replicas-cli 0.2.30 → 0.2.32

package/dist/index.js

@@ -813,1273 +813,1281 @@ Error: ${error instanceof Error ? error.message : "Unknown error"}`));
 var import_chalk6 = __toESM(require("chalk"));
 var import_child_process4 = require("child_process");
 
-// src/lib/ssh-config.ts
-var import_fs3 = __toESM(require("fs"));
-var import_path4 = __toESM(require("path"));
-var import_os2 = __toESM(require("os"));
-var SSH_CONFIG_PATH = import_path4.default.join(import_os2.default.homedir(), ".ssh", "config");
-var REPLICAS_MARKER_START = "# === REPLICAS CLI MANAGED ENTRY START ===";
-var REPLICAS_MARKER_END = "# === REPLICAS CLI MANAGED ENTRY END ===";
-function ensureSSHDir() {
-  const sshDir = import_path4.default.join(import_os2.default.homedir(), ".ssh");
-  if (!import_fs3.default.existsSync(sshDir)) {
-    import_fs3.default.mkdirSync(sshDir, { recursive: true, mode: 448 });
-  }
-}
-function readSSHConfig() {
-  ensureSSHDir();
-  if (!import_fs3.default.existsSync(SSH_CONFIG_PATH)) {
-    return "";
+// ../shared/src/sandbox.ts
+var SANDBOX_LIFECYCLE = {
+  AUTO_STOP_MINUTES: 60,
+  AUTO_ARCHIVE_MINUTES: 60 * 24 * 7,
+  AUTO_DELETE_MINUTES: -1,
+  SSH_TOKEN_EXPIRATION_MINUTES: 3 * 60
+};
+var SANDBOX_PATHS = {
+  HOME_DIR: "/home/ubuntu",
+  WORKSPACES_DIR: "/home/ubuntu/workspaces",
+  REPLICAS_FILES_DIR: "/home/ubuntu/.replicas/files",
+  REPLICAS_FILES_DISPLAY_DIR: "~/.replicas/files"
+};
+
+// ../shared/src/routes/workspaces.ts
+var WORKSPACE_FILE_UPLOAD_MAX_SIZE_BYTES = 20 * 1024 * 1024;
+var WORKSPACE_FILE_CONTENT_MAX_SIZE_BYTES = 1 * 1024 * 1024;
+
+// ../shared/src/display-message/parsers/codex-parser.ts
+function safeJsonParse(str, fallback) {
+  try {
+    return JSON.parse(str);
+  } catch {
+    return fallback;
   }
-  return import_fs3.default.readFileSync(SSH_CONFIG_PATH, "utf-8");
 }
-function writeSSHConfig(content) {
-  ensureSSHDir();
-  import_fs3.default.writeFileSync(SSH_CONFIG_PATH, content, { mode: 384 });
+function getStatusFromExitCode(exitCode) {
+  return exitCode === 0 ? "completed" : "failed";
 }
-function generateConfigBlock(entry) {
-  const lines = [
-    REPLICAS_MARKER_START,
-    `Host ${entry.host}`,
-    `  HostName ${entry.hostname}`,
-    `  User ${entry.user}`,
-    `  StrictHostKeyChecking no`,
-    `  UserKnownHostsFile /dev/null`
-  ];
-  if (entry.portForwards && entry.portForwards.size > 0) {
-    for (const [localPort, remotePort] of entry.portForwards) {
-      lines.push(`  LocalForward ${localPort} localhost:${remotePort}`);
-    }
-  }
-  lines.push(REPLICAS_MARKER_END);
-  return lines.join("\n");
+function parseShellOutput(raw) {
+  const exitCodeMatch = raw.match(/^Exit code: (\d+)/);
+  const exitCode = exitCodeMatch ? parseInt(exitCodeMatch[1], 10) : 0;
+  const outputIndex = raw.indexOf("Output:\n");
+  const output = outputIndex >= 0 ? raw.slice(outputIndex + "Output:\n".length) : raw;
+  return { exitCode, output };
 }
-function addOrUpdateSSHConfigEntry(entry) {
-  let config2 = readSSHConfig();
-  const lines = config2.split("\n");
-  const result = [];
-  let inTargetBlock = false;
-  for (const line of lines) {
-    if (line.trim() === REPLICAS_MARKER_START) {
-      const nextLines = lines.slice(lines.indexOf(line) + 1, lines.indexOf(line) + 3);
-      const hostLine = nextLines.find((l) => l.trim().startsWith("Host "));
-      if (hostLine && hostLine.includes(entry.host)) {
-        inTargetBlock = true;
-        continue;
+function parsePatch(input) {
+  const operations = [];
+  const lines = input.split("\n");
+  let currentOp = null;
+  let diffLines = [];
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    if (line.startsWith("*** Add File:")) {
+      if (currentOp) {
+        if (diffLines.length > 0) currentOp.diff = diffLines.join("\n");
+        operations.push(currentOp);
+        diffLines = [];
       }
-      result.push(line);
-      continue;
-    }
-    if (line.trim() === REPLICAS_MARKER_END) {
-      if (inTargetBlock) {
-        inTargetBlock = false;
-        continue;
+      currentOp = {
+        action: "add",
+        path: line.replace("*** Add File:", "").trim()
+      };
+    } else if (line.startsWith("*** Update File:")) {
+      if (currentOp) {
+        if (diffLines.length > 0) currentOp.diff = diffLines.join("\n");
+        operations.push(currentOp);
+        diffLines = [];
       }
-      result.push(line);
-      continue;
-    }
-    if (inTargetBlock) {
+      currentOp = {
+        action: "update",
+        path: line.replace("*** Update File:", "").trim()
+      };
+    } else if (line.startsWith("*** Delete File:")) {
+      if (currentOp) {
+        if (diffLines.length > 0) currentOp.diff = diffLines.join("\n");
+        operations.push(currentOp);
+        diffLines = [];
+      }
+      currentOp = {
+        action: "delete",
+        path: line.replace("*** Delete File:", "").trim()
+      };
+    } else if (line.startsWith("*** Move to:")) {
+      if (currentOp) {
+        currentOp.moveTo = line.replace("*** Move to:", "").trim();
+      }
+    } else if (line.startsWith("*** Begin Patch") || line.startsWith("*** End Patch")) {
       continue;
+    } else if (currentOp && (line.startsWith("+") || line.startsWith("-") || line.startsWith("@@") || line.trim() === "")) {
+      diffLines.push(line);
     }
-    result.push(line);
-  }
-  config2 = result.join("\n");
-  const newEntry = generateConfigBlock(entry);
-  let finalConfig = config2.trim();
-  if (finalConfig.length > 0) {
-    finalConfig += "\n\n";
-  }
-  finalConfig += newEntry + "\n";
-  writeSSHConfig(finalConfig);
-}
-function getWorkspaceHostAlias(workspaceName) {
-  return `replicas-${workspaceName.toLowerCase().replace(/[^a-z0-9-]/g, "-")}`;
-}
-
-// src/commands/code.ts
-async function codeCommand(workspaceName, options) {
-  if (!isAuthenticated()) {
-    console.log(import_chalk6.default.red('Not logged in. Please run "replicas login" first.'));
-    process.exit(1);
   }
-  try {
-    const { workspace, sshToken, sshHost, portMappings, repoName } = await prepareWorkspaceConnection(
-      workspaceName,
-      options
-    );
-    const hostAlias = getWorkspaceHostAlias(workspace.name);
-    console.log(import_chalk6.default.blue("\nConfiguring SSH connection..."));
-    addOrUpdateSSHConfigEntry({
-      host: hostAlias,
-      hostname: sshHost,
-      user: sshToken,
-      portForwards: portMappings
-    });
-    console.log(import_chalk6.default.green(`\u2713 SSH config entry created: ${hostAlias}`));
-    const remotePath = repoName ? `/home/ubuntu/workspaces/${repoName}` : "/home/ubuntu";
-    const ideCommand = getIdeCommand();
-    const fullCommand = `${ideCommand} --remote ssh-remote+${hostAlias} ${remotePath}`;
-    console.log(import_chalk6.default.blue(`
-Opening ${ideCommand} for workspace ${workspace.name}...`));
-    console.log(import_chalk6.default.gray(`Command: ${fullCommand}`));
-    if (portMappings.size > 0) {
-      console.log(import_chalk6.default.cyan("\nPort forwarding configured:"));
-      for (const [remotePort, localPort] of portMappings) {
-        console.log(import_chalk6.default.cyan(`  \u2022 localhost:${localPort} \u2192 workspace:${remotePort}`));
-      }
-    }
-    console.log(import_chalk6.default.yellow(`
-Note: SSH tokens expire after 3 hours. Run this command again to refresh.`));
-    const ide = (0, import_child_process4.spawn)(ideCommand, [
-      "--remote",
-      `ssh-remote+${hostAlias}`,
-      remotePath
-    ], {
-      stdio: "inherit",
-      detached: false
-    });
-    ide.on("error", (error) => {
-      console.error(import_chalk6.default.red(`
-Failed to launch ${ideCommand}: ${error.message}`));
-      console.log(import_chalk6.default.yellow(`
-Make sure ${ideCommand} is installed and available in your PATH.`));
-      console.log(import_chalk6.default.gray(`You can configure a different IDE with: replicas config set ide <command>`));
-      process.exit(1);
-    });
-    ide.on("close", (code) => {
-      if (code === 0) {
-        console.log(import_chalk6.default.green(`
-\u2713 ${ideCommand} closed successfully.
-`));
-      }
-    });
-  } catch (error) {
-    console.error(import_chalk6.default.red(`
-Error: ${error instanceof Error ? error.message : "Unknown error"}`));
-    process.exit(1);
+  if (currentOp) {
+    if (diffLines.length > 0) currentOp.diff = diffLines.join("\n");
+    operations.push(currentOp);
   }
+  return operations;
 }
-
-// src/commands/org.ts
-var import_chalk7 = __toESM(require("chalk"));
-var import_prompts2 = __toESM(require("prompts"));
-async function orgCommand() {
-  if (!isAuthenticated()) {
-    console.log(import_chalk7.default.red('Not logged in. Please run "replicas login" first.'));
-    process.exit(1);
-  }
-  try {
-    const currentOrgId = getOrganizationId();
-    const organizations = await fetchOrganizations();
-    if (!currentOrgId) {
-      console.log(import_chalk7.default.yellow("No organization selected."));
-      console.log(import_chalk7.default.gray('Run "replicas org switch" to select an organization.\n'));
-      return;
+function parseCodexEvents(events) {
+  const messages = [];
+  const pendingCommands = /* @__PURE__ */ new Map();
+  const pendingPatches = /* @__PURE__ */ new Map();
+  events.forEach((event, eventIndex) => {
+    if (event.type === "event_msg" && event.payload?.type === "user_message") {
+      messages.push({
+        id: `user-${event.timestamp}-${eventIndex}`,
+        type: "user",
+        content: event.payload.message || "",
+        timestamp: event.timestamp
+      });
     }
-    const currentOrg = organizations.find((org2) => org2.id === currentOrgId);
-    if (!currentOrg) {
-      console.log(import_chalk7.default.yellow(`Current organization ID (${currentOrgId}) not found.`));
-      console.log(import_chalk7.default.gray('Run "replicas org switch" to select a new organization.\n'));
-      return;
+    if (event.type === "event_msg" && event.payload?.type === "agent_reasoning") {
+      messages.push({
+        id: `reasoning-${event.timestamp}-${eventIndex}-${messages.length}`,
+        type: "reasoning",
+        content: event.payload.text || "",
+        status: "completed",
+        timestamp: event.timestamp
+      });
     }
-    console.log(import_chalk7.default.green("\nCurrent organization:"));
-    console.log(import_chalk7.default.gray(`  Name: ${currentOrg.name}`));
-    console.log(import_chalk7.default.gray(`  ID: ${currentOrg.id}
-`));
-  } catch (error) {
-    console.error(import_chalk7.default.red(`Error: ${error instanceof Error ? error.message : "Unknown error"}`));
-    process.exit(1);
-  }
-}
-async function orgSwitchCommand() {
-  if (!isAuthenticated()) {
-    console.log(import_chalk7.default.red('Not logged in. Please run "replicas login" first.'));
-    process.exit(1);
-  }
-  try {
-    const organizations = await fetchOrganizations();
-    if (organizations.length === 0) {
-      console.log(import_chalk7.default.yellow("You are not a member of any organization."));
-      console.log(import_chalk7.default.gray("Please contact support.\n"));
-      return;
-    }
-    if (organizations.length === 1) {
-      await setActiveOrganization(organizations[0].id);
-      console.log(import_chalk7.default.green(`
-\u2713 Organization set to: ${organizations[0].name}
-`));
-      return;
-    }
-    const currentOrgId = getOrganizationId();
-    const response = await (0, import_prompts2.default)({
-      type: "select",
-      name: "organizationId",
-      message: "Select an organization:",
-      choices: organizations.map((org2) => ({
-        title: `${org2.name}${org2.id === currentOrgId ? " (current)" : ""}`,
-        value: org2.id,
-        description: org2.id
-      })),
-      initial: organizations.findIndex((org2) => org2.id === currentOrgId)
-    });
-    if (!response.organizationId) {
-      console.log(import_chalk7.default.yellow("\nCancelled."));
-      return;
+    if (event.type === "response_item") {
+      const payloadType = event.payload?.type;
+      if (payloadType === "message" && event.payload?.role === "assistant") {
+        const content = event.payload.content || [];
+        const textContent = content.filter((c) => c.type === "output_text").map((c) => c.text || "").join("\n");
+        if (textContent) {
+          messages.push({
+            id: `agent-${event.timestamp}-${eventIndex}`,
+            type: "agent",
+            content: textContent,
+            timestamp: event.timestamp
+          });
+        }
+      }
+      if (payloadType === "function_call" && (event.payload?.name === "shell" || event.payload?.name === "shell_command")) {
+        const callId = event.payload.call_id;
+        const args = safeJsonParse(event.payload.arguments || "{}", {});
+        const command = Array.isArray(args.command) ? args.command.join(" ") : args.command || "";
+        const msg = {
+          id: `command-${callId || "no-call-id"}-${eventIndex}`,
+          type: "command",
+          command,
+          output: "",
+          status: "in_progress",
+          timestamp: event.timestamp
+        };
+        messages.push(msg);
+        if (callId) {
+          pendingCommands.set(callId, msg);
+        }
+      }
+      if (payloadType === "function_call_output") {
+        const callId = event.payload.call_id;
+        const rawOutput = event.payload.output || "";
+        const commandMsg = callId ? pendingCommands.get(callId) : void 0;
+        if (commandMsg) {
+          const { exitCode, output } = parseShellOutput(rawOutput);
+          commandMsg.output = output;
+          commandMsg.exitCode = exitCode;
+          commandMsg.status = getStatusFromExitCode(exitCode);
+          pendingCommands.delete(callId);
+        }
+      }
+      if (payloadType === "custom_tool_call") {
+        const callId = event.payload.call_id;
+        const name = event.payload.name;
+        const input = event.payload.input || "";
+        const status = event.payload.status || "in_progress";
+        if (name === "apply_patch") {
+          const operations = parsePatch(input);
+          pendingPatches.set(callId, { input, status, timestamp: event.timestamp, operations });
+        } else {
+          messages.push({
+            id: `toolcall-${event.timestamp}-${eventIndex}`,
+            type: "tool_call",
+            server: "custom",
+            tool: name,
+            status,
+            timestamp: event.timestamp
+          });
+        }
+      }
+      if (payloadType === "custom_tool_call_output") {
+        const callId = event.payload.call_id;
+        const output = safeJsonParse(
+          event.payload.output || "{}",
+          {}
+        );
+        const pendingPatch = pendingPatches.get(callId);
+        if (pendingPatch) {
+          messages.push({
+            id: `patch-${pendingPatch.timestamp}-${eventIndex}`,
+            type: "patch",
+            operations: pendingPatch.operations,
+            output: output.output || "",
+            exitCode: output.metadata?.exit_code,
+            status: getStatusFromExitCode(output.metadata?.exit_code),
+            timestamp: pendingPatch.timestamp
+          });
+          pendingPatches.delete(callId);
+        } else {
+          const toolCallMsg = messages.findLast((m) => m.type === "tool_call");
+          if (toolCallMsg) {
+            toolCallMsg.status = getStatusFromExitCode(output.metadata?.exit_code);
+          }
+        }
+      }
+      if (payloadType === "function_call" && event.payload?.name === "update_plan") {
+        const args = safeJsonParse(
+          event.payload.arguments || "{}",
+          {}
+        );
+        if (args.plan && Array.isArray(args.plan)) {
+          const todoItems = args.plan.map((item) => ({
+            text: item.step,
+            completed: item.status === "completed"
+          }));
+          messages.push({
+            id: `todo-${event.timestamp}-${eventIndex}`,
+            type: "todo_list",
+            items: todoItems,
+            status: "completed",
+            timestamp: event.timestamp
+          });
+        }
+      }
     }
-    await setActiveOrganization(response.organizationId);
-    const selectedOrg = organizations.find((org2) => org2.id === response.organizationId);
-    console.log(import_chalk7.default.green(`
-\u2713 Switched to organization: ${selectedOrg?.name}
-`));
-  } catch (error) {
-    console.error(import_chalk7.default.red(`Error: ${error instanceof Error ? error.message : "Unknown error"}`));
-    process.exit(1);
-  }
+  });
+  return messages;
 }
 
-// src/commands/config.ts
-var import_chalk8 = __toESM(require("chalk"));
-async function configGetCommand(key) {
-  if (!isAuthenticated()) {
-    console.log(import_chalk8.default.red('Not logged in. Please run "replicas login" first.'));
-    process.exit(1);
-  }
-  try {
-    if (key === "ide") {
-      const ideCommand = getIdeCommand();
-      console.log(import_chalk8.default.green(`
-IDE command: ${ideCommand}
-`));
-    } else {
-      console.log(import_chalk8.default.red(`Unknown config key: ${key}`));
-      console.log(import_chalk8.default.gray("Available keys: ide"));
-      process.exit(1);
-    }
-  } catch (error) {
-    console.error(import_chalk8.default.red(`Error: ${error instanceof Error ? error.message : "Unknown error"}`));
-    process.exit(1);
-  }
-}
-async function configSetCommand(key, value) {
-  if (!isAuthenticated()) {
-    console.log(import_chalk8.default.red('Not logged in. Please run "replicas login" first.'));
-    process.exit(1);
-  }
+// ../shared/src/display-message/parsers/claude-parser.ts
+function safeJsonParse2(str, fallback) {
   try {
-    if (key === "ide") {
-      setIdeCommand(value);
-      console.log(import_chalk8.default.green(`
-\u2713 IDE command set to: ${value}
-`));
-    } else {
-      console.log(import_chalk8.default.red(`Unknown config key: ${key}`));
-      console.log(import_chalk8.default.gray("Available keys: ide"));
-      process.exit(1);
-    }
-  } catch (error) {
-    console.error(import_chalk8.default.red(`Error: ${error instanceof Error ? error.message : "Unknown error"}`));
-    process.exit(1);
+    return JSON.parse(str);
+  } catch {
+    return fallback;
   }
 }
-async function configListCommand() {
-  if (!isAuthenticated()) {
-    console.log(import_chalk8.default.red('Not logged in. Please run "replicas login" first.'));
-    process.exit(1);
-  }
-  try {
-    const config2 = readConfig();
-    if (!config2) {
-      console.log(import_chalk8.default.red("No config found. Please login first."));
-      process.exit(1);
-    }
-    console.log(import_chalk8.default.green("\nCurrent configuration:"));
-    console.log(import_chalk8.default.gray(`  Organization ID: ${config2.organization_id || "(not set)"}`));
-    console.log(import_chalk8.default.gray(`  IDE command: ${config2.ide_command || "code (default)"}`));
-    console.log();
-  } catch (error) {
-    console.error(import_chalk8.default.red(`Error: ${error instanceof Error ? error.message : "Unknown error"}`));
-    process.exit(1);
+function extractToolResultContent(content) {
+  if (!content) return "";
+  if (typeof content === "string") return content;
+  if (Array.isArray(content)) {
+    return content.filter((item) => item.type === "text").map((item) => item.text || "").join("\n");
   }
+  return "";
 }
-
-// src/commands/tools.ts
-var import_chalk9 = __toESM(require("chalk"));
-var import_figlet = __toESM(require("figlet"));
-async function toolsCommand() {
-  const banner = import_figlet.default.textSync("Replicas Machine Image", {
-    horizontalLayout: "default",
-    verticalLayout: "default",
-    whitespaceBreak: true
-  });
-  console.log(import_chalk9.default.cyan(banner));
-  console.log();
-  console.log(import_chalk9.default.bold("RMI Version: v0.1.3"));
-  console.log();
-  console.log(
-    import_chalk9.default.gray(
-      "The following tooling and dependencies are provided by default on the Replicas Machine Image.\n"
-    )
+function parseClaudeEvents(events, parentToolUseId) {
+  const messages = [];
+  const filterValue = parentToolUseId !== void 0 ? parentToolUseId : null;
+  const filteredEvents = events.filter(
+    (e) => e.payload.parent_tool_use_id === filterValue
   );
-  const sections = [
-    {
-      title: "Python",
-      tools: ["Python 3.12.3", "pip 24", "Poetry 2.2.1", "uv 0.9.5"]
-    },
-    {
-      title: "Node.js",
-      tools: [
-        "Node.js 22.21.0",
-        "npm 10.9.4",
-        "nvm 0.40.3",
-        "Yarn 1.22.22",
-        "pnpm 10.18.3",
-        "ESLint 9.38.0",
-        "Prettier 3.6.2"
-      ]
-    },
-    {
-      title: "C/C++",
-      tools: ["gcc 13.3.0", "g++ 13.3.0", "make 4.3"]
-    },
-    {
-      title: "Perl",
-      tools: ["Perl 5.38.2"]
-    },
-    {
-      title: "AI Coding Assistants",
-      tools: ["Claude Code (@anthropic-ai/claude-code)", "OpenAI Codex (@openai/codex)"]
-    },
-    {
-      title: "Misc",
-      tools: [
-        "git 2.43.0",
-        "vim 9.1.697",
-        "nano 7.2",
-        "curl",
-        "wget",
-        "GitHub CLI (gh)",
-        "Docker Engine"
-      ]
+  const toolCallMap = /* @__PURE__ */ new Map();
+  filteredEvents.forEach((event) => {
+    if (event.type === "claude-user") {
+      const content = event.payload.message?.content || [];
+      const toolResult = content.find((c) => c.type === "tool_result");
+      if (toolResult && toolResult.tool_use_id) {
+        return;
+      }
+      const textContent = content.filter((c) => c.type === "text").map((c) => c.text || "").join("\n");
+      const images = content.filter((c) => c.type === "image" && c.source).map((c) => {
+        const source = c.source;
+        return {
+          type: "image",
+          mediaType: source.media_type || "image/png",
+          data: source.data || ""
+        };
+      }).filter((img) => img.data);
+      if (textContent || images.length > 0) {
+        messages.push({
+          id: `user-${event.timestamp}`,
+          type: "user",
+          content: textContent || (images.length > 0 ? `[${images.length} image${images.length > 1 ? "s" : ""} attached]` : ""),
+          images: images.length > 0 ? images : void 0,
+          timestamp: event.timestamp
+        });
+      }
     }
-  ];
-  sections.forEach((section) => {
-    console.log(import_chalk9.default.blue(section.title));
-    section.tools.forEach((tool) => {
-      console.log(`  - ${tool}`);
-    });
-    console.log();
-  });
-}
-
-// src/commands/codex-auth.ts
-var import_chalk10 = __toESM(require("chalk"));
-
-// src/lib/codex-oauth.ts
-var import_http2 = __toESM(require("http"));
-var import_url2 = require("url");
-var import_open2 = __toESM(require("open"));
-
-// src/lib/pkce.ts
-var import_crypto = require("crypto");
-function generatePkceCodes() {
-  const verifierBytes = (0, import_crypto.randomBytes)(32);
-  const codeVerifier = verifierBytes.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-  const hash = (0, import_crypto.createHash)("sha256");
-  hash.update(codeVerifier);
-  const codeChallenge = hash.digest("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-  return {
-    codeVerifier,
-    codeChallenge
-  };
-}
-function generateState2() {
-  return (0, import_crypto.randomBytes)(16).toString("hex");
-}
-
-// src/lib/codex-oauth.ts
-var CODEX_OAUTH_CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
-var AUTHORIZATION_ENDPOINT = "https://auth.openai.com/oauth/authorize";
-var TOKEN_ENDPOINT = "https://auth.openai.com/oauth/token";
-var CALLBACK_PORT = 1455;
-var CALLBACK_PATH = "/auth/callback";
-var WEB_APP_URL2 = process.env.REPLICAS_WEB_URL || "https://replicas.dev";
-function buildAuthorizationUrl(codeChallenge, state) {
-  const redirectUri = `http://localhost:${CALLBACK_PORT}${CALLBACK_PATH}`;
-  const params = new URLSearchParams({
-    response_type: "code",
-    client_id: CODEX_OAUTH_CLIENT_ID,
-    redirect_uri: redirectUri,
-    scope: "openid profile email offline_access",
-    code_challenge: codeChallenge,
-    code_challenge_method: "S256",
-    id_token_add_organizations: "true",
-    codex_cli_simplified_flow: "true",
-    state,
-    originator: "codex_cli_rs"
-  });
-  return `${AUTHORIZATION_ENDPOINT}?${params.toString()}`;
-}
-async function exchangeCodeForTokens(code, codeVerifier) {
-  const redirectUri = `http://localhost:${CALLBACK_PORT}${CALLBACK_PATH}`;
-  const params = new URLSearchParams({
-    grant_type: "authorization_code",
-    code,
-    redirect_uri: redirectUri,
-    client_id: CODEX_OAUTH_CLIENT_ID,
-    code_verifier: codeVerifier
-  });
-  const response = await fetch(TOKEN_ENDPOINT, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded"
-    },
-    body: params.toString()
-  });
-  if (!response.ok) {
-    const errorText = await response.text();
-    throw new Error(`Failed to exchange code for tokens: ${response.status} ${errorText}`);
-  }
-  const data = await response.json();
-  return {
-    idToken: data.id_token,
-    accessToken: data.access_token,
-    refreshToken: data.refresh_token
-  };
-}
-function startCallbackServer(expectedState, codeVerifier) {
-  return new Promise((resolve, reject) => {
-    const server = import_http2.default.createServer(async (req, res) => {
-      try {
-        if (!req.url) {
-          res.writeHead(400);
-          res.end("Bad Request");
-          return;
+    if (event.type === "claude-assistant") {
+      const contentBlocks = event.payload.message?.content || [];
+      contentBlocks.forEach((block) => {
+        if (block.type === "text" && block.text) {
+          messages.push({
+            id: `agent-${event.timestamp}-${messages.length}`,
+            type: "agent",
+            content: block.text,
+            timestamp: event.timestamp
+          });
         }
-        const url = new import_url2.URL(req.url, `http://127.0.0.1:${CALLBACK_PORT}`);
-        if (url.pathname === CALLBACK_PATH) {
-          const code = url.searchParams.get("code");
-          const state = url.searchParams.get("state");
-          const error = url.searchParams.get("error");
-          const errorDescription = url.searchParams.get("error_description");
-          if (error) {
-            const errorMessage = encodeURIComponent(`${error}: ${errorDescription || "Unknown error"}`);
-            res.writeHead(302, { "Location": `${WEB_APP_URL2}/codex/oauth/error?message=${errorMessage}` });
-            res.end();
-            server.close();
-            reject(new Error(`OAuth error: ${error} - ${errorDescription}`));
-            return;
-          }
-          if (state !== expectedState) {
-            const errorMessage = encodeURIComponent("State parameter mismatch. Possible CSRF attack.");
-            res.writeHead(302, { "Location": `${WEB_APP_URL2}/codex/oauth/error?message=${errorMessage}` });
-            res.end();
-            server.close();
-            reject(new Error("State mismatch - possible CSRF attack"));
-            return;
-          }
-          if (!code) {
-            const errorMessage = encodeURIComponent("No authorization code received.");
-            res.writeHead(302, { "Location": `${WEB_APP_URL2}/codex/oauth/error?message=${errorMessage}` });
-            res.end();
-            server.close();
-            reject(new Error("No authorization code received"));
-            return;
-          }
-          try {
-            const tokens = await exchangeCodeForTokens(code, codeVerifier);
-            res.writeHead(302, { "Location": `${WEB_APP_URL2}/codex/oauth/success` });
-            res.end();
-            server.close();
-            resolve(tokens);
-          } catch (tokenError) {
-            const errorMessage = encodeURIComponent(tokenError instanceof Error ? tokenError.message : "Unknown error");
-            res.writeHead(302, { "Location": `${WEB_APP_URL2}/codex/oauth/error?message=${errorMessage}` });
-            res.end();
-            server.close();
-            reject(tokenError);
+        if (block.type === "thinking" && block.text) {
+          messages.push({
+            id: `reasoning-${event.timestamp}-${messages.length}`,
+            type: "reasoning",
+            content: block.text,
+            status: "completed",
+            timestamp: event.timestamp
+          });
+        }
+        if (block.type === "tool_use" && block.id) {
+          const toolName = block.name || "unknown";
+          const toolInput = block.input || {};
+          const toolUseId = block.id;
+          toolCallMap.set(toolUseId, {
+            messageIndex: messages.length,
+            toolName,
+            input: toolInput
+          });
+          if (toolName === "Task") {
+            const inputObj = typeof toolInput === "string" ? safeJsonParse2(toolInput, {}) : toolInput;
+            const nestedEvents = events.filter((e) => e.payload.parent_tool_use_id === toolUseId).map((e) => ({
+              timestamp: e.timestamp,
+              type: e.type,
+              payload: e.payload
+            }));
+            messages.push({
+              id: `subagent-${event.timestamp}-${messages.length}`,
+              type: "subagent",
+              toolUseId,
+              description: inputObj.description || "Subagent Task",
+              prompt: inputObj.prompt || "",
+              subagentType: inputObj.subagent_type || "general",
+              model: inputObj.model,
+              status: "in_progress",
+              nestedEvents,
+              timestamp: event.timestamp
+            });
+          } else if (toolName === "Bash" || toolName === "bash" || toolName === "shell") {
+            const inputObj = typeof toolInput === "string" ? safeJsonParse2(toolInput, {}) : toolInput;
+            const command = inputObj.command || "";
+            messages.push({
+              id: `command-${event.timestamp}-${messages.length}`,
+              type: "command",
+              command,
+              output: "",
+              status: "in_progress",
+              timestamp: event.timestamp
+            });
+          } else if (toolName === "Write" || toolName === "Edit") {
+            const inputObj = typeof toolInput === "string" ? safeJsonParse2(toolInput, {}) : toolInput;
+            const filePath = inputObj.file_path || "";
+            const action = toolName === "Write" ? "add" : "update";
+            messages.push({
+              id: `file-${event.timestamp}-${messages.length}`,
+              type: "file_change",
+              changes: [{
+                path: filePath,
+                kind: action
+              }],
+              status: "in_progress",
+              timestamp: event.timestamp
+            });
+          } else if (toolName === "TodoWrite") {
+            const inputObj = typeof toolInput === "string" ? safeJsonParse2(toolInput, {}) : toolInput;
+            const todos = inputObj.todos || [];
+            const todoItems = todos.map((todo) => ({
+              text: todo.content,
+              completed: todo.status === "completed"
+            }));
+            if (todoItems.length > 0) {
+              messages.push({
+                id: `todo-${event.timestamp}-${messages.length}`,
+                type: "todo_list",
+                items: todoItems,
+                status: "completed",
+                timestamp: event.timestamp
+              });
+            }
+          } else if (toolName === "WebSearch") {
+            const inputObj = typeof toolInput === "string" ? safeJsonParse2(toolInput, {}) : toolInput;
+            const query = inputObj.query || "";
+            messages.push({
+              id: `search-${event.timestamp}-${messages.length}`,
+              type: "web_search",
+              query,
+              status: "in_progress",
+              timestamp: event.timestamp
+            });
+          } else {
+            messages.push({
+              id: `toolcall-${event.timestamp}-${messages.length}`,
+              type: "tool_call",
+              server: "claude",
+              tool: toolName,
+              input: toolInput,
+              status: "in_progress",
+              timestamp: event.timestamp
+            });
           }
-        } else {
-          res.writeHead(404);
-          res.end("Not Found");
         }
-      } catch (serverError) {
-        res.writeHead(500);
-        res.end("Internal Server Error");
-        server.close();
-        reject(serverError);
+      });
+    }
+    if (event.type === "claude-result") {
+      const payload = event.payload;
+      if (payload.is_error || payload.subtype !== "success") {
+        const errorList = payload.errors || [];
+        const errorMessage = errorList.length > 0 ? errorList.join("\n") : "Claude session encountered an unexpected error.";
+        messages.push({
+          id: `error-${event.timestamp}`,
+          type: "error",
+          message: errorMessage,
+          timestamp: event.timestamp
+        });
       }
-    });
-    server.on("error", (err) => {
-      if (err.code === "EADDRINUSE") {
-        reject(new Error(`Port ${CALLBACK_PORT} is already in use. Please close any other OAuth flows and try again.`));
-      } else {
-        reject(err);
+    }
+  });
+  filteredEvents.forEach((event) => {
+    if (event.type === "claude-user") {
+      const content = event.payload.message?.content || [];
+      const toolResult = content.find((c) => c.type === "tool_result");
+      if (toolResult && toolResult.tool_use_id) {
+        const toolInfo = toolCallMap.get(toolResult.tool_use_id);
+        if (!toolInfo) return;
+        const resultContent = extractToolResultContent(toolResult.content);
+        const isError = toolResult.is_error || false;
+        const status = isError ? "failed" : "completed";
+        const message = messages[toolInfo.messageIndex];
+        if (!message) return;
+        if (message.type === "command") {
+          message.output = resultContent;
+          message.status = status;
+          const exitCodeMatch = resultContent.match(/exit code:?\s*(\d+)/i);
+          if (exitCodeMatch) {
+            message.exitCode = parseInt(exitCodeMatch[1], 10);
+          } else {
+            message.exitCode = isError ? 1 : 0;
+          }
+        } else if (message.type === "file_change") {
+          message.status = status;
+        } else if (message.type === "web_search") {
+          message.status = status;
+        } else if (message.type === "tool_call") {
+          message.output = resultContent;
+          message.status = status;
+        } else if (message.type === "subagent") {
+          message.output = resultContent;
+          message.status = status;
+        }
       }
-    });
-    server.listen(CALLBACK_PORT, "127.0.0.1");
+    }
   });
+  return messages;
 }
-async function runCodexOAuthFlow() {
-  const pkce = generatePkceCodes();
-  const state = generateState2();
-  const authUrl = buildAuthorizationUrl(pkce.codeChallenge, state);
-  const tokensPromise = startCallbackServer(state, pkce.codeVerifier);
-  await new Promise((resolve) => setTimeout(resolve, 500));
-  console.log("If the browser does not open automatically, visit:");
-  console.log(authUrl);
-  console.log();
-  try {
-    await (0, import_open2.default)(authUrl);
-  } catch (openError) {
-    console.warn("Failed to open browser automatically. Please open the URL manually.");
+
+// ../shared/src/display-message/parsers/index.ts
+function parseAgentEvents(events, agentType) {
+  if (agentType === "codex") {
+    return parseCodexEvents(events);
+  } else if (agentType === "claude") {
+    return parseClaudeEvents(events);
   }
-  console.log("Waiting for authentication...");
-  const tokens = await tokensPromise;
-  console.log("\u2713 Successfully obtained Codex credentials");
-  return tokens;
+  return [];
 }
 
-// src/commands/codex-auth.ts
-async function codexAuthCommand(options = {}) {
-  const isUserScoped = options.user === true;
-  const scopeLabel = isUserScoped ? "personal" : "organization";
-  console.log(import_chalk10.default.cyan(`Authenticating with Codex (${scopeLabel})...
-`));
-  try {
-    const tokens = await runCodexOAuthFlow();
-    console.log(import_chalk10.default.gray("\nUploading credentials to Replicas..."));
-    const endpoint = isUserScoped ? "/v1/codex/user/credentials" : "/v1/codex/credentials";
-    const response = await orgAuthenticatedFetch(
-      endpoint,
-      {
-        method: "POST",
-        body: {
-          access_token: tokens.accessToken,
-          refresh_token: tokens.refreshToken,
-          id_token: tokens.idToken
-        }
-      }
-    );
-    if (response.success) {
-      console.log(import_chalk10.default.green("\n\u2713 Codex authentication complete!"));
-      if (response.email) {
-        console.log(import_chalk10.default.gray(`  Account: ${response.email}`));
+// src/lib/ssh-config.ts
+var import_fs3 = __toESM(require("fs"));
+var import_path4 = __toESM(require("path"));
+var import_os2 = __toESM(require("os"));
+var SSH_CONFIG_PATH = import_path4.default.join(import_os2.default.homedir(), ".ssh", "config");
+var REPLICAS_MARKER_START = "# === REPLICAS CLI MANAGED ENTRY START ===";
+var REPLICAS_MARKER_END = "# === REPLICAS CLI MANAGED ENTRY END ===";
+function ensureSSHDir() {
+  const sshDir = import_path4.default.join(import_os2.default.homedir(), ".ssh");
+  if (!import_fs3.default.existsSync(sshDir)) {
+    import_fs3.default.mkdirSync(sshDir, { recursive: true, mode: 448 });
+  }
+}
+function readSSHConfig() {
+  ensureSSHDir();
+  if (!import_fs3.default.existsSync(SSH_CONFIG_PATH)) {
+    return "";
+  }
+  return import_fs3.default.readFileSync(SSH_CONFIG_PATH, "utf-8");
+}
+function writeSSHConfig(content) {
+  ensureSSHDir();
+  import_fs3.default.writeFileSync(SSH_CONFIG_PATH, content, { mode: 384 });
+}
+function generateConfigBlock(entry) {
+  const lines = [
+    REPLICAS_MARKER_START,
+    `Host ${entry.host}`,
+    `  HostName ${entry.hostname}`,
+    `  User ${entry.user}`,
+    `  StrictHostKeyChecking no`,
+    `  UserKnownHostsFile /dev/null`
+  ];
+  if (entry.portForwards && entry.portForwards.size > 0) {
+    for (const [localPort, remotePort] of entry.portForwards) {
+      lines.push(`  LocalForward ${localPort} localhost:${remotePort}`);
+    }
+  }
+  lines.push(REPLICAS_MARKER_END);
+  return lines.join("\n");
+}
+function addOrUpdateSSHConfigEntry(entry) {
+  let config2 = readSSHConfig();
+  const lines = config2.split("\n");
+  const result = [];
+  let inTargetBlock = false;
+  for (const line of lines) {
+    if (line.trim() === REPLICAS_MARKER_START) {
+      const nextLines = lines.slice(lines.indexOf(line) + 1, lines.indexOf(line) + 3);
+      const hostLine = nextLines.find((l) => l.trim().startsWith("Host "));
+      if (hostLine && hostLine.includes(entry.host)) {
+        inTargetBlock = true;
+        continue;
       }
-      if (response.planType) {
-        console.log(import_chalk10.default.gray(`  Plan: ${response.planType}`));
+      result.push(line);
+      continue;
+    }
+    if (line.trim() === REPLICAS_MARKER_END) {
+      if (inTargetBlock) {
+        inTargetBlock = false;
+        continue;
       }
-      if (isUserScoped) {
-        console.log(import_chalk10.default.gray("\nYour personal Codex credentials have been saved.\n"));
-      } else {
-        console.log(import_chalk10.default.gray("\nYou can now use Codex in your workspaces.\n"));
+      result.push(line);
+      continue;
+    }
+    if (inTargetBlock) {
+      continue;
+    }
+    result.push(line);
+  }
+  config2 = result.join("\n");
+  const newEntry = generateConfigBlock(entry);
+  let finalConfig = config2.trim();
+  if (finalConfig.length > 0) {
+    finalConfig += "\n\n";
+  }
+  finalConfig += newEntry + "\n";
+  writeSSHConfig(finalConfig);
+}
+function getWorkspaceHostAlias(workspaceName) {
+  return `replicas-${workspaceName.toLowerCase().replace(/[^a-z0-9-]/g, "-")}`;
+}
+
+// src/commands/code.ts
+async function codeCommand(workspaceName, options) {
+  if (!isAuthenticated()) {
+    console.log(import_chalk6.default.red('Not logged in. Please run "replicas login" first.'));
+    process.exit(1);
+  }
+  try {
+    const { workspace, sshToken, sshHost, portMappings, repoName } = await prepareWorkspaceConnection(
+      workspaceName,
+      options
+    );
+    const hostAlias = getWorkspaceHostAlias(workspace.name);
+    console.log(import_chalk6.default.blue("\nConfiguring SSH connection..."));
+    addOrUpdateSSHConfigEntry({
+      host: hostAlias,
+      hostname: sshHost,
+      user: sshToken,
+      portForwards: portMappings
+    });
+    console.log(import_chalk6.default.green(`\u2713 SSH config entry created: ${hostAlias}`));
+    const remotePath = repoName ? `${SANDBOX_PATHS.WORKSPACES_DIR}/${repoName}` : SANDBOX_PATHS.HOME_DIR;
+    const ideCommand = getIdeCommand();
+    const fullCommand = `${ideCommand} --remote ssh-remote+${hostAlias} ${remotePath}`;
+    console.log(import_chalk6.default.blue(`
+Opening ${ideCommand} for workspace ${workspace.name}...`));
+    console.log(import_chalk6.default.gray(`Command: ${fullCommand}`));
+    if (portMappings.size > 0) {
+      console.log(import_chalk6.default.cyan("\nPort forwarding configured:"));
+      for (const [remotePort, localPort] of portMappings) {
+        console.log(import_chalk6.default.cyan(`  \u2022 localhost:${localPort} \u2192 workspace:${remotePort}`));
       }
-    } else {
-      throw new Error(response.error || "Failed to upload Codex credentials to Replicas");
     }
+    console.log(import_chalk6.default.yellow(`
+Note: SSH tokens expire after 3 hours. Run this command again to refresh.`));
+    const ide = (0, import_child_process4.spawn)(ideCommand, [
+      "--remote",
+      `ssh-remote+${hostAlias}`,
+      remotePath
+    ], {
+      stdio: "inherit",
+      detached: false
+    });
+    ide.on("error", (error) => {
+      console.error(import_chalk6.default.red(`
+Failed to launch ${ideCommand}: ${error.message}`));
+      console.log(import_chalk6.default.yellow(`
+Make sure ${ideCommand} is installed and available in your PATH.`));
+      console.log(import_chalk6.default.gray(`You can configure a different IDE with: replicas config set ide <command>`));
+      process.exit(1);
+    });
+    ide.on("close", (code) => {
+      if (code === 0) {
+        console.log(import_chalk6.default.green(`
+\u2713 ${ideCommand} closed successfully.
+`));
+      }
+    });
   } catch (error) {
-    console.log(import_chalk10.default.red("\n\u2717 Error:"), error instanceof Error ? error.message : error);
+    console.error(import_chalk6.default.red(`
+Error: ${error instanceof Error ? error.message : "Unknown error"}`));
     process.exit(1);
   }
 }
 
-// src/commands/claude-auth.ts
-var import_chalk12 = __toESM(require("chalk"));
-
-// src/lib/claude-oauth.ts
-var import_open3 = __toESM(require("open"));
-var import_readline = __toESM(require("readline"));
-var import_chalk11 = __toESM(require("chalk"));
-var DEFAULT_CLIENT_ID = "9d1c250a-e61b-44d9-88ed-5944d1962f5e";
-var CLAUDE_CLIENT_ID = process.env.CLAUDE_OAUTH_CLIENT_ID || DEFAULT_CLIENT_ID;
-var AUTHORIZATION_ENDPOINT2 = "https://claude.ai/oauth/authorize";
-var TOKEN_ENDPOINT2 = "https://console.anthropic.com/v1/oauth/token";
-var REDIRECT_URI = "https://console.anthropic.com/oauth/code/callback";
-var SCOPES = "org:create_api_key user:profile user:inference";
-function buildAuthorizationUrl2(codeChallenge, state) {
-  const params = new URLSearchParams({
-    code: "true",
-    client_id: CLAUDE_CLIENT_ID,
-    response_type: "code",
-    redirect_uri: REDIRECT_URI,
-    scope: SCOPES,
-    code_challenge: codeChallenge,
-    code_challenge_method: "S256",
-    state
-  });
-  return `${AUTHORIZATION_ENDPOINT2}?${params.toString()}`;
-}
-async function promptForAuthorizationCode(instruction) {
-  const rl = import_readline.default.createInterface({
-    input: process.stdin,
-    output: process.stdout
-  });
-  return new Promise((resolve) => {
-    rl.question(instruction, (answer) => {
-      rl.close();
-      resolve(answer.trim());
-    });
-  });
-}
-function parseUserInput(input) {
-  if (!input.includes("#") && !input.includes("code=")) {
-    return { code: input };
+// src/commands/org.ts
+var import_chalk7 = __toESM(require("chalk"));
+var import_prompts2 = __toESM(require("prompts"));
+async function orgCommand() {
+  if (!isAuthenticated()) {
+    console.log(import_chalk7.default.red('Not logged in. Please run "replicas login" first.'));
+    process.exit(1);
   }
-  if (input.startsWith("http://") || input.startsWith("https://")) {
-    try {
-      const url = new URL(input);
-      const fragment = url.hash.startsWith("#") ? url.hash.slice(1) : url.hash;
-      const params = new URLSearchParams(fragment);
-      const code2 = params.get("code") ?? void 0;
-      const state2 = params.get("state") ?? void 0;
-      if (code2) {
-        return { code: code2, state: state2 };
-      }
-    } catch {
+  try {
+    const currentOrgId = getOrganizationId();
+    const organizations = await fetchOrganizations();
+    if (!currentOrgId) {
+      console.log(import_chalk7.default.yellow("No organization selected."));
+      console.log(import_chalk7.default.gray('Run "replicas org switch" to select an organization.\n'));
+      return;
     }
+    const currentOrg = organizations.find((org2) => org2.id === currentOrgId);
+    if (!currentOrg) {
+      console.log(import_chalk7.default.yellow(`Current organization ID (${currentOrgId}) not found.`));
+      console.log(import_chalk7.default.gray('Run "replicas org switch" to select a new organization.\n'));
+      return;
+    }
+    console.log(import_chalk7.default.green("\nCurrent organization:"));
+    console.log(import_chalk7.default.gray(`  Name: ${currentOrg.name}`));
+    console.log(import_chalk7.default.gray(`  ID: ${currentOrg.id}
+`));
+  } catch (error) {
+    console.error(import_chalk7.default.red(`Error: ${error instanceof Error ? error.message : "Unknown error"}`));
+    process.exit(1);
   }
-  const [code, state] = input.split("#");
-  return { code, state };
 }
-async function exchangeCodeForTokens2(code, state, expectedState, codeVerifier) {
-  if (state && state !== expectedState) {
-    throw new Error("State mismatch detected. Please restart the authentication flow.");
-  }
-  const payload = {
-    code,
-    state: state ?? expectedState,
-    grant_type: "authorization_code",
-    client_id: CLAUDE_CLIENT_ID,
-    redirect_uri: REDIRECT_URI,
-    code_verifier: codeVerifier
-  };
-  const response = await fetch(TOKEN_ENDPOINT2, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json"
-    },
-    body: JSON.stringify(payload)
-  });
-  if (!response.ok) {
-    const text = await response.text();
-    throw new Error(`Failed to exchange authorization code: ${response.status} ${text}`);
+async function orgSwitchCommand() {
+  if (!isAuthenticated()) {
+    console.log(import_chalk7.default.red('Not logged in. Please run "replicas login" first.'));
+    process.exit(1);
   }
-  const data = await response.json();
-  const now = Date.now();
-  const expiresAt = new Date(now + data.expires_in * 1e3).toISOString();
-  const refreshTokenExpiresAt = data.refresh_token_expires_in ? new Date(now + data.refresh_token_expires_in * 1e3).toISOString() : void 0;
-  return {
-    accessToken: data.access_token,
-    refreshToken: data.refresh_token,
-    tokenType: data.token_type,
-    scope: data.scope,
-    expiresAt,
-    refreshTokenExpiresAt
-  };
-}
-async function runClaudeOAuthFlow() {
-  const pkce = generatePkceCodes();
-  const state = generateState2();
-  const authUrl = buildAuthorizationUrl2(pkce.codeChallenge, state);
-  console.log(import_chalk11.default.gray("We will open your browser so you can authenticate with Claude Code."));
-  console.log(import_chalk11.default.gray("If the browser does not open automatically, use the URL below:\n"));
-  console.log(authUrl);
-  console.log();
   try {
-    await (0, import_open3.default)(authUrl);
-  } catch {
-    console.warn(import_chalk11.default.yellow("Failed to open browser automatically. Please copy and open the URL manually."));
-  }
-  console.log(import_chalk11.default.cyan("After completing authentication, copy the code shown on the success page."));
-  console.log(import_chalk11.default.cyan("You can paste either the full URL, or a value formatted as CODE#STATE.\n"));
-  const userInput = await promptForAuthorizationCode("Paste the authorization code (or URL) here: ");
-  if (!userInput) {
-    throw new Error("No authorization code provided.");
-  }
-  const { code, state: returnedState } = parseUserInput(userInput);
-  if (!code) {
-    throw new Error("Unable to parse authorization code. Please try again.");
+    const organizations = await fetchOrganizations();
+    if (organizations.length === 0) {
+      console.log(import_chalk7.default.yellow("You are not a member of any organization."));
+      console.log(import_chalk7.default.gray("Please contact support.\n"));
+      return;
+    }
+    if (organizations.length === 1) {
+      await setActiveOrganization(organizations[0].id);
+      console.log(import_chalk7.default.green(`
+\u2713 Organization set to: ${organizations[0].name}
+`));
+      return;
+    }
+    const currentOrgId = getOrganizationId();
+    const response = await (0, import_prompts2.default)({
+      type: "select",
+      name: "organizationId",
+      message: "Select an organization:",
+      choices: organizations.map((org2) => ({
+        title: `${org2.name}${org2.id === currentOrgId ? " (current)" : ""}`,
+        value: org2.id,
+        description: org2.id
+      })),
+      initial: organizations.findIndex((org2) => org2.id === currentOrgId)
+    });
+    if (!response.organizationId) {
+      console.log(import_chalk7.default.yellow("\nCancelled."));
+      return;
+    }
+    await setActiveOrganization(response.organizationId);
+    const selectedOrg = organizations.find((org2) => org2.id === response.organizationId);
+    console.log(import_chalk7.default.green(`
+\u2713 Switched to organization: ${selectedOrg?.name}
+`));
+  } catch (error) {
+    console.error(import_chalk7.default.red(`Error: ${error instanceof Error ? error.message : "Unknown error"}`));
+    process.exit(1);
   }
-  console.log(import_chalk11.default.gray("\nExchanging authorization code for tokens..."));
-  const tokens = await exchangeCodeForTokens2(code, returnedState, state, pkce.codeVerifier);
-  console.log(import_chalk11.default.green("\u2713 Successfully obtained Claude credentials"));
-  return tokens;
 }
 
-// src/commands/claude-auth.ts
-async function claudeAuthCommand(options = {}) {
-  const isUserScoped = options.user === true;
-  const scopeLabel = isUserScoped ? "personal" : "organization";
-  console.log(import_chalk12.default.cyan(`Authenticating with Claude Code (${scopeLabel})...
-`));
+// src/commands/config.ts
+var import_chalk8 = __toESM(require("chalk"));
+async function configGetCommand(key) {
+  if (!isAuthenticated()) {
+    console.log(import_chalk8.default.red('Not logged in. Please run "replicas login" first.'));
+    process.exit(1);
+  }
   try {
-    const tokens = await runClaudeOAuthFlow();
-    console.log(import_chalk12.default.gray("\nUploading credentials to Replicas..."));
-    const endpoint = isUserScoped ? "/v1/claude/user/credentials" : "/v1/claude/credentials";
-    const response = await orgAuthenticatedFetch(
-      endpoint,
-      {
-        method: "POST",
-        body: {
-          access_token: tokens.accessToken,
-          refresh_token: tokens.refreshToken,
-          token_type: tokens.tokenType,
-          scope: tokens.scope,
-          expires_at: tokens.expiresAt,
-          refresh_token_expires_at: tokens.refreshTokenExpiresAt
-        }
-      }
-    );
-    if (!response.success) {
-      throw new Error(response.error || "Failed to upload Claude credentials to Replicas");
-    }
-    console.log(import_chalk12.default.green("\n\u2713 Claude authentication complete!"));
-    if (response.email) {
-      console.log(import_chalk12.default.gray(`  Account: ${response.email}`));
-    }
-    if (response.planType) {
-      console.log(import_chalk12.default.gray(`  Plan: ${response.planType}`));
+    if (key === "ide") {
+      const ideCommand = getIdeCommand();
+      console.log(import_chalk8.default.green(`
+IDE command: ${ideCommand}
+`));
+    } else {
+      console.log(import_chalk8.default.red(`Unknown config key: ${key}`));
+      console.log(import_chalk8.default.gray("Available keys: ide"));
+      process.exit(1);
     }
-    if (isUserScoped) {
-      console.log(import_chalk12.default.gray("\nYour personal Claude credentials have been saved.\n"));
+  } catch (error) {
+    console.error(import_chalk8.default.red(`Error: ${error instanceof Error ? error.message : "Unknown error"}`));
+    process.exit(1);
+  }
+}
+async function configSetCommand(key, value) {
+  if (!isAuthenticated()) {
+    console.log(import_chalk8.default.red('Not logged in. Please run "replicas login" first.'));
+    process.exit(1);
+  }
+  try {
+    if (key === "ide") {
+      setIdeCommand(value);
+      console.log(import_chalk8.default.green(`
+\u2713 IDE command set to: ${value}
+`));
     } else {
-      console.log(import_chalk12.default.gray("\nYou can now use Claude Code in your workspaces.\n"));
+      console.log(import_chalk8.default.red(`Unknown config key: ${key}`));
+      console.log(import_chalk8.default.gray("Available keys: ide"));
+      process.exit(1);
     }
   } catch (error) {
-    console.log(import_chalk12.default.red("\n\u2717 Error:"), error instanceof Error ? error.message : error);
+    console.error(import_chalk8.default.red(`Error: ${error instanceof Error ? error.message : "Unknown error"}`));
     process.exit(1);
   }
 }
-
-// src/commands/init.ts
-var import_chalk13 = __toESM(require("chalk"));
-var import_fs4 = __toESM(require("fs"));
-var import_path5 = __toESM(require("path"));
-var REPLICAS_CONFIG_FILENAME = "replicas.json";
-function getDefaultConfig() {
-  return {
-    copy: [],
-    ports: [],
-    systemPrompt: "",
-    startHook: {
-      timeout: 3e5,
-      commands: []
-    }
-  };
-}
-function initCommand(options) {
-  const configPath = import_path5.default.join(process.cwd(), REPLICAS_CONFIG_FILENAME);
-  if (import_fs4.default.existsSync(configPath) && !options.force) {
-    console.log(
-      import_chalk13.default.yellow(
-        `${REPLICAS_CONFIG_FILENAME} already exists in this directory.`
-      )
-    );
-    console.log(import_chalk13.default.gray("Use --force to overwrite the existing file."));
-    return;
+async function configListCommand() {
+  if (!isAuthenticated()) {
+    console.log(import_chalk8.default.red('Not logged in. Please run "replicas login" first.'));
+    process.exit(1);
   }
-  const defaultConfig = getDefaultConfig();
-  const configContent = JSON.stringify(defaultConfig, null, 2);
   try {
-    import_fs4.default.writeFileSync(configPath, configContent + "\n", "utf-8");
-    console.log(import_chalk13.default.green(`\u2713 Created ${REPLICAS_CONFIG_FILENAME}`));
-    console.log("");
-    console.log(import_chalk13.default.gray("Configuration options:"));
-    console.log(
-      import_chalk13.default.gray('  copy        - Files to sync to the workspace (e.g., [".env"])')
-    );
-    console.log(
-      import_chalk13.default.gray("  ports       - Ports to forward from the workspace (e.g., [3000, 8080])")
-    );
-    console.log(
-      import_chalk13.default.gray("  systemPrompt - Custom instructions for AI coding assistants")
-    );
-    console.log(
-      import_chalk13.default.gray("  startHook   - Commands to run on workspace startup")
-    );
+    const config2 = readConfig();
+    if (!config2) {
+      console.log(import_chalk8.default.red("No config found. Please login first."));
+      process.exit(1);
+    }
+    console.log(import_chalk8.default.green("\nCurrent configuration:"));
+    console.log(import_chalk8.default.gray(`  Organization ID: ${config2.organization_id || "(not set)"}`));
+    console.log(import_chalk8.default.gray(`  IDE command: ${config2.ide_command || "code (default)"}`));
+    console.log();
   } catch (error) {
-    throw new Error(
-      `Failed to create ${REPLICAS_CONFIG_FILENAME}: ${error instanceof Error ? error.message : "Unknown error"}`
-    );
+    console.error(import_chalk8.default.red(`Error: ${error instanceof Error ? error.message : "Unknown error"}`));
+    process.exit(1);
   }
 }
 
-// src/lib/version-check.ts
-var import_chalk14 = __toESM(require("chalk"));
-var MONOLITH_URL2 = process.env.REPLICAS_MONOLITH_URL || "https://api.replicas.dev";
-var VERSION_CHECK_TIMEOUT = 2e3;
-function compareVersions(v1, v2) {
-  const parts1 = v1.split(".").map(Number);
-  const parts2 = v2.split(".").map(Number);
-  for (let i = 0; i < Math.max(parts1.length, parts2.length); i++) {
-    const num1 = parts1[i] || 0;
-    const num2 = parts2[i] || 0;
-    if (num1 > num2) return 1;
-    if (num1 < num2) return -1;
-  }
-  return 0;
-}
-async function checkForUpdates(currentVersion) {
-  try {
-    const controller = new AbortController();
-    const timeoutId = setTimeout(() => controller.abort(), VERSION_CHECK_TIMEOUT);
-    const response = await fetch(`${MONOLITH_URL2}/v1/cli/version`, {
-      signal: controller.signal
-    });
-    clearTimeout(timeoutId);
-    if (!response.ok) return;
-    const data = await response.json();
-    const latestVersion = data.version;
-    if (compareVersions(latestVersion, currentVersion) > 0) {
-      console.error(import_chalk14.default.gray(`
-Update available: ${currentVersion} \u2192 ${latestVersion}`));
-      console.error(import_chalk14.default.gray(`Run: npm i -g replicas-cli@latest
-`));
+// src/commands/tools.ts
+var import_chalk9 = __toESM(require("chalk"));
+var import_figlet = __toESM(require("figlet"));
+async function toolsCommand() {
+  const banner = import_figlet.default.textSync("Replicas Machine Image", {
+    horizontalLayout: "default",
+    verticalLayout: "default",
+    whitespaceBreak: true
+  });
+  console.log(import_chalk9.default.cyan(banner));
+  console.log();
+  console.log(import_chalk9.default.bold("RMI Version: v0.1.3"));
+  console.log();
+  console.log(
+    import_chalk9.default.gray(
+      "The following tooling and dependencies are provided by default on the Replicas Machine Image.\n"
+    )
+  );
+  const sections = [
+    {
+      title: "Python",
+      tools: ["Python 3.12.3", "pip 24", "Poetry 2.2.1", "uv 0.9.5"]
+    },
+    {
+      title: "Node.js",
+      tools: [
+        "Node.js 22.21.0",
+        "npm 10.9.4",
+        "nvm 0.40.3",
+        "Yarn 1.22.22",
+        "pnpm 10.18.3",
+        "ESLint 9.38.0",
+        "Prettier 3.6.2"
+      ]
+    },
+    {
+      title: "C/C++",
+      tools: ["gcc 13.3.0", "g++ 13.3.0", "make 4.3"]
+    },
+    {
+      title: "Perl",
+      tools: ["Perl 5.38.2"]
+    },
+    {
+      title: "AI Coding Assistants",
+      tools: ["Claude Code (@anthropic-ai/claude-code)", "OpenAI Codex (@openai/codex)"]
+    },
+    {
+      title: "Misc",
+      tools: [
+        "git 2.43.0",
+        "vim 9.1.697",
+        "nano 7.2",
+        "curl",
+        "wget",
+        "GitHub CLI (gh)",
+        "Docker Engine"
+      ]
     }
-  } catch {
-  }
+  ];
+  sections.forEach((section) => {
+    console.log(import_chalk9.default.blue(section.title));
+    section.tools.forEach((tool) => {
+      console.log(`  - ${tool}`);
+    });
+    console.log();
+  });
 }
 
-// src/commands/replica.ts
-var import_chalk15 = __toESM(require("chalk"));
-var import_prompts3 = __toESM(require("prompts"));
+// src/commands/codex-auth.ts
+var import_chalk10 = __toESM(require("chalk"));
 
-// ../shared/src/sandbox.ts
-var SANDBOX_LIFECYCLE = {
-  AUTO_STOP_MINUTES: 60,
-  AUTO_ARCHIVE_MINUTES: 60 * 24 * 7,
-  AUTO_DELETE_MINUTES: -1,
-  SSH_TOKEN_EXPIRATION_MINUTES: 3 * 60
-};
+// src/lib/codex-oauth.ts
+var import_http2 = __toESM(require("http"));
+var import_url2 = require("url");
+var import_open2 = __toESM(require("open"));
 
-// ../shared/src/display-message/parsers/codex-parser.ts
-function safeJsonParse(str, fallback) {
-  try {
-    return JSON.parse(str);
-  } catch {
-    return fallback;
-  }
-}
-function getStatusFromExitCode(exitCode) {
-  return exitCode === 0 ? "completed" : "failed";
-}
-function parseShellOutput(raw) {
-  const exitCodeMatch = raw.match(/^Exit code: (\d+)/);
-  const exitCode = exitCodeMatch ? parseInt(exitCodeMatch[1], 10) : 0;
-  const outputIndex = raw.indexOf("Output:\n");
-  const output = outputIndex >= 0 ? raw.slice(outputIndex + "Output:\n".length) : raw;
-  return { exitCode, output };
-}
-function parsePatch(input) {
-  const operations = [];
-  const lines = input.split("\n");
-  let currentOp = null;
-  let diffLines = [];
-  for (let i = 0; i < lines.length; i++) {
-    const line = lines[i];
-    if (line.startsWith("*** Add File:")) {
-      if (currentOp) {
-        if (diffLines.length > 0) currentOp.diff = diffLines.join("\n");
-        operations.push(currentOp);
-        diffLines = [];
-      }
-      currentOp = {
-        action: "add",
-        path: line.replace("*** Add File:", "").trim()
-      };
-    } else if (line.startsWith("*** Update File:")) {
-      if (currentOp) {
-        if (diffLines.length > 0) currentOp.diff = diffLines.join("\n");
-        operations.push(currentOp);
-        diffLines = [];
-      }
-      currentOp = {
-        action: "update",
-        path: line.replace("*** Update File:", "").trim()
-      };
-    } else if (line.startsWith("*** Delete File:")) {
-      if (currentOp) {
-        if (diffLines.length > 0) currentOp.diff = diffLines.join("\n");
-        operations.push(currentOp);
-        diffLines = [];
-      }
-      currentOp = {
-        action: "delete",
-        path: line.replace("*** Delete File:", "").trim()
-      };
-    } else if (line.startsWith("*** Move to:")) {
-      if (currentOp) {
-        currentOp.moveTo = line.replace("*** Move to:", "").trim();
-      }
-    } else if (line.startsWith("*** Begin Patch") || line.startsWith("*** End Patch")) {
-      continue;
-    } else if (currentOp && (line.startsWith("+") || line.startsWith("-") || line.startsWith("@@") || line.trim() === "")) {
-      diffLines.push(line);
-    }
-  }
-  if (currentOp) {
-    if (diffLines.length > 0) currentOp.diff = diffLines.join("\n");
-    operations.push(currentOp);
+// src/lib/pkce.ts
+var import_crypto = require("crypto");
+function generatePkceCodes() {
+  const verifierBytes = (0, import_crypto.randomBytes)(32);
+  const codeVerifier = verifierBytes.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  const hash = (0, import_crypto.createHash)("sha256");
+  hash.update(codeVerifier);
+  const codeChallenge = hash.digest("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  return {
+    codeVerifier,
+    codeChallenge
+  };
+}
+function generateState2() {
+  return (0, import_crypto.randomBytes)(16).toString("hex");
+}
+
+// src/lib/codex-oauth.ts
+var CODEX_OAUTH_CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
+var AUTHORIZATION_ENDPOINT = "https://auth.openai.com/oauth/authorize";
+var TOKEN_ENDPOINT = "https://auth.openai.com/oauth/token";
+var CALLBACK_PORT = 1455;
+var CALLBACK_PATH = "/auth/callback";
+var WEB_APP_URL2 = process.env.REPLICAS_WEB_URL || "https://replicas.dev";
+function buildAuthorizationUrl(codeChallenge, state) {
+  const redirectUri = `http://localhost:${CALLBACK_PORT}${CALLBACK_PATH}`;
+  const params = new URLSearchParams({
+    response_type: "code",
+    client_id: CODEX_OAUTH_CLIENT_ID,
+    redirect_uri: redirectUri,
+    scope: "openid profile email offline_access",
+    code_challenge: codeChallenge,
+    code_challenge_method: "S256",
+    id_token_add_organizations: "true",
+    codex_cli_simplified_flow: "true",
+    state,
+    originator: "codex_cli_rs"
+  });
+  return `${AUTHORIZATION_ENDPOINT}?${params.toString()}`;
+}
+async function exchangeCodeForTokens(code, codeVerifier) {
+  const redirectUri = `http://localhost:${CALLBACK_PORT}${CALLBACK_PATH}`;
+  const params = new URLSearchParams({
+    grant_type: "authorization_code",
+    code,
+    redirect_uri: redirectUri,
+    client_id: CODEX_OAUTH_CLIENT_ID,
+    code_verifier: codeVerifier
+  });
+  const response = await fetch(TOKEN_ENDPOINT, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded"
+    },
+    body: params.toString()
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to exchange code for tokens: ${response.status} ${errorText}`);
   }
-  return operations;
+  const data = await response.json();
+  return {
+    idToken: data.id_token,
+    accessToken: data.access_token,
+    refreshToken: data.refresh_token
+  };
 }
-function parseCodexEvents(events) {
-  const messages = [];
-  const pendingCommands = /* @__PURE__ */ new Map();
-  const pendingPatches = /* @__PURE__ */ new Map();
-  events.forEach((event, eventIndex) => {
-    if (event.type === "event_msg" && event.payload?.type === "user_message") {
-      messages.push({
-        id: `user-${event.timestamp}-${eventIndex}`,
-        type: "user",
-        content: event.payload.message || "",
-        timestamp: event.timestamp
-      });
-    }
-    if (event.type === "event_msg" && event.payload?.type === "agent_reasoning") {
-      messages.push({
-        id: `reasoning-${event.timestamp}-${eventIndex}-${messages.length}`,
-        type: "reasoning",
-        content: event.payload.text || "",
-        status: "completed",
-        timestamp: event.timestamp
-      });
-    }
-    if (event.type === "response_item") {
-      const payloadType = event.payload?.type;
-      if (payloadType === "message" && event.payload?.role === "assistant") {
-        const content = event.payload.content || [];
-        const textContent = content.filter((c) => c.type === "output_text").map((c) => c.text || "").join("\n");
-        if (textContent) {
-          messages.push({
-            id: `agent-${event.timestamp}-${eventIndex}`,
-            type: "agent",
-            content: textContent,
-            timestamp: event.timestamp
-          });
-        }
-      }
-      if (payloadType === "function_call" && (event.payload?.name === "shell" || event.payload?.name === "shell_command")) {
-        const callId = event.payload.call_id;
-        const args = safeJsonParse(event.payload.arguments || "{}", {});
-        const command = Array.isArray(args.command) ? args.command.join(" ") : args.command || "";
-        const msg = {
-          id: `command-${callId || "no-call-id"}-${eventIndex}`,
-          type: "command",
-          command,
-          output: "",
-          status: "in_progress",
-          timestamp: event.timestamp
-        };
-        messages.push(msg);
-        if (callId) {
-          pendingCommands.set(callId, msg);
-        }
-      }
-      if (payloadType === "function_call_output") {
-        const callId = event.payload.call_id;
-        const rawOutput = event.payload.output || "";
-        const commandMsg = callId ? pendingCommands.get(callId) : void 0;
-        if (commandMsg) {
-          const { exitCode, output } = parseShellOutput(rawOutput);
-          commandMsg.output = output;
-          commandMsg.exitCode = exitCode;
-          commandMsg.status = getStatusFromExitCode(exitCode);
-          pendingCommands.delete(callId);
+function startCallbackServer(expectedState, codeVerifier) {
+  return new Promise((resolve, reject) => {
+    const server = import_http2.default.createServer(async (req, res) => {
+      try {
+        if (!req.url) {
+          res.writeHead(400);
+          res.end("Bad Request");
+          return;
         }
-      }
-      if (payloadType === "custom_tool_call") {
-        const callId = event.payload.call_id;
-        const name = event.payload.name;
-        const input = event.payload.input || "";
-        const status = event.payload.status || "in_progress";
-        if (name === "apply_patch") {
-          const operations = parsePatch(input);
-          pendingPatches.set(callId, { input, status, timestamp: event.timestamp, operations });
+        const url = new import_url2.URL(req.url, `http://127.0.0.1:${CALLBACK_PORT}`);
+        if (url.pathname === CALLBACK_PATH) {
+          const code = url.searchParams.get("code");
+          const state = url.searchParams.get("state");
+          const error = url.searchParams.get("error");
+          const errorDescription = url.searchParams.get("error_description");
+          if (error) {
+            const errorMessage = encodeURIComponent(`${error}: ${errorDescription || "Unknown error"}`);
+            res.writeHead(302, { "Location": `${WEB_APP_URL2}/codex/oauth/error?message=${errorMessage}` });
+            res.end();
+            server.close();
+            reject(new Error(`OAuth error: ${error} - ${errorDescription}`));
+            return;
+          }
+          if (state !== expectedState) {
+            const errorMessage = encodeURIComponent("State parameter mismatch. Possible CSRF attack.");
+            res.writeHead(302, { "Location": `${WEB_APP_URL2}/codex/oauth/error?message=${errorMessage}` });
+            res.end();
+            server.close();
+            reject(new Error("State mismatch - possible CSRF attack"));
+            return;
+          }
+          if (!code) {
+            const errorMessage = encodeURIComponent("No authorization code received.");
+            res.writeHead(302, { "Location": `${WEB_APP_URL2}/codex/oauth/error?message=${errorMessage}` });
+            res.end();
+            server.close();
+            reject(new Error("No authorization code received"));
+            return;
+          }
+          try {
+            const tokens = await exchangeCodeForTokens(code, codeVerifier);
+            res.writeHead(302, { "Location": `${WEB_APP_URL2}/codex/oauth/success` });
+            res.end();
+            server.close();
+            resolve(tokens);
+          } catch (tokenError) {
+            const errorMessage = encodeURIComponent(tokenError instanceof Error ? tokenError.message : "Unknown error");
+            res.writeHead(302, { "Location": `${WEB_APP_URL2}/codex/oauth/error?message=${errorMessage}` });
+            res.end();
+            server.close();
+            reject(tokenError);
+          }
         } else {
-          messages.push({
-            id: `toolcall-${event.timestamp}-${eventIndex}`,
-            type: "tool_call",
-            server: "custom",
-            tool: name,
-            status,
-            timestamp: event.timestamp
-          });
+          res.writeHead(404);
+          res.end("Not Found");
         }
+      } catch (serverError) {
+        res.writeHead(500);
+        res.end("Internal Server Error");
+        server.close();
+        reject(serverError);
       }
-      if (payloadType === "custom_tool_call_output") {
-        const callId = event.payload.call_id;
-        const output = safeJsonParse(
-          event.payload.output || "{}",
-          {}
-        );
-        const pendingPatch = pendingPatches.get(callId);
-        if (pendingPatch) {
-          messages.push({
-            id: `patch-${pendingPatch.timestamp}-${eventIndex}`,
-            type: "patch",
-            operations: pendingPatch.operations,
-            output: output.output || "",
-            exitCode: output.metadata?.exit_code,
-            status: getStatusFromExitCode(output.metadata?.exit_code),
-            timestamp: pendingPatch.timestamp
-          });
-          pendingPatches.delete(callId);
-        } else {
-          const toolCallMsg = messages.findLast((m) => m.type === "tool_call");
-          if (toolCallMsg) {
-            toolCallMsg.status = getStatusFromExitCode(output.metadata?.exit_code);
-          }
+    });
+    server.on("error", (err) => {
+      if (err.code === "EADDRINUSE") {
+        reject(new Error(`Port ${CALLBACK_PORT} is already in use. Please close any other OAuth flows and try again.`));
+      } else {
+        reject(err);
+      }
+    });
+    server.listen(CALLBACK_PORT, "127.0.0.1");
+  });
+}
+async function runCodexOAuthFlow() {
+  const pkce = generatePkceCodes();
+  const state = generateState2();
+  const authUrl = buildAuthorizationUrl(pkce.codeChallenge, state);
+  const tokensPromise = startCallbackServer(state, pkce.codeVerifier);
+  await new Promise((resolve) => setTimeout(resolve, 500));
+  console.log("If the browser does not open automatically, visit:");
+  console.log(authUrl);
+  console.log();
+  try {
+    await (0, import_open2.default)(authUrl);
+  } catch (openError) {
+    console.warn("Failed to open browser automatically. Please open the URL manually.");
+  }
+  console.log("Waiting for authentication...");
+  const tokens = await tokensPromise;
+  console.log("\u2713 Successfully obtained Codex credentials");
+  return tokens;
+}
+
+// src/commands/codex-auth.ts
+async function codexAuthCommand(options = {}) {
+  const isUserScoped = options.user === true;
+  const scopeLabel = isUserScoped ? "personal" : "organization";
+  console.log(import_chalk10.default.cyan(`Authenticating with Codex (${scopeLabel})...
+`));
+  try {
+    const tokens = await runCodexOAuthFlow();
+    console.log(import_chalk10.default.gray("\nUploading credentials to Replicas..."));
+    const endpoint = isUserScoped ? "/v1/codex/user/credentials" : "/v1/codex/credentials";
+    const response = await orgAuthenticatedFetch(
+      endpoint,
+      {
+        method: "POST",
+        body: {
+          access_token: tokens.accessToken,
+          refresh_token: tokens.refreshToken,
+          id_token: tokens.idToken
         }
       }
-      if (payloadType === "function_call" && event.payload?.name === "update_plan") {
-        const args = safeJsonParse(
-          event.payload.arguments || "{}",
-          {}
-        );
-        if (args.plan && Array.isArray(args.plan)) {
-          const todoItems = args.plan.map((item) => ({
-            text: item.step,
-            completed: item.status === "completed"
-          }));
-          messages.push({
-            id: `todo-${event.timestamp}-${eventIndex}`,
-            type: "todo_list",
-            items: todoItems,
-            status: "completed",
-            timestamp: event.timestamp
-          });
-        }
+    );
+    if (response.success) {
+      console.log(import_chalk10.default.green("\n\u2713 Codex authentication complete!"));
+      if (response.email) {
+        console.log(import_chalk10.default.gray(`  Account: ${response.email}`));
+      }
+      if (response.planType) {
+        console.log(import_chalk10.default.gray(`  Plan: ${response.planType}`));
       }
+      if (isUserScoped) {
+        console.log(import_chalk10.default.gray("\nYour personal Codex credentials have been saved.\n"));
+      } else {
+        console.log(import_chalk10.default.gray("\nYou can now use Codex in your workspaces.\n"));
+      }
+    } else {
+      throw new Error(response.error || "Failed to upload Codex credentials to Replicas");
     }
-  });
-  return messages;
-}
-
-// ../shared/src/display-message/parsers/claude-parser.ts
-function safeJsonParse2(str, fallback) {
-  try {
-    return JSON.parse(str);
-  } catch {
-    return fallback;
+  } catch (error) {
+    console.log(import_chalk10.default.red("\n\u2717 Error:"), error instanceof Error ? error.message : error);
+    process.exit(1);
   }
 }
-function extractToolResultContent(content) {
-  if (!content) return "";
-  if (typeof content === "string") return content;
-  if (Array.isArray(content)) {
-    return content.filter((item) => item.type === "text").map((item) => item.text || "").join("\n");
-  }
-  return "";
+
+// src/commands/claude-auth.ts
+var import_chalk12 = __toESM(require("chalk"));
+
+// src/lib/claude-oauth.ts
+var import_open3 = __toESM(require("open"));
+var import_readline = __toESM(require("readline"));
+var import_chalk11 = __toESM(require("chalk"));
+var DEFAULT_CLIENT_ID = "9d1c250a-e61b-44d9-88ed-5944d1962f5e";
+var CLAUDE_CLIENT_ID = process.env.CLAUDE_OAUTH_CLIENT_ID || DEFAULT_CLIENT_ID;
+var AUTHORIZATION_ENDPOINT2 = "https://claude.ai/oauth/authorize";
+var TOKEN_ENDPOINT2 = "https://console.anthropic.com/v1/oauth/token";
+var REDIRECT_URI = "https://console.anthropic.com/oauth/code/callback";
+var SCOPES = "org:create_api_key user:profile user:inference";
+function buildAuthorizationUrl2(codeChallenge, state) {
+  const params = new URLSearchParams({
+    code: "true",
+    client_id: CLAUDE_CLIENT_ID,
+    response_type: "code",
+    redirect_uri: REDIRECT_URI,
+    scope: SCOPES,
+    code_challenge: codeChallenge,
+    code_challenge_method: "S256",
+    state
+  });
+  return `${AUTHORIZATION_ENDPOINT2}?${params.toString()}`;
 }
-function parseClaudeEvents(events, parentToolUseId) {
-  const messages = [];
-  const filterValue = parentToolUseId !== void 0 ? parentToolUseId : null;
-  const filteredEvents = events.filter(
-    (e) => e.payload.parent_tool_use_id === filterValue
-  );
-  const toolCallMap = /* @__PURE__ */ new Map();
-  filteredEvents.forEach((event) => {
-    if (event.type === "claude-user") {
-      const content = event.payload.message?.content || [];
-      const toolResult = content.find((c) => c.type === "tool_result");
-      if (toolResult && toolResult.tool_use_id) {
-        return;
-      }
-      const textContent = content.filter((c) => c.type === "text").map((c) => c.text || "").join("\n");
-      const images = content.filter((c) => c.type === "image" && c.source).map((c) => {
-        const source = c.source;
-        return {
-          type: "image",
-          mediaType: source.media_type || "image/png",
-          data: source.data || ""
-        };
-      }).filter((img) => img.data);
-      if (textContent || images.length > 0) {
-        messages.push({
-          id: `user-${event.timestamp}`,
-          type: "user",
-          content: textContent || (images.length > 0 ? `[${images.length} image${images.length > 1 ? "s" : ""} attached]` : ""),
-          images: images.length > 0 ? images : void 0,
-          timestamp: event.timestamp
-        });
-      }
-    }
-    if (event.type === "claude-assistant") {
-      const contentBlocks = event.payload.message?.content || [];
-      contentBlocks.forEach((block) => {
-        if (block.type === "text" && block.text) {
-          messages.push({
-            id: `agent-${event.timestamp}-${messages.length}`,
-            type: "agent",
-            content: block.text,
-            timestamp: event.timestamp
-          });
-        }
-        if (block.type === "thinking" && block.text) {
-          messages.push({
-            id: `reasoning-${event.timestamp}-${messages.length}`,
-            type: "reasoning",
-            content: block.text,
-            status: "completed",
-            timestamp: event.timestamp
-          });
-        }
-        if (block.type === "tool_use" && block.id) {
-          const toolName = block.name || "unknown";
-          const toolInput = block.input || {};
-          const toolUseId = block.id;
-          toolCallMap.set(toolUseId, {
-            messageIndex: messages.length,
-            toolName,
-            input: toolInput
-          });
-          if (toolName === "Task") {
-            const inputObj = typeof toolInput === "string" ? safeJsonParse2(toolInput, {}) : toolInput;
-            const nestedEvents = events.filter((e) => e.payload.parent_tool_use_id === toolUseId).map((e) => ({
-              timestamp: e.timestamp,
-              type: e.type,
-              payload: e.payload
-            }));
-            messages.push({
-              id: `subagent-${event.timestamp}-${messages.length}`,
-              type: "subagent",
-              toolUseId,
-              description: inputObj.description || "Subagent Task",
-              prompt: inputObj.prompt || "",
-              subagentType: inputObj.subagent_type || "general",
-              model: inputObj.model,
-              status: "in_progress",
-              nestedEvents,
-              timestamp: event.timestamp
-            });
-          } else if (toolName === "Bash" || toolName === "bash" || toolName === "shell") {
-            const inputObj = typeof toolInput === "string" ? safeJsonParse2(toolInput, {}) : toolInput;
-            const command = inputObj.command || "";
-            messages.push({
-              id: `command-${event.timestamp}-${messages.length}`,
-              type: "command",
-              command,
-              output: "",
-              status: "in_progress",
-              timestamp: event.timestamp
-            });
-          } else if (toolName === "Write" || toolName === "Edit") {
-            const inputObj = typeof toolInput === "string" ? safeJsonParse2(toolInput, {}) : toolInput;
-            const filePath = inputObj.file_path || "";
-            const action = toolName === "Write" ? "add" : "update";
-            messages.push({
-              id: `file-${event.timestamp}-${messages.length}`,
-              type: "file_change",
-              changes: [{
-                path: filePath,
-                kind: action
-              }],
-              status: "in_progress",
-              timestamp: event.timestamp
-            });
-          } else if (toolName === "TodoWrite") {
-            const inputObj = typeof toolInput === "string" ? safeJsonParse2(toolInput, {}) : toolInput;
-            const todos = inputObj.todos || [];
-            const todoItems = todos.map((todo) => ({
-              text: todo.content,
-              completed: todo.status === "completed"
-            }));
-            if (todoItems.length > 0) {
-              messages.push({
-                id: `todo-${event.timestamp}-${messages.length}`,
-                type: "todo_list",
-                items: todoItems,
-                status: "completed",
-                timestamp: event.timestamp
-              });
-            }
-          } else if (toolName === "WebSearch") {
-            const inputObj = typeof toolInput === "string" ? safeJsonParse2(toolInput, {}) : toolInput;
-            const query = inputObj.query || "";
-            messages.push({
-              id: `search-${event.timestamp}-${messages.length}`,
-              type: "web_search",
-              query,
-              status: "in_progress",
-              timestamp: event.timestamp
-            });
-          } else {
-            messages.push({
-              id: `toolcall-${event.timestamp}-${messages.length}`,
-              type: "tool_call",
-              server: "claude",
-              tool: toolName,
-              input: toolInput,
-              status: "in_progress",
-              timestamp: event.timestamp
-            });
-          }
-        }
-      });
-    }
-    if (event.type === "claude-result") {
-      const payload = event.payload;
-      if (payload.is_error || payload.subtype !== "success") {
-        const errorList = payload.errors || [];
-        const errorMessage = errorList.length > 0 ? errorList.join("\n") : "Claude session encountered an unexpected error.";
-        messages.push({
-          id: `error-${event.timestamp}`,
-          type: "error",
-          message: errorMessage,
-          timestamp: event.timestamp
-        });
+async function promptForAuthorizationCode(instruction) {
+  const rl = import_readline.default.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  return new Promise((resolve) => {
+    rl.question(instruction, (answer) => {
+      rl.close();
+      resolve(answer.trim());
+    });
+  });
+}
+function parseUserInput(input) {
+  if (!input.includes("#") && !input.includes("code=")) {
+    return { code: input };
+  }
+  if (input.startsWith("http://") || input.startsWith("https://")) {
+    try {
+      const url = new URL(input);
+      const fragment = url.hash.startsWith("#") ? url.hash.slice(1) : url.hash;
+      const params = new URLSearchParams(fragment);
+      const code2 = params.get("code") ?? void 0;
+      const state2 = params.get("state") ?? void 0;
+      if (code2) {
+        return { code: code2, state: state2 };
       }
+    } catch {
     }
+  }
+  const [code, state] = input.split("#");
+  return { code, state };
+}
+async function exchangeCodeForTokens2(code, state, expectedState, codeVerifier) {
+  if (state && state !== expectedState) {
+    throw new Error("State mismatch detected. Please restart the authentication flow.");
+  }
+  const payload = {
+    code,
+    state: state ?? expectedState,
+    grant_type: "authorization_code",
+    client_id: CLAUDE_CLIENT_ID,
+    redirect_uri: REDIRECT_URI,
+    code_verifier: codeVerifier
+  };
+  const response = await fetch(TOKEN_ENDPOINT2, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify(payload)
   });
-  filteredEvents.forEach((event) => {
-    if (event.type === "claude-user") {
-      const content = event.payload.message?.content || [];
-      const toolResult = content.find((c) => c.type === "tool_result");
-      if (toolResult && toolResult.tool_use_id) {
-        const toolInfo = toolCallMap.get(toolResult.tool_use_id);
-        if (!toolInfo) return;
-        const resultContent = extractToolResultContent(toolResult.content);
-        const isError = toolResult.is_error || false;
-        const status = isError ? "failed" : "completed";
-        const message = messages[toolInfo.messageIndex];
-        if (!message) return;
-        if (message.type === "command") {
-          message.output = resultContent;
-          message.status = status;
-          const exitCodeMatch = resultContent.match(/exit code:?\s*(\d+)/i);
-          if (exitCodeMatch) {
-            message.exitCode = parseInt(exitCodeMatch[1], 10);
-          } else {
-            message.exitCode = isError ? 1 : 0;
-          }
-        } else if (message.type === "file_change") {
-          message.status = status;
-        } else if (message.type === "web_search") {
-          message.status = status;
-        } else if (message.type === "tool_call") {
-          message.output = resultContent;
-          message.status = status;
-        } else if (message.type === "subagent") {
-          message.output = resultContent;
-          message.status = status;
+  if (!response.ok) {
+    const text = await response.text();
+    throw new Error(`Failed to exchange authorization code: ${response.status} ${text}`);
+  }
+  const data = await response.json();
+  const now = Date.now();
+  const expiresAt = new Date(now + data.expires_in * 1e3).toISOString();
+  const refreshTokenExpiresAt = data.refresh_token_expires_in ? new Date(now + data.refresh_token_expires_in * 1e3).toISOString() : void 0;
+  return {
+    accessToken: data.access_token,
+    refreshToken: data.refresh_token,
+    tokenType: data.token_type,
+    scope: data.scope,
+    expiresAt,
+    refreshTokenExpiresAt
+  };
+}
+async function runClaudeOAuthFlow() {
+  const pkce = generatePkceCodes();
+  const state = generateState2();
+  const authUrl = buildAuthorizationUrl2(pkce.codeChallenge, state);
+  console.log(import_chalk11.default.gray("We will open your browser so you can authenticate with Claude Code."));
+  console.log(import_chalk11.default.gray("If the browser does not open automatically, use the URL below:\n"));
+  console.log(authUrl);
+  console.log();
+  try {
+    await (0, import_open3.default)(authUrl);
+  } catch {
+    console.warn(import_chalk11.default.yellow("Failed to open browser automatically. Please copy and open the URL manually."));
+  }
+  console.log(import_chalk11.default.cyan("After completing authentication, copy the code shown on the success page."));
+  console.log(import_chalk11.default.cyan("You can paste either the full URL, or a value formatted as CODE#STATE.\n"));
+  const userInput = await promptForAuthorizationCode("Paste the authorization code (or URL) here: ");
+  if (!userInput) {
+    throw new Error("No authorization code provided.");
+  }
+  const { code, state: returnedState } = parseUserInput(userInput);
+  if (!code) {
+    throw new Error("Unable to parse authorization code. Please try again.");
+  }
+  console.log(import_chalk11.default.gray("\nExchanging authorization code for tokens..."));
+  const tokens = await exchangeCodeForTokens2(code, returnedState, state, pkce.codeVerifier);
+  console.log(import_chalk11.default.green("\u2713 Successfully obtained Claude credentials"));
+  return tokens;
+}
+
+// src/commands/claude-auth.ts
+async function claudeAuthCommand(options = {}) {
+  const isUserScoped = options.user === true;
+  const scopeLabel = isUserScoped ? "personal" : "organization";
+  console.log(import_chalk12.default.cyan(`Authenticating with Claude Code (${scopeLabel})...
+`));
+  try {
+    const tokens = await runClaudeOAuthFlow();
+    console.log(import_chalk12.default.gray("\nUploading credentials to Replicas..."));
+    const endpoint = isUserScoped ? "/v1/claude/user/credentials" : "/v1/claude/credentials";
+    const response = await orgAuthenticatedFetch(
+      endpoint,
+      {
+        method: "POST",
+        body: {
+          access_token: tokens.accessToken,
+          refresh_token: tokens.refreshToken,
+          token_type: tokens.tokenType,
+          scope: tokens.scope,
+          expires_at: tokens.expiresAt,
+          refresh_token_expires_at: tokens.refreshTokenExpiresAt
         }
       }
+    );
+    if (!response.success) {
+      throw new Error(response.error || "Failed to upload Claude credentials to Replicas");
     }
-  });
-  return messages;
+    console.log(import_chalk12.default.green("\n\u2713 Claude authentication complete!"));
+    if (response.email) {
+      console.log(import_chalk12.default.gray(`  Account: ${response.email}`));
+    }
+    if (response.planType) {
+      console.log(import_chalk12.default.gray(`  Plan: ${response.planType}`));
+    }
+    if (isUserScoped) {
+      console.log(import_chalk12.default.gray("\nYour personal Claude credentials have been saved.\n"));
+    } else {
+      console.log(import_chalk12.default.gray("\nYou can now use Claude Code in your workspaces.\n"));
+    }
+  } catch (error) {
+    console.log(import_chalk12.default.red("\n\u2717 Error:"), error instanceof Error ? error.message : error);
+    process.exit(1);
+  }
 }
 
-// ../shared/src/display-message/parsers/index.ts
-function parseAgentEvents(events, agentType) {
-  if (agentType === "codex") {
-    return parseCodexEvents(events);
-  } else if (agentType === "claude") {
-    return parseClaudeEvents(events);
+// src/commands/init.ts
+var import_chalk13 = __toESM(require("chalk"));
+var import_fs4 = __toESM(require("fs"));
+var import_path5 = __toESM(require("path"));
+var REPLICAS_CONFIG_FILENAME = "replicas.json";
+function getDefaultConfig() {
+  return {
+    copy: [],
+    ports: [],
+    systemPrompt: "",
+    startHook: {
+      timeout: 3e5,
+      commands: []
+    }
+  };
+}
+function initCommand(options) {
+  const configPath = import_path5.default.join(process.cwd(), REPLICAS_CONFIG_FILENAME);
+  if (import_fs4.default.existsSync(configPath) && !options.force) {
+    console.log(
+      import_chalk13.default.yellow(
+        `${REPLICAS_CONFIG_FILENAME} already exists in this directory.`
+      )
+    );
+    console.log(import_chalk13.default.gray("Use --force to overwrite the existing file."));
+    return;
+  }
+  const defaultConfig = getDefaultConfig();
+  const configContent = JSON.stringify(defaultConfig, null, 2);
+  try {
+    import_fs4.default.writeFileSync(configPath, configContent + "\n", "utf-8");
+    console.log(import_chalk13.default.green(`\u2713 Created ${REPLICAS_CONFIG_FILENAME}`));
+    console.log("");
+    console.log(import_chalk13.default.gray("Configuration options:"));
+    console.log(
+      import_chalk13.default.gray('  copy        - Files to sync to the workspace (e.g., [".env"])')
+    );
+    console.log(
+      import_chalk13.default.gray("  ports       - Ports to forward from the workspace (e.g., [3000, 8080])")
+    );
+    console.log(
+      import_chalk13.default.gray("  systemPrompt - Custom instructions for AI coding assistants")
+    );
+    console.log(
+      import_chalk13.default.gray("  startHook   - Commands to run on workspace startup")
+    );
+  } catch (error) {
+    throw new Error(
+      `Failed to create ${REPLICAS_CONFIG_FILENAME}: ${error instanceof Error ? error.message : "Unknown error"}`
+    );
+  }
+}
+
+// src/lib/version-check.ts
+var import_chalk14 = __toESM(require("chalk"));
+var MONOLITH_URL2 = process.env.REPLICAS_MONOLITH_URL || "https://api.replicas.dev";
+var VERSION_CHECK_TIMEOUT = 2e3;
+function compareVersions(v1, v2) {
+  const parts1 = v1.split(".").map(Number);
+  const parts2 = v2.split(".").map(Number);
+  for (let i = 0; i < Math.max(parts1.length, parts2.length); i++) {
+    const num1 = parts1[i] || 0;
+    const num2 = parts2[i] || 0;
+    if (num1 > num2) return 1;
+    if (num1 < num2) return -1;
+  }
+  return 0;
+}
+async function checkForUpdates(currentVersion) {
+  try {
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), VERSION_CHECK_TIMEOUT);
+    const response = await fetch(`${MONOLITH_URL2}/v1/cli/version`, {
+      signal: controller.signal
+    });
+    clearTimeout(timeoutId);
+    if (!response.ok) return;
+    const data = await response.json();
+    const latestVersion = data.version;
+    if (compareVersions(latestVersion, currentVersion) > 0) {
+      console.error(import_chalk14.default.gray(`
+Update available: ${currentVersion} \u2192 ${latestVersion}`));
+      console.error(import_chalk14.default.gray(`Run: npm i -g replicas-cli@latest
+`));
+    }
+  } catch {
   }
-  return [];
 }
 
 // src/commands/replica.ts
+var import_chalk15 = __toESM(require("chalk"));
+var import_prompts3 = __toESM(require("prompts"));
 function formatDate(dateString) {
   return new Date(dateString).toLocaleString();
 }
@@ -2541,7 +2549,7 @@ Repositories (${response.repositories.length}):
 }
 
 // src/index.ts
-var CLI_VERSION = "0.2.30";
+var CLI_VERSION = "0.2.32";
 var program = new import_commander.Command();
 program.name("replicas").description("CLI for managing Replicas workspaces").version(CLI_VERSION);
 program.command("login").description("Authenticate with your Replicas account").action(async () => {