svamp-cli 0.1.76 → 0.1.78

package/dist/{commands-CADr1mQg.mjs → commands-BYbuedOK.mjs}

@@ -296,7 +296,7 @@ Service is live:`);
       }
     } else {
       console.log(`No SANDBOX_ID detected \u2014 starting reverse tunnel.`);
-      const { runTunnel } = await import('./tunnel-C2kqST5d.mjs');
+      const { runTunnel } = await import('./tunnel-BDKdemh0.mjs');
       await runTunnel(name, ports);
     }
   } catch (err) {
@@ -320,7 +320,7 @@ async function serviceServe(args) {
   if (subdomain) validateSubdomain(subdomain);
   const healthInterval = healthIntervalStr ? parseInt(healthIntervalStr, 10) : void 0;
   try {
-    const { startStaticServer } = await import('./staticServer-B-S9sl6E.mjs');
+    const { startStaticServer } = await import('./staticServer-CWcmMF5V.mjs');
     const resolvedDir = require("path").resolve(directory);
     console.log(`Serving ${resolvedDir}`);
     const staticServer = await startStaticServer({
@@ -345,7 +345,7 @@ Serving ${resolvedDir}:`);
       }
     } else {
       console.log(`No SANDBOX_ID detected \u2014 starting reverse tunnel.`);
-      const { runTunnel } = await import('./tunnel-C2kqST5d.mjs');
+      const { runTunnel } = await import('./tunnel-BDKdemh0.mjs');
       await runTunnel(name, ports);
     }
     const cleanup = () => {
@@ -367,7 +367,7 @@ async function serviceTunnel(args) {
     console.error("Usage: svamp service tunnel <name> --port <port> [--port <port2>]");
     process.exit(1);
   }
-  const { runTunnel } = await import('./tunnel-C2kqST5d.mjs');
+  const { runTunnel } = await import('./tunnel-BDKdemh0.mjs');
   await runTunnel(name, ports);
 }
 async function handleServiceCommand() {

package/dist/{commands-7Iw1nFwf.mjs → commands-Cf3mXxPZ.mjs}

@@ -1,11 +1,11 @@
 import { writeFileSync, readFileSync } from 'fs';
 import { resolve } from 'path';
-import { connectAndGetMachine } from './commands-lJ8V7MJE.mjs';
+import { connectAndGetMachine } from './commands-B6FEeZeP.mjs';
 import 'node:fs';
 import 'node:child_process';
 import 'node:path';
 import 'node:os';
-import './run-BnFGIK0c.mjs';
+import './run-DsXDjwLW.mjs';
 import 'os';
 import 'fs/promises';
 import 'url';

package/dist/index.mjs

@@ -1,4 +1,4 @@
-export { c as connectToHypha, d as daemonStatus, g as getHyphaServerUrl, r as registerMachineService, a as registerSessionService, s as startDaemon, b as stopDaemon } from './run-BnFGIK0c.mjs';
+export { c as connectToHypha, d as daemonStatus, g as getHyphaServerUrl, r as registerMachineService, a as registerSessionService, s as startDaemon, b as stopDaemon } from './run-DsXDjwLW.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';

package/dist/{package-Dpz1MLO4.mjs → package-DTOqWYBv.mjs}

@@ -1,5 +1,5 @@
 var name = "svamp-cli";
-var version = "0.1.76";
+var version = "0.1.78";
 var description = "Svamp CLI — AI workspace daemon on Hypha Cloud";
 var author = "Amun AI AB";
 var license = "SEE LICENSE IN LICENSE";
@@ -29,7 +29,7 @@ var dependencies = {
 	"@agentclientprotocol/sdk": "^0.14.1",
 	"@modelcontextprotocol/sdk": "^1.25.3",
 	"hypha-rpc": "0.21.34",
-	"node-pty": "^1.1.0",
+	"node-pty": "1.2.0-beta.11",
 	ws: "^8.18.0",
 	yaml: "^2.8.2",
 	zod: "^3.24.4"

package/dist/{run-B29grSMh.mjs → run-DqvxMsWh.mjs}

@@ -2,7 +2,7 @@ import{createRequire as _pkgrollCR}from"node:module";const require=_pkgrollCR(im
 import os from 'node:os';
 import { join, resolve } from 'node:path';
 import { mkdirSync, writeFileSync, existsSync, unlinkSync, readFileSync, watch } from 'node:fs';
-import { c as connectToHypha, a as registerSessionService } from './run-BnFGIK0c.mjs';
+import { c as connectToHypha, a as registerSessionService } from './run-DsXDjwLW.mjs';
 import { createServer } from 'node:http';
 import { spawn } from 'node:child_process';
 import { createInterface } from 'node:readline';

package/dist/{run-BnFGIK0c.mjs → run-DsXDjwLW.mjs}

@@ -309,18 +309,6 @@ async function getPtyModule() {
 function generateTerminalId() {
   return `term-${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 8)}`;
 }
-const ALLOWED_CONTROL_CHARS = /* @__PURE__ */ new Set([7, 8, 9, 10, 11, 12, 13, 27]);
-function filterForXterm(text) {
-  if (!text) return text;
-  let result = "";
-  for (let i = 0; i < text.length; i++) {
-    const code = text.charCodeAt(i);
-    if (code >= 32 && code <= 126 || ALLOWED_CONTROL_CHARS.has(code) || code > 127) {
-      result += text[i];
-    }
-  }
-  return result;
-}
 function getMachineMetadataPath(svampHomeDir) {
   return join(svampHomeDir, "machine-metadata.json");
 }
@@ -705,13 +693,25 @@ async function registerMachineService(server, machineId, metadata, daemonState,
         const cwd = params.cwd || getHomedir();
         const shell = params.shell || process.env.SHELL || "bash";
         const sessionId = generateTerminalId();
+        const cleanEnv = { ...process.env };
+        const claudeEnvVars = Object.keys(cleanEnv).filter(
+          (k) => k.startsWith("CLAUDE_") || k.startsWith("MCP_") || k === "ANTHROPIC_API_KEY"
+        );
+        for (const k of claudeEnvVars) delete cleanEnv[k];
         const ptyProcess = pty.spawn(shell, [], {
           name: "xterm-256color",
           cols,
           rows,
           cwd,
-          env: { ...process.env, TERM: "xterm-256color" }
+          env: {
+            ...cleanEnv,
+            TERM: "xterm-256color"
+          }
         });
+        if (shell.endsWith("zsh")) {
+          ptyProcess.write("unsetopt PROMPT_SP\n");
+          ptyProcess.write("clear\n");
+        }
         const session = {
           id: sessionId,
           pty: ptyProcess,
@@ -723,21 +723,30 @@ async function registerMachineService(server, machineId, metadata, daemonState,
           cwd
         };
         terminalSessions.set(sessionId, session);
-        ptyProcess.onData((data) => {
-          const filtered = filterForXterm(data);
-          if (!filtered) return;
-          session.outputBuffer.push(filtered);
+        let outputBatch = "";
+        let outputTimer = null;
+        const flushOutput = () => {
+          outputTimer = null;
+          if (!outputBatch) return;
+          const batch = outputBatch;
+          outputBatch = "";
+          session.outputBuffer.push(batch);
           if (session.outputBuffer.length > 1e3) {
             session.outputBuffer.splice(0, session.outputBuffer.length - 500);
           }
           try {
             server.emit({
               type: "svamp:terminal-output",
-              data: { type: "output", content: filtered, sessionId },
+              data: { type: "output", content: batch, sessionId },
               to: "*"
             });
           } catch {
           }
+        };
+        ptyProcess.onData((data) => {
+          if (!data) return;
+          outputBatch += data;
+          if (!outputTimer) outputTimer = setTimeout(flushOutput, 16);
         });
         ptyProcess.onExit(({ exitCode, signal }) => {
           session.exited = true;
@@ -751,6 +760,11 @@ async function registerMachineService(server, machineId, metadata, daemonState,
             });
           } catch {
           }
+          setTimeout(() => {
+            if (terminalSessions.has(sessionId)) {
+              terminalSessions.delete(sessionId);
+            }
+          }, 6e4);
         });
         return { sessionId, cols, rows };
       },
@@ -792,12 +806,15 @@ async function registerMachineService(server, machineId, metadata, daemonState,
         }
         return result;
       },
-      /** Stop (kill) a terminal session. */
+      /** Stop (kill) a terminal session. Idempotent — returns success even if already gone. */
       terminalStop: async (params, context) => {
         authorizeRequest(context, currentMetadata.sharing, "admin");
         const session = terminalSessions.get(params.sessionId);
-        if (!session) throw new Error(`Terminal session ${params.sessionId} not found`);
-        session.pty.kill();
+        if (!session) return { success: true };
+        try {
+          session.pty.kill();
+        } catch {
+        }
         terminalSessions.delete(params.sessionId);
         return { success: true };
       },
@@ -813,6 +830,19 @@ async function registerMachineService(server, machineId, metadata, daemonState,
           exited: s.exited
         }));
       },
+      /** Reattach to an existing terminal session. Returns buffered output for scrollback replay. */
+      terminalReattach: async (params, context) => {
+        authorizeRequest(context, currentMetadata.sharing, "admin");
+        const session = terminalSessions.get(params.sessionId);
+        if (!session) throw new Error(`Terminal session ${params.sessionId} not found`);
+        const scrollback = session.outputBuffer.join("");
+        if (params.cols && params.rows) {
+          session.pty.resize(params.cols, params.rows);
+          session.cols = params.cols;
+          session.rows = params.rows;
+        }
+        return { sessionId: session.id, cols: session.cols, rows: session.rows, scrollback, exited: session.exited };
+      },
       // Machine-level directory listing (read-only, view role)
       listDirectory: async (path, options, context) => {
         authorizeRequest(context, currentMetadata.sharing, "view");
@@ -944,6 +974,48 @@ async function registerMachineService(server, machineId, metadata, daemonState,
         const { deleteServiceGroup } = await import('./api-BRbsyqJ4.mjs');
         return deleteServiceGroup(params.name);
       },
+      // ── Tunnel management ────────────────────────────────────────────
+      /** Start a reverse tunnel for a service group (local/cloud machine). */
+      tunnelStart: async (params, context) => {
+        authorizeRequest(context, currentMetadata.sharing, "admin");
+        const tunnels = handlers.tunnels;
+        if (!tunnels) throw new Error("Tunnel management not available");
+        if (tunnels.has(params.name)) throw new Error(`Tunnel '${params.name}' already running`);
+        const { TunnelClient } = await import('./tunnel-BDKdemh0.mjs');
+        const client = new TunnelClient({
+          name: params.name,
+          ports: params.ports,
+          maxReconnectAttempts: 0,
+          // infinite for daemon
+          onError: (err) => console.error(`[TUNNEL] ${params.name}: ${err.message}`),
+          onConnect: () => console.log(`[TUNNEL] ${params.name}: connected`),
+          onDisconnect: () => console.log(`[TUNNEL] ${params.name}: disconnected, reconnecting...`)
+        });
+        await client.connect();
+        tunnels.set(params.name, client);
+        return { name: params.name, ports: params.ports, ...client.status };
+      },
+      /** Stop a tunnel. */
+      tunnelStop: async (params, context) => {
+        authorizeRequest(context, currentMetadata.sharing, "admin");
+        const tunnels = handlers.tunnels;
+        if (!tunnels) throw new Error("Tunnel management not available");
+        const client = tunnels.get(params.name);
+        if (!client) throw new Error(`Tunnel '${params.name}' not found`);
+        client.destroy();
+        tunnels.delete(params.name);
+        return { name: params.name, stopped: true };
+      },
+      /** List active tunnels with health status. */
+      tunnelList: async (context) => {
+        authorizeRequest(context, currentMetadata.sharing, "view");
+        const tunnels = handlers.tunnels;
+        if (!tunnels) return [];
+        return Array.from(tunnels.entries()).map(([name, client]) => ({
+          name,
+          ...client.status
+        }));
+      },
       // WISE voice — create ephemeral token for OpenAI Realtime API
       wiseCreateEphemeralToken: async (params, context) => {
         authorizeRequest(context, currentMetadata.sharing, "interact");
@@ -1350,10 +1422,10 @@ function createSessionStore(server, sessionId, initialMetadata, initialAgentStat
       if (!callbacks.onListDirectory) throw new Error("listDirectory not supported");
       return await callbacks.onListDirectory(path);
     },
-    bash: async (command, cwd, context) => {
+    bash: async (command, cwd, timeout, context) => {
       authorizeRequest(context, metadata.sharing, "admin");
       if (!callbacks.onBash) throw new Error("bash not supported");
-      return await callbacks.onBash(command, cwd);
+      return await callbacks.onBash(command, cwd, timeout);
     },
     ripgrep: async (args, cwd, context) => {
       authorizeRequest(context, metadata.sharing, "admin");
@@ -1399,7 +1471,8 @@ function createSessionStore(server, sessionId, initialMetadata, initialAgentStat
       callbacks.onSharingUpdate?.(newSharing);
       return { success: true, sharing: newSharing };
     },
-    /** Update security context and restart the agent process with new rules */
+    /** Update security context and restart the agent process with new rules.
+     *  Pass '__disable__' sentinel (from frontend) or null to disable isolation entirely. */
     updateSecurityContext: async (newSecurityContext, context) => {
       authorizeRequest(context, metadata.sharing, "admin");
       if (metadata.sharing && context?.user?.email && metadata.sharing.owner && context.user.email.toLowerCase() !== metadata.sharing.owner.toLowerCase()) {
@@ -1408,14 +1481,15 @@ function createSessionStore(server, sessionId, initialMetadata, initialAgentStat
       if (!callbacks.onUpdateSecurityContext) {
         throw new Error("Security context updates are not supported for this session");
       }
-      metadata = { ...metadata, securityContext: newSecurityContext };
+      const resolvedContext = newSecurityContext === "__disable__" ? null : newSecurityContext;
+      metadata = { ...metadata, securityContext: resolvedContext };
       metadataVersion++;
       notifyListeners({
         type: "update-session",
         sessionId,
         metadata: { value: metadata, version: metadataVersion }
       });
-      return await callbacks.onUpdateSecurityContext(newSecurityContext);
+      return await callbacks.onUpdateSecurityContext(resolvedContext);
     },
     /** Apply a new system prompt and restart the agent process */
     applySystemPrompt: async (prompt, context) => {
@@ -5629,6 +5703,7 @@ async function startDaemon(options) {
   let server = null;
   const supervisor = new ProcessSupervisor(join(SVAMP_HOME, "processes"));
   await supervisor.init();
+  const tunnels = /* @__PURE__ */ new Map();
   ensureAutoInstalledSkills(logger).catch(() => {
   });
   preventMachineSleep(logger);
@@ -5749,6 +5824,7 @@ async function startDaemon(options) {
           });
         }, buildIsolationConfig2 = function(dir) {
           if (!options2.forceIsolation && !sessionMetadata.sharing?.enabled) return null;
+          if (sessionMetadata.securityContext === null) return null;
           const method = isolationCapabilities.preferred;
           if (!method) return null;
           const detail = isolationCapabilities.details[method];
@@ -5768,7 +5844,7 @@ async function startDaemon(options) {
           if (sessionMetadata.sharing?.enabled && stagedCredentials) {
             config.credentialStagingPath = stagedCredentials.homePath;
           }
-          const activeSecurityContext = sessionMetadata.securityContext || options2.securityContext;
+          const activeSecurityContext = sessionMetadata.securityContext ?? options2.securityContext;
           if (activeSecurityContext) {
             config = applySecurityContext(config, activeSecurityContext);
           }
@@ -6484,6 +6560,7 @@ The automated loop has finished. Review the progress above and let me know if yo
             }
             if (claudeResumeId) {
               spawnClaude(void 0, { permissionMode: currentPermissionMode });
+              sessionService.updateMetadata(sessionMetadata);
               logger.log(`[Session ${sessionId}] Claude respawned with --resume ${claudeResumeId}`);
               return { success: true, message: "Claude process restarted successfully." };
             } else {
@@ -6737,11 +6814,12 @@ The automated loop has finished. Review the progress above and let me know if yo
             onUpdateConfig: (patch) => {
               writeSvampConfigPatch(patch);
             },
-            onBash: async (command, cwd) => {
-              logger.log(`[Session ${sessionId}] Bash: ${command} (cwd: ${cwd || directory})`);
+            onBash: async (command, cwd, timeout) => {
+              const execTimeout = timeout || 12e4;
+              logger.log(`[Session ${sessionId}] Bash: ${command} (cwd: ${cwd || directory}, timeout: ${execTimeout}ms)`);
               const { exec } = await import('child_process');
               return new Promise((resolve2) => {
-                exec(command, { cwd: cwd || directory, timeout: 3e4, maxBuffer: 1024 * 1024 }, (err, stdout, stderr) => {
+                exec(command, { cwd: cwd || directory, timeout: execTimeout, maxBuffer: 1024 * 1024 }, (err, stdout, stderr) => {
                   if (err) {
                     resolve2({ success: false, stdout: stdout || "", stderr: stderr || err.message, exitCode: err.code ?? 1 });
                   } else {
@@ -7170,10 +7248,11 @@ The automated loop has finished. Review the progress above and let me know if yo
             onUpdateConfig: (patch) => {
               writeSvampConfigPatchAcp(patch);
             },
-            onBash: async (command, cwd) => {
+            onBash: async (command, cwd, timeout) => {
+              const execTimeout = timeout || 12e4;
               const { exec } = await import('child_process');
               return new Promise((resolve2) => {
-                exec(command, { cwd: cwd || directory, timeout: 3e4, maxBuffer: 1024 * 1024 }, (err, stdout, stderr) => {
+                exec(command, { cwd: cwd || directory, timeout: execTimeout, maxBuffer: 1024 * 1024 }, (err, stdout, stderr) => {
                   if (err) {
                     resolve2({ success: false, stdout: stdout || "", stderr: stderr || err.message, exitCode: err.code ?? 1 });
                   } else {
@@ -7624,7 +7703,8 @@ The automated loop has finished. Review the progress above and let me know if yo
           }
           return ids;
         },
-        supervisor
+        supervisor,
+        tunnels
       }
     );
     logger.log(`Machine service registered: svamp-machine-${machineId}`);
@@ -8003,6 +8083,11 @@ The automated loop has finished. Review the progress above and let me know if yo
       }
       await supervisor.stopAll().catch(() => {
       });
+      for (const [name, client] of tunnels) {
+        client.destroy();
+        logger.log(`Tunnel '${name}' destroyed`);
+      }
+      tunnels.clear();
       artifactSync.destroy();
       try {
         await server.disconnect();
@@ -8033,33 +8118,97 @@ The automated loop has finished. Review the progress above and let me know if yo
   }
 }
 async function stopDaemon(options) {
+  const signal = options?.cleanup ? "SIGUSR1" : "SIGTERM";
+  const mode = options?.cleanup ? "cleanup (sessions will be stopped)" : "quick (sessions preserved for auto-restore)";
+  const pidsToSignal = [];
+  const supervisorPidFile = join(SVAMP_HOME, "supervisor.pid");
+  try {
+    if (existsSync$1(supervisorPidFile)) {
+      const supervisorPid = parseInt(readFileSync$1(supervisorPidFile, "utf-8").trim(), 10);
+      if (supervisorPid && !isNaN(supervisorPid)) {
+        try {
+          process.kill(supervisorPid, 0);
+          pidsToSignal.push(supervisorPid);
+        } catch {
+        }
+      }
+    }
+  } catch {
+  }
   const state = readDaemonStateFile();
-  if (!state) {
+  if (state) {
+    try {
+      process.kill(state.pid, 0);
+      if (!pidsToSignal.includes(state.pid)) {
+        pidsToSignal.push(state.pid);
+      }
+    } catch {
+    }
+  }
+  if (pidsToSignal.length === 0) {
+    try {
+      const { execSync } = await import('child_process');
+      const pgrepOutput = execSync(
+        'pgrep -f "svamp daemon start-(supervised|sync)" 2>/dev/null || true',
+        { encoding: "utf-8" }
+      ).trim();
+      if (pgrepOutput) {
+        for (const line of pgrepOutput.split("\n")) {
+          const pid = parseInt(line.trim(), 10);
+          if (pid && !isNaN(pid) && pid !== process.pid) {
+            pidsToSignal.push(pid);
+          }
+        }
+      }
+    } catch {
+    }
+  }
+  if (pidsToSignal.length === 0) {
     console.log("No daemon running");
+    cleanupDaemonStateFile();
     return;
   }
-  const signal = options?.cleanup ? "SIGUSR1" : "SIGTERM";
-  const mode = options?.cleanup ? "cleanup (sessions will be stopped)" : "quick (sessions preserved for auto-restore)";
-  try {
-    process.kill(state.pid, 0);
-    process.kill(state.pid, signal);
-    console.log(`Sent ${signal} to daemon PID ${state.pid} \u2014 ${mode}`);
-    for (let i = 0; i < 100; i++) {
-      await new Promise((r) => setTimeout(r, 100));
+  for (const pid of pidsToSignal) {
+    try {
+      process.kill(pid, signal);
+      console.log(`Sent ${signal} to PID ${pid} \u2014 ${mode}`);
+    } catch {
+      console.log(`PID ${pid} already gone`);
+    }
+  }
+  pidsToSignal[0];
+  for (let i = 0; i < 100; i++) {
+    await new Promise((r) => setTimeout(r, 100));
+    const anyAlive = pidsToSignal.some((pid) => {
       try {
-        process.kill(state.pid, 0);
+        process.kill(pid, 0);
+        return true;
+      } catch {
+        return false;
+      }
+    });
+    if (!anyAlive) {
+      console.log("Daemon stopped");
+      cleanupDaemonStateFile();
+      try {
+        if (existsSync$1(supervisorPidFile)) await import('fs').then((fs2) => fs2.promises.unlink(supervisorPidFile));
       } catch {
-        console.log("Daemon stopped");
-        cleanupDaemonStateFile();
-        return;
       }
+      return;
+    }
+  }
+  console.log("Daemon did not stop in time, sending SIGKILL");
+  for (const pid of pidsToSignal) {
+    try {
+      process.kill(pid, "SIGKILL");
+    } catch {
     }
-    console.log("Daemon did not stop in time, sending SIGKILL");
-    process.kill(state.pid, "SIGKILL");
-  } catch {
-    console.log("Daemon is not running (stale state file)");
   }
   cleanupDaemonStateFile();
+  try {
+    if (existsSync$1(supervisorPidFile)) await import('fs').then((fs2) => fs2.promises.unlink(supervisorPidFile));
+  } catch {
+  }
 }
 function daemonStatus() {
   const state = readDaemonStateFile();