@phnx-labs/agents-cli 1.18.4 → 1.18.6

package/dist/lib/browser/service.js

@@ -1,10 +1,14 @@
 import * as fs from 'fs';
+import * as os from 'os';
 import * as path from 'path';
+import { execFile } from 'child_process';
+import { promisify } from 'util';
 import { CDPClient, discoverBrowserWsUrl, verifyBrowserIdentity } from './cdp.js';
 import { getProfile, getProfileRuntimeDir, getBrowserRuntimeDir, listProfiles, extractConfiguredPort, resolveEndpoint, } from './profiles.js';
 import { killChrome, getRunningChromeInfo, launchBrowser, allocatePort } from './chrome.js';
 import { connectLocal } from './drivers/local.js';
 import { connectSSH } from './drivers/ssh.js';
+import { clearProfileRuntime } from './runtime-state.js';
 import { generateTaskId, generateShortId, generateTaskName, } from './types.js';
 import { getRefs, resolveRefToCoords } from './refs.js';
 import { clickAtCoords, hoverAtCoords, scrollAtCoords, typeText, pressKey, focusNode } from './input.js';
@@ -124,7 +128,81 @@ export function pickWindowTarget(targets, filter) {
         return visible;
     return pages[0];
 }
+const execFileP = promisify(execFile);
+/**
+ * Parse a `--since`/`--until` value. Accepts ISO-8601 absolute timestamps
+ * or relative offsets like `30s`, `5m`, `2h`, `1d`.
+ */
+export function parseSinceUntil(s) {
+    const ms = Date.parse(s);
+    if (!isNaN(ms))
+        return new Date(ms);
+    const m = s.match(/^(\d+)([smhd])$/);
+    if (!m)
+        throw new Error(`Invalid since/until: ${s}`);
+    const n = parseInt(m[1], 10);
+    const unitMs = { s: 1000, m: 60_000, h: 3_600_000, d: 86_400_000 };
+    return new Date(Date.now() - n * unitMs[m[2]]);
+}
+async function execSSH(host, cmd) {
+    const { stdout } = await execFileP('ssh', [host, cmd], {
+        timeout: 10_000,
+        maxBuffer: 10_000_000,
+    });
+    return stdout;
+}
+export function readNewestMatchingFile(dir, prefix, tailLines) {
+    let entries;
+    try {
+        entries = fs.readdirSync(dir);
+    }
+    catch {
+        return '';
+    }
+    const candidates = entries
+        .filter((f) => f.startsWith(prefix) && f.endsWith('.jsonl'))
+        .map((f) => ({ f, mtime: fs.statSync(path.join(dir, f)).mtimeMs }))
+        .sort((a, b) => b.mtime - a.mtime);
+    if (candidates.length === 0)
+        return '';
+    const lines = fs
+        .readFileSync(path.join(dir, candidates[0].f), 'utf8')
+        .split('\n')
+        .filter(Boolean);
+    return lines.slice(-tailLines).join('\n');
+}
+function expandHome(p) {
+    if (p.startsWith('~/'))
+        return path.join(os.homedir(), p.slice(2));
+    if (p === '~')
+        return os.homedir();
+    return p;
+}
+/**
+ * Probe a cached connection before reuse. A WebSocket can quietly transition
+ * to CLOSED without anyone noticing — most commonly when the user kills the
+ * browser process by hand. `Browser.getVersion` is the lightest CDP call we
+ * can make; if it doesn't round-trip within 1s the connection is dead.
+ */
+async function isConnHealthy(conn, timeoutMs = 1000) {
+    if (!conn.cdp.isOpen)
+        return false;
+    try {
+        await Promise.race([
+            conn.cdp.send('Browser.getVersion'),
+            new Promise((_, reject) => setTimeout(() => reject(new Error('healthcheck timeout')), timeoutMs)),
+        ]);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
 export class BrowserService {
+    static SOURCE_PREFIX = {
+        'rush-app': 'rush-app-',
+        'rush-cli': 'rush-cli-',
+    };
     connections = new Map();
     forkingProfiles = new Set();
     // Per-task storage for console, errors, network, downloads
@@ -163,6 +241,20 @@ export class BrowserService {
         const taskId = generateTaskId();
         let conn = this.connections.get(composite);
         let effectiveProfileName = composite;
+        // If we have a cached connection, confirm it's still usable before any
+        // caller relies on it. A browser killed externally (Cmd-Q, crash, or a
+        // user clearing the profile by hand) leaves a closed WebSocket here.
+        // Without this check the next `cdp.send` throws "CDP connection not
+        // open" and the user has no way to recover short of killing the daemon.
+        if (conn && !(await isConnHealthy(conn))) {
+            try {
+                conn.cdp.close();
+            }
+            catch { /* already closed */ }
+            conn.cleanup?.();
+            this.connections.delete(composite);
+            conn = undefined;
+        }
         if (conn && conn.electron && conn.tasks.size > 0) {
             if (this.forkingProfiles.has(composite)) {
                 while (this.forkingProfiles.has(composite)) {
@@ -274,6 +366,7 @@ export class BrowserService {
                 if (conn.forkedFrom && conn.tasks.size === 0) {
                     conn.cdp.close();
                     killChrome(conn.pid);
+                    conn.cleanup?.();
                     this.connections.delete(profileName);
                 }
                 return { ok: true, profile: profileName };
@@ -289,6 +382,7 @@ export class BrowserService {
         if (conn) {
             conn.cdp.close();
             killChrome(conn.pid);
+            conn.cleanup?.();
             this.connections.delete(profileName);
         }
         const runtimeDir = getProfileRuntimeDir(profileName);
@@ -1082,6 +1176,46 @@ export class BrowserService {
         }
         throw new Error(`No response matching "${urlPattern}" within ${timeout}ms`);
     }
+    // ─── App Logs (source-side JSONL) ───────────────────────────────────────────
+    async getAppLogs(taskId, opts) {
+        const { task } = await this.findTask(taskId);
+        const baseProfileName = task.profile.split('@')[0];
+        const profile = await getProfile(baseProfileName);
+        if (!profile?.logDir) {
+            throw new Error(`Profile '${task.profile}' has no logDir set`);
+        }
+        const logDir = expandHome(profile.logDir);
+        const sources = opts.source ? [opts.source] : ['rush-app', 'rush-cli'];
+        const since = opts.since ? parseSinceUntil(opts.since) : null;
+        const until = opts.until ? parseSinceUntil(opts.until) : null;
+        const tailN = since ? 100_000 : (opts.lines ?? 200);
+        const raws = await Promise.all(sources.map(async (src) => {
+            const prefix = BrowserService.SOURCE_PREFIX[src];
+            if (!prefix)
+                return '';
+            if (profile.logHost) {
+                return execSSH(profile.logHost, `ls -1t ${logDir}/${prefix}*.jsonl 2>/dev/null | head -1 | xargs -r tail -n ${tailN}`);
+            }
+            return readNewestMatchingFile(logDir, prefix, tailN);
+        }));
+        const entries = raws
+            .flatMap((r) => r.split('\n').filter(Boolean))
+            .map((line) => {
+            try {
+                return JSON.parse(line);
+            }
+            catch {
+                return { raw: line };
+            }
+        })
+            .filter((e) => !opts.level || e.level === opts.level)
+            .filter((e) => !opts.message || e.message === opts.message)
+            .filter((e) => !opts.filter || JSON.stringify(e).includes(opts.filter))
+            .filter((e) => !since || (e.timestamp && new Date(e.timestamp) >= since))
+            .filter((e) => !until || (e.timestamp && new Date(e.timestamp) <= until))
+            .sort((a, b) => new Date(a.timestamp ?? 0).getTime() - new Date(b.timestamp ?? 0).getTime());
+        return since ? entries : entries.slice(-(opts.lines ?? 200));
+    }
     // ─── Wait Conditions ─────────────────────────────────────────────────────────
     async wait(taskId, type, value, options = {}) {
         const timeout = options.timeout ?? 30000;
@@ -1213,6 +1347,7 @@ export class BrowserService {
         }
         for (const [, conn] of this.connections) {
             conn.cdp.close();
+            conn.cleanup?.();
         }
         this.connections.clear();
     }
@@ -1232,7 +1367,7 @@ export class BrowserService {
         const forkName = `${profile.name}.${forkNum}`;
         const port = allocatePort();
         const chromeOpts = { ...profile.chrome, viewport: profile.viewport };
-        const { pid, wsUrl } = await launchBrowser(forkName, profile.browser, port, chromeOpts, profile.secrets, profile.binary);
+        const { pid, wsUrl } = await launchBrowser(forkName, profile.browser, port, chromeOpts, profile.secrets, profile.binary, profile.electron === true);
         const cdp = new CDPClient();
         await cdp.connect(wsUrl);
         await this.enableDomains(cdp);
@@ -1261,21 +1396,32 @@ export class BrowserService {
     async connectProfile(effectiveProfile, target) {
         const existingInfo = getRunningChromeInfo(effectiveProfile.name);
         if (existingInfo) {
-            const { wsUrl, browser } = await discoverBrowserWsUrl(existingInfo.port);
-            verifyBrowserIdentity(browser, effectiveProfile.browser, existingInfo.port);
-            const cdp = new CDPClient();
-            await cdp.connect(wsUrl);
-            await this.enableDomains(cdp);
-            const tasks = this.loadTaskState(effectiveProfile.name);
-            return {
-                cdp,
-                port: existingInfo.port,
-                pid: existingInfo.pid,
-                electron: effectiveProfile.electron,
-                targetFilter: effectiveProfile.targetFilter,
-                tasks,
-                sessionCache: new Map(),
-            };
+            try {
+                const { wsUrl, browser } = await discoverBrowserWsUrl(existingInfo.port);
+                verifyBrowserIdentity(browser, effectiveProfile.browser, existingInfo.port);
+                const cdp = new CDPClient();
+                await cdp.connect(wsUrl);
+                await this.enableDomains(cdp);
+                const tasks = this.loadTaskState(effectiveProfile.name);
+                return {
+                    cdp,
+                    port: existingInfo.port,
+                    pid: existingInfo.pid,
+                    electron: effectiveProfile.electron,
+                    targetFilter: effectiveProfile.targetFilter,
+                    tasks,
+                    sessionCache: new Map(),
+                };
+            }
+            catch (err) {
+                // pid file says a process is alive on that port, but nothing is
+                // actually responding to CDP — most commonly because the user
+                // changed the configured endpoint port after a previous launch,
+                // or because the OS reused the pid for an unrelated process.
+                // Wipe the stale runtime files and fall through to a fresh
+                // connect against the profile's currently-configured endpoint.
+                clearProfileRuntime(effectiveProfile.name);
+            }
         }
         const conn = await this.connectEndpoint(effectiveProfile, target);
         if (!conn) {
@@ -1309,6 +1455,7 @@ export class BrowserService {
                 targetFilter: profile.targetFilter,
                 tasks: new Map(),
                 sessionCache: new Map(),
+                cleanup: conn.cleanup,
             };
         }
         if (url.protocol === 'wss:' || url.protocol === 'ws:') {

package/dist/lib/browser/types.d.ts

@@ -41,6 +41,10 @@ export interface BrowserProfile {
         x?: number;
         y?: number;
     };
+    /** Directory holding source-side JSONL logs (e.g. ~/.rush/logs). */
+    logDir?: string;
+    /** Optional SSH host where logDir lives, e.g. "muqsit@mac-mini". */
+    logHost?: string;
 }
 /** Parsed form of `BrowserProfile.targetFilter`. */
 export interface TargetFilter {
@@ -105,7 +109,7 @@ export interface HistoricalTask {
     domains: string[];
     tabCount: number;
 }
-export type IPCAction = 'start' | 'record-start' | 'record-stop' | 'done' | 'stop' | 'status' | 'history' | 'navigate' | 'tab-add' | 'tab-focus' | 'tab-close' | 'tab-list' | 'evaluate' | 'screenshot' | 'refs' | 'click' | 'type' | 'press' | 'hover' | 'scroll' | 'set-viewport' | 'set-device' | 'console' | 'errors' | 'requests' | 'response-body' | 'wait' | 'set-download-path' | 'wait-download' | 'upload';
+export type IPCAction = 'start' | 'record-start' | 'record-stop' | 'done' | 'stop' | 'status' | 'history' | 'navigate' | 'tab-add' | 'tab-focus' | 'tab-close' | 'tab-list' | 'evaluate' | 'screenshot' | 'refs' | 'click' | 'type' | 'press' | 'hover' | 'scroll' | 'set-viewport' | 'set-device' | 'console' | 'errors' | 'requests' | 'response-body' | 'wait' | 'set-download-path' | 'wait-download' | 'upload' | 'getAppLogs' | 'version';
 export interface IPCRequest {
     action: IPCAction;
     task?: string;
@@ -146,6 +150,12 @@ export interface IPCRequest {
     fps?: number;
     duration?: number;
     maxMb?: number;
+    source?: string;
+    lines?: number;
+    message?: string;
+    since?: string;
+    until?: string;
+    appLevel?: string;
 }
 /** Subset of IPCResponse describing a recording start result. */
 export interface RecordStartFields {
@@ -188,6 +198,8 @@ export interface IPCResponse {
     downloadPath?: string;
     devices?: string[];
     uploadMode?: 'input' | 'drop' | 'chooser';
+    appLogs?: any[];
+    version?: string;
 }
 export interface ConsoleEntry {
     level: 'log' | 'info' | 'warn' | 'error';

package/dist/lib/daemon.js

@@ -178,6 +178,24 @@ export async function runDaemon() {
     for (const job of scheduled) {
         log('INFO', `  ${job.name} -> next: ${job.nextRun?.toISOString() || 'unknown'}`);
     }
+    // Before the BrowserService comes up, reap browser + tunnel processes
+    // spawned by previous daemons that are no longer alive. Without this,
+    // a daemon hard-crash (SIGKILL, OOM) would leak every browser and SSH
+    // tunnel it had open — and the next session would either hijack those
+    // (cdp:// profile silently driven via stale ssh tunnel) or fail to
+    // bind because the ports are still claimed.
+    try {
+        const { reapOrphanedProcesses } = await import('./browser/runtime-state.js');
+        const result = reapOrphanedProcesses();
+        if (result.reaped > 0) {
+            log('INFO', `Reaped ${result.reaped} orphan process(es) from prior daemon(s)`);
+            for (const d of result.details)
+                log('INFO', `  ${d}`);
+        }
+    }
+    catch (err) {
+        log('ERROR', `Orphan reaper failed: ${err.message}`);
+    }
     const browserService = new BrowserService();
     const browserIPC = new BrowserIPCServer(browserService);
     try {
@@ -259,6 +277,14 @@ Environment=PATH=/usr/local/bin:/usr/bin:/bin:${os.homedir()}/.nvm/versions/node
 WantedBy=default.target`;
 }
 function getAgentsBinPath() {
+    // Prefer the binary actively executing this code. `which agents` returns
+    // whatever happens to be first on PATH, which means a side-by-side dev
+    // build at ~/.local/bin would silently spawn the registry-installed
+    // daemon and run stale code. process.argv[1] is the absolute path of
+    // the JS entrypoint the user actually invoked.
+    const argv1 = process.argv[1];
+    if (argv1 && fs.existsSync(argv1))
+        return argv1;
     try {
         return execSync('which agents', { encoding: 'utf-8' }).trim();
     }
@@ -299,13 +325,20 @@ function startDaemonLocked() {
                 execFileSync('launchctl', ['unload', plistPath], { encoding: 'utf-8', stdio: ['ignore', 'pipe', 'ignore'] });
             }
             catch { /* not loaded, expected */ }
-            execFileSync('launchctl', ['load', plistPath], { encoding: 'utf-8' });
+            // launchctl prints `Load failed:` and exits 0 when the label is in a
+            // stuck state from a prior session — so a zero exit code isn't proof
+            // of success. If no pid materializes within the window, give up on
+            // launchd and fall through to a plain detached spawn.
+            execFileSync('launchctl', ['load', plistPath], { encoding: 'utf-8', stdio: ['ignore', 'pipe', 'pipe'] });
             const pid = waitForPid(3000);
-            return { pid, method: 'launchd' };
+            if (pid)
+                return { pid, method: 'launchd' };
+            // launchctl claimed success but nothing ran. Fall through.
         }
         catch {
-            return startDetached();
+            // load threw — fall through to detached spawn
         }
+        return startDetached();
     }
     if (platform === 'linux') {
         try {

package/dist/lib/events.d.ts

@@ -11,7 +11,7 @@
  * - Permissions: logs dir is 0700, files are 0600 (owner-only)
  * - Performance tracking: withTiming() wrapper for any async function
  */
-export type EventType = 'agent.run.start' | 'agent.run.end' | 'agent.spawn.start' | 'agent.spawn.end' | 'version.install' | 'version.switch' | 'version.remove' | 'skill.install' | 'skill.remove' | 'browser.launch' | 'browser.close' | 'browser.navigate' | 'browser.screenshot' | 'secrets.get' | 'secrets.set' | 'secrets.delete' | 'cloud.dispatch' | 'cloud.complete' | 'teams.create' | 'teams.add' | 'teams.start' | 'teams.complete' | 'hook.fire' | 'hook.complete' | 'hook.error' | 'resource.sync' | 'command.start' | 'command.end' | 'perf.timing' | 'session.start' | 'session.end' | 'error' | 'warn' | 'info' | 'debug';
+export type EventType = 'agent.run.start' | 'agent.run.end' | 'agent.spawn.start' | 'agent.spawn.end' | 'version.install' | 'version.switch' | 'version.remove' | 'skill.install' | 'skill.remove' | 'browser.launch' | 'browser.close' | 'browser.navigate' | 'browser.screenshot' | 'secrets.get' | 'secrets.set' | 'secrets.delete' | 'secrets.rename' | 'cloud.dispatch' | 'cloud.complete' | 'teams.create' | 'teams.add' | 'teams.start' | 'teams.complete' | 'hook.fire' | 'hook.complete' | 'hook.error' | 'resource.sync' | 'command.start' | 'command.end' | 'perf.timing' | 'session.start' | 'session.end' | 'error' | 'warn' | 'info' | 'debug';
 export interface EventMeta {
     ts: string;
     tz: string;

package/dist/lib/secrets/bundles.d.ts

@@ -82,6 +82,26 @@ export interface RotateOptions {
  * unless `clearMeta` or a `meta` patch is supplied.
  */
 export declare function rotateBundleSecret(bundle: SecretsBundle, key: string, opts: RotateOptions): void;
+/** Options for renameBundle. */
+export interface RenameOptions {
+    /** When true, overwrite an existing destination bundle (purges its keychain items first). */
+    force?: boolean;
+}
+/**
+ * Rename a bundle: move metadata + every keychain-backed value to a new name.
+ *
+ * Sequence is ordered so the source stays intact if anything in the copy
+ * phase fails:
+ *   1) read source, validate dest
+ *   2) purge dest if --force, refuse otherwise
+ *   3) copy each keychain value source -> dest
+ *   4) write new bundle metadata
+ *   5) delete the old per-key keychain items + old metadata
+ *
+ * Steps 1-4 are reversible. If 5 partially fails (e.g. iCloud Keychain
+ * hiccup), running `rename` again is a safe no-op for the source items.
+ */
+export declare function renameBundle(oldName: string, newName: string, opts?: RenameOptions): void;
 export declare function keychainItemsForBundle(bundle: SecretsBundle): Array<{
     key: string;
     item: string;

package/dist/lib/secrets/bundles.js

@@ -306,6 +306,62 @@ export function rotateBundleSecret(bundle, key, opts) {
     }
     writeBundle(bundle);
 }
+/**
+ * Rename a bundle: move metadata + every keychain-backed value to a new name.
+ *
+ * Sequence is ordered so the source stays intact if anything in the copy
+ * phase fails:
+ *   1) read source, validate dest
+ *   2) purge dest if --force, refuse otherwise
+ *   3) copy each keychain value source -> dest
+ *   4) write new bundle metadata
+ *   5) delete the old per-key keychain items + old metadata
+ *
+ * Steps 1-4 are reversible. If 5 partially fails (e.g. iCloud Keychain
+ * hiccup), running `rename` again is a safe no-op for the source items.
+ */
+export function renameBundle(oldName, newName, opts = {}) {
+    validateBundleName(oldName);
+    validateBundleName(newName);
+    if (oldName === newName) {
+        throw new Error(`Bundle name unchanged ('${oldName}').`);
+    }
+    if (!bundleExists(oldName)) {
+        throw new Error(`Bundle '${oldName}' not found.`);
+    }
+    const source = readBundle(oldName);
+    if (bundleExists(newName)) {
+        if (!opts.force) {
+            throw new Error(`Bundle '${newName}' already exists. Use --force to overwrite.`);
+        }
+        const dest = readBundle(newName);
+        for (const { item } of keychainItemsForBundle(dest)) {
+            deleteKeychainToken(item, dest.icloud_sync);
+        }
+        deleteBundle(newName);
+    }
+    // Copy phase: read old item, write new item. Old items stay in place
+    // until step 5 so a partial failure here leaves the source intact.
+    const sourceItems = keychainItemsForBundle(source);
+    for (const { key, item: oldItem } of sourceItems) {
+        const raw = source.vars[key];
+        if (typeof raw !== 'string' || !raw.startsWith('keychain:'))
+            continue;
+        const shortId = raw.slice('keychain:'.length);
+        const newItem = secretsKeychainItem(newName, shortId);
+        const value = getKeychainToken(oldItem, source.icloud_sync);
+        setKeychainToken(newItem, value, source.icloud_sync);
+    }
+    // writeBundle preserves source.created_at and refreshes updated_at.
+    const renamed = { ...source, name: newName };
+    writeBundle(renamed);
+    // Cleanup: delete the old per-key keychain items, then the old metadata.
+    for (const { item: oldItem } of sourceItems) {
+        deleteKeychainToken(oldItem, source.icloud_sync);
+    }
+    deleteBundle(oldName);
+    emit('secrets.rename', { from: oldName, to: newName });
+}
 // Iterate all keychain-backed keys in a bundle for cleanup on rm/unset.
 export function keychainItemsForBundle(bundle) {
     const items = [];

package/dist/lib/secrets/index.js

@@ -182,14 +182,14 @@ export function deleteKeychainToken(item, sync = false) {
     assertSupportedPlatform();
     if (isLinux())
         return linuxBackend.delete(item, sync);
-    // macOS path
-    if (sync) {
-        const bin = ensureKeychainHelper();
-        return spawnSync(bin, ['delete', item, os.userInfo().username], {
-            stdio: ['ignore', 'pipe', 'pipe'],
-        }).status === 0;
-    }
-    return spawnSync('security', ['delete-generic-password', '-a', os.userInfo().username, '-s', item], {
+    // macOS: Try security first (no prompts for local items), fall back to binary for synced items.
+    if (!sync && spawnSync('security', ['delete-generic-password', '-a', os.userInfo().username, '-s', item], {
+        stdio: ['ignore', 'pipe', 'pipe'],
+    }).status === 0)
+        return true;
+    // Fallback: binary deletes synced items via kSecAttrSynchronizableAny
+    const bin = ensureKeychainHelper();
+    return spawnSync(bin, ['delete', item, os.userInfo().username], {
         stdio: ['ignore', 'pipe', 'pipe'],
     }).status === 0;
 }

package/dist/lib/teams/agents.d.ts

@@ -36,7 +36,7 @@ export declare function captureProcessStartTime(pid: number): string | null;
  * model_reasoning_effort override). Mode (plan/edit/full) is a separate knob.
  */
 export type EffortLevel = 'low' | 'medium' | 'high' | 'xhigh' | 'max' | 'auto';
-declare const VALID_MODES: readonly ["plan", "edit", "full"];
+declare const VALID_MODES: readonly ["plan", "edit", "full", "auto"];
 type Mode = typeof VALID_MODES[number];
 /** Resolve a mode string to a validated Mode, falling back to the given default. */
 export declare function resolveMode(requestedMode: string | null | undefined, defaultMode?: Mode): Mode;

package/dist/lib/teams/agents.js

@@ -183,7 +183,7 @@ When you're done, provide a brief summary of:
 const CLAUDE_PLAN_MODE_PREFIX = `You are running in HEADLESS PLAN MODE. This mode works like normal plan mode with one exception: you cannot write to ~/.claude/plans/ directory. Instead of writing a plan file, output your complete plan/response as your final message.
 
 `;
-const VALID_MODES = ['plan', 'edit', 'full'];
+const VALID_MODES = ['plan', 'edit', 'full', 'auto'];
 function normalizeModeValue(modeValue) {
     if (!modeValue)
         return null;

package/dist/lib/types.d.ts

@@ -463,6 +463,10 @@ export interface BrowserProfileConfig {
         width: number;
         height: number;
     };
+    /** Directory holding source-side JSONL logs (e.g. ~/.rush/logs). */
+    logDir?: string;
+    /** Optional SSH host where logDir lives, e.g. "muqsit@mac-mini". */
+    logHost?: string;
 }
 /** Options controlling which agents and resources are synced during `agents pull` / `agents use`. */
 export interface SyncOptions {

package/dist/lib/version.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Resolve the CLI version from the shipping package.json. Used by the daemon
+ * to answer `IPCAction: 'version'` and by the client to detect daemon drift —
+ * a dev-build CLI talking to a launchd-managed registry daemon would silently
+ * get stale behavior without this check.
+ */
+export declare function getCliVersion(): string;

package/dist/lib/version.js

@@ -0,0 +1,25 @@
+import * as fs from 'fs';
+import * as path from 'path';
+import { fileURLToPath } from 'url';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+let cached = null;
+/**
+ * Resolve the CLI version from the shipping package.json. Used by the daemon
+ * to answer `IPCAction: 'version'` and by the client to detect daemon drift —
+ * a dev-build CLI talking to a launchd-managed registry daemon would silently
+ * get stale behavior without this check.
+ */
+export function getCliVersion() {
+    if (cached)
+        return cached;
+    try {
+        const pkgPath = path.join(__dirname, '..', '..', 'package.json');
+        const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'));
+        cached = String(pkg.version || 'unknown');
+    }
+    catch {
+        cached = 'unknown';
+    }
+    return cached;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@phnx-labs/agents-cli",
-  "version": "1.18.4",
+  "version": "1.18.6",
   "description": "One CLI for all your AI coding agents - versions, config, cloud dispatch, sessions, and teams",
   "type": "module",
   "main": "dist/index.js",