@prover-coder-ai/docker-git 1.0.37 → 1.0.39

package/dist/src/docker-git/main.js

@@ -971,6 +971,191 @@ const logDockerAccessInfo = (cwd, config) => ensureDockerDnsHost(cwd, config.con
   Effect.zipRight(logDockerDnsAccess(config)),
   Effect.zipRight(logContainerIpAccess(cwd, config))
 );
+const normalizeAccountLabel = (value, fallback) => {
+  const trimmed = value?.trim() ?? "";
+  if (trimmed.length === 0) {
+    return fallback;
+  }
+  const normalized = trimmed.toLowerCase().replaceAll(/[^a-z0-9]+/g, "-");
+  const withoutLeading = trimLeftChar(normalized, "-");
+  const cleaned = trimRightChar(withoutLeading, "-");
+  return cleaned.length > 0 ? cleaned : fallback;
+};
+const buildDockerAuthSpec = (input) => ({
+  cwd: input.cwd,
+  image: input.image,
+  volume: { hostPath: input.hostPath, containerPath: input.containerPath },
+  ...typeof input.entrypoint === "string" ? { entrypoint: input.entrypoint } : {},
+  ...input.env === void 0 ? {} : { env: input.env },
+  args: input.args,
+  interactive: input.interactive
+});
+const JsonValueSchema = Schema.suspend(
+  () => Schema.Union(
+    Schema.Null,
+    Schema.Boolean,
+    Schema.String,
+    Schema.JsonNumber,
+    Schema.Array(JsonValueSchema),
+    Schema.Record({ key: Schema.String, value: JsonValueSchema })
+  )
+);
+const JsonRecordSchema = Schema.Record({
+  key: Schema.String,
+  value: JsonValueSchema
+});
+const JsonRecordFromStringSchema = Schema.parseJson(JsonRecordSchema);
+const defaultEnvContents$1 = "# docker-git env\n# KEY=value\n";
+const codexConfigMarker = "# docker-git codex config";
+const defaultCodexConfig = [
+  "# docker-git codex config",
+  'model = "gpt-5.4"',
+  "model_context_window = 1050000",
+  "model_auto_compact_token_limit = 945000",
+  'model_reasoning_effort = "xhigh"',
+  'plan_mode_reasoning_effort = "xhigh"',
+  'personality = "pragmatic"',
+  "",
+  'approval_policy = "never"',
+  'sandbox_mode = "danger-full-access"',
+  'web_search = "live"',
+  "",
+  "[features]",
+  "shell_snapshot = true",
+  "multi_agent = true",
+  "apps = true",
+  "shell_tool = true"
+].join("\n");
+const resolvePathFromBase$1 = (path, baseDir, targetPath) => path.isAbsolute(targetPath) ? targetPath : path.resolve(baseDir, targetPath);
+const isPermissionDeniedSystemError = (error) => error._tag === "SystemError" && error.reason === "PermissionDenied";
+const skipCodexConfigPermissionDenied = (configPath, error) => isPermissionDeniedSystemError(error) ? Effect.logWarning(
+  `Skipped Codex config sync at ${configPath}: permission denied (${error.description ?? "no details"}).`
+) : Effect.fail(error);
+const normalizeConfigText = (text) => text.replaceAll("\r\n", "\n").trim();
+const shouldRewriteDockerGitCodexConfig = (existing) => {
+  const normalized = normalizeConfigText(existing);
+  if (normalized.length === 0) {
+    return true;
+  }
+  if (!normalized.startsWith(codexConfigMarker)) {
+    return false;
+  }
+  return normalized !== normalizeConfigText(defaultCodexConfig);
+};
+const shouldCopyEnv = (sourceText, targetText) => {
+  if (sourceText.trim().length === 0) {
+    return "skip";
+  }
+  if (targetText.trim().length === 0) {
+    return "copy";
+  }
+  if (targetText.trim() === defaultEnvContents$1.trim() && sourceText.trim() !== defaultEnvContents$1.trim()) {
+    return "copy";
+  }
+  return "skip";
+};
+const parseJsonRecord = (text) => Either.match(ParseResult.decodeUnknownEither(JsonRecordFromStringSchema)(text), {
+  onLeft: () => Effect.succeed(null),
+  onRight: (record) => Effect.succeed(record)
+});
+const hasClaudeOauthAccount = (record) => record !== null && typeof record["oauthAccount"] === "object" && record["oauthAccount"] !== null;
+const hasClaudeCredentials = (record) => record !== null && typeof record["claudeAiOauth"] === "object" && record["claudeAiOauth"] !== null;
+const isGithubTokenKey = (key) => key === "GITHUB_TOKEN" || key === "GH_TOKEN" || key.startsWith("GITHUB_TOKEN__");
+const hasNonEmptyFile = (fs, filePath) => Effect.gen(function* (_) {
+  const exists = yield* _(fs.exists(filePath));
+  if (!exists) {
+    return false;
+  }
+  const info = yield* _(fs.stat(filePath));
+  if (info.type !== "File") {
+    return false;
+  }
+  const text = yield* _(fs.readFileString(filePath), Effect.orElseSucceed(() => ""));
+  return text.trim().length > 0;
+});
+const autoOptionError = (reason) => ({
+  _tag: "InvalidOption",
+  option: "--auto",
+  reason
+});
+const isRegularFile$1 = (fs, filePath) => Effect.gen(function* (_) {
+  const exists = yield* _(fs.exists(filePath));
+  if (!exists) {
+    return false;
+  }
+  const info = yield* _(fs.stat(filePath));
+  return info.type === "File";
+});
+const hasCodexAuth = (fs, rootPath, label) => {
+  const normalized = normalizeAccountLabel(label ?? null, "default");
+  const authPath = normalized === "default" ? `${rootPath}/auth.json` : `${rootPath}/${normalized}/auth.json`;
+  return hasNonEmptyFile(fs, authPath);
+};
+const resolveClaudeAccountPath$1 = (rootPath, label) => {
+  const normalized = normalizeAccountLabel(label ?? null, "default");
+  if (normalized !== "default") {
+    return [`${rootPath}/${normalized}`];
+  }
+  return [rootPath, `${rootPath}/default`];
+};
+const hasClaudeAuth = (fs, rootPath, label) => Effect.gen(function* (_) {
+  for (const accountPath of resolveClaudeAccountPath$1(rootPath, label)) {
+    const oauthToken = yield* _(hasNonEmptyFile(fs, `${accountPath}/.oauth-token`));
+    if (oauthToken) {
+      return true;
+    }
+    const credentials = yield* _(isRegularFile$1(fs, `${accountPath}/.credentials.json`));
+    if (credentials) {
+      return true;
+    }
+    const nestedCredentials = yield* _(isRegularFile$1(fs, `${accountPath}/.claude/.credentials.json`));
+    if (nestedCredentials) {
+      return true;
+    }
+  }
+  return false;
+});
+const resolveClaudeRoot = (codexSharedAuthPath) => `${codexSharedAuthPath.slice(0, codexSharedAuthPath.lastIndexOf("/"))}/claude`;
+const resolveAvailableAgentAuth = (fs, config) => Effect.gen(function* (_) {
+  const claudeAvailable = yield* _(
+    hasClaudeAuth(fs, resolveClaudeRoot(config.codexSharedAuthPath), config.claudeAuthLabel)
+  );
+  const codexAvailable = yield* _(hasCodexAuth(fs, config.codexSharedAuthPath, config.codexAuthLabel));
+  return { claudeAvailable, codexAvailable };
+});
+const resolveExplicitAutoAgentMode = (available, mode) => {
+  if (mode === "claude") {
+    return available.claudeAvailable ? Effect.succeed("claude") : Effect.fail(autoOptionError("Claude auth not found"));
+  }
+  if (mode === "codex") {
+    return available.codexAvailable ? Effect.succeed("codex") : Effect.fail(autoOptionError("Codex auth not found"));
+  }
+  return Effect.sync(() => mode);
+};
+const pickRandomAutoAgentMode = (available) => {
+  if (!available.claudeAvailable && !available.codexAvailable) {
+    return Effect.fail(autoOptionError("no Claude or Codex auth found"));
+  }
+  if (available.claudeAvailable && !available.codexAvailable) {
+    return Effect.succeed("claude");
+  }
+  if (!available.claudeAvailable && available.codexAvailable) {
+    return Effect.succeed("codex");
+  }
+  return Effect.sync(() => process.hrtime.bigint() % 2n === 0n ? "claude" : "codex");
+};
+const resolveAutoAgentMode = (config) => Effect.gen(function* (_) {
+  const fs = yield* _(FileSystem.FileSystem);
+  if (config.agentAuto !== true) {
+    return config.agentMode;
+  }
+  const available = yield* _(resolveAvailableAgentAuth(fs, config));
+  const explicitMode = yield* _(resolveExplicitAutoAgentMode(available, config.agentMode));
+  if (explicitMode !== void 0) {
+    return explicitMode;
+  }
+  return yield* _(pickRandomAutoAgentMode(available));
+});
 const formatParseError$1 = (error) => Match.value(error).pipe(
   Match.when({ _tag: "UnknownCommand" }, ({ command }) => `Unknown command: ${command}`),
   Match.when({ _tag: "UnknownOption" }, ({ option }) => `Unknown option: ${option}`),
@@ -1071,25 +1256,6 @@ const renderError = (error) => {
   }
   return renderNonParseError(error);
 };
-const normalizeAccountLabel = (value, fallback) => {
-  const trimmed = value?.trim() ?? "";
-  if (trimmed.length === 0) {
-    return fallback;
-  }
-  const normalized = trimmed.toLowerCase().replaceAll(/[^a-z0-9]+/g, "-");
-  const withoutLeading = trimLeftChar(normalized, "-");
-  const cleaned = trimRightChar(withoutLeading, "-");
-  return cleaned.length > 0 ? cleaned : fallback;
-};
-const buildDockerAuthSpec = (input) => ({
-  cwd: input.cwd,
-  image: input.image,
-  volume: { hostPath: input.hostPath, containerPath: input.containerPath },
-  ...typeof input.entrypoint === "string" ? { entrypoint: input.entrypoint } : {},
-  ...input.env === void 0 ? {} : { env: input.env },
-  args: input.args,
-  interactive: input.interactive
-});
 const splitLines = (input) => input.replaceAll("\r\n", "\n").replaceAll("\r", "\n").split("\n");
 const joinLines = (lines) => lines.join("\n");
 const normalizeEnvText = (input) => {
@@ -1181,23 +1347,23 @@ const upsertEnvKey = (input, key, value) => {
   return normalizeEnvText(joinLines([...cleaned, `${trimmedKey}=${value}`]));
 };
 const removeEnvKey = (input, key) => upsertEnvKey(input, key, "");
-const defaultEnvContents$1 = "# docker-git env\n# KEY=value\n";
+const defaultEnvContents = "# docker-git env\n# KEY=value\n";
 const ensureEnvFile$1 = (fs, path, envPath) => Effect.gen(function* (_) {
   const exists = yield* _(fs.exists(envPath));
   if (exists) {
     return;
   }
   yield* _(fs.makeDirectory(path.dirname(envPath), { recursive: true }));
-  yield* _(fs.writeFileString(envPath, defaultEnvContents$1));
+  yield* _(fs.writeFileString(envPath, defaultEnvContents));
 });
 const readEnvText = (fs, envPath) => Effect.gen(function* (_) {
   const exists = yield* _(fs.exists(envPath));
   if (!exists) {
-    return defaultEnvContents$1;
+    return defaultEnvContents;
   }
   const info = yield* _(fs.stat(envPath));
   if (info.type !== "File") {
-    return defaultEnvContents$1;
+    return defaultEnvContents;
   }
   return yield* _(fs.readFileString(envPath));
 });
@@ -4135,7 +4301,7 @@ RUN oh-my-opencode --version
 RUN npm install -g @anthropic-ai/claude-code@latest
 RUN claude --version`;
 const renderDockerfileOpenCode = () => `# Tooling: OpenCode (binary)
-RUN curl -fsSL https://opencode.ai/install | HOME=/usr/local bash -s -- --no-modify-path
+RUN set -eu;   for attempt in 1 2 3 4 5; do     if curl -fsSL --retry 5 --retry-all-errors --retry-delay 2 https://opencode.ai/install       | HOME=/usr/local bash -s -- --no-modify-path; then       exit 0;     fi;     echo "opencode install attempt \${attempt} failed; retrying..." >&2;     sleep $((attempt * 2));   done;   echo "opencode install failed after retries" >&2;   exit 1
 RUN ln -sf /usr/local/.opencode/bin/opencode /usr/local/bin/opencode
 RUN opencode --version`;
 const gitleaksVersion = "8.28.0";
@@ -5025,77 +5191,6 @@ const copyDirIfEmpty = (fs, path, sourceDir, targetDir, label) => Effect.gen(fun
   yield* _(copyDirRecursive(fs, path, sourceDir, targetDir));
   yield* _(Effect.log(`Copied ${label} from ${sourceDir} to ${targetDir}`));
 });
-const JsonValueSchema = Schema.suspend(
-  () => Schema.Union(
-    Schema.Null,
-    Schema.Boolean,
-    Schema.String,
-    Schema.JsonNumber,
-    Schema.Array(JsonValueSchema),
-    Schema.Record({ key: Schema.String, value: JsonValueSchema })
-  )
-);
-const JsonRecordSchema = Schema.Record({
-  key: Schema.String,
-  value: JsonValueSchema
-});
-const JsonRecordFromStringSchema = Schema.parseJson(JsonRecordSchema);
-const defaultEnvContents = "# docker-git env\n# KEY=value\n";
-const codexConfigMarker = "# docker-git codex config";
-const defaultCodexConfig = [
-  "# docker-git codex config",
-  'model = "gpt-5.4"',
-  "model_context_window = 1050000",
-  "model_auto_compact_token_limit = 945000",
-  'model_reasoning_effort = "xhigh"',
-  'plan_mode_reasoning_effort = "xhigh"',
-  'personality = "pragmatic"',
-  "",
-  'approval_policy = "never"',
-  'sandbox_mode = "danger-full-access"',
-  'web_search = "live"',
-  "",
-  "[features]",
-  "shell_snapshot = true",
-  "multi_agent = true",
-  "apps = true",
-  "shell_tool = true"
-].join("\n");
-const resolvePathFromBase$1 = (path, baseDir, targetPath) => path.isAbsolute(targetPath) ? targetPath : path.resolve(baseDir, targetPath);
-const isPermissionDeniedSystemError = (error) => error._tag === "SystemError" && error.reason === "PermissionDenied";
-const skipCodexConfigPermissionDenied = (configPath, error) => isPermissionDeniedSystemError(error) ? Effect.logWarning(
-  `Skipped Codex config sync at ${configPath}: permission denied (${error.description ?? "no details"}).`
-) : Effect.fail(error);
-const normalizeConfigText = (text) => text.replaceAll("\r\n", "\n").trim();
-const shouldRewriteDockerGitCodexConfig = (existing) => {
-  const normalized = normalizeConfigText(existing);
-  if (normalized.length === 0) {
-    return true;
-  }
-  if (!normalized.startsWith(codexConfigMarker)) {
-    return false;
-  }
-  return normalized !== normalizeConfigText(defaultCodexConfig);
-};
-const shouldCopyEnv = (sourceText, targetText) => {
-  if (sourceText.trim().length === 0) {
-    return "skip";
-  }
-  if (targetText.trim().length === 0) {
-    return "copy";
-  }
-  if (targetText.trim() === defaultEnvContents.trim() && sourceText.trim() !== defaultEnvContents.trim()) {
-    return "copy";
-  }
-  return "skip";
-};
-const parseJsonRecord = (text) => Either.match(ParseResult.decodeUnknownEither(JsonRecordFromStringSchema)(text), {
-  onLeft: () => Effect.succeed(null),
-  onRight: (record) => Effect.succeed(record)
-});
-const hasClaudeOauthAccount = (record) => record !== null && typeof record["oauthAccount"] === "object" && record["oauthAccount"] !== null;
-const hasClaudeCredentials = (record) => record !== null && typeof record["claudeAiOauth"] === "object" && record["claudeAiOauth"] !== null;
-const isGithubTokenKey = (key) => key === "GITHUB_TOKEN" || key === "GH_TOKEN" || key.startsWith("GITHUB_TOKEN__");
 const syncClaudeJsonFile = (fs, path, spec) => Effect.gen(function* (_) {
   const sourceExists = yield* _(fs.exists(spec.sourcePath));
   if (!sourceExists) {
@@ -5146,18 +5241,6 @@ const syncClaudeCredentialsJson = (fs, path, sourcePath, targetPath) => syncClau
   seedLabel: "Claude credentials",
   updateLabel: "Claude credentials"
 });
-const hasNonEmptyFile = (fs, filePath) => Effect.gen(function* (_) {
-  const exists = yield* _(fs.exists(filePath));
-  if (!exists) {
-    return false;
-  }
-  const info = yield* _(fs.stat(filePath));
-  if (info.type !== "File") {
-    return false;
-  }
-  const text = yield* _(fs.readFileString(filePath), Effect.orElseSucceed(() => ""));
-  return text.trim().length > 0;
-});
 const ensureClaudeAuthSeedFromHome = (baseDir, claudeAuthPath) => withFsPathContext(
   ({ fs, path }) => Effect.gen(function* (_) {
     const homeDir = (process.env["HOME"] ?? "").trim();
@@ -6080,6 +6163,20 @@ const maybeOpenSsh = (command, hasAgent, waitForAgent, projectConfig) => Effect.
   const remoteCommand = resolveInteractiveRemoteCommand(projectConfig, interactiveAgent);
   yield* _(openSshBestEffort(projectConfig, remoteCommand));
 }).pipe(Effect.asVoid);
+const resolveFinalAgentConfig = (resolvedConfig) => Effect.gen(function* (_) {
+  const resolvedAgentMode = yield* _(resolveAutoAgentMode(resolvedConfig));
+  if ((resolvedConfig.agentAuto ?? false) && resolvedConfig.agentMode === void 0 && resolvedAgentMode !== void 0) {
+    yield* _(Effect.log(`Auto agent selected: ${resolvedAgentMode}`));
+  }
+  return resolvedAgentMode === void 0 ? resolvedConfig : { ...resolvedConfig, agentMode: resolvedAgentMode };
+});
+const maybeCleanupAfterAgent = (waitForAgent, resolvedOutDir) => Effect.gen(function* (_) {
+  if (!waitForAgent) {
+    return;
+  }
+  yield* _(Effect.log("Agent finished. Cleaning up container..."));
+  yield* _(runDockerDownCleanup(resolvedOutDir));
+});
 const runCreateProject = (path, command) => Effect.gen(function* (_) {
   if (command.runUp) {
     yield* _(ensureDockerDaemonAccess(process.cwd()));
@@ -6087,7 +6184,8 @@ const runCreateProject = (path, command) => Effect.gen(function* (_) {
   const ctx = makeCreateContext(path, process.cwd());
   const resolvedOutDir = path.resolve(ctx.resolveRootPath(command.outDir));
   const resolvedConfig = yield* _(resolveCreateConfig(command, ctx, resolvedOutDir));
-  const { globalConfig, projectConfig } = buildProjectConfigs(path, ctx.baseDir, resolvedOutDir, resolvedConfig);
+  const finalConfig = yield* _(resolveFinalAgentConfig(resolvedConfig));
+  const { globalConfig, projectConfig } = buildProjectConfigs(path, ctx.baseDir, resolvedOutDir, finalConfig);
   yield* _(migrateProjectOrchLayout(ctx.baseDir, globalConfig, ctx.resolveRootPath));
   const createdFiles = yield* _(
     prepareProjectFiles(resolvedOutDir, ctx.baseDir, globalConfig, projectConfig, {
@@ -6096,8 +6194,8 @@ const runCreateProject = (path, command) => Effect.gen(function* (_) {
     })
   );
   yield* _(logCreatedProject(resolvedOutDir, createdFiles));
-  const hasAgent = resolvedConfig.agentMode !== void 0;
-  const waitForAgent = hasAgent && (resolvedConfig.agentAuto ?? false);
+  const hasAgent = finalConfig.agentMode !== void 0;
+  const waitForAgent = hasAgent && (finalConfig.agentAuto ?? false);
   yield* _(
     runDockerUpIfNeeded(resolvedOutDir, projectConfig, {
       runUp: command.runUp,
@@ -6110,10 +6208,7 @@ const runCreateProject = (path, command) => Effect.gen(function* (_) {
   if (command.runUp) {
     yield* _(logDockerAccessInfo(resolvedOutDir, projectConfig));
   }
-  if (waitForAgent) {
-    yield* _(Effect.log("Agent finished. Cleaning up container..."));
-    yield* _(runDockerDownCleanup(resolvedOutDir));
-  }
+  yield* _(maybeCleanupAfterAgent(waitForAgent, resolvedOutDir));
   yield* _(autoSyncState(`chore(state): update ${formatStateSyncLabel(projectConfig.repoUrl)}`));
   yield* _(maybeOpenSsh(command, hasAgent, waitForAgent, projectConfig));
 }).pipe(Effect.asVoid);
@@ -7768,7 +7863,8 @@ const valueOptionSpecs = [
   { flag: "-m", key: "message" },
   { flag: "--out-dir", key: "outDir" },
   { flag: "--project-dir", key: "projectDir" },
-  { flag: "--lines", key: "lines" }
+  { flag: "--lines", key: "lines" },
+  { flag: "--auto", key: "agentAutoMode" }
 ];
 const valueOptionSpecByFlag = new Map(
   valueOptionSpecs.map((spec) => [spec.flag, spec])
@@ -7786,9 +7882,7 @@ const booleanFlagUpdaters = {
   "--no-wipe": (raw) => ({ ...raw, wipe: false }),
   "--web": (raw) => ({ ...raw, authWeb: true }),
   "--include-default": (raw) => ({ ...raw, includeDefault: true }),
-  "--claude": (raw) => ({ ...raw, agentClaude: true }),
-  "--codex": (raw) => ({ ...raw, agentCodex: true }),
-  "--auto": (raw) => ({ ...raw, agentAuto: true })
+  "--auto": (raw) => ({ ...raw, agentAutoMode: "auto" })
 };
 const valueFlagUpdaters = {
   repoUrl: (raw, value) => ({ ...raw, repoUrl: value }),
@@ -7818,7 +7912,8 @@ const valueFlagUpdaters = {
   message: (raw, value) => ({ ...raw, message: value }),
   outDir: (raw, value) => ({ ...raw, outDir: value }),
   projectDir: (raw, value) => ({ ...raw, projectDir: value }),
-  lines: (raw, value) => ({ ...raw, lines: value })
+  lines: (raw, value) => ({ ...raw, lines: value }),
+  agentAutoMode: (raw, value) => ({ ...raw, agentAutoMode: value.trim().toLowerCase() })
 };
 const applyCommandBooleanFlag = (raw, token) => {
   const updater = booleanFlagUpdaters[token];
@@ -7841,25 +7936,55 @@ const parseInlineValueToken = (raw, token) => {
   const inlineValue = token.slice(equalIndex + 1);
   return applyCommandValueFlag(raw, flag, inlineValue);
 };
-const parseRawOptionsStep = (args, index, raw) => {
-  const token = args[index] ?? "";
+const legacyAgentFlagError = (token) => {
+  if (token === "--claude") {
+    return {
+      _tag: "InvalidOption",
+      option: token,
+      reason: "use --auto=claude"
+    };
+  }
+  if (token === "--codex") {
+    return {
+      _tag: "InvalidOption",
+      option: token,
+      reason: "use --auto=codex"
+    };
+  }
+  return null;
+};
+const toParseStep = (parsed, nextIndex) => Either.isLeft(parsed) ? { _tag: "error", error: parsed.left } : { _tag: "ok", raw: parsed.right, nextIndex };
+const parseValueOptionStep = (raw, token, value, index) => {
+  if (value === void 0) {
+    return { _tag: "error", error: { _tag: "MissingOptionValue", option: token } };
+  }
+  return toParseStep(applyCommandValueFlag(raw, token, value), index + 2);
+};
+const parseSpecialFlagStep = (raw, token, index) => {
   const inlineApplied = parseInlineValueToken(raw, token);
   if (inlineApplied !== null) {
-    return Either.isLeft(inlineApplied) ? { _tag: "error", error: inlineApplied.left } : { _tag: "ok", raw: inlineApplied.right, nextIndex: index + 1 };
+    return toParseStep(inlineApplied, index + 1);
   }
   const booleanApplied = applyCommandBooleanFlag(raw, token);
   if (booleanApplied !== null) {
     return { _tag: "ok", raw: booleanApplied, nextIndex: index + 1 };
   }
+  const deprecatedAgentFlag = legacyAgentFlagError(token);
+  if (deprecatedAgentFlag !== null) {
+    return { _tag: "error", error: deprecatedAgentFlag };
+  }
+  return null;
+};
+const parseRawOptionsStep = (args, index, raw) => {
+  const token = args[index] ?? "";
+  const specialStep = parseSpecialFlagStep(raw, token, index);
+  if (specialStep !== null) {
+    return specialStep;
+  }
   if (!token.startsWith("-")) {
     return { _tag: "error", error: { _tag: "UnexpectedArgument", value: token } };
   }
-  const value = args[index + 1];
-  if (value === void 0) {
-    return { _tag: "error", error: { _tag: "MissingOptionValue", option: token } };
-  }
-  const nextRaw = applyCommandValueFlag(raw, token, value);
-  return Either.isLeft(nextRaw) ? { _tag: "error", error: nextRaw.left } : { _tag: "ok", raw: nextRaw.right, nextIndex: index + 2 };
+  return parseValueOptionStep(raw, token, args[index + 1], index);
 };
 const parseRawOptions = (args) => {
   let index = 0;
@@ -8009,6 +8134,23 @@ const parseAuth = (args) => {
   const rest = args.slice(2);
   return Either.flatMap(parseRawOptions(rest), (raw) => buildAuthCommand(provider, action, resolveAuthOptions(raw)));
 };
+const resolveAutoAgentFlags = (raw) => {
+  const requested = raw.agentAutoMode;
+  if (requested === void 0) {
+    return Either.right({ agentMode: void 0, agentAuto: false });
+  }
+  if (requested === "auto") {
+    return Either.right({ agentMode: void 0, agentAuto: true });
+  }
+  if (requested === "claude" || requested === "codex") {
+    return Either.right({ agentMode: requested, agentAuto: true });
+  }
+  return Either.left({
+    _tag: "InvalidOption",
+    option: "--auto",
+    reason: "expected one of: claude, codex"
+  });
+};
 const parsePort = (value) => {
   const parsed = Number(value);
   if (!Number.isInteger(parsed)) {
@@ -8134,11 +8276,6 @@ const resolveCreateBehavior = (raw) => ({
   forceEnv: raw.forceEnv ?? false,
   enableMcpPlaywright: raw.enableMcpPlaywright ?? false
 });
-const resolveAgentMode = (raw) => {
-  if (raw.agentClaude) return "claude";
-  if (raw.agentCodex) return "codex";
-  return void 0;
-};
 const buildTemplateConfig = ({
   agentAuto,
   agentMode,
@@ -8189,8 +8326,7 @@ const buildCreateCommand = (raw) => Either.gen(function* (_) {
   const dockerSharedNetworkName = yield* _(
     nonEmpty("--shared-network", raw.dockerSharedNetworkName, defaultTemplateConfig.dockerSharedNetworkName)
   );
-  const agentMode = resolveAgentMode(raw);
-  const agentAuto = raw.agentAuto ?? false;
+  const { agentAuto, agentMode } = yield* _(resolveAutoAgentFlags(raw));
   return {
     _tag: "Create",
     outDir: paths.outDir,
@@ -8514,9 +8650,7 @@ Options:
   --up | --no-up            Run docker compose up after init (default: --up)
   --ssh | --no-ssh          Auto-open SSH after create/clone (default: clone=--ssh, create=--no-ssh)
   --mcp-playwright | --no-mcp-playwright  Enable Playwright MCP + Chromium sidecar (default: --no-mcp-playwright)
-  --claude                  Start Claude Code agent inside container after clone
-  --codex                   Start Codex agent inside container after clone
-  --auto                    Auto-execute: agent completes the task, creates PR and pushes (requires --claude or --codex)
+  --auto[=claude|codex]     Auto-execute an agent; without value picks by auth, random if both are available
   --force                   Overwrite existing files and wipe compose volumes (docker compose down -v)
   --force-env               Reset project env defaults only (keep workspace volume/data)
   -h, --help                Show this help