@h-rig/cli 0.0.6-alpha.88 → 0.0.6-alpha.89

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/dist/bin/rig.js +1159 -292
  2. package/dist/src/app/board.js +462 -48
  3. package/dist/src/app-opentui/adapters/doctor.js +458 -46
  4. package/dist/src/app-opentui/adapters/family.js +670 -147
  5. package/dist/src/app-opentui/adapters/fleet.js +477 -46
  6. package/dist/src/app-opentui/adapters/inbox.js +477 -46
  7. package/dist/src/app-opentui/adapters/init.js +497 -74
  8. package/dist/src/app-opentui/adapters/inspect.js +477 -46
  9. package/dist/src/app-opentui/adapters/pi-attach.js +484 -53
  10. package/dist/src/app-opentui/adapters/run-detail.js +477 -46
  11. package/dist/src/app-opentui/adapters/server.d.ts +26 -0
  12. package/dist/src/app-opentui/adapters/server.js +676 -59
  13. package/dist/src/app-opentui/adapters/tasks.js +539 -81
  14. package/dist/src/app-opentui/autocomplete.js +4 -2
  15. package/dist/src/app-opentui/bootstrap.js +1155 -288
  16. package/dist/src/app-opentui/command-palette.js +37 -10
  17. package/dist/src/app-opentui/index.js +566 -89
  18. package/dist/src/app-opentui/intent.js +33 -8
  19. package/dist/src/app-opentui/keymap.js +43 -29
  20. package/dist/src/app-opentui/pi-host-child.js +465 -53
  21. package/dist/src/app-opentui/react/App.js +104 -44
  22. package/dist/src/app-opentui/react/ChromeHost.js +16 -4
  23. package/dist/src/app-opentui/react/launch.js +555 -88
  24. package/dist/src/app-opentui/react/nav.js +1 -1
  25. package/dist/src/app-opentui/registry.js +1062 -237
  26. package/dist/src/app-opentui/remote-link.d.ts +10 -0
  27. package/dist/src/app-opentui/remote-link.js +47 -0
  28. package/dist/src/app-opentui/runtime.js +566 -89
  29. package/dist/src/app-opentui/scenes/doctor.js +1 -1
  30. package/dist/src/app-opentui/scenes/error.js +50 -4
  31. package/dist/src/app-opentui/scenes/family.js +60 -6
  32. package/dist/src/app-opentui/scenes/fleet.js +65 -13
  33. package/dist/src/app-opentui/scenes/help.js +4 -2
  34. package/dist/src/app-opentui/scenes/init.js +12 -12
  35. package/dist/src/app-opentui/scenes/main.js +7 -7
  36. package/dist/src/app-opentui/scenes/server.js +83 -11
  37. package/dist/src/app-opentui/scenes/tasks.js +79 -16
  38. package/dist/src/app-opentui/state.js +25 -5
  39. package/dist/src/app-opentui/surface-catalog.js +4 -2
  40. package/dist/src/app-opentui/types.d.ts +1 -1
  41. package/dist/src/commands/_cli-format.d.ts +10 -1
  42. package/dist/src/commands/_cli-format.js +5 -2
  43. package/dist/src/commands/_connection-state.d.ts +11 -1
  44. package/dist/src/commands/_connection-state.js +50 -5
  45. package/dist/src/commands/_doctor-checks.js +458 -46
  46. package/dist/src/commands/_help-catalog.js +4 -2
  47. package/dist/src/commands/_json-output.js +4 -0
  48. package/dist/src/commands/_operator-view.js +465 -53
  49. package/dist/src/commands/_pi-frontend.js +465 -53
  50. package/dist/src/commands/_preflight.js +509 -72
  51. package/dist/src/commands/_server-client.d.ts +33 -0
  52. package/dist/src/commands/_server-client.js +477 -46
  53. package/dist/src/commands/_server-events.js +446 -41
  54. package/dist/src/commands/_snapshot-upload.js +460 -48
  55. package/dist/src/commands/connect.js +620 -15
  56. package/dist/src/commands/doctor.js +458 -46
  57. package/dist/src/commands/github.js +462 -50
  58. package/dist/src/commands/inbox.js +458 -46
  59. package/dist/src/commands/init.js +497 -74
  60. package/dist/src/commands/inspect.js +458 -46
  61. package/dist/src/commands/run.js +465 -53
  62. package/dist/src/commands/server.js +647 -163
  63. package/dist/src/commands/setup.js +463 -51
  64. package/dist/src/commands/stats.js +462 -48
  65. package/dist/src/commands/task-run-driver.js +464 -52
  66. package/dist/src/commands/task.js +520 -81
  67. package/dist/src/commands.js +670 -147
  68. package/dist/src/index.js +674 -147
  69. package/dist/src/launcher.js +4 -0
  70. package/package.json +8 -8
@@ -1,8 +1,8 @@
1
1
  // @bun
2
2
  // packages/cli/src/commands/github.ts
3
3
  import { spawnSync } from "child_process";
4
- import { mkdirSync as mkdirSync2, writeFileSync as writeFileSync2 } from "fs";
5
- import { dirname as dirname2, resolve as resolve3 } from "path";
4
+ import { mkdirSync as mkdirSync3, writeFileSync as writeFileSync3 } from "fs";
5
+ import { dirname as dirname3, resolve as resolve3 } from "path";
6
6
 
7
7
  // packages/cli/src/runner.ts
8
8
  import { EventBus } from "@rig/runtime/control-plane/runtime/events";
@@ -41,8 +41,8 @@ function takeOption(args, option) {
41
41
  }
42
42
 
43
43
  // packages/cli/src/commands/_server-client.ts
44
- import { existsSync as existsSync2, readFileSync as readFileSync2 } from "fs";
45
- import { resolve as resolve2 } from "path";
44
+ import { existsSync as existsSync2, mkdirSync as mkdirSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "fs";
45
+ import { dirname as dirname2, isAbsolute, resolve as resolve2 } from "path";
46
46
  import { ensureLocalRigServerConnection } from "@rig/runtime/local-server";
47
47
 
48
48
  // packages/cli/src/commands/_connection-state.ts
@@ -116,12 +116,28 @@ function readRepoConnection(projectRoot) {
116
116
  selected,
117
117
  project: typeof record.project === "string" ? record.project : undefined,
118
118
  linkedAt: typeof record.linkedAt === "string" ? record.linkedAt : undefined,
119
- serverProjectRoot: typeof record.serverProjectRoot === "string" && record.serverProjectRoot.trim() ? record.serverProjectRoot.trim() : undefined
119
+ serverProjectRoot: typeof record.serverProjectRoot === "string" && record.serverProjectRoot.trim() ? record.serverProjectRoot.trim() : undefined,
120
+ serverProjectRootAlias: typeof record.serverProjectRootAlias === "string" && record.serverProjectRootAlias.trim() ? record.serverProjectRootAlias.trim() : undefined,
121
+ serverProjectRootBaseUrl: typeof record.serverProjectRootBaseUrl === "string" && record.serverProjectRootBaseUrl.trim() ? record.serverProjectRootBaseUrl.trim().replace(/\/+$/, "") : undefined
120
122
  };
121
123
  }
122
124
  function writeRepoConnection(projectRoot, state) {
123
125
  writeJsonFile(resolveRepoConnectionPath(projectRoot), state);
124
126
  }
127
+ function rootAllowedForSelection(repo, connection) {
128
+ const root = repo.serverProjectRoot?.trim();
129
+ if (!root)
130
+ return;
131
+ if (connection.kind === "remote") {
132
+ if (repo.serverProjectRootAlias !== repo.selected)
133
+ return;
134
+ if (repo.serverProjectRootBaseUrl !== connection.baseUrl)
135
+ return;
136
+ } else if (repo.serverProjectRootAlias && repo.serverProjectRootAlias !== repo.selected) {
137
+ return;
138
+ }
139
+ return root;
140
+ }
125
141
  function resolveSelectedConnection(projectRoot, options = {}) {
126
142
  const repo = readRepoConnection(projectRoot);
127
143
  if (!repo)
@@ -133,13 +149,41 @@ function resolveSelectedConnection(projectRoot, options = {}) {
133
149
  if (!connection) {
134
150
  throw new CliError(`Selected Rig server "${repo.selected}" was not found. Run \`rig server list\` or \`rig server use local\`.`, 1);
135
151
  }
136
- return { alias: repo.selected, connection, serverProjectRoot: repo.serverProjectRoot };
152
+ return { alias: repo.selected, connection, serverProjectRoot: rootAllowedForSelection(repo, connection) };
153
+ }
154
+ function writeRepoServerProjectRoot(projectRoot, serverProjectRoot, metadata = {}) {
155
+ const repo = readRepoConnection(projectRoot);
156
+ if (!repo)
157
+ return;
158
+ let inferred = metadata;
159
+ if (!inferred.alias || !inferred.baseUrl) {
160
+ try {
161
+ const selected = resolveSelectedConnection(projectRoot);
162
+ if (selected?.connection.kind === "remote") {
163
+ inferred = {
164
+ alias: inferred.alias ?? selected.alias,
165
+ baseUrl: inferred.baseUrl ?? selected.connection.baseUrl
166
+ };
167
+ }
168
+ } catch {}
169
+ }
170
+ writeRepoConnection(projectRoot, {
171
+ ...repo,
172
+ ...metadata.project ? { project: metadata.project } : {},
173
+ serverProjectRoot,
174
+ ...inferred.alias ? { serverProjectRootAlias: inferred.alias } : {},
175
+ ...inferred.baseUrl ? { serverProjectRootBaseUrl: inferred.baseUrl.replace(/\/+$/, "") } : {}
176
+ });
137
177
  }
138
- function writeRepoServerProjectRoot(projectRoot, serverProjectRoot) {
178
+ function clearRepoServerProjectRoot(projectRoot) {
139
179
  const repo = readRepoConnection(projectRoot);
140
180
  if (!repo)
141
181
  return;
142
- writeRepoConnection(projectRoot, { ...repo, serverProjectRoot });
182
+ writeRepoConnection(projectRoot, {
183
+ selected: repo.selected,
184
+ ...repo.project ? { project: repo.project } : {},
185
+ ...repo.linkedAt ? { linkedAt: repo.linkedAt } : {}
186
+ });
143
187
  }
144
188
 
145
189
  // packages/cli/src/commands/_server-client.ts
@@ -189,11 +233,10 @@ function readStoredGitHubAuthToken(projectRoot) {
189
233
  const parsed = readRemoteAuthState(projectRoot);
190
234
  return parsed ? cleanToken(typeof parsed.token === "string" ? parsed.token : undefined) : null;
191
235
  }
192
- function inferRemoteServerProjectRootFromAuthState(projectRoot) {
193
- const repo = readRepoConnection(projectRoot);
194
- const slug = repo?.project?.trim();
195
- if (!slug || !/^[^/]+\/[^/]+$/.test(slug))
236
+ function inferRemoteServerProjectRootCandidateFromAuthState(projectRoot, repoSlug) {
237
+ if (!/^[^/]+\/[^/]+$/.test(repoSlug))
196
238
  return null;
239
+ const repo = readRepoConnection(projectRoot);
197
240
  const auth = readRemoteAuthState(projectRoot);
198
241
  const authUpdatedAt = typeof auth?.updatedAt === "string" ? Date.parse(auth.updatedAt) : Number.NaN;
199
242
  const repoLinkedAt = typeof repo?.linkedAt === "string" ? Date.parse(repo.linkedAt) : Number.NaN;
@@ -202,25 +245,413 @@ function inferRemoteServerProjectRootFromAuthState(projectRoot) {
202
245
  const checkoutBaseDir = typeof auth?.checkoutBaseDir === "string" && auth.checkoutBaseDir.trim() ? auth.checkoutBaseDir.trim() : null;
203
246
  if (!checkoutBaseDir)
204
247
  return null;
205
- const inferred = `${checkoutBaseDir.replace(/\/+$/, "")}/${slug}`;
206
- writeRepoServerProjectRoot(projectRoot, inferred);
207
- return inferred;
248
+ return `${checkoutBaseDir.replace(/\/+$/, "")}/${repoSlug}`;
208
249
  }
209
250
  function readLocalConnectionFallbackToken(projectRoot) {
210
251
  return readGitHubBearerTokenForRemote(projectRoot) ?? cleanToken(process.env.RIG_GITHUB_TOKEN) ?? readStoredGitHubAuthToken(projectRoot);
211
252
  }
253
+ function normalizeRepoSlug(value) {
254
+ const slug = value?.trim();
255
+ return slug && /^[^/\s]+\/[^/\s]+$/.test(slug) ? slug : null;
256
+ }
257
+ function readProjectLinkSlug(projectRoot) {
258
+ const path = resolve2(projectRoot, ".rig", "state", "project-link.json");
259
+ if (!existsSync2(path))
260
+ return null;
261
+ try {
262
+ const parsed = JSON.parse(readFileSync2(path, "utf8"));
263
+ if (!parsed || typeof parsed !== "object" || Array.isArray(parsed))
264
+ return null;
265
+ return normalizeRepoSlug(typeof parsed.repoSlug === "string" ? String(parsed.repoSlug) : null);
266
+ } catch {
267
+ return null;
268
+ }
269
+ }
270
+ function writeProjectLinkConnection(projectRoot, repoSlug, alias) {
271
+ const path = resolve2(projectRoot, ".rig", "state", "project-link.json");
272
+ mkdirSync2(dirname2(path), { recursive: true });
273
+ writeFileSync2(path, `${JSON.stringify({ repoSlug, connection: alias, linkedAt: new Date().toISOString() }, null, 2)}
274
+ `, "utf8");
275
+ }
276
+ function remoteLinkRepairCommand(repoSlug) {
277
+ return repoSlug ? `rig server repair-link --repo ${repoSlug}` : "rig server repair-link --repo owner/repo";
278
+ }
279
+ function formatRemoteProjectLinkHint(resolution) {
280
+ const repair = remoteLinkRepairCommand(resolution.repoSlug);
281
+ if (resolution.status === "auth_required") {
282
+ return `Authenticate the selected remote${resolution.alias ? ` (${resolution.alias})` : ""}, then run \`${repair}\`. Use \`rig github auth import-gh\` or \`rig init --repair --server remote --github-auth device${resolution.repoSlug ? ` --repo ${resolution.repoSlug}` : ""}\`.`;
283
+ }
284
+ if (resolution.status === "missing_project") {
285
+ return `Record the repo slug, then run \`${repair}\` (or \`rig init --repo owner/repo --server remote --github-auth device\`).`;
286
+ }
287
+ if (resolution.status === "not_remote")
288
+ return "Select a remote server with `rig server use <alias>` before repairing a remote project link.";
289
+ return `Run \`${repair}\` to backfill or prepare a server-host checkout for the selected remote${resolution.alias ? ` (${resolution.alias})` : ""}.`;
290
+ }
291
+ function remoteProjectLinkFailure(input) {
292
+ const partial = {
293
+ status: input.status,
294
+ alias: input.alias,
295
+ baseUrl: input.baseUrl,
296
+ repoSlug: input.repoSlug
297
+ };
298
+ return {
299
+ ok: false,
300
+ ...input,
301
+ hint: formatRemoteProjectLinkHint(partial),
302
+ next: remoteLinkRepairCommand(input.repoSlug)
303
+ };
304
+ }
305
+ function remoteProjectLinkSuccess(input) {
306
+ return {
307
+ ok: true,
308
+ status: input.status,
309
+ alias: input.alias,
310
+ baseUrl: input.baseUrl,
311
+ repoSlug: input.repoSlug,
312
+ serverProjectRoot: input.serverProjectRoot,
313
+ source: input.source,
314
+ prepared: input.prepared ?? input.status === "prepared",
315
+ validated: input.validated ?? false,
316
+ message: input.message ?? `Remote project link ready for ${input.repoSlug}.`,
317
+ hint: "Remote-scoped task/run/status requests will send x-rig-project-root for this server-host checkout.",
318
+ next: "rig task list"
319
+ };
320
+ }
321
+ function localCheckoutPathCandidate(projectRoot, candidate) {
322
+ try {
323
+ const local = resolve2(projectRoot);
324
+ const resolved = resolve2(candidate);
325
+ return resolved === local || resolved.startsWith(`${local}/`);
326
+ } catch {
327
+ return false;
328
+ }
329
+ }
330
+ async function requestRemoteProjectLinkJson(baseUrl, pathname, authToken, init = {}) {
331
+ const requestUrl = new URL(`${baseUrl}${pathname}`);
332
+ if (authToken && queryAuthFallbackEnabled())
333
+ requestUrl.searchParams.set("rt", authToken);
334
+ const response = await fetch(requestUrl, {
335
+ ...init,
336
+ headers: mergeHeaders(init.headers, authToken)
337
+ });
338
+ const text = await response.text();
339
+ const payload = text.trim().length > 0 ? (() => {
340
+ try {
341
+ return JSON.parse(text);
342
+ } catch {
343
+ return null;
344
+ }
345
+ })() : null;
346
+ return { ok: response.ok, status: response.status, payload, text };
347
+ }
348
+ function payloadError(payload, fallback) {
349
+ if (payload && typeof payload === "object" && !Array.isArray(payload)) {
350
+ const record = payload;
351
+ const value = record.error ?? record.message ?? record.reason;
352
+ if (typeof value === "string" && value.trim())
353
+ return value.trim();
354
+ }
355
+ return fallback;
356
+ }
357
+ function checkoutPathsFromProjectPayload(payload) {
358
+ if (!payload || typeof payload !== "object" || Array.isArray(payload))
359
+ return [];
360
+ const project = payload.project;
361
+ if (!project || typeof project !== "object" || Array.isArray(project))
362
+ return [];
363
+ const checkouts = project.checkouts;
364
+ if (!Array.isArray(checkouts))
365
+ return [];
366
+ return [...checkouts].reverse().flatMap((entry) => {
367
+ if (!entry || typeof entry !== "object" || Array.isArray(entry))
368
+ return [];
369
+ const path = entry.path;
370
+ return typeof path === "string" && path.trim() ? [path.trim()] : [];
371
+ });
372
+ }
373
+ function checkoutPathFromPreparePayload(payload) {
374
+ if (!payload || typeof payload !== "object" || Array.isArray(payload))
375
+ return null;
376
+ const checkout = payload.checkout;
377
+ if (!checkout || typeof checkout !== "object" || Array.isArray(checkout))
378
+ return null;
379
+ const path = checkout.path;
380
+ return typeof path === "string" && path.trim() ? path.trim() : null;
381
+ }
382
+ async function validateAndPersistRemoteRoot(input) {
383
+ const candidate = input.candidate.trim();
384
+ if (!candidate || !isAbsolute(candidate)) {
385
+ return remoteProjectLinkFailure({
386
+ status: "invalid_root",
387
+ alias: input.alias,
388
+ baseUrl: input.baseUrl,
389
+ repoSlug: input.repoSlug,
390
+ message: `Remote project root candidate is not an absolute server-host path: ${candidate || "(empty)"}.`
391
+ });
392
+ }
393
+ if (localCheckoutPathCandidate(input.projectRoot, candidate)) {
394
+ return remoteProjectLinkFailure({
395
+ status: "invalid_root",
396
+ alias: input.alias,
397
+ baseUrl: input.baseUrl,
398
+ repoSlug: input.repoSlug,
399
+ message: `Refusing to use local checkout path ${candidate} as a remote server project root.`
400
+ });
401
+ }
402
+ let response;
403
+ try {
404
+ response = await requestRemoteProjectLinkJson(input.baseUrl, "/api/server/project-root", input.authToken, {
405
+ method: "POST",
406
+ headers: { "content-type": "application/json" },
407
+ body: JSON.stringify({ projectRoot: candidate })
408
+ });
409
+ } catch (error) {
410
+ return remoteProjectLinkFailure({
411
+ status: "error",
412
+ alias: input.alias,
413
+ baseUrl: input.baseUrl,
414
+ repoSlug: input.repoSlug,
415
+ message: `Could not validate remote project root ${candidate}: ${error instanceof Error ? error.message : String(error)}`
416
+ });
417
+ }
418
+ if (response.status === 401 || response.status === 403) {
419
+ return remoteProjectLinkFailure({
420
+ status: "auth_required",
421
+ alias: input.alias,
422
+ baseUrl: input.baseUrl,
423
+ repoSlug: input.repoSlug,
424
+ statusCode: response.status,
425
+ message: `Remote server ${input.alias} requires authentication before validating project root ${candidate}.`
426
+ });
427
+ }
428
+ if (!response.ok) {
429
+ return remoteProjectLinkFailure({
430
+ status: "invalid_root",
431
+ alias: input.alias,
432
+ baseUrl: input.baseUrl,
433
+ repoSlug: input.repoSlug,
434
+ statusCode: response.status,
435
+ message: `Remote server rejected project root ${candidate} (${response.status}): ${payloadError(response.payload, response.text || "project-root validation failed")}`
436
+ });
437
+ }
438
+ const record = response.payload && typeof response.payload === "object" && !Array.isArray(response.payload) ? response.payload : {};
439
+ if (record.ok !== true) {
440
+ return remoteProjectLinkFailure({
441
+ status: "invalid_root",
442
+ alias: input.alias,
443
+ baseUrl: input.baseUrl,
444
+ repoSlug: input.repoSlug,
445
+ message: `Remote server did not accept project root ${candidate}: ${payloadError(response.payload, "project-root validation failed")}`
446
+ });
447
+ }
448
+ const accepted = typeof record.projectRoot === "string" && record.projectRoot.trim() ? record.projectRoot.trim() : typeof record.requestedProjectRoot === "string" && record.requestedProjectRoot.trim() ? record.requestedProjectRoot.trim() : candidate;
449
+ writeRepoServerProjectRoot(input.projectRoot, accepted, { alias: input.alias, baseUrl: input.baseUrl, project: input.repoSlug });
450
+ writeProjectLinkConnection(input.projectRoot, input.repoSlug, input.alias);
451
+ const status = input.status ?? (input.prepared ? "prepared" : "backfilled");
452
+ return remoteProjectLinkSuccess({
453
+ status,
454
+ alias: input.alias,
455
+ baseUrl: input.baseUrl,
456
+ repoSlug: input.repoSlug,
457
+ serverProjectRoot: accepted,
458
+ source: input.source,
459
+ prepared: input.prepared,
460
+ validated: true,
461
+ message: status === "ready" ? `Remote project link already points to ${accepted} and was validated on ${input.alias}.` : input.prepared ? `Prepared and linked remote checkout ${accepted} for ${input.repoSlug}.` : `Backfilled remote checkout ${accepted} for ${input.repoSlug}.`
462
+ });
463
+ }
464
+ async function ensureRemoteProjectRootLink(projectRoot, options = {}) {
465
+ let selected;
466
+ try {
467
+ selected = resolveSelectedConnection(projectRoot);
468
+ } catch (error) {
469
+ return remoteProjectLinkFailure({ status: "error", message: error instanceof Error ? error.message : String(error) });
470
+ }
471
+ if (!selected || selected.connection.kind !== "remote") {
472
+ return remoteProjectLinkFailure({ status: "not_remote", message: "No remote Rig server is selected for this repo." });
473
+ }
474
+ const repo = readRepoConnection(projectRoot);
475
+ const explicitRepoRequested = options.repoSlug !== undefined;
476
+ const explicitRepoSlug = explicitRepoRequested ? normalizeRepoSlug(options.repoSlug) : null;
477
+ const repoProjectSlug = normalizeRepoSlug(repo?.project);
478
+ const repoSlug = explicitRepoSlug ?? repoProjectSlug ?? readProjectLinkSlug(projectRoot);
479
+ const alias = selected.alias;
480
+ const baseUrl = selected.connection.baseUrl;
481
+ const authToken = options.authToken === undefined ? readGitHubBearerTokenForRemote(projectRoot) : options.authToken;
482
+ const mode = options.mode ?? "backfill-only";
483
+ if (explicitRepoRequested && !explicitRepoSlug) {
484
+ return remoteProjectLinkFailure({
485
+ status: "missing_project",
486
+ alias,
487
+ baseUrl,
488
+ message: `Invalid --repo value ${JSON.stringify(options.repoSlug)}. Expected owner/repo.`
489
+ });
490
+ }
491
+ if (!repoSlug) {
492
+ return remoteProjectLinkFailure({
493
+ status: "missing_project",
494
+ alias,
495
+ baseUrl,
496
+ message: `Remote server ${alias} is selected, but this checkout has no GitHub repo slug recorded.`
497
+ });
498
+ }
499
+ const skippedCandidates = [];
500
+ const storedRoot = selected.serverProjectRoot?.trim() || null;
501
+ const storedRootMatchesResolvedRepo = repoProjectSlug === repoSlug;
502
+ if (storedRoot && storedRootMatchesResolvedRepo) {
503
+ if (localCheckoutPathCandidate(projectRoot, storedRoot)) {
504
+ clearRepoServerProjectRoot(projectRoot);
505
+ skippedCandidates.push(storedRoot);
506
+ } else {
507
+ const storedResult = await validateAndPersistRemoteRoot({
508
+ projectRoot,
509
+ alias,
510
+ baseUrl,
511
+ authToken,
512
+ repoSlug,
513
+ candidate: storedRoot,
514
+ source: "stored",
515
+ status: "ready"
516
+ });
517
+ if (storedResult.ok || storedResult.status === "auth_required" || storedResult.status === "error")
518
+ return storedResult;
519
+ clearRepoServerProjectRoot(projectRoot);
520
+ skippedCandidates.push(storedRoot);
521
+ }
522
+ } else if (storedRoot) {
523
+ skippedCandidates.push(storedRoot);
524
+ }
525
+ const authCandidate = inferRemoteServerProjectRootCandidateFromAuthState(projectRoot, repoSlug);
526
+ if (authCandidate) {
527
+ const authResult = await validateAndPersistRemoteRoot({ projectRoot, alias, baseUrl, authToken, repoSlug, candidate: authCandidate, source: "auth-state" });
528
+ if (authResult.ok || authResult.status === "auth_required")
529
+ return authResult;
530
+ }
531
+ let registryResponse;
532
+ try {
533
+ registryResponse = await requestRemoteProjectLinkJson(baseUrl, `/api/projects/${encodeURIComponent(repoSlug)}`, authToken);
534
+ } catch (error) {
535
+ return remoteProjectLinkFailure({
536
+ status: "error",
537
+ alias,
538
+ baseUrl,
539
+ repoSlug,
540
+ message: `Could not read remote project registry for ${repoSlug} on ${alias}: ${error instanceof Error ? error.message : String(error)}`
541
+ });
542
+ }
543
+ if (registryResponse.status === 401 || registryResponse.status === 403) {
544
+ return remoteProjectLinkFailure({
545
+ status: "auth_required",
546
+ alias,
547
+ baseUrl,
548
+ repoSlug,
549
+ statusCode: registryResponse.status,
550
+ message: `Remote server ${alias} requires authentication before reading the ${repoSlug} project registry.`
551
+ });
552
+ }
553
+ if (registryResponse.ok) {
554
+ const candidates = checkoutPathsFromProjectPayload(registryResponse.payload);
555
+ for (const candidate of candidates) {
556
+ const result = await validateAndPersistRemoteRoot({ projectRoot, alias, baseUrl, authToken, repoSlug, candidate, source: "registry" });
557
+ if (result.ok || result.status === "auth_required")
558
+ return result;
559
+ skippedCandidates.push(candidate);
560
+ }
561
+ if (mode === "backfill-only") {
562
+ return remoteProjectLinkFailure({
563
+ status: candidates.length > 0 ? "invalid_root" : "no_server_checkout",
564
+ alias,
565
+ baseUrl,
566
+ repoSlug,
567
+ message: candidates.length > 0 ? `Remote registry has checkout candidates for ${repoSlug}, but none validated for ${alias}.` : `Remote registry has ${repoSlug}, but no server checkout path is linked yet.`,
568
+ skippedCandidates
569
+ });
570
+ }
571
+ } else if (registryResponse.status === 404) {
572
+ if (mode === "backfill-only") {
573
+ return remoteProjectLinkFailure({
574
+ status: "project_not_registered",
575
+ alias,
576
+ baseUrl,
577
+ repoSlug,
578
+ statusCode: registryResponse.status,
579
+ message: `Remote server ${alias} has no registered project record for ${repoSlug}.`
580
+ });
581
+ }
582
+ } else {
583
+ return remoteProjectLinkFailure({
584
+ status: "error",
585
+ alias,
586
+ baseUrl,
587
+ repoSlug,
588
+ statusCode: registryResponse.status,
589
+ message: `Could not backfill ${repoSlug} from remote registry (${registryResponse.status}): ${payloadError(registryResponse.payload, registryResponse.text || "registry lookup failed")}`,
590
+ skippedCandidates
591
+ });
592
+ }
593
+ let prepareResponse;
594
+ try {
595
+ prepareResponse = await requestRemoteProjectLinkJson(baseUrl, `/api/projects/${encodeURIComponent(repoSlug)}/prepare-checkout`, authToken, {
596
+ method: "POST",
597
+ headers: { "content-type": "application/json" },
598
+ body: JSON.stringify({ checkout: { kind: "managed-clone" }, repoUrl: `https://github.com/${repoSlug}.git` })
599
+ });
600
+ } catch (error) {
601
+ return remoteProjectLinkFailure({
602
+ status: "error",
603
+ alias,
604
+ baseUrl,
605
+ repoSlug,
606
+ message: `Could not prepare remote checkout for ${repoSlug} on ${alias}: ${error instanceof Error ? error.message : String(error)}`
607
+ });
608
+ }
609
+ if (prepareResponse.status === 401 || prepareResponse.status === 403) {
610
+ return remoteProjectLinkFailure({
611
+ status: "auth_required",
612
+ alias,
613
+ baseUrl,
614
+ repoSlug,
615
+ statusCode: prepareResponse.status,
616
+ message: `Remote server ${alias} requires authentication before preparing ${repoSlug}.`
617
+ });
618
+ }
619
+ if (!prepareResponse.ok) {
620
+ return remoteProjectLinkFailure({
621
+ status: "error",
622
+ alias,
623
+ baseUrl,
624
+ repoSlug,
625
+ statusCode: prepareResponse.status,
626
+ message: `Remote checkout prepare failed for ${repoSlug} (${prepareResponse.status}): ${payloadError(prepareResponse.payload, prepareResponse.text || "prepare-checkout failed")}`,
627
+ skippedCandidates
628
+ });
629
+ }
630
+ const preparedPath = checkoutPathFromPreparePayload(prepareResponse.payload);
631
+ if (!preparedPath) {
632
+ return remoteProjectLinkFailure({
633
+ status: "invalid_root",
634
+ alias,
635
+ baseUrl,
636
+ repoSlug,
637
+ message: `Remote checkout prepare for ${repoSlug} did not return a checkout.path.`,
638
+ skippedCandidates
639
+ });
640
+ }
641
+ return validateAndPersistRemoteRoot({ projectRoot, alias, baseUrl, authToken, repoSlug, candidate: preparedPath, source: "prepare", prepared: true });
642
+ }
212
643
  async function ensureServerForCli(projectRoot) {
213
644
  try {
214
645
  const selected = resolveSelectedConnection(projectRoot);
215
646
  if (selected?.connection.kind === "remote") {
216
647
  reportServerPhase(`Connecting to ${selected.alias}\u2026`);
217
648
  const authToken = readGitHubBearerTokenForRemote(projectRoot);
218
- const serverProjectRoot = selected.serverProjectRoot ?? inferRemoteServerProjectRootFromAuthState(projectRoot) ?? await backfillRemoteServerProjectRoot(projectRoot, selected.connection.baseUrl, authToken);
649
+ const link = await ensureRemoteProjectRootLink(projectRoot, { mode: "backfill-only", authToken });
219
650
  return {
220
651
  baseUrl: selected.connection.baseUrl,
221
652
  authToken,
222
653
  connectionKind: "remote",
223
- serverProjectRoot
654
+ serverProjectRoot: link.ok ? link.serverProjectRoot ?? null : null
224
655
  };
225
656
  }
226
657
  reportServerPhase("Starting local Rig server\u2026");
@@ -238,32 +669,6 @@ async function ensureServerForCli(projectRoot) {
238
669
  throw error;
239
670
  }
240
671
  }
241
- async function backfillRemoteServerProjectRoot(projectRoot, baseUrl, authToken) {
242
- const repo = readRepoConnection(projectRoot);
243
- const slug = repo?.project?.trim();
244
- if (!slug)
245
- return null;
246
- try {
247
- const url = new URL(`${baseUrl}/api/projects/${encodeURIComponent(slug)}`);
248
- if (authToken && queryAuthFallbackEnabled())
249
- url.searchParams.set("rt", authToken);
250
- const response = await fetch(url, {
251
- headers: mergeHeaders(undefined, authToken)
252
- });
253
- if (!response.ok)
254
- return null;
255
- const payload = await response.json();
256
- const project = payload.project && typeof payload.project === "object" && !Array.isArray(payload.project) ? payload.project : null;
257
- const checkouts = Array.isArray(project?.checkouts) ? project.checkouts : [];
258
- const latestCheckout = [...checkouts].reverse().find((entry) => Boolean(entry && typeof entry === "object" && !Array.isArray(entry) && typeof entry.path === "string"));
259
- const path = typeof latestCheckout?.path === "string" && latestCheckout.path.trim() ? latestCheckout.path.trim() : null;
260
- if (path)
261
- writeRepoServerProjectRoot(projectRoot, path);
262
- return path;
263
- } catch {
264
- return null;
265
- }
266
- }
267
672
  function mergeCookie(existing, name, value) {
268
673
  const encoded = `${name}=${encodeURIComponent(value)}`;
269
674
  if (!existing?.trim())
@@ -355,13 +760,20 @@ function canUseRemoteWithoutProjectRoot(pathname) {
355
760
  async function requestServerJson(context, pathname, init = {}) {
356
761
  const server = await ensureServerForCli(context.projectRoot);
357
762
  const requestUrl = new URL(`${server.baseUrl}${pathname}`);
358
- if (server.connectionKind === "remote" && !server.serverProjectRoot && !canUseRemoteWithoutProjectRoot(requestUrl.pathname) && (server.authToken || !isLoopbackRemoteBaseUrl(server.baseUrl))) {
359
- const repo = readRepoConnection(context.projectRoot);
360
- throw new CliError(`Remote server is selected for ${repo?.project ?? "this repo"}, but this checkout has no server-host project root link.`, 1, { hint: "Run `rig init --repair` or `rig init --yes --repo owner/repo --server remote` to repair the remote project link before task/run commands." });
763
+ let scopedServerProjectRoot = server.serverProjectRoot;
764
+ if (server.connectionKind === "remote" && !scopedServerProjectRoot && !canUseRemoteWithoutProjectRoot(requestUrl.pathname) && (server.authToken || !isLoopbackRemoteBaseUrl(server.baseUrl))) {
765
+ const link = await ensureRemoteProjectRootLink(context.projectRoot, { mode: "backfill-only", authToken: server.authToken });
766
+ if (link.ok && link.serverProjectRoot) {
767
+ scopedServerProjectRoot = link.serverProjectRoot;
768
+ } else {
769
+ const repo = readRepoConnection(context.projectRoot);
770
+ const target = link.alias && link.baseUrl ? `${link.alias} (${link.baseUrl})` : server.baseUrl;
771
+ throw new CliError(`Remote server ${target} is selected for ${link.repoSlug ?? repo?.project ?? "this repo"}, but this checkout has no server-host project root link. ${link.message}`, 1, { hint: link.hint });
772
+ }
361
773
  }
362
774
  const headers = mergeHeaders(init.headers, server.authToken);
363
- if (server.serverProjectRoot)
364
- headers.set("x-rig-project-root", server.serverProjectRoot);
775
+ if (scopedServerProjectRoot)
776
+ headers.set("x-rig-project-root", scopedServerProjectRoot);
365
777
  if (server.connectionKind === "remote" && server.authToken && queryAuthFallbackEnabled()) {
366
778
  requestUrl.searchParams.set("rt", server.authToken);
367
779
  }
@@ -666,8 +1078,8 @@ function persistRemoteAuthSession(context, source, result, fallbackToken) {
666
1078
  return;
667
1079
  const repo = readRepoConnection(context.projectRoot);
668
1080
  const path = resolve3(context.projectRoot, ".rig", "state", "github-auth.json");
669
- mkdirSync2(dirname2(path), { recursive: true });
670
- writeFileSync2(path, `${JSON.stringify({
1081
+ mkdirSync3(dirname3(path), { recursive: true });
1082
+ writeFileSync3(path, `${JSON.stringify({
671
1083
  authenticated: true,
672
1084
  source,
673
1085
  storedOnServer: true,