@dmsdc-ai/aigentry-telepty 0.1.67 → 0.1.69

package/cli.js

@@ -15,6 +15,7 @@ const { attachInteractiveTerminal, getTerminalSize } = require('./interactive-te
 const { getRuntimeInfo } = require('./runtime-info');
 const { formatHostLabel, groupSessionsByHost, pickSessionTarget } = require('./session-routing');
 const { runInteractiveSkillInstaller } = require('./skill-installer');
+const crossMachine = require('./cross-machine');
 const args = process.argv.slice(2);
 let pendingTerminalInputError = null;
 let simulatedPromptErrorInjected = false;
@@ -208,30 +209,16 @@ function getDiscoveryHosts() {
     .filter(Boolean);
   extraHosts.forEach((host) => hosts.add(host));
 
-  // Also include relay peers for cross-machine session discovery
+  // Include relay peers for cross-machine session discovery
   const relayPeers = String(process.env.TELEPTY_RELAY_PEERS || '')
     .split(',')
     .map((host) => host.trim())
     .filter(Boolean);
   relayPeers.forEach((host) => hosts.add(host));
 
-  if (REMOTE_HOST && REMOTE_HOST !== '127.0.0.1') {
-    return Array.from(hosts);
-  }
-
-  try {
-    const tsStatus = execSync('tailscale status --json', { encoding: 'utf8', stdio: ['pipe', 'pipe', 'ignore'] });
-    const tsData = JSON.parse(tsStatus);
-    if (tsData && tsData.Peer) {
-      for (const peer of Object.values(tsData.Peer)) {
-        if (peer.Online && peer.TailscaleIPs && peer.TailscaleIPs.length > 0) {
-          hosts.add(peer.TailscaleIPs[0]);
-        }
-      }
-    }
-  } catch (e) {
-    // Tailscale not available or not running, ignore
-  }
+  // Include SSH tunnel-connected peers
+  const connectedHosts = crossMachine.getConnectedHosts();
+  connectedHosts.forEach((host) => hosts.add(host));
 
   return Array.from(hosts);
 }
@@ -242,7 +229,7 @@ async function discoverSessions(options = {}) {
   const allSessions = [];
 
   if (!options.silent) {
-    process.stdout.write('\x1b[36m🔍 Discovering active sessions across your Tailnet...\x1b[0m\n');
+    process.stdout.write('\x1b[36m🔍 Discovering active sessions across connected machines...\x1b[0m\n');
   }
 
   await Promise.all(hosts.map(async (host) => {
@@ -710,7 +697,8 @@ async function main() {
           command,
           cwd: process.cwd(),
           backend: detectedBackend,
-          cmux_workspace_id: process.env.CMUX_WORKSPACE_ID || null
+          cmux_workspace_id: process.env.CMUX_WORKSPACE_ID || null,
+          cmux_surface_id: process.env.CMUX_SURFACE_ID || null
         })
       });
       const data = await res.json();
@@ -789,7 +777,8 @@ async function main() {
               command,
               cwd: process.cwd(),
               backend: detectedBackend,
-              cmux_workspace_id: process.env.CMUX_WORKSPACE_ID || null
+              cmux_workspace_id: process.env.CMUX_WORKSPACE_ID || null,
+              cmux_surface_id: process.env.CMUX_SURFACE_ID || null
             })
           });
         } catch (e) {
@@ -1874,6 +1863,85 @@ Discuss the following topic from your project's perspective. Engage with other s
     return;
   }
 
+  // telepty connect <target> [--name <name>] [--port <port>]
+  if (cmd === 'connect') {
+    const target = args[1];
+    if (!target) {
+      console.error('❌ Usage: telepty connect <user@host> [--name <name>] [--port <port>]');
+      process.exit(1);
+    }
+    const nameFlag = args.indexOf('--name');
+    const portFlag = args.indexOf('--port');
+    const options = {};
+    if (nameFlag !== -1 && args[nameFlag + 1]) options.name = args[nameFlag + 1];
+    if (portFlag !== -1 && args[portFlag + 1]) options.port = Number(args[portFlag + 1]);
+
+    process.stdout.write(`\x1b[36m🔗 Connecting to ${target}...\x1b[0m\n`);
+    const result = await crossMachine.connect(target, options);
+    if (result.success) {
+      console.log(`\x1b[32m✅ Connected to ${result.name}\x1b[0m`);
+      console.log(`   Machine ID: ${result.machineId}`);
+      console.log(`   Local port: ${result.localPort}`);
+      console.log(`   Version: ${result.version}`);
+      console.log(`\nSessions on ${result.name} are now discoverable via \x1b[36mtelepty list\x1b[0m`);
+    } else {
+      console.error(`\x1b[31m❌ ${result.error}\x1b[0m`);
+      process.exit(1);
+    }
+    return;
+  }
+
+  // telepty disconnect [<name> | --all]
+  if (cmd === 'disconnect') {
+    if (args[1] === '--all') {
+      const result = crossMachine.disconnectAll();
+      console.log(`\x1b[32m✅ Disconnected from ${result.disconnected.length} peer(s)\x1b[0m`);
+    } else if (args[1]) {
+      const result = crossMachine.disconnect(args[1]);
+      if (result.success) {
+        console.log(`\x1b[32m✅ Disconnected from ${result.name}\x1b[0m`);
+      } else {
+        console.error(`\x1b[31m❌ ${result.error}\x1b[0m`);
+      }
+    } else {
+      console.error('❌ Usage: telepty disconnect <name> | --all');
+      process.exit(1);
+    }
+    return;
+  }
+
+  // telepty peers [--remove <name>]
+  if (cmd === 'peers') {
+    if (args[1] === '--remove' && args[2]) {
+      crossMachine.removePeer(args[2]);
+      console.log(`\x1b[32m✅ Removed peer ${args[2]}\x1b[0m`);
+      return;
+    }
+
+    const active = crossMachine.listActivePeers();
+    const known = crossMachine.listKnownPeers();
+
+    console.log('\x1b[1mConnected Peers:\x1b[0m');
+    if (active.length === 0) {
+      console.log('  (none)');
+    } else {
+      for (const peer of active) {
+        console.log(`  \x1b[32m●\x1b[0m ${peer.name} (${peer.target}) → localhost:${peer.localPort} [${peer.machineId}]`);
+      }
+    }
+
+    const knownNames = Object.keys(known);
+    const disconnected = knownNames.filter(n => !active.find(a => a.name === n));
+    if (disconnected.length > 0) {
+      console.log('\n\x1b[1mKnown Peers (disconnected):\x1b[0m');
+      for (const name of disconnected) {
+        const p = known[name];
+        console.log(`  \x1b[90m○\x1b[0m ${name} (${p.target}) — last: ${p.lastConnected || 'never'}`);
+      }
+    }
+    return;
+  }
+
   if (cmd === 'listen' || cmd === 'monitor') {
     await ensureDaemonRunning();
     
@@ -1959,6 +2027,9 @@ Usage:
   telepty multicast <id1[@host],id2[@host]> "<prompt>"  Inject text into multiple specific sessions
   telepty broadcast "<prompt>"                   Inject text into ALL active sessions
   telepty rename <old_id[@host]> <new_id>        Rename a session (updates terminal title too)
+  telepty connect <user@host> [--name N] [--port P]  Connect to a remote machine via SSH tunnel
+  telepty disconnect <name> | --all              Disconnect from a remote machine
+  telepty peers [--remove <name>]                List connected and known peers
   telepty listen                                 Listen to the event bus and print JSON to stdout
   telepty monitor                                Human-readable real-time billboard of bus events
   telepty update                                 Update telepty to the latest version

package/cross-machine.js

@@ -0,0 +1,221 @@
+'use strict';
+
+const { spawn } = require('child_process');
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+const PEERS_PATH = path.join(os.homedir(), '.telepty', 'peers.json');
+const BASE_LOCAL_PORT = 3849; // tunnels start at this port
+
+// In-memory active tunnels
+const activeTunnels = new Map(); // name -> { process, localPort, target, connectedAt, ... }
+
+function loadPeers() {
+  try {
+    if (!fs.existsSync(PEERS_PATH)) return { peers: {} };
+    return JSON.parse(fs.readFileSync(PEERS_PATH, 'utf8'));
+  } catch { return { peers: {} }; }
+}
+
+function savePeers(data) {
+  try {
+    fs.mkdirSync(path.dirname(PEERS_PATH), { recursive: true });
+    fs.writeFileSync(PEERS_PATH, JSON.stringify(data, null, 2));
+  } catch {}
+}
+
+function getNextLocalPort() {
+  const usedPorts = new Set([...activeTunnels.values()].map(t => t.localPort));
+  let port = BASE_LOCAL_PORT;
+  while (usedPorts.has(port)) port++;
+  return port;
+}
+
+/**
+ * Connect to a remote machine via SSH tunnel.
+ * @param {string} target - "user@host" or "host" (uses current user)
+ * @param {object} options - { name, port }
+ * @returns {Promise<object>} - { success, name, localPort, machineId, version } or { success: false, error }
+ */
+async function connect(target, options = {}) {
+  const remotePort = options.port || 3848;
+  const localPort = getNextLocalPort();
+
+  // Parse target
+  let sshTarget = target;
+  if (!target.includes('@')) {
+    sshTarget = `${os.userInfo().username}@${target}`;
+  }
+
+  const name = options.name || target.split('@').pop().split('.')[0]; // short hostname
+
+  // Check if already connected
+  if (activeTunnels.has(name)) {
+    const existing = activeTunnels.get(name);
+    return { success: false, error: `Already connected to ${name} on port ${existing.localPort}` };
+  }
+
+  // Create SSH tunnel
+  const tunnel = spawn('ssh', [
+    '-N',                                           // No remote command
+    '-L', `${localPort}:localhost:${remotePort}`,   // Local port forwarding
+    '-o', 'ServerAliveInterval=30',                 // Keep alive
+    '-o', 'ServerAliveCountMax=3',                  // Disconnect after 3 missed keepalives
+    '-o', 'ExitOnForwardFailure=yes',               // Fail if port forwarding fails
+    '-o', 'ConnectTimeout=10',                      // Connection timeout
+    '-o', 'StrictHostKeyChecking=accept-new',       // Auto-accept new host keys
+    sshTarget
+  ], {
+    stdio: ['ignore', 'pipe', 'pipe'],
+    detached: false
+  });
+
+  // Wait for tunnel to establish or fail
+  const result = await new Promise((resolve) => {
+    let stderr = '';
+    const timeout = setTimeout(() => {
+      // If process is still running after 5s, tunnel is up
+      if (!tunnel.killed && tunnel.exitCode === null) {
+        resolve({ success: true });
+      } else {
+        resolve({ success: false, error: stderr || 'Connection timeout' });
+      }
+    }, 5000);
+
+    tunnel.stderr.on('data', (data) => { stderr += data.toString(); });
+    tunnel.on('exit', (code) => {
+      clearTimeout(timeout);
+      if (code !== 0) {
+        resolve({ success: false, error: stderr || `SSH exited with code ${code}` });
+      }
+    });
+    tunnel.on('error', (err) => {
+      clearTimeout(timeout);
+      resolve({ success: false, error: err.message });
+    });
+  });
+
+  if (!result.success) {
+    tunnel.kill();
+    return result;
+  }
+
+  // Verify remote daemon is accessible through tunnel
+  try {
+    const res = await fetch(`http://127.0.0.1:${localPort}/api/meta`, {
+      signal: AbortSignal.timeout(3000)
+    });
+    if (!res.ok) throw new Error('Daemon not responding');
+    const meta = await res.json();
+
+    const peerInfo = {
+      process: tunnel,
+      localPort,
+      target: sshTarget,
+      name,
+      machineId: meta.machine_id || name,
+      version: meta.version || 'unknown',
+      connectedAt: new Date().toISOString()
+    };
+
+    activeTunnels.set(name, peerInfo);
+
+    // Persist peer for reconnection
+    const peers = loadPeers();
+    peers.peers[name] = {
+      target: sshTarget,
+      remotePort,
+      lastConnected: peerInfo.connectedAt,
+      machineId: peerInfo.machineId
+    };
+    savePeers(peers);
+
+    // Monitor tunnel health
+    tunnel.on('exit', () => {
+      console.log(`[PEER] SSH tunnel to ${name} disconnected`);
+      activeTunnels.delete(name);
+    });
+
+    return {
+      success: true,
+      name,
+      localPort,
+      machineId: peerInfo.machineId,
+      version: peerInfo.version
+    };
+  } catch (err) {
+    tunnel.kill();
+    return { success: false, error: `Remote daemon not accessible: ${err.message}` };
+  }
+}
+
+function disconnect(name) {
+  const tunnel = activeTunnels.get(name);
+  if (!tunnel) {
+    return { success: false, error: `Not connected to ${name}` };
+  }
+  tunnel.process.kill();
+  activeTunnels.delete(name);
+  return { success: true, name };
+}
+
+function disconnectAll() {
+  const names = [...activeTunnels.keys()];
+  names.forEach(name => disconnect(name));
+  return { disconnected: names };
+}
+
+function listActivePeers() {
+  return [...activeTunnels.entries()].map(([name, info]) => ({
+    name,
+    target: info.target,
+    localPort: info.localPort,
+    machineId: info.machineId,
+    connectedAt: info.connectedAt,
+    host: `127.0.0.1:${info.localPort}`
+  }));
+}
+
+function listKnownPeers() {
+  return loadPeers().peers;
+}
+
+/**
+ * Get all connected peer hosts for discovery.
+ * @returns {string[]} Array of "127.0.0.1:PORT" strings
+ */
+function getConnectedHosts() {
+  return [...activeTunnels.values()].map(t => `127.0.0.1:${t.localPort}`);
+}
+
+/**
+ * Get connected host for a specific peer.
+ * @param {string} name - Peer name
+ * @returns {string|null} "127.0.0.1:PORT" or null
+ */
+function getPeerHost(name) {
+  const tunnel = activeTunnels.get(name);
+  return tunnel ? `127.0.0.1:${tunnel.localPort}` : null;
+}
+
+function removePeer(name) {
+  disconnect(name); // disconnect if active
+  const peers = loadPeers();
+  delete peers.peers[name];
+  savePeers(peers);
+  return { success: true };
+}
+
+module.exports = {
+  connect,
+  disconnect,
+  disconnectAll,
+  listActivePeers,
+  listKnownPeers,
+  getConnectedHosts,
+  getPeerHost,
+  removePeer,
+  loadPeers,
+  PEERS_PATH
+};

package/daemon.js

@@ -8,6 +8,7 @@ const { getConfig } = require('./auth');
 const pkg = require('./package.json');
 const { claimDaemonState, clearDaemonState } = require('./daemon-control');
 const { checkEntitlement } = require('./entitlement');
+const terminalBackend = require('./terminal-backend');
 
 const config = getConfig();
 const EXPECTED_TOKEN = config.authToken;
@@ -19,7 +20,7 @@ function persistSessions() {
   try {
     const data = {};
     for (const [id, s] of Object.entries(sessions)) {
-      data[id] = { id, type: s.type, command: s.command, cwd: s.cwd, backend: s.backend || null, cmuxWorkspaceId: s.cmuxWorkspaceId || null, createdAt: s.createdAt, lastActivityAt: s.lastActivityAt || null };
+      data[id] = { id, type: s.type, command: s.command, cwd: s.cwd, backend: s.backend || null, cmuxWorkspaceId: s.cmuxWorkspaceId || null, cmuxSurfaceId: s.cmuxSurfaceId || null, createdAt: s.createdAt, lastActivityAt: s.lastActivityAt || null };
     }
     fs.mkdirSync(require('path').dirname(SESSION_PERSIST_PATH), { recursive: true });
     fs.writeFileSync(SESSION_PERSIST_PATH, JSON.stringify(data, null, 2));
@@ -91,14 +92,12 @@ function verifyJwt(token) {
 function isAllowedPeer(ip) {
   if (!ip) return false;
   const cleanIp = ip.replace('::ffff:', '');
-  // Localhost always allowed
+  // Localhost always allowed (includes SSH tunnel traffic)
   if (cleanIp === '127.0.0.1' || ip === '::1') return true;
-  // Tailscale range (100.x.y.z)
-  if (cleanIp.startsWith('100.')) return true;
   // Peer allowlist
   if (PEER_ALLOWLIST.length > 0) return PEER_ALLOWLIST.includes(cleanIp);
   // No allowlist = allow all authenticated
-  return false;
+  return true;
 }
 
 // Authentication Middleware
@@ -106,7 +105,7 @@ app.use((req, res, next) => {
   const clientIp = req.ip;
 
   if (isAllowedPeer(clientIp)) {
-    return next(); // Trust local, Tailscale, and allowlisted peers
+    return next(); // Trust local and allowlisted peers (SSH tunnels arrive as localhost)
   }
 
   const token = req.headers['x-telepty-token'] || req.query.token;
@@ -140,6 +139,10 @@ const sessions = {};
 const handoffs = {};
 const threads = {};
 
+// Detect terminal environment at daemon startup
+const DETECTED_TERMINAL = terminalBackend.detectTerminal();
+console.log(`[DAEMON] Terminal backend: ${DETECTED_TERMINAL}`);
+
 // Restore persisted session metadata (wrapped sessions await reconnect)
 const _persisted = loadPersistedSessions();
 for (const [id, meta] of Object.entries(_persisted)) {
@@ -306,7 +309,7 @@ app.post('/api/sessions/spawn', (req, res) => {
 });
 
 app.post('/api/sessions/register', (req, res) => {
-  const { session_id, command, cwd = process.cwd(), backend, cmux_workspace_id } = req.body;
+  const { session_id, command, cwd = process.cwd(), backend, cmux_workspace_id, cmux_surface_id } = req.body;
   if (!session_id) return res.status(400).json({ error: 'session_id is required' });
   // Entitlement: check session limit for new registrations
   if (!sessions[session_id]) {
@@ -324,6 +327,7 @@ app.post('/api/sessions/register', (req, res) => {
     if (cwd) existing.cwd = cwd;
     if (backend) existing.backend = backend;
     if (cmux_workspace_id) existing.cmuxWorkspaceId = cmux_workspace_id;
+    if (cmux_surface_id) existing.cmuxSurfaceId = cmux_surface_id;
     console.log(`[REGISTER] Re-registered session ${session_id} (updated metadata)`);
     return res.status(200).json({ session_id, type: 'wrapped', command: existing.command, cwd: existing.cwd, reregistered: true });
   }
@@ -337,6 +341,7 @@ app.post('/api/sessions/register', (req, res) => {
     cwd,
     backend: backend || 'kitty',
     cmuxWorkspaceId: cmux_workspace_id || null,
+    cmuxSurfaceId: cmux_surface_id || null,
     createdAt: new Date().toISOString(),
     lastActivityAt: new Date().toISOString(),
     clients: new Set(),
@@ -395,6 +400,7 @@ app.get('/api/sessions', (req, res) => {
       cwd: session.cwd,
       backend: session.backend || 'kitty',
       cmuxWorkspaceId: session.cmuxWorkspaceId || null,
+      cmuxSurfaceId: session.cmuxSurfaceId || null,
       createdAt: session.createdAt,
       lastActivityAt: session.lastActivityAt || null,
       idleSeconds,
@@ -438,10 +444,24 @@ app.get('/api/meta', (req, res) => {
     host: HOST,
     port: Number(PORT),
     machine_id: MACHINE_ID,
-    capabilities: ['sessions', 'wrapped-sessions', 'skill-installer', 'singleton-daemon', 'handoff-inbox', 'deliberation-threads']
+    terminal: DETECTED_TERMINAL,
+    capabilities: ['sessions', 'wrapped-sessions', 'skill-installer', 'singleton-daemon', 'handoff-inbox', 'deliberation-threads', 'cross-machine']
   });
 });
 
+// Peer management endpoint (for cross-machine module)
+app.get('/api/peers', (req, res) => {
+  try {
+    const crossMachine = require('./cross-machine');
+    res.json({
+      active: crossMachine.listActivePeers(),
+      known: crossMachine.listKnownPeers()
+    });
+  } catch {
+    res.json({ active: [], known: {} });
+  }
+});
+
 app.post('/api/sessions/multicast/inject', (req, res) => {
   const { session_ids, prompt } = req.body;
   if (!prompt) return res.status(400).json({ error: 'prompt is required' });
@@ -453,6 +473,27 @@ app.post('/api/sessions/multicast/inject', (req, res) => {
     const session = sessions[id];
     if (session) {
       try {
+        // cmux auto-detect at daemon level (text + enter)
+        if (DETECTED_TERMINAL === 'cmux') {
+          const ok = terminalBackend.cmuxSendText(id, prompt);
+          if (ok) {
+            setTimeout(() => terminalBackend.cmuxSendEnter(id), 300);
+            results.successful.push({ id, strategy: 'cmux_auto' });
+            // Broadcast injection to bus
+            const busMsg = JSON.stringify({
+              type: 'injection',
+              sender: 'cli',
+              target_agent: id,
+              content: prompt,
+              timestamp: new Date().toISOString()
+            });
+            busClients.forEach(client => {
+              if (client.readyState === 1) client.send(busMsg);
+            });
+            return; // skip WS path for this session
+          }
+        }
+
         // Inject text first, then \r separately after delay
         if (session.type === 'wrapped') {
           if (session.ownerWs && session.ownerWs.readyState === 1) {
@@ -505,6 +546,16 @@ app.post('/api/sessions/broadcast/inject', (req, res) => {
   Object.keys(sessions).forEach(id => {
     const session = sessions[id];
     try {
+      // cmux auto-detect at daemon level (text + enter)
+      if (DETECTED_TERMINAL === 'cmux') {
+        const ok = terminalBackend.cmuxSendText(id, prompt);
+        if (ok) {
+          setTimeout(() => terminalBackend.cmuxSendEnter(id), 300);
+          results.successful.push({ id, strategy: 'cmux_auto' });
+          return; // skip WS path for this session
+        }
+      }
+
       // Inject text first, then \r separately after delay
       if (session.type === 'wrapped') {
         if (session.ownerWs && session.ownerWs.readyState === 1) {
@@ -718,8 +769,12 @@ app.post('/api/sessions/:id/submit', (req, res) => {
   console.log(`[SUBMIT] Session ${id} (${session.command}) using strategy: ${strategy}`);
 
   let success = false;
-  // cmux backend takes priority
-  if (session.backend === 'cmux' && session.cmuxWorkspaceId) {
+  // cmux auto-detect at daemon level
+  if (DETECTED_TERMINAL === 'cmux') {
+    success = terminalBackend.cmuxSendEnter(id);
+  }
+  // Session-level cmux backend
+  if (!success && session.backend === 'cmux' && session.cmuxWorkspaceId) {
     success = submitViaCmux(id);
   }
   if (!success) {
@@ -757,8 +812,12 @@ app.post('/api/sessions/submit-all', (req, res) => {
     const strategy = getSubmitStrategy(session.command);
     let success = false;
 
-    // cmux backend takes priority
-    if (session.backend === 'cmux' && session.cmuxWorkspaceId) {
+    // cmux auto-detect at daemon level
+    if (DETECTED_TERMINAL === 'cmux') {
+      success = terminalBackend.cmuxSendEnter(id);
+    }
+    // Session-level cmux backend
+    if (!success && session.backend === 'cmux' && session.cmuxWorkspaceId) {
       success = submitViaCmux(id);
     }
     if (!success) {
@@ -824,14 +883,23 @@ app.post('/api/sessions/:id/inject', (req, res) => {
 
     let submitResult = null;
     if (session.type === 'wrapped') {
-      // For wrapped sessions: try kitty send-text (bypasses allow bridge queue)
-      // then WS as fallback, then kitty send-key Return for enter
+      // For wrapped sessions: try cmux send (daemon-level auto-detect),
+      // then kitty send-text (bypasses allow bridge queue),
+      // then WS as fallback, then submit via cmux/osascript/kitty/WS
       const sock = findKittySocket();
       if (!session.kittyWindowId && sock) session.kittyWindowId = findKittyWindowId(sock, id);
       const wid = session.kittyWindowId;
 
       let kittyOk = false;
-      if (wid && sock) {
+      let cmuxOk = false;
+
+      // cmux backend: send text directly to surface (daemon-level auto-detect)
+      if (DETECTED_TERMINAL === 'cmux') {
+        cmuxOk = terminalBackend.cmuxSendText(id, finalPrompt);
+        if (cmuxOk) console.log(`[INJECT] cmux send for ${id}`);
+      }
+
+      if (!cmuxOk && wid && sock) {
         // Kitty send-text primary (bypasses allow bridge queue)
         try {
           const escaped = finalPrompt.replace(/\\/g, '\\\\').replace(/'/g, "'\\''");
@@ -845,7 +913,7 @@ app.post('/api/sessions/:id/inject', (req, res) => {
           session.kittyWindowId = null;
         }
       }
-      if (!kittyOk) {
+      if (!cmuxOk && !kittyOk) {
         // Fallback: WS (works with new allow bridges that have queue flush)
         const wsOk = writeToSession(finalPrompt);
         if (!wsOk) {
@@ -858,20 +926,26 @@ app.post('/api/sessions/:id/inject', (req, res) => {
         setTimeout(() => {
           let submitted = false;
 
-          // 1. cmux backend: use cmux send-key
-          if (session.backend === 'cmux' && session.cmuxWorkspaceId) {
-            submitted = submitViaCmux(id);
+          // 1. cmux backend: send-key return to surface (daemon-level auto-detect)
+          if (DETECTED_TERMINAL === 'cmux') {
+            submitted = terminalBackend.cmuxSendEnter(id);
             if (submitted) console.log(`[INJECT] cmux submit for ${id}`);
           }
 
-          // 2. kitty/default backend: osascript primary
+          // 2. Session-level cmux (registered backend)
+          if (!submitted && session.backend === 'cmux' && session.cmuxWorkspaceId) {
+            submitted = submitViaCmux(id);
+            if (submitted) console.log(`[INJECT] cmux session-level submit for ${id}`);
+          }
+
+          // 3. kitty/default: osascript primary
           if (!submitted) {
             const submitStrategy = getSubmitStrategy(session.command);
             const keyCombo = submitStrategy === 'osascript_cmd_enter' ? 'cmd_enter' : 'return_key';
             submitted = submitViaOsascript(id, keyCombo);
           }
 
-          // 3. Fallback: kitty send-text → WS
+          // 4. Fallback: kitty send-text → WS
           if (!submitted) {
             console.log(`[INJECT] submit fallback for ${id}`);
             if (wid && sock) {
@@ -896,7 +970,7 @@ app.post('/api/sessions/:id/inject', (req, res) => {
             } catch {}
           }
         }, 500);
-        submitResult = { deferred: true, strategy: session.backend === 'cmux' ? 'cmux_with_fallback' : 'osascript_with_fallback' };
+        submitResult = { deferred: true, strategy: DETECTED_TERMINAL === 'cmux' ? 'cmux_auto' : (session.backend === 'cmux' ? 'cmux_with_fallback' : 'osascript_with_fallback') };
       }
     } else {
       // Spawned sessions: direct PTY write
@@ -1049,13 +1123,22 @@ function busAutoRoute(msg) {
   const prompt = (msg.payload && msg.payload.prompt) || msg.content || msg.prompt || JSON.stringify(msg);
   const inject_id = crypto.randomUUID();
 
-  // Write to session (kitty primary, WS fallback)
+  // Write to session (cmux auto-detect > kitty > session-level cmux > WS fallback)
   const sock = findKittySocket();
   if (!targetSession.kittyWindowId && sock) targetSession.kittyWindowId = findKittyWindowId(sock, targetId);
   const wid = targetSession.kittyWindowId;
   let delivered = false;
 
-  if (wid && sock && targetSession.type === 'wrapped') {
+  // cmux backend: send text + enter to surface (daemon-level auto-detect)
+  if (!delivered && DETECTED_TERMINAL === 'cmux') {
+    const textOk = terminalBackend.cmuxSendText(targetId, prompt);
+    if (textOk) {
+      setTimeout(() => terminalBackend.cmuxSendEnter(targetId), 500);
+      delivered = true;
+    }
+  }
+
+  if (!delivered && wid && sock && targetSession.type === 'wrapped') {
     try {
       const escaped = prompt.replace(/\\/g, '\\\\').replace(/'/g, "'\\''");
       require('child_process').execSync(`kitty @ --to unix:${sock} send-text --match id:${wid} '${escaped}'`, {
@@ -1071,7 +1154,7 @@ function busAutoRoute(msg) {
       delivered = true;
     } catch {}
   }
-  // cmux backend: use WS for text, cmux send-key for enter
+  // Session-level cmux backend: use WS for text, cmux send-key for enter
   if (!delivered && targetSession.backend === 'cmux' && targetSession.cmuxWorkspaceId) {
     if (targetSession.type === 'wrapped' && targetSession.ownerWs && targetSession.ownerWs.readyState === 1) {
       targetSession.ownerWs.send(JSON.stringify({ type: 'inject', data: prompt }));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dmsdc-ai/aigentry-telepty",
-  "version": "0.1.67",
+  "version": "0.1.69",
   "main": "daemon.js",
   "bin": {
     "aigentry-telepty": "install.js",

package/terminal-backend.js

@@ -0,0 +1,137 @@
+'use strict';
+
+const { execSync } = require('child_process');
+
+// Detect terminal environment at daemon level
+function detectTerminal() {
+  // 1. cmux: check env var or cmux ping
+  if (process.env.CMUX_WORKSPACE_ID) {
+    try {
+      execSync('cmux ping', { timeout: 2000, stdio: ['pipe', 'pipe', 'pipe'] });
+      return 'cmux';
+    } catch {}
+  }
+
+  // 2. kitty: check for socket
+  try {
+    const files = require('fs').readdirSync('/tmp').filter(f => f.startsWith('kitty-sock'));
+    if (files.length > 0) return 'kitty';
+  } catch {}
+
+  // 3. headless fallback
+  return 'headless';
+}
+
+// Cache: sessionId -> surfaceRef
+const surfaceCache = new Map();
+let lastCacheRefresh = 0;
+const CACHE_TTL = 30000; // 30 seconds
+
+// Build session -> cmux surface mapping from tab titles
+function refreshSurfaceCache() {
+  const now = Date.now();
+  if (now - lastCacheRefresh < CACHE_TTL && surfaceCache.size > 0) return;
+
+  try {
+    // Find number of workspaces from list-windows
+    const windowsOutput = execSync('cmux list-windows', { timeout: 5000, encoding: 'utf8', stdio: ['pipe', 'pipe', 'pipe'] });
+    const workspacesMatch = windowsOutput.match(/workspaces=(\d+)/);
+    const workspaceCount = workspacesMatch ? parseInt(workspacesMatch[1]) : 10;
+
+    surfaceCache.clear();
+    for (let i = 1; i <= workspaceCount; i++) {
+      try {
+        const output = execSync(`cmux list-pane-surfaces --workspace workspace:${i}`, {
+          timeout: 3000, encoding: 'utf8', stdio: ['pipe', 'pipe', 'pipe']
+        });
+        // Parse: "* surface:1  ⚡ telepty :: aigentry-orchestrator-claude  [selected]"
+        const lines = output.split('\n').filter(l => l.trim());
+        for (const line of lines) {
+          const surfaceMatch = line.match(/surface:(\d+)/);
+          const sessionMatch = line.match(/telepty\s*::\s*(\S+)/);
+          if (surfaceMatch && sessionMatch) {
+            surfaceCache.set(sessionMatch[1], `surface:${surfaceMatch[1]}`);
+          }
+        }
+      } catch {}
+    }
+    lastCacheRefresh = now;
+    console.log(`[BACKEND] Refreshed cmux surface cache: ${surfaceCache.size} sessions mapped`);
+  } catch (err) {
+    console.error(`[BACKEND] Failed to refresh surface cache:`, err.message);
+  }
+}
+
+// Find cmux surface ref for a session
+function findSurface(sessionId) {
+  refreshSurfaceCache();
+
+  // Direct match
+  if (surfaceCache.has(sessionId)) return surfaceCache.get(sessionId);
+
+  // Prefix match (e.g., "aigentry-orchestrator" matches "aigentry-orchestrator-claude")
+  for (const [id, ref] of surfaceCache.entries()) {
+    if (id.startsWith(sessionId) || sessionId.startsWith(id)) return ref;
+  }
+
+  return null;
+}
+
+// Send text to a cmux surface
+function cmuxSendText(sessionId, text) {
+  const surface = findSurface(sessionId);
+  if (!surface) return false;
+
+  try {
+    // Escape single quotes for shell
+    const escaped = text.replace(/'/g, "'\\''");
+    execSync(`cmux send --surface ${surface} '${escaped}'`, {
+      timeout: 5000, stdio: ['pipe', 'pipe', 'pipe']
+    });
+    console.log(`[BACKEND] cmux send text to ${sessionId} (${surface})`);
+    return true;
+  } catch (err) {
+    console.error(`[BACKEND] cmux send failed for ${sessionId}:`, err.message);
+    // Invalidate cache entry
+    surfaceCache.delete(sessionId);
+    return false;
+  }
+}
+
+// Send enter key to a cmux surface
+function cmuxSendEnter(sessionId) {
+  const surface = findSurface(sessionId);
+  if (!surface) return false;
+
+  try {
+    execSync(`cmux send-key --surface ${surface} return`, {
+      timeout: 5000, stdio: ['pipe', 'pipe', 'pipe']
+    });
+    console.log(`[BACKEND] cmux send-key return to ${sessionId} (${surface})`);
+    return true;
+  } catch (err) {
+    console.error(`[BACKEND] cmux send-key failed for ${sessionId}:`, err.message);
+    surfaceCache.delete(sessionId);
+    return false;
+  }
+}
+
+// Invalidate cache for a session (e.g., when surface changes)
+function invalidateCache(sessionId) {
+  surfaceCache.delete(sessionId);
+}
+
+function clearCache() {
+  surfaceCache.clear();
+  lastCacheRefresh = 0;
+}
+
+module.exports = {
+  detectTerminal,
+  findSurface,
+  cmuxSendText,
+  cmuxSendEnter,
+  refreshSurfaceCache,
+  invalidateCache,
+  clearCache
+};