npm - @strideops/bridge - Versions diffs - 0.1.1 - Mend

@strideops/bridge 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/LICENSES/cortex-os.txt +21 -0
package/README.md +98 -0
package/dist/autostart-77BPPTEG.js +78 -0
package/dist/autostart-77BPPTEG.js.map +1 -0
package/dist/chunk-GBLMB3XB.js +95 -0
package/dist/chunk-GBLMB3XB.js.map +1 -0
package/dist/cli.js +1023 -0
package/dist/cli.js.map +1 -0
package/package.json +32 -0

package/dist/cli.js ADDED Viewed

@@ -0,0 +1,1023 @@
+#!/usr/bin/env node
+import { requireConfig, log, readConfig, CONFIG_PATH, isConfigured, writeConfig, logError, logWarn, readJsonSafe, PENDING_REPORTS_PATH, AGENTS_DIR, writeJsonAtomic } from './chunk-GBLMB3XB.js';
+import { Command } from 'commander';
+import { homedir, cpus, totalmem, release, platform, arch, hostname } from 'os';
+import { join, dirname } from 'path';
+import { existsSync, mkdirSync, accessSync, constants, writeFileSync, chmodSync } from 'fs';
+import { execSync, spawn } from 'child_process';
+// src/version.ts
+var VERSION = "0.1.0";
+async function runPair(pairingCode, apiBaseUrl) {
+  const url = `${apiBaseUrl.replace(/\/$/, "")}/api/bridge/v1/pair`;
+  log(`Pairing with ${apiBaseUrl} ...`);
+  const cpuCount = cpus().length;
+  const totalMemMb = Math.round(totalmem() / 1024 / 1024);
+  const payload = {
+    pairingCode,
+    daemonVersion: VERSION,
+    machineInfo: {
+      hostname: hostname(),
+      platform: platform(),
+      arch: arch(),
+      cpus: cpuCount,
+      totalMemMb
+    },
+    osInfo: {
+      platform: platform(),
+      release: release()
+    }
+  };
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), 15e3);
+  let res;
+  try {
+    res = await fetch(url, {
+      method: "POST",
+      signal: controller.signal,
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(payload)
+    });
+  } catch (err) {
+    clearTimeout(timer);
+    if (err instanceof Error && err.name === "AbortError") {
+      console.error("[stride-bridge] Pairing request timed out. Check your connection.");
+      process.exit(1);
+    }
+    console.error(
+      `[stride-bridge] Network error during pairing: ${err instanceof Error ? err.message : String(err)}`
+    );
+    process.exit(1);
+  } finally {
+    clearTimeout(timer);
+  }
+  let body;
+  try {
+    body = await res.json();
+  } catch {
+    console.error(
+      `[stride-bridge] Failed to parse pairing response (HTTP ${res.status}).`
+    );
+    process.exit(1);
+  }
+  if (!res.ok || !body.success || !body.data) {
+    console.error(
+      `[stride-bridge] Pairing failed: ${body.error ?? `HTTP ${res.status}`}`
+    );
+    process.exit(1);
+  }
+  const { bridgeId, orgId, name, authMode, bridgeToken } = body.data;
+  writeConfig({
+    apiBaseUrl,
+    bridgeToken,
+    bridgeId,
+    orgId,
+    bridgeName: name,
+    authMode
+  });
+  console.log(`[stride-bridge] Connected successfully!`);
+  console.log(`  Bridge name : ${name}`);
+  console.log(`  Bridge ID   : ${bridgeId}`);
+  console.log(`  Org ID      : ${orgId}`);
+  console.log(`  Auth mode   : ${authMode}`);
+  console.log(`  Config      : ~/.stride-bridge/config.json`);
+  console.log();
+  console.log(`Run \`stride-bridge start\` to begin accepting work.`);
+}
+// src/api.ts
+var REQUEST_TIMEOUT_MS = 1e4;
+var ApiError = class extends Error {
+  constructor(status, message) {
+    super(message);
+    this.status = status;
+    this.name = "ApiError";
+  }
+  status;
+};
+async function authedFetch(config, path, init = {}) {
+  const url = `${config.apiBaseUrl.replace(/\/$/, "")}${path}`;
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
+  let res;
+  try {
+    res = await fetch(url, {
+      ...init,
+      signal: controller.signal,
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${config.bridgeToken}`,
+        ...init.headers
+      }
+    });
+  } catch (err) {
+    clearTimeout(timer);
+    if (err instanceof Error && err.name === "AbortError") {
+      throw new ApiError(null, `Request timed out after ${REQUEST_TIMEOUT_MS}ms: ${path}`);
+    }
+    throw new ApiError(null, `Network error: ${err instanceof Error ? err.message : String(err)}`);
+  } finally {
+    clearTimeout(timer);
+  }
+  let body;
+  try {
+    body = await res.json();
+  } catch {
+    throw new ApiError(res.status, `Failed to parse JSON response from ${path} (HTTP ${res.status})`);
+  }
+  if (!res.ok || !body.success) {
+    throw new ApiError(
+      res.status,
+      body.error ?? `API error from ${path} (HTTP ${res.status})`
+    );
+  }
+  return body.data;
+}
+async function post(config, path, body) {
+  return authedFetch(config, path, {
+    method: "POST",
+    body: JSON.stringify(body)
+  });
+}
+async function get(config, path) {
+  return authedFetch(config, path, { method: "GET" });
+}
+async function postBestEffort(config, path, body) {
+  try {
+    await post(config, path, body);
+  } catch {
+  }
+}
+function buildHookRunnerScript(preToolUseUrl, hookSecret) {
+  return `#!/usr/bin/env node
+// Auto-generated by stride-bridge. Do not edit.
+// Signed PreToolUse hook runner for Stride Build agents.
+// HMAC scheme: HMAC-SHA256(timestamp+"\\n"+body) -> hex
+// Headers: x-stride-hook-ts, x-stride-hook-sig
+import { createHmac } from "node:crypto";
+import { readFileSync } from "node:fs";
+const HOOK_SECRET = ${JSON.stringify(hookSecret)};
+const PRE_TOOL_USE_URL = ${JSON.stringify(preToolUseUrl)};
+const TIMEOUT_MS = 8_000;
+function allow() {
+  // No output + exit 0 = allow in Claude Code's hook protocol.
+  process.exit(0);
+}
+async function main() {
+  // Claude Code writes the hook input to stdin as JSON. fd 0 works on
+  // Windows too ("/dev/stdin" does not).
+  let input = {};
+  try {
+    input = JSON.parse(readFileSync(0, "utf-8"));
+  } catch {
+    allow(); // unreadable input \u2014 fail-open
+  }
+  // Transform Claude Code's hook input into the server's PreToolUse schema.
+  const body = JSON.stringify({
+    tool: typeof input.tool_name === "string" && input.tool_name ? input.tool_name : "unknown",
+    args: typeof input.tool_input === "object" && input.tool_input !== null ? input.tool_input : undefined,
+    sessionId: typeof input.session_id === "string" ? input.session_id : undefined,
+  });
+  const ts = Math.floor(Date.now() / 1000).toString();
+  const sig = createHmac("sha256", HOOK_SECRET)
+    .update(ts + "\\n" + body)
+    .digest("hex");
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), TIMEOUT_MS);
+  const res = await fetch(PRE_TOOL_USE_URL, {
+    method: "POST",
+    signal: controller.signal,
+    headers: {
+      "Content-Type": "application/json",
+      "x-stride-hook-ts": ts,
+      "x-stride-hook-sig": sig,
+    },
+    body,
+  });
+  clearTimeout(timer);
+  const decision = await res.json();
+  if (decision && (decision.permissionDecision === "deny" || decision.permissionDecision === "ask")) {
+    // Forward Stride's decision so Claude Code actually blocks the call.
+    process.stdout.write(JSON.stringify({
+      hookSpecificOutput: {
+        hookEventName: "PreToolUse",
+        permissionDecision: decision.permissionDecision,
+        permissionDecisionReason: decision.permissionDecisionReason || "Blocked by Stride policy",
+      },
+    }) + "\\n");
+  }
+  process.exit(0);
+}
+// Fail-open: an unreachable server or unexpected error must never block the agent.
+main().catch(() => allow());
+`;
+}
+function writeAgentHooks(opts) {
+  const { agentId, hookSecret, apiBaseUrl, workspaceDir } = opts;
+  const base = apiBaseUrl.replace(/\/$/, "");
+  const preToolUseUrl = `${base}/api/internal/build/agents/${agentId}/hook/pre-tool-use`;
+  const claudeDir = join(workspaceDir, ".claude");
+  mkdirSync(claudeDir, { recursive: true });
+  const runnerPath = join(claudeDir, "hook-runner.mjs");
+  const runnerContent = buildHookRunnerScript(preToolUseUrl, hookSecret);
+  writeFileSync(runnerPath, runnerContent, { encoding: "utf-8", mode: 448 });
+  if (process.platform !== "win32") {
+    try {
+      chmodSync(runnerPath, 448);
+    } catch {
+    }
+  }
+  const preToolUseCmd = `"${process.execPath}" "${runnerPath}"`;
+  const settingsJson = {
+    hooks: {
+      PreToolUse: [
+        {
+          matcher: ".*",
+          hooks: [
+            {
+              type: "command",
+              command: preToolUseCmd,
+              timeout: 10
+            }
+          ]
+        }
+      ]
+    }
+  };
+  writeJsonAtomic(join(claudeDir, "settings.json"), settingsJson);
+}
+function writeMemorySyncScript(opts) {
+  const { agentId, hookSecret, apiBaseUrl, workspaceDir } = opts;
+  const base = apiBaseUrl.replace(/\/$/, "");
+  const syncUrl = `${base}/api/internal/build/agents/${agentId}/memory/sync`;
+  const script = `#!/usr/bin/env node
+// Auto-generated by stride-bridge. Do not edit.
+// Uploads MEMORY.md + today's daily journal to Stride (HMAC-signed).
+import { createHmac } from "node:crypto";
+import { readFileSync, existsSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+const HOOK_SECRET = ${JSON.stringify(hookSecret)};
+const SYNC_URL = ${JSON.stringify(syncUrl)};
+const workspace = dirname(dirname(fileURLToPath(import.meta.url)));
+const files = [];
+const memoryMd = join(workspace, "MEMORY.md");
+if (existsSync(memoryMd)) {
+  files.push({ type: "learnings", content: readFileSync(memoryMd, "utf-8").slice(0, 50000) });
+}
+const today = new Date().toISOString().slice(0, 10);
+const daily = join(workspace, "memory", today + ".md");
+if (existsSync(daily)) {
+  files.push({ type: "daily", date: today, content: readFileSync(daily, "utf-8").slice(0, 50000) });
+}
+if (files.length === 0) {
+  console.log("memory-sync: nothing to sync");
+  process.exit(0);
+}
+const body = JSON.stringify({ files });
+const ts = Math.floor(Date.now() / 1000).toString();
+const sig = createHmac("sha256", HOOK_SECRET).update(ts + "\\n" + body).digest("hex");
+const res = await fetch(SYNC_URL, {
+  method: "POST",
+  headers: {
+    "Content-Type": "application/json",
+    "x-stride-hook-ts": ts,
+    "x-stride-hook-sig": sig,
+  },
+  body,
+}).catch((err) => ({ ok: false, statusText: String(err) }));
+console.log(res.ok ? \`memory-sync: synced \${files.length} file(s)\` : \`memory-sync: failed (\${res.statusText ?? res.status})\`);
+`;
+  const claudeDir = join(workspaceDir, ".claude");
+  mkdirSync(claudeDir, { recursive: true });
+  writeFileSync(join(claudeDir, "memory-sync.mjs"), script, { encoding: "utf-8", mode: 448 });
+}
+function writeIdentitySyncScript(opts) {
+  const { agentId, hookSecret, apiBaseUrl, workspaceDir } = opts;
+  const base = apiBaseUrl.replace(/\/$/, "");
+  const identityUrl = `${base}/api/internal/build/agents/${agentId}/identity`;
+  const script = `#!/usr/bin/env node
+// Auto-generated by stride-bridge. Do not edit.
+// Uploads identity files + goals to Stride and marks onboarding complete.
+import { createHmac } from "node:crypto";
+import { readFileSync, existsSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+const HOOK_SECRET = ${JSON.stringify(hookSecret)};
+const IDENTITY_URL = ${JSON.stringify(identityUrl)};
+const workspace = dirname(dirname(fileURLToPath(import.meta.url)));
+function readIf(name) {
+  const p = join(workspace, name);
+  return existsSync(p) ? readFileSync(p, "utf-8").slice(0, 20000) : undefined;
+}
+const payload = {
+  soulMd: readIf("SOUL.md"),
+  identityMd: readIf("IDENTITY.md"),
+  userMd: readIf("USER.md"),
+  heartbeatChecklist: readIf("HEARTBEAT.md"),
+  onboardingComplete: true,
+};
+const goalsRaw = readIf("goals.json");
+if (goalsRaw) {
+  try {
+    const parsed = JSON.parse(goalsRaw);
+    if (Array.isArray(parsed.goals)) payload.goals = parsed.goals.slice(0, 5);
+  } catch { /* ignore malformed goals.json */ }
+}
+const body = JSON.stringify(payload);
+const ts = Math.floor(Date.now() / 1000).toString();
+const sig = createHmac("sha256", HOOK_SECRET).update(ts + "\\n" + body).digest("hex");
+const res = await fetch(IDENTITY_URL, {
+  method: "POST",
+  headers: {
+    "Content-Type": "application/json",
+    "x-stride-hook-ts": ts,
+    "x-stride-hook-sig": sig,
+  },
+  body,
+}).catch((err) => ({ ok: false, statusText: String(err) }));
+console.log(res.ok ? "identity-sync: onboarding recorded in Stride" : \`identity-sync: failed (\${res.statusText ?? res.status})\`);
+`;
+  const claudeDir = join(workspaceDir, ".claude");
+  mkdirSync(claudeDir, { recursive: true });
+  writeFileSync(join(claudeDir, "identity-sync.mjs"), script, { encoding: "utf-8", mode: 448 });
+}
+// src/agents.ts
+var cachedAgents = [];
+var REFRESH_INTERVAL_MS = 5 * 60 * 1e3;
+var refreshTimer = null;
+async function refreshAgents(config) {
+  try {
+    const data = await get(config, "/api/bridge/v1/agents");
+    cachedAgents = data.agents ?? [];
+    log(`Refreshed ${cachedAgents.length} agent(s)`);
+    for (const agent of cachedAgents) {
+      await ensureAgentWorkspace(config, agent);
+    }
+  } catch (err) {
+    logError("Failed to refresh agents", err);
+  }
+}
+function findAgent(agentId) {
+  return cachedAgents.find((a) => a.id === agentId);
+}
+async function ensureAgentWorkspace(config, agent) {
+  const workspaceDir = agentWorkspaceDir(agent.id);
+  mkdirSync(workspaceDir, { recursive: true });
+  mkdirSync(join(workspaceDir, "memory"), { recursive: true });
+  const sections = [];
+  if (agent.systemPrompt) sections.push(agent.systemPrompt);
+  sections.push(agent.soulMd ?? agent.defaultSoulMd ?? "");
+  if (agent.memoryProtocolMd) sections.push(agent.memoryProtocolMd);
+  sections.push(
+    "## Memory sync (local agent)\n\nAfter updating MEMORY.md or today's daily journal, sync them to Stride by running:\n\n```\nnode .claude/memory-sync.mjs\n```\n"
+  );
+  if (!agent.onboardedAt && agent.onboardingMd) {
+    sections.push(
+      "## FIRST BOOT \u2014 onboarding required\n\nYou have not been onboarded. Read ONBOARDING.md in this workspace and complete the interview BEFORE regular work. To sync your identity after the interview, run:\n\n```\nnode .claude/identity-sync.mjs\n```\n"
+    );
+  }
+  writeFileSync(join(workspaceDir, "CLAUDE.md"), sections.filter(Boolean).join("\n\n"), "utf-8");
+  if (!agent.onboardedAt && agent.onboardingMd) {
+    writeFileSync(join(workspaceDir, "ONBOARDING.md"), agent.onboardingMd, "utf-8");
+  }
+  if (agent.identityMd) writeFileSync(join(workspaceDir, "IDENTITY.md"), agent.identityMd, "utf-8");
+  if (agent.userMd) writeFileSync(join(workspaceDir, "USER.md"), agent.userMd, "utf-8");
+  if (agent.heartbeatChecklist) {
+    writeFileSync(join(workspaceDir, "HEARTBEAT.md"), agent.heartbeatChecklist, "utf-8");
+  }
+  const memoryMdPath = join(workspaceDir, "MEMORY.md");
+  if (!existsSync(memoryMdPath)) {
+    writeFileSync(
+      memoryMdPath,
+      "# Long-term memory\n\nDurable learnings only \u2014 format: `## Topic \u2014 YYYY-MM-DD` followed by what you learned.\n",
+      "utf-8"
+    );
+  }
+  writeAgentHooks({
+    agentId: agent.id,
+    hookSecret: agent.hookSecret,
+    apiBaseUrl: config.apiBaseUrl,
+    workspaceDir
+  });
+  writeMemorySyncScript({
+    agentId: agent.id,
+    hookSecret: agent.hookSecret,
+    apiBaseUrl: config.apiBaseUrl,
+    workspaceDir
+  });
+  writeIdentitySyncScript({
+    agentId: agent.id,
+    hookSecret: agent.hookSecret,
+    apiBaseUrl: config.apiBaseUrl,
+    workspaceDir
+  });
+  log(`Provisioned workspace for agent "${agent.name}" (${agent.id})`);
+}
+function agentWorkspaceDir(agentId) {
+  return join(AGENTS_DIR, agentId, "workspace");
+}
+function startAgentRefreshTimer(config) {
+  if (refreshTimer !== null) return;
+  refreshTimer = setInterval(() => {
+    void refreshAgents(config);
+  }, REFRESH_INTERVAL_MS);
+  if (refreshTimer.unref) {
+    refreshTimer.unref();
+  }
+}
+function stopAgentRefreshTimer() {
+  if (refreshTimer !== null) {
+    clearInterval(refreshTimer);
+    refreshTimer = null;
+  }
+}
+var EMPTY_STATE = {
+  sessionId: null,
+  sessionStartedAt: null,
+  runCount: 0
+};
+function shouldRotateSession(state, nowMs, opts = {}) {
+  const { maxAgeMs = 24 * 60 * 6e4, maxRuns = 40 } = opts;
+  if (!state.sessionId || state.sessionStartedAt === null) return true;
+  if (nowMs - state.sessionStartedAt >= maxAgeMs) return true;
+  if (state.runCount >= maxRuns) return true;
+  return false;
+}
+function sessionStatePath(agentId) {
+  return join(dirname(agentWorkspaceDir(agentId)), "session.json");
+}
+function loadSessionState(agentId) {
+  const parsed = readJsonSafe(sessionStatePath(agentId));
+  if (!parsed) return { ...EMPTY_STATE };
+  return {
+    sessionId: typeof parsed.sessionId === "string" ? parsed.sessionId : null,
+    sessionStartedAt: typeof parsed.sessionStartedAt === "number" ? parsed.sessionStartedAt : null,
+    runCount: typeof parsed.runCount === "number" ? parsed.runCount : 0
+  };
+}
+function saveSessionState(agentId, state) {
+  writeJsonAtomic(sessionStatePath(agentId), state);
+}
+function recordRunSession(agentId, newSessionId, previous, nowMs) {
+  if (!newSessionId) return previous;
+  const continued = previous.sessionId === newSessionId;
+  const next = continued ? { ...previous, runCount: previous.runCount + 1 } : { sessionId: newSessionId, sessionStartedAt: nowMs, runCount: 1 };
+  saveSessionState(agentId, next);
+  return next;
+}
+// src/runner.ts
+var RUN_TIMEOUT_MS = 15 * 60 * 1e3;
+var STDOUT_CAP = 1e4;
+var STDERR_CAP = 4e3;
+var REPORT_RETRY_COUNT = 3;
+var REPORT_RETRY_BASE_MS = 2e3;
+function parseClaudeOutput(raw) {
+  const trimmed = raw.trim();
+  const lastBrace = trimmed.lastIndexOf("}");
+  if (lastBrace === -1) return {};
+  let depth = 0;
+  let start = -1;
+  for (let i = lastBrace; i >= 0; i--) {
+    if (trimmed[i] === "}") depth++;
+    else if (trimmed[i] === "{") {
+      depth--;
+      if (depth === 0) {
+        start = i;
+        break;
+      }
+    }
+  }
+  if (start === -1) return {};
+  try {
+    const parsed = JSON.parse(trimmed.slice(start, lastBrace + 1));
+    const result = {};
+    if (typeof parsed["total_cost_usd"] === "number") {
+      result.costUsd = parsed["total_cost_usd"];
+    }
+    if (typeof parsed["session_id"] === "string") {
+      result.sessionId = parsed["session_id"];
+    }
+    const usage = parsed["usage"];
+    if (usage && typeof usage === "object") {
+      const u = usage;
+      if (typeof u["input_tokens"] === "number") result.tokensInput = u["input_tokens"];
+      if (typeof u["output_tokens"] === "number") result.tokensOutput = u["output_tokens"];
+    }
+    return result;
+  } catch {
+    return {};
+  }
+}
+async function runWorkItem(config, work) {
+  const agent = findAgent(work.agent.id);
+  const model = agent?.model ?? work.agent.model;
+  const agentWorkspace = agentWorkspaceDir(work.agent.id);
+  let cwd = agentWorkspace;
+  if (work.workingDir && existsSync(work.workingDir)) {
+    cwd = work.workingDir;
+  } else if (work.workingDir) {
+    logWarn(
+      `workingDir "${work.workingDir}" does not exist; falling back to agent workspace`
+    );
+  }
+  log(`Starting run ${work.runId} (agent "${work.agent.name}", model "${model}")`);
+  log(`  cwd: ${cwd}`);
+  const isWindows = process.platform === "win32";
+  const settingsPath = join(agentWorkspace, ".claude", "settings.json");
+  const rawArgs = [
+    "-p",
+    "--output-format",
+    "json",
+    "--max-turns",
+    "25",
+    "--model",
+    model,
+    "--settings",
+    settingsPath
+  ];
+  const persistent = work.agent.localSessionMode === "persistent";
+  let sessionState = loadSessionState(work.agent.id);
+  if (persistent) {
+    if (shouldRotateSession(sessionState, Date.now())) {
+      if (sessionState.sessionId) {
+        log(`Rotating session for agent "${work.agent.name}" (age/run limit reached)`);
+      }
+      sessionState = { sessionId: null, sessionStartedAt: null, runCount: 0 };
+    } else if (sessionState.sessionId) {
+      rawArgs.push("--resume", sessionState.sessionId);
+    }
+  }
+  const args = isWindows ? rawArgs.map((a) => /[\s"^&|<>%]/.test(a) ? `"${a.replace(/"/g, '""')}"` : a) : rawArgs;
+  const env = { ...process.env };
+  let stdoutBuf = "";
+  let stderrBuf = "";
+  let exitCode = null;
+  let spawnError;
+  await new Promise((resolve) => {
+    let child;
+    try {
+      child = spawn("claude", args, {
+        cwd,
+        env,
+        // shell on Windows: `claude` is a .cmd shim Node can't exec directly.
+        // Safe because argv contains only our fixed, pre-quoted tokens.
+        shell: isWindows,
+        // stdin: pipe — the prompt is delivered via stdin, not argv.
+        stdio: ["pipe", "pipe", "pipe"]
+      });
+      child.stdin?.write(work.prompt);
+      child.stdin?.end();
+    } catch (err) {
+      spawnError = err instanceof Error ? err.message : String(err);
+      resolve();
+      return;
+    }
+    const timeoutHandle = setTimeout(() => {
+      logWarn(`Run ${work.runId} exceeded timeout \u2014 sending SIGTERM`);
+      try {
+        child.kill("SIGTERM");
+      } catch {
+      }
+      setTimeout(() => {
+        try {
+          child.kill("SIGKILL");
+        } catch {
+        }
+      }, 5e3);
+    }, RUN_TIMEOUT_MS);
+    child.stdout?.on("data", (chunk) => {
+      stdoutBuf += chunk.toString("utf-8");
+    });
+    child.stderr?.on("data", (chunk) => {
+      stderrBuf += chunk.toString("utf-8");
+    });
+    child.on("close", (code) => {
+      clearTimeout(timeoutHandle);
+      exitCode = code;
+      resolve();
+    });
+    child.on("error", (err) => {
+      clearTimeout(timeoutHandle);
+      spawnError = err.message;
+      resolve();
+    });
+  });
+  const stdoutExcerpt = stdoutBuf.length > STDOUT_CAP ? stdoutBuf.slice(-STDOUT_CAP) : stdoutBuf;
+  const stderrExcerpt = stderrBuf.length > STDERR_CAP ? stderrBuf.slice(-STDERR_CAP) : stderrBuf;
+  const succeeded = spawnError === void 0 && exitCode === 0;
+  const parsed = succeeded ? parseClaudeOutput(stdoutBuf) : {};
+  const report = {
+    runId: work.runId,
+    wakeupId: work.wakeupId,
+    status: succeeded ? "completed" : "failed",
+    stdoutExcerpt,
+    stderrExcerpt,
+    error: spawnError,
+    exitCode,
+    ...parsed
+  };
+  log(
+    `Run ${work.runId} ${report.status} (exit ${exitCode ?? "n/a"}${parsed.costUsd !== void 0 ? `, cost $${parsed.costUsd.toFixed(4)}` : ""})`
+  );
+  if (persistent && report.status === "completed") {
+    recordRunSession(work.agent.id, parsed.sessionId, sessionState, Date.now());
+  }
+  await sendReport(config, report);
+}
+async function sendReport(config, report) {
+  const path = `/api/bridge/v1/runs/${report.runId}`;
+  for (let attempt = 1; attempt <= REPORT_RETRY_COUNT; attempt++) {
+    try {
+      await post(config, path, report);
+      log(`Reported run ${report.runId} (attempt ${attempt})`);
+      removePendingReport(report.runId);
+      return;
+    } catch (err) {
+      logError(`Failed to report run ${report.runId} (attempt ${attempt})`, err);
+      if (attempt < REPORT_RETRY_COUNT) {
+        const delay = REPORT_RETRY_BASE_MS * Math.pow(2, attempt - 1);
+        await sleep(delay);
+      }
+    }
+  }
+  logWarn(`Persisting failed report for run ${report.runId} to pending-reports.json`);
+  appendPendingReport(report);
+}
+async function retryPendingReports(config) {
+  const pending = readJsonSafe(PENDING_REPORTS_PATH);
+  if (!pending || pending.length === 0) return;
+  log(`Retrying ${pending.length} pending report(s)`);
+  for (const report of pending) {
+    await sendReport(config, report);
+  }
+}
+function appendPendingReport(report) {
+  const existing = readJsonSafe(PENDING_REPORTS_PATH) ?? [];
+  const deduped = existing.filter((r) => r.runId !== report.runId);
+  deduped.push(report);
+  writeJsonAtomic(PENDING_REPORTS_PATH, deduped);
+}
+function removePendingReport(runId) {
+  const existing = readJsonSafe(PENDING_REPORTS_PATH);
+  if (!existing || existing.length === 0) return;
+  const filtered = existing.filter((r) => r.runId !== runId);
+  if (filtered.length !== existing.length) {
+    writeJsonAtomic(PENDING_REPORTS_PATH, filtered);
+  }
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+var USAGE_URL = "https://api.anthropic.com/api/oauth/usage";
+var CACHE_TTL_MS = 6e4;
+var FETCH_TIMEOUT_MS = 5e3;
+function remainingPct(utilization) {
+  if (typeof utilization !== "number" || !Number.isFinite(utilization)) return null;
+  return Math.max(0, Math.min(100, Math.round((1 - utilization) * 100)));
+}
+function parseUsageResponse(body, nowIso) {
+  return {
+    fiveHourRemainingPct: remainingPct(body.five_hour?.utilization),
+    sevenDayRemainingPct: remainingPct(body.seven_day?.utilization),
+    fetchedAt: nowIso
+  };
+}
+function readOauthToken() {
+  if (process.env.CLAUDE_CODE_OAUTH_TOKEN) return process.env.CLAUDE_CODE_OAUTH_TOKEN;
+  const creds = readJsonSafe(
+    join(homedir(), ".claude", ".credentials.json")
+  );
+  return creds?.claudeAiOauth?.accessToken ?? null;
+}
+var cached = null;
+var warnedNoToken = false;
+async function getQuotaSnapshot() {
+  if (cached && Date.now() - cached.at < CACHE_TTL_MS) return cached.snapshot;
+  const token = readOauthToken();
+  if (!token) {
+    if (!warnedNoToken) {
+      logWarn("No Claude OAuth token found \u2014 quota reporting disabled");
+      warnedNoToken = true;
+    }
+    return null;
+  }
+  try {
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), FETCH_TIMEOUT_MS);
+    const res = await fetch(USAGE_URL, {
+      headers: { Authorization: `Bearer ${token}` },
+      signal: controller.signal
+    });
+    clearTimeout(timer);
+    if (!res.ok) return cached?.snapshot ?? null;
+    const body = await res.json();
+    const snapshot = parseUsageResponse(body, (/* @__PURE__ */ new Date()).toISOString());
+    cached = { snapshot, at: Date.now() };
+    return snapshot;
+  } catch {
+    return cached?.snapshot ?? null;
+  }
+}
+// src/poller.ts
+var POLL_INTERVAL_MS = 2500;
+var HEARTBEAT_INTERVAL_MS = 6e4;
+var BACKOFF_STEPS_MS = [2500, 5e3, 1e4, 3e4];
+var running = false;
+async function startDaemon(config) {
+  running = true;
+  const shutdown = async (signal) => {
+    if (!running) return;
+    running = false;
+    log(`Received ${signal} \u2014 shutting down gracefully`);
+    stopAgentRefreshTimer();
+    await postBestEffort(config, "/api/bridge/v1/events", {
+      kind: "daemon_stopping",
+      message: `Daemon stopping (${signal})`,
+      daemonVersion: VERSION
+    });
+    process.exit(0);
+  };
+  process.on("SIGINT", () => void shutdown("SIGINT"));
+  process.on("SIGTERM", () => void shutdown("SIGTERM"));
+  await postBestEffort(config, "/api/bridge/v1/events", {
+    kind: "daemon_started",
+    message: "Daemon started",
+    daemonVersion: VERSION,
+    osInfo: { platform: platform(), release: release() }
+  });
+  log(`Daemon started (v${VERSION}, bridge ${config.bridgeId})`);
+  await refreshAgents(config);
+  startAgentRefreshTimer(config);
+  const sendHeartbeat = async () => {
+    const payload = {
+      daemonVersion: VERSION,
+      osInfo: { platform: platform(), release: release() },
+      agents: []
+    };
+    const quota = await getQuotaSnapshot();
+    if (quota) payload.quota = quota;
+    try {
+      await post(config, "/api/bridge/v1/heartbeat", payload);
+    } catch (err) {
+      logWarn(`Heartbeat failed: ${err instanceof Error ? err.message : String(err)}`);
+    }
+  };
+  void sendHeartbeat();
+  const heartbeatTimer = setInterval(() => void sendHeartbeat(), HEARTBEAT_INTERVAL_MS);
+  if (heartbeatTimer.unref) heartbeatTimer.unref();
+  let backoffIndex = 0;
+  while (running) {
+    try {
+      await retryPendingReports(config);
+    } catch {
+    }
+    try {
+      const data = await post(config, "/api/bridge/v1/work", {});
+      backoffIndex = 0;
+      if (data.work) {
+        log(`Received work item: run ${data.work.runId}`);
+        try {
+          await runWorkItem(config, data.work);
+        } catch (err) {
+          logError(`Unhandled error in runWorkItem for run ${data.work.runId}`, err);
+        }
+        continue;
+      }
+    } catch (err) {
+      const delay = BACKOFF_STEPS_MS[Math.min(backoffIndex, BACKOFF_STEPS_MS.length - 1)];
+      logError(
+        `Poll error (backoff ${delay}ms)`,
+        err
+      );
+      backoffIndex = Math.min(backoffIndex + 1, BACKOFF_STEPS_MS.length - 1);
+      await sleep2(delay);
+      continue;
+    }
+    await sleep2(POLL_INTERVAL_MS);
+  }
+  clearInterval(heartbeatTimer);
+}
+function sleep2(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+var DEFAULT_API_URL = "https://app.strideops.ai";
+var program = new Command();
+program.name("stride-bridge").description("Stride Bridge daemon \u2014 run StrideOps Build agents locally").version(VERSION);
+program.command("connect <pairingCode>").description("Pair this machine with StrideOps using a one-time pairing code").option(
+  "--api-url <url>",
+  "StrideOps API base URL",
+  DEFAULT_API_URL
+).action(async (pairingCode, opts) => {
+  await runPair(pairingCode, opts.apiUrl);
+});
+program.command("start").description("Start the daemon (foreground; press Ctrl+C to stop)").action(async () => {
+  const config = requireConfig();
+  log(`Starting daemon with bridge "${config.bridgeName}" (${config.bridgeId})`);
+  await startDaemon(config);
+});
+program.command("status").description("Print current configuration and server connectivity").action(async () => {
+  const config = readConfig();
+  console.log("=== Stride Bridge Status ===");
+  console.log();
+  if (!config) {
+    console.log("Status        : NOT CONNECTED");
+    console.log(`Config path   : ${CONFIG_PATH}`);
+    console.log();
+    console.log("Run `stride-bridge connect <PAIRING_CODE>` to get started.");
+    return;
+  }
+  console.log(`Status        : CONNECTED`);
+  console.log(`Bridge name   : ${config.bridgeName}`);
+  console.log(`Bridge ID     : ${config.bridgeId}`);
+  console.log(`Org ID        : ${config.orgId}`);
+  console.log(`API URL       : ${config.apiBaseUrl}`);
+  console.log(`Auth mode     : ${config.authMode}`);
+  console.log(`Config path   : ${CONFIG_PATH}`);
+  console.log();
+  process.stdout.write("Server        : checking... ");
+  try {
+    await post(config, "/api/bridge/v1/heartbeat", {
+      daemonVersion: VERSION,
+      osInfo: {},
+      agents: []
+    });
+    console.log("REACHABLE");
+  } catch (err) {
+    console.log(
+      `UNREACHABLE (${err instanceof Error ? err.message : String(err)})`
+    );
+  }
+  console.log();
+});
+program.command("autostart <action>").description("Manage start-at-logon: install | remove | status (Windows Task Scheduler)").action(async (action) => {
+  const { autostartInstall, autostartRemove, autostartStatus } = await import('./autostart-77BPPTEG.js');
+  if (action === "install") autostartInstall();
+  else if (action === "remove") autostartRemove();
+  else if (action === "status") autostartStatus();
+  else {
+    console.error(`Unknown action "${action}" \u2014 use install, remove, or status`);
+    process.exitCode = 1;
+  }
+});
+program.command("doctor").description("Check all prerequisites for running the bridge daemon").action(async () => {
+  console.log("=== Stride Bridge Doctor ===");
+  console.log();
+  let allGood = true;
+  const nodeVersion = process.versions.node;
+  const [major] = nodeVersion.split(".").map(Number);
+  const nodeOk = major >= 20;
+  printCheck(
+    "Node.js >= 20",
+    nodeOk,
+    `Found v${nodeVersion}`,
+    `Found v${nodeVersion} \u2014 upgrade to Node.js 20+`
+  );
+  if (!nodeOk) allGood = false;
+  let claudeVersion = "";
+  let claudeOnPath = false;
+  try {
+    claudeVersion = execSync("claude --version", {
+      encoding: "utf-8",
+      timeout: 5e3,
+      stdio: ["ignore", "pipe", "ignore"]
+    }).trim();
+    claudeOnPath = true;
+  } catch {
+    claudeOnPath = false;
+  }
+  printCheck(
+    "claude CLI on PATH",
+    claudeOnPath,
+    claudeVersion || "found",
+    "claude not found \u2014 install Claude Code CLI from https://docs.anthropic.com/claude-code"
+  );
+  if (!claudeOnPath) allGood = false;
+  let claudeAuthed = false;
+  let claudeAuthNote = "";
+  if (claudeOnPath) {
+    const possiblePaths = [
+      join(homedir(), ".claude", "settings.json"),
+      join(homedir(), ".config", "claude", "settings.json"),
+      join(
+        process.env["APPDATA"] ?? join(homedir(), "AppData", "Roaming"),
+        "Claude",
+        "settings.json"
+      )
+    ];
+    claudeAuthed = possiblePaths.some(existsSync);
+    claudeAuthNote = claudeAuthed ? "config found" : "no config found \u2014 run `claude` to authenticate";
+  } else {
+    claudeAuthNote = "skipped (claude not on PATH)";
+  }
+  printCheck(
+    "Claude authenticated",
+    claudeAuthed,
+    claudeAuthNote,
+    claudeAuthNote
+  );
+  if (!claudeAuthed && claudeOnPath) allGood = false;
+  const configured = isConfigured();
+  const configData = readConfig();
+  const configValid = configured && configData !== null;
+  printCheck(
+    "Bridge config",
+    configValid,
+    configValid ? `${CONFIG_PATH} (bridge: ${configData?.bridgeName})` : configured ? `${CONFIG_PATH} exists but could not be parsed` : "not found \u2014 run `stride-bridge connect <CODE>`",
+    configured ? `${CONFIG_PATH} could not be parsed \u2014 re-run connect` : "not found \u2014 run `stride-bridge connect <CODE>`"
+  );
+  if (!configValid) allGood = false;
+  if (configData) {
+    process.stdout.write("[ ] StrideOps server reachable ... ");
+    try {
+      await post(configData, "/api/bridge/v1/heartbeat", {
+        daemonVersion: VERSION,
+        osInfo: {},
+        agents: []
+      });
+      clearLine();
+      printCheck("StrideOps server reachable", true, configData.apiBaseUrl, "");
+    } catch (err) {
+      clearLine();
+      printCheck(
+        "StrideOps server reachable",
+        false,
+        "",
+        `${configData.apiBaseUrl} \u2014 ${err instanceof Error ? err.message : String(err)}`
+      );
+      allGood = false;
+    }
+  } else {
+    printCheck(
+      "StrideOps server reachable",
+      false,
+      "",
+      "skipped (not configured)"
+    );
+  }
+  const bridgeDir = join(homedir(), ".stride-bridge");
+  try {
+    mkdirSync(bridgeDir, { recursive: true });
+    accessSync(bridgeDir, constants.W_OK);
+    printCheck("Bridge workspace writable", true, bridgeDir, "");
+  } catch {
+    printCheck(
+      "Bridge workspace writable",
+      false,
+      "",
+      `${bridgeDir} is not writable`
+    );
+    allGood = false;
+  }
+  console.log();
+  if (allGood) {
+    console.log("All checks passed. Run `stride-bridge start` to launch the daemon.");
+  } else {
+    console.log(
+      "Some checks failed. Fix the issues above, then re-run `stride-bridge doctor`."
+    );
+    process.exit(1);
+  }
+});
+function printCheck(label, ok, successNote, failureNote) {
+  const icon = ok ? "[ok]" : "[!!]";
+  const note = ok ? successNote : failureNote;
+  console.log(`${icon} ${label}${note ? " \u2014 " + note : ""}`);
+}
+function clearLine() {
+  process.stdout.write("\r\x1B[K");
+}
+program.parseAsync(process.argv).catch((err) => {
+  console.error(
+    `[stride-bridge] Fatal: ${err instanceof Error ? err.message : String(err)}`
+  );
+  process.exit(1);
+});
+//# sourceMappingURL=cli.js.map
+//# sourceMappingURL=cli.js.map