@h-rig/cli 0.0.6-alpha.88 → 0.0.6-alpha.89

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/dist/bin/rig.js +1159 -292
  2. package/dist/src/app/board.js +462 -48
  3. package/dist/src/app-opentui/adapters/doctor.js +458 -46
  4. package/dist/src/app-opentui/adapters/family.js +670 -147
  5. package/dist/src/app-opentui/adapters/fleet.js +477 -46
  6. package/dist/src/app-opentui/adapters/inbox.js +477 -46
  7. package/dist/src/app-opentui/adapters/init.js +497 -74
  8. package/dist/src/app-opentui/adapters/inspect.js +477 -46
  9. package/dist/src/app-opentui/adapters/pi-attach.js +484 -53
  10. package/dist/src/app-opentui/adapters/run-detail.js +477 -46
  11. package/dist/src/app-opentui/adapters/server.d.ts +26 -0
  12. package/dist/src/app-opentui/adapters/server.js +676 -59
  13. package/dist/src/app-opentui/adapters/tasks.js +539 -81
  14. package/dist/src/app-opentui/autocomplete.js +4 -2
  15. package/dist/src/app-opentui/bootstrap.js +1155 -288
  16. package/dist/src/app-opentui/command-palette.js +37 -10
  17. package/dist/src/app-opentui/index.js +566 -89
  18. package/dist/src/app-opentui/intent.js +33 -8
  19. package/dist/src/app-opentui/keymap.js +43 -29
  20. package/dist/src/app-opentui/pi-host-child.js +465 -53
  21. package/dist/src/app-opentui/react/App.js +104 -44
  22. package/dist/src/app-opentui/react/ChromeHost.js +16 -4
  23. package/dist/src/app-opentui/react/launch.js +555 -88
  24. package/dist/src/app-opentui/react/nav.js +1 -1
  25. package/dist/src/app-opentui/registry.js +1062 -237
  26. package/dist/src/app-opentui/remote-link.d.ts +10 -0
  27. package/dist/src/app-opentui/remote-link.js +47 -0
  28. package/dist/src/app-opentui/runtime.js +566 -89
  29. package/dist/src/app-opentui/scenes/doctor.js +1 -1
  30. package/dist/src/app-opentui/scenes/error.js +50 -4
  31. package/dist/src/app-opentui/scenes/family.js +60 -6
  32. package/dist/src/app-opentui/scenes/fleet.js +65 -13
  33. package/dist/src/app-opentui/scenes/help.js +4 -2
  34. package/dist/src/app-opentui/scenes/init.js +12 -12
  35. package/dist/src/app-opentui/scenes/main.js +7 -7
  36. package/dist/src/app-opentui/scenes/server.js +83 -11
  37. package/dist/src/app-opentui/scenes/tasks.js +79 -16
  38. package/dist/src/app-opentui/state.js +25 -5
  39. package/dist/src/app-opentui/surface-catalog.js +4 -2
  40. package/dist/src/app-opentui/types.d.ts +1 -1
  41. package/dist/src/commands/_cli-format.d.ts +10 -1
  42. package/dist/src/commands/_cli-format.js +5 -2
  43. package/dist/src/commands/_connection-state.d.ts +11 -1
  44. package/dist/src/commands/_connection-state.js +50 -5
  45. package/dist/src/commands/_doctor-checks.js +458 -46
  46. package/dist/src/commands/_help-catalog.js +4 -2
  47. package/dist/src/commands/_json-output.js +4 -0
  48. package/dist/src/commands/_operator-view.js +465 -53
  49. package/dist/src/commands/_pi-frontend.js +465 -53
  50. package/dist/src/commands/_preflight.js +509 -72
  51. package/dist/src/commands/_server-client.d.ts +33 -0
  52. package/dist/src/commands/_server-client.js +477 -46
  53. package/dist/src/commands/_server-events.js +446 -41
  54. package/dist/src/commands/_snapshot-upload.js +460 -48
  55. package/dist/src/commands/connect.js +620 -15
  56. package/dist/src/commands/doctor.js +458 -46
  57. package/dist/src/commands/github.js +462 -50
  58. package/dist/src/commands/inbox.js +458 -46
  59. package/dist/src/commands/init.js +497 -74
  60. package/dist/src/commands/inspect.js +458 -46
  61. package/dist/src/commands/run.js +465 -53
  62. package/dist/src/commands/server.js +647 -163
  63. package/dist/src/commands/setup.js +463 -51
  64. package/dist/src/commands/stats.js +462 -48
  65. package/dist/src/commands/task-run-driver.js +464 -52
  66. package/dist/src/commands/task.js +520 -81
  67. package/dist/src/commands.js +670 -147
  68. package/dist/src/index.js +674 -147
  69. package/dist/src/launcher.js +4 -0
  70. package/package.json +8 -8
@@ -1,6 +1,6 @@
1
1
  // @bun
2
2
  // packages/cli/src/commands/task-run-driver.ts
3
- import { copyFileSync, existsSync as existsSync4, mkdirSync as mkdirSync2, readFileSync as readFileSync4, statSync, writeFileSync as writeFileSync2 } from "fs";
3
+ import { copyFileSync, existsSync as existsSync4, mkdirSync as mkdirSync3, readFileSync as readFileSync4, statSync, writeFileSync as writeFileSync3 } from "fs";
4
4
  import { resolve as resolve6 } from "path";
5
5
  import { spawn, spawnSync } from "child_process";
6
6
  import { createInterface as createLineInterface } from "readline";
@@ -430,8 +430,8 @@ function renderSourceScopeValidation(task, validation) {
430
430
  }
431
431
 
432
432
  // packages/cli/src/commands/_server-client.ts
433
- import { existsSync as existsSync3, readFileSync as readFileSync3 } from "fs";
434
- import { resolve as resolve5 } from "path";
433
+ import { existsSync as existsSync3, mkdirSync as mkdirSync2, readFileSync as readFileSync3, writeFileSync as writeFileSync2 } from "fs";
434
+ import { dirname as dirname2, isAbsolute, resolve as resolve5 } from "path";
435
435
  import { ensureLocalRigServerConnection } from "@rig/runtime/local-server";
436
436
 
437
437
  // packages/cli/src/commands/_connection-state.ts
@@ -505,12 +505,28 @@ function readRepoConnection(projectRoot) {
505
505
  selected,
506
506
  project: typeof record.project === "string" ? record.project : undefined,
507
507
  linkedAt: typeof record.linkedAt === "string" ? record.linkedAt : undefined,
508
- serverProjectRoot: typeof record.serverProjectRoot === "string" && record.serverProjectRoot.trim() ? record.serverProjectRoot.trim() : undefined
508
+ serverProjectRoot: typeof record.serverProjectRoot === "string" && record.serverProjectRoot.trim() ? record.serverProjectRoot.trim() : undefined,
509
+ serverProjectRootAlias: typeof record.serverProjectRootAlias === "string" && record.serverProjectRootAlias.trim() ? record.serverProjectRootAlias.trim() : undefined,
510
+ serverProjectRootBaseUrl: typeof record.serverProjectRootBaseUrl === "string" && record.serverProjectRootBaseUrl.trim() ? record.serverProjectRootBaseUrl.trim().replace(/\/+$/, "") : undefined
509
511
  };
510
512
  }
511
513
  function writeRepoConnection(projectRoot, state) {
512
514
  writeJsonFile2(resolveRepoConnectionPath(projectRoot), state);
513
515
  }
516
+ function rootAllowedForSelection(repo, connection) {
517
+ const root = repo.serverProjectRoot?.trim();
518
+ if (!root)
519
+ return;
520
+ if (connection.kind === "remote") {
521
+ if (repo.serverProjectRootAlias !== repo.selected)
522
+ return;
523
+ if (repo.serverProjectRootBaseUrl !== connection.baseUrl)
524
+ return;
525
+ } else if (repo.serverProjectRootAlias && repo.serverProjectRootAlias !== repo.selected) {
526
+ return;
527
+ }
528
+ return root;
529
+ }
514
530
  function resolveSelectedConnection(projectRoot, options = {}) {
515
531
  const repo = readRepoConnection(projectRoot);
516
532
  if (!repo)
@@ -522,13 +538,41 @@ function resolveSelectedConnection(projectRoot, options = {}) {
522
538
  if (!connection) {
523
539
  throw new CliError(`Selected Rig server "${repo.selected}" was not found. Run \`rig server list\` or \`rig server use local\`.`, 1);
524
540
  }
525
- return { alias: repo.selected, connection, serverProjectRoot: repo.serverProjectRoot };
541
+ return { alias: repo.selected, connection, serverProjectRoot: rootAllowedForSelection(repo, connection) };
542
+ }
543
+ function writeRepoServerProjectRoot(projectRoot, serverProjectRoot, metadata = {}) {
544
+ const repo = readRepoConnection(projectRoot);
545
+ if (!repo)
546
+ return;
547
+ let inferred = metadata;
548
+ if (!inferred.alias || !inferred.baseUrl) {
549
+ try {
550
+ const selected = resolveSelectedConnection(projectRoot);
551
+ if (selected?.connection.kind === "remote") {
552
+ inferred = {
553
+ alias: inferred.alias ?? selected.alias,
554
+ baseUrl: inferred.baseUrl ?? selected.connection.baseUrl
555
+ };
556
+ }
557
+ } catch {}
558
+ }
559
+ writeRepoConnection(projectRoot, {
560
+ ...repo,
561
+ ...metadata.project ? { project: metadata.project } : {},
562
+ serverProjectRoot,
563
+ ...inferred.alias ? { serverProjectRootAlias: inferred.alias } : {},
564
+ ...inferred.baseUrl ? { serverProjectRootBaseUrl: inferred.baseUrl.replace(/\/+$/, "") } : {}
565
+ });
526
566
  }
527
- function writeRepoServerProjectRoot(projectRoot, serverProjectRoot) {
567
+ function clearRepoServerProjectRoot(projectRoot) {
528
568
  const repo = readRepoConnection(projectRoot);
529
569
  if (!repo)
530
570
  return;
531
- writeRepoConnection(projectRoot, { ...repo, serverProjectRoot });
571
+ writeRepoConnection(projectRoot, {
572
+ selected: repo.selected,
573
+ ...repo.project ? { project: repo.project } : {},
574
+ ...repo.linkedAt ? { linkedAt: repo.linkedAt } : {}
575
+ });
532
576
  }
533
577
 
534
578
  // packages/cli/src/commands/_server-client.ts
@@ -569,11 +613,10 @@ function readStoredGitHubAuthToken(projectRoot) {
569
613
  const parsed = readRemoteAuthState(projectRoot);
570
614
  return parsed ? cleanToken(typeof parsed.token === "string" ? parsed.token : undefined) : null;
571
615
  }
572
- function inferRemoteServerProjectRootFromAuthState(projectRoot) {
573
- const repo = readRepoConnection(projectRoot);
574
- const slug = repo?.project?.trim();
575
- if (!slug || !/^[^/]+\/[^/]+$/.test(slug))
616
+ function inferRemoteServerProjectRootCandidateFromAuthState(projectRoot, repoSlug) {
617
+ if (!/^[^/]+\/[^/]+$/.test(repoSlug))
576
618
  return null;
619
+ const repo = readRepoConnection(projectRoot);
577
620
  const auth = readRemoteAuthState(projectRoot);
578
621
  const authUpdatedAt = typeof auth?.updatedAt === "string" ? Date.parse(auth.updatedAt) : Number.NaN;
579
622
  const repoLinkedAt = typeof repo?.linkedAt === "string" ? Date.parse(repo.linkedAt) : Number.NaN;
@@ -582,25 +625,413 @@ function inferRemoteServerProjectRootFromAuthState(projectRoot) {
582
625
  const checkoutBaseDir = typeof auth?.checkoutBaseDir === "string" && auth.checkoutBaseDir.trim() ? auth.checkoutBaseDir.trim() : null;
583
626
  if (!checkoutBaseDir)
584
627
  return null;
585
- const inferred = `${checkoutBaseDir.replace(/\/+$/, "")}/${slug}`;
586
- writeRepoServerProjectRoot(projectRoot, inferred);
587
- return inferred;
628
+ return `${checkoutBaseDir.replace(/\/+$/, "")}/${repoSlug}`;
588
629
  }
589
630
  function readLocalConnectionFallbackToken(projectRoot) {
590
631
  return readGitHubBearerTokenForRemote(projectRoot) ?? cleanToken(process.env.RIG_GITHUB_TOKEN) ?? readStoredGitHubAuthToken(projectRoot);
591
632
  }
633
+ function normalizeRepoSlug(value) {
634
+ const slug = value?.trim();
635
+ return slug && /^[^/\s]+\/[^/\s]+$/.test(slug) ? slug : null;
636
+ }
637
+ function readProjectLinkSlug(projectRoot) {
638
+ const path = resolve5(projectRoot, ".rig", "state", "project-link.json");
639
+ if (!existsSync3(path))
640
+ return null;
641
+ try {
642
+ const parsed = JSON.parse(readFileSync3(path, "utf8"));
643
+ if (!parsed || typeof parsed !== "object" || Array.isArray(parsed))
644
+ return null;
645
+ return normalizeRepoSlug(typeof parsed.repoSlug === "string" ? String(parsed.repoSlug) : null);
646
+ } catch {
647
+ return null;
648
+ }
649
+ }
650
+ function writeProjectLinkConnection(projectRoot, repoSlug, alias) {
651
+ const path = resolve5(projectRoot, ".rig", "state", "project-link.json");
652
+ mkdirSync2(dirname2(path), { recursive: true });
653
+ writeFileSync2(path, `${JSON.stringify({ repoSlug, connection: alias, linkedAt: new Date().toISOString() }, null, 2)}
654
+ `, "utf8");
655
+ }
656
+ function remoteLinkRepairCommand(repoSlug) {
657
+ return repoSlug ? `rig server repair-link --repo ${repoSlug}` : "rig server repair-link --repo owner/repo";
658
+ }
659
+ function formatRemoteProjectLinkHint(resolution) {
660
+ const repair = remoteLinkRepairCommand(resolution.repoSlug);
661
+ if (resolution.status === "auth_required") {
662
+ return `Authenticate the selected remote${resolution.alias ? ` (${resolution.alias})` : ""}, then run \`${repair}\`. Use \`rig github auth import-gh\` or \`rig init --repair --server remote --github-auth device${resolution.repoSlug ? ` --repo ${resolution.repoSlug}` : ""}\`.`;
663
+ }
664
+ if (resolution.status === "missing_project") {
665
+ return `Record the repo slug, then run \`${repair}\` (or \`rig init --repo owner/repo --server remote --github-auth device\`).`;
666
+ }
667
+ if (resolution.status === "not_remote")
668
+ return "Select a remote server with `rig server use <alias>` before repairing a remote project link.";
669
+ return `Run \`${repair}\` to backfill or prepare a server-host checkout for the selected remote${resolution.alias ? ` (${resolution.alias})` : ""}.`;
670
+ }
671
+ function remoteProjectLinkFailure(input) {
672
+ const partial = {
673
+ status: input.status,
674
+ alias: input.alias,
675
+ baseUrl: input.baseUrl,
676
+ repoSlug: input.repoSlug
677
+ };
678
+ return {
679
+ ok: false,
680
+ ...input,
681
+ hint: formatRemoteProjectLinkHint(partial),
682
+ next: remoteLinkRepairCommand(input.repoSlug)
683
+ };
684
+ }
685
+ function remoteProjectLinkSuccess(input) {
686
+ return {
687
+ ok: true,
688
+ status: input.status,
689
+ alias: input.alias,
690
+ baseUrl: input.baseUrl,
691
+ repoSlug: input.repoSlug,
692
+ serverProjectRoot: input.serverProjectRoot,
693
+ source: input.source,
694
+ prepared: input.prepared ?? input.status === "prepared",
695
+ validated: input.validated ?? false,
696
+ message: input.message ?? `Remote project link ready for ${input.repoSlug}.`,
697
+ hint: "Remote-scoped task/run/status requests will send x-rig-project-root for this server-host checkout.",
698
+ next: "rig task list"
699
+ };
700
+ }
701
+ function localCheckoutPathCandidate(projectRoot, candidate) {
702
+ try {
703
+ const local = resolve5(projectRoot);
704
+ const resolved = resolve5(candidate);
705
+ return resolved === local || resolved.startsWith(`${local}/`);
706
+ } catch {
707
+ return false;
708
+ }
709
+ }
710
+ async function requestRemoteProjectLinkJson(baseUrl, pathname, authToken, init = {}) {
711
+ const requestUrl = new URL(`${baseUrl}${pathname}`);
712
+ if (authToken && queryAuthFallbackEnabled())
713
+ requestUrl.searchParams.set("rt", authToken);
714
+ const response = await fetch(requestUrl, {
715
+ ...init,
716
+ headers: mergeHeaders(init.headers, authToken)
717
+ });
718
+ const text = await response.text();
719
+ const payload = text.trim().length > 0 ? (() => {
720
+ try {
721
+ return JSON.parse(text);
722
+ } catch {
723
+ return null;
724
+ }
725
+ })() : null;
726
+ return { ok: response.ok, status: response.status, payload, text };
727
+ }
728
+ function payloadError(payload, fallback) {
729
+ if (payload && typeof payload === "object" && !Array.isArray(payload)) {
730
+ const record = payload;
731
+ const value = record.error ?? record.message ?? record.reason;
732
+ if (typeof value === "string" && value.trim())
733
+ return value.trim();
734
+ }
735
+ return fallback;
736
+ }
737
+ function checkoutPathsFromProjectPayload(payload) {
738
+ if (!payload || typeof payload !== "object" || Array.isArray(payload))
739
+ return [];
740
+ const project = payload.project;
741
+ if (!project || typeof project !== "object" || Array.isArray(project))
742
+ return [];
743
+ const checkouts = project.checkouts;
744
+ if (!Array.isArray(checkouts))
745
+ return [];
746
+ return [...checkouts].reverse().flatMap((entry) => {
747
+ if (!entry || typeof entry !== "object" || Array.isArray(entry))
748
+ return [];
749
+ const path = entry.path;
750
+ return typeof path === "string" && path.trim() ? [path.trim()] : [];
751
+ });
752
+ }
753
+ function checkoutPathFromPreparePayload(payload) {
754
+ if (!payload || typeof payload !== "object" || Array.isArray(payload))
755
+ return null;
756
+ const checkout = payload.checkout;
757
+ if (!checkout || typeof checkout !== "object" || Array.isArray(checkout))
758
+ return null;
759
+ const path = checkout.path;
760
+ return typeof path === "string" && path.trim() ? path.trim() : null;
761
+ }
762
+ async function validateAndPersistRemoteRoot(input) {
763
+ const candidate = input.candidate.trim();
764
+ if (!candidate || !isAbsolute(candidate)) {
765
+ return remoteProjectLinkFailure({
766
+ status: "invalid_root",
767
+ alias: input.alias,
768
+ baseUrl: input.baseUrl,
769
+ repoSlug: input.repoSlug,
770
+ message: `Remote project root candidate is not an absolute server-host path: ${candidate || "(empty)"}.`
771
+ });
772
+ }
773
+ if (localCheckoutPathCandidate(input.projectRoot, candidate)) {
774
+ return remoteProjectLinkFailure({
775
+ status: "invalid_root",
776
+ alias: input.alias,
777
+ baseUrl: input.baseUrl,
778
+ repoSlug: input.repoSlug,
779
+ message: `Refusing to use local checkout path ${candidate} as a remote server project root.`
780
+ });
781
+ }
782
+ let response;
783
+ try {
784
+ response = await requestRemoteProjectLinkJson(input.baseUrl, "/api/server/project-root", input.authToken, {
785
+ method: "POST",
786
+ headers: { "content-type": "application/json" },
787
+ body: JSON.stringify({ projectRoot: candidate })
788
+ });
789
+ } catch (error) {
790
+ return remoteProjectLinkFailure({
791
+ status: "error",
792
+ alias: input.alias,
793
+ baseUrl: input.baseUrl,
794
+ repoSlug: input.repoSlug,
795
+ message: `Could not validate remote project root ${candidate}: ${error instanceof Error ? error.message : String(error)}`
796
+ });
797
+ }
798
+ if (response.status === 401 || response.status === 403) {
799
+ return remoteProjectLinkFailure({
800
+ status: "auth_required",
801
+ alias: input.alias,
802
+ baseUrl: input.baseUrl,
803
+ repoSlug: input.repoSlug,
804
+ statusCode: response.status,
805
+ message: `Remote server ${input.alias} requires authentication before validating project root ${candidate}.`
806
+ });
807
+ }
808
+ if (!response.ok) {
809
+ return remoteProjectLinkFailure({
810
+ status: "invalid_root",
811
+ alias: input.alias,
812
+ baseUrl: input.baseUrl,
813
+ repoSlug: input.repoSlug,
814
+ statusCode: response.status,
815
+ message: `Remote server rejected project root ${candidate} (${response.status}): ${payloadError(response.payload, response.text || "project-root validation failed")}`
816
+ });
817
+ }
818
+ const record = response.payload && typeof response.payload === "object" && !Array.isArray(response.payload) ? response.payload : {};
819
+ if (record.ok !== true) {
820
+ return remoteProjectLinkFailure({
821
+ status: "invalid_root",
822
+ alias: input.alias,
823
+ baseUrl: input.baseUrl,
824
+ repoSlug: input.repoSlug,
825
+ message: `Remote server did not accept project root ${candidate}: ${payloadError(response.payload, "project-root validation failed")}`
826
+ });
827
+ }
828
+ const accepted = typeof record.projectRoot === "string" && record.projectRoot.trim() ? record.projectRoot.trim() : typeof record.requestedProjectRoot === "string" && record.requestedProjectRoot.trim() ? record.requestedProjectRoot.trim() : candidate;
829
+ writeRepoServerProjectRoot(input.projectRoot, accepted, { alias: input.alias, baseUrl: input.baseUrl, project: input.repoSlug });
830
+ writeProjectLinkConnection(input.projectRoot, input.repoSlug, input.alias);
831
+ const status = input.status ?? (input.prepared ? "prepared" : "backfilled");
832
+ return remoteProjectLinkSuccess({
833
+ status,
834
+ alias: input.alias,
835
+ baseUrl: input.baseUrl,
836
+ repoSlug: input.repoSlug,
837
+ serverProjectRoot: accepted,
838
+ source: input.source,
839
+ prepared: input.prepared,
840
+ validated: true,
841
+ message: status === "ready" ? `Remote project link already points to ${accepted} and was validated on ${input.alias}.` : input.prepared ? `Prepared and linked remote checkout ${accepted} for ${input.repoSlug}.` : `Backfilled remote checkout ${accepted} for ${input.repoSlug}.`
842
+ });
843
+ }
844
+ async function ensureRemoteProjectRootLink(projectRoot, options = {}) {
845
+ let selected;
846
+ try {
847
+ selected = resolveSelectedConnection(projectRoot);
848
+ } catch (error) {
849
+ return remoteProjectLinkFailure({ status: "error", message: error instanceof Error ? error.message : String(error) });
850
+ }
851
+ if (!selected || selected.connection.kind !== "remote") {
852
+ return remoteProjectLinkFailure({ status: "not_remote", message: "No remote Rig server is selected for this repo." });
853
+ }
854
+ const repo = readRepoConnection(projectRoot);
855
+ const explicitRepoRequested = options.repoSlug !== undefined;
856
+ const explicitRepoSlug = explicitRepoRequested ? normalizeRepoSlug(options.repoSlug) : null;
857
+ const repoProjectSlug = normalizeRepoSlug(repo?.project);
858
+ const repoSlug = explicitRepoSlug ?? repoProjectSlug ?? readProjectLinkSlug(projectRoot);
859
+ const alias = selected.alias;
860
+ const baseUrl = selected.connection.baseUrl;
861
+ const authToken = options.authToken === undefined ? readGitHubBearerTokenForRemote(projectRoot) : options.authToken;
862
+ const mode = options.mode ?? "backfill-only";
863
+ if (explicitRepoRequested && !explicitRepoSlug) {
864
+ return remoteProjectLinkFailure({
865
+ status: "missing_project",
866
+ alias,
867
+ baseUrl,
868
+ message: `Invalid --repo value ${JSON.stringify(options.repoSlug)}. Expected owner/repo.`
869
+ });
870
+ }
871
+ if (!repoSlug) {
872
+ return remoteProjectLinkFailure({
873
+ status: "missing_project",
874
+ alias,
875
+ baseUrl,
876
+ message: `Remote server ${alias} is selected, but this checkout has no GitHub repo slug recorded.`
877
+ });
878
+ }
879
+ const skippedCandidates = [];
880
+ const storedRoot = selected.serverProjectRoot?.trim() || null;
881
+ const storedRootMatchesResolvedRepo = repoProjectSlug === repoSlug;
882
+ if (storedRoot && storedRootMatchesResolvedRepo) {
883
+ if (localCheckoutPathCandidate(projectRoot, storedRoot)) {
884
+ clearRepoServerProjectRoot(projectRoot);
885
+ skippedCandidates.push(storedRoot);
886
+ } else {
887
+ const storedResult = await validateAndPersistRemoteRoot({
888
+ projectRoot,
889
+ alias,
890
+ baseUrl,
891
+ authToken,
892
+ repoSlug,
893
+ candidate: storedRoot,
894
+ source: "stored",
895
+ status: "ready"
896
+ });
897
+ if (storedResult.ok || storedResult.status === "auth_required" || storedResult.status === "error")
898
+ return storedResult;
899
+ clearRepoServerProjectRoot(projectRoot);
900
+ skippedCandidates.push(storedRoot);
901
+ }
902
+ } else if (storedRoot) {
903
+ skippedCandidates.push(storedRoot);
904
+ }
905
+ const authCandidate = inferRemoteServerProjectRootCandidateFromAuthState(projectRoot, repoSlug);
906
+ if (authCandidate) {
907
+ const authResult = await validateAndPersistRemoteRoot({ projectRoot, alias, baseUrl, authToken, repoSlug, candidate: authCandidate, source: "auth-state" });
908
+ if (authResult.ok || authResult.status === "auth_required")
909
+ return authResult;
910
+ }
911
+ let registryResponse;
912
+ try {
913
+ registryResponse = await requestRemoteProjectLinkJson(baseUrl, `/api/projects/${encodeURIComponent(repoSlug)}`, authToken);
914
+ } catch (error) {
915
+ return remoteProjectLinkFailure({
916
+ status: "error",
917
+ alias,
918
+ baseUrl,
919
+ repoSlug,
920
+ message: `Could not read remote project registry for ${repoSlug} on ${alias}: ${error instanceof Error ? error.message : String(error)}`
921
+ });
922
+ }
923
+ if (registryResponse.status === 401 || registryResponse.status === 403) {
924
+ return remoteProjectLinkFailure({
925
+ status: "auth_required",
926
+ alias,
927
+ baseUrl,
928
+ repoSlug,
929
+ statusCode: registryResponse.status,
930
+ message: `Remote server ${alias} requires authentication before reading the ${repoSlug} project registry.`
931
+ });
932
+ }
933
+ if (registryResponse.ok) {
934
+ const candidates = checkoutPathsFromProjectPayload(registryResponse.payload);
935
+ for (const candidate of candidates) {
936
+ const result = await validateAndPersistRemoteRoot({ projectRoot, alias, baseUrl, authToken, repoSlug, candidate, source: "registry" });
937
+ if (result.ok || result.status === "auth_required")
938
+ return result;
939
+ skippedCandidates.push(candidate);
940
+ }
941
+ if (mode === "backfill-only") {
942
+ return remoteProjectLinkFailure({
943
+ status: candidates.length > 0 ? "invalid_root" : "no_server_checkout",
944
+ alias,
945
+ baseUrl,
946
+ repoSlug,
947
+ message: candidates.length > 0 ? `Remote registry has checkout candidates for ${repoSlug}, but none validated for ${alias}.` : `Remote registry has ${repoSlug}, but no server checkout path is linked yet.`,
948
+ skippedCandidates
949
+ });
950
+ }
951
+ } else if (registryResponse.status === 404) {
952
+ if (mode === "backfill-only") {
953
+ return remoteProjectLinkFailure({
954
+ status: "project_not_registered",
955
+ alias,
956
+ baseUrl,
957
+ repoSlug,
958
+ statusCode: registryResponse.status,
959
+ message: `Remote server ${alias} has no registered project record for ${repoSlug}.`
960
+ });
961
+ }
962
+ } else {
963
+ return remoteProjectLinkFailure({
964
+ status: "error",
965
+ alias,
966
+ baseUrl,
967
+ repoSlug,
968
+ statusCode: registryResponse.status,
969
+ message: `Could not backfill ${repoSlug} from remote registry (${registryResponse.status}): ${payloadError(registryResponse.payload, registryResponse.text || "registry lookup failed")}`,
970
+ skippedCandidates
971
+ });
972
+ }
973
+ let prepareResponse;
974
+ try {
975
+ prepareResponse = await requestRemoteProjectLinkJson(baseUrl, `/api/projects/${encodeURIComponent(repoSlug)}/prepare-checkout`, authToken, {
976
+ method: "POST",
977
+ headers: { "content-type": "application/json" },
978
+ body: JSON.stringify({ checkout: { kind: "managed-clone" }, repoUrl: `https://github.com/${repoSlug}.git` })
979
+ });
980
+ } catch (error) {
981
+ return remoteProjectLinkFailure({
982
+ status: "error",
983
+ alias,
984
+ baseUrl,
985
+ repoSlug,
986
+ message: `Could not prepare remote checkout for ${repoSlug} on ${alias}: ${error instanceof Error ? error.message : String(error)}`
987
+ });
988
+ }
989
+ if (prepareResponse.status === 401 || prepareResponse.status === 403) {
990
+ return remoteProjectLinkFailure({
991
+ status: "auth_required",
992
+ alias,
993
+ baseUrl,
994
+ repoSlug,
995
+ statusCode: prepareResponse.status,
996
+ message: `Remote server ${alias} requires authentication before preparing ${repoSlug}.`
997
+ });
998
+ }
999
+ if (!prepareResponse.ok) {
1000
+ return remoteProjectLinkFailure({
1001
+ status: "error",
1002
+ alias,
1003
+ baseUrl,
1004
+ repoSlug,
1005
+ statusCode: prepareResponse.status,
1006
+ message: `Remote checkout prepare failed for ${repoSlug} (${prepareResponse.status}): ${payloadError(prepareResponse.payload, prepareResponse.text || "prepare-checkout failed")}`,
1007
+ skippedCandidates
1008
+ });
1009
+ }
1010
+ const preparedPath = checkoutPathFromPreparePayload(prepareResponse.payload);
1011
+ if (!preparedPath) {
1012
+ return remoteProjectLinkFailure({
1013
+ status: "invalid_root",
1014
+ alias,
1015
+ baseUrl,
1016
+ repoSlug,
1017
+ message: `Remote checkout prepare for ${repoSlug} did not return a checkout.path.`,
1018
+ skippedCandidates
1019
+ });
1020
+ }
1021
+ return validateAndPersistRemoteRoot({ projectRoot, alias, baseUrl, authToken, repoSlug, candidate: preparedPath, source: "prepare", prepared: true });
1022
+ }
592
1023
  async function ensureServerForCli(projectRoot) {
593
1024
  try {
594
1025
  const selected = resolveSelectedConnection(projectRoot);
595
1026
  if (selected?.connection.kind === "remote") {
596
1027
  reportServerPhase(`Connecting to ${selected.alias}\u2026`);
597
1028
  const authToken = readGitHubBearerTokenForRemote(projectRoot);
598
- const serverProjectRoot = selected.serverProjectRoot ?? inferRemoteServerProjectRootFromAuthState(projectRoot) ?? await backfillRemoteServerProjectRoot(projectRoot, selected.connection.baseUrl, authToken);
1029
+ const link = await ensureRemoteProjectRootLink(projectRoot, { mode: "backfill-only", authToken });
599
1030
  return {
600
1031
  baseUrl: selected.connection.baseUrl,
601
1032
  authToken,
602
1033
  connectionKind: "remote",
603
- serverProjectRoot
1034
+ serverProjectRoot: link.ok ? link.serverProjectRoot ?? null : null
604
1035
  };
605
1036
  }
606
1037
  reportServerPhase("Starting local Rig server\u2026");
@@ -618,32 +1049,6 @@ async function ensureServerForCli(projectRoot) {
618
1049
  throw error;
619
1050
  }
620
1051
  }
621
- async function backfillRemoteServerProjectRoot(projectRoot, baseUrl, authToken) {
622
- const repo = readRepoConnection(projectRoot);
623
- const slug = repo?.project?.trim();
624
- if (!slug)
625
- return null;
626
- try {
627
- const url = new URL(`${baseUrl}/api/projects/${encodeURIComponent(slug)}`);
628
- if (authToken && queryAuthFallbackEnabled())
629
- url.searchParams.set("rt", authToken);
630
- const response = await fetch(url, {
631
- headers: mergeHeaders(undefined, authToken)
632
- });
633
- if (!response.ok)
634
- return null;
635
- const payload = await response.json();
636
- const project = payload.project && typeof payload.project === "object" && !Array.isArray(payload.project) ? payload.project : null;
637
- const checkouts = Array.isArray(project?.checkouts) ? project.checkouts : [];
638
- const latestCheckout = [...checkouts].reverse().find((entry) => Boolean(entry && typeof entry === "object" && !Array.isArray(entry) && typeof entry.path === "string"));
639
- const path = typeof latestCheckout?.path === "string" && latestCheckout.path.trim() ? latestCheckout.path.trim() : null;
640
- if (path)
641
- writeRepoServerProjectRoot(projectRoot, path);
642
- return path;
643
- } catch {
644
- return null;
645
- }
646
- }
647
1052
  function mergeCookie(existing, name, value) {
648
1053
  const encoded = `${name}=${encodeURIComponent(value)}`;
649
1054
  if (!existing?.trim())
@@ -735,13 +1140,20 @@ function canUseRemoteWithoutProjectRoot(pathname) {
735
1140
  async function requestServerJson(context, pathname, init = {}) {
736
1141
  const server = await ensureServerForCli(context.projectRoot);
737
1142
  const requestUrl = new URL(`${server.baseUrl}${pathname}`);
738
- if (server.connectionKind === "remote" && !server.serverProjectRoot && !canUseRemoteWithoutProjectRoot(requestUrl.pathname) && (server.authToken || !isLoopbackRemoteBaseUrl(server.baseUrl))) {
739
- const repo = readRepoConnection(context.projectRoot);
740
- throw new CliError(`Remote server is selected for ${repo?.project ?? "this repo"}, but this checkout has no server-host project root link.`, 1, { hint: "Run `rig init --repair` or `rig init --yes --repo owner/repo --server remote` to repair the remote project link before task/run commands." });
1143
+ let scopedServerProjectRoot = server.serverProjectRoot;
1144
+ if (server.connectionKind === "remote" && !scopedServerProjectRoot && !canUseRemoteWithoutProjectRoot(requestUrl.pathname) && (server.authToken || !isLoopbackRemoteBaseUrl(server.baseUrl))) {
1145
+ const link = await ensureRemoteProjectRootLink(context.projectRoot, { mode: "backfill-only", authToken: server.authToken });
1146
+ if (link.ok && link.serverProjectRoot) {
1147
+ scopedServerProjectRoot = link.serverProjectRoot;
1148
+ } else {
1149
+ const repo = readRepoConnection(context.projectRoot);
1150
+ const target = link.alias && link.baseUrl ? `${link.alias} (${link.baseUrl})` : server.baseUrl;
1151
+ throw new CliError(`Remote server ${target} is selected for ${link.repoSlug ?? repo?.project ?? "this repo"}, but this checkout has no server-host project root link. ${link.message}`, 1, { hint: link.hint });
1152
+ }
741
1153
  }
742
1154
  const headers = mergeHeaders(init.headers, server.authToken);
743
- if (server.serverProjectRoot)
744
- headers.set("x-rig-project-root", server.serverProjectRoot);
1155
+ if (scopedServerProjectRoot)
1156
+ headers.set("x-rig-project-root", scopedServerProjectRoot);
745
1157
  if (server.connectionKind === "remote" && server.authToken && queryAuthFallbackEnabled()) {
746
1158
  requestUrl.searchParams.set("rt", server.authToken);
747
1159
  }
@@ -882,7 +1294,7 @@ function copyUntrackedDirtyFiles(sourceRoot, targetRoot) {
882
1294
  try {
883
1295
  if (!statSync(sourcePath).isFile())
884
1296
  continue;
885
- mkdirSync2(resolve6(targetPath, ".."), { recursive: true });
1297
+ mkdirSync3(resolve6(targetPath, ".."), { recursive: true });
886
1298
  copyFileSync(sourcePath, targetPath);
887
1299
  copied += 1;
888
1300
  } catch {}
@@ -1781,8 +2193,8 @@ async function executeRigOwnedTaskRun(context, input) {
1781
2193
  artifactPath: planningClassification.planningRequired ? planningArtifactPath : null,
1782
2194
  classifiedAt: new Date().toISOString()
1783
2195
  };
1784
- mkdirSync2(resolve6(context.projectRoot, ".rig", "runs", input.runId), { recursive: true });
1785
- writeFileSync2(resolve6(context.projectRoot, ".rig", "runs", input.runId, "planning-classification.json"), `${JSON.stringify(persistedPlanning, null, 2)}
2196
+ mkdirSync3(resolve6(context.projectRoot, ".rig", "runs", input.runId), { recursive: true });
2197
+ writeFileSync3(resolve6(context.projectRoot, ".rig", "runs", input.runId, "planning-classification.json"), `${JSON.stringify(persistedPlanning, null, 2)}
1786
2198
  `, "utf8");
1787
2199
  patchAuthorityRun(context.projectRoot, input.runId, { planning: persistedPlanning });
1788
2200
  prompt = `${prompt}
@@ -1929,8 +2341,8 @@ ${planningClassification.planningRequired ? `Before implementing, write a concis
1929
2341
  const dirty = applyDirtyBaselineSnapshot({ sourceRoot: context.projectRoot, targetRoot: latestRuntimeWorkspace });
1930
2342
  const readyFile = childEnv.RIG_DIRTY_BASELINE_READY_FILE;
1931
2343
  if (readyFile) {
1932
- mkdirSync2(resolve6(readyFile, ".."), { recursive: true });
1933
- writeFileSync2(readyFile, `${JSON.stringify({ ...dirty, workspaceDir: latestRuntimeWorkspace, appliedAt: new Date().toISOString() }, null, 2)}
2344
+ mkdirSync3(resolve6(readyFile, ".."), { recursive: true });
2345
+ writeFileSync3(readyFile, `${JSON.stringify({ ...dirty, workspaceDir: latestRuntimeWorkspace, appliedAt: new Date().toISOString() }, null, 2)}
1934
2346
  `, "utf8");
1935
2347
  }
1936
2348
  appendRunLog(context.projectRoot, input.runId, {