npm - gipity - Versions diffs - 1.0.391 → 1.0.392 - Mend

gipity 1.0.391 → 1.0.392

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/api.js +14 -12
package/dist/auth.js +74 -40
package/dist/commands/generate.js +34 -5
package/dist/commands/page-inspect.js +33 -9
package/dist/commands/page-screenshot.js +21 -0
package/dist/commands/token.js +65 -0
package/dist/config.js +6 -0
package/dist/index.js +27 -3
package/dist/knowledge.js +1 -0
package/dist/relay/daemon.js +7 -1
package/dist/sync.js +14 -2
package/dist/utils.js +13 -1
package/package.json +2 -2

package/dist/api.js CHANGED Viewed

@@ -16,13 +16,23 @@ export class ApiError extends Error {
         this.name = 'ApiError';
     }
 }
-async function getHeaders() {
+/** Resolve the Bearer token value. A GIPITY_TOKEN env var (a long-lived agent
+ *  API token) takes precedence over the saved session — the persistent,
+ *  login-free path for headless agents and CI. Falls back to the refreshed
+ *  session access token. */
+async function bearerToken() {
+    const envToken = process.env.GIPITY_TOKEN?.trim();
+    if (envToken)
+        return envToken;
     await refreshTokenIfNeeded();
     const auth = getAuth();
     if (!auth)
         throw new Error('Not authenticated. Run: gipity login');
+    return auth.accessToken;
+}
+async function getHeaders() {
     return {
-        'Authorization': `Bearer ${auth.accessToken}`,
+        'Authorization': `Bearer ${await bearerToken()}`,
         'Content-Type': 'application/json',
     };
 }
@@ -125,13 +135,9 @@ export async function sendMessage(message) {
 }
 /** Download a file as raw bytes (no JSON parsing) */
 export async function download(path) {
-    await refreshTokenIfNeeded();
-    const auth = getAuth();
-    if (!auth)
-        throw new Error('Not authenticated. Run: gipity login');
     const url = `${baseUrl()}${path}`;
     const res = await fetch(url, {
-        headers: { 'Authorization': `Bearer ${auth.accessToken}` },
+        headers: { 'Authorization': `Bearer ${await bearerToken()}` },
     });
     if (!res.ok) {
         throw new ApiError(res.status, 'DOWNLOAD_ERROR', `Download failed: ${res.statusText}`);
@@ -141,13 +147,9 @@ export async function download(path) {
 /** Download a response as a Node.js Readable stream */
 export async function downloadStream(path) {
     const { Readable } = await import('stream');
-    await refreshTokenIfNeeded();
-    const auth = getAuth();
-    if (!auth)
-        throw new Error('Not authenticated. Run: gipity login');
     const url = `${baseUrl()}${path}`;
     const res = await fetch(url, {
-        headers: { 'Authorization': `Bearer ${auth.accessToken}` },
+        headers: { 'Authorization': `Bearer ${await bearerToken()}` },
     });
     if (!res.ok) {
         throw new ApiError(res.status, 'DOWNLOAD_ERROR', `Download failed: ${res.statusText}`);

package/dist/auth.js CHANGED Viewed

@@ -2,7 +2,11 @@ import { readFileSync, writeFileSync, mkdirSync, existsSync, unlinkSync, chmodSy
 import { join } from 'path';
 import { homedir } from 'os';
 import { decodeJwtExp } from './utils.js';
-const AUTH_DIR = join(homedir(), '.gipity');
+// GIPITY_DIR lets a caller keep a SEPARATE auth context (its own auth.json) from
+// the default ~/.gipity — e.g. GipRunner logging into a local dev server without
+// clobbering your real (prod) login. Only the auth dir moves; HOME is untouched,
+// so the `claude` subprocess and git/npm still use the real home.
+const AUTH_DIR = process.env.GIPITY_DIR || join(homedir(), '.gipity');
 const AUTH_FILE = join(AUTH_DIR, 'auth.json');
 let cached = null;
 export function getAuth() {
@@ -52,18 +56,10 @@ export function clearAuth() {
     catch { /* already gone */ }
     cached = null;
 }
-export function isExpired() {
-    const auth = getAuth();
-    if (!auth)
-        return true;
-    const expiresAt = new Date(auth.expiresAt).getTime();
-    const buffer = 5 * 60 * 1000; // 5 minute buffer
-    return Date.now() > expiresAt - buffer;
-}
 /** True only when re-login is genuinely required: the refresh token itself
- *  has expired. Access-token expiry (`expiresAt` / isExpired) is invisible
- *  to users — every API call renews it via refreshTokenIfNeeded() — so it
- *  must never be surfaced as a session warning. */
+ *  has expired. Access-token expiry (`expiresAt`) is invisible to users —
+ *  every API call renews it via refreshTokenIfNeeded() — so it must never be
+ *  surfaced as a session warning. */
 export function sessionExpired() {
     const auth = getAuth();
     if (!auth)
@@ -73,40 +69,78 @@ export function sessionExpired() {
         return false; // undecodable - let the refresh path decide
     return Date.now() > exp * 1000;
 }
+const delay = (ms) => new Promise(r => setTimeout(r, ms));
+/** Renew the access token (5-min buffer) before an authenticated call, surviving
+ *  the case that broke overnight fix-mode runs: MANY concurrent `gipity` processes
+ *  (relay daemon, file-sync hook, parallel commands) sharing one ~/.gipity/auth.json.
+ *  Refresh tokens are SINGLE-USE — the server rotates them, so when several siblings
+ *  race to refresh the same token, the first wins and the rest get a 401. The old
+ *  code trusted a stale in-process cache and, on that race, let the 401 reach the
+ *  caller, whose handler called clearAuth() and DELETED the shared file — locking
+ *  every sibling out mid-run ("Not logged in"). Fix: always read the file fresh, and
+ *  retry the race/transient failures, re-reading each attempt so we ADOPT whatever
+ *  token a sibling just rotated in rather than resubmitting the rotated-away one.
+ *  Stays void / never throws / never clears auth: a genuine dead token still flows to
+ *  the caller's existing 401 path (which messages "run: gipity login"). */
 export async function refreshTokenIfNeeded() {
-    if (!isExpired())
-        return;
-    const auth = getAuth();
+    const auth = readAuthFresh(); // never the cache — a sibling may have rotated
     if (!auth)
-        return; // not logged in, caller will handle
-    try {
-        const config = await import('./config.js');
-        const apiBase = config.resolveApiBase();
-        const res = await fetch(`${apiBase}/auth/refresh`, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({ refreshToken: auth.refreshToken }),
-        });
-        if (!res.ok) {
-            cached = null; // force re-login
+        return; // not logged in - caller throws the clean error
+    cached = auth;
+    const buffer = 5 * 60 * 1000; // refresh 5 min before the access token lapses
+    const fresh = (a) => Date.now() <= new Date(a.expiresAt).getTime() - buffer;
+    if (fresh(auth))
+        return;
+    // If the refresh token itself has expired, re-login is genuinely required; leave the
+    // expired auth in place so the caller's existing 401 path prompts `gipity login`.
+    const refreshExp = decodeJwtExp(auth.refreshToken);
+    if (refreshExp && Date.now() > refreshExp * 1000)
+        return;
+    const { resolveApiBase } = await import('./config.js');
+    const apiBase = resolveApiBase();
+    for (let attempt = 1; attempt <= 3; attempt++) {
+        const cur = readAuthFresh(); // a sibling may have just refreshed for us
+        if (cur && fresh(cur)) {
+            cached = cur;
             return;
         }
-        const json = await res.json();
-        const exp = decodeJwtExp(json.accessToken);
-        if (!exp) {
-            cached = null;
+        const refreshToken = cur?.refreshToken ?? auth.refreshToken;
+        let res;
+        try {
+            res = await fetch(`${apiBase}/auth/refresh`, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({ refreshToken }),
+            });
+        }
+        catch {
+            await delay(attempt * 300);
+            continue; // network blip - retry
+        }
+        if (res.ok) {
+            const json = await res.json().catch(() => null);
+            const exp = json && decodeJwtExp(json.accessToken);
+            if (!json || !exp) {
+                await delay(attempt * 300);
+                continue;
+            }
+            saveAuth({ accessToken: json.accessToken, refreshToken: json.refreshToken, email: auth.email, expiresAt: new Date(exp * 1000).toISOString() });
             return;
         }
-        const expiresAt = new Date(exp * 1000).toISOString();
-        saveAuth({
-            accessToken: json.accessToken,
-            refreshToken: json.refreshToken,
-            email: auth.email,
-            expiresAt,
-        });
-    }
-    catch {
-        // Refresh failed - caller will see expired auth
+        // 401/403 → the refresh token was rejected outright (it was rotated away by a
+        // sibling, or genuinely expired). Re-read once more in case a sibling's fresh
+        // token just landed; otherwise stop and let the caller's 401 path re-login.
+        if (res.status === 401 || res.status === 403) {
+            const after = readAuthFresh();
+            if (after && fresh(after)) {
+                cached = after;
+                return;
+            }
+            return;
+        }
+        await delay(attempt * 300); // 5xx / unexpected → transient, retry
     }
+    // Retries exhausted: leave the existing token. The caller's request will 401 and the
+    // existing handler messages the user — we never delete the shared auth.json here.
 }
 //# sourceMappingURL=auth.js.map

package/dist/commands/generate.js CHANGED Viewed

@@ -1,19 +1,48 @@
 import { Command } from 'commander';
 import { post } from '../api.js';
-import { resolveProjectContext } from '../config.js';
+import { resolveProjectContext, getConfigPath } from '../config.js';
+import { pushFile } from '../sync.js';
 import { writeFileSync } from 'fs';
-import { resolve as resolvePath } from 'path';
+import { resolve as resolvePath, dirname, relative, isAbsolute } from 'path';
 import { error as clrError, success, muted, info } from '../colors.js';
 import { IMAGE_MODELS_DOC, IMAGE_GEMINI_ASPECT_RATIOS, IMAGE_GEMINI_SIZES, VIDEO_MODELS_DOC, TTS_PROVIDER_DESCRIPTIONS } from '../provider-docs.js';
-/** Download a URL and save to a local file. Returns the absolute path written,
- *  so callers can report exactly where the file landed. */
+/** Download a URL and save to a local file, then push it up to the project so
+ *  the cloud (and anything that mirrors it) immediately matches local disk.
+ *  Returns the absolute path written, so callers can report where it landed.
+ *
+ *  The push matters because generated media is written straight to disk with
+ *  writeFileSync, which does NOT trip the editor's file-sync hook the way an
+ *  agent's own file write does. Without it the file is local-only until the
+ *  next `gipity sync`, so `gipity sandbox run` - which mirrors the *server* -
+ *  can't see a just-generated image to convert/optimize it. Pushing here closes
+ *  that gap so the "sandbox auto-mirrors the project" contract holds right after
+ *  generation. Best-effort: the local save already succeeded, so a push failure
+ *  only warns and points at `gipity sync`. */
 async function downloadFile(url, filename) {
     const res = await fetch(url);
     if (!res.ok)
         throw new Error(`Download failed: ${res.status}`);
     const buffer = Buffer.from(await res.arrayBuffer());
     writeFileSync(filename, buffer);
-    return resolvePath(filename);
+    const savedPath = resolvePath(filename);
+    await pushGenerated(savedPath);
+    return savedPath;
+}
+/** Sync a freshly generated file up to the linked project (no-op when there's
+ *  no local project, or the file was written outside the project tree). */
+async function pushGenerated(savedPath) {
+    const configPath = getConfigPath();
+    if (!configPath)
+        return; // not linked to a project - nothing to sync into
+    const rel = relative(dirname(configPath), savedPath);
+    if (rel.startsWith('..') || isAbsolute(rel))
+        return; // outside the project tree
+    try {
+        await pushFile(savedPath);
+    }
+    catch (err) {
+        console.error(muted(`Note: couldn't sync to the cloud automatically (${err.message}). Run \`gipity sync\` before referencing this file in \`gipity sandbox run\`.`));
+    }
 }
 // ── IMAGE ──────────────────────────────────────────────────────────────
 const imageCommand = new Command('image')

package/dist/commands/page-inspect.js CHANGED Viewed

@@ -6,6 +6,13 @@ import { run } from '../helpers/index.js';
 import { capWaitMs } from './page-eval.js';
 /** A console line is an error-level entry (page error or console.error). */
 const isErrorLine = (line) => /^error:/i.test(line);
+/** A message-less, cross-origin "Script error." The throwing <script> lacks
+ *  CORS, so the browser strips its message/stack and the source is unknowable
+ *  from the console alone — there is no own-code stack to chase. These can't be
+ *  attributed to app code, so we surface them apart from real console errors
+ *  rather than letting an unactionable (and sometimes growing) count read as a
+ *  regression in the app the agent just wrote. */
+const isMessagelessCrossOrigin = (line) => isErrorLine(line) && /message-less|cross-origin|Script error\.?/i.test(line);
 function shortUrl(url, truncate = true, maxLen = 100) {
     let result;
     try {
@@ -55,13 +62,21 @@ export const pageInspectCommand = new Command('inspect')
         };
         const res = await post(`/tools/browser/inspect`, inspectBody);
         const b = res.data;
-        // Self-verify console errors before flagging them. A freshly-deployed page's
-        // first hit can throw a one-time, non-reproducible error — typically a
-        // cross-origin "Script error." with no message/stack from a CDN asset still
-        // propagating — and reporting it as a real defect sends agents chasing a
-        // phantom. So when the first probe reports error-level console lines, re-probe
-        // once (the sticky session is now warm) and keep only the errors that recur;
-        // errors seen on a single probe are surfaced separately as transient noise.
+        // Pull message-less cross-origin "Script error." lines out first. They carry
+        // no source/stack, so they're never actionable as app-code defects, and on a
+        // Gipity-deployed page the platform's own injected SDK is itself a
+        // cross-origin script — so these are reported separately (not as app console
+        // errors, and not folded into the re-probe count) instead of misleading the
+        // agent into chasing its own code.
+        const crossOriginErrors = (b.console || []).filter(isMessagelessCrossOrigin);
+        b.console = (b.console || []).filter((l) => !isMessagelessCrossOrigin(l));
+        // Self-verify the remaining console errors before flagging them. A
+        // freshly-deployed page's first hit can throw a one-time, non-reproducible
+        // error from an asset still propagating — and reporting it as a real defect
+        // sends agents chasing a phantom. So when the first probe reports error-level
+        // console lines, re-probe once (the sticky session is now warm) and keep only
+        // the errors that recur; errors seen on a single probe are surfaced
+        // separately as transient noise.
         let transientErrors = [];
         if ((b.console || []).some(isErrorLine)) {
             try {
@@ -76,7 +91,11 @@ export const pageInspectCommand = new Command('inspect')
             }
         }
         if (opts.json) {
-            console.log(JSON.stringify(transientErrors.length ? { ...b, transientConsole: transientErrors } : b));
+            console.log(JSON.stringify({
+                ...b,
+                ...(transientErrors.length ? { transientConsole: transientErrors } : {}),
+                ...(crossOriginErrors.length ? { crossOriginConsole: crossOriginErrors } : {}),
+            }));
             return;
         }
         const timing = b.timing || { ttfb: 0, domReady: 0, load: 0 };
@@ -112,7 +131,12 @@ export const pageInspectCommand = new Command('inspect')
             for (const line of transientErrors) {
                 console.log(muted(line));
             }
-            console.log(muted('One-time cold-load artifact (first hit of freshly-deployed assets, or a cross-origin script) — not reproducible, not in your app code. Ignore unless it recurs.'));
+            console.log(muted('One-time cold-load artifact (first hit of freshly-deployed assets) — not reproducible, not in your app code. Ignore unless it recurs.'));
+        }
+        // ── Cross-origin console errors (message-less; source hidden by the browser) ──
+        if (crossOriginErrors.length > 0) {
+            console.log(`\n${bold('Cross-origin console errors')} ${muted(`(${crossOriginErrors.length}, source hidden by the browser)`)}:`);
+            console.log(muted("Message-less — the throwing <script> lacks CORS, so the browser hides its source and there's no own-code stack to chase. Gipity's injected SDK is itself cross-origin, so if your app loads no third-party CDN scripts these are platform noise — ignore them. If your app DOES load a third-party <script>, add crossorigin=\"anonymous\" to that tag to surface the real error."));
         }
         // ── Failed Resources ──
         // Browsers auto-request /favicon.ico at the site root for every page, so a

package/dist/commands/page-screenshot.js CHANGED Viewed

@@ -231,4 +231,25 @@ export const pageScreenshotCommand = new Command('screenshot')
         console.log(`${label('Screenshot file')} ${success(savedFiles[i])}`);
     }
 }));
+// `screenshot` captures the page AS IT LOADS — there is no flag to scroll, click,
+// run a script, or wait for a selector before capture (agents reach for --eval/
+// --script/--scroll/--selector and get an unknown-option detour). State this
+// limitation and the two supported alternatives right here, so the help (rendered
+// on any bad flag, and this 'after' block survives `| tail`/`| grep`) ends the
+// hunt in one shot instead of sending the agent grepping `--help` for
+// scroll/script/before/action. The real per-element capture lives server-side and
+// isn't wired yet — until then, --full + crop or `page eval` cover the need.
+pageScreenshotCommand.addHelpText('after', `
+Examples:
+  gipity page screenshot "https://dev.gipity.ai/me/app/"
+  gipity page screenshot "https://dev.gipity.ai/me/app/" --full          # whole scrollable page
+  gipity page screenshot "https://dev.gipity.ai/me/app/" --device mobile,desktop
+Capturing a specific state (a slide, an off-screen element, a post-scroll view)?
+  screenshot captures the page as it loads — it does NOT scroll, click, wait for a
+  selector, or run a script before capture. To get the part you want:
+    • --full captures the ENTIRE scrollable page (then crop to the region).
+    • 'gipity page eval <url> "<expr>"' reads any (even off-screen) element's
+      data/state/rect without a picture — e.g. read the chart's bar values
+      directly instead of screenshotting the slide.`);
 //# sourceMappingURL=page-screenshot.js.map

package/dist/commands/token.js ADDED Viewed

@@ -0,0 +1,65 @@
+import { Command } from 'commander';
+import { get, post, del } from '../api.js';
+import { bold, muted, success, warning } from '../colors.js';
+import { run, printList } from '../helpers/index.js';
+export const tokenCommand = new Command('token')
+    .description('Manage agent API tokens (gip_at_*) for headless agents and CI');
+const fmtDate = (d) => (d ? new Date(d).toLocaleDateString() : 'never');
+tokenCommand
+    .command('create')
+    .description('Mint a long-lived agent API token (shown once)')
+    .option('--name <name>', 'Label for the token, e.g. "Hermes on my VPS"')
+    .option('--expires <days>', 'Days until the token expires (default: never)')
+    .option('--json', 'Output as JSON')
+    .action((opts) => run('Create', async () => {
+    const body = {};
+    if (opts.name)
+        body.name = opts.name;
+    if (opts.expires !== undefined) {
+        const days = parseInt(opts.expires, 10);
+        if (!Number.isFinite(days) || days <= 0)
+            throw new Error('--expires must be a positive number of days');
+        body.expiresInDays = days;
+    }
+    const res = await post('/auth/agent-tokens', body);
+    const { token, shortGuid, expiresAt } = res.data;
+    if (opts.json) {
+        console.log(JSON.stringify(res.data));
+        return;
+    }
+    const expNote = expiresAt ? ` (expires ${fmtDate(expiresAt)})` : ' (never expires)';
+    console.log(success(`Created token ${bold(shortGuid)}${muted(expNote)}.`));
+    console.log('');
+    console.log(token);
+    console.log('');
+    console.log(muted('Use it from an agent, script, or CI — no login needed:'));
+    console.log(`  export GIPITY_TOKEN=${token}`);
+    console.log('');
+    console.log(warning('Copy it now — it will not be shown again.'));
+}));
+tokenCommand
+    .command('list')
+    .alias('ls')
+    .description('List your active agent API tokens')
+    .option('--json', 'Output as JSON')
+    .action((opts) => run('List', async () => {
+    const res = await get('/auth/agent-tokens');
+    printList(res.data, opts, 'No agent API tokens.', (t) => {
+        const label = t.name ? `  ${t.name}` : '';
+        return `${bold(t.short_guid)}${label}  ${muted(`created ${fmtDate(t.created_at)}`)}  ${muted(`expires ${fmtDate(t.expires_at)}`)}  ${muted(`last used ${fmtDate(t.last_used_at)}`)}`;
+    });
+}));
+tokenCommand
+    .command('revoke <short_guid>')
+    .alias('rm')
+    .description('Revoke an agent API token (instant, irreversible)')
+    .option('--json', 'Output as JSON')
+    .action((shortGuid, opts) => run('Revoke', async () => {
+    await del(`/auth/agent-tokens/${encodeURIComponent(shortGuid)}`);
+    if (opts.json) {
+        console.log(JSON.stringify({ shortGuid, revoked: true }));
+        return;
+    }
+    console.log(success(`Revoked token ${bold(shortGuid)}.`));
+}));
+//# sourceMappingURL=token.js.map

package/dist/config.js CHANGED Viewed

@@ -45,6 +45,12 @@ export function resolveApiBase() {
     const override = getApiBaseOverride();
     if (override)
         return override;
+    // GIPITY_API_BASE env is a trusted override (any host, like --api-base) so a
+    // caller can point the CLI at a local dev server without passing the flag on
+    // every command — e.g. GipRunner running builds against http://localhost:7201.
+    const fromEnv = process.env.GIPITY_API_BASE;
+    if (fromEnv)
+        return fromEnv;
     const fromConfig = getConfig()?.apiBase;
     if (fromConfig) {
         if (isAllowedApiHost(fromConfig))

package/dist/index.js CHANGED Viewed

@@ -10,6 +10,7 @@ import { GIPITY_TAGLINE } from './knowledge.js';
 import { getAuth, sessionExpired } from './auth.js';
 import { loginCommand } from './commands/login.js';
 import { logoutCommand } from './commands/logout.js';
+import { tokenCommand } from './commands/token.js';
 import { initCommand } from './commands/init.js';
 import { statusCommand } from './commands/status.js';
 import { syncCommand } from './commands/sync.js';
@@ -108,7 +109,7 @@ const filesGroup = [fileCommand, syncCommand, pushCommand, uploadCommand];
 const appBuildingGroup = [testCommand, fnCommand, serviceCommand, jobCommand, dbCommand, logsCommand, workflowCommand, realtimeCommand, rbacCommand, auditCommand, recordsCommand];
 const utilitiesGroup = [pageCommand, sandboxCommand, generateCommand, emailCommand, gmailCommand, locationCommand, textCommand];
 const agentGroup = [chatCommand, memoryCommand, agentCommand, approvalCommand];
-const setupGroup = [loginCommand, logoutCommand, creditsCommand, planCommand, doctorCommand, updateCommand, uninstallCommand];
+const setupGroup = [loginCommand, logoutCommand, tokenCommand, creditsCommand, planCommand, doctorCommand, updateCommand, uninstallCommand];
 const HELP_SECTIONS = [
     { title: 'Common', cmds: commonGroup },
     { title: 'Connect', cmds: connectGroup },
@@ -125,11 +126,15 @@ program
     .version(pkg.version, '-v, --version')
     .addOption(new Option('--api-base <url>', 'API base URL').hideHelp())
     .option('-y, --yes', 'Skip confirmation prompts');
-program.hook('preAction', () => {
+program.hook('preAction', (_thisCommand, actionCommand) => {
     const globalOpts = program.opts();
     if (globalOpts.apiBase)
         setApiBaseOverride(globalOpts.apiBase);
-    if (globalOpts.yes)
+    // Honor `-y`/`--yes` whether it came before the subcommand (the global flag)
+    // or after it (the per-command flag registered by enableYesEverywhere below),
+    // so both `gipity -y records delete ...` and `gipity records delete ... --yes`
+    // skip confirmation identically.
+    if (globalOpts.yes || actionCommand.opts().yes)
         setAutoConfirm(true);
 });
 // Bracket non-JSON command output with leading/trailing blank lines centrally,
@@ -216,6 +221,25 @@ function enableHelpAfterError(cmd) {
         enableHelpAfterError(sub);
 }
 enableHelpAfterError(program);
+// ── `-y`/`--yes` accepted AFTER any subcommand, not only before it ──────
+// The global `-y` lives on `program`, so Commander parses it only when it
+// precedes the subcommand (`gipity -y records delete ...`). Agents and humans
+// instinctively append it instead (`gipity records delete ... --yes`), which
+// Commander would reject as an unknown option and dump help for. Register the
+// flag on every leaf command so both positions work identically; the preAction
+// hook honors whichever one was set. Skip commands that already declare their
+// own `--yes` (e.g. `fn delete`, `db drop`, `remove`) to avoid a duplicate.
+function enableYesEverywhere(cmd) {
+    if (cmd.commands.length > 0) {
+        for (const sub of cmd.commands)
+            enableYesEverywhere(sub);
+        return;
+    }
+    const hasYes = cmd.options.some(o => o.long === '--yes' || o.short === '-y');
+    if (!hasYes)
+        cmd.addOption(new Option('-y, --yes', 'Skip confirmation prompts').hideHelp());
+}
+enableYesEverywhere(program);
 // Auto-fetch related skill docs when --help is run on a doc-bearing TOP-LEVEL
 // command (e.g. `gipity fn --help`, `gipity db --help`). It must NOT fire for a
 // subcommand's help: `gipity db query --help` should render commander's own

package/dist/knowledge.js CHANGED Viewed

@@ -122,6 +122,7 @@ App services skills (load before calling \`/services/*\` endpoints):
 - \`app-video\` - Gipity Video: models, aspect, resolution
 App development skills:
+- \`agent-deploy\` - headless auth via agent API tokens (GIPITY_TOKEN) for unattended deploys
 - \`app-debugging\` - debug a deployed app: page inspect/eval, screenshots, function logs
 - \`app-development\` - functions, database, and API
 - \`deploy\` - the deploy pipeline & gipity.yaml manifest

package/dist/relay/daemon.js CHANGED Viewed

@@ -718,7 +718,13 @@ async function handleDispatch(d) {
     // Future cleanup: see docs/feature-backlog/future-generate-to-vfs.md
     // - server-side /generate/* should write directly to VFS and make
     // this sync redundant for that case.
-    if (!spawnErr) {
+    //
+    // Skip on `killed`: a kill-on-new-message replacement is already starting for
+    // this conv, and a bidirectional reconcile over the half-finished tree of the
+    // cancelled run is exactly the WS-00172 stale-state trap - it pushes/pulls a
+    // partial state that the resuming run then fights. The replacement dispatch
+    // runs its own sync; let it own the tree.
+    if (!spawnErr && !killed) {
         try {
             await spawnSync(cwd, PROJECT_SYNC_TIMEOUT_MS);
         }

package/dist/sync.js CHANGED Viewed

@@ -1030,9 +1030,18 @@ export async function pushFile(filePath) {
     const rel = relative(root, filePath).replace(/\\/g, '/');
     if (shouldIgnore(rel, effectiveIgnore(root, config.ignore)))
         return;
-    const baseline = readBaseline(config.projectGuid);
-    const baseEntry = baseline.files[rel];
+    // Serialize against `gipity sync` and other concurrent pushes by holding the
+    // same per-project lock `sync()` uses. Both paths read-modify-write the shared
+    // baseline; without a common lock, a burst of PostToolUse pushes (each a
+    // detached `gipity push`) racing the UserPromptSubmit/post-dispatch reconciles
+    // drops baseline updates, and the 3-way merge then misreads our own just-pushed
+    // edits as `modified×modified` conflicts (or pulls stale bytes over a live
+    // edit). Read the baseline AFTER acquiring the lock so earlier pushes' writes
+    // are visible. (WS-00172)
+    const releaseLock = await acquireLock();
     try {
+        const baseline = readBaseline(config.projectGuid);
+        const baseEntry = baseline.files[rel];
         const result = await uploadOneFile(config.projectGuid, filePath, rel, {
             expectedServerVersion: baseEntry ? baseEntry.serverVersion : null,
         });
@@ -1051,5 +1060,8 @@ export async function pushFile(filePath) {
         }
         throw err;
     }
+    finally {
+        releaseLock();
+    }
 }
 //# sourceMappingURL=sync.js.map

package/dist/utils.js CHANGED Viewed

@@ -47,6 +47,15 @@ export async function promptBoxed() {
 let _autoConfirm = false;
 export function setAutoConfirm(val) { _autoConfirm = val; }
 export function getAutoConfirm() { return _autoConfirm; }
+/** Reconstruct the current invocation with `--yes` appended, for self-correcting
+ *  non-interactive confirmation hints. Shell-quotes args that need it. */
+function rerunWithYes() {
+    const args = process.argv.slice(2);
+    if (!args.some(a => a === '--yes' || a === '-y'))
+        args.push('--yes');
+    const quote = (a) => (/[^\w@%+=:,./-]/.test(a) ? `'${a.replace(/'/g, `'\\''`)}'` : a);
+    return `gipity ${args.map(quote).join(' ')}`;
+}
 /** Ask for Y/n confirmation. Single-keypress - no Enter required.
  *
  *  - `opts.default` controls which answer Enter / unknown-key selects. Defaults to `'no'`.
@@ -59,7 +68,10 @@ export async function confirm(question, opts = {}) {
     if (opts.skip ?? _autoConfirm)
         return true;
     if (!process.stdin.isTTY) {
-        console.error('Confirmation required. Use --yes to skip prompts.');
+        // Headless/agent context: no one can answer the prompt. Don't just say
+        // "use --yes" - echo the exact command to re-run so the fix is copy-paste,
+        // not a second guessing trip.
+        console.error(`Confirmation required (non-interactive). Re-run with --yes:\n  ${rerunWithYes()}`);
         return false;
     }
     const hint = defaultYes ? dim('[Y/n]') : dim('[y/N]');

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "gipity",
-  "version": "1.0.391",
+  "version": "1.0.392",
   "description": "The full-stack platform tuned for AI agents. Database, storage, auth, functions, deploy, and drop-in kits - all agent-tuned. Pair with Claude Code or use standalone.",
   "bin": {
     "gipity": "dist/updater/shim.js",
@@ -12,7 +12,7 @@
     "build": "tsc && chmod +x dist/index.js dist/gipcc.js dist/gipccd.js dist/updater/shim.js dist/updater/check.js",
     "dev": "tsc --watch",
     "test": "npm run test:smoke",
-    "test:smoke": "tsc && node --test dist/__tests__/utils.test.js dist/__tests__/config.test.js dist/__tests__/sync.test.js dist/__tests__/sync-apply.test.js dist/__tests__/sync-lock.test.js dist/__tests__/push-cas.test.js dist/__tests__/upload.test.js dist/__tests__/progress.test.js dist/__tests__/updater.test.js dist/__tests__/cli-smoke.test.js dist/__tests__/claude-noninteractive.test.js dist/__tests__/claude-trust.test.js dist/__tests__/relay-state.test.js dist/__tests__/relay-daemon.test.js dist/__tests__/relay-installers.test.js dist/__tests__/relay-bridge-abort.test.js dist/__tests__/relay-redact.test.js dist/__tests__/relay-machine-id.test.js dist/__tests__/stream-json.test.js dist/__tests__/relay-ingest-contract.test.js dist/__tests__/prompts.test.js dist/__tests__/capture-transcript.test.js dist/__tests__/flag-aliases.test.js dist/__tests__/adopt-cwd.test.js dist/__tests__/cli-cmd-agent.test.js dist/__tests__/cli-cmd-approval.test.js dist/__tests__/cli-cmd-audit.test.js dist/__tests__/cli-cmd-chat.test.js dist/__tests__/cli-cmd-credits.test.js dist/__tests__/cli-cmd-db.test.js dist/__tests__/cli-cmd-deploy.test.js dist/__tests__/cli-cmd-domain.test.js dist/__tests__/cli-cmd-email.test.js dist/__tests__/cli-cmd-file.test.js dist/__tests__/cli-cmd-fn.test.js dist/__tests__/cli-cmd-service.test.js dist/__tests__/cli-cmd-job.test.js dist/__tests__/cli-cmd-generate.test.js dist/__tests__/cli-cmd-gmail.test.js dist/__tests__/cli-cmd-info.test.js dist/__tests__/cli-cmd-init.test.js dist/__tests__/cli-cmd-location.test.js dist/__tests__/cli-cmd-text.test.js dist/__tests__/cli-cmd-login.test.js dist/__tests__/cli-cmd-logout.test.js dist/__tests__/cli-cmd-logs.test.js dist/__tests__/cli-cmd-memory.test.js dist/__tests__/cli-cmd-page.test.js dist/__tests__/cli-cmd-plan.test.js dist/__tests__/cli-cmd-project.test.js dist/__tests__/cli-cmd-rbac.test.js dist/__tests__/cli-cmd-realtime.test.js dist/__tests__/cli-cmd-records.test.js dist/__tests__/cli-cmd-relay.test.js dist/__tests__/cli-cmd-sandbox.test.js dist/__tests__/cli-cmd-add.test.js dist/__tests__/cli-cmd-remove.test.js dist/__tests__/cli-cmd-skill.test.js dist/__tests__/cli-cmd-test.test.js dist/__tests__/cli-cmd-workflow.test.js dist/__tests__/setup-skills-block.test.js dist/__tests__/setup-hooks.test.js",
+    "test:smoke": "tsc && node --test dist/__tests__/utils.test.js dist/__tests__/config.test.js dist/__tests__/sync.test.js dist/__tests__/sync-apply.test.js dist/__tests__/sync-lock.test.js dist/__tests__/push-cas.test.js dist/__tests__/upload.test.js dist/__tests__/progress.test.js dist/__tests__/updater.test.js dist/__tests__/cli-smoke.test.js dist/__tests__/claude-noninteractive.test.js dist/__tests__/claude-trust.test.js dist/__tests__/relay-state.test.js dist/__tests__/relay-daemon.test.js dist/__tests__/relay-installers.test.js dist/__tests__/relay-bridge-abort.test.js dist/__tests__/relay-redact.test.js dist/__tests__/relay-machine-id.test.js dist/__tests__/stream-json.test.js dist/__tests__/relay-ingest-contract.test.js dist/__tests__/prompts.test.js dist/__tests__/capture-transcript.test.js dist/__tests__/flag-aliases.test.js dist/__tests__/adopt-cwd.test.js dist/__tests__/cli-cmd-agent.test.js dist/__tests__/cli-cmd-approval.test.js dist/__tests__/cli-cmd-audit.test.js dist/__tests__/cli-cmd-chat.test.js dist/__tests__/cli-cmd-credits.test.js dist/__tests__/cli-cmd-db.test.js dist/__tests__/cli-cmd-deploy.test.js dist/__tests__/cli-cmd-domain.test.js dist/__tests__/cli-cmd-email.test.js dist/__tests__/cli-cmd-file.test.js dist/__tests__/cli-cmd-fn.test.js dist/__tests__/cli-cmd-service.test.js dist/__tests__/cli-cmd-job.test.js dist/__tests__/cli-cmd-generate.test.js dist/__tests__/cli-cmd-gmail.test.js dist/__tests__/cli-cmd-info.test.js dist/__tests__/cli-cmd-init.test.js dist/__tests__/cli-cmd-location.test.js dist/__tests__/cli-cmd-text.test.js dist/__tests__/cli-cmd-login.test.js dist/__tests__/cli-cmd-logout.test.js dist/__tests__/cli-cmd-token.test.js dist/__tests__/cli-cmd-logs.test.js dist/__tests__/cli-cmd-memory.test.js dist/__tests__/cli-cmd-page.test.js dist/__tests__/cli-cmd-plan.test.js dist/__tests__/cli-cmd-project.test.js dist/__tests__/cli-cmd-rbac.test.js dist/__tests__/cli-cmd-realtime.test.js dist/__tests__/cli-cmd-records.test.js dist/__tests__/cli-cmd-relay.test.js dist/__tests__/cli-cmd-sandbox.test.js dist/__tests__/cli-cmd-add.test.js dist/__tests__/cli-cmd-remove.test.js dist/__tests__/cli-cmd-skill.test.js dist/__tests__/cli-cmd-test.test.js dist/__tests__/cli-cmd-workflow.test.js dist/__tests__/setup-skills-block.test.js dist/__tests__/setup-hooks.test.js",
     "test:e2e": "tsc && GIPITY_E2E=1 node --test --test-timeout=180000 dist/__tests__/cli-e2e-live.test.js dist/__tests__/cli-e2e-services-media-live.test.js dist/__tests__/cli-e2e-workflow-live.test.js dist/__tests__/cli-e2e-sandbox-live.test.js dist/__tests__/cli-e2e-page-fetch-live.test.js dist/__tests__/cli-e2e-page-test-live.test.js",
     "test:e2e:sandbox": "tsc && GIPITY_E2E=1 node --test --test-timeout=180000 dist/__tests__/cli-e2e-sandbox-live.test.js"
   },