@sickr/cli 0.9.5 → 0.9.6

package/dist/cli.js

@@ -115,9 +115,19 @@ Legacy replay commands remain supported:
   run <agent>    Replay Pro (Phase 2): wrap an agent in a PTY this CLI owns.
                  Browser steer messages land directly in the agent's stdin —
                  real remote control, no copy-paste from inbox.
-                   sickr run claude         spawn Claude Code under sickr
-                   sickr run codex          same for Codex
-                   sickr run --cmd <bin>    arbitrary command
+                   sickr run claude         spawn Claude Code under sickr (auto-perms)
+                   sickr run codex          same for Codex (auto-perms)
+                   sickr run <bin>          arbitrary command
+                 Modes:
+                   --mode auto  (default)   inject the agent's "no prompt /
+                                            full permissions" flag so it
+                                            doesn't stall on tool confirms
+                                            the operator can't see (claude:
+                                            --dangerously-skip-permissions;
+                                            codex: --dangerously-bypass-
+                                            approvals-and-sandbox)
+                   --mode interactive       pass agent flags through verbatim;
+                                            agent will prompt for tool use
                  \`node-pty\` ships as an optional dep + auto-installs with the
                  CLI on supported platforms (mac, Linux, Windows 10+).
                  Browsers can override per-message: {mode:'queue'|'steer',
@@ -1128,22 +1138,51 @@ async function main() {
             return;
         }
         case 'run': {
-            // sickr run <agent> [...agent-args] [--verbose]
+            // sickr run <agent> [--mode auto|interactive] [...agent-args] [--verbose]
             // Wraps the agent in a PTY the CLI owns. Browser steers go
             // straight to stdin. node-pty is loaded on first use.
-            const positional = rest.filter((a) => !a.startsWith('-'));
-            const flags = rest.filter((a) => a.startsWith('-'));
+            // --mode is stripped before forwarding; the rest passes through verbatim.
+            const filtered = [];
+            let mode = 'auto';
+            for (let i = 0; i < rest.length; i++) {
+                if (rest[i] === '--mode' && rest[i + 1]) {
+                    const v = rest[i + 1];
+                    if (v !== 'auto' && v !== 'interactive') {
+                        process.stderr.write(`sickr: --mode must be 'auto' or 'interactive' (got '${v}')\n`);
+                        process.exit(1);
+                        return;
+                    }
+                    mode = v;
+                    i++;
+                    continue;
+                }
+                if (rest[i].startsWith('--mode=')) {
+                    const v = rest[i].slice('--mode='.length);
+                    if (v !== 'auto' && v !== 'interactive') {
+                        process.stderr.write(`sickr: --mode must be 'auto' or 'interactive' (got '${v}')\n`);
+                        process.exit(1);
+                        return;
+                    }
+                    mode = v;
+                    continue;
+                }
+                filtered.push(rest[i]);
+            }
+            const positional = filtered.filter((a) => !a.startsWith('-'));
+            const flags = filtered.filter((a) => a.startsWith('-'));
             const agent = positional[0];
             if (!agent) {
-                process.stderr.write('sickr: usage — `sickr run <agent> [args...]` (agent: claude | codex | <bin name>)\n');
+                process.stderr.write('sickr: usage — `sickr run <agent> [--mode auto|interactive] [args...]` (agent: claude | codex | <bin name>)\n');
                 process.exit(1);
                 return;
             }
-            const agentArgs = positional.slice(1);
+            // Pass through every non-sickr flag plus positional tail to the agent.
+            const passthroughFlags = flags.filter((f) => f !== '--verbose' && f !== '-v');
+            const agentArgs = [...passthroughFlags, ...positional.slice(1)];
             const verbose = flags.includes('--verbose') || flags.includes('-v');
             const { startRun } = await import('./run.js');
             try {
-                await startRun({ agent, agentArgs, verbose });
+                await startRun({ agent, agentArgs, verbose, mode });
             }
             catch (e) {
                 process.stderr.write(`sickr: ${e.message}\n`);

package/dist/run.js

@@ -23,16 +23,62 @@
 import { readFileSync, writeFileSync, appendFileSync, mkdirSync, existsSync, readdirSync, statSync, openSync, readSync, closeSync, unlinkSync } from 'node:fs';
 import { homedir } from 'node:os';
 import { join } from 'node:path';
+import { execFileSync } from 'node:child_process';
 import { setTimeout as sleep } from 'node:timers/promises';
 import { readCredentials } from './auth.js';
 import { runsDir } from './recorder.js';
+import { mergeHooks, removeHooks } from './hookConfig.js';
 import { LIVE_BASE, decodeWsPayload, splitJsonObjects } from './live.js';
-/** Resolve the agent binary path. `claude` / `codex` look up <NAME>_BIN
- *  env, else fall through to the bare name on PATH. `--cmd <path>` is
- *  the escape hatch for arbitrary processes. */
-function resolveAgent(agent) {
+/** Resolve the agent binary path. Precedence:
+ *    1. SICKR_AGENT_BIN_<NAME> env (e.g. SICKR_AGENT_BIN_CLAUDE)
+ *    2. <NAME>_BIN env (e.g. CLAUDE_BIN)
+ *    3. OS shell lookup (`where` on Windows, `which` on Unix) so PATHEXT
+ *       resolution finds `claude.cmd`, `claude.exe`, etc.
+ *    4. Bare name (node-pty handles it; rarely works on Windows).
+ *
+ *  Windows-specific: node-pty's CreateProcess does NOT respect PATHEXT,
+ *  so a bare `claude` will fail with 'Cannot create process, error code: 2'
+ *  even when `claude.cmd` is on PATH. The shell lookup at step 3 closes
+ *  the gap. Surfaced 2026-06-01 on the first Windows E2E test. */
+export function resolveAgent(agent) {
+    if (/[\/\\]/.test(agent))
+        return agent; // absolute / relative path used as-is
     const envOverride = process.env[`SICKR_AGENT_BIN_${agent.toUpperCase()}`] ?? process.env[`${agent.toUpperCase()}_BIN`];
-    return envOverride || agent;
+    if (envOverride)
+        return envOverride;
+    // Shell lookup. Cheap (~20ms) and only fires once per `sickr run`.
+    // Wrapped in try/catch so a missing `where`/`which` doesn't crash —
+    // we fall through to the bare name, which gives the original error
+    // and lets the user set SICKR_AGENT_BIN_<NAME> as escape hatch.
+    try {
+        const isWin = process.platform === 'win32';
+        const cmd = isWin ? 'where' : 'which';
+        const out = execFileSync(cmd, [agent], { stdio: ['ignore', 'pipe', 'ignore'] }).toString().trim();
+        const candidates = out.split(/\r?\n/).map((l) => l.trim()).filter(Boolean);
+        if (candidates.length === 0)
+            return agent;
+        // On Windows, `where` returns multiple candidates when both the npm
+        // shell-script wrapper (no extension) and the .cmd/.bat shim exist.
+        // CreateProcess can't run the unextensioned wrapper, so prefer
+        // executable extensions in this order: .exe, .cmd, .bat, .com,
+        // then anything else. Bug surfaced 2026-06-01 — `where claude` led
+        // with `C:\...\nvm\v22\claude` (no ext) before `claude.cmd`.
+        if (isWin) {
+            const EXEC_RANK = ['.exe', '.cmd', '.bat', '.com'];
+            const sorted = candidates.slice().sort((a, b) => {
+                const ar = EXEC_RANK.findIndex((ext) => a.toLowerCase().endsWith(ext));
+                const br = EXEC_RANK.findIndex((ext) => b.toLowerCase().endsWith(ext));
+                // Items with a recognised exec ext sort first; ties keep original order.
+                const ai = ar === -1 ? EXEC_RANK.length : ar;
+                const bi = br === -1 ? EXEC_RANK.length : br;
+                return ai - bi;
+            });
+            return sorted[0];
+        }
+        return candidates[0];
+    }
+    catch { /* not found; fall through */ }
+    return agent;
 }
 /** UTC date YYYY-MM-DD — matches sickr-ui's /api/replay slot id formula. */
 function utcDate(now = new Date()) { return now.toISOString().slice(0, 10); }
@@ -72,9 +118,17 @@ export function decideSteer(msg, defaultMode = 'pty') {
     const mode = msg.mode === 'queue' ? 'inbox' : msg.mode === 'steer' ? 'pty' : defaultMode;
     if (mode === 'inbox')
         return { target: 'inbox' };
-    // For PTY: append \r unless submit was explicitly false. Default true
-    // because the whole point of `sickr run` is auto-submit; opt out
-    // requires saying so.
+    // For PTY: append a line terminator unless submit was explicitly
+    // false. Default true because the whole point of `sickr run` is
+    // auto-submit; opt out requires saying so.
+    //
+    // We send \r (CR only). That's what the Enter key produces in most
+    // TUIs running under a PTY in raw mode (the terminal driver doesn't
+    // translate CR -> LF for raw input). Surfaced 2026-06-01: bare \r
+    // worked for echo / cat tests but Claude Code's React Ink input
+    // handler appeared to ignore single \r on Windows ConPTY. Sending
+    // \r\n is widely compatible: bare-\r TUIs treat the trailing \n as
+    // an empty no-op line; line-buffered programs see a single line.
     const submit = msg.submit !== false;
     return { target: 'pty', bytes: submit ? text + '\r' : text };
 }
@@ -113,6 +167,54 @@ function tailFrom(path, from) {
         closeSync(fd);
     }
 }
+/** Silently ensure recording hooks are installed for the wrapped agent
+ *  in the CURRENT working directory. Without this, Claude / Codex won't
+ *  emit events to ~/.sickr/runs/, so the WS push has nothing to forward
+ *  to the DO and the browser /r/<urlid> view stays empty.
+ *
+ *  Surfaced 2026-06-01: first E2E spawned Claude under PTY but refresh
+ *  on the browser showed only an unrelated event from a prior session.
+ *  Operator hit the "have to remember `sickr init claude` first" trap.
+ *
+ *  This function is idempotent — if the file already has the right
+ *  hooks the merge is a no-op. We don't print anything on success
+ *  (the spawn is about to take over the terminal). Returns true if
+ *  hooks were ensured / installed; false if the agent name isn't
+ *  one we know how to init for. */
+export function ensureRecordingHooks(agent) {
+    const provider = agent === 'claude' || agent === 'codex' ? agent : null;
+    if (!provider)
+        return false; // Custom binaries — caller decides whether to install hooks
+    const settingsPath = provider === 'codex'
+        ? join(process.cwd(), '.codex', 'hooks.json')
+        : join(process.cwd(), '.claude', 'settings.json');
+    let existing = {};
+    if (existsSync(settingsPath)) {
+        try {
+            existing = JSON.parse(readFileSync(settingsPath, 'utf8'));
+        }
+        catch {
+            existing = {};
+        }
+    }
+    // Cheap detection — if the file already mentions our record command,
+    // skip the write. Avoids touching a file every run when the user
+    // already init'd here.
+    const serialized = JSON.stringify(existing);
+    if (serialized.includes('@sickr/cli record') || serialized.includes('@sickr/replay record')) {
+        return true;
+    }
+    // Merge using the same logic as cli.ts::handleInit but silent.
+    // Dynamic import keeps the file from pulling hookConfig at module
+    // load (tiny boot perf + lets tests run without the module).
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    const command = `npx @sickr/cli record${provider === 'codex' ? ' --codex' : ''}`;
+    const merged = mergeHooks(removeHooks(existing), command);
+    mkdirSync(join(settingsPath, '..'), { recursive: true });
+    writeFileSync(settingsPath, JSON.stringify(merged, null, 2) + '\n');
+    mkdirSync(runsDir(), { recursive: true });
+    return true;
+}
 /** Best-effort load of node-pty. Returns the spawn function or throws
  *  with a copy-pasteable install hint. */
 async function loadNodePtySpawn() {
@@ -134,6 +236,30 @@ async function loadNodePtySpawn() {
             `Underlying error: ${e.message ?? 'unknown'}`);
     }
 }
+/** Per-agent flag that disables prompting / sandboxing so the wrapped
+ *  agent doesn't stall waiting for unattended confirmation. Pure function
+ *  — exported for unit tests. Honors operator overrides: if the operator
+ *  already passed the relevant flag (or any opposite), we don't double-add.
+ *
+ *  History (2026-06-01): `sickr run claude` defaulted to interactive and
+ *  surfaced as a "hung" terminal — Claude was waiting on a tool-use
+ *  permission prompt the operator couldn't see in the PTY mirror. Moving
+ *  the default to "auto / full permissions" closes the gap; `--mode
+ *  interactive` opts back in for sensitive sessions. */
+export function autoModeArgsFor(agent, existingArgs) {
+    const a = agent.toLowerCase();
+    const has = (needle) => existingArgs.some((x) => x === needle || x.startsWith(needle + '='));
+    if (a === 'claude' || a.endsWith('/claude') || a.endsWith('\\claude') || a.endsWith('claude.cmd') || a.endsWith('claude.exe')) {
+        return has('--dangerously-skip-permissions') ? [] : ['--dangerously-skip-permissions'];
+    }
+    if (a === 'codex' || a.endsWith('/codex') || a.endsWith('\\codex') || a.endsWith('codex.cmd') || a.endsWith('codex.exe')) {
+        if (has('--dangerously-bypass-approvals-and-sandbox') || has('--full-auto') || has('--ask-for-approval'))
+            return [];
+        return ['--dangerously-bypass-approvals-and-sandbox'];
+    }
+    // Unknown agent — no opinion. Operator should pass their own flags.
+    return [];
+}
 export async function startRun(opts) {
     const creds = readCredentials();
     if (!creds) {
@@ -149,12 +275,28 @@ export async function startRun(opts) {
         process.stderr.write(`sickr: couldn't resolve live url (${e.message}). Replay Pro required.\n`);
         process.exit(4);
     }
+    // Ensure recording hooks are installed in the cwd for known agents.
+    // Without this, Claude / Codex run normally but emit no events — the
+    // browser /r/<urlid> stays empty until events flow.
+    ensureRecordingHooks(opts.agent);
     const agentBin = resolveAgent(opts.agent);
     const cols = process.stdout.columns ?? 80;
     const rows = process.stdout.rows ?? 24;
+    // mode=auto (default) injects the agent's "no prompt / full perms" flag
+    // so the wrapped CLI doesn't stall on tool-use confirmations the
+    // operator can't see. --mode interactive disables the injection.
+    const mode = opts.mode ?? 'auto';
+    const injected = mode === 'auto' ? autoModeArgsFor(opts.agent, opts.agentArgs) : [];
+    const effectiveArgs = [...injected, ...opts.agentArgs];
     process.stdout.write(`sickr: wrapping ${agentBin} in PTY. Watch + steer at: https://sickr.ai/r/${urlid}\n`);
+    if (mode === 'auto' && injected.length > 0) {
+        process.stdout.write(`       mode=auto — injected ${injected.join(' ')} (use --mode interactive to disable)\n`);
+    }
+    else if (mode === 'interactive') {
+        process.stdout.write(`       mode=interactive — agent will prompt for tool use; you confirm in the PTY\n`);
+    }
     process.stdout.write(`       browser steer messages land directly in your agent. ^C exits.\n\n`);
-    const pty = ptySpawn(agentBin, opts.agentArgs, {
+    const pty = ptySpawn(agentBin, effectiveArgs, {
         name: 'xterm-256color',
         cols, rows,
         cwd: process.cwd(),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sickr/cli",
-  "version": "0.9.5",
+  "version": "0.9.6",
   "type": "module",
   "description": "npx @sickr/cli - replay, live look, and workflow orchestration for AI coding agents.",
   "bin": { "replay": "dist/cli.js", "sickr": "dist/cli.js" },