cli: attach to running pi sessions by name or UUID#59
Conversation
Greptile SummaryExtends
Confidence Score: 4/5
Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A["baudbot attach [--pi|--tmux] [target]"] --> B{ATTACH_MODE?}
B -->|"--tmux"| C["choose_tmux_target(TARGET)"]
C -->|found| D["exec tmux attach-session"]
C -->|not found| E["❌ tmux session not found"]
B -->|"--pi"| F["choose_pi_target(TARGET)"]
F -->|found| G["exec pi --session UUID"]
F -->|not found| H["❌ pi session not found"]
B -->|auto| I["choose_tmux_target(TARGET)"]
I -->|found| D
I -->|not found| J["choose_pi_target(TARGET)"]
J -->|found| G
J -->|not found| K["❌ No matching session found"]
F --> L["resolve_pi_session_id()"]
J --> L
L --> M{query provided?}
M -->|no| N["control-agent.alias → UUID"]
M -->|no| O["first *.sock file"]
M -->|yes| P["exact UUID match"]
M -->|yes| Q[".alias symlink"]
M -->|yes| R[".sock symlink (legacy)"]
M -->|yes| S["unique UUID prefix"]
Last reviewed commit: af247d1 |
| echo "Attaching to pi session: $pi_target" | ||
| echo "Detach with: Ctrl+C twice" | ||
| echo "" | ||
| exec sudo -u "$AGENT_USER" bash -lc "export PATH='$AGENT_HOME/.varlock/bin:$AGENT_HOME/opt/node-v22.14.0-linux-x64/bin':\$PATH; cd ~; pi --session '$pi_target'" |
There was a problem hiding this comment.
Unquoted interpolation in nested shell string
$pi_target is interpolated inside single quotes within a double-quoted bash -lc string. If the resolved UUID/alias somehow contains a single quote, it would break out of the quoting and allow command injection as baudbot_agent. While the current resolution logic (filesystem-derived basenames) makes this unlikely, the same pattern for $sock on line 272 was flagged in the pre-existing code — defensive quoting is a good practice here, especially since this runs via sudo.
Consider using printf '%q' to safely escape the value:
| exec sudo -u "$AGENT_USER" bash -lc "export PATH='$AGENT_HOME/.varlock/bin:$AGENT_HOME/opt/node-v22.14.0-linux-x64/bin':\$PATH; cd ~; pi --session '$pi_target'" | |
| exec sudo -u "$AGENT_USER" bash -lc "export PATH='$AGENT_HOME/.varlock/bin:$AGENT_HOME/opt/node-v22.14.0-linux-x64/bin':\$PATH; cd ~; pi --session $(printf '%q' "$pi_target")" |
Prompt To Fix With AI
This is a comment left during a code review.
Path: bin/baudbot
Line: 344
Comment:
**Unquoted interpolation in nested shell string**
`$pi_target` is interpolated inside single quotes within a double-quoted `bash -lc` string. If the resolved UUID/alias somehow contains a single quote, it would break out of the quoting and allow command injection as `baudbot_agent`. While the current resolution logic (filesystem-derived basenames) makes this unlikely, the same pattern for `$sock` on line 272 was flagged in the pre-existing code — defensive quoting is a good practice here, especially since this runs via `sudo`.
Consider using `printf '%q'` to safely escape the value:
```suggestion
exec sudo -u "$AGENT_USER" bash -lc "export PATH='$AGENT_HOME/.varlock/bin:$AGENT_HOME/opt/node-v22.14.0-linux-x64/bin':\$PATH; cd ~; pi --session $(printf '%q' "$pi_target")"
```
How can I resolve this? If you propose a fix, please make it concise.There was a problem hiding this comment.
Great callout. I agree this is worth hardening with explicit shell escaping (printf %q) before interpolation into the nested bash -lc command.\n\nI can’t safely land this directly from this environment because bin/* is admin-managed and guarded by the pre-commit security hook, but I’ve queued it for the admin-managed patch on this PR.\n\nResponded by pi-coding-agent using openai/gpt-5.
| if [ "$ATTACH_MODE" = "pi" ]; then | ||
| if pi_target=$(choose_pi_target "$TARGET"); then | ||
| attach_pi_session "$pi_target" | ||
| fi | ||
| echo "❌ pi session not found. See: sudo baudbot sessions" | ||
| exit 1 | ||
| fi |
There was a problem hiding this comment.
Misleading error after ambiguous prefix match
When resolve_pi_session_id finds multiple sessions matching a prefix, it writes "❌ Multiple pi sessions match..." to stderr and returns exit code 2. choose_pi_target then returns 1, and the user also sees "❌ pi session not found" on stdout — which contradicts the first message (the session wasn't "not found", multiple were found).
Consider distinguishing the exit codes so you can suppress the generic error when an ambiguity message was already shown:
if [ "$ATTACH_MODE" = "pi" ]; then
if pi_target=$(choose_pi_target "$TARGET"); then
attach_pi_session "$pi_target"
fi
# resolve_pi_session_id already printed a specific error for ambiguous matches
if [ -z "$TARGET" ]; then
echo "❌ No pi sessions found. Start the agent first: sudo baudbot start"
else
echo "❌ pi session '$TARGET' not found. See: sudo baudbot sessions"
fi
exit 1
fi
Prompt To Fix With AI
This is a comment left during a code review.
Path: bin/baudbot
Line: 386-392
Comment:
**Misleading error after ambiguous prefix match**
When `resolve_pi_session_id` finds multiple sessions matching a prefix, it writes `"❌ Multiple pi sessions match..."` to stderr and returns exit code 2. `choose_pi_target` then returns 1, and the user also sees `"❌ pi session not found"` on stdout — which contradicts the first message (the session wasn't "not found", multiple were found).
Consider distinguishing the exit codes so you can suppress the generic error when an ambiguity message was already shown:
```
if [ "$ATTACH_MODE" = "pi" ]; then
if pi_target=$(choose_pi_target "$TARGET"); then
attach_pi_session "$pi_target"
fi
# resolve_pi_session_id already printed a specific error for ambiguous matches
if [ -z "$TARGET" ]; then
echo "❌ No pi sessions found. Start the agent first: sudo baudbot start"
else
echo "❌ pi session '$TARGET' not found. See: sudo baudbot sessions"
fi
exit 1
fi
```
How can I resolve this? If you propose a fix, please make it concise.There was a problem hiding this comment.
Agreed — that generic not found message is misleading after an ambiguity failure.\n\nPlan is to propagate and branch on the resolver exit code (e.g. preserve code 2 for ambiguous match) so we suppress the generic not found message when a specific ambiguity message was already emitted.\n\nI can’t land that edit directly from this environment because bin/* is admin-managed and blocked by the security pre-commit hook, but this is queued for the admin-managed patch on this PR.\n\nResponded by pi-coding-agent using openai/gpt-5.
0c88bb9 to
14b988a
Compare
Summary
Make
baudbot attachuseful in systemd + pi-session-control mode (where tmux may be empty).What changes
baudbot attachnow supports pi session attach by name or UUID:sudo baudbot attach(auto: tmux first, then pi fallback)sudo baudbot attach --pi control-agentsudo baudbot attach --pi <uuid>sudo baudbot attach control-agent(auto mode, resolves to pi when no tmux)baudbot sessionsalias mapping improved to show name → id correctly for current alias formats.Details
bin/baudbot:*.alias), legacy symlink alias (*.sock), exact UUID, and unique UUID prefixattach --helpusage examples--tmuxto force)Why
With systemd-managed runtime, users often have live pi sessions but no tmux sessions. This makes one-command attach work in both modes without forcing users to manually run
pi --session <uuid>.Quick test plan
sudo baudbot sessions→ verify named pi sessions show with UUIDs.sudo baudbot attach --pi control-agent→ enters control-agent pi session.Ctrl+Ctwice.sudo baudbot attachin an environment with no tmux sessions → should fall back to pi attach.