@askalf/dario 3.11.1 → 3.13.0

package/dist/sealed-pool.js

@@ -0,0 +1,416 @@
+/**
+ * Sealed-sender overflow pool — RSA blind signatures for unlinkable capacity
+ * sharing inside a trust group.
+ *
+ * The problem this solves: in a federated pool where several friends lend
+ * each other account capacity, a naive design leaks who is borrowing what.
+ * If member A sends "I'm borrowing from your pool" to member B's dario
+ * instance, B learns exactly which of their friends is running which
+ * workload — and over time B can build a pretty detailed surveillance log
+ * of everyone else's agent sessions. That's the opposite of what a private
+ * friend pool should provide.
+ *
+ * The solution is Chaum's 1983 blind signature construction. A trusted
+ * admin (one member of the group, selected by social consensus) issues
+ * signed borrow tokens to each member. The admin never sees the token
+ * values — they sign blinded values, and the blinding is unlinkable at
+ * the cryptographic level. When a member sends a token to a lender, the
+ * lender can verify "this was signed by the group admin" without learning
+ * WHICH member holds that token. The lender sees a valid group credential
+ * and nothing more.
+ *
+ * From Anthropic's perspective nothing changes: the request still hits
+ * their API under the lender's identity, fully attributable to a real
+ * paying Max subscriber. The privacy property is entirely INSIDE the
+ * trust group — no member can surveil another member's usage through
+ * the pool layer.
+ *
+ * What this is NOT: this is not anonymity from Anthropic, not onion
+ * routing, not credential laundering. It is a privacy layer on top of
+ * a legitimate friends-pool arrangement. Members opt in, the admin is
+ * known, membership is revocable by rotating the group key. It's the
+ * same trust model as a family Netflix account, with unlinkability as
+ * a feature for the pool's internal telemetry.
+ *
+ * Implementation notes:
+ *   - RSA-2048 with FDH (full-domain hash) padding via MGF1-SHA256.
+ *   - Node's crypto.publicEncrypt / privateDecrypt with RSA_NO_PADDING
+ *     for raw RSA operations. All modular arithmetic happens in BigInt.
+ *   - Tokens are 32 random bytes each, single-use (lender tracks SHA-256
+ *     hashes of seen tokens to prevent double-spend).
+ *   - Admin does not need to be online for members to use tokens. Admin
+ *     only runs when issuing a new batch (typically once per day/week).
+ */
+import { generateKeyPairSync, publicEncrypt, privateDecrypt, constants, createPublicKey, randomBytes, createHash, } from 'node:crypto';
+// ======================================================================
+//  BigInt / buffer helpers
+// ======================================================================
+function bigintToBytes(n, len) {
+    let hex = n.toString(16);
+    if (hex.length % 2)
+        hex = '0' + hex;
+    const buf = Buffer.from(hex, 'hex');
+    if (buf.length > len)
+        throw new Error('value too large for buffer');
+    if (buf.length === len)
+        return buf;
+    const padded = Buffer.alloc(len);
+    buf.copy(padded, len - buf.length);
+    return padded;
+}
+function bytesToBigint(buf) {
+    if (buf.length === 0)
+        return 0n;
+    return BigInt('0x' + buf.toString('hex'));
+}
+function egcd(a, b) {
+    let [oldR, r] = [a, b];
+    let [oldS, s] = [1n, 0n];
+    let [oldT, t] = [0n, 1n];
+    while (r !== 0n) {
+        const q = oldR / r;
+        [oldR, r] = [r, oldR - q * r];
+        [oldS, s] = [s, oldS - q * s];
+        [oldT, t] = [t, oldT - q * t];
+    }
+    return [oldR, oldS, oldT];
+}
+function modInverse(a, n) {
+    const norm = ((a % n) + n) % n;
+    const [g, x] = egcd(norm, n);
+    if (g !== 1n)
+        throw new Error('no modular inverse');
+    return ((x % n) + n) % n;
+}
+// ======================================================================
+//  Full-domain hash (FDH) for RSA blind signatures
+// ======================================================================
+/**
+ * Map a message to a uniformly-distributed integer in [1, n). Standard
+ * FDH construction via MGF1-SHA256 with a counter-based retry loop to
+ * handle the edge case where the candidate is ≥ n.
+ *
+ * Why FDH matters: without it, RSA signatures are vulnerable to
+ * multiplicative forgery attacks (signatures can be combined to forge
+ * signatures on products of messages). FDH destroys the algebraic
+ * structure of the message so no such combination exists.
+ */
+function fdh(message, modulus, modulusBytes) {
+    for (let counter = 0; counter < 1000; counter++) {
+        const out = Buffer.alloc(modulusBytes);
+        let written = 0;
+        let i = 0;
+        while (written < modulusBytes) {
+            const hash = createHash('sha256');
+            hash.update(message);
+            const counterBuf = Buffer.alloc(4);
+            counterBuf.writeUInt32BE(counter, 0);
+            hash.update(counterBuf);
+            const iBuf = Buffer.alloc(4);
+            iBuf.writeUInt32BE(i, 0);
+            hash.update(iBuf);
+            const digest = hash.digest();
+            const take = Math.min(digest.length, modulusBytes - written);
+            digest.copy(out, written, 0, take);
+            written += take;
+            i++;
+        }
+        // Clear the top bit to reduce the chance of value ≥ n on the first try.
+        out[0] &= 0x7f;
+        const candidate = bytesToBigint(out);
+        if (candidate > 0n && candidate < modulus)
+            return candidate;
+    }
+    throw new Error('FDH: exhausted counter without finding candidate');
+}
+function rawPublicOp(key, value) {
+    const input = bigintToBytes(value, key.modulusBytes);
+    const output = publicEncrypt({ key: key.keyObj, padding: constants.RSA_NO_PADDING }, input);
+    return bytesToBigint(output);
+}
+function rawPrivateOp(key, value) {
+    const input = bigintToBytes(value, key.modulusBytes);
+    const output = privateDecrypt({ key: key.keyObjPriv, padding: constants.RSA_NO_PADDING }, input);
+    return bytesToBigint(output);
+}
+// ======================================================================
+//  Blind signature protocol
+// ======================================================================
+/**
+ * Blind a token: pick r ∈ [2, n), compute blinded = FDH(token) · r^e mod n.
+ * The admin sees only the blinded value (uniform over Z_n*) and learns
+ * nothing about the token.
+ */
+export function blindToken(tokenBytes, pubKey) {
+    const m = fdh(tokenBytes, pubKey.n, pubKey.modulusBytes);
+    let r = 0n;
+    for (let attempts = 0; attempts < 32; attempts++) {
+        const rBytes = randomBytes(pubKey.modulusBytes);
+        rBytes[0] &= 0x7f;
+        const candidate = bytesToBigint(rBytes);
+        if (candidate > 1n && candidate < pubKey.n) {
+            r = candidate;
+            break;
+        }
+    }
+    if (r === 0n)
+        throw new Error('blindToken: failed to sample r');
+    const rE = rawPublicOp(pubKey, r);
+    const blinded = (m * rE) % pubKey.n;
+    return { blinded, r };
+}
+/** Admin-side: sign a blinded value. No knowledge of the original token. */
+export function signBlinded(blinded, privKey) {
+    return rawPrivateOp(privKey, blinded);
+}
+/**
+ * Member-side: given the admin's signature on the blinded value, remove
+ * the blinding factor to obtain a raw RSA-FDH signature over the original
+ * token that the admin never saw.
+ *
+ * Math: signed_blinded = (FDH(t) · r^e)^d = FDH(t)^d · r mod n.
+ * Multiplying by r^(-1) mod n yields FDH(t)^d = the raw signature.
+ */
+export function unblindSignature(blindedSignature, r, pubKey) {
+    const rInv = modInverse(r, pubKey.n);
+    return (blindedSignature * rInv) % pubKey.n;
+}
+/**
+ * Verify a (token, signature) pair against the admin's public key.
+ * True iff signature^e ≡ FDH(token) (mod n).
+ */
+export function verifyTokenSignature(tokenBytes, signature, pubKey) {
+    if (signature <= 0n || signature >= pubKey.n)
+        return false;
+    const expected = fdh(tokenBytes, pubKey.n, pubKey.modulusBytes);
+    const actual = rawPublicOp(pubKey, signature);
+    return expected === actual;
+}
+// ======================================================================
+//  Key generation and export/import
+// ======================================================================
+export function generateGroupKey(bits = 2048) {
+    const { publicKey, privateKey } = generateKeyPairSync('rsa', {
+        modulusLength: bits,
+        publicExponent: 65537,
+    });
+    const jwk = publicKey.export({ format: 'jwk' });
+    const n = bytesToBigint(Buffer.from(jwk.n, 'base64url'));
+    const e = bytesToBigint(Buffer.from(jwk.e, 'base64url'));
+    const modulusBytes = Math.ceil(bits / 8);
+    return {
+        n, e, modulusBytes,
+        keyObj: publicKey,
+        keyObjPriv: privateKey,
+    };
+}
+export function exportGroupPublicKey(key) {
+    return {
+        n: key.n.toString(16),
+        e: key.e.toString(16),
+        modulusBytes: key.modulusBytes,
+    };
+}
+export function importGroupPublicKey(exported) {
+    const n = BigInt('0x' + exported.n);
+    const e = BigInt('0x' + exported.e);
+    const nBytes = bigintToBytes(n, exported.modulusBytes);
+    let eHex = e.toString(16);
+    if (eHex.length % 2)
+        eHex = '0' + eHex;
+    const eBytes = Buffer.from(eHex, 'hex');
+    const keyObj = createPublicKey({
+        key: {
+            kty: 'RSA',
+            n: nBytes.toString('base64url'),
+            e: eBytes.toString('base64url'),
+        },
+        format: 'jwk',
+    });
+    return { n, e, modulusBytes: exported.modulusBytes, keyObj };
+}
+/**
+ * Admin holds the group private key and a roster of authorized members.
+ * Admin does NOT hold any of the tokens, by design — blind signing means
+ * the admin never sees what they signed. This is the key privacy property.
+ *
+ * The admin's responsibilities are purely social: decide who's in the
+ * group, set per-member quotas, rotate the group key when someone leaves.
+ */
+export class GroupAdmin {
+    groupId;
+    key;
+    members;
+    constructor(groupId, key, members) {
+        this.groupId = groupId;
+        this.key = key;
+        this.members = members;
+    }
+    static create(groupId, bits = 2048) {
+        return new GroupAdmin(groupId, generateGroupKey(bits), new Map());
+    }
+    addMember(pubkey, quotaPerBatch = 100, validForDays = 365) {
+        this.members.set(pubkey, {
+            pubkey,
+            expiresAt: Date.now() + validForDays * 86400_000,
+            quotaPerBatch,
+        });
+    }
+    removeMember(pubkey) {
+        return this.members.delete(pubkey);
+    }
+    /**
+     * Sign a batch of blinded tokens submitted by a member. The admin
+     * authenticates the request out-of-band (member identity auth happens
+     * at the HTTP layer via a member signing key — not modelled here).
+     *
+     * Throws on: unknown member, expired membership, batch-too-large.
+     */
+    signBatch(memberPubkey, blinded) {
+        const member = this.members.get(memberPubkey);
+        if (!member)
+            throw new Error(`unknown member: ${memberPubkey.slice(0, 16)}...`);
+        if (member.expiresAt < Date.now())
+            throw new Error('member membership expired');
+        if (blinded.length > member.quotaPerBatch) {
+            throw new Error(`batch size ${blinded.length} exceeds quota ${member.quotaPerBatch}`);
+        }
+        return blinded.map((b) => signBlinded(b, this.key));
+    }
+    publicKey() {
+        return exportGroupPublicKey(this.key);
+    }
+}
+/**
+ * Member holds an identity pubkey (used by the admin for roster lookup)
+ * and a local stash of unused (token, signature) pairs. Tokens are single-
+ * use — consume one per borrow. Admin never saw any of these tokens.
+ */
+export class GroupMember {
+    memberPubkey;
+    groupPublicKey;
+    tokens = [];
+    constructor(memberPubkey, groupPublicKey) {
+        this.memberPubkey = memberPubkey;
+        this.groupPublicKey = groupPublicKey;
+    }
+    /**
+     * Step 1 of a token batch: generate random tokens, blind each, return
+     * the blinded values (to send to admin) plus the per-token state
+     * (kept locally for unblinding after admin responds).
+     */
+    prepareBatch(count) {
+        const blinded = [];
+        const state = [];
+        for (let i = 0; i < count; i++) {
+            const token = randomBytes(32);
+            const { blinded: b, r } = blindToken(token, this.groupPublicKey);
+            blinded.push(b);
+            state.push({ token, r });
+        }
+        return { blinded, state };
+    }
+    /**
+     * Step 2 of a token batch: unblind each admin-signed value, verify the
+     * resulting raw signature, and add the (token, signature) pair to the
+     * local stash. Any verification failure throws — we never store a token
+     * whose signature doesn't check out.
+     */
+    finalizeBatch(signedBlinded, state) {
+        if (signedBlinded.length !== state.length) {
+            throw new Error('finalizeBatch: length mismatch');
+        }
+        const toStore = [];
+        for (let i = 0; i < signedBlinded.length; i++) {
+            const signature = unblindSignature(signedBlinded[i], state[i].r, this.groupPublicKey);
+            if (!verifyTokenSignature(state[i].token, signature, this.groupPublicKey)) {
+                throw new Error(`finalizeBatch: signature ${i} failed verification`);
+            }
+            toStore.push({ token: state[i].token, signature });
+        }
+        this.tokens.push(...toStore);
+    }
+    consumeToken() {
+        return this.tokens.shift() ?? null;
+    }
+    tokenCount() {
+        return this.tokens.length;
+    }
+}
+/**
+ * Lender holds the group public key and a set of token hashes that have
+ * already been redeemed. Memory-only in v1; a persisted set would be a
+ * sqlite table keyed on token hash, or just a file of sha256 hex lines.
+ *
+ * The lender LEARNS NOTHING about which member borrowed. That's the
+ * whole point — blind signatures decouple "who signed this request"
+ * (the admin, uniformly) from "who holds the token" (one specific
+ * member who is anonymous to the lender).
+ */
+export class GroupLender {
+    groupId;
+    groupPublicKey;
+    seenTokens = new Set();
+    maxSeenTokens;
+    constructor(groupId, groupPublicKey, opts = {}) {
+        this.groupId = groupId;
+        this.groupPublicKey = groupPublicKey;
+        this.maxSeenTokens = opts.maxSeenTokens ?? 100_000;
+    }
+    acceptBorrow(token, signature) {
+        if (!verifyTokenSignature(token, signature, this.groupPublicKey)) {
+            return { ok: false, reason: 'invalid_signature' };
+        }
+        const hash = createHash('sha256').update(token).digest('hex');
+        if (this.seenTokens.has(hash)) {
+            return { ok: false, reason: 'double_spend' };
+        }
+        this.seenTokens.add(hash);
+        if (this.seenTokens.size > this.maxSeenTokens) {
+            const oldest = this.seenTokens.values().next().value;
+            if (oldest)
+                this.seenTokens.delete(oldest);
+        }
+        return { ok: true };
+    }
+    seenCount() {
+        return this.seenTokens.size;
+    }
+}
+export function encodeBorrowEnvelope(groupId, bt, request) {
+    const env = {
+        v: 1,
+        groupId,
+        token: bt.token.toString('base64url'),
+        sig: bt.signature.toString(16),
+        request,
+    };
+    return JSON.stringify(env);
+}
+export function decodeBorrowEnvelope(s) {
+    try {
+        const obj = JSON.parse(s);
+        if (obj?.v !== 1 ||
+            typeof obj.groupId !== 'string' ||
+            typeof obj.token !== 'string' ||
+            typeof obj.sig !== 'string' ||
+            obj.request === undefined) {
+            return null;
+        }
+        return obj;
+    }
+    catch {
+        return null;
+    }
+}
+export function parseBorrowToken(env) {
+    try {
+        return {
+            token: Buffer.from(env.token, 'base64url'),
+            signature: BigInt('0x' + env.sig),
+        };
+    }
+    catch {
+        return null;
+    }
+}

package/dist/shim/host.d.ts

@@ -0,0 +1,59 @@
+/**
+ * Shim host — dario-side of the shim transport.
+ *
+ * Runs `dario shim -- <cmd> [args...]`. Spawns the child with NODE_OPTIONS
+ * pointing at the shim runtime, listens on a unix socket (or named pipe on
+ * Windows) for billing relay events from the runtime, feeds them into the
+ * Analytics class, and forwards the child's stdio to the host TTY so the
+ * user experience is identical to running the command directly.
+ *
+ * Why a socket and not a file or stdout: the runtime patches `globalThis.fetch`
+ * inside the *child*'s process — that child still owns its own stdout (the
+ * user's TTY), and we don't want shim relay traffic interleaved with CC's
+ * normal output. A unix socket gives us a clean side-channel, lets the host
+ * keep accumulating analytics across the child's lifetime, and stays open if
+ * the child re-execs (rare but possible with claude wrappers).
+ *
+ * See v3.12.0 CHANGELOG for the design rationale.
+ */
+import { Analytics } from './../analytics.js';
+/**
+ * Locate the shim runtime CJS file. In the published package it lives at
+ * `dist/shim/runtime.cjs` next to this module's compiled output. In dev
+ * (running via tsx from src/) it lives at `src/shim/runtime.cjs`.
+ */
+export declare function locateShimRuntime(): string;
+interface RelayEvent {
+    kind: 'request' | 'response';
+    timestamp: number;
+    bytes?: number;
+    status?: number;
+    claim?: string | null;
+    overageUtil?: number | null;
+}
+export interface ShimHostOptions {
+    /** Command to spawn (the user's claude binary, or any node-based CC wrapper). */
+    command: string;
+    /** Args passed through to the child. */
+    args: string[];
+    /** Override the template path the runtime reads. Defaults to ~/.dario/cc-template.live.json. */
+    templatePath?: string;
+    /** Print per-event lines to stderr. */
+    verbose?: boolean;
+    /** Optional Analytics sink. If omitted, a fresh instance is created. */
+    analytics?: Analytics;
+}
+export interface ShimHostResult {
+    exitCode: number;
+    events: RelayEvent[];
+    analytics: Analytics;
+}
+/**
+ * Spawn the child command with the shim runtime injected, relay billing
+ * events to Analytics, return when the child exits.
+ *
+ * Stdio is inherited so the user sees the child's output exactly as if they
+ * had run it without the shim.
+ */
+export declare function runShim(opts: ShimHostOptions): Promise<ShimHostResult>;
+export {};

package/dist/shim/host.js

@@ -0,0 +1,169 @@
+/**
+ * Shim host — dario-side of the shim transport.
+ *
+ * Runs `dario shim -- <cmd> [args...]`. Spawns the child with NODE_OPTIONS
+ * pointing at the shim runtime, listens on a unix socket (or named pipe on
+ * Windows) for billing relay events from the runtime, feeds them into the
+ * Analytics class, and forwards the child's stdio to the host TTY so the
+ * user experience is identical to running the command directly.
+ *
+ * Why a socket and not a file or stdout: the runtime patches `globalThis.fetch`
+ * inside the *child*'s process — that child still owns its own stdout (the
+ * user's TTY), and we don't want shim relay traffic interleaved with CC's
+ * normal output. A unix socket gives us a clean side-channel, lets the host
+ * keep accumulating analytics across the child's lifetime, and stays open if
+ * the child re-execs (rare but possible with claude wrappers).
+ *
+ * See v3.12.0 CHANGELOG for the design rationale.
+ */
+import { createServer } from 'node:net';
+import { spawn } from 'node:child_process';
+import { mkdtempSync, existsSync } from 'node:fs';
+import { tmpdir, homedir } from 'node:os';
+import { join, dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { Analytics } from './../analytics.js';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+/**
+ * Locate the shim runtime CJS file. In the published package it lives at
+ * `dist/shim/runtime.cjs` next to this module's compiled output. In dev
+ * (running via tsx from src/) it lives at `src/shim/runtime.cjs`.
+ */
+export function locateShimRuntime() {
+    const candidates = [
+        join(__dirname, 'runtime.cjs'), // dist/shim/runtime.cjs (production)
+        join(__dirname, '..', '..', 'src', 'shim', 'runtime.cjs'), // dev: from dist/shim → ../../src/shim
+        join(__dirname, '..', 'src', 'shim', 'runtime.cjs'), // dev: from src/shim → ../src/shim (rare)
+    ];
+    for (const c of candidates) {
+        if (existsSync(c))
+            return c;
+    }
+    throw new Error(`shim runtime not found; checked: ${candidates.join(', ')}`);
+}
+/**
+ * Pick a socket path: unix domain socket on POSIX, named pipe on Windows.
+ * Both forms are accepted directly by net.createServer / net.connect.
+ */
+function makeSockPath() {
+    if (process.platform === 'win32') {
+        return `\\\\.\\pipe\\dario-shim-${process.pid}-${Date.now()}`;
+    }
+    const dir = mkdtempSync(join(tmpdir(), 'dario-shim-'));
+    return join(dir, 'sock');
+}
+/**
+ * Build the child env. We *prepend* our --require to NODE_OPTIONS rather than
+ * overwrite, so existing user NODE_OPTIONS (debuggers, source maps, tracers)
+ * still apply. Quoting paths defends against spaces in the dario install dir.
+ */
+function buildChildEnv(parentEnv, runtimePath, sockPath, templatePath, verbose) {
+    const requireFlag = `--require=${JSON.stringify(runtimePath)}`;
+    const existing = parentEnv.NODE_OPTIONS ?? '';
+    const NODE_OPTIONS = existing ? `${requireFlag} ${existing}` : requireFlag;
+    return {
+        ...parentEnv,
+        NODE_OPTIONS,
+        DARIO_SHIM: '1',
+        DARIO_SHIM_SOCK: sockPath,
+        DARIO_SHIM_TEMPLATE: templatePath,
+        ...(verbose ? { DARIO_SHIM_VERBOSE: '1' } : {}),
+    };
+}
+/** Stream parser: relay events arrive as newline-delimited JSON over the socket. */
+function makeSocketHandler(events, analytics, verbose) {
+    return (sock) => {
+        let buf = '';
+        sock.setEncoding('utf-8');
+        sock.on('data', (chunk) => {
+            buf += chunk;
+            let nl;
+            while ((nl = buf.indexOf('\n')) !== -1) {
+                const line = buf.slice(0, nl);
+                buf = buf.slice(nl + 1);
+                if (!line)
+                    continue;
+                try {
+                    const event = JSON.parse(line);
+                    events.push(event);
+                    if (event.kind === 'response') {
+                        // Synthesize a minimal RequestRecord so this surfaces in /analytics.
+                        // Token counts aren't available from the shim transport — the runtime
+                        // would need to parse the SSE stream to extract them, which we
+                        // explicitly chose not to do (it's expensive and intrusive). So this
+                        // is a request-count + claim-tracking record, not a token-cost record.
+                        analytics.record({
+                            timestamp: event.timestamp ?? Date.now(),
+                            account: 'shim',
+                            model: 'unknown',
+                            inputTokens: 0, outputTokens: 0,
+                            cacheReadTokens: 0, cacheCreateTokens: 0, thinkingTokens: 0,
+                            claim: event.claim ?? '',
+                            util5h: 0, util7d: 0,
+                            overageUtil: event.overageUtil ?? 0,
+                            latencyMs: 0,
+                            status: event.status ?? 0,
+                            isStream: false,
+                            isOpenAI: false,
+                        });
+                    }
+                    if (verbose) {
+                        process.stderr.write(`[dario shim] ${JSON.stringify(event)}\n`);
+                    }
+                }
+                catch {
+                    // Malformed line — drop silently. The runtime is best-effort.
+                }
+            }
+        });
+    };
+}
+/** Internal: stand up the socket server and resolve when it's listening. */
+function startSocketServer(sockPath, events, analytics, verbose) {
+    return new Promise((resolve, reject) => {
+        const server = createServer(makeSocketHandler(events, analytics, verbose));
+        server.once('error', reject);
+        server.listen(sockPath, () => resolve(server));
+    });
+}
+/**
+ * Spawn the child command with the shim runtime injected, relay billing
+ * events to Analytics, return when the child exits.
+ *
+ * Stdio is inherited so the user sees the child's output exactly as if they
+ * had run it without the shim.
+ */
+export async function runShim(opts) {
+    const runtimePath = locateShimRuntime();
+    const sockPath = makeSockPath();
+    const templatePath = opts.templatePath ?? join(homedir(), '.dario', 'cc-template.live.json');
+    const verbose = opts.verbose ?? false;
+    const analytics = opts.analytics ?? new Analytics();
+    const events = [];
+    const server = await startSocketServer(sockPath, events, analytics, verbose);
+    let child;
+    try {
+        child = spawn(opts.command, opts.args, {
+            stdio: 'inherit',
+            env: buildChildEnv(process.env, runtimePath, sockPath, templatePath, verbose),
+        });
+    }
+    catch (e) {
+        server.close();
+        throw e;
+    }
+    const exitCode = await new Promise((resolve) => {
+        child.on('exit', (code, signal) => {
+            if (signal)
+                resolve(128 + (signal === 'SIGTERM' ? 15 : 1));
+            else
+                resolve(code ?? 0);
+        });
+        child.on('error', () => resolve(1));
+    });
+    // Give any in-flight relay writes a brief window to land before tearing down.
+    await new Promise((r) => setTimeout(r, 50));
+    server.close();
+    return { exitCode, events, analytics };
+}