@exreve/exk 1.0.1 → 1.0.3

package/agentSession.ts

@@ -1,12 +1,12 @@
 import { query } from '@anthropic-ai/claude-agent-sdk'
-import type { SessionOutput } from './shared/types'
+import type { SessionOutput } from './shared/types.js'
 import { execSync, spawn } from 'child_process'
 import { existsSync, realpathSync, mkdirSync, writeFileSync, readFileSync } from 'fs'
 import { symlink as fsSymlink } from 'fs'
-// import { AgentLogger } from './agentLogger' // DISABLED: File logging removed for performance
+import type { AgentLogger } from './agentLogger.js' // type-only; runtime logging disabled elsewhere
 // Memory system removed for performance
-import { getSkillContent } from './skills/index'
-import { createModuleMcpServer, type ChoiceRequest, type ChoiceResponse, type ModuleMcpServerConfig } from './moduleMcpServer'
+import { getSkillContent } from './skills/index.js'
+import { createModuleMcpServer, type ChoiceRequest, type ChoiceResponse, type ModuleMcpServerConfig } from './moduleMcpServer.js'
 import path from 'path'
 import os from 'os'
 import { createRequire } from 'module'
@@ -78,31 +78,41 @@ export interface SessionHandler {
 }
 
 // AI config - loaded from server after registration, stored in ~/.talk-to-code/ai-config.json
+// (Do not read ANTHROPIC_* / CLAUDE_MODEL from the host environment — only this file + code default model.)
 const AI_CONFIG_PATH = path.join(os.homedir(), '.talk-to-code', 'ai-config.json')
+const DEFAULT_AI_MODEL = 'glm-5.1'
 
-function loadAiConfig(): { ANTHROPIC_AUTH_TOKEN: string; ANTHROPIC_BASE_URL: string; MODEL: string } {
+function loadAiConfig(): { apiKey: string; baseUrl: string; model: string } {
   try {
     const data = readFileSync(AI_CONFIG_PATH, 'utf-8')
-    const config = JSON.parse(data)
-    return {
-      ANTHROPIC_AUTH_TOKEN: config.authToken || process.env.ANTHROPIC_API_KEY || '',
-      ANTHROPIC_BASE_URL: config.baseUrl || process.env.ANTHROPIC_BASE_URL || '',
-      MODEL: config.model || process.env.CLAUDE_MODEL || 'glm-5.1',
-    }
+    const config = JSON.parse(data) as { authToken?: string; baseUrl?: string; model?: string }
+    const apiKey = typeof config.authToken === 'string' ? config.authToken.trim() : ''
+    const baseUrl = typeof config.baseUrl === 'string' ? config.baseUrl.trim() : ''
+    const model =
+      typeof config.model === 'string' && config.model.trim() ? config.model.trim() : DEFAULT_AI_MODEL
+    return { apiKey, baseUrl, model }
   } catch {
-    return {
-      ANTHROPIC_AUTH_TOKEN: process.env.ANTHROPIC_API_KEY || '',
-      ANTHROPIC_BASE_URL: process.env.ANTHROPIC_BASE_URL || '',
-      MODEL: process.env.CLAUDE_MODEL || 'glm-5.1',
-    }
+    return { apiKey: '', baseUrl: '', model: DEFAULT_AI_MODEL }
   }
 }
 
+/** Env for the Claude Code child: copy of host env with host ANTHROPIC_* stripped, then inject from ai-config only. */
+function envForClaudeCodeChild(): NodeJS.ProcessEnv {
+  const env = { ...process.env } as NodeJS.ProcessEnv
+  delete env.ANTHROPIC_API_KEY
+  delete env.ANTHROPIC_BASE_URL
+  delete env.ANTHROPIC_AUTH_TOKEN
+  const { apiKey, baseUrl } = loadAiConfig()
+  if (apiKey) env.ANTHROPIC_API_KEY = apiKey
+  if (baseUrl) env.ANTHROPIC_BASE_URL = baseUrl
+  return env
+}
+
 // Lazy config getter - reloads from file each time (so daemon picks up changes without restart)
 const CLAUDE_CONFIG = {
-  get ANTHROPIC_AUTH_TOKEN() { return loadAiConfig().ANTHROPIC_AUTH_TOKEN },
-  get ANTHROPIC_BASE_URL() { return loadAiConfig().ANTHROPIC_BASE_URL },
-  get MODEL() { return loadAiConfig().MODEL },
+  get apiKey() { return loadAiConfig().apiKey },
+  get baseUrl() { return loadAiConfig().baseUrl },
+  get model() { return loadAiConfig().model },
 }
 
 interface ConversationMessage {
@@ -160,7 +170,7 @@ export class AgentSessionManager {
 
   async createSession(handler: SessionHandler): Promise<void> {
     const { sessionId, projectPath, model } = handler
-    const sessionModel = model || CLAUDE_CONFIG.MODEL
+    const sessionModel = model || CLAUDE_CONFIG.model
 
     // Ensure project directory exists - prevents ENOENT errors when SDK spawns process
     if (!existsSync(projectPath)) {
@@ -206,7 +216,7 @@ export class AgentSessionManager {
     // DISABLED: File logging removed for performance
     // const logger = new AgentLogger(sessionId)
     // await logger.logSessionCreated(projectPath)
-    // await logger.logModelConfig(sessionModel, CLAUDE_CONFIG.ANTHROPIC_BASE_URL)
+    // await logger.logModelConfig(sessionModel, CLAUDE_CONFIG.baseUrl)
     const logger = undefined
 
     // Store the handler for this session
@@ -427,12 +437,6 @@ export class AgentSessionManager {
         }
         })
         
-        // Setup environment
-        process.env.ANTHROPIC_API_KEY = CLAUDE_CONFIG.ANTHROPIC_AUTH_TOKEN
-        if (CLAUDE_CONFIG.ANTHROPIC_BASE_URL) {
-          process.env.ANTHROPIC_BASE_URL = CLAUDE_CONFIG.ANTHROPIC_BASE_URL
-        }
-
         // Use cached Claude executable path (resolved at module load time for performance)
         const pathToClaudeCodeExecutable = CACHED_CLAUDE_PATH
         // DISABLED: File logging removed for performance
@@ -447,8 +451,8 @@ export class AgentSessionManager {
         const queryOptions: any = {
           signal: abortController.signal, // Pass abort signal to SDK for interruption
           cwd: projectPath,
-          apiKey: CLAUDE_CONFIG.ANTHROPIC_AUTH_TOKEN,
-          model: CLAUDE_CONFIG.MODEL, // Use Claude Opus 4.5 (configurable via CLAUDE_MODEL env var)
+          apiKey: CLAUDE_CONFIG.apiKey,
+          model: CLAUDE_CONFIG.model,
           tools: { type: 'preset', preset: 'claude_code' },
           disallowedTools: ['AskUserQuestion'],
           settingSources: ['project'], // Enable CLAUDE.md loading
@@ -555,11 +559,7 @@ export class AgentSessionManager {
 
             return child
           },
-          env: {
-            ...process.env,
-            ANTHROPIC_API_KEY: CLAUDE_CONFIG.ANTHROPIC_AUTH_TOKEN,
-            ANTHROPIC_BASE_URL: CLAUDE_CONFIG.ANTHROPIC_BASE_URL,
-          },
+          env: envForClaudeCodeChild(),
           hooks: {
             // PostToolUse hook DISABLED for tool_result emission.
             // tool_result events are already emitted via the user message handler (line ~752)
@@ -587,10 +587,10 @@ export class AgentSessionManager {
         }
 
         // Log model being used for debugging
-        const sessionModel = session.model || CLAUDE_CONFIG.MODEL
+        const sessionModel = session.model || CLAUDE_CONFIG.model
         // DISABLED: File logging removed for performance
         // if (session.logger) {
-        //   await session.logger.logModelConfig(sessionModel, CLAUDE_CONFIG.ANTHROPIC_BASE_URL)
+        //   await session.logger.logModelConfig(sessionModel, CLAUDE_CONFIG.baseUrl)
         // }
 
         // Create query stream - resume session if we have a Claude session ID

package/app-child.ts

@@ -31,12 +31,12 @@ import type {
   SessionResponse,
   SessionsListResponse,
   DevicesListResponse,
-} from './shared/types'
-import { createProject, deleteProject } from './projectManager'
-import { agentSessionManager } from './agentSession'
-import { getProjectConfig, analyzeProjectWithClaude, saveProjectConfig } from './projectAnalyzer'
-import { generateRunnerCode } from './runnerGenerator'
-import { startApp, stopApp, restartApp, getAppStatuses, getAppLogs } from './appManager'
+} from './shared/types.js'
+import { createProject, deleteProject } from './projectManager.js'
+import { agentSessionManager } from './agentSession.js'
+import { getProjectConfig, analyzeProjectWithClaude, saveProjectConfig } from './projectAnalyzer.js'
+import { generateRunnerCode } from './runnerGenerator.js'
+import { startApp, stopApp, restartApp, getAppStatuses, getAppLogs } from './appManager.js'
 import { spawn, execSync } from 'child_process'
 import readline from 'readline'
 import { fileURLToPath } from 'url'
@@ -89,6 +89,8 @@ interface DeviceData {
 const CONFIG_DIR = path.join(os.homedir(), '.talk-to-code')
 const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json')
 const DEVICE_ID_FILE = path.join(CONFIG_DIR, 'device-id.json')
+const DEVICE_CONFIG_FILE = path.join(CONFIG_DIR, 'device-config.json')
+const AI_CONFIG_FILE = path.join(CONFIG_DIR, 'ai-config.json')
 const DEFAULT_API_URL = 'https://api.talk-to-code.com'
 
 // ============ Helpers ============
@@ -107,6 +109,104 @@ async function writeConfig(config: Config): Promise<void> {
   await fs.writeFile(CONFIG_FILE, JSON.stringify(config, null, 2))
 }
 
+/**
+ * Fetch AI config from server and save to ~/.talk-to-code/ai-config.json
+ */
+async function fetchAiConfig(authToken: string): Promise<boolean> {
+  try {
+    const config = await readConfig()
+    const res = await fetch(`${config.apiUrl}/config/ai`, {
+      headers: { Authorization: `Bearer ${authToken}` },
+    })
+    if (!res.ok) {
+      console.log(`[fetchAiConfig] Server returned ${res.status}`)
+      return false
+    }
+    const data = await res.json() as {
+      success: boolean
+      aiConfig?: { authToken: string; baseUrl: string; model: string }
+    }
+    if (!data.success || !data.aiConfig) {
+      console.log('[fetchAiConfig] No AI config available for this user')
+      return false
+    }
+    await fs.writeFile(AI_CONFIG_FILE, JSON.stringify(data.aiConfig, null, 2))
+    console.log('[fetchAiConfig] AI config saved successfully')
+    return true
+  } catch (error: any) {
+    console.log(`[fetchAiConfig] Failed: ${error.message}`)
+    return false
+  }
+}
+
+function hasAiCredentials(): boolean {
+  try {
+    const raw = fsSync.readFileSync(AI_CONFIG_FILE, 'utf-8')
+    const j = JSON.parse(raw) as { authToken?: string }
+    return typeof j.authToken === 'string' && j.authToken.trim().length > 0
+  } catch {
+    return false
+  }
+}
+
+async function readDeviceAuthToken(): Promise<string | undefined> {
+  const env = process.env.TTC_AUTH_TOKEN?.trim()
+  if (env) return env
+  try {
+    const raw = await fs.readFile(DEVICE_CONFIG_FILE, 'utf-8')
+    const j = JSON.parse(raw) as { authToken?: string }
+    return typeof j.authToken === 'string' ? j.authToken.trim() : undefined
+  } catch {
+    return undefined
+  }
+}
+
+type DiskDeviceConfig = { email?: string; authToken?: string }
+
+async function readDiskDeviceConfig(): Promise<DiskDeviceConfig> {
+  try {
+    const raw = await fs.readFile(DEVICE_CONFIG_FILE, 'utf-8')
+    return JSON.parse(raw) as DiskDeviceConfig
+  } catch {
+    return {}
+  }
+}
+
+async function writeDeviceConfigMerged(partial: { email?: string; authToken?: string }): Promise<void> {
+  const prev = await readDiskDeviceConfig()
+  const email = partial.email !== undefined ? partial.email : prev.email
+  let token: string | undefined
+  if (partial.authToken !== undefined) {
+    token = partial.authToken.trim() || undefined
+  } else {
+    token = typeof prev.authToken === 'string' && prev.authToken.trim() ? prev.authToken.trim() : undefined
+  }
+  const out: DiskDeviceConfig = {}
+  if (email) out.email = email
+  if (token) out.authToken = token
+  await fs.mkdir(CONFIG_DIR, { recursive: true })
+  await fs.writeFile(DEVICE_CONFIG_FILE, JSON.stringify(out, null, 2))
+}
+
+async function maybeFetchAiConfigIfMissing(): Promise<void> {
+  if (hasAiCredentials()) return
+  const jwt = await readDeviceAuthToken()
+  if (!jwt) return
+  const ok = await fetchAiConfig(jwt)
+  if (!ok && !hasAiCredentials()) {
+    const cfg = await readConfig()
+    console.warn(`[CLI] No AI key in ai-config.json yet. Could not sync from ${cfg.apiUrl}/config/ai — agent prompts will fail until this succeeds.`)
+  }
+}
+
+function scheduleAiConfigSync(authToken: string): void {
+  void fetchAiConfig(authToken).then((ok) => {
+    if (!ok && !hasAiCredentials()) {
+      console.warn('[CLI] AI config sync failed; check backend /config/ai and apiUrl.')
+    }
+  })
+}
+
 async function getDeviceId(): Promise<string> {
   try {
     const data = await fs.readFile(DEVICE_ID_FILE, 'utf-8')
@@ -271,9 +371,8 @@ async function registerDevice(name: string | undefined, email: string | undefine
     let deviceEmail = email
 
     // If we already have a valid token, skip approval email and just register
-    const deviceConfigFile = path.join(CONFIG_DIR, 'device-config.json')
     try {
-      const deviceConfig = JSON.parse(await fs.readFile(deviceConfigFile, 'utf-8'))
+      const deviceConfig = await readDiskDeviceConfig()
       const existingToken = deviceConfig.authToken
       if (existingToken && typeof existingToken === 'string') {
         const config = await readConfig()
@@ -309,6 +408,7 @@ async function registerDevice(name: string | undefined, email: string | undefine
               }
             })
           })
+          await fetchAiConfig(existingToken)
           return
         }
       }
@@ -396,11 +496,7 @@ async function registerDevice(name: string | undefined, email: string | undefine
       const token = await checkApproval()
       if (token) {
         // Device approved! Store permanent token
-        const deviceConfigFile = path.join(CONFIG_DIR, 'device-config.json')
-        await fs.writeFile(deviceConfigFile, JSON.stringify({
-          email: deviceEmail,
-          authToken: token
-        }, null, 2))
+        await writeDeviceConfigMerged({ email: deviceEmail, authToken: token })
 
         console.log(`\n✓ Device approved!`)
 
@@ -434,6 +530,7 @@ async function registerDevice(name: string | undefined, email: string | undefine
           })
         })
 
+        await fetchAiConfig(token)
         return // Successfully registered
       }
 
@@ -632,6 +729,8 @@ async function runDaemon(foreground = false, email?: string): Promise<void> {
   }
   console.log('')
 
+  await maybeFetchAiConfigIfMissing()
+
   let socket: Socket | null = null
   let reconnectTimeout: ReturnType<typeof setTimeout> | null = null
   let reconnectAttempts = 0
@@ -1701,7 +1800,6 @@ async function runDaemon(foreground = false, email?: string): Promise<void> {
         }
 
         // Check for auth token: env TTC_AUTH_TOKEN or device-config.json (from previous approval)
-        const deviceConfigFile = path.join(CONFIG_DIR, 'device-config.json')
         let authToken = process.env.TTC_AUTH_TOKEN
         let deviceEmail: string | undefined = email
         let skipEmailFlow = false
@@ -1709,7 +1807,7 @@ async function runDaemon(foreground = false, email?: string): Promise<void> {
         // Load from device-config if no env token (reuse state from previous approval)
         if (!authToken) {
           try {
-            const deviceConfig = JSON.parse(await fs.readFile(deviceConfigFile, 'utf-8'))
+            const deviceConfig = await readDiskDeviceConfig()
             authToken = deviceConfig.authToken
             if (!deviceEmail && deviceConfig.email) deviceEmail = deviceConfig.email
           } catch {
@@ -1741,7 +1839,7 @@ async function runDaemon(foreground = false, email?: string): Promise<void> {
         // Load device email from config if not using token and not provided
         if (!deviceEmail && !skipEmailFlow) {
           try {
-            const deviceConfig = JSON.parse(await fs.readFile(deviceConfigFile, 'utf-8'))
+            const deviceConfig = await readDiskDeviceConfig()
             deviceEmail = deviceConfig.email
           } catch {
             // No device config yet
@@ -1782,13 +1880,18 @@ async function runDaemon(foreground = false, email?: string): Promise<void> {
               }
               // Save config: email + authToken (preserve token so next run can reuse)
               if (device.email) {
-                const toSave = { email: device.email, ...(authToken ? { authToken } : {}) }
-                fs.writeFile(deviceConfigFile, JSON.stringify(toSave, null, 2)).catch(() => {})
+                void writeDeviceConfigMerged({
+                  email: device.email,
+                  ...(authToken ? { authToken } : {}),
+                }).catch(() => {})
+              }
+              if (authToken) {
+                scheduleAiConfigSync(authToken)
               }
             } else if (needsApproval) {
               // Persist email when approval was requested so restarts don't prompt again
               if (deviceEmail) {
-                fs.writeFile(deviceConfigFile, JSON.stringify({ email: deviceEmail }, null, 2)).catch(() => {})
+                void writeDeviceConfigMerged({ email: deviceEmail }).catch(() => {})
               }
               // Only log once to avoid flooding logs every 30s on heartbeat
               if (!needsApprovalLoggedOnce) {

package/appManager.ts

@@ -1,8 +1,8 @@
 import fs from 'fs/promises'
 import path from 'path'
 import os from 'os'
-import type { ProjectApp } from './shared/types'
-import { createRunner, BaseRunner, RunnerOutput, RunnerStats } from './appRunner'
+import type { ProjectApp } from './shared/types.js'
+import { createRunner, BaseRunner, RunnerOutput, RunnerStats } from './appRunner.js'
 
 type RunningApp = {
   runner: BaseRunner

package/appRunner.ts

@@ -2,7 +2,7 @@ import { spawn, ChildProcess } from 'child_process'
 import fs from 'fs/promises'
 import path from 'path'
 import os from 'os'
-import type { ProjectApp } from './shared/types'
+import type { ProjectApp } from './shared/types.js'
 
 /** Cross-platform: run a shell command (sh -c on Unix, cmd /c on Windows) */
 function shellSpawnOpts(command: string): { shell: string; args: string[] } {

package/bin/exk

@@ -2,11 +2,15 @@
 // exk CLI - entry point for npm global install
 // Runs the TypeScript CLI via tsx
 
-const { resolve, dirname } = require('path')
-const { spawn } = require('child_process')
-const fs = require('fs')
+import { resolve, dirname } from 'path'
+import { spawn } from 'child_process'
+import fs from 'fs'
+import { fileURLToPath } from 'url'
 
-const cliDir = dirname(__filename)
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = dirname(__filename)
+
+const cliDir = __dirname
 const pkgDir = resolve(cliDir, '..')
 const entryPoint = resolve(pkgDir, 'index.ts')
 
@@ -36,7 +40,7 @@ const child = spawn(tsxBin, [entryPoint, ...args], {
 })
 
 child.on('exit', (code) => {
-  process.exit(code || 0)
+  process.exit(code ?? 0)
 })
 
 child.on('error', (err) => {

package/index.ts

@@ -22,12 +22,12 @@ import type {
   SessionResponse,
   SessionsListResponse,
   DevicesListResponse,
-} from './shared/types'
-import { createProject, deleteProject } from './projectManager'
-import { agentSessionManager } from './agentSession'
-import { getProjectConfig, analyzeProjectWithClaude, saveProjectConfig } from './projectAnalyzer'
-import { generateRunnerCode } from './runnerGenerator'
-import { startApp, stopApp, restartApp, getAppStatuses, getAppLogs } from './appManager'
+} from './shared/types.js'
+import { createProject, deleteProject } from './projectManager.js'
+import { agentSessionManager } from './agentSession.js'
+import { getProjectConfig, analyzeProjectWithClaude, saveProjectConfig } from './projectAnalyzer.js'
+import { generateRunnerCode } from './runnerGenerator.js'
+import { startApp, stopApp, restartApp, getAppStatuses, getAppLogs } from './appManager.js'
 import { spawn, execSync } from 'child_process'
 import readline from 'readline'
 import { fileURLToPath } from 'url'
@@ -48,6 +48,7 @@ interface DeviceData {
 const CONFIG_DIR = path.join(os.homedir(), '.talk-to-code')
 const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json')
 const DEVICE_ID_FILE = path.join(CONFIG_DIR, 'device-id.json')
+const DEVICE_CONFIG_FILE = path.join(CONFIG_DIR, 'device-config.json')
 const DEFAULT_API_URL = 'https://api.talk-to-code.com'
 
 // ============ Helpers ============
@@ -71,7 +72,6 @@ async function writeConfig(config: Config): Promise<void> {
  * Called after device registration and on daemon start
  */
 async function fetchAiConfig(authToken: string): Promise<boolean> {
-  const AI_CONFIG_FILE = path.join(CONFIG_DIR, 'ai-config.json')
   try {
     const config = await readConfig()
     const res = await fetch(`${config.apiUrl}/config/ai`, {
@@ -95,6 +95,82 @@ async function fetchAiConfig(authToken: string): Promise<boolean> {
   }
 }
 
+const AI_CONFIG_FILE = path.join(CONFIG_DIR, 'ai-config.json')
+
+/** True if ai-config.json has a model API key (not read from host ANTHROPIC_* env). */
+function hasAiCredentials(): boolean {
+  try {
+    const raw = fsSync.readFileSync(AI_CONFIG_FILE, 'utf-8')
+    const j = JSON.parse(raw) as { authToken?: string }
+    return typeof j.authToken === 'string' && j.authToken.trim().length > 0
+  } catch {
+    return false
+  }
+}
+
+async function readDeviceAuthToken(): Promise<string | undefined> {
+  const env = process.env.TTC_AUTH_TOKEN?.trim()
+  if (env) return env
+  try {
+    const raw = await fs.readFile(DEVICE_CONFIG_FILE, 'utf-8')
+    const j = JSON.parse(raw) as { authToken?: string }
+    return typeof j.authToken === 'string' ? j.authToken.trim() : undefined
+  } catch {
+    return undefined
+  }
+}
+
+type DiskDeviceConfig = { email?: string; authToken?: string }
+
+async function readDiskDeviceConfig(): Promise<DiskDeviceConfig> {
+  try {
+    const raw = await fs.readFile(DEVICE_CONFIG_FILE, 'utf-8')
+    return JSON.parse(raw) as DiskDeviceConfig
+  } catch {
+    return {}
+  }
+}
+
+/**
+ * Update device-config.json without dropping an existing authToken.
+ * Omit authToken to keep the file’s current token; pass authToken: '' to clear (rare).
+ */
+async function writeDeviceConfigMerged(partial: { email?: string; authToken?: string }): Promise<void> {
+  const prev = await readDiskDeviceConfig()
+  const email = partial.email !== undefined ? partial.email : prev.email
+  let token: string | undefined
+  if (partial.authToken !== undefined) {
+    token = partial.authToken.trim() || undefined
+  } else {
+    token = typeof prev.authToken === 'string' && prev.authToken.trim() ? prev.authToken.trim() : undefined
+  }
+  const out: DiskDeviceConfig = {}
+  if (email) out.email = email
+  if (token) out.authToken = token
+  await fs.mkdir(CONFIG_DIR, { recursive: true })
+  await fs.writeFile(DEVICE_CONFIG_FILE, JSON.stringify(out, null, 2))
+}
+
+/** If AI cache is empty but we have a device JWT, try GET /config/ai once (non-fatal). */
+async function maybeFetchAiConfigIfMissing(): Promise<void> {
+  if (hasAiCredentials()) return
+  const jwt = await readDeviceAuthToken()
+  if (!jwt) return
+  const ok = await fetchAiConfig(jwt)
+  if (!ok && !hasAiCredentials()) {
+    const cfg = await readConfig()
+    console.warn(`[CLI] No AI key in ai-config.json yet. Could not sync from ${cfg.apiUrl}/config/ai — agent prompts will fail until this succeeds.`)
+  }
+}
+
+function scheduleAiConfigSync(authToken: string): void {
+  void fetchAiConfig(authToken).then((ok) => {
+    if (!ok && !hasAiCredentials()) {
+      console.warn('[CLI] AI config sync failed; check backend /config/ai and apiUrl.')
+    }
+  })
+}
+
 async function getDeviceId(): Promise<string> {
   try {
     const data = await fs.readFile(DEVICE_ID_FILE, 'utf-8')
@@ -147,6 +223,21 @@ async function connect(): Promise<Socket> {
   })
 }
 
+// ============ Version Helpers ============
+
+/** Read CLI version from the npm package.json (works when installed via npm i -g @exreve/exk) */
+function getCliVersion(): string {
+  try {
+    // When installed via npm, package.json is at ../package.json relative to index.ts
+    const pkgPath = path.join(__dirname, 'package.json')
+    const raw = fsSync.readFileSync(pkgPath, 'utf-8')
+    const pkg = JSON.parse(raw) as { version?: string }
+    return pkg.version || '0.0.0'
+  } catch {
+    return '0.0.0'
+  }
+}
+
 // ============ Update Helpers ============
 
 type UpdateCheckResponse = {
@@ -262,9 +353,8 @@ async function registerDevice(name: string | undefined, email: string | undefine
     let deviceEmail = email
 
     // If we already have a valid token, skip approval email and just register
-    const deviceConfigFile = path.join(CONFIG_DIR, 'device-config.json')
     try {
-      const deviceConfig = JSON.parse(await fs.readFile(deviceConfigFile, 'utf-8'))
+      const deviceConfig = await readDiskDeviceConfig()
       const existingToken = deviceConfig.authToken
       if (existingToken && typeof existingToken === 'string') {
         const config = await readConfig()
@@ -282,7 +372,8 @@ async function registerDevice(name: string | undefined, email: string | undefine
               name: name || `CLI Device ${deviceId.slice(0, 8)}`,
               ipAddress: getLocalIpAddress(),
               hostname: getHostname(),
-              email: deviceEmail
+              email: deviceEmail,
+              cliVersion: getCliVersion()
             }, ({ success, device, error }: {
               success: boolean
               device?: Device
@@ -391,11 +482,7 @@ async function registerDevice(name: string | undefined, email: string | undefine
       const token = await checkApproval()
       if (token) {
         // Device approved! Store permanent token
-        const deviceConfigFile = path.join(CONFIG_DIR, 'device-config.json')
-        await fs.writeFile(deviceConfigFile, JSON.stringify({
-          email: deviceEmail,
-          authToken: token
-        }, null, 2))
+        await writeDeviceConfigMerged({ email: deviceEmail, authToken: token })
 
         console.log(`\n✓ Device approved!`)
 
@@ -408,7 +495,8 @@ async function registerDevice(name: string | undefined, email: string | undefine
             name: name || `CLI Device ${deviceId.slice(0, 8)}`,
             ipAddress: getLocalIpAddress(),
             hostname: getHostname(),
-            email: deviceEmail
+            email: deviceEmail,
+            cliVersion: getCliVersion()
           }, ({ success, device, error }: {
             success: boolean
             device?: Device
@@ -630,6 +718,8 @@ async function runDaemon(foreground = false, email?: string): Promise<void> {
   }
   console.log('')
 
+  await maybeFetchAiConfigIfMissing()
+
   let socket: Socket | null = null
   let reconnectTimeout: ReturnType<typeof setTimeout> | null = null
   let reconnectAttempts = 0
@@ -1681,7 +1771,6 @@ async function runDaemon(foreground = false, email?: string): Promise<void> {
         }
 
         // Check for auth token: env TTC_AUTH_TOKEN or device-config.json (from previous approval)
-        const deviceConfigFile = path.join(CONFIG_DIR, 'device-config.json')
         let authToken = process.env.TTC_AUTH_TOKEN
         let deviceEmail: string | undefined = email
         let skipEmailFlow = false
@@ -1689,7 +1778,7 @@ async function runDaemon(foreground = false, email?: string): Promise<void> {
         // Load from device-config if no env token (reuse state from previous approval)
         if (!authToken) {
           try {
-            const deviceConfig = JSON.parse(await fs.readFile(deviceConfigFile, 'utf-8'))
+            const deviceConfig = await readDiskDeviceConfig()
             authToken = deviceConfig.authToken
             if (!deviceEmail && deviceConfig.email) deviceEmail = deviceConfig.email
           } catch {
@@ -1721,7 +1810,7 @@ async function runDaemon(foreground = false, email?: string): Promise<void> {
         // Load device email from config if not using token and not provided
         if (!deviceEmail && !skipEmailFlow) {
           try {
-            const deviceConfig = JSON.parse(await fs.readFile(deviceConfigFile, 'utf-8'))
+            const deviceConfig = await readDiskDeviceConfig()
             deviceEmail = deviceConfig.email
           } catch {
             // No device config yet
@@ -1741,6 +1830,7 @@ async function runDaemon(foreground = false, email?: string): Promise<void> {
             ipAddress,
             hostname,
             email: deviceEmail,
+            cliVersion: getCliVersion(),
             // When using auth token, include the token for verification
             authToken: skipEmailFlow ? authToken : undefined
           }, ({ success, needsApproval, message, device, error }: {
@@ -1760,19 +1850,20 @@ async function runDaemon(foreground = false, email?: string): Promise<void> {
               } else {
                 console.log(`Device registered: ${device.name}${device.approved ? ' (approved)' : ' (pending approval)'}`)
               }
-              // Save config: email + authToken (preserve token so next run can reuse)
+              // Save config: merge email; keep existing file authToken if in-memory token absent
               if (device.email) {
-                const toSave = { email: device.email, ...(authToken ? { authToken } : {}) }
-                fs.writeFile(deviceConfigFile, JSON.stringify(toSave, null, 2)).catch(() => {})
+                void writeDeviceConfigMerged({
+                  email: device.email,
+                  ...(authToken ? { authToken } : {}),
+                }).catch(() => {})
               }
-              // Fetch AI config from server (non-blocking, runs on each heartbeat)
               if (authToken) {
-                fetchAiConfig(authToken).catch(() => {})
+                scheduleAiConfigSync(authToken)
               }
             } else if (needsApproval) {
-              // Persist email when approval was requested so restarts don't prompt again
+              // Persist email when approval was requested; do not wipe authToken
               if (deviceEmail) {
-                fs.writeFile(deviceConfigFile, JSON.stringify({ email: deviceEmail }, null, 2)).catch(() => {})
+                void writeDeviceConfigMerged({ email: deviceEmail }).catch(() => {})
               }
               // Only log once to avoid flooding logs every 30s on heartbeat
               if (!needsApprovalLoggedOnce) {
@@ -1809,6 +1900,117 @@ async function runDaemon(foreground = false, email?: string): Promise<void> {
         ;(socket as any).heartbeatInterval = heartbeatInterval
       })
 
+      // ========== Version & Update Handlers ==========
+
+      // Respond with CLI version info
+      socket.on('version:info', (_data: Record<string, never>, callback: (response: {
+        success: boolean
+        version?: string
+        hash?: string
+        date?: string
+        nodeVersion?: string
+        platform?: string
+        arch?: string
+        error?: string
+      }) => void) => {
+        callback({
+          success: true,
+          version: getCliVersion(),
+          hash: getCliHash(),
+          date: new Date().toISOString(),
+          nodeVersion: process.version,
+          platform: os.platform(),
+          arch: os.arch()
+        })
+      })
+
+      // Force update: npm update -g @exreve/exk then restart PM2
+      socket.on('force-update', (_data: Record<string, never>, callback: (response: {
+        success: boolean
+        message?: string
+        error?: string
+      }) => void) => {
+        if (foreground) {
+          console.log('[force-update] Received force update command from server')
+        }
+
+        callback?.({ success: true, message: 'Update initiated' })
+
+        // Run npm update in background, then restart
+        const npmPaths = [
+          path.join(os.homedir(), '.nvm/versions/node/v22/bin/npm'),
+          path.join(os.homedir(), '.nvm/versions/node/v20/bin/npm')
+        ]
+        const npmBin = npmPaths.find(p => fsSync.existsSync(p)) || 'npm'
+
+        const updateProcess = spawn(npmBin, ['update', '-g', '@exreve/exk'], {
+          stdio: 'pipe',
+          detached: true
+        })
+
+        let output = ''
+        updateProcess.stdout?.on('data', (d: Buffer) => { output += d.toString() })
+        updateProcess.stderr?.on('data', (d: Buffer) => { output += d.toString() })
+
+        updateProcess.on('close', (code) => {
+          if (foreground) {
+            console.log(`[force-update] npm update exited with code ${code}`)
+            if (output) console.log(output)
+          }
+
+          // Restart PM2 process "cli" after a short delay
+          setTimeout(() => {
+            try {
+              execSync('pm2 restart cli', { stdio: 'inherit' })
+            } catch {
+              // If pm2 restart fails, just exit and let pm2 restart us
+              process.exit(0)
+            }
+          }, 2000)
+        })
+
+        updateProcess.on('error', (err) => {
+          if (foreground) {
+            console.error(`[force-update] npm update failed: ${err.message}`)
+          }
+        })
+      })
+
+      // ========== update:start handler (legacy compatibility) ==========
+      socket.on('update:start', (_data: Record<string, never>, callback: (response: {
+        success: boolean
+        message?: string
+        error?: string
+      }) => void) => {
+        // Use npm-based self-update
+        if (foreground) {
+          console.log('[update:start] Starting npm self-update...')
+        }
+
+        callback?.({ success: true, message: 'Update started via npm' })
+
+        const npmPaths = [
+          path.join(os.homedir(), '.nvm/versions/node/v22/bin/npm'),
+          path.join(os.homedir(), '.nvm/versions/node/v20/bin/npm')
+        ]
+        const npmBin = npmPaths.find(p => fsSync.existsSync(p)) || 'npm'
+
+        const updateProcess = spawn(npmBin, ['update', '-g', '@exreve/exk'], {
+          stdio: 'pipe',
+          detached: true
+        })
+
+        updateProcess.on('close', () => {
+          setTimeout(() => {
+            try {
+              execSync('pm2 restart cli', { stdio: 'inherit' })
+            } catch {
+              process.exit(0)
+            }
+          }, 2000)
+        })
+      })
+
       // Cloudflared handlers
       socket.on('cloudflared:check:request', async () => {
         try {
@@ -2626,7 +2828,7 @@ const program = new Command()
 program
   .name('exk')
   .description('exk - Control Claude CLI with voice and programmable interfaces')
-  .version('1.0.0')
+  .version(getCliVersion())
 
 // Config command
 program
@@ -2655,41 +2857,48 @@ program
       // First register the device
       await registerDevice(undefined, email)
 
-      // After successful registration, install as service (Linux only)
+      // After successful registration, install as PM2 service (Linux/macOS only)
       if (process.platform === 'win32') {
         console.log('\n✓ Device registered.')
         console.log('On Windows, run the daemon manually: exk daemon')
       } else {
         console.log('\n📦 Installing exk daemon with pm2...')
-        // install-service.sh: bundled at __dirname (npm package root)
-        let installScript = path.join(__dirname, 'install-service.sh')
-        const scriptDir = path.dirname(installScript)
 
-        // Determine paths for the npm-installed package
-        const pkgDir = path.resolve(__dirname)
         const exkBin = process.argv[1] || 'exk'
 
         try {
-          await fs.access(installScript)
-          const { execSync } = await import('child_process')
-          execSync(`bash "${installScript}"`, {
-            stdio: 'inherit',
-            cwd: scriptDir,
-            env: {
-              ...process.env,
-              INSTALL_DIR: CONFIG_DIR,
-              EXK_PKG_DIR: pkgDir,
-              EXK_BIN: exkBin,
-              BINARY_PATH: exkBin
-            }
+          // Check if pm2 is installed
+          try {
+            execSync('which pm2', { stdio: 'ignore' })
+          } catch {
+            console.log('Installing pm2...')
+            execSync('npm i -g pm2', { stdio: 'inherit' })
+          }
+
+          // Start exk daemon with pm2
+          execSync(`pm2 start "${exkBin}" --name cli -- daemon`, {
+            stdio: 'inherit'
           })
+
+          // Save pm2 process list for auto-restart on reboot
+          try {
+            execSync('pm2 save', { stdio: 'inherit' })
+          } catch {
+            // Non-critical
+          }
+
           console.log('\n✓ exk installation complete!')
           console.log('The service is now running in the background.')
-        } catch (scriptErr: unknown) {
-          const err = scriptErr as Error
-          console.log('\n⚠ Service installation had issues, but device is registered.')
-          const execErr = err as { stderr?: Buffer; stdout?: Buffer }
-          const errDetail = execErr.stderr?.toString() || execErr.stdout?.toString() || err.message
+          console.log('\nUseful commands:')
+          console.log('  pm2 logs cli     - View logs')
+          console.log('  pm2 restart cli  - Restart service')
+          console.log('  pm2 stop cli     - Stop service')
+          console.log('  pm2 delete cli   - Remove service')
+        } catch (err: unknown) {
+          const error = err as Error
+          console.log('\n⚠ PM2 installation had issues, but device is registered.')
+          const execErr = error as { stderr?: Buffer; stdout?: Buffer }
+          const errDetail = execErr.stderr?.toString() || execErr.stdout?.toString() || error.message
           if (errDetail) console.error('Error:', errDetail)
           console.log('You can start the daemon manually with: exk daemon')
         }
@@ -2720,23 +2929,18 @@ program
 
     if (process.platform === 'win32') {
       console.log('On Windows there is no service to remove.')
-      console.log('To remove exk completely: npm uninstall -g exk')
+      console.log('To remove exk completely: npm uninstall -g @exreve/exk')
     } else {
-      let installScript = path.join(__dirname, 'install-service.sh')
-      const scriptDir = path.dirname(installScript)
       try {
-        await fs.access(installScript)
-        const { execSync } = await import('child_process')
-        execSync(`bash "${installScript}" --uninstall`, {
-          stdio: 'inherit',
-          cwd: scriptDir,
-          env: { ...process.env, PATH: process.env.PATH }
-        })
+        execSync('pm2 delete cli', { stdio: 'inherit' })
+        try {
+          execSync('pm2 save', { stdio: 'inherit' })
+        } catch { /* non-critical */ }
         console.log('\n✓ Service uninstalled!')
-        console.log('To remove the package completely: npm uninstall -g exk')
-      } catch (error) {
-        console.log('\n⚠ Service uninstall script not found or failed.')
-        console.log('To remove exk: npm uninstall -g exk')
+        console.log('To remove the package completely: npm uninstall -g @exreve/exk')
+      } catch {
+        console.log('\n⚠ PM2 service not found or already removed.')
+        console.log('To remove exk: npm uninstall -g @exreve/exk')
         console.log('  rm -rf ~/.talk-to-code')
       }
     }
@@ -2745,13 +2949,48 @@ program
     process.exit(0)
   })
 
-// Update command
+// Update command - uses npm to update the global package
 program
   .command('update')
-  .description('Check for and apply CLI updates')
+  .description('Update exk to the latest version via npm')
   .option('-f, --force', 'Update without confirmation')
   .action(async (options: { force?: boolean }) => {
-    await selfUpdate(options.force)
+    const currentVersion = getCliVersion()
+    console.log(`Current version: ${currentVersion}`)
+
+    // Check latest version from npm
+    try {
+      const latestVersion = execSync('npm view @exreve/exk version', { encoding: 'utf-8' }).trim()
+      console.log(`Latest version: ${latestVersion}`)
+
+      if (latestVersion === currentVersion) {
+        console.log('✓ Already up to date')
+        process.exit(0)
+      }
+
+      if (!options.force && process.stdin.isTTY) {
+        const rl = readline.createInterface({ input: process.stdin, output: process.stdout })
+        const answer = await new Promise<string>(r => rl.question('Update now? [Y/n] ', a => { rl.close(); r(a.trim()) }))
+        if (answer.toLowerCase().startsWith('n')) {
+          process.exit(0)
+        }
+      }
+
+      console.log('Updating...')
+      execSync('npm i -g @exreve/exk@latest', { stdio: 'inherit' })
+      console.log(`\n✓ Updated to ${latestVersion}`)
+
+      // Restart PM2 if running
+      try {
+        execSync('pm2 restart cli', { stdio: 'inherit' })
+      } catch {
+        // Not running under PM2, that's fine
+      }
+    } catch (error: any) {
+      console.error('Update failed:', error.message)
+      process.exit(1)
+    }
+
     process.exit(0)
   })
 
@@ -2759,14 +2998,23 @@ program
   .command('check-update')
   .description('Check for updates')
   .action(async () => {
-    const info = await checkForUpdate()
-    if (!info) process.exit(1)
-    if (!info.updateAvailable) {
-      console.log('✓ Up to date')
-      process.exit(0)
+    const currentVersion = getCliVersion()
+    console.log(`Current version: ${currentVersion}`)
+
+    try {
+      const latestVersion = execSync('npm view @exreve/exk version', { encoding: 'utf-8' }).trim()
+      console.log(`Latest version: ${latestVersion}`)
+
+      if (latestVersion === currentVersion) {
+        console.log('✓ Up to date')
+      } else {
+        console.log(`📦 Update available: ${currentVersion} → ${latestVersion}`)
+        console.log('Run "exk update" to install')
+      }
+    } catch (error: any) {
+      console.error('Failed to check for updates:', error.message)
+      process.exit(1)
     }
-    console.log('📦 Update available')
-    console.log('Run "exk update" to install')
     process.exit(0)
   })
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@exreve/exk",
-  "version": "1.0.1",
+  "version": "1.0.3",
   "description": "exk - Control Claude CLI with voice and programmable interfaces",
   "type": "module",
   "bin": {

package/projectAnalyzer.ts

@@ -1,9 +1,9 @@
 import { v4 as uuidv4 } from 'uuid'
 import fs from 'fs/promises'
 import path from 'path'
-import type { ProjectConfig } from './shared/types'
-import { agentSessionManager } from './agentSession'
-import type { SessionOutput } from './shared/types'
+import type { ProjectConfig } from './shared/types.js'
+import { agentSessionManager } from './agentSession.js'
+import type { SessionOutput } from './shared/types.js'
 
 const CONFIG_FILENAME = '.claude-voice.json'
 

package/runnerGenerator.ts

@@ -1,4 +1,4 @@
-import type { ProjectApp } from './shared/types'
+import type { ProjectApp } from './shared/types.js'
 
 /**
  * Generate TypeScript runner code for an app