svamp-cli 0.2.37 → 0.2.39

package/dist/{agentCommands-C88l82pM.mjs → agentCommands-BvmStLoh.mjs}

@@ -148,7 +148,7 @@ async function sessionBroadcast(action, args) {
   console.log(`Broadcast sent: ${action}`);
 }
 async function connectToMachineService() {
-  const { connectAndGetMachine } = await import('./commands-CrTDsMDZ.mjs');
+  const { connectAndGetMachine } = await import('./commands-CWKFZm9s.mjs');
   return connectAndGetMachine();
 }
 async function inboxSend(targetSessionId, opts) {
@@ -165,7 +165,7 @@ async function inboxSend(targetSessionId, opts) {
   }
   const { server, machine } = await connectToMachineService();
   try {
-    const { resolveSessionId } = await import('./commands-CrTDsMDZ.mjs');
+    const { resolveSessionId } = await import('./commands-CWKFZm9s.mjs');
     const sessions = await machine.listSessions();
     const match = resolveSessionId(sessions, targetSessionId);
     const fullTargetId = match.sessionId;

package/dist/cli.mjs

@@ -1,4 +1,4 @@
-import { s as startDaemon, b as stopDaemon, d as daemonStatus } from './run-Dz0TkCj6.mjs';
+import { s as startDaemon, b as stopDaemon, d as daemonStatus } from './run-CRwkPQDW.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';
@@ -36,11 +36,23 @@ async function main() {
     await logoutFromHypha();
   } else if (subcommand === "daemon") {
     if (daemonSubcommand === "restart") {
-      const { restartDaemon } = await import('./run-Dz0TkCj6.mjs').then(function (n) { return n.k; });
+      try {
+        await applyClaudeAuthFlags(args);
+      } catch (err) {
+        console.error(`svamp daemon restart: ${err.message || err}`);
+        process.exit(1);
+      }
+      const { restartDaemon } = await import('./run-CRwkPQDW.mjs').then(function (n) { return n.n; });
       await restartDaemon();
       process.exit(0);
     }
     if (daemonSubcommand === "start") {
+      try {
+        await applyClaudeAuthFlags(args);
+      } catch (err) {
+        console.error(`svamp daemon start: ${err.message || err}`);
+        process.exit(1);
+      }
       const { spawn } = await import('child_process');
       const extraArgs = [];
       if (args.includes("--no-auto-continue")) extraArgs.push("--no-auto-continue");
@@ -82,10 +94,11 @@ async function main() {
       process.exit(0);
     } else if (daemonSubcommand === "start-supervised") {
       const { spawn: spawnChild } = await import('child_process');
-      const { appendFileSync, mkdirSync, existsSync: fsExists } = await import('fs');
+      const { appendFileSync, mkdirSync } = await import('fs');
       const { join: pathJoin } = await import('path');
       const osModule = await import('os');
       const svampHome = process.env.SVAMP_HOME || pathJoin(osModule.homedir(), ".svamp");
+      mkdirSync(svampHome, { recursive: true });
       const logsDir = pathJoin(svampHome, "logs");
       mkdirSync(logsDir, { recursive: true });
       const logFile = pathJoin(logsDir, "daemon-supervised.log");
@@ -97,13 +110,27 @@ async function main() {
         } catch {
         }
       };
+      const {
+        acquireSupervisorLockWithRetry,
+        releaseSupervisorLock,
+        findOrphanedSyncPids,
+        killOrphanedSyncs
+      } = await import('./supervisorLock-DwNAn0VN.mjs');
       const supervisorPidFile = pathJoin(svampHome, "supervisor.pid");
+      const lock = acquireSupervisorLockWithRetry(supervisorPidFile, process.pid);
+      if (!lock.acquired) {
+        log(`Another supervisor is already running (PID ${lock.heldBy}) \u2014 exiting`);
+        console.error(`svamp daemon: another supervisor is already running (PID ${lock.heldBy}).`);
+        process.exit(0);
+      }
       try {
-        appendFileSync(supervisorPidFile, "");
-      } catch {
+        const orphans = findOrphanedSyncPids(process.pid);
+        if (orphans.length > 0) {
+          await killOrphanedSyncs(orphans, { log, gracePeriodMs: 3e3 });
+        }
+      } catch (err) {
+        log(`Orphan scan failed (non-fatal): ${err?.message || err}`);
       }
-      const { writeFileSync: wfs } = await import('fs');
-      wfs(supervisorPidFile, String(process.pid), "utf-8");
       const extraSyncArgs = [];
       if (args.includes("--no-auto-continue")) extraSyncArgs.push("--no-auto-continue");
       const BASE_DELAY_MS = 2e3;
@@ -188,11 +215,7 @@ async function main() {
           setTimeout(() => clearInterval(checkStop), delay + 100);
         });
       }
-      try {
-        const { unlinkSync: us } = await import('fs');
-        us(supervisorPidFile);
-      } catch {
-      }
+      releaseSupervisorLock(supervisorPidFile, process.pid);
       process.exit(0);
     } else if (daemonSubcommand === "start-sync") {
       const noAutoContinue = args.includes("--no-auto-continue");
@@ -211,6 +234,9 @@ async function main() {
     } else if (daemonSubcommand === "uninstall") {
       await uninstallDaemonService();
       process.exit(0);
+    } else if (daemonSubcommand === "auth") {
+      await handleDaemonAuthCommand(args.slice(2));
+      process.exit(0);
     } else {
       printDaemonHelp();
     }
@@ -246,7 +272,7 @@ async function main() {
       console.error("svamp serve: Serve commands are not available in sandboxed sessions.");
       process.exit(1);
     }
-    const { handleServeCommand } = await import('./serveCommands-FnBtBifV.mjs');
+    const { handleServeCommand } = await import('./serveCommands-B9Dq2loo.mjs');
     await handleServeCommand();
     process.exit(0);
   } else if (subcommand === "process" || subcommand === "proc") {
@@ -255,7 +281,7 @@ async function main() {
       console.error("svamp process: Process commands are not available in sandboxed sessions.");
       process.exit(1);
     }
-    const { processCommand } = await import('./commands-Dz_JXrcs.mjs');
+    const { processCommand } = await import('./commands-DVXppwx2.mjs');
     let machineId;
     const processArgs = args.slice(1);
     const mIdx = processArgs.findIndex((a) => a === "--machine" || a === "-m");
@@ -273,7 +299,7 @@ async function main() {
   } else if (!subcommand || subcommand === "start") {
     await handleInteractiveCommand();
   } else if (subcommand === "--version" || subcommand === "-v") {
-    const pkg = await import('./package-DRX_LQ92.mjs').catch(() => ({ default: { version: "unknown" } }));
+    const pkg = await import('./package-CPiu8-uW.mjs').catch(() => ({ default: { version: "unknown" } }));
     console.log(`svamp version: ${pkg.default.version}`);
   } else {
     console.error(`Unknown command: ${subcommand}`);
@@ -282,7 +308,7 @@ async function main() {
   }
 }
 async function handleInteractiveCommand() {
-  const { runInteractive } = await import('./run-BckEhiLq.mjs');
+  const { runInteractive } = await import('./run--6SzG2CH.mjs');
   const interactiveArgs = subcommand === "start" ? args.slice(1) : args;
   let directory = process.cwd();
   let resumeSessionId;
@@ -327,7 +353,7 @@ async function handleAgentCommand() {
     return;
   }
   if (agentArgs[0] === "list") {
-    const { KNOWN_ACP_AGENTS, KNOWN_MCP_AGENTS: KNOWN_MCP_AGENTS2 } = await import('./run-Dz0TkCj6.mjs').then(function (n) { return n.i; });
+    const { KNOWN_ACP_AGENTS, KNOWN_MCP_AGENTS: KNOWN_MCP_AGENTS2 } = await import('./run-CRwkPQDW.mjs').then(function (n) { return n.i; });
     console.log("Known agents:");
     for (const [name, config2] of Object.entries(KNOWN_ACP_AGENTS)) {
       console.log(`  ${name.padEnd(12)} ${config2.command} ${config2.args.join(" ")}  (ACP)`);
@@ -339,7 +365,7 @@ async function handleAgentCommand() {
     console.log('Use "svamp agent -- <command> [args]" for a custom ACP agent.');
     return;
   }
-  const { resolveAcpAgentConfig, KNOWN_MCP_AGENTS } = await import('./run-Dz0TkCj6.mjs').then(function (n) { return n.i; });
+  const { resolveAcpAgentConfig, KNOWN_MCP_AGENTS } = await import('./run-CRwkPQDW.mjs').then(function (n) { return n.i; });
   let cwd = process.cwd();
   const filteredArgs = [];
   for (let i = 0; i < agentArgs.length; i++) {
@@ -363,12 +389,12 @@ async function handleAgentCommand() {
   console.log(`Starting ${config.agentName} agent in ${cwd}...`);
   let backend;
   if (KNOWN_MCP_AGENTS[config.agentName]) {
-    const { CodexMcpBackend } = await import('./run-Dz0TkCj6.mjs').then(function (n) { return n.j; });
+    const { CodexMcpBackend } = await import('./run-CRwkPQDW.mjs').then(function (n) { return n.j; });
     backend = new CodexMcpBackend({ cwd, log: logFn });
   } else {
-    const { AcpBackend } = await import('./run-Dz0TkCj6.mjs').then(function (n) { return n.h; });
-    const { GeminiTransport } = await import('./run-Dz0TkCj6.mjs').then(function (n) { return n.G; });
-    const { DefaultTransport } = await import('./run-Dz0TkCj6.mjs').then(function (n) { return n.D; });
+    const { AcpBackend } = await import('./run-CRwkPQDW.mjs').then(function (n) { return n.h; });
+    const { GeminiTransport } = await import('./run-CRwkPQDW.mjs').then(function (n) { return n.G; });
+    const { DefaultTransport } = await import('./run-CRwkPQDW.mjs').then(function (n) { return n.D; });
     const transportHandler = config.agentName === "gemini" ? new GeminiTransport() : new DefaultTransport(config.agentName);
     backend = new AcpBackend({
       agentName: config.agentName,
@@ -495,7 +521,7 @@ async function handleSessionCommand() {
       process.exit(1);
     }
   }
-  const { sessionList, sessionSpawn, sessionStop, sessionInfo, sessionMessages, sessionAttach, sessionMachines, sessionSend, sessionWait, sessionShare, sessionRalphStart, sessionRalphCancel, sessionRalphStatus, sessionInboxSend, sessionInboxList, sessionInboxRead, sessionInboxReply, sessionInboxClear } = await import('./commands-CrTDsMDZ.mjs');
+  const { sessionList, sessionSpawn, sessionStop, sessionInfo, sessionMessages, sessionAttach, sessionMachines, sessionSend, sessionWait, sessionShare, sessionRalphStart, sessionRalphCancel, sessionRalphStatus, sessionInboxSend, sessionInboxList, sessionInboxRead, sessionInboxReply, sessionInboxClear } = await import('./commands-CWKFZm9s.mjs');
   const parseFlagStr = (flag, shortFlag) => {
     for (let i = 1; i < sessionArgs.length; i++) {
       if ((sessionArgs[i] === flag || shortFlag) && i + 1 < sessionArgs.length) {
@@ -555,7 +581,7 @@ async function handleSessionCommand() {
         allowDomain.push(sessionArgs[++i]);
       }
     }
-    const { parseShareArg } = await import('./commands-CrTDsMDZ.mjs');
+    const { parseShareArg } = await import('./commands-CWKFZm9s.mjs');
     const shareEntries = share.map((s) => parseShareArg(s));
     await sessionSpawn(agent, dir, targetMachineId, {
       message,
@@ -641,7 +667,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session approve <session-id> [request-id] [--json]");
       process.exit(1);
     }
-    const { sessionApprove } = await import('./commands-CrTDsMDZ.mjs');
+    const { sessionApprove } = await import('./commands-CWKFZm9s.mjs');
     const approveReqId = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
     await sessionApprove(sessionArgs[1], approveReqId, targetMachineId, {
       json: hasFlag("--json")
@@ -651,7 +677,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session deny <session-id> [request-id] [--json]");
       process.exit(1);
     }
-    const { sessionDeny } = await import('./commands-CrTDsMDZ.mjs');
+    const { sessionDeny } = await import('./commands-CWKFZm9s.mjs');
     const denyReqId = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
     await sessionDeny(sessionArgs[1], denyReqId, targetMachineId, {
       json: hasFlag("--json")
@@ -687,7 +713,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session set-title <title>");
       process.exit(1);
     }
-    const { sessionSetTitle } = await import('./agentCommands-C88l82pM.mjs');
+    const { sessionSetTitle } = await import('./agentCommands-BvmStLoh.mjs');
     await sessionSetTitle(title);
   } else if (sessionSubcommand === "set-link") {
     const url = sessionArgs[1];
@@ -696,7 +722,7 @@ async function handleSessionCommand() {
       process.exit(1);
     }
     const label = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
-    const { sessionSetLink } = await import('./agentCommands-C88l82pM.mjs');
+    const { sessionSetLink } = await import('./agentCommands-BvmStLoh.mjs');
     await sessionSetLink(url, label);
   } else if (sessionSubcommand === "notify") {
     const message = sessionArgs[1];
@@ -705,7 +731,7 @@ async function handleSessionCommand() {
       process.exit(1);
     }
     const level = parseFlagStr("--level") || "info";
-    const { sessionNotify } = await import('./agentCommands-C88l82pM.mjs');
+    const { sessionNotify } = await import('./agentCommands-BvmStLoh.mjs');
     await sessionNotify(message, level);
   } else if (sessionSubcommand === "broadcast") {
     const action = sessionArgs[1];
@@ -713,7 +739,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session broadcast <action> [args...]\nActions: open-canvas <url> [label], close-canvas, toast <message>");
       process.exit(1);
     }
-    const { sessionBroadcast } = await import('./agentCommands-C88l82pM.mjs');
+    const { sessionBroadcast } = await import('./agentCommands-BvmStLoh.mjs');
     await sessionBroadcast(action, sessionArgs.slice(2).filter((a) => !a.startsWith("--")));
   } else if (sessionSubcommand === "inbox") {
     const inboxSubcmd = sessionArgs[1];
@@ -724,7 +750,7 @@ async function handleSessionCommand() {
         process.exit(1);
       }
       if (agentSessionId) {
-        const { inboxSend } = await import('./agentCommands-C88l82pM.mjs');
+        const { inboxSend } = await import('./agentCommands-BvmStLoh.mjs');
         await inboxSend(sessionArgs[2], {
           body: sessionArgs[3],
           subject: parseFlagStr("--subject"),
@@ -739,7 +765,7 @@ async function handleSessionCommand() {
       }
     } else if (inboxSubcmd === "list" || inboxSubcmd === "ls") {
       if (agentSessionId && !sessionArgs[2]) {
-        const { inboxList } = await import('./agentCommands-C88l82pM.mjs');
+        const { inboxList } = await import('./agentCommands-BvmStLoh.mjs');
         await inboxList({
           unread: hasFlag("--unread"),
           limit: parseFlagInt("--limit"),
@@ -761,7 +787,7 @@ async function handleSessionCommand() {
         process.exit(1);
       }
       if (agentSessionId && !sessionArgs[3]) {
-        const { inboxList } = await import('./agentCommands-C88l82pM.mjs');
+        const { inboxList } = await import('./agentCommands-BvmStLoh.mjs');
         await sessionInboxRead(agentSessionId, sessionArgs[2], targetMachineId);
       } else if (sessionArgs[3]) {
         await sessionInboxRead(sessionArgs[2], sessionArgs[3], targetMachineId);
@@ -771,7 +797,7 @@ async function handleSessionCommand() {
       }
     } else if (inboxSubcmd === "reply") {
       if (agentSessionId && sessionArgs[2] && sessionArgs[3] && !sessionArgs[4]) {
-        const { inboxReply } = await import('./agentCommands-C88l82pM.mjs');
+        const { inboxReply } = await import('./agentCommands-BvmStLoh.mjs');
         await inboxReply(sessionArgs[2], sessionArgs[3]);
       } else if (sessionArgs[2] && sessionArgs[3] && sessionArgs[4]) {
         await sessionInboxReply(sessionArgs[2], sessionArgs[3], sessionArgs[4], targetMachineId);
@@ -807,7 +833,7 @@ async function handleMachineCommand() {
     return;
   }
   if (machineSubcommand === "share") {
-    const { machineShare } = await import('./commands-CrTDsMDZ.mjs');
+    const { machineShare } = await import('./commands-CWKFZm9s.mjs');
     let machineId;
     const shareArgs = [];
     for (let i = 1; i < machineArgs.length; i++) {
@@ -837,7 +863,7 @@ async function handleMachineCommand() {
     }
     await machineShare(machineId, { add, remove, list, configPath, showConfig });
   } else if (machineSubcommand === "exec") {
-    const { machineExec } = await import('./commands-CrTDsMDZ.mjs');
+    const { machineExec } = await import('./commands-CWKFZm9s.mjs');
     let machineId;
     let cwd;
     const cmdParts = [];
@@ -857,7 +883,7 @@ async function handleMachineCommand() {
     }
     await machineExec(machineId, command, cwd);
   } else if (machineSubcommand === "info") {
-    const { machineInfo } = await import('./commands-CrTDsMDZ.mjs');
+    const { machineInfo } = await import('./commands-CWKFZm9s.mjs');
     let machineId;
     for (let i = 1; i < machineArgs.length; i++) {
       if ((machineArgs[i] === "--machine" || machineArgs[i] === "-m") && i + 1 < machineArgs.length) {
@@ -877,10 +903,10 @@ async function handleMachineCommand() {
         level = machineArgs[++i];
       }
     }
-    const { machineNotify } = await import('./agentCommands-C88l82pM.mjs');
+    const { machineNotify } = await import('./agentCommands-BvmStLoh.mjs');
     await machineNotify(message, level);
   } else if (machineSubcommand === "ls") {
-    const { machineLs } = await import('./commands-CrTDsMDZ.mjs');
+    const { machineLs } = await import('./commands-CWKFZm9s.mjs');
     let machineId;
     let showHidden = false;
     let path;
@@ -1318,8 +1344,92 @@ Usage:
   svamp daemon status                 Show daemon status
   svamp daemon install                Install as login service (macOS/Linux) \u2014 auto-start at login
   svamp daemon uninstall              Remove login service
+  svamp daemon auth                   Show Claude API auth mode used for spawned sessions
+  svamp daemon auth use-hypha-proxy   Route Claude through https://proxy.hypha.aicell.io with HYPHA_TOKEN
+  svamp daemon auth use-login         Use ~/.claude credentials (run "claude login" to set them)
+  svamp daemon auth set <URL> <KEY>   Use a custom Anthropic gateway (base URL must not end in /v1)
+
+Claude auth flags (take effect on next start/restart):
+  svamp daemon start --use-hypha-proxy
+  svamp daemon start --use-claude-login
+  svamp daemon start --anthropic-base-url URL --anthropic-api-key KEY
 `);
 }
+async function applyClaudeAuthFlags(argv) {
+  const hasHypha = argv.includes("--use-hypha-proxy");
+  const hasLogin = argv.includes("--use-claude-login") || argv.includes("--use-login");
+  const baseUrlIdx = argv.indexOf("--anthropic-base-url");
+  const apiKeyIdx = argv.indexOf("--anthropic-api-key");
+  const hasCustom = baseUrlIdx !== -1 || apiKeyIdx !== -1;
+  const chosen = [hasHypha, hasLogin, hasCustom].filter(Boolean).length;
+  if (chosen === 0) return;
+  if (chosen > 1) {
+    throw new Error(
+      "--use-hypha-proxy, --use-claude-login, and --anthropic-base-url/--anthropic-api-key are mutually exclusive"
+    );
+  }
+  const mod = await import('./run-CRwkPQDW.mjs').then(function (n) { return n.k; });
+  if (hasHypha) {
+    mod.setClaudeAuthHyphaProxy();
+    console.log("Claude auth configured: hypha-proxy (uses HYPHA_TOKEN live at each spawn).");
+    return;
+  }
+  if (hasLogin) {
+    mod.setClaudeAuthLogin();
+    console.log('Claude auth configured: login (uses ~/.claude credentials \u2014 run "claude login" if needed).');
+    return;
+  }
+  if (baseUrlIdx === -1 || apiKeyIdx === -1) {
+    throw new Error("--anthropic-base-url and --anthropic-api-key must be passed together");
+  }
+  const baseUrl = argv[baseUrlIdx + 1];
+  const apiKey = argv[apiKeyIdx + 1];
+  if (!baseUrl || baseUrl.startsWith("--")) throw new Error("--anthropic-base-url requires a value");
+  if (!apiKey || apiKey.startsWith("--")) throw new Error("--anthropic-api-key requires a value");
+  mod.setClaudeAuthCustom(baseUrl, apiKey);
+  console.log(`Claude auth configured: custom (base URL ${baseUrl}).`);
+}
+async function handleDaemonAuthCommand(argv) {
+  const sub = (argv[0] || "status").toLowerCase();
+  const mod = await import('./run-CRwkPQDW.mjs').then(function (n) { return n.k; });
+  if (sub === "status" || sub === "show") {
+    const s = mod.getClaudeAuthStatus();
+    console.log(`Claude auth mode: ${s.mode}`);
+    if (s.baseUrl) console.log(`  ANTHROPIC_BASE_URL: ${s.baseUrl}`);
+    if (s.apiKeyPreview) console.log(`  ANTHROPIC_API_KEY : ${s.apiKeyPreview}`);
+    if (s.mode === "login") {
+      console.log('  (Claude subprocesses will use credentials from ~/.claude \u2014 run "claude login" to set them.)');
+    }
+    if (s.hyphaTokenMissing) {
+      console.log('  WARNING: mode=hypha but HYPHA_TOKEN is not set \u2014 run "svamp login" first.');
+    }
+    return;
+  }
+  if (sub === "use-hypha-proxy") {
+    mod.setClaudeAuthHyphaProxy();
+    console.log('Claude auth set to hypha-proxy. Run "svamp daemon restart" to apply.');
+    return;
+  }
+  if (sub === "use-login" || sub === "use-claude-login") {
+    mod.setClaudeAuthLogin();
+    console.log('Claude auth set to login (~/.claude credentials). Run "svamp daemon restart" to apply.');
+    return;
+  }
+  if (sub === "set") {
+    const baseUrl = argv[1];
+    const apiKey = argv[2];
+    if (!baseUrl || !apiKey) {
+      console.error("Usage: svamp daemon auth set <base-url> <api-key>");
+      process.exit(1);
+    }
+    mod.setClaudeAuthCustom(baseUrl, apiKey);
+    console.log(`Claude auth set to custom (${baseUrl}). Run "svamp daemon restart" to apply.`);
+    return;
+  }
+  console.error(`Unknown subcommand: svamp daemon auth ${sub}`);
+  console.error("Available: status, use-hypha-proxy, use-login, set <URL> <KEY>");
+  process.exit(1);
+}
 function printSessionHelp() {
   console.log(`
 svamp session \u2014 Spawn and manage AI agent sessions

package/dist/{commands-CrTDsMDZ.mjs → commands-CWKFZm9s.mjs}

@@ -2,7 +2,7 @@ import { existsSync, readFileSync } from 'node:fs';
 import { execSync } from 'node:child_process';
 import { resolve, join } from 'node:path';
 import os from 'node:os';
-import { l as loadSecurityContextConfig, e as resolveSecurityContext, f as buildSecurityContextFromFlags, m as mergeSecurityContexts, c as connectToHypha } from './run-Dz0TkCj6.mjs';
+import { l as loadSecurityContextConfig, e as resolveSecurityContext, f as buildSecurityContextFromFlags, m as mergeSecurityContexts, c as connectToHypha } from './run-CRwkPQDW.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';

package/dist/{commands-Dz_JXrcs.mjs → commands-DVXppwx2.mjs}

@@ -1,11 +1,11 @@
 import { writeFileSync, readFileSync } from 'fs';
 import { resolve } from 'path';
-import { connectAndGetMachine } from './commands-CrTDsMDZ.mjs';
+import { connectAndGetMachine } from './commands-CWKFZm9s.mjs';
 import 'node:fs';
 import 'node:child_process';
 import 'node:path';
 import 'node:os';
-import './run-Dz0TkCj6.mjs';
+import './run-CRwkPQDW.mjs';
 import 'os';
 import 'fs/promises';
 import 'url';

package/dist/index.mjs

@@ -1,4 +1,4 @@
-export { c as connectToHypha, d as daemonStatus, g as getHyphaServerUrl, r as registerMachineService, a as registerSessionService, s as startDaemon, b as stopDaemon } from './run-Dz0TkCj6.mjs';
+export { c as connectToHypha, d as daemonStatus, g as getHyphaServerUrl, r as registerMachineService, a as registerSessionService, s as startDaemon, b as stopDaemon } from './run-CRwkPQDW.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';

package/dist/package-CPiu8-uW.mjs

@@ -0,0 +1,63 @@
+var name = "svamp-cli";
+var version = "0.2.39";
+var description = "Svamp CLI — AI workspace daemon on Hypha Cloud";
+var author = "Amun AI AB";
+var license = "SEE LICENSE IN LICENSE";
+var type = "module";
+var bin = {
+	svamp: "./bin/svamp.mjs"
+};
+var files = [
+	"dist",
+	"bin"
+];
+var main = "./dist/index.mjs";
+var exports$1 = {
+	".": "./dist/index.mjs",
+	"./cli": "./dist/cli.mjs"
+};
+var scripts = {
+	build: "rm -rf dist && tsc --noEmit && pkgroll",
+	typecheck: "tsc --noEmit",
+	test: "npx tsx test/test-authorize.mjs && npx tsx test/test-session-helpers.mjs && npx tsx test/test-cli-routing.mjs && npx tsx test/test-security-context.mjs && npx tsx test/test-isolation-decision.mjs && npx tsx test/test-ralph-loop.mjs && npx tsx test/test-message-helpers.mjs && npx tsx test/test-agent-config.mjs && npx tsx test/test-wrap-command.mjs && npx tsx test/test-credential-staging.mjs && npx tsx test/test-claude-auth.mjs && npx tsx test/test-output-formatters.mjs && npx tsx test/test-agent-types.mjs && npx tsx test/test-transport.mjs && npx tsx test/test-session-update-handlers.mjs && npx tsx test/test-session-scanner.mjs && npx tsx test/test-hypha-client.mjs && npx tsx test/test-hook-settings.mjs && npx tsx test/test-session-service-logic.mjs && npx tsx test/test-daemon-persistence.mjs && npx tsx test/test-detect-isolation.mjs && npx tsx test/test-machine-service-logic.mjs && npx tsx test/test-interactive-helpers.mjs && npx tsx test/test-codex-backend.mjs && npx tsx test/test-acp-backend.mjs && npx tsx test/test-acp-bridge.mjs && npx tsx test/test-hook-server.mjs && npx tsx test/test-session-commands.mjs && npx tsx test/test-interactive-console.mjs && npx tsx test/test-session-messages.mjs && npx tsx test/test-skills.mjs && npx tsx test/test-agent-grouping.mjs && npx tsx test/test-ralph-loop-integration.mjs && npx tsx test/test-ralph-loop-modes.mjs && npx tsx test/test-machine-list-directory.mjs && npx tsx test/test-service-commands.mjs && npx tsx test/test-supervisor.mjs && npx tsx test/test-supervisor-lock.mjs && npx tsx test/test-clear-detection.mjs && npx tsx test/test-session-consolidation.mjs && npx tsx test/test-inbox.mjs && npx tsx test/test-session-rpc-dispatch.mjs && npx tsx test/test-sandbox-cli.mjs && npx tsx test/test-serve-manager.mjs && npx tsx test/test-serve-stability.mjs && npx tsx test/test-frpc-e2e.mjs --unit-only",
+	"test:hypha": "node --no-warnings test/test-hypha-service.mjs",
+	dev: "tsx src/cli.ts",
+	"dev:daemon": "tsx src/cli.ts daemon start-sync",
+	"test:e2e": "node --no-warnings test/e2e-session-tests.mjs",
+	"test:frpc": "npx tsx test/test-frpc-e2e.mjs"
+};
+var dependencies = {
+	"@agentclientprotocol/sdk": "^0.14.1",
+	"@modelcontextprotocol/sdk": "^1.25.3",
+	"hypha-rpc": "0.21.36",
+	"node-pty": "1.2.0-beta.11",
+	ws: "^8.18.0",
+	yaml: "^2.8.2",
+	zod: "^3.24.4"
+};
+var devDependencies = {
+	"@types/node": ">=20",
+	"@types/ws": "^8.5.14",
+	pkgroll: "^2.14.2",
+	tsx: "^4.20.6",
+	typescript: "5.9.3"
+};
+var packageManager = "yarn@1.22.22";
+var _package = {
+	name: name,
+	version: version,
+	description: description,
+	author: author,
+	license: license,
+	type: type,
+	bin: bin,
+	files: files,
+	main: main,
+	exports: exports$1,
+	scripts: scripts,
+	dependencies: dependencies,
+	devDependencies: devDependencies,
+	packageManager: packageManager
+};
+
+export { author, bin, _package as default, dependencies, description, devDependencies, exports$1 as exports, files, license, main, name, packageManager, scripts, type, version };

package/dist/{run-BckEhiLq.mjs → run--6SzG2CH.mjs}

@@ -2,7 +2,7 @@ import{createRequire as _pkgrollCR}from"node:module";const require=_pkgrollCR(im
 import os from 'node:os';
 import { join, resolve } from 'node:path';
 import { mkdirSync, writeFileSync, existsSync, unlinkSync, readFileSync, watch } from 'node:fs';
-import { c as connectToHypha, a as registerSessionService } from './run-Dz0TkCj6.mjs';
+import { c as connectToHypha, a as registerSessionService } from './run-CRwkPQDW.mjs';
 import { createServer } from 'node:http';
 import { spawn } from 'node:child_process';
 import { createInterface } from 'node:readline';

package/dist/{run-Dz0TkCj6.mjs → run-CRwkPQDW.mjs}

@@ -4922,6 +4922,170 @@ var credentialStaging = /*#__PURE__*/Object.freeze({
     stageCredentialsForSharing: stageCredentialsForSharing
 });
 
+function shouldIsolate(input) {
+  if (input.forceIsolation) return true;
+  const sessionCtx = input.sessionSecurityContext;
+  if (sessionCtx === null) return false;
+  if (sessionCtx !== void 0) return true;
+  return input.optionsSecurityContext !== null && input.optionsSecurityContext !== void 0;
+}
+
+const HYPHA_PROXY_BASE_URL = "https://proxy.hypha.aicell.io";
+const MODE_KEY = "SVAMP_CLAUDE_PROXY";
+const MANAGED_KEYS = /* @__PURE__ */ new Set([
+  MODE_KEY,
+  "ANTHROPIC_BASE_URL",
+  "ANTHROPIC_API_KEY"
+]);
+function envFilePath() {
+  const svampHome = process.env.SVAMP_HOME || join$1(homedir(), ".svamp");
+  return join$1(svampHome, ".env");
+}
+function readEnvLines() {
+  const file = envFilePath();
+  if (!existsSync(file)) return [];
+  return readFileSync(file, "utf-8").split("\n");
+}
+function writeEnvLines(lines) {
+  const file = envFilePath();
+  const dir = join$1(file, "..");
+  if (!existsSync(dir)) mkdirSync$1(dir, { recursive: true });
+  while (lines.length > 0 && lines[lines.length - 1].trim() === "") {
+    lines.pop();
+  }
+  writeFileSync$1(file, lines.join("\n") + "\n", "utf-8");
+}
+function updateEnvFile(updates) {
+  const lines = readEnvLines();
+  const kept = [];
+  const remainingUpdates = new Map(Object.entries(updates));
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#")) {
+      kept.push(line);
+      continue;
+    }
+    const eq = trimmed.indexOf("=");
+    const key = eq === -1 ? trimmed : trimmed.slice(0, eq);
+    if (remainingUpdates.has(key)) {
+      const v = remainingUpdates.get(key);
+      remainingUpdates.delete(key);
+      if (v === void 0) continue;
+      kept.push(`${key}=${v}`);
+      continue;
+    }
+    kept.push(line);
+  }
+  for (const [key, v] of remainingUpdates) {
+    if (v === void 0) continue;
+    kept.push(`${key}=${v}`);
+  }
+  writeEnvLines(kept);
+}
+function currentMode() {
+  const raw = (process.env[MODE_KEY] || "").trim().toLowerCase();
+  if (raw === "hypha" || raw === "hypha-proxy") return "hypha";
+  if (raw === "custom") return "custom";
+  return "login";
+}
+function redactKey(key) {
+  if (!key) return void 0;
+  if (key.length <= 12) return "***";
+  return `${key.slice(0, 8)}\u2026${key.slice(-4)}`;
+}
+function getClaudeAuthStatus() {
+  const mode = currentMode();
+  if (mode === "hypha") {
+    const token = process.env.HYPHA_TOKEN;
+    return {
+      mode,
+      baseUrl: HYPHA_PROXY_BASE_URL,
+      apiKeyPreview: redactKey(token),
+      hyphaTokenMissing: !token
+    };
+  }
+  if (mode === "custom") {
+    return {
+      mode,
+      baseUrl: process.env.ANTHROPIC_BASE_URL,
+      apiKeyPreview: redactKey(process.env.ANTHROPIC_API_KEY)
+    };
+  }
+  return { mode: "login" };
+}
+function setClaudeAuthHyphaProxy() {
+  updateEnvFile({
+    [MODE_KEY]: "hypha",
+    // Hypha mode resolves token live at spawn — no stored copy.
+    ANTHROPIC_BASE_URL: void 0,
+    ANTHROPIC_API_KEY: void 0
+  });
+}
+function setClaudeAuthLogin() {
+  updateEnvFile({
+    [MODE_KEY]: void 0,
+    ANTHROPIC_BASE_URL: void 0,
+    ANTHROPIC_API_KEY: void 0
+  });
+}
+function setClaudeAuthCustom(baseUrl, apiKey) {
+  if (!baseUrl) throw new Error("ANTHROPIC_BASE_URL is required for custom mode");
+  if (!apiKey) throw new Error("ANTHROPIC_API_KEY is required for custom mode");
+  const trimmed = baseUrl.replace(/\/+$/, "");
+  if (trimmed.endsWith("/v1")) {
+    throw new Error(
+      "ANTHROPIC_BASE_URL must not end in /v1 \u2014 the SDK appends it, producing double /v1/v1/messages"
+    );
+  }
+  updateEnvFile({
+    [MODE_KEY]: "custom",
+    ANTHROPIC_BASE_URL: trimmed,
+    ANTHROPIC_API_KEY: apiKey
+  });
+}
+function applyClaudeProxyEnv(spawnEnv) {
+  const mode = currentMode();
+  if (mode === "hypha") {
+    const token = process.env.HYPHA_TOKEN;
+    if (!token) {
+      delete spawnEnv.ANTHROPIC_BASE_URL;
+      delete spawnEnv.ANTHROPIC_API_KEY;
+      return "hypha mode but HYPHA_TOKEN missing \u2014 falling back to login";
+    }
+    spawnEnv.ANTHROPIC_BASE_URL = HYPHA_PROXY_BASE_URL;
+    spawnEnv.ANTHROPIC_API_KEY = token;
+    return `hypha proxy (${HYPHA_PROXY_BASE_URL})`;
+  }
+  if (mode === "custom") {
+    const url = process.env.ANTHROPIC_BASE_URL;
+    const key = process.env.ANTHROPIC_API_KEY;
+    if (!url || !key) {
+      delete spawnEnv.ANTHROPIC_BASE_URL;
+      delete spawnEnv.ANTHROPIC_API_KEY;
+      return "custom mode but ANTHROPIC_BASE_URL/API_KEY missing \u2014 falling back to login";
+    }
+    spawnEnv.ANTHROPIC_BASE_URL = url;
+    spawnEnv.ANTHROPIC_API_KEY = key;
+    return `custom proxy (${url})`;
+  }
+  delete spawnEnv.ANTHROPIC_BASE_URL;
+  delete spawnEnv.ANTHROPIC_API_KEY;
+  return null;
+}
+const MANAGED_ENV_KEYS = Array.from(MANAGED_KEYS);
+
+var claudeAuth = /*#__PURE__*/Object.freeze({
+    __proto__: null,
+    HYPHA_PROXY_BASE_URL: HYPHA_PROXY_BASE_URL,
+    MANAGED_ENV_KEYS: MANAGED_ENV_KEYS,
+    applyClaudeProxyEnv: applyClaudeProxyEnv,
+    getClaudeAuthStatus: getClaudeAuthStatus,
+    setClaudeAuthCustom: setClaudeAuthCustom,
+    setClaudeAuthHyphaProxy: setClaudeAuthHyphaProxy,
+    setClaudeAuthLogin: setClaudeAuthLogin,
+    updateEnvFile: updateEnvFile
+});
+
 const DEFAULT_PROBE_INTERVAL_S = 10;
 const DEFAULT_PROBE_TIMEOUT_S = 5;
 const DEFAULT_PROBE_FAILURE_THRESHOLD = 3;
@@ -6300,6 +6464,20 @@ async function startDaemon(options) {
   process.on("SIGINT", () => requestShutdown("os-signal"));
   process.on("SIGTERM", () => requestShutdown("os-signal"));
   process.on("SIGUSR1", () => requestShutdown("os-signal-cleanup"));
+  const { watchParentLiveness } = await import('./supervisorLock-DwNAn0VN.mjs');
+  const cancelParentWatchdog = watchParentLiveness({
+    intervalMs: 5e3,
+    onParentDeath: () => {
+      logger.log("Supervisor process died \u2014 sync daemon shutting down to avoid orphan state");
+      requestShutdown("supervisor-died");
+    }
+  });
+  process.on("exit", () => {
+    try {
+      cancelParentWatchdog();
+    } catch {
+    }
+  });
   process.on("uncaughtException", (error) => {
     if (shutdownRequested) return;
     logger.error("Uncaught exception (non-fatal, daemon continues):", error);
@@ -6585,8 +6763,7 @@ async function startDaemon(options) {
             }
           });
         }, buildIsolationConfig2 = function(dir) {
-          if (!options2.forceIsolation && !sessionMetadata.sharing?.enabled) return null;
-          if (sessionMetadata.securityContext === null) return null;
+          if (!shouldIsolateSession()) return null;
           const method = isolationCapabilities.preferred;
           if (!method) return null;
           const detail = isolationCapabilities.details[method];
@@ -6603,10 +6780,10 @@ async function startDaemon(options) {
               trustOverride: true
             };
           }
-          if (sessionMetadata.sharing?.enabled && stagedCredentials) {
+          if (stagedCredentials) {
             config.credentialStagingPath = stagedCredentials.homePath;
           }
-          const activeSecurityContext = sessionMetadata.securityContext ?? options2.securityContext;
+          const activeSecurityContext = getActiveSecurityContext();
           if (activeSecurityContext) {
             config = applySecurityContext(config, activeSecurityContext);
           }
@@ -6743,6 +6920,12 @@ async function startDaemon(options) {
           "auto-approve-all": "bypassPermissions"
         };
         const toClaudePermissionMode = (mode) => CLAUDE_PERMISSION_MODE_MAP[mode] || mode;
+        const getActiveSecurityContext = () => sessionMetadata.securityContext ?? options2.securityContext;
+        const shouldIsolateSession = () => shouldIsolate({
+          forceIsolation: options2.forceIsolation,
+          sessionSecurityContext: sessionMetadata.securityContext,
+          optionsSecurityContext: options2.securityContext
+        });
         let isolationCleanupFiles = [];
         const spawnClaude = (initialMessage, meta) => {
           const effectiveMeta = { ...lastSpawnMeta, ...meta };
@@ -6786,7 +6969,7 @@ async function startDaemon(options) {
             if (wrapped.cleanupFiles) isolationCleanupFiles = wrapped.cleanupFiles;
             sessionMetadata = { ...sessionMetadata, isolationMethod: isoConfig.method };
             logger.log(`[Session ${sessionId}] Isolation: ${isoConfig.method} (binary: ${isoConfig.binaryPath})`);
-          } else if (options2.forceIsolation || sessionMetadata.sharing?.enabled) {
+          } else if (shouldIsolateSession()) {
             logger.log(`[Session ${sessionId}] WARNING: No isolation runtime (nono/docker/podman) available. Session is NOT sandboxed.`);
             sessionMetadata = { ...sessionMetadata, isolationMethod: void 0 };
           } else {
@@ -6797,18 +6980,19 @@ async function startDaemon(options) {
           delete spawnEnv.CLAUDECODE;
           spawnEnv.SVAMP_SESSION_ID = sessionId;
           delete spawnEnv.SVAMP_SANDBOXED;
-          if (sessionMetadata.sharing?.enabled && stagedCredentials) {
+          const proxyDesc = applyClaudeProxyEnv(spawnEnv);
+          if (proxyDesc) {
+            logger.log(`[Session ${sessionId}] Claude auth: ${proxyDesc}`);
+          }
+          if (isoConfig && stagedCredentials) {
             Object.assign(spawnEnv, stagedCredentials.env);
             const filtered = {};
             for (const [k, v] of Object.entries(spawnEnv)) {
               if (v !== void 0) filtered[k] = v;
             }
             spawnEnv = sanitizeEnvForSharing(filtered);
-            logger.log(`[Session ${sessionId}] Credential staging: HOME=${stagedCredentials.homePath}`);
-            if (sessionMetadata.securityContext) {
-              spawnEnv.SVAMP_SANDBOXED = "1";
-              logger.log(`[Session ${sessionId}] Sandbox mode: ON (securityContext present)`);
-            }
+            spawnEnv.SVAMP_SANDBOXED = "1";
+            logger.log(`[Session ${sessionId}] Credential staging: HOME=${stagedCredentials.homePath}, SVAMP_SANDBOXED=1`);
           }
           const child = spawn$1(spawnCommand, spawnArgs, {
             cwd: directory,
@@ -7419,6 +7603,14 @@ The automated loop has finished. Review the progress above and let me know if yo
               return { success: false, message: "Session was stopped during restart." };
             }
             if (claudeResumeId) {
+              if (!stagedCredentials && shouldIsolateSession()) {
+                try {
+                  stagedCredentials = await stageCredentialsForSharing(sessionId);
+                  logger.log(`[Session ${sessionId}] Credentials staged at ${stagedCredentials.homePath} (runtime enable)`);
+                } catch (err) {
+                  logger.log(`[Session ${sessionId}] WARNING: Runtime credential staging failed: ${err.message}.`);
+                }
+              }
               spawnClaude(void 0, { permissionMode: currentPermissionMode });
               sessionService.updateMetadata(sessionMetadata);
               logger.log(`[Session ${sessionId}] Claude respawned with --resume ${claudeResumeId}`);
@@ -7435,12 +7627,12 @@ The automated loop has finished. Review the progress above and let me know if yo
             isRestartingClaude = false;
           }
         };
-        if (sessionMetadata.sharing?.enabled) {
+        if (shouldIsolateSession()) {
           try {
             stagedCredentials = await stageCredentialsForSharing(sessionId);
             logger.log(`[Session ${sessionId}] Credentials staged at ${stagedCredentials.homePath}`);
           } catch (err) {
-            logger.log(`[Session ${sessionId}] WARNING: Credential staging failed: ${err.message}. Shared users may have access to ~/.claude history.`);
+            logger.log(`[Session ${sessionId}] WARNING: Credential staging failed: ${err.message}.`);
           }
         }
         let processMessageQueueRef;
@@ -8357,7 +8549,8 @@ The automated loop has finished. Review the progress above and let me know if yo
         const writeSvampConfigPatchAcp = svampConfigChecker.writeConfig;
         const permissionHandler = new HyphaPermissionHandler(shouldAutoAllow2, logger.log);
         let agentIsoConfig;
-        if ((options2.forceIsolation || sessionMetadata.sharing?.enabled) && isolationCapabilities.preferred) {
+        const agentShouldIsolate = Boolean(options2.forceIsolation) || Boolean(options2.securityContext);
+        if (agentShouldIsolate && isolationCapabilities.preferred) {
           const method = isolationCapabilities.preferred;
           const detail = isolationCapabilities.details[method];
           if (detail.found && detail.verified !== false) {
@@ -9014,18 +9207,31 @@ The automated loop has finished. Review the progress above and let me know if yo
     }, HEARTBEAT_INTERVAL_MS);
     const PROXY_TOKEN_REFRESH_INTERVAL_MS = 7 * 24 * 60 * 60 * 1e3;
     let proxyTokenRefreshInterval;
-    if (process.env.ANTHROPIC_BASE_URL) {
+    const proxyMode = (process.env.SVAMP_CLAUDE_PROXY || "").toLowerCase();
+    if (proxyMode === "hypha" || proxyMode === "hypha-proxy") {
+      const refreshProxyToken = async () => {
+        try {
+          const freshToken = await server.generateToken({ expires_in: 30 * 24 * 3600 });
+          process.env.HYPHA_TOKEN = freshToken;
+          logger.log("Hypha proxy token refreshed (30-day expiry)");
+        } catch (err) {
+          logger.log(`Hypha proxy token refresh failed (will retry in 7 days): ${err}`);
+        }
+      };
+      proxyTokenRefreshInterval = setInterval(refreshProxyToken, PROXY_TOKEN_REFRESH_INTERVAL_MS);
+      logger.log("Hypha proxy token auto-refresh enabled (every 7 days)");
+    } else if (process.env.ANTHROPIC_BASE_URL && !process.env.SVAMP_CLAUDE_PROXY) {
       const refreshProxyToken = async () => {
         try {
           const freshToken = await server.generateToken({ expires_in: 30 * 24 * 3600 });
           process.env.ANTHROPIC_API_KEY = freshToken;
-          logger.log("Proxy token refreshed (30-day expiry)");
+          logger.log("Proxy token refreshed (legacy, 30-day expiry)");
         } catch (err) {
           logger.log(`Proxy token refresh failed (will retry in 7 days): ${err}`);
         }
       };
       proxyTokenRefreshInterval = setInterval(refreshProxyToken, PROXY_TOKEN_REFRESH_INTERVAL_MS);
-      logger.log("Proxy token auto-refresh enabled (every 7 days)");
+      logger.log("Proxy token auto-refresh enabled (legacy mode, every 7 days)");
     }
     let oauthRefreshInterval;
     const refreshOAuthAndRestageCredentials = async () => {
@@ -9363,4 +9569,4 @@ var run = /*#__PURE__*/Object.freeze({
     stopDaemon: stopDaemon
 });
 
-export { DefaultTransport$1 as D, GeminiTransport$1 as G, registerSessionService as a, stopDaemon as b, connectToHypha as c, daemonStatus as d, resolveSecurityContext as e, buildSecurityContextFromFlags as f, getHyphaServerUrl as g, acpBackend as h, acpAgentConfig as i, codexMcpBackend as j, run as k, loadSecurityContextConfig as l, mergeSecurityContexts as m, registerMachineService as r, startDaemon as s };
+export { DefaultTransport$1 as D, GeminiTransport$1 as G, registerSessionService as a, stopDaemon as b, connectToHypha as c, daemonStatus as d, resolveSecurityContext as e, buildSecurityContextFromFlags as f, getHyphaServerUrl as g, acpBackend as h, acpAgentConfig as i, codexMcpBackend as j, claudeAuth as k, loadSecurityContextConfig as l, mergeSecurityContexts as m, run as n, registerMachineService as r, startDaemon as s };

package/dist/{serveCommands-FnBtBifV.mjs → serveCommands-B9Dq2loo.mjs}

@@ -52,7 +52,7 @@ async function handleServeCommand() {
   }
 }
 async function serveAdd(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-CrTDsMDZ.mjs');
+  const { connectAndGetMachine } = await import('./commands-CWKFZm9s.mjs');
   const pos = positionalArgs(args);
   const name = pos[0];
   if (!name) {
@@ -84,7 +84,7 @@ async function serveAdd(args, machineId) {
   }
 }
 async function serveRemove(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-CrTDsMDZ.mjs');
+  const { connectAndGetMachine } = await import('./commands-CWKFZm9s.mjs');
   const pos = positionalArgs(args);
   const name = pos[0];
   if (!name) {
@@ -104,7 +104,7 @@ async function serveRemove(args, machineId) {
   }
 }
 async function serveList(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-CrTDsMDZ.mjs');
+  const { connectAndGetMachine } = await import('./commands-CWKFZm9s.mjs');
   const all = hasFlag(args, "--all", "-a");
   const json = hasFlag(args, "--json");
   const sessionId = getFlag(args, "--session");
@@ -137,7 +137,7 @@ async function serveList(args, machineId) {
   }
 }
 async function serveInfo(machineId) {
-  const { connectAndGetMachine } = await import('./commands-CrTDsMDZ.mjs');
+  const { connectAndGetMachine } = await import('./commands-CWKFZm9s.mjs');
   const { machine, server } = await connectAndGetMachine(machineId);
   try {
     const info = await machine.serveInfo();

package/dist/supervisorLock-DwNAn0VN.mjs

@@ -0,0 +1,157 @@
+import { existsSync, readFileSync, unlinkSync, openSync, writeSync, closeSync } from 'node:fs';
+import { execFileSync } from 'node:child_process';
+
+function acquireSupervisorLock(pidFile, pid = process.pid) {
+  try {
+    const fd = openSync(pidFile, "wx");
+    try {
+      writeSync(fd, String(pid));
+    } finally {
+      closeSync(fd);
+    }
+    return { acquired: true };
+  } catch (err) {
+    if (err?.code !== "EEXIST") throw err;
+  }
+  let existingPid = 0;
+  try {
+    existingPid = parseInt(readFileSync(pidFile, "utf-8").trim(), 10);
+  } catch {
+  }
+  if (!existingPid || Number.isNaN(existingPid) || existingPid <= 0) {
+    try {
+      unlinkSync(pidFile);
+    } catch {
+    }
+    return { acquired: false, staleCleaned: true };
+  }
+  if (isPidAlive(existingPid)) {
+    return { acquired: false, heldBy: existingPid };
+  }
+  try {
+    unlinkSync(pidFile);
+  } catch {
+  }
+  return { acquired: false, staleCleaned: true };
+}
+function acquireSupervisorLockWithRetry(pidFile, pid = process.pid) {
+  let result = acquireSupervisorLock(pidFile, pid);
+  if (!result.acquired && result.staleCleaned) {
+    result = acquireSupervisorLock(pidFile, pid);
+  }
+  return { acquired: result.acquired, heldBy: result.heldBy };
+}
+function releaseSupervisorLock(pidFile, pid = process.pid) {
+  try {
+    if (!existsSync(pidFile)) return;
+    const content = parseInt(readFileSync(pidFile, "utf-8").trim(), 10);
+    if (content === pid) unlinkSync(pidFile);
+  } catch {
+  }
+}
+function isPidAlive(pid) {
+  if (!pid || Number.isNaN(pid) || pid <= 0) return false;
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function findOrphanedSyncPids(currentSupervisorPid = process.pid) {
+  if (process.platform === "win32") return [];
+  const pids = [];
+  try {
+    const output = execFileSync("pgrep", ["-af", "svamp daemon start-sync"], {
+      encoding: "utf-8",
+      timeout: 5e3
+    });
+    for (const line of output.split("\n")) {
+      const trimmed = line.trim();
+      if (!trimmed) continue;
+      const match = trimmed.match(/^(\d+)\s/);
+      if (!match) continue;
+      const pid = parseInt(match[1], 10);
+      if (Number.isNaN(pid) || pid <= 0) continue;
+      if (pid === process.pid) continue;
+      const ppid = getPpid(pid);
+      if (ppid === currentSupervisorPid) continue;
+      pids.push(pid);
+    }
+  } catch (err) {
+    if (err?.status !== 1) ;
+  }
+  return pids;
+}
+function getPpid(pid) {
+  if (process.platform === "win32") return 0;
+  try {
+    const out = execFileSync("ps", ["-o", "ppid=", "-p", String(pid)], {
+      encoding: "utf-8",
+      timeout: 2e3
+    }).trim();
+    const ppid = parseInt(out, 10);
+    return Number.isNaN(ppid) ? 0 : ppid;
+  } catch {
+    return 0;
+  }
+}
+async function killOrphanedSyncs(pids, opts = {}) {
+  if (pids.length === 0) return;
+  const log = opts.log || (() => {
+  });
+  const gracePeriodMs = opts.gracePeriodMs ?? 3e3;
+  log(`Killing ${pids.length} orphan sync daemon(s): ${pids.join(", ")}`);
+  for (const pid of pids) {
+    try {
+      process.kill(pid, "SIGTERM");
+    } catch {
+    }
+  }
+  const pollStep = 100;
+  const steps = Math.max(1, Math.ceil(gracePeriodMs / pollStep));
+  for (let i = 0; i < steps; i++) {
+    await new Promise((r) => setTimeout(r, pollStep));
+    if (pids.every((p) => !isPidAlive(p))) {
+      log("All orphan daemons exited cleanly");
+      return;
+    }
+  }
+  const survivors = pids.filter(isPidAlive);
+  if (survivors.length > 0) {
+    log(`Force-killing survivors: ${survivors.join(", ")}`);
+    for (const pid of survivors) {
+      try {
+        process.kill(pid, "SIGKILL");
+      } catch {
+      }
+    }
+  }
+}
+function watchParentLiveness(opts) {
+  if (process.env.SVAMP_SUPERVISED !== "1") {
+    return () => {
+    };
+  }
+  const supervisorPid = process.ppid;
+  if (!supervisorPid || supervisorPid === 1) {
+    return () => {
+    };
+  }
+  const intervalMs = opts.intervalMs ?? 5e3;
+  let fired = false;
+  const timer = setInterval(() => {
+    if (fired) return;
+    if (!isPidAlive(supervisorPid)) {
+      fired = true;
+      clearInterval(timer);
+      opts.onParentDeath();
+    }
+  }, intervalMs);
+  timer.unref?.();
+  return () => {
+    clearInterval(timer);
+  };
+}
+
+export { acquireSupervisorLock, acquireSupervisorLockWithRetry, findOrphanedSyncPids, getPpid, isPidAlive, killOrphanedSyncs, releaseSupervisorLock, watchParentLiveness };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svamp-cli",
-  "version": "0.2.37",
+  "version": "0.2.39",
   "description": "Svamp CLI — AI workspace daemon on Hypha Cloud",
   "author": "Amun AI AB",
   "license": "SEE LICENSE IN LICENSE",
@@ -20,7 +20,7 @@
   "scripts": {
     "build": "rm -rf dist && tsc --noEmit && pkgroll",
     "typecheck": "tsc --noEmit",
-    "test": "npx tsx test/test-authorize.mjs && npx tsx test/test-session-helpers.mjs && npx tsx test/test-cli-routing.mjs && npx tsx test/test-security-context.mjs && npx tsx test/test-ralph-loop.mjs && npx tsx test/test-message-helpers.mjs && npx tsx test/test-agent-config.mjs && npx tsx test/test-wrap-command.mjs && npx tsx test/test-credential-staging.mjs && npx tsx test/test-output-formatters.mjs && npx tsx test/test-agent-types.mjs && npx tsx test/test-transport.mjs && npx tsx test/test-session-update-handlers.mjs && npx tsx test/test-session-scanner.mjs && npx tsx test/test-hypha-client.mjs && npx tsx test/test-hook-settings.mjs && npx tsx test/test-session-service-logic.mjs && npx tsx test/test-daemon-persistence.mjs && npx tsx test/test-detect-isolation.mjs && npx tsx test/test-machine-service-logic.mjs && npx tsx test/test-interactive-helpers.mjs && npx tsx test/test-codex-backend.mjs && npx tsx test/test-acp-backend.mjs && npx tsx test/test-acp-bridge.mjs && npx tsx test/test-hook-server.mjs && npx tsx test/test-session-commands.mjs && npx tsx test/test-interactive-console.mjs && npx tsx test/test-session-messages.mjs && npx tsx test/test-skills.mjs && npx tsx test/test-agent-grouping.mjs && npx tsx test/test-ralph-loop-integration.mjs && npx tsx test/test-ralph-loop-modes.mjs && npx tsx test/test-machine-list-directory.mjs && npx tsx test/test-service-commands.mjs && npx tsx test/test-supervisor.mjs && npx tsx test/test-clear-detection.mjs && npx tsx test/test-session-consolidation.mjs && npx tsx test/test-inbox.mjs && npx tsx test/test-session-rpc-dispatch.mjs && npx tsx test/test-sandbox-cli.mjs && npx tsx test/test-serve-manager.mjs && npx tsx test/test-serve-stability.mjs && npx tsx test/test-frpc-e2e.mjs --unit-only",
+    "test": "npx tsx test/test-authorize.mjs && npx tsx test/test-session-helpers.mjs && npx tsx test/test-cli-routing.mjs && npx tsx test/test-security-context.mjs && npx tsx test/test-isolation-decision.mjs && npx tsx test/test-ralph-loop.mjs && npx tsx test/test-message-helpers.mjs && npx tsx test/test-agent-config.mjs && npx tsx test/test-wrap-command.mjs && npx tsx test/test-credential-staging.mjs && npx tsx test/test-claude-auth.mjs && npx tsx test/test-output-formatters.mjs && npx tsx test/test-agent-types.mjs && npx tsx test/test-transport.mjs && npx tsx test/test-session-update-handlers.mjs && npx tsx test/test-session-scanner.mjs && npx tsx test/test-hypha-client.mjs && npx tsx test/test-hook-settings.mjs && npx tsx test/test-session-service-logic.mjs && npx tsx test/test-daemon-persistence.mjs && npx tsx test/test-detect-isolation.mjs && npx tsx test/test-machine-service-logic.mjs && npx tsx test/test-interactive-helpers.mjs && npx tsx test/test-codex-backend.mjs && npx tsx test/test-acp-backend.mjs && npx tsx test/test-acp-bridge.mjs && npx tsx test/test-hook-server.mjs && npx tsx test/test-session-commands.mjs && npx tsx test/test-interactive-console.mjs && npx tsx test/test-session-messages.mjs && npx tsx test/test-skills.mjs && npx tsx test/test-agent-grouping.mjs && npx tsx test/test-ralph-loop-integration.mjs && npx tsx test/test-ralph-loop-modes.mjs && npx tsx test/test-machine-list-directory.mjs && npx tsx test/test-service-commands.mjs && npx tsx test/test-supervisor.mjs && npx tsx test/test-supervisor-lock.mjs && npx tsx test/test-clear-detection.mjs && npx tsx test/test-session-consolidation.mjs && npx tsx test/test-inbox.mjs && npx tsx test/test-session-rpc-dispatch.mjs && npx tsx test/test-sandbox-cli.mjs && npx tsx test/test-serve-manager.mjs && npx tsx test/test-serve-stability.mjs && npx tsx test/test-frpc-e2e.mjs --unit-only",
     "test:hypha": "node --no-warnings test/test-hypha-service.mjs",
     "dev": "tsx src/cli.ts",
     "dev:daemon": "tsx src/cli.ts daemon start-sync",

package/dist/package-DRX_LQ92.mjs

@@ -1,63 +0,0 @@
-var name = "svamp-cli";
-var version = "0.2.37";
-var description = "Svamp CLI — AI workspace daemon on Hypha Cloud";
-var author = "Amun AI AB";
-var license = "SEE LICENSE IN LICENSE";
-var type = "module";
-var bin = {
-	svamp: "./bin/svamp.mjs"
-};
-var files = [
-	"dist",
-	"bin"
-];
-var main = "./dist/index.mjs";
-var exports$1 = {
-	".": "./dist/index.mjs",
-	"./cli": "./dist/cli.mjs"
-};
-var scripts = {
-	build: "rm -rf dist && tsc --noEmit && pkgroll",
-	typecheck: "tsc --noEmit",
-	test: "npx tsx test/test-authorize.mjs && npx tsx test/test-session-helpers.mjs && npx tsx test/test-cli-routing.mjs && npx tsx test/test-security-context.mjs && npx tsx test/test-ralph-loop.mjs && npx tsx test/test-message-helpers.mjs && npx tsx test/test-agent-config.mjs && npx tsx test/test-wrap-command.mjs && npx tsx test/test-credential-staging.mjs && npx tsx test/test-output-formatters.mjs && npx tsx test/test-agent-types.mjs && npx tsx test/test-transport.mjs && npx tsx test/test-session-update-handlers.mjs && npx tsx test/test-session-scanner.mjs && npx tsx test/test-hypha-client.mjs && npx tsx test/test-hook-settings.mjs && npx tsx test/test-session-service-logic.mjs && npx tsx test/test-daemon-persistence.mjs && npx tsx test/test-detect-isolation.mjs && npx tsx test/test-machine-service-logic.mjs && npx tsx test/test-interactive-helpers.mjs && npx tsx test/test-codex-backend.mjs && npx tsx test/test-acp-backend.mjs && npx tsx test/test-acp-bridge.mjs && npx tsx test/test-hook-server.mjs && npx tsx test/test-session-commands.mjs && npx tsx test/test-interactive-console.mjs && npx tsx test/test-session-messages.mjs && npx tsx test/test-skills.mjs && npx tsx test/test-agent-grouping.mjs && npx tsx test/test-ralph-loop-integration.mjs && npx tsx test/test-ralph-loop-modes.mjs && npx tsx test/test-machine-list-directory.mjs && npx tsx test/test-service-commands.mjs && npx tsx test/test-supervisor.mjs && npx tsx test/test-clear-detection.mjs && npx tsx test/test-session-consolidation.mjs && npx tsx test/test-inbox.mjs && npx tsx test/test-session-rpc-dispatch.mjs && npx tsx test/test-sandbox-cli.mjs && npx tsx test/test-serve-manager.mjs && npx tsx test/test-serve-stability.mjs && npx tsx test/test-frpc-e2e.mjs --unit-only",
-	"test:hypha": "node --no-warnings test/test-hypha-service.mjs",
-	dev: "tsx src/cli.ts",
-	"dev:daemon": "tsx src/cli.ts daemon start-sync",
-	"test:e2e": "node --no-warnings test/e2e-session-tests.mjs",
-	"test:frpc": "npx tsx test/test-frpc-e2e.mjs"
-};
-var dependencies = {
-	"@agentclientprotocol/sdk": "^0.14.1",
-	"@modelcontextprotocol/sdk": "^1.25.3",
-	"hypha-rpc": "0.21.36",
-	"node-pty": "1.2.0-beta.11",
-	ws: "^8.18.0",
-	yaml: "^2.8.2",
-	zod: "^3.24.4"
-};
-var devDependencies = {
-	"@types/node": ">=20",
-	"@types/ws": "^8.5.14",
-	pkgroll: "^2.14.2",
-	tsx: "^4.20.6",
-	typescript: "5.9.3"
-};
-var packageManager = "yarn@1.22.22";
-var _package = {
-	name: name,
-	version: version,
-	description: description,
-	author: author,
-	license: license,
-	type: type,
-	bin: bin,
-	files: files,
-	main: main,
-	exports: exports$1,
-	scripts: scripts,
-	dependencies: dependencies,
-	devDependencies: devDependencies,
-	packageManager: packageManager
-};
-
-export { author, bin, _package as default, dependencies, description, devDependencies, exports$1 as exports, files, license, main, name, packageManager, scripts, type, version };