@buildautomaton/cli 0.1.26 → 0.1.27

package/dist/cli.js

@@ -25064,7 +25064,7 @@ var {
 } = import_index.default;
 
 // src/cli-version.ts
-var CLI_VERSION = "0.1.26".length > 0 ? "0.1.26" : "0.0.0-dev";
+var CLI_VERSION = "0.1.27".length > 0 ? "0.1.27" : "0.0.0-dev";
 
 // src/cli/defaults.ts
 var DEFAULT_API_URL = process.env.BUILDAUTOMATON_API_URL ?? "https://api.buildautomaton.com";
@@ -25352,6 +25352,17 @@ function createCliE2eeRuntime(key) {
       const merged = { ...message, ...parsed };
       delete merged.ee;
       return merged;
+    },
+    decryptEnvelopeToBuffer(envelope) {
+      if (envelope.k !== key.id) throw new Error(`E2EE key mismatch: ${envelope.k}`);
+      const sealed = Buffer.from(base64UrlDecode(envelope.c));
+      if (sealed.length < 16) throw new Error("Invalid E2EE payload.");
+      const ciphertext = sealed.subarray(0, sealed.length - 16);
+      const tag = sealed.subarray(sealed.length - 16);
+      const nonce = Buffer.from(base64UrlDecode(envelope.n));
+      const decipher = createDecipheriv("aes-256-gcm", rawKey, nonce);
+      decipher.setAuthTag(tag);
+      return Buffer.concat([decipher.update(ciphertext), decipher.final()]);
     }
   };
 }
@@ -32252,6 +32263,96 @@ function augmentPromptResultAuthFields(agentType, errorText) {
   return { agentAuthRequired: true, agentType };
 }
 
+// src/agents/acp/fetch-session-attachments.ts
+function metaSaysEncrypted(meta) {
+  if (!meta) return false;
+  const e = meta.encrypted;
+  return e === true || e === "true" || e === 1;
+}
+function warnIfDecodedImageMagicUnexpected(buf, mimeType, idShort) {
+  const m = mimeType.toLowerCase();
+  if (!m.startsWith("image/") || buf.length < 4) return;
+  const b0 = buf[0];
+  const b1 = buf[1];
+  const b2 = buf[2];
+  const b3 = buf[3];
+  let looksOk = false;
+  if (m.includes("png") && b0 === 137 && b1 === 80 && b2 === 78 && b3 === 71) looksOk = true;
+  else if ((m.includes("jpeg") || m.includes("jpg")) && b0 === 255 && b1 === 216 && b2 === 255) looksOk = true;
+  else if (m.includes("gif") && b0 === 71 && b1 === 73 && b2 === 70) looksOk = true;
+  else if (m.includes("webp") && buf.length >= 12 && buf.subarray(0, 4).toString("ascii") === "RIFF" && buf.subarray(8, 12).toString("ascii") === "WEBP")
+    looksOk = true;
+  else if (!/(png|jpe?g|gif|webp)/i.test(m)) looksOk = true;
+  if (!looksOk) {
+    logDebug(
+      `[Agent] Attachment ${idShort} (${mimeType}): decoded bytes do not match common image signatures \u2014 wrong E2EE key, corrupt blob, or metadata mismatch. First 12 bytes (hex): ${buf.subarray(0, Math.min(12, buf.length)).toString("hex")}`
+    );
+  }
+}
+async function fetchSessionAttachmentPayloadsForAgent(params) {
+  const { attachments, sessionId, cloudApiBaseUrl, getCloudAccessToken, e2ee, log: log2 } = params;
+  const token = getCloudAccessToken();
+  if (!token) {
+    return { ok: false, error: "Missing cloud access token; cannot download attachments." };
+  }
+  const wantedCount = attachments.filter((a) => typeof a.attachmentId === "string" && a.attachmentId.trim() !== "").length;
+  if (wantedCount === 0) {
+    return { ok: false, error: "No valid attachment ids in prompt." };
+  }
+  const base = cloudApiBaseUrl.replace(/\/+$/, "");
+  const out = [];
+  for (const a of attachments) {
+    const id = typeof a.attachmentId === "string" ? a.attachmentId.trim() : "";
+    if (!id) continue;
+    const metaUrl = `${base}/api/sessions/${encodeURIComponent(sessionId)}/attachments/${encodeURIComponent(id)}/meta`;
+    const blobUrl = `${base}/api/sessions/${encodeURIComponent(sessionId)}/attachments/${encodeURIComponent(id)}/blob`;
+    const metaRes = await fetch(metaUrl, { headers: { Authorization: `Bearer ${token}` } });
+    if (!metaRes.ok) {
+      const t = await metaRes.text().catch(() => "");
+      log2(`[Agent] Attachment meta fetch failed ${metaRes.status}: ${t.slice(0, 200)}`);
+      return { ok: false, error: `Could not load attachment (${id.slice(0, 8)}\u2026): ${metaRes.status}` };
+    }
+    const meta = await metaRes.json().catch(() => null);
+    const mimeType = typeof meta?.mimeType === "string" && meta.mimeType.trim() ? meta.mimeType.trim() : a.mimeType;
+    const blobRes = await fetch(blobUrl, { headers: { Authorization: `Bearer ${token}` } });
+    if (!blobRes.ok) {
+      const t = await blobRes.text().catch(() => "");
+      log2(`[Agent] Attachment blob fetch failed ${blobRes.status}: ${t.slice(0, 200)}`);
+      return { ok: false, error: `Could not load attachment data (${id.slice(0, 8)}\u2026): ${blobRes.status}` };
+    }
+    const buf = Buffer.from(await blobRes.arrayBuffer());
+    let imageBytes;
+    const encrypted = metaSaysEncrypted(meta);
+    if (encrypted) {
+      if (!e2ee) {
+        return { ok: false, error: "Encrypted attachments require E2EE keys on this bridge." };
+      }
+      const k = typeof meta?.k === "string" ? meta.k : "";
+      const n = typeof meta?.n === "string" ? meta.n : "";
+      if (!k || !n) {
+        return { ok: false, error: "Invalid encrypted attachment metadata (missing key id or nonce)." };
+      }
+      const c = base64UrlEncode(buf);
+      imageBytes = e2ee.decryptEnvelopeToBuffer({ k, n, c });
+    } else {
+      imageBytes = buf;
+    }
+    warnIfDecodedImageMagicUnexpected(imageBytes, mimeType, id.slice(0, 8));
+    logDebug(
+      `[Agent] Loaded prompt image ${id.slice(0, 8)}\u2026: ${imageBytes.length} bytes, mime=${mimeType}, ${encrypted ? "E2EE decrypted" : "plaintext from storage"}`
+    );
+    const dataBase64 = imageBytes.toString("base64");
+    out.push({ mimeType, dataBase64 });
+  }
+  if (out.length !== wantedCount) {
+    return {
+      ok: false,
+      error: `Expected ${wantedCount} image attachment(s) but only loaded ${out.length} (check attachment ids and empty rows).`
+    };
+  }
+  return { ok: true, images: out };
+}
+
 // src/agents/acp/send-prompt-to-agent.ts
 async function sendPromptToAgent(options) {
   const {
@@ -32269,10 +32370,49 @@ async function sendPromptToAgent(options) {
     sessionChangeSummaryFilePaths,
     cloudApiBaseUrl,
     getCloudAccessToken,
-    e2ee
+    e2ee,
+    attachments
   } = options;
   try {
-    const result = await handle.sendPrompt(promptText, {});
+    let sendOpts = {};
+    if (attachments && attachments.length > 0) {
+      if (!sessionId || !cloudApiBaseUrl || !getCloudAccessToken) {
+        sendResult2({
+          type: "prompt_result",
+          id: promptId,
+          ...sessionId ? { sessionId } : {},
+          ...runId ? { runId } : {},
+          success: false,
+          error: "Prompt includes images but the bridge is not configured with a cloud API URL and token to fetch them.",
+          ...followUpCatalogPromptId != null && followUpCatalogPromptId !== "" ? { followUpCatalogPromptId } : {},
+          ...augmentPromptResultAuthFields(agentType, "missing cloud for images download")
+        });
+        return;
+      }
+      const resolved = await fetchSessionAttachmentPayloadsForAgent({
+        attachments,
+        sessionId,
+        cloudApiBaseUrl,
+        getCloudAccessToken,
+        e2ee,
+        log: log2
+      });
+      if (!resolved.ok) {
+        sendResult2({
+          type: "prompt_result",
+          id: promptId,
+          ...sessionId ? { sessionId } : {},
+          ...runId ? { runId } : {},
+          success: false,
+          error: resolved.error,
+          ...followUpCatalogPromptId != null && followUpCatalogPromptId !== "" ? { followUpCatalogPromptId } : {},
+          ...augmentPromptResultAuthFields(agentType, resolved.error)
+        });
+        return;
+      }
+      sendOpts = { images: resolved.images };
+    }
+    const result = await handle.sendPrompt(promptText, sendOpts);
     if (sessionId && runId && sendSessionUpdate && agentCwd && result.success) {
       await collectTurnGitDiffFromPreTurnSnapshot({
         sessionId,
@@ -32714,13 +32854,16 @@ function parseAcpInitAgentCapabilities(initResult) {
   const canLoad = agentCapabilities?.loadSession === true;
   const sessionCaps = agentCapabilities?.sessionCapabilities;
   const canResume = Boolean(sessionCaps?.resume);
-  return { canResume, canLoad };
+  const promptCaps = agentCapabilities?.promptCapabilities;
+  const promptSupportsImage = promptCaps?.image === true;
+  return { canResume, canLoad, promptSupportsImage };
 }
 
 // src/agents/acp/clients/shared/bootstrap-acp-wire-session.ts
 async function bootstrapAcpWireSession(transport, ctx, initializeRequest) {
   const initResult = await transport.initialize(initializeRequest);
-  const { canResume, canLoad } = parseAcpInitAgentCapabilities(initResult);
+  const { canResume, canLoad, promptSupportsImage } = parseAcpInitAgentCapabilities(initResult);
+  ctx.agentPromptImageSupported = promptSupportsImage;
   await transport.afterInitialize?.();
   const established = await establishAcpSessionWithTransport(transport, ctx, canResume, canLoad);
   const sessionId = established.sessionId;
@@ -32811,11 +32954,27 @@ function normalizeAcpPromptTurnFailure(err, stderrCaptureText) {
 }
 
 // src/agents/acp/clients/shared/send-acp-prompt-via-transport.ts
-async function sendAcpPromptViaTransport(transport, ctx, sessionId, promptText) {
+async function sendAcpPromptViaTransport(transport, ctx, sessionId, promptText, images) {
+  if (images && images.length > 0 && !ctx.agentPromptImageSupported) {
+    await new Promise((r) => setImmediate(r));
+    return normalizeAcpPromptTurnFailure(
+      new Error(
+        "This agent does not advertise image support in ACP (missing agentCapabilities.promptCapabilities.image). Remove images or use an agent that supports prompt images."
+      ),
+      ctx.getStderrText()
+    );
+  }
+  const textBlock = promptText.trim() !== "" ? promptText : images?.length ? " " : "";
+  const prompt = [{ type: "text", text: textBlock }];
+  if (images && images.length > 0) {
+    for (const im of images) {
+      prompt.push({ type: "image", mimeType: im.mimeType, data: im.data });
+    }
+  }
   try {
     const response = await transport.prompt({
       sessionId,
-      prompt: [{ type: "text", text: promptText }]
+      prompt
     });
     await new Promise((r2) => setImmediate(r2));
     const r = response;
@@ -32991,15 +33150,17 @@ async function createSdkStdioAcpClient(options) {
         const established = await bootstrapAcpWireSession(transport, sessionCtx, {
           protocolVersion: PROTOCOL_VERSION2,
           clientCapabilities: {
-            fs: { readTextFile: true, writeTextFile: true }
+            fs: { readTextFile: true, writeTextFile: true },
+            prompt: { image: true }
           },
           clientInfo: { name: "buildautomaton-cli", version: "0.1.0" }
         });
         const sessionId = established.sessionId;
         settleResolve({
           sessionId,
-          async sendPrompt(prompt, _options) {
-            return sendAcpPromptViaTransport(transport, sessionCtx, sessionId, prompt);
+          async sendPrompt(prompt, options2) {
+            const imgs = options2?.images?.map((im) => ({ type: "image", mimeType: im.mimeType, data: im.dataBase64 }));
+            return sendAcpPromptViaTransport(transport, sessionCtx, sessionId, prompt, imgs);
           },
           async cancel() {
             for (const [id, entry] of [...pendingPermissionReplies.entries()]) {
@@ -33367,14 +33528,19 @@ async function createCursorAcpClient(options) {
         });
         const established = await bootstrapAcpWireSession(transport, sessionCtx, {
           protocolVersion: 1,
-          clientCapabilities: { fs: { readTextFile: true, writeTextFile: true }, terminal: false },
+          clientCapabilities: {
+            fs: { readTextFile: true, writeTextFile: true },
+            terminal: false,
+            prompt: { image: true }
+          },
           clientInfo: { name: "buildautomaton-cli", version: "0.1.0" }
         });
         const sessionId = established.sessionId;
         resolve18({
           sessionId,
-          async sendPrompt(prompt, _options) {
-            return sendAcpPromptViaTransport(transport, sessionCtx, sessionId, prompt);
+          async sendPrompt(prompt, options2) {
+            const imgs = options2?.images?.map((im) => ({ type: "image", mimeType: im.mimeType, data: im.dataBase64 }));
+            return sendAcpPromptViaTransport(transport, sessionCtx, sessionId, prompt, imgs);
           },
           async cancel() {
             cancelPendingPermissionRequests2();
@@ -34405,7 +34571,8 @@ async function createAcpManager(options) {
       sessionChangeSummaryFilePaths,
       cloudApiBaseUrl,
       getCloudAccessToken,
-      e2ee
+      e2ee,
+      attachments
     } = opts;
     const preferredForPrompt = agentType ?? backendFallbackAgentType ?? null;
     pendingCancelRunId = void 0;
@@ -34476,7 +34643,8 @@ async function createAcpManager(options) {
         sessionChangeSummaryFilePaths,
         cloudApiBaseUrl,
         getCloudAccessToken,
-        e2ee
+        e2ee,
+        attachments
       });
     }
     void run().finally(() => {
@@ -37848,7 +38016,8 @@ function dispatchLocalPrompt(next, deps) {
     ...Array.isArray(pl.sessionChangeSummaryFilePaths) ? { sessionChangeSummaryFilePaths: pl.sessionChangeSummaryFilePaths } : {},
     ...Array.isArray(pl.sessionChangeSummaryFileSnapshots) ? { sessionChangeSummaryFileSnapshots: pl.sessionChangeSummaryFileSnapshots } : {},
     ...typeof pl.agentType === "string" && pl.agentType.trim() ? { agentType: pl.agentType.trim() } : {},
-    ...pl.agentConfig != null && typeof pl.agentConfig === "object" && !Array.isArray(pl.agentConfig) && Object.keys(pl.agentConfig).length > 0 ? { agentConfig: pl.agentConfig } : {}
+    ...pl.agentConfig != null && typeof pl.agentConfig === "object" && !Array.isArray(pl.agentConfig) && Object.keys(pl.agentConfig).length > 0 ? { agentConfig: pl.agentConfig } : {},
+    ...Array.isArray(pl.attachments) && pl.attachments.length > 0 ? { attachments: pl.attachments } : {}
   };
   handleBridgePrompt(msg, deps);
 }
@@ -38115,15 +38284,30 @@ function resolveChangeSummaryPromptForAgent(params) {
 }
 
 // src/agents/acp/from-bridge/handle-bridge-prompt.ts
+function parseBridgeAttachments(msg) {
+  const raw = msg.attachments;
+  if (!Array.isArray(raw)) return [];
+  const out = [];
+  for (const x of raw) {
+    if (x === null || typeof x !== "object" || Array.isArray(x)) continue;
+    const o = x;
+    const id = typeof o.attachmentId === "string" ? o.attachmentId.trim() : "";
+    if (!id) continue;
+    const mt = typeof o.mimeType === "string" && o.mimeType.trim() ? o.mimeType.trim() : "application/octet-stream";
+    out.push({ attachmentId: id, mimeType: mt });
+  }
+  return out;
+}
 function handleBridgePrompt(msg, deps) {
   const { getWs, log: log2, acpManager, sessionWorktreeManager } = deps;
   const rawPrompt = msg.prompt;
   const promptText = typeof rawPrompt === "string" ? rawPrompt : rawPrompt != null ? String(rawPrompt) : "";
+  const attachments = parseBridgeAttachments(msg);
   const sessionId = msg.sessionId;
   const runId = typeof msg.runId === "string" ? msg.runId : void 0;
   const promptId = typeof msg.id === "string" ? msg.id : void 0;
   const { sendBridgeMessage, sendResult: sendResult2, sendSessionUpdate } = createBridgePromptSenders(deps, getWs);
-  if (!promptText.trim()) {
+  if (!promptText.trim() && attachments.length === 0) {
     log2(
       `[Bridge service] Prompt ignored: empty or missing prompt text (session ${typeof msg.sessionId === "string" ? msg.sessionId.slice(0, 8) : "\u2014"}\u2026, run ${typeof msg.runId === "string" ? msg.runId.slice(0, 8) : "\u2014"}\u2026).`
     );
@@ -38190,7 +38374,8 @@ function handleBridgePrompt(msg, deps) {
       sessionChangeSummaryFilePaths: pathsForUpload,
       cloudApiBaseUrl: deps.cloudApiBaseUrl,
       getCloudAccessToken: deps.getCloudAccessToken,
-      e2ee: deps.e2ee
+      e2ee: deps.e2ee,
+      ...attachments.length > 0 ? { attachments } : {}
     });
   }
   void sessionWorktreeManager.resolveSessionParentPathForPrompt(sessionId, { isNewSession, sessionParent, sessionParentPath }).then((cwd) => preambleAndPrompt(cwd)).catch((err) => {