@agentuity/cli 0.1.36 → 0.1.38

package/src/agent-detection.ts

@@ -0,0 +1,262 @@
+import { spawn } from 'node:child_process';
+
+/**
+ * Map of process names to internal agent short names.
+ * The key is the process name (or substring) that appears in the parent process command line.
+ * The value is the internal short name used to identify the agent.
+ *
+ * Process names verified via `agentuity cloud sandbox run --runtime <agent>:latest`:
+ * - opencode: binary 'opencode' (from bun install -g opencode-ai)
+ * - codex: binary 'codex' (from npm install -g @openai/codex)
+ * - cursor: binary 'cursor-agent' (from curl installer)
+ * - claude-code: binary 'claude', shows as 'node /usr/local/bin/claude'
+ * - copilot: binary 'copilot', shows as 'node /usr/local/bin/copilot' and spawns native binary
+ * - gemini: binary 'gemini', shows as 'node /usr/local/bin/gemini'
+ * - amp: binary 'amp', shows as 'node --no-warnings /usr/local/bin/amp'
+ *
+ * IMPORTANT: Order matters! More specific patterns should come before less specific ones.
+ * For example, 'opencode' must be checked before 'code' to avoid false matches.
+ */
+export const KNOWN_AGENTS: [string, string][] = [
+	// Verified via cloud sandbox runtime - most specific patterns first
+	['opencode', 'opencode'],
+	['codex', 'codex'],
+	['cursor-agent', 'cursor'],
+	['claude', 'claude-code'],
+	['copilot', 'copilot'],
+	['gemini', 'gemini'],
+	['cline', 'cline'],
+	['roo-code', 'roo'],
+	['windsurf', 'windsurf'],
+	['zed', 'zed'],
+	['amp', 'amp'],
+	// TODO: VSCode Agent Mode detection - need to find a reliable way to detect
+	// when VSCode's built-in agent (Copilot Chat) is running commands vs just
+	// running in VSCode's integrated terminal. May need env var detection.
+];
+
+export type KnownAgent = (typeof KNOWN_AGENTS)[number][1];
+
+/**
+ * Promise for the detection result (set when detection starts)
+ */
+let detectionPromise: Promise<string | undefined> | null = null;
+
+/**
+ * Cached result after detection completes (null = not yet resolved)
+ */
+let cachedResult: string | undefined | null = null;
+
+/**
+ * Callbacks to invoke when agent detection completes
+ */
+const detectionCallbacks: Array<(agent: string | undefined) => void> = [];
+
+/**
+ * Get the command line and parent PID for a given PID in a single ps call
+ */
+function getProcessInfo(pid: number): Promise<{ command: string; ppid: number } | undefined> {
+	return new Promise((resolve) => {
+		const ps = spawn('ps', ['-p', String(pid), '-o', 'ppid=,command='], {
+			stdio: ['ignore', 'pipe', 'ignore'],
+		});
+
+		let output = '';
+
+		ps.stdout.on('data', (data: Buffer) => {
+			output += data.toString();
+		});
+
+		ps.on('close', () => {
+			const trimmed = output.trim();
+			if (!trimmed) {
+				resolve(undefined);
+				return;
+			}
+
+			// Output format: "  PPID COMMAND" (ppid is right-aligned, then space, then command)
+			const match = trimmed.match(/^\s*(\d+)\s+(.+)$/);
+			if (!match) {
+				resolve(undefined);
+				return;
+			}
+
+			const ppid = parseInt(match[1], 10);
+			const command = match[2].toLowerCase();
+
+			if (isNaN(ppid) || ppid <= 1 || !command) {
+				resolve(undefined);
+				return;
+			}
+
+			resolve({ command, ppid });
+		});
+
+		ps.on('error', () => {
+			resolve(undefined);
+		});
+	});
+}
+
+/**
+ * Check if a command matches any known agent
+ */
+function matchAgent(command: string): string | undefined {
+	for (const [processName, agentName] of KNOWN_AGENTS) {
+		if (command.includes(processName)) {
+			return agentName;
+		}
+	}
+	return undefined;
+}
+
+/**
+ * Detect the parent process command and check if it matches a known agent.
+ * Walks up the process tree to find the first matching agent.
+ */
+function detectParentAgent(): Promise<string | undefined> {
+	return new Promise((resolve) => {
+		// TODO: Implement Windows support using wmic or PowerShell
+		if (process.platform === 'win32') {
+			resolve(undefined);
+			return;
+		}
+
+		const maxDepth = 10; // Limit how far up we walk the tree
+
+		async function walkTree(pid: number, depth: number): Promise<string | undefined> {
+			if (depth >= maxDepth || pid <= 1) {
+				return undefined;
+			}
+
+			// Get both command and parent PID in a single ps call
+			const info = await getProcessInfo(pid);
+			if (!info) {
+				return undefined;
+			}
+
+			// Check if this process matches a known agent
+			const agent = matchAgent(info.command);
+			if (agent) {
+				return agent;
+			}
+
+			// Walk up to parent
+			return walkTree(info.ppid, depth + 1);
+		}
+
+		const ppid = process.ppid;
+		if (!ppid) {
+			resolve(undefined);
+			return;
+		}
+
+		walkTree(ppid, 0).then(resolve).catch(() => resolve(undefined));
+	});
+}
+
+/**
+ * Start agent detection immediately (non-blocking).
+ * Call this early in CLI startup to begin detection in the background.
+ */
+export function startAgentDetection(): void {
+	if (detectionPromise !== null) {
+		// Already started
+		return;
+	}
+
+	detectionPromise = detectParentAgent().then((result) => {
+		cachedResult = result;
+		// Invoke all registered callbacks
+		for (const callback of detectionCallbacks) {
+			try {
+				callback(result);
+			} catch {
+				// Ignore callback errors
+			}
+		}
+		return result;
+	});
+}
+
+/**
+ * Register a callback to be invoked when agent detection completes.
+ * If detection has already completed, the callback is invoked immediately.
+ * This is non-blocking and does not return a promise.
+ *
+ * @example
+ * ```typescript
+ * onAgentDetected((agent) => {
+ *   if (agent) {
+ *     console.log(`Detected agent: ${agent}`);
+ *   }
+ * });
+ * ```
+ */
+export function onAgentDetected(callback: (agent: string | undefined) => void): void {
+	// If detection already completed, invoke immediately
+	if (cachedResult !== null) {
+		try {
+			callback(cachedResult);
+		} catch {
+			// Ignore callback errors
+		}
+		return;
+	}
+
+	// Otherwise, register for later invocation
+	detectionCallbacks.push(callback);
+}
+
+/**
+ * Get the cached detection result synchronously.
+ * Returns undefined if detection hasn't completed yet or no agent was detected.
+ * Returns null if detection hasn't started or completed yet.
+ *
+ * Use this for synchronous access when you don't want to wait for detection.
+ */
+export function getDetectedAgent(): string | undefined | null {
+	return cachedResult;
+}
+
+/**
+ * Wait for agent detection to complete and ensure all callbacks have been invoked.
+ * Call this before CLI exit to ensure the detected agent is written to session logs.
+ *
+ * This is a no-op if detection hasn't started or has already completed.
+ */
+export async function flushAgentDetection(): Promise<void> {
+	if (detectionPromise !== null) {
+		await detectionPromise;
+	}
+}
+
+/**
+ * Check if the CLI is being executed from a known coding agent.
+ * Returns the agent name if detected, undefined otherwise.
+ *
+ * This function returns immediately if detection has already completed,
+ * otherwise it awaits the detection promise started by startAgentDetection().
+ *
+ * @example
+ * ```typescript
+ * const agent = await isExecutingFromAgent();
+ * if (agent) {
+ *   logger.debug(`Running from agent: ${agent}`);
+ * }
+ * ```
+ */
+export async function isExecutingFromAgent(): Promise<string | undefined> {
+	// Return cached result if detection has completed
+	if (cachedResult !== null) {
+		return cachedResult;
+	}
+
+	// If detection hasn't started yet, start it now
+	if (detectionPromise === null) {
+		startAgentDetection();
+	}
+
+	// Wait for detection to complete
+	return detectionPromise!;
+}

package/src/cache/index.ts

@@ -9,3 +9,5 @@ export {
 	type ResourceType,
 	type ResourceInfo,
 } from './resource-region';
+
+export { getCachedProject, setCachedProject, clearProjectCache } from './project-cache';

package/src/cache/project-cache.ts

@@ -0,0 +1,41 @@
+import type { Project } from '@agentuity/server';
+
+/**
+ * In-memory cache for project data to avoid duplicate API calls within a single CLI command execution.
+ * This cache is NOT persisted to disk - it only lives for the duration of the CLI process.
+ *
+ * The cache key is `{profile}:{projectId}` to ensure proper isolation between profiles.
+ */
+const projectCache = new Map<string, Project>();
+
+/**
+ * Generate a cache key from profile and project ID
+ */
+function getCacheKey(profile: string, projectId: string): string {
+	return `${profile}:${projectId}`;
+}
+
+/**
+ * Get a cached project by profile and project ID.
+ * Returns null if not found in cache.
+ */
+export function getCachedProject(profile: string, projectId: string): Project | null {
+	const key = getCacheKey(profile, projectId);
+	return projectCache.get(key) ?? null;
+}
+
+/**
+ * Store a project in the cache.
+ */
+export function setCachedProject(profile: string, projectId: string, project: Project): void {
+	const key = getCacheKey(profile, projectId);
+	projectCache.set(key, project);
+}
+
+/**
+ * Clear all cached projects.
+ * Useful for testing or when switching contexts.
+ */
+export function clearProjectCache(): void {
+	projectCache.clear();
+}

package/src/cli.ts

@@ -27,6 +27,7 @@ import { getCommand } from './command-prefix';
 import { isValidateMode, outputValidation, type ValidationResult } from './output';
 import { StructuredError } from '@agentuity/core';
 import { setProgram } from './program-ref';
+import { getCachedProject, setCachedProject } from './cache';
 
 /**
  * Check if an error is a CLI input validation error (Zod error from schema parsing),
@@ -1052,8 +1053,15 @@ async function registerSubcommand(
 							},
 						};
 						const apiClient = createAPIClient(baseCtx, configWithAuth as Config);
-						const { projectGet } = await import('@agentuity/server');
-						const projectDetails = await projectGet(apiClient, { id: projectId, mask: true });
+						// Check cache first to avoid duplicate API calls
+						const profile = baseCtx.config?.name ?? 'default';
+						let projectDetails = getCachedProject(profile, projectId);
+						if (!projectDetails) {
+							const { projectGet } = await import('@agentuity/server');
+							// Use keys: false to match other callers and ensure cache consistency
+							projectDetails = await projectGet(apiClient, { id: projectId, keys: false });
+							setCachedProject(profile, projectId, projectDetails);
+						}
 						project = {
 							projectId: projectDetails.id,
 							orgId: projectDetails.orgId,

package/src/cmd/auth/index.ts

@@ -6,7 +6,6 @@ import { signupCommand } from './signup';
 import { whoamiCommand } from './whoami';
 import { sshSubcommand } from './ssh';
 import { orgSubcommand } from './org';
-import { machineSubcommand } from './machine';
 import { getCommand } from '../../command-prefix';
 
 export const command = createCommand({
@@ -26,6 +25,5 @@ export const command = createCommand({
 		whoamiCommand,
 		sshSubcommand,
 		orgSubcommand,
-		machineSubcommand,
 	],
 });

package/src/cmd/auth/{machine/setup.ts → org/enroll.ts}

@@ -1,28 +1,28 @@
 import { z } from 'zod';
 import { createSubcommand } from '../../../types';
 import * as tui from '../../../tui';
-import { machineAuthSetup } from '@agentuity/server';
+import { orgAuthEnroll } from '@agentuity/server';
 import { getCommand } from '../../../command-prefix';
 import { ErrorCode } from '../../../errors';
 import { readFileSync } from 'fs';
 
-const MachineSetupResponseSchema = z.object({
-	success: z.boolean().describe('Whether the setup succeeded'),
+const EnrollResponseSchema = z.object({
+	success: z.boolean().describe('Whether the enrollment succeeded'),
 	orgId: z.string().describe('The organization ID'),
 });
 
-export const setupSubcommand = createSubcommand({
-	name: 'setup',
+export const enrollSubcommand = createSubcommand({
+	name: 'enroll',
 	description:
-		'Set up machine authentication by uploading a public key for self-hosted infrastructure',
+		'Configure your organization for self-hosted infrastructure by uploading a public key',
 	tags: ['mutating', 'slow', 'requires-auth', 'uses-stdin'],
 	examples: [
 		{
-			command: `${getCommand('auth machine setup')} --file ./public-key.pem`,
+			command: `${getCommand('auth org enroll')} --file ./public-key.pem`,
 			description: 'Upload ECDSA P-256 public key from file',
 		},
 		{
-			command: `cat public-key.pem | ${getCommand('auth machine setup')}`,
+			command: `cat public-key.pem | ${getCommand('auth org enroll')}`,
 			description: 'Upload public key from stdin',
 		},
 	],
@@ -32,7 +32,7 @@ export const setupSubcommand = createSubcommand({
 		options: z.object({
 			file: z.string().optional().describe('Path to the public key file (PEM format)'),
 		}),
-		response: MachineSetupResponseSchema,
+		response: EnrollResponseSchema,
 	},
 	async handler(ctx) {
 		const { apiClient, opts, options, logger, orgId } = ctx;
@@ -83,13 +83,13 @@ export const setupSubcommand = createSubcommand({
 
 			const result = await tui.spinner({
 				type: 'simple',
-				message: 'Setting up machine authentication...',
-				callback: () => machineAuthSetup(apiClient, orgId, publicKey),
+				message: 'Enrolling organization...',
+				callback: () => orgAuthEnroll(apiClient, orgId, publicKey),
 				clearOnSuccess: true,
 			});
 
 			if (!options.json) {
-				tui.success(`Machine authentication configured for organization ${result.orgId}`);
+				tui.success(`Organization ${result.orgId} enrolled for self-hosted infrastructure.`);
 				tui.newline();
 				tui.info(
 					'Your self-hosted machines can now authenticate using the corresponding private key.'
@@ -98,7 +98,7 @@ export const setupSubcommand = createSubcommand({
 
 			return { success: true, orgId: result.orgId };
 		} catch (ex) {
-			tui.fatal(`Failed to set up machine authentication: ${ex}`, ErrorCode.API_ERROR);
+			tui.fatal(`Failed to enroll organization: ${ex}`, ErrorCode.API_ERROR);
 		}
 	},
 });

package/src/cmd/auth/org/index.ts

@@ -4,6 +4,9 @@ import { getCommand } from '../../../command-prefix';
 import { saveOrgId, clearOrgId } from '../../../config';
 import * as tui from '../../../tui';
 import { listOrganizations } from '@agentuity/server';
+import { enrollSubcommand } from './enroll';
+import { unenrollSubcommand } from './unenroll';
+import { statusSubcommand } from './status';
 
 const selectCommand = createSubcommand({
 	name: 'select',
@@ -75,7 +78,8 @@ const selectCommand = createSubcommand({
 const unselectCommand = createSubcommand({
 	name: 'unselect',
 	description: 'Clear the default organization preference',
-	tags: ['fast'],
+	tags: ['fast', 'requires-auth'],
+	requires: { auth: true, apiClient: true },
 	examples: [
 		{ command: getCommand('auth org unselect'), description: 'Clear default organization' },
 	],
@@ -106,37 +110,77 @@ const unselectCommand = createSubcommand({
 const currentCommand = createSubcommand({
 	name: 'current',
 	description: 'Show the current default organization',
-	tags: ['read-only', 'fast'],
+	tags: ['read-only', 'fast', 'requires-auth'],
 	idempotent: true,
+	requires: { auth: true, apiClient: true },
 	examples: [
-		{ command: getCommand('auth org current'), description: 'Show default organization' },
+		{ command: getCommand('auth org current'), description: 'Show default organization ID' },
+		{ command: getCommand('auth org current --name'), description: 'Show default organization name' },
 		{ command: getCommand('auth org current --json'), description: 'Show output in JSON format' },
 	],
 	schema: {
-		response: z.string().nullable().describe('The current organization ID or null if not set'),
+		options: z.object({
+			name: z.boolean().optional().describe('Show organization name instead of ID'),
+		}),
+		response: z
+			.object({
+				id: z.string().nullable().describe('The current organization ID or null if not set'),
+				name: z.string().nullable().describe('The current organization name or null if not set or not found'),
+			})
+			.describe('The current organization details'),
 	},
 
 	async handler(ctx) {
-		const { options, config } = ctx;
+		const { options, config, apiClient, opts } = ctx;
 		const orgId = config?.preferences?.orgId || null;
 
+		let orgName: string | null = null;
+
+		// Fetch org name if we have an orgId and either --name or --json is requested
+		if (orgId && (opts.name || options.json)) {
+			const orgs = await listOrganizations(apiClient);
+			const org = orgs.find((o) => o.id === orgId);
+			orgName = org?.name ?? null;
+		}
+
 		if (!options.json) {
-			if (orgId) {
-				console.log(orgId);
+			if (opts.name) {
+				// --name flag: print only the org name
+				if (orgName) {
+					console.log(orgName);
+				}
+			} else {
+				// Default behavior: print only the org ID
+				if (orgId) {
+					console.log(orgId);
+				}
 			}
 		}
 
-		return orgId;
+		return { id: orgId, name: orgName };
 	},
 });
 
 export const orgSubcommand = createCommand({
 	name: 'org',
-	description: 'Manage default organization preference',
+	aliases: ['machine', 'organization'],
+	description: 'Manage organization preferences and machine authentication',
 	tags: ['fast'],
 	examples: [
 		{ command: getCommand('auth org select'), description: 'Set default organization' },
 		{ command: getCommand('auth org current'), description: 'Show current default' },
+		{
+			command: getCommand('auth org enroll --file ./public-key.pem'),
+			description: 'Enroll an organization',
+		},
+		{ command: getCommand('auth org status'), description: 'Show org auth status' },
+	],
+	subcommands: [
+		selectCommand,
+		unselectCommand,
+		currentCommand,
+		enrollSubcommand,
+		unenrollSubcommand,
+		statusSubcommand,
 	],
-	subcommands: [selectCommand, unselectCommand, currentCommand],
 });

package/src/cmd/auth/org/status.ts

@@ -0,0 +1,64 @@
+import { z } from 'zod';
+import { createSubcommand } from '../../../types';
+import * as tui from '../../../tui';
+import { orgAuthStatus } from '@agentuity/server';
+import { getCommand } from '../../../command-prefix';
+import { ErrorCode } from '../../../errors';
+
+const StatusResponseSchema = z.object({
+	publicKey: z.string().nullable().describe('The public key or null if not set'),
+});
+
+export const statusSubcommand = createSubcommand({
+	name: 'status',
+	aliases: ['show'],
+	description: 'Get the current public key status for an organization',
+	tags: ['read-only', 'fast', 'requires-auth'],
+	examples: [
+		{
+			command: getCommand('auth org status'),
+			description: 'Show the current public key for the organization',
+		},
+		{
+			command: getCommand('auth org show'),
+			description: 'Show the current public key (alias)',
+		},
+	],
+	requires: { auth: true, apiClient: true, org: true },
+	idempotent: true,
+	schema: {
+		response: StatusResponseSchema,
+	},
+	async handler(ctx) {
+		const { apiClient, options, orgId } = ctx;
+
+		try {
+			const result = await tui.spinner({
+				type: 'simple',
+				message: 'Fetching organization authentication status...',
+				callback: () => orgAuthStatus(apiClient, orgId),
+				clearOnSuccess: true,
+			});
+
+			if (!options.json) {
+				if (result.publicKey) {
+					tui.success('Organization authentication is configured');
+					tui.newline();
+					console.log(tui.bold('Public Key:'));
+					tui.newline();
+					console.log(result.publicKey);
+				} else {
+					tui.info('No public key is configured for this organization');
+					tui.newline();
+					tui.info(
+						`Use '${getCommand('auth org enroll --file ./public-key.pem')}' to set up machine authentication.`
+					);
+				}
+			}
+
+			return { publicKey: result.publicKey };
+		} catch (ex) {
+			tui.fatal(`Failed to get organization authentication status: ${ex}`, ErrorCode.API_ERROR);
+		}
+	},
+});

package/src/cmd/auth/org/unenroll.ts

@@ -0,0 +1,80 @@
+import { z } from 'zod';
+import { createSubcommand } from '../../../types';
+import * as tui from '../../../tui';
+import { orgAuthUnenroll } from '@agentuity/server';
+import { getCommand } from '../../../command-prefix';
+import { ErrorCode } from '../../../errors';
+
+const UnenrollResponseSchema = z.object({
+	success: z.boolean().describe('Whether the unenrollment succeeded'),
+});
+
+export const unenrollSubcommand = createSubcommand({
+	name: 'unenroll',
+	description: 'Remove the public key from the organization, disabling self-hosted infrastructure',
+	tags: ['mutating', 'destructive', 'slow', 'requires-auth'],
+	examples: [
+		{
+			command: getCommand('auth org unenroll'),
+			description: 'Remove the public key from the current organization (with confirmation)',
+		},
+		{
+			command: getCommand('auth org unenroll --confirm'),
+			description: 'Remove the public key without confirmation prompt',
+		},
+	],
+	requires: { auth: true, apiClient: true, org: true },
+	idempotent: true,
+	schema: {
+		options: z.object({
+			confirm: z.boolean().optional().default(false).describe('Skip confirmation prompt'),
+		}),
+		response: UnenrollResponseSchema,
+	},
+	async handler(ctx) {
+		const { apiClient, options, opts, orgId } = ctx;
+
+		if (!opts.confirm) {
+			if (process.stdin.isTTY) {
+				tui.newline();
+				tui.warning(
+					'Removing your public key will immediately stop all network traffic and routing to your machines and all further traffic will immediately fail.'
+				);
+				tui.newline();
+
+				const confirmed = await tui.confirm(
+					'Are you sure you want to remove organization authentication?',
+					false
+				);
+
+				if (!confirmed) {
+					tui.info('Unenrollment cancelled.');
+					return { success: false };
+				}
+			} else {
+				tui.error(
+					'Non-interactive sessions require --confirm flag to unenroll. Use: ' +
+						getCommand('auth org unenroll --confirm')
+				);
+				return { success: false };
+			}
+		}
+
+		try {
+			await tui.spinner({
+				type: 'simple',
+				message: 'Removing organization authentication...',
+				callback: () => orgAuthUnenroll(apiClient, orgId),
+				clearOnSuccess: true,
+			});
+
+			if (!options.json) {
+				tui.success('Organization authentication removed');
+			}
+
+			return { success: true };
+		} catch (ex) {
+			tui.fatal(`Failed to unenroll organization: ${ex}`, ErrorCode.API_ERROR);
+		}
+	},
+});