@agentuity/cli 0.1.28 → 0.1.29

package/src/cmd/canary/index.ts

@@ -1,22 +1,14 @@
 import { createCommand } from '../../types';
-import { getPlatformInfo } from '../upgrade';
-import { downloadWithProgress } from '../../download';
 import { z } from 'zod';
 import { $ } from 'bun';
-import { join } from 'node:path';
-import { homedir } from 'node:os';
-import { readdir, rm, mkdir, stat } from 'node:fs/promises';
-import { createHash } from 'node:crypto';
 import * as tui from '../../tui';
 
-const CANARY_CACHE_DIR = join(homedir(), '.agentuity', 'canary');
-const CANARY_BASE_URL = 'https://agentuity-sdk-objects.t3.storage.dev/binary';
-const CACHE_MAX_AGE_MS = 7 * 24 * 60 * 60 * 1000; // 7 days
+const CANARY_BASE_URL = 'https://agentuity-sdk-objects.t3.storage.dev/npm';
 
 const CanaryArgsSchema = z.object({
 	args: z
 		.array(z.string())
-		.describe('Version/URL followed by commands to run (e.g., 0.1.6-abc1234 deploy --force)'),
+		.describe('Version followed by commands to run (e.g., 0.1.6-abc1234 deploy --force)'),
 });
 
 const CanaryResponseSchema = z.object({
@@ -25,81 +17,12 @@ const CanaryResponseSchema = z.object({
 	message: z.string().describe('Status message'),
 });
 
-function isUrl(str: string): boolean {
-	return str.startsWith('http://') || str.startsWith('https://');
+function isHttpsUrl(str: string): boolean {
+	return str.startsWith('https://');
 }
 
-function getBinaryFilename(platform: { os: string; arch: string }): string {
-	return `agentuity-${platform.os}-${platform.arch}.gz`;
-}
-
-function getCachePath(version: string): string {
-	return join(CANARY_CACHE_DIR, version, 'agentuity');
-}
-
-function hashUrl(url: string): string {
-	return createHash('sha256').update(url).digest('hex').slice(0, 12);
-}
-
-async function cleanupOldCanaries(): Promise<void> {
-	try {
-		await mkdir(CANARY_CACHE_DIR, { recursive: true });
-		const entries = await readdir(CANARY_CACHE_DIR);
-		const now = Date.now();
-
-		for (const entry of entries) {
-			const entryPath = join(CANARY_CACHE_DIR, entry);
-			try {
-				const stats = await stat(entryPath);
-				if (now - stats.mtimeMs > CACHE_MAX_AGE_MS) {
-					await rm(entryPath, { recursive: true, force: true });
-				}
-			} catch {
-				// Ignore errors for individual entries
-			}
-		}
-	} catch {
-		// Ignore cleanup errors
-	}
-}
-
-async function downloadCanary(url: string, destPath: string): Promise<void> {
-	const destDir = join(destPath, '..');
-	await mkdir(destDir, { recursive: true });
-
-	const gzPath = `${destPath}.gz`;
-
-	const stream = await downloadWithProgress({
-		url,
-		message: 'Downloading canary...',
-	});
-
-	const writer = Bun.file(gzPath).writer();
-	for await (const chunk of stream) {
-		writer.write(chunk);
-	}
-	await writer.end();
-
-	if (!(await Bun.file(gzPath).exists())) {
-		throw new Error('Download failed - file not created');
-	}
-
-	try {
-		await $`gunzip ${gzPath}`.quiet();
-	} catch (error) {
-		if (await Bun.file(gzPath).exists()) {
-			await $`rm ${gzPath}`.quiet();
-		}
-		throw new Error(
-			`Decompression failed: ${error instanceof Error ? error.message : 'Unknown error'}`
-		);
-	}
-
-	if (!(await Bun.file(destPath).exists())) {
-		throw new Error('Decompression failed - file not found');
-	}
-
-	await $`chmod 755 ${destPath}`.quiet();
+function isHttpUrl(str: string): boolean {
+	return str.startsWith('http://') && !str.startsWith('https://');
 }
 
 export const command = createCommand({
@@ -114,22 +37,18 @@ export const command = createCommand({
 	},
 
 	async handler(ctx) {
-		const { args } = ctx;
+		const { args, logger } = ctx;
 
 		// Get raw args from process.argv to capture ALL args after 'canary <version>'
-		// This ensures we forward everything including flags like --json, --force, etc.
 		const argv = process.argv;
 		const canaryIndex = argv.indexOf('canary');
 
 		if (args.args.length === 0) {
-			tui.error('Usage: agentuity canary <version|url> [commands...]');
+			tui.error('Usage: agentuity canary <version> [commands...]');
 			tui.newline();
 			tui.info('Examples:');
 			tui.info('  agentuity canary 0.1.6-abc1234');
 			tui.info('  agentuity canary 0.1.6-abc1234 deploy --log-level trace');
-			tui.info(
-				'  agentuity canary https://agentuity-sdk-objects.t3.storage.dev/binary/0.1.6-abc1234/agentuity-darwin-arm64.gz'
-			);
 			return {
 				executed: false,
 				version: '',
@@ -138,77 +57,83 @@ export const command = createCommand({
 		}
 
 		// Get target from parsed args, but get forward args from raw argv
-		// This captures ALL args after the version including any flags
 		const target = args.args[0];
 		const targetIndex = canaryIndex >= 0 ? argv.indexOf(target, canaryIndex) : -1;
 		const forwardArgs = targetIndex >= 0 ? argv.slice(targetIndex + 1) : args.args.slice(1);
 
-		// Clean up old canaries in background
-		cleanupOldCanaries().catch(() => {});
+		// Reject HTTP URLs for security
+		if (isHttpUrl(target)) {
+			tui.error('HTTP URLs are not allowed. Please use HTTPS.');
+			return {
+				executed: false,
+				version: '',
+				message: 'HTTP URLs are not allowed for security reasons',
+			};
+		}
 
-		const platform = getPlatformInfo();
 		let version: string;
-		let downloadUrl: string;
-		let cachePath: string;
-
-		if (isUrl(target)) {
-			// Extract version from URL, or create a unique hash for custom URLs
-			const match = target.match(/\/binary\/([^/]+)\//);
-			version = match ? match[1] : `custom-${hashUrl(target)}`;
-			downloadUrl = target;
-			cachePath = getCachePath(version);
+		let tarballUrl: string;
+
+		if (isHttpsUrl(target)) {
+			// Direct URL to tarball
+			tarballUrl = target;
+			// Extract version from URL if possible
+			const match = target.match(/agentuity-cli-(\d+\.\d+\.\d+-[a-f0-9]+)\.tgz/);
+			version = match ? match[1] : 'custom';
 		} else {
-			// Treat as version string
+			// Version string - construct URL
 			version = target;
-			const filename = getBinaryFilename(platform);
-			downloadUrl = `${CANARY_BASE_URL}/${version}/${filename}`;
-			cachePath = getCachePath(version);
+			tarballUrl = `${CANARY_BASE_URL}/${version}/agentuity-cli-${version}.tgz`;
 		}
 
-		// Check cache
-		if (await Bun.file(cachePath).exists()) {
-			tui.info(`Using cached canary ${version}`);
-		} else {
-			tui.info(`Downloading canary ${version}...`);
-			try {
-				await downloadCanary(downloadUrl, cachePath);
-				tui.success(`Downloaded canary ${version}`);
-			} catch (error) {
-				tui.error(
-					`Failed to download canary: ${error instanceof Error ? error.message : 'Unknown error'}`
-				);
+		tui.info(`Installing canary CLI version ${version}...`);
+		logger.debug('Tarball URL: %s', tarballUrl);
+
+		try {
+			// Install the canary version globally using the tarball URL
+			const installResult = await $`bun add -g ${tarballUrl}`.quiet().nothrow();
+
+			if (installResult.exitCode !== 0) {
+				const stderr = installResult.stderr.toString();
+				tui.error(`Failed to install canary version: ${stderr}`);
 				return {
 					executed: false,
 					version,
-					message: `Failed to download: ${error instanceof Error ? error.message : 'Unknown error'}`,
+					message: `Installation failed: ${stderr}`,
 				};
 			}
-		}
 
-		// Update access time
-		try {
-			await $`touch -a -m ${cachePath}`.quiet();
-		} catch {
-			// Ignore touch errors
-		}
+			tui.success(`Installed canary version ${version}`);
+
+			// If no additional args, just report success
+			if (forwardArgs.length === 0) {
+				tui.info('Run commands with: agentuity <command>');
+				return {
+					executed: true,
+					version,
+					message: `Canary version ${version} installed. Use 'agentuity <command>' to run commands.`,
+				};
+			}
+
+			// Execute the command with the newly installed canary
+			tui.info(`Running: agentuity ${forwardArgs.join(' ')}`);
+			tui.newline();
+
+			const result = await $`agentuity ${forwardArgs}`.nothrow();
 
-		tui.newline();
-		tui.info(`Running canary ${version}...`);
-		tui.newline();
-
-		// Execute the canary binary with forwarded args
-		// Skip version check in the canary binary to avoid upgrade prompts
-		const proc = Bun.spawn([cachePath, ...forwardArgs], {
-			stdin: 'inherit',
-			stdout: 'inherit',
-			stderr: 'inherit',
-			env: {
-				...process.env,
-				AGENTUITY_SKIP_VERSION_CHECK: '1',
-			},
-		});
-
-		const exitCode = await proc.exited;
-		process.exit(exitCode);
+			return {
+				executed: true,
+				version,
+				message: result.exitCode === 0 ? 'Command executed successfully' : 'Command failed',
+			};
+		} catch (error) {
+			const message = error instanceof Error ? error.message : 'Unknown error';
+			tui.error(`Failed to run canary: ${message}`);
+			return {
+				executed: false,
+				version,
+				message,
+			};
+		}
 	},
 });

package/src/cmd/cloud/deploy.ts

@@ -4,7 +4,6 @@ import { createPublicKey } from 'node:crypto';
 import { createReadStream, createWriteStream, existsSync, mkdirSync, writeFileSync } from 'node:fs';
 import { tmpdir } from 'node:os';
 import { StructuredError } from '@agentuity/core';
-import { isRunningFromExecutable } from '../upgrade';
 import { createSubcommand, DeployOptionsSchema } from '../../types';
 import { getUserAgent } from '../../api';
 import * as tui from '../../tui';
@@ -737,18 +736,8 @@ export const deploySubcommand = createSubcommand({
 									return stepError(errorMsg);
 								}
 
-								// Workaround for Bun crash in compiled executables (https://github.com/agentuity/sdk/issues/191)
-								// Use limited concurrency (1 at a time) for executables to avoid parallel fetch crash
-								const isExecutable = isRunningFromExecutable();
-								const concurrency = isExecutable ? 1 : Math.min(4, build.assets.length);
-
-								if (isExecutable) {
-									ctx.logger.trace(
-										`Running from executable - using limited concurrency (${concurrency} uploads at a time)`
-									);
-								}
-
 								// Process assets in batches with limited concurrency
+								const concurrency = Math.min(4, build.assets.length);
 								for (let i = 0; i < build.assets.length; i += concurrency) {
 									const batch = build.assets.slice(i, i + concurrency);
 									const promises: Promise<Response>[] = [];

package/src/cmd/dev/api.ts

@@ -2,16 +2,28 @@ import { APIResponseSchema } from '@agentuity/server';
 import { z } from 'zod';
 import type { APIClient } from '../../api';
 import { StructuredError } from '@agentuity/core';
+import { createPublicKey } from 'crypto';
 
 const DevmodeRequestSchema = z.object({
 	hostname: z.string().optional().describe('the hostname for the endpoint'),
+	publicKey: z.string().optional().describe('the public key PEM for the endpoint'),
 });
 
 type DevmodeRequest = z.infer<typeof DevmodeRequestSchema>;
 
+function extractPublicKeyPEM(privateKeyPEM: string): string | undefined {
+	try {
+		const publicKey = createPublicKey(privateKeyPEM);
+		return publicKey.export({ type: 'spki', format: 'pem' }) as string;
+	} catch {
+		return undefined;
+	}
+}
+
 const DevmodeResponseSchema = z.object({
 	id: z.string(),
 	hostname: z.string(),
+	privateKey: z.string().optional(),
 });
 export type DevmodeResponse = z.infer<typeof DevmodeResponseSchema>;
 
@@ -26,18 +38,22 @@ const DevmodeEndpointError = StructuredError('DevmodeEndpointError');
  * @param apiClient the api client to use
  * @param projectId the project id
  * @param hostname the hostname is already configured
+ * @param privateKey the private key PEM if already configured
  * @returns
  */
 export async function generateEndpoint(
 	apiClient: APIClient,
 	projectId: string,
-	hostname?: string
+	hostname?: string,
+	privateKey?: string
 ): Promise<DevmodeResponse> {
+	const publicKey = privateKey ? extractPublicKeyPEM(privateKey) : undefined;
+
 	const resp = await apiClient.request<DevmodeResponseAPI, DevmodeRequest>(
 		'POST',
-		`/cli/devmode/2/${projectId}`,
+		`/cli/devmode/3/${projectId}`,
 		DevmodeResponseAPISchema,
-		{ hostname },
+		{ hostname, publicKey },
 		DevmodeRequestSchema
 	);
 

package/src/cmd/dev/index.ts

@@ -377,20 +377,34 @@ export const command = createCommand({
 			let gravityBin: string | undefined;
 			let gravityURL: string | undefined;
 			let appURL: string | undefined;
+			let savedPrivateKey: string | undefined = config?.devmode?.privateKey
+				? Buffer.from(config.devmode.privateKey, 'base64').toString('utf-8')
+				: undefined;
 
 			if (auth && project && opts.public) {
 				// Generate devmode endpoint for public URL
 				const endpoint = await tui.spinner({
 					message: 'Connecting to Gravity',
 					callback: () => {
-						return generateEndpoint(apiClient!, project.projectId, config?.devmode?.hostname);
+						return generateEndpoint(
+							apiClient!,
+							project.projectId,
+							config?.devmode?.hostname,
+							savedPrivateKey
+						);
 					},
 					clearOnSuccess: true,
 				});
 
+				if (endpoint.privateKey) {
+					savedPrivateKey = endpoint.privateKey;
+				}
 				const _config = { ...config } as Config;
 				_config.devmode = {
 					hostname: endpoint.hostname,
+					privateKey: savedPrivateKey
+						? Buffer.from(savedPrivateKey).toString('base64')
+						: undefined,
 				};
 				await saveConfig(_config);
 				config = _config;
@@ -1062,6 +1076,12 @@ export const command = createCommand({
 							rootDir,
 							devmode.id
 						);
+						const privateKeyPEM = devmode.privateKey ?? savedPrivateKey;
+						if (!privateKeyPEM) {
+							throw new Error(
+								'No private key available for gravity connection. Please re-run to generate a new key.'
+							);
+						}
 						gravityProcess = Bun.spawn(
 							[
 								gravityBin,
@@ -1077,8 +1097,8 @@ export const command = createCommand({
 								project.orgId,
 								'--project-id',
 								project.projectId,
-								'--token',
-								process.env.AGENTUITY_SDK_KEY!, // set above
+								'--private-key',
+								Buffer.from(privateKeyPEM).toString('base64'),
 								'--health-check',
 							],
 							{

package/src/cmd/index.ts

@@ -1,5 +1,4 @@
 import type { CommandDefinition } from '../types';
-import { isRunningFromExecutable } from './upgrade';
 
 // Use dynamic imports for bundler compatibility while maintaining lazy loading
 export async function discoverCommands(): Promise<CommandDefinition[]> {
@@ -21,14 +20,8 @@ export async function discoverCommands(): Promise<CommandDefinition[]> {
 	]);
 
 	const commands: CommandDefinition[] = [];
-	const isExecutable = isRunningFromExecutable();
 
 	for (const cmd of commandModules) {
-		// Skip commands that require running from an executable when not in one
-		if (cmd.executable && !isExecutable) {
-			continue;
-		}
-
 		commands.push(cmd);
 
 		// Auto-create hidden top-level aliases for subcommands with toplevel: true

package/src/cmd/setup/index.ts

@@ -37,15 +37,14 @@ export const command = createCommand({
 						message: 'Validating your identity',
 						clearOnSuccess: true,
 						callback: async () => {
-							// For compiled binaries, process.argv contains virtual paths (/$bunfs/root/...)
-							// Use process.execPath which has the actual binary path
-							const isCompiledBinary = process.argv[1]?.startsWith('/$bunfs/');
-							const cmd = isCompiledBinary
-								? [
-										process.execPath,
-										...process.argv.slice(2).map((x) => (x === 'setup' ? 'login' : x)),
-									]
-								: process.argv.map((x) => (x === 'setup' ? 'login' : x));
+							// Re-run the CLI with 'login' instead of 'setup'
+							// Only replace the first occurrence of 'setup' to avoid replacing user data
+							const argv = process.argv;
+							const setupIndex = argv.indexOf('setup');
+							const cmd =
+								setupIndex >= 0
+									? [...argv.slice(0, setupIndex), 'login', ...argv.slice(setupIndex + 1)]
+									: argv;
 							const r = Bun.spawn({
 								cmd: cmd.concat('--json'),
 								stdout: 'pipe',