@cotal-ai/cli 0.7.0 → 0.8.0

package/dist/commands/down-manifest.d.ts

@@ -0,0 +1,6 @@
+export interface DownManifestFlags {
+    run?: string;
+    dryRun?: boolean;
+}
+export declare function downManifest(file: string, flags: DownManifestFlags): Promise<void>;
+//# sourceMappingURL=down-manifest.d.ts.map

package/dist/commands/down-manifest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"down-manifest.d.ts","sourceRoot":"","sources":["../../src/commands/down-manifest.ts"],"names":[],"mappings":"AAkCA,MAAM,WAAW,iBAAiB;IAChC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,wBAAsB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAmNxF"}

package/dist/commands/down-manifest.js

@@ -0,0 +1,282 @@
+/**
+ * `cotal down -f cotal.yaml` — ownership-scoped teardown of a `spawn -f` deploy: stop + remove ONLY
+ * the agents/channels that run created, never foreign actors on the shared mesh. The ledger is
+ * treated as untrusted input and the WHOLE of it is validated + every path resolved up front, before
+ * any destructive action (fail closed). Local-only: works from the same checkout/host that created
+ * the run (the ledger is local state).
+ *
+ * Safety invariants (security/critic/UX early-PR2 review):
+ *  - find the ledger by manifest hash; an edited file / >1 match FAILS with `--run`, never guesses;
+ *  - stop an owned agent only when the live agent matches the recorded name AND nkey id — a name
+ *    match with a different id is left alone (foreign reuse), never stopped by name;
+ *  - cred paths are DERIVED from the auth root (never read from the ledger) and deleted no-follow;
+ *  - a ledger-owned channel card is removed only when no members remain and membership is knowable —
+ *    skipped (best-effort, racy) on ANY uncertainty, including an owned agent that failed to stop;
+ *  - `--allow-stale` is apply-only and has no effect here.
+ */
+import { lstatSync, readFileSync, rmSync } from "node:fs";
+import { join, resolve } from "node:path";
+import { CONTROL_ADMIN, deleteChannels, isReachable, mintCreds, newIdentity, realDirNoSymlink, subjectMatches, unlinkFileNoFollow, } from "@cotal-ai/core";
+import { authDir, loadSpaceAuth } from "@cotal-ai/workspace";
+import { c } from "../ui.js";
+import { cotalRoot } from "../lib/paths.js";
+import { connectProbe } from "../lib/manifest/live.js";
+import { findLedgerByHash, findLedgerByRun, hashManifestSource, ownedCredPath, writeLedger } from "../lib/manifest/ledger.js";
+export async function downManifest(file, flags) {
+    const abs = resolve(file);
+    const root = cotalRoot();
+    // 1) Resolve the ledger — fail, never guess (edited file / ambiguous → require --run).
+    let ledgerPath;
+    let ledger;
+    try {
+        const found = flags.run ? findLedgerByRun(root, flags.run) : findLedgerByHash(root, hashManifestSource(readFileSync(abs, "utf8")));
+        ledgerPath = found.path;
+        ledger = found.ledger; // loadLedger already validated the WHOLE ledger as untrusted input
+    }
+    catch (e) {
+        console.error(c.red(`✗ ${e.message}`));
+        process.exit(1);
+    }
+    // 2) Show exactly what is being torn down BEFORE deleting anything.
+    console.log(c.bold(`Tear down run ${ledger.runId}`));
+    console.log(c.dim(`  ledger:   ${ledgerPath}`));
+    console.log(c.dim(`  manifest: ${ledger.manifestPath} · hash ${ledger.manifestHash}`));
+    console.log(c.dim(`  mesh:     ${ledger.space} @ ${ledger.server}`));
+    console.log(c.dim(`  owns:     ${ledger.created.agents.length} agent(s), ${ledger.created.channels.length} channel(s)`));
+    // 3) Resolve every owned path from validated IDs up front — a bad name fails the WHOLE teardown
+    //    before any side effect (no partial "validated the one I'm deleting" flow).
+    let credPaths;
+    let runDir;
+    let specPath;
+    try {
+        credPaths = ledger.created.agents.map((a) => ({ requested: a.requested, name: a.name, id: a.id, path: ownedCredPath(root, a.name) }));
+        const runParent = realDirNoSymlink(root, ".cotal", "run"); // refuse a symlinked .cotal/run before deriving under it
+        runDir = realDirNoSymlink(root, ".cotal", "run", ledger.runId);
+        specPath = join(runParent ?? join(root, ".cotal", "run"), `${ledger.runId}.json`);
+    }
+    catch (e) {
+        console.error(c.red(`✗ refusing teardown — unsafe owned resource: ${e.message}`));
+        process.exit(1);
+    }
+    if (flags.dryRun) {
+        console.log(c.bold("\nWould remove (dry run):"));
+        for (const a of credPaths)
+            console.log(`  ${c.red("-")} agent ${a.name} ${c.dim(`(id ${a.id.slice(0, 8)}, creds ${a.path}) — stopped only if name+id match live`)}`);
+        for (const ch of ledger.created.channels)
+            console.log(`  ${c.red("-")} channel ${c.cyan("#" + ch)} ${c.dim("(auth mesh: only if no members remain · open mesh: metadata cleanup, no membership audit)")}`);
+        console.log(`  ${c.red("-")} run dir ${runDir ?? "(none)"} + ledger ${ledgerPath} ${c.dim("(only if every owned resource is removed/proven gone; else the ledger is kept)")}`);
+        console.log(c.dim("\nDry run — nothing was changed. The live membership check + actual disposition happen at apply."));
+        return;
+    }
+    // 4) Best-effort live teardown: stop owned agents (name AND id match) + remove childless owned
+    //    channels. If the broker is down, nothing remote is torn down and the ledger is RETAINED.
+    const stoppedIds = new Set();
+    const removed = [];
+    const openNoFeed = []; // owned channels removed on an open mesh with no membership proof
+    const skipped = [];
+    const creds = await mintIfAuth(root, ledger.space);
+    const reachable = await isReachable(ledger.server, creds ? { creds } : undefined);
+    let liveById = new Map();
+    // controlOk: we completed the live ps/stop/channel pass. A control-plane error (no manager
+    // responder, a thrown ps/stop/membership/delete) is teardown UNCERTAINTY, not a crash — we catch
+    // it, mark everything unresolved below, and fall through to ledger retention (engineer/security/ux).
+    let controlOk = false;
+    if (reachable) {
+        try {
+            const ep = await connectProbe({ space: ledger.space, server: ledger.server, creds });
+            try {
+                const ps = await ep.requestControl(CONTROL_ADMIN, { op: "ps" });
+                // A FAILED ps reply is teardown uncertainty too — not a trustworthy empty roster. Throw so it
+                // joins the no-responder/thrown path → controlOk stays false → partial retention (review-ux).
+                if (!ps.ok)
+                    throw new Error(ps.error ?? "ps failed");
+                const live = ps.data ?? [];
+                liveById = new Map(live.map((r) => [r.id, r]));
+                for (const a of ledger.created.agents) {
+                    const l = liveById.get(a.id);
+                    if (!l) {
+                        const sameName = live.find((r) => r.name === a.name);
+                        if (sameName)
+                            console.log(c.yellow(`  ~ ${a.name}: a different agent (id ${sameName.id.slice(0, 8)}) holds this name — NOT ours, left running`));
+                        else
+                            console.log(c.dim(`  • ${a.name}: not running`));
+                        continue;
+                    }
+                    const stop = await ep.requestControl(CONTROL_ADMIN, { op: "stop", args: { name: l.name } });
+                    if (stop.ok) {
+                        stoppedIds.add(a.id);
+                        console.log(c.green(`  ✓ stopped ${l.name}`));
+                    }
+                    else {
+                        console.log(c.yellow(`  ! ${l.name}: stop failed — ${stop.error ?? "unknown"}`));
+                    }
+                }
+                // Channel removal: skip on ANY uncertainty (best-effort, racy — said so in output). The
+                // fail-closed "skip when membership is unobservable" rule protects ACL isolation, which exists
+                // only on an AUTH mesh; an open mesh has no isolation and no membership feed by design, so an
+                // owned card is removable there (otherwise `down -f` could never clean an open dev mesh).
+                const openMesh = !creds;
+                const stopFailed = ledger.created.agents.some((a) => liveById.has(a.id) && !stoppedIds.has(a.id));
+                const snapshot = await ep.readMembership().catch(() => null);
+                const ownedIds = new Set(ledger.created.agents.map((a) => a.id));
+                const toRemove = [];
+                for (const ch of ledger.created.channels) {
+                    if (stopFailed) {
+                        skipped.push({ channel: ch, why: "an owned agent failed to stop" });
+                        continue;
+                    }
+                    if (snapshot) {
+                        const others = snapshot.members.filter((m) => !ownedIds.has(m.id) && (m.durable.includes(ch) || m.live.some((p) => subjectMatches(p, ch))));
+                        if (others.length) {
+                            skipped.push({ channel: ch, why: `members present (${others.length})` });
+                            continue;
+                        }
+                    }
+                    else if (!openMesh) {
+                        skipped.push({ channel: ch, why: "membership unknown (no feed) on an auth mesh" });
+                        continue;
+                    }
+                    else {
+                        openNoFeed.push(ch); // open mesh, no feed: removable (no isolation), but no membership proof
+                    }
+                    toRemove.push(ch);
+                }
+                if (toRemove.length) {
+                    await deleteChannels({ servers: ledger.server, space: ledger.space, creds, channels: toRemove });
+                    removed.push(...toRemove);
+                }
+                controlOk = true; // got all the way through — the live pass is trustworthy
+            }
+            finally {
+                await ep.stop();
+            }
+        }
+        catch (e) {
+            console.log(c.yellow(`  ! ${ledger.server}: control plane unavailable (${e.message}) — nothing torn down remotely; the ledger is RETAINED for a later \`down -f --run ${ledger.runId}\``));
+        }
+    }
+    else {
+        console.log(c.yellow(`  ! ${ledger.server} unreachable — can't stop processes or remove channels; the ledger is RETAINED for a later \`down -f --run ${ledger.runId}\``));
+    }
+    // 5) Remote resolution: which owned REMOTE resources are NOT proven handled. An agent is unresolved
+    //    if the broker was unreachable, or it's still live under our recorded id and its stop failed (an
+    //    id we don't see live is gone; a same-name/different-id agent is foreign, not ours). A channel
+    //    is unresolved if it wasn't removed.
+    // An agent is resolved only when we explicitly stopped it, OR the control pass was trustworthy and
+    // its id isn't live (gone). If the broker was unreachable or the control plane failed, only the
+    // agents we actually stopped are resolved — everything else is assumed maybe-running (safe).
+    const controlReliable = reachable && controlOk;
+    const removedSet = new Set(removed);
+    const unresolvedAgents = ledger.created.agents.filter((a) => !stoppedIds.has(a.id) && (!controlReliable || liveById.has(a.id)));
+    const unresolvedChannels = ledger.created.channels.filter((ch) => !removedSet.has(ch));
+    const unresolvedIds = new Set(unresolvedAgents.map((a) => a.id));
+    // 6) Local cred cleanup of RESOLVED agents. A cred is deleted only after its own nkey id matches the
+    //    recorded id. The dispositions, narrowed by review-fact so retention can't strand the ledger:
+    //    - no file (undefined) → proven absent, resolved;
+    //    - sub !== id → a foreign/overwritten cred (OUR cred is already gone) — left in place, reported,
+    //      NOT retained (retaining would re-trigger every retry → a permanently un-downable ledger);
+    //    - unverifiable (null: symlink/corrupt) → left in place, reported, NOT retained (same trap; a
+    //      symlink isn't a cred we wrote) — surfaced loudly so a genuine stale cred isn't silent;
+    //    - id matches but UNLINK THROWS → OUR cred, a recoverable FS error → retained so a retry finishes.
+    const unresolvedCredIds = new Set();
+    for (const cp of credPaths) {
+        if (unresolvedIds.has(cp.id))
+            continue; // remote-unresolved agent keeps its cred (still in use / retry)
+        const sub = credSubject(cp.path);
+        if (sub === undefined)
+            continue; // no cred file — proven absent
+        if (sub === null) {
+            console.error(c.yellow(`  ! ${cp.name} creds: unreadable/unverifiable — left in place (resolve by hand if it's a stale cred)`));
+            continue;
+        }
+        if (sub !== cp.id) {
+            console.error(c.yellow(`  ~ ${cp.name} creds belong to a different agent (id ${sub.slice(0, 8)} ≠ ${cp.id.slice(0, 8)}) — ours is gone, left in place`));
+            continue;
+        }
+        try {
+            if (unlinkFileNoFollow(cp.path))
+                console.log(c.dim(`  • removed creds for ${cp.name}`));
+        }
+        catch (e) {
+            console.error(c.yellow(`  ! ${cp.name} creds: ${e.message} — retained for retry`));
+            unresolvedCredIds.add(cp.id); // OUR id-verified cred, unlink failed (recoverable) → keep the record
+        }
+    }
+    // 7) Disposition. The ledger is deleted only when EVERY owned resource — remote agents, channels,
+    //    AND our own credential files — is removed or proven gone; otherwise it's rewritten DOWN to the
+    //    unresolved set (atomic temp-then-rename) so a later `down -f --run` finishes. Never erase the
+    //    only ownership record while anything owned may remain (critic/security/engineer/ux PR2 gate).
+    const retainIds = new Set([...unresolvedIds, ...unresolvedCredIds]);
+    const complete = retainIds.size === 0 && unresolvedChannels.length === 0;
+    for (const s of skipped)
+        console.log(c.yellow(`  ~ left ${c.cyan("#" + s.channel)}: ${s.why}`) + c.dim(" (best-effort membership check — racy)"));
+    if (openNoFeed.length)
+        console.log(c.dim(`  note: removed ${openNoFeed.length} channel(s) on an OPEN mesh with no membership feed — no ACL isolation to protect, no membership proof: ${openNoFeed.map((n) => "#" + n).join(", ")}`));
+    if (complete) {
+        // Everything owned is removed/proven gone — safe to delete the run dir + launch spec + ledger.
+        try {
+            unlinkFileNoFollow(specPath);
+        }
+        catch (e) {
+            console.error(c.yellow(`  ! launch spec: ${e.message}`));
+        }
+        if (runDir)
+            rmSync(runDir, { recursive: true, force: true });
+        try {
+            unlinkFileNoFollow(ledgerPath);
+        }
+        catch (e) {
+            console.error(c.yellow(`  ! ledger: ${e.message}`));
+        }
+        console.log(c.green(`✓ torn down run ${ledger.runId}`) + (removed.length ? c.dim(` — removed ${removed.length} channel(s): ${removed.map((n) => "#" + n).join(", ")}`) : ""));
+    }
+    else {
+        // Partial: rewrite the ledger DOWN to the unresolved resources so a later `down -f --run` finishes.
+        const remainAgents = ledger.created.agents.filter((a) => retainIds.has(a.id));
+        const remaining = { ...ledger, created: { channels: unresolvedChannels, agents: remainAgents } };
+        writeLedger(root, remaining, { update: true });
+        console.log(c.yellow(`! partial teardown of run ${ledger.runId}`) +
+            c.dim(` — ${remainAgents.length} agent(s) + ${unresolvedChannels.length} channel(s) still owned; ledger kept`));
+        if (unresolvedCredIds.size)
+            console.log(c.dim(`  local credential cleanup incomplete for ${unresolvedCredIds.size} agent(s) — ledger kept for retry`));
+        console.log(c.dim(`  finish later (broker up / members gone): cotal down -f ${ledger.manifestPath} --run ${ledger.runId}`));
+        process.exitCode = 1; // not a full success
+    }
+}
+/** Extract the nkey subject (the agent id) from a NATS creds file's user JWT — to verify a cred file
+ *  belongs to the recorded agent before `down -f` deletes it. Returns `undefined` if the file is
+ *  absent, or `null` if it can't be verified (symlink / not a regular file / no JWT / unparseable) so
+ *  the caller fails closed and leaves it. */
+function credSubject(path) {
+    let raw;
+    try {
+        const st = lstatSync(path);
+        if (st.isSymbolicLink() || !st.isFile())
+            return null;
+        raw = readFileSync(path, "utf8");
+    }
+    catch (e) {
+        if (e.code === "ENOENT")
+            return undefined;
+        return null;
+    }
+    const jwt = raw.split("\n").find((l) => l && !l.startsWith("-") && l.split(".").length === 3);
+    if (!jwt)
+        return null;
+    try {
+        const claims = JSON.parse(Buffer.from(jwt.split(".")[1], "base64url").toString("utf8"));
+        return typeof claims.sub === "string" ? claims.sub : null;
+    }
+    catch {
+        return null;
+    }
+}
+/** Mint a manager (admin-control) cred for the ledger's space from the local trust material, or
+ *  undefined for an open mesh / mismatched checkout (then we connect bare and do local cleanup). */
+async function mintIfAuth(root, space) {
+    const auth = loadSpaceAuth(authDir(root));
+    if (!auth || auth.space !== space)
+        return undefined;
+    return mintCreds(auth, newIdentity(), "manager");
+}
+//# sourceMappingURL=down-manifest.js.map

package/dist/commands/down-manifest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"down-manifest.js","sourceRoot":"","sources":["../../src/commands/down-manifest.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AACH,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC1D,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EACL,aAAa,EACb,cAAc,EACd,WAAW,EACX,SAAS,EACT,WAAW,EACX,gBAAgB,EAChB,cAAc,EACd,kBAAkB,GACnB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,CAAC,EAAE,MAAM,UAAU,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,kBAAkB,EAAE,aAAa,EAAE,WAAW,EAAmB,MAAM,2BAA2B,CAAC;AAO/I,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAY,EAAE,KAAwB;IACvE,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1B,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC;IAEzB,uFAAuF;IACvF,IAAI,UAAkB,CAAC;IACvB,IAAI,MAAkB,CAAC;IACvB,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,EAAE,kBAAkB,CAAC,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;QACnI,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC;QACxB,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,mEAAmE;IAC5F,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,KAAM,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,oEAAoE;IACpE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,eAAe,UAAU,EAAE,CAAC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,YAAY,WAAW,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;IACvF,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,KAAK,MAAM,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,cAAc,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,aAAa,CAAC,CAAC,CAAC;IAEzH,gGAAgG;IAChG,gFAAgF;IAChF,IAAI,SAA+E,CAAC;IACpF,IAAI,MAAqB,CAAC;IAC1B,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,aAAa,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QACtI,MAAM,SAAS,GAAG,gBAAgB,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,yDAAyD;QACpH,MAAM,GAAG,gBAAgB,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAC/D,QAAQ,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,EAAE,GAAG,MAAM,CAAC,KAAK,OAAO,CAAC,CAAC;IACpF,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,gDAAiD,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QAC7F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC;QACjD,KAAK,MAAM,CAAC,IAAI,SAAS;YAAE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,WAAW,CAAC,CAAC,IAAI,wCAAwC,CAAC,EAAE,CAAC,CAAC;QACrK,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ;YAAE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,2FAA2F,CAAC,EAAE,CAAC,CAAC;QAC3M,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,YAAY,MAAM,IAAI,QAAQ,aAAa,UAAU,IAAI,CAAC,CAAC,GAAG,CAAC,gFAAgF,CAAC,EAAE,CAAC,CAAC;QAC/K,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,kGAAkG,CAAC,CAAC,CAAC;QACvH,OAAO;IACT,CAAC;IAED,+FAA+F;IAC/F,8FAA8F;IAC9F,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IACrC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,UAAU,GAAa,EAAE,CAAC,CAAC,kEAAkE;IACnG,MAAM,OAAO,GAA4C,EAAE,CAAC;IAC5D,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAClF,IAAI,QAAQ,GAAG,IAAI,GAAG,EAAwC,CAAC;IAC/D,2FAA2F;IAC3F,iGAAiG;IACjG,qGAAqG;IACrG,IAAI,SAAS,GAAG,KAAK,CAAC;IACtB,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YACrF,IAAI,CAAC;gBACH,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,cAAc,CAAC,aAAa,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;gBAChE,8FAA8F;gBAC9F,8FAA8F;gBAC9F,IAAI,CAAC,EAAE,CAAC,EAAE;oBAAE,MAAM,IAAI,KAAK,CAAC,EAAE,CAAC,KAAK,IAAI,WAAW,CAAC,CAAC;gBACrD,MAAM,IAAI,GAAI,EAAE,CAAC,IAA4C,IAAI,EAAE,CAAC;gBACpE,QAAQ,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC/C,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;oBACtC,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBAC7B,IAAI,CAAC,CAAC,EAAE,CAAC;wBACP,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC;wBACrD,IAAI,QAAQ;4BAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,2BAA2B,QAAQ,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,4CAA4C,CAAC,CAAC,CAAC;;4BAC5I,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,eAAe,CAAC,CAAC,CAAC;wBACtD,SAAS;oBACX,CAAC;oBACD,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,cAAc,CAAC,aAAa,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;oBAC5F,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;wBACZ,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;wBACrB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;oBAChD,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,mBAAmB,IAAI,CAAC,KAAK,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;oBACnF,CAAC;gBACH,CAAC;gBACD,wFAAwF;gBACxF,+FAA+F;gBAC/F,8FAA8F;gBAC9F,0FAA0F;gBAC1F,MAAM,QAAQ,GAAG,CAAC,KAAK,CAAC;gBACxB,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAClG,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,cAAc,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;gBAC7D,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBACjE,MAAM,QAAQ,GAAa,EAAE,CAAC;gBAC9B,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;oBACzC,IAAI,UAAU,EAAE,CAAC;wBACf,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,+BAA+B,EAAE,CAAC,CAAC;wBACpE,SAAS;oBACX,CAAC;oBACD,IAAI,QAAQ,EAAE,CAAC;wBACb,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,CACpC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CACpG,CAAC;wBACF,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;4BAClB,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,oBAAoB,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;4BACzE,SAAS;wBACX,CAAC;oBACH,CAAC;yBAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACrB,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,8CAA8C,EAAE,CAAC,CAAC;wBACnF,SAAS;oBACX,CAAC;yBAAM,CAAC;wBACN,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,wEAAwE;oBAC/F,CAAC;oBACD,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACpB,CAAC;gBACD,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;oBACpB,MAAM,cAAc,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;oBACjG,OAAO,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;gBAC5B,CAAC;gBACD,SAAS,GAAG,IAAI,CAAC,CAAC,yDAAyD;YAC7E,CAAC;oBAAS,CAAC;gBACT,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;YAClB,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,MAAM,CAAC,MAAM,gCAAiC,CAAW,CAAC,OAAO,sFAAsF,MAAM,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC;QACxM,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,MAAM,CAAC,MAAM,8GAA8G,MAAM,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC;IAC5K,CAAC;IAED,oGAAoG;IACpG,qGAAqG;IACrG,mGAAmG;IACnG,yCAAyC;IACzC,mGAAmG;IACnG,gGAAgG;IAChG,6FAA6F;IAC7F,MAAM,eAAe,GAAG,SAAS,IAAI,SAAS,CAAC;IAC/C,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;IACpC,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,eAAe,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAChI,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IACvF,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAEjE,qGAAqG;IACrG,kGAAkG;IAClG,sDAAsD;IACtD,qGAAqG;IACrG,iGAAiG;IACjG,kGAAkG;IAClG,8FAA8F;IAC9F,uGAAuG;IACvG,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC5C,KAAK,MAAM,EAAE,IAAI,SAAS,EAAE,CAAC;QAC3B,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;YAAE,SAAS,CAAC,gEAAgE;QACxG,MAAM,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QACjC,IAAI,GAAG,KAAK,SAAS;YAAE,SAAS,CAAC,+BAA+B;QAChE,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACjB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,IAAI,wFAAwF,CAAC,CAAC,CAAC;YAChI,SAAS;QACX,CAAC;QACD,IAAI,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,IAAI,0CAA0C,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,iCAAiC,CAAC,CAAC,CAAC;YACzJ,SAAS;QACX,CAAC;QACD,IAAI,CAAC;YACH,IAAI,kBAAkB,CAAC,EAAE,CAAC,IAAI,CAAC;gBAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,yBAAyB,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAC1F,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,IAAI,WAAY,CAAW,CAAC,OAAO,uBAAuB,CAAC,CAAC,CAAC;YAC9F,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,sEAAsE;QACtG,CAAC;IACH,CAAC;IAED,kGAAkG;IAClG,oGAAoG;IACpG,mGAAmG;IACnG,mGAAmG;IACnG,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,aAAa,EAAE,GAAG,iBAAiB,CAAC,CAAC,CAAC;IACpE,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,KAAK,CAAC,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC,CAAC;IAEzE,KAAK,MAAM,CAAC,IAAI,OAAO;QAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC,CAAC;IAClJ,IAAI,UAAU,CAAC,MAAM;QACnB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,mBAAmB,UAAU,CAAC,MAAM,2GAA2G,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;IAEjN,IAAI,QAAQ,EAAE,CAAC;QACb,+FAA+F;QAC/F,IAAI,CAAC;YACH,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAC/B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,oBAAqB,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACtE,CAAC;QACD,IAAI,MAAM;YAAE,MAAM,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC;YACH,kBAAkB,CAAC,UAAU,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,eAAgB,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACjE,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,mBAAmB,MAAM,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,cAAc,OAAO,CAAC,MAAM,gBAAgB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAChL,CAAC;SAAM,CAAC;QACN,oGAAoG;QACpG,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC9E,MAAM,SAAS,GAAe,EAAE,GAAG,MAAM,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE,MAAM,EAAE,YAAY,EAAE,EAAE,CAAC;QAC7G,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CACT,CAAC,CAAC,MAAM,CAAC,6BAA6B,MAAM,CAAC,KAAK,EAAE,CAAC;YACnD,CAAC,CAAC,GAAG,CAAC,MAAM,YAAY,CAAC,MAAM,eAAe,kBAAkB,CAAC,MAAM,sCAAsC,CAAC,CACjH,CAAC;QACF,IAAI,iBAAiB,CAAC,IAAI;YAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,6CAA6C,iBAAiB,CAAC,IAAI,mCAAmC,CAAC,CAAC,CAAC;QACvJ,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,4DAA4D,MAAM,CAAC,YAAY,UAAU,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAC5H,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,qBAAqB;IAC7C,CAAC;AACH,CAAC;AAED;;;6CAG6C;AAC7C,SAAS,WAAW,CAAC,IAAY;IAC/B,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;QAC3B,IAAI,EAAE,CAAC,cAAc,EAAE,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE;YAAE,OAAO,IAAI,CAAC;QACrD,GAAG,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACnC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAK,CAA2B,CAAC,IAAI,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QACrE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC;IAC9F,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAsB,CAAC;QAC7G,OAAO,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IAC5D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;oGACoG;AACpG,KAAK,UAAU,UAAU,CAAC,IAAY,EAAE,KAAa;IACnD,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1C,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,KAAK,KAAK;QAAE,OAAO,SAAS,CAAC;IACpD,OAAO,SAAS,CAAC,IAAI,EAAE,WAAW,EAAE,EAAE,SAAS,CAAC,CAAC;AACnD,CAAC"}

package/dist/commands/down.d.ts

@@ -1,4 +1,6 @@
-/** Stop the background processes started by `cotal up --detach` / `cotal setup`:
- *  the manager, the delivery daemon, the web dashboard, and the mesh. */
-export declare function down(): Promise<void>;
+/** Stop the background processes started by `cotal up --detach` / `cotal setup`: the manager, the
+ *  delivery daemon, the web dashboard, and the mesh. With `-f <cotal.yaml>` (or `--run <id>`) it does
+ *  an ownership-scoped teardown of a `spawn -f` deploy instead — removing ONLY what that run created
+ *  (its agents + the channels it added), from the ledger, never the whole shared mesh. */
+export declare function down(argv?: string[]): Promise<void>;
 //# sourceMappingURL=down.d.ts.map

package/dist/commands/down.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"down.d.ts","sourceRoot":"","sources":["../../src/commands/down.ts"],"names":[],"mappings":"AAMA;yEACyE;AACzE,wBAAsB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAyB1C"}
+{"version":3,"file":"down.d.ts","sourceRoot":"","sources":["../../src/commands/down.ts"],"names":[],"mappings":"AAQA;;;0FAG0F;AAC1F,wBAAsB,IAAI,CAAC,IAAI,GAAE,MAAM,EAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAyC7D"}

package/dist/commands/down.js

@@ -1,11 +1,28 @@
 import { existsSync, readFileSync, rmSync } from "node:fs";
-import { clearCurrent, getCurrent, removeMesh } from "@cotal-ai/core";
+import { parseArgs } from "node:util";
+import { clearCurrent, getCurrent, removeMesh } from "@cotal-ai/workspace";
 import { c } from "../ui.js";
 import { cotalPath } from "../lib/paths.js";
 import { resolveSpace } from "../lib/status.js";
-/** Stop the background processes started by `cotal up --detach` / `cotal setup`:
- *  the manager, the delivery daemon, the web dashboard, and the mesh. */
-export async function down() {
+import { downManifest } from "./down-manifest.js";
+/** Stop the background processes started by `cotal up --detach` / `cotal setup`: the manager, the
+ *  delivery daemon, the web dashboard, and the mesh. With `-f <cotal.yaml>` (or `--run <id>`) it does
+ *  an ownership-scoped teardown of a `spawn -f` deploy instead — removing ONLY what that run created
+ *  (its agents + the channels it added), from the ledger, never the whole shared mesh. */
+export async function down(argv = []) {
+    const { values } = parseArgs({
+        args: argv,
+        allowPositionals: true,
+        options: {
+            file: { type: "string", short: "f" }, // ownership-scoped teardown of a spawn -f deploy
+            run: { type: "string" }, // tear down by run id (when the manifest was edited since spawn -f)
+            "dry-run": { type: "boolean" }, // print what would be removed, change nothing
+        },
+    });
+    if (values.file || values.run) {
+        await downManifest(values.file ?? "<run>", { run: values.run, dryRun: Boolean(values["dry-run"]) });
+        return;
+    }
     const targets = [
         ["manager.pid", "manager"],
         ["delivery.pid", "delivery daemon"],
@@ -24,6 +41,9 @@ export async function down() {
     // marker. Drop them with the processes so a stale creds file / marker never lingers.
     for (const f of ["delivery.creds", "manager.delivery-aware"])
         rmSync(cotalPath(f), { force: true });
+    // Transient `cotal up -f` launch artifacts (launch specs + materialized runtime personas). `up -f`
+    // owns the whole mesh, so tearing it down clears all run dirs — they're never authoritative source.
+    rmSync(cotalPath("run"), { recursive: true, force: true });
     // Drop this folder's mesh from the registry (and the `current` pointer if it was the default).
     const space = resolveSpace(process.cwd());
     removeMesh(space);

package/dist/commands/down.js.map

@@ -1 +1 @@
-{"version":3,"file":"down.js","sourceRoot":"","sources":["../../src/commands/down.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AACtE,OAAO,EAAE,CAAC,EAAE,MAAM,UAAU,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAEhD;yEACyE;AACzE,MAAM,CAAC,KAAK,UAAU,IAAI;IACxB,MAAM,OAAO,GAA4B;QACvC,CAAC,aAAa,EAAE,SAAS,CAAC;QAC1B,CAAC,cAAc,EAAE,iBAAiB,CAAC;QACnC,CAAC,SAAS,EAAE,eAAe,CAAC;QAC5B,CAAC,UAAU,EAAE,aAAa,CAAC;KAC5B,CAAC;IACF,IAAI,GAAG,GAAG,KAAK,CAAC;IAChB,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,OAAO,EAAE,CAAC;QACpC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;QAChC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;YAAE,SAAS;QACnC,GAAG,GAAG,IAAI,CAAC;QACX,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACvB,CAAC;IACD,qGAAqG;IACrG,qFAAqF;IACrF,KAAK,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,wBAAwB,CAAC;QAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACpG,+FAA+F;IAC/F,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAC1C,UAAU,CAAC,KAAK,CAAC,CAAC;IAClB,IAAI,UAAU,EAAE,KAAK,KAAK;QAAE,YAAY,EAAE,CAAC;IAC3C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,yFAAyF,CAAC,CAAC,CAAC;QAChH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,SAAS,IAAI,CAAC,OAAe,EAAE,KAAa;IAC1C,MAAM,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACzD,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,KAAK,SAAS,GAAG,GAAG,CAAC,CAAC,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,SAAS,GAAG,oBAAoB,CAAC,CAAC,CAAC;IAC/D,CAAC;IACD,MAAM,CAAC,OAAO,CAAC,CAAC;AAClB,CAAC"}
+{"version":3,"file":"down.js","sourceRoot":"","sources":["../../src/commands/down.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC3D,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAC3E,OAAO,EAAE,CAAC,EAAE,MAAM,UAAU,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD;;;0FAG0F;AAC1F,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,OAAiB,EAAE;IAC5C,MAAM,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;QAC3B,IAAI,EAAE,IAAI;QACV,gBAAgB,EAAE,IAAI;QACtB,OAAO,EAAE;YACP,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,iDAAiD;YACvF,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,oEAAoE;YAC7F,SAAS,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,8CAA8C;SAC/E;KACF,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,YAAY,CAAC,MAAM,CAAC,IAAI,IAAI,OAAO,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC;QACpG,OAAO;IACT,CAAC;IACD,MAAM,OAAO,GAA4B;QACvC,CAAC,aAAa,EAAE,SAAS,CAAC;QAC1B,CAAC,cAAc,EAAE,iBAAiB,CAAC;QACnC,CAAC,SAAS,EAAE,eAAe,CAAC;QAC5B,CAAC,UAAU,EAAE,aAAa,CAAC;KAC5B,CAAC;IACF,IAAI,GAAG,GAAG,KAAK,CAAC;IAChB,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,OAAO,EAAE,CAAC;QACpC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;QAChC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;YAAE,SAAS;QACnC,GAAG,GAAG,IAAI,CAAC;QACX,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACvB,CAAC;IACD,qGAAqG;IACrG,qFAAqF;IACrF,KAAK,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,wBAAwB,CAAC;QAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACpG,mGAAmG;IACnG,oGAAoG;IACpG,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3D,+FAA+F;IAC/F,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAC1C,UAAU,CAAC,KAAK,CAAC,CAAC;IAClB,IAAI,UAAU,EAAE,KAAK,KAAK;QAAE,YAAY,EAAE,CAAC;IAC3C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,yFAAyF,CAAC,CAAC,CAAC;QAChH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,SAAS,IAAI,CAAC,OAAe,EAAE,KAAa;IAC1C,MAAM,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACzD,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,KAAK,SAAS,GAAG,GAAG,CAAC,CAAC,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,SAAS,GAAG,oBAAoB,CAAC,CAAC,CAAC;IAC/D,CAAC;IACD,MAAM,CAAC,OAAO,CAAC,CAAC;AAClB,CAAC"}

package/dist/commands/meshes.js

@@ -1,4 +1,4 @@
-import { getCurrent, loadMeshes } from "@cotal-ai/core";
+import { getCurrent, loadMeshes } from "@cotal-ai/workspace";
 import { c } from "../ui.js";
 import { pruneStaleMeshes } from "../lib/meshes.js";
 /** `cotal meshes` — list the running meshes (one `cotal up` each), with a `*` on the `current`

package/dist/commands/meshes.js.map

@@ -1 +1 @@
-{"version":3,"file":"meshes.js","sourceRoot":"","sources":["../../src/commands/meshes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,EAAE,CAAC,EAAE,MAAM,UAAU,CAAC;AAC7B,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEpD;;0EAE0E;AAC1E,MAAM,CAAC,KAAK,UAAU,MAAM;IAC1B,MAAM,gBAAgB,EAAE,CAAC;IACzB,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC,CAAC;QACpE,OAAO;IACT,CAAC;IACD,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,KAAK,MAAM,CAAC,IAAI,GAAG,EAAE,CAAC;QACpB,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;IACjG,CAAC;IACD,gGAAgG;IAChG,kFAAkF;IAClF,IAAI,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,oBAAoB,OAAO,2DAA2D,CAAC,CAAC,CAAC;AAC/G,CAAC"}
+{"version":3,"file":"meshes.js","sourceRoot":"","sources":["../../src/commands/meshes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,CAAC,EAAE,MAAM,UAAU,CAAC;AAC7B,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEpD;;0EAE0E;AAC1E,MAAM,CAAC,KAAK,UAAU,MAAM;IAC1B,MAAM,gBAAgB,EAAE,CAAC;IACzB,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC,CAAC;QACpE,OAAO;IACT,CAAC;IACD,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,KAAK,MAAM,CAAC,IAAI,GAAG,EAAE,CAAC;QACpB,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;IACjG,CAAC;IACD,gGAAgG;IAChG,kFAAkF;IAClF,IAAI,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,oBAAoB,OAAO,2DAA2D,CAAC,CAAC,CAAC;AAC/G,CAAC"}

package/dist/commands/mint.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mint.d.ts","sourceRoot":"","sources":["../../src/commands/mint.ts"],"names":[],"mappings":"AAgBA;;;;oGAIoG;AACpG,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAyExD"}
+{"version":3,"file":"mint.d.ts","sourceRoot":"","sources":["../../src/commands/mint.ts"],"names":[],"mappings":"AAeA;;;;oGAIoG;AACpG,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAyExD"}

package/dist/commands/mint.js

@@ -1,7 +1,8 @@
 import { mkdirSync, writeFileSync, existsSync } from "node:fs";
 import { resolve, join, dirname } from "node:path";
 import { parseArgs } from "node:util";
-import { authDir, agentFilePath, loadAgentFile, loadSpaceAuth, mintCreds, newIdentity, stripSpaceAuth, } from "@cotal-ai/core";
+import { agentFilePath, loadAgentFile, mintCreds, newIdentity, stripSpaceAuth, } from "@cotal-ai/core";
+import { authDir, loadSpaceAuth } from "@cotal-ai/workspace";
 import { cotalRoot } from "../lib/paths.js";
 import { c } from "../ui.js";
 /** Out-of-band cred minting: generate an identity, sign a profile-scoped user JWT with the

package/dist/commands/mint.js.map

@@ -1 +1 @@
-{"version":3,"file":"mint.js","sourceRoot":"","sources":["../../src/commands/mint.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EACL,OAAO,EACP,aAAa,EACb,aAAa,EACb,aAAa,EACb,SAAS,EACT,WAAW,EACX,cAAc,GAEf,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,CAAC,EAAE,MAAM,UAAU,CAAC;AAE7B;;;;oGAIoG;AACpG,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,IAAc;IACvC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,SAAS,CAAC;QACxC,IAAI,EAAE,IAAI;QACV,gBAAgB,EAAE,IAAI;QACtB,OAAO,EAAE;YACP,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YAC3B,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YACvB,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,8DAA8D;YAC3F,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,+CAA+C;YAC3E,iBAAiB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,sCAAsC;YAC7E,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,sCAAsC;SAC5E;KACF,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IAEjC,mGAAmG;IACnG,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC,CAAC;YACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,IAAI,aAAa,CAAC,CAAC;QACjD,IAAI,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACrC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,GAAG,6CAA6C,CAAC,CAAC,CAAC;YAC1E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACnF,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,6BAA6B,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAC,CAAC;QAC7F,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IAC5B,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,wHAAwH,CAAC,CAAC,CAAC;QAC/I,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,SAAS,GAAG,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACtG,MAAM,OAAO,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,OAAO,CAAY,CAAC;IACvD,IAAI,OAAO,KAAK,OAAO,IAAI,OAAO,KAAK,UAAU,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACzE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,oBAAoB,OAAO,wCAAwC,CAAC,CAAC,CAAC;QAC1F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,0FAA0F;IAC1F,iGAAiG;IACjG,0FAA0F;IAC1F,kGAAkG;IAClG,2FAA2F;IAC3F,IAAI,cAAoC,CAAC;IACzC,IAAI,YAAkC,CAAC;IACvC,IAAI,IAAwB,CAAC;IAC7B,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,MAAM,CAAC,GAAG,aAAa,CAAC,SAAS,EAAE,EAAE,IAAI,CAAC,CAAC;QAC3C,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACzD,cAAc,GAAG,SAAS,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,IAAI,GAAG,EAAE,cAAc,IAAI,GAAG,EAAE,SAAS,CAAC;QAC/F,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,GAAG,EAAE,YAAY,CAAC;QACvE,IAAI,GAAG,GAAG,EAAE,IAAI,CAAC;IACnB,CAAC;IACD,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;IAC/F,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,IAAI,QAAQ,CAAC,CAAC,CAAC;IACvE,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,aAAa,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,OAAO,eAAe,IAAI,GAAG,CAAC,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,GAAG,EAAE,CAAC,CAAC,CAAC;AACxC,CAAC"}
+{"version":3,"file":"mint.js","sourceRoot":"","sources":["../../src/commands/mint.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EACL,aAAa,EACb,aAAa,EACb,SAAS,EACT,WAAW,EACX,cAAc,GAEf,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,CAAC,EAAE,MAAM,UAAU,CAAC;AAE7B;;;;oGAIoG;AACpG,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,IAAc;IACvC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,SAAS,CAAC;QACxC,IAAI,EAAE,IAAI;QACV,gBAAgB,EAAE,IAAI;QACtB,OAAO,EAAE;YACP,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YAC3B,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YACvB,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,8DAA8D;YAC3F,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,+CAA+C;YAC3E,iBAAiB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,sCAAsC;YAC7E,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,sCAAsC;SAC5E;KACF,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IAEjC,mGAAmG;IACnG,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC,CAAC;YACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,IAAI,aAAa,CAAC,CAAC;QACjD,IAAI,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACrC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,GAAG,6CAA6C,CAAC,CAAC,CAAC;YAC1E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACnF,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,6BAA6B,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAC,CAAC;QAC7F,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IAC5B,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,wHAAwH,CAAC,CAAC,CAAC;QAC/I,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,SAAS,GAAG,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACtG,MAAM,OAAO,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,OAAO,CAAY,CAAC;IACvD,IAAI,OAAO,KAAK,OAAO,IAAI,OAAO,KAAK,UAAU,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACzE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,oBAAoB,OAAO,wCAAwC,CAAC,CAAC,CAAC;QAC1F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,0FAA0F;IAC1F,iGAAiG;IACjG,0FAA0F;IAC1F,kGAAkG;IAClG,2FAA2F;IAC3F,IAAI,cAAoC,CAAC;IACzC,IAAI,YAAkC,CAAC;IACvC,IAAI,IAAwB,CAAC;IAC7B,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,MAAM,CAAC,GAAG,aAAa,CAAC,SAAS,EAAE,EAAE,IAAI,CAAC,CAAC;QAC3C,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACzD,cAAc,GAAG,SAAS,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,IAAI,GAAG,EAAE,cAAc,IAAI,GAAG,EAAE,SAAS,CAAC;QAC/F,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,GAAG,EAAE,YAAY,CAAC;QACvE,IAAI,GAAG,GAAG,EAAE,IAAI,CAAC;IACnB,CAAC;IACD,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;IAC/F,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,IAAI,QAAQ,CAAC,CAAC,CAAC;IACvE,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,aAAa,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,OAAO,eAAe,IAAI,GAAG,CAAC,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,GAAG,EAAE,CAAC,CAAC,CAAC;AACxC,CAAC"}

package/dist/commands/setup.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../../src/commands/setup.ts"],"names":[],"mappings":"AAwCA;;4FAE4F;AAC5F,wBAAsB,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAgBzD;AAED;;0EAE0E;AAC1E,wBAAsB,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAEtD;AAwID;;;gGAGgG;AAChG,wBAAsB,kBAAkB,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CA0BpE"}
+{"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../../src/commands/setup.ts"],"names":[],"mappings":"AAuCA;;4FAE4F;AAC5F,wBAAsB,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAgBzD;AAED;;0EAE0E;AAC1E,wBAAsB,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAEtD;AAwID;;;gGAGgG;AAChG,wBAAsB,kBAAkB,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CA0BpE"}

package/dist/commands/setup.js

@@ -4,7 +4,8 @@ import { homedir } from "node:os";
 import { join } from "node:path";
 import { parseArgs } from "node:util";
 import * as p from "@clack/prompts";
-import { authDir, DEFAULT_SERVER, isReachable, loadSpaceAuth, registry, } from "@cotal-ai/core";
+import { DEFAULT_SERVER, isReachable, registry, } from "@cotal-ai/core";
+import { authDir, loadSpaceAuth } from "@cotal-ai/workspace";
 import { brand, brandBold, dim, ok, note, splash } from "../lib/theme.js";
 import { LivePane } from "../lib/live-window.js";
 import { runSteps } from "../lib/steps.js";
@@ -15,7 +16,7 @@ import { isOnboarded, markOnboarded } from "../lib/onboard.js";
 import { machineStatus, meshStatus, onPath, resolveSpace } from "../lib/status.js";
 import { startMeshDetached, up } from "./up.js";
 import { ensureWeb, webUp, WEB_URL } from "./web.js";
-import { cmuxManagerRunning, managerUp, pgrepMatches, stopManager } from "../lib/manager-proc.js";
+import { cmuxManagerRunning, tmuxManagerRunning, managerUp, pgrepMatches, stopManager } from "../lib/manager-proc.js";
 import { ensureControlPlane } from "../lib/delivery-proc.js";
 import { cotalOnPath, displayCmd, isNpx, selfArgv } from "../lib/self-exec.js";
 import { cotalPath, cotalRoot } from "../lib/paths.js";
@@ -268,24 +269,42 @@ async function offerDemo(haveClaude) {
     const isTTY = Boolean(process.stdin.isTTY);
     if (haveClaude && haveAgents && isTTY) {
         const cmux = inCmuxSurface();
-        const go = abortIfCancel(await p.confirm({
-            message: cmux
-                ? "Open the cmux demo? A Claude you drive, with david and sven helping in cmux tabs."
-                : "Open the demo? A Claude you drive, with david and sven helping in the background.",
-            initialValue: true,
-        }));
-        if (go) {
-            if (cmux) {
+        const tmux = inTmuxSurface();
+        if (cmux) {
+            const go = abortIfCancel(await p.confirm({
+                message: "Open the cmux demo? A Claude you drive, with david and sven helping in cmux tabs.",
+                initialValue: true,
+            }));
+            if (go) {
                 ensureCmuxSession(cotalRoot());
                 p.log.success("Session open: drive the 'cotal-main' pane; david and sven are on the mesh in the background.");
                 return;
             }
-            // Non-cmux: a background pty manager pre-spawns david/sven (managed, despawnable), then we
-            // hand this terminal to the driving session. (auth → delivery daemon first, then the manager.)
-            await ensureControlPlane({ space: resolveSpace(process.cwd()), server: DEFAULT_SERVER, spawn: [...DEMO_TEAM] });
-            p.outro(brand("Launching your session... david and sven are warming up in the background."));
-            await spawn(["me", "--prompt", ME_GREETING]);
-            process.exit(0);
+        }
+        if (tmux) {
+            const go = abortIfCancel(await p.confirm({
+                message: "Open the tmux demo? A Claude you drive, with david and sven helping in tmux windows.",
+                initialValue: true,
+            }));
+            if (go) {
+                ensureTmuxSession(cotalRoot());
+                p.log.success("Session open: switch to the 'cotal-main' window; david and sven are warming up in the background.");
+                return;
+            }
+        }
+        if (!cmux && !tmux) {
+            const go = abortIfCancel(await p.confirm({
+                message: "Open the demo? A Claude you drive, with david and sven helping in the background.",
+                initialValue: true,
+            }));
+            if (go) {
+                // Background pty manager pre-spawns david/sven (managed, despawnable), then we hand this
+                // terminal to the driving session. (auth → delivery daemon first, then the manager.)
+                await ensureControlPlane({ space: resolveSpace(process.cwd()), server: DEFAULT_SERVER, spawn: [...DEMO_TEAM] });
+                p.outro(brand("Launching your session... david and sven are warming up in the background."));
+                await spawn(["me", "--prompt", ME_GREETING]);
+                process.exit(0);
+            }
         }
     }
     else if (isTTY && haveAgents && !haveClaude) {
@@ -311,6 +330,10 @@ const ME_GREETING = "Greet the operator in a few short lines. Open with one line
 function inCmuxSurface() {
     return Boolean(process.env.CMUX_SURFACE_ID);
 }
+/** True when we're running inside a tmux session (tmux sets `$TMUX` to the socket path). */
+function inTmuxSurface() {
+    return Boolean(process.env.TMUX);
+}
 /** (Re)open the cmux working session, idempotently. A background cmux-runtime manager pre-spawns
  *  david/sven (so they're managed teammates you can `cotal_despawn`) into their own tabs; the
  *  focused `cotal-main` workspace is the console + the driving session "me" (your foreground
@@ -362,6 +385,33 @@ function ensureCmuxSession(cwd) {
         }, { focus: true });
     }
 }
+/** (Re)open the tmux working session, idempotently. Mirrors ensureCmuxSession using the "tmux"
+ *  terminal provider: a background window runs the tmux-runtime manager (pre-spawning david/sven);
+ *  the focused "cotal-main" window has the console + driving session "me". */
+function ensureTmuxSession(cwd) {
+    const term = registry.resolve("terminal", "tmux");
+    stopManager();
+    const cotal = selfArgv();
+    const run = (...args) => ({ command: cotal[0], args: [...cotal.slice(1), ...args], cwd });
+    const space = resolveSpace(cwd);
+    if (!/^[A-Za-z0-9_.-]+$/.test(space))
+        throw new Error(`cotal setup: unsafe space ${JSON.stringify(space)} (allowed: letters, digits, _ . -)`);
+    if (!tmuxManagerRunning(space)) {
+        for (const label of ["cotal-manager", ...DEMO_TEAM.map((n) => `cotal-${n}`)])
+            closeStaleTabs(term, label);
+        term.open("cotal-manager", { panes: [run("supervise", "--runtime", "tmux", "--space", space, "--spawn", DEMO_TEAM.join(","))] }, { focus: false });
+    }
+    if (!pgrepMatches(`spawn me --space ${space}`)) {
+        closeStaleTabs(term, "cotal-main");
+        term.open("cotal-main", {
+            split: { direction: "vertical", ratio: 0.34 },
+            panes: [
+                run("console", "--space", space),
+                { ...run("spawn", "me", "--space", space, "--prompt", ME_GREETING), confirm: true },
+            ],
+        }, { focus: true });
+    }
+}
 /** Close any lingering cmux tabs labelled `name` (dead tabs persist in the tab list after their
  *  process exits) so a freshly opened one is the only instance. */
 function closeStaleTabs(term, name) {