodeURIComponent(humanAgentId)}/feishu-user`, {
 		method: "POST",
 		headers: {
 			Authorization: `Bearer ${accessToken}`,

package/dist/{getMachineId-bsd-DjLgZlll.mjs → getMachineId-bsd-DyySs8xz.mjs}

@@ -1,6 +1,6 @@
 import { a as __toCommonJS, i as __require, t as __commonJSMin } from "./chunk-BSw8zbkd.mjs";
-import { n as init_esm, t as esm_exports } from "./esm-iadMkGbV.mjs";
-import { t as require_execAsync } from "./execAsync-CCyouKZM.mjs";
+import { n as init_esm, t as esm_exports } from "./esm-Ci8E1Gtj.mjs";
+import { t as require_execAsync } from "./execAsync-YbEZSOYd.mjs";
 //#region ../../node_modules/.pnpm/@opentelemetry+resources@2.7.1_@opentelemetry+api@1.9.1/node_modules/@opentelemetry/resources/build/src/detectors/platform/node/machine-id/getMachineId-bsd.js
 var require_getMachineId_bsd = /* @__PURE__ */ __commonJSMin(((exports) => {
 	Object.defineProperty(exports, "__esModule", { value: true });

package/dist/{getMachineId-bsd-DR4-Dysy.mjs → getMachineId-bsd-c2VImogj.mjs}

@@ -1,6 +1,6 @@
 import { a as __toCommonJS, i as __require, t as __commonJSMin } from "./chunk-BSw8zbkd.mjs";
-import { n as init_esm, t as esm_exports } from "./esm-iadMkGbV.mjs";
-import { t as require_execAsync } from "./execAsync-pImxPKN5.mjs";
+import { n as init_esm, t as esm_exports } from "./esm-Ci8E1Gtj.mjs";
+import { t as require_execAsync } from "./execAsync-DUfRkc4a.mjs";
 //#region ../../node_modules/.pnpm/@opentelemetry+resources@2.7.0_@opentelemetry+api@1.9.1/node_modules/@opentelemetry/resources/build/src/detectors/platform/node/machine-id/getMachineId-bsd.js
 var require_getMachineId_bsd = /* @__PURE__ */ __commonJSMin(((exports) => {
 	Object.defineProperty(exports, "__esModule", { value: true });

package/dist/{getMachineId-darwin-CaD2juTg.mjs → getMachineId-darwin-Cl7TSzgO.mjs}

@@ -1,6 +1,6 @@
 import { a as __toCommonJS, t as __commonJSMin } from "./chunk-BSw8zbkd.mjs";
-import { n as init_esm, t as esm_exports } from "./esm-iadMkGbV.mjs";
-import { t as require_execAsync } from "./execAsync-pImxPKN5.mjs";
+import { n as init_esm, t as esm_exports } from "./esm-Ci8E1Gtj.mjs";
+import { t as require_execAsync } from "./execAsync-DUfRkc4a.mjs";
 //#region ../../node_modules/.pnpm/@opentelemetry+resources@2.7.0_@opentelemetry+api@1.9.1/node_modules/@opentelemetry/resources/build/src/detectors/platform/node/machine-id/getMachineId-darwin.js
 var require_getMachineId_darwin = /* @__PURE__ */ __commonJSMin(((exports) => {
 	Object.defineProperty(exports, "__esModule", { value: true });

package/dist/{getMachineId-darwin-B6WCAhc4.mjs → getMachineId-darwin-DKgI8b1d.mjs}

@@ -1,6 +1,6 @@
 import { a as __toCommonJS, t as __commonJSMin } from "./chunk-BSw8zbkd.mjs";
-import { n as init_esm, t as esm_exports } from "./esm-iadMkGbV.mjs";
-import { t as require_execAsync } from "./execAsync-CCyouKZM.mjs";
+import { n as init_esm, t as esm_exports } from "./esm-Ci8E1Gtj.mjs";
+import { t as require_execAsync } from "./execAsync-YbEZSOYd.mjs";
 //#region ../../node_modules/.pnpm/@opentelemetry+resources@2.7.1_@opentelemetry+api@1.9.1/node_modules/@opentelemetry/resources/build/src/detectors/platform/node/machine-id/getMachineId-darwin.js
 var require_getMachineId_darwin = /* @__PURE__ */ __commonJSMin(((exports) => {
 	Object.defineProperty(exports, "__esModule", { value: true });

package/dist/{getMachineId-linux-Dk3gWdQK.mjs → getMachineId-linux-1OIMWfdh.mjs}

@@ -1,5 +1,5 @@
 import { a as __toCommonJS, i as __require, t as __commonJSMin } from "./chunk-BSw8zbkd.mjs";
-import { n as init_esm, t as esm_exports } from "./esm-iadMkGbV.mjs";
+import { n as init_esm, t as esm_exports } from "./esm-Ci8E1Gtj.mjs";
 //#region ../../node_modules/.pnpm/@opentelemetry+resources@2.7.0_@opentelemetry+api@1.9.1/node_modules/@opentelemetry/resources/build/src/detectors/platform/node/machine-id/getMachineId-linux.js
 var require_getMachineId_linux = /* @__PURE__ */ __commonJSMin(((exports) => {
 	Object.defineProperty(exports, "__esModule", { value: true });

package/dist/{getMachineId-linux-BeWHG1gK.mjs → getMachineId-linux-cT7EbP10.mjs}

@@ -1,5 +1,5 @@
 import { a as __toCommonJS, i as __require, t as __commonJSMin } from "./chunk-BSw8zbkd.mjs";
-import { n as init_esm, t as esm_exports } from "./esm-iadMkGbV.mjs";
+import { n as init_esm, t as esm_exports } from "./esm-Ci8E1Gtj.mjs";
 //#region ../../node_modules/.pnpm/@opentelemetry+resources@2.7.1_@opentelemetry+api@1.9.1/node_modules/@opentelemetry/resources/build/src/detectors/platform/node/machine-id/getMachineId-linux.js
 var require_getMachineId_linux = /* @__PURE__ */ __commonJSMin(((exports) => {
 	Object.defineProperty(exports, "__esModule", { value: true });

package/dist/{getMachineId-unsupported-BMJQItvF.mjs → getMachineId-unsupported-CkX-YOG1.mjs}

@@ -1,5 +1,5 @@
 import { a as __toCommonJS, t as __commonJSMin } from "./chunk-BSw8zbkd.mjs";
-import { n as init_esm, t as esm_exports } from "./esm-iadMkGbV.mjs";
+import { n as init_esm, t as esm_exports } from "./esm-Ci8E1Gtj.mjs";
 //#region ../../node_modules/.pnpm/@opentelemetry+resources@2.7.1_@opentelemetry+api@1.9.1/node_modules/@opentelemetry/resources/build/src/detectors/platform/node/machine-id/getMachineId-unsupported.js
 var require_getMachineId_unsupported = /* @__PURE__ */ __commonJSMin(((exports) => {
 	Object.defineProperty(exports, "__esModule", { value: true });

package/dist/{getMachineId-unsupported-Bgz_Je1J.mjs → getMachineId-unsupported-CmVlhzIo.mjs}

@@ -1,5 +1,5 @@
 import { a as __toCommonJS, t as __commonJSMin } from "./chunk-BSw8zbkd.mjs";
-import { n as init_esm, t as esm_exports } from "./esm-iadMkGbV.mjs";
+import { n as init_esm, t as esm_exports } from "./esm-Ci8E1Gtj.mjs";
 //#region ../../node_modules/.pnpm/@opentelemetry+resources@2.7.0_@opentelemetry+api@1.9.1/node_modules/@opentelemetry/resources/build/src/detectors/platform/node/machine-id/getMachineId-unsupported.js
 var require_getMachineId_unsupported = /* @__PURE__ */ __commonJSMin(((exports) => {
 	Object.defineProperty(exports, "__esModule", { value: true });

package/dist/{getMachineId-win-vJ6VfDRI.mjs → getMachineId-win-C2cM60YT.mjs}

@@ -1,6 +1,6 @@
 import { a as __toCommonJS, i as __require, t as __commonJSMin } from "./chunk-BSw8zbkd.mjs";
-import { n as init_esm, t as esm_exports } from "./esm-iadMkGbV.mjs";
-import { t as require_execAsync } from "./execAsync-pImxPKN5.mjs";
+import { n as init_esm, t as esm_exports } from "./esm-Ci8E1Gtj.mjs";
+import { t as require_execAsync } from "./execAsync-DUfRkc4a.mjs";
 //#region ../../node_modules/.pnpm/@opentelemetry+resources@2.7.0_@opentelemetry+api@1.9.1/node_modules/@opentelemetry/resources/build/src/detectors/platform/node/machine-id/getMachineId-win.js
 var require_getMachineId_win = /* @__PURE__ */ __commonJSMin(((exports) => {
 	Object.defineProperty(exports, "__esModule", { value: true });

package/dist/{getMachineId-win-CdgcrzCW.mjs → getMachineId-win-Chl03TYe.mjs}

@@ -1,6 +1,6 @@
 import { a as __toCommonJS, i as __require, t as __commonJSMin } from "./chunk-BSw8zbkd.mjs";
-import { n as init_esm, t as esm_exports } from "./esm-iadMkGbV.mjs";
-import { t as require_execAsync } from "./execAsync-CCyouKZM.mjs";
+import { n as init_esm, t as esm_exports } from "./esm-Ci8E1Gtj.mjs";
+import { t as require_execAsync } from "./execAsync-YbEZSOYd.mjs";
 //#region ../../node_modules/.pnpm/@opentelemetry+resources@2.7.1_@opentelemetry+api@1.9.1/node_modules/@opentelemetry/resources/build/src/detectors/platform/node/machine-id/getMachineId-win.js
 var require_getMachineId_win = /* @__PURE__ */ __commonJSMin(((exports) => {
 	Object.defineProperty(exports, "__esModule", { value: true });