@lnar/cli 0.0.1-dev.1da013d → 0.0.1-dev.3982ccb

package/README.md

@@ -4,29 +4,27 @@ Lnar CLI that scans your AI agent configuration files (Claude / Claude Code, Cod
 
 Read-only: the CLI only reads agent config files. Environment variable **keys** are recorded, but their **values are never sent** to the server.
 
-## Install / use
+## Install
 
 ```sh
-# 1. Install the CLI globally
 npm install -g @lnar/cli
-
-# 2. Sign in + start the always-on background service (one command)
 lnar up
 ```
 
-`lnar up` handles everything:
+`lnar up` does two things in one command:
 
-- If you are not yet authenticated, it runs the OAuth device-code flow (opens a URL + shows a short code).
-- It registers a background service that auto-starts on login / boot and re-launches if it crashes:
+- If you are not authenticated, runs the OAuth device-code flow (opens a URL + shows a short code).
+- Registers a background service that auto-starts on login / boot and re-launches if it crashes:
   - macOS → launchd LaunchAgent (`~/Library/LaunchAgents/ai.lnar.daemon.plist`)
   - Linux  → systemd `--user` unit (`~/.config/systemd/user/lnar-daemon.service`)
   - Windows → Task Scheduler (`LnarDaemon`, logon trigger + auto-restart)
 
 The service syncs the latest MCP-server list with lnar every 30s and applies any changes queued from the dashboard (e.g. "Add MCP server", "Disconnect").
 
-### Other commands
+## Commands
 
 ```sh
+lnar up             # sign in + start the background service
 lnar status         # show authentication + service status
 lnar down           # stop and remove the background service
 lnar scan           # one-shot: print detected MCP servers, no upload
@@ -34,14 +32,15 @@ lnar sync           # one-shot: scan and upload, then exit
 lnar login          # re-authenticate (normally `lnar up` is enough)
 ```
 
-### Production vs develop verification
+To force a specific endpoint, pass `--api-base-url` or set `LNAR_API_BASE_URL`.
 
-| Environment | Command | Default API |
-|---|---|---|
-| Production | `npm install -g @lnar/cli && lnar up` | `https://api.lnar.ai` |
-| Develop (pre-release verification) | `npm install -g @lnar/cli@dev && lnar up` | `https://api-dev.lnar.ai` |
+## Uninstall
 
-The `@dev` tag is published from the `develop` branch and is intended for verifying behaviour before promoting changes to production. To force a specific endpoint regardless of tag, pass `--api-base-url` or set `LNAR_API_BASE_URL`.
+```sh
+lnar down                     # stop and unregister the background service
+npm uninstall -g @lnar/cli    # remove the CLI binary
+rm -rf ~/.config/lnar         # (optional) remove cached credentials
+```
 
 ## Supported agents
 
@@ -53,44 +52,7 @@ The `@dev` tag is published from the `develop` branch and is intended for verify
 | Gemini CLI           | implemented | `~/.gemini/settings.json`, `.gemini/settings.json` (project) |
 | ChatGPT              | placeholder | `~/Library/Application Support/com.openai.chat` (existence only — connector data is encrypted) |
 
-## Development (working on this CLI itself)
-
-```sh
-pnpm install
-pnpm dev scan         # run from source against your default API
-pnpm test             # run vitest
-pnpm build            # compile to dist/
-```
-
-## Release workflow
-
-公開戦略は **canary + manual prod** (Next.js / Claude Code 系):
-
-| トリガー | dist-tag | デフォルト API |
-|---|---|---|
-| `develop` への push | `@dev` (canary) | `api-dev.lnar.ai` |
-| `cli-v*` の git tag push | `@latest` (本番) | `api.lnar.ai` |
-| GitHub Actions の `workflow_dispatch` (手動) | 任意 (dev / latest / beta / rc) | tag に応じる |
-
-### dev (canary) リリース
-
-develop ブランチに変更を merge するだけ。CI が自動で `0.0.1-dev.abc1234` のような
-SHA suffix 付きで `@dev` タグに publish する。
-
-### 本番リリース
-
-```sh
-git checkout main
-git merge develop                       # 本番化したい develop の内容を取り込む
-cd cli
-npm version minor                       # 0.0.1 → 0.1.0、自動で commit + tag (v0.1.0) が作られる
-                                        # ※ ただし tag 名は CI 側で "cli-v*" を期待するので
-                                        #   git tag -a cli-v0.1.0 -m "Release 0.1.0" の方が安全
-git push --follow-tags
-# → cli-v0.1.0 tag が CI を発火し、@latest で publish
-```
-
-### 緊急時の手動公開
+## Contributing
 
-GitHub Actions の "Publish CLI" workflow を `workflow_dispatch` から起動し、
-`tag` 入力 (`dev` / `latest` / `beta` / `rc`) を選んで実行。
+For development setup (pre-release `@dev` verification, local source
+workflow, release process), see the [lnar repository](https://github.com/NexaScience/lnar).

package/dist/api-client.d.ts

@@ -1,3 +1,4 @@
+import type { RecordedAction, RecordingManifest } from './recording/types.js';
 import type { ScanResult } from './types.js';
 export type SnapshotResponse = {
     agents: Array<{
@@ -15,3 +16,21 @@ export declare class ApiError extends Error {
     constructor(status: number, body: string);
 }
 export declare const postSnapshot: (baseUrl: string, apiKey: string, scan: ScanResult) => Promise<SnapshotResponse>;
+export type RecordingResponse = {
+    id: string;
+    status: string;
+    name: string;
+};
+/** 録画メタデータ + 操作トレースを登録し、recording id を得る (status=pending)。 */
+export declare const createRecording: (baseUrl: string, apiKey: string, input: {
+    name: string;
+    startUrl: string | null;
+    purpose?: string | null;
+    manifest: RecordingManifest;
+    actions: ReadonlyArray<RecordedAction>;
+}) => Promise<RecordingResponse>;
+/**
+ * バンドル tar.gz を raw body で PUT する。サーバー側で即解析され、解析済み録画
+ * (status=analyzed / playbook 付き) が返る。画像は S3 に保存されない。
+ */
+export declare const uploadRecordingBundle: (baseUrl: string, apiKey: string, recordingId: string, tarPath: string) => Promise<RecordingResponse>;

package/dist/api-client.js

@@ -1,3 +1,4 @@
+import { readFile } from 'node:fs/promises';
 export class ApiError extends Error {
     status;
     body;
@@ -17,12 +18,14 @@ export const postSnapshot = async (baseUrl, apiKey, scan) => {
         },
         body: JSON.stringify({
             hostname: scan.hostname,
+            machineId: scan.machineId,
             scannedAt: scan.scannedAt,
             agents: scan.agents.map((a) => ({
                 agentKind: a.agentKind,
                 agentVersion: a.agentVersion,
                 servers: a.servers,
                 plugins: a.plugins ?? [],
+                skills: a.skills ?? [],
             })),
         }),
     });
@@ -32,4 +35,43 @@ export const postSnapshot = async (baseUrl, apiKey, scan) => {
     }
     return (await response.json());
 };
+const recordingHeaders = (apiKey) => ({
+    Authorization: `Bearer ${apiKey}`,
+});
+/** 録画メタデータ + 操作トレースを登録し、recording id を得る (status=pending)。 */
+export const createRecording = async (baseUrl, apiKey, input) => {
+    const url = new URL('/v1/recordings', baseUrl).toString();
+    const response = await fetch(url, {
+        method: 'POST',
+        headers: { ...recordingHeaders(apiKey), 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+            name: input.name,
+            start_url: input.startUrl,
+            purpose: input.purpose ?? null,
+            manifest: input.manifest,
+            actions: input.actions,
+        }),
+    });
+    if (!response.ok) {
+        throw new ApiError(response.status, await response.text().catch(() => ''));
+    }
+    return (await response.json());
+};
+/**
+ * バンドル tar.gz を raw body で PUT する。サーバー側で即解析され、解析済み録画
+ * (status=analyzed / playbook 付き) が返る。画像は S3 に保存されない。
+ */
+export const uploadRecordingBundle = async (baseUrl, apiKey, recordingId, tarPath) => {
+    const url = new URL(`/v1/recordings/${recordingId}/bundle`, baseUrl).toString();
+    const body = await readFile(tarPath);
+    const response = await fetch(url, {
+        method: 'PUT',
+        headers: { ...recordingHeaders(apiKey), 'Content-Type': 'application/gzip' },
+        body,
+    });
+    if (!response.ok) {
+        throw new ApiError(response.status, await response.text().catch(() => ''));
+    }
+    return (await response.json());
+};
 //# sourceMappingURL=api-client.js.map

package/dist/api-client.js.map

@@ -1 +1 @@
-{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":"AAaA,MAAM,OAAO,QAAS,SAAQ,KAAK;IACjC,MAAM,CAAS;IACf,IAAI,CAAS;IACb,YAAY,MAAc,EAAE,IAAY;QACtC,KAAK,CAAC,aAAa,MAAM,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;QACpD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CACF;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAC/B,OAAe,EACf,MAAc,EACd,IAAgB,EACW,EAAE;IAC7B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,0BAA0B,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;IACpE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,aAAa,EAAE,UAAU,MAAM,EAAE;SAClC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC9B,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,YAAY,EAAE,CAAC,CAAC,YAAY;gBAC5B,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,OAAO,EAAE,CAAC,CAAC,OAAO,IAAI,EAAE;aACzB,CAAC,CAAC;SACJ,CAAC;KACH,CAAC,CAAC;IACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QACnD,MAAM,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAC;AACrD,CAAC,CAAC"}
+{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAe5C,MAAM,OAAO,QAAS,SAAQ,KAAK;IACjC,MAAM,CAAS;IACf,IAAI,CAAS;IACb,YAAY,MAAc,EAAE,IAAY;QACtC,KAAK,CAAC,aAAa,MAAM,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;QACpD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CACF;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAC/B,OAAe,EACf,MAAc,EACd,IAAgB,EACW,EAAE;IAC7B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,0BAA0B,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;IACpE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,aAAa,EAAE,UAAU,MAAM,EAAE;SAClC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC9B,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,YAAY,EAAE,CAAC,CAAC,YAAY;gBAC5B,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,OAAO,EAAE,CAAC,CAAC,OAAO,IAAI,EAAE;gBACxB,MAAM,EAAE,CAAC,CAAC,MAAM,IAAI,EAAE;aACvB,CAAC,CAAC;SACJ,CAAC;KACH,CAAC,CAAC;IACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QACnD,MAAM,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAC;AACrD,CAAC,CAAC;AAYF,MAAM,gBAAgB,GAAG,CAAC,MAAc,EAA0B,EAAE,CAAC,CAAC;IACpE,aAAa,EAAE,UAAU,MAAM,EAAE;CAClC,CAAC,CAAC;AAEH,8DAA8D;AAC9D,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAClC,OAAe,EACf,MAAc,EACd,KAMC,EAC2B,EAAE;IAC9B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC1D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,GAAG,gBAAgB,CAAC,MAAM,CAAC,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC5E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,SAAS,EAAE,KAAK,CAAC,QAAQ;YACzB,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,IAAI;YAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC;KACH,CAAC,CAAC;IACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAsB,CAAC;AACtD,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EACxC,OAAe,EACf,MAAc,EACd,WAAmB,EACnB,OAAe,EACa,EAAE;IAC9B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,kBAAkB,WAAW,SAAS,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;IAChF,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,EAAE,GAAG,gBAAgB,CAAC,MAAM,CAAC,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC5E,IAAI;KACL,CAAC,CAAC;IACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAsB,CAAC;AACtD,CAAC,CAAC"}

package/dist/auth.d.ts

@@ -0,0 +1,20 @@
+/**
+ * CLI 認証情報の解決。
+ *
+ * 保存済み config を読み、必要なら OAuth access token を refresh し、API 呼び出し用の
+ * Bearer 値を返す。`sync` コマンドと同じ方針 (期限切れ + refresh 不可なら再ログイン案内)。
+ */
+import { type StoredConfig } from './config.js';
+export declare class NotLoggedInError extends Error {
+    constructor(message?: string);
+}
+/** API 呼び出し用の Bearer 値を取り出す。 */
+export declare const bearerFor: (config: StoredConfig) => string;
+export interface ResolvedAuth {
+    readonly baseUrl: string;
+    readonly token: string;
+}
+/**
+ * 認証を解決する。未ログインなら NotLoggedInError を投げる。
+ */
+export declare const resolveAuth: () => Promise<ResolvedAuth>;

package/dist/auth.js

@@ -0,0 +1,74 @@
+/**
+ * CLI 認証情報の解決。
+ *
+ * 保存済み config を読み、必要なら OAuth access token を refresh し、API 呼び出し用の
+ * Bearer 値を返す。`sync` コマンドと同じ方針 (期限切れ + refresh 不可なら再ログイン案内)。
+ */
+import { DEFAULT_CLIENT_ID, loadConfig, saveConfig } from './config.js';
+import { OAuthError, refreshAccessToken } from './oauth-client.js';
+const ACCESS_TOKEN_REFRESH_SKEW_SECONDS = 60;
+export class NotLoggedInError extends Error {
+    constructor(message = 'not logged in. Run `lnar login` first.') {
+        super(message);
+        this.name = 'NotLoggedInError';
+    }
+}
+const isAccessTokenExpired = (config) => {
+    if (!config.accessTokenExpiresAt)
+        return false;
+    const expires = Date.parse(config.accessTokenExpiresAt);
+    if (Number.isNaN(expires))
+        return true;
+    return expires - Date.now() < ACCESS_TOKEN_REFRESH_SKEW_SECONDS * 1000;
+};
+const refreshIfNeeded = async (config) => {
+    if (!config.accessToken)
+        return config;
+    if (!isAccessTokenExpired(config))
+        return config;
+    if (!config.refreshToken) {
+        throw new NotLoggedInError('access token expired and no refresh token. Run `lnar login`.');
+    }
+    const clientId = config.clientId ?? DEFAULT_CLIENT_ID;
+    let token;
+    try {
+        token = await refreshAccessToken(config.apiBaseUrl, clientId, config.refreshToken);
+    }
+    catch (err) {
+        if (err instanceof OAuthError && err.errorCode === 'invalid_grant') {
+            throw new NotLoggedInError('refresh token expired or revoked. Run `lnar login`.');
+        }
+        throw err;
+    }
+    const accessTokenExpiresAt = new Date(Date.now() + token.expires_in * 1000).toISOString();
+    const next = {
+        apiBaseUrl: config.apiBaseUrl,
+        accessToken: token.access_token,
+        refreshToken: token.refresh_token ?? config.refreshToken,
+        accessTokenExpiresAt,
+        scopes: token.scope ? token.scope.split(' ') : config.scopes,
+        clientId,
+    };
+    await saveConfig(next);
+    return { ...next, savedAt: new Date().toISOString() };
+};
+/** API 呼び出し用の Bearer 値を取り出す。 */
+export const bearerFor = (config) => {
+    if (config.accessToken)
+        return config.accessToken;
+    if (config.apiKey)
+        return config.apiKey;
+    throw new NotLoggedInError('no credentials available. Run `lnar login`.');
+};
+/**
+ * 認証を解決する。未ログインなら NotLoggedInError を投げる。
+ */
+export const resolveAuth = async () => {
+    const initial = await loadConfig();
+    if (initial == null) {
+        throw new NotLoggedInError();
+    }
+    const config = await refreshIfNeeded(initial);
+    return { baseUrl: config.apiBaseUrl, token: bearerFor(config) };
+};
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAqB,UAAU,EAAE,MAAM,aAAa,CAAC;AAC3F,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAEnE,MAAM,iCAAiC,GAAG,EAAE,CAAC;AAE7C,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IACzC,YAAY,OAAO,GAAG,wCAAwC;QAC5D,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAED,MAAM,oBAAoB,GAAG,CAAC,MAAoB,EAAW,EAAE;IAC7D,IAAI,CAAC,MAAM,CAAC,oBAAoB;QAAE,OAAO,KAAK,CAAC;IAC/C,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IACxD,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,OAAO,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,iCAAiC,GAAG,IAAI,CAAC;AACzE,CAAC,CAAC;AAEF,MAAM,eAAe,GAAG,KAAK,EAAE,MAAoB,EAAyB,EAAE;IAC5E,IAAI,CAAC,MAAM,CAAC,WAAW;QAAE,OAAO,MAAM,CAAC;IACvC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IACjD,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QACzB,MAAM,IAAI,gBAAgB,CAAC,8DAA8D,CAAC,CAAC;IAC7F,CAAC;IACD,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,iBAAiB,CAAC;IACtD,IAAI,KAAqD,CAAC;IAC1D,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,UAAU,EAAE,QAAQ,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;IACrF,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,UAAU,IAAI,GAAG,CAAC,SAAS,KAAK,eAAe,EAAE,CAAC;YACnE,MAAM,IAAI,gBAAgB,CAAC,qDAAqD,CAAC,CAAC;QACpF,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IACD,MAAM,oBAAoB,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAC1F,MAAM,IAAI,GAAkC;QAC1C,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,WAAW,EAAE,KAAK,CAAC,YAAY;QAC/B,YAAY,EAAE,KAAK,CAAC,aAAa,IAAI,MAAM,CAAC,YAAY;QACxD,oBAAoB;QACpB,MAAM,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM;QAC5D,QAAQ;KACT,CAAC;IACF,MAAM,UAAU,CAAC,IAAI,CAAC,CAAC;IACvB,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;AACxD,CAAC,CAAC;AAEF,gCAAgC;AAChC,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,MAAoB,EAAU,EAAE;IACxD,IAAI,MAAM,CAAC,WAAW;QAAE,OAAO,MAAM,CAAC,WAAW,CAAC;IAClD,IAAI,MAAM,CAAC,MAAM;QAAE,OAAO,MAAM,CAAC,MAAM,CAAC;IACxC,MAAM,IAAI,gBAAgB,CAAC,6CAA6C,CAAC,CAAC;AAC5E,CAAC,CAAC;AAOF;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,KAAK,IAA2B,EAAE;IAC3D,MAAM,OAAO,GAAG,MAAM,UAAU,EAAE,CAAC;IACnC,IAAI,OAAO,IAAI,IAAI,EAAE,CAAC;QACpB,MAAM,IAAI,gBAAgB,EAAE,CAAC;IAC/B,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,CAAC;IAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,UAAU,EAAE,KAAK,EAAE,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;AAClE,CAAC,CAAC"}

package/dist/browser.d.ts

@@ -0,0 +1 @@
+export declare const openBrowser: (url: string) => boolean;

package/dist/browser.js

@@ -0,0 +1,68 @@
+/**
+ * OS のデフォルトブラウザで URL を開く。
+ *
+ * 依存を増やさず、プラットフォームごとの組み込みコマンドを spawn する。
+ *   macOS  → `open -- <url>`
+ *   Linux  → `xdg-open -- <url>`
+ *   Windows → `rundll32 url.dll,FileProtocolHandler <url>`
+ *
+ * セキュリティ:
+ *   - URL は http / https スキームのみ許可（javascript:, file: 等は拒否）
+ *   - macOS / Linux では `--` セパレータで先頭が `-` の URL をフラグと誤認させない
+ *   - Windows は cmd.exe メタ文字解釈を避けるため `rundll32 url.dll,FileProtocolHandler`
+ *     を使用（cmd /c start 経由は `&` 等で injection 余地が残る）
+ *
+ * CI / SSH / コンテナ等の "browser を出せない" 環境では子プロセスが失敗するが、
+ * 呼び出し側で URL を必ず stdout に表示するフォールバックを残すため、ここでは
+ * 例外を握り潰して boolean で結果だけ返す。
+ *
+ * 強制無効化: `LNAR_NO_BROWSER=1` を export しておくと自動オープンを抑止する。
+ */
+import { spawn } from 'node:child_process';
+import { platform } from 'node:os';
+const isSafeHttpUrl = (url) => {
+    try {
+        const parsed = new URL(url);
+        return parsed.protocol === 'http:' || parsed.protocol === 'https:';
+    }
+    catch {
+        return false;
+    }
+};
+const resolveOpenCommand = (url) => {
+    const os = platform();
+    if (os === 'darwin') {
+        // `--` で URL がフラグ扱いされないようにする
+        return { command: 'open', args: ['--', url] };
+    }
+    if (os === 'win32') {
+        // cmd.exe を経由しないことで `&`, `|` 等のメタ文字解釈を回避
+        return { command: 'rundll32', args: ['url.dll,FileProtocolHandler', url] };
+    }
+    return { command: 'xdg-open', args: ['--', url] };
+};
+export const openBrowser = (url) => {
+    if (process.env.LNAR_NO_BROWSER === '1') {
+        return false;
+    }
+    if (!isSafeHttpUrl(url)) {
+        return false;
+    }
+    const { command, args } = resolveOpenCommand(url);
+    try {
+        const child = spawn(command, args, {
+            detached: true,
+            stdio: 'ignore',
+        });
+        // spawn 自体が失敗 (コマンドが PATH に無い等) しても unhandled error にしない。
+        child.on('error', () => {
+            /* swallow — フォールバックは呼び出し側の stdout に任せる */
+        });
+        child.unref();
+        return true;
+    }
+    catch {
+        return false;
+    }
+};
+//# sourceMappingURL=browser.js.map

package/dist/browser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser.js","sourceRoot":"","sources":["../src/browser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AACH,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAOnC,MAAM,aAAa,GAAG,CAAC,GAAW,EAAW,EAAE;IAC7C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC;IACrE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,kBAAkB,GAAG,CAAC,GAAW,EAAe,EAAE;IACtD,MAAM,EAAE,GAAG,QAAQ,EAAE,CAAC;IACtB,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;QACpB,6BAA6B;QAC7B,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,CAAC;IAChD,CAAC;IACD,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;QACnB,yCAAyC;QACzC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,6BAA6B,EAAE,GAAG,CAAC,EAAE,CAAC;IAC7E,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,CAAC;AACpD,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,GAAW,EAAW,EAAE;IAClD,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,GAAG,EAAE,CAAC;QACxC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;IAClD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE;YACjC,QAAQ,EAAE,IAAI;YACd,KAAK,EAAE,QAAQ;SAChB,CAAC,CAAC;QACH,0DAA0D;QAC1D,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACrB,0CAA0C;QAC5C,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,KAAK,EAAE,CAAC;QACd,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC,CAAC"}

package/dist/cli.js

@@ -3,6 +3,7 @@ import { Command } from 'commander';
 import { runDaemon } from './commands/daemon.js';
 import { runDown } from './commands/down.js';
 import { runLogin } from './commands/login.js';
+import { runRecord } from './commands/record.js';
 import { runScan } from './commands/scan.js';
 import { runStatus } from './commands/status.js';
 import { runSync } from './commands/sync.js';
@@ -23,10 +24,13 @@ program
     .description('Authenticate (if needed) and install lnar as a background service that runs forever.')
     .option('--api-base-url <url>', 'lnar API base URL')
     .option('--client-id <id>', 'OAuth client_id (default: lnar-cli)')
+    .option('--no-browser', 'Do not open the authorization URL in a browser automatically')
     .action(async (opts) => {
     await runUp({
         apiBaseUrl: opts.apiBaseUrl,
         clientId: opts.clientId,
+        // commander の --no-X は opts.browser=false で渡る
+        noBrowser: opts.browser === false,
     });
 });
 program
@@ -49,10 +53,12 @@ program
     .description('Re-authorize this device via the OAuth Device Code flow (normally not needed — `lnar up` handles login).')
     .option('--api-base-url <url>', 'lnar API base URL')
     .option('--client-id <id>', 'OAuth client_id (default: lnar-cli)')
+    .option('--no-browser', 'Do not open the authorization URL in a browser automatically')
     .action(async (opts) => {
     await runLogin({
         apiBaseUrl: opts.apiBaseUrl,
         clientId: opts.clientId,
+        noBrowser: opts.browser === false,
     });
 });
 program
@@ -69,6 +75,30 @@ program
     .action(async (opts) => {
     await runSync({ dryRun: Boolean(opts.dryRun) });
 });
+program
+    .command('record')
+    .description('Record a browser demo locally and upload it to lnar (Demo-to-MCP). You operate your own browser; the captured actions/keyframes become the material for generating a browser-automation MCP.')
+    .option('--url <url>', 'Start URL to open in the recording browser')
+    .option('--name <name>', 'Recording name (default: recording-<timestamp>)')
+    .option('--purpose <text>', 'Purpose of the task (improves playbook analysis; prompted after recording if omitted)')
+    .option('--out <dir>', 'Output bundle directory (default: ./lnar-<name>)')
+    .option('--headless', 'Run the browser headless (not recommended for interactive demos)')
+    .option('--video', 'Also record a video of the session (off by default; included in the upload when set)')
+    .option('--trace', 'Also record a Playwright trace (off by default)')
+    .option('--no-upload', 'Produce the bundle locally but do not upload to lnar')
+    .action(async (opts) => {
+    await runRecord({
+        url: opts.url,
+        name: opts.name,
+        purpose: opts.purpose,
+        out: opts.out,
+        headless: Boolean(opts.headless),
+        video: Boolean(opts.video),
+        trace: Boolean(opts.trace),
+        // commander の --no-upload は opts.upload=false で渡る
+        noUpload: opts.upload === false,
+    });
+});
 // ---------------------------------------------------------------------------
 // Hidden internal command: launchd / systemd / Task Scheduler が exec する実体。
 // ユーザー向けには `lnar up` が完全に隠蔽するため、--help に出さない。

package/dist/cli.js.map

@@ -1 +1 @@
-{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAEzC,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,MAAM,CAAC;KACZ,WAAW,CACV,+EAA+E,CAChF;KACA,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,8EAA8E;AAC9E,iCAAiC;AACjC,+CAA+C;AAC/C,mCAAmC;AACnC,iCAAiC;AACjC,8EAA8E;AAE9E,OAAO;KACJ,OAAO,CAAC,IAAI,CAAC;KACb,WAAW,CACV,sFAAsF,CACvF;KACA,MAAM,CAAC,sBAAsB,EAAE,mBAAmB,CAAC;KACnD,MAAM,CAAC,kBAAkB,EAAE,qCAAqC,CAAC;KACjE,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,KAAK,CAAC;QACV,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACxB,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,8CAA8C,CAAC;KAC3D,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,OAAO,EAAE,CAAC;AAClB,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,yDAAyD,CAAC;KACtE,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,SAAS,EAAE,CAAC;AACpB,CAAC,CAAC,CAAC;AAEL,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CACV,0GAA0G,CAC3G;KACA,MAAM,CAAC,sBAAsB,EAAE,mBAAmB,CAAC;KACnD,MAAM,CAAC,kBAAkB,EAAE,qCAAqC,CAAC;KACjE,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,QAAQ,CAAC;QACb,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACxB,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,yEAAyE,CAAC;KACtF,MAAM,CAAC,QAAQ,EAAE,6DAA6D,CAAC;KAC/E,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,OAAO,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC9C,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,4DAA4D,CAAC;KACzE,MAAM,CAAC,WAAW,EAAE,0DAA0D,CAAC;KAC/E,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,OAAO,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAClD,CAAC,CAAC,CAAC;AAEL,8EAA8E;AAC9E,2EAA2E;AAC3E,8CAA8C;AAC9C,8EAA8E;AAE9E,OAAO;KACJ,OAAO,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;KACnC,WAAW,CAAC,mEAAmE,CAAC;KAChF,MAAM,CAAC,QAAQ,EAAE,6BAA6B,CAAC;KAC/C,MAAM,CACL,sBAAsB,EACtB,wCAAwC,EACxC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAC9B;KACA,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,SAAS,CAAC;QACd,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;QACxB,eAAe,EAAE,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;KAC/E,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACpF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAEzC,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,MAAM,CAAC;KACZ,WAAW,CAAC,+EAA+E,CAAC;KAC5F,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,8EAA8E;AAC9E,iCAAiC;AACjC,+CAA+C;AAC/C,mCAAmC;AACnC,iCAAiC;AACjC,8EAA8E;AAE9E,OAAO;KACJ,OAAO,CAAC,IAAI,CAAC;KACb,WAAW,CACV,sFAAsF,CACvF;KACA,MAAM,CAAC,sBAAsB,EAAE,mBAAmB,CAAC;KACnD,MAAM,CAAC,kBAAkB,EAAE,qCAAqC,CAAC;KACjE,MAAM,CAAC,cAAc,EAAE,8DAA8D,CAAC;KACtF,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,KAAK,CAAC;QACV,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,8CAA8C;QAC9C,SAAS,EAAE,IAAI,CAAC,OAAO,KAAK,KAAK;KAClC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,8CAA8C,CAAC;KAC3D,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,OAAO,EAAE,CAAC;AAClB,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,yDAAyD,CAAC;KACtE,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,SAAS,EAAE,CAAC;AACpB,CAAC,CAAC,CAAC;AAEL,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CACV,0GAA0G,CAC3G;KACA,MAAM,CAAC,sBAAsB,EAAE,mBAAmB,CAAC;KACnD,MAAM,CAAC,kBAAkB,EAAE,qCAAqC,CAAC;KACjE,MAAM,CAAC,cAAc,EAAE,8DAA8D,CAAC;KACtF,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,QAAQ,CAAC;QACb,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,SAAS,EAAE,IAAI,CAAC,OAAO,KAAK,KAAK;KAClC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,yEAAyE,CAAC;KACtF,MAAM,CAAC,QAAQ,EAAE,6DAA6D,CAAC;KAC/E,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,OAAO,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC9C,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,4DAA4D,CAAC;KACzE,MAAM,CAAC,WAAW,EAAE,0DAA0D,CAAC;KAC/E,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,OAAO,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAClD,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CACV,8LAA8L,CAC/L;KACA,MAAM,CAAC,aAAa,EAAE,4CAA4C,CAAC;KACnE,MAAM,CAAC,eAAe,EAAE,iDAAiD,CAAC;KAC1E,MAAM,CACL,kBAAkB,EAClB,uFAAuF,CACxF;KACA,MAAM,CAAC,aAAa,EAAE,kDAAkD,CAAC;KACzE,MAAM,CAAC,YAAY,EAAE,kEAAkE,CAAC;KACxF,MAAM,CACL,SAAS,EACT,sFAAsF,CACvF;KACA,MAAM,CAAC,SAAS,EAAE,iDAAiD,CAAC;KACpE,MAAM,CAAC,aAAa,EAAE,sDAAsD,CAAC;KAC7E,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,SAAS,CAAC;QACd,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;QAChC,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;QAC1B,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;QAC1B,kDAAkD;QAClD,QAAQ,EAAE,IAAI,CAAC,MAAM,KAAK,KAAK;KAChC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEL,8EAA8E;AAC9E,2EAA2E;AAC3E,8CAA8C;AAC9C,8EAA8E;AAE9E,OAAO;KACJ,OAAO,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;KACnC,WAAW,CAAC,mEAAmE,CAAC;KAChF,MAAM,CAAC,QAAQ,EAAE,6BAA6B,CAAC;KAC/C,MAAM,CAAC,sBAAsB,EAAE,wCAAwC,EAAE,CAAC,CAAC,EAAE,EAAE,CAC9E,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CACvB;KACA,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,SAAS,CAAC;QACd,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;QACxB,eAAe,EAAE,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;KAC/E,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACpF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/commands/daemon.d.ts

@@ -1,5 +1,7 @@
 export type DaemonOptions = {
     once?: boolean;
     intervalSeconds?: number;
+    /** SSE 接続を有効にするか。テスト時 / once 実行時は false にできる。default true。 */
+    enableSse?: boolean;
 };
 export declare const runDaemon: (options?: DaemonOptions) => Promise<void>;

package/dist/commands/daemon.js

@@ -1,9 +1,12 @@
 import { hostname } from 'node:os';
 import { ApiError, postSnapshot } from '../api-client.js';
 import { DEFAULT_CLIENT_ID, loadConfig, saveConfig } from '../config.js';
+import { loadOrCreateMachineId } from '../machine-id.js';
 import { OAuthError, refreshAccessToken } from '../oauth-client.js';
 import { listPendingForHost, reportApplied, reportFailed, } from '../pending-client.js';
+import { executePendingRuns } from '../run-worker.js';
 import { runAllScanners } from '../scanners/index.js';
+import { runSseClient, SseFatalError } from '../sse-client.js';
 import { getWriter } from '../writers/registry.js';
 const DEFAULT_INTERVAL_SECONDS = 30;
 const ACCESS_TOKEN_REFRESH_SKEW_SECONDS = 60;
@@ -60,8 +63,10 @@ const bearerFor = (config) => {
 };
 const runScanAndSync = async (config) => {
     const agents = await runAllScanners();
+    const machineId = await loadOrCreateMachineId();
     const scan = {
         hostname: hostname(),
+        machineId,
         scannedAt: new Date().toISOString(),
         agents,
     };
@@ -97,6 +102,18 @@ const applyPending = async (config, change) => {
 const runOnce = async (config) => {
     // 1. 最新スナップショットを送信 → サーバ側 agent ID が最新化される
     await runScanAndSync(config);
+    // 1.5. 録画 run-job をローカル実行する (Demo-to-MCP)。失敗しても以降の
+    //      スキャン / pending 適用は継続させる (機能を分離する)。
+    try {
+        const ran = await executePendingRuns(config.apiBaseUrl, bearerFor(config), hostname());
+        if (ran > 0) {
+            process.stdout.write(`lnar daemon: executed ${ran} recording run(s)\n`);
+        }
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        process.stderr.write(`lnar daemon: recording runs error: ${message}\n`);
+    }
     // 2. 自 host 向けの pending を取得
     const host = hostname();
     const pending = await listPendingForHost(config.apiBaseUrl, bearerFor(config), host);
@@ -112,6 +129,61 @@ const runOnce = async (config) => {
     // 3. 反映後に再スキャン送信して dashboard の表示も最新化
     await runScanAndSync(config);
 };
+/**
+ * runOnce が重複実行されないよう mutex を取る。SSE 通知と polling が同時に発火
+ * したとき、両方が runOnce を呼んで pending を二重処理するのを防ぐ。pending が
+ * あれば即時実行、すでに走っていれば 1 回だけ追い焚き予約 (coalesce)。
+ */
+const createRunOnceMutex = () => {
+    let inFlight = null;
+    let queued = false;
+    const trigger = (config) => {
+        if (inFlight) {
+            // すでに走っているなら次回追い焚き予約 (複数回呼ばれても 1 回に集約)。
+            queued = true;
+            return inFlight;
+        }
+        const run = async () => {
+            try {
+                await runOnce(config);
+            }
+            finally {
+                if (queued) {
+                    queued = false;
+                    // 1 回だけ追い焚き。caller の最新 trigger に応答する。
+                    inFlight = run();
+                    await inFlight;
+                }
+            }
+        };
+        inFlight = run().finally(() => {
+            inFlight = null;
+        });
+        return inFlight;
+    };
+    return { trigger };
+};
+const startSseListener = (config, host, trigger, signal) => {
+    const url = new URL('/v1/monitoring/daemon/events', config.apiBaseUrl);
+    url.searchParams.set('hostname', host);
+    process.stdout.write(`lnar daemon: SSE connecting to ${url.toString()}\n`);
+    return runSseClient({
+        url: url.toString(),
+        token: bearerFor(config),
+        signal,
+        onOpen: async () => {
+            // 接続 / 再接続のたびに 1 回 fetch (取りこぼし防止)
+            process.stdout.write('lnar daemon: SSE connected\n');
+            await trigger(config);
+        },
+        onEvent: async (event) => {
+            if (event.type === 'pending_created') {
+                process.stdout.write('lnar daemon: SSE event → fetching pending\n');
+                await trigger(config);
+            }
+        },
+    });
+};
 export const runDaemon = async (options = {}) => {
     const initial = await loadConfig();
     if (initial == null) {
@@ -119,13 +191,36 @@ export const runDaemon = async (options = {}) => {
         process.exit(1);
     }
     const interval = (options.intervalSeconds ?? DEFAULT_INTERVAL_SECONDS) * 1000;
+    const enableSse = options.enableSse ?? !options.once;
+    const host = hostname();
+    const { trigger } = createRunOnceMutex();
     let running = true;
+    const sseAbort = new AbortController();
     const stop = () => {
         running = false;
+        sseAbort.abort();
         process.stdout.write('\nlnar daemon: shutting down…\n');
     };
     process.on('SIGINT', stop);
     process.on('SIGTERM', stop);
+    // SSE listener は background で常時走らせる。fatal error (401 等) は
+    // catch して polling loop 側の token refresh に任せる。
+    // Box にしないと TS が closure 内の代入をフローに反映できず never 扱いになる。
+    const sseTaskRef = { current: null };
+    const startSse = (config) => {
+        if (!enableSse)
+            return;
+        sseTaskRef.current = startSseListener(config, host, trigger, sseAbort.signal).catch((err) => {
+            if (err instanceof SseFatalError) {
+                process.stderr.write(`lnar daemon: SSE fatal (${err.status}); falling back to polling only\n`);
+            }
+            else {
+                const message = err instanceof Error ? err.message : String(err);
+                process.stderr.write(`lnar daemon: SSE listener stopped: ${message}\n`);
+            }
+        });
+    };
+    startSse(initial);
     while (running) {
         let config;
         try {
@@ -140,7 +235,7 @@ export const runDaemon = async (options = {}) => {
             continue;
         }
         try {
-            await runOnce(config);
+            await trigger(config);
         }
         catch (err) {
             if (err instanceof ApiError && err.status === 401) {
@@ -154,5 +249,9 @@ export const runDaemon = async (options = {}) => {
             break;
         await sleep(interval);
     }
+    if (sseTaskRef.current) {
+        sseAbort.abort();
+        await sseTaskRef.current.catch(() => undefined);
+    }
 };
 //# sourceMappingURL=daemon.js.map