npm - svamp-cli - Versions diffs - 0.1.29 → 0.1.30 - Mend

svamp-cli 0.1.29 → 0.1.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (95) hide show

package/dist/cli.mjs +7 -7
package/dist/{commands-CgT3AgJ0.mjs → commands-B2xQb9u7.mjs} +1 -1
package/dist/{commands-CKTIJoV0.mjs → commands-C5pW2VmI.mjs} +286 -60
package/dist/{commands-DDB3y1L1.mjs → commands-TZkNivgV.mjs} +295 -44
package/dist/index.mjs +1 -1
package/dist/{run-DZmxHj-e.mjs → run-CtCTd6if.mjs} +234 -50
package/dist/{run-CuN6K7pN.mjs → run-Cxdc5Zmw.mjs} +316 -164
package/dist/{run-DMD0N00A.mjs → run-dBWhjQRf.mjs} +316 -76
package/package.json +1 -1
package/dist/agent-cli.mjs +0 -453
package/dist/commands-1CYZC6Xh.mjs +0 -481
package/dist/commands-B1DcpgLW.mjs +0 -481
package/dist/commands-BGmdgMAC.mjs +0 -485
package/dist/commands-BOeSil-P.mjs +0 -459
package/dist/commands-BU4GZQuH.mjs +0 -481
package/dist/commands-Ba66PxtQ.mjs +0 -481
package/dist/commands-C0-xqIIc.mjs +0 -481
package/dist/commands-C7Qy5n6d.mjs +0 -481
package/dist/commands-CKpC8R9T.mjs +0 -481
package/dist/commands-CNqOjR1y.mjs +0 -481
package/dist/commands-CVKh1tWr.mjs +0 -485
package/dist/commands-CYBblX73.mjs +0 -485
package/dist/commands-CZBYmj16.mjs +0 -485
package/dist/commands-CcWIvCA4.mjs +0 -481
package/dist/commands-Cfwf-cQG.mjs +0 -481
package/dist/commands-DCNO2m66.mjs +0 -471
package/dist/commands-DRIFvhmC.mjs +0 -481
package/dist/commands-DXmw2dzy.mjs +0 -481
package/dist/commands-DkSvlKFF.mjs +0 -485
package/dist/commands-DnDd4Sew.mjs +0 -481
package/dist/commands-DnpnAFQW.mjs +0 -485
package/dist/commands-Do-TVYFm.mjs +0 -481
package/dist/commands-GEXri0yz.mjs +0 -484
package/dist/commands-Kzm0_XNH.mjs +0 -481
package/dist/commands-MQvNbIid.mjs +0 -481
package/dist/commands-_uCC3U1U.mjs +0 -481
package/dist/commands-y2WG29W9.mjs +0 -485
package/dist/hyphaClient-DLkclazm.mjs +0 -39
package/dist/package-ASJ9pMHk.mjs +0 -60
package/dist/package-B2FOzHaM.mjs +0 -57
package/dist/package-Bk_PFVA0.mjs +0 -57
package/dist/package-Bnij-ZtR.mjs +0 -57
package/dist/package-BtRbHfjz.mjs +0 -57
package/dist/package-C5B0twb8.mjs +0 -57
package/dist/package-CC5d8_0L.mjs +0 -57
package/dist/package-CCJ045H0.mjs +0 -60
package/dist/package-CS219SXn.mjs +0 -57
package/dist/package-Cd-9ktpd.mjs +0 -60
package/dist/package-CgBD49cA.mjs +0 -57
package/dist/package-CvnNnsm7.mjs +0 -60
package/dist/package-DPXkSwHu.mjs +0 -57
package/dist/package-DpqWz9Cr.mjs +0 -60
package/dist/package-JqEt5Ib4.mjs +0 -57
package/dist/package-k18Su1iE.mjs +0 -58
package/dist/package-nzkXV1aM.mjs +0 -57
package/dist/package-pNo6GC3a.mjs +0 -60
package/dist/package-pZp14zKI.mjs +0 -57
package/dist/run-4fyJcaRE.mjs +0 -3856
package/dist/run-B6oqR83K.mjs +0 -4631
package/dist/run-BI32lPRK.mjs +0 -3870
package/dist/run-BQHneHfW.mjs +0 -3834
package/dist/run-Bb4fyIWZ.mjs +0 -3812
package/dist/run-BglwnB-A.mjs +0 -3889
package/dist/run-BjVWuitO.mjs +0 -3919
package/dist/run-BzUE-JUT.mjs +0 -3708
package/dist/run-BzqS97Sx.mjs +0 -3666
package/dist/run-C6snRxyh.mjs +0 -3826
package/dist/run-C8CI8Ujj.mjs +0 -3693
package/dist/run-CL-FS4Yc.mjs +0 -3933
package/dist/run-CS1Z4GcM.mjs +0 -3786
package/dist/run-CT7uizQo.mjs +0 -4492
package/dist/run-CUIj4xbE.mjs +0 -4880
package/dist/run-CW26vPqj.mjs +0 -3919
package/dist/run-CkTufc0D.mjs +0 -3875
package/dist/run-Cmostc0S.mjs +0 -3902
package/dist/run-Cp3kKdzm.mjs +0 -3865
package/dist/run-D0bCTY72.mjs +0 -3816
package/dist/run-D4N6FQON.mjs +0 -4673
package/dist/run-D4dlA0jo.mjs +0 -4813
package/dist/run-DMW8ibIw.mjs +0 -3958
package/dist/run-DO52unxE.mjs +0 -3950
package/dist/run-DQ5FOQ_c.mjs +0 -4788
package/dist/run-DT7FgL8L.mjs +0 -4339
package/dist/run-DYhBROuo.mjs +0 -3934
package/dist/run-DjfPjgOb.mjs +0 -3904
package/dist/run-DlL4JALM.mjs +0 -4719
package/dist/run-Dp2JPkGI.mjs +0 -3913
package/dist/run-Dptna3Je.mjs +0 -3867
package/dist/run-DwK3dfHd.mjs +0 -3875
package/dist/run-M_SMt96j.mjs +0 -3913
package/dist/run-MlpxQUPN.mjs +0 -3869
package/dist/run-PuTIelbv.mjs +0 -3706
package/dist/run-h37iSCUB.mjs +0 -3934
package/dist/run-lpV0oguG.mjs +0 -3897
package/dist/run-oHmTMcv8.mjs +0 -4721

package/dist/{run-CuN6K7pN.mjs → run-Cxdc5Zmw.mjs} RENAMED Viewed

@@ -5,20 +5,57 @@ import { dirname, join as join$1, resolve, basename } from 'path';
 import { fileURLToPath } from 'url';
 import { spawn as spawn$1 } from 'child_process';
 import { randomUUID as randomUUID$1 } from 'crypto';
-import { c as connectToHypha } from './hyphaClient-DLkclazm.mjs';
 import { randomUUID } from 'node:crypto';
 import { existsSync, readFileSync, mkdirSync, appendFileSync, writeFileSync } from 'node:fs';
 import { join } from 'node:path';
 import { spawn, execSync, execFile } from 'node:child_process';
 import { ndJsonStream, ClientSideConnection } from '@agentclientprotocol/sdk';
+import { homedir, tmpdir } from 'node:os';
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js';
 import { ElicitRequestSchema } from '@modelcontextprotocol/sdk/types.js';
 import { z } from 'zod';
 import { mkdir, access, mkdtemp, rm, writeFile } from 'node:fs/promises';
-import { homedir } from 'node:os';
 import { promisify } from 'node:util';
+let connectToServerFn = null;
+async function getConnectToServer() {
+  if (!connectToServerFn) {
+    const mod = await import('hypha-rpc');
+    connectToServerFn = mod.connectToServer || mod.default && mod.default.connectToServer || mod.hyphaWebsocketClient && mod.hyphaWebsocketClient.connectToServer;
+    if (!connectToServerFn) {
+      throw new Error("Could not find connectToServer in hypha-rpc module");
+    }
+  }
+  return connectToServerFn;
+}
+async function connectToHypha(config) {
+  const connectToServer = await getConnectToServer();
+  const workspace = config.token ? parseWorkspaceFromToken(config.token) : void 0;
+  const server = await connectToServer({
+    server_url: config.serverUrl,
+    token: config.token,
+    client_id: config.clientId,
+    name: config.name || "svamp-cli",
+    workspace,
+    ...config.transport ? { transport: config.transport } : {}
+  });
+  return server;
+}
+function parseWorkspaceFromToken(token) {
+  try {
+    const payload = JSON.parse(Buffer.from(token.split(".")[1], "base64").toString());
+    const scope = payload.scope || "";
+    const match = scope.match(/wid:([^\s]+)/);
+    return match ? match[1] : void 0;
+  } catch {
+    return void 0;
+  }
+}
+function getHyphaServerUrl() {
+  return process.env.HYPHA_SERVER_URL || "http://localhost:9527";
+}
 const ROLE_HIERARCHY = {
   view: 0,
   interact: 1,
@@ -116,6 +153,12 @@ async function registerMachineService(server, machineId, metadata, daemonState,
       // Spawn a new session
       spawnSession: async (options, context) => {
         authorizeRequest(context, currentMetadata.sharing, "interact");
+        if (options.sharing?.enabled && !options.sharing.owner && context?.user?.email) {
+          options = {
+            ...options,
+            sharing: { ...options.sharing, owner: context.user.email }
+          };
+        }
         const result = await handlers.spawnSession({
           ...options,
           machineId
@@ -140,27 +183,17 @@ async function registerMachineService(server, machineId, metadata, daemonState,
         });
         return result;
       },
+      // Restart agent process in a session (machine-level fallback)
+      restartSession: async (sessionId, context) => {
+        authorizeRequest(context, currentMetadata.sharing, "interact");
+        return await handlers.restartSession(sessionId);
+      },
       // Stop the daemon
       stopDaemon: async (context) => {
         authorizeRequest(context, currentMetadata.sharing, "admin");
         handlers.requestShutdown();
         return { success: true };
       },
-      // Recover crashed sessions (scan disk, restore stopped sessions)
-      recoverSessions: async (context) => {
-        authorizeRequest(context, currentMetadata.sharing, "admin");
-        const result = await handlers.recoverSessions();
-        for (const detail of result.details) {
-          if (detail.status === "recovered") {
-            notifyListeners({
-              type: "new-session",
-              sessionId: detail.sessionId,
-              machineId
-            });
-          }
-        }
-        return result;
-      },
       // Metadata management (with optimistic concurrency)
       getMetadata: async (context) => {
         authorizeRequest(context, currentMetadata.sharing, "view");
@@ -397,6 +430,8 @@ async function registerSessionService(server, sessionId, initialMetadata, initia
         data.uuid = randomUUID();
       }
       wrappedContent = { role: "agent", content: { type: "output", data } };
+    } else if (role === "event") {
+      wrappedContent = { role: "agent", content: { type: "event", data: content } };
     } else if (role === "session") {
       wrappedContent = { role: "session", content: { type: "session", data: content } };
     } else {
@@ -639,6 +674,9 @@ async function registerSessionService(server, sessionId, initialMetadata, initia
         if (metadata.sharing && context?.user?.email && context.user.email !== metadata.sharing.owner) {
           throw new Error("Only the session owner can update sharing settings");
         }
+        if (newSharing.enabled && !newSharing.owner && context?.user?.email) {
+          newSharing = { ...newSharing, owner: context.user.email };
+        }
         metadata = { ...metadata, sharing: newSharing };
         metadataVersion++;
         notifyListeners({
@@ -1166,6 +1204,106 @@ var DefaultTransport$1 = /*#__PURE__*/Object.freeze({
     DefaultTransport: DefaultTransport
 });
+const SVAMP_TOOLS_DIR$1 = join(homedir(), ".svamp", "tools");
+const SVAMP_TOOLS_BIN$1 = join(SVAMP_TOOLS_DIR$1, "node_modules", ".bin");
+const SVAMP_TOOLS_RG_BIN$1 = join(SVAMP_TOOLS_DIR$1, "node_modules", "@vscode", "ripgrep", "bin");
+function wrapWithIsolation(originalCommand, originalArgs, config) {
+  switch (config.method) {
+    case "srt":
+      return wrapWithSrt(originalCommand, originalArgs, config);
+    case "bwrap":
+      return wrapWithBwrap(originalCommand, originalArgs, config);
+    case "docker":
+      return wrapWithContainer("docker", originalCommand, originalArgs, config);
+    case "podman":
+      return wrapWithContainer("podman", originalCommand, originalArgs, config);
+  }
+}
+function wrapWithSrt(command, args, config) {
+  const settings = {
+    filesystem: {
+      denyRead: config.srtConfig?.filesystem?.denyRead ?? [],
+      allowWrite: config.srtConfig?.filesystem?.allowWrite ?? [config.workspacePath],
+      denyWrite: config.srtConfig?.filesystem?.denyWrite ?? []
+    },
+    network: {
+      allowedDomains: config.srtConfig?.network?.allowedDomains ?? [],
+      deniedDomains: config.srtConfig?.network?.deniedDomains ?? []
+    }
+  };
+  const settingsPath = join(tmpdir(), `srt-settings-${process.pid}-${Date.now()}.json`);
+  writeFileSync(settingsPath, JSON.stringify(settings));
+  const pathParts = [SVAMP_TOOLS_BIN$1, SVAMP_TOOLS_RG_BIN$1];
+  if (process.env.PATH) pathParts.push(process.env.PATH);
+  return {
+    command: config.binaryPath,
+    args: ["--settings", settingsPath, command, ...args],
+    env: { PATH: pathParts.join(":") },
+    cleanupFiles: [settingsPath]
+  };
+}
+function wrapWithBwrap(command, args, config) {
+  const bwrapArgs = [
+    // Mount root filesystem read-only
+    "--ro-bind",
+    "/",
+    "/",
+    // Mount workspace read-write
+    "--bind",
+    config.workspacePath,
+    config.workspacePath,
+    // Mount /tmp read-write (many tools need it)
+    "--bind",
+    "/tmp",
+    "/tmp",
+    // Mount /dev read-write
+    "--dev",
+    "/dev",
+    // Mount /proc
+    "--proc",
+    "/proc",
+    // Unshare network — no network access inside sandbox
+    "--unshare-net",
+    // Unshare PID namespace
+    "--unshare-pid",
+    // Die when parent dies
+    "--die-with-parent",
+    // The actual command
+    "--",
+    command,
+    ...args
+  ];
+  return {
+    command: config.binaryPath,
+    args: bwrapArgs
+  };
+}
+function wrapWithContainer(runtime, command, args, config) {
+  const image = config.containerConfig?.image || "node:lts-slim";
+  const networkMode = config.containerConfig?.networkMode || "none";
+  const containerArgs = [
+    "run",
+    "--rm",
+    "-i",
+    // interactive (for stdin/stdout piping)
+    `--network=${networkMode}`,
+    "-v",
+    `${config.workspacePath}:${config.workspacePath}`,
+    "-w",
+    config.workspacePath
+  ];
+  if (config.containerConfig?.extraMounts) {
+    for (const mount of config.containerConfig.extraMounts) {
+      containerArgs.push("-v", mount);
+    }
+  }
+  containerArgs.push(image, command, ...args);
+  return {
+    command: config.binaryPath,
+    args: containerArgs
+  };
+}
 const DEFAULT_IDLE_TIMEOUT_MS = 500;
 const DEFAULT_TOOL_CALL_TIMEOUT_MS = 12e4;
 function parseArgsFromContent(content) {
@@ -1484,21 +1622,41 @@ class AcpBackend {
     let startupStatusErrorEmitted = false;
     try {
       const args = this.options.args || [];
+      let spawnCommand = this.options.command;
+      let spawnArgs = args;
+      let isoEnv = {};
+      let isoCleanupFiles = [];
+      if (this.options.isolationConfig) {
+        const wrapped = wrapWithIsolation(spawnCommand, spawnArgs, this.options.isolationConfig);
+        spawnCommand = wrapped.command;
+        spawnArgs = wrapped.args;
+        if (wrapped.env) isoEnv = wrapped.env;
+        if (wrapped.cleanupFiles) isoCleanupFiles = wrapped.cleanupFiles;
+        this.log(`[ACP] Isolation: ${this.options.isolationConfig.method}`);
+      }
+      const spawnEnv = { ...process.env, ...this.options.env, ...isoEnv };
       if (process.platform === "win32") {
-        const fullCommand = [this.options.command, ...args].join(" ");
+        const fullCommand = [spawnCommand, ...spawnArgs].join(" ");
         this.process = spawn("cmd.exe", ["/c", fullCommand], {
           cwd: this.options.cwd,
-          env: { ...process.env, ...this.options.env },
+          env: spawnEnv,
           stdio: ["pipe", "pipe", "pipe"],
           windowsHide: true
         });
       } else {
-        this.process = spawn(this.options.command, args, {
+        this.process = spawn(spawnCommand, spawnArgs, {
           cwd: this.options.cwd,
-          env: { ...process.env, ...this.options.env },
+          env: spawnEnv,
           stdio: ["pipe", "pipe", "pipe"]
         });
       }
+      if (isoCleanupFiles.length > 0) {
+        this.process.on("exit", async () => {
+          const { rm } = await import('node:fs/promises');
+          for (const f of isoCleanupFiles) rm(f, { force: true }).catch(() => {
+          });
+        });
+      }
       if (!this.process.stdin || !this.process.stdout || !this.process.stderr) {
         throw new Error("Failed to create stdio pipes");
       }
@@ -2111,15 +2269,15 @@ function bridgeAcpToSession(backend, sessionService, getMetadata, setMetadata, l
           setMetadata((m) => ({ ...m, lifecycleState: "running" }));
         } else if (msg.status === "error") {
           flushText();
-          sessionService.pushMessage({
-            type: "assistant",
-            content: [{ type: "text", text: `Error: ${msg.detail || "Unknown error"}` }]
-          }, "agent");
-          sessionService.sendKeepAlive(false);
+          sessionService.pushMessage(
+            { type: "message", message: `Agent process exited unexpectedly: ${msg.detail || "Unknown error"}` },
+            "event"
+          );
+          sessionService.sendSessionEnd();
           setMetadata((m) => ({ ...m, lifecycleState: "error" }));
         } else if (msg.status === "stopped") {
           flushText();
-          sessionService.sendKeepAlive(false);
+          sessionService.sendSessionEnd();
           setMetadata((m) => ({ ...m, lifecycleState: "stopped" }));
         }
         break;
@@ -2274,6 +2432,8 @@ class CodexMcpBackend {
   connected = false;
   // Pending elicitation approvals
   pendingApprovals = /* @__PURE__ */ new Map();
+  // Temp files from isolation wrapping (cleaned up on disconnect)
+  _isolationCleanupFiles = [];
   constructor(options) {
     this.options = options;
     this.log = options.log || (() => {
@@ -2416,9 +2576,21 @@ class CodexMcpBackend {
     } else if (!existingRustLog.includes("codex_core::rollout::list=")) {
       env.RUST_LOG = `${existingRustLog},${rolloutFilter}`;
     }
+    let transportCommand = "codex";
+    let transportArgs = [mcpCommand];
+    if (this.options.isolationConfig) {
+      const wrapped = wrapWithIsolation(transportCommand, transportArgs, this.options.isolationConfig);
+      transportCommand = wrapped.command;
+      transportArgs = wrapped.args;
+      if (wrapped.env) Object.assign(env, wrapped.env);
+      if (wrapped.cleanupFiles) {
+        this._isolationCleanupFiles = wrapped.cleanupFiles;
+      }
+      this.log(`[Codex] Isolation: ${this.options.isolationConfig.method}`);
+    }
     this.transport = new StdioClientTransport({
-      command: "codex",
-      args: [mcpCommand],
+      command: transportCommand,
+      args: transportArgs,
       env
     });
     this.registerPermissionHandlers();
@@ -2455,6 +2627,12 @@ class CodexMcpBackend {
     }
     this.transport = null;
     this.connected = false;
+    if (this._isolationCleanupFiles.length > 0) {
+      const { rm } = await import('node:fs/promises');
+      for (const f of this._isolationCleanupFiles) rm(f, { force: true }).catch(() => {
+      });
+      this._isolationCleanupFiles = [];
+    }
   }
   // ── Permission handling ────────────────────────────────────────────
   registerPermissionHandlers() {
@@ -3514,8 +3692,19 @@ async function startDaemon() {
               proc.kill(signal);
             }
           });
+        }, buildIsolationConfig2 = function(dir) {
+          if (!sessionMetadata.sharing?.enabled) return null;
+          const method = isolationCapabilities.preferred;
+          if (!method) return null;
+          const detail = isolationCapabilities.details[method];
+          if (!detail.found || detail.verified === false) return null;
+          return {
+            method,
+            binaryPath: detail.path || method,
+            workspacePath: dir
+          };
         };
-        var parseBashPermission = parseBashPermission2, shouldAutoAllow = shouldAutoAllow2, killAndWaitForExit = killAndWaitForExit2;
+        var parseBashPermission = parseBashPermission2, shouldAutoAllow = shouldAutoAllow2, killAndWaitForExit = killAndWaitForExit2, buildIsolationConfig = buildIsolationConfig2;
         let sessionMetadata = {
           path: directory,
           host: os.hostname(),
@@ -3568,6 +3757,7 @@ async function startDaemon() {
           "auto-approve-all": "bypassPermissions"
         };
         const toClaudePermissionMode = (mode) => CLAUDE_PERMISSION_MODE_MAP[mode] || mode;
+        let isolationCleanupFiles = [];
         const spawnClaude = (initialMessage, meta) => {
           const rawPermissionMode = meta?.permissionMode || agentConfig.default_permission_mode || currentPermissionMode;
           const permissionMode = toClaudePermissionMode(rawPermissionMode);
@@ -3588,10 +3778,26 @@ async function startDaemon() {
           if (model) args.push("--model", model);
           if (appendSystemPrompt) args.push("--append-system-prompt", appendSystemPrompt);
           if (claudeResumeId) args.push("--resume", claudeResumeId);
-          logger.log(`[Session ${sessionId}] Spawning Claude: claude ${args.join(" ")} (cwd: ${directory})`);
-          const spawnEnv = { ...process.env };
+          let spawnCommand = "claude";
+          let spawnArgs = args;
+          let extraEnv = {};
+          isolationCleanupFiles = [];
+          const isoConfig = buildIsolationConfig2(directory);
+          if (isoConfig) {
+            const wrapped = wrapWithIsolation(spawnCommand, spawnArgs, isoConfig);
+            spawnCommand = wrapped.command;
+            spawnArgs = wrapped.args;
+            if (wrapped.env) extraEnv = wrapped.env;
+            if (wrapped.cleanupFiles) isolationCleanupFiles = wrapped.cleanupFiles;
+            sessionMetadata = { ...sessionMetadata, isolationMethod: isoConfig.method };
+            logger.log(`[Session ${sessionId}] Isolation: ${isoConfig.method} (binary: ${isoConfig.binaryPath})`);
+          } else {
+            sessionMetadata = { ...sessionMetadata, isolationMethod: void 0 };
+          }
+          logger.log(`[Session ${sessionId}] Spawning Claude: ${spawnCommand} ${spawnArgs.join(" ")} (cwd: ${directory})`);
+          const spawnEnv = { ...process.env, ...extraEnv };
           delete spawnEnv.CLAUDECODE;
-          const child = spawn$1("claude", args, {
+          const child = spawn$1(spawnCommand, spawnArgs, {
             cwd: directory,
             stdio: ["pipe", "pipe", "pipe"],
             env: spawnEnv,
@@ -3601,17 +3807,11 @@ async function startDaemon() {
           logger.log(`[Session ${sessionId}] Claude PID: ${child.pid}, stdin: ${!!child.stdin}, stdout: ${!!child.stdout}, stderr: ${!!child.stderr}`);
           child.on("error", (err) => {
             logger.log(`[Session ${sessionId}] Claude process error: ${err.message}`);
-            sessionService.pushMessage({
-              type: "assistant",
-              content: [{
-                type: "text",
-                text: `Error: Failed to start Claude Code CLI: ${err.message}
-Please ensure Claude Code CLI is installed on this machine. You can install it with:
-\`npm install -g @anthropic-ai/claude-code\``
-              }]
-            }, "agent");
-            sessionService.sendKeepAlive(false);
+            sessionService.pushMessage(
+              { type: "message", message: `Agent process exited unexpectedly: ${err.message}. Please ensure Claude Code CLI is installed.` },
+              "event"
+            );
+            sessionService.sendSessionEnd();
           });
           let stdoutBuffer = "";
           let lastErrorMessagePushed = false;
@@ -3805,25 +4005,25 @@ Please ensure Claude Code CLI is installed on this machine. You can install it w
           child.on("exit", (code, signal) => {
             logger.log(`[Session ${sessionId}] Claude exited: code=${code}, signal=${signal}`);
             claudeProcess = null;
+            for (const f of isolationCleanupFiles) {
+              fs.rm(f, { force: true }).catch(() => {
+              });
+            }
+            isolationCleanupFiles = [];
             for (const [id, pending] of pendingPermissions) {
               pending.resolve({ behavior: "deny", message: "Claude process exited" });
             }
             pendingPermissions.clear();
             if (code !== 0 && code !== null && !lastErrorMessagePushed) {
-              sessionService.pushMessage({
-                type: "assistant",
-                content: [{
-                  type: "text",
-                  text: `Error: Claude process exited with code ${code}${signal ? ` (signal: ${signal})` : ""}.
-This may indicate that Claude Code CLI is not properly installed or configured.`
-                }]
-              }, "agent");
+              sessionService.pushMessage(
+                { type: "message", message: `Agent process exited unexpectedly (code ${code}${signal ? `, signal: ${signal}` : ""})` },
+                "event"
+              );
             }
             lastErrorMessagePushed = false;
             sessionMetadata = { ...sessionMetadata, lifecycleState: claudeResumeId ? "idle" : "stopped" };
             sessionService.updateMetadata(sessionMetadata);
-            sessionService.sendKeepAlive(false);
+            sessionService.sendSessionEnd();
             if (claudeResumeId && !trackedSession.stopped) {
               saveSession({
                 sessionId,
@@ -3847,6 +4047,30 @@ This may indicate that Claude Code CLI is not properly installed or configured.`
           }
           return child;
         };
+        const restartClaudeHandler = async () => {
+          logger.log(`[Session ${sessionId}] Restart Claude requested`);
+          try {
+            if (claudeProcess && claudeProcess.exitCode === null) {
+              isKillingClaude = true;
+              sessionMetadata = { ...sessionMetadata, lifecycleState: "restarting" };
+              sessionService.updateMetadata(sessionMetadata);
+              await killAndWaitForExit2(claudeProcess);
+              isKillingClaude = false;
+            }
+            if (claudeResumeId) {
+              spawnClaude(void 0, { permissionMode: currentPermissionMode });
+              logger.log(`[Session ${sessionId}] Claude respawned with --resume ${claudeResumeId}`);
+              return { success: true, message: "Claude process restarted successfully." };
+            } else {
+              logger.log(`[Session ${sessionId}] No resume ID \u2014 cannot restart`);
+              return { success: false, message: "No session to resume. Send a message to start a new session." };
+            }
+          } catch (err) {
+            isKillingClaude = false;
+            logger.log(`[Session ${sessionId}] Restart failed: ${err.message}`);
+            return { success: false, message: `Restart failed: ${err.message}` };
+          }
+        };
         const sessionService = await registerSessionService(
           server,
           sessionId,
@@ -3944,30 +4168,7 @@ This may indicate that Claude Code CLI is not properly installed or configured.`
                 spawnClaude(void 0, { permissionMode: mode });
               }
             },
-            onRestartClaude: async () => {
-              logger.log(`[Session ${sessionId}] Restart Claude requested`);
-              try {
-                if (claudeProcess && claudeProcess.exitCode === null) {
-                  isKillingClaude = true;
-                  sessionMetadata = { ...sessionMetadata, lifecycleState: "restarting" };
-                  sessionService.updateMetadata(sessionMetadata);
-                  await killAndWaitForExit2(claudeProcess);
-                  isKillingClaude = false;
-                }
-                if (claudeResumeId) {
-                  spawnClaude(void 0, { permissionMode: currentPermissionMode });
-                  logger.log(`[Session ${sessionId}] Claude respawned with --resume ${claudeResumeId}`);
-                  return { success: true, message: "Claude process restarted successfully." };
-                } else {
-                  logger.log(`[Session ${sessionId}] No resume ID \u2014 cannot restart`);
-                  return { success: false, message: "No session to resume. Send a message to start a new session." };
-                }
-              } catch (err) {
-                isKillingClaude = false;
-                logger.log(`[Session ${sessionId}] Restart failed: ${err.message}`);
-                return { success: false, message: `Restart failed: ${err.message}` };
-              }
-            },
+            onRestartClaude: restartClaudeHandler,
             onKillSession: () => {
               logger.log(`[Session ${sessionId}] Kill session requested`);
               stopSession(sessionId);
@@ -4315,12 +4516,27 @@ This may indicate that Claude Code CLI is not properly installed or configured.`
           logger
         );
         const permissionHandler = new HyphaPermissionHandler(shouldAutoAllow2, logger.log);
+        let agentIsoConfig;
+        if (sessionMetadata.sharing?.enabled && isolationCapabilities.preferred) {
+          const method = isolationCapabilities.preferred;
+          const detail = isolationCapabilities.details[method];
+          if (detail.found && detail.verified !== false) {
+            agentIsoConfig = {
+              method,
+              binaryPath: detail.path || method,
+              workspacePath: directory
+            };
+            sessionMetadata = { ...sessionMetadata, isolationMethod: method };
+            logger.log(`[Agent Session ${sessionId}] Isolation: ${method}`);
+          }
+        }
         let agentBackend;
         if (KNOWN_MCP_AGENTS[agentName]) {
           agentBackend = new CodexMcpBackend({
             cwd: directory,
             env: options.environmentVariables,
-            log: logger.log
+            log: logger.log,
+            isolationConfig: agentIsoConfig
           });
         } else {
           const transportHandler = agentName === "gemini" ? new GeminiTransport() : new DefaultTransport(agentName);
@@ -4333,7 +4549,8 @@ This may indicate that Claude Code CLI is not properly installed or configured.`
             env: options.environmentVariables,
             permissionHandler,
             transportHandler,
-            log: logger.log
+            log: logger.log,
+            isolationConfig: agentIsoConfig
           });
         }
         bridgeAcpToSession(
@@ -4365,16 +4582,11 @@ This may indicate that Claude Code CLI is not properly installed or configured.`
           logger.log(`[Agent Session ${sessionId}] ${agentName} backend started, waiting for first message`);
         }).catch((err) => {
           logger.error(`[Agent Session ${sessionId}] Failed to start ${agentName}:`, err);
-          sessionService.pushMessage({
-            type: "assistant",
-            content: [{
-              type: "text",
-              text: `Error: Failed to start ${agentName} agent: ${err.message}
-Please ensure the ${agentName} CLI is installed.`
-            }]
-          }, "agent");
-          sessionService.sendKeepAlive(false);
+          sessionService.pushMessage(
+            { type: "message", message: `Agent process exited unexpectedly: ${err.message}. Please ensure the ${agentName} CLI is installed.` },
+            "event"
+          );
+          sessionService.sendSessionEnd();
         });
         return {
           type: "success",
@@ -4411,6 +4623,17 @@ Please ensure the ${agentName} CLI is installed.`
       logger.log(`Session ${sessionId} not found`);
       return false;
     };
+    const restartSession = async (sessionId) => {
+      for (const session of pidToTrackedSession.values()) {
+        if (session.svampSessionId === sessionId && !session.stopped) {
+          if (session.restartAgent) {
+            return await session.restartAgent();
+          }
+          return { success: false, message: "This session does not support restart." };
+        }
+      }
+      return { success: false, message: `Session ${sessionId} not found or already stopped.` };
+    };
     let isolationCapabilities;
     try {
       isolationCapabilities = await detectIsolationCapabilities();
@@ -4435,48 +4658,6 @@ Please ensure the ${agentName} CLI is installed.`
       pid: process.pid,
       startedAt: Date.now()
     };
-    const recoverSessionsLive = async () => {
-      const activeSessionIds = new Set(
-        Array.from(pidToTrackedSession.values()).map((s) => s.svampSessionId).filter(Boolean)
-      );
-      const index = loadSessionIndex();
-      const result = { recovered: 0, failed: 0, alreadyActive: 0, details: [] };
-      for (const [sessionId, entry] of Object.entries(index)) {
-        if (activeSessionIds.has(sessionId)) {
-          result.alreadyActive++;
-          result.details.push({ sessionId, directory: entry.directory, status: "active" });
-          continue;
-        }
-        const sessionFile = getSessionFilePath(entry.directory, sessionId);
-        if (!existsSync$1(sessionFile)) continue;
-        try {
-          const data = JSON.parse(readFileSync$1(sessionFile, "utf-8"));
-          if (!data.sessionId || !data.directory) continue;
-          if (!data.stopped) continue;
-          delete data.stopped;
-          writeFileSync$1(sessionFile, JSON.stringify(data, null, 2), "utf-8");
-          const spawnResult = await spawnSession({
-            directory: data.directory,
-            sessionId: data.sessionId,
-            resumeSessionId: data.claudeResumeId
-          });
-          if (spawnResult.type === "success") {
-            result.recovered++;
-            result.details.push({ sessionId: data.sessionId, directory: data.directory, status: "recovered" });
-            logger.log(`[RECOVER] Restored session ${data.sessionId} (${data.directory})`);
-          } else {
-            result.failed++;
-            result.details.push({ sessionId: data.sessionId, directory: data.directory, status: "failed", error: spawnResult.errorMessage });
-            logger.log(`[RECOVER] Failed to restore session ${data.sessionId}: ${spawnResult.errorMessage}`);
-          }
-        } catch (err) {
-          result.failed++;
-          result.details.push({ sessionId, directory: entry.directory, status: "failed", error: err.message });
-        }
-      }
-      logger.log(`[RECOVER] Done: ${result.recovered} recovered, ${result.failed} failed, ${result.alreadyActive} already active`);
-      return result;
-    };
     const machineService = await registerMachineService(
       server,
       machineId,
@@ -4485,9 +4666,9 @@ Please ensure the ${agentName} CLI is installed.`
       {
         spawnSession,
         stopSession,
+        restartSession,
         requestShutdown: () => requestShutdown("hypha-app"),
-        getTrackedSessions: getCurrentChildren,
-        recoverSessions: recoverSessionsLive
+        getTrackedSessions: getCurrentChildren
       }
     );
     logger.log(`Machine service registered: svamp-machine-${machineId}`);
@@ -4791,34 +4972,5 @@ function daemonStatus() {
     cleanupDaemonStateFile();
   }
 }
-function recoverSessions() {
-  const index = loadSessionIndex();
-  let recovered = 0;
-  let alreadyActive = 0;
-  for (const [sessionId, entry] of Object.entries(index)) {
-    const sessionFile = getSessionFilePath(entry.directory, sessionId);
-    if (!existsSync$1(sessionFile)) continue;
-    try {
-      const data = JSON.parse(readFileSync$1(sessionFile, "utf-8"));
-      if (!data.sessionId || !data.directory) continue;
-      if (data.stopped) {
-        delete data.stopped;
-        writeFileSync$1(sessionFile, JSON.stringify(data, null, 2), "utf-8");
-        console.log(`  Recovered: ${data.sessionId} (${data.directory})`);
-        recovered++;
-      } else {
-        alreadyActive++;
-      }
-    } catch {
-    }
-  }
-  console.log(`
-Recovery complete: ${recovered} session(s) recovered, ${alreadyActive} already active.`);
-  console.log(`Sessions index has ${Object.keys(index).length} total session(s).`);
-  if (recovered > 0) {
-    console.log(`
-Restart the daemon to restore them: svamp daemon stop && svamp daemon start`);
-  }
-}
-export { DefaultTransport$1 as D, GeminiTransport$1 as G, registerSessionService as a, stopDaemon as b, recoverSessions as c, daemonStatus as d, acpBackend as e, acpAgentConfig as f, registerMachineService as r, startDaemon as s };
+export { DefaultTransport$1 as D, GeminiTransport$1 as G, registerSessionService as a, stopDaemon as b, connectToHypha as c, daemonStatus as d, acpBackend as e, acpAgentConfig as f, getHyphaServerUrl as g, registerMachineService as r, startDaemon as s };