@linzumi/cli 0.0.14-beta → 0.0.16-beta

package/README.md

@@ -19,6 +19,16 @@
           your agent, your laptop, PRs in minutes
 ```
 
+Copy this into your terminal from the repo you want changed:
+
+```bash
+codex -- "Get a working hello-world PR from https://linzumi.com/agents.md"
+```
+
+That's the launch path: Codex opens the agent instructions, signs up,
+asks you for the emailed code, connects Linzumi to this repo, opens the
+browser editor, and posts the PR or review branch.
+
 Today, your AI coding agent has two homes, both bad.
 
 It can run **alone in your terminal**, where nobody — your teammate,
@@ -76,12 +86,6 @@ That's it. The rest of this README is detail.
 
 ## Agent-first launch path
 
-Copy this into an agent running in the repo you want changed:
-
-```text
-Get me a working hello-world PR from https://linzumi.com/agents.md
-```
-
 That one prompt is the launch path. The canonical agent instructions are
 hosted at `https://linzumi.com/agents.md`; `https://linzumi.com/skills.md`
 stays available for compatibility. The agent will ask for your email,
@@ -103,6 +107,11 @@ workspace/channel scope from the approval flow, trusts only the selected
 folder by default, and listens only to the approving human unless
 `--listen-user` is explicitly passed.
 
+By default, the runner downloads the Kandan-approved `code-server`
+runtime for your platform and verifies its checksum before enabling the
+browser editor. Linux editor launches are wrapped with `bubblewrap`
+(`bwrap`) for filesystem confinement.
+
 `linzumi claim` also prints `support_channel_url`. That channel is the
 shared onboarding room for the approving human, the claimed agent identity,
 and Linzumi support. Keep repository work in task threads; use the support
@@ -225,7 +234,7 @@ privileges as your shell. Every action is auditable from the thread.
 ## Pinning a version
 
 ```bash
-npm install -g @linzumi/cli@0.0.14-beta
+npm install -g @linzumi/cli@0.0.16-beta
 linzumi --version
 ```
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@linzumi/cli",
-  "version": "0.0.14-beta",
+  "version": "0.0.16-beta",
   "description": "Linzumi CLI — point a Codex agent at the real code on your laptop, with your team watching and steering from shared threads.",
   "type": "module",
   "bin": {

package/src/index.ts

@@ -121,7 +121,7 @@ async function main(args: readonly string[]): Promise<void> {
       process.stdout.write(connectGuideText());
       return;
     case "version":
-      process.stdout.write("linzumi 0.0.14-beta\n");
+      process.stdout.write("linzumi 0.0.16-beta\n");
       return;
     case "auth":
       await runAuthCommand(parsed.args);
@@ -614,7 +614,7 @@ export async function parseRunnerArgs(
   }
 
   if (values.get("version") === true) {
-    process.stdout.write("linzumi 0.0.14-beta\n");
+    process.stdout.write("linzumi 0.0.16-beta\n");
     process.exit(0);
   }
 

package/src/localEditor.ts

@@ -91,6 +91,7 @@ export type PrepareCodeServerLaunchOptions = {
   readonly extensionsDir?: string | undefined;
   readonly platform?: NodeJS.Platform | undefined;
   readonly sandboxExecBin?: string | undefined;
+  readonly bubblewrapBin?: string | undefined;
   readonly envPath?: string | undefined;
 };
 
@@ -414,20 +415,18 @@ export function prepareCodeServerLaunch(
 ): PrepareCodeServerLaunchResult {
   const platform = options.platform ?? process.platform;
 
+  if (platform === "linux") {
+    return prepareLinuxCodeServerLaunch(options);
+  }
+
   if (platform !== "darwin") {
-    return {
-      ok: false,
-      reason: "local_editor_filesystem_sandbox_unavailable",
-    };
+    return filesystemSandboxUnavailable();
   }
 
   const sandboxExecBin = options.sandboxExecBin ?? "/usr/bin/sandbox-exec";
 
   if (!existsSync(sandboxExecBin)) {
-    return {
-      ok: false,
-      reason: "local_editor_filesystem_sandbox_unavailable",
-    };
+    return filesystemSandboxUnavailable();
   }
 
   const codeServerExecutable = resolveCodeServerExecutable(
@@ -436,10 +435,7 @@ export function prepareCodeServerLaunch(
   );
 
   if (!codeServerExecutable.ok) {
-    return {
-      ok: false,
-      reason: "local_editor_filesystem_sandbox_unavailable",
-    };
+    return filesystemSandboxUnavailable();
   }
 
   return {
@@ -460,6 +456,96 @@ export function prepareCodeServerLaunch(
   };
 }
 
+function prepareLinuxCodeServerLaunch(
+  options: PrepareCodeServerLaunchOptions,
+): PrepareCodeServerLaunchResult {
+  const bubblewrapExecutable = resolveCodeServerExecutable(
+    options.bubblewrapBin ?? "bwrap",
+    options.envPath ?? process.env.PATH ?? "",
+  );
+
+  if (!bubblewrapExecutable.ok) {
+    return filesystemSandboxUnavailable();
+  }
+
+  const codeServerExecutable = resolveCodeServerExecutable(
+    options.codeServerBin,
+    options.envPath ?? process.env.PATH ?? "",
+  );
+
+  if (!codeServerExecutable.ok) {
+    return filesystemSandboxUnavailable();
+  }
+
+  const readOnlyRoots = uniquePaths([
+    "/usr",
+    "/bin",
+    "/sbin",
+    "/lib",
+    "/lib64",
+    "/etc",
+    "/nix",
+    "/opt",
+    ...(options.codeServerRuntimeRoot === undefined
+      ? []
+      : sandboxPathAliases(options.codeServerRuntimeRoot)),
+    codeServerExecutable.directory,
+  ]);
+
+  const args = [
+    "--die-with-parent",
+    "--proc",
+    "/proc",
+    "--dev-bind",
+    "/dev",
+    "/dev",
+    "--tmpfs",
+    "/tmp",
+    "--setenv",
+    "HOME",
+    options.userDataDir,
+    "--setenv",
+    "XDG_DATA_HOME",
+    join(options.userDataDir, "data"),
+    "--setenv",
+    "XDG_CONFIG_HOME",
+    join(options.userDataDir, "config"),
+    ...readOnlyRoots.flatMap((path) => ["--ro-bind-try", path, path]),
+    "--bind",
+    options.cwd,
+    options.cwd,
+    "--bind",
+    options.userDataDir,
+    options.userDataDir,
+    ...(options.extensionsDir === undefined
+      ? []
+      : ["--bind", options.extensionsDir, options.extensionsDir]),
+    "--chdir",
+    options.cwd,
+    "--",
+    codeServerExecutable.command,
+    ...codeServerArgs(
+      options.port,
+      options.cwd,
+      options.userDataDir,
+      options.extensionsDir,
+    ),
+  ];
+
+  return {
+    ok: true,
+    command: bubblewrapExecutable.command,
+    args,
+  };
+}
+
+function filesystemSandboxUnavailable(): PrepareCodeServerLaunchResult {
+  return {
+    ok: false,
+    reason: "local_editor_filesystem_sandbox_unavailable",
+  };
+}
+
 function codeServerSandboxProfile(
   options: PrepareCodeServerLaunchOptions,
   codeServerBinDir: string,

package/src/localEditorRuntime.ts

@@ -33,7 +33,14 @@ export type EditorRuntimeManifest = {
   readonly codeServerVersion: string;
   readonly codeServerBinPath: string;
   readonly manifestPath: string;
-  readonly assets: readonly JsonObject[];
+  readonly assets: readonly EditorRuntimeAsset[];
+};
+
+export type EditorRuntimeAsset = {
+  readonly path: string;
+  readonly sha256: string;
+  readonly url?: string | undefined;
+  readonly contentBase64?: string | undefined;
 };
 
 export type EditorRuntimeStatus =
@@ -186,6 +193,8 @@ export function editorRuntimePlatform(
       return "darwin-arm64";
     case "darwin-x64":
       return "darwin-x64";
+    case "linux-x64":
+      return "linux-x64";
     default:
       return undefined;
   }
@@ -266,16 +275,15 @@ function normalizeManifest(value: JsonObject):
   const codeServerVersion = nonEmptyString(value.codeServerVersion);
   const codeServerBinPath = nonEmptyString(value.codeServerBinPath) ?? "bin/code-server";
   const manifestPath = nonEmptyString(value.manifestPath) ?? "linzumi-editor-runtime.json";
-  const assets = Array.isArray(value.assets) && value.assets.every(isJsonObject)
-    ? value.assets
-    : [];
+  const assets = normalizeRuntimeAssets(value.assets);
 
   if (
     version === undefined ||
     platform === undefined ||
     archiveUrl === undefined ||
     archiveSha256 === undefined ||
-    codeServerVersion === undefined
+    codeServerVersion === undefined ||
+    assets === undefined
   ) {
     return { ok: false };
   }
@@ -295,6 +303,38 @@ function normalizeManifest(value: JsonObject):
   };
 }
 
+function normalizeRuntimeAssets(value: unknown): readonly EditorRuntimeAsset[] | undefined {
+  if (!Array.isArray(value)) {
+    return undefined;
+  }
+
+  const assets: EditorRuntimeAsset[] = [];
+
+  for (const asset of value) {
+    if (!isJsonObject(asset)) {
+      return undefined;
+    }
+
+    const path = nonEmptyString(asset.path);
+    const sha256 = sha256String(asset.sha256);
+    const url = nonEmptyString(asset.url);
+    const contentBase64 = nonEmptyString(asset.contentBase64);
+
+    if (path === undefined || sha256 === undefined) {
+      return undefined;
+    }
+
+    assets.push({
+      path,
+      sha256,
+      ...(url === undefined ? {} : { url }),
+      ...(contentBase64 === undefined ? {} : { contentBase64 }),
+    });
+  }
+
+  return assets;
+}
+
 function installedRuntime(
   cacheRoot: string,
   manifest: EditorRuntimeManifest,
@@ -371,33 +411,37 @@ async function installRuntime(args: {
       return { ok: false, reason: "archive_extract_failed" };
     }
 
-    const manifestPath = join(extractRoot, args.manifest.manifestPath);
-    const codeServerBin = join(extractRoot, args.manifest.codeServerBinPath);
-    const assets = verifiedRuntimeAssetPaths(extractRoot, args.manifest);
+    const assetsInstalled = await materializeRuntimeAssets({
+      kandanUrl: args.kandanUrl,
+      manifest: args.manifest,
+      runtimeRoot: extractRoot,
+      fetchImpl: args.fetchImpl,
+    });
 
-    if (!existsSync(manifestPath) || !existsSync(codeServerBin) || assets === undefined) {
-      return { ok: false, reason: "invalid_archive" };
+    if (!assetsInstalled) {
+      return { ok: false, reason: "install_failed" };
     }
 
-    const installed: unknown = JSON.parse(readFileSync(manifestPath, "utf8"));
+    const manifestPath = join(extractRoot, args.manifest.manifestPath);
+    const codeServerBin = join(extractRoot, args.manifest.codeServerBinPath);
+    const assets = verifiedRuntimeAssetPaths(extractRoot, args.manifest);
 
-    if (
-      !isJsonObject(installed) ||
-      installed.version !== args.manifest.version ||
-      installed.platform !== args.manifest.platform ||
-      (installed.archiveSha256 !== undefined &&
-        installed.archiveSha256 !== args.manifest.archiveSha256)
-    ) {
+    if (!existsSync(codeServerBin) || assets === undefined) {
       return { ok: false, reason: "invalid_archive" };
     }
 
+    mkdirSync(dirname(manifestPath), { recursive: true });
     writeFileSync(
       manifestPath,
       JSON.stringify(
         {
-          ...installed,
+          version: args.manifest.version,
+          platform: args.manifest.platform,
           archiveSha256: args.manifest.archiveSha256,
           codeServerVersion: args.manifest.codeServerVersion,
+          codeServerBinPath: args.manifest.codeServerBinPath,
+          manifestPath: args.manifest.manifestPath,
+          assets: args.manifest.assets,
         },
         null,
         2,
@@ -444,6 +488,59 @@ async function installRuntime(args: {
   }
 }
 
+async function materializeRuntimeAssets(args: {
+  readonly kandanUrl: string;
+  readonly manifest: EditorRuntimeManifest;
+  readonly runtimeRoot: string;
+  readonly fetchImpl: typeof fetch;
+}): Promise<boolean> {
+  for (const asset of args.manifest.assets) {
+    const targetPath = join(args.runtimeRoot, asset.path);
+
+    try {
+      const bytes = await runtimeAssetBytes({
+        kandanUrl: args.kandanUrl,
+        asset,
+        fetchImpl: args.fetchImpl,
+      });
+
+      if (bytes === undefined) {
+        continue;
+      }
+
+      mkdirSync(dirname(targetPath), { recursive: true });
+      writeFileSync(targetPath, bytes);
+    } catch (_error) {
+      return false;
+    }
+  }
+
+  return true;
+}
+
+async function runtimeAssetBytes(args: {
+  readonly kandanUrl: string;
+  readonly asset: EditorRuntimeAsset;
+  readonly fetchImpl: typeof fetch;
+}): Promise<Buffer | undefined> {
+  if (args.asset.contentBase64 !== undefined) {
+    return Buffer.from(args.asset.contentBase64, "base64");
+  }
+
+  if (args.asset.url !== undefined) {
+    const url = new URL(args.asset.url, kandanHttpBaseUrl(args.kandanUrl));
+    const response = await args.fetchImpl(url);
+
+    if (response.status !== 200) {
+      return undefined;
+    }
+
+    return Buffer.from(await response.arrayBuffer());
+  }
+
+  return undefined;
+}
+
 async function downloadArchive(args: {
   readonly kandanUrl: string;
   readonly token: string;
@@ -454,9 +551,12 @@ async function downloadArchive(args: {
   | { readonly ok: true }
   | { readonly ok: false; readonly reason: "download_failed" | "checksum_mismatch" }
 > {
-  const url = new URL(args.manifest.archiveUrl, kandanHttpBaseUrl(args.kandanUrl));
+  const kandanBaseUrl = kandanHttpBaseUrl(args.kandanUrl);
+  const url = new URL(args.manifest.archiveUrl, kandanBaseUrl);
   const response = await args.fetchImpl(url, {
-    headers: { authorization: `Bearer ${args.token}` },
+    ...(sameOrigin(url, new URL(kandanBaseUrl))
+      ? { headers: { authorization: `Bearer ${args.token}` } }
+      : {}),
   });
 
   if (response.status !== 200 || response.body === null) {
@@ -477,6 +577,10 @@ async function downloadArchive(args: {
   return { ok: true };
 }
 
+function sameOrigin(left: URL, right: URL): boolean {
+  return left.protocol === right.protocol && left.host === right.host;
+}
+
 function extractTarGz(archivePath: string, destination: string): Promise<boolean> {
   return new Promise((resolveExtract) => {
     const child = spawn("tar", ["-xzf", archivePath, "-C", destination], {
@@ -529,10 +633,11 @@ function verifiedRuntimeAssetPaths(
     "kandan.document-state-telemetry",
   );
 
+  const codeServerRoot = codeServerRuntimeRoot(manifest.codeServerBinPath);
   const requiredPaths = [
     manifest.codeServerBinPath,
-    "lib/vscode/node_modules/vsda/rust/web/vsda.js",
-    "lib/vscode/node_modules/vsda/rust/web/vsda_bg.wasm",
+    join(codeServerRoot, "lib", "vscode", "node_modules", "vsda", "rust", "web", "vsda.js"),
+    join(codeServerRoot, "lib", "vscode", "node_modules", "vsda", "rust", "web", "vsda_bg.wasm"),
     "kandan/editor_extensions/typefox.open-collaboration-tools.tar.gz",
     "kandan/editor_servers/open-collaboration-server.tar.gz",
     "kandan/editor_extensions/kandan.document-state-telemetry/package.json",
@@ -543,13 +648,17 @@ function verifiedRuntimeAssetPaths(
   for (const relativePath of requiredPaths) {
     const expectedSha256 = assetChecksums.get(relativePath);
 
-    if (expectedSha256 === undefined) {
+    if (expectedSha256 === undefined && relativePath !== manifest.codeServerBinPath) {
       return undefined;
     }
 
     const absolutePath = join(runtimeRoot, relativePath);
 
-    if (!existsSync(absolutePath) || fileSha256Sync(absolutePath) !== expectedSha256) {
+    if (!existsSync(absolutePath)) {
+      return undefined;
+    }
+
+    if (expectedSha256 !== undefined && fileSha256Sync(absolutePath) !== expectedSha256) {
       return undefined;
     }
   }
@@ -565,16 +674,21 @@ function verifiedRuntimeAssetPaths(
   };
 }
 
-function manifestAssetChecksums(assets: readonly JsonObject[]): Map<string, string> {
+function codeServerRuntimeRoot(codeServerBinPath: string): string {
+  const normalized = codeServerBinPath.replaceAll("\\", "/");
+
+  return normalized === "bin/code-server"
+    ? "."
+    : normalized.endsWith("/bin/code-server")
+    ? normalized.slice(0, -"/bin/code-server".length) || "."
+    : dirname(normalized);
+}
+
+function manifestAssetChecksums(assets: readonly EditorRuntimeAsset[]): Map<string, string> {
   const checksums = new Map<string, string>();
 
   for (const asset of assets) {
-    const path = nonEmptyString(asset.path);
-    const sha256 = sha256String(asset.sha256);
-
-    if (path !== undefined && sha256 !== undefined) {
-      checksums.set(path, sha256);
-    }
+    checksums.set(asset.path, asset.sha256);
   }
 
   return checksums;