@undefineds.co/linx 0.2.17 → 0.2.19

package/dist/lib/pi-adapter/branding.js

@@ -1,24 +1,46 @@
 import { spawn } from 'node:child_process';
 import { homedir } from 'node:os';
 import { basename, join } from 'node:path';
+import { readFileSync } from 'node:fs';
 import { LINX_HOME_DIRNAME } from '@undefineds.co/models/client';
-import { keyHint, rawKeyHint } from '@mariozechner/pi-coding-agent';
+import { initTheme, keyHint, LoginDialogComponent, rawKeyHint } from '@mariozechner/pi-coding-agent';
 import { Text, truncateToWidth, visibleWidth, wrapTextWithAnsi } from '@mariozechner/pi-tui';
 import { loadCredentials } from '../credentials-store.js';
 import { extractUsernameFromWebId, resolveProfileDisplayName } from '../profile-identity.js';
-import { LINX_CLI_VERSION } from '../../generated/version.js';
 export const LINX_AGENT_DIR = join(homedir(), LINX_HOME_DIRNAME, 'agent');
 export const LINX_UPDATE_PACKAGE_NAME = '@undefineds.co/linx';
 export const LINX_CHANGELOG_URL = 'https://github.com/undefineds-co/linx-cli/releases';
+export const LINX_CLI_VERSION = readLinxCliVersion();
+const LINX_AUTH_LOGIN_IN_PROGRESS = Symbol.for('linx.tui.authLoginInProgress');
+const LINX_AUTH_LOGIN_ON_INIT = Symbol.for('linx.tui.authLoginOnInit');
+const LINX_AUTH_PENDING_RETRY = Symbol.for('linx.tui.authPendingRetry');
+const LINX_AUTH_LOGIN_SCHEDULED = Symbol.for('linx.tui.authLoginScheduled');
+const LINX_AUTH_REPORTING_ERROR = Symbol.for('linx.tui.authReportingError');
 const LINX_UPDATE_IN_PROGRESS = Symbol.for('linx.tui.updateInProgress');
-const LINX_UPDATE_RUNNER = Symbol.for('linx.tui.updateRunner');
+const LINX_PROVIDER_ID = 'undefineds';
+const AUTH_OPTION_BROWSER = 'Authorize in browser';
+const AUTH_OPTION_API_KEY = 'Enter API key';
+const AUTH_OPTION_EXIT = 'Exit';
+const UPDATE_OPTION_INSTALL = 'Install update and restart';
+const UPDATE_OPTION_CHANGELOG = 'Open changelog';
+const UPDATE_OPTION_LATER = 'Later';
 export function applyLinxInteractiveBranding(interactive) {
     patchTerminalTitle(interactive);
     patchVersionCheck(interactive);
     patchUpdateNotification(interactive);
-    patchUpdateCommand(interactive);
+    patchNativeOAuthSelectors(interactive);
+    patchLoginCommand(interactive);
+    patchAuthExpiredSessionEvents(interactive);
+    patchAuthExpiredLoginPrompt(interactive);
     patchHeader(interactive);
 }
+export function requestLinxCloudLogin(interactive, reason = 'manual') {
+    if (!interactive.isInitialized) {
+        interactive[LINX_AUTH_LOGIN_ON_INIT] = reason;
+        return;
+    }
+    void startLinxCloudLogin(interactive, { reason });
+}
 function patchTerminalTitle(interactive) {
     const original = interactive.updateTerminalTitle?.bind(interactive);
     interactive.updateTerminalTitle = function patchedUpdateTerminalTitle() {
@@ -43,7 +65,7 @@ function patchVersionCheck(interactive) {
             }
             const body = await response.json();
             const latest = typeof body.version === 'string' ? body.version.trim() : '';
-            if (!latest || !isNewerVersion(latest, LINX_CLI_VERSION)) {
+            if (!latest || !isVersionNewer(latest, LINX_CLI_VERSION)) {
                 return undefined;
             }
             return latest;
@@ -55,45 +77,109 @@ function patchVersionCheck(interactive) {
 }
 function patchUpdateNotification(interactive) {
     interactive.showNewVersionNotification = function patchedShowNewVersionNotification(newVersion) {
-        const lines = [
-            '\x1b[1m\x1b[33mLinX Update Available\x1b[39m\x1b[22m',
-            `\x1b[2mNew version ${newVersion} is available. \x1b[22m\x1b[36mType /update to install now.\x1b[39m`,
-            `\x1b[2mManual install: \x1b[22m\x1b[36mnpm install -g ${LINX_UPDATE_PACKAGE_NAME}@latest\x1b[39m`,
-            `\x1b[2mChangelog: \x1b[22m\x1b[36m${LINX_CHANGELOG_URL}\x1b[39m`,
-        ];
-        this.chatContainer?.addChild?.(new Text(lines.join('\n'), 1, 0));
-        this.ui?.requestRender?.();
+        void showLinxUpdateSelector(this, newVersion);
     };
 }
-function isNewerVersion(candidate, current) {
-    const candidateParts = parseSemverCore(candidate);
-    const currentParts = parseSemverCore(current);
-    if (!candidateParts || !currentParts) {
-        return candidate !== current;
+async function showLinxUpdateSelector(interactive, newVersion) {
+    if (interactive[LINX_UPDATE_IN_PROGRESS]) {
+        return;
     }
-    for (let index = 0; index < 3; index += 1) {
-        if (candidateParts[index] > currentParts[index]) {
-            return true;
+    interactive[LINX_UPDATE_IN_PROGRESS] = true;
+    try {
+        const title = [
+            'LinX update available',
+            `Current ${LINX_CLI_VERSION} -> latest ${newVersion}`,
+            'Choose how to handle this update.',
+        ].join('\n');
+        const options = [UPDATE_OPTION_INSTALL, UPDATE_OPTION_CHANGELOG, UPDATE_OPTION_LATER];
+        const selected = typeof interactive.showExtensionSelector === 'function'
+            ? await interactive.showExtensionSelector(title, options)
+            : undefined;
+        if (selected === UPDATE_OPTION_INSTALL) {
+            await installLinxUpdateAndRestart(interactive, newVersion);
+            return;
         }
-        if (candidateParts[index] < currentParts[index]) {
-            return false;
+        if (selected === UPDATE_OPTION_CHANGELOG) {
+            openExternalUrl(LINX_CHANGELOG_URL, interactive);
+            interactive.showStatus?.(`Opened LinX changelog for ${newVersion}.`);
+            return;
+        }
+        if (!selected) {
+            showLinxUpdateFallback(interactive, newVersion);
+            return;
         }
+        interactive.showStatus?.(`Skipped LinX ${newVersion} for now.`);
+    }
+    finally {
+        interactive[LINX_UPDATE_IN_PROGRESS] = false;
     }
-    return false;
 }
-function parseSemverCore(version) {
-    const match = version.trim().match(/^(\d+)\.(\d+)\.(\d+)(?:[-+].*)?$/);
-    if (!match) {
-        return null;
+async function installLinxUpdateAndRestart(interactive, newVersion) {
+    interactive.showStatus?.(`Installing LinX ${newVersion}...`);
+    interactive.ui?.requestRender?.();
+    try {
+        await runNpmInstallLatest();
     }
-    return [Number(match[1]), Number(match[2]), Number(match[3])];
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        interactive.showError?.(`LinX update failed: ${message}`);
+        return;
+    }
+    interactive.showStatus?.(`LinX ${newVersion} installed. Restarting...`);
+    interactive.ui?.requestRender?.();
+    restartCurrentProcess(interactive);
 }
-function patchUpdateCommand(interactive) {
+function runNpmInstallLatest() {
+    const npmCommand = process.env.npm_execpath || 'npm';
+    const args = ['install', '-g', '--omit=peer', `${LINX_UPDATE_PACKAGE_NAME}@latest`];
+    return new Promise((resolve, reject) => {
+        const child = spawn(npmCommand, args, {
+            stdio: ['ignore', 'pipe', 'pipe'],
+            shell: false,
+        });
+        let stderr = '';
+        child.stderr?.on('data', (chunk) => {
+            stderr += chunk.toString();
+        });
+        child.on('error', reject);
+        child.on('close', (code) => {
+            if (code === 0) {
+                resolve();
+                return;
+            }
+            reject(new Error(stderr.trim() || `npm install exited with code ${code ?? 'unknown'}`));
+        });
+    });
+}
+function restartCurrentProcess(interactive) {
+    const child = spawn(process.execPath, process.argv.slice(1), {
+        cwd: process.cwd(),
+        env: process.env,
+        stdio: 'inherit',
+        detached: false,
+    });
+    child.on('error', (error) => {
+        interactive.showError?.(`LinX restart failed: ${error.message}`);
+    });
+    interactive.stop?.();
+    setTimeout(() => process.exit(0), 50);
+}
+function showLinxUpdateFallback(interactive, newVersion) {
+    const lines = [
+        '\x1b[1m\x1b[33mLinX update available\x1b[39m\x1b[22m',
+        `\x1b[2mCurrent ${LINX_CLI_VERSION} -> latest ${newVersion}\x1b[22m`,
+        `\x1b[2mRun \x1b[22m\x1b[36mnpm install -g ${LINX_UPDATE_PACKAGE_NAME}@latest\x1b[39m\x1b[2m if this terminal cannot show the update selector.\x1b[22m`,
+        `\x1b[2mChangelog: \x1b[22m\x1b[36m${LINX_CHANGELOG_URL}\x1b[39m`,
+    ];
+    interactive.chatContainer?.addChild?.(new Text(lines.join('\n'), 1, 0));
+    interactive.ui?.requestRender?.();
+}
+function patchLoginCommand(interactive) {
     const originalSetup = interactive.setupEditorSubmitHandler?.bind(interactive);
     if (typeof originalSetup !== 'function') {
         return;
     }
-    interactive.setupEditorSubmitHandler = function patchedSetupEditorSubmitHandler() {
+    interactive.setupEditorSubmitHandler = function patchedLinxLoginSetupEditorSubmitHandler() {
         originalSetup();
         const originalSubmit = this.defaultEditor?.onSubmit?.bind(this.defaultEditor);
         if (typeof originalSubmit !== 'function') {
@@ -101,77 +187,643 @@ function patchUpdateCommand(interactive) {
         }
         this.defaultEditor.onSubmit = async (text) => {
             const command = text.trim();
-            if (command === '/update' || command === '/update linx') {
+            if (command === '/login') {
                 this.editor?.setText?.('');
-                await runLinxUpdateFromTui(this);
+                await startLinxCloudLogin(this);
                 return;
             }
             await originalSubmit(text);
         };
     };
 }
-async function runLinxUpdateFromTui(interactive) {
-    if (interactive[LINX_UPDATE_IN_PROGRESS]) {
-        interactive.showStatus?.('LinX update is already running');
+function patchNativeOAuthSelectors(interactive) {
+    interactive.showOAuthSelector = async function patchedLinxOAuthSelector(mode = 'login') {
+        if (mode === 'logout') {
+            const authStorage = this.session?.modelRegistry?.authStorage;
+            authStorage?.logout?.(LINX_PROVIDER_ID);
+            authStorage?.setRuntimeApiKey?.(LINX_PROVIDER_ID, '');
+            await refreshLinxAuthState(this);
+            this.showStatus?.('Logged out of LinX Cloud.');
+            return;
+        }
+        await startLinxCloudLogin(this, { reason: 'manual' });
+    };
+    interactive.showLoginDialog = async function patchedLinxLoginDialog(providerId) {
+        if (!providerId || providerId === LINX_PROVIDER_ID) {
+            await startLinxCloudLogin(this, { reason: 'manual' });
+            return;
+        }
+        this.showStatus?.('LinX only supports LinX Cloud authentication in this TUI.');
+        await startLinxCloudLogin(this, { reason: 'manual' });
+    };
+}
+function patchAuthExpiredSessionEvents(interactive) {
+    const originalHandleEvent = interactive.handleEvent?.bind(interactive);
+    if (typeof originalHandleEvent !== 'function') {
         return;
     }
-    interactive[LINX_UPDATE_IN_PROGRESS] = true;
-    const packageSpec = `${LINX_UPDATE_PACKAGE_NAME}@latest`;
-    const npmCommand = process.env.npm_execpath && !process.env.npm_execpath.endsWith('npx-cli.js')
-        ? process.execPath
-        : 'npm';
-    const args = npmCommand === process.execPath
-        ? [process.env.npm_execpath, 'install', '-g', packageSpec]
-        : ['install', '-g', packageSpec];
+    interactive.handleEvent = async function patchedHandleEvent(event) {
+        if (eventHasLinxAuthExpiredError(event)) {
+            prepareLinxAuthExpiredRetry(this);
+            suppressLinxAuthExpiredAssistantError(this);
+            scheduleLinxCloudLogin(this, 'expired');
+            return undefined;
+        }
+        const result = await originalHandleEvent(event);
+        return result;
+    };
+}
+function patchAuthExpiredLoginPrompt(interactive) {
+    const originalShowError = interactive.showError?.bind(interactive);
+    if (typeof originalShowError !== 'function') {
+        return;
+    }
+    interactive.showError = function patchedShowError(errorMessage) {
+        const text = typeof errorMessage === 'string' ? errorMessage : String(errorMessage);
+        if (!isLinxAuthExpiredError(text)) {
+            return originalShowError(errorMessage);
+        }
+        scheduleLinxCloudLogin(this, 'expired');
+        return undefined;
+    };
+}
+function isLinxAuthExpiredError(text) {
+    const normalized = stripAnsi(text).toLowerCase();
+    return normalized.includes('linx cloud login expired')
+        || normalized.includes('invalid solid token')
+        || (normalized.includes('chat request failed (401)') && normalized.includes('unauthorized'));
+}
+function eventHasLinxAuthExpiredError(event) {
+    if (!isRecord(event)) {
+        return false;
+    }
+    const message = isRecord(event.message) ? event.message : undefined;
+    const errorMessage = typeof message?.errorMessage === 'string' ? message.errorMessage : '';
+    const error = isRecord(event.error) ? event.error : undefined;
+    const nestedErrorMessage = typeof error?.errorMessage === 'string' ? error.errorMessage : '';
+    return isLinxAuthExpiredError(`${errorMessage}\n${nestedErrorMessage}`);
+}
+async function startLinxCloudLogin(interactive, options = {}) {
+    if (interactive[LINX_AUTH_LOGIN_IN_PROGRESS]) {
+        return;
+    }
+    interactive[LINX_AUTH_LOGIN_IN_PROGRESS] = true;
     try {
-        interactive.showStatus?.(`Installing LinX update: ${packageSpec}`);
-        interactive.ui?.requestRender?.();
-        interactive.ui?.stop?.();
-        const runner = resolveUpdateRunner(interactive);
-        const result = await runner(npmCommand, args);
-        interactive.ui?.start?.();
-        if (result.exitCode === 0) {
-            interactive.showStatus?.('LinX updated. Restart linx to use the new version.');
+        const authStorage = interactive.session?.modelRegistry?.authStorage;
+        if (!authStorage) {
+            prefillLoginCommand(interactive);
+            return;
+        }
+        const reason = options.reason ?? 'manual';
+        const selected = await selectLinxAuthMethod(interactive, reason);
+        if (!selected) {
+            interactive.showStatus?.('LinX Cloud authorization cancelled.');
+            return;
+        }
+        if (selected === AUTH_OPTION_BROWSER) {
+            if (typeof authStorage.login !== 'function') {
+                prefillLoginCommand(interactive);
+                return;
+            }
+            await runLinxCloudBrowserLogin(interactive, authStorage, reason);
+            await refreshLinxAuthState(interactive);
+            await finishLinxAuthSuccess(interactive, reason, 'Browser authorization complete.');
             return;
         }
-        const detail = result.signal ? `signal ${result.signal}` : `exit code ${result.exitCode}`;
-        interactive.showError?.(`LinX update failed with ${detail}`);
+        if (selected === AUTH_OPTION_API_KEY) {
+            await promptForLinxApiKey(interactive, reason);
+            return;
+        }
+        if (selected === AUTH_OPTION_EXIT) {
+            if (reason === 'startup') {
+                interactive.stop?.();
+            }
+            else {
+                interactive.showStatus?.('LinX Cloud authorization cancelled.');
+            }
+        }
     }
     catch (error) {
-        interactive.ui?.start?.();
         const message = error instanceof Error ? error.message : String(error);
-        interactive.showError?.(`LinX update failed: ${message}`);
+        reportLinxLoginError(interactive, message);
     }
     finally {
-        interactive[LINX_UPDATE_IN_PROGRESS] = false;
-        interactive.ui?.requestRender?.();
+        interactive[LINX_AUTH_LOGIN_IN_PROGRESS] = false;
+    }
+}
+function scheduleLinxCloudLogin(interactive, reason) {
+    if (interactive[LINX_AUTH_LOGIN_IN_PROGRESS] || interactive[LINX_AUTH_LOGIN_SCHEDULED]) {
+        return;
+    }
+    interactive[LINX_AUTH_LOGIN_SCHEDULED] = true;
+    setTimeout(() => {
+        interactive[LINX_AUTH_LOGIN_SCHEDULED] = false;
+        void startLinxCloudLogin(interactive, { reason });
+    }, 0);
+}
+function reportLinxLoginError(interactive, message) {
+    const rendered = normalizeLinxLoginError(message);
+    if (interactive[LINX_AUTH_REPORTING_ERROR]) {
+        interactive.showStatus?.(rendered);
+        return;
+    }
+    interactive[LINX_AUTH_REPORTING_ERROR] = true;
+    try {
+        if (typeof interactive.showError === 'function') {
+            interactive.showError(rendered);
+        }
+        else {
+            interactive.showStatus?.(rendered);
+        }
+    }
+    finally {
+        interactive[LINX_AUTH_REPORTING_ERROR] = false;
+    }
+}
+function normalizeLinxLoginError(message) {
+    const oidcCallbackError = /^OIDC callback returned\b/i.test(message);
+    if (oidcCallbackError) {
+        return `LinX Cloud login failed: ${message}`;
+    }
+    if (/server_error/i.test(message)) {
+        return `LinX Cloud login failed: the identity server rejected this browser login. ${message}`;
+    }
+    return `LinX Cloud login failed: ${message}`;
+}
+async function selectLinxAuthMethod(interactive, reason) {
+    const title = buildLinxAuthPromptTitle(reason, resolveRuntimeProviderLabel(interactive));
+    const options = [AUTH_OPTION_BROWSER, AUTH_OPTION_API_KEY, AUTH_OPTION_EXIT];
+    if (typeof interactive.showExtensionSelector === 'function') {
+        return await interactive.showExtensionSelector(title, options);
+    }
+    showLinxAuthFallback(interactive, title, options);
+    return undefined;
+}
+function buildLinxAuthPromptTitle(reason, providerLabel) {
+    if (reason === 'startup') {
+        return [
+            'LinX Cloud login required',
+            `Connect to ${providerLabel} before using LinX TUI.`,
+            'Choose a sign-in method.',
+        ].join('\n');
+    }
+    if (reason === 'expired') {
+        return [
+            'LinX Cloud login expired',
+            'Your current Solid token was rejected by LinX Cloud.',
+            'Re-authorize or provide an API key, then retry your message.',
+        ].join('\n');
+    }
+    return [
+        'LinX Cloud authorization',
+        `Choose how LinX should authenticate with ${providerLabel}.`,
+    ].join('\n');
+}
+function showLinxAuthFallback(interactive, title, options) {
+    interactive.chatContainer?.addChild?.(new Text([
+        `\x1b[1m${title}\x1b[22m`,
+        '',
+        ...options.map((option) => `- ${option}`),
+        '',
+        'This terminal build cannot render the LinX auth selector. Run `linx login` in another shell.',
+    ].join('\n'), 1, 0));
+    interactive.ui?.requestRender?.();
+}
+async function promptForLinxApiKey(interactive, reason) {
+    if (typeof interactive.showExtensionInput !== 'function') {
+        interactive.showError?.('This terminal build cannot collect an API key inside the TUI.');
+        return;
+    }
+    const apiKey = await interactive.showExtensionInput([
+        reason === 'expired' ? 'Enter LinX Cloud API key' : 'Use LinX Cloud API key',
+        'Paste a key for this TUI session. Press Escape to cancel.',
+    ].join('\n'), 'linx API key');
+    const trimmed = typeof apiKey === 'string' ? apiKey.trim() : '';
+    if (!trimmed) {
+        interactive.showStatus?.('LinX Cloud API key entry cancelled.');
+        return;
+    }
+    const authStorage = interactive.session?.modelRegistry?.authStorage;
+    authStorage?.setRuntimeApiKey?.(LINX_PROVIDER_ID, trimmed);
+    authStorage?.set?.(LINX_PROVIDER_ID, { type: 'api_key', key: trimmed });
+    await refreshLinxAuthState(interactive);
+    await finishLinxAuthSuccess(interactive, reason, 'API key saved for this TUI session.');
+}
+async function finishLinxAuthSuccess(interactive, reason, detail) {
+    const prefix = authStatusPrefix(reason);
+    const retryStarted = await retryPendingLinxAuthTurn(interactive, reason);
+    if (retryStarted) {
+        interactive.showStatus?.(`${prefix} ${detail} Retrying your message...`);
+        return;
+    }
+    const suffix = reason === 'expired' ? ' Retry your message.' : '';
+    interactive.showStatus?.(`${prefix} ${detail}${suffix}`);
+}
+function prepareLinxAuthExpiredRetry(interactive) {
+    if (interactive[LINX_AUTH_PENDING_RETRY]) {
+        return;
+    }
+    const session = interactive.session;
+    const sessionManager = session?.sessionManager;
+    const leafId = typeof sessionManager?.getLeafId === 'function'
+        ? sessionManager.getLeafId()
+        : undefined;
+    const leafEntry = leafId && typeof sessionManager?.getEntry === 'function'
+        ? sessionManager.getEntry(leafId)
+        : undefined;
+    const leafMessage = leafEntry?.type === 'message' ? leafEntry.message : undefined;
+    const userEntry = findLastUserMessageEntry(sessionManager, leafId);
+    const promptText = extractUserMessageText(userEntry?.message)
+        ?? extractUserMessageText(leafMessage)
+        ?? findLastUserMessageText(session?.state?.messages);
+    const pending = {
+        continueFromId: userEntry?.id ?? (leafMessage?.role === 'user' ? leafId : undefined),
+        promptText,
+        promptParentId: userEntry?.parentId ?? (leafMessage?.role === 'user' ? leafEntry.parentId : undefined),
+    };
+    interactive[LINX_AUTH_PENDING_RETRY] = pending;
+    // AgentSession persists the assistant error after TUI subscribers run. Restore
+    // the active branch on the next tick so "continue" never resumes from the
+    // failed auth assistant message if the user cancels or login fails.
+    setTimeout(() => {
+        if (interactive[LINX_AUTH_PENDING_RETRY] === pending) {
+            restoreLinxRetryBranch(interactive.session, pending.continueFromId);
+        }
+    }, 0);
+}
+function suppressLinxAuthExpiredAssistantError(interactive) {
+    const streamingComponent = interactive.streamingComponent;
+    if (streamingComponent) {
+        interactive.chatContainer?.removeChild?.(streamingComponent);
+    }
+    interactive.streamingComponent = undefined;
+    interactive.streamingMessage = undefined;
+    interactive.footer?.invalidate?.();
+    interactive.ui?.requestRender?.();
+}
+async function retryPendingLinxAuthTurn(interactive, reason) {
+    if (reason !== 'expired') {
+        return false;
+    }
+    const pending = interactive[LINX_AUTH_PENDING_RETRY];
+    if (!pending) {
+        return false;
+    }
+    interactive[LINX_AUTH_PENDING_RETRY] = undefined;
+    const session = interactive.session;
+    const sessionManager = session?.sessionManager;
+    if (!session || !sessionManager) {
+        return false;
+    }
+    await session.agent?.waitForIdle?.();
+    try {
+        restoreLinxRetryBranch(session, pending.continueFromId);
+        if (typeof session.agent?.continue === 'function') {
+            startLinxContinuation(interactive, session, pending);
+            return true;
+        }
+    }
+    catch (error) {
+        if (!pending.promptText) {
+            throw error;
+        }
+    }
+    if (!pending.promptText || typeof session.prompt !== 'function') {
+        return false;
+    }
+    restoreLinxRetryBranch(session, pending.promptParentId);
+    const promptResult = session.prompt(pending.promptText);
+    if (isPromiseLike(promptResult)) {
+        promptResult.catch((error) => {
+            const message = error instanceof Error ? error.message : String(error);
+            interactive.showError?.(`LinX Cloud retry failed: ${message}`);
+        });
+    }
+    return true;
+}
+function startLinxContinuation(interactive, session, pending) {
+    try {
+        const result = session.agent.continue();
+        if (isPromiseLike(result)) {
+            result.catch((error) => {
+                void retryLinxPromptFallback(interactive, session, pending, error);
+            });
+        }
+    }
+    catch (error) {
+        void retryLinxPromptFallback(interactive, session, pending, error);
     }
 }
-function resolveUpdateRunner(interactive) {
-    return typeof interactive[LINX_UPDATE_RUNNER] === 'function'
-        ? interactive[LINX_UPDATE_RUNNER]
-        : spawnInstall;
+async function retryLinxPromptFallback(interactive, session, pending, cause) {
+    if (!pending.promptText || typeof session?.prompt !== 'function') {
+        const message = cause instanceof Error ? cause.message : String(cause);
+        interactive.showError?.(`LinX Cloud retry failed: ${message}`);
+        return;
+    }
+    try {
+        restoreLinxRetryBranch(session, pending.promptParentId);
+        await session.prompt(pending.promptText);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        interactive.showError?.(`LinX Cloud retry failed: ${message}`);
+    }
+}
+function restoreLinxRetryBranch(session, leafId) {
+    const sessionManager = session?.sessionManager;
+    if (!sessionManager) {
+        return;
+    }
+    if (typeof leafId === 'string' && leafId) {
+        sessionManager.branch?.(leafId);
+    }
+    else if (leafId === null) {
+        sessionManager.resetLeaf?.();
+    }
+    const context = sessionManager.buildSessionContext?.();
+    if (context?.messages && session.agent?.state) {
+        session.agent.state.messages = context.messages;
+    }
+}
+function findLastUserMessageText(messages) {
+    if (!Array.isArray(messages)) {
+        return undefined;
+    }
+    for (let index = messages.length - 1; index >= 0; index -= 1) {
+        const text = extractUserMessageText(messages[index]);
+        if (text) {
+            return text;
+        }
+    }
+    return undefined;
+}
+function findLastUserMessageEntry(sessionManager, leafId) {
+    const branch = typeof sessionManager?.getBranch === 'function' && typeof leafId === 'string'
+        ? sessionManager.getBranch(leafId)
+        : undefined;
+    const entries = Array.isArray(branch) && branch.length > 0
+        ? branch
+        : typeof sessionManager?.getEntries === 'function'
+            ? sessionManager.getEntries()
+            : [];
+    if (!Array.isArray(entries)) {
+        return undefined;
+    }
+    for (let index = entries.length - 1; index >= 0; index -= 1) {
+        const entry = entries[index];
+        if (isRecord(entry)
+            && entry.type === 'message'
+            && typeof entry.id === 'string'
+            && isRecord(entry.message)
+            && entry.message.role === 'user') {
+            return {
+                id: entry.id,
+                parentId: normalizeParentId(entry.parentId),
+                message: entry.message,
+            };
+        }
+    }
+    return undefined;
+}
+function normalizeParentId(parentId) {
+    if (typeof parentId === 'string') {
+        return parentId;
+    }
+    if (parentId === null) {
+        return null;
+    }
+    return undefined;
+}
+function extractUserMessageText(message) {
+    if (!isRecord(message) || message.role !== 'user') {
+        return undefined;
+    }
+    const content = message.content;
+    if (typeof content === 'string') {
+        return content.trim() || undefined;
+    }
+    if (!Array.isArray(content)) {
+        return undefined;
+    }
+    const text = content
+        .filter((entry) => (isRecord(entry) && entry.type === 'text' && typeof entry.text === 'string'))
+        .map((entry) => entry.text)
+        .join('')
+        .trim();
+    return text || undefined;
+}
+async function refreshLinxAuthState(interactive) {
+    interactive.session?.modelRegistry?.refresh?.();
+    await interactive.updateAvailableProviderCount?.();
+    interactive.ui?.requestRender?.();
+}
+function authStatusPrefix(reason) {
+    if (reason === 'expired') {
+        return 'LinX Cloud login refreshed.';
+    }
+    if (reason === 'startup') {
+        return 'LinX Cloud connected.';
+    }
+    return 'LinX Cloud authorization updated.';
+}
+async function runLinxCloudLogin(interactive, authStorage, reason) {
+    await authStorage.login(LINX_PROVIDER_ID, {
+        forceFresh: true,
+        onAuth(info) {
+            showLinxLoginUrl(interactive, info);
+            openLoginUrl(info.url, interactive);
+            if (info.instructions) {
+                interactive.showStatus?.(info.instructions);
+            }
+        },
+        onProgress(message) {
+            interactive.showStatus?.(message);
+            interactive.ui?.requestRender?.();
+        },
+        onManualCodeInput(signal) {
+            return promptForLinxManualRedirectUrl(interactive, signal);
+        },
+    });
+    syncRuntimeCredential(interactive);
+}
+async function runLinxCloudBrowserLogin(interactive, authStorage, reason) {
+    if (canRenderLinxLoginDialog(interactive)) {
+        try {
+            await runLinxCloudLoginDialog(interactive, authStorage, reason);
+            return;
+        }
+        catch (error) {
+            if (!isThemeInitializationError(error)) {
+                throw error;
+            }
+            interactive.showStatus?.('LinX Cloud login prompt unavailable before TUI theme initialization; falling back to browser login.');
+        }
+    }
+    await runLinxCloudLogin(interactive, authStorage, reason);
+}
+function canRenderLinxLoginDialog(interactive) {
+    return Boolean(interactive.ui
+        && typeof interactive.editorContainer?.clear === 'function'
+        && typeof interactive.editorContainer?.addChild === 'function'
+        && typeof interactive.ui?.setFocus === 'function'
+        && typeof interactive.ui?.requestRender === 'function'
+        && interactive.editor);
+}
+async function runLinxCloudLoginDialog(interactive, authStorage, reason) {
+    ensurePiThemeInitialized(interactive);
+    const dialog = new LoginDialogComponent(interactive.ui, LINX_PROVIDER_ID, () => undefined);
+    const restoreEditor = () => {
+        interactive.editorContainer.clear();
+        interactive.editorContainer.addChild(interactive.editor);
+        interactive.ui?.setFocus?.(interactive.editor);
+        interactive.ui?.requestRender?.();
+    };
+    interactive.editorContainer.clear();
+    interactive.editorContainer.addChild(dialog);
+    interactive.ui?.setFocus?.(dialog);
+    interactive.ui?.requestRender?.();
+    let manualRedirectResolve;
+    let manualRedirectReject;
+    const manualRedirectPromise = new Promise((resolve, reject) => {
+        manualRedirectResolve = resolve;
+        manualRedirectReject = reject;
+    });
+    try {
+        await authStorage.login(LINX_PROVIDER_ID, {
+            forceFresh: true,
+            onAuth(info) {
+                dialog.showAuth(info.url, info.instructions);
+                dialog.showManualInput('Paste redirect URL below, or complete login in browser:')
+                    .then((value) => {
+                    if (value && manualRedirectResolve) {
+                        manualRedirectResolve(value);
+                        manualRedirectResolve = undefined;
+                        manualRedirectReject = undefined;
+                    }
+                })
+                    .catch((error) => {
+                    if (manualRedirectReject) {
+                        manualRedirectReject(error);
+                        manualRedirectResolve = undefined;
+                        manualRedirectReject = undefined;
+                    }
+                });
+            },
+            onProgress(message) {
+                dialog.showProgress(message);
+            },
+            onManualCodeInput(signal) {
+                return waitForLinxDialogManualRedirect(manualRedirectPromise, signal);
+            },
+            signal: dialog.signal,
+        });
+        syncRuntimeCredential(interactive);
+    }
+    finally {
+        restoreEditor();
+    }
 }
-function spawnInstall(command, args) {
+function waitForLinxDialogManualRedirect(manualRedirectPromise, signal) {
+    if (!signal) {
+        return manualRedirectPromise;
+    }
+    if (signal.aborted) {
+        return Promise.resolve('');
+    }
     return new Promise((resolve, reject) => {
-        const child = spawn(command, args, {
-            stdio: 'inherit',
-            shell: process.platform === 'win32',
+        const onAbort = () => resolve('');
+        signal.addEventListener('abort', onAbort, { once: true });
+        manualRedirectPromise
+            .then((value) => {
+            signal.removeEventListener('abort', onAbort);
+            resolve(value);
+        })
+            .catch((error) => {
+            signal.removeEventListener('abort', onAbort);
+            reject(error);
         });
-        child.once('error', reject);
-        child.once('close', (exitCode, signal) => resolve({ exitCode, signal }));
     });
 }
+async function promptForLinxManualRedirectUrl(interactive, signal) {
+    if (typeof interactive.showExtensionInput !== 'function') {
+        throw new Error('Manual redirect paste is not available in this terminal. Run `linx login` in another shell if the browser callback is blocked.');
+    }
+    const redirect = await interactive.showExtensionInput([
+        'Paste final redirect URL',
+        'If the browser cannot return to this terminal, paste the full callback URL below.',
+    ].join('\n'), 'http://127.0.0.1:PORT/auth/callback?code=...&state=...&iss=...', signal ? { signal } : undefined);
+    const trimmed = typeof redirect === 'string' ? redirect.trim() : '';
+    if (!trimmed) {
+        throw new Error('Login cancelled');
+    }
+    return trimmed;
+}
+function syncRuntimeCredential(interactive) {
+    const authStorage = interactive.session?.modelRegistry?.authStorage;
+    const credential = authStorage?.get?.(LINX_PROVIDER_ID);
+    if (credential?.type === 'oauth' && typeof credential.access === 'string' && credential.access) {
+        authStorage.setRuntimeApiKey?.(LINX_PROVIDER_ID, credential.access);
+        return;
+    }
+    if (credential?.type === 'api_key' && typeof credential.key === 'string' && credential.key) {
+        authStorage.setRuntimeApiKey?.(LINX_PROVIDER_ID, credential.key);
+    }
+}
+function showLinxLoginUrl(interactive, info) {
+    const lines = [
+        '\x1b[1mLinX Cloud authorization\x1b[22m',
+        'Complete consent in the browser, then return here.',
+        '',
+        `\x1b[36m${info.url}\x1b[39m`,
+    ];
+    if (info.instructions) {
+        lines.push('', `\x1b[2m${info.instructions}\x1b[22m`);
+    }
+    interactive.chatContainer?.addChild?.(new Text(lines.join('\n'), 1, 0));
+    interactive.ui?.requestRender?.();
+}
+function openLoginUrl(url, interactive) {
+    openExternalUrl(url, interactive);
+}
+function openExternalUrl(url, interactive) {
+    if (typeof interactive.openExternal === 'function') {
+        interactive.openExternal(url);
+        return;
+    }
+    const command = process.platform === 'darwin' ? 'open' : process.platform === 'win32' ? 'cmd' : 'xdg-open';
+    const args = process.platform === 'win32' ? ['/c', 'start', '', url] : [url];
+    const child = spawn(command, args, {
+        detached: true,
+        stdio: 'ignore',
+        shell: false,
+    });
+    child.unref();
+}
+function prefillLoginCommand(interactive) {
+    interactive.editor?.setText?.('/login');
+    interactive.ui?.setFocus?.(interactive.editor);
+    interactive.ui?.requestRender?.();
+}
 function patchHeader(interactive) {
-    const originalInit = interactive.init.bind(interactive);
+    const originalInit = interactive.init?.bind(interactive);
+    if (typeof originalInit !== 'function') {
+        return;
+    }
     interactive.init = async function patchedInit() {
         await originalInit();
+        if (this[LINX_AUTH_LOGIN_ON_INIT]) {
+            const reason = typeof this[LINX_AUTH_LOGIN_ON_INIT] === 'string'
+                ? this[LINX_AUTH_LOGIN_ON_INIT]
+                : 'startup';
+            this[LINX_AUTH_LOGIN_ON_INIT] = false;
+            queueMicrotask(() => startLinxCloudLogin(this, { reason }));
+        }
         const quietStartup = this.options?.verbose ? false : this.settingsManager?.getQuietStartup?.();
         if (quietStartup) {
             return;
         }
         let profileDisplayName = null;
-        const replacement = new LinxWelcomeCard(() => buildHeaderState(this, profileDisplayName));
+        const replacement = new LinxWelcomeCard(() => buildLinxWelcomeCardState(this, profileDisplayName));
         const currentHeader = this.customHeader ?? this.builtInHeader;
         const index = this.headerContainer?.children?.indexOf?.(currentHeader) ?? -1;
         if (index >= 0) {
@@ -227,13 +879,13 @@ class LinxWelcomeCard {
         ];
     }
 }
-function buildHeaderState(interactive, profileDisplayName = null) {
+export function buildLinxWelcomeCardState(interactive, profileDisplayName = null) {
     const credentials = loadCredentials();
     const webId = credentials?.webId ?? 'not logged in';
     const workspace = interactive?.sessionManager?.getCwd?.() || process.cwd();
     const sessionId = interactive?.sessionManager?.getSessionId?.();
     const sessionName = interactive?.sessionManager?.getSessionName?.();
-    const session = sessionName && sessionId ? `${sessionName} (${shortSessionId(sessionId)})` : shortSessionId(sessionId);
+    const session = sessionName && sessionId ? `${sessionName} (${formatSessionId(sessionId)})` : formatSessionId(sessionId);
     const model = interactive?.session?.model?.id ?? 'unknown-model';
     return {
         webId,
@@ -243,13 +895,38 @@ function buildHeaderState(interactive, profileDisplayName = null) {
         workspace,
         session,
         next: [
-            keyHint('tui.input.submit', 'send'),
-            keyHint('app.model.select', 'model'),
+            safeKeyHint('tui.input.submit', 'send', 'enter send'),
+            safeKeyHint('app.model.select', 'model', 'ctrl+l model'),
             rawKeyHint('/login', 'auth'),
-            rawKeyHint('/help', 'help'),
+            rawKeyHint('/hotkeys', 'keymap'),
         ].join(' \x1b[2m·\x1b[22m '),
     };
 }
+function safeKeyHint(command, label, fallback) {
+    try {
+        return keyHint(command, label);
+    }
+    catch (error) {
+        if (isThemeInitializationError(error)) {
+            return fallback;
+        }
+        throw error;
+    }
+}
+function isThemeInitializationError(error) {
+    return error instanceof Error && error.message.includes('Theme not initialized');
+}
+function ensurePiThemeInitialized(interactive) {
+    try {
+        keyHint('tui.select.cancel', 'cancel');
+    }
+    catch (error) {
+        if (!isThemeInitializationError(error)) {
+            throw error;
+        }
+        initTheme(interactive?.settingsManager?.getTheme?.());
+    }
+}
 function renderField(label, value, width) {
     const prefix = `\x1b[2m${label}\x1b[22m`;
     const paddedPrefix = prefix + ' '.repeat(Math.max(1, 10 - visibleWidth(prefix)));
@@ -264,11 +941,11 @@ function wrapAndPad(line, width) {
         ? wrapped.map((entry) => padLine(entry, width))
         : [padLine('', width)];
 }
-function shortSessionId(sessionId) {
+function formatSessionId(sessionId) {
     if (typeof sessionId !== 'string' || !sessionId.trim()) {
         return 'new session';
     }
-    return sessionId.length > 12 ? sessionId.slice(0, 12) : sessionId;
+    return sessionId.trim();
 }
 function padLine(line, width) {
     const visible = visibleWidth(line);
@@ -277,12 +954,50 @@ function padLine(line, width) {
     }
     return `${line}${' '.repeat(width - visible)}`;
 }
+function readLinxCliVersion() {
+    try {
+        const raw = readFileSync(new URL('../../../package.json', import.meta.url), 'utf-8');
+        const pkg = JSON.parse(raw);
+        return typeof pkg.version === 'string' && pkg.version.trim() ? pkg.version.trim() : '0.1.0';
+    }
+    catch {
+        return '0.1.0';
+    }
+}
+export function isVersionNewer(candidate, current) {
+    const candidateVersion = parseSemverLike(candidate);
+    const currentVersion = parseSemverLike(current);
+    if (!candidateVersion || !currentVersion) {
+        return candidate !== current;
+    }
+    for (const key of ['major', 'minor', 'patch']) {
+        if (candidateVersion[key] > currentVersion[key]) {
+            return true;
+        }
+        if (candidateVersion[key] < currentVersion[key]) {
+            return false;
+        }
+    }
+    return !candidateVersion.prerelease && currentVersion.prerelease;
+}
+function parseSemverLike(version) {
+    const match = /^(\d+)\.(\d+)\.(\d+)(?:-([0-9A-Za-z.-]+))?(?:\+.+)?$/.exec(version.trim());
+    if (!match) {
+        return null;
+    }
+    return {
+        major: Number(match[1]),
+        minor: Number(match[2]),
+        patch: Number(match[3]),
+        prerelease: Boolean(match[4]),
+    };
+}
 function resolveRuntimeProviderLabel(interactive) {
     const bridge = interactive?.runtimeHost?.linxAuthBridge ?? interactive?.linxAuthBridge;
     if (bridge?.providerLabel) {
         return bridge.providerLabel;
     }
-    return 'undefineds(cloud)';
+    return 'undefineds';
 }
 async function suppressPodStatusOutput(operation) {
     if (process.env.LINX_TUI_SHOW_POD_STATUS === '1') {
@@ -327,4 +1042,13 @@ function stripPodStatusLines(input) {
         .replace(new RegExp(String.raw `Using WebID:\s*${urlPattern}[ \t]*(?:\r?\n)?`, 'g'), '')
         .replace(/Successfully connected to Solid Pod[ \t]*(?:\r?\n)?/g, '');
 }
+function isRecord(value) {
+    return typeof value === 'object' && value !== null;
+}
+function stripAnsi(text) {
+    return text.replace(/\x1b\[[0-?]*[ -/]*[@-~]/g, '');
+}
+function isPromiseLike(value) {
+    return isRecord(value) && typeof value.then === 'function';
+}
 //# sourceMappingURL=branding.js.map