svamp-cli 0.1.66 → 0.1.68

package/dist/cli.mjs

@@ -1,4 +1,4 @@
-import { b as stopDaemon, s as startDaemon, d as daemonStatus } from './run-BDmLH9T8.mjs';
+import { b as stopDaemon, s as startDaemon, d as daemonStatus } from './run-DWFTrXVF.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';
@@ -109,7 +109,7 @@ async function main() {
     const { handleServiceCommand } = await import('./commands-CF32XIau.mjs');
     await handleServiceCommand();
   } else if (subcommand === "process" || subcommand === "proc") {
-    const { processCommand } = await import('./commands-CdQ8qr6l.mjs');
+    const { processCommand } = await import('./commands-BwT-PFl4.mjs');
     let machineId;
     const processArgs = args.slice(1);
     const mIdx = processArgs.findIndex((a) => a === "--machine" || a === "-m");
@@ -127,7 +127,7 @@ async function main() {
   } else if (!subcommand || subcommand === "start") {
     await handleInteractiveCommand();
   } else if (subcommand === "--version" || subcommand === "-v") {
-    const pkg = await import('./package-CSFQKq7F.mjs').catch(() => ({ default: { version: "unknown" } }));
+    const pkg = await import('./package-CHfluhvW.mjs').catch(() => ({ default: { version: "unknown" } }));
     console.log(`svamp version: ${pkg.default.version}`);
   } else {
     console.error(`Unknown command: ${subcommand}`);
@@ -136,7 +136,7 @@ async function main() {
   }
 }
 async function handleInteractiveCommand() {
-  const { runInteractive } = await import('./run-ez-QlRKy.mjs');
+  const { runInteractive } = await import('./run-BYtrsPjt.mjs');
   const interactiveArgs = subcommand === "start" ? args.slice(1) : args;
   let directory = process.cwd();
   let resumeSessionId;
@@ -181,7 +181,7 @@ async function handleAgentCommand() {
     return;
   }
   if (agentArgs[0] === "list") {
-    const { KNOWN_ACP_AGENTS, KNOWN_MCP_AGENTS: KNOWN_MCP_AGENTS2 } = await import('./run-BDmLH9T8.mjs').then(function (n) { return n.i; });
+    const { KNOWN_ACP_AGENTS, KNOWN_MCP_AGENTS: KNOWN_MCP_AGENTS2 } = await import('./run-DWFTrXVF.mjs').then(function (n) { return n.i; });
     console.log("Known agents:");
     for (const [name, config2] of Object.entries(KNOWN_ACP_AGENTS)) {
       console.log(`  ${name.padEnd(12)} ${config2.command} ${config2.args.join(" ")}  (ACP)`);
@@ -193,7 +193,7 @@ async function handleAgentCommand() {
     console.log('Use "svamp agent -- <command> [args]" for a custom ACP agent.');
     return;
   }
-  const { resolveAcpAgentConfig, KNOWN_MCP_AGENTS } = await import('./run-BDmLH9T8.mjs').then(function (n) { return n.i; });
+  const { resolveAcpAgentConfig, KNOWN_MCP_AGENTS } = await import('./run-DWFTrXVF.mjs').then(function (n) { return n.i; });
   let cwd = process.cwd();
   const filteredArgs = [];
   for (let i = 0; i < agentArgs.length; i++) {
@@ -217,12 +217,12 @@ async function handleAgentCommand() {
   console.log(`Starting ${config.agentName} agent in ${cwd}...`);
   let backend;
   if (KNOWN_MCP_AGENTS[config.agentName]) {
-    const { CodexMcpBackend } = await import('./run-BDmLH9T8.mjs').then(function (n) { return n.j; });
+    const { CodexMcpBackend } = await import('./run-DWFTrXVF.mjs').then(function (n) { return n.j; });
     backend = new CodexMcpBackend({ cwd, log: logFn });
   } else {
-    const { AcpBackend } = await import('./run-BDmLH9T8.mjs').then(function (n) { return n.h; });
-    const { GeminiTransport } = await import('./run-BDmLH9T8.mjs').then(function (n) { return n.G; });
-    const { DefaultTransport } = await import('./run-BDmLH9T8.mjs').then(function (n) { return n.D; });
+    const { AcpBackend } = await import('./run-DWFTrXVF.mjs').then(function (n) { return n.h; });
+    const { GeminiTransport } = await import('./run-DWFTrXVF.mjs').then(function (n) { return n.G; });
+    const { DefaultTransport } = await import('./run-DWFTrXVF.mjs').then(function (n) { return n.D; });
     const transportHandler = config.agentName === "gemini" ? new GeminiTransport() : new DefaultTransport(config.agentName);
     backend = new AcpBackend({
       agentName: config.agentName,
@@ -340,7 +340,7 @@ async function handleSessionCommand() {
     printSessionHelp();
     return;
   }
-  const { sessionList, sessionSpawn, sessionStop, sessionInfo, sessionMessages, sessionAttach, sessionMachines, sessionSend, sessionWait, sessionShare, sessionRalphStart, sessionRalphCancel, sessionRalphStatus, sessionQueueAdd, sessionQueueList, sessionQueueClear } = await import('./commands-Dpc6QK0m.mjs');
+  const { sessionList, sessionSpawn, sessionStop, sessionInfo, sessionMessages, sessionAttach, sessionMachines, sessionSend, sessionWait, sessionShare, sessionRalphStart, sessionRalphCancel, sessionRalphStatus, sessionQueueAdd, sessionQueueList, sessionQueueClear } = await import('./commands-D4_QgXrS.mjs');
   const parseFlagStr = (flag, shortFlag) => {
     for (let i = 1; i < sessionArgs.length; i++) {
       if ((sessionArgs[i] === flag || shortFlag) && i + 1 < sessionArgs.length) {
@@ -400,7 +400,7 @@ async function handleSessionCommand() {
         allowDomain.push(sessionArgs[++i]);
       }
     }
-    const { parseShareArg } = await import('./commands-Dpc6QK0m.mjs');
+    const { parseShareArg } = await import('./commands-D4_QgXrS.mjs');
     const shareEntries = share.map((s) => parseShareArg(s));
     await sessionSpawn(agent, dir, targetMachineId, {
       message,
@@ -484,7 +484,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session approve <session-id> [request-id] [--json]");
       process.exit(1);
     }
-    const { sessionApprove } = await import('./commands-Dpc6QK0m.mjs');
+    const { sessionApprove } = await import('./commands-D4_QgXrS.mjs');
     const approveReqId = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
     await sessionApprove(sessionArgs[1], approveReqId, targetMachineId, {
       json: hasFlag("--json")
@@ -494,7 +494,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session deny <session-id> [request-id] [--json]");
       process.exit(1);
     }
-    const { sessionDeny } = await import('./commands-Dpc6QK0m.mjs');
+    const { sessionDeny } = await import('./commands-D4_QgXrS.mjs');
     const denyReqId = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
     await sessionDeny(sessionArgs[1], denyReqId, targetMachineId, {
       json: hasFlag("--json")
@@ -597,7 +597,7 @@ async function handleMachineCommand() {
     return;
   }
   if (machineSubcommand === "share") {
-    const { machineShare } = await import('./commands-Dpc6QK0m.mjs');
+    const { machineShare } = await import('./commands-D4_QgXrS.mjs');
     let machineId;
     const shareArgs = [];
     for (let i = 1; i < machineArgs.length; i++) {
@@ -627,7 +627,7 @@ async function handleMachineCommand() {
     }
     await machineShare(machineId, { add, remove, list, configPath, showConfig });
   } else if (machineSubcommand === "exec") {
-    const { machineExec } = await import('./commands-Dpc6QK0m.mjs');
+    const { machineExec } = await import('./commands-D4_QgXrS.mjs');
     let machineId;
     let cwd;
     const cmdParts = [];
@@ -647,7 +647,7 @@ async function handleMachineCommand() {
     }
     await machineExec(machineId, command, cwd);
   } else if (machineSubcommand === "info") {
-    const { machineInfo } = await import('./commands-Dpc6QK0m.mjs');
+    const { machineInfo } = await import('./commands-D4_QgXrS.mjs');
     let machineId;
     for (let i = 1; i < machineArgs.length; i++) {
       if ((machineArgs[i] === "--machine" || machineArgs[i] === "-m") && i + 1 < machineArgs.length) {
@@ -670,7 +670,7 @@ async function handleMachineCommand() {
     const { machineNotify } = await import('./agentCommands-C6iGblcL.mjs');
     await machineNotify(message, level);
   } else if (machineSubcommand === "ls") {
-    const { machineLs } = await import('./commands-Dpc6QK0m.mjs');
+    const { machineLs } = await import('./commands-D4_QgXrS.mjs');
     let machineId;
     let showHidden = false;
     let path;
@@ -684,43 +684,6 @@ async function handleMachineCommand() {
       }
     }
     await machineLs(machineId, path, showHidden);
-  } else if (machineSubcommand === "storage") {
-    const { storageList, storageOrphans, storageMarkOrphan, storageUnmarkOrphan, storageDelete, printStorageHelp } = await import('./storageCommands-CKhntx1P.mjs');
-    const storageArgs = machineArgs.slice(1);
-    const storageSubcmd = storageArgs[0];
-    if (!storageSubcmd || storageSubcmd === "--help" || storageSubcmd === "-h") {
-      printStorageHelp();
-    } else if (storageSubcmd === "list") {
-      await storageList();
-    } else if (storageSubcmd === "orphans") {
-      const mark = storageArgs.includes("--mark");
-      await storageOrphans(mark);
-    } else if (storageSubcmd === "mark-orphan") {
-      const ns = storageArgs[1];
-      if (!ns) {
-        console.error("Usage: svamp machine storage mark-orphan <namespace>");
-        process.exit(1);
-      }
-      await storageMarkOrphan(ns);
-    } else if (storageSubcmd === "unmark-orphan") {
-      const ns = storageArgs[1];
-      if (!ns) {
-        console.error("Usage: svamp machine storage unmark-orphan <namespace>");
-        process.exit(1);
-      }
-      await storageUnmarkOrphan(ns);
-    } else if (storageSubcmd === "delete") {
-      const ns = storageArgs[1];
-      if (!ns) {
-        console.error("Usage: svamp machine storage delete <namespace>");
-        process.exit(1);
-      }
-      await storageDelete(ns);
-    } else {
-      console.error(`Unknown storage command: ${storageSubcmd}`);
-      printStorageHelp();
-      process.exit(1);
-    }
   } else {
     console.error(`Unknown machine command: ${machineSubcommand}`);
     printMachineHelp();
@@ -1081,38 +1044,50 @@ function printHelp() {
   console.log(`
 svamp \u2014 AI workspace on Hypha Cloud
 
-Quick start \u2014 spawn an agent to do a task:
-  svamp session spawn claude -d ./project -p bypassPermissions --message "fix tests" --wait
-
-Commands:
-  svamp                              Start interactive Claude session (synced to cloud)
-  svamp login [url]                  Login to Hypha (opens browser, stores token)
-  svamp daemon start                 Start the background daemon (required for sessions)
-  svamp daemon status                Show daemon status
-  svamp daemon --help                Show all daemon commands
-
-  Session management (requires daemon running):
-  svamp session spawn <agent> [opts] Spawn a new agent session (agents: claude, gemini, codex)
-  svamp session send <id> <message>  Send message to a session (--wait to block until done)
-  svamp session wait <id>            Wait for agent to become idle
-  svamp session messages <id>        Show message history (--last N, --json, --raw)
-  svamp session info <id>            Show session status & pending permissions
-  svamp session list                 List sessions
-  svamp session stop <id>            Stop a session
-  svamp session attach <id>          Attach interactive terminal (stdin/stdout)
-  svamp session approve/deny <id>    Approve or deny pending permission requests
-  svamp session --help               Show ALL session commands and detailed options
-
-  Other:
-  svamp machine --help               Machine sharing & security contexts
-  svamp skills --help                Skills marketplace (find, install, publish)
-  svamp service --help               Service exposure (HTTP services from sandboxes)
-  svamp agent <name>                 Start local agent session (no daemon needed)
-  svamp --version                    Show version
+Usage:
+  svamp                        Start interactive Claude session (synced to cloud)
+  svamp start [-d <path>]      Same as above, with explicit directory
+  svamp login [url]            Login to Hypha (opens browser, stores token)
+  svamp daemon start           Start the daemon (detached)
+  svamp daemon stop            Stop the daemon (sessions preserved for restart)
+  svamp daemon restart         Restart the daemon (sessions resume seamlessly)
+  svamp daemon status          Show daemon status
+  svamp daemon install         Install as system service (launchd/systemd/wrapper)
+  svamp session list           List active sessions
+  svamp session spawn          Spawn a new session on the daemon
+  svamp session send <id> <m>  Send message to a session
+  svamp session wait <id>      Wait for agent to become idle
+  svamp session info <id>      Show session status & pending permissions
+  svamp session messages <id>  Show message history
+  svamp session approve <id>   Approve pending permission request
+  svamp session deny <id>      Deny pending permission request
+  svamp session attach <id>    Attach to a session (interactive terminal)
+  svamp session share <id>     Manage session sharing
+  svamp session --help         Show all session commands
+  svamp machine share          Manage machine sharing & security contexts
+  svamp machine --help         Show all machine commands
+  svamp skills find <query>    Search the skills marketplace
+  svamp skills install <n>     Install a skill from the marketplace
+  svamp skills --help          Show all skill commands
+  svamp process apply <f.yaml>  Create/update a supervised process (idempotent)
+  svamp process list           List supervised processes
+  svamp process start <name>   Start or create a process
+  svamp process logs <name>    Show process log output
+  svamp process --help         Show all process commands
+  svamp service expose <name>  Expose a service from this sandbox
+  svamp service list           List service groups
+  svamp service --help         Show all service commands
+  svamp agent list             List known agents
+  svamp agent <name>           Start local agent session (gemini, codex)
+  svamp --version              Show version
+  svamp --help                 Show this help
 
 Interactive mode:
-  Run 'svamp' with no arguments to start Claude in your terminal with cloud sync.
-  Messages from the web app auto-switch to remote mode. Space-Space returns to local.
+  When you run 'svamp' with no arguments, Claude starts in your terminal
+  with full interactive access. Your session is synced to Hypha Cloud so
+  it's visible in the web app. When a message arrives from the web app,
+  svamp switches to remote mode to process it, then you can press
+  Space-Space to return to local mode.
 
 Environment variables:
   HYPHA_SERVER_URL     Hypha server URL (required for cloud sync)
@@ -1138,169 +1113,149 @@ Usage:
 }
 function printSessionHelp() {
   console.log(`
-svamp session \u2014 Spawn and manage AI agent sessions
-
-QUICK START \u2014 Spawn a session, give it a task, get results:
+svamp session \u2014 Manage daemon sessions (Claude, Gemini, Codex)
 
-  # One-liner: spawn agent, send task, wait for completion
-  svamp session spawn claude -d ./my-project -p bypassPermissions \\
-    --message "fix the failing tests" --wait
-
-  # The command prints the session ID (e.g., "abc12345-..."). Use it to:
-  svamp session messages abc1 --last 10         # read output (prefix match on ID)
-  svamp session send abc1 "now run lint" --wait  # send follow-up, wait for done
-  svamp session stop abc1                        # stop when finished
-
-  # Spawn on a remote/cloud machine:
-  svamp session spawn claude -d /workspace -m cloud-box --message "deploy" --wait
+Commands:
+  svamp session list [--active] [--json]                       List sessions (alias: ls)
+  svamp session machines                                        List discoverable machines
+  svamp session spawn <agent> [-d <path>] [options]            Spawn a new session
+  svamp session stop <id>                                       Stop a session
+  svamp session info <id> [--json]                             Show status, activity & pending permissions
+  svamp session send <id> <message> [--wait] [--timeout N] [--json]
+                                                                Send a message to a session
+  svamp session wait <id> [--timeout N] [--json]               Wait for agent to become idle
+  svamp session messages <id> [--last N] [--json] [--raw] [--after N] [--limit N]
+                                                                Show messages (alias: msgs)
+  svamp session attach <id>                                     Attach to session (interactive terminal)
+  svamp session approve <id> [request-id] [--json]             Approve pending permission(s)
+  svamp session deny <id> [request-id] [--json]                Deny pending permission(s)
 
-AGENTS:
-  claude    Claude Code \u2014 full coding agent (default)
-  gemini    Google Gemini via ACP protocol
-  codex     OpenAI Codex via MCP protocol
+Spawn options:
+  -d, --directory <path>          Working directory (default: cwd)
+  -p, --permission-mode <mode>    Agent permission mode (see "Permission modes" below)
+  --message <msg>                 Send initial message after spawn
+  --wait                          Wait for agent to become idle before returning
+  --worktree                      Create a git worktree branch (at .dev/worktree/<name>)
+  --isolate                       Force OS-level sandbox isolation
+  --security-context <path>       Apply security context config (JSON file)
+  --share <email>[:<role>]        Share with user (repeatable). Role: view, interact, admin
+  --deny-network                  Block all network access
+  --deny-read <path>              Deny reading path (repeatable)
+  --allow-write <path>            Allow writing path (repeatable)
+  --allow-domain <domain>         Allow network domain (repeatable)
 
-  Usage: svamp session spawn <agent> [options]
-  The <agent> argument is required. Use "claude" if unsure.
+Permission modes (-p, --permission-mode):
+  default              Prompt for each tool use (default)
+  acceptEdits          Auto-approve file edits, prompt for bash/dangerous tools
+  bypassPermissions    Auto-approve all tools (no prompts)
 
-COMMANDS:
+Permission workflow:
+  When an agent runs with 'default' or 'acceptEdits' permission mode, it pauses
+  when it needs to use a tool that requires approval. Use these commands to manage:
 
-  Lifecycle:
-    spawn <agent> [-d <path>] [options]   Spawn a new agent session
-    stop <id>                             Stop a running session
-    list [--active] [--json]              List sessions (alias: ls)
-    machines                              List discoverable machines
-    info <id> [--json]                    Show status & pending permissions
+  1. Check status:    svamp session info <id> --json
+                      \u2192 shows pendingPermissions array when agent is blocked
+  2. Wait & detect:   svamp session wait <id> --json
+                      \u2192 exits with code 2 if permission pending (see exit codes)
+  3. Approve:         svamp session approve <id>          (approve all pending)
+                      svamp session approve <id> <rid>    (approve specific request)
+  4. Deny:            svamp session deny <id>             (deny all pending)
+                      svamp session deny <id> <rid>       (deny specific request)
 
-  Communicate:
-    send <id> <message> [--wait] [--timeout N] [--json]
-                                          Send a message to a running session
-    messages <id> [--last N] [--json]     Read message history (alias: msgs)
-    wait <id> [--timeout N] [--json]      Wait for agent to become idle
-    attach <id>                           Attach interactive terminal (stdin/stdout)
+  Request IDs support prefix matching (e.g., "abc1" matches "abc12345-...").
 
-  Permissions (when agent pauses for approval):
-    approve <id> [request-id] [--json]    Approve pending tool permission(s)
-    deny <id> [request-id] [--json]       Deny pending tool permission(s)
+Messages options:
+  --last N       Show only the last N messages
+  --after N      Start after sequence number N
+  --limit N      Max messages to fetch from server (default: 1000, cap: 500 per page)
+  --json         Output as JSON (FormattedMessage: id, seq, role, text, createdAt)
+  --raw          With --json: output full raw message objects (includes tool_use args,
+                 tool_result content, thinking blocks \u2014 use for programmatic parsing)
 
-  Sharing:
-    share <id> --list                     List shared users
-    share <id> --add <email>[:<role>]     Share with user (role: view|interact|admin)
-    share <id> --remove <email>           Remove shared user
-    share <id> --public <view|interact|off>  Set public link access
+Exit codes (wait, send --wait, spawn --wait):
+  0   Agent is idle (task completed)
+  1   Error (timeout, connection failure, session not found)
+  2   Agent is waiting for permission approval \u2014 use approve/deny to continue
 
-  Ralph Loop (iterative automation):
-    ralph-start <id> "<task>" [options]   Start iterative loop
-    ralph-cancel <id>                     Cancel loop
-    ralph-status <id>                     Show loop status
+Global options:
+  --machine <id>, -m <id>  Target a specific machine (prefix match supported)
 
-  Message Queue:
-    queue add <id> "<message>"            Queue a message for later
-    queue list <id>                       List queued messages
-    queue clear <id>                      Clear queue
+Agents: claude (default), gemini, codex
+Session and machine IDs support prefix matching (e.g., "abc1" matches "abc12345-...").
 
-SPAWN OPTIONS:
-  -d, --directory <path>          Working directory (REQUIRED for meaningful work)
-  -p, --permission-mode <mode>    Permission mode (see below). Default: "default"
-  --message <msg>                 Send this message to the agent immediately after spawn
-  --wait                          Block until agent finishes (idle). Combine with --message
-                                  for fire-and-forget: spawn \u2192 task \u2192 wait \u2192 done.
-  --timeout <sec>                 Timeout for --wait (default: no timeout)
-  --worktree                      Create isolated git worktree branch (.dev/worktree/<name>)
-  --tags <tag1,tag2>              Comma-separated tags for session grouping
-  --parent <sessionId>            Set parent session (auto-set from SVAMP_SESSION_ID env)
+Sharing:
+  svamp session share <id> --list                            List shared users
+  svamp session share <id> --add <email>[:<role>]            Share with user
+  svamp session share <id> --remove <email>                  Remove shared user
+  svamp session share <id> --public <view|interact|off>     Set public link access
 
-PERMISSION MODES:
-  default              Agent pauses and asks for approval before each tool use.
-                       You must use "approve" / "deny" commands to unblock it.
-  acceptEdits          Auto-approve file edits. Pauses for bash & dangerous tools.
-  bypassPermissions    Auto-approve everything. No prompts, no pauses.
-                       \u26A0 Use this for automation / when you trust the agent fully.
+Options:
+  --machine <id>, -m <id>  Target a specific machine (prefix match supported)
 
-  Tip: For programmatic use (spawning from another agent or script), use
-  -p bypassPermissions to avoid the agent getting stuck waiting for approval.
+Spawn options:
+  -p, --permission-mode <mode>  Agent permission mode: default, acceptEdits, bypassPermissions
+  --worktree                    Create a git worktree branch as working directory
 
-PERMISSION WORKFLOW (only relevant for "default" and "acceptEdits" modes):
-  1. svamp session wait <id> --json    \u2192 exit code 2 means permission pending
-  2. svamp session info <id> --json    \u2192 shows pendingPermissions array
-  3. svamp session approve <id>        \u2192 approve all pending (or approve <id> <rid>)
-  4. svamp session deny <id>           \u2192 deny all pending (or deny <id> <rid>)
+Spawn isolation options:
+  --share <email>[:<role>]    Share session (repeatable). Role: view, interact, admin
+  --security-context <path>   Path to security context JSON config file
+  --isolate                   Force OS-level isolation even without sharing
+  --deny-read <path>          Deny read access to path (repeatable)
+  --allow-write <path>        Allow write access to path (repeatable)
+  --deny-network              Deny all network access
+  --allow-domain <domain>     Allow network access to domain (repeatable)
 
-ISOLATION & SHARING OPTIONS (for spawn):
-  --isolate                       Force OS-level sandbox (even without sharing)
-  --security-context <path>       Apply security context config (JSON file)
-  --share <email>[:<role>]        Share session (repeatable). Role: view|interact|admin
-  --deny-network                  Block all network access
-  --deny-read <path>              Deny reading path (repeatable)
-  --allow-write <path>            Allow writing path (repeatable)
-  --allow-domain <domain>         Allow network domain (repeatable)
+Spawn grouping options:
+  --tags <tag1,tag2>          Comma-separated tags
+  --parent <sessionId>        Set parent session (auto-detected from SVAMP_SESSION_ID)
 
-MESSAGES OPTIONS:
-  --last N       Show last N messages only
-  --after N      Start after sequence number N (for pagination)
-  --limit N      Max messages to fetch (default: 1000)
-  --json         Output as JSON array of {id, seq, role, text, createdAt}
-  --raw          With --json: include full raw objects (tool_use, tool_result, thinking)
+Agents: claude (default), gemini, codex
 
-RALPH LOOP OPTIONS (for ralph-start):
-  --context-mode <mode>           fresh (new process each iteration) or continue (same process)
-  --completion-promise <text>     Completion signal text (default: DONE)
-  --max-iterations <n>            Max iterations (default: 10)
-  --cooldown <sec>                Delay between iterations (default: 1)
+Session and machine IDs can be abbreviated (prefix match, like Docker).
 
-EXIT CODES (for wait, send --wait, spawn --wait):
-  0   Agent is idle (task completed successfully)
-  1   Error (timeout, connection failure, session not found)
-  2   Agent is waiting for permission approval \u2014 use approve/deny to unblock
+NOTE: By default, spawned agents run with 'default' permission mode, which means
+the agent may pause to request permission for tool use (file edits, bash, etc.).
+Use -p bypassPermissions to run without approval prompts.
 
-ATTACH COMMANDS (inside an attached session):
+Attach commands:
   /quit, /detach    Detach (session keeps running)
   /abort, /cancel   Cancel current agent turn
-  /kill             Stop the session entirely
+  /kill             Stop the session
   /info             Show session status
 
-GLOBAL OPTIONS:
-  --machine <id>, -m <id>   Target a specific machine (prefix match supported)
+Ralph Loop (iterative task automation):
+  svamp session ralph-start <id> "<task>" [--context-mode fresh|continue] [--completion-promise TEXT] [--max-iterations N] [--cooldown N]
+  svamp session ralph-cancel <id>
+  svamp session ralph-status <id>
+  (alias: svamp session ralph <id> "<task>" ...)
 
-ID MATCHING:
-  Session and machine IDs support prefix matching.
-  "abc1" matches "abc12345-6789-..." \u2014 you only need enough characters to be unique.
+Message Queue:
+  svamp session queue add <id> "<message>"
+  svamp session queue list <id>
+  svamp session queue clear <id>
 
-EXAMPLES:
-
-  # === Common: Spawn agent to do a task and wait ===
-  svamp session spawn claude -d ./my-project -p bypassPermissions \\
-    --message "fix all TypeScript errors, run tsc to verify" --wait
-
-  # === Multi-step: Spawn, then send messages interactively ===
-  ID=$(svamp session spawn claude -d ./proj -p bypassPermissions)
-  svamp session send $ID "first, read the README" --wait
-  svamp session send $ID "now implement the feature described there" --wait
-  svamp session messages $ID --last 20
+Examples:
+  # Spawn with bypassed permissions (no prompts)
+  svamp session spawn claude -d ./proj -p bypassPermissions --message "fix tests" --wait
 
-  # === Spawn child session from another agent (e.g., in a bash tool) ===
-  # Use -p bypassPermissions so the child doesn't get stuck on approvals.
-  # Use --wait so your script blocks until the child finishes.
-  svamp session spawn claude -d /tmp/test-project -p bypassPermissions \\
-    --message "run the test suite and report results" --wait
-  # Then read the child's output:
-  svamp session messages <child-id> --last 5
+  # Spawn with default permissions, handle approval via CLI
+  svamp session spawn claude -d ./proj --message "refactor auth"
+  svamp session wait abc1 --json           # exits with code 2 if permission pending
+  svamp session approve abc1               # approve all pending permissions
+  svamp session wait abc1                  # wait for completion
 
-  # === Monitor with permissions (default mode) ===
-  svamp session spawn claude -d ./proj --message "refactor auth module"
-  svamp session wait abc1 --json       # exit code 2 = permission pending
-  svamp session approve abc1           # approve all pending
-  svamp session wait abc1              # wait for completion
+  # Monitor session messages (raw for full tool details)
+  svamp session messages abc1 --last 10 --json --raw
 
-  # === Spawn on a remote machine ===
-  svamp session spawn claude -d /workspace -m my-cloud-box \\
-    -p bypassPermissions --message "deploy to staging" --wait
+  # Send message and wait for completion
+  svamp session send abc1 "run the tests" --wait --json
 
-  # === Isolated session with network restrictions ===
+  # Isolation & sharing
   svamp session spawn claude -d /tmp/sandbox --isolate --deny-network
+  svamp session spawn claude -d /tmp/proj --share alice@example.com:admin
 
-  # === Ralph Loop: iterative task automation ===
-  svamp session ralph-start abc1 "Fix all linting errors" \\
-    --context-mode fresh --max-iterations 10
+  # Ralph Loop
+  svamp session ralph-start abc1 "Fix all linting errors" --context-mode fresh --max-iterations 10
 `);
 }
 function printMachineHelp() {
@@ -1317,13 +1272,6 @@ Usage:
   svamp machine share --config <path>                Apply security context config
   svamp machine share --show-config                  Show current security context config
 
-  Storage (admin):
-  svamp machine storage list                         List all user PVCs with status
-  svamp machine storage orphans [--mark]             Show PVCs with no active namespace
-  svamp machine storage mark-orphan <namespace>      Flag a PVC as orphaned
-  svamp machine storage unmark-orphan <namespace>    Remove orphan flag
-  svamp machine storage delete <namespace>           Permanently delete a PVC (double confirm)
-
 Options:
   --machine <id>, -m <id>  Target a specific machine (prefix match supported)
   --cwd <path>             Working directory for exec (default: home dir)

package/dist/{commands-CdQ8qr6l.mjs → commands-BwT-PFl4.mjs}

@@ -1,11 +1,11 @@
 import { writeFileSync, readFileSync } from 'fs';
 import { resolve } from 'path';
-import { connectAndGetMachine } from './commands-Dpc6QK0m.mjs';
+import { connectAndGetMachine } from './commands-D4_QgXrS.mjs';
 import 'node:fs';
 import 'node:child_process';
 import 'node:path';
 import 'node:os';
-import './run-BDmLH9T8.mjs';
+import './run-DWFTrXVF.mjs';
 import 'os';
 import 'fs/promises';
 import 'url';

package/dist/{commands-Dpc6QK0m.mjs → commands-D4_QgXrS.mjs}

@@ -2,7 +2,7 @@ import { existsSync, readFileSync } from 'node:fs';
 import { execSync } from 'node:child_process';
 import { resolve, join } from 'node:path';
 import os from 'node:os';
-import { l as loadSecurityContextConfig, e as resolveSecurityContext, f as buildSecurityContextFromFlags, m as mergeSecurityContexts, c as connectToHypha } from './run-BDmLH9T8.mjs';
+import { l as loadSecurityContextConfig, e as resolveSecurityContext, f as buildSecurityContextFromFlags, m as mergeSecurityContexts, c as connectToHypha } from './run-DWFTrXVF.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';

package/dist/index.mjs

@@ -1,4 +1,4 @@
-export { c as connectToHypha, d as daemonStatus, g as getHyphaServerUrl, r as registerMachineService, a as registerSessionService, s as startDaemon, b as stopDaemon } from './run-BDmLH9T8.mjs';
+export { c as connectToHypha, d as daemonStatus, g as getHyphaServerUrl, r as registerMachineService, a as registerSessionService, s as startDaemon, b as stopDaemon } from './run-DWFTrXVF.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';

package/dist/{package-CSFQKq7F.mjs → package-CHfluhvW.mjs}

@@ -1,5 +1,5 @@
 var name = "svamp-cli";
-var version = "0.1.66";
+var version = "0.1.68";
 var description = "Svamp CLI — AI workspace daemon on Hypha Cloud";
 var author = "Amun AI AB";
 var license = "SEE LICENSE IN LICENSE";

package/dist/{run-ez-QlRKy.mjs → run-BYtrsPjt.mjs}

@@ -2,7 +2,7 @@ import{createRequire as _pkgrollCR}from"node:module";const require=_pkgrollCR(im
 import os from 'node:os';
 import { join, resolve } from 'node:path';
 import { mkdirSync, writeFileSync, existsSync, unlinkSync, readFileSync, watch } from 'node:fs';
-import { c as connectToHypha, a as registerSessionService } from './run-BDmLH9T8.mjs';
+import { c as connectToHypha, a as registerSessionService } from './run-DWFTrXVF.mjs';
 import { createServer } from 'node:http';
 import { spawn } from 'node:child_process';
 import { createInterface } from 'node:readline';

package/dist/{run-BDmLH9T8.mjs → run-DWFTrXVF.mjs}

@@ -1158,6 +1158,7 @@ async function registerSessionService(server, sessionId, initialMetadata, initia
           sessionId,
           metadata: { value: metadata, version: metadataVersion }
         });
+        callbacks.onSharingUpdate?.(newSharing);
         return { success: true, sharing: newSharing };
       },
       /** Update security context and restart the agent process with new rules */
@@ -5411,10 +5412,6 @@ async function startDaemon(options) {
           securityContext: options2.securityContext,
           tags: options2.tags,
           parentSessionId: options2.parentSessionId,
-          ...options2.parentSessionId && (() => {
-            const parentTracked = Array.from(pidToTrackedSession.values()).find((t) => t.svampSessionId === options2.parentSessionId);
-            return parentTracked?.directory ? { parentSessionPath: parentTracked.directory } : {};
-          })(),
           ...options2.injectPlatformGuidance !== void 0 && { injectPlatformGuidance: options2.injectPlatformGuidance }
         };
         let claudeProcess = null;
@@ -6218,6 +6215,23 @@ The automated loop has finished. Review the progress above and let me know if yo
               sessionMetadata = { ...sessionMetadata, securityContext: newSecurityContext };
               return await restartClaudeHandler();
             },
+            onSharingUpdate: (newSharing) => {
+              logger.log(`[Session ${sessionId}] Sharing config updated \u2014 persisting to disk`);
+              sessionMetadata = { ...sessionMetadata, sharing: newSharing };
+              if (!trackedSession.stopped) {
+                saveSession({
+                  sessionId,
+                  directory,
+                  claudeResumeId,
+                  permissionMode: currentPermissionMode,
+                  spawnMeta: lastSpawnMeta,
+                  metadata: sessionMetadata,
+                  createdAt: Date.now(),
+                  machineId,
+                  wasProcessing: sessionWasProcessing
+                });
+              }
+            },
             onApplySystemPrompt: async (prompt) => {
               logger.log(`[Session ${sessionId}] System prompt update requested \u2014 restarting agent`);
               lastSpawnMeta = { ...lastSpawnMeta, appendSystemPrompt: prompt };
@@ -6609,6 +6623,10 @@ The automated loop has finished. Review the progress above and let me know if yo
               sessionMetadata = { ...sessionMetadata, securityContext: newSecurityContext };
               return { success: false, message: "Security context updates with restart are not yet supported for this agent type." };
             },
+            onSharingUpdate: (newSharing) => {
+              logger.log(`[${agentName} Session ${sessionId}] Sharing config updated \u2014 persisting in-memory`);
+              sessionMetadata = { ...sessionMetadata, sharing: newSharing };
+            },
             onApplySystemPrompt: async () => {
               return { success: false, message: "System prompt updates with restart are not yet supported for this agent type." };
             },

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "svamp-cli",
-  "version": "0.1.66",
-  "description": "Svamp CLI \u2014 AI workspace daemon on Hypha Cloud",
+  "version": "0.1.68",
+  "description": "Svamp CLI — AI workspace daemon on Hypha Cloud",
   "author": "Amun AI AB",
   "license": "SEE LICENSE IN LICENSE",
   "type": "module",

package/dist/storageCommands-CKhntx1P.mjs

@@ -1,154 +0,0 @@
-import { getSandboxEnv } from './api-BRbsyqJ4.mjs';
-
-async function adminFetch(path, method = "GET", body) {
-  const env = getSandboxEnv();
-  if (!env.apiKey) {
-    throw new Error('No API credentials. Run "svamp login" or set SANDBOX_API_KEY.');
-  }
-  const url = `${env.apiUrl.replace(/\/+$/, "")}${path}`;
-  const res = await fetch(url, {
-    method,
-    headers: {
-      "Authorization": `Bearer ${env.apiKey}`,
-      "Content-Type": "application/json"
-    },
-    ...{}
-  });
-  if (!res.ok) {
-    const text = await res.text().catch(() => "");
-    throw new Error(`HTTP ${res.status} ${method} ${path}: ${text}`);
-  }
-  return res.json();
-}
-function fmtAge(ts) {
-  if (!ts) return "?";
-  try {
-    const dt = /^\d+$/.test(ts) ? new Date(parseInt(ts, 10) * 1e3) : new Date(ts);
-    const secs = (Date.now() - dt.getTime()) / 1e3;
-    const d = Math.floor(secs / 86400);
-    const h = Math.floor(secs % 86400 / 3600);
-    return d > 0 ? `${d}d ${h}h ago` : `${h}h ago`;
-  } catch {
-    return ts;
-  }
-}
-function pad(s, n) {
-  return s.length >= n ? s : s + " ".repeat(n - s.length);
-}
-async function storageList() {
-  const data = await adminFetch("/admin/storage/pvcs");
-  const pvcs = data.pvcs ?? [];
-  if (!pvcs.length) {
-    console.log("No managed PVCs found.");
-    return;
-  }
-  console.log("");
-  console.log(`${pad("NAMESPACE", 36)}${pad("SIZE", 9)}${pad("STATUS", 9)}${pad("CREATED", 20)}ORPHANED`);
-  console.log("\u2500".repeat(90));
-  for (const p of pvcs.sort((a, b) => a.namespace.localeCompare(b.namespace))) {
-    const orphan = p.orphaned_at ? `\u26A0  ${fmtAge(p.orphaned_at)}` : "\u2014";
-    console.log(`${pad(p.namespace, 36)}${pad(p.capacity ?? "?", 9)}${pad(p.status ?? "?", 9)}${pad(fmtAge(p.created_at), 20)}${orphan}`);
-  }
-  console.log(`
-Total: ${data.count} PVC(s)`);
-}
-async function storageOrphans(mark = false) {
-  const data = await adminFetch(`/admin/orphaned-pvcs?dry_run=${mark ? "false" : "true"}`);
-  const orphans = data.orphaned_pvcs ?? [];
-  if (!orphans.length) {
-    console.log("\u2705  No orphaned PVCs found.");
-    return;
-  }
-  console.log(`
-\u26A0   ${orphans.length} orphaned PVC(s) (namespace has no running pods):
-`);
-  console.log(`${pad("NAMESPACE", 36)}${pad("SIZE", 9)}${pad("MARKED", 9)}ORPHANED FOR`);
-  console.log("\u2500".repeat(72));
-  for (const o of orphans) {
-    const age = o.orphaned_for || (o.marked ? "?" : "not marked");
-    console.log(`${pad(o.namespace, 36)}${pad(o.storage ?? "?", 9)}${pad(o.marked ? "yes" : "no", 9)}${age}`);
-  }
-  if (!mark) {
-    console.log("\nTip: pass --mark to start the retention clock on unmarked orphans.");
-  }
-  console.log("\nTo delete: svamp machine storage delete <namespace>");
-}
-async function storageMarkOrphan(namespace) {
-  const data = await adminFetch(`/admin/storage/mark-orphan/${namespace}`, "POST");
-  if (data.marked) {
-    console.log(`\u2705  PVC for '${namespace}' marked as orphaned.`);
-    console.log(`    To delete: svamp machine storage delete ${namespace}`);
-  } else {
-    console.log(`\u2139   PVC for '${namespace}' was already marked or not found.`);
-  }
-}
-async function storageUnmarkOrphan(namespace) {
-  const data = await adminFetch(`/admin/storage/unmark-orphan/${namespace}`, "POST");
-  if (data.unmarked) {
-    console.log(`\u2705  Orphan mark removed from '${namespace}'.`);
-  } else {
-    console.log(`\u2139   PVC for '${namespace}' was not marked or not found.`);
-  }
-}
-async function storageDelete(namespace) {
-  const readline = await import('readline');
-  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-  const ask = (q) => new Promise((res) => rl.question(q, res));
-  try {
-    const data2 = await adminFetch("/admin/storage/pvcs");
-    const pvc = (data2.pvcs ?? []).find((p) => p.namespace === namespace);
-    if (!pvc) {
-      console.error(`No PVC found for namespace '${namespace}'.`);
-      rl.close();
-      process.exit(1);
-    }
-    console.log(`
-\u26A0   Namespace:  ${pvc.namespace}`);
-    console.log(`    Size:       ${pvc.capacity ?? "?"}`);
-    console.log(`    Created:    ${fmtAge(pvc.created_at)}`);
-    if (pvc.orphaned_at) console.log(`    Orphaned:   ${fmtAge(pvc.orphaned_at)}`);
-  } catch {
-  }
-  console.log("\n\u26A0   PERMANENTLY deleting this PVC will IRREVERSIBLY destroy all user data.\n");
-  const a1 = (await ask(`Type the namespace name to confirm: `)).trim();
-  if (a1 !== namespace) {
-    console.log("Confirmation mismatch \u2014 aborted.");
-    rl.close();
-    return;
-  }
-  const a2 = (await ask(`Type it again to double-confirm: `)).trim();
-  rl.close();
-  if (a2 !== namespace) {
-    console.log("Confirmation mismatch \u2014 aborted.");
-    return;
-  }
-  const data = await adminFetch(`/admin/storage/pvc/${namespace}`, "DELETE");
-  if (data.deleted) {
-    console.log(`\u2705  PVC for '${namespace}' permanently deleted.`);
-  } else {
-    console.log(`\u2139   PVC for '${namespace}' was not found or already deleted.`);
-  }
-}
-function printStorageHelp() {
-  console.log(`
-svamp machine storage \u2014 sandbox PVC lifecycle management (admin only)
-
-Usage:
-  svamp machine storage list                  List all PVCs with status
-  svamp machine storage orphans [--mark]      Show PVCs with no active namespace
-  svamp machine storage mark-orphan <ns>      Flag a PVC as orphaned (no deletion)
-  svamp machine storage unmark-orphan <ns>    Remove orphan flag
-  svamp machine storage delete <ns>           Permanently delete a PVC (double confirmation)
-
-Environment:
-  SANDBOX_API_URL   Sandbox API base URL (default: https://agent-sandbox.aicell.io)
-  SANDBOX_API_KEY   Admin API key (or use HYPHA_TOKEN from svamp login)
-
-Safety rules:
-  - Automated systems NEVER delete PVCs
-  - delete requires typing the namespace name twice
-  - delete checks for running pods and refuses if any are active
-`);
-}
-
-export { printStorageHelp, storageDelete, storageList, storageMarkOrphan, storageOrphans, storageUnmarkOrphan };