npm - agent-relay - Versions diffs - 1.1.0 → 1.2.3 - Mend

agent-relay 1.1.0 → 1.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (567) hide show

package/.gitattributes +3 -0
package/.nvmrc +1 -0
package/.trajectories/completed/2026-01/traj_1dviorhnkcb5.json +65 -0
package/.trajectories/completed/2026-01/traj_1dviorhnkcb5.md +37 -0
package/.trajectories/completed/2026-01/traj_1k5if5snst2e.json +65 -0
package/.trajectories/completed/2026-01/traj_1k5if5snst2e.md +37 -0
package/.trajectories/completed/2026-01/traj_1rp3rges5811.json +49 -0
package/.trajectories/completed/2026-01/traj_1rp3rges5811.md +31 -0
package/.trajectories/completed/2026-01/traj_22bhyulruouw.json +113 -0
package/.trajectories/completed/2026-01/traj_22bhyulruouw.md +57 -0
package/.trajectories/completed/2026-01/traj_2dao7ddgnta0.json +53 -0
package/.trajectories/completed/2026-01/traj_2dao7ddgnta0.md +32 -0
package/.trajectories/completed/2026-01/traj_3t0440mjeunc.json +26 -0
package/.trajectories/completed/2026-01/traj_3t0440mjeunc.md +6 -0
package/.trajectories/completed/2026-01/traj_45x9494d9xnr.json +47 -0
package/.trajectories/completed/2026-01/traj_45x9494d9xnr.md +32 -0
package/.trajectories/completed/2026-01/traj_4aa0bb77s4nh.json +53 -0
package/.trajectories/completed/2026-01/traj_4aa0bb77s4nh.md +32 -0
package/.trajectories/completed/2026-01/traj_5lhmzq8rxpqv.json +59 -0
package/.trajectories/completed/2026-01/traj_5lhmzq8rxpqv.md +33 -0
package/.trajectories/completed/2026-01/traj_5vr4e9erb1fs.json +53 -0
package/.trajectories/completed/2026-01/traj_5vr4e9erb1fs.md +32 -0
package/.trajectories/completed/2026-01/traj_6fgiwdoklvym.json +48 -0
package/.trajectories/completed/2026-01/traj_6fgiwdoklvym.md +24 -0
package/.trajectories/completed/2026-01/traj_7ludwvz45veh.json +209 -0
package/.trajectories/completed/2026-01/traj_7ludwvz45veh.md +97 -0
package/.trajectories/completed/2026-01/traj_9921cuhel0pj.json +48 -0
package/.trajectories/completed/2026-01/traj_9921cuhel0pj.md +24 -0
package/.trajectories/completed/2026-01/traj_ajs7zqfux4wc.json +49 -0
package/.trajectories/completed/2026-01/traj_ajs7zqfux4wc.md +23 -0
package/.trajectories/completed/2026-01/traj_cvtqhlwcq9s0.json +53 -0
package/.trajectories/completed/2026-01/traj_cvtqhlwcq9s0.md +32 -0
package/.trajectories/completed/2026-01/traj_cxofprm2m2en.json +49 -0
package/.trajectories/completed/2026-01/traj_cxofprm2m2en.md +31 -0
package/.trajectories/completed/2026-01/traj_d2hhz3k0vrhn.json +26 -0
package/.trajectories/completed/2026-01/traj_d2hhz3k0vrhn.md +6 -0
package/.trajectories/completed/2026-01/traj_dfuvww9pege5.json +59 -0
package/.trajectories/completed/2026-01/traj_dfuvww9pege5.md +37 -0
package/.trajectories/completed/2026-01/traj_g0fisy9h51mf.json +77 -0
package/.trajectories/completed/2026-01/traj_g0fisy9h51mf.md +42 -0
package/.trajectories/completed/2026-01/traj_gjdre5voouod.json +53 -0
package/.trajectories/completed/2026-01/traj_gjdre5voouod.md +32 -0
package/.trajectories/completed/2026-01/traj_gtlyqtta3x8l.json +25 -0
package/.trajectories/completed/2026-01/traj_gtlyqtta3x8l.md +15 -0
package/.trajectories/completed/2026-01/traj_h4xijiuip3w4.json +101 -0
package/.trajectories/completed/2026-01/traj_h4xijiuip3w4.md +44 -0
package/.trajectories/completed/2026-01/traj_hhxte7w4gjjx.json +22 -0
package/.trajectories/completed/2026-01/traj_hhxte7w4gjjx.md +5 -0
package/.trajectories/completed/2026-01/traj_hpungyhoj6v5.json +53 -0
package/.trajectories/completed/2026-01/traj_hpungyhoj6v5.md +32 -0
package/.trajectories/completed/2026-01/traj_m2xkjv0w2sq7.json +25 -0
package/.trajectories/completed/2026-01/traj_m2xkjv0w2sq7.md +15 -0
package/.trajectories/completed/2026-01/traj_noq5zbvnrdvz.json +53 -0
package/.trajectories/completed/2026-01/traj_noq5zbvnrdvz.md +32 -0
package/.trajectories/completed/2026-01/traj_ntbs6ppopf46.json +53 -0
package/.trajectories/completed/2026-01/traj_ntbs6ppopf46.md +32 -0
package/.trajectories/completed/2026-01/traj_ozd98si6a7ns.json +48 -0
package/.trajectories/completed/2026-01/traj_ozd98si6a7ns.md +24 -0
package/.trajectories/completed/2026-01/traj_prdza7a5cxp5.json +53 -0
package/.trajectories/completed/2026-01/traj_prdza7a5cxp5.md +32 -0
package/.trajectories/completed/2026-01/traj_qb3twvvywfwi.json +77 -0
package/.trajectories/completed/2026-01/traj_qb3twvvywfwi.md +42 -0
package/.trajectories/completed/2026-01/traj_qft54mi7nfor.json +53 -0
package/.trajectories/completed/2026-01/traj_qft54mi7nfor.md +32 -0
package/.trajectories/completed/2026-01/traj_qx9uhf8whhxo.json +83 -0
package/.trajectories/completed/2026-01/traj_qx9uhf8whhxo.md +47 -0
package/.trajectories/completed/2026-01/traj_rd9toccj18a0.json +59 -0
package/.trajectories/completed/2026-01/traj_rd9toccj18a0.md +37 -0
package/.trajectories/completed/2026-01/traj_rt4fiw3ecp50.json +48 -0
package/.trajectories/completed/2026-01/traj_rt4fiw3ecp50.md +16 -0
package/.trajectories/completed/2026-01/traj_st8j35b0hrlc.json +59 -0
package/.trajectories/completed/2026-01/traj_st8j35b0hrlc.md +37 -0
package/.trajectories/completed/2026-01/traj_t1yy8m7hbuxp.json +53 -0
package/.trajectories/completed/2026-01/traj_t1yy8m7hbuxp.md +32 -0
package/.trajectories/completed/2026-01/traj_tmux_orchestrator_analysis.json +84 -0
package/.trajectories/completed/2026-01/traj_tmux_orchestrator_analysis.md +109 -0
package/.trajectories/completed/2026-01/traj_u9n9eqasw16k.json +53 -0
package/.trajectories/completed/2026-01/traj_u9n9eqasw16k.md +32 -0
package/.trajectories/completed/2026-01/traj_v87hypnongqx.json +71 -0
package/.trajectories/completed/2026-01/traj_v87hypnongqx.md +42 -0
package/.trajectories/completed/2026-01/traj_wkp2fgzdyinb.json +53 -0
package/.trajectories/completed/2026-01/traj_wkp2fgzdyinb.md +32 -0
package/.trajectories/completed/2026-01/traj_x14t8w8rn7xg.json +20 -0
package/.trajectories/completed/2026-01/traj_x14t8w8rn7xg.md +6 -0
package/.trajectories/completed/2026-01/traj_xnwbznkvv8ua.json +175 -0
package/.trajectories/completed/2026-01/traj_xnwbznkvv8ua.md +82 -0
package/.trajectories/completed/2026-01/traj_ysjc8zaeqtd3.json +47 -0
package/.trajectories/completed/2026-01/traj_ysjc8zaeqtd3.md +32 -0
package/.trajectories/completed/2026-01/traj_yvdadtvdgnz3.json +59 -0
package/.trajectories/completed/2026-01/traj_yvdadtvdgnz3.md +37 -0
package/.trajectories/completed/2026-01/traj_z0vcw1wrzide.json +53 -0
package/.trajectories/completed/2026-01/traj_z0vcw1wrzide.md +32 -0
package/.trajectories/index.json +314 -0
package/ARCHITECTURE.md +1245 -0
package/README.md +1 -1
package/TESTING.md +278 -0
package/deploy/init-db.sql +5 -0
package/deploy/scripts/setup-fly-workspaces.sh +69 -0
package/deploy/scripts/setup-railway.sh +75 -0
package/deploy/workspace/entrypoint-browser.sh +118 -0
package/deploy/workspace/entrypoint.sh +348 -0
package/deploy/workspace/git-credential-relay +111 -0
package/dist/bridge/spawner.d.ts +53 -0
package/dist/bridge/spawner.js +203 -19
package/dist/bridge/types.d.ts +12 -0
package/dist/cli/index.js +618 -5
package/dist/cloud/api/auth.d.ts +3 -2
package/dist/cloud/api/auth.js +10 -98
package/dist/cloud/api/billing.js +30 -9
package/dist/cloud/api/cli-pty-runner.d.ts +54 -0
package/dist/cloud/api/cli-pty-runner.js +119 -0
package/dist/cloud/api/codex-auth-helper.d.ts +15 -0
package/dist/cloud/api/codex-auth-helper.js +100 -0
package/dist/cloud/api/generic-webhooks.d.ts +8 -0
package/dist/cloud/api/generic-webhooks.js +129 -0
package/dist/cloud/api/git.d.ts +8 -0
package/dist/cloud/api/git.js +152 -0
package/dist/cloud/api/github-app.d.ts +11 -0
package/dist/cloud/api/github-app.js +189 -0
package/dist/cloud/api/middleware/planLimits.d.ts +7 -0
package/dist/cloud/api/middleware/planLimits.js +39 -1
package/dist/cloud/api/monitoring.d.ts +11 -0
package/dist/cloud/api/monitoring.js +578 -0
package/dist/cloud/api/nango-auth.d.ts +9 -0
package/dist/cloud/api/nango-auth.js +377 -0
package/dist/cloud/api/onboarding.d.ts +8 -1
package/dist/cloud/api/onboarding.js +313 -119
package/dist/cloud/api/policy.d.ts +8 -0
package/dist/cloud/api/policy.js +229 -0
package/dist/cloud/api/providers.js +114 -42
package/dist/cloud/api/repos.d.ts +1 -0
package/dist/cloud/api/repos.js +186 -0
package/dist/cloud/api/test-helpers.d.ts +10 -0
package/dist/cloud/api/test-helpers.js +575 -0
package/dist/cloud/api/webhooks.d.ts +8 -0
package/dist/cloud/api/webhooks.js +645 -0
package/dist/cloud/api/workspaces.js +320 -12
package/dist/cloud/billing/plans.js +32 -19
package/dist/cloud/billing/types.d.ts +9 -3
package/dist/cloud/config.d.ts +9 -2
package/dist/cloud/config.js +13 -4
package/dist/cloud/db/drizzle.d.ts +84 -1
package/dist/cloud/db/drizzle.js +470 -0
package/dist/cloud/db/index.d.ts +9 -4
package/dist/cloud/db/index.js +11 -3
package/dist/cloud/db/schema.d.ts +3283 -556
package/dist/cloud/db/schema.js +314 -1
package/dist/cloud/index.d.ts +1 -0
package/dist/cloud/index.js +2 -0
package/dist/cloud/provisioner/index.d.ts +56 -0
package/dist/cloud/provisioner/index.js +676 -34
package/dist/cloud/server.d.ts +1 -0
package/dist/cloud/server.js +362 -13
package/dist/cloud/services/auto-scaler.d.ts +152 -0
package/dist/cloud/services/auto-scaler.js +439 -0
package/dist/cloud/services/capacity-manager.d.ts +148 -0
package/dist/cloud/services/capacity-manager.js +449 -0
package/dist/cloud/services/ci-agent-spawner.d.ts +49 -0
package/dist/cloud/services/ci-agent-spawner.js +373 -0
package/dist/cloud/services/index.d.ts +12 -0
package/dist/cloud/services/index.js +15 -0
package/dist/cloud/services/mention-handler.d.ts +65 -0
package/dist/cloud/services/mention-handler.js +405 -0
package/dist/cloud/services/nango.d.ts +186 -0
package/dist/cloud/services/nango.js +344 -0
package/dist/cloud/services/persistence.d.ts +131 -0
package/dist/cloud/services/persistence.js +200 -0
package/dist/cloud/services/planLimits.d.ts +37 -0
package/dist/cloud/services/planLimits.js +86 -5
package/dist/cloud/services/scaling-orchestrator.d.ts +159 -0
package/dist/cloud/services/scaling-orchestrator.js +502 -0
package/dist/cloud/services/scaling-policy.d.ts +121 -0
package/dist/cloud/services/scaling-policy.js +415 -0
package/dist/cloud/vault/index.js +1 -1
package/dist/cloud/webhooks/index.d.ts +24 -0
package/dist/cloud/webhooks/index.js +29 -0
package/dist/cloud/webhooks/parsers/github.d.ts +8 -0
package/dist/cloud/webhooks/parsers/github.js +234 -0
package/dist/cloud/webhooks/parsers/index.d.ts +23 -0
package/dist/cloud/webhooks/parsers/index.js +30 -0
package/dist/cloud/webhooks/parsers/linear.d.ts +9 -0
package/dist/cloud/webhooks/parsers/linear.js +258 -0
package/dist/cloud/webhooks/parsers/slack.d.ts +9 -0
package/dist/cloud/webhooks/parsers/slack.js +214 -0
package/dist/cloud/webhooks/responders/github.d.ts +8 -0
package/dist/cloud/webhooks/responders/github.js +73 -0
package/dist/cloud/webhooks/responders/index.d.ts +23 -0
package/dist/cloud/webhooks/responders/index.js +30 -0
package/dist/cloud/webhooks/responders/linear.d.ts +9 -0
package/dist/cloud/webhooks/responders/linear.js +149 -0
package/dist/cloud/webhooks/responders/slack.d.ts +20 -0
package/dist/cloud/webhooks/responders/slack.js +178 -0
package/dist/cloud/webhooks/router.d.ts +25 -0
package/dist/cloud/webhooks/router.js +504 -0
package/dist/cloud/webhooks/rules-engine.d.ts +24 -0
package/dist/cloud/webhooks/rules-engine.js +287 -0
package/dist/cloud/webhooks/types.d.ts +186 -0
package/dist/cloud/webhooks/types.js +8 -0
package/dist/continuity/formatter.d.ts +51 -0
package/dist/continuity/formatter.js +313 -0
package/dist/continuity/handoff-store.d.ts +67 -0
package/dist/continuity/handoff-store.js +472 -0
package/dist/continuity/index.d.ts +45 -0
package/dist/continuity/index.js +48 -0
package/dist/continuity/ledger-store.d.ts +110 -0
package/dist/continuity/ledger-store.js +500 -0
package/dist/continuity/manager.d.ts +178 -0
package/dist/continuity/manager.js +562 -0
package/dist/continuity/parser.d.ts +76 -0
package/dist/continuity/parser.js +579 -0
package/dist/continuity/types.d.ts +180 -0
package/dist/continuity/types.js +9 -0
package/dist/daemon/agent-manager.d.ts +27 -0
package/dist/daemon/agent-manager.js +107 -6
package/dist/daemon/agent-registry.d.ts +32 -0
package/dist/daemon/agent-registry.js +42 -2
package/dist/daemon/api.d.ts +12 -0
package/dist/daemon/api.js +131 -2
package/dist/daemon/cli-auth.d.ts +67 -0
package/dist/daemon/cli-auth.js +537 -0
package/dist/daemon/cloud-sync.js +9 -7
package/dist/daemon/orchestrator.js +30 -0
package/dist/daemon/router.d.ts +5 -0
package/dist/daemon/router.js +78 -26
package/dist/daemon/server.d.ts +5 -0
package/dist/daemon/server.js +9 -1
package/dist/daemon/services/browser-testing.d.ts +88 -0
package/dist/daemon/services/browser-testing.js +244 -0
package/dist/daemon/services/container-spawner.d.ts +135 -0
package/dist/daemon/services/container-spawner.js +313 -0
package/dist/daemon/types.d.ts +5 -1
package/dist/dashboard/out/404.html +1 -1
package/dist/dashboard/out/_next/static/chunks/116-2502180def231162.js +1 -0
package/dist/dashboard/out/_next/static/chunks/282-980c2eb8fff20123.js +1 -0
package/dist/dashboard/out/_next/static/chunks/699-3b1cd6618a45d259.js +1 -0
package/dist/dashboard/out/_next/static/chunks/724-2dae7627550ab88f.js +9 -0
package/dist/dashboard/out/_next/static/chunks/766-1f2dd8cb7f766b0b.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/app/onboarding/page-3fdfa60e53f2810d.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/app/page-e6381e5a6e1fbcfd.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/connect-repos/page-3538dfe0ffe984b8.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/history/{page-b6edd4dde8d08194.js → page-abb9ab2d329f56e9.js} +1 -1
package/dist/dashboard/out/_next/static/chunks/app/layout-c0d118c0f92d969c.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/login/page-c22d080201cbd9fb.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/metrics/page-67a3e98d9a43a6ed.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/page-77e9c65420a06cfb.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/pricing/page-b08ed1c34d14434a.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/providers/page-e88bc117ef7671c3.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/signup/page-68d34f50baa8ab6b.js +1 -0
package/dist/dashboard/out/_next/static/chunks/e868780c-48e5f147c90a3a41.js +18 -0
package/dist/dashboard/out/_next/static/chunks/{main-app-5d692157a8eb1fd9.js → main-app-6e8e8d3ef4e0192a.js} +1 -1
package/dist/dashboard/out/_next/static/chunks/{main-c2f423b9c9f4591b.js → main-ed4e1fb6f29c34cf.js} +1 -1
package/dist/dashboard/out/_next/static/chunks/webpack-1cdd8ed57114d5e1.js +1 -0
package/dist/dashboard/out/_next/static/css/29852f26181969a0.css +1 -0
package/dist/dashboard/out/_next/static/css/7c3ae9e8617d42a5.css +1 -0
package/dist/dashboard/out/app/onboarding.html +1 -0
package/dist/dashboard/out/app/onboarding.txt +7 -0
package/dist/dashboard/out/app.html +1 -14
package/dist/dashboard/out/app.txt +2 -2
package/dist/dashboard/out/connect-repos.html +1 -0
package/dist/dashboard/out/connect-repos.txt +7 -0
package/dist/dashboard/out/history.html +1 -1
package/dist/dashboard/out/history.txt +2 -2
package/dist/dashboard/out/index.html +1 -1
package/dist/dashboard/out/index.txt +2 -2
package/dist/dashboard/out/login.html +6 -0
package/dist/dashboard/out/login.txt +7 -0
package/dist/dashboard/out/metrics.html +1 -1
package/dist/dashboard/out/metrics.txt +2 -2
package/dist/dashboard/out/pricing.html +3 -3
package/dist/dashboard/out/pricing.txt +2 -2
package/dist/dashboard/out/providers.html +1 -0
package/dist/dashboard/out/providers.txt +7 -0
package/dist/dashboard/out/signup.html +6 -0
package/dist/dashboard/out/signup.txt +7 -0
package/dist/dashboard-server/server.js +1308 -8
package/dist/hooks/emitter.d.ts +40 -0
package/dist/hooks/emitter.js +63 -0
package/dist/hooks/index.d.ts +3 -0
package/dist/hooks/index.js +3 -0
package/dist/hooks/registry.d.ts +173 -0
package/dist/hooks/registry.js +476 -0
package/dist/hooks/trajectory-hooks.d.ts +52 -0
package/dist/hooks/trajectory-hooks.js +183 -0
package/dist/hooks/types.d.ts +141 -0
package/dist/index.d.ts +2 -0
package/dist/index.js +3 -0
package/dist/memory/adapters/index.d.ts +8 -0
package/dist/memory/adapters/index.js +8 -0
package/dist/memory/adapters/inmemory.d.ts +59 -0
package/dist/memory/adapters/inmemory.js +195 -0
package/dist/memory/adapters/supermemory.d.ts +71 -0
package/dist/memory/adapters/supermemory.js +338 -0
package/dist/memory/factory.d.ts +48 -0
package/dist/memory/factory.js +143 -0
package/dist/memory/index.d.ts +32 -0
package/dist/memory/index.js +32 -0
package/dist/memory/memory-hooks.d.ts +60 -0
package/dist/memory/memory-hooks.js +313 -0
package/dist/memory/service.d.ts +49 -0
package/dist/memory/service.js +146 -0
package/dist/memory/types.d.ts +195 -0
package/dist/memory/types.js +8 -0
package/dist/policy/agent-policy.d.ts +225 -0
package/dist/policy/agent-policy.js +665 -0
package/dist/policy/cloud-policy-fetcher.d.ts +12 -0
package/dist/policy/cloud-policy-fetcher.js +64 -0
package/dist/resiliency/crash-insights.d.ts +156 -0
package/dist/resiliency/crash-insights.js +492 -0
package/dist/resiliency/gossip-health.d.ts +137 -0
package/dist/resiliency/gossip-health.js +241 -0
package/dist/resiliency/index.d.ts +5 -0
package/dist/resiliency/index.js +5 -0
package/dist/resiliency/leader-watchdog.d.ts +109 -0
package/dist/resiliency/leader-watchdog.js +189 -0
package/dist/resiliency/memory-monitor.d.ts +172 -0
package/dist/resiliency/memory-monitor.js +593 -0
package/dist/resiliency/stateless-lead.d.ts +149 -0
package/dist/resiliency/stateless-lead.js +308 -0
package/dist/resiliency/supervisor.d.ts +38 -0
package/dist/resiliency/supervisor.js +122 -0
package/dist/shared/cli-auth-config.d.ts +91 -0
package/dist/shared/cli-auth-config.js +264 -0
package/dist/storage/adapter.d.ts +1 -1
package/dist/trajectory/config.d.ts +84 -0
package/dist/trajectory/config.js +163 -0
package/dist/trajectory/index.d.ts +8 -0
package/dist/trajectory/index.js +8 -0
package/dist/trajectory/integration.d.ts +292 -0
package/dist/trajectory/integration.js +834 -0
package/dist/utils/logger.js +1 -1
package/dist/utils/project-namespace.d.ts +24 -0
package/dist/utils/project-namespace.js +84 -0
package/dist/wrapper/parser.d.ts +10 -0
package/dist/wrapper/parser.js +100 -33
package/dist/wrapper/pty-wrapper.d.ts +197 -16
package/dist/wrapper/pty-wrapper.js +943 -106
package/dist/wrapper/shared.d.ts +165 -0
package/dist/wrapper/shared.js +270 -0
package/dist/wrapper/tmux-wrapper.d.ts +73 -11
package/dist/wrapper/tmux-wrapper.js +541 -120
package/package.json +16 -16
package/scripts/postinstall.js +60 -0
package/test-push.txt +1 -0
package/bin/tmux +0 -0
package/dist/bridge/config.d.ts.map +0 -1
package/dist/bridge/config.js.map +0 -1
package/dist/bridge/index.d.ts.map +0 -1
package/dist/bridge/index.js.map +0 -1
package/dist/bridge/multi-project-client.d.ts.map +0 -1
package/dist/bridge/multi-project-client.js.map +0 -1
package/dist/bridge/shadow-cli.d.ts.map +0 -1
package/dist/bridge/shadow-cli.js.map +0 -1
package/dist/bridge/shadow-config.d.ts.map +0 -1
package/dist/bridge/shadow-config.js.map +0 -1
package/dist/bridge/spawner.d.ts.map +0 -1
package/dist/bridge/spawner.js.map +0 -1
package/dist/bridge/teams-config.d.ts.map +0 -1
package/dist/bridge/teams-config.js.map +0 -1
package/dist/bridge/types.d.ts.map +0 -1
package/dist/bridge/types.js.map +0 -1
package/dist/bridge/utils.d.ts.map +0 -1
package/dist/bridge/utils.js.map +0 -1
package/dist/cli/index.d.ts.map +0 -1
package/dist/cli/index.js.map +0 -1
package/dist/cloud/api/auth.d.ts.map +0 -1
package/dist/cloud/api/auth.js.map +0 -1
package/dist/cloud/api/billing.d.ts.map +0 -1
package/dist/cloud/api/billing.js.map +0 -1
package/dist/cloud/api/coordinators.d.ts.map +0 -1
package/dist/cloud/api/coordinators.js.map +0 -1
package/dist/cloud/api/daemons.d.ts.map +0 -1
package/dist/cloud/api/daemons.js.map +0 -1
package/dist/cloud/api/middleware/planLimits.d.ts.map +0 -1
package/dist/cloud/api/middleware/planLimits.js.map +0 -1
package/dist/cloud/api/onboarding.d.ts.map +0 -1
package/dist/cloud/api/onboarding.js.map +0 -1
package/dist/cloud/api/providers.d.ts.map +0 -1
package/dist/cloud/api/providers.js.map +0 -1
package/dist/cloud/api/repos.d.ts.map +0 -1
package/dist/cloud/api/repos.js.map +0 -1
package/dist/cloud/api/teams.d.ts.map +0 -1
package/dist/cloud/api/teams.js.map +0 -1
package/dist/cloud/api/usage.d.ts.map +0 -1
package/dist/cloud/api/usage.js.map +0 -1
package/dist/cloud/api/workspaces.d.ts.map +0 -1
package/dist/cloud/api/workspaces.js.map +0 -1
package/dist/cloud/billing/index.d.ts.map +0 -1
package/dist/cloud/billing/index.js.map +0 -1
package/dist/cloud/billing/plans.d.ts.map +0 -1
package/dist/cloud/billing/plans.js.map +0 -1
package/dist/cloud/billing/service.d.ts.map +0 -1
package/dist/cloud/billing/service.js.map +0 -1
package/dist/cloud/billing/types.d.ts.map +0 -1
package/dist/cloud/billing/types.js.map +0 -1
package/dist/cloud/config.d.ts.map +0 -1
package/dist/cloud/config.js.map +0 -1
package/dist/cloud/db/drizzle.d.ts.map +0 -1
package/dist/cloud/db/drizzle.js.map +0 -1
package/dist/cloud/db/index.d.ts.map +0 -1
package/dist/cloud/db/index.js.map +0 -1
package/dist/cloud/db/schema.d.ts.map +0 -1
package/dist/cloud/db/schema.js.map +0 -1
package/dist/cloud/index.d.ts.map +0 -1
package/dist/cloud/index.js.map +0 -1
package/dist/cloud/provisioner/index.d.ts.map +0 -1
package/dist/cloud/provisioner/index.js.map +0 -1
package/dist/cloud/server.d.ts.map +0 -1
package/dist/cloud/server.js.map +0 -1
package/dist/cloud/services/coordinator.d.ts.map +0 -1
package/dist/cloud/services/coordinator.js.map +0 -1
package/dist/cloud/services/planLimits.d.ts.map +0 -1
package/dist/cloud/services/planLimits.js.map +0 -1
package/dist/cloud/vault/index.d.ts.map +0 -1
package/dist/cloud/vault/index.js.map +0 -1
package/dist/daemon/agent-manager.d.ts.map +0 -1
package/dist/daemon/agent-manager.js.map +0 -1
package/dist/daemon/agent-registry.d.ts.map +0 -1
package/dist/daemon/agent-registry.js.map +0 -1
package/dist/daemon/api.d.ts.map +0 -1
package/dist/daemon/api.js.map +0 -1
package/dist/daemon/auth.d.ts.map +0 -1
package/dist/daemon/auth.js.map +0 -1
package/dist/daemon/cloud-sync.d.ts.map +0 -1
package/dist/daemon/cloud-sync.js.map +0 -1
package/dist/daemon/connection.d.ts.map +0 -1
package/dist/daemon/connection.js.map +0 -1
package/dist/daemon/index.d.ts.map +0 -1
package/dist/daemon/index.js.map +0 -1
package/dist/daemon/orchestrator.d.ts.map +0 -1
package/dist/daemon/orchestrator.js.map +0 -1
package/dist/daemon/registry.d.ts.map +0 -1
package/dist/daemon/registry.js.map +0 -1
package/dist/daemon/router.d.ts.map +0 -1
package/dist/daemon/router.js.map +0 -1
package/dist/daemon/server.d.ts.map +0 -1
package/dist/daemon/server.js.map +0 -1
package/dist/daemon/types.d.ts.map +0 -1
package/dist/daemon/types.js.map +0 -1
package/dist/daemon/workspace-manager.d.ts.map +0 -1
package/dist/daemon/workspace-manager.js.map +0 -1
package/dist/dashboard/out/_next/static/chunks/693-7b3301d8f6bc5014.js +0 -1
package/dist/dashboard/out/_next/static/chunks/713-f78477eb185f1f4d.js +0 -1
package/dist/dashboard/out/_next/static/chunks/766-e53e1cfe39b0b5b5.js +0 -1
package/dist/dashboard/out/_next/static/chunks/900-037c64bfd797fb2a.js +0 -1
package/dist/dashboard/out/_next/static/chunks/app/app/page-e3d9e1f4466b9bae.js +0 -1
package/dist/dashboard/out/_next/static/chunks/app/layout-2433bb48965f4333.js +0 -1
package/dist/dashboard/out/_next/static/chunks/app/metrics/page-e68825a81db67ba1.js +0 -1
package/dist/dashboard/out/_next/static/chunks/app/page-cc108bf68c8a657f.js +0 -1
package/dist/dashboard/out/_next/static/chunks/app/pricing/page-d80e03a5297f95b6.js +0 -1
package/dist/dashboard/out/_next/static/chunks/webpack-a5acc2831d094776.js +0 -1
package/dist/dashboard/out/_next/static/css/79b80143647a07d7.css +0 -1
package/dist/dashboard/out/_next/static/css/8cf277370ad48cfe.css +0 -1
package/dist/dashboard-server/metrics.d.ts.map +0 -1
package/dist/dashboard-server/metrics.js.map +0 -1
package/dist/dashboard-server/needs-attention.d.ts.map +0 -1
package/dist/dashboard-server/needs-attention.js.map +0 -1
package/dist/dashboard-server/server.d.ts.map +0 -1
package/dist/dashboard-server/server.js.map +0 -1
package/dist/dashboard-server/start.d.ts.map +0 -1
package/dist/dashboard-server/start.js.map +0 -1
package/dist/hooks/inbox-check/hook.d.ts.map +0 -1
package/dist/hooks/inbox-check/hook.js.map +0 -1
package/dist/hooks/inbox-check/index.d.ts.map +0 -1
package/dist/hooks/inbox-check/index.js.map +0 -1
package/dist/hooks/inbox-check/types.d.ts.map +0 -1
package/dist/hooks/inbox-check/types.js.map +0 -1
package/dist/hooks/inbox-check/utils.d.ts.map +0 -1
package/dist/hooks/inbox-check/utils.js.map +0 -1
package/dist/hooks/index.d.ts.map +0 -1
package/dist/hooks/index.js.map +0 -1
package/dist/hooks/types.d.ts.map +0 -1
package/dist/hooks/types.js.map +0 -1
package/dist/index.d.ts.map +0 -1
package/dist/index.js.map +0 -1
package/dist/protocol/framing.d.ts.map +0 -1
package/dist/protocol/framing.js.map +0 -1
package/dist/protocol/index.d.ts.map +0 -1
package/dist/protocol/index.js.map +0 -1
package/dist/protocol/types.d.ts.map +0 -1
package/dist/protocol/types.js.map +0 -1
package/dist/resiliency/context-persistence.d.ts.map +0 -1
package/dist/resiliency/context-persistence.js.map +0 -1
package/dist/resiliency/health-monitor.d.ts.map +0 -1
package/dist/resiliency/health-monitor.js.map +0 -1
package/dist/resiliency/index.d.ts.map +0 -1
package/dist/resiliency/index.js.map +0 -1
package/dist/resiliency/logger.d.ts.map +0 -1
package/dist/resiliency/logger.js.map +0 -1
package/dist/resiliency/metrics.d.ts.map +0 -1
package/dist/resiliency/metrics.js.map +0 -1
package/dist/resiliency/provider-context.d.ts.map +0 -1
package/dist/resiliency/provider-context.js.map +0 -1
package/dist/resiliency/supervisor.d.ts.map +0 -1
package/dist/resiliency/supervisor.js.map +0 -1
package/dist/state/agent-state.d.ts.map +0 -1
package/dist/state/agent-state.js.map +0 -1
package/dist/storage/adapter.d.ts.map +0 -1
package/dist/storage/adapter.js.map +0 -1
package/dist/storage/sqlite-adapter.d.ts.map +0 -1
package/dist/storage/sqlite-adapter.js.map +0 -1
package/dist/utils/agent-config.d.ts.map +0 -1
package/dist/utils/agent-config.js.map +0 -1
package/dist/utils/command-resolver.d.ts.map +0 -1
package/dist/utils/command-resolver.js.map +0 -1
package/dist/utils/index.d.ts.map +0 -1
package/dist/utils/index.js.map +0 -1
package/dist/utils/logger.d.ts.map +0 -1
package/dist/utils/logger.js.map +0 -1
package/dist/utils/name-generator.d.ts.map +0 -1
package/dist/utils/name-generator.js.map +0 -1
package/dist/utils/project-namespace.d.ts.map +0 -1
package/dist/utils/project-namespace.js.map +0 -1
package/dist/utils/tmux-resolver.d.ts.map +0 -1
package/dist/utils/tmux-resolver.js.map +0 -1
package/dist/utils/update-checker.d.ts.map +0 -1
package/dist/utils/update-checker.js.map +0 -1
package/dist/wrapper/client.d.ts.map +0 -1
package/dist/wrapper/client.js.map +0 -1
package/dist/wrapper/inbox.d.ts.map +0 -1
package/dist/wrapper/inbox.js.map +0 -1
package/dist/wrapper/index.d.ts.map +0 -1
package/dist/wrapper/index.js.map +0 -1
package/dist/wrapper/parser.d.ts.map +0 -1
package/dist/wrapper/parser.js.map +0 -1
package/dist/wrapper/pty-wrapper.d.ts.map +0 -1
package/dist/wrapper/pty-wrapper.js.map +0 -1
package/dist/wrapper/tmux-wrapper.d.ts.map +0 -1
package/dist/wrapper/tmux-wrapper.js.map +0 -1
package/docs/AGENTS.md +0 -513
package/docs/ARCHITECTURE_DECISIONS.md +0 -175
package/docs/CHANGELOG.md +0 -11
package/docs/CLI-SIMPLIFICATION-COMPLETE.md +0 -48
package/docs/CLOUD-ARCHITECTURE.md +0 -652
package/docs/CLOUD-ONBOARDING-DESIGN.md +0 -1983
package/docs/COMPETITIVE_ANALYSIS.md +0 -897
package/docs/CONTRIBUTING.md +0 -151
package/docs/DESIGN_BRIDGE_STAFFING.md +0 -878
package/docs/DESIGN_V2.md +0 -1079
package/docs/INTEGRATION-GUIDE.md +0 -926
package/docs/MONETIZATION.md +0 -1679
package/docs/PROPOSAL-trajectories.md +0 -1582
package/docs/PROTOCOL.md +0 -325
package/docs/SCALING_ANALYSIS.md +0 -280
package/docs/TESTING_PRESENCE_FEATURES.md +0 -327
package/docs/TMUX_IMPLEMENTATION_NOTES.md +0 -364
package/docs/TMUX_IMPROVEMENTS.md +0 -968
package/docs/agent-relay-snippet.md +0 -168
package/docs/competitive-analysis-mcp-agent-mail.md +0 -389
package/docs/dashboard-v2-plan.md +0 -179
package/docs/guides/CLOUD.md +0 -236
package/docs/guides/LOCAL.md +0 -535
package/docs/guides/SELF-HOSTED.md +0 -494
package/docs/proposals/shadow-as-subagent.md +0 -765
package/docs/proposals/slack-bot-integration.md +0 -1457
package/docs/removable-code-analysis.md +0 -24
package/scripts/dev/PUBLIC_RELEASE_PLAN.md +0 -88
package/scripts/dev/dev-team-setup.sh +0 -431
package/scripts/e2e-test.sh +0 -119
package/scripts/games/game-protocol.md +0 -79
package/scripts/games/hearts-setup.sh +0 -264
package/scripts/tictactoe-setup.sh +0 -181
/package/dist/dashboard/out/_next/static/chunks/{117-b2cd8d6485aacf2b.js → 117-f7b8ab0809342e77.js} +0 -0
/package/dist/dashboard/out/_next/static/chunks/{648-8f3f26864ce515e5.js → 648-5cc6e1921389a58a.js} +0 -0
/package/dist/dashboard/out/_next/static/chunks/app/_not-found/{page-0b990dbb71d72a98.js → page-53b8a69f76db17d0.js} +0 -0
/package/dist/dashboard/out/_next/static/chunks/{fd9d1056-bf46c09eb57e019c.js → fd9d1056-609918ca7b6280bb.js} +0 -0
/package/dist/dashboard/out/_next/static/{6HHWb2ZmnJ4OSm0zUP7h4 → wPgKJtcOmTFLpUncDg16A}/_buildManifest.js +0 -0
/package/dist/dashboard/out/_next/static/{6HHWb2ZmnJ4OSm0zUP7h4 → wPgKJtcOmTFLpUncDg16A}/_ssgManifest.js +0 -0

package/dist/cloud/api/onboarding.js CHANGED Viewed

@@ -2,59 +2,62 @@
  * Onboarding API Routes
  *
  * Handles CLI proxy authentication for Claude Code and other providers.
- * Spawns CLI tools to get auth URLs, captures tokens.
+ * Spawns CLI tools via PTY to get auth URLs, captures tokens.
+ *
+ * We use node-pty instead of child_process.spawn because:
+ * 1. Many CLIs detect if they're in a TTY and behave differently
+ * 2. Interactive OAuth flows often require TTY for proper output
+ * 3. PTY ensures the CLI outputs auth URLs correctly
  */
 import { Router } from 'express';
-import { spawn } from 'child_process';
-import crypto from 'crypto';
+import * as crypto from 'crypto';
 import { requireAuth } from './auth.js';
 import { db } from '../db/index.js';
 import { vault } from '../vault/index.js';
+// Import for local use
+import { CLI_AUTH_CONFIG, runCLIAuthViaPTY, stripAnsiCodes, matchesSuccessPattern, findMatchingPrompt, validateProviderConfig, validateAllProviderConfigs, getSupportedProviders, } from './cli-pty-runner.js';
+// Re-export from shared module for backward compatibility
+export { CLI_AUTH_CONFIG, runCLIAuthViaPTY, stripAnsiCodes, matchesSuccessPattern, findMatchingPrompt, validateProviderConfig, validateAllProviderConfigs, getSupportedProviders, };
 export const onboardingRouter = Router();
+// Debug: log all requests to this router
+onboardingRouter.use((req, res, next) => {
+    console.log(`[onboarding] ${req.method} ${req.path} - body:`, JSON.stringify(req.body));
+    next();
+});
 // All routes require authentication
 onboardingRouter.use(requireAuth);
 const activeSessions = new Map();
 // Clean up old sessions periodically
 setInterval(() => {
     const now = Date.now();
-    for (const [id, session] of activeSessions) {
+    activeSessions.forEach((session, id) => {
         // Remove sessions older than 10 minutes
         if (now - session.createdAt.getTime() > 10 * 60 * 1000) {
             if (session.process) {
-                session.process.kill();
+                try {
+                    session.process.kill();
+                }
+                catch {
+                    // Process may already be dead
+                }
             }
             activeSessions.delete(id);
         }
-    }
+    });
 }, 60000);
-/**
- * CLI commands and URL patterns for each provider
- */
-const CLI_AUTH_CONFIG = {
-    anthropic: {
-        // Claude Code CLI login
-        command: 'claude',
-        args: ['login', '--no-open'],
-        // Claude outputs: "Please open: https://..."
-        urlPattern: /(?:open|visit|go to)[:\s]+(\S+anthropic\S+)/i,
-        // Token might be in output or in credentials file
-        credentialPath: '~/.claude/credentials.json',
-    },
-    openai: {
-        // Codex CLI auth
-        command: 'codex',
-        args: ['auth', '--no-browser'],
-        urlPattern: /(?:open|visit|go to)[:\s]+(\S+openai\S+)/i,
-        credentialPath: '~/.codex/credentials.json',
-    },
-};
 /**
  * POST /api/onboarding/cli/:provider/start
- * Start CLI-based auth - spawns the CLI and captures auth URL
+ * Start CLI-based auth - forwards to workspace daemon if available
+ *
+ * CLI auth requires a running workspace since CLI tools are installed there.
+ * For onboarding without a workspace, users should use the API key flow.
  */
 onboardingRouter.post('/cli/:provider/start', async (req, res) => {
+    console.log('[onboarding] Route handler entered! provider:', req.params.provider);
     const { provider } = req.params;
     const userId = req.session.userId;
+    const { workspaceId, useDeviceFlow } = req.body; // Optional: specific workspace, device flow option
+    console.log('[onboarding] userId:', userId, 'workspaceId:', workspaceId, 'useDeviceFlow:', useDeviceFlow);
     const config = CLI_AUTH_CONFIG[provider];
     if (!config) {
         return res.status(400).json({
@@ -62,93 +65,108 @@ onboardingRouter.post('/cli/:provider/start', async (req, res) => {
             supportedProviders: Object.keys(CLI_AUTH_CONFIG),
         });
     }
-    // Create session
-    const sessionId = crypto.randomUUID();
-    const session = {
-        userId,
-        provider,
-        status: 'starting',
-        createdAt: new Date(),
-    };
-    activeSessions.set(sessionId, session);
     try {
-        // Spawn CLI process
-        const proc = spawn(config.command, config.args, {
-            env: { ...process.env, NO_COLOR: '1' },
-            stdio: ['pipe', 'pipe', 'pipe'],
-        });
-        session.process = proc;
-        let _output = '';
-        // Capture stdout/stderr for auth URL
-        const handleOutput = (data) => {
-            const text = data.toString();
-            _output += text;
-            // Look for auth URL
-            const match = text.match(config.urlPattern);
-            if (match && match[1]) {
-                session.authUrl = match[1];
-                session.status = 'waiting_auth';
-            }
-            // Look for success indicators
-            if (text.toLowerCase().includes('success') ||
-                text.toLowerCase().includes('authenticated') ||
-                text.toLowerCase().includes('logged in')) {
-                session.status = 'success';
-            }
-        };
-        proc.stdout.on('data', handleOutput);
-        proc.stderr.on('data', handleOutput);
-        proc.on('error', (err) => {
-            session.status = 'error';
-            session.error = `Failed to start CLI: ${err.message}`;
-        });
-        proc.on('exit', async (code) => {
-            if (code === 0 && session.status !== 'error') {
-                session.status = 'success';
-                // Try to read credentials from file
-                await extractCredentials(session, config);
+        // Find a running workspace to use for CLI auth
+        let workspace;
+        if (workspaceId) {
+            workspace = await db.workspaces.findById(workspaceId);
+            if (!workspace) {
+                console.log(`[onboarding] Workspace ${workspaceId} not found in database`);
+                return res.status(404).json({ error: 'Workspace not found' });
             }
-            else if (session.status === 'starting') {
-                session.status = 'error';
-                session.error = `CLI exited with code ${code}`;
+            if (workspace.userId !== userId) {
+                console.log(`[onboarding] Workspace ${workspaceId} belongs to ${workspace.userId}, not ${userId}`);
+                return res.status(404).json({ error: 'Workspace not found' });
             }
-        });
-        // Wait a moment for URL to appear
-        await new Promise(resolve => setTimeout(resolve, 2000));
-        // Return session info
-        if (session.authUrl) {
-            res.json({
-                sessionId,
-                status: 'waiting_auth',
-                authUrl: session.authUrl,
-                message: 'Open the auth URL to complete login',
+        }
+        else {
+            // Find any running workspace for this user
+            const workspaces = await db.workspaces.findByUserId(userId);
+            workspace = workspaces.find(w => w.status === 'running' && w.publicUrl);
+        }
+        if (!workspace || workspace.status !== 'running' || !workspace.publicUrl) {
+            return res.status(400).json({
+                error: 'CLI auth requires a running workspace',
+                code: 'NO_RUNNING_WORKSPACE',
+                message: 'Please start a workspace first, or use the API key input to connect your provider.',
+                hint: 'You can create a workspace without providers and connect them afterward using CLI auth.',
             });
         }
-        else if (session.status === 'error') {
-            activeSessions.delete(sessionId);
-            res.status(500).json({ error: session.error || 'CLI auth failed to start' });
+        // Forward auth request to workspace daemon
+        // When running in Docker, localhost refers to the container, not the host
+        // Use host.docker.internal on Mac/Windows to reach the host machine
+        // When running on Fly.io, use internal networking (.internal) instead of public DNS
+        let workspaceUrl = workspace.publicUrl.replace(/\/$/, '');
+        // Detect Fly.io by checking FLY_APP_NAME env var
+        const isOnFly = !!process.env.FLY_APP_NAME;
+        // Detect Docker by checking for /.dockerenv file or RUNNING_IN_DOCKER env var
+        const isInDocker = process.env.RUNNING_IN_DOCKER === 'true' ||
+            await import('fs').then(fs => fs.existsSync('/.dockerenv')).catch(() => false);
+        console.log('[onboarding] isOnFly:', isOnFly, 'isInDocker:', isInDocker);
+        if (isOnFly && workspaceUrl.includes('.fly.dev')) {
+            // Use Fly.io internal networking for server-to-server communication
+            // ar-583f273b.fly.dev -> http://ar-583f273b.internal:3888
+            // .internal uses IPv6 and works by default for apps in the same org
+            const appName = workspaceUrl.match(/https?:\/\/([^.]+)\.fly\.dev/)?.[1];
+            if (appName) {
+                workspaceUrl = `http://${appName}.internal:3888`;
+                console.log('[onboarding] Using Fly internal network:', workspaceUrl);
+            }
         }
-        else {
-            // Still starting, return session ID to poll
-            res.json({
-                sessionId,
-                status: 'starting',
-                message: 'Auth session starting, poll for status',
+        else if (isInDocker && workspaceUrl.includes('localhost')) {
+            workspaceUrl = workspaceUrl.replace('localhost', 'host.docker.internal');
+            console.log('[onboarding] Translated localhost to host.docker.internal');
+        }
+        const targetUrl = `${workspaceUrl}/auth/cli/${provider}/start`;
+        console.log('[onboarding] Forwarding to workspace daemon:', targetUrl);
+        const authResponse = await fetch(targetUrl, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ useDeviceFlow }),
+        });
+        console.log('[onboarding] Workspace daemon response:', authResponse.status);
+        if (!authResponse.ok) {
+            const errorData = await authResponse.json().catch(() => ({}));
+            console.log('[onboarding] Workspace daemon error:', errorData);
+            return res.status(authResponse.status).json({
+                error: errorData.error || 'Failed to start CLI auth in workspace',
             });
         }
+        const workspaceSession = await authResponse.json();
+        // Create cloud session to track this
+        const sessionId = crypto.randomUUID();
+        const session = {
+            userId,
+            provider,
+            status: workspaceSession.status || 'starting',
+            authUrl: workspaceSession.authUrl,
+            createdAt: new Date(),
+            output: '',
+            // Store workspace info for status polling and auth code forwarding
+            workspaceUrl,
+            workspaceSessionId: workspaceSession.sessionId,
+        };
+        activeSessions.set(sessionId, session);
+        console.log('[onboarding] Session created:', { sessionId, workspaceUrl, workspaceSessionId: workspaceSession.sessionId });
+        res.json({
+            sessionId,
+            status: session.status,
+            authUrl: session.authUrl,
+            workspaceId: workspace.id,
+            message: session.authUrl ? 'Open the auth URL to complete login' : 'Auth session starting, poll for status',
+        });
     }
     catch (error) {
-        activeSessions.delete(sessionId);
         console.error(`Error starting CLI auth for ${provider}:`, error);
         res.status(500).json({ error: 'Failed to start CLI authentication' });
     }
 });
 /**
  * GET /api/onboarding/cli/:provider/status/:sessionId
- * Check status of CLI auth session
+ * Check status of CLI auth session - forwards to workspace daemon
  */
-onboardingRouter.get('/cli/:provider/status/:sessionId', (req, res) => {
-    const { sessionId } = req.params;
+onboardingRouter.get('/cli/:provider/status/:sessionId', async (req, res) => {
+    const { provider, sessionId } = req.params;
     const userId = req.session.userId;
     const session = activeSessions.get(sessionId);
     if (!session) {
@@ -157,6 +175,22 @@ onboardingRouter.get('/cli/:provider/status/:sessionId', (req, res) => {
     if (session.userId !== userId) {
         return res.status(403).json({ error: 'Unauthorized' });
     }
+    // If we have workspace info, poll the workspace for status
+    if (session.workspaceUrl && session.workspaceSessionId) {
+        try {
+            const statusResponse = await fetch(`${session.workspaceUrl}/auth/cli/${provider}/status/${session.workspaceSessionId}`);
+            if (statusResponse.ok) {
+                const workspaceStatus = await statusResponse.json();
+                // Update local session with workspace status
+                session.status = workspaceStatus.status || session.status;
+                session.authUrl = workspaceStatus.authUrl || session.authUrl;
+                session.error = workspaceStatus.error;
+            }
+        }
+        catch (err) {
+            console.error('[onboarding] Failed to poll workspace status:', err);
+        }
+    }
     res.json({
         status: session.status,
         authUrl: session.authUrl,
@@ -166,11 +200,16 @@ onboardingRouter.get('/cli/:provider/status/:sessionId', (req, res) => {
 /**
  * POST /api/onboarding/cli/:provider/complete/:sessionId
  * Mark CLI auth as complete and store credentials
+ *
+ * Handles two modes:
+ * 1. Workspace delegation: Forwards to workspace daemon to complete auth, then fetches credentials
+ * 2. Direct: Uses token from body or session
  */
 onboardingRouter.post('/cli/:provider/complete/:sessionId', async (req, res) => {
     const { provider, sessionId } = req.params;
     const userId = req.session.userId;
-    const { token } = req.body; // Optional: user can paste token directly
+    const { token, authCode } = req.body; // token for direct mode, authCode for Codex redirect
+    console.log(`[onboarding] POST /cli/${provider}/complete/${sessionId} - token: ${token ? 'provided' : 'none'}, authCode: ${authCode ? 'provided' : 'none'}`);
     const session = activeSessions.get(sessionId);
     if (!session) {
         return res.status(404).json({ error: 'Session not found or expired' });
@@ -179,14 +218,49 @@ onboardingRouter.post('/cli/:provider/complete/:sessionId', async (req, res) =>
         return res.status(403).json({ error: 'Unauthorized' });
     }
     try {
-        // If token provided directly, use it
         let accessToken = token || session.token;
-        // If no token yet, try to read from credentials file
-        if (!accessToken) {
-            const config = CLI_AUTH_CONFIG[provider];
-            if (config) {
-                await extractCredentials(session, config);
-                accessToken = session.token;
+        let refreshToken = session.refreshToken;
+        let tokenExpiresAt = session.tokenExpiresAt;
+        // If using workspace delegation, forward complete request first
+        if (session.workspaceUrl && session.workspaceSessionId) {
+            // Forward authCode to workspace if provided (for Codex-style redirects)
+            if (authCode) {
+                const backendProviderId = provider === 'anthropic' ? 'anthropic' : provider;
+                const targetUrl = `${session.workspaceUrl}/auth/cli/${backendProviderId}/complete/${session.workspaceSessionId}`;
+                console.log('[onboarding] Forwarding complete request to workspace:', targetUrl);
+                const completeResponse = await fetch(targetUrl, {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/json' },
+                    body: JSON.stringify({ authCode }),
+                });
+                if (!completeResponse.ok) {
+                    const errorData = await completeResponse.json().catch(() => ({}));
+                    return res.status(completeResponse.status).json({
+                        error: errorData.error || 'Failed to complete authentication in workspace',
+                    });
+                }
+                session.status = 'success';
+            }
+            // Fetch credentials from workspace
+            if (!accessToken) {
+                try {
+                    const credsResponse = await fetch(`${session.workspaceUrl}/auth/cli/${provider}/creds/${session.workspaceSessionId}`);
+                    if (credsResponse.ok) {
+                        const creds = await credsResponse.json();
+                        accessToken = creds.token;
+                        refreshToken = creds.refreshToken;
+                        if (creds.expiresAt) {
+                            tokenExpiresAt = new Date(creds.expiresAt);
+                        }
+                        console.log('[onboarding] Fetched credentials from workspace:', {
+                            hasToken: !!accessToken,
+                            hasRefreshToken: !!refreshToken,
+                        });
+                    }
+                }
+                catch (err) {
+                    console.error('[onboarding] Failed to get credentials from workspace:', err);
+                }
             }
         }
         if (!accessToken) {
@@ -194,17 +268,16 @@ onboardingRouter.post('/cli/:provider/complete/:sessionId', async (req, res) =>
                 error: 'No token found. Please complete authentication or paste your token.',
             });
         }
-        // Store in vault
+        // Store in vault with refresh token and expiry
         await vault.storeCredential({
             userId,
             provider,
             accessToken,
+            refreshToken,
+            tokenExpiresAt,
             scopes: getProviderScopes(provider),
         });
         // Clean up session
-        if (session.process) {
-            session.process.kill();
-        }
         activeSessions.delete(sessionId);
         res.json({
             success: true,
@@ -216,17 +289,93 @@ onboardingRouter.post('/cli/:provider/complete/:sessionId', async (req, res) =>
         res.status(500).json({ error: 'Failed to complete authentication' });
     }
 });
+/**
+ * POST /api/onboarding/cli/:provider/code/:sessionId
+ * Submit auth code to the CLI PTY session
+ * Used when OAuth returns a code that must be pasted into the CLI
+ */
+onboardingRouter.post('/cli/:provider/code/:sessionId', async (req, res) => {
+    const { provider, sessionId } = req.params;
+    const userId = req.session.userId;
+    const { code } = req.body;
+    console.log('[onboarding] Auth code submission request:', { provider, sessionId, codeLength: code?.length });
+    if (!code || typeof code !== 'string') {
+        return res.status(400).json({ error: 'Auth code is required' });
+    }
+    const session = activeSessions.get(sessionId);
+    if (!session) {
+        console.log('[onboarding] Session not found:', { sessionId, activeSessions: Array.from(activeSessions.keys()) });
+        return res.status(404).json({ error: 'Session not found or expired. Please try connecting again.' });
+    }
+    if (session.userId !== userId) {
+        return res.status(403).json({ error: 'Unauthorized' });
+    }
+    console.log('[onboarding] Session found:', {
+        sessionId,
+        workspaceUrl: session.workspaceUrl,
+        workspaceSessionId: session.workspaceSessionId,
+        status: session.status,
+    });
+    // Forward to workspace daemon
+    if (session.workspaceUrl && session.workspaceSessionId) {
+        try {
+            const targetUrl = `${session.workspaceUrl}/auth/cli/${provider}/code/${session.workspaceSessionId}`;
+            console.log('[onboarding] Forwarding auth code to workspace:', targetUrl);
+            const codeResponse = await fetch(targetUrl, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({ code }),
+            });
+            console.log('[onboarding] Workspace response:', { status: codeResponse.status });
+            if (codeResponse.ok) {
+                return res.json({ success: true, message: 'Auth code submitted' });
+            }
+            const errorData = await codeResponse.json().catch(() => ({}));
+            console.log('[onboarding] Workspace error:', errorData);
+            // Provide more helpful error message
+            const needsRestart = errorData.needsRestart;
+            if (codeResponse.status === 404 || codeResponse.status === 400) {
+                return res.status(400).json({
+                    error: errorData.error || 'Auth session expired in workspace. The CLI process may have timed out. Please try connecting again.',
+                    needsRestart: needsRestart ?? true,
+                });
+            }
+            return res.status(codeResponse.status).json({
+                error: errorData.error || 'Failed to submit auth code to workspace',
+                needsRestart,
+            });
+        }
+        catch (err) {
+            console.error('[onboarding] Failed to submit auth code to workspace:', err);
+            return res.status(500).json({
+                error: 'Failed to reach workspace. Please ensure your workspace is running and try again.',
+            });
+        }
+    }
+    console.log('[onboarding] No workspace session info available');
+    return res.status(400).json({
+        error: 'No workspace session available. This can happen if the workspace was restarted. Please try connecting again.',
+    });
+});
+// Note: POST /cli/:provider/complete/:sessionId handler is defined above (lines 269-368)
+// It handles both direct token storage and workspace delegation with authCode forwarding
 /**
  * POST /api/onboarding/cli/:provider/cancel/:sessionId
  * Cancel a CLI auth session
  */
-onboardingRouter.post('/cli/:provider/cancel/:sessionId', (req, res) => {
-    const { sessionId } = req.params;
+onboardingRouter.post('/cli/:provider/cancel/:sessionId', async (req, res) => {
+    const { provider, sessionId } = req.params;
     const userId = req.session.userId;
     const session = activeSessions.get(sessionId);
     if (session?.userId === userId) {
-        if (session.process) {
-            session.process.kill();
+        // Cancel on workspace side if applicable
+        if (session.workspaceUrl && session.workspaceSessionId) {
+            try {
+                await fetch(`${session.workspaceUrl}/auth/cli/${provider}/cancel/${session.workspaceSessionId}`, { method: 'POST' });
+            }
+            catch {
+                // Ignore cancel errors
+            }
         }
         activeSessions.delete(sessionId);
     }
@@ -319,8 +468,9 @@ onboardingRouter.post('/complete', async (req, res) => {
 });
 /**
  * Helper: Extract credentials from CLI credential file
+ * @deprecated Currently unused - kept for potential future use
  */
-async function extractCredentials(session, config) {
+async function _extractCredentials(session, config) {
     if (!config.credentialPath)
         return;
     try {
@@ -331,12 +481,31 @@ async function extractCredentials(session, config) {
         const creds = JSON.parse(content);
         // Extract token based on provider structure
         if (session.provider === 'anthropic') {
-            // Claude stores: { "oauth_token": "...", ... } or { "api_key": "..." }
-            session.token = creds.oauth_token || creds.access_token || creds.api_key;
+            // Claude stores OAuth in: { claudeAiOauth: { accessToken: "...", refreshToken: "...", expiresAt: ... } }
+            if (creds.claudeAiOauth?.accessToken) {
+                session.token = creds.claudeAiOauth.accessToken;
+                session.refreshToken = creds.claudeAiOauth.refreshToken;
+                if (creds.claudeAiOauth.expiresAt) {
+                    session.tokenExpiresAt = new Date(creds.claudeAiOauth.expiresAt);
+                }
+            }
+            else {
+                // Fallback to legacy formats
+                session.token = creds.oauth_token || creds.access_token || creds.api_key;
+            }
         }
         else if (session.provider === 'openai') {
-            // Codex might store: { "token": "..." } or { "api_key": "..." }
-            session.token = creds.token || creds.access_token || creds.api_key;
+            // Codex stores OAuth in: { tokens: { access_token: "...", refresh_token: "...", ... } }
+            if (creds.tokens?.access_token) {
+                session.token = creds.tokens.access_token;
+                session.refreshToken = creds.tokens.refresh_token;
+                // Codex doesn't store expiry in the file, but JWTs have exp claim
+                // We could decode it, but for now just skip
+            }
+            else {
+                // Fallback: API key or legacy formats
+                session.token = creds.OPENAI_API_KEY || creds.token || creds.access_token || creds.api_key;
+            }
         }
     }
     catch (error) {
@@ -358,9 +527,34 @@ function getProviderScopes(provider) {
 }
 /**
  * Helper: Validate a provider token by making a test API call
+ *
+ * Note: OAuth tokens from CLI flows (like `claude` CLI) are different from API keys.
+ * - API keys: sk-ant-api03-... (can be validated via API)
+ * - OAuth tokens: Session tokens from OAuth flow (can't be validated the same way)
+ *
+ * For OAuth tokens, we accept them if they look valid (non-empty, reasonable length).
+ * The CLI already validated the OAuth flow, so we trust those tokens.
  */
 async function validateProviderToken(provider, token) {
+    // Basic sanity check
+    if (!token || token.length < 10) {
+        return false;
+    }
     try {
+        // Check if this looks like an API key vs OAuth token
+        const isAnthropicApiKey = token.startsWith('sk-ant-');
+        const isOpenAIApiKey = token.startsWith('sk-');
+        // For OAuth tokens (not API keys), accept them without API validation
+        // The OAuth flow already authenticated the user
+        if (provider === 'anthropic' && !isAnthropicApiKey) {
+            console.log('[onboarding] Accepting OAuth token for anthropic (not an API key)');
+            return true;
+        }
+        if (provider === 'openai' && !isOpenAIApiKey) {
+            console.log('[onboarding] Accepting OAuth token for openai (not an API key)');
+            return true;
+        }
+        // For API keys, validate via API call
         const endpoints = {
             anthropic: {
                 url: 'https://api.anthropic.com/v1/messages',

package/dist/cloud/api/policy.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Agent Policy API Routes
+ *
+ * Provides endpoints for managing workspace-level agent policies.
+ * These policies serve as fallbacks when repos don't have .claude/policies/ files.
+ */
+export declare const policyRouter: import("express-serve-static-core").Router;
+//# sourceMappingURL=policy.d.ts.map