@openape/apes 0.22.0 → 0.23.0

package/dist/cli.js

@@ -379,7 +379,7 @@ async function loginWithPKCE(idp) {
   consola2.success(`Logged in as ${payload.email || payload.sub}`);
 }
 async function loginWithKey(idp, keyPath, agentEmail) {
-  const { readFileSync: readFileSync8 } = await import("fs");
+  const { readFileSync: readFileSync9 } = await import("fs");
   const { sign: sign3 } = await import("crypto");
   const { loadEd25519PrivateKey: loadEd25519PrivateKey2 } = await import("./ssh-key-YBNNG5K5.js");
   const challengeUrl = await getAgentChallengeEndpoint(idp);
@@ -392,7 +392,7 @@ async function loginWithKey(idp, keyPath, agentEmail) {
     throw new CliError(`Challenge failed: ${await challengeResp.text()}`);
   }
   const { challenge } = await challengeResp.json();
-  const keyContent = readFileSync8(keyPath, "utf-8");
+  const keyContent = readFileSync9(keyPath, "utf-8");
   const privateKey = loadEd25519PrivateKey2(keyContent);
   const signature = sign3(null, Buffer2.from(challenge), privateKey).toString("base64");
   const authenticateUrl = await getAgentAuthenticateEndpoint(idp);
@@ -1748,7 +1748,7 @@ import { defineCommand as defineCommand24 } from "citty";
 // src/commands/agents/destroy.ts
 import { execFileSync as execFileSync3 } from "child_process";
 import { mkdtempSync, rmSync, writeFileSync } from "fs";
-import { tmpdir } from "os";
+import { tmpdir, userInfo } from "os";
 import { join as join2 } from "path";
 import { defineCommand as defineCommand20 } from "citty";
 import consola18 from "consola";
@@ -1873,7 +1873,7 @@ mkdir -p "$HOME_DIR/.ssh" "$HOME_DIR/.config/apes"
 cat > "$HOME_DIR/.ssh/id_ed25519" ${shHeredoc(privatePemForHeredoc.trimEnd())}
 cat > "$HOME_DIR/.ssh/id_ed25519.pub" ${shHeredoc(`${input.publicKeySshLine}`)}
 cat > "$HOME_DIR/.config/apes/auth.json" ${shHeredoc(input.authJson)}
-${claudeBlock}${claudeTokenBlock}
+${claudeBlock}${claudeTokenBlock}${buildBridgeBlock(input.bridge)}
 chown -R "$NAME:staff" "$HOME_DIR"
 chmod 700 "$HOME_DIR/.ssh"
 chmod 700 "$HOME_DIR/.config"
@@ -1886,10 +1886,32 @@ if [ -f "$HOME_DIR/.config/openape/claude-token.env" ]; then
 fi
 
 echo "OK $NAME uid=$NEXT_UID home=$HOME_DIR"
+${buildBridgeBootstrapBlock(input.bridge)}`;
+}
+function buildBridgeBlock(bridge) {
+  if (!bridge) return "";
+  return `
+mkdir -p "$HOME_DIR/Library/LaunchAgents" "$HOME_DIR/Library/Application Support/openape/bridge" "$HOME_DIR/Library/Logs" "$HOME_DIR/.pi/agent"
+cat > "$HOME_DIR/.pi/agent/.env" ${shHeredoc(bridge.envFile)}
+cat > "$HOME_DIR/Library/Application Support/openape/bridge/start.sh" ${shHeredoc(bridge.startScript)}
+chmod 755 "$HOME_DIR/Library/Application Support/openape/bridge/start.sh"
+cat > "$HOME_DIR/Library/LaunchAgents/${bridge.plistLabel}.plist" ${shHeredoc(bridge.plistContent)}
+chmod 600 "$HOME_DIR/.pi/agent/.env"
+`;
+}
+function buildBridgeBootstrapBlock(bridge) {
+  if (!bridge) return "";
+  return `
+# Load the bridge launchd job into the agent's gui domain. Runs as root
+# from the spawn setup script so we target gui/<agent-uid> explicitly.
+# Failure here is non-fatal \u2014 the plist still lands and launchd will pick
+# it up next time the agent logs in.
+launchctl bootstrap "gui/$NEXT_UID" "$HOME_DIR/Library/LaunchAgents/${bridge.plistLabel}.plist" || \\
+  echo "warn: bridge bootstrap failed for gui/$NEXT_UID; loads on next login"
 `;
 }
 function buildDestroyTeardownScript(input) {
-  const { name, homeDir } = input;
+  const { name, homeDir, adminUser } = input;
   return `#!/bin/bash
 # Best-effort teardown. set -u catches typos; we deliberately do NOT use -e
 # because pkill / launchctl are allowed to fail when the user has no live
@@ -1898,6 +1920,16 @@ set -u
 
 NAME=${shQuote(name)}
 HOME_DIR=${shQuote(homeDir)}
+ADMIN_USER=${shQuote(adminUser)}
+
+# Read the admin password from stdin (line 1). The caller pipes it in.
+# We never accept it as an argv element so it can't show up in process
+# listings or escapes' audit log.
+read -r ADMIN_PASSWORD
+if [ -z "$ADMIN_PASSWORD" ]; then
+  echo "ERROR: no admin password on stdin (expected one line)." >&2
+  exit 2
+fi
 
 UID_OF=$(dscl . -read "/Users/$NAME" UniqueID 2>/dev/null | awk '/UniqueID:/ {print $2}')
 
@@ -1910,25 +1942,32 @@ if [ -d "$HOME_DIR" ] && [ "$HOME_DIR" != "/" ] && [ "$HOME_DIR" != "" ]; then
   rm -rf "$HOME_DIR"
 fi
 
-# Delete the user record. \`sysadminctl -deleteUser\` is the canonical macOS
-# API and removes Open Directory metadata that \`dscl . -delete\` leaves
-# behind. Fall back to dscl if sysadminctl isn't available or rejects the
-# user. Surface a clear error if both fail \u2014 silent failure here is what
-# left orphaned dscl records on previous spawn/destroy round-trips.
-if command -v sysadminctl >/dev/null 2>&1; then
-  if sysadminctl -deleteUser "$NAME" 2>/dev/null; then
-    :
-  elif dscl . -read "/Users/$NAME" >/dev/null 2>&1; then
-    dscl . -delete "/Users/$NAME" || {
-      echo "ERROR: failed to delete user record /Users/$NAME" >&2
-      exit 1
-    }
-  fi
-elif dscl . -read "/Users/$NAME" >/dev/null 2>&1; then
-  dscl . -delete "/Users/$NAME" || {
-    echo "ERROR: failed to delete user record /Users/$NAME" >&2
-    exit 1
-  }
+# \`escapes\` is a plain setuid binary \u2014 opendirectoryd sees no audit/PAM
+# session attached (AUDIT_SESSION_ID=unset) and rejects DirectoryService
+# writes from this context: a bare \`sysadminctl -deleteUser\` or
+# \`dscl . -delete\` hangs ~5 minutes and exits with eUndefinedError -14987
+# at DSRecord.m:563. Passing explicit -adminUser/-adminPassword bypasses
+# opendirectoryd's implicit "is current session admin?" check and
+# authenticates against DirectoryService directly \u2014 the delete then
+# completes in ~1 second.
+if ! command -v sysadminctl >/dev/null 2>&1; then
+  echo "ERROR: sysadminctl not available; cannot delete user record." >&2
+  exit 1
+fi
+
+sysadminctl \\
+  -deleteUser "$NAME" \\
+  -adminUser "$ADMIN_USER" \\
+  -adminPassword "$ADMIN_PASSWORD"
+SYSAD_EC=$?
+unset ADMIN_PASSWORD
+
+if [ $SYSAD_EC -ne 0 ]; then
+  echo "ERROR: sysadminctl -deleteUser failed (exit=$SYSAD_EC)." >&2
+  echo "       Common causes: wrong admin password, admin user '$ADMIN_USER'" >&2
+  echo "       not in admin group, or target user '$NAME' is the last secure" >&2
+  echo "       token holder (run \\\`sysadminctl -secureTokenStatus $NAME\\\`)." >&2
+  exit 1
 fi
 
 # Verify the record is actually gone.
@@ -2122,14 +2161,20 @@ ${consequences.join("\n")}`);
       if (!escapes) {
         throw new CliError("`escapes` not found on PATH; OS teardown requires escapes.");
       }
+      const adminUser = userInfo().username;
+      const adminPassword = await collectAdminPassword({ adminUser, force: !!args.force });
       const scratch = mkdtempSync(join2(tmpdir(), `apes-destroy-${name}-`));
       const scriptPath = join2(scratch, "teardown.sh");
       try {
-        const script = buildDestroyTeardownScript({ name, homeDir: `/Users/${name}` });
+        const script = buildDestroyTeardownScript({ name, homeDir: `/Users/${name}`, adminUser });
         writeFileSync(scriptPath, script, { mode: 448 });
         consola18.start("Running teardown as root via `apes run --as root --wait`\u2026");
         consola18.info("You will be asked to approve the as=root grant in your DDISA inbox; this command blocks until you do.");
-        execFileSync3(apes, ["run", "--as", "root", "--wait", "--", "bash", scriptPath], { stdio: "inherit" });
+        execFileSync3(apes, ["run", "--as", "root", "--wait", "--", "bash", scriptPath], {
+          input: `${adminPassword}
+`,
+          stdio: ["pipe", "inherit", "inherit"]
+        });
       } finally {
         rmSync(scratch, { recursive: true, force: true });
       }
@@ -2139,6 +2184,21 @@ ${consequences.join("\n")}`);
     consola18.success(`Destroyed ${name}.`);
   }
 });
+async function collectAdminPassword(opts) {
+  const fromEnv = process.env.APES_ADMIN_PASSWORD;
+  if (fromEnv && fromEnv.length > 0) return fromEnv;
+  if (!process.stdin.isTTY) {
+    throw new CliError(
+      `Admin password required for sysadminctl -deleteUser. No TTY available for the silent prompt; set APES_ADMIN_PASSWORD in the environment (local admin password for ${opts.adminUser}). The teardown reads it from stdin and never stores it.`
+    );
+  }
+  consola18.info(`Local admin password for ${opts.adminUser} (used for sysadminctl -deleteUser; not stored):`);
+  const pw = await consola18.prompt("Admin password", { type: "text", mask: "*" });
+  if (typeof pw === "symbol" || !pw || pw.length === 0) {
+    throw new CliExit(0);
+  }
+  return pw;
+}
 
 // src/commands/agents/list.ts
 import { defineCommand as defineCommand21 } from "citty";
@@ -2291,7 +2351,7 @@ var registerAgentCommand = defineCommand22({
 import { execFileSync as execFileSync4 } from "child_process";
 import { mkdtempSync as mkdtempSync2, rmSync as rmSync2, writeFileSync as writeFileSync3 } from "fs";
 import { tmpdir as tmpdir2 } from "os";
-import { join as join3 } from "path";
+import { join as join4 } from "path";
 import { defineCommand as defineCommand23 } from "citty";
 import consola21 from "consola";
 
@@ -2351,6 +2411,103 @@ function generateKeyPairInMemory() {
   };
 }
 
+// src/lib/llm-bridge.ts
+import { existsSync as existsSync6, readFileSync as readFileSync5 } from "fs";
+import { homedir as homedir5 } from "os";
+import { join as join3 } from "path";
+var BRIDGE_PLIST_LABEL = "eco.hofmann.apes.bridge";
+function readLitellmEnv(envPath = join3(homedir5(), "litellm", ".env")) {
+  if (!existsSync6(envPath)) return null;
+  try {
+    const text = readFileSync5(envPath, "utf8");
+    const out = {};
+    for (const line of text.split("\n")) {
+      const trimmed = line.trim();
+      if (!trimmed || trimmed.startsWith("#")) continue;
+      const eq = trimmed.indexOf("=");
+      if (eq < 0) continue;
+      const key = trimmed.slice(0, eq).trim();
+      const value = trimmed.slice(eq + 1).trim();
+      if (key === "LITELLM_MASTER_KEY" || key === "LITELLM_API_KEY") out.apiKey = value;
+      if (key === "LITELLM_BASE_URL") out.baseUrl = value;
+    }
+    return out;
+  } catch {
+    return null;
+  }
+}
+function resolveBridgeConfig(opts) {
+  const env = readLitellmEnv(opts.envPath);
+  const apiKey = opts.cliKey ?? env?.apiKey;
+  const baseUrl = opts.cliBaseUrl ?? env?.baseUrl ?? "http://127.0.0.1:4000/v1";
+  if (!apiKey) {
+    throw new Error(
+      "No LITELLM_API_KEY resolved. Pass --bridge-key sk-\u2026 or write LITELLM_MASTER_KEY into ~/litellm/.env first."
+    );
+  }
+  return { baseUrl, apiKey };
+}
+function buildBridgeEnvFile(cfg) {
+  return `# Auto-generated by 'apes agents spawn --bridge'.
+# Read by the chat-bridge daemon at boot to talk to the local LLM proxy.
+LITELLM_BASE_URL=${cfg.baseUrl}
+LITELLM_API_KEY=${cfg.apiKey}
+`;
+}
+function buildBridgeStartScript() {
+  return `#!/usr/bin/env bash
+# Auto-generated by 'apes agents spawn --bridge'.
+# Idempotent installer + launcher. First boot installs @openape/chat-bridge
+# globally via bun (homebrew-provided); subsequent boots skip the install.
+set -euo pipefail
+export PATH="/opt/homebrew/bin:$HOME/.bun/bin:$PATH"
+if ! command -v openape-chat-bridge >/dev/null 2>&1; then
+  bun add -g @openape/chat-bridge
+fi
+set -a
+. "$HOME/.pi/agent/.env"
+set +a
+exec openape-chat-bridge
+`;
+}
+function buildBridgePlist(homeDir) {
+  const startScript = `${homeDir}/Library/Application Support/openape/bridge/start.sh`;
+  const stdoutLog = `${homeDir}/Library/Logs/openape-chat-bridge.log`;
+  const stderrLog = `${homeDir}/Library/Logs/openape-chat-bridge.err.log`;
+  return `<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>Label</key>
+    <string>${BRIDGE_PLIST_LABEL}</string>
+    <key>ProgramArguments</key>
+    <array>
+        <string>${startScript}</string>
+    </array>
+    <key>WorkingDirectory</key>
+    <string>${homeDir}</string>
+    <key>RunAtLoad</key>
+    <true/>
+    <key>KeepAlive</key>
+    <true/>
+    <key>ThrottleInterval</key>
+    <integer>10</integer>
+    <key>StandardOutPath</key>
+    <string>${stdoutLog}</string>
+    <key>StandardErrorPath</key>
+    <string>${stderrLog}</string>
+    <key>EnvironmentVariables</key>
+    <dict>
+        <key>HOME</key>
+        <string>${homeDir}</string>
+        <key>PATH</key>
+        <string>/opt/homebrew/bin:/usr/bin:/bin</string>
+    </dict>
+</dict>
+</plist>
+`;
+}
+
 // src/commands/agents/spawn.ts
 var spawnAgentCommand = defineCommand23({
   meta: {
@@ -2378,6 +2535,18 @@ var spawnAgentCommand = defineCommand23({
     "claude-token-stdin": {
       type: "boolean",
       description: "Read the Claude Code OAuth token from stdin (paranoid form of --claude-token)."
+    },
+    "bridge": {
+      type: "boolean",
+      description: "Install the openape-chat-bridge daemon for this agent: drops a launchd plist that runs `@openape/chat-bridge` so the agent answers chat.openape.ai messages. Reads LITELLM_API_KEY/BASE_URL defaults from ~/litellm/.env; override via --bridge-key / --bridge-base-url."
+    },
+    "bridge-key": {
+      type: "string",
+      description: "Override LITELLM_API_KEY for the bridge (default: read from ~/litellm/.env)."
+    },
+    "bridge-base-url": {
+      type: "string",
+      description: "Override LITELLM_BASE_URL for the bridge (default: read from ~/litellm/.env or http://127.0.0.1:4000/v1)."
     }
   },
   async run({ args }) {
@@ -2423,8 +2592,8 @@ and try again.`
       throw new CliError(`macOS user "${name}" already exists (uid=${existing.uid ?? "?"}). Refusing to overwrite.`);
     }
     const homeDir = `/Users/${name}`;
-    const scratch = mkdtempSync2(join3(tmpdir2(), `apes-spawn-${name}-`));
-    const scriptPath = join3(scratch, "setup.sh");
+    const scratch = mkdtempSync2(join4(tmpdir2(), `apes-spawn-${name}-`));
+    const scriptPath = join4(scratch, "setup.sh");
     try {
       consola21.start(`Generating keypair for ${name}\u2026`);
       const { privatePem, publicSshLine } = generateKeyPairInMemory();
@@ -2448,6 +2617,18 @@ and try again.`
         flag: typeof args["claude-token"] === "string" ? args["claude-token"] : void 0,
         fromStdin: !!args["claude-token-stdin"]
       });
+      const bridge = args.bridge ? (() => {
+        const cfg = resolveBridgeConfig({
+          cliKey: typeof args["bridge-key"] === "string" ? args["bridge-key"] : void 0,
+          cliBaseUrl: typeof args["bridge-base-url"] === "string" ? args["bridge-base-url"] : void 0
+        });
+        return {
+          plistLabel: BRIDGE_PLIST_LABEL,
+          plistContent: buildBridgePlist(homeDir),
+          startScript: buildBridgeStartScript(),
+          envFile: buildBridgeEnvFile(cfg)
+        };
+      })() : null;
       const script = buildSpawnSetupScript({
         name,
         homeDir,
@@ -2457,7 +2638,8 @@ and try again.`
         authJson,
         claudeSettingsJson: includeClaudeHook ? CLAUDE_SETTINGS_JSON : null,
         hookScriptSource: includeClaudeHook ? BASH_VIA_APE_SHELL_HOOK_SOURCE : null,
-        claudeOauthToken
+        claudeOauthToken,
+        bridge
       });
       writeFileSync3(scriptPath, script, { mode: 448 });
       consola21.start("Running privileged setup as root via `apes run --as root --wait`\u2026");
@@ -3321,7 +3503,7 @@ import { spawn } from "child_process";
 import { mkdtempSync as mkdtempSync3, rmSync as rmSync3, writeFileSync as writeFileSync4 } from "fs";
 import { createRequire } from "module";
 import { tmpdir as tmpdir3 } from "os";
-import { dirname as dirname2, join as join4, resolve as resolve3 } from "path";
+import { dirname as dirname2, join as join5, resolve as resolve3 } from "path";
 var require2 = createRequire(import.meta.url);
 function findProxyBin() {
   const pkgPath = require2.resolve("@openape/proxy/package.json");
@@ -3333,8 +3515,8 @@ function findProxyBin() {
   return resolve3(dirname2(pkgPath), binRel);
 }
 async function startEphemeralProxy(configToml) {
-  const tmpDir = mkdtempSync3(join4(tmpdir3(), "openape-proxy-"));
-  const configPath = join4(tmpDir, "config.toml");
+  const tmpDir = mkdtempSync3(join5(tmpdir3(), "openape-proxy-"));
+  const configPath = join5(tmpDir, "config.toml");
   writeFileSync4(configPath, configToml, { mode: 384 });
   const binPath = findProxyBin();
   const child = spawn(process.execPath, [binPath, "-c", configPath], {
@@ -3770,16 +3952,16 @@ var mcpCommand = defineCommand32({
     if (transport !== "stdio" && transport !== "sse") {
       throw new Error('Transport must be "stdio" or "sse"');
     }
-    const { startMcpServer } = await import("./server-GBFP2XSM.js");
+    const { startMcpServer } = await import("./server-D5EQSCWF.js");
     await startMcpServer(transport, port);
   }
 });
 
 // src/commands/init/index.ts
-import { existsSync as existsSync6, copyFileSync, writeFileSync as writeFileSync5 } from "fs";
+import { existsSync as existsSync7, copyFileSync, writeFileSync as writeFileSync5 } from "fs";
 import { randomBytes } from "crypto";
 import { execFileSync as execFileSync6 } from "child_process";
-import { join as join5 } from "path";
+import { join as join6 } from "path";
 import { defineCommand as defineCommand33 } from "citty";
 import consola27 from "consola";
 var DEFAULT_IDP_URL = "https://id.openape.at";
@@ -3788,7 +3970,7 @@ async function downloadTemplate(repo, targetDir) {
   await gigetDownload(`gh:${repo}`, { dir: targetDir, force: false });
 }
 function installDeps(dir) {
-  const hasLockFile = (name) => existsSync6(join5(dir, name));
+  const hasLockFile = (name) => existsSync7(join6(dir, name));
   if (hasLockFile("pnpm-lock.yaml")) {
     execFileSync6("pnpm", ["install"], { cwd: dir, stdio: "inherit" });
   } else if (hasLockFile("bun.lockb")) {
@@ -3853,7 +4035,7 @@ var initCommand = defineCommand33({
 });
 async function initSP(targetDir) {
   const dir = targetDir || "my-app";
-  if (existsSync6(join5(dir, "package.json"))) {
+  if (existsSync7(join6(dir, "package.json"))) {
     throw new CliError(`Directory "${dir}" already contains a project.`);
   }
   consola27.start("Scaffolding SP starter...");
@@ -3862,9 +4044,9 @@ async function initSP(targetDir) {
   consola27.start("Installing dependencies...");
   installDeps(dir);
   consola27.success("Dependencies installed");
-  const envExample = join5(dir, ".env.example");
-  const envFile = join5(dir, ".env");
-  if (existsSync6(envExample) && !existsSync6(envFile)) {
+  const envExample = join6(dir, ".env.example");
+  const envFile = join6(dir, ".env");
+  if (existsSync7(envExample) && !existsSync7(envFile)) {
     copyFileSync(envExample, envFile);
     consola27.success(`\`.env\` created (using Free IdP at ${DEFAULT_IDP_URL})`);
   }
@@ -3878,7 +4060,7 @@ async function initSP(targetDir) {
 }
 async function initIdP(targetDir) {
   const dir = targetDir || "my-idp";
-  if (existsSync6(join5(dir, "package.json"))) {
+  if (existsSync7(join6(dir, "package.json"))) {
     throw new CliError(`Directory "${dir}" already contains a project.`);
   }
   const domain = await promptText("Domain for the IdP", "localhost");
@@ -3910,7 +4092,7 @@ async function initIdP(targetDir) {
     `NUXT_OPENAPE_RP_ID=${domain}`,
     `NUXT_OPENAPE_RP_ORIGIN=${origin}`
   ].join("\n");
-  writeFileSync5(join5(dir, ".env"), `${envContent}
+  writeFileSync5(join6(dir, ".env"), `${envContent}
 `, { mode: 384 });
   consola27.success(".env created");
   console.log("");
@@ -3931,7 +4113,7 @@ async function initIdP(targetDir) {
 
 // src/commands/enroll.ts
 import { Buffer as Buffer5 } from "buffer";
-import { existsSync as existsSync7, readFileSync as readFileSync5 } from "fs";
+import { existsSync as existsSync8, readFileSync as readFileSync6 } from "fs";
 import { execFile as execFile2 } from "child_process";
 import { sign as sign2 } from "crypto";
 import { defineCommand as defineCommand34 } from "citty";
@@ -3947,7 +4129,7 @@ function openBrowser2(url) {
 }
 async function pollForEnrollment(idp, agentEmail, keyPath) {
   const resolvedKey = resolveKeyPath(keyPath);
-  const keyContent = readFileSync5(resolvedKey, "utf-8");
+  const keyContent = readFileSync6(resolvedKey, "utf-8");
   const privateKey = loadEd25519PrivateKey(keyContent);
   const challengeUrl = await getAgentChallengeEndpoint(idp);
   const authenticateUrl = await getAgentAuthenticateEndpoint(idp);
@@ -4015,7 +4197,7 @@ var enrollCommand = defineCommand34({
     }) || DEFAULT_KEY_PATH;
     const resolvedKey = resolveKeyPath(keyPath);
     let publicKey;
-    if (existsSync7(resolvedKey)) {
+    if (existsSync8(resolvedKey)) {
       publicKey = readPublicKey(resolvedKey);
       consola28.success(`Using existing key ${keyPath}`);
     } else {
@@ -4059,7 +4241,7 @@ var enrollCommand = defineCommand34({
 });
 
 // src/commands/register-user.ts
-import { existsSync as existsSync8, readFileSync as readFileSync6 } from "fs";
+import { existsSync as existsSync9, readFileSync as readFileSync7 } from "fs";
 import { defineCommand as defineCommand35 } from "citty";
 import consola29 from "consola";
 var registerUserCommand = defineCommand35({
@@ -4098,8 +4280,8 @@ var registerUserCommand = defineCommand35({
       throw new CliError("No IdP URL configured. Run `apes login` first.");
     }
     let publicKey = args.key;
-    if (existsSync8(args.key)) {
-      publicKey = readFileSync6(args.key, "utf-8").trim();
+    if (existsSync9(args.key)) {
+      publicKey = readFileSync7(args.key, "utf-8").trim();
     }
     if (!publicKey.startsWith("ssh-ed25519 ")) {
       throw new CliError("Public key must be in ssh-ed25519 format.");
@@ -4408,7 +4590,7 @@ async function bestEffortGrantCount(idp) {
   }
 }
 async function runHealth(args) {
-  const version = true ? "0.22.0" : "0.0.0";
+  const version = true ? "0.23.0" : "0.0.0";
   const auth = loadAuth();
   if (!auth) {
     throw new CliError("Not logged in. Run `apes login` first.", 1);
@@ -4601,25 +4783,25 @@ var workflowsCommand = defineCommand43({
 });
 
 // src/version-check.ts
-import { existsSync as existsSync9, mkdirSync as mkdirSync2, readFileSync as readFileSync7, writeFileSync as writeFileSync6 } from "fs";
-import { homedir as homedir5 } from "os";
-import { join as join6 } from "path";
+import { existsSync as existsSync10, mkdirSync as mkdirSync2, readFileSync as readFileSync8, writeFileSync as writeFileSync6 } from "fs";
+import { homedir as homedir6 } from "os";
+import { join as join7 } from "path";
 import consola35 from "consola";
 var PACKAGE_NAME = "@openape/apes";
 var CACHE_TTL_MS = 24 * 60 * 60 * 1e3;
-var CACHE_FILE = join6(homedir5(), ".config", "apes", ".version-check.json");
+var CACHE_FILE = join7(homedir6(), ".config", "apes", ".version-check.json");
 function readCache() {
-  if (!existsSync9(CACHE_FILE)) return null;
+  if (!existsSync10(CACHE_FILE)) return null;
   try {
-    return JSON.parse(readFileSync7(CACHE_FILE, "utf-8"));
+    return JSON.parse(readFileSync8(CACHE_FILE, "utf-8"));
   } catch {
     return null;
   }
 }
 function writeCache(entry) {
   try {
-    const dir = join6(homedir5(), ".config", "apes");
-    if (!existsSync9(dir)) mkdirSync2(dir, { recursive: true, mode: 448 });
+    const dir = join7(homedir6(), ".config", "apes");
+    if (!existsSync10(dir)) mkdirSync2(dir, { recursive: true, mode: 448 });
     writeFileSync6(CACHE_FILE, JSON.stringify(entry), { mode: 384 });
   } catch {
   }
@@ -4681,10 +4863,10 @@ if (shellRewrite) {
   if (shellRewrite.action === "rewrite") {
     process.argv = shellRewrite.argv;
   } else if (shellRewrite.action === "version") {
-    console.log(`ape-shell ${"0.22.0"} (OpenApe DDISA shell wrapper)`);
+    console.log(`ape-shell ${"0.23.0"} (OpenApe DDISA shell wrapper)`);
     process.exit(0);
   } else if (shellRewrite.action === "help") {
-    console.log(`ape-shell ${"0.22.0"} \u2014 OpenApe DDISA shell wrapper`);
+    console.log(`ape-shell ${"0.23.0"} \u2014 OpenApe DDISA shell wrapper`);
     console.log("");
     console.log("Usage:");
     console.log("  ape-shell                 Start interactive grant-mediated REPL");
@@ -4742,7 +4924,7 @@ var configCommand = defineCommand44({
 var main = defineCommand44({
   meta: {
     name: "apes",
-    version: "0.22.0",
+    version: "0.23.0",
     description: "Unified CLI for OpenApe"
   },
   subCommands: {
@@ -4797,7 +4979,7 @@ async function maybeRefreshAuth() {
   }
 }
 await maybeRefreshAuth();
-await maybeWarnStaleVersion("0.22.0").catch(() => {
+await maybeWarnStaleVersion("0.23.0").catch(() => {
 });
 runMain(main).catch((err) => {
   if (err instanceof CliExit) {