copillm 0.2.3 → 0.2.5

package/dist/cli/copillmFlags.js

@@ -0,0 +1,111 @@
+/**
+ * Declarative registry of copillm-owned launcher flags + the processor that
+ * extracts them from a raw arg tail.
+ *
+ * Why this exists: commander's `passThroughOptions()` stops parsing at the
+ * first unrecognized token and forwards everything after it verbatim. That made
+ * copillm-flag recognition order-dependent — `copillm claude
+ * --dangerously-skip-permissions --copillm-profile work` leaked
+ * `--copillm-profile work` straight to the agent, which then crashed on the
+ * unknown option. Because every copillm flag is namespaced (`--copillm-*`) or
+ * the single well-known `--yolo`, scanning the entire arg list for them is safe
+ * and collision-free. This processor does exactly that, layered on top of
+ * commander (which still owns subcommand routing).
+ *
+ * Adding a new copillm launcher flag should be one row in `COPILLM_FLAGS` plus a
+ * field on `CopillmLaunchOpts` — never new parsing logic.
+ */
+export const COPILLM_FLAGS = [
+    {
+        flag: "--copillm-use",
+        aliases: ["--use"],
+        takesValue: true,
+        dest: "copillmUse",
+        kind: "swallow",
+        description: "Pin agent package version"
+    },
+    {
+        flag: "--copillm-debug",
+        aliases: ["--debug"],
+        takesValue: false,
+        dest: "copillmDebug",
+        kind: "swallow",
+        description: "Enable debug endpoints when auto-starting daemon"
+    },
+    {
+        flag: "--copillm-profile",
+        aliases: ["--profile"],
+        takesValue: true,
+        dest: "copillmProfile",
+        kind: "swallow",
+        description: "Override active profile for this launch"
+    },
+    {
+        flag: "--copillm-no-config",
+        aliases: ["--no-config"],
+        takesValue: false,
+        dest: "copillmNoConfig",
+        kind: "swallow",
+        description: "Skip agent.toml fan-out for this launch"
+    },
+    {
+        flag: "--yolo",
+        takesValue: false,
+        dest: "yolo",
+        kind: "translate",
+        description: "Skip approvals (translated per-agent)"
+    }
+];
+const SPEC_BY_FLAG = new Map();
+for (const spec of COPILLM_FLAGS) {
+    SPEC_BY_FLAG.set(spec.flag, spec);
+    for (const alias of spec.aliases ?? []) {
+        SPEC_BY_FLAG.set(alias, spec);
+    }
+}
+/**
+ * Extract copillm-owned flags from a raw arg tail, returning the parsed opts
+ * plus everything else to forward to the agent.
+ *
+ * Extract-everywhere: copillm flags are pulled out regardless of position,
+ * including after a `--` separator (the `--` itself is forwarded). Accepted
+ * tradeoff: a literal `--copillm-*`/`--yolo` token cannot be passed through to
+ * the agent as data. These tokens have no legitimate meaning to the agents.
+ *
+ * Pure function, no I/O.
+ */
+export function processCopillmArgs(rawArgs) {
+    const opts = {};
+    const forwarded = [];
+    for (let i = 0; i < rawArgs.length; i++) {
+        const token = rawArgs[i];
+        const eq = token.indexOf("=");
+        const name = eq === -1 ? token : token.slice(0, eq);
+        const spec = SPEC_BY_FLAG.get(name);
+        if (!spec) {
+            forwarded.push(token);
+            continue;
+        }
+        if (spec.takesValue) {
+            let value;
+            if (eq !== -1) {
+                value = token.slice(eq + 1);
+            }
+            else if (i + 1 < rawArgs.length) {
+                value = rawArgs[++i];
+            }
+            if (value === undefined) {
+                throw new Error(`${spec.flag} requires a value`);
+            }
+            setOpt(opts, spec.dest, value);
+        }
+        else {
+            setOpt(opts, spec.dest, true);
+        }
+    }
+    return { opts, forwarded };
+}
+function setOpt(opts, dest, value) {
+    // Last-wins on repeats. dest/value pairing is guaranteed by the spec table.
+    opts[dest] = value;
+}

package/dist/cli/daemon/ensureRunning.js

@@ -0,0 +1,65 @@
+import { spawn } from "node:child_process";
+import { inspectStoredCredential } from "../../auth/credentials.js";
+import { inspectLock } from "../../server/lock.js";
+import { currentDebugLogPath } from "../shared/debug.js";
+import { displayHomePath } from "../integrations/banner.js";
+import { isPidAlive } from "./lifecycle.js";
+import { readLiveLock, waitForDaemonReady, warnIfDebugRequestedButInactive } from "./probes.js";
+import { daemonSpawnEnv } from "./spawnEnv.js";
+import { buildSelfSpawnCommand } from "./selfSpawn.js";
+export async function ensureDaemonRunningForLauncher(opts) {
+    const live = await readLiveLock();
+    if (live) {
+        await warnIfDebugRequestedButInactive(opts.debug, live.port);
+        return live;
+    }
+    // Fail fast on missing credentials rather than spawning a detached daemon
+    // that will die silently and surface as a generic "start timed out" error.
+    const authState = await inspectStoredCredential();
+    if (!authState.stored) {
+        throw new Error("Not authenticated. Run `copillm auth login` first.");
+    }
+    const debugLog = currentDebugLogPath(opts.debug);
+    process.stderr.write(opts.debug && debugLog
+        ? `Starting copillm in background with debug logging at ${displayHomePath(debugLog)}...\n`
+        : `Starting copillm in background...\n`);
+    const daemonCommand = buildSelfSpawnCommand("daemon", opts.debug ? ["--debug"] : []);
+    const child = spawn(daemonCommand.command, daemonCommand.args, {
+        detached: true,
+        stdio: ["ignore", "ignore", "pipe"],
+        env: daemonSpawnEnv(opts.debug)
+    });
+    child.unref();
+    const stderrChunks = [];
+    let stderrBytes = 0;
+    const STDERR_TAIL_LIMIT = 8 * 1024;
+    if (child.stderr) {
+        child.stderr.on("data", (chunk) => {
+            stderrChunks.push(chunk);
+            stderrBytes += chunk.length;
+            while (stderrBytes > STDERR_TAIL_LIMIT && stderrChunks.length > 1) {
+                stderrBytes -= stderrChunks[0].length;
+                stderrChunks.shift();
+            }
+        });
+        child.stderr.on("error", () => {
+            // Ignore — best-effort capture only.
+        });
+    }
+    const formatStderrTail = () => {
+        const tail = Buffer.concat(stderrChunks).toString("utf8").trim();
+        return tail ? `\nDaemon stderr (tail):\n${tail}` : "";
+    };
+    const started = await waitForDaemonReady(child.pid ?? null, 10_000);
+    if (!started) {
+        if (child.pid !== undefined && !isPidAlive(child.pid)) {
+            throw new Error(`copillm daemon exited before becoming ready.${formatStderrTail()}`);
+        }
+        throw new Error(`Auto-start of copillm daemon timed out.${formatStderrTail()}`);
+    }
+    const inspection = inspectLock();
+    if (inspection.state !== "running") {
+        throw new Error(`copillm daemon failed to register a lock after auto-start.${formatStderrTail()}`);
+    }
+    return inspection.lock;
+}

package/dist/cli/daemon/lifecycle.js

@@ -0,0 +1,61 @@
+import { setTimeout as sleep } from "node:timers/promises";
+import { inspectLock } from "../../server/lock.js";
+export function isPidAlive(pid) {
+    try {
+        process.kill(pid, 0);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+export function sendSignalIfAlive(pid, signal) {
+    try {
+        process.kill(pid, signal);
+        return true;
+    }
+    catch (error) {
+        if (error instanceof Error && "code" in error && error.code === "ESRCH") {
+            return false;
+        }
+        throw error;
+    }
+}
+export async function stopByPid(pid) {
+    if (!sendSignalIfAlive(pid, "SIGTERM")) {
+        return;
+    }
+    const stopDeadline = Date.now() + 8_000;
+    while (Date.now() < stopDeadline) {
+        const lockState = inspectLock();
+        if (lockState.state !== "running" || lockState.lock.pid !== pid) {
+            return;
+        }
+        await sleep(150);
+    }
+    if (!sendSignalIfAlive(pid, "SIGKILL")) {
+        return;
+    }
+    const killDeadline = Date.now() + 2_000;
+    while (Date.now() < killDeadline) {
+        const lockState = inspectLock();
+        if (lockState.state !== "running" || lockState.lock.pid !== pid) {
+            return;
+        }
+        await sleep(100);
+    }
+    throw new Error(`Failed to stop daemon pid ${pid}.`);
+}
+export async function withTimeout(promise, timeoutMs, message) {
+    const timeoutPromise = sleep(timeoutMs).then(() => {
+        throw new Error(message);
+    });
+    return Promise.race([promise, timeoutPromise]);
+}
+export function computeUptimeSeconds(startedAtIso) {
+    const startedMs = Date.parse(startedAtIso);
+    if (!Number.isFinite(startedMs)) {
+        return null;
+    }
+    return Math.max(0, Math.floor((Date.now() - startedMs) / 1000));
+}

package/dist/cli/daemon/probes.js

@@ -0,0 +1,68 @@
+import { setTimeout as sleep } from "node:timers/promises";
+import { inspectLock } from "../../server/lock.js";
+import { isPidAlive } from "./lifecycle.js";
+export async function probeLivez(port) {
+    try {
+        const response = await fetch(`http://127.0.0.1:${port}/livez`, { signal: AbortSignal.timeout(800) });
+        return response.ok;
+    }
+    catch {
+        return false;
+    }
+}
+export async function probeDebugEndpoint(port) {
+    try {
+        const response = await fetch(`http://127.0.0.1:${port}/_debug`, { signal: AbortSignal.timeout(1_200) });
+        return response.ok;
+    }
+    catch {
+        return false;
+    }
+}
+export async function warnIfDebugRequestedButInactive(debugRequested, port) {
+    if (!debugRequested) {
+        return false;
+    }
+    const active = await probeDebugEndpoint(port);
+    if (!active) {
+        process.stderr.write(`warning: copillm is already running without debug mode; run \`copillm stop\` then \`copillm --debug start --detach\` to enable daemon diagnostics.\n`);
+    }
+    return active;
+}
+export async function probeHealth(port) {
+    try {
+        const response = await fetch(`http://127.0.0.1:${port}/healthz`, { signal: AbortSignal.timeout(1_500) });
+        const payload = (await response.json());
+        return {
+            ok: response.ok,
+            statusCode: response.status,
+            status: typeof payload.status === "string" ? payload.status : null,
+            error: typeof payload.error === "string" ? payload.error : null,
+            bearerTtlSeconds: response.ok && typeof payload.bearer_ttl_seconds === "number" ? payload.bearer_ttl_seconds : null
+        };
+    }
+    catch {
+        return { ok: false, bearerTtlSeconds: null, statusCode: null, status: null, error: "health_probe_failed" };
+    }
+}
+export async function readLiveLock() {
+    const lockState = inspectLock();
+    if (lockState.state !== "running") {
+        return null;
+    }
+    return (await probeLivez(lockState.lock.port)) ? lockState.lock : null;
+}
+export async function waitForDaemonReady(pid, timeoutMs) {
+    const startedAt = Date.now();
+    while (Date.now() - startedAt <= timeoutMs) {
+        const lockState = inspectLock();
+        if (lockState.state === "running" && (await probeLivez(lockState.lock.port))) {
+            return { pid: lockState.lock.pid, port: lockState.lock.port };
+        }
+        if (pid !== null && !isPidAlive(pid)) {
+            return null;
+        }
+        await sleep(150);
+    }
+    return null;
+}

package/dist/cli/daemon/runDaemon.js

@@ -0,0 +1,102 @@
+import { randomUUID } from "node:crypto";
+import { loadStoredCredential } from "../../auth/credentials.js";
+import { CopilotTokenManager } from "../../auth/copilotToken.js";
+import { loadConfig } from "../../config/config.js";
+import { acquireLock, LockAlreadyRunningError, releaseLock } from "../../server/lock.js";
+import { startProxyServer } from "../../server/proxy.js";
+import { installProcessSafetyNet } from "../processSafetyNet.js";
+import { getRootLogger } from "../shared/debug.js";
+import { withTimeout } from "./lifecycle.js";
+import { probeLivez } from "./probes.js";
+export function candidatePorts(preferredPort) {
+    const ports = [];
+    for (let offset = 0; offset < 10; offset += 1) {
+        const port = preferredPort + offset;
+        if (port <= 65535) {
+            ports.push(port);
+        }
+    }
+    return ports;
+}
+export function isAddrInUse(error) {
+    return error instanceof Error && "code" in error && error.code === "EADDRINUSE";
+}
+export async function runDaemon(options) {
+    const logger = getRootLogger();
+    const config = loadConfig();
+    const creds = await loadStoredCredential();
+    if (!creds) {
+        throw new Error("Not authenticated. Run `copillm login` first.");
+    }
+    const tokenManager = new CopilotTokenManager(creds.token);
+    await tokenManager.ensureToken(false);
+    const callerSecret = config.requireCallerSecret ? randomUUID() : null;
+    if (callerSecret) {
+        process.stdout.write(`Caller secret: ${callerSecret}\n`);
+    }
+    const ports = candidatePorts(config.preferredPort);
+    let server = null;
+    let selectedPort = null;
+    for (const port of ports) {
+        try {
+            await acquireLock(port, { isRunning: async (lock) => probeLivez(lock.port) });
+        }
+        catch (error) {
+            if (error instanceof LockAlreadyRunningError) {
+                tokenManager.clear();
+                return { kind: "already_running", lock: error.lock };
+            }
+            throw error;
+        }
+        try {
+            server = await startProxyServer({
+                port,
+                config,
+                tokenManager,
+                callerSecret,
+                logger,
+                debug: Boolean(options?.debug),
+                githubToken: creds.token
+            });
+            selectedPort = port;
+            break;
+        }
+        catch (error) {
+            releaseLock();
+            if (isAddrInUse(error)) {
+                continue;
+            }
+            throw error;
+        }
+    }
+    if (!server || selectedPort === null) {
+        tokenManager.clear();
+        throw new Error(`No available port in configured range (${ports[0]}-${ports[ports.length - 1]}).`);
+    }
+    installProcessSafetyNet(logger);
+    let shuttingDown = false;
+    const shutdown = async () => {
+        if (shuttingDown) {
+            return;
+        }
+        shuttingDown = true;
+        try {
+            await withTimeout(server.close(), 5_000, "Timed out while draining requests.");
+        }
+        catch (error) {
+            logger.warn({ err: error }, "graceful shutdown timed out");
+        }
+        finally {
+            tokenManager.clear();
+            releaseLock();
+            process.exit(0);
+        }
+    };
+    process.once("SIGINT", () => {
+        void shutdown();
+    });
+    process.once("SIGTERM", () => {
+        void shutdown();
+    });
+    return { kind: "started", port: selectedPort, callerSecret };
+}

package/dist/cli/daemon/selfSpawn.js

@@ -0,0 +1,15 @@
+import path from "node:path";
+export function buildSelfSpawnCommand(subcommand, extraArgs = [], runtime = process) {
+    const entryPoint = runtime.argv[1];
+    if (!entryPoint || sameExecutable(entryPoint, runtime.execPath)) {
+        return { command: runtime.execPath, args: [subcommand, ...extraArgs] };
+    }
+    return { command: runtime.execPath, args: [entryPoint, subcommand, ...extraArgs] };
+}
+function sameExecutable(left, right) {
+    const normalizedLeft = path.resolve(left);
+    const normalizedRight = path.resolve(right);
+    return process.platform === "win32"
+        ? normalizedLeft.toLowerCase() === normalizedRight.toLowerCase()
+        : normalizedLeft === normalizedRight;
+}

package/dist/cli/daemon/spawnEnv.js

@@ -0,0 +1,12 @@
+import { debugLogPath } from "../../config/home.js";
+import { currentDebugLogPath } from "../shared/debug.js";
+export function daemonSpawnEnv(debug) {
+    if (!debug) {
+        return process.env;
+    }
+    return {
+        ...process.env,
+        COPILLM_LOG_LEVEL: "debug",
+        COPILLM_LOG_FILE: currentDebugLogPath(true) ?? debugLogPath()
+    };
+}

package/dist/cli/index.js

@@ -0,0 +1,41 @@
+import { Command } from "commander";
+import { createLogger } from "../config/logging.js";
+import { registerConfigCommands } from "./configCommands.js";
+import * as authCmd from "./commands/auth.js";
+import * as daemonCmd from "./commands/daemon.js";
+import * as modelsCmd from "./commands/models.js";
+import * as envCmd from "./commands/env.js";
+import * as codexCmd from "./commands/agents/codex.js";
+import * as claudeCmd from "./commands/agents/claude.js";
+import * as piCmd from "./commands/agents/pi.js";
+import * as copilotCmd from "./commands/agents/copilot.js";
+import { setRootLogger, setRootProgram } from "./shared/debug.js";
+import { getPackageInfo } from "./packageInfo.js";
+import { maybeNotifyAboutUpdate } from "./updateNotifier.js";
+const logger = createLogger();
+const program = new Command();
+setRootProgram(program);
+setRootLogger(logger);
+const pkg = getPackageInfo();
+await maybeNotifyAboutUpdate({ packageInfo: pkg });
+program.name("copillm").description("Local Copilot proxy").version(pkg.version);
+program.enablePositionalOptions();
+program.option("--debug", "Enable copillm debug mode (debug endpoint plus verbose daemon diagnostics)");
+program.option("--no-update-notifier", "Skip the npm registry update check for this run");
+authCmd.register(program);
+daemonCmd.register(program);
+modelsCmd.register(program);
+envCmd.register(program);
+codexCmd.register(program);
+claudeCmd.register(program);
+piCmd.register(program);
+copilotCmd.register(program);
+registerConfigCommands(program);
+program.parseAsync(process.argv).catch((error) => {
+    if (error instanceof Error) {
+        logger.error({ err: error }, error.message);
+        process.stderr.write(`${error.message}\n`);
+        process.exit(1);
+    }
+    throw error;
+});

package/dist/cli/integrations/banner.js

@@ -0,0 +1,51 @@
+export function displayHomePath(p) {
+    const home = process.env.HOME ?? process.env.USERPROFILE;
+    if (home && p.startsWith(home)) {
+        return p.replace(home, "~");
+    }
+    return p;
+}
+export function formatStartBanner(input) {
+    const verb = input.mode === "foreground" ? "listening on" : "running on";
+    const lines = [];
+    const debugSuffix = input.debug ? " [debug]" : "";
+    const modeSuffix = input.mode === "already_running" ? " (already running)" : "";
+    lines.push(`● copillm ${verb} http://127.0.0.1:${input.port} (pid ${input.pid})${debugSuffix}${modeSuffix}`);
+    if (input.codex) {
+        lines.push(`   ${input.codex.modelCount} Copilot models discovered · default: ${input.codex.defaultModel}`);
+    }
+    if (input.debugLogPath) {
+        lines.push(`   debug log: ${displayHomePath(input.debugLogPath)}`);
+    }
+    if (input.pi) {
+        lines.push(`   pi: wrote ${input.pi.modelCount} models to ${displayHomePath(input.pi.configPath)}${input.pi.backupPath ? ` (backed up prior config to ${displayHomePath(input.pi.backupPath)})` : ""}`);
+    }
+    lines.push(``);
+    lines.push(`Launch an agent against copillm:`);
+    if (input.codex) {
+        lines.push(`    copillm codex      # starts Codex CLI, preconfigured`);
+    }
+    lines.push(`    copillm claude     # starts Claude Code, preconfigured`);
+    if (input.pi) {
+        lines.push(`    copillm pi         # starts pi coding agent, preconfigured`);
+    }
+    lines.push(``);
+    lines.push(`Or print env vars to use yourself:`);
+    if (input.codex) {
+        lines.push(`    copillm env codex`);
+    }
+    lines.push(`    copillm env claude`);
+    if (input.pi) {
+        lines.push(`    copillm env pi`);
+    }
+    return lines.join("\n");
+}
+export function formatStopHumanLine(primary, cache) {
+    if (cache.cleared) {
+        return `${primary} Cleared Claude Code gateway cache.`;
+    }
+    if (cache.reason === "not_present") {
+        return primary;
+    }
+    return `${primary} Could not clear Claude Code gateway cache: ${cache.reason ?? "unknown error"}.`;
+}

package/dist/cli/integrations/claudeExport.js

@@ -0,0 +1,14 @@
+import { buildClaudeEnvBundle } from "../agentEnv.js";
+import { buildClaudeExportCommand as buildClaudeExport, computeAnthropicDefaults, readModelIdsFromCache } from "../../models/anthropicDefaults.js";
+export function buildClaudeExportCommand(port, callerSecret) {
+    const modelIds = readModelIdsFromCache();
+    const defaults = computeAnthropicDefaults(modelIds);
+    const command = buildClaudeExport({
+        port,
+        callerSecret,
+        defaults,
+        enableGatewayDiscovery: true
+    });
+    const bundle = buildClaudeEnvBundle({ port, callerSecret, defaults, enableGatewayDiscovery: true });
+    return { command, defaults, bundle };
+}

package/dist/cli/integrations/refreshCodex.js

@@ -0,0 +1,19 @@
+import { getCopillmHome } from "../../config/home.js";
+import { defaultOutputDir, generateCodexHome } from "../../integrations/codex/init.js";
+export async function refreshCodexHome(port, model) {
+    try {
+        const home = getCopillmHome();
+        return await generateCodexHome({
+            outDir: defaultOutputDir(home),
+            model,
+            port,
+            providerId: "copillm",
+            reasoningEffort: null
+        });
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : "unknown_error";
+        process.stderr.write(`warning: failed to generate ~/.copillm/codex/ — ${message}\n`);
+        return null;
+    }
+}

package/dist/cli/integrations/refreshPi.js

@@ -0,0 +1,17 @@
+import { getCopillmHome } from "../../config/home.js";
+import { defaultOutputDir as defaultPiOutputDir, generatePiHome } from "../../integrations/pi/init.js";
+export async function refreshPiHome(port) {
+    try {
+        const home = getCopillmHome();
+        return await generatePiHome({
+            outDir: defaultPiOutputDir(home),
+            port,
+            providerId: "copillm"
+        });
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : "unknown_error";
+        process.stderr.write(`warning: failed to generate pi models.json — ${message}\n`);
+        return null;
+    }
+}

package/dist/cli/packageInfo.js

@@ -0,0 +1,29 @@
+import { createRequire } from "node:module";
+const FALLBACK_PACKAGE_INFO = {
+    name: "copillm",
+    version: "0.2.5"
+};
+export function getPackageInfo() {
+    const envName = cleanPackageValue(process.env.COPILLM_PACKAGE_NAME);
+    const envVersion = cleanPackageValue(process.env.COPILLM_PACKAGE_VERSION);
+    if (envName && envVersion) {
+        return { name: envName, version: envVersion };
+    }
+    try {
+        const pkg = createRequire(import.meta.url)("../../package.json");
+        if (typeof pkg.name === "string" && pkg.name.length > 0 && typeof pkg.version === "string" && pkg.version.length > 0) {
+            return { name: pkg.name, version: pkg.version };
+        }
+    }
+    catch {
+        // Standalone bundles may not have package.json on disk.
+    }
+    return FALLBACK_PACKAGE_INFO;
+}
+export function fallbackPackageInfo() {
+    return FALLBACK_PACKAGE_INFO;
+}
+function cleanPackageValue(value) {
+    const trimmed = value?.trim();
+    return trimmed && trimmed.length > 0 ? trimmed : null;
+}

package/dist/cli/shared/backends.js

@@ -0,0 +1,31 @@
+export function describeBackend(backend) {
+    switch (backend) {
+        case "keyring":
+            return "OS keychain";
+        case "file":
+            return "credentials file";
+        case "session":
+            return "in-memory (session only)";
+        default:
+            return "no backend";
+    }
+}
+export function formatHumanAuthStatusLine(backend, identity) {
+    if (!identity) {
+        return `logged in (${describeBackend(backend)})`;
+    }
+    const nameSuffix = identity.name && identity.name !== identity.login ? ` (${identity.name})` : "";
+    return `logged in as @${identity.login}${nameSuffix} (${describeBackend(backend)})`;
+}
+export function writeAuthStatusLine(authInfo) {
+    if (authInfo.error) {
+        process.stdout.write(`auth: error (${authInfo.error})\n`);
+        return;
+    }
+    if (authInfo.stored) {
+        process.stdout.write(`auth: logged in (${describeBackend(authInfo.backend)})\n`);
+    }
+    else {
+        process.stdout.write("auth: not logged in\n");
+    }
+}