agent-relay 3.2.22 → 4.0.1

package/dist/src/cli/commands/on/start.js

@@ -0,0 +1,1107 @@
+import { spawn, spawnSync } from 'node:child_process';
+import { randomBytes } from 'node:crypto';
+import { appendFileSync, accessSync, constants, cpSync, existsSync, mkdirSync, readFileSync, readdirSync, realpathSync, rmSync, writeFileSync, } from 'node:fs';
+import path from 'node:path';
+import { parse as parseYaml } from 'yaml';
+import { compileDotfiles, hasDotfiles } from './dotfiles.js';
+import { ensureRelayfileMountBinary } from './relayfile-binary.js';
+import { mintToken } from './token.js';
+import { seedWorkspace as seedWorkspaceFiles, seedAclRules } from './workspace.js';
+import { ensureAuthenticated, readStoredAuth } from '@agent-relay/cloud';
+const DEFAULT_SEED_EXCLUDES = ['.relay', '.git', 'node_modules'];
+const DEFAULT_RELAYCAST_BASE_URL = 'https://api.relaycast.dev';
+const WORKSPACE_ID_PREFIX = 'rw_';
+const WORKSPACE_ID_ALPHABET = 'abcdefghijklmnopqrstuvwxyz0123456789';
+function normalizeLineList(value) {
+    if (!value)
+        return [];
+    return value
+        .split('\n')
+        .map((line) => line.trim())
+        .filter((line) => line.length > 0 && !line.startsWith('#'));
+}
+function normalizeBaseUrl(input) {
+    if (!input)
+        return input;
+    return input.startsWith('http://') || input.startsWith('https://')
+        ? input.replace(/\/$/, '')
+        : `http://127.0.0.1:${input}`;
+}
+function parseJsonConfig(raw) {
+    const trimmed = raw.trim();
+    if (!trimmed)
+        return null;
+    return JSON.parse(trimmed);
+}
+function parseYamlConfig(raw) {
+    const parsed = parseYaml(raw);
+    return parsed;
+}
+function toRecord(value) {
+    return value && typeof value === 'object' ? value : {};
+}
+function toStringArray(value, fallback = []) {
+    if (!Array.isArray(value))
+        return fallback;
+    const values = value
+        .map((entry) => (typeof entry === 'string' ? entry.trim() : ''))
+        .filter((entry) => entry.length > 0);
+    return values.length > 0 ? values : fallback;
+}
+function toString(value, fallback = '') {
+    return typeof value === 'string' && value.trim().length > 0 ? value.trim() : fallback;
+}
+function buildJoinCommand(workspaceId) {
+    return `agent-relay on <cli> --workspace ${workspaceId}`;
+}
+function normalizeWorkspaceId(value) {
+    const trimmed = value?.trim();
+    return trimmed ? trimmed : undefined;
+}
+function generateWorkspaceId() {
+    const alphabetLength = WORKSPACE_ID_ALPHABET.length;
+    const maxUnbiasedValue = Math.floor(256 / alphabetLength) * alphabetLength;
+    let suffix = '';
+    while (suffix.length < 8) {
+        const bytes = randomBytes(8 - suffix.length + 2);
+        for (const byte of bytes) {
+            if (byte >= maxUnbiasedValue)
+                continue;
+            suffix += WORKSPACE_ID_ALPHABET[byte % alphabetLength];
+            if (suffix.length === 8)
+                break;
+        }
+    }
+    return `${WORKSPACE_ID_PREFIX}${suffix}`;
+}
+function sanitizePathComponent(value) {
+    return value.replace(/[^a-zA-Z0-9._-]+/g, '-');
+}
+function toWorkspaceRegistryEntry(value) {
+    if (!value || typeof value !== 'object') {
+        return {};
+    }
+    const entry = value;
+    const relaycastApiKey = typeof entry.relaycastApiKey === 'string' && entry.relaycastApiKey.trim()
+        ? entry.relaycastApiKey.trim()
+        : undefined;
+    const relayfileUrl = typeof entry.relayfileUrl === 'string' && entry.relayfileUrl.trim()
+        ? entry.relayfileUrl.trim()
+        : undefined;
+    const createdAt = typeof entry.createdAt === 'string' && entry.createdAt.trim() ? entry.createdAt.trim() : undefined;
+    const agents = Array.isArray(entry.agents)
+        ? entry.agents
+            .filter((agent) => typeof agent === 'string')
+            .map((agent) => agent.trim())
+            .filter((agent) => agent.length > 0)
+        : undefined;
+    return {
+        ...(relaycastApiKey ? { relaycastApiKey } : {}),
+        ...(relayfileUrl ? { relayfileUrl } : {}),
+        ...(createdAt ? { createdAt } : {}),
+        ...(agents && agents.length > 0 ? { agents } : {}),
+    };
+}
+function getWorkspaceRegistryPath(relayDir) {
+    return path.join(relayDir, 'workspaces.json');
+}
+function readWorkspaceRegistry(relayDir) {
+    if (!relayDir) {
+        return {};
+    }
+    const registryPath = getWorkspaceRegistryPath(relayDir);
+    if (!existsSync(registryPath)) {
+        return {};
+    }
+    const raw = readFileSync(registryPath, 'utf8').trim();
+    if (!raw) {
+        return {};
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch {
+        return {};
+    }
+    if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
+        return {};
+    }
+    const registry = {};
+    for (const [workspaceId, entry] of Object.entries(parsed)) {
+        const normalizedId = normalizeWorkspaceId(workspaceId);
+        if (!normalizedId)
+            continue;
+        registry[normalizedId] = toWorkspaceRegistryEntry(entry);
+    }
+    return registry;
+}
+function writeWorkspaceRegistry(relayDir, registry) {
+    ensureDirectory(relayDir);
+    writeFileSync(getWorkspaceRegistryPath(relayDir), `${JSON.stringify(registry, null, 2)}\n`, {
+        encoding: 'utf8',
+        mode: 0o600,
+    });
+}
+function updateWorkspaceRegistry(relayDir, workspaceId, update) {
+    const existingRegistry = readWorkspaceRegistry(relayDir);
+    const existing = existingRegistry[workspaceId] ?? {};
+    const agents = [...new Set([...(existing.agents ?? []), ...(update.agentName ? [update.agentName] : [])])];
+    const next = {
+        ...existing,
+        ...(update.relaycastApiKey ? { relaycastApiKey: update.relaycastApiKey } : {}),
+        relayfileUrl: update.relayfileUrl ?? existing.relayfileUrl,
+        createdAt: update.createdAt ?? existing.createdAt ?? new Date().toISOString(),
+        ...(agents.length > 0 ? { agents } : {}),
+    };
+    if (relayDir) {
+        existingRegistry[workspaceId] = next;
+        writeWorkspaceRegistry(relayDir, existingRegistry);
+    }
+    return next;
+}
+async function postWorkspaceApi(fetchFn, url, body) {
+    const headers = {
+        'Content-Type': 'application/json',
+        'X-Correlation-Id': `agent-relay-on-${Date.now()}`,
+    };
+    // For remote endpoints, try anonymous first — attach existing auth if
+    // available but never force a browser login. If the server returns 401,
+    // fall back to interactive login and retry once.
+    if (!isLocalBaseUrl(url)) {
+        const stored = await readStoredAuth().catch(() => null);
+        const parsed = new URL(url);
+        const targetOrigin = `${parsed.protocol}//${parsed.host}`;
+        if (stored && stored.apiUrl === targetOrigin) {
+            headers['Authorization'] = `Bearer ${stored.accessToken}`;
+        }
+    }
+    let response = await fetchFn(url, {
+        method: 'POST',
+        headers,
+        body: JSON.stringify(body),
+    });
+    // Retry with interactive login if the server requires auth
+    if (response.status === 401 && !isLocalBaseUrl(url)) {
+        const parsed = new URL(url);
+        const auth = await ensureAuthenticated(`${parsed.protocol}//${parsed.host}`);
+        headers['Authorization'] = `Bearer ${auth.accessToken}`;
+        response = await fetchFn(url, {
+            method: 'POST',
+            headers,
+            body: JSON.stringify(body),
+        });
+    }
+    const raw = await response.text();
+    if (!response.ok) {
+        throw new Error(`workspace API request failed (${response.status}): ${raw}`.trim());
+    }
+    if (!raw.trim()) {
+        return {};
+    }
+    try {
+        return JSON.parse(raw);
+    }
+    catch (error) {
+        throw new Error(`workspace API returned invalid JSON: ${String(error)}`);
+    }
+}
+function parseCreateWorkspaceResponse(payload, requestedWorkspaceId) {
+    const root = toRecord(payload);
+    const data = toRecord(root.data);
+    const workspaceId = toString(data.workspaceId, toString(data.id, toString(root.workspaceId, toString(root.id, requestedWorkspaceId))));
+    if (!workspaceId) {
+        throw new Error('workspace create response is missing workspaceId');
+    }
+    return {
+        workspaceId,
+        token: toString(data.token, toString(root.token)),
+        relayfileUrl: normalizeBaseUrl(toString(data.relayfileUrl, toString(root.relayfileUrl))),
+        relaycastApiKey: toString(data.relaycastApiKey, toString(data.apiKey, toString(data.api_key, toString(root.relaycastApiKey, toString(root.apiKey, toString(root.api_key)))))) || undefined,
+        joinCommand: toString(data.joinCommand, toString(root.joinCommand, buildJoinCommand(workspaceId))),
+    };
+}
+function parseJoinWorkspaceResponse(payload, requestedWorkspaceId) {
+    const root = toRecord(payload);
+    const data = toRecord(root.data);
+    const workspaceId = toString(data.workspaceId, toString(data.id, toString(root.workspaceId, toString(root.id, requestedWorkspaceId))));
+    const token = toString(data.token, toString(root.token));
+    if (!workspaceId) {
+        throw new Error('workspace join response is missing workspaceId');
+    }
+    if (!token) {
+        throw new Error(`workspace join response for ${workspaceId} is missing token`);
+    }
+    return {
+        workspaceId,
+        token,
+        relayfileUrl: normalizeBaseUrl(toString(data.relayfileUrl, toString(root.relayfileUrl))),
+        relaycastApiKey: toString(data.relaycastApiKey, toString(data.apiKey, toString(data.api_key, toString(root.relaycastApiKey, toString(root.apiKey, toString(root.api_key)))))) || undefined,
+        joinCommand: toString(data.joinCommand, toString(root.joinCommand, buildJoinCommand(workspaceId))),
+    };
+}
+async function joinWorkspaceSession(fetchFn, authBase, workspaceId, agentName, scopes) {
+    const body = { agentName };
+    if (scopes.length > 0) {
+        body.scopes = scopes;
+    }
+    const payload = await postWorkspaceApi(fetchFn, `${authBase}/api/v1/workspaces/${encodeURIComponent(workspaceId)}/join`, body);
+    return parseJoinWorkspaceResponse(payload, workspaceId);
+}
+async function createRelaycastWorkspace(fetchFn, baseUrl, workspaceName) {
+    const response = await fetchFn(`${normalizeBaseUrl(baseUrl)}/v1/workspaces`, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'X-Correlation-Id': `agent-relay-on-relaycast-${Date.now()}`,
+        },
+        body: JSON.stringify({ name: workspaceName }),
+    });
+    const raw = await response.text();
+    if (!response.ok) {
+        throw new Error(`relaycast workspace create failed (${response.status}): ${raw}`.trim());
+    }
+    const parsed = raw.trim() ? JSON.parse(raw) : {};
+    const root = toRecord(parsed);
+    const data = toRecord(root.data);
+    const apiKey = toString(data.apiKey, toString(data.api_key, toString(root.apiKey, toString(root.api_key))));
+    if (!apiKey) {
+        throw new Error('relaycast workspace create response is missing apiKey');
+    }
+    return {
+        apiKey,
+        createdAt: toString(data.createdAt, toString(data.created_at, toString(root.createdAt, toString(root.created_at)))) || undefined,
+    };
+}
+async function requestLocalWorkspaceSession(options) {
+    const fetchFn = options.fetchFn ?? fetch;
+    const relayDir = options.relayDir;
+    const signingSecret = toString(options.signingSecret);
+    const requestedWorkspaceId = normalizeWorkspaceId(options.requestedWorkspaceId);
+    if (!relayDir) {
+        throw new Error('relayDir is required for local workspace sessions');
+    }
+    if (!signingSecret) {
+        throw new Error('signingSecret is required for local workspace sessions');
+    }
+    const workspaceId = requestedWorkspaceId ?? generateWorkspaceId();
+    const existing = readWorkspaceRegistry(relayDir)[workspaceId];
+    if (requestedWorkspaceId && !existing) {
+        throw new Error(`workspace ${workspaceId} is not registered locally`);
+    }
+    let relaycastApiKey = toString(existing?.relaycastApiKey) || undefined;
+    let createdAt = toString(existing?.createdAt) || undefined;
+    if (!relaycastApiKey) {
+        const created = await createRelaycastWorkspace(fetchFn, options.relaycastBaseUrl ?? process.env.RELAYCAST_BASE_URL ?? DEFAULT_RELAYCAST_BASE_URL, toString(options.workspaceName, workspaceId));
+        relaycastApiKey = created.apiKey;
+        createdAt = created.createdAt ?? createdAt;
+    }
+    const registryEntry = updateWorkspaceRegistry(relayDir, workspaceId, {
+        relaycastApiKey,
+        relayfileUrl: existing?.relayfileUrl ?? options.fallbackRelayfileUrl,
+        createdAt,
+        agentName: options.agentName,
+    });
+    return {
+        created: !requestedWorkspaceId,
+        workspaceId,
+        token: mintToken({
+            secret: signingSecret,
+            agentName: options.agentName,
+            workspace: workspaceId,
+            scopes: options.scopes,
+        }),
+        relayfileUrl: registryEntry.relayfileUrl ?? options.fallbackRelayfileUrl,
+        relaycastApiKey: registryEntry.relaycastApiKey,
+        joinCommand: buildJoinCommand(workspaceId),
+    };
+}
+export async function requestWorkspaceSession(options) {
+    const fetchFn = options.fetchFn ?? fetch;
+    const requestedWorkspaceId = normalizeWorkspaceId(options.requestedWorkspaceId);
+    if (isLocalBaseUrl(options.authBase) && options.relayDir && options.signingSecret) {
+        return requestLocalWorkspaceSession({ ...options, fetchFn, requestedWorkspaceId });
+    }
+    if (requestedWorkspaceId) {
+        const joined = await joinWorkspaceSession(fetchFn, options.authBase, requestedWorkspaceId, options.agentName, options.scopes);
+        const relaycastApiKey = joined.relaycastApiKey ?? readWorkspaceRegistry(options.relayDir)[joined.workspaceId]?.relaycastApiKey;
+        updateWorkspaceRegistry(options.relayDir, joined.workspaceId, {
+            relaycastApiKey,
+            relayfileUrl: joined.relayfileUrl || options.fallbackRelayfileUrl,
+            agentName: options.agentName,
+        });
+        return {
+            created: false,
+            workspaceId: joined.workspaceId,
+            token: joined.token,
+            relayfileUrl: joined.relayfileUrl || options.fallbackRelayfileUrl,
+            relaycastApiKey,
+            joinCommand: joined.joinCommand,
+        };
+    }
+    const generatedWorkspaceId = generateWorkspaceId();
+    const createBody = {
+        workspaceId: generatedWorkspaceId,
+    };
+    if (toString(options.workspaceName)) {
+        createBody.name = options.workspaceName;
+    }
+    const created = parseCreateWorkspaceResponse(await postWorkspaceApi(fetchFn, `${options.authBase}/api/v1/workspaces/create`, createBody), generatedWorkspaceId);
+    let token = created.token;
+    let relayfileUrl = created.relayfileUrl;
+    let relaycastApiKey = created.relaycastApiKey;
+    if (!token || !relayfileUrl) {
+        const joined = await joinWorkspaceSession(fetchFn, options.authBase, created.workspaceId, options.agentName, options.scopes);
+        token = joined.token;
+        relayfileUrl = joined.relayfileUrl || relayfileUrl;
+        relaycastApiKey = relaycastApiKey ?? joined.relaycastApiKey;
+    }
+    if (!token) {
+        throw new Error(`workspace ${created.workspaceId} did not return a token`);
+    }
+    updateWorkspaceRegistry(options.relayDir, created.workspaceId, {
+        relaycastApiKey,
+        relayfileUrl: relayfileUrl || options.fallbackRelayfileUrl,
+        agentName: options.agentName,
+    });
+    return {
+        created: true,
+        workspaceId: created.workspaceId,
+        token,
+        relayfileUrl: relayfileUrl || options.fallbackRelayfileUrl,
+        relaycastApiKey,
+        joinCommand: created.joinCommand,
+    };
+}
+function normalizeAgents(rawAgents) {
+    const fallbackScopes = [
+        'relayfile:*:*:*',
+        'relayauth:*:manage:*',
+        'relayauth:*:read:*',
+        'fs:read',
+        'fs:write',
+    ];
+    if (!Array.isArray(rawAgents) || rawAgents.length === 0) {
+        return [{ name: 'default-agent', scopes: fallbackScopes }];
+    }
+    const parsed = rawAgents
+        .map((entry) => toRecord(entry))
+        .map((entry, index) => ({
+        name: toString(entry.name, `agent-${index + 1}`),
+        scopes: toStringArray(entry.scopes, fallbackScopes),
+    }))
+        .filter((entry) => entry.name.length > 0);
+    return parsed.length > 0 ? parsed : [{ name: 'default-agent', scopes: fallbackScopes }];
+}
+function loadConfigFromFile(configPath, projectDir) {
+    const raw = readFileSync(configPath, 'utf8');
+    let parsed;
+    if (path.extname(configPath).toLowerCase() === '.json') {
+        parsed = parseJsonConfig(raw);
+    }
+    else {
+        parsed = parseYamlConfig(raw);
+    }
+    const root = toRecord(parsed);
+    const payload = toRecord(root.data);
+    const fallbackWorkspace = path.basename(projectDir);
+    const workspace = toString(payload.workspace, toString(root.workspace, fallbackWorkspace));
+    const signing_secret = toString(payload.signing_secret, toString(root.signing_secret, process.env.SIGNING_KEY ?? ''));
+    if (!signing_secret) {
+        throw new Error(`relay config at ${configPath} is missing signing_secret and SIGNING_KEY env var is not set. ` +
+            'Set signing_secret in your config or export SIGNING_KEY.');
+    }
+    const agents = normalizeAgents(payload.agents ?? root.agents);
+    return { workspace, signing_secret, agents };
+}
+function writeGeneratedZeroConfig(configPath, projectDir, overridesAgentName) {
+    const fallbackWorkspace = path.basename(projectDir);
+    const generatedSecret = randomBytes(32).toString('hex');
+    const signingSecret = process.env.SIGNING_KEY ?? generatedSecret;
+    const defaultAgent = overridesAgentName ?? 'default-agent';
+    const config = {
+        version: '1',
+        workspace: fallbackWorkspace,
+        signing_secret: signingSecret,
+        agents: [
+            {
+                name: defaultAgent,
+                scopes: ['relayfile:*:*:*', 'relayauth:*:manage:*', 'relayauth:*:read:*', 'fs:read', 'fs:write'],
+            },
+        ],
+    };
+    writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n', { encoding: 'utf8', mode: 0o600 });
+    return config;
+}
+function resolveConfig(projectDir, relayDir, requestedAgent) {
+    const explicitYaml = path.join(projectDir, 'relay.yaml');
+    if (existsSync(explicitYaml)) {
+        return loadConfigFromFile(explicitYaml, projectDir);
+    }
+    const cachedConfig = path.join(relayDir, 'config.json');
+    if (existsSync(cachedConfig)) {
+        return loadConfigFromFile(cachedConfig, projectDir);
+    }
+    const generatedPath = path.join(relayDir, 'generated', 'relay-zero-config.json');
+    return writeGeneratedZeroConfig(generatedPath, projectDir, requestedAgent);
+}
+function isCommandAvailable(command) {
+    const checker = process.platform === 'win32' ? 'where' : 'sh';
+    const args = process.platform === 'win32' ? [command] : ['-lc', `command -v "${command}" >/dev/null 2>&1`];
+    const proc = spawnSync(checker, args, { stdio: ['ignore', 'ignore', 'ignore'] });
+    return proc.status === 0;
+}
+async function waitForHttpHealthy(url, attempts = 12) {
+    for (let attempt = 0; attempt < attempts; attempt += 1) {
+        try {
+            const res = await fetch(`${url}/health`);
+            if (res.ok)
+                return true;
+        }
+        catch {
+            // Retry until timeout
+        }
+        await new Promise((resolve) => setTimeout(resolve, 500));
+    }
+    return false;
+}
+async function runCommandCapture(command, args, env) {
+    return await new Promise((resolve, reject) => {
+        const proc = spawn(command, args, { stdio: ['ignore', 'pipe', 'pipe'], env });
+        let output = '';
+        proc.stdout.setEncoding('utf8');
+        proc.stderr.setEncoding('utf8');
+        proc.stdout.on('data', (chunk) => {
+            output += chunk;
+        });
+        proc.stderr.on('data', (chunk) => {
+            output += chunk;
+        });
+        proc.on('error', (error) => {
+            reject(error);
+        });
+        proc.on('close', (code, signal) => {
+            if (code === 0) {
+                resolve(output);
+                return;
+            }
+            const reason = signal ? `signal ${signal}` : `exit code ${typeof code === 'number' ? code : 'unknown'}`;
+            const detail = output.trim();
+            reject(new Error(detail || `command failed with ${reason}`));
+        });
+    });
+}
+function normalizeRelativePosix(filePath) {
+    return filePath.split(path.sep).join('/');
+}
+function globMatch(filePath, rawPattern) {
+    const pattern = normalizeRelativePosix(rawPattern.trim());
+    const target = normalizeRelativePosix(filePath);
+    if (!pattern)
+        return false;
+    if (!/[\\*?\[]/.test(pattern)) {
+        if (pattern.endsWith('/')) {
+            return target === pattern.slice(0, -1) || target.startsWith(`${pattern}`);
+        }
+        return target === pattern || target.startsWith(`${pattern}/`);
+    }
+    // Escape regex special chars, then convert glob wildcards to regex.
+    // Handle ** (double-star) before single * to avoid incorrect conversion.
+    const escaped = pattern
+        .replace(/[.+^${}()|[\]\\]/g, '\\$&')
+        .replace(/\\\*\\\*/g, '__DOUBLESTAR__')
+        .replace(/\\\*/g, '__STAR__')
+        .replace(/\\\?/g, '__QMARK__')
+        .replace(/__DOUBLESTAR__/g, '.*')
+        .replace(/__STAR__/g, '[^/]*')
+        .replace(/__QMARK__/g, '[^/]');
+    const withDirectory = `^${escaped}$`;
+    return new RegExp(withDirectory).test(target);
+}
+function isPathIgnored(relPath, patterns) {
+    const normalized = normalizeRelativePosix(relPath);
+    return patterns.some((pattern) => globMatch(normalized, pattern));
+}
+function extractPermissionPatternsFromCompiled(compiledPath, agentName) {
+    if (!existsSync(compiledPath)) {
+        return { readonlyPatterns: [], ignoredPatterns: [] };
+    }
+    const parsed = toRecord(JSON.parse(readFileSync(compiledPath, 'utf8')));
+    const agents = Array.isArray(parsed.agents) ? parsed.agents : [];
+    const entry = agents
+        .map((raw) => toRecord(raw))
+        .find((item) => String(item.name ?? '') === agentName);
+    return {
+        readonlyPatterns: toStringArray(entry?.readonlyPatterns, []),
+        ignoredPatterns: toStringArray(entry?.ignoredPatterns, []),
+    };
+}
+function collectPermissionPatternsFromDotfiles(projectDir) {
+    const readonlyFile = path.join(projectDir, '.agentreadonly');
+    const ignoreFile = path.join(projectDir, '.agentignore');
+    return {
+        readonlyPatterns: normalizeLineList(readIfExists(readonlyFile)),
+        ignoredPatterns: normalizeLineList(readIfExists(ignoreFile)),
+    };
+}
+function readIfExists(filePath, fallback = '') {
+    if (!existsSync(filePath))
+        return fallback;
+    return readFileSync(filePath, 'utf8');
+}
+function buildPermissionDoc(agentName, readonlyPatterns, ignoredPatterns) {
+    const readonlyList = readonlyPatterns.length > 0 ? readonlyPatterns.join('\n') : '(none)';
+    const ignoredList = ignoredPatterns.length > 0 ? ignoredPatterns.join('\n') : '(none)';
+    return `# Workspace Permissions
+
+This workspace is managed by the relay.
+File access is controlled by project-local .agentignore and .agentreadonly.
+
+## Read-only files (cannot be modified)
+${readonlyList || '(none)'}
+
+## Hidden files (not available in this workspace)
+${ignoredList || '(none)'}
+
+## Writable files
+All other files can be read and modified freely.
+
+If you get "permission denied", the file is read-only.
+Changes to read-only files will be automatically reverted.
+Do not attempt to chmod files — permissions will be restored.
+
+Agent: ${agentName}
+`;
+}
+function ensureDirectory(pathValue) {
+    mkdirSync(pathValue, { recursive: true });
+}
+function ensureStateDirs(relayDir) {
+    ensureDirectory(path.join(relayDir, 'tokens'));
+    ensureDirectory(path.join(relayDir, 'logs'));
+    ensureDirectory(path.join(relayDir, 'generated'));
+    ensureDirectory(path.join(relayDir, 'mounts'));
+}
+function findAgentConfig(config, requestedAgent) {
+    if (requestedAgent) {
+        const match = config.agents.find((agent) => agent.name === requestedAgent);
+        if (match)
+            return match;
+        const fallback = config.agents[0];
+        if (fallback) {
+            return {
+                ...fallback,
+                name: requestedAgent,
+            };
+        }
+        return { name: requestedAgent, scopes: ['relayfile:*:*:*'] };
+    }
+    return config.agents[0] ?? { name: 'default-agent', scopes: ['relayfile:*:*:*'] };
+}
+function countFilesForSync(baseDir) {
+    let total = 0;
+    const stack = [baseDir];
+    while (stack.length > 0) {
+        const current = stack.pop();
+        if (!current)
+            continue;
+        const entries = readdirSync(current, { withFileTypes: true });
+        for (const entry of entries) {
+            if (entry.name === '.relay')
+                continue;
+            const entryPath = path.join(current, entry.name);
+            if (entry.isDirectory()) {
+                stack.push(entryPath);
+            }
+            else if (entry.isFile()) {
+                total += 1;
+            }
+        }
+    }
+    return total;
+}
+function listFiles(baseDir) {
+    const files = [];
+    const stack = [baseDir];
+    while (stack.length > 0) {
+        const current = stack.pop();
+        if (!current)
+            continue;
+        const entries = readdirSync(current, { withFileTypes: true });
+        for (const entry of entries) {
+            if (entry.name === '.relay')
+                continue;
+            const entryPath = path.join(current, entry.name);
+            if (entry.isDirectory()) {
+                stack.push(entryPath);
+            }
+            else if (entry.isFile()) {
+                files.push(entryPath);
+            }
+        }
+    }
+    return files;
+}
+function hasWriteAccess(filePath) {
+    try {
+        accessSync(filePath, constants.W_OK);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function fileNeedsSync(sourcePath, readonlyPatterns, mountDir, projectDir) {
+    const relPath = normalizeRelativePosix(path.relative(mountDir, sourcePath));
+    const absTargetPath = path.resolve(projectDir, relPath);
+    if (relPath.startsWith('../') || relPath.startsWith('.agent-relay'))
+        return false;
+    if (!absTargetPath.startsWith(projectDir + path.sep) && absTargetPath !== projectDir)
+        return false;
+    if (isPathIgnored(relPath, readonlyPatterns))
+        return false;
+    if (existsSync(absTargetPath) && hasSameContent(sourcePath, absTargetPath))
+        return false;
+    return true;
+}
+function hasSameContent(left, right) {
+    try {
+        const leftContent = readFileSync(left);
+        const rightContent = readFileSync(right);
+        return leftContent.equals(rightContent);
+    }
+    catch {
+        return false;
+    }
+}
+async function syncWritableFilesBack(mountDir, projectDir, readonlyPatterns, ignoredPatterns) {
+    let synced = 0;
+    const realProjectDir = realpathSync(projectDir);
+    const realMountDir = realpathSync(mountDir);
+    const files = listFiles(mountDir);
+    for (const sourceFile of files) {
+        const relative = path.relative(mountDir, sourceFile);
+        if (relative === '' || relative.startsWith('..'))
+            continue;
+        if (relative === '.agent-relay' || normalizeRelativePosix(relative) === '_PERMISSIONS.md')
+            continue;
+        if (isPathIgnored(relative, readonlyPatterns))
+            continue;
+        if (isPathIgnored(relative, ignoredPatterns))
+            continue;
+        if (!hasWriteAccess(sourceFile))
+            continue;
+        if (!fileNeedsSync(sourceFile, readonlyPatterns, mountDir, projectDir)) {
+            continue;
+        }
+        const targetPath = path.resolve(realProjectDir, relative);
+        // Guard against path traversal via symlinks: resolved target must stay within projectDir
+        if (!targetPath.startsWith(realProjectDir + path.sep) && targetPath !== realProjectDir) {
+            continue;
+        }
+        // Also verify source file resolves within the mount directory (prevents symlink-based exfiltration)
+        try {
+            const realSource = realpathSync(sourceFile);
+            if (!realSource.startsWith(realMountDir + path.sep) && realSource !== realMountDir) {
+                continue;
+            }
+        }
+        catch {
+            continue; // Skip files whose realpath cannot be resolved (broken symlinks)
+        }
+        ensureDirectory(path.dirname(targetPath));
+        cpSync(sourceFile, targetPath, { force: true });
+        synced += 1;
+    }
+    return synced;
+}
+function pickDeniedCount(syncOutput) {
+    const match = syncOutput.match(/skipping denied file/gi);
+    return match ? match.length : 0;
+}
+function generateTokenFromScript(config, agent, log, error) {
+    try {
+        return mintToken({
+            secret: config.signing_secret,
+            agentName: agent.name,
+            workspace: config.workspace,
+            scopes: agent.scopes,
+        });
+    }
+    catch (err) {
+        error('Failed to mint token:', err);
+        log('Set a valid token path or provision tokens manually if token minting fails.');
+        return null;
+    }
+}
+function ensureProcessRunning(processRef) {
+    return processRef.exitCode === null && !processRef.killed;
+}
+function isLocalBaseUrl(url) {
+    try {
+        const parsed = new URL(url);
+        return parsed.hostname === '127.0.0.1' || parsed.hostname === 'localhost';
+    }
+    catch {
+        return false;
+    }
+}
+function killMountProcess(processRef) {
+    if (processRef.exitCode !== null || !processRef.pid)
+        return Promise.resolve();
+    processRef.kill('SIGTERM');
+    return new Promise((resolve) => {
+        const timeout = setTimeout(() => {
+            if (processRef.exitCode === null && processRef.pid) {
+                processRef.kill('SIGKILL');
+            }
+            resolve();
+        }, 1200);
+        processRef.once('exit', () => {
+            clearTimeout(timeout);
+            resolve();
+        });
+    });
+}
+function getSandboxFlags(cli) {
+    const name = path.basename(cli);
+    switch (name) {
+        case 'claude':
+            return ['--dangerously-skip-permissions'];
+        case 'codex':
+            return ['--dangerously-bypass-approvals-and-sandbox'];
+        case 'gemini':
+            return ['--yolo'];
+        case 'aider':
+            return ['--yes'];
+        default:
+            return [];
+    }
+}
+async function ensureProvisioned(config, agent, relayfileRoot, projectDir, tokenPath, log, error, deps) {
+    try {
+        return readFileSync(tokenPath, 'utf8').trim();
+    }
+    catch {
+        // Token file does not exist yet — continue to provision
+    }
+    if (typeof deps?.provision === 'function') {
+        await deps.provision(config, { ...agent });
+        try {
+            return readFileSync(tokenPath, 'utf8').trim();
+        }
+        catch {
+            // Token still not written — continue
+        }
+    }
+    if (typeof deps?.provisionAgentToken === 'function') {
+        const generated = await deps.provisionAgentToken({ config, agent, tokenPath });
+        if (typeof generated === 'string' && generated.trim()) {
+            const generatedToken = generated.trim();
+            writeFileSync(tokenPath, `${generatedToken}\n`, { encoding: 'utf8', mode: 0o600 });
+            return generatedToken;
+        }
+    }
+    const generatedToken = generateTokenFromScript(config, agent, log, error);
+    if (generatedToken) {
+        ensureDirectory(path.dirname(tokenPath));
+        writeFileSync(tokenPath, `${generatedToken}\n`, { encoding: 'utf8', mode: 0o600 });
+        return generatedToken;
+    }
+    throw new Error(`missing token for ${agent.name}: ${tokenPath}. Run provisioning before launching relay.`);
+}
+async function ensureServices(authBase, fileBase, deps, log, error) {
+    const needsLocalAuth = isLocalBaseUrl(authBase);
+    const needsLocalFile = isLocalBaseUrl(fileBase);
+    if (!needsLocalAuth && !needsLocalFile) {
+        return;
+    }
+    const authHealthy = !needsLocalAuth || (await waitForHttpHealthy(authBase));
+    const fileHealthy = !needsLocalFile || (await waitForHttpHealthy(fileBase));
+    if (authHealthy && fileHealthy)
+        return;
+    if (typeof deps?.ensureServicesRunning === 'function') {
+        await deps.ensureServicesRunning(authBase, fileBase);
+        const postAuthHealthy = !needsLocalAuth || (await waitForHttpHealthy(authBase));
+        const postFileHealthy = !needsLocalFile || (await waitForHttpHealthy(fileBase));
+        if (postAuthHealthy && postFileHealthy)
+            return;
+    }
+    if (typeof deps?.startServices === 'function') {
+        await deps.startServices({ authBase, fileBase });
+        const postAuthHealthy = !needsLocalAuth || (await waitForHttpHealthy(authBase));
+        const postFileHealthy = !needsLocalFile || (await waitForHttpHealthy(fileBase));
+        if (postAuthHealthy && postFileHealthy)
+            return;
+    }
+    error('Relay services are not ready.');
+    if (needsLocalAuth) {
+        error(`- relayauth (${authBase}/health): ${authHealthy ? 'healthy' : 'unhealthy'}`);
+    }
+    if (needsLocalFile) {
+        error(`- relayfile (${fileBase}/health): ${fileHealthy ? 'healthy' : 'unhealthy'}`);
+    }
+    throw new Error('Start relay services before running relay on; or pass a dependency that can launch them.');
+}
+async function cleanupRun(state, agentName, log) {
+    if (!state.mountProc && !state.mountDir && !state.mountLogPath)
+        return;
+    const mountDir = state.mountDir;
+    if (state.mountProc) {
+        await killMountProcess(state.mountProc);
+    }
+    let synced = 0;
+    if (mountDir && existsSync(mountDir)) {
+        synced = await syncWritableFilesBack(mountDir, state.projectDir, state.readonlyPatterns, state.ignoredPatterns);
+        log(`  ✓ ${synced} file(s) synced back`);
+        try {
+            rmSync(mountDir, { recursive: true, force: true });
+        }
+        catch {
+            // Workspace cleanup is best-effort.
+        }
+    }
+    log(`Cleaned relay mount for ${agentName}`);
+}
+export async function goOnTheRelay(cli, options, extraArgs, deps = {}) {
+    const log = deps.log ?? ((...args) => console.log(...args));
+    const error = deps.error ?? ((...args) => console.error(...args));
+    const exit = deps.exit ?? ((code) => process.exit(code));
+    const projectDir = process.cwd();
+    const relayDir = path.join(projectDir, '.relay');
+    if (!isCommandAvailable('node') || !isCommandAvailable('npx')) {
+        throw new Error('node and npx must be available in PATH to run relay.');
+    }
+    ensureStateDirs(relayDir);
+    const defaultAgentName = toString(options.agent, path.basename(cli));
+    const config = resolveConfig(projectDir, relayDir, defaultAgentName);
+    const agent = findAgentConfig(config, defaultAgentName);
+    const authBase = normalizeBaseUrl(options.portAuth);
+    const fileBase = normalizeBaseUrl(options.portFile);
+    const mountBin = process.env.RELAYFILE_ROOT
+        ? path.join(process.env.RELAYFILE_ROOT, 'bin', 'relayfile-mount')
+        : await ensureRelayfileMountBinary();
+    if (!existsSync(mountBin)) {
+        throw new Error(`missing relayfile mount binary: ${mountBin}`);
+    }
+    await ensureServices(authBase, fileBase, deps, log, error);
+    const workspaceSession = await requestWorkspaceSession({
+        authBase,
+        fallbackRelayfileUrl: fileBase,
+        requestedWorkspaceId: options.workspace,
+        workspaceName: config.workspace,
+        agentName: agent.name,
+        scopes: agent.scopes,
+        signingSecret: config.signing_secret,
+        relayDir,
+        relaycastBaseUrl: process.env.RELAYCAST_BASE_URL,
+        fetchFn: deps.fetch,
+    });
+    // Compile dotfile permissions for this agent
+    const hasDots = hasDotfiles(projectDir);
+    const dotfileAcl = hasDots ? compileDotfiles(projectDir, agent.name, workspaceSession.workspaceId) : null;
+    if (workspaceSession.created) {
+        const seedExcludes = [...DEFAULT_SEED_EXCLUDES];
+        if (dotfileAcl) {
+            // Add ignored patterns so ignored files are never uploaded
+            for (const [dir, rules] of Object.entries(dotfileAcl.acl)) {
+                if (rules.some((r) => r.startsWith('deny:agent:'))) {
+                    seedExcludes.push(dir.replace(/^\//, ''));
+                }
+            }
+        }
+        await seedWorkspaceFiles(workspaceSession.relayfileUrl, workspaceSession.token, workspaceSession.workspaceId, projectDir, seedExcludes);
+        if (dotfileAcl && Object.keys(dotfileAcl.acl).length > 0) {
+            await seedAclRules(workspaceSession.relayfileUrl, workspaceSession.token, workspaceSession.workspaceId, dotfileAcl.acl);
+            // Write compiled ACL for mount to read
+            const bundlePath = path.join(relayDir, 'compiled-acl.json');
+            writeFileSync(bundlePath, JSON.stringify({
+                workspace: workspaceSession.workspaceId,
+                acl: dotfileAcl.acl,
+                summary: dotfileAcl.summary,
+                agents: [{ name: agent.name, summary: dotfileAcl.summary }],
+            }, null, 2) + '\n', { encoding: 'utf8' });
+        }
+    }
+    const mountDir = path.join(relayDir, `workspace-${sanitizePathComponent(workspaceSession.workspaceId)}-${sanitizePathComponent(agent.name)}`);
+    mkdirSync(mountDir, { recursive: true });
+    const mountLogPath = path.join(relayDir, 'logs', `${agent.name}-mount.log`);
+    writeFileSync(mountLogPath, '', 'utf8');
+    const mountBaseArgs = [
+        '--base-url',
+        workspaceSession.relayfileUrl,
+        '--workspace',
+        workspaceSession.workspaceId,
+        '--local-dir',
+        mountDir,
+    ];
+    const onceArgs = [...mountBaseArgs, '--once'];
+    const mountEnv = { ...process.env, RELAYFILE_TOKEN: workspaceSession.token };
+    let initialSyncOutput = '';
+    log(`Mounting workspace at ${mountDir}...`);
+    try {
+        initialSyncOutput = await runCommandCapture(mountBin, onceArgs, mountEnv);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        throw new Error(`initial workspace sync failed for ${agent.name}: ${message}`);
+    }
+    const deniedCount = pickDeniedCount(initialSyncOutput);
+    const compiledPath = path.join(relayDir, 'compiled-acl.json');
+    const compiled = extractPermissionPatternsFromCompiled(compiledPath, agent.name);
+    const fallback = collectPermissionPatternsFromDotfiles(projectDir);
+    const readonlyPatterns = compiled.readonlyPatterns.length > 0 ? compiled.readonlyPatterns : fallback.readonlyPatterns;
+    const ignoredPatterns = compiled.ignoredPatterns.length > 0 ? compiled.ignoredPatterns : fallback.ignoredPatterns;
+    const permsDoc = buildPermissionDoc(agent.name, readonlyPatterns, ignoredPatterns);
+    writeFileSync(path.join(mountDir, '_PERMISSIONS.md'), permsDoc, 'utf8');
+    const projectDeny = path.join(projectDir, '.agentdeny');
+    if (existsSync(projectDeny)) {
+        cpSync(projectDeny, path.join(mountDir, '.agentdeny'), { force: true });
+    }
+    const mountedFiles = countFilesForSync(mountDir);
+    log(`On the relay as ${agent.name}`);
+    log(`  Workspace: ${workspaceSession.workspaceId}`);
+    log(`  Join: ${workspaceSession.joinCommand}`);
+    log(`  Mounted files: ${mountedFiles}`);
+    log(`  Permissions denied (initial sync): ${deniedCount}`);
+    const sandboxFlags = getSandboxFlags(cli);
+    if (sandboxFlags.length > 0) {
+        log(`  Sandbox: relay-enforced (${sandboxFlags.join(' ')})`);
+        log(`  ⚠ Agent CLI sandbox bypassed — relay file permissions are the only safety layer`);
+    }
+    const cleanupState = {
+        mountDir,
+        mountLogPath,
+        projectDir,
+        relayDir,
+        workspace: workspaceSession.workspaceId,
+        readonlyPatterns,
+        ignoredPatterns,
+    };
+    let mountProc;
+    let agentProc;
+    let cleanupDone = false;
+    const finalizeCleanup = async () => {
+        if (cleanupDone)
+            return;
+        cleanupDone = true;
+        cleanupState.mountProc = mountProc;
+        await cleanupRun(cleanupState, agent.name, log);
+    };
+    try {
+        const mountedProc = spawn(mountBin, mountBaseArgs, {
+            stdio: ['pipe', 'pipe', 'pipe'],
+            env: mountEnv,
+        });
+        mountProc = mountedProc;
+        mountedProc.stdout.on('data', (chunk) => {
+            appendFileSync(mountLogPath, chunk);
+        });
+        mountedProc.stderr.on('data', (chunk) => {
+            appendFileSync(mountLogPath, chunk);
+        });
+        await new Promise((resolve, reject) => {
+            const timer = setTimeout(() => resolve(), 600);
+            mountedProc.on('error', (spawnError) => {
+                clearTimeout(timer);
+                reject(spawnError);
+            });
+            mountedProc.on('spawn', () => {
+                clearTimeout(timer);
+                resolve();
+            });
+        });
+        if (!ensureProcessRunning(mountedProc)) {
+            throw new Error(`mount process for ${agent.name} exited before continuing`);
+        }
+        cleanupState.mountProc = mountProc;
+        let agentExitCode = 0;
+        await new Promise((resolve, reject) => {
+            const envVars = {
+                ...process.env,
+                RELAYFILE_TOKEN: workspaceSession.token,
+                RELAYFILE_BASE_URL: workspaceSession.relayfileUrl,
+                RELAYFILE_WORKSPACE: workspaceSession.workspaceId,
+                RELAY_WORKSPACE_ID: workspaceSession.workspaceId,
+                RELAY_DEFAULT_WORKSPACE: workspaceSession.workspaceId,
+                RELAY_WORKSPACE: mountDir,
+                RELAY_AGENT_NAME: agent.name,
+                ...(workspaceSession.relaycastApiKey
+                    ? {
+                        RELAY_API_KEY: workspaceSession.relaycastApiKey,
+                        RELAY_WORKSPACES_JSON: JSON.stringify([
+                            {
+                                workspace_id: workspaceSession.workspaceId,
+                                api_key: workspaceSession.relaycastApiKey,
+                            },
+                        ]),
+                    }
+                    : {}),
+            };
+            agentProc = spawn(cli, [...sandboxFlags, ...extraArgs], {
+                cwd: mountDir,
+                stdio: 'inherit',
+                env: envVars,
+            });
+            let cleanupInProgress;
+            const cleanupHook = () => {
+                if (agentProc && !agentProc.killed) {
+                    agentProc.kill('SIGTERM');
+                }
+                // Wait for the agent process to exit so agentExitCode is set by the close handler,
+                // then ensure cleanup completes before resolving — avoids data loss from premature exit
+                cleanupInProgress = new Promise((r) => {
+                    if (!agentProc || agentProc.exitCode !== null) {
+                        r();
+                        return;
+                    }
+                    const t = setTimeout(r, 2000);
+                    agentProc.once('close', () => {
+                        clearTimeout(t);
+                        r();
+                    });
+                })
+                    .then(() => finalizeCleanup())
+                    .then(() => resolve());
+            };
+            process.once('SIGINT', cleanupHook);
+            process.once('SIGTERM', cleanupHook);
+            agentProc.on('error', (err) => {
+                process.removeListener('SIGINT', cleanupHook);
+                process.removeListener('SIGTERM', cleanupHook);
+                reject(err);
+            });
+            agentProc.on('close', (code, signal) => {
+                process.removeListener('SIGINT', cleanupHook);
+                process.removeListener('SIGTERM', cleanupHook);
+                if (typeof code === 'number') {
+                    agentExitCode = code;
+                }
+                else if (signal === 'SIGINT') {
+                    agentExitCode = 130;
+                }
+                else if (signal === 'SIGTERM') {
+                    agentExitCode = 143;
+                }
+                else {
+                    agentExitCode = 1;
+                }
+                // If cleanup was triggered by a signal, wait for it to finish
+                if (cleanupInProgress) {
+                    cleanupInProgress.then(() => resolve());
+                }
+                else {
+                    resolve();
+                }
+            });
+            // Finalization happens in outer finally.
+        });
+        await finalizeCleanup();
+        log('Off the relay.');
+        exit(agentExitCode);
+    }
+    finally {
+        await finalizeCleanup();
+    }
+}
+//# sourceMappingURL=start.js.map