archondev 2.14.0 → 2.17.0

package/README.md

@@ -99,6 +99,8 @@ Copy governance files into any project. Works with your existing AI tools: **Cur
 | `archon cleanup run` | Execute cleanup tasks |
 | `archon cleanup auto [enable\|disable]` | Enable/disable auto cleanup on start |
 
+**Tip:** Use `archon plan --edit` to adjust title and acceptance criteria before planning.
+
 ## Pricing
 
 | Tier | Cost | What You Get |

package/dist/{auth-2E4VORGY.js → auth-KUFS3PBS.js}

@@ -2,10 +2,10 @@ import {
   login,
   logout,
   status
-} from "./chunk-JWY56A3X.js";
+} from "./chunk-FA2GAZ7L.js";
+import "./chunk-DUJOT5B6.js";
+import "./chunk-SUGIWSCB.js";
 import "./chunk-M4LGRTLC.js";
-import "./chunk-NLW75APJ.js";
-import "./chunk-SVU7MLG6.js";
 import "./chunk-QGM4M3NI.js";
 export {
   login,

package/dist/{bug-KUMC6HSR.js → bug-BJH4X5LI.js}

@@ -1,10 +1,11 @@
 import {
   bugReport
-} from "./chunk-3JURZUY7.js";
+} from "./chunk-2QIXLBAC.js";
 import "./chunk-ER4ADSWH.js";
 import "./chunk-NIKN37AY.js";
 import "./chunk-LXXTCZ2Q.js";
-import "./chunk-SVU7MLG6.js";
+import "./chunk-SUGIWSCB.js";
+import "./chunk-M4LGRTLC.js";
 import "./chunk-QGM4M3NI.js";
 export {
   bugReport

package/dist/{chunk-3JURZUY7.js → chunk-2QIXLBAC.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-ER4ADSWH.js";
 import {
   loadConfig
-} from "./chunk-SVU7MLG6.js";
+} from "./chunk-SUGIWSCB.js";
 
 // src/cli/bug.ts
 import chalk from "chalk";

package/dist/{chunk-P666JE3G.js → chunk-54ATBLYE.js}

@@ -13,7 +13,7 @@ function isInitialized(cwd) {
   if (existsSync(archMdPath)) {
     try {
       const content = readFileSync(archMdPath, "utf-8");
-      return content.startsWith("---") && content.includes("version:") && content.includes("qualityLevel:");
+      return content.startsWith("---") && content.includes("version:") && (content.includes("systemGoals:") || content.includes("components:") || content.includes("profile:"));
     } catch {
       return false;
     }

package/dist/{chunk-NLW75APJ.js → chunk-DUJOT5B6.js}

@@ -2,7 +2,7 @@ import {
   getApiUrl,
   loadConfig,
   saveConfig
-} from "./chunk-SVU7MLG6.js";
+} from "./chunk-SUGIWSCB.js";
 
 // src/cli/tier-selection.ts
 import chalk from "chalk";
@@ -43,9 +43,9 @@ async function offerReauthentication(reason) {
     return false;
   }
   console.log();
-  const { login } = await import("./auth-2E4VORGY.js");
+  const { login } = await import("./auth-KUFS3PBS.js");
   await login({ skipTierSelection: true });
-  const { loadConfig: reload } = await import("./config-BBQW726O.js");
+  const { loadConfig: reload } = await import("./config-USLUSE4N.js");
   const config = await reload();
   return !!(config && config.accessToken);
 }
@@ -207,7 +207,7 @@ async function promptForApiKey() {
       return;
   }
   if (provider) {
-    const { addKey } = await import("./keys-5Y7KQAHI.js");
+    const { addKey } = await import("./keys-VLK3EWSN.js");
     await addKey(provider, {});
     console.log();
     const addAnother = await promptYesNo("Would you like to add another API key?", false);
@@ -219,7 +219,7 @@ async function promptForApiKey() {
 async function createCheckoutSession(amountCents) {
   const spinner = ora("Preparing checkout...").start();
   try {
-    const { ensureValidSession, loadConfig: loadConfig2 } = await import("./config-BBQW726O.js");
+    const { ensureValidSession, loadConfig: loadConfig2 } = await import("./config-USLUSE4N.js");
     let config = await ensureValidSession();
     if (!config || !config.accessToken || !config.userId) {
       spinner.stop();
@@ -367,7 +367,7 @@ Switching to ${selectedName}...`));
 var showTierSwitchMenu = showUpgradeMenu;
 async function updateUserTier(tier, _alreadyRetried = false) {
   try {
-    const { ensureValidSession, loadConfig: reload } = await import("./config-BBQW726O.js");
+    const { ensureValidSession, loadConfig: reload } = await import("./config-USLUSE4N.js");
     let config = await ensureValidSession();
     if (!config || !config.accessToken) {
       if (_alreadyRetried) {
@@ -455,7 +455,7 @@ function promptYesNo(question, defaultValue) {
 }
 async function showKeyManagementMenu() {
   const { keyManager } = await import("./keys-SXJ6MKPY.js");
-  const { listKeys, addKey, removeKey } = await import("./keys-5Y7KQAHI.js");
+  const { listKeys, addKey, removeKey } = await import("./keys-VLK3EWSN.js");
   console.log();
   console.log(chalk.bold("API Key Management"));
   console.log(chalk.dim("\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501"));

package/dist/{chunk-DQE6E436.js → chunk-E7ZTIAQM.js}

@@ -1,7 +1,8 @@
 import {
   UsageRecorder,
-  loadAtom
-} from "./chunk-CJ3CFP52.js";
+  loadAtom,
+  loadRoleOverrides
+} from "./chunk-LHCXE6UL.js";
 import {
   ArchitectureParser
 } from "./chunk-5EVHUDQX.js";
@@ -12,14 +13,15 @@ import {
   AnthropicClient,
   getDefaultModel
 } from "./chunk-NIKN37AY.js";
+import {
+  createAuthedSupabaseClient,
+  getAuthToken,
+  loadConfig
+} from "./chunk-SUGIWSCB.js";
 import {
   SUPABASE_ANON_KEY,
   SUPABASE_URL
 } from "./chunk-M4LGRTLC.js";
-import {
-  getAuthToken,
-  loadConfig
-} from "./chunk-SVU7MLG6.js";
 import {
   __commonJS,
   __require,
@@ -2854,15 +2856,13 @@ import chalk3 from "chalk";
 import { existsSync as existsSync8 } from "fs";
 import { readFile as readFile7, writeFile as writeFile4 } from "fs/promises";
 import { join as join3 } from "path";
-import { execSync as execSync3 } from "child_process";
+import { spawnSync as spawnSync2 } from "child_process";
 import { createInterface } from "readline";
-import { createClient as createClient2 } from "@supabase/supabase-js";
 
 // src/cli/cloud.ts
 import chalk from "chalk";
-import { createClient } from "@supabase/supabase-js";
-function getClient() {
-  return createClient(SUPABASE_URL, SUPABASE_ANON_KEY);
+function getClient(accessToken) {
+  return createAuthedSupabaseClient(SUPABASE_URL, SUPABASE_ANON_KEY, accessToken);
 }
 async function cloudStatus() {
   const config = await loadConfig();
@@ -2871,7 +2871,7 @@ async function cloudStatus() {
     console.error(chalk.red('Not authenticated. Run "archon login" first.'));
     process.exit(1);
   }
-  const client = getClient();
+  const client = getClient(authToken);
   const { data, error } = await client.from("cloud_executions").select("*").order("created_at", { ascending: false }).limit(20);
   if (error) {
     console.error(chalk.red("Failed to fetch cloud executions:"), error.message);
@@ -2907,7 +2907,7 @@ async function cloudCancel(executionId) {
     console.error(chalk.red('Not authenticated. Run "archon login" first.'));
     process.exit(1);
   }
-  const client = getClient();
+  const client = getClient(authToken);
   const { data: existing, error: fetchError } = await client.from("cloud_executions").select("id, status").eq("id", executionId).single();
   if (fetchError || !existing) {
     console.error(chalk.red(`Execution ${executionId} not found.`));
@@ -2931,7 +2931,7 @@ async function cloudLogs(executionId) {
     console.error(chalk.red('Not authenticated. Run "archon login" first.'));
     process.exit(1);
   }
-  const client = getClient();
+  const client = getClient(authToken);
   const { data, error } = await client.from("cloud_executions").select("id, atom_id, status, logs").eq("id", executionId).single();
   if (error || !data) {
     console.error(chalk.red(`Execution ${executionId} not found.`));
@@ -2960,7 +2960,7 @@ async function queueCloudExecution(atomId, projectName, options) {
   if (!authToken) {
     throw new Error('Not authenticated. Run "archon login" first.');
   }
-  const client = getClient();
+  const client = getClient(authToken);
   const insertData = {
     atom_id: atomId,
     project_name: projectName,
@@ -4681,6 +4681,33 @@ var TrackedExecutorAgent = class {
   }
 };
 
+// src/core/git/rollback.ts
+import { spawnSync } from "child_process";
+function rollbackFiles(cwd, files) {
+  if (files.length === 0) return;
+  const tracked = [];
+  const untracked = [];
+  for (const file of files) {
+    const result = spawnSync("git", ["ls-files", "--error-unmatch", file], { cwd, stdio: "pipe" });
+    if (result.status === 0) {
+      tracked.push(file);
+    } else {
+      untracked.push(file);
+    }
+  }
+  if (tracked.length > 0) {
+    const checkout = spawnSync("git", ["checkout", "--", ...tracked], { cwd, stdio: "pipe" });
+    if (checkout.status !== 0) {
+      throw new Error(checkout.stderr?.toString() || "git checkout failed");
+    }
+  }
+  const cleanTargets = untracked.length > 0 ? untracked : files;
+  const clean = spawnSync("git", ["clean", "-f", "--", ...cleanTargets], { cwd, stdio: "pipe" });
+  if (clean.status !== 0) {
+    throw new Error(clean.stderr?.toString() || "git clean failed");
+  }
+}
+
 // src/core/environments/types.ts
 var DEFAULT_ENVIRONMENTS = {
   development: {
@@ -4895,9 +4922,9 @@ function createPrompt() {
 }
 async function execute(atomId, options) {
   if (options.parallel && options.parallel.length > 0) {
-    const { parallelExecute } = await import("./parallel-4NN4ONOH.js");
+    const { parallelExecute } = await import("./parallel-WHFKRBPR.js");
     const allAtomIds = [atomId, ...options.parallel];
-    await parallelExecute(allAtomIds);
+    await parallelExecute(allAtomIds, { skipGates: options.skipGates === true });
     return;
   }
   const prompt = createPrompt();
@@ -5042,14 +5069,16 @@ ${conflictReport.blockerCount} blocking conflict(s) found.`));
     console.log(chalk3.blue("\n\u{1F680} Executing plan..."));
     const config = await loadConfig();
     let billingContext;
-    if (config.userId) {
-      const supabase = createClient2(SUPABASE_URL, SUPABASE_ANON_KEY);
+    if (config.userId && config.accessToken) {
+      const supabase = createAuthedSupabaseClient(SUPABASE_URL, SUPABASE_ANON_KEY, config.accessToken);
       billingContext = {
         userId: config.userId,
         supabase
       };
     }
-    const executor = billingContext ? new TrackedExecutorAgent({ billing: billingContext }) : new ExecutorAgent();
+    const roleOverrides = await loadRoleOverrides(cwd);
+    const executorConfig = roleOverrides?.executor?.model ? { model: roleOverrides.executor.model } : void 0;
+    const executor = billingContext ? new TrackedExecutorAgent({ billing: billingContext, clientConfig: executorConfig }) : new ExecutorAgent(executorConfig);
     if (billingContext && executor instanceof TrackedExecutorAgent) {
       const balanceCheck = await executor.checkBalance();
       if (!balanceCheck.sufficient && balanceCheck.tier === "CREDITS") {
@@ -5106,10 +5135,11 @@ Running quality gates for ${targetEnvName}...`));
         console.log(chalk3.red("\n\u274C Quality gates failed"));
         console.log(chalk3.yellow("Rolling back changes..."));
         try {
-          execSync3("git checkout -- .", { cwd, stdio: "pipe" });
-          console.log(chalk3.yellow("Changes rolled back."));
-        } catch {
+          rollbackFiles(cwd, filesChanged);
+          console.log(chalk3.yellow("Changes rolled back (scoped to atom files)."));
+        } catch (error) {
           console.log(chalk3.red("Failed to rollback. Please manually revert changes."));
+          console.log(chalk3.dim(error instanceof Error ? error.message : "Unknown rollback error"));
         }
         transitionAtom(atom, "FAILED");
         atom.errorMessage = `Quality gate failed: ${gateResult.failedAt}`;
@@ -5132,8 +5162,14 @@ Running quality gates for ${targetEnvName}...`));
     console.log(chalk3.dim("\nCommitting changes..."));
     try {
       const commitMessage = `feat: [${atom.externalId}] - ${atom.title}`;
-      execSync3(`git add -A`, { cwd, stdio: "pipe" });
-      execSync3(`git commit -m "${commitMessage}"`, { cwd, stdio: "pipe" });
+      const addResult = spawnSync2("git", ["add", "-A"], { cwd, stdio: "pipe" });
+      if (addResult.status !== 0) {
+        throw new Error(addResult.stderr?.toString() || "git add failed");
+      }
+      const commitResult = spawnSync2("git", ["commit", "-m", commitMessage], { cwd, stdio: "pipe" });
+      if (commitResult.status !== 0) {
+        throw new Error(commitResult.stderr?.toString() || "git commit failed");
+      }
       console.log(chalk3.green(`\u2713 Committed: ${commitMessage}`));
     } catch (error) {
       console.log(chalk3.yellow("No changes to commit or git commit failed."));
@@ -5223,13 +5259,12 @@ async function watchCloudExecution(executionId) {
   const pollInterval = 5e3;
   let lastLogCount = 0;
   const poll = async () => {
-    const { loadConfig: loadConfig2, getAuthToken: getAuthToken2 } = await import("./config-BBQW726O.js");
-    const { createClient: createClient3 } = await import("@supabase/supabase-js");
+    const { loadConfig: loadConfig2, getAuthToken: getAuthToken2 } = await import("./config-USLUSE4N.js");
     const { SUPABASE_URL: SUPABASE_URL2, SUPABASE_ANON_KEY: SUPABASE_ANON_KEY2 } = await import("./constants-AHP5F7HW.js");
     const config = await loadConfig2();
     const authToken = getAuthToken2(config);
     if (!authToken) return true;
-    const client = createClient3(SUPABASE_URL2, SUPABASE_ANON_KEY2);
+    const client = createAuthedSupabaseClient(SUPABASE_URL2, SUPABASE_ANON_KEY2, authToken);
     const { data } = await client.from("cloud_executions").select("status, logs, error_message, result_branch, result_pr_url").eq("id", executionId).single();
     if (!data) return true;
     const logs = data.logs ?? [];

package/dist/{chunk-JWY56A3X.js → chunk-FA2GAZ7L.js}

@@ -1,20 +1,20 @@
-import {
-  SUPABASE_ANON_KEY,
-  SUPABASE_URL
-} from "./chunk-M4LGRTLC.js";
 import {
   handleTierSetup,
   promptTierSelection,
   updateUserTier
-} from "./chunk-NLW75APJ.js";
+} from "./chunk-DUJOT5B6.js";
 import {
   clearConfig,
+  createPkceSupabaseClient,
   loadConfig,
   saveConfig
-} from "./chunk-SVU7MLG6.js";
+} from "./chunk-SUGIWSCB.js";
+import {
+  SUPABASE_ANON_KEY,
+  SUPABASE_URL
+} from "./chunk-M4LGRTLC.js";
 
 // src/cli/auth.ts
-import { createClient } from "@supabase/supabase-js";
 import { createServer } from "http";
 import { URL } from "url";
 import readline from "readline";
@@ -24,11 +24,7 @@ import ora from "ora";
 var CALLBACK_PORT = 54321;
 var CALLBACK_URL = `http://localhost:${CALLBACK_PORT}/callback`;
 function getAuthClient() {
-  return createClient(SUPABASE_URL, SUPABASE_ANON_KEY, {
-    auth: {
-      flowType: "pkce"
-    }
-  });
+  return createPkceSupabaseClient(SUPABASE_URL, SUPABASE_ANON_KEY);
 }
 async function login(providerOrOptions = "github") {
   const options = typeof providerOrOptions === "string" ? { provider: providerOrOptions } : providerOrOptions;

package/dist/{chunk-P4KDRIFM.js → chunk-HTJOCKVV.js}

@@ -14,12 +14,12 @@ import {
 } from "./chunk-RDG5BUED.js";
 import {
   login
-} from "./chunk-JWY56A3X.js";
+} from "./chunk-FA2GAZ7L.js";
 import {
   getApiUrl,
   getAuthToken,
   loadConfig
-} from "./chunk-SVU7MLG6.js";
+} from "./chunk-SUGIWSCB.js";
 
 // src/cli/preferences.ts
 import chalk from "chalk";
@@ -1071,7 +1071,7 @@ async function manageApiKeys() {
     if (removeIndex >= 0 && removeIndex < providers.length) {
       const providerToRemove = providers[removeIndex];
       if (providerToRemove) {
-        const { removeKey } = await import("./keys-5Y7KQAHI.js");
+        const { removeKey } = await import("./keys-VLK3EWSN.js");
         await removeKey(providerToRemove);
       }
     }
@@ -1079,7 +1079,7 @@ async function manageApiKeys() {
   }
   const provider = providerMap[choice];
   if (provider) {
-    const { addKey } = await import("./keys-5Y7KQAHI.js");
+    const { addKey } = await import("./keys-VLK3EWSN.js");
     await addKey(provider);
   }
 }

package/dist/{chunk-CJ3CFP52.js → chunk-LHCXE6UL.js}

@@ -13,22 +13,22 @@ import {
 import {
   KeyManager
 } from "./chunk-RDG5BUED.js";
+import {
+  createAuthedSupabaseClient,
+  isAuthenticated,
+  loadConfig
+} from "./chunk-SUGIWSCB.js";
 import {
   SUPABASE_ANON_KEY,
   SUPABASE_URL
 } from "./chunk-M4LGRTLC.js";
-import {
-  isAuthenticated,
-  loadConfig
-} from "./chunk-SVU7MLG6.js";
 
 // src/cli/plan.ts
 import chalk from "chalk";
-import { existsSync } from "fs";
-import { readFile, writeFile, mkdir } from "fs/promises";
-import { join } from "path";
+import { existsSync as existsSync2 } from "fs";
+import { readFile as readFile2, writeFile, mkdir } from "fs/promises";
+import { join as join2 } from "path";
 import { createInterface } from "readline";
-import { createClient } from "@supabase/supabase-js";
 
 // src/agents/sentinel.ts
 var SYSTEM_PROMPT = `You are the Sentinel, a paranoid and skeptical code reviewer responsible for finding issues in implementation plans.
@@ -732,6 +732,31 @@ var TrackedAdversarialPlanner = class {
   }
 };
 
+// src/core/config/roles.ts
+import { existsSync } from "fs";
+import { readFile } from "fs/promises";
+import { join } from "path";
+import yaml from "yaml";
+async function loadRoleOverrides(cwd = process.cwd()) {
+  const candidates = [
+    join(cwd, ".archon", "config.yaml"),
+    join(cwd, "archon.config.yaml")
+  ];
+  for (const path of candidates) {
+    if (!existsSync(path)) continue;
+    try {
+      const content = await readFile(path, "utf-8");
+      const parsed = yaml.parse(content);
+      if (parsed?.roles) {
+        return parsed.roles;
+      }
+    } catch {
+      continue;
+    }
+  }
+  return null;
+}
+
 // src/cli/plan.ts
 var ATOMS_DIR = ".archon/atoms";
 function createPrompt() {
@@ -753,8 +778,8 @@ async function plan(description, options) {
       console.log(chalk.yellow('Not authenticated. Run "archon login" first.'));
       console.log(chalk.dim("For local development, you can continue without authentication."));
     }
-    const archPath = join(process.cwd(), "ARCHITECTURE.md");
-    if (!existsSync(archPath)) {
+    const archPath = join2(process.cwd(), "ARCHITECTURE.md");
+    if (!existsSync2(archPath)) {
       console.error(chalk.red('ARCHITECTURE.md not found. Run "archon init" first.'));
       process.exit(1);
     }
@@ -779,6 +804,26 @@ async function plan(description, options) {
       }
       process.exit(1);
     }
+    if (options.edit) {
+      console.log(chalk.dim("\nEdit mode: update title and acceptance criteria (press Enter to keep current)."));
+      const newTitle = await prompt.ask(`Title [${atom.title}]: `);
+      if (newTitle.trim()) {
+        atom.title = newTitle.trim();
+      }
+      const acCurrent = atom.acceptanceCriteria.join(", ");
+      const newAc = await prompt.ask(`Acceptance criteria (comma-separated) [${acCurrent}]: `);
+      if (newAc.trim()) {
+        atom.acceptanceCriteria = newAc.split(",").map((ac) => ac.trim()).filter(Boolean);
+      }
+      const revalidation = validateAtom(atom);
+      if (!revalidation.valid) {
+        console.error(chalk.red("Invalid atom after edits:"));
+        for (const error of revalidation.errors) {
+          console.error(chalk.red(`  - ${error.field}: ${error.message}`));
+        }
+        process.exit(1);
+      }
+    }
     console.log(chalk.blue(`
 Atom created: ${atom.externalId}`));
     console.log(chalk.dim(`Title: ${atom.title}`));
@@ -804,14 +849,17 @@ Atom saved: ${atom.externalId}`));
     console.log(chalk.dim("Architect will generate a plan, Sentinel will validate it.\n"));
     const config = await loadConfig();
     let billingContext;
-    if (config.userId) {
-      const supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY);
+    if (config.userId && config.accessToken) {
+      const supabase = createAuthedSupabaseClient(SUPABASE_URL, SUPABASE_ANON_KEY, config.accessToken);
       billingContext = {
         userId: config.userId,
         supabase
       };
     }
-    const planner = billingContext ? new TrackedAdversarialPlanner({ apiKey, billing: billingContext }) : new AdversarialPlanner({ apiKey });
+    const roleOverrides = await loadRoleOverrides(process.cwd());
+    const architectConfig = roleOverrides?.architect?.model ? { model: roleOverrides.architect.model } : void 0;
+    const sentinelConfig = roleOverrides?.sentinel?.model ? { model: roleOverrides.sentinel.model } : void 0;
+    const planner = billingContext ? new TrackedAdversarialPlanner({ apiKey, billing: billingContext, architectConfig, sentinelConfig }) : new AdversarialPlanner({ apiKey, architectConfig, sentinelConfig });
     if (billingContext && planner instanceof TrackedAdversarialPlanner) {
       const balanceCheck = await planner.checkBalance();
       if (!balanceCheck.sufficient && balanceCheck.tier === "CREDITS") {
@@ -925,24 +973,24 @@ function displayPlan(plan2) {
   console.log(chalk.bold("\nComplexity:"), plan2.estimated_complexity);
 }
 async function saveAtom(atom) {
-  const atomsDir = join(process.cwd(), ATOMS_DIR);
-  if (!existsSync(atomsDir)) {
+  const atomsDir = join2(process.cwd(), ATOMS_DIR);
+  if (!existsSync2(atomsDir)) {
     await mkdir(atomsDir, { recursive: true });
   }
-  const atomFile = join(atomsDir, `${atom.externalId}.json`);
+  const atomFile = join2(atomsDir, `${atom.externalId}.json`);
   await writeFile(atomFile, JSON.stringify(atom, null, 2));
 }
 async function loadAtom(atomId) {
-  const atomFile = join(process.cwd(), ATOMS_DIR, `${atomId}.json`);
-  if (!existsSync(atomFile)) {
+  const atomFile = join2(process.cwd(), ATOMS_DIR, `${atomId}.json`);
+  if (!existsSync2(atomFile)) {
     return null;
   }
-  const content = await readFile(atomFile, "utf-8");
+  const content = await readFile2(atomFile, "utf-8");
   return JSON.parse(content);
 }
 async function listLocalAtoms() {
-  const atomsDir = join(process.cwd(), ATOMS_DIR);
-  if (!existsSync(atomsDir)) {
+  const atomsDir = join2(process.cwd(), ATOMS_DIR);
+  if (!existsSync2(atomsDir)) {
     return [];
   }
   const { readdir } = await import("fs/promises");
@@ -961,7 +1009,9 @@ async function listLocalAtoms() {
 
 export {
   UsageRecorder,
+  loadRoleOverrides,
   plan,
+  parseAtomDescription,
   loadAtom,
   listLocalAtoms
 };

package/dist/{chunk-35AOCHTE.js → chunk-LPSS2U5V.js}

@@ -1,7 +1,7 @@
 import {
   listLocalAtoms,
   loadAtom
-} from "./chunk-CJ3CFP52.js";
+} from "./chunk-LHCXE6UL.js";
 
 // src/cli/parallel.ts
 import chalk from "chalk";
@@ -359,7 +359,7 @@ async function saveParallelState(cwd, state) {
   const statePath = join2(cwd, PARALLEL_STATE_FILE);
   await writeFile(statePath, JSON.stringify(state, null, 2));
 }
-async function parallelExecute(atomIds) {
+async function parallelExecute(atomIds, options = {}) {
   const cwd = process.cwd();
   const manager = new WorktreeManager(cwd);
   console.log(chalk.blue(`
@@ -397,7 +397,11 @@ async function parallelExecute(atomIds) {
     execution.startedAt = (/* @__PURE__ */ new Date()).toISOString();
     await saveParallelState(cwd, state);
     return new Promise((resolve) => {
-      const child = spawn("npx", ["archon", "execute", execution.atomId, "--skip-gates"], {
+      const args = [process.argv[1] ?? "archon", "execute", execution.atomId];
+      if (options.skipGates) {
+        args.push("--skip-gates");
+      }
+      const child = spawn(process.execPath, args, {
         cwd: execution.worktreePath,
         stdio: "pipe"
       });

package/dist/{chunk-SVU7MLG6.js → chunk-SUGIWSCB.js}

@@ -1,13 +1,32 @@
+import {
+  SUPABASE_ANON_KEY,
+  SUPABASE_URL
+} from "./chunk-M4LGRTLC.js";
+
 // src/cli/config.ts
 import { homedir } from "os";
 import { join } from "path";
 import { readFile, writeFile, mkdir, chmod, unlink } from "fs/promises";
 import { existsSync } from "fs";
+
+// src/core/supabase/client.ts
 import { createClient } from "@supabase/supabase-js";
+function createPkceSupabaseClient(supabaseUrl, supabaseAnonKey) {
+  return createClient(supabaseUrl, supabaseAnonKey, {
+    auth: {
+      flowType: "pkce"
+    }
+  });
+}
+function createAuthedSupabaseClient(supabaseUrl, supabaseAnonKey, accessToken) {
+  return createClient(supabaseUrl, supabaseAnonKey, {
+    global: { headers: { Authorization: `Bearer ${accessToken}` } }
+  });
+}
+
+// src/cli/config.ts
 var CONFIG_DIR = join(homedir(), ".archon");
 var CONFIG_FILE = join(CONFIG_DIR, "config.json");
-var SUPABASE_URL = "https://yjdkcepktrbabmzhcmrt.supabase.co";
-var SUPABASE_ANON_KEY = "sb_publishable_XSGLVPfLZx-HA2uL6xsGCQ_KjAx2TIa";
 function getAuthToken(config) {
   return config.accessToken;
 }
@@ -72,9 +91,7 @@ async function refreshSession(config) {
     return false;
   }
   try {
-    const supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY, {
-      auth: { flowType: "pkce" }
-    });
+    const supabase = createPkceSupabaseClient(SUPABASE_URL, SUPABASE_ANON_KEY);
     const { data, error } = await supabase.auth.refreshSession({
       refresh_token: config.refreshToken
     });
@@ -112,6 +129,8 @@ async function getCurrentUser() {
 }
 
 export {
+  createPkceSupabaseClient,
+  createAuthedSupabaseClient,
   getAuthToken,
   getApiUrl,
   loadConfig,

package/dist/{chunk-KMVMRFQ5.js → chunk-TRLP7RMZ.js}

@@ -7,7 +7,7 @@ import {
 import {
   loadConfig,
   saveConfig
-} from "./chunk-SVU7MLG6.js";
+} from "./chunk-SUGIWSCB.js";
 
 // src/cli/keys.ts
 import chalk from "chalk";
@@ -24,10 +24,20 @@ async function promptForKey(provider) {
   });
   return new Promise((resolve) => {
     const providerName = provider.charAt(0).toUpperCase() + provider.slice(1);
+    const rlAny = rl;
+    const originalWrite = rlAny._writeToOutput?.bind(rlAny);
+    rlAny._writeToOutput = (stringToWrite) => {
+      if (rlAny.stdoutMuted) {
+        rl.output.write("*");
+        return;
+      }
+      originalWrite?.(stringToWrite);
+    };
     rl.question(`Enter your ${providerName} API key: `, (answer) => {
       rl.close();
       resolve(answer.trim());
     });
+    rlAny.stdoutMuted = true;
   });
 }
 async function addKey(provider, options = {}) {