@phnx-labs/agents-cli 1.20.3 → 1.20.5

package/dist/lib/routines.js

@@ -10,7 +10,7 @@ import * as fs from 'fs';
 import * as path from 'path';
 import * as yaml from 'yaml';
 import { Cron } from 'croner';
-import { getRoutinesDir, getRunsDir, ensureAgentsDir } from './state.js';
+import { getRoutinesDir, getRunsDir, ensureAgentsDir, getProjectRoutinesDir } from './state.js';
 import { safeJoin } from './paths.js';
 import { ALL_AGENT_IDS } from './agents.js';
 /** Default values applied to every job config when fields are omitted. */
@@ -20,29 +20,59 @@ const JOB_DEFAULTS = {
     timeout: '10m',
     enabled: true,
 };
-/** List all job configs from ~/.agents/routines/. */
-export function listJobs() {
+/**
+ * List all job configs, scanning project > user routine dirs.
+ * Project routines (`<project>/.agents/routines/`) shadow user routines of the
+ * same name. Project discovery is opt-in via `cwd`; the daemon (which calls
+ * `listJobs()` with no argument) only sees user routines.
+ */
+export function listJobs(cwd) {
     ensureAgentsDir();
-    const jobsDir = getRoutinesDir();
-    if (!fs.existsSync(jobsDir))
-        return [];
-    const files = fs.readdirSync(jobsDir).filter((f) => f.endsWith('.yml') || f.endsWith('.yaml'));
+    const seen = new Set();
     const jobs = [];
-    for (const file of files) {
-        const job = readJobFile(path.join(jobsDir, file));
-        if (job)
+    const dirs = [];
+    if (cwd) {
+        const projectDir = getProjectRoutinesDir(cwd);
+        if (projectDir)
+            dirs.push(projectDir);
+    }
+    dirs.push(getRoutinesDir());
+    for (const dir of dirs) {
+        if (!fs.existsSync(dir))
+            continue;
+        const files = fs.readdirSync(dir).filter((f) => f.endsWith('.yml') || f.endsWith('.yaml'));
+        for (const file of files) {
+            const job = readJobFile(path.join(dir, file));
+            if (!job)
+                continue;
+            if (seen.has(job.name))
+                continue;
+            seen.add(job.name);
             jobs.push(job);
+        }
     }
     return jobs;
 }
-/** Read a single job config by name. Returns null if not found. */
-export function readJob(name) {
+/**
+ * Read a single job config by name, checking project > user.
+ * Project discovery is opt-in via `cwd`; daemon callers pass no argument and
+ * only resolve user routines.
+ */
+export function readJob(name, cwd) {
     ensureAgentsDir();
-    const jobsDir = getRoutinesDir();
-    for (const ext of ['.yml', '.yaml']) {
-        const filePath = safeJoin(jobsDir, name + ext);
-        if (fs.existsSync(filePath)) {
-            return readJobFile(filePath);
+    const dirs = [];
+    if (cwd) {
+        const projectDir = getProjectRoutinesDir(cwd);
+        if (projectDir)
+            dirs.push(projectDir);
+    }
+    dirs.push(getRoutinesDir());
+    for (const dir of dirs) {
+        for (const ext of ['.yml', '.yaml']) {
+            const filePath = safeJoin(dir, name + ext);
+            if (fs.existsSync(filePath)) {
+                return readJobFile(filePath);
+            }
         }
     }
     return null;
@@ -147,8 +177,28 @@ export function validateJob(config) {
     if (config.timeout && !parseTimeout(config.timeout)) {
         errors.push('timeout must be like 10m, 2h, 3d, 1w (max 1w)');
     }
+    if (config.endAt !== undefined) {
+        if (typeof config.endAt !== 'string' || !isParseableDate(config.endAt)) {
+            errors.push('endAt must be a parseable ISO 8601 / RFC3339 timestamp (e.g., 2026-12-31T23:59:00Z)');
+        }
+    }
     return errors;
 }
+function isParseableDate(value) {
+    if (!value.trim())
+        return false;
+    const ts = Date.parse(value);
+    return Number.isFinite(ts);
+}
+/** True when a job's endAt has already elapsed. False when endAt is unset or in the future. */
+export function isPastEndAt(config, now = new Date()) {
+    if (!config.endAt)
+        return false;
+    const end = Date.parse(config.endAt);
+    if (!Number.isFinite(end))
+        return false;
+    return now.getTime() >= end;
+}
 /** Expand built-in and user-defined template variables in a job's prompt string. */
 export function resolveJobPrompt(config) {
     const now = new Date();

package/dist/lib/rules/compile.js

@@ -10,8 +10,8 @@ import * as fs from 'fs';
 import * as path from 'path';
 import * as os from 'os';
 import * as crypto from 'crypto';
-import { AGENTS } from '../agents.js';
-import { getResolvedRulesDir, getVersionsDir } from '../state.js';
+import { AGENTS, agentConfigDirName } from '../agents.js';
+import { getVersionsDir } from '../state.js';
 import { composeRules, composeRulesFromState } from './compose.js';
 // Match `@path` preceded by start-of-string or whitespace. This avoids
 // matching emails ("foo@bar.com") and the middle of words. The leading
@@ -97,7 +97,7 @@ export function supportsRulesImports(agentId) {
 function getCompiledRulesPath(agentId, version) {
     const agentConfig = AGENTS[agentId];
     const versionHome = path.join(getVersionsDir(), agentId, version, 'home');
-    return path.join(versionHome, `.${agentId}`, agentConfig.instructionsFile);
+    return path.join(versionHome, agentConfigDirName(agentId), agentConfig.instructionsFile);
 }
 function getManifestPath(compiledPath) {
     return compiledPath + '.manifest.json';
@@ -151,14 +151,24 @@ export function compileRulesForAgent(agentId, version) {
     if (supportsRulesImports(agentId)) {
         return { compiled: false, compiledPath: '', sources: 0 };
     }
-    const rulesDir = getResolvedRulesDir();
-    const sourceAgents = path.join(rulesDir, 'AGENTS.md');
-    if (!fs.existsSync(sourceAgents)) {
+    // Route through the layered composer (project > user > extras > system).
+    // The previous implementation read only `<systemRules>/AGENTS.md` and
+    // inlined its @-imports — that dropped user/extras/project subrules
+    // entirely for @-import-incapable agents (Cursor, older Codex), so
+    // updates to ~/.agents/rules/subrules/ never reached the version home.
+    // composeRulesFromState already returns the concatenated content with
+    // every fragment resolved across layers; we just need to record the
+    // composed source list for staleness detection.
+    let composed;
+    try {
+        composed = composeRulesFromState({ preset: undefined });
+    }
+    catch {
+        // No rules.yaml in any layer, or the default preset is missing — leave
+        // the version home untouched (matches the previous file-missing branch).
         return { compiled: false, compiledPath: '', sources: 0 };
     }
-    const rootContent = fs.readFileSync(sourceAgents, 'utf8');
-    const { content, sources } = resolveImports(rootContent, rulesDir);
-    const newContent = COMPILED_HEADER + content;
+    const newContent = COMPILED_HEADER + composed.content;
     const compiledPath = getCompiledRulesPath(agentId, version);
     fs.mkdirSync(path.dirname(compiledPath), { recursive: true });
     const existing = fs.existsSync(compiledPath) ? fs.readFileSync(compiledPath, 'utf8') : null;
@@ -166,7 +176,9 @@ export function compileRulesForAgent(agentId, version) {
         return { compiled: false, compiledPath, sources: 0 };
     }
     fs.writeFileSync(compiledPath, newContent);
-    const allSources = [sourceAgents, ...sources];
+    // Track every concrete subrule file the composer included as a source for
+    // staleness. composeRulesFromState exposes sourcePath on each ComposedSubrule.
+    const allSources = composed.subrules.map(s => s.sourcePath);
     const manifest = {
         compiledAt: new Date().toISOString(),
         sources: allSources.map(p => {

package/dist/lib/rules/rules.js

@@ -8,7 +8,7 @@
  */
 import * as fs from 'fs';
 import * as path from 'path';
-import { AGENTS, ALL_AGENT_IDS } from '../agents.js';
+import { AGENTS, ALL_AGENT_IDS, agentConfigDirName } from '../agents.js';
 import { getResolvedRulesDir, getUserRulesDir, getProjectAgentsDir } from '../state.js';
 import { getEffectiveHome } from '../versions.js';
 /**
@@ -65,7 +65,7 @@ function normalizeContent(content) {
  */
 function getUserConfigDir(agentId) {
     const home = getEffectiveHome(agentId);
-    return path.join(home, `.${agentId}`);
+    return path.join(home, agentConfigDirName(agentId));
 }
 export function getInstructionsPath(agentId, scope, cwd = process.cwd()) {
     const agent = AGENTS[agentId];
@@ -211,7 +211,7 @@ export function listInstalledInstructionsWithScope(agentId, cwd = process.cwd(),
     const agent = AGENTS[agentId];
     // User-scoped instructions (version-aware when home is provided)
     const home = options?.home || getEffectiveHome(agentId);
-    const userConfigDir = path.join(home, `.${agentId}`);
+    const userConfigDir = path.join(home, agentConfigDirName(agentId));
     const userPath = path.join(userConfigDir, agent.instructionsFile);
     results.push({
         agentId,

package/dist/lib/runner.js

@@ -21,6 +21,7 @@ const AGENT_COMMANDS = {
     claude: ['claude', '-p', '--verbose', '{prompt}', '--output-format', 'stream-json', '--permission-mode', 'plan'],
     codex: ['codex', 'exec', '--sandbox', 'workspace-write', '{prompt}', '--json'],
     gemini: ['gemini', '{prompt}', '--output-format', 'stream-json'],
+    kimi: ['kimi', '--prompt', '{prompt}', '--output-format', 'stream-json'],
 };
 /** Build the full CLI argv for executing a job, applying mode, model, and permission flags. */
 export function buildJobCommand(config, resolvedPrompt) {
@@ -72,14 +73,14 @@ export function buildJobCommand(config, resolvedPrompt) {
     }
     if (config.agent === 'codex') {
         if (mode === 'edit') {
-            cmd.push('--full-auto');
+            cmd.push('--dangerously-bypass-approvals-and-sandbox');
         }
         else if (mode === 'skip') {
-            // Remove sandbox restriction, just --full-auto
+            // Remove sandbox restriction, just --dangerously-bypass-approvals-and-sandbox
             const sbIndex = cmd.indexOf('--sandbox');
             if (sbIndex !== -1)
                 cmd.splice(sbIndex, 2);
-            cmd.push('--full-auto');
+            cmd.push('--dangerously-bypass-approvals-and-sandbox');
         }
         appendModelAndReasoning(cmd, config);
     }
@@ -92,6 +93,18 @@ export function buildJobCommand(config, resolvedPrompt) {
         }
         appendModelAndReasoning(cmd, config);
     }
+    if (config.agent === 'kimi') {
+        if (mode === 'plan') {
+            cmd.push('--plan');
+        }
+        else if (mode === 'auto') {
+            cmd.push('--auto');
+        }
+        else if (mode === 'skip') {
+            cmd.push('--yolo');
+        }
+        appendModelAndReasoning(cmd, config);
+    }
     return cmd;
 }
 /**

package/dist/lib/scheduler.js

@@ -6,7 +6,7 @@
  * on startup and reloads them on SIGHUP.
  */
 import { Cron } from 'croner';
-import { listJobs, deleteJob } from './routines.js';
+import { listJobs, deleteJob, isPastEndAt, setJobEnabled } from './routines.js';
 /** In-memory cron scheduler that triggers a callback when jobs fire. */
 export class JobScheduler {
     jobs = new Map();
@@ -32,6 +32,20 @@ export class JobScheduler {
         if (config.timezone)
             cronOptions.timezone = config.timezone;
         const cron = new Cron(config.schedule, cronOptions, async () => {
+            // endAt: once the configured end time has passed, auto-disable and stop
+            // firing. We persist enabled=false to disk so the next daemon reload
+            // doesn't re-schedule, and unschedule in-memory so this cron stops.
+            if (isPastEndAt(config)) {
+                this.unschedule(config.name);
+                try {
+                    setJobEnabled(config.name, false);
+                }
+                catch (err) {
+                    console.error(`Job '${config.name}' endAt auto-disable failed:`, err.message);
+                }
+                console.log(`Job '${config.name}' reached endAt (${config.endAt}); auto-disabled.`);
+                return;
+            }
             try {
                 await this.onTrigger(config);
             }

package/dist/lib/secrets/Agents CLI.app/Contents/_CodeSignature/CodeResources

@@ -5,7 +5,15 @@
 	<key>files</key>
 	<dict/>
 	<key>files2</key>
-	<dict/>
+	<dict>
+		<key>embedded.provisionprofile</key>
+		<dict>
+			<key>hash2</key>
+			<data>
+			2vfA/eR3dTYgNc/fXhdADUPkp5tRIepPzE3FCLfDx4w=
+			</data>
+		</dict>
+	</dict>
 	<key>rules</key>
 	<dict>
 		<key>^Resources/</key>

package/dist/lib/secrets/linux.d.ts

@@ -1,19 +1,44 @@
 /**
  * Linux secret storage via libsecret (GNOME Keyring / Secret Service API).
  *
- * Uses `secret-tool` CLI which is part of libsecret-tools package.
- * On Ubuntu: apt install libsecret-tools
+ * Primary backend: `secret-tool` CLI (libsecret-tools package).
  *
- * Secrets are stored with:
+ * Headless fallback: when the default Secret Service collection is locked
+ * (common on server-class Linux — no graphical login means the keyring
+ * passphrase never enters the daemon, so `secret-tool store` fails with
+ * "Cannot create an item in a locked collection"), we transparently switch
+ * to a file-based AES-256-GCM encrypted store under
+ * `~/.agents/.cache/secrets/`. The encryption key is scrypt-derived from a
+ * passphrase read from `AGENTS_SECRETS_PASSPHRASE` (preferred) or a TTY
+ * prompt. The decision is cached per process; one stderr line is emitted
+ * the first time the fallback activates.
+ *
+ * Secrets stored via secret-tool use:
  *   service = "agents-cli"
  *   account = username
- *   item = the secret identifier
+ *   item    = the secret identifier
+ *
+ * File-fallback layout: one `<item>.enc` JSON file per item, mode 0600.
  */
 import type { KeychainBackend } from './index.js';
-/**
- * secret-tool lookup attributes:
- *   service=agents-cli account=<user> item=<itemName>
- */
+/** Encrypted-file on-disk shape. Exported for tests. */
+export interface EncFile {
+    salt: string;
+    iv: string;
+    authTag: string;
+    ciphertext: string;
+}
+/** Encrypt plaintext under a passphrase using AES-256-GCM with a random
+ *  scrypt salt and a random 96-bit IV. Exported for tests. */
+export declare function encryptForFallback(plaintext: string, passphrase: string): EncFile;
+/** Decrypt an EncFile under a passphrase. Throws on wrong key or tampered
+ *  ciphertext (auth-tag mismatch). Exported for tests. */
+export declare function decryptForFallback(enc: EncFile, passphrase: string): string;
+/** File-only KeychainBackend (exported for tests; the public surface uses
+ *  the secret-tool-with-fallback `linuxBackend` below). */
+export declare const fileBackend: KeychainBackend;
+/** secret-tool lookup attributes:
+ *   service=agents-cli account=<user> item=<itemName> */
 export declare function hasSecretToolToken(item: string): boolean;
 export declare function getSecretToolToken(item: string): string;
 export declare function setSecretToolToken(item: string, value: string): void;
@@ -23,5 +48,15 @@ export declare function deleteSecretToolToken(item: string): boolean;
  * so we use secret-tool search which outputs in a specific format.
  */
 export declare function listSecretToolItems(prefix: string): string[];
-/** KeychainBackend implementation for Linux using secret-tool */
+/** KeychainBackend implementation for Linux. Routes through secret-tool
+ *  with a transparent encrypted-file fallback when the default Secret
+ *  Service collection is locked (or libsecret-tools is not installed but
+ *  AGENTS_SECRETS_PASSPHRASE is set). */
 export declare const linuxBackend: KeychainBackend;
+/** Test-only: reset module state so independent test cases don't bleed
+ *  passphrase / fallback decisions across each other. */
+export declare function _resetForTest(opts?: {
+    fileDir?: string | null;
+    forceFileFallback?: boolean;
+    passphrase?: string | null;
+}): void;