arisa 2.0.0 → 2.0.1

package/README.md

@@ -13,15 +13,41 @@ Arisa can execute actions with operational control over the system where it runs
 ## Commands
 
 Requires [Bun](https://bun.sh).
+For Bun global installs, use your user environment (do not use `sudo`).
+If needed, configure Bun's user-local install directory:
+
+```bash
+export BUN_INSTALL="$HOME/.bun"
+export PATH="$BUN_INSTALL/bin:$PATH"
+```
+
+```bash
+bun install -g arisa     # Global install from package registry (recommended)
+npm install -g arisa     # Alternative global install via npm (may require sudo)
+```
+
+```bash
+arisa start              # Start as service (enables autostart with systemd --user)
+arisa stop               # Stop service
+arisa status             # Service status
+arisa restart            # Restart service
+arisa daemon             # Foreground daemon mode (manual/dev)
+arisa core               # Foreground core-only mode
+arisa dev                # Foreground core watch mode
+```
 
 ```bash
 bun install              # Install dependencies
 bun run daemon           # Start everything (Daemon spawns Core with --watch)
 bun run dev              # Start Core only with hot-reload (for development)
-bun install -g arisa     # Global install from package registry
 npm install -g .         # Global install via Node/npm
 bun add -g .             # Global install via Bun
-arisa                    # Start daemon from global install
+```
+
+On Linux with `systemd --user`, `arisa start` enables auto-start on reboot. To keep it running even without an active login session:
+
+```bash
+sudo loginctl enable-linger "$USER"
 ```
 
 ## Architecture: Daemon + Core

package/bin/arisa.js

@@ -1,10 +1,31 @@
 #!/usr/bin/env node
 
-const { spawnSync } = require("node:child_process");
-const { readFileSync } = require("node:fs");
+const { spawn, spawnSync } = require("node:child_process");
+const {
+  closeSync,
+  existsSync,
+  mkdirSync,
+  openSync,
+  readFileSync,
+  unlinkSync,
+  writeFileSync,
+} = require("node:fs");
+const { homedir, platform } = require("node:os");
 const { join, resolve } = require("node:path");
 
 const pkgRoot = resolve(__dirname, "..");
+const daemonEntry = join(pkgRoot, "src", "daemon", "index.ts");
+const coreEntry = join(pkgRoot, "src", "core", "index.ts");
+const homeDir = homedir();
+const arisaDir = join(homeDir, ".arisa");
+const runDir = join(arisaDir, "run");
+const logsDir = join(arisaDir, "logs");
+const pidFile = join(runDir, "arisa.pid");
+const fallbackLogFile = join(logsDir, "service.log");
+const systemdServiceName = "arisa.service";
+const systemdUserDir = join(homeDir, ".config", "systemd", "user");
+const systemdUserUnitPath = join(systemdUserDir, systemdServiceName);
+
 const args = process.argv.slice(2);
 const command = (args[0] || "start").toLowerCase();
 const rest = args.slice(1);
@@ -14,9 +35,15 @@ function printHelp() {
     `Arisa CLI
 
 Usage:
-  arisa                 Start daemon (default)
-  arisa start           Start daemon
-  arisa daemon          Start daemon
+  arisa                 Start service (default)
+  arisa start           Start service and enable restart-on-boot
+  arisa stop            Stop service
+  arisa status          Show service status
+  arisa restart         Restart service
+  arisa daemon          Start daemon in foreground
+  arisa run             Start daemon in foreground
+  arisa start --foreground
+                        Start daemon in foreground (legacy behavior)
   arisa core            Start core only
   arisa dev             Start core in watch mode
   arisa version         Print version
@@ -31,6 +58,344 @@ function printVersion() {
   process.stdout.write(`${pkg.version}\n`);
 }
 
+function commandExists(binary) {
+  const probe = spawnSync("sh", ["-lc", `command -v ${binary} >/dev/null 2>&1`], {
+    stdio: "ignore",
+  });
+  return probe.status === 0;
+}
+
+function runCommand(executable, commandArgs, options = {}) {
+  return spawnSync(executable, commandArgs, {
+    encoding: "utf8",
+    ...options,
+  });
+}
+
+function resolveBunExecutable() {
+  if (process.env.BUN_BIN && process.env.BUN_BIN.trim()) {
+    return process.env.BUN_BIN.trim();
+  }
+
+  const bunInstall = process.env.BUN_INSTALL || join(homeDir, ".bun");
+  const bunFromInstall = join(bunInstall, "bin", "bun");
+  if (existsSync(bunFromInstall)) {
+    return bunFromInstall;
+  }
+
+  return "bun";
+}
+
+function runWithBun(bunArgs, options = {}) {
+  const bunExecutable = resolveBunExecutable();
+  const child = runCommand(bunExecutable, bunArgs, {
+    stdio: "inherit",
+    cwd: process.cwd(),
+    env: {
+      ...process.env,
+      ARISA_PROJECT_DIR: process.env.ARISA_PROJECT_DIR || pkgRoot,
+    },
+    shell: process.platform === "win32",
+    ...options,
+  });
+
+  if (child.error) {
+    if (child.error.code === "ENOENT") {
+      process.stderr.write(
+        "Arisa requires Bun to run. Install it from https://bun.sh/ and retry.\n"
+      );
+      process.exit(1);
+    }
+    process.stderr.write(`${String(child.error)}\n`);
+    process.exit(1);
+  }
+
+  return child;
+}
+
+function ensureRuntimeDirs() {
+  mkdirSync(runDir, { recursive: true });
+  mkdirSync(logsDir, { recursive: true });
+}
+
+function readPid() {
+  if (!existsSync(pidFile)) return null;
+
+  try {
+    const raw = readFileSync(pidFile, "utf8").trim();
+    const parsed = Number.parseInt(raw, 10);
+    return Number.isFinite(parsed) && parsed > 0 ? parsed : null;
+  } catch {
+    return null;
+  }
+}
+
+function isPidRunning(pid) {
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch (error) {
+    return error && error.code === "EPERM";
+  }
+}
+
+function removePidFile() {
+  if (!existsSync(pidFile)) return;
+  try {
+    unlinkSync(pidFile);
+  } catch {
+    // Best effort cleanup.
+  }
+}
+
+function cleanupStalePidFile() {
+  const pid = readPid();
+  if (!pid) {
+    removePidFile();
+    return null;
+  }
+
+  if (!isPidRunning(pid)) {
+    removePidFile();
+    return null;
+  }
+
+  return pid;
+}
+
+function startDetachedFallback() {
+  ensureRuntimeDirs();
+  const runningPid = cleanupStalePidFile();
+  if (runningPid) {
+    process.stdout.write(
+      `Arisa is already running in fallback mode (PID ${runningPid}).\n`
+    );
+    return 0;
+  }
+
+  const bunExecutable = resolveBunExecutable();
+  const logFd = openSync(fallbackLogFile, "a");
+  const child = spawn(bunExecutable, [daemonEntry], {
+    detached: true,
+    stdio: ["ignore", logFd, logFd],
+    cwd: pkgRoot,
+    env: {
+      ...process.env,
+      ARISA_PROJECT_DIR: process.env.ARISA_PROJECT_DIR || pkgRoot,
+    },
+    shell: process.platform === "win32",
+  });
+
+  closeSync(logFd);
+  if (!child.pid) {
+    process.stderr.write(
+      "Failed to start Arisa in fallback mode. Ensure Bun is installed and in PATH.\n"
+    );
+    return 1;
+  }
+
+  child.unref();
+
+  writeFileSync(pidFile, `${child.pid}\n`, "utf8");
+  process.stdout.write(
+    `Arisa started in fallback mode (PID ${child.pid}). Logs: ${fallbackLogFile}\n`
+  );
+  process.stdout.write(
+    "Autostart on reboot requires systemd user services.\n"
+  );
+  return 0;
+}
+
+function stopDetachedFallback() {
+  const runningPid = cleanupStalePidFile();
+  if (!runningPid) {
+    process.stdout.write("Arisa is not running (fallback mode).\n");
+    return 0;
+  }
+
+  try {
+    process.kill(runningPid, "SIGTERM");
+    removePidFile();
+    process.stdout.write(`Sent SIGTERM to Arisa (PID ${runningPid}).\n`);
+    return 0;
+  } catch (error) {
+    process.stderr.write(
+      `Failed to stop Arisa PID ${runningPid}: ${error.message}\n`
+    );
+    return 1;
+  }
+}
+
+function statusDetachedFallback() {
+  const runningPid = cleanupStalePidFile();
+  if (!runningPid) {
+    process.stdout.write("Arisa is not running (fallback mode).\n");
+    return 1;
+  }
+
+  process.stdout.write(`Arisa is running in fallback mode (PID ${runningPid}).\n`);
+  process.stdout.write(`Logs: ${fallbackLogFile}\n`);
+  return 0;
+}
+
+function canUseSystemdUser() {
+  if (platform() !== "linux") return false;
+  if (!commandExists("systemctl")) return false;
+
+  const probe = runCommand("systemctl", ["--user", "show-environment"], {
+    stdio: "pipe",
+  });
+
+  return probe.status === 0;
+}
+
+function writeSystemdUserUnit() {
+  mkdirSync(systemdUserDir, { recursive: true });
+
+  const bunInstall = process.env.BUN_INSTALL || join(homeDir, ".bun");
+  const pathValue = process.env.PATH || `${join(bunInstall, "bin")}:/usr/local/bin:/usr/bin:/bin`;
+  const bunExecutable = resolveBunExecutable();
+
+  const unit = `[Unit]
+Description=Arisa Daemon Service
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+WorkingDirectory=${pkgRoot}
+ExecStart=${bunExecutable} ${daemonEntry}
+Restart=always
+RestartSec=3
+Environment=ARISA_PROJECT_DIR=${pkgRoot}
+Environment=BUN_INSTALL=${bunInstall}
+Environment=PATH=${pathValue}
+
+[Install]
+WantedBy=default.target
+`;
+
+  writeFileSync(systemdUserUnitPath, unit, "utf8");
+}
+
+function runSystemd(commandArgs) {
+  const child = runCommand("systemctl", ["--user", ...commandArgs], {
+    stdio: "pipe",
+  });
+
+  if (child.status !== 0) {
+    const stderr = child.stderr || "Unknown systemd error";
+    process.stderr.write(stderr.endsWith("\n") ? stderr : `${stderr}\n`);
+    return { ok: false, status: child.status ?? 1 };
+  }
+
+  return { ok: true, status: 0, stdout: child.stdout || "" };
+}
+
+function startSystemdService() {
+  writeSystemdUserUnit();
+
+  const reload = runSystemd(["daemon-reload"]);
+  if (!reload.ok) return reload.status;
+
+  const start = runSystemd(["enable", "--now", systemdServiceName]);
+  if (!start.ok) return start.status;
+
+  process.stdout.write(
+    "Arisa service started and enabled (systemd --user).\n"
+  );
+  process.stdout.write(
+    "To keep it running after reboot without login, run: sudo loginctl enable-linger $USER\n"
+  );
+  return 0;
+}
+
+function stopSystemdService() {
+  const stop = runSystemd(["stop", systemdServiceName]);
+  if (!stop.ok) return stop.status;
+
+  process.stdout.write("Arisa service stopped (systemd --user).\n");
+  return 0;
+}
+
+function restartSystemdService() {
+  const restart = runSystemd(["restart", systemdServiceName]);
+  if (!restart.ok) return restart.status;
+
+  process.stdout.write("Arisa service restarted (systemd --user).\n");
+  return 0;
+}
+
+function statusSystemdService() {
+  const activeResult = runCommand(
+    "systemctl",
+    ["--user", "is-active", systemdServiceName],
+    { stdio: "pipe" }
+  );
+  const enabledResult = runCommand(
+    "systemctl",
+    ["--user", "is-enabled", systemdServiceName],
+    { stdio: "pipe" }
+  );
+
+  const active = activeResult.status === 0;
+  const enabled = enabledResult.status === 0;
+
+  if (active) {
+    process.stdout.write("Arisa service status: active (systemd --user).\n");
+  } else {
+    process.stdout.write("Arisa service status: inactive (systemd --user).\n");
+  }
+
+  if (enabled) {
+    process.stdout.write("Autostart: enabled\n");
+    return active ? 0 : 1;
+  }
+
+  process.stdout.write("Autostart: disabled\n");
+  return active ? 0 : 1;
+}
+
+function restartDetachedFallback() {
+  const stopCode = stopDetachedFallback();
+  if (stopCode !== 0) return stopCode;
+  return startDetachedFallback();
+}
+
+function startService() {
+  if (rest.includes("--foreground")) {
+    const foregroundArgs = rest.filter((arg) => arg !== "--foreground");
+    const child = runWithBun([daemonEntry, ...foregroundArgs]);
+    return child.status === null ? 1 : child.status;
+  }
+
+  if (canUseSystemdUser()) {
+    return startSystemdService();
+  }
+  return startDetachedFallback();
+}
+
+function stopService() {
+  if (canUseSystemdUser()) {
+    return stopSystemdService();
+  }
+  return stopDetachedFallback();
+}
+
+function statusService() {
+  if (canUseSystemdUser()) {
+    return statusSystemdService();
+  }
+  return statusDetachedFallback();
+}
+
+function restartService() {
+  if (canUseSystemdUser()) {
+    return restartSystemdService();
+  }
+  return restartDetachedFallback();
+}
+
 if (command === "help" || command === "--help" || command === "-h") {
   printHelp();
   process.exit(0);
@@ -41,45 +406,36 @@ if (command === "version" || command === "--version" || command === "-v") {
   process.exit(0);
 }
 
-const env = {
-  ...process.env,
-};
-
-let bunArgs;
 switch (command) {
   case "start":
-  case "daemon":
-    bunArgs = [join(pkgRoot, "src", "daemon", "index.ts"), ...rest];
+    process.exit(startService());
     break;
-  case "core":
-    bunArgs = [join(pkgRoot, "src", "core", "index.ts"), ...rest];
+  case "stop":
+    process.exit(stopService());
     break;
-  case "dev":
-    bunArgs = ["--watch", join(pkgRoot, "src", "core", "index.ts"), ...rest];
+  case "status":
+    process.exit(statusService());
+    break;
+  case "restart":
+    process.exit(restartService());
     break;
+  case "daemon":
+  case "run": {
+    const child = runWithBun([daemonEntry, ...rest]);
+    process.exit(child.status === null ? 1 : child.status);
+  }
+  case "core":
+    {
+      const child = runWithBun([coreEntry, ...rest]);
+      process.exit(child.status === null ? 1 : child.status);
+    }
+  case "dev":
+    {
+      const child = runWithBun(["--watch", coreEntry, ...rest]);
+      process.exit(child.status === null ? 1 : child.status);
+    }
   default:
     process.stderr.write(`Unknown command: ${command}\n\n`);
     printHelp();
     process.exit(1);
 }
-
-const bunExecutable = process.env.BUN_BIN || "bun";
-const child = spawnSync(bunExecutable, bunArgs, {
-  stdio: "inherit",
-  cwd: process.cwd(),
-  env,
-  shell: process.platform === "win32",
-});
-
-if (child.error) {
-  if (child.error.code === "ENOENT") {
-    process.stderr.write(
-      "Arisa requires Bun to run. Install it from https://bun.sh/ and retry.\n"
-    );
-    process.exit(1);
-  }
-  process.stderr.write(`${String(child.error)}\n`);
-  process.exit(1);
-}
-
-process.exit(child.status === null ? 1 : child.status);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "arisa",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "description": "Arisa - dynamic agent runtime with daemon/core architecture that evolves through user interaction",
   "preferGlobal": true,
   "bin": {

package/src/core/index.ts

@@ -18,7 +18,12 @@ await config.secrets.initialize();
 import { createLogger } from "../shared/logger";
 import { serveWithRetry, claimProcess } from "../shared/ports";
 import type { IncomingMessage, CoreResponse, ScheduledTask } from "../shared/types";
-import { processWithClaude, processWithCodex, isClaudeRateLimitResponse } from "./processor";
+import {
+  processWithClaude,
+  processWithCodex,
+  isClaudeRateLimitResponse,
+  isCodexAuthRequiredResponse,
+} from "./processor";
 import { transcribeAudio, describeImage, generateSpeech, isMediaConfigured, isSpeechConfigured } from "./media";
 import { detectFiles } from "./file-detector";
 
@@ -363,12 +368,16 @@ ${messageText}`;
             if (isClaudeRateLimitResponse(agentResponse) && canFallback) {
               log.warn("Claude credits exhausted, falling back to Codex");
               const codexResponse = await processWithCodex(enrichedMessage);
-              agentResponse = `Claude is out of credits right now, so I switched this reply to Codex.\n---CHUNK---\n${codexResponse}`;
-              historyResponse = codexResponse;
-              usedBackend = "codex";
-              // Persist the switch so subsequent messages don't keep re-injecting
-              // cross-backend context while Claude has no credits.
-              backendState.set(msg.chatId, "codex");
+              if (isCodexAuthRequiredResponse(codexResponse)) {
+                agentResponse = `${agentResponse}\n---CHUNK---\n${codexResponse}`;
+              } else {
+                agentResponse = `Claude is out of credits right now, so I switched this reply to Codex.\n---CHUNK---\n${codexResponse}`;
+                historyResponse = codexResponse;
+                usedBackend = "codex";
+                // Persist the switch so subsequent messages don't keep re-injecting
+                // cross-backend context while Claude has no credits.
+                backendState.set(msg.chatId, "codex");
+              }
             }
           } catch (error) {
             const errMsg = error instanceof Error ? error.message : String(error);

package/src/core/processor.ts

@@ -23,6 +23,12 @@ const log = createLogger("core");
 const ACTIVITY_LOG = join(config.logsDir, "activity.log");
 const PROMPT_PREVIEW_MAX = 220;
 export const CLAUDE_RATE_LIMIT_MESSAGE = "Claude is out of credits right now. Please try again in a few minutes.";
+export const CODEX_AUTH_REQUIRED_MESSAGE = [
+  "Codex is not authenticated on this server.",
+  "Check the server terminal and run:",
+  "<code>codex login --device-auth</code>",
+  "Then try again.",
+].join("\n");
 
 function logActivity(backend: string, model: string | null, durationMs: number, status: string) {
   try {
@@ -230,8 +236,12 @@ export async function processWithCodex(message: string): Promise<string> {
   const duration = Date.now() - start;
 
   if (exitCode !== 0) {
+    const combined = `${stdout}\n${stderr}`;
     log.error(`Codex exited with code ${exitCode}: ${stderr.substring(0, 200)}`);
     logActivity("codex", null, duration, `error:${exitCode}`);
+    if (isCodexAuthError(combined)) {
+      return CODEX_AUTH_REQUIRED_MESSAGE;
+    }
     return "Error processing with Codex. Please try again.";
   }
 
@@ -256,6 +266,10 @@ export function isClaudeRateLimitResponse(text: string): boolean {
   return text.trim() === CLAUDE_RATE_LIMIT_MESSAGE;
 }
 
+export function isCodexAuthRequiredResponse(text: string): boolean {
+  return text.trim() === CODEX_AUTH_REQUIRED_MESSAGE;
+}
+
 function summarizeError(raw: string): string {
   const clean = raw.replace(/\s+/g, " ").trim();
   if (!clean) return "process ended without details.";
@@ -266,3 +280,11 @@ function summarizeError(raw: string): string {
 function isRateLimit(output: string): boolean {
   return /you'?ve hit your limit|rate limit|quota|credits.*(exceeded|exhausted)/i.test(output);
 }
+
+function isCodexAuthError(output: string): boolean {
+  return (
+    /missing bearer authentication in header/i.test(output)
+    || (/401\s+Unauthorized/i.test(output) && /bearer/i.test(output))
+    || (/failed to refresh available models/i.test(output) && /unauthorized/i.test(output))
+  );
+}

package/src/daemon/codex-login.ts

@@ -0,0 +1,75 @@
+/**
+ * @module daemon/codex-login
+ * @role Trigger Codex device auth flow from Daemon when auth errors are detected.
+ * @responsibilities
+ *   - Detect codex auth-required signals in Core responses
+ *   - Run `codex login --device-auth` in background from daemon process
+ *   - Avoid duplicate runs with in-progress lock + cooldown
+ * @effects Spawns codex CLI process, writes to daemon logs/terminal
+ */
+
+import { config } from "../shared/config";
+import { createLogger } from "../shared/logger";
+
+const log = createLogger("daemon");
+
+const AUTH_HINT_PATTERNS = [
+  /codex login --device-auth/i,
+  /codex is not authenticated on this server/i,
+  /missing bearer authentication in header/i,
+];
+
+const RETRY_COOLDOWN_MS = 30_000;
+
+let loginInProgress = false;
+let lastLoginAttemptAt = 0;
+
+function needsCodexLogin(text: string): boolean {
+  return AUTH_HINT_PATTERNS.some((pattern) => pattern.test(text));
+}
+
+export function maybeStartCodexDeviceAuth(rawCoreText: string): void {
+  if (!rawCoreText || !needsCodexLogin(rawCoreText)) return;
+
+  if (loginInProgress) {
+    log.info("Codex device auth already in progress; skipping duplicate trigger");
+    return;
+  }
+
+  const now = Date.now();
+  if (now - lastLoginAttemptAt < RETRY_COOLDOWN_MS) {
+    log.info("Codex device auth trigger ignored (cooldown active)");
+    return;
+  }
+
+  lastLoginAttemptAt = now;
+  loginInProgress = true;
+  void runCodexDeviceAuth().finally(() => {
+    loginInProgress = false;
+  });
+}
+
+async function runCodexDeviceAuth(): Promise<void> {
+  log.warn("Codex auth error detected. Running: codex login --device-auth");
+
+  let proc: ReturnType<typeof Bun.spawn>;
+  try {
+    proc = Bun.spawn(["codex", "login", "--device-auth"], {
+      cwd: config.projectDir,
+      stdin: "inherit",
+      stdout: "inherit",
+      stderr: "inherit",
+      env: { ...process.env },
+    });
+  } catch (error) {
+    log.error(`Failed to start codex login: ${error}`);
+    return;
+  }
+
+  const exitCode = await proc.exited;
+  if (exitCode === 0) {
+    log.info("Codex device auth finished successfully");
+  } else {
+    log.error(`Codex device auth finished with exit code ${exitCode}`);
+  }
+}

package/src/daemon/index.ts

@@ -28,6 +28,7 @@ const { TelegramChannel } = await import("./channels/telegram");
 const { sendToCore } = await import("./bridge");
 const { startCore, stopCore, setLifecycleNotify } = await import("./lifecycle");
 const { setAutoFixNotify } = await import("./autofix");
+const { maybeStartCodexDeviceAuth } = await import("./codex-login");
 const { chunkMessage, markdownToTelegramHtml } = await import("../core/format");
 const { saveMessageRecord } = await import("../shared/db");
 
@@ -77,6 +78,7 @@ telegram.onMessage(async (msg) => {
     clearInterval(typingInterval);
 
     const raw = response.text || "";
+    maybeStartCodexDeviceAuth(raw);
     const messageParts = raw.split(/\n---CHUNK---\n/g);
     let sentText = false;