@undefineds.co/linx 0.2.1

package/README.md

@@ -0,0 +1,91 @@
+# LinX CLI
+
+最小用户聊天 CLI，复用 LinX 的 Pod 数据模型和 LinX server 的 OpenAI-compatible API。
+
+- cloud account/login 默认走 `https://id.undefineds.co/.account/*`
+- cloud chat/models 走 live `https://api.undefineds.co/v1/*`
+- 内置 discovery snapshot 只做离线 fallback，不替代 live `/v1/models`
+- 官方云默认分流：`id` 负责 Solid/OIDC，`pods` 负责 Pod 托管域，`api` 负责 chat/models runtime；自建 Pod 默认仍走同源
+
+## Commands
+
+```bash
+# 浏览器授权登录并保存本地 OIDC 会话
+# 默认用官方 cloud identity：https://id.undefineds.co
+yarn workspace @undefineds.co/linx dev login
+
+# 自建 / 本地 issuer 时再显式覆盖
+yarn workspace @undefineds.co/linx dev login --url http://localhost:3000
+
+# 查看 / 清理当前本地登录态
+yarn workspace @undefineds.co/linx dev whoami --verbose
+yarn workspace @undefineds.co/linx dev logout
+
+# 把云端 AI provider 凭据写进 Pod
+yarn workspace @undefineds.co/linx dev ai connect claude --api-key sk-ant-xxx --model claude-sonnet-4-20250514
+yarn workspace @undefineds.co/linx dev ai status claude
+yarn workspace @undefineds.co/linx dev ai disconnect claude
+
+# 列出远程可用模型
+yarn workspace @undefineds.co/linx dev models
+
+# 单轮聊天
+yarn workspace @undefineds.co/linx dev chat "帮我总结一下今天的工作"
+
+# 进入默认 Pi TUI
+yarn workspace @undefineds.co/linx dev
+
+# 继续最近一次 thread
+yarn workspace @undefineds.co/linx dev chat --continue
+
+# 本地 watch（多轮 REPL + 结构化留档）
+yarn workspace @undefineds.co/linx dev watch run codex
+yarn workspace @undefineds.co/linx dev watch run claude "先总结这个目录的职责"
+yarn workspace @undefineds.co/linx dev watch run codebuddy -- --tools Read,Edit
+yarn workspace @undefineds.co/linx dev watch backends
+yarn workspace @undefineds.co/linx dev watch sessions
+yarn workspace @undefineds.co/linx dev watch approvals
+yarn workspace @undefineds.co/linx dev watch approve <approvalId> --session
+yarn workspace @undefineds.co/linx dev watch reject <approvalId> --reason "unsafe command"
+```
+
+## Slash Commands
+
+- `/help` 查看帮助
+- `/threads` 查看最近 threads
+- `/new` 新建 thread
+- `/use <threadId>` 切换 thread
+- `/model <modelId>` 切换模型
+- `/exit` 退出
+
+## Credentials
+
+当前优先读取：
+
+1. `~/.linx/config.json` + `~/.linx/secrets.json`
+
+## Local Watch Notes
+
+- `watch run` 当前直接依赖本机已经安装好的 `codex` / `claude` / `codebuddy`
+- 如果当前终端对全屏重绘支持不好，可加 `--plain`（等价于 `LINX_WATCH_PLAIN=1`）关闭全屏 TUI，改用线性输出
+- LinX 负责统一 `manual | smart | auto` 模式，并把会话元数据写到 `~/.linx/watch/sessions/`
+- `--credential-source local|cloud|auto` 只决定凭据来源；`watch` 当前运行时始终是本地，不会因为选 cloud credential source 就切成 cloud runtime
+- `--credential-source cloud` 当前可显式用于 `codex` / `claude` / `codebuddy`，前提是对应 API key 已写进 Pod
+- 单本地会话时，approval 主路径是在当前 watch TUI 内直接处理；不会依赖额外的 approval inbox
+- 默认人工审批同时支持当前本地 watch 和 Pod 远端控制面，谁先决策谁生效
+- 如果本地已 `linx login`，LinX 会把 pending approval 写进 Pod 的 `approval / audit / inbox_notification`
+- `linx watch approvals` / `approve` / `reject` 主要用于远端、后台或多会话场景的 approval inbox；不是本地单会话 watch 的主交互路径
+- 当前是最小多轮版：本地 REPL、统一 ACP 会话、归档结构化事件
+- 在交互式 TTY 里，`watch run` 会默认进入全屏 TUI；非 TTY / 管道输出会自动降级到 plain mode
+- `linx watch show <sessionId>` 现在会回放归档 timeline，而不是直接输出 `session.json`
+- `codex` 走 `codex-acp`，`claude` 走 `claude-code-acp`，`codebuddy` 走内置 `--acp --acp-transport stdio`
+- 当前 `linx watch run codex` 的前台仍是 LinX watch TUI，不是 Codex 原生 TUI；真正执行任务与工具调用的是 `codex-acp`
+- Codex 原生壳相关集成不放在 LinX watch 壳里维护；后台桥接能力位于 `apps/cli/src/lib/codex-plugin/*`，按 plugin/sidecar 语义组织
+- LinX 不再维护各家 native / 非 ACP JSON 输出兼容层，统一按 ACP 处理多轮会话、权限请求和结构化输入
+- 仓库内 `yarn workspace @undefineds.co/linx dev watch ...` 不再依赖 `tsx`，会直接编译并运行独立 watch 入口
+- `--` 后面的参数会原样透传给对应后端 CLI
+- 当前只支持 `local runtime + remote approval`；不支持本地 runtime 退出后由云端接管执行
+
+## TODO
+
+- blocked by xpod: `watch --runtime cloud`

package/dist/index.js

@@ -0,0 +1,578 @@
+#!/usr/bin/env node
+import yargs from 'yargs';
+import { hideBin } from 'yargs/helpers';
+import { aiCommand } from './lib/ai-command.js';
+import { resolveAccountBaseUrl } from './lib/account-api.js';
+import { getClientCredentials, loadCredentials } from './lib/credentials-store.js';
+import { loadAccountSession } from './lib/account-session.js';
+import { loginCommand, logoutCommand, whoamiCommand } from './lib/login-command.js';
+import { runPrintMode } from '@mariozechner/pi-coding-agent';
+import { promptText } from './lib/prompt.js';
+import { resolveRuntimeTarget } from './lib/runtime-target.js';
+import { createCodexNativeProxy } from './lib/codex-plugin/index.js';
+import { bootstrapPiInteractiveMode, createPiRuntimeAdapter } from './lib/pi-adapter/index.js';
+import { getOidcAccessToken } from './lib/oidc-auth.js';
+import { DEFAULT_LINX_CLOUD_MODEL_ID } from './lib/default-model.js';
+import { LINX_AGENT_DIR } from './lib/pi-adapter/branding.js';
+import { formatRemoteWatchApprovalSummary, formatArchivedWatchSession, formatWatchSessionSummary, loadArchivedWatchEvents, listArchivedWatchSessions, listRemoteWatchApprovals, listSupportedWatchBackends, loadArchivedWatchSession, resolveRemoteWatchApproval, runWatch, } from './lib/watch/index.js';
+let chatRuntimePromise = null;
+async function loadChatRuntime() {
+    if (!chatRuntimePromise) {
+        chatRuntimePromise = Promise.all([
+            import('./lib/chat-api.js'),
+            import('./lib/pod-chat-store.js'),
+            import('./lib/solid-auth.js'),
+        ]).then(([chatApi, podChatStore, solidAuth]) => ({
+            createRemoteCompletion: chatApi.createRemoteCompletion,
+            listRemoteModels: chatApi.listRemoteModels,
+            createThread: podChatStore.createThread,
+            formatThreadLabel: podChatStore.formatThreadLabel,
+            getLatestThreadId: podChatStore.getLatestThreadId,
+            getOrCreateDefaultChat: podChatStore.getOrCreateDefaultChat,
+            initPodData: podChatStore.initPodData,
+            listThreads: podChatStore.listThreads,
+            loadMessages: podChatStore.loadMessages,
+            loadThread: podChatStore.loadThread,
+            saveAssistantMessage: podChatStore.saveAssistantMessage,
+            saveUserMessage: podChatStore.saveUserMessage,
+            toOpenAiMessages: podChatStore.toOpenAiMessages,
+            authenticate: solidAuth.authenticate,
+            authenticatedFetch: solidAuth.authenticatedFetch,
+        }));
+    }
+    return chatRuntimePromise;
+}
+async function resolveContext(urlOverride) {
+    const runtime = await loadChatRuntime();
+    const creds = loadCredentials();
+    if (!creds) {
+        throw new Error('No credentials found. Run `linx login` first.');
+    }
+    const target = resolveRuntimeTarget({
+        issuerUrl: creds.url,
+        runtimeUrlOverride: urlOverride,
+    });
+    const clientCreds = getClientCredentials(creds);
+    if (clientCreds) {
+        const { session, apiKey } = await runtime.authenticate(clientCreds.clientId, clientCreds.clientSecret, target.oidcIssuer);
+        await runtime.initPodData(session);
+        const chatId = await runtime.getOrCreateDefaultChat(session);
+        return { runtimeUrl: target.runtimeUrl, apiKey, session, chatId, runtime };
+    }
+    if (creds.authType === 'oidc_oauth') {
+        const accessToken = await getOidcAccessToken(creds);
+        if (!accessToken) {
+            throw new Error('Failed to restore OIDC access token. Run `linx login` again.');
+        }
+        const pseudoSession = {
+            async logout() { },
+        };
+        const podUrl = loadAccountSession()?.podUrl || creds.webId.replace('/card#me', '').replace(/\/?$/, '/');
+        const session = {
+            ...pseudoSession,
+            info: {
+                isLoggedIn: true,
+                webId: creds.webId,
+                podUrl,
+            },
+            fetch: (url, init) => runtime.authenticatedFetch(url, accessToken, init),
+        };
+        await runtime.initPodData(session);
+        const chatId = await runtime.getOrCreateDefaultChat(session);
+        return { runtimeUrl: target.runtimeUrl, apiKey: accessToken, session, chatId, runtime };
+    }
+    throw new Error('Unsupported LinX auth type. Run `linx login` again.');
+}
+async function resolveRuntimeAuthContext(urlOverride) {
+    const runtime = await loadChatRuntime();
+    const creds = loadCredentials();
+    if (!creds) {
+        throw new Error('No credentials found. Run `linx login` first.');
+    }
+    const target = resolveRuntimeTarget({
+        issuerUrl: creds.url,
+        runtimeUrlOverride: urlOverride,
+    });
+    const clientCreds = getClientCredentials(creds);
+    if (clientCreds) {
+        const { session, apiKey } = await runtime.authenticate(clientCreds.clientId, clientCreds.clientSecret, target.oidcIssuer);
+        return { runtimeUrl: target.runtimeUrl, apiKey, session, runtime };
+    }
+    if (creds.authType === 'oidc_oauth') {
+        const accessToken = await getOidcAccessToken(creds);
+        if (!accessToken) {
+            throw new Error('Failed to restore OIDC access token. Run `linx login` again.');
+        }
+        const pseudoSession = {
+            async logout() { },
+        };
+        return { runtimeUrl: target.runtimeUrl, apiKey: accessToken, session: pseudoSession, runtime };
+    }
+    throw new Error('Unsupported LinX auth type. Run `linx login` again.');
+}
+async function runSingleTurn(options) {
+    const { ctx, threadId, model, prompt } = options;
+    const history = await ctx.runtime.loadMessages(ctx.session, threadId);
+    await ctx.runtime.saveUserMessage(ctx.session, ctx.chatId, threadId, prompt);
+    const reply = await ctx.runtime.createRemoteCompletion({
+        runtimeUrl: ctx.runtimeUrl,
+        apiKey: ctx.apiKey,
+        model,
+        messages: [...ctx.runtime.toOpenAiMessages(history), { role: 'user', content: prompt }],
+    });
+    const replyText = typeof reply === 'string' ? reply : reply.content ?? '';
+    await ctx.runtime.saveAssistantMessage(ctx.session, ctx.chatId, threadId, replyText);
+    process.stdout.write(`\n${replyText}\n\n`);
+}
+async function resolveThreadId(options) {
+    const { ctx, continueMode, explicitThreadId, workspace } = options;
+    if (explicitThreadId) {
+        return explicitThreadId;
+    }
+    if (continueMode) {
+        const latest = await ctx.runtime.getLatestThreadId(ctx.session, ctx.chatId);
+        if (latest) {
+            return latest;
+        }
+    }
+    return ctx.runtime.createThread(ctx.session, ctx.chatId, workspace || process.cwd(), 'CLI Session');
+}
+async function runInteractive(options) {
+    const { ctx, initialThreadId, initialModel, initialPrompt } = options;
+    let threadId = initialThreadId;
+    let model = initialModel;
+    process.stdout.write(`LinX CLI ready\nthread: ${threadId}\nmodel: ${model || DEFAULT_LINX_CLOUD_MODEL_ID}\n输入 /help 查看命令。\n\n`);
+    if (initialPrompt) {
+        await runSingleTurn({ ctx, threadId, model, prompt: initialPrompt });
+    }
+    while (true) {
+        const input = (await promptText('you> ')).trim();
+        if (!input)
+            continue;
+        if (input === '/exit' || input === '/quit') {
+            break;
+        }
+        if (input === '/help') {
+            process.stdout.write('/help 查看帮助\n/threads 列出 threads\n/new 新建 thread\n/use <threadId> 切换 thread\n/model <modelId> 切换模型\n/exit 退出\n\n');
+            continue;
+        }
+        if (input === '/threads') {
+            const threads = await ctx.runtime.listThreads(ctx.session, ctx.chatId);
+            if (threads.length === 0) {
+                process.stdout.write('暂无 threads\n\n');
+                continue;
+            }
+            process.stdout.write(`${threads.map((thread) => `- ${ctx.runtime.formatThreadLabel(thread)}`).join('\n')}\n\n`);
+            continue;
+        }
+        if (input === '/new') {
+            threadId = await ctx.runtime.createThread(ctx.session, ctx.chatId, process.cwd(), 'CLI Session');
+            process.stdout.write(`已创建 thread: ${threadId}\n\n`);
+            continue;
+        }
+        if (input.startsWith('/use ')) {
+            const nextThreadId = input.slice(5).trim();
+            const thread = await ctx.runtime.loadThread(ctx.session, nextThreadId);
+            if (!thread) {
+                process.stdout.write(`未找到 thread: ${nextThreadId}\n\n`);
+                continue;
+            }
+            threadId = nextThreadId;
+            process.stdout.write(`已切换到 thread: ${threadId}\n\n`);
+            continue;
+        }
+        if (input.startsWith('/model ')) {
+            model = input.slice(7).trim() || undefined;
+            process.stdout.write(`当前模型: ${model || DEFAULT_LINX_CLOUD_MODEL_ID}\n\n`);
+            continue;
+        }
+        await runSingleTurn({ ctx, threadId, model, prompt: input });
+    }
+}
+async function runPiCommand(argv) {
+    const backend = argv.backend ?? 'cloud';
+    if (!argv.print && backend === 'cloud') {
+        const { resolveLinxPiCloudOAuthCredential } = await import('./lib/pi-adapter/auth.js');
+        const existingCredential = await resolveLinxPiCloudOAuthCredential(undefined);
+        if (!existingCredential) {
+            const answer = (await promptText('LinX Cloud not connected. Open browser login now? [Y/n] ')).trim().toLowerCase();
+            const shouldLoginNow = answer === '' || answer === 'y' || answer === 'yes';
+            if (shouldLoginNow) {
+                const { ensureBrowserConsentLogin } = await import('./lib/oidc-auth.js');
+                process.stdout.write('Opening LinX Cloud login in your browser...\n');
+                try {
+                    const result = await ensureBrowserConsentLogin({
+                        issuerUrl: resolveAccountBaseUrl(),
+                    });
+                    if (result.reusedExistingSession) {
+                        process.stdout.write('Reused existing LinX Cloud session.\n');
+                    }
+                }
+                catch (error) {
+                    process.stdout.write('LinX Cloud login was not completed. Continuing into TUI without auth.\n');
+                    if (error instanceof Error && error.message.trim()) {
+                        process.stdout.write(`${error.message}\n`);
+                    }
+                }
+            }
+        }
+    }
+    const adapter = createPiRuntimeAdapter({
+        createNativeProxy(options) {
+            return createCodexNativeProxy({
+                cwd: options?.cwd,
+                model: options?.model,
+                listenPort: options?.listenPort,
+            });
+        },
+        async createRemoteCompletion(options) {
+            const chatApi = await import('./lib/chat-api.js');
+            return chatApi.createRemoteCompletionResult(options);
+        },
+        async listRemoteModels(session, runtimeUrl, apiKey) {
+            const chatApi = await import('./lib/chat-api.js');
+            return chatApi.listRemoteModels(session, runtimeUrl, apiKey);
+        },
+    }, {
+        cwd: argv.cwd || process.cwd(),
+        model: argv.model || DEFAULT_LINX_CLOUD_MODEL_ID,
+        backend,
+        port: argv.port,
+        providerConfig: {
+            baseUrl: String(argv['runtime-url'] ?? 'https://api.undefineds.co/v1'),
+            issuerUrl: resolveAccountBaseUrl(),
+        },
+    });
+    await adapter.start();
+    const { SessionManager } = await import('@mariozechner/pi-coding-agent');
+    const runtime = await adapter.createRuntime({
+        cwd: adapter.cwd,
+        agentDir: LINX_AGENT_DIR,
+        sessionManager: SessionManager.inMemory(adapter.cwd),
+    });
+    const interactive = bootstrapPiInteractiveMode(runtime);
+    try {
+        if (argv.print) {
+            const prompt = (argv.prompt ?? []).join(' ').trim();
+            const exitCode = await runPrintMode(runtime, {
+                mode: 'text',
+                initialMessage: prompt || undefined,
+            });
+            if (exitCode !== 0) {
+                process.exitCode = exitCode;
+            }
+            return;
+        }
+        await interactive.run();
+    }
+    finally {
+        interactive.stop();
+        await adapter.close();
+    }
+}
+function buildPiCommand(command) {
+    const configured = command
+        .option('cwd', {
+        type: 'string',
+        describe: 'Workspace path for the Pi session',
+    })
+        .option('model', {
+        type: 'string',
+        describe: 'Model id to expose through the Pi runtime adapter',
+    })
+        .option('backend', {
+        type: 'string',
+        default: 'cloud',
+        choices: ['cloud', 'native'],
+        describe: 'Backend mode. Default is cloud; native keeps the local Codex proxy for debugging only.',
+    })
+        .option('port', {
+        type: 'number',
+        default: 8787,
+        describe: 'Local websocket port used only when --backend native',
+    })
+        .option('runtime-url', {
+        type: 'string',
+        default: 'https://api.undefineds.co/v1',
+        describe: 'Cloud runtime API base URL',
+    })
+        .option('print', {
+        type: 'boolean',
+        default: false,
+        describe: 'Run a single prompt without entering interactive mode',
+    })
+        .positional('prompt', {
+        array: true,
+        type: 'string',
+        describe: 'Single-shot prompt when --print is enabled',
+    });
+    return configured;
+}
+const defaultPiCommand = {
+    command: '$0 [prompt..]',
+    describe: 'Run the native Pi TUI on top of the LinX cloud auth + Pod storage backend',
+    builder: buildPiCommand,
+    handler: runPiCommand,
+};
+const hiddenPiAliasCommand = {
+    command: 'pi [prompt..]',
+    describe: false,
+    builder: buildPiCommand,
+    handler: runPiCommand,
+};
+const hiddenPiFrontendAliasCommand = {
+    command: 'pi-frontend [prompt..]',
+    describe: false,
+    builder: buildPiCommand,
+    handler: runPiCommand,
+};
+const execCommand = {
+    command: 'exec [prompt..]',
+    aliases: ['e'],
+    describe: 'Run LinX non-interactively',
+    builder: buildPiCommand,
+    async handler(argv) {
+        await runPiCommand({ ...argv, print: true });
+    },
+};
+const cli = yargs(hideBin(process.argv))
+    .scriptName('linx')
+    .parserConfiguration({
+    'populate--': true,
+})
+    .command(loginCommand)
+    .command(logoutCommand)
+    .command(whoamiCommand)
+    .command(aiCommand)
+    .command(execCommand)
+    .command(defaultPiCommand)
+    .command('chat [prompt..]', false, (command) => command
+    .option('model', { type: 'string', describe: 'Model ID override' })
+    .option('continue', { type: 'boolean', default: false, describe: 'Continue latest thread' })
+    .option('thread', { type: 'string', describe: 'Use an existing thread ID' })
+    .option('url', { type: 'string', describe: 'Runtime API base URL override' })
+    .option('workspace', { type: 'string', describe: 'Workspace/worktree path metadata' }), async (argv) => {
+    const ctx = await resolveContext(argv.url);
+    const threadId = await resolveThreadId({
+        ctx,
+        continueMode: argv.continue,
+        explicitThreadId: argv.thread,
+        workspace: argv.workspace,
+    });
+    const prompt = argv.prompt?.join(' ').trim() || undefined;
+    if (prompt) {
+        await runSingleTurn({ ctx, threadId, model: argv.model, prompt });
+        await ctx.session.logout();
+        return;
+    }
+    await runInteractive({ ctx, initialThreadId: threadId, initialModel: argv.model });
+    await ctx.session.logout();
+})
+    .command('models', 'List available remote models', (command) => command.option('url', { type: 'string', describe: 'Runtime API base URL override' }), async (argv) => {
+    const ctx = await resolveRuntimeAuthContext(argv.url);
+    let models;
+    try {
+        models = await ctx.runtime.listRemoteModels(ctx.session, ctx.runtimeUrl, ctx.apiKey, { fallback: false });
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        throw new Error(`Failed to load cloud models from ${ctx.runtimeUrl}: ${message}`);
+    }
+    if (models.length === 0) {
+        process.stdout.write(`Cloud runtime returned an empty model list.\n`);
+    }
+    else {
+        for (const model of models) {
+            const meta = [model.provider || model.ownedBy, model.contextWindow ? `${model.contextWindow}` : '']
+                .filter(Boolean)
+                .join(' · ');
+            process.stdout.write(`- ${model.id}${meta ? ` (${meta})` : ''}\n`);
+        }
+    }
+    await ctx.session.logout();
+})
+    .command('resume', 'List resumable CLI threads', (command) => command.option('url', { type: 'string', describe: 'Runtime API base URL override' }), async (argv) => {
+    const ctx = await resolveContext(argv.url);
+    const threads = await ctx.runtime.listThreads(ctx.session, ctx.chatId);
+    if (threads.length === 0) {
+        process.stdout.write('No threads found.\n');
+    }
+    else {
+        process.stdout.write(`${threads.map((thread) => `- ${ctx.runtime.formatThreadLabel(thread)}`).join('\n')}\n`);
+    }
+    await ctx.session.logout();
+})
+    .command('fork [thread]', 'Fork a previous interactive session', (command) => command
+    .positional('thread', { type: 'string', describe: 'Thread ID to fork' })
+    .option('last', { type: 'boolean', default: false, describe: 'Fork the most recent thread' }), () => {
+    throw new Error('Fork is not implemented yet for LinX Pod-backed Pi sessions.');
+})
+    .command(hiddenPiAliasCommand)
+    .command(hiddenPiFrontendAliasCommand)
+    .command('codex-native-proxy', 'Start a local app-server websocket proxy for native Codex TUI', (command) => command
+    .option('cwd', {
+    type: 'string',
+    describe: 'Workspace path exposed to the native Codex shell',
+})
+    .option('model', {
+    type: 'string',
+    describe: 'Model override forwarded to the native proxy session metadata',
+})
+    .option('port', {
+    type: 'number',
+    default: 8787,
+    describe: 'Local websocket listen port for codex --remote',
+}), async (argv) => {
+    const proxy = createCodexNativeProxy({
+        cwd: argv.cwd || process.cwd(),
+        model: argv.model,
+        listenPort: argv.port,
+    });
+    await proxy.start();
+    process.stdout.write(`[linx] native codex proxy ready\n`);
+    process.stdout.write(`[linx] connect with: codex --remote ${proxy.remoteUrl} -C ${proxy.record.cwd}\n`);
+    const shutdown = async () => {
+        await proxy.close();
+        process.exit(0);
+    };
+    process.on('SIGINT', () => {
+        void shutdown();
+    });
+    process.on('SIGTERM', () => {
+        void shutdown();
+    });
+    await new Promise(() => { });
+})
+    .command('watch <action> [backend] [prompt..]', 'Run or inspect local watch backends', (command) => command
+    .positional('action', {
+    type: 'string',
+    choices: ['run', 'backends', 'sessions', 'show', 'approvals', 'approve', 'reject', 'codex', 'claude', 'codebuddy'],
+})
+    .positional('backend', {
+    type: 'string',
+    describe: 'Watch backend for `run`, session id for `show`, or approval id for `approve|reject`',
+})
+    .option('mode', {
+    type: 'string',
+    default: 'smart',
+    choices: ['manual', 'smart', 'auto'],
+    describe: 'Unified autonomy mode',
+})
+    .option('model', {
+    type: 'string',
+    describe: 'Backend-native model override',
+})
+    .option('cwd', {
+    type: 'string',
+    describe: 'Working directory for local backend execution',
+})
+    .option('plain', {
+    type: 'boolean',
+    default: false,
+    describe: 'Disable full-screen TUI and use plain streaming output',
+})
+    .option('credential-source', {
+    type: 'string',
+    default: 'auto',
+    choices: ['auto', 'local', 'cloud'],
+    describe: 'Resolve credentials only: local CLI login, LinX cloud config, or auto fallback. Runtime still runs locally.',
+})
+    .option('session', {
+    type: 'boolean',
+    default: false,
+    describe: 'Approve for the current watch session instead of only once.',
+})
+    .option('reason', {
+    type: 'string',
+    describe: 'Optional note recorded with an approval decision.',
+}), async (argv) => {
+    const rawAction = String(argv.action);
+    const directBackend = ['codex', 'claude', 'codebuddy'].includes(rawAction);
+    const action = directBackend ? 'run' : rawAction;
+    if (action === 'backends') {
+        const backends = listSupportedWatchBackends();
+        for (const backend of backends) {
+            process.stdout.write(`- ${backend.backend} (${backend.label})\n`);
+            process.stdout.write(`  ${backend.description}\n`);
+            process.stdout.write(`  manual: ${backend.modes.manual}\n`);
+            process.stdout.write(`  smart: ${backend.modes.smart}\n`);
+            process.stdout.write(`  auto: ${backend.modes.auto}\n`);
+        }
+        return;
+    }
+    if (action === 'sessions') {
+        const sessions = listArchivedWatchSessions();
+        if (sessions.length === 0) {
+            process.stdout.write('No watch sessions found.\n');
+            return;
+        }
+        process.stdout.write(`${sessions.map(formatWatchSessionSummary).join('\n')}\n`);
+        return;
+    }
+    if (action === 'show') {
+        const sessionId = argv.backend ? String(argv.backend) : '';
+        if (!sessionId) {
+            throw new Error('Usage: linx watch show <sessionId>');
+        }
+        const session = loadArchivedWatchSession(sessionId);
+        if (!session) {
+            throw new Error(`Watch session not found: ${sessionId}`);
+        }
+        process.stdout.write(formatArchivedWatchSession(session, loadArchivedWatchEvents(sessionId)));
+        return;
+    }
+    if (action === 'approvals') {
+        const approvals = await listRemoteWatchApprovals();
+        if (approvals.length === 0) {
+            process.stdout.write('No pending remote approvals in the approval inbox.\n');
+            return;
+        }
+        process.stdout.write(`${approvals.map(formatRemoteWatchApprovalSummary).join('\n')}\n`);
+        return;
+    }
+    if (action === 'approve' || action === 'reject') {
+        const approvalId = argv.backend ? String(argv.backend) : '';
+        if (!approvalId) {
+            throw new Error(`Usage: linx watch ${action} <approvalId>`);
+        }
+        const summary = await resolveRemoteWatchApproval({
+            approvalId,
+            decision: action === 'approve'
+                ? (argv.session ? 'accept_for_session' : 'accept')
+                : 'decline',
+            note: argv.reason ? String(argv.reason) : undefined,
+        });
+        process.stdout.write(`${formatRemoteWatchApprovalSummary(summary)}\n`);
+        return;
+    }
+    const backend = (directBackend ? rawAction : argv.backend);
+    if (!backend || !['codex', 'claude', 'codebuddy'].includes(backend)) {
+        throw new Error('Usage: linx watch run <codex|claude|codebuddy> <prompt> [-- backend args]\n   or: linx watch <codex|claude|codebuddy> <prompt>');
+    }
+    const plain = Boolean(argv.plain);
+    const prompt = ((directBackend ? [argv.backend, ...(argv.prompt ?? [])] : argv.prompt) ?? [])
+        .filter((item) => typeof item === 'string')
+        .join(' ')
+        .trim() || undefined;
+    const exitCode = await runWatch({
+        backend,
+        mode: argv.mode,
+        cwd: argv.cwd || process.cwd(),
+        plain,
+        model: argv.model,
+        prompt,
+        passthroughArgs: (argv['--'] ?? []).map(String),
+        credentialSource: argv['credential-source'],
+    });
+    if (exitCode !== 0) {
+        process.exitCode = exitCode;
+    }
+})
+    .strict()
+    .help();
+process.on('unhandledRejection', (error) => {
+    console.error(error instanceof Error ? error.message : String(error));
+    process.exit(1);
+});
+cli.parse();
+//# sourceMappingURL=index.js.map