// These side-effects must run before all other imports: // 1. profileCheckpoint marks entry before heavy module evaluation begins // 2. startMdmRawRead fires MDM subprocesses (plutil/reg query) so they run in // parallel with the remaining ~135ms of imports below // 3. startKeychainPrefetch fires both macOS keychain reads (OAuth + legacy API // key) in parallel — isRemoteManagedSettingsEligible() otherwise reads them // sequentially via sync spawn inside applySafeConfigEnvironmentVariables() // (~65ms on every macOS startup) import { profileCheckpoint, profileReport } from './utils/startupProfiler.js' // eslint-disable-next-line custom-rules/no-top-level-side-effects profileCheckpoint('main_tsx_entry') import { startMdmRawRead } from './utils/settings/mdm/rawRead.js' // eslint-disable-next-line custom-rules/no-top-level-side-effects startMdmRawRead() import { ensureKeychainPrefetchCompleted, startKeychainPrefetch, } from './utils/secureStorage/keychainPrefetch.js' // eslint-disable-next-line custom-rules/no-top-level-side-effects startKeychainPrefetch() import { feature } from 'bun:bundle' import { Command as CommanderCommand, InvalidArgumentError, Option, } from '@commander-js/extra-typings' import chalk from 'chalk' import { readFileSync } from 'fs' import mapValues from 'lodash-es/mapValues.js' import pickBy from 'lodash-es/pickBy.js' import uniqBy from 'lodash-es/uniqBy.js' import React from 'react' import { getOauthConfig } from './constants/oauth.js' import { getRemoteSessionUrl } from './constants/product.js' import { getSystemContext, getUserContext } from './context.js' import { init, initializeTelemetryAfterTrust } from './entrypoints/init.js' import { addToHistory } from './history.js' import type { Root } from './ink.js' import { launchRepl } from './replLauncher.js' import { hasGrowthBookEnvOverride, initializeGrowthBook, refreshGrowthBookAfterAuthChange, } from './services/analytics/growthbook.js' import { fetchBootstrapData } from './services/api/bootstrap.js' import { type DownloadResult, downloadSessionFiles, type FilesApiConfig, parseFileSpecs, } from './services/api/filesApi.js' import { prefetchPassesEligibility } from './services/api/referral.js' import { prefetchOfficialMcpUrls } from './services/mcp/officialRegistry.js' import type { McpSdkServerConfig, McpServerConfig, ScopedMcpServerConfig, } from './services/mcp/types.js' import { isPolicyAllowed, loadPolicyLimits, refreshPolicyLimits, waitForPolicyLimitsToLoad, } from './services/policyLimits/index.js' import { loadRemoteManagedSettings, refreshRemoteManagedSettings, } from './services/remoteManagedSettings/index.js' import type { ToolInputJSONSchema } from './Tool.js' import { createSyntheticOutputTool, isSyntheticOutputToolEnabled, } from './tools/SyntheticOutputTool/SyntheticOutputTool.js' import { getTools } from './tools.js' import { canUserConfigureAdvisor, getInitialAdvisorSetting, isAdvisorEnabled, isValidAdvisorModel, modelSupportsAdvisor, } from './utils/advisor.js' import { isAgentSwarmsEnabled } from './utils/agentSwarmsEnabled.js' import { count, uniq } from './utils/array.js' import { installAsciicastRecorder } from './utils/asciicast.js' import { getSubscriptionType, isClaudeAISubscriber, prefetchAwsCredentialsAndBedRockInfoIfSafe, prefetchGcpCredentialsIfSafe, validateForceLoginOrg, } from './utils/auth.js' import { checkHasTrustDialogAccepted, getGlobalConfig, getRemoteControlAtStartup, isAutoUpdaterDisabled, saveGlobalConfig, } from './utils/config.js' import { seedEarlyInput, stopCapturingEarlyInput } from './utils/earlyInput.js' import { getInitialEffortSetting, parseEffortValue } from './utils/effort.js' import { getInitialFastModeSetting, isFastModeEnabled, prefetchFastModeStatus, resolveFastModeStatusFromCache, } from './utils/fastMode.js' import { applyConfigEnvironmentVariables } from './utils/managedEnv.js' import { createSystemMessage, createUserMessage } from './utils/messages.js' import { getPlatform } from './utils/platform.js' import { getBaseRenderOptions } from './utils/renderOptions.js' import { getSessionIngressAuthToken } from './utils/sessionIngressAuth.js' import { settingsChangeDetector } from './utils/settings/changeDetector.js' import { skillChangeDetector } from './utils/skills/skillChangeDetector.js' import { jsonParse, writeFileSync_DEPRECATED } from './utils/slowOperations.js' import { computeInitialTeamContext } from './utils/swarm/reconnection.js' import { initializeWarningHandler } from './utils/warningHandler.js' import { isWorktreeModeEnabled } from './utils/worktreeModeEnabled.js' // Lazy require to avoid circular dependency: teammate.ts -> AppState.tsx -> ... -> main.tsx /* eslint-disable @typescript-eslint/no-require-imports */ const getTeammateUtils = () => require('./utils/teammate.js') as typeof import('./utils/teammate.js') const getTeammatePromptAddendum = () => require('./utils/swarm/teammatePromptAddendum.js') as typeof import('./utils/swarm/teammatePromptAddendum.js') const getTeammateModeSnapshot = () => require('./utils/swarm/backends/teammateModeSnapshot.js') as typeof import('./utils/swarm/backends/teammateModeSnapshot.js') /* eslint-enable @typescript-eslint/no-require-imports */ // Dead code elimination: conditional import for COORDINATOR_MODE /* eslint-disable @typescript-eslint/no-require-imports */ const coordinatorModeModule = feature('COORDINATOR_MODE') ? (require('./coordinator/coordinatorMode.js') as typeof import('./coordinator/coordinatorMode.js')) : null /* eslint-enable @typescript-eslint/no-require-imports */ // Dead code elimination: conditional import for KAIROS (assistant mode) /* eslint-disable @typescript-eslint/no-require-imports */ const assistantModule = feature('KAIROS') ? (require('./assistant/index.js') as typeof import('./assistant/index.js')) : null const kairosGate = feature('KAIROS') ? (require('./assistant/gate.js') as typeof import('./assistant/gate.js')) : null import { relative, resolve } from 'path' import { isAnalyticsDisabled } from 'src/services/analytics/config.js' import { getFeatureValue_CACHED_MAY_BE_STALE } from 'src/services/analytics/growthbook.js' import { type AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, logEvent, } from 'src/services/analytics/index.js' import { initializeAnalyticsGates } from 'src/services/analytics/sink.js' import { getOriginalCwd, setAdditionalDirectoriesForClaudeMd, setIsRemoteMode, setMainLoopModelOverride, setMainThreadAgentType, setTeleportedSessionInfo, } from './bootstrap/state.js' import { filterCommandsForRemoteMode, getCommands } from './commands.js' import type { StatsStore } from './context/stats.js' import { launchAssistantInstallWizard, launchAssistantSessionChooser, launchInvalidSettingsDialog, launchResumeChooser, launchSnapshotUpdateDialog, launchTeleportRepoMismatchDialog, launchTeleportResumeWrapper, } from './dialogLaunchers.js' import { SHOW_CURSOR } from './ink/termio/dec.js' import { exitWithError, exitWithMessage, getRenderContext, renderAndRun, showSetupScreens, } from './interactiveHelpers.js' import { initBuiltinPlugins } from './plugins/bundled/index.js' /* eslint-enable @typescript-eslint/no-require-imports */ import { checkQuotaStatus } from './services/claudeAiLimits.js' import { getMcpToolsCommandsAndResources, prefetchAllMcpResources, } from './services/mcp/client.js' import { VALID_INSTALLABLE_SCOPES, VALID_UPDATE_SCOPES, } from './services/plugins/pluginCliCommands.js' import { initBundledSkills } from './skills/bundled/index.js' import type { AgentColorName } from './tools/AgentTool/agentColorManager.js' import { getActiveAgentsFromList, getAgentDefinitionsWithOverrides, isBuiltInAgent, isCustomAgent, parseAgentsFromJson, } from './tools/AgentTool/loadAgentsDir.js' import type { LogOption } from './types/logs.js' import type { Message as MessageType } from './types/message.js' import { assertMinVersion } from './utils/autoUpdater.js' import { CLAUDE_IN_CHROME_SKILL_HINT, CLAUDE_IN_CHROME_SKILL_HINT_WITH_WEBBROWSER, } from './utils/claudeInChrome/prompt.js' import { setupClaudeInChrome, shouldAutoEnableClaudeInChrome, shouldEnableClaudeInChrome, } from './utils/claudeInChrome/setup.js' import { getContextWindowForModel } from './utils/context.js' import { loadConversationForResume } from './utils/conversationRecovery.js' import { buildDeepLinkBanner } from './utils/deepLink/banner.js' import { hasNodeOption, isBareMode, isEnvTruthy, isInProtectedNamespace, } from './utils/envUtils.js' import { refreshExampleCommands } from './utils/exampleCommands.js' import type { FpsMetrics } from './utils/fpsTracker.js' import { getWorktreePaths } from './utils/getWorktreePaths.js' import { findGitRoot, getBranch, getIsGit, getWorktreeCount, } from './utils/git.js' import { getGhAuthStatus } from './utils/github/ghAuthStatus.js' import { safeParseJSON } from './utils/json.js' import { logError } from './utils/log.js' import { getModelDeprecationWarning } from './utils/model/deprecation.js' import { getDefaultMainLoopModel, getUserSpecifiedModelSetting, normalizeModelStringForAPI, parseUserSpecifiedModel, } from './utils/model/model.js' import { ensureModelStringsInitialized } from './utils/model/modelStrings.js' import { PERMISSION_MODES } from './utils/permissions/PermissionMode.js' import { checkAndDisableBypassPermissions, getAutoModeEnabledStateIfCached, initializeToolPermissionContext, initialPermissionModeFromCLI, isDefaultPermissionModeAuto, parseToolListFromCLI, removeDangerousPermissions, stripDangerousPermissionsForAutoMode, verifyAutoModeGateAccess, } from './utils/permissions/permissionSetup.js' import { cleanupOrphanedPluginVersionsInBackground } from './utils/plugins/cacheUtils.js' import { initializeVersionedPlugins } from './utils/plugins/installedPluginsManager.js' import { getManagedPluginNames } from './utils/plugins/managedPlugins.js' import { getGlobExclusionsForPluginCache } from './utils/plugins/orphanedPluginFilter.js' import { getPluginSeedDirs } from './utils/plugins/pluginDirectories.js' import { countFilesRoundedRg } from './utils/ripgrep.js' import { processSessionStartHooks, processSetupHooks, } from './utils/sessionStart.js' import { cacheSessionTitle, getSessionIdFromLog, loadTranscriptFromFile, saveAgentSetting, saveMode, searchSessionsByCustomTitle, sessionIdExists, } from './utils/sessionStorage.js' import { ensureMdmSettingsLoaded } from './utils/settings/mdm/settings.js' import { getInitialSettings, getManagedSettingsKeysForLogging, getSettingsForSource, getSettingsWithErrors, } from './utils/settings/settings.js' import { resetSettingsCache } from './utils/settings/settingsCache.js' import type { ValidationError } from './utils/settings/validation.js' import { DEFAULT_TASKS_MODE_TASK_LIST_ID, TASK_STATUSES, } from './utils/tasks.js' import { logPluginLoadErrors, logPluginsEnabledForSession, } from './utils/telemetry/pluginTelemetry.js' import { logSkillsLoaded } from './utils/telemetry/skillLoadedEvent.js' import { generateTempFilePath } from './utils/tempfile.js' import { validateUuid } from './utils/uuid.js' // Plugin startup checks are now handled non-blockingly in REPL.tsx import { registerMcpAddCommand } from 'src/commands/mcp/addCommand.js' import { registerMcpXaaIdpCommand } from 'src/commands/mcp/xaaIdpCommand.js' import { logPermissionContextForAnts } from 'src/services/internalLogging.js' import { fetchClaudeAIMcpConfigsIfEligible } from 'src/services/mcp/claudeai.js' import { clearServerCache } from 'src/services/mcp/client.js' import { areMcpConfigsAllowedWithEnterpriseMcpConfig, dedupClaudeAiMcpServers, doesEnterpriseMcpConfigExist, filterMcpServersByPolicy, getClaudeCodeMcpConfigs, getMcpServerSignature, parseMcpConfig, parseMcpConfigFromFilePath, } from 'src/services/mcp/config.js' import { excludeCommandsByServer, excludeResourcesByServer, } from 'src/services/mcp/utils.js' import { isXaaEnabled } from 'src/services/mcp/xaaIdpLogin.js' import { getRelevantTips } from 'src/services/tips/tipRegistry.js' import { logContextMetrics } from 'src/utils/api.js' import { CLAUDE_IN_CHROME_MCP_SERVER_NAME, isClaudeInChromeMCPServer, } from 'src/utils/claudeInChrome/common.js' import { registerCleanup } from 'src/utils/cleanupRegistry.js' import { eagerParseCliFlag } from 'src/utils/cliArgs.js' import { createEmptyAttributionState } from 'src/utils/commitAttribution.js' import { countConcurrentSessions, registerSession, updateSessionName, } from 'src/utils/concurrentSessions.js' import { getCwd } from 'src/utils/cwd.js' import { logForDebugging, setHasFormattedOutput } from 'src/utils/debug.js' import { errorMessage, getErrnoCode, isENOENT, TeleportOperationError, toError, } from 'src/utils/errors.js' import { getFsImplementation, safeResolvePath } from 'src/utils/fsOperations.js' import { gracefulShutdown, gracefulShutdownSync, } from 'src/utils/gracefulShutdown.js' import { setAllHookEventsEnabled } from 'src/utils/hooks/hookEvents.js' import { refreshModelCapabilities } from 'src/utils/model/modelCapabilities.js' import { peekForStdinData, writeToStderr } from 'src/utils/process.js' import { setCwd } from 'src/utils/Shell.js' import { type ProcessedResume, processResumedConversation, } from 'src/utils/sessionRestore.js' import { parseSettingSourcesFlag } from 'src/utils/settings/constants.js' import { plural } from 'src/utils/stringUtils.js' import { type ChannelEntry, getInitialMainLoopModel, getIsNonInteractiveSession, getSdkBetas, getSessionId, getUserMsgOptIn, setAllowedChannels, setAllowedSettingSources, setChromeFlagOverride, setClientType, setCwdState, setDirectConnectServerUrl, setFlagSettingsPath, setInitialMainLoopModel, setInlinePlugins, setIsInteractive, setKairosActive, setOriginalCwd, setQuestionPreviewFormat, setSdkBetas, setSessionBypassPermissionsMode, setSessionPersistenceDisabled, setSessionSource, setUserMsgOptIn, switchSession, } from './bootstrap/state.js' /* eslint-disable @typescript-eslint/no-require-imports */ const autoModeStateModule = feature('TRANSCRIPT_CLASSIFIER') ? (require('./utils/permissions/autoModeState.js') as typeof import('./utils/permissions/autoModeState.js')) : null // TeleportRepoMismatchDialog, TeleportResumeWrapper dynamically imported at call sites import { migrateAutoUpdatesToSettings } from './migrations/migrateAutoUpdatesToSettings.js' import { migrateBypassPermissionsAcceptedToSettings } from './migrations/migrateBypassPermissionsAcceptedToSettings.js' import { migrateEnableAllProjectMcpServersToSettings } from './migrations/migrateEnableAllProjectMcpServersToSettings.js' import { migrateFennecToOpus } from './migrations/migrateFennecToOpus.js' import { migrateLegacyOpusToCurrent } from './migrations/migrateLegacyOpusToCurrent.js' import { migrateOpusToOpus1m } from './migrations/migrateOpusToOpus1m.js' import { migrateReplBridgeEnabledToRemoteControlAtStartup } from './migrations/migrateReplBridgeEnabledToRemoteControlAtStartup.js' import { migrateSonnet1mToSonnet45 } from './migrations/migrateSonnet1mToSonnet45.js' import { migrateSonnet45ToSonnet46 } from './migrations/migrateSonnet45ToSonnet46.js' import { resetAutoModeOptInForDefaultOffer } from './migrations/resetAutoModeOptInForDefaultOffer.js' import { resetProToOpusDefault } from './migrations/resetProToOpusDefault.js' import { createRemoteSessionConfig } from './remote/RemoteSessionManager.js' /* eslint-enable @typescript-eslint/no-require-imports */ // teleportWithProgress dynamically imported at call site import { createDirectConnectSession, DirectConnectError, } from './server/createDirectConnectSession.js' import { initializeLspServerManager } from './services/lsp/manager.js' import { shouldEnablePromptSuggestion } from './services/PromptSuggestion/promptSuggestion.js' import { type AppState, getDefaultAppState, IDLE_SPECULATION_STATE, } from './state/AppStateStore.js' import { onChangeAppState } from './state/onChangeAppState.js' import { createStore } from './state/store.js' import { asSessionId } from './types/ids.js' import { filterAllowedSdkBetas } from './utils/betas.js' import { isInBundledMode, isRunningWithBun } from './utils/bundledMode.js' import { logForDiagnosticsNoPII } from './utils/diagLogs.js' import { filterExistingPaths, getKnownPathsForRepo, } from './utils/githubRepoPathMapping.js' import { clearPluginCache, loadAllPluginsCacheOnly, } from './utils/plugins/pluginLoader.js' import { migrateChangelogFromConfig } from './utils/releaseNotes.js' import { SandboxManager } from './utils/sandbox/sandbox-adapter.js' import { fetchSession, prepareApiRequest } from './utils/teleport/api.js' import { checkOutTeleportedSessionBranch, processMessagesForTeleportResume, teleportToRemoteWithErrorHandling, validateGitState, validateSessionRepository, } from './utils/teleport.js' import { shouldEnableThinkingByDefault, type ThinkingConfig, } from './utils/thinking.js' import { initUser, resetUserCache } from './utils/user.js' import { getTmuxInstallInstructions, isTmuxAvailable, parsePRReference, } from './utils/worktree.js' // eslint-disable-next-line custom-rules/no-top-level-side-effects profileCheckpoint('main_tsx_imports_loaded') /** * Log managed settings keys to Statsig for analytics. * This is called after init() completes to ensure settings are loaded * and environment variables are applied before model resolution. */ function logManagedSettings(): void { try { const policySettings = getSettingsForSource('policySettings') if (policySettings) { const allKeys = getManagedSettingsKeysForLogging(policySettings) logEvent('tengu_managed_settings_loaded', { keyCount: allKeys.length, keys: allKeys.join( ',', ) as unknown as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, }) } } catch { // Silently ignore errors - this is just for analytics } } // Check if running in debug/inspection mode function isBeingDebugged() { const isBun = isRunningWithBun() // Check for inspect flags in process arguments (including all variants) const hasInspectArg = process.execArgv.some(arg => { if (isBun) { // Note: Bun has an issue with single-file executables where application arguments // from process.argv leak into process.execArgv (similar to https://github.com/oven-sh/bun/issues/11673) // This breaks use of --debug mode if we omit this branch // We're fine to skip that check, because Bun doesn't support Node.js legacy --debug or --debug-brk flags return /--inspect(-brk)?/.test(arg) } else { // In Node.js, check for both --inspect and legacy --debug flags return /--inspect(-brk)?|--debug(-brk)?/.test(arg) } }) // Check if NODE_OPTIONS contains inspect flags const hasInspectEnv = process.env.NODE_OPTIONS && /--inspect(-brk)?|--debug(-brk)?/.test(process.env.NODE_OPTIONS) // Check if inspector is available and active (indicates debugging) try { // Dynamic import would be better but is async - use global object instead // eslint-disable-next-line @typescript-eslint/no-explicit-any const inspector = (global as any).require('inspector') const hasInspectorUrl = !!inspector.url() return hasInspectorUrl || hasInspectArg || hasInspectEnv } catch { // Ignore error and fall back to argument detection return hasInspectArg || hasInspectEnv } } // Exit if we detect node debugging or inspection if ("external" !== 'ant' && isBeingDebugged()) { // Use process.exit directly here since we're in the top-level code before imports // and gracefulShutdown is not yet available // eslint-disable-next-line custom-rules/no-top-level-side-effects process.exit(1) } /** * Per-session skill/plugin telemetry. Called from both the interactive path * and the headless -p path (before runHeadless) — both go through * main.tsx but branch before the interactive startup path, so it needs two * call sites here rather than one here + one in QueryEngine. */ function logSessionTelemetry(): void { const model = parseUserSpecifiedModel( getInitialMainLoopModel() ?? getDefaultMainLoopModel(), ) void logSkillsLoaded(getCwd(), getContextWindowForModel(model, getSdkBetas())) void loadAllPluginsCacheOnly() .then(({ enabled, errors }) => { const managedNames = getManagedPluginNames() logPluginsEnabledForSession(enabled, managedNames, getPluginSeedDirs()) logPluginLoadErrors(errors, managedNames) }) .catch(err => logError(err)) } function getCertEnvVarTelemetry(): Record { const result: Record = {} if (process.env.NODE_EXTRA_CA_CERTS) { result.has_node_extra_ca_certs = true } if (process.env.CLAUDE_CODE_CLIENT_CERT) { result.has_client_cert = true } if (hasNodeOption('--use-system-ca')) { result.has_use_system_ca = true } if (hasNodeOption('--use-openssl-ca')) { result.has_use_openssl_ca = true } return result } async function logStartupTelemetry(): Promise { if (isAnalyticsDisabled()) return const [isGit, worktreeCount, ghAuthStatus] = await Promise.all([ getIsGit(), getWorktreeCount(), getGhAuthStatus(), ]) logEvent('tengu_startup_telemetry', { is_git: isGit, worktree_count: worktreeCount, gh_auth_status: ghAuthStatus as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, sandbox_enabled: SandboxManager.isSandboxingEnabled(), are_unsandboxed_commands_allowed: SandboxManager.areUnsandboxedCommandsAllowed(), is_auto_bash_allowed_if_sandbox_enabled: SandboxManager.isAutoAllowBashIfSandboxedEnabled(), auto_updater_disabled: isAutoUpdaterDisabled(), prefers_reduced_motion: getInitialSettings().prefersReducedMotion ?? false, ...getCertEnvVarTelemetry(), }) } // @[MODEL LAUNCH]: Consider any migrations you may need for model strings. See migrateSonnet1mToSonnet45.ts for an example. // Bump this when adding a new sync migration so existing users re-run the set. const CURRENT_MIGRATION_VERSION = 11 function runMigrations(): void { if (getGlobalConfig().migrationVersion !== CURRENT_MIGRATION_VERSION) { migrateAutoUpdatesToSettings() migrateBypassPermissionsAcceptedToSettings() migrateEnableAllProjectMcpServersToSettings() resetProToOpusDefault() migrateSonnet1mToSonnet45() migrateLegacyOpusToCurrent() migrateSonnet45ToSonnet46() migrateOpusToOpus1m() migrateReplBridgeEnabledToRemoteControlAtStartup() if (feature('TRANSCRIPT_CLASSIFIER')) { resetAutoModeOptInForDefaultOffer() } if (process.env.USER_TYPE === 'ant') { migrateFennecToOpus() } saveGlobalConfig(prev => prev.migrationVersion === CURRENT_MIGRATION_VERSION ? prev : { ...prev, migrationVersion: CURRENT_MIGRATION_VERSION }, ) } // Async migration - fire and forget since it's non-blocking migrateChangelogFromConfig().catch(() => { // Silently ignore migration errors - will retry on next startup }) } /** * Prefetch system context (including git status) only when it's safe to do so. * Git commands can execute arbitrary code via hooks and config (e.g., core.fsmonitor, * diff.external), so we must only run them after trust is established or in * non-interactive mode where trust is implicit. */ function prefetchSystemContextIfSafe(): void { const isNonInteractiveSession = getIsNonInteractiveSession() // In non-interactive mode (--print), trust dialog is skipped and // execution is considered trusted (as documented in help text) if (isNonInteractiveSession) { logForDiagnosticsNoPII('info', 'prefetch_system_context_non_interactive') void getSystemContext() return } // In interactive mode, only prefetch if trust has already been established const hasTrust = checkHasTrustDialogAccepted() if (hasTrust) { logForDiagnosticsNoPII('info', 'prefetch_system_context_has_trust') void getSystemContext() } else { logForDiagnosticsNoPII('info', 'prefetch_system_context_skipped_no_trust') } // Otherwise, don't prefetch - wait for trust to be established first } /** * Start background prefetches and housekeeping that are NOT needed before first render. * These are deferred from setup() to reduce event loop contention and child process * spawning during the critical startup path. * Call this after the REPL has been rendered. */ export function startDeferredPrefetches(): void { // This function runs after first render, so it doesn't block the initial paint. // However, the spawned processes and async work still contend for CPU and event // loop time, which skews startup benchmarks (CPU profiles, time-to-first-render // measurements). Skip all of it when we're only measuring startup performance. if ( isEnvTruthy(process.env.CLAUDE_CODE_EXIT_AFTER_FIRST_RENDER) || // --bare: skip ALL prefetches. These are cache-warms for the REPL's // first-turn responsiveness (initUser, getUserContext, tips, countFiles, // modelCapabilities, change detectors). Scripted -p calls don't have a // "user is typing" window to hide this work in — it's pure overhead on // the critical path. isBareMode() ) { return } // Process-spawning prefetches (consumed at first API call, user is still typing) void initUser() void getUserContext() prefetchSystemContextIfSafe() void getRelevantTips() if ( isEnvTruthy(process.env.CLAUDE_CODE_USE_BEDROCK) && !isEnvTruthy(process.env.CLAUDE_CODE_SKIP_BEDROCK_AUTH) ) { void prefetchAwsCredentialsAndBedRockInfoIfSafe() } if ( isEnvTruthy(process.env.CLAUDE_CODE_USE_VERTEX) && !isEnvTruthy(process.env.CLAUDE_CODE_SKIP_VERTEX_AUTH) ) { void prefetchGcpCredentialsIfSafe() } void countFilesRoundedRg(getCwd(), AbortSignal.timeout(3000), []) // Analytics and feature flag initialization void initializeAnalyticsGates() void prefetchOfficialMcpUrls() void refreshModelCapabilities() // File change detectors deferred from init() to unblock first render void settingsChangeDetector.initialize() if (!isBareMode()) { void skillChangeDetector.initialize() } // Event loop stall detector — logs when the main thread is blocked >500ms if (process.env.USER_TYPE === 'ant') { void import('./utils/eventLoopStallDetector.js').then(m => m.startEventLoopStallDetector(), ) } } function loadSettingsFromFlag(settingsFile: string): void { try { const trimmedSettings = settingsFile.trim() const looksLikeJson = trimmedSettings.startsWith('{') && trimmedSettings.endsWith('}') let settingsPath: string if (looksLikeJson) { // It's a JSON string - validate and create temp file const parsedJson = safeParseJSON(trimmedSettings) if (!parsedJson) { process.stderr.write( chalk.red('Error: Invalid JSON provided to --settings\n'), ) process.exit(1) } // Create a temporary file and write the JSON to it. // Use a content-hash-based path instead of random UUID to avoid // busting the Anthropic API prompt cache. The settings path ends up // in the Bash tool's sandbox denyWithinAllow list, which is part of // the tool description sent to the API. A random UUID per subprocess // changes the tool description on every query() call, invalidating // the cache prefix and causing a 12x input token cost penalty. // The content hash ensures identical settings produce the same path // across process boundaries (each SDK query() spawns a new process). settingsPath = generateTempFilePath('claude-settings', '.json', { contentHash: trimmedSettings, }) writeFileSync_DEPRECATED(settingsPath, trimmedSettings, 'utf8') } else { // It's a file path - resolve and validate by attempting to read const { resolvedPath: resolvedSettingsPath } = safeResolvePath( getFsImplementation(), settingsFile, ) try { readFileSync(resolvedSettingsPath, 'utf8') } catch (e) { if (isENOENT(e)) { process.stderr.write( chalk.red( `Error: Settings file not found: ${resolvedSettingsPath}\n`, ), ) process.exit(1) } throw e } settingsPath = resolvedSettingsPath } setFlagSettingsPath(settingsPath) resetSettingsCache() } catch (error) { if (error instanceof Error) { logError(error) } process.stderr.write( chalk.red(`Error processing settings: ${errorMessage(error)}\n`), ) process.exit(1) } } function loadSettingSourcesFromFlag(settingSourcesArg: string): void { try { const sources = parseSettingSourcesFlag(settingSourcesArg) setAllowedSettingSources(sources) resetSettingsCache() } catch (error) { if (error instanceof Error) { logError(error) } process.stderr.write( chalk.red(`Error processing --setting-sources: ${errorMessage(error)}\n`), ) process.exit(1) } } /** * Parse and load settings flags early, before init() * This ensures settings are filtered from the start of initialization */ function eagerLoadSettings(): void { profileCheckpoint('eagerLoadSettings_start') // Parse --settings flag early to ensure settings are loaded before init() const settingsFile = eagerParseCliFlag('--settings') if (settingsFile) { loadSettingsFromFlag(settingsFile) } // Parse --setting-sources flag early to control which sources are loaded const settingSourcesArg = eagerParseCliFlag('--setting-sources') if (settingSourcesArg !== undefined) { loadSettingSourcesFromFlag(settingSourcesArg) } profileCheckpoint('eagerLoadSettings_end') } function initializeEntrypoint(isNonInteractive: boolean): void { // Skip if already set (e.g., by SDK or other entrypoints) if (process.env.CLAUDE_CODE_ENTRYPOINT) { return } const cliArgs = process.argv.slice(2) // Check for MCP serve command (handle flags before mcp serve, e.g., --debug mcp serve) const mcpIndex = cliArgs.indexOf('mcp') if (mcpIndex !== -1 && cliArgs[mcpIndex + 1] === 'serve') { process.env.CLAUDE_CODE_ENTRYPOINT = 'mcp' return } if (isEnvTruthy(process.env.CLAUDE_CODE_ACTION)) { process.env.CLAUDE_CODE_ENTRYPOINT = 'claude-code-github-action' return } // Note: 'local-agent' entrypoint is set by the local agent mode launcher // via CLAUDE_CODE_ENTRYPOINT env var (handled by early return above) // Set based on interactive status process.env.CLAUDE_CODE_ENTRYPOINT = isNonInteractive ? 'sdk-cli' : 'cli' } // Set by early argv processing when `claude open ` is detected (interactive mode only) type PendingConnect = { url: string | undefined authToken: string | undefined dangerouslySkipPermissions: boolean } const _pendingConnect: PendingConnect | undefined = feature('DIRECT_CONNECT') ? { url: undefined, authToken: undefined, dangerouslySkipPermissions: false } : undefined // Set by early argv processing when `claude assistant [sessionId]` is detected type PendingAssistantChat = { sessionId?: string; discover: boolean } const _pendingAssistantChat: PendingAssistantChat | undefined = feature( 'KAIROS', ) ? { sessionId: undefined, discover: false } : undefined // `claude ssh [dir]` — parsed from argv early (same pattern as // DIRECT_CONNECT above) so the main command path can pick it up and hand // the REPL an SSH-backed session instead of a local one. type PendingSSH = { host: string | undefined cwd: string | undefined permissionMode: string | undefined dangerouslySkipPermissions: boolean /** --local: spawn the child CLI directly, skip ssh/probe/deploy. e2e test mode. */ local: boolean /** Extra CLI args to forward to the remote CLI on initial spawn (--resume, -c). */ extraCliArgs: string[] } const _pendingSSH: PendingSSH | undefined = feature('SSH_REMOTE') ? { host: undefined, cwd: undefined, permissionMode: undefined, dangerouslySkipPermissions: false, local: false, extraCliArgs: [], } : undefined export async function main() { profileCheckpoint('main_function_start') // SECURITY: Prevent Windows from executing commands from current directory // This must be set before ANY command execution to prevent PATH hijacking attacks // See: https://docs.microsoft.com/en-us/windows/win32/api/processenv/nf-processenv-searchpathw process.env.NoDefaultCurrentDirectoryInExePath = '1' // Initialize warning handler early to catch warnings initializeWarningHandler() process.on('exit', () => { resetCursor() }) process.on('SIGINT', () => { // In print mode, print.ts registers its own SIGINT handler that aborts // the in-flight query and calls gracefulShutdown; skip here to avoid // preempting it with a synchronous process.exit(). if (process.argv.includes('-p') || process.argv.includes('--print')) { return } process.exit(0) }) profileCheckpoint('main_warning_handler_initialized') // Check for cc:// or cc+unix:// URL in argv — rewrite so the main command // handles it, giving the full interactive TUI instead of a stripped-down subcommand. // For headless (-p), we rewrite to the internal `open` subcommand. if (feature('DIRECT_CONNECT')) { const rawCliArgs = process.argv.slice(2) const ccIdx = rawCliArgs.findIndex( a => a.startsWith('cc://') || a.startsWith('cc+unix://'), ) if (ccIdx !== -1 && _pendingConnect) { const ccUrl = rawCliArgs[ccIdx]! const { parseConnectUrl } = await import('./server/parseConnectUrl.js') const parsed = parseConnectUrl(ccUrl) _pendingConnect.dangerouslySkipPermissions = rawCliArgs.includes( '--dangerously-skip-permissions', ) if (rawCliArgs.includes('-p') || rawCliArgs.includes('--print')) { // Headless: rewrite to internal `open` subcommand const stripped = rawCliArgs.filter((_, i) => i !== ccIdx) const dspIdx = stripped.indexOf('--dangerously-skip-permissions') if (dspIdx !== -1) { stripped.splice(dspIdx, 1) } process.argv = [ process.argv[0]!, process.argv[1]!, 'open', ccUrl, ...stripped, ] } else { // Interactive: strip cc:// URL and flags, run main command _pendingConnect.url = parsed.serverUrl _pendingConnect.authToken = parsed.authToken const stripped = rawCliArgs.filter((_, i) => i !== ccIdx) const dspIdx = stripped.indexOf('--dangerously-skip-permissions') if (dspIdx !== -1) { stripped.splice(dspIdx, 1) } process.argv = [process.argv[0]!, process.argv[1]!, ...stripped] } } } // Handle deep link URIs early — this is invoked by the OS protocol handler // and should bail out before full init since it only needs to parse the URI // and open a terminal. if (feature('LODESTONE')) { const handleUriIdx = process.argv.indexOf('--handle-uri') if (handleUriIdx !== -1 && process.argv[handleUriIdx + 1]) { const { enableConfigs } = await import('./utils/config.js') enableConfigs() const uri = process.argv[handleUriIdx + 1]! const { handleDeepLinkUri } = await import( './utils/deepLink/protocolHandler.js' ) const exitCode = await handleDeepLinkUri(uri) process.exit(exitCode) } // macOS URL handler: when LaunchServices launches our .app bundle, the // URL arrives via Apple Event (not argv). LaunchServices overwrites // __CFBundleIdentifier to the launching bundle's ID, which is a precise // positive signal — cheaper than importing and guessing with heuristics. if ( process.platform === 'darwin' && process.env.__CFBundleIdentifier === 'com.anthropic.claude-code-url-handler' ) { const { enableConfigs } = await import('./utils/config.js') enableConfigs() const { handleUrlSchemeLaunch } = await import( './utils/deepLink/protocolHandler.js' ) const urlSchemeResult = await handleUrlSchemeLaunch() process.exit(urlSchemeResult ?? 1) } } // `claude assistant [sessionId]` — stash and strip so the main // command handles it, giving the full interactive TUI. Position-0 only // (matching the ssh pattern below) — indexOf would false-positive on // `claude -p "explain assistant"`. Root-flag-before-subcommand // (e.g. `--debug assistant`) falls through to the stub, which // prints usage. if (feature('KAIROS') && _pendingAssistantChat) { const rawArgs = process.argv.slice(2) if (rawArgs[0] === 'assistant') { const nextArg = rawArgs[1] if (nextArg && !nextArg.startsWith('-')) { _pendingAssistantChat.sessionId = nextArg rawArgs.splice(0, 2) // drop 'assistant' and sessionId process.argv = [process.argv[0]!, process.argv[1]!, ...rawArgs] } else if (!nextArg) { _pendingAssistantChat.discover = true rawArgs.splice(0, 1) // drop 'assistant' process.argv = [process.argv[0]!, process.argv[1]!, ...rawArgs] } // else: `claude assistant --help` → fall through to stub } } // `claude ssh [dir]` — strip from argv so the main command handler // runs (full interactive TUI), stash the host/dir for the REPL branch at // ~line 3720 to pick up. Headless (-p) mode not supported in v1: SSH // sessions need the local REPL to drive them (interrupt, permissions). if (feature('SSH_REMOTE') && _pendingSSH) { const rawCliArgs = process.argv.slice(2) // SSH-specific flags can appear before the host positional (e.g. // `ssh --permission-mode auto host /tmp` — standard POSIX flags-before- // positionals). Pull them all out BEFORE checking whether a host was // given, so `claude ssh --permission-mode auto host` and `claude ssh host // --permission-mode auto` are equivalent. The host check below only needs // to guard against `-h`/`--help` (which commander should handle). if (rawCliArgs[0] === 'ssh') { const localIdx = rawCliArgs.indexOf('--local') if (localIdx !== -1) { _pendingSSH.local = true rawCliArgs.splice(localIdx, 1) } const dspIdx = rawCliArgs.indexOf('--dangerously-skip-permissions') if (dspIdx !== -1) { _pendingSSH.dangerouslySkipPermissions = true rawCliArgs.splice(dspIdx, 1) } const pmIdx = rawCliArgs.indexOf('--permission-mode') if ( pmIdx !== -1 && rawCliArgs[pmIdx + 1] && !rawCliArgs[pmIdx + 1]!.startsWith('-') ) { _pendingSSH.permissionMode = rawCliArgs[pmIdx + 1] rawCliArgs.splice(pmIdx, 2) } const pmEqIdx = rawCliArgs.findIndex(a => a.startsWith('--permission-mode='), ) if (pmEqIdx !== -1) { _pendingSSH.permissionMode = rawCliArgs[pmEqIdx]!.split('=')[1] rawCliArgs.splice(pmEqIdx, 1) } // Forward session-resume + model flags to the remote CLI's initial spawn. // --continue/-c and --resume operate on the REMOTE session history // (which persists under the remote's ~/.claude/projects//). // --model controls which model the remote uses. const extractFlag = ( flag: string, opts: { hasValue?: boolean; as?: string } = {}, ) => { const i = rawCliArgs.indexOf(flag) if (i !== -1) { _pendingSSH.extraCliArgs.push(opts.as ?? flag) const val = rawCliArgs[i + 1] if (opts.hasValue && val && !val.startsWith('-')) { _pendingSSH.extraCliArgs.push(val) rawCliArgs.splice(i, 2) } else { rawCliArgs.splice(i, 1) } } const eqI = rawCliArgs.findIndex(a => a.startsWith(`${flag}=`)) if (eqI !== -1) { _pendingSSH.extraCliArgs.push( opts.as ?? flag, rawCliArgs[eqI]!.slice(flag.length + 1), ) rawCliArgs.splice(eqI, 1) } } extractFlag('-c', { as: '--continue' }) extractFlag('--continue') extractFlag('--resume', { hasValue: true }) extractFlag('--model', { hasValue: true }) } // After pre-extraction, any remaining dash-arg at [1] is either -h/--help // (commander handles) or an unknown-to-ssh flag (fall through to commander // so it surfaces a proper error). Only a non-dash arg is the host. if ( rawCliArgs[0] === 'ssh' && rawCliArgs[1] && !rawCliArgs[1].startsWith('-') ) { _pendingSSH.host = rawCliArgs[1] // Optional positional cwd. let consumed = 2 if (rawCliArgs[2] && !rawCliArgs[2].startsWith('-')) { _pendingSSH.cwd = rawCliArgs[2] consumed = 3 } const rest = rawCliArgs.slice(consumed) // Headless (-p) mode is not supported with SSH in v1 — reject early // so the flag doesn't silently cause local execution. if (rest.includes('-p') || rest.includes('--print')) { process.stderr.write( 'Error: headless (-p/--print) mode is not supported with claude ssh\n', ) gracefulShutdownSync(1) return } // Rewrite argv so the main command sees remaining flags but not `ssh`. process.argv = [process.argv[0]!, process.argv[1]!, ...rest] } } // Check for -p/--print and --init-only flags early to set isInteractiveSession before init() // This is needed because telemetry initialization calls auth functions that need this flag const cliArgs = process.argv.slice(2) const hasPrintFlag = cliArgs.includes('-p') || cliArgs.includes('--print') const hasInitOnlyFlag = cliArgs.includes('--init-only') const hasSdkUrl = cliArgs.some(arg => arg.startsWith('--sdk-url')) const isNonInteractive = hasPrintFlag || hasInitOnlyFlag || hasSdkUrl || !process.stdout.isTTY // Stop capturing early input for non-interactive modes if (isNonInteractive) { stopCapturingEarlyInput() } // Set simplified tracking fields const isInteractive = !isNonInteractive setIsInteractive(isInteractive) // Initialize entrypoint based on mode - needs to be set before any event is logged initializeEntrypoint(isNonInteractive) // Determine client type const clientType = (() => { if (isEnvTruthy(process.env.GITHUB_ACTIONS)) return 'github-action' if (process.env.CLAUDE_CODE_ENTRYPOINT === 'sdk-ts') return 'sdk-typescript' if (process.env.CLAUDE_CODE_ENTRYPOINT === 'sdk-py') return 'sdk-python' if (process.env.CLAUDE_CODE_ENTRYPOINT === 'sdk-cli') return 'sdk-cli' if (process.env.CLAUDE_CODE_ENTRYPOINT === 'claude-vscode') return 'claude-vscode' if (process.env.CLAUDE_CODE_ENTRYPOINT === 'local-agent') return 'local-agent' if (process.env.CLAUDE_CODE_ENTRYPOINT === 'claude-desktop') return 'claude-desktop' // Check if session-ingress token is provided (indicates remote session) const hasSessionIngressToken = process.env.CLAUDE_CODE_SESSION_ACCESS_TOKEN || process.env.CLAUDE_CODE_WEBSOCKET_AUTH_FILE_DESCRIPTOR if ( process.env.CLAUDE_CODE_ENTRYPOINT === 'remote' || hasSessionIngressToken ) { return 'remote' } return 'cli' })() setClientType(clientType) const previewFormat = process.env.CLAUDE_CODE_QUESTION_PREVIEW_FORMAT if (previewFormat === 'markdown' || previewFormat === 'html') { setQuestionPreviewFormat(previewFormat) } else if ( !clientType.startsWith('sdk-') && // Desktop and CCR pass previewFormat via toolConfig; when the feature is // gated off they pass undefined — don't override that with markdown. clientType !== 'claude-desktop' && clientType !== 'local-agent' && clientType !== 'remote' ) { setQuestionPreviewFormat('markdown') } // Tag sessions created via `claude remote-control` so the backend can identify them if (process.env.CLAUDE_CODE_ENVIRONMENT_KIND === 'bridge') { setSessionSource('remote-control') } profileCheckpoint('main_client_type_determined') // Parse and load settings flags early, before init() eagerLoadSettings() profileCheckpoint('main_before_run') await run() profileCheckpoint('main_after_run') } async function getInputPrompt( prompt: string, inputFormat: 'text' | 'stream-json', ): Promise> { if ( !process.stdin.isTTY && // Input hijacking breaks MCP. !process.argv.includes('mcp') ) { if (inputFormat === 'stream-json') { return process.stdin } process.stdin.setEncoding('utf8') let data = '' const onData = (chunk: string) => { data += chunk } process.stdin.on('data', onData) // If no data arrives in 3s, stop waiting and warn. Stdin is likely an // inherited pipe from a parent that isn't writing (subprocess spawned // without explicit stdin handling). 3s covers slow producers like curl, // jq on large files, python with import overhead. The warning makes // silent data loss visible for the rare producer that's slower still. const timedOut = await peekForStdinData(process.stdin, 3000) process.stdin.off('data', onData) if (timedOut) { process.stderr.write( 'Warning: no stdin data received in 3s, proceeding without it. ' + 'If piping from a slow command, redirect stdin explicitly: < /dev/null to skip, or wait longer.\n', ) } return [prompt, data].filter(Boolean).join('\n') } return prompt } async function run(): Promise { profileCheckpoint('run_function_start') // Create help config that sorts options by long option name. // Commander supports compareOptions at runtime but @commander-js/extra-typings // doesn't include it in the type definitions, so we use Object.assign to add it. function createSortedHelpConfig(): { sortSubcommands: true sortOptions: true } { const getOptionSortKey = (opt: Option): string => opt.long?.replace(/^--/, '') ?? opt.short?.replace(/^-/, '') ?? '' return Object.assign( { sortSubcommands: true, sortOptions: true } as const, { compareOptions: (a: Option, b: Option) => getOptionSortKey(a).localeCompare(getOptionSortKey(b)), }, ) } const program = new CommanderCommand() .configureHelp(createSortedHelpConfig()) .enablePositionalOptions() profileCheckpoint('run_commander_initialized') // Use preAction hook to run initialization only when executing a command, // not when displaying help. This avoids the need for env variable signaling. program.hook('preAction', async thisCommand => { profileCheckpoint('preAction_start') // Await async subprocess loads started at module evaluation (lines 12-20). // Nearly free — subprocesses complete during the ~135ms of imports above. // Must resolve before init() which triggers the first settings read // (applySafeConfigEnvironmentVariables → getSettingsForSource('policySettings') // → isRemoteManagedSettingsEligible → sync keychain reads otherwise ~65ms). await Promise.all([ ensureMdmSettingsLoaded(), ensureKeychainPrefetchCompleted(), ]) profileCheckpoint('preAction_after_mdm') await init() profileCheckpoint('preAction_after_init') // process.title on Windows sets the console title directly; on POSIX, // terminal shell integration may mirror the process name to the tab. // After init() so settings.json env can also gate this (gh-4765). if (!isEnvTruthy(process.env.CLAUDE_CODE_DISABLE_TERMINAL_TITLE)) { process.title = 'claude' } // Attach logging sinks so subcommand handlers can use logEvent/logError. // Before PR #11106 logEvent dispatched directly; after, events queue until // a sink attaches. setup() attaches sinks for the default command, but // subcommands (doctor, mcp, plugin, auth) never call setup() and would // silently drop events on process.exit(). Both inits are idempotent. const { initSinks } = await import('./utils/sinks.js') initSinks() profileCheckpoint('preAction_after_sinks') // gh-33508: --plugin-dir is a top-level program option. The default // action reads it from its own options destructure, but subcommands // (plugin list, plugin install, mcp *) have their own actions and // never see it. Wire it up here so getInlinePlugins() works everywhere. // thisCommand.opts() is typed {} here because this hook is attached // before .option('--plugin-dir', ...) in the chain — extra-typings // builds the type as options are added. Narrow with a runtime guard; // the collect accumulator + [] default guarantee string[] in practice. const pluginDir = thisCommand.getOptionValue('pluginDir') if ( Array.isArray(pluginDir) && pluginDir.length > 0 && pluginDir.every(p => typeof p === 'string') ) { setInlinePlugins(pluginDir) clearPluginCache('preAction: --plugin-dir inline plugins') } runMigrations() profileCheckpoint('preAction_after_migrations') // Load remote managed settings for enterprise customers (non-blocking) // Fails open - if fetch fails, continues without remote settings // Settings are applied via hot-reload when they arrive // Must happen after init() to ensure config reading is allowed void loadRemoteManagedSettings() void loadPolicyLimits() profileCheckpoint('preAction_after_remote_settings') // Load settings sync (non-blocking, fail-open) // CLI: uploads local settings to remote (CCR download is handled by print.ts) if (feature('UPLOAD_USER_SETTINGS')) { void import('./services/settingsSync/index.js').then(m => m.uploadUserSettingsInBackground(), ) } profileCheckpoint('preAction_after_settings_sync') }) program .name('claude') .description( `Claude Code - starts an interactive session by default, use -p/--print for non-interactive output`, ) .argument('[prompt]', 'Your prompt', String) // Subcommands inherit helpOption via commander's copyInheritedSettings — // setting it once here covers mcp, plugin, auth, and all other subcommands. .helpOption('-h, --help', 'Display help for command') .option( '-d, --debug [filter]', 'Enable debug mode with optional category filtering (e.g., "api,hooks" or "!1p,!file")', (_value: string | true) => { // If value is provided, it will be the filter string // If not provided but flag is present, value will be true // The actual filtering is handled in debug.ts by parsing process.argv return true }, ) .addOption( new Option('-d2e, --debug-to-stderr', 'Enable debug mode (to stderr)') .argParser(Boolean) .hideHelp(), ) .option( '--debug-file ', 'Write debug logs to a specific file path (implicitly enables debug mode)', () => true, ) .option( '--verbose', 'Override verbose mode setting from config', () => true, ) .option( '-p, --print', 'Print response and exit (useful for pipes). Note: The workspace trust dialog is skipped when Claude is run with the -p mode. Only use this flag in directories you trust.', () => true, ) .option( '--bare', 'Minimal mode: skip hooks, LSP, plugin sync, attribution, auto-memory, background prefetches, keychain reads, and CLAUDE.md auto-discovery. Sets CLAUDE_CODE_SIMPLE=1. Anthropic auth is strictly ANTHROPIC_API_KEY or apiKeyHelper via --settings (OAuth and keychain are never read). 3P providers (Bedrock/Vertex/Foundry) use their own credentials. Skills still resolve via /skill-name. Explicitly provide context via: --system-prompt[-file], --append-system-prompt[-file], --add-dir (CLAUDE.md dirs), --mcp-config, --settings, --agents, --plugin-dir.', () => true, ) .addOption( new Option( '--init', 'Run Setup hooks with init trigger, then continue', ).hideHelp(), ) .addOption( new Option( '--init-only', 'Run Setup and SessionStart:startup hooks, then exit', ).hideHelp(), ) .addOption( new Option( '--maintenance', 'Run Setup hooks with maintenance trigger, then continue', ).hideHelp(), ) .addOption( new Option( '--output-format ', 'Output format (only works with --print): "text" (default), "json" (single result), or "stream-json" (realtime streaming)', ).choices(['text', 'json', 'stream-json']), ) .addOption( new Option( '--json-schema ', 'JSON Schema for structured output validation. ' + 'Example: {"type":"object","properties":{"name":{"type":"string"}},"required":["name"]}', ).argParser(String), ) .option( '--include-hook-events', 'Include all hook lifecycle events in the output stream (only works with --output-format=stream-json)', () => true, ) .option( '--include-partial-messages', 'Include partial message chunks as they arrive (only works with --print and --output-format=stream-json)', () => true, ) .addOption( new Option( '--input-format ', 'Input format (only works with --print): "text" (default), or "stream-json" (realtime streaming input)', ).choices(['text', 'stream-json']), ) .option( '--mcp-debug', '[DEPRECATED. Use --debug instead] Enable MCP debug mode (shows MCP server errors)', () => true, ) .option( '--dangerously-skip-permissions', 'Bypass all permission checks. Recommended only for sandboxes with no internet access.', () => true, ) .option( '--allow-dangerously-skip-permissions', 'Enable bypassing all permission checks as an option, without it being enabled by default. Recommended only for sandboxes with no internet access.', () => true, ) .addOption( new Option( '--thinking ', 'Thinking mode: enabled (equivalent to adaptive), disabled', ) .choices(['enabled', 'adaptive', 'disabled']) .hideHelp(), ) .addOption( new Option( '--max-thinking-tokens ', '[DEPRECATED. Use --thinking instead for newer models] Maximum number of thinking tokens (only works with --print)', ) .argParser(Number) .hideHelp(), ) .addOption( new Option( '--max-turns ', 'Maximum number of agentic turns in non-interactive mode. This will early exit the conversation after the specified number of turns. (only works with --print)', ) .argParser(Number) .hideHelp(), ) .addOption( new Option( '--max-budget-usd ', 'Maximum dollar amount to spend on API calls (only works with --print)', ).argParser(value => { const amount = Number(value) if (isNaN(amount) || amount <= 0) { throw new Error( '--max-budget-usd must be a positive number greater than 0', ) } return amount }), ) .addOption( new Option( '--task-budget ', 'API-side task budget in tokens (output_config.task_budget)', ) .argParser(value => { const tokens = Number(value) if (isNaN(tokens) || tokens <= 0 || !Number.isInteger(tokens)) { throw new Error('--task-budget must be a positive integer') } return tokens }) .hideHelp(), ) .option( '--replay-user-messages', 'Re-emit user messages from stdin back on stdout for acknowledgment (only works with --input-format=stream-json and --output-format=stream-json)', () => true, ) .addOption( new Option( '--enable-auth-status', 'Enable auth status messages in SDK mode', ) .default(false) .hideHelp(), ) .option( '--allowedTools, --allowed-tools ', 'Comma or space-separated list of tool names to allow (e.g. "Bash(git:*) Edit")', ) .option( '--tools ', 'Specify the list of available tools from the built-in set. Use "" to disable all tools, "default" to use all tools, or specify tool names (e.g. "Bash,Edit,Read").', ) .option( '--disallowedTools, --disallowed-tools ', 'Comma or space-separated list of tool names to deny (e.g. "Bash(git:*) Edit")', ) .option( '--mcp-config ', 'Load MCP servers from JSON files or strings (space-separated)', ) .addOption( new Option( '--permission-prompt-tool ', 'MCP tool to use for permission prompts (only works with --print)', ) .argParser(String) .hideHelp(), ) .addOption( new Option( '--system-prompt ', 'System prompt to use for the session', ).argParser(String), ) .addOption( new Option( '--system-prompt-file ', 'Read system prompt from a file', ) .argParser(String) .hideHelp(), ) .addOption( new Option( '--append-system-prompt ', 'Append a system prompt to the default system prompt', ).argParser(String), ) .addOption( new Option( '--append-system-prompt-file ', 'Read system prompt from a file and append to the default system prompt', ) .argParser(String) .hideHelp(), ) .addOption( new Option( '--permission-mode ', 'Permission mode to use for the session', ) .argParser(String) .choices(PERMISSION_MODES), ) .option( '-c, --continue', 'Continue the most recent conversation in the current directory', () => true, ) .option( '-r, --resume [value]', 'Resume a conversation by session ID, or open interactive picker with optional search term', value => value || true, ) .option( '--fork-session', 'When resuming, create a new session ID instead of reusing the original (use with --resume or --continue)', () => true, ) .addOption( new Option( '--prefill ', 'Pre-fill the prompt input with text without submitting it', ).hideHelp(), ) .addOption( new Option( '--deep-link-origin', 'Signal that this session was launched from a deep link', ).hideHelp(), ) .addOption( new Option( '--deep-link-repo ', 'Repo slug the deep link ?repo= parameter resolved to the current cwd', ).hideHelp(), ) .addOption( new Option( '--deep-link-last-fetch ', 'FETCH_HEAD mtime in epoch ms, precomputed by the deep link trampoline', ) .argParser(v => { const n = Number(v) return Number.isFinite(n) ? n : undefined }) .hideHelp(), ) .option( '--from-pr [value]', 'Resume a session linked to a PR by PR number/URL, or open interactive picker with optional search term', value => value || true, ) .option( '--no-session-persistence', 'Disable session persistence - sessions will not be saved to disk and cannot be resumed (only works with --print)', ) .addOption( new Option( '--resume-session-at ', 'When resuming, only messages up to and including the assistant message with (use with --resume in print mode)', ) .argParser(String) .hideHelp(), ) .addOption( new Option( '--rewind-files ', 'Restore files to state at the specified user message and exit (requires --resume)', ).hideHelp(), ) // @[MODEL LAUNCH]: Update the example model ID in the --model help text. .option( '--model ', `Model for the current session. Provide an alias for the latest model (e.g. 'sonnet' or 'opus') or a model's full name (e.g. 'claude-sonnet-4-6').`, ) .addOption( new Option( '--effort ', `Effort level for the current session (low, medium, high, max)`, ).argParser((rawValue: string) => { const value = rawValue.toLowerCase() const allowed = ['low', 'medium', 'high', 'max'] if (!allowed.includes(value)) { throw new InvalidArgumentError( `It must be one of: ${allowed.join(', ')}`, ) } return value }), ) .option( '--agent ', `Agent for the current session. Overrides the 'agent' setting.`, ) .option( '--betas ', 'Beta headers to include in API requests (API key users only)', ) .option( '--fallback-model ', 'Enable automatic fallback to specified model when default model is overloaded (only works with --print)', ) .addOption( new Option( '--workload ', 'Workload tag for billing-header attribution (cc_workload). Process-scoped; set by SDK daemon callers that spawn subprocesses for cron work. (only works with --print)', ).hideHelp(), ) .option( '--settings ', 'Path to a settings JSON file or a JSON string to load additional settings from', ) .option( '--add-dir ', 'Additional directories to allow tool access to', ) .option( '--ide', 'Automatically connect to IDE on startup if exactly one valid IDE is available', () => true, ) .option( '--strict-mcp-config', 'Only use MCP servers from --mcp-config, ignoring all other MCP configurations', () => true, ) .option( '--session-id ', 'Use a specific session ID for the conversation (must be a valid UUID)', ) .option( '-n, --name ', 'Set a display name for this session (shown in /resume and terminal title)', ) .option( '--agents ', 'JSON object defining custom agents (e.g. \'{"reviewer": {"description": "Reviews code", "prompt": "You are a code reviewer"}}\')', ) .option( '--setting-sources ', 'Comma-separated list of setting sources to load (user, project, local).', ) // gh-33508: (variadic) consumed everything until the next // --flag. `claude --plugin-dir /path mcp add --transport http` swallowed // `mcp` and `add` as paths, then choked on --transport as an unknown // top-level option. Single-value + collect accumulator means each // --plugin-dir takes exactly one arg; repeat the flag for multiple dirs. .option( '--plugin-dir ', 'Load plugins from a directory for this session only (repeatable: --plugin-dir A --plugin-dir B)', (val: string, prev: string[]) => [...prev, val], [] as string[], ) .option('--disable-slash-commands', 'Disable all skills', () => true) .option('--chrome', 'Enable Claude in Chrome integration') .option('--no-chrome', 'Disable Claude in Chrome integration') .option( '--file ', 'File resources to download at startup. Format: file_id:relative_path (e.g., --file file_abc:doc.txt file_def:img.png)', ) .action(async (prompt, options) => { profileCheckpoint('action_handler_start') // --bare = one-switch minimal mode. Sets SIMPLE so all the existing // gates fire (CLAUDE.md, skills, hooks inside executeHooks, agent // dir-walk). Must be set before setup() / any of the gated work runs. if ((options as { bare?: boolean }).bare) { process.env.CLAUDE_CODE_SIMPLE = '1' } // Ignore "code" as a prompt - treat it the same as no prompt if (prompt === 'code') { logEvent('tengu_code_prompt_ignored', {}) // biome-ignore lint/suspicious/noConsole:: intentional console output console.warn( chalk.yellow('Tip: You can launch Claude Code with just `claude`'), ) prompt = undefined } // Log event for any single-word prompt if ( prompt && typeof prompt === 'string' && !/\s/.test(prompt) && prompt.length > 0 ) { logEvent('tengu_single_word_prompt', { length: prompt.length }) } // Assistant mode: when .claude/settings.json has assistant: true AND // the tengu_kairos GrowthBook gate is on, force brief on. Permission // mode is left to the user — settings defaultMode or --permission-mode // apply as normal. REPL-typed messages already default to 'next' // priority (messageQueueManager.enqueue) so they drain mid-turn between // tool calls. SendUserMessage (BriefTool) is enabled via the brief env // var. SleepTool stays disabled (its isEnabled() gates on proactive). // kairosEnabled is computed once here and reused at the // getAssistantSystemPromptAddendum() call site further down. // // Trust gate: .claude/settings.json is attacker-controllable in an // untrusted clone. We run ~1000 lines before showSetupScreens() shows // the trust dialog, and by then we've already appended // .claude/agents/assistant.md to the system prompt. Refuse to activate // until the directory has been explicitly trusted. let kairosEnabled = false let assistantTeamContext: | Awaited< ReturnType< NonNullable['initializeAssistantTeam'] > > | undefined if ( feature('KAIROS') && (options as { assistant?: boolean }).assistant && assistantModule ) { // --assistant (Agent SDK daemon mode): force the latch before // isAssistantMode() runs below. The daemon has already checked // entitlement — don't make the child re-check tengu_kairos. assistantModule.markAssistantForced() } if ( feature('KAIROS') && assistantModule?.isAssistantMode() && // Spawned teammates share the leader's cwd + settings.json, so // isAssistantMode() is true for them too. --agent-id being set // means we ARE a spawned teammate (extractTeammateOptions runs // ~170 lines later so check the raw commander option) — don't // re-init the team or override teammateMode/proactive/brief. !(options as { agentId?: unknown }).agentId && kairosGate ) { if (!checkHasTrustDialogAccepted()) { // biome-ignore lint/suspicious/noConsole:: intentional console output console.warn( chalk.yellow( 'Assistant mode disabled: directory is not trusted. Accept the trust dialog and restart.', ), ) } else { // Blocking gate check — returns cached `true` instantly; if disk // cache is false/missing, lazily inits GrowthBook and fetches fresh // (max ~5s). --assistant skips the gate entirely (daemon is // pre-entitled). kairosEnabled = assistantModule.isAssistantForced() || (await kairosGate.isKairosEnabled()) if (kairosEnabled) { const opts = options as { brief?: boolean } opts.brief = true setKairosActive(true) // Pre-seed an in-process team so Agent(name: "foo") spawns // teammates without TeamCreate. Must run BEFORE setup() captures // the teammateMode snapshot (initializeAssistantTeam calls // setCliTeammateModeOverride internally). assistantTeamContext = await assistantModule.initializeAssistantTeam() } } } const { debug = false, debugToStderr = false, dangerouslySkipPermissions, allowDangerouslySkipPermissions = false, tools: baseTools = [], allowedTools = [], disallowedTools = [], mcpConfig = [], permissionMode: permissionModeCli, addDir = [], fallbackModel, betas = [], ide = false, sessionId, includeHookEvents, includePartialMessages, } = options if (options.prefill) { seedEarlyInput(options.prefill) } // Promise for file downloads - started early, awaited before REPL renders let fileDownloadPromise: Promise | undefined const agentsJson = options.agents const agentCli = options.agent if (feature('BG_SESSIONS') && agentCli) { process.env.CLAUDE_CODE_AGENT = agentCli } // NOTE: LSP manager initialization is intentionally deferred until after // the trust dialog is accepted. This prevents plugin LSP servers from // executing code in untrusted directories before user consent. // Extract these separately so they can be modified if needed let outputFormat = options.outputFormat let inputFormat = options.inputFormat let verbose = options.verbose ?? getGlobalConfig().verbose let print = options.print const init = options.init ?? false const initOnly = options.initOnly ?? false const maintenance = options.maintenance ?? false // Extract disable slash commands flag const disableSlashCommands = options.disableSlashCommands || false // Extract tasks mode options (ant-only) const tasksOption = process.env.USER_TYPE === 'ant' && (options as { tasks?: boolean | string }).tasks const taskListId = tasksOption ? typeof tasksOption === 'string' ? tasksOption : DEFAULT_TASKS_MODE_TASK_LIST_ID : undefined if (process.env.USER_TYPE === 'ant' && taskListId) { process.env.CLAUDE_CODE_TASK_LIST_ID = taskListId } // Extract worktree option // worktree can be true (flag without value) or a string (custom name or PR reference) const worktreeOption = isWorktreeModeEnabled() ? (options as { worktree?: boolean | string }).worktree : undefined let worktreeName = typeof worktreeOption === 'string' ? worktreeOption : undefined const worktreeEnabled = worktreeOption !== undefined // Check if worktree name is a PR reference (#N or GitHub PR URL) let worktreePRNumber: number | undefined if (worktreeName) { const prNum = parsePRReference(worktreeName) if (prNum !== null) { worktreePRNumber = prNum worktreeName = undefined // slug will be generated in setup() } } // Extract tmux option (requires --worktree) const tmuxEnabled = isWorktreeModeEnabled() && (options as { tmux?: boolean }).tmux === true // Validate tmux option if (tmuxEnabled) { if (!worktreeEnabled) { process.stderr.write(chalk.red('Error: --tmux requires --worktree\n')) process.exit(1) } if (getPlatform() === 'windows') { process.stderr.write( chalk.red('Error: --tmux is not supported on Windows\n'), ) process.exit(1) } if (!(await isTmuxAvailable())) { process.stderr.write( chalk.red( `Error: tmux is not installed.\n${getTmuxInstallInstructions()}\n`, ), ) process.exit(1) } } // Extract teammate options (for tmux-spawned agents) // Declared outside the if block so it's accessible later for system prompt addendum let storedTeammateOpts: TeammateOptions | undefined if (isAgentSwarmsEnabled()) { // Extract agent identity options (for tmux-spawned agents) // These replace the CLAUDE_CODE_* environment variables const teammateOpts = extractTeammateOptions(options) storedTeammateOpts = teammateOpts // If any teammate identity option is provided, all three required ones must be present const hasAnyTeammateOpt = teammateOpts.agentId || teammateOpts.agentName || teammateOpts.teamName const hasAllRequiredTeammateOpts = teammateOpts.agentId && teammateOpts.agentName && teammateOpts.teamName if (hasAnyTeammateOpt && !hasAllRequiredTeammateOpts) { process.stderr.write( chalk.red( 'Error: --agent-id, --agent-name, and --team-name must all be provided together\n', ), ) process.exit(1) } // If teammate identity is provided via CLI, set up dynamicTeamContext if ( teammateOpts.agentId && teammateOpts.agentName && teammateOpts.teamName ) { getTeammateUtils().setDynamicTeamContext?.({ agentId: teammateOpts.agentId, agentName: teammateOpts.agentName, teamName: teammateOpts.teamName, color: teammateOpts.agentColor, planModeRequired: teammateOpts.planModeRequired ?? false, parentSessionId: teammateOpts.parentSessionId, }) } // Set teammate mode CLI override if provided // This must be done before setup() captures the snapshot if (teammateOpts.teammateMode) { getTeammateModeSnapshot().setCliTeammateModeOverride?.( teammateOpts.teammateMode, ) } } // Extract remote sdk options const sdkUrl = (options as { sdkUrl?: string }).sdkUrl ?? undefined // Allow env var to enable partial messages (used by sandbox gateway for baku) const effectiveIncludePartialMessages = includePartialMessages || isEnvTruthy(process.env.CLAUDE_CODE_INCLUDE_PARTIAL_MESSAGES) // Enable all hook event types when explicitly requested via SDK option // or when running in CLAUDE_CODE_REMOTE mode (CCR needs them). // Without this, only SessionStart and Setup events are emitted. if (includeHookEvents || isEnvTruthy(process.env.CLAUDE_CODE_REMOTE)) { setAllHookEventsEnabled(true) } // Auto-set input/output formats, verbose mode, and print mode when SDK URL is provided if (sdkUrl) { // If SDK URL is provided, automatically use stream-json formats unless explicitly set if (!inputFormat) { inputFormat = 'stream-json' } if (!outputFormat) { outputFormat = 'stream-json' } // Auto-enable verbose mode unless explicitly disabled or already set if (options.verbose === undefined) { verbose = true } // Auto-enable print mode unless explicitly disabled if (!options.print) { print = true } } // Extract teleport option const teleport = (options as { teleport?: string | true }).teleport ?? null // Extract remote option (can be true if no description provided, or a string) const remoteOption = (options as { remote?: string | true }).remote const remote = remoteOption === true ? '' : (remoteOption ?? null) // Extract --remote-control / --rc flag (enable bridge in interactive session) const remoteControlOption = (options as { remoteControl?: string | true }).remoteControl ?? (options as { rc?: string | true }).rc // Actual bridge check is deferred to after showSetupScreens() so that // trust is established and GrowthBook has auth headers. let remoteControl = false const remoteControlName = typeof remoteControlOption === 'string' && remoteControlOption.length > 0 ? remoteControlOption : undefined // Validate session ID if provided if (sessionId) { // Check for conflicting flags // --session-id can be used with --continue or --resume when --fork-session is also provided // (to specify a custom ID for the forked session) if ((options.continue || options.resume) && !options.forkSession) { process.stderr.write( chalk.red( 'Error: --session-id can only be used with --continue or --resume if --fork-session is also specified.\n', ), ) process.exit(1) } // When --sdk-url is provided (bridge/remote mode), the session ID is a // server-assigned tagged ID (e.g. "session_local_01...") rather than a // UUID. Skip UUID validation and local existence checks in that case. if (!sdkUrl) { const validatedSessionId = validateUuid(sessionId) if (!validatedSessionId) { process.stderr.write( chalk.red('Error: Invalid session ID. Must be a valid UUID.\n'), ) process.exit(1) } // Check if session ID already exists if (sessionIdExists(validatedSessionId)) { process.stderr.write( chalk.red( `Error: Session ID ${validatedSessionId} is already in use.\n`, ), ) process.exit(1) } } } // Download file resources if specified via --file flag const fileSpecs = (options as { file?: string[] }).file if (fileSpecs && fileSpecs.length > 0) { // Get session ingress token (provided by EnvManager via CLAUDE_CODE_SESSION_ACCESS_TOKEN) const sessionToken = getSessionIngressAuthToken() if (!sessionToken) { process.stderr.write( chalk.red( 'Error: Session token required for file downloads. CLAUDE_CODE_SESSION_ACCESS_TOKEN must be set.\n', ), ) process.exit(1) } // Resolve session ID: prefer remote session ID, fall back to internal session ID const fileSessionId = process.env.CLAUDE_CODE_REMOTE_SESSION_ID || getSessionId() const files = parseFileSpecs(fileSpecs) if (files.length > 0) { // Use ANTHROPIC_BASE_URL if set (by EnvManager), otherwise use OAuth config // This ensures consistency with session ingress API in all environments const config: FilesApiConfig = { baseUrl: process.env.ANTHROPIC_BASE_URL || getOauthConfig().BASE_API_URL, oauthToken: sessionToken, sessionId: fileSessionId, } // Start download without blocking startup - await before REPL renders fileDownloadPromise = downloadSessionFiles(files, config) } } // Get isNonInteractiveSession from state (was set before init()) const isNonInteractiveSession = getIsNonInteractiveSession() // Validate that fallback model is different from main model if (fallbackModel && options.model && fallbackModel === options.model) { process.stderr.write( chalk.red( 'Error: Fallback model cannot be the same as the main model. Please specify a different model for --fallback-model.\n', ), ) process.exit(1) } // Handle system prompt options let systemPrompt = options.systemPrompt if (options.systemPromptFile) { if (options.systemPrompt) { process.stderr.write( chalk.red( 'Error: Cannot use both --system-prompt and --system-prompt-file. Please use only one.\n', ), ) process.exit(1) } try { const filePath = resolve(options.systemPromptFile) systemPrompt = readFileSync(filePath, 'utf8') } catch (error) { const code = getErrnoCode(error) if (code === 'ENOENT') { process.stderr.write( chalk.red( `Error: System prompt file not found: ${resolve(options.systemPromptFile)}\n`, ), ) process.exit(1) } process.stderr.write( chalk.red( `Error reading system prompt file: ${errorMessage(error)}\n`, ), ) process.exit(1) } } // Handle append system prompt options let appendSystemPrompt = options.appendSystemPrompt if (options.appendSystemPromptFile) { if (options.appendSystemPrompt) { process.stderr.write( chalk.red( 'Error: Cannot use both --append-system-prompt and --append-system-prompt-file. Please use only one.\n', ), ) process.exit(1) } try { const filePath = resolve(options.appendSystemPromptFile) appendSystemPrompt = readFileSync(filePath, 'utf8') } catch (error) { const code = getErrnoCode(error) if (code === 'ENOENT') { process.stderr.write( chalk.red( `Error: Append system prompt file not found: ${resolve(options.appendSystemPromptFile)}\n`, ), ) process.exit(1) } process.stderr.write( chalk.red( `Error reading append system prompt file: ${errorMessage(error)}\n`, ), ) process.exit(1) } } // Add teammate-specific system prompt addendum for tmux teammates if ( isAgentSwarmsEnabled() && storedTeammateOpts?.agentId && storedTeammateOpts?.agentName && storedTeammateOpts?.teamName ) { const addendum = getTeammatePromptAddendum().TEAMMATE_SYSTEM_PROMPT_ADDENDUM appendSystemPrompt = appendSystemPrompt ? `${appendSystemPrompt}\n\n${addendum}` : addendum } const { mode: permissionMode, notification: permissionModeNotification } = initialPermissionModeFromCLI({ permissionModeCli, dangerouslySkipPermissions, }) // Store session bypass permissions mode for trust dialog check setSessionBypassPermissionsMode(permissionMode === 'bypassPermissions') if (feature('TRANSCRIPT_CLASSIFIER')) { // autoModeFlagCli is the "did the user intend auto this session" signal. // Set when: --enable-auto-mode, --permission-mode auto, resolved mode // is auto, OR settings defaultMode is auto but the gate denied it // (permissionMode resolved to default with no explicit CLI override). // Used by verifyAutoModeGateAccess to decide whether to notify on // auto-unavailable, and by tengu_auto_mode_config opt-in carousel. if ( (options as { enableAutoMode?: boolean }).enableAutoMode || permissionModeCli === 'auto' || permissionMode === 'auto' || (!permissionModeCli && isDefaultPermissionModeAuto()) ) { autoModeStateModule?.setAutoModeFlagCli(true) } } // Parse the MCP config files/strings if provided let dynamicMcpConfig: Record = {} if (mcpConfig && mcpConfig.length > 0) { // Process mcpConfig array const processedConfigs = mcpConfig .map(config => config.trim()) .filter(config => config.length > 0) let allConfigs: Record = {} const allErrors: ValidationError[] = [] for (const configItem of processedConfigs) { let configs: Record | null = null let errors: ValidationError[] = [] // First try to parse as JSON string const parsedJson = safeParseJSON(configItem) if (parsedJson) { const result = parseMcpConfig({ configObject: parsedJson, filePath: 'command line', expandVars: true, scope: 'dynamic', }) if (result.config) { configs = result.config.mcpServers } else { errors = result.errors } } else { // Try as file path const configPath = resolve(configItem) const result = parseMcpConfigFromFilePath({ filePath: configPath, expandVars: true, scope: 'dynamic', }) if (result.config) { configs = result.config.mcpServers } else { errors = result.errors } } if (errors.length > 0) { allErrors.push(...errors) } else if (configs) { // Merge configs, later ones override earlier ones allConfigs = { ...allConfigs, ...configs } } } if (allErrors.length > 0) { const formattedErrors = allErrors .map(err => `${err.path ? err.path + ': ' : ''}${err.message}`) .join('\n') logForDebugging( `--mcp-config validation failed (${allErrors.length} errors): ${formattedErrors}`, { level: 'error' }, ) process.stderr.write( `Error: Invalid MCP configuration:\n${formattedErrors}\n`, ) process.exit(1) } if (Object.keys(allConfigs).length > 0) { // SDK hosts (Nest/Desktop) own their server naming and may reuse // built-in names — skip reserved-name checks for type:'sdk'. const nonSdkConfigNames = Object.entries(allConfigs) .filter(([, config]) => config.type !== 'sdk') .map(([name]) => name) let reservedNameError: string | null = null if (nonSdkConfigNames.some(isClaudeInChromeMCPServer)) { reservedNameError = `Invalid MCP configuration: "${CLAUDE_IN_CHROME_MCP_SERVER_NAME}" is a reserved MCP name.` } else if (feature('CHICAGO_MCP')) { const { isComputerUseMCPServer, COMPUTER_USE_MCP_SERVER_NAME } = await import('src/utils/computerUse/common.js') if (nonSdkConfigNames.some(isComputerUseMCPServer)) { reservedNameError = `Invalid MCP configuration: "${COMPUTER_USE_MCP_SERVER_NAME}" is a reserved MCP name.` } } if (reservedNameError) { // stderr+exit(1) — a throw here becomes a silent unhandled // rejection in stream-json mode (void main() in cli.tsx). process.stderr.write(`Error: ${reservedNameError}\n`) process.exit(1) } // Add dynamic scope to all configs. type:'sdk' entries pass through // unchanged — they're extracted into sdkMcpConfigs downstream and // passed to print.ts. The Python SDK relies on this path (it doesn't // send sdkMcpServers in the initialize message). Dropping them here // broke Coworker (inc-5122). The policy filter below already exempts // type:'sdk', and the entries are inert without an SDK transport on // stdin, so there's no bypass risk from letting them through. const scopedConfigs = mapValues(allConfigs, config => ({ ...config, scope: 'dynamic' as const, })) // Enforce managed policy (allowedMcpServers / deniedMcpServers) on // --mcp-config servers. Without this, the CLI flag bypasses the // enterprise allowlist that user/project/local configs go through in // getClaudeCodeMcpConfigs — callers spread dynamicMcpConfig back on // top of filtered results. Filter here at the source so all // downstream consumers see the policy-filtered set. const { allowed, blocked } = filterMcpServersByPolicy(scopedConfigs) if (blocked.length > 0) { process.stderr.write( `Warning: MCP ${plural(blocked.length, 'server')} blocked by enterprise policy: ${blocked.join(', ')}\n`, ) } dynamicMcpConfig = { ...dynamicMcpConfig, ...allowed } } } // Extract Claude in Chrome option and enforce claude.ai subscriber check (unless user is ant) const chromeOpts = options as { chrome?: boolean } // Store the explicit CLI flag so teammates can inherit it setChromeFlagOverride(chromeOpts.chrome) const enableClaudeInChrome = shouldEnableClaudeInChrome(chromeOpts.chrome) && (process.env.USER_TYPE === 'ant' || isClaudeAISubscriber()) const autoEnableClaudeInChrome = !enableClaudeInChrome && shouldAutoEnableClaudeInChrome() if (enableClaudeInChrome) { const platform = getPlatform() try { logEvent('tengu_claude_in_chrome_setup', { platform: platform as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, }) const { mcpConfig: chromeMcpConfig, allowedTools: chromeMcpTools, systemPrompt: chromeSystemPrompt, } = setupClaudeInChrome() dynamicMcpConfig = { ...dynamicMcpConfig, ...chromeMcpConfig } allowedTools.push(...chromeMcpTools) if (chromeSystemPrompt) { appendSystemPrompt = appendSystemPrompt ? `${chromeSystemPrompt}\n\n${appendSystemPrompt}` : chromeSystemPrompt } } catch (error) { logEvent('tengu_claude_in_chrome_setup_failed', { platform: platform as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, }) logForDebugging(`[Claude in Chrome] Error: ${error}`) logError(error) // biome-ignore lint/suspicious/noConsole:: intentional console output console.error(`Error: Failed to run with Claude in Chrome.`) process.exit(1) } } else if (autoEnableClaudeInChrome) { try { const { mcpConfig: chromeMcpConfig } = setupClaudeInChrome() dynamicMcpConfig = { ...dynamicMcpConfig, ...chromeMcpConfig } const hint = feature('WEB_BROWSER_TOOL') && typeof Bun !== 'undefined' && 'WebView' in Bun ? CLAUDE_IN_CHROME_SKILL_HINT_WITH_WEBBROWSER : CLAUDE_IN_CHROME_SKILL_HINT appendSystemPrompt = appendSystemPrompt ? `${appendSystemPrompt}\n\n${hint}` : hint } catch (error) { // Silently skip any errors for the auto-enable logForDebugging(`[Claude in Chrome] Error (auto-enable): ${error}`) } } // Extract strict MCP config flag const strictMcpConfig = options.strictMcpConfig || false // Check if enterprise MCP configuration exists. When it does, only allow dynamic MCP // configs that contain special server types (sdk) if (doesEnterpriseMcpConfigExist()) { if (strictMcpConfig) { process.stderr.write( chalk.red( 'You cannot use --strict-mcp-config when an enterprise MCP config is present', ), ) process.exit(1) } // For --mcp-config, allow if all servers are internal types (sdk) if ( dynamicMcpConfig && !areMcpConfigsAllowedWithEnterpriseMcpConfig(dynamicMcpConfig) ) { process.stderr.write( chalk.red( 'You cannot dynamically configure MCP servers when an enterprise MCP config is present', ), ) process.exit(1) } } // chicago MCP: guarded Computer Use (app allowlist + frontmost gate + // SCContentFilter screenshots). Ant-only, GrowthBook-gated — failures // are silent (this is dogfooding). Platform + interactive checks inline // so non-macOS / print-mode ants skip the heavy @ant/computer-use-mcp // import entirely. gates.js is light (type-only package import). // // Placed AFTER the enterprise-MCP-config check: that check rejects any // dynamicMcpConfig entry with `type !== 'sdk'`, and our config is // `type: 'stdio'`. An enterprise-config ant with the GB gate on would // otherwise process.exit(1). Chrome has the same latent issue but has // shipped without incident; chicago places itself correctly. if ( feature('CHICAGO_MCP') && getPlatform() === 'macos' && !getIsNonInteractiveSession() ) { try { const { getChicagoEnabled } = await import( 'src/utils/computerUse/gates.js' ) if (getChicagoEnabled()) { const { setupComputerUseMCP } = await import( 'src/utils/computerUse/setup.js' ) const { mcpConfig, allowedTools: cuTools } = setupComputerUseMCP() dynamicMcpConfig = { ...dynamicMcpConfig, ...mcpConfig } allowedTools.push(...cuTools) } } catch (error) { logForDebugging( `[Computer Use MCP] Setup failed: ${errorMessage(error)}`, ) } } // Store additional directories for CLAUDE.md loading (controlled by env var) setAdditionalDirectoriesForClaudeMd(addDir) // Channel server allowlist from --channels flag — servers whose // inbound push notifications should register this session. The option // is added inside a feature() block so TS doesn't know about it // on the options type — same pattern as --assistant at main.tsx:1824. // devChannels is deferred: showSetupScreens shows a confirmation dialog // and only appends to allowedChannels on accept. let devChannels: ChannelEntry[] | undefined if (feature('KAIROS') || feature('KAIROS_CHANNELS')) { // Parse plugin:name@marketplace / server:Y tags into typed entries. // Tag decides trust model downstream: plugin-kind hits marketplace // verification + GrowthBook allowlist, server-kind always fails // allowlist (schema is plugin-only) unless dev flag is set. // Untagged or marketplace-less plugin entries are hard errors — // silently not-matching in the gate would look like channels are // "on" but nothing ever fires. const parseChannelEntries = ( raw: string[], flag: string, ): ChannelEntry[] => { const entries: ChannelEntry[] = [] const bad: string[] = [] for (const c of raw) { if (c.startsWith('plugin:')) { const rest = c.slice(7) const at = rest.indexOf('@') if (at <= 0 || at === rest.length - 1) { bad.push(c) } else { entries.push({ kind: 'plugin', name: rest.slice(0, at), marketplace: rest.slice(at + 1), }) } } else if (c.startsWith('server:') && c.length > 7) { entries.push({ kind: 'server', name: c.slice(7) }) } else { bad.push(c) } } if (bad.length > 0) { process.stderr.write( chalk.red( `${flag} entries must be tagged: ${bad.join(', ')}\n` + ` plugin:@ — plugin-provided channel (allowlist enforced)\n` + ` server: — manually configured MCP server\n`, ), ) process.exit(1) } return entries } const channelOpts = options as { channels?: string[] dangerouslyLoadDevelopmentChannels?: string[] } const rawChannels = channelOpts.channels const rawDev = channelOpts.dangerouslyLoadDevelopmentChannels // Always parse + set. ChannelsNotice reads getAllowedChannels() and // renders the appropriate branch (disabled/noAuth/policyBlocked/ // listening) in the startup screen. gateChannelServer() enforces. // --channels works in both interactive and print/SDK modes; dev-channels // stays interactive-only (requires a confirmation dialog). let channelEntries: ChannelEntry[] = [] if (rawChannels && rawChannels.length > 0) { channelEntries = parseChannelEntries(rawChannels, '--channels') setAllowedChannels(channelEntries) } if (!isNonInteractiveSession) { if (rawDev && rawDev.length > 0) { devChannels = parseChannelEntries( rawDev, '--dangerously-load-development-channels', ) } } // Flag-usage telemetry. Plugin identifiers are logged (same tier as // tengu_plugin_installed — public-registry-style names); server-kind // names are not (MCP-server-name tier, opt-in-only elsewhere). // Per-server gate outcomes land in tengu_mcp_channel_gate once // servers connect. Dev entries go through a confirmation dialog after // this — dev_plugins captures what was typed, not what was accepted. if (channelEntries.length > 0 || (devChannels?.length ?? 0) > 0) { const joinPluginIds = (entries: ChannelEntry[]) => { const ids = entries.flatMap(e => e.kind === 'plugin' ? [`${e.name}@${e.marketplace}`] : [], ) return ids.length > 0 ? (ids .sort() .join( ',', ) as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS) : undefined } logEvent('tengu_mcp_channel_flags', { channels_count: channelEntries.length, dev_count: devChannels?.length ?? 0, plugins: joinPluginIds(channelEntries), dev_plugins: joinPluginIds(devChannels ?? []), }) } } // SDK opt-in for SendUserMessage via --tools. All sessions require // explicit opt-in; listing it in --tools signals intent. Runs BEFORE // initializeToolPermissionContext so getToolsForDefaultPreset() sees // the tool as enabled when computing the base-tools disallow filter. // Conditional require avoids leaking the tool-name string into // external builds. if ( (feature('KAIROS') || feature('KAIROS_BRIEF')) && baseTools.length > 0 ) { /* eslint-disable @typescript-eslint/no-require-imports */ const { BRIEF_TOOL_NAME, LEGACY_BRIEF_TOOL_NAME } = require('./tools/BriefTool/prompt.js') as typeof import('./tools/BriefTool/prompt.js') const { isBriefEntitled } = require('./tools/BriefTool/BriefTool.js') as typeof import('./tools/BriefTool/BriefTool.js') /* eslint-enable @typescript-eslint/no-require-imports */ const parsed = parseToolListFromCLI(baseTools) if ( (parsed.includes(BRIEF_TOOL_NAME) || parsed.includes(LEGACY_BRIEF_TOOL_NAME)) && isBriefEntitled() ) { setUserMsgOptIn(true) } } // This await replaces blocking existsSync/statSync calls that were already in // the startup path. Wall-clock time is unchanged; we just yield to the event // loop during the fs I/O instead of blocking it. See #19661. const initResult = await initializeToolPermissionContext({ allowedToolsCli: allowedTools, disallowedToolsCli: disallowedTools, baseToolsCli: baseTools, permissionMode, allowDangerouslySkipPermissions, addDirs: addDir, }) let toolPermissionContext = initResult.toolPermissionContext const { warnings, dangerousPermissions, overlyBroadBashPermissions } = initResult // Handle overly broad shell allow rules for ant users (Bash(*), PowerShell(*)) if ( process.env.USER_TYPE === 'ant' && overlyBroadBashPermissions.length > 0 ) { for (const permission of overlyBroadBashPermissions) { logForDebugging( `Ignoring overly broad shell permission ${permission.ruleDisplay} from ${permission.sourceDisplay}`, ) } toolPermissionContext = removeDangerousPermissions( toolPermissionContext, overlyBroadBashPermissions, ) } if (feature('TRANSCRIPT_CLASSIFIER') && dangerousPermissions.length > 0) { toolPermissionContext = stripDangerousPermissionsForAutoMode( toolPermissionContext, ) } // Print any warnings from initialization warnings.forEach(warning => { // biome-ignore lint/suspicious/noConsole:: intentional console output console.error(warning) }) void assertMinVersion() // claude.ai config fetch: -p mode only (interactive uses useManageMCPConnections // two-phase loading). Kicked off here to overlap with setup(); awaited // before runHeadless so single-turn -p sees connectors. Skipped under // enterprise/strict MCP to preserve policy boundaries. const claudeaiConfigPromise: Promise< Record > = isNonInteractiveSession && !strictMcpConfig && !doesEnterpriseMcpConfigExist() && // --bare / SIMPLE: skip claude.ai proxy servers (datadog, Gmail, // Slack, BigQuery, PubMed — 6-14s each to connect). Scripted calls // that need MCP pass --mcp-config explicitly. !isBareMode() ? fetchClaudeAIMcpConfigsIfEligible().then(configs => { const { allowed, blocked } = filterMcpServersByPolicy(configs) if (blocked.length > 0) { process.stderr.write( `Warning: claude.ai MCP ${plural(blocked.length, 'server')} blocked by enterprise policy: ${blocked.join(', ')}\n`, ) } return allowed }) : Promise.resolve({}) // Kick off MCP config loading early (safe - just reads files, no execution). // Both interactive and -p use getClaudeCodeMcpConfigs (local file reads only). // The local promise is awaited later (before prefetchAllMcpResources) to // overlap config I/O with setup(), commands loading, and trust dialog. logForDebugging('[STARTUP] Loading MCP configs...') const mcpConfigStart = Date.now() let mcpConfigResolvedMs: number | undefined // --bare skips auto-discovered MCP (.mcp.json, user settings, plugins) — // only explicit --mcp-config works. dynamicMcpConfig is spread onto // allMcpConfigs downstream so it survives this skip. const mcpConfigPromise = ( strictMcpConfig || isBareMode() ? Promise.resolve({ servers: {} as Record, }) : getClaudeCodeMcpConfigs(dynamicMcpConfig) ).then(result => { mcpConfigResolvedMs = Date.now() - mcpConfigStart return result }) // NOTE: We do NOT call prefetchAllMcpResources here - that's deferred until after trust dialog if ( inputFormat && inputFormat !== 'text' && inputFormat !== 'stream-json' ) { // biome-ignore lint/suspicious/noConsole:: intentional console output console.error(`Error: Invalid input format "${inputFormat}".`) process.exit(1) } if (inputFormat === 'stream-json' && outputFormat !== 'stream-json') { // biome-ignore lint/suspicious/noConsole:: intentional console output console.error( `Error: --input-format=stream-json requires output-format=stream-json.`, ) process.exit(1) } // Validate sdkUrl is only used with appropriate formats (formats are auto-set above) if (sdkUrl) { if (inputFormat !== 'stream-json' || outputFormat !== 'stream-json') { // biome-ignore lint/suspicious/noConsole:: intentional console output console.error( `Error: --sdk-url requires both --input-format=stream-json and --output-format=stream-json.`, ) process.exit(1) } } // Validate replayUserMessages is only used with stream-json formats if (options.replayUserMessages) { if (inputFormat !== 'stream-json' || outputFormat !== 'stream-json') { // biome-ignore lint/suspicious/noConsole:: intentional console output console.error( `Error: --replay-user-messages requires both --input-format=stream-json and --output-format=stream-json.`, ) process.exit(1) } } // Validate includePartialMessages is only used with print mode and stream-json output if (effectiveIncludePartialMessages) { if (!isNonInteractiveSession || outputFormat !== 'stream-json') { writeToStderr( `Error: --include-partial-messages requires --print and --output-format=stream-json.`, ) process.exit(1) } } // Validate --no-session-persistence is only used with print mode if (options.sessionPersistence === false && !isNonInteractiveSession) { writeToStderr( `Error: --no-session-persistence can only be used with --print mode.`, ) process.exit(1) } const effectivePrompt = prompt || '' let inputPrompt = await getInputPrompt( effectivePrompt, (inputFormat ?? 'text') as 'text' | 'stream-json', ) profileCheckpoint('action_after_input_prompt') // Activate proactive mode BEFORE getTools() so SleepTool.isEnabled() // (which returns isProactiveActive()) passes and Sleep is included. // The later REPL-path maybeActivateProactive() calls are idempotent. maybeActivateProactive(options) let tools = getTools(toolPermissionContext) // Apply coordinator mode tool filtering for headless path // (mirrors useMergedTools.ts filtering for REPL/interactive path) if ( feature('COORDINATOR_MODE') && isEnvTruthy(process.env.CLAUDE_CODE_COORDINATOR_MODE) ) { const { applyCoordinatorToolFilter } = await import( './utils/toolPool.js' ) tools = applyCoordinatorToolFilter(tools) } profileCheckpoint('action_tools_loaded') let jsonSchema: ToolInputJSONSchema | undefined if ( isSyntheticOutputToolEnabled({ isNonInteractiveSession }) && options.jsonSchema ) { jsonSchema = jsonParse(options.jsonSchema) as ToolInputJSONSchema } if (jsonSchema) { const syntheticOutputResult = createSyntheticOutputTool(jsonSchema) if ('tool' in syntheticOutputResult) { // Add SyntheticOutputTool to the tools array AFTER getTools() filtering. // This tool is excluded from normal filtering (see tools.ts) because it's // an implementation detail for structured output, not a user-controlled tool. tools = [...tools, syntheticOutputResult.tool] logEvent('tengu_structured_output_enabled', { schema_property_count: Object.keys( (jsonSchema.properties as Record) || {}, ) .length as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, has_required_fields: Boolean( jsonSchema.required, ) as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, }) } else { logEvent('tengu_structured_output_failure', { error: 'Invalid JSON schema' as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, }) } } // IMPORTANT: setup() must be called before any other code that depends on the cwd or worktree setup profileCheckpoint('action_before_setup') logForDebugging('[STARTUP] Running setup()...') const setupStart = Date.now() const { setup } = await import('./setup.js') const messagingSocketPath = feature('UDS_INBOX') ? (options as { messagingSocketPath?: string }).messagingSocketPath : undefined // Parallelize setup() with commands+agents loading. setup()'s ~28ms is // mostly startUdsMessaging (socket bind, ~20ms) — not disk-bound, so it // doesn't contend with getCommands' file reads. Gated on !worktreeEnabled // since --worktree makes setup() process.chdir() (setup.ts:203), and // commands/agents need the post-chdir cwd. const preSetupCwd = getCwd() // Register bundled skills/plugins before kicking getCommands() — they're // pure in-memory array pushes (<1ms, zero I/O) that getBundledSkills() // reads synchronously. Previously ran inside setup() after ~20ms of // await points, so the parallel getCommands() memoized an empty list. if (process.env.CLAUDE_CODE_ENTRYPOINT !== 'local-agent') { initBuiltinPlugins() initBundledSkills() } const setupPromise = setup( preSetupCwd, permissionMode, allowDangerouslySkipPermissions, worktreeEnabled, worktreeName, tmuxEnabled, sessionId ? validateUuid(sessionId) : undefined, worktreePRNumber, messagingSocketPath, ) const commandsPromise = worktreeEnabled ? null : getCommands(preSetupCwd) const agentDefsPromise = worktreeEnabled ? null : getAgentDefinitionsWithOverrides(preSetupCwd) // Suppress transient unhandledRejection if these reject during the // ~28ms setupPromise await before Promise.all joins them below. commandsPromise?.catch(() => {}) agentDefsPromise?.catch(() => {}) await setupPromise logForDebugging( `[STARTUP] setup() completed in ${Date.now() - setupStart}ms`, ) profileCheckpoint('action_after_setup') // Replay user messages into stream-json only when the socket was // explicitly requested. The auto-generated socket is passive — it // lets tools inject if they want to, but turning it on by default // shouldn't reshape stream-json for SDK consumers who never touch it. // Callers who inject and also want those injections visible in the // stream pass --messaging-socket-path explicitly (or --replay-user-messages). let effectiveReplayUserMessages = !!options.replayUserMessages if (feature('UDS_INBOX')) { if (!effectiveReplayUserMessages && outputFormat === 'stream-json') { effectiveReplayUserMessages = !!( options as { messagingSocketPath?: string } ).messagingSocketPath } } if (getIsNonInteractiveSession()) { // Apply full merged settings env now (including project-scoped // .claude/settings.json PATH/GIT_DIR/GIT_WORK_TREE) so gitExe() and // the git spawn below see it. Trust is implicit in -p mode; the // docstring at managedEnv.ts:96-97 says this applies "potentially // dangerous environment variables such as LD_PRELOAD, PATH" from all // sources. The later call in the isNonInteractiveSession block below // is idempotent (Object.assign, configureGlobalAgents ejects prior // interceptor) and picks up any plugin-contributed env after plugin // init. Project settings are already loaded here: // applySafeConfigEnvironmentVariables in init() called // getSettings_DEPRECATED at managedEnv.ts:86 which merges all enabled // sources including projectSettings/localSettings. applyConfigEnvironmentVariables() // Spawn git status/log/branch now so the subprocess execution overlaps // with the getCommands await below and startDeferredPrefetches. After // setup() so cwd is final (setup.ts:254 may process.chdir(worktreePath) // for --worktree) and after the applyConfigEnvironmentVariables above // so PATH/GIT_DIR/GIT_WORK_TREE from all sources (trusted + project) // are applied. getSystemContext is memoized; the // prefetchSystemContextIfSafe call in startDeferredPrefetches becomes // a cache hit. The microtask from await getIsGit() drains at the // getCommands Promise.all await below. Trust is implicit in -p mode // (same gate as prefetchSystemContextIfSafe). void getSystemContext() // Kick getUserContext now too — its first await (fs.readFile in // getMemoryFiles) yields naturally, so the CLAUDE.md directory walk // runs during the ~280ms overlap window before the context // Promise.all join in print.ts. The void getUserContext() in // startDeferredPrefetches becomes a memoize cache-hit. void getUserContext() // Kick ensureModelStringsInitialized now — for Bedrock this triggers // a 100-200ms profile fetch that was awaited serially at // print.ts:739. updateBedrockModelStrings is sequential()-wrapped so // the await joins the in-flight fetch. Non-Bedrock is a sync // early-return (zero-cost). void ensureModelStringsInitialized() } // Apply --name: cache-only so no orphan file is created before the // session ID is finalized by --continue/--resume. materializeSessionFile // persists it on the first user message; REPL's useTerminalTitle reads it // via getCurrentSessionTitle. const sessionNameArg = options.name?.trim() if (sessionNameArg) { cacheSessionTitle(sessionNameArg) } // Ant model aliases (capybara-fast etc.) resolve via the // tengu_ant_model_override GrowthBook flag. _CACHED_MAY_BE_STALE reads // disk synchronously; disk is populated by a fire-and-forget write. On a // cold cache, parseUserSpecifiedModel returns the unresolved alias, the // API 404s, and -p exits before the async write lands — crashloop on // fresh pods. Awaiting init here populates the in-memory payload map that // _CACHED_MAY_BE_STALE now checks first. Gated so the warm path stays // non-blocking: // - explicit model via --model or ANTHROPIC_MODEL (both feed alias resolution) // - no env override (which short-circuits _CACHED_MAY_BE_STALE before disk) // - flag absent from disk (== null also catches pre-#22279 poisoned null) const explicitModel = options.model || process.env.ANTHROPIC_MODEL if ( process.env.USER_TYPE === 'ant' && explicitModel && explicitModel !== 'default' && !hasGrowthBookEnvOverride('tengu_ant_model_override') && getGlobalConfig().cachedGrowthBookFeatures?.[ 'tengu_ant_model_override' ] == null ) { await initializeGrowthBook() } // Special case the default model with the null keyword // NOTE: Model resolution happens after setup() to ensure trust is established before AWS auth const userSpecifiedModel = options.model === 'default' ? getDefaultMainLoopModel() : options.model const userSpecifiedFallbackModel = fallbackModel === 'default' ? getDefaultMainLoopModel() : fallbackModel // Reuse preSetupCwd unless setup() chdir'd (worktreeEnabled). Saves a // getCwd() syscall in the common path. const currentCwd = worktreeEnabled ? getCwd() : preSetupCwd logForDebugging('[STARTUP] Loading commands and agents...') const commandsStart = Date.now() // Join the promises kicked before setup() (or start fresh if // worktreeEnabled gated the early kick). Both memoized by cwd. const [commands, agentDefinitionsResult] = await Promise.all([ commandsPromise ?? getCommands(currentCwd), agentDefsPromise ?? getAgentDefinitionsWithOverrides(currentCwd), ]) logForDebugging( `[STARTUP] Commands and agents loaded in ${Date.now() - commandsStart}ms`, ) profileCheckpoint('action_commands_loaded') // Parse CLI agents if provided via --agents flag let cliAgents: typeof agentDefinitionsResult.activeAgents = [] if (agentsJson) { try { const parsedAgents = safeParseJSON(agentsJson) if (parsedAgents) { cliAgents = parseAgentsFromJson(parsedAgents, 'flagSettings') } } catch (error) { logError(error) } } // Merge CLI agents with existing ones const allAgents = [...agentDefinitionsResult.allAgents, ...cliAgents] const agentDefinitions = { ...agentDefinitionsResult, allAgents, activeAgents: getActiveAgentsFromList(allAgents), } // Look up main thread agent from CLI flag or settings const agentSetting = agentCli ?? getInitialSettings().agent let mainThreadAgentDefinition: | (typeof agentDefinitions.activeAgents)[number] | undefined if (agentSetting) { mainThreadAgentDefinition = agentDefinitions.activeAgents.find( agent => agent.agentType === agentSetting, ) if (!mainThreadAgentDefinition) { logForDebugging( `Warning: agent "${agentSetting}" not found. ` + `Available agents: ${agentDefinitions.activeAgents.map(a => a.agentType).join(', ')}. ` + `Using default behavior.`, ) } } // Store the main thread agent type in bootstrap state so hooks can access it setMainThreadAgentType(mainThreadAgentDefinition?.agentType) // Log agent flag usage — only log agent name for built-in agents to avoid leaking custom agent names if (mainThreadAgentDefinition) { logEvent('tengu_agent_flag', { agentType: isBuiltInAgent(mainThreadAgentDefinition) ? (mainThreadAgentDefinition.agentType as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS) : ('custom' as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS), ...(agentCli && { source: 'cli' as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, }), }) } // Persist agent setting to session transcript for resume view display and restoration if (mainThreadAgentDefinition?.agentType) { saveAgentSetting(mainThreadAgentDefinition.agentType) } // Apply the agent's system prompt for non-interactive sessions // (interactive mode uses buildEffectiveSystemPrompt instead) if ( isNonInteractiveSession && mainThreadAgentDefinition && !systemPrompt && !isBuiltInAgent(mainThreadAgentDefinition) ) { const agentSystemPrompt = mainThreadAgentDefinition.getSystemPrompt() if (agentSystemPrompt) { systemPrompt = agentSystemPrompt } } // initialPrompt goes first so its slash command (if any) is processed; // user-provided text becomes trailing context. // Only concatenate when inputPrompt is a string. When it's an // AsyncIterable (SDK stream-json mode), template interpolation would // call .toString() producing "[object Object]". The AsyncIterable case // is handled in print.ts via structuredIO.prependUserMessage(). if (mainThreadAgentDefinition?.initialPrompt) { if (typeof inputPrompt === 'string') { inputPrompt = inputPrompt ? `${mainThreadAgentDefinition.initialPrompt}\n\n${inputPrompt}` : mainThreadAgentDefinition.initialPrompt } else if (!inputPrompt) { inputPrompt = mainThreadAgentDefinition.initialPrompt } } // Compute effective model early so hooks can run in parallel with MCP // If user didn't specify a model but agent has one, use the agent's model let effectiveModel = userSpecifiedModel if ( !effectiveModel && mainThreadAgentDefinition?.model && mainThreadAgentDefinition.model !== 'inherit' ) { effectiveModel = parseUserSpecifiedModel( mainThreadAgentDefinition.model, ) } setMainLoopModelOverride(effectiveModel) // Compute resolved model for hooks (use user-specified model at launch) setInitialMainLoopModel(getUserSpecifiedModelSetting() || null) const initialMainLoopModel = getInitialMainLoopModel() const resolvedInitialModel = parseUserSpecifiedModel( initialMainLoopModel ?? getDefaultMainLoopModel(), ) let advisorModel: string | undefined if (isAdvisorEnabled()) { const advisorOption = canUserConfigureAdvisor() ? (options as { advisor?: string }).advisor : undefined if (advisorOption) { logForDebugging(`[AdvisorTool] --advisor ${advisorOption}`) if (!modelSupportsAdvisor(resolvedInitialModel)) { process.stderr.write( chalk.red( `Error: The model "${resolvedInitialModel}" does not support the advisor tool.\n`, ), ) process.exit(1) } const normalizedAdvisorModel = normalizeModelStringForAPI( parseUserSpecifiedModel(advisorOption), ) if (!isValidAdvisorModel(normalizedAdvisorModel)) { process.stderr.write( chalk.red( `Error: The model "${advisorOption}" cannot be used as an advisor.\n`, ), ) process.exit(1) } } advisorModel = canUserConfigureAdvisor() ? (advisorOption ?? getInitialAdvisorSetting()) : advisorOption if (advisorModel) { logForDebugging(`[AdvisorTool] Advisor model: ${advisorModel}`) } } // For tmux teammates with --agent-type, append the custom agent's prompt if ( isAgentSwarmsEnabled() && storedTeammateOpts?.agentId && storedTeammateOpts?.agentName && storedTeammateOpts?.teamName && storedTeammateOpts?.agentType ) { // Look up the custom agent definition const customAgent = agentDefinitions.activeAgents.find( a => a.agentType === storedTeammateOpts.agentType, ) if (customAgent) { // Get the prompt - need to handle both built-in and custom agents let customPrompt: string | undefined if (customAgent.source === 'built-in') { // Built-in agents have getSystemPrompt that takes toolUseContext // We can't access full toolUseContext here, so skip for now logForDebugging( `[teammate] Built-in agent ${storedTeammateOpts.agentType} - skipping custom prompt (not supported)`, ) } else { // Custom agents have getSystemPrompt that takes no args customPrompt = customAgent.getSystemPrompt() } // Log agent memory loaded event for tmux teammates if (customAgent.memory) { logEvent('tengu_agent_memory_loaded', { ...(process.env.USER_TYPE === 'ant' && { agent_type: customAgent.agentType as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, }), scope: customAgent.memory as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, source: 'teammate' as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, }) } if (customPrompt) { const customInstructions = `\n# Custom Agent Instructions\n${customPrompt}` appendSystemPrompt = appendSystemPrompt ? `${appendSystemPrompt}\n\n${customInstructions}` : customInstructions } } else { logForDebugging( `[teammate] Custom agent ${storedTeammateOpts.agentType} not found in available agents`, ) } } maybeActivateBrief(options) // defaultView: 'chat' is a persisted opt-in — check entitlement and set // userMsgOptIn so the tool + prompt section activate. Interactive-only: // defaultView is a display preference; SDK sessions have no display, and // the assistant installer writes defaultView:'chat' to settings.local.json // which would otherwise leak into --print sessions in the same directory. // Runs right after maybeActivateBrief() so all startup opt-in paths fire // BEFORE any isBriefEnabled() read below (proactive prompt's // briefVisibility). A persisted 'chat' after a GB kill-switch falls // through (entitlement fails). if ( (feature('KAIROS') || feature('KAIROS_BRIEF')) && !getIsNonInteractiveSession() && !getUserMsgOptIn() && getInitialSettings().defaultView === 'chat' ) { /* eslint-disable @typescript-eslint/no-require-imports */ const { isBriefEntitled } = require('./tools/BriefTool/BriefTool.js') as typeof import('./tools/BriefTool/BriefTool.js') /* eslint-enable @typescript-eslint/no-require-imports */ if (isBriefEntitled()) { setUserMsgOptIn(true) } } // Coordinator mode has its own system prompt and filters out Sleep, so // the generic proactive prompt would tell it to call a tool it can't // access and conflict with delegation instructions. if ( (feature('PROACTIVE') || feature('KAIROS')) && ((options as { proactive?: boolean }).proactive || isEnvTruthy(process.env.CLAUDE_CODE_PROACTIVE)) && !coordinatorModeModule?.isCoordinatorMode() ) { /* eslint-disable @typescript-eslint/no-require-imports */ const briefVisibility = feature('KAIROS') || feature('KAIROS_BRIEF') ? ( require('./tools/BriefTool/BriefTool.js') as typeof import('./tools/BriefTool/BriefTool.js') ).isBriefEnabled() ? 'Call SendUserMessage at checkpoints to mark where things stand.' : 'The user will see any text you output.' : 'The user will see any text you output.' /* eslint-enable @typescript-eslint/no-require-imports */ const proactivePrompt = `\n# Proactive Mode\n\nYou are in proactive mode. Take initiative — explore, act, and make progress without waiting for instructions.\n\nStart by briefly greeting the user.\n\nYou will receive periodic prompts. These are check-ins. Do whatever seems most useful, or call Sleep if there's nothing to do. ${briefVisibility}` appendSystemPrompt = appendSystemPrompt ? `${appendSystemPrompt}\n\n${proactivePrompt}` : proactivePrompt } if (feature('KAIROS') && kairosEnabled && assistantModule) { const assistantAddendum = assistantModule.getAssistantSystemPromptAddendum() appendSystemPrompt = appendSystemPrompt ? `${appendSystemPrompt}\n\n${assistantAddendum}` : assistantAddendum } // Ink root is only needed for interactive sessions — patchConsole in the // Ink constructor would swallow console output in headless mode. let root!: Root let getFpsMetrics!: () => FpsMetrics | undefined let stats!: StatsStore // Show setup screens after commands are loaded if (!isNonInteractiveSession) { const ctx = getRenderContext(false) getFpsMetrics = ctx.getFpsMetrics stats = ctx.stats // Install asciicast recorder before Ink mounts (ant-only, opt-in via CLAUDE_CODE_TERMINAL_RECORDING=1) if (process.env.USER_TYPE === 'ant') { installAsciicastRecorder() } const { createRoot } = await import('./ink.js') root = await createRoot(ctx.renderOptions) // Log startup time now, before any blocking dialog renders. Logging // from REPL's first render (the old location) included however long // the user sat on trust/OAuth/onboarding/resume-picker — p99 was ~70s // dominated by dialog-wait time, not code-path startup. logEvent('tengu_timer', { event: 'startup' as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, durationMs: Math.round(process.uptime() * 1000), }) logForDebugging('[STARTUP] Running showSetupScreens()...') const setupScreensStart = Date.now() const onboardingShown = await showSetupScreens( root, permissionMode, allowDangerouslySkipPermissions, commands, enableClaudeInChrome, devChannels, ) logForDebugging( `[STARTUP] showSetupScreens() completed in ${Date.now() - setupScreensStart}ms`, ) // Now that trust is established and GrowthBook has auth headers, // resolve the --remote-control / --rc entitlement gate. if (feature('BRIDGE_MODE') && remoteControlOption !== undefined) { const { getBridgeDisabledReason } = await import( './bridge/bridgeEnabled.js' ) const disabledReason = await getBridgeDisabledReason() remoteControl = disabledReason === null if (disabledReason) { process.stderr.write( chalk.yellow(`${disabledReason}\n--rc flag ignored.\n`), ) } } // Check for pending agent memory snapshot updates (only for --agent mode, ant-only) if ( feature('AGENT_MEMORY_SNAPSHOT') && mainThreadAgentDefinition && isCustomAgent(mainThreadAgentDefinition) && mainThreadAgentDefinition.memory && mainThreadAgentDefinition.pendingSnapshotUpdate ) { const agentDef = mainThreadAgentDefinition const choice = await launchSnapshotUpdateDialog(root, { agentType: agentDef.agentType, scope: agentDef.memory!, snapshotTimestamp: agentDef.pendingSnapshotUpdate!.snapshotTimestamp, }) if (choice === 'merge') { const { buildMergePrompt } = await import( './components/agents/SnapshotUpdateDialog.js' ) const mergePrompt = buildMergePrompt( agentDef.agentType, agentDef.memory!, ) inputPrompt = inputPrompt ? `${mergePrompt}\n\n${inputPrompt}` : mergePrompt } agentDef.pendingSnapshotUpdate = undefined } // Skip executing /login if we just completed onboarding for it if (onboardingShown && prompt?.trim().toLowerCase() === '/login') { prompt = '' } if (onboardingShown) { // Refresh auth-dependent services now that the user has logged in during onboarding. // Keep in sync with the post-login logic in src/commands/login.tsx void refreshRemoteManagedSettings() void refreshPolicyLimits() // Clear user data cache BEFORE GrowthBook refresh so it picks up fresh credentials resetUserCache() // Refresh GrowthBook after login to get updated feature flags (e.g., for claude.ai MCPs) refreshGrowthBookAfterAuthChange() // Clear any stale trusted device token then enroll for Remote Control. // Both self-gate on tengu_sessions_elevated_auth_enforcement internally // — enrollTrustedDevice() via checkGate_CACHED_OR_BLOCKING (awaits // the GrowthBook reinit above), clearTrustedDeviceToken() via the // sync cached check (acceptable since clear is idempotent). void import('./bridge/trustedDevice.js').then(m => { m.clearTrustedDeviceToken() return m.enrollTrustedDevice() }) } // Validate that the active token's org matches forceLoginOrgUUID (if set // in managed settings). Runs after onboarding so managed settings and // login state are fully loaded. const orgValidation = await validateForceLoginOrg() if (!orgValidation.valid) { await exitWithError(root, orgValidation.message) } } // If gracefulShutdown was initiated (e.g., user rejected trust dialog), // process.exitCode will be set. Skip all subsequent operations that could // trigger code execution before the process exits (e.g. we don't want apiKeyHelper // to run if trust was not established). if (process.exitCode !== undefined) { logForDebugging( 'Graceful shutdown initiated, skipping further initialization', ) return } // Initialize LSP manager AFTER trust is established (or in non-interactive mode // where trust is implicit). This prevents plugin LSP servers from executing // code in untrusted directories before user consent. // Must be after inline plugins are set (if any) so --plugin-dir LSP servers are included. initializeLspServerManager() // Show settings validation errors after trust is established // MCP config errors don't block settings from loading, so exclude them if (!isNonInteractiveSession) { const { errors } = getSettingsWithErrors() const nonMcpErrors = errors.filter(e => !e.mcpErrorMetadata) if (nonMcpErrors.length > 0) { await launchInvalidSettingsDialog(root, { settingsErrors: nonMcpErrors, onExit: () => gracefulShutdownSync(1), }) } } // Check quota status, fast mode, passes eligibility, and bootstrap data // after trust is established. These make API calls which could trigger // apiKeyHelper execution. // --bare / SIMPLE: skip — these are cache-warms for the REPL's // first-turn responsiveness (quota, passes, fastMode, bootstrap data). Fast // mode doesn't apply to the Agent SDK anyway (see getFastModeUnavailableReason). const bgRefreshThrottleMs = getFeatureValue_CACHED_MAY_BE_STALE( 'tengu_cicada_nap_ms', 0, ) const lastPrefetched = getGlobalConfig().startupPrefetchedAt ?? 0 const skipStartupPrefetches = isBareMode() || (bgRefreshThrottleMs > 0 && Date.now() - lastPrefetched < bgRefreshThrottleMs) if (!skipStartupPrefetches) { const lastPrefetchedInfo = lastPrefetched > 0 ? ` last ran ${Math.round((Date.now() - lastPrefetched) / 1000)}s ago` : '' logForDebugging( `Starting background startup prefetches${lastPrefetchedInfo}`, ) checkQuotaStatus().catch(error => logError(error)) // Fetch bootstrap data from the server and update all cache values. void fetchBootstrapData() // TODO: Consolidate other prefetches into a single bootstrap request. void prefetchPassesEligibility() if ( !getFeatureValue_CACHED_MAY_BE_STALE('tengu_miraculo_the_bard', false) ) { void prefetchFastModeStatus() } else { // Kill switch skips the network call, not org-policy enforcement. // Resolve from cache so orgStatus doesn't stay 'pending' (which // getFastModeUnavailableReason treats as permissive). resolveFastModeStatusFromCache() } if (bgRefreshThrottleMs > 0) { saveGlobalConfig(current => ({ ...current, startupPrefetchedAt: Date.now(), })) } } else { logForDebugging( `Skipping startup prefetches, last ran ${Math.round((Date.now() - lastPrefetched) / 1000)}s ago`, ) // Resolve fast mode org status from cache (no network) resolveFastModeStatusFromCache() } if (!isNonInteractiveSession) { void refreshExampleCommands() // Pre-fetch example commands (runs git log, no API call) } // Resolve MCP configs (started early, overlaps with setup/trust dialog work) const { servers: existingMcpConfigs } = await mcpConfigPromise logForDebugging( `[STARTUP] MCP configs resolved in ${mcpConfigResolvedMs}ms (awaited at +${Date.now() - mcpConfigStart}ms)`, ) // CLI flag (--mcp-config) should override file-based configs, matching settings precedence const allMcpConfigs = { ...existingMcpConfigs, ...dynamicMcpConfig } // Separate SDK configs from regular MCP configs const sdkMcpConfigs: Record = {} const regularMcpConfigs: Record = {} for (const [name, config] of Object.entries(allMcpConfigs)) { const typedConfig = config as ScopedMcpServerConfig | McpSdkServerConfig if (typedConfig.type === 'sdk') { sdkMcpConfigs[name] = typedConfig as McpSdkServerConfig } else { regularMcpConfigs[name] = typedConfig as ScopedMcpServerConfig } } profileCheckpoint('action_mcp_configs_loaded') // Prefetch MCP resources after trust dialog (this is where execution happens). // Interactive mode only: print mode defers connects until headlessStore exists // and pushes per-server (below), so ToolSearch's pending-client handling works // and one slow server doesn't block the batch. const localMcpPromise = isNonInteractiveSession ? Promise.resolve({ clients: [], tools: [], commands: [] }) : prefetchAllMcpResources(regularMcpConfigs) const claudeaiMcpPromise = isNonInteractiveSession ? Promise.resolve({ clients: [], tools: [], commands: [] }) : claudeaiConfigPromise.then(configs => Object.keys(configs).length > 0 ? prefetchAllMcpResources(configs) : { clients: [], tools: [], commands: [] }, ) // Merge with dedup by name: each prefetchAllMcpResources call independently // adds helper tools (ListMcpResourcesTool, ReadMcpResourceTool) via // local dedup flags, so merging two calls can yield duplicates. print.ts // already uniqBy's the final tool pool, but dedup here keeps appState clean. const mcpPromise = Promise.all([ localMcpPromise, claudeaiMcpPromise, ]).then(([local, claudeai]) => ({ clients: [...local.clients, ...claudeai.clients], tools: uniqBy([...local.tools, ...claudeai.tools], 'name'), commands: uniqBy([...local.commands, ...claudeai.commands], 'name'), })) // Start hooks early so they run in parallel with MCP connections. // Skip for initOnly/init/maintenance (handled separately), non-interactive // (handled via setupTrigger), and resume/continue (conversationRecovery.ts // fires 'resume' instead — without this guard, hooks fire TWICE on /resume // and the second systemMessage clobbers the first. gh-30825) const hooksPromise = initOnly || init || maintenance || isNonInteractiveSession || options.continue || options.resume ? null : processSessionStartHooks('startup', { agentType: mainThreadAgentDefinition?.agentType, model: resolvedInitialModel, }) // MCP never blocks REPL render OR turn 1 TTFT. useManageMCPConnections // populates appState.mcp async as servers connect (connectToServer is // memoized — the prefetch calls above and the hook converge on the same // connections). getToolUseContext reads store.getState() fresh via // computeTools(), so turn 1 sees whatever's connected by query time. // Slow servers populate for turn 2+. Matches interactive-no-prompt // behavior. Print mode: per-server push into headlessStore (below). const hookMessages: Awaited> = [] // Suppress transient unhandledRejection — the prefetch warms the // memoized connectToServer cache but nobody awaits it in interactive. mcpPromise.catch(() => {}) const mcpClients: Awaited['clients'] = [] const mcpTools: Awaited['tools'] = [] const mcpCommands: Awaited['commands'] = [] let thinkingEnabled = shouldEnableThinkingByDefault() let thinkingConfig: ThinkingConfig = thinkingEnabled !== false ? { type: 'adaptive' } : { type: 'disabled' } if (options.thinking === 'adaptive' || options.thinking === 'enabled') { thinkingEnabled = true thinkingConfig = { type: 'adaptive' } } else if (options.thinking === 'disabled') { thinkingEnabled = false thinkingConfig = { type: 'disabled' } } else { const maxThinkingTokens = process.env.MAX_THINKING_TOKENS ? parseInt(process.env.MAX_THINKING_TOKENS, 10) : options.maxThinkingTokens if (maxThinkingTokens !== undefined) { if (maxThinkingTokens > 0) { thinkingEnabled = true thinkingConfig = { type: 'enabled', budgetTokens: maxThinkingTokens, } } else if (maxThinkingTokens === 0) { thinkingEnabled = false thinkingConfig = { type: 'disabled' } } } } logForDiagnosticsNoPII('info', 'started', { version: MACRO.VERSION, is_native_binary: isInBundledMode(), }) registerCleanup(async () => { logForDiagnosticsNoPII('info', 'exited') }) void logTenguInit({ hasInitialPrompt: Boolean(prompt), hasStdin: Boolean(inputPrompt), verbose, debug, debugToStderr, print: print ?? false, outputFormat: outputFormat ?? 'text', inputFormat: inputFormat ?? 'text', numAllowedTools: allowedTools.length, numDisallowedTools: disallowedTools.length, mcpClientCount: Object.keys(allMcpConfigs).length, worktreeEnabled, skipWebFetchPreflight: getInitialSettings().skipWebFetchPreflight, githubActionInputs: process.env.GITHUB_ACTION_INPUTS, dangerouslySkipPermissionsPassed: dangerouslySkipPermissions ?? false, permissionMode, modeIsBypass: permissionMode === 'bypassPermissions', allowDangerouslySkipPermissionsPassed: allowDangerouslySkipPermissions, systemPromptFlag: systemPrompt ? options.systemPromptFile ? 'file' : 'flag' : undefined, appendSystemPromptFlag: appendSystemPrompt ? options.appendSystemPromptFile ? 'file' : 'flag' : undefined, thinkingConfig, assistantActivationPath: feature('KAIROS') && kairosEnabled ? assistantModule?.getAssistantActivationPath() : undefined, }) // Log context metrics once at initialization void logContextMetrics(regularMcpConfigs, toolPermissionContext) void logPermissionContextForAnts(null, 'initialization') logManagedSettings() // Register PID file for concurrent-session detection (~/.claude/sessions/) // and fire multi-clauding telemetry. Lives here (not init.ts) so only the // REPL path registers — not subcommands like `claude doctor`. Chained: // count must run after register's write completes or it misses our own file. void registerSession().then(registered => { if (!registered) return if (sessionNameArg) { void updateSessionName(sessionNameArg) } void countConcurrentSessions().then(count => { if (count >= 2) { logEvent('tengu_concurrent_sessions', { num_sessions: count }) } }) }) // Initialize versioned plugins system (triggers V1→V2 migration if // needed). Then run orphan GC, THEN warm the Grep/Glob exclusion cache. // Sequencing matters: the warmup scans disk for .orphaned_at markers, // so it must see the GC's Pass 1 (remove markers from reinstalled // versions) and Pass 2 (stamp unmarked orphans) already applied. The // warm also lands before autoupdate (fires on first submit in REPL) // can orphan this session's active version underneath us. // --bare / SIMPLE: skip plugin version sync + orphan cleanup. These // are install/upgrade bookkeeping that scripted calls don't need — // the next interactive session will reconcile. The await here was // blocking -p on a marketplace round-trip. if (isBareMode()) { // skip — no-op } else if (isNonInteractiveSession) { // In headless mode, await to ensure plugin sync completes before CLI exits await initializeVersionedPlugins() profileCheckpoint('action_after_plugins_init') void cleanupOrphanedPluginVersionsInBackground().then(() => getGlobExclusionsForPluginCache(), ) } else { // In interactive mode, fire-and-forget — this is purely bookkeeping // that doesn't affect runtime behavior of the current session void initializeVersionedPlugins().then(async () => { profileCheckpoint('action_after_plugins_init') await cleanupOrphanedPluginVersionsInBackground() void getGlobExclusionsForPluginCache() }) } const setupTrigger = initOnly || init ? 'init' : maintenance ? 'maintenance' : null if (initOnly) { applyConfigEnvironmentVariables() await processSetupHooks('init', { forceSyncExecution: true }) await processSessionStartHooks('startup', { forceSyncExecution: true }) gracefulShutdownSync(0) return } // --print mode if (isNonInteractiveSession) { if (outputFormat === 'stream-json' || outputFormat === 'json') { setHasFormattedOutput(true) } // Apply full environment variables in print mode since trust dialog is bypassed // This includes potentially dangerous environment variables from untrusted sources // but print mode is considered trusted (as documented in help text) applyConfigEnvironmentVariables() // Initialize telemetry after env vars are applied so OTEL endpoint env vars and // otelHeadersHelper (which requires trust to execute) are available. initializeTelemetryAfterTrust() // Kick SessionStart hooks now so the subprocess spawn overlaps with // MCP connect + plugin init + print.ts import below. loadInitialMessages // joins this at print.ts:4397. Guarded same as loadInitialMessages — // continue/resume/teleport paths don't fire startup hooks (or fire them // conditionally inside the resume branch, where this promise is // undefined and the ?? fallback runs). Also skip when setupTrigger is // set — those paths run setup hooks first (print.ts:544), and session // start hooks must wait until setup completes. const sessionStartHooksPromise = options.continue || options.resume || teleport || setupTrigger ? undefined : processSessionStartHooks('startup') // Suppress transient unhandledRejection if this rejects before // loadInitialMessages awaits it. Downstream await still observes the // rejection — this just prevents the spurious global handler fire. sessionStartHooksPromise?.catch(() => {}) profileCheckpoint('before_validateForceLoginOrg') // Validate org restriction for non-interactive sessions const orgValidation = await validateForceLoginOrg() if (!orgValidation.valid) { process.stderr.write(orgValidation.message + '\n') process.exit(1) } // Headless mode supports all prompt commands and some local commands // If disableSlashCommands is true, return empty array const commandsHeadless = disableSlashCommands ? [] : commands.filter( command => (command.type === 'prompt' && !command.disableNonInteractive) || (command.type === 'local' && command.supportsNonInteractive), ) const defaultState = getDefaultAppState() const headlessInitialState: AppState = { ...defaultState, mcp: { ...defaultState.mcp, clients: mcpClients, commands: mcpCommands, tools: mcpTools, }, toolPermissionContext, effortValue: parseEffortValue(options.effort) ?? getInitialEffortSetting(), ...(isFastModeEnabled() && { fastMode: getInitialFastModeSetting(effectiveModel ?? null), }), ...(isAdvisorEnabled() && advisorModel && { advisorModel }), // kairosEnabled gates the async fire-and-forget path in // executeForkedSlashCommand (processSlashCommand.tsx:132) and // AgentTool's shouldRunAsync. The REPL initialState sets this at // ~3459; headless was defaulting to false, so the daemon child's // scheduled tasks and Agent-tool calls ran synchronously — N // overdue cron tasks on spawn = N serial subagent turns blocking // user input. Computed at :1620, well before this branch. ...(feature('KAIROS') ? { kairosEnabled } : {}), } // Init app state const headlessStore = createStore( headlessInitialState, onChangeAppState, ) // Check if bypassPermissions should be disabled based on Statsig gate // This runs in parallel to the code below, to avoid blocking the main loop. if ( toolPermissionContext.mode === 'bypassPermissions' || allowDangerouslySkipPermissions ) { void checkAndDisableBypassPermissions(toolPermissionContext) } // Async check of auto mode gate — corrects state and disables auto if needed. // Gated on TRANSCRIPT_CLASSIFIER (not USER_TYPE) so GrowthBook kill switch runs for external builds too. if (feature('TRANSCRIPT_CLASSIFIER')) { void verifyAutoModeGateAccess( toolPermissionContext, headlessStore.getState().fastMode, ).then(({ updateContext }) => { headlessStore.setState(prev => { const nextCtx = updateContext(prev.toolPermissionContext) if (nextCtx === prev.toolPermissionContext) return prev return { ...prev, toolPermissionContext: nextCtx } }) }) } // Set global state for session persistence if (options.sessionPersistence === false) { setSessionPersistenceDisabled(true) } // Store SDK betas in global state for context window calculation // Only store allowed betas (filters by allowlist and subscriber status) setSdkBetas(filterAllowedSdkBetas(betas)) // Print-mode MCP: per-server incremental push into headlessStore. // Mirrors useManageMCPConnections — push pending first (so ToolSearch's // pending-check at ToolSearchTool.ts:334 sees them), then replace with // connected/failed as each server settles. const connectMcpBatch = ( configs: Record, label: string, ): Promise => { if (Object.keys(configs).length === 0) return Promise.resolve() headlessStore.setState(prev => ({ ...prev, mcp: { ...prev.mcp, clients: [ ...prev.mcp.clients, ...Object.entries(configs).map(([name, config]) => ({ name, type: 'pending' as const, config, })), ], }, })) return getMcpToolsCommandsAndResources( ({ client, tools, commands }) => { headlessStore.setState(prev => ({ ...prev, mcp: { ...prev.mcp, clients: prev.mcp.clients.some(c => c.name === client.name) ? prev.mcp.clients.map(c => c.name === client.name ? client : c, ) : [...prev.mcp.clients, client], tools: uniqBy([...prev.mcp.tools, ...tools], 'name'), commands: uniqBy([...prev.mcp.commands, ...commands], 'name'), }, })) }, configs, ).catch(err => logForDebugging(`[MCP] ${label} connect error: ${err}`), ) } // Await all MCP configs — print mode is often single-turn, so // "late-connecting servers visible next turn" doesn't help. SDK init // message and turn-1 tool list both need configured MCP tools present. // Zero-server case is free via the early return in connectMcpBatch. // Connectors parallelize inside getMcpToolsCommandsAndResources // (processBatched with Promise.all). claude.ai is awaited too — its // fetch was kicked off early (line ~2558) so only residual time blocks // here. --bare skips claude.ai entirely for perf-sensitive scripts. profileCheckpoint('before_connectMcp') await connectMcpBatch(regularMcpConfigs, 'regular') profileCheckpoint('after_connectMcp') // Dedup: suppress plugin MCP servers that duplicate a claude.ai // connector (connector wins), then connect claude.ai servers. // Bounded wait — #23725 made this blocking so single-turn -p sees // connectors, but with 40+ slow connectors tengu_startup_perf p99 // climbed to 76s. If fetch+connect doesn't finish in time, proceed; // the promise keeps running and updates headlessStore in the // background so turn 2+ still sees connectors. const CLAUDE_AI_MCP_TIMEOUT_MS = 5_000 const claudeaiConnect = claudeaiConfigPromise.then(claudeaiConfigs => { if (Object.keys(claudeaiConfigs).length > 0) { const claudeaiSigs = new Set() for (const config of Object.values(claudeaiConfigs)) { const sig = getMcpServerSignature(config) if (sig) claudeaiSigs.add(sig) } const suppressed = new Set() for (const [name, config] of Object.entries(regularMcpConfigs)) { if (!name.startsWith('plugin:')) continue const sig = getMcpServerSignature(config) if (sig && claudeaiSigs.has(sig)) suppressed.add(name) } if (suppressed.size > 0) { logForDebugging( `[MCP] Lazy dedup: suppressing ${suppressed.size} plugin server(s) that duplicate claude.ai connectors: ${[...suppressed].join(', ')}`, ) // Disconnect before filtering from state. Only connected // servers need cleanup — clearServerCache on a never-connected // server triggers a real connect just to kill it (memoize // cache-miss path, see useManageMCPConnections.ts:870). for (const c of headlessStore.getState().mcp.clients) { if (!suppressed.has(c.name) || c.type !== 'connected') continue c.client.onclose = undefined void clearServerCache(c.name, c.config).catch(() => {}) } headlessStore.setState(prev => { let { clients, tools, commands, resources } = prev.mcp clients = clients.filter(c => !suppressed.has(c.name)) tools = tools.filter( t => !t.mcpInfo || !suppressed.has(t.mcpInfo.serverName), ) for (const name of suppressed) { commands = excludeCommandsByServer(commands, name) resources = excludeResourcesByServer(resources, name) } return { ...prev, mcp: { ...prev.mcp, clients, tools, commands, resources }, } }) } } // Suppress claude.ai connectors that duplicate an enabled // manual server (URL-signature match). Plugin dedup above only // handles `plugin:*` keys; this catches manual `.mcp.json` entries. // plugin:* must be excluded here — step 1 already suppressed // those (claude.ai wins); leaving them in suppresses the // connector too, and neither survives (gh-39974). const nonPluginConfigs = pickBy( regularMcpConfigs, (_, n) => !n.startsWith('plugin:'), ) const { servers: dedupedClaudeAi } = dedupClaudeAiMcpServers( claudeaiConfigs, nonPluginConfigs, ) return connectMcpBatch(dedupedClaudeAi, 'claudeai') }) let claudeaiTimer: ReturnType | undefined const claudeaiTimedOut = await Promise.race([ claudeaiConnect.then(() => false), new Promise(resolve => { claudeaiTimer = setTimeout( r => r(true), CLAUDE_AI_MCP_TIMEOUT_MS, resolve, ) }), ]) if (claudeaiTimer) clearTimeout(claudeaiTimer) if (claudeaiTimedOut) { logForDebugging( `[MCP] claude.ai connectors not ready after ${CLAUDE_AI_MCP_TIMEOUT_MS}ms — proceeding; background connection continues`, ) } profileCheckpoint('after_connectMcp_claudeai') // In headless mode, start deferred prefetches immediately (no user typing delay) // --bare / SIMPLE: startDeferredPrefetches early-returns internally. // backgroundHousekeeping (initExtractMemories, pruneShellSnapshots, // cleanupOldMessageFiles) and sdkHeapDumpMonitor are all bookkeeping // that scripted calls don't need — the next interactive session reconciles. if (!isBareMode()) { startDeferredPrefetches() void import('./utils/backgroundHousekeeping.js').then(m => m.startBackgroundHousekeeping(), ) if (process.env.USER_TYPE === 'ant') { void import('./utils/sdkHeapDumpMonitor.js').then(m => m.startSdkMemoryMonitor(), ) } } logSessionTelemetry() profileCheckpoint('before_print_import') const { runHeadless } = await import('src/cli/print.js') profileCheckpoint('after_print_import') void runHeadless( inputPrompt, () => headlessStore.getState(), headlessStore.setState, commandsHeadless, tools, sdkMcpConfigs, agentDefinitions.activeAgents, { continue: options.continue, resume: options.resume, verbose: verbose, outputFormat: outputFormat, jsonSchema, permissionPromptToolName: options.permissionPromptTool, allowedTools, thinkingConfig, maxTurns: options.maxTurns, maxBudgetUsd: options.maxBudgetUsd, taskBudget: options.taskBudget ? { total: options.taskBudget } : undefined, systemPrompt, appendSystemPrompt, userSpecifiedModel: effectiveModel, fallbackModel: userSpecifiedFallbackModel, teleport, sdkUrl, replayUserMessages: effectiveReplayUserMessages, includePartialMessages: effectiveIncludePartialMessages, forkSession: options.forkSession || false, resumeSessionAt: options.resumeSessionAt || undefined, rewindFiles: options.rewindFiles, enableAuthStatus: options.enableAuthStatus, agent: agentCli, workload: options.workload, setupTrigger: setupTrigger ?? undefined, sessionStartHooksPromise, }, ) return } // Log model config at startup logEvent('tengu_startup_manual_model_config', { cli_flag: options.model as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, env_var: process.env .ANTHROPIC_MODEL as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, settings_file: (getInitialSettings() || {}) .model as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, subscriptionType: getSubscriptionType() as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, agent: agentSetting as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, }) // Get deprecation warning for the initial model (resolvedInitialModel computed earlier for hooks parallelization) const deprecationWarning = getModelDeprecationWarning(resolvedInitialModel) // Build initial notification queue const initialNotifications: Array<{ key: string text: string color?: 'warning' priority: 'high' }> = [] if (permissionModeNotification) { initialNotifications.push({ key: 'permission-mode-notification', text: permissionModeNotification, priority: 'high', }) } if (deprecationWarning) { initialNotifications.push({ key: 'model-deprecation-warning', text: deprecationWarning, color: 'warning', priority: 'high', }) } if (overlyBroadBashPermissions.length > 0) { const displayList = uniq( overlyBroadBashPermissions.map(p => p.ruleDisplay), ) const displays = displayList.join(', ') const sources = uniq( overlyBroadBashPermissions.map(p => p.sourceDisplay), ).join(', ') const n = displayList.length initialNotifications.push({ key: 'overly-broad-bash-notification', text: `${displays} allow ${plural(n, 'rule')} from ${sources} ${plural(n, 'was', 'were')} ignored \u2014 not available for Ants, please use auto-mode instead`, color: 'warning', priority: 'high', }) } const effectiveToolPermissionContext = { ...toolPermissionContext, mode: isAgentSwarmsEnabled() && getTeammateUtils().isPlanModeRequired() ? ('plan' as const) : toolPermissionContext.mode, } // All startup opt-in paths (--tools, --brief, defaultView) have fired // above; initialIsBriefOnly just reads the resulting state. const initialIsBriefOnly = feature('KAIROS') || feature('KAIROS_BRIEF') ? getUserMsgOptIn() : false const fullRemoteControl = remoteControl || getRemoteControlAtStartup() || kairosEnabled let ccrMirrorEnabled = false if (feature('CCR_MIRROR') && !fullRemoteControl) { /* eslint-disable @typescript-eslint/no-require-imports */ const { isCcrMirrorEnabled } = require('./bridge/bridgeEnabled.js') as typeof import('./bridge/bridgeEnabled.js') /* eslint-enable @typescript-eslint/no-require-imports */ ccrMirrorEnabled = isCcrMirrorEnabled() } const initialState: AppState = { settings: getInitialSettings(), tasks: {}, agentNameRegistry: new Map(), verbose: verbose ?? getGlobalConfig().verbose ?? false, mainLoopModel: initialMainLoopModel, mainLoopModelForSession: null, isBriefOnly: initialIsBriefOnly, expandedView: getGlobalConfig().showSpinnerTree ? 'teammates' : getGlobalConfig().showExpandedTodos ? 'tasks' : 'none', showTeammateMessagePreview: isAgentSwarmsEnabled() ? false : undefined, selectedIPAgentIndex: -1, coordinatorTaskIndex: -1, viewSelectionMode: 'none', footerSelection: null, toolPermissionContext: effectiveToolPermissionContext, agent: mainThreadAgentDefinition?.agentType, agentDefinitions, mcp: { clients: [], tools: [], commands: [], resources: {}, pluginReconnectKey: 0, }, plugins: { enabled: [], disabled: [], commands: [], errors: [], installationStatus: { marketplaces: [], plugins: [], }, needsRefresh: false, }, statusLineText: undefined, kairosEnabled, remoteSessionUrl: undefined, remoteConnectionStatus: 'connecting', remoteBackgroundTaskCount: 0, replBridgeEnabled: fullRemoteControl || ccrMirrorEnabled, replBridgeExplicit: remoteControl, replBridgeOutboundOnly: ccrMirrorEnabled, replBridgeConnected: false, replBridgeSessionActive: false, replBridgeReconnecting: false, replBridgeConnectUrl: undefined, replBridgeSessionUrl: undefined, replBridgeEnvironmentId: undefined, replBridgeSessionId: undefined, replBridgeError: undefined, replBridgeInitialName: remoteControlName, showRemoteCallout: false, notifications: { current: null, queue: initialNotifications, }, elicitation: { queue: [], }, todos: {}, remoteAgentTaskSuggestions: [], fileHistory: { snapshots: [], trackedFiles: new Set(), snapshotSequence: 0, }, attribution: createEmptyAttributionState(), thinkingEnabled, promptSuggestionEnabled: shouldEnablePromptSuggestion(), sessionHooks: new Map(), inbox: { messages: [], }, promptSuggestion: { text: null, promptId: null, shownAt: 0, acceptedAt: 0, generationRequestId: null, }, speculation: IDLE_SPECULATION_STATE, speculationSessionTimeSavedMs: 0, skillImprovement: { suggestion: null, }, workerSandboxPermissions: { queue: [], selectedIndex: 0, }, pendingWorkerRequest: null, pendingSandboxRequest: null, authVersion: 0, initialMessage: inputPrompt ? { message: createUserMessage({ content: String(inputPrompt) }) } : null, effortValue: parseEffortValue(options.effort) ?? getInitialEffortSetting(), activeOverlays: new Set(), fastMode: getInitialFastModeSetting(resolvedInitialModel), ...(isAdvisorEnabled() && advisorModel && { advisorModel }), // Compute teamContext synchronously to avoid useEffect setState during render. // KAIROS: assistantTeamContext takes precedence — set earlier in the // KAIROS block so Agent(name: "foo") can spawn in-process teammates // without TeamCreate. computeInitialTeamContext() is for tmux-spawned // teammates reading their own identity, not the assistant-mode leader. teamContext: feature('KAIROS') ? (assistantTeamContext ?? computeInitialTeamContext?.()) : computeInitialTeamContext?.(), } // Add CLI initial prompt to history if (inputPrompt) { addToHistory(String(inputPrompt)) } const initialTools = mcpTools // Increment numStartups synchronously — first-render readers like // shouldShowEffortCallout (via useState initializer) need the updated // value before setImmediate fires. Defer only telemetry. saveGlobalConfig(current => ({ ...current, numStartups: (current.numStartups ?? 0) + 1, })) setImmediate(() => { void logStartupTelemetry() logSessionTelemetry() }) // Set up per-turn session environment data uploader (ant-only build). // Default-enabled for all ant users when working in an Anthropic-owned // repo. Captures git/filesystem state (NOT transcripts) at each turn so // environments can be recreated at any user message index. Gating: // - Build-time: this import is stubbed in external builds. // - Runtime: uploader checks github.com/anthropics/* remote + gcloud auth. // - Safety: CLAUDE_CODE_DISABLE_SESSION_DATA_UPLOAD=1 bypasses (tests set this). // Import is dynamic + async to avoid adding startup latency. const sessionUploaderPromise = process.env.USER_TYPE === 'ant' ? import('./utils/sessionDataUploader.js') : null // Defer session uploader resolution to the onTurnComplete callback to avoid // adding a new top-level await in main.tsx (performance-critical path). // The per-turn auth logic in sessionDataUploader.ts handles unauthenticated // state gracefully (re-checks each turn, so auth recovery mid-session works). const uploaderReady = sessionUploaderPromise ? sessionUploaderPromise .then(mod => mod.createSessionTurnUploader()) .catch(() => null) : null const sessionConfig = { debug: debug || debugToStderr, commands: [...commands, ...mcpCommands], initialTools, mcpClients, autoConnectIdeFlag: ide, mainThreadAgentDefinition, disableSlashCommands, dynamicMcpConfig, strictMcpConfig, systemPrompt, appendSystemPrompt, taskListId, thinkingConfig, ...(uploaderReady && { onTurnComplete: (messages: MessageType[]) => { void uploaderReady.then(uploader => uploader?.(messages)) }, }), } // Shared context for processResumedConversation calls const resumeContext = { modeApi: coordinatorModeModule, mainThreadAgentDefinition, agentDefinitions, currentCwd, cliAgents, initialState, } if (options.continue) { // Continue the most recent conversation directly let resumeSucceeded = false try { const resumeStart = performance.now() // Clear stale caches before resuming to ensure fresh file/skill discovery const { clearSessionCaches } = await import( './commands/clear/caches.js' ) clearSessionCaches() const result = await loadConversationForResume( undefined /* sessionId */, undefined /* sourceFile */, ) if (!result) { logEvent('tengu_continue', { success: false, }) return await exitWithError( root, 'No conversation found to continue', ) } const loaded = await processResumedConversation( result, { forkSession: !!options.forkSession, includeAttribution: true, transcriptPath: result.fullPath, }, resumeContext, ) if (loaded.restoredAgentDef) { mainThreadAgentDefinition = loaded.restoredAgentDef } maybeActivateProactive(options) maybeActivateBrief(options) logEvent('tengu_continue', { success: true, resume_duration_ms: Math.round(performance.now() - resumeStart), }) resumeSucceeded = true await launchRepl( root, { getFpsMetrics, stats, initialState: loaded.initialState }, { ...sessionConfig, mainThreadAgentDefinition: loaded.restoredAgentDef ?? mainThreadAgentDefinition, initialMessages: loaded.messages, initialFileHistorySnapshots: loaded.fileHistorySnapshots, initialContentReplacements: loaded.contentReplacements, initialAgentName: loaded.agentName, initialAgentColor: loaded.agentColor, }, renderAndRun, ) } catch (error) { if (!resumeSucceeded) { logEvent('tengu_continue', { success: false, }) } logError(error) process.exit(1) } } else if (feature('DIRECT_CONNECT') && _pendingConnect?.url) { // `claude connect ` — full interactive TUI connected to a remote server let directConnectConfig try { const session = await createDirectConnectSession({ serverUrl: _pendingConnect.url, authToken: _pendingConnect.authToken, cwd: getOriginalCwd(), dangerouslySkipPermissions: _pendingConnect.dangerouslySkipPermissions, }) if (session.workDir) { setOriginalCwd(session.workDir) setCwdState(session.workDir) } setDirectConnectServerUrl(_pendingConnect.url) directConnectConfig = session.config } catch (err) { return await exitWithError( root, err instanceof DirectConnectError ? err.message : String(err), () => gracefulShutdown(1), ) } const connectInfoMessage = createSystemMessage( `Connected to server at ${_pendingConnect.url}\nSession: ${directConnectConfig.sessionId}`, 'info', ) await launchRepl( root, { getFpsMetrics, stats, initialState }, { debug: debug || debugToStderr, commands, initialTools: [], initialMessages: [connectInfoMessage], mcpClients: [], autoConnectIdeFlag: ide, mainThreadAgentDefinition, disableSlashCommands, directConnectConfig, thinkingConfig, }, renderAndRun, ) return } else if (feature('SSH_REMOTE') && _pendingSSH?.host) { // `claude ssh [dir]` — probe remote, deploy binary if needed, // spawn ssh with unix-socket -R forward to a local auth proxy, hand // the REPL an SSHSession. Tools run remotely, UI renders locally. // `--local` skips probe/deploy/ssh and spawns the current binary // directly with the same env — e2e test of the proxy/auth plumbing. const { createSSHSession, createLocalSSHSession, SSHSessionError } = await import('./ssh/createSSHSession.js') let sshSession try { if (_pendingSSH.local) { process.stderr.write('Starting local ssh-proxy test session...\n') sshSession = createLocalSSHSession({ cwd: _pendingSSH.cwd, permissionMode: _pendingSSH.permissionMode, dangerouslySkipPermissions: _pendingSSH.dangerouslySkipPermissions, }) } else { process.stderr.write(`Connecting to ${_pendingSSH.host}…\n`) // In-place progress: \r + EL0 (erase to end of line). Final \n on // success so the next message lands on a fresh line. No-op when // stderr isn't a TTY (piped/redirected) — \r would just emit noise. const isTTY = process.stderr.isTTY let hadProgress = false sshSession = await createSSHSession( { host: _pendingSSH.host, cwd: _pendingSSH.cwd, localVersion: MACRO.VERSION, permissionMode: _pendingSSH.permissionMode, dangerouslySkipPermissions: _pendingSSH.dangerouslySkipPermissions, extraCliArgs: _pendingSSH.extraCliArgs, }, isTTY ? { onProgress: msg => { hadProgress = true process.stderr.write(`\r ${msg}\x1b[K`) }, } : {}, ) if (hadProgress) process.stderr.write('\n') } setOriginalCwd(sshSession.remoteCwd) setCwdState(sshSession.remoteCwd) setDirectConnectServerUrl( _pendingSSH.local ? 'local' : _pendingSSH.host, ) } catch (err) { return await exitWithError( root, err instanceof SSHSessionError ? err.message : String(err), () => gracefulShutdown(1), ) } const sshInfoMessage = createSystemMessage( _pendingSSH.local ? `Local ssh-proxy test session\ncwd: ${sshSession.remoteCwd}\nAuth: unix socket → local proxy` : `SSH session to ${_pendingSSH.host}\nRemote cwd: ${sshSession.remoteCwd}\nAuth: unix socket -R → local proxy`, 'info', ) await launchRepl( root, { getFpsMetrics, stats, initialState }, { debug: debug || debugToStderr, commands, initialTools: [], initialMessages: [sshInfoMessage], mcpClients: [], autoConnectIdeFlag: ide, mainThreadAgentDefinition, disableSlashCommands, sshSession, thinkingConfig, }, renderAndRun, ) return } else if ( feature('KAIROS') && _pendingAssistantChat && (_pendingAssistantChat.sessionId || _pendingAssistantChat.discover) ) { // `claude assistant [sessionId]` — REPL as a pure viewer client // of a remote assistant session. The agentic loop runs remotely; this // process streams live events and POSTs messages. History is lazy- // loaded by useAssistantHistory on scroll-up (no blocking fetch here). const { discoverAssistantSessions } = await import( './assistant/sessionDiscovery.js' ) let targetSessionId = _pendingAssistantChat.sessionId // Discovery flow — list bridge environments, filter sessions if (!targetSessionId) { let sessions try { sessions = await discoverAssistantSessions() } catch (e) { return await exitWithError( root, `Failed to discover sessions: ${e instanceof Error ? e.message : e}`, () => gracefulShutdown(1), ) } if (sessions.length === 0) { let installedDir: string | null try { installedDir = await launchAssistantInstallWizard(root) } catch (e) { return await exitWithError( root, `Assistant installation failed: ${e instanceof Error ? e.message : e}`, () => gracefulShutdown(1), ) } if (installedDir === null) { await gracefulShutdown(0) process.exit(0) } // The daemon needs a few seconds to spin up its worker and // establish a bridge session before discovery will find it. return await exitWithMessage( root, `Assistant installed in ${installedDir}. The daemon is starting up — run \`claude assistant\` again in a few seconds to connect.`, { exitCode: 0, beforeExit: () => gracefulShutdown(0) }, ) } if (sessions.length === 1) { targetSessionId = sessions[0]!.id } else { const picked = await launchAssistantSessionChooser(root, { sessions, }) if (!picked) { await gracefulShutdown(0) process.exit(0) } targetSessionId = picked } } // Auth — call prepareApiRequest() once for orgUUID, but use a // getAccessToken closure for the token so reconnects get fresh tokens. const { checkAndRefreshOAuthTokenIfNeeded, getClaudeAIOAuthTokens } = await import('./utils/auth.js') await checkAndRefreshOAuthTokenIfNeeded() let apiCreds try { apiCreds = await prepareApiRequest() } catch (e) { return await exitWithError( root, `Error: ${e instanceof Error ? e.message : 'Failed to authenticate'}`, () => gracefulShutdown(1), ) } const getAccessToken = (): string => getClaudeAIOAuthTokens()?.accessToken ?? apiCreds.accessToken // Brief mode activation: setKairosActive(true) satisfies BOTH opt-in // and entitlement for isBriefEnabled() (BriefTool.ts:124-132). setKairosActive(true) setUserMsgOptIn(true) setIsRemoteMode(true) const remoteSessionConfig = createRemoteSessionConfig( targetSessionId, getAccessToken, apiCreds.orgUUID, /* hasInitialPrompt */ false, /* viewerOnly */ true, ) const infoMessage = createSystemMessage( `Attached to assistant session ${targetSessionId.slice(0, 8)}…`, 'info', ) const assistantInitialState: AppState = { ...initialState, isBriefOnly: true, kairosEnabled: false, replBridgeEnabled: false, } const remoteCommands = filterCommandsForRemoteMode(commands) await launchRepl( root, { getFpsMetrics, stats, initialState: assistantInitialState }, { debug: debug || debugToStderr, commands: remoteCommands, initialTools: [], initialMessages: [infoMessage], mcpClients: [], autoConnectIdeFlag: ide, mainThreadAgentDefinition, disableSlashCommands, remoteSessionConfig, thinkingConfig, }, renderAndRun, ) return } else if ( options.resume || options.fromPr || teleport || remote !== null ) { // Handle resume flow - from file (ant-only), session ID, or interactive selector // Clear stale caches before resuming to ensure fresh file/skill discovery const { clearSessionCaches } = await import( './commands/clear/caches.js' ) clearSessionCaches() let messages: MessageType[] | null = null let processedResume: ProcessedResume | undefined = undefined let maybeSessionId = validateUuid(options.resume) let searchTerm: string | undefined = undefined // Store full LogOption when found by custom title (for cross-worktree resume) let matchedLog: LogOption | null = null // PR filter for --from-pr flag let filterByPr: boolean | number | string | undefined = undefined // Handle --from-pr flag if (options.fromPr) { if (options.fromPr === true) { // Show all sessions with linked PRs filterByPr = true } else if (typeof options.fromPr === 'string') { // Could be a PR number or URL filterByPr = options.fromPr } } // If resume value is not a UUID, try exact match by custom title first if ( options.resume && typeof options.resume === 'string' && !maybeSessionId ) { const trimmedValue = options.resume.trim() if (trimmedValue) { const matches = await searchSessionsByCustomTitle(trimmedValue, { exact: true, }) if (matches.length === 1) { // Exact match found - store full LogOption for cross-worktree resume matchedLog = matches[0]! maybeSessionId = getSessionIdFromLog(matchedLog) ?? null } else { // No match or multiple matches - use as search term for picker searchTerm = trimmedValue } } } // --remote and --teleport both create/resume Claude Code Web (CCR) sessions. // Remote Control (--rc) is a separate feature gated in initReplBridge.ts. if (remote !== null || teleport) { await waitForPolicyLimitsToLoad() if (!isPolicyAllowed('allow_remote_sessions')) { return await exitWithError( root, "Error: Remote sessions are disabled by your organization's policy.", () => gracefulShutdown(1), ) } } if (remote !== null) { // Create remote session (optionally with initial prompt) const hasInitialPrompt = remote.length > 0 // Check if TUI mode is enabled - description is only optional in TUI mode const isRemoteTuiEnabled = getFeatureValue_CACHED_MAY_BE_STALE( 'tengu_remote_backend', false, ) if (!isRemoteTuiEnabled && !hasInitialPrompt) { return await exitWithError( root, 'Error: --remote requires a description.\nUsage: claude --remote "your task description"', () => gracefulShutdown(1), ) } logEvent('tengu_remote_create_session', { has_initial_prompt: String( hasInitialPrompt, ) as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, }) // Pass current branch so CCR clones the repo at the right revision const currentBranch = await getBranch() const createdSession = await teleportToRemoteWithErrorHandling( root, hasInitialPrompt ? remote : null, new AbortController().signal, currentBranch || undefined, ) if (!createdSession) { logEvent('tengu_remote_create_session_error', { error: 'unable_to_create_session' as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, }) return await exitWithError( root, 'Error: Unable to create remote session', () => gracefulShutdown(1), ) } logEvent('tengu_remote_create_session_success', { session_id: createdSession.id as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, }) // Check if new remote TUI mode is enabled via feature gate if (!isRemoteTuiEnabled) { // Original behavior: print session info and exit process.stdout.write( `Created remote session: ${createdSession.title}\n`, ) process.stdout.write( `View: ${getRemoteSessionUrl(createdSession.id)}?m=0\n`, ) process.stdout.write( `Resume with: claude --teleport ${createdSession.id}\n`, ) await gracefulShutdown(0) process.exit(0) } // New behavior: start local TUI with CCR engine // Mark that we're in remote mode for command visibility setIsRemoteMode(true) switchSession(asSessionId(createdSession.id)) // Get OAuth credentials for remote session let apiCreds: { accessToken: string; orgUUID: string } try { apiCreds = await prepareApiRequest() } catch (error) { logError(toError(error)) return await exitWithError( root, `Error: ${errorMessage(error) || 'Failed to authenticate'}`, () => gracefulShutdown(1), ) } // Create remote session config for the REPL const { getClaudeAIOAuthTokens: getTokensForRemote } = await import( './utils/auth.js' ) const getAccessTokenForRemote = (): string => getTokensForRemote()?.accessToken ?? apiCreds.accessToken const remoteSessionConfig = createRemoteSessionConfig( createdSession.id, getAccessTokenForRemote, apiCreds.orgUUID, hasInitialPrompt, ) // Add remote session info as initial system message const remoteSessionUrl = `${getRemoteSessionUrl(createdSession.id)}?m=0` const remoteInfoMessage = createSystemMessage( `/remote-control is active. Code in CLI or at ${remoteSessionUrl}`, 'info', ) // Create initial user message from the prompt if provided (CCR echoes it back but we ignore that) const initialUserMessage = hasInitialPrompt ? createUserMessage({ content: remote }) : null // Set remote session URL in app state for footer indicator const remoteInitialState = { ...initialState, remoteSessionUrl, } // Pre-filter commands to only include remote-safe ones. // CCR's init response may further refine the list (via handleRemoteInit in REPL). const remoteCommands = filterCommandsForRemoteMode(commands) await launchRepl( root, { getFpsMetrics, stats, initialState: remoteInitialState }, { debug: debug || debugToStderr, commands: remoteCommands, initialTools: [], initialMessages: initialUserMessage ? [remoteInfoMessage, initialUserMessage] : [remoteInfoMessage], mcpClients: [], autoConnectIdeFlag: ide, mainThreadAgentDefinition, disableSlashCommands, remoteSessionConfig, thinkingConfig, }, renderAndRun, ) return } else if (teleport) { if (teleport === true || teleport === '') { // Interactive mode: show task selector and handle resume logEvent('tengu_teleport_interactive_mode', {}) logForDebugging( 'selectAndResumeTeleportTask: Starting teleport flow...', ) const teleportResult = await launchTeleportResumeWrapper(root) if (!teleportResult) { // User cancelled or error occurred await gracefulShutdown(0) process.exit(0) } const { branchError } = await checkOutTeleportedSessionBranch( teleportResult.branch, ) messages = processMessagesForTeleportResume( teleportResult.log, branchError, ) } else if (typeof teleport === 'string') { logEvent('tengu_teleport_resume_session', { mode: 'direct' as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, }) try { // First, fetch session and validate repository before checking git state const sessionData = await fetchSession(teleport) const repoValidation = await validateSessionRepository(sessionData) // Handle repo mismatch or not in repo cases if ( repoValidation.status === 'mismatch' || repoValidation.status === 'not_in_repo' ) { const sessionRepo = repoValidation.sessionRepo if (sessionRepo) { // Check for known paths const knownPaths = getKnownPathsForRepo(sessionRepo) const existingPaths = await filterExistingPaths(knownPaths) if (existingPaths.length > 0) { // Show directory switch dialog const selectedPath = await launchTeleportRepoMismatchDialog( root, { targetRepo: sessionRepo, initialPaths: existingPaths, }, ) if (selectedPath) { // Change to the selected directory process.chdir(selectedPath) setCwd(selectedPath) setOriginalCwd(selectedPath) } else { // User cancelled await gracefulShutdown(0) } } else { // No known paths - show original error throw new TeleportOperationError( `You must run claude --teleport ${teleport} from a checkout of ${sessionRepo}.`, chalk.red( `You must run claude --teleport ${teleport} from a checkout of ${chalk.bold(sessionRepo)}.\n`, ), ) } } } else if (repoValidation.status === 'error') { throw new TeleportOperationError( repoValidation.errorMessage || 'Failed to validate session', chalk.red( `Error: ${repoValidation.errorMessage || 'Failed to validate session'}\n`, ), ) } await validateGitState() // Use progress UI for teleport const { teleportWithProgress } = await import( './components/TeleportProgress.js' ) const result = await teleportWithProgress(root, teleport) // Track teleported session for reliability logging setTeleportedSessionInfo({ sessionId: teleport }) messages = result.messages } catch (error) { if (error instanceof TeleportOperationError) { process.stderr.write(error.formattedMessage + '\n') } else { logError(error) process.stderr.write( chalk.red(`Error: ${errorMessage(error)}\n`), ) } await gracefulShutdown(1) } } } if (process.env.USER_TYPE === 'ant') { if ( options.resume && typeof options.resume === 'string' && !maybeSessionId ) { // Check for ccshare URL (e.g. https://go/ccshare/boris-20260311-211036) const { parseCcshareId, loadCcshare } = await import( './utils/ccshareResume.js' ) const ccshareId = parseCcshareId(options.resume) if (ccshareId) { try { const resumeStart = performance.now() const logOption = await loadCcshare(ccshareId) const result = await loadConversationForResume( logOption, undefined, ) if (result) { processedResume = await processResumedConversation( result, { forkSession: true, transcriptPath: result.fullPath, }, resumeContext, ) if (processedResume.restoredAgentDef) { mainThreadAgentDefinition = processedResume.restoredAgentDef } logEvent('tengu_session_resumed', { entrypoint: 'ccshare' as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, success: true, resume_duration_ms: Math.round( performance.now() - resumeStart, ), }) } else { logEvent('tengu_session_resumed', { entrypoint: 'ccshare' as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, success: false, }) } } catch (error) { logEvent('tengu_session_resumed', { entrypoint: 'ccshare' as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, success: false, }) logError(error) await exitWithError( root, `Unable to resume from ccshare: ${errorMessage(error)}`, () => gracefulShutdown(1), ) } } else { const resolvedPath = resolve(options.resume) try { const resumeStart = performance.now() let logOption try { // Attempt to load as a transcript file; ENOENT falls through to session-ID handling logOption = await loadTranscriptFromFile(resolvedPath) } catch (error) { if (!isENOENT(error)) throw error // ENOENT: not a file path — fall through to session-ID handling } if (logOption) { const result = await loadConversationForResume( logOption, undefined /* sourceFile */, ) if (result) { processedResume = await processResumedConversation( result, { forkSession: !!options.forkSession, transcriptPath: result.fullPath, }, resumeContext, ) if (processedResume.restoredAgentDef) { mainThreadAgentDefinition = processedResume.restoredAgentDef } logEvent('tengu_session_resumed', { entrypoint: 'file' as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, success: true, resume_duration_ms: Math.round( performance.now() - resumeStart, ), }) } else { logEvent('tengu_session_resumed', { entrypoint: 'file' as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, success: false, }) } } } catch (error) { logEvent('tengu_session_resumed', { entrypoint: 'file' as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, success: false, }) logError(error) await exitWithError( root, `Unable to load transcript from file: ${options.resume}`, () => gracefulShutdown(1), ) } } } } // If not loaded as a file, try as session ID if (maybeSessionId) { // Resume specific session by ID const sessionId = maybeSessionId try { const resumeStart = performance.now() // Use matchedLog if available (for cross-worktree resume by custom title) // Otherwise fall back to sessionId string (for direct UUID resume) const result = await loadConversationForResume( matchedLog ?? sessionId, undefined, ) if (!result) { logEvent('tengu_session_resumed', { entrypoint: 'cli_flag' as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, success: false, }) return await exitWithError( root, `No conversation found with session ID: ${sessionId}`, ) } const fullPath = matchedLog?.fullPath ?? result.fullPath processedResume = await processResumedConversation( result, { forkSession: !!options.forkSession, sessionIdOverride: sessionId, transcriptPath: fullPath, }, resumeContext, ) if (processedResume.restoredAgentDef) { mainThreadAgentDefinition = processedResume.restoredAgentDef } logEvent('tengu_session_resumed', { entrypoint: 'cli_flag' as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, success: true, resume_duration_ms: Math.round(performance.now() - resumeStart), }) } catch (error) { logEvent('tengu_session_resumed', { entrypoint: 'cli_flag' as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, success: false, }) logError(error) await exitWithError(root, `Failed to resume session ${sessionId}`) } } // Await file downloads before rendering REPL (files must be available) if (fileDownloadPromise) { try { const results = await fileDownloadPromise const failedCount = count(results, r => !r.success) if (failedCount > 0) { process.stderr.write( chalk.yellow( `Warning: ${failedCount}/${results.length} file(s) failed to download.\n`, ), ) } } catch (error) { return await exitWithError( root, `Error downloading files: ${errorMessage(error)}`, ) } } // If we have a processed resume or teleport messages, render the REPL const resumeData = processedResume ?? (Array.isArray(messages) ? { messages, fileHistorySnapshots: undefined, agentName: undefined, agentColor: undefined as AgentColorName | undefined, restoredAgentDef: mainThreadAgentDefinition, initialState, contentReplacements: undefined, } : undefined) if (resumeData) { maybeActivateProactive(options) maybeActivateBrief(options) await launchRepl( root, { getFpsMetrics, stats, initialState: resumeData.initialState }, { ...sessionConfig, mainThreadAgentDefinition: resumeData.restoredAgentDef ?? mainThreadAgentDefinition, initialMessages: resumeData.messages, initialFileHistorySnapshots: resumeData.fileHistorySnapshots, initialContentReplacements: resumeData.contentReplacements, initialAgentName: resumeData.agentName, initialAgentColor: resumeData.agentColor, }, renderAndRun, ) } else { // Show interactive selector (includes same-repo worktrees) // Note: ResumeConversation loads logs internally to ensure proper GC after selection await launchResumeChooser( root, { getFpsMetrics, stats, initialState }, getWorktreePaths(getOriginalCwd()), { ...sessionConfig, initialSearchQuery: searchTerm, forkSession: options.forkSession, filterByPr, }, ) } } else { // Pass unresolved hooks promise to REPL so it can render immediately // instead of blocking ~500ms waiting for SessionStart hooks to finish. // REPL will inject hook messages when they resolve and await them before // the first API call so the model always sees hook context. const pendingHookMessages = hooksPromise && hookMessages.length === 0 ? hooksPromise : undefined profileCheckpoint('action_after_hooks') maybeActivateProactive(options) maybeActivateBrief(options) // Persist the current mode for fresh sessions so future resumes know what mode was used if (feature('COORDINATOR_MODE')) { saveMode( coordinatorModeModule?.isCoordinatorMode() ? 'coordinator' : 'normal', ) } // If launched via a deep link, show a provenance banner so the user // knows the session originated externally. Linux xdg-open and // browsers with "always allow" set dispatch the link with no OS-level // confirmation, so this is the only signal the user gets that the // prompt — and the working directory / CLAUDE.md it implies — came // from an external source rather than something they typed. let deepLinkBanner: ReturnType | null = null if (feature('LODESTONE')) { if (options.deepLinkOrigin) { logEvent('tengu_deep_link_opened', { has_prefill: Boolean(options.prefill), has_repo: Boolean(options.deepLinkRepo), }) deepLinkBanner = createSystemMessage( buildDeepLinkBanner({ cwd: getCwd(), prefillLength: options.prefill?.length, repo: options.deepLinkRepo, lastFetch: options.deepLinkLastFetch !== undefined ? new Date(options.deepLinkLastFetch) : undefined, }), 'warning', ) } else if (options.prefill) { deepLinkBanner = createSystemMessage( 'Launched with a pre-filled prompt — review it before pressing Enter.', 'warning', ) } } const initialMessages = deepLinkBanner ? [deepLinkBanner, ...hookMessages] : hookMessages.length > 0 ? hookMessages : undefined await launchRepl( root, { getFpsMetrics, stats, initialState }, { ...sessionConfig, initialMessages, pendingHookMessages, }, renderAndRun, ) } }) .version( `${MACRO.VERSION} (Claude Code)`, '-v, --version', 'Output the version number', ) // Worktree flags program.option( '-w, --worktree [name]', 'Create a new git worktree for this session (optionally specify a name)', ) program.option( '--tmux', 'Create a tmux session for the worktree (requires --worktree). Uses iTerm2 native panes when available; use --tmux=classic for traditional tmux.', ) if (canUserConfigureAdvisor()) { program.addOption( new Option( '--advisor ', 'Enable the server-side advisor tool with the specified model (alias or full ID).', ).hideHelp(), ) } if (process.env.USER_TYPE === 'ant') { program.addOption( new Option( '--delegate-permissions', '[ANT-ONLY] Alias for --permission-mode auto.', ).implies({ permissionMode: 'auto' }), ) program.addOption( new Option( '--dangerously-skip-permissions-with-classifiers', '[ANT-ONLY] Deprecated alias for --permission-mode auto.', ) .hideHelp() .implies({ permissionMode: 'auto' }), ) program.addOption( new Option( '--afk', '[ANT-ONLY] Deprecated alias for --permission-mode auto.', ) .hideHelp() .implies({ permissionMode: 'auto' }), ) program.addOption( new Option( '--tasks [id]', '[ANT-ONLY] Tasks mode: watch for tasks and auto-process them. Optional id is used as both the task list ID and agent ID (defaults to "tasklist").', ) .argParser(String) .hideHelp(), ) program.option( '--agent-teams', '[ANT-ONLY] Force Claude to use multi-agent mode for solving problems', () => true, ) } if (feature('TRANSCRIPT_CLASSIFIER')) { program.addOption( new Option('--enable-auto-mode', 'Opt in to auto mode').hideHelp(), ) } if (feature('PROACTIVE') || feature('KAIROS')) { program.addOption( new Option('--proactive', 'Start in proactive autonomous mode'), ) } if (feature('UDS_INBOX')) { program.addOption( new Option( '--messaging-socket-path ', 'Unix domain socket path for the UDS messaging server (defaults to a tmp path)', ), ) } if (feature('KAIROS') || feature('KAIROS_BRIEF')) { program.addOption( new Option( '--brief', 'Enable SendUserMessage tool for agent-to-user communication', ), ) } if (feature('KAIROS')) { program.addOption( new Option( '--assistant', 'Force assistant mode (Agent SDK daemon use)', ).hideHelp(), ) } if (feature('KAIROS') || feature('KAIROS_CHANNELS')) { program.addOption( new Option( '--channels ', 'MCP servers whose channel notifications (inbound push) should register this session. Space-separated server names.', ).hideHelp(), ) program.addOption( new Option( '--dangerously-load-development-channels ', 'Load channel servers not on the approved allowlist. For local channel development only. Shows a confirmation dialog at startup.', ).hideHelp(), ) } // Teammate identity options (set by leader when spawning tmux teammates) // These replace the CLAUDE_CODE_* environment variables program.addOption( new Option('--agent-id ', 'Teammate agent ID').hideHelp(), ) program.addOption( new Option('--agent-name ', 'Teammate display name').hideHelp(), ) program.addOption( new Option( '--team-name ', 'Team name for swarm coordination', ).hideHelp(), ) program.addOption( new Option('--agent-color ', 'Teammate UI color').hideHelp(), ) program.addOption( new Option( '--plan-mode-required', 'Require plan mode before implementation', ).hideHelp(), ) program.addOption( new Option( '--parent-session-id ', 'Parent session ID for analytics correlation', ).hideHelp(), ) program.addOption( new Option( '--teammate-mode ', 'How to spawn teammates: "tmux", "in-process", or "auto"', ) .choices(['auto', 'tmux', 'in-process']) .hideHelp(), ) program.addOption( new Option( '--agent-type ', 'Custom agent type for this teammate', ).hideHelp(), ) // Enable SDK URL for all builds but hide from help program.addOption( new Option( '--sdk-url ', 'Use remote WebSocket endpoint for SDK I/O streaming (only with -p and stream-json format)', ).hideHelp(), ) // Enable teleport/remote flags for all builds but keep them undocumented until GA program.addOption( new Option( '--teleport [session]', 'Resume a teleport session, optionally specify session ID', ).hideHelp(), ) program.addOption( new Option( '--remote [description]', 'Create a remote session with the given description', ).hideHelp(), ) if (feature('BRIDGE_MODE')) { program.addOption( new Option( '--remote-control [name]', 'Start an interactive session with Remote Control enabled (optionally named)', ) .argParser(value => value || true) .hideHelp(), ) program.addOption( new Option('--rc [name]', 'Alias for --remote-control') .argParser(value => value || true) .hideHelp(), ) } if (feature('HARD_FAIL')) { program.addOption( new Option( '--hard-fail', 'Crash on logError calls instead of silently logging', ).hideHelp(), ) } profileCheckpoint('run_main_options_built') // -p/--print mode: skip subcommand registration. The 52 subcommands // (mcp, auth, plugin, skill, task, config, doctor, update, etc.) are // never dispatched in print mode — commander routes the prompt to the // default action. The subcommand registration path was measured at ~65ms // on baseline — mostly the isBridgeEnabled() call (25ms settings Zod parse // + 40ms sync keychain subprocess), both hidden by the try/catch that // always returns false before enableConfigs(). cc:// URLs are rewritten to // `open` at main() line ~851 BEFORE this runs, so argv check is safe here. const isPrintMode = process.argv.includes('-p') || process.argv.includes('--print') const isCcUrl = process.argv.some( a => a.startsWith('cc://') || a.startsWith('cc+unix://'), ) if (isPrintMode && !isCcUrl) { profileCheckpoint('run_before_parse') await program.parseAsync(process.argv) profileCheckpoint('run_after_parse') return program } // claude mcp const mcp = program .command('mcp') .description('Configure and manage MCP servers') .configureHelp(createSortedHelpConfig()) .enablePositionalOptions() mcp .command('serve') .description(`Start the Claude Code MCP server`) .option('-d, --debug', 'Enable debug mode', () => true) .option( '--verbose', 'Override verbose mode setting from config', () => true, ) .action( async ({ debug, verbose }: { debug?: boolean; verbose?: boolean }) => { const { mcpServeHandler } = await import('./cli/handlers/mcp.js') await mcpServeHandler({ debug, verbose }) }, ) // Register the mcp add subcommand (extracted for testability) registerMcpAddCommand(mcp) if (isXaaEnabled()) { registerMcpXaaIdpCommand(mcp) } mcp .command('remove ') .description('Remove an MCP server') .option( '-s, --scope ', 'Configuration scope (local, user, or project) - if not specified, removes from whichever scope it exists in', ) .action(async (name: string, options: { scope?: string }) => { const { mcpRemoveHandler } = await import('./cli/handlers/mcp.js') await mcpRemoveHandler(name, options) }) mcp .command('list') .description( 'List configured MCP servers. Note: The workspace trust dialog is skipped and stdio servers from .mcp.json are spawned for health checks. Only use this command in directories you trust.', ) .action(async () => { const { mcpListHandler } = await import('./cli/handlers/mcp.js') await mcpListHandler() }) mcp .command('get ') .description( 'Get details about an MCP server. Note: The workspace trust dialog is skipped and stdio servers from .mcp.json are spawned for health checks. Only use this command in directories you trust.', ) .action(async (name: string) => { const { mcpGetHandler } = await import('./cli/handlers/mcp.js') await mcpGetHandler(name) }) mcp .command('add-json ') .description('Add an MCP server (stdio or SSE) with a JSON string') .option( '-s, --scope ', 'Configuration scope (local, user, or project)', 'local', ) .option( '--client-secret', 'Prompt for OAuth client secret (or set MCP_CLIENT_SECRET env var)', ) .action( async ( name: string, json: string, options: { scope?: string; clientSecret?: true }, ) => { const { mcpAddJsonHandler } = await import('./cli/handlers/mcp.js') await mcpAddJsonHandler(name, json, options) }, ) mcp .command('add-from-claude-desktop') .description('Import MCP servers from Claude Desktop (Mac and WSL only)') .option( '-s, --scope ', 'Configuration scope (local, user, or project)', 'local', ) .action(async (options: { scope?: string }) => { const { mcpAddFromDesktopHandler } = await import('./cli/handlers/mcp.js') await mcpAddFromDesktopHandler(options) }) mcp .command('reset-project-choices') .description( 'Reset all approved and rejected project-scoped (.mcp.json) servers within this project', ) .action(async () => { const { mcpResetChoicesHandler } = await import('./cli/handlers/mcp.js') await mcpResetChoicesHandler() }) // claude server if (feature('DIRECT_CONNECT')) { program .command('server') .description('Start a Claude Code session server') .option('--port ', 'HTTP port', '0') .option('--host ', 'Bind address', '0.0.0.0') .option('--auth-token ', 'Bearer token for auth') .option('--unix ', 'Listen on a unix domain socket') .option( '--workspace ', 'Default working directory for sessions that do not specify cwd', ) .option( '--idle-timeout ', 'Idle timeout for detached sessions in ms (0 = never expire)', '600000', ) .option( '--max-sessions ', 'Maximum concurrent sessions (0 = unlimited)', '32', ) .action( async (opts: { port: string host: string authToken?: string unix?: string workspace?: string idleTimeout: string maxSessions: string }) => { const { randomBytes } = await import('crypto') const { startServer } = await import('./server/server.js') const { SessionManager } = await import('./server/sessionManager.js') const { DangerousBackend } = await import( './server/backends/dangerousBackend.js' ) const { printBanner } = await import('./server/serverBanner.js') const { createServerLogger } = await import('./server/serverLog.js') const { writeServerLock, removeServerLock, probeRunningServer } = await import('./server/lockfile.js') const existing = await probeRunningServer() if (existing) { process.stderr.write( `A claude server is already running (pid ${existing.pid}) at ${existing.httpUrl}\n`, ) process.exit(1) } const authToken = opts.authToken ?? `sk-ant-cc-${randomBytes(16).toString('base64url')}` const config = { port: parseInt(opts.port, 10), host: opts.host, authToken, unix: opts.unix, workspace: opts.workspace, idleTimeoutMs: parseInt(opts.idleTimeout, 10), maxSessions: parseInt(opts.maxSessions, 10), } const backend = new DangerousBackend() const sessionManager = new SessionManager(backend, { idleTimeoutMs: config.idleTimeoutMs, maxSessions: config.maxSessions, }) const logger = createServerLogger() const server = startServer(config, sessionManager, logger) const actualPort = server.port ?? config.port printBanner(config, authToken, actualPort) await writeServerLock({ pid: process.pid, port: actualPort, host: config.host, httpUrl: config.unix ? `unix:${config.unix}` : `http://${config.host}:${actualPort}`, startedAt: Date.now(), }) let shuttingDown = false const shutdown = async () => { if (shuttingDown) return shuttingDown = true // Stop accepting new connections before tearing down sessions. server.stop(true) await sessionManager.destroyAll() await removeServerLock() process.exit(0) } process.once('SIGINT', () => void shutdown()) process.once('SIGTERM', () => void shutdown()) }, ) } // `claude ssh [dir]` — registered here only so --help shows it. // The actual interactive flow is handled by early argv rewriting in main() // (parallels the DIRECT_CONNECT/cc:// pattern above). If commander reaches // this action it means the argv rewrite didn't fire (e.g. user ran // `claude ssh` with no host) — just print usage. if (feature('SSH_REMOTE')) { program .command('ssh [dir]') .description( 'Run Claude Code on a remote host over SSH. Deploys the binary and ' + 'tunnels API auth back through your local machine — no remote setup needed.', ) .option( '--permission-mode ', 'Permission mode for the remote session', ) .option( '--dangerously-skip-permissions', 'Skip all permission prompts on the remote (dangerous)', ) .option( '--local', 'e2e test mode — spawn the child CLI locally (skip ssh/deploy). ' + 'Exercises the auth proxy and unix-socket plumbing without a remote host.', ) .action(async () => { // Argv rewriting in main() should have consumed `ssh ` before // commander runs. Reaching here means host was missing or the // rewrite predicate didn't match. process.stderr.write( 'Usage: claude ssh [dir]\n\n' + "Runs Claude Code on a remote Linux host. You don't need to install\n" + 'anything on the remote or run `claude auth login` there — the binary is\n' + 'deployed over SSH and API auth tunnels back through your local machine.\n', ) process.exit(1) }) } // claude connect — subcommand only handles -p (headless) mode. // Interactive mode (without -p) is handled by early argv rewriting in main() // which redirects to the main command with full TUI support. if (feature('DIRECT_CONNECT')) { program .command('open ') .description( 'Connect to a Claude Code server (internal — use cc:// URLs)', ) .option('-p, --print [prompt]', 'Print mode (headless)') .option( '--output-format ', 'Output format: text, json, stream-json', 'text', ) .action( async ( ccUrl: string, opts: { print?: string | boolean outputFormat: string }, ) => { const { parseConnectUrl } = await import( './server/parseConnectUrl.js' ) const { serverUrl, authToken } = parseConnectUrl(ccUrl) let connectConfig try { const session = await createDirectConnectSession({ serverUrl, authToken, cwd: getOriginalCwd(), dangerouslySkipPermissions: _pendingConnect?.dangerouslySkipPermissions, }) if (session.workDir) { setOriginalCwd(session.workDir) setCwdState(session.workDir) } setDirectConnectServerUrl(serverUrl) connectConfig = session.config } catch (err) { // biome-ignore lint/suspicious/noConsole: intentional error output console.error( err instanceof DirectConnectError ? err.message : String(err), ) process.exit(1) } const { runConnectHeadless } = await import( './server/connectHeadless.js' ) const prompt = typeof opts.print === 'string' ? opts.print : '' const interactive = opts.print === true await runConnectHeadless( connectConfig, prompt, opts.outputFormat, interactive, ) }, ) } // claude auth const auth = program .command('auth') .description('Manage authentication') .configureHelp(createSortedHelpConfig()) auth .command('login') .description('Sign in to your Anthropic account') .option('--email ', 'Pre-populate email address on the login page') .option('--sso', 'Force SSO login flow') .option( '--console', 'Use Anthropic Console (API usage billing) instead of Claude subscription', ) .option('--claudeai', 'Use Claude subscription (default)') .action( async ({ email, sso, console: useConsole, claudeai, }: { email?: string sso?: boolean console?: boolean claudeai?: boolean }) => { const { authLogin } = await import('./cli/handlers/auth.js') await authLogin({ email, sso, console: useConsole, claudeai }) }, ) auth .command('status') .description('Show authentication status') .option('--json', 'Output as JSON (default)') .option('--text', 'Output as human-readable text') .action(async (opts: { json?: boolean; text?: boolean }) => { const { authStatus } = await import('./cli/handlers/auth.js') await authStatus(opts) }) auth .command('logout') .description('Log out from your Anthropic account') .action(async () => { const { authLogout } = await import('./cli/handlers/auth.js') await authLogout() }) /** * Helper function to handle marketplace command errors consistently. * Logs the error and exits the process with status 1. * @param error The error that occurred * @param action Description of the action that failed */ // Hidden flag on all plugin/marketplace subcommands to target cowork_plugins. const coworkOption = () => new Option('--cowork', 'Use cowork_plugins directory').hideHelp() // Plugin validate command const pluginCmd = program .command('plugin') .alias('plugins') .description('Manage Claude Code plugins') .configureHelp(createSortedHelpConfig()) pluginCmd .command('validate ') .description('Validate a plugin or marketplace manifest') .addOption(coworkOption()) .action(async (manifestPath: string, options: { cowork?: boolean }) => { const { pluginValidateHandler } = await import( './cli/handlers/plugins.js' ) await pluginValidateHandler(manifestPath, options) }) // Plugin list command pluginCmd .command('list') .description('List installed plugins') .option('--json', 'Output as JSON') .option( '--available', 'Include available plugins from marketplaces (requires --json)', ) .addOption(coworkOption()) .action( async (options: { json?: boolean available?: boolean cowork?: boolean }) => { const { pluginListHandler } = await import('./cli/handlers/plugins.js') await pluginListHandler(options) }, ) // Marketplace subcommands const marketplaceCmd = pluginCmd .command('marketplace') .description('Manage Claude Code marketplaces') .configureHelp(createSortedHelpConfig()) marketplaceCmd .command('add ') .description('Add a marketplace from a URL, path, or GitHub repo') .addOption(coworkOption()) .option( '--sparse ', 'Limit checkout to specific directories via git sparse-checkout (for monorepos). Example: --sparse .claude-plugin plugins', ) .option( '--scope ', 'Where to declare the marketplace: user (default), project, or local', ) .action( async ( source: string, options: { cowork?: boolean; sparse?: string[]; scope?: string }, ) => { const { marketplaceAddHandler } = await import( './cli/handlers/plugins.js' ) await marketplaceAddHandler(source, options) }, ) marketplaceCmd .command('list') .description('List all configured marketplaces') .option('--json', 'Output as JSON') .addOption(coworkOption()) .action(async (options: { json?: boolean; cowork?: boolean }) => { const { marketplaceListHandler } = await import( './cli/handlers/plugins.js' ) await marketplaceListHandler(options) }) marketplaceCmd .command('remove ') .alias('rm') .description('Remove a configured marketplace') .addOption(coworkOption()) .action(async (name: string, options: { cowork?: boolean }) => { const { marketplaceRemoveHandler } = await import( './cli/handlers/plugins.js' ) await marketplaceRemoveHandler(name, options) }) marketplaceCmd .command('update [name]') .description( 'Update marketplace(s) from their source - updates all if no name specified', ) .addOption(coworkOption()) .action(async (name: string | undefined, options: { cowork?: boolean }) => { const { marketplaceUpdateHandler } = await import( './cli/handlers/plugins.js' ) await marketplaceUpdateHandler(name, options) }) // Plugin install command pluginCmd .command('install ') .alias('i') .description( 'Install a plugin from available marketplaces (use plugin@marketplace for specific marketplace)', ) .option( '-s, --scope ', 'Installation scope: user, project, or local', 'user', ) .addOption(coworkOption()) .action( async (plugin: string, options: { scope?: string; cowork?: boolean }) => { const { pluginInstallHandler } = await import( './cli/handlers/plugins.js' ) await pluginInstallHandler(plugin, options) }, ) // Plugin uninstall command pluginCmd .command('uninstall ') .alias('remove') .alias('rm') .description('Uninstall an installed plugin') .option( '-s, --scope ', 'Uninstall from scope: user, project, or local', 'user', ) .option( '--keep-data', "Preserve the plugin's persistent data directory (~/.claude/plugins/data/{id}/)", ) .addOption(coworkOption()) .action( async ( plugin: string, options: { scope?: string; cowork?: boolean; keepData?: boolean }, ) => { const { pluginUninstallHandler } = await import( './cli/handlers/plugins.js' ) await pluginUninstallHandler(plugin, options) }, ) // Plugin enable command pluginCmd .command('enable ') .description('Enable a disabled plugin') .option( '-s, --scope ', `Installation scope: ${VALID_INSTALLABLE_SCOPES.join(', ')} (default: auto-detect)`, ) .addOption(coworkOption()) .action( async (plugin: string, options: { scope?: string; cowork?: boolean }) => { const { pluginEnableHandler } = await import( './cli/handlers/plugins.js' ) await pluginEnableHandler(plugin, options) }, ) // Plugin disable command pluginCmd .command('disable [plugin]') .description('Disable an enabled plugin') .option('-a, --all', 'Disable all enabled plugins') .option( '-s, --scope ', `Installation scope: ${VALID_INSTALLABLE_SCOPES.join(', ')} (default: auto-detect)`, ) .addOption(coworkOption()) .action( async ( plugin: string | undefined, options: { scope?: string; cowork?: boolean; all?: boolean }, ) => { const { pluginDisableHandler } = await import( './cli/handlers/plugins.js' ) await pluginDisableHandler(plugin, options) }, ) // Plugin update command pluginCmd .command('update ') .description( 'Update a plugin to the latest version (restart required to apply)', ) .option( '-s, --scope ', `Installation scope: ${VALID_UPDATE_SCOPES.join(', ')} (default: user)`, ) .addOption(coworkOption()) .action( async (plugin: string, options: { scope?: string; cowork?: boolean }) => { const { pluginUpdateHandler } = await import( './cli/handlers/plugins.js' ) await pluginUpdateHandler(plugin, options) }, ) // END ANT-ONLY // Setup token command program .command('setup-token') .description( 'Set up a long-lived authentication token (requires Claude subscription)', ) .action(async () => { const [{ setupTokenHandler }, { createRoot }] = await Promise.all([ import('./cli/handlers/util.js'), import('./ink.js'), ]) const root = await createRoot(getBaseRenderOptions(false)) await setupTokenHandler(root) }) // Agents command - list configured agents program .command('agents') .description('List configured agents') .option( '--setting-sources ', 'Comma-separated list of setting sources to load (user, project, local).', ) .action(async () => { const { agentsHandler } = await import('./cli/handlers/agents.js') await agentsHandler() process.exit(0) }) if (feature('TRANSCRIPT_CLASSIFIER')) { // Skip when tengu_auto_mode_config.enabled === 'disabled' (circuit breaker). // Reads from disk cache — GrowthBook isn't initialized at registration time. if (getAutoModeEnabledStateIfCached() !== 'disabled') { const autoModeCmd = program .command('auto-mode') .description('Inspect auto mode classifier configuration') autoModeCmd .command('defaults') .description( 'Print the default auto mode environment, allow, and deny rules as JSON', ) .action(async () => { const { autoModeDefaultsHandler } = await import( './cli/handlers/autoMode.js' ) autoModeDefaultsHandler() process.exit(0) }) autoModeCmd .command('config') .description( 'Print the effective auto mode config as JSON: your settings where set, defaults otherwise', ) .action(async () => { const { autoModeConfigHandler } = await import( './cli/handlers/autoMode.js' ) autoModeConfigHandler() process.exit(0) }) autoModeCmd .command('critique') .description('Get AI feedback on your custom auto mode rules') .option('--model ', 'Override which model is used') .action(async options => { const { autoModeCritiqueHandler } = await import( './cli/handlers/autoMode.js' ) await autoModeCritiqueHandler(options) process.exit() }) } } // Remote Control command — connect local environment to claude.ai/code. // The actual command is intercepted by the fast-path in cli.tsx before // Commander.js runs, so this registration exists only for help output. // Always hidden: isBridgeEnabled() at this point (before enableConfigs) // would throw inside isClaudeAISubscriber → getGlobalConfig and return // false via the try/catch — but not before paying ~65ms of side effects // (25ms settings Zod parse + 40ms sync `security` keychain subprocess). // The dynamic visibility never worked; the command was always hidden. if (feature('BRIDGE_MODE')) { program .command('remote-control', { hidden: true }) .alias('rc') .description( 'Connect your local environment for remote-control sessions via claude.ai/code', ) .action(async () => { // Unreachable — cli.tsx fast-path handles this command before main.tsx loads. // If somehow reached, delegate to bridgeMain. const { bridgeMain } = await import('./bridge/bridgeMain.js') await bridgeMain(process.argv.slice(3)) }) } if (feature('KAIROS')) { program .command('assistant [sessionId]') .description( 'Attach the REPL as a client to a running bridge session. Discovers sessions via API if no sessionId given.', ) .action(() => { // Argv rewriting above should have consumed `assistant [id]` // before commander runs. Reaching here means a root flag came first // (e.g. `--debug assistant`) and the position-0 predicate // didn't match. Print usage like the ssh stub does. process.stderr.write( 'Usage: claude assistant [sessionId]\n\n' + 'Attach the REPL as a viewer client to a running bridge session.\n' + 'Omit sessionId to discover and pick from available sessions.\n', ) process.exit(1) }) } // Doctor command - check installation health program .command('doctor') .description( 'Check the health of your Claude Code auto-updater. Note: The workspace trust dialog is skipped and stdio servers from .mcp.json are spawned for health checks. Only use this command in directories you trust.', ) .action(async () => { const [{ doctorHandler }, { createRoot }] = await Promise.all([ import('./cli/handlers/util.js'), import('./ink.js'), ]) const root = await createRoot(getBaseRenderOptions(false)) await doctorHandler(root) }) // claude update // // For SemVer-compliant versioning with build metadata (X.X.X+SHA): // - We perform exact string comparison (including SHA) to detect any change // - This ensures users always get the latest build, even when only the SHA changes // - UI shows both versions including build metadata for clarity program .command('update') .alias('upgrade') .description('Check for updates and install if available') .action(async () => { const { update } = await import('src/cli/update.js') await update() }) // claude up — run the project's CLAUDE.md "# claude up" setup instructions. if (process.env.USER_TYPE === 'ant') { program .command('up') .description( '[ANT-ONLY] Initialize or upgrade the local dev environment using the "# claude up" section of the nearest CLAUDE.md', ) .action(async () => { const { up } = await import('src/cli/up.js') await up() }) } // claude rollback (ant-only) // Rolls back to previous releases if (process.env.USER_TYPE === 'ant') { program .command('rollback [target]') .description( '[ANT-ONLY] Roll back to a previous release\n\nExamples:\n claude rollback Go 1 version back from current\n claude rollback 3 Go 3 versions back from current\n claude rollback 2.0.73-dev.20251217.t190658 Roll back to a specific version', ) .option('-l, --list', 'List recent published versions with ages') .option('--dry-run', 'Show what would be installed without installing') .option( '--safe', 'Roll back to the server-pinned safe version (set by oncall during incidents)', ) .action( async ( target?: string, options?: { list?: boolean; dryRun?: boolean; safe?: boolean }, ) => { const { rollback } = await import('src/cli/rollback.js') await rollback(target, options) }, ) } // claude install program .command('install [target]') .description( 'Install Claude Code native build. Use [target] to specify version (stable, latest, or specific version)', ) .option('--force', 'Force installation even if already installed') .action( async (target: string | undefined, options: { force?: boolean }) => { const { installHandler } = await import('./cli/handlers/util.js') await installHandler(target, options) }, ) // ant-only commands if (process.env.USER_TYPE === 'ant') { const validateLogId = (value: string) => { const maybeSessionId = validateUuid(value) if (maybeSessionId) return maybeSessionId return Number(value) } // claude log program .command('log') .description('[ANT-ONLY] Manage conversation logs.') .argument( '[number|sessionId]', 'A number (0, 1, 2, etc.) to display a specific log, or the sesssion ID (uuid) of a log', validateLogId, ) .action(async (logId: string | number | undefined) => { const { logHandler } = await import('./cli/handlers/ant.js') await logHandler(logId) }) // claude error program .command('error') .description( '[ANT-ONLY] View error logs. Optionally provide a number (0, -1, -2, etc.) to display a specific log.', ) .argument( '[number]', 'A number (0, 1, 2, etc.) to display a specific log', parseInt, ) .action(async (number: number | undefined) => { const { errorHandler } = await import('./cli/handlers/ant.js') await errorHandler(number) }) // claude export program .command('export') .description('[ANT-ONLY] Export a conversation to a text file.') .usage(' ') .argument( '', 'Session ID, log index (0, 1, 2...), or path to a .json/.jsonl log file', ) .argument('', 'Output file path for the exported text') .addHelpText( 'after', ` Examples: $ claude export 0 conversation.txt Export conversation at log index 0 $ claude export conversation.txt Export conversation by session ID $ claude export input.json output.txt Render JSON log file to text $ claude export .jsonl output.txt Render JSONL session file to text`, ) .action(async (source: string, outputFile: string) => { const { exportHandler } = await import('./cli/handlers/ant.js') await exportHandler(source, outputFile) }) if (process.env.USER_TYPE === 'ant') { const taskCmd = program .command('task') .description('[ANT-ONLY] Manage task list tasks') taskCmd .command('create ') .description('Create a new task') .option('-d, --description ', 'Task description') .option('-l, --list ', 'Task list ID (defaults to "tasklist")') .action( async ( subject: string, opts: { description?: string; list?: string }, ) => { const { taskCreateHandler } = await import('./cli/handlers/ant.js') await taskCreateHandler(subject, opts) }, ) taskCmd .command('list') .description('List all tasks') .option('-l, --list ', 'Task list ID (defaults to "tasklist")') .option('--pending', 'Show only pending tasks') .option('--json', 'Output as JSON') .action( async (opts: { list?: string pending?: boolean json?: boolean }) => { const { taskListHandler } = await import('./cli/handlers/ant.js') await taskListHandler(opts) }, ) taskCmd .command('get ') .description('Get details of a task') .option('-l, --list ', 'Task list ID (defaults to "tasklist")') .action(async (id: string, opts: { list?: string }) => { const { taskGetHandler } = await import('./cli/handlers/ant.js') await taskGetHandler(id, opts) }) taskCmd .command('update ') .description('Update a task') .option('-l, --list ', 'Task list ID (defaults to "tasklist")') .option( '-s, --status ', `Set status (${TASK_STATUSES.join(', ')})`, ) .option('--subject ', 'Update subject') .option('-d, --description ', 'Update description') .option('--owner ', 'Set owner') .option('--clear-owner', 'Clear owner') .action( async ( id: string, opts: { list?: string status?: string subject?: string description?: string owner?: string clearOwner?: boolean }, ) => { const { taskUpdateHandler } = await import('./cli/handlers/ant.js') await taskUpdateHandler(id, opts) }, ) taskCmd .command('dir') .description('Show the tasks directory path') .option('-l, --list ', 'Task list ID (defaults to "tasklist")') .action(async (opts: { list?: string }) => { const { taskDirHandler } = await import('./cli/handlers/ant.js') await taskDirHandler(opts) }) } // claude completion program .command('completion ', { hidden: true }) .description('Generate shell completion script (bash, zsh, or fish)') .option( '--output ', 'Write completion script directly to a file instead of stdout', ) .action(async (shell: string, opts: { output?: string }) => { const { completionHandler } = await import('./cli/handlers/ant.js') await completionHandler(shell, opts, program) }) } profileCheckpoint('run_before_parse') await program.parseAsync(process.argv) profileCheckpoint('run_after_parse') // Record final checkpoint for total_time calculation profileCheckpoint('main_after_run') // Log startup perf to Statsig (sampled) and output detailed report if enabled profileReport() return program } async function logTenguInit({ hasInitialPrompt, hasStdin, verbose, debug, debugToStderr, print, outputFormat, inputFormat, numAllowedTools, numDisallowedTools, mcpClientCount, worktreeEnabled, skipWebFetchPreflight, githubActionInputs, dangerouslySkipPermissionsPassed, permissionMode, modeIsBypass, allowDangerouslySkipPermissionsPassed, systemPromptFlag, appendSystemPromptFlag, thinkingConfig, assistantActivationPath, }: { hasInitialPrompt: boolean hasStdin: boolean verbose: boolean debug: boolean debugToStderr: boolean print: boolean outputFormat: string inputFormat: string numAllowedTools: number numDisallowedTools: number mcpClientCount: number worktreeEnabled: boolean skipWebFetchPreflight: boolean | undefined githubActionInputs: string | undefined dangerouslySkipPermissionsPassed: boolean permissionMode: string modeIsBypass: boolean allowDangerouslySkipPermissionsPassed: boolean systemPromptFlag: 'file' | 'flag' | undefined appendSystemPromptFlag: 'file' | 'flag' | undefined thinkingConfig: ThinkingConfig assistantActivationPath: string | undefined }): Promise { try { logEvent('tengu_init', { entrypoint: 'claude' as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, hasInitialPrompt, hasStdin, verbose, debug, debugToStderr, print, outputFormat: outputFormat as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, inputFormat: inputFormat as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, numAllowedTools, numDisallowedTools, mcpClientCount, worktree: worktreeEnabled, skipWebFetchPreflight, ...(githubActionInputs && { githubActionInputs: githubActionInputs as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, }), dangerouslySkipPermissionsPassed, permissionMode: permissionMode as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, modeIsBypass, inProtectedNamespace: isInProtectedNamespace(), allowDangerouslySkipPermissionsPassed, thinkingType: thinkingConfig.type as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, ...(systemPromptFlag && { systemPromptFlag: systemPromptFlag as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, }), ...(appendSystemPromptFlag && { appendSystemPromptFlag: appendSystemPromptFlag as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, }), is_simple: isBareMode() || undefined, is_coordinator: feature('COORDINATOR_MODE') && coordinatorModeModule?.isCoordinatorMode() ? true : undefined, ...(assistantActivationPath && { assistantActivationPath: assistantActivationPath as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, }), autoUpdatesChannel: (getInitialSettings().autoUpdatesChannel ?? 'latest') as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, ...(process.env.USER_TYPE === 'ant' ? (() => { const cwd = getCwd() const gitRoot = findGitRoot(cwd) const rp = gitRoot ? relative(gitRoot, cwd) || '.' : undefined return rp ? { relativeProjectPath: rp as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, } : {} })() : {}), }) } catch (error) { logError(error) } } function maybeActivateProactive(options: unknown): void { if ( (feature('PROACTIVE') || feature('KAIROS')) && ((options as { proactive?: boolean }).proactive || isEnvTruthy(process.env.CLAUDE_CODE_PROACTIVE)) ) { // eslint-disable-next-line @typescript-eslint/no-require-imports const proactiveModule = require('./proactive/index.js') if (!proactiveModule.isProactiveActive()) { proactiveModule.activateProactive('command') } } } function maybeActivateBrief(options: unknown): void { if (!(feature('KAIROS') || feature('KAIROS_BRIEF'))) return const briefFlag = (options as { brief?: boolean }).brief const briefEnv = isEnvTruthy(process.env.CLAUDE_CODE_BRIEF) if (!briefFlag && !briefEnv) return // --brief / CLAUDE_CODE_BRIEF are explicit opt-ins: check entitlement, // then set userMsgOptIn to activate the tool + prompt section. The env // var also grants entitlement (isBriefEntitled() reads it), so setting // CLAUDE_CODE_BRIEF=1 alone force-enables for dev/testing — no GB gate // needed. initialIsBriefOnly reads getUserMsgOptIn() directly. // Conditional require: static import would leak the tool name string // into external builds via BriefTool.ts → prompt.ts. /* eslint-disable @typescript-eslint/no-require-imports */ const { isBriefEntitled } = require('./tools/BriefTool/BriefTool.js') as typeof import('./tools/BriefTool/BriefTool.js') /* eslint-enable @typescript-eslint/no-require-imports */ const entitled = isBriefEntitled() if (entitled) { setUserMsgOptIn(true) } // Fire unconditionally once intent is seen: enabled=false captures the // "user tried but was gated" failure mode in Datadog. logEvent('tengu_brief_mode_enabled', { enabled: entitled, gated: !entitled, source: (briefEnv ? 'env' : 'flag') as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS, }) } function resetCursor() { const terminal = process.stderr.isTTY ? process.stderr : process.stdout.isTTY ? process.stdout : undefined terminal?.write(SHOW_CURSOR) } type TeammateOptions = { agentId?: string agentName?: string teamName?: string agentColor?: string planModeRequired?: boolean parentSessionId?: string teammateMode?: 'auto' | 'tmux' | 'in-process' agentType?: string } function extractTeammateOptions(options: unknown): TeammateOptions { if (typeof options !== 'object' || options === null) { return {} } const opts = options as Record const teammateMode = opts.teammateMode return { agentId: typeof opts.agentId === 'string' ? opts.agentId : undefined, agentName: typeof opts.agentName === 'string' ? opts.agentName : undefined, teamName: typeof opts.teamName === 'string' ? opts.teamName : undefined, agentColor: typeof opts.agentColor === 'string' ? opts.agentColor : undefined, planModeRequired: typeof opts.planModeRequired === 'boolean' ? opts.planModeRequired : undefined, parentSessionId: typeof opts.parentSessionId === 'string' ? opts.parentSessionId : undefined, teammateMode: teammateMode === 'auto' || teammateMode === 'tmux' || teammateMode === 'in-process' ? teammateMode : undefined, agentType: typeof opts.agentType === 'string' ? opts.agentType : undefined, } }