@phnx-labs/agents-cli 1.20.0 → 1.20.4

package/dist/lib/routines-format.js

@@ -136,38 +136,59 @@ export function humanizeNextRun(date, now, tz) {
 // ---------------------------------------------------------------------------
 // formatRepoLink
 // ---------------------------------------------------------------------------
+/**
+ * Maximum display length for a repo cell. Display strings longer than this
+ * are truncated with an ellipsis so column alignment is preserved.
+ * Consumers that render the column should use this constant as the column width.
+ */
+export const REPO_DISPLAY_MAX = 24;
 /**
  * Parse a repo string into a display label and an optional hyperlink target.
  *
  * Rules:
- *   - undefined / empty          → display '-', href null
- *   - 'owner/name' (one slash)   → display 'owner/name', href 'https://github.com/owner/name/pulls'
- *   - 'https://...' or 'http://…' → display hostname+path, href the URL verbatim
- *   - anything else              → display raw string, href null
+ *   - null / undefined / empty / non-string → display '-', href null
+ *   - 'owner/name' (one slash)              → display 'owner/name', href 'https://github.com/owner/name/pulls'
+ *   - 'https://...' or 'http://...'         → display hostname+path, href the URL verbatim
+ *   - anything else                         → display raw string, href null
+ *
+ * The display string is truncated to REPO_DISPLAY_MAX characters (with a
+ * trailing '…') when it would otherwise exceed the column width. The href
+ * is always the full untruncated URL so hyperlinks remain functional.
+ *
+ * NEVER throws — mirrors the contract of humanizeCron.
  */
 export function formatRepoLink(repo) {
-    if (!repo || repo.trim() === '') {
+    if (repo == null || typeof repo !== 'string' || repo.trim() === '') {
         return { display: '-', href: null };
     }
     const trimmed = repo.trim();
+    let display;
+    let href;
     // Absolute URL
     if (trimmed.startsWith('https://') || trimmed.startsWith('http://')) {
         try {
             const url = new URL(trimmed);
-            const display = url.hostname + url.pathname.replace(/\/$/, '');
-            return { display, href: trimmed };
+            display = url.hostname + url.pathname.replace(/\/$/, '');
+            href = trimmed;
         }
         catch {
-            return { display: trimmed, href: null };
+            display = trimmed;
+            href = null;
         }
     }
-    // GitHub shorthand: owner/name (exactly one slash, no scheme, no extra slashes)
-    if (/^[A-Za-z0-9._-]+\/[A-Za-z0-9._-]+$/.test(trimmed)) {
-        return {
-            display: trimmed,
-            href: `https://github.com/${trimmed}/pulls`,
-        };
+    else if (/^[A-Za-z0-9._-]+\/[A-Za-z0-9._-]+$/.test(trimmed)) {
+        // GitHub shorthand: owner/name (exactly one slash, no scheme, no extra slashes)
+        display = trimmed;
+        href = `https://github.com/${trimmed}/pulls`;
+    }
+    else {
+        // Anything else: plain text, no link
+        display = trimmed;
+        href = null;
+    }
+    // Truncate display to column width; href stays untruncated.
+    if (display.length > REPO_DISPLAY_MAX) {
+        display = display.slice(0, REPO_DISPLAY_MAX - 1) + '…';
     }
-    // Anything else: plain text, no link
-    return { display: trimmed, href: null };
+    return { display, href };
 }

package/dist/lib/routines.d.ts

@@ -19,7 +19,7 @@ export interface JobConfig {
     schedule: string;
     agent: AgentId;
     workflow?: string;
-    mode: 'plan' | 'edit' | 'full';
+    mode: 'plan' | 'edit' | 'auto' | 'skip' | 'full';
     effort: 'low' | 'medium' | 'high' | 'xhigh' | 'max' | 'auto';
     timeout: string;
     enabled: boolean;

package/dist/lib/routines.js

@@ -135,8 +135,8 @@ export function validateJob(config) {
             errors.push('workflow must be a lowercase alphanumeric name (hyphens and underscores allowed, e.g. autodev)');
         }
     }
-    if (config.mode && !['plan', 'edit', 'full'].includes(config.mode)) {
-        errors.push('mode must be plan, edit, or full');
+    if (config.mode && !['plan', 'edit', 'auto', 'skip', 'full'].includes(config.mode)) {
+        errors.push("mode must be plan, edit, auto, or skip ('full' accepted as alias for skip)");
     }
     if (config.effort && !['low', 'medium', 'high', 'xhigh', 'max', 'auto'].includes(config.effort)) {
         errors.push('effort must be low, medium, high, xhigh, max, or auto');

package/dist/lib/runner.js

@@ -14,7 +14,8 @@ import { resolveJobPrompt, parseTimeout, writeRunMeta, getRunDir, } from './rout
 import { getRunsDir } from './state.js';
 import { prepareJobHome, buildSpawnEnv } from './sandbox.js';
 import { resolveModel, buildReasoningFlags } from './models.js';
-import { createTimer, maybeRotate, truncate } from './events.js';
+import { createTimer, maybeRotate, redactPrompt } from './events.js';
+import { normalizeMode } from './exec.js';
 /** CLI command templates per agent, with {prompt} as a placeholder. */
 const AGENT_COMMANDS = {
     claude: ['claude', '-p', '--verbose', '{prompt}', '--output-format', 'stream-json', '--permission-mode', 'plan'],
@@ -36,13 +37,20 @@ export function buildJobCommand(config, resolvedPrompt) {
         throw new Error(`Unsupported agent for daemon jobs: ${config.agent}`);
     }
     let cmd = template.map((part) => part.replace('{prompt}', resolvedPrompt));
+    // Canonicalize mode (accepts legacy `full` as alias for `skip`).
+    const mode = normalizeMode(config.mode);
     if (config.agent === 'claude') {
-        if (config.mode === 'edit') {
+        if (mode === 'edit') {
             const planIndex = cmd.indexOf('plan');
             if (planIndex !== -1)
                 cmd[planIndex] = 'acceptEdits';
         }
-        else if (config.mode === 'full') {
+        else if (mode === 'auto') {
+            const planIndex = cmd.indexOf('plan');
+            if (planIndex !== -1)
+                cmd[planIndex] = 'auto';
+        }
+        else if (mode === 'skip') {
             // Replace --permission-mode plan with --dangerously-skip-permissions
             const pmIndex = cmd.indexOf('--permission-mode');
             if (pmIndex !== -1)
@@ -63,10 +71,10 @@ export function buildJobCommand(config, resolvedPrompt) {
         appendModelAndReasoning(cmd, config);
     }
     if (config.agent === 'codex') {
-        if (config.mode === 'edit') {
+        if (mode === 'edit') {
             cmd.push('--full-auto');
         }
-        else if (config.mode === 'full') {
+        else if (mode === 'skip') {
             // Remove sandbox restriction, just --full-auto
             const sbIndex = cmd.indexOf('--sandbox');
             if (sbIndex !== -1)
@@ -76,7 +84,10 @@ export function buildJobCommand(config, resolvedPrompt) {
         appendModelAndReasoning(cmd, config);
     }
     if (config.agent === 'gemini') {
-        if (config.mode === 'edit' || config.mode === 'full') {
+        if (mode === 'edit') {
+            cmd.push('--approval-mode', 'auto_edit');
+        }
+        else if (mode === 'skip') {
             cmd.push('--yolo');
         }
         appendModelAndReasoning(cmd, config);
@@ -122,7 +133,7 @@ export async function executeJob(config) {
         version: config.version,
         jobName: config.name,
         mode: config.mode,
-        prompt: truncate(config.prompt, 200),
+        ...redactPrompt(config.prompt),
         schedule: config.schedule,
     });
     const resolvedPrompt = resolveJobPrompt(config);
@@ -321,6 +332,39 @@ export function extractReport(stdoutPath, agentType) {
         return null;
     }
 }
+/** Derive the final status of a detached run by reading the agent's stream-json
+ *  tail. Detached children fire-and-forget, so we never see their exit code
+ *  directly — but Claude's stream-json terminates with a `type: result` line
+ *  that carries `is_error`. If we find it, the run completed cleanly (modulo
+ *  agent-reported error). If not, the process likely died mid-stream and the
+ *  caller should treat the run as failed. */
+function inferFinalStatusFromLog(stdoutPath, agent) {
+    if (!fs.existsSync(stdoutPath))
+        return null;
+    try {
+        const content = fs.readFileSync(stdoutPath, 'utf-8');
+        const lines = content.split('\n').filter((l) => l.trim());
+        // Walk backwards over the last few lines — the result marker is always
+        // at the tail. Cap the scan so a huge stdout doesn't iterate forever.
+        for (let i = lines.length - 1, scanned = 0; i >= 0 && scanned < 20; i--, scanned++) {
+            try {
+                const parsed = JSON.parse(lines[i]);
+                if (agent === 'claude' && parsed.type === 'result') {
+                    return parsed.is_error
+                        ? { status: 'failed', exitCode: 1 }
+                        : { status: 'completed', exitCode: 0 };
+                }
+            }
+            catch {
+                // malformed JSONL line — keep scanning
+            }
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
 /** Scan all runs marked "running" and finalize any whose process has exited. */
 export function monitorRunningJobs() {
     const runsDir = getRunsDir();
@@ -346,11 +390,21 @@ export function monitorRunningJobs() {
                     process.kill(meta.pid, 0);
                 }
                 catch { /* process no longer running */
-                    meta.status = 'failed';
+                    const runDirPath = path.join(jobRunsPath, runDirEntry.name);
+                    const stdoutPath = path.join(runDirPath, 'stdout.log');
+                    // Prefer the agent's own success/error marker; fall back to "failed"
+                    // only when the stream ended without one (process killed mid-run).
+                    const inferred = inferFinalStatusFromLog(stdoutPath, meta.agent);
+                    if (inferred) {
+                        meta.status = inferred.status;
+                        meta.exitCode = inferred.exitCode;
+                    }
+                    else {
+                        meta.status = 'failed';
+                    }
                     meta.completedAt = new Date().toISOString();
                     writeRunMeta(meta);
-                    const stdoutPath = path.join(jobRunsPath, runDirEntry.name, 'stdout.log');
-                    extractAndSaveReport(stdoutPath, meta.agent, path.join(jobRunsPath, runDirEntry.name));
+                    extractAndSaveReport(stdoutPath, meta.agent, runDirPath);
                 }
             }
             catch { /* corrupt or unreadable meta.json */ }

package/dist/lib/secrets/Agents CLI.app/Contents/_CodeSignature/CodeResources

@@ -5,15 +5,7 @@
 	<key>files</key>
 	<dict/>
 	<key>files2</key>
-	<dict>
-		<key>embedded.provisionprofile</key>
-		<dict>
-			<key>hash2</key>
-			<data>
-			2vfA/eR3dTYgNc/fXhdADUPkp5tRIepPzE3FCLfDx4w=
-			</data>
-		</dict>
-	</dict>
+	<dict/>
 	<key>rules</key>
 	<dict>
 		<key>^Resources/</key>

package/dist/lib/secrets/bundles.d.ts

@@ -1,15 +1,15 @@
 /**
- * Secret bundles -- named sets of keychain-backed environment variables.
+ * Secret bundles — named sets of keychain-backed environment variables.
  *
  * Bundle metadata (name, description, vars map) is stored in the macOS
- * Keychain as a JSON blob under `agents-cli.bundles.<name>`. Bundles created
- * with `--icloud-sync` write the metadata to the iCloud-synced keychain so
- * the full bundle definition (not just secret values) propagates across
- * the user's Macs. Nothing about secrets ever lives in plaintext on disk.
+ * Keychain as a JSON blob under `agents-cli.bundles.<name>`. Secret values
+ * live one per keychain item under `agents-cli.secrets.<bundle>.<key>`.
+ * Every item is device-local and gated by Touch ID / device passcode — see
+ * src/lib/secrets/index.ts for the access-control story. Nothing about
+ * secrets ever lives in plaintext on disk.
  *
- * Secret values keep their old layout: one keychain item per key under
- * `agents-cli.secrets.<bundle>.<key>`, sync-state matching the bundle's
- * `icloud_sync` flag.
+ * Cross-machine sync is handled by src/lib/secrets/sync.ts via an explicit
+ * encrypted export/import flow; the bundle layer is sync-agnostic.
  */
 import { type BundleValue, type SecretRef } from './index.js';
 /** Allowed values for a secret's `type` metadata field. */
@@ -28,8 +28,6 @@ export interface SecretsBundle {
     name: string;
     description?: string;
     allow_exec?: boolean;
-    /** When true, keychain-backed values and bundle metadata sync via iCloud Keychain. */
-    icloud_sync?: boolean;
     /** ISO 8601 UTC timestamp. Set once on the first writeBundle() for a bundle. */
     created_at?: string;
     /** ISO 8601 UTC timestamp. Refreshed on every writeBundle(). */
@@ -49,6 +47,7 @@ export declare const RESERVED_ENV_NAMES: Set<string>;
 export declare function bundleToEnvPrefix(name: string): string;
 export declare function isReservedEnvName(key: string): boolean;
 export declare function isLoaderOrInterpreterEnv(name: string): boolean;
+export declare function sanitizeProcessEnv(env?: NodeJS.ProcessEnv): NodeJS.ProcessEnv;
 /** Validate a bundle name against the allowed pattern. Throws on invalid input. */
 export declare function validateBundleName(name: string): void;
 export declare function validateEnvKey(key: string): void;
@@ -62,11 +61,7 @@ export declare function validateSecretType(t: string): asserts t is SecretType;
 export declare function validateExpiresFutureDated(iso: string): void;
 export declare function bundleExists(name: string): boolean;
 export declare function readBundle(name: string): SecretsBundle;
-export interface WriteBundleOptions {
-    /** Emit a secrets.set audit event. Internal bookkeeping writes turn this off. */
-    emitEvent?: boolean;
-}
-export declare function writeBundle(bundle: SecretsBundle, opts?: WriteBundleOptions): void;
+export declare function writeBundle(bundle: SecretsBundle): void;
 export declare function deleteBundle(name: string): boolean;
 export declare function listBundles(): SecretsBundle[];
 export interface BundleEntryInfo {
@@ -78,14 +73,15 @@ export declare function describeBundle(bundle: SecretsBundle): BundleEntryInfo[]
 /** Options for resolveBundleEnv. */
 export interface ResolveBundleOptions {
     /**
-     * Human-readable label for who is requesting the secrets. Shown to the
-     * user under the Touch ID prompt so they know what's about to read.
-     * Example: "agent claude", "command curl", "browser profile".
-     * When omitted the prompt only names the bundle.
+     * Human-readable label for who is requesting the secrets. Currently
+     * informational only — the helper's Touch ID prompt is set by the OS and
+     * cannot be reliably customized once we drop the per-batch reason path,
+     * but we keep this in the API so call sites stay explicit about who's
+     * about to read the bundle.
      */
     caller?: string;
 }
-export declare function resolveBundleEnv(bundle: SecretsBundle, opts?: ResolveBundleOptions): Record<string, string>;
+export declare function resolveBundleEnv(bundle: SecretsBundle, _opts?: ResolveBundleOptions): Record<string, string>;
 /**
  * Read a bundle's metadata AND resolve its env in a single Touch ID prompt.
  *
@@ -135,8 +131,8 @@ export interface RenameOptions {
  *   4) write new bundle metadata
  *   5) delete the old per-key keychain items + old metadata
  *
- * Steps 1-4 are reversible. If 5 partially fails (e.g. iCloud Keychain
- * hiccup), running `rename` again is a safe no-op for the source items.
+ * Steps 1-4 are reversible. If 5 partially fails, running `rename` again is
+ * a safe no-op for the source items.
  */
 export declare function renameBundle(oldName: string, newName: string, opts?: RenameOptions): void;
 export declare function keychainItemsForBundle(bundle: SecretsBundle): Array<{