@openape/apes 0.14.3 → 0.15.1

package/dist/cli.js

@@ -61,7 +61,7 @@ import {
 } from "./chunk-6GPSKAMU.js";
 
 // src/cli.ts
-import consola28 from "consola";
+import consola32 from "consola";
 
 // src/ape-shell.ts
 import path from "path";
@@ -91,7 +91,7 @@ function rewriteApeShellArgs(argv, argv0) {
 }
 
 // src/cli.ts
-import { defineCommand as defineCommand34, runMain } from "citty";
+import { defineCommand as defineCommand39, runMain } from "citty";
 
 // src/commands/auth/login.ts
 import { Buffer } from "buffer";
@@ -329,8 +329,8 @@ async function loginWithPKCE(idp) {
   consola2.success(`Logged in as ${payload.email || payload.sub}`);
 }
 async function loginWithKey(idp, keyPath, agentEmail) {
-  const { readFileSync: readFileSync4 } = await import("fs");
-  const { sign: sign2 } = await import("crypto");
+  const { readFileSync: readFileSync7 } = await import("fs");
+  const { sign: sign3 } = await import("crypto");
   const { loadEd25519PrivateKey: loadEd25519PrivateKey2 } = await import("./ssh-key-YBNNG5K5.js");
   const challengeUrl = await getAgentChallengeEndpoint(idp);
   const challengeResp = await fetch(challengeUrl, {
@@ -342,9 +342,9 @@ async function loginWithKey(idp, keyPath, agentEmail) {
     throw new CliError(`Challenge failed: ${await challengeResp.text()}`);
   }
   const { challenge } = await challengeResp.json();
-  const keyContent = readFileSync4(keyPath, "utf-8");
+  const keyContent = readFileSync7(keyPath, "utf-8");
   const privateKey = loadEd25519PrivateKey2(keyContent);
-  const signature = sign2(null, Buffer.from(challenge), privateKey).toString("base64");
+  const signature = sign3(null, Buffer.from(challenge), privateKey).toString("base64");
   const authenticateUrl = await getAgentAuthenticateEndpoint(idp);
   const authResp = await fetch(authenticateUrl, {
     method: "POST",
@@ -1692,16 +1692,698 @@ var adminCommand = defineCommand19({
   }
 });
 
-// src/commands/adapter/index.ts
+// src/commands/agents/index.ts
+import { defineCommand as defineCommand24 } from "citty";
+
+// src/commands/agents/destroy.ts
+import { execFileSync as execFileSync3 } from "child_process";
+import { mkdtempSync, rmSync, writeFileSync } from "fs";
+import { tmpdir } from "os";
+import { join as join2 } from "path";
 import { defineCommand as defineCommand20 } from "citty";
 import consola18 from "consola";
-var adapterCommand = defineCommand20({
+
+// src/lib/agent-bootstrap.ts
+import { Buffer as Buffer2 } from "buffer";
+import { createPrivateKey, sign } from "crypto";
+var AGENT_NAME_REGEX = /^[a-z][a-z0-9-]{0,23}$/;
+var SSH_ED25519_PREFIX = "ssh-ed25519 ";
+var SSH_ED25519_REGEX = /^ssh-ed25519 [A-Za-z0-9+/=]+(\s.*)?$/;
+async function registerAgentAtIdp(input) {
+  return await apiFetch("/api/enroll", {
+    method: "POST",
+    body: { name: input.name, publicKey: input.publicKey },
+    idp: input.idp
+  });
+}
+async function issueAgentToken(input) {
+  const privateKey = createPrivateKey(input.privateKeyPem);
+  const challengeUrl = await getAgentChallengeEndpoint(input.idp);
+  const challengeResp = await fetch(challengeUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ agent_id: input.agentEmail })
+  });
+  if (!challengeResp.ok) {
+    const text = await challengeResp.text().catch(() => "");
+    throw new Error(`Challenge failed (${challengeResp.status}): ${text}`);
+  }
+  const { challenge } = await challengeResp.json();
+  const signature = sign(null, Buffer2.from(challenge), privateKey).toString("base64");
+  const authenticateUrl = await getAgentAuthenticateEndpoint(input.idp);
+  const authResp = await fetch(authenticateUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ agent_id: input.agentEmail, challenge, signature })
+  });
+  if (!authResp.ok) {
+    const text = await authResp.text().catch(() => "");
+    throw new Error(`Authenticate failed (${authResp.status}): ${text}`);
+  }
+  const result = await authResp.json();
+  return { token: result.token, expiresIn: result.expires_in || 3600 };
+}
+var SH_HEREDOC_DELIMITER = "APES_HEREDOC_END";
+function shHeredoc(content) {
+  if (content.includes(SH_HEREDOC_DELIMITER)) {
+    throw new Error(`Refusing to emit heredoc: content contains ${SH_HEREDOC_DELIMITER}`);
+  }
+  return `<< '${SH_HEREDOC_DELIMITER}'
+${content}
+${SH_HEREDOC_DELIMITER}`;
+}
+function buildSpawnSetupScript(input) {
+  const { name, homeDir, shellPath } = input;
+  const privatePemForHeredoc = input.privateKeyPem.endsWith("\n") ? input.privateKeyPem : `${input.privateKeyPem}
+`;
+  const claudeBlock = input.claudeSettingsJson && input.hookScriptSource ? `
+mkdir -p "$HOME_DIR/.claude/hooks"
+cat > "$HOME_DIR/.claude/settings.json" ${shHeredoc(input.claudeSettingsJson)}
+cat > "$HOME_DIR/.claude/hooks/bash-via-ape-shell.sh" ${shHeredoc(input.hookScriptSource)}
+chmod 755 "$HOME_DIR/.claude/hooks/bash-via-ape-shell.sh"
+` : "";
+  return `#!/bin/bash
+set -euo pipefail
+
+NAME=${shQuote(name)}
+HOME_DIR=${shQuote(homeDir)}
+SHELL_PATH=${shQuote(shellPath)}
+
+if dscl . -read "/Users/$NAME" >/dev/null 2>&1; then
+  echo "User $NAME already exists; refusing to overwrite." >&2
+  exit 1
+fi
+
+# Pick the next free UID in the [200, 500) hidden service-account range.
+# Starts the running max at 199 so an empty range yields 200 after the
+# floor check; otherwise NEXT_UID = max(existing in-range UIDs) + 1.
+NEXT_UID=199
+for uid in $(dscl . -list /Users UniqueID | awk '$2 >= 200 && $2 < 500 {print $2}'); do
+  if [ "$uid" -ge "$NEXT_UID" ]; then
+    NEXT_UID=$((uid + 1))
+  fi
+done
+if [ "$NEXT_UID" -lt 200 ]; then
+  NEXT_UID=200
+fi
+if [ "$NEXT_UID" -ge 500 ]; then
+  echo "No free UID in [200, 500) \u2014 refusing to clobber a real user." >&2
+  exit 1
+fi
+
+dscl . -create "/Users/$NAME"
+dscl . -create "/Users/$NAME" UserShell "$SHELL_PATH"
+dscl . -create "/Users/$NAME" RealName "OpenApe Agent $NAME"
+dscl . -create "/Users/$NAME" UniqueID "$NEXT_UID"
+dscl . -create "/Users/$NAME" PrimaryGroupID 20
+dscl . -create "/Users/$NAME" NFSHomeDirectory "$HOME_DIR"
+dscl . -create "/Users/$NAME" IsHidden 1
+
+mkdir -p "$HOME_DIR/.ssh" "$HOME_DIR/.config/apes"
+
+cat > "$HOME_DIR/.ssh/id_ed25519" ${shHeredoc(privatePemForHeredoc.trimEnd())}
+cat > "$HOME_DIR/.ssh/id_ed25519.pub" ${shHeredoc(`${input.publicKeySshLine}`)}
+cat > "$HOME_DIR/.config/apes/auth.json" ${shHeredoc(input.authJson)}
+${claudeBlock}
+chown -R "$NAME:staff" "$HOME_DIR"
+chmod 700 "$HOME_DIR/.ssh"
+chmod 700 "$HOME_DIR/.config"
+chmod 600 "$HOME_DIR/.ssh/id_ed25519"
+chmod 644 "$HOME_DIR/.ssh/id_ed25519.pub"
+chmod 600 "$HOME_DIR/.config/apes/auth.json"
+
+echo "OK $NAME uid=$NEXT_UID home=$HOME_DIR"
+`;
+}
+function buildDestroyTeardownScript(input) {
+  const { name, homeDir } = input;
+  return `#!/bin/bash
+# Best-effort teardown. set -u catches typos; we deliberately do NOT use -e
+# because pkill / launchctl are allowed to fail when the user has no live
+# sessions, and dscl -delete is allowed to fail when the user is already gone.
+set -u
+
+NAME=${shQuote(name)}
+HOME_DIR=${shQuote(homeDir)}
+
+UID_OF=$(dscl . -read "/Users/$NAME" UniqueID 2>/dev/null | awk '/UniqueID:/ {print $2}')
+
+if [ -n "$UID_OF" ]; then
+  launchctl bootout "user/$UID_OF" 2>/dev/null || true
+  pkill -9 -u "$UID_OF" 2>/dev/null || true
+fi
+
+if [ -d "$HOME_DIR" ] && [ "$HOME_DIR" != "/" ] && [ "$HOME_DIR" != "" ]; then
+  rm -rf "$HOME_DIR"
+fi
+
+dscl . -delete "/Users/$NAME" 2>/dev/null || true
+
+echo "OK destroyed $NAME"
+`;
+}
+function shQuote(s) {
+  return `'${s.replace(/'/g, `'\\''`)}'`;
+}
+function buildAgentAuthJson(input) {
+  return `${JSON.stringify({
+    idp: input.idp,
+    access_token: input.accessToken,
+    email: input.email,
+    expires_at: input.expiresAt
+  }, null, 2)}
+`;
+}
+var CLAUDE_SETTINGS_JSON = `${JSON.stringify({
+  hooks: {
+    PreToolUse: [
+      {
+        matcher: "Bash",
+        hooks: [
+          { type: "command", command: "$HOME/.claude/hooks/bash-via-ape-shell.sh" }
+        ]
+      }
+    ]
+  }
+}, null, 2)}
+`;
+var BASH_VIA_APE_SHELL_HOOK_SOURCE = `#!/bin/bash
+# PreToolUse hook for the Bash tool: rewrite the tool input so the
+# original command runs via \`ape-shell -c <cmd>\`. That re-routes every
+# Bash invocation through the apes grant flow, so the agent cannot
+# execute shell commands without an approved grant.
+exec python3 -c '
+import json, shlex, sys
+data = json.load(sys.stdin)
+cmd = data["tool_input"]["command"]
+wrapped = "ape-shell -c " + shlex.quote(cmd)
+out = {"hookSpecificOutput": {"hookEventName": "PreToolUse", "updatedToolInput": {"command": wrapped}}}
+print(json.dumps(out))
+'
+`;
+
+// src/lib/macos-user.ts
+import { execFileSync as execFileSync2 } from "child_process";
+import { existsSync as existsSync3, readFileSync as readFileSync2 } from "fs";
+function isDarwin() {
+  return process.platform === "darwin";
+}
+function readMacOSUser(name) {
+  let output;
+  try {
+    output = execFileSync2("dscl", [".", "-read", `/Users/${name}`], {
+      encoding: "utf-8",
+      stdio: ["ignore", "pipe", "pipe"]
+    });
+  } catch {
+    return null;
+  }
+  const uidMatch = output.match(/UniqueID:\s*(\d+)/);
+  const shellMatch = output.match(/UserShell:\s*(\S.*)$/m);
+  return {
+    name,
+    uid: uidMatch ? Number.parseInt(uidMatch[1], 10) : null,
+    shell: shellMatch ? shellMatch[1].trim() : null
+  };
+}
+function listMacOSUserNames() {
+  let output;
+  try {
+    output = execFileSync2("dscl", [".", "-list", "/Users"], {
+      encoding: "utf-8",
+      stdio: ["ignore", "pipe", "pipe"]
+    });
+  } catch {
+    return /* @__PURE__ */ new Set();
+  }
+  return new Set(
+    output.split("\n").map((line) => line.trim()).filter((line) => line.length > 0)
+  );
+}
+function whichBinary(name) {
+  try {
+    const out = execFileSync2("which", [name], {
+      encoding: "utf-8",
+      stdio: ["ignore", "pipe", "ignore"]
+    }).trim();
+    return out || null;
+  } catch {
+    return null;
+  }
+}
+function isShellRegistered(shellPath) {
+  if (!existsSync3("/etc/shells")) return false;
+  const content = readFileSync2("/etc/shells", "utf-8");
+  return content.split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("#")).includes(shellPath);
+}
+
+// src/commands/agents/destroy.ts
+var destroyAgentCommand = defineCommand20({
+  meta: {
+    name: "destroy",
+    description: "Tear down an agent: remove macOS user, hard-delete IdP agent, drop all SSH keys"
+  },
+  args: {
+    name: {
+      type: "positional",
+      description: "Agent name to destroy",
+      required: true
+    },
+    force: {
+      type: "boolean",
+      description: "Skip the interactive confirmation. Required for CI."
+    },
+    soft: {
+      type: "boolean",
+      description: "Soft deactivate at the IdP (PATCH isActive=false) instead of hard-delete"
+    },
+    "keep-os-user": {
+      type: "boolean",
+      description: "Skip OS-side teardown. Useful for CI where the agent has no OS user."
+    }
+  },
+  async run({ args }) {
+    const name = args.name;
+    if (!AGENT_NAME_REGEX.test(name)) {
+      throw new CliError(
+        `Invalid agent name "${name}". Must match /^[a-z][a-z0-9-]{0,23}$/.`
+      );
+    }
+    const auth = loadAuth();
+    if (!auth) {
+      throw new CliError("Not authenticated. Run `apes login` first.");
+    }
+    const idp = getIdpUrl();
+    if (!idp) {
+      throw new CliError("No IdP URL configured. Run `apes login` first.");
+    }
+    const owned = await apiFetch("/api/my-agents", { idp });
+    const idpAgent = owned.find((u) => u.name === name);
+    const idpExists = idpAgent !== void 0;
+    const osUserExists = !args["keep-os-user"] && isDarwin() && readMacOSUser(name) !== null;
+    if (!idpExists && !osUserExists) {
+      consola18.info(`Nothing to destroy: no IdP agent and no OS user named "${name}".`);
+      return;
+    }
+    if (!args.force) {
+      const consequences = [];
+      if (osUserExists) consequences.push(`\u2022 Remove macOS user ${name} and rm -rf /Users/${name}`);
+      if (idpExists) {
+        consequences.push(args.soft ? `\u2022 Deactivate IdP agent ${idpAgent.email} (PATCH isActive=false)` : `\u2022 Hard-delete IdP agent ${idpAgent.email} and all its SSH keys`);
+      }
+      consola18.warn(`About to destroy "${name}":
+${consequences.join("\n")}`);
+      const confirmed = await consola18.prompt("Proceed?", { type: "confirm", initial: false });
+      if (typeof confirmed === "symbol" || !confirmed) {
+        throw new CliExit(0);
+      }
+    }
+    if (osUserExists) {
+      const apes = whichBinary("apes");
+      if (!apes) {
+        throw new CliError("`apes` not found on PATH. Install @openape/apes globally first.");
+      }
+      const escapes = whichBinary("escapes");
+      if (!escapes) {
+        throw new CliError("`escapes` not found on PATH; OS teardown requires escapes.");
+      }
+      const scratch = mkdtempSync(join2(tmpdir(), `apes-destroy-${name}-`));
+      const scriptPath = join2(scratch, "teardown.sh");
+      try {
+        const script = buildDestroyTeardownScript({ name, homeDir: `/Users/${name}` });
+        writeFileSync(scriptPath, script, { mode: 448 });
+        consola18.start("Running teardown as root via `apes run --as root --wait`\u2026");
+        consola18.info("You will be asked to approve the as=root grant in your DDISA inbox; this command blocks until you do.");
+        execFileSync3(apes, ["run", "--as", "root", "--wait", "--", "bash", scriptPath], { stdio: "inherit" });
+      } finally {
+        rmSync(scratch, { recursive: true, force: true });
+      }
+    } else if (!args["keep-os-user"] && isDarwin()) {
+      consola18.info("No macOS user to remove (skipped).");
+    }
+    if (idpExists) {
+      const id = encodeURIComponent(idpAgent.email);
+      if (args.soft) {
+        await apiFetch(`/api/my-agents/${id}`, { method: "PATCH", body: { isActive: false }, idp });
+        consola18.success(`Deactivated IdP agent ${idpAgent.email}`);
+      } else {
+        await apiFetch(`/api/my-agents/${id}`, { method: "DELETE", idp });
+        consola18.success(`Deleted IdP agent ${idpAgent.email}`);
+      }
+    } else {
+      consola18.info("No IdP agent to remove (skipped).");
+    }
+    consola18.success(`Destroyed ${name}.`);
+  }
+});
+
+// src/commands/agents/list.ts
+import { defineCommand as defineCommand21 } from "citty";
+import consola19 from "consola";
+var listAgentsCommand = defineCommand21({
+  meta: {
+    name: "list",
+    description: "List agents owned by the current user, with local OS-user status"
+  },
+  args: {
+    json: {
+      type: "boolean",
+      description: "Output as JSON"
+    },
+    "include-inactive": {
+      type: "boolean",
+      description: "Include agents whose IdP record is deactivated (default hides them)"
+    }
+  },
+  async run({ args }) {
+    const auth = loadAuth();
+    if (!auth) {
+      throw new CliError("Not authenticated. Run `apes login` first.");
+    }
+    const idp = getIdpUrl();
+    if (!idp) {
+      throw new CliError("No IdP URL configured. Run `apes login` first.");
+    }
+    const all = await apiFetch("/api/my-agents", { idp });
+    const filtered = args["include-inactive"] ? all : all.filter((u) => u.isActive !== false);
+    const osUsers = isDarwin() ? listMacOSUserNames() : /* @__PURE__ */ new Set();
+    const home = (name) => `/Users/${name}`;
+    const rows = filtered.map((u) => ({
+      name: u.name,
+      email: u.email,
+      isActive: u.isActive !== false,
+      osUser: osUsers.has(u.name),
+      home: osUsers.has(u.name) ? home(u.name) : null
+    }));
+    if (args.json) {
+      process.stdout.write(`${JSON.stringify(rows, null, 2)}
+`);
+      return;
+    }
+    if (rows.length === 0) {
+      consola19.info(args["include-inactive"] ? "No agents found." : "No active agents found. Use --include-inactive to show deactivated.");
+      return;
+    }
+    const nameW = Math.max(4, ...rows.map((r) => r.name.length));
+    const emailW = Math.max(5, ...rows.map((r) => r.email.length));
+    const header = `${"NAME".padEnd(nameW)}  ${"EMAIL".padEnd(emailW)}  ACTIVE  OS-USER  HOME`;
+    console.log(header);
+    console.log("-".repeat(header.length));
+    for (const r of rows) {
+      const active = r.isActive ? "\u2713" : "\u2717";
+      const os = r.osUser ? "\u2713" : "\u2717";
+      const homeCol = r.home ?? (isDarwin() ? "(missing)" : "(non-darwin)");
+      console.log(`${r.name.padEnd(nameW)}  ${r.email.padEnd(emailW)}  ${active.padEnd(6)}  ${os.padEnd(7)}  ${homeCol}`);
+    }
+  }
+});
+
+// src/commands/agents/register.ts
+import { existsSync as existsSync4, readFileSync as readFileSync3 } from "fs";
+import { defineCommand as defineCommand22 } from "citty";
+import consola20 from "consola";
+var registerAgentCommand = defineCommand22({
+  meta: {
+    name: "register",
+    description: "Register an agent at the IdP using a supplied public key"
+  },
+  args: {
+    name: {
+      type: "string",
+      description: "Agent name (lowercase, [a-z0-9-], 1\u201324 chars, must start with a letter)",
+      required: true
+    },
+    "public-key": {
+      type: "string",
+      description: 'Full ssh-ed25519 public key line (e.g. "ssh-ed25519 AAAAC3...")'
+    },
+    "public-key-file": {
+      type: "string",
+      description: "Path to a .pub file containing the ssh-ed25519 line"
+    },
+    json: {
+      type: "boolean",
+      description: "Emit machine-readable JSON instead of a human summary"
+    }
+  },
+  async run({ args }) {
+    const auth = loadAuth();
+    if (!auth) {
+      throw new CliError("Not authenticated. Run `apes login` first.");
+    }
+    const idp = getIdpUrl();
+    if (!idp) {
+      throw new CliError("No IdP URL configured. Run `apes login` first.");
+    }
+    const name = args.name;
+    if (!AGENT_NAME_REGEX.test(name)) {
+      throw new CliError(
+        `Invalid agent name "${name}". Must match /^[a-z][a-z0-9-]{0,23}$/ \u2014 lowercase letters, digits and hyphens, 1\u201324 chars, must start with a letter.`
+      );
+    }
+    let publicKey = args["public-key"];
+    const keyFile = args["public-key-file"];
+    if (publicKey && keyFile) {
+      throw new CliError("Pass either --public-key or --public-key-file, not both.");
+    }
+    if (!publicKey && keyFile) {
+      if (!existsSync4(keyFile)) {
+        throw new CliError(`Public-key file not found: ${keyFile}`);
+      }
+      publicKey = readFileSync3(keyFile, "utf-8").trim();
+    }
+    if (!publicKey) {
+      throw new CliError('Provide --public-key "<ssh-ed25519 line>" or --public-key-file <path>.');
+    }
+    if (!publicKey.startsWith(SSH_ED25519_PREFIX) || !SSH_ED25519_REGEX.test(publicKey)) {
+      throw new CliError(
+        'Public key must be a full ssh-ed25519 line, e.g. "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA... [optional comment]".'
+      );
+    }
+    const result = await registerAgentAtIdp({ name, publicKey, idp });
+    if (args.json) {
+      process.stdout.write(`${JSON.stringify({
+        email: result.email,
+        name: result.name,
+        owner: result.owner,
+        approver: result.approver,
+        idp
+      })}
+`);
+      return;
+    }
+    consola20.success("Agent registered.");
+    console.log(`  Name:     ${result.name}`);
+    console.log(`  Email:    ${result.email}`);
+    console.log(`  IdP:      ${idp}`);
+    console.log(`  Owner:    ${result.owner}`);
+    console.log(`  Approver: ${result.approver}`);
+    console.log("");
+    console.log("Tell the agent to log in with:");
+    console.log(`  apes login --idp ${idp} --email ${result.email} --key <path-to-matching-private-key>`);
+  }
+});
+
+// src/commands/agents/spawn.ts
+import { execFileSync as execFileSync4 } from "child_process";
+import { mkdtempSync as mkdtempSync2, rmSync as rmSync2, writeFileSync as writeFileSync3 } from "fs";
+import { tmpdir as tmpdir2 } from "os";
+import { join as join3 } from "path";
+import { defineCommand as defineCommand23 } from "citty";
+import consola21 from "consola";
+
+// src/lib/keygen.ts
+import { Buffer as Buffer3 } from "buffer";
+import { existsSync as existsSync5, mkdirSync, readFileSync as readFileSync4, writeFileSync as writeFileSync2 } from "fs";
+import { generateKeyPairSync } from "crypto";
+import { homedir as homedir4 } from "os";
+import { dirname, resolve as resolve2 } from "path";
+function resolveKeyPath(p) {
+  return resolve2(p.replace(/^~/, homedir4()));
+}
+function buildSshEd25519Line(rawPub) {
+  const keyTypeStr = "ssh-ed25519";
+  const keyTypeLen = Buffer3.alloc(4);
+  keyTypeLen.writeUInt32BE(keyTypeStr.length);
+  const pubKeyLen = Buffer3.alloc(4);
+  pubKeyLen.writeUInt32BE(rawPub.length);
+  const blob = Buffer3.concat([keyTypeLen, Buffer3.from(keyTypeStr), pubKeyLen, rawPub]);
+  return `ssh-ed25519 ${blob.toString("base64")}`;
+}
+function readPublicKey(keyPath) {
+  const pubPath = `${keyPath}.pub`;
+  if (existsSync5(pubPath)) {
+    return readFileSync4(pubPath, "utf-8").trim();
+  }
+  const keyContent = readFileSync4(keyPath, "utf-8");
+  const privateKey = loadEd25519PrivateKey(keyContent);
+  const jwk = privateKey.export({ format: "jwk" });
+  const pubBytes = Buffer3.from(jwk.x, "base64url");
+  return buildSshEd25519Line(pubBytes);
+}
+function generateAndSaveKey(keyPath) {
+  const resolved = resolveKeyPath(keyPath);
+  const dir = dirname(resolved);
+  if (!existsSync5(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+  const { publicKey, privateKey } = generateKeyPairSync("ed25519");
+  const privatePem = privateKey.export({ type: "pkcs8", format: "pem" });
+  writeFileSync2(resolved, privatePem, { mode: 384 });
+  const jwk = publicKey.export({ format: "jwk" });
+  const pubBytes = Buffer3.from(jwk.x, "base64url");
+  const pubKeyStr = buildSshEd25519Line(pubBytes);
+  writeFileSync2(`${resolved}.pub`, `${pubKeyStr}
+`, { mode: 420 });
+  return pubKeyStr;
+}
+function generateKeyPairInMemory() {
+  const { publicKey, privateKey } = generateKeyPairSync("ed25519");
+  const privatePem = privateKey.export({ type: "pkcs8", format: "pem" });
+  const jwk = publicKey.export({ format: "jwk" });
+  const pubBytes = Buffer3.from(jwk.x, "base64url");
+  return {
+    privatePem,
+    publicSshLine: buildSshEd25519Line(pubBytes)
+  };
+}
+
+// src/commands/agents/spawn.ts
+var spawnAgentCommand = defineCommand23({
+  meta: {
+    name: "spawn",
+    description: "Provision a local macOS agent end-to-end (OS user, keypair, IdP agent, ape-shell, Claude hook)"
+  },
+  args: {
+    name: {
+      type: "positional",
+      description: "Agent name \u2014 also the macOS short username (lowercase, [a-z0-9-], must start with a letter)",
+      required: true
+    },
+    shell: {
+      type: "string",
+      description: "Override login shell. Default: $(which ape-shell)"
+    },
+    "no-claude-hook": {
+      type: "boolean",
+      description: "Skip writing ~/.claude/settings.json + the Bash-rewrite hook"
+    }
+  },
+  async run({ args }) {
+    const name = args.name;
+    if (!AGENT_NAME_REGEX.test(name)) {
+      throw new CliError(
+        `Invalid agent name "${name}". Must match /^[a-z][a-z0-9-]{0,23}$/ \u2014 lowercase letters, digits and hyphens, 1\u201324 chars, must start with a letter.`
+      );
+    }
+    if (!isDarwin()) {
+      throw new CliError(
+        `\`apes agents spawn\` is currently macOS-only. Detected platform: ${process.platform}. Linux support is a follow-up; for now, use \`apes agents register\` plus a manually provisioned user.`
+      );
+    }
+    const auth = loadAuth();
+    if (!auth) {
+      throw new CliError("Not authenticated. Run `apes login` first.");
+    }
+    const idp = getIdpUrl();
+    if (!idp) {
+      throw new CliError("No IdP URL configured. Run `apes login` first.");
+    }
+    const apeShell = args.shell ?? whichBinary("ape-shell");
+    if (!apeShell) {
+      throw new CliError("`ape-shell` not found on PATH. Install @openape/apes globally first.");
+    }
+    const apes = whichBinary("apes");
+    if (!apes) {
+      throw new CliError("`apes` not found on PATH. Install @openape/apes globally first.");
+    }
+    const escapes = whichBinary("escapes");
+    if (!escapes) {
+      throw new CliError(
+        "`escapes` not found on PATH. spawn delegates the privileged setup phase to escapes; install it before running spawn."
+      );
+    }
+    if (!isShellRegistered(apeShell)) {
+      throw new CliError(
+        `${apeShell} is not registered in /etc/shells. macOS refuses to set it as a login shell. Run:
+  echo ${apeShell} | sudo tee -a /etc/shells
+and try again.`
+      );
+    }
+    const existing = readMacOSUser(name);
+    if (existing) {
+      throw new CliError(`macOS user "${name}" already exists (uid=${existing.uid ?? "?"}). Refusing to overwrite.`);
+    }
+    const homeDir = `/Users/${name}`;
+    const scratch = mkdtempSync2(join3(tmpdir2(), `apes-spawn-${name}-`));
+    const scriptPath = join3(scratch, "setup.sh");
+    try {
+      consola21.start(`Generating keypair for ${name}\u2026`);
+      const { privatePem, publicSshLine } = generateKeyPairInMemory();
+      consola21.start(`Registering agent at ${idp}\u2026`);
+      const registration = await registerAgentAtIdp({ name, publicKey: publicSshLine, idp });
+      consola21.success(`Registered as ${registration.email}`);
+      consola21.start("Issuing agent access token\u2026");
+      const { token, expiresIn } = await issueAgentToken({
+        idp,
+        agentEmail: registration.email,
+        privateKeyPem: privatePem
+      });
+      const authJson = buildAgentAuthJson({
+        idp,
+        accessToken: token,
+        email: registration.email,
+        expiresAt: Math.floor(Date.now() / 1e3) + expiresIn
+      });
+      const includeClaudeHook = !args["no-claude-hook"];
+      const script = buildSpawnSetupScript({
+        name,
+        homeDir,
+        shellPath: apeShell,
+        privateKeyPem: privatePem,
+        publicKeySshLine: publicSshLine,
+        authJson,
+        claudeSettingsJson: includeClaudeHook ? CLAUDE_SETTINGS_JSON : null,
+        hookScriptSource: includeClaudeHook ? BASH_VIA_APE_SHELL_HOOK_SOURCE : null
+      });
+      writeFileSync3(scriptPath, script, { mode: 448 });
+      consola21.start("Running privileged setup as root via `apes run --as root --wait`\u2026");
+      consola21.info("You will be asked to approve the as=root grant in your DDISA inbox; this command blocks until you do.");
+      execFileSync4(apes, ["run", "--as", "root", "--wait", "--", "bash", scriptPath], { stdio: "inherit" });
+      consola21.success(`Agent ${name} spawned.`);
+      console.log("");
+      console.log("Run as the agent with:");
+      console.log(`  apes run --as ${name} -- claude --session-name ${name} --dangerously-skip-permissions`);
+    } finally {
+      rmSync2(scratch, { recursive: true, force: true });
+    }
+  }
+});
+
+// src/commands/agents/index.ts
+var agentsCommand = defineCommand24({
+  meta: {
+    name: "agents",
+    description: "Manage owned agents (register, spawn, list, destroy)"
+  },
+  subCommands: {
+    register: registerAgentCommand,
+    spawn: spawnAgentCommand,
+    list: listAgentsCommand,
+    destroy: destroyAgentCommand
+  }
+});
+
+// src/commands/adapter/index.ts
+import { defineCommand as defineCommand25 } from "citty";
+import consola22 from "consola";
+var adapterCommand = defineCommand25({
   meta: {
     name: "adapter",
     description: "Manage CLI adapters"
   },
   subCommands: {
-    list: defineCommand20({
+    list: defineCommand25({
       meta: {
         name: "list",
         description: "List available adapters"
@@ -1732,7 +2414,7 @@ var adapterCommand = defineCommand20({
 `);
             return;
           }
-          consola18.info(`Registry: ${index2.adapters.length} adapters (${index2.generated_at})`);
+          consola22.info(`Registry: ${index2.adapters.length} adapters (${index2.generated_at})`);
           for (const a of index2.adapters) {
             const installed = isInstalled(a.id, false) ? " [installed]" : "";
             console.log(`  ${a.id.padEnd(12)} ${a.name.padEnd(24)} ${a.category}${installed}`);
@@ -1754,7 +2436,7 @@ var adapterCommand = defineCommand20({
           return;
         }
         if (local.length === 0) {
-          consola18.info("No adapters installed. Use `apes adapter list --remote` to see available adapters.");
+          consola22.info("No adapters installed. Use `apes adapter list --remote` to see available adapters.");
           return;
         }
         for (const a of local) {
@@ -1762,7 +2444,7 @@ var adapterCommand = defineCommand20({
         }
       }
     }),
-    install: defineCommand20({
+    install: defineCommand25({
       meta: {
         name: "install",
         description: "Install an adapter from the registry"
@@ -1791,24 +2473,24 @@ var adapterCommand = defineCommand20({
         for (const id of ids) {
           const entry = findAdapter(index, id);
           if (!entry) {
-            consola18.error(`Adapter "${id}" not found in registry. Use \`apes adapter search ${id}\` to search.`);
+            consola22.error(`Adapter "${id}" not found in registry. Use \`apes adapter search ${id}\` to search.`);
             continue;
           }
           const conflicts = findConflictingAdapters(entry.executable, id);
           if (conflicts.length > 0) {
             for (const c of conflicts) {
-              consola18.warn(`Conflicting adapter found: ${c.path} (id: ${c.adapterId}, executable: ${c.executable})`);
-              consola18.warn(`  Remove it with: apes adapter remove ${c.adapterId}`);
+              consola22.warn(`Conflicting adapter found: ${c.path} (id: ${c.adapterId}, executable: ${c.executable})`);
+              consola22.warn(`  Remove it with: apes adapter remove ${c.adapterId}`);
             }
           }
           const result = await installAdapter(entry, { local });
           const verb = result.updated ? "Updated" : "Installed";
-          consola18.success(`${verb} ${result.id} \u2192 ${result.path}`);
-          consola18.info(`Digest: ${result.digest}`);
+          consola22.success(`${verb} ${result.id} \u2192 ${result.path}`);
+          consola22.info(`Digest: ${result.digest}`);
         }
       }
     }),
-    remove: defineCommand20({
+    remove: defineCommand25({
       meta: {
         name: "remove",
         description: "Remove an installed adapter"
@@ -1831,9 +2513,9 @@ var adapterCommand = defineCommand20({
         let failed = false;
         for (const id of ids) {
           if (removeAdapter(id, local)) {
-            consola18.success(`Removed adapter: ${id}`);
+            consola22.success(`Removed adapter: ${id}`);
           } else {
-            consola18.error(`Adapter "${id}" is not installed${local ? " locally" : ""}`);
+            consola22.error(`Adapter "${id}" is not installed${local ? " locally" : ""}`);
             failed = true;
           }
         }
@@ -1841,7 +2523,7 @@ var adapterCommand = defineCommand20({
           throw new CliError("Some adapters could not be removed");
       }
     }),
-    info: defineCommand20({
+    info: defineCommand25({
       meta: {
         name: "info",
         description: "Show detailed adapter information"
@@ -1883,7 +2565,7 @@ var adapterCommand = defineCommand20({
         }
       }
     }),
-    search: defineCommand20({
+    search: defineCommand25({
       meta: {
         name: "search",
         description: "Search adapters in the registry"
@@ -1915,7 +2597,7 @@ var adapterCommand = defineCommand20({
           return;
         }
         if (results.length === 0) {
-          consola18.info(`No adapters matching "${query}"`);
+          consola22.info(`No adapters matching "${query}"`);
           return;
         }
         for (const a of results) {
@@ -1924,7 +2606,7 @@ var adapterCommand = defineCommand20({
         }
       }
     }),
-    update: defineCommand20({
+    update: defineCommand25({
       meta: {
         name: "update",
         description: "Update installed adapters"
@@ -1950,33 +2632,33 @@ var adapterCommand = defineCommand20({
         const targetId = args.id ? String(args.id) : void 0;
         const targets = targetId ? [targetId] : index.adapters.map((a) => a.id).filter((id) => isInstalled(id, false));
         if (targets.length === 0) {
-          consola18.info("No adapters installed to update.");
+          consola22.info("No adapters installed to update.");
           return;
         }
         for (const id of targets) {
           const entry = findAdapter(index, id);
           if (!entry) {
-            consola18.warn(`${id}: not found in registry, skipping`);
+            consola22.warn(`${id}: not found in registry, skipping`);
             continue;
           }
           const localDigest = getInstalledDigest(id, false);
           if (localDigest === entry.digest) {
-            consola18.info(`${id}: already up to date`);
+            consola22.info(`${id}: already up to date`);
             continue;
           }
           if (localDigest && !args.yes) {
-            consola18.warn(`${id}: digest will change \u2014 existing grants for this adapter will be invalidated`);
-            consola18.info(`  Old: ${localDigest}`);
-            consola18.info(`  New: ${entry.digest}`);
-            consola18.info("  Use --yes to confirm");
+            consola22.warn(`${id}: digest will change \u2014 existing grants for this adapter will be invalidated`);
+            consola22.info(`  Old: ${localDigest}`);
+            consola22.info(`  New: ${entry.digest}`);
+            consola22.info("  Use --yes to confirm");
             continue;
           }
           const result = await installAdapter(entry);
-          consola18.success(`Updated ${result.id} \u2192 ${result.path}`);
+          consola22.success(`Updated ${result.id} \u2192 ${result.path}`);
         }
       }
     }),
-    verify: defineCommand20({
+    verify: defineCommand25({
       meta: {
         name: "verify",
         description: "Verify installed adapter against registry digest"
@@ -2009,7 +2691,7 @@ var adapterCommand = defineCommand20({
         if (!localDigest)
           throw new Error(`Adapter "${id}" is not installed${local ? " locally" : ""}`);
         if (localDigest === entry.digest) {
-          consola18.success(`${id}: digest matches registry`);
+          consola22.success(`${id}: digest matches registry`);
         } else {
           console.log(`  Local:    ${localDigest}`);
           console.log(`  Registry: ${entry.digest}`);
@@ -2021,11 +2703,11 @@ var adapterCommand = defineCommand20({
 });
 
 // src/commands/run.ts
-import { execFileSync as execFileSync2 } from "child_process";
+import { execFileSync as execFileSync5 } from "child_process";
 import { hostname as hostname3 } from "os";
 import { basename } from "path";
-import { defineCommand as defineCommand21 } from "citty";
-import consola19 from "consola";
+import { defineCommand as defineCommand26 } from "citty";
+import consola23 from "consola";
 function shouldWaitForGrant(args) {
   return args.wait === true || process.env.APE_WAIT === "1";
 }
@@ -2062,7 +2744,7 @@ function printPendingGrantInfo(grant, idp) {
   const statusCmd = `apes grants status ${grant.id}`;
   const executeCmd = `apes grants run ${grant.id}`;
   if (mode === "human") {
-    consola19.success(`Grant ${grant.id} created \u2014 awaiting your approval`);
+    consola23.success(`Grant ${grant.id} created \u2014 awaiting your approval`);
     console.log(`  Approve in browser:  ${approveUrl}`);
     console.log(`  Check status:        ${statusCmd}`);
     console.log(`  Run after approval:  ${executeCmd}`);
@@ -2072,7 +2754,7 @@ function printPendingGrantInfo(grant, idp) {
     return;
   }
   const maxMin = getPollMaxMinutes();
-  consola19.success(`Grant ${grant.id} created (pending approval)`);
+  consola23.success(`Grant ${grant.id} created (pending approval)`);
   console.log(`  Approve:   ${approveUrl}`);
   console.log(`  Status:    ${statusCmd} [--json]`);
   console.log(`  Execute:   ${executeCmd} --wait`);
@@ -2094,7 +2776,7 @@ function printPendingGrantInfo(grant, idp) {
   console.log('  Tip: Approve as "timed" or "always" in the browser to let this');
   console.log("  grant be reused on subsequent invocations without re-approval.");
 }
-var runCommand = defineCommand21({
+var runCommand = defineCommand26({
   meta: {
     name: "run",
     description: "Execute a grant-secured command"
@@ -2197,7 +2879,7 @@ async function runShellMode(command, args) {
     }
   } catch {
   }
-  consola19.info(`Requesting ape-shell session grant on ${targetHost}`);
+  consola23.info(`Requesting ape-shell session grant on ${targetHost}`);
   const grant = await apiFetch(grantsUrl, {
     method: "POST",
     body: {
@@ -2217,8 +2899,8 @@ async function runShellMode(command, args) {
     host: targetHost
   });
   if (shouldWaitForGrant(args)) {
-    consola19.info(`Grant requested: ${grant.id}`);
-    consola19.info("Waiting for approval...");
+    consola23.info(`Grant requested: ${grant.id}`);
+    consola23.info("Waiting for approval...");
     const maxWait = 3e5;
     const interval = 3e3;
     const start = Date.now();
@@ -2249,13 +2931,13 @@ async function tryAdapterModeFromShell(command, idp, args) {
   try {
     resolved = await resolveCommand(loaded, [normalizedExecutable, ...parsed.argv]);
   } catch (err) {
-    consola19.debug(`ape-shell: adapter resolve failed for "${parsed.raw}":`, err);
+    consola23.debug(`ape-shell: adapter resolve failed for "${parsed.raw}":`, err);
     return false;
   }
   try {
     const existingGrantId = await findExistingGrant(resolved, idp);
     if (existingGrantId) {
-      consola19.info(`Reusing grant ${existingGrantId} for: ${resolved.detail.display}`);
+      consola23.info(`Reusing grant ${existingGrantId} for: ${resolved.detail.display}`);
       const token = await fetchGrantToken(idp, existingGrantId);
       await verifyAndExecute(token, resolved, existingGrantId);
       return true;
@@ -2263,7 +2945,7 @@ async function tryAdapterModeFromShell(command, idp, args) {
   } catch {
   }
   const approval = args.approval ?? "once";
-  consola19.info(`Requesting grant for: ${resolved.detail.display}`);
+  consola23.info(`Requesting grant for: ${resolved.detail.display}`);
   const grant = await createShapesGrant(resolved, {
     idp,
     approval,
@@ -2271,8 +2953,8 @@ async function tryAdapterModeFromShell(command, idp, args) {
   });
   if (grant.similar_grants?.similar_grants?.length) {
     const n = grant.similar_grants.similar_grants.length;
-    consola19.info("");
-    consola19.info(`  Similar grant(s) found (${n}). Your approver can extend an existing grant to cover this request.`);
+    consola23.info("");
+    consola23.info(`  Similar grant(s) found (${n}). Your approver can extend an existing grant to cover this request.`);
   }
   notifyGrantPending({
     grantId: grant.id,
@@ -2282,8 +2964,8 @@ async function tryAdapterModeFromShell(command, idp, args) {
     host: args.host || hostname3()
   });
   if (shouldWaitForGrant(args)) {
-    consola19.info(`Grant requested: ${grant.id}`);
-    consola19.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`);
+    consola23.info(`Grant requested: ${grant.id}`);
+    consola23.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`);
     const status = await waitForGrantStatus(idp, grant.id);
     if (status !== "approved")
       throw new CliError(`Grant ${status}`);
@@ -2299,7 +2981,7 @@ function execShellCommand(command) {
     throw new CliError("No command to execute");
   try {
     const { APES_SHELL_WRAPPER: _wrapperMarker, ...inheritedEnv } = process.env;
-    execFileSync2(command[0], command.slice(1), {
+    execFileSync5(command[0], command.slice(1), {
       stdio: "inherit",
       env: inheritedEnv
     });
@@ -2357,7 +3039,7 @@ async function runAdapterMode(command, rawArgs, args) {
   try {
     const existingGrantId = await findExistingGrant(resolved, idp);
     if (existingGrantId) {
-      consola19.info(`Reusing existing grant: ${existingGrantId}`);
+      consola23.info(`Reusing existing grant: ${existingGrantId}`);
       const token = await fetchGrantToken(idp, existingGrantId);
       await verifyAndExecute(token, resolved, existingGrantId);
       return;
@@ -2371,17 +3053,17 @@ async function runAdapterMode(command, rawArgs, args) {
   });
   if (grant.similar_grants?.similar_grants?.length) {
     const n = grant.similar_grants.similar_grants.length;
-    consola19.info("");
-    consola19.info(`  Similar grant(s) found (${n}). Your approver can extend an existing grant to cover this request.`);
+    consola23.info("");
+    consola23.info(`  Similar grant(s) found (${n}). Your approver can extend an existing grant to cover this request.`);
     if (grant.similar_grants.widened_details?.length) {
       const wider = grant.similar_grants.widened_details.map((d) => d.permission).join(", ");
-      consola19.info(`  Broader scope: ${wider}`);
+      consola23.info(`  Broader scope: ${wider}`);
     }
-    consola19.info("");
+    consola23.info("");
   }
   if (shouldWaitForGrant(args)) {
-    consola19.info(`Grant requested: ${grant.id}`);
-    consola19.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`);
+    consola23.info(`Grant requested: ${grant.id}`);
+    consola23.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`);
     const status = await waitForGrantStatus(idp, grant.id);
     if (status !== "approved")
       throw new Error(`Grant ${status}`);
@@ -2401,7 +3083,7 @@ async function runAudienceMode(audience, action, args) {
   const grantsUrl = await getGrantsEndpoint(idp);
   const command = action.split(" ");
   const targetHost = args.host || hostname3();
-  consola19.info(`Requesting ${audience} grant on ${targetHost}: ${command.join(" ")}`);
+  consola23.info(`Requesting ${audience} grant on ${targetHost}: ${command.join(" ")}`);
   const grant = await apiFetch(grantsUrl, {
     method: "POST",
     body: {
@@ -2418,15 +3100,15 @@ async function runAudienceMode(audience, action, args) {
     printPendingGrantInfo(grant, idp);
     throw new CliExit(getAsyncExitCode());
   }
-  consola19.success(`Grant requested: ${grant.id}`);
-  consola19.info("Waiting for approval...");
+  consola23.success(`Grant requested: ${grant.id}`);
+  consola23.info("Waiting for approval...");
   const maxWait = 3e5;
   const interval = 3e3;
   const start = Date.now();
   while (Date.now() - start < maxWait) {
     const status = await apiFetch(`${grantsUrl}/${grant.id}`);
     if (status.status === "approved") {
-      consola19.success("Grant approved!");
+      consola23.success("Grant approved!");
       break;
     }
     if (status.status === "denied" || status.status === "revoked") {
@@ -2434,15 +3116,15 @@ async function runAudienceMode(audience, action, args) {
     }
     await new Promise((r) => setTimeout(r, interval));
   }
-  consola19.info("Fetching grant token...");
+  consola23.info("Fetching grant token...");
   const { authz_jwt } = await apiFetch(`${grantsUrl}/${grant.id}/token`, {
     method: "POST"
   });
   if (audience === "escapes") {
-    consola19.info(`Executing: ${command.join(" ")}`);
+    consola23.info(`Executing: ${command.join(" ")}`);
     try {
       const { APES_SHELL_WRAPPER: _wrapperMarker, ...inheritedEnv } = process.env;
-      execFileSync2(args["escapes-path"] || "escapes", ["--grant", authz_jwt, "--", ...command], {
+      execFileSync5(args["escapes-path"] || "escapes", ["--grant", authz_jwt, "--", ...command], {
         stdio: "inherit",
         env: inheritedEnv
       });
@@ -2457,8 +3139,8 @@ async function runAudienceMode(audience, action, args) {
 
 // src/commands/proxy.ts
 import { spawn as spawn2 } from "child_process";
-import { defineCommand as defineCommand22 } from "citty";
-import consola20 from "consola";
+import { defineCommand as defineCommand27 } from "citty";
+import consola24 from "consola";
 
 // src/proxy/config.ts
 function buildDefaultProxyConfigToml(opts) {
@@ -2492,10 +3174,10 @@ note = "VPC-internal hostname suffix"
 
 // src/proxy/local-proxy.ts
 import { spawn } from "child_process";
-import { mkdtempSync, rmSync, writeFileSync } from "fs";
+import { mkdtempSync as mkdtempSync3, rmSync as rmSync3, writeFileSync as writeFileSync4 } from "fs";
 import { createRequire } from "module";
-import { tmpdir } from "os";
-import { dirname, join as join2, resolve as resolve2 } from "path";
+import { tmpdir as tmpdir3 } from "os";
+import { dirname as dirname2, join as join4, resolve as resolve3 } from "path";
 var require2 = createRequire(import.meta.url);
 function findProxyBin() {
   const pkgPath = require2.resolve("@openape/proxy/package.json");
@@ -2504,12 +3186,12 @@ function findProxyBin() {
   if (!binRel) {
     throw new Error("@openape/proxy is missing the openape-proxy bin entry");
   }
-  return resolve2(dirname(pkgPath), binRel);
+  return resolve3(dirname2(pkgPath), binRel);
 }
 async function startEphemeralProxy(configToml) {
-  const tmpDir = mkdtempSync(join2(tmpdir(), "openape-proxy-"));
-  const configPath = join2(tmpDir, "config.toml");
-  writeFileSync(configPath, configToml, { mode: 384 });
+  const tmpDir = mkdtempSync3(join4(tmpdir3(), "openape-proxy-"));
+  const configPath = join4(tmpDir, "config.toml");
+  writeFileSync4(configPath, configToml, { mode: 384 });
   const binPath = findProxyBin();
   const child = spawn(process.execPath, [binPath, "-c", configPath], {
     stdio: ["ignore", "pipe", "pipe"],
@@ -2517,7 +3199,7 @@ async function startEphemeralProxy(configToml) {
   });
   const cleanupTmp = () => {
     try {
-      rmSync(tmpDir, { recursive: true, force: true });
+      rmSync3(tmpDir, { recursive: true, force: true });
     } catch {
     }
   };
@@ -2601,10 +3283,10 @@ function resolveProxyConfigOptions() {
       77
     );
   }
-  consola20.info(`[apes proxy] IdP-mediated mode \u2014 agent=${auth.email}, idp=${auth.idp}`);
+  consola24.info(`[apes proxy] IdP-mediated mode \u2014 agent=${auth.email}, idp=${auth.idp}`);
   return { agentEmail: auth.email, idpUrl: auth.idp, mediated: true };
 }
-var proxyCommand = defineCommand22({
+var proxyCommand = defineCommand27({
   meta: {
     name: "proxy",
     description: "Run a command with HTTPS_PROXY routed through the OpenApe egress proxy."
@@ -2626,12 +3308,12 @@ var proxyCommand = defineCommand22({
     let close = null;
     if (reuseUrl) {
       proxyUrl = reuseUrl;
-      consola20.info(`[apes proxy] reusing existing proxy at ${proxyUrl}`);
+      consola24.info(`[apes proxy] reusing existing proxy at ${proxyUrl}`);
     } else {
       const ephemeral = await startEphemeralProxy(buildDefaultProxyConfigToml(resolveProxyConfigOptions()));
       proxyUrl = ephemeral.url;
       close = ephemeral.close;
-      consola20.info(`[apes proxy] started ephemeral proxy at ${proxyUrl}`);
+      consola24.info(`[apes proxy] started ephemeral proxy at ${proxyUrl}`);
     }
     const noProxy = process.env.NO_PROXY ?? process.env.no_proxy ?? "127.0.0.1,localhost";
     const childEnv = {
@@ -2663,7 +3345,7 @@ var proxyCommand = defineCommand22({
         else resolveExit(code ?? 0);
       });
       child.once("error", (err) => {
-        consola20.error(`[apes proxy] failed to spawn '${wrapped[0]}':`, err.message);
+        consola24.error(`[apes proxy] failed to spawn '${wrapped[0]}':`, err.message);
         resolveExit(127);
       });
     });
@@ -2677,8 +3359,8 @@ function signalNumber(signal) {
 }
 
 // src/commands/explain.ts
-import { defineCommand as defineCommand23 } from "citty";
-var explainCommand = defineCommand23({
+import { defineCommand as defineCommand28 } from "citty";
+var explainCommand = defineCommand28({
   meta: {
     name: "explain",
     description: "Show what permission a command would need"
@@ -2716,9 +3398,9 @@ var explainCommand = defineCommand23({
 });
 
 // src/commands/config/get.ts
-import { defineCommand as defineCommand24 } from "citty";
-import consola21 from "consola";
-var configGetCommand = defineCommand24({
+import { defineCommand as defineCommand29 } from "citty";
+import consola25 from "consola";
+var configGetCommand = defineCommand29({
   meta: {
     name: "get",
     description: "Get a configuration value"
@@ -2738,7 +3420,7 @@ var configGetCommand = defineCommand24({
         if (idp)
           console.log(idp);
         else
-          consola21.info("No IdP configured.");
+          consola25.info("No IdP configured.");
         break;
       }
       case "email": {
@@ -2746,7 +3428,7 @@ var configGetCommand = defineCommand24({
         if (auth?.email)
           console.log(auth.email);
         else
-          consola21.info("Not logged in.");
+          consola25.info("Not logged in.");
         break;
       }
       default: {
@@ -2759,7 +3441,7 @@ var configGetCommand = defineCommand24({
           if (sectionObj && field in sectionObj) {
             console.log(sectionObj[field]);
           } else {
-            consola21.info(`Key "${key}" not set.`);
+            consola25.info(`Key "${key}" not set.`);
           }
         } else {
           throw new CliError(`Unknown key: "${key}". Use: idp, email, defaults.idp, defaults.approval, agent.key, agent.email`);
@@ -2770,9 +3452,9 @@ var configGetCommand = defineCommand24({
 });
 
 // src/commands/config/set.ts
-import { defineCommand as defineCommand25 } from "citty";
-import consola22 from "consola";
-var configSetCommand = defineCommand25({
+import { defineCommand as defineCommand30 } from "citty";
+import consola26 from "consola";
+var configSetCommand = defineCommand30({
   meta: {
     name: "set",
     description: "Set a configuration value"
@@ -2808,12 +3490,12 @@ var configSetCommand = defineCommand25({
       throw new CliError(`Unknown section: "${section}". Use: defaults, agent`);
     }
     saveConfig(config);
-    consola22.success(`Set ${key} = ${value}`);
+    consola26.success(`Set ${key} = ${value}`);
   }
 });
 
 // src/commands/fetch/index.ts
-import { defineCommand as defineCommand26 } from "citty";
+import { defineCommand as defineCommand31 } from "citty";
 async function doRequest(method, url, body, contentType, raw, showHeaders) {
   const token = getAuthToken();
   if (!token) {
@@ -2849,13 +3531,13 @@ async function doRequest(method, url, body, contentType, raw, showHeaders) {
     throw new CliError(`HTTP ${response.status} ${response.statusText}`);
   }
 }
-var fetchCommand = defineCommand26({
+var fetchCommand = defineCommand31({
   meta: {
     name: "fetch",
     description: "Make authenticated HTTP requests"
   },
   subCommands: {
-    get: defineCommand26({
+    get: defineCommand31({
       meta: {
         name: "get",
         description: "GET request with auth token"
@@ -2881,7 +3563,7 @@ var fetchCommand = defineCommand26({
         await doRequest("GET", String(args.url), void 0, "application/json", Boolean(args.raw), Boolean(args.headers));
       }
     }),
-    post: defineCommand26({
+    post: defineCommand31({
       meta: {
         name: "post",
         description: "POST request with auth token"
@@ -2920,8 +3602,8 @@ var fetchCommand = defineCommand26({
 });
 
 // src/commands/mcp/index.ts
-import { defineCommand as defineCommand27 } from "citty";
-var mcpCommand = defineCommand27({
+import { defineCommand as defineCommand32 } from "citty";
+var mcpCommand = defineCommand32({
   meta: {
     name: "mcp",
     description: "Start MCP server for AI agents"
@@ -2944,48 +3626,48 @@ var mcpCommand = defineCommand27({
     if (transport !== "stdio" && transport !== "sse") {
       throw new Error('Transport must be "stdio" or "sse"');
     }
-    const { startMcpServer } = await import("./server-EAT2FXDR.js");
+    const { startMcpServer } = await import("./server-VZ325IPS.js");
     await startMcpServer(transport, port);
   }
 });
 
 // src/commands/init/index.ts
-import { existsSync as existsSync3, copyFileSync, writeFileSync as writeFileSync2 } from "fs";
+import { existsSync as existsSync6, copyFileSync, writeFileSync as writeFileSync5 } from "fs";
 import { randomBytes } from "crypto";
-import { execFileSync as execFileSync3 } from "child_process";
-import { join as join3 } from "path";
-import { defineCommand as defineCommand28 } from "citty";
-import consola23 from "consola";
+import { execFileSync as execFileSync6 } from "child_process";
+import { join as join5 } from "path";
+import { defineCommand as defineCommand33 } from "citty";
+import consola27 from "consola";
 var DEFAULT_IDP_URL = "https://id.openape.at";
 async function downloadTemplate(repo, targetDir) {
   const { downloadTemplate: gigetDownload } = await import("giget");
   await gigetDownload(`gh:${repo}`, { dir: targetDir, force: false });
 }
 function installDeps(dir) {
-  const hasLockFile = (name) => existsSync3(join3(dir, name));
+  const hasLockFile = (name) => existsSync6(join5(dir, name));
   if (hasLockFile("pnpm-lock.yaml")) {
-    execFileSync3("pnpm", ["install"], { cwd: dir, stdio: "inherit" });
+    execFileSync6("pnpm", ["install"], { cwd: dir, stdio: "inherit" });
   } else if (hasLockFile("bun.lockb")) {
-    execFileSync3("bun", ["install"], { cwd: dir, stdio: "inherit" });
+    execFileSync6("bun", ["install"], { cwd: dir, stdio: "inherit" });
   } else {
-    execFileSync3("npm", ["install"], { cwd: dir, stdio: "inherit" });
+    execFileSync6("npm", ["install"], { cwd: dir, stdio: "inherit" });
   }
 }
 async function promptChoice(message, choices) {
-  const result = await consola23.prompt(message, { type: "select", options: choices });
+  const result = await consola27.prompt(message, { type: "select", options: choices });
   if (typeof result === "symbol") {
     throw new CliExit(0);
   }
   return result;
 }
 async function promptText(message, defaultValue) {
-  const result = await consola23.prompt(message, { type: "text", default: defaultValue, placeholder: defaultValue });
+  const result = await consola27.prompt(message, { type: "text", default: defaultValue, placeholder: defaultValue });
   if (typeof result === "symbol") {
     throw new CliExit(0);
   }
   return result || defaultValue || "";
 }
-var initCommand = defineCommand28({
+var initCommand = defineCommand33({
   meta: {
     name: "init",
     description: "Scaffold a new OpenApe project"
@@ -3027,23 +3709,23 @@ var initCommand = defineCommand28({
 });
 async function initSP(targetDir) {
   const dir = targetDir || "my-app";
-  if (existsSync3(join3(dir, "package.json"))) {
+  if (existsSync6(join5(dir, "package.json"))) {
     throw new CliError(`Directory "${dir}" already contains a project.`);
   }
-  consola23.start("Scaffolding SP starter...");
+  consola27.start("Scaffolding SP starter...");
   await downloadTemplate("openape-ai/openape-sp-starter", dir);
-  consola23.success("Scaffolded from openape-sp-starter");
-  consola23.start("Installing dependencies...");
+  consola27.success("Scaffolded from openape-sp-starter");
+  consola27.start("Installing dependencies...");
   installDeps(dir);
-  consola23.success("Dependencies installed");
-  const envExample = join3(dir, ".env.example");
-  const envFile = join3(dir, ".env");
-  if (existsSync3(envExample) && !existsSync3(envFile)) {
+  consola27.success("Dependencies installed");
+  const envExample = join5(dir, ".env.example");
+  const envFile = join5(dir, ".env");
+  if (existsSync6(envExample) && !existsSync6(envFile)) {
     copyFileSync(envExample, envFile);
-    consola23.success(`\`.env\` created (using Free IdP at ${DEFAULT_IDP_URL})`);
+    consola27.success(`\`.env\` created (using Free IdP at ${DEFAULT_IDP_URL})`);
   }
   console.log("");
-  consola23.box([
+  consola27.box([
     `cd ${dir}`,
     "npm run dev",
     "",
@@ -3052,7 +3734,7 @@ async function initSP(targetDir) {
 }
 async function initIdP(targetDir) {
   const dir = targetDir || "my-idp";
-  if (existsSync3(join3(dir, "package.json"))) {
+  if (existsSync6(join5(dir, "package.json"))) {
     throw new CliError(`Directory "${dir}" already contains a project.`);
   }
   const domain = await promptText("Domain for the IdP", "localhost");
@@ -3062,15 +3744,15 @@ async function initIdP(targetDir) {
     "s3 (S3-compatible)"
   ]);
   const adminEmail = await promptText("Admin email");
-  consola23.start("Scaffolding IdP starter...");
+  consola27.start("Scaffolding IdP starter...");
   await downloadTemplate("openape-ai/openape-idp-starter", dir);
-  consola23.success("Scaffolded from openape-idp-starter");
-  consola23.start("Installing dependencies...");
+  consola27.success("Scaffolded from openape-idp-starter");
+  consola27.start("Installing dependencies...");
   installDeps(dir);
-  consola23.success("Dependencies installed");
+  consola27.success("Dependencies installed");
   const sessionSecret = randomBytes(32).toString("hex");
   const managementToken = randomBytes(32).toString("hex");
-  consola23.success("Secrets generated");
+  consola27.success("Secrets generated");
   const isLocalhost = domain === "localhost";
   const origin = isLocalhost ? "http://localhost:3000" : `https://${domain}`;
   const envContent = [
@@ -3084,11 +3766,11 @@ async function initIdP(targetDir) {
     `NUXT_OPENAPE_RP_ID=${domain}`,
     `NUXT_OPENAPE_RP_ORIGIN=${origin}`
   ].join("\n");
-  writeFileSync2(join3(dir, ".env"), `${envContent}
+  writeFileSync5(join5(dir, ".env"), `${envContent}
 `, { mode: 384 });
-  consola23.success(".env created");
+  consola27.success(".env created");
   console.log("");
-  consola23.box([
+  consola27.box([
     `cd ${dir}`,
     "npm run dev",
     "",
@@ -3104,68 +3786,24 @@ async function initIdP(targetDir) {
 }
 
 // src/commands/enroll.ts
-import { Buffer as Buffer2 } from "buffer";
-import { existsSync as existsSync4, readFileSync as readFileSync2, writeFileSync as writeFileSync3, mkdirSync } from "fs";
+import { Buffer as Buffer4 } from "buffer";
+import { existsSync as existsSync7, readFileSync as readFileSync5 } from "fs";
 import { execFile as execFile2 } from "child_process";
-import { generateKeyPairSync, sign } from "crypto";
-import { dirname as dirname2, resolve as resolve3 } from "path";
-import { homedir as homedir4 } from "os";
-import { defineCommand as defineCommand29 } from "citty";
-import consola24 from "consola";
+import { sign as sign2 } from "crypto";
+import { defineCommand as defineCommand34 } from "citty";
+import consola28 from "consola";
 var DEFAULT_IDP_URL2 = "https://id.openape.at";
 var DEFAULT_KEY_PATH = "~/.ssh/id_ed25519";
 var POLL_INTERVAL = 3e3;
 var POLL_TIMEOUT = 3e5;
-function resolvePath2(p) {
-  return resolve3(p.replace(/^~/, homedir4()));
-}
 function openBrowser2(url) {
   const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
   execFile2(cmd, [url], () => {
   });
 }
-function readPublicKey(keyPath) {
-  const pubPath = `${keyPath}.pub`;
-  if (existsSync4(pubPath)) {
-    return readFileSync2(pubPath, "utf-8").trim();
-  }
-  const keyContent = readFileSync2(keyPath, "utf-8");
-  const privateKey = loadEd25519PrivateKey(keyContent);
-  const jwk = privateKey.export({ format: "jwk" });
-  const pubBytes = Buffer2.from(jwk.x, "base64url");
-  const keyTypeStr = "ssh-ed25519";
-  const keyTypeLen = Buffer2.alloc(4);
-  keyTypeLen.writeUInt32BE(keyTypeStr.length);
-  const pubKeyLen = Buffer2.alloc(4);
-  pubKeyLen.writeUInt32BE(pubBytes.length);
-  const blob = Buffer2.concat([keyTypeLen, Buffer2.from(keyTypeStr), pubKeyLen, pubBytes]);
-  return `ssh-ed25519 ${blob.toString("base64")}`;
-}
-function generateAndSaveKey(keyPath) {
-  const resolved = resolvePath2(keyPath);
-  const dir = dirname2(resolved);
-  if (!existsSync4(dir)) {
-    mkdirSync(dir, { recursive: true });
-  }
-  const { publicKey, privateKey } = generateKeyPairSync("ed25519");
-  const privatePem = privateKey.export({ type: "pkcs8", format: "pem" });
-  writeFileSync3(resolved, privatePem, { mode: 384 });
-  const jwk = publicKey.export({ format: "jwk" });
-  const pubBytes = Buffer2.from(jwk.x, "base64url");
-  const keyTypeStr = "ssh-ed25519";
-  const keyTypeLen = Buffer2.alloc(4);
-  keyTypeLen.writeUInt32BE(keyTypeStr.length);
-  const pubKeyLen = Buffer2.alloc(4);
-  pubKeyLen.writeUInt32BE(pubBytes.length);
-  const blob = Buffer2.concat([keyTypeLen, Buffer2.from(keyTypeStr), pubKeyLen, pubBytes]);
-  const pubKeyStr = `ssh-ed25519 ${blob.toString("base64")}`;
-  writeFileSync3(`${resolved}.pub`, `${pubKeyStr}
-`, { mode: 420 });
-  return pubKeyStr;
-}
 async function pollForEnrollment(idp, agentEmail, keyPath) {
-  const resolvedKey = resolvePath2(keyPath);
-  const keyContent = readFileSync2(resolvedKey, "utf-8");
+  const resolvedKey = resolveKeyPath(keyPath);
+  const keyContent = readFileSync5(resolvedKey, "utf-8");
   const privateKey = loadEd25519PrivateKey(keyContent);
   const challengeUrl = await getAgentChallengeEndpoint(idp);
   const authenticateUrl = await getAgentAuthenticateEndpoint(idp);
@@ -3179,7 +3817,7 @@ async function pollForEnrollment(idp, agentEmail, keyPath) {
       });
       if (challengeResp.ok) {
         const { challenge } = await challengeResp.json();
-        const signature = sign(null, Buffer2.from(challenge), privateKey).toString("base64");
+        const signature = sign2(null, Buffer4.from(challenge), privateKey).toString("base64");
         const authResp = await fetch(authenticateUrl, {
           method: "POST",
           headers: { "Content-Type": "application/json" },
@@ -3196,7 +3834,7 @@ async function pollForEnrollment(idp, agentEmail, keyPath) {
   }
   throw new Error("Enrollment timed out. Please check the browser and try again.");
 }
-var enrollCommand = defineCommand29({
+var enrollCommand = defineCommand34({
   meta: {
     name: "enroll",
     description: "Enroll an agent with an Identity Provider"
@@ -3216,38 +3854,38 @@ var enrollCommand = defineCommand29({
     }
   },
   async run({ args }) {
-    const idp = args.idp || await consola24.prompt("IdP URL", { type: "text", default: DEFAULT_IDP_URL2, placeholder: DEFAULT_IDP_URL2 }).then((r) => {
+    const idp = args.idp || await consola28.prompt("IdP URL", { type: "text", default: DEFAULT_IDP_URL2, placeholder: DEFAULT_IDP_URL2 }).then((r) => {
       if (typeof r === "symbol") throw new CliExit(0);
       return r;
     }) || DEFAULT_IDP_URL2;
-    const agentName = args.name || await consola24.prompt("Agent name", { type: "text", placeholder: "deploy-bot" }).then((r) => {
+    const agentName = args.name || await consola28.prompt("Agent name", { type: "text", placeholder: "deploy-bot" }).then((r) => {
       if (typeof r === "symbol") throw new CliExit(0);
       return r;
     });
     if (!agentName) {
       throw new CliError("Agent name is required.");
     }
-    const keyPath = args.key || await consola24.prompt("Ed25519 key", { type: "text", default: DEFAULT_KEY_PATH, placeholder: DEFAULT_KEY_PATH }).then((r) => {
+    const keyPath = args.key || await consola28.prompt("Ed25519 key", { type: "text", default: DEFAULT_KEY_PATH, placeholder: DEFAULT_KEY_PATH }).then((r) => {
       if (typeof r === "symbol") throw new CliExit(0);
       return r;
     }) || DEFAULT_KEY_PATH;
-    const resolvedKey = resolvePath2(keyPath);
+    const resolvedKey = resolveKeyPath(keyPath);
     let publicKey;
-    if (existsSync4(resolvedKey)) {
+    if (existsSync7(resolvedKey)) {
       publicKey = readPublicKey(resolvedKey);
-      consola24.success(`Using existing key ${keyPath}`);
+      consola28.success(`Using existing key ${keyPath}`);
     } else {
-      consola24.start(`Generating Ed25519 key pair at ${keyPath}...`);
+      consola28.start(`Generating Ed25519 key pair at ${keyPath}...`);
       publicKey = generateAndSaveKey(keyPath);
-      consola24.success(`Key pair generated at ${keyPath}`);
+      consola28.success(`Key pair generated at ${keyPath}`);
     }
     const encodedKey = encodeURIComponent(publicKey);
     const enrollUrl = `${idp}/enroll?name=${encodeURIComponent(agentName)}&key=${encodedKey}`;
-    consola24.info("Opening browser for enrollment...");
-    consola24.info(`\u2192 ${idp}/enroll`);
+    consola28.info("Opening browser for enrollment...");
+    consola28.info(`\u2192 ${idp}/enroll`);
     openBrowser2(enrollUrl);
     console.log("");
-    const agentEmail = await consola24.prompt(
+    const agentEmail = await consola28.prompt(
       "Agent email (shown in browser after enrollment)",
       { type: "text", placeholder: `agent+${agentName}@...` }
     ).then((r) => {
@@ -3257,7 +3895,7 @@ var enrollCommand = defineCommand29({
     if (!agentEmail) {
       throw new CliError("Agent email is required to verify enrollment.");
     }
-    consola24.start("Verifying enrollment...");
+    consola28.start("Verifying enrollment...");
     const { token, expiresIn } = await pollForEnrollment(idp, agentEmail, keyPath);
     saveAuth({
       idp,
@@ -3269,18 +3907,18 @@ var enrollCommand = defineCommand29({
     config.defaults = { ...config.defaults, idp };
     config.agent = { key: keyPath, email: agentEmail };
     saveConfig(config);
-    consola24.success(`Agent enrolled as ${agentEmail}`);
-    consola24.success("Config saved to ~/.config/apes/");
+    consola28.success(`Agent enrolled as ${agentEmail}`);
+    consola28.success("Config saved to ~/.config/apes/");
     console.log("");
-    consola24.info("Verify with: apes whoami");
+    consola28.info("Verify with: apes whoami");
   }
 });
 
 // src/commands/register-user.ts
-import { existsSync as existsSync5, readFileSync as readFileSync3 } from "fs";
-import { defineCommand as defineCommand30 } from "citty";
-import consola25 from "consola";
-var registerUserCommand = defineCommand30({
+import { existsSync as existsSync8, readFileSync as readFileSync6 } from "fs";
+import { defineCommand as defineCommand35 } from "citty";
+import consola29 from "consola";
+var registerUserCommand = defineCommand35({
   meta: {
     name: "register-user",
     description: "Register a sub-user with SSH key"
@@ -3316,8 +3954,8 @@ var registerUserCommand = defineCommand30({
       throw new CliError("No IdP URL configured. Run `apes login` first.");
     }
     let publicKey = args.key;
-    if (existsSync5(args.key)) {
-      publicKey = readFileSync3(args.key, "utf-8").trim();
+    if (existsSync8(args.key)) {
+      publicKey = readFileSync6(args.key, "utf-8").trim();
     }
     if (!publicKey.startsWith("ssh-ed25519 ")) {
       throw new CliError("Public key must be in ssh-ed25519 format.");
@@ -3335,15 +3973,15 @@ var registerUserCommand = defineCommand30({
         ...userType ? { type: userType } : {}
       }
     });
-    consola25.success(`User registered: ${result.email} (type: ${result.type}, owner: ${result.owner})`);
+    consola29.success(`User registered: ${result.email} (type: ${result.type}, owner: ${result.owner})`);
   }
 });
 
 // src/commands/dns-check.ts
-import { defineCommand as defineCommand31 } from "citty";
-import consola26 from "consola";
+import { defineCommand as defineCommand36 } from "citty";
+import consola30 from "consola";
 import { resolveDDISA as resolveDDISA2 } from "@openape/core";
-var dnsCheckCommand = defineCommand31({
+var dnsCheckCommand = defineCommand36({
   meta: {
     name: "dns-check",
     description: "Validate DDISA DNS TXT records for a domain"
@@ -3357,7 +3995,7 @@ var dnsCheckCommand = defineCommand31({
   },
   async run({ args }) {
     const domain = args.domain;
-    consola26.start(`Checking _ddisa.${domain}...`);
+    consola30.start(`Checking _ddisa.${domain}...`);
     try {
       const result = await resolveDDISA2(domain);
       if (!result) {
@@ -3366,7 +4004,7 @@ var dnsCheckCommand = defineCommand31({
         console.log(`  _ddisa.${domain} TXT "v=ddisa1 idp=https://id.${domain}"`);
         throw new CliError(`No DDISA record found for ${domain}`);
       }
-      consola26.success(`_ddisa.${domain} \u2192 ${result.idp}`);
+      consola30.success(`_ddisa.${domain} \u2192 ${result.idp}`);
       console.log("");
       console.log(`  Version:  ${result.version || "ddisa1"}`);
       console.log(`  IdP URL:  ${result.idp}`);
@@ -3375,14 +4013,14 @@ var dnsCheckCommand = defineCommand31({
       if (result.priority !== void 0)
         console.log(`  Priority: ${result.priority}`);
       console.log("");
-      consola26.start(`Verifying IdP at ${result.idp}...`);
+      consola30.start(`Verifying IdP at ${result.idp}...`);
       const discoResp = await fetch(`${result.idp}/.well-known/openid-configuration`);
       if (!discoResp.ok) {
-        consola26.warn(`IdP discovery failed (${discoResp.status}). Is the IdP running at ${result.idp}?`);
+        consola30.warn(`IdP discovery failed (${discoResp.status}). Is the IdP running at ${result.idp}?`);
         return;
       }
       const disco = await discoResp.json();
-      consola26.success(`IdP is reachable`);
+      consola30.success(`IdP is reachable`);
       console.log(`  Issuer:   ${disco.issuer}`);
       console.log(`  DDISA:    v${disco.ddisa_version || "?"}`);
       if (disco.ddisa_auth_methods_supported) {
@@ -3400,7 +4038,7 @@ var dnsCheckCommand = defineCommand31({
 // src/commands/health.ts
 import { exec } from "child_process";
 import { promisify } from "util";
-import { defineCommand as defineCommand32 } from "citty";
+import { defineCommand as defineCommand37 } from "citty";
 var execAsync = promisify(exec);
 async function resolveApeShellPath() {
   try {
@@ -3436,7 +4074,7 @@ async function bestEffortGrantCount(idp) {
   }
 }
 async function runHealth(args) {
-  const version = true ? "0.14.3" : "0.0.0";
+  const version = true ? "0.15.1" : "0.0.0";
   const auth = loadAuth();
   if (!auth) {
     throw new CliError("Not logged in. Run `apes login` first.", 1);
@@ -3499,7 +4137,7 @@ async function runHealth(args) {
     throw new CliError(`IdP ${auth.idp} unreachable: ${idpProbe.error}`, 1);
   }
 }
-var healthCommand = defineCommand32({
+var healthCommand = defineCommand37({
   meta: {
     name: "health",
     description: "Report CLI diagnostic state (auth, IdP, grants, binaries)"
@@ -3517,8 +4155,8 @@ var healthCommand = defineCommand32({
 });
 
 // src/commands/workflows.ts
-import { defineCommand as defineCommand33 } from "citty";
-import consola27 from "consola";
+import { defineCommand as defineCommand38 } from "citty";
+import consola31 from "consola";
 
 // src/guides/index.ts
 var guides = [
@@ -3568,7 +4206,7 @@ var guides = [
 ];
 
 // src/commands/workflows.ts
-var workflowsCommand = defineCommand33({
+var workflowsCommand = defineCommand38({
   meta: {
     name: "workflows",
     description: "Discover workflow guides"
@@ -3589,7 +4227,7 @@ var workflowsCommand = defineCommand33({
     if (args.id) {
       const guide = guides.find((g) => g.id === String(args.id));
       if (!guide) {
-        consola27.info(`Available: ${guides.map((g) => g.id).join(", ")}`);
+        consola31.info(`Available: ${guides.map((g) => g.id).join(", ")}`);
         throw new CliError(`Guide not found: ${args.id}`);
       }
       if (args.json) {
@@ -3638,10 +4276,10 @@ if (shellRewrite) {
   if (shellRewrite.action === "rewrite") {
     process.argv = shellRewrite.argv;
   } else if (shellRewrite.action === "version") {
-    console.log(`ape-shell ${"0.14.3"} (OpenApe DDISA shell wrapper)`);
+    console.log(`ape-shell ${"0.15.1"} (OpenApe DDISA shell wrapper)`);
     process.exit(0);
   } else if (shellRewrite.action === "help") {
-    console.log(`ape-shell ${"0.14.3"} \u2014 OpenApe DDISA shell wrapper`);
+    console.log(`ape-shell ${"0.15.1"} \u2014 OpenApe DDISA shell wrapper`);
     console.log("");
     console.log("Usage:");
     console.log("  ape-shell                 Start interactive grant-mediated REPL");
@@ -3665,7 +4303,7 @@ if (shellRewrite) {
   }
 }
 var debug = process.argv.includes("--debug");
-var grantsCommand = defineCommand34({
+var grantsCommand = defineCommand39({
   meta: {
     name: "grants",
     description: "Grant management"
@@ -3686,7 +4324,7 @@ var grantsCommand = defineCommand34({
     "delegation-revoke": delegationRevokeCommand
   }
 });
-var configCommand = defineCommand34({
+var configCommand = defineCommand39({
   meta: {
     name: "config",
     description: "Configuration management"
@@ -3696,10 +4334,10 @@ var configCommand = defineCommand34({
     set: configSetCommand
   }
 });
-var main = defineCommand34({
+var main = defineCommand39({
   meta: {
     name: "apes",
-    version: "0.14.3",
+    version: "0.15.1",
     description: "Unified CLI for OpenApe"
   },
   subCommands: {
@@ -3712,6 +4350,7 @@ var main = defineCommand34({
     whoami: whoamiCommand,
     health: healthCommand,
     grants: grantsCommand,
+    agents: agentsCommand,
     admin: adminCommand,
     run: runCommand,
     proxy: proxyCommand,
@@ -3728,13 +4367,13 @@ runMain(main).catch((err) => {
     process.exit(err.exitCode);
   }
   if (err instanceof CliError) {
-    consola28.error(err.message);
+    consola32.error(err.message);
     process.exit(err.exitCode);
   }
   if (debug) {
-    consola28.error(err);
+    consola32.error(err);
   } else {
-    consola28.error(err instanceof ApiError ? err.message : err instanceof Error ? err.message : String(err));
+    consola32.error(err instanceof ApiError ? err.message : err instanceof Error ? err.message : String(err));
   }
   process.exit(1);
 });