@linzumi/cli 0.0.30-beta → 0.0.32-beta

package/README.md

@@ -46,8 +46,8 @@ Terms:
 - **Bootstrapper Codex**: the outer Codex started by the pasted command. It
   sets up Linzumi and local processes, but does not edit the demo app.
 - **Linzumi Commander**: the long-running local bridge started with
-  `linzumi commander`; it owns the secure tunnel, trusted folder, browser
-  editor, and inner Codex launch.
+  `linzumi commander`; it runs as the claimed human's Commander and owns the
+  secure tunnel, trusted folder, browser editor, and inner Codex launch.
 - **Linzumi Codex session**: the inner agent running inside the Linzumi thread;
   it edits `/tmp/hello_linzumi` and posts progress.
 - **Human**: the workspace owner who opens the one-time login link and watches
@@ -152,12 +152,12 @@ npx -y @linzumi/cli@latest commander daemon \
 npx -y @linzumi/cli@latest commander wait --runner-id "$commander_id" --timeout-ms 30000
 ```
 
-The agent-owned Commander reads `~/.linzumi/agent-token.json`, uses the
-workspace/channel scope from the approval flow, reads trusted folders from
-`~/.linzumi/config.json`, marks approved project directories trusted in
-Codex's normal project config so Codex does not stop for an interactive trust
-prompt, advertises the explicit preview port, and listens only to the
-approving human unless `--listen-user` is explicitly passed. Use a unique
+The human-owned Commander reads `~/.linzumi/agent-token.json`, uses the
+claimed human Commander token and workspace/channel scope from the approval
+flow, reads trusted folders from `~/.linzumi/config.json`, marks approved
+project directories trusted in Codex's normal project config so Codex does not
+stop for an interactive trust prompt, advertises the explicit preview port, and
+listens only to the approving human unless `--listen-user` is explicitly passed. Use a unique
 Commander id per launch. `linzumi commander daemon` writes a status record and
 log under `~/.linzumi/commanders`, and `linzumi commander wait` returns only
 after the Commander is connected.
@@ -293,7 +293,7 @@ intentionally. Every action is auditable from the thread.
 ## Pinning a version
 
 ```bash
-npm install -g @linzumi/cli@0.0.30-beta
+npm install -g @linzumi/cli@0.0.32-beta
 linzumi --version
 ```
 
@@ -316,7 +316,7 @@ linzumi connect \
 ### All the flags
 
 ```text
---agent-token-file <path>   Agent token cache for `linzumi commander`
+--agent-token-file <path>   Bootstrap token cache for `linzumi commander`
 --oauth-callback-host <ip>  Sign-in callback host your browser can reach
 --codex-bin <path>          Codex executable, default `codex`
 --model <name>              Model requested for Codex sessions and labelled in Linzumi

package/dist/index.js

@@ -1382,6 +1382,9 @@ function reviewPortForwardCandidate(options) {
   if (options.suppressedPorts?.has(options.candidate.port) === true) {
     return { type: "skip", reason: "suppressed_port" };
   }
+  if (isInternalCodexProcess(options.candidate)) {
+    return { type: "skip", reason: "internal_codex_process" };
+  }
   const dismissedTarget = options.dismissedTargets?.get(options.candidate.port);
   if (dismissedTarget !== undefined && sameDismissedPortForwardTarget(dismissedTarget, options.candidate)) {
     return { type: "skip", reason: "recently_dismissed" };
@@ -1467,6 +1470,9 @@ function revocationCapabilities(capabilities, port) {
 function sameDismissedPortForwardTarget(left, right) {
   return left.port === right.port && left.command === right.command && left.cwd === right.cwd;
 }
+function isInternalCodexProcess(candidate) {
+  return commandLabel(candidate.command) === "codex";
+}
 
 // src/channelSession.ts
 var codexTypingHeartbeatMs = 5000;
@@ -7759,6 +7765,8 @@ async function runClaim(command, deps) {
   const tokenFile = {
     apiUrl: command.apiUrl,
     agentToken: requiredString(response, "agent_token"),
+    commanderToken: requiredString(response, "commander_token"),
+    commanderTokenExpiresInSeconds: numberValue2(response.commander_token_expires_in_seconds),
     agentId: requiredString(response, "agent_id"),
     workspaceId: requiredString(response, "workspace_id"),
     workspaceName: stringValue(response.workspace_name),
@@ -7772,7 +7780,7 @@ async function runClaim(command, deps) {
     cursors: {}
   };
   writeTokenFile(command.tokenFile, tokenFile, deps.writeTextFile);
-  deps.stdout.write(`Logged in as agent ${tokenFile.agentId}
+  deps.stdout.write(`Logged in as ${tokenFile.ownerUsername ?? "claimed user"}
 `);
   if (tokenFile.workspaceName !== undefined) {
     deps.stdout.write(`workspace_name: ${tokenFile.workspaceName}
@@ -8014,6 +8022,8 @@ function readStoredAgentTokenFile(path, readTextFile = readOptionalTextFile) {
   return {
     apiUrl: requiredString(parsed, "apiUrl"),
     agentToken: requiredString(parsed, "agentToken"),
+    commanderToken: requiredString(parsed, "commanderToken"),
+    commanderTokenExpiresInSeconds: numberValue2(parsed.commanderTokenExpiresInSeconds),
     agentId: requiredString(parsed, "agentId"),
     workspaceId: requiredString(parsed, "workspaceId"),
     workspaceName: stringValue(parsed.workspaceName),
@@ -8912,7 +8922,7 @@ async function main(args) {
       process.stdout.write(connectGuideText());
       return;
     case "version":
-      process.stdout.write(`linzumi 0.0.30-beta
+      process.stdout.write(`linzumi 0.0.32-beta
 `);
       return;
     case "auth":
@@ -9308,7 +9318,7 @@ async function parseAgentRunnerArgs(args, deps = {
   assertStartDependencies(initialDependencyStatus);
   const editorRuntime = await deps.resolveEditorRuntime({
     kandanUrl,
-    token: tokenFile.agentToken,
+    token: tokenFile.commanderToken,
     customCodeServerBin,
     fetchImpl: trustedFetch(kandanTlsTrustFromEnv())
   });
@@ -9321,7 +9331,7 @@ async function parseAgentRunnerArgs(args, deps = {
   assertStartDependencies(dependencyStatus);
   return {
     kandanUrl,
-    token: tokenFile.agentToken,
+    token: tokenFile.commanderToken,
     runnerId: stringValue3(values, "runner-id") ?? `agent-runner-${randomUUID3()}`,
     cwd,
     codexBin,
@@ -9352,9 +9362,15 @@ function readAgentTokenTextFile(path) {
   return existsSync10(path) ? readFileSync9(path, "utf8") : undefined;
 }
 function rejectAgentRunnerTargetingFlags(values) {
-  const unsupportedFlags = ["workspace", "channel", "token", "auth-file", "oauth-callback-host"].filter((flag) => values.has(flag));
+  const unsupportedFlags = [
+    "workspace",
+    "channel",
+    "token",
+    "auth-file",
+    "oauth-callback-host"
+  ].filter((flag) => values.has(flag));
   if (unsupportedFlags.length > 0) {
-    throw new Error(`linzumi commander uses the claimed agent token scope; remove ${unsupportedFlags.map((flag) => `--${flag}`).join(", ")}.`);
+    throw new Error(`linzumi commander uses the claimed human Commander token scope; remove ${unsupportedFlags.map((flag) => `--${flag}`).join(", ")}.`);
   }
 }
 function requiredStoredAgentChannel(channelId) {
@@ -9419,7 +9435,7 @@ async function parseRunnerArgs(args, deps = {
     process.exit(0);
   }
   if (values.get("version") === true) {
-    process.stdout.write(`linzumi 0.0.30-beta
+    process.stdout.write(`linzumi 0.0.32-beta
 `);
     process.exit(0);
   }
@@ -9846,7 +9862,7 @@ Usage:
   linzumi agent runner <folder> [options]
 
 What it does:
-  Starts this computer as the claimed agent's scoped Linzumi Commander. The command
+  Starts this computer as the claimed human's scoped Linzumi Commander. The command
   reads ~/.linzumi/agent-token.json, uses its workspace/channel scope, reads
   trusted folders from ~/.linzumi/config.json when no folder is passed, and
   listens only to the owning human recorded during claim unless --listen-user is

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@linzumi/cli",
-  "version": "0.0.30-beta",
+  "version": "0.0.32-beta",
   "description": "Linzumi CLI — point a Codex agent at the real code on your laptop, with your team watching and steering from shared threads.",
   "type": "module",
   "bin": {