npm - @undefineds.co/linx - Versions diffs - 0.2.17 → 0.2.19 - Mend

@undefineds.co/linx 0.2.17 → 0.2.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (117) hide show

package/README.md +3 -6
package/dist/generated/version.js +1 -1
package/dist/generated/version.js.map +1 -1
package/dist/index.js +256 -143
package/dist/index.js.map +1 -1
package/dist/lib/account-api.js +1 -1
package/dist/lib/account-api.js.map +1 -1
package/dist/lib/account-session.js +1 -1
package/dist/lib/account-session.js.map +1 -1
package/dist/lib/ai-command.js +186 -367
package/dist/lib/ai-command.js.map +1 -1
package/dist/lib/chat-api.js +177 -19
package/dist/lib/chat-api.js.map +1 -1
package/dist/lib/codex-plugin/bridge.js.map +1 -1
package/dist/lib/codex-plugin/codex-native-proxy.js.map +1 -1
package/dist/lib/codex-plugin/index.js.map +1 -1
package/dist/lib/codex-plugin/runner.js.map +1 -1
package/dist/lib/credentials-store.js +7 -1
package/dist/lib/credentials-store.js.map +1 -1
package/dist/lib/default-model.js +1 -0
package/dist/lib/default-model.js.map +1 -1
package/dist/lib/login-command.js +33 -10
package/dist/lib/login-command.js.map +1 -1
package/dist/lib/models.js +2 -27
package/dist/lib/models.js.map +1 -1
package/dist/lib/node-warning-filter.js +34 -0
package/dist/lib/node-warning-filter.js.map +1 -0
package/dist/lib/oidc-auth.js +130 -18
package/dist/lib/oidc-auth.js.map +1 -1
package/dist/lib/oidc-session-storage.js.map +1 -1
package/dist/lib/pi-adapter/auth.js +47 -11
package/dist/lib/pi-adapter/auth.js.map +1 -1
package/dist/lib/pi-adapter/branding.js +802 -78
package/dist/lib/pi-adapter/branding.js.map +1 -1
package/dist/lib/pi-adapter/index.js.map +1 -1
package/dist/lib/pi-adapter/interactive.js +179 -5
package/dist/lib/pi-adapter/interactive.js.map +1 -1
package/dist/lib/pi-adapter/pod-approval.js +8 -0
package/dist/lib/pi-adapter/pod-approval.js.map +1 -0
package/dist/lib/pi-adapter/pod-mirror-mapping.js +189 -0
package/dist/lib/pi-adapter/pod-mirror-mapping.js.map +1 -0
package/dist/lib/pi-adapter/pod-mirror.js +416 -0
package/dist/lib/pi-adapter/pod-mirror.js.map +1 -0
package/dist/lib/pi-adapter/pod-tools.js +104 -0
package/dist/lib/pi-adapter/pod-tools.js.map +1 -0
package/dist/lib/pi-adapter/runtime.js +327 -28
package/dist/lib/pi-adapter/runtime.js.map +1 -1
package/dist/lib/pi-adapter/session.js +608 -0
package/dist/lib/pi-adapter/session.js.map +1 -0
package/dist/lib/pi-adapter/stream.js +154 -4
package/dist/lib/pi-adapter/stream.js.map +1 -1
package/dist/lib/pi-adapter/theme.js.map +1 -1
package/dist/lib/pi-adapter/web-fetch.js +154 -0
package/dist/lib/pi-adapter/web-fetch.js.map +1 -0
package/dist/lib/pod-chat-store.js +40 -30
package/dist/lib/pod-chat-store.js.map +1 -1
package/dist/lib/pod-data-session.js +110 -0
package/dist/lib/pod-data-session.js.map +1 -0
package/dist/lib/profile-identity.js +16 -60
package/dist/lib/profile-identity.js.map +1 -1
package/dist/lib/prompt.js.map +1 -1
package/dist/lib/runtime-target.js +1 -1
package/dist/lib/runtime-target.js.map +1 -1
package/dist/lib/solid-auth.js.map +1 -1
package/dist/lib/thread-utils.js.map +1 -1
package/dist/lib/watch/archive.js +1 -1
package/dist/lib/watch/archive.js.map +1 -1
package/dist/lib/watch/auth.js +1 -1
package/dist/lib/watch/auth.js.map +1 -1
package/dist/lib/watch/codex-composer.js.map +1 -1
package/dist/lib/watch/codex-footer.js.map +1 -1
package/dist/lib/watch/codex-overlay.js.map +1 -1
package/dist/lib/watch/codex-request-form.js +1 -1
package/dist/lib/watch/codex-request-form.js.map +1 -1
package/dist/lib/watch/codex-request-input.js.map +1 -1
package/dist/lib/watch/display.js.map +1 -1
package/dist/lib/watch/format.js.map +1 -1
package/dist/lib/watch/hooks/claude.js +4 -0
package/dist/lib/watch/hooks/claude.js.map +1 -1
package/dist/lib/watch/hooks/codebuddy.js +4 -0
package/dist/lib/watch/hooks/codebuddy.js.map +1 -1
package/dist/lib/watch/hooks/codex.js +4 -0
package/dist/lib/watch/hooks/codex.js.map +1 -1
package/dist/lib/watch/hooks/index.js.map +1 -1
package/dist/lib/watch/hooks/shared.js +0 -1
package/dist/lib/watch/hooks/shared.js.map +1 -1
package/dist/lib/watch/index.js.map +1 -1
package/dist/lib/watch/pod-ai.js +29 -37
package/dist/lib/watch/pod-ai.js.map +1 -1
package/dist/lib/watch/pod-approval.js +822 -220
package/dist/lib/watch/pod-approval.js.map +1 -1
package/dist/lib/watch/pod-persistence.js +214 -106
package/dist/lib/watch/pod-persistence.js.map +1 -1
package/dist/lib/watch/runner.js +243 -38
package/dist/lib/watch/runner.js.map +1 -1
package/dist/lib/watch/secretary.js +238 -0
package/dist/lib/watch/secretary.js.map +1 -0
package/dist/lib/watch/types.js.map +1 -1
package/dist/watch-cli.js +8 -34
package/dist/watch-cli.js.map +1 -1
package/package.json +3 -9
package/vendor/agent-runtime/dist/acp.d.ts +27 -0
package/vendor/agent-runtime/dist/acp.js +86 -0
package/vendor/agent-runtime/dist/companion-model.d.ts +7 -0
package/vendor/agent-runtime/dist/companion-model.js +12 -0
package/vendor/agent-runtime/dist/index.d.ts +3 -0
package/vendor/agent-runtime/dist/index.js +3 -0
package/vendor/agent-runtime/dist/turn-controller.d.ts +69 -0
package/vendor/agent-runtime/dist/turn-controller.js +129 -0
package/vendor/agent-runtime/package.json +11 -0
package/vendor/client/dist/client/index.d.ts +0 -118
package/vendor/client/dist/client/index.js +0 -260
package/vendor/client/dist/index.d.ts +0 -1
package/vendor/client/dist/index.js +0 -1
package/vendor/client/dist/watch/index.d.ts +0 -226
package/vendor/client/dist/watch/index.js +0 -1114
package/vendor/client/package.json +0 -9

package/README.md CHANGED Viewed

@@ -44,9 +44,7 @@ yarn workspace @undefineds.co/linx dev watch run claude "先总结这个目录
 yarn workspace @undefineds.co/linx dev watch run codebuddy -- --tools Read,Edit
 yarn workspace @undefineds.co/linx dev watch backends
 yarn workspace @undefineds.co/linx dev watch sessions
-yarn workspace @undefineds.co/linx dev watch approvals
-yarn workspace @undefineds.co/linx dev watch approve <approvalId> --session
-yarn workspace @undefineds.co/linx dev watch reject <approvalId> --reason "unsafe command"
+yarn workspace @undefineds.co/linx dev watch show <sessionId>
 ```
 ## Slash Commands
@@ -72,9 +70,8 @@ yarn workspace @undefineds.co/linx dev watch reject <approvalId> --reason "unsaf
 - `--credential-source local|cloud|auto` 只决定凭据来源；`watch` 当前运行时始终是本地，不会因为选 cloud credential source 就切成 cloud runtime
 - `--credential-source cloud` 当前可显式用于 `codex` / `claude` / `codebuddy`，前提是对应 API key 已写进 Pod
 - 单本地会话时，approval 主路径是在当前 watch TUI 内直接处理；不会依赖额外的 approval inbox
-- 默认人工审批同时支持当前本地 watch 和 Pod 远端控制面，谁先决策谁生效
-- 如果本地已 `linx login`，LinX 会把 pending approval 写进 Pod 的 `approval / audit / inbox_notification`
-- `linx watch approvals` / `approve` / `reject` 主要用于远端、后台或多会话场景的 approval inbox；不是本地单会话 watch 的主交互路径
+- 默认人工审批同时支持当前本地 watch 和 Pod 远端控制面，谁先决策谁生效；低上下文的 CLI approval inbox 命令已移除，远端审批队列由 App/Inbox 承载
+- 如果本地已 `linx login`，LinX 会把 pending approval 写进 Pod 的 `approval / audit / inbox_notification`，供 App/Inbox 读取和处理
 - 当前是最小多轮版：本地 REPL、统一 ACP 会话、归档结构化事件
 - 在交互式 TTY 里，`watch run` 会默认进入全屏 TUI；非 TTY / 管道输出会自动降级到 plain mode
 - `linx watch show <sessionId>` 现在会回放归档 timeline，而不是直接输出 `session.json`

package/dist/generated/version.js CHANGED Viewed

@@ -1,3 +1,3 @@
 // Generated by apps/cli/scripts/build.mjs. Keep a committed fallback for direct test compiles.
-export const LINX_CLI_VERSION = "0.2.17";
+export const LINX_CLI_VERSION = "0.2.18";
 //# sourceMappingURL=version.js.map

package/dist/generated/version.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"version.js","sourceRoot":"","sources":["~~../../../../../~~src/generated/version.ts"],"names":[],"mappings":"AAAA,+FAA+F;AAC/F,MAAM,CAAC,MAAM,gBAAgB,GAAG,QAAQ,CAAA"}
1	+ {"version":3,"file":"version.js","sourceRoot":"","sources":["../../src/generated/version.ts"],"names":[],"mappings":"AAAA,+FAA+F;AAC/F,MAAM,CAAC,MAAM,gBAAgB,GAAG,QAAQ,CAAA"}

package/dist/index.js CHANGED Viewed

@@ -1,21 +1,46 @@
 #!/usr/bin/env node
+import './lib/node-warning-filter.js';
+import { readFileSync } from 'node:fs';
 import yargs from 'yargs';
 import { hideBin } from 'yargs/helpers';
 import { aiCommand } from './lib/ai-command.js';
 import { resolveAccountBaseUrl } from './lib/account-api.js';
-import { getClientCredentials, loadCredentials } from './lib/credentials-store.js';
-import { loadAccountSession } from './lib/account-session.js';
+import { loadCredentials } from './lib/credentials-store.js';
 import { loginCommand, logoutCommand, whoamiCommand } from './lib/login-command.js';
-import { runPrintMode } from '@mariozechner/pi-coding-agent';
+import { DefaultPackageManager, SettingsManager, runPrintMode } from '@mariozechner/pi-coding-agent';
 import { promptText } from './lib/prompt.js';
 import { resolveRuntimeTarget } from './lib/runtime-target.js';
 import { createCodexNativeProxy } from './lib/codex-plugin/index.js';
-import { bootstrapPiInteractiveMode, createPiRuntimeAdapter } from './lib/pi-adapter/index.js';
-import { getOidcAccessToken } from './lib/oidc-auth.js';
-import { DEFAULT_LINX_CLOUD_MODEL_ID } from './lib/default-model.js';
+import { bootstrapPiInteractiveMode, createPiRuntimeAdapter, resolveLinxInteractiveLoginReason, resolveLinxStartupLoginPromptDecision } from './lib/pi-adapter/index.js';
+import { isOidcLoginExpiredError } from './lib/oidc-auth.js';
+import { createPodDataSession } from './lib/pod-data-session.js';
+import { DEFAULT_LINX_CLOUD_MODEL_ID, FALLBACK_LINX_CLOUD_MODEL_IDS } from './lib/default-model.js';
+import { createLinxPiSessionManager, formatLinxPiSessionSummary, listLinxPiSessions, } from './lib/pi-adapter/session.js';
+import { LinxPiPodMirror } from './lib/pi-adapter/pod-mirror.js';
 import { LINX_AGENT_DIR } from './lib/pi-adapter/branding.js';
-import { LINX_CLI_VERSION } from './generated/version.js';
-import { formatRemoteWatchApprovalSummary, formatArchivedWatchSession, formatWatchSessionSummary, loadArchivedWatchEvents, listArchivedWatchSessions, listRemoteWatchApprovals, listSupportedWatchBackends, loadArchivedWatchSession, resolveRemoteWatchApproval, runWatch, } from './lib/watch/index.js';
+import { formatArchivedWatchSession, formatWatchSessionSummary, loadArchivedWatchEvents, listArchivedWatchSessions, listSupportedWatchBackends, loadArchivedWatchSession, runWatch, } from './lib/watch/index.js';
+function readPackageVersion() {
+    try {
+        const raw = readFileSync(new URL('../package.json', import.meta.url), 'utf-8');
+        const pkg = JSON.parse(raw);
+        return typeof pkg.version === 'string' && pkg.version.trim() ? pkg.version.trim() : 'unknown';
+    }
+    catch {
+        return 'unknown';
+    }
+}
+function formatRemoteModelMetadata(model) {
+    const provider = resolveRemoteModelProviderLabel(model);
+    return [provider, model.contextWindow ? `${model.contextWindow}` : '']
+        .filter(Boolean)
+        .join(' · ');
+}
+function resolveRemoteModelProviderLabel(model) {
+    if (FALLBACK_LINX_CLOUD_MODEL_IDS.includes(model.id)) {
+        return 'undefineds';
+    }
+    return model.provider || model.ownedBy;
+}
 let chatRuntimePromise = null;
 async function loadChatRuntime() {
     if (!chatRuntimePromise) {
@@ -45,71 +70,53 @@ async function loadChatRuntime() {
 }
 async function resolveContext(urlOverride) {
     const runtime = await loadChatRuntime();
-    const creds = loadCredentials();
-    if (!creds) {
-        throw new Error('No credentials found. Run `linx login` first.');
-    }
+    const podSession = await createLinxPodDataSession();
     const target = resolveRuntimeTarget({
-        issuerUrl: creds.url,
+        issuerUrl: podSession.credentials.url,
         runtimeUrlOverride: urlOverride,
     });
-    const clientCreds = getClientCredentials(creds);
-    if (clientCreds) {
-        const { session, apiKey } = await runtime.authenticate(clientCreds.clientId, clientCreds.clientSecret, target.oidcIssuer);
-        await runtime.initPodData(session);
-        const chatId = await runtime.getOrCreateDefaultChat(session);
-        return { runtimeUrl: target.runtimeUrl, apiKey, session, chatId, runtime };
-    }
-    if (creds.authType === 'oidc_oauth') {
-        const accessToken = await getOidcAccessToken(creds);
-        if (!accessToken) {
-            throw new Error('Failed to restore OIDC access token. Run `linx login` again.');
-        }
-        const pseudoSession = {
-            async logout() { },
-        };
-        const podUrl = loadAccountSession()?.podUrl || creds.webId.replace('/card#me', '').replace(/\/?$/, '/');
-        const session = {
-            ...pseudoSession,
-            info: {
-                isLoggedIn: true,
-                webId: creds.webId,
-                podUrl,
-            },
-            fetch: (url, init) => runtime.authenticatedFetch(url, accessToken, init),
-        };
-        await runtime.initPodData(session);
-        const chatId = await runtime.getOrCreateDefaultChat(session);
-        return { runtimeUrl: target.runtimeUrl, apiKey: accessToken, session, chatId, runtime };
-    }
-    throw new Error('Unsupported LinX auth type. Run `linx login` again.');
+    const apiKey = await resolvePodRuntimeAuthToken(podSession);
+    const session = podSession.solidSession;
+    await runtime.initPodData(session);
+    const chatId = await runtime.getOrCreateDefaultChat(session);
+    return { runtimeUrl: target.runtimeUrl, apiKey, session, podSession, chatId, runtime };
 }
 async function resolveRuntimeAuthContext(urlOverride) {
     const runtime = await loadChatRuntime();
-    const creds = loadCredentials();
-    if (!creds) {
-        throw new Error('No credentials found. Run `linx login` first.');
-    }
+    const podSession = await createLinxPodDataSession();
     const target = resolveRuntimeTarget({
-        issuerUrl: creds.url,
+        issuerUrl: podSession.credentials.url,
         runtimeUrlOverride: urlOverride,
     });
-    const clientCreds = getClientCredentials(creds);
-    if (clientCreds) {
-        const { session, apiKey } = await runtime.authenticate(clientCreds.clientId, clientCreds.clientSecret, target.oidcIssuer);
-        return { runtimeUrl: target.runtimeUrl, apiKey, session, runtime };
+    const apiKey = await resolvePodRuntimeAuthToken(podSession);
+    return {
+        runtimeUrl: target.runtimeUrl,
+        apiKey,
+        session: podSession.solidSession,
+        podSession,
+        runtime,
+    };
+}
+async function createLinxPodDataSession() {
+    if (!loadCredentials()) {
+        throw new Error('No credentials found. Run `linx login` first.');
+    }
+    const podSession = await createPodDataSession();
+    if (!podSession) {
+        throw new Error('Unsupported LinX auth type. Run `linx login` again.');
     }
-    if (creds.authType === 'oidc_oauth') {
-        const accessToken = await getOidcAccessToken(creds);
-        if (!accessToken) {
-            throw new Error('Failed to restore OIDC access token. Run `linx login` again.');
+    return podSession;
+}
+async function resolvePodRuntimeAuthToken(podSession) {
+    try {
+        return await podSession.getRuntimeAuthToken();
+    }
+    catch (error) {
+        if (isOidcLoginExpiredError(error)) {
+            throw new Error('LinX Cloud login expired. Run `linx login` to re-authorize.');
         }
-        const pseudoSession = {
-            async logout() { },
-        };
-        return { runtimeUrl: target.runtimeUrl, apiKey: accessToken, session: pseudoSession, runtime };
+        throw error;
     }
-    throw new Error('Unsupported LinX auth type. Run `linx login` again.');
 }
 async function runSingleTurn(options) {
     const { ctx, threadId, model, prompt } = options;
@@ -142,7 +149,7 @@ async function runInteractive(options) {
     const { ctx, initialThreadId, initialModel, initialPrompt } = options;
     let threadId = initialThreadId;
     let model = initialModel;
-    process.stdout.write(`LinX CLI ready\nthread: ${threadId}\nmodel: ${model || DEFAULT_LINX_CLOUD_MODEL_ID}\n输入 /help 查看命令。\n\n`);
+    process.stdout.write(`LinX CLI ready\nthread: ${threadId}\nmodel: ${model || DEFAULT_LINX_CLOUD_MODEL_ID}\n输入 /hotkeys 查看快捷键。\n\n`);
     if (initialPrompt) {
         await runSingleTurn({ ctx, threadId, model, prompt: initialPrompt });
     }
@@ -154,7 +161,7 @@ async function runInteractive(options) {
             break;
         }
         if (input === '/help') {
-            process.stdout.write('/help 查看帮助\n/threads 列出 threads\n/new 新建 thread\n/use <threadId> 切换 thread\n/model <modelId> 切换模型\n/exit 退出\n\n');
+            process.stdout.write('/hotkeys 查看快捷键\n/threads 列出 threads\n/new 新建 thread\n/use <threadId> 切换 thread\n/model <modelId> 切换模型\n/exit 退出\n\n');
             continue;
         }
         if (input === '/threads') {
@@ -190,34 +197,73 @@ async function runInteractive(options) {
         await runSingleTurn({ ctx, threadId, model, prompt: input });
     }
 }
-async function runPiCommand(argv) {
-    const backend = argv.backend ?? 'cloud';
-    if (!argv.print && backend === 'cloud') {
-        const { resolveLinxPiCloudOAuthCredential } = await import('./lib/pi-adapter/auth.js');
-        const existingCredential = await resolveLinxPiCloudOAuthCredential(undefined);
-        if (!existingCredential) {
-            const answer = (await promptText('LinX Cloud not connected. Open browser login now? [Y/n] ')).trim().toLowerCase();
-            const shouldLoginNow = answer === '' || answer === 'y' || answer === 'yes';
-            if (shouldLoginNow) {
-                const { ensureBrowserConsentLogin } = await import('./lib/oidc-auth.js');
-                process.stdout.write('Opening LinX Cloud login in your browser...\n');
-                try {
-                    const result = await ensureBrowserConsentLogin({
-                        issuerUrl: resolveAccountBaseUrl(),
-                    });
-                    if (result.reusedExistingSession) {
-                        process.stdout.write('Reused existing LinX Cloud session.\n');
-                    }
-                }
-                catch (error) {
-                    process.stdout.write('LinX Cloud login was not completed. Continuing into TUI without auth.\n');
-                    if (error instanceof Error && error.message.trim()) {
-                        process.stdout.write(`${error.message}\n`);
-                    }
-                }
+async function runLinxPackageCommand(command, options = {}) {
+    if ((command === 'install' || command === 'remove') && !options.source) {
+        throw new Error(`Missing ${command} source. Usage: linx ${command} <source> [-l]`);
+    }
+    const cwd = process.cwd();
+    const settingsManager = SettingsManager.create(cwd, LINX_AGENT_DIR);
+    const packageManager = new DefaultPackageManager({
+        cwd,
+        agentDir: LINX_AGENT_DIR,
+        settingsManager,
+    });
+    packageManager.setProgressCallback((event) => {
+        if (event.type === 'start' && event.message) {
+            process.stdout.write(`${event.message}\n`);
+        }
+    });
+    switch (command) {
+        case 'install':
+            await packageManager.installAndPersist(options.source, { local: Boolean(options.local) });
+            process.stdout.write(`Installed ${options.source}\n`);
+            return;
+        case 'remove': {
+            const removed = await packageManager.removeAndPersist(options.source, { local: Boolean(options.local) });
+            if (!removed) {
+                throw new Error(`No matching package found for ${options.source}`);
             }
+            process.stdout.write(`Removed ${options.source}\n`);
+            return;
         }
+        case 'update':
+            await packageManager.update(options.source);
+            process.stdout.write(options.source ? `Updated ${options.source}\n` : 'Updated packages\n');
+            return;
+        case 'list':
+            printConfiguredLinxPackages(packageManager);
+            return;
+    }
+}
+function printConfiguredLinxPackages(packageManager) {
+    const configuredPackages = packageManager.listConfiguredPackages();
+    if (configuredPackages.length === 0) {
+        process.stdout.write('No packages installed.\n');
+        return;
     }
+    const printGroup = (title, packages) => {
+        if (packages.length === 0) {
+            return;
+        }
+        process.stdout.write(`${title}:\n`);
+        for (const pkg of packages) {
+            const display = pkg.filtered ? `${pkg.source} (filtered)` : pkg.source;
+            process.stdout.write(`  ${display}\n`);
+            if (pkg.installedPath) {
+                process.stdout.write(`    ${pkg.installedPath}\n`);
+            }
+        }
+    };
+    printGroup('User packages', configuredPackages.filter((pkg) => pkg.scope === 'user'));
+    printGroup('Project packages', configuredPackages.filter((pkg) => pkg.scope === 'project'));
+}
+async function runPiCommand(argv) {
+    const backend = argv.backend ?? 'cloud';
+    const startupLoginPrompt = await resolveLinxStartupLoginPromptDecision({
+        backend,
+        print: argv.print,
+        issuerUrl: resolveAccountBaseUrl(),
+    });
     const adapter = createPiRuntimeAdapter({
         createNativeProxy(options) {
             return createCodexNativeProxy({
@@ -232,11 +278,11 @@ async function runPiCommand(argv) {
         },
         async listRemoteModels(session, runtimeUrl, apiKey) {
             const chatApi = await import('./lib/chat-api.js');
-            return chatApi.listRemoteModels(session, runtimeUrl, apiKey);
+            return chatApi.listRemoteModels(session, runtimeUrl, apiKey, { fallback: false, timeoutMs: 5000 });
         },
     }, {
         cwd: argv.cwd || process.cwd(),
-        model: argv.model || DEFAULT_LINX_CLOUD_MODEL_ID,
+        model: argv.model,
         backend,
         port: argv.port,
         providerConfig: {
@@ -245,13 +291,39 @@ async function runPiCommand(argv) {
         },
     });
     await adapter.start();
-    const { SessionManager } = await import('@mariozechner/pi-coding-agent');
+    const sessionManager = await createLinxPiSessionManager({
+        cwd: adapter.cwd,
+        agentDir: LINX_AGENT_DIR,
+        session: argv.session,
+        last: argv.last,
+    });
     const runtime = await adapter.createRuntime({
         cwd: adapter.cwd,
         agentDir: LINX_AGENT_DIR,
-        sessionManager: SessionManager.inMemory(adapter.cwd),
+        sessionManager,
+    });
+    const podMirror = new LinxPiPodMirror({
+        cwd: adapter.cwd,
+        sessionManager,
+        onError(error) {
+            if (process.env.LINX_DEBUG === '1') {
+                const message = error instanceof Error ? error.stack || error.message : String(error);
+                process.stderr.write(`[linx pod mirror] ${message}\n`);
+            }
+        },
+    });
+    const unsubscribePodMirror = runtime.session.subscribe((event) => {
+        podMirror.handleEvent(event);
     });
     const interactive = bootstrapPiInteractiveMode(runtime);
+    const bridge = runtime;
+    const loginPromptReason = resolveLinxInteractiveLoginReason({
+        startupDecision: startupLoginPrompt,
+        runtimePromptOnStart: bridge.linxAuthBridge?.shouldPromptLoginOnStart,
+    });
+    if (loginPromptReason) {
+        interactive.requestLogin?.(loginPromptReason);
+    }
     try {
         if (argv.print) {
             const prompt = (argv.prompt ?? []).join(' ').trim();
@@ -267,6 +339,8 @@ async function runPiCommand(argv) {
         await interactive.run();
     }
     finally {
+        unsubscribePodMirror();
+        await podMirror.close().catch(() => undefined);
         interactive.stop();
         await adapter.close();
     }
@@ -279,7 +353,7 @@ function buildPiCommand(command) {
     })
         .option('model', {
         type: 'string',
-        describe: 'Model id to expose through the Pi runtime adapter',
+        describe: 'Model id to expose through the Pi runtime adapter; defaults to the last LinX selection',
     })
         .option('backend', {
         type: 'string',
@@ -301,6 +375,15 @@ function buildPiCommand(command) {
         type: 'boolean',
         default: false,
         describe: 'Run a single prompt without entering interactive mode',
+    })
+        .option('session', {
+        type: 'string',
+        describe: 'Resume a specific LinX/Pi session id or JSONL file',
+    })
+        .option('last', {
+        type: 'boolean',
+        default: false,
+        describe: 'Continue the most recent local LinX/Pi session for this workspace',
     })
         .positional('prompt', {
         array: true,
@@ -338,7 +421,7 @@ const execCommand = {
 };
 const cli = yargs(hideBin(process.argv))
     .scriptName('linx')
-    .version(LINX_CLI_VERSION)
+    .version(readPackageVersion())
     .parserConfiguration({
     'populate--': true,
 })
@@ -346,6 +429,30 @@ const cli = yargs(hideBin(process.argv))
     .command(logoutCommand)
     .command(whoamiCommand)
     .command(aiCommand)
+    .command('install [source]', 'Install a LinX package or extension', (command) => command
+    .positional('source', { type: 'string', describe: 'Package source to install' })
+    .option('local', { alias: 'l', type: 'boolean', default: false, describe: 'Install project-locally (.pi/settings.json)' }), async (argv) => {
+    await runLinxPackageCommand('install', {
+        source: typeof argv.source === 'string' ? argv.source : undefined,
+        local: Boolean(argv.local),
+    });
+})
+    .command('remove [source]', 'Remove a LinX package or extension', (command) => command
+    .positional('source', { type: 'string', describe: 'Package source to remove' })
+    .option('local', { alias: 'l', type: 'boolean', default: false, describe: 'Remove from project settings (.pi/settings.json)' }), async (argv) => {
+    await runLinxPackageCommand('remove', {
+        source: typeof argv.source === 'string' ? argv.source : undefined,
+        local: Boolean(argv.local),
+    });
+})
+    .command('update [source]', 'Update installed LinX packages', (command) => command.positional('source', { type: 'string', describe: 'Package source to update' }), async (argv) => {
+    await runLinxPackageCommand('update', {
+        source: typeof argv.source === 'string' ? argv.source : undefined,
+    });
+})
+    .command('list', 'List installed LinX packages', () => undefined, async () => {
+    await runLinxPackageCommand('list');
+})
     .command(execCommand)
     .command(defaultPiCommand)
     .command('chat [prompt..]', false, (command) => command
@@ -364,11 +471,11 @@ const cli = yargs(hideBin(process.argv))
     const prompt = argv.prompt?.join(' ').trim() || undefined;
     if (prompt) {
         await runSingleTurn({ ctx, threadId, model: argv.model, prompt });
-        await ctx.session.logout();
+        await ctx.podSession.close();
         return;
     }
     await runInteractive({ ctx, initialThreadId: threadId, initialModel: argv.model });
-    await ctx.session.logout();
+    await ctx.podSession.close();
 })
     .command('models', 'List available remote models', (command) => command.option('url', { type: 'string', describe: 'Runtime API base URL override' }), async (argv) => {
     const ctx = await resolveRuntimeAuthContext(argv.url);
@@ -385,24 +492,44 @@ const cli = yargs(hideBin(process.argv))
     }
     else {
         for (const model of models) {
-            const meta = [model.provider || model.ownedBy, model.contextWindow ? `${model.contextWindow}` : '']
-                .filter(Boolean)
-                .join(' · ');
+            const meta = formatRemoteModelMetadata(model);
             process.stdout.write(`- ${model.id}${meta ? ` (${meta})` : ''}\n`);
         }
     }
-    await ctx.session.logout();
+    await ctx.podSession.close();
 })
-    .command('resume', 'List resumable CLI threads', (command) => command.option('url', { type: 'string', describe: 'Runtime API base URL override' }), async (argv) => {
-    const ctx = await resolveContext(argv.url);
-    const threads = await ctx.runtime.listThreads(ctx.session, ctx.chatId);
-    if (threads.length === 0) {
-        process.stdout.write('No threads found.\n');
-    }
-    else {
-        process.stdout.write(`${threads.map((thread) => `- ${ctx.runtime.formatThreadLabel(thread)}`).join('\n')}\n`);
+    .command('resume [session]', 'Resume a previous interactive LinX session', (command) => command
+    .positional('session', { type: 'string', describe: 'Session id/prefix or JSONL file to resume' })
+    .option('last', { type: 'boolean', default: false, describe: 'Resume the most recent local session for this workspace' })
+    .option('cwd', { type: 'string', describe: 'Workspace path for the resumed session' })
+    .option('model', { type: 'string', describe: 'Model id to expose through the Pi runtime adapter' })
+    .option('backend', {
+    type: 'string',
+    default: 'cloud',
+    choices: ['cloud', 'native'],
+    describe: 'Backend mode. Default is cloud; native keeps the local Codex proxy for debugging only.',
+})
+    .option('port', { type: 'number', default: 8787, describe: 'Local websocket port used only when --backend native' })
+    .option('runtime-url', { type: 'string', default: 'https://api.undefineds.co/v1', describe: 'Cloud runtime API base URL' }), async (argv) => {
+    const session = typeof argv.session === 'string' ? argv.session : undefined;
+    if (!session && !argv.last) {
+        const sessions = await listLinxPiSessions(argv.cwd || process.cwd(), LINX_AGENT_DIR);
+        if (sessions.length === 0) {
+            process.stdout.write('No LinX sessions found.\n');
+            return;
+        }
+        process.stdout.write(`${sessions.map(formatLinxPiSessionSummary).join('\n')}\n`);
+        return;
     }
-    await ctx.session.logout();
+    await runPiCommand({
+        cwd: argv.cwd,
+        model: argv.model,
+        backend: argv.backend,
+        port: argv.port,
+        'runtime-url': argv['runtime-url'],
+        session,
+        last: argv.last || !session,
+    });
 })
     .command('fork [thread]', 'Fork a previous interactive session', (command) => command
     .positional('thread', { type: 'string', describe: 'Thread ID to fork' })
@@ -448,11 +575,11 @@ const cli = yargs(hideBin(process.argv))
     .command('watch <action> [backend] [prompt..]', 'Run or inspect local watch backends', (command) => command
     .positional('action', {
     type: 'string',
-    choices: ['run', 'backends', 'sessions', 'show', 'approvals', 'approve', 'reject', 'codex', 'claude', 'codebuddy'],
+    choices: ['run', 'backends', 'sessions', 'show', 'codex', 'claude', 'codebuddy'],
 })
     .positional('backend', {
     type: 'string',
-    describe: 'Watch backend for `run`, session id for `show`, or approval id for `approve|reject`',
+    describe: 'Watch backend for `run` or session id for `show`',
 })
     .option('mode', {
     type: 'string',
@@ -479,14 +606,11 @@ const cli = yargs(hideBin(process.argv))
     choices: ['auto', 'local', 'cloud'],
     describe: 'Resolve credentials only: local CLI login, LinX cloud config, or auto fallback. Runtime still runs locally.',
 })
-    .option('session', {
-    type: 'boolean',
-    default: false,
-    describe: 'Approve for the current watch session instead of only once.',
-})
-    .option('reason', {
+    .option('approval-source', {
     type: 'string',
-    describe: 'Optional note recorded with an approval decision.',
+    default: 'hybrid',
+    choices: ['local', 'remote', 'hybrid'],
+    describe: 'Resolve backend approval requests locally, through Pod remote approvals, or whichever answers first.',
 }), async (argv) => {
     const rawAction = String(argv.action);
     const directBackend = ['codex', 'claude', 'codebuddy'].includes(rawAction);
@@ -523,30 +647,6 @@ const cli = yargs(hideBin(process.argv))
         process.stdout.write(formatArchivedWatchSession(session, loadArchivedWatchEvents(sessionId)));
         return;
     }
-    if (action === 'approvals') {
-        const approvals = await listRemoteWatchApprovals();
-        if (approvals.length === 0) {
-            process.stdout.write('No pending remote approvals in the approval inbox.\n');
-            return;
-        }
-        process.stdout.write(`${approvals.map(formatRemoteWatchApprovalSummary).join('\n')}\n`);
-        return;
-    }
-    if (action === 'approve' || action === 'reject') {
-        const approvalId = argv.backend ? String(argv.backend) : '';
-        if (!approvalId) {
-            throw new Error(`Usage: linx watch ${action} <approvalId>`);
-        }
-        const summary = await resolveRemoteWatchApproval({
-            approvalId,
-            decision: action === 'approve'
-                ? (argv.session ? 'accept_for_session' : 'accept')
-                : 'decline',
-            note: argv.reason ? String(argv.reason) : undefined,
-        });
-        process.stdout.write(`${formatRemoteWatchApprovalSummary(summary)}\n`);
-        return;
-    }
     const backend = (directBackend ? rawAction : argv.backend);
     if (!backend || !['codex', 'claude', 'codebuddy'].includes(backend)) {
         throw new Error('Usage: linx watch run <codex|claude|codebuddy> <prompt> [-- backend args]\n   or: linx watch <codex|claude|codebuddy> <prompt>');
@@ -565,13 +665,26 @@ const cli = yargs(hideBin(process.argv))
         prompt,
         passthroughArgs: (argv['--'] ?? []).map(String),
         credentialSource: argv['credential-source'],
+        approvalSource: argv['approval-source'],
     });
     if (exitCode !== 0) {
         process.exitCode = exitCode;
     }
 })
     .strict()
-    .help();
+    .help()
+    .fail((message, error, yargsInstance) => {
+    if (error) {
+        console.error(error instanceof Error ? error.message : String(error));
+        process.exit(1);
+    }
+    if (message) {
+        console.error(message);
+        process.exit(1);
+    }
+    yargsInstance.showHelp();
+    process.exit(1);
+});
 process.on('unhandledRejection', (error) => {
     console.error(error instanceof Error ? error.message : String(error));
     process.exit(1);