@h-rig/cli 0.0.6-alpha.87 → 0.0.6-alpha.89

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (78) hide show
  1. package/dist/bin/rig.js +1380 -865
  2. package/dist/src/app/board.js +462 -48
  3. package/dist/src/app-opentui/adapters/common.d.ts +3 -0
  4. package/dist/src/app-opentui/adapters/common.js +4 -0
  5. package/dist/src/app-opentui/adapters/doctor.js +458 -46
  6. package/dist/src/app-opentui/adapters/family.js +701 -151
  7. package/dist/src/app-opentui/adapters/fleet.js +477 -46
  8. package/dist/src/app-opentui/adapters/inbox.js +477 -46
  9. package/dist/src/app-opentui/adapters/init.js +497 -74
  10. package/dist/src/app-opentui/adapters/inspect.js +477 -46
  11. package/dist/src/app-opentui/adapters/pi-attach.d.ts +7 -0
  12. package/dist/src/app-opentui/adapters/pi-attach.js +1004 -519
  13. package/dist/src/app-opentui/adapters/run-detail.js +477 -46
  14. package/dist/src/app-opentui/adapters/server.d.ts +26 -0
  15. package/dist/src/app-opentui/adapters/server.js +676 -59
  16. package/dist/src/app-opentui/adapters/tasks.js +621 -549
  17. package/dist/src/app-opentui/autocomplete.js +4 -2
  18. package/dist/src/app-opentui/bootstrap.js +1376 -861
  19. package/dist/src/app-opentui/command-palette.js +37 -10
  20. package/dist/src/app-opentui/index.js +632 -528
  21. package/dist/src/app-opentui/intent.js +33 -8
  22. package/dist/src/app-opentui/keymap.js +43 -414
  23. package/dist/src/app-opentui/pi-host-child.js +496 -57
  24. package/dist/src/app-opentui/pi-pty-host.d.ts +14 -64
  25. package/dist/src/app-opentui/pi-pty-host.js +3 -397
  26. package/dist/src/app-opentui/react/App.js +144 -469
  27. package/dist/src/app-opentui/react/ChromeHost.js +44 -415
  28. package/dist/src/app-opentui/react/launch.js +659 -552
  29. package/dist/src/app-opentui/react/nav.js +1 -1
  30. package/dist/src/app-opentui/registry.js +1181 -742
  31. package/dist/src/app-opentui/remote-link.d.ts +10 -0
  32. package/dist/src/app-opentui/remote-link.js +47 -0
  33. package/dist/src/app-opentui/render/terminal-handoff.d.ts +16 -0
  34. package/dist/src/app-opentui/render/terminal-handoff.js +14 -0
  35. package/dist/src/app-opentui/runtime.js +632 -528
  36. package/dist/src/app-opentui/scenes/doctor.js +1 -1
  37. package/dist/src/app-opentui/scenes/error.js +50 -4
  38. package/dist/src/app-opentui/scenes/family.js +60 -6
  39. package/dist/src/app-opentui/scenes/fleet.js +65 -13
  40. package/dist/src/app-opentui/scenes/help.js +4 -2
  41. package/dist/src/app-opentui/scenes/init.js +12 -12
  42. package/dist/src/app-opentui/scenes/main.js +7 -7
  43. package/dist/src/app-opentui/scenes/server.js +83 -11
  44. package/dist/src/app-opentui/scenes/tasks.js +79 -16
  45. package/dist/src/app-opentui/state.js +25 -5
  46. package/dist/src/app-opentui/surface-catalog.js +4 -2
  47. package/dist/src/app-opentui/types.d.ts +1 -1
  48. package/dist/src/commands/_cli-format.d.ts +10 -1
  49. package/dist/src/commands/_cli-format.js +5 -2
  50. package/dist/src/commands/_connection-state.d.ts +11 -1
  51. package/dist/src/commands/_connection-state.js +50 -5
  52. package/dist/src/commands/_doctor-checks.js +458 -46
  53. package/dist/src/commands/_help-catalog.js +4 -2
  54. package/dist/src/commands/_json-output.js +4 -0
  55. package/dist/src/commands/_operator-view.js +496 -57
  56. package/dist/src/commands/_pi-frontend.d.ts +25 -0
  57. package/dist/src/commands/_pi-frontend.js +497 -57
  58. package/dist/src/commands/_preflight.js +509 -72
  59. package/dist/src/commands/_server-client.d.ts +33 -0
  60. package/dist/src/commands/_server-client.js +477 -46
  61. package/dist/src/commands/_server-events.js +446 -41
  62. package/dist/src/commands/_snapshot-upload.js +460 -48
  63. package/dist/src/commands/connect.js +620 -15
  64. package/dist/src/commands/doctor.js +458 -46
  65. package/dist/src/commands/github.js +462 -50
  66. package/dist/src/commands/inbox.js +458 -46
  67. package/dist/src/commands/init.js +497 -74
  68. package/dist/src/commands/inspect.js +458 -46
  69. package/dist/src/commands/run.js +496 -57
  70. package/dist/src/commands/server.js +647 -163
  71. package/dist/src/commands/setup.js +463 -51
  72. package/dist/src/commands/stats.js +462 -48
  73. package/dist/src/commands/task-run-driver.js +464 -52
  74. package/dist/src/commands/task.js +551 -85
  75. package/dist/src/commands.js +701 -151
  76. package/dist/src/index.js +705 -151
  77. package/dist/src/launcher.js +4 -0
  78. package/package.json +8 -8
@@ -1,7 +1,7 @@
1
1
  // @bun
2
2
  // packages/cli/src/commands/_server-client.ts
3
- import { existsSync as existsSync2, readFileSync as readFileSync2 } from "fs";
4
- import { resolve as resolve2 } from "path";
3
+ import { existsSync as existsSync2, mkdirSync as mkdirSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "fs";
4
+ import { dirname as dirname2, isAbsolute, resolve as resolve2 } from "path";
5
5
 
6
6
  // packages/cli/src/runner.ts
7
7
  import { EventBus } from "@rig/runtime/control-plane/runtime/events";
@@ -93,12 +93,28 @@ function readRepoConnection(projectRoot) {
93
93
  selected,
94
94
  project: typeof record.project === "string" ? record.project : undefined,
95
95
  linkedAt: typeof record.linkedAt === "string" ? record.linkedAt : undefined,
96
- serverProjectRoot: typeof record.serverProjectRoot === "string" && record.serverProjectRoot.trim() ? record.serverProjectRoot.trim() : undefined
96
+ serverProjectRoot: typeof record.serverProjectRoot === "string" && record.serverProjectRoot.trim() ? record.serverProjectRoot.trim() : undefined,
97
+ serverProjectRootAlias: typeof record.serverProjectRootAlias === "string" && record.serverProjectRootAlias.trim() ? record.serverProjectRootAlias.trim() : undefined,
98
+ serverProjectRootBaseUrl: typeof record.serverProjectRootBaseUrl === "string" && record.serverProjectRootBaseUrl.trim() ? record.serverProjectRootBaseUrl.trim().replace(/\/+$/, "") : undefined
97
99
  };
98
100
  }
99
101
  function writeRepoConnection(projectRoot, state) {
100
102
  writeJsonFile(resolveRepoConnectionPath(projectRoot), state);
101
103
  }
104
+ function rootAllowedForSelection(repo, connection) {
105
+ const root = repo.serverProjectRoot?.trim();
106
+ if (!root)
107
+ return;
108
+ if (connection.kind === "remote") {
109
+ if (repo.serverProjectRootAlias !== repo.selected)
110
+ return;
111
+ if (repo.serverProjectRootBaseUrl !== connection.baseUrl)
112
+ return;
113
+ } else if (repo.serverProjectRootAlias && repo.serverProjectRootAlias !== repo.selected) {
114
+ return;
115
+ }
116
+ return root;
117
+ }
102
118
  function resolveSelectedConnection(projectRoot, options = {}) {
103
119
  const repo = readRepoConnection(projectRoot);
104
120
  if (!repo)
@@ -110,13 +126,41 @@ function resolveSelectedConnection(projectRoot, options = {}) {
110
126
  if (!connection) {
111
127
  throw new CliError(`Selected Rig server "${repo.selected}" was not found. Run \`rig server list\` or \`rig server use local\`.`, 1);
112
128
  }
113
- return { alias: repo.selected, connection, serverProjectRoot: repo.serverProjectRoot };
129
+ return { alias: repo.selected, connection, serverProjectRoot: rootAllowedForSelection(repo, connection) };
130
+ }
131
+ function writeRepoServerProjectRoot(projectRoot, serverProjectRoot, metadata = {}) {
132
+ const repo = readRepoConnection(projectRoot);
133
+ if (!repo)
134
+ return;
135
+ let inferred = metadata;
136
+ if (!inferred.alias || !inferred.baseUrl) {
137
+ try {
138
+ const selected = resolveSelectedConnection(projectRoot);
139
+ if (selected?.connection.kind === "remote") {
140
+ inferred = {
141
+ alias: inferred.alias ?? selected.alias,
142
+ baseUrl: inferred.baseUrl ?? selected.connection.baseUrl
143
+ };
144
+ }
145
+ } catch {}
146
+ }
147
+ writeRepoConnection(projectRoot, {
148
+ ...repo,
149
+ ...metadata.project ? { project: metadata.project } : {},
150
+ serverProjectRoot,
151
+ ...inferred.alias ? { serverProjectRootAlias: inferred.alias } : {},
152
+ ...inferred.baseUrl ? { serverProjectRootBaseUrl: inferred.baseUrl.replace(/\/+$/, "") } : {}
153
+ });
114
154
  }
115
- function writeRepoServerProjectRoot(projectRoot, serverProjectRoot) {
155
+ function clearRepoServerProjectRoot(projectRoot) {
116
156
  const repo = readRepoConnection(projectRoot);
117
157
  if (!repo)
118
158
  return;
119
- writeRepoConnection(projectRoot, { ...repo, serverProjectRoot });
159
+ writeRepoConnection(projectRoot, {
160
+ selected: repo.selected,
161
+ ...repo.project ? { project: repo.project } : {},
162
+ ...repo.linkedAt ? { linkedAt: repo.linkedAt } : {}
163
+ });
120
164
  }
121
165
 
122
166
  // packages/cli/src/commands/_server-client.ts
@@ -162,11 +206,10 @@ function readStoredGitHubAuthToken(projectRoot) {
162
206
  const parsed = readRemoteAuthState(projectRoot);
163
207
  return parsed ? cleanToken(typeof parsed.token === "string" ? parsed.token : undefined) : null;
164
208
  }
165
- function inferRemoteServerProjectRootFromAuthState(projectRoot) {
166
- const repo = readRepoConnection(projectRoot);
167
- const slug = repo?.project?.trim();
168
- if (!slug || !/^[^/]+\/[^/]+$/.test(slug))
209
+ function inferRemoteServerProjectRootCandidateFromAuthState(projectRoot, repoSlug) {
210
+ if (!/^[^/]+\/[^/]+$/.test(repoSlug))
169
211
  return null;
212
+ const repo = readRepoConnection(projectRoot);
170
213
  const auth = readRemoteAuthState(projectRoot);
171
214
  const authUpdatedAt = typeof auth?.updatedAt === "string" ? Date.parse(auth.updatedAt) : Number.NaN;
172
215
  const repoLinkedAt = typeof repo?.linkedAt === "string" ? Date.parse(repo.linkedAt) : Number.NaN;
@@ -175,25 +218,413 @@ function inferRemoteServerProjectRootFromAuthState(projectRoot) {
175
218
  const checkoutBaseDir = typeof auth?.checkoutBaseDir === "string" && auth.checkoutBaseDir.trim() ? auth.checkoutBaseDir.trim() : null;
176
219
  if (!checkoutBaseDir)
177
220
  return null;
178
- const inferred = `${checkoutBaseDir.replace(/\/+$/, "")}/${slug}`;
179
- writeRepoServerProjectRoot(projectRoot, inferred);
180
- return inferred;
221
+ return `${checkoutBaseDir.replace(/\/+$/, "")}/${repoSlug}`;
181
222
  }
182
223
  function readLocalConnectionFallbackToken(projectRoot) {
183
224
  return readGitHubBearerTokenForRemote(projectRoot) ?? cleanToken(process.env.RIG_GITHUB_TOKEN) ?? readStoredGitHubAuthToken(projectRoot);
184
225
  }
226
+ function normalizeRepoSlug(value) {
227
+ const slug = value?.trim();
228
+ return slug && /^[^/\s]+\/[^/\s]+$/.test(slug) ? slug : null;
229
+ }
230
+ function readProjectLinkSlug(projectRoot) {
231
+ const path = resolve2(projectRoot, ".rig", "state", "project-link.json");
232
+ if (!existsSync2(path))
233
+ return null;
234
+ try {
235
+ const parsed = JSON.parse(readFileSync2(path, "utf8"));
236
+ if (!parsed || typeof parsed !== "object" || Array.isArray(parsed))
237
+ return null;
238
+ return normalizeRepoSlug(typeof parsed.repoSlug === "string" ? String(parsed.repoSlug) : null);
239
+ } catch {
240
+ return null;
241
+ }
242
+ }
243
+ function writeProjectLinkConnection(projectRoot, repoSlug, alias) {
244
+ const path = resolve2(projectRoot, ".rig", "state", "project-link.json");
245
+ mkdirSync2(dirname2(path), { recursive: true });
246
+ writeFileSync2(path, `${JSON.stringify({ repoSlug, connection: alias, linkedAt: new Date().toISOString() }, null, 2)}
247
+ `, "utf8");
248
+ }
249
+ function remoteLinkRepairCommand(repoSlug) {
250
+ return repoSlug ? `rig server repair-link --repo ${repoSlug}` : "rig server repair-link --repo owner/repo";
251
+ }
252
+ function formatRemoteProjectLinkHint(resolution) {
253
+ const repair = remoteLinkRepairCommand(resolution.repoSlug);
254
+ if (resolution.status === "auth_required") {
255
+ return `Authenticate the selected remote${resolution.alias ? ` (${resolution.alias})` : ""}, then run \`${repair}\`. Use \`rig github auth import-gh\` or \`rig init --repair --server remote --github-auth device${resolution.repoSlug ? ` --repo ${resolution.repoSlug}` : ""}\`.`;
256
+ }
257
+ if (resolution.status === "missing_project") {
258
+ return `Record the repo slug, then run \`${repair}\` (or \`rig init --repo owner/repo --server remote --github-auth device\`).`;
259
+ }
260
+ if (resolution.status === "not_remote")
261
+ return "Select a remote server with `rig server use <alias>` before repairing a remote project link.";
262
+ return `Run \`${repair}\` to backfill or prepare a server-host checkout for the selected remote${resolution.alias ? ` (${resolution.alias})` : ""}.`;
263
+ }
264
+ function remoteProjectLinkFailure(input) {
265
+ const partial = {
266
+ status: input.status,
267
+ alias: input.alias,
268
+ baseUrl: input.baseUrl,
269
+ repoSlug: input.repoSlug
270
+ };
271
+ return {
272
+ ok: false,
273
+ ...input,
274
+ hint: formatRemoteProjectLinkHint(partial),
275
+ next: remoteLinkRepairCommand(input.repoSlug)
276
+ };
277
+ }
278
+ function remoteProjectLinkSuccess(input) {
279
+ return {
280
+ ok: true,
281
+ status: input.status,
282
+ alias: input.alias,
283
+ baseUrl: input.baseUrl,
284
+ repoSlug: input.repoSlug,
285
+ serverProjectRoot: input.serverProjectRoot,
286
+ source: input.source,
287
+ prepared: input.prepared ?? input.status === "prepared",
288
+ validated: input.validated ?? false,
289
+ message: input.message ?? `Remote project link ready for ${input.repoSlug}.`,
290
+ hint: "Remote-scoped task/run/status requests will send x-rig-project-root for this server-host checkout.",
291
+ next: "rig task list"
292
+ };
293
+ }
294
+ function localCheckoutPathCandidate(projectRoot, candidate) {
295
+ try {
296
+ const local = resolve2(projectRoot);
297
+ const resolved = resolve2(candidate);
298
+ return resolved === local || resolved.startsWith(`${local}/`);
299
+ } catch {
300
+ return false;
301
+ }
302
+ }
303
+ async function requestRemoteProjectLinkJson(baseUrl, pathname, authToken, init = {}) {
304
+ const requestUrl = new URL(`${baseUrl}${pathname}`);
305
+ if (authToken && queryAuthFallbackEnabled())
306
+ requestUrl.searchParams.set("rt", authToken);
307
+ const response = await fetch(requestUrl, {
308
+ ...init,
309
+ headers: mergeHeaders(init.headers, authToken)
310
+ });
311
+ const text = await response.text();
312
+ const payload = text.trim().length > 0 ? (() => {
313
+ try {
314
+ return JSON.parse(text);
315
+ } catch {
316
+ return null;
317
+ }
318
+ })() : null;
319
+ return { ok: response.ok, status: response.status, payload, text };
320
+ }
321
+ function payloadError(payload, fallback) {
322
+ if (payload && typeof payload === "object" && !Array.isArray(payload)) {
323
+ const record = payload;
324
+ const value = record.error ?? record.message ?? record.reason;
325
+ if (typeof value === "string" && value.trim())
326
+ return value.trim();
327
+ }
328
+ return fallback;
329
+ }
330
+ function checkoutPathsFromProjectPayload(payload) {
331
+ if (!payload || typeof payload !== "object" || Array.isArray(payload))
332
+ return [];
333
+ const project = payload.project;
334
+ if (!project || typeof project !== "object" || Array.isArray(project))
335
+ return [];
336
+ const checkouts = project.checkouts;
337
+ if (!Array.isArray(checkouts))
338
+ return [];
339
+ return [...checkouts].reverse().flatMap((entry) => {
340
+ if (!entry || typeof entry !== "object" || Array.isArray(entry))
341
+ return [];
342
+ const path = entry.path;
343
+ return typeof path === "string" && path.trim() ? [path.trim()] : [];
344
+ });
345
+ }
346
+ function checkoutPathFromPreparePayload(payload) {
347
+ if (!payload || typeof payload !== "object" || Array.isArray(payload))
348
+ return null;
349
+ const checkout = payload.checkout;
350
+ if (!checkout || typeof checkout !== "object" || Array.isArray(checkout))
351
+ return null;
352
+ const path = checkout.path;
353
+ return typeof path === "string" && path.trim() ? path.trim() : null;
354
+ }
355
+ async function validateAndPersistRemoteRoot(input) {
356
+ const candidate = input.candidate.trim();
357
+ if (!candidate || !isAbsolute(candidate)) {
358
+ return remoteProjectLinkFailure({
359
+ status: "invalid_root",
360
+ alias: input.alias,
361
+ baseUrl: input.baseUrl,
362
+ repoSlug: input.repoSlug,
363
+ message: `Remote project root candidate is not an absolute server-host path: ${candidate || "(empty)"}.`
364
+ });
365
+ }
366
+ if (localCheckoutPathCandidate(input.projectRoot, candidate)) {
367
+ return remoteProjectLinkFailure({
368
+ status: "invalid_root",
369
+ alias: input.alias,
370
+ baseUrl: input.baseUrl,
371
+ repoSlug: input.repoSlug,
372
+ message: `Refusing to use local checkout path ${candidate} as a remote server project root.`
373
+ });
374
+ }
375
+ let response;
376
+ try {
377
+ response = await requestRemoteProjectLinkJson(input.baseUrl, "/api/server/project-root", input.authToken, {
378
+ method: "POST",
379
+ headers: { "content-type": "application/json" },
380
+ body: JSON.stringify({ projectRoot: candidate })
381
+ });
382
+ } catch (error) {
383
+ return remoteProjectLinkFailure({
384
+ status: "error",
385
+ alias: input.alias,
386
+ baseUrl: input.baseUrl,
387
+ repoSlug: input.repoSlug,
388
+ message: `Could not validate remote project root ${candidate}: ${error instanceof Error ? error.message : String(error)}`
389
+ });
390
+ }
391
+ if (response.status === 401 || response.status === 403) {
392
+ return remoteProjectLinkFailure({
393
+ status: "auth_required",
394
+ alias: input.alias,
395
+ baseUrl: input.baseUrl,
396
+ repoSlug: input.repoSlug,
397
+ statusCode: response.status,
398
+ message: `Remote server ${input.alias} requires authentication before validating project root ${candidate}.`
399
+ });
400
+ }
401
+ if (!response.ok) {
402
+ return remoteProjectLinkFailure({
403
+ status: "invalid_root",
404
+ alias: input.alias,
405
+ baseUrl: input.baseUrl,
406
+ repoSlug: input.repoSlug,
407
+ statusCode: response.status,
408
+ message: `Remote server rejected project root ${candidate} (${response.status}): ${payloadError(response.payload, response.text || "project-root validation failed")}`
409
+ });
410
+ }
411
+ const record = response.payload && typeof response.payload === "object" && !Array.isArray(response.payload) ? response.payload : {};
412
+ if (record.ok !== true) {
413
+ return remoteProjectLinkFailure({
414
+ status: "invalid_root",
415
+ alias: input.alias,
416
+ baseUrl: input.baseUrl,
417
+ repoSlug: input.repoSlug,
418
+ message: `Remote server did not accept project root ${candidate}: ${payloadError(response.payload, "project-root validation failed")}`
419
+ });
420
+ }
421
+ const accepted = typeof record.projectRoot === "string" && record.projectRoot.trim() ? record.projectRoot.trim() : typeof record.requestedProjectRoot === "string" && record.requestedProjectRoot.trim() ? record.requestedProjectRoot.trim() : candidate;
422
+ writeRepoServerProjectRoot(input.projectRoot, accepted, { alias: input.alias, baseUrl: input.baseUrl, project: input.repoSlug });
423
+ writeProjectLinkConnection(input.projectRoot, input.repoSlug, input.alias);
424
+ const status = input.status ?? (input.prepared ? "prepared" : "backfilled");
425
+ return remoteProjectLinkSuccess({
426
+ status,
427
+ alias: input.alias,
428
+ baseUrl: input.baseUrl,
429
+ repoSlug: input.repoSlug,
430
+ serverProjectRoot: accepted,
431
+ source: input.source,
432
+ prepared: input.prepared,
433
+ validated: true,
434
+ message: status === "ready" ? `Remote project link already points to ${accepted} and was validated on ${input.alias}.` : input.prepared ? `Prepared and linked remote checkout ${accepted} for ${input.repoSlug}.` : `Backfilled remote checkout ${accepted} for ${input.repoSlug}.`
435
+ });
436
+ }
437
+ async function ensureRemoteProjectRootLink(projectRoot, options = {}) {
438
+ let selected;
439
+ try {
440
+ selected = resolveSelectedConnection(projectRoot);
441
+ } catch (error) {
442
+ return remoteProjectLinkFailure({ status: "error", message: error instanceof Error ? error.message : String(error) });
443
+ }
444
+ if (!selected || selected.connection.kind !== "remote") {
445
+ return remoteProjectLinkFailure({ status: "not_remote", message: "No remote Rig server is selected for this repo." });
446
+ }
447
+ const repo = readRepoConnection(projectRoot);
448
+ const explicitRepoRequested = options.repoSlug !== undefined;
449
+ const explicitRepoSlug = explicitRepoRequested ? normalizeRepoSlug(options.repoSlug) : null;
450
+ const repoProjectSlug = normalizeRepoSlug(repo?.project);
451
+ const repoSlug = explicitRepoSlug ?? repoProjectSlug ?? readProjectLinkSlug(projectRoot);
452
+ const alias = selected.alias;
453
+ const baseUrl = selected.connection.baseUrl;
454
+ const authToken = options.authToken === undefined ? readGitHubBearerTokenForRemote(projectRoot) : options.authToken;
455
+ const mode = options.mode ?? "backfill-only";
456
+ if (explicitRepoRequested && !explicitRepoSlug) {
457
+ return remoteProjectLinkFailure({
458
+ status: "missing_project",
459
+ alias,
460
+ baseUrl,
461
+ message: `Invalid --repo value ${JSON.stringify(options.repoSlug)}. Expected owner/repo.`
462
+ });
463
+ }
464
+ if (!repoSlug) {
465
+ return remoteProjectLinkFailure({
466
+ status: "missing_project",
467
+ alias,
468
+ baseUrl,
469
+ message: `Remote server ${alias} is selected, but this checkout has no GitHub repo slug recorded.`
470
+ });
471
+ }
472
+ const skippedCandidates = [];
473
+ const storedRoot = selected.serverProjectRoot?.trim() || null;
474
+ const storedRootMatchesResolvedRepo = repoProjectSlug === repoSlug;
475
+ if (storedRoot && storedRootMatchesResolvedRepo) {
476
+ if (localCheckoutPathCandidate(projectRoot, storedRoot)) {
477
+ clearRepoServerProjectRoot(projectRoot);
478
+ skippedCandidates.push(storedRoot);
479
+ } else {
480
+ const storedResult = await validateAndPersistRemoteRoot({
481
+ projectRoot,
482
+ alias,
483
+ baseUrl,
484
+ authToken,
485
+ repoSlug,
486
+ candidate: storedRoot,
487
+ source: "stored",
488
+ status: "ready"
489
+ });
490
+ if (storedResult.ok || storedResult.status === "auth_required" || storedResult.status === "error")
491
+ return storedResult;
492
+ clearRepoServerProjectRoot(projectRoot);
493
+ skippedCandidates.push(storedRoot);
494
+ }
495
+ } else if (storedRoot) {
496
+ skippedCandidates.push(storedRoot);
497
+ }
498
+ const authCandidate = inferRemoteServerProjectRootCandidateFromAuthState(projectRoot, repoSlug);
499
+ if (authCandidate) {
500
+ const authResult = await validateAndPersistRemoteRoot({ projectRoot, alias, baseUrl, authToken, repoSlug, candidate: authCandidate, source: "auth-state" });
501
+ if (authResult.ok || authResult.status === "auth_required")
502
+ return authResult;
503
+ }
504
+ let registryResponse;
505
+ try {
506
+ registryResponse = await requestRemoteProjectLinkJson(baseUrl, `/api/projects/${encodeURIComponent(repoSlug)}`, authToken);
507
+ } catch (error) {
508
+ return remoteProjectLinkFailure({
509
+ status: "error",
510
+ alias,
511
+ baseUrl,
512
+ repoSlug,
513
+ message: `Could not read remote project registry for ${repoSlug} on ${alias}: ${error instanceof Error ? error.message : String(error)}`
514
+ });
515
+ }
516
+ if (registryResponse.status === 401 || registryResponse.status === 403) {
517
+ return remoteProjectLinkFailure({
518
+ status: "auth_required",
519
+ alias,
520
+ baseUrl,
521
+ repoSlug,
522
+ statusCode: registryResponse.status,
523
+ message: `Remote server ${alias} requires authentication before reading the ${repoSlug} project registry.`
524
+ });
525
+ }
526
+ if (registryResponse.ok) {
527
+ const candidates = checkoutPathsFromProjectPayload(registryResponse.payload);
528
+ for (const candidate of candidates) {
529
+ const result = await validateAndPersistRemoteRoot({ projectRoot, alias, baseUrl, authToken, repoSlug, candidate, source: "registry" });
530
+ if (result.ok || result.status === "auth_required")
531
+ return result;
532
+ skippedCandidates.push(candidate);
533
+ }
534
+ if (mode === "backfill-only") {
535
+ return remoteProjectLinkFailure({
536
+ status: candidates.length > 0 ? "invalid_root" : "no_server_checkout",
537
+ alias,
538
+ baseUrl,
539
+ repoSlug,
540
+ message: candidates.length > 0 ? `Remote registry has checkout candidates for ${repoSlug}, but none validated for ${alias}.` : `Remote registry has ${repoSlug}, but no server checkout path is linked yet.`,
541
+ skippedCandidates
542
+ });
543
+ }
544
+ } else if (registryResponse.status === 404) {
545
+ if (mode === "backfill-only") {
546
+ return remoteProjectLinkFailure({
547
+ status: "project_not_registered",
548
+ alias,
549
+ baseUrl,
550
+ repoSlug,
551
+ statusCode: registryResponse.status,
552
+ message: `Remote server ${alias} has no registered project record for ${repoSlug}.`
553
+ });
554
+ }
555
+ } else {
556
+ return remoteProjectLinkFailure({
557
+ status: "error",
558
+ alias,
559
+ baseUrl,
560
+ repoSlug,
561
+ statusCode: registryResponse.status,
562
+ message: `Could not backfill ${repoSlug} from remote registry (${registryResponse.status}): ${payloadError(registryResponse.payload, registryResponse.text || "registry lookup failed")}`,
563
+ skippedCandidates
564
+ });
565
+ }
566
+ let prepareResponse;
567
+ try {
568
+ prepareResponse = await requestRemoteProjectLinkJson(baseUrl, `/api/projects/${encodeURIComponent(repoSlug)}/prepare-checkout`, authToken, {
569
+ method: "POST",
570
+ headers: { "content-type": "application/json" },
571
+ body: JSON.stringify({ checkout: { kind: "managed-clone" }, repoUrl: `https://github.com/${repoSlug}.git` })
572
+ });
573
+ } catch (error) {
574
+ return remoteProjectLinkFailure({
575
+ status: "error",
576
+ alias,
577
+ baseUrl,
578
+ repoSlug,
579
+ message: `Could not prepare remote checkout for ${repoSlug} on ${alias}: ${error instanceof Error ? error.message : String(error)}`
580
+ });
581
+ }
582
+ if (prepareResponse.status === 401 || prepareResponse.status === 403) {
583
+ return remoteProjectLinkFailure({
584
+ status: "auth_required",
585
+ alias,
586
+ baseUrl,
587
+ repoSlug,
588
+ statusCode: prepareResponse.status,
589
+ message: `Remote server ${alias} requires authentication before preparing ${repoSlug}.`
590
+ });
591
+ }
592
+ if (!prepareResponse.ok) {
593
+ return remoteProjectLinkFailure({
594
+ status: "error",
595
+ alias,
596
+ baseUrl,
597
+ repoSlug,
598
+ statusCode: prepareResponse.status,
599
+ message: `Remote checkout prepare failed for ${repoSlug} (${prepareResponse.status}): ${payloadError(prepareResponse.payload, prepareResponse.text || "prepare-checkout failed")}`,
600
+ skippedCandidates
601
+ });
602
+ }
603
+ const preparedPath = checkoutPathFromPreparePayload(prepareResponse.payload);
604
+ if (!preparedPath) {
605
+ return remoteProjectLinkFailure({
606
+ status: "invalid_root",
607
+ alias,
608
+ baseUrl,
609
+ repoSlug,
610
+ message: `Remote checkout prepare for ${repoSlug} did not return a checkout.path.`,
611
+ skippedCandidates
612
+ });
613
+ }
614
+ return validateAndPersistRemoteRoot({ projectRoot, alias, baseUrl, authToken, repoSlug, candidate: preparedPath, source: "prepare", prepared: true });
615
+ }
185
616
  async function ensureServerForCli(projectRoot) {
186
617
  try {
187
618
  const selected = resolveSelectedConnection(projectRoot);
188
619
  if (selected?.connection.kind === "remote") {
189
620
  reportServerPhase(`Connecting to ${selected.alias}\u2026`);
190
621
  const authToken = readGitHubBearerTokenForRemote(projectRoot);
191
- const serverProjectRoot = selected.serverProjectRoot ?? inferRemoteServerProjectRootFromAuthState(projectRoot) ?? await backfillRemoteServerProjectRoot(projectRoot, selected.connection.baseUrl, authToken);
622
+ const link = await ensureRemoteProjectRootLink(projectRoot, { mode: "backfill-only", authToken });
192
623
  return {
193
624
  baseUrl: selected.connection.baseUrl,
194
625
  authToken,
195
626
  connectionKind: "remote",
196
- serverProjectRoot
627
+ serverProjectRoot: link.ok ? link.serverProjectRoot ?? null : null
197
628
  };
198
629
  }
199
630
  reportServerPhase("Starting local Rig server\u2026");
@@ -211,32 +642,6 @@ async function ensureServerForCli(projectRoot) {
211
642
  throw error;
212
643
  }
213
644
  }
214
- async function backfillRemoteServerProjectRoot(projectRoot, baseUrl, authToken) {
215
- const repo = readRepoConnection(projectRoot);
216
- const slug = repo?.project?.trim();
217
- if (!slug)
218
- return null;
219
- try {
220
- const url = new URL(`${baseUrl}/api/projects/${encodeURIComponent(slug)}`);
221
- if (authToken && queryAuthFallbackEnabled())
222
- url.searchParams.set("rt", authToken);
223
- const response = await fetch(url, {
224
- headers: mergeHeaders(undefined, authToken)
225
- });
226
- if (!response.ok)
227
- return null;
228
- const payload = await response.json();
229
- const project = payload.project && typeof payload.project === "object" && !Array.isArray(payload.project) ? payload.project : null;
230
- const checkouts = Array.isArray(project?.checkouts) ? project.checkouts : [];
231
- const latestCheckout = [...checkouts].reverse().find((entry) => Boolean(entry && typeof entry === "object" && !Array.isArray(entry) && typeof entry.path === "string"));
232
- const path = typeof latestCheckout?.path === "string" && latestCheckout.path.trim() ? latestCheckout.path.trim() : null;
233
- if (path)
234
- writeRepoServerProjectRoot(projectRoot, path);
235
- return path;
236
- } catch {
237
- return null;
238
- }
239
- }
240
645
  function mergeCookie(existing, name, value) {
241
646
  const encoded = `${name}=${encodeURIComponent(value)}`;
242
647
  if (!existing?.trim())
@@ -328,13 +733,20 @@ function canUseRemoteWithoutProjectRoot(pathname) {
328
733
  async function requestServerJson(context, pathname, init = {}) {
329
734
  const server = await ensureServerForCli(context.projectRoot);
330
735
  const requestUrl = new URL(`${server.baseUrl}${pathname}`);
331
- if (server.connectionKind === "remote" && !server.serverProjectRoot && !canUseRemoteWithoutProjectRoot(requestUrl.pathname) && (server.authToken || !isLoopbackRemoteBaseUrl(server.baseUrl))) {
332
- const repo = readRepoConnection(context.projectRoot);
333
- throw new CliError(`Remote server is selected for ${repo?.project ?? "this repo"}, but this checkout has no server-host project root link.`, 1, { hint: "Run `rig init --repair` or `rig init --yes --repo owner/repo --server remote` to repair the remote project link before task/run commands." });
736
+ let scopedServerProjectRoot = server.serverProjectRoot;
737
+ if (server.connectionKind === "remote" && !scopedServerProjectRoot && !canUseRemoteWithoutProjectRoot(requestUrl.pathname) && (server.authToken || !isLoopbackRemoteBaseUrl(server.baseUrl))) {
738
+ const link = await ensureRemoteProjectRootLink(context.projectRoot, { mode: "backfill-only", authToken: server.authToken });
739
+ if (link.ok && link.serverProjectRoot) {
740
+ scopedServerProjectRoot = link.serverProjectRoot;
741
+ } else {
742
+ const repo = readRepoConnection(context.projectRoot);
743
+ const target = link.alias && link.baseUrl ? `${link.alias} (${link.baseUrl})` : server.baseUrl;
744
+ throw new CliError(`Remote server ${target} is selected for ${link.repoSlug ?? repo?.project ?? "this repo"}, but this checkout has no server-host project root link. ${link.message}`, 1, { hint: link.hint });
745
+ }
334
746
  }
335
747
  const headers = mergeHeaders(init.headers, server.authToken);
336
- if (server.serverProjectRoot)
337
- headers.set("x-rig-project-root", server.serverProjectRoot);
748
+ if (scopedServerProjectRoot)
749
+ headers.set("x-rig-project-root", scopedServerProjectRoot);
338
750
  if (server.connectionKind === "remote" && server.authToken && queryAuthFallbackEnabled()) {
339
751
  requestUrl.searchParams.set("rt", server.authToken);
340
752
  }
@@ -620,7 +1032,7 @@ function createOperatorSurface(options = {}) {
620
1032
  }
621
1033
 
622
1034
  // packages/cli/src/commands/_pi-frontend.ts
623
- import { existsSync as existsSync3, mkdirSync as mkdirSync2, mkdtempSync, readFileSync as readFileSync3, rmSync, writeFileSync as writeFileSync2 } from "fs";
1035
+ import { existsSync as existsSync3, mkdirSync as mkdirSync3, mkdtempSync, readFileSync as readFileSync3, rmSync, writeFileSync as writeFileSync3 } from "fs";
624
1036
  import { homedir as homedir2, tmpdir } from "os";
625
1037
  import { join } from "path";
626
1038
  import { main as runPiMain } from "@earendil-works/pi-coding-agent";
@@ -874,7 +1286,7 @@ function statusFromRunDetails(run) {
874
1286
  async function prepareOperatorConsole(context, runId, tempSessionDir) {
875
1287
  const server = await ensureServerForCli(context.projectRoot);
876
1288
  const localCwd = join(homedir2(), ".rig", "drones", runId.slice(0, 8));
877
- mkdirSync2(localCwd, { recursive: true });
1289
+ mkdirSync3(localCwd, { recursive: true });
878
1290
  trustDroneCwd(localCwd);
879
1291
  installRigPiTheme();
880
1292
  let sessionFileArg = [];
@@ -896,7 +1308,7 @@ async function prepareOperatorConsole(context, runId, tempSessionDir) {
896
1308
  return line;
897
1309
  }).join(`
898
1310
  `);
899
- writeFileSync2(localSessionPath, content);
1311
+ writeFileSync3(localSessionPath, content);
900
1312
  sessionFileArg = ["--session", localSessionPath];
901
1313
  }
902
1314
  } catch {}
@@ -986,12 +1398,12 @@ var RIG_PI_THEME = {
986
1398
  function trustDroneCwd(localCwd) {
987
1399
  try {
988
1400
  const agentDir = join(homedir2(), ".pi", "agent");
989
- mkdirSync2(agentDir, { recursive: true });
1401
+ mkdirSync3(agentDir, { recursive: true });
990
1402
  const trustPath = join(agentDir, "trust.json");
991
1403
  const store = existsSync3(trustPath) ? JSON.parse(readFileSync3(trustPath, "utf8")) : {};
992
1404
  if (store[localCwd] !== true) {
993
1405
  store[localCwd] = true;
994
- writeFileSync2(trustPath, `${JSON.stringify(store, null, "\t")}
1406
+ writeFileSync3(trustPath, `${JSON.stringify(store, null, "\t")}
995
1407
  `);
996
1408
  }
997
1409
  } catch {}
@@ -999,15 +1411,38 @@ function trustDroneCwd(localCwd) {
999
1411
  function installRigPiTheme() {
1000
1412
  try {
1001
1413
  const themesDir = join(homedir2(), ".pi", "agent", "themes");
1002
- mkdirSync2(themesDir, { recursive: true });
1414
+ mkdirSync3(themesDir, { recursive: true });
1003
1415
  const themePath = join(themesDir, "rig.json");
1004
1416
  const next = `${JSON.stringify(RIG_PI_THEME, null, "\t")}
1005
1417
  `;
1006
1418
  if (!existsSync3(themePath) || readFileSync3(themePath, "utf8") !== next) {
1007
- writeFileSync2(themePath, next);
1419
+ writeFileSync3(themePath, next);
1008
1420
  }
1009
1421
  } catch {}
1010
1422
  }
1423
+ async function runWithProcessExitGuard(body) {
1424
+ const realExit = process.exit;
1425
+ let exitCode = 0;
1426
+ let signalQuit = () => {};
1427
+ const quit = new Promise((resolve3) => {
1428
+ signalQuit = resolve3;
1429
+ });
1430
+ const guardedExit = (code) => {
1431
+ exitCode = typeof code === "number" ? code : 0;
1432
+ signalQuit();
1433
+ return;
1434
+ };
1435
+ process.exit = guardedExit;
1436
+ try {
1437
+ await Promise.race([Promise.resolve().then(body), quit]);
1438
+ } finally {
1439
+ process.exit = realExit;
1440
+ }
1441
+ return exitCode;
1442
+ }
1443
+ function runPiMainReturningOnQuit(args, options) {
1444
+ return runWithProcessExitGuard(() => runPiMain(args, options));
1445
+ }
1011
1446
  async function attachRunBundledPiFrontend(context, input) {
1012
1447
  const tempSessionDir = mkdtempSync(join(tmpdir(), "rig-pi-frontend-sessions-"));
1013
1448
  const { server, sessionFileArg } = await withSpinner(`Opening Pi console for run ${input.runId}\u2026`, () => prepareOperatorConsole(context, input.runId, tempSessionDir), { outputMode: context.outputMode });
@@ -1023,16 +1458,20 @@ async function attachRunBundledPiFrontend(context, input) {
1023
1458
  };
1024
1459
  let detached = false;
1025
1460
  try {
1026
- await runPiMain([
1461
+ const piArgs = [
1027
1462
  "--offline",
1028
1463
  "--no-extensions",
1029
1464
  "--no-skills",
1030
1465
  "--no-prompt-templates",
1031
1466
  "--no-context-files",
1032
1467
  ...sessionFileArg
1033
- ], {
1034
- extensionFactories: [piRigExtensionFactory]
1035
- });
1468
+ ];
1469
+ const piOptions = { extensionFactories: [piRigExtensionFactory] };
1470
+ if (input.returnOnQuit) {
1471
+ await runPiMainReturningOnQuit(piArgs, piOptions);
1472
+ } else {
1473
+ await runPiMain(piArgs, piOptions);
1474
+ }
1036
1475
  detached = true;
1037
1476
  } finally {
1038
1477
  restoreEnv();