replicas-engine 0.1.262 → 0.1.264

package/dist/src/index.js

@@ -286,7 +286,7 @@ var WORKSPACE_SIZES = ["small", "large"];
 var INVALID_WORKSPACE_SIZE_ERROR = `Invalid size: must be one of ${WORKSPACE_SIZES.join(", ")}`;
 
 // ../shared/src/e2b.ts
-var E2B_TEMPLATE_NAME = "replicas-sandbox-2026-06-04-v4";
+var E2B_TEMPLATE_NAME = "replicas-sandbox-2026-06-05-v1";
 
 // ../shared/src/runtime-env.ts
 function parsePosixEnvFile(content) {
@@ -1096,7 +1096,7 @@ var LINEAR_ABILITY = {
 
 // ../shared/src/default-skills/replicas-agent/abilities/media.ts
 var SECTION6 = `### Media
-Share screenshots, screen recordings, generated diagrams, and audio clips inline in the Replicas chat (and as references in external messages).
+Share screenshots, screen recordings, generated diagrams, and audio clips inline in the Replicas chat and natively embedded in external messages.
 
 **Reference:** \`references/MEDIA.md\`
 
@@ -1106,7 +1106,7 @@ Use this when:
 - You need to embed media in a Slack/Linear/GitHub message AND keep a referenceable copy in the Replicas dashboard`;
 var REFERENCE6 = `# Media (Screenshots, Recordings, Audio)
 
-This guide covers how to share screenshots, screen recordings, generated diagrams, and audio clips with the user inline in the Replicas chat.
+This guide covers how to share screenshots, screen recordings, generated diagrams, and audio clips \u2014 both inline in the Replicas chat and natively embedded in external surfaces (Slack, Linear, GitHub).
 
 ## Prerequisites
 
@@ -1122,7 +1122,7 @@ Upload to Replicas in these cases \u2014 and **only** these cases:
 
 If none of these apply, don't upload.
 
-## Uploading
+## Uploading to Replicas
 
 \`\`\`bash
 replicas media upload <path-to-file> [<path-to-file> ...]
@@ -1132,47 +1132,185 @@ Pass one or more file paths. Uploading several files in a single invocation is p
 
 For each file, the CLI prints two lines:
 
-1. \`![filename](<api-url>)\` \u2014 the chat embed (renders inline in Replicas chat only; see below).
+1. \`![filename](<api-url>)\` \u2014 the chat embed (renders inline in Replicas chat **only** \u2014 see below).
 2. \`View in Replicas: <deep-link>\` \u2014 a per-file dashboard URL of the form \`https://tryreplicas.com/workspaces/<workspace-id>?mode=media&media=<media-id>\` that opens directly to that specific file.
 
 Match each "View in Replicas" line to the embed line directly above it \u2014 that's the deep link for that file.
 
-## How to use the output
+## The two URLs the CLI gives you \u2014 and where each one is allowed
 
-### CRITICAL: the markdown embed URL is for Replicas chat only
+| URL | What it is | Where it's allowed |
+|---|---|---|
+| \`https://api.tryreplicas.com/v1/media/<id>\` (inside \`![\u2026](\u2026)\`) | Authenticated API redirect to a presigned blob \u2014 requires the Replicas chat session | **Only** in the Replicas chat reply. Nowhere else. |
+| \`https://tryreplicas.com/workspaces/<workspace-id>?mode=media&media=<media-id>\` | Public dashboard deep link to the media tab, scrolled to that specific file | Everywhere external \u2014 Slack, GitHub, Linear, PR bodies, comments, emails. |
 
-The URL inside \`![filename](...)\` points at \`api.tryreplicas.com/v1/media/<id>\`. This is **not a public URL** \u2014 it requires the Replicas chat's authenticated session, which resolves it to a presigned download. Anywhere else (Slack, Linear, GitHub, a browser tab the user opens directly, a customer copy-pasting from chat), it returns \`{"error":"Missing authorization token"}\` and renders as a broken image.
+### NEVER link the API redirect URL outside the Replicas chat reply
 
-**Never paste this URL outside your Replicas chat reply.** Not in Slack messages, not in Linear comments, not in PR descriptions or commit messages, not in external docs \u2014 nowhere a non-Replicas surface will render it.
+The \`api.tryreplicas.com/v1/media/<id>\` URL is **not public**. It's an authenticated redirect that only resolves to a presigned download when the Replicas chat session token is present. Anywhere else (Slack, Linear, GitHub, a browser tab the user opens directly, a customer copy-pasting from chat) it returns \`{"error":"Missing authorization token"}\` and renders as a broken image.
 
-### Always render dashboard URLs as \`[View in Replicas](<url>)\` hyperlinks
+This rule has no exceptions:
+- \u274C Never paste it in a Slack message \u2014 upload the actual bytes via the 3-step \`files.getUploadURLExternal\` \u2192 POST bytes \u2192 \`files.completeUploadExternal\` flow instead (see below).
+- \u274C Never paste it in a GitHub PR description, issue body, review comment, or commit message.
+- \u274C Never paste it in a Linear issue body or comment \u2014 upload via Linear's \`fileUpload\` mutation instead (see below).
+- \u274C Never link to it from any external doc, email, or external chat.
+- \u274C Never include it as a "backup link" in case the dashboard link breaks \u2014 it will always break externally.
 
-Whenever you share a workspace dashboard URL \u2014 in chat or anywhere else \u2014 format it as a markdown hyperlink labeled **View in Replicas**:
+### ALWAYS link the dashboard URL \u2014 never the API URL \u2014 when referencing media externally
+
+When you reference an uploaded file from anywhere outside the Replicas chat reply, the link must be the dashboard form:
 
-\`\`\`markdown
-[View in Replicas](https://tryreplicas.com/workspaces/<workspace-id>?mode=media&media=<media-id>)
+\`\`\`
+https://tryreplicas.com/workspaces/<workspace-id>?mode=media&media=<media-id>
 \`\`\`
 
-Never paste the raw URL. Raw URLs look unpolished.
+Both query params are required:
+- \`mode=media\` opens the media tab in the dashboard.
+- \`media=<media-id>\` scrolls to and opens that specific file.
 
-Two flavors of dashboard URL the CLI gives you:
+Never link \`tryreplicas.com/workspaces/<id>?mode=media\` without the \`media=<id>\` param when you have a specific file in mind \u2014 that lands on the gallery, not the file. Never link the bare workspace URL.
 
-- **Per-file deep link** (default \u2014 what \`replicas media upload\` prints): \`...?mode=media&media=<media-id>\` opens the dashboard scrolled to that specific file. Use this whenever you're linking to *one* file.
-- **Media tab link** (no \`media=\` param): \`...?mode=media\` opens the workspace's media tab listing all files. Use this only when you're pointing at the collection, not a specific file (rare \u2014 you almost always have a specific file in mind).
+Always render as a markdown / mrkdwn hyperlink labeled **View in Replicas** \u2014 never paste a raw URL.
 
-### In your Replicas chat reply
+## In your Replicas chat reply
 
 Include each markdown embed line **verbatim** where you want that file to render inline. The chat substitutes each one with an embedded image, video, or audio player. Multiple embeds can appear in a single reply.
 
-After (or alongside) the embeds, include a \`[View in Replicas](<deep-link>)\` hyperlink for each file using the per-file URL the CLI printed for that file. This lets the user jump to the specific item in the media tab.
+After (or alongside) the embeds, include a \`[View in Replicas](<deep-link>)\` hyperlink for each file using the per-file dashboard URL from the CLI. This lets the user jump to the specific item in the media tab.
+
+## On external platforms \u2014 upload natively AND link the dashboard
+
+Sharing media externally is a **two-step requirement** for every file:
+
+1. **Upload the raw bytes natively to that platform** so the recipient sees the media embedded inline in the message itself.
+2. **Link the Replicas dashboard deep link** (\`?mode=media&media=<id>\` form) so the user can jump straight to the workspace.
+
+A link alone is not enough. A native upload alone is not enough. Do both.
+
+The one exception is GitHub, which has no public image upload API \u2014 there, the dashboard link is the only option (see below).
+
+### Slack \u2014 embed natively via the 3-step external file upload flow
+
+A Slack message that just contains a \`tryreplicas.com\` link is not acceptable when the message is supposed to show an image. The recipient should see the image inline in the thread.
+
+Slack deprecated the single-shot \`files.upload\` endpoint. The raw HTTP replacement is a 3-step flow: reserve an upload URL with \`files.getUploadURLExternal\`, POST the bytes to it, then share into the channel/thread with \`files.completeUploadExternal\`. (\`files.uploadV2\` is **only** an SDK convenience wrapper \u2014 it is NOT a real Web API HTTP endpoint and \`POST https://slack.com/api/files.uploadV2\` will return \`unknown_method\`.)
+
+\`\`\`bash
+FILE=/abs/path/to/screenshot.png
+FILENAME=$(basename "$FILE")
+LENGTH=$(stat -c%s "$FILE" 2>/dev/null || stat -f%z "$FILE")
+
+# 1. Reserve an upload URL + file ID.
+RESERVE=$(curl -s -G "https://slack.com/api/files.getUploadURLExternal" \\
+  -H "Authorization: Bearer $SLACK_BOT_TOKEN" \\
+  --data-urlencode "filename=$FILENAME" \\
+  --data-urlencode "length=$LENGTH")
+UPLOAD_URL=$(echo "$RESERVE" | jq -r '.upload_url')
+FILE_ID=$(echo "$RESERVE" | jq -r '.file_id')
+
+# 2. POST the raw bytes to the reserved URL.
+#    Do not use -F / multipart here \u2014 the presigned URL expects the bytes
+#    directly in the request body.
+curl -s -X POST "$UPLOAD_URL" \\
+  -H "Content-Type: application/octet-stream" \\
+  --data-binary @"$FILE"
+
+# 3. Complete the upload, sharing it into the channel/thread with the dashboard link.
+curl -s -X POST "https://slack.com/api/files.completeUploadExternal" \\
+  -H "Authorization: Bearer $SLACK_BOT_TOKEN" \\
+  -H "Content-Type: application/json; charset=utf-8" \\
+  -d "{
+    \\"files\\": [{\\"id\\": \\"$FILE_ID\\", \\"title\\": \\"Screenshot\\"}],
+    \\"channel_id\\": \\"CHANNEL_ID\\",
+    \\"thread_ts\\": \\"THREAD_TS\\",
+    \\"initial_comment\\": \\"<https://tryreplicas.com/workspaces/<workspace-id>?mode=media&media=<media-id>|View in Replicas>\\"
+  }"
+\`\`\`
+
+Notes:
+- All three steps are required; do not try to POST to \`https://slack.com/api/files.uploadV2\` \u2014 that endpoint does not exist on the Web API.
+- \`initial_comment\` uses Slack mrkdwn (\`<url|label>\`), not GitHub-flavored markdown.
+- Omit \`thread_ts\` only when you genuinely want a top-level channel post.
+- For multiple files in the same message, run steps 1\u20132 per file and pass all \`{id, title}\` objects in the \`files\` array of a single \`files.completeUploadExternal\` call \u2014 they share into the thread together.
+- If you also need to post a separate text reply in the thread, send it with \`chat.postMessage\` after the upload \u2014 but the upload itself must carry the image.
 
-### On external platforms (Slack, Linear, GitHub, etc.)
+Never paste the \`api.tryreplicas.com/v1/media/<id>\` URL into a Slack message body or \`initial_comment\` \u2014 it will render as a broken image attempt.
 
-Always include a \`[View in Replicas](<deep-link>)\` hyperlink \u2014 use the per-file deep link the CLI printed for that file (\`...?mode=media&media=<media-id>\`), so the recipient lands directly on that specific item.
+### Linear \u2014 embed natively via the GraphQL \`fileUpload\` mutation
+
+Linear comments and issue bodies support markdown image embeds, but the image URL must be publicly accessible \u2014 so you upload the file to Linear's storage first, then reference the returned \`assetUrl\` in markdown. Three steps:
+
+Use \`jq\` to build the JSON bodies \u2014 the GraphQL variables (\`size\`, \`filename\`, the comment body) need to be real JSON values, not unquoted placeholders, and \`jq -n --argjson / --arg\` is the safest way to interpolate shell values without quoting bugs.
+
+\`\`\`bash
+FILE=/abs/path/to/screenshot.png
+FILENAME=$(basename "$FILE")
+SIZE=$(stat -c%s "$FILE" 2>/dev/null || stat -f%z "$FILE")
+CONTENT_TYPE=image/png
+ISSUE_UUID=...           # the Linear issue's UUID
+WORKSPACE_ID=...         # the Replicas workspace ID
+MEDIA_ID=...             # the media ID printed by \`replicas media upload\`
+
+# 1. Ask Linear for an upload URL + assetUrl.
+RESERVE=$(curl -s -X POST https://api.linear.app/graphql \\
+  -H "Authorization: Bearer $LINEAR_ACCESS_TOKEN" \\
+  -H "Content-Type: application/json" \\
+  -d "$(jq -n \\
+    --argjson size "$SIZE" \\
+    --arg contentType "$CONTENT_TYPE" \\
+    --arg filename "$FILENAME" \\
+    '{
+      query: "mutation($size: Int!, $contentType: String!, $filename: String!) { fileUpload(size: $size, contentType: $contentType, filename: $filename) { uploadFile { uploadUrl assetUrl headers { key value } } } }",
+      variables: { size: $size, contentType: $contentType, filename: $filename }
+    }')")
+UPLOAD_URL=$(echo "$RESERVE" | jq -r '.data.fileUpload.uploadFile.uploadUrl')
+ASSET_URL=$(echo "$RESERVE" | jq -r '.data.fileUpload.uploadFile.assetUrl')
+
+# 2. PUT the bytes to uploadUrl, replaying every header Linear returned.
+#    Linear's presigned URL requires the exact Content-Type / Cache-Control /
+#    etc. it gave you back, so forward each {key, value} from the headers array.
+HEADER_ARGS=()
+while IFS=$'\\t' read -r k v; do
+  HEADER_ARGS+=(-H "$k: $v")
+done < <(echo "$RESERVE" | jq -r '.data.fileUpload.uploadFile.headers[] | "\\(.key)\\t\\(.value)"')
+
+curl -s -X PUT "$UPLOAD_URL" \\
+  "\${HEADER_ARGS[@]}" \\
+  --data-binary @"$FILE"
+
+# 3. Reference assetUrl inline in the comment body, alongside the dashboard link.
+BODY=$(printf '![screenshot](%s)\\n\\n[View in Replicas](https://tryreplicas.com/workspaces/%s?mode=media&media=%s)' \\
+  "$ASSET_URL" "$WORKSPACE_ID" "$MEDIA_ID")
+
+curl -s -X POST https://api.linear.app/graphql \\
+  -H "Authorization: Bearer $LINEAR_ACCESS_TOKEN" \\
+  -H "Content-Type: application/json" \\
+  -d "$(jq -n \\
+    --arg issueId "$ISSUE_UUID" \\
+    --arg body "$BODY" \\
+    '{
+      query: "mutation($issueId: String!, $body: String!) { commentCreate(input: { issueId: $issueId, body: $body }) { success } }",
+      variables: { issueId: $issueId, body: $body }
+    }')"
+\`\`\`
+
+The same flow works for issue bodies (use \`issueCreate\` / \`issueUpdate\` with the same markdown body).
+
+Never paste the \`api.tryreplicas.com/v1/media/<id>\` URL into a Linear body or comment \u2014 it will render as a broken image to anyone outside your Replicas chat.
+
+### GitHub \u2014 link the dashboard deep link (no public upload API exists)
+
+GitHub has **no public API** for uploading images to PRs or issues. Their web UI uses an undocumented internal endpoint that's not available to API clients. So for GitHub specifically, the only correct way to share media is the dashboard deep link, rendered as a markdown hyperlink:
+
+\`\`\`markdown
+[View in Replicas](https://tryreplicas.com/workspaces/<workspace-id>?mode=media&media=<media-id>)
+\`\`\`
 
-For platforms that support native uploads (Slack \`files.upload\`, Linear attachments, etc.), upload the raw bytes there too so the recipient sees the media inline in addition to the Replicas link. GitHub PRs/issues do not have a public upload API, so the \`View in Replicas\` link is the canonical way to share media there \u2014 do not commit screenshots to the repo and do not use placeholder URLs.
+Do **not**:
+- Commit screenshots as files to the repo as a workaround.
+- Use placeholder image URLs.
+- Embed the \`api.tryreplicas.com/v1/media/<id>\` URL in markdown \u2014 it renders as a broken image for every viewer.
 
-Do **not** include the \`![filename](https://api.tryreplicas.com/...)\` markdown embed in external messages. It will render as a broken image / 401 for the recipient.
+This applies to PR descriptions, PR review comments, issue bodies, issue comments, and commit messages.
 
 ## Recording defaults
 
@@ -1593,14 +1731,42 @@ curl -s "https://slack.com/api/search.messages?query=YOUR_SEARCH_QUERY" \\
 
 ### Uploading Files
 
+Slack deprecated \`files.upload\`; the raw HTTP replacement is a 3-step flow. (\`files.uploadV2\` is **only** an SDK convenience wrapper and is NOT a real Web API HTTP endpoint \u2014 \`POST https://slack.com/api/files.uploadV2\` returns \`unknown_method\`.)
+
 \`\`\`bash
-curl -s -X POST "https://slack.com/api/files.uploadV2" \\
+FILE=/path/to/file
+FILENAME=$(basename "$FILE")
+LENGTH=$(stat -c%s "$FILE" 2>/dev/null || stat -f%z "$FILE")
+
+# 1. Reserve an upload URL + file ID.
+RESERVE=$(curl -s -G "https://slack.com/api/files.getUploadURLExternal" \\
+  -H "Authorization: Bearer $SLACK_BOT_TOKEN" \\
+  --data-urlencode "filename=$FILENAME" \\
+  --data-urlencode "length=$LENGTH")
+UPLOAD_URL=$(echo "$RESERVE" | jq -r '.upload_url')
+FILE_ID=$(echo "$RESERVE" | jq -r '.file_id')
+
+# 2. POST the raw bytes to the reserved URL.
+#    Do not use -F / multipart here \u2014 the presigned URL expects the bytes
+#    directly in the request body.
+curl -s -X POST "$UPLOAD_URL" \\
+  -H "Content-Type: application/octet-stream" \\
+  --data-binary @"$FILE"
+
+# 3. Complete the upload and share into a channel (and optionally a thread).
+curl -s -X POST "https://slack.com/api/files.completeUploadExternal" \\
   -H "Authorization: Bearer $SLACK_BOT_TOKEN" \\
-  -F "channel_id=CHANNEL_ID" \\
-  -F "file=@/path/to/file" \\
-  -F "title=File title"
+  -H "Content-Type: application/json; charset=utf-8" \\
+  -d "{
+    \\"files\\": [{\\"id\\": \\"$FILE_ID\\", \\"title\\": \\"File title\\"}],
+    \\"channel_id\\": \\"CHANNEL_ID\\",
+    \\"thread_ts\\": \\"OPTIONAL_THREAD_TS\\",
+    \\"initial_comment\\": \\"Optional message body\\"
+  }"
 \`\`\`
 
+Omit \`thread_ts\` and/or \`initial_comment\` if you don't need them.
+
 ### Other Operations
 
 You can list channels, read channel history, add reactions, and perform any other operation supported by the Slack Web API using the same authentication pattern.
@@ -2287,7 +2453,6 @@ var execFileAsync = promisify(execFile);
 var SUBPROCESS_MAX_BUFFER = HOOK_EXEC_MAX_BUFFER_BYTES;
 
 // src/managers/github-token-manager.ts
-import { promises as fs } from "fs";
 import path from "path";
 
 // src/engine-env.ts
@@ -2529,6 +2694,26 @@ var MonolithService = class {
 };
 var monolithService = new MonolithService();
 
+// src/utils/file.ts
+import { mkdir, rename, unlink, writeFile } from "fs/promises";
+import { dirname } from "path";
+async function atomicWriteFile(path4, data, options) {
+  const tmpFile = `${path4}.${process.pid}.${Date.now()}.tmp`;
+  try {
+    await writeFile(tmpFile, data, { encoding: "utf-8", mode: options?.mode });
+    await rename(tmpFile, path4);
+  } catch (error) {
+    await unlink(tmpFile).catch(() => void 0);
+    throw error;
+  }
+}
+async function writeSecureCredentialFile(filePath, content, options) {
+  if (options?.ensureParentDir) {
+    await mkdir(dirname(filePath), { recursive: true, mode: 448 });
+  }
+  await atomicWriteFile(filePath, content, { mode: 384 });
+}
+
 // src/managers/github-token-manager.ts
 var GitHubTokenManager = class extends BaseRefreshManager {
   constructor() {
@@ -2544,8 +2729,9 @@ var GitHubTokenManager = class extends BaseRefreshManager {
     const data = await response.json();
     await this.updateGitCredentials(data.token);
     const ghToken = data.userToken?.token ?? data.token;
+    const ghUsername = data.userToken?.username ?? "x-access-token";
     ENGINE_ENV.GH_TOKEN = ghToken;
-    process.env.GH_TOKEN = ghToken;
+    await this.updateGhHostsFile(ghToken, ghUsername);
     if (data.userToken) {
       console.log(`[GitHubTokenManager] Token refreshed with user token for PR attribution, installation token expires at ${data.expiresAt}, user token expires at ${data.userToken.expiresAt}`);
     } else {
@@ -2553,22 +2739,35 @@ var GitHubTokenManager = class extends BaseRefreshManager {
     }
   }
   async updateGitCredentials(token) {
-    const workspaceHome = ENGINE_ENV.HOME_DIR;
-    const credentialsPath = path.join(workspaceHome, ".git-credentials");
+    const credentialsPath = path.join(ENGINE_ENV.HOME_DIR, ".git-credentials");
     const credentialsContent = `https://x-access-token:${token}@github.com
 `;
     try {
-      await fs.writeFile(credentialsPath, credentialsContent, { mode: 384 });
+      await writeSecureCredentialFile(credentialsPath, credentialsContent);
       console.log(`[GitHubTokenManager] Updated ${credentialsPath}`);
     } catch (error) {
       console.error("[GitHubTokenManager] Failed to update git credentials:", error);
     }
   }
+  async updateGhHostsFile(token, username) {
+    const hostsPath = path.join(ENGINE_ENV.HOME_DIR, ".config", "gh", "hosts.yml");
+    const content = `github.com:
+    oauth_token: ${JSON.stringify(token)}
+    user: ${JSON.stringify(username)}
+    git_protocol: https
+`;
+    try {
+      await writeSecureCredentialFile(hostsPath, content, { ensureParentDir: true });
+      console.log(`[GitHubTokenManager] Updated ${hostsPath}`);
+    } catch (error) {
+      console.error("[GitHubTokenManager] Failed to update gh hosts file:", error);
+    }
+  }
 };
 var githubTokenManager = new GitHubTokenManager();
 
 // src/managers/claude-token-manager.ts
-import { promises as fs2 } from "fs";
+import { promises as fs } from "fs";
 import path2 from "path";
 
 // src/managers/auth-env-transition.ts
@@ -2661,9 +2860,7 @@ var ClaudeTokenManager = class extends BaseRefreshManager {
     });
   }
   async writeOauthCredentialsFile(credentials) {
-    const workspaceHome = ENGINE_ENV.HOME_DIR;
-    const claudeDir = path2.join(workspaceHome, ".claude");
-    const credentialsPath = path2.join(claudeDir, ".credentials.json");
+    const credentialsPath = path2.join(ENGINE_ENV.HOME_DIR, ".claude", ".credentials.json");
     const claudeCliConfig = {
       claudeAiOauth: {
         accessToken: credentials.accessToken,
@@ -2674,8 +2871,11 @@ var ClaudeTokenManager = class extends BaseRefreshManager {
       }
     };
     try {
-      await fs2.mkdir(claudeDir, { recursive: true, mode: 448 });
-      await fs2.writeFile(credentialsPath, JSON.stringify(claudeCliConfig, null, 2), { mode: 384 });
+      await writeSecureCredentialFile(
+        credentialsPath,
+        JSON.stringify(claudeCliConfig, null, 2),
+        { ensureParentDir: true }
+      );
       console.log(`[ClaudeTokenManager] Updated ${credentialsPath}`);
     } catch (error) {
       console.error("[ClaudeTokenManager] Failed to update credentials file:", error);
@@ -2684,7 +2884,7 @@ var ClaudeTokenManager = class extends BaseRefreshManager {
   async removeOauthCredentialsFile() {
     const credentialsPath = path2.join(ENGINE_ENV.HOME_DIR, ".claude", ".credentials.json");
     try {
-      await fs2.unlink(credentialsPath);
+      await fs.unlink(credentialsPath);
     } catch {
     }
   }
@@ -2692,7 +2892,7 @@ var ClaudeTokenManager = class extends BaseRefreshManager {
 var claudeTokenManager = new ClaudeTokenManager();
 
 // src/managers/codex-token-manager.ts
-import { promises as fs3 } from "fs";
+import { promises as fs2 } from "fs";
 import path3 from "path";
 var CodexTokenManager = class extends BaseRefreshManager {
   constructor() {
@@ -2761,9 +2961,7 @@ var CodexTokenManager = class extends BaseRefreshManager {
     });
   }
   async writeOauthCredentialsFile(credentials) {
-    const workspaceHome = ENGINE_ENV.HOME_DIR;
-    const codexDir = path3.join(workspaceHome, ".codex");
-    const authPath = path3.join(codexDir, "auth.json");
+    const authPath = path3.join(ENGINE_ENV.HOME_DIR, ".codex", "auth.json");
     const codexAuthConfig = {
       OPENAI_API_KEY: null,
       tokens: {
@@ -2775,8 +2973,11 @@ var CodexTokenManager = class extends BaseRefreshManager {
       last_refresh: (/* @__PURE__ */ new Date()).toISOString()
     };
     try {
-      await fs3.mkdir(codexDir, { recursive: true, mode: 448 });
-      await fs3.writeFile(authPath, JSON.stringify(codexAuthConfig, null, 2), { mode: 384 });
+      await writeSecureCredentialFile(
+        authPath,
+        JSON.stringify(codexAuthConfig, null, 2),
+        { ensureParentDir: true }
+      );
       console.log(`[CodexTokenManager] Updated ${authPath}`);
     } catch (error) {
       console.error("[CodexTokenManager] Failed to update credentials file:", error);
@@ -2785,7 +2986,7 @@ var CodexTokenManager = class extends BaseRefreshManager {
   async removeOauthCredentialsFile() {
     const authPath = path3.join(ENGINE_ENV.HOME_DIR, ".codex", "auth.json");
     try {
-      await fs3.unlink(authPath);
+      await fs2.unlink(authPath);
     } catch {
     }
   }
@@ -2799,24 +3000,11 @@ import { spawn } from "child_process";
 import { join as join5 } from "path";
 
 // src/utils/state.ts
-import { readFile, mkdir } from "fs/promises";
+import { readFile, mkdir as mkdir2 } from "fs/promises";
 import { existsSync } from "fs";
 import { join as join3 } from "path";
 import { homedir as homedir3 } from "os";
 
-// src/utils/file.ts
-import { rename, unlink, writeFile } from "fs/promises";
-async function atomicWriteFile(path4, data) {
-  const tmpFile = `${path4}.${process.pid}.${Date.now()}.tmp`;
-  try {
-    await writeFile(tmpFile, data, "utf-8");
-    await rename(tmpFile, path4);
-  } catch (error) {
-    await unlink(tmpFile).catch(() => void 0);
-    throw error;
-  }
-}
-
 // src/utils/type-guards.ts
 function isRecord4(value) {
   return typeof value === "object" && value !== null;
@@ -2836,7 +3024,7 @@ function enqueueStateWrite(operation) {
 }
 async function updateEngineState(updater) {
   await enqueueStateWrite(async () => {
-    await mkdir(STATE_DIR, { recursive: true });
+    await mkdir2(STATE_DIR, { recursive: true });
     const currentState = await loadEngineState();
     const nextState = updater(currentState);
     await atomicWriteFile(STATE_FILE, JSON.stringify(nextState, null, 2));
@@ -3466,7 +3654,7 @@ var GitService = class {
 var gitService = new GitService();
 
 // src/utils/logger.ts
-import { appendFile, mkdir as mkdir2, writeFile as writeFile2 } from "fs/promises";
+import { appendFile, mkdir as mkdir3, writeFile as writeFile2 } from "fs/promises";
 import { homedir as homedir4 } from "os";
 import { join as join6 } from "path";
 import { format } from "util";
@@ -3481,7 +3669,7 @@ var EngineLogger = class {
     return this._sessionId;
   }
   async initialize() {
-    await mkdir2(LOG_DIR, { recursive: true });
+    await mkdir3(LOG_DIR, { recursive: true });
     this._sessionId = this.createSessionId();
     this.filePath = join6(LOG_DIR, `${this._sessionId}.log`);
     await writeFile2(this.filePath, `=== Replicas Engine Session ${this._sessionId} ===
@@ -3534,14 +3722,14 @@ var EngineLogger = class {
 var engineLogger = new EngineLogger();
 
 // src/services/replicas-config-service.ts
-import { readFile as readFile5, appendFile as appendFile2, writeFile as writeFile4, mkdir as mkdir5 } from "fs/promises";
+import { readFile as readFile5, appendFile as appendFile2, writeFile as writeFile4, mkdir as mkdir6 } from "fs/promises";
 import { existsSync as existsSync4 } from "fs";
 import { join as join9 } from "path";
 import { homedir as homedir7 } from "os";
 import { spawn as spawn2 } from "child_process";
 
 // src/services/environment-details-service.ts
-import { mkdir as mkdir3, readFile as readFile3 } from "fs/promises";
+import { mkdir as mkdir4, readFile as readFile3 } from "fs/promises";
 import { existsSync as existsSync3 } from "fs";
 import { homedir as homedir5 } from "os";
 import { join as join7 } from "path";
@@ -3625,7 +3813,7 @@ async function readDetails() {
   }
 }
 async function writeDetails(details) {
-  await mkdir3(REPLICAS_DIR, { recursive: true });
+  await mkdir4(REPLICAS_DIR, { recursive: true });
   await atomicWriteFile(DETAILS_FILE, `${JSON.stringify(details, null, 2)}
 `);
 }
@@ -3711,7 +3899,7 @@ var EnvironmentDetailsService = class {
 var environmentDetailsService = new EnvironmentDetailsService();
 
 // src/services/start-hook-logs-service.ts
-import { mkdir as mkdir4, readFile as readFile4, writeFile as writeFile3, readdir as readdir2 } from "fs/promises";
+import { mkdir as mkdir5, readFile as readFile4, writeFile as writeFile3, readdir as readdir2 } from "fs/promises";
 import { homedir as homedir6 } from "os";
 import { join as join8 } from "path";
 
@@ -3757,7 +3945,7 @@ function normalizeStored(raw) {
 }
 var StartHookLogsService = class {
   async ensureDir() {
-    await mkdir4(LOGS_DIR, { recursive: true });
+    await mkdir5(LOGS_DIR, { recursive: true });
   }
   async saveLog(hookType, hookName, entry) {
     await this.ensureDir();
@@ -3905,7 +4093,7 @@ var ReplicasConfigService = class {
     const logLine = `[${timestamp}] ${message}
 `;
     try {
-      await mkdir5(join9(homedir7(), ".replicas"), { recursive: true });
+      await mkdir6(join9(homedir7(), ".replicas"), { recursive: true });
       await appendFile2(START_HOOKS_LOG, logLine, "utf-8");
     } catch (error) {
       console.error("Failed to write to start hooks log:", error);
@@ -4040,7 +4228,7 @@ var ReplicasConfigService = class {
     this.hooksCompleted = false;
     this.hooksFailed = false;
     try {
-      await mkdir5(join9(homedir7(), ".replicas"), { recursive: true });
+      await mkdir6(join9(homedir7(), ".replicas"), { recursive: true });
       await writeFile4(
         START_HOOKS_LOG,
         `=== Start Hooks Execution Log ===
@@ -4234,7 +4422,7 @@ ${startHookConfig.commands.join("\n")}`;
 var replicasConfigService = new ReplicasConfigService();
 
 // src/services/event-service.ts
-import { appendFile as appendFile3, mkdir as mkdir6 } from "fs/promises";
+import { appendFile as appendFile3, mkdir as mkdir7 } from "fs/promises";
 import { homedir as homedir8 } from "os";
 import { join as join10 } from "path";
 import { randomUUID } from "crypto";
@@ -4244,7 +4432,7 @@ var EventService = class {
   subscribers = /* @__PURE__ */ new Map();
   writeChain = Promise.resolve();
   async initialize() {
-    await mkdir6(ENGINE_DIR, { recursive: true });
+    await mkdir7(ENGINE_DIR, { recursive: true });
   }
   subscribe(subscriber) {
     const id = randomUUID();
@@ -4274,11 +4462,11 @@ var EventService = class {
 var eventService = new EventService();
 
 // src/services/preview-service.ts
-import { mkdir as mkdir7, readFile as readFile6 } from "fs/promises";
+import { mkdir as mkdir8, readFile as readFile6 } from "fs/promises";
 import { existsSync as existsSync5 } from "fs";
 import { randomUUID as randomUUID2 } from "crypto";
 import { homedir as homedir9 } from "os";
-import { dirname, join as join11 } from "path";
+import { dirname as dirname2, join as join11 } from "path";
 var PREVIEW_PORTS_FILE = join11(homedir9(), ".replicas", "preview-ports.json");
 async function readPreviewsFile() {
   try {
@@ -4292,8 +4480,8 @@ async function readPreviewsFile() {
   }
 }
 async function writePreviewsFile(data) {
-  const dir = dirname(PREVIEW_PORTS_FILE);
-  await mkdir7(dir, { recursive: true });
+  const dir = dirname2(PREVIEW_PORTS_FILE);
+  await mkdir8(dir, { recursive: true });
   await atomicWriteFile(PREVIEW_PORTS_FILE, `${JSON.stringify(data, null, 2)}
 `);
 }
@@ -4390,7 +4578,7 @@ async function registerDesktopPreview() {
 
 // src/services/chat/chat-service.ts
 import { existsSync as existsSync8 } from "fs";
-import { appendFile as appendFile5, copyFile, mkdir as mkdir11, readFile as readFile9, rename as rename2, rm } from "fs/promises";
+import { appendFile as appendFile5, copyFile, mkdir as mkdir12, readFile as readFile9, rename as rename2, rm } from "fs/promises";
 import { homedir as homedir13 } from "os";
 import { join as join15 } from "path";
 import { randomUUID as randomUUID5 } from "crypto";
@@ -4401,7 +4589,7 @@ import {
 } from "@anthropic-ai/claude-agent-sdk";
 import { randomUUID as randomUUID4 } from "crypto";
 import { join as join13 } from "path";
-import { mkdir as mkdir9, appendFile as appendFile4 } from "fs/promises";
+import { mkdir as mkdir10, appendFile as appendFile4 } from "fs/promises";
 import { homedir as homedir11 } from "os";
 
 // src/utils/jsonl-reader.ts
@@ -4907,7 +5095,7 @@ function extractPlanFromCodexAspNotification(notification) {
 
 // src/utils/image-utils.ts
 import { randomUUID as randomUUID3 } from "crypto";
-import { mkdir as mkdir8, unlink as unlink2, writeFile as writeFile5 } from "fs/promises";
+import { mkdir as mkdir9, unlink as unlink2, writeFile as writeFile5 } from "fs/promises";
 import { homedir as homedir10 } from "os";
 import { join as join12 } from "path";
 function isImageMediaType(value) {
@@ -4988,7 +5176,7 @@ async function normalizeImages(images) {
   return normalized;
 }
 async function saveNormalizedImagesToTempFiles(images, tempImageDir = join12(homedir10(), ".replicas", "codex", "temp-images")) {
-  await mkdir8(tempImageDir, { recursive: true });
+  await mkdir9(tempImageDir, { recursive: true });
   const tempPaths = [];
   try {
     for (const image of images) {
@@ -5320,6 +5508,9 @@ function buildClaudeAgentEnv(overrides) {
   if (shouldStripAnthropicApiKey()) {
     env.ANTHROPIC_API_KEY = void 0;
   }
+  env.GH_TOKEN = void 0;
+  env.GITHUB_TOKEN = void 0;
+  env.GH_CONFIG_DIR = void 0;
   env.CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD = "1";
   return env;
 }
@@ -5333,6 +5524,9 @@ function buildCodexAgentEnv() {
   if (shouldStripOpenAIApiKey()) {
     delete env.OPENAI_API_KEY;
   }
+  delete env.GH_TOKEN;
+  delete env.GITHUB_TOKEN;
+  delete env.GH_CONFIG_DIR;
   return env;
 }
 function resolveCodexApiKey() {
@@ -6139,7 +6333,7 @@ var ClaudeManager = class _ClaudeManager extends CodingAgentManager {
   }
   async initialize() {
     const historyDir = join13(homedir11(), ".replicas", "claude");
-    await mkdir9(historyDir, { recursive: true });
+    await mkdir10(historyDir, { recursive: true });
     if (this.initialSessionId) {
       this.sessionId = this.initialSessionId;
       console.log(`[ClaudeManager] Restored session ID from persisted state: ${this.sessionId}`);
@@ -6373,7 +6567,7 @@ var AspClient = class {
 // src/managers/codex-asp/app-server-process.ts
 var DEFAULT_CODEX_BINARY = "codex";
 var DEFAULT_CODEX_ARGS = ["app-server", "--listen", "stdio://"];
-var ENGINE_PACKAGE_VERSION = "0.1.262";
+var ENGINE_PACKAGE_VERSION = "0.1.264";
 var INITIALIZE_METHOD = "initialize";
 var INITIALIZED_NOTIFICATION = "initialized";
 var ACCOUNT_LOGIN_START_METHOD = "account/login/start";
@@ -7993,7 +8187,7 @@ var CodexAspManager = class extends CodingAgentManager {
 
 // src/managers/codex-manager.ts
 import { Codex } from "@openai/codex-sdk";
-import { readdir as readdir3, stat as stat2, writeFile as writeFile6, mkdir as mkdir10, readFile as readFile8 } from "fs/promises";
+import { readdir as readdir3, stat as stat2, writeFile as writeFile6, mkdir as mkdir11, readFile as readFile8 } from "fs/promises";
 import { existsSync as existsSync7 } from "fs";
 import { join as join14 } from "path";
 import { homedir as homedir12 } from "os";
@@ -8077,7 +8271,7 @@ var CodexManager = class extends CodingAgentManager {
   async updateCodexConfig(developerInstructions) {
     try {
       const codexDir = join14(homedir12(), ".codex");
-      await mkdir10(codexDir, { recursive: true });
+      await mkdir11(codexDir, { recursive: true });
       let config = {};
       if (existsSync7(CODEX_CONFIG_PATH)) {
         try {
@@ -9096,10 +9290,10 @@ var ChatService = class {
   chats = /* @__PURE__ */ new Map();
   writeChain = Promise.resolve();
   async initialize() {
-    await mkdir11(ENGINE_DIR2, { recursive: true });
-    await mkdir11(CLAUDE_HISTORY_DIR, { recursive: true });
-    await mkdir11(RELAY_HISTORY_DIR, { recursive: true });
-    await mkdir11(CHAT_SENDERS_DIR, { recursive: true });
+    await mkdir12(ENGINE_DIR2, { recursive: true });
+    await mkdir12(CLAUDE_HISTORY_DIR, { recursive: true });
+    await mkdir12(RELAY_HISTORY_DIR, { recursive: true });
+    await mkdir12(CHAT_SENDERS_DIR, { recursive: true });
     const persisted = await this.loadChats();
     for (const chat of persisted) {
       const runtime = this.createRuntimeChat(chat);
@@ -10018,7 +10212,7 @@ import { existsSync as existsSync9 } from "fs";
 import { join as join19 } from "path";
 
 // src/services/warm-hook-logs-service.ts
-import { mkdir as mkdir12, readFile as readFile12, writeFile as writeFile7, readdir as readdir5, appendFile as appendFile6, unlink as unlink3 } from "fs/promises";
+import { mkdir as mkdir13, readFile as readFile12, writeFile as writeFile7, readdir as readdir5, appendFile as appendFile6, unlink as unlink3 } from "fs/promises";
 import { homedir as homedir15 } from "os";
 import { join as join18 } from "path";
 var LOGS_DIR2 = join18(homedir15(), ".replicas", "warm-hook-logs");
@@ -10030,7 +10224,7 @@ function withPreview2(stored) {
 }
 var WarmHookLogsService = class {
   async ensureDir() {
-    await mkdir12(LOGS_DIR2, { recursive: true });
+    await mkdir13(LOGS_DIR2, { recursive: true });
   }
   async saveGlobalHookLog(entry) {
     await this.ensureDir();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "replicas-engine",
-  "version": "0.1.262",
+  "version": "0.1.264",
   "description": "Lightweight API server for Replicas workspaces",
   "type": "module",
   "main": "dist/src/index.js",