copillm 0.2.3 → 0.2.4

package/README.md

@@ -38,6 +38,7 @@ copillm login
 # necessary, and configures the required environment variables.
 copillm claude
 copillm codex
+copillm copilot   # GitHub Copilot CLI, signed in with copillm's token
 ```
 
 Arguments after the agent name are forwarded to the underlying CLI:

package/dist/agentconfig/apply.js

@@ -12,14 +12,14 @@ import { backupIfMismatch } from "./markerBlock.js";
  */
 export function applyAgentConfig(opts) {
     if (opts.skip) {
-        return { active: null, writes: [], envOverlay: {}, cliArgs: [], notes: [], sources: [] };
+        return { active: null, writes: [], envOverlay: {}, cliArgs: [], notes: [], sources: [], yolo: null };
     }
     const load = loadAgentConfig({
         cwd: opts.cwd,
         profileOverride: opts.profileOverride ?? null
     });
     if (!load) {
-        return { active: null, writes: [], envOverlay: {}, cliArgs: [], notes: [], sources: [] };
+        return { active: null, writes: [], envOverlay: {}, cliArgs: [], notes: [], sources: [], yolo: null };
     }
     const rendered = planRender(opts, load);
     // Phase 2: write. By this point all validation passed and the renderer
@@ -35,7 +35,8 @@ export function applyAgentConfig(opts) {
         envOverlay: rendered.envOverlay,
         cliArgs: rendered.cliArgs,
         notes: rendered.notes,
-        sources: load.sources
+        sources: load.sources,
+        yolo: load.resolved.yolo
     };
 }
 export function formatApplyNotes(result, agent) {

package/dist/agentconfig/load.js

@@ -113,7 +113,40 @@ function mergeAndResolve(input) {
         hooks: mergeRecord(layers, "hooks"),
         permissions: mergeRecord(layers, "permissions")
     };
-    return { instructions, mcpServers: servers, reserved };
+    const yolo = mergeYolo(layers);
+    return { instructions, mcpServers: servers, yolo, reserved };
+}
+/**
+ * Layer yolo blocks across defaults + active profile. Later layers (project
+ * over global, profile over defaults) override earlier ones at the field
+ * level: `enabled` is replaced wholesale, `agents.<id>` is merged per-key so
+ * a profile can toggle a single agent without clearing the rest.
+ *
+ * Returns null when no layer declared `[...yolo]`, so callers can distinguish
+ * "config has no opinion" from "config explicitly said false".
+ */
+function mergeYolo(layers) {
+    let saw = false;
+    let enabled;
+    const agents = {};
+    for (const layer of layers) {
+        const y = layer.yolo;
+        if (!y)
+            continue;
+        saw = true;
+        if (y.enabled !== undefined)
+            enabled = y.enabled;
+        if (y.agents)
+            Object.assign(agents, y.agents);
+    }
+    if (!saw)
+        return null;
+    const out = {};
+    if (enabled !== undefined)
+        out.enabled = enabled;
+    if (Object.keys(agents).length > 0)
+        out.agents = agents;
+    return out;
 }
 function mergeRecord(layers, key) {
     const out = {};

package/dist/agentconfig/schema.js

@@ -43,10 +43,32 @@ const McpSchema = z
 })
     .strict();
 const PassthroughRecord = z.record(z.unknown());
+/**
+ * Per-agent yolo overrides. Keys must match the `AgentName` union in
+ * `src/integrations/registry.ts`; unknown keys are rejected so typos surface
+ * at config-load time rather than silently doing nothing.
+ */
+const YoloAgentsSchema = z
+    .object({
+    claude: z.boolean().optional(),
+    codex: z.boolean().optional(),
+    copilot: z.boolean().optional(),
+    pi: z.boolean().optional()
+})
+    .strict();
+const YoloSchema = z
+    .object({
+    /** Profile-wide default applied to every supported agent unless overridden. */
+    enabled: z.boolean().optional(),
+    /** Per-agent overrides; takes precedence over `enabled`. */
+    agents: YoloAgentsSchema.optional()
+})
+    .strict();
 const SectionSchema = z
     .object({
     instructions: InstructionsSchema.optional(),
     mcp: McpSchema.optional(),
+    yolo: YoloSchema.optional(),
     // v1 reserved sections: validated as objects but not interpreted.
     skills: PassthroughRecord.optional(),
     agents: PassthroughRecord.optional(),

package/dist/agents/registry.js

@@ -53,20 +53,94 @@ export function applyYolo(options) {
         }
         case "unsupported": {
             const warn = options.warn ?? ((line) => process.stderr.write(`${line}\n`));
-            warn(`copillm: --yolo ignored for ${options.agent} (${spec.reason})`);
+            const sourceSuffix = options.source ? `; source: ${describeSource(options.source)}` : "";
+            warn(`copillm: --yolo ignored for ${options.agent} (${spec.reason}${sourceSuffix})`);
             return args;
         }
     }
 }
 /**
- * Read the `COPILLM_YOLO` env var as a boolean. Accepts "1", "true", "yes"
- * (case-insensitive) as truthy; everything else (including unset) is false.
+ * Tri-state read of `COPILLM_YOLO`:
+ *   - "1" | "true" | "yes" (case-insensitive)  → true   (explicit on)
+ *   - "0" | "false" | "no" (case-insensitive)  → false  (explicit off; can
+ *     veto config-driven yolo but not the explicit --yolo flag)
+ *   - unset / empty / anything else            → undefined (no opinion)
+ *
+ * Returning undefined for "unset" lets `resolveYoloWithSource` fall through
+ * to the config layers; previously the env var only had a truthy path.
  */
 export function yoloFromEnv(env = process.env) {
     const raw = env.COPILLM_YOLO?.trim().toLowerCase();
-    return raw === "1" || raw === "true" || raw === "yes";
+    if (raw === undefined || raw === "")
+        return undefined;
+    if (raw === "1" || raw === "true" || raw === "yes")
+        return true;
+    if (raw === "0" || raw === "false" || raw === "no")
+        return false;
+    return undefined;
+}
+/**
+ * Precedence (top wins):
+ *   1. --yolo CLI flag
+ *   2. COPILLM_YOLO env var (tri-state — explicit off counts)
+ *   3. profile.agents[<agent>]
+ *   4. profile.enabled
+ *   5. defaults.agents[<agent>]   (folded into profile view by mergeYolo)
+ *   6. defaults.enabled            (ditto)
+ *   7. off
+ *
+ * Because `mergeYolo` already collapses defaults+profile into a single layer
+ * with profile-wins semantics, we only need to consult one merged view here.
+ * The source label distinguishes "profile" vs "defaults" only when we know
+ * the profile name (callers pass it through `profile.profileName`).
+ */
+export function resolveYoloWithSource(input) {
+    if (input.flag) {
+        return { value: true, source: "flag", label: "--yolo flag" };
+    }
+    const fromEnv = yoloFromEnv(input.env ?? process.env);
+    if (fromEnv !== undefined) {
+        return { value: fromEnv, source: "env", label: "COPILLM_YOLO env" };
+    }
+    const y = input.profile?.yolo;
+    if (y) {
+        const profileLabel = input.profile?.profileName
+            ? `profile "${input.profile.profileName}"`
+            : "agent.toml";
+        const perAgent = y.agents?.[input.agent];
+        if (perAgent !== undefined) {
+            return { value: perAgent, source: "profile.agents", label: `${profileLabel} (agents.${input.agent})` };
+        }
+        if (y.enabled !== undefined) {
+            return { value: y.enabled, source: "profile.enabled", label: `${profileLabel} (enabled)` };
+        }
+    }
+    return { value: false, source: "off", label: "default off" };
 }
-/** Combine the per-launch flag with the env var fallback. */
+/**
+ * Back-compat shim for callers that don't (yet) thread the merged profile
+ * through. Kept so older entry points keep compiling; new code should prefer
+ * `resolveYoloWithSource` and pass the result's `value` + `source` into
+ * `applyYolo` so unsupported-agent warnings carry attribution.
+ */
 export function resolveYolo(flag, env = process.env) {
-    return Boolean(flag) || yoloFromEnv(env);
+    return resolveYoloWithSource({ agent: "claude", flag, env }).value;
+}
+function describeSource(source) {
+    switch (source) {
+        case "flag":
+            return "--yolo flag";
+        case "env":
+            return "COPILLM_YOLO env";
+        case "profile.agents":
+            return "profile agents map";
+        case "profile.enabled":
+            return "profile enabled";
+        case "defaults.agents":
+            return "defaults agents map";
+        case "defaults.enabled":
+            return "defaults enabled";
+        case "off":
+            return "default off";
+    }
 }

package/dist/cli/auth/ensure.js

@@ -0,0 +1,30 @@
+import { inspectStoredCredential, saveStoredCredential } from "../../auth/credentials.js";
+import { loginViaDeviceFlow } from "../../auth/deviceFlow.js";
+import { ensureAuthenticatedInteractive as ensureAuthenticatedInteractiveImpl } from "../../auth/ensureAuthenticated.js";
+import { choose, confirm } from "../../auth/interactivePrompt.js";
+import { loadConfig } from "../../config/config.js";
+import { describeBackend } from "../shared/backends.js";
+/**
+ * Build the default dependency bundle for ensureAuthenticatedInteractive.
+ * Lives here (rather than inside the auth module) so the auth module stays
+ * UI-framework-agnostic and tests can supply alternative implementations.
+ */
+export function defaultEnsureAuthDeps() {
+    return {
+        inspectStoredCredential,
+        isTty: () => process.stdin.isTTY === true,
+        confirm,
+        choose,
+        loginViaDeviceFlow,
+        loadAccountType: () => loadConfig().accountType,
+        saveStoredCredential,
+        describeBackend,
+        print: (line) => process.stdout.write(line),
+        setEnv: (key, value) => {
+            process.env[key] = value;
+        }
+    };
+}
+export async function ensureAuthenticatedInteractive() {
+    return ensureAuthenticatedInteractiveImpl(defaultEnsureAuthDeps());
+}

package/dist/cli/auth/runAuth.js

@@ -0,0 +1,38 @@
+import { clearStoredCredential, saveStoredCredential } from "../../auth/credentials.js";
+import { loginViaDeviceFlow } from "../../auth/deviceFlow.js";
+import { loadConfig } from "../../config/config.js";
+import { inspectLock, releaseLock } from "../../server/lock.js";
+import { stopByPid } from "../daemon/lifecycle.js";
+import { describeBackend } from "../shared/backends.js";
+import { writeCommandOutput } from "../shared/output.js";
+export async function runAuthLogin(opts, options) {
+    if (options.forceSession) {
+        process.env.COPILLM_FORCE_SESSION_BACKEND = "1";
+    }
+    const config = loadConfig();
+    const token = await loginViaDeviceFlow();
+    const saveMode = options.forceSession ? "session" : "auto";
+    const backend = await saveStoredCredential(token, config.accountType, { mode: saveMode });
+    writeCommandOutput(opts, `Login succeeded. Credentials stored via ${describeBackend(backend)}.`, {
+        status: "ok",
+        action: "login",
+        credential_backend: backend
+    });
+}
+export async function runAuthLogout(opts) {
+    const result = await clearStoredCredential();
+    const lockState = inspectLock();
+    if (lockState.state === "running") {
+        await stopByPid(lockState.lock.pid);
+    }
+    else if (lockState.state === "stale") {
+        releaseLock();
+    }
+    const credentialStatus = result.removed ? "removed" : "not present";
+    writeCommandOutput(opts, `Logged out. Credentials ${credentialStatus} from ${describeBackend(result.backend)}.`, {
+        status: "ok",
+        action: "logout",
+        credential_backend: result.backend,
+        credential_removed: result.removed
+    });
+}

package/dist/cli/commands/agents/claude.js

@@ -0,0 +1,47 @@
+import { applyAgentConfig, formatApplyNotes } from "../../../agentconfig/apply.js";
+import { detectClaudeSettingsConflicts, formatSettingsConflictWarning } from "../../../integrations/claude/settingsConflict.js";
+import { processCopillmArgs } from "../../copillmFlags.js";
+import { ensureDaemonRunningForLauncher } from "../../daemon/ensureRunning.js";
+import { launchAgent } from "../../launchAgent.js";
+import { buildClaudeExportCommand } from "../../integrations/claudeExport.js";
+import { enableRuntimeDebug, resolveCopillmDebug } from "../../shared/debug.js";
+import { applyYoloForLaunch } from "./shared.js";
+export function register(program) {
+    program
+        .command("claude")
+        .description("Launch Claude Code against copillm (auto-starts daemon, downloads claude if missing)")
+        .allowUnknownOption(true)
+        .helpOption(false)
+        .argument("[args...]", "Args forwarded to claude")
+        .action(async (forwardedArgs) => {
+        const { opts, forwarded } = processCopillmArgs(forwardedArgs ?? []);
+        const debug = resolveCopillmDebug(opts.copillmDebug);
+        enableRuntimeDebug(debug);
+        const lock = await ensureDaemonRunningForLauncher({ debug });
+        const claude = buildClaudeExportCommand(lock.port, null);
+        const pinnedSpec = opts.copillmUse ?? process.env.COPILLM_CLAUDE_VERSION ?? undefined;
+        const conflicts = detectClaudeSettingsConflicts(claude.bundle.env);
+        for (const line of formatSettingsConflictWarning(conflicts)) {
+            process.stderr.write(`${line}\n`);
+        }
+        const applyResult = applyAgentConfig({
+            agent: "claude",
+            cwd: process.cwd(),
+            profileOverride: opts.copillmProfile ?? process.env.COPILLM_PROFILE ?? null,
+            skip: Boolean(opts.copillmNoConfig)
+        });
+        for (const line of formatApplyNotes(applyResult, "claude")) {
+            process.stderr.write(`${line}\n`);
+        }
+        const env = { ...claude.bundle.env, ...applyResult.envOverlay };
+        const baseArgs = [...forwarded, ...applyResult.cliArgs];
+        const args = applyYoloForLaunch({ agent: "claude", flag: opts.yolo, applyResult, baseArgs });
+        const exitCode = await launchAgent({
+            agent: "claude",
+            args,
+            env,
+            pinnedSpec
+        });
+        process.exit(exitCode);
+    });
+}

package/dist/cli/commands/agents/codex.js

@@ -0,0 +1,48 @@
+import { applyAgentConfig, formatApplyNotes } from "../../../agentconfig/apply.js";
+import { buildCodexEnvBundle } from "../../agentEnv.js";
+import { processCopillmArgs } from "../../copillmFlags.js";
+import { ensureDaemonRunningForLauncher } from "../../daemon/ensureRunning.js";
+import { launchAgent } from "../../launchAgent.js";
+import { refreshCodexHome } from "../../integrations/refreshCodex.js";
+import { enableRuntimeDebug, resolveCopillmDebug } from "../../shared/debug.js";
+import { applyYoloForLaunch } from "./shared.js";
+export function register(program) {
+    program
+        .command("codex")
+        .description("Launch Codex CLI against copillm (auto-starts daemon, downloads codex if missing)")
+        .allowUnknownOption(true)
+        .helpOption(false)
+        .argument("[args...]", "Args forwarded to codex")
+        .action(async (forwardedArgs) => {
+        const { opts, forwarded } = processCopillmArgs(forwardedArgs ?? []);
+        const debug = resolveCopillmDebug(opts.copillmDebug);
+        enableRuntimeDebug(debug);
+        const lock = await ensureDaemonRunningForLauncher({ debug });
+        const codex = await refreshCodexHome(lock.port, null);
+        if (!codex) {
+            throw new Error("Failed to prepare Codex home (see warning above).");
+        }
+        const bundle = buildCodexEnvBundle(codex.outDir);
+        const pinnedSpec = opts.copillmUse ?? process.env.COPILLM_CODEX_VERSION ?? undefined;
+        const applyResult = applyAgentConfig({
+            agent: "codex",
+            cwd: process.cwd(),
+            codexHomeDir: codex.outDir,
+            profileOverride: opts.copillmProfile ?? process.env.COPILLM_PROFILE ?? null,
+            skip: Boolean(opts.copillmNoConfig)
+        });
+        for (const line of formatApplyNotes(applyResult, "codex")) {
+            process.stderr.write(`${line}\n`);
+        }
+        const env = { ...bundle.env, ...applyResult.envOverlay };
+        const baseArgs = [...forwarded, ...applyResult.cliArgs];
+        const args = applyYoloForLaunch({ agent: "codex", flag: opts.yolo, applyResult, baseArgs });
+        const exitCode = await launchAgent({
+            agent: "codex",
+            args,
+            env,
+            pinnedSpec
+        });
+        process.exit(exitCode);
+    });
+}

package/dist/cli/commands/agents/copilot.js

@@ -0,0 +1,49 @@
+import { applyAgentConfig, formatApplyNotes } from "../../../agentconfig/apply.js";
+import { loadStoredCredential } from "../../../auth/credentials.js";
+import { processCopillmArgs } from "../../copillmFlags.js";
+import { launchAgent } from "../../launchAgent.js";
+import { applyYoloForLaunch } from "./shared.js";
+export function register(program) {
+    program
+        .command("copilot")
+        .description("Launch GitHub Copilot CLI reusing copillm's stored GitHub token (no second device flow)")
+        .allowUnknownOption(true)
+        .helpOption(false)
+        .argument("[args...]", "Args forwarded to copilot")
+        .action(async (forwardedArgs) => {
+        const { opts, forwarded } = processCopillmArgs(forwardedArgs ?? []);
+        const credential = await loadStoredCredential();
+        if (!credential) {
+            process.stderr.write("copillm: no stored GitHub credential — run `copillm auth login` first.\n");
+            process.exit(1);
+            return;
+        }
+        const pinnedSpec = opts.copillmUse ?? process.env.COPILLM_COPILOT_VERSION ?? undefined;
+        const applyResult = applyAgentConfig({
+            agent: "copilot",
+            cwd: process.cwd(),
+            profileOverride: opts.copillmProfile ?? process.env.COPILLM_PROFILE ?? null,
+            skip: Boolean(opts.copillmNoConfig)
+        });
+        for (const line of formatApplyNotes(applyResult, "copilot")) {
+            process.stderr.write(`${line}\n`);
+        }
+        // Inject the stored GitHub OAuth token into the child env only — never
+        // export to the parent shell and never persist. Copilot CLI honours
+        // COPILOT_GITHUB_TOKEN ahead of its own stored credentials, so this
+        // short-circuits its device-flow login when copillm already has a token.
+        const env = {
+            ...applyResult.envOverlay,
+            COPILOT_GITHUB_TOKEN: credential.token
+        };
+        const baseArgs = [...forwarded, ...applyResult.cliArgs];
+        const args = applyYoloForLaunch({ agent: "copilot", flag: opts.yolo, applyResult, baseArgs });
+        const exitCode = await launchAgent({
+            agent: "copilot",
+            args,
+            env,
+            pinnedSpec
+        });
+        process.exit(exitCode);
+    });
+}

package/dist/cli/commands/agents/pi.js

@@ -0,0 +1,47 @@
+import { applyAgentConfig, formatApplyNotes } from "../../../agentconfig/apply.js";
+import { buildPiEnvBundle } from "../../agentEnv.js";
+import { processCopillmArgs } from "../../copillmFlags.js";
+import { ensureDaemonRunningForLauncher } from "../../daemon/ensureRunning.js";
+import { launchAgent } from "../../launchAgent.js";
+import { refreshPiHome } from "../../integrations/refreshPi.js";
+import { enableRuntimeDebug, resolveCopillmDebug } from "../../shared/debug.js";
+import { applyYoloForLaunch } from "./shared.js";
+export function register(program) {
+    program
+        .command("pi")
+        .description("Launch pi coding agent against copillm (auto-starts daemon, downloads pi if missing)")
+        .allowUnknownOption(true)
+        .helpOption(false)
+        .argument("[args...]", "Args forwarded to pi")
+        .action(async (forwardedArgs) => {
+        const { opts, forwarded } = processCopillmArgs(forwardedArgs ?? []);
+        const debug = resolveCopillmDebug(opts.copillmDebug);
+        enableRuntimeDebug(debug);
+        const lock = await ensureDaemonRunningForLauncher({ debug });
+        const pi = await refreshPiHome(lock.port);
+        if (!pi) {
+            throw new Error("Failed to prepare pi models.json (see warning above).");
+        }
+        const bundle = buildPiEnvBundle(pi.outDir);
+        const pinnedSpec = opts.copillmUse ?? process.env.COPILLM_PI_VERSION ?? undefined;
+        const applyResult = applyAgentConfig({
+            agent: "pi",
+            cwd: process.cwd(),
+            profileOverride: opts.copillmProfile ?? process.env.COPILLM_PROFILE ?? null,
+            skip: Boolean(opts.copillmNoConfig)
+        });
+        for (const line of formatApplyNotes(applyResult, "pi")) {
+            process.stderr.write(`${line}\n`);
+        }
+        const env = { ...bundle.env, ...applyResult.envOverlay };
+        const baseArgs = [...forwarded, ...applyResult.cliArgs];
+        const args = applyYoloForLaunch({ agent: "pi", flag: opts.yolo, applyResult, baseArgs });
+        const exitCode = await launchAgent({
+            agent: "pi",
+            args,
+            env,
+            pinnedSpec
+        });
+        process.exit(exitCode);
+    });
+}

package/dist/cli/commands/agents/shared.js

@@ -0,0 +1,28 @@
+import { applyYolo, resolveYoloWithSource } from "../../../agents/registry.js";
+/**
+ * Shared yolo wiring for the four agent subcommands. Resolves precedence
+ * (flag > env > profile > defaults > off), runs `applyYolo` with source
+ * attribution so the unsupported-agent warning carries traceable origin
+ * info, and emits a one-line stderr notice when yolo was turned on by a
+ * config layer rather than the explicit --yolo flag (so users aren't
+ * surprised by silently-skipped approvals).
+ */
+export function applyYoloForLaunch(params) {
+    const decision = resolveYoloWithSource({
+        agent: params.agent,
+        flag: params.flag,
+        profile: {
+            yolo: params.applyResult.yolo,
+            profileName: params.applyResult.active
+        }
+    });
+    if (decision.value && decision.source !== "flag" && decision.source !== "env") {
+        process.stderr.write(`copillm: yolo enabled for ${params.agent} via ${decision.label}\n`);
+    }
+    return applyYolo({
+        agent: params.agent,
+        userArgs: params.baseArgs,
+        yolo: decision.value,
+        source: decision.source
+    });
+}

package/dist/cli/commands/auth.js

@@ -0,0 +1,99 @@
+import { inspectStoredCredential } from "../../auth/credentials.js";
+import { inspectGithubIdentity } from "../../auth/githubIdentity.js";
+import { ensureAuthenticatedInteractive } from "../auth/ensure.js";
+import { runAuthLogin, runAuthLogout } from "../auth/runAuth.js";
+import { formatHumanAuthStatusLine } from "../shared/backends.js";
+import { emitDeprecation } from "../shared/deprecation.js";
+// Re-export for callers (e.g. start command) that need the interactive prompt.
+export { ensureAuthenticatedInteractive };
+export function register(program) {
+    program
+        .command("login")
+        .description("[deprecated] Use `copillm auth login`")
+        .option("--json", "JSON output")
+        .action(async (opts) => {
+        emitDeprecation(opts, "login", "auth login");
+        await runAuthLogin(opts, { forceSession: false });
+    });
+    program
+        .command("logout")
+        .description("[deprecated] Use `copillm auth logout`")
+        .option("--json", "JSON output")
+        .action(async (opts) => {
+        emitDeprecation(opts, "logout", "auth logout");
+        await runAuthLogout(opts);
+    });
+    const auth = program.command("auth").description("Authentication commands");
+    auth
+        .command("login")
+        .description("Authenticate with GitHub")
+        .option("--json", "JSON output")
+        // Undocumented test seam: force the session-only backend regardless of
+        // whether the OS keychain is available. Equivalent to setting
+        // COPILLM_FORCE_SESSION_BACKEND=1 for the duration of this command.
+        .option("--force-session", "(test-only) force the session-only backend", false)
+        .action(async (opts) => {
+        await runAuthLogin(opts, { forceSession: Boolean(opts.forceSession) });
+    });
+    auth
+        .command("logout")
+        .description("Clear credentials and stop running daemon")
+        .option("--json", "JSON output")
+        .action(async (opts) => {
+        await runAuthLogout(opts);
+    });
+    auth
+        .command("status")
+        .description("Report whether a credential is stored (token is never printed)")
+        .option("--json", "JSON output")
+        .option("--no-user", "Skip the GitHub /user lookup that fetches the login name")
+        .action(async (opts) => {
+        let info;
+        try {
+            info = await inspectStoredCredential();
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : "unknown_error";
+            if (opts.json) {
+                process.stdout.write(JSON.stringify({ status: "error", error: message }, null, 2) + "\n");
+            }
+            else {
+                process.stderr.write(`auth status error: ${message}\n`);
+            }
+            process.exit(1);
+        }
+        // commander's --no-user toggles opts.user to false; when the flag is
+        // omitted opts.user is undefined and we treat that as "fetch by default".
+        const userLookupEnabled = info.stored && opts.user !== false;
+        let identity = null;
+        if (userLookupEnabled) {
+            // inspectGithubIdentity is designed to return null on any failure, but
+            // we wrap defensively at the CLI level too: a regression in the wrapper,
+            // or a platform-specific fetch error path (e.g. Node 22 on macOS has
+            // surfaced uncaught socket rejections from privileged-port ECONNREFUSED),
+            // must never break the auth-status command. Status output should always
+            // succeed even when the network is broken.
+            try {
+                identity = await inspectGithubIdentity();
+            }
+            catch {
+                identity = null;
+            }
+        }
+        if (opts.json) {
+            process.stdout.write(JSON.stringify({
+                status: info.stored ? "logged_in" : "logged_out",
+                stored: info.stored,
+                backend: info.backend,
+                user: identity
+            }, null, 2) + "\n");
+        }
+        else if (info.stored) {
+            process.stdout.write(`${formatHumanAuthStatusLine(info.backend, identity)}\n`);
+        }
+        else {
+            process.stdout.write("not logged in\n");
+        }
+        process.exit(info.stored ? 0 : 2);
+    });
+}