npm - @sickr/replay - Versions diffs - 0.6.0 → 0.8.0 - Mend

@sickr/replay 0.6.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/agentAuth.js ADDED Viewed

@@ -0,0 +1,76 @@
+import { readFileSync, writeFileSync, mkdirSync, chmodSync, unlinkSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+export const AGENT_API_URL = (process.env.SICKR_API_URL ?? 'https://support-backend.sickr.ai').replace(/\/+$/, '');
+function agentCredsPath() {
+    return join(homedir(), '.sickr', 'agent.json');
+}
+export function readAgentCredentials() {
+    try {
+        return JSON.parse(readFileSync(agentCredsPath(), 'utf8'));
+    }
+    catch {
+        return null;
+    }
+}
+export function writeAgentCredentials(c) {
+    const dir = join(homedir(), '.sickr');
+    mkdirSync(dir, { recursive: true });
+    const p = agentCredsPath();
+    writeFileSync(p, JSON.stringify(c, null, 2) + '\n');
+    try {
+        chmodSync(p, 0o600);
+    }
+    catch { /* Windows: skip */ }
+}
+export function clearAgentCredentials() {
+    try {
+        unlinkSync(agentCredsPath());
+    }
+    catch { /* none */ }
+}
+export async function startAgentConnect(apiUrl, agentId) {
+    const r = await fetch(`${apiUrl.replace(/\/+$/, '')}/agent-connect/start`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ agent_id: agentId }),
+    });
+    if (!r.ok)
+        throw new Error(`agent-connect/start failed: ${r.status}`);
+    return await r.json();
+}
+export async function pollAgentConnect(apiUrl, deviceCode) {
+    const r = await fetch(`${apiUrl.replace(/\/+$/, '')}/agent-connect/poll`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ device_code: deviceCode }),
+    });
+    if (!r.ok)
+        throw new Error(`agent-connect/poll failed: ${r.status}`);
+    return await r.json();
+}
+export async function fetchAgentStatus(c) {
+    const r = await fetch(`${c.api_url.replace(/\/+$/, '')}/agent/self/status`, {
+        headers: { Authorization: `Bearer ${c.api_key}` },
+    });
+    if (!r.ok)
+        throw new Error(`agent/self/status failed: ${r.status}`);
+    return await r.json();
+}
+export async function rotateAgentKey(c) {
+    const r = await fetch(`${c.api_url.replace(/\/+$/, '')}/agent/self/rotate`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${c.api_key}` },
+    });
+    if (!r.ok)
+        throw new Error(`agent/self/rotate failed: ${r.status}`);
+    return await r.json();
+}
+export async function disconnectAgent(c) {
+    const r = await fetch(`${c.api_url.replace(/\/+$/, '')}/agent/self/disconnect`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${c.api_key}` },
+    });
+    if (!r.ok)
+        throw new Error(`agent/self/disconnect failed: ${r.status}`);
+}

package/dist/cli.js CHANGED Viewed

@@ -9,69 +9,78 @@ import { mergeHooks, removeHooks } from './hookConfig.js';
 import { renderRunHtml, renderCombinedHtml } from './render.js';
 import { buildSharePayload, buildCombinedPayload, publish, PublishError } from './share.js';
 import { readCredentials, writeCredentials, clearCredentials, startDevice, pollDevice, sleep } from './auth.js';
+import { ui, card, kv } from './ui.js';
+import { AGENT_API_URL, clearAgentCredentials, disconnectAgent, fetchAgentStatus, pollAgentConnect, readAgentCredentials, rotateAgentKey, startAgentConnect, writeAgentCredentials, } from './agentAuth.js';
 const REPLAY_ENDPOINT = process.env.SICKR_REPLAY_ENDPOINT ?? 'https://sickr.ai/api/replay';
-const COMMANDS = ['init', 'record', 'open', 'list', 'share', 'stop', 'clear', 'login', 'logout', 'whoami', 'help'];
+const COMMANDS = ['init', 'record', 'open', 'list', 'share', 'stop', 'clear', 'login', 'logout', 'whoami', 'agent', 'help'];
 export function parseCommand(argv) {
     const c = argv[0];
     return c && COMMANDS.includes(c) ? c : null;
 }
-export const HELP = `SICKR Replay — audit & replay what your AI coding agent did.
-Records your Claude Code or Codex session (prompts, edits, commands) to a local,
-redacted timeline you can replay — and optionally share as a public link.
-Why: a durable record of every agent action — a dashcam for your coding agent.
-If your agent (Claude or Codex) loses context or can't reload a past chat, the
-replay log helps you — and it — recall exactly what was just done.
-Usage: npx @sickr/replay <command> [options]
-Commands:
-  init <agent>   Install recording hooks for an agent (REQUIRED — no default)
-                 and start capturing to ~/.sickr/runs (secrets redacted):
-                   claude    Claude Code  (.claude/settings.json)
-                   codex     Codex        (.codex/hooks.json — needs Codex 0.133+)
-                   all       both of the above (feeds the combined view)
-                 Flag: --no-name  (label prompts "Human", not your login name)
-  open [run]     Render a run to a local HTML timeline and open it. 100% local.
-                 Defaults to the newest run; pass a run id, or --codex/--claude
-                 for the newest run of that agent. Combine across agents with a
-                 window: --today, --since <2h|30m|1d>, or --all (interleaved,
-                 filterable by agent, sortable by prompt/response time).
-  share [run]    Redact and publish ONE run to a public sickr.ai/r/<id> link
-                 (shows a preview and asks first). Links expire after 24h.
-                   --open    also open the published link in your browser
-                   --yes     skip the confirmation prompt
-                 Or publish a COMBINED multi-agent view with a window:
-                 --today / --since <2h|30m|1d> / --all (+ --claude/--codex).
-  list           List recorded runs, newest first.
-  stop           Stop recording — removes SICKR's hooks from this project.
-                 Your recorded runs are kept; run \`init\` to start again.
-  clear          Delete all local runs in ~/.sickr/runs (asks first).
-  login          Sign in with GitHub (optional — unlocks persistent shares and
-                 Replay Pro cohort eligibility). Zero-account use still works.
-  logout         Forget the local login. Server-side session stays valid until
-                 it expires; revoke from your account page if needed.
-  whoami         Show who you're logged in as.
-  help           Show this help.
-Requires Node 18+. Codex capture needs Codex CLI 0.133+ (run /hooks to trust);
-Claude Code: any hooks-capable build.
-────────────────────────────────────────────────────────────────────
-This replays your AI coding agents on ONE machine. SICKR governs your whole team.
-Issue tracking + your team + automation + agents — one governed workflow for
-audit, accountability, productivity and confidence.
-  · Gates & approvals — work holds at plan sign-off, review, merge and
-    validation checks until each one passes.
-  · Humans + agents on one board — agents are first-class teammates with
-    roles, capacity and accountability, not a side channel.
-  · A full, signed-off audit trail across every actor and every change.
-  · Runs 24/7 — produce as much work as you like; the team handles it.
-  Free tier available · bring your own Claude or Codex subscription.
-  → https://sickr.ai
+export const HELP = `SICKR Replay — audit & replay what your AI coding agent did.
+Records your Claude Code or Codex session (prompts, edits, commands) to a local,
+redacted timeline you can replay — and optionally share as a public link.
+Why: a durable record of every agent action — a dashcam for your coding agent.
+If your agent (Claude or Codex) loses context or can't reload a past chat, the
+replay log helps you — and it — recall exactly what was just done.
+Usage: npx @sickr/replay <command> [options]
+Commands:
+  init <agent>   Install recording hooks for an agent (REQUIRED — no default)
+                 and start capturing to ~/.sickr/runs (secrets redacted):
+                   claude    Claude Code  (.claude/settings.json)
+                   codex     Codex        (.codex/hooks.json — needs Codex 0.133+)
+                   all       both of the above (feeds the combined view)
+                 Flag: --no-name  (label prompts "Human", not your login name)
+  open [run]     Render a run to a local HTML timeline and open it. 100% local.
+                 Defaults to the newest run; pass a run id, or --codex/--claude
+                 for the newest run of that agent. Combine across agents with a
+                 window: --today, --since <2h|30m|1d>, or --all (interleaved,
+                 filterable by agent, sortable by prompt/response time).
+  share [run]    Redact and publish ONE run to a public sickr.ai/r/<id> link
+                 (shows a preview and asks first). Links expire after 24h.
+                   --open    also open the published link in your browser
+                   --yes     skip the confirmation prompt
+                 Or publish a COMBINED multi-agent view with a window:
+                 --today / --since <2h|30m|1d> / --all (+ --claude/--codex).
+  list           List recorded runs, newest first.
+  stop           Stop recording — removes SICKR's hooks from this project.
+                 Your recorded runs are kept; run \`init\` to start again.
+  clear          Delete all local runs in ~/.sickr/runs (asks first).
+  login          Sign in with GitHub (optional — unlocks persistent shares and
+                 Replay Pro cohort eligibility). Zero-account use still works.
+  logout         Forget the local login. Server-side session stays valid until
+                 it expires; revoke from your account page if needed.
+  whoami         Show who you're logged in as.
+  agent connect --agent-id <id>
+                 Connect this machine to a configured SICKR agent using GitHub
+                 browser approval. Stores the agent key in ~/.sickr/agent.json.
+  agent status  Show the connected agent, org and team.
+  agent rotate  Rotate this machine's agent key.
+  agent disconnect
+                 Revoke this machine's agent key and remove it locally.
+  help           Show this help.
+Requires Node 18+. Codex capture needs Codex CLI 0.133+ (run /hooks to trust);
+Claude Code: any hooks-capable build.
+────────────────────────────────────────────────────────────────────
+This replays your AI coding agents on ONE machine. SICKR governs your whole team.
+Issue tracking + your team + automation + agents — one governed workflow for
+audit, accountability, productivity and confidence.
+  · Gates & approvals — work holds at plan sign-off, review, merge and
+    validation checks until each one passes.
+  · Humans + agents on one board — agents are first-class teammates with
+    roles, capacity and accountability, not a side channel.
+  · A full, signed-off audit trail across every actor and every change.
+  · Runs 24/7 — produce as much work as you like; the team handles it.
+  Free tier available · bring your own Claude or Codex subscription.
+  → https://sickr.ai
 `;
 export function currentRunId(cc) {
     return String(cc.session_id ?? 'session');
@@ -350,17 +359,24 @@ async function confirmPublish(yes, what) {
     }
     return true;
 }
-/** Publish with a single friendly retry on 429 (the WAF allows ~1/10s). Returns the URL. */
+/** Publish with a single friendly retry on 429 (the WAF allows ~1/10s).
+ *  If the user is logged in, attach their token so the share lands in the
+ *  7-day daily slot (free_authed) instead of the 24h anon dedup pool. */
 async function publishWithRetry(payload) {
+    const token = readCredentials()?.token ?? null;
+    const post = async () => {
+        const r = await publish(payload, REPLAY_ENDPOINT, { token });
+        return { url: r.url, ttl_days: r.ttl_days ?? 1 };
+    };
     try {
-        return (await publish(payload, REPLAY_ENDPOINT)).url;
+        return await post();
     }
     catch (err) {
         if (err instanceof PublishError && err.status === 429) {
             process.stdout.write('sickr: rate-limited — you can publish about once every 10s. Waiting to retry once...\n');
             await new Promise((r) => setTimeout(r, 11_000));
             try {
-                return (await publish(payload, REPLAY_ENDPOINT)).url;
+                return await post();
             }
             catch (retryErr) {
                 if (retryErr instanceof PublishError && retryErr.status === 429) {
@@ -373,6 +389,49 @@ async function publishWithRetry(payload) {
         throw err;
     }
 }
+function expiryCopy(ttl_days) {
+    if (ttl_days >= 30)
+        return {
+            kind: 'pro',
+            value: `${ttl_days} days`,
+            tag: 'Replay Pro',
+            footer: [],
+        };
+    if (ttl_days >= 2)
+        return {
+            kind: 'authed',
+            value: `in ${ttl_days} days`,
+            tag: 'signed-in link',
+            footer: ['re-share before it expires to roll the window forward.'],
+        };
+    return {
+        kind: 'anon',
+        value: 'in 24h',
+        tag: 'anon link',
+        footer: [
+            'run `npx @sickr/replay login` to extend new links to 7 days.',
+            'Replay Pro (live + remote) — early access, rolling cohorts:',
+            '  https://sickr.ai/#waitlist',
+        ],
+    };
+}
+function expiryValueStyled(e) {
+    if (e.kind === 'anon')
+        return ui.warn(e.value) + '   ' + ui.dim(ui.glyph.tag + ' ' + e.tag);
+    if (e.kind === 'pro')
+        return ui.brand(e.value) + '   ' + ui.accent(ui.bold(ui.glyph.tag + ' ' + e.tag));
+    return ui.brand(e.value) + '   ' + ui.dim(ui.glyph.tag + ' ' + e.tag);
+}
+function tipLine(text) {
+    return '  ' + ui.accent(ui.glyph.tip) + ' ' + ui.dim(text) + '\n';
+}
+function legacyExpiryLine(ttl_days) {
+    if (ttl_days >= 30)
+        return `sickr: this link is live for ${ttl_days} days (Replay Pro retention).\n`;
+    if (ttl_days >= 2)
+        return `sickr: this link is live for ${ttl_days} days — re-share before it expires to extend.\n`;
+    return `sickr: this link expires in 24h. Run \`replay login\` to extend to 7 days.\n`;
+}
 async function handleShare(runId, yes, open) {
     const id = runId ?? latestRunId();
     if (!id) {
@@ -380,13 +439,44 @@ async function handleShare(runId, yes, open) {
         process.exit(1);
         return;
     }
-    const payload = buildSharePayload(loadRun(id));
-    process.stdout.write(`sickr: about to publish run "${id}" (${payload.run.events.length} events, secrets already redacted) to ${REPLAY_ENDPOINT}\n` +
-        `sickr: tip — run \`npx @sickr/replay open ${id}\` to review the full timeline locally before sharing.\n`);
+    const run = loadRun(id);
+    const payload = buildSharePayload(run);
+    const agentSet = Array.from(new Set(run.events.map((e) => e.label).filter((a) => a && a !== '—' && a !== 'Response')));
+    const agent = agentSet.length ? agentSet.join(', ') : 'Agent';
+    const target = REPLAY_ENDPOINT.replace(/^https?:\/\//, '');
+    if (ui.enabled()) {
+        process.stdout.write(card('publish preview', [
+            kv('run', ui.white(id)),
+            kv('agent', ui.white(agent)),
+            kv('events', ui.white(String(payload.run.events.length))),
+            kv('secrets', `redacted ${ui.ok(ui.glyph.check)}`),
+            kv('target', ui.white(target)),
+        ]));
+        process.stdout.write(tipLine(`run \`npx @sickr/replay open ${id}\` to review locally first.`));
+        process.stdout.write('\n');
+    }
+    else {
+        process.stdout.write(`sickr: about to publish run "${id}" (${payload.run.events.length} events, secrets already redacted) to ${REPLAY_ENDPOINT}\n` +
+            `sickr: tip — run \`npx @sickr/replay open ${id}\` to review the full timeline locally before sharing.\n`);
+    }
     if (!(await confirmPublish(yes, 'this run')))
         return;
-    const url = await publishWithRetry(payload);
-    process.stdout.write(`sickr: published → ${url}\nsickr: this link expires in 24h.\nsickr: Replay Pro (live + remote) — early access, rolling out in cohorts → https://sickr.ai/#waitlist\n`);
+    const { url, ttl_days } = await publishWithRetry(payload);
+    const exp = expiryCopy(ttl_days);
+    if (ui.enabled()) {
+        process.stdout.write(card('published', [
+            kv('url', ui.underline(ui.white(url))),
+            kv('run', ui.white(`${id} · ${payload.run.events.length} events`)),
+            kv(exp.kind === 'pro' ? 'retention' : 'expires', expiryValueStyled(exp)),
+        ]));
+        for (const line of exp.footer)
+            process.stdout.write(tipLine(line));
+    }
+    else {
+        process.stdout.write(`sickr: published → ${url}\n` +
+            legacyExpiryLine(ttl_days) +
+            (exp.kind === 'anon' ? `sickr: Replay Pro (live + remote) — early access, rolling out in cohorts → https://sickr.ai/#waitlist\n` : ''));
+    }
     if (open)
         openInBrowser(url);
 }
@@ -400,14 +490,46 @@ async function handleShareCombined(sel, yes, open) {
         return;
     }
     const turns = runs.reduce((n, r) => n + r.events.filter((e) => e.kind === 'prompt').length, 0);
-    const agents = Array.from(new Set(runs.map((r) => r.agent))).join(', ');
+    // Drop the placeholder dash that runSummary returns when an agent label is
+    // missing — otherwise the join produces "across —, Codex, Claude".
+    const agentSet = Array.from(new Set(runs.map((r) => r.agent).filter((a) => a && a !== '—')));
+    const agents = agentSet.length ? agentSet.join(', ') : 'Agent';
     const payload = buildCombinedPayload(runs, sel.label);
-    process.stdout.write(`sickr: about to publish a combined replay (${sel.label}) — ${runs.length} runs, ~${turns} turns across ${agents}, secrets already redacted, to ${REPLAY_ENDPOINT}\n` +
-        `sickr: tip — run the matching \`open\` window to review locally before sharing.\n`);
+    const target = REPLAY_ENDPOINT.replace(/^https?:\/\//, '');
+    if (ui.enabled()) {
+        process.stdout.write(card('publish preview', [
+            kv('scope', ui.white(sel.label)),
+            kv('runs', ui.white(String(runs.length))),
+            kv('turns', ui.white(`~${turns}`)),
+            kv('agents', ui.white(agents)),
+            kv('secrets', `redacted ${ui.ok(ui.glyph.check)}`),
+            kv('target', ui.white(target)),
+        ]));
+        process.stdout.write(tipLine('run the matching `open` window to review locally first.'));
+        process.stdout.write('\n');
+    }
+    else {
+        process.stdout.write(`sickr: about to publish a combined replay (${sel.label}) — ${runs.length} runs, ~${turns} turns across ${agents}, secrets already redacted, to ${REPLAY_ENDPOINT}\n` +
+            `sickr: tip — run the matching \`open\` window to review locally before sharing.\n`);
+    }
     if (!(await confirmPublish(yes, 'this combined replay')))
         return;
-    const url = await publishWithRetry(payload);
-    process.stdout.write(`sickr: published → ${url}\nsickr: this link expires in 24h.\nsickr: Replay Pro (live + remote) — early access, rolling out in cohorts → https://sickr.ai/#waitlist\n`);
+    const { url, ttl_days } = await publishWithRetry(payload);
+    const exp = expiryCopy(ttl_days);
+    if (ui.enabled()) {
+        process.stdout.write(card('published', [
+            kv('url', ui.underline(ui.white(url))),
+            kv('scope', ui.white(`${sel.label} · ${runs.length} runs · ~${turns} turns`)),
+            kv(exp.kind === 'pro' ? 'retention' : 'expires', expiryValueStyled(exp)),
+        ]));
+        for (const line of exp.footer)
+            process.stdout.write(tipLine(line));
+    }
+    else {
+        process.stdout.write(`sickr: published → ${url}\n` +
+            legacyExpiryLine(ttl_days) +
+            (exp.kind === 'anon' ? `sickr: Replay Pro (live + remote) — early access, rolling out in cohorts → https://sickr.ai/#waitlist\n` : ''));
+    }
     if (open)
         openInBrowser(url);
 }
@@ -498,6 +620,152 @@ export function handleWhoami() {
     }
     process.stdout.write(`sickr: ${c.login}${c.name ? ` (${c.name})` : ''} · since ${c.login_at}\n`);
 }
+function valueAt(rest, flag) {
+    const i = rest.indexOf(flag);
+    return i >= 0 && rest[i + 1] && !rest[i + 1].startsWith('-') ? rest[i + 1] : null;
+}
+function isRecord(value) {
+    return typeof value === 'object' && value !== null && !Array.isArray(value);
+}
+function agentContextLabel(context) {
+    const root = isRecord(context) ? context : {};
+    const agent = isRecord(root.agent) ? root.agent : {};
+    const org = isRecord(root.org) ? root.org : {};
+    const team = isRecord(root.team) ? root.team : {};
+    return {
+        agentId: typeof agent.agent_id === 'string' ? agent.agent_id : 'unknown',
+        provider: typeof agent.provider === 'string' ? agent.provider : 'unknown',
+        status: typeof agent.status === 'string' ? agent.status : 'unknown',
+        org: typeof org.name === 'string' ? org.name : 'unknown org',
+        team: typeof team.name === 'string' ? team.name : 'unknown team',
+    };
+}
+export async function handleAgentStatus() {
+    const c = readAgentCredentials();
+    if (!c) {
+        process.stdout.write('sickr: agent is not connected. Run `sickr agent connect --agent-id <id>`.\n');
+        return;
+    }
+    try {
+        const label = agentContextLabel(await fetchAgentStatus(c));
+        process.stdout.write(`sickr: connected as ${label.agentId} (${label.provider}, ${label.status})\n` +
+            `org: ${label.org}  team: ${label.team}\n` +
+            `api: ${c.api_url}\n`);
+    }
+    catch (e) {
+        process.stderr.write(`sickr: agent status failed (${e.message}).\n`);
+        process.exit(1);
+    }
+}
+export async function handleAgentRotate() {
+    const c = readAgentCredentials();
+    if (!c) {
+        process.stderr.write('sickr: agent is not connected. Run `sickr agent connect --agent-id <id>`.\n');
+        process.exit(1);
+        return;
+    }
+    try {
+        const rotated = await rotateAgentKey(c);
+        writeAgentCredentials({ ...c, api_key: rotated.api_key, key_id: rotated.key?.id ?? c.key_id });
+        process.stdout.write(`sickr: rotated key for ${c.agent_id}.\n`);
+    }
+    catch (e) {
+        process.stderr.write(`sickr: agent rotate failed (${e.message}).\n`);
+        process.exit(1);
+    }
+}
+export async function handleAgentDisconnect() {
+    const c = readAgentCredentials();
+    if (!c) {
+        process.stdout.write('sickr: agent is not connected.\n');
+        return;
+    }
+    try {
+        await disconnectAgent(c);
+        clearAgentCredentials();
+        process.stdout.write(`sickr: disconnected ${c.agent_id} and removed the local key.\n`);
+    }
+    catch (e) {
+        process.stderr.write(`sickr: agent disconnect failed (${e.message}).\n`);
+        process.exit(1);
+    }
+}
+function storeApprovedAgent(apiUrl, result) {
+    writeAgentCredentials({
+        api_url: apiUrl,
+        agent_id: result.agent_id,
+        api_key: result.api_key,
+        key_id: result.key_id ?? null,
+        org_id: result.org_id,
+        team_id: result.team_id,
+        connected_at: new Date().toISOString(),
+    });
+}
+export async function handleAgentConnect(rest) {
+    const agentId = valueAt(rest, '--agent-id') ?? rest.find((a) => !a.startsWith('-')) ?? null;
+    if (!agentId) {
+        process.stderr.write('sickr: `agent connect` requires --agent-id <id>.\n');
+        process.exit(1);
+        return;
+    }
+    const apiUrl = (valueAt(rest, '--api-url') ?? AGENT_API_URL).replace(/\/+$/, '');
+    let started;
+    try {
+        started = await startAgentConnect(apiUrl, agentId);
+    }
+    catch (e) {
+        process.stderr.write(`sickr: could not start agent connect (${e.message}).\n`);
+        process.exit(1);
+        return;
+    }
+    const verifyUrl = started.verification_uri_complete ?? started.verification_uri;
+    process.stdout.write(`\nsickr: approve agent ${agentId} in your browser:\n\n` +
+        `    ${verifyUrl}\n\n` +
+        `code: ${started.user_code}\n` +
+        `(opening browser...)\n`);
+    openInBrowser(verifyUrl);
+    const deadline = Date.now() + started.expires_in * 1000;
+    const intervalMs = Math.max(1, started.interval) * 1000;
+    while (Date.now() < deadline) {
+        await sleep(intervalMs);
+        let polled;
+        try {
+            polled = await pollAgentConnect(apiUrl, started.device_code);
+        }
+        catch (e) {
+            process.stderr.write(`sickr: agent connect poll failed (${e.message}).\n`);
+            process.exit(1);
+            return;
+        }
+        if (polled.status === 'pending')
+            continue;
+        if (polled.status === 'approved') {
+            storeApprovedAgent(apiUrl, polled);
+            process.stdout.write(`\nsickr: connected ${polled.agent_id}. Run \`sickr agent status\` to verify.\n`);
+            return;
+        }
+        if (polled.status === 'expired') {
+            process.stderr.write('sickr: agent connect code expired. Run `sickr agent connect` again.\n');
+            process.exit(1);
+            return;
+        }
+        if (polled.status === 'denied') {
+            process.stderr.write('sickr: agent connect was denied.\n');
+            process.exit(1);
+            return;
+        }
+        if (polled.status === 'consumed') {
+            process.stderr.write('sickr: agent connect code was already used. Run `sickr agent connect` again.\n');
+            process.exit(1);
+            return;
+        }
+        process.stderr.write(`sickr: agent connect error: ${polled.error ?? 'unknown'}.\n`);
+        process.exit(1);
+        return;
+    }
+    process.stderr.write('sickr: agent connect timed out. Run `sickr agent connect` again.\n');
+    process.exit(1);
+}
 async function readStdin() {
     const chunks = [];
     for await (const chunk of process.stdin)
@@ -563,6 +831,29 @@ async function main() {
         case 'whoami':
             handleWhoami();
             return;
+        case 'agent': {
+            const sub = rest[0];
+            const agentRest = rest.slice(1);
+            if (sub === 'connect') {
+                await handleAgentConnect(agentRest);
+                return;
+            }
+            if (sub === 'status') {
+                await handleAgentStatus();
+                return;
+            }
+            if (sub === 'disconnect') {
+                await handleAgentDisconnect();
+                return;
+            }
+            if (sub === 'rotate') {
+                await handleAgentRotate();
+                return;
+            }
+            process.stderr.write('sickr: unknown agent command. Use `sickr agent connect|status|disconnect|rotate`.\n');
+            process.exit(1);
+            return;
+        }
         case 'share': {
             const yes = rest.includes('--yes') || rest.includes('-y');
             const openAfter = rest.includes('--open');

package/dist/share.js CHANGED Viewed

@@ -1,3 +1,4 @@
+import { gzipSync } from 'node:zlib';
 /** Strip the local id; events are already redacted at capture time. */
 export function buildSharePayload(run) {
     return { run: { cwd: run.cwd, startedAt: run.startedAt, events: run.events } };
@@ -14,12 +15,15 @@ export class PublishError extends Error {
         this.name = 'PublishError';
     }
 }
-export async function publish(payload, endpoint) {
-    const res = await fetch(endpoint, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify(payload),
-    });
+export async function publish(payload, endpoint, opts = {}) {
+    // Gzip the JSON body: ~5-10x smaller for typical sessions, comfortably fits
+    // the worker's 4 MB cap even for combined multi-day windows.
+    const raw = JSON.stringify(payload);
+    const gz = gzipSync(raw);
+    const headers = { 'Content-Type': 'application/json', 'Content-Encoding': 'gzip' };
+    if (opts.token)
+        headers.Authorization = `Bearer ${opts.token}`;
+    const res = await fetch(endpoint, { method: 'POST', headers, body: gz });
     if (!res.ok)
         throw new PublishError(res.status);
     return (await res.json());

package/dist/ui.js ADDED Viewed

@@ -0,0 +1,63 @@
+// Tiny inline ANSI + box helper. No deps — chalk/ora would balloon the install
+// and clash with the "npx and forget" wedge. One place that decides when to
+// down-grade to plain `sickr: ...` lines: noColor() — NO_COLOR / CI / non-TTY /
+// dumb terminals / legacy cmd.exe. Every other code path goes through ui.enabled().
+//
+// Brand: Sickr wordmark cyan (51), plasma accent magenta (201), dim chrome
+// gray (240/245), values bright white (255), amber (214) for anon-link
+// urgency, green (42) for the redacted check. Matches the existing /r/<id>
+// dark/plasma palette without hard-coding hex (terminals translate 256-color).
+const ESC = '\x1b[';
+function isStdoutTTY() {
+    return process.stdout && typeof process.stdout.isTTY === 'boolean' && process.stdout.isTTY;
+}
+function noColor() {
+    if (process.env.NO_COLOR != null || process.env.SICKR_NO_COLOR != null)
+        return true;
+    if (process.env.CI === 'true')
+        return true;
+    if (process.env.TERM === 'dumb')
+        return true;
+    // Legacy cmd.exe: claims TTY but mangles 256-color SGR. Modern Windows
+    // Terminal sets WT_SESSION; VS Code sets TERM_PROGRAM; both safe.
+    if (process.platform === 'win32' && !process.env.WT_SESSION && !process.env.TERM_PROGRAM)
+        return true;
+    return !isStdoutTTY();
+}
+const c = (code) => (s) => noColor() ? s : `${ESC}${code}m${s}${ESC}0m`;
+const c256 = (n) => (s) => noColor() ? s : `${ESC}38;5;${n}m${s}${ESC}0m`;
+export const ui = {
+    enabled() { return !noColor(); },
+    bold: c(1),
+    dim: c256(245),
+    border: c256(240),
+    brand: c256(51), // cyan — Sickr wordmark
+    accent: c256(201), // magenta — plasma glyphs / Pro tag
+    ok: c256(42), // green — redacted check
+    warn: c256(214), // amber — anon-link urgency
+    white: c256(255),
+    underline(s) { return noColor() ? s : `${ESC}4m${s}${ESC}24m`; },
+    glyph: { tip: '▸', check: '✓', tag: '⌗' },
+};
+function stripAnsi(s) { return s.replace(/\x1b\[[0-9;]*m/g, ''); }
+/** "label   value" with the label dim-gray padded to a fixed column. */
+export function kv(label, value, labelWidth = 10) {
+    return ui.dim(label.padEnd(labelWidth)) + value;
+}
+/** Render a Sickr-titled box around pre-formatted rows. Caller should gate on
+ *  ui.enabled() — in plain mode emit `sickr: ...` lines directly instead. */
+export function card(title, rows) {
+    const widths = rows.map((r) => stripAnsi(r).length);
+    const inner = Math.max(56, ...widths) + 2; // +2 = one space pad each side inside the border
+    const dash = (n) => '─'.repeat(Math.max(1, n));
+    // Title bar: "╭─ sickr ─ <title> ─────────╮"
+    const titleTextLen = 'sickr '.length + 2 + title.length + 1; // "sickr " + "─ " + title + " "
+    const tailLen = Math.max(1, inner - titleTextLen - 1);
+    const top = ui.border('╭─ ') + ui.brand(ui.bold('sickr')) + ui.border(' ─ ') + ui.dim(title) + ' ' + ui.border(dash(tailLen) + '╮');
+    const bot = ui.border('╰' + dash(inner) + '╯');
+    const body = rows.map((r, i) => {
+        const pad = ' '.repeat(Math.max(0, inner - widths[i] - 2));
+        return ui.border('│ ') + r + pad + ui.border(' │');
+    }).join('\n');
+    return `${top}\n${body}\n${bot}\n`;
+}

package/package.json CHANGED Viewed

@@ -1,21 +1,21 @@
-{
-  "name": "@sickr/replay",
-  "version": "0.6.0",
-  "type": "module",
-  "description": "npx @sickr/replay — local Claude Code audit + one-click share. The free wedge into SICKR.",
-  "bin": { "replay": "dist/cli.js" },
-  "files": ["dist"],
-  "publishConfig": { "access": "public" },
-  "scripts": {
-    "build": "tsc",
-    "test": "vitest run",
-    "dev": "tsc -w"
-  },
-  "engines": { "node": ">=20" },
-  "license": "UNLICENSED",
-  "devDependencies": {
-    "@types/node": "^20.14.0",
-    "typescript": "^5.6.2",
-    "vitest": "^2.1.1"
-  }
-}
+{
+  "name": "@sickr/replay",
+  "version": "0.8.0",
+  "type": "module",
+  "description": "npx @sickr/replay — local Claude Code audit + one-click share. The free wedge into SICKR.",
+  "bin": { "replay": "dist/cli.js", "sickr": "dist/cli.js" },
+  "files": ["dist"],
+  "publishConfig": { "access": "public" },
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "dev": "tsc -w"
+  },
+  "engines": { "node": ">=20" },
+  "license": "UNLICENSED",
+  "devDependencies": {
+    "@types/node": "^20.14.0",
+    "typescript": "^5.6.2",
+    "vitest": "^2.1.1"
+  }
+}