agent-manager-cli 0.1.8__tar.gz → 0.1.10__tar.gz

{agent_manager_cli-0.1.8 → agent_manager_cli-0.1.10}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: agent-manager-cli
-Version: 0.1.8
+Version: 0.1.10
 Summary: CLI для удалённого управления AI-агентами — Node Agent, daemon, сканер сессий
 License-Expression: MIT
 Requires-Python: >=3.11

{agent_manager_cli-0.1.8 → agent_manager_cli-0.1.10}/am/cli.py

@@ -21,6 +21,7 @@ import json
 import os
 import subprocess
 import sys
+import time
 from pathlib import Path
 
 import websockets
@@ -318,6 +319,63 @@ def _log(prefix: str, msg: str) -> None:
     print(f"[{prefix}] {msg}", file=sys.stderr)
 
 
+def _read_claude_oauth_token() -> str | None:
+    """Read Claude Code's OAuth access token from the system credential
+    store. Currently macOS-only (keychain)."""
+    if sys.platform != "darwin":
+        return None
+    try:
+        result = subprocess.run(
+            ["security", "find-generic-password", "-s", "Claude Code-credentials", "-w"],
+            capture_output=True,
+            text=True,
+            timeout=3,
+        )
+        if result.returncode != 0:
+            return None
+        creds = json.loads(result.stdout)
+        return creds.get("claudeAiOauth", {}).get("accessToken") or None
+    except (subprocess.TimeoutExpired, json.JSONDecodeError, OSError):
+        return None
+
+
+def fetch_claude_usage() -> dict | None:
+    """Query Claude's `/api/oauth/usage` endpoint using the locally-stored
+    OAuth token. Returns the raw JSON payload (five_hour, seven_day,
+    seven_day_sonnet, extra_usage, ...) or `None` on any failure.
+
+    This is meant to be called periodically by the node agent so the
+    backend can push usage info to the UI for a quota bar."""
+    import urllib.error
+    import urllib.request
+
+    token = _read_claude_oauth_token()
+    if not token:
+        return None
+
+    req = urllib.request.Request(
+        "https://api.anthropic.com/api/oauth/usage",
+        headers={
+            "Authorization": f"Bearer {token}",
+            # Same header Claude CLI sends — without it the endpoint
+            # returns 401 with "oauth beta required" or similar.
+            "anthropic-beta": "oauth-2025-04-20",
+            "User-Agent": "agent-manager-cli",
+        },
+        method="GET",
+    )
+    try:
+        with _safe_urlopen(req, timeout=5) as resp:
+            return json.loads(resp.read())
+    except urllib.error.HTTPError as e:
+        if e.code == 429:
+            # Rate limited — caller should back off.
+            return {"_rate_limited": True}
+        return None
+    except Exception:
+        return None
+
+
 def _safe_urlopen(url, **kwargs):
     """urlopen wrapper that only allows http/https schemes."""
     import urllib.request
@@ -348,11 +406,16 @@ CLAUDE_PERMISSION_MODES_ALL = (
 
 
 def _build_claude_hook_settings() -> str:
-    """Inline JSON payload for `claude --settings` that registers our
-    PreToolUse hook. The hook is `am permission-hook` — a subcommand of
-    this very CLI that forwards each permission request to the backend
-    and routes the user's answer back to Claude."""
-    # Quote sys.executable properly in case of spaces in path.
+    """Inline JSON payload for `claude --settings` that:
+
+      1. Registers our PreToolUse hook (`am permission-hook`) so every
+         tool call routes through the backend → UI dialog → back.
+      2. Disables sandbox mode (`sandbox.enabled: false`). Agents spawned
+         via AgentManager are usually run against trusted project dirs
+         and the sandbox friction (extra approval prompts for anything
+         non-obvious) is unwanted. Matches `/sandbox` "disabled" state
+         in the interactive TUI.
+    """
     import shlex
 
     cmd_str = f"{shlex.quote(sys.executable)} -m am permission-hook"
@@ -370,7 +433,8 @@ def _build_claude_hook_settings() -> str:
                         ],
                     }
                 ]
-            }
+            },
+            "sandbox": {"enabled": False},
         }
     )
 
@@ -394,6 +458,11 @@ def _build_cli_command(
             "--continue",
             "--resume",
             session_id,
+            "--model",
+            # "opus" resolves to the latest Opus at runtime — AgentManager's
+            # default model for agent work (most capable). UI-side
+            # ModelToggle can override this later via set_model control.
+            "opus",
             "--output-format",
             "stream-json",
             "--input-format",
@@ -493,6 +562,13 @@ async def run_daemon_bidirectional(ws_url: str, ws_token: str, command: list[str
         # echo the input in `updatedInput`.
         pending_tool_requests: dict[str, dict] = {}
 
+        # Flipped to True by `_read_ws` when it receives an explicit
+        # {"type": "stop"} from the backend. Used by the main loop below
+        # to pick the correct log message — otherwise an explicit Stop
+        # got reported as "WS closed while Claude is still running" which
+        # was misleading (the WS wasn't actually closed).
+        explicit_stop = False
+
         async def _read_stdout():
             nonlocal sent_count, session_id
             line_num = 0
@@ -567,6 +643,7 @@ async def run_daemon_bidirectional(ws_url: str, ws_token: str, command: list[str
             _log("daemon", f"stdout closed. Sent {sent_count} events.")
 
         async def _read_ws():
+            nonlocal explicit_stop
             try:
                 async for raw_msg in ws:
                     try:
@@ -645,6 +722,7 @@ async def run_daemon_bidirectional(ws_url: str, ws_token: str, command: list[str
                             proc.stdin.flush()
                             _log("stdin", f"set_permission_mode: {mode}")
                     elif msg_type == "stop":
+                        explicit_stop = True
                         _log("daemon", "Stop received — terminating Claude CLI")
                         try:
                             proc.terminate()
@@ -656,8 +734,42 @@ async def run_daemon_bidirectional(ws_url: str, ws_token: str, command: list[str
 
         stdout_task = asyncio.create_task(_read_stdout())
         ws_task = asyncio.create_task(_read_ws())
-        await stdout_task
-        ws_task.cancel()
+
+        # Run both in parallel. Normally stdout_task finishes first
+        # (Claude exits naturally at end of task). If ws_task finishes
+        # first it means the backend connection died — in that case we
+        # have no way to recover the session, so we terminate Claude
+        # so the daemon subprocess exits cleanly. The node agent will
+        # detect the dead subprocess and spawn a fresh one on the next
+        # attach command (with --continue --resume so history is kept).
+        done, _pending = await asyncio.wait(
+            [stdout_task, ws_task],
+            return_when=asyncio.FIRST_COMPLETED,
+        )
+
+        if ws_task in done and proc.returncode is None and not explicit_stop:
+            # Unexpected WS closure (backend restart, proxy timeout, etc.)
+            # — kill Claude so our subprocess tree exits cleanly; the
+            # node agent will respawn it on the next attach command.
+            _log(
+                "daemon",
+                "WS closed while Claude is still running — terminating CLI "
+                "(node agent will respawn on next attach)",
+            )
+            try:
+                proc.terminate()
+            except ProcessLookupError:
+                pass
+
+        # Let remaining tasks clean up (stdout_task should exit once
+        # claude's stdout closes after terminate).
+        for task in (stdout_task, ws_task):
+            if not task.done():
+                task.cancel()
+                try:
+                    await task
+                except (asyncio.CancelledError, Exception):
+                    pass
 
     proc.wait()
     _log("daemon", f"Process exited with code {proc.returncode}")
@@ -833,6 +945,7 @@ async def _run_node_agent(
     secure: bool,
     access_token: str,
     daemon_procs: dict[str, asyncio.subprocess.Process],
+    daemon_started_at: dict[str, float],
 ) -> None:
     """Run the node agent: connect, scan sessions, handle attach commands.
 
@@ -888,8 +1001,41 @@ async def _run_node_agent(
         async def _heartbeat():
             while True:
                 await asyncio.sleep(25)
+                # Reap any daemon subprocesses that have exited so we
+                # don't report them as alive.
+                dead = [aid for aid, p in daemon_procs.items() if p.returncode is not None]
+                for aid in dead:
+                    daemon_procs.pop(aid, None)
+
+                # Drop started_at entries for dead daemons too.
+                for aid in dead:
+                    daemon_started_at.pop(aid, None)
+
+                # Report live daemons to the backend so it can refresh
+                # `daemon:live:{id}` heartbeats. This is the source of
+                # truth for the UI's `is_daemon_alive` check — without
+                # it the backend has no way to know when a daemon
+                # subprocess is alive but its own ws to the backend is
+                # dead (orphaned after backend restart, etc.).
+                alive_ids = [aid for aid, p in daemon_procs.items() if p.returncode is None]
+                daemons_info = [
+                    {
+                        "id": aid,
+                        "pid": daemon_procs[aid].pid,
+                        "started_at": daemon_started_at.get(aid),
+                    }
+                    for aid in alive_ids
+                ]
                 try:
-                    await ws.send(json.dumps({"type": "heartbeat"}))
+                    await ws.send(
+                        json.dumps(
+                            {
+                                "type": "heartbeat",
+                                "daemons": alive_ids,
+                                "daemons_info": daemons_info,
+                            }
+                        )
+                    )
                 except websockets.exceptions.ConnectionClosed as e:
                     _log("node", f"heartbeat: connection closed ({e.code} {e.reason or '-'})")
                     break
@@ -903,23 +1049,56 @@ async def _run_node_agent(
                         continue
 
                     if cmd.get("type") == "attach":
-                        await _handle_attach(cmd, host, secure, daemon_procs)
+                        await _handle_attach(cmd, host, secure, daemon_procs, daemon_started_at)
             except websockets.exceptions.ConnectionClosed as e:
                 _log("node", f"listen: connection closed ({e.code} {e.reason or '-'})")
 
+        async def _report_usage():
+            """Periodically fetch Claude's plan-usage quota and forward it
+            to the backend so the UI can render a live quota bar. Runs
+            once on startup then every 3 minutes. If we hit a rate
+            limit (429) we back off to 5 minutes to be a good citizen."""
+            loop = asyncio.get_event_loop()
+            normal_interval = 180
+            interval = normal_interval
+            while True:
+                try:
+                    usage = await loop.run_in_executor(None, fetch_claude_usage)
+                    if usage is None:
+                        # Hard failure (no token, network down). Keep
+                        # normal interval — the next tick might succeed.
+                        interval = normal_interval
+                    elif usage.get("_rate_limited"):
+                        _log("node", "usage: rate limited, backing off to 5m")
+                        interval = 300
+                    else:
+                        await ws.send(json.dumps({"type": "usage", "data": usage}))
+                        five = usage.get("five_hour", {}).get("utilization")
+                        seven = usage.get("seven_day", {}).get("utilization")
+                        _log("node", f"usage: 5h={five}% 7d={seven}%")
+                        interval = normal_interval
+                except websockets.exceptions.ConnectionClosed as e:
+                    _log("node", f"usage: connection closed ({e.code} {e.reason or '-'})")
+                    break
+                except Exception as e:
+                    _log("node", f"usage error: {e}")
+                await asyncio.sleep(interval)
+
         scan_task = asyncio.create_task(_scan_and_send())
         hb_task = asyncio.create_task(_heartbeat())
         cmd_task = asyncio.create_task(_listen_commands())
+        usage_task = asyncio.create_task(_report_usage())
 
         try:
             await asyncio.wait(
-                [scan_task, hb_task, cmd_task],
+                [scan_task, hb_task, cmd_task, usage_task],
                 return_when=asyncio.FIRST_COMPLETED,
             )
         finally:
             scan_task.cancel()
             hb_task.cancel()
             cmd_task.cancel()
+            usage_task.cancel()
             # NB: do NOT terminate daemon_procs here. Each daemon has its
             # own WS connection + daemon_token and can survive node agent
             # reconnects (e.g. when the backend reloads during dev).
@@ -935,6 +1114,7 @@ async def _handle_attach(
     host: str,
     secure: bool,
     daemon_procs: dict[str, asyncio.subprocess.Process],
+    daemon_started_at: dict[str, float],
 ) -> None:
     """Handle an attach command from the server."""
     agent_id = cmd["agent_id"]
@@ -993,6 +1173,7 @@ async def _handle_attach(
         env=env,
     )
     daemon_procs[agent_id] = proc
+    daemon_started_at[agent_id] = time.time()
     _log("node", f"Spawned daemon PID {proc.pid} for agent {agent_id[:8]}...")
 
     asyncio.create_task(_log_daemon_stderr(agent_id, proc, daemon_procs))
@@ -1050,14 +1231,17 @@ def cmd_connect(args: argparse.Namespace) -> None:
     # daemon_procs is owned here so it persists across ws reconnects — we
     # don't want to kill long-running Claude sessions just because the
     # backend hiccuped or reloaded.
-    import time as _time
-
     daemon_procs: dict[str, asyncio.subprocess.Process] = {}
+    daemon_started_at: dict[str, float] = {}
     backoff = 1
     try:
         while True:
             try:
-                asyncio.run(_run_node_agent(host, secure, access_token, daemon_procs))
+                asyncio.run(
+                    _run_node_agent(
+                        host, secure, access_token, daemon_procs, daemon_started_at
+                    )
+                )
                 # _run_node_agent returned normally → ws was closed by server
                 # or one of the tasks finished. Reconnect after a short delay.
                 _log("connect", f"Disconnected. Reconnecting in {backoff}s...")
@@ -1074,7 +1258,7 @@ def cmd_connect(args: argparse.Namespace) -> None:
             except Exception as e:
                 _log("connect", f"Error: {e} ({type(e).__name__}), retrying in {backoff}s...")
 
-            _time.sleep(backoff)
+            time.sleep(backoff)
             backoff = min(backoff * 2, 30)  # cap at 30 seconds
 
             # After a reconnect attempt, try to refresh the token again in case

{agent_manager_cli-0.1.8 → agent_manager_cli-0.1.10}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "agent-manager-cli"
-version = "0.1.8"
+version = "0.1.10"
 description = "CLI для удалённого управления AI-агентами — Node Agent, daemon, сканер сессий"
 readme = "README.md"
 requires-python = ">=3.11"

{agent_manager_cli-0.1.8 → agent_manager_cli-0.1.10}/tests/test_cli.py

@@ -173,8 +173,8 @@ class TestHookSettings:
     def test_build_claude_hook_settings(self):
         raw = _build_claude_hook_settings()
         settings = json.loads(raw)
-        # Registers exactly one PreToolUse hook matching all tools.
-        assert list(settings.keys()) == ["hooks"]
+        # Registers a PreToolUse hook matching all tools + disables sandbox.
+        assert set(settings.keys()) == {"hooks", "sandbox"}
         assert list(settings["hooks"].keys()) == ["PreToolUse"]
         group = settings["hooks"]["PreToolUse"][0]
         assert group["matcher"] == "*"
@@ -183,6 +183,9 @@ class TestHookSettings:
         assert hooks[0]["type"] == "command"
         # Points at `sys.executable -m am permission-hook`
         assert "am permission-hook" in hooks[0]["command"]
+        # Sandbox is explicitly disabled so agents run with full tool
+        # access against the project dir without extra approvals.
+        assert settings["sandbox"] == {"enabled": False}
 
 
 class TestCLIEntryPoint: