npm - codeam-cli - Versions diffs - 2.39.44 → 2.39.45 - Mend

codeam-cli 2.39.44 → 2.39.45

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -4,6 +4,12 @@ All notable changes to `codeam-cli` are documented here.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [2.39.44] — 2026-06-19
+### Fixed
+- **cli:** Surface untracked new files with real line counts in changeset
 ## [2.39.43] — 2026-06-19
 ### Fixed

package/dist/index.js CHANGED Viewed

@@ -498,7 +498,7 @@ var import_qrcode_terminal = __toESM(require("qrcode-terminal"));
 // package.json
 var package_default = {
   name: "codeam-cli",
-  version: "2.39.44",
+  version: "2.39.45",
   description: "Workflow-continuity bridge for AI coding agents. Wrap Claude Code or Codex in a PTY and supervise, approve, and redirect the session from any device \u2014 async. The terminal companion for CodeAgent Mobile.",
   type: "commonjs",
   main: "dist/index.js",
@@ -5908,7 +5908,7 @@ function readAnonId() {
 }
 function superProperties() {
   return {
-    cliVersion: true ? "2.39.44" : "0.0.0-dev",
+    cliVersion: true ? "2.39.45" : "0.0.0-dev",
     nodeVersion: process.version,
     platform: process.platform,
     arch: process.arch,
@@ -16173,9 +16173,11 @@ async function link(args2 = []) {
     return;
   }
   const pluginId = (0, import_node_crypto6.randomUUID)();
+  const pollSecret = (0, import_node_crypto6.randomBytes)(32).toString("base64url");
+  const pluginSecretHash = (0, import_node_crypto6.createHash)("sha256").update(pollSecret).digest("hex");
   const spin = dist_exports.spinner();
   spin.start("Requesting pairing code...");
-  const pairing = await requestCode(pluginId);
+  const pairing = await requestCode(pluginId, pluginSecretHash);
   if (!pairing.ok) {
     spin.stop("Failed");
     if (pairing.reason === "rate-limited") {
@@ -16219,15 +16221,30 @@ async function link(args2 = []) {
         clearInterval(countdown);
         waitSpin.stop("Timed out");
         reject(new Error("Pairing timed out after 5 minutes. Run codeam link again."));
-      }
+      },
+      // SEC: replay the PoP secret so the pending-stream gate passes
+      // under PoP enforcement.
+      pollSecret
     );
     process.once("SIGINT", sigint);
   });
-  if (!paired.pluginAuthToken) {
-    showError(
-      "Backend did not return a pluginAuthToken \u2014 upgrade api-v2 (deploy includes the link endpoint)."
-    );
-    process.exit(1);
+  let pluginAuthToken = paired.pluginAuthToken;
+  if (!pluginAuthToken) {
+    const fetchSpin = dist_exports.spinner();
+    fetchSpin.start("Fetching plugin auth token via secure reconnect...");
+    pluginAuthToken = await fetchCurrentPluginAuthToken(
+      paired.sessionId,
+      pluginId,
+      pollSecret
+    ) ?? void 0;
+    if (!pluginAuthToken) {
+      fetchSpin.stop("Failed");
+      showError(
+        "Could not obtain a pluginAuthToken \u2014 the pairing did not supply one and the /api/pairing/reconnect fallback also failed. Ensure api-v2 is deployed and try running codeam link again."
+      );
+      process.exit(1);
+    }
+    fetchSpin.stop("Token retrieved");
   }
   addSession({
     id: paired.sessionId,
@@ -16236,12 +16253,15 @@ async function link(args2 = []) {
     userEmail: paired.userEmail,
     plan: paired.plan,
     pairedAt: Date.now(),
-    pluginAuthToken: paired.pluginAuthToken,
+    pluginAuthToken,
+    // SEC: persist so command-relay and future reconnects can prove
+    // possession on the gated endpoint.
+    pollSecret,
     agent: ctx.runtime.id
   });
   saveCliConfig({ ...loadCliConfig(), preferredAgent: ctx.runtime.id });
   if (parsed.apiKey) {
-    await uploadAndSucceed(ctx, paired, pluginId, {
+    await uploadAndSucceed(ctx, paired, pluginId, pluginAuthToken, {
       method: "api_key",
       credential: parsed.apiKey.trim(),
       source: "manual"
@@ -16254,7 +16274,7 @@ async function link(args2 = []) {
       showError(`--token-file ${parsed.tokenFile} is empty.`);
       process.exit(1);
     }
-    await uploadAndSucceed(ctx, paired, pluginId, {
+    await uploadAndSucceed(ctx, paired, pluginId, pluginAuthToken, {
       method: "oauth",
       credential,
       source: "manual"
@@ -16272,9 +16292,9 @@ async function link(args2 = []) {
   installSpin.stop(`${ctx.displayName} is installed`);
   const existing = await ctx.locator.extract();
   if (existing) {
-    if (await refuseIfStale(ctx, paired, pluginId, existing)) return;
+    if (await refuseIfStale(ctx, paired, pluginId, pluginAuthToken, existing)) return;
     showInfo(`Found existing ${ctx.displayName} credentials at ${import_picocolors2.default.bold(existing.source)}.`);
-    await uploadAndSucceed(ctx, paired, pluginId, existing);
+    await uploadAndSucceed(ctx, paired, pluginId, pluginAuthToken, existing);
     return;
   }
   if (parsed.reuseExisting) {
@@ -16289,23 +16309,21 @@ async function link(args2 = []) {
   console.log("");
   const captured = await captureFreshCredentials(ctx);
   console.log("");
-  if (await refuseIfStale(ctx, paired, pluginId, captured)) return;
-  await uploadAndSucceed(ctx, paired, pluginId, captured);
+  if (await refuseIfStale(ctx, paired, pluginId, pluginAuthToken, captured)) return;
+  await uploadAndSucceed(ctx, paired, pluginId, pluginAuthToken, captured);
 }
-async function refuseIfStale(ctx, paired, pluginId, token) {
+async function refuseIfStale(ctx, paired, pluginId, pluginAuthToken, token) {
   const verdict = ctx.locator.validate?.(token);
   if (!verdict || verdict.status !== "expired") return false;
   const reason = verdict.reason ?? "Token expired";
-  if (paired.pluginAuthToken) {
-    await postLinkErrorSignal({
-      agentId: ctx.locator.publicId,
-      sessionId: paired.sessionId,
-      pluginId,
-      pluginAuthToken: paired.pluginAuthToken,
-      code: "credentials_expired",
-      reason
-    });
-  }
+  await postLinkErrorSignal({
+    agentId: ctx.locator.publicId,
+    sessionId: paired.sessionId,
+    pluginId,
+    pluginAuthToken,
+    code: "credentials_expired",
+    reason
+  });
   showError(
     `Your local ${ctx.displayName} credentials at ${import_picocolors2.default.bold(ctx.locator.hint)} are already expired:
    ${reason}
@@ -16394,18 +16412,14 @@ async function captureFreshCredentials(ctx) {
     throw err;
   }
 }
-async function uploadAndSucceed(ctx, paired, pluginId, token) {
-  if (!paired.pluginAuthToken) {
-    showError("Missing pluginAuthToken; re-run codeam link.");
-    process.exit(1);
-  }
+async function uploadAndSucceed(ctx, paired, pluginId, pluginAuthToken, token) {
   const uploadSpin = dist_exports.spinner();
   uploadSpin.start("Sealing credential in your vault...");
   const result = await postLinkCredential({
     agentId: ctx.locator.publicId,
     sessionId: paired.sessionId,
     pluginId,
-    pluginAuthToken: paired.pluginAuthToken,
+    pluginAuthToken,
     method: token.method,
     credential: token.credential,
     agentState: token.agentState
@@ -27365,7 +27379,7 @@ function checkChokidar() {
 }
 async function doctor(args2 = []) {
   const json = args2.includes("--json");
-  const cliVersion = true ? "2.39.44" : "0.0.0-dev";
+  const cliVersion = true ? "2.39.45" : "0.0.0-dev";
   const apiBase2 = resolveApiBaseUrl();
   const diagnosticId = (0, import_node_crypto8.randomUUID)();
   log.info("doctor", `run id=${diagnosticId} cli=${cliVersion}`);
@@ -27564,7 +27578,7 @@ async function completion(args2) {
 // src/commands/version.ts
 var import_picocolors13 = __toESM(require("picocolors"));
 function version2() {
-  const v = true ? "2.39.44" : "unknown";
+  const v = true ? "2.39.45" : "unknown";
   console.log(`${import_picocolors13.default.bold("codeam-cli")} ${import_picocolors13.default.cyan(v)}`);
 }
@@ -27850,7 +27864,7 @@ function checkForUpdates() {
   if (process.env.CODEAM_DISABLE_UPDATE_CHECK === "1") return;
   if (process.env.CI) return;
   if (!process.stdout.isTTY) return;
-  const current = true ? "2.39.44" : null;
+  const current = true ? "2.39.45" : null;
   if (!current) return;
   const cache = readCache();
   const fresh = cache && Date.now() - cache.fetchedAt < TTL_MS;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "codeam-cli",
-  "version": "2.39.44",
+  "version": "2.39.45",
   "description": "Workflow-continuity bridge for AI coding agents. Wrap Claude Code or Codex in a PTY and supervise, approve, and redirect the session from any device — async. The terminal companion for CodeAgent Mobile.",
   "type": "commonjs",
   "main": "dist/index.js",