npm - @agentvault/agentvault - Versions diffs - 0.8.0 → 0.9.1 - Mend

@agentvault/agentvault 0.8.0 → 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/__tests__/install-plugin.test.d.ts +2 -0
package/dist/__tests__/install-plugin.test.d.ts.map +1 -0
package/dist/channel.d.ts.map +1 -1
package/dist/cli.js +312 -37
package/dist/cli.js.map +4 -4
package/dist/crypto-helpers.d.ts +1 -11
package/dist/crypto-helpers.d.ts.map +1 -1
package/dist/gateway-send.d.ts +37 -0
package/dist/gateway-send.d.ts.map +1 -0
package/dist/index.d.ts +3 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +236 -20
package/dist/index.js.map +4 -4
package/dist/openclaw-entry.d.ts.map +1 -1
package/dist/openclaw-entry.js +13 -8
package/dist/openclaw-entry.js.map +2 -2
package/dist/types.d.ts +7 -0
package/dist/types.d.ts.map +1 -1
package/package.json +2 -2

package/dist/crypto-helpers.d.ts CHANGED Viewed

@@ -1,12 +1,2 @@
-import type { EncryptedMessage } from "@agentvault/crypto";
-export declare function hexToBytes(hex: string): Uint8Array;
-export declare function bytesToHex(bytes: Uint8Array): string;
-export declare function base64ToBytes(b64: string): Uint8Array;
-export declare function bytesToBase64(bytes: Uint8Array): string;
-export interface TransportMessage {
-    header_blob: string;
-    ciphertext: string;
-}
-export declare function encryptedMessageToTransport(msg: EncryptedMessage): TransportMessage;
-export declare function transportToEncryptedMessage(transport: TransportMessage): EncryptedMessage;
+export { hexToBytes, bytesToHex, base64ToBytes, bytesToBase64, encryptedMessageToTransport, transportToEncryptedMessage, type TransportMessage, } from "@agentvault/crypto";
 //# sourceMappingURL=crypto-helpers.d.ts.map

package/dist/crypto-helpers.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"crypto-helpers.d.ts","sourceRoot":"","sources":["../src/crypto-helpers.ts"],"names":[],"mappings":"~~AACA~~,OAAO,~~KAAK~~,~~EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAI3D,wBAAgB,~~UAAU,~~CAAC~~,~~GAAG,EAAE,MAAM,GAAG,~~UAAU,~~CAElD;AAED~~,~~wBAAgB~~,~~UAAU~~,~~CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAEpD;AAED,wBAAgB,~~aAAa,~~CAAC~~,~~GAAG~~,~~EAAE~~,~~MAAM~~,~~GAAG~~,~~UAAU,CAErD;AAED,wBAAgB,aAAa,CAAC,~~KAAK,~~EAAE,UAAU,GAAG,MAAM,CAEvD;AAKD,MAAM,WAAW,~~gBAAgB~~;IAC/B~~,~~WAAW~~,~~EAAE,~~MAAM,~~CAAC;IACpB~~,~~UAAU,EAAE,MAAM,~~CAAC~~;CACpB;AAED,wBAAgB,2BAA2B,CACzC,GAAG,EAAE,gBAAgB,GACpB,gBAAgB,CAgBlB;AAED,wBAAgB,2BAA2B,CACzC,SAAS,EAAE,gBAAgB,GAC1B,gBAAgB,CAelB~~"}
1	+ {"version":3,"file":"crypto-helpers.d.ts","sourceRoot":"","sources":["../src/crypto-helpers.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,UAAU,EACV,UAAU,EACV,aAAa,EACb,aAAa,EACb,2BAA2B,EAC3B,2BAA2B,EAC3B,KAAK,gBAAgB,GACtB,MAAM,oBAAoB,CAAC"}

package/dist/gateway-send.d.ts ADDED Viewed

@@ -0,0 +1,37 @@
+/**
+ * Gateway send helper — lets agents send messages to their owner
+ * via the plugin's local HTTP server (port 18790).
+ *
+ * Delivery path: sendToOwner() → plugin HTTP /send → SecureChannel.send()
+ *   → Double Ratchet encrypt → WebSocket → backend → owner's app
+ */
+export interface GatewaySendOptions {
+    /** Override the gateway port (default: env GATEWAY_SEND_PORT or 18790) */
+    port?: number;
+    /** Override the gateway host (default: 127.0.0.1) */
+    host?: string;
+    /** AbortSignal for cancellation */
+    signal?: AbortSignal;
+}
+export interface GatewaySendResult {
+    ok: boolean;
+    error?: string;
+}
+export interface GatewayStatusResult {
+    ok: boolean;
+    state?: string;
+    deviceId?: string;
+    sessions?: number;
+    error?: string;
+}
+/**
+ * Send a plaintext message to the agent's owner via the gateway HTTP server.
+ * Never throws — returns `{ ok: false, error }` on failure.
+ */
+export declare function sendToOwner(text: string, options?: GatewaySendOptions): Promise<GatewaySendResult>;
+/**
+ * Check gateway health / status.
+ * Never throws — returns `{ ok: false, error }` on failure.
+ */
+export declare function checkGateway(options?: GatewaySendOptions): Promise<GatewayStatusResult>;
+//# sourceMappingURL=gateway-send.d.ts.map

package/dist/gateway-send.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"gateway-send.d.ts","sourceRoot":"","sources":["../src/gateway-send.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,WAAW,kBAAkB;IACjC,0EAA0E;IAC1E,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qDAAqD;IACrD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,mCAAmC;IACnC,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,OAAO,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,OAAO,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAsBD;;;GAGG;AACH,wBAAsB,WAAW,CAC/B,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,kBAAkB,GAC3B,OAAO,CAAC,iBAAiB,CAAC,CAuB5B;AAED;;;GAGG;AACH,wBAAsB,YAAY,CAChC,OAAO,CAAC,EAAE,kBAAkB,GAC3B,OAAO,CAAC,mBAAmB,CAAC,CAmB9B"}

package/dist/index.d.ts CHANGED Viewed

@@ -1,5 +1,7 @@
 export { SecureChannel } from "./channel.js";
 export type { SecureChannelConfig, ChannelState, MessageMetadata, AttachmentData, PersistedState, LegacyPersistedState, DeviceSession, HistoryEntry, SendOptions, DecisionOption, DecisionRequest, DecisionResponse, ContextRef, HeartbeatStatus, StatusAlert, RoomInfo, RoomMemberInfo, RoomConversationInfo, RoomState, A2AChannel, A2AMessage, RoomParticipantEvent, } from "./types.js";
 export { agentVaultPlugin, setOcRuntime, getActiveChannel } from "./openclaw-plugin.js";
-export declare const VERSION = "0.7.0";
+export { sendToOwner, checkGateway } from "./gateway-send.js";
+export type { GatewaySendOptions, GatewaySendResult, GatewayStatusResult, } from "./gateway-send.js";
+export declare const VERSION = "0.9.0";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,YAAY,EACV,mBAAmB,EACnB,YAAY,EACZ,eAAe,EACf,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,YAAY,EACZ,WAAW,EACX,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,UAAU,EACV,eAAe,EACf,WAAW,EACX,QAAQ,EACR,cAAc,EACd,oBAAoB,EACpB,SAAS,EACT,UAAU,EACV,UAAU,EACV,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;~~AAExF~~,eAAO,MAAM,OAAO,UAAU,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,YAAY,EACV,mBAAmB,EACnB,YAAY,EACZ,eAAe,EACf,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,YAAY,EACZ,WAAW,EACX,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,UAAU,EACV,eAAe,EACf,WAAW,EACX,QAAQ,EACR,cAAc,EACd,oBAAoB,EACpB,SAAS,EACT,UAAU,EACV,UAAU,EACV,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAGxF,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC9D,YAAY,EACV,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,mBAAmB,CAAC;AAE3B,eAAO,MAAM,OAAO,UAAU,CAAC"}

package/dist/index.js CHANGED Viewed

@@ -45106,7 +45106,7 @@ var ScanEngine = class {
   }
 };
-// src/crypto-helpers.ts
+// ../crypto/dist/transport.js
 function hexToBytes(hex) {
   return libsodium_wrappers_default.from_hex(hex);
 }
@@ -45128,18 +45128,14 @@ function encryptedMessageToTransport(msg) {
     nonce: bytesToBase64(msg.nonce)
   };
   const headerJson = JSON.stringify(headerObj);
-  const headerBlob = bytesToBase64(
-    new TextEncoder().encode(headerJson)
-  );
+  const headerBlob = bytesToBase64(new TextEncoder().encode(headerJson));
   return {
     header_blob: headerBlob,
     ciphertext: bytesToBase64(msg.ciphertext)
   };
 }
 function transportToEncryptedMessage(transport) {
-  const headerJson = new TextDecoder().decode(
-    base64ToBytes(transport.header_blob)
-  );
+  const headerJson = new TextDecoder().decode(base64ToBytes(transport.header_blob));
   const headerObj = JSON.parse(headerJson);
   return {
     header: {
@@ -45425,9 +45421,18 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
       scanStatus = scanResult.status;
     }
     this._appendHistory("agent", plaintext, topicId);
+    const roomConvIds = /* @__PURE__ */ new Set();
+    if (this._persisted?.rooms) {
+      for (const room of Object.values(this._persisted.rooms)) {
+        for (const cid of room.conversationIds) {
+          roomConvIds.add(cid);
+        }
+      }
+    }
     const messageGroupId = randomUUID();
     for (const [convId, session] of this._sessions) {
       if (!session.activated) continue;
+      if (roomConvIds.has(convId)) continue;
       const encrypted = session.ratchet.encrypt(plaintext);
       const transport = encryptedMessageToTransport(encrypted);
       const msg = {
@@ -45573,6 +45578,10 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
       if (conv.participantA !== myDeviceId && conv.participantB !== myDeviceId) {
         continue;
       }
+      if (this._sessions.has(conv.id)) {
+        conversationIds.push(conv.id);
+        continue;
+      }
       const otherDeviceId = conv.participantA === myDeviceId ? conv.participantB : conv.participantA;
       const otherMember = roomData.members.find((m2) => m2.deviceId === otherDeviceId);
       if (!otherMember?.identityPublicKey) {
@@ -45582,13 +45591,12 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
         continue;
       }
       const isInitiator = myDeviceId < otherDeviceId;
+      const theirEphKey = otherMember.ephemeralPublicKey ?? otherMember.identityPublicKey;
       const sharedSecret = performX3DH({
         myIdentityPrivate: hexToBytes(identity.privateKey),
         myEphemeralPrivate: hexToBytes(ephemeral.privateKey),
         theirIdentityPublic: hexToBytes(otherMember.identityPublicKey),
-        theirEphemeralPublic: hexToBytes(
-          otherMember.ephemeralPublicKey ?? otherMember.identityPublicKey
-        ),
+        theirEphemeralPublic: hexToBytes(theirEphKey),
         isInitiator
       });
       const ratchet = isInitiator ? DoubleRatchet.initSender(sharedSecret, {
@@ -45660,9 +45668,11 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
       this._ws.send(
         JSON.stringify({
           event: "room_message",
-          room_id: roomId,
-          recipients,
-          message_type: messageType
+          data: {
+            room_id: roomId,
+            recipients,
+            message_type: messageType
+          }
         })
       );
     } else {
@@ -46088,6 +46098,23 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
       if (this._persisted.hubAddress) {
         payload2.hub_address = this._persisted.hubAddress;
       }
+      if (channelEntry.observerSession?.ratchetState) {
+        try {
+          const obsRatchet = DoubleRatchet.deserialize(channelEntry.observerSession.ratchetState);
+          const obsEncrypted = obsRatchet.encrypt(text);
+          const obsHeaderObj = {
+            dhPublicKey: bytesToHex(obsEncrypted.header.dhPublicKey),
+            previousChainLength: obsEncrypted.header.previousChainLength,
+            messageNumber: obsEncrypted.header.messageNumber
+          };
+          payload2.observer_header_blob = Buffer.from(JSON.stringify(obsHeaderObj)).toString("hex");
+          payload2.observer_ciphertext = bytesToHex(obsEncrypted.ciphertext);
+          payload2.observer_nonce = bytesToHex(obsEncrypted.nonce);
+          channelEntry.observerSession.ratchetState = obsRatchet.serialize();
+        } catch (obsErr) {
+          console.error("[SecureChannel] Observer encryption failed (sending without observer copy):", obsErr);
+        }
+      }
       channelEntry.session.ratchetState = ratchet.serialize();
       await this._persistState();
       this._ws.send(
@@ -46390,7 +46417,7 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
           const d2 = data.data;
           this.joinRoom({
             roomId: d2.room_id,
-            name: d2.name,
+            name: d2.room_name ?? d2.name ?? "Room",
             members: (d2.members || []).map((m2) => ({
               deviceId: m2.device_id,
               entityType: m2.entity_type,
@@ -46543,6 +46570,74 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
           }
           this.emit("a2a_channel_activated", actData);
         }
+        if (data.event === "a2a_observer_enabled") {
+          const obsData = data.data || data;
+          const obsChannelId = obsData.channel_id;
+          const obsChannelEntry = this._persisted?.a2aChannels?.[obsChannelId];
+          if (obsChannelEntry && this._persisted && this._ws) {
+            try {
+              const obsEphemeral = await generateEphemeralKeypair();
+              const obsEphPubHex = bytesToHex(obsEphemeral.publicKey);
+              const obsEphPrivHex = bytesToHex(obsEphemeral.privateKey);
+              obsChannelEntry.pendingObserverEphemeralPrivateKey = obsEphPrivHex;
+              await this._persistState();
+              this._ws.send(
+                JSON.stringify({
+                  event: "a2a_observer_key_submit",
+                  data: {
+                    channel_id: obsChannelId,
+                    ephemeral_key: obsEphPubHex,
+                    side: obsChannelEntry.role || "initiator"
+                  }
+                })
+              );
+              console.log(
+                `[SecureChannel] Observer key submitted for channel ${obsChannelId.slice(0, 8)}... (side=${obsChannelEntry.role})`
+              );
+            } catch (err) {
+              console.error("[SecureChannel] Observer key submission failed:", err);
+            }
+          }
+        }
+        if (data.event === "a2a_observer_key_accepted") {
+          const obsAccData = data.data || data;
+          const obsAccChannelId = obsAccData.channel_id;
+          const observerIdentityHex = obsAccData.observer_identity_key;
+          const obsAccSide = obsAccData.side;
+          const obsAccEntry = this._persisted?.a2aChannels?.[obsAccChannelId];
+          if (obsAccEntry && obsAccEntry.pendingObserverEphemeralPrivateKey && this._persisted) {
+            try {
+              const myIdentityPrivate = hexToBytes(this._persisted.identityKeypair.privateKey);
+              const myIdentityPublic = hexToBytes(this._persisted.identityKeypair.publicKey);
+              const myObsEphemeralPrivate = hexToBytes(obsAccEntry.pendingObserverEphemeralPrivateKey);
+              const ownerIdentityPublic = hexToBytes(observerIdentityHex);
+              const obsSharedSecret = performX3DH({
+                myIdentityPrivate,
+                myEphemeralPrivate: myObsEphemeralPrivate,
+                theirIdentityPublic: ownerIdentityPublic,
+                theirEphemeralPublic: ownerIdentityPublic,
+                // owner uses identity as ephemeral
+                isInitiator: true
+              });
+              const identityKp = {
+                publicKey: myIdentityPublic,
+                privateKey: myIdentityPrivate,
+                keyType: "ed25519"
+              };
+              const obsRatchet = DoubleRatchet.initSender(obsSharedSecret, identityKp);
+              obsAccEntry.observerSession = {
+                ratchetState: obsRatchet.serialize()
+              };
+              delete obsAccEntry.pendingObserverEphemeralPrivateKey;
+              await this._persistState();
+              console.log(
+                `[SecureChannel] Observer ratchet initialized for channel ${obsAccChannelId.slice(0, 8)}... (side=${obsAccSide})`
+              );
+            } catch (err) {
+              console.error("[SecureChannel] Observer ratchet init failed:", err);
+            }
+          }
+        }
         if (data.event === "a2a_channel_rejected") {
           this.emit("a2a_channel_rejected", data.data || data);
         }
@@ -47013,7 +47108,73 @@ ${messageText}`;
       header_blob: msgData.header_blob,
       ciphertext: msgData.ciphertext
     });
-    const plaintext = session.ratchet.decrypt(encrypted);
+    let plaintext;
+    try {
+      plaintext = session.ratchet.decrypt(encrypted);
+    } catch (decryptErr) {
+      console.warn(
+        `[SecureChannel] Room decrypt failed for conv ${convId.slice(0, 8)}...: ${String(decryptErr)}, re-initializing ratchet`
+      );
+      try {
+        const roomEntry = this._persisted?.rooms ? Object.values(this._persisted.rooms).find(
+          (r2) => r2.conversationIds.includes(convId)
+        ) : null;
+        if (!roomEntry) throw new Error("Room not found for conversation");
+        const otherMember = roomEntry.members.find(
+          (m2) => m2.deviceId === msgData.sender_device_id
+        );
+        if (!otherMember?.identityPublicKey) throw new Error("No key for sender");
+        const isInitiator = this._deviceId < msgData.sender_device_id;
+        const identity = this._persisted.identityKeypair;
+        const ephemeral = this._persisted.ephemeralKeypair;
+        const sharedSecret = performX3DH({
+          myIdentityPrivate: hexToBytes(identity.privateKey),
+          myEphemeralPrivate: hexToBytes(ephemeral.privateKey),
+          theirIdentityPublic: hexToBytes(otherMember.identityPublicKey),
+          theirEphemeralPublic: hexToBytes(
+            otherMember.ephemeralPublicKey ?? otherMember.identityPublicKey
+          ),
+          isInitiator
+        });
+        const newRatchet = isInitiator ? DoubleRatchet.initSender(sharedSecret, {
+          publicKey: hexToBytes(identity.publicKey),
+          privateKey: hexToBytes(identity.privateKey),
+          keyType: "ed25519"
+        }) : DoubleRatchet.initReceiver(sharedSecret, {
+          publicKey: hexToBytes(identity.publicKey),
+          privateKey: hexToBytes(identity.privateKey),
+          keyType: "ed25519"
+        });
+        session.ratchet = newRatchet;
+        session.activated = false;
+        this._persisted.sessions[convId] = {
+          ownerDeviceId: session.ownerDeviceId,
+          ratchetState: newRatchet.serialize(),
+          activated: false
+        };
+        await this._persistState();
+        console.log(
+          `[SecureChannel] Room ratchet re-initialized for conv ${convId.slice(0, 8)}...`
+        );
+        plaintext = session.ratchet.decrypt(encrypted);
+      } catch (reinitErr) {
+        console.error(
+          `[SecureChannel] Room ratchet re-init failed for conv ${convId.slice(0, 8)}...:`,
+          reinitErr
+        );
+        return;
+      }
+    }
+    let messageText;
+    let messageType;
+    try {
+      const parsed = JSON.parse(plaintext);
+      messageType = parsed.type || "message";
+      messageText = parsed.text || plaintext;
+    } catch {
+      messageType = "message";
+      messageText = plaintext;
+    }
     if (!session.activated) {
       session.activated = true;
       console.log(
@@ -47028,16 +47189,17 @@ ${messageText}`;
       messageId: msgData.message_id ?? "",
       conversationId: convId,
       timestamp: msgData.created_at ?? (/* @__PURE__ */ new Date()).toISOString(),
-      messageType: msgData.message_type ?? "text"
+      messageType,
+      roomId: msgData.room_id
     };
     this.emit("room_message", {
       roomId: msgData.room_id,
       senderDeviceId: msgData.sender_device_id,
-      plaintext,
-      messageType: msgData.message_type ?? "text",
+      plaintext: messageText,
+      messageType,
       timestamp: msgData.created_at ?? (/* @__PURE__ */ new Date()).toISOString()
     });
-    this.config.onMessage?.(plaintext, metadata);
+    this.config.onMessage?.(messageText, metadata);
   }
   /**
    * Find the pairwise conversation ID for a given sender in a room.
@@ -47597,13 +47759,67 @@ async function _handleInbound(params) {
   });
 }
+// src/gateway-send.ts
+function resolveBaseUrl(options) {
+  const host = options?.host ?? "127.0.0.1";
+  const port = options?.port ?? (process.env.GATEWAY_SEND_PORT ? Number(process.env.GATEWAY_SEND_PORT) : 18790);
+  return `http://${host}:${port}`;
+}
+function friendlyError(err) {
+  if (err instanceof TypeError && String(err.cause ?? err.message).includes("ECONNREFUSED")) {
+    return "Gateway not reachable \u2014 is OpenClaw running?";
+  }
+  return err instanceof Error ? err.message : String(err);
+}
+async function sendToOwner(text, options) {
+  if (typeof text !== "string" || text.trim().length === 0) {
+    return { ok: false, error: "Message text must be a non-empty string" };
+  }
+  try {
+    const base = resolveBaseUrl(options);
+    const res = await fetch(`${base}/send`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ text }),
+      signal: options?.signal
+    });
+    if (!res.ok) {
+      const body = await res.text().catch(() => "");
+      return { ok: false, error: `HTTP ${res.status}${body ? `: ${body}` : ""}` };
+    }
+    return { ok: true };
+  } catch (err) {
+    return { ok: false, error: friendlyError(err) };
+  }
+}
+async function checkGateway(options) {
+  try {
+    const base = resolveBaseUrl(options);
+    const res = await fetch(`${base}/status`, { signal: options?.signal });
+    if (!res.ok) {
+      return { ok: false, error: `HTTP ${res.status}` };
+    }
+    const data = await res.json();
+    return {
+      ok: true,
+      state: data.state,
+      deviceId: data.deviceId,
+      sessions: data.sessions
+    };
+  } catch (err) {
+    return { ok: false, error: friendlyError(err) };
+  }
+}
 // src/index.ts
-var VERSION = "0.7.0";
+var VERSION = "0.9.0";
 export {
   SecureChannel,
   VERSION,
   agentVaultPlugin,
+  checkGateway,
   getActiveChannel,
+  sendToOwner,
   setOcRuntime
 };
 //# sourceMappingURL=index.js.map