arisa 2.0.9 → 2.1.3

package/bin/arisa.js

@@ -403,6 +403,227 @@ function printForegroundNotice() {
   process.stdout.write("Use `arisa start` to run it as a background service.\n");
 }
 
+// ── Root detection helpers ──────────────────────────────────────────
+
+function isRoot() {
+  return process.getuid?.() === 0;
+}
+
+function arisaUserExists() {
+  return spawnSync("id", ["arisa"], { stdio: "ignore" }).status === 0;
+}
+
+function isProvisioned() {
+  return arisaUserExists() && existsSync("/home/arisa/.bun/bin/bun");
+}
+
+function detectSudoGroup() {
+  // Debian/Ubuntu use 'sudo', RHEL/Fedora use 'wheel'
+  const sudoGroup = spawnSync("getent", ["group", "sudo"], { stdio: "ignore" });
+  if (sudoGroup.status === 0) return "sudo";
+  const wheelGroup = spawnSync("getent", ["group", "wheel"], { stdio: "ignore" });
+  if (wheelGroup.status === 0) return "wheel";
+  return null;
+}
+
+function step(ok, msg) {
+  process.stdout.write(`  ${ok ? "\u2713" : "\u2717"} ${msg}\n`);
+}
+
+function runAs(cmd) {
+  return spawnSync("su", ["-", "arisa", "-c", cmd], {
+    stdio: "pipe",
+    timeout: 120_000,
+  });
+}
+
+function provisionArisaUser() {
+  process.stdout.write("Running as root \u2014 creating dedicated user 'arisa'...\n");
+
+  // 1. Create user
+  const useradd = spawnSync("useradd", ["-m", "-s", "/bin/bash", "arisa"], {
+    stdio: "pipe",
+  });
+  if (useradd.status !== 0) {
+    step(false, `Failed to create user: ${(useradd.stderr || "").toString().trim()}`);
+    process.exit(1);
+  }
+  step(true, "User arisa created");
+
+  // Add to sudo/wheel group if available
+  const group = detectSudoGroup();
+  if (group) {
+    spawnSync("usermod", ["-aG", group, "arisa"], { stdio: "ignore" });
+  }
+
+  // 2. Install bun
+  const bunInstall = runAs("curl -fsSL https://bun.sh/install | bash");
+  if (bunInstall.status !== 0) {
+    step(false, `Failed to install bun: ${(bunInstall.stderr || "").toString().trim()}`);
+    process.exit(1);
+  }
+  step(true, "Bun installed for arisa");
+
+  // 3. Copy arisa source
+  const dest = "/home/arisa/arisa";
+  spawnSync("cp", ["-r", pkgRoot, dest], { stdio: "pipe" });
+  spawnSync("chown", ["-R", "arisa:arisa", dest], { stdio: "pipe" });
+
+  // Install deps + global
+  const install = runAs("cd ~/arisa && ~/.bun/bin/bun install && ~/.bun/bin/bun add -g .");
+  if (install.status !== 0) {
+    step(false, `Failed to install: ${(install.stderr || "").toString().trim()}`);
+    process.exit(1);
+  }
+  step(true, "Arisa installed for arisa");
+
+  // 4. Migrate data
+  const rootArisa = "/root/.arisa";
+  if (existsSync(rootArisa)) {
+    const destArisa = "/home/arisa/.arisa";
+    spawnSync("cp", ["-r", rootArisa, destArisa], { stdio: "pipe" });
+    spawnSync("chown", ["-R", "arisa:arisa", destArisa], { stdio: "pipe" });
+    step(true, "Data migrated to /home/arisa/.arisa/");
+  }
+}
+
+// ── System-level systemd (for root-provisioned installs) ────────────
+
+const systemdSystemUnitPath = "/etc/systemd/system/arisa.service";
+
+function writeSystemdSystemUnit() {
+  const unit = `[Unit]
+Description=Arisa Agent Runtime
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=arisa
+WorkingDirectory=/home/arisa/arisa
+ExecStart=/home/arisa/.bun/bin/bun /home/arisa/arisa/src/daemon/index.ts
+Restart=always
+RestartSec=5
+Environment=ARISA_PROJECT_DIR=/home/arisa/arisa
+Environment=BUN_INSTALL=/home/arisa/.bun
+Environment=PATH=/home/arisa/.bun/bin:/usr/local/bin:/usr/bin:/bin
+
+[Install]
+WantedBy=multi-user.target
+`;
+  writeFileSync(systemdSystemUnitPath, unit, "utf8");
+}
+
+function runSystemdSystem(commandArgs) {
+  const child = runCommand("systemctl", commandArgs, { stdio: "pipe" });
+  if (child.status !== 0) {
+    const stderr = child.stderr || "Unknown systemd error";
+    process.stderr.write(stderr.endsWith("\n") ? stderr : `${stderr}\n`);
+    return { ok: false, status: child.status ?? 1 };
+  }
+  return { ok: true, status: 0, stdout: child.stdout || "" };
+}
+
+function startSystemdSystem() {
+  const start = runSystemdSystem(["start", "arisa"]);
+  if (!start.ok) return start.status;
+  process.stdout.write("Arisa service started.\n");
+  return 0;
+}
+
+function stopSystemdSystem() {
+  const stop = runSystemdSystem(["stop", "arisa"]);
+  if (!stop.ok) return stop.status;
+  process.stdout.write("Arisa service stopped.\n");
+  return 0;
+}
+
+function restartSystemdSystem() {
+  const restart = runSystemdSystem(["restart", "arisa"]);
+  if (!restart.ok) return restart.status;
+  process.stdout.write("Arisa service restarted.\n");
+  return 0;
+}
+
+function statusSystemdSystem() {
+  const result = runCommand("systemctl", ["status", "arisa"], { stdio: "inherit" });
+  return result.status ?? 1;
+}
+
+function isSystemdActive() {
+  const result = runCommand("systemctl", ["is-active", "arisa"], { stdio: "pipe" });
+  return result.status === 0;
+}
+
+// ── Root guard ──────────────────────────────────────────────────────
+
+if (isRoot()) {
+  if (!isProvisioned()) {
+    provisionArisaUser();
+    writeSystemdSystemUnit();
+    spawnSync("systemctl", ["daemon-reload"], { stdio: "inherit" });
+    spawnSync("systemctl", ["enable", "--now", "arisa"], { stdio: "inherit" });
+    step(true, "Systemd service enabled");
+
+    process.stdout.write(`
+Arisa is now running as a service.
+  Status:   systemctl status arisa
+  Logs:     journalctl -u arisa -f
+  Restart:  systemctl restart arisa
+  Stop:     systemctl stop arisa
+`);
+    process.exit(0);
+  }
+
+  // Already provisioned — route commands to system-level systemd
+  if (command === "help" || command === "--help" || command === "-h") {
+    printHelp();
+    process.exit(0);
+  }
+  if (command === "version" || command === "--version" || command === "-v") {
+    printVersion();
+    process.exit(0);
+  }
+
+  switch (command) {
+    case "start":
+      process.exit(startSystemdSystem());
+      break;
+    case "stop":
+      process.exit(stopSystemdSystem());
+      break;
+    case "restart":
+      process.exit(restartSystemdSystem());
+      break;
+    case "status":
+      process.exit(statusSystemdSystem());
+      break;
+    case "daemon":
+    case "run": {
+      // Run as arisa user in foreground
+      const su = spawnSync("su", ["-", "arisa", "-c", "arisa"], {
+        stdio: "inherit",
+      });
+      process.exit(su.status ?? 1);
+    }
+    default: {
+      // No args or unknown — start if not active, otherwise show status
+      if (isDefaultInvocation) {
+        if (isSystemdActive()) {
+          process.exit(statusSystemdSystem());
+        } else {
+          process.exit(startSystemdSystem());
+        }
+      }
+      process.stderr.write(`Unknown command: ${command}\n\n`);
+      printHelp();
+      process.exit(1);
+    }
+  }
+}
+
+// ── Non-root flow (unchanged) ───────────────────────────────────────
+
 if (command === "help" || command === "--help" || command === "-h") {
   printHelp();
   process.exit(0);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "arisa",
-  "version": "2.0.9",
+  "version": "2.1.3",
   "description": "Arisa - dynamic agent runtime with daemon/core architecture that evolves through user interaction",
   "preferGlobal": true,
   "bin": {
@@ -27,6 +27,7 @@
     "core": "bun src/core/index.ts"
   },
   "dependencies": {
+    "@inquirer/prompts": "^8.2.0",
     "croner": "^9.0.0",
     "crypto-js": "^4.2.0",
     "deepbase": "^3.4.9",

package/src/core/index.ts

@@ -76,7 +76,7 @@ await initScheduler();
 await initAttachments();
 
 const server = await serveWithRetry({
-  port: config.corePort,
+  unix: config.coreSocket,
   async fetch(req) {
     const url = new URL(req.url);
 
@@ -461,4 +461,4 @@ ${messageText}`;
   },
 });
 
-log.info(`Core server listening on port ${config.corePort}`);
+log.info(`Core server listening on ${config.coreSocket}`);

package/src/core/scheduler.ts

@@ -59,14 +59,15 @@ async function executeTask(task: ScheduledTask) {
     if (!tasks.includes(task) || !result) return;
 
     // Send the processed result to Telegram via Daemon
-    const response = await fetch(`http://localhost:${config.daemonPort}/send`, {
+    const response = await fetch("http://localhost/send", {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify({
         chatId: task.chatId,
         text: result,
       }),
-    });
+      unix: config.daemonSocket,
+    } as any);
     if (!response.ok) {
       log.error(`Daemon returned ${response.status} for task ${task.id}`);
     }

package/src/daemon/autofix.ts

@@ -85,7 +85,7 @@ Rules:
       } else {
         const detail = outcome.failures.join(" | ").slice(0, 400);
         log.error(`Auto-fix: all CLIs failed: ${detail}`);
-        await notifyFn?.("Auto-fix: Claude y Codex fallaron. Revisá los logs.");
+        await notifyFn?.("Auto-fix: both Claude and Codex failed. Check the logs.");
       }
       return false;
     }
@@ -98,11 +98,11 @@ Rules:
       log.info(`Auto-fix: ${cli} completed successfully`);
     }
 
-    await notifyFn?.(`Auto-fix aplicado con ${cli}. Core reiniciando...\n<pre>${escapeHtml(summary)}</pre>`);
+    await notifyFn?.(`Auto-fix applied with ${cli}. Core restarting...\n<pre>${escapeHtml(summary)}</pre>`);
     return true;
   } catch (err) {
     log.error(`Auto-fix: error: ${err}`);
-    await notifyFn?.("Auto-fix: error interno. Revisá los logs.");
+    await notifyFn?.("Auto-fix: internal error. Check the logs.");
     return false;
   }
 }

package/src/daemon/bridge.ts

@@ -2,7 +2,7 @@
  * @module daemon/bridge
  * @role HTTP client from Daemon to Core with smart fallback to local AI CLI.
  * @responsibilities
- *   - POST messages to Core at :51777/message
+ *   - POST messages to Core via Unix socket
  *   - Respect Core lifecycle state (starting/up/down)
  *   - Wait for Core during startup, fallback only when truly down
  *   - Serialize fallback calls (one CLI process at a time)
@@ -18,7 +18,7 @@ import { getCoreState, getCoreError, waitForCoreReady } from "./lifecycle";
 
 const log = createLogger("daemon");
 
-const CORE_URL = `http://localhost:${config.corePort}`;
+const CORE_URL = "http://localhost";
 const STARTUP_WAIT_MS = 15_000;
 const RETRY_DELAY = 3000;
 
@@ -54,7 +54,7 @@ async function handleStarting(
   onStatus?: StatusCallback,
 ): Promise<CoreResponse> {
   log.info("Core is starting, waiting for it to be ready...");
-  await onStatus?.("Core iniciando, esperando...");
+  await onStatus?.("Core starting, please wait...");
 
   const ready = await waitForCoreReady(STARTUP_WAIT_MS);
 
@@ -90,7 +90,7 @@ async function handleUp(
   }
 
   log.warn("Core unreachable, retrying in 3s...");
-  await onStatus?.("Core no responde, reintentando...");
+  await onStatus?.("Core not responding, retrying...");
   await sleep(RETRY_DELAY);
 
   try {
@@ -114,9 +114,9 @@ async function runFallback(
 
   if (coreError) {
     const preview = coreError.length > 300 ? coreError.slice(-300) : coreError;
-    await onStatus?.(`Core caido. Error:\n<pre>${escapeHtml(preview)}</pre>\nConsultando fallback directo (Claude/Codex)...`);
+    await onStatus?.(`Core is down. Error:\n<pre>${escapeHtml(preview)}</pre>\nFalling back to direct CLI (Claude/Codex)...`);
   } else {
-    await onStatus?.("Core caido. Consultando fallback directo (Claude/Codex)...");
+    await onStatus?.("Core is down. Falling back to direct CLI (Claude/Codex)...");
   }
 
   const text = message.text || "[non-text message — media not available in fallback mode]";
@@ -135,7 +135,8 @@ async function postToCore(message: IncomingMessage): Promise<CoreResponse> {
     headers: { "Content-Type": "application/json" },
     body: JSON.stringify({ message }),
     signal: AbortSignal.timeout(config.claudeTimeout + 5000),
-  });
+    unix: config.coreSocket,
+  } as any);
 
   if (!response.ok) {
     throw new Error(`Core returned ${response.status}`);
@@ -154,7 +155,10 @@ function sleep(ms: number): Promise<void> {
 
 export async function isCoreHealthy(): Promise<boolean> {
   try {
-    const response = await fetch(`${CORE_URL}/health`, { signal: AbortSignal.timeout(2000) });
+    const response = await fetch(`${CORE_URL}/health`, {
+      signal: AbortSignal.timeout(2000),
+      unix: config.coreSocket,
+    } as any);
     return response.ok;
   } catch {
     return false;

package/src/daemon/claude-login.ts

@@ -16,6 +16,8 @@ import { buildBunWrappedAgentCliCommand } from "../shared/ai-cli";
 const log = createLogger("daemon");
 
 const AUTH_HINT_PATTERNS = [
+  /not logged in/i,
+  /please run \/login/i,
   /invalid.*api.?key/i,
   /authentication.*failed/i,
   /not authenticated/i,

package/src/daemon/index.ts

@@ -23,7 +23,7 @@ const { config } = await import("../shared/config");
 // Initialize encrypted secrets
 await config.secrets.initialize();
 const { createLogger } = await import("../shared/logger");
-const { serveWithRetry, claimProcess, releaseProcess } = await import("../shared/ports");
+const { serveWithRetry, claimProcess, releaseProcess, cleanupSocket } = await import("../shared/ports");
 const { TelegramChannel } = await import("./channels/telegram");
 const { sendToCore } = await import("./bridge");
 const { startCore, stopCore, setLifecycleNotify } = await import("./lifecycle");
@@ -175,7 +175,7 @@ telegram.onMessage(async (msg) => {
 
 // --- HTTP server for Core → Daemon pushes (scheduler) ---
 const pushServer = await serveWithRetry({
-  port: config.daemonPort,
+  unix: config.daemonSocket,
   async fetch(req) {
     const url = new URL(req.url);
 
@@ -220,7 +220,7 @@ const pushServer = await serveWithRetry({
   },
 });
 
-log.info(`Daemon push server listening on port ${config.daemonPort}`);
+log.info(`Daemon push server listening on ${config.daemonSocket}`);
 
 // --- Auto-install missing CLIs (non-blocking) ---
 void autoInstallMissingClis();
@@ -238,6 +238,8 @@ telegram.connect().catch((error) => {
 function shutdown() {
   log.info("Shutting down Daemon...");
   stopCore();
+  cleanupSocket(config.daemonSocket);
+  cleanupSocket(config.coreSocket);
   releaseProcess("daemon");
   process.exit(0);
 }

package/src/daemon/lifecycle.ts

@@ -91,9 +91,10 @@ function startHealthCheck() {
       return;
     }
     try {
-      const res = await fetch(`http://localhost:${config.corePort}/health`, {
+      const res = await fetch("http://localhost/health", {
         signal: AbortSignal.timeout(2000),
-      });
+        unix: config.coreSocket,
+      } as any);
       if (res.ok) {
         coreState = "up";
         log.info("Core is ready (health check passed)");
@@ -248,7 +249,7 @@ async function handleError(error: string) {
     const preview = error.length > 500 ? error.slice(-500) : error;
     log.warn("Core error detected, notifying and attempting auto-fix...");
     await notifyFn?.(
-      `Error en Core detectado:\n<pre>${escapeHtml(preview)}</pre>\nIntentando arreglar...`
+      `Core error detected:\n<pre>${escapeHtml(preview)}</pre>\nAttempting auto-fix...`
     );
 
     // 2. Run autofix
@@ -256,9 +257,9 @@ async function handleError(error: string) {
 
     // 3. Notify result
     if (fixed) {
-      await notifyFn?.("Auto-fix aplicado. Core se reiniciará automáticamente.");
+      await notifyFn?.("Auto-fix applied. Core will restart automatically.");
     } else {
-      await notifyFn?.("Auto-fix no pudo resolver el error. Revisalo manualmente.");
+      await notifyFn?.("Auto-fix could not resolve the error. Please check manually.");
     }
   } catch (err) {
     log.error(`handleError threw: ${err}`);

package/src/daemon/setup.ts

@@ -1,22 +1,30 @@
 /**
  * @module daemon/setup
- * @role Interactive first-run setup. Prompts for missing config via stdin.
+ * @role Interactive first-run setup with inquirer prompts.
  * @responsibilities
  *   - Check required config (TELEGRAM_BOT_TOKEN)
  *   - Check optional config (OPENAI_API_KEY)
- *   - Prompt user interactively and save to runtime .env
- * @dependencies shared/paths (avoids importing config to prevent module caching issues)
- * @effects Reads stdin, writes runtime .env
+ *   - Detect / install missing CLIs (Claude, Codex)
+ *   - Run interactive login flows for installed CLIs
+ *   - Persist tokens to both .env and encrypted DB
+ * @dependencies shared/paths, shared/secrets, shared/ai-cli
+ * @effects Reads stdin, writes runtime .env, spawns install/login processes
  */
 
 import { existsSync, readFileSync, writeFileSync, mkdirSync } from "fs";
 import { dirname, join } from "path";
 import { dataDir } from "../shared/paths";
 import { secrets, setSecret } from "../shared/secrets";
+import { isAgentCliInstalled, buildBunWrappedAgentCliCommand, type AgentCliName } from "../shared/ai-cli";
 
 const ENV_PATH = join(dataDir, ".env");
 const SETUP_DONE_KEY = "ARISA_SETUP_COMPLETE";
 
+const CLI_PACKAGES: Record<AgentCliName, string> = {
+  claude: "@anthropic-ai/claude-code",
+  codex: "@openai/codex",
+};
+
 function loadExistingEnv(): Record<string, string> {
   if (!existsSync(ENV_PATH)) return {};
   const vars: Record<string, string> = {};
@@ -36,7 +44,8 @@ function saveEnv(vars: Record<string, string>) {
   writeFileSync(ENV_PATH, content);
 }
 
-async function prompt(question: string): Promise<string> {
+// Fallback readline for non-TTY environments
+async function readLine(question: string): Promise<string> {
   process.stdout.write(question);
   for await (const line of console) {
     return line.trim();
@@ -50,18 +59,44 @@ export async function runSetup(): Promise<boolean> {
   const openaiSecret = await secrets.openai();
   let changed = false;
   const setupDone = vars[SETUP_DONE_KEY] === "1" || process.env[SETUP_DONE_KEY] === "1";
+  const isFirstRun = !setupDone;
+
+  // Try to load inquirer for interactive mode
+  let inq: typeof import("@inquirer/prompts") | null = null;
+  if (process.stdin.isTTY) {
+    try {
+      inq = await import("@inquirer/prompts");
+    } catch {
+      // Fall back to basic prompts
+    }
+  }
+
+  // ─── Phase 1: Tokens ────────────────────────────────────────────
+
+  const hasTelegram = !!(vars.TELEGRAM_BOT_TOKEN || process.env.TELEGRAM_BOT_TOKEN || telegramSecret);
+  const hasOpenAI = !!(vars.OPENAI_API_KEY || process.env.OPENAI_API_KEY || openaiSecret);
+
+  if (!hasTelegram) {
+    if (isFirstRun) console.log("\n🔧 Arisa Setup\n");
 
-  // Required: TELEGRAM_BOT_TOKEN
-  if (!vars.TELEGRAM_BOT_TOKEN && !process.env.TELEGRAM_BOT_TOKEN && !telegramSecret) {
-    console.log("\n🔧 Arisa Setup\n");
-    console.log("Telegram Bot Token required. Get one from @BotFather on Telegram.");
-    const token = await prompt("TELEGRAM_BOT_TOKEN: ");
-    if (!token) {
+    let token: string;
+    if (inq) {
+      token = await inq.input({
+        message: "Telegram Bot Token (from https://t.me/BotFather):",
+        validate: (v) => (v.trim() ? true : "Token is required"),
+      });
+    } else {
+      console.log("Telegram Bot Token required. Get one from https://t.me/BotFather on Telegram.");
+      token = await readLine("TELEGRAM_BOT_TOKEN: ");
+    }
+
+    if (!token.trim()) {
       console.log("No token provided. Cannot start without Telegram Bot Token.");
       return false;
     }
-    vars.TELEGRAM_BOT_TOKEN = token;
-    await setSecret("TELEGRAM_BOT_TOKEN", token).catch((e) =>
+
+    vars.TELEGRAM_BOT_TOKEN = token.trim();
+    await setSecret("TELEGRAM_BOT_TOKEN", token.trim()).catch((e) =>
       console.warn(`[setup] Could not persist TELEGRAM_BOT_TOKEN to encrypted DB: ${e}`)
     );
     console.log("[setup] TELEGRAM_BOT_TOKEN saved to .env + encrypted DB");
@@ -71,33 +106,168 @@ export async function runSetup(): Promise<boolean> {
     console.log(`[setup] TELEGRAM_BOT_TOKEN found in ${src}`);
   }
 
-  // Optional: OPENAI_API_KEY
-  if (!vars.OPENAI_API_KEY && !process.env.OPENAI_API_KEY && !openaiSecret && !setupDone) {
-    if (!changed) console.log("\n🔧 Arisa Setup\n");
-    console.log("\nOpenAI API Key (optional — enables voice transcription + image analysis).");
-    const key = await prompt("OPENAI_API_KEY (enter to skip): ");
-    if (key) {
-      vars.OPENAI_API_KEY = key;
-      await setSecret("OPENAI_API_KEY", key).catch((e) =>
+  if (!hasOpenAI && isFirstRun) {
+    let key: string;
+    if (inq) {
+      key = await inq.input({
+        message: "OpenAI API Key (optional — voice + image, enter to skip):",
+      });
+    } else {
+      console.log("\nOpenAI API Key (optional — enables voice transcription + image analysis).");
+      key = await readLine("OPENAI_API_KEY (enter to skip): ");
+    }
+
+    if (key.trim()) {
+      vars.OPENAI_API_KEY = key.trim();
+      await setSecret("OPENAI_API_KEY", key.trim()).catch((e) =>
         console.warn(`[setup] Could not persist OPENAI_API_KEY to encrypted DB: ${e}`)
       );
       console.log("[setup] OPENAI_API_KEY saved to .env + encrypted DB");
       changed = true;
     }
-  } else if (vars.OPENAI_API_KEY || process.env.OPENAI_API_KEY || openaiSecret) {
+  } else if (hasOpenAI) {
     const src = openaiSecret ? "encrypted DB" : vars.OPENAI_API_KEY ? ".env" : "env var";
     console.log(`[setup] OPENAI_API_KEY found in ${src}`);
   }
 
+  // Save tokens
   if (!setupDone) {
     vars[SETUP_DONE_KEY] = "1";
     changed = true;
   }
-
   if (changed) {
     saveEnv(vars);
-    console.log(`\nConfig saved to ${ENV_PATH}\n`);
+    console.log(`\nConfig saved to ${ENV_PATH}`);
+  }
+
+  // ─── Phase 2: CLI Installation (first run, interactive) ─────────
+
+  if (isFirstRun && process.stdin.isTTY) {
+    await setupClis(inq);
   }
 
   return true;
 }
+
+async function setupClis(inq: typeof import("@inquirer/prompts") | null) {
+  let claudeInstalled = isAgentCliInstalled("claude");
+  let codexInstalled = isAgentCliInstalled("codex");
+
+  console.log("\nCLI Status:");
+  console.log(`  ${claudeInstalled ? "✓" : "✗"} Claude${claudeInstalled ? "" : " — not installed"}`);
+  console.log(`  ${codexInstalled ? "✓" : "✗"} Codex${codexInstalled ? "" : " — not installed"}`);
+
+  // Install missing CLIs
+  const missing: AgentCliName[] = [];
+  if (!claudeInstalled) missing.push("claude");
+  if (!codexInstalled) missing.push("codex");
+
+  if (missing.length > 0) {
+    let toInstall: AgentCliName[] = [];
+
+    if (inq) {
+      toInstall = await inq.checkbox({
+        message: "Install missing CLIs? (space to select, enter to confirm)",
+        choices: missing.map((cli) => ({
+          name: `${cli === "claude" ? "Claude" : "Codex"} (${CLI_PACKAGES[cli]})`,
+          value: cli as AgentCliName,
+          checked: true,
+        })),
+      });
+    } else {
+      // Non-inquirer fallback: install all
+      const answer = await readLine("\nInstall missing CLIs? (Y/n): ");
+      if (answer.toLowerCase() !== "n") toInstall = missing;
+    }
+
+    for (const cli of toInstall) {
+      console.log(`\nInstalling ${cli}...`);
+      const ok = await installCli(cli);
+      console.log(ok ? `  ✓ ${cli} installed` : `  ✗ ${cli} install failed`);
+    }
+
+    // Refresh status
+    claudeInstalled = isAgentCliInstalled("claude");
+    codexInstalled = isAgentCliInstalled("codex");
+  }
+
+  // Login CLIs
+  if (claudeInstalled) {
+    let doLogin = true;
+    if (inq) {
+      doLogin = await inq.confirm({ message: "Log in to Claude?", default: true });
+    } else {
+      const answer = await readLine("\nLog in to Claude? (Y/n): ");
+      doLogin = answer.toLowerCase() !== "n";
+    }
+    if (doLogin) {
+      console.log();
+      await runInteractiveLogin("claude");
+    }
+  }
+
+  if (codexInstalled) {
+    let doLogin = true;
+    if (inq) {
+      doLogin = await inq.confirm({ message: "Log in to Codex?", default: true });
+    } else {
+      const answer = await readLine("\nLog in to Codex? (Y/n): ");
+      doLogin = answer.toLowerCase() !== "n";
+    }
+    if (doLogin) {
+      console.log();
+      await runInteractiveLogin("codex");
+    }
+  }
+
+  if (!claudeInstalled && !codexInstalled) {
+    console.log("\n⚠ No CLIs installed. Arisa needs at least one to work.");
+    console.log("  The daemon will auto-install them in the background.\n");
+  } else {
+    console.log("\n✓ Setup complete!\n");
+  }
+}
+
+async function installCli(cli: AgentCliName): Promise<boolean> {
+  try {
+    const proc = Bun.spawn(["bun", "add", "-g", CLI_PACKAGES[cli]], {
+      stdout: "inherit",
+      stderr: "inherit",
+    });
+    const timeout = setTimeout(() => proc.kill(), 120_000);
+    const exitCode = await proc.exited;
+    clearTimeout(timeout);
+    return exitCode === 0;
+  } catch (e) {
+    console.error(`  Install error: ${e}`);
+    return false;
+  }
+}
+
+async function runInteractiveLogin(cli: AgentCliName): Promise<boolean> {
+  const args = cli === "claude"
+    ? ["setup-token"]
+    : ["login", "--device-auth"];
+
+  console.log(`Starting ${cli} login...`);
+
+  try {
+    const proc = Bun.spawn(buildBunWrappedAgentCliCommand(cli, args), {
+      stdin: "inherit",
+      stdout: "inherit",
+      stderr: "inherit",
+    });
+    const exitCode = await proc.exited;
+
+    if (exitCode === 0) {
+      console.log(`  ✓ ${cli} login successful`);
+      return true;
+    } else {
+      console.log(`  ✗ ${cli} login failed (exit ${exitCode})`);
+      return false;
+    }
+  } catch (e) {
+    console.error(`  Login error: ${e}`);
+    return false;
+  }
+}

package/src/shared/config.ts

@@ -107,6 +107,8 @@ export const config = {
 
   corePort: 51777,
   daemonPort: 51778,
+  coreSocket: join(dataDir, "core.sock"),
+  daemonSocket: join(dataDir, "daemon.sock"),
 
   // API keys - use async getters for first load
   get telegramBotToken() { return secureConfig.telegramBotToken; },

package/src/shared/ports.ts

@@ -78,19 +78,37 @@ export function releaseProcess(name: string): void {
 }
 
 /**
- * Bun.serve() with retry — if port is busy, waits for previous process to die.
+ * Remove a Unix socket file if it exists (stale leftover from crash).
+ */
+export function cleanupSocket(socketPath: string): void {
+  try { unlinkSync(socketPath); } catch {}
+}
+
+/**
+ * Bun.serve() with retry — handles both TCP ports and Unix sockets.
+ * For Unix sockets, cleans up stale socket file before first attempt.
  */
 export async function serveWithRetry(
   options: Parameters<typeof Bun.serve>[0],
   retries = 5,
 ): Promise<ReturnType<typeof Bun.serve>> {
+  const socketPath = (options as any).unix as string | undefined;
+
+  // Pre-clean stale Unix socket from a previous crash
+  if (socketPath) cleanupSocket(socketPath);
+
   for (let i = 0; i < retries; i++) {
     try {
       return Bun.serve(options);
     } catch (e: any) {
       if (e?.code !== "EADDRINUSE" || i === retries - 1) throw e;
-      const port = (options as any).port ?? "?";
-      console.log(`[ports] Port ${port} busy, retrying (${i + 1}/${retries})...`);
+      if (socketPath) {
+        console.log(`[ports] Socket ${socketPath} busy, cleaning up and retrying (${i + 1}/${retries})...`);
+        cleanupSocket(socketPath);
+      } else {
+        const port = (options as any).port ?? "?";
+        console.log(`[ports] Port ${port} busy, retrying (${i + 1}/${retries})...`);
+      }
       await new Promise((r) => setTimeout(r, 1000));
     }
   }