@cello-protocol/daemon 0.0.7 → 0.0.9

package/dist/agent-loader.d.ts

@@ -1,31 +1,24 @@
 /**
  * Agent identity loader for the CELLO daemon.
  *
- * Pseudocode:
- * 1. loadAgents(celloDir, logger):
- *    a. Check if ~/.cello/agents/ exists
- *    b. If not, check if ~/.cello/key exists (legacy single-agent mode)
- *       - If legacy key exists, load it as agent 'default'
- *    c. If agents/ exists, enumerate subdirectories
- *       - For each subdir, check if a 'key' file exists
- *       - If yes, attempt to load it via FileKeyProvider.load()
- *       - If load fails (corrupt), log agent.load.failed and skip
- *       - Subdirectories without a 'key' file are silently skipped
- *    d. Return array of {name, pubkey} for successfully loaded agents
+ * CELLO-M7-PERSIST-002 (AC-007): agents are enumerated from the encrypted `agents` table — ONE
+ * loading path. The legacy flat-file paths (`~/.cello/agents/<name>/key` and the single-file
+ * `~/.cello/key` "default" fallback) are gone; any pre-story key files are imported into the
+ * `agents` table by the one-time migration (identity-migration.ts) before this loader runs.
  *
- * Key file format: CELLO binary format (magic bytes + version + 32-byte Ed25519 seed)
- * See core/crypto/src/ed25519.ts FileKeyProvider.load() for the canonical parser.
+ * Each agent's K_local Ed25519 seed is stored as a BLOB column; the loader builds a sign-only
+ * InMemoryKeyProvider from it (the private scalar never leaves the provider — only signatures and
+ * content-seal opens are emitted).
  */
 import type { KeyProvider } from "@cello-protocol/crypto";
+import type { DaemonDatabase } from "./sqlcipher-db.js";
 import type { Logger } from "./types.js";
 export interface LoadedAgent {
     name: string;
     pubkey: string;
     /**
-     * The agent's K_local signing key, retained so the daemon can produce
-     * K_local-signed control leaves (e.g. the SEAL-INTERRUPTED leaf in the
-     * seal-interrupted bilateral flow). The private scalar never leaves this
-     * provider — only signatures are emitted.
+     * The agent's K_local signing key, retained so the daemon can produce K_local-signed control
+     * leaves (e.g. the SEAL-INTERRUPTED leaf). The private scalar never leaves this provider.
      */
     keyProvider: KeyProvider;
 }
@@ -37,5 +30,9 @@ export interface AgentLoadResult {
     loaded: LoadedAgent[];
     failed: FailedAgent[];
 }
-export declare function loadAgents(celloDir: string, logger: Logger): Promise<AgentLoadResult>;
+/**
+ * Load every agent from the encrypted `agents` table. A row whose seed is unusable (corrupt/wrong
+ * length) is reported as a failed agent and skipped — never silently dropped.
+ */
+export declare function loadAgents(db: DaemonDatabase, logger: Logger): Promise<AgentLoadResult>;
 //# sourceMappingURL=agent-loader.d.ts.map

package/dist/agent-loader.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"agent-loader.d.ts","sourceRoot":"","sources":["../src/agent-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAEzC,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf;;;;;OAKG;IACH,WAAW,EAAE,WAAW,CAAC;CAC1B;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,MAAM,EAAE,WAAW,EAAE,CAAC;CACvB;AAED,wBAAsB,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAwC3F"}
+{"version":3,"file":"agent-loader.d.ts","sourceRoot":"","sources":["../src/agent-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAE1D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAEzC,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf;;;OAGG;IACH,WAAW,EAAE,WAAW,CAAC;CAC1B;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,MAAM,EAAE,WAAW,EAAE,CAAC;CACvB;AAED;;;GAGG;AACH,wBAAsB,UAAU,CAAC,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAkB7F"}

package/dist/agent-loader.js

@@ -1,94 +1,37 @@
 /**
  * Agent identity loader for the CELLO daemon.
  *
- * Pseudocode:
- * 1. loadAgents(celloDir, logger):
- *    a. Check if ~/.cello/agents/ exists
- *    b. If not, check if ~/.cello/key exists (legacy single-agent mode)
- *       - If legacy key exists, load it as agent 'default'
- *    c. If agents/ exists, enumerate subdirectories
- *       - For each subdir, check if a 'key' file exists
- *       - If yes, attempt to load it via FileKeyProvider.load()
- *       - If load fails (corrupt), log agent.load.failed and skip
- *       - Subdirectories without a 'key' file are silently skipped
- *    d. Return array of {name, pubkey} for successfully loaded agents
+ * CELLO-M7-PERSIST-002 (AC-007): agents are enumerated from the encrypted `agents` table — ONE
+ * loading path. The legacy flat-file paths (`~/.cello/agents/<name>/key` and the single-file
+ * `~/.cello/key` "default" fallback) are gone; any pre-story key files are imported into the
+ * `agents` table by the one-time migration (identity-migration.ts) before this loader runs.
  *
- * Key file format: CELLO binary format (magic bytes + version + 32-byte Ed25519 seed)
- * See core/crypto/src/ed25519.ts FileKeyProvider.load() for the canonical parser.
+ * Each agent's K_local Ed25519 seed is stored as a BLOB column; the loader builds a sign-only
+ * InMemoryKeyProvider from it (the private scalar never leaves the provider — only signatures and
+ * content-seal opens are emitted).
  */
-import { readdir, stat, access } from "node:fs/promises";
-import { join } from "node:path";
-import { FileKeyProvider } from "@cello-protocol/crypto";
-export async function loadAgents(celloDir, logger) {
-    const agentsDir = join(celloDir, "agents");
+import { InMemoryKeyProvider } from "@cello-protocol/crypto";
+import { DbIdentityStore } from "./db-identity-store.js";
+/**
+ * Load every agent from the encrypted `agents` table. A row whose seed is unusable (corrupt/wrong
+ * length) is reported as a failed agent and skipped — never silently dropped.
+ */
+export async function loadAgents(db, logger) {
+    const store = new DbIdentityStore(db, logger);
     const loaded = [];
     const failed = [];
-    const agentsDirExists = await directoryExists(agentsDir);
-    if (!agentsDirExists) {
-        // Legacy backwards compat: if ~/.cello/key exists and ~/.cello/agents/ doesn't
-        const legacyKeyPath = join(celloDir, "key");
-        if (await fileExists(legacyKeyPath)) {
-            const result = await loadSingleAgent("default", legacyKeyPath, logger);
-            if (result.ok) {
-                loaded.push(result.agent);
-            }
-            else {
-                failed.push({ name: "default", error: result.error });
-            }
-        }
-        return { loaded, failed };
-    }
-    // Enumerate subdirectories of agents/
-    const entries = await readdir(agentsDir, { withFileTypes: true });
-    for (const entry of entries) {
-        if (!entry.isDirectory())
-            continue;
-        const keyPath = join(agentsDir, entry.name, "key");
-        if (!(await fileExists(keyPath))) {
-            continue;
+    for (const row of store.listAgents()) {
+        try {
+            const keyProvider = new InMemoryKeyProvider(row.kLocalSeed);
+            const pubkey = Buffer.from(await keyProvider.getPublicKey()).toString("hex");
+            loaded.push({ name: row.agentName, pubkey, keyProvider });
         }
-        const result = await loadSingleAgent(entry.name, keyPath, logger);
-        if (result.ok) {
-            loaded.push(result.agent);
-        }
-        else {
-            failed.push({ name: entry.name, error: result.error });
+        catch (err) {
+            const error = err instanceof Error ? err.message : String(err);
+            logger.error("agent.load.failed", { agentName: row.agentName, error });
+            failed.push({ name: row.agentName, error });
         }
     }
     return { loaded, failed };
 }
-async function loadSingleAgent(name, keyPath, logger) {
-    try {
-        const keyProvider = await FileKeyProvider.load(keyPath);
-        const pubkeyBytes = await keyProvider.getPublicKey();
-        const pubkey = Buffer.from(pubkeyBytes).toString("hex");
-        return { ok: true, agent: { name, pubkey, keyProvider } };
-    }
-    catch (err) {
-        const errorMsg = err instanceof Error ? err.message : String(err);
-        logger.error("agent.load.failed", {
-            agentName: name,
-            error: errorMsg,
-        });
-        return { ok: false, error: errorMsg };
-    }
-}
-async function directoryExists(path) {
-    try {
-        const s = await stat(path);
-        return s.isDirectory();
-    }
-    catch {
-        return false;
-    }
-}
-async function fileExists(path) {
-    try {
-        await access(path);
-        return true;
-    }
-    catch {
-        return false;
-    }
-}
 //# sourceMappingURL=agent-loader.js.map

package/dist/agent-loader.js.map

@@ -1 +1 @@
-{"version":3,"file":"agent-loader.js","sourceRoot":"","sources":["../src/agent-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AA0BzD,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,QAAgB,EAAE,MAAc;IAC/D,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAkB,EAAE,CAAC;IACjC,MAAM,MAAM,GAAkB,EAAE,CAAC;IAEjC,MAAM,eAAe,GAAG,MAAM,eAAe,CAAC,SAAS,CAAC,CAAC;IAEzD,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,+EAA+E;QAC/E,MAAM,aAAa,GAAG,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC5C,IAAI,MAAM,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YACpC,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,SAAS,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;YACvE,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5B,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC5B,CAAC;IAED,sCAAsC;IACtC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,SAAS,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAClE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE;YAAE,SAAS;QAEnC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACnD,IAAI,CAAC,CAAC,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YACjC,SAAS;QACX,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QAClE,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC5B,CAAC;AAMD,KAAK,UAAU,eAAe,CAC5B,IAAY,EACZ,OAAe,EACf,MAAc;IAEd,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxD,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,YAAY,EAAE,CAAC;QACrD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACxD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,EAAE,CAAC;IAC5D,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,QAAQ,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAClE,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE;YAChC,SAAS,EAAE,IAAI;YACf,KAAK,EAAE,QAAQ;SAChB,CAAC,CAAC;QACH,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;IACxC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,IAAY;IACzC,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3B,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,IAAY;IACpC,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}
+{"version":3,"file":"agent-loader.js","sourceRoot":"","sources":["../src/agent-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAE7D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAwBzD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,EAAkB,EAAE,MAAc;IACjE,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAkB,EAAE,CAAC;IACjC,MAAM,MAAM,GAAkB,EAAE,CAAC;IAEjC,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,UAAU,EAAE,EAAE,CAAC;QACrC,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAI,mBAAmB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAC5D,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,WAAW,CAAC,YAAY,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC7E,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,KAAK,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC/D,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;YACvE,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC5B,CAAC"}

package/dist/bin/cello-daemon.js

@@ -14,7 +14,6 @@ import { join } from "node:path";
 import { startDaemon } from "../daemon.js";
 import { createDirectoryEndpointResolver } from "../directory-bootstrap.js";
 import { FileManifestProvider } from "../file-manifest-provider.js";
-import { FileManifestVersionStore } from "../manifest-version-store-file.js";
 import { RandomizedPollScheduler } from "../manifest-poll-scheduler.js";
 import { ManifestDirectoryChallengeVerifier } from "@cello-protocol/transport";
 const MAX_CONNECTIONS = 16;
@@ -65,11 +64,10 @@ function buildManifestDeps(logger) {
     }
     const manifestProvider = new FileManifestProvider({ path: manifestPath });
     const challengeVerifier = new ManifestDirectoryChallengeVerifier(manifestProvider);
-    // Anti-rollback (DOD-AUTH-2 / TUF): persist the last-verified manifest version under
-    // ~/.cello so the daemon refuses a manifest whose version regressed across restarts.
-    // The daemon (startDaemon) reads getLastSeenVersion() before accepting a manifest and
-    // persistVersion() on success; a version < trusted → directory.auth.manifest.version.rollback.
-    const manifestVersionStore = new FileManifestVersionStore(join(celloDir, "manifest-version.json"));
+    // Anti-rollback (DOD-AUTH-2 / TUF): the last-verified manifest version is persisted to refuse a
+    // manifest whose version regressed across restarts. PERSIST-002 (AC-008): this now lives in the
+    // encrypted manifest_state table (a manifest-version.json file is no longer written) — startDaemon
+    // constructs the DB-backed store itself after opening the DB, so the bin injects nothing here.
     // DOD-AUTH-2: background manifest poll. The directory is re-polled on a randomized
     // 6–12h interval (thundering-herd avoidance) and a newer signed manifest is adopted.
     // The interval is env-injectable so the live binary test can poll sub-second instead
@@ -95,7 +93,7 @@ function buildManifestDeps(logger) {
         pollMinMs: pollOpts?.minMs ?? null,
         pollMaxMs: pollOpts?.maxMs ?? null,
     });
-    return { manifestProvider, manifestRootKeys, manifestThreshold, challengeVerifier, manifestVersionStore, manifestPollScheduler };
+    return { manifestProvider, manifestRootKeys, manifestThreshold, challengeVerifier, manifestPollScheduler };
 }
 async function main() {
     // M7 Keystone (Part 1): give the daemon its door to the directory. The resolver

package/dist/bin/cello-daemon.js.map

@@ -1 +1 @@
-{"version":3,"file":"cello-daemon.js","sourceRoot":"","sources":["../../src/bin/cello-daemon.ts"],"names":[],"mappings":";AACA;;;;;;;;;GASG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,+BAA+B,EAAE,MAAM,2BAA2B,CAAC;AAC5E,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,wBAAwB,EAAE,MAAM,mCAAmC,CAAC;AAC7E,OAAO,EAAE,uBAAuB,EAAE,MAAM,+BAA+B,CAAC;AAExE,OAAO,EAAE,kCAAkC,EAAqH,MAAM,2BAA2B,CAAC;AAElM,MAAM,eAAe,GAAG,EAAE,CAAC;AAE3B,uCAAuC;AACvC,MAAM,MAAM,GAAW;IACrB,KAAK,CAAC,KAAa,EAAE,OAAgC;QACnD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACjG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IACpC,CAAC;IACD,IAAI,CAAC,KAAa,EAAE,OAAgC;QAClD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAChG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IACpC,CAAC;IACD,IAAI,CAAC,KAAa,EAAE,OAAgC;QAClD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAChG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IACpC,CAAC;IACD,KAAK,CAAC,KAAa,EAAE,OAAgC;QACnD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACjG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IACpC,CAAC;CACF,CAAC;AAEF,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;AACpE,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;AACjD,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;AACnD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,OAAO,CAAC;AAErD;;;;;;;;;;;GAWG;AACH,SAAS,iBAAiB,CAAC,MAAc;IAQvC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;IAC3D,IAAI,CAAC,YAAY;QAAE,OAAO,EAAE,CAAC;IAE7B,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,EAAE,CAAC;IACjE,MAAM,gBAAgB,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACjG,MAAM,iBAAiB,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IAC5F,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,KAAK,CACb,qHAAqH,CACtH,CAAC;IACJ,CAAC;IAED,MAAM,gBAAgB,GAAG,IAAI,oBAAoB,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;IAC1E,MAAM,iBAAiB,GAAG,IAAI,kCAAkC,CAAC,gBAAgB,CAAC,CAAC;IACnF,qFAAqF;IACrF,qFAAqF;IACrF,sFAAsF;IACtF,+FAA+F;IAC/F,MAAM,oBAAoB,GAAG,IAAI,wBAAwB,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC,CAAC;IACnG,mFAAmF;IACnF,qFAAqF;IACrF,qFAAqF;IACrF,8EAA8E;IAC9E,kFAAkF;IAClF,sFAAsF;IACtF,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC1D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC1D,IAAI,QAAsD,CAAC;IAC3D,IAAI,UAAU,KAAK,SAAS,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QACzD,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,UAAU,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QACpD,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,UAAU,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QACpD,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,KAAK,GAAG,KAAK,EAAE,CAAC;YAC9E,MAAM,IAAI,KAAK,CACb,4FAA4F,CAC7F,CAAC;QACJ,CAAC;QACD,QAAQ,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IAC9B,CAAC;IACD,MAAM,qBAAqB,GAAG,IAAI,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IACpE,MAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE;QACxC,YAAY;QACZ,YAAY,EAAE,gBAAgB,CAAC,MAAM;QACrC,SAAS,EAAE,iBAAiB;QAC5B,SAAS,EAAE,QAAQ,EAAE,KAAK,IAAI,IAAI;QAClC,SAAS,EAAE,QAAQ,EAAE,KAAK,IAAI,IAAI;KACnC,CAAC,CAAC;IACH,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,CAAC;AACnI,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,gFAAgF;IAChF,iFAAiF;IACjF,8EAA8E;IAC9E,0BAA0B;IAC1B,MAAM,yBAAyB,GAAG,+BAA+B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IAE9E,kFAAkF;IAClF,oFAAoF;IACpF,mFAAmF;IACnF,mFAAmF;IACnF,kFAAkF;IAClF,4EAA4E;IAC5E,MAAM,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAE3C,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC;QAC/B,QAAQ;QACR,UAAU;QACV,YAAY;QACZ,cAAc,EAAE,eAAe;QAC/B,OAAO;QACP,MAAM;QACN,yBAAyB;QACzB,GAAG,QAAQ;KACZ,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,KAAK,EAAE,MAAc,EAAiB,EAAE;QACvD,MAAM,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;QACzB,IAAI,CAAC;YACH,QAAQ,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;gBACzC,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;oBACrC,MAAM,EAAE,SAAS;oBACjB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;iBACxD,CAAC,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;gBACrC,MAAM,EAAE,SAAS;gBACjB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;QACxB,IAAI,CAAC;YACH,QAAQ,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;gBACxC,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;oBACrC,MAAM,EAAE,QAAQ;oBAChB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;iBACxD,CAAC,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;gBACrC,MAAM,EAAE,QAAQ;gBAChB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;IAC5B,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE;QACpC,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;KACxD,CAAC,CAAC;IACH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"cello-daemon.js","sourceRoot":"","sources":["../../src/bin/cello-daemon.ts"],"names":[],"mappings":";AACA;;;;;;;;;GASG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,+BAA+B,EAAE,MAAM,2BAA2B,CAAC;AAC5E,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,uBAAuB,EAAE,MAAM,+BAA+B,CAAC;AAExE,OAAO,EAAE,kCAAkC,EAAqH,MAAM,2BAA2B,CAAC;AAElM,MAAM,eAAe,GAAG,EAAE,CAAC;AAE3B,uCAAuC;AACvC,MAAM,MAAM,GAAW;IACrB,KAAK,CAAC,KAAa,EAAE,OAAgC;QACnD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACjG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IACpC,CAAC;IACD,IAAI,CAAC,KAAa,EAAE,OAAgC;QAClD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAChG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IACpC,CAAC;IACD,IAAI,CAAC,KAAa,EAAE,OAAgC;QAClD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAChG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IACpC,CAAC;IACD,KAAK,CAAC,KAAa,EAAE,OAAgC;QACnD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACjG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IACpC,CAAC;CACF,CAAC;AAEF,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;AACpE,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;AACjD,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;AACnD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,OAAO,CAAC;AAErD;;;;;;;;;;;GAWG;AACH,SAAS,iBAAiB,CAAC,MAAc;IAQvC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;IAC3D,IAAI,CAAC,YAAY;QAAE,OAAO,EAAE,CAAC;IAE7B,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,EAAE,CAAC;IACjE,MAAM,gBAAgB,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACjG,MAAM,iBAAiB,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IAC5F,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,KAAK,CACb,qHAAqH,CACtH,CAAC;IACJ,CAAC;IAED,MAAM,gBAAgB,GAAG,IAAI,oBAAoB,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;IAC1E,MAAM,iBAAiB,GAAG,IAAI,kCAAkC,CAAC,gBAAgB,CAAC,CAAC;IACnF,gGAAgG;IAChG,gGAAgG;IAChG,mGAAmG;IACnG,+FAA+F;IAC/F,mFAAmF;IACnF,qFAAqF;IACrF,qFAAqF;IACrF,8EAA8E;IAC9E,kFAAkF;IAClF,sFAAsF;IACtF,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC1D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IAC1D,IAAI,QAAsD,CAAC;IAC3D,IAAI,UAAU,KAAK,SAAS,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QACzD,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,UAAU,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QACpD,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,UAAU,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QACpD,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,KAAK,GAAG,KAAK,EAAE,CAAC;YAC9E,MAAM,IAAI,KAAK,CACb,4FAA4F,CAC7F,CAAC;QACJ,CAAC;QACD,QAAQ,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IAC9B,CAAC;IACD,MAAM,qBAAqB,GAAG,IAAI,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IACpE,MAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE;QACxC,YAAY;QACZ,YAAY,EAAE,gBAAgB,CAAC,MAAM;QACrC,SAAS,EAAE,iBAAiB;QAC5B,SAAS,EAAE,QAAQ,EAAE,KAAK,IAAI,IAAI;QAClC,SAAS,EAAE,QAAQ,EAAE,KAAK,IAAI,IAAI;KACnC,CAAC,CAAC;IACH,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,CAAC;AAC7G,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,gFAAgF;IAChF,iFAAiF;IACjF,8EAA8E;IAC9E,0BAA0B;IAC1B,MAAM,yBAAyB,GAAG,+BAA+B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IAE9E,kFAAkF;IAClF,oFAAoF;IACpF,mFAAmF;IACnF,mFAAmF;IACnF,kFAAkF;IAClF,4EAA4E;IAC5E,MAAM,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAE3C,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC;QAC/B,QAAQ;QACR,UAAU;QACV,YAAY;QACZ,cAAc,EAAE,eAAe;QAC/B,OAAO;QACP,MAAM;QACN,yBAAyB;QACzB,GAAG,QAAQ;KACZ,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,KAAK,EAAE,MAAc,EAAiB,EAAE;QACvD,MAAM,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;QACzB,IAAI,CAAC;YACH,QAAQ,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;gBACzC,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;oBACrC,MAAM,EAAE,SAAS;oBACjB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;iBACxD,CAAC,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;gBACrC,MAAM,EAAE,SAAS;gBACjB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;QACxB,IAAI,CAAC;YACH,QAAQ,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;gBACxC,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;oBACrC,MAAM,EAAE,QAAQ;oBAChB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;iBACxD,CAAC,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;gBACrC,MAAM,EAAE,QAAQ;gBAChB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;IAC5B,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE;QACpC,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;KACxD,CAAC,CAAC;IACH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/daemon.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"daemon.d.ts","sourceRoot":"","sources":["../src/daemon.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAKH,OAAO,KAAK,EACV,YAAY,EACZ,oBAAoB,EAIrB,MAAM,YAAY,CAAC;AAIpB,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAK/D,OAAO,EAAoD,KAAK,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAkB7G,OAAO,KAAK,EAAE,kBAAkB,EAA+C,MAAM,yBAAyB,CAAC;AAM/G,OAAO,EAAoB,KAAK,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAmInF,MAAM,WAAW,YAAY;IAC3B,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACpC,SAAS,IAAI,oBAAoB,CAAC;IAClC;;;;OAIG;IACH,qBAAqB,IAAI,kBAAkB,CAAC;IAC5C;;;;;;;;OAQG;IACH,gBAAgB,IAAI,SAAS,GAAG,IAAI,CAAC;IACrC;;;;OAIG;IACH,oBAAoB,IAAI,kBAAkB,CAAC;IAC3C;;;OAGG;IACH,iBAAiB,IAAI,eAAe,CAAC;CACtC;AAyCD,wBAAsB,WAAW,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CA80G7E"}
+{"version":3,"file":"daemon.d.ts","sourceRoot":"","sources":["../src/daemon.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAKH,OAAO,KAAK,EACV,YAAY,EACZ,oBAAoB,EAKrB,MAAM,YAAY,CAAC;AAIpB,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAK/D,OAAO,EAAoD,KAAK,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAoB7G,OAAO,KAAK,EAAE,kBAAkB,EAA+C,MAAM,yBAAyB,CAAC;AAM/G,OAAO,EAAoB,KAAK,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAmInF,MAAM,WAAW,YAAY;IAC3B,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACpC,SAAS,IAAI,oBAAoB,CAAC;IAClC;;;;OAIG;IACH,qBAAqB,IAAI,kBAAkB,CAAC;IAC5C;;;;;;;;OAQG;IACH,gBAAgB,IAAI,SAAS,GAAG,IAAI,CAAC;IACrC;;;;OAIG;IACH,oBAAoB,IAAI,kBAAkB,CAAC;IAC3C;;;OAGG;IACH,iBAAiB,IAAI,eAAe,CAAC;CACtC;AAyCD,wBAAsB,WAAW,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CAk5G7E"}

package/dist/daemon.js

@@ -40,8 +40,9 @@ import { createNode, SignalingManager } from "@cello-protocol/transport";
 import { createSignalingConnect } from "./signaling-connect.js";
 import { RegistrationManager } from "./registration-manager.js";
 import { DaemonRegistrationContext } from "./registration-context.js";
-import { FileRegistrationPersistence } from "./registration-persistence.js";
-import { verify as ed25519Verify, sealToRecipient } from "@cello-protocol/crypto";
+import { DbRegistrationPersistence, DbIdentityStore } from "./db-identity-store.js";
+import { DbManifestVersionStore } from "./manifest-version-store-db.js";
+import { verify as ed25519Verify, sealToRecipient, generateKLocalSeed, InMemoryKeyProvider } from "@cello-protocol/crypto";
 import { attemptSealUpgrade as attemptSealUpgradeImpl, verifyUpgradeConfirmedCert } from "./seal-upgrade.js";
 // CELLO-M7-MSG-001 (AC-013/AC-018): the single application content-size cap, enforced
 // at the send point here (the receive point lives in the transport content decode).
@@ -169,7 +170,7 @@ class ProductionSessionNodeFactory {
     }
 }
 export async function startDaemon(config) {
-    const { celloDir, socketPath, lockFilePath, maxConnections, version, logger, manifestProvider, manifestRootKeys, manifestThreshold, manifestVersionStore, manifestPollScheduler, signalingConnect, challengeVerifier, directoryEndpointResolver, sessionNodeFactory, sessionNegotiator, getRelayCircuitAddress, } = config;
+    const { celloDir, socketPath, lockFilePath, maxConnections, version, logger, manifestProvider, manifestRootKeys, manifestThreshold, manifestVersionStore: injectedManifestVersionStore, manifestPollScheduler, signalingConnect, challengeVerifier, directoryEndpointResolver, sessionNodeFactory, sessionNegotiator, getRelayCircuitAddress, } = config;
     // CELLO-M7-TRANSPORT-001: composition-root selection of the transport selector.
     // Driven by CELLO_ENV; fails fast at startup (here, not at first session) when a
     // production environment is missing the required transport dialer (AC-010).
@@ -183,6 +184,31 @@ export async function startDaemon(config) {
         env: celloEnv,
         selector: isProductionVariant(celloEnv) ? "real" : "stub",
     });
+    // ADV-006 + ADV-008 (hoisted — code-review MED): pure config validation runs BEFORE any disk side
+    // effect (lock, the irreversible one-time migration, DB open). A misconfigured daemon must fail
+    // before mutating state. If manifestProvider is set, manifestRootKeys + a positive threshold are
+    // required.
+    if (manifestProvider && (!manifestRootKeys || !manifestThreshold || manifestThreshold <= 0)) {
+        throw new Error("DaemonConfig: manifestProvider requires manifestRootKeys (non-empty) and manifestThreshold (positive integer >= 1)");
+    }
+    // ── PERSIST-002: open the encrypted store FIRST (runs the one-time flat-file → SQLCipher migration
+    // (AC-006) + creates the agents/manifest_state schema), under the single-instance lock. This must
+    // precede the manifest verification below because the manifest version is now stored in the
+    // encrypted DB (AC-008), not a manifest-version.json file. ──
+    await mkdir(celloDir, { recursive: true });
+    await mkdir(dirname(socketPath), { recursive: true });
+    await acquireLock(lockFilePath, { pid: process.pid, socketPath, version });
+    const sessionNodeManager = new SessionNodeManager({
+        factory: sessionNodeFactory ?? new ProductionSessionNodeFactory(),
+        logger,
+        dbPath: join(celloDir, "sessions.db"),
+        contentTtfMs: config.contentTtfMs,
+        autoNatProbers: () => [],
+    });
+    await sessionNodeManager.initialize();
+    // AC-008: the manifest version store is DB-backed by default (encrypted manifest_state table). A
+    // test may inject an override (e.g. InMemoryManifestVersionStore) via config.
+    const manifestVersionStore = injectedManifestVersionStore ?? new DbManifestVersionStore(sessionNodeManager.getDb(), logger);
     // M7-MANIFEST-002: Load and verify consortium manifest BEFORE any directory connection.
     //
     // Pseudocode for manifest loading:
@@ -197,12 +223,6 @@ export async function startDaemon(config) {
     // M7 Keystone: the version of the verified manifest, surfaced in ConnectResult.
     // Stays 0 when no manifestProvider is configured (the M6 backward-compat path).
     let verifiedManifestVersion = 0;
-    // ADV-006 + ADV-008: If manifestProvider is set, manifestRootKeys and a positive
-    // manifestThreshold are required. Fail loudly on misconfiguration rather than
-    // silently proceeding unverified.
-    if (manifestProvider && (!manifestRootKeys || !manifestThreshold || manifestThreshold <= 0)) {
-        throw new Error("DaemonConfig: manifestProvider requires manifestRootKeys (non-empty) and manifestThreshold (positive integer >= 1)");
-    }
     if (manifestProvider && manifestRootKeys && manifestThreshold !== undefined) {
         try {
             const manifest = await manifestProvider.loadAndVerify(manifestRootKeys, manifestThreshold);
@@ -223,26 +243,16 @@ export async function startDaemon(config) {
                 });
             }
             else {
-                // Check version monotonicity if version store is provided
-                if (manifestVersionStore) {
-                    const lastSeen = await manifestVersionStore.getLastSeenVersion();
-                    if (lastSeen !== null && manifest.version < lastSeen) {
-                        logger.error("directory.auth.manifest.version.rollback", {
-                            manifestVersion: manifest.version,
-                            lastSeenVersion: lastSeen,
-                        });
-                    }
-                    else {
-                        await manifestVersionStore.persistVersion(manifest.version);
-                        manifestVerified = true;
-                        verifiedManifestVersion = manifest.version;
-                        logger.info("directory.auth.manifest.verified", {
-                            manifestVersion: manifest.version,
-                            signerCount: manifest.signatures.length,
-                        });
-                    }
+                // Anti-rollback monotonicity (manifestVersionStore is always present now — DB-backed default).
+                const lastSeen = await manifestVersionStore.getLastSeenVersion();
+                if (lastSeen !== null && manifest.version < lastSeen) {
+                    logger.error("directory.auth.manifest.version.rollback", {
+                        manifestVersion: manifest.version,
+                        lastSeenVersion: lastSeen,
+                    });
                 }
                 else {
+                    await manifestVersionStore.persistVersion(manifest.version);
                     manifestVerified = true;
                     verifiedManifestVersion = manifest.version;
                     logger.info("directory.auth.manifest.verified", {
@@ -262,21 +272,24 @@ export async function startDaemon(config) {
     // failed, the daemon must refuse to proceed. Operators who configure
     // manifestProvider have opted into manifest enforcement.
     if (manifestProvider && !manifestVerified) {
+        // code-review MED: this refuse now runs AFTER the DB is open + the lock is held (the DB had to
+        // open for the anti-rollback check). Release both before rethrowing so an in-process caller does
+        // not leak the DB handle / lock (in production the process exits, but be tidy).
+        try {
+            sessionNodeManager.getDb().close();
+        }
+        catch { /* ignore */ }
+        await removeLock(lockFilePath, logger).catch(() => { });
         throw new Error("Manifest verification failed. The daemon cannot start with an unverified manifest when manifestProvider is configured. " +
             "Check the logs for the specific failure reason (manifest_signature_invalid, manifest_expired, or manifest_version_rollback).");
     }
-    // Ensure the cello directory exists
-    await mkdir(celloDir, { recursive: true });
-    // Ensure the socket parent directory exists
-    await mkdir(dirname(socketPath), { recursive: true });
-    // Load agent identities
-    const { loaded: loadedAgents, failed: failedAgents } = await loadAgents(celloDir, logger);
-    // Acquire lock file
-    await acquireLock(lockFilePath, {
-        pid: process.pid,
-        socketPath,
-        version,
-    });
+    // Load agent identities from the encrypted `agents` table (PERSIST-002 AC-007 — one path).
+    // (The encrypted store + lock were established above, before manifest verification.)
+    const { loaded: loadedAgents, failed: failedAgents } = await loadAgents(sessionNodeManager.getDb(), logger);
+    // PERSIST-002: per-agent DB-backed identity persistence. The registration handler and the
+    // ceremony/seal signer-reconstruction load the FROST share (and persist the identity) through this
+    // seam — the encrypted `agents` row, never a flat file.
+    const getPersistence = (agentName) => new DbRegistrationPersistence({ db: sessionNodeManager.getDb(), agentName, logger });
     // Build agent state (all start in 'registered' state — no auto-start)
     const agents = [
         ...loadedAgents.map((a) => ({
@@ -446,7 +459,7 @@ export async function startDaemon(config) {
         // registration routing). Unregistered implicitly when the manager is stopped.
         wireSessionCeremonyHandler({
             agentName,
-            agentDir: join(celloDir, "agents", agentName),
+            persistence: getPersistence(agentName),
             agentPubkeyHex,
             getNode: entry.getNode,
             getDirectoryEndpoint: async () => (directoryEndpointResolver ? (await directoryEndpointResolver()) ?? null : null),
@@ -456,7 +469,7 @@ export async function startDaemon(config) {
         // DOD-SPINE-7: coordinate the SEAL FROST ceremony on this agent's stream too.
         wireSealCeremonyHandler({
             agentName,
-            agentDir: join(celloDir, "agents", agentName),
+            persistence: getPersistence(agentName),
             agentPubkeyHex,
             getNode: entry.getNode,
             getDirectoryEndpoint: async () => (directoryEndpointResolver ? (await directoryEndpointResolver()) ?? null : null),
@@ -511,7 +524,7 @@ export async function startDaemon(config) {
     if (primaryAgent) {
         wireSessionCeremonyHandler({
             agentName: primaryAgent.name,
-            agentDir: join(celloDir, "agents", primaryAgent.name),
+            persistence: getPersistence(primaryAgent.name),
             agentPubkeyHex: primaryAgent.pubkey,
             getNode: getDirectoryNode,
             getDirectoryEndpoint: async () => (directoryEndpointResolver ? (await directoryEndpointResolver()) ?? null : null),
@@ -521,7 +534,7 @@ export async function startDaemon(config) {
         // DOD-SPINE-7: the primary agent also coordinates the SEAL FROST ceremony on the keystone.
         wireSealCeremonyHandler({
             agentName: primaryAgent.name,
-            agentDir: join(celloDir, "agents", primaryAgent.name),
+            persistence: getPersistence(primaryAgent.name),
             agentPubkeyHex: primaryAgent.pubkey,
             getNode: getDirectoryNode,
             getDirectoryEndpoint: async () => (directoryEndpointResolver ? (await directoryEndpointResolver()) ?? null : null),
@@ -540,22 +553,9 @@ export async function startDaemon(config) {
     const perConnectionState = new Map();
     // Set of agents currently in "online" state (transitioned via cello_start_agent)
     const onlineAgents = new Set();
-    // Initialize SessionNodeManager (DAEMON-002: composition root — AC-011).
-    // This runs before the IPC socket opens so:
-    //   1. The standing receiver is ready before any cello_await_session call.
-    //   2. Interrupted session detection runs before any tool call can race.
-    const sessionNodeManager = new SessionNodeManager({
-        factory: sessionNodeFactory ?? new ProductionSessionNodeFactory(),
-        logger,
-        dbPath: join(celloDir, "sessions.db"),
-        contentTtfMs: config.contentTtfMs,
-        // CELLO-M7-TRANSPORT-001: directory-node AutoNAT probers (SI-002). The
-        // directory connection (SIGNAL-001) is not yet wired into the daemon, so the
-        // prober set is empty — AutoNAT cannot run and the standing receiver reports
-        // the conservative default + transport.autonat.unavailable (AC-004/DB-001).
-        autoNatProbers: () => [],
-    });
-    await sessionNodeManager.initialize();
+    // SessionNodeManager was constructed + initialized at the top of startDaemon (PERSIST-002 — the
+    // encrypted store must open before agents load from the `agents` table). Its standing receiver +
+    // interrupted-session detection are already ready here, before the IPC socket opens.
     // CELLO-M7-TRANSPORT-001: the daemon's runtime AutoNAT service is the one
     // wrapping the standing receiver node (it emits transport.autonat.result /
     // transport.autonat.unavailable and its dialability drives the SessionAssignment
@@ -687,7 +687,7 @@ export async function startDaemon(config) {
     // DAEMON-003: Initialize RetryQueue and NonceDedupStore (AC-008).
     // Both use the same SQLite DB as the SessionNodeManager (daemon.db equivalent).
     // loadFromDb() must complete BEFORE IPC socket opens (AC-007).
-    const retryQueue = new RetryQueue(sessionNodeManager.getDb(), logger, sessionNodeManager.getTranscriptCipher());
+    const retryQueue = new RetryQueue(sessionNodeManager.getDb(), logger);
     retryQueue.loadFromDb();
     // CELLO-M7-MSG-001 (AC-001/AC-003/AC-019): wire the awaiting-ACK lifecycle's durable
     // side effects to the retry_queue. A `persisted` delivery ACK clears the durable
@@ -925,6 +925,41 @@ export async function startDaemon(config) {
         notificationDispatcher.dispatchAgentStateChanged(name, "online", "started");
         return { ok: true };
     });
+    // ─── PERSIST-002 (AC-004): cello_create_agent handler ───
+    // The explicit agent-creation path: generate a fresh K_local seed, write it as an `agents` row in
+    // the encrypted DB (NO key file), and wire the agent into the live daemon so it can be registered
+    // and used WITHOUT a restart. Creation is explicit — cello_start_agent never auto-creates on a typo.
+    handlers.set("cello_create_agent", async (params, _connectionId) => {
+        const name = params?.name;
+        if (!name || typeof name !== "string" || !/^[a-zA-Z0-9_-]{1,64}$/.test(name)) {
+            return { ok: false, reason: "invalid_agent_name", guidance: "Provide a 'name' (1-64 chars: letters, digits, '-' or '_') for the new agent." };
+        }
+        const store = new DbIdentityStore(sessionNodeManager.getDb(), logger);
+        if (store.hasAgent(name) || agents.some((a) => a.name === name)) {
+            return { ok: false, reason: "agent_already_exists", guidance: `Agent '${name}' already exists. Choose a different name, or see cello_list_agents.` };
+        }
+        let pubkeyHex;
+        try {
+            const seed = generateKLocalSeed();
+            const keyProvider = new InMemoryKeyProvider(seed);
+            pubkeyHex = Buffer.from(await keyProvider.getPublicKey()).toString("hex");
+            // SI-001: createAgent stores the seed in the encrypted DB and logs only the pubkey.
+            store.createAgent(name, seed, pubkeyHex);
+            // Runtime-add: make the agent immediately registrable/usable (the register handler resolves
+            // identity from keyProviders/loadedAgents; per-agent signaling is created lazily on register).
+            keyProviders.set(name, keyProvider);
+            loadedAgents.push({ name, pubkey: pubkeyHex, keyProvider });
+            agents.push({ name, state: "registered", pubkey: pubkeyHex });
+        }
+        catch (err) {
+            logger.error("persist.identity.persist.failed", { agentName: name, error: err instanceof Error ? err.message : String(err) });
+            return { ok: false, reason: "agent_create_failed", guidance: "Could not create the agent. Check the daemon log and that the CELLO directory is writable, then retry." };
+        }
+        // Creation is not an online/offline transition — the agent appears (cello_list_agents) but is
+        // not online until cello_start_agent. Just record it.
+        logger.info("agent.created", { agentName: name, agentPubkey: pubkeyHex });
+        return { ok: true, name, pubkey: pubkeyHex };
+    });
     // ─── MCP-001: cello_stop_agent handler ───
     handlers.set("cello_stop_agent", async (params, _connectionId) => {
         const name = params?.name;
@@ -1028,7 +1063,7 @@ export async function startDaemon(config) {
         }
         const keyProvider = keyProviders.get(name);
         if (!keyProvider) {
-            return { ok: false, reason: "agent_not_found", guidance: `Agent '${name}' has no local K_local key loaded. Its key must exist at ~/.cello/agents/${name}/key before registration — create it and restart the daemon, then retry cello_register.` };
+            return { ok: false, reason: "agent_not_found", guidance: `Agent '${name}' does not exist. Create it first with cello_create_agent('${name}') (or 'cello create-agent ${name}'), then retry cello_register.` };
         }
         if (!directoryEndpointResolver) {
             return { ok: false, reason: "directory_unreachable", guidance: "The daemon has no directory endpoint resolver configured, so it cannot reach the directory to register." };
@@ -1074,7 +1109,7 @@ export async function startDaemon(config) {
                     guidance: `Agent '${name}' could not establish its directory signaling stream within 10s. Check CELLO_DIRECTORY_URL and that the directory is reachable, then retry cello_register.`,
                 };
             }
-            const persistence = new FileRegistrationPersistence({ agentDir: join(celloDir, "agents", name), logger });
+            const persistence = getPersistence(name);
             const ctx = new DaemonRegistrationContext({
                 signaling: agentSignaling,
                 getDirectoryNode: agentGetNode,
@@ -1092,6 +1127,10 @@ export async function startDaemon(config) {
                     await dropAgentSignaling(name);
                     return { ok: false, reason: result.error, guidance: registrationGuidance(result.error) };
                 }
+                // PERSIST-002 (AC-013): the identity row (K_local + share + ML-DSA + registration) is durably
+                // committed at this point (RegistrationManager awaits the persist before returning success).
+                // SI-001: never log a secret — only the agent name + PUBLIC key.
+                logger.info("persist.identity.persisted", { agentName: name, agentPubkey: agentPubkeyHex });
                 // Capture-now-or-lose-it: persist the agent→user link (using it is future
                 // trust-layer work). L1: the agent is already registered at this point —
                 // a link-write failure must NOT be reported as a registration failure.
@@ -1168,7 +1207,7 @@ export async function startDaemon(config) {
                         return;
                     }
                     const record = sessionNodeManager.getSessionRecord(agentName, sidHex);
-                    const verdict = await verifyBilateralSealCertificate({ agentDir: join(celloDir, "agents", agentName), agentPubkeyHex, logger, counterpartyPrimaryHex: record?.counterparty_primary_pubkey ?? null }, {
+                    const verdict = await verifyBilateralSealCertificate({ persistence: getPersistence(agentName), agentPubkeyHex, logger, counterpartyPrimaryHex: record?.counterparty_primary_pubkey ?? null }, {
                         sessionId: sessionIdBytes,
                         sealedRoot: sealedRootBytes,
                         leafCount,
@@ -1318,7 +1357,7 @@ export async function startDaemon(config) {
                     waiter({ ok: false, reason: "malformed_certificate" });
                     return;
                 }
-                const result = await verifyUnilateralCertificate({ agentDir: join(celloDir, "agents", agentName), agentPubkeyHex, logger }, { sessionId, sealedRoot, leafCount, closeTimestamp: closeTs, frostSignature: frostSig, signatureType: sigType });
+                const result = await verifyUnilateralCertificate({ persistence: getPersistence(agentName), agentPubkeyHex, logger }, { sessionId, sealedRoot, leafCount, closeTimestamp: closeTs, frostSignature: frostSig, signatureType: sigType });
                 pendingUnilateralWaiters.delete(sidHex);
                 if (!result.ok) {
                     // SI-003: do NOT mark sealed when the certificate signature does not verify.
@@ -1374,7 +1413,7 @@ export async function startDaemon(config) {
     // ONLY on ok. Never trust the directory's "bilateral" claim.
     async function verifyAndApplyUpgradeConfirmed(agentName, agentPubkeyHex, sidHex, frame) {
         const result = await verifyUpgradeConfirmedCert({
-            logger, agentName, agentPubkeyHex, celloDir,
+            logger, agentName, agentPubkeyHex, persistence: getPersistence(agentName),
             getCounterpartyHex: (a, s) => sessionNodeManager.getSessionRecord(a, s)?.counterparty_pubkey ?? null,
         }, sidHex, frame);
         if (!result.ok)
@@ -1435,7 +1474,6 @@ export async function startDaemon(config) {
     // no_current_agent guard.
     const SESSION_TOOLS_REQUIRING_AGENT = [
         "cello_receive_session",
-        "cello_list_sessions",
     ];
     const NO_CURRENT_AGENT_RESPONSE = {
         ok: false,
@@ -1825,6 +1863,35 @@ export async function startDaemon(config) {
         // so the reader can tell a real gap from an empty transcript.
         return { ok: true, session_id: sessionId, messages, undecryptable };
     });
+    // cello_list_sessions: the discovery surface — every persisted session for the
+    // current agent (active, interrupted, sealed, seal_interrupted_pending), newest
+    // updated first. This is where cello_get_transcript / cello_get_sealed_receipt
+    // get their session ids; without it those by-id reads have no starting point,
+    // and the guidance strings that point here ("See cello_list_sessions") dead-end.
+    // Read from the persisted SQLite store, so it works after a daemon restart and
+    // from a fresh MCP connection (no in-memory session-node required).
+    handlers.set("cello_list_sessions", async (_params, connectionId) => {
+        const connState = perConnectionState.get(connectionId);
+        if (!connState || !connState.currentAgent) {
+            return NO_CURRENT_AGENT_RESPONSE;
+        }
+        const agentName = connState.currentAgent;
+        const sessions = sessionNodeManager
+            .getSessionsForAgent(agentName)
+            .map((row) => ({
+            sessionId: row.session_id,
+            agentName: row.agent_name,
+            counterpartyPubkey: row.counterparty_pubkey,
+            status: row.status,
+            messageCount: row.message_count ?? 0,
+            createdAt: new Date(row.created_at).toISOString(),
+            updatedAt: new Date(row.updated_at).toISOString(),
+            // interrupted_at is the canonical ISO interruption stamp; null for any
+            // session that was never interrupted (active/sealed).
+            interruptedAt: row.interrupted_at ?? null,
+        }));
+        return { ok: true, sessions };
+    });
     // DAEMON-003 IPC handlers: queue_failed_send and check_nonce (AC-010)
     handlers.set("queue_failed_send", async (params, _connectionId) => {
         const sessionId = params?.sessionId;