agent-relay 1.2.3 → 1.3.1

package/dist/shared/cli-auth-config.d.ts

@@ -18,6 +18,19 @@ export interface PromptHandler {
     /** Description for logging/debugging */
     description: string;
 }
+/**
+ * Error pattern configuration for detecting auth failures
+ */
+export interface ErrorPattern {
+    /** Pattern to detect in CLI output */
+    pattern: RegExp;
+    /** User-friendly error message */
+    message: string;
+    /** Whether this error is recoverable by retrying */
+    recoverable: boolean;
+    /** Optional hint for the user */
+    hint?: string;
+}
 /**
  * CLI auth configuration for each provider
  */
@@ -38,6 +51,8 @@ export interface CLIAuthConfig {
     prompts: PromptHandler[];
     /** Success indicators in output */
     successPatterns: RegExp[];
+    /** Error patterns to detect auth failures */
+    errorPatterns?: ErrorPattern[];
     /** How long to wait for URL to appear (ms) */
     waitTimeout: number;
     /** Whether this provider supports device flow */
@@ -66,6 +81,10 @@ export declare function matchesSuccessPattern(text: string, patterns: RegExp[]):
  * Find matching prompt handler that hasn't been responded to yet
  */
 export declare function findMatchingPrompt(text: string, prompts: PromptHandler[], respondedPrompts: Set<string>): PromptHandler | null;
+/**
+ * Check if text matches any error pattern and return the matched error
+ */
+export declare function findMatchingError(text: string, errorPatterns?: ErrorPattern[]): ErrorPattern | null;
 /**
  * Get list of supported provider IDs
  */

package/dist/shared/cli-auth-config.js

@@ -72,6 +72,8 @@ export const CLI_AUTH_CONFIG = {
             {
                 // Fallback: Any "press enter" or "enter to confirm/continue" prompt
                 // Keep this LAST so more specific handlers match first
+                // NOTE: Error messages like "Press Enter to retry" are handled by checking
+                // error patterns FIRST in the PTY handler, so this won't trigger on errors
                 pattern: /press\s*enter|enter\s*to\s*(confirm|continue|proceed)|hit\s*enter/i,
                 response: '\r',
                 delay: 300,
@@ -79,6 +81,38 @@ export const CLI_AUTH_CONFIG = {
             },
         ],
         successPatterns: [/success/i, /authenticated/i, /logged\s*in/i, /you.*(?:are|now).*logged/i],
+        errorPatterns: [
+            {
+                pattern: /oauth\s*error.*(?:status\s*code\s*)?400/i,
+                message: 'Authentication failed - the authorization code was invalid or expired',
+                recoverable: true,
+                hint: 'This usually happens if the login took too long or the code was already used. Please try again and complete the browser login within a few minutes.',
+            },
+            {
+                pattern: /oauth\s*error.*(?:status\s*code\s*)?401/i,
+                message: 'Authentication failed - unauthorized',
+                recoverable: true,
+                hint: 'Please try logging in again.',
+            },
+            {
+                pattern: /oauth\s*error.*(?:status\s*code\s*)?403/i,
+                message: 'Authentication failed - access denied',
+                recoverable: true,
+                hint: 'Your account may not have access to Claude Code. Please check your Anthropic subscription.',
+            },
+            {
+                pattern: /network\s*error|ENOTFOUND|ECONNREFUSED|timeout/i,
+                message: 'Network error during authentication',
+                recoverable: true,
+                hint: 'Please check your internet connection and try again.',
+            },
+            {
+                pattern: /invalid\s*(?:code|token)|code\s*(?:expired|invalid)/i,
+                message: 'The authorization code was invalid or has expired',
+                recoverable: true,
+                hint: 'OAuth codes expire quickly. Please try again and complete the browser login promptly.',
+            },
+        ],
     },
     openai: {
         command: 'codex',
@@ -160,10 +194,18 @@ export const CLI_AUTH_CONFIG = {
 /**
  * Strip ANSI escape codes from text
  */
+/* eslint-disable no-control-regex */
 export function stripAnsiCodes(text) {
-    // eslint-disable-next-line no-control-regex
-    return text.replace(/\x1b\[[0-9;]*[a-zA-Z]/g, '');
+    // Handle various ANSI escape sequences:
+    // - CSI sequences: ESC [ params letter (params can include ?, >, =, etc.)
+    // - OSC sequences: ESC ] ... BEL/ST
+    // - Simple escapes: ESC letter
+    return text
+        .replace(/\x1b\[[0-9;?]*[a-zA-Z]/g, '') // CSI sequences including private modes (?2026h, etc.)
+        .replace(/\x1b\][^\x07]*\x07/g, '') // OSC sequences (title, etc.)
+        .replace(/\x1b[a-zA-Z]/g, ''); // Simple escape sequences
 }
+/* eslint-enable no-control-regex */
 /**
  * Check if text matches any success pattern
  */
@@ -185,6 +227,20 @@ export function findMatchingPrompt(text, prompts, respondedPrompts) {
     }
     return null;
 }
+/**
+ * Check if text matches any error pattern and return the matched error
+ */
+export function findMatchingError(text, errorPatterns) {
+    if (!errorPatterns || errorPatterns.length === 0)
+        return null;
+    const cleanText = stripAnsiCodes(text);
+    for (const error of errorPatterns) {
+        if (error.pattern.test(cleanText)) {
+            return error;
+        }
+    }
+    return null;
+}
 /**
  * Get list of supported provider IDs
  */

package/dist/utils/agent-config.js

@@ -102,7 +102,7 @@ export function isClaudeCli(command) {
 export function buildClaudeArgs(agentName, existingArgs = [], projectRoot) {
     const config = findAgentConfig(agentName, projectRoot);
     if (!config) {
-        return existingArgs;
+        return [...existingArgs]; // Return a copy to avoid reference issues
     }
     const newArgs = [...existingArgs];
     // Add --model if specified in config and not already in args

package/dist/wrapper/auth-detection.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Auth Revocation Detection
+ *
+ * Detects when an AI CLI's authentication has been revoked.
+ * This can happen when:
+ * 1. User authenticates the same provider elsewhere (limited sessions)
+ * 2. Token expires or is invalidated
+ * 3. OAuth refresh fails
+ */
+/**
+ * Patterns that indicate authentication has been revoked or expired.
+ * These are typically output by Claude CLI, Codex, etc. when auth fails.
+ */
+export declare const AUTH_REVOCATION_PATTERNS: RegExp[];
+/**
+ * Patterns that should NOT trigger auth revocation detection.
+ * These are false positives that might match auth patterns but aren't actual auth errors.
+ */
+export declare const AUTH_FALSE_POSITIVE_PATTERNS: RegExp[];
+export interface AuthRevocationResult {
+    detected: boolean;
+    pattern?: string;
+    confidence: 'high' | 'medium' | 'low';
+    message?: string;
+}
+/**
+ * Detect if output indicates authentication has been revoked.
+ *
+ * @param output - The CLI output to analyze
+ * @param recentOutputOnly - If true, only check the last ~500 chars (for real-time detection)
+ * @returns Detection result with confidence level
+ */
+export declare function detectAuthRevocation(output: string, recentOutputOnly?: boolean): AuthRevocationResult;
+/**
+ * Check if the given text looks like an auth-related CLI prompt
+ * that's waiting for user action (not an error, but a request to auth).
+ */
+export declare function isAuthPrompt(text: string): boolean;
+/**
+ * Provider-specific auth detection configuration.
+ * Different AI CLIs may have different error messages.
+ */
+export declare const PROVIDER_AUTH_PATTERNS: Record<string, RegExp[]>;
+/**
+ * Detect auth revocation for a specific provider.
+ * Uses provider-specific patterns in addition to general patterns.
+ */
+export declare function detectProviderAuthRevocation(output: string, provider: string): AuthRevocationResult;
+//# sourceMappingURL=auth-detection.d.ts.map

package/dist/wrapper/auth-detection.js

@@ -0,0 +1,192 @@
+/**
+ * Auth Revocation Detection
+ *
+ * Detects when an AI CLI's authentication has been revoked.
+ * This can happen when:
+ * 1. User authenticates the same provider elsewhere (limited sessions)
+ * 2. Token expires or is invalidated
+ * 3. OAuth refresh fails
+ */
+/**
+ * Patterns that indicate authentication has been revoked or expired.
+ * These are typically output by Claude CLI, Codex, etc. when auth fails.
+ */
+export const AUTH_REVOCATION_PATTERNS = [
+    // Session/token expiration
+    /session\s+(has\s+)?expired/i,
+    /token\s+(has\s+)?expired/i,
+    /credentials?\s+(have\s+)?expired/i,
+    // Login required
+    /please\s+log\s*in\s+again/i,
+    /login\s+required/i,
+    /authentication\s+required/i,
+    /must\s+(be\s+)?log(ged)?\s*in/i,
+    /you\s+need\s+to\s+log\s*in/i,
+    // Unauthorized
+    /\bunauthorized\b/i,
+    /not\s+authorized/i,
+    /access\s+denied/i,
+    // Invalid credentials
+    /invalid\s+credentials?/i,
+    /invalid\s+token/i,
+    /invalid\s+session/i,
+    /not\s+authenticated/i,
+    // OAuth specific
+    /oauth\s+error.*401/i,
+    /oauth\s+error.*403/i,
+    /refresh\s+token\s+(is\s+)?invalid/i,
+    /failed\s+to\s+refresh/i,
+    // API errors that indicate auth issues
+    /api\s+error.*401/i,
+    /api\s+error.*403/i,
+    /http\s+401/i,
+    /http\s+403/i,
+    // Claude-specific patterns
+    /your\s+api\s+key\s+is\s+invalid/i,
+    /api\s+key\s+not\s+found/i,
+    /signed\s+out/i,
+    /session\s+revoked/i,
+];
+/**
+ * Patterns that should NOT trigger auth revocation detection.
+ * These are false positives that might match auth patterns but aren't actual auth errors.
+ */
+export const AUTH_FALSE_POSITIVE_PATTERNS = [
+    // Documentation or help text
+    /how\s+to\s+log\s*in/i,
+    /login\s+instructions/i,
+    /authentication\s+guide/i,
+    // Code comments or strings
+    /\/\/.*unauthorized/i,
+    /\/\*.*unauthorized.*\*\//i,
+    /".*unauthorized.*"/i,
+    /'.*unauthorized.*'/i,
+    // Error handling code
+    /catch.*unauthorized/i,
+    /handle.*auth.*error/i,
+    /if.*session.*expired/i,
+    // Instructional content
+    /you\s+should\s+log\s*in/i,
+    /make\s+sure\s+you('re)?\s+logged\s*in/i,
+];
+/**
+ * Detect if output indicates authentication has been revoked.
+ *
+ * @param output - The CLI output to analyze
+ * @param recentOutputOnly - If true, only check the last ~500 chars (for real-time detection)
+ * @returns Detection result with confidence level
+ */
+export function detectAuthRevocation(output, recentOutputOnly = false) {
+    // If checking recent output only, truncate to last 500 chars
+    const textToCheck = recentOutputOnly ? output.slice(-500) : output;
+    // First check for false positives
+    for (const falsePositive of AUTH_FALSE_POSITIVE_PATTERNS) {
+        if (falsePositive.test(textToCheck)) {
+            return { detected: false, confidence: 'low' };
+        }
+    }
+    // Check each auth revocation pattern
+    for (const pattern of AUTH_REVOCATION_PATTERNS) {
+        const match = textToCheck.match(pattern);
+        if (match) {
+            // Determine confidence based on pattern specificity
+            const confidence = getConfidenceLevel(pattern, match[0]);
+            return {
+                detected: true,
+                pattern: pattern.source,
+                confidence,
+                message: match[0],
+            };
+        }
+    }
+    return { detected: false, confidence: 'low' };
+}
+/**
+ * Determine confidence level based on the matched pattern.
+ */
+function getConfidenceLevel(pattern, matchedText) {
+    const patternStr = pattern.source.toLowerCase();
+    // High confidence: Explicit auth failure messages
+    if (patternStr.includes('session') && patternStr.includes('expired') ||
+        patternStr.includes('please') && patternStr.includes('log') ||
+        patternStr.includes('authentication required') ||
+        patternStr.includes('token') && patternStr.includes('expired') ||
+        patternStr.includes('signed out') ||
+        patternStr.includes('session revoked')) {
+        return 'high';
+    }
+    // Medium confidence: General auth errors
+    if (patternStr.includes('unauthorized') ||
+        patternStr.includes('401') ||
+        patternStr.includes('403') ||
+        patternStr.includes('invalid') && patternStr.includes('credentials')) {
+        return 'medium';
+    }
+    // Low confidence: Could be related to other errors
+    return 'low';
+}
+/**
+ * Check if the given text looks like an auth-related CLI prompt
+ * that's waiting for user action (not an error, but a request to auth).
+ */
+export function isAuthPrompt(text) {
+    const authPromptPatterns = [
+        /open\s+this\s+url/i,
+        /visit\s+.*to\s+authorize/i,
+        /enter\s+your\s+api\s+key/i,
+        /paste\s+your\s+token/i,
+        /waiting\s+for\s+authorization/i,
+        /complete\s+login\s+in\s+browser/i,
+    ];
+    return authPromptPatterns.some(pattern => pattern.test(text));
+}
+/**
+ * Provider-specific auth detection configuration.
+ * Different AI CLIs may have different error messages.
+ */
+export const PROVIDER_AUTH_PATTERNS = {
+    claude: [
+        /claude.*session.*expired/i,
+        /anthropic.*unauthorized/i,
+        /claude.*not\s+authenticated/i,
+        /please\s+run\s+claude\s+login/i,
+    ],
+    codex: [
+        /codex.*session.*expired/i,
+        /openai.*unauthorized/i,
+        /codex.*not\s+authenticated/i,
+    ],
+    gemini: [
+        /gemini.*session.*expired/i,
+        /google.*unauthorized/i,
+        /gemini.*not\s+authenticated/i,
+    ],
+};
+/**
+ * Detect auth revocation for a specific provider.
+ * Uses provider-specific patterns in addition to general patterns.
+ */
+export function detectProviderAuthRevocation(output, provider) {
+    // First check general patterns
+    const generalResult = detectAuthRevocation(output, true);
+    if (generalResult.detected && generalResult.confidence === 'high') {
+        return generalResult;
+    }
+    // Check provider-specific patterns
+    const providerPatterns = PROVIDER_AUTH_PATTERNS[provider.toLowerCase()];
+    if (providerPatterns) {
+        for (const pattern of providerPatterns) {
+            const match = output.match(pattern);
+            if (match) {
+                return {
+                    detected: true,
+                    pattern: pattern.source,
+                    confidence: 'high',
+                    message: match[0],
+                };
+            }
+        }
+    }
+    return generalResult;
+}
+//# sourceMappingURL=auth-detection.js.map

package/dist/wrapper/base-wrapper.d.ts

@@ -0,0 +1,153 @@
+/**
+ * BaseWrapper - Abstract base class for agent wrappers
+ *
+ * Provides shared functionality between TmuxWrapper and PtyWrapper:
+ * - Message queue management and deduplication
+ * - Spawn/release command parsing and execution
+ * - Continuity integration (agent ID, summary saving)
+ * - Relay command handling
+ * - Line joining for multi-line commands
+ *
+ * Subclasses implement:
+ * - start() - Initialize and start the agent process
+ * - stop() - Stop the agent process
+ * - performInjection() - Inject content into the agent
+ * - getCleanOutput() - Get cleaned output for parsing
+ */
+import { EventEmitter } from 'node:events';
+import { RelayClient } from './client.js';
+import type { ParsedCommand, ParsedSummary } from './parser.js';
+import type { SendPayload, SendMeta, SpeakOnTrigger } from '../protocol/types.js';
+import { type QueuedMessage, type InjectionMetrics, type CliType } from './shared.js';
+import { type ContinuityManager } from '../continuity/index.js';
+/**
+ * Base configuration shared by all wrapper types
+ */
+export interface BaseWrapperConfig {
+    /** Agent name (must be unique) */
+    name: string;
+    /** Command to execute */
+    command: string;
+    /** Command arguments */
+    args?: string[];
+    /** Relay daemon socket path */
+    socketPath?: string;
+    /** Working directory */
+    cwd?: string;
+    /** Environment variables */
+    env?: Record<string, string>;
+    /** Relay prefix pattern (default: '->relay:') */
+    relayPrefix?: string;
+    /** CLI type (auto-detected if not set) */
+    cliType?: CliType;
+    /** Dashboard port for spawn/release API */
+    dashboardPort?: number;
+    /** Callback when spawn command is parsed */
+    onSpawn?: (name: string, cli: string, task: string) => Promise<void>;
+    /** Callback when release command is parsed */
+    onRelease?: (name: string) => Promise<void>;
+    /** Agent ID to resume from (for continuity) */
+    resumeAgentId?: string;
+    /** Stream logs to daemon */
+    streamLogs?: boolean;
+    /** Task/role description */
+    task?: string;
+    /** Shadow configuration */
+    shadowOf?: string;
+    shadowSpeakOn?: SpeakOnTrigger[];
+}
+/**
+ * Abstract base class for agent wrappers
+ */
+export declare abstract class BaseWrapper extends EventEmitter {
+    protected config: BaseWrapperConfig;
+    protected client: RelayClient;
+    protected relayPrefix: string;
+    protected cliType: CliType;
+    protected running: boolean;
+    protected messageQueue: QueuedMessage[];
+    protected sentMessageHashes: Set<string>;
+    protected isInjecting: boolean;
+    protected receivedMessageIds: Set<string>;
+    protected injectionMetrics: InjectionMetrics;
+    protected processedSpawnCommands: Set<string>;
+    protected processedReleaseCommands: Set<string>;
+    protected pendingFencedSpawn: {
+        name: string;
+        cli: string;
+        taskLines: string[];
+    } | null;
+    protected continuity?: ContinuityManager;
+    protected agentId?: string;
+    protected processedContinuityCommands: Set<string>;
+    protected sessionEndProcessed: boolean;
+    protected sessionEndData?: {
+        summary?: string;
+        completedTasks?: string[];
+    };
+    protected lastSummaryRawContent: string;
+    constructor(config: BaseWrapperConfig);
+    /** Start the agent process */
+    abstract start(): Promise<void>;
+    /** Stop the agent process */
+    abstract stop(): Promise<void> | void;
+    /** Inject content into the agent */
+    protected abstract performInjection(content: string): Promise<void>;
+    /** Get cleaned output for parsing */
+    protected abstract getCleanOutput(): string;
+    get isRunning(): boolean;
+    get name(): string;
+    getAgentId(): string | undefined;
+    getInjectionMetrics(): InjectionMetrics & {
+        successRate: number;
+    };
+    get pendingMessageCount(): number;
+    /**
+     * Handle incoming message from relay
+     */
+    protected handleIncomingMessage(from: string, payload: SendPayload, messageId: string, meta?: SendMeta, originalTo?: string): void;
+    /**
+     * Send a relay command via the client
+     */
+    protected sendRelayCommand(cmd: ParsedCommand): void;
+    /**
+     * Parse spawn and release commands from output
+     */
+    protected parseSpawnReleaseCommands(content: string): void;
+    /**
+     * Execute a spawn command
+     */
+    protected executeSpawn(name: string, cli: string, task: string): Promise<void>;
+    /**
+     * Execute a release command
+     */
+    protected executeRelease(name: string): Promise<void>;
+    /**
+     * Initialize agent ID for continuity/resume
+     */
+    protected initializeAgentId(): Promise<void>;
+    /**
+     * Parse continuity commands from output
+     */
+    protected parseContinuityCommands(content: string): Promise<void>;
+    /**
+     * Save a parsed summary to the continuity ledger
+     */
+    protected saveSummaryToLedger(summary: ParsedSummary): Promise<void>;
+    /**
+     * Reset session-specific state for wrapper reuse
+     */
+    resetSessionState(): void;
+    /**
+     * Join continuation lines for multi-line relay/continuity commands.
+     * TUIs like Claude Code insert real newlines in output, causing
+     * messages to span multiple lines. This joins indented
+     * continuation lines back to the command line.
+     */
+    protected joinContinuationLines(content: string): string;
+    /**
+     * Clean up resources
+     */
+    protected destroyClient(): void;
+}
+//# sourceMappingURL=base-wrapper.d.ts.map