acpx 0.7.0 → 0.8.0

package/README.md

@@ -86,8 +86,12 @@ I want you to use acpx to run coding agents over the Agent Client Protocol
    Or without installing:
    npx acpx@latest
 
-2. Install the acpx skill so you have the full reference available:
-   npx acpx@latest --skill install acpx
+2. For Pi or OpenClaw, use the reference URL below. For Codex-style skill
+   installation, install the acpx skill so you have the full reference
+   available:
+   npx acpx@latest --skill install acpx --agent codex --scope user
+   Use --agent claude for Claude Code. For another harness not listed by
+   --skill install --help, use the reference URL below instead.
 
 3. Read the acpx skill reference so you know every command, flag, and
    workflow pattern:
@@ -202,6 +206,7 @@ acpx --approve-all codex 'apply the patch and run tests'
 acpx --approve-reads codex 'inspect repo structure and suggest plan' # default mode
 acpx --deny-all codex 'explain what you can do without tool access'
 acpx --non-interactive-permissions fail codex 'fail instead of deny in non-TTY'
+acpx --policy '{"escalate":["execute"],"defaultAction":"deny"}' --format json codex exec 'ask before shell'
 
 acpx --cwd ~/repos/backend codex 'review recent auth changes'
 acpx --format text codex 'summarize your findings'

package/dist/{cli-T-Z-9x6a.js → cli-BGYGVo3b.js}

@@ -1,6 +1,6 @@
-import { w as permissionModeSatisfies } from "./prompt-turn-CVPMWdj1.js";
-import { _ as resolvePermissionMode, a as hasExplicitPermissionModeFlag, g as resolveOutputPolicy, h as resolveGlobalFlags, m as resolveAgentInvocation } from "./flags-Dj-IXgo9.js";
-import { c as validateFlowDefinition, h as isDefinedFlow, o as FlowRunner } from "./flows-CF8w1rPI.js";
+import { j as permissionModeSatisfies } from "./live-checkpoint-B9ctAuqV.js";
+import { _ as resolveOutputPolicy, a as hasExplicitPermissionModeFlag, b as loadPermissionPolicySpec, g as resolveGlobalFlags, h as resolveAgentInvocation, v as resolvePermissionMode } from "./flags-D706STfk.js";
+import { c as validateFlowDefinition, h as isDefinedFlow, o as FlowRunner } from "./flows-hcjHmU7P.js";
 import { fileURLToPath, pathToFileURL } from "node:url";
 import path from "node:path";
 import { InvalidArgumentError } from "commander";
@@ -20,6 +20,7 @@ const TEXT_MODULE_EXTENSIONS = new Set([
 async function handleFlowRun(flowFile, flags, command, config) {
 	const globalFlags = resolveGlobalFlags(command, config);
 	const permissionMode = resolvePermissionMode(globalFlags, config.defaultPermissions);
+	const permissionPolicy = await resolveFlowPermissionPolicy(globalFlags);
 	const outputPolicy = resolveOutputPolicy(globalFlags.format, globalFlags.jsonStrict === true);
 	const input = await readFlowInput(flags);
 	const flowPath = path.resolve(flowFile);
@@ -32,6 +33,7 @@ async function handleFlowRun(flowFile, flags, command, config) {
 		permissionMode,
 		mcpServers: config.mcpServers,
 		nonInteractivePermissions: globalFlags.nonInteractivePermissions,
+		permissionPolicy,
 		authCredentials: config.auth,
 		authPolicy: globalFlags.authPolicy,
 		timeoutMs: globalFlags.timeout,
@@ -45,6 +47,13 @@ async function handleFlowRun(flowFile, flags, command, config) {
 		}
 	}).run(flow, input, { flowPath }), globalFlags);
 }
+async function resolveFlowPermissionPolicy(globalFlags) {
+	try {
+		return await loadPermissionPolicySpec(globalFlags.permissionPolicy, globalFlags.cwd);
+	} catch (error) {
+		throw new InvalidArgumentError(`Invalid permission policy: ${error instanceof Error ? error.message : String(error)}`);
+	}
+}
 function assertFlowPermissionRequirements(flow, permissionMode, globalFlags) {
 	const permissions = flow.permissions;
 	if (!permissions) return;
@@ -98,14 +107,30 @@ async function prepareFlowModuleImport(flowPath, extension) {
 }
 function resolveFlowRuntimeImportSpecifier() {
 	const selfPath = fileURLToPath(import.meta.url);
-	if (selfPath.endsWith(`${path.sep}src${path.sep}flows${path.sep}cli.ts`)) return new URL("../flows.ts", import.meta.url).href;
-	if (selfPath.endsWith(`${path.sep}src${path.sep}flows${path.sep}cli.js`)) return new URL("../flows.js", import.meta.url).href;
-	return new URL("./flows.js", import.meta.url).href;
+	let runtimePath;
+	if (selfPath.endsWith(`${path.sep}src${path.sep}flows${path.sep}cli.ts`)) runtimePath = fileURLToPath(new URL("../flows.ts", import.meta.url));
+	else if (selfPath.endsWith(`${path.sep}src${path.sep}flows${path.sep}cli.js`)) runtimePath = fileURLToPath(new URL("../flows.js", import.meta.url));
+	else runtimePath = fileURLToPath(new URL("./flows.js", import.meta.url));
+	return runtimePath.replaceAll(path.sep, "/");
 }
 async function loadFlowRuntimeModule(flowUrl, extension) {
-	if (extension === ".ts" || extension === ".tsx" || extension === ".mts" || extension === ".cts") {
-		const { tsImport } = await import("tsx/esm/api");
-		return await tsImport(flowUrl, import.meta.url);
+	if (extension === ".ts" || extension === ".tsx" || extension === ".cts") {
+		const { register } = await import("tsx/cjs/api");
+		const loader = register({ namespace: randomUUID() });
+		try {
+			return loader.require(flowUrl, import.meta.url);
+		} finally {
+			loader.unregister();
+		}
+	}
+	if (extension === ".mts") {
+		const { register } = await import("tsx/esm/api");
+		const loader = register({ namespace: randomUUID() });
+		try {
+			return await loader.import(flowUrl, import.meta.url);
+		} finally {
+			await loader.unregister();
+		}
 	}
 	return await import(flowUrl);
 }
@@ -169,4 +194,4 @@ function printFlowRunResult(result, globalFlags) {
 //#endregion
 export { handleFlowRun };
 
-//# sourceMappingURL=cli-T-Z-9x6a.js.map
+//# sourceMappingURL=cli-BGYGVo3b.js.map

package/dist/cli-BGYGVo3b.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli-BGYGVo3b.js","names":[],"sources":["../src/flows/cli.ts"],"sourcesContent":["import { randomUUID } from \"node:crypto\";\nimport fs from \"node:fs/promises\";\nimport path from \"node:path\";\nimport { fileURLToPath, pathToFileURL } from \"node:url\";\nimport { InvalidArgumentError, type Command } from \"commander\";\nimport type { ResolvedAcpxConfig } from \"../cli/config.js\";\nimport {\n  hasExplicitPermissionModeFlag,\n  resolveAgentInvocation,\n  resolveGlobalFlags,\n  resolveOutputPolicy,\n  resolvePermissionMode,\n  type GlobalFlags,\n} from \"../cli/flags.js\";\nimport { type FlowDefinition, FlowRunner } from \"../flows.js\";\nimport { loadPermissionPolicySpec } from \"../permission-policy.js\";\nimport { permissionModeSatisfies } from \"../permissions.js\";\nimport type { PermissionMode } from \"../types.js\";\nimport { isDefinedFlow } from \"./authoring.js\";\nimport { validateFlowDefinition } from \"./graph.js\";\n\ntype FlowRunFlags = {\n  inputJson?: string;\n  inputFile?: string;\n  defaultAgent?: string;\n};\n\nconst FLOW_RUNTIME_SPECIFIER = \"acpx/flows\";\nconst TEXT_MODULE_EXTENSIONS = new Set([\".js\", \".mjs\", \".cjs\", \".ts\", \".tsx\", \".mts\", \".cts\"]);\n\nexport async function handleFlowRun(\n  flowFile: string,\n  flags: FlowRunFlags,\n  command: Command,\n  config: ResolvedAcpxConfig,\n): Promise<void> {\n  const globalFlags = resolveGlobalFlags(command, config);\n  const permissionMode = resolvePermissionMode(globalFlags, config.defaultPermissions);\n  const permissionPolicy = await resolveFlowPermissionPolicy(globalFlags);\n  const outputPolicy = resolveOutputPolicy(globalFlags.format, globalFlags.jsonStrict === true);\n  const input = await readFlowInput(flags);\n  const flowPath = path.resolve(flowFile);\n  const flow = await loadFlowModule(flowPath);\n  assertFlowPermissionRequirements(flow, permissionMode, globalFlags);\n\n  const runner = new FlowRunner({\n    resolveAgent: (profile?: string) => {\n      return resolveAgentInvocation(profile ?? flags.defaultAgent, globalFlags, config);\n    },\n    permissionMode,\n    mcpServers: config.mcpServers,\n    nonInteractivePermissions: globalFlags.nonInteractivePermissions,\n    permissionPolicy,\n    authCredentials: config.auth,\n    authPolicy: globalFlags.authPolicy,\n    timeoutMs: globalFlags.timeout,\n    ttlMs: globalFlags.ttl,\n    verbose: globalFlags.verbose,\n    suppressSdkConsoleErrors: outputPolicy.suppressSdkConsoleErrors,\n    sessionOptions: {\n      model: globalFlags.model,\n      allowedTools: globalFlags.allowedTools,\n      maxTurns: globalFlags.maxTurns,\n    },\n  });\n\n  const result = await runner.run(flow, input, {\n    flowPath,\n  });\n\n  printFlowRunResult(result, globalFlags);\n}\n\nasync function resolveFlowPermissionPolicy(globalFlags: GlobalFlags) {\n  try {\n    return await loadPermissionPolicySpec(globalFlags.permissionPolicy, globalFlags.cwd);\n  } catch (error) {\n    const message = error instanceof Error ? error.message : String(error);\n    throw new InvalidArgumentError(`Invalid permission policy: ${message}`);\n  }\n}\n\nfunction assertFlowPermissionRequirements(\n  flow: FlowDefinition,\n  permissionMode: PermissionMode,\n  globalFlags: GlobalFlags,\n): void {\n  const permissions = flow.permissions;\n  if (!permissions) {\n    return;\n  }\n\n  if (permissions.requireExplicitGrant && !hasExplicitPermissionModeFlag(globalFlags)) {\n    throw new InvalidArgumentError(\n      buildFlowPermissionFailureMessage(flow, permissions.requiredMode, permissions.reason, true),\n    );\n  }\n\n  if (!permissionModeSatisfies(permissionMode, permissions.requiredMode)) {\n    throw new InvalidArgumentError(\n      buildFlowPermissionFailureMessage(flow, permissions.requiredMode, permissions.reason, false),\n    );\n  }\n}\n\nfunction buildFlowPermissionFailureMessage(\n  flow: FlowDefinition,\n  requiredMode: PermissionMode,\n  reason?: string,\n  explicit = false,\n): string {\n  return [\n    explicit\n      ? `Flow \"${flow.name}\" requires an explicit ${requiredMode} grant.`\n      : `Flow \"${flow.name}\" requires permission mode ${requiredMode}.`,\n    `Rerun with --${requiredMode}.`,\n    ...(reason ? [`Reason: ${reason}`] : []),\n  ].join(\" \");\n}\n\nasync function readFlowInput(flags: FlowRunFlags): Promise<unknown> {\n  if (flags.inputJson && flags.inputFile) {\n    throw new InvalidArgumentError(\"Use only one of --input-json or --input-file\");\n  }\n\n  if (flags.inputJson) {\n    return parseJsonInput(flags.inputJson, \"--input-json\");\n  }\n\n  if (flags.inputFile) {\n    const inputPath = path.resolve(flags.inputFile);\n    const payload = await fs.readFile(inputPath, \"utf8\");\n    return parseJsonInput(payload, \"--input-file\");\n  }\n\n  return {};\n}\n\nasync function loadFlowModule(flowPath: string): Promise<FlowDefinition> {\n  const extension = path.extname(flowPath).toLowerCase();\n  const prepared = await prepareFlowModuleImport(flowPath, extension);\n  try {\n    const module = await loadFlowRuntimeModule(prepared.flowUrl, extension);\n\n    const candidate = findFlowDefinition(module);\n    if (!candidate) {\n      throw new Error(\n        `Flow module must export default defineFlow({...}) from \"acpx/flows\": ${flowPath}`,\n      );\n    }\n    validateFlowDefinition(candidate);\n    return candidate;\n  } finally {\n    await prepared.cleanup?.();\n  }\n}\n\nasync function prepareFlowModuleImport(\n  flowPath: string,\n  extension: string,\n): Promise<{\n  flowUrl: string;\n  cleanup?: () => Promise<void>;\n}> {\n  const flowUrl = pathToFileURL(flowPath).href;\n  if (!TEXT_MODULE_EXTENSIONS.has(extension)) {\n    return { flowUrl };\n  }\n\n  const source = await fs.readFile(flowPath, \"utf8\");\n  if (!source.includes(FLOW_RUNTIME_SPECIFIER)) {\n    return { flowUrl };\n  }\n\n  const runtimeSpecifier = resolveFlowRuntimeImportSpecifier();\n  const rewritten = source.replaceAll(\n    /([\"'])acpx\\/flows\\1/g,\n    (_match, quote: string) => `${quote}${runtimeSpecifier}${quote}`,\n  );\n  if (rewritten === source) {\n    return { flowUrl };\n  }\n\n  const tempPath = path.join(path.dirname(flowPath), `.acpx-flow-load-${randomUUID()}${extension}`);\n  await fs.writeFile(tempPath, rewritten, \"utf8\");\n  return {\n    flowUrl: pathToFileURL(tempPath).href,\n    cleanup: async () => {\n      await fs.rm(tempPath, { force: true });\n    },\n  };\n}\n\nfunction resolveFlowRuntimeImportSpecifier(): string {\n  const selfPath = fileURLToPath(import.meta.url);\n  let runtimePath: string;\n\n  if (selfPath.endsWith(`${path.sep}src${path.sep}flows${path.sep}cli.ts`)) {\n    runtimePath = fileURLToPath(new URL(\"../flows.ts\", import.meta.url));\n  } else if (selfPath.endsWith(`${path.sep}src${path.sep}flows${path.sep}cli.js`)) {\n    runtimePath = fileURLToPath(new URL(\"../flows.js\", import.meta.url));\n  } else {\n    runtimePath = fileURLToPath(new URL(\"./flows.js\", import.meta.url));\n  }\n  return runtimePath.replaceAll(path.sep, \"/\");\n}\n\nasync function loadFlowRuntimeModule(\n  flowUrl: string,\n  extension: string,\n): Promise<{\n  default?: unknown;\n  \"module.exports\"?: unknown;\n}> {\n  if (extension === \".ts\" || extension === \".tsx\" || extension === \".cts\") {\n    const { register } = (await import(\"tsx/cjs/api\")) as {\n      register: (options: { namespace: string }) => {\n        require: (\n          specifier: string,\n          parentURL: string,\n        ) => {\n          default?: unknown;\n          \"module.exports\"?: unknown;\n        };\n        unregister: () => void;\n      };\n    };\n    const loader = register({ namespace: randomUUID() });\n    try {\n      return loader.require(flowUrl, import.meta.url);\n    } finally {\n      loader.unregister();\n    }\n  }\n\n  if (extension === \".mts\") {\n    const { register } = (await import(\"tsx/esm/api\")) as {\n      register: (options: { namespace: string }) => {\n        import: (\n          specifier: string,\n          parentURL: string,\n        ) => Promise<{\n          default?: unknown;\n          \"module.exports\"?: unknown;\n        }>;\n        unregister: () => Promise<void>;\n      };\n    };\n    const loader = register({ namespace: randomUUID() });\n    try {\n      return (await loader.import(flowUrl, import.meta.url)) as {\n        default?: unknown;\n        \"module.exports\"?: unknown;\n      };\n    } finally {\n      await loader.unregister();\n    }\n  }\n\n  return (await import(flowUrl)) as {\n    default?: unknown;\n    \"module.exports\"?: unknown;\n  };\n}\n\nfunction findFlowDefinition(module: {\n  default?: unknown;\n  \"module.exports\"?: unknown;\n}): FlowDefinition | null {\n  const candidates = [\n    module.default,\n    module[\"module.exports\"],\n    getNestedDefault(module.default),\n    getNestedDefault(module[\"module.exports\"]),\n  ];\n\n  for (const candidate of candidates) {\n    if (isDefinedFlow(candidate)) {\n      return candidate;\n    }\n  }\n\n  return null;\n}\n\nfunction getNestedDefault(value: unknown): unknown {\n  if (!value || typeof value !== \"object\" || !(\"default\" in value)) {\n    return null;\n  }\n  return (value as { default?: unknown }).default ?? null;\n}\n\nfunction parseJsonInput(raw: string, label: string): unknown {\n  try {\n    return JSON.parse(raw);\n  } catch (error) {\n    throw new InvalidArgumentError(\n      `${label} must contain valid JSON: ${error instanceof Error ? error.message : String(error)}`,\n    );\n  }\n}\n\nfunction printFlowRunResult(\n  result: Awaited<ReturnType<FlowRunner[\"run\"]>>,\n  globalFlags: GlobalFlags,\n): void {\n  const payload = {\n    action: \"flow_run_result\",\n    runId: result.state.runId,\n    flowName: result.state.flowName,\n    runTitle: result.state.runTitle,\n    flowPath: result.state.flowPath,\n    status: result.state.status,\n    currentNode: result.state.currentNode,\n    currentNodeType: result.state.currentNodeType,\n    currentNodeStartedAt: result.state.currentNodeStartedAt,\n    lastHeartbeatAt: result.state.lastHeartbeatAt,\n    statusDetail: result.state.statusDetail,\n    waitingOn: result.state.waitingOn,\n    runDir: result.runDir,\n    outputs: result.state.outputs,\n    sessionBindings: result.state.sessionBindings,\n  };\n\n  if (globalFlags.format === \"json\") {\n    process.stdout.write(`${JSON.stringify(payload)}\\n`);\n    return;\n  }\n\n  if (globalFlags.format === \"quiet\") {\n    process.stdout.write(`${result.state.runId}\\n`);\n    return;\n  }\n\n  process.stdout.write(`runId: ${payload.runId}\\n`);\n  process.stdout.write(`flow: ${payload.flowName}\\n`);\n  if (payload.runTitle) {\n    process.stdout.write(`title: ${payload.runTitle}\\n`);\n  }\n  process.stdout.write(`status: ${payload.status}\\n`);\n  process.stdout.write(`runDir: ${payload.runDir}\\n`);\n  if (payload.currentNode) {\n    process.stdout.write(`currentNode: ${payload.currentNode}\\n`);\n  }\n  if (payload.statusDetail) {\n    process.stdout.write(`statusDetail: ${payload.statusDetail}\\n`);\n  }\n  if (payload.waitingOn) {\n    process.stdout.write(`waitingOn: ${payload.waitingOn}\\n`);\n  }\n  process.stdout.write(`${JSON.stringify(payload.outputs, null, 2)}\\n`);\n}\n"],"mappings":";;;;;;;;;AA2BA,MAAM,yBAAyB;AAC/B,MAAM,yBAAyB,IAAI,IAAI;CAAC;CAAO;CAAQ;CAAQ;CAAO;CAAQ;CAAQ;AAAM,CAAC;AAE7F,eAAsB,cACpB,UACA,OACA,SACA,QACe;CACf,MAAM,cAAc,mBAAmB,SAAS,MAAM;CACtD,MAAM,iBAAiB,sBAAsB,aAAa,OAAO,kBAAkB;CACnF,MAAM,mBAAmB,MAAM,4BAA4B,WAAW;CACtE,MAAM,eAAe,oBAAoB,YAAY,QAAQ,YAAY,eAAe,IAAI;CAC5F,MAAM,QAAQ,MAAM,cAAc,KAAK;CACvC,MAAM,WAAW,KAAK,QAAQ,QAAQ;CACtC,MAAM,OAAO,MAAM,eAAe,QAAQ;CAC1C,iCAAiC,MAAM,gBAAgB,WAAW;CA2BlE,mBAAmB,MAJE,IArBF,WAAW;EAC5B,eAAe,YAAqB;GAClC,OAAO,uBAAuB,WAAW,MAAM,cAAc,aAAa,MAAM;EAClF;EACA;EACA,YAAY,OAAO;EACnB,2BAA2B,YAAY;EACvC;EACA,iBAAiB,OAAO;EACxB,YAAY,YAAY;EACxB,WAAW,YAAY;EACvB,OAAO,YAAY;EACnB,SAAS,YAAY;EACrB,0BAA0B,aAAa;EACvC,gBAAgB;GACd,OAAO,YAAY;GACnB,cAAc,YAAY;GAC1B,UAAU,YAAY;EACxB;CACF,CAE0B,EAAE,IAAI,MAAM,OAAO,EAC3C,SACF,CAAC,GAE0B,WAAW;AACxC;AAEA,eAAe,4BAA4B,aAA0B;CACnE,IAAI;EACF,OAAO,MAAM,yBAAyB,YAAY,kBAAkB,YAAY,GAAG;CACrF,SAAS,OAAO;EAEd,MAAM,IAAI,qBAAqB,8BADf,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,GACC;CACxE;AACF;AAEA,SAAS,iCACP,MACA,gBACA,aACM;CACN,MAAM,cAAc,KAAK;CACzB,IAAI,CAAC,aACH;CAGF,IAAI,YAAY,wBAAwB,CAAC,8BAA8B,WAAW,GAChF,MAAM,IAAI,qBACR,kCAAkC,MAAM,YAAY,cAAc,YAAY,QAAQ,IAAI,CAC5F;CAGF,IAAI,CAAC,wBAAwB,gBAAgB,YAAY,YAAY,GACnE,MAAM,IAAI,qBACR,kCAAkC,MAAM,YAAY,cAAc,YAAY,QAAQ,KAAK,CAC7F;AAEJ;AAEA,SAAS,kCACP,MACA,cACA,QACA,WAAW,OACH;CACR,OAAO;EACL,WACI,SAAS,KAAK,KAAK,yBAAyB,aAAa,WACzD,SAAS,KAAK,KAAK,6BAA6B,aAAa;EACjE,gBAAgB,aAAa;EAC7B,GAAI,SAAS,CAAC,WAAW,QAAQ,IAAI,CAAC;CACxC,EAAE,KAAK,GAAG;AACZ;AAEA,eAAe,cAAc,OAAuC;CAClE,IAAI,MAAM,aAAa,MAAM,WAC3B,MAAM,IAAI,qBAAqB,8CAA8C;CAG/E,IAAI,MAAM,WACR,OAAO,eAAe,MAAM,WAAW,cAAc;CAGvD,IAAI,MAAM,WAAW;EACnB,MAAM,YAAY,KAAK,QAAQ,MAAM,SAAS;EAE9C,OAAO,eAAe,MADA,GAAG,SAAS,WAAW,MAAM,GACpB,cAAc;CAC/C;CAEA,OAAO,CAAC;AACV;AAEA,eAAe,eAAe,UAA2C;CACvE,MAAM,YAAY,KAAK,QAAQ,QAAQ,EAAE,YAAY;CACrD,MAAM,WAAW,MAAM,wBAAwB,UAAU,SAAS;CAClE,IAAI;EAGF,MAAM,YAAY,mBAAmB,MAFhB,sBAAsB,SAAS,SAAS,SAAS,CAE3B;EAC3C,IAAI,CAAC,WACH,MAAM,IAAI,MACR,wEAAwE,UAC1E;EAEF,uBAAuB,SAAS;EAChC,OAAO;CACT,UAAU;EACR,MAAM,SAAS,UAAU;CAC3B;AACF;AAEA,eAAe,wBACb,UACA,WAIC;CACD,MAAM,UAAU,cAAc,QAAQ,EAAE;CACxC,IAAI,CAAC,uBAAuB,IAAI,SAAS,GACvC,OAAO,EAAE,QAAQ;CAGnB,MAAM,SAAS,MAAM,GAAG,SAAS,UAAU,MAAM;CACjD,IAAI,CAAC,OAAO,SAAS,sBAAsB,GACzC,OAAO,EAAE,QAAQ;CAGnB,MAAM,mBAAmB,kCAAkC;CAC3D,MAAM,YAAY,OAAO,WACvB,yBACC,QAAQ,UAAkB,GAAG,QAAQ,mBAAmB,OAC3D;CACA,IAAI,cAAc,QAChB,OAAO,EAAE,QAAQ;CAGnB,MAAM,WAAW,KAAK,KAAK,KAAK,QAAQ,QAAQ,GAAG,mBAAmB,WAAW,IAAI,WAAW;CAChG,MAAM,GAAG,UAAU,UAAU,WAAW,MAAM;CAC9C,OAAO;EACL,SAAS,cAAc,QAAQ,EAAE;EACjC,SAAS,YAAY;GACnB,MAAM,GAAG,GAAG,UAAU,EAAE,OAAO,KAAK,CAAC;EACvC;CACF;AACF;AAEA,SAAS,oCAA4C;CACnD,MAAM,WAAW,cAAc,OAAO,KAAK,GAAG;CAC9C,IAAI;CAEJ,IAAI,SAAS,SAAS,GAAG,KAAK,IAAI,KAAK,KAAK,IAAI,OAAO,KAAK,IAAI,OAAO,GACrE,cAAc,cAAc,IAAI,IAAI,eAAe,OAAO,KAAK,GAAG,CAAC;MAC9D,IAAI,SAAS,SAAS,GAAG,KAAK,IAAI,KAAK,KAAK,IAAI,OAAO,KAAK,IAAI,OAAO,GAC5E,cAAc,cAAc,IAAI,IAAI,eAAe,OAAO,KAAK,GAAG,CAAC;MAEnE,cAAc,cAAc,IAAI,IAAI,cAAc,OAAO,KAAK,GAAG,CAAC;CAEpE,OAAO,YAAY,WAAW,KAAK,KAAK,GAAG;AAC7C;AAEA,eAAe,sBACb,SACA,WAIC;CACD,IAAI,cAAc,SAAS,cAAc,UAAU,cAAc,QAAQ;EACvE,MAAM,EAAE,aAAc,MAAM,OAAO;EAYnC,MAAM,SAAS,SAAS,EAAE,WAAW,WAAW,EAAE,CAAC;EACnD,IAAI;GACF,OAAO,OAAO,QAAQ,SAAS,OAAO,KAAK,GAAG;EAChD,UAAU;GACR,OAAO,WAAW;EACpB;CACF;CAEA,IAAI,cAAc,QAAQ;EACxB,MAAM,EAAE,aAAc,MAAM,OAAO;EAYnC,MAAM,SAAS,SAAS,EAAE,WAAW,WAAW,EAAE,CAAC;EACnD,IAAI;GACF,OAAQ,MAAM,OAAO,OAAO,SAAS,OAAO,KAAK,GAAG;EAItD,UAAU;GACR,MAAM,OAAO,WAAW;EAC1B;CACF;CAEA,OAAQ,MAAM,OAAO;AAIvB;AAEA,SAAS,mBAAmB,QAGF;CACxB,MAAM,aAAa;EACjB,OAAO;EACP,OAAO;EACP,iBAAiB,OAAO,OAAO;EAC/B,iBAAiB,OAAO,iBAAiB;CAC3C;CAEA,KAAK,MAAM,aAAa,YACtB,IAAI,cAAc,SAAS,GACzB,OAAO;CAIX,OAAO;AACT;AAEA,SAAS,iBAAiB,OAAyB;CACjD,IAAI,CAAC,SAAS,OAAO,UAAU,YAAY,EAAE,aAAa,QACxD,OAAO;CAET,OAAQ,MAAgC,WAAW;AACrD;AAEA,SAAS,eAAe,KAAa,OAAwB;CAC3D,IAAI;EACF,OAAO,KAAK,MAAM,GAAG;CACvB,SAAS,OAAO;EACd,MAAM,IAAI,qBACR,GAAG,MAAM,4BAA4B,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,GAC5F;CACF;AACF;AAEA,SAAS,mBACP,QACA,aACM;CACN,MAAM,UAAU;EACd,QAAQ;EACR,OAAO,OAAO,MAAM;EACpB,UAAU,OAAO,MAAM;EACvB,UAAU,OAAO,MAAM;EACvB,UAAU,OAAO,MAAM;EACvB,QAAQ,OAAO,MAAM;EACrB,aAAa,OAAO,MAAM;EAC1B,iBAAiB,OAAO,MAAM;EAC9B,sBAAsB,OAAO,MAAM;EACnC,iBAAiB,OAAO,MAAM;EAC9B,cAAc,OAAO,MAAM;EAC3B,WAAW,OAAO,MAAM;EACxB,QAAQ,OAAO;EACf,SAAS,OAAO,MAAM;EACtB,iBAAiB,OAAO,MAAM;CAChC;CAEA,IAAI,YAAY,WAAW,QAAQ;EACjC,QAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,OAAO,EAAE,GAAG;EACnD;CACF;CAEA,IAAI,YAAY,WAAW,SAAS;EAClC,QAAQ,OAAO,MAAM,GAAG,OAAO,MAAM,MAAM,GAAG;EAC9C;CACF;CAEA,QAAQ,OAAO,MAAM,UAAU,QAAQ,MAAM,GAAG;CAChD,QAAQ,OAAO,MAAM,SAAS,QAAQ,SAAS,GAAG;CAClD,IAAI,QAAQ,UACV,QAAQ,OAAO,MAAM,UAAU,QAAQ,SAAS,GAAG;CAErD,QAAQ,OAAO,MAAM,WAAW,QAAQ,OAAO,GAAG;CAClD,QAAQ,OAAO,MAAM,WAAW,QAAQ,OAAO,GAAG;CAClD,IAAI,QAAQ,aACV,QAAQ,OAAO,MAAM,gBAAgB,QAAQ,YAAY,GAAG;CAE9D,IAAI,QAAQ,cACV,QAAQ,OAAO,MAAM,iBAAiB,QAAQ,aAAa,GAAG;CAEhE,IAAI,QAAQ,WACV,QAAQ,OAAO,MAAM,cAAc,QAAQ,UAAU,GAAG;CAE1D,QAAQ,OAAO,MAAM,GAAG,KAAK,UAAU,QAAQ,SAAS,MAAM,CAAC,EAAE,GAAG;AACtE"}

package/dist/cli.d.ts

@@ -1,4 +1,4 @@
-import { s as SessionRecord } from "./types-CVBeQyi3.js";
+import { f as SessionRecord } from "./session-options-BJyG6zEH.js";
 import { Command } from "commander";
 
 //#region src/cli/flags.d.ts

package/dist/cli.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cli.d.ts","names":[],"sources":["../src/cli/flags.ts","../src/cli/output/render.ts"],"mappings":";;;;iBAmHgB,eAAA,CAAgB,KAAA;AAAA,iBAkDhB,iBAAA,CAAkB,KAAA;AAAA,iBAgBlB,aAAA,CAAc,KAAA;;;KCnKzB,uBAAA;AAAA,iBA0IW,6BAAA,CACd,MAAA,EAAQ,aAAA,EACR,UAAA,UACA,gBAAA,GAAkB,uBAAA"}
+{"version":3,"file":"cli.d.ts","names":[],"sources":["../src/cli/flags.ts","../src/cli/output/render.ts"],"mappings":";;;;iBAoHgB,eAAA,CAAgB,KAAa;AAAA,iBAkD7B,iBAAA,CAAkB,KAAa;AAAA,iBAgB/B,aAAA,CAAc,KAAa;;;KCpKtC,uBAAA;AAAA,iBA0IW,6BAAA,CACd,MAAA,EAAQ,aAAA,EACR,UAAA,UACA,gBAAA,GAAkB,uBAA2C"}

package/dist/cli.js

@@ -1,11 +1,7 @@
 #!/usr/bin/env node
-import { A as OUTPUT_FORMATS, E as EXIT_CODES, _ as exitCodeForOutputErrorCode, d as PromptInputValidationError, g as textPrompt, m as parsePromptSource, p as mergePromptSourceWithText, x as normalizeOutputError } from "./perf-metrics-C2pXfxvR.js";
-import { D as findGitRepositoryRoot, K as InterruptedError, O as findSession, Q as normalizeAgentName, X as DEFAULT_AGENT_NAME, Z as listBuiltInAgents, k as findSessionByDirectoryWalk } from "./prompt-turn-CVPMWdj1.js";
-import { a as buildQueueOwnerArgOverride, n as runSessionQueueOwner, o as flushPerfMetricsCapture, s as installPerfMetricsCapture } from "./session-CDaQe6BH.js";
-import { c as probeQueueOwnerHealth } from "./ipc-ABXlXzGP.js";
-import { _ as resolvePermissionMode, c as parseHistoryLimit, d as parsePruneBeforeDate, f as parseSessionName, g as resolveOutputPolicy, h as resolveGlobalFlags, i as addSessionOption, l as parseMaxTurns, m as resolveAgentInvocation, n as addPromptInputOption, o as parseAllowedTools, p as parseTtlSeconds, r as addSessionNameOption, s as parseDaysOlderThan, t as addGlobalFlags, u as parseNonEmptyValue, v as resolveSessionNameFromFlags } from "./flags-Dj-IXgo9.js";
-import { i as emitJsonResult, n as formatPromptSessionBannerLine, t as agentSessionIdPayload } from "./render-N5YwotCy.js";
-import { n as getTextErrorRemediationHints, t as createOutputFormatter } from "./output-DmHvT8vm.js";
+import { a as runSessionQueueOwner, c as buildQueueOwnerArgOverride, h as __exportAll, l as flushPerfMetricsCapture, n as getTextErrorRemediationHints, p as probeQueueOwnerHealth, t as createOutputFormatter, u as installPerfMetricsCapture } from "./output-BL9XRWzS.js";
+import { At as EXIT_CODES, F as findSession, I as findSessionByDirectoryWalk, P as findGitRepositoryRoot, Pt as OUTPUT_FORMATS, St as exitCodeForOutputErrorCode, Tt as normalizeOutputError, bt as normalizeAgentName, ct as PromptInputValidationError, dt as parsePromptSource, mt as InterruptedError, pt as textPrompt, st as normalizeRuntimeSessionId, ut as mergePromptSourceWithText, vt as DEFAULT_AGENT_NAME, yt as listBuiltInAgents } from "./live-checkpoint-B9ctAuqV.js";
+import { _ as resolveOutputPolicy, b as loadPermissionPolicySpec, c as parseHistoryLimit, d as parseOutputFormat$1, f as parsePruneBeforeDate, g as resolveGlobalFlags, h as resolveAgentInvocation, i as addSessionOption, l as parseMaxTurns, m as parseTtlSeconds, n as addPromptInputOption, o as parseAllowedTools, p as parseSessionName, r as addSessionNameOption, s as parseDaysOlderThan, t as addGlobalFlags, u as parseNonEmptyValue, v as resolvePermissionMode, y as resolveSessionNameFromFlags } from "./flags-D706STfk.js";
 import { readFileSync, realpathSync } from "node:fs";
 import { fileURLToPath, pathToFileURL } from "node:url";
 import path from "node:path";
@@ -58,6 +54,13 @@ function isCodexInvocation(agentName, agentCommand) {
 	return /\bcodex-acp\b/u.test(agentCommand);
 }
 //#endregion
+//#region src/cli/output/json-output.ts
+function emitJsonResult(format, payload) {
+	if (format !== "json") return false;
+	process.stdout.write(`${JSON.stringify(payload)}\n`);
+	return true;
+}
+//#endregion
 //#region src/cli/command-handlers.ts
 var NoSessionError = class extends Error {
 	constructor(message) {
@@ -69,15 +72,15 @@ let sessionModulePromise;
 let outputModulePromise;
 let outputRenderModulePromise;
 function loadSessionModule() {
-	sessionModulePromise ??= import("./session-CDaQe6BH.js").then((n) => n.t);
+	sessionModulePromise ??= import("./output-BL9XRWzS.js").then((n) => n.i);
 	return sessionModulePromise;
 }
 function loadOutputModule() {
-	outputModulePromise ??= import("./output-DmHvT8vm.js").then((n) => n.r);
+	outputModulePromise ??= import("./output-BL9XRWzS.js").then((n) => n.r);
 	return outputModulePromise;
 }
 function loadOutputRenderModule() {
-	outputRenderModulePromise ??= import("./render-N5YwotCy.js").then((n) => n.r);
+	outputRenderModulePromise ??= Promise.resolve().then(() => render_exports);
 	return outputRenderModulePromise;
 }
 async function readPromptInputFromStdin() {
@@ -126,6 +129,13 @@ function sessionOptionsFromGlobalFlags(globalFlags) {
 		systemPrompt: globalFlags.systemPrompt
 	};
 }
+async function resolvePermissionPolicyFromFlags(globalFlags) {
+	try {
+		return await loadPermissionPolicySpec(globalFlags.permissionPolicy, globalFlags.cwd);
+	} catch (error) {
+		throw new InvalidArgumentError(`Invalid permission policy: ${error instanceof Error ? error.message : String(error)}`);
+	}
+}
 function buildSessionStartOptions(params) {
 	return {
 		agentCommand: params.agent.agentCommand,
@@ -135,6 +145,7 @@ function buildSessionStartOptions(params) {
 		mcpServers: params.config.mcpServers,
 		permissionMode: params.permissionMode,
 		nonInteractivePermissions: params.globalFlags.nonInteractivePermissions,
+		permissionPolicy: params.permissionPolicy,
 		authCredentials: params.config.auth,
 		authPolicy: params.globalFlags.authPolicy,
 		terminal: params.globalFlags.terminal,
@@ -171,6 +182,7 @@ async function handlePrompt(explicitAgentName, promptParts, flags, command, conf
 	const globalFlags = resolveGlobalFlags(command, config);
 	const outputPolicy = resolveRequestedOutputPolicy(globalFlags);
 	const permissionMode = resolvePermissionMode(globalFlags, config.defaultPermissions);
+	const permissionPolicy = await resolvePermissionPolicyFromFlags(globalFlags);
 	const prompt = await readPrompt(promptParts, flags.file, globalFlags.cwd);
 	const agent = resolveAgentInvocation(explicitAgentName, globalFlags, config);
 	const [{ createOutputFormatter }, { printPromptSessionBanner, printQueuedPromptByFormat }, { sendSession }] = await Promise.all([
@@ -190,6 +202,7 @@ async function handlePrompt(explicitAgentName, promptParts, flags, command, conf
 		mcpServers: config.mcpServers,
 		permissionMode,
 		nonInteractivePermissions: globalFlags.nonInteractivePermissions,
+		permissionPolicy,
 		authCredentials: config.auth,
 		authPolicy: globalFlags.authPolicy,
 		terminal: globalFlags.terminal,
@@ -233,6 +246,7 @@ async function handleExec(explicitAgentName, promptParts, flags, command, config
 	const globalFlags = resolveGlobalFlags(command, config);
 	const outputPolicy = resolveRequestedOutputPolicy(globalFlags);
 	const permissionMode = resolvePermissionMode(globalFlags, config.defaultPermissions);
+	const permissionPolicy = await resolvePermissionPolicyFromFlags(globalFlags);
 	const prompt = await readPrompt(promptParts, flags.file, globalFlags.cwd);
 	const [{ createOutputFormatter }, { runOnce }] = await Promise.all([loadOutputModule(), loadSessionModule()]);
 	const outputFormatter = createOutputFormatter(outputPolicy.format, { suppressReads: outputPolicy.suppressReads });
@@ -244,6 +258,7 @@ async function handleExec(explicitAgentName, promptParts, flags, command, config
 		mcpServers: config.mcpServers,
 		permissionMode,
 		nonInteractivePermissions: globalFlags.nonInteractivePermissions,
+		permissionPolicy,
 		authCredentials: config.auth,
 		authPolicy: globalFlags.authPolicy,
 		terminal: globalFlags.terminal,
@@ -407,6 +422,7 @@ async function handleSessionsClose(explicitAgentName, sessionName, command, conf
 async function handleSessionsNew(explicitAgentName, flags, command, config) {
 	const globalFlags = resolveGlobalFlags(command, config);
 	const permissionMode = resolvePermissionMode(globalFlags, config.defaultPermissions);
+	const permissionPolicy = await resolvePermissionPolicyFromFlags(globalFlags);
 	const agent = resolveAgentInvocation(explicitAgentName, globalFlags, config);
 	const [{ createSession, closeSession }, { printCreatedSessionBanner, printNewSessionByFormat }] = await Promise.all([loadSessionModule(), loadOutputRenderModule()]);
 	const replaced = await findSession({
@@ -423,7 +439,8 @@ async function handleSessionsNew(explicitAgentName, flags, command, config) {
 		flags,
 		globalFlags,
 		config,
-		permissionMode
+		permissionMode,
+		permissionPolicy
 	}));
 	printCreatedSessionBanner(created, agent.agentName, globalFlags.format, globalFlags.jsonStrict);
 	if (globalFlags.verbose) {
@@ -435,6 +452,7 @@ async function handleSessionsNew(explicitAgentName, flags, command, config) {
 async function handleSessionsEnsure(explicitAgentName, flags, command, config) {
 	const globalFlags = resolveGlobalFlags(command, config);
 	const permissionMode = resolvePermissionMode(globalFlags, config.defaultPermissions);
+	const permissionPolicy = await resolvePermissionPolicyFromFlags(globalFlags);
 	const agent = resolveAgentInvocation(explicitAgentName, globalFlags, config);
 	const [{ ensureSession }, { printCreatedSessionBanner, printEnsuredSessionByFormat }] = await Promise.all([loadSessionModule(), loadOutputRenderModule()]);
 	const result = await ensureSession(buildSessionStartOptions({
@@ -442,7 +460,8 @@ async function handleSessionsEnsure(explicitAgentName, flags, command, config) {
 		flags,
 		globalFlags,
 		config,
-		permissionMode
+		permissionMode,
+		permissionPolicy
 	}));
 	if (result.created) printCreatedSessionBanner(result.record, agent.agentName, globalFlags.format, globalFlags.jsonStrict);
 	printEnsuredSessionByFormat(result.record, result.created, globalFlags.format);
@@ -936,10 +955,10 @@ async function handleConfigInit(command, config) {
 }
 function registerConfigCommand(program, config) {
 	const configCommand = program.command("config").description("Inspect and initialize acpx configuration");
-	configCommand.command("show").description("Show resolved config").action(async function() {
+	configCommand.command("show").description("Show resolved config").option("--format <fmt>", "Output format: text, json, quiet", parseOutputFormat$1).action(async function() {
 		await handleConfigShow(this, config);
 	});
-	configCommand.command("init").description("Create global config template").action(async function() {
+	configCommand.command("init").description("Create global config template").option("--format <fmt>", "Output format: text, json, quiet", parseOutputFormat$1).action(async function() {
 		await handleConfigInit(this, config);
 	});
 	configCommand.action(async function() {
@@ -947,6 +966,164 @@ function registerConfigCommand(program, config) {
 	});
 }
 //#endregion
+//#region src/cli/output/render.ts
+var render_exports = /* @__PURE__ */ __exportAll({
+	agentSessionIdPayload: () => agentSessionIdPayload,
+	formatPromptSessionBannerLine: () => formatPromptSessionBannerLine,
+	printClosedSessionByFormat: () => printClosedSessionByFormat,
+	printCreatedSessionBanner: () => printCreatedSessionBanner,
+	printEnsuredSessionByFormat: () => printEnsuredSessionByFormat,
+	printNewSessionByFormat: () => printNewSessionByFormat,
+	printPromptSessionBanner: () => printPromptSessionBanner,
+	printPruneResultByFormat: () => printPruneResultByFormat,
+	printQueuedPromptByFormat: () => printQueuedPromptByFormat,
+	printSessionsByFormat: () => printSessionsByFormat
+});
+function formatSessionLabel(record) {
+	return record.name ?? "cwd";
+}
+function formatRoutedFrom(sessionCwd, currentCwd) {
+	const relative = path.relative(sessionCwd, currentCwd);
+	if (!relative || relative === ".") return;
+	return relative.startsWith(".") ? relative : `.${path.sep}${relative}`;
+}
+async function resolveSessionConnectionStatus(record) {
+	return (await probeQueueOwnerHealth(record.acpxRecordId)).healthy ? "connected" : "needs reconnect";
+}
+function printSessionsByFormat(sessions, format) {
+	if (format === "json") {
+		process.stdout.write(`${JSON.stringify(sessions)}\n`);
+		return;
+	}
+	if (format === "quiet") {
+		for (const session of sessions) {
+			const closedMarker = session.closed ? " [closed]" : "";
+			process.stdout.write(`${session.acpxRecordId}${closedMarker}\n`);
+		}
+		return;
+	}
+	if (sessions.length === 0) {
+		process.stdout.write("No sessions\n");
+		return;
+	}
+	for (const session of sessions) {
+		const closedMarker = session.closed ? " [closed]" : "";
+		process.stdout.write(`${session.acpxRecordId}${closedMarker}\t${session.name ?? "-"}\t${session.cwd}\t${session.lastUsedAt}\n`);
+	}
+}
+function printClosedSessionByFormat(record, format) {
+	if (emitJsonResult(format, {
+		action: "session_closed",
+		acpxRecordId: record.acpxRecordId,
+		acpxSessionId: record.acpSessionId,
+		agentSessionId: record.agentSessionId
+	})) return;
+	if (format === "quiet") return;
+	process.stdout.write(`${record.acpxRecordId}\n`);
+}
+function printNewSessionByFormat(record, replaced, format) {
+	if (emitJsonResult(format, {
+		action: "session_ensured",
+		created: true,
+		acpxRecordId: record.acpxRecordId,
+		acpxSessionId: record.acpSessionId,
+		agentSessionId: record.agentSessionId,
+		name: record.name,
+		replacedSessionId: replaced?.acpxRecordId
+	})) return;
+	if (format === "quiet") {
+		process.stdout.write(`${record.acpxRecordId}\n`);
+		return;
+	}
+	if (replaced) {
+		process.stdout.write(`${record.acpxRecordId}\t(replaced ${replaced.acpxRecordId})\n`);
+		return;
+	}
+	process.stdout.write(`${record.acpxRecordId}\n`);
+}
+function printEnsuredSessionByFormat(record, created, format) {
+	if (emitJsonResult(format, {
+		action: "session_ensured",
+		created,
+		acpxRecordId: record.acpxRecordId,
+		acpxSessionId: record.acpSessionId,
+		agentSessionId: record.agentSessionId,
+		name: record.name
+	})) return;
+	if (format === "quiet") {
+		process.stdout.write(`${record.acpxRecordId}\n`);
+		return;
+	}
+	const action = created ? "created" : "existing";
+	process.stdout.write(`${record.acpxRecordId}\t(${action})\n`);
+}
+function printQueuedPromptByFormat(result, format) {
+	if (emitJsonResult(format, {
+		action: "prompt_queued",
+		acpxRecordId: result.sessionId,
+		requestId: result.requestId
+	})) return;
+	if (format === "quiet") return;
+	process.stdout.write(`[queued] ${result.requestId}\n`);
+}
+function formatPromptSessionBannerLine(record, currentCwd, connectionStatus = "needs reconnect") {
+	const label = formatSessionLabel(record);
+	const normalizedSessionCwd = path.resolve(record.cwd);
+	const normalizedCurrentCwd = path.resolve(currentCwd);
+	const routedFrom = normalizedSessionCwd === normalizedCurrentCwd ? void 0 : formatRoutedFrom(normalizedSessionCwd, normalizedCurrentCwd);
+	const status = connectionStatus;
+	if (routedFrom) return `[acpx] session ${label} (${record.acpxRecordId}) · ${normalizedSessionCwd} (routed from ${routedFrom}) · agent ${status}`;
+	return `[acpx] session ${label} (${record.acpxRecordId}) · ${normalizedSessionCwd} · agent ${status}`;
+}
+async function printPromptSessionBanner(record, currentCwd, format, jsonStrict = false) {
+	if (format === "quiet" || jsonStrict && format === "json") return;
+	const status = await resolveSessionConnectionStatus(record);
+	process.stderr.write(`${formatPromptSessionBannerLine(record, currentCwd, status)}\n`);
+}
+function printCreatedSessionBanner(record, agentName, format, jsonStrict = false) {
+	if (format === "quiet" || jsonStrict && format === "json") return;
+	const label = formatSessionLabel(record);
+	process.stderr.write(`[acpx] created session ${label} (${record.acpxRecordId})\n`);
+	process.stderr.write(`[acpx] agent: ${agentName}\n`);
+	process.stderr.write(`[acpx] cwd: ${record.cwd}\n`);
+}
+function formatBytes(bytes) {
+	if (bytes >= 1073741824) return `${(bytes / 1073741824).toFixed(1)} GB`;
+	if (bytes >= 1048576) return `${(bytes / 1048576).toFixed(1)} MB`;
+	if (bytes >= 1024) return `${(bytes / 1024).toFixed(1)} KB`;
+	return `${bytes} B`;
+}
+function printPruneResultByFormat(result, format) {
+	const count = result.pruned.length;
+	if (emitJsonResult(format, {
+		action: result.dryRun ? "sessions_prune_dry_run" : "sessions_pruned",
+		dryRun: result.dryRun,
+		count,
+		bytesFreed: result.bytesFreed,
+		pruned: result.pruned.map((r) => r.acpxRecordId)
+	})) return;
+	if (format === "quiet") {
+		for (const record of result.pruned) process.stdout.write(`${record.acpxRecordId}\n`);
+		return;
+	}
+	if (count === 0) {
+		process.stdout.write(result.dryRun ? "[DRY RUN] No sessions to prune\n" : "No sessions pruned\n");
+		return;
+	}
+	const prefix = result.dryRun ? "[DRY RUN] Would prune" : "Pruned";
+	const bytesSuffix = !result.dryRun && result.bytesFreed > 0 ? `, freed ${formatBytes(result.bytesFreed)}` : "";
+	process.stdout.write(`${prefix} ${count} session${count === 1 ? "" : "s"}${bytesSuffix}\n`);
+	for (const record of result.pruned) {
+		const label = record.name ? ` (${record.name})` : "";
+		process.stdout.write(`  ${record.acpxRecordId}${label}\t${record.closedAt ?? record.lastUsedAt}\n`);
+	}
+}
+function agentSessionIdPayload(agentSessionId) {
+	const normalized = normalizeRuntimeSessionId(agentSessionId);
+	if (!normalized) return {};
+	return { agentSessionId: normalized };
+}
+//#endregion
 //#region src/cli/status-command.ts
 function formatUptime(startedAt) {
 	if (!startedAt) return;
@@ -1070,10 +1247,10 @@ function registerSessionsCommand(parent, explicitAgentName, config) {
 	sessionsCommand.command("list").description("List sessions").action(async function() {
 		await handleSessionsList(explicitAgentName, this, config);
 	});
-	sessionsCommand.command("new").description("Create a fresh session for current cwd").option("--name <name>", "Session name", parseSessionName).option("--resume-session <id>", "Resume existing ACP session id", (value) => parseNonEmptyValue("Resume session id", value)).action(async function(flags) {
+	sessionsCommand.command("new").description("Create a fresh session for current cwd").option("-s, --name <name>", "Session name", parseSessionName).option("--resume-session <id>", "Resume existing ACP session id", (value) => parseNonEmptyValue("Resume session id", value)).action(async function(flags) {
 		await handleSessionsNew(explicitAgentName, flags, this, config);
 	});
-	sessionsCommand.command("ensure").description("Ensure a session exists for current cwd or ancestor").option("--name <name>", "Session name", parseSessionName).option("--resume-session <id>", "Resume existing ACP session id", (value) => parseNonEmptyValue("Resume session id", value)).action(async function(flags) {
+	sessionsCommand.command("ensure").description("Ensure a session exists for current cwd or ancestor").option("-s, --name <name>", "Session name", parseSessionName).option("--resume-session <id>", "Resume existing ACP session id", (value) => parseNonEmptyValue("Resume session id", value)).action(async function(flags) {
 		await handleSessionsEnsure(explicitAgentName, flags, this, config);
 	});
 	sessionsCommand.command("close").description("Close session for current cwd").argument("[name]", "Session name", parseSessionName).action(async function(name) {
@@ -1140,7 +1317,7 @@ function registerAgentCommand(program, agentName, config) {
 }
 function registerFlowCommand(program, config) {
 	program.command("flow").description("Run multi-step ACP workflows from flow files").command("run").description("Run a flow file").argument("<file>", "Flow module path").option("--input-json <json>", "Flow input as JSON").option("--input-file <path>", "Read flow input JSON from file").option("--default-agent <name>", "Default agent profile for ACP nodes without profile", (value) => parseNonEmptyValue("Default agent", value)).action(async function(file, flags) {
-		const { handleFlowRun } = await import("./cli-T-Z-9x6a.js");
+		const { handleFlowRun } = await import("./cli-BGYGVo3b.js");
 		await handleFlowRun(file, flags, this, config);
 	});
 }
@@ -1285,11 +1462,11 @@ function detectAgentToken(argv) {
 			hasAgentOverride = true;
 			continue;
 		}
-		if (token === "--cwd" || token === "--auth-policy" || token === "--non-interactive-permissions" || token === "--format" || token === "--model" || token === "--allowed-tools" || token === "--max-turns" || token === "--timeout" || token === "--ttl" || token === "--file") {
+		if (token === "--cwd" || token === "--auth-policy" || token === "--non-interactive-permissions" || token === "--permission-policy" || token === "--policy" || token === "--format" || token === "--model" || token === "--allowed-tools" || token === "--max-turns" || token === "--timeout" || token === "--ttl" || token === "--file") {
 			index += 1;
 			continue;
 		}
-		if (token.startsWith("--cwd=") || token.startsWith("--auth-policy=") || token.startsWith("--non-interactive-permissions=") || token.startsWith("--format=") || token.startsWith("--model=") || token.startsWith("--allowed-tools=") || token.startsWith("--max-turns=") || token.startsWith("--json-strict=") || token.startsWith("--timeout=") || token.startsWith("--ttl=") || token.startsWith("--file=")) continue;
+		if (token.startsWith("--cwd=") || token.startsWith("--auth-policy=") || token.startsWith("--non-interactive-permissions=") || token.startsWith("--permission-policy=") || token.startsWith("--policy=") || token.startsWith("--format=") || token.startsWith("--model=") || token.startsWith("--allowed-tools=") || token.startsWith("--max-turns=") || token.startsWith("--json-strict=") || token.startsWith("--timeout=") || token.startsWith("--ttl=") || token.startsWith("--file=")) continue;
 		if (token === "--approve-all" || token === "--approve-reads" || token === "--deny-all" || token === "--json-strict" || token === "--verbose" || token === "--suppress-reads") continue;
 		return { hasAgentOverride };
 	}
@@ -1445,6 +1622,14 @@ async function main(argv = process.argv) {
 }
 //#endregion
 //#region src/cli.ts
+function installBrokenPipeHandler(stream) {
+	stream.on("error", (error) => {
+		if (error.code === "EPIPE") process.exit(0);
+		throw error;
+	});
+}
+installBrokenPipeHandler(process.stdout);
+installBrokenPipeHandler(process.stderr);
 const queueOwnerArgOverride = buildQueueOwnerArgOverride(fileURLToPath(import.meta.url));
 if (queueOwnerArgOverride) process.env.ACPX_QUEUE_OWNER_ARGS ??= queueOwnerArgOverride;
 function isCliEntrypoint(argv) {