@agentuity/cli 0.1.0 → 0.1.1

package/src/cmd/build/entry-generator.ts

@@ -6,6 +6,7 @@
 import { join } from 'node:path';
 import type { Logger, WorkbenchConfig, AnalyticsConfig } from '../../types';
 import { discoverRoutes } from './vite/route-discovery';
+import { generateWebAnalyticsFile } from './webanalytics-generator';
 
 interface GenerateEntryOptions {
 	rootDir: string;
@@ -31,6 +32,14 @@ export async function generateEntryFile(options: GenerateEntryOptions): Promise<
 
 	logger.trace(`Generating unified entry file (supports both dev and prod modes)...`);
 
+	// Check if analytics is enabled
+	const analyticsEnabled = analytics !== false;
+
+	// Generate web analytics files only if enabled
+	if (analyticsEnabled) {
+		await generateWebAnalyticsFile({ rootDir, logger, analytics });
+	}
+
 	// Discover routes to determine which files need to be imported
 	const { routeInfoList } = await discoverRoutes(srcDir, projectId, deploymentId, logger);
 
@@ -73,10 +82,6 @@ export async function generateEntryFile(options: GenerateEntryOptions): Promise<
 		`  createWorkbenchRouter,`,
 		`  bootstrapRuntimeEnv,`,
 		`  patchBunS3ForStorageDev,`,
-		`  getOrganizationId,`,
-		`  getProjectId,`,
-		`  isDevMode as runtimeIsDevMode,`,
-		`  createWebSessionMiddleware,`,
 	];
 
 	const imports = [
@@ -89,6 +94,10 @@ export async function generateEntryFile(options: GenerateEntryOptions): Promise<
 	].filter(Boolean);
 
 	imports.push(`import { type LogLevel } from '@agentuity/core';`);
+	if (analyticsEnabled) {
+		imports.push(`import { injectAnalytics, registerAnalyticsRoutes } from './webanalytics.js';`);
+		imports.push(`import { analyticsConfig } from './analytics-config.js';`);
+	}
 
 	// Generate route mounting code for all discovered routes
 	// Sort route files for deterministic output
@@ -206,126 +215,6 @@ if (isDevelopment() && process.env.VITE_PORT) {
 // See: https://github.com/oven-sh/bun/issues/20183
 const getEnv = (key: string) => process.env[key];
 const isDevelopment = () => getEnv('NODE' + '_' + 'ENV') !== 'production';
-`;
-
-	// Generate analytics config and injection helper
-	const analyticsEnabled = analytics !== false;
-	const analyticsConfig: AnalyticsConfig = typeof analytics === 'object' ? analytics : {};
-
-	const analyticsHelper = analyticsEnabled
-		? `
-// Analytics configuration - edit agentuity.config.ts to configure
-const analyticsConfig = {
-	enabled: ${analyticsConfig.enabled !== false},
-	requireConsent: ${analyticsConfig.requireConsent ?? false},
-	trackClicks: ${analyticsConfig.trackClicks ?? true},
-	trackScroll: ${analyticsConfig.trackScroll ?? true},
-	trackOutboundLinks: ${analyticsConfig.trackOutboundLinks ?? true},
-	trackForms: ${analyticsConfig.trackForms ?? false},
-	trackWebVitals: ${analyticsConfig.trackWebVitals ?? true},
-	trackErrors: ${analyticsConfig.trackErrors ?? true},
-	trackSPANavigation: ${analyticsConfig.trackSPANavigation ?? true},
-	sampleRate: ${analyticsConfig.sampleRate ?? 1},
-	excludePatterns: ${JSON.stringify(analyticsConfig.excludePatterns ?? [])},
-	globalProperties: ${JSON.stringify(analyticsConfig.globalProperties ?? {})},
-};
-
-// Inject analytics config and script into HTML
-// Note: Only static config is injected (org, project, devmode, tracking options)
-// Session and thread IDs are read from cookies by the beacon script
-function injectAnalytics(html: string): string {
-	if (!analyticsConfig.enabled) return html;
-	
-	const orgId = getOrganizationId() || '';
-	const projectId = getProjectId() || '';
-	const isDevmode = runtimeIsDevMode();
-	
-	// Only include static config - session/thread come from cookies
-	const pageConfig = {
-		...analyticsConfig,
-		orgId,
-		projectId,
-		isDevmode,
-	};
-	
-	const configScript = \`<script>window.__AGENTUITY_ANALYTICS__=\${JSON.stringify(pageConfig)};</script>\`;
-	// Session script sets cookies and window.__AGENTUITY_SESSION__ (dynamic, not cached)
-	const sessionScript = '<script src="/_agentuity/webanalytics/session.js" async></script>';
-	// Beacon script reads from __AGENTUITY_SESSION__ and sends events (static, cached)
-	const beaconScript = '<script src="/_agentuity/webanalytics/analytics.js" async></script>';
-	const injection = configScript + sessionScript + beaconScript;
-	
-	// Inject before </head> or at start of <body>
-	if (html.includes('</head>')) {
-		return html.replace('</head>', injection + '</head>');
-	}
-	if (html.includes('<body')) {
-		return html.replace(/<body([^>]*)>/, \`<body$1>\${injection}\`);
-	}
-	return injection + html;
-}
-
-// Serve analytics routes
-function registerAnalyticsRoutes(app: ReturnType<typeof createRouter>): void {
-	// Dynamic session config script - sets cookies and returns session/thread IDs
-	// This endpoint is NOT cached - it generates unique session data per request
-	app.get('/_agentuity/webanalytics/session.js', createWebSessionMiddleware(), async (c: Context) => {
-		const sessionId = c.get('sessionId') || '';
-		const thread = c.get('thread');
-		const threadId = thread?.id || '';
-		
-		const sessionScript = \`window.__AGENTUITY_SESSION__={sessionId:"\${sessionId}",threadId:"\${threadId}"};\`;
-		
-		return new Response(sessionScript, {
-			headers: {
-				'Content-Type': 'application/javascript; charset=utf-8',
-				'Cache-Control': 'no-store, no-cache, must-revalidate',
-			},
-		});
-	});
-
-	// Static beacon script - can be cached
-	app.get('/_agentuity/webanalytics/analytics.js', async (c: Context) => {
-		// Beacon waits for window.__AGENTUITY_SESSION__ before sending events
-		const beaconScript = \`(function(){
-var w=window,d=document,c=w.__AGENTUITY_ANALYTICS__;
-if(!c||!c.enabled)return;
-var q=[],t=null,sr=false,E='/_agentuity/webanalytics/collect',geo=null;
-function id(){return crypto.randomUUID?crypto.randomUUID():Date.now()+'-'+Math.random().toString(36).substr(2,9)}
-function base(type){var e={id:id(),timestamp:Date.now(),timezone_offset:new Date().getTimezoneOffset(),event_type:type,url:location.href,path:location.pathname,referrer:d.referrer||'',title:d.title||'',screen_width:screen.width||0,screen_height:screen.height||0,viewport_width:innerWidth||0,viewport_height:innerHeight||0,device_pixel_ratio:devicePixelRatio||1,user_agent:navigator.userAgent||'',language:navigator.language||''};if(geo){e.country=geo.country||'';e.region=geo.region||'';e.city=geo.city||'';e.timezone=geo.timezone||''}return e}
-fetch('https://agentuity.sh/location').then(function(r){return r.json()}).then(function(g){geo=g;try{sessionStorage.setItem('agentuity_geo',JSON.stringify(g))}catch(e){}}).catch(function(){try{var cached=sessionStorage.getItem('agentuity_geo');if(cached)geo=JSON.parse(cached)}catch(e){}});try{var cached=sessionStorage.getItem('agentuity_geo');if(cached)geo=JSON.parse(cached)}catch(e){}
-function getSession(){return w.__AGENTUITY_SESSION__}
-function waitForSession(cb){var s=getSession();if(s){cb(s);return}var attempts=0,maxAttempts=50;var iv=setInterval(function(){s=getSession();if(s||++attempts>=maxAttempts){clearInterval(iv);cb(s)}},100)}
-function doFlush(s){if(!q.length)return;var events=q.splice(0);if(c.isDevmode){console.debug('[Agentuity Analytics]',events);return}var sid=s?s.sessionId:'',tid=s?s.threadId:'';var p={org_id:c.orgId,project_id:c.projectId,session_id:sid,thread_id:tid,visitor_id:localStorage.getItem('agentuity_vid')||'vid_'+id(),events:events};try{localStorage.setItem('agentuity_vid',p.visitor_id)}catch(e){}navigator.sendBeacon?navigator.sendBeacon(E,JSON.stringify(p)):fetch(E,{method:'POST',body:JSON.stringify(p),keepalive:true}).catch(function(){})}
-function flush(){if(sr){doFlush(getSession())}else{waitForSession(function(s){sr=true;doFlush(s)})}}
-function queue(e){if(c.sampleRate<1&&Math.random()>c.sampleRate)return;q.push(e);q.length>=10?flush():t||(t=setTimeout(function(){t=null;flush()},5000))}
-function pv(){var e=base('pageview');if(performance.getEntriesByType){var n=performance.getEntriesByType('navigation')[0];if(n){e.load_time=Math.round(n.loadEventEnd-n.startTime);e.dom_ready=Math.round(n.domContentLoadedEventEnd-n.startTime);e.ttfb=Math.round(n.responseStart-n.requestStart)}}queue(e)}
-w.addEventListener('visibilitychange',function(){d.visibilityState==='hidden'&&flush()});
-w.addEventListener('pagehide',flush);
-if(c.trackSPANavigation){var op=history.pushState,or=history.replaceState,cp=location.pathname;function ch(){var np=location.pathname;np!==cp&&(cp=np,pv())}history.pushState=function(){op.apply(this,arguments);ch()};history.replaceState=function(){or.apply(this,arguments);ch()};w.addEventListener('popstate',ch)}
-if(c.trackErrors){w.addEventListener('error',function(e){var ev=base('error');ev.event_name='js_error';ev.event_data={message:e.message||'Unknown',filename:e.filename||'',lineno:e.lineno||0};queue(ev)});w.addEventListener('unhandledrejection',function(e){var ev=base('error');ev.event_name='unhandled_rejection';ev.event_data={message:e.reason instanceof Error?e.reason.message:String(e.reason)};queue(ev)})}
-if(c.trackClicks){d.addEventListener('click',function(e){var t=e.target;if(!t)return;var a=t.closest('[data-analytics]');if(!a)return;var ev=base('click');ev.event_name=a.getAttribute('data-analytics');queue(ev)},true)}
-if(c.trackScroll){var ms=new Set(),mx=0;function gs(){var st=w.scrollY||d.documentElement.scrollTop,sh=d.documentElement.scrollHeight-d.documentElement.clientHeight;return sh<=0?100:Math.min(100,Math.round(st/sh*100))}w.addEventListener('scroll',function(){var dp=gs();if(dp>mx)mx=dp;[25,50,75,100].forEach(function(m){if(dp>=m&&!ms.has(m)){ms.add(m);var ev=base('scroll');ev.event_name='scroll_'+m;ev.scroll_depth=m;queue(ev)}})},{passive:true})}
-if(c.trackWebVitals!==false&&typeof PerformanceObserver!=='undefined'){var wvLcp=0,wvCls=0,wvInp=0,wvPath=location.pathname,wvSent={};function wvReset(){wvLcp=0;wvCls=0;wvInp=0;wvSent={}}function wvSend(){var p=wvPath;if(wvLcp>0&&!wvSent.lcp){wvSent.lcp=1;var ev=base('web_vital');ev.event_name='lcp';ev.lcp=Math.round(wvLcp);ev.path=p;queue(ev)}if(!wvSent.cls){wvSent.cls=1;var ev=base('web_vital');ev.event_name='cls';ev.cls=Math.round(wvCls*1000)/1000;ev.path=p;queue(ev)}if(wvInp>0&&!wvSent.inp){wvSent.inp=1;var ev=base('web_vital');ev.event_name='inp';ev.inp=Math.round(wvInp);ev.path=p;queue(ev)}flush()}try{var fcpObs=new PerformanceObserver(function(l){l.getEntries().forEach(function(e){if(e.name==='first-contentful-paint'){var ev=base('web_vital');ev.event_name='fcp';ev.fcp=Math.round(e.startTime);queue(ev);flush();fcpObs.disconnect()}})});fcpObs.observe({type:'paint',buffered:true})}catch(e){}try{new PerformanceObserver(function(l){var entries=l.getEntries();if(entries.length)wvLcp=entries[entries.length-1].startTime}).observe({type:'largest-contentful-paint',buffered:true})}catch(e){}try{new PerformanceObserver(function(l){l.getEntries().forEach(function(e){if(!e.hadRecentInput&&e.value)wvCls+=e.value})}).observe({type:'layout-shift',buffered:true})}catch(e){}try{new PerformanceObserver(function(l){l.getEntries().forEach(function(e){if(e.duration&&e.duration>wvInp)wvInp=e.duration})}).observe({type:'event',buffered:true})}catch(e){}d.addEventListener('visibilitychange',function(){if(d.visibilityState==='hidden')wvSend()});w.addEventListener('pagehide',wvSend);if(c.trackSPANavigation){var wvOp=history.pushState,wvOr=history.replaceState;function wvNav(){var np=location.pathname;if(np!==wvPath){wvSend();wvPath=np;wvReset()}}history.pushState=function(){wvOp.apply(this,arguments);wvNav()};history.replaceState=function(){wvOr.apply(this,arguments);wvNav()};w.addEventListener('popstate',wvNav)}}
-d.readyState==='complete'?pv():w.addEventListener('load',pv);
-w.agentuityAnalytics={track:function(n,p){var e=base('custom');e.event_name=n;if(p)e.event_data=p;queue(e)},flush:flush};
-})();\`;
-		
-		return new Response(beaconScript, {
-			headers: {
-				'Content-Type': 'application/javascript; charset=utf-8',
-				'Cache-Control': 'public, max-age=3600',
-			},
-		});
-	});
-}
-`
-		: `
-// Analytics disabled
-function injectAnalytics(html: string): string {
-	return html;
-}
-function registerAnalyticsRoutes(_app: ReturnType<typeof createRouter>): void {}
 `;
 
 	// Web routes (runtime mode detection)
@@ -353,8 +242,12 @@ if (isDevelopment()) {
 				.replace(/src="\\.\\//g, 'src="/src/web/')
 				.replace(/href="\\.\\//g, 'href="/src/web/');
 
-			// Inject analytics config and script (session/thread read from cookies by beacon)
-			html = injectAnalytics(html);
+${
+	analyticsEnabled
+		? `			// Inject analytics config and script (session/thread read from cookies by beacon)
+			html = injectAnalytics(html, analyticsConfig);`
+		: ''
+}
 
 			return new Response(html, {
 				status: res.status,
@@ -399,9 +292,13 @@ if (isDevelopment()) {
 		if (!baseIndexHtml) {
 			return c.text('Production build incomplete', 500);
 		}
-		// Inject analytics config and script (session/thread loaded via session.js)
-		const html = injectAnalytics(baseIndexHtml);
-		return c.html(html);
+${
+	analyticsEnabled
+		? `		// Inject analytics config and script (session/thread loaded via session.js)
+		const html = injectAnalytics(baseIndexHtml, analyticsConfig);
+		return c.html(html);`
+		: `		return c.html(baseIndexHtml);`
+}
 	};
 	
 	app.get('/', prodHtmlHandler);
@@ -553,8 +450,6 @@ ${imports.join('\n')}
 
 ${modeDetection}
 
-${analyticsHelper}
-
 // Step 0: Bootstrap runtime environment (load profile-specific .env files)
 // Only in development - production env vars are injected by platform
 // This must happen BEFORE any imports that depend on environment variables
@@ -589,11 +484,17 @@ app.use('*', createBaseMiddleware({
 	meter: otel.meter,
 }));
 
-app.use('/_agentuity/*', createCorsMiddleware());
+app.use('/_agentuity/workbench/*', createCorsMiddleware());
 app.use('/api/*', createCorsMiddleware());
 
 // Critical: otelMiddleware creates session/thread/waitUntilHandler
-app.use('/_agentuity/*', createOtelMiddleware());
+// Only apply to routes that need full session tracking:
+// - /api/* routes (agent/API invocations)
+// - /_agentuity/workbench/* routes (workbench API)
+// Explicitly excluded (no session tracking, no Catalyst events):
+// - /_agentuity/webanalytics/* (web analytics - uses lightweight cookie-only middleware)
+// - /_agentuity/health, /_agentuity/ready, /_agentuity/idle (health checks)
+app.use('/_agentuity/workbench/*', createOtelMiddleware());
 app.use('/api/*', createOtelMiddleware());
 
 // Critical: agentMiddleware sets up agent context
@@ -626,8 +527,12 @@ await sessionProvider.initialize(appState);
 
 ${healthRoutes}
 
-// Register analytics routes (if enabled)
-registerAnalyticsRoutes(app);
+${
+	analyticsEnabled
+		? `// Register analytics routes
+registerAnalyticsRoutes(app);`
+		: ''
+}
 
 ${assetProxyRoutes}
 ${apiMount}

package/src/cmd/build/webanalytics-generator.ts

@@ -0,0 +1,205 @@
+/**
+ * Web analytics beacon code generator
+ * Generates src/generated/webanalytics.ts with the analytics beacon script
+ */
+
+import { join } from 'node:path';
+import type { Logger, AnalyticsConfig } from '../../types';
+
+interface GenerateWebAnalyticsOptions {
+	rootDir: string;
+	logger: Logger;
+	analytics?: boolean | AnalyticsConfig;
+}
+
+/**
+ * Generate the web analytics files (webanalytics.ts and analytics-config.ts)
+ */
+export async function generateWebAnalyticsFile(
+	options: GenerateWebAnalyticsOptions
+): Promise<void> {
+	const { rootDir, logger, analytics } = options;
+
+	const srcDir = join(rootDir, 'src');
+	const generatedDir = join(srcDir, 'generated');
+	const analyticsPath = join(generatedDir, 'webanalytics.ts');
+	const configPath = join(generatedDir, 'analytics-config.ts');
+
+	logger.trace(`Generating web analytics files...`);
+
+	const analyticsEnabled = analytics !== false;
+	const analyticsConfig: AnalyticsConfig = typeof analytics === 'object' ? analytics : {};
+
+	// Generate the analytics config file with resolved values
+	const configCode = generateAnalyticsConfigCode(analyticsEnabled, analyticsConfig);
+	await Bun.write(configPath, configCode);
+
+	// Generate the webanalytics file
+	const code = analyticsEnabled ? getEnabledAnalyticsCode() : getDisabledAnalyticsCode();
+	await Bun.write(analyticsPath, code);
+
+	logger.trace(`Generated web analytics files at %s`, generatedDir);
+}
+
+function generateAnalyticsConfigCode(enabled: boolean, config: AnalyticsConfig): string {
+	return `// @generated
+// Auto-generated by Agentuity
+// DO NOT EDIT - This file is regenerated on every build
+
+export interface AnalyticsConfig {
+	enabled: boolean;
+	requireConsent: boolean;
+	trackClicks: boolean;
+	trackScroll: boolean;
+	trackOutboundLinks: boolean;
+	trackForms: boolean;
+	trackWebVitals: boolean;
+	trackErrors: boolean;
+	trackSPANavigation: boolean;
+	sampleRate: number;
+	excludePatterns: string[];
+	globalProperties: Record<string, unknown>;
+}
+
+export const analyticsConfig: AnalyticsConfig = {
+	enabled: ${enabled && config.enabled !== false},
+	requireConsent: ${config.requireConsent ?? false},
+	trackClicks: ${config.trackClicks ?? true},
+	trackScroll: ${config.trackScroll ?? true},
+	trackOutboundLinks: ${config.trackOutboundLinks ?? true},
+	trackForms: ${config.trackForms ?? false},
+	trackWebVitals: ${config.trackWebVitals ?? true},
+	trackErrors: ${config.trackErrors ?? true},
+	trackSPANavigation: ${config.trackSPANavigation ?? true},
+	sampleRate: ${config.sampleRate ?? 1},
+	excludePatterns: ${JSON.stringify(config.excludePatterns ?? [])},
+	globalProperties: ${JSON.stringify(config.globalProperties ?? {})},
+};
+`;
+}
+
+function getDisabledAnalyticsCode(): string {
+	return `// @generated
+// Auto-generated by Agentuity
+// DO NOT EDIT - This file is regenerated on every build
+
+import { createRouter } from '@agentuity/runtime';
+import type { AnalyticsConfig } from './analytics-config';
+
+// Analytics disabled
+export function injectAnalytics(html: string, _config: AnalyticsConfig): string {
+	return html;
+}
+
+export function registerAnalyticsRoutes(_app: ReturnType<typeof createRouter>): void {}
+`;
+}
+
+function getEnabledAnalyticsCode(): string {
+	return `// @generated
+// Auto-generated by Agentuity
+// DO NOT EDIT - This file is regenerated on every build
+
+import type { Context } from 'hono';
+import {
+	createRouter,
+	createWebSessionMiddleware,
+	getOrganizationId,
+	getProjectId,
+	isDevMode as runtimeIsDevMode,
+} from '@agentuity/runtime';
+import type { AnalyticsConfig } from './analytics-config';
+
+// Inject analytics config and script into HTML
+// Note: Only static config is injected (org, project, devmode, tracking options)
+// Session and thread IDs are read from cookies by the beacon script
+export function injectAnalytics(html: string, analyticsConfig: AnalyticsConfig): string {
+	if (!analyticsConfig.enabled) return html;
+
+	const orgId = getOrganizationId() || '';
+	const projectId = getProjectId() || '';
+	const isDevmode = runtimeIsDevMode();
+
+	// Only include static config - session/thread come from cookies
+	const pageConfig = {
+		...analyticsConfig,
+		orgId,
+		projectId,
+		isDevmode,
+	};
+
+	const configScript = \`<script>window.__AGENTUITY_ANALYTICS__=\${JSON.stringify(pageConfig)};</script>\`;
+	// Session script sets cookies and window.__AGENTUITY_SESSION__ (dynamic, not cached)
+	const sessionScript = '<script src="/_agentuity/webanalytics/session.js" async></script>';
+	// Beacon script reads from __AGENTUITY_SESSION__ and sends events (static, cached)
+	const beaconScript = '<script src="/_agentuity/webanalytics/analytics.js" async></script>';
+	const injection = configScript + sessionScript + beaconScript;
+
+	// Inject before </head> or at start of <body>
+	if (html.includes('</head>')) {
+		return html.replace('</head>', injection + '</head>');
+	}
+	if (html.includes('<body')) {
+		return html.replace(/<body([^>]*)>/, \`<body$1>\${injection}\`);
+	}
+	return injection + html;
+}
+
+// The beacon script - minified for production
+export const BEACON_SCRIPT = \`(function(){
+var w=window,d=document,c=w.__AGENTUITY_ANALYTICS__;
+if(!c||!c.enabled)return;
+var q=[],t=null,sr=false,E='/_agentuity/webanalytics/collect',geo=null;
+function id(){return crypto.randomUUID?crypto.randomUUID():Date.now()+'-'+Math.random().toString(36).substr(2,9)}
+function base(type){var e={id:id(),timestamp:Date.now(),timezone_offset:new Date().getTimezoneOffset(),event_type:type,url:location.href,path:location.pathname,referrer:d.referrer||'',title:d.title||'',screen_width:screen.width||0,screen_height:screen.height||0,viewport_width:innerWidth||0,viewport_height:innerHeight||0,device_pixel_ratio:devicePixelRatio||1,user_agent:navigator.userAgent||'',language:navigator.language||''};if(geo){e.country=geo.country||'';e.region=geo.region||'';e.city=geo.city||'';e.timezone=geo.timezone||''}return e}
+fetch('https://agentuity.sh/location').then(function(r){return r.json()}).then(function(g){geo=g;try{sessionStorage.setItem('agentuity_geo',JSON.stringify(g))}catch(e){}}).catch(function(){try{var cached=sessionStorage.getItem('agentuity_geo');if(cached)geo=JSON.parse(cached)}catch(e){}});try{var cached=sessionStorage.getItem('agentuity_geo');if(cached)geo=JSON.parse(cached)}catch(e){}
+function getSession(){return w.__AGENTUITY_SESSION__}
+function waitForSession(cb){var s=getSession();if(s){cb(s);return}var attempts=0,maxAttempts=50;var iv=setInterval(function(){s=getSession();if(s||++attempts>=maxAttempts){clearInterval(iv);cb(s)}},100)}
+function doFlush(s){if(!q.length)return;var events=q.splice(0);if(c.isDevmode){console.debug('[Agentuity Analytics]',events);return}var sid=s?s.sessionId:'',tid=s?s.threadId:'';var p={org_id:c.orgId,project_id:c.projectId,session_id:sid,thread_id:tid,visitor_id:localStorage.getItem('agentuity_vid')||'vid_'+id(),events:events};try{localStorage.setItem('agentuity_vid',p.visitor_id)}catch(e){}navigator.sendBeacon?navigator.sendBeacon(E,JSON.stringify(p)):fetch(E,{method:'POST',body:JSON.stringify(p),keepalive:true}).catch(function(){})}
+function flush(){if(sr){doFlush(getSession())}else{waitForSession(function(s){sr=true;doFlush(s)})}}
+function queue(e){if(c.sampleRate<1&&Math.random()>c.sampleRate)return;q.push(e);q.length>=10?flush():t||(t=setTimeout(function(){t=null;flush()},5000))}
+function pv(){var e=base('pageview');if(performance.getEntriesByType){var n=performance.getEntriesByType('navigation')[0];if(n){e.load_time=Math.round(n.loadEventEnd-n.startTime);e.dom_ready=Math.round(n.domContentLoadedEventEnd-n.startTime);e.ttfb=Math.round(n.responseStart-n.requestStart)}}queue(e)}
+w.addEventListener('visibilitychange',function(){d.visibilityState==='hidden'&&flush()});
+w.addEventListener('pagehide',flush);
+if(c.trackSPANavigation){var op=history.pushState,or=history.replaceState,cp=location.pathname;function ch(){var np=location.pathname;np!==cp&&(cp=np,pv())}history.pushState=function(){op.apply(this,arguments);ch()};history.replaceState=function(){or.apply(this,arguments);ch()};w.addEventListener('popstate',ch)}
+if(c.trackErrors){w.addEventListener('error',function(e){var ev=base('error');ev.event_name='js_error';ev.event_data=JSON.stringify({message:e.message||'Unknown',filename:e.filename||'',lineno:e.lineno||0});queue(ev)});w.addEventListener('unhandledrejection',function(e){var ev=base('error');ev.event_name='unhandled_rejection';ev.event_data=JSON.stringify({message:e.reason instanceof Error?e.reason.message:String(e.reason)});queue(ev)})}
+if(c.trackClicks){d.addEventListener('click',function(e){var t=e.target;if(!t)return;var a=t.closest('[data-analytics]');if(!a)return;var ev=base('click');ev.event_name=a.getAttribute('data-analytics');queue(ev)},true)}
+if(c.trackScroll){var ms=new Set(),mx=0;function gs(){var st=w.scrollY||d.documentElement.scrollTop,sh=d.documentElement.scrollHeight-d.documentElement.clientHeight;return sh<=0?100:Math.min(100,Math.round(st/sh*100))}w.addEventListener('scroll',function(){var dp=gs();if(dp>mx)mx=dp;[25,50,75,100].forEach(function(m){if(dp>=m&&!ms.has(m)){ms.add(m);var ev=base('scroll');ev.event_name='scroll_'+m;ev.scroll_depth=m;queue(ev)}})},{passive:true})}
+if(c.trackWebVitals!==false&&typeof PerformanceObserver!=='undefined'){var wvLcp=0,wvCls=0,wvInp=0,wvPath=location.pathname,wvSent={};function wvReset(){wvLcp=0;wvCls=0;wvInp=0;wvSent={}}function wvSend(){var p=wvPath;if(wvLcp>0&&!wvSent.lcp){wvSent.lcp=1;var ev=base('web_vital');ev.event_name='lcp';ev.lcp=Math.round(wvLcp);ev.path=p;queue(ev)}if(!wvSent.cls){wvSent.cls=1;var ev=base('web_vital');ev.event_name='cls';ev.cls=Math.round(wvCls*1000)/1000;ev.path=p;queue(ev)}if(wvInp>0&&!wvSent.inp){wvSent.inp=1;var ev=base('web_vital');ev.event_name='inp';ev.inp=Math.round(wvInp);ev.path=p;queue(ev)}flush()}try{var fcpObs=new PerformanceObserver(function(l){l.getEntries().forEach(function(e){if(e.name==='first-contentful-paint'){var ev=base('web_vital');ev.event_name='fcp';ev.fcp=Math.round(e.startTime);queue(ev);flush();fcpObs.disconnect()}})});fcpObs.observe({type:'paint',buffered:true})}catch(e){}try{new PerformanceObserver(function(l){var entries=l.getEntries();if(entries.length)wvLcp=entries[entries.length-1].startTime}).observe({type:'largest-contentful-paint',buffered:true})}catch(e){}try{new PerformanceObserver(function(l){l.getEntries().forEach(function(e){if(!e.hadRecentInput&&e.value)wvCls+=e.value})}).observe({type:'layout-shift',buffered:true})}catch(e){}try{new PerformanceObserver(function(l){l.getEntries().forEach(function(e){if(e.duration&&e.duration>wvInp)wvInp=e.duration})}).observe({type:'event',buffered:true})}catch(e){}d.addEventListener('visibilitychange',function(){if(d.visibilityState==='hidden')wvSend()});w.addEventListener('pagehide',wvSend);if(c.trackSPANavigation){var wvOp=history.pushState,wvOr=history.replaceState;function wvNav(){var np=location.pathname;if(np!==wvPath){wvSend();wvPath=np;wvReset()}}history.pushState=function(){wvOp.apply(this,arguments);wvNav()};history.replaceState=function(){wvOr.apply(this,arguments);wvNav()};w.addEventListener('popstate',wvNav)}}
+d.readyState==='complete'?pv():w.addEventListener('load',pv);
+w.agentuityAnalytics={track:function(n,p){var e=base('custom');e.event_name=n;if(p)e.event_data=JSON.stringify(p);queue(e)},flush:flush};
+})()\`;
+
+// Serve analytics routes
+export function registerAnalyticsRoutes(app: ReturnType<typeof createRouter>): void {
+	// Dynamic thread config script - sets cookie and returns thread ID
+	// Web analytics only tracks thread ID, not session ID (to avoid polluting sessions table)
+	// This endpoint is NOT cached - it generates unique data per request
+	app.get('/_agentuity/webanalytics/session.js', createWebSessionMiddleware(), async (c: Context) => {
+		// Read from context (cookies aren't readable until the next request)
+		const threadId = c.get('_webThreadId') || '';
+
+		// Use JSON.stringify to safely escape threadId and prevent XSS/injection
+		const sessionData = JSON.stringify({ threadId });
+		const sessionScript = \`window.__AGENTUITY_SESSION__=\${sessionData};\`;
+
+		return new Response(sessionScript, {
+			headers: {
+				'Content-Type': 'application/javascript; charset=utf-8',
+				'Cache-Control': 'no-store, no-cache, must-revalidate',
+			},
+		});
+	});
+
+	// Static beacon script - can be cached
+	app.get('/_agentuity/webanalytics/analytics.js', async (c: Context) => {
+		return new Response(BEACON_SCRIPT, {
+			headers: {
+				'Content-Type': 'application/javascript; charset=utf-8',
+				'Cache-Control': 'public, max-age=3600',
+			},
+		});
+	});
+}
+`;
+}

package/src/cmd/cloud/deploy.ts

@@ -370,25 +370,7 @@ export const deploySubcommand = createSubcommand({
 							}
 						},
 					},
-					{
-						label: 'Create Deployment',
-						run: async () => {
-							if (useExistingDeployment) {
-								return stepSkipped('using pre-created deployment');
-							}
-							try {
-								deployment = await projectDeploymentCreate(
-									apiClient,
-									project.projectId,
-									project.deployment
-								);
-								return stepSuccess();
-							} catch (ex) {
-								const _ex = ex as { message?: string };
-								return stepError(_ex.message ?? String(_ex), ex as Error);
-							}
-						},
-					},
+
 					{
 						label: 'Build, Verify and Package',
 						run: async () => {

package/src/tui.ts

@@ -67,14 +67,16 @@ export const ICONS = {
 } as const;
 
 /**
- * Check if we should treat stdout as a TTY (real TTY or FORCE_COLOR set by fork wrapper)
- * Returns false in CI environments since CI terminals don't support cursor control sequences
+ * Check if we should treat the terminal as TTY-like for interactive output
+ * (real TTY on stdout or stderr, or FORCE_COLOR set by fork wrapper).
+ * Returns false in CI environments since CI terminals often don't support
+ * cursor control sequences reliably.
  */
 export function isTTYLike(): boolean {
 	if (process.env.CI) {
 		return false;
 	}
-	return process.stdout.isTTY || process.env.FORCE_COLOR === '1';
+	return !!process.stdout.isTTY || !!process.stderr.isTTY || process.env.FORCE_COLOR === '1';
 }
 
 /**
@@ -1120,8 +1122,9 @@ export async function spinner<T>(
 	const outputOptions = getOutputOptions();
 	const noProgress = outputOptions ? shouldDisableProgress(outputOptions) : false;
 
-	// If no TTY or progress disabled, just execute the callback without animation
-	if (!process.stderr.isTTY || noProgress) {
+	// If no interactive TTY-like environment or progress disabled, just execute
+	// the callback without animation
+	if (!isTTYLike() || noProgress) {
 		try {
 			const result =
 				options.type === 'progress'