@sickr/cli 0.9.5 → 0.9.7

package/dist/cli.js

@@ -51,103 +51,72 @@ export function buildWorkflowInvocation(rest, command = 'uvx') {
     }
     return { command, args: rest };
 }
-export const HELP = `SICKR Replay — audit & replay what your AI coding agent did.
+export const HELP = `sickr — record, replay, and remote-control your AI coding agents.
 
-Records your Claude Code or Codex session (prompts, edits, commands) to a local,
-redacted timeline you can replay — and optionally share as a public link.
+Usage: npx @sickr/cli <command> [options]
 
-Why: a durable record of every agent action — a dashcam for your coding agent.
-If your agent (Claude or Codex) loses context or can't reload a past chat, the
-replay log helps you — and it — recall exactly what was just done.
+REPLAY (free) — local recording of every prompt, edit and command.
+  replay              Install Claude + Codex recording hooks. Use the agents
+                      as normal — a redacted timeline is captured to
+                      ~/.sickr/runs.
+  replay open [id]    Render the newest run (or a specific id) as a local
+                      HTML timeline. Combine across agents with --today,
+                      --since <2h|30m|1d>, or --all (+ --claude / --codex).
+  replay share [id]   Publish a redacted run to sickr.ai/r/<id> (asks first).
+                      Add --yes to skip the prompt; --open to open after.
+                      Or combine a window: --today / --since <dur> / --all.
+                      Anon links live 24h; signed-in links live 7 days.
+  replay list         List recorded runs, newest first (+ --claude/--codex).
+  replay stop         Remove sickr hooks from this project (keeps runs).
+  replay clear        Delete all local runs in ~/.sickr/runs (asks first).
 
-Usage: npx @sickr/cli <command> [options]
+LIVE LOOK (Replay Pro) — passive streaming to a watching browser.
+  live                Stream the current session to sickr.ai/r/<your-link> in
+                      real time. Browser steer messages land in
+                      ~/.sickr/inbox/<urlid>.md and your terminal prints them.
+                      Requires \`sickr login\` + Replay Pro entitlement.
+  live status         Show pid + connection state.
+  live stop           Stop the sidecar.
 
-Commands:
-  replay        Auto mode: installs Claude + Codex recording hooks. If the
-                signed-in user has Replay Pro, starts Live Look as well.
-  replay init all|claude|codex
-                Install recording hooks under the unified command name.
-  replay share  Publish a redacted replay to sickr.ai/r/<id>.
-  replay status Show Live Look sidecar status.
-  workflow connect --agent-id <id>
-                Connect this machine to a configured SICKR workflow agent.
-  workflow start --agent-id <id>
-                Start the workflow orchestrator for that configured agent.
-  workflow status
-                Show running workflow daemon status.
-  workflow rotate | workflow disconnect
-                Rotate or revoke this machine's workflow agent key.
+REMOTE CONTROL (Replay Pro) — browser keystrokes drive the agent.
+  run <agent>         Wrap an agent in a PTY sickr owns; browser steer
+                      messages are written directly into the agent's stdin.
+                      Real remote control, not pasteboard.
+                        sickr run claude      Claude Code under sickr
+                        sickr run codex       Codex under sickr
+                        sickr run <bin>       arbitrary binary
+                      Flags:
+                        --mode auto   (default) inject the agent's
+                                      "no prompt / full perms" flag so it
+                                      doesn't stall on tool confirms the
+                                      operator can't see.
+                        --mode interactive  pass agent flags through
+                                      verbatim — agent prompts for tool use.
+                      Requires \`sickr login\` + Replay Pro entitlement.
+                      Codex 0.133+ needs \`/hooks\` typed once to trust the
+                      recorder; Claude is silent (hooks auto-installed).
 
-Legacy replay commands remain supported:
-  init <agent>   Install recording hooks for an agent (REQUIRED — no default)
-                 and start capturing to ~/.sickr/runs (secrets redacted):
-                   claude    Claude Code  (.claude/settings.json)
-                   codex     Codex        (.codex/hooks.json — needs Codex 0.133+)
-                   all       both of the above (feeds the combined view)
-                 Flag: --no-name  (label prompts "Human", not your login name)
-  open [run]     Render a run to a local HTML timeline and open it. 100% local.
-                 Defaults to the newest run; pass a run id, or --codex/--claude
-                 for the newest run of that agent. Combine across agents with a
-                 window: --today, --since <2h|30m|1d>, or --all (interleaved,
-                 filterable by agent, sortable by prompt/response time).
-  share [run]    Redact and publish ONE run to a public sickr.ai/r/<id> link
-                 (shows a preview and asks first). Links expire after 24h.
-                   --open    also open the published link in your browser
-                   --yes     skip the confirmation prompt
-                 Or publish a COMBINED multi-agent view with a window:
-                 --today / --since <2h|30m|1d> / --all (+ --claude/--codex).
-  list           List recorded runs, newest first.
-  stop           Stop recording — removes SICKR's hooks from this project.
-                 Your recorded runs are kept; run \`init\` to start again.
-  clear          Delete all local runs in ~/.sickr/runs (asks first).
-  login          Sign in with GitHub (optional — unlocks persistent shares and
-                 Replay Pro cohort eligibility). Zero-account use still works.
-  logout         Forget the local login. Server-side session stays valid until
-                 it expires; revoke from your account page if needed.
-  whoami         Show who you're logged in as.
-  live           Replay Pro: stream the current session to sickr.ai/r/<your-link>
-                 in real time. Requires \`login\` and Replay Pro entitlement.
-                   replay live            start the sidecar (foreground; ^C exits)
-                   replay live status     show pid + connection state
-                   replay live stop       stop the sidecar
-                 While running, steer messages from the watching browser are
-                 saved to ~/.sickr/inbox/<urlid>.md and printed in your terminal.
-  run <agent>    Replay Pro (Phase 2): wrap an agent in a PTY this CLI owns.
-                 Browser steer messages land directly in the agent's stdin —
-                 real remote control, no copy-paste from inbox.
-                   sickr run claude         spawn Claude Code under sickr
-                   sickr run codex          same for Codex
-                   sickr run --cmd <bin>    arbitrary command
-                 \`node-pty\` ships as an optional dep + auto-installs with the
-                 CLI on supported platforms (mac, Linux, Windows 10+).
-                 Browsers can override per-message: {mode:'queue'|'steer',
-                 submit:true|false}; default is auto-steer with submit.
-  agent connect --agent-id <id>
-                 Connect this machine to a configured SICKR agent using GitHub
-                 browser approval. Stores the agent key in ~/.sickr/agent.json.
-  agent status  Show the connected agent, org and team.
-  agent rotate  Rotate this machine's agent key.
-  agent disconnect
-                 Revoke this machine's agent key and remove it locally.
-  help           Show this help.
+ACCOUNT
+  login               Sign in with GitHub. Unlocks persistent shares
+                      (24h → 7d) and Replay Pro entitlement.
+  logout              Forget the local login.
+  whoami              Show who you're signed in as.
 
-Requires Node 18+. Codex capture needs Codex CLI 0.133+ (run /hooks to trust);
-Claude Code: any hooks-capable build.
+WORKFLOW (sickr-managed agent + ticketing)
+  workflow connect --agent-id <id>   Approve this machine for a configured
+                                     workflow agent (GitHub browser flow).
+  workflow start   --agent-id <id>   Start the orchestrator for an agent.
+  workflow status                    Show running daemon status.
+  workflow rotate | disconnect       Rotate or revoke this machine's key.
 
-────────────────────────────────────────────────────────────────────
-This replays your AI coding agents on ONE machine. SICKR governs your whole team.
-Issue tracking + your team + automation + agents — one governed workflow for
-audit, accountability, productivity and confidence.
+  help                Show this help.
 
-  · Gates & approvals — work holds at plan sign-off, review, merge and
-    validation checks until each one passes.
-  · Humans + agents on one board — agents are first-class teammates with
-    roles, capacity and accountability, not a side channel.
-  · A full, signed-off audit trail across every actor and every change.
-  · Runs 24/7 — produce as much work as you like; the team handles it.
+Requires Node 20+. Codex capture needs Codex CLI 0.133+.
 
-  Free tier available · bring your own Claude or Codex subscription.
-  → https://sickr.ai
+────────────────────────────────────────────────────────────────────
+sickr also governs your whole team — issue tracking + humans + agents on one
+board, gates & approvals, signed audit trail, runs 24/7. Free tier available;
+bring your own Claude or Codex subscription. → https://sickr.ai
 `;
 export function currentRunId(cc) {
     return String(cc.session_id ?? 'session');
@@ -850,6 +819,24 @@ async function fetchReplayProEntitlement() {
         return false;
     }
 }
+/** Gate a Pro-only command. Returns true if the user is allowed; otherwise
+ *  prints a friendly explanation and returns false. Distinguishes the three
+ *  failure modes (not-logged-in / logged-in-no-pro / network-fail) so the
+ *  operator knows exactly what to do next. */
+async function requireReplayPro(commandLabel) {
+    const creds = readCredentials();
+    if (!creds) {
+        process.stderr.write(`sickr: \`${commandLabel}\` is a Replay Pro feature.\n` +
+            `       run \`sickr login\` first — your Pro entitlement is attached to your GitHub account.\n`);
+        return false;
+    }
+    if (await fetchReplayProEntitlement())
+        return true;
+    process.stderr.write(`sickr: \`${commandLabel}\` is a Replay Pro feature.\n` +
+        `       you are signed in as ${creds.login}, but your account isn't on Replay Pro.\n` +
+        `       join the rolling-cohort waitlist → https://sickr.ai/#waitlist\n`);
+    return false;
+}
 async function handleReplay(rest) {
     const sub = replaySubcommand(rest);
     if (!sub) {
@@ -923,6 +910,10 @@ async function handleReplay(rest) {
             liveStatus();
             return;
         }
+        if (!(await requireReplayPro('sickr replay live'))) {
+            process.exit(3);
+            return;
+        }
         await startLive({ verbose: replayRest.includes('--verbose') || replayRest.includes('-v'), background: replayRest.includes('--background') });
         return;
     }
@@ -1122,28 +1113,65 @@ async function main() {
                 liveStatus();
                 return;
             }
+            if (!(await requireReplayPro('sickr live'))) {
+                process.exit(3);
+                return;
+            }
             // default: start (foreground)
             const opts = { verbose: rest.includes('--verbose') || rest.includes('-v'), background: rest.includes('--background') };
             await startLive(opts);
             return;
         }
         case 'run': {
-            // sickr run <agent> [...agent-args] [--verbose]
+            // sickr run <agent> [--mode auto|interactive] [...agent-args] [--verbose]
             // Wraps the agent in a PTY the CLI owns. Browser steers go
             // straight to stdin. node-pty is loaded on first use.
-            const positional = rest.filter((a) => !a.startsWith('-'));
-            const flags = rest.filter((a) => a.startsWith('-'));
+            // --mode is stripped before forwarding; the rest passes through verbatim.
+            const filtered = [];
+            let mode = 'auto';
+            for (let i = 0; i < rest.length; i++) {
+                if (rest[i] === '--mode' && rest[i + 1]) {
+                    const v = rest[i + 1];
+                    if (v !== 'auto' && v !== 'interactive') {
+                        process.stderr.write(`sickr: --mode must be 'auto' or 'interactive' (got '${v}')\n`);
+                        process.exit(1);
+                        return;
+                    }
+                    mode = v;
+                    i++;
+                    continue;
+                }
+                if (rest[i].startsWith('--mode=')) {
+                    const v = rest[i].slice('--mode='.length);
+                    if (v !== 'auto' && v !== 'interactive') {
+                        process.stderr.write(`sickr: --mode must be 'auto' or 'interactive' (got '${v}')\n`);
+                        process.exit(1);
+                        return;
+                    }
+                    mode = v;
+                    continue;
+                }
+                filtered.push(rest[i]);
+            }
+            const positional = filtered.filter((a) => !a.startsWith('-'));
+            const flags = filtered.filter((a) => a.startsWith('-'));
             const agent = positional[0];
             if (!agent) {
-                process.stderr.write('sickr: usage — `sickr run <agent> [args...]` (agent: claude | codex | <bin name>)\n');
+                process.stderr.write('sickr: usage — `sickr run <agent> [--mode auto|interactive] [args...]` (agent: claude | codex | <bin name>)\n');
                 process.exit(1);
                 return;
             }
-            const agentArgs = positional.slice(1);
+            // Pass through every non-sickr flag plus positional tail to the agent.
+            const passthroughFlags = flags.filter((f) => f !== '--verbose' && f !== '-v');
+            const agentArgs = [...passthroughFlags, ...positional.slice(1)];
             const verbose = flags.includes('--verbose') || flags.includes('-v');
+            if (!(await requireReplayPro('sickr run'))) {
+                process.exit(3);
+                return;
+            }
             const { startRun } = await import('./run.js');
             try {
-                await startRun({ agent, agentArgs, verbose });
+                await startRun({ agent, agentArgs, verbose, mode });
             }
             catch (e) {
                 process.stderr.write(`sickr: ${e.message}\n`);

package/dist/run.js

@@ -23,16 +23,62 @@
 import { readFileSync, writeFileSync, appendFileSync, mkdirSync, existsSync, readdirSync, statSync, openSync, readSync, closeSync, unlinkSync } from 'node:fs';
 import { homedir } from 'node:os';
 import { join } from 'node:path';
+import { execFileSync } from 'node:child_process';
 import { setTimeout as sleep } from 'node:timers/promises';
 import { readCredentials } from './auth.js';
 import { runsDir } from './recorder.js';
+import { mergeHooks, removeHooks } from './hookConfig.js';
 import { LIVE_BASE, decodeWsPayload, splitJsonObjects } from './live.js';
-/** Resolve the agent binary path. `claude` / `codex` look up <NAME>_BIN
- *  env, else fall through to the bare name on PATH. `--cmd <path>` is
- *  the escape hatch for arbitrary processes. */
-function resolveAgent(agent) {
+/** Resolve the agent binary path. Precedence:
+ *    1. SICKR_AGENT_BIN_<NAME> env (e.g. SICKR_AGENT_BIN_CLAUDE)
+ *    2. <NAME>_BIN env (e.g. CLAUDE_BIN)
+ *    3. OS shell lookup (`where` on Windows, `which` on Unix) so PATHEXT
+ *       resolution finds `claude.cmd`, `claude.exe`, etc.
+ *    4. Bare name (node-pty handles it; rarely works on Windows).
+ *
+ *  Windows-specific: node-pty's CreateProcess does NOT respect PATHEXT,
+ *  so a bare `claude` will fail with 'Cannot create process, error code: 2'
+ *  even when `claude.cmd` is on PATH. The shell lookup at step 3 closes
+ *  the gap. Surfaced 2026-06-01 on the first Windows E2E test. */
+export function resolveAgent(agent) {
+    if (/[\/\\]/.test(agent))
+        return agent; // absolute / relative path used as-is
     const envOverride = process.env[`SICKR_AGENT_BIN_${agent.toUpperCase()}`] ?? process.env[`${agent.toUpperCase()}_BIN`];
-    return envOverride || agent;
+    if (envOverride)
+        return envOverride;
+    // Shell lookup. Cheap (~20ms) and only fires once per `sickr run`.
+    // Wrapped in try/catch so a missing `where`/`which` doesn't crash —
+    // we fall through to the bare name, which gives the original error
+    // and lets the user set SICKR_AGENT_BIN_<NAME> as escape hatch.
+    try {
+        const isWin = process.platform === 'win32';
+        const cmd = isWin ? 'where' : 'which';
+        const out = execFileSync(cmd, [agent], { stdio: ['ignore', 'pipe', 'ignore'] }).toString().trim();
+        const candidates = out.split(/\r?\n/).map((l) => l.trim()).filter(Boolean);
+        if (candidates.length === 0)
+            return agent;
+        // On Windows, `where` returns multiple candidates when both the npm
+        // shell-script wrapper (no extension) and the .cmd/.bat shim exist.
+        // CreateProcess can't run the unextensioned wrapper, so prefer
+        // executable extensions in this order: .exe, .cmd, .bat, .com,
+        // then anything else. Bug surfaced 2026-06-01 — `where claude` led
+        // with `C:\...\nvm\v22\claude` (no ext) before `claude.cmd`.
+        if (isWin) {
+            const EXEC_RANK = ['.exe', '.cmd', '.bat', '.com'];
+            const sorted = candidates.slice().sort((a, b) => {
+                const ar = EXEC_RANK.findIndex((ext) => a.toLowerCase().endsWith(ext));
+                const br = EXEC_RANK.findIndex((ext) => b.toLowerCase().endsWith(ext));
+                // Items with a recognised exec ext sort first; ties keep original order.
+                const ai = ar === -1 ? EXEC_RANK.length : ar;
+                const bi = br === -1 ? EXEC_RANK.length : br;
+                return ai - bi;
+            });
+            return sorted[0];
+        }
+        return candidates[0];
+    }
+    catch { /* not found; fall through */ }
+    return agent;
 }
 /** UTC date YYYY-MM-DD — matches sickr-ui's /api/replay slot id formula. */
 function utcDate(now = new Date()) { return now.toISOString().slice(0, 10); }
@@ -72,9 +118,17 @@ export function decideSteer(msg, defaultMode = 'pty') {
     const mode = msg.mode === 'queue' ? 'inbox' : msg.mode === 'steer' ? 'pty' : defaultMode;
     if (mode === 'inbox')
         return { target: 'inbox' };
-    // For PTY: append \r unless submit was explicitly false. Default true
-    // because the whole point of `sickr run` is auto-submit; opt out
-    // requires saying so.
+    // For PTY: append a line terminator unless submit was explicitly
+    // false. Default true because the whole point of `sickr run` is
+    // auto-submit; opt out requires saying so.
+    //
+    // We send \r (CR only). That's what the Enter key produces in most
+    // TUIs running under a PTY in raw mode (the terminal driver doesn't
+    // translate CR -> LF for raw input). Surfaced 2026-06-01: bare \r
+    // worked for echo / cat tests but Claude Code's React Ink input
+    // handler appeared to ignore single \r on Windows ConPTY. Sending
+    // \r\n is widely compatible: bare-\r TUIs treat the trailing \n as
+    // an empty no-op line; line-buffered programs see a single line.
     const submit = msg.submit !== false;
     return { target: 'pty', bytes: submit ? text + '\r' : text };
 }
@@ -113,6 +167,54 @@ function tailFrom(path, from) {
         closeSync(fd);
     }
 }
+/** Silently ensure recording hooks are installed for the wrapped agent
+ *  in the CURRENT working directory. Without this, Claude / Codex won't
+ *  emit events to ~/.sickr/runs/, so the WS push has nothing to forward
+ *  to the DO and the browser /r/<urlid> view stays empty.
+ *
+ *  Surfaced 2026-06-01: first E2E spawned Claude under PTY but refresh
+ *  on the browser showed only an unrelated event from a prior session.
+ *  Operator hit the "have to remember `sickr init claude` first" trap.
+ *
+ *  This function is idempotent — if the file already has the right
+ *  hooks the merge is a no-op. We don't print anything on success
+ *  (the spawn is about to take over the terminal). Returns true if
+ *  hooks were ensured / installed; false if the agent name isn't
+ *  one we know how to init for. */
+export function ensureRecordingHooks(agent) {
+    const provider = agent === 'claude' || agent === 'codex' ? agent : null;
+    if (!provider)
+        return false; // Custom binaries — caller decides whether to install hooks
+    const settingsPath = provider === 'codex'
+        ? join(process.cwd(), '.codex', 'hooks.json')
+        : join(process.cwd(), '.claude', 'settings.json');
+    let existing = {};
+    if (existsSync(settingsPath)) {
+        try {
+            existing = JSON.parse(readFileSync(settingsPath, 'utf8'));
+        }
+        catch {
+            existing = {};
+        }
+    }
+    // Cheap detection — if the file already mentions our record command,
+    // skip the write. Avoids touching a file every run when the user
+    // already init'd here.
+    const serialized = JSON.stringify(existing);
+    if (serialized.includes('@sickr/cli record') || serialized.includes('@sickr/replay record')) {
+        return true;
+    }
+    // Merge using the same logic as cli.ts::handleInit but silent.
+    // Dynamic import keeps the file from pulling hookConfig at module
+    // load (tiny boot perf + lets tests run without the module).
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    const command = `npx @sickr/cli record${provider === 'codex' ? ' --codex' : ''}`;
+    const merged = mergeHooks(removeHooks(existing), command);
+    mkdirSync(join(settingsPath, '..'), { recursive: true });
+    writeFileSync(settingsPath, JSON.stringify(merged, null, 2) + '\n');
+    mkdirSync(runsDir(), { recursive: true });
+    return true;
+}
 /** Best-effort load of node-pty. Returns the spawn function or throws
  *  with a copy-pasteable install hint. */
 async function loadNodePtySpawn() {
@@ -134,6 +236,30 @@ async function loadNodePtySpawn() {
             `Underlying error: ${e.message ?? 'unknown'}`);
     }
 }
+/** Per-agent flag that disables prompting / sandboxing so the wrapped
+ *  agent doesn't stall waiting for unattended confirmation. Pure function
+ *  — exported for unit tests. Honors operator overrides: if the operator
+ *  already passed the relevant flag (or any opposite), we don't double-add.
+ *
+ *  History (2026-06-01): `sickr run claude` defaulted to interactive and
+ *  surfaced as a "hung" terminal — Claude was waiting on a tool-use
+ *  permission prompt the operator couldn't see in the PTY mirror. Moving
+ *  the default to "auto / full permissions" closes the gap; `--mode
+ *  interactive` opts back in for sensitive sessions. */
+export function autoModeArgsFor(agent, existingArgs) {
+    const a = agent.toLowerCase();
+    const has = (needle) => existingArgs.some((x) => x === needle || x.startsWith(needle + '='));
+    if (a === 'claude' || a.endsWith('/claude') || a.endsWith('\\claude') || a.endsWith('claude.cmd') || a.endsWith('claude.exe')) {
+        return has('--dangerously-skip-permissions') ? [] : ['--dangerously-skip-permissions'];
+    }
+    if (a === 'codex' || a.endsWith('/codex') || a.endsWith('\\codex') || a.endsWith('codex.cmd') || a.endsWith('codex.exe')) {
+        if (has('--dangerously-bypass-approvals-and-sandbox') || has('--full-auto') || has('--ask-for-approval'))
+            return [];
+        return ['--dangerously-bypass-approvals-and-sandbox'];
+    }
+    // Unknown agent — no opinion. Operator should pass their own flags.
+    return [];
+}
 export async function startRun(opts) {
     const creds = readCredentials();
     if (!creds) {
@@ -149,12 +275,33 @@ export async function startRun(opts) {
         process.stderr.write(`sickr: couldn't resolve live url (${e.message}). Replay Pro required.\n`);
         process.exit(4);
     }
+    // Ensure recording hooks are installed in the cwd for known agents.
+    // Without this, Claude / Codex run normally but emit no events — the
+    // browser /r/<urlid> stays empty until events flow.
+    ensureRecordingHooks(opts.agent);
     const agentBin = resolveAgent(opts.agent);
     const cols = process.stdout.columns ?? 80;
     const rows = process.stdout.rows ?? 24;
+    // mode=auto (default) injects the agent's "no prompt / full perms" flag
+    // so the wrapped CLI doesn't stall on tool-use confirmations the
+    // operator can't see. --mode interactive disables the injection.
+    const mode = opts.mode ?? 'auto';
+    const injected = mode === 'auto' ? autoModeArgsFor(opts.agent, opts.agentArgs) : [];
+    const effectiveArgs = [...injected, ...opts.agentArgs];
     process.stdout.write(`sickr: wrapping ${agentBin} in PTY. Watch + steer at: https://sickr.ai/r/${urlid}\n`);
+    if (mode === 'auto' && injected.length > 0) {
+        process.stdout.write(`       mode=auto — injected ${injected.join(' ')} (use --mode interactive to disable)\n`);
+    }
+    else if (mode === 'interactive') {
+        process.stdout.write(`       mode=interactive — agent will prompt for tool use; you confirm in the PTY\n`);
+    }
+    if (opts.agent === 'codex') {
+        // Codex 0.133+ gates new hooks until trusted; without trust the recorder
+        // is dormant and /r/<urlid> stays empty even though the PTY is live.
+        process.stdout.write(`       codex hooks: type \`/hooks\` once inside codex to trust the recorder.\n`);
+    }
     process.stdout.write(`       browser steer messages land directly in your agent. ^C exits.\n\n`);
-    const pty = ptySpawn(agentBin, opts.agentArgs, {
+    const pty = ptySpawn(agentBin, effectiveArgs, {
         name: 'xterm-256color',
         cols, rows,
         cwd: process.cwd(),
@@ -246,12 +393,28 @@ export async function startRun(opts) {
                 if (m.kind === 'steer' && m.text) {
                     const decision = decideSteer(m);
                     if (decision.target === 'pty' && decision.bytes != null) {
+                        // Submit-fix (2026-06-01): Claude Code's TUI treats a burst of
+                        // characters arriving with no inter-keystroke gap as a paste
+                        // — and within a paste, \r is an inline newline, NOT a submit.
+                        // Text appeared in the input box but never got sent until the
+                        // operator manually hit Enter. Split the write: body first,
+                        // then a short delay, then a standalone \r so it lands as a
+                        // discrete Enter keypress instead of "tail of a paste".
+                        const bytes = decision.bytes;
+                        const bodyOnly = bytes.endsWith('\r') ? bytes.slice(0, -1) : bytes;
+                        const submit = bytes.endsWith('\r');
                         try {
-                            pty.write(decision.bytes);
+                            if (bodyOnly.length > 0)
+                                pty.write(bodyOnly);
+                            if (submit)
+                                setTimeout(() => { try {
+                                    pty.write('\r');
+                                }
+                                catch { /* pty exited */ } }, 80);
                         }
                         catch { /* PTY may have exited */ }
                         if (opts.verbose)
-                            process.stderr.write(`sickr: pty steer ${decision.bytes.length}b\n`);
+                            process.stderr.write(`sickr: pty steer ${bytes.length}b${submit ? ' (split for submit)' : ''}\n`);
                     }
                     else {
                         appendInbox(urlid, m.text, m.at ?? new Date().toISOString());

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sickr/cli",
-  "version": "0.9.5",
+  "version": "0.9.7",
   "type": "module",
   "description": "npx @sickr/cli - replay, live look, and workflow orchestration for AI coding agents.",
   "bin": { "replay": "dist/cli.js", "sickr": "dist/cli.js" },