@bike4mind/cli 0.10.3 → 0.12.0

package/README.md

@@ -74,6 +74,8 @@ b4m [options]
 ```
 
 **Available flags:**
+- `--dev` - Point the CLI at the local dev server (`http://localhost:3001`) and remember it
+- `--prod` - Point the CLI at Bike4Mind production and remember it
 - `--verbose`, `-v` - Show debug logs in console (useful for troubleshooting)
 - `--help`, `-h` - Show help information
 - `--version`, `-V` - Show CLI version
@@ -90,6 +92,28 @@ b4m --version
 b4m --help
 ```
 
+### Switching environments (`--dev` / `--prod`)
+
+Flip which backend the CLI talks to without editing config by hand:
+
+```bash
+b4m --dev    # local dev server (http://localhost:3001)
+b4m --prod   # Bike4Mind production
+b4m          # reuses whichever environment you last selected (sticky)
+```
+
+The choice is persisted to `~/.bike4mind/config.json`, so a bare `b4m` always
+reopens the environment you last chose. Both single- and double-dash forms work
+(`-dev`/`--dev`, `-prod`/`--prod`); `--local` is an alias for `--dev`.
+
+Auth tokens are cached **per environment**, so switching back and forth does not
+force a re-login — each environment remembers its own session. The first time you
+visit a new environment you'll be prompted to `/login`. The active environment is
+shown in the startup banner (`🌍 API Environment: …`).
+
+> For a one-off custom/self-hosted URL, use the in-session `/set-api <url>` command
+> (see [API Configuration](#api-configuration) below).
+
 ## Commands
 
 While in interactive mode:
@@ -137,6 +161,11 @@ Authentication tokens are securely stored in your config file with restricted pe
 
 By default, the CLI connects to the main Bike4Mind service at `https://app.bike4mind.com`.
 
+**Quick switch between local dev and production:** use the `b4m --dev` / `b4m --prod`
+launch flags (see [Switching environments](#switching-environments---dev----prod)).
+They persist your choice and cache auth per-environment. The `/set-api`, `/reset-api`,
+and `/api-info` commands below operate on the same setting from inside a session.
+
 **For Self-Hosted Instances:**
 
 If your organization runs a self-hosted Bike4Mind instance, connect to it using:

package/bin/bike4mind-cli.mjs

@@ -33,8 +33,43 @@ const require = createRequire(import.meta.url);
 // whichever package.json it discovers first, which is not necessarily ours.
 const { version: cliVersion } = require('../package.json');
 
+// --- API environment flags (--dev / --prod) ---
+// Intercept these BEFORE yargs parses argv. They're accepted with either a
+// single or double dash (e.g. `b4m -prod` and `b4m --prod` both work), but
+// single-dash multi-char tokens would otherwise be split into clustered short
+// flags by yargs (`-prod` → `-p -r -o -d`, colliding with -p/--prompt). We pull
+// them out here, record the target, and strip them so yargs sees a clean argv.
+const ENV_FLAG_MAP = {
+  '--dev': 'dev', '-dev': 'dev', '--local': 'dev', '-local': 'dev',
+  '--prod': 'prod', '-prod': 'prod', '--production': 'prod', '-production': 'prod',
+};
+let envTarget = null;
+{
+  const cleaned = [];
+  for (const token of process.argv.slice(2)) {
+    if (Object.prototype.hasOwnProperty.call(ENV_FLAG_MAP, token)) {
+      envTarget = ENV_FLAG_MAP[token]; // last one wins
+    } else {
+      cleaned.push(token);
+    }
+  }
+  // Rebuild argv without the env tokens so yargs doesn't choke on them.
+  process.argv = [process.argv[0], process.argv[1], ...cleaned];
+}
+
 // Parse CLI arguments
 const argv = await yargs(hideBin(process.argv))
+  // --dev / --prod are declared here ONLY so they appear in `--help`. The actual
+  // handling is the pre-yargs argv interception above — these yargs-side values
+  // (`argv.dev` / `argv.prod`) are never read.
+  .option('dev', {
+    type: 'boolean',
+    description: 'Point the CLI at the local dev server (http://localhost:3001) and remember it',
+  })
+  .option('prod', {
+    type: 'boolean',
+    description: 'Point the CLI at Bike4Mind production and remember it',
+  })
   .option('verbose', {
     alias: 'v',
     type: 'boolean',
@@ -204,6 +239,28 @@ if (argv['reset-api'] || argv['api-url'] !== undefined) {
   }
 }
 
+// Apply --dev / --prod environment switch before anything connects to a server.
+// This persists the choice (sticky: a bare `b4m` reuses the last selection) and
+// swaps in that environment's cached auth token.
+if (envTarget) {
+  try {
+    let applyEnvironmentFlag;
+
+    if (isDev) {
+      const { register } = require('tsx/esm/api');
+      register();
+      ({ applyEnvironmentFlag } = await import('../src/commands/envCommand.ts'));
+    } else {
+      ({ applyEnvironmentFlag } = await import('../dist/commands/envCommand.mjs'));
+    }
+
+    await applyEnvironmentFlag(envTarget);
+  } catch (error) {
+    console.error('Failed to switch API environment:', error.message);
+    process.exit(1);
+  }
+}
+
 // Handle headless mode (-p / --prompt flag)
 // Must be done after isDev detection to use correct import path
 if (argv.prompt !== undefined) {

package/dist/{ConfigStore-tjtx9TU6.mjs → ConfigStore-CtBZ2p4M.mjs}

@@ -987,6 +987,13 @@ let CreditHolderType = /* @__PURE__ */ function(CreditHolderType) {
 	CreditHolderType["Agent"] = "Agent";
 	return CreditHolderType;
 }({});
+const COMPLETION_SOURCES = [
+	"web",
+	"cli",
+	"api",
+	"agent",
+	"system"
+];
 let CreditPurchaseStatus = /* @__PURE__ */ function(CreditPurchaseStatus) {
 	CreditPurchaseStatus["Completed"] = "completed";
 	CreditPurchaseStatus["Pending"] = "pending";
@@ -1003,6 +1010,12 @@ const BaseCreditTransaction = z.object({
 	credits: z.number(),
 	description: z.string().optional(),
 	metadata: z.record(z.string(), z.any()).optional(),
+	/**
+	* Where this transaction originated — used to break down usage in reports.
+	* Optional because legacy rows (and non-completion transactions like
+	* purchases/refunds) may not have it set. See CompletionSource in analytics.ts.
+	*/
+	source: z.enum(COMPLETION_SOURCES).optional(),
 	createdAt: z.date(),
 	updatedAt: z.date()
 });
@@ -2584,7 +2597,8 @@ const AgentStepSchema = z.object({
 });
 const ExecutionStartedAction = z.object({
 	action: z.literal("execution_started"),
-	executionId: z.string()
+	executionId: z.string(),
+	questId: z.string().optional()
 });
 const IterationStepAction = z.object({
 	action: z.literal("iteration_step"),
@@ -3644,6 +3658,8 @@ z.enum([
 	"EnableLatticeDefault",
 	"EnableDataLakes",
 	"EnableDataLakesDefault",
+	"EnableBriefcase",
+	"EnableBriefcaseDefault",
 	"RapidReplySettings",
 	"EnableResearchEngine",
 	"EnableResearchEngineDefault",
@@ -4615,6 +4631,14 @@ const API_SERVICE_GROUPS = {
 				key: "EnableArtifactsDefault",
 				order: 21
 			},
+			{
+				key: "EnableBriefcase",
+				order: 25
+			},
+			{
+				key: "EnableBriefcaseDefault",
+				order: 26
+			},
 			{
 				key: "EnableBmPi",
 				order: 30
@@ -5035,6 +5059,25 @@ const settingsMap = {
 		order: 89,
 		dependsOn: "EnableDataLakes"
 	}),
+	EnableBriefcase: makeBooleanSetting({
+		key: "EnableBriefcase",
+		name: "Enable Briefcase",
+		defaultValue: false,
+		description: "Server-side gate for the Briefcase capability (one-click AI prompt catalog). Off by default — turn on to expose the briefcase APIs and launcher panel.",
+		category: "Experimental",
+		group: API_SERVICE_GROUPS.EXPERIMENTAL.id,
+		order: 86
+	}),
+	EnableBriefcaseDefault: makeBooleanSetting({
+		key: "EnableBriefcaseDefault",
+		name: "Briefcase: On by default for users",
+		defaultValue: false,
+		description: "When enabled, Briefcase is active for users who have never explicitly toggled it.",
+		category: "Experimental",
+		group: API_SERVICE_GROUPS.EXPERIMENTAL.id,
+		order: 87,
+		dependsOn: "EnableBriefcase"
+	}),
 	EnableQuestMaster: makeBooleanSetting({
 		key: "EnableQuestMaster",
 		name: "Enable Quest Master",
@@ -7755,6 +7798,55 @@ z$1.object({
 		skip: z$1.array(z$1.string())
 	})
 });
+z.enum([
+	"inject",
+	"auto-fire",
+	"hidden"
+]);
+/**
+* Modes acceptable at AUTHORING time. 'hidden' is intentionally excluded until
+* the host has true hidden-send support — accepting it would persist a value
+* that silently behaves as 'auto-fire' (a surprising downgrade). It stays in
+* ExecutionModeSchema/the stored enum for forward-compat.
+*/
+const AuthorableExecutionModeSchema = z.enum(["inject", "auto-fire"]);
+/**
+* Tools a prompt may require — constrained to the host's closed tool set, MINUS
+* integration-gated tools that act on the caller's own credentials/account. A
+* shared system prompt must not be able to inject e.g. blog-publishing into a
+* non-author's session via requiredTools. (Per-user entitlement of the remaining
+* tools is still the chat pipeline's responsibility — see follow-up note in the
+* briefcase blueprint; this allowlist is the storage-layer floor.)
+*/
+const BRIEFCASE_DISALLOWED_TOOLS = [
+	"blog_publish",
+	"blog_edit",
+	"blog_draft"
+];
+const BriefcaseRequiredToolsSchema = z.array(b4mLLMTools.refine((t) => !BRIEFCASE_DISALLOWED_TOOLS.includes(t), "This tool is not permitted in a briefcase prompt")).max(16);
+z.string().regex(/^[a-f0-9]{24}$/i, "Invalid prompt id");
+const PROMPT_TEXT_MAX = 16e3;
+const TAGS_MAX = 20;
+z.object({
+	type: z.string().min(1).max(100),
+	name: z.string().min(1).max(200),
+	description: z.string().max(500).optional(),
+	promptText: z.string().min(1).max(PROMPT_TEXT_MAX),
+	tags: z.array(z.string().min(1).max(50)).max(TAGS_MAX).optional(),
+	executionMode: AuthorableExecutionModeSchema.optional(),
+	requiredTools: BriefcaseRequiredToolsSchema.optional()
+}).partial();
+/**
+* One catalog sub-query. Exactly one selector is used, in precedence order:
+* `personal` (resolved to the caller server-side) > `tags` > `type`.
+*/
+const PromptBatchQuerySchema = z.object({
+	key: z.string().min(1).max(100),
+	tags: z.array(z.string().min(1).max(50)).max(TAGS_MAX).optional(),
+	type: z.string().max(100).optional(),
+	personal: z.boolean().optional()
+});
+z.object({ queries: z.array(PromptBatchQuerySchema).min(1).max(32).refine((qs) => new Set(qs.map((q) => q.key)).size === qs.length, { message: "Batch query keys must be unique" }) });
 const DATA_LAKES = [{
 	id: "ionq-sales",
 	name: "IonQ Sales Intelligence",
@@ -8197,6 +8289,175 @@ BaseArtifactSchema.extend({
 		lastExecutionTime: z.number().optional()
 	})
 });
+/**
+* Published-artifact schemas — the B4M instantiation of the `artifact-publishing`
+* blueprint (MillionOnMars/blueprints, extracted from Polaris Publish v1).
+*
+* The blueprint expresses scope/visibility as open string vocabularies; B4M
+* binds them to its own enums:
+*   scope tier  ∈ { user, project, organization }
+*   visibility  ∈ { private, project, organization, public }   (ordered ladder)
+*
+* Unlike Polaris (bundles only), B4M publishes three SOURCE kinds through one
+* record: a rich HTML `bundle`, a chat `reply`, or a `fabfile`. The `source`
+* discriminator records provenance; `bundle` artifacts get the full
+* upload→validate→serve pipeline, while `reply`/`fabfile` are server-rendered
+* viewer pages.
+*/
+const PublishScopeTierSchema = z.enum([
+	"user",
+	"project",
+	"organization"
+]);
+const PublishSourceKindSchema = z.enum([
+	"bundle",
+	"reply",
+	"fabfile"
+]);
+const PublishSourceSchema = z.object({
+	kind: PublishSourceKindSchema,
+	/** Set when kind === 'bundle' and the bundle was generated from a B4M artifact. */
+	artifactId: z.string().optional(),
+	/** Set when kind === 'reply'. */
+	sessionId: z.string().optional(),
+	messageId: z.string().optional(),
+	/** Set when kind === 'fabfile'. */
+	fabFileId: z.string().optional()
+});
+const ArtifactFileSchema = z.object({
+	path: z.string(),
+	size: z.int().nonnegative(),
+	mimeType: z.string(),
+	sha256: z.string()
+});
+const ArtifactVersionMetaSchema = z.object({
+	publishedAt: z.date(),
+	publishedBy: z.string(),
+	size: z.object({
+		totalBytes: z.int().nonnegative(),
+		fileCount: z.int().nonnegative()
+	}),
+	sha256Index: z.string()
+});
+/** Reserved slugs — must include every tier URL token so a slug can't shadow routing. */
+const RESERVED_SLUGS = [
+	"api",
+	"admin",
+	"static",
+	"p",
+	"u",
+	"o",
+	"pj",
+	"r",
+	"f",
+	"a",
+	"_next",
+	"health"
+];
+const SlugSchema = z.string().min(3).max(64).regex(/^[a-z0-9]+(?:-[a-z0-9]+)*$/, "slug must be lowercase kebab-case").refine((s) => !RESERVED_SLUGS.includes(s), { message: "slug is reserved" });
+const PUBLISH_LIMITS = {
+	maxFiles: 50,
+	maxBundleBytes: 50 * 1024 * 1024,
+	maxFileBytes: 10 * 1024 * 1024
+};
+z.object({
+	/** Short opaque id for short URLs (`/p/r/{publicId}`, `/p/f/{publicId}`) and lookups. */
+	publicId: z.string(),
+	tier: PublishScopeTierSchema,
+	scopeId: z.string(),
+	slug: SlugSchema,
+	title: z.string().min(1).max(200),
+	description: z.string().max(1e3).optional(),
+	visibility: VisibilitySchema.prefault("private"),
+	/** Group id a viewer must belong to when gated cross-scope. */
+	gatedToGroupId: z.string().optional(),
+	ownerId: z.string(),
+	lastPublishedBy: z.string().optional(),
+	source: PublishSourceSchema,
+	/** Canonical blob prefix '{tier}/{scopeId}/{slug}/'. Empty for non-bundle sources. */
+	storageKeyPrefix: z.string(),
+	size: z.object({
+		totalBytes: z.int().nonnegative(),
+		fileCount: z.int().nonnegative()
+	}),
+	sha256Index: z.string().optional(),
+	manifest: z.array(ArtifactFileSchema).prefault([]),
+	declaredApiEndpoints: z.array(z.string()).prefault([]),
+	/** Rendered body snapshot for reply/fabfile viewer pages (markdown or text). */
+	renderedBody: z.string().optional(),
+	publishedAt: z.date(),
+	previousVersionMeta: ArtifactVersionMetaSchema.optional(),
+	viewCount: z.int().nonnegative().prefault(0),
+	createdAt: z.date(),
+	updatedAt: z.date(),
+	deletedAt: z.date().nullish(),
+	deletedBy: z.string().nullish()
+});
+const ValidationViolationTypeSchema = z.enum([
+	"csp_violation",
+	"forbidden_pattern",
+	"forbidden_iframe",
+	"invalid_asset_url",
+	"missing_index",
+	"size_exceeded",
+	"invalid_mime_type",
+	"invalid_path"
+]);
+z.object({
+	type: ValidationViolationTypeSchema,
+	message: z.string(),
+	file: z.string().optional(),
+	line: z.int().optional()
+});
+const FileDescriptorSchema = z.object({
+	path: z.string(),
+	size: z.int().nonnegative(),
+	mimeType: z.string()
+});
+z.object({
+	tier: PublishScopeTierSchema,
+	scopeId: z.string(),
+	slug: SlugSchema,
+	title: z.string().min(1).max(200),
+	description: z.string().max(1e3).optional(),
+	visibility: VisibilitySchema.optional(),
+	gatedToGroupId: z.string().optional(),
+	source: PublishSourceSchema.optional(),
+	files: z.array(FileDescriptorSchema).min(1).max(PUBLISH_LIMITS.maxFiles)
+});
+z.object({
+	draftId: z.uuid(),
+	uploadUrls: z.array(z.object({
+		path: z.string(),
+		url: z.string(),
+		expiresAt: z.string()
+	}))
+});
+z.object({ draftId: z.uuid() });
+z.object({
+	sessionId: z.string(),
+	messageId: z.string(),
+	title: z.string().min(1).max(200).optional(),
+	visibility: VisibilitySchema.optional(),
+	tier: PublishScopeTierSchema.prefault("user"),
+	scopeId: z.string().optional()
+});
+z.object({
+	fabFileId: z.string(),
+	title: z.string().min(1).max(200).optional(),
+	visibility: VisibilitySchema.optional(),
+	tier: PublishScopeTierSchema.prefault("user"),
+	scopeId: z.string().optional()
+});
+z.object({
+	publicId: z.string(),
+	url: z.string(),
+	tier: PublishScopeTierSchema,
+	scopeId: z.string(),
+	slug: z.string(),
+	visibility: VisibilitySchema,
+	publishedAt: z.string()
+});
 const QuestStatusSchema = z.enum([
 	"pending",
 	"in-progress",
@@ -9385,6 +9646,29 @@ dayjs.extend(timezone);
 dayjs.extend(relativeTime);
 dayjs.extend(localizedFormat);
 var dayjsConfig_default = dayjs;
+//#endregion
+//#region src/utils/apiUrl.ts
+/** Bike4Mind production service (used when no customUrl is configured). */
+const BIKE4MIND_URL = "https://app.bike4mind.com";
+/** Local development server the `--dev` flag points the CLI at. */
+const LOCAL_DEV_URL = "http://localhost:3001";
+/**
+* Resolve API URL based on configuration
+* Returns custom URL if set, otherwise Bike4Mind main service
+*/
+function getApiUrl(configApiConfig) {
+	if (configApiConfig?.customUrl) return configApiConfig.customUrl;
+	return BIKE4MIND_URL;
+}
+/**
+* Get human-readable API type name
+*/
+function getEnvironmentName(configApiConfig) {
+	const url = configApiConfig?.customUrl;
+	if (!url) return "Production";
+	if (/^https?:\/\/(localhost|127\.0\.0\.1)(:|\/|$)/i.test(url)) return "Local Dev";
+	return "Self-Hosted";
+}
 const logger = class Logger {
 	static {
 		this.instance = null;
@@ -9726,6 +10010,7 @@ const CliConfigSchema = z.object({
 	version: z.string(),
 	userId: z.string(),
 	auth: AuthTokensSchema.optional(),
+	authByEnv: z.record(z.string(), AuthTokensSchema).optional(),
 	defaultModel: z.string(),
 	apiConfig: ApiConfigSchema.optional(),
 	toolApiKeys: z.object({
@@ -10017,6 +10302,26 @@ function mergeConfigs(global, project, local) {
 	return merged;
 }
 /**
+* Normalize an API URL for use as an `authByEnv` cache key.
+*
+* Without normalization, `/set-api https://x.com` and `/set-api https://x.com/`
+* (or `HTTPS://X.com`) would create separate cache entries, defeating the
+* per-environment token reuse on a later `--dev` / `--prod` switch.
+*/
+function normalizeEnvKey(url) {
+	return url.toLowerCase().replace(/\/+$/, "");
+}
+/**
+* Treat an auth token as "authenticated" only when it has an `expiresAt` in
+* the future. The startup flow auto-refreshes expired tokens anyway, but
+* without this check the launch banner would briefly claim a saved login is
+* being reused when it's actually about to trigger a re-auth.
+*/
+function hasValidAuth(auth) {
+	if (!auth) return false;
+	return new Date(auth.expiresAt) > /* @__PURE__ */ new Date();
+}
+/**
 * Manages CLI configuration stored as JSON
 */
 var ConfigStore = class {
@@ -10284,6 +10589,58 @@ var ConfigStore = class {
 		await this.save(config);
 	}
 	/**
+	* Switch the active API environment, caching auth tokens per-environment so
+	* flipping between `--dev` and `--prod` doesn't force a re-login each time you
+	* return to an environment you've already authenticated.
+	*
+	* Targets:
+	*  - 'prod'              → Bike4Mind production (clears customUrl)
+	*  - 'dev'               → local dev server (http://localhost:3001)
+	*  - { customUrl: '…' }  → arbitrary self-hosted URL
+	*
+	* Mutates the cached config in place and persists via `save()` (no argument)
+	* so the write bypasses save()'s field-merge — `save(config)` would otherwise
+	* preserve the previous `auth` and defeat the per-env swap.
+	*/
+	async switchApiEnvironment(target) {
+		const config = await this.load();
+		const prevKey = normalizeEnvKey(config.apiConfig?.customUrl || "https://app.bike4mind.com");
+		let newUrl;
+		let newApiConfig;
+		if (target === "prod") {
+			newUrl = BIKE4MIND_URL;
+			newApiConfig = void 0;
+		} else if (target === "dev") {
+			newUrl = LOCAL_DEV_URL;
+			newApiConfig = { customUrl: LOCAL_DEV_URL };
+		} else {
+			newUrl = target.customUrl;
+			newApiConfig = { customUrl: target.customUrl };
+		}
+		const newKey = normalizeEnvKey(newUrl);
+		const envName = getEnvironmentName(newApiConfig);
+		if (prevKey === newKey) return {
+			url: newUrl,
+			envName,
+			changed: false,
+			authenticated: hasValidAuth(config.auth)
+		};
+		const authByEnv = { ...config.authByEnv || {} };
+		if (config.auth) authByEnv[prevKey] = config.auth;
+		else delete authByEnv[prevKey];
+		const restored = authByEnv[newKey];
+		config.apiConfig = newApiConfig;
+		config.authByEnv = authByEnv;
+		config.auth = restored;
+		await this.save();
+		return {
+			url: newUrl,
+			envName,
+			changed: true,
+			authenticated: hasValidAuth(restored)
+		};
+	}
+	/**
 	* Get project config directory (if any)
 	*/
 	getProjectConfigDir() {
@@ -10398,4 +10755,4 @@ var ConfigStore = class {
 	}
 };
 //#endregion
-export { PromptMetaZodSchema as $, GenericCreditDeductTransaction as A, getDataLakeTags as At, KnowledgeType as B, settingsMap as Bt, FeedbackEvents as C, VIDEO_SIZE_CONSTRAINTS as Ct, GEMINI_IMAGE_MODELS as D, b4mLLMTools as Dt, FriendshipEvents as E, XAI_IMAGE_MODELS as Et, ImageModels as F, isZodError as Ft, NotFoundError as G, isNearLimit as Gt, MiscEvents as H, validateNotebookPath as Ht, InboxEvents as I, obfuscateApiKey as It, Permission as J, OpenAIEmbeddingModel as K, parseRateLimitHeaders as Kt, InternalServerError as L, resolveNavigationIntents as Lt, HttpStatus as M, getViewById as Mt, ImageEditUsageTransaction as N, isGPTImage2Model as Nt, GenerateImageToolCallSchema as O, dayjsConfig_default as Ot, ImageGenerationUsageTransaction as P, isGPTImageModel as Pt, PromptIntentSchema as Q, InviteEvents as R, sanitizeTelemetryError as Rt, FavoriteDocumentType as S, UnprocessableEntityError as St, ForbiddenError as T, VideoModels as Tt, ModalEvents as U, buildRateLimitLogEntry as Ut, LLMEvents as V, validateJupyterKernelName as Vt, ModelBackend as W, extractSnippetMeta as Wt, ProfileEvents as X, PermissionDeniedError as Y, ProjectEvents as Z, ClaudeArtifactMimeTypes as _, TooManyRequestsError as _t, ApiKeyEvents as a, RegInviteEvents as at, DashboardParamsSchema as b, UiNavigationEvents as bt, AppFileEvents as c, ResearchTaskPeriodicFrequencyType as ct, BFL_IMAGE_MODELS as d, SpeechToTextUsageTransaction as dt, PurchaseTransaction as et, BFL_SAFETY_TOLERANCE as f, SubscriptionCreditTransaction as ft, ChatModels as g, TextGenerationUsageTransaction as gt, ChatCompletionCreateInputSchema as h, TaskScheduleHandler as ht, AiEvents as i, RechartsChartTypeList as it, HTTPError as j, getMcpProviderMetadata as jt, GenericCreditAddTransaction as k, getAccessibleDataLakes as kt, ArtifactTypeSchema as l, ResearchTaskType as lt, CREDIT_DEDUCT_TRANSACTION_TYPES as m, TagType as mt, logger as n, RealtimeVoiceUsageTransaction as nt, ApiKeyScope as o, ResearchModeParamsSchema as ot, BadRequestError as p, SupportedFabFileMimeTypes as pt, OpenAIImageGenerationInput as q, CollectionType as qt, ALERT_THRESHOLDS as r, ReceivedCreditTransaction as rt, ApiKeyType as s, ResearchTaskExecutionType as st, ConfigStore as t, QuestMasterParamsSchema as tt, AuthEvents as u, SessionEvents as ut, CompletionApiUsageTransaction as v, ToolUsageTransaction as vt, FileEvents as w, VideoGenerationUsageTransaction as wt, ElabsEvents as x, UnauthorizedError as xt, CorruptedFileError as y, TransferCreditTransaction as yt, InviteType as z, secureParameters as zt };
+export { ProjectEvents as $, GenerateImageToolCallSchema as A, dayjsConfig_default as At, InviteEvents as B, sanitizeTelemetryError as Bt, ElabsEvents as C, UnauthorizedError as Ct, ForbiddenError as D, VideoModels as Dt, FileEvents as E, VideoGenerationUsageTransaction as Et, ImageEditUsageTransaction as F, isGPTImage2Model as Ft, ModalEvents as G, buildRateLimitLogEntry as Gt, KnowledgeType as H, settingsMap as Ht, ImageGenerationUsageTransaction as I, isGPTImageModel as It, OpenAIEmbeddingModel as J, parseRateLimitHeaders as Jt, ModelBackend as K, extractSnippetMeta as Kt, ImageModels as L, isZodError as Lt, GenericCreditDeductTransaction as M, getDataLakeTags as Mt, HTTPError as N, getMcpProviderMetadata as Nt, FriendshipEvents as O, XAI_IMAGE_MODELS as Ot, HttpStatus as P, getViewById as Pt, ProfileEvents as Q, InboxEvents as R, obfuscateApiKey as Rt, DashboardParamsSchema as S, UiNavigationEvents as St, FeedbackEvents as T, VIDEO_SIZE_CONSTRAINTS as Tt, LLMEvents as U, validateJupyterKernelName as Ut, InviteType as V, secureParameters as Vt, MiscEvents as W, validateNotebookPath as Wt, Permission as X, OpenAIImageGenerationInput as Y, CollectionType as Yt, PermissionDeniedError as Z, ChatCompletionCreateInputSchema as _, TaskScheduleHandler as _t, ALERT_THRESHOLDS as a, ReceivedCreditTransaction as at, CompletionApiUsageTransaction as b, ToolUsageTransaction as bt, ApiKeyScope as c, ResearchModeParamsSchema as ct, ArtifactTypeSchema as d, ResearchTaskType as dt, PromptIntentSchema as et, AuthEvents as f, SessionEvents as ft, CREDIT_DEDUCT_TRANSACTION_TYPES as g, TagType as gt, BadRequestError as h, SupportedFabFileMimeTypes as ht, getEnvironmentName as i, RealtimeVoiceUsageTransaction as it, GenericCreditAddTransaction as j, getAccessibleDataLakes as jt, GEMINI_IMAGE_MODELS as k, b4mLLMTools as kt, ApiKeyType as l, ResearchTaskExecutionType as lt, BFL_SAFETY_TOLERANCE as m, SubscriptionCreditTransaction as mt, logger as n, PurchaseTransaction as nt, AiEvents as o, RechartsChartTypeList as ot, BFL_IMAGE_MODELS as p, SpeechToTextUsageTransaction as pt, NotFoundError as q, isNearLimit as qt, getApiUrl as r, QuestMasterParamsSchema as rt, ApiKeyEvents as s, RegInviteEvents as st, ConfigStore as t, PromptMetaZodSchema as tt, AppFileEvents as u, ResearchTaskPeriodicFrequencyType as ut, ChatModels as v, TextGenerationUsageTransaction as vt, FavoriteDocumentType as w, UnprocessableEntityError as wt, CorruptedFileError as x, TransferCreditTransaction as xt, ClaudeArtifactMimeTypes as y, TooManyRequestsError as yt, InternalServerError as z, resolveNavigationIntents as zt };

package/dist/commands/apiCommand.mjs

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { t as ConfigStore } from "../ConfigStore-tjtx9TU6.mjs";
+import { t as ConfigStore } from "../ConfigStore-CtBZ2p4M.mjs";
 //#region src/commands/apiCommand.ts
 /**
 * External API config command (--api-url / --reset-api)

package/dist/commands/doctorCommand.mjs

@@ -1,5 +1,6 @@
 #!/usr/bin/env node
-import { a as version, n as compareSemver, r as fetchLatestVersion } from "../updateChecker-CS84T-KX.mjs";
+import { t as version } from "../package-8UMmdI7b.mjs";
+import { n as compareSemver, r as fetchLatestVersion } from "../updateChecker-D67NPlS5.mjs";
 import { t as checkRipgrep } from "../ripgrepCheck-BmkyTK2i.mjs";
 import { execSync } from "child_process";
 import { constants, existsSync, promises } from "fs";

package/dist/commands/envCommand.mjs

@@ -0,0 +1,25 @@
+#!/usr/bin/env node
+import { t as ConfigStore } from "../ConfigStore-CtBZ2p4M.mjs";
+//#region src/commands/envCommand.ts
+/**
+* Environment switching for the `--dev` / `--prod` launch flags.
+*
+* Flipping the target persists the choice to ~/.bike4mind/config.json, so a
+* bare `b4m` always reuses whichever environment you last selected. Auth tokens
+* are cached per-environment, so flipping back and forth doesn't force a
+* re-login (see ConfigStore.switchApiEnvironment).
+*/
+/**
+* Apply a `--dev` / `--prod` launch flag: switch the persisted API environment
+* and print a concise banner describing the result. Runs before the app boots.
+*/
+async function applyEnvironmentFlag(target) {
+	const result = await new ConfigStore().switchApiEnvironment(target);
+	if (result.changed) console.log(`🔀 Switched API environment → ${result.envName} (${result.url})`);
+	else console.log(`🌍 Already on ${result.envName} (${result.url})`);
+	if (result.authenticated) console.log("   ✅ Reusing your saved login for this environment.");
+	else console.log("   🔓 Not logged in here yet — run /login once the CLI starts.");
+	console.log("");
+}
+//#endregion
+export { applyEnvironmentFlag };

package/dist/commands/headlessCommand.mjs

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
-import { $ as SessionStore, C as WebSocketToolExecutor, D as ServerLlmBackend, E as WebSocketLlmBackend, F as PermissionManager, I as generateCliTools, J as isReadOnlyTool, K as buildSystemPrompt, M as loadContextFiles, N as getApiUrl, O as McpManager, S as ApiClient, T as FallbackLlmBackend, W as setWebSocketToolExecutor, X as CustomCommandStore, Y as ReActAgent, Z as CheckpointStore, _ as createAgentDelegateTool, b as createSkillTool, d as createFindDefinitionTool, f as createTodoStore, g as BackgroundAgentManager, h as createBackgroundAgentTools, m as createCoordinateTaskTool, p as createWriteTodosTool, u as createGetFileStructureTool, v as AgentStore, w as WebSocketConnectionManager, y as SubagentOrchestrator } from "../tools-DyWEu4_d.mjs";
-import { n as logger, t as ConfigStore } from "../ConfigStore-tjtx9TU6.mjs";
+import { C as WebSocketToolExecutor, D as ServerLlmBackend, E as WebSocketLlmBackend, F as generateCliTools, G as buildSystemPrompt, J as ReActAgent, N as loadContextFiles, P as PermissionManager, Q as SessionStore, S as ApiClient, T as FallbackLlmBackend, U as setWebSocketToolExecutor, X as CheckpointStore, Y as CustomCommandStore, _ as createAgentDelegateTool, b as createSkillTool, d as createFindDefinitionTool, f as createTodoStore, g as BackgroundAgentManager, h as createBackgroundAgentTools, k as McpManager, m as createCoordinateTaskTool, p as createWriteTodosTool, q as isReadOnlyTool, u as createGetFileStructureTool, v as AgentStore, w as WebSocketConnectionManager, y as SubagentOrchestrator } from "../tools-BuaOUcTS.mjs";
+import { n as logger, r as getApiUrl, t as ConfigStore } from "../ConfigStore-CtBZ2p4M.mjs";
 import { t as DEFAULT_SANDBOX_CONFIG } from "../types-LyRNHOiS.mjs";
 import { t as createSandboxRuntime } from "../SandboxRuntimeAdapter-ChGlxSGQ.mjs";
 import { t as SandboxOrchestrator } from "../SandboxOrchestrator-BoINxbX4.mjs";

package/dist/commands/mcpCommand.mjs

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { t as ConfigStore } from "../ConfigStore-tjtx9TU6.mjs";
+import { t as ConfigStore } from "../ConfigStore-CtBZ2p4M.mjs";
 //#region src/commands/mcpCommand.ts
 /**
 * External MCP commands (b4m mcp list, b4m mcp add, etc.)

package/dist/commands/updateCommand.mjs

@@ -1,5 +1,6 @@
 #!/usr/bin/env node
-import { a as version, i as forceCheckForUpdate } from "../updateChecker-CS84T-KX.mjs";
+import { t as version } from "../package-8UMmdI7b.mjs";
+import { i as forceCheckForUpdate } from "../updateChecker-D67NPlS5.mjs";
 import { t as checkRipgrep } from "../ripgrepCheck-BmkyTK2i.mjs";
 import { execSync } from "child_process";
 //#region src/commands/updateCommand.ts

package/dist/index.mjs

@@ -1,8 +1,9 @@
 #!/usr/bin/env node
-import { $ as SessionStore, A as formatStep, B as DEFAULT_RETRY_CONFIG, C as WebSocketToolExecutor, D as ServerLlmBackend, E as WebSocketLlmBackend, F as PermissionManager, G as getPlanModeFilePath, H as clearFeatureModuleTools, I as generateCliTools, J as isReadOnlyTool, K as buildSystemPrompt, L as ALWAYS_DENIED_FOR_AGENTS, M as loadContextFiles, N as getApiUrl, O as McpManager, P as getEnvironmentName, Q as CommandHistoryStore, R as DEFAULT_AGENT_MODEL, S as ApiClient, T as FallbackLlmBackend, U as registerFeatureModuleTools, V as DEFAULT_THOROUGHNESS, W as setWebSocketToolExecutor, X as CustomCommandStore, Y as ReActAgent, Z as CheckpointStore, _ as createAgentDelegateTool, a as createBlockerTools, at as formatFileSize, b as createSkillTool, c as createDecisionStore, d as createFindDefinitionTool, et as OAuthClient, f as createTodoStore, g as BackgroundAgentManager, h as createBackgroundAgentTools, i as createBlockerStore, it as mergeCommands, j as extractCompactInstructions, k as substituteArguments, l as formatDecisionsOutput, m as createCoordinateTaskTool, n as createReviewGateTool, nt as processFileReferences, o as formatBlockersOutput, ot as searchFiles, p as createWriteTodosTool, q as buildSkillsPromptSection, r as formatReviewGatesOutput, rt as searchCommands, s as createDecisionLogTool, st as warmFileCache, t as createReviewGateStore, tt as hasFileReferences, u as createGetFileStructureTool, v as AgentStore, w as WebSocketConnectionManager, x as parseAgentConfig, y as SubagentOrchestrator, z as DEFAULT_MAX_ITERATIONS } from "./tools-DyWEu4_d.mjs";
+import { $ as OAuthClient, A as substituteArguments, B as DEFAULT_THOROUGHNESS, C as WebSocketToolExecutor, D as ServerLlmBackend, E as WebSocketLlmBackend, F as generateCliTools, G as buildSystemPrompt, H as registerFeatureModuleTools, I as ALWAYS_DENIED_FOR_AGENTS, J as ReActAgent, K as buildSkillsPromptSection, L as DEFAULT_AGENT_MODEL, M as extractCompactInstructions, N as loadContextFiles, O as isTransientNetworkError, P as PermissionManager, Q as SessionStore, R as DEFAULT_MAX_ITERATIONS, S as ApiClient, T as FallbackLlmBackend, U as setWebSocketToolExecutor, V as clearFeatureModuleTools, W as getPlanModeFilePath, X as CheckpointStore, Y as CustomCommandStore, Z as CommandHistoryStore, _ as createAgentDelegateTool, a as createBlockerTools, at as searchFiles, b as createSkillTool, c as createDecisionStore, d as createFindDefinitionTool, et as hasFileReferences, f as createTodoStore, g as BackgroundAgentManager, h as createBackgroundAgentTools, i as createBlockerStore, it as formatFileSize, j as formatStep, k as McpManager, l as formatDecisionsOutput, m as createCoordinateTaskTool, n as createReviewGateTool, nt as searchCommands, o as formatBlockersOutput, ot as warmFileCache, p as createWriteTodosTool, q as isReadOnlyTool, r as formatReviewGatesOutput, rt as mergeCommands, s as createDecisionLogTool, t as createReviewGateStore, tt as processFileReferences, u as createGetFileStructureTool, v as AgentStore, w as WebSocketConnectionManager, x as parseAgentConfig, y as SubagentOrchestrator, z as DEFAULT_RETRY_CONFIG } from "./tools-BuaOUcTS.mjs";
 import { n as useCliStore, t as selectActiveBackgroundAgents } from "./store-DV5s-qni.mjs";
-import { Ht as validateNotebookPath$1, Vt as validateJupyterKernelName, g as ChatModels, m as CREDIT_DEDUCT_TRANSACTION_TYPES, n as logger, t as ConfigStore } from "./ConfigStore-tjtx9TU6.mjs";
-import { a as version, t as checkForUpdate } from "./updateChecker-CS84T-KX.mjs";
+import { Ut as validateJupyterKernelName, Wt as validateNotebookPath$1, g as CREDIT_DEDUCT_TRANSACTION_TYPES, i as getEnvironmentName, n as logger, r as getApiUrl, t as ConfigStore, v as ChatModels } from "./ConfigStore-CtBZ2p4M.mjs";
+import { t as version } from "./package-8UMmdI7b.mjs";
+import { t as checkForUpdate } from "./updateChecker-D67NPlS5.mjs";
 import React, { useCallback, useEffect, useMemo, useReducer, useRef, useState } from "react";
 import { Box, Static, Text, render, useApp, useInput, usePaste, useStdout } from "ink";
 import { execSync } from "child_process";
@@ -5440,6 +5441,7 @@ var BridgePresence = class {
 	*/
 	async start(opts) {
 		if (this.started) return this.instanceId !== null;
+		this.stopped = false;
 		this.started = true;
 		const config = await readBridgeConfig();
 		if (!config) {
@@ -5503,9 +5505,19 @@ var BridgePresence = class {
 		this.emitQueue = this.emitQueue.then(task, task);
 		return this.emitQueue;
 	}
-	/** Tear down the tavern presence cleanly. */
+	/**
+	* Tear down the tavern presence cleanly. Halts the announce-retry and
+	* command-WS reconnect loops, closes the socket, and best-effort signals
+	* disconnect to the bridge.
+	*
+	* After this resolves the instance is fully reset, so a later `start()`
+	* re-announces — the same singleton can be toggled off (Tavern feature
+	* disabled at runtime) and back on without restarting the CLI. The
+	* `stopped` latch is left true here purely so any straggler retry callback
+	* already queued short-circuits; `start()` clears it.
+	*/
 	async stop(reason = "cli_exit") {
-		if (this.stopped) return;
+		if (this.stopped || !this.started) return;
 		this.stopped = true;
 		if (this.reconnectTimer) {
 			clearTimeout(this.reconnectTimer);
@@ -5525,6 +5537,16 @@ var BridgePresence = class {
 			instanceId: this.instanceId,
 			reason
 		}).catch(() => {});
+		this.started = false;
+		this.instanceId = null;
+		this.config = null;
+		this.startOpts = null;
+		this.pendingWorkspaceName = null;
+		this.pendingCapabilities = null;
+		this.pendingSource = null;
+		this.announceAttempts = 0;
+		this.reconnectAttempts = 0;
+		this.emitQueue = Promise.resolve();
 	}
 	async announce(body) {
 		try {
@@ -5863,7 +5885,7 @@ function CliApp() {
 			startupLog.push(`✅ Authenticated (expires in ${daysUntilExpiry} day${daysUntilExpiry !== 1 ? "s" : ""})`);
 			const apiBaseURL = getApiUrl(config.apiConfig);
 			const envName = getEnvironmentName(config.apiConfig);
-			if (import.meta.url.includes("/src/") || process.env.NODE_ENV === "development" || envName !== "Bike4Mind") startupLog.unshift(`🌍 API Environment: ${envName} (${apiBaseURL})`);
+			startupLog.unshift(`🌍 API Environment: ${envName} (${apiBaseURL})`);
 			const apiClient = new ApiClient(apiBaseURL, state.configStore);
 			const tokenGetter = async () => {
 				return (await state.configStore.getAuthTokens())?.accessToken ?? null;
@@ -6498,8 +6520,13 @@ function CliApp() {
 			status: "running"
 		});
 	};
+	const tavernPresenceEnabled = state.config?.features?.tavern ?? false;
 	useEffect(() => {
 		if (!isInitialized) return;
+		if (!tavernPresenceEnabled) {
+			bridgePresence.stop("tavern_disabled");
+			return;
+		}
 		let cancelled = false;
 		bridgePresence.setCallbacks({
 			onSendPrompt: (text) => handleMessageRef.current?.(text),
@@ -6523,7 +6550,7 @@ function CliApp() {
 		return () => {
 			cancelled = true;
 		};
-	}, [isInitialized]);
+	}, [isInitialized, tavernPresenceEnabled]);
 	/**
 	* Handle custom command execution with proper display
 	* Shows concise user message but sends full template to agent
@@ -6927,8 +6954,13 @@ function CliApp() {
 					return;
 				}
 			}
-			const errorMessage = error instanceof Error ? error.message : String(error);
-			console.error(`\n❌ ${errorMessage}\n`);
+			const rawMessage = error instanceof Error ? error.message : String(error);
+			if (error instanceof Error && isTransientNetworkError(error)) {
+				console.error("\n❌ The connection to the server dropped mid-response. Type \"continue\" to resume.\n");
+				logger.debug(`Full error details: ${error.stack || error.message}`);
+				return;
+			}
+			console.error(`\n❌ ${rawMessage}\n`);
 			logger.debug(`Full error details: ${error instanceof Error ? error.stack || error.message : String(error)}`);
 		} finally {
 			const wasAborted = abortController.signal.aborted;

package/dist/package-8UMmdI7b.mjs

@@ -0,0 +1,5 @@
+#!/usr/bin/env node
+//#region package.json
+var version = "0.12.0";
+//#endregion
+export { version as t };

package/dist/{tools-DyWEu4_d.mjs → tools-BuaOUcTS.mjs}

@@ -1,7 +1,8 @@
 #!/usr/bin/env node
-import { $ as PromptMetaZodSchema, A as GenericCreditDeductTransaction, At as getDataLakeTags, B as KnowledgeType, Bt as settingsMap, C as FeedbackEvents, Ct as VIDEO_SIZE_CONSTRAINTS, D as GEMINI_IMAGE_MODELS, Dt as b4mLLMTools, E as FriendshipEvents, Et as XAI_IMAGE_MODELS, F as ImageModels, Ft as isZodError, G as NotFoundError, Gt as isNearLimit, H as MiscEvents, I as InboxEvents, It as obfuscateApiKey, J as Permission, K as OpenAIEmbeddingModel, Kt as parseRateLimitHeaders, L as InternalServerError, Lt as resolveNavigationIntents, M as HttpStatus, Mt as getViewById, N as ImageEditUsageTransaction, Nt as isGPTImage2Model, O as GenerateImageToolCallSchema, Ot as dayjsConfig_default, P as ImageGenerationUsageTransaction, Pt as isGPTImageModel, Q as PromptIntentSchema, R as InviteEvents, Rt as sanitizeTelemetryError, S as FavoriteDocumentType, St as UnprocessableEntityError, T as ForbiddenError, Tt as VideoModels, U as ModalEvents, Ut as buildRateLimitLogEntry, V as LLMEvents, W as ModelBackend, Wt as extractSnippetMeta, X as ProfileEvents, Y as PermissionDeniedError, Z as ProjectEvents, _ as ClaudeArtifactMimeTypes, _t as TooManyRequestsError, a as ApiKeyEvents, at as RegInviteEvents, b as DashboardParamsSchema, bt as UiNavigationEvents, c as AppFileEvents, ct as ResearchTaskPeriodicFrequencyType, d as BFL_IMAGE_MODELS, dt as SpeechToTextUsageTransaction, et as PurchaseTransaction, f as BFL_SAFETY_TOLERANCE, ft as SubscriptionCreditTransaction, g as ChatModels, gt as TextGenerationUsageTransaction, h as ChatCompletionCreateInputSchema, ht as TaskScheduleHandler, i as AiEvents, it as RechartsChartTypeList, j as HTTPError, jt as getMcpProviderMetadata, k as GenericCreditAddTransaction, kt as getAccessibleDataLakes, l as ArtifactTypeSchema, lt as ResearchTaskType, mt as TagType, n as logger, nt as RealtimeVoiceUsageTransaction, o as ApiKeyScope, ot as ResearchModeParamsSchema, p as BadRequestError, pt as SupportedFabFileMimeTypes, q as OpenAIImageGenerationInput, qt as CollectionType, r as ALERT_THRESHOLDS, rt as ReceivedCreditTransaction, s as ApiKeyType, st as ResearchTaskExecutionType, t as ConfigStore, tt as QuestMasterParamsSchema, u as AuthEvents, ut as SessionEvents, v as CompletionApiUsageTransaction, vt as ToolUsageTransaction, w as FileEvents, wt as VideoGenerationUsageTransaction, x as ElabsEvents, xt as UnauthorizedError, y as CorruptedFileError, yt as TransferCreditTransaction, z as InviteType, zt as secureParameters } from "./ConfigStore-tjtx9TU6.mjs";
+import { $ as ProjectEvents, A as GenerateImageToolCallSchema, At as dayjsConfig_default, B as InviteEvents, Bt as sanitizeTelemetryError, C as ElabsEvents, Ct as UnauthorizedError, D as ForbiddenError, Dt as VideoModels, E as FileEvents, Et as VideoGenerationUsageTransaction, F as ImageEditUsageTransaction, Ft as isGPTImage2Model, G as ModalEvents, Gt as buildRateLimitLogEntry, H as KnowledgeType, Ht as settingsMap, I as ImageGenerationUsageTransaction, It as isGPTImageModel, J as OpenAIEmbeddingModel, Jt as parseRateLimitHeaders, K as ModelBackend, Kt as extractSnippetMeta, L as ImageModels, Lt as isZodError, M as GenericCreditDeductTransaction, Mt as getDataLakeTags, N as HTTPError, Nt as getMcpProviderMetadata, O as FriendshipEvents, Ot as XAI_IMAGE_MODELS, P as HttpStatus, Pt as getViewById, Q as ProfileEvents, R as InboxEvents, Rt as obfuscateApiKey, S as DashboardParamsSchema, St as UiNavigationEvents, T as FeedbackEvents, Tt as VIDEO_SIZE_CONSTRAINTS, U as LLMEvents, V as InviteType, Vt as secureParameters, W as MiscEvents, X as Permission, Y as OpenAIImageGenerationInput, Yt as CollectionType, Z as PermissionDeniedError, _ as ChatCompletionCreateInputSchema, _t as TaskScheduleHandler, a as ALERT_THRESHOLDS, at as ReceivedCreditTransaction, b as CompletionApiUsageTransaction, bt as ToolUsageTransaction, c as ApiKeyScope, ct as ResearchModeParamsSchema, d as ArtifactTypeSchema, dt as ResearchTaskType, et as PromptIntentSchema, f as AuthEvents, ft as SessionEvents, gt as TagType, h as BadRequestError, ht as SupportedFabFileMimeTypes, it as RealtimeVoiceUsageTransaction, j as GenericCreditAddTransaction, jt as getAccessibleDataLakes, k as GEMINI_IMAGE_MODELS, kt as b4mLLMTools, l as ApiKeyType, lt as ResearchTaskExecutionType, m as BFL_SAFETY_TOLERANCE, mt as SubscriptionCreditTransaction, n as logger, nt as PurchaseTransaction, o as AiEvents, ot as RechartsChartTypeList, p as BFL_IMAGE_MODELS, pt as SpeechToTextUsageTransaction, q as NotFoundError, qt as isNearLimit, rt as QuestMasterParamsSchema, s as ApiKeyEvents, st as RegInviteEvents, t as ConfigStore, tt as PromptMetaZodSchema, u as AppFileEvents, ut as ResearchTaskPeriodicFrequencyType, v as ChatModels, vt as TextGenerationUsageTransaction, w as FavoriteDocumentType, wt as UnprocessableEntityError, x as CorruptedFileError, xt as TransferCreditTransaction, y as ClaudeArtifactMimeTypes, yt as TooManyRequestsError, z as InternalServerError, zt as resolveNavigationIntents } from "./ConfigStore-CtBZ2p4M.mjs";
 import { a as isUserLockedOut, c as userCanDisableMFA, d as userRequiresMFA, f as verifyBackupCode, i as getLockoutTimeRemaining, l as userEligibleForMFA, n as generateBackupCodes, o as recordFailedAttempt, p as verifyTOTPToken, r as generateTOTPSetup, s as shouldResetFailedAttempts, t as clearFailedAttempts, u as userHasMFAConfigured } from "./utils-PpNti-tY.mjs";
 import { n as isPathAllowed, t as assertPathAllowed } from "./pathValidation-D8tjkQXE-1HwvsuYT.mjs";
+import { t as version } from "./package-8UMmdI7b.mjs";
 import { execFile, execFileSync, spawn } from "child_process";
 import crypto, { createHash, randomBytes } from "crypto";
 import { existsSync, promises, readFileSync, readdirSync, rmSync, statSync, unlinkSync, writeFileSync } from "fs";
@@ -22289,7 +22290,7 @@ var CliLogger = class extends Logger {
 * 5. Route to server or execute locally via ToolRouter
 * 6. Record observation in agent's step history
 */
-function wrapToolWithPermission(tool, permissionManager, showPermissionPrompt, agentContext, configStore, apiClient, sandboxOrchestrator) {
+function wrapToolWithPermission(tool, permissionManager, showPermissionPrompt, agentContext, configStore, apiClient, sandboxOrchestrator, allowedDirectories) {
 	const originalFn = tool.toolFn;
 	const toolName = tool.toolSchema.name;
 	return {
@@ -22328,10 +22329,18 @@ function wrapToolWithPermission(tool, permissionManager, showPermissionPrompt, a
 			* offer retry on sandbox failure, and record observation.
 			*/
 			async function executeAndRecord() {
-				let result = await executeTool(toolName, effectiveArgs, apiClient, originalFn);
+				let result;
+				try {
+					result = await executeTool(toolName, effectiveArgs, apiClient, originalFn);
+				} catch (err) {
+					const msg = err instanceof Error ? err.message : String(err);
+					if (!isPathAccessDenial(msg)) throw err;
+					result = msg;
+				}
 				cleanupSandboxFiles(effectiveArgs?._sandboxCleanup);
 				await captureViolations(isSandboxed, result, args?.command, sandboxOrchestrator);
 				result = await retrySandboxFailure(isSandboxed, result, toolName, args, apiClient, originalFn, showPermissionPrompt);
+				result = await retryPathAccessDenial(result, toolName, effectiveArgs, allowedDirectories, configStore, apiClient, originalFn, showPermissionPrompt);
 				agentContext.observationQueue.push({
 					toolName,
 					result
@@ -22376,6 +22385,64 @@ async function retrySandboxFailure(isSandboxed, result, toolName, originalArgs,
 	return result;
 }
 /**
+* Matches the three shapes of filesystem allow-list denial emitted by core:
+*  - file tools:  `Access denied: Cannot <op> files outside allowed directories.`
+*  - glob_files:  `Access denied: Cannot search outside allowed directories.` (no "files")
+*  - grep_search: `Path validation failed: "<p>" resolves outside allowed directories.`
+* The `files` token is optional so glob_files' wording is covered too.
+*/
+const PATH_ACCESS_DENIAL_RE = /Access denied: Cannot \w+ (?:files )?outside allowed directories|Path validation failed: .* resolves outside allowed directories/;
+function isPathAccessDenial(text) {
+	return PATH_ACCESS_DENIAL_RE.test(text);
+}
+/**
+* Derive the directory to grant so the blocked operation can succeed on retry.
+* File tools (`file_read`, `create_file`, `edit_local_file`, `delete_file`)
+* target a file → grant its containing directory. `grep_search` / `glob_files`
+* target a directory → grant it directly. Returns an absolute path, or null if
+* no path argument is present.
+*/
+function deriveGrantDirectory(toolName, args) {
+	const raw = args?.path ?? args?.dir_path;
+	if (typeof raw !== "string" || raw.length === 0) return null;
+	const resolved = path.isAbsolute(raw) ? raw : path.resolve(process.cwd(), raw);
+	return new Set(["grep_search", "glob_files"]).has(toolName) ? resolved : path.dirname(resolved);
+}
+/**
+* If a tool result indicates the operation was blocked by the filesystem
+* allow-list, prompt the user to grant access to the relevant directory.
+* On approval the directory is pushed onto the live allow-list (so the very
+* next core tool call sees it — same array reference held by the tool
+* context), persisted to config on "Always allow", and the tool is retried.
+*
+* This is the runtime, on-demand equivalent of `/add-dir`: instead of failing
+* hard when the agent reaches outside the workspace, it asks — like Claude
+* Code does — and continues once the user says yes.
+*/
+async function retryPathAccessDenial(result, toolName, args, allowedDirectories, configStore, apiClient, originalFn, showPermissionPrompt) {
+	if (!allowedDirectories || !isPathAccessDenial(result)) return result;
+	const grantDir = deriveGrantDirectory(toolName, args);
+	if (!grantDir) return result;
+	if (allowedDirectories.includes(grantDir)) return result;
+	const response = await showPermissionPrompt(toolName, args, `🔒 DIRECTORY ACCESS — "${toolName}" needs a path outside the current workspace.\n\n- Grant access to this directory:\n  ${grantDir}\n- "Allow for this session" grants access until the CLI exits.\n- "Always allow" also saves it to your config so it persists across sessions.`);
+	if (response.action === "deny") return result;
+	const oneShot = response.action === "allow-once";
+	allowedDirectories.push(grantDir);
+	if (response.action === "allow-always") try {
+		await configStore.addDirectory(grantDir);
+	} catch {}
+	try {
+		return await executeTool(toolName, args, apiClient, originalFn);
+	} catch (err) {
+		return err instanceof Error ? err.message : String(err);
+	} finally {
+		if (oneShot) {
+			const idx = allowedDirectories.lastIndexOf(grantDir);
+			if (idx !== -1) allowedDirectories.splice(idx, 1);
+		}
+	}
+}
+/**
 * Clean up temporary sandbox files (e.g., Seatbelt profiles).
 * Fails silently — cleanup is best-effort.
 */
@@ -22604,12 +22671,14 @@ async function generateCliTools(userId, llm, model, permissionManager, showPermi
 		"web_fetch"
 	].filter((name) => name in b4mTools).map((name) => [name, b4mTools[name]]));
 	const cliOnlyTools = await getCliOnlyTools();
-	const toolsMap = generateTools(userId, user, logger, dbAdapters, storage, storage, statusUpdate, onStart, onFinish, llm, {}, model, void 0, {
+	const tools_to_generate = {
 		...filteredB4mTools,
 		...cliOnlyTools
-	}, allowedDirectories);
+	};
+	const liveAllowedDirectories = allowedDirectories ?? [];
+	const toolsMap = generateTools(userId, user, logger, dbAdapters, storage, storage, statusUpdate, onStart, onFinish, llm, {}, model, void 0, tools_to_generate, liveAllowedDirectories);
 	let tools = Object.entries(toolsMap).map(([_, tool]) => {
-		return wrapToolWithCheckpointing(wrapToolWithPermission(tool, permissionManager, showPermissionPrompt, agentContext, configStore, apiClient, sandboxOrchestrator), checkpointStore ?? null);
+		return wrapToolWithCheckpointing(wrapToolWithPermission(tool, permissionManager, showPermissionPrompt, agentContext, configStore, apiClient, sandboxOrchestrator, liveAllowedDirectories), checkpointStore ?? null);
 	});
 	if (toolFilter) {
 		const { allowedTools, deniedTools } = toolFilter;
@@ -22778,24 +22847,6 @@ var PermissionManager = class {
 		};
 	}
 };
-//#endregion
-//#region src/utils/apiUrl.ts
-const BIKE4MIND_URL = "https://app.bike4mind.com";
-/**
-* Resolve API URL based on configuration
-* Returns custom URL if set, otherwise Bike4Mind main service
-*/
-function getApiUrl(configApiConfig) {
-	if (configApiConfig?.customUrl) return configApiConfig.customUrl;
-	return BIKE4MIND_URL;
-}
-/**
-* Get human-readable API type name
-*/
-function getEnvironmentName(configApiConfig) {
-	if (configApiConfig?.customUrl) return "Self-Hosted";
-	return "Bike4Mind";
-}
 const PROJECT_CONTEXT_FILES = [
 	"CLAUDE.local.md",
 	"CLAUDE.md",
@@ -23629,6 +23680,35 @@ var StreamAccumulator = class {
 //#endregion
 //#region src/llm/ServerLlmBackend.ts
 /**
+* Connection-level failures that should be retried rather than surfaced to the
+* user. Mirrors the canonical retryable-error list in `@bike4mind/llm-adapters`
+* (retry.ts, issues #6936 / #6892): the most common offender is a TLS socket
+* close mid-stream, which Node surfaces as `Error: aborted` thrown from
+* `node:_http_client` `socketCloseListener`. This happens when the SSE
+* connection sits idle during a long extended-thinking step and an intermediary
+* (or the socket itself) times out the idle connection.
+*
+* Crucially this is NOT a user cancel — those are detected separately via
+* `options.abortSignal` before this classifier is consulted. Matching is on the
+* lowercased message so we catch the various wordings undici/Node emit.
+*/
+const TRANSIENT_NETWORK_ERROR_PATTERNS = [
+	"aborted",
+	"socket closed",
+	"socket hang up",
+	"connection closed",
+	"econnreset",
+	"etimedout",
+	"terminated",
+	"network error",
+	"fetch failed",
+	"und_err_socket"
+];
+function isTransientNetworkError(error) {
+	const message = error.message?.toLowerCase() ?? "";
+	return TRANSIENT_NETWORK_ERROR_PATTERNS.some((pattern) => message.includes(pattern));
+}
+/**
 * Server-side LLM backend that proxies requests through Bike4Mind API
 * Uses Server-Sent Events (SSE) for streaming responses
 * API keys remain secure on server - never exposed to CLI
@@ -23653,19 +23733,35 @@ var ServerLlmBackend = class ServerLlmBackend {
 	*/
 	async complete(model, messages, options, callback) {
 		let lastError;
+		let delivered = false;
+		const trackingCallback = (text, info) => {
+			delivered = true;
+			return callback(text, info);
+		};
 		for (let attempt = 0; attempt <= ServerLlmBackend.MAX_STREAM_RETRIES; attempt++) {
 			if (attempt > 0) logger.warn(`[ServerLlmBackend] Retrying stream (attempt ${attempt + 1}/${ServerLlmBackend.MAX_STREAM_RETRIES + 1})...`);
 			try {
-				await this.completeOnce(model, messages, options, callback);
+				await this.completeOnce(model, messages, options, trackingCallback);
 				return;
 			} catch (error) {
 				lastError = error instanceof Error ? error : new Error(String(error));
-				const isTransientStreamError = lastError.message.includes("Stream ended prematurely");
-				const isAborted = options.abortSignal?.aborted;
-				if (!isTransientStreamError || isAborted) throw lastError;
-				logger.warn(`[ServerLlmBackend] Transient stream failure: ${lastError.message}`);
+				if (options.abortSignal?.aborted) throw lastError;
+				if (delivered) {
+					if (isTransientNetworkError(lastError)) {
+						logger.warn(`[ServerLlmBackend] Ignoring post-delivery transient stream error: ${lastError.message}`);
+						return;
+					}
+					throw lastError;
+				}
+				if (!(lastError.message.includes("Stream ended prematurely") || isTransientNetworkError(lastError))) throw lastError;
+				logger.warn(`[ServerLlmBackend] Transient stream failure (attempt ${attempt + 1}/${ServerLlmBackend.MAX_STREAM_RETRIES + 1}): ${lastError.message}`);
+				if (attempt < ServerLlmBackend.MAX_STREAM_RETRIES) await new Promise((resolve) => setTimeout(resolve, 500 * (attempt + 1)));
 			}
 		}
+		if (lastError && isTransientNetworkError(lastError) && !options.abortSignal?.aborted) {
+			logger.error("[ServerLlmBackend] Stream failed after all retries due to a network drop", lastError);
+			throw new Error("The connection to the Bike4Mind server dropped mid-response (likely a network timeout during a long thinking step). It was retried automatically but kept failing — type \"continue\" to resume.");
+		}
 		throw lastError ?? /* @__PURE__ */ new Error("Stream failed after all retry attempts");
 	}
 	/**
@@ -24436,6 +24532,7 @@ var WebSocketToolExecutor = class {
 };
 //#endregion
 //#region src/auth/ApiClient.ts
+const USER_AGENT = `b4m-cli/${version}`;
 /**
 * Authenticated API client for B4M services
 * Automatically injects access tokens from ConfigStore
@@ -24446,7 +24543,11 @@ var ApiClient = class {
 		this.oauthClient = new OAuthClient(baseURL);
 		this.client = axios.create({
 			baseURL,
-			headers: { "Content-Type": "application/json" }
+			headers: {
+				"Content-Type": "application/json",
+				"User-Agent": USER_AGENT,
+				"X-B4M-Client": USER_AGENT
+			}
 		});
 		this.client.interceptors.request.use(async (config) => {
 			const tokens = await this.configStore.getAuthTokens();
@@ -27518,4 +27619,4 @@ function createReviewGateStore(onUpdate) {
 	};
 }
 //#endregion
-export { SessionStore as $, formatStep as A, DEFAULT_RETRY_CONFIG as B, WebSocketToolExecutor as C, ServerLlmBackend as D, WebSocketLlmBackend as E, PermissionManager as F, getPlanModeFilePath as G, clearFeatureModuleTools as H, generateCliTools as I, isReadOnlyTool as J, buildSystemPrompt as K, ALWAYS_DENIED_FOR_AGENTS as L, loadContextFiles as M, getApiUrl as N, McpManager as O, getEnvironmentName as P, CommandHistoryStore as Q, DEFAULT_AGENT_MODEL as R, ApiClient as S, FallbackLlmBackend as T, registerFeatureModuleTools as U, DEFAULT_THOROUGHNESS as V, setWebSocketToolExecutor as W, CustomCommandStore as X, ReActAgent as Y, CheckpointStore as Z, createAgentDelegateTool as _, createBlockerTools as a, formatFileSize$1 as at, createSkillTool as b, createDecisionStore as c, createFindDefinitionTool as d, OAuthClient as et, createTodoStore as f, BackgroundAgentManager as g, createBackgroundAgentTools as h, createBlockerStore as i, mergeCommands as it, extractCompactInstructions as j, substituteArguments as k, formatDecisionsOutput as l, createCoordinateTaskTool as m, createReviewGateTool as n, processFileReferences as nt, formatBlockersOutput as o, searchFiles as ot, createWriteTodosTool as p, buildSkillsPromptSection as q, formatReviewGatesOutput as r, searchCommands as rt, createDecisionLogTool as s, warmFileCache as st, createReviewGateStore as t, hasFileReferences as tt, createGetFileStructureTool as u, AgentStore as v, WebSocketConnectionManager as w, parseAgentConfig as x, SubagentOrchestrator as y, DEFAULT_MAX_ITERATIONS as z };
+export { OAuthClient as $, substituteArguments as A, DEFAULT_THOROUGHNESS as B, WebSocketToolExecutor as C, ServerLlmBackend as D, WebSocketLlmBackend as E, generateCliTools as F, buildSystemPrompt as G, registerFeatureModuleTools as H, ALWAYS_DENIED_FOR_AGENTS as I, ReActAgent as J, buildSkillsPromptSection as K, DEFAULT_AGENT_MODEL as L, extractCompactInstructions as M, loadContextFiles as N, isTransientNetworkError as O, PermissionManager as P, SessionStore as Q, DEFAULT_MAX_ITERATIONS as R, ApiClient as S, FallbackLlmBackend as T, setWebSocketToolExecutor as U, clearFeatureModuleTools as V, getPlanModeFilePath as W, CheckpointStore as X, CustomCommandStore as Y, CommandHistoryStore as Z, createAgentDelegateTool as _, createBlockerTools as a, searchFiles as at, createSkillTool as b, createDecisionStore as c, createFindDefinitionTool as d, hasFileReferences as et, createTodoStore as f, BackgroundAgentManager as g, createBackgroundAgentTools as h, createBlockerStore as i, formatFileSize$1 as it, formatStep as j, McpManager as k, formatDecisionsOutput as l, createCoordinateTaskTool as m, createReviewGateTool as n, searchCommands as nt, formatBlockersOutput as o, warmFileCache as ot, createWriteTodosTool as p, isReadOnlyTool as q, formatReviewGatesOutput as r, mergeCommands as rt, createDecisionLogTool as s, createReviewGateStore as t, processFileReferences as tt, createGetFileStructureTool as u, AgentStore as v, WebSocketConnectionManager as w, parseAgentConfig as x, SubagentOrchestrator as y, DEFAULT_RETRY_CONFIG as z };

package/dist/{updateChecker-CS84T-KX.mjs → updateChecker-D67NPlS5.mjs}

@@ -3,9 +3,6 @@ import { promises } from "fs";
 import { homedir } from "os";
 import path from "path";
 import axios from "axios";
-//#region package.json
-var version = "0.10.3";
-//#endregion
 //#region src/utils/updateChecker.ts
 /**
 * Update checker utility for B4M CLI
@@ -117,4 +114,4 @@ async function forceCheckForUpdate(currentVersion) {
 	};
 }
 //#endregion
-export { version as a, forceCheckForUpdate as i, compareSemver as n, fetchLatestVersion as r, checkForUpdate as t };
+export { forceCheckForUpdate as i, compareSemver as n, fetchLatestVersion as r, checkForUpdate as t };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bike4mind/cli",
-  "version": "0.10.3",
+  "version": "0.12.0",
   "type": "module",
   "description": "Interactive CLI tool for Bike4Mind with ReAct agents",
   "license": "UNLICENSED",
@@ -107,8 +107,8 @@
     "zod": "^4.4.3",
     "zod-validation-error": "^5.0.0",
     "zustand": "^5.0.13",
-    "@bike4mind/fab-pipeline": "0.2.6",
-    "@bike4mind/llm-adapters": "0.3.1",
+    "@bike4mind/fab-pipeline": "0.2.8",
+    "@bike4mind/llm-adapters": "0.3.3",
     "@bike4mind/observability": "0.1.0"
   },
   "devDependencies": {
@@ -124,11 +124,11 @@
     "tsx": "^4.22.3",
     "typescript": "^5.9.3",
     "vitest": "^4.1.7",
-    "@bike4mind/agents": "0.11.5",
-    "@bike4mind/common": "2.104.1",
-    "@bike4mind/mcp": "1.37.19",
-    "@bike4mind/services": "2.91.1",
-    "@bike4mind/utils": "2.23.7"
+    "@bike4mind/agents": "0.11.7",
+    "@bike4mind/common": "2.106.0",
+    "@bike4mind/mcp": "1.37.21",
+    "@bike4mind/services": "2.92.1",
+    "@bike4mind/utils": "2.23.9"
   },
   "optionalDependencies": {
     "@vscode/ripgrep": "^1.18.0"