@linzumi/cli 0.0.55-beta → 0.0.57-beta

package/README.md

@@ -62,7 +62,7 @@ Install the CLI or run it with `npx`:
 ```bash
 npm install -g @linzumi/cli@latest
 npx -y @linzumi/cli@latest signup
-npx -y @linzumi/cli@0.0.55-beta --version
+npx -y @linzumi/cli@0.0.57-beta --version
 linzumi --version
 ```
 

package/dist/index.js

@@ -11028,7 +11028,6 @@ var require_lib3 = __commonJS({
 });
 
 // src/index.ts
-import { randomUUID as randomUUID5 } from "node:crypto";
 import { existsSync as existsSync12, readFileSync as readFileSync13, realpathSync as realpathSync6 } from "node:fs";
 import { homedir as homedir10 } from "node:os";
 import { resolve as resolve10 } from "node:path";
@@ -18203,8 +18202,8 @@ function pathLooksAbsolute(pathValue) {
 }
 
 // src/localForwarding.ts
+import { connect as connectTcp } from "node:net";
 import { gzipSync } from "node:zlib";
-import NodeWebSocket from "ws";
 var maxForwardBodyBytes = 64 * 1024 * 1024;
 var gzipForwardThresholdBytes = 32 * 1024;
 async function handleForwardHttpRequest(control, allowedPorts) {
@@ -18261,21 +18260,21 @@ async function handleForwardHttpRequest(control, allowedPorts) {
 function isForwardHttpRequestControl(control) {
   return control.type === "forward_http_request";
 }
-function isForwardWebSocketControl(control) {
-  return control.type === "forward_websocket_open" || control.type === "forward_websocket_send" || control.type === "forward_websocket_close";
+function isForwardTcpControl(control) {
+  return control.type === "forward_tcp_open" || control.type === "forward_tcp_send" || control.type === "forward_tcp_close";
 }
-function createForwardWebSocketManager(kandan, topic, allowedPorts, socketFactory = defaultForwardWebSocketFactory) {
+function createForwardTcpManager(kandan, topic, allowedPorts, socketFactory = defaultForwardTcpFactory) {
   const sockets = /* @__PURE__ */ new Map();
-  const pushEvent = (payload) => kandan.push(topic, "forward:websocket_event", payload).catch(() => void 0);
+  const pushEvent = (payload) => kandan.push(topic, "forward:tcp_event", payload).catch(() => void 0);
   const closeSocket = (socketId) => {
     const stream = sockets.get(socketId);
     sockets.delete(socketId);
-    stream?.socket.close();
+    stream?.socket.end();
   };
   return {
     handle: (control) => {
       switch (control.type) {
-        case "forward_websocket_open": {
+        case "forward_tcp_open": {
           if (!allowedPorts().includes(control.port)) {
             void pushEvent({
               socketId: control.socketId,
@@ -18284,32 +18283,70 @@ function createForwardWebSocketManager(kandan, topic, allowedPorts, socketFactor
             });
             return;
           }
-          openLocalWebSocket(control, sockets, pushEvent, socketFactory, "ws");
+          const previous = sockets.get(control.socketId);
+          previous?.socket.destroy();
+          const socket = socketFactory(control.port);
+          sockets.set(control.socketId, { socket });
+          socket.on("connect", () => {
+            if (!currentTcpSocket(sockets, control.socketId, socket)) {
+              return;
+            }
+            void pushEvent({ socketId: control.socketId, type: "open" });
+          });
+          socket.on("data", (data) => {
+            if (!currentTcpSocket(sockets, control.socketId, socket) || !(data instanceof Uint8Array)) {
+              return;
+            }
+            void pushEvent({
+              socketId: control.socketId,
+              type: "data",
+              bodyBase64: Buffer.from(data).toString("base64")
+            });
+          });
+          socket.on("close", () => {
+            if (!currentTcpSocket(sockets, control.socketId, socket)) {
+              return;
+            }
+            sockets.delete(control.socketId);
+            void pushEvent({ socketId: control.socketId, type: "close" });
+          });
+          socket.on("error", () => {
+            if (!currentTcpSocket(sockets, control.socketId, socket)) {
+              return;
+            }
+            sockets.delete(control.socketId);
+            void pushEvent({
+              socketId: control.socketId,
+              type: "error",
+              error: "forward_target_unavailable"
+            });
+            socket.destroy();
+          });
           return;
         }
-        case "forward_websocket_send": {
+        case "forward_tcp_send": {
           const stream = sockets.get(control.socketId);
-          if (stream === void 0 || stream.socket.readyState !== WebSocket.OPEN) {
+          const body = decodeBase64Body(control.bodyBase64);
+          if (body === void 0) {
             void pushEvent({
               socketId: control.socketId,
               type: "error",
-              error: "websocket_not_open"
+              error: "invalid_forward_request"
             });
             return;
           }
-          const body = Buffer.from(control.bodyBase64, "base64");
-          switch (control.opcode) {
-            case "text":
-              stream.socket.send(body.toString());
-              return;
-            case "binary":
-            case "ping":
-            case "pong":
-              stream.socket.send(body);
-              return;
+          if (stream === void 0 || stream.socket.destroyed === true || stream.socket.writable === false) {
+            void pushEvent({
+              socketId: control.socketId,
+              type: "error",
+              error: "tcp_socket_not_open"
+            });
+            return;
           }
+          stream.socket.write(body);
+          return;
         }
-        case "forward_websocket_close":
+        case "forward_tcp_close":
           closeSocket(control.socketId);
           return;
       }
@@ -18321,105 +18358,11 @@ function createForwardWebSocketManager(kandan, topic, allowedPorts, socketFactor
     }
   };
 }
-function openLocalWebSocket(control, sockets, pushEvent, socketFactory, scheme) {
-  let opened = false;
-  const url = localForwardWebSocketUrl(
-    scheme,
-    control.port,
-    control.path,
-    control.queryString
-  );
-  const protocols = webSocketProtocols(control.headers);
-  const headers = webSocketHeaders(control.headers);
-  const websocket = socketFactory(url, protocols, headers);
-  websocket.binaryType = "arraybuffer";
-  const previousStream = sockets.get(control.socketId);
-  previousStream?.socket.close();
-  sockets.set(control.socketId, { socket: websocket });
-  websocket.addEventListener("open", () => {
-    if (!currentWebSocket(sockets, control.socketId, websocket)) {
-      return;
-    }
-    opened = true;
-    void pushEvent({ socketId: control.socketId, type: "open" });
-  });
-  websocket.addEventListener("message", (event) => {
-    if (!currentWebSocket(sockets, control.socketId, websocket)) {
-      return;
-    }
-    const body = typeof event.data === "string" ? Buffer.from(event.data) : Buffer.from(event.data);
-    void pushEvent({
-      socketId: control.socketId,
-      type: "message",
-      opcode: typeof event.data === "string" ? "text" : "binary",
-      bodyBase64: body.toString("base64")
-    });
-  });
-  websocket.addEventListener("close", (event) => {
-    if (!currentWebSocket(sockets, control.socketId, websocket)) {
-      return;
-    }
-    sockets.delete(control.socketId);
-    void pushEvent({
-      socketId: control.socketId,
-      type: "close",
-      code: event.code,
-      reason: event.reason
-    });
-  });
-  websocket.addEventListener("error", () => {
-    if (!currentWebSocket(sockets, control.socketId, websocket)) {
-      return;
-    }
-    sockets.delete(control.socketId);
-    if (!opened && scheme === "ws") {
-      openLocalWebSocket(control, sockets, pushEvent, socketFactory, "wss");
-      return;
-    }
-    void pushEvent({
-      socketId: control.socketId,
-      type: "error",
-      error: "websocket_error",
-      attemptedScheme: scheme
-    });
-  });
-}
-function defaultForwardWebSocketFactory(url, protocols, headers) {
-  if (headers === void 0) {
-    return protocols === void 0 ? new WebSocket(url) : new WebSocket(url, protocols);
-  }
-  const options = { headers };
-  return protocols === void 0 ? new NodeWebSocket(url, options) : new NodeWebSocket(url, protocols, options);
-}
-function currentWebSocket(sockets, socketId, socket) {
+function currentTcpSocket(sockets, socketId, socket) {
   return sockets.get(socketId)?.socket === socket;
 }
-function webSocketProtocols(headers) {
-  if (!Array.isArray(headers)) {
-    return void 0;
-  }
-  const protocols = headers.flatMap((header) => {
-    if (!isWireHeader(header) || header.name.toLowerCase() !== "sec-websocket-protocol") {
-      return [];
-    }
-    return header.value.split(",").map((protocol) => protocol.trim()).filter((protocol) => protocol !== "");
-  });
-  return protocols.length === 0 ? void 0 : protocols;
-}
-function webSocketHeaders(headers) {
-  if (!Array.isArray(headers)) {
-    return void 0;
-  }
-  const forwarded = headers.reduce((acc, header) => {
-    if (isOctWebSocketHeader(header)) {
-      acc[header.name] = header.value;
-    }
-    return acc;
-  }, {});
-  return Object.keys(forwarded).length === 0 ? void 0 : forwarded;
-}
-function isOctWebSocketHeader(value) {
-  return isHeader(value) && value.name.toLowerCase().startsWith("x-oct-");
+function defaultForwardTcpFactory(port) {
+  return connectTcp({ host: "127.0.0.1", port });
 }
 function localForwardUrl(scheme, port, path2, queryString) {
   const normalizedPath = path2.startsWith("/") ? path2 : `/${path2}`;
@@ -18429,12 +18372,6 @@ function localForwardUrl(scheme, port, path2, queryString) {
   }
   return url.toString();
 }
-function localForwardWebSocketUrl(scheme, port, path2, queryString) {
-  const httpScheme = scheme === "ws" ? "http" : "https";
-  const url = new URL(localForwardUrl(httpScheme, port, path2, queryString));
-  url.protocol = `${scheme}:`;
-  return url.toString();
-}
 async function fetchWithHttpsFallback(port, path2, queryString, request) {
   try {
     return await fetch(
@@ -20862,6 +20799,37 @@ function ensureLocalMachineIdForLinzumiUrl(linzumiUrl, path2 = localConfigPath()
   writeLocalConfigSection({ ...latestConfig, machineId }, path2, linzumiUrl);
   return machineId;
 }
+function ensureLocalRunnerIdForLinzumiUrl(linzumiUrl, path2 = localConfigPath(), createRunnerId = defaultLocalRunnerId) {
+  if (localConfigScopeKey(linzumiUrl) === prodConfigScope) {
+    return ensureLocalRunnerId(path2, createRunnerId);
+  }
+  const config = readLocalConfigForLinzumiUrl(linzumiUrl, path2);
+  if (config.runnerId !== void 0) {
+    return config.runnerId;
+  }
+  const runnerId = ensureLocalRunnerIdSeed(path2, createRunnerId, linzumiUrl);
+  const latestConfig = readLocalConfigForLinzumiUrl(linzumiUrl, path2);
+  const latestRunnerId = latestConfig.runnerId;
+  if (latestRunnerId !== void 0) {
+    return latestRunnerId;
+  }
+  writeLocalConfigSection({ ...latestConfig, runnerId }, path2, linzumiUrl);
+  return runnerId;
+}
+function ensureLocalRunnerId(path2 = localConfigPath(), createRunnerId = defaultLocalRunnerId) {
+  const config = readLocalConfig(path2);
+  if (config.runnerId !== void 0) {
+    return config.runnerId;
+  }
+  const runnerId = ensureLocalRunnerIdSeed(path2, createRunnerId);
+  const latestConfig = readLocalConfig(path2);
+  const latestRunnerId = latestConfig.runnerId;
+  if (latestRunnerId !== void 0) {
+    return latestRunnerId;
+  }
+  writeLocalConfig({ ...latestConfig, runnerId }, path2);
+  return runnerId;
+}
 function localMachineIdSeedPath(configPath = localConfigPath(), linzumiUrl) {
   if (linzumiUrl !== void 0 && localConfigScopeKey(linzumiUrl) !== prodConfigScope) {
     return join6(
@@ -20871,6 +20839,15 @@ function localMachineIdSeedPath(configPath = localConfigPath(), linzumiUrl) {
   }
   return join6(dirname4(configPath), `${basename4(configPath)}.machine-id`);
 }
+function localRunnerIdSeedPath(configPath = localConfigPath(), linzumiUrl) {
+  if (linzumiUrl !== void 0 && localConfigScopeKey(linzumiUrl) !== prodConfigScope) {
+    return join6(
+      dirname4(configPath),
+      `${basename4(configPath)}.${localConfigScopeFileStem(linzumiUrl)}.runner-id`
+    );
+  }
+  return join6(dirname4(configPath), `${basename4(configPath)}.runner-id`);
+}
 function readConfiguredAllowedCwdDetailsForLinzumiUrl(linzumiUrl, path2 = localConfigPath()) {
   return readConfiguredAllowedCwdDetailsFromConfig(
     readLocalConfigForLinzumiUrl(linzumiUrl, path2)
@@ -21033,7 +21010,12 @@ function readLocalConfigSection(path2, linzumiUrl) {
     throw new Error(`invalid Linzumi config section ${scopeKey}: ${path2}`);
   }
   const allowedCwds = uniqueStrings(section.allowedCwds);
-  return section.machineId === void 0 ? { version: 1, allowedCwds } : { version: 1, machineId: section.machineId, allowedCwds };
+  return {
+    version: 1,
+    ...section.machineId === void 0 ? {} : { machineId: section.machineId },
+    ...section.runnerId === void 0 ? {} : { runnerId: section.runnerId },
+    allowedCwds
+  };
 }
 function writeLocalConfigSection(config, path2, linzumiUrl) {
   const scopeKey = linzumiUrl === void 0 ? prodConfigScope : localConfigScopeKey(linzumiUrl);
@@ -21050,7 +21032,7 @@ function isConfigPayload(value) {
   return typeof value === "object" && value !== null && value.version === 1 && isConfigSection(value);
 }
 function isConfigSection(value) {
-  return typeof value === "object" && value !== null && Array.isArray(value.allowedCwds) && machineIdValid(value.machineId) && value.allowedCwds.every(
+  return typeof value === "object" && value !== null && Array.isArray(value.allowedCwds) && machineIdValid(value.machineId) && runnerIdValid(value.runnerId) && value.allowedCwds.every(
     (cwd) => typeof cwd === "string" && cwd.trim() !== ""
   );
 }
@@ -21092,7 +21074,11 @@ function normalizedConfigSection(config) {
     throw new Error("invalid Linzumi config");
   }
   const allowedCwds = uniqueStrings(config.allowedCwds);
-  return config.machineId === void 0 ? { allowedCwds } : { machineId: config.machineId, allowedCwds };
+  return {
+    ...config.machineId === void 0 ? {} : { machineId: config.machineId },
+    ...config.runnerId === void 0 ? {} : { runnerId: config.runnerId },
+    allowedCwds
+  };
 }
 function emptySection() {
   return { allowedCwds: [] };
@@ -21102,6 +21088,9 @@ function machineIdValid(value) {
     value
   );
 }
+function runnerIdValid(value) {
+  return value === void 0 || typeof value === "string" && /^[a-zA-Z0-9_.-]+$/.test(value);
+}
 function ensureLocalMachineIdSeed(configPath, createMachineId, linzumiUrl) {
   const seedPath = localMachineIdSeedPath(configPath, linzumiUrl);
   if (existsSync4(seedPath)) {
@@ -21130,6 +21119,34 @@ function ensureLocalMachineIdSeed(configPath, createMachineId, linzumiUrl) {
     unlinkSync(tempPath);
   }
 }
+function ensureLocalRunnerIdSeed(configPath, createRunnerId, linzumiUrl) {
+  const seedPath = localRunnerIdSeedPath(configPath, linzumiUrl);
+  if (existsSync4(seedPath)) {
+    return readRunnerIdSeed(seedPath);
+  }
+  const runnerId = createRunnerId();
+  if (!runnerIdValid(runnerId)) {
+    throw new Error(`invalid generated Linzumi runner id: ${runnerId}`);
+  }
+  mkdirSync5(dirname4(seedPath), { recursive: true });
+  const tempPath = join6(
+    dirname4(seedPath),
+    `.${basename4(seedPath)}.${process.pid}.${randomUUID2()}.tmp`
+  );
+  writeFileSync4(tempPath, `${runnerId}
+`, { encoding: "utf8", flag: "wx" });
+  try {
+    linkSync(tempPath, seedPath);
+    return runnerId;
+  } catch (error) {
+    if (isNodeErrorCode(error, "EEXIST")) {
+      return readRunnerIdSeed(seedPath);
+    }
+    throw error;
+  } finally {
+    unlinkSync(tempPath);
+  }
+}
 function readMachineIdSeed(seedPath) {
   const machineId = readFileSync4(seedPath, "utf8").trim();
   if (!machineIdValid(machineId)) {
@@ -21137,6 +21154,16 @@ function readMachineIdSeed(seedPath) {
   }
   return machineId;
 }
+function readRunnerIdSeed(seedPath) {
+  const runnerId = readFileSync4(seedPath, "utf8").trim();
+  if (!runnerIdValid(runnerId)) {
+    throw new Error(`invalid Linzumi runner id seed: ${seedPath}`);
+  }
+  return runnerId;
+}
+function defaultLocalRunnerId() {
+  return `runner-${randomUUID2()}`;
+}
 function uniqueStrings(values) {
   return [
     ...new Set(
@@ -21159,7 +21186,7 @@ function realpathOrResolved(pathValue) {
 }
 
 // src/version.ts
-var linzumiCliVersion = "0.0.55-beta";
+var linzumiCliVersion = "0.0.57-beta";
 var linzumiCliVersionText = `linzumi ${linzumiCliVersion}`;
 
 // src/runnerLock.ts
@@ -21665,6 +21692,7 @@ async function openLocalCodexRunner(options, log, cleanup, close) {
       allowedCwds.value
     ),
     portForwarding: liveForwardPorts.size > 0,
+    tcpForwarding: true,
     allowedPorts: Array.from(liveForwardPorts).sort(
       (left, right) => left - right
     ),
@@ -22013,64 +22041,6 @@ async function openLocalCodexRunner(options, log, cleanup, close) {
   cleanup.actions.push(() => codex.close());
   const seq = { value: 0 };
   const discoveredCodexThreads = { value: [] };
-  const lastReportedDiscoveryFailure = { value: void 0 };
-  const reportClientError = async (args) => {
-    await kandan.push(topic, "client_error_report", {
-      id: `client-error-${randomUUID3()}`,
-      severity: args.severity ?? "error",
-      code: args.code,
-      operation: args.operation,
-      message: args.message,
-      occurredAt: (/* @__PURE__ */ new Date()).toISOString(),
-      instanceId,
-      clientId,
-      runnerId: options.runnerId,
-      hostname: runnerHost,
-      cwd: options.cwd,
-      codexUrl,
-      workspace: runnerWorkspaceSlug(options) ?? null,
-      channel: options.channelSession?.channelSlug ?? null,
-      cliVersion: linzumiCliVersion,
-      details: args.details ?? {}
-    }).catch((error) => {
-      log("kandan.client_error_report_push_failed", {
-        code: args.code,
-        operation: args.operation,
-        message: error instanceof Error ? error.message : String(error)
-      });
-    });
-  };
-  const loadDiscoveredCodexThreads = async (phase) => {
-    try {
-      const threads = await discoverCodexThreads(codex, options.cwd);
-      lastReportedDiscoveryFailure.value = void 0;
-      return threads;
-    } catch (error) {
-      const message = error instanceof Error ? error.message : String(error);
-      const signature = `codex_thread_discovery_failed:${message}`;
-      log("codex.thread_discovery_failed", {
-        phase,
-        message
-      });
-      if (lastReportedDiscoveryFailure.value !== signature) {
-        lastReportedDiscoveryFailure.value = signature;
-        await reportClientError({
-          code: "codex_thread_discovery_failed",
-          operation: "codex_thread_discovery",
-          message,
-          details: {
-            phase,
-            codexUrl,
-            cwd: options.cwd
-          }
-        });
-      }
-      return discoveredCodexThreads.value;
-    }
-  };
-  if (options.channelSession === void 0) {
-    discoveredCodexThreads.value = await loadDiscoveredCodexThreads("initial");
-  }
   const runtimeDefaults = runnerRuntimeDefaults(options);
   const instancePayload = {
     instanceId,
@@ -22229,24 +22199,18 @@ async function openLocalCodexRunner(options, log, cleanup, close) {
       message: error instanceof Error ? error.message : String(error)
     });
   });
-  const refreshDiscoveredCodexThreads = async (phase) => {
-    discoveredCodexThreads.value = await loadDiscoveredCodexThreads(phase);
-    await pushHeartbeat();
-  };
   const heartbeatInterval = setInterval(() => {
-    void (channelSession === void 0 ? refreshDiscoveredCodexThreads("heartbeat") : pushHeartbeat());
+    void pushHeartbeat();
   }, 15e3);
   cleanup.actions.push(() => clearInterval(heartbeatInterval));
-  kandan.onReconnect(
-    () => channelSession === void 0 ? refreshDiscoveredCodexThreads("reconnect").then(() => void 0) : pushHeartbeat().then(() => void 0)
-  );
+  kandan.onReconnect(() => pushHeartbeat().then(() => void 0));
   void pushHeartbeat();
-  const forwardWebSockets = createForwardWebSocketManager(
+  const forwardTcp = createForwardTcpManager(
     kandan,
     topic,
     () => Array.from(liveForwardPorts)
   );
-  cleanup.actions.push(() => forwardWebSockets.close());
+  cleanup.actions.push(() => forwardTcp.close());
   const channelCodexThreadId = channelSession?.currentCodexThreadId();
   if (options.launchTui && channelCodexThreadId !== void 0) {
     await prepareCodexThreadForTuiResume(codex, channelCodexThreadId);
@@ -22282,9 +22246,6 @@ async function openLocalCodexRunner(options, log, cleanup, close) {
         });
       });
     }
-    if (channelSession === void 0 && notification.method === "thread/started") {
-      void refreshDiscoveredCodexThreads("thread_started");
-    }
     log("codex.notification", {
       method: notification.method,
       metadata
@@ -22343,8 +22304,8 @@ async function openLocalCodexRunner(options, log, cleanup, close) {
       });
       return;
     }
-    if (isForwardWebSocketControl(control)) {
-      forwardWebSockets.handle(control);
+    if (isForwardTcpControl(control)) {
+      forwardTcp.handle(control);
       return;
     }
     if (isStartLocalEditorControl(control)) {
@@ -22548,99 +22509,6 @@ async function closeCleanupStack(cleanup) {
   })();
   return cleanup.closePromise;
 }
-async function discoverCodexThreads(codex, _cwd) {
-  const response = await codex.request("thread/list", {
-    limit: CODEX_THREAD_DISCOVERY_LIMIT,
-    sortKey: "updated_at",
-    sortDirection: "desc",
-    archived: false,
-    useStateDbOnly: true
-  });
-  if ("error" in response) {
-    throw new Error(`thread/list failed: ${response.error.message}`);
-  }
-  const result = objectValue(response.result);
-  const data = arrayValue(result?.data)?.filter(isJsonObject) ?? [];
-  const rowsById = /* @__PURE__ */ new Map();
-  for (const thread of data.slice(0, CODEX_THREAD_DISCOVERY_LIMIT)) {
-    const row = codexThreadHistoryRow(thread, false);
-    const id = stringValue(objectValue(row)?.id);
-    if (id !== void 0 && id !== "" && !rowsById.has(id)) {
-      rowsById.set(id, row);
-    }
-  }
-  return Array.from(rowsById.values()).sort(compareCodexThreadHistoryRows);
-}
-var CODEX_THREAD_DISCOVERY_LIMIT = 50;
-var CODEX_THREAD_TITLE_FIELD_LIMIT = 500;
-var CODEX_THREAD_TEXT_FIELD_LIMIT = 2e3;
-var CODEX_THREAD_PATH_FIELD_LIMIT = 1e3;
-function codexThreadHistoryRow(thread, archived) {
-  const gitInfo = objectValue(thread.gitInfo);
-  const preview = codexThreadText(thread.preview, CODEX_THREAD_TEXT_FIELD_LIMIT).replace(/\s+/g, " ").trim();
-  const name = codexThreadText(thread.name, CODEX_THREAD_TITLE_FIELD_LIMIT);
-  const directTitle = codexThreadText(
-    thread.title,
-    CODEX_THREAD_TITLE_FIELD_LIMIT
-  );
-  const title = directTitle === "" ? name === "" ? preview : name : directTitle;
-  const description = codexThreadText(thread.description, CODEX_THREAD_TEXT_FIELD_LIMIT) || codexThreadText(thread.summary, CODEX_THREAD_TEXT_FIELD_LIMIT) || preview;
-  return {
-    id: codexThreadText(thread.id, CODEX_THREAD_PATH_FIELD_LIMIT),
-    title: title ?? "",
-    description: description ?? "",
-    preview,
-    cwd: codexThreadText(thread.cwd, CODEX_THREAD_PATH_FIELD_LIMIT),
-    source: codexThreadText(thread.source, CODEX_THREAD_TITLE_FIELD_LIMIT),
-    createdAt: codexTimestamp(thread.createdAt),
-    updatedAt: codexTimestamp(thread.updatedAt),
-    archived,
-    modelProvider: codexThreadText(
-      thread.modelProvider,
-      CODEX_THREAD_TITLE_FIELD_LIMIT
-    ),
-    cliVersion: codexThreadText(
-      thread.cliVersion,
-      CODEX_THREAD_TITLE_FIELD_LIMIT
-    ),
-    gitBranch: codexThreadText(
-      gitInfo?.branch,
-      CODEX_THREAD_TITLE_FIELD_LIMIT
-    ),
-    gitOriginUrl: codexThreadText(
-      gitInfo?.originUrl,
-      CODEX_THREAD_PATH_FIELD_LIMIT
-    ),
-    path: codexThreadText(thread.path, CODEX_THREAD_PATH_FIELD_LIMIT)
-  };
-}
-function codexThreadText(value, maxLength) {
-  const text2 = stringValue(value) ?? "";
-  if (text2.length <= maxLength) {
-    return text2;
-  }
-  return `${text2.slice(0, Math.max(0, maxLength - 3))}...`;
-}
-function codexTimestamp(value) {
-  if (typeof value === "number" && Number.isFinite(value)) {
-    return new Date(value * 1e3).toISOString();
-  }
-  return stringValue(value) ?? "";
-}
-function compareCodexThreadHistoryRows(left, right) {
-  const leftRow = objectValue(left);
-  const rightRow = objectValue(right);
-  const leftTime = Date.parse(
-    stringValue(leftRow?.createdAt) ?? stringValue(leftRow?.updatedAt) ?? ""
-  );
-  const rightTime = Date.parse(
-    stringValue(rightRow?.createdAt) ?? stringValue(rightRow?.updatedAt) ?? ""
-  );
-  return safeComparableTime(leftTime) - safeComparableTime(rightTime);
-}
-function safeComparableTime(value) {
-  return Number.isFinite(value) ? value : Number.MAX_SAFE_INTEGER;
-}
 function extractStartedThreadId(response) {
   if ("error" in response) {
     throw new Error(`thread/start failed: ${response.error.message}`);
@@ -23023,9 +22891,9 @@ async function applyControl(codex, kandan, topic, instanceId, options, allowedCw
     case "update_session_settings":
     case "set_port_forward_enabled":
     case "forward_http_request":
-    case "forward_websocket_open":
-    case "forward_websocket_send":
-    case "forward_websocket_close":
+    case "forward_tcp_open":
+    case "forward_tcp_send":
+    case "forward_tcp_close":
     case "start_local_editor":
     case "update_runner_config":
       return { instanceId, controlType: control.type, skipped: true };
@@ -27278,6 +27146,16 @@ import { stdin as defaultStdin, stdout as defaultStdout } from "node:process";
 import { emitKeypressEvents } from "node:readline";
 
 // src/signupServerClient.ts
+var SignupServerError = class extends Error {
+  status;
+  code;
+  constructor(args) {
+    super(args.message);
+    this.name = "SignupServerError";
+    this.status = args.status;
+    this.code = args.code;
+  }
+};
 function createSignupServerClient(args) {
   const serviceUrl = args.serviceUrl ?? defaultLinzumiHttpUrl;
   const fetchImpl = args.fetchImpl ?? fetch;
@@ -27368,9 +27246,7 @@ async function signupJsonRequest(args) {
   });
   const responseText = await response.text();
   if (!response.ok) {
-    throw new Error(
-      `Linzumi signup request failed with HTTP ${response.status}${errorResponseDetail(responseText)}`
-    );
+    throw signupResponseError(response.status, responseText);
   }
   const body = parseJsonResponse(responseText, "Linzumi signup response");
   return args.render(body);
@@ -27389,6 +27265,38 @@ function errorResponseDetail(text2) {
   }
   return `: ${trimmed.slice(0, 240)}`;
 }
+function signupResponseError(status, text2) {
+  const code = signupErrorCodeFromResponseText(text2);
+  if (code !== void 0) {
+    return new SignupServerError({
+      status,
+      code,
+      message: code
+    });
+  }
+  return new Error(
+    `Linzumi signup request failed with HTTP ${status}${errorResponseDetail(text2)}`
+  );
+}
+function signupErrorCodeFromResponseText(text2) {
+  const trimmed = text2.trim();
+  if (trimmed === "") {
+    return void 0;
+  }
+  try {
+    const value = JSON.parse(trimmed);
+    if (typeof value !== "object" || value === null || Array.isArray(value)) {
+      return void 0;
+    }
+    const error = value.error;
+    if (typeof error === "string" && error.trim() !== "") {
+      return error;
+    }
+    return void 0;
+  } catch (_error) {
+    return void 0;
+  }
+}
 function renderEmailCodeStart(value) {
   const body = objectRecord(value, "signup email-code start response");
   return {
@@ -27576,6 +27484,7 @@ function booleanValue(record, key) {
 }
 
 // src/signupFlow.ts
+var maxSignupVerificationCodeAttempts = 3;
 var blue = (value) => `\x1B[38;5;75m${value}\x1B[0m`;
 var green = (value) => `\x1B[38;5;114m${value}\x1B[0m`;
 var red = (value) => `\x1B[38;5;203m${value}\x1B[0m`;
@@ -28108,22 +28017,19 @@ async function runSignupFlow(deps = {}) {
       writeDebugLaunchPayload(output, state, debugLaunchPayload);
       return;
     }
-    writeVerificationPrompt(output, codeRequest.request.email);
-    const code = await prompts.input({
-      message: "Enter your Linzumi verification code",
-      defaultValue: signupServerClient === void 0 ? "482931" : ""
-    });
-    const verifyResult = signupServerClient === void 0 ? void 0 : await verifyEmailCodeForSignup(signupServerClient, {
+    const verificationResult = await promptForVerifiedEmailCode({
+      prompts,
+      output,
+      signupServerClient,
       pendingId: codeRequest.request.pendingId,
-      code
+      email: codeRequest.request.email
     });
-    if (verifyResult?.type === "failed") {
+    if (verificationResult.type === "failed") {
       state = updateSignupState(state, {
         currentStep: "launch",
-        verificationCode: code,
-        launchFailure: verifyResult.message
+        verificationCode: verificationResult.code,
+        launchFailure: verificationResult.message
       });
-      writeCodeEntry(output, code);
       writeSignupScreen(output, state);
       writePreflightSummary(output, state);
       writeSelectedProjectsSummary(output, state);
@@ -28132,14 +28038,13 @@ async function runSignupFlow(deps = {}) {
       writeDebugLaunchPayload(output, state, debugLaunchPayload);
       return;
     }
-    verifiedAuth = verifyResult?.auth;
+    verifiedAuth = verificationResult.verifiedAuth;
     const storedSignupAuth = verifiedAuth === void 0 ? writeSignupAuth({ email }) : signupAuthFromVerification(verifiedAuth, serviceUrl);
     state = updateSignupState(state, {
       currentStep: "launch",
       storedSignupAuth,
-      verificationCode: code
+      verificationCode: verificationResult.code
     });
-    writeCodeEntry(output, code);
   }
   if (signupServerClient !== void 0 && verifiedAuth !== void 0) {
     const defaultWorkspaceName = verifiedAuth.privateWorkspaceDefault.name || defaultWorkspaceNameForEmail(
@@ -28288,7 +28193,7 @@ async function launchSignupCommanderForCompletedSignup(commanderLauncher, args)
   } catch (error) {
     return {
       status: "failed",
-      runnerId: signupCommanderRunnerId(args.workspaceSlug),
+      runnerId: signupCommanderRunnerId(args.serviceUrl),
       restartCommand: signupConnectRestartCommand(args),
       error: error instanceof Error ? error.message : String(error)
     };
@@ -28335,7 +28240,8 @@ async function verifyEmailCodeForSignup(signupServerClient, args) {
       message: signupServerFailureMessage(
         "We couldn't verify your Linzumi email code",
         error
-      )
+      ),
+      code: signupServerFailureCode(error)
     };
   }
 }
@@ -28343,6 +28249,43 @@ function signupServerFailureMessage(prefix, error) {
   const message = error instanceof Error ? error.message : String(error);
   return `${prefix}: ${message}`;
 }
+function signupServerFailureCode(error) {
+  if (error instanceof SignupServerError) {
+    return error.code;
+  }
+  if (error instanceof Error && error.message === "invalid_signup_code") {
+    return "invalid_signup_code";
+  }
+  return void 0;
+}
+async function promptForVerifiedEmailCode(args) {
+  writeVerificationPrompt(args.output, args.email);
+  return verifyPromptAttempt(args, 1);
+}
+async function verifyPromptAttempt(args, attempt) {
+  const code = await args.prompts.input({
+    message: "Enter your Linzumi verification code",
+    defaultValue: args.signupServerClient === void 0 ? "482931" : ""
+  });
+  const verifyResult = args.signupServerClient === void 0 ? void 0 : await verifyEmailCodeForSignup(args.signupServerClient, {
+    pendingId: args.pendingId,
+    code
+  });
+  writeCodeEntry(args.output, code);
+  if (verifyResult?.type === "failed") {
+    if (verifyResult.code === "invalid_signup_code" && attempt < maxSignupVerificationCodeAttempts) {
+      writeBoundedLine(
+        args.output,
+        muted(
+          "   That code was not valid. Enter the newest 6-digit code from your email."
+        )
+      );
+      return verifyPromptAttempt(args, attempt + 1);
+    }
+    return { type: "failed", message: verifyResult.message, code };
+  }
+  return verifyResult === void 0 ? { type: "completed", code } : { type: "completed", code, verifiedAuth: verifyResult.auth };
+}
 async function refreshExistingSignupAuth(prompts, output, auth, writeSignupAuth, signupServerClient, serviceUrl) {
   output.write(
     `${green("\u2713")} You're already logged in!
@@ -28361,25 +28304,29 @@ ${muted(
   if (codeRequest.type === "failed") {
     return codeRequest;
   }
-  writeVerificationPrompt(output, codeRequest.request.email);
-  const code = await prompts.input({
-    message: "Enter your Linzumi verification code",
-    defaultValue: signupServerClient === void 0 ? "482931" : ""
-  });
-  const verifyResult = signupServerClient === void 0 ? void 0 : await verifyEmailCodeForSignup(signupServerClient, {
+  const verificationResult = await promptForVerifiedEmailCode({
+    prompts,
+    output,
+    signupServerClient,
     pendingId: codeRequest.request.pendingId,
-    code
+    email: codeRequest.request.email
   });
-  if (verifyResult?.type === "failed") {
-    writeCodeEntry(output, code);
+  if (verificationResult.type === "failed") {
     output.write("\n");
-    return verifyResult;
+    return {
+      type: "failed",
+      message: verificationResult.message
+    };
   }
-  const verifiedAuth = verifyResult?.auth;
+  const verifiedAuth = verificationResult.verifiedAuth;
   const refreshedAuth = verifiedAuth === void 0 ? writeSignupAuth({ email: auth.email }) : signupAuthFromVerification(verifiedAuth, serviceUrl);
-  writeCodeEntry(output, code);
   output.write("\n");
-  return { type: "completed", auth: refreshedAuth, code, verifiedAuth };
+  return {
+    type: "completed",
+    auth: refreshedAuth,
+    code: verificationResult.code,
+    verifiedAuth
+  };
 }
 async function validateExistingSignupAuth(signupServerClient, auth, retryPolicy) {
   if (signupServerClient === void 0 || auth.accessToken === void 0) {
@@ -28855,7 +28802,7 @@ async function defaultSignupCommanderLauncher(args) {
     accessToken: args.localRunnerAccessToken,
     expiresInSeconds: args.localRunnerExpiresInSeconds
   });
-  const runnerId = signupCommanderRunnerId(args.workspaceSlug);
+  const runnerId = signupCommanderRunnerId(args.serviceUrl);
   const restartCommand = signupConnectRestartCommand(args);
   try {
     const handle = await runLocalCodexRunner(
@@ -28878,13 +28825,13 @@ async function defaultSignupCommanderLauncher(args) {
     };
   }
 }
-function signupCommanderRunnerId(workspaceSlug) {
-  return `signup-${workspaceSlug}-commander`;
+function signupCommanderRunnerId(serviceUrl) {
+  return ensureLocalRunnerIdForLinzumiUrl(serviceUrl);
 }
 function failedSignupCommanderLaunchForMissingCodex(args) {
   return {
     status: "failed",
-    runnerId: signupCommanderRunnerId(args.workspaceSlug),
+    runnerId: "commander-not-started",
     restartCommand: signupConnectRestartCommand(args),
     error: "Codex preflight did not resolve a verified Codex command. Install Codex or fix the Codex CLI on PATH, then rerun signup."
   };
@@ -30251,7 +30198,7 @@ function runProcessCapture(args) {
     child.on("error", () => {
       finish("");
     });
-    child.on("exit", (code) => {
+    child.on("close", (code) => {
       finish(code === 0 ? stdout : "");
     });
   });
@@ -30714,8 +30661,6 @@ function startCommanderDaemon(options) {
     "commander",
     ...options.cwd === void 0 ? [] : [options.cwd],
     ...options.args,
-    "--runner-id",
-    options.runnerId,
     "--log-file",
     logFile
   ];
@@ -30965,7 +30910,6 @@ var flagDefinitions = /* @__PURE__ */ new Map([
   ["api-url", { kind: "value" }],
   ["linzumi-url", { kind: "value" }],
   ["token", { kind: "value" }],
-  ["runner-id", { kind: "value" }],
   ["cwd", { kind: "value" }],
   ["codex-bin", { kind: "value" }],
   ["codex-url", { kind: "value" }],
@@ -31291,7 +31235,8 @@ async function runCommanderDaemonCommand(args) {
         process.stdout.write(commanderDaemonHelpText());
         return;
       }
-      const runnerId = required(values, "runner-id");
+      const kandanUrl = kandanUrlValue(values) ?? defaultLinzumiWebSocketUrl;
+      const runnerId = ensureLocalRunnerIdForLinzumiUrl(kandanUrl);
       const cwd = cwdArg === void 0 || cwdArg.trim() === "" ? void 0 : resolveUserPath(cwdArg);
       const record = startCommanderDaemon({
         runnerId,
@@ -31315,7 +31260,8 @@ async function runCommanderDaemonCommand(args) {
     }
     case "status": {
       const values = strictFlagValues(rest);
-      const runnerId = required(values, "runner-id");
+      const kandanUrl = kandanUrlValue(values) ?? defaultLinzumiWebSocketUrl;
+      const runnerId = ensureLocalRunnerIdForLinzumiUrl(kandanUrl);
       const status = commanderDaemonStatus(
         runnerId,
         stringValue4(values, "status-dir")
@@ -31326,7 +31272,8 @@ async function runCommanderDaemonCommand(args) {
     }
     case "wait": {
       const values = strictFlagValues(rest);
-      const runnerId = required(values, "runner-id");
+      const kandanUrl = kandanUrlValue(values) ?? defaultLinzumiWebSocketUrl;
+      const runnerId = ensureLocalRunnerIdForLinzumiUrl(kandanUrl);
       const timeoutMs = positiveIntegerValue2(values, "timeout-ms") ?? 3e4;
       const result = await waitForCommanderDaemon({
         runnerId,
@@ -31345,7 +31292,8 @@ async function runCommanderDaemonCommand(args) {
     }
     case "stop": {
       const values = strictFlagValues(rest);
-      const runnerId = required(values, "runner-id");
+      const kandanUrl = kandanUrlValue(values) ?? defaultLinzumiWebSocketUrl;
+      const runnerId = ensureLocalRunnerIdForLinzumiUrl(kandanUrl);
       const status = stopCommanderDaemon(
         runnerId,
         stringValue4(values, "status-dir")
@@ -31391,7 +31339,8 @@ async function parseStartRunnerArgs(args, deps = {
   fetchStartTarget: fetchLocalRunnerStartTarget,
   validateToken: validateLocalRunnerToken,
   buildDependencyStatus: buildRunnerDependencyStatus,
-  resolveEditorRuntime
+  resolveEditorRuntime,
+  ensureRunnerId: ensureLocalRunnerIdForLinzumiUrl
 }) {
   const { cwdArg, flagArgs } = splitStartArgs(args);
   const values = strictFlagValues(flagArgs);
@@ -31463,7 +31412,9 @@ async function parseStartRunnerArgs(args, deps = {
   return {
     kandanUrl,
     token: targetToken,
-    runnerId: stringValue4(values, "runner-id") ?? `runner-${randomUUID5()}`,
+    runnerId: (deps.ensureRunnerId ?? ensureLocalRunnerIdForLinzumiUrl)(
+      kandanUrl
+    ),
     workspaceSlug: target.workspaceSlug,
     cwd,
     codexBin,
@@ -31500,7 +31451,8 @@ async function parseStartRunnerArgs(args, deps = {
 async function parseAgentRunnerArgs(args, deps = {
   readTextFile: readAgentTokenTextFile,
   buildDependencyStatus: buildRunnerDependencyStatus,
-  resolveEditorRuntime
+  resolveEditorRuntime,
+  ensureRunnerId: ensureLocalRunnerIdForLinzumiUrl
 }) {
   const { cwdArg, flagArgs } = splitStartArgs(args);
   const values = strictFlagValues(flagArgs);
@@ -31565,7 +31517,9 @@ async function parseAgentRunnerArgs(args, deps = {
   return {
     kandanUrl,
     token: tokenFile.commanderToken,
-    runnerId: stringValue4(values, "runner-id") ?? `agent-runner-${randomUUID5()}`,
+    runnerId: (deps.ensureRunnerId ?? ensureLocalRunnerIdForLinzumiUrl)(
+      kandanUrl
+    ),
     workspaceSlug: tokenFile.workspaceId,
     cwd,
     codexBin,
@@ -31665,7 +31619,8 @@ async function resolveStartTargetToken(args) {
 async function parseRunnerArgs(args, deps = {
   resolveToken: resolveLocalRunnerToken,
   buildDependencyStatus: buildRunnerDependencyStatus,
-  resolveEditorRuntime
+  resolveEditorRuntime,
+  ensureRunnerId: ensureLocalRunnerIdForLinzumiUrl
 }) {
   const values = strictFlagValues(args);
   if (values.get("help") === true) {
@@ -31717,7 +31672,9 @@ async function parseRunnerArgs(args, deps = {
   return {
     kandanUrl,
     token,
-    runnerId: stringValue4(values, "runner-id") ?? `runner-${randomUUID5()}`,
+    runnerId: (deps.ensureRunnerId ?? ensureLocalRunnerIdForLinzumiUrl)(
+      kandanUrl
+    ),
     cwd,
     codexBin,
     codexUrl: stringValue4(values, "codex-url"),
@@ -31835,7 +31792,7 @@ function stripDaemonSupervisorFlags(args) {
     }
     const key = arg.startsWith("--") ? arg.slice(2) : void 0;
     const definition = key === void 0 ? void 0 : flagDefinitions.get(key);
-    if (key === "runner-id" || key === "log-file" || key === "status-dir") {
+    if (key === "log-file" || key === "status-dir") {
       if (definition?.kind === "value") {
         index += 1;
       }
@@ -31976,8 +31933,8 @@ Usage:
   linzumi done <thread_id> --message <message>
   linzumi init-hello-linzumi-demo-app
   linzumi codex start-new --title <title> --runner <runner_id> --cwd <path> --work-description <text>
-  linzumi commander daemon --runner-id <id>
-  linzumi commander wait --runner-id <id>
+  linzumi commander daemon
+  linzumi commander wait
   linzumi commander <folder> [options]
   linzumi start <folder> [options]
   linzumi paths list|add|remove [path]
@@ -32021,7 +31978,7 @@ Examples:
     linzumi done thr_abc123 --message "Done: https://github.com/example/repo/pull/1"
     linzumi init-hello-linzumi-demo-app
     linzumi paths add ~/code/my-app
-    linzumi commander daemon --runner-id launch-commander
+    linzumi commander daemon
     linzumi start ~/
     linzumi start ~/code/my-app
     linzumi connect --workspace <your-workspace> --launch-tui
@@ -32072,11 +32029,11 @@ function commanderDaemonHelpText() {
   return `Linzumi Commander daemon
 
 Usage:
-  linzumi commander daemon --runner-id <id> [options]
-  linzumi commander daemon <folder> --runner-id <id> [options]
-  linzumi commander status --runner-id <id>
-  linzumi commander wait --runner-id <id> [--timeout-ms <ms>]
-  linzumi commander stop --runner-id <id>
+  linzumi commander daemon [options]
+  linzumi commander daemon <folder> [options]
+  linzumi commander status [options]
+  linzumi commander wait [--timeout-ms <ms>] [options]
+  linzumi commander stop [options]
 
 What it does:
   Starts the workspace Commander as a detached process, writes a status file,
@@ -32086,7 +32043,7 @@ What it does:
   configured folder.
 
 Options:
-  --runner-id <id>            Stable Commander id, required
+  --api-url <url>             Linzumi API URL used to select the stored scoped runner id
   --status-dir <path>         Status directory, default ~/.linzumi/commanders
   --log-file <path>           Commander log path, default in the status dir
   --timeout-ms <ms>           Wait timeout, default 30000
@@ -32149,9 +32106,9 @@ Usage:
   linzumi commander <folder> [options]
   linzumi commander daemon [options]
   linzumi commander daemon <folder> [options]
-  linzumi commander status --runner-id <id>
-  linzumi commander wait --runner-id <id>
-  linzumi commander stop --runner-id <id>
+  linzumi commander status [options]
+  linzumi commander wait [options]
+  linzumi commander stop [options]
   linzumi agent runner <folder> [options]
 
 What it does:
@@ -32164,7 +32121,6 @@ What it does:
 Options:
   --agent-token-file <path>   Agent token cache, default ~/.linzumi/agent-token.json
   --api-url <url>             Linzumi API URL. Defaults deterministically from the stored apiUrl.
-  --runner-id <id>            Stable Commander id
   --codex-bin <path>          Codex executable, default codex
   --code-server-bin <path>    Custom development code-server executable. By default Linzumi installs the approved editor runtime.
   --listen-user <user>        Human whose replies Codex may accept, default owner from claim
@@ -32178,8 +32134,8 @@ Options:
 
 Examples:
   linzumi paths add "$PWD"
-  linzumi commander daemon --runner-id hello-world-commander
-  linzumi commander ~/code/my-app --api-url http://127.0.0.1:4162 --runner-id local-qa-commander
+  linzumi commander daemon
+  linzumi commander ~/code/my-app --api-url http://127.0.0.1:4162
 `;
 }
 function connectGuideText() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@linzumi/cli",
-  "version": "0.0.55-beta",
+  "version": "0.0.57-beta",
   "description": "Linzumi CLI — point a Codex agent at the real code on your laptop, with your team watching and steering from shared threads.",
   "type": "module",
   "bin": {