@sickr/replay 0.7.0 → 0.9.0-beta.1

package/dist/cli.js

@@ -9,9 +9,10 @@ import { mergeHooks, removeHooks } from './hookConfig.js';
 import { renderRunHtml, renderCombinedHtml } from './render.js';
 import { buildSharePayload, buildCombinedPayload, publish, PublishError } from './share.js';
 import { readCredentials, writeCredentials, clearCredentials, startDevice, pollDevice, sleep } from './auth.js';
+import { ui, card, kv } from './ui.js';
 import { AGENT_API_URL, clearAgentCredentials, disconnectAgent, fetchAgentStatus, pollAgentConnect, readAgentCredentials, rotateAgentKey, startAgentConnect, writeAgentCredentials, } from './agentAuth.js';
 const REPLAY_ENDPOINT = process.env.SICKR_REPLAY_ENDPOINT ?? 'https://sickr.ai/api/replay';
-const COMMANDS = ['init', 'record', 'open', 'list', 'share', 'stop', 'clear', 'login', 'logout', 'whoami', 'agent', 'help'];
+const COMMANDS = ['init', 'record', 'open', 'list', 'share', 'stop', 'clear', 'login', 'logout', 'whoami', 'agent', 'live', 'help'];
 export function parseCommand(argv) {
     const c = argv[0];
     return c && COMMANDS.includes(c) ? c : null;
@@ -54,6 +55,13 @@ Commands:
   logout         Forget the local login. Server-side session stays valid until
                  it expires; revoke from your account page if needed.
   whoami         Show who you're logged in as.
+  live           Replay Pro: stream the current session to sickr.ai/r/<your-link>
+                 in real time. Requires \`login\` and Replay Pro entitlement.
+                   replay live            start the sidecar (foreground; ^C exits)
+                   replay live status     show pid + connection state
+                   replay live stop       stop the sidecar
+                 While running, steer messages from the watching browser are
+                 saved to ~/.sickr/inbox/<urlid>.md and printed in your terminal.
   agent connect --agent-id <id>
                  Connect this machine to a configured SICKR agent using GitHub
                  browser approval. Stores the agent key in ~/.sickr/agent.json.
@@ -388,7 +396,43 @@ async function publishWithRetry(payload) {
         throw err;
     }
 }
-function expiryLine(ttl_days) {
+function expiryCopy(ttl_days) {
+    if (ttl_days >= 30)
+        return {
+            kind: 'pro',
+            value: `${ttl_days} days`,
+            tag: 'Replay Pro',
+            footer: [],
+        };
+    if (ttl_days >= 2)
+        return {
+            kind: 'authed',
+            value: `in ${ttl_days} days`,
+            tag: 'signed-in link',
+            footer: ['re-share before it expires to roll the window forward.'],
+        };
+    return {
+        kind: 'anon',
+        value: 'in 24h',
+        tag: 'anon link',
+        footer: [
+            'run `npx @sickr/replay login` to extend new links to 7 days.',
+            'Replay Pro (live + remote) — early access, rolling cohorts:',
+            '  https://sickr.ai/#waitlist',
+        ],
+    };
+}
+function expiryValueStyled(e) {
+    if (e.kind === 'anon')
+        return ui.warn(e.value) + '   ' + ui.dim(ui.glyph.tag + ' ' + e.tag);
+    if (e.kind === 'pro')
+        return ui.brand(e.value) + '   ' + ui.accent(ui.bold(ui.glyph.tag + ' ' + e.tag));
+    return ui.brand(e.value) + '   ' + ui.dim(ui.glyph.tag + ' ' + e.tag);
+}
+function tipLine(text) {
+    return '  ' + ui.accent(ui.glyph.tip) + ' ' + ui.dim(text) + '\n';
+}
+function legacyExpiryLine(ttl_days) {
     if (ttl_days >= 30)
         return `sickr: this link is live for ${ttl_days} days (Replay Pro retention).\n`;
     if (ttl_days >= 2)
@@ -402,13 +446,44 @@ async function handleShare(runId, yes, open) {
         process.exit(1);
         return;
     }
-    const payload = buildSharePayload(loadRun(id));
-    process.stdout.write(`sickr: about to publish run "${id}" (${payload.run.events.length} events, secrets already redacted) to ${REPLAY_ENDPOINT}\n` +
-        `sickr: tip — run \`npx @sickr/replay open ${id}\` to review the full timeline locally before sharing.\n`);
+    const run = loadRun(id);
+    const payload = buildSharePayload(run);
+    const agentSet = Array.from(new Set(run.events.map((e) => e.label).filter((a) => a && a !== '—' && a !== 'Response')));
+    const agent = agentSet.length ? agentSet.join(', ') : 'Agent';
+    const target = REPLAY_ENDPOINT.replace(/^https?:\/\//, '');
+    if (ui.enabled()) {
+        process.stdout.write(card('publish preview', [
+            kv('run', ui.white(id)),
+            kv('agent', ui.white(agent)),
+            kv('events', ui.white(String(payload.run.events.length))),
+            kv('secrets', `redacted ${ui.ok(ui.glyph.check)}`),
+            kv('target', ui.white(target)),
+        ]));
+        process.stdout.write(tipLine(`run \`npx @sickr/replay open ${id}\` to review locally first.`));
+        process.stdout.write('\n');
+    }
+    else {
+        process.stdout.write(`sickr: about to publish run "${id}" (${payload.run.events.length} events, secrets already redacted) to ${REPLAY_ENDPOINT}\n` +
+            `sickr: tip — run \`npx @sickr/replay open ${id}\` to review the full timeline locally before sharing.\n`);
+    }
     if (!(await confirmPublish(yes, 'this run')))
         return;
     const { url, ttl_days } = await publishWithRetry(payload);
-    process.stdout.write(`sickr: published → ${url}\n${expiryLine(ttl_days)}sickr: Replay Pro (live + remote) — early access, rolling out in cohorts → https://sickr.ai/#waitlist\n`);
+    const exp = expiryCopy(ttl_days);
+    if (ui.enabled()) {
+        process.stdout.write(card('published', [
+            kv('url', ui.underline(ui.white(url))),
+            kv('run', ui.white(`${id} · ${payload.run.events.length} events`)),
+            kv(exp.kind === 'pro' ? 'retention' : 'expires', expiryValueStyled(exp)),
+        ]));
+        for (const line of exp.footer)
+            process.stdout.write(tipLine(line));
+    }
+    else {
+        process.stdout.write(`sickr: published → ${url}\n` +
+            legacyExpiryLine(ttl_days) +
+            (exp.kind === 'anon' ? `sickr: Replay Pro (live + remote) — early access, rolling out in cohorts → https://sickr.ai/#waitlist\n` : ''));
+    }
     if (open)
         openInBrowser(url);
 }
@@ -422,14 +497,46 @@ async function handleShareCombined(sel, yes, open) {
         return;
     }
     const turns = runs.reduce((n, r) => n + r.events.filter((e) => e.kind === 'prompt').length, 0);
-    const agents = Array.from(new Set(runs.map((r) => r.agent))).join(', ');
+    // Drop the placeholder dash that runSummary returns when an agent label is
+    // missing — otherwise the join produces "across —, Codex, Claude".
+    const agentSet = Array.from(new Set(runs.map((r) => r.agent).filter((a) => a && a !== '—')));
+    const agents = agentSet.length ? agentSet.join(', ') : 'Agent';
     const payload = buildCombinedPayload(runs, sel.label);
-    process.stdout.write(`sickr: about to publish a combined replay (${sel.label}) — ${runs.length} runs, ~${turns} turns across ${agents}, secrets already redacted, to ${REPLAY_ENDPOINT}\n` +
-        `sickr: tip — run the matching \`open\` window to review locally before sharing.\n`);
+    const target = REPLAY_ENDPOINT.replace(/^https?:\/\//, '');
+    if (ui.enabled()) {
+        process.stdout.write(card('publish preview', [
+            kv('scope', ui.white(sel.label)),
+            kv('runs', ui.white(String(runs.length))),
+            kv('turns', ui.white(`~${turns}`)),
+            kv('agents', ui.white(agents)),
+            kv('secrets', `redacted ${ui.ok(ui.glyph.check)}`),
+            kv('target', ui.white(target)),
+        ]));
+        process.stdout.write(tipLine('run the matching `open` window to review locally first.'));
+        process.stdout.write('\n');
+    }
+    else {
+        process.stdout.write(`sickr: about to publish a combined replay (${sel.label}) — ${runs.length} runs, ~${turns} turns across ${agents}, secrets already redacted, to ${REPLAY_ENDPOINT}\n` +
+            `sickr: tip — run the matching \`open\` window to review locally before sharing.\n`);
+    }
     if (!(await confirmPublish(yes, 'this combined replay')))
         return;
     const { url, ttl_days } = await publishWithRetry(payload);
-    process.stdout.write(`sickr: published → ${url}\n${expiryLine(ttl_days)}sickr: Replay Pro (live + remote) — early access, rolling out in cohorts → https://sickr.ai/#waitlist\n`);
+    const exp = expiryCopy(ttl_days);
+    if (ui.enabled()) {
+        process.stdout.write(card('published', [
+            kv('url', ui.underline(ui.white(url))),
+            kv('scope', ui.white(`${sel.label} · ${runs.length} runs · ~${turns} turns`)),
+            kv(exp.kind === 'pro' ? 'retention' : 'expires', expiryValueStyled(exp)),
+        ]));
+        for (const line of exp.footer)
+            process.stdout.write(tipLine(line));
+    }
+    else {
+        process.stdout.write(`sickr: published → ${url}\n` +
+            legacyExpiryLine(ttl_days) +
+            (exp.kind === 'anon' ? `sickr: Replay Pro (live + remote) — early access, rolling out in cohorts → https://sickr.ai/#waitlist\n` : ''));
+    }
     if (open)
         openInBrowser(url);
 }
@@ -754,6 +861,22 @@ async function main() {
             process.exit(1);
             return;
         }
+        case 'live': {
+            const sub = rest[0];
+            const { startLive, stopLive, liveStatus } = await import('./live.js');
+            if (sub === 'stop') {
+                stopLive();
+                return;
+            }
+            if (sub === 'status') {
+                liveStatus();
+                return;
+            }
+            // default: start (foreground)
+            const opts = { verbose: rest.includes('--verbose') || rest.includes('-v'), background: rest.includes('--background') };
+            await startLive(opts);
+            return;
+        }
         case 'share': {
             const yes = rest.includes('--yes') || rest.includes('-y');
             const openAfter = rest.includes('--open');

package/dist/live.js

@@ -0,0 +1,307 @@
+// `replay live` sidecar — keeps a WebSocket open to sickr-live-service,
+// tails ~/.sickr/runs/*.ndjson for new lines, pushes each line as an event,
+// and writes received steer messages into ~/.sickr/inbox/<urlid>.md so the
+// operator can paste them into their agent's prompt box.
+//
+// Design constraints:
+//   - Hooks MUST stay zero-network. The sidecar is the only network party.
+//     If the sidecar dies, recording still works locally; the operator can
+//     `share` post-session as usual.
+//   - One sidecar per machine. A pid-file in ~/.sickr/live.pid prevents
+//     accidental double-start.
+//   - Auto-reconnect with exponential backoff. The WS will drop on Wi-Fi
+//     changes / sleep; we don't want the operator to babysit it.
+//   - 3-concurrent-agent quota enforced client-side. Server enforces too,
+//     but local enforcement is friendlier (no in-flight rejection).
+//
+// SICKR_LIVE_URL env var lets us point at a dev Worker for testing.
+import { readFileSync, writeFileSync, appendFileSync, mkdirSync, existsSync, readdirSync, statSync, openSync, readSync, closeSync, unlinkSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { setTimeout as sleep } from 'node:timers/promises';
+import { readCredentials } from './auth.js';
+import { runsDir } from './recorder.js';
+export const LIVE_BASE = (process.env.SICKR_LIVE_URL ?? 'https://sickr-live-service.arifmanasiya.workers.dev').replace(/\/+$/, '');
+function pidPath() { return join(homedir(), '.sickr', 'live.pid'); }
+function inboxDir() { return join(homedir(), '.sickr', 'inbox'); }
+function offsetsPath() { return join(homedir(), '.sickr', 'live-offsets.json'); }
+function readOffsets() {
+    try {
+        return JSON.parse(readFileSync(offsetsPath(), 'utf8'));
+    }
+    catch {
+        return {};
+    }
+}
+function writeOffsets(o) {
+    mkdirSync(join(homedir(), '.sickr'), { recursive: true });
+    writeFileSync(offsetsPath(), JSON.stringify(o, null, 2));
+}
+/** Read bytes [from..size) of a file. Returns lines as strings. */
+function tailFrom(path, from) {
+    const size = statSync(path).size;
+    if (size <= from)
+        return { lines: [], newOffset: from };
+    const fd = openSync(path, 'r');
+    try {
+        const len = size - from;
+        const buf = Buffer.alloc(len);
+        readSync(fd, buf, 0, len, from);
+        const chunk = buf.toString('utf8');
+        // The last newline-delimited line might be partial — only consume complete lines.
+        const lastNl = chunk.lastIndexOf('\n');
+        if (lastNl < 0)
+            return { lines: [], newOffset: from };
+        const complete = chunk.slice(0, lastNl);
+        const lines = complete.split('\n').filter(Boolean);
+        return { lines, newOffset: from + lastNl + 1 };
+    }
+    finally {
+        closeSync(fd);
+    }
+}
+/** UTC date YYYY-MM-DD — matches the server's urlid formula. */
+function utcDate(now = new Date()) { return now.toISOString().slice(0, 10); }
+/** Compute the deterministic urlid for the current user + day.
+ *  Matches sickr-ui's /api/replay and sickr-live-service's auth helper. */
+async function computeUrlid(creds, dayHint) {
+    // The CLI doesn't know URLID_SECRET — we don't ship it client-side.
+    // Instead the CLI asks the server for the current urlid via /snapshot
+    // self-resolution: the server computes urlid from session+date and returns
+    // it. For the bootstrap we use a thin GET to the live service.
+    const day = dayHint ?? utcDate();
+    // The /resolve endpoint isn't part of the spec yet — fall back to asking
+    // the snapshot endpoint for the "auto" urlid. To keep this self-contained,
+    // we'll add a server-side /resolve endpoint mirror; see TODO below.
+    // For now the urlid is hashed locally if SICKR_URLID_SECRET is in env (dev path).
+    const secret = process.env.SICKR_URLID_SECRET;
+    if (secret) {
+        const { createHash } = await import('node:crypto');
+        return createHash('sha256').update(`urlid|${secret}|${creds.github_user_id}|${day}`).digest('hex').slice(0, 10);
+    }
+    // Production path: ask the server.
+    const r = await fetch(`${LIVE_BASE}/resolve?date=${encodeURIComponent(day)}`, {
+        headers: { Authorization: `Bearer ${creds.token}` },
+    });
+    if (!r.ok)
+        throw new Error(`resolve_failed: ${r.status}`);
+    const j = await r.json();
+    if (!j.urlid)
+        throw new Error('resolve_no_urlid');
+    return j.urlid;
+}
+/** Append a steer line to the per-urlid inbox markdown file. */
+function appendInbox(urlid, text, at) {
+    const dir = inboxDir();
+    mkdirSync(dir, { recursive: true });
+    const file = join(dir, `${urlid}.md`);
+    if (!existsSync(file))
+        writeFileSync(file, `# steer inbox — ${urlid}\n\n`);
+    appendFileSync(file, `\n## ${at}\n\n${text}\n`);
+}
+export async function startLive(opts = {}) {
+    const creds = readCredentials();
+    if (!creds) {
+        process.stderr.write('sickr: not signed in. Run `npx @sickr/replay login` first.\n');
+        process.exit(2);
+    }
+    if (existsSync(pidPath())) {
+        const pid = Number(readFileSync(pidPath(), 'utf8').trim());
+        if (pid && isAlive(pid)) {
+            process.stderr.write(`sickr: live sidecar already running (pid ${pid}). Run \`replay live stop\` first.\n`);
+            process.exit(3);
+        }
+        // Stale pid file from a previous crash.
+        try {
+            unlinkSync(pidPath());
+        }
+        catch { /* ignore */ }
+    }
+    mkdirSync(join(homedir(), '.sickr'), { recursive: true });
+    writeFileSync(pidPath(), String(process.pid));
+    process.on('SIGINT', () => { try {
+        unlinkSync(pidPath());
+    }
+    catch { /**/ } process.exit(0); });
+    process.on('SIGTERM', () => { try {
+        unlinkSync(pidPath());
+    }
+    catch { /**/ } process.exit(0); });
+    if (opts.background) {
+        process.stderr.write('sickr: --background not implemented yet in this build; running foreground.\n');
+    }
+    // Resolve today's urlid up-front so we fail fast on auth / config.
+    let urlid;
+    try {
+        urlid = await computeUrlid(creds);
+    }
+    catch (e) {
+        process.stderr.write(`sickr: couldn't resolve live url (${e.message}). Replay Pro required.\n`);
+        try {
+            unlinkSync(pidPath());
+        }
+        catch { /* ignore */ }
+        process.exit(4);
+    }
+    process.stdout.write(`sickr: live mode active. Watch at: https://sickr.ai/r/${urlid}\n`);
+    process.stdout.write(`       events flow as your agent works. Press ^C to stop.\n`);
+    process.stdout.write(`       steer messages will appear in ~/.sickr/inbox/${urlid}.md\n\n`);
+    await runLoop(creds, urlid, opts);
+}
+/** Main loop: WS reconnect + NDJSON tail polling. Never returns. */
+async function runLoop(creds, urlid, opts) {
+    let backoff = 1000;
+    for (;;) {
+        try {
+            await sessionLoop(creds, urlid, opts);
+            backoff = 1000; // graceful end — reset backoff
+        }
+        catch (e) {
+            if (opts.verbose)
+                process.stderr.write(`sickr: live disconnect: ${e.message}; reconnecting in ${backoff}ms\n`);
+            await sleep(backoff);
+            backoff = Math.min(backoff * 2, 30_000);
+        }
+    }
+}
+async function sessionLoop(creds, urlid, opts) {
+    const wsUrl = `${LIVE_BASE.replace(/^http/, 'ws')}/ws/${urlid}?role=pusher`;
+    // Use the `ws` npm module — node:WebSocket doesn't accept custom headers
+    // (it follows the browser constructor signature) and we need to pass the
+    // Bearer token via Authorization, not a URL query param (which would land
+    // in CF access logs unencrypted).
+    const WS = await loadWsShim();
+    const ws = new WS(wsUrl, { headers: { Authorization: `Bearer ${creds.token}` } });
+    await new Promise((resolve, reject) => {
+        let opened = false;
+        const offsets = readOffsets();
+        let tailTimer = null;
+        ws.addEventListener('open', () => {
+            opened = true;
+            if (opts.verbose)
+                process.stderr.write('sickr: live WS connected\n');
+            tailTimer = setInterval(() => pumpNewLines(ws, offsets, opts), 500);
+        });
+        ws.addEventListener('message', (ev) => {
+            let m;
+            try {
+                m = JSON.parse(typeof ev.data === 'string' ? ev.data : '{}');
+            }
+            catch {
+                return;
+            }
+            if (m.kind === 'steer' && m.text) {
+                const at = m.at ?? new Date().toISOString();
+                appendInbox(urlid, m.text, at);
+                process.stderr.write(`\n▸ steer from viewer @ ${at}\n  ${m.text.split('\n').join('\n  ')}\n  (saved to ~/.sickr/inbox/${urlid}.md)\n\n`);
+                if (m.id) {
+                    try {
+                        ws.send(JSON.stringify({ kind: 'inbox_ack', message_ids: [m.id] }));
+                    }
+                    catch { /* will retry on reconnect */ }
+                }
+            }
+            else if (m.kind === 'watcher_state') {
+                // Quiet — could log "viewer connected/left".
+            }
+        });
+        ws.addEventListener('close', (ev) => {
+            if (tailTimer)
+                clearInterval(tailTimer);
+            if (!opened)
+                reject(new Error(`close_before_open code=${ev.code}`));
+            else
+                resolve(); // normal close → outer loop reconnects with reset backoff
+        });
+        ws.addEventListener('error', (ev) => {
+            if (tailTimer)
+                clearInterval(tailTimer);
+            reject(new Error('ws_error' + (('message' in ev) ? `: ${ev.message ?? ''}` : '')));
+        });
+    });
+}
+/** Read any new lines from each NDJSON in runs/, push them as events. */
+function pumpNewLines(ws, offsets, opts) {
+    const dir = runsDir();
+    if (!existsSync(dir))
+        return;
+    const files = readdirSync(dir).filter((f) => f.endsWith('.ndjson'));
+    for (const f of files) {
+        const runId = f.replace(/\.ndjson$/, '');
+        const path = join(dir, f);
+        const from = offsets[runId] ?? statSync(path).size; // first sighting: start at EOF, don't replay history
+        let result;
+        try {
+            result = tailFrom(path, from);
+        }
+        catch {
+            continue;
+        }
+        if (result.lines.length === 0) {
+            if (offsets[runId] === undefined)
+                offsets[runId] = from;
+            continue;
+        }
+        for (const line of result.lines) {
+            try {
+                const event = JSON.parse(line);
+                ws.send(JSON.stringify({ kind: 'event', event }));
+            }
+            catch (e) {
+                if (opts.verbose)
+                    process.stderr.write(`sickr: skipped malformed event line (${e.message})\n`);
+            }
+        }
+        offsets[runId] = result.newOffset;
+    }
+    writeOffsets(offsets);
+}
+function isAlive(pid) {
+    try {
+        process.kill(pid, 0);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+async function loadWsShim() {
+    try {
+        const mod = await import('ws');
+        return (mod.default ?? mod.WebSocket);
+    }
+    catch {
+        throw new Error('Missing optional dep `ws`. Install with: `npm i -g ws` (or `npm i ws` in your project).');
+    }
+}
+export function stopLive() {
+    if (!existsSync(pidPath())) {
+        process.stdout.write('sickr: no live sidecar running.\n');
+        return;
+    }
+    const pid = Number(readFileSync(pidPath(), 'utf8').trim());
+    if (!pid) {
+        try {
+            unlinkSync(pidPath());
+        }
+        catch { /**/ }
+        return;
+    }
+    try {
+        process.kill(pid, 'SIGTERM');
+    }
+    catch { /* already gone */ }
+    try {
+        unlinkSync(pidPath());
+    }
+    catch { /* ignore */ }
+    process.stdout.write(`sickr: stopped live sidecar (pid ${pid}).\n`);
+}
+export function liveStatus() {
+    if (!existsSync(pidPath())) {
+        process.stdout.write('sickr: live not running.\n');
+        return;
+    }
+    const pid = Number(readFileSync(pidPath(), 'utf8').trim());
+    process.stdout.write(`sickr: live sidecar pid=${pid} alive=${pid ? isAlive(pid) : false}\n`);
+}

package/dist/ui.js

@@ -0,0 +1,63 @@
+// Tiny inline ANSI + box helper. No deps — chalk/ora would balloon the install
+// and clash with the "npx and forget" wedge. One place that decides when to
+// down-grade to plain `sickr: ...` lines: noColor() — NO_COLOR / CI / non-TTY /
+// dumb terminals / legacy cmd.exe. Every other code path goes through ui.enabled().
+//
+// Brand: Sickr wordmark cyan (51), plasma accent magenta (201), dim chrome
+// gray (240/245), values bright white (255), amber (214) for anon-link
+// urgency, green (42) for the redacted check. Matches the existing /r/<id>
+// dark/plasma palette without hard-coding hex (terminals translate 256-color).
+const ESC = '\x1b[';
+function isStdoutTTY() {
+    return process.stdout && typeof process.stdout.isTTY === 'boolean' && process.stdout.isTTY;
+}
+function noColor() {
+    if (process.env.NO_COLOR != null || process.env.SICKR_NO_COLOR != null)
+        return true;
+    if (process.env.CI === 'true')
+        return true;
+    if (process.env.TERM === 'dumb')
+        return true;
+    // Legacy cmd.exe: claims TTY but mangles 256-color SGR. Modern Windows
+    // Terminal sets WT_SESSION; VS Code sets TERM_PROGRAM; both safe.
+    if (process.platform === 'win32' && !process.env.WT_SESSION && !process.env.TERM_PROGRAM)
+        return true;
+    return !isStdoutTTY();
+}
+const c = (code) => (s) => noColor() ? s : `${ESC}${code}m${s}${ESC}0m`;
+const c256 = (n) => (s) => noColor() ? s : `${ESC}38;5;${n}m${s}${ESC}0m`;
+export const ui = {
+    enabled() { return !noColor(); },
+    bold: c(1),
+    dim: c256(245),
+    border: c256(240),
+    brand: c256(51), // cyan — Sickr wordmark
+    accent: c256(201), // magenta — plasma glyphs / Pro tag
+    ok: c256(42), // green — redacted check
+    warn: c256(214), // amber — anon-link urgency
+    white: c256(255),
+    underline(s) { return noColor() ? s : `${ESC}4m${s}${ESC}24m`; },
+    glyph: { tip: '▸', check: '✓', tag: '⌗' },
+};
+function stripAnsi(s) { return s.replace(/\x1b\[[0-9;]*m/g, ''); }
+/** "label   value" with the label dim-gray padded to a fixed column. */
+export function kv(label, value, labelWidth = 10) {
+    return ui.dim(label.padEnd(labelWidth)) + value;
+}
+/** Render a Sickr-titled box around pre-formatted rows. Caller should gate on
+ *  ui.enabled() — in plain mode emit `sickr: ...` lines directly instead. */
+export function card(title, rows) {
+    const widths = rows.map((r) => stripAnsi(r).length);
+    const inner = Math.max(56, ...widths) + 2; // +2 = one space pad each side inside the border
+    const dash = (n) => '─'.repeat(Math.max(1, n));
+    // Title bar: "╭─ sickr ─ <title> ─────────╮"
+    const titleTextLen = 'sickr '.length + 2 + title.length + 1; // "sickr " + "─ " + title + " "
+    const tailLen = Math.max(1, inner - titleTextLen - 1);
+    const top = ui.border('╭─ ') + ui.brand(ui.bold('sickr')) + ui.border(' ─ ') + ui.dim(title) + ' ' + ui.border(dash(tailLen) + '╮');
+    const bot = ui.border('╰' + dash(inner) + '╯');
+    const body = rows.map((r, i) => {
+        const pad = ' '.repeat(Math.max(0, inner - widths[i] - 2));
+        return ui.border('│ ') + r + pad + ui.border(' │');
+    }).join('\n');
+    return `${top}\n${body}\n${bot}\n`;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sickr/replay",
-  "version": "0.7.0",
+  "version": "0.9.0-beta.1",
   "type": "module",
   "description": "npx @sickr/replay — local Claude Code audit + one-click share. The free wedge into SICKR.",
   "bin": { "replay": "dist/cli.js", "sickr": "dist/cli.js" },