github-router 0.3.25 → 0.3.26

package/dist/main.js

@@ -40,9 +40,30 @@ const PATHS = {
 		return path.join(appDir(), "runtime");
 	},
 	get CLAUDE_CONFIG_DIR() {
-		return path.join(appDir(), "claude-config");
+		return path.join(appDir(), "claude-config", claudeConfigDirSuffix());
 	}
 };
+/**
+* Per-launch suffix for `PATHS.CLAUDE_CONFIG_DIR`. Lazily generated on
+* first access and cached for the lifetime of the process so every
+* caller (env-var injection in `getClaudeCodeEnvVars`,
+* `ensureClaudeConfigMirror` provisioning, peer-agent `.md` writes
+* under `<dir>/agents/`, the shutdown cleanup) resolves the same path.
+*
+* Shape: `<pid>-<8 hex>`. The PID prefix is what
+* `sweepStaleClaudeConfigMirrors` keys off to drop orphans from
+* crashed prior sessions; the 8-hex random suffix prevents collision
+* if a future caller (tests, internal relaunch) ever clears the cache
+* within a single PID lifetime.
+*
+* NOT exported — every consumer should go through `PATHS.CLAUDE_CONFIG_DIR`
+* so the homedir-mock pattern used in the test suite keeps working.
+*/
+let _claudeConfigDirSuffix;
+function claudeConfigDirSuffix() {
+	if (_claudeConfigDirSuffix === void 0) _claudeConfigDirSuffix = `${process.pid}-${randomBytes(4).toString("hex")}`;
+	return _claudeConfigDirSuffix;
+}
 async function ensurePaths() {
 	await fs.mkdir(PATHS.APP_DIR, { recursive: true });
 	await fs.mkdir(PATHS.CODEX_HOME, { recursive: true });
@@ -52,6 +73,9 @@ async function ensurePaths() {
 	await sweepStaleRuntimeFiles().catch((err) => {
 		consola.debug("Runtime sweep skipped:", err);
 	});
+	await sweepStaleClaudeConfigMirrors().catch((err) => {
+		consola.debug("Per-launch claude-config sweep skipped:", err);
+	});
 	await sweepStalePeerAgentMdFiles().catch((err) => {
 		consola.debug("Peer-agent .md sweep skipped:", err);
 	});
@@ -506,6 +530,73 @@ async function sweepStalePeerAgentMdFiles() {
 * new coordinator-style agent is added in `codex-mcp-config.ts`.
 */
 const PEER_AGENT_MD_FILENAME = /^peer-(\d+)-[0-9a-f]{8}-(?:codex-critic|codex-reviewer|gemini-critic|codex-implementer|peer-review-coordinator)\.md$/;
+/**
+* Strict regex matching only per-launch claude-config mirror dirs this
+* proxy creates: `<pid>-<8 hex>`. Anchored to the entire entry name so
+* user-authored siblings under `<appDir>/claude-config/` (if any) are
+* untouchable. The PID prefix is what `sweepStaleClaudeConfigMirrors`
+* keys off; the 8-hex random suffix matches `randomBytes(4)` exactly
+* (no `?` — files created by a different shape are not ours).
+*/
+const CLAUDE_CONFIG_MIRROR_DIR = /^(\d+)-[0-9a-f]{8}$/;
+/**
+* Sweep stale per-launch CLAUDE_CONFIG_DIR mirrors left behind by
+* crashed prior proxy sessions. Symmetric to `sweepStalePeerAgentMdFiles`
+* — same liveness rule (only delete when the embedded PID is dead),
+* same strict regex (the dir-name allowlist is the load-bearing
+* protection against deleting user-authored siblings).
+*
+* Scans `<appDir>/claude-config/` (the parent of the per-launch dirs).
+* Each entry whose name matches `<pid>-<8 hex>` AND whose PID is no
+* longer alive is removed recursively. `fs.rm({recursive: true})`
+* walks the tree calling `unlink` on symlinks/junctions rather than
+* following them, so the SHARED junctions back to `~/.claude/<X>`
+* are removed without touching their targets.
+*
+* Tolerates missing parent dir (first-ever launch, or user wiped it).
+*/
+async function sweepStaleClaudeConfigMirrors() {
+	const parent = path.join(appDir(), "claude-config");
+	let entries;
+	try {
+		entries = await fs.readdir(parent);
+	} catch (err) {
+		if (err.code === "ENOENT") return;
+		throw err;
+	}
+	for (const name$1 of entries) {
+		const match = CLAUDE_CONFIG_MIRROR_DIR.exec(name$1);
+		if (!match) continue;
+		if (isPidAlive(Number.parseInt(match[1], 10))) continue;
+		await fs.rm(path.join(parent, name$1), {
+			recursive: true,
+			force: true
+		}).catch((err) => {
+			consola.debug(`sweepStaleClaudeConfigMirrors: cannot rm ${name$1}:`, err);
+		});
+	}
+}
+/**
+* Remove THIS launch's per-launch CLAUDE_CONFIG_DIR on shutdown.
+* Best-effort: a failure here must not block process exit (the caller
+* wraps this in a `.catch`-equivalent via `launchChild`'s onShutdown
+* try/catch). Symmetric to `writePeerMcpRuntimeFiles`'s `cleanup()`:
+* we own this dir for the lifetime of the proxy, so removing it on
+* normal shutdown is correct; the boot-time sweep handles the
+* abnormal-exit case.
+*
+* `fs.rm({recursive: true})` removes SHARED junctions via unlink
+* (does NOT follow them into the user's real `~/.claude/<X>`).
+*/
+async function removeOwnClaudeConfigMirror() {
+	const dir = PATHS.CLAUDE_CONFIG_DIR;
+	await fs.rm(dir, {
+		recursive: true,
+		force: true
+	}).catch((err) => {
+		consola.debug(`removeOwnClaudeConfigMirror: rm ${dir} skipped:`, err);
+	});
+}
 
 //#endregion
 //#region src/lib/state.ts
@@ -2091,6 +2182,42 @@ function buildAgentPrompt(persona, opts) {
 		"When the tool returns, surface its output to the lead verbatim. Do not summarize, paraphrase, or add your own commentary on top — the lead integrates the persona's reply directly."
 	].join("\n");
 }
+/**
+* Build the awareness snippet appended to the spawned `claude` session's
+* system prompt via `--append-system-prompt`. Non-prescriptive — Claude
+* sees that the peer tools and advisor exist; *when* to invoke is left
+* to Claude's judgment.
+*
+* Trimmed to <100 tokens by design. The per-tool descriptions are
+* already in Claude's context as MCP tool descriptions (loaded from
+* `tools/list`); the snippet's net-new value is:
+*   - the `advisor` mention (built-in, not MCP-discoverable),
+*   - the `peer-review-coordinator` fan-out hint,
+*   - the "subagents you spawn inherit these" claim (the load-bearing
+*     UX payoff of the holistic subagent-MCP-inheritance fix).
+*
+* Surface contract (regression-pinned in tests/peer-mcp-personas.test.ts):
+*   - Always lists codex_critic, codex_reviewer, opus_critic, advisor,
+*     peer-review-coordinator, and the subagent-inheritance fact.
+*   - Conditionally lists gemini_critic only when `geminiAvailable`.
+*   - Mentions `codex-cli` stdio bridge only when `codexCli`.
+*
+* The snippet is the awareness layer; the auto-invocation triggers
+* (CALL BEFORE / CALL AFTER) remain in each MCP tool's own `description`.
+* The two layers are intentionally complementary — keep the snippet
+* terse and never re-encode the prescriptive triggers here.
+*/
+function buildPeerAwarenessSnippet(opts) {
+	const criticList = ["`codex_critic` (gpt-5.5)", "`codex_reviewer` (gpt-5.3-codex)"];
+	if (opts.geminiAvailable) criticList.push("`gemini_critic` (gemini-3.1-pro)");
+	criticList.push("`opus_critic` (Opus 4.7)");
+	const codexCliClause = opts.codexCli ? " The `mcp__codex-cli__codex` stdio bridge dispatches to `codex-implementer` for end-to-end coding tasks." : "";
+	return [
+		"## Peer review and advisor",
+		"",
+		`Cross-lab peer critics under \`mcp__gh-router-peers__*\` — ${criticList.join(", ")} — plus the \`peer-review-coordinator\` fan-out subagent, and Claude Code's built-in \`advisor\` tool, are available at your discretion for second opinions and adversarial review. Subagents you spawn inherit them.${codexCliClause}`
+	].join("\n");
+}
 /** Convenience: every persona that should be registered for the given mode. */
 function personasFor(opts) {
 	const result = [];
@@ -2404,6 +2531,90 @@ async function writePeerAgentMdFiles(agents, opts) {
 	};
 }
 /**
+* Mutate the mirrored `<CLAUDE_CONFIG_DIR>/.claude.json` to add the
+* `gh-router-peers` entry (and `codex-cli` when enabled) under
+* `mcpServers`. This is the load-bearing fix for subagent MCP visibility.
+*
+* Subagents — Agent-tool subagents, forks, and agent-teams subprocesses
+* — discover MCP servers from persistent scopes (`.claude.json` and
+* project-scope `.mcp.json`), NOT from the parent's `--mcp-config` CLI
+* flag. Writing into the per-launch mirror's `.claude.json` makes the
+* MCP entry visible to subagents transparently: they inherit
+* `CLAUDE_CONFIG_DIR` from the parent's env, so they read the same
+* config file we just mutated.
+*
+* Safety:
+*   - Refuses to overwrite a same-named user-side entry (the snapshot
+*     copied their `.claude.json` first, so an existing entry would
+*     belong to the user). Returns `{ ok: false }` so the caller can
+*     fall back to leaving `--mcp-config` in place for the parent.
+*   - Preserves all other top-level fields and other `mcpServers`
+*     entries.
+*   - Atomic write: temp-file with `wx` (`O_CREAT | O_EXCL`) followed by
+*     `rename`, mirroring the synthetic-credentials write pattern in
+*     `ensureClaudeConfigMirror`. Mode 0o600. The per-launch
+*     `CLAUDE_CONFIG_DIR` means there are no cross-launch racers.
+*/
+async function injectPeerMcpIntoMirror(serverUrl, opts) {
+	const dir = opts.claudeConfigDir ?? PATHS.CLAUDE_CONFIG_DIR;
+	const target = path.join(dir, ".claude.json");
+	let existing = {};
+	try {
+		const raw = await fs.readFile(target, "utf8");
+		try {
+			const parsed = JSON.parse(raw);
+			if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) existing = parsed;
+			else consola.warn(`injectPeerMcpIntoMirror: ${target} parsed to non-object (typeof=${typeof parsed}); discarding contents and starting fresh.`);
+		} catch (err) {
+			consola.warn(`injectPeerMcpIntoMirror: cannot parse ${target} as JSON; starting fresh (existing contents will be overwritten):`, err);
+		}
+	} catch (err) {
+		if (err.code !== "ENOENT") consola.debug(`injectPeerMcpIntoMirror: cannot read ${target}:`, err);
+	}
+	let mcpServers;
+	const rawServers = existing.mcpServers;
+	if (rawServers !== void 0 && rawServers !== null && typeof rawServers === "object" && !Array.isArray(rawServers)) mcpServers = rawServers;
+	else {
+		if (rawServers !== void 0 && rawServers !== null) consola.warn(`injectPeerMcpIntoMirror: mcpServers field in ${target} is not an object (typeof=${typeof rawServers}); replacing with our entry.`);
+		mcpServers = {};
+	}
+	const peerConfig = buildPeerMcpConfig(serverUrl, {
+		codexCli: opts.codexCli,
+		geminiAvailable: opts.geminiAvailable,
+		nonce: opts.nonce,
+		codexHome: opts.codexHome ?? PATHS.CODEX_HOME
+	});
+	const conflicts = [];
+	for (const name$1 of Object.keys(peerConfig.mcpServers)) if (mcpServers[name$1] !== void 0) conflicts.push(name$1);
+	if (conflicts.length > 0) {
+		consola.warn(`injectPeerMcpIntoMirror: your ~/.claude/.claude.json already has mcpServers entries named [${conflicts.join(", ")}]; refusing to overwrite. Subagents will not see the peer-MCP tools — only the parent session via --mcp-config fallback. To resolve, rename the user-side server(s) (e.g. via \`claude mcp remove\`) and relaunch.`);
+		return {
+			ok: false,
+			reason: "user-has-conflicting-entry",
+			conflictingServers: conflicts
+		};
+	}
+	for (const [name$1, entry] of Object.entries(peerConfig.mcpServers)) mcpServers[name$1] = entry;
+	existing.mcpServers = mcpServers;
+	const desiredJson = JSON.stringify(existing, null, 2) + "\n";
+	await fs.mkdir(dir, { recursive: true });
+	const tempPath = `${target}.${process.pid}.${randomBytes(4).toString("hex")}.tmp`;
+	try {
+		await fs.writeFile(tempPath, desiredJson, {
+			mode: 384,
+			flag: "wx"
+		});
+		await fs.rename(tempPath, target);
+	} catch (err) {
+		await fs.unlink(tempPath).catch(() => {});
+		throw err;
+	}
+	return {
+		ok: true,
+		serversAdded: Object.keys(peerConfig.mcpServers)
+	};
+}
+/**
 * Generate a per-launch nonce, write the MCP config + agents JSON
 * tempfiles under `CLAUDE_RUNTIME_DIR` with mode 0o600 and `O_EXCL`,
 * and return a `cleanup()` to unlink them on shutdown.
@@ -2655,7 +2866,7 @@ function initProxyFromEnv() {
 //#endregion
 //#region package.json
 var name = "github-router";
-var version = "0.3.25";
+var version = "0.3.26";
 
 //#endregion
 //#region src/lib/approval.ts
@@ -6492,7 +6703,10 @@ const claude = defineCommand({
 		process$1.stderr.write(`Server ready on ${serverUrl}, launching Claude Code (${banner})...\n`);
 		const envVars = getClaudeCodeEnvVars(serverUrl, chosenSlug);
 		const extraArgs = args._ ?? [];
-		let onShutdown;
+		const baseShutdown = async () => {
+			await removeOwnClaudeConfigMirror();
+		};
+		let onShutdown = baseShutdown;
 		if (args["codex-mcp"] !== false) try {
 			const requestedCli = args["codex-cli"] ?? false;
 			const backend = resolveCodexCliBackend({
@@ -6506,11 +6720,27 @@ const claude = defineCommand({
 				geminiAvailable: geminiAvailable$1
 			});
 			state.peerMcpNonce = runtime.nonce;
-			onShutdown = runtime.cleanup;
-			extraArgs.push("--mcp-config", runtime.mcpConfigPath);
-			if (args["codex-mcp-only"] === true) extraArgs.push("--strict-mcp-config");
+			onShutdown = async () => {
+				await runtime.cleanup();
+				await baseShutdown();
+			};
+			const injected = await injectPeerMcpIntoMirror(serverUrl, {
+				codexCli: backend === "cli",
+				geminiAvailable: geminiAvailable$1,
+				nonce: runtime.nonce
+			});
+			if (!injected.ok) {
+				extraArgs.push("--mcp-config", runtime.mcpConfigPath);
+				if (args["codex-mcp-only"] === true) extraArgs.push("--strict-mcp-config");
+			} else if (args["codex-mcp-only"] === true) consola.warn("--codex-mcp-only has no effect when peer MCP is wired via the mirrored .claude.json (the user's existing user-scope MCPs in the snapshot are still visible). Pass --no-codex-mcp to skip peer-MCP wiring entirely.");
 			const personaNames = runtime.personas.map((p) => p.agentName).join(", ");
-			process$1.stderr.write(`Peer MCP wired (backend=${backend}, personas=[${personaNames}], subagent .md files=${runtime.agentMdPaths.length}).\n`);
+			const subagentVisibility = injected.ok ? `subagent-visible (mirrored mcpServers: [${injected.serversAdded.join(", ")}])` : `subagent-INVISIBLE (collision on user-side mcpServers: [${injected.conflictingServers.join(", ")}]; parent-only via --mcp-config)`;
+			process$1.stderr.write(`Peer MCP wired (backend=${backend}, personas=[${personaNames}], subagent .md files=${runtime.agentMdPaths.length}, ${subagentVisibility}).\n`);
+			const peerAwarenessOptOut = (process$1.env.GH_ROUTER_PEER_AWARENESS ?? "1").trim().toLowerCase();
+			if (!(peerAwarenessOptOut === "" || peerAwarenessOptOut === "0" || peerAwarenessOptOut === "false" || peerAwarenessOptOut === "off" || peerAwarenessOptOut === "no")) extraArgs.push("--append-system-prompt", buildPeerAwarenessSnippet({
+				codexCli: backend === "cli",
+				geminiAvailable: geminiAvailable$1
+			}));
 		} catch (err) {
 			consola.warn(`Peer MCP wiring failed (claude will launch without it): ${err instanceof Error ? err.message : String(err)}`);
 		}