@anna-ai/cli 0.1.14 → 0.1.17

package/dist/host_upload-C_pGOS6p.js

@@ -0,0 +1,136 @@
+import { canonicalHost, getAccount } from "./credentials-BTv2IfUZ.js";
+import { resolve } from "node:path";
+import { existsSync, readFileSync } from "node:fs";
+import { createHash } from "node:crypto";
+
+//#region src/executa/host_upload.ts
+var HostUploadBridge = class {
+	mocks = [];
+	cachedSession = null;
+	constructor(opts) {
+		this.opts = opts;
+		if (opts.mode === "mock" && opts.mockFile) {
+			const path = resolve(opts.mockFile);
+			if (existsSync(path)) for (const line of readFileSync(path, "utf8").split(/\r?\n/)) {
+				if (!line.trim() || line.startsWith("#")) continue;
+				try {
+					this.mocks.push(JSON.parse(line));
+				} catch {}
+			}
+		}
+	}
+	async call(method, params) {
+		if (method !== "host/uploadFile") throw withCode(new Error(`unsupported host method: ${method}`), -32601);
+		if (this.opts.mode === "off") throw withCode(new Error("host upload disabled — rerun without `--no-upload`"), -32201);
+		if (this.opts.mode === "mock") return this.mockCall(params);
+		return this.realCall(params);
+	}
+	mockCall(params) {
+		const mode = String(params.mode ?? "inline");
+		const filename = String(params.filename ?? "");
+		const candidates = this.mocks.filter((m) => m.ns === "host" && m.method === "uploadFile");
+		const matched = candidates.find((m) => (!m.match?.modeEquals || m.match.modeEquals === mode) && (!m.match?.filenameIncludes || filename.includes(m.match.filenameIncludes))) ?? candidates[0];
+		if (matched && matched.result) return matched.result;
+		if (mode === "inline") {
+			const b64 = String(params.content_b64 ?? "");
+			const mime = String(params.mime_type ?? "application/octet-stream");
+			const url = `data:${mime};base64,${b64}`;
+			const r2Key = `mock/${hashShort(filename + ":" + b64)}/${filename || "blob"}`;
+			return {
+				download_url: url,
+				r2_key: r2Key,
+				size_bytes: Math.floor(b64.length * .75),
+				expires_at: new Date(Date.now() + 3600 * 1e3).toISOString()
+			};
+		}
+		if (mode === "negotiate") {
+			const key = `mock/${hashShort(filename + Date.now())}/${filename || "blob"}`;
+			return {
+				put_url: `https://mock.local/${key}?signature=mock`,
+				headers: { "content-type": String(params.mime_type ?? "") },
+				r2_key: key,
+				expires_at: new Date(Date.now() + 600 * 1e3).toISOString()
+			};
+		}
+		if (mode === "confirm") {
+			const key = String(params.r2_key ?? "");
+			return {
+				download_url: `https://mock.local/${key}`,
+				r2_key: key,
+				size_bytes: 0,
+				expires_at: new Date(Date.now() + 3600 * 1e3).toISOString()
+			};
+		}
+		throw withCode(new Error(`unknown upload mode: ${mode}`), -32203);
+	}
+	account() {
+		const acc = getAccount(this.opts.account);
+		if (!acc) throw withCode(new Error("no PAT on disk — run `anna-app login --host <nexus-url>` first (or pass `--mock-upload <fixture>` / `--no-upload`)"), -32201);
+		if (acc.expires_at && acc.expires_at < Math.floor(Date.now() / 1e3)) throw withCode(new Error("PAT expired — run `anna-app login` again"), -32201);
+		return acc;
+	}
+	async mint() {
+		if (this.cachedSession && this.cachedSession.expiresAt - 30 > Math.floor(Date.now() / 1e3)) return this.cachedSession;
+		const acc = this.account();
+		if (!this.opts.appSlug) throw withCode(new Error("host upload bridge has no app_slug — pass `--app-slug <slug>`"), -32203);
+		const url = `${canonicalHost(acc.host)}/api/v1/anna-apps/dev/session/mint`;
+		const res = await fetch(url, {
+			method: "POST",
+			headers: { "content-type": "application/json" },
+			body: JSON.stringify({
+				pat: acc.pat,
+				kind: "complete",
+				app_slug: this.opts.appSlug
+			})
+		});
+		if (!res.ok) {
+			const text = await res.text().catch(() => "");
+			throw withCode(new Error(`session.mint failed: HTTP ${res.status} ${text}`), -32207);
+		}
+		const body = await res.json();
+		this.cachedSession = {
+			appSessionToken: body.app_session_token,
+			expiresAt: Math.floor(Date.now() / 1e3) + (body.expires_in || 600)
+		};
+		return this.cachedSession;
+	}
+	async realCall(params) {
+		const acc = this.account();
+		const session = await this.mint();
+		const mode = String(params.mode ?? "inline");
+		const path = mode === "negotiate" ? "/api/v1/copilot/app/upload/negotiate" : mode === "confirm" ? "/api/v1/copilot/app/upload/confirm" : "/api/v1/copilot/app/upload";
+		const res = await fetch(`${canonicalHost(acc.host)}${path}`, {
+			method: "POST",
+			headers: {
+				"content-type": "application/json",
+				authorization: `Bearer ${session.appSessionToken}`
+			},
+			body: JSON.stringify(params)
+		});
+		if (!res.ok) {
+			const text = await res.text().catch(() => "");
+			throw withCode(new Error(`HTTP ${res.status}: ${text}`), httpToUploadCode(res.status));
+		}
+		return res.json();
+	}
+};
+function withCode(err, code) {
+	err.rpcCode = code;
+	return err;
+}
+function hashShort(s) {
+	return createHash("sha256").update(s).digest("hex").slice(0, 12);
+}
+function httpToUploadCode(status) {
+	if (status === 403) return -32201;
+	if (status === 429) return -32202;
+	if (status === 400) return -32203;
+	if (status === 413) return -32204;
+	if (status === 415) return -32205;
+	if (status === 404) return -32212;
+	if (status === 504) return -32208;
+	return -32207;
+}
+
+//#endregion
+export { HostUploadBridge };

package/dist/image-bwolX7pa.js

@@ -0,0 +1,131 @@
+import { canonicalHost, getAccount } from "./credentials-BTv2IfUZ.js";
+import { resolve } from "node:path";
+import { existsSync, readFileSync } from "node:fs";
+
+//#region src/executa/image.ts
+var ImageBridge = class {
+	mocks = [];
+	cachedSession = null;
+	constructor(opts) {
+		this.opts = opts;
+		if (opts.mode === "mock" && opts.mockFile) {
+			const path = resolve(opts.mockFile);
+			if (existsSync(path)) for (const line of readFileSync(path, "utf8").split(/\r?\n/)) {
+				if (!line.trim() || line.startsWith("#")) continue;
+				try {
+					this.mocks.push(JSON.parse(line));
+				} catch {}
+			}
+		}
+	}
+	async generate(req) {
+		if (this.opts.mode === "off") throw withCode(new Error("image generation disabled — rerun without `--no-image`"), -32101);
+		if (this.opts.mode === "mock") return this.pickMock("generate", req.prompt);
+		return this.realCall("/api/v1/copilot/app/image/generate", req);
+	}
+	async edit(req) {
+		if (this.opts.mode === "off") throw withCode(new Error("image edit disabled — rerun without `--no-image`"), -32101);
+		if (this.opts.mode === "mock") return this.pickMock("edit", req.prompt);
+		return this.realCall("/api/v1/copilot/app/image/edit", req);
+	}
+	pickMock(method, prompt) {
+		const wantedMethod = method === "generate" ? "generate" : "edit";
+		const candidates = this.mocks.filter((m) => m.ns === "image" && m.method === wantedMethod);
+		const matched = candidates.find((m) => m.match?.promptIncludes && prompt.includes(m.match.promptIncludes)) ?? candidates[0];
+		if (matched && matched.result) return normaliseImageResult(matched.result);
+		return {
+			images: [{
+				url: "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=",
+				mimeType: "image/png"
+			}],
+			model: "mock-image-model"
+		};
+	}
+	account() {
+		const acc = getAccount(this.opts.account);
+		if (!acc) throw withCode(new Error("no PAT on disk — run `anna-app login --host <nexus-url>` first (or pass `--mock-image <fixture>` / `--no-image`)"), -32101);
+		if (acc.expires_at && acc.expires_at < Math.floor(Date.now() / 1e3)) throw withCode(new Error("PAT expired — run `anna-app login` again"), -32101);
+		return acc;
+	}
+	async mint() {
+		if (this.cachedSession && this.cachedSession.expiresAt - 30 > Math.floor(Date.now() / 1e3)) return this.cachedSession;
+		const acc = this.account();
+		if (!this.opts.appSlug) throw withCode(new Error("image bridge has no app_slug — pass `--app-slug <slug>` to `anna-app executa dev` so nexus can attribute the spend"), -32104);
+		const url = `${canonicalHost(acc.host)}/api/v1/anna-apps/dev/session/mint`;
+		const res = await fetch(url, {
+			method: "POST",
+			headers: { "content-type": "application/json" },
+			body: JSON.stringify({
+				pat: acc.pat,
+				kind: "complete",
+				app_slug: this.opts.appSlug
+			})
+		});
+		if (!res.ok) {
+			const text = await res.text().catch(() => "");
+			throw withCode(new Error(`session.mint failed: HTTP ${res.status} ${text}`), -32103);
+		}
+		const body = await res.json();
+		this.cachedSession = {
+			appSessionToken: body.app_session_token,
+			expiresAt: Math.floor(Date.now() / 1e3) + (body.expires_in || 600)
+		};
+		return this.cachedSession;
+	}
+	async realCall(path, body) {
+		const acc = this.account();
+		const session = await this.mint();
+		const res = await fetch(`${canonicalHost(acc.host)}${path}`, {
+			method: "POST",
+			headers: {
+				"content-type": "application/json",
+				authorization: `Bearer ${session.appSessionToken}`
+			},
+			body: JSON.stringify(body)
+		});
+		if (!res.ok) {
+			const text = await res.text().catch(() => "");
+			throw withCode(
+				new Error(`HTTP ${res.status}: ${text}`),
+				// Map common HTTP statuses to canonical image codes; otherwise
+				// let the host's body propagate.
+				httpToImageCode(res.status)
+);
+		}
+		const out = await res.json();
+		return normaliseImageResult(out);
+	}
+};
+function withCode(err, code) {
+	err.rpcCode = code;
+	return err;
+}
+function httpToImageCode(status) {
+	if (status === 403) return -32101;
+	if (status === 429) return -32102;
+	if (status === 400) return -32104;
+	if (status === 504) return -32105;
+	return -32103;
+}
+function normaliseImageResult(raw) {
+	if (!raw || typeof raw !== "object") return {
+		images: [],
+		model: "unknown"
+	};
+	const o = raw;
+	const images = Array.isArray(o.images) ? o.images.map((img) => ({
+		url: String(img.url ?? ""),
+		mimeType: img.mimeType ? String(img.mimeType) : void 0,
+		width: typeof img.width === "number" ? img.width : void 0,
+		height: typeof img.height === "number" ? img.height : void 0
+	})) : [];
+	return {
+		images,
+		model: typeof o.model === "string" ? o.model : void 0,
+		quota_used: o.quota_used && typeof o.quota_used === "object" ? o.quota_used : void 0,
+		_meta: o._meta && typeof o._meta === "object" ? o._meta : void 0
+	};
+}
+
+//#endregion
+export { ImageBridge };

package/dist/{runner-Bral1LFW.js → runner-DmGLdat0.js}

@@ -8,7 +8,10 @@ const HOST_INITIALIZE_PARAMS = {
 	client_capabilities: {
 		sampling: {},
 		agent: {},
-		storage: {}
+		storage: {},
+		image: {},
+		"image.edit": {},
+		upload: {}
 	},
 	client_info: {
 		name: "anna-app-cli",
@@ -248,6 +251,46 @@ var ExecutaRunner = class {
 			}
 			return;
 		}
+		if (method === "image/generate" || method === "image/edit") {
+			if (!this.opts.image) {
+				respond({ error: {
+					code: -32101,
+					message: "image not configured (rerun without `--no-image`, or pass `--mock-image <fixture>` / `--app-slug`)"
+				} });
+				return;
+			}
+			try {
+				const result = method === "image/generate" ? await this.opts.image.generate(params) : await this.opts.image.edit(params);
+				respond({ result });
+			} catch (e) {
+				const code = e.rpcCode ?? -32103;
+				respond({ error: {
+					code,
+					message: e.message
+				} });
+			}
+			return;
+		}
+		if (method === "host/uploadFile") {
+			if (!this.opts.hostUpload) {
+				respond({ error: {
+					code: -32201,
+					message: "host upload not configured (rerun without `--no-upload`, or pass `--mock-upload <fixture>` / `--app-slug`)"
+				} });
+				return;
+			}
+			try {
+				const result = await this.opts.hostUpload.call(method, params);
+				respond({ result });
+			} catch (e) {
+				const code = e.rpcCode ?? -32207;
+				respond({ error: {
+					code,
+					message: e.message
+				} });
+			}
+			return;
+		}
 		if (method.startsWith("storage/") || method.startsWith("files/")) {
 			if (!this.opts.storage) {
 				respond({ error: {

package/dist/{server-q6nKCeEV.js → server-6WHNkydc.js}

@@ -1,4 +1,5 @@
 import { canonicalHost, getAccount } from "./credentials-BTv2IfUZ.js";
+import { BridgeRequestError } from "./bridge-Dffh9JUd.js";
 import { dirname, join, normalize, resolve } from "node:path";
 import { createRequire } from "node:module";
 import { createReadStream, existsSync, readFileSync, statSync, watch } from "node:fs";
@@ -12,6 +13,10 @@ import { setTimeout as setTimeout$1 } from "node:timers/promises";
 var LlmBridge = class {
 	mintedAuto = new Map();
 	mintedAgent = new Map();
+	/** Single shared storage_token per LlmBridge instance — scope is per
+	*  ``(user, app)`` server-side, not per-window, so caching one is
+	*  correct. Re-minted automatically before expiry. */
+	mintedStorage = null;
 	mocks = [];
 	streamCounter = 0;
 	constructor(opts) {
@@ -30,10 +35,30 @@ var LlmBridge = class {
 		}
 	}
 	/** Returns true iff this bridge handles `(ns, method)` (i.e. the harness
-	*  should NOT forward it to the in-process Python dispatcher). */
+	*  should NOT forward it to the in-process Python dispatcher).
+	*
+	*  Storage handling depends on ``storageMode``:
+	*  - ``legacy`` (default): the bridge does NOT claim storage; the Python
+	*    dispatcher implements ``anna.storage.*`` against the in-memory
+	*    ``runtime_state`` dict. Pre-APS parity, works fully offline.
+	*  - ``aps``: the bridge claims storage and forwards to real nexus APS
+	*    via ``/api/v1/storage/*`` with a Bearer ``storage_token``. */
+	handles(ns, method) {
+		if (ns === "llm" && method === "complete") return true;
+		if (ns === "agent" && method.startsWith("session.")) return true;
+		if (ns === "image" && (method === "generate" || method === "edit")) return true;
+		if (ns === "upload" && (method === "inline" || method === "negotiate" || method === "confirm")) return true;
+		if (ns === "storage" && this.opts.storageMode === "aps" && this.opts.mode === "real" && (method === "get" || method === "set" || method === "delete" || method === "list")) return true;
+		return false;
+	}
+	/** Back-compat static alias — older code paths still call
+	*  ``LlmBridge.handles(ns, method)`` without an instance. Returns the
+	*  legacy (no-storage) decision since options aren't available here. */
 	static handles(ns, method) {
 		if (ns === "llm" && method === "complete") return true;
 		if (ns === "agent" && method.startsWith("session.")) return true;
+		if (ns === "image" && (method === "generate" || method === "edit")) return true;
+		if (ns === "upload" && (method === "inline" || method === "negotiate" || method === "confirm")) return true;
 		return false;
 	}
 	/** Resolve the active account or throw with a friendly message. */
@@ -90,12 +115,65 @@ var LlmBridge = class {
 		this.mintedAgent.set(ms.appSessionUuid, ms);
 		return ms;
 	}
+	/** Mint (or reuse) a storage_token for APS forwarding.
+	*
+	*  Server-side ``/dev/storage/mint`` issues a JWT scoped to
+	*  ``(user, app)`` with ``allowed_scopes ⊆ {user, app, tool}`` and a
+	*  configurable TTL (default 600s) + ``max_calls`` budget (default 200).
+	*  We re-mint when within 30s of expiry; budget exhaustion currently
+	*  surfaces as an HTTP 401/403 which propagates back to the iframe.
+	*
+	*  Per-app, not per-window: the token doesn't carry a window or
+	*  session uuid — storage scopes are ``user``/``app``/``tool``, not
+	*  ``window``. Caching one per LlmBridge instance is correct. */
+	async mintStorage() {
+		const cached = this.mintedStorage;
+		if (cached && cached.expiresAt - 30 > Math.floor(Date.now() / 1e3)) return cached;
+		const acc = this.account();
+		const slug = this.requireAppSlug();
+		const body = {
+			pat: acc.pat,
+			app_slug: slug,
+			ttl_seconds: 600,
+			max_calls: 200
+		};
+		const url = `${canonicalHost(acc.host)}/api/v1/anna-apps/dev/storage/mint`;
+		const res = await fetch(url, {
+			method: "POST",
+			headers: { "content-type": "application/json" },
+			body: JSON.stringify(body)
+		});
+		if (!res.ok) {
+			const text = await res.text().catch(() => "");
+			throw new Error(`storage.mint failed: HTTP ${res.status} ${text}`);
+		}
+		const payload = await res.json();
+		const ms = {
+			storageToken: payload.storage_token,
+			expiresAt: Math.floor(Date.now() / 1e3) + (payload.expires_in || 600),
+			allowedScopes: payload.allowed_scopes ?? [
+				"user",
+				"app",
+				"tool"
+			]
+		};
+		this.mintedStorage = ms;
+		return ms;
+	}
 	/** Throws a friendly error if no appSlug was wired into the bridge. */
 	requireAppSlug() {
 		if (!this.opts.appSlug) throw new Error("llm bridge has no app_slug — the harness must register the dev app via POST /api/v1/anna-apps/dev/apps/register before minting sessions. (Run `anna-app login` once, then `anna-app dev` will auto-register the manifest slug.)");
 		return this.opts.appSlug;
 	}
 	async callMint(host, body) {
+		return this._callMintOnce(
+			host,
+			body,
+			/*retryOnAppNotFound=*/
+			true
+);
+	}
+	async _callMintOnce(host, body, retryOnAppNotFound) {
 		const url = `${canonicalHost(host)}/api/v1/anna-apps/dev/session/mint`;
 		const res = await fetch(url, {
 			method: "POST",
@@ -104,6 +182,19 @@ var LlmBridge = class {
 		});
 		if (!res.ok) {
 			const text = await res.text().catch(() => "");
+			if (retryOnAppNotFound && res.status === 404 && /app slug .* not found/.test(text) && typeof this.opts.onAppSlugNotFound === "function") {
+				try {
+					await this.opts.onAppSlugNotFound();
+				} catch (hookErr) {
+					throw new Error(`session.mint failed: HTTP 404 ${text}\n  recovery hook failed: ${hookErr.message}`);
+				}
+				return this._callMintOnce(
+					host,
+					body,
+					/*retryOnAppNotFound=*/
+					false
+);
+			}
 			throw new Error(`session.mint failed: HTTP ${res.status} ${text}`);
 		}
 		return await res.json();
@@ -290,6 +381,121 @@ var LlmBridge = class {
 				};
 			}
 		}
+		if (args.ns === "image" && (args.method === "generate" || args.method === "edit")) {
+			const ms = await this.mintComplete(args.windowUuid);
+			const result = await this.postJson(`${canonicalHost(acc.host)}/api/v1/copilot/app/image/${args.method}`, ms.appSessionToken, args.args);
+			return {
+				ok: true,
+				result
+			};
+		}
+		if (args.ns === "upload") {
+			const ms = await this.mintComplete(args.windowUuid);
+			const path = args.method === "inline" ? "/api/v1/copilot/app/upload" : args.method === "negotiate" ? "/api/v1/copilot/app/upload/negotiate" : args.method === "confirm" ? "/api/v1/copilot/app/upload/confirm" : null;
+			if (path != null) {
+				const result = await this.postJson(`${canonicalHost(acc.host)}${path}`, ms.appSessionToken, args.args);
+				return {
+					ok: true,
+					result
+				};
+			}
+		}
+		if (args.ns === "storage") {
+			const sm = await this.mintStorage();
+			const a = args.args;
+			const base = `${canonicalHost(acc.host)}/api/v1/storage`;
+			if (args.method === "get") {
+				const qs = new URLSearchParams();
+				qs.set("key", String(a.key ?? ""));
+				if (a.scope) qs.set("scope", String(a.scope));
+				const res = await fetch(`${base}/kv?${qs.toString()}`, {
+					method: "GET",
+					headers: { authorization: `Bearer ${sm.storageToken}` }
+				});
+				if (res.status === 404) return {
+					ok: true,
+					result: {
+						value: null,
+						exists: false
+					}
+				};
+				if (!res.ok) {
+					const text = await res.text().catch(() => "");
+					throw new Error(`storage.get HTTP ${res.status}: ${text}`);
+				}
+				const entry = await res.json();
+				if (entry.exists === void 0) entry.exists = true;
+				return {
+					ok: true,
+					result: entry
+				};
+			}
+			if (args.method === "set") {
+				const qs = new URLSearchParams();
+				if (a.scope) qs.set("scope", String(a.scope));
+				const body = {
+					key: a.key,
+					value: a.value
+				};
+				if (a.if_match !== void 0) body.if_match = a.if_match;
+				if (a.metadata !== void 0) body.metadata = a.metadata;
+				if (a.tags !== void 0) body.tags = a.tags;
+				if (a.ttl_seconds !== void 0) body.ttl_seconds = a.ttl_seconds;
+				const res = await fetch(`${base}/kv?${qs.toString()}`, {
+					method: "PUT",
+					headers: {
+						"content-type": "application/json",
+						authorization: `Bearer ${sm.storageToken}`
+					},
+					body: JSON.stringify(body)
+				});
+				if (!res.ok) {
+					const text = await res.text().catch(() => "");
+					throw new Error(`storage.set HTTP ${res.status}: ${text}`);
+				}
+				return {
+					ok: true,
+					result: await res.json()
+				};
+			}
+			if (args.method === "delete") {
+				const qs = new URLSearchParams();
+				qs.set("key", String(a.key ?? ""));
+				if (a.if_match !== void 0) qs.set("if_match", String(a.if_match));
+				if (a.scope) qs.set("scope", String(a.scope));
+				const res = await fetch(`${base}/kv?${qs.toString()}`, {
+					method: "DELETE",
+					headers: { authorization: `Bearer ${sm.storageToken}` }
+				});
+				if (!res.ok) {
+					const text = await res.text().catch(() => "");
+					throw new Error(`storage.delete HTTP ${res.status}: ${text}`);
+				}
+				return {
+					ok: true,
+					result: await res.json()
+				};
+			}
+			if (args.method === "list") {
+				const qs = new URLSearchParams();
+				if (a.prefix !== void 0) qs.set("prefix", String(a.prefix));
+				if (a.cursor !== void 0) qs.set("cursor", String(a.cursor));
+				if (a.limit !== void 0) qs.set("limit", String(a.limit));
+				if (a.scope) qs.set("scope", String(a.scope));
+				const res = await fetch(`${base}/list?${qs.toString()}`, {
+					method: "GET",
+					headers: { authorization: `Bearer ${sm.storageToken}` }
+				});
+				if (!res.ok) {
+					const text = await res.text().catch(() => "");
+					throw new Error(`storage.list HTTP ${res.status}: ${text}`);
+				}
+				return {
+					ok: true,
+					result: await res.json()
+				};
+			}
+		}
 		return {
 			ok: false,
 			error: {
@@ -434,6 +640,100 @@ var HarnessServer = class {
 		this.cfg = cfg;
 		this.bridge = bridge;
 		this.llmBridge = cfg.llm ? new LlmBridge(cfg.llm) : null;
+		const HOST_OUTBOUND_ROUTES = [
+			[
+				"host.llm.complete",
+				"llm",
+				"complete"
+			],
+			[
+				"host.agent.session.create",
+				"agent",
+				"session.create"
+			],
+			[
+				"host.agent.session.run",
+				"agent",
+				"session.run"
+			],
+			[
+				"host.agent.session.cancel",
+				"agent",
+				"session.cancel"
+			],
+			[
+				"host.agent.session.history",
+				"agent",
+				"session.history"
+			],
+			[
+				"host.agent.session.delete",
+				"agent",
+				"session.delete"
+			],
+			[
+				"host.image.generate",
+				"image",
+				"generate"
+			],
+			[
+				"host.image.edit",
+				"image",
+				"edit"
+			],
+			[
+				"host.upload.inline",
+				"upload",
+				"inline"
+			],
+			[
+				"host.upload.negotiate",
+				"upload",
+				"negotiate"
+			],
+			[
+				"host.upload.confirm",
+				"upload",
+				"confirm"
+			],
+			[
+				"host.storage.get",
+				"storage",
+				"get"
+			],
+			[
+				"host.storage.set",
+				"storage",
+				"set"
+			],
+			[
+				"host.storage.delete",
+				"storage",
+				"delete"
+			],
+			[
+				"host.storage.list",
+				"storage",
+				"list"
+			]
+		];
+		for (const [hostMethod, ns, dispatchMethod] of HOST_OUTBOUND_ROUTES) this.bridge.onRequest(hostMethod, async (params) => {
+			if (this.llmBridge == null) throw new BridgeRequestError("llm_disabled", "harness started without an LlmBridge (use --no-llm to suppress this path or `anna-app login` for a real bridge)");
+			const out = await this.llmBridge.dispatch({
+				windowUuid: this.sessionId ?? "harness",
+				ns,
+				method: dispatchMethod,
+				args: params,
+				onEvent: (kind, payload) => {
+					this.llmEventQueue.push({
+						event: kind,
+						payload
+					});
+				}
+			});
+			if (out.ok) return out.result;
+			throw new BridgeRequestError(out.error.code, out.error.message);
+		});
 	}
 	async listen() {
 		if (this.cfg.executas && this.cfg.executas.length > 0) await this.bridge.call("executas.register", { executas: this.cfg.executas.map((e) => ({
@@ -577,7 +877,7 @@ var HarnessServer = class {
 				}
 			});
 		}
-		if (this.llmBridge != null && LlmBridge.handles(parsed.ns, parsed.method)) {
+		if (this.llmBridge != null && this.llmBridge.handles(parsed.ns, parsed.method)) {
 			const out = await this.llmBridge.dispatch({
 				windowUuid: this.sessionId ?? "harness",
 				ns: parsed.ns,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@anna-ai/cli",
-  "version": "0.1.14",
+  "version": "0.1.17",
   "description": "Anna App developer CLI: scaffold, validate, harness (Phase 2 MVP: init + validate).",
   "license": "MIT",
   "type": "module",