svamp-cli 0.2.37 → 0.2.38

package/dist/{agentCommands-C88l82pM.mjs → agentCommands-Djr_xWX-.mjs}

@@ -148,7 +148,7 @@ async function sessionBroadcast(action, args) {
   console.log(`Broadcast sent: ${action}`);
 }
 async function connectToMachineService() {
-  const { connectAndGetMachine } = await import('./commands-CrTDsMDZ.mjs');
+  const { connectAndGetMachine } = await import('./commands-B8Q1ig7j.mjs');
   return connectAndGetMachine();
 }
 async function inboxSend(targetSessionId, opts) {
@@ -165,7 +165,7 @@ async function inboxSend(targetSessionId, opts) {
   }
   const { server, machine } = await connectToMachineService();
   try {
-    const { resolveSessionId } = await import('./commands-CrTDsMDZ.mjs');
+    const { resolveSessionId } = await import('./commands-B8Q1ig7j.mjs');
     const sessions = await machine.listSessions();
     const match = resolveSessionId(sessions, targetSessionId);
     const fullTargetId = match.sessionId;

package/dist/cli.mjs

@@ -1,4 +1,4 @@
-import { s as startDaemon, b as stopDaemon, d as daemonStatus } from './run-Dz0TkCj6.mjs';
+import { s as startDaemon, b as stopDaemon, d as daemonStatus } from './run-D-1qvfLH.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';
@@ -36,7 +36,7 @@ async function main() {
     await logoutFromHypha();
   } else if (subcommand === "daemon") {
     if (daemonSubcommand === "restart") {
-      const { restartDaemon } = await import('./run-Dz0TkCj6.mjs').then(function (n) { return n.k; });
+      const { restartDaemon } = await import('./run-D-1qvfLH.mjs').then(function (n) { return n.k; });
       await restartDaemon();
       process.exit(0);
     }
@@ -82,10 +82,11 @@ async function main() {
       process.exit(0);
     } else if (daemonSubcommand === "start-supervised") {
       const { spawn: spawnChild } = await import('child_process');
-      const { appendFileSync, mkdirSync, existsSync: fsExists } = await import('fs');
+      const { appendFileSync, mkdirSync } = await import('fs');
       const { join: pathJoin } = await import('path');
       const osModule = await import('os');
       const svampHome = process.env.SVAMP_HOME || pathJoin(osModule.homedir(), ".svamp");
+      mkdirSync(svampHome, { recursive: true });
       const logsDir = pathJoin(svampHome, "logs");
       mkdirSync(logsDir, { recursive: true });
       const logFile = pathJoin(logsDir, "daemon-supervised.log");
@@ -97,13 +98,27 @@ async function main() {
         } catch {
         }
       };
+      const {
+        acquireSupervisorLockWithRetry,
+        releaseSupervisorLock,
+        findOrphanedSyncPids,
+        killOrphanedSyncs
+      } = await import('./supervisorLock-DwNAn0VN.mjs');
       const supervisorPidFile = pathJoin(svampHome, "supervisor.pid");
+      const lock = acquireSupervisorLockWithRetry(supervisorPidFile, process.pid);
+      if (!lock.acquired) {
+        log(`Another supervisor is already running (PID ${lock.heldBy}) \u2014 exiting`);
+        console.error(`svamp daemon: another supervisor is already running (PID ${lock.heldBy}).`);
+        process.exit(0);
+      }
       try {
-        appendFileSync(supervisorPidFile, "");
-      } catch {
+        const orphans = findOrphanedSyncPids(process.pid);
+        if (orphans.length > 0) {
+          await killOrphanedSyncs(orphans, { log, gracePeriodMs: 3e3 });
+        }
+      } catch (err) {
+        log(`Orphan scan failed (non-fatal): ${err?.message || err}`);
       }
-      const { writeFileSync: wfs } = await import('fs');
-      wfs(supervisorPidFile, String(process.pid), "utf-8");
       const extraSyncArgs = [];
       if (args.includes("--no-auto-continue")) extraSyncArgs.push("--no-auto-continue");
       const BASE_DELAY_MS = 2e3;
@@ -188,11 +203,7 @@ async function main() {
           setTimeout(() => clearInterval(checkStop), delay + 100);
         });
       }
-      try {
-        const { unlinkSync: us } = await import('fs');
-        us(supervisorPidFile);
-      } catch {
-      }
+      releaseSupervisorLock(supervisorPidFile, process.pid);
       process.exit(0);
     } else if (daemonSubcommand === "start-sync") {
       const noAutoContinue = args.includes("--no-auto-continue");
@@ -246,7 +257,7 @@ async function main() {
       console.error("svamp serve: Serve commands are not available in sandboxed sessions.");
       process.exit(1);
     }
-    const { handleServeCommand } = await import('./serveCommands-FnBtBifV.mjs');
+    const { handleServeCommand } = await import('./serveCommands-B2vQJyUt.mjs');
     await handleServeCommand();
     process.exit(0);
   } else if (subcommand === "process" || subcommand === "proc") {
@@ -255,7 +266,7 @@ async function main() {
       console.error("svamp process: Process commands are not available in sandboxed sessions.");
       process.exit(1);
     }
-    const { processCommand } = await import('./commands-Dz_JXrcs.mjs');
+    const { processCommand } = await import('./commands-BpW-hioi.mjs');
     let machineId;
     const processArgs = args.slice(1);
     const mIdx = processArgs.findIndex((a) => a === "--machine" || a === "-m");
@@ -273,7 +284,7 @@ async function main() {
   } else if (!subcommand || subcommand === "start") {
     await handleInteractiveCommand();
   } else if (subcommand === "--version" || subcommand === "-v") {
-    const pkg = await import('./package-DRX_LQ92.mjs').catch(() => ({ default: { version: "unknown" } }));
+    const pkg = await import('./package-CcU8sNV_.mjs').catch(() => ({ default: { version: "unknown" } }));
     console.log(`svamp version: ${pkg.default.version}`);
   } else {
     console.error(`Unknown command: ${subcommand}`);
@@ -282,7 +293,7 @@ async function main() {
   }
 }
 async function handleInteractiveCommand() {
-  const { runInteractive } = await import('./run-BckEhiLq.mjs');
+  const { runInteractive } = await import('./run-BStlzTCG.mjs');
   const interactiveArgs = subcommand === "start" ? args.slice(1) : args;
   let directory = process.cwd();
   let resumeSessionId;
@@ -327,7 +338,7 @@ async function handleAgentCommand() {
     return;
   }
   if (agentArgs[0] === "list") {
-    const { KNOWN_ACP_AGENTS, KNOWN_MCP_AGENTS: KNOWN_MCP_AGENTS2 } = await import('./run-Dz0TkCj6.mjs').then(function (n) { return n.i; });
+    const { KNOWN_ACP_AGENTS, KNOWN_MCP_AGENTS: KNOWN_MCP_AGENTS2 } = await import('./run-D-1qvfLH.mjs').then(function (n) { return n.i; });
     console.log("Known agents:");
     for (const [name, config2] of Object.entries(KNOWN_ACP_AGENTS)) {
       console.log(`  ${name.padEnd(12)} ${config2.command} ${config2.args.join(" ")}  (ACP)`);
@@ -339,7 +350,7 @@ async function handleAgentCommand() {
     console.log('Use "svamp agent -- <command> [args]" for a custom ACP agent.');
     return;
   }
-  const { resolveAcpAgentConfig, KNOWN_MCP_AGENTS } = await import('./run-Dz0TkCj6.mjs').then(function (n) { return n.i; });
+  const { resolveAcpAgentConfig, KNOWN_MCP_AGENTS } = await import('./run-D-1qvfLH.mjs').then(function (n) { return n.i; });
   let cwd = process.cwd();
   const filteredArgs = [];
   for (let i = 0; i < agentArgs.length; i++) {
@@ -363,12 +374,12 @@ async function handleAgentCommand() {
   console.log(`Starting ${config.agentName} agent in ${cwd}...`);
   let backend;
   if (KNOWN_MCP_AGENTS[config.agentName]) {
-    const { CodexMcpBackend } = await import('./run-Dz0TkCj6.mjs').then(function (n) { return n.j; });
+    const { CodexMcpBackend } = await import('./run-D-1qvfLH.mjs').then(function (n) { return n.j; });
     backend = new CodexMcpBackend({ cwd, log: logFn });
   } else {
-    const { AcpBackend } = await import('./run-Dz0TkCj6.mjs').then(function (n) { return n.h; });
-    const { GeminiTransport } = await import('./run-Dz0TkCj6.mjs').then(function (n) { return n.G; });
-    const { DefaultTransport } = await import('./run-Dz0TkCj6.mjs').then(function (n) { return n.D; });
+    const { AcpBackend } = await import('./run-D-1qvfLH.mjs').then(function (n) { return n.h; });
+    const { GeminiTransport } = await import('./run-D-1qvfLH.mjs').then(function (n) { return n.G; });
+    const { DefaultTransport } = await import('./run-D-1qvfLH.mjs').then(function (n) { return n.D; });
     const transportHandler = config.agentName === "gemini" ? new GeminiTransport() : new DefaultTransport(config.agentName);
     backend = new AcpBackend({
       agentName: config.agentName,
@@ -495,7 +506,7 @@ async function handleSessionCommand() {
       process.exit(1);
     }
   }
-  const { sessionList, sessionSpawn, sessionStop, sessionInfo, sessionMessages, sessionAttach, sessionMachines, sessionSend, sessionWait, sessionShare, sessionRalphStart, sessionRalphCancel, sessionRalphStatus, sessionInboxSend, sessionInboxList, sessionInboxRead, sessionInboxReply, sessionInboxClear } = await import('./commands-CrTDsMDZ.mjs');
+  const { sessionList, sessionSpawn, sessionStop, sessionInfo, sessionMessages, sessionAttach, sessionMachines, sessionSend, sessionWait, sessionShare, sessionRalphStart, sessionRalphCancel, sessionRalphStatus, sessionInboxSend, sessionInboxList, sessionInboxRead, sessionInboxReply, sessionInboxClear } = await import('./commands-B8Q1ig7j.mjs');
   const parseFlagStr = (flag, shortFlag) => {
     for (let i = 1; i < sessionArgs.length; i++) {
       if ((sessionArgs[i] === flag || shortFlag) && i + 1 < sessionArgs.length) {
@@ -555,7 +566,7 @@ async function handleSessionCommand() {
         allowDomain.push(sessionArgs[++i]);
       }
     }
-    const { parseShareArg } = await import('./commands-CrTDsMDZ.mjs');
+    const { parseShareArg } = await import('./commands-B8Q1ig7j.mjs');
     const shareEntries = share.map((s) => parseShareArg(s));
     await sessionSpawn(agent, dir, targetMachineId, {
       message,
@@ -641,7 +652,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session approve <session-id> [request-id] [--json]");
       process.exit(1);
     }
-    const { sessionApprove } = await import('./commands-CrTDsMDZ.mjs');
+    const { sessionApprove } = await import('./commands-B8Q1ig7j.mjs');
     const approveReqId = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
     await sessionApprove(sessionArgs[1], approveReqId, targetMachineId, {
       json: hasFlag("--json")
@@ -651,7 +662,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session deny <session-id> [request-id] [--json]");
       process.exit(1);
     }
-    const { sessionDeny } = await import('./commands-CrTDsMDZ.mjs');
+    const { sessionDeny } = await import('./commands-B8Q1ig7j.mjs');
     const denyReqId = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
     await sessionDeny(sessionArgs[1], denyReqId, targetMachineId, {
       json: hasFlag("--json")
@@ -687,7 +698,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session set-title <title>");
       process.exit(1);
     }
-    const { sessionSetTitle } = await import('./agentCommands-C88l82pM.mjs');
+    const { sessionSetTitle } = await import('./agentCommands-Djr_xWX-.mjs');
     await sessionSetTitle(title);
   } else if (sessionSubcommand === "set-link") {
     const url = sessionArgs[1];
@@ -696,7 +707,7 @@ async function handleSessionCommand() {
       process.exit(1);
     }
     const label = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
-    const { sessionSetLink } = await import('./agentCommands-C88l82pM.mjs');
+    const { sessionSetLink } = await import('./agentCommands-Djr_xWX-.mjs');
     await sessionSetLink(url, label);
   } else if (sessionSubcommand === "notify") {
     const message = sessionArgs[1];
@@ -705,7 +716,7 @@ async function handleSessionCommand() {
       process.exit(1);
     }
     const level = parseFlagStr("--level") || "info";
-    const { sessionNotify } = await import('./agentCommands-C88l82pM.mjs');
+    const { sessionNotify } = await import('./agentCommands-Djr_xWX-.mjs');
     await sessionNotify(message, level);
   } else if (sessionSubcommand === "broadcast") {
     const action = sessionArgs[1];
@@ -713,7 +724,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session broadcast <action> [args...]\nActions: open-canvas <url> [label], close-canvas, toast <message>");
       process.exit(1);
     }
-    const { sessionBroadcast } = await import('./agentCommands-C88l82pM.mjs');
+    const { sessionBroadcast } = await import('./agentCommands-Djr_xWX-.mjs');
     await sessionBroadcast(action, sessionArgs.slice(2).filter((a) => !a.startsWith("--")));
   } else if (sessionSubcommand === "inbox") {
     const inboxSubcmd = sessionArgs[1];
@@ -724,7 +735,7 @@ async function handleSessionCommand() {
         process.exit(1);
       }
       if (agentSessionId) {
-        const { inboxSend } = await import('./agentCommands-C88l82pM.mjs');
+        const { inboxSend } = await import('./agentCommands-Djr_xWX-.mjs');
         await inboxSend(sessionArgs[2], {
           body: sessionArgs[3],
           subject: parseFlagStr("--subject"),
@@ -739,7 +750,7 @@ async function handleSessionCommand() {
       }
     } else if (inboxSubcmd === "list" || inboxSubcmd === "ls") {
       if (agentSessionId && !sessionArgs[2]) {
-        const { inboxList } = await import('./agentCommands-C88l82pM.mjs');
+        const { inboxList } = await import('./agentCommands-Djr_xWX-.mjs');
         await inboxList({
           unread: hasFlag("--unread"),
           limit: parseFlagInt("--limit"),
@@ -761,7 +772,7 @@ async function handleSessionCommand() {
         process.exit(1);
       }
       if (agentSessionId && !sessionArgs[3]) {
-        const { inboxList } = await import('./agentCommands-C88l82pM.mjs');
+        const { inboxList } = await import('./agentCommands-Djr_xWX-.mjs');
         await sessionInboxRead(agentSessionId, sessionArgs[2], targetMachineId);
       } else if (sessionArgs[3]) {
         await sessionInboxRead(sessionArgs[2], sessionArgs[3], targetMachineId);
@@ -771,7 +782,7 @@ async function handleSessionCommand() {
       }
     } else if (inboxSubcmd === "reply") {
       if (agentSessionId && sessionArgs[2] && sessionArgs[3] && !sessionArgs[4]) {
-        const { inboxReply } = await import('./agentCommands-C88l82pM.mjs');
+        const { inboxReply } = await import('./agentCommands-Djr_xWX-.mjs');
         await inboxReply(sessionArgs[2], sessionArgs[3]);
       } else if (sessionArgs[2] && sessionArgs[3] && sessionArgs[4]) {
         await sessionInboxReply(sessionArgs[2], sessionArgs[3], sessionArgs[4], targetMachineId);
@@ -807,7 +818,7 @@ async function handleMachineCommand() {
     return;
   }
   if (machineSubcommand === "share") {
-    const { machineShare } = await import('./commands-CrTDsMDZ.mjs');
+    const { machineShare } = await import('./commands-B8Q1ig7j.mjs');
     let machineId;
     const shareArgs = [];
     for (let i = 1; i < machineArgs.length; i++) {
@@ -837,7 +848,7 @@ async function handleMachineCommand() {
     }
     await machineShare(machineId, { add, remove, list, configPath, showConfig });
   } else if (machineSubcommand === "exec") {
-    const { machineExec } = await import('./commands-CrTDsMDZ.mjs');
+    const { machineExec } = await import('./commands-B8Q1ig7j.mjs');
     let machineId;
     let cwd;
     const cmdParts = [];
@@ -857,7 +868,7 @@ async function handleMachineCommand() {
     }
     await machineExec(machineId, command, cwd);
   } else if (machineSubcommand === "info") {
-    const { machineInfo } = await import('./commands-CrTDsMDZ.mjs');
+    const { machineInfo } = await import('./commands-B8Q1ig7j.mjs');
     let machineId;
     for (let i = 1; i < machineArgs.length; i++) {
       if ((machineArgs[i] === "--machine" || machineArgs[i] === "-m") && i + 1 < machineArgs.length) {
@@ -877,10 +888,10 @@ async function handleMachineCommand() {
         level = machineArgs[++i];
       }
     }
-    const { machineNotify } = await import('./agentCommands-C88l82pM.mjs');
+    const { machineNotify } = await import('./agentCommands-Djr_xWX-.mjs');
     await machineNotify(message, level);
   } else if (machineSubcommand === "ls") {
-    const { machineLs } = await import('./commands-CrTDsMDZ.mjs');
+    const { machineLs } = await import('./commands-B8Q1ig7j.mjs');
     let machineId;
     let showHidden = false;
     let path;

package/dist/{commands-CrTDsMDZ.mjs → commands-B8Q1ig7j.mjs}

@@ -2,7 +2,7 @@ import { existsSync, readFileSync } from 'node:fs';
 import { execSync } from 'node:child_process';
 import { resolve, join } from 'node:path';
 import os from 'node:os';
-import { l as loadSecurityContextConfig, e as resolveSecurityContext, f as buildSecurityContextFromFlags, m as mergeSecurityContexts, c as connectToHypha } from './run-Dz0TkCj6.mjs';
+import { l as loadSecurityContextConfig, e as resolveSecurityContext, f as buildSecurityContextFromFlags, m as mergeSecurityContexts, c as connectToHypha } from './run-D-1qvfLH.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';

package/dist/{commands-Dz_JXrcs.mjs → commands-BpW-hioi.mjs}

@@ -1,11 +1,11 @@
 import { writeFileSync, readFileSync } from 'fs';
 import { resolve } from 'path';
-import { connectAndGetMachine } from './commands-CrTDsMDZ.mjs';
+import { connectAndGetMachine } from './commands-B8Q1ig7j.mjs';
 import 'node:fs';
 import 'node:child_process';
 import 'node:path';
 import 'node:os';
-import './run-Dz0TkCj6.mjs';
+import './run-D-1qvfLH.mjs';
 import 'os';
 import 'fs/promises';
 import 'url';

package/dist/index.mjs

@@ -1,4 +1,4 @@
-export { c as connectToHypha, d as daemonStatus, g as getHyphaServerUrl, r as registerMachineService, a as registerSessionService, s as startDaemon, b as stopDaemon } from './run-Dz0TkCj6.mjs';
+export { c as connectToHypha, d as daemonStatus, g as getHyphaServerUrl, r as registerMachineService, a as registerSessionService, s as startDaemon, b as stopDaemon } from './run-D-1qvfLH.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';

package/dist/package-CcU8sNV_.mjs

@@ -0,0 +1,63 @@
+var name = "svamp-cli";
+var version = "0.2.38";
+var description = "Svamp CLI — AI workspace daemon on Hypha Cloud";
+var author = "Amun AI AB";
+var license = "SEE LICENSE IN LICENSE";
+var type = "module";
+var bin = {
+	svamp: "./bin/svamp.mjs"
+};
+var files = [
+	"dist",
+	"bin"
+];
+var main = "./dist/index.mjs";
+var exports$1 = {
+	".": "./dist/index.mjs",
+	"./cli": "./dist/cli.mjs"
+};
+var scripts = {
+	build: "rm -rf dist && tsc --noEmit && pkgroll",
+	typecheck: "tsc --noEmit",
+	test: "npx tsx test/test-authorize.mjs && npx tsx test/test-session-helpers.mjs && npx tsx test/test-cli-routing.mjs && npx tsx test/test-security-context.mjs && npx tsx test/test-isolation-decision.mjs && npx tsx test/test-ralph-loop.mjs && npx tsx test/test-message-helpers.mjs && npx tsx test/test-agent-config.mjs && npx tsx test/test-wrap-command.mjs && npx tsx test/test-credential-staging.mjs && npx tsx test/test-output-formatters.mjs && npx tsx test/test-agent-types.mjs && npx tsx test/test-transport.mjs && npx tsx test/test-session-update-handlers.mjs && npx tsx test/test-session-scanner.mjs && npx tsx test/test-hypha-client.mjs && npx tsx test/test-hook-settings.mjs && npx tsx test/test-session-service-logic.mjs && npx tsx test/test-daemon-persistence.mjs && npx tsx test/test-detect-isolation.mjs && npx tsx test/test-machine-service-logic.mjs && npx tsx test/test-interactive-helpers.mjs && npx tsx test/test-codex-backend.mjs && npx tsx test/test-acp-backend.mjs && npx tsx test/test-acp-bridge.mjs && npx tsx test/test-hook-server.mjs && npx tsx test/test-session-commands.mjs && npx tsx test/test-interactive-console.mjs && npx tsx test/test-session-messages.mjs && npx tsx test/test-skills.mjs && npx tsx test/test-agent-grouping.mjs && npx tsx test/test-ralph-loop-integration.mjs && npx tsx test/test-ralph-loop-modes.mjs && npx tsx test/test-machine-list-directory.mjs && npx tsx test/test-service-commands.mjs && npx tsx test/test-supervisor.mjs && npx tsx test/test-supervisor-lock.mjs && npx tsx test/test-clear-detection.mjs && npx tsx test/test-session-consolidation.mjs && npx tsx test/test-inbox.mjs && npx tsx test/test-session-rpc-dispatch.mjs && npx tsx test/test-sandbox-cli.mjs && npx tsx test/test-serve-manager.mjs && npx tsx test/test-serve-stability.mjs && npx tsx test/test-frpc-e2e.mjs --unit-only",
+	"test:hypha": "node --no-warnings test/test-hypha-service.mjs",
+	dev: "tsx src/cli.ts",
+	"dev:daemon": "tsx src/cli.ts daemon start-sync",
+	"test:e2e": "node --no-warnings test/e2e-session-tests.mjs",
+	"test:frpc": "npx tsx test/test-frpc-e2e.mjs"
+};
+var dependencies = {
+	"@agentclientprotocol/sdk": "^0.14.1",
+	"@modelcontextprotocol/sdk": "^1.25.3",
+	"hypha-rpc": "0.21.36",
+	"node-pty": "1.2.0-beta.11",
+	ws: "^8.18.0",
+	yaml: "^2.8.2",
+	zod: "^3.24.4"
+};
+var devDependencies = {
+	"@types/node": ">=20",
+	"@types/ws": "^8.5.14",
+	pkgroll: "^2.14.2",
+	tsx: "^4.20.6",
+	typescript: "5.9.3"
+};
+var packageManager = "yarn@1.22.22";
+var _package = {
+	name: name,
+	version: version,
+	description: description,
+	author: author,
+	license: license,
+	type: type,
+	bin: bin,
+	files: files,
+	main: main,
+	exports: exports$1,
+	scripts: scripts,
+	dependencies: dependencies,
+	devDependencies: devDependencies,
+	packageManager: packageManager
+};
+
+export { author, bin, _package as default, dependencies, description, devDependencies, exports$1 as exports, files, license, main, name, packageManager, scripts, type, version };

package/dist/{run-BckEhiLq.mjs → run-BStlzTCG.mjs}

@@ -2,7 +2,7 @@ import{createRequire as _pkgrollCR}from"node:module";const require=_pkgrollCR(im
 import os from 'node:os';
 import { join, resolve } from 'node:path';
 import { mkdirSync, writeFileSync, existsSync, unlinkSync, readFileSync, watch } from 'node:fs';
-import { c as connectToHypha, a as registerSessionService } from './run-Dz0TkCj6.mjs';
+import { c as connectToHypha, a as registerSessionService } from './run-D-1qvfLH.mjs';
 import { createServer } from 'node:http';
 import { spawn } from 'node:child_process';
 import { createInterface } from 'node:readline';

package/dist/{run-Dz0TkCj6.mjs → run-D-1qvfLH.mjs}

@@ -4922,6 +4922,14 @@ var credentialStaging = /*#__PURE__*/Object.freeze({
     stageCredentialsForSharing: stageCredentialsForSharing
 });
 
+function shouldIsolate(input) {
+  if (input.forceIsolation) return true;
+  const sessionCtx = input.sessionSecurityContext;
+  if (sessionCtx === null) return false;
+  if (sessionCtx !== void 0) return true;
+  return input.optionsSecurityContext !== null && input.optionsSecurityContext !== void 0;
+}
+
 const DEFAULT_PROBE_INTERVAL_S = 10;
 const DEFAULT_PROBE_TIMEOUT_S = 5;
 const DEFAULT_PROBE_FAILURE_THRESHOLD = 3;
@@ -6300,6 +6308,20 @@ async function startDaemon(options) {
   process.on("SIGINT", () => requestShutdown("os-signal"));
   process.on("SIGTERM", () => requestShutdown("os-signal"));
   process.on("SIGUSR1", () => requestShutdown("os-signal-cleanup"));
+  const { watchParentLiveness } = await import('./supervisorLock-DwNAn0VN.mjs');
+  const cancelParentWatchdog = watchParentLiveness({
+    intervalMs: 5e3,
+    onParentDeath: () => {
+      logger.log("Supervisor process died \u2014 sync daemon shutting down to avoid orphan state");
+      requestShutdown("supervisor-died");
+    }
+  });
+  process.on("exit", () => {
+    try {
+      cancelParentWatchdog();
+    } catch {
+    }
+  });
   process.on("uncaughtException", (error) => {
     if (shutdownRequested) return;
     logger.error("Uncaught exception (non-fatal, daemon continues):", error);
@@ -6585,8 +6607,7 @@ async function startDaemon(options) {
             }
           });
         }, buildIsolationConfig2 = function(dir) {
-          if (!options2.forceIsolation && !sessionMetadata.sharing?.enabled) return null;
-          if (sessionMetadata.securityContext === null) return null;
+          if (!shouldIsolateSession()) return null;
           const method = isolationCapabilities.preferred;
           if (!method) return null;
           const detail = isolationCapabilities.details[method];
@@ -6603,10 +6624,10 @@ async function startDaemon(options) {
               trustOverride: true
             };
           }
-          if (sessionMetadata.sharing?.enabled && stagedCredentials) {
+          if (stagedCredentials) {
             config.credentialStagingPath = stagedCredentials.homePath;
           }
-          const activeSecurityContext = sessionMetadata.securityContext ?? options2.securityContext;
+          const activeSecurityContext = getActiveSecurityContext();
           if (activeSecurityContext) {
             config = applySecurityContext(config, activeSecurityContext);
           }
@@ -6743,6 +6764,12 @@ async function startDaemon(options) {
           "auto-approve-all": "bypassPermissions"
         };
         const toClaudePermissionMode = (mode) => CLAUDE_PERMISSION_MODE_MAP[mode] || mode;
+        const getActiveSecurityContext = () => sessionMetadata.securityContext ?? options2.securityContext;
+        const shouldIsolateSession = () => shouldIsolate({
+          forceIsolation: options2.forceIsolation,
+          sessionSecurityContext: sessionMetadata.securityContext,
+          optionsSecurityContext: options2.securityContext
+        });
         let isolationCleanupFiles = [];
         const spawnClaude = (initialMessage, meta) => {
           const effectiveMeta = { ...lastSpawnMeta, ...meta };
@@ -6786,7 +6813,7 @@ async function startDaemon(options) {
             if (wrapped.cleanupFiles) isolationCleanupFiles = wrapped.cleanupFiles;
             sessionMetadata = { ...sessionMetadata, isolationMethod: isoConfig.method };
             logger.log(`[Session ${sessionId}] Isolation: ${isoConfig.method} (binary: ${isoConfig.binaryPath})`);
-          } else if (options2.forceIsolation || sessionMetadata.sharing?.enabled) {
+          } else if (shouldIsolateSession()) {
             logger.log(`[Session ${sessionId}] WARNING: No isolation runtime (nono/docker/podman) available. Session is NOT sandboxed.`);
             sessionMetadata = { ...sessionMetadata, isolationMethod: void 0 };
           } else {
@@ -6797,18 +6824,15 @@ async function startDaemon(options) {
           delete spawnEnv.CLAUDECODE;
           spawnEnv.SVAMP_SESSION_ID = sessionId;
           delete spawnEnv.SVAMP_SANDBOXED;
-          if (sessionMetadata.sharing?.enabled && stagedCredentials) {
+          if (isoConfig && stagedCredentials) {
             Object.assign(spawnEnv, stagedCredentials.env);
             const filtered = {};
             for (const [k, v] of Object.entries(spawnEnv)) {
               if (v !== void 0) filtered[k] = v;
             }
             spawnEnv = sanitizeEnvForSharing(filtered);
-            logger.log(`[Session ${sessionId}] Credential staging: HOME=${stagedCredentials.homePath}`);
-            if (sessionMetadata.securityContext) {
-              spawnEnv.SVAMP_SANDBOXED = "1";
-              logger.log(`[Session ${sessionId}] Sandbox mode: ON (securityContext present)`);
-            }
+            spawnEnv.SVAMP_SANDBOXED = "1";
+            logger.log(`[Session ${sessionId}] Credential staging: HOME=${stagedCredentials.homePath}, SVAMP_SANDBOXED=1`);
           }
           const child = spawn$1(spawnCommand, spawnArgs, {
             cwd: directory,
@@ -7419,6 +7443,14 @@ The automated loop has finished. Review the progress above and let me know if yo
               return { success: false, message: "Session was stopped during restart." };
             }
             if (claudeResumeId) {
+              if (!stagedCredentials && shouldIsolateSession()) {
+                try {
+                  stagedCredentials = await stageCredentialsForSharing(sessionId);
+                  logger.log(`[Session ${sessionId}] Credentials staged at ${stagedCredentials.homePath} (runtime enable)`);
+                } catch (err) {
+                  logger.log(`[Session ${sessionId}] WARNING: Runtime credential staging failed: ${err.message}.`);
+                }
+              }
               spawnClaude(void 0, { permissionMode: currentPermissionMode });
               sessionService.updateMetadata(sessionMetadata);
               logger.log(`[Session ${sessionId}] Claude respawned with --resume ${claudeResumeId}`);
@@ -7435,12 +7467,12 @@ The automated loop has finished. Review the progress above and let me know if yo
             isRestartingClaude = false;
           }
         };
-        if (sessionMetadata.sharing?.enabled) {
+        if (shouldIsolateSession()) {
           try {
             stagedCredentials = await stageCredentialsForSharing(sessionId);
             logger.log(`[Session ${sessionId}] Credentials staged at ${stagedCredentials.homePath}`);
           } catch (err) {
-            logger.log(`[Session ${sessionId}] WARNING: Credential staging failed: ${err.message}. Shared users may have access to ~/.claude history.`);
+            logger.log(`[Session ${sessionId}] WARNING: Credential staging failed: ${err.message}.`);
           }
         }
         let processMessageQueueRef;
@@ -8357,7 +8389,8 @@ The automated loop has finished. Review the progress above and let me know if yo
         const writeSvampConfigPatchAcp = svampConfigChecker.writeConfig;
         const permissionHandler = new HyphaPermissionHandler(shouldAutoAllow2, logger.log);
         let agentIsoConfig;
-        if ((options2.forceIsolation || sessionMetadata.sharing?.enabled) && isolationCapabilities.preferred) {
+        const agentShouldIsolate = Boolean(options2.forceIsolation) || Boolean(options2.securityContext);
+        if (agentShouldIsolate && isolationCapabilities.preferred) {
           const method = isolationCapabilities.preferred;
           const detail = isolationCapabilities.details[method];
           if (detail.found && detail.verified !== false) {

package/dist/{serveCommands-FnBtBifV.mjs → serveCommands-B2vQJyUt.mjs}

@@ -52,7 +52,7 @@ async function handleServeCommand() {
   }
 }
 async function serveAdd(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-CrTDsMDZ.mjs');
+  const { connectAndGetMachine } = await import('./commands-B8Q1ig7j.mjs');
   const pos = positionalArgs(args);
   const name = pos[0];
   if (!name) {
@@ -84,7 +84,7 @@ async function serveAdd(args, machineId) {
   }
 }
 async function serveRemove(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-CrTDsMDZ.mjs');
+  const { connectAndGetMachine } = await import('./commands-B8Q1ig7j.mjs');
   const pos = positionalArgs(args);
   const name = pos[0];
   if (!name) {
@@ -104,7 +104,7 @@ async function serveRemove(args, machineId) {
   }
 }
 async function serveList(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-CrTDsMDZ.mjs');
+  const { connectAndGetMachine } = await import('./commands-B8Q1ig7j.mjs');
   const all = hasFlag(args, "--all", "-a");
   const json = hasFlag(args, "--json");
   const sessionId = getFlag(args, "--session");
@@ -137,7 +137,7 @@ async function serveList(args, machineId) {
   }
 }
 async function serveInfo(machineId) {
-  const { connectAndGetMachine } = await import('./commands-CrTDsMDZ.mjs');
+  const { connectAndGetMachine } = await import('./commands-B8Q1ig7j.mjs');
   const { machine, server } = await connectAndGetMachine(machineId);
   try {
     const info = await machine.serveInfo();

package/dist/supervisorLock-DwNAn0VN.mjs

@@ -0,0 +1,157 @@
+import { existsSync, readFileSync, unlinkSync, openSync, writeSync, closeSync } from 'node:fs';
+import { execFileSync } from 'node:child_process';
+
+function acquireSupervisorLock(pidFile, pid = process.pid) {
+  try {
+    const fd = openSync(pidFile, "wx");
+    try {
+      writeSync(fd, String(pid));
+    } finally {
+      closeSync(fd);
+    }
+    return { acquired: true };
+  } catch (err) {
+    if (err?.code !== "EEXIST") throw err;
+  }
+  let existingPid = 0;
+  try {
+    existingPid = parseInt(readFileSync(pidFile, "utf-8").trim(), 10);
+  } catch {
+  }
+  if (!existingPid || Number.isNaN(existingPid) || existingPid <= 0) {
+    try {
+      unlinkSync(pidFile);
+    } catch {
+    }
+    return { acquired: false, staleCleaned: true };
+  }
+  if (isPidAlive(existingPid)) {
+    return { acquired: false, heldBy: existingPid };
+  }
+  try {
+    unlinkSync(pidFile);
+  } catch {
+  }
+  return { acquired: false, staleCleaned: true };
+}
+function acquireSupervisorLockWithRetry(pidFile, pid = process.pid) {
+  let result = acquireSupervisorLock(pidFile, pid);
+  if (!result.acquired && result.staleCleaned) {
+    result = acquireSupervisorLock(pidFile, pid);
+  }
+  return { acquired: result.acquired, heldBy: result.heldBy };
+}
+function releaseSupervisorLock(pidFile, pid = process.pid) {
+  try {
+    if (!existsSync(pidFile)) return;
+    const content = parseInt(readFileSync(pidFile, "utf-8").trim(), 10);
+    if (content === pid) unlinkSync(pidFile);
+  } catch {
+  }
+}
+function isPidAlive(pid) {
+  if (!pid || Number.isNaN(pid) || pid <= 0) return false;
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function findOrphanedSyncPids(currentSupervisorPid = process.pid) {
+  if (process.platform === "win32") return [];
+  const pids = [];
+  try {
+    const output = execFileSync("pgrep", ["-af", "svamp daemon start-sync"], {
+      encoding: "utf-8",
+      timeout: 5e3
+    });
+    for (const line of output.split("\n")) {
+      const trimmed = line.trim();
+      if (!trimmed) continue;
+      const match = trimmed.match(/^(\d+)\s/);
+      if (!match) continue;
+      const pid = parseInt(match[1], 10);
+      if (Number.isNaN(pid) || pid <= 0) continue;
+      if (pid === process.pid) continue;
+      const ppid = getPpid(pid);
+      if (ppid === currentSupervisorPid) continue;
+      pids.push(pid);
+    }
+  } catch (err) {
+    if (err?.status !== 1) ;
+  }
+  return pids;
+}
+function getPpid(pid) {
+  if (process.platform === "win32") return 0;
+  try {
+    const out = execFileSync("ps", ["-o", "ppid=", "-p", String(pid)], {
+      encoding: "utf-8",
+      timeout: 2e3
+    }).trim();
+    const ppid = parseInt(out, 10);
+    return Number.isNaN(ppid) ? 0 : ppid;
+  } catch {
+    return 0;
+  }
+}
+async function killOrphanedSyncs(pids, opts = {}) {
+  if (pids.length === 0) return;
+  const log = opts.log || (() => {
+  });
+  const gracePeriodMs = opts.gracePeriodMs ?? 3e3;
+  log(`Killing ${pids.length} orphan sync daemon(s): ${pids.join(", ")}`);
+  for (const pid of pids) {
+    try {
+      process.kill(pid, "SIGTERM");
+    } catch {
+    }
+  }
+  const pollStep = 100;
+  const steps = Math.max(1, Math.ceil(gracePeriodMs / pollStep));
+  for (let i = 0; i < steps; i++) {
+    await new Promise((r) => setTimeout(r, pollStep));
+    if (pids.every((p) => !isPidAlive(p))) {
+      log("All orphan daemons exited cleanly");
+      return;
+    }
+  }
+  const survivors = pids.filter(isPidAlive);
+  if (survivors.length > 0) {
+    log(`Force-killing survivors: ${survivors.join(", ")}`);
+    for (const pid of survivors) {
+      try {
+        process.kill(pid, "SIGKILL");
+      } catch {
+      }
+    }
+  }
+}
+function watchParentLiveness(opts) {
+  if (process.env.SVAMP_SUPERVISED !== "1") {
+    return () => {
+    };
+  }
+  const supervisorPid = process.ppid;
+  if (!supervisorPid || supervisorPid === 1) {
+    return () => {
+    };
+  }
+  const intervalMs = opts.intervalMs ?? 5e3;
+  let fired = false;
+  const timer = setInterval(() => {
+    if (fired) return;
+    if (!isPidAlive(supervisorPid)) {
+      fired = true;
+      clearInterval(timer);
+      opts.onParentDeath();
+    }
+  }, intervalMs);
+  timer.unref?.();
+  return () => {
+    clearInterval(timer);
+  };
+}
+
+export { acquireSupervisorLock, acquireSupervisorLockWithRetry, findOrphanedSyncPids, getPpid, isPidAlive, killOrphanedSyncs, releaseSupervisorLock, watchParentLiveness };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svamp-cli",
-  "version": "0.2.37",
+  "version": "0.2.38",
   "description": "Svamp CLI — AI workspace daemon on Hypha Cloud",
   "author": "Amun AI AB",
   "license": "SEE LICENSE IN LICENSE",
@@ -20,7 +20,7 @@
   "scripts": {
     "build": "rm -rf dist && tsc --noEmit && pkgroll",
     "typecheck": "tsc --noEmit",
-    "test": "npx tsx test/test-authorize.mjs && npx tsx test/test-session-helpers.mjs && npx tsx test/test-cli-routing.mjs && npx tsx test/test-security-context.mjs && npx tsx test/test-ralph-loop.mjs && npx tsx test/test-message-helpers.mjs && npx tsx test/test-agent-config.mjs && npx tsx test/test-wrap-command.mjs && npx tsx test/test-credential-staging.mjs && npx tsx test/test-output-formatters.mjs && npx tsx test/test-agent-types.mjs && npx tsx test/test-transport.mjs && npx tsx test/test-session-update-handlers.mjs && npx tsx test/test-session-scanner.mjs && npx tsx test/test-hypha-client.mjs && npx tsx test/test-hook-settings.mjs && npx tsx test/test-session-service-logic.mjs && npx tsx test/test-daemon-persistence.mjs && npx tsx test/test-detect-isolation.mjs && npx tsx test/test-machine-service-logic.mjs && npx tsx test/test-interactive-helpers.mjs && npx tsx test/test-codex-backend.mjs && npx tsx test/test-acp-backend.mjs && npx tsx test/test-acp-bridge.mjs && npx tsx test/test-hook-server.mjs && npx tsx test/test-session-commands.mjs && npx tsx test/test-interactive-console.mjs && npx tsx test/test-session-messages.mjs && npx tsx test/test-skills.mjs && npx tsx test/test-agent-grouping.mjs && npx tsx test/test-ralph-loop-integration.mjs && npx tsx test/test-ralph-loop-modes.mjs && npx tsx test/test-machine-list-directory.mjs && npx tsx test/test-service-commands.mjs && npx tsx test/test-supervisor.mjs && npx tsx test/test-clear-detection.mjs && npx tsx test/test-session-consolidation.mjs && npx tsx test/test-inbox.mjs && npx tsx test/test-session-rpc-dispatch.mjs && npx tsx test/test-sandbox-cli.mjs && npx tsx test/test-serve-manager.mjs && npx tsx test/test-serve-stability.mjs && npx tsx test/test-frpc-e2e.mjs --unit-only",
+    "test": "npx tsx test/test-authorize.mjs && npx tsx test/test-session-helpers.mjs && npx tsx test/test-cli-routing.mjs && npx tsx test/test-security-context.mjs && npx tsx test/test-isolation-decision.mjs && npx tsx test/test-ralph-loop.mjs && npx tsx test/test-message-helpers.mjs && npx tsx test/test-agent-config.mjs && npx tsx test/test-wrap-command.mjs && npx tsx test/test-credential-staging.mjs && npx tsx test/test-output-formatters.mjs && npx tsx test/test-agent-types.mjs && npx tsx test/test-transport.mjs && npx tsx test/test-session-update-handlers.mjs && npx tsx test/test-session-scanner.mjs && npx tsx test/test-hypha-client.mjs && npx tsx test/test-hook-settings.mjs && npx tsx test/test-session-service-logic.mjs && npx tsx test/test-daemon-persistence.mjs && npx tsx test/test-detect-isolation.mjs && npx tsx test/test-machine-service-logic.mjs && npx tsx test/test-interactive-helpers.mjs && npx tsx test/test-codex-backend.mjs && npx tsx test/test-acp-backend.mjs && npx tsx test/test-acp-bridge.mjs && npx tsx test/test-hook-server.mjs && npx tsx test/test-session-commands.mjs && npx tsx test/test-interactive-console.mjs && npx tsx test/test-session-messages.mjs && npx tsx test/test-skills.mjs && npx tsx test/test-agent-grouping.mjs && npx tsx test/test-ralph-loop-integration.mjs && npx tsx test/test-ralph-loop-modes.mjs && npx tsx test/test-machine-list-directory.mjs && npx tsx test/test-service-commands.mjs && npx tsx test/test-supervisor.mjs && npx tsx test/test-supervisor-lock.mjs && npx tsx test/test-clear-detection.mjs && npx tsx test/test-session-consolidation.mjs && npx tsx test/test-inbox.mjs && npx tsx test/test-session-rpc-dispatch.mjs && npx tsx test/test-sandbox-cli.mjs && npx tsx test/test-serve-manager.mjs && npx tsx test/test-serve-stability.mjs && npx tsx test/test-frpc-e2e.mjs --unit-only",
     "test:hypha": "node --no-warnings test/test-hypha-service.mjs",
     "dev": "tsx src/cli.ts",
     "dev:daemon": "tsx src/cli.ts daemon start-sync",

package/dist/package-DRX_LQ92.mjs

@@ -1,63 +0,0 @@
-var name = "svamp-cli";
-var version = "0.2.37";
-var description = "Svamp CLI — AI workspace daemon on Hypha Cloud";
-var author = "Amun AI AB";
-var license = "SEE LICENSE IN LICENSE";
-var type = "module";
-var bin = {
-	svamp: "./bin/svamp.mjs"
-};
-var files = [
-	"dist",
-	"bin"
-];
-var main = "./dist/index.mjs";
-var exports$1 = {
-	".": "./dist/index.mjs",
-	"./cli": "./dist/cli.mjs"
-};
-var scripts = {
-	build: "rm -rf dist && tsc --noEmit && pkgroll",
-	typecheck: "tsc --noEmit",
-	test: "npx tsx test/test-authorize.mjs && npx tsx test/test-session-helpers.mjs && npx tsx test/test-cli-routing.mjs && npx tsx test/test-security-context.mjs && npx tsx test/test-ralph-loop.mjs && npx tsx test/test-message-helpers.mjs && npx tsx test/test-agent-config.mjs && npx tsx test/test-wrap-command.mjs && npx tsx test/test-credential-staging.mjs && npx tsx test/test-output-formatters.mjs && npx tsx test/test-agent-types.mjs && npx tsx test/test-transport.mjs && npx tsx test/test-session-update-handlers.mjs && npx tsx test/test-session-scanner.mjs && npx tsx test/test-hypha-client.mjs && npx tsx test/test-hook-settings.mjs && npx tsx test/test-session-service-logic.mjs && npx tsx test/test-daemon-persistence.mjs && npx tsx test/test-detect-isolation.mjs && npx tsx test/test-machine-service-logic.mjs && npx tsx test/test-interactive-helpers.mjs && npx tsx test/test-codex-backend.mjs && npx tsx test/test-acp-backend.mjs && npx tsx test/test-acp-bridge.mjs && npx tsx test/test-hook-server.mjs && npx tsx test/test-session-commands.mjs && npx tsx test/test-interactive-console.mjs && npx tsx test/test-session-messages.mjs && npx tsx test/test-skills.mjs && npx tsx test/test-agent-grouping.mjs && npx tsx test/test-ralph-loop-integration.mjs && npx tsx test/test-ralph-loop-modes.mjs && npx tsx test/test-machine-list-directory.mjs && npx tsx test/test-service-commands.mjs && npx tsx test/test-supervisor.mjs && npx tsx test/test-clear-detection.mjs && npx tsx test/test-session-consolidation.mjs && npx tsx test/test-inbox.mjs && npx tsx test/test-session-rpc-dispatch.mjs && npx tsx test/test-sandbox-cli.mjs && npx tsx test/test-serve-manager.mjs && npx tsx test/test-serve-stability.mjs && npx tsx test/test-frpc-e2e.mjs --unit-only",
-	"test:hypha": "node --no-warnings test/test-hypha-service.mjs",
-	dev: "tsx src/cli.ts",
-	"dev:daemon": "tsx src/cli.ts daemon start-sync",
-	"test:e2e": "node --no-warnings test/e2e-session-tests.mjs",
-	"test:frpc": "npx tsx test/test-frpc-e2e.mjs"
-};
-var dependencies = {
-	"@agentclientprotocol/sdk": "^0.14.1",
-	"@modelcontextprotocol/sdk": "^1.25.3",
-	"hypha-rpc": "0.21.36",
-	"node-pty": "1.2.0-beta.11",
-	ws: "^8.18.0",
-	yaml: "^2.8.2",
-	zod: "^3.24.4"
-};
-var devDependencies = {
-	"@types/node": ">=20",
-	"@types/ws": "^8.5.14",
-	pkgroll: "^2.14.2",
-	tsx: "^4.20.6",
-	typescript: "5.9.3"
-};
-var packageManager = "yarn@1.22.22";
-var _package = {
-	name: name,
-	version: version,
-	description: description,
-	author: author,
-	license: license,
-	type: type,
-	bin: bin,
-	files: files,
-	main: main,
-	exports: exports$1,
-	scripts: scripts,
-	dependencies: dependencies,
-	devDependencies: devDependencies,
-	packageManager: packageManager
-};
-
-export { author, bin, _package as default, dependencies, description, devDependencies, exports$1 as exports, files, license, main, name, packageManager, scripts, type, version };