@poncho-ai/cli 0.14.1 → 0.16.0

package/dist/cli.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   main
-} from "./chunk-AIEVSNGF.js";
+} from "./chunk-XT5HPFIW.js";
 
 // src/cli.ts
 void main();

package/dist/index.js

@@ -23,7 +23,7 @@ import {
   runTests,
   startDevServer,
   updateAgentGuidance
-} from "./chunk-AIEVSNGF.js";
+} from "./chunk-XT5HPFIW.js";
 export {
   addSkill,
   buildCli,

package/dist/{run-interactive-ink-7ULE5JJI.js → run-interactive-ink-2JQJDP7W.js}

@@ -2,7 +2,7 @@ import {
   consumeFirstRunIntro,
   inferConversationTitle,
   resolveHarnessEnvironment
-} from "./chunk-AIEVSNGF.js";
+} from "./chunk-XT5HPFIW.js";
 
 // src/run-interactive-ink.ts
 import * as readline from "readline";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poncho-ai/cli",
-  "version": "0.14.1",
+  "version": "0.16.0",
   "description": "CLI for building and deploying AI agents",
   "repository": {
     "type": "git",
@@ -27,9 +27,9 @@
     "react": "^19.2.4",
     "react-devtools-core": "^6.1.5",
     "yaml": "^2.8.1",
-    "@poncho-ai/harness": "0.14.1",
-    "@poncho-ai/messaging": "0.2.1",
-    "@poncho-ai/sdk": "1.0.2"
+    "@poncho-ai/harness": "0.15.0",
+    "@poncho-ai/messaging": "0.2.3",
+    "@poncho-ai/sdk": "1.1.0"
   },
   "devDependencies": {
     "@types/busboy": "^1.5.4",

package/src/index.ts

@@ -391,12 +391,14 @@ Stopping is best-effort and keeps partial assistant output/tool activity already
 \`\`\`bash
 # Local web UI + API server
 poncho dev
+poncho dev --port 8080
 
 # Local interactive CLI
 poncho run --interactive
 
 # One-off run
 poncho run "Your task here"
+poncho run "Explain this code" --file ./src/index.ts
 
 # Run tests
 poncho test
@@ -478,9 +480,9 @@ How it works:
 - Use \`approval-required\` to require human approval for specific MCP calls or script files.
 - Deactivating a skill (\`deactivate_skill\`) removes its MCP tools from runtime registration.
 
-Pattern format is strict slash-only:
+Pattern format:
 
-- MCP: \`server/tool\`, \`server/*\`
+- MCP: \`mcp:server/tool\`, \`mcp:server/*\` (protocol-like prefix)
 - Scripts: relative paths such as \`./scripts/file.ts\`, \`./scripts/*\`, \`./tools/deploy.ts\`
 
 Skill authoring guardrails:
@@ -538,6 +540,7 @@ export default {
       },
     },
   },
+  // browser: true, // Enable browser automation tools (requires @poncho-ai/browser)
   // webUi: false, // Disable built-in UI for API-only deployments
 };
 \`\`\`
@@ -575,8 +578,9 @@ cron:
 \`\`\`
 
 - \`poncho dev\`: jobs run via an in-process scheduler.
-- \`poncho build vercel\`: generates \`vercel.json\` cron entries.
+- \`poncho build vercel\`: generates \`vercel.json\` cron entries. Set \`CRON_SECRET\` to the same value as \`PONCHO_AUTH_TOKEN\` so Vercel can authenticate.
 - Docker/Fly.io: scheduler runs automatically.
+- Lambda: use AWS EventBridge to trigger \`GET /api/cron/<jobName>\` with \`Authorization: Bearer <token>\`.
 - Trigger manually: \`curl http://localhost:3000/api/cron/daily-report\`
 
 ## Messaging (Slack)
@@ -597,6 +601,8 @@ Connect your agent to Slack so it responds to @mentions:
    messaging: [{ platform: 'slack' }]
    \`\`\`
 
+**Vercel deployments:** install \`@vercel/functions\` so Poncho can keep the serverless function alive while processing: \`npm install @vercel/functions\`
+
 ## Messaging (Email via Resend)
 
 Connect your agent to email so users can interact by sending emails:
@@ -617,6 +623,8 @@ Connect your agent to email so users can interact by sending emails:
 
 For full control over outbound emails, use **tool mode** (\`mode: 'tool'\`) — the agent gets a \`send_email\` tool instead of auto-replying. See the repo README for details.
 
+**Vercel deployments:** install \`@vercel/functions\` so Poncho can keep the serverless function alive while processing: \`npm install @vercel/functions\`
+
 ## Deployment
 
 \`\`\`bash
@@ -627,8 +635,28 @@ vercel deploy --prod
 # Build for Docker
 poncho build docker
 docker build -t ${name} .
+docker run -p 3000:3000 -e ANTHROPIC_API_KEY=sk-ant-... ${name}
+
+# AWS Lambda
+poncho build lambda
+
+# Fly.io
+poncho build fly
+fly deploy
 \`\`\`
 
+Set environment variables on your deployment platform:
+
+\`\`\`bash
+ANTHROPIC_API_KEY=sk-ant-...   # Required
+PONCHO_AUTH_TOKEN=your-secret  # Optional: protect your endpoint
+PONCHO_MAX_DURATION=55         # Optional: serverless timeout in seconds (enables auto-continuation)
+\`\`\`
+
+When \`PONCHO_MAX_DURATION\` is set, the agent automatically checkpoints and resumes across
+request cycles when it approaches the platform timeout. The web UI and client SDK handle
+this transparently.
+
 ## Troubleshooting
 
 ### Vercel deploy issues
@@ -1855,8 +1883,8 @@ export const createRequestHandler = async (options?: {
   const sessionStore = new SessionStore();
   const loginRateLimiter = new LoginRateLimiter();
 
-  // Unified authentication using PONCHO_AUTH_TOKEN for both Web UI and API
-  const authToken = process.env.PONCHO_AUTH_TOKEN ?? "";
+  const authTokenEnv = config?.auth?.tokenEnv ?? "PONCHO_AUTH_TOKEN";
+  const authToken = process.env[authTokenEnv] ?? "";
   const authRequired = config?.auth?.required ?? false;
   const requireAuth = authRequired && authToken.length > 0;
 
@@ -1885,6 +1913,7 @@ export const createRequestHandler = async (options?: {
       return;
     }
     const [pathname] = request.url.split("?");
+    const requestUrl = new URL(request.url ?? "/", `http://${request.headers.host ?? "localhost"}`);
 
     if (webUiEnabled) {
       if (request.method === "GET" && (pathname === "/" || pathname.startsWith("/c/"))) {
@@ -2058,6 +2087,140 @@ export const createRequestHandler = async (options?: {
       }
     }
 
+    // --- Browser endpoints (single session, routed by conversationId) ---
+
+    type BrowserSessionTyped = {
+      isLaunched: boolean;
+      isActiveFor: (cid: string) => boolean;
+      getUrl: (cid: string) => string | undefined;
+      onFrame: (cid: string, cb: (f: { data: string; width: number; height: number; timestamp: number }) => void) => () => void;
+      onStatus: (cid: string, cb: (s: { active: boolean; url?: string; interactionAllowed: boolean }) => void) => () => void;
+      startScreencast: (cid: string, opts?: Record<string, unknown>) => Promise<void>;
+      screenshot: (cid: string) => Promise<string>;
+      injectMouse: (cid: string, e: { type: string; x: number; y: number; button?: string; clickCount?: number; deltaX?: number; deltaY?: number }) => Promise<void>;
+      injectKeyboard: (cid: string, e: { type: string; key: string; code?: string }) => Promise<void>;
+      injectScroll: (cid: string, e: { deltaX: number; deltaY: number; x?: number; y?: number }) => Promise<void>;
+      injectPaste: (cid: string, text: string) => Promise<void>;
+      navigate: (cid: string, action: string) => Promise<void>;
+    };
+
+    const browserSession = harness.browserSession as BrowserSessionTyped | undefined;
+
+    if (pathname === "/api/browser/status" && request.method === "GET") {
+      const cid = requestUrl.searchParams.get("conversationId") ?? "";
+      writeJson(response, 200, {
+        active: cid && browserSession ? browserSession.isActiveFor(cid) : false,
+        url: cid && browserSession ? browserSession.getUrl(cid) ?? null : null,
+        conversationId: cid || null,
+      });
+      return;
+    }
+
+    if (pathname === "/api/browser/stream" && request.method === "GET") {
+      const cid = requestUrl.searchParams.get("conversationId");
+      if (!cid || !browserSession) {
+        writeJson(response, 404, { error: "No browser session available" });
+        return;
+      }
+
+      response.writeHead(200, {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache, no-transform",
+        Connection: "keep-alive",
+        "X-Accel-Buffering": "no",
+      });
+      response.flushHeaders();
+
+      let frameCount = 0;
+      const sendSse = (event: string, data: unknown) => {
+        if (response.destroyed) return;
+        response.write(`event: ${event}\ndata: ${JSON.stringify(data)}\n\n`);
+      };
+
+      sendSse("browser:status", {
+        active: browserSession.isActiveFor(cid),
+        url: browserSession.getUrl(cid),
+        interactionAllowed: browserSession.isActiveFor(cid),
+      });
+
+      const removeFrame = browserSession.onFrame(cid, (frame) => {
+        frameCount++;
+        if (frameCount <= 3 || frameCount % 50 === 0) {
+          console.log(`[poncho][browser-sse] Frame ${frameCount}: ${frame.width}x${frame.height}, data bytes: ${frame.data?.length ?? 0}`);
+        }
+        sendSse("browser:frame", frame);
+      });
+      const removeStatus = browserSession.onStatus(cid, (status) => {
+        sendSse("browser:status", status);
+      });
+
+      if (browserSession.isActiveFor(cid)) {
+        // Send a screenshot as the first frame for immediate visual feedback,
+        // then start the live screencast for subsequent frames.
+        browserSession.screenshot(cid).then((data) => {
+          if (!response.destroyed) {
+            sendSse("browser:frame", { data, width: 1280, height: 720, timestamp: Date.now() });
+          }
+          return browserSession.startScreencast(cid);
+        }).catch((err: unknown) => {
+          console.error("[poncho][browser-sse] initial frame/screencast failed:", (err as Error)?.message ?? err);
+        });
+      }
+
+      request.on("close", () => {
+        removeFrame();
+        removeStatus();
+      });
+      return;
+    }
+
+    if (pathname === "/api/browser/input" && request.method === "POST") {
+      const chunks: Buffer[] = [];
+      for await (const chunk of request) chunks.push(chunk as Buffer);
+      const body = JSON.parse(Buffer.concat(chunks).toString());
+      const cid = body.conversationId as string;
+      if (!cid || !browserSession || !browserSession.isActiveFor(cid)) {
+        writeJson(response, 404, { error: "No active browser session" });
+        return;
+      }
+      try {
+        if (body.kind === "mouse") {
+          await browserSession.injectMouse(cid, body.event);
+        } else if (body.kind === "keyboard") {
+          await browserSession.injectKeyboard(cid, body.event);
+        } else if (body.kind === "scroll") {
+          await browserSession.injectScroll(cid, body.event);
+        } else if (body.kind === "paste") {
+          await browserSession.injectPaste(cid, body.text ?? body.event?.text ?? "");
+        } else {
+          writeJson(response, 400, { error: "Unknown input kind" });
+          return;
+        }
+        writeJson(response, 200, { ok: true });
+      } catch (err) {
+        writeJson(response, 500, { error: (err as Error)?.message ?? "Input injection failed" });
+      }
+      return;
+    }
+
+    if (pathname === "/api/browser/navigate" && request.method === "POST") {
+      const chunks: Buffer[] = [];
+      for await (const chunk of request) chunks.push(chunk as Buffer);
+      const body = JSON.parse(Buffer.concat(chunks).toString());
+      const cid = body.conversationId as string;
+      if (!cid || !browserSession || !browserSession.isActiveFor(cid)) {
+        writeJson(response, 400, { error: "No active browser session" });
+        return;
+      }
+      try {
+        await browserSession.navigate(cid, body.action);
+        writeJson(response, 200, { ok: true });
+      } catch (err) {
+        writeJson(response, 500, { error: (err as Error)?.message ?? "Navigation failed" });
+      }
+      return;
+    }
+
     if (pathname === "/api/conversations" && request.method === "GET") {
       const conversations = await conversationStore.list(ownerId);
       writeJson(response, 200, {

package/src/init-onboarding.ts

@@ -316,8 +316,6 @@ export const buildConfigFromOnboardingAnswers = (
       maxRecallConversations,
     },
   };
-  maybeSet(storage, "url", answers["storage.url"]);
-  maybeSet(storage, "token", answers["storage.token"]);
   maybeSet(storage, "table", answers["storage.table"]);
   maybeSet(storage, "region", answers["storage.region"]);
 
@@ -392,8 +390,8 @@ export const isDefaultOnboardingConfig = (
     return false;
   }
   if (
-    typeof config.storage?.url !== "undefined" ||
-    typeof config.storage?.token !== "undefined" ||
+    typeof config.storage?.urlEnv !== "undefined" ||
+    typeof config.storage?.tokenEnv !== "undefined" ||
     typeof config.storage?.table !== "undefined" ||
     typeof config.storage?.region !== "undefined"
   ) {