@cello-protocol/daemon 0.0.3 → 0.0.4

package/dist/connect-or-start.js

@@ -0,0 +1,117 @@
+/**
+ * Connect-or-start logic for the CELLO daemon.
+ *
+ * Pseudocode:
+ * 1. connectOrStart(celloDir, logger):
+ *    a. Read lock file at ~/.cello/daemon.lock
+ *    b. If lock exists:
+ *       - Check if PID is alive (signal 0)
+ *       - If alive, attempt to connect to socket
+ *       - If connection succeeds, return existing daemon client
+ *       - If connection fails (socket gone), remove stale lock and start fresh
+ *    c. If lock doesn't exist or is stale:
+ *       - Remove stale lock (log daemon_lock_stale_removed)
+ *       - Spawn daemon as detached child process
+ *       - Wait for daemon.started event (read from child stdout)
+ *       - Return client connected to new daemon
+ */
+import { spawn } from "node:child_process";
+import { join } from "node:path";
+import { readLock, removeLock, isProcessAlive } from "./lock-file.js";
+import { connectToDaemon } from "./ipc-client.js";
+export async function connectOrStart(celloDir, logger, daemonBin) {
+    const lockFilePath = join(celloDir, "daemon.lock");
+    // Read existing lock
+    const lock = await readLock(lockFilePath);
+    if (lock) {
+        if (isProcessAlive(lock.pid)) {
+            // Try connecting to the existing daemon
+            try {
+                const client = await connectToDaemon(lock.socketPath);
+                return { client, alreadyRunning: true };
+            }
+            catch (err) {
+                logger.info("daemon.lock.stale", {
+                    pid: lock.pid,
+                    reason: "socket_unreachable",
+                    error: err instanceof Error ? err.message : String(err),
+                });
+                await removeLock(lockFilePath, logger);
+            }
+        }
+        else {
+            // PID is dead — stale lock
+            logger.info("daemon.lock.stale", {
+                pid: lock.pid,
+                reason: "process_dead",
+            });
+            await removeLock(lockFilePath, logger);
+        }
+    }
+    // Start a new daemon
+    const client = await spawnDaemon(celloDir, daemonBin, lockFilePath, logger);
+    return { client, alreadyRunning: false };
+}
+async function spawnDaemon(celloDir, daemonBin, _lockFilePath, _logger) {
+    return new Promise((resolve, reject) => {
+        const child = spawn(process.execPath, [daemonBin], {
+            detached: true,
+            stdio: ["ignore", "pipe", "ignore"],
+            env: {
+                ...process.env,
+                CELLO_DIR: celloDir,
+            },
+        });
+        let stdoutBuf = "";
+        const timeout = setTimeout(() => {
+            child.kill();
+            reject(new Error("Daemon failed to start within 10 seconds"));
+        }, 10_000);
+        child.stdout.on("data", (chunk) => {
+            stdoutBuf += chunk.toString("utf-8");
+            // Look for daemon.started event line
+            const lines = stdoutBuf.split("\n");
+            for (const line of lines) {
+                if (line.trim().length === 0)
+                    continue;
+                try {
+                    const event = JSON.parse(line);
+                    if (event.event === "daemon.started") {
+                        clearTimeout(timeout);
+                        child.stdout.removeAllListeners();
+                        child.unref();
+                        // Connect to the newly started daemon
+                        const socketPath = event.ipcSocketPath;
+                        connectToDaemon(socketPath).then(resolve).catch(reject);
+                        return;
+                    }
+                    if (event.event === "daemon.startup.failed") {
+                        clearTimeout(timeout);
+                        child.stdout.removeAllListeners();
+                        const errorMsg = typeof event.error === "string"
+                            ? event.error
+                            : event.error instanceof Error
+                                ? event.error.message
+                                : String(event.error || "Daemon startup failed");
+                        reject(new Error(errorMsg));
+                        return;
+                    }
+                }
+                catch {
+                    // Not JSON — ignore
+                }
+            }
+        });
+        child.on("error", (err) => {
+            clearTimeout(timeout);
+            reject(err);
+        });
+        child.on("exit", (code) => {
+            clearTimeout(timeout);
+            if (code !== 0) {
+                reject(new Error(`Daemon exited with code ${code}`));
+            }
+        });
+    });
+}
+//# sourceMappingURL=connect-or-start.js.map

package/dist/connect-or-start.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"connect-or-start.js","sourceRoot":"","sources":["../src/connect-or-start.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACtE,OAAO,EAAE,eAAe,EAAkB,MAAM,iBAAiB,CAAC;AAQlE,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,MAAc,EACd,SAAiB;IAEjB,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IAEnD,qBAAqB;IACrB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;IAE1C,IAAI,IAAI,EAAE,CAAC;QACT,IAAI,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,wCAAwC;YACxC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBACtD,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;YAC1C,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE;oBAC/B,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,MAAM,EAAE,oBAAoB;oBAC5B,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;iBACxD,CAAC,CAAC;gBACH,MAAM,UAAU,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;aAAM,CAAC;YACN,2BAA2B;YAC3B,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE;gBAC/B,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,MAAM,EAAE,cAAc;aACvB,CAAC,CAAC;YACH,MAAM,UAAU,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;IAC5E,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC;AAC3C,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,QAAgB,EAChB,SAAiB,EACjB,aAAqB,EACrB,OAAe;IAEf,OAAO,IAAI,OAAO,CAAY,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAChD,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,SAAS,CAAC,EAAE;YACjD,QAAQ,EAAE,IAAI;YACd,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;YACnC,GAAG,EAAE;gBACH,GAAG,OAAO,CAAC,GAAG;gBACd,SAAS,EAAE,QAAQ;aACpB;SACF,CAAC,CAAC;QAEH,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;YAC9B,KAAK,CAAC,IAAI,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC,CAAC;QAChE,CAAC,EAAE,MAAM,CAAC,CAAC;QAEX,KAAK,CAAC,MAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACzC,SAAS,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACrC,qCAAqC;YACrC,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACpC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC;oBAAE,SAAS;gBACvC,IAAI,CAAC;oBACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;oBAC1D,IAAI,KAAK,CAAC,KAAK,KAAK,gBAAgB,EAAE,CAAC;wBACrC,YAAY,CAAC,OAAO,CAAC,CAAC;wBACtB,KAAK,CAAC,MAAO,CAAC,kBAAkB,EAAE,CAAC;wBACnC,KAAK,CAAC,KAAK,EAAE,CAAC;wBACd,sCAAsC;wBACtC,MAAM,UAAU,GAAG,KAAK,CAAC,aAAuB,CAAC;wBACjD,eAAe,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;wBACxD,OAAO;oBACT,CAAC;oBACD,IAAI,KAAK,CAAC,KAAK,KAAK,uBAAuB,EAAE,CAAC;wBAC5C,YAAY,CAAC,OAAO,CAAC,CAAC;wBACtB,KAAK,CAAC,MAAO,CAAC,kBAAkB,EAAE,CAAC;wBACnC,MAAM,QAAQ,GAAG,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ;4BAC9C,CAAC,CAAC,KAAK,CAAC,KAAK;4BACb,CAAC,CAAC,KAAK,CAAC,KAAK,YAAY,KAAK;gCAC5B,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO;gCACrB,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAI,uBAAuB,CAAC,CAAC;wBACrD,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;wBAC5B,OAAO;oBACT,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,oBAAoB;gBACtB,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;YAC/B,YAAY,CAAC,OAAO,CAAC,CAAC;YACtB,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAmB,EAAE,EAAE;YACvC,YAAY,CAAC,OAAO,CAAC,CAAC;YACtB,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,2BAA2B,IAAI,EAAE,CAAC,CAAC,CAAC;YACvD,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/content-park-client.d.ts

@@ -0,0 +1,49 @@
+import type { CelloNode } from "@cello-protocol/transport";
+import type { KeyProvider } from "@cello-protocol/crypto";
+import type { Logger } from "./types.js";
+/** A single parked entry returned by pull(). */
+export interface ParkedEntry {
+    contentHashHex: string;
+    sessionIdHex: string;
+    ciphertext: Uint8Array;
+}
+export interface ContentParkClientOptions {
+    /** Relay libp2p peer id (12D3Koo…) — from the session assignment's relay endpoint. */
+    relayPeerId: string;
+    /** Relay multiaddrs to dial. */
+    relayAddrs: string[];
+    logger: Logger;
+}
+export declare class ContentParkClient {
+    #private;
+    constructor(opts: ContentParkClientOptions);
+    /**
+     * Deposit ciphertext into the recipient's relay mailbox (sender side). Deposit is OPEN by
+     * design — the blob is E2E-encrypted to the recipient, so an unauthenticated deposit cannot
+     * leak plaintext.
+     */
+    deposit(node: CelloNode, args: {
+        recipientPubkey: Uint8Array;
+        contentHash: Uint8Array;
+        sessionId: Uint8Array;
+        ciphertext: Uint8Array;
+    }): Promise<{
+        ok: boolean;
+        reason?: string;
+    }>;
+    /**
+     * Pull the recipient's parked entries (recipient side). Runs the relay's auth challenge:
+     * sign buildContentParkAuthMsg(nonce, recipientPubkey) with the recipient's K_local to prove
+     * ownership before the relay releases anything.
+     */
+    pull(node: CelloNode, recipientPubkey: Uint8Array, signer: KeyProvider): Promise<ParkedEntry[]>;
+    /**
+     * Confirm-delete one parked entry (recipient side). The relay is delete-on-CONFIRM, not
+     * delete-on-pull, so without this the mailbox never drains and every reconnect re-pulls the whole
+     * history. Mirrors pull's I1 auth (sign buildContentParkAuthMsg(nonce, recipientPubkey)). Called
+     * after a parked entry is durably ingested. Best-effort: a failed confirm leaves the entry (it will
+     * be re-pulled + deduped next time, and the relay TTL eventually evicts it) — never loses content.
+     */
+    confirm(node: CelloNode, recipientPubkey: Uint8Array, contentHash: Uint8Array, signer: KeyProvider): Promise<boolean>;
+}
+//# sourceMappingURL=content-park-client.d.ts.map

package/dist/content-park-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"content-park-client.d.ts","sourceRoot":"","sources":["../src/content-park-client.ts"],"names":[],"mappings":"AA4BA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAE1D,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAkBzC,gDAAgD;AAChD,MAAM,WAAW,WAAW;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,UAAU,CAAC;CACxB;AAED,MAAM,WAAW,wBAAwB;IACvC,sFAAsF;IACtF,WAAW,EAAE,MAAM,CAAC;IACpB,gCAAgC;IAChC,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,iBAAiB;;gBAKhB,IAAI,EAAE,wBAAwB;IAM1C;;;;OAIG;IACG,OAAO,CACX,IAAI,EAAE,SAAS,EACf,IAAI,EAAE;QAAE,eAAe,EAAE,UAAU,CAAC;QAAC,WAAW,EAAE,UAAU,CAAC;QAAC,SAAS,EAAE,UAAU,CAAC;QAAC,UAAU,EAAE,UAAU,CAAA;KAAE,GAC5G,OAAO,CAAC;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IA+B5C;;;;OAIG;IACG,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAoDrG;;;;;;OAMG;IACG,OAAO,CAAC,IAAI,EAAE,SAAS,EAAE,eAAe,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC;CAwD5H"}

package/dist/content-park-client.js

@@ -0,0 +1,196 @@
+/**
+ * M7 MSG-001-3b — daemon-side content-park CLIENT (deposit + pull).
+ *
+ * The relay runs a store-and-forward "mailbox" so a message survives the recipient being
+ * OFFLINE: the sender DEPOSITS ciphertext keyed to the recipient's pubkey; when the
+ * recipient comes online it PULLS its parked entries. The relay holds CIPHERTEXT only
+ * (sealed to the recipient — INV-3); it is a hash custodian, not a data custodian.
+ *
+ * This is the daemon counterpart to `packages/relay/src/content-park.ts` (the relay handler).
+ * It speaks the same protocol (`/cello/content-park/1.0.0`, CBOR frames, length-prefixed) over
+ * a libp2p stream, exactly mirroring the dial/stream/framing of `session-relay-client.ts` (the
+ * hash-witness client) — only the protocol ID and the frames differ.
+ *
+ * Wire contract (relay is authoritative — packages/relay/src/content-park.ts):
+ *   deposit:  → content_park_deposit { recipient_pubkey, content_hash, session_id, ciphertext }
+ *             ← content_park_deposit_ack { content_hash, ok, reason? }
+ *   pull:     → content_park_pull_request { recipient_pubkey, content_hash? }
+ *             ← content_park_auth_challenge { nonce(32) }          (I1: prove recipient identity)
+ *             → content_park_auth_response { signature(64) }       Ed25519(buildContentParkAuthMsg)
+ *             ← content_park_pull_count { count }
+ *             ← count × content_park_pull_response { found, content_hash, session_id?, ciphertext? }
+ *
+ * Crypto: Ed25519 (RFC 8032). The pull auth binds the caller to the recipient identity key so a
+ * stranger cannot drain another recipient's mailbox (the recipient pubkey is public).
+ */
+import * as lp from "it-length-prefixed";
+import { Encoder, decode } from "cbor-x";
+import { CONTENT_PARK_PROTOCOL_ID, buildContentParkAuthMsg } from "@cello-protocol/protocol-types";
+const CBOR_ENC = new Encoder({ tagUint8Array: false });
+const FRAME_TIMEOUT_MS = 8_000;
+function toU8(chunk) {
+    if (chunk instanceof Uint8Array)
+        return chunk;
+    const c = chunk;
+    if (typeof c?.subarray === "function")
+        return c.subarray();
+    return new Uint8Array(chunk);
+}
+function asBytes(v) {
+    if (v instanceof Uint8Array)
+        return v;
+    if (typeof Buffer !== "undefined" && Buffer.isBuffer(v))
+        return new Uint8Array(v);
+    return null;
+}
+export class ContentParkClient {
+    #relayPeerId;
+    #relayAddrs;
+    #logger;
+    constructor(opts) {
+        this.#relayPeerId = opts.relayPeerId;
+        this.#relayAddrs = opts.relayAddrs;
+        this.#logger = opts.logger;
+    }
+    /**
+     * Deposit ciphertext into the recipient's relay mailbox (sender side). Deposit is OPEN by
+     * design — the blob is E2E-encrypted to the recipient, so an unauthenticated deposit cannot
+     * leak plaintext.
+     */
+    async deposit(node, args) {
+        const stream = await this.#open(node);
+        try {
+            const iter = this.#iter(stream);
+            stream.send(lp.encode.single(CBOR_ENC.encode({
+                type: "content_park_deposit",
+                recipient_pubkey: args.recipientPubkey,
+                content_hash: args.contentHash,
+                session_id: args.sessionId,
+                ciphertext: args.ciphertext,
+            })));
+            const ack = await this.#read(iter);
+            if (!ack || ack["type"] !== "content_park_deposit_ack") {
+                return { ok: false, reason: "no_deposit_ack" };
+            }
+            const ok = ack["ok"] === true;
+            this.#logger.info("content.park.deposit.result", {
+                relayPeerId: this.#relayPeerId,
+                ok,
+                reason: typeof ack["reason"] === "string" ? ack["reason"] : undefined,
+            });
+            return { ok, reason: typeof ack["reason"] === "string" ? ack["reason"] : undefined };
+        }
+        finally {
+            await stream.close().catch(() => { });
+        }
+    }
+    /**
+     * Pull the recipient's parked entries (recipient side). Runs the relay's auth challenge:
+     * sign buildContentParkAuthMsg(nonce, recipientPubkey) with the recipient's K_local to prove
+     * ownership before the relay releases anything.
+     */
+    async pull(node, recipientPubkey, signer) {
+        const stream = await this.#open(node);
+        try {
+            const iter = this.#iter(stream);
+            stream.send(lp.encode.single(CBOR_ENC.encode({ type: "content_park_pull_request", recipient_pubkey: recipientPubkey })));
+            // I1 auth challenge → response.
+            const challenge = await this.#read(iter);
+            if (!challenge || challenge["type"] !== "content_park_auth_challenge") {
+                this.#logger.warn("content.park.pull.failed", { relayPeerId: this.#relayPeerId, reason: "no_auth_challenge" });
+                return [];
+            }
+            const nonce = asBytes(challenge["nonce"]);
+            if (!nonce)
+                return [];
+            const signature = await signer.sign(buildContentParkAuthMsg(nonce, recipientPubkey));
+            stream.send(lp.encode.single(CBOR_ENC.encode({ type: "content_park_auth_response", signature })));
+            // Count header, then N responses.
+            const countFrame = await this.#read(iter);
+            if (!countFrame || countFrame["type"] !== "content_park_pull_count") {
+                this.#logger.warn("content.park.pull.failed", { relayPeerId: this.#relayPeerId, reason: "no_pull_count" });
+                return [];
+            }
+            const count = typeof countFrame["count"] === "number" ? countFrame["count"] : 0;
+            const entries = [];
+            for (let i = 0; i < count; i++) {
+                const r = await this.#read(iter);
+                if (!r || r["type"] !== "content_park_pull_response")
+                    break;
+                if (r["found"] !== true)
+                    continue;
+                const contentHash = asBytes(r["content_hash"]);
+                const sessionId = asBytes(r["session_id"]);
+                const ciphertext = asBytes(r["ciphertext"]);
+                if (!contentHash || !ciphertext)
+                    continue;
+                entries.push({
+                    contentHashHex: Buffer.from(contentHash).toString("hex"),
+                    sessionIdHex: sessionId ? Buffer.from(sessionId).toString("hex") : "",
+                    ciphertext,
+                });
+            }
+            this.#logger.info("content.park.pull.result", { relayPeerId: this.#relayPeerId, count: entries.length });
+            return entries;
+        }
+        finally {
+            await stream.close().catch(() => { });
+        }
+    }
+    /**
+     * Confirm-delete one parked entry (recipient side). The relay is delete-on-CONFIRM, not
+     * delete-on-pull, so without this the mailbox never drains and every reconnect re-pulls the whole
+     * history. Mirrors pull's I1 auth (sign buildContentParkAuthMsg(nonce, recipientPubkey)). Called
+     * after a parked entry is durably ingested. Best-effort: a failed confirm leaves the entry (it will
+     * be re-pulled + deduped next time, and the relay TTL eventually evicts it) — never loses content.
+     */
+    async confirm(node, recipientPubkey, contentHash, signer) {
+        const stream = await this.#open(node);
+        try {
+            const iter = this.#iter(stream);
+            stream.send(lp.encode.single(CBOR_ENC.encode({ type: "content_park_confirm", recipient_pubkey: recipientPubkey, content_hash: contentHash })));
+            const challenge = await this.#read(iter);
+            if (!challenge || challenge["type"] !== "content_park_auth_challenge") {
+                this.#logger.warn("content.park.confirm.failed", { relayPeerId: this.#relayPeerId, reason: "no_auth_challenge" });
+                return false;
+            }
+            const nonce = asBytes(challenge["nonce"]);
+            if (!nonce)
+                return false;
+            const signature = await signer.sign(buildContentParkAuthMsg(nonce, recipientPubkey));
+            stream.send(lp.encode.single(CBOR_ENC.encode({ type: "content_park_auth_response", signature })));
+            const ack = await this.#read(iter);
+            const ok = !!ack && ack["type"] === "content_park_confirm_ack" && ack["ok"] === true;
+            if (!ok)
+                this.#logger.warn("content.park.confirm.failed", { relayPeerId: this.#relayPeerId, reason: "no_confirm_ack" });
+            return ok;
+        }
+        finally {
+            await stream.close().catch(() => { });
+        }
+    }
+    /** Dial the relay (best-effort per addr) and open a content-park stream. */
+    async #open(node) {
+        for (const addr of this.#relayAddrs) {
+            try {
+                await node.dial(addr);
+                break;
+            }
+            catch {
+                /* try the next addr; newStream below may still succeed from the peerstore */
+            }
+        }
+        return node.newStream(this.#relayPeerId, CONTENT_PARK_PROTOCOL_ID);
+    }
+    #iter(stream) {
+        return lp.decode(stream)[Symbol.asyncIterator]();
+    }
+    async #read(iter) {
+        const timeout = new Promise((_, reject) => setTimeout(() => reject(new Error("content_park_frame_timeout")), FRAME_TIMEOUT_MS));
+        const res = (await Promise.race([iter.next(), timeout]));
+        if (res.done || res.value === undefined)
+            return null;
+        return decode(toU8(res.value));
+    }
+}
+//# sourceMappingURL=content-park-client.js.map

package/dist/content-park-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"content-park-client.js","sourceRoot":"","sources":["../src/content-park-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,OAAO,KAAK,EAAE,MAAM,oBAAoB,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAIzC,OAAO,EAAE,wBAAwB,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AAGnG,MAAM,QAAQ,GAAG,IAAI,OAAO,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,CAAC;AACvD,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAE/B,SAAS,IAAI,CAAC,KAAc;IAC1B,IAAI,KAAK,YAAY,UAAU;QAAE,OAAO,KAAK,CAAC;IAC9C,MAAM,CAAC,GAAG,KAAwC,CAAC;IACnD,IAAI,OAAO,CAAC,EAAE,QAAQ,KAAK,UAAU;QAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC3D,OAAO,IAAI,UAAU,CAAC,KAAwB,CAAC,CAAC;AAClD,CAAC;AAED,SAAS,OAAO,CAAC,CAAU;IACzB,IAAI,CAAC,YAAY,UAAU;QAAE,OAAO,CAAC,CAAC;IACtC,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,UAAU,CAAC,CAAW,CAAC,CAAC;IAC5F,OAAO,IAAI,CAAC;AACd,CAAC;AAiBD,MAAM,OAAO,iBAAiB;IACnB,YAAY,CAAS;IACrB,WAAW,CAAW;IACtB,OAAO,CAAS;IAEzB,YAAY,IAA8B;QACxC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC;QACrC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC;QACnC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC;IAC7B,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,OAAO,CACX,IAAe,EACf,IAA6G;QAE7G,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAChC,MAAM,CAAC,IAAI,CACT,EAAE,CAAC,MAAM,CAAC,MAAM,CACd,QAAQ,CAAC,MAAM,CAAC;gBACd,IAAI,EAAE,sBAAsB;gBAC5B,gBAAgB,EAAE,IAAI,CAAC,eAAe;gBACtC,YAAY,EAAE,IAAI,CAAC,WAAW;gBAC9B,UAAU,EAAE,IAAI,CAAC,SAAS;gBAC1B,UAAU,EAAE,IAAI,CAAC,UAAU;aAC5B,CAAe,CACjB,CACF,CAAC;YACF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACnC,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,0BAA0B,EAAE,CAAC;gBACvD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;YACjD,CAAC;YACD,MAAM,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC;YAC9B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBAC/C,WAAW,EAAE,IAAI,CAAC,YAAY;gBAC9B,EAAE;gBACF,MAAM,EAAE,OAAO,GAAG,CAAC,QAAQ,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;aACtE,CAAC,CAAC;YACH,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,OAAO,GAAG,CAAC,QAAQ,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAE,GAAG,CAAC,QAAQ,CAAY,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;QACnG,CAAC;gBAAS,CAAC;YACT,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,IAAI,CAAC,IAAe,EAAE,eAA2B,EAAE,MAAmB;QAC1E,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAChC,MAAM,CAAC,IAAI,CACT,EAAE,CAAC,MAAM,CAAC,MAAM,CACd,QAAQ,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,2BAA2B,EAAE,gBAAgB,EAAE,eAAe,EAAE,CAAe,CACxG,CACF,CAAC;YAEF,gCAAgC;YAChC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACzC,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,CAAC,KAAK,6BAA6B,EAAE,CAAC;gBACtE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,0BAA0B,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBAC/G,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;YAC1C,IAAI,CAAC,KAAK;gBAAE,OAAO,EAAE,CAAC;YACtB,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC,CAAC;YACrF,MAAM,CAAC,IAAI,CACT,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,4BAA4B,EAAE,SAAS,EAAE,CAAe,CAAC,CACnG,CAAC;YAEF,kCAAkC;YAClC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC1C,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,MAAM,CAAC,KAAK,yBAAyB,EAAE,CAAC;gBACpE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,0BAA0B,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;gBAC3G,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,MAAM,KAAK,GAAG,OAAO,UAAU,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAE,UAAU,CAAC,OAAO,CAAY,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5F,MAAM,OAAO,GAAkB,EAAE,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC/B,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACjC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,4BAA4B;oBAAE,MAAM;gBAC5D,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,IAAI;oBAAE,SAAS;gBAClC,MAAM,WAAW,GAAG,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC;gBAC/C,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;gBAC3C,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;gBAC5C,IAAI,CAAC,WAAW,IAAI,CAAC,UAAU;oBAAE,SAAS;gBAC1C,OAAO,CAAC,IAAI,CAAC;oBACX,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;oBACxD,YAAY,EAAE,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;oBACrE,UAAU;iBACX,CAAC,CAAC;YACL,CAAC;YACD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,0BAA0B,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YACzG,OAAO,OAAO,CAAC;QACjB,CAAC;gBAAS,CAAC;YACT,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,OAAO,CAAC,IAAe,EAAE,eAA2B,EAAE,WAAuB,EAAE,MAAmB;QACtG,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAChC,MAAM,CAAC,IAAI,CACT,EAAE,CAAC,MAAM,CAAC,MAAM,CACd,QAAQ,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,eAAe,EAAE,YAAY,EAAE,WAAW,EAAE,CAAe,CAC9H,CACF,CAAC;YACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACzC,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,CAAC,KAAK,6BAA6B,EAAE,CAAC;gBACtE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,6BAA6B,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBAClH,OAAO,KAAK,CAAC;YACf,CAAC;YACD,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;YAC1C,IAAI,CAAC,KAAK;gBAAE,OAAO,KAAK,CAAC;YACzB,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC,CAAC;YACrF,MAAM,CAAC,IAAI,CACT,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,4BAA4B,EAAE,SAAS,EAAE,CAAe,CAAC,CACnG,CAAC;YACF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACnC,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,0BAA0B,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC;YACrF,IAAI,CAAC,EAAE;gBAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,6BAA6B,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC;YACxH,OAAO,EAAE,CAAC;QACZ,CAAC;gBAAS,CAAC;YACT,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,KAAK,CAAC,KAAK,CAAC,IAAe;QACzB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACpC,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACtB,MAAM;YACR,CAAC;YAAC,MAAM,CAAC;gBACP,6EAA6E;YAC/E,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,MAAc;QAClB,OAAQ,EAAE,CAAC,MAAM,CAAC,MAA8C,CAA4B,CAC1F,MAAM,CAAC,aAAa,CACrB,EAA4B,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,IAA4B;QACtC,MAAM,OAAO,GAAG,IAAI,OAAO,CAA0B,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CACjE,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC,EAAE,gBAAgB,CAAC,CACpF,CAAC;QACF,MAAM,GAAG,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,OAAO,CAAC,CAAC,CAA4B,CAAC;QACpF,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,KAAK,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC;QACrD,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAA4B,CAAC;IAC5D,CAAC;CACF"}

package/dist/daemon.d.ts

@@ -0,0 +1,65 @@
+/**
+ * CELLO Daemon process — the long-running background service.
+ *
+ * Pseudocode:
+ * 1. startDaemon(config):
+ *    a. M7-MANIFEST-002: Load and verify consortium manifest (BEFORE any directory connection)
+ *       - On signature failure: log error, skip connection
+ *       - On expiry: log directory.auth.manifest.expired at ERROR, skip connection
+ *       - On version rollback: log directory.auth.manifest.version.rollback at ERROR
+ *       - On success: log directory.auth.manifest.verified at INFO
+ *    b. Load agents from ~/.cello/agents/ (or legacy ~/.cello/key)
+ *    c. Acquire lock file atomically
+ *    d. Initialize SessionNodeManager (creates standing receiver, detects interrupted sessions)
+ *    e. Start IPC server on Unix domain socket
+ *    f. Register method handlers (status, shutdown)
+ *    g. Log daemon.started event (with manifestVerified field)
+ *    h. Set up SIGTERM/SIGINT handlers for graceful shutdown
+ *    i. Start background manifest polling (if pollScheduler provided and manifest verified)
+ *
+ * 2. shutdown(reason):
+ *    a. Cancel manifest poll scheduler
+ *    b. Log daemon.stopped event
+ *    c. Call SessionNodeManager.gracefulShutdown() (marks sessions interrupted)
+ *    d. Stop IPC server (finishes in-flight, sends shutdown frame)
+ *    e. Remove lock file
+ *    f. Exit 0
+ */
+import type { DaemonConfig, DaemonStatusResponse } from "./types.js";
+import { SessionNodeManager } from "./session-node-manager.js";
+import { type CelloNode } from "@cello-protocol/transport";
+import type { ITransportSelector } from "./transport-selector.js";
+import { type IAutoNatService } from "@cello-protocol/transport";
+export interface DaemonHandle {
+    stop(reason: string): Promise<void>;
+    getStatus(): DaemonStatusResponse;
+    /**
+     * AC-016 test hook: exposes the session node manager so integration tests can
+     * call registerRelayStream directly and verify the composition root is wired.
+     * Not part of the production API surface.
+     */
+    getSessionNodeManager(): SessionNodeManager;
+    /**
+     * M7 Action 2: the live directory-facing libp2p node (or null when signaling is not
+     * connected). Registration's FROST DKG and future ceremonies open streams to the
+     * directory on this node. Consumers must gate use on signaling being connected AND
+     * always null-check the result: there is a brief window during stream death where the
+     * reference is already cleared (null) while signalingManager.status still reads
+     * "connected". Null is the safe direction (never a tearing-down node); do not assume
+     * non-null just because status is connected.
+     */
+    getDirectoryNode(): CelloNode | null;
+    /**
+     * CELLO-M7-TRANSPORT-001 (AC-010): exposes the composition-root transport
+     * selector so integration tests can confirm the adapter is wired (not dead
+     * code) and exercise the selection path without "adapter not wired".
+     */
+    getTransportSelector(): ITransportSelector;
+    /**
+     * CELLO-M7-TRANSPORT-001 (AC-010): exposes the composition-root AutoNAT service
+     * adapter (stub default dialable=false in local/test).
+     */
+    getAutoNatService(): IAutoNatService;
+}
+export declare function startDaemon(config: DaemonConfig): Promise<DaemonHandle>;
+//# sourceMappingURL=daemon.d.ts.map

package/dist/daemon.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"daemon.d.ts","sourceRoot":"","sources":["../src/daemon.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAKH,OAAO,KAAK,EACV,YAAY,EACZ,oBAAoB,EAIrB,MAAM,YAAY,CAAC;AAIpB,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAK/D,OAAO,EAAoD,KAAK,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAkB7G,OAAO,KAAK,EAAE,kBAAkB,EAA+C,MAAM,yBAAyB,CAAC;AAM/G,OAAO,EAAoB,KAAK,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAmInF,MAAM,WAAW,YAAY;IAC3B,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACpC,SAAS,IAAI,oBAAoB,CAAC;IAClC;;;;OAIG;IACH,qBAAqB,IAAI,kBAAkB,CAAC;IAC5C;;;;;;;;OAQG;IACH,gBAAgB,IAAI,SAAS,GAAG,IAAI,CAAC;IACrC;;;;OAIG;IACH,oBAAoB,IAAI,kBAAkB,CAAC;IAC3C;;;OAGG;IACH,iBAAiB,IAAI,eAAe,CAAC;CACtC;AAyBD,wBAAsB,WAAW,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CA80G7E"}