@linzumi/cli 0.0.29-beta → 0.0.31-beta

package/README.md

@@ -46,8 +46,8 @@ Terms:
 - **Bootstrapper Codex**: the outer Codex started by the pasted command. It
   sets up Linzumi and local processes, but does not edit the demo app.
 - **Linzumi Commander**: the long-running local bridge started with
-  `linzumi commander`; it owns the secure tunnel, trusted folder, browser
-  editor, and inner Codex launch.
+  `linzumi commander`; it runs as the claimed human's Commander and owns the
+  secure tunnel, trusted folder, browser editor, and inner Codex launch.
 - **Linzumi Codex session**: the inner agent running inside the Linzumi thread;
   it edits `/tmp/hello_linzumi` and posts progress.
 - **Human**: the workspace owner who opens the one-time login link and watches
@@ -152,12 +152,12 @@ npx -y @linzumi/cli@latest commander daemon \
 npx -y @linzumi/cli@latest commander wait --runner-id "$commander_id" --timeout-ms 30000
 ```
 
-The agent-owned Commander reads `~/.linzumi/agent-token.json`, uses the
-workspace/channel scope from the approval flow, reads trusted folders from
-`~/.linzumi/config.json`, marks approved project directories trusted in
-Codex's normal project config so Codex does not stop for an interactive trust
-prompt, advertises the explicit preview port, and listens only to the
-approving human unless `--listen-user` is explicitly passed. Use a unique
+The human-owned Commander reads `~/.linzumi/agent-token.json`, uses the
+claimed human Commander token and workspace/channel scope from the approval
+flow, reads trusted folders from `~/.linzumi/config.json`, marks approved
+project directories trusted in Codex's normal project config so Codex does not
+stop for an interactive trust prompt, advertises the explicit preview port, and
+listens only to the approving human unless `--listen-user` is explicitly passed. Use a unique
 Commander id per launch. `linzumi commander daemon` writes a status record and
 log under `~/.linzumi/commanders`, and `linzumi commander wait` returns only
 after the Commander is connected.
@@ -293,7 +293,7 @@ intentionally. Every action is auditable from the thread.
 ## Pinning a version
 
 ```bash
-npm install -g @linzumi/cli@0.0.29-beta
+npm install -g @linzumi/cli@0.0.31-beta
 linzumi --version
 ```
 
@@ -316,7 +316,7 @@ linzumi connect \
 ### All the flags
 
 ```text
---agent-token-file <path>   Agent token cache for `linzumi commander`
+--agent-token-file <path>   Bootstrap token cache for `linzumi commander`
 --oauth-callback-host <ip>  Sign-in callback host your browser can reach
 --codex-bin <path>          Codex executable, default `codex`
 --model <name>              Model requested for Codex sessions and labelled in Linzumi

package/dist/index.js

@@ -6622,6 +6622,60 @@ async function openLocalCodexRunner(options, log, cleanup, close) {
     cleanup.actions.push(() => channelSession.close());
     kandan.onReconnect(() => channelSession.handleKandanReconnect());
   }
+  const dynamicChannelSessions = new Map;
+  cleanup.actions.push(async () => {
+    await Promise.all(Array.from(dynamicChannelSessions.values(), (session) => session.close()));
+    dynamicChannelSessions.clear();
+  });
+  const attachStartedThreadSession = async (control, cwd) => {
+    const workspaceSlug = normalizedWorkDescription(control.workspace);
+    const channelSlug = normalizedWorkDescription(control.channel);
+    const kandanThreadId = normalizedWorkDescription(control.threadId);
+    if (workspaceSlug === undefined || channelSlug === undefined || kandanThreadId === undefined || dynamicChannelSessions.has(kandanThreadId)) {
+      return;
+    }
+    const listenUser = options.channelSession?.listenUser ?? identityFromAccessToken(options.token).actorUsername;
+    if (listenUser === undefined) {
+      throw new Error("missing listen user for Commander-started Codex session");
+    }
+    const session = await attachChannelSession({
+      kandan,
+      codex,
+      topic,
+      instanceId,
+      options: {
+        token: options.token,
+        runnerId: options.runnerId,
+        cwd,
+        codexBin: options.codexBin,
+        fast: control.fast ?? options.fast,
+        launchTui: false,
+        enablePortForwardWatch: true,
+        initialForwardPorts: allowedForwardPorts,
+        suppressedForwardPorts: () => Array.from(managedForwardPorts),
+        onForwardPortApproved: (port) => {
+          liveForwardPorts.add(port);
+          return capabilitiesPayload();
+        },
+        onForwardPortRevoked: (port) => {
+          liveForwardPorts.delete(port);
+          return capabilitiesPayload();
+        },
+        channelSession: {
+          workspaceSlug,
+          channelSlug,
+          kandanThreadId,
+          listenUser,
+          model: control.model,
+          reasoningEffort: control.reasoningEffort,
+          sandbox: control.sandbox,
+          approvalPolicy: control.approvalPolicy
+        }
+      },
+      log
+    });
+    dynamicChannelSessions.set(kandanThreadId, session);
+  };
   const heartbeatPayload = () => ({
     instanceId,
     codexUrl,
@@ -6684,6 +6738,9 @@ async function openLocalCodexRunner(options, log, cleanup, close) {
       metadata
     });
     channelSession?.handleCodexNotification(notification.method, params);
+    for (const session of dynamicChannelSessions.values()) {
+      session.handleCodexNotification(notification.method, params);
+    }
   });
   const handleControl = (control) => {
     log("kandan.control", { control });
@@ -6777,11 +6834,11 @@ async function openLocalCodexRunner(options, log, cleanup, close) {
       pushHeartbeat();
       return;
     }
-    (channelSession?.handleControl(control) ?? Promise.resolve(undefined)).then((handled) => {
+    resolveSessionControl(channelSession, dynamicChannelSessions, control).then((handled) => {
       if (handled !== undefined) {
         return handled;
       }
-      return applyControl(codex, kandan, topic, instanceId, options, allowedCwds.value, control);
+      return applyControl(codex, kandan, topic, instanceId, options, allowedCwds.value, control, attachStartedThreadSession);
     }).then((response) => {
       return kandan.push(topic, "codex_response", response);
     }).catch((error) => {
@@ -6802,6 +6859,19 @@ async function openLocalCodexRunner(options, log, cleanup, close) {
 function controlTargetsInstance(control, instanceId) {
   return control.instanceId === undefined || control.instanceId === instanceId;
 }
+async function resolveSessionControl(channelSession, dynamicChannelSessions, control) {
+  const primaryHandled = await (channelSession?.handleControl(control) ?? Promise.resolve(undefined));
+  if (primaryHandled !== undefined) {
+    return primaryHandled;
+  }
+  for (const session of dynamicChannelSessions.values()) {
+    const handled = await session.handleControl(control);
+    if (handled !== undefined) {
+      return handled;
+    }
+  }
+  return;
+}
 async function closeCleanupStack(cleanup) {
   if (cleanup.closePromise !== undefined) {
     return cleanup.closePromise;
@@ -6916,7 +6986,7 @@ async function prepareCodexThreadForTuiResume(codex, codexThreadId) {
     throw new Error(`failed to verify Codex TUI resume: ${verified.error.message}`);
   }
 }
-async function applyControl(codex, kandan, topic, instanceId, options, allowedCwds, control) {
+async function applyControl(codex, kandan, topic, instanceId, options, allowedCwds, control, onStartedThread) {
   switch (control.type) {
     case "start_instance": {
       const cwd = resolveAllowedCwd(control.cwd, allowedCwds);
@@ -6949,7 +7019,10 @@ async function applyControl(codex, kandan, topic, instanceId, options, allowedCw
       const codexThreadId = extractStartedThreadId(response);
       const workDescription = normalizedWorkDescription(control.workDescription);
       if (codexThreadId !== undefined && developerPrompt !== undefined) {
-        await postVisibleDeveloperPrompt(kandan, topic, control, developerPrompt);
+        await postVisibleDeveloperPrompt(kandan, topic, control, developerPrompt, codexThreadId);
+      }
+      if (codexThreadId !== undefined && onStartedThread !== undefined) {
+        await onStartedThread(control, cwd.cwd);
       }
       if (codexThreadId !== undefined && workDescription !== undefined) {
         await codex.request("turn/start", {
@@ -7078,7 +7151,7 @@ work in the approved project folder, keep preview servers reachable through the
 secure tunnel, and keep the Linzumi thread truthful.
 </task_reminder>`;
 }
-async function postVisibleDeveloperPrompt(kandan, topic, control, developerPrompt) {
+async function postVisibleDeveloperPrompt(kandan, topic, control, developerPrompt, codexThreadId) {
   const workspace = normalizedWorkDescription(control.workspace);
   const channel = normalizedWorkDescription(control.channel);
   const threadId = normalizedWorkDescription(control.threadId);
@@ -7093,8 +7166,11 @@ async function postVisibleDeveloperPrompt(kandan, topic, control, developerPromp
 
 ${developerPrompt}`,
     payload: {
-      local_codex_runner: {
-        event_type: "codex_start_instructions"
+      metadata: {
+        local_codex_runner: {
+          event_type: "codex_start_instructions",
+          codex_thread_id: codexThreadId
+        }
       }
     },
     client_message_id: `codex-start-instructions-${threadId}`
@@ -7683,6 +7759,8 @@ async function runClaim(command, deps) {
   const tokenFile = {
     apiUrl: command.apiUrl,
     agentToken: requiredString(response, "agent_token"),
+    commanderToken: requiredString(response, "commander_token"),
+    commanderTokenExpiresInSeconds: numberValue2(response.commander_token_expires_in_seconds),
     agentId: requiredString(response, "agent_id"),
     workspaceId: requiredString(response, "workspace_id"),
     workspaceName: stringValue(response.workspace_name),
@@ -7696,7 +7774,7 @@ async function runClaim(command, deps) {
     cursors: {}
   };
   writeTokenFile(command.tokenFile, tokenFile, deps.writeTextFile);
-  deps.stdout.write(`Logged in as agent ${tokenFile.agentId}
+  deps.stdout.write(`Logged in as ${tokenFile.ownerUsername ?? "claimed user"}
 `);
   if (tokenFile.workspaceName !== undefined) {
     deps.stdout.write(`workspace_name: ${tokenFile.workspaceName}
@@ -7938,6 +8016,8 @@ function readStoredAgentTokenFile(path, readTextFile = readOptionalTextFile) {
   return {
     apiUrl: requiredString(parsed, "apiUrl"),
     agentToken: requiredString(parsed, "agentToken"),
+    commanderToken: requiredString(parsed, "commanderToken"),
+    commanderTokenExpiresInSeconds: numberValue2(parsed.commanderTokenExpiresInSeconds),
     agentId: requiredString(parsed, "agentId"),
     workspaceId: requiredString(parsed, "workspaceId"),
     workspaceName: stringValue(parsed.workspaceName),
@@ -8836,7 +8916,7 @@ async function main(args) {
       process.stdout.write(connectGuideText());
       return;
     case "version":
-      process.stdout.write(`linzumi 0.0.29-beta
+      process.stdout.write(`linzumi 0.0.31-beta
 `);
       return;
     case "auth":
@@ -9232,7 +9312,7 @@ async function parseAgentRunnerArgs(args, deps = {
   assertStartDependencies(initialDependencyStatus);
   const editorRuntime = await deps.resolveEditorRuntime({
     kandanUrl,
-    token: tokenFile.agentToken,
+    token: tokenFile.commanderToken,
     customCodeServerBin,
     fetchImpl: trustedFetch(kandanTlsTrustFromEnv())
   });
@@ -9245,7 +9325,7 @@ async function parseAgentRunnerArgs(args, deps = {
   assertStartDependencies(dependencyStatus);
   return {
     kandanUrl,
-    token: tokenFile.agentToken,
+    token: tokenFile.commanderToken,
     runnerId: stringValue3(values, "runner-id") ?? `agent-runner-${randomUUID3()}`,
     cwd,
     codexBin,
@@ -9276,9 +9356,15 @@ function readAgentTokenTextFile(path) {
   return existsSync10(path) ? readFileSync9(path, "utf8") : undefined;
 }
 function rejectAgentRunnerTargetingFlags(values) {
-  const unsupportedFlags = ["workspace", "channel", "token", "auth-file", "oauth-callback-host"].filter((flag) => values.has(flag));
+  const unsupportedFlags = [
+    "workspace",
+    "channel",
+    "token",
+    "auth-file",
+    "oauth-callback-host"
+  ].filter((flag) => values.has(flag));
   if (unsupportedFlags.length > 0) {
-    throw new Error(`linzumi commander uses the claimed agent token scope; remove ${unsupportedFlags.map((flag) => `--${flag}`).join(", ")}.`);
+    throw new Error(`linzumi commander uses the claimed human Commander token scope; remove ${unsupportedFlags.map((flag) => `--${flag}`).join(", ")}.`);
   }
 }
 function requiredStoredAgentChannel(channelId) {
@@ -9343,7 +9429,7 @@ async function parseRunnerArgs(args, deps = {
     process.exit(0);
   }
   if (values.get("version") === true) {
-    process.stdout.write(`linzumi 0.0.29-beta
+    process.stdout.write(`linzumi 0.0.31-beta
 `);
     process.exit(0);
   }
@@ -9770,7 +9856,7 @@ Usage:
   linzumi agent runner <folder> [options]
 
 What it does:
-  Starts this computer as the claimed agent's scoped Linzumi Commander. The command
+  Starts this computer as the claimed human's scoped Linzumi Commander. The command
   reads ~/.linzumi/agent-token.json, uses its workspace/channel scope, reads
   trusted folders from ~/.linzumi/config.json when no folder is passed, and
   listens only to the owning human recorded during claim unless --listen-user is

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@linzumi/cli",
-  "version": "0.0.29-beta",
+  "version": "0.0.31-beta",
   "description": "Linzumi CLI — point a Codex agent at the real code on your laptop, with your team watching and steering from shared threads.",
   "type": "module",
   "bin": {