aicomputer 0.1.12 → 0.1.14

package/README.md

@@ -8,6 +8,12 @@ Agent Computer CLI for creating, opening, and managing computers from the termin
 npm install -g aicomputer
 ```
 
+Upgrade the installed CLI later with:
+
+```bash
+computer upgrade
+```
+
 Or run it directly with Nix:
 
 ```bash
@@ -78,6 +84,7 @@ After installing, use the `computer` command:
 
 ```bash
 computer login
+computer upgrade
 computer login --api-key <ac_live_...>
 computer claude-login
 computer codex-login
@@ -90,14 +97,15 @@ computer ssh my-box
 computer ssh --setup
 computer agent agents my-box
 computer agent sessions list my-box
-computer agent prompt my-box "inspect /workspace" --agent codex
-computer fleet status
+computer agent prompt my-box "inspect /home/node/workspace-my-box" --agent codex
 computer acp serve my-box --agent codex
 ```
 
 `computer login` authenticates the CLI against Agent Computer. Use
 `computer claude-login` and `computer codex-login` to install Claude Code or
-Codex credentials onto a machine after the CLI is already logged in.
+Codex credentials onto a machine after the CLI is already logged in. Use
+`computer upgrade` to update a global npm install or the matching Nix profile
+entry.
 
 Run `computer ssh` without a handle in an interactive terminal to pick from your available machines.
 
@@ -108,6 +116,6 @@ ssh agentcomputer.ai
 ssh my-box@agentcomputer.ai
 ```
 
-Use `computer agent` to inspect agents on one machine and manage remote sessions. Use `computer fleet status` to see active agent work across every machine in your fleet.
+Use `computer agent` to inspect agents on one machine and manage remote sessions. Use `computer acp serve` when you want to expose one remote session through a local ACP bridge.
 
 You can also run without a global install via `npx aicomputer <command>`.

package/dist/index.js

@@ -1,13 +1,12 @@
 #!/usr/bin/env node
 
 // src/index.ts
-import { Command as Command12 } from "commander";
-import chalk12 from "chalk";
-import { readFileSync as readFileSync3 } from "fs";
+import { Command as Command13 } from "commander";
+import chalk13 from "chalk";
+import { readFileSync as readFileSync4 } from "fs";
 import { basename as basename2 } from "path";
 
 // src/commands/access.ts
-import { spawn } from "child_process";
 import { Command } from "commander";
 import chalk3 from "chalk";
 import ora from "ora";
@@ -447,6 +446,59 @@ async function generateSSHKey() {
   return { publicKeyPath, privateKeyPath };
 }
 
+// src/lib/ssh-access.ts
+import { spawn } from "child_process";
+async function prepareSSHConnection(computer) {
+  const registered = await ensureDefaultSSHKeyRegistered();
+  const info = await getConnectionInfo(computer.id);
+  if (!info.connection.ssh_available) {
+    throw new Error("SSH is not available for this computer");
+  }
+  return {
+    computer,
+    command: formatSSHCommand(
+      info.connection.ssh_user,
+      info.connection.ssh_host,
+      info.connection.ssh_port
+    ),
+    args: [
+      "-i",
+      registered.privateKeyPath,
+      "-p",
+      String(info.connection.ssh_port),
+      `${info.connection.ssh_user}@${info.connection.ssh_host}`
+    ]
+  };
+}
+async function prepareSSHConnectionByIdentifier(identifier) {
+  const computer = await resolveComputer(identifier);
+  return prepareSSHConnection(computer);
+}
+async function openSSHConnection(connection) {
+  await new Promise((resolve, reject) => {
+    const child = spawn("ssh", connection.args, {
+      stdio: "inherit"
+    });
+    child.on("error", reject);
+    child.on("exit", (code) => {
+      if (code === 0) {
+        resolve();
+        return;
+      }
+      reject(new Error(`ssh exited with code ${code ?? 1}`));
+    });
+  });
+}
+function formatSSHCommand(user, host, port) {
+  if (!user.trim() || !host.trim()) {
+    return "ssh unavailable";
+  }
+  if (port <= 0 || port === 22) {
+    return `ssh ${user}@${host}`;
+  }
+  return `ssh -p ${port} ${user}@${host}`;
+}
+
 // src/lib/open-browser.ts
 import { constants } from "fs";
 import { access } from "fs/promises";
@@ -528,41 +580,39 @@ var openCommand = new Command("open").description("Open a computer in your brows
     await openBrowserURL(access2.access_url);
     console.log(chalk3.dim(`  ${access2.access_url}`));
   } catch (error) {
-    spinner.fail(error instanceof Error ? error.message : "Failed to open computer");
+    spinner.fail(
+      error instanceof Error ? error.message : "Failed to open computer"
+    );
     process.exit(1);
   }
 });
-var sshCommand = new Command("ssh").description("Open an SSH session to a computer").argument("[id-or-handle]", "Computer id or handle").option("--setup", "Register key and configure a global SSH alias").option("--alias <alias>", "SSH host alias", "agentcomputer.ai").option("--host <host>", "SSH gateway host", "ssh.agentcomputer.ai").option("--port <port>", "SSH gateway port", "22").action(async (identifier, options) => {
-  if (options.setup) {
-    await setupSSHAlias(options);
-    return;
-  }
-  const spinner = ora(
-    identifier ? "Preparing SSH access..." : "Fetching computers..."
-  ).start();
-  try {
-    const computer = await resolveSSHComputer(identifier, spinner);
-    const info = await getConnectionInfo(computer.id);
-    if (!info.connection.ssh_available) {
-      throw new Error("SSH is not available for this computer");
+var sshCommand = new Command("ssh").description("Open an SSH session to a computer").argument("[id-or-handle]", "Computer id or handle").option("--setup", "Register key and configure a global SSH alias").option("--alias <alias>", "SSH host alias", "agentcomputer.ai").option("--host <host>", "SSH gateway host", "ssh.agentcomputer.ai").option("--port <port>", "SSH gateway port", "443").action(
+  async (identifier, options) => {
+    if (options.setup) {
+      await setupSSHAlias(options);
+      return;
+    }
+    const spinner = ora(
+      identifier ? "Preparing SSH access..." : "Fetching computers..."
+    ).start();
+    try {
+      const computer = await resolveSSHComputer(identifier, spinner);
+      const connection = await prepareSSHConnection(computer);
+      spinner.succeed(`Connecting to ${chalk3.bold(computer.handle)}`);
+      console.log(chalk3.dim(`  ${connection.command}`));
+      console.log();
+      await openSSHConnection(connection);
+    } catch (error) {
+      spinner.fail(
+        error instanceof Error ? error.message : "Failed to prepare SSH access"
+      );
+      process.exit(1);
     }
-    const registered = await ensureDefaultSSHKeyRegistered();
-    spinner.succeed(`Connecting to ${chalk3.bold(computer.handle)}`);
-    console.log(chalk3.dim(`  ${formatSSHCommand(info.connection.ssh_user, info.connection.ssh_host, info.connection.ssh_port)}`));
-    console.log();
-    await runSSH([
-      "-i",
-      registered.privateKeyPath,
-      "-p",
-      String(info.connection.ssh_port),
-      `${info.connection.ssh_user}@${info.connection.ssh_host}`
-    ]);
-  } catch (error) {
-    spinner.fail(error instanceof Error ? error.message : "Failed to prepare SSH access");
-    process.exit(1);
   }
-});
-var portsCommand = new Command("ports").description("Manage published app ports");
+);
+var portsCommand = new Command("ports").description(
+  "Manage published app ports"
+);
 portsCommand.command("ls").description("List published ports for a computer").argument("<id-or-handle>", "Computer id or handle").action(async (identifier) => {
   const spinner = ora("Fetching ports...").start();
   try {
@@ -588,17 +638,20 @@ portsCommand.command("ls").description("List published ports for a computer").ar
       console.log(
         `  ${padEnd(port.subdomain, subWidth + 2)}${padEnd(String(port.target_port), 8)}${port.protocol}`
       );
-      console.log(
-        `  ${chalk3.dim(url)}`
-      );
+      console.log(`  ${chalk3.dim(url)}`);
     }
     console.log();
   } catch (error) {
-    spinner.fail(error instanceof Error ? error.message : "Failed to fetch ports");
+    spinner.fail(
+      error instanceof Error ? error.message : "Failed to fetch ports"
+    );
     process.exit(1);
   }
 });
-portsCommand.command("publish").description("Publish an HTTP app port").argument("<id-or-handle>", "Computer id or handle").argument("<port>", "Target port").option("--subdomain <value>", "Custom left-hand host label before --<handle>").option("--protocol <value>", "http or https", "http").action(async (identifier, port, options) => {
+portsCommand.command("publish").description("Publish an HTTP app port").argument("<id-or-handle>", "Computer id or handle").argument("<port>", "Target port").option(
+  "--subdomain <value>",
+  "Custom left-hand host label before --<handle>"
+).option("--protocol <value>", "http or https", "http").action(async (identifier, port, options) => {
   const spinner = ora("Publishing port...").start();
   try {
     const targetPort = Number.parseInt(port, 10);
@@ -612,10 +665,14 @@ portsCommand.command("publish").description("Publish an HTTP app port").argument
       protocol: options.protocol
     });
     const url = `https://${published.subdomain}--${computer.handle}.computer.agentcomputer.ai`;
-    spinner.succeed(`Published port ${chalk3.bold(String(published.target_port))}`);
+    spinner.succeed(
+      `Published port ${chalk3.bold(String(published.target_port))}`
+    );
     console.log(chalk3.dim(`  ${url}`));
   } catch (error) {
-    spinner.fail(error instanceof Error ? error.message : "Failed to publish port");
+    spinner.fail(
+      error instanceof Error ? error.message : "Failed to publish port"
+    );
     process.exit(1);
   }
 });
@@ -630,31 +687,18 @@ portsCommand.command("rm").description("Unpublish an app port").argument("<id-or
     await deletePublishedPort(computer.id, targetPort);
     spinner.succeed(`Removed port ${chalk3.bold(String(targetPort))}`);
   } catch (error) {
-    spinner.fail(error instanceof Error ? error.message : "Failed to remove port");
+    spinner.fail(
+      error instanceof Error ? error.message : "Failed to remove port"
+    );
     process.exit(1);
   }
 });
-async function runSSH(args) {
-  await new Promise((resolve, reject) => {
-    const child = spawn("ssh", args, {
-      stdio: "inherit"
-    });
-    child.on("error", reject);
-    child.on("exit", (code) => {
-      if (code === 0) {
-        resolve();
-        return;
-      }
-      reject(new Error(`ssh exited with code ${code ?? 1}`));
-    });
-  });
-}
 async function setupSSHAlias(options) {
   const spinner = ora("Configuring global SSH access...").start();
   try {
     const alias = normalizeSSHAlias(options.alias ?? "agentcomputer.ai");
     const host = normalizeSSHHost(options.host ?? "ssh.agentcomputer.ai");
-    const port = parseSSHPort(options.port ?? "22");
+    const port = parseSSHPort(options.port ?? "443");
     const registered = await ensureDefaultSSHKeyRegistered();
     const configResult = await ensureSSHAliasConfig({
       alias,
@@ -672,7 +716,9 @@ async function setupSSHAlias(options) {
     console.log(`  ${chalk3.bold("Direct:")}  ssh <handle>@${alias}`);
     console.log();
   } catch (error) {
-    spinner.fail(error instanceof Error ? error.message : "Failed to configure SSH alias");
+    spinner.fail(
+      error instanceof Error ? error.message : "Failed to configure SSH alias"
+    );
     process.exit(1);
   }
 }
@@ -682,7 +728,9 @@ function normalizeSSHAlias(value) {
     throw new Error("ssh alias cannot be empty");
   }
   if (!/^[A-Za-z0-9._-]+$/.test(alias)) {
-    throw new Error("ssh alias may contain only letters, numbers, dot, dash, or underscore");
+    throw new Error(
+      "ssh alias may contain only letters, numbers, dot, dash, or underscore"
+    );
   }
   return alias;
 }
@@ -703,15 +751,6 @@ function parseSSHPort(value) {
   }
   return parsed;
 }
-function formatSSHCommand(user, host, port) {
-  if (!user.trim() || !host.trim()) {
-    return "ssh unavailable";
-  }
-  if (port <= 0 || port === 22) {
-    return `ssh ${user}@${host}`;
-  }
-  return `ssh -p ${port} ${user}@${host}`;
-}
 async function resolveSSHComputer(identifier, spinner) {
   const trimmed = identifier?.trim();
   if (trimmed) {
@@ -720,7 +759,10 @@ async function resolveSSHComputer(identifier, spinner) {
   const computers = await listComputers();
   spinner.stop();
   try {
-    return await promptForSSHComputer(computers, "Select a computer to SSH into");
+    return await promptForSSHComputer(
+      computers,
+      "Select a computer to SSH into"
+    );
   } finally {
     spinner.start("Preparing SSH access...");
   }
@@ -740,10 +782,6 @@ async function listAgentSessions(computerID) {
   const response = await api(`/v1/computers/${computerID}/agent-sessions`);
   return response.sessions;
 }
-async function listFleetAgentSessions() {
-  const response = await api("/v1/fleet/agent-sessions");
-  return response.sessions;
-}
 async function createAgentSession(computerID, input) {
   const response = await api(`/v1/computers/${computerID}/agent-sessions`, {
     method: "POST",
@@ -1499,29 +1537,6 @@ agentCommand.command("close").description("Close and delete a machine agent sess
     process.exit(1);
   }
 });
-var fleetCommand = new Command3("fleet").description("View agent activity across your fleet");
-fleetCommand.command("status").description("List open agent sessions across all machines").option("--json", "Print raw JSON").action(async (options) => {
-  const spinner = options.json ? null : ora2("Fetching fleet status...").start();
-  try {
-    const [sessions, computers] = await Promise.all([
-      listFleetAgentSessions(),
-      listComputers()
-    ]);
-    spinner?.stop();
-    if (options.json) {
-      console.log(JSON.stringify({ sessions }, null, 2));
-      return;
-    }
-    const handleByComputerID = new Map(computers.map((computer) => [computer.id, computer.handle]));
-    printSessions(sessions, handleByComputerID);
-  } catch (error) {
-    spinner?.fail(error instanceof Error ? error.message : "Failed to fetch fleet status");
-    if (!spinner) {
-      console.error(error instanceof Error ? error.message : "Failed to fetch fleet status");
-    }
-    process.exit(1);
-  }
-});
 
 // src/commands/claude-auth.ts
 import { randomBytes as randomBytes2, createHash } from "crypto";
@@ -1736,6 +1751,16 @@ var CLAUDE_OAUTH_TOKEN_URL = process.env.CLAUDE_OAUTH_TOKEN_URL ?? "https://plat
 var CLAUDE_OAUTH_REDIRECT_URL = process.env.CLAUDE_OAUTH_REDIRECT_URL ?? "https://platform.claude.com/oauth/code/callback";
 var CLAUDE_OAUTH_SCOPES = (process.env.CLAUDE_OAUTH_SCOPES ?? "user:profile user:inference user:sessions:claude_code user:mcp_servers user:file_upload").split(/\s+/).filter(Boolean);
 var claudeLoginCommand = new Command4("claude-login").alias("claude-auth").description("Authenticate Claude Code on a computer").option("--machine <id-or-handle>", "Use a specific computer").option("--keep-helper", "Keep a temporary helper machine if one is created").option("--skip-cross-check", "Skip verification on a second shared machine").option("--verbose", "Show step-by-step auth diagnostics").action(async (options) => {
+  try {
+    await runClaudeLogin(options);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Failed to authenticate Claude";
+    console.error(chalk5.red(`
+${message}`));
+    process.exit(1);
+  }
+});
+async function runClaudeLogin(options) {
   const todos = createTodoList();
   let target = null;
   let helperCreated = false;
@@ -1749,12 +1774,7 @@ var claudeLoginCommand = new Command4("claude-login").alias("claude-auth").descr
     target = prepared.computer;
     helperCreated = prepared.helperCreated;
     sharedInstall = prepared.sharedInstall;
-    markTodo(
-      todos,
-      "target",
-      "done",
-      prepared.detail
-    );
+    markTodo(todos, "target", "done", prepared.detail);
     activeTodoID = "ready";
     target = await waitForRunning(target);
     markTodo(todos, "ready", "done", `${target.handle} is running`);
@@ -1771,7 +1791,10 @@ var claudeLoginCommand = new Command4("claude-login").alias("claude-auth").descr
       sharedInstall ? `installed Claude login on shared home via ${target.handle}` : `installed Claude login on ${target.handle}`
     );
     activeTodoID = "verify-primary";
-    const primaryVerification = await verifyTargetMachine(target.handle, sshTarget);
+    const primaryVerification = await verifyTargetMachine(
+      target.handle,
+      sshTarget
+    );
     markVerificationTodo(
       todos,
       "verify-primary",
@@ -1817,12 +1840,7 @@ var claudeLoginCommand = new Command4("claude-login").alias("claude-auth").descr
         markTodo(todos, "cleanup", "failed", message);
       }
     } else if (helperCreated && target && options.keepHelper) {
-      markTodo(
-        todos,
-        "cleanup",
-        "skipped",
-        `kept helper ${target.handle}`
-      );
+      markTodo(todos, "cleanup", "skipped", `kept helper ${target.handle}`);
     } else {
       markTodo(todos, "cleanup", "skipped", "no helper created");
     }
@@ -1831,9 +1849,7 @@ var claudeLoginCommand = new Command4("claude-login").alias("claude-auth").descr
     }
   }
   if (failureMessage) {
-    console.error(chalk5.red(`
-${failureMessage}`));
-    process.exit(1);
+    throw new Error(failureMessage);
   }
   if (target) {
     console.log(
@@ -1841,15 +1857,23 @@ ${failureMessage}`));
     );
     console.log();
   }
-});
+}
 function createTodoList() {
   return [
     { id: "target", label: "Pick target computer", state: "pending" },
     { id: "ready", label: "Wait for machine readiness", state: "pending" },
     { id: "oauth", label: "Complete Claude browser auth", state: "pending" },
     { id: "install", label: "Install stored Claude login", state: "pending" },
-    { id: "verify-primary", label: "Verify on target machine", state: "pending" },
-    { id: "verify-shared", label: "Verify shared-home propagation", state: "pending" },
+    {
+      id: "verify-primary",
+      label: "Verify on target machine",
+      state: "pending"
+    },
+    {
+      id: "verify-shared",
+      label: "Verify shared-home propagation",
+      state: "pending"
+    },
     { id: "cleanup", label: "Clean up temporary helper", state: "pending" }
   ];
 }
@@ -1889,10 +1913,14 @@ async function prepareTargetMachine(options) {
 async function runManualOAuthFlow() {
   const codeVerifier = base64url(randomBytes2(32));
   const state = randomBytes2(16).toString("hex");
-  const codeChallenge = base64url(createHash("sha256").update(codeVerifier).digest());
+  const codeChallenge = base64url(
+    createHash("sha256").update(codeVerifier).digest()
+  );
   const url = buildAuthorizationURL(codeChallenge, state);
   console.log("We will open your browser so you can authenticate with Claude.");
-  console.log("If the browser does not open automatically, use the URL below:\n");
+  console.log(
+    "If the browser does not open automatically, use the URL below:\n"
+  );
   console.log(url);
   console.log();
   try {
@@ -1903,7 +1931,9 @@ async function runManualOAuthFlow() {
   console.log(
     "After completing authentication, copy the code shown on the success page."
   );
-  console.log("You can paste either the full URL, or a value formatted as CODE#STATE.\n");
+  console.log(
+    "You can paste either the full URL, or a value formatted as CODE#STATE.\n"
+  );
   const pasted = (await textInput({
     message: "Paste the authorization code (or URL) here:"
   })).trim();
@@ -1970,7 +2000,9 @@ function parseAuthorizationInput(value, expectedState) {
       throw new Error("pasted URL is missing code or state");
     }
     if (state2 !== expectedState) {
-      throw new Error("state mismatch detected; restart the authentication flow");
+      throw new Error(
+        "state mismatch detected; restart the authentication flow"
+      );
     }
     return { code: code2, state: state2 };
   }
@@ -1984,10 +2016,16 @@ function parseAuthorizationInput(value, expectedState) {
   return { code, state };
 }
 async function installClaudeAuth(target, oauth) {
-  const spinner = ora4(`Installing Claude auth on ${chalk5.bold(target.handle)}...`).start();
+  const spinner = ora4(
+    `Installing Claude auth on ${chalk5.bold(target.handle)}...`
+  ).start();
   try {
     const installScript = buildInstallScript(oauth.refreshToken, oauth.scope);
-    const result = await runRemoteCommand(target, ["bash", "-s"], installScript);
+    const result = await runRemoteCommand(
+      target,
+      ["bash", "-s"],
+      installScript
+    );
     if (result.stdout.trim()) {
       spinner.succeed(`Installed Claude auth on ${chalk5.bold(target.handle)}`);
       return;
@@ -2001,7 +2039,9 @@ async function installClaudeAuth(target, oauth) {
   }
 }
 async function verifyTargetMachine(handle, target) {
-  const spinner = ora4(`Verifying Claude login on ${chalk5.bold(handle)}...`).start();
+  const spinner = ora4(
+    `Verifying Claude login on ${chalk5.bold(handle)}...`
+  ).start();
   const result = await verifyStoredAuth(target);
   if (result.status === "verified") {
     spinner.succeed(`Verified Claude login on ${chalk5.bold(handle)}`);
@@ -2021,7 +2061,9 @@ async function verifySharedInstall(primaryHandle, primaryComputerID, sharedInsta
     verify
   );
   if (result.status === "verified") {
-    spinner.succeed(`Verified shared-home Claude login on ${chalk5.bold(result.handle)}`);
+    spinner.succeed(
+      `Verified shared-home Claude login on ${chalk5.bold(result.handle)}`
+    );
     return result;
   }
   spinner.info(result.reason);
@@ -2598,6 +2640,7 @@ _computer() {
   local -a commands
   commands=(
     'login:Authenticate the CLI'
+    'upgrade:Update the CLI to the latest version'
     'logout:Remove stored API key'
     'whoami:Show current user'
     'claude-login:Authenticate Claude Code on a computer'
@@ -2612,7 +2655,6 @@ _computer() {
     'ssh:SSH into a computer'
     'ports:Manage published ports'
     'agent:Manage cloud agent sessions'
-    'fleet:View agent activity across your fleet'
     'acp:Run a local ACP bridge for remote agent sessions'
     'rm:Delete a computer'
     'completion:Generate shell completions'
@@ -2808,7 +2850,7 @@ var BASH_SCRIPT = `_computer() {
   local cur prev words cword
   _init_completion || return
 
-  local commands="login logout whoami claude-login claude-auth codex-login codex-auth create ls get image open ssh ports agent fleet acp rm completion help"
+  local commands="login upgrade logout whoami claude-login claude-auth codex-login codex-auth create ls get image open ssh ports agent acp rm completion help"
   local ports_commands="ls publish rm"
   local image_commands="ls save default rebuild rm"
 
@@ -2934,6 +2976,16 @@ import { Command as Command7 } from "commander";
 import chalk7 from "chalk";
 import ora6 from "ora";
 var codexLoginCommand = new Command7("codex-login").alias("codex-auth").description("Authenticate Codex on a computer").option("--machine <id-or-handle>", "Use a specific computer").option("--keep-helper", "Keep a temporary helper machine if one is created").option("--skip-cross-check", "Skip verification on a second shared machine").option("--verbose", "Show step-by-step auth diagnostics").action(async (options) => {
+  try {
+    await runCodexLogin(options);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Failed to authenticate Codex";
+    console.error(chalk7.red(`
+${message}`));
+    process.exit(1);
+  }
+});
+async function runCodexLogin(options) {
   const todos = createTodoList2();
   let target = null;
   let helperCreated = false;
@@ -2964,7 +3016,10 @@ var codexLoginCommand = new Command7("codex-login").alias("codex-auth").descript
       sharedInstall ? `installed Codex login on shared home via ${target.handle}` : `installed Codex login on ${target.handle}`
     );
     activeTodoID = "verify-primary";
-    const primaryVerification = await verifyTargetMachine2(target.handle, sshTarget);
+    const primaryVerification = await verifyTargetMachine2(
+      target.handle,
+      sshTarget
+    );
     markVerificationTodo2(
       todos,
       "verify-primary",
@@ -3019,9 +3074,7 @@ var codexLoginCommand = new Command7("codex-login").alias("codex-auth").descript
     }
   }
   if (failureMessage) {
-    console.error(chalk7.red(`
-${failureMessage}`));
-    process.exit(1);
+    throw new Error(failureMessage);
   }
   if (target) {
     console.log(
@@ -3029,15 +3082,23 @@ ${failureMessage}`));
     );
     console.log();
   }
-});
+}
 function createTodoList2() {
   return [
     { id: "target", label: "Pick target computer", state: "pending" },
     { id: "ready", label: "Wait for machine readiness", state: "pending" },
     { id: "local-auth", label: "Complete local Codex auth", state: "pending" },
     { id: "install", label: "Install stored Codex login", state: "pending" },
-    { id: "verify-primary", label: "Verify on target machine", state: "pending" },
-    { id: "verify-shared", label: "Verify shared-home propagation", state: "pending" },
+    {
+      id: "verify-primary",
+      label: "Verify on target machine",
+      state: "pending"
+    },
+    {
+      id: "verify-shared",
+      label: "Verify shared-home propagation",
+      state: "pending"
+    },
     { id: "cleanup", label: "Clean up temporary helper", state: "pending" }
   ];
 }
@@ -3083,10 +3144,16 @@ async function ensureLocalCodexAuth() {
     };
   }
   if (!process.stdin.isTTY || !process.stdout.isTTY) {
-    throw new Error("local Codex login is required when not running interactively");
+    throw new Error(
+      "local Codex login is required when not running interactively"
+    );
   }
-  console.log("We will open your browser so you can authenticate Codex locally.");
-  console.log("If Codex falls back to device auth, complete that flow and return here.\n");
+  console.log(
+    "We will open your browser so you can authenticate Codex locally."
+  );
+  console.log(
+    "If Codex falls back to device auth, complete that flow and return here.\n"
+  );
   await runInteractiveCodexLogin();
   const refreshedStatus = await getLocalCodexStatus();
   if (!refreshedStatus.loggedIn) {
@@ -3166,7 +3233,9 @@ async function captureLocalCommand(command, args) {
   });
 }
 async function installCodexAuth(target, authJSON) {
-  const spinner = ora6(`Installing Codex login on ${chalk7.bold(target.handle)}...`).start();
+  const spinner = ora6(
+    `Installing Codex login on ${chalk7.bold(target.handle)}...`
+  ).start();
   try {
     const installScript = buildInstallScript2(authJSON);
     await runRemoteCommand(target, ["bash", "-s"], installScript);
@@ -3179,7 +3248,9 @@ async function installCodexAuth(target, authJSON) {
   }
 }
 async function verifyTargetMachine2(handle, target) {
-  const spinner = ora6(`Verifying Codex login on ${chalk7.bold(handle)}...`).start();
+  const spinner = ora6(
+    `Verifying Codex login on ${chalk7.bold(handle)}...`
+  ).start();
   const result = await verifyStoredCodexAuth(target);
   if (result.status === "verified") {
     spinner.succeed(`Verified Codex login on ${chalk7.bold(handle)}`);
@@ -3199,7 +3270,9 @@ async function verifySharedInstall2(primaryHandle, primaryComputerID, sharedInst
     verify
   );
   if (result.status === "verified") {
-    spinner.succeed(`Verified shared-home Codex login on ${chalk7.bold(result.handle)}`);
+    spinner.succeed(
+      `Verified shared-home Codex login on ${chalk7.bold(result.handle)}`
+    );
     return result;
   }
   spinner.info(result.reason);
@@ -3653,10 +3726,12 @@ import ora8 from "ora";
 
 // src/lib/browser-login.ts
 import { randomBytes as randomBytes3 } from "crypto";
-import { createServer } from "http";
+import {
+  createServer
+} from "http";
 var CALLBACK_HOST = "127.0.0.1";
 var CALLBACK_PATH = "/callback";
-var LOGIN_TIMEOUT_MS = 5 * 60 * 1e3;
+var LOGIN_TIMEOUT_MS = 15 * 60 * 1e3;
 async function createBrowserLoginAttempt() {
   const state = randomBytes3(16).toString("hex");
   const deferred = createDeferred();
@@ -3736,7 +3811,11 @@ async function handleRequest(input) {
     return;
   }
   if (settledRef.current) {
-    writeHTML(response, 409, renderErrorPage("This login link has already been used."));
+    writeHTML(
+      response,
+      409,
+      renderErrorPage("This login link has already been used.")
+    );
     return;
   }
   const returnedState = url.searchParams.get("state")?.trim();
@@ -3763,6 +3842,9 @@ async function handleRequest(input) {
     writeHTML(response, 400, renderErrorPage(error.message));
     return;
   }
+  const machineHandle = url.searchParams.get("machine_handle")?.trim() || void 0;
+  const provider = parseProvider(url.searchParams.get("provider"));
+  const autoSSH = parseAutoSSH(url.searchParams.get("auto_ssh"));
   try {
     const me = await apiWithKey(apiKey, "/v1/me");
     setAPIKey(apiKey);
@@ -3771,9 +3853,21 @@ async function handleRequest(input) {
       apiKey,
       callbackURL,
       loginURL: buildBrowserLoginURL(callbackURL, state),
-      me
+      me,
+      machineHandle,
+      provider,
+      autoSSH
     });
-    writeHTML(response, 200, renderSuccessPage(me.user.email));
+    writeHTML(
+      response,
+      200,
+      renderSuccessPage({
+        autoSSH,
+        email: me.user.email,
+        machineHandle,
+        provider
+      })
+    );
   } catch (error) {
     settledRef.current = true;
     const message = error instanceof Error ? error.message : "Failed to validate browser login";
@@ -3781,6 +3875,22 @@ async function handleRequest(input) {
     writeHTML(response, 401, renderErrorPage(message));
   }
 }
+function parseProvider(rawValue) {
+  switch (rawValue?.trim()) {
+    case "claude":
+    case "codex":
+    case "skip":
+      return rawValue.trim();
+    default:
+      return void 0;
+  }
+}
+function parseAutoSSH(rawValue) {
+  if (rawValue === null) {
+    return void 0;
+  }
+  return !(rawValue === "0" || rawValue === "false");
+}
 function createDeferred() {
   let resolve;
   let reject;
@@ -3824,7 +3934,9 @@ function writeHTML(response, statusCode, body) {
   response.setHeader("content-type", "text/html; charset=utf-8");
   response.end(body);
 }
-function renderSuccessPage(email) {
+function renderSuccessPage(input) {
+  const providerMessage = input.provider && input.provider !== "skip" ? ` The CLI will continue with ${escapeHTML(input.provider)} setup.` : "";
+  const machineMessage = input.machineHandle ? ` Your new sandbox <code>${escapeHTML(input.machineHandle)}</code> is ready.${providerMessage} Return to the terminal to finish setup.` : " You can close this tab.";
   return `<!doctype html>
 <html lang="en">
 	<head>
@@ -3842,7 +3954,7 @@ function renderSuccessPage(email) {
 	<body>
 		<main>
 			<h1>Computer CLI login complete</h1>
-			<p>Signed in as <code>${escapeHTML(email)}</code>. You can close this tab.</p>
+			<p>Signed in as <code>${escapeHTML(input.email)}</code>.${machineMessage}</p>
 		</main>
 		<script>
 			window.setTimeout(() => window.close(), 150);
@@ -3881,7 +3993,9 @@ var loginCommand = new Command9("login").description("Authenticate the CLI").opt
   const existingKey = getStoredAPIKey();
   if (existingKey && !options.force) {
     console.log();
-    console.log(chalk9.yellow("  Already logged in. Use --force to overwrite."));
+    console.log(
+      chalk9.yellow("  Already logged in. Use --force to overwrite.")
+    );
     console.log();
     return;
   }
@@ -3927,7 +4041,9 @@ async function runBrowserLogin() {
     } catch {
       spinner.stop();
       console.log();
-      console.log(chalk9.yellow("  Browser auto-open failed. Open this URL to continue:"));
+      console.log(
+        chalk9.yellow("  Browser auto-open failed. Open this URL to continue:")
+      );
       console.log(chalk9.dim(`  ${attempt.loginURL}`));
       console.log();
       spinner.start("Waiting for browser login...");
@@ -3935,8 +4051,11 @@ async function runBrowserLogin() {
     spinner.text = "Waiting for browser login...";
     const result = await attempt.waitForResult();
     spinner.succeed(`Logged in as ${chalk9.bold(result.me.user.email)}`);
+    await continueFirstLoginFlow(result);
   } catch (error) {
-    spinner.fail(error instanceof Error ? error.message : "Browser login failed");
+    spinner.fail(
+      error instanceof Error ? error.message : "Browser login failed"
+    );
     process.exit(1);
   } finally {
     await attempt?.close();
@@ -3958,6 +4077,73 @@ async function resolveAPIKeyInput(flagValue, readFromStdin) {
   }
   return Buffer.concat(chunks).toString("utf8").trim();
 }
+async function continueFirstLoginFlow(result) {
+  const machineHandle = result.machineHandle?.trim();
+  if (!machineHandle) {
+    return;
+  }
+  console.log();
+  console.log(
+    chalk9.cyan(
+      `Continuing first-time setup for ${chalk9.bold(machineHandle)}...
+`
+    )
+  );
+  try {
+    await runSelectedProvider(result.provider, machineHandle);
+    if (result.autoSSH === false) {
+      printNextStep(machineHandle);
+      return;
+    }
+    const spinner = ora8(`Preparing SSH access for ${machineHandle}...`).start();
+    try {
+      const connection = await prepareSSHConnectionByIdentifier(machineHandle);
+      spinner.succeed(`Connecting to ${chalk9.bold(machineHandle)}`);
+      console.log(chalk9.dim(`  ${connection.command}`));
+      console.log();
+      await openSSHConnection(connection);
+    } catch (error) {
+      spinner.fail(
+        error instanceof Error ? error.message : "Failed to prepare SSH access"
+      );
+      throw error;
+    }
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Failed to finish first-time setup";
+    console.error(chalk9.red(`
+${message}`));
+    console.log();
+    if (result.provider === "claude") {
+      console.log(
+        chalk9.dim(`  computer claude-login --machine ${machineHandle}`)
+      );
+    } else if (result.provider === "codex") {
+      console.log(
+        chalk9.dim(`  computer codex-login --machine ${machineHandle}`)
+      );
+    }
+    console.log(chalk9.dim(`  computer ssh ${machineHandle}`));
+    console.log();
+    process.exit(1);
+  }
+}
+async function runSelectedProvider(provider, machineHandle) {
+  if (provider === "claude") {
+    await runClaudeLogin({ machine: machineHandle });
+    return;
+  }
+  if (provider === "codex") {
+    await runCodexLogin({ machine: machineHandle });
+    return;
+  }
+  console.log(chalk9.green(`Sandbox ${chalk9.bold(machineHandle)} is ready.`));
+  console.log();
+}
+function printNextStep(machineHandle) {
+  console.log(chalk9.green(`Sandbox ${chalk9.bold(machineHandle)} is ready.`));
+  console.log(chalk9.dim(`  computer ssh ${machineHandle}`));
+  console.log();
+}
 
 // src/commands/logout.ts
 import { Command as Command10 } from "commander";
@@ -3981,12 +4167,180 @@ var logoutCommand = new Command10("logout").description("Remove stored API key")
   console.log();
 });
 
-// src/commands/whoami.ts
+// src/commands/upgrade.ts
+import { spawnSync } from "child_process";
+import { readFileSync as readFileSync3, realpathSync } from "fs";
 import { Command as Command11 } from "commander";
 import chalk11 from "chalk";
 import ora9 from "ora";
-var whoamiCommand = new Command11("whoami").description("Show current user").option("--json", "Print raw JSON").action(async (options) => {
-  const spinner = options.json ? null : ora9("Loading user...").start();
+var pkg2 = JSON.parse(
+  readFileSync3(new URL("../package.json", import.meta.url), "utf8")
+);
+function normalizeVersion(version) {
+  return version.split("-")[0].split(".").map((part) => Number.parseInt(part, 10)).map((part) => Number.isNaN(part) ? 0 : part);
+}
+function compareVersions(a, b) {
+  const left = normalizeVersion(a);
+  const right = normalizeVersion(b);
+  const size = Math.max(left.length, right.length);
+  for (let index = 0; index < size; index += 1) {
+    const diff = (left[index] ?? 0) - (right[index] ?? 0);
+    if (diff !== 0) {
+      return diff;
+    }
+  }
+  return 0;
+}
+function resolveExecutablePath() {
+  const candidate = process.argv[1] || process.execPath;
+  try {
+    return realpathSync(candidate);
+  } catch {
+    return candidate;
+  }
+}
+function detectInstallMethod(executablePath) {
+  const resolved = `${executablePath}\0${process.execPath}`.toLowerCase();
+  if (resolved.includes("/nix/store/") || resolved.includes("\\nix\\store\\")) {
+    return "nix";
+  }
+  if (resolved.includes("/.pnpm/") || resolved.includes("/pnpm/") || resolved.includes("\\pnpm\\")) {
+    return "pnpm";
+  }
+  if (resolved.includes("/.yarn/") || resolved.includes("/yarn/") || resolved.includes("\\yarn\\")) {
+    return "yarn";
+  }
+  if (resolved.includes("/node_modules/") || resolved.includes("\\node_modules\\")) {
+    return "npm";
+  }
+  return "unknown";
+}
+function findNixProfileElement(executablePath) {
+  const result = spawnSync("nix", ["profile", "list", "--json"], {
+    encoding: "utf8"
+  });
+  if (result.status !== 0 || !result.stdout.trim()) {
+    return null;
+  }
+  const profile = JSON.parse(result.stdout);
+  const resolvedExecutable = executablePath.toLowerCase();
+  for (const [name, element] of Object.entries(profile.elements ?? {})) {
+    const storePaths = Array.isArray(element.storePaths) ? element.storePaths.map((storePath) => storePath.toLowerCase()) : [];
+    if (storePaths.some((storePath) => resolvedExecutable.startsWith(storePath))) {
+      return name;
+    }
+  }
+  for (const [name, element] of Object.entries(profile.elements ?? {})) {
+    const originalUrl = String(element.originalUrl ?? "").toLowerCase();
+    if (originalUrl.includes("agentcomputer") || originalUrl.includes("apps/cli")) {
+      return name;
+    }
+  }
+  return null;
+}
+function resolveUpgradeCommand(method, executablePath) {
+  const packageName = pkg2.name ?? "aicomputer";
+  switch (method) {
+    case "nix": {
+      const element = findNixProfileElement(executablePath);
+      if (!element) {
+        throw new Error(
+          "Nix install detected, but no matching Nix profile entry was found. Rerun your original Nix install command or update that profile manually."
+        );
+      }
+      return {
+        command: "nix",
+        args: ["profile", "upgrade", element],
+        label: `nix profile upgrade ${element}`
+      };
+    }
+    case "pnpm":
+      return {
+        command: "pnpm",
+        args: ["add", "-g", `${packageName}@latest`],
+        label: `pnpm add -g ${packageName}@latest`
+      };
+    case "yarn":
+      return {
+        command: "yarn",
+        args: ["global", "add", `${packageName}@latest`],
+        label: `yarn global add ${packageName}@latest`
+      };
+    case "npm":
+    case "unknown":
+      return {
+        command: "npm",
+        args: ["install", "-g", `${packageName}@latest`],
+        label: `npm install -g ${packageName}@latest`
+      };
+  }
+}
+async function getLatestVersion(packageName) {
+  const response = await fetch(`https://registry.npmjs.org/${packageName}/latest`);
+  if (!response.ok) {
+    throw new Error(`Failed to check npm registry (${response.status})`);
+  }
+  const payload = await response.json();
+  if (!payload.version) {
+    throw new Error("Registry response missing version");
+  }
+  return payload.version;
+}
+var upgradeCommand = new Command11("upgrade").description("Update the CLI to the latest version").action(async () => {
+  const currentVersion = pkg2.version ?? "0.0.0";
+  const packageName = pkg2.name ?? "aicomputer";
+  const spinner = ora9("Checking for updates...").start();
+  let latestVersion;
+  try {
+    latestVersion = await getLatestVersion(packageName);
+  } catch (error) {
+    spinner.fail(
+      error instanceof Error ? error.message : "Failed to check for updates"
+    );
+    process.exit(1);
+    return;
+  }
+  if (compareVersions(latestVersion, currentVersion) <= 0) {
+    spinner.succeed(`You're up to date (v${currentVersion}).`);
+    return;
+  }
+  const executablePath = resolveExecutablePath();
+  const method = detectInstallMethod(executablePath);
+  let upgrade;
+  try {
+    upgrade = resolveUpgradeCommand(method, executablePath);
+  } catch (error) {
+    spinner.fail(
+      error instanceof Error ? error.message : "Failed to prepare upgrade"
+    );
+    process.exit(1);
+    return;
+  }
+  spinner.stop();
+  console.log();
+  console.log(
+    chalk11.dim(`  Updating ${chalk11.bold(`v${currentVersion}`)} -> ${chalk11.bold(`v${latestVersion}`)}`)
+  );
+  console.log(chalk11.dim(`  ${upgrade.label}`));
+  console.log();
+  const result = spawnSync(upgrade.command, upgrade.args, {
+    stdio: "inherit"
+  });
+  if (result.status === 0) {
+    console.log();
+    console.log(chalk11.green(`  Updated to v${latestVersion}.`));
+    console.log();
+    return;
+  }
+  process.exit(result.status ?? 1);
+});
+
+// src/commands/whoami.ts
+import { Command as Command12 } from "commander";
+import chalk12 from "chalk";
+import ora10 from "ora";
+var whoamiCommand = new Command12("whoami").description("Show current user").option("--json", "Print raw JSON").action(async (options) => {
+  const spinner = options.json ? null : ora10("Loading user...").start();
   try {
     const me = await api("/v1/me");
     spinner?.stop();
@@ -3995,14 +4349,14 @@ var whoamiCommand = new Command11("whoami").description("Show current user").opt
       return;
     }
     console.log();
-    console.log(`  ${chalk11.bold.white(me.user.display_name || me.user.email)}`);
+    console.log(`  ${chalk12.bold.white(me.user.display_name || me.user.email)}`);
     if (me.user.display_name) {
-      console.log(`  ${chalk11.dim(me.user.email)}`);
+      console.log(`  ${chalk12.dim(me.user.email)}`);
     }
     if (me.api_key.name) {
-      console.log(`  ${chalk11.dim("Key:")}  ${me.api_key.name}`);
+      console.log(`  ${chalk12.dim("Key:")}  ${me.api_key.name}`);
     }
-    console.log(`  ${chalk11.dim("API:")}  ${chalk11.dim(getBaseURL())}`);
+    console.log(`  ${chalk12.dim("API:")}  ${chalk12.dim(getBaseURL())}`);
     console.log();
   } catch (error) {
     if (spinner) {
@@ -4015,19 +4369,19 @@ var whoamiCommand = new Command11("whoami").description("Show current user").opt
 });
 
 // src/index.ts
-var pkg2 = JSON.parse(
-  readFileSync3(new URL("../package.json", import.meta.url), "utf8")
+var pkg3 = JSON.parse(
+  readFileSync4(new URL("../package.json", import.meta.url), "utf8")
 );
 var cliName = process.argv[1] ? basename2(process.argv[1]) : "agentcomputer";
-var program = new Command12();
+var program = new Command13();
 function appendTextSection(lines, title, values) {
   if (values.length === 0) {
     return;
   }
-  lines.push(`  ${chalk12.dim(title)}`);
+  lines.push(`  ${chalk13.dim(title)}`);
   lines.push("");
   for (const value of values) {
-    lines.push(`    ${chalk12.white(value)}`);
+    lines.push(`    ${chalk13.white(value)}`);
   }
   lines.push("");
 }
@@ -4036,10 +4390,10 @@ function appendTableSection(lines, title, entries) {
     return;
   }
   const width = Math.max(...entries.map((entry) => entry.term.length), 0) + 2;
-  lines.push(`  ${chalk12.dim(title)}`);
+  lines.push(`  ${chalk13.dim(title)}`);
   lines.push("");
   for (const entry of entries) {
-    lines.push(`    ${chalk12.white(padEnd(entry.term, width))}${chalk12.dim(entry.desc)}`);
+    lines.push(`    ${chalk13.white(padEnd(entry.term, width))}${chalk13.dim(entry.desc)}`);
   }
   lines.push("");
 }
@@ -4053,7 +4407,7 @@ function commandPath(cmd) {
   return parts.join(" ");
 }
 function formatRootHelp(cmd) {
-  const version = pkg2.version ?? "0.0.0";
+  const version = pkg3.version ?? "0.0.0";
   const lines = [];
   const groups = [
     ["Auth", []],
@@ -4064,10 +4418,10 @@ function formatRootHelp(cmd) {
     ["Other", []]
   ];
   const otherGroup = groups.find(([name]) => name === "Other")[1];
-  lines.push(`${chalk12.bold(cliName)} ${chalk12.dim(`v${version}`)}`);
+  lines.push(`${chalk13.bold(cliName)} ${chalk13.dim(`v${version}`)}`);
   lines.push("");
   if (cmd.description()) {
-    lines.push(`  ${chalk12.dim(cmd.description())}`);
+    lines.push(`  ${chalk13.dim(cmd.description())}`);
     lines.push("");
   }
   appendTextSection(lines, "Usage", [`${cliName} <command> [options]`]);
@@ -4082,7 +4436,7 @@ function formatRootHelp(cmd) {
       groups[2][1].push(entry);
     } else if (["open", "ssh", "ports"].includes(name)) {
       groups[3][1].push(entry);
-    } else if (["agent", "fleet", "acp"].includes(name)) {
+    } else if (["agent", "acp"].includes(name)) {
       groups[4][1].push(entry);
     } else {
       otherGroup.push(entry);
@@ -4118,10 +4472,10 @@ function formatSubcommandHelp(cmd, helper) {
     term: helper.optionTerm(option),
     desc: helper.optionDescription(option)
   }));
-  lines.push(chalk12.bold(commandPath(cmd)));
+  lines.push(chalk13.bold(commandPath(cmd)));
   lines.push("");
   if (description) {
-    lines.push(`  ${chalk12.dim(description)}`);
+    lines.push(`  ${chalk13.dim(description)}`);
     lines.push("");
   }
   appendTextSection(lines, "Usage", [helper.commandUsage(cmd)]);
@@ -4144,8 +4498,9 @@ function applyHelpFormatting(cmd) {
     applyHelpFormatting(subcommand);
   }
 }
-program.name(cliName).description("Agent Computer CLI").version(pkg2.version ?? "0.0.0").option("-y, --yes", "Skip confirmation prompts");
+program.name(cliName).description("Agent Computer CLI").version(pkg3.version ?? "0.0.0").option("-y, --yes", "Skip confirmation prompts");
 program.addCommand(loginCommand);
+program.addCommand(upgradeCommand);
 program.addCommand(logoutCommand);
 program.addCommand(whoamiCommand);
 program.addCommand(claudeLoginCommand);
@@ -4155,7 +4510,6 @@ program.addCommand(lsCommand);
 program.addCommand(getCommand);
 program.addCommand(imageCommand);
 program.addCommand(agentCommand);
-program.addCommand(fleetCommand);
 program.addCommand(acpCommand);
 program.addCommand(openCommand);
 program.addCommand(sshCommand);

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "aicomputer",
-  "version": "0.1.12",
-  "description": "Computer CLI - manage your Agent Computer fleet from the terminal",
+  "version": "0.1.14",
+  "description": "Computer CLI - manage your Agent Computer machines from the terminal",
   "homepage": "https://agentcomputer.ai",
   "repository": {
     "type": "git",