@h-rig/cli 0.0.6-alpha.88 → 0.0.6-alpha.89

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/dist/bin/rig.js +1159 -292
  2. package/dist/src/app/board.js +462 -48
  3. package/dist/src/app-opentui/adapters/doctor.js +458 -46
  4. package/dist/src/app-opentui/adapters/family.js +670 -147
  5. package/dist/src/app-opentui/adapters/fleet.js +477 -46
  6. package/dist/src/app-opentui/adapters/inbox.js +477 -46
  7. package/dist/src/app-opentui/adapters/init.js +497 -74
  8. package/dist/src/app-opentui/adapters/inspect.js +477 -46
  9. package/dist/src/app-opentui/adapters/pi-attach.js +484 -53
  10. package/dist/src/app-opentui/adapters/run-detail.js +477 -46
  11. package/dist/src/app-opentui/adapters/server.d.ts +26 -0
  12. package/dist/src/app-opentui/adapters/server.js +676 -59
  13. package/dist/src/app-opentui/adapters/tasks.js +539 -81
  14. package/dist/src/app-opentui/autocomplete.js +4 -2
  15. package/dist/src/app-opentui/bootstrap.js +1155 -288
  16. package/dist/src/app-opentui/command-palette.js +37 -10
  17. package/dist/src/app-opentui/index.js +566 -89
  18. package/dist/src/app-opentui/intent.js +33 -8
  19. package/dist/src/app-opentui/keymap.js +43 -29
  20. package/dist/src/app-opentui/pi-host-child.js +465 -53
  21. package/dist/src/app-opentui/react/App.js +104 -44
  22. package/dist/src/app-opentui/react/ChromeHost.js +16 -4
  23. package/dist/src/app-opentui/react/launch.js +555 -88
  24. package/dist/src/app-opentui/react/nav.js +1 -1
  25. package/dist/src/app-opentui/registry.js +1062 -237
  26. package/dist/src/app-opentui/remote-link.d.ts +10 -0
  27. package/dist/src/app-opentui/remote-link.js +47 -0
  28. package/dist/src/app-opentui/runtime.js +566 -89
  29. package/dist/src/app-opentui/scenes/doctor.js +1 -1
  30. package/dist/src/app-opentui/scenes/error.js +50 -4
  31. package/dist/src/app-opentui/scenes/family.js +60 -6
  32. package/dist/src/app-opentui/scenes/fleet.js +65 -13
  33. package/dist/src/app-opentui/scenes/help.js +4 -2
  34. package/dist/src/app-opentui/scenes/init.js +12 -12
  35. package/dist/src/app-opentui/scenes/main.js +7 -7
  36. package/dist/src/app-opentui/scenes/server.js +83 -11
  37. package/dist/src/app-opentui/scenes/tasks.js +79 -16
  38. package/dist/src/app-opentui/state.js +25 -5
  39. package/dist/src/app-opentui/surface-catalog.js +4 -2
  40. package/dist/src/app-opentui/types.d.ts +1 -1
  41. package/dist/src/commands/_cli-format.d.ts +10 -1
  42. package/dist/src/commands/_cli-format.js +5 -2
  43. package/dist/src/commands/_connection-state.d.ts +11 -1
  44. package/dist/src/commands/_connection-state.js +50 -5
  45. package/dist/src/commands/_doctor-checks.js +458 -46
  46. package/dist/src/commands/_help-catalog.js +4 -2
  47. package/dist/src/commands/_json-output.js +4 -0
  48. package/dist/src/commands/_operator-view.js +465 -53
  49. package/dist/src/commands/_pi-frontend.js +465 -53
  50. package/dist/src/commands/_preflight.js +509 -72
  51. package/dist/src/commands/_server-client.d.ts +33 -0
  52. package/dist/src/commands/_server-client.js +477 -46
  53. package/dist/src/commands/_server-events.js +446 -41
  54. package/dist/src/commands/_snapshot-upload.js +460 -48
  55. package/dist/src/commands/connect.js +620 -15
  56. package/dist/src/commands/doctor.js +458 -46
  57. package/dist/src/commands/github.js +462 -50
  58. package/dist/src/commands/inbox.js +458 -46
  59. package/dist/src/commands/init.js +497 -74
  60. package/dist/src/commands/inspect.js +458 -46
  61. package/dist/src/commands/run.js +465 -53
  62. package/dist/src/commands/server.js +647 -163
  63. package/dist/src/commands/setup.js +463 -51
  64. package/dist/src/commands/stats.js +462 -48
  65. package/dist/src/commands/task-run-driver.js +464 -52
  66. package/dist/src/commands/task.js +520 -81
  67. package/dist/src/commands.js +670 -147
  68. package/dist/src/index.js +674 -147
  69. package/dist/src/launcher.js +4 -0
  70. package/package.json +8 -8
@@ -1,14 +1,14 @@
1
1
  // @bun
2
2
  // packages/cli/src/commands/_pi-frontend.ts
3
- import { existsSync as existsSync3, mkdirSync as mkdirSync2, mkdtempSync, readFileSync as readFileSync3, rmSync, writeFileSync as writeFileSync2 } from "fs";
3
+ import { existsSync as existsSync3, mkdirSync as mkdirSync3, mkdtempSync, readFileSync as readFileSync3, rmSync, writeFileSync as writeFileSync3 } from "fs";
4
4
  import { homedir as homedir2, tmpdir } from "os";
5
5
  import { join } from "path";
6
6
  import { main as runPiMain } from "@earendil-works/pi-coding-agent";
7
7
  import createPiRigExtension from "@rig/pi-rig";
8
8
 
9
9
  // packages/cli/src/commands/_server-client.ts
10
- import { existsSync as existsSync2, readFileSync as readFileSync2 } from "fs";
11
- import { resolve as resolve2 } from "path";
10
+ import { existsSync as existsSync2, mkdirSync as mkdirSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "fs";
11
+ import { dirname as dirname2, isAbsolute, resolve as resolve2 } from "path";
12
12
 
13
13
  // packages/cli/src/runner.ts
14
14
  import { EventBus } from "@rig/runtime/control-plane/runtime/events";
@@ -100,12 +100,28 @@ function readRepoConnection(projectRoot) {
100
100
  selected,
101
101
  project: typeof record.project === "string" ? record.project : undefined,
102
102
  linkedAt: typeof record.linkedAt === "string" ? record.linkedAt : undefined,
103
- serverProjectRoot: typeof record.serverProjectRoot === "string" && record.serverProjectRoot.trim() ? record.serverProjectRoot.trim() : undefined
103
+ serverProjectRoot: typeof record.serverProjectRoot === "string" && record.serverProjectRoot.trim() ? record.serverProjectRoot.trim() : undefined,
104
+ serverProjectRootAlias: typeof record.serverProjectRootAlias === "string" && record.serverProjectRootAlias.trim() ? record.serverProjectRootAlias.trim() : undefined,
105
+ serverProjectRootBaseUrl: typeof record.serverProjectRootBaseUrl === "string" && record.serverProjectRootBaseUrl.trim() ? record.serverProjectRootBaseUrl.trim().replace(/\/+$/, "") : undefined
104
106
  };
105
107
  }
106
108
  function writeRepoConnection(projectRoot, state) {
107
109
  writeJsonFile(resolveRepoConnectionPath(projectRoot), state);
108
110
  }
111
+ function rootAllowedForSelection(repo, connection) {
112
+ const root = repo.serverProjectRoot?.trim();
113
+ if (!root)
114
+ return;
115
+ if (connection.kind === "remote") {
116
+ if (repo.serverProjectRootAlias !== repo.selected)
117
+ return;
118
+ if (repo.serverProjectRootBaseUrl !== connection.baseUrl)
119
+ return;
120
+ } else if (repo.serverProjectRootAlias && repo.serverProjectRootAlias !== repo.selected) {
121
+ return;
122
+ }
123
+ return root;
124
+ }
109
125
  function resolveSelectedConnection(projectRoot, options = {}) {
110
126
  const repo = readRepoConnection(projectRoot);
111
127
  if (!repo)
@@ -117,13 +133,41 @@ function resolveSelectedConnection(projectRoot, options = {}) {
117
133
  if (!connection) {
118
134
  throw new CliError(`Selected Rig server "${repo.selected}" was not found. Run \`rig server list\` or \`rig server use local\`.`, 1);
119
135
  }
120
- return { alias: repo.selected, connection, serverProjectRoot: repo.serverProjectRoot };
136
+ return { alias: repo.selected, connection, serverProjectRoot: rootAllowedForSelection(repo, connection) };
121
137
  }
122
- function writeRepoServerProjectRoot(projectRoot, serverProjectRoot) {
138
+ function writeRepoServerProjectRoot(projectRoot, serverProjectRoot, metadata = {}) {
123
139
  const repo = readRepoConnection(projectRoot);
124
140
  if (!repo)
125
141
  return;
126
- writeRepoConnection(projectRoot, { ...repo, serverProjectRoot });
142
+ let inferred = metadata;
143
+ if (!inferred.alias || !inferred.baseUrl) {
144
+ try {
145
+ const selected = resolveSelectedConnection(projectRoot);
146
+ if (selected?.connection.kind === "remote") {
147
+ inferred = {
148
+ alias: inferred.alias ?? selected.alias,
149
+ baseUrl: inferred.baseUrl ?? selected.connection.baseUrl
150
+ };
151
+ }
152
+ } catch {}
153
+ }
154
+ writeRepoConnection(projectRoot, {
155
+ ...repo,
156
+ ...metadata.project ? { project: metadata.project } : {},
157
+ serverProjectRoot,
158
+ ...inferred.alias ? { serverProjectRootAlias: inferred.alias } : {},
159
+ ...inferred.baseUrl ? { serverProjectRootBaseUrl: inferred.baseUrl.replace(/\/+$/, "") } : {}
160
+ });
161
+ }
162
+ function clearRepoServerProjectRoot(projectRoot) {
163
+ const repo = readRepoConnection(projectRoot);
164
+ if (!repo)
165
+ return;
166
+ writeRepoConnection(projectRoot, {
167
+ selected: repo.selected,
168
+ ...repo.project ? { project: repo.project } : {},
169
+ ...repo.linkedAt ? { linkedAt: repo.linkedAt } : {}
170
+ });
127
171
  }
128
172
 
129
173
  // packages/cli/src/commands/_server-client.ts
@@ -169,11 +213,10 @@ function readStoredGitHubAuthToken(projectRoot) {
169
213
  const parsed = readRemoteAuthState(projectRoot);
170
214
  return parsed ? cleanToken(typeof parsed.token === "string" ? parsed.token : undefined) : null;
171
215
  }
172
- function inferRemoteServerProjectRootFromAuthState(projectRoot) {
173
- const repo = readRepoConnection(projectRoot);
174
- const slug = repo?.project?.trim();
175
- if (!slug || !/^[^/]+\/[^/]+$/.test(slug))
216
+ function inferRemoteServerProjectRootCandidateFromAuthState(projectRoot, repoSlug) {
217
+ if (!/^[^/]+\/[^/]+$/.test(repoSlug))
176
218
  return null;
219
+ const repo = readRepoConnection(projectRoot);
177
220
  const auth = readRemoteAuthState(projectRoot);
178
221
  const authUpdatedAt = typeof auth?.updatedAt === "string" ? Date.parse(auth.updatedAt) : Number.NaN;
179
222
  const repoLinkedAt = typeof repo?.linkedAt === "string" ? Date.parse(repo.linkedAt) : Number.NaN;
@@ -182,25 +225,413 @@ function inferRemoteServerProjectRootFromAuthState(projectRoot) {
182
225
  const checkoutBaseDir = typeof auth?.checkoutBaseDir === "string" && auth.checkoutBaseDir.trim() ? auth.checkoutBaseDir.trim() : null;
183
226
  if (!checkoutBaseDir)
184
227
  return null;
185
- const inferred = `${checkoutBaseDir.replace(/\/+$/, "")}/${slug}`;
186
- writeRepoServerProjectRoot(projectRoot, inferred);
187
- return inferred;
228
+ return `${checkoutBaseDir.replace(/\/+$/, "")}/${repoSlug}`;
188
229
  }
189
230
  function readLocalConnectionFallbackToken(projectRoot) {
190
231
  return readGitHubBearerTokenForRemote(projectRoot) ?? cleanToken(process.env.RIG_GITHUB_TOKEN) ?? readStoredGitHubAuthToken(projectRoot);
191
232
  }
233
+ function normalizeRepoSlug(value) {
234
+ const slug = value?.trim();
235
+ return slug && /^[^/\s]+\/[^/\s]+$/.test(slug) ? slug : null;
236
+ }
237
+ function readProjectLinkSlug(projectRoot) {
238
+ const path = resolve2(projectRoot, ".rig", "state", "project-link.json");
239
+ if (!existsSync2(path))
240
+ return null;
241
+ try {
242
+ const parsed = JSON.parse(readFileSync2(path, "utf8"));
243
+ if (!parsed || typeof parsed !== "object" || Array.isArray(parsed))
244
+ return null;
245
+ return normalizeRepoSlug(typeof parsed.repoSlug === "string" ? String(parsed.repoSlug) : null);
246
+ } catch {
247
+ return null;
248
+ }
249
+ }
250
+ function writeProjectLinkConnection(projectRoot, repoSlug, alias) {
251
+ const path = resolve2(projectRoot, ".rig", "state", "project-link.json");
252
+ mkdirSync2(dirname2(path), { recursive: true });
253
+ writeFileSync2(path, `${JSON.stringify({ repoSlug, connection: alias, linkedAt: new Date().toISOString() }, null, 2)}
254
+ `, "utf8");
255
+ }
256
+ function remoteLinkRepairCommand(repoSlug) {
257
+ return repoSlug ? `rig server repair-link --repo ${repoSlug}` : "rig server repair-link --repo owner/repo";
258
+ }
259
+ function formatRemoteProjectLinkHint(resolution) {
260
+ const repair = remoteLinkRepairCommand(resolution.repoSlug);
261
+ if (resolution.status === "auth_required") {
262
+ return `Authenticate the selected remote${resolution.alias ? ` (${resolution.alias})` : ""}, then run \`${repair}\`. Use \`rig github auth import-gh\` or \`rig init --repair --server remote --github-auth device${resolution.repoSlug ? ` --repo ${resolution.repoSlug}` : ""}\`.`;
263
+ }
264
+ if (resolution.status === "missing_project") {
265
+ return `Record the repo slug, then run \`${repair}\` (or \`rig init --repo owner/repo --server remote --github-auth device\`).`;
266
+ }
267
+ if (resolution.status === "not_remote")
268
+ return "Select a remote server with `rig server use <alias>` before repairing a remote project link.";
269
+ return `Run \`${repair}\` to backfill or prepare a server-host checkout for the selected remote${resolution.alias ? ` (${resolution.alias})` : ""}.`;
270
+ }
271
+ function remoteProjectLinkFailure(input) {
272
+ const partial = {
273
+ status: input.status,
274
+ alias: input.alias,
275
+ baseUrl: input.baseUrl,
276
+ repoSlug: input.repoSlug
277
+ };
278
+ return {
279
+ ok: false,
280
+ ...input,
281
+ hint: formatRemoteProjectLinkHint(partial),
282
+ next: remoteLinkRepairCommand(input.repoSlug)
283
+ };
284
+ }
285
+ function remoteProjectLinkSuccess(input) {
286
+ return {
287
+ ok: true,
288
+ status: input.status,
289
+ alias: input.alias,
290
+ baseUrl: input.baseUrl,
291
+ repoSlug: input.repoSlug,
292
+ serverProjectRoot: input.serverProjectRoot,
293
+ source: input.source,
294
+ prepared: input.prepared ?? input.status === "prepared",
295
+ validated: input.validated ?? false,
296
+ message: input.message ?? `Remote project link ready for ${input.repoSlug}.`,
297
+ hint: "Remote-scoped task/run/status requests will send x-rig-project-root for this server-host checkout.",
298
+ next: "rig task list"
299
+ };
300
+ }
301
+ function localCheckoutPathCandidate(projectRoot, candidate) {
302
+ try {
303
+ const local = resolve2(projectRoot);
304
+ const resolved = resolve2(candidate);
305
+ return resolved === local || resolved.startsWith(`${local}/`);
306
+ } catch {
307
+ return false;
308
+ }
309
+ }
310
+ async function requestRemoteProjectLinkJson(baseUrl, pathname, authToken, init = {}) {
311
+ const requestUrl = new URL(`${baseUrl}${pathname}`);
312
+ if (authToken && queryAuthFallbackEnabled())
313
+ requestUrl.searchParams.set("rt", authToken);
314
+ const response = await fetch(requestUrl, {
315
+ ...init,
316
+ headers: mergeHeaders(init.headers, authToken)
317
+ });
318
+ const text = await response.text();
319
+ const payload = text.trim().length > 0 ? (() => {
320
+ try {
321
+ return JSON.parse(text);
322
+ } catch {
323
+ return null;
324
+ }
325
+ })() : null;
326
+ return { ok: response.ok, status: response.status, payload, text };
327
+ }
328
+ function payloadError(payload, fallback) {
329
+ if (payload && typeof payload === "object" && !Array.isArray(payload)) {
330
+ const record = payload;
331
+ const value = record.error ?? record.message ?? record.reason;
332
+ if (typeof value === "string" && value.trim())
333
+ return value.trim();
334
+ }
335
+ return fallback;
336
+ }
337
+ function checkoutPathsFromProjectPayload(payload) {
338
+ if (!payload || typeof payload !== "object" || Array.isArray(payload))
339
+ return [];
340
+ const project = payload.project;
341
+ if (!project || typeof project !== "object" || Array.isArray(project))
342
+ return [];
343
+ const checkouts = project.checkouts;
344
+ if (!Array.isArray(checkouts))
345
+ return [];
346
+ return [...checkouts].reverse().flatMap((entry) => {
347
+ if (!entry || typeof entry !== "object" || Array.isArray(entry))
348
+ return [];
349
+ const path = entry.path;
350
+ return typeof path === "string" && path.trim() ? [path.trim()] : [];
351
+ });
352
+ }
353
+ function checkoutPathFromPreparePayload(payload) {
354
+ if (!payload || typeof payload !== "object" || Array.isArray(payload))
355
+ return null;
356
+ const checkout = payload.checkout;
357
+ if (!checkout || typeof checkout !== "object" || Array.isArray(checkout))
358
+ return null;
359
+ const path = checkout.path;
360
+ return typeof path === "string" && path.trim() ? path.trim() : null;
361
+ }
362
+ async function validateAndPersistRemoteRoot(input) {
363
+ const candidate = input.candidate.trim();
364
+ if (!candidate || !isAbsolute(candidate)) {
365
+ return remoteProjectLinkFailure({
366
+ status: "invalid_root",
367
+ alias: input.alias,
368
+ baseUrl: input.baseUrl,
369
+ repoSlug: input.repoSlug,
370
+ message: `Remote project root candidate is not an absolute server-host path: ${candidate || "(empty)"}.`
371
+ });
372
+ }
373
+ if (localCheckoutPathCandidate(input.projectRoot, candidate)) {
374
+ return remoteProjectLinkFailure({
375
+ status: "invalid_root",
376
+ alias: input.alias,
377
+ baseUrl: input.baseUrl,
378
+ repoSlug: input.repoSlug,
379
+ message: `Refusing to use local checkout path ${candidate} as a remote server project root.`
380
+ });
381
+ }
382
+ let response;
383
+ try {
384
+ response = await requestRemoteProjectLinkJson(input.baseUrl, "/api/server/project-root", input.authToken, {
385
+ method: "POST",
386
+ headers: { "content-type": "application/json" },
387
+ body: JSON.stringify({ projectRoot: candidate })
388
+ });
389
+ } catch (error) {
390
+ return remoteProjectLinkFailure({
391
+ status: "error",
392
+ alias: input.alias,
393
+ baseUrl: input.baseUrl,
394
+ repoSlug: input.repoSlug,
395
+ message: `Could not validate remote project root ${candidate}: ${error instanceof Error ? error.message : String(error)}`
396
+ });
397
+ }
398
+ if (response.status === 401 || response.status === 403) {
399
+ return remoteProjectLinkFailure({
400
+ status: "auth_required",
401
+ alias: input.alias,
402
+ baseUrl: input.baseUrl,
403
+ repoSlug: input.repoSlug,
404
+ statusCode: response.status,
405
+ message: `Remote server ${input.alias} requires authentication before validating project root ${candidate}.`
406
+ });
407
+ }
408
+ if (!response.ok) {
409
+ return remoteProjectLinkFailure({
410
+ status: "invalid_root",
411
+ alias: input.alias,
412
+ baseUrl: input.baseUrl,
413
+ repoSlug: input.repoSlug,
414
+ statusCode: response.status,
415
+ message: `Remote server rejected project root ${candidate} (${response.status}): ${payloadError(response.payload, response.text || "project-root validation failed")}`
416
+ });
417
+ }
418
+ const record = response.payload && typeof response.payload === "object" && !Array.isArray(response.payload) ? response.payload : {};
419
+ if (record.ok !== true) {
420
+ return remoteProjectLinkFailure({
421
+ status: "invalid_root",
422
+ alias: input.alias,
423
+ baseUrl: input.baseUrl,
424
+ repoSlug: input.repoSlug,
425
+ message: `Remote server did not accept project root ${candidate}: ${payloadError(response.payload, "project-root validation failed")}`
426
+ });
427
+ }
428
+ const accepted = typeof record.projectRoot === "string" && record.projectRoot.trim() ? record.projectRoot.trim() : typeof record.requestedProjectRoot === "string" && record.requestedProjectRoot.trim() ? record.requestedProjectRoot.trim() : candidate;
429
+ writeRepoServerProjectRoot(input.projectRoot, accepted, { alias: input.alias, baseUrl: input.baseUrl, project: input.repoSlug });
430
+ writeProjectLinkConnection(input.projectRoot, input.repoSlug, input.alias);
431
+ const status = input.status ?? (input.prepared ? "prepared" : "backfilled");
432
+ return remoteProjectLinkSuccess({
433
+ status,
434
+ alias: input.alias,
435
+ baseUrl: input.baseUrl,
436
+ repoSlug: input.repoSlug,
437
+ serverProjectRoot: accepted,
438
+ source: input.source,
439
+ prepared: input.prepared,
440
+ validated: true,
441
+ message: status === "ready" ? `Remote project link already points to ${accepted} and was validated on ${input.alias}.` : input.prepared ? `Prepared and linked remote checkout ${accepted} for ${input.repoSlug}.` : `Backfilled remote checkout ${accepted} for ${input.repoSlug}.`
442
+ });
443
+ }
444
+ async function ensureRemoteProjectRootLink(projectRoot, options = {}) {
445
+ let selected;
446
+ try {
447
+ selected = resolveSelectedConnection(projectRoot);
448
+ } catch (error) {
449
+ return remoteProjectLinkFailure({ status: "error", message: error instanceof Error ? error.message : String(error) });
450
+ }
451
+ if (!selected || selected.connection.kind !== "remote") {
452
+ return remoteProjectLinkFailure({ status: "not_remote", message: "No remote Rig server is selected for this repo." });
453
+ }
454
+ const repo = readRepoConnection(projectRoot);
455
+ const explicitRepoRequested = options.repoSlug !== undefined;
456
+ const explicitRepoSlug = explicitRepoRequested ? normalizeRepoSlug(options.repoSlug) : null;
457
+ const repoProjectSlug = normalizeRepoSlug(repo?.project);
458
+ const repoSlug = explicitRepoSlug ?? repoProjectSlug ?? readProjectLinkSlug(projectRoot);
459
+ const alias = selected.alias;
460
+ const baseUrl = selected.connection.baseUrl;
461
+ const authToken = options.authToken === undefined ? readGitHubBearerTokenForRemote(projectRoot) : options.authToken;
462
+ const mode = options.mode ?? "backfill-only";
463
+ if (explicitRepoRequested && !explicitRepoSlug) {
464
+ return remoteProjectLinkFailure({
465
+ status: "missing_project",
466
+ alias,
467
+ baseUrl,
468
+ message: `Invalid --repo value ${JSON.stringify(options.repoSlug)}. Expected owner/repo.`
469
+ });
470
+ }
471
+ if (!repoSlug) {
472
+ return remoteProjectLinkFailure({
473
+ status: "missing_project",
474
+ alias,
475
+ baseUrl,
476
+ message: `Remote server ${alias} is selected, but this checkout has no GitHub repo slug recorded.`
477
+ });
478
+ }
479
+ const skippedCandidates = [];
480
+ const storedRoot = selected.serverProjectRoot?.trim() || null;
481
+ const storedRootMatchesResolvedRepo = repoProjectSlug === repoSlug;
482
+ if (storedRoot && storedRootMatchesResolvedRepo) {
483
+ if (localCheckoutPathCandidate(projectRoot, storedRoot)) {
484
+ clearRepoServerProjectRoot(projectRoot);
485
+ skippedCandidates.push(storedRoot);
486
+ } else {
487
+ const storedResult = await validateAndPersistRemoteRoot({
488
+ projectRoot,
489
+ alias,
490
+ baseUrl,
491
+ authToken,
492
+ repoSlug,
493
+ candidate: storedRoot,
494
+ source: "stored",
495
+ status: "ready"
496
+ });
497
+ if (storedResult.ok || storedResult.status === "auth_required" || storedResult.status === "error")
498
+ return storedResult;
499
+ clearRepoServerProjectRoot(projectRoot);
500
+ skippedCandidates.push(storedRoot);
501
+ }
502
+ } else if (storedRoot) {
503
+ skippedCandidates.push(storedRoot);
504
+ }
505
+ const authCandidate = inferRemoteServerProjectRootCandidateFromAuthState(projectRoot, repoSlug);
506
+ if (authCandidate) {
507
+ const authResult = await validateAndPersistRemoteRoot({ projectRoot, alias, baseUrl, authToken, repoSlug, candidate: authCandidate, source: "auth-state" });
508
+ if (authResult.ok || authResult.status === "auth_required")
509
+ return authResult;
510
+ }
511
+ let registryResponse;
512
+ try {
513
+ registryResponse = await requestRemoteProjectLinkJson(baseUrl, `/api/projects/${encodeURIComponent(repoSlug)}`, authToken);
514
+ } catch (error) {
515
+ return remoteProjectLinkFailure({
516
+ status: "error",
517
+ alias,
518
+ baseUrl,
519
+ repoSlug,
520
+ message: `Could not read remote project registry for ${repoSlug} on ${alias}: ${error instanceof Error ? error.message : String(error)}`
521
+ });
522
+ }
523
+ if (registryResponse.status === 401 || registryResponse.status === 403) {
524
+ return remoteProjectLinkFailure({
525
+ status: "auth_required",
526
+ alias,
527
+ baseUrl,
528
+ repoSlug,
529
+ statusCode: registryResponse.status,
530
+ message: `Remote server ${alias} requires authentication before reading the ${repoSlug} project registry.`
531
+ });
532
+ }
533
+ if (registryResponse.ok) {
534
+ const candidates = checkoutPathsFromProjectPayload(registryResponse.payload);
535
+ for (const candidate of candidates) {
536
+ const result = await validateAndPersistRemoteRoot({ projectRoot, alias, baseUrl, authToken, repoSlug, candidate, source: "registry" });
537
+ if (result.ok || result.status === "auth_required")
538
+ return result;
539
+ skippedCandidates.push(candidate);
540
+ }
541
+ if (mode === "backfill-only") {
542
+ return remoteProjectLinkFailure({
543
+ status: candidates.length > 0 ? "invalid_root" : "no_server_checkout",
544
+ alias,
545
+ baseUrl,
546
+ repoSlug,
547
+ message: candidates.length > 0 ? `Remote registry has checkout candidates for ${repoSlug}, but none validated for ${alias}.` : `Remote registry has ${repoSlug}, but no server checkout path is linked yet.`,
548
+ skippedCandidates
549
+ });
550
+ }
551
+ } else if (registryResponse.status === 404) {
552
+ if (mode === "backfill-only") {
553
+ return remoteProjectLinkFailure({
554
+ status: "project_not_registered",
555
+ alias,
556
+ baseUrl,
557
+ repoSlug,
558
+ statusCode: registryResponse.status,
559
+ message: `Remote server ${alias} has no registered project record for ${repoSlug}.`
560
+ });
561
+ }
562
+ } else {
563
+ return remoteProjectLinkFailure({
564
+ status: "error",
565
+ alias,
566
+ baseUrl,
567
+ repoSlug,
568
+ statusCode: registryResponse.status,
569
+ message: `Could not backfill ${repoSlug} from remote registry (${registryResponse.status}): ${payloadError(registryResponse.payload, registryResponse.text || "registry lookup failed")}`,
570
+ skippedCandidates
571
+ });
572
+ }
573
+ let prepareResponse;
574
+ try {
575
+ prepareResponse = await requestRemoteProjectLinkJson(baseUrl, `/api/projects/${encodeURIComponent(repoSlug)}/prepare-checkout`, authToken, {
576
+ method: "POST",
577
+ headers: { "content-type": "application/json" },
578
+ body: JSON.stringify({ checkout: { kind: "managed-clone" }, repoUrl: `https://github.com/${repoSlug}.git` })
579
+ });
580
+ } catch (error) {
581
+ return remoteProjectLinkFailure({
582
+ status: "error",
583
+ alias,
584
+ baseUrl,
585
+ repoSlug,
586
+ message: `Could not prepare remote checkout for ${repoSlug} on ${alias}: ${error instanceof Error ? error.message : String(error)}`
587
+ });
588
+ }
589
+ if (prepareResponse.status === 401 || prepareResponse.status === 403) {
590
+ return remoteProjectLinkFailure({
591
+ status: "auth_required",
592
+ alias,
593
+ baseUrl,
594
+ repoSlug,
595
+ statusCode: prepareResponse.status,
596
+ message: `Remote server ${alias} requires authentication before preparing ${repoSlug}.`
597
+ });
598
+ }
599
+ if (!prepareResponse.ok) {
600
+ return remoteProjectLinkFailure({
601
+ status: "error",
602
+ alias,
603
+ baseUrl,
604
+ repoSlug,
605
+ statusCode: prepareResponse.status,
606
+ message: `Remote checkout prepare failed for ${repoSlug} (${prepareResponse.status}): ${payloadError(prepareResponse.payload, prepareResponse.text || "prepare-checkout failed")}`,
607
+ skippedCandidates
608
+ });
609
+ }
610
+ const preparedPath = checkoutPathFromPreparePayload(prepareResponse.payload);
611
+ if (!preparedPath) {
612
+ return remoteProjectLinkFailure({
613
+ status: "invalid_root",
614
+ alias,
615
+ baseUrl,
616
+ repoSlug,
617
+ message: `Remote checkout prepare for ${repoSlug} did not return a checkout.path.`,
618
+ skippedCandidates
619
+ });
620
+ }
621
+ return validateAndPersistRemoteRoot({ projectRoot, alias, baseUrl, authToken, repoSlug, candidate: preparedPath, source: "prepare", prepared: true });
622
+ }
192
623
  async function ensureServerForCli(projectRoot) {
193
624
  try {
194
625
  const selected = resolveSelectedConnection(projectRoot);
195
626
  if (selected?.connection.kind === "remote") {
196
627
  reportServerPhase(`Connecting to ${selected.alias}\u2026`);
197
628
  const authToken = readGitHubBearerTokenForRemote(projectRoot);
198
- const serverProjectRoot = selected.serverProjectRoot ?? inferRemoteServerProjectRootFromAuthState(projectRoot) ?? await backfillRemoteServerProjectRoot(projectRoot, selected.connection.baseUrl, authToken);
629
+ const link = await ensureRemoteProjectRootLink(projectRoot, { mode: "backfill-only", authToken });
199
630
  return {
200
631
  baseUrl: selected.connection.baseUrl,
201
632
  authToken,
202
633
  connectionKind: "remote",
203
- serverProjectRoot
634
+ serverProjectRoot: link.ok ? link.serverProjectRoot ?? null : null
204
635
  };
205
636
  }
206
637
  reportServerPhase("Starting local Rig server\u2026");
@@ -218,32 +649,6 @@ async function ensureServerForCli(projectRoot) {
218
649
  throw error;
219
650
  }
220
651
  }
221
- async function backfillRemoteServerProjectRoot(projectRoot, baseUrl, authToken) {
222
- const repo = readRepoConnection(projectRoot);
223
- const slug = repo?.project?.trim();
224
- if (!slug)
225
- return null;
226
- try {
227
- const url = new URL(`${baseUrl}/api/projects/${encodeURIComponent(slug)}`);
228
- if (authToken && queryAuthFallbackEnabled())
229
- url.searchParams.set("rt", authToken);
230
- const response = await fetch(url, {
231
- headers: mergeHeaders(undefined, authToken)
232
- });
233
- if (!response.ok)
234
- return null;
235
- const payload = await response.json();
236
- const project = payload.project && typeof payload.project === "object" && !Array.isArray(payload.project) ? payload.project : null;
237
- const checkouts = Array.isArray(project?.checkouts) ? project.checkouts : [];
238
- const latestCheckout = [...checkouts].reverse().find((entry) => Boolean(entry && typeof entry === "object" && !Array.isArray(entry) && typeof entry.path === "string"));
239
- const path = typeof latestCheckout?.path === "string" && latestCheckout.path.trim() ? latestCheckout.path.trim() : null;
240
- if (path)
241
- writeRepoServerProjectRoot(projectRoot, path);
242
- return path;
243
- } catch {
244
- return null;
245
- }
246
- }
247
652
  function mergeCookie(existing, name, value) {
248
653
  const encoded = `${name}=${encodeURIComponent(value)}`;
249
654
  if (!existing?.trim())
@@ -335,13 +740,20 @@ function canUseRemoteWithoutProjectRoot(pathname) {
335
740
  async function requestServerJson(context, pathname, init = {}) {
336
741
  const server = await ensureServerForCli(context.projectRoot);
337
742
  const requestUrl = new URL(`${server.baseUrl}${pathname}`);
338
- if (server.connectionKind === "remote" && !server.serverProjectRoot && !canUseRemoteWithoutProjectRoot(requestUrl.pathname) && (server.authToken || !isLoopbackRemoteBaseUrl(server.baseUrl))) {
339
- const repo = readRepoConnection(context.projectRoot);
340
- throw new CliError(`Remote server is selected for ${repo?.project ?? "this repo"}, but this checkout has no server-host project root link.`, 1, { hint: "Run `rig init --repair` or `rig init --yes --repo owner/repo --server remote` to repair the remote project link before task/run commands." });
743
+ let scopedServerProjectRoot = server.serverProjectRoot;
744
+ if (server.connectionKind === "remote" && !scopedServerProjectRoot && !canUseRemoteWithoutProjectRoot(requestUrl.pathname) && (server.authToken || !isLoopbackRemoteBaseUrl(server.baseUrl))) {
745
+ const link = await ensureRemoteProjectRootLink(context.projectRoot, { mode: "backfill-only", authToken: server.authToken });
746
+ if (link.ok && link.serverProjectRoot) {
747
+ scopedServerProjectRoot = link.serverProjectRoot;
748
+ } else {
749
+ const repo = readRepoConnection(context.projectRoot);
750
+ const target = link.alias && link.baseUrl ? `${link.alias} (${link.baseUrl})` : server.baseUrl;
751
+ throw new CliError(`Remote server ${target} is selected for ${link.repoSlug ?? repo?.project ?? "this repo"}, but this checkout has no server-host project root link. ${link.message}`, 1, { hint: link.hint });
752
+ }
341
753
  }
342
754
  const headers = mergeHeaders(init.headers, server.authToken);
343
- if (server.serverProjectRoot)
344
- headers.set("x-rig-project-root", server.serverProjectRoot);
755
+ if (scopedServerProjectRoot)
756
+ headers.set("x-rig-project-root", scopedServerProjectRoot);
345
757
  if (server.connectionKind === "remote" && server.authToken && queryAuthFallbackEnabled()) {
346
758
  requestUrl.searchParams.set("rt", server.authToken);
347
759
  }
@@ -640,7 +1052,7 @@ function statusFromRunDetails(run) {
640
1052
  async function prepareOperatorConsole(context, runId, tempSessionDir) {
641
1053
  const server = await ensureServerForCli(context.projectRoot);
642
1054
  const localCwd = join(homedir2(), ".rig", "drones", runId.slice(0, 8));
643
- mkdirSync2(localCwd, { recursive: true });
1055
+ mkdirSync3(localCwd, { recursive: true });
644
1056
  trustDroneCwd(localCwd);
645
1057
  installRigPiTheme();
646
1058
  let sessionFileArg = [];
@@ -662,7 +1074,7 @@ async function prepareOperatorConsole(context, runId, tempSessionDir) {
662
1074
  return line;
663
1075
  }).join(`
664
1076
  `);
665
- writeFileSync2(localSessionPath, content);
1077
+ writeFileSync3(localSessionPath, content);
666
1078
  sessionFileArg = ["--session", localSessionPath];
667
1079
  }
668
1080
  } catch {}
@@ -752,12 +1164,12 @@ var RIG_PI_THEME = {
752
1164
  function trustDroneCwd(localCwd) {
753
1165
  try {
754
1166
  const agentDir = join(homedir2(), ".pi", "agent");
755
- mkdirSync2(agentDir, { recursive: true });
1167
+ mkdirSync3(agentDir, { recursive: true });
756
1168
  const trustPath = join(agentDir, "trust.json");
757
1169
  const store = existsSync3(trustPath) ? JSON.parse(readFileSync3(trustPath, "utf8")) : {};
758
1170
  if (store[localCwd] !== true) {
759
1171
  store[localCwd] = true;
760
- writeFileSync2(trustPath, `${JSON.stringify(store, null, "\t")}
1172
+ writeFileSync3(trustPath, `${JSON.stringify(store, null, "\t")}
761
1173
  `);
762
1174
  }
763
1175
  } catch {}
@@ -765,12 +1177,12 @@ function trustDroneCwd(localCwd) {
765
1177
  function installRigPiTheme() {
766
1178
  try {
767
1179
  const themesDir = join(homedir2(), ".pi", "agent", "themes");
768
- mkdirSync2(themesDir, { recursive: true });
1180
+ mkdirSync3(themesDir, { recursive: true });
769
1181
  const themePath = join(themesDir, "rig.json");
770
1182
  const next = `${JSON.stringify(RIG_PI_THEME, null, "\t")}
771
1183
  `;
772
1184
  if (!existsSync3(themePath) || readFileSync3(themePath, "utf8") !== next) {
773
- writeFileSync2(themePath, next);
1185
+ writeFileSync3(themePath, next);
774
1186
  }
775
1187
  } catch {}
776
1188
  }