@onklave/agent-cli 0.1.44 → 0.1.46

package/main.js

@@ -285,6 +285,20 @@ async function loginCommand(args) {
     process.exitCode = 1;
     return;
   }
+  const linkingTokenPrefixes = ["ok_link_", "ok_worker_", "ok_device_"];
+  if (linkingTokenPrefixes.some((prefix) => token.startsWith(prefix))) {
+    console.error(
+      "That looks like a worker/device linking token, not a login credential.\n"
+    );
+    console.error(
+      "Linking tokens register a machine \u2014 use: onklave register --token <token>"
+    );
+    console.error(
+      "To log in, generate a CLI token in the Portal under Settings > API Tokens."
+    );
+    process.exitCode = 1;
+    return;
+  }
   const metadata = {};
   if (typeof platformUrl === "string") {
     metadata.platformUrl = platformUrl;
@@ -729,6 +743,19 @@ var PlatformClient = class {
   async listMachines() {
     return this.request("GET", "/api/v1/runner/machines");
   }
+  /*
+   * Worker Node Security 1b — fetch this runner's server-side policy
+   * (org-admin-defined allowed work paths). Device-token authed; the endpoint
+   * is public and reads x-device-token.
+   */
+  async getRunnerPolicy(deviceToken) {
+    return this.request(
+      "GET",
+      "/api/v1/runner/policy",
+      void 0,
+      { "x-device-token": deviceToken }
+    );
+  }
   /*
    * Check platform health.
    */
@@ -747,8 +774,8 @@ var PlatformClient = class {
   /*
    * Make an authenticated HTTP request to the platform.
    */
-  async request(method, path10, body, extraHeaders) {
-    const url = `${this.baseUrl}${GATEWAY_SERVICE_PREFIX}${path10}`;
+  async request(method, path11, body, extraHeaders) {
+    const url = `${this.baseUrl}${GATEWAY_SERVICE_PREFIX}${path11}`;
     const headers = {
       Authorization: `Bearer ${this.token}`,
       "Content-Type": "application/json",
@@ -803,7 +830,7 @@ var CommsClient = class {
    * (e.g. `assignment:claim-available`) to this specific runner.
    */
   async connect(commsUrl, token, extra) {
-    return new Promise((resolve3, reject) => {
+    return new Promise((resolve4, reject) => {
       const baseUrl = commsUrl.replace(/\/+$/, "");
       this.socket = io(`${baseUrl}/agent-cli`, {
         auth: {
@@ -828,7 +855,7 @@ var CommsClient = class {
       this.socket.on("connect", () => {
         clearTimeout(connectTimeout);
         this.reconnectAttempts = 0;
-        resolve3();
+        resolve4();
       });
       this.socket.on("connect_error", (error) => {
         this.reconnectAttempts++;
@@ -914,6 +941,15 @@ var CommsClient = class {
   onAssignmentAvailable(handler) {
     this.socket?.on("assignment:claim-available", handler);
   }
+  /*
+   * Listen for daemon:upgrade requests pushed by an org admin from the
+   * portal. The daemon only acts on these when auto-upgrade is opted in
+   * (ONKLAVE_ALLOW_AUTO_UPGRADE) — see DaemonUpgradeService. Worker Node
+   * Security Phase 3.
+   */
+  onUpgradeRequest(handler) {
+    this.socket?.on("daemon:upgrade", handler);
+  }
 };
 
 // _apps/@onklave/agent-cli/src/services/session-manager.ts
@@ -1004,16 +1040,16 @@ var SessionManager = class {
       throw new Error(`No active session found with ID: ${sessionId}`);
     }
     session.process.kill("SIGTERM");
-    await new Promise((resolve3) => {
+    await new Promise((resolve4) => {
       const forceTimeout = setTimeout(() => {
         if (session.process.killed === false) {
           session.process.kill("SIGKILL");
         }
-        resolve3();
+        resolve4();
       }, 5e3);
       session.process.on("exit", () => {
         clearTimeout(forceTimeout);
-        resolve3();
+        resolve4();
       });
     });
     this.activeSessions.delete(sessionId);
@@ -1213,7 +1249,50 @@ var AuditStreamer = class {
 };
 
 // _apps/@onklave/agent-cli/src/services/guardrail-enforcer.ts
+import * as fs3 from "fs";
 import * as path3 from "path";
+function safeRealpath(target) {
+  let current = path3.resolve(target);
+  const tail = [];
+  for (let i = 0; i < 4096; i++) {
+    try {
+      const real = fs3.realpathSync(current);
+      return tail.length ? path3.join(real, ...tail.reverse()) : real;
+    } catch {
+      const parent = path3.dirname(current);
+      if (parent === current) break;
+      tail.push(path3.basename(current));
+      current = parent;
+    }
+  }
+  return path3.resolve(target);
+}
+function isPathWithin(target, root) {
+  const realRoot = safeRealpath(root);
+  const realTarget = safeRealpath(target);
+  if (realTarget === realRoot) return true;
+  const rootWithSep = realRoot.endsWith(path3.sep) ? realRoot : realRoot + path3.sep;
+  return realTarget.startsWith(rootWithSep);
+}
+function checkWorkspaceAccess(contextPath, allowedRoots) {
+  const real = safeRealpath(contextPath);
+  if (real === path3.parse(real).root) {
+    return {
+      allowed: false,
+      reason: `Refusing to run with the filesystem root "${real}" as the workspace.`
+    };
+  }
+  if (allowedRoots.length > 0) {
+    const within = allowedRoots.some((root) => isPathWithin(contextPath, root));
+    if (!within) {
+      return {
+        allowed: false,
+        reason: `Working directory "${contextPath}" is outside the allowed paths.`
+      };
+    }
+  }
+  return { allowed: true };
+}
 var GuardrailEnforcer = class {
   constructor(config) {
     this.config = config;
@@ -1272,11 +1351,11 @@ var GuardrailEnforcer = class {
    * Check if a file path is accessible for the given operation.
    */
   checkPathAccess(filePath, operation) {
-    const normalizedPath = path3.resolve(filePath);
+    const realPath = safeRealpath(filePath);
     if (operation === "write" || operation === "delete") {
       if (this.config.writablePaths.length > 0) {
         const isWritable = this.config.writablePaths.some(
-          (wp) => normalizedPath.startsWith(path3.resolve(wp))
+          (wp) => isPathWithin(filePath, wp)
         );
         if (!isWritable) {
           return {
@@ -1289,7 +1368,7 @@ var GuardrailEnforcer = class {
     if (operation === "read") {
       if (this.config.readablePaths.length > 0) {
         const isReadable = this.config.readablePaths.some(
-          (rp) => normalizedPath.startsWith(path3.resolve(rp))
+          (rp) => isPathWithin(filePath, rp)
         );
         if (!isReadable) {
           return {
@@ -1308,9 +1387,10 @@ var GuardrailEnforcer = class {
       "id_rsa",
       "id_ed25519"
     ];
-    const basename3 = path3.basename(normalizedPath);
+    const basename3 = path3.basename(realPath);
+    const normForward = realPath.split(path3.sep).join("/");
     for (const sensitive of sensitivePatterns) {
-      if (basename3 === sensitive || normalizedPath.includes(`/${sensitive}`)) {
+      if (basename3 === sensitive || normForward.includes(`/${sensitive}`)) {
         return {
           allowed: false,
           reason: `Access to sensitive path "${filePath}" is blocked by default`
@@ -1417,7 +1497,9 @@ var HeartbeatService = class {
       machineId: this.opts.machineId,
       status: "online",
       activeSessionCount: this.opts.getActiveSessionCount(),
-      resourceUsage: this.opts.getResourceUsage?.()
+      resourceUsage: this.opts.getResourceUsage?.(),
+      cliVersion: this.opts.cliVersion,
+      posture: this.opts.posture
     };
     try {
       const response = await fetch(
@@ -1446,6 +1528,141 @@ var HeartbeatService = class {
   }
 };
 
+// _apps/@onklave/agent-cli/src/services/cli-version.ts
+import * as fs4 from "node:fs";
+import * as path4 from "node:path";
+import { fileURLToPath } from "node:url";
+
+// _apps/@onklave/agent-cli/src/services/daemon-update-checker.service.ts
+var REGISTRY_URL = "https://registry.npmjs.org";
+var PACKAGE_NAME = "@onklave/agent-cli";
+var DaemonUpdateChecker = class {
+  constructor(opts) {
+    this.latestVersion = null;
+    this.lastCheckedAt = null;
+    this.emittedForVersion = null;
+    this.currentVersion = opts.currentVersion;
+    this.audit = opts.audit;
+    this.registryFetcher = opts.registryFetcher ?? defaultRegistryFetcher;
+  }
+  /**
+   * Hit the registry. On success, sets latestVersion and (if newer than
+   * current) emits `daemon.update_available` — exactly once per version,
+   * even across repeated checks. On failure, logs and returns; the next
+   * tick can retry.
+   */
+  async check() {
+    try {
+      const latest = await this.registryFetcher(PACKAGE_NAME);
+      this.latestVersion = latest;
+      this.lastCheckedAt = /* @__PURE__ */ new Date();
+      if (isNewerVersion(latest, this.currentVersion) && this.emittedForVersion !== latest) {
+        this.audit.record({
+          sessionId: this.currentVersion,
+          type: "daemon_lifecycle" /* DAEMON_LIFECYCLE */,
+          action: DAEMON_AUDIT_ACTIONS.UPDATE_AVAILABLE,
+          details: {
+            currentVersion: this.currentVersion,
+            latestVersion: latest
+          },
+          outcome: "success"
+        });
+        this.emittedForVersion = latest;
+      }
+    } catch (err) {
+      console.warn(
+        `[daemon] update check failed: ${err.message} (will retry)`
+      );
+    }
+  }
+  info() {
+    return {
+      currentVersion: this.currentVersion,
+      latestVersion: this.latestVersion,
+      updateAvailable: !!this.latestVersion && isNewerVersion(this.latestVersion, this.currentVersion),
+      checkedAt: this.lastCheckedAt?.toISOString() ?? null
+    };
+  }
+};
+async function defaultRegistryFetcher(packageName) {
+  const url = `${REGISTRY_URL}/${encodeURIComponent(packageName)}/latest`;
+  const response = await fetch(url, {
+    method: "GET",
+    headers: { Accept: "application/json" },
+    signal: AbortSignal.timeout(1e4)
+  });
+  if (!response.ok) {
+    throw new Error(`registry ${response.status} ${response.statusText}`);
+  }
+  const body = await response.json();
+  if (!body.version) throw new Error("registry response missing version");
+  return body.version;
+}
+function isNewerVersion(a, b) {
+  const pa = parseSemverNumeric(a);
+  const pb = parseSemverNumeric(b);
+  if (!pa || !pb) return false;
+  for (let i = 0; i < 3; i += 1) {
+    if (pa[i] > pb[i]) return true;
+    if (pa[i] < pb[i]) return false;
+  }
+  return false;
+}
+function parseSemverNumeric(v) {
+  const match = /^(\d+)\.(\d+)\.(\d+)/.exec(v);
+  if (!match) return null;
+  return [
+    Number.parseInt(match[1], 10),
+    Number.parseInt(match[2], 10),
+    Number.parseInt(match[3], 10)
+  ];
+}
+
+// _apps/@onklave/agent-cli/src/services/cli-version.ts
+function readPackageVersion() {
+  try {
+    const moduleDir = path4.dirname(fileURLToPath(import.meta.url));
+    const candidates = [
+      path4.join(moduleDir, "package.json"),
+      // bundled: dist root
+      path4.join(moduleDir, "..", "package.json"),
+      path4.join(moduleDir, "..", "..", "package.json"),
+      // dev: src/services -> root
+      path4.join(moduleDir, "..", "..", "..", "package.json")
+    ];
+    for (const p of candidates) {
+      if (!fs4.existsSync(p)) continue;
+      const pkg = JSON.parse(fs4.readFileSync(p, "utf8"));
+      if (pkg.name === PACKAGE_NAME && pkg.version) return pkg.version;
+    }
+  } catch {
+  }
+  return null;
+}
+function getCurrentVersion() {
+  return readPackageVersion() ?? "0.0.0";
+}
+
+// _apps/@onklave/agent-cli/src/services/posture.ts
+import * as fs5 from "fs";
+import * as os3 from "os";
+function collectPosture() {
+  let dockerized = false;
+  try {
+    dockerized = fs5.existsSync("/.dockerenv") || !!process.env["ONKLAVE_RUNNER_DOCKERIZED"];
+  } catch {
+  }
+  let runningAsRoot = false;
+  try {
+    runningAsRoot = typeof process.getuid === "function" && process.getuid() === 0;
+  } catch {
+  }
+  return { osVersion: os3.release(), dockerized, runningAsRoot };
+}
+
+// _apps/@onklave/agent-cli/src/commands/run.command.ts
+import * as path5 from "path";
+
 // _apps/@onklave/agent-cli/src/tui/render.tsx
 import { render } from "ink";
 
@@ -2032,6 +2249,27 @@ async function runCommand(args) {
     resolvedConfig.platformUrl,
     creds.token
   );
+  let serverAllowedPaths = [];
+  if (creds.machineId && creds.deviceToken) {
+    try {
+      const policy = await platformClient.getRunnerPolicy(creds.deviceToken);
+      serverAllowedPaths = policy.allowedWorkPaths ?? [];
+    } catch (err) {
+      console.warn(
+        `Warning: could not fetch runner policy: ${err.message}`
+      );
+    }
+  }
+  const effectiveAllowedRoots = serverAllowedPaths.length ? serverAllowedPaths : [...resolvedConfig.writablePaths, ...resolvedConfig.readablePaths];
+  const workspaceVerdict = checkWorkspaceAccess(
+    resolvedConfig.context,
+    effectiveAllowedRoots
+  );
+  if (!workspaceVerdict.allowed) {
+    console.error(`Error: ${workspaceVerdict.reason}`);
+    process.exitCode = 1;
+    return;
+  }
   const sessionManager = new SessionManager();
   let heartbeat = null;
   if (creds.machineId && creds.deviceToken) {
@@ -2039,7 +2277,9 @@ async function runCommand(args) {
       platformUrl: resolvedConfig.platformUrl,
       deviceToken: creds.deviceToken,
       machineId: creds.machineId,
-      getActiveSessionCount: () => sessionManager.getActiveSessionIds().length
+      getActiveSessionCount: () => sessionManager.getActiveSessionIds().length,
+      cliVersion: getCurrentVersion(),
+      posture: collectPosture()
     });
     heartbeat.start();
     const stopHeartbeat = () => heartbeat?.stop();
@@ -2121,8 +2361,8 @@ async function runCommand(args) {
   }
   const addDirs = [
     .../* @__PURE__ */ new Set([
-      ...resolvedConfig.writablePaths,
-      ...resolvedConfig.readablePaths
+      path5.resolve(resolvedConfig.context),
+      ...effectiveAllowedRoots
     ])
   ];
   const sessionConfig = {
@@ -2235,15 +2475,15 @@ async function runCommand(args) {
           }
         }
       });
-      await new Promise((resolve3) => {
+      await new Promise((resolve4) => {
         const checkInterval = setInterval(() => {
           if (!sessionManager.isSessionActive(sessionId)) {
             clearInterval(checkInterval);
-            resolve3();
+            resolve4();
           }
         }, 500);
       });
-      await new Promise((resolve3) => setTimeout(resolve3, 1e3));
+      await new Promise((resolve4) => setTimeout(resolve4, 1e3));
       tuiInstance.unmount();
     } catch (err) {
       tuiInstance.unmount();
@@ -2349,11 +2589,11 @@ Session timed out after ${resolvedConfig.timeout} seconds.`
           commsClient.disconnect();
         }
       });
-      await new Promise((resolve3) => {
+      await new Promise((resolve4) => {
         const checkInterval = setInterval(() => {
           if (!sessionManager.isSessionActive(sessionId)) {
             clearInterval(checkInterval);
-            resolve3();
+            resolve4();
           }
         }, 500);
       });
@@ -2584,8 +2824,8 @@ async function denyCommand(args) {
 }
 
 // _apps/@onklave/agent-cli/src/commands/doctor.command.ts
-import * as fs3 from "fs";
-import * as path4 from "path";
+import * as fs6 from "fs";
+import * as path6 from "path";
 import { execSync } from "child_process";
 async function doctorCommand() {
   console.log("Onklave Agent CLI \u2014 Doctor\n");
@@ -2693,10 +2933,10 @@ function checkNodeVersion() {
   };
 }
 function checkProjectConfig() {
-  const configPath = path4.join(process.cwd(), ".onklave.json");
-  if (fs3.existsSync(configPath)) {
+  const configPath = path6.join(process.cwd(), ".onklave.json");
+  if (fs6.existsSync(configPath)) {
     try {
-      const raw = fs3.readFileSync(configPath, "utf-8");
+      const raw = fs6.readFileSync(configPath, "utf-8");
       JSON.parse(raw);
       return {
         name: "Project config",
@@ -2746,18 +2986,18 @@ async function checkWebSocket() {
 }
 
 // _apps/@onklave/agent-cli/src/commands/init.command.ts
-import * as fs4 from "fs";
-import * as path5 from "path";
+import * as fs7 from "fs";
+import * as path7 from "path";
 async function initCommand() {
-  const configPath = path5.join(process.cwd(), ".onklave.json");
-  if (fs4.existsSync(configPath)) {
+  const configPath = path7.join(process.cwd(), ".onklave.json");
+  if (fs7.existsSync(configPath)) {
     console.error("Error: .onklave.json already exists in this directory.");
     console.log("To overwrite, delete the existing file first.");
     process.exitCode = 1;
     return;
   }
   const template = {
-    project: path5.basename(process.cwd()),
+    project: path7.basename(process.cwd()),
     org: "",
     description: "",
     defaults: {
@@ -2792,7 +3032,7 @@ async function initCommand() {
       system_prompt_append: ""
     }
   };
-  fs4.writeFileSync(
+  fs7.writeFileSync(
     configPath,
     JSON.stringify(template, null, 2) + "\n",
     "utf-8"
@@ -2879,7 +3119,7 @@ async function configCommand(args) {
 }
 
 // _apps/@onklave/agent-cli/src/commands/register.command.ts
-import * as os3 from "os";
+import * as os4 from "os";
 async function registerCommand(args) {
   const { flags } = parseArgs(args);
   const refresh = flags["refresh"] === true;
@@ -2891,8 +3131,8 @@ async function registerCommand(args) {
     console.log("  onklave register --refresh        # re-detect capabilities");
     console.log("\nTo obtain a linking token:");
     console.log("  1. Log in to the Onklave Portal");
-    console.log("  2. Navigate to Settings > Machines");
-    console.log('  3. Click "Register Machine" to generate a linking token');
+    console.log("  2. Navigate to Worker Nodes");
+    console.log('  3. Click "Add Worker Node" to generate a linking token');
     process.exitCode = 1;
     return;
   }
@@ -2926,11 +3166,13 @@ Machine ${creds.machineId} updated successfully.`);
     return;
   }
   const metadata = {
-    hostname: os3.hostname(),
-    os: `${os3.platform()} ${os3.release()}`,
-    arch: os3.arch(),
+    hostname: os4.hostname(),
+    os: `${os4.platform()} ${os4.release()}`,
+    arch: os4.arch(),
     nodeVersion: process.version,
-    capabilities: detectCapabilities()
+    cliVersion: getCurrentVersion(),
+    capabilities: detectCapabilities(),
+    posture: collectPosture()
   };
   try {
     console.log("Registering machine with Onklave platform...");
@@ -3021,7 +3263,7 @@ async function logsCommand(args) {
 }
 
 // _apps/@onklave/agent-cli/src/commands/daemon.command.ts
-import * as fs8 from "fs";
+import * as fs10 from "fs";
 
 // _apps/@onklave/agent-cli/src/services/daemon-comms.service.ts
 var DaemonCommsService = class {
@@ -3095,7 +3337,7 @@ var DaemonCommsService = class {
   }
 };
 function defaultSleep(ms) {
-  return new Promise((resolve3) => setTimeout(resolve3, ms));
+  return new Promise((resolve4) => setTimeout(resolve4, ms));
 }
 
 // _apps/@onklave/agent-cli/src/services/daemon-claim-handler.service.ts
@@ -3448,8 +3690,8 @@ var PlatformBrokerClient = class {
       params
     );
   }
-  async request(method, path10, body) {
-    const url = `${this.baseUrl}/agent-orchestration${path10}`;
+  async request(method, path11, body) {
+    const url = `${this.baseUrl}/agent-orchestration${path11}`;
     const response = await fetch(url, {
       method,
       headers: {
@@ -3485,9 +3727,9 @@ var PlatformBrokerClient = class {
 
 // _apps/@onklave/agent-cli/src/services/work-item-runner.service.ts
 import { spawn as spawn2 } from "child_process";
-import * as fs5 from "fs";
-import * as os4 from "os";
-import * as path6 from "path";
+import * as fs8 from "fs";
+import * as os5 from "os";
+import * as path8 from "path";
 var WorkItemRunner = class {
   constructor(opts = {}) {
     this.sessionManager = opts.sessionManager ?? new SessionManager();
@@ -3508,10 +3750,10 @@ var WorkItemRunner = class {
         summary: `Work item ${workItem.id} has no clonable repo (project.repos[0].url missing).`
       };
     }
-    const workDir = fs5.mkdtempSync(
-      path6.join(os4.tmpdir(), `onklave-pickup-${sessionId}-`)
+    const workDir = fs8.mkdtempSync(
+      path8.join(os5.tmpdir(), `onklave-pickup-${sessionId}-`)
     );
-    const repoDir = path6.join(workDir, sanitizeName(repo.name) || "repo");
+    const repoDir = path8.join(workDir, sanitizeName(repo.name) || "repo");
     const branchName = `onklave/work-item/${workItem.id}`;
     try {
       await this.git(["clone", repo.url, repoDir], workDir);
@@ -3563,7 +3805,7 @@ var WorkItemRunner = class {
       systemPromptAppend: null
     };
     let output = "";
-    const exitCode = await new Promise((resolve3) => {
+    const exitCode = await new Promise((resolve4) => {
       const timeout = setTimeout(() => {
         void this.sessionManager.stopSession(sessionId).catch(() => void 0);
       }, this.timeoutSeconds * 1e3);
@@ -3576,7 +3818,7 @@ var WorkItemRunner = class {
         },
         onExit: (code) => {
           clearTimeout(timeout);
-          resolve3(code);
+          resolve4(code);
         }
       });
     });
@@ -3609,12 +3851,12 @@ function sanitizeName(name) {
 }
 function cleanup(dir) {
   try {
-    fs5.rmSync(dir, { recursive: true, force: true });
+    fs8.rmSync(dir, { recursive: true, force: true });
   } catch {
   }
 }
 function defaultGit(args, cwd) {
-  return new Promise((resolve3, reject) => {
+  return new Promise((resolve4, reject) => {
     const child = spawn2("git", args, {
       cwd,
       stdio: ["ignore", "pipe", "pipe"]
@@ -3626,7 +3868,7 @@ function defaultGit(args, cwd) {
     child.on("error", (err) => reject(err));
     child.on("exit", (code) => {
       if (code === 0) {
-        resolve3();
+        resolve4();
       } else {
         reject(new Error(`git ${args[0]} exited ${code}: ${stderr.trim()}`));
       }
@@ -3635,7 +3877,7 @@ function defaultGit(args, cwd) {
 }
 
 // _apps/@onklave/agent-cli/src/services/daemon-resource-sampler.service.ts
-import * as os5 from "os";
+import * as os6 from "os";
 var DEFAULT_SAMPLE_INTERVAL_MS = 5e3;
 var DEFAULT_WINDOW_MS = 6e4;
 var DaemonResourceSampler = class {
@@ -3703,8 +3945,8 @@ var DaemonResourceSampler = class {
   }
 };
 function defaultCpuPercent() {
-  const cpus2 = os5.cpus().length || 1;
-  const load1m = os5.loadavg()[0];
+  const cpus2 = os6.cpus().length || 1;
+  const load1m = os6.loadavg()[0];
   return load1m / cpus2 * 100;
 }
 function defaultMemoryRss() {
@@ -3735,7 +3977,7 @@ var DaemonSpawner = class {
       orgId: req.orgId,
       systemPromptAppend: null
     };
-    return new Promise((resolve3, reject) => {
+    return new Promise((resolve4, reject) => {
       void this.sessionManager.spawnSession(req.sessionId, config, {
         onStdout: (data) => {
           process.stdout.write(data);
@@ -3745,7 +3987,7 @@ var DaemonSpawner = class {
         },
         onExit: (code, signal) => {
           if (code === 0) {
-            resolve3();
+            resolve4();
           } else {
             reject(
               new Error(
@@ -3896,123 +4138,48 @@ var DaemonTokenRefresher = class {
   }
 };
 
-// _apps/@onklave/agent-cli/src/services/daemon-update-checker.service.ts
-var REGISTRY_URL = "https://registry.npmjs.org";
-var PACKAGE_NAME = "@onklave/agent-cli";
-var DaemonUpdateChecker = class {
+// _apps/@onklave/agent-cli/src/services/daemon-upgrade.service.ts
+var DaemonUpgradeService = class {
   constructor(opts) {
-    this.latestVersion = null;
-    this.lastCheckedAt = null;
-    this.emittedForVersion = null;
-    this.currentVersion = opts.currentVersion;
-    this.audit = opts.audit;
-    this.registryFetcher = opts.registryFetcher ?? defaultRegistryFetcher;
+    this.opts = opts;
   }
-  /**
-   * Hit the registry. On success, sets latestVersion and (if newer than
-   * current) emits `daemon.update_available` — exactly once per version,
-   * even across repeated checks. On failure, logs and returns; the next
-   * tick can retry.
-   */
-  async check() {
+  async handle() {
+    const { allowAutoUpgrade, currentVersion } = this.opts;
+    if (!allowAutoUpgrade) {
+      this.opts.audit("upgrade_requested_denied", {
+        reason: "auto_upgrade_disabled",
+        currentVersion
+      });
+      this.opts.log?.(
+        "[daemon] upgrade requested, but auto-upgrade is disabled (set ONKLAVE_ALLOW_AUTO_UPGRADE=1 to opt in). Upgrade manually: npm install -g @onklave/agent-cli@latest"
+      );
+      return;
+    }
+    this.opts.audit("upgrade_started", { from: currentVersion });
     try {
-      const latest = await this.registryFetcher(PACKAGE_NAME);
-      this.latestVersion = latest;
-      this.lastCheckedAt = /* @__PURE__ */ new Date();
-      if (isNewerVersion(latest, this.currentVersion) && this.emittedForVersion !== latest) {
-        this.audit.record({
-          sessionId: this.currentVersion,
-          type: "daemon_lifecycle" /* DAEMON_LIFECYCLE */,
-          action: DAEMON_AUDIT_ACTIONS.UPDATE_AVAILABLE,
-          details: {
-            currentVersion: this.currentVersion,
-            latestVersion: latest
-          },
-          outcome: "success"
-        });
-        this.emittedForVersion = latest;
-      }
-    } catch (err) {
-      console.warn(
-        `[daemon] update check failed: ${err.message} (will retry)`
+      const newVersion = await this.opts.runInstall();
+      this.opts.audit("upgrade_completed", {
+        from: currentVersion,
+        to: newVersion
+      });
+      this.opts.log?.(
+        `[daemon] upgraded ${currentVersion} -> ${newVersion}; restarting for supervisor pickup.`
       );
+      this.opts.requestRestart();
+    } catch (err) {
+      this.opts.audit("upgrade_failed", {
+        from: currentVersion,
+        error: err.message
+      });
+      this.opts.log?.(`[daemon] upgrade failed: ${err.message}`);
     }
   }
-  info() {
-    return {
-      currentVersion: this.currentVersion,
-      latestVersion: this.latestVersion,
-      updateAvailable: !!this.latestVersion && isNewerVersion(this.latestVersion, this.currentVersion),
-      checkedAt: this.lastCheckedAt?.toISOString() ?? null
-    };
-  }
 };
-async function defaultRegistryFetcher(packageName) {
-  const url = `${REGISTRY_URL}/${encodeURIComponent(packageName)}/latest`;
-  const response = await fetch(url, {
-    method: "GET",
-    headers: { Accept: "application/json" },
-    signal: AbortSignal.timeout(1e4)
-  });
-  if (!response.ok) {
-    throw new Error(`registry ${response.status} ${response.statusText}`);
-  }
-  const body = await response.json();
-  if (!body.version) throw new Error("registry response missing version");
-  return body.version;
-}
-function isNewerVersion(a, b) {
-  const pa = parseSemverNumeric(a);
-  const pb = parseSemverNumeric(b);
-  if (!pa || !pb) return false;
-  for (let i = 0; i < 3; i += 1) {
-    if (pa[i] > pb[i]) return true;
-    if (pa[i] < pb[i]) return false;
-  }
-  return false;
-}
-function parseSemverNumeric(v) {
-  const match = /^(\d+)\.(\d+)\.(\d+)/.exec(v);
-  if (!match) return null;
-  return [
-    Number.parseInt(match[1], 10),
-    Number.parseInt(match[2], 10),
-    Number.parseInt(match[3], 10)
-  ];
-}
-
-// _apps/@onklave/agent-cli/src/services/cli-version.ts
-import * as fs6 from "node:fs";
-import * as path7 from "node:path";
-import { fileURLToPath } from "node:url";
-function readPackageVersion() {
-  try {
-    const moduleDir = path7.dirname(fileURLToPath(import.meta.url));
-    const candidates = [
-      path7.join(moduleDir, "package.json"),
-      // bundled: dist root
-      path7.join(moduleDir, "..", "package.json"),
-      path7.join(moduleDir, "..", "..", "package.json"),
-      // dev: src/services -> root
-      path7.join(moduleDir, "..", "..", "..", "package.json")
-    ];
-    for (const p of candidates) {
-      if (!fs6.existsSync(p)) continue;
-      const pkg = JSON.parse(fs6.readFileSync(p, "utf8"));
-      if (pkg.name === PACKAGE_NAME && pkg.version) return pkg.version;
-    }
-  } catch {
-  }
-  return null;
-}
-function getCurrentVersion() {
-  return readPackageVersion() ?? "0.0.0";
-}
 
 // _apps/@onklave/agent-cli/src/services/daemon-state.service.ts
-import * as fs7 from "fs";
-import * as path8 from "path";
-import * as os6 from "os";
+import * as fs9 from "fs";
+import * as path9 from "path";
+import * as os7 from "os";
 var VALID_TRANSITIONS = {
   installing: ["registered"],
   registered: ["starting"],
@@ -4023,10 +4190,10 @@ var VALID_TRANSITIONS = {
   stopped: ["starting"]
 };
 function defaultStateFilePath() {
-  return path8.join(os6.homedir(), ".config", "onklave", "daemon.state.json");
+  return path9.join(os7.homedir(), ".config", "onklave", "daemon.state.json");
 }
 function defaultPidFilePath() {
-  return path8.join(os6.homedir(), ".config", "onklave", "daemon.pid");
+  return path9.join(os7.homedir(), ".config", "onklave", "daemon.pid");
 }
 var DaemonStateError = class extends Error {
   constructor(message) {
@@ -4050,8 +4217,8 @@ var DaemonStateService = class {
    */
   static readPersisted(stateFile = defaultStateFilePath()) {
     try {
-      if (!fs7.existsSync(stateFile)) return null;
-      const raw = fs7.readFileSync(stateFile, "utf8");
+      if (!fs9.existsSync(stateFile)) return null;
+      const raw = fs9.readFileSync(stateFile, "utf8");
       const parsed = JSON.parse(raw);
       if (!parsed.state || !parsed.enteredAt) return null;
       return parsed;
@@ -4101,8 +4268,8 @@ var DaemonStateService = class {
     }
   }
   persist(reason) {
-    const dir = path8.dirname(this.stateFile);
-    fs7.mkdirSync(dir, { recursive: true });
+    const dir = path9.dirname(this.stateFile);
+    fs9.mkdirSync(dir, { recursive: true });
     const payload = {
       state: this.current,
       enteredAt: this.enteredAt.toISOString(),
@@ -4112,8 +4279,8 @@ var DaemonStateService = class {
       ...this.latestRuntime ? { runtime: this.latestRuntime } : {}
     };
     const tmp = `${this.stateFile}.tmp`;
-    fs7.writeFileSync(tmp, JSON.stringify(payload, null, 2));
-    fs7.renameSync(tmp, this.stateFile);
+    fs9.writeFileSync(tmp, JSON.stringify(payload, null, 2));
+    fs9.renameSync(tmp, this.stateFile);
   }
   /**
    * Publish the latest runtime snapshot. Persists to the state file
@@ -4131,7 +4298,7 @@ var DaemonStateService = class {
    */
   clearPersisted() {
     try {
-      fs7.unlinkSync(this.stateFile);
+      fs9.unlinkSync(this.stateFile);
     } catch {
     }
   }
@@ -4375,7 +4542,9 @@ async function daemonStart() {
     platformUrl,
     deviceToken: creds.deviceToken,
     machineId: creds.machineId,
-    getActiveSessionCount: () => claimHandler.getActiveSessionCount()
+    getActiveSessionCount: () => claimHandler.getActiveSessionCount(),
+    cliVersion: readPackageVersion() ?? "0.0.0",
+    posture: collectPosture()
   });
   const drainAndExit = async (reason) => {
     if (shuttingDown) return;
@@ -4438,6 +4607,35 @@ async function daemonStart() {
   }
   console.log("Connected.");
   claimHandler.attachToSocket(comms.inner());
+  const upgradeService = new DaemonUpgradeService({
+    allowAutoUpgrade: !!process.env["ONKLAVE_ALLOW_AUTO_UPGRADE"],
+    currentVersion: readPackageVersion() ?? "0.0.0",
+    runInstall: async () => {
+      const { execFileSync } = __require("child_process");
+      execFileSync("npm", ["install", "-g", "@onklave/agent-cli@latest"], {
+        stdio: "pipe",
+        timeout: 18e4
+      });
+      const v = execFileSync(
+        "npm",
+        ["view", "@onklave/agent-cli@latest", "version"],
+        { stdio: "pipe", timeout: 3e4 }
+      ).toString().trim();
+      return v || "latest";
+    },
+    requestRestart: () => void drainAndExit("upgrade"),
+    audit: (action, details) => auditStreamer.record({
+      sessionId: creds.machineId,
+      type: "daemon_lifecycle" /* DAEMON_LIFECYCLE */,
+      action,
+      details,
+      outcome: action === "upgrade_failed" ? "failure" : "success"
+    }),
+    log: (m) => console.log(m)
+  });
+  comms.inner().onUpgradeRequest(() => {
+    void upgradeService.handle();
+  });
   await stateService.transition("online");
   heartbeat.start();
   resourceSampler.start();
@@ -4587,7 +4785,7 @@ function transitionToAction(next) {
 }
 function readPid(pidFile) {
   try {
-    const raw = fs8.readFileSync(pidFile, "utf8").trim();
+    const raw = fs10.readFileSync(pidFile, "utf8").trim();
     const parsed = Number.parseInt(raw, 10);
     return Number.isFinite(parsed) && parsed > 0 ? parsed : null;
   } catch {
@@ -4596,12 +4794,12 @@ function readPid(pidFile) {
 }
 function writePid(pidFile) {
   const dir = pidFile.replace(/\/[^/]+$/, "");
-  fs8.mkdirSync(dir, { recursive: true });
-  fs8.writeFileSync(pidFile, String(process.pid), { mode: 384 });
+  fs10.mkdirSync(dir, { recursive: true });
+  fs10.writeFileSync(pidFile, String(process.pid), { mode: 384 });
 }
 function removePid(pidFile) {
   try {
-    fs8.unlinkSync(pidFile);
+    fs10.unlinkSync(pidFile);
   } catch {
   }
 }
@@ -4645,15 +4843,15 @@ var COMMANDS = {
 };
 
 // _apps/@onklave/agent-cli/src/services/update-notifier.service.ts
-import * as fs9 from "node:fs";
-import * as path9 from "node:path";
-import * as os7 from "node:os";
+import * as fs11 from "node:fs";
+import * as path10 from "node:path";
+import * as os8 from "node:os";
 import { createInterface } from "node:readline/promises";
 import { spawnSync } from "node:child_process";
 var CHECK_TTL_MS = 24 * 60 * 60 * 1e3;
 var FETCH_DEADLINE_MS = 1500;
-var CACHE_PATH = path9.join(
-  os7.homedir(),
+var CACHE_PATH = path10.join(
+  os8.homedir(),
   ".config",
   "onklave",
   "update-check.json"
@@ -4732,7 +4930,7 @@ async function maybeNotifyUpdate(deps = {}) {
   }
 }
 function withTimeout(promise, ms) {
-  return new Promise((resolve3, reject) => {
+  return new Promise((resolve4, reject) => {
     const timer = setTimeout(
       () => reject(new Error("update check timed out")),
       ms
@@ -4741,7 +4939,7 @@ function withTimeout(promise, ms) {
     promise.then(
       (value) => {
         clearTimeout(timer);
-        resolve3(value);
+        resolve4(value);
       },
       (err) => {
         clearTimeout(timer);
@@ -4763,16 +4961,16 @@ function isCacheFresh(cache, nowMs) {
 }
 function readCache() {
   try {
-    if (!fs9.existsSync(CACHE_PATH)) return {};
-    return JSON.parse(fs9.readFileSync(CACHE_PATH, "utf8"));
+    if (!fs11.existsSync(CACHE_PATH)) return {};
+    return JSON.parse(fs11.readFileSync(CACHE_PATH, "utf8"));
   } catch {
     return {};
   }
 }
 function writeCache(cache) {
   try {
-    fs9.mkdirSync(path9.dirname(CACHE_PATH), { recursive: true, mode: 448 });
-    fs9.writeFileSync(CACHE_PATH, JSON.stringify(cache, null, 2), "utf8");
+    fs11.mkdirSync(path10.dirname(CACHE_PATH), { recursive: true, mode: 448 });
+    fs11.writeFileSync(CACHE_PATH, JSON.stringify(cache, null, 2), "utf8");
   } catch {
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@onklave/agent-cli",
-  "version": "0.1.44",
+  "version": "0.1.46",
   "description": "Onklave Agent CLI — local agent runner with cloud orchestration",
   "bin": {
     "onklave": "./main.js"