forgexa-cli 1.8.4__tar.gz → 1.8.5__tar.gz

{forgexa_cli-1.8.4 → forgexa_cli-1.8.5}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: forgexa-cli
-Version: 1.8.4
+Version: 1.8.5
 Summary: Forgexa CLI — command-line client and AI agent runtime for the Forgexa platform
 Author-email: Jason Sun <dev.winds@gmail.com>
 License: MIT
@@ -20,6 +20,7 @@ Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
 Classifier: Topic :: Software Development :: Build Tools
 Classifier: Topic :: Software Development :: Quality Assurance
 Requires-Python: >=3.9

{forgexa_cli-1.8.4 → forgexa_cli-1.8.5}/forgexa_cli/__init__.py

@@ -1,2 +1,2 @@
 """forgexa-cli — Forgexa command-line client."""
-__version__ = "1.8.4"
+__version__ = "1.8.5"

{forgexa_cli-1.8.4 → forgexa_cli-1.8.5}/forgexa_cli/daemon.py

@@ -15,11 +15,14 @@ import sys
 # ── Python version gate — must run before any other imports ──────────────────
 # Emit a machine-readable DAEMON_ERROR so the desktop app shows a clear
 # message instead of a cryptic traceback.
+# Minimum: 3.9 (macOS ships 3.9; CLI/daemon run on end-user machines).
+# from __future__ import annotations (line 11) makes all X|Y union hints
+# lazy strings on 3.9/3.10, so no runtime SyntaxError on those versions.
 if sys.version_info < (3, 9):
     _ver = f"{sys.version_info.major}.{sys.version_info.minor}"
     print(
-        f"DAEMON_ERROR: Python {_ver} is too old. Forgexa Daemon requires Python 3.9 or "
-        f"newer. Please upgrade Python from https://www.python.org/downloads/",
+        f"DAEMON_ERROR: Python {_ver} is too old. Forgexa Daemon requires Python "
+        f"3.9 or newer. Please upgrade Python from https://www.python.org/downloads/",
         file=sys.stderr,
     )
     sys.exit(1)
@@ -82,24 +85,27 @@ def _try_install_httpx(deps_dir: str) -> tuple[bool, str]:
 
     # Try pip --target first (most universally compatible).
     # Falls back to --user, then --break-system-packages as last resort.
-    # We explicitly list httpcore alongside httpx because pip --target may
-    # skip transitive deps it finds in system site-packages, even though
-    # they won't be importable from the isolated deps directory.
+    # We explicitly list httpcore and certifi alongside httpx because pip
+    # --target may skip transitive deps it finds in system site-packages,
+    # even though they won't be importable from the isolated deps directory.
+    # certifi must be included so that its cacert.pem bundle is copied into
+    # the deps dir; without it httpx raises FileNotFoundError when building
+    # the default SSL context (observed on Python 3.14 standalone / Windows).
     strategies: list[tuple[str, list[str]]] = [
         (
             "pip install --target (isolated deps)",
             [python, "-m", "pip", "install", "--target", deps_dir,
-             "--quiet", "--upgrade", "httpx>=0.24", "httpcore"],
+             "--quiet", "--upgrade", "httpx>=0.24", "httpcore", "certifi"],
         ),
         (
             "pip install --user",
             [python, "-m", "pip", "install", "--user", "--quiet",
-             "httpx>=0.24", "httpcore"],
+             "httpx>=0.24", "httpcore", "certifi"],
         ),
         (
             "pip install --break-system-packages",
             [python, "-m", "pip", "install", "--quiet",
-             "--break-system-packages", "httpx>=0.24", "httpcore"],
+             "--break-system-packages", "httpx>=0.24", "httpcore", "certifi"],
         ),
     ]
 
@@ -190,19 +196,33 @@ def _die_missing_httpx(detail: str) -> None:
 def _validate_httpx_imports() -> tuple[bool, str]:
     """Validate that httpx and its critical transitive deps are importable.
 
-    A bare ``import httpx`` can succeed even when httpcore is missing,
-    because httpx lazily imports its transport layer.  We eagerly check
-    the full chain so the daemon fails fast with a clear message instead
-    of crashing mid-operation when ``httpx.AsyncClient()`` tries to load
-    the transport.
+    A bare ``import httpx`` can succeed even when httpcore or certifi is
+    missing, because httpx lazily imports its transport and SSL layers.
+    We eagerly check the full chain so the daemon fails fast with a clear
+    message instead of crashing mid-operation.
 
-    Returns (ok, missing_module_name).
+    Also verifies that certifi's CA bundle file actually exists on disk.
+    A ``pip install --target`` run may install certifi's Python package but
+    omit the package-data file (cacert.pem) when pip detects certifi in
+    the system site-packages and skips re-copying it.  Without the bundle,
+    httpx raises FileNotFoundError when building the default SSL context
+    (observed on Python 3.14 standalone builds on Windows).
+
+    Returns (ok, missing_module_name).  'certifi:bundle' means certifi is
+    importable but its CA bundle file is absent.
     """
-    for mod_name in ("httpx", "httpcore"):
+    for mod_name in ("httpx", "httpcore", "certifi"):
         try:
             __import__(mod_name)
         except ImportError:
             return False, mod_name
+    # Verify the certifi CA bundle file actually exists on disk
+    try:
+        import certifi as _certifi_check
+        if not os.path.isfile(_certifi_check.where()):
+            return False, "certifi:bundle"
+    except Exception:
+        return False, "certifi"
     return True, ""
 
 
@@ -223,8 +243,8 @@ if not _httpx_ok:
     if _httpx_missing != "httpx":
         shutil.rmtree(_HTTPX_DEPS_DIR, ignore_errors=True)
         for _mod_key in list(sys.modules):
-            if _mod_key in ("httpx", "httpcore") or \
-               _mod_key.startswith(("httpx.", "httpcore.")):
+            if _mod_key in ("httpx", "httpcore", "certifi") or \
+               _mod_key.startswith(("httpx.", "httpcore.", "certifi.")):
                 del sys.modules[_mod_key]
 
     # Attempt auto-install to user-writable deps directory
@@ -245,6 +265,46 @@ import httpx  # noqa: E402  — guaranteed available after validation above
 
 del _httpx_ok, _httpx_missing
 
+
+def _make_httpx_ssl_context():
+    """Build an SSL context resilient to missing or mislocated certifi bundles.
+
+    On Windows 10/11 with Python 3.13+ / 3.14+, ``ssl.create_default_context()``
+    can use the built-in Windows certificate store directly and does NOT need
+    an external CA bundle file.  However, older httpx versions call
+    ``certifi.where()`` and pass the resulting path to
+    ``ssl.create_default_context(cafile=...)``.  When running from an
+    isolated deps directory, the certifi package may be importable (found
+    in system site-packages via sys.path) but its ``cacert.pem`` bundle may
+    not exist at the expected path, causing a ``FileNotFoundError``.
+
+    Strategy (in order):
+      1. Explicit certifi bundle — portable; pinned root CAs.
+      2. System truststore — works on Windows 11 (cert store), macOS
+         (Keychain), and Linux (/etc/ssl).  No external file needed.
+      3. httpx default (verify=True) — last resort; httpx makes its own
+         SSL choice.
+
+    Returns a value suitable for ``httpx.AsyncClient(verify=...)``.
+    """
+    import ssl as _ssl
+    # Strategy 1: explicit certifi bundle (most portable)
+    try:
+        import certifi as _certifi
+        cafile = _certifi.where()
+        if os.path.isfile(cafile):
+            return _ssl.create_default_context(cafile=cafile)
+    except Exception:
+        pass
+    # Strategy 2: system truststore (no external file needed)
+    try:
+        return _ssl.create_default_context()
+    except Exception:
+        pass
+    # Strategy 3: let httpx use its own SSL handling
+    return True
+
+
 # ── Settings: graceful fallback when running standalone (outside backend package) ──
 try:
     from app.config import settings
@@ -332,7 +392,7 @@ except (ImportError, ModuleNotFoundError):
 # DAEMON_VERSION is the protocol/logic version of the daemon code.
 # Kept in sync with pyproject.toml version via bump-version.sh.
 # CLIENT_TYPE identifies which packaging/distribution this daemon runs in.
-DAEMON_VERSION = "1.8.4"
+DAEMON_VERSION = "1.8.5"
 
 
 def _detect_client_type() -> str:
@@ -651,7 +711,8 @@ class AgentDiscovery:
         },
         "copilot": {
             "commands": ["copilot"],
-            "detect": "copilot --version",
+            "detect": "copilot version",
+            "detect_alt": "copilot --version",
             "invoke_modes": ["cli"],
             "env_path_override": "FACTORY_COPILOT_PATH",
             "compatibility_level": "L3",
@@ -679,12 +740,30 @@ class AgentDiscovery:
             localappdata = Path(os.environ.get("LOCALAPPDATA", home / "AppData" / "Local"))
             extra_dirs += [
                 appdata / "npm",                         # npm -g installs
-                localappdata / "Programs" / "Python" / "Scripts",
                 home / ".opencode" / "bin",
                 home / ".cargo" / "bin",
                 home / ".bun" / "bin",
                 home / "scoop" / "shims",                # scoop package manager
             ]
+            # Python 3.x on Windows installs Scripts to a versioned subdirectory:
+            # %LOCALAPPDATA%\Programs\Python\Python312\Scripts (etc.).
+            # Glob all Python3* dirs so we catch whichever version is installed.
+            py_base = localappdata / "Programs" / "Python"
+            if py_base.is_dir():
+                for py_dir in sorted(py_base.glob("Python3*/"), reverse=True):
+                    scripts = py_dir / "Scripts"
+                    if scripts.is_dir():
+                        extra_dirs.append(scripts)
+            # Flat path kept for compatibility with non-standard Python installers.
+            extra_dirs.append(py_base / "Scripts")
+            # GitHub Copilot CLI — VS Code extension installs the binary into
+            # AppData\Roaming\Code\User\globalStorage\github.copilot-chat\copilotCli\
+            # This dir is NOT in system PATH so the daemon must add it explicitly.
+            for vs_variant in ("Code", "Code - Insiders", "VSCodium"):
+                extra_dirs.append(
+                    appdata / vs_variant / "User" / "globalStorage"
+                    / "github.copilot-chat" / "copilotCli"
+                )
             # nvm-windows stores versions differently
             nvm_home = os.environ.get("NVM_HOME", "")
             if nvm_home:
@@ -756,6 +835,11 @@ class AgentDiscovery:
             resolved = shutil.which(cmd)
             if resolved:
                 version = await self._get_version(spec["detect"])
+                if version is None and "detect_alt" in spec:
+                    # Primary detect command failed; try the alternative.
+                    # Example: new GitHub Copilot CLI 1.0.x uses `copilot version`
+                    # as a subcommand while older releases used `copilot --version`.
+                    version = await self._get_version(spec["detect_alt"])
                 if version is None:
                     # Binary found but version check failed — it is a stub or
                     # not properly installed (e.g. copilot prompts to install).
@@ -785,6 +869,21 @@ class AgentDiscovery:
         import re
         try:
             parts = detect_cmd.split()
+            # On Windows, agent CLIs installed via npm create .cmd wrapper scripts
+            # (e.g. %APPDATA%\npm\copilot.cmd). Python's asyncio.create_subprocess_exec
+            # calls CreateProcess which cannot execute .cmd/.bat files directly —
+            # they need cmd.exe as the interpreter. Detect and wrap automatically.
+            if sys.platform == "win32":
+                resolved = shutil.which(parts[0])
+                if resolved:
+                    ext = Path(resolved).suffix.lower()
+                    if ext in ('.cmd', '.bat'):
+                        parts = ['cmd', '/c', resolved] + parts[1:]
+                    elif ext == '.ps1':
+                        parts = [
+                            'powershell', '-NoProfile', '-NonInteractive',
+                            '-Command', resolved,
+                        ] + parts[1:]
             proc = await asyncio.create_subprocess_exec(
                 *parts,
                 stdin=asyncio.subprocess.DEVNULL,
@@ -3448,6 +3547,7 @@ class ServerConnection:
         self.runtime_id: str | None = None
         self.client = httpx.AsyncClient(
             headers={"Authorization": f"Bearer {api_token}"} if api_token else {},
+            verify=_make_httpx_ssl_context(),
         )
         self.heartbeat: HeartbeatService | None = None
         self.poller: TaskPoller | None = None
@@ -5824,17 +5924,57 @@ class RuntimeDaemon:
                                         )
                                 return f"Push failed: {exc}"
                         else:
-                            logger.error(
-                                "SAFETY: Refusing to push %s — remote has %d commit(s) "
-                                "not in local branch. This would destroy prior work. "
-                                "Remote-only commits:\n%s",
-                                branch, remote_count, remote_ahead,
-                            )
-                            return (
-                                f"Push refused: remote branch '{branch}' has {remote_count} "
-                                f"commit(s) not in local history. Force-pushing would "
-                                f"destroy prior implementation work."
+                            # Remote has genuinely new commits not in local history.
+                            # Before refusing, attempt fetch + rebase: if the local
+                            # commits are documentation-only (analysis) or purely
+                            # additive they will rebase cleanly onto the remote HEAD.
+                            logger.warning(
+                                "Branch %s: remote has %d commit(s) not in local history — "
+                                "attempting fetch+rebase recovery before refusing push",
+                                branch, remote_count,
                             )
+                            try:
+                                # 1. Fetch the specific remote branch
+                                await git(
+                                    "fetch", "origin", branch,
+                                    cwd=workspace_path,
+                                )
+                                # 2. Rebase local commits onto the updated remote HEAD
+                                await git(
+                                    "-c", "user.name=Forgexa Agent",
+                                    "-c", "user.email=agent@forgexa.net",
+                                    "rebase", f"origin/{branch}",
+                                    cwd=workspace_path,
+                                )
+                                # 3. Push normally (no force needed — we're ahead of origin now)
+                                await git(
+                                    "push", "-u", "origin", branch,
+                                    cwd=workspace_path, project_key=project_key,
+                                )
+                                logger.info(
+                                    "Fetch+rebase recovery succeeded for branch %s "
+                                    "(%d remote commit(s) incorporated)",
+                                    branch, remote_count,
+                                )
+                                return None
+                            except RuntimeError as rebase_exc:
+                                rebase_exc_str = str(rebase_exc)
+                                # Abort any in-progress rebase to leave workspace clean
+                                try:
+                                    await git("rebase", "--abort", cwd=workspace_path)
+                                except RuntimeError:
+                                    pass
+                                logger.error(
+                                    "Fetch+rebase recovery failed for branch %s: %s — "
+                                    "refusing push to protect remote work",
+                                    branch, rebase_exc_str,
+                                )
+                                return (
+                                    f"Push refused: remote branch '{branch}' has {remote_count} "
+                                    f"commit(s) not in local history, and automatic rebase failed "
+                                    f"(likely a merge conflict). Manual resolution required. "
+                                    f"Details: {rebase_exc_str[:300]}"
+                                )
 
                     logger.info("Found unpushed commits on %s, pushing...", branch)
                     last_push_exc: Exception | None = None

{forgexa_cli-1.8.4 → forgexa_cli-1.8.5}/forgexa_cli.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: forgexa-cli
-Version: 1.8.4
+Version: 1.8.5
 Summary: Forgexa CLI — command-line client and AI agent runtime for the Forgexa platform
 Author-email: Jason Sun <dev.winds@gmail.com>
 License: MIT
@@ -20,6 +20,7 @@ Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
 Classifier: Topic :: Software Development :: Build Tools
 Classifier: Topic :: Software Development :: Quality Assurance
 Requires-Python: >=3.9

{forgexa_cli-1.8.4 → forgexa_cli-1.8.5}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "forgexa-cli"
-version = "1.8.4"
+version = "1.8.5"
 description = "Forgexa CLI — command-line client and AI agent runtime for the Forgexa platform"
 requires-python = ">=3.9"
 license = { text = "MIT" }
@@ -21,6 +21,7 @@ classifiers = [
     "Programming Language :: Python :: 3.11",
     "Programming Language :: Python :: 3.12",
     "Programming Language :: Python :: 3.13",
+    "Programming Language :: Python :: 3.14",
     "Topic :: Software Development :: Build Tools",
     "Topic :: Software Development :: Quality Assurance",
 ]