@aria-cli/server 1.0.19

package/dist/runtime/principal-binding-authority.d.ts

@@ -0,0 +1,173 @@
+import type { FastifyInstance } from "fastify";
+import { type NodeId, type NodeMetadata, type PeerTransportId, type PrincipalFingerprint, type RuntimeBootstrapRecord, type TlsCaFingerprint } from "@aria-cli/tools/network-runtime";
+import type { VerifiedContinuityBind } from "./continuity-verification.js";
+import { type PeerBindingMutation, type PeerBindingRecord, type PeerRevocationRecord, type RevocationConflictRecord } from "./node-store.js";
+declare const VERIFIED_INVITE_CLAIM: unique symbol;
+type SharedSigningPublicKey = RuntimeBootstrapRecord["signingPublicKey"];
+/**
+ * A verified invite claim whose signing key fingerprint has been
+ * cryptographically verified to match the claimed principal fingerprint.
+ *
+ * This type can ONLY be obtained by calling `verifyAndClaimInvite()` and
+ * receiving a non-error result. The unique-symbol brand makes it impossible
+ * to construct manually (outside this module).
+ */
+export type VerifiedInviteClaim = {
+    readonly [VERIFIED_INVITE_CLAIM]: true;
+    readonly nodeId: NodeId;
+    readonly principalFingerprint: PrincipalFingerprint;
+    readonly signingPublicKey: SharedSigningPublicKey;
+};
+export type InviteClaimError = {
+    error: "signing_key_fingerprint_mismatch";
+};
+/**
+ * Verify that the signing key fingerprint matches the claimed principal
+ * fingerprint, and return a branded `VerifiedInviteClaim` on success.
+ *
+ * This is the ONLY function that can produce a `VerifiedInviteClaim`.
+ * `commitFirstTrustBind()` requires this brand, making it impossible to
+ * skip the verification ceremony.
+ */
+export declare function verifyAndClaimInvite(input: {
+    nodeId: NodeId;
+    principalFingerprint: PrincipalFingerprint;
+    signingPublicKey: SharedSigningPublicKey;
+}): VerifiedInviteClaim | InviteClaimError;
+type PeerSigningKeyRecord = {
+    nodeId: NodeId;
+    displayNameSnapshot?: string;
+    signingPublicKey: SharedSigningPublicKey;
+};
+type PeerSigningKeyProjection = {
+    get?(nodeId: NodeId): SharedSigningPublicKey | undefined;
+    getRecord?(nodeId: NodeId): PeerSigningKeyRecord | null | undefined;
+    set?(input: {
+        nodeId: NodeId;
+        displayName: string;
+        signingPublicKey: SharedSigningPublicKey;
+    } | NodeId, signingPublicKey?: SharedSigningPublicKey, displayNameSnapshot?: string): NodeId;
+};
+type LocalPrincipalBindingProjection = () => {
+    nodeId: NodeId;
+    displayNameSnapshot?: string;
+    signingPublicKey: SharedSigningPublicKey;
+    transportPublicKey: PeerTransportId;
+} | undefined;
+export type ResolvedPrincipalBinding = Omit<PeerBindingRecord, "transportPublicKey"> & {
+    transportPublicKey: PeerTransportId;
+    signingPublicKey?: SharedSigningPublicKey;
+    isLocalBinding?: boolean;
+};
+export type VerifiedPrincipalBinding = ResolvedPrincipalBinding & {
+    signingPublicKey: SharedSigningPublicKey;
+};
+export type VerifiedAuthoritativePrincipal = {
+    nodeId: NodeId;
+    principalFingerprint: PrincipalFingerprint;
+    transportPublicKey: PeerTransportId;
+    signingPublicKey: SharedSigningPublicKey;
+    displayNameSnapshot?: string;
+    isLocalAuthority?: boolean;
+};
+export type PeerEndpointProjectionResult = {
+    kind: "not_found";
+} | {
+    kind: "applied" | "idempotent" | "stale";
+    binding: ResolvedPrincipalBinding;
+};
+export type ContinuityBaseRecord = {
+    nodeId: NodeId;
+    principalFingerprint: PrincipalFingerprint;
+    continuityRevision: number;
+    revocationGeneration?: number;
+    displayNameSnapshot?: string;
+    binding?: ResolvedPrincipalBinding;
+    revokedPeer?: PeerRevocationRecord;
+};
+export declare function principalFingerprintFromSigningPublicKey(publicKeyBase64: SharedSigningPublicKey): PrincipalFingerprint | undefined;
+export type BindingChangeEvent = {
+    nodeId: NodeId;
+    transportKeyChanged: boolean;
+    newTransportPublicKey: string;
+    previousTransportPublicKey?: string;
+    newPrincipalFingerprint: PrincipalFingerprint;
+    previousPrincipalFingerprint?: PrincipalFingerprint;
+    continuityRevision: number;
+};
+export declare class PrincipalBindingAuthority {
+    private readonly ariaHome;
+    private readonly ownerGeneration;
+    private readonly peerSigningKeyStore?;
+    /** Transport layer notification callback — set by runtime to receive key rotation events. */
+    onBindingChanged?: (event: BindingChangeEvent) => void;
+    private readonly localBindingProjection?;
+    constructor(options: {
+        ariaHome: string;
+        ownerGeneration?: number;
+        peerSigningKeyStore?: PeerSigningKeyProjection;
+        localBindingProjection?: LocalPrincipalBindingProjection;
+    });
+    private openStore;
+    private resolveWriteOwnerGeneration;
+    private openWritableStore;
+    resolveLocalNodeIdentity(): NodeMetadata;
+    private resolveLocalVerifiedPrincipal;
+    hasRemoteBindings(): boolean;
+    resolveRemoteBinding(nodeId: NodeId): ResolvedPrincipalBinding | undefined;
+    resolveContinuityBase(nodeId: NodeId): ContinuityBaseRecord | undefined;
+    resolveBindingByControlEndpoint(input: {
+        host: string;
+        port: number;
+    }): ResolvedPrincipalBinding | "ambiguous" | undefined;
+    listRemoteBindings(): ResolvedPrincipalBinding[];
+    listAuthoritativeBindings(): ResolvedPrincipalBinding[];
+    resolveLocalBinding(): VerifiedPrincipalBinding | undefined;
+    resolveBindingByPrincipalFingerprint(principalFingerprint: PrincipalFingerprint): VerifiedPrincipalBinding | "ambiguous" | undefined;
+    resolveVerifiedPrincipalByFingerprint(principalFingerprint: PrincipalFingerprint): VerifiedAuthoritativePrincipal | "ambiguous" | undefined;
+    resolveNodeIdFromVerifiedPrincipal(input: {
+        claimedNodeId?: NodeId;
+        signingPublicKey: SharedSigningPublicKey;
+    }): {
+        nodeId: NodeId;
+        principalFingerprint: PrincipalFingerprint;
+        displayNameSnapshot?: string;
+    } | undefined;
+    commitFirstTrustBind(claim: VerifiedInviteClaim, binding: Omit<PeerBindingMutation, "nodeId" | "principalFingerprint"> & {
+        endpointHost?: string;
+        endpointPort?: number;
+        endpointRevision?: number;
+        controlEndpointHost?: string;
+        controlEndpointPort?: number;
+        controlTlsCaFingerprint?: TlsCaFingerprint;
+        projectSigningKey?: boolean;
+    }): ResolvedPrincipalBinding;
+    private applyVerifiedContinuityMutation;
+    commitVerifiedContinuityBind(nodeId: NodeId, verified: VerifiedContinuityBind, projection?: Pick<PeerBindingMutation, "endpointHost" | "endpointPort" | "endpointRevision" | "displayNameSnapshot" | "transportPublicKey" | "controlEndpointHost" | "controlEndpointPort" | "controlTlsCaFingerprint"> & {
+        projectSigningKey?: boolean;
+    }): ResolvedPrincipalBinding;
+    recordRevocationConflict(input: Omit<RevocationConflictRecord, "conflictId" | "recordedAt"> & {
+        conflictId?: string;
+        recordedAt?: string;
+    }): RevocationConflictRecord;
+    recordVerifiedRevocation(input: {
+        nodeId: NodeId;
+        displayNameSnapshot?: string;
+        fingerprint: PrincipalFingerprint;
+        revokedAt: number;
+        revokedBy: NodeId;
+        operatorConfirmation?: import("@aria-cli/tools/network-runtime").RevocationOperatorConfirmation;
+        reason?: string;
+        revocationGeneration?: number;
+    }): PeerRevocationRecord;
+    commitPeerEndpointProjection(input: {
+        nodeId: NodeId;
+        endpointHost: string;
+        endpointPort: number;
+        endpointRevision: number;
+    }): PeerEndpointProjectionResult;
+}
+export declare function getPrincipalBindingAuthority(server: FastifyInstance, options?: {
+    ownerGeneration?: number;
+}): PrincipalBindingAuthority | undefined;
+export {};

package/dist/runtime/reachable-control-host.d.ts

@@ -0,0 +1,5 @@
+export declare function selectReachableControlHost(params: {
+    ingressHost?: string;
+    peerHost?: string;
+    externalHost?: string;
+}): string;

package/dist/runtime/runtime-admin-api.d.ts

@@ -0,0 +1,16 @@
+import type { FastifyInstance } from "fastify";
+import type { DirectPairRequest, DirectPairResponse, PairRequestDecision, PairRequestResponse, PendingPairRequestView, RevokePeerRequest, RevokePeerResponse } from "@aria-cli/tools";
+export interface RuntimeAdminApi {
+    listPendingPairRequests(): Promise<PendingPairRequestView[]>;
+    respondToPairRequest(input: PairRequestDecision): Promise<PairRequestResponse>;
+    directPair(input: DirectPairRequest): Promise<DirectPairResponse>;
+    revokePeer(input: RevokePeerRequest): Promise<RevokePeerResponse>;
+}
+type RuntimeAdminServer = FastifyInstance & {
+    ariaPairControl?: FastifyInstance["ariaPairControl"];
+    ariaNetworkAdminControl?: FastifyInstance["ariaNetworkAdminControl"];
+};
+export declare function createRuntimeAdminApi(options: {
+    server: RuntimeAdminServer;
+}): RuntimeAdminApi;
+export {};

package/dist/runtime/runtime-authority-registry.d.ts

@@ -0,0 +1,55 @@
+/**
+ * RuntimeAuthorityRegistry — the single source of truth for arion-scoped
+ * and global durable state in the daemon process.
+ *
+ * Design principle: arion is the shard key for arion-scoped durable state.
+ * Every durable store is resolved through this registry. No subsystem
+ * instance is created directly by projection code (CLI, headless kernel).
+ *
+ * Global stores:
+ *   registry.config()     → RunSessionConfig (one per ariaHome)
+ *   registry.arions()     → ArionManager (one per ariaHome)
+ *
+ * Arion-scoped stores:
+ *   registry.memoria(arionName)       → Memoria (one per arion, lazy)
+ *   registry.sessionStore(arionName)  → SessionHistory-like (one per arion, lazy)
+ */
+import { ArionManager } from "@aria-cli/aria";
+import type { MemoriaFactory } from "@aria-cli/aria";
+import type { Memoria } from "@aria-cli/memoria";
+import type { RunSessionConfig } from "@aria-cli/aria";
+import type { RecoverySessionHistory } from "../server.js";
+/**
+ * A session store that supports the recovery surface (getSession,
+ * getIncompleteSessions, markCompleted) and optionally supports full
+ * transcript persistence (replaceConversationMessages, addConversationMessage).
+ *
+ * When the CLI's SQLite SessionHistory is available, the full surface is present.
+ * When only the JSON recovery store is available, only the base surface exists.
+ */
+export type ArionSessionStore = RecoverySessionHistory;
+export interface RuntimeAuthorityRegistry {
+    /** Global: one config for the whole ariaHome. */
+    config(): RunSessionConfig;
+    /** Global: one ArionManager for the whole ariaHome. */
+    arions(): ArionManager;
+    /** Arion-scoped: one session store per arion (lazy, cached). */
+    sessionStore(arionName: string): ArionSessionStore | undefined;
+    /** Arion-scoped: one Memoria per arion (lazy, cached). */
+    memoria(arionName: string): Promise<Memoria>;
+    /** The underlying MemoriaFactory (for runner integration). */
+    memoriaFactory(): MemoriaFactory;
+    /** Shutdown: close all open stores. */
+    closeAll(): Promise<void>;
+}
+export interface RuntimeAuthorityRegistryOptions {
+    ariaHome: string;
+    memoriaFactory: MemoriaFactory;
+    /**
+     * Optional factory for creating per-arion SQLite session stores.
+     * When provided, `sessionStore(arionName)` returns a real SQLite-backed
+     * store. When absent, returns undefined (callers fall back to JSON recovery).
+     */
+    sessionStoreFactory?: (arionName: string) => ArionSessionStore | undefined;
+}
+export declare function createRuntimeAuthorityRegistry(options: RuntimeAuthorityRegistryOptions): RuntimeAuthorityRegistry;

package/dist/runtime/runtime-autonomous-loop.d.ts

@@ -0,0 +1,40 @@
+import { type DaemonSafetyPolicy, type MemoriaFactory, type RunSessionConfig } from "@aria-cli/aria";
+import type { AuthResolver } from "@aria-cli/auth";
+import type { ModelRouter } from "@aria-cli/models";
+import { type LocalControlClientKind, type MCPServerConfig, type RuntimeAutonomousLoopStatus } from "@aria-cli/tools";
+import type { NodeRuntimeControl } from "./node-runtime.js";
+import type { NodeStore } from "./node-store.js";
+export interface RuntimeAutonomousLoopOptions {
+    ariaHome: string;
+    arionName: string;
+    runtimeControl: Pick<NodeRuntimeControl, "runtimeId" | "nodeId" | "networkManager" | "registerMailbox" | "server" | "revocationStore" | "networkCoordinator">;
+    router: ModelRouter;
+    memoriaFactory: MemoriaFactory;
+    runSessionConfig: RunSessionConfig;
+    mcpServers?: MCPServerConfig[];
+    authResolver?: AuthResolver;
+    intervalMs?: number;
+    safetyPolicy?: DaemonSafetyPolicy;
+    signal?: AbortSignal;
+    nodeStore?: NodeStore;
+}
+export declare class RuntimeAutonomousLoop {
+    private readonly options;
+    private started;
+    private starting;
+    private stopController;
+    private bootstrapAbortController;
+    private startPromise;
+    private loopPromise;
+    private session;
+    private releaseMailbox;
+    private lastWakeTickAt;
+    private lastCheckpointResult;
+    /** Current wake trigger — called by incoming messages to interrupt the sleep. */
+    currentWakeTrigger: (() => void) | null;
+    constructor(options: RuntimeAutonomousLoopOptions);
+    private summarizeSafetyPolicy;
+    getStatusSummary(ownerClientKind: LocalControlClientKind | null): RuntimeAutonomousLoopStatus;
+    start(): Promise<void>;
+    stop(): Promise<void>;
+}

package/dist/runtime/runtime-bootstrap-authority.d.ts

@@ -0,0 +1,5 @@
+import type { FastifyInstance } from "fastify";
+import { type PrincipalFingerprint, type RuntimeBootstrapRecord } from "@aria-cli/tools";
+export declare function assertRuntimeBootstrapControlReady(bootstrap: RuntimeBootstrapRecord, context: string): RuntimeBootstrapRecord;
+export declare function getLocalRuntimeBootstrapOrThrow(server: FastifyInstance, context: string): Promise<RuntimeBootstrapRecord>;
+export declare function resolveRuntimeBootstrapPrincipalTlsIdentity(bootstrap: RuntimeBootstrapRecord, context?: string): PrincipalFingerprint;

package/dist/runtime/runtime-bootstrap-record.d.ts

@@ -0,0 +1,21 @@
+import type { NetworkManagerRef, NodeId, RuntimeBootstrapPhase, RuntimeBootstrapRecord, RuntimeId, TlsCaFingerprint } from "@aria-cli/tools";
+import { NodeStore } from "./node-store.js";
+export declare function readRuntimeBootstrapRecordFromAriaHome(options: {
+    ariaHome: string;
+    nodeId: NodeId;
+}): RuntimeBootstrapRecord | null;
+export declare function nextRuntimeBootstrapOwnerGeneration(nodeStore: NodeStore, nodeId: NodeId): number;
+export declare function nextRuntimeBootstrapRevision(nodeStore: NodeStore, nodeId: NodeId, _ownerGeneration: number): number;
+export declare function publishRuntimeBootstrapRecord(options: {
+    nodeStore: NodeStore;
+    nodeId: NodeId;
+    runtimeId: RuntimeId;
+    ownerGeneration: number;
+    controlPort: number;
+    caFingerprint: TlsCaFingerprint;
+    caCertPem: string;
+    networkManager: NetworkManagerRef;
+    displayNameSnapshot?: string;
+    phase?: RuntimeBootstrapPhase;
+    controlHost?: string;
+}): RuntimeBootstrapRecord;

package/dist/runtime/runtime-event-journal.d.ts

@@ -0,0 +1,21 @@
+import type { NodeId, RuntimeEvent, RuntimeEventKind, RuntimeId } from "@aria-cli/tools";
+import { NodeStore } from "./node-store.js";
+interface RuntimeEventJournalOptions {
+    ariaHome?: string;
+    nodeStore?: NodeStore;
+}
+interface RecordRuntimeEventInput {
+    nodeId: NodeId;
+    runtimeId: RuntimeId;
+    kind: RuntimeEventKind;
+    payload?: Record<string, unknown>;
+}
+export declare class RuntimeEventJournal {
+    private readonly nodeStore;
+    private readonly ownsNodeStore;
+    constructor(options: RuntimeEventJournalOptions);
+    close(): void;
+    record(input: RecordRuntimeEventInput): RuntimeEvent;
+    list(): RuntimeEvent[];
+}
+export {};

package/dist/runtime/runtime-outbox.d.ts

@@ -0,0 +1,35 @@
+import type { DeliveryAck, MailboxRef, NodeId } from "@aria-cli/tools";
+export interface RuntimeOutboxReceiptRecord {
+    messageId: string;
+    senderNodeId: NodeId;
+    recipientNodeId: NodeId;
+    transport: string;
+    status: "queued_for_route" | "dispatching" | "acked" | "expired";
+    deliveryLifecycleRevision: number;
+    updatedAt: string;
+}
+export interface RuntimeOutboxReceiptStore {
+    readOutboxReceipt(messageId: string): RuntimeOutboxReceiptRecord | null;
+    commitOutboxReceipt(input: Omit<RuntimeOutboxReceiptRecord, "updatedAt" | "deliveryLifecycleRevision"> & {
+        updatedAt?: string;
+        deliveryLifecycleRevision?: number;
+    }): RuntimeOutboxReceiptRecord;
+}
+export interface RuntimeOutbox extends Pick<MailboxRef, "sendBestEffort" | "sendDurable"> {
+    registerTunnel(nodeId: NodeId, transport: {
+        sendPlaintext(data: Buffer): void;
+        getState?: () => string;
+        isActive?: boolean;
+        routeBootstrapOnly?: boolean;
+    }): void;
+    unregisterTunnel(nodeId: NodeId): void;
+    handleDeliveryAck(ack: DeliveryAck): void;
+}
+export interface RuntimeOutboxOptions {
+    receiptStore?: RuntimeOutboxReceiptStore;
+    localNodeId?: NodeId;
+    signingKey?: string;
+    onReceiptCommitted?: (receipt: RuntimeOutboxReceiptRecord) => void;
+    faultCheckpoint?: (point: "runtime_death_during_durable_send", context: Record<string, unknown>) => void;
+}
+export declare function createRuntimeOutbox(options?: RuntimeOutboxOptions): RuntimeOutbox;

package/dist/runtime/runtime-registry.d.ts

@@ -0,0 +1,33 @@
+import { type NodeId, type RuntimeOwnerRecord } from "@aria-cli/tools";
+export declare const RUNTIME_OWNER_RECORD_SCHEMA_VERSION = 1;
+export type { RuntimeOwnerRecord } from "@aria-cli/tools";
+export declare function resolveRuntimeRootDirectory(): string;
+export declare function runtimeOwnerRecordsDirectory(runtimeRoot: string): string;
+export declare function runtimeSocketsDirectory(runtimeRoot: string): string;
+export declare function runtimeOwnerRecordPathForNodeId(runtimeRoot: string, nodeId: NodeId): string;
+export declare function runtimeSocketPathForNodeId(runtimeRoot: string, nodeId: NodeId): string;
+export declare function canonicalizeRuntimeSocketPath(socketPath: string): string;
+export declare function ensureRuntimeRegistryLayout(runtimeRoot: string): void;
+export declare function readRuntimeOwnerRecord(runtimeRoot: string, nodeId: NodeId): RuntimeOwnerRecord | null;
+export declare function listRuntimeOwnerRecords(runtimeRoot: string): RuntimeOwnerRecord[];
+export declare function writeRuntimeOwnerRecord(runtimeRoot: string, record: RuntimeOwnerRecord): RuntimeOwnerRecord;
+export declare function removeRuntimeOwnerRecord(runtimeRoot: string, nodeId: NodeId): void;
+/**
+ * Remove the Unix socket file for a given nodeId.
+ * Should be called alongside removeRuntimeOwnerRecord to prevent socket leaks.
+ */
+export declare function removeRuntimeSocketForNodeId(runtimeRoot: string, nodeId: NodeId): void;
+/**
+ * Garbage-collect orphaned runtime artifacts (sockets and owner records)
+ * whose owning process is no longer alive.
+ *
+ * Called on startup to reclaim resources leaked by hard crashes (SIGKILL,
+ * OOM, power loss) where shutdown hooks never ran.
+ *
+ * Returns the number of artifacts removed for observability.
+ */
+export declare function pruneStaleRuntimeArtifacts(runtimeRoot: string): {
+    removedOwnerRecords: number;
+    removedSockets: number;
+};
+export declare function findRuntimeOwnerRecordByAriaHome(runtimeRoot: string, ariaHome: string): RuntimeOwnerRecord | null;

package/dist/runtime/runtime-registry.js

@@ -0,0 +1 @@
+import{$ as k,R as a,S as b,T as c,U as d,V as e,W as f,X as g,Y as h,Z as i,_ as j,aa as l,ba as m,ca as n,da as o}from"../index-9n50yafd.js";import"../index-5tav2m70.js";import"../index-ghh3ag4c.js";import"../index-9xs3gn0p.js";export{k as writeRuntimeOwnerRecord,d as runtimeSocketsDirectory,f as runtimeSocketPathForNodeId,c as runtimeOwnerRecordsDirectory,e as runtimeOwnerRecordPathForNodeId,b as resolveRuntimeRootDirectory,m as removeRuntimeSocketForNodeId,l as removeRuntimeOwnerRecord,i as readRuntimeOwnerRecord,n as pruneStaleRuntimeArtifacts,j as listRuntimeOwnerRecords,o as findRuntimeOwnerRecordByAriaHome,h as ensureRuntimeRegistryLayout,g as canonicalizeRuntimeSocketPath,a as RUNTIME_OWNER_RECORD_SCHEMA_VERSION};

package/dist/runtime/runtime-run-control.d.ts

@@ -0,0 +1,71 @@
+import type { FastifyInstance } from "fastify";
+import { type Message } from "@aria-cli/types";
+import { type PipelineTimingReport, type RunStateData, type TokenUsage, type ToolCallRecord } from "@aria-cli/aria/server-runner";
+import { type RunRequest, type RuntimeRunEvent } from "@aria-cli/tools";
+import type { NativeToolMetadata, ThinkingBlock } from "@aria-cli/types";
+import { type EntrypointRunPolicyInput } from "../routes/shared.js";
+export interface RunRouteRequestBody extends EntrypointRunPolicyInput {
+    task: string;
+    arion?: string;
+    cwd?: string;
+    history?: unknown[];
+    requestedModel?: string;
+    preferredTier?: string;
+}
+export interface RunRouteResponse {
+    success: boolean;
+    output?: string;
+    messages?: Message[];
+    toolCalls?: ToolCallRecord[];
+    usage?: TokenUsage;
+    turnCount?: number;
+    thinking?: ThinkingBlock[];
+    nativeToolResults?: NativeToolMetadata[];
+    traces?: unknown[];
+    pipelineTiming?: PipelineTimingReport;
+    guardrailEvents?: unknown[];
+    handoffs?: unknown[];
+    state?: RunStateData;
+    error?: string;
+    reason?: string;
+    diagnostic?: Record<string, unknown>;
+}
+export interface ResumeRouteRequestBody extends EntrypointRunPolicyInput {
+    state: unknown;
+    arion?: string;
+    cwd?: string;
+    requestedModel?: string;
+    preferredTier?: string;
+}
+export type ResumeRouteResponse = RunRouteResponse;
+export type NormalizedStreamRequest = Omit<RunRequest, "history"> & {
+    history?: Message[];
+    requestedModel?: string;
+};
+export interface AttachedClientExecutionContext {
+    clientId: string;
+}
+export type RunControlLogger = {
+    warn(obj: unknown, message: string): void;
+    error?: (...args: unknown[]) => void;
+};
+type StreamParseResult = {
+    request: NormalizedStreamRequest;
+    error?: never;
+} | {
+    request?: never;
+    error: string;
+};
+export declare function parseStreamRequest(payload: unknown): StreamParseResult;
+export declare function invalidStreamRequest(message: string): AsyncGenerator<RuntimeRunEvent, void, unknown>;
+export declare function submitRunViaRuntimeControl(server: FastifyInstance, requestBody: RunRouteRequestBody, requestLog?: RunControlLogger, attachedClient?: AttachedClientExecutionContext): Promise<{
+    status: number;
+    body: RunRouteResponse;
+}>;
+export declare function resumeRunViaRuntimeControl(server: FastifyInstance, requestBody: ResumeRouteRequestBody, requestLog?: RunControlLogger, attachedClient?: AttachedClientExecutionContext): Promise<{
+    status: number;
+    body: ResumeRouteResponse;
+}>;
+export declare function streamRunViaRuntimeControl(server: FastifyInstance, parsed: NormalizedStreamRequest, requestLog?: RunControlLogger, signal?: AbortSignal, attachedClient?: AttachedClientExecutionContext): AsyncGenerator<RuntimeRunEvent, void, unknown>;
+export declare function ensureRuntimeRunControl(server: FastifyInstance): void;
+export {};

package/dist/runtime/stale-owner-error.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Thrown when a runtime-owned durable store detects that a newer runtime
+ * has claimed ownership. The throwing runtime MUST shut down immediately.
+ *
+ * This error must NEVER be caught except in the runtime main loop shutdown
+ * handler. Any try/catch that swallows StaleOwnerError is an architectural bug.
+ */
+export declare class StaleOwnerError extends Error {
+    readonly kind: "StaleOwnerError";
+    readonly claimedGeneration: number;
+    readonly currentGeneration: number;
+    constructor(claimed: number, current: number);
+}

package/dist/runtime-run-control-0r21xdh5.js

@@ -0,0 +1,2 @@
+import{a as C,b as l,g as d,h as _f,i as o,j as t}from"./index-zge0mhc0.js";import{D as n,G as v,H as i,I as Of,J as A,M as Tf}from"./index-pe0pkp0v.js";import{ta as Df}from"./index-raeajnr7.js";import"./index-9xs3gn0p.js";import{createRunPipeline as a}from"@aria-cli/aria/server-runner";import{ClientIdSchema as Zf,RunRequestSchema as zf,toNetworkControlRef as Ff}from"@aria-cli/tools";import{canonicalizeDeliveryReceipt as Gf}from"@aria-cli/tools";function ff(R,f){let T=R[f];if(typeof T!=="function")throw Error(`Runtime outbox ${f} not available`);return T.bind(R)}function Rf(R){if(!R)return;let{transport:f,...T}=R;return{...Gf({transport:f==="local_runtime"?"in_process":f,...T})}}function Wf(R){let f=R;return{rawMessage:f,...f.recipientInbox?{recipientInbox:f.recipientInbox}:{},...f.recipientInbox?.kind!=="client"&&typeof f.recipient?.id==="string"?{to:f.recipient.id}:{}}}function m(R,f){let{ariaRuntimeMessageControl:T,ariaRuntimeOutbox:x}=R,O=f?.mailbox,_=typeof f?.bindRelayTransport==="function"?f.bindRelayTransport.bind(f):O&&typeof O.setRelayTransport==="function"?O.setRelayTransport.bind(O):void 0;if(!T&&!x||!_)return()=>{};return _((S,D)=>{if(T){let J=Wf(S);return(D==="best_effort"?T.sendBestEffort(J):T.sendDurable(J)).then((F)=>Rf(F))}try{return(D==="best_effort"?ff(x,"sendBestEffort")(S):ff(x,"sendDurable")(S)).then((F)=>Rf(F))}catch(J){return Promise.reject(J)}}),()=>{}}import{getErrorMessage as xf,getErrorStatusCode as $f}from"@aria-cli/types";var jf=new Set(["ARION_NOT_FOUND","ARION_RESTING","ARION_RETIRED"]);function Jf(R,f=500){let T=$f(R);if(typeof T==="number")return T;if(R&&typeof R==="object"){let O=R.code;if(typeof O==="string"&&jf.has(O))return 400}let x=xf(R).toLowerCase();if(x.includes("not found")||x.includes("resting")||x.includes("retired"))return 400;return f}function q(R,f,T=500){let x=Jf(R,T);return{status:x,message:x<500?xf(R):Of(R,f)}}import{ArionManager as Kf,Room as Qf,deepConsolidation as Xf,parseMentions as Yf}from"@aria-cli/aria/server-arions";async function g(R){let{ariaMemoriaFactory:f,ariaRouter:T}=R,x=new Qf({onRest:(_)=>{let S=performance.now();console.warn(`[room.onRest] START deepConsolidation for arion="${_.name}"`),(async()=>{try{let D=Kf.resolveMemoriaPath(_,_.name),J=await f.get(D);if(await Xf(T,J,_),O)await O.save(_)}catch(D){console.warn(`[room.onRest] deepConsolidation FAILED for "${_.name}":`,D?.message)}finally{console.warn(`[room.onRest] END deepConsolidation for "${_.name}" — ${((performance.now()-S)/1000).toFixed(1)}s`)}})()}}),O=null;try{O=await Tf(f,T)}catch{O=null}return{room:x,manager:O}}async function p(R,f,T){if(!R)return;let x=Yf(T);for(let O of x){if(A(O))continue;try{let _=await R.get(O);if(_?.status==="resting")await R.wake(O),_=await R.get(O);if(_?.status==="active"&&!f.isInRoom(O))f.enter(_)}catch{}}}function s(R){let f=R.ariaSessionHistory;if(!f)return;let T=f;if(typeof T.listSessions==="function"&&typeof T.searchSessionsFts==="function")return f;return}function bf(R,f){let T=R.filter((x)=>{if(!x||typeof x!=="object")return!1;let O=x;return typeof O.id==="string"&&typeof O.name==="string"&&typeof O.durationMs==="number"&&!!O.result&&typeof O.result==="object"});if(T.length===0)return f?[...f]:[];return T.map((x)=>({...x,result:x.result}))}function Ef(R){let f=R[0];if(!f)return"Invalid request";let T=f.path.join(".");if(T==="task")return"task is required";return T&&T.length>0?`${T}: ${f.message}`:f.message}function Vf(R,f){return f!==void 0||R===void 0}function Nf(R,f){return{message:q(R,f).message,diagnostic:n(R)}}function u(R,f,T,x=500){let O=f?.error?{error:(...D)=>f.error?.(...D)}:void 0,{message:_,status:S}=q(R,O,x);return{status:S,body:{success:!1,error:_,...Vf(f,T)?{diagnostic:n(R)}:{}}}}function Sf(R,f,T){let x;try{x=R.observabilityContext?.snapshot()}catch(D){T?.warn({err:D},"Observability snapshot failed"),x=void 0}let _=bf(x?.toolCalls??[],f.toolCalls??[]).map((D)=>({...D,result:{...D.result,..._f(D.name,D.input,D.result)}})),S=f.nativeToolResults&&f.nativeToolResults.length>0?f.nativeToolResults:void 0;return{success:!0,output:f.content,messages:f.messages,toolCalls:_,usage:x?.usage??f.usage,turnCount:x?.turnCount??f.turnCount,thinking:x?.thinkingBlocks?.length?x.thinkingBlocks:void 0,nativeToolResults:S,traces:x?.spans?.length?x.spans:void 0,pipelineTiming:x?.pipelineTiming&&x.pipelineTiming.phases.length>0?x.pipelineTiming:void 0,guardrailEvents:x?.guardrailEvents?.length?x.guardrailEvents:void 0,handoffs:x?.handoffs?.length?x.handoffs:void 0}}function r(R,f){let T=Ff(R.ariaNetworkManager);if(!f?.clientId||!R.ariaAttachedClientControl?.listAttachedClients)return T;let x=()=>R.ariaAttachedClientControl.listAttachedClients({clientId:f.clientId});if(T)return{...T,listAttachedClients:x};return{invite(){throw Error("Network manager not available. Secure networking requires the @aria/wireguard package.")},revokePeer(){throw Error("Network manager not available. Secure networking requires the @aria/wireguard package.")},listPeers(){return[]},status(){return{configured:!1,nodeId:R.ariaNodeId??null,principalFingerprint:null,transportPublicKey:null,listenPort:null,externalEndpoint:null,activePeers:0,totalPeers:0,signingPublicKey:null}},listAttachedClients:x}}function e(R){if(!R)return;return{kind:"client",clientId:Zf.parse(R.clientId)}}async function wf(R,f){if(!f||!R.ariaRuntimeLocalControl?.getRuntimeStatus)return!1;try{return(await R.ariaRuntimeLocalControl.getRuntimeStatus()).autonomousLoop.ownerClientKind==="local-api"}catch{return!1}}function Uf(R){let f=zf.safeParse(R);if(!f.success)return{error:Ef(f.error.issues)};let{history:T,...x}=f.data,O=o(f.data.history);return{request:O?{...x,history:O}:x}}async function*If(R){yield{type:"error",error:{message:R}}}function Pf(R,f){let T=f?.error?{error:(...x)=>f.error?.(...x)}:void 0;switch(R.type){case"error":return{type:"error",error:Nf(R.error,T)};case"text_delta":case"tool_start":case"approval_needed":case"tool_result":case"usage_update":case"turn_complete":case"guardrail_rejected":case"pipeline_timing":case"messages_snapshot":case"native_tool_result":case"thinking_start":case"thinking_delta":case"thinking_end":case"tool_args_delta":case"span_start":case"span_end":case"handoff_start":case"handoff_result":case"paused":return R;default:return null}}async function Hf(R,f,T,x){let{task:O,arion:_}=f,S=e(x),D=T?.error?{error:(...N)=>T.error?.(...N)}:void 0;if(_&&A(_))return{status:400,body:{success:!1,error:`Invalid arion name: "${_}"`}};try{await R.ariaRecoverCrashedSessions?.()}catch(N){T?.warn({err:N},"Per-request crash recovery failed")}let J=v(),F=typeof f.cwd==="string"&&f.cwd.trim().length>0?f.cwd:process.cwd(),c=i(F),{approvalMode:y="pause",askUserAnswers:P=[],history:B,budget:z,maxTurns:h,autonomy:E,allowedTools:W,deniedTools:w,noMemory:H,systemPrompt:L}=f,X=o(B),{ariaMemoriaFactory:k,ariaRouter:K,ariaBasePath:Q,ariaAuthResolver:M}=R,{room:$,manager:b}=await g(R),j;try{await p(b,$,O),j=await a({task:O,arionName:_||void 0,config:{...J,...f.requestedModel?{requestedModel:f.requestedModel}:{},...f.preferredTier?{preferredTier:f.preferredTier}:{}},storagePath:Q,...f.requestedModel?{requestedModel:f.requestedModel}:{},router:K,memoriaFactory:k,mcpServers:c,room:$,...X?{history:X}:{},...H?{skipMemoria:!0}:{},sessionHistory:s(R),authResolver:M??void 0,networkControl:r(R,x),networkManager:R.ariaNetworkManager,runtimeId:R.ariaRuntimeId??void 0,nodeId:R.ariaNodeId??void 0,...S?{runtimeIngressAuthority:{localInboxAddress:S}}:{},runOptionsOverrides:t({workingDir:F,approvalMode:y,askUserAnswers:P,budget:z,maxTurns:h,autonomy:E,allowedTools:W,deniedTools:w,noMemory:H,systemPrompt:L,...S?{inboxAddress:S}:{}})})}catch(N){return $.clear().catch(()=>{}),u(N,T,x)}let V=R.ariaSessionHistory,Y=j.session?.sessionId,U=j.session?.arion?.name??_??J.activeArion;if(Y)V?.upsertSession?.(Y,l(O),{arionName:U});let G=m(R,j.session);try{let N=await j.run(),I=(N.state?.pendingToolCalls?.length??0)>0,Z=C(N.state?.messages??N.messages??[]);if(Y){if(Z.length>0)V?.upsertSession?.(Y,Z,{completed:!I,arionName:U});else if(!I)V?.markCompleted(Y)}if(I)return{status:409,body:{success:!1,error:"Run paused: pending tool calls require approval before resume",state:N.state}};return{status:200,body:Sf(j,N,T)}}catch(N){return u(N,T,x,d(N)?400:500)}finally{G(),$.clear().catch(()=>{})}}async function kf(R,f,T,x){let{arion:O,approvalMode:_="pause",askUserAnswers:S=[],budget:D,maxTurns:J,autonomy:F,allowedTools:c,deniedTools:y,noMemory:P,systemPrompt:B}=f,z=e(x),h=T?.error?{error:(...G)=>T.error?.(...G)}:void 0,E=f.state;if(O&&A(O))return{status:400,body:{success:!1,error:`Invalid arion name: "${O}"`}};try{await R.ariaRecoverCrashedSessions?.()}catch(G){T?.warn({err:G},"Per-request crash recovery failed")}let W=v(),w=typeof f.cwd==="string"&&f.cwd.trim().length>0?f.cwd:process.cwd(),H=i(w),{ariaMemoriaFactory:L,ariaRouter:X,ariaBasePath:k,ariaAuthResolver:K}=R,{room:Q,manager:M}=await g(R),$;try{await p(M,Q,E.input),$=await a({task:E.input,arionName:O||void 0,config:{...W,...f.requestedModel?{requestedModel:f.requestedModel}:{},...f.preferredTier?{preferredTier:f.preferredTier}:{}},storagePath:k,...f.requestedModel?{requestedModel:f.requestedModel}:{},router:X,memoriaFactory:L,mcpServers:H,room:Q,...P?{skipMemoria:!0}:{},sessionHistory:s(R),authResolver:K??void 0,networkControl:r(R,x),networkManager:R.ariaNetworkManager,runtimeId:R.ariaRuntimeId??void 0,nodeId:R.ariaNodeId??void 0,...z?{runtimeIngressAuthority:{localInboxAddress:z}}:{},runOptionsOverrides:t({workingDir:w,approvalMode:_,askUserAnswers:S,budget:D,maxTurns:J,autonomy:F,allowedTools:c,deniedTools:y,noMemory:P,systemPrompt:B,...z?{inboxAddress:z}:{}})})}catch(G){return Q.clear().catch(()=>{}),u(G,T,x)}let b=R.ariaSessionHistory,j=$.session?.sessionId,V=$.session?.arion?.name??O??W.activeArion,Y=C(E.messages??[]),U=m(R,$.session);if(j)b?.upsertSession?.(j,Y.length>0?Y:l(E.input),{arionName:V});try{let G=await $.resume(E),N=(G.state?.pendingToolCalls?.length??0)>0,I=G.state?.messages??G.messages??[],Z=C(I);if(j){if(Z.length>0)b?.upsertSession?.(j,Z,{completed:!N,arionName:V});else if(!N)b?.markCompleted(j)}if(N)return{status:409,body:{success:!1,error:"Run paused: pending tool calls require approval before resume",state:G.state}};return{status:200,body:Sf($,G,T)}}catch(G){return u(G,T,x,d(G)?400:500)}finally{U(),Q.clear().catch(()=>{})}}async function*Mf(R,f,T,x,O){let _=e(O),S=T?.error?{error:(...W)=>T.error?.(...W)}:void 0;if(f.arion&&A(f.arion)){yield{type:"error",error:{message:`Invalid arion name: "${f.arion}"`}};return}try{await R.ariaRecoverCrashedSessions?.()}catch(W){T?.warn({err:W},"Per-request crash recovery failed")}let D=v(),J=typeof f.cwd==="string"&&f.cwd.trim().length>0?f.cwd:process.cwd(),F=i(J),{ariaMemoriaFactory:c,ariaRouter:y,ariaBasePath:P,ariaAuthResolver:B}=R,{room:z,manager:h}=await g(R),E=await wf(R,O);try{await p(h,z,f.task);let W=new AbortController,w=()=>W.abort();x?.addEventListener("abort",w,{once:!0});let H=f.approvalMode||"pause",L=f.askUserAnswers||[],X;try{X=await a({task:f.task,arionName:f.arion||void 0,config:{...D,...f.requestedModel?{requestedModel:f.requestedModel}:{},...f.preferredTier?{preferredTier:f.preferredTier}:{}},storagePath:P,...f.requestedModel?{requestedModel:f.requestedModel}:{},router:y,memoriaFactory:c,abortSignal:W.signal,mcpServers:F,room:z,...f.history?{history:f.history}:{},...f.noMemory?{skipMemoria:!0}:{},sessionHistory:s(R),authResolver:B??void 0,networkControl:r(R,O),networkManager:R.ariaNetworkManager,runtimeId:R.ariaRuntimeId??void 0,nodeId:R.ariaNodeId??void 0,..._?{runtimeIngressAuthority:{localInboxAddress:_}}:{},runOptionsOverrides:t({workingDir:J,approvalMode:H,askUserAnswers:L,budget:f.budget,maxTurns:f.maxTurns,autonomy:f.autonomy,allowedTools:f.allowedTools,deniedTools:f.deniedTools,noMemory:f.noMemory,systemPrompt:f.systemPrompt,..._?{inboxAddress:_}:{}})})}catch(K){x?.removeEventListener("abort",w),yield{type:"error",error:Nf(K,S)};return}let k=()=>{};try{k=m(R,X.session);let K=R.ariaSessionHistory,Q=X.session?.sessionId,M=X.session?.arion?.name??f.arion??D.activeArion;if(Q)K?.upsertSession?.(Q,l(f.task),{arionName:M});let $=!1,b=!1,j=[];for await(let I of X.execute()){let Z=Pf(I,T);if(!Z)continue;if(Z.type==="messages_snapshot")j=Z.messages;if(Z.type==="error")$=!0;if(Z.type==="paused")b=!0;if(yield Z,$||b)break}let V=performance.now(),Y=C(j),U=performance.now();if(Q){if(Y.length>0)K?.upsertSession?.(Q,Y,{completed:!$&&!b&&!W.signal.aborted,arionName:M});else if(!$&&!b&&!W.signal.aborted)K?.markCompleted(Q)}let G=performance.now(),N=G-V;if(N>100)try{process.stderr.write(`[streamRun][DIAG] postLoop: total=${N.toFixed(0)}ms normalize=${(U-V).toFixed(0)}ms upsert=${(G-U).toFixed(0)}ms msgs=${j.length} recovery=${Y.length}
+`)}catch{}}catch(K){yield{type:"error",error:{message:d(K)?K.message??"ask_user requested more answers than provided.":q(K,S).message,diagnostic:n(K)}}}finally{if(k(),x?.removeEventListener("abort",w),E&&X)W.abort(),X.close().catch(()=>{})}}finally{let W=performance.now();console.warn(`[streamRun.finally] room.clear() START (${z.getActive().length} arions)`),z.clear().catch(()=>{}).finally(()=>{console.warn(`[streamRun.finally] room.clear() END — ${((performance.now()-W)/1000).toFixed(1)}s`)})}}function fR(R){let f=R.ariaRunControl;Df(R,"ariaRunControl",{...f,submitRun:async(T,x)=>{let O=await Hf(R,T,void 0,x);return{success:O.body.success,...typeof O.body.output==="string"?{output:O.body.output}:{},...O.body.messages?{messages:O.body.messages}:{},...O.body.toolCalls?{toolCalls:O.body.toolCalls}:{},...O.body.usage?{usage:O.body.usage}:{},...typeof O.body.turnCount==="number"?{turnCount:O.body.turnCount}:{},...O.body.state?{state:O.body.state}:{},...typeof O.body.error==="string"?{error:O.body.error}:{},...O.body.diagnostic?{diagnostic:O.body.diagnostic}:{}}},resumeRun:async(T,x)=>{let O=await kf(R,T,void 0,x);return{...O.body,...O.body.diagnostic?{diagnostic:O.body.diagnostic}:{}}},streamRun:(T,x,O)=>{let _=Uf(T);return _.request?Mf(R,_.request,void 0,x,O):If(_.error)}})}export{Hf as submitRunViaRuntimeControl,Mf as streamRunViaRuntimeControl,kf as resumeRunViaRuntimeControl,Uf as parseStreamRequest,If as invalidStreamRequest,fR as ensureRuntimeRunControl};

package/dist/server.d.ts

@@ -0,0 +1,84 @@
+import Fastify from "fastify";
+import type { MemoriaFactory } from "@aria-cli/aria/server-arions";
+import { type ModelRouter } from "@aria-cli/aria/server-models";
+import { type NodeId, type RuntimeId } from "@aria-cli/tools";
+import { type ServerSessionHistory } from "./session-history.js";
+import { type AttachedLocalHttpClientAuthority } from "./runtime/local-control-socket.js";
+import "./types.js";
+/**
+ * Check whether an origin is a localhost address.
+ * Uses URL parsing to prevent bypasses like "http://localhost.evil.com".
+ */
+export declare function isLocalhostOrigin(origin: string): boolean;
+/**
+ * Strip api_key query parameter values from URLs to prevent secret leakage in logs.
+ */
+export declare function redactApiKey(url: string | undefined): string | undefined;
+type RecoverySessionHistory = Omit<ServerSessionHistory, "upsertSession"> & {
+    upsertSession?: ServerSessionHistory["upsertSession"];
+};
+/**
+ * Configuration options for the Aria server
+ */
+export interface ServerConfig {
+    /** Port to listen on (default: 3000) */
+    port?: number;
+    /**
+     * Host to bind to (default: '127.0.0.1').
+     *
+     * In mesh mode, set to '0.0.0.0' to accept connections from WireGuard peers.
+     * Note: WireGuard operates at the UDP/IP layer — HTTPS traffic flows over the
+     * regular network stack, with WireGuard providing encryption transparently.
+     * The server does NOT need to bind to a tunnel interface IP. Instead, security
+     * is enforced via message signature verification (Ed25519 signing in Mailbox)
+     * and route-level cryptographic identity checks.
+     */
+    host?: string;
+    /** Injected MemoriaFactory (for testing; production creates its own) */
+    memoriaFactory?: MemoriaFactory;
+    /** Injected router (for testing; production creates its own) */
+    router?: ModelRouter;
+    /** Base path override (for testing; defaults to ~/.aria) */
+    basePath?: string;
+    /** Recover incomplete sessions on startup (defaults to true outside tests). */
+    enableCrashRecovery?: boolean;
+    /** Session history source for startup crash recovery (optional). */
+    crashRecoverySessionHistory?: RecoverySessionHistory;
+    /** Auth resolver for resolving API keys (passed to RunSession for modelOverride). */
+    authResolver?: import("@aria-cli/auth").AuthResolver;
+    /** Optional NetworkManager for WireGuard peer join/signing-key wiring */
+    networkManager?: import("@aria-cli/tools").NetworkManagerRef;
+    /** Canonical runtime identity for daemon-backed sends. */
+    runtimeId?: RuntimeId;
+    /** Durable node identity for runtime-owned local control routes. */
+    nodeId?: NodeId;
+    /** Single-writer generation for durable runtime-owned identity mutations. */
+    ownerGeneration?: number;
+    /** TLS certificate and key for HTTPS. When provided, server uses HTTPS. */
+    tls?: {
+        cert: string;
+        key: string;
+    };
+    /** Suppress Fastify request/response logs (for embedded servers in TUI mode) */
+    silent?: boolean;
+    /** Active arion whose Memoria should back the server message-store surface. */
+    arionName?: string;
+    /** Optional attached-local HTTP auth authority for test/runtime embedding. */
+    attachedLocalHttpClientAuthority?: AttachedLocalHttpClientAuthority;
+}
+/**
+ * Result of createServer containing the Fastify instance and configured listen method
+ */
+export interface ServerInstance {
+    /** The underlying Fastify server instance */
+    server: ReturnType<typeof Fastify>;
+    /** Start listening on the configured port and host */
+    listen: () => Promise<string>;
+}
+/**
+ * Creates and configures a Fastify server instance
+ * @param config - Server configuration options
+ * @returns ServerInstance with configured server and listen method
+ */
+export declare function createServer(config?: ServerConfig): Promise<ServerInstance>;
+export {};

package/dist/session-history-messages.d.ts

@@ -0,0 +1,3 @@
+import type { RecoverySessionMessage } from "./session-history.js";
+export declare function normalizeRecoveryMessages(messages: ReadonlyArray<unknown>): RecoverySessionMessage[];
+export declare function buildInitialRecoveryMessages(task: string): RecoverySessionMessage[];