@agentuity/cli 2.0.11 → 2.0.12

package/src/cmd/cloud/sandbox/util.ts

@@ -1,17 +1,69 @@
-import { readFileSync } from 'node:fs';
+import { fstatSync, readFileSync, statSync } from 'node:fs';
 import { resolve } from 'node:path';
 import type { FileToWrite, Logger } from '@agentuity/core';
-import { APIClient, getServiceUrls, sandboxGet } from '@agentuity/server';
+import { APIClient, getServiceUrls, sandboxGet, sandboxResolve } from '@agentuity/server';
 import { deleteResourceRegion, getResourceInfo, setResourceInfo } from '../../../cache';
 import { getGlobalCatalystAPIClient } from '../../../config';
 import { ErrorCode } from '../../../errors';
 import * as tui from '../../../tui';
 import type { AuthData, Config } from '../../../types';
 
+/**
+ * Detect if a file descriptor is redirected to /dev/null (or NUL on Windows).
+ * Used to optimize stream creation - when output goes to /dev/null, we can
+ * skip creating the stream entirely on the server.
+ *
+ * @param fd - File descriptor (1 for stdout, 2 for stderr)
+ * @returns true if the fd points to /dev/null
+ */
+export function detectNullStream(fd: number): boolean {
+	try {
+		const fdStat = fstatSync(fd);
+		const nullPath = process.platform === 'win32' ? 'NUL' : '/dev/null';
+		const nullStat = statSync(nullPath);
+		return fdStat.dev === nullStat.dev && fdStat.ino === nullStat.ino;
+	} catch {
+		return false;
+	}
+}
+
 export function createSandboxClient(logger: Logger, auth: AuthData, region: string): APIClient {
 	return new APIClient(getServiceUrls(region).catalyst, logger, auth.apiKey);
 }
 
+export interface ResolvedSandboxTarget {
+	region: string;
+	orgId: string;
+}
+
+/**
+ * Resolve sandbox routing context using cache-first lookup.
+ * Falls back to the CLI resolve endpoint on cache miss or partial cache.
+ */
+export async function resolveSandboxTarget(
+	logger: Logger,
+	auth: AuthData,
+	apiClient: APIClient | null = null,
+	sandboxId: string,
+	profileName = 'production',
+	config?: Config | null
+): Promise<ResolvedSandboxTarget> {
+	const cachedInfo = await getResourceInfo('sandbox', profileName, sandboxId);
+	if (cachedInfo?.region && cachedInfo?.orgId) {
+		logger.trace(
+			`[sandbox] Found cached target for ${sandboxId}: ${cachedInfo.region}/${cachedInfo.orgId}`
+		);
+		return { region: cachedInfo.region, orgId: cachedInfo.orgId };
+	}
+
+	logger.trace(`[sandbox] Cache miss for target ${sandboxId}, resolving via CLI API`);
+	const globalClient =
+		apiClient ?? (await getGlobalCatalystAPIClient(logger, auth, profileName, undefined, config));
+	const sandbox = await sandboxResolve(globalClient, sandboxId);
+	await setResourceInfo('sandbox', profileName, sandboxId, sandbox.region, sandbox.orgId);
+	return { region: sandbox.region, orgId: sandbox.orgId };
+}
+
 /**
  * Look up the region for a sandbox, using cache-first strategy.
  * Falls back to API lookup if not in cache.
@@ -64,6 +116,15 @@ export async function cacheSandboxRegion(
 	await setResourceInfo('sandbox', profileName, sandboxId, region);
 }
 
+export async function cacheSandboxTarget(
+	profileName = 'production',
+	sandboxId: string,
+	region: string,
+	orgId?: string
+): Promise<void> {
+	await setResourceInfo('sandbox', profileName, sandboxId, region, orgId);
+}
+
 /**
  * Clear cached region for a sandbox after delete
  */

package/src/cmd/coder/create.ts

@@ -46,9 +46,9 @@ export const createCoderSubcommand = createSubcommand({
 		},
 		{
 			command: getCommand(
-				'coder create "Review this change" --default-agent code-review --agent-slugs code-review'
+				'coder create "Review this change" --default-agent code-review --enabled-agents code-review'
 			),
-			description: 'Create with published custom agents and a custom default route target',
+			description: 'Create with a selected agent roster and a custom default route target',
 		},
 	],
 	schema: {
@@ -96,10 +96,10 @@ export const createCoderSubcommand = createSubcommand({
 			// Resources
 			workspaceId: z.string().optional().describe('Workspace ID to use'),
 			tags: z.string().optional().describe('Comma-separated tags'),
-			agentSlugs: z
+			enabledAgents: z
 				.string()
 				.optional()
-				.describe('Comma-separated published custom agent slugs to include'),
+				.describe('Comma-separated built-in/custom agents to include'),
 			env: z
 				.string()
 				.optional()
@@ -121,7 +121,7 @@ export const createCoderSubcommand = createSubcommand({
 		// Build the create session request body from flags
 		const body: CoderCreateSessionRequest & {
 			defaultAgent?: string;
-			agentSlugs?: string[];
+			enabledAgents?: string[];
 		} = {
 			task: args.task,
 			...(opts?.label && { label: opts.label }),
@@ -167,10 +167,10 @@ export const createCoderSubcommand = createSubcommand({
 				.split(',')
 				.map((t) => t.trim())
 				.filter(Boolean);
-		if (opts?.agentSlugs)
-			body.agentSlugs = opts.agentSlugs
+		if (opts?.enabledAgents)
+			body.enabledAgents = opts.enabledAgents
 				.split(',')
-				.map((slug) => slug.trim())
+				.map((name) => name.trim())
 				.filter(Boolean);
 		if (opts?.savedSkillIds)
 			body.savedSkillIds = opts.savedSkillIds

package/src/cmd/coder/start.ts

@@ -128,6 +128,8 @@ export const startSubcommand = createSubcommand({
 	},
 	async handler(ctx) {
 		const { opts, options } = ctx;
+		// Keep Pi's interactive install telemetry disabled for Agentuity CLI sessions.
+		process.env.PI_TELEMETRY = '0';
 
 		// Resolve working directory from optional --dir option
 		let cwd = process.cwd();
@@ -388,6 +390,7 @@ export const startSubcommand = createSubcommand({
 			AGENTUITY_CODER_HUB_URL: hubWsUrl,
 		};
 		env.AGENTUITY_CODER_API_KEY = ctx.auth.apiKey;
+		env.AGENTUITY_ORGID = ctx.orgId;
 
 		if (opts?.agent) {
 			env.AGENTUITY_CODER_AGENT = opts.agent;

package/src/cmd/coder/tui-init.ts

@@ -43,7 +43,7 @@ export async function probeHubInitAccess(
 	try {
 		const response = await fetchImpl(`${hubHttpUrl}/api/hub/init`, {
 			headers,
-			signal: AbortSignal.timeout(5_000),
+			signal: AbortSignal.timeout(10_000),
 		});
 
 		let payload: unknown;

package/src/cmd/coder/update.ts

@@ -54,10 +54,10 @@ export const updateSubcommand = createSubcommand({
 			loopAutoContinue: z.boolean().optional().describe('Auto-continue loop'),
 			loopAllowDetached: z.boolean().optional().describe('Allow detached loop execution'),
 			tags: z.string().optional().describe('Comma-separated tags (replaces existing)'),
-			agentSlugs: z
+			enabledAgents: z
 				.string()
 				.optional()
-				.describe('Comma-separated published custom agent slugs (replaces existing)'),
+				.describe('Comma-separated built-in/custom agents (replaces existing)'),
 		}),
 	},
 	async handler(ctx) {
@@ -81,10 +81,10 @@ export const updateSubcommand = createSubcommand({
 				.map((t) => t.trim())
 				.filter(Boolean);
 		}
-		if (opts?.agentSlugs) {
-			body.agentSlugs = opts.agentSlugs
+		if (opts?.enabledAgents) {
+			body.enabledAgents = opts.enabledAgents
 				.split(',')
-				.map((slug) => slug.trim())
+				.map((name) => name.trim())
 				.filter(Boolean);
 		}
 
@@ -105,7 +105,7 @@ export const updateSubcommand = createSubcommand({
 
 		if (Object.keys(body).length === 0) {
 			tui.fatal(
-				'No update fields provided. Use --label, --visibility, --tags, --agent, --default-agent, --agent-slugs, --workflow-mode, or loop options.',
+				'No update fields provided. Use --label, --visibility, --tags, --agent, --default-agent, --enabled-agents, --workflow-mode, or loop options.',
 				ErrorCode.VALIDATION_FAILED
 			);
 		}
@@ -125,7 +125,7 @@ export const updateSubcommand = createSubcommand({
 			if (opts?.tags) fields.push(`Tags: ${(body.tags as string[]).join(', ')}`);
 			if (opts?.agent) fields.push(`Agent: ${opts.agent}`);
 			if (opts?.defaultAgent) fields.push(`Default agent: ${opts.defaultAgent}`);
-			if (opts?.agentSlugs) fields.push(`Custom agents: ${opts.agentSlugs}`);
+			if (opts?.enabledAgents) fields.push(`Enabled agents: ${opts.enabledAgents}`);
 			if (opts?.workflowMode || body.loop) fields.push(`Workflow: ${body.workflowMode}`);
 
 			for (const f of fields) {

package/src/cmd/coder/workspace/create.ts

@@ -1,37 +1,66 @@
 import { z } from 'zod';
-import { CoderClient, type CoderCreateWorkspaceRequest } from '@agentuity/core/coder';
-import { ValidationOutputError } from '@agentuity/core';
+import { APIError, ValidationInputError, ValidationOutputError } from '@agentuity/core';
+import {
+	CoderClient,
+	CoderCreateWorkspaceRequestSchema,
+	type CoderCreateWorkspaceRequest,
+} from '@agentuity/core/coder';
 import { createSubcommand } from '../../../types';
 import * as tui from '../../../tui';
 import { getCommand } from '../../../command-prefix';
 import { ErrorCode } from '../../../errors';
 import { resolveGitHubRepo } from '../resolve-repo';
 
+const EMPTY_WORKSPACE_ERROR =
+	'A workspace needs at least one repo, saved skill, skill bucket, or agent';
+
+function hasWorkspaceSelections(input: CoderCreateWorkspaceRequest): boolean {
+	return (
+		(input.repos?.length ?? 0) > 0 ||
+		(input.savedSkillIds?.length ?? 0) > 0 ||
+		(input.skillBucketIds?.length ?? 0) > 0 ||
+		(input.enabledAgents?.length ?? 0) > 0
+	);
+}
+
+function formatWorkspaceValidationMessage(issues: Array<{ message: string }>): string {
+	const messages = [...new Set(issues.map((issue) => issue.message).filter(Boolean))];
+	if (messages.length === 0) {
+		return 'Invalid workspace configuration';
+	}
+	if (messages.includes(EMPTY_WORKSPACE_ERROR)) {
+		return `${EMPTY_WORKSPACE_ERROR}. Use --repo or --enabled-agents.`;
+	}
+	return messages.join('; ');
+}
+
 export const createWorkspaceSubcommand = createSubcommand({
 	name: 'create',
 	aliases: ['new', 'add'],
-	description: 'Create a new Coder workspace',
+	description: 'Create a new Coder workspace with at least one repo or agent',
 	tags: ['mutating', 'requires-auth'],
 	requires: { auth: true, org: true },
 	examples: [
-		{
-			command: getCommand('coder workspace create "My Workspace"'),
-			description: 'Create a workspace with a name',
-		},
 		{
 			command: getCommand(
-				'coder workspace create "My Workspace" --description "For frontend work" --scope org'
+				'coder workspace create "My Workspace" --repo https://github.com/org/repo --repo-branch main'
 			),
-			description: 'Create an org-scoped workspace with description',
+			description: 'Create a workspace with a repository',
 		},
 		{
 			command: getCommand(
-				'coder workspace create "My Workspace" --repo https://github.com/org/repo --repo-branch main'
+				'coder workspace create "My Workspace" --enabled-agents code-review --description "For frontend work" --scope org'
 			),
-			description: 'Create a workspace with a repository',
+			description: 'Create an org-scoped workspace with description and agents',
 		},
 		{
-			command: getCommand('coder workspace create "My Workspace" --json'),
+			command: getCommand('coder workspace create "My Workspace" --enabled-agents code-review'),
+			description: 'Create a workspace with an agent roster',
+		},
+		{
+			command: getCommand(
+				'coder workspace create "My Workspace" --enabled-agents code-review --json'
+			),
 			description: 'Create a workspace and return JSON output',
 		},
 	],
@@ -45,10 +74,10 @@ export const createWorkspaceSubcommand = createSubcommand({
 			scope: z.string().optional().describe('Workspace scope: user or org'),
 			repo: z.string().optional().describe('Repository URL to add'),
 			repoBranch: z.string().optional().describe('Branch for the repository'),
-			agentSlugs: z
+			enabledAgents: z
 				.string()
 				.optional()
-				.describe('Comma-separated published custom agent slugs to add'),
+				.describe('Comma-separated built-in/custom agents to include'),
 		}),
 	},
 	async handler(ctx) {
@@ -59,9 +88,7 @@ export const createWorkspaceSubcommand = createSubcommand({
 			orgId: ctx.orgId,
 		});
 
-		const body: CoderCreateWorkspaceRequest & {
-			agentSlugs?: string[];
-		} = {
+		const body: CoderCreateWorkspaceRequest = {
 			name: args.name,
 			...(opts?.description && { description: opts.description }),
 			...(opts?.scope && { scope: opts.scope as 'user' | 'org' }),
@@ -78,17 +105,35 @@ export const createWorkspaceSubcommand = createSubcommand({
 				return;
 			}
 		}
-		if (opts?.agentSlugs) {
-			body.agentSlugs = opts.agentSlugs
+		if (opts?.enabledAgents) {
+			body.enabledAgents = opts.enabledAgents
 				.split(',')
-				.map((slug) => slug.trim())
+				.map((name) => name.trim())
 				.filter(Boolean);
 		}
+		if (!hasWorkspaceSelections(body)) {
+			tui.fatal(
+				`Failed to create workspace: ${EMPTY_WORKSPACE_ERROR}. Use --repo or --enabled-agents.`,
+				ErrorCode.VALIDATION_FAILED
+			);
+		}
+
+		const validationResult = CoderCreateWorkspaceRequestSchema.safeParse(body);
+		if (!validationResult.success) {
+			ctx.logger.trace(
+				'Validation issues: %s',
+				JSON.stringify(validationResult.error.issues, null, 2)
+			);
+			tui.fatal(
+				`Failed to create workspace: ${formatWorkspaceValidationMessage(validationResult.error.issues)}`,
+				ErrorCode.VALIDATION_FAILED
+			);
+		}
 
 		try {
-			const created = await client.createWorkspace(body);
-			const createdAgentSlugs = Array.isArray(created.agentSlugs)
-				? created.agentSlugs.filter((slug): slug is string => typeof slug === 'string')
+			const created = await client.createWorkspace(validationResult.data);
+			const createdEnabledAgents = Array.isArray(created.enabledAgents)
+				? created.enabledAgents.filter((name): name is string => typeof name === 'string')
 				: [];
 
 			if (options.json) {
@@ -104,15 +149,21 @@ export const createWorkspaceSubcommand = createSubcommand({
 			tui.output(`  Scope:       ${created.scope}`);
 			tui.output(`  Repos:       ${created.repoCount}`);
 			tui.output(`  Selections:  ${created.selectionCount}`);
-			if (createdAgentSlugs.length > 0) {
-				tui.output(`  Agents:      ${createdAgentSlugs.join(', ')}`);
+			if (createdEnabledAgents.length > 0) {
+				tui.output(`  Agents:      ${createdEnabledAgents.join(', ')}`);
 			}
 
 			return created;
 		} catch (err) {
-			if (err instanceof ValidationOutputError) {
+			if (err instanceof ValidationInputError || err instanceof ValidationOutputError) {
 				ctx.logger.trace('Validation response URL: %s', err.url ?? 'unknown');
 				ctx.logger.trace('Validation issues: %s', JSON.stringify(err.issues, null, 2));
+				tui.fatal(
+					`Failed to create workspace: ${formatWorkspaceValidationMessage(err.issues)}`,
+					ErrorCode.VALIDATION_FAILED
+				);
+			}
+			if (err instanceof APIError && err.status >= 400 && err.status < 500) {
 				tui.fatal(`Failed to create workspace: ${err.message}`, ErrorCode.VALIDATION_FAILED);
 			}
 			const msg = err instanceof Error ? err.message : String(err);

package/src/cmd/coder/workspace/index.ts

@@ -17,7 +17,9 @@ export const workspaceCommand = createCommand({
 			description: 'List all workspaces',
 		},
 		{
-			command: getCommand('coder workspace create "My Workspace"'),
+			command: getCommand(
+				'coder workspace create "My Workspace" --repo https://github.com/org/repo'
+			),
 			description: 'Create a new workspace',
 		},
 		{

package/src/cmd/dev/dev-lock.ts

@@ -71,35 +71,69 @@ function pidExists(pid: number): boolean {
 }
 
 /**
- * Kill a process by PID with SIGTERM, then SIGKILL if still alive
+ * Send a signal to a process group (negative PID) with fallback to direct PID.
+ * Returns true if the signal was sent successfully.
  */
-async function killPid(pid: number, logger: LoggerLike): Promise<void> {
-	if (!pidExists(pid)) return;
+function killProcessTree(pid: number, signal: NodeJS.Signals, logger: LoggerLike): boolean {
+	// Safety: never send signals to PID 0 (own process group), PID 1 (init/systemd),
+	// or other dangerously low PIDs. process.kill(-1) would signal every process
+	// the user owns, which would crash the entire desktop session.
+	if (pid <= 1) {
+		logger.debug('Refusing to kill dangerous pid %d, skipping process tree kill', pid);
+		return false;
+	}
 
+	// Try process group kill first (kills all children too)
 	try {
-		process.kill(pid, 'SIGTERM');
-		logger.debug('Sent SIGTERM to pid %d', pid);
+		process.kill(-pid, signal);
+		logger.debug('Sent %s to process group -%d', signal, pid);
+		return true;
 	} catch (err: unknown) {
 		const error = err as NodeJS.ErrnoException;
-		if (error.code === 'ESRCH') return;
-		logger.debug('Error sending SIGTERM to pid %d: %s', pid, error.message);
+		if (error.code !== 'ESRCH') {
+			logger.debug(
+				'Process group kill failed for pid %d (%s), falling back to direct',
+				pid,
+				error.code
+			);
+		}
 	}
 
-	// Give it a moment to exit gracefully
-	await new Promise((r) => setTimeout(r, 500));
-
-	if (!pidExists(pid)) return;
-
-	// Force kill
+	// Fall back to direct PID kill
 	try {
-		process.kill(pid, 'SIGKILL');
-		logger.debug('Sent SIGKILL to pid %d', pid);
+		process.kill(pid, signal);
+		logger.debug('Sent %s to pid %d (direct)', signal, pid);
+		return true;
 	} catch (err: unknown) {
 		const error = err as NodeJS.ErrnoException;
 		if (error.code !== 'ESRCH') {
-			logger.debug('Error sending SIGKILL to pid %d: %s', pid, error.message);
+			logger.debug('Direct kill failed for pid %d: %s', pid, error.code);
 		}
+		return false;
 	}
+}
+
+/**
+ * Kill a process by PID with SIGTERM, then SIGKILL if still alive.
+ * Targets the entire process tree to prevent orphaned child processes.
+ */
+async function killPid(pid: number, logger: LoggerLike): Promise<void> {
+	if (!pidExists(pid)) return;
+
+	// Send SIGTERM to process tree
+	const sent = killProcessTree(pid, 'SIGTERM', logger);
+	if (!sent) return;
+
+	// Give it a moment to exit gracefully
+	await new Promise((r) => setTimeout(r, 500));
+
+	// Always attempt SIGKILL on the process tree even if the leader has exited.
+	// On Unix, process groups persist after the leader exits and signaling via
+	// negative PGID still reaches remaining members. killProcessTree() handles
+	// ESRCH gracefully if the group no longer exists.
+
+	// Force kill the entire process tree
+	killProcessTree(pid, 'SIGKILL', logger);
 
 	// Wait for process to fully terminate
 	await new Promise((r) => setTimeout(r, 100));