gipity 1.0.386 → 1.0.387

package/dist/api.js

@@ -1,7 +1,7 @@
 import { Readable } from 'stream';
 import * as tar from 'tar-stream';
 import { getAuth, refreshTokenIfNeeded } from './auth.js';
-import { getConfig, getApiBaseOverride, requireConfig, saveConfig } from './config.js';
+import { resolveApiBase, requireConfig, saveConfig } from './config.js';
 export class ApiError extends Error {
     statusCode;
     code;
@@ -27,7 +27,7 @@ async function getHeaders() {
     };
 }
 function baseUrl() {
-    return getApiBaseOverride() || getConfig()?.apiBase || 'https://a.gipity.ai';
+    return resolveApiBase();
 }
 /** Exposed so streaming consumers (SSE) can build URLs without re-implementing
  *  the override / config resolution. */
@@ -101,6 +101,9 @@ export async function postForTarEntries(path, body) {
 export function put(path, body) {
     return request('PUT', path, body);
 }
+export function patch(path, body) {
+    return request('PATCH', path, body);
+}
 export function del(path, body) {
     return request('DELETE', path, body);
 }

package/dist/auth.js

@@ -1,4 +1,4 @@
-import { readFileSync, writeFileSync, mkdirSync, existsSync, unlinkSync } from 'fs';
+import { readFileSync, writeFileSync, mkdirSync, existsSync, unlinkSync, chmodSync } from 'fs';
 import { join } from 'path';
 import { homedir } from 'os';
 import { decodeJwtExp } from './utils.js';
@@ -33,8 +33,16 @@ export function readAuthFresh() {
     }
 }
 export function saveAuth(data) {
-    mkdirSync(AUTH_DIR, { recursive: true });
-    writeFileSync(AUTH_FILE, JSON.stringify(data, null, 2));
+    // Lock down to owner-only: this file holds the account access + 7-day refresh
+    // tokens, so a default 0644/0755 would let any other local user read them.
+    // (The relay state file already does this; auth.json is the more sensitive of
+    // the two.) chmod after write to also tighten any pre-existing loose file.
+    mkdirSync(AUTH_DIR, { recursive: true, mode: 0o700 });
+    writeFileSync(AUTH_FILE, JSON.stringify(data, null, 2), { mode: 0o600 });
+    try {
+        chmodSync(AUTH_FILE, 0o600);
+    }
+    catch { /* best-effort on platforms without chmod */ }
     cached = data;
 }
 export function clearAuth() {
@@ -73,7 +81,7 @@ export async function refreshTokenIfNeeded() {
         return; // not logged in, caller will handle
     try {
         const config = await import('./config.js');
-        const apiBase = config.getApiBaseOverride() || config.getConfig()?.apiBase || 'https://a.gipity.ai';
+        const apiBase = config.resolveApiBase();
         const res = await fetch(`${apiBase}/auth/refresh`, {
             method: 'POST',
             headers: { 'Content-Type': 'application/json' },

package/dist/commands/add.js

@@ -179,7 +179,8 @@ export const addCommand = new Command('add')
         }
         const { name: labelName, files } = buildLocalPayload(resolved);
         const kind = sniffPayloadKind(files);
-        console.log(muted(`Uploading ${files.length} file(s) from ${resolved} (${kind}) ...`));
+        // Progress goes to stderr so `gipity add … --json` keeps stdout pure JSON.
+        console.error(muted(`Uploading ${files.length} file(s) from ${resolved} (${kind}) ...`));
         body = {
             name: labelName,
             title: opts.title,

package/dist/commands/claude.js

@@ -19,7 +19,7 @@ function resolveCommand(cmd) {
 }
 import { getAuth, saveAuth, clearAuth } from '../auth.js';
 import { get, post, publicPost, ApiError, getAccountSlug } from '../api.js';
-import { getConfig, saveConfigAt, clearConfigCache, getApiBaseOverride, getConfigPath } from '../config.js';
+import { getConfig, saveConfigAt, clearConfigCache, getApiBaseOverride, DEFAULT_API_BASE, getConfigPath } from '../config.js';
 import { sync } from '../sync.js';
 import { slugify, setupClaudeHooks, setupClaudeMd, setupAgentsMd, setupGitignore, DEFAULT_SYNC_IGNORE, isSyncIgnored } from '../setup.js';
 import { buildProjectContextBlock as buildProjectContextBlockText, buildNewProjectPrompt, buildResumeWrap, buildFreshWrap, } from '../prompts.js';
@@ -384,7 +384,7 @@ export const claudeCommand = new Command('claude')
                 accountSlug,
                 agentGuid,
                 conversationGuid: null,
-                apiBase: getApiBaseOverride() || 'https://a.gipity.ai',
+                apiBase: getApiBaseOverride() || DEFAULT_API_BASE,
                 ignore: DEFAULT_SYNC_IGNORE,
             });
             console.log(`\n  Using ${projectDir}`);
@@ -470,7 +470,7 @@ export const claudeCommand = new Command('claude')
                         err?.code === 'ETIMEDOUT' || err?.cause?.code === 'ECONNREFUSED' ||
                         err?.cause?.code === 'ENOTFOUND' || err?.cause?.code === 'ETIMEDOUT';
                     if (isConnectionError) {
-                        const apiBase = getApiBaseOverride() || 'https://a.gipity.ai';
+                        const apiBase = getApiBaseOverride() || DEFAULT_API_BASE;
                         console.error(`  ${clrError(`Could not connect to ${apiBase}`)}`);
                         console.error(`  ${muted('Check your connection and try again.')}`);
                         process.exit(1);
@@ -554,7 +554,7 @@ export const claudeCommand = new Command('claude')
                     accountSlug,
                     agentGuid,
                     conversationGuid: null,
-                    apiBase: getApiBaseOverride() || 'https://a.gipity.ai',
+                    apiBase: getApiBaseOverride() || DEFAULT_API_BASE,
                     ignore: DEFAULT_SYNC_IGNORE,
                 });
                 console.log(`\n  Using ${projectDir}`);

package/dist/commands/deploy.js

@@ -20,7 +20,7 @@ export const deployCommand = new Command('deploy')
     .argument('[target]', 'dev or prod', 'dev')
     .option('--source-dir <dir>', 'Source directory to deploy from')
     .option('--only <phases>', 'Run only specific phases (comma-separated)')
-    .option('--force', 'Re-run all phases, ignore checksums')
+    .option('--force', 'Re-run all phases (ignore checksums) and bypass the sync bulk-deletion guard')
     .option('--no-sync', 'Skip sync-up before deploy')
     .option('--optimize', 'Run build optimization')
     .option('--json', 'Output as JSON')

package/dist/commands/page-eval.js

@@ -3,6 +3,8 @@ import { Command } from 'commander';
 import { post, get, ApiError } from '../api.js';
 import { brand, bold, muted, warning } from '../colors.js';
 import { run } from '../helpers/index.js';
+import { resolveProjectContext } from '../config.js';
+import { uploadPublicFixture, deleteFixture } from '../page-fixtures.js';
 // Shown when an eval runs cleanly but returns nothing serializable. Turns a
 // bare/opaque `null` into a deterministic, actionable nudge so the agent shapes
 // a returnable value instead of guessing and retrying.
@@ -135,6 +137,7 @@ export const pageEvalCommand = new Command('eval')
     .argument('<url>', 'URL to load')
     .argument('[expr]', 'JavaScript to evaluate in page context (inline expression or statement body with return/await; result is JSON-serialized). Omit when using --file.')
     .option('--file <path>', 'Read the script body from a file instead of the inline <expr> arg (mutually exclusive). Runs as an async function body, so top-level return/await work.')
+    .option('--fixture <path>', 'Host a local file and expose it to the eval as `fixtureUrl` (and under `fixtures` by basename) to fetch in-page. For verifying a render/parse path against a real binary (an MP3, an image) - no size limit, auto-deleted after the run. Repeat for several files (single-value so it never swallows the inline <expr>).', (val, prev) => [...prev, val], [])
     .option('--wait <ms>', 'Sleep this many ms after DOMContentLoaded before evaluating (lets late async work settle; max 30000)', '500')
     .option('--wait-for <selector>', 'Wait until this CSS selector appears before evaluating (deterministic; replaces --wait)')
     .option('--wait-timeout <ms>', 'Max ms to wait for --wait-for before giving up', '5000')
@@ -161,30 +164,66 @@ export const pageEvalCommand = new Command('eval')
     const waitMs = capWaitMs(opts.wait, url);
     const parsedTimeout = parseInt(opts.waitTimeout, 10);
     const waitForTimeoutMs = Number.isFinite(parsedTimeout) && parsedTimeout >= 0 ? parsedTimeout : 5000;
-    const kickoff = await post('/tools/browser/eval', {
-        url, expr, waitMs,
-        waitForSelector: opts.waitFor || undefined,
-        waitForTimeoutMs: opts.waitFor ? waitForTimeoutMs : undefined,
-    });
-    const d = await pollEvalResult(kickoff.data.evalJobId, waitMs);
-    const { result, noValue } = normalizeEvalResult(d.result);
-    const execTimeout = evalExecTimeoutMessage(d.result);
-    if (execTimeout)
-        throw new Error(execTimeout);
-    if (opts.json) {
-        console.log(JSON.stringify(noValue ? { ...d, result, hint: EVAL_NO_VALUE_HINT } : { ...d, result }));
-        return;
+    // --fixture: host each file publicly, then splice `fixtures` / `fixtureUrl`
+    // into the eval scope so the page can fetch the bytes. The prelude makes the
+    // body a statement (const/return), so the server's expression form fails to
+    // parse and it falls back to the function-body form - which runs both inline
+    // exprs (wrapped in `return (...)`) and --file scripts. Cleanup in `finally`.
+    const fixturePaths = opts.fixture ?? [];
+    const hosted = [];
+    let projectGuid;
+    let sentExpr = expr;
+    try {
+        if (fixturePaths.length) {
+            const { config } = await resolveProjectContext({});
+            projectGuid = config.projectGuid;
+            for (const p of fixturePaths) {
+                console.log(muted(`Hosting fixture ${p}…`));
+                hosted.push(await uploadPublicFixture(projectGuid, p));
+            }
+            const map = {};
+            for (const h of hosted)
+                map[h.name] = h.url;
+            const prelude = `const fixtures=${JSON.stringify(map)};const fixtureUrl=${JSON.stringify(hosted[0].url)};`;
+            sentExpr = opts.file ? `${prelude}\n${expr}` : `${prelude}\nreturn (${expr});`;
+        }
+        const kickoff = await post('/tools/browser/eval', {
+            url, expr: sentExpr, waitMs,
+            waitForSelector: opts.waitFor || undefined,
+            waitForTimeoutMs: opts.waitFor ? waitForTimeoutMs : undefined,
+        });
+        const d = await pollEvalResult(kickoff.data.evalJobId, waitMs);
+        const { result, noValue } = normalizeEvalResult(d.result);
+        const execTimeout = evalExecTimeoutMessage(d.result);
+        if (execTimeout)
+            throw new Error(execTimeout);
+        if (opts.json) {
+            console.log(JSON.stringify(noValue ? { ...d, result, hint: EVAL_NO_VALUE_HINT } : { ...d, result }));
+            return;
+        }
+        console.log(`${brand('Eval')} ${bold(d.url || url)}`);
+        if (d.navigationIncomplete) {
+            console.log(`${warning('⚠ Navigation incomplete:')} ${d.note || 'page did not reach full load'}`);
+        }
+        if (hosted.length)
+            console.log(`${muted('Fixtures:')} ${hosted.map((h) => h.name).join(', ')}`);
+        console.log(opts.file ? `${muted('Script:')} ${opts.file}` : `${muted('Expression:')} ${expr}`);
+        console.log(`\n${result.trim() ? result : muted('(empty result)')}`);
+        if (noValue)
+            console.log(muted(`\n${EVAL_NO_VALUE_HINT}`));
+        if (d.truncated)
+            console.log(muted('\n(result truncated to fit context - narrow the expression for the full value)'));
     }
-    console.log(`${brand('Eval')} ${bold(d.url || url)}`);
-    if (d.navigationIncomplete) {
-        console.log(`${warning('⚠ Navigation incomplete:')} ${d.note || 'page did not reach full load'}`);
+    finally {
+        for (const h of hosted) {
+            try {
+                await deleteFixture(projectGuid, h.guid);
+            }
+            catch (err) {
+                console.error(warning(`⚠ Could not auto-delete fixture "${h.name}" (${h.guid}) — still hosted at ${h.url}: ${err.message}`));
+            }
+        }
     }
-    console.log(opts.file ? `${muted('Script:')} ${opts.file}` : `${muted('Expression:')} ${expr}`);
-    console.log(`\n${result.trim() ? result : muted('(empty result)')}`);
-    if (noValue)
-        console.log(muted(`\n${EVAL_NO_VALUE_HINT}`));
-    if (d.truncated)
-        console.log(muted('\n(result truncated to fit context - narrow the expression for the full value)'));
 }));
 // Each `page eval` call runs to completion before the next starts, so two evals
 // fired back-to-back never coexist in time - they CANNOT test whether two live
@@ -197,6 +236,10 @@ Examples:
   # Functionally test a page's own code paths: save a script that drives the UI
   # and returns a JSON-serializable result, then run it (no /tmp + shell quoting):
   gipity page eval "https://dev.gipity.ai/me/app/" --file ./tests/draw-flow.js --json
+  # Verify a render/parse path against a REAL file: --fixture hosts it, injects a
+  # fetch-able 'fixtureUrl', runs the eval, then deletes the hosted copy:
+  gipity page eval "https://dev.gipity.ai/me/app/" --fixture ./sample.mp3 \\
+    "(async()=>{ const b = await fetch(fixtureUrl).then(r=>r.arrayBuffer()); return window.App.parseId3(b); })()"
 
 The eval body runs under a ~20s in-page execution budget (its own await/setTimeout
 pauses count; --wait only sleeps BEFORE the eval and does not extend it). For a long

package/dist/commands/records.js

@@ -1,9 +1,13 @@
 import { Command } from 'commander';
-import { get, post, put, del } from '../api.js';
+import { get, post, put, patch, del } from '../api.js';
 import { requireConfig } from '../config.js';
 import { bold, muted } from '../colors.js';
 import { run, printList, printResult } from '../helpers/index.js';
 import { confirm } from '../utils.js';
+// All commands hit the app API (https://a.gipity.ai/api/<guid>/records/...),
+// which authorizes the logged-in owner via their Bearer token. (The native
+// Records API is the only records surface that exists server-side; there is no
+// /projects/<guid>/records mirror.)
 export const recordsCommand = new Command('records')
     .description('Manage records');
 recordsCommand
@@ -12,8 +16,38 @@ recordsCommand
     .option('--json', 'Output as JSON')
     .action((opts) => run('List', async () => {
     const config = requireConfig();
-    const res = await get(`/projects/${config.projectGuid}/records-config`);
-    printList(res.data, opts, 'No tables configured for Records API.', t => `${bold(t.table_name)}  ${muted(t.auth_level)}  ${muted(`pk=${t.primary_key_column}`)}  ${muted(`db=${t.database_name}`)}`);
+    const res = await get(`/api/${config.projectGuid}/records-config`);
+    printList(res.data, opts, 'No tables configured for Records API. Configure one with `gipity records config <table> --auth <level>`.', t => `${bold(t.table_name)}  ${muted(t.auth_level)}  ${muted(`pk=${t.primary_key_column}`)}  ${muted(`db=${t.database_name}`)}`);
+}));
+recordsCommand
+    .command('config <table>')
+    .description('Show or set a table\'s Records API config (auth level, search, etc.)')
+    .option('--auth <level>', 'Auth level: public (anonymous writes), member (sign-in), or user')
+    .option('--searchable <bool>', 'Enable full-text search (true/false)')
+    .option('--primary-key <col>', 'Primary key column (default: id)')
+    .option('--soft-delete <col>', 'Soft-delete column (pass "none" to clear)')
+    .option('--json', 'Output as JSON')
+    .action((table, opts) => run('Config', async () => {
+    const config = requireConfig();
+    const base = `/api/${config.projectGuid}/records/${table}/config`;
+    // No setter flags → just show the current config.
+    const setting = opts.auth || opts.searchable !== undefined || opts.primaryKey || opts.softDelete;
+    if (!setting) {
+        const res = await get(base);
+        printResult(JSON.stringify(res.data, null, 2), opts, res.data);
+        return;
+    }
+    const body = {};
+    if (opts.auth)
+        body.auth_level = opts.auth;
+    if (opts.searchable !== undefined)
+        body.searchable = /^(true|1|on|yes)$/i.test(String(opts.searchable));
+    if (opts.primaryKey)
+        body.primary_key_column = opts.primaryKey;
+    if (opts.softDelete)
+        body.soft_delete_column = opts.softDelete === 'none' ? null : opts.softDelete;
+    const res = await patch(base, body);
+    printResult(`Configured "${table}": auth=${res.data.auth_level}, searchable=${res.data.searchable}, pk=${res.data.primary_key_column}`, opts, res.data);
 }));
 recordsCommand
     .command('query <table>')
@@ -35,7 +69,7 @@ recordsCommand
     params.set('offset', opts.offset);
     if (opts.fields)
         params.set('fields', opts.fields);
-    const res = await get(`/projects/${config.projectGuid}/records/${table}?${params}`);
+    const res = await get(`/api/${config.projectGuid}/records/${table}?${params}`);
     if (opts.json) {
         console.log(JSON.stringify(res));
     }
@@ -54,7 +88,7 @@ recordsCommand
     .option('--json', 'Output as JSON')
     .action((table, id, opts) => run('Get', async () => {
     const config = requireConfig();
-    const res = await get(`/projects/${config.projectGuid}/records/${table}/${id}`);
+    const res = await get(`/api/${config.projectGuid}/records/${table}/${id}`);
     console.log(opts.json ? JSON.stringify(res.data) : JSON.stringify(res.data, null, 2));
 }));
 recordsCommand
@@ -65,7 +99,7 @@ recordsCommand
     .action((table, opts) => run('Create', async () => {
     const config = requireConfig();
     const data = JSON.parse(opts.data);
-    const res = await post(`/projects/${config.projectGuid}/records/${table}`, data);
+    const res = await post(`/api/${config.projectGuid}/records/${table}`, data);
     printResult(`Created: ${JSON.stringify(res.data)}`, opts, res.data);
 }));
 recordsCommand
@@ -76,7 +110,7 @@ recordsCommand
     .action((table, id, opts) => run('Update', async () => {
     const config = requireConfig();
     const data = JSON.parse(opts.data);
-    const res = await put(`/projects/${config.projectGuid}/records/${table}/${id}`, data);
+    const res = await put(`/api/${config.projectGuid}/records/${table}/${id}`, data);
     printResult(`Updated: ${JSON.stringify(res.data)}`, opts, res.data);
 }));
 recordsCommand
@@ -88,7 +122,7 @@ recordsCommand
         return;
     }
     const config = requireConfig();
-    await del(`/projects/${config.projectGuid}/records/${table}/${id}`);
+    await del(`/api/${config.projectGuid}/records/${table}/${id}`);
     printResult('Deleted.', { json: false });
 }));
 //# sourceMappingURL=records.js.map

package/dist/commands/remove.js

@@ -0,0 +1,42 @@
+import { Command } from 'commander';
+import { post } from '../api.js';
+import { requireConfig } from '../config.js';
+import { sync } from '../sync.js';
+import { success, muted } from '../colors.js';
+import { run } from '../helpers/index.js';
+import { confirm } from '../utils.js';
+export const removeCommand = new Command('remove')
+    .description('Remove an installed kit from the project (inverse of `gipity add <kit>`).')
+    .argument('<kit>', 'Kit key/directory under src/packages/ to remove')
+    .option('-y, --yes', 'Skip the confirmation prompt')
+    .option('--json', 'Output as JSON')
+    .action((kit, opts) => run('Remove', async () => {
+    const config = requireConfig();
+    if (!opts.yes && !opts.json) {
+        if (!await confirm(`Remove the "${kit}" kit (its files, import-map entries, and gipity.yaml wiring)?`)) {
+            console.log('Cancelled.');
+            return;
+        }
+    }
+    const res = await post(`/projects/${config.projectGuid}/remove`, { name: kit });
+    // Force the pull so the kit's deletions land locally without tripping the
+    // bulk-deletion guard - the removal is an explicit, user-invoked action.
+    const syncResult = await sync({ interactive: false, force: true });
+    const data = res.data;
+    if (opts.json) {
+        console.log(JSON.stringify({ ...data, synced: syncResult.applied }));
+        return;
+    }
+    console.log(success(`Removed the "${data.kit}" kit.`));
+    for (const r of data.removed)
+        console.log(muted(`  - ${r}`));
+    if (data.notes?.length) {
+        console.log('');
+        for (const n of data.notes)
+            console.log(n);
+    }
+    if (syncResult.applied > 0) {
+        console.log(`\nPulled ${syncResult.applied} change(s) to local.`);
+    }
+}));
+//# sourceMappingURL=remove.js.map

package/dist/commands/test.js

@@ -100,8 +100,11 @@ async function pollTestStatus(projectGuid, runGuid, opts) {
                     const progress = data.totalFiles === 0
                         ? 'starting up'
                         : `${data.completedFiles}/${data.totalFiles} files`;
+                    // "so far" so a heartbeat line, if captured on its own (tail/grep),
+                    // can't be mistaken for the final tally — the partial count climbing
+                    // toward the total previously read as "tests vanished".
                     const tally = data.passed + data.failed > 0
-                        ? ` (${data.passed} passed${data.failed > 0 ? `, ${data.failed} failed` : ''})`
+                        ? ` (${data.passed} passed${data.failed > 0 ? `, ${data.failed} failed` : ''} so far)`
                         : '';
                     console.log(muted(`  … still running — ${progress}${tally}, ${elapsed}s elapsed`));
                     if (now - startTime >= LONG_RUN_MS && !longRunHintShown) {

package/dist/config.js

@@ -1,6 +1,7 @@
 import { readFileSync, writeFileSync, existsSync } from 'fs';
 import { dirname, resolve } from 'path';
 const CONFIG_FILE = '.gipity.json';
+export const DEFAULT_API_BASE = 'https://a.gipity.ai';
 let cached = null;
 let cachedPath = null;
 /** Global --api-base override (set from root CLI option, takes precedence over config file) */
@@ -11,6 +12,49 @@ export function setApiBaseOverride(url) {
 export function getApiBaseOverride() {
     return apiBaseOverride;
 }
+/**
+ * Hosts we will attach the account/device token to. `.gipity.json` is found by
+ * walking up from cwd, so its `apiBase` is attacker-controllable: cloning a repo
+ * (or installing a template) that ships `{"apiBase":"https://evil.example"}`
+ * would otherwise redirect the very next `gipity` command's bearer — and, on
+ * refresh, the 7-day refresh token — to that host. Tokens are account-global, so
+ * that's account takeover from merely cd-ing into a poisoned tree. Only Gipity
+ * hosts over https may receive tokens; the explicit `--api-base` flag is trusted
+ * (it's how local dev points at localhost). */
+export function isAllowedApiHost(url) {
+    try {
+        const { protocol, hostname } = new URL(url);
+        if (protocol !== 'https:')
+            return false;
+        return hostname === 'gipity.ai' || hostname.endsWith('.gipity.ai');
+    }
+    catch {
+        return false;
+    }
+}
+const warnedHosts = new Set();
+/**
+ * The API base for token-bearing requests. Precedence:
+ *   1. explicit `--api-base` flag (trusted — any host, enables local dev)
+ *   2. the project config's `apiBase`, but only if it's an allowed Gipity host
+ *   3. the production default
+ * A config `apiBase` that fails the allowlist is dropped (with a one-time
+ * warning) rather than trusted — see {@link isAllowedApiHost}. */
+export function resolveApiBase() {
+    const override = getApiBaseOverride();
+    if (override)
+        return override;
+    const fromConfig = getConfig()?.apiBase;
+    if (fromConfig) {
+        if (isAllowedApiHost(fromConfig))
+            return fromConfig;
+        if (!warnedHosts.has(fromConfig)) {
+            warnedHosts.add(fromConfig);
+            console.error(`⚠ Ignoring untrusted apiBase "${fromConfig}" from .gipity.json — not a gipity.ai host. Using ${DEFAULT_API_BASE}.`);
+        }
+    }
+    return DEFAULT_API_BASE;
+}
 /** Find .gipity.json starting from cwd and walking up */
 function findConfigPath() {
     let dir = process.cwd();
@@ -92,7 +136,7 @@ export async function resolveProjectContext(opts) {
                 accountSlug,
                 agentGuid: agents.data[0]?.short_guid ?? '',
                 conversationGuid: null,
-                apiBase: getApiBaseOverride() || 'https://a.gipity.ai',
+                apiBase: getApiBaseOverride() || DEFAULT_API_BASE,
                 ignore: [],
             },
             oneOff: true,
@@ -121,7 +165,7 @@ export async function resolveProjectContext(opts) {
             accountSlug: res.data.accountSlug,
             agentGuid: res.data.agentGuid ?? '',
             conversationGuid: null,
-            apiBase: getApiBaseOverride() || 'https://a.gipity.ai',
+            apiBase: getApiBaseOverride() || DEFAULT_API_BASE,
             ignore: [],
         },
         oneOff: true,

package/dist/helpers/sync.js

@@ -7,12 +7,14 @@ import { muted, error as clrError } from '../colors.js';
  * Sync local files with the server before an action (deploy, test, scaffold).
  * Respects --no-sync and --json flags. Non-interactive: bulk-deletion guard
  * blocks accidental wipes from hooks; user must run `gipity sync` manually
- * (or pass --force) to unblock.
+ * (or pass --force) to unblock. `--force` on the action (e.g. `deploy --force`)
+ * forwards to the sync so it bypasses the guard too - one flag, forceful across
+ * the board, matching `gipity sync --force`.
  */
 export async function syncBeforeAction(opts) {
     if (opts.sync === false)
         return;
-    const result = await sync({ interactive: false });
+    const result = await sync({ interactive: false, force: opts.force });
     if (result.applied > 0 && !opts.json) {
         console.log(muted(`Synced ${result.applied} change${result.applied > 1 ? 's' : ''}`));
     }

package/dist/index.js

@@ -28,6 +28,7 @@ import { planCommand } from './commands/plan.js';
 import { fileCommand } from './commands/file.js';
 import { claudeCommand } from './commands/claude.js';
 import { addCommand } from './commands/add.js';
+import { removeCommand } from './commands/remove.js';
 import { logsCommand } from './commands/logs.js';
 import { pageCommand } from './commands/page.js';
 import { recordsCommand } from './commands/records.js';
@@ -100,7 +101,7 @@ const program = new Command();
 // --from Y`). enablePositionalOptions draws the boundary at the first command.
 program.enablePositionalOptions();
 // ── Command groups (logical ordering within each) ──────────────────────
-const commonGroup = [skillCommand, projectCommand, addCommand, deployCommand];
+const commonGroup = [skillCommand, projectCommand, addCommand, removeCommand, deployCommand];
 const connectGroup = [claudeCommand, relayCommand];
 const projectGroup = [domainCommand, statusCommand, initCommand];
 const filesGroup = [fileCommand, syncCommand, pushCommand, uploadCommand];

package/dist/page-fixtures.js

@@ -0,0 +1,41 @@
+// Host a local file as a public asset so a `gipity page eval` can fetch it
+// in-page, then delete it afterwards. The eval body runs inside the browser and
+// can only receive bulk/binary data over HTTP (the eval source itself is capped
+// and goes through the OS argv limit), so to verify a render/parse path against
+// a real fixture we upload it to the app's public file store (served from
+// media.gipity.ai with permissive CORS) and hand the eval a URL to fetch.
+//
+// Uses the same presigned init -> PUT -> complete flow the app file-upload
+// service exposes, with `public: true`. Cleanup goes through the matching
+// DELETE /api/:appGuid/uploads/:guid, which removes the public object too.
+import { readFileSync, statSync } from 'node:fs';
+import { basename } from 'node:path';
+import { post, del } from './api.js';
+import { guessMime } from './upload.js';
+/** Upload a local file to the app's public file store and return its URL. */
+export async function uploadPublicFixture(projectGuid, localPath) {
+    const name = basename(localPath);
+    const size = statSync(localPath).size;
+    const contentType = guessMime(localPath);
+    const init = await post(`/api/${projectGuid}/uploads/init`, { filename: name, content_type: contentType, size, public: true });
+    // Fixtures use the single-part path; a multipart fixture would be unusually
+    // large for a verification asset, so steer the caller to a smaller file.
+    if (init.data.method !== 'PUT' || !init.data.url) {
+        throw new Error(`fixture "${name}" is too large to host as a verification asset (${size} bytes)`);
+    }
+    const res = await fetch(init.data.url, {
+        method: 'PUT',
+        headers: { 'Content-Type': contentType },
+        body: readFileSync(localPath),
+    });
+    if (!res.ok) {
+        throw new Error(`upload of fixture "${name}" failed: ${res.status} ${res.statusText}`);
+    }
+    const done = await post(`/api/${projectGuid}/uploads/complete`, { upload_guid: init.data.upload_guid });
+    return { guid: done.data.guid, url: done.data.url, name, localPath };
+}
+/** Delete a hosted fixture (public object + VFS node). */
+export async function deleteFixture(projectGuid, guid) {
+    await del(`/api/${projectGuid}/uploads/${guid}`);
+}
+//# sourceMappingURL=page-fixtures.js.map

package/dist/project-setup.js

@@ -4,7 +4,7 @@
  * drop the Claude Code hooks/skills/gitignore into the target dir - consolidating
  * here keeps both call sites honest and the wording consistent.
  */
-import { clearConfigCache, saveConfigAt, getApiBaseOverride } from './config.js';
+import { clearConfigCache, saveConfigAt, getApiBaseOverride, DEFAULT_API_BASE } from './config.js';
 import { sync } from './sync.js';
 import { createProgressReporter } from './progress.js';
 import { setupClaudeHooks, setupGitignore, DEFAULT_TOOLS, DEFAULT_SYNC_IGNORE } from './setup.js';
@@ -20,7 +20,7 @@ export async function finalizeLocalProject(opts) {
         accountSlug: opts.accountSlug,
         agentGuid: opts.agentGuid,
         conversationGuid: null,
-        apiBase: getApiBaseOverride() || 'https://a.gipity.ai',
+        apiBase: getApiBaseOverride() || DEFAULT_API_BASE,
         ignore: [...DEFAULT_SYNC_IGNORE],
     };
     saveConfigAt(opts.dir, config);

package/dist/relay/daemon.js

@@ -26,7 +26,7 @@ import { stat, readFile } from 'fs/promises';
 import { createInterface } from 'readline';
 import { homedir, hostname, platform as osPlatform } from 'os';
 import { join } from 'path';
-import { getApiBaseOverride, getConfig } from '../config.js';
+import { getApiBaseOverride, DEFAULT_API_BASE } from '../config.js';
 import { getProjectsRoot } from './paths.js';
 import { setupClaudeHooks, setupClaudeMd, setupAgentsMd, setupGitignore, DEFAULT_SYNC_IGNORE } from '../setup.js';
 import { getAuth, readAuthFresh } from '../auth.js';
@@ -782,7 +782,7 @@ async function resolveCwdForProject(d) {
     }
     log('info', 'bootstrapping new project dir', { slug: d.project_slug, path });
     mkdirSync(path, { recursive: true });
-    const apiBase = getApiBaseOverride() || getConfig()?.apiBase || 'https://a.gipity.ai';
+    const apiBase = getApiBaseOverride() || DEFAULT_API_BASE;
     writeFileSync(configPath, JSON.stringify({
         projectGuid: d.project_guid,
         projectSlug: d.project_slug,

package/dist/relay/device-http.js

@@ -8,10 +8,10 @@
  * `gipity login` / the relay onboarding flow and never leaves this file
  * or the Authorization header.
  */
-import { getApiBaseOverride, getConfig } from '../config.js';
+import { resolveApiBase } from '../config.js';
 import * as state from './state.js';
 export function apiBase() {
-    return getApiBaseOverride() || getConfig()?.apiBase || 'https://a.gipity.ai';
+    return resolveApiBase();
 }
 export function deviceToken() {
     const d = state.getDevice();

package/dist/sync.js

@@ -22,7 +22,7 @@
  * the next pass so every client sees it. No content merging, ever.
  */
 import { writeFileSync, mkdirSync, existsSync, statSync, unlinkSync, readdirSync, rmdirSync, readFileSync, renameSync, openSync, closeSync } from 'fs';
-import { join, relative, dirname, extname } from 'path';
+import { join, relative, dirname, extname, resolve, sep } from 'path';
 import { hostname } from 'os';
 import { get, del, downloadStream, ApiError } from './api.js';
 import { requireConfig, shouldIgnore, getConfigPath } from './config.js';
@@ -189,6 +189,23 @@ async function ensureLocalHashes(root, local, paths) {
 function normalizeTreePath(p) {
     return p.replace(/^\/+/, '');
 }
+/**
+ * Resolve a relative path against the project root and assert it stays inside.
+ * Remote-supplied paths (the server's `/files/tree`, tar entry names, and the
+ * conflict-rename targets derived from them) are untrusted: `normalizeTreePath`
+ * strips a leading slash but NOT `..` segments, so a path like
+ * `../../.ssh/authorized_keys` would otherwise resolve outside the project and
+ * be written/renamed/deleted there. The relay daemon runs `sync` unattended on
+ * every dispatch, so an unchecked traversal is arbitrary file write with no
+ * human in the loop. Throws on escape; callers skip the offending action. */
+export function resolveInRoot(root, relPath) {
+    const rootResolved = resolve(root);
+    const full = resolve(rootResolved, relPath);
+    if (full !== rootResolved && !full.startsWith(rootResolved + sep)) {
+        throw new Error(`Refusing path outside project root: ${relPath}`);
+    }
+    return full;
+}
 async function fetchRemote(projectGuid) {
     const res = await get(`/projects/${projectGuid}/files/tree`);
     const out = new Map();
@@ -223,6 +240,22 @@ async function downloadAll(projectGuid, onBytes) {
     });
 }
 async function fetchOne(projectGuid, path) {
+    // Exact single-file read first. The tree-tar endpoint below treats its `path`
+    // as a DIRECTORY prefix, so a single root file (e.g. `gipity.yaml`) comes back
+    // empty — which silently broke conflict restores and trapped sync in an
+    // unresolvable delete-vs-newer loop. `/files/read` is the exact-path endpoint
+    // (what `gipity file cat` uses); it returns text content, reliable for the
+    // config/code files that actually hit a restore. Binary falls through to tar.
+    try {
+        const res = await get(`/projects/${projectGuid}/files/read?path=${encodeURIComponent(path)}`);
+        const content = res?.data?.content;
+        if (typeof content === 'string' && isTextMime(res?.data?.mime, path)) {
+            return Buffer.from(content, 'utf-8');
+        }
+    }
+    catch {
+        /* fall through to the tar path */
+    }
     try {
         const stream = await downloadStream(`/projects/${projectGuid}/files/tree?content=tar&path=${encodeURIComponent(path)}`);
         const extract = tar.extract();
@@ -248,6 +281,14 @@ async function fetchOne(projectGuid, path) {
         return null;
     }
 }
+// Treat a file as text (safe to round-trip through `/files/read`'s string body)
+// from its mime or, failing that, a code/config extension. Binary needs the
+// byte-exact tar path.
+function isTextMime(mime, path) {
+    if (mime && (mime.startsWith('text/') || /(json|javascript|xml|yaml|x-sh|sql)/.test(mime)))
+        return true;
+    return /\.(js|mjs|cjs|ts|tsx|jsx|json|yaml|yml|sql|md|txt|html|css|svg|csv|env|sh|toml|ini)$/i.test(path);
+}
 // ─── Classification ────────────────────────────────────────────
 function classifyLocal(info, base) {
     if (!info && !base)
@@ -373,9 +414,13 @@ export function plan(local, remote, baseline) {
         // deleted × absent → baseline is stale, drop it silently (no action)
         if (lSide === 'deleted' && rSide === 'absent')
             continue;
-        // deleted × unchanged → delete remote
+        // deleted × unchanged → delete remote. Use the remote's CURRENT version for
+        // the optimistic-delete check, not the baseline's: the content can be equal
+        // (rSide 'unchanged' is sha-based) while the server version moved ahead - the
+        // baseline version would then fail the CAS and the delete would loop. The
+        // remote read we already have carries the live version.
         if (lSide === 'deleted' && rSide === 'unchanged') {
-            actions.push({ path, kind: 'delete-remote', remoteSize: R.size, expectedServerVersion: B.serverVersion });
+            actions.push({ path, kind: 'delete-remote', remoteSize: R.size, expectedServerVersion: R.serverVersion });
             continue;
         }
         // deleted × modified → remote wins, restore locally — but only if the remote
@@ -603,7 +648,14 @@ async function syncInner(projectGuid, root, ignore, opts, interactive) {
             errors.push(`Download missing: ${a.path}`);
             continue;
         }
-        const full = join(root, a.path);
+        let full;
+        try {
+            full = resolveInRoot(root, a.path);
+        }
+        catch (e) {
+            errors.push(e.message);
+            continue;
+        }
         mkdirSync(dirname(full), { recursive: true });
         writeFileSync(full, buf);
         const stat = statSync(full);
@@ -619,8 +671,16 @@ async function syncInner(projectGuid, root, ignore, opts, interactive) {
     // upload the renamed copy. If the upload of the renamed copy fails, we
     // still keep the rename on disk - next sync picks it up as "added".
     for (const a of conflictQueue) {
-        const full = join(root, a.path);
-        const renamed = join(root, a.renamedLocalTo);
+        let full;
+        let renamed;
+        try {
+            full = resolveInRoot(root, a.path);
+            renamed = resolveInRoot(root, a.renamedLocalTo);
+        }
+        catch (e) {
+            errors.push(e.message);
+            continue;
+        }
         try {
             mkdirSync(dirname(renamed), { recursive: true });
             renameSync(full, renamed);
@@ -680,7 +740,14 @@ async function syncInner(projectGuid, root, ignore, opts, interactive) {
                 if (idx >= uploadQueue.length)
                     return;
                 const a = uploadQueue[idx];
-                const full = join(root, a.path);
+                let full;
+                try {
+                    full = resolveInRoot(root, a.path);
+                }
+                catch (e) {
+                    errors.push(e.message);
+                    continue;
+                }
                 try {
                     const result = await uploadOneFile(config.projectGuid, full, a.path, {
                         expectedServerVersion: a.expectedServerVersion,
@@ -701,8 +768,16 @@ async function syncInner(projectGuid, root, ignore, opts, interactive) {
                         // re-upload the rename.
                         const currentBytes = await fetchOne(config.projectGuid, a.path);
                         const renamedRel = conflictedCopyName(a.path);
+                        let renamedFull;
+                        try {
+                            renamedFull = resolveInRoot(root, renamedRel);
+                        }
+                        catch (e) {
+                            errors.push(e.message);
+                            continue;
+                        }
                         try {
-                            renameSync(full, join(root, renamedRel));
+                            renameSync(full, renamedFull);
                         }
                         catch (e) {
                             errors.push(`Rename failed for ${a.path}: ${e.message}`);
@@ -719,9 +794,9 @@ async function syncInner(projectGuid, root, ignore, opts, interactive) {
                             };
                         }
                         try {
-                            const result = await uploadOneFile(config.projectGuid, join(root, renamedRel), renamedRel, { expectedServerVersion: null });
-                            const stat = statSync(join(root, renamedRel));
-                            const { sha256 } = await hashFile(join(root, renamedRel));
+                            const result = await uploadOneFile(config.projectGuid, renamedFull, renamedRel, { expectedServerVersion: null });
+                            const stat = statSync(renamedFull);
+                            const { sha256 } = await hashFile(renamedFull);
                             baseline.files[renamedRel] = {
                                 size: stat.size, mtime: stat.mtime.toISOString(),
                                 sha256, serverVersion: result.serverVersion,
@@ -744,9 +819,9 @@ async function syncInner(projectGuid, root, ignore, opts, interactive) {
     for (const a of plannedToApply) {
         if (a.kind === 'delete-local') {
             try {
-                unlinkSync(join(root, a.path));
+                unlinkSync(resolveInRoot(root, a.path));
             }
-            catch { /* already gone */ }
+            catch { /* already gone or outside root */ }
             delete baseline.files[a.path];
             applied++;
         }
@@ -773,7 +848,7 @@ async function syncInner(projectGuid, root, ignore, opts, interactive) {
                         const buf = await fetchOne(config.projectGuid, a.path);
                         if (!buf)
                             throw new Error('remote bytes unavailable');
-                        const full = join(root, a.path);
+                        const full = resolveInRoot(root, a.path);
                         mkdirSync(dirname(full), { recursive: true });
                         writeFileSync(full, buf);
                         const stat = statSync(full);
@@ -787,7 +862,13 @@ async function syncInner(projectGuid, root, ignore, opts, interactive) {
                         errors.push(`Could not delete ${a.path}: server has a newer version - restored the server copy locally (delete it again and re-sync to confirm)`);
                     }
                     catch {
-                        errors.push(`Could not delete ${a.path}: server has newer version - re-sync to resolve`);
+                        // Restore failed (e.g. the bytes truly couldn't be fetched). DROP the
+                        // baseline entry rather than leave a stale one: a stale entry re-plans
+                        // the same impossible delete every run (the original loop). With no
+                        // baseline, the next sync re-evaluates this path from scratch — as a
+                        // remote 'added' it downloads cleanly, no loop.
+                        delete baseline.files[a.path];
+                        errors.push(`Could not delete ${a.path}: server has a newer version - reset its sync state; re-run \`gipity sync\` to pull the server copy.`);
                     }
                 }
                 else if (err instanceof ApiError && err.statusCode === 404) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gipity",
-  "version": "1.0.386",
+  "version": "1.0.387",
   "description": "The full-stack platform tuned for AI agents. Database, storage, auth, functions, deploy, and drop-in kits - all agent-tuned. Pair with Claude Code or use standalone.",
   "bin": {
     "gipity": "dist/updater/shim.js",
@@ -12,7 +12,7 @@
     "build": "tsc && chmod +x dist/index.js dist/gipcc.js dist/gipccd.js dist/updater/shim.js dist/updater/check.js",
     "dev": "tsc --watch",
     "test": "npm run test:smoke",
-    "test:smoke": "tsc && node --test dist/__tests__/utils.test.js dist/__tests__/config.test.js dist/__tests__/sync.test.js dist/__tests__/sync-apply.test.js dist/__tests__/sync-lock.test.js dist/__tests__/push-cas.test.js dist/__tests__/upload.test.js dist/__tests__/progress.test.js dist/__tests__/updater.test.js dist/__tests__/cli-smoke.test.js dist/__tests__/claude-noninteractive.test.js dist/__tests__/claude-trust.test.js dist/__tests__/relay-state.test.js dist/__tests__/relay-daemon.test.js dist/__tests__/relay-installers.test.js dist/__tests__/relay-bridge-abort.test.js dist/__tests__/relay-redact.test.js dist/__tests__/relay-machine-id.test.js dist/__tests__/stream-json.test.js dist/__tests__/relay-ingest-contract.test.js dist/__tests__/prompts.test.js dist/__tests__/capture-transcript.test.js dist/__tests__/flag-aliases.test.js dist/__tests__/adopt-cwd.test.js dist/__tests__/cli-cmd-agent.test.js dist/__tests__/cli-cmd-approval.test.js dist/__tests__/cli-cmd-audit.test.js dist/__tests__/cli-cmd-chat.test.js dist/__tests__/cli-cmd-credits.test.js dist/__tests__/cli-cmd-db.test.js dist/__tests__/cli-cmd-deploy.test.js dist/__tests__/cli-cmd-domain.test.js dist/__tests__/cli-cmd-email.test.js dist/__tests__/cli-cmd-file.test.js dist/__tests__/cli-cmd-fn.test.js dist/__tests__/cli-cmd-service.test.js dist/__tests__/cli-cmd-job.test.js dist/__tests__/cli-cmd-generate.test.js dist/__tests__/cli-cmd-gmail.test.js dist/__tests__/cli-cmd-info.test.js dist/__tests__/cli-cmd-init.test.js dist/__tests__/cli-cmd-location.test.js dist/__tests__/cli-cmd-text.test.js dist/__tests__/cli-cmd-login.test.js dist/__tests__/cli-cmd-logout.test.js dist/__tests__/cli-cmd-logs.test.js dist/__tests__/cli-cmd-memory.test.js dist/__tests__/cli-cmd-page.test.js dist/__tests__/cli-cmd-plan.test.js dist/__tests__/cli-cmd-project.test.js dist/__tests__/cli-cmd-rbac.test.js dist/__tests__/cli-cmd-realtime.test.js dist/__tests__/cli-cmd-records.test.js dist/__tests__/cli-cmd-relay.test.js dist/__tests__/cli-cmd-sandbox.test.js dist/__tests__/cli-cmd-add.test.js dist/__tests__/cli-cmd-skill.test.js dist/__tests__/cli-cmd-test.test.js dist/__tests__/cli-cmd-workflow.test.js dist/__tests__/setup-skills-block.test.js dist/__tests__/setup-hooks.test.js",
+    "test:smoke": "tsc && node --test dist/__tests__/utils.test.js dist/__tests__/config.test.js dist/__tests__/sync.test.js dist/__tests__/sync-apply.test.js dist/__tests__/sync-lock.test.js dist/__tests__/push-cas.test.js dist/__tests__/upload.test.js dist/__tests__/progress.test.js dist/__tests__/updater.test.js dist/__tests__/cli-smoke.test.js dist/__tests__/claude-noninteractive.test.js dist/__tests__/claude-trust.test.js dist/__tests__/relay-state.test.js dist/__tests__/relay-daemon.test.js dist/__tests__/relay-installers.test.js dist/__tests__/relay-bridge-abort.test.js dist/__tests__/relay-redact.test.js dist/__tests__/relay-machine-id.test.js dist/__tests__/stream-json.test.js dist/__tests__/relay-ingest-contract.test.js dist/__tests__/prompts.test.js dist/__tests__/capture-transcript.test.js dist/__tests__/flag-aliases.test.js dist/__tests__/adopt-cwd.test.js dist/__tests__/cli-cmd-agent.test.js dist/__tests__/cli-cmd-approval.test.js dist/__tests__/cli-cmd-audit.test.js dist/__tests__/cli-cmd-chat.test.js dist/__tests__/cli-cmd-credits.test.js dist/__tests__/cli-cmd-db.test.js dist/__tests__/cli-cmd-deploy.test.js dist/__tests__/cli-cmd-domain.test.js dist/__tests__/cli-cmd-email.test.js dist/__tests__/cli-cmd-file.test.js dist/__tests__/cli-cmd-fn.test.js dist/__tests__/cli-cmd-service.test.js dist/__tests__/cli-cmd-job.test.js dist/__tests__/cli-cmd-generate.test.js dist/__tests__/cli-cmd-gmail.test.js dist/__tests__/cli-cmd-info.test.js dist/__tests__/cli-cmd-init.test.js dist/__tests__/cli-cmd-location.test.js dist/__tests__/cli-cmd-text.test.js dist/__tests__/cli-cmd-login.test.js dist/__tests__/cli-cmd-logout.test.js dist/__tests__/cli-cmd-logs.test.js dist/__tests__/cli-cmd-memory.test.js dist/__tests__/cli-cmd-page.test.js dist/__tests__/cli-cmd-plan.test.js dist/__tests__/cli-cmd-project.test.js dist/__tests__/cli-cmd-rbac.test.js dist/__tests__/cli-cmd-realtime.test.js dist/__tests__/cli-cmd-records.test.js dist/__tests__/cli-cmd-relay.test.js dist/__tests__/cli-cmd-sandbox.test.js dist/__tests__/cli-cmd-add.test.js dist/__tests__/cli-cmd-remove.test.js dist/__tests__/cli-cmd-skill.test.js dist/__tests__/cli-cmd-test.test.js dist/__tests__/cli-cmd-workflow.test.js dist/__tests__/setup-skills-block.test.js dist/__tests__/setup-hooks.test.js",
     "test:e2e": "tsc && GIPITY_E2E=1 node --test --test-timeout=180000 dist/__tests__/cli-e2e-live.test.js dist/__tests__/cli-e2e-services-media-live.test.js dist/__tests__/cli-e2e-workflow-live.test.js dist/__tests__/cli-e2e-sandbox-live.test.js dist/__tests__/cli-e2e-page-fetch-live.test.js dist/__tests__/cli-e2e-page-test-live.test.js",
     "test:e2e:sandbox": "tsc && GIPITY_E2E=1 node --test --test-timeout=180000 dist/__tests__/cli-e2e-sandbox-live.test.js"
   },