feat: --id flag for cn serve (#7884)

* feat: --id flag for cn serve

* fix: lint

* fix: address feedback

Author: sestinj

extensions/cli/docs/storage-sync.md

@@ -0,0 +1,55 @@
+# Storage Sync Flow for `cn serve`
+
+## Overview
+
+The `--id <storageId>` flag enables the `cn serve` command to periodically persist session state to an external Continue-managed storage bucket. On startup, the CLI exchanges the provided `storageId` for two pre-signed S3 URLs - one for `session.json` and one for `diff.txt` - and then pushes fresh copies of those files every 30 seconds.
+
+This document captures the responsibilities for both the CLI and backend components so we can iterate on the feature together.
+
+## CLI Responsibilities
+
+- **Flag plumbing**: When `cn serve` is invoked with `--id <storageId>`, the CLI treats that value as an opaque identifier.
+- **API key auth**: The CLI attaches the user-level Continue API key (same mechanism we already use for other authenticated requests) to backend calls.
+- **Presign handshake**:
+  1. On startup, issue `POST https://api.continue.dev/agents/storage/presigned-url` with JSON payload `{ "storageId": "<storageId>" }`.
+  2. Expect a response payload containing two pre-signed `PUT` URLs and their target object keys:
+     ```json
+     {
+       "session": {
+         "key": "sessions/<sessionId>/session.json",
+         "putUrl": "https://<s3-host>/..."
+       },
+       "diff": {
+         "key": "sessions/<sessionId>/diff.txt",
+         "putUrl": "https://<s3-host>/..."
+       }
+     }
+     ```
+  3. If the call fails, log and continue without remote storage (no retries yet).
+- **Periodic uploads**:
+  - Every 30 seconds (configurable later), serialize the in-memory session to `session.json` and fetch the `/diff` payload to produce `diff.txt`.
+  - Upload both artifacts using their respective `PUT` URLs. For now we overwrite the same objects each cycle.
+  - Errors should be logged but non-fatal; the server keeps running.
+  - If the repo check fails (no git repo or missing `main`), `diff.txt` uploads an empty string and we log the condition once for debugging.
+
+## Backend Responsibilities
+
+- **Endpoint surface**: `POST /agents/storage/presigned-url` accepts a JSON body `{ "storageId": string }`.
+- **Authentication**: Leverage the caller's Continue API key (the request arrives with the standard `Authorization: Bearer <apiKey>` header). Apply normal auth/tenant validation so users can only request URLs tied to their account/org.
+- **URL issuance**:
+  - Resolve `storageId` into the desired S3 prefix (e.g., `sessions/<org>/<storageId>/`).
+  - Generate two short-lived pre-signed `PUT` URLs: one for `session.json`, one for `diff.txt`.
+  - Return both URLs and their keys in the response payload described above.
+- **Expiration**: The initial implementation can hand out URLs with a generous TTL (e.g., 60 minutes). Later we will add CLI-side refresh logic before expiry.
+
+## Open Questions & Future Enhancements
+
+- **URL refresh**: When the presigned URLs expire we currently have no refresh cycle. We'd need either a renewal endpoint or to re-call the existing endpoint on failure.
+- **Upload cadence**: The 30-second interval is hard-coded for now. Consider making it configurable in both CLI and backend policies.
+- **Error telemetry**: Decide if repeated upload failures should trip analytics or circuit breakers.
+- **Diff source**: `diff.txt` currently mirrors the `/diff` endpoint response. Confirm backend expectations for format and size limits.
+- **Security**: We might want to sign responses or enforce stricter scope on `storageId` mapping (e.g., require both org + storageId and validate ownership).
+
+---
+
+This document should evolve alongside implementation details; update it whenever the API contract or client behavior changes.

extensions/cli/src/commands/serve.ts

@@ -1,11 +1,8 @@
-import { exec } from "child_process";
-import { promisify } from "util";
-
 import chalk from "chalk";
 import type { ChatHistoryItem } from "core/index.js";
 import express, { Request, Response } from "express";
 
-import { getAssistantSlug } from "../auth/workos.js";
+import { getAccessToken, getAssistantSlug } from "../auth/workos.js";
 import { processCommandFlags } from "../flags/flagProcessor.js";
 import { toolPermissionManager } from "../permissions/permissionManager.js";
 import {
@@ -19,11 +16,12 @@ import {
   ConfigServiceState,
   ModelServiceState,
 } from "../services/types.js";
-import { createSession } from "../session.js";
+import { createSession, getSessionPersistenceSnapshot } from "../session.js";
 import { constructSystemMessage } from "../systemMessage.js";
 import { telemetryService } from "../telemetry/telemetryService.js";
 import { gracefulExit } from "../util/exit.js";
 import { formatError } from "../util/formatError.js";
+import { getGitDiffSnapshot } from "../util/git.js";
 import { logger } from "../util/logger.js";
 import { readStdinSync } from "../util/stdin.js";
 
@@ -33,11 +31,11 @@ import {
   type ServerState,
 } from "./serve.helpers.js";
 
-const execAsync = promisify(exec);
-
 interface ServeOptions extends ExtendedCommandOptions {
   timeout?: string;
   port?: string;
+  /** Storage identifier for remote sync */
+  id?: string;
 }
 
 // eslint-disable-next-line max-statements
@@ -86,6 +84,7 @@ export async function serve(prompt?: string, options: ServeOptions = {}) {
   if (authState.organizationId) {
     telemetryService.updateOrganization(authState.organizationId);
   }
+  const accessToken = getAccessToken(authState.authConfig);
 
   // Log configuration information
   const organizationId = authState.organizationId || "personal";
@@ -146,6 +145,32 @@ export async function serve(prompt?: string, options: ServeOptions = {}) {
     pendingPermission: null,
   };
 
+  const syncSessionHistory = () => {
+    try {
+      state.session.history = services.chatHistory.getHistory();
+    } catch (e) {
+      logger.debug(
+        `Failed to sync session history from ChatHistoryService: ${formatError(e)}`,
+      );
+    }
+  };
+
+  const storageSyncService = services.storageSync;
+  let storageSyncActive = await storageSyncService.startFromOptions({
+    storageOption: options.id,
+    accessToken,
+    syncSessionHistory,
+    getSessionSnapshot: () => getSessionPersistenceSnapshot(state.session),
+    isActive: () => state.serverRunning,
+  });
+
+  const stopStorageSync = () => {
+    if (storageSyncActive) {
+      storageSyncService.stop();
+      storageSyncActive = false;
+    }
+  };
+
   // Record session start
   telemetryService.recordSessionStart();
   telemetryService.startActiveTime();
@@ -156,14 +181,7 @@ export async function serve(prompt?: string, options: ServeOptions = {}) {
   // GET /state - Return the current state
   app.get("/state", (_req: Request, res: Response) => {
     state.lastActivity = Date.now();
-    // Ensure session history reflects ChatHistoryService state
-    try {
-      state.session.history = services.chatHistory.getHistory();
-    } catch (e) {
-      logger.debug(
-        `Failed to sync session history from ChatHistoryService: ${formatError(e)}`,
-      );
-    }
+    syncSessionHistory();
     res.json({
       session: state.session, // Return session directly instead of converting
       isProcessing: state.isProcessing,
@@ -239,34 +257,25 @@ export async function serve(prompt?: string, options: ServeOptions = {}) {
     state.lastActivity = Date.now();
 
     try {
-      // First check if we're in a git repository
-      await execAsync("git rev-parse --git-dir");
+      const diffResult = await getGitDiffSnapshot();
 
-      // Get the diff against main branch
-      const { stdout } = await execAsync("git diff main");
-
-      res.json({
-        diff: stdout,
-      });
-    } catch (error: any) {
-      // Git diff returns exit code 1 when there are differences, which is normal
-      if (error.code === 1 && error.stdout) {
-        res.json({
-          diff: error.stdout,
-        });
-      } else if (error.code === 128) {
-        // Handle case where we're not in a git repo or main branch doesn't exist
+      if (!diffResult.repoFound) {
         res.status(404).json({
           error: "Not in a git repository or main branch doesn't exist",
           diff: "",
         });
-      } else {
-        logger.error(`Git diff error: ${formatError(error)}`);
-        res.status(500).json({
-          error: `Failed to get git diff: ${formatError(error)}`,
-          diff: "",
-        });
+        return;
       }
+
+      res.json({
+        diff: diffResult.diff,
+      });
+    } catch (error) {
+      logger.error(`Git diff error: ${formatError(error)}`);
+      res.status(500).json({
+        error: `Failed to get git diff: ${formatError(error)}`,
+        diff: "",
+      });
     }
   });
 
@@ -287,6 +296,7 @@ export async function serve(prompt?: string, options: ServeOptions = {}) {
 
     // Set server running flag to false to stop processing
     state.serverRunning = false;
+    stopStorageSync();
 
     // Abort any current processing
     if (state.currentAbortController) {
@@ -438,6 +448,7 @@ export async function serve(prompt?: string, options: ServeOptions = {}) {
         ),
       );
       state.serverRunning = false;
+      stopStorageSync();
       server.close(() => {
         telemetryService.stopActiveTime();
         gracefulExit(0).catch((err) => {
@@ -456,6 +467,7 @@ export async function serve(prompt?: string, options: ServeOptions = {}) {
   process.on("SIGINT", () => {
     console.log(chalk.yellow("\nShutting down server..."));
     state.serverRunning = false;
+    stopStorageSync();
     if (inactivityChecker) {
       clearInterval(inactivityChecker);
       inactivityChecker = null;

extensions/cli/src/index.ts

@@ -312,6 +312,10 @@ program
     "300",
   )
   .option("--port <port>", "Port to run the server on (default: 8000)", "8000")
+  .option(
+    "--id <storageId>",
+    "Upload session snapshots to Continue-managed storage using the provided identifier",
+  )
   .action(async (prompt, options) => {
     // Telemetry: record command invocation
     await posthogService.capture("cliCommand", { command: "serve" });