svamp-cli 0.1.43 → 0.1.46

package/dist/commands-8Xn02pQg.mjs

@@ -0,0 +1,1217 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { resolve, join } from 'node:path';
+import os from 'node:os';
+import { l as loadSecurityContextConfig, e as resolveSecurityContext, f as buildSecurityContextFromFlags, m as mergeSecurityContexts, c as connectToHypha } from './run-Dfl3Ze2L.mjs';
+import 'os';
+import 'fs/promises';
+import 'fs';
+import 'path';
+import 'url';
+import 'child_process';
+import 'crypto';
+import 'node:crypto';
+import 'node:child_process';
+import '@agentclientprotocol/sdk';
+import '@modelcontextprotocol/sdk/client/index.js';
+import '@modelcontextprotocol/sdk/client/stdio.js';
+import '@modelcontextprotocol/sdk/types.js';
+import 'zod';
+import 'node:fs/promises';
+import 'node:util';
+
+function toMarkdownInline(value) {
+  const escaped = value.replace(/`/g, "\\`");
+  return `\`${escaped}\``;
+}
+function formatSessionStatus(data) {
+  const lines = [
+    "## Session Status",
+    "",
+    `- Session ID: ${toMarkdownInline(data.sessionId)}`,
+    `- Agent: ${data.flavor}`
+  ];
+  if (data.name) lines.push(`- Name: ${data.name}`);
+  if (data.summary) lines.push(`- Summary: ${data.summary}`);
+  if (data.path) lines.push(`- Path: ${data.path}`);
+  if (data.host) lines.push(`- Host: ${data.host}`);
+  if (data.lifecycleState) lines.push(`- Lifecycle: ${data.lifecycleState}`);
+  lines.push(`- Active: ${data.active ? "yes" : "no"}`);
+  lines.push(`- Thinking: ${data.thinking ? "yes" : "no"}`);
+  lines.push(`- Agent Status: ${data.active ? "busy" : "idle"}`);
+  if (data.startedBy) lines.push(`- Started By: ${data.startedBy}`);
+  if (data.claudeSessionId) lines.push(`- Claude Session: ${data.claudeSessionId}`);
+  if (data.sessionLink) lines.push(`- Link: ${data.sessionLink}`);
+  return lines.join("\n");
+}
+function formatJson(data) {
+  return JSON.stringify(data, null, 2);
+}
+
+const SVAMP_HOME = process.env.SVAMP_HOME || join(os.homedir(), ".svamp");
+const DAEMON_STATE_FILE = join(SVAMP_HOME, "daemon.state.json");
+const ENV_FILE = join(SVAMP_HOME, ".env");
+function loadDotEnv() {
+  if (!existsSync(ENV_FILE)) return;
+  const lines = readFileSync(ENV_FILE, "utf-8").split("\n");
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#")) continue;
+    const eqIdx = trimmed.indexOf("=");
+    if (eqIdx === -1) continue;
+    const key = trimmed.slice(0, eqIdx).trim();
+    const value = trimmed.slice(eqIdx + 1).trim().replace(/^["']|["']$/g, "");
+    if (!process.env[key]) {
+      process.env[key] = value;
+    }
+  }
+}
+function readDaemonState() {
+  if (!existsSync(DAEMON_STATE_FILE)) return null;
+  try {
+    return JSON.parse(readFileSync(DAEMON_STATE_FILE, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+function isDaemonAlive(state) {
+  try {
+    process.kill(state.pid, 0);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function connectAndGetMachine(machineId) {
+  loadDotEnv();
+  const state = readDaemonState();
+  if (!state || !isDaemonAlive(state)) {
+    console.error('Daemon is not running. Start it with "svamp daemon start".');
+    process.exit(1);
+  }
+  const serverUrl = process.env.HYPHA_SERVER_URL || state.hyphaServerUrl;
+  const token = process.env.HYPHA_TOKEN;
+  if (!serverUrl) {
+    console.error('No Hypha server URL. Run "svamp login <url>" first.');
+    process.exit(1);
+  }
+  const origLog = console.log;
+  const origWarn = console.warn;
+  const origInfo = console.info;
+  const origError = console.error;
+  const stdoutWrite = process.stdout.write.bind(process.stdout);
+  const stderrWrite = process.stderr.write.bind(process.stderr);
+  const isHyphaLog = (chunk) => typeof chunk === "string" && (chunk.includes("WebSocket connection") || chunk.includes("Connection established") || chunk.includes("registering service built-in") || chunk.includes("registered service") || chunk.includes("registered all") || chunk.includes("Subscribing to client_") || chunk.includes("subscribed to client_") || chunk.includes("subscribe to client_") || chunk.includes("Cleaning up all sessions") || chunk.includes("WebSocket connection disconnected") || chunk.includes("local RPC disconnection") || chunk.includes("Timeout registering service") || chunk.includes("Failed to subscribe to client_disconnected") || chunk.includes("Timeout subscribing to client_disconnected"));
+  console.log = () => {
+  };
+  console.warn = () => {
+  };
+  console.info = () => {
+  };
+  console.error = (...args) => {
+    if (args.some((a) => isHyphaLog(a))) return;
+    origError(...args);
+  };
+  process.stdout.write = (chunk, ...args) => {
+    if (isHyphaLog(chunk)) return true;
+    return stdoutWrite(chunk, ...args);
+  };
+  process.stderr.write = (chunk, ...args) => {
+    if (isHyphaLog(chunk)) return true;
+    return stderrWrite(chunk, ...args);
+  };
+  const restoreConsole = () => {
+    console.log = origLog;
+    console.warn = origWarn;
+    console.info = origInfo;
+    console.error = origError;
+  };
+  let server;
+  try {
+    server = await connectToHypha({
+      serverUrl,
+      token,
+      name: "svamp-session-cli"
+    });
+  } catch (err) {
+    restoreConsole();
+    console.error(`Failed to connect to Hypha: ${err.message}`);
+    process.exit(1);
+  }
+  let machine;
+  try {
+    const services = await server.listServices({ query: { type: "svamp-machine" }, include_unlisted: true, _rkwargs: true });
+    if (services.length === 0) {
+      restoreConsole();
+      console.error("No machine service found. Is the daemon registered on Hypha?");
+      await server.disconnect();
+      process.exit(1);
+    }
+    let selectedService;
+    if (machineId) {
+      const exact = services.find((s) => (s.id || s.name) === machineId);
+      if (exact) {
+        selectedService = exact;
+      } else {
+        const prefixMatches = services.filter((s) => {
+          const id = s.id || s.name;
+          return id.startsWith(machineId);
+        });
+        if (prefixMatches.length === 1) {
+          selectedService = prefixMatches[0];
+        } else if (prefixMatches.length === 0) {
+          const substringMatches = services.filter((s) => {
+            const id = s.id || s.name || "";
+            return id.includes(machineId);
+          });
+          if (substringMatches.length === 1) {
+            selectedService = substringMatches[0];
+          } else {
+            restoreConsole();
+            console.error(`No machine found matching: ${machineId}`);
+            console.error("Available machines:");
+            for (const s of services) {
+              console.error(`  ${s.id || s.name}`);
+            }
+            await server.disconnect();
+            process.exit(1);
+          }
+        } else {
+          restoreConsole();
+          console.error(`Ambiguous machine ID "${machineId}". Matches:`);
+          for (const s of prefixMatches) {
+            console.error(`  ${s.id || s.name}`);
+          }
+          await server.disconnect();
+          process.exit(1);
+        }
+      }
+    } else {
+      if (state.hyphaClientId) {
+        const localMatch = services.find((s) => {
+          const id = s.id || s.name || "";
+          return id.includes(state.hyphaClientId);
+        });
+        selectedService = localMatch || services[0];
+      } else if (state.machineId) {
+        const localMatch = services.find((s) => {
+          const id = s.id || s.name || "";
+          return id.includes(state.machineId);
+        });
+        selectedService = localMatch || services[0];
+      } else {
+        selectedService = services[0];
+      }
+    }
+    const svcId = selectedService.id || selectedService.name;
+    machine = await server.getService(svcId);
+  } catch (err) {
+    restoreConsole();
+    console.error(`Failed to discover machine service: ${err.message}`);
+    await server.disconnect();
+    process.exit(1);
+  }
+  restoreConsole();
+  return { server, machine };
+}
+async function connectAndGetAllMachines() {
+  loadDotEnv();
+  const state = readDaemonState();
+  if (!state || !isDaemonAlive(state)) {
+    console.error('Daemon is not running. Start it with "svamp daemon start".');
+    process.exit(1);
+  }
+  const serverUrl = process.env.HYPHA_SERVER_URL || state.hyphaServerUrl;
+  const token = process.env.HYPHA_TOKEN;
+  if (!serverUrl) {
+    console.error('No Hypha server URL. Run "svamp login <url>" first.');
+    process.exit(1);
+  }
+  const origLog = console.log;
+  const origWarn = console.warn;
+  const origInfo = console.info;
+  const origError = console.error;
+  const stdoutWrite = process.stdout.write.bind(process.stdout);
+  const stderrWrite = process.stderr.write.bind(process.stderr);
+  const isHyphaLog = (chunk) => typeof chunk === "string" && (chunk.includes("WebSocket connection") || chunk.includes("Connection established") || chunk.includes("registering service built-in") || chunk.includes("registered service") || chunk.includes("registered all") || chunk.includes("Subscribing to client_") || chunk.includes("subscribed to client_") || chunk.includes("subscribe to client_") || chunk.includes("Cleaning up all sessions") || chunk.includes("WebSocket connection disconnected") || chunk.includes("local RPC disconnection") || chunk.includes("Timeout registering service") || chunk.includes("Failed to subscribe to client_disconnected") || chunk.includes("Timeout subscribing to client_disconnected"));
+  console.log = () => {
+  };
+  console.warn = () => {
+  };
+  console.info = () => {
+  };
+  console.error = (...args) => {
+    if (!args.some((a) => isHyphaLog(a))) origError(...args);
+  };
+  process.stdout.write = (chunk, ...args) => {
+    if (isHyphaLog(chunk)) return true;
+    return stdoutWrite(chunk, ...args);
+  };
+  process.stderr.write = (chunk, ...args) => {
+    if (isHyphaLog(chunk)) return true;
+    return stderrWrite(chunk, ...args);
+  };
+  const restoreConsole = () => {
+    console.log = origLog;
+    console.warn = origWarn;
+    console.info = origInfo;
+    console.error = origError;
+  };
+  let server;
+  try {
+    server = await connectToHypha({ serverUrl, token, name: "svamp-session-cli" });
+  } catch (err) {
+    restoreConsole();
+    console.error(`Failed to connect to Hypha: ${err.message}`);
+    process.exit(1);
+  }
+  const machines = [];
+  try {
+    const services = await server.listServices({ query: { type: "svamp-machine" }, include_unlisted: true, _rkwargs: true });
+    for (const svc of services) {
+      try {
+        const svcId = svc.id || svc.name;
+        machines.push(await server.getService(svcId));
+      } catch {
+      }
+    }
+  } catch (err) {
+    restoreConsole();
+    console.error(`Failed to discover machine services: ${err.message}`);
+    await server.disconnect();
+    process.exit(1);
+  }
+  restoreConsole();
+  if (machines.length === 0) {
+    console.error("No machine service found. Is the daemon registered on Hypha?");
+    await server.disconnect();
+    process.exit(1);
+  }
+  return { server, machines };
+}
+async function sessionMachines() {
+  loadDotEnv();
+  const state = readDaemonState();
+  if (!state || !isDaemonAlive(state)) {
+    console.error('Daemon is not running. Start it with "svamp daemon start".');
+    process.exit(1);
+  }
+  const serverUrl = process.env.HYPHA_SERVER_URL || state.hyphaServerUrl;
+  const token = process.env.HYPHA_TOKEN;
+  if (!serverUrl) {
+    console.error('No Hypha server URL. Run "svamp login <url>" first.');
+    process.exit(1);
+  }
+  const origLog = console.log;
+  const origWarn = console.warn;
+  const origInfo = console.info;
+  const origError = console.error;
+  const stdoutWrite = process.stdout.write.bind(process.stdout);
+  const stderrWrite = process.stderr.write.bind(process.stderr);
+  const isHyphaLog = (chunk) => typeof chunk === "string" && (chunk.includes("WebSocket connection") || chunk.includes("Connection established") || chunk.includes("registering service built-in") || chunk.includes("registered service") || chunk.includes("registered all") || chunk.includes("Subscribing to client_") || chunk.includes("subscribed to client_") || chunk.includes("subscribe to client_") || chunk.includes("Cleaning up all sessions") || chunk.includes("WebSocket connection disconnected") || chunk.includes("local RPC disconnection") || chunk.includes("Timeout registering service") || chunk.includes("Failed to subscribe to client_disconnected") || chunk.includes("Timeout subscribing to client_disconnected"));
+  console.log = () => {
+  };
+  console.warn = () => {
+  };
+  console.info = () => {
+  };
+  console.error = (...args) => {
+    if (args.some((a) => isHyphaLog(a))) return;
+    origError(...args);
+  };
+  process.stdout.write = (chunk, ...args) => {
+    if (isHyphaLog(chunk)) return true;
+    return stdoutWrite(chunk, ...args);
+  };
+  process.stderr.write = (chunk, ...args) => {
+    if (isHyphaLog(chunk)) return true;
+    return stderrWrite(chunk, ...args);
+  };
+  const restoreConsole = () => {
+    console.log = origLog;
+    console.warn = origWarn;
+    console.info = origInfo;
+    console.error = origError;
+  };
+  let server;
+  try {
+    server = await connectToHypha({
+      serverUrl,
+      token,
+      name: "svamp-session-cli"
+    });
+  } catch (err) {
+    restoreConsole();
+    console.error(`Failed to connect to Hypha: ${err.message}`);
+    process.exit(1);
+  }
+  try {
+    const services = await server.listServices({ query: { type: "svamp-machine" }, include_unlisted: true, _rkwargs: true });
+    restoreConsole();
+    if (services.length === 0) {
+      console.log("No machines found.");
+      return;
+    }
+    const machines = [];
+    for (const svc of services) {
+      const svcId = svc.id || svc.name;
+      try {
+        const machineSvc = await server.getService(svcId);
+        const info = await machineSvc.getMachineInfo();
+        const sessions = await machineSvc.listSessions();
+        machines.push({
+          serviceId: svcId,
+          machineId: info.machineId || svcId,
+          displayName: info.metadata?.displayName || info.metadata?.host || "-",
+          platform: info.metadata?.platform || "-",
+          host: info.metadata?.host || "-",
+          sessions: sessions.length,
+          status: info.daemonState?.status || "unknown"
+        });
+      } catch {
+        machines.push({
+          serviceId: svcId,
+          machineId: svcId,
+          displayName: "-",
+          platform: "-",
+          host: "-",
+          sessions: -1,
+          status: "unreachable"
+        });
+      }
+    }
+    const header = `${"MACHINE ID".padEnd(20)} ${"NAME".padEnd(20)} ${"PLATFORM".padEnd(12)} ${"HOST".padEnd(25)} ${"SESSIONS".padEnd(10)} ${"STATUS"}`;
+    console.log(header);
+    console.log("-".repeat(header.length));
+    for (const m of machines) {
+      const id = truncate(m.machineId, 18).padEnd(20);
+      const name = truncate(m.displayName, 18).padEnd(20);
+      const platform = m.platform.padEnd(12);
+      const host = truncate(m.host, 23).padEnd(25);
+      const sessions = m.sessions >= 0 ? String(m.sessions).padEnd(10) : "-".padEnd(10);
+      const status = m.status === "running" ? `\x1B[32m${m.status}\x1B[0m` : m.status === "unreachable" ? `\x1B[31m${m.status}\x1B[0m` : m.status;
+      console.log(`${id} ${name} ${platform} ${host} ${sessions} ${status}`);
+    }
+    console.log(`
+${machines.length} machine(s) found.`);
+    console.log("Use --machine <id> to target a specific machine.");
+  } finally {
+    await server.disconnect();
+  }
+}
+function resolveSessionId(sessions, partial) {
+  const exact = sessions.find((s) => s.sessionId === partial);
+  if (exact) return exact;
+  const matches = sessions.filter((s) => s.sessionId.startsWith(partial));
+  if (matches.length === 1) return matches[0];
+  if (matches.length === 0) {
+    console.error(`No session found matching: ${partial}`);
+    console.error('Run "svamp session list" to see active sessions.');
+    process.exit(1);
+  }
+  console.error(`Ambiguous session ID "${partial}". Matches:`);
+  for (const s of matches) {
+    console.error(`  ${s.sessionId}`);
+  }
+  process.exit(1);
+}
+function truncate(str, max) {
+  if (str.length <= max) return str;
+  return "..." + str.slice(str.length - max + 3);
+}
+function renderMessage(msg) {
+  const content = msg.content;
+  if (!content) return;
+  const role = content.role;
+  if (role === "user") {
+    const data = content.content;
+    let text;
+    if (typeof data === "string") {
+      try {
+        const parsed = JSON.parse(data);
+        text = parsed?.text || parsed?.content?.text || data;
+      } catch {
+        text = data;
+      }
+    } else if (data?.text) {
+      text = data.text;
+    } else if (data?.type === "text") {
+      text = data.text || "";
+    } else {
+      text = typeof data === "object" ? JSON.stringify(data) : String(data || "");
+    }
+    console.log(`\x1B[36m[user]\x1B[0m ${text}`);
+  } else if (role === "agent" || role === "assistant") {
+    const data = content.content?.data || content.content;
+    if (!data) return;
+    if (data.type === "assistant" && Array.isArray(data.content)) {
+      for (const block of data.content) {
+        if (block.type === "text" && block.text) {
+          process.stdout.write(block.text);
+          if (!block.text.endsWith("\n")) process.stdout.write("\n");
+        } else if (block.type === "tool_use") {
+          const argsStr = JSON.stringify(block.input || {}).slice(0, 120);
+          console.log(`\x1B[33m[tool]\x1B[0m ${block.name}(${argsStr})`);
+        } else if (block.type === "tool_result") {
+          const resultStr = typeof block.content === "string" ? block.content : JSON.stringify(block.content || "");
+          console.log(`\x1B[90m[result]\x1B[0m ${resultStr.slice(0, 200)}${resultStr.length > 200 ? "..." : ""}`);
+        } else if (block.type === "thinking") {
+          const text = block.thinking || block.text || "";
+          if (text) console.log(`\x1B[90m[thinking] ${text.slice(0, 200)}\x1B[0m`);
+        }
+      }
+    } else if (data.type === "result") {
+      if (data.result) console.log(`\x1B[32m[done]\x1B[0m ${data.result}`);
+    } else if (data.type === "output") {
+      const inner = data.data;
+      if (inner?.type === "assistant" && Array.isArray(inner.content)) {
+        for (const block of inner.content) {
+          if (block.type === "text" && block.text) {
+            process.stdout.write(block.text);
+            if (!block.text.endsWith("\n")) process.stdout.write("\n");
+          } else if (block.type === "tool_use") {
+            const argsStr = JSON.stringify(block.input || {}).slice(0, 120);
+            console.log(`\x1B[33m[tool]\x1B[0m ${block.name}(${argsStr})`);
+          } else if (block.type === "tool_result") {
+            const resultStr = typeof block.content === "string" ? block.content : JSON.stringify(block.content || "");
+            console.log(`\x1B[90m[result]\x1B[0m ${resultStr.slice(0, 200)}${resultStr.length > 200 ? "..." : ""}`);
+          }
+        }
+      } else if (inner?.type === "result") {
+        if (inner.result) console.log(`\x1B[32m[done]\x1B[0m ${inner.result}`);
+      }
+    }
+  } else if (role === "session") {
+    const data = content.content?.data;
+    if (data?.type === "system" && data?.subtype === "init") {
+      console.log(`\x1B[90m[session init]\x1B[0m`);
+    }
+  }
+}
+function extractMessageText(msg) {
+  const content = msg.content;
+  if (!content) return null;
+  const role = content.role || "unknown";
+  let text = "";
+  if (role === "user") {
+    const data = content.content;
+    if (typeof data === "string") {
+      try {
+        const parsed = JSON.parse(data);
+        text = parsed?.text || parsed?.content?.text || data;
+      } catch {
+        text = data;
+      }
+    } else if (data?.text) {
+      text = data.text;
+    } else if (data?.type === "text") {
+      text = data.text || "";
+    } else {
+      text = typeof data === "object" ? JSON.stringify(data) : String(data || "");
+    }
+  } else if (role === "agent" || role === "assistant") {
+    const data = content.content?.data || content.content;
+    if (!data) return null;
+    if (data.type === "assistant" && Array.isArray(data.content)) {
+      const parts = [];
+      for (const block of data.content) {
+        if (block.type === "text" && block.text) {
+          parts.push(block.text);
+        } else if (block.type === "tool_use") {
+          parts.push(`[tool: ${block.name}]`);
+        }
+      }
+      text = parts.join("\n");
+    } else if (data.type === "result") {
+      text = data.result || "";
+    } else if (data.type === "output") {
+      const inner = data.data;
+      if (inner?.type === "assistant" && Array.isArray(inner.content)) {
+        const parts = [];
+        for (const block of inner.content) {
+          if (block.type === "text" && block.text) {
+            parts.push(block.text);
+          } else if (block.type === "tool_use") {
+            parts.push(`[tool: ${block.name}]`);
+          }
+        }
+        text = parts.join("\n");
+      } else if (inner?.type === "result") {
+        text = inner.result || "";
+      }
+    }
+  } else if (role === "session") {
+    text = "[session event]";
+  }
+  return {
+    id: msg.id || "",
+    seq: msg.seq || 0,
+    role,
+    text,
+    createdAt: msg.createdAt || 0
+  };
+}
+async function waitForIdle(server, sessionId, timeoutMs) {
+  const svc = await server.getService(`svamp-session-${sessionId}`);
+  const pollInterval = 2e3;
+  const deadline = Date.now() + timeoutMs;
+  while (Date.now() < deadline) {
+    const activity = await svc.getActivityState();
+    if (activity && !activity.thinking) {
+      return;
+    }
+    await new Promise((r) => setTimeout(r, pollInterval));
+  }
+  throw new Error("Timeout waiting for agent to become idle");
+}
+async function waitForBusyThenIdle(server, sessionId, timeoutMs = 3e5, busyTimeoutMs = 1e4) {
+  const svc = await server.getService(`svamp-session-${sessionId}`);
+  const pollInterval = 2e3;
+  const deadline = Date.now() + timeoutMs;
+  const busyDeadline = Date.now() + busyTimeoutMs;
+  let sawBusy = false;
+  while (Date.now() < deadline) {
+    const activity = await svc.getActivityState();
+    const isBusy = activity?.thinking === true;
+    if (isBusy) {
+      sawBusy = true;
+    }
+    if (activity && !activity.active) {
+      return;
+    }
+    if (sawBusy && !isBusy) {
+      return;
+    }
+    if (!sawBusy && Date.now() > busyDeadline) {
+      return;
+    }
+    await new Promise((r) => setTimeout(r, pollInterval));
+  }
+  throw new Error("Timeout waiting for agent to become idle");
+}
+async function sessionList(machineId, opts) {
+  if (machineId) {
+    const { server, machine } = await connectAndGetMachine(machineId);
+    try {
+      await listSessionsFromMachines(server, [machine], opts);
+    } finally {
+      await server.disconnect();
+    }
+  } else {
+    const { server, machines } = await connectAndGetAllMachines();
+    try {
+      await listSessionsFromMachines(server, machines, opts);
+    } finally {
+      await server.disconnect();
+    }
+  }
+}
+async function listSessionsFromMachines(server, machines, opts) {
+  const allSessions = [];
+  for (const machine of machines) {
+    try {
+      const info = await machine.getMachineInfo();
+      const sessions = await machine.listSessions();
+      for (const s of sessions) {
+        s.machineHost = info.metadata?.displayName || info.metadata?.host || info.machineId;
+      }
+      allSessions.push(...sessions);
+    } catch {
+    }
+  }
+  const filtered = opts?.active ? allSessions.filter((s) => s.active) : allSessions;
+  if (filtered.length === 0) {
+    if (opts?.json) {
+      console.log(formatJson([]));
+    } else {
+      console.log("No active sessions.");
+    }
+    return;
+  }
+  const enriched = [];
+  for (const s of filtered) {
+    let flavor = "claude";
+    let name = "";
+    let path = s.directory || "";
+    let host = s.machineHost || "";
+    if (s.metadata) {
+      flavor = s.metadata.flavor || "claude";
+      name = s.metadata.name || "";
+    }
+    if (s.active) {
+      try {
+        const svc = await server.getService(`svamp-session-${s.sessionId}`);
+        const { metadata } = await svc.getMetadata();
+        flavor = metadata?.flavor || flavor;
+        name = metadata?.name || name;
+        path = metadata?.path || path;
+        host = metadata?.host || host;
+      } catch {
+      }
+    }
+    enriched.push({ ...s, flavor, name, path, host });
+  }
+  if (opts?.json) {
+    console.log(formatJson(enriched.map((s) => ({
+      sessionId: s.sessionId,
+      agent: s.flavor,
+      name: s.name,
+      path: s.path,
+      host: s.host,
+      active: s.active,
+      directory: s.directory
+    }))));
+  } else {
+    const header = `${"ID".padEnd(10)} ${"AGENT".padEnd(10)} ${"STATUS".padEnd(9)} ${"NAME".padEnd(25)} ${"MACHINE".padEnd(18)} ${"DIRECTORY".padEnd(35)}`;
+    console.log(header);
+    console.log("-".repeat(header.length));
+    for (const s of enriched) {
+      const id = s.sessionId.slice(0, 8);
+      const agent = (s.flavor || "claude").padEnd(10);
+      const status = s.active ? "\x1B[32mactive\x1B[0m  " : "\x1B[90minactive\x1B[0m";
+      const name = truncate(s.name || "-", 25).padEnd(25);
+      const machine = truncate(s.host || "-", 16).padEnd(18);
+      const dir = truncate(s.directory || "-", 33).padEnd(35);
+      console.log(`${id.padEnd(10)} ${agent} ${status} ${name} ${machine} ${dir}`);
+    }
+  }
+}
+function parseShareArg(arg) {
+  const parts = arg.split(":");
+  const email = parts[0];
+  const role = parts[1] || "interact";
+  if (!["view", "interact", "admin"].includes(role)) {
+    throw new Error(`Invalid role "${role}" in --share ${arg}. Must be view, interact, or admin.`);
+  }
+  return { email, role };
+}
+async function sessionSpawn(agent, directory, machineId, opts) {
+  const { server, machine } = await connectAndGetMachine(machineId);
+  try {
+    let sharing;
+    if (opts?.share?.length) {
+      sharing = {
+        enabled: true,
+        owner: "",
+        // will be auto-set by machine service from Hypha context
+        allowedUsers: opts.share.map((s) => ({
+          email: s.email,
+          role: s.role || "interact",
+          addedAt: Date.now(),
+          addedBy: "cli"
+        }))
+      };
+    }
+    let securityContext;
+    if (opts?.securityContextPath) {
+      const configPath = resolve(opts.securityContextPath);
+      const config = loadSecurityContextConfig(configPath);
+      securityContext = resolveSecurityContext(config, void 0);
+    }
+    if (opts?.denyRead?.length || opts?.allowWrite?.length || opts?.denyNetwork || opts?.allowDomain?.length) {
+      const flagCtx = buildSecurityContextFromFlags({
+        denyRead: opts.denyRead,
+        allowWrite: opts.allowWrite,
+        denyNetwork: opts.denyNetwork,
+        allowDomain: opts.allowDomain
+      });
+      securityContext = mergeSecurityContexts(securityContext, flagCtx);
+    }
+    const forceIsolation = opts?.isolate || !!securityContext;
+    if (securityContext?.filesystem?.allowWrite?.length) {
+      const absDir = resolve(directory);
+      const writePaths = securityContext.filesystem.allowWrite;
+      const dirCovered = writePaths.some((p) => absDir.startsWith(resolve(p)) || resolve(p).startsWith(absDir));
+      if (!dirCovered) {
+        console.warn(`Warning: Working directory ${absDir} is not covered by allowWrite paths: ${writePaths.join(", ")}`);
+        console.warn(`  The agent may not be able to write files in the working directory.`);
+      }
+    }
+    console.log(`Spawning ${agent} session in ${directory}...`);
+    if (forceIsolation) {
+      console.log(`Isolation: enabled (workspace: ${resolve(directory)})`);
+    }
+    if (securityContext) {
+      console.log(`Security context: ${JSON.stringify(securityContext, null, 2)}`);
+    }
+    if (sharing) {
+      console.log(`Sharing with: ${sharing.allowedUsers.map((u) => `${u.email} (${u.role})`).join(", ")}`);
+    }
+    const result = await machine.spawnSession({
+      directory,
+      agent,
+      sharing,
+      securityContext,
+      forceIsolation
+    });
+    if (result.type === "success") {
+      console.log(`Session started: ${result.sessionId}`);
+      if (result.message) console.log(`  ${result.message}`);
+      if (opts?.message && result.sessionId) {
+        const svc = await server.getService(`svamp-session-${result.sessionId}`);
+        const sendResult = await svc.sendMessage(
+          JSON.stringify({
+            role: "user",
+            content: { type: "text", text: opts.message },
+            meta: { sentFrom: "svamp-cli" }
+          })
+        );
+        console.log(`Message sent (seq: ${sendResult.seq})`);
+        if (opts.wait) {
+          console.log("Waiting for agent to become idle...");
+          await waitForBusyThenIdle(server, result.sessionId);
+          console.log("Agent is idle.");
+        }
+      }
+    } else if (result.type === "requestToApproveDirectoryCreation") {
+      console.error(`Directory ${result.directory} does not exist. Create it first or use an existing directory.`);
+      process.exit(1);
+    } else {
+      console.error(`Failed: ${result.errorMessage || "Unknown error"}`);
+      process.exit(1);
+    }
+  } finally {
+    await server.disconnect();
+  }
+}
+async function sessionStop(sessionId, machineId) {
+  const { server, machine } = await connectAndGetMachine(machineId);
+  try {
+    const sessions = await machine.listSessions();
+    const match = resolveSessionId(sessions, sessionId);
+    const success = await machine.stopSession(match.sessionId);
+    if (success) {
+      console.log(`Session ${match.sessionId.slice(0, 8)} stopped.`);
+    } else {
+      console.error("Failed to stop session (not found on daemon).");
+      process.exit(1);
+    }
+  } finally {
+    await server.disconnect();
+  }
+}
+async function sessionInfo(sessionId, machineId, opts) {
+  const { server, machine } = await connectAndGetMachine(machineId);
+  try {
+    const sessions = await machine.listSessions();
+    const match = resolveSessionId(sessions, sessionId);
+    const fullId = match.sessionId;
+    let metadata = {};
+    let activity = {};
+    try {
+      const svc = await server.getService(`svamp-session-${fullId}`);
+      const metaResult = await svc.getMetadata();
+      metadata = metaResult.metadata || {};
+      activity = await svc.getActivityState();
+    } catch {
+    }
+    const statusData = {
+      sessionId: fullId,
+      flavor: metadata.flavor || "claude",
+      name: metadata.name || "",
+      path: metadata.path || match.directory || "",
+      host: metadata.host || "",
+      lifecycleState: metadata.lifecycleState || "unknown",
+      active: activity.active ?? false,
+      thinking: activity.thinking ?? false,
+      startedBy: metadata.startedBy || match.startedBy || "",
+      summary: metadata.summary?.text || void 0,
+      claudeSessionId: metadata.claudeSessionId || void 0,
+      sessionLink: metadata.sessionLink?.url || void 0
+    };
+    if (opts?.json) {
+      console.log(formatJson(statusData));
+    } else {
+      console.log(formatSessionStatus(statusData));
+    }
+  } finally {
+    await server.disconnect();
+  }
+}
+async function sessionMessages(sessionId, machineId, opts) {
+  const { server, machine } = await connectAndGetMachine(machineId);
+  try {
+    const sessions = await machine.listSessions();
+    const match = resolveSessionId(sessions, sessionId);
+    const fullId = match.sessionId;
+    const svc = await server.getService(`svamp-session-${fullId}`);
+    const afterSeq = opts?.after ?? 0;
+    const apiLimit = opts?.limit ?? 1e3;
+    const { messages } = await svc.getMessages(afterSeq, apiLimit);
+    const toShow = opts?.last ? messages.slice(-opts.last) : messages;
+    if (toShow.length === 0) {
+      if (opts?.json) {
+        console.log(formatJson([]));
+      } else {
+        console.log("No messages yet.");
+      }
+      return;
+    }
+    if (opts?.json) {
+      const formatted = [];
+      for (const msg of toShow) {
+        const extracted = extractMessageText(msg);
+        if (extracted) {
+          formatted.push(extracted);
+        }
+      }
+      formatted.sort((a, b) => a.createdAt - b.createdAt);
+      console.log(formatJson(formatted));
+    } else {
+      for (const msg of toShow) {
+        renderMessage(msg);
+      }
+    }
+  } finally {
+    await server.disconnect();
+  }
+}
+async function sessionAttach(sessionId, machineId) {
+  const { server, machine } = await connectAndGetMachine(machineId);
+  const sessions = await machine.listSessions();
+  const match = resolveSessionId(sessions, sessionId);
+  const fullId = match.sessionId;
+  let svc;
+  try {
+    svc = await server.getService(`svamp-session-${fullId}`);
+  } catch (err) {
+    console.error(`Could not find session service: ${err.message}`);
+    await server.disconnect();
+    process.exit(1);
+  }
+  const { metadata } = await svc.getMetadata();
+  const flavor = metadata?.flavor || "claude";
+  const name = metadata?.name || fullId.slice(0, 8);
+  console.log(`Attached to ${flavor} session "${name}". Commands: /quit /abort /kill
+`);
+  const seenMessageIds = /* @__PURE__ */ new Set();
+  let replayDone = false;
+  await svc.registerListener({
+    onUpdate: (update) => {
+      if (update.type === "new-message") {
+        const msg = update.message;
+        if (!msg?.id) return;
+        if (seenMessageIds.has(msg.id)) return;
+        seenMessageIds.add(msg.id);
+        if (!replayDone) return;
+        renderMessage(msg);
+      } else if (update.type === "activity") {
+        if (!replayDone) return;
+        if (update.thinking) {
+          process.stdout.write("\x1B[90m[thinking...]\x1B[0m\r");
+        } else if (!update.thinking) {
+          process.stdout.write("\n> ");
+        }
+      } else if (update.type === "update-session") ;
+    }
+  });
+  await new Promise((r) => setTimeout(r, 500));
+  replayDone = true;
+  console.log(`\x1B[90m(${seenMessageIds.size} messages in history)\x1B[0m`);
+  process.stdout.write("> ");
+  const readline = await import('readline');
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout,
+    terminal: true
+  });
+  rl.on("line", async (line) => {
+    const trimmed = line.trim();
+    if (!trimmed) {
+      process.stdout.write("> ");
+      return;
+    }
+    if (trimmed === "/quit" || trimmed === "/detach") {
+      console.log("Detaching (session continues running)...");
+      rl.close();
+      await server.disconnect();
+      process.exit(0);
+    }
+    if (trimmed === "/abort" || trimmed === "/cancel") {
+      try {
+        await svc.abort();
+        console.log("Abort sent.");
+      } catch (err) {
+        console.error(`Abort failed: ${err.message}`);
+      }
+      process.stdout.write("> ");
+      return;
+    }
+    if (trimmed === "/kill") {
+      try {
+        await svc.killSession();
+        console.log("Session killed.");
+      } catch (err) {
+        console.error(`Kill failed: ${err.message}`);
+      }
+      rl.close();
+      await server.disconnect();
+      process.exit(0);
+    }
+    if (trimmed === "/info") {
+      try {
+        const { metadata: m } = await svc.getMetadata();
+        const act = await svc.getActivityState();
+        console.log(`  Agent: ${m?.flavor || "claude"}, State: ${m?.lifecycleState || "?"}, Active: ${act?.active}, Thinking: ${act?.thinking}`);
+      } catch (err) {
+        console.error(`Info failed: ${err.message}`);
+      }
+      process.stdout.write("> ");
+      return;
+    }
+    try {
+      await svc.sendMessage(
+        JSON.stringify({
+          role: "user",
+          content: { type: "text", text: trimmed }
+        })
+      );
+    } catch (err) {
+      console.error(`Send failed: ${err.message}`);
+      process.stdout.write("> ");
+    }
+  });
+  rl.on("close", async () => {
+    await server.disconnect();
+    process.exit(0);
+  });
+  process.on("SIGINT", async () => {
+    console.log("\nDetaching (session continues running)...");
+    rl.close();
+    await server.disconnect();
+    process.exit(0);
+  });
+}
+async function sessionSend(sessionId, message, machineId, opts) {
+  const { server, machine } = await connectAndGetMachine(machineId);
+  try {
+    const sessions = await machine.listSessions();
+    const match = resolveSessionId(sessions, sessionId);
+    const fullId = match.sessionId;
+    const svc = await server.getService(`svamp-session-${fullId}`);
+    const result = await svc.sendMessage(
+      JSON.stringify({
+        role: "user",
+        content: { type: "text", text: message },
+        meta: { sentFrom: "svamp-cli" }
+      })
+    );
+    if (opts?.wait) {
+      const timeoutMs = (opts.timeout || 300) * 1e3;
+      await waitForBusyThenIdle(server, fullId, timeoutMs);
+    }
+    if (opts?.json) {
+      console.log(formatJson({
+        sessionId: fullId,
+        message,
+        sent: true,
+        seq: result.seq,
+        waited: !!opts.wait
+      }));
+    } else {
+      console.log(`Message sent to session ${fullId.slice(0, 8)} (seq: ${result.seq})`);
+      if (opts?.wait) {
+        console.log("Agent is idle.");
+      }
+    }
+  } finally {
+    await server.disconnect();
+  }
+}
+async function sessionWait(sessionId, machineId, opts) {
+  const { server, machine } = await connectAndGetMachine(machineId);
+  try {
+    const sessions = await machine.listSessions();
+    const match = resolveSessionId(sessions, sessionId);
+    const fullId = match.sessionId;
+    const timeoutMs = (opts?.timeout || 300) * 1e3;
+    await waitForIdle(server, fullId, timeoutMs);
+    console.log(`Session ${fullId.slice(0, 8)} is idle.`);
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    console.error(msg);
+    process.exitCode = 1;
+  } finally {
+    await server.disconnect();
+  }
+}
+async function sessionShare(sessionIdPartial, machineId, opts) {
+  const { server, machine } = await connectAndGetMachine(machineId);
+  try {
+    const sessions = await machine.listSessions();
+    const match = resolveSessionId(sessions, sessionIdPartial);
+    const fullId = match.sessionId;
+    const svc = await server.getService(`svamp-session-${fullId}`);
+    if (opts.list) {
+      const metaResult = await svc.getMetadata();
+      const sharing = metaResult.metadata?.sharing;
+      if (!sharing || !sharing.enabled) {
+        console.log("Sharing is not enabled for this session.");
+        return;
+      }
+      console.log(`Owner: ${sharing.owner}`);
+      if (sharing.allowedUsers.length === 0) {
+        console.log("No shared users.");
+      } else {
+        console.log("Shared users:");
+        for (const u of sharing.allowedUsers) {
+          console.log(`  ${u.email.padEnd(30)} ${u.role.padEnd(10)} (added ${new Date(u.addedAt).toISOString().slice(0, 10)})`);
+        }
+      }
+      const secCtx = metaResult.metadata?.securityContext;
+      if (secCtx) {
+        console.log(`
+Security context:`);
+        console.log(JSON.stringify(secCtx, null, 2));
+      }
+      return;
+    }
+    if (opts.add) {
+      const { email, role } = parseShareArg(opts.add);
+      const metaResult = await svc.getMetadata();
+      let sharing = metaResult.metadata?.sharing || {
+        enabled: true,
+        owner: "",
+        allowedUsers: []
+      };
+      sharing.enabled = true;
+      sharing.allowedUsers = sharing.allowedUsers.filter(
+        (u) => u.email.toLowerCase() !== email.toLowerCase()
+      );
+      sharing.allowedUsers.push({
+        email,
+        role,
+        addedAt: Date.now(),
+        addedBy: "cli"
+      });
+      await svc.updateSharing(sharing);
+      console.log(`Shared session ${fullId.slice(0, 8)} with ${email} (${role}).`);
+      return;
+    }
+    if (opts.remove) {
+      const email = opts.remove;
+      const metaResult = await svc.getMetadata();
+      const sharing = metaResult.metadata?.sharing;
+      if (!sharing) {
+        console.error("Sharing is not enabled for this session.");
+        process.exit(1);
+      }
+      const before = sharing.allowedUsers.length;
+      sharing.allowedUsers = sharing.allowedUsers.filter(
+        (u) => u.email.toLowerCase() !== email.toLowerCase()
+      );
+      if (sharing.allowedUsers.length === before) {
+        console.error(`User ${email} is not in the shared users list.`);
+        process.exit(1);
+      }
+      await svc.updateSharing(sharing);
+      console.log(`Removed ${email} from session ${fullId.slice(0, 8)}.`);
+      return;
+    }
+    console.error("Usage: svamp session share <id> --add <email>[:<role>] | --remove <email> | --list");
+    process.exit(1);
+  } finally {
+    await server.disconnect();
+  }
+}
+async function machineShare(machineId, opts) {
+  const { server, machine } = await connectAndGetMachine(machineId);
+  try {
+    if (opts.list) {
+      const info = await machine.getMachineInfo();
+      const sharing = info.metadata?.sharing;
+      if (!sharing || !sharing.enabled) {
+        console.log("Sharing is not enabled for this machine.");
+      } else {
+        console.log(`Owner: ${sharing.owner}`);
+        if (sharing.allowedUsers.length === 0) {
+          console.log("No shared users.");
+        } else {
+          console.log("Shared users:");
+          for (const u of sharing.allowedUsers) {
+            console.log(`  ${u.email.padEnd(30)} ${u.role.padEnd(10)} (added ${new Date(u.addedAt).toISOString().slice(0, 10)})`);
+          }
+        }
+      }
+      const iso = info.metadata?.isolationCapabilities;
+      if (iso) {
+        console.log(`
+Isolation: ${iso.available.length > 0 ? iso.available.join(", ") : "none available"} (preferred: ${iso.preferred || "none"})`);
+      }
+      return;
+    }
+    if (opts.showConfig) {
+      const result = await machine.getSecurityContextConfig();
+      const config = result?.securityContextConfig;
+      if (!config) {
+        console.log("No security context config set for this machine.");
+      } else {
+        console.log(JSON.stringify(config, null, 2));
+      }
+      return;
+    }
+    if (opts.configPath) {
+      const configPath = resolve(opts.configPath);
+      const config = loadSecurityContextConfig(configPath);
+      await machine.updateSecurityContextConfig(config);
+      const userCount = config.users ? Object.keys(config.users).length : 0;
+      console.log(`Security context config applied to machine.`);
+      console.log(`  Default context: ${config.default ? "yes" : "none"}`);
+      console.log(`  User-specific entries: ${userCount}`);
+      if (config.users) {
+        for (const email of Object.keys(config.users)) {
+          const ctx = config.users[email];
+          console.log(`    ${email}: role=${ctx.role || "default"}`);
+        }
+      }
+      return;
+    }
+    if (opts.add) {
+      const { email, role } = parseShareArg(opts.add);
+      const info = await machine.getMachineInfo();
+      let sharing = info.metadata?.sharing || {
+        enabled: true,
+        owner: "",
+        allowedUsers: []
+      };
+      sharing.enabled = true;
+      sharing.allowedUsers = sharing.allowedUsers.filter(
+        (u) => u.email.toLowerCase() !== email.toLowerCase()
+      );
+      sharing.allowedUsers.push({
+        email,
+        role,
+        addedAt: Date.now(),
+        addedBy: "cli"
+      });
+      await machine.updateSharing(sharing);
+      console.log(`Shared machine with ${email} (${role}).`);
+      return;
+    }
+    if (opts.remove) {
+      const email = opts.remove;
+      const info = await machine.getMachineInfo();
+      const sharing = info.metadata?.sharing;
+      if (!sharing) {
+        console.error("Sharing is not enabled for this machine.");
+        process.exit(1);
+      }
+      const before = sharing.allowedUsers.length;
+      sharing.allowedUsers = sharing.allowedUsers.filter(
+        (u) => u.email.toLowerCase() !== email.toLowerCase()
+      );
+      if (sharing.allowedUsers.length === before) {
+        console.error(`User ${email} is not in the shared users list.`);
+        process.exit(1);
+      }
+      await machine.updateSharing(sharing);
+      console.log(`Removed ${email} from machine sharing.`);
+      return;
+    }
+    console.error("Usage: svamp machine share --add <email>[:<role>] | --remove <email> | --list | --config <path> | --show-config");
+    process.exit(1);
+  } finally {
+    await server.disconnect();
+  }
+}
+
+export { connectAndGetMachine, machineShare, parseShareArg, renderMessage, resolveSessionId, sessionAttach, sessionInfo, sessionList, sessionMachines, sessionMessages, sessionSend, sessionShare, sessionSpawn, sessionStop, sessionWait };