@phnx-labs/agents-cli 1.20.0 → 1.20.4

package/dist/index.js

@@ -59,6 +59,7 @@ import { registerPullCommand } from './commands/pull.js';
 import { registerRepoCommands } from './commands/repo.js';
 import { registerSetupCommand, runSetup } from './commands/setup.js';
 import { registerStatusCommand } from './commands/status.js';
+import { registerFeedbackCommand } from './commands/feedback.js';
 import { registerViewCommand } from './commands/view.js';
 import { registerCommandsCommands } from './commands/commands.js';
 import { registerHooksCommands } from './commands/hooks.js';
@@ -89,6 +90,7 @@ import { registerBrowserCommand } from './commands/browser.js';
 import { registerComputerCommand } from './commands/computer.js';
 import { registerProfilesCommands } from './commands/profiles.js';
 import { registerSecretsCommands } from './commands/secrets.js';
+import { registerHelperCommand } from './commands/helper.js';
 import { registerFactoryCommands } from './commands/factory.js';
 import { registerUsageCommand } from './commands/usage.js';
 import { registerAliasCommand } from './commands/alias.js';
@@ -509,6 +511,7 @@ async function maybeBootstrapShimIntegration(requestedCommand) {
 // Register all commands
 registerViewCommand(program);
 registerStatusCommand(program);
+registerFeedbackCommand(program);
 registerCommandsCommands(program);
 registerHooksCommands(program);
 registerSkillsCommands(program);
@@ -565,6 +568,7 @@ program
 });
 registerProfilesCommands(program);
 registerSecretsCommands(program);
+registerHelperCommand(program);
 registerBetaCommands(program);
 registerSyncCommand(program);
 registerRefreshRulesCommand(program);

package/dist/lib/acp/client.js

@@ -82,7 +82,12 @@ function buildClient(opts) {
             return {};
         },
         async requestPermission(params) {
-            const optionId = mode === 'full'
+            // `skip` (formerly `full`) and `auto` blanket-approve; in `auto` the
+            // upstream model has its own classifier so we just say "allow once" and
+            // let it decide. `edit` says allow_once. `plan` should never reach here
+            // (canWrite gates writes earlier), but if it does we cancel.
+            const skipAll = mode === 'skip';
+            const optionId = skipAll
                 ? (params.options.find(o => o.kind === 'allow_always')?.optionId
                     ?? params.options[0]?.optionId)
                 : params.options.find(o => o.kind === 'allow_once')?.optionId;

package/dist/lib/agents.d.ts

@@ -156,6 +156,10 @@ interface McpConfigEntry {
     type?: string;
     url?: string;
 }
+/**
+ * Get user-scoped MCP config path for an agent.
+ */
+export declare function getUserMcpConfigPath(agentId: AgentId): string;
 /**
  * Get MCP config path for a specific HOME directory (used for version-managed agents).
  */

package/dist/lib/agents.js

@@ -55,13 +55,25 @@ function saveCliVersionCache() {
         /* best-effort cache persist */
     }
 }
-/** Synchronous PATH search -- no subprocess. Returns first matching binary path. */
+/**
+ * Synchronous PATH search -- no subprocess. Returns first matching binary path.
+ *
+ * Skips our own shims dir (`~/.agents/.cache/shims/`) — those shims are
+ * dispatch helpers, not real installs. Counting them as installed produced a
+ * false positive where agents with NO real binary on the host (e.g. a
+ * never-installed Cursor whose only PATH entry was our `cursor-agent` shim
+ * dispatcher) showed up under `agents view`'s "Not Managed by Agents CLI"
+ * section, even though the user had nothing to import.
+ */
 function findInPath(command) {
     const pathEnv = process.env.PATH || '';
     const pathExt = process.platform === 'win32' ? (process.env.PATHEXT || '').split(';') : [''];
+    const shimsDir = getShimsDir();
     for (const dir of pathEnv.split(path.delimiter)) {
         if (!dir)
             continue;
+        if (path.resolve(dir) === path.resolve(shimsDir))
+            continue;
         for (const ext of pathExt) {
             const full = path.join(dir, command + ext);
             try {
@@ -191,7 +203,7 @@ export const AGENTS = {
         format: 'markdown',
         variableSyntax: '$ARGUMENTS',
         supportsHooks: true,
-        capabilities: { hooks: true, mcp: true, allowlist: true, skills: true, commands: true, plugins: true, rulesImports: true },
+        capabilities: { hooks: true, mcp: true, allowlist: true, skills: true, commands: true, plugins: true, modes: ['plan', 'edit', 'auto', 'skip'], rulesImports: true },
     },
     // codex hooks: gated to >= 0.116.0 (introduced [features] codex_hooks flag).
     codex: {
@@ -210,7 +222,7 @@ export const AGENTS = {
         format: 'markdown',
         variableSyntax: '$ARGUMENTS',
         supportsHooks: true,
-        capabilities: { hooks: { since: '0.116.0' }, mcp: true, allowlist: false, skills: true, commands: { until: '0.117.0' }, plugins: { since: '0.128.0' } },
+        capabilities: { hooks: { since: '0.116.0' }, mcp: true, allowlist: false, skills: true, commands: { until: '0.117.0' }, plugins: { since: '0.128.0' }, modes: ['plan', 'edit', 'skip'] },
     },
     gemini: {
         id: 'gemini',
@@ -229,7 +241,7 @@ export const AGENTS = {
         supportsHooks: true,
         nativeAgentsSkillsDir: true,
         // gemini hooks: shipped in v0.26.0 (Jan 2026); older binaries silently ignore the `hooks` key.
-        capabilities: { hooks: { since: '0.26.0' }, mcp: true, allowlist: false, skills: true, commands: true, plugins: false, rulesImports: true },
+        capabilities: { hooks: { since: '0.26.0' }, mcp: true, allowlist: false, skills: true, commands: true, plugins: false, modes: ['plan', 'edit', 'skip'], rulesImports: true },
     },
     cursor: {
         id: 'cursor',
@@ -247,7 +259,7 @@ export const AGENTS = {
         format: 'markdown',
         variableSyntax: '$ARGUMENTS',
         supportsHooks: false,
-        capabilities: { hooks: false, mcp: true, allowlist: false, skills: true, commands: true, plugins: false },
+        capabilities: { hooks: false, mcp: true, allowlist: false, skills: true, commands: true, plugins: false, modes: ['edit', 'skip'] },
     },
     opencode: {
         id: 'opencode',
@@ -264,7 +276,7 @@ export const AGENTS = {
         format: 'markdown',
         variableSyntax: '$ARGUMENTS',
         supportsHooks: false,
-        capabilities: { hooks: false, mcp: true, allowlist: false, skills: true, commands: true, plugins: false },
+        capabilities: { hooks: false, mcp: true, allowlist: false, skills: true, commands: true, plugins: false, modes: ['plan', 'edit'] },
     },
     openclaw: {
         id: 'openclaw',
@@ -281,7 +293,7 @@ export const AGENTS = {
         format: 'markdown',
         variableSyntax: '{{ARGUMENTS}}',
         supportsHooks: true,
-        capabilities: { hooks: true, mcp: true, allowlist: false, skills: true, commands: false, plugins: true },
+        capabilities: { hooks: true, mcp: true, allowlist: false, skills: true, commands: false, plugins: true, modes: ['plan', 'edit', 'skip'] },
     },
     copilot: {
         id: 'copilot',
@@ -298,7 +310,7 @@ export const AGENTS = {
         format: 'markdown',
         variableSyntax: '$ARGUMENTS',
         supportsHooks: false,
-        capabilities: { hooks: false, mcp: true, allowlist: false, skills: true, commands: true, plugins: false },
+        capabilities: { hooks: false, mcp: true, allowlist: false, skills: true, commands: true, plugins: false, modes: ['plan', 'edit', 'auto', 'skip'] },
     },
     amp: {
         id: 'amp',
@@ -315,7 +327,7 @@ export const AGENTS = {
         format: 'markdown',
         variableSyntax: '$ARGUMENTS',
         supportsHooks: false,
-        capabilities: { hooks: false, mcp: true, allowlist: false, skills: true, commands: true, plugins: false },
+        capabilities: { hooks: false, mcp: true, allowlist: false, skills: true, commands: true, plugins: false, modes: ['plan', 'edit'] },
     },
     kiro: {
         id: 'kiro',
@@ -333,7 +345,7 @@ export const AGENTS = {
         format: 'markdown',
         variableSyntax: '$ARGUMENTS',
         supportsHooks: false,
-        capabilities: { hooks: false, mcp: true, allowlist: false, skills: true, commands: true, plugins: false },
+        capabilities: { hooks: false, mcp: true, allowlist: false, skills: true, commands: true, plugins: false, modes: ['edit'] },
     },
     goose: {
         id: 'goose',
@@ -351,7 +363,7 @@ export const AGENTS = {
         format: 'markdown',
         variableSyntax: '$ARGUMENTS',
         supportsHooks: false,
-        capabilities: { hooks: false, mcp: true, allowlist: false, skills: false, commands: false, plugins: false },
+        capabilities: { hooks: false, mcp: true, allowlist: false, skills: false, commands: false, plugins: false, modes: ['edit'] },
     },
     roo: {
         id: 'roo',
@@ -369,7 +381,7 @@ export const AGENTS = {
         format: 'markdown',
         variableSyntax: '$ARGUMENTS',
         supportsHooks: false,
-        capabilities: { hooks: false, mcp: true, allowlist: false, skills: true, commands: true, plugins: false },
+        capabilities: { hooks: false, mcp: true, allowlist: false, skills: true, commands: true, plugins: false, modes: ['plan', 'edit'] },
     },
     // Google Antigravity CLI (`agy`) — official replacement for Gemini CLI as of IO 2026.
     // configDir nests inside `~/.gemini/` since agy shares the parent dir with the Gemini
@@ -396,7 +408,7 @@ export const AGENTS = {
         format: 'markdown',
         variableSyntax: '{{args}}',
         supportsHooks: true,
-        capabilities: { hooks: true, mcp: true, allowlist: true, skills: true, commands: true, plugins: true, rulesImports: false },
+        capabilities: { hooks: true, mcp: true, allowlist: true, skills: true, commands: true, plugins: true, modes: ['edit', 'skip'], rulesImports: false },
     },
     // xAI Grok Build CLI (`grok`) — early beta, SuperGrok Heavy. Auth via OAuth on
     // first launch, or XAI_API_KEY env var for headless. MCP servers configured inline
@@ -410,7 +422,7 @@ export const AGENTS = {
         color: 'cyanBright',
         cliCommand: 'grok',
         npmPackage: '',
-        installScript: 'curl -fsSL https://x.ai/cli/install.sh | bash -s VERSION',
+        installScript: 'curl -fsSL https://x.ai/cli/install.sh | bash',
         configDir: path.join(HOME, '.grok'),
         commandsDir: '', // Grok primarily uses skills + slash commands from skills
         commandsSubdir: '',
@@ -427,6 +439,7 @@ export const AGENTS = {
             skills: true,
             commands: false, // covered by skills
             plugins: true,
+            modes: ['plan', 'edit', 'skip'],
             rulesImports: true,
         },
     },
@@ -506,8 +519,16 @@ async function getCachedVersionForBinary(agentId, binaryPath) {
         /* version command failed */
         version = null;
     }
-    cache[agentId] = { binaryPath, mtime, version };
-    saveCliVersionCache();
+    // Skip persisting null results — the most common cause is a transient
+    // `--version` failure (slow startup, stdout race, etc.). A sticky-null
+    // entry kept users in a broken state where every subsequent
+    // `getCachedVersionForBinary` short-circuited to null forever, even
+    // after the binary started working. Re-probing on the next call costs
+    // one execFile; persisting null costs the whole feature.
+    if (version !== null) {
+        cache[agentId] = { binaryPath, mtime, version };
+        saveCliVersionCache();
+    }
     return version;
 }
 /**
@@ -1197,7 +1218,7 @@ function parseMcpFromOpenCodeConfig(configPath) {
 /**
  * Get user-scoped MCP config path for an agent.
  */
-function getUserMcpConfigPath(agentId) {
+export function getUserMcpConfigPath(agentId) {
     const agent = AGENTS[agentId];
     switch (agentId) {
         case 'claude':
@@ -1215,6 +1236,9 @@ function getUserMcpConfigPath(agentId) {
         case 'openclaw':
             // OpenClaw uses openclaw.json
             return path.join(agent.configDir, 'openclaw.json');
+        case 'copilot':
+            // GitHub Copilot CLI uses mcp-config.json (matches versioned + project paths)
+            return path.join(agent.configDir, 'mcp-config.json');
         case 'antigravity':
             // agy uses mcp_config.json inside its nested config dir (~/.gemini/antigravity-cli/)
             return path.join(agent.configDir, 'mcp_config.json');

package/dist/lib/auto-pull-worker.js

@@ -14,6 +14,15 @@ import { tryAutoPull, isGitRepo } from './git.js';
 import { getSystemAgentsDir, getUserAgentsDir, getEnabledExtraRepos, getFetchCacheDir, } from './state.js';
 import { lockFilePath, statusFilePath } from './auto-pull.js';
 const LOCK_TTL_MS = 5 * 60 * 1000;
+/**
+ * Background auto-pull of ~/.agents-system/ is off by default. When enabled it
+ * silently fast-forwards a tracked source tree that the CLI then reads as a
+ * source of skills, hooks, install manifests, and commands — anyone with push
+ * access to that upstream gets remote code execution on every user the next
+ * time they invoke a command that loads a system resource. Operators that
+ * really want the convenience can set AGENTS_AUTO_PULL=1.
+ */
+const ENABLE_AUTO_PULL = process.env.AGENTS_AUTO_PULL === '1';
 function ensureFetchDir() {
     const dir = getFetchCacheDir();
     if (!fs.existsSync(dir)) {
@@ -84,7 +93,15 @@ async function processTarget(target) {
         return;
     try {
         if (target.mode === 'pull') {
-            await tryAutoPull(target.dir);
+            if (!ENABLE_AUTO_PULL) {
+                // Demote to a fetch + notify; the user still sees ahead/behind on the
+                // next foreground CLI invocation, but the source tree is never mutated
+                // by a detached worker.
+                await notifyRepo(target);
+            }
+            else {
+                await tryAutoPull(target.dir);
+            }
         }
         else {
             await notifyRepo(target);

package/dist/lib/browser/chrome.js

@@ -139,6 +139,10 @@ isElectron = false) {
         '--no-default-browser-check',
         '--disable-features=DefaultBrowserSetting,ChromeWhatsNewUI',
         '--disable-crash-reporter',
+        // Suppress navigator.webdriver = true, which Chromium sets whenever a
+        // remote-debugging transport is active. That property is the loudest
+        // signal Cloudflare Turnstile, hCaptcha, and similar checks read.
+        '--disable-blink-features=AutomationControlled',
         ...(options.headless ? ['--headless=new'] : []),
         `--window-size=${viewport.width},${viewport.height}`,
         ...(viewport.x !== undefined && viewport.y !== undefined

package/dist/lib/browser/drivers/ssh.js

@@ -180,7 +180,7 @@ async function ensureRemoteBrowser(user, host, browserType, port, customBinary)
     const remoteCmd = [
         shellQuote(browserPath),
         `--remote-debugging-port=${port}`,
-        shellQuote('--remote-allow-origins=*'),
+        shellQuote(`--remote-allow-origins=http://127.0.0.1:${port}`),
         '--disable-background-timer-throttling',
         `--user-data-dir=/tmp/agents-browser-${port}`,
         '</dev/null >/dev/null 2>&1 &',

package/dist/lib/browser/profiles.d.ts

@@ -65,12 +65,12 @@ export declare function resolveEndpoint(profile: BrowserProfile, endpointName?:
  * Returns undefined for endpoint shapes that don't carry a port (e.g. ws:// without one).
  *
  * Ports are scoped by host: a `cdp://127.0.0.1:9222` profile (local Chrome on
- * this machine) and an `ssh://mac-mini:9222` profile (Comet on mac-mini)
- * point at different physical ports — the host disambiguates them.
+ * this machine) and an `ssh://remote-host:9222` profile (Comet on a remote
+ * host) point at different physical ports — the host disambiguates them.
  *
  * Accepts both `scheme://host:port` and `scheme://host?port=N` shapes (the
  * latter is the documented form in `types.ts` for `ssh://`). Without this,
- * `ssh://mac-mini?port=18805` would silently fall back to 9222 and every
+ * `ssh://remote-host?port=18805` would silently fall back to 9222 and every
  * `?port=`-style SSH profile would collide on creation.
  */
 export declare function extractConfiguredEndpoint(profile: BrowserProfile): {

package/dist/lib/browser/profiles.js

@@ -299,12 +299,12 @@ export function resolveEndpoint(profile, endpointName) {
  * Returns undefined for endpoint shapes that don't carry a port (e.g. ws:// without one).
  *
  * Ports are scoped by host: a `cdp://127.0.0.1:9222` profile (local Chrome on
- * this machine) and an `ssh://mac-mini:9222` profile (Comet on mac-mini)
- * point at different physical ports — the host disambiguates them.
+ * this machine) and an `ssh://remote-host:9222` profile (Comet on a remote
+ * host) point at different physical ports — the host disambiguates them.
  *
  * Accepts both `scheme://host:port` and `scheme://host?port=N` shapes (the
  * latter is the documented form in `types.ts` for `ssh://`). Without this,
- * `ssh://mac-mini?port=18805` would silently fall back to 9222 and every
+ * `ssh://remote-host?port=18805` would silently fall back to 9222 and every
  * `?port=`-style SSH profile would collide on creation.
  */
 export function extractConfiguredEndpoint(profile) {

package/dist/lib/browser/service.js

@@ -1701,6 +1701,25 @@ export class BrowserService {
             targetId: tabId,
             flatten: true,
         }));
+        // Inject a one-shot stealth shim before any page script runs. Chromium
+        // unconditionally exposes navigator.webdriver = true when a remote-debug
+        // transport is attached; Cloudflare Turnstile, hCaptcha, and similar bot
+        // checks read that property first. For browsers agents-cli spawns the
+        // --disable-blink-features=AutomationControlled launch flag already
+        // covers this, but for attach-to-running profiles (the Comet / Arc /
+        // Brave case where the user launched the browser themselves) the flag
+        // is unavailable — Page.addScriptToEvaluateOnNewDocument is the only
+        // lever. Non-page targets (workers, service workers) will reject these
+        // calls; we swallow the error and keep going.
+        try {
+            await conn.cdp.send('Page.enable', {}, sessionId);
+            await conn.cdp.send('Page.addScriptToEvaluateOnNewDocument', {
+                source: "Object.defineProperty(navigator,'webdriver',{get:()=>undefined});",
+            }, sessionId);
+        }
+        catch {
+            // Target doesn't support Page domain — nothing to inject.
+        }
         conn.sessionCache.set(tabId, sessionId);
         return sessionId;
     }

package/dist/lib/browser/types.d.ts

@@ -1,15 +1,15 @@
 export type BrowserType = 'chrome' | 'comet' | 'chromium' | 'brave' | 'edge' | 'custom';
 /**
  * A single named endpoint preset within a profile. Lets one profile cover
- * the local + remote variants of the same app (e.g. Rush on this Mac vs.
- * Rush on mac-mini) instead of forcing two parallel profiles.
+ * the local + remote variants of the same app (e.g. an Electron app on this
+ * Mac vs. on a remote host) instead of forcing two parallel profiles.
  *
  * Per-endpoint overrides take precedence over profile-level fields.
  */
 export interface EndpointPreset {
     /** CDP URL — `cdp://host:port` or `ssh://host?port=N` */
     target: string;
-    /** Override the profile-level binary (e.g. mac-mini has no local binary). */
+    /** Override the profile-level binary (e.g. a remote host has no local binary). */
     binary?: string;
     /** Override the profile-level targetFilter (Electron app builds may diverge). */
     targetFilter?: string;
@@ -43,7 +43,7 @@ export interface BrowserProfile {
     };
     /** Directory holding source-side JSONL logs (e.g. ~/.rush/logs). */
     logDir?: string;
-    /** Optional SSH host where logDir lives, e.g. "user@mac-mini". */
+    /** Optional SSH host where logDir lives, e.g. "user@remote-host". */
     logHost?: string;
 }
 /** Parsed form of `BrowserProfile.targetFilter`. */

package/dist/lib/cli-resources.d.ts

@@ -16,6 +16,21 @@ export interface BinarySpec {
         extract?: string;
     };
 }
+/**
+ * How to verify a CLI is installed. Structured so we can dispatch to spawnSync
+ * with an argv array — never through a shell.
+ *
+ * `which` — just check PATH for `cmd`.
+ * `version` — spawn `cmd` with `args` and require exit 0.
+ */
+export type CheckSpec = {
+    kind: 'which';
+    cmd: string;
+} | {
+    kind: 'version';
+    cmd: string;
+    args: string[];
+};
 /** Parsed CLI manifest. */
 export interface CliManifest {
     /** Name as it appears on the command line (e.g. "higgsfield"). */
@@ -24,8 +39,8 @@ export interface CliManifest {
     description?: string;
     /** Project homepage; used in detail view + post-install messaging. */
     homepage?: string;
-    /** Command run to verify the binary is installed (default: "<name> --version"). */
-    check: string;
+    /** Structured check spec; never a raw shell command. */
+    check: CheckSpec;
     /** Install methods tried in order; first one whose tool is available is used. */
     install: InstallMethod[];
     /** Message printed after successful install — typically auth instructions. */
@@ -42,6 +57,13 @@ export interface CliManifestError {
     /** Human-readable reason. */
     reason: string;
 }
+/**
+ * Parse a `check:` field into a CheckSpec. Accepts either a structured object
+ * (`{ kind: 'which'|'version', cmd, args? }`) or a legacy whitespace-separated
+ * string. String form is split on whitespace and each token is validated against
+ * SAFE_CHECK_TOKEN — manifests cannot smuggle in shell metacharacters.
+ */
+export declare function parseCheckSpec(raw: unknown, defaultName: string): CheckSpec;
 /**
  * Parse a single CLI manifest from its YAML contents.
  * Returns a manifest on success; throws on schema violations so callers can
@@ -63,13 +85,18 @@ export declare function listCliManifests(cwd?: string): {
 /** Resolve a single CLI manifest by name. Returns null when not declared. */
 export declare function resolveCliManifest(name: string, cwd?: string): CliManifest | null;
 export declare function hasCommand(cmd: string): boolean;
-/** Run the manifest's `check` command. Returns true when it exits 0. */
+/**
+ * Run the manifest's check. Dispatches on CheckSpec.kind — never invokes a
+ * shell, never interpolates strings into a command line.
+ */
 export declare function isCliInstalled(manifest: CliManifest): boolean;
 /**
  * Pick the first install method whose required host tool is available.
  * Returns null when none of the declared methods can run on this host.
  */
 export declare function selectInstallMethod(manifest: CliManifest): InstallMethod | null;
+/** Render a CheckSpec back to a human-readable command string (display only). */
+export declare function describeCheck(check: CheckSpec): string;
 /** Short description of a method for display. */
 export declare function describeMethod(method: InstallMethod): string;
 export interface InstallResult {
@@ -83,6 +110,12 @@ export interface InstallResult {
     /** Set when the install runner threw or exited non-zero. */
     error?: string;
 }
+/**
+ * Display-only rendering of how a method would be run, for `--dry-run` and
+ * status output. Not used by installCli — execution goes through runInstallMethod
+ * which dispatches to spawnSync with argv arrays.
+ */
+export declare function buildInstallCommand(method: InstallMethod): string;
 /**
  * Install a single CLI by running its first compatible method. Streams the
  * underlying command's output to the parent terminal so users see brew/npm
@@ -91,11 +124,6 @@ export interface InstallResult {
 export declare function installCli(manifest: CliManifest, opts?: {
     dryRun?: boolean;
 }): InstallResult;
-/**
- * Map a declarative method to a shell command. Centralized so tests and dry-run
- * surface the exact string that would execute.
- */
-export declare function buildInstallCommand(method: InstallMethod): string;
 export interface CliStatus {
     manifest: CliManifest;
     installed: boolean;