ragent-cli 1.6.2 → 1.7.1

package/dist/index.js

@@ -31,7 +31,7 @@ var require_package = __commonJS({
   "package.json"(exports2, module2) {
     module2.exports = {
       name: "ragent-cli",
-      version: "1.6.2",
+      version: "1.7.1",
       description: "CLI agent for rAgent Live \u2014 browser-first terminal control plane for AI coding agents",
       main: "dist/index.js",
       bin: {
@@ -682,6 +682,43 @@ function decodeJwtExp(token) {
     return null;
   }
 }
+async function startSessionWithMachineSecret(params) {
+  console.log("[rAgent] Attempting session recovery with machine credential...");
+  const response = await fetch(`${params.portal}/api/agent/session/start`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      hostId: params.hostId,
+      machineSecret: params.machineSecret
+    })
+  });
+  if (response.status === 401 || response.status === 403) {
+    throw new AuthError(
+      "Machine credential rejected \u2014 agent may be revoked. Re-connect with: ragent connect --token <token>"
+    );
+  }
+  if (!response.ok) {
+    const data2 = await response.json().catch(() => ({}));
+    throw new Error(
+      `Session start failed: ${data2.error || response.status}`
+    );
+  }
+  const data = await response.json();
+  if (!data.agentToken) {
+    throw new Error("Session start response missing agentToken");
+  }
+  const patch = {
+    agentToken: data.agentToken,
+    tokenExpiresAt: data.expiresAt || ""
+  };
+  if (data.refreshToken) {
+    patch.refreshToken = data.refreshToken;
+    patch.refreshExpiresAt = data.refreshExpiresAt || "";
+  }
+  saveConfigPatch(patch);
+  console.log("[rAgent] Session recovered via machine credential.");
+  return data.agentToken;
+}
 async function refreshTokenIfNeeded(params) {
   const config = loadConfig();
   const refreshToken = config.refreshToken;
@@ -707,10 +744,23 @@ async function refreshTokenIfNeeded(params) {
       body: JSON.stringify(body)
     });
     if (!response.ok) {
-      const data2 = await response.json().catch(() => ({}));
+      const errorData = await response.json().catch(() => ({}));
       console.warn(
-        `[rAgent] Token refresh failed: ${data2.error || response.status}`
+        `[rAgent] Token refresh failed: ${errorData.error || response.status}`
       );
+      if (config.machineSecret && config.hostId) {
+        try {
+          return await startSessionWithMachineSecret({
+            portal: params.portal,
+            hostId: config.hostId,
+            machineSecret: config.machineSecret
+          });
+        } catch (mcError) {
+          if (mcError instanceof AuthError) throw mcError;
+          const mcMessage = mcError instanceof Error ? mcError.message : String(mcError);
+          console.warn(`[rAgent] Machine credential recovery failed: ${mcMessage}`);
+        }
+      }
       return params.agentToken;
     }
     const data = await response.json();
@@ -723,10 +773,14 @@ async function refreshTokenIfNeeded(params) {
       patch.refreshToken = data.refreshToken;
       patch.refreshExpiresAt = data.refreshExpiresAt || "";
     }
+    if (data.machineSecret) {
+      patch.machineSecret = data.machineSecret;
+    }
     saveConfigPatch(patch);
     console.log("[rAgent] Token refreshed successfully.");
     return data.agentToken;
   } catch (error) {
+    if (error instanceof AuthError) throw error;
     const message = error instanceof Error ? error.message : String(error);
     console.warn(`[rAgent] Token refresh error: ${message}`);
     return params.agentToken;
@@ -753,6 +807,9 @@ async function claimHost(params) {
   if (!data.agentToken) {
     throw new Error("Missing connector token in claim response");
   }
+  if (data.machineSecret) {
+    saveConfigPatch({ machineSecret: data.machineSecret });
+  }
   return data;
 }
 async function negotiateAgent(params) {
@@ -1516,8 +1573,18 @@ var SessionStreamer = class {
     if (!pid) return false;
     if (!(0, import_node_fs.existsSync)(`/proc/${pid}`)) {
       console.warn(`[rAgent] Process ${pid} does not exist (no /proc/${pid}).`);
+      this.sendFn(sessionId, "\r\n[rAgent] Process is no longer running. It will be removed on next sync.\r\n");
       return false;
     }
+    try {
+      const stat = (0, import_node_fs.readFileSync)(`/proc/${pid}/stat`, "utf8");
+      if (stat.includes(") Z")) {
+        console.warn(`[rAgent] Process ${pid} is a zombie.`);
+        this.sendFn(sessionId, "\r\n[rAgent] Process has exited (zombie). It will be removed on next sync.\r\n");
+        return false;
+      }
+    } catch {
+    }
     try {
       const straceProc = (0, import_node_child_process2.spawn)(
         "strace",
@@ -1575,7 +1642,11 @@ var SessionStreamer = class {
         const remaining = stream.utf8Decoder.end();
         if (remaining) this.sendFn(sessionId, remaining);
         if (code === 1) {
-          this.sendFn(sessionId, "\r\n[rAgent] Permission denied: cannot attach to process.\r\nTo enable process tracing, run:\r\n  sudo sysctl kernel.yama.ptrace_scope=0\r\n");
+          if (pid && !(0, import_node_fs.existsSync)(`/proc/${pid}`)) {
+            this.sendFn(sessionId, "\r\n[rAgent] Process has exited. It will be removed on next sync.\r\n");
+          } else {
+            this.sendFn(sessionId, "\r\n[rAgent] Permission denied: cannot attach to process.\r\nTo enable process tracing, run:\r\n  sudo sysctl kernel.yama.ptrace_scope=0\r\n");
+          }
         }
         stream.stopped = true;
         this.active.delete(sessionId);
@@ -2666,8 +2737,13 @@ var ControlDispatcher = class {
             process.kill(pid, "SIGTERM");
             console.log(`[rAgent] Sent SIGTERM to process ${pid} (${sessionId}).`);
           } catch (error) {
-            const message = error instanceof Error ? error.message : String(error);
-            console.warn(`[rAgent] Failed to kill process ${pid}: ${message}`);
+            const code = error.code;
+            if (code === "ESRCH") {
+              console.log(`[rAgent] Process ${pid} already exited, cleaning up.`);
+            } else {
+              const message = error instanceof Error ? error.message : String(error);
+              console.warn(`[rAgent] Failed to kill process ${pid}: ${message}`);
+            }
           }
           await this.syncInventory();
         }
@@ -3667,6 +3743,27 @@ async function runAgent(rawOptions) {
         });
       } catch (error) {
         if (error instanceof AuthError) {
+          const cfg = loadConfig();
+          if (cfg.machineSecret && cfg.hostId) {
+            try {
+              options.agentToken = await startSessionWithMachineSecret({
+                portal: options.portal,
+                hostId: cfg.hostId,
+                machineSecret: cfg.machineSecret
+              });
+              inventory.updateOptions(options);
+              dispatcher.updateOptions(options);
+              console.log("[rAgent] Recovered from auth failure via machine credential. Reconnecting...");
+              continue;
+            } catch (mcError) {
+              if (mcError instanceof AuthError) {
+                console.error(`[rAgent] ${mcError.message}`);
+              } else {
+                const mcMsg = mcError instanceof Error ? mcError.message : String(mcError);
+                console.error(`[rAgent] Machine credential recovery failed: ${mcMsg}`);
+              }
+            }
+          }
           console.error(`[rAgent] ${error.message}`);
           console.error(
             "[rAgent] Connector token is invalid or revoked. Stopping. Re-connect with: ragent connect --token <token>"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ragent-cli",
-  "version": "1.6.2",
+  "version": "1.7.1",
   "description": "CLI agent for rAgent Live — browser-first terminal control plane for AI coding agents",
   "main": "dist/index.js",
   "bin": {