@agentuity/cli 1.0.41 → 1.0.43

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@agentuity/cli",
-	"version": "1.0.41",
+	"version": "1.0.43",
 	"license": "Apache-2.0",
 	"author": "Agentuity employees and contributors",
 	"type": "module",
@@ -41,9 +41,9 @@
 		"prepublishOnly": "bun run clean && bun run build"
 	},
 	"dependencies": {
-		"@agentuity/auth": "1.0.41",
-		"@agentuity/core": "1.0.41",
-		"@agentuity/server": "1.0.41",
+		"@agentuity/auth": "1.0.43",
+		"@agentuity/core": "1.0.43",
+		"@agentuity/server": "1.0.43",
 		"@datasert/cronjs-parser": "^1.4.0",
 		"@vitejs/plugin-react": "^5.1.2",
 		"acorn-loose": "^8.5.2",
@@ -54,16 +54,15 @@
 		"enquirer": "^2.4.1",
 		"git-url-parse": "^16.1.0",
 		"json-colorizer": "^3.0.1",
-		"json5": "^2.2.3",
 		"tar": "^7.5.2",
 		"tar-fs": "^3.1.1",
 		"typescript": "^5.9.0",
 		"vite": "^7.2.7",
 		"zod": "^4.3.5",
-		"@agentuity/frontend": "1.0.41"
+		"@agentuity/frontend": "1.0.43"
 	},
 	"devDependencies": {
-		"@agentuity/test-utils": "1.0.41",
+		"@agentuity/test-utils": "1.0.43",
 		"@types/adm-zip": "^0.5.7",
 		"@types/bun": "latest",
 		"@types/tar-fs": "^2.0.4",

package/src/cmd/build/ast.ts

@@ -9,7 +9,7 @@ import { StructuredError, type WorkbenchConfig } from '@agentuity/core';
 import type { LogLevel } from '../../types';
 
 import { existsSync, mkdirSync, statSync } from 'node:fs';
-import JSON5 from 'json5';
+import { parseJSONC } from '../../utils/jsonc';
 import { formatSchemaCode } from './format-schema';
 import { toForwardSlash } from '../../utils/normalize-path';
 import {
@@ -2963,8 +2963,11 @@ async function updateTsconfigPathMapping(rootDir: string, shouldAdd: boolean): P
 	try {
 		const tsconfigContent = await Bun.file(tsconfigPath).text();
 
-		// Use JSON5 to parse tsconfig.json (handles comments in input)
-		const tsconfig = JSON5.parse(tsconfigContent);
+		// Use JSONC parser to handle comments in tsconfig.json
+		const tsconfig = parseJSONC(tsconfigContent) as {
+			compilerOptions?: { paths?: Record<string, string[]> };
+			[key: string]: unknown;
+		};
 		const _before = JSON.stringify(tsconfig);
 
 		// Initialize compilerOptions and paths if they don't exist

package/src/cmd/build/typecheck.ts

@@ -24,6 +24,47 @@ export interface TypecheckOptions {
 	collector?: BuildReportCollector;
 }
 
+/**
+ * Filter tsc output to remove lines referencing node_modules paths.
+ *
+ * Some packages (e.g. @agentuity/runtime) ship .ts source files, which
+ * --skipLibCheck does not skip. Errors from those paths can crash the
+ * PEG-based tsc-output-parser because the parser expects every non-blank
+ * line to be a valid tsc error item.  Stripping these lines before parsing
+ * prevents the crash and avoids surfacing errors the user cannot fix.
+ *
+ * We also strip continuation lines (indented with 2+ leading spaces) that
+ * follow a node_modules error line, as they are part of the same diagnostic.
+ */
+function filterNodeModulesErrors(output: string): string {
+	const lines = output.split('\n');
+	const filtered: string[] = [];
+	let skipping = false;
+
+	for (const line of lines) {
+		// A tsc error line starts with a path, e.g. "node_modules/..." or "../node_modules/..."
+		// Also handle Windows-style paths with backslashes
+		const isNodeModulesError =
+			/^\.{0,2}[/\\]?node_modules[/\\]/.test(line) ||
+			/^[A-Za-z]:[/\\].*node_modules[/\\]/.test(line);
+
+		if (isNodeModulesError) {
+			skipping = true;
+			continue;
+		}
+
+		// Continuation lines of a multi-line tsc diagnostic start with whitespace
+		if (skipping && /^\s{2,}/.test(line)) {
+			continue;
+		}
+
+		skipping = false;
+		filtered.push(line);
+	}
+
+	return filtered.join('\n');
+}
+
 /**
  * run the typescript compiler and result formatted results
  *
@@ -39,7 +80,25 @@ export async function typecheck(dir: string, options?: TypecheckOptions): Promis
 		.nothrow();
 
 	const output = await result.text();
-	const errors = parse(output) as GrammarItem[];
+
+	// Filter out node_modules errors before parsing to prevent parser crashes.
+	// The PEG parser is strict and fails on lines it cannot match as tsc error items.
+	const filteredOutput = filterNodeModulesErrors(output);
+
+	let errors: GrammarItem[];
+	try {
+		errors = parse(filteredOutput) as GrammarItem[];
+	} catch {
+		// If the parser still fails (e.g. unexpected tsc output format), treat as
+		// an unknown error and show the raw output instead of crashing.
+		if (collector) {
+			collector.addGeneralError('typescript', output || result.stderr.toString());
+		}
+		return {
+			success: false,
+			output: output || result.stderr.toString(),
+		};
+	}
 
 	if (result.exitCode === 0) {
 		return {

package/src/cmd/build/vite/static-renderer.ts

@@ -29,30 +29,46 @@ interface RouteTreeNode {
 /**
  * Walks a TanStack Router route tree and extracts all non-parameterized paths.
  * Skips layout routes (no path) and parameterized routes (containing $).
+ *
+ * Accumulates the full URL path through the parent chain, since child routes
+ * under layout routes have relative paths (e.g., '/key-value' under a
+ * '/reference/api' layout should resolve to '/reference/api/key-value').
  */
 function extractRoutePaths(node: RouteTreeNode): string[] {
 	const paths = new Set<string>();
 
-	function walk(route: RouteTreeNode) {
-		const path: string | undefined = route.path ?? route.options?.path;
-		if (path && !path.includes('$')) {
-			// Normalize: strip trailing slashes, ensure leading slash
-			const normalized = path === '/' ? '/' : path.replace(/\/+$/, '');
+	function walk(route: RouteTreeNode, parentPath: string) {
+		const segment: string | undefined = route.path ?? route.options?.path;
+
+		// Build the full path by accumulating segments from parent routes.
+		// - Layout routes have no path (undefined) and don't contribute to the URL.
+		// - Index routes have path '/' and resolve to the parent path itself.
+		// - Leaf/layout routes have paths like '/reference/api' or '/key-value'.
+		let currentPath = parentPath;
+		if (segment && segment !== '/') {
+			// Non-root segment: append to parent path.
+			// Segments always start with '/' (TanStack Router convention).
+			currentPath = parentPath === '/' ? segment : parentPath + segment;
+		}
+
+		// Add non-parameterized, non-empty paths
+		if (currentPath && !currentPath.includes('$')) {
+			const normalized = currentPath === '/' ? '/' : currentPath.replace(/\/+$/, '');
 			if (normalized) {
 				paths.add(normalized);
 			}
 		}
 
-		// Recurse into children (TanStack Router stores them as an object)
+		// Recurse into children, passing the accumulated path
 		const children = route.children;
 		if (children && typeof children === 'object') {
 			for (const child of Object.values(children)) {
-				if (child) walk(child);
+				if (child) walk(child, currentPath);
 			}
 		}
 	}
 
-	walk(node);
+	walk(node, '');
 	return [...paths].sort();
 }
 

package/src/cmd/cloud/index.ts

@@ -14,6 +14,7 @@ import webhookCommand from './webhook';
 import { agentCommand } from './agent';
 import envCommand from './env';
 import apikeyCommand from './apikey';
+import oidcCommand from './oidc';
 import streamCommand from './stream';
 import vectorCommand from './vector';
 import { emailCommand } from './email';
@@ -23,6 +24,7 @@ import scheduleCommand from './schedule';
 import servicesCommand from './services';
 import { regionSubcommand } from './region';
 import { machineCommand } from './machine';
+import { monitorSubcommand } from './monitor';
 import { evalCommand } from './eval';
 import { evalRunCommand } from './eval-run';
 import { getCommand } from '../../command-prefix';
@@ -38,6 +40,7 @@ export const command = createCommand({
 	],
 	subcommands: [
 		apikeyCommand,
+		oidcCommand,
 		keyvalueCommand,
 		queueCommand,
 		webhookCommand,
@@ -60,6 +63,7 @@ export const command = createCommand({
 		threadCommand,
 		sshSubcommand,
 		scpSubcommand,
+		monitorSubcommand,
 		deploymentCommand,
 		regionSubcommand,
 		machineCommand,

package/src/cmd/cloud/monitor.ts

@@ -0,0 +1,375 @@
+import { z } from 'zod';
+import {
+	getMonitorNode,
+	listDistressedNodes,
+	listMonitorNodeContainers,
+	listMonitorNodes,
+	MonitorWebSocketClient,
+	type MachineMonitorState,
+	type MonitorMessage,
+	type MonitorScope,
+} from '@agentuity/core';
+import { getAPIBaseURL } from '../../api';
+import { getCommand } from '../../command-prefix';
+import { createSubcommand } from '../../types';
+import * as tui from '../../tui';
+
+const monitorOptionsSchema = z.object({
+	machine: z.string().optional().describe('Monitor a specific machine id'),
+	deployment: z.string().optional().describe('Monitor machines for a deployment id'),
+	distressed: z.boolean().optional().describe('Only include distressed machines'),
+	snapshot: z.boolean().optional().describe('One-shot snapshot (no stream watch)'),
+});
+
+export const monitorSubcommand = createSubcommand({
+	name: 'monitor',
+	description: 'Monitor infrastructure machines in real time',
+	tags: ['read-only', 'slow', 'requires-auth'],
+	requires: { auth: true, apiClient: true },
+	optional: { org: true },
+	idempotent: true,
+	examples: [
+		{ command: getCommand('cloud monitor --snapshot'), description: 'Show a monitor snapshot' },
+		{
+			command: getCommand('cloud monitor --distressed'),
+			description: 'Watch distressed machines',
+		},
+		{ command: getCommand('cloud monitor --machine mach_123'), description: 'Watch one machine' },
+	],
+	schema: {
+		options: monitorOptionsSchema,
+	},
+	webUrl: '/infrastructure/monitoring',
+
+	async handler(ctx) {
+		const { apiClient, options, opts, auth, config, orgId } = ctx;
+
+		if (opts.machine && opts.distressed) {
+			ctx.logger.fatal('--machine and --distressed are mutually exclusive.');
+		}
+
+		if (opts.deployment && opts.distressed) {
+			ctx.logger.fatal('--deployment and --distressed are mutually exclusive.');
+		}
+
+		if (opts.snapshot || options.json) {
+			const machines = await getSnapshotMachines({
+				apiClient,
+				machineId: opts.machine,
+				deploymentId: opts.deployment,
+				distressed: opts.distressed,
+			});
+
+			if (options.json) {
+				console.log(JSON.stringify(machines, null, 2));
+				return machines;
+			}
+
+			renderMachineTable(machines);
+			return machines;
+		}
+
+		const machineMap = new Map<string, MachineMonitorState>();
+
+		const initialMachines = await getSnapshotMachines({
+			apiClient,
+			machineId: opts.machine,
+			deploymentId: opts.deployment,
+			distressed: opts.distressed,
+		});
+
+		for (const machine of initialMachines) {
+			machineMap.set(machine.machineId, machine);
+		}
+
+		renderWatchTable(machineMap, {
+			mode: 'snapshot',
+			machineId: opts.machine,
+			deploymentId: opts.deployment,
+			distressed: opts.distressed,
+		});
+
+		tui.info('Connecting to monitoring stream...');
+
+		let processingChain = Promise.resolve();
+		let resolveWait: (() => void) | null = null;
+
+		const monitorClient = new MonitorWebSocketClient({
+			baseUrl: getAPIBaseURL(config),
+			token: auth.apiKey,
+			orgId,
+			scope: toMonitorScope(opts.machine, opts.deployment),
+			onOpen: () => {
+				tui.success('Connected to monitoring stream');
+			},
+			onError: (error) => {
+				tui.error(`Monitoring stream error: ${error.message}`);
+			},
+			onClose: () => {
+				tui.info('Monitoring stream disconnected');
+				resolveWait?.();
+			},
+			onMessage: (message) => {
+				processingChain = processingChain.then(async () => {
+					await applyMonitorMessage(machineMap, message, apiClient, opts.deployment);
+					renderWatchTable(machineMap, {
+						mode: 'watch',
+						machineId: opts.machine,
+						deploymentId: opts.deployment,
+						distressed: opts.distressed,
+						lastMessage: message,
+					});
+				});
+			},
+		});
+
+		monitorClient.connect();
+
+		await new Promise<void>((resolve) => {
+			resolveWait = resolve;
+			const onSigInt = () => {
+				monitorClient.close();
+				process.off('SIGINT', onSigInt);
+				resolve();
+			};
+			process.on('SIGINT', onSigInt);
+		});
+
+		return Array.from(machineMap.values());
+	},
+});
+
+async function getSnapshotMachines(params: {
+	apiClient: Parameters<typeof listMonitorNodes>[0];
+	machineId?: string;
+	deploymentId?: string;
+	distressed?: boolean;
+}): Promise<MachineMonitorState[]> {
+	const { apiClient, machineId, deploymentId, distressed } = params;
+
+	let machines: MachineMonitorState[];
+	if (distressed) {
+		machines = await listDistressedNodes(apiClient);
+	} else if (machineId) {
+		machines = [await getMonitorNode(apiClient, machineId)];
+	} else {
+		machines = await listMonitorNodes(apiClient);
+	}
+
+	if (!deploymentId) {
+		return machines;
+	}
+
+	const results = await Promise.all(
+		machines.map(async (machine) => {
+			const containers = await listMonitorNodeContainers(apiClient, machine.machineId);
+			const hasDeployment = containers.some(
+				(container) => container.deploymentId === deploymentId
+			);
+			return hasDeployment ? machine : null;
+		})
+	);
+	return results.filter((m): m is MachineMonitorState => m !== null);
+}
+
+function toMonitorScope(machineId?: string, deploymentId?: string): MonitorScope {
+	if (machineId) {
+		return { scope: 'machine', machineId };
+	}
+	if (deploymentId) {
+		return { scope: 'deployment', deploymentId };
+	}
+	return { scope: 'org' };
+}
+
+async function applyMonitorMessage(
+	machineMap: Map<string, MachineMonitorState>,
+	message: MonitorMessage,
+	apiClient: Parameters<typeof listMonitorNodes>[0],
+	deploymentId?: string
+) {
+	if (message.type === 'snapshot') {
+		machineMap.clear();
+		for (const machine of message.machines) {
+			machineMap.set(machine.machineId, machine);
+		}
+		if (deploymentId) {
+			await filterMapByDeployment(machineMap, apiClient, deploymentId);
+		}
+		return;
+	}
+
+	if (message.type === 'update') {
+		const existing = machineMap.get(message.machineId);
+		const next: MachineMonitorState = {
+			machineId: message.machineId,
+			orgId: existing?.orgId ?? '',
+			report: message.report,
+			compositeScore: message.report.capacity?.compositeScore ?? existing?.compositeScore ?? 0,
+			health: message.health,
+			reportedAt: usecToISO(message.report.reportedAtUs) ?? existing?.reportedAt ?? '',
+			updatedAt: new Date().toISOString(),
+			gravity: existing?.gravity ?? '',
+		};
+
+		if (deploymentId) {
+			const containers = await listMonitorNodeContainers(apiClient, message.machineId);
+			const include = containers.some((container) => container.deploymentId === deploymentId);
+			if (!include) {
+				machineMap.delete(message.machineId);
+				return;
+			}
+		}
+
+		machineMap.set(message.machineId, next);
+		return;
+	}
+
+	const existing = machineMap.get(message.machineId);
+	if (existing) {
+		existing.health = message.health;
+		existing.updatedAt = new Date().toISOString();
+		machineMap.set(message.machineId, existing);
+	}
+}
+
+async function filterMapByDeployment(
+	machineMap: Map<string, MachineMonitorState>,
+	apiClient: Parameters<typeof listMonitorNodes>[0],
+	deploymentId: string
+) {
+	const entries = Array.from(machineMap.keys());
+	const results = await Promise.all(
+		entries.map(async (machineId) => {
+			const containers = await listMonitorNodeContainers(apiClient, machineId);
+			const include = containers.some((container) => container.deploymentId === deploymentId);
+			return { machineId, include };
+		})
+	);
+	for (const { machineId, include } of results) {
+		if (!include) {
+			machineMap.delete(machineId);
+		}
+	}
+}
+
+function renderWatchTable(
+	machineMap: Map<string, MachineMonitorState>,
+	params: {
+		mode: 'snapshot' | 'watch';
+		machineId?: string;
+		deploymentId?: string;
+		distressed?: boolean;
+		lastMessage?: MonitorMessage;
+	}
+) {
+	console.clear();
+
+	const subtitle = [
+		params.mode === 'watch' ? 'Live mode' : 'Snapshot mode',
+		params.machineId ? `machine=${params.machineId}` : undefined,
+		params.deploymentId ? `deployment=${params.deploymentId}` : undefined,
+		params.distressed ? 'distressed=true' : undefined,
+	]
+		.filter(Boolean)
+		.join(' • ');
+
+	tui.header('Cloud Monitor');
+	if (subtitle) {
+		tui.info(subtitle);
+	}
+	if (params.lastMessage && params.lastMessage.type === 'state_change') {
+		tui.warning(
+			`${params.lastMessage.machineId}: ${params.lastMessage.previousHealth} -> ${params.lastMessage.health}`
+		);
+	}
+
+	renderMachineTable(Array.from(machineMap.values()));
+	tui.info('Press Ctrl+C to stop watching.');
+}
+
+function renderMachineTable(machines: MachineMonitorState[]) {
+	if (machines.length === 0) {
+		tui.info('No machines found');
+		return;
+	}
+
+	const rows = machines
+		.slice()
+		.sort((a, b) => a.machineId.localeCompare(b.machineId))
+		.map((machine) => ({
+			Machine: machine.machineId,
+			Health: formatHealth(machine.health),
+			CPU: formatPercent(machine.report?.host?.cpu?.usagePercent),
+			Memory: formatPercent(machine.report?.host?.memory?.usagePercent),
+			Disk: formatPercent(maxDiskUsage(machine.report?.host?.disks)),
+			Pressure: formatScore(machine.compositeScore),
+			Containers: `${machine.report?.capacity?.runningContainers ?? 0}/${machine.report?.capacity?.totalContainers ?? 0}`,
+			'Last Report': formatAge(machine.reportedAt),
+		}));
+
+	tui.table(rows, [
+		{ name: 'Machine' },
+		{ name: 'Health' },
+		{ name: 'CPU', alignment: 'right' },
+		{ name: 'Memory', alignment: 'right' },
+		{ name: 'Disk', alignment: 'right' },
+		{ name: 'Pressure', alignment: 'right' },
+		{ name: 'Containers', alignment: 'right' },
+		{ name: 'Last Report' },
+	]);
+}
+
+function formatHealth(health: string): string {
+	if (health === 'CONNECTED') return '● CONNECTED';
+	if (health === 'STALE') return '◌ STALE';
+	if (health === 'DISCONNECTED') return '○ DISCONNECTED';
+	return health;
+}
+
+function formatPercent(value?: number): string {
+	if (value === undefined || value === null || Number.isNaN(value)) {
+		return '-';
+	}
+	return `${value.toFixed(1)}%`;
+}
+
+function formatScore(score?: number): string {
+	if (score === undefined || score === null || Number.isNaN(score)) {
+		return '-';
+	}
+	if (score >= 0.85) {
+		return `${score.toFixed(2)} ⚠`;
+	}
+	return score.toFixed(2);
+}
+
+function maxDiskUsage(disks?: Array<{ usagePercent: number }>): number | undefined {
+	if (!disks || disks.length === 0) {
+		return undefined;
+	}
+	return Math.max(...disks.map((d) => d.usagePercent));
+}
+
+function formatAge(timestamp: string): string {
+	const date = new Date(timestamp);
+	const time = date.getTime();
+	if (Number.isNaN(time)) {
+		return '-';
+	}
+
+	const diff = Date.now() - time;
+	if (diff < 60_000) return `${Math.max(0, Math.floor(diff / 1000))}s ago`;
+	if (diff < 3_600_000) return `${Math.floor(diff / 60_000)}m ago`;
+	if (diff < 86_400_000) return `${Math.floor(diff / 3_600_000)}h ago`;
+	return `${Math.floor(diff / 86_400_000)}d ago`;
+}
+
+function usecToISO(us?: number): string | undefined {
+	if (us === undefined || us <= 0 || Number.isNaN(us)) {
+		return undefined;
+	}
+	return new Date(Math.floor(us / 1000)).toISOString();
+}
+
+export default monitorSubcommand;

package/src/cmd/cloud/oidc/activity.ts

@@ -0,0 +1,64 @@
+import { oauthClientActivity } from '@agentuity/core';
+import { z } from 'zod';
+import { getCommand } from '../../../command-prefix';
+import * as tui from '../../../tui';
+import { createSubcommand } from '../../../types';
+import { createOAuthClient } from './util';
+
+const OAuthClientActivityResponseSchema = z.array(
+	z.object({
+		activity_date: z.string(),
+		total_access: z.number(),
+		unique_users: z.number(),
+	})
+);
+
+export const activitySubcommand = createSubcommand({
+	name: 'activity',
+	description: 'Show activity for an OAuth application',
+	tags: ['read-only', 'requires-auth'],
+	examples: [
+		{ command: getCommand('cloud oidc activity <id>'), description: 'Show OAuth activity' },
+		{
+			command: getCommand('cloud oidc activity <id> --days=30'),
+			description: 'Show OAuth activity for last 30 days',
+		},
+	],
+	requires: { auth: true },
+	idempotent: true,
+	webUrl: (ctx) => `/settings/oauth-apps/${encodeURIComponent(ctx.args.id)}`,
+	schema: {
+		args: z.object({
+			id: z.string().describe('the OAuth client id'),
+		}),
+		options: z.object({
+			days: z.coerce.number().int().min(1).max(365).default(7).describe('Number of days'),
+		}),
+		response: OAuthClientActivityResponseSchema,
+	},
+
+	async handler(ctx) {
+		const { args, opts, options } = ctx;
+		const catalystClient = await createOAuthClient(ctx);
+
+		const activity = await tui.spinner('Fetching OAuth activity', () => {
+			return oauthClientActivity(catalystClient, args.id, opts.days);
+		});
+
+		if (!options.json) {
+			if (activity.length === 0) {
+				tui.info('No OAuth activity found');
+			} else {
+				const rows = activity.map((item) => ({
+					activity_date: item.activity_date,
+					total_access: item.total_access,
+					unique_users: item.unique_users,
+				}));
+
+				tui.table(rows);
+			}
+		}
+
+		return activity;
+	},
+});