@arbidocs/cli 0.3.25 → 0.3.27

package/dist/index.js

@@ -3637,7 +3637,7 @@ function getLatestVersion(skipCache = false) {
   }
 }
 function getCurrentVersion() {
-  return "0.3.25";
+  return "0.3.27";
 }
 function readChangelog(fromVersion, toVersion) {
   try {
@@ -3690,17 +3690,17 @@ function showChangelog(fromVersion, toVersion) {
 async function checkForUpdates(autoUpdate) {
   try {
     const latest = getLatestVersion();
-    if (!latest || latest === "0.3.25") return;
+    if (!latest || latest === "0.3.27") return;
     if (autoUpdate) {
       warn(`
-Your arbi version is out of date (${"0.3.25"} \u2192 ${latest}). Updating...`);
+Your arbi version is out of date (${"0.3.27"} \u2192 ${latest}). Updating...`);
       child_process.execSync("npm install -g @arbidocs/cli@latest", { stdio: "inherit" });
-      showChangelog("0.3.25", latest);
+      showChangelog("0.3.27", latest);
       console.log(`Updated to ${latest}.`);
     } else {
       warn(
         `
-Your arbi version is out of date (${"0.3.25"} \u2192 ${latest}).
+Your arbi version is out of date (${"0.3.27"} \u2192 ${latest}).
 Run "arbi update" to upgrade, or "arbi update auto" to always stay up to date.`
       );
     }
@@ -3710,9 +3710,9 @@ Run "arbi update" to upgrade, or "arbi update auto" to always stay up to date.`
 function hintUpdateOnError() {
   try {
     const cached = readCache();
-    if (cached && cached.latest !== "0.3.25") {
+    if (cached && cached.latest !== "0.3.27") {
       warn(
-        `Your arbi version is out of date (${"0.3.25"} \u2192 ${cached.latest}). Run "arbi update".`
+        `Your arbi version is out of date (${"0.3.27"} \u2192 ${cached.latest}). Run "arbi update".`
       );
     }
   } catch {
@@ -3911,8 +3911,8 @@ async function resolveDmCrypto() {
     error("No user ID in session \u2014 cannot set up DM encryption.");
     process.exit(1);
   }
-  const crypto = sdk.dm.createDmCryptoContext(arbi, loginResult.signingPrivateKey, userExtId);
-  return { ...authCtx, crypto };
+  const crypto2 = sdk.dm.createDmCryptoContext(arbi, loginResult.signingPrivateKey, userExtId);
+  return { ...authCtx, crypto: crypto2 };
 }
 function printTable(columns, rows) {
   console.log(chalk2__default.default.bold(columns.map((c) => c.header.padEnd(c.width)).join("")));
@@ -3946,43 +3946,33 @@ var AGENT_MIN_VERSIONS = {
     installUrl: "https://docs.openclaw.ai/install"
   }
 };
+function compareVersions(a, b) {
+  const pa = a.split(".").map(Number);
+  const pb = b.split(".").map(Number);
+  const len = Math.max(pa.length, pb.length);
+  for (let i = 0; i < len; i++) {
+    const diff = (pa[i] ?? 0) - (pb[i] ?? 0);
+    if (diff !== 0) return diff;
+  }
+  return 0;
+}
 function checkAgentDependency(backend) {
   const { binary, minVersion, installUrl } = AGENT_MIN_VERSIONS[backend];
   let version;
   try {
     version = child_process.execFileSync(binary, ["--version"], { encoding: "utf-8", timeout: 5e3 }).trim();
   } catch {
-    error(
-      `"${binary}" is not installed or not in PATH.
-  The "${backend}" agent backend requires ${binary} >= ${minVersion}.
-  Install: ${installUrl}`
-    );
+    error(`"${binary}" is not installed.
+  Install: ${installUrl}`);
     process.exit(1);
   }
-  const versionMatch = version.match(/(\d+\.\d+[\d.]*)/);
-  if (!versionMatch) {
-    dim(`Could not parse ${binary} version from: ${version}`);
-    return;
-  }
-  const current = versionMatch[1];
-  if (compareVersions(current, minVersion) < 0) {
-    error(
-      `"${binary}" version ${current} is too old (need >= ${minVersion}).
-  Update: ${installUrl}`
-    );
+  const match = version.match(/(\d+\.\d+[\d.]*)/);
+  if (match && compareVersions(match[1], minVersion) < 0) {
+    error(`"${binary}" ${match[1]} is too old (need >= ${minVersion}).
+  Update: ${installUrl}`);
     process.exit(1);
   }
-  dim(`${binary} ${current} \u2713`);
-}
-function compareVersions(a, b) {
-  const pa = a.split(".").map(Number);
-  const pb = b.split(".").map(Number);
-  const len = Math.max(pa.length, pb.length);
-  for (let i = 0; i < len; i++) {
-    const diff = (pa[i] ?? 0) - (pb[i] ?? 0);
-    if (diff !== 0) return diff;
-  }
-  return 0;
+  dim(`${binary} ${match?.[1] ?? version} \u2713`);
 }
 function loadSkillContent() {
   const cliRoot = path.resolve(path.dirname(url.fileURLToPath((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('index.js', document.baseURI).href)))), "..");
@@ -3992,91 +3982,49 @@ function loadSkillContent() {
     return void 0;
   }
 }
-function createAgent(backend, sessionId) {
-  switch (backend) {
-    case "claude":
-      return new sdk.ClaudeOrchestrator({ sessionId, skillPrompt: loadSkillContent() });
-    case "openclaw":
-      return new sdk.OpenClawOrchestrator({ sessionId });
-    default:
-      throw new Error(`Unknown agent backend: ${backend}`);
-  }
-}
 function installSkill(backend) {
   const cliRoot = path.resolve(path.dirname(url.fileURLToPath((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('index.js', document.baseURI).href)))), "..");
-  const skillPath = path.join(cliRoot, "SKILL.md");
   let skillContent;
   try {
-    skillContent = fs2.readFileSync(skillPath, "utf-8");
+    skillContent = fs2.readFileSync(path.join(cliRoot, "SKILL.md"), "utf-8");
   } catch {
     return;
   }
-  switch (backend) {
-    case "claude": {
-      const commandsDir = path.join(os.homedir(), ".claude", "commands", "arbi");
-      const targetPath = path.join(commandsDir, "SKILL.md");
-      try {
-        fs2.mkdirSync(commandsDir, { recursive: true });
-        if (fs2.existsSync(targetPath)) {
-          const existing = fs2.readFileSync(targetPath, "utf-8");
-          if (existing === skillContent) return;
-        }
-        fs2.writeFileSync(targetPath, skillContent, "utf-8");
-        dim(`Installed ARBI skill \u2192 ${targetPath}`);
-      } catch {
+  if (backend === "claude") {
+    const dir = path.join(os.homedir(), ".claude", "commands", "arbi");
+    const target = path.join(dir, "SKILL.md");
+    try {
+      fs2.mkdirSync(dir, { recursive: true });
+      if (!fs2.existsSync(target) || fs2.readFileSync(target, "utf-8") !== skillContent) {
+        fs2.writeFileSync(target, skillContent, "utf-8");
+        dim(`Installed ARBI skill \u2192 ${target}`);
       }
-      break;
+    } catch {
     }
-    case "openclaw": {
-      const ocAgentName = "arbi";
-      const ocWorkspace = path.join(os.homedir(), ".arbi", "openclaw-workspace");
-      const bootstrapPath = path.join(ocWorkspace, "BOOTSTRAP.md");
-      try {
-        const list = child_process.execFileSync("openclaw", ["agents", "list", "--json"], {
-          encoding: "utf-8"
-        });
-        const agents = JSON.parse(list);
-        const exists = Array.isArray(agents) ? agents.some((a) => a.id === ocAgentName) : false;
-        if (!exists) {
-          fs2.mkdirSync(ocWorkspace, { recursive: true });
-          child_process.execFileSync(
-            "openclaw",
-            ["agents", "add", ocAgentName, "--workspace", ocWorkspace, "--non-interactive"],
-            { encoding: "utf-8" }
-          );
-          dim(`Created OpenClaw agent "${ocAgentName}" \u2192 ${ocWorkspace}`);
-        }
-      } catch {
-        fs2.mkdirSync(ocWorkspace, { recursive: true });
-        try {
-          child_process.execFileSync(
-            "openclaw",
-            ["agents", "add", ocAgentName, "--workspace", ocWorkspace, "--non-interactive"],
-            { encoding: "utf-8" }
-          );
-          dim(`Created OpenClaw agent "${ocAgentName}" \u2192 ${ocWorkspace}`);
-        } catch {
-        }
-      }
-      try {
-        fs2.mkdirSync(ocWorkspace, { recursive: true });
-        if (fs2.existsSync(bootstrapPath)) {
-          const existing = fs2.readFileSync(bootstrapPath, "utf-8");
-          if (existing === skillContent) break;
-        }
-        fs2.writeFileSync(bootstrapPath, skillContent, "utf-8");
-        dim(`Installed ARBI skill \u2192 ${bootstrapPath}`);
-      } catch {
+  } else if (backend === "openclaw") {
+    const workspace = path.join(os.homedir(), ".arbi", "openclaw-workspace");
+    const bootstrap = path.join(workspace, "BOOTSTRAP.md");
+    try {
+      fs2.mkdirSync(workspace, { recursive: true });
+      if (!fs2.existsSync(bootstrap) || fs2.readFileSync(bootstrap, "utf-8") !== skillContent) {
+        fs2.writeFileSync(bootstrap, skillContent, "utf-8");
+        dim(`Installed ARBI skill \u2192 ${bootstrap}`);
       }
-      break;
+    } catch {
     }
   }
 }
+function createOrchestrator(backend, sessionId) {
+  if (backend === "claude")
+    return new sdk.ClaudeOrchestrator({ sessionId, skillPrompt: loadSkillContent() });
+  if (backend === "openclaw") return new sdk.OpenClawOrchestrator({ sessionId });
+  throw new Error(`Unknown backend: ${backend}`);
+}
 async function setupAgent(agentName, config) {
   const backend = agentName ?? config.orchestrator;
   if (!backend) return void 0;
   if (!AGENT_BACKENDS.includes(backend)) {
-    error(`Unknown agent backend: "${backend}". Choose from: ${AGENT_BACKENDS.join(", ")}`);
+    error(`Unknown backend: "${backend}". Choose from: ${AGENT_BACKENDS.join(", ")}`);
     process.exit(1);
   }
   checkAgentDependency(backend);
@@ -4092,32 +4040,30 @@ async function startListening(agentName, config) {
   if (!backend) {
     error(
       `No agent backend configured. Use --agent to specify one:
-  arbi connect --agent ${AGENT_BACKENDS[0]} --listen`
+  arbi listen --agent claude`
     );
     process.exit(1);
   }
   const creds = store.getCredentials();
   if (!creds?.parentExtId) {
-    error(
-      "DM listener requires a persistent agent identity (parentExtId).\n  This session was not claimed as a delegated agent."
-    );
+    error("DM listener requires a persistent agent identity (parentExtId).");
     process.exit(1);
   }
   dim("Starting DM listener...");
-  const { arbi, crypto } = await resolveDmCrypto();
-  const sessionId = arbi.session.getState().userExtId ?? "default";
-  const orchestrator = createAgent(backend, sessionId);
+  const { arbi, crypto: crypto2 } = await resolveDmCrypto();
   const fullConfig = resolveConfig();
+  const sessionId = arbi.session.getState().userExtId ?? "default";
+  const orchestrator = createOrchestrator(backend, sessionId);
   const accessToken = arbi.session.getState().accessToken;
   if (!accessToken) {
-    error("No access token \u2014 authentication may have failed.");
+    error("No access token \u2014 run `arbi login` first.");
     process.exit(1);
   }
   const listener = await sdk.startDmListener({
     arbi,
     accessToken,
     baseUrl: fullConfig.baseUrl,
-    crypto,
+    crypto: crypto2,
     orchestrator,
     parentExtId: creds.parentExtId,
     onLog: (msg) => dim(msg),
@@ -4126,7 +4072,7 @@ async function startListening(agentName, config) {
   success(`Listening for DMs as ${chalk2__default.default.cyan(creds.email)} via ${chalk2__default.default.cyan(backend)}`);
   dim("Press Ctrl+C to stop.");
   const shutdown = () => {
-    dim("\nShutting down listener...");
+    dim("\nShutting down...");
     listener.close();
     orchestrator.close?.();
     process.exit(0);
@@ -4136,116 +4082,17 @@ async function startListening(agentName, config) {
   await new Promise(() => {
   });
 }
-function registerConnectCommand(program2) {
-  program2.command("connect").description("Claim a session and/or connect to an agent backend").option("--code <claim-code>", "Claim code from parent (required on first run)").option("--agent <name>", `Agent backend (${AGENT_BACKENDS.join(", ")})`).option("--listen", "Start DM listener (agent receives prompts via encrypted DMs)").action((opts) => {
-    const run = async () => {
+function registerListenCommand(program2) {
+  program2.command("listen").description("Start DM listener (connect agent backend to ARBI messaging)").option("--agent <name>", `Agent backend: ${AGENT_BACKENDS.join(", ")}`).action(
+    (opts) => (async () => {
       const config = resolveConfig();
-      const creds = store.getCredentials();
-      const hasIdentity = creds?.signingPrivateKeyBase64;
-      if (!hasIdentity) {
-        const claimCode = opts.code?.trim() ?? "";
-        if (!claimCode) {
-          const authorizeUrl = `${config.baseUrl}#/action/authorize-agent`;
-          error(
-            `No saved identity. Provide a claim code:
-  arbi connect --code purple-mountain-river
-
-Get a claim code from the ARBI web UI:
-  ${chalk2__default.default.underline(authorizeUrl)}`
-          );
-          process.exit(1);
-        }
-        dim("Claiming session...");
-        const arbi = client.createArbiClient({
-          baseUrl: config.baseUrl,
-          deploymentDomain: config.deploymentDomain,
-          credentials: "omit"
-        });
-        await arbi.crypto.initSodium();
-        const keypair = arbi.crypto.generateRandomSigningKeypair();
-        const signingPubKeyBase64 = client.bytesToBase64(keypair.publicKey);
-        const signingPrivateKeyBase64 = client.bytesToBase64(keypair.secretKey);
-        const claimResponse = await sdk.sessions.claimSession(arbi, claimCode, signingPubKeyBase64);
-        const parentExtId = claimResponse.user.parent_ext_id ?? void 0;
-        const agentEmail = claimResponse.user.email ?? claimResponse.user.external_id;
-        store.saveCredentials({
-          email: agentEmail,
-          signingPrivateKeyBase64,
-          serverSessionKeyBase64: claimResponse.session_key,
-          accessToken: claimResponse.access_token,
-          parentExtId
-        });
-        const workspaces3 = claimResponse.workspaces ?? [];
-        if (workspaces3.length > 0) {
-          const firstWs = workspaces3[0];
-          const wsId = firstWs.external_id;
-          if (wsId) {
-            updateConfig({ selectedWorkspaceId: wsId });
-          }
-        }
-        success("Session claimed!");
-        console.log(`  Identity: ${chalk2__default.default.cyan(agentEmail)}`);
-        if (parentExtId) {
-          console.log(`  Parent:   ${chalk2__default.default.cyan(parentExtId)}`);
-          console.log(`  Type:     Persistent agent`);
-        } else {
-          console.log(`  Type:     Ephemeral session`);
-        }
-        console.log("");
-        if (parentExtId) {
-          try {
-            arbi.session.setAccessToken(claimResponse.access_token);
-            arbi.session.setUser(agentEmail, claimResponse.user.external_id);
-            const contacts = await sdk.contacts.listContacts(arbi);
-            const parentContact = contacts.find((c) => {
-              const u = c.user;
-              return u?.external_id === parentExtId;
-            });
-            const parentPubKey = parentContact?.user?.encryption_public_key;
-            if (parentPubKey) {
-              const userExtId = claimResponse.user.external_id ?? agentEmail;
-              const crypto = sdk.dm.createDmCryptoContext(
-                arbi,
-                client.base64ToBytes(signingPrivateKeyBase64),
-                userExtId
-              );
-              await sdk.dm.sendEncryptedDM(
-                arbi,
-                [
-                  {
-                    recipient_ext_id: parentExtId,
-                    content: `\u{1F511} Agent recovery key for ${agentEmail}
-signing_key: ${signingPrivateKeyBase64}
-
-Save this key \u2014 it is the only way to recover this agent session.`,
-                    recipient_encryption_public_key: parentPubKey
-                  }
-                ],
-                crypto
-              );
-              dim("Recovery key sent to parent via encrypted DM.");
-            } else {
-              dim("Could not find parent encryption key \u2014 recovery key not sent.");
-              dim(`Backup manually: ${signingPrivateKeyBase64}`);
-            }
-          } catch {
-            dim("Failed to send recovery key DM \u2014 save it manually:");
-            dim(`  ${signingPrivateKeyBase64}`);
-          }
-        }
-      }
       await setupAgent(opts.agent, config);
-      if (opts.listen) {
-        await startListening(opts.agent, config);
-      } else {
-        success("Connected. Use `arbi --help` to explore.");
-      }
-    };
-    run().catch((err) => {
+      await startListening(opts.agent, config);
+    })().catch((err) => {
       error(`Error: ${err instanceof Error ? err.message : String(err)}`);
       process.exit(1);
-    });
-  });
+    })
+  );
 }
 
 // src/commands/login.ts
@@ -5525,8 +5372,8 @@ function registerDmCommand(program2) {
   const dm = program2.command("dm").description("Direct messages (E2E encrypted)");
   dm.command("list").description("List all DMs and notifications (decrypted)").action(
     runAction(async () => {
-      const { arbi, crypto } = await resolveDmCrypto();
-      const data = await sdk.dm.listDecryptedDMs(arbi, crypto);
+      const { arbi, crypto: crypto2 } = await resolveDmCrypto();
+      const data = await sdk.dm.listDecryptedDMs(arbi, crypto2);
       if (data.length === 0) {
         console.log("No messages found.");
         return;
@@ -5552,7 +5399,7 @@ function registerDmCommand(program2) {
   );
   dm.command("send [recipient] [content...]").description("Send an E2E encrypted DM (interactive if no args)").action(
     (recipient, contentParts) => runAction(async () => {
-      const { arbi, crypto } = await resolveDmCrypto();
+      const { arbi, crypto: crypto2 } = await resolveDmCrypto();
       if (!recipient) {
         const contacts2 = await sdk.contacts.listContacts(arbi);
         if (contacts2.length === 0) {
@@ -5657,7 +5504,7 @@ function registerDmCommand(program2) {
             recipient_encryption_public_key: recipientPubKey
           }
         ],
-        crypto
+        crypto2
       );
       for (const n of data) {
         success(`Sent: ${n.external_id} \u2192 ${n.recipient.email}`);
@@ -5666,10 +5513,10 @@ function registerDmCommand(program2) {
   );
   dm.command("read [ids...]").description("Mark messages as read (interactive picker if no IDs given)").action(
     (ids) => runAction(async () => {
-      const { arbi, crypto } = await resolveDmCrypto();
+      const { arbi, crypto: crypto2 } = await resolveDmCrypto();
       let msgIds = ids && ids.length > 0 ? ids : void 0;
       if (!msgIds) {
-        const data2 = await sdk.dm.listDecryptedDMs(arbi, crypto);
+        const data2 = await sdk.dm.listDecryptedDMs(arbi, crypto2);
         const unread = data2.filter((m) => !m.read);
         if (unread.length === 0) {
           console.log("No unread messages.");
@@ -5694,10 +5541,10 @@ function registerDmCommand(program2) {
   );
   dm.command("delete [ids...]").description("Delete messages (interactive picker if no IDs given)").action(
     (ids) => runAction(async () => {
-      const { arbi, crypto } = await resolveDmCrypto();
+      const { arbi, crypto: crypto2 } = await resolveDmCrypto();
       let msgIds = ids && ids.length > 0 ? ids : void 0;
       if (!msgIds) {
-        const data = await sdk.dm.listDecryptedDMs(arbi, crypto);
+        const data = await sdk.dm.listDecryptedDMs(arbi, crypto2);
         if (data.length === 0) {
           console.log("No messages found.");
           return;
@@ -6583,8 +6430,90 @@ function registerAgentCreateCommand(program2) {
     }
   );
 }
+function generatePassword() {
+  const chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_";
+  const bytes = new Uint8Array(20);
+  crypto.getRandomValues(bytes);
+  return Array.from(bytes, (b) => chars[b % chars.length]).join("");
+}
 function registerAgentCommand(program2) {
   const agent = program2.command("agent").description("Manage persistent agents");
+  agent.command("create").description("Create a persistent agent with its own login credentials").option("--name <name>", "Agent name (letters, digits, hyphens, underscores)").option("-w, --workspace <ids...>", "Workspace IDs to share with the agent").option("--role <role>", "Workspace role: collaborator or guest", "collaborator").action(
+    (opts) => runAction(async () => {
+      const { arbi, loginResult } = await resolveAuth();
+      const config = resolveConfig();
+      const creds = store.requireCredentials();
+      let name = opts.name;
+      if (!name) name = await promptInput("Agent name (letters, digits, hyphens, underscores)");
+      if (!name?.trim() || !/^[a-zA-Z0-9][a-zA-Z0-9_-]*$/.test(name.trim())) {
+        throw new Error("Invalid agent name \u2014 use letters, digits, hyphens, underscores");
+      }
+      let workspaceIds = opts.workspace ?? [];
+      if (workspaceIds.length === 0) {
+        const { data: allWorkspaces } = await arbi.fetch.GET("/v1/user/workspaces");
+        if (allWorkspaces && allWorkspaces.length > 0) {
+          workspaceIds = await promptCheckbox(
+            "Share with workspaces (optional \u2014 press Enter to skip)",
+            allWorkspaces.map((ws) => ({
+              name: `${ws.name} (${ws.external_id})`,
+              value: ws.external_id
+            }))
+          );
+        }
+      }
+      await client.initSodium();
+      const parentExtId = arbi.session.getState().userExtId ?? "";
+      if (!parentExtId) throw new Error("Could not determine current user ext_id");
+      const agentEmail = `${name.trim()}.${parentExtId}@${config.deploymentDomain}`;
+      const password2 = generatePassword();
+      const { signingPrivateKey } = await client.generateLoginCredentials(
+        { email: agentEmail },
+        password2,
+        config.deploymentDomain
+      );
+      const signingPubKey = client.bytesToBase64(signingPrivateKey.slice(32));
+      const { data: agent2, error: error2 } = await arbi.fetch.POST("/v1/user/agent", {
+        body: {
+          name: name.trim(),
+          signing_key: signingPubKey,
+          recovery_key: client.bytesToBase64(signingPrivateKey)
+        }
+      });
+      if (!agent2) throw new Error(`Failed to create agent: ${JSON.stringify(error2)}`);
+      if (workspaceIds.length > 0) {
+        const { data: allWs } = await arbi.fetch.GET("/v1/user/workspaces");
+        for (const wsId of workspaceIds) {
+          const ws = allWs?.find((w) => w.external_id === wsId);
+          if (!ws?.wrapped_key) {
+            dim(`Skipping ${wsId} \u2014 no key found`);
+            continue;
+          }
+          const encryptedKey = await sdk.generateEncryptedWorkspaceKey(
+            arbi,
+            ws.wrapped_key,
+            loginResult.serverSessionKey,
+            creds.signingPrivateKeyBase64
+          );
+          await arbi.fetch.POST("/v1/workspace/users", {
+            body: {
+              emails: [agent2.email],
+              role: opts.role ?? "collaborator",
+              workspace_key: encryptedKey,
+              workspace_ext_id: wsId
+            }
+          });
+        }
+      }
+      console.log("");
+      success("Agent created!");
+      console.log("");
+      console.log(`  Email:    ${ref(agent2.email)}`);
+      console.log(`  Password: ${ref(password2)}`);
+      if (workspaceIds.length > 0) console.log(`  Workspaces: ${workspaceIds.join(", ")}`);
+      console.log("");
+      dim(`On the agent machine: arbi login --email ${agent2.email} --password <password>`);
+    })()
+  );
   agent.command("list").description("List your persistent agents").action(
     runAction(async () => {
       const { arbi } = await resolveAuth();
@@ -6904,89 +6833,6 @@ function printTree(dir, prefix, maxDepth, depth) {
     }
   }
 }
-async function authorizeShared(opts) {
-  const { arbi, loginResult } = await resolveAuth();
-  let name = opts.name;
-  if (!name) {
-    name = await promptInput(opts.persist ? "Agent name" : "Session name");
-  }
-  if (!name?.trim()) {
-    error("Name is required");
-    process.exit(1);
-  }
-  const { data: allWorkspaces, error: wsErr } = await arbi.fetch.GET("/v1/user/workspaces");
-  if (wsErr || !allWorkspaces || allWorkspaces.length === 0) {
-    error("No workspaces found");
-    process.exit(1);
-  }
-  let workspaceIds = opts.workspace;
-  if (!workspaceIds || workspaceIds.length === 0) {
-    workspaceIds = await promptCheckbox(
-      "Select workspaces to grant access",
-      allWorkspaces.map((ws) => ({
-        name: `${ws.name} (${ws.external_id})`,
-        value: ws.external_id
-      }))
-    );
-  }
-  if (workspaceIds.length === 0) {
-    error("At least one workspace is required");
-    process.exit(1);
-  }
-  const creds = store.requireCredentials();
-  const workspaceKeysMap = {};
-  for (const wsId of workspaceIds) {
-    const ws = allWorkspaces.find((w) => w.external_id === wsId);
-    if (!ws?.wrapped_key) {
-      error(`Workspace ${wsId} not found or has no encryption key`);
-      process.exit(1);
-    }
-    const encryptedKey = await sdk.generateEncryptedWorkspaceKey(
-      arbi,
-      ws.wrapped_key,
-      loginResult.serverSessionKey,
-      creds.signingPrivateKeyBase64
-    );
-    workspaceKeysMap[wsId] = encryptedKey;
-  }
-  const ttl = parseInt(opts.ttl || "3600", 10);
-  const response = await sdk.sessions.authorizeSession(arbi, workspaceKeysMap, {
-    activeWorkspace: workspaceIds[0],
-    ttl,
-    persistIdentity: opts.persist,
-    name: name.trim()
-  });
-  return { response, ttl };
-}
-function registerAuthorizeCommand(program2) {
-  const authorize = program2.command("authorize").description("Create a claim code for a session or agent");
-  authorize.command("agent").description("Create a persistent agent identity with a claim code").option("--name <name>", "Agent name").option("-w, --workspace <ids...>", "Workspace IDs to grant access to (interactive if omitted)").action(
-    (opts) => runAction(async () => {
-      const { response } = await authorizeShared({ persist: true, ...opts });
-      console.log("");
-      success("Agent authorized!");
-      console.log("");
-      console.log(`  Claim code: ${chalk2__default.default.cyan(chalk2__default.default.bold(response.claim_code))}`);
-      console.log("");
-      dim("On the agent machine: arbi connect --code <claim-code> --agent claude");
-    })()
-  );
-  authorize.command("session").description("Create an ephemeral session with a claim code").option("--name <name>", "Session name").option("--ttl <seconds>", "Session TTL in seconds (default: 3600)", "3600").option("-w, --workspace <ids...>", "Workspace IDs to grant access to (interactive if omitted)").action(
-    (opts) => runAction(async () => {
-      const { response, ttl } = await authorizeShared({ persist: false, ...opts });
-      console.log("");
-      success("Session authorized!");
-      console.log("");
-      console.log(`  Claim code: ${chalk2__default.default.cyan(chalk2__default.default.bold(response.claim_code))}`);
-      console.log(`  Expires in: ${ttl}s`);
-      console.log("");
-      dim("Claim with: arbi connect --code <claim-code>");
-    })()
-  );
-  authorize.action(() => {
-    authorize.help();
-  });
-}
 function registerSessionCommand(program2) {
   const session = program2.command("session").description("List and manage sessions");
   session.command("list").description("List active sessions").action(
@@ -7031,7 +6877,7 @@ console.info = (...args) => {
   _origInfo(...args);
 };
 var program = new commander.Command();
-program.name("arbi").description("ARBI CLI \u2014 interact with ARBI from the terminal").version("0.3.25");
+program.name("arbi").description("ARBI CLI \u2014 interact with ARBI from the terminal").version("0.3.27");
 registerConfigCommand(program);
 registerLoginCommand(program);
 registerRegisterCommand(program);
@@ -7060,8 +6906,7 @@ registerAgentCreateCommand(program);
 registerAgentCommand(program);
 registerTaskCommand(program);
 registerCompletionCommand(program);
-registerConnectCommand(program);
-registerAuthorizeCommand(program);
+registerListenCommand(program);
 registerSessionCommand(program);
 registerLocalCommand(program);
 var completionIdx = process.argv.indexOf("--get-completions");