@aria-cli/server 1.0.19

package/dist/runtime/local-control-api.d.ts

@@ -0,0 +1,63 @@
+import type { FastifyInstance } from "fastify";
+import type { AcceptInviteRequest, AcceptInviteResponse, AcceptInviteTokenRequest, AcceptInviteTokenResponse, AttachedClientAuth, AttachedClientView, CancelInviteRequest, CancelInviteResponse, CreateInviteRequest, CreateInviteResponse, DirectPairRequest, DirectPairResponse, InboxCursor, InboxListRequest, InvitePeerRequest, InvitePeerResult, NearbyPeerView, OutboundMessage, PairRequestDecision, PairRequestResponse, PendingInviteView, PendingPairRequestView, PeerViewEvent, RepairPeerRequest, RepairPeerResponse, RevokePeerRequest, RevokePeerResponse, ResumeRunRequest, RuntimeRunEvent, RunRequest, RunResult, RuntimeDeliveryReceipt, RuntimeQueuedReceipt, RuntimeBootstrapRecord, RuntimeAutonomousLoopCommand, RuntimeStatus, PersistedInboxEvent, RuntimeEvent, RuntimeEventCursor } from "@aria-cli/tools";
+export type { AcceptInviteRequest, AcceptInviteResponse, AcceptInviteTokenRequest, AcceptInviteTokenResponse, AttachedClientAuth, AttachedClientLeaseGrant, AttachedClientView, CancelInviteRequest, CancelInviteResponse, CreateInviteRequest, CreateInviteResponse, DirectPairRequest, DirectPairResponse, InboxCursor, InboxListRequest, InvitePeerRequest, InvitePeerResult, OutboundMessage, PairRequestDecision, PairRequestResponse, PendingInviteView, PendingPairRequestView, PeerViewEvent, RunRequest, RunResult, RepairPeerRequest, RepairPeerResponse, RevokePeerRequest, RevokePeerResponse, ResumeRunRequest, RuntimeRunEvent, RuntimeDeliveryReceipt, RuntimeEvent, RuntimeEventCursor, RuntimeQueuedReceipt, RuntimeBootstrapRecord, RuntimeAutonomousLoopCommand, RuntimeStatus, PersistedInboxEvent, } from "@aria-cli/tools";
+type LocalControlServer = FastifyInstance & {
+    ariaRunControl?: FastifyInstance["ariaRunControl"];
+    ariaRuntimeMessageControl?: FastifyInstance["ariaRuntimeMessageControl"];
+    ariaRuntimeBootstrapControl?: FastifyInstance["ariaRuntimeBootstrapControl"];
+    ariaPeerLocalControl?: FastifyInstance["ariaPeerLocalControl"];
+    ariaPairControl?: FastifyInstance["ariaPairControl"];
+    ariaNetworkAdminControl?: FastifyInstance["ariaNetworkAdminControl"];
+};
+export interface RunHandle {
+    runId: string;
+    wait(): Promise<RunResult>;
+}
+export interface LocalControlApi {
+    submitRun(request: RunRequest): Promise<RunHandle>;
+    resumeRun(request: ResumeRunRequest): Promise<RunResult>;
+    streamRun(request: RunRequest, signal?: AbortSignal): AsyncIterable<RuntimeRunEvent>;
+    subscribeRuntimeEvents(cursor?: RuntimeEventCursor): AsyncIterable<RuntimeEvent>;
+    sendBestEffort(message: OutboundMessage): Promise<RuntimeQueuedReceipt>;
+    sendDurable(message: OutboundMessage): Promise<RuntimeDeliveryReceipt>;
+    listInbox(request?: InboxListRequest): Promise<PersistedInboxEvent[]>;
+    subscribeInbox(cursor?: InboxCursor): AsyncIterable<PersistedInboxEvent>;
+    listPeers(): Promise<PeerViewEvent[]>;
+    listNearbyPeers(): Promise<NearbyPeerView[]>;
+    subscribePeers(): AsyncIterable<PeerViewEvent>;
+    getRuntimeStatus(): Promise<RuntimeStatus>;
+    startAutonomousLoop?(input?: RuntimeAutonomousLoopCommand): Promise<RuntimeStatus>;
+    stopAutonomousLoop?(): Promise<RuntimeStatus>;
+    getRuntimeBootstrap(): Promise<RuntimeBootstrapRecord>;
+    listPendingPairRequests(): Promise<PendingPairRequestView[]>;
+    respondToPairRequest(input: PairRequestDecision): Promise<PairRequestResponse>;
+    createInvite(input: CreateInviteRequest): Promise<CreateInviteResponse>;
+    listPendingInvites(): Promise<PendingInviteView[]>;
+    acceptInviteToken(input: AcceptInviteTokenRequest): Promise<AcceptInviteTokenResponse>;
+    cancelInvite(input: CancelInviteRequest): Promise<CancelInviteResponse>;
+    invitePeer(input: InvitePeerRequest): Promise<InvitePeerResult>;
+    acceptInvite(input: AcceptInviteRequest): Promise<AcceptInviteResponse>;
+    directPair(input: DirectPairRequest): Promise<DirectPairResponse>;
+    revokePeer(input: RevokePeerRequest): Promise<RevokePeerResponse>;
+    repairPeer(input: RepairPeerRequest): Promise<RepairPeerResponse>;
+}
+type AttachedClientAwareLocalControlApi = LocalControlApi & {
+    submitRunAsAttachedClient?(auth: AttachedClientAuth, request: RunRequest): Promise<RunHandle>;
+    resumeRunAsAttachedClient?(auth: AttachedClientAuth, request: ResumeRunRequest): Promise<RunResult>;
+    streamRunAsAttachedClient?(auth: AttachedClientAuth, request: RunRequest, signal?: AbortSignal): AsyncIterable<RuntimeRunEvent>;
+    sendBestEffortAsAttachedClient?(auth: AttachedClientAuth, message: OutboundMessage): Promise<RuntimeQueuedReceipt>;
+    sendDurableAsAttachedClient?(auth: AttachedClientAuth, message: OutboundMessage): Promise<RuntimeDeliveryReceipt>;
+};
+export interface AttachedLocalControlApi extends LocalControlApi {
+    listAttachedClients(): Promise<AttachedClientView[]>;
+    listDirectClientInbox(request?: InboxListRequest): Promise<PersistedInboxEvent[]>;
+    subscribeDirectClientInbox(cursor?: InboxCursor): AsyncIterable<PersistedInboxEvent>;
+}
+export declare function createLocalControlApi(options: {
+    status: RuntimeStatus | (() => Promise<RuntimeStatus> | RuntimeStatus);
+    startAutonomousLoop?: (input?: RuntimeAutonomousLoopCommand) => Promise<RuntimeStatus>;
+    stopAutonomousLoop?: () => Promise<RuntimeStatus>;
+    server?: LocalControlServer;
+    pollIntervalMs?: number;
+    subscribeRuntimeEvents?: (cursor?: RuntimeEventCursor) => AsyncIterable<RuntimeEvent>;
+}): AttachedClientAwareLocalControlApi;

package/dist/runtime/local-control-api.js

@@ -0,0 +1 @@
+import{Q as a}from"../index-rr0sea4c.js";import"../index-9xs3gn0p.js";export{a as createLocalControlApi};

package/dist/runtime/local-control-pairing.d.ts

@@ -0,0 +1,12 @@
+import type { FastifyInstance } from "fastify";
+import { type CreateInviteRequest, type CreateInviteResponse, type InvitePeerRequest, type InvitePeerResult, type PendingInviteView, type AcceptInviteTokenRequest, type AcceptInviteTokenResponse, type CancelInviteRequest, type CancelInviteResponse, type RepairPeerRequest, type RepairPeerResponse } from "@aria-cli/tools";
+export declare class LocalControlRepairError extends Error {
+    readonly statusCode: number;
+    constructor(statusCode: number, message: string);
+}
+export declare function createInviteViaRuntimeControl(server: FastifyInstance, input: CreateInviteRequest): Promise<CreateInviteResponse>;
+export declare function listPendingInvitesViaRuntimeControl(server: FastifyInstance): PendingInviteView[];
+export declare function acceptInviteTokenViaRuntimeControl(server: FastifyInstance, input: AcceptInviteTokenRequest): Promise<AcceptInviteTokenResponse>;
+export declare function cancelInviteViaRuntimeControl(server: FastifyInstance, input: CancelInviteRequest): CancelInviteResponse;
+export declare function invitePeerViaRuntimeControl(server: FastifyInstance, request: InvitePeerRequest): Promise<InvitePeerResult>;
+export declare function repairPeerViaRuntimeControl(server: FastifyInstance, request: RepairPeerRequest): RepairPeerResponse;

package/dist/runtime/local-control-socket.d.ts

@@ -0,0 +1,48 @@
+import type { FastifyInstance, FastifyRequest } from "fastify";
+import type { AttachedClientAuth, InboxCursor, AttachedClientView, InboxListRequest, LocalControlSocketAttachClientRequest, LocalControlSocketAttachClientResponse, LocalControlSocketDetachClientRequest, LocalControlSocketDetachClientResponse, NearbyPeerView, PersistedInboxEvent, PeerViewEvent, RuntimeEvent, RuntimeEventCursor } from "@aria-cli/tools";
+import type { LocalControlApi } from "./local-control-api.js";
+import { type AttachedClientAuthErrorReason } from "./error-diagnostic.js";
+export { LOCAL_HTTP_CLIENT_ID_HEADER, LOCAL_HTTP_CLIENT_PROOF_HEADER } from "@aria-cli/tools";
+export interface AttachedLocalHttpClientAuthority {
+    authorizeAttachedClient(clientId: string, clientAuthToken: string): boolean;
+}
+export interface LocalControlSocketServer {
+    socketPath: string;
+    close(): Promise<void>;
+}
+export interface CreateLocalControlSocketServerOptions {
+    socketPath: string;
+    localControl: LocalControlApi;
+    listInbox(request?: InboxListRequest): Promise<PersistedInboxEvent[]>;
+    listPeers(): Promise<PeerViewEvent[]>;
+    listNearbyPeers(): Promise<NearbyPeerView[]>;
+    listAttachedClients?(auth: AttachedClientAuth): Promise<AttachedClientView[]>;
+    listDirectClientInbox?(auth: AttachedClientAuth, request?: InboxListRequest): Promise<PersistedInboxEvent[]>;
+    subscribeDirectClientInbox?(auth: AttachedClientAuth, cursor?: InboxCursor): AsyncIterable<PersistedInboxEvent>;
+    authorizeAttachedClient?(auth: AttachedClientAuth): boolean;
+    subscribeRuntimeEvents(cursor?: RuntimeEventCursor): AsyncIterable<RuntimeEvent>;
+    attachClient(input: LocalControlSocketAttachClientRequest): Promise<LocalControlSocketAttachClientResponse>;
+    onClientLeaseSocket?(clientId: string, socket: import("node:net").Socket): void;
+    detachClient(input: LocalControlSocketDetachClientRequest): Promise<LocalControlSocketDetachClientResponse>;
+    /** Register a callback that fires when the daemon receives a new peer message.
+     *  Used by watchInbox to push messages to clients in real-time. */
+    onMessageReceived?(callback: () => void): void;
+    /** Optional structured logger for diagnostic events (auth rejections, etc.) */
+    log?(level: "info" | "warn" | "error", message: string): void;
+}
+export declare function installAttachedLocalHttpClientAuthority(server: FastifyInstance, authority: AttachedLocalHttpClientAuthority): void;
+export type AttachedLocalHttpClientAuthResult = {
+    ok: true;
+    clientId: string;
+} | {
+    ok: false;
+    error: "attached-local-client-only";
+    reason: AttachedClientAuthErrorReason;
+};
+export declare function authorizeAttachedLocalHttpClient(server: FastifyInstance, request: FastifyRequest | {
+    headers: Record<string, unknown>;
+}): AttachedLocalHttpClientAuthResult;
+export declare function hasAttachedLocalHttpClientHeaders(request: FastifyRequest | {
+    headers: Record<string, unknown>;
+}): boolean;
+export declare function createLocalControlSocketServer(options: CreateLocalControlSocketServerOptions): Promise<LocalControlSocketServer>;

package/dist/runtime/log-file-sink.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Durable JSONL log sink for headless processes (daemon, server).
+ *
+ * Design decisions:
+ *   - Sync writes (appendFileSync): crash-safe. At most one line lost on kill.
+ *     Async buffering would lose an entire batch on OOM/jetsam.
+ *   - JSONL format: machine-queryable (`jq`), human-readable, grep-friendly.
+ *   - ANSI stripped: file sinks have no terminal; color codes are noise.
+ *   - Size-based rotation: prevents unbounded growth. Checked every N writes
+ *     to amortize the stat() cost.
+ *   - mkdir on construction: the sink must be wirable before ariaHome is
+ *     fully initialized.
+ */
+import type { LogSink } from "@aria-cli/types";
+export interface FileLogSinkOptions {
+    /** Maximum file size in bytes before rotation (default 50 MB). */
+    maxBytes?: number;
+    /** Number of rotated files to keep (default 3). */
+    maxFiles?: number;
+}
+export declare function createFileLogSink(filePath: string, options?: FileLogSinkOptions): LogSink;

package/dist/runtime/network-read-control.d.ts

@@ -0,0 +1,17 @@
+import type { FastifyInstance } from "fastify";
+import "../types.js";
+import { type NodeId, type PeerTransportId } from "@aria-cli/tools/network-runtime";
+export type ListedPeerView = {
+    nodeId: NodeId;
+    transportPublicKey: PeerTransportId;
+    displayNameSnapshot?: string;
+    status: string;
+    endpointHost: string | null;
+    endpointPort: number | null;
+    endpointRevision: number;
+    lastHandshake: number | null;
+    createdAt: number;
+    updatedAt: number;
+};
+export declare function listPeerViewsFromRuntime(server: FastifyInstance): ListedPeerView[];
+export declare function ensureNetworkReadControl(server: FastifyInstance): void;

package/dist/runtime/network-state-stores.d.ts

@@ -0,0 +1,2 @@
+import { DurableNonceStore, DurablePairStore, InviteConsumeLedger, PeerSigningKeyStore, PeerTrustStore, RevocationStore } from "@aria-cli/aria";
+export { DurableNonceStore, DurablePairStore, InviteConsumeLedger, PeerSigningKeyStore, PeerTrustStore, RevocationStore, };

package/dist/runtime/node-metadata.d.ts

@@ -0,0 +1,22 @@
+import { type NodeId } from "@aria-cli/tools/network-runtime";
+export declare const NODE_METADATA_SCHEMA_VERSION = 1;
+export interface ResolvedNode {
+    ariaHome: string;
+    metadataPath: string;
+    nodeId: NodeId;
+    createdAt: string;
+    schemaVersion: number;
+    migratedFromLegacy: boolean;
+}
+export declare function canonicalizeAriaHome(ariaHome: string): string;
+export declare function nodeMetadataPathForAriaHome(ariaHome: string): string;
+export declare function resolveOrCreateNode(options: {
+    ariaHome: string;
+}): Promise<ResolvedNode>;
+export declare function resolveConfiguredNode(options: {
+    ariaHome: string;
+    nodeId: NodeId;
+}): Promise<ResolvedNode>;
+export declare function readResolvedNodeSync(options: {
+    ariaHome: string;
+}): ResolvedNode | null;

package/dist/runtime/node-metadata.js

@@ -0,0 +1 @@
+import{ea as a,fa as b,ga as c,ha as d,ia as e,ja as f}from"../index-5tav2m70.js";import"../index-ghh3ag4c.js";import"../index-9xs3gn0p.js";export{d as resolveOrCreateNode,e as resolveConfiguredNode,f as readResolvedNodeSync,c as nodeMetadataPathForAriaHome,b as canonicalizeAriaHome,a as NODE_METADATA_SCHEMA_VERSION};

package/dist/runtime/node-runtime.d.ts

@@ -0,0 +1,157 @@
+import { NetworkIntelligenceCoordinator, type MemoriaFactory } from "@aria-cli/aria";
+import type { AuthResolver } from "@aria-cli/auth";
+import type { ModelRouter } from "@aria-cli/models";
+import { type LocalControlClientKind, type NetworkManagerRef, type NodeId, type PrincipalFingerprint, type RevocationOperatorConfirmation, type TlsCaFingerprint, type RuntimeId } from "@aria-cli/tools";
+import { createServer } from "../server.js";
+import { type LocalControlApi } from "./local-control-api.js";
+import { NodeStore } from "./node-store.js";
+import { type RuntimeAdminApi } from "./runtime-admin-api.js";
+import { type RuntimeOutbox } from "./runtime-outbox.js";
+export interface NodeRuntimeMailbox {
+    registerTunnel(nodeId: NodeId, transport: {
+        sendPlaintext(data: Buffer): void;
+        routeBootstrapOnly?: boolean;
+    }): void;
+    unregisterTunnel(nodeId: NodeId): void;
+}
+export interface NodeRuntimeOptions {
+    arionName: string;
+    ariaHome: string;
+    nodeId: NodeId;
+    runtimeLifecycle?: "scoped" | "persistent";
+    runtimeSocketPath?: string;
+    memoriaFactory?: MemoriaFactory;
+    router?: ModelRouter;
+    authResolver?: AuthResolver;
+    signal?: AbortSignal;
+    networkManager?: NetworkManagerRef;
+    nodeStore?: NodeStore;
+    port?: number;
+    silent?: boolean;
+    mailboxRef?: {
+        current: NodeRuntimeMailbox | null;
+    };
+    onTransportEstablished?: (displayNameSnapshot: string, transport: {
+        sendPlaintext(data: Buffer): void;
+    }) => void;
+    onTransportTornDown?: (displayNameSnapshot: string) => void;
+    runSessionConfig?: import("@aria-cli/aria").RunSessionConfig;
+    mcpServers?: import("@aria-cli/tools").MCPServerConfig[];
+    daemonSafetyPolicy?: import("@aria-cli/aria").DaemonSafetyPolicy;
+    autonomousIntervalMs?: number;
+    ownerClientKind?: LocalControlClientKind;
+    ownerGeneration?: number;
+    ownerGenerationHint?: number;
+    faultCheckpoint?: (point: "after_proof_validation_before_commit" | "after_persist_before_ack" | "runtime_death_during_durable_send", context: Record<string, unknown>) => void;
+}
+export interface NodeRuntimeCerts {
+    caCert: string;
+    serverCert: string;
+    serverKey: string;
+    fingerprint: TlsCaFingerprint;
+}
+type RuntimeRevocationAuthority = {
+    revoke(event: {
+        nodeId: NodeId;
+        displayNameSnapshot?: string;
+        fingerprint: PrincipalFingerprint;
+        revokedAt: number;
+        localNodeId: NodeId;
+        operatorConfirmation: RevocationOperatorConfirmation;
+        reason?: string;
+        revocationGeneration?: number;
+    }): void;
+    isPeerRevoked(nodeId: NodeId): boolean;
+    read?(nodeId: NodeId): {
+        nodeId: NodeId;
+        displayNameSnapshot?: string;
+        fingerprint: PrincipalFingerprint;
+        revokedAt: number;
+        localNodeId: NodeId;
+        operatorConfirmation: RevocationOperatorConfirmation;
+        reason?: string;
+        revocationGeneration?: number;
+    } | null;
+    getPeerRevocationGeneration?(nodeId: NodeId): number | null;
+    clearRevocationForNodeId(nodeId: NodeId, expectedGeneration?: number): boolean;
+    list(): Array<{
+        nodeId: NodeId;
+        displayNameSnapshot?: string;
+        fingerprint: PrincipalFingerprint;
+        revokedAt: number;
+        localNodeId: NodeId;
+        operatorConfirmation: RevocationOperatorConfirmation;
+        reason?: string;
+        revocationGeneration?: number;
+    }>;
+};
+export interface NodeRuntimeControl {
+    nodeId: NodeId;
+    runtimeId: RuntimeId;
+    displayNameSnapshot?: string;
+    port: number;
+    networkManager: NetworkManagerRef;
+    server: Awaited<ReturnType<typeof createServer>>;
+    certs: NodeRuntimeCerts;
+    runtimeOutbox: RuntimeOutbox;
+    revocationStore: RuntimeRevocationAuthority | undefined;
+    networkCoordinator: NetworkIntelligenceCoordinator | undefined;
+    localControl: LocalControlApi;
+    runtimeAdmin: RuntimeAdminApi;
+    waitForInitialDiscovery: () => Promise<void>;
+    registerMailbox: (mailbox: NodeRuntimeMailbox) => () => void;
+}
+export interface NodeRuntimeAutonomousLoopBootstrapOptions {
+    memoriaFactory?: MemoriaFactory;
+    router?: ModelRouter;
+    authResolver?: AuthResolver;
+    runSessionConfig?: import("@aria-cli/aria").RunSessionConfig;
+    mcpServers?: import("@aria-cli/tools").MCPServerConfig[];
+    daemonSafetyPolicy?: import("@aria-cli/aria").DaemonSafetyPolicy;
+    autonomousIntervalMs?: number;
+}
+export declare class NodeRuntime {
+    private readonly options;
+    readonly nodeId: NodeId;
+    private readonly runtimeIdValue;
+    private started;
+    private runtimeControl;
+    private networkStateStore;
+    private relayPollTimer;
+    private stunClient;
+    private discoveryService;
+    private mdnsDiscovery;
+    private privateLanDiscovery;
+    private nearbyPeerDiscovery;
+    private nodeStore;
+    private ownsNetworkManager;
+    private ownsNodeStore;
+    private bootstrapOwnerGeneration;
+    private unsubscribeRuntimeIngressListener;
+    private unsubscribeTransportListener;
+    private localControlSocket;
+    private autonomousLoop;
+    private autonomousLoopStartPromise;
+    private autonomousLoopBootstrap;
+    private networkingReadyResolve;
+    private networkingReadyReject;
+    readonly networkingReady: Promise<void>;
+    constructor(options: NodeRuntimeOptions);
+    get runtimeId(): RuntimeId;
+    private resolvedBootstrapOwnerGeneration;
+    private nextBootstrapRevision;
+    private resolveBootstrapControlHost;
+    private isRecoverableDaemonBindError;
+    private daemonBindCandidates;
+    private publishBootstrapPhase;
+    configureAutonomousLoop(options: NodeRuntimeAutonomousLoopBootstrapOptions): NodeRuntimeAutonomousLoopBootstrapOptions;
+    private summarizeAutonomousLoopSafetyPolicy;
+    private getAutonomousLoopStatus;
+    stopAutonomousLoop(): Promise<void>;
+    startAutonomousLoop(): Promise<void>;
+    start(): Promise<void>;
+    private startNetworkingSubsystems;
+    shutdown(): Promise<void>;
+    control(): NodeRuntimeControl;
+}
+export {};

package/dist/runtime/node-store-revocation-store.d.ts

@@ -0,0 +1,42 @@
+import type { NodeId, PrincipalFingerprint, RevocationOperatorConfirmation } from "@aria-cli/tools/network-runtime";
+export declare function createNodeStoreBackedRevocationStore(input: {
+    ariaHome: string;
+    ownerGeneration: number;
+}): {
+    revoke(event: {
+        nodeId: NodeId;
+        displayNameSnapshot?: string;
+        fingerprint: PrincipalFingerprint;
+        revokedAt: number;
+        localNodeId: NodeId;
+        operatorConfirmation: RevocationOperatorConfirmation;
+        reason?: string;
+        revocationGeneration?: number;
+    }): void;
+    isPeerRevoked(nodeId: NodeId): boolean;
+    read(nodeId: NodeId): {
+        localNodeId: string & import("zod").$brand<"NodeId">;
+        nodeId: NodeId;
+        displayNameSnapshot?: string;
+        fingerprint: PrincipalFingerprint;
+        revokedAt: number;
+        revokedBy: NodeId;
+        operatorConfirmation: RevocationOperatorConfirmation;
+        reason?: string;
+        revocationGeneration: number;
+    } | null;
+    getPeerRevocationGeneration(nodeId: NodeId): number | null;
+    clearRevocationForNodeId(nodeId: NodeId, expectedGeneration?: number): boolean;
+    list(): {
+        localNodeId: string & import("zod").$brand<"NodeId">;
+        nodeId: NodeId;
+        displayNameSnapshot?: string;
+        fingerprint: PrincipalFingerprint;
+        revokedAt: number;
+        revokedBy: NodeId;
+        operatorConfirmation: RevocationOperatorConfirmation;
+        reason?: string;
+        revocationGeneration: number;
+    }[];
+    close(): void;
+};

package/dist/runtime/node-store.d.ts

@@ -0,0 +1,184 @@
+import { type NodeId, type NodeMetadata, type PeerTransportId, type PrincipalFingerprint, type TlsCaFingerprint, type RevocationOperatorConfirmation, type RuntimeBootstrapRecord, type RuntimeEvent, type RuntimeEventKind, type RuntimeOwnerRecord, type RuntimeId } from "@aria-cli/tools/network-runtime";
+export { StaleOwnerError } from "./stale-owner-error.js";
+export declare const NODE_STORE_SCHEMA_VERSION = 1;
+interface NodeStoreOptions {
+    ariaHome: string;
+    /**
+     * Owner generation for this runtime instance. When provided, the store
+     * claims the epoch atomically on construction and rejects all durable
+     * writes if a newer generation has taken over (throws StaleOwnerError).
+     *
+     * Omit only for read-only administrative access (e.g. supervisor queries,
+     * migration tools). Write operations on an unfenced store throw.
+     */
+    ownerGeneration?: number;
+}
+interface RuntimeEventRecordInput {
+    nodeId: NodeId;
+    runtimeId: RuntimeId;
+    kind: RuntimeEventKind;
+    payload?: Record<string, unknown>;
+    eventId?: string;
+    recordedAt?: string;
+}
+export interface PeerBindingRecord {
+    nodeId: NodeId;
+    principalFingerprint: PrincipalFingerprint;
+    transportPublicKey: PeerTransportId;
+    continuityRevision: number;
+    endpointHost?: string;
+    endpointPort?: number;
+    endpointRevision?: number;
+    displayNameSnapshot?: string;
+    controlEndpointHost?: string;
+    controlEndpointPort?: number;
+    controlTlsCaFingerprint?: TlsCaFingerprint;
+    updatedAt: string;
+}
+export type PeerBindingMutation = Omit<PeerBindingRecord, "updatedAt">;
+export type PeerEndpointProjectionCommitResult = {
+    kind: "not_found";
+} | {
+    kind: "applied" | "idempotent" | "stale";
+    binding: PeerBindingRecord;
+};
+export declare function isEquivalentPeerBinding(existing: PeerBindingMutation, candidate: PeerBindingMutation): boolean;
+export interface IngressReceiptRecord {
+    messageId: string;
+    senderNodeId: NodeId;
+    senderFingerprint: PrincipalFingerprint;
+    runtimeId: RuntimeId;
+    receivedAt: string;
+}
+export interface IngressReceiptCommitResult extends IngressReceiptRecord {
+    duplicate: boolean;
+}
+export interface OutboxReceiptRecord {
+    messageId: string;
+    senderNodeId: NodeId;
+    recipientNodeId: NodeId;
+    transport: string;
+    status: "queued_for_route" | "dispatching" | "acked" | "expired";
+    deliveryLifecycleRevision: number;
+    updatedAt: string;
+}
+export interface PeerRevocationRecord {
+    nodeId: NodeId;
+    displayNameSnapshot?: string;
+    fingerprint: PrincipalFingerprint;
+    revokedAt: number;
+    revokedBy: NodeId;
+    operatorConfirmation: RevocationOperatorConfirmation;
+    reason?: string;
+    revocationGeneration: number;
+}
+export interface RevocationConflictRecord {
+    conflictId: string;
+    nodeId: NodeId;
+    previousFingerprint?: PrincipalFingerprint;
+    conflictingFingerprint: PrincipalFingerprint;
+    reason: string;
+    recordedAt: string;
+}
+export declare function nodeStorePathForAriaHome(ariaHome: string): string;
+export declare class NodeStore {
+    readonly ariaHome: string;
+    readonly dbPath: string;
+    private readonly db;
+    private readonly ownerGeneration;
+    constructor(options: NodeStoreOptions);
+    /**
+     * Atomically claim the owner epoch. If the stored generation is already
+     * higher, another runtime has taken over — throw StaleOwnerError.
+     */
+    private claimEpoch;
+    /**
+     * Assert that this store instance is still the current owner.
+     * Called inside every durable write method. Throws StaleOwnerError
+     * if a newer runtime has claimed the epoch since construction.
+     *
+     * Must be called inside the same SQLite transaction as the write.
+     */
+    private assertOwnership;
+    close(): void;
+    readNodeMetadata(): NodeMetadata | null;
+    writeNodeMetadata(metadata: NodeMetadata): NodeMetadata;
+    readRuntimeOwnerRecord(nodeId: NodeId): RuntimeOwnerRecord | null;
+    readRuntimeBootstrapRecord(nodeId: NodeId): RuntimeBootstrapRecord | null;
+    writeRuntimeOwnerRecord(record: RuntimeOwnerRecord): RuntimeOwnerRecord;
+    writeRuntimeBootstrapRecord(record: RuntimeBootstrapRecord): RuntimeBootstrapRecord;
+    removeRuntimeOwnerRecord(nodeId: NodeId): void;
+    clearRuntimeOwnerRecords(): number;
+    clearRuntimeBootstrapRecords(): number;
+    resolveOrCreateNode(): NodeMetadata;
+    appendRuntimeEvent(input: RuntimeEventRecordInput): RuntimeEvent;
+    listRuntimeEvents(): RuntimeEvent[];
+    clearRuntimeEvents(): number;
+    commitRuntimeBootstrapRecord(record: RuntimeBootstrapRecord): RuntimeBootstrapRecord;
+    readPeerBinding(nodeId: NodeId): PeerBindingRecord | null;
+    listPeerBindings(): PeerBindingRecord[];
+    /**
+     * Get the current transport state for a peer.
+     * Returns 'unknown' if the peer doesn't exist (safe default).
+     */
+    getPeerTransportState(nodeId: NodeId): string;
+    /**
+     * Set the transport state for a peer.
+     * Only valid for existing peer bindings.
+     */
+    setPeerTransportState(nodeId: NodeId, transportState: "unknown" | "endpoint_known" | "connecting" | "connected" | "degraded" | "disconnected"): void;
+    commitPeerEndpointProjection(input: {
+        nodeId: NodeId;
+        endpointHost: string;
+        endpointPort: number;
+        endpointRevision: number;
+        updatedAt?: string;
+    }): PeerEndpointProjectionCommitResult;
+    commitPairContinuity(input: Omit<PeerBindingRecord, "updatedAt"> & {
+        updatedAt?: string;
+    }): PeerBindingRecord;
+    commitPairContinuityClearingRevocation(input: Omit<PeerBindingRecord, "updatedAt"> & {
+        updatedAt?: string;
+        expectedRevocationGeneration: number;
+    }): PeerBindingRecord;
+    readPeerRevocation(nodeId: NodeId): PeerRevocationRecord | null;
+    getPeerRevocationGeneration(nodeId: NodeId): number | null;
+    revoke(input: {
+        nodeId: NodeId;
+        displayNameSnapshot?: string;
+        fingerprint: PrincipalFingerprint;
+        revokedAt: number;
+        localNodeId: NodeId;
+        operatorConfirmation: RevocationOperatorConfirmation;
+        reason?: string;
+        revocationGeneration?: number;
+    }): void;
+    readRevocation(nodeId: NodeId): PeerRevocationRecord | null;
+    listRevocations(): PeerRevocationRecord[];
+    isPeerRevoked(nodeId: NodeId): boolean;
+    clearRevocationForNodeId(nodeId: NodeId, expectedGeneration?: number): boolean;
+    commitPeerRevocation(input: Omit<PeerRevocationRecord, "operatorConfirmation" | "revocationGeneration"> & {
+        operatorConfirmation?: RevocationOperatorConfirmation;
+        revocationGeneration?: number;
+    }): PeerRevocationRecord;
+    deletePeerBinding(nodeId: NodeId): boolean;
+    restorePeerBinding(nodeId: NodeId, snapshot: PeerBindingRecord | null): void;
+    readIngressReceipt(messageId: string): IngressReceiptRecord | null;
+    commitIngressReceipt(input: Omit<IngressReceiptRecord, "receivedAt"> & {
+        receivedAt?: string;
+    }): IngressReceiptCommitResult;
+    readOutboxReceipt(messageId: string): OutboxReceiptRecord | null;
+    commitOutboxReceipt(input: Omit<OutboxReceiptRecord, "updatedAt" | "deliveryLifecycleRevision"> & {
+        updatedAt?: string;
+        deliveryLifecycleRevision?: number;
+    }): OutboxReceiptRecord;
+    listRevocationConflicts(): RevocationConflictRecord[];
+    commitRevocationConflict(input: Omit<RevocationConflictRecord, "conflictId" | "recordedAt"> & {
+        conflictId?: string;
+        recordedAt?: string;
+    }): RevocationConflictRecord;
+    private ensureSchema;
+}
+export declare function resolveOrCreateNode(options: {
+    ariaHome: string;
+}): Promise<import("./node-metadata.js").ResolvedNode>;

package/dist/runtime/node-store.js

@@ -0,0 +1 @@
+import{ua as a,va as b,wa as c,xa as d,ya as e,za as f}from"../index-ghh3ag4c.js";import"../index-9xs3gn0p.js";export{f as resolveOrCreateNode,d as nodeStorePathForAriaHome,c as isEquivalentPeerBinding,a as StaleOwnerError,e as NodeStore,b as NODE_STORE_SCHEMA_VERSION};

package/dist/runtime/pinned-control-session.d.ts

@@ -0,0 +1,41 @@
+import { type TlsCaFingerprint } from "@aria-cli/tools/network-runtime";
+declare const PINNED_CONTROL_SESSION: unique symbol;
+/**
+ * A control-plane session whose TLS CA fingerprint has been verified to match
+ * the expected fingerprint from a trusted source (invite token, stored binding,
+ * or local bootstrap).
+ *
+ * This type can ONLY be obtained by calling `createPinnedControlSession()` and
+ * receiving a non-error result. The unique-symbol brand makes it impossible
+ * to construct manually (outside this module).
+ *
+ * All mutating control-plane requests (pair, join, register, heartbeat, revoke)
+ * should require a `PinnedControlSession` instead of raw host:port, ensuring
+ * TLS pinning cannot be bypassed.
+ */
+export type PinnedControlSession = {
+    readonly [PINNED_CONTROL_SESSION]: true;
+    readonly host: string;
+    readonly port: number;
+    readonly pinnedCaFingerprint: TlsCaFingerprint;
+    readonly caCertPem: string;
+};
+export type PinnedControlSessionError = {
+    error: "ca_fingerprint_mismatch";
+};
+/**
+ * Verify that the CA certificate's fingerprint matches the expected fingerprint,
+ * and return a branded `PinnedControlSession` on success.
+ *
+ * This is the ONLY function that can produce a `PinnedControlSession`.
+ * Control-plane request functions should require this brand, making it
+ * impossible to make mutating requests without first completing the
+ * TLS CA verification ceremony.
+ */
+export declare function createPinnedControlSession(input: {
+    host: string;
+    port: number;
+    expectedCaFingerprint: TlsCaFingerprint;
+    caCertPem: string;
+}): PinnedControlSession | PinnedControlSessionError;
+export {};