npm - @cfio/cohort-sync - Versions diffs - 0.5.0 → 0.6.0 - Mend

@cfio/cohort-sync 0.5.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -88,8 +88,8 @@ var init_keychain = __esm({
 });
 // src/hooks.ts
-import fs from "node:fs";
-import path from "node:path";
+import fs3 from "node:fs";
+import path3 from "node:path";
 // ../../node_modules/.pnpm/@sinclair+typebox@0.34.48/node_modules/@sinclair/typebox/build/esm/type/guard/value.mjs
 var value_exports = {};
@@ -4554,12 +4554,12 @@ function createApi(pathParts = []) {
             `API path is expected to be of the form \`api.moduleName.functionName\`. Found: \`${found}\``
           );
         }
-        const path2 = pathParts.slice(0, -1).join("/");
+        const path4 = pathParts.slice(0, -1).join("/");
         const exportName = pathParts[pathParts.length - 1];
         if (exportName === "default") {
-          return path2;
+          return path4;
         } else {
-          return path2 + ":" + exportName;
+          return path4 + ":" + exportName;
         }
       } else if (prop === Symbol.toStringTag) {
         return "FunctionReference";
@@ -7628,16 +7628,16 @@ var require_constants = __commonJS({
 });
 var require_node_gyp_build = __commonJS({
   "../common/temp/node_modules/.pnpm/node-gyp-build@4.8.4/node_modules/node-gyp-build/node-gyp-build.js"(exports, module) {
-    var fs2 = __require("fs");
-    var path2 = __require("path");
-    var os = __require("os");
+    var fs4 = __require("fs");
+    var path4 = __require("path");
+    var os3 = __require("os");
     var runtimeRequire = typeof __webpack_require__ === "function" ? __non_webpack_require__ : __require;
     var vars = process.config && process.config.variables || {};
     var prebuildsOnly = !!process.env.PREBUILDS_ONLY;
     var abi = process.versions.modules;
     var runtime = isElectron() ? "electron" : isNwjs() ? "node-webkit" : "node";
-    var arch = process.env.npm_config_arch || os.arch();
-    var platform = process.env.npm_config_platform || os.platform();
+    var arch = process.env.npm_config_arch || os3.arch();
+    var platform = process.env.npm_config_platform || os3.platform();
     var libc = process.env.LIBC || (isAlpine(platform) ? "musl" : "glibc");
     var armv = process.env.ARM_VERSION || (arch === "arm64" ? "8" : vars.arm_version) || "";
     var uv = (process.versions.uv || "").split(".")[0];
@@ -7646,21 +7646,21 @@ var require_node_gyp_build = __commonJS({
       return runtimeRequire(load.resolve(dir));
     }
     load.resolve = load.path = function(dir) {
-      dir = path2.resolve(dir || ".");
+      dir = path4.resolve(dir || ".");
       try {
-        var name = runtimeRequire(path2.join(dir, "package.json")).name.toUpperCase().replace(/-/g, "_");
+        var name = runtimeRequire(path4.join(dir, "package.json")).name.toUpperCase().replace(/-/g, "_");
         if (process.env[name + "_PREBUILD"]) dir = process.env[name + "_PREBUILD"];
       } catch (err) {
       }
       if (!prebuildsOnly) {
-        var release = getFirst(path2.join(dir, "build/Release"), matchBuild);
+        var release = getFirst(path4.join(dir, "build/Release"), matchBuild);
         if (release) return release;
-        var debug = getFirst(path2.join(dir, "build/Debug"), matchBuild);
+        var debug = getFirst(path4.join(dir, "build/Debug"), matchBuild);
         if (debug) return debug;
       }
       var prebuild = resolve(dir);
       if (prebuild) return prebuild;
-      var nearby = resolve(path2.dirname(process.execPath));
+      var nearby = resolve(path4.dirname(process.execPath));
       if (nearby) return nearby;
       var target = [
         "platform=" + platform,
@@ -7677,26 +7677,26 @@ var require_node_gyp_build = __commonJS({
       ].filter(Boolean).join(" ");
       throw new Error("No native build was found for " + target + "\n    loaded from: " + dir + "\n");
       function resolve(dir2) {
-        var tuples = readdirSync(path2.join(dir2, "prebuilds")).map(parseTuple);
+        var tuples = readdirSync(path4.join(dir2, "prebuilds")).map(parseTuple);
         var tuple = tuples.filter(matchTuple(platform, arch)).sort(compareTuples)[0];
         if (!tuple) return;
-        var prebuilds = path2.join(dir2, "prebuilds", tuple.name);
+        var prebuilds = path4.join(dir2, "prebuilds", tuple.name);
         var parsed = readdirSync(prebuilds).map(parseTags);
         var candidates = parsed.filter(matchTags(runtime, abi));
         var winner = candidates.sort(compareTags(runtime))[0];
-        if (winner) return path2.join(prebuilds, winner.file);
+        if (winner) return path4.join(prebuilds, winner.file);
       }
     };
     function readdirSync(dir) {
       try {
-        return fs2.readdirSync(dir);
+        return fs4.readdirSync(dir);
       } catch (err) {
         return [];
       }
     }
     function getFirst(dir, filter) {
       var files = readdirSync(dir).filter(filter);
-      return files[0] && path2.join(dir, files[0]);
+      return files[0] && path4.join(dir, files[0]);
     }
     function matchBuild(name) {
       return /\.node$/.test(name);
@@ -7783,7 +7783,7 @@ var require_node_gyp_build = __commonJS({
       return typeof window !== "undefined" && window.process && window.process.type === "renderer";
     }
     function isAlpine(platform2) {
-      return platform2 === "linux" && fs2.existsSync("/etc/alpine-release");
+      return platform2 === "linux" && fs4.existsSync("/etc/alpine-release");
     }
     load.parseTags = parseTags;
     load.matchTags = matchTags;
@@ -11502,110 +11502,6 @@ var _systemSchema = defineSchema({
   })
 });
-// src/gateway-rpc.ts
-import crypto from "node:crypto";
-function buildRequestFrame(id, method, params) {
-  return { id, type: "req", method, params };
-}
-function getPendingRequests() {
-  const g = globalThis;
-  const hot = g.__cohort_sync__ ?? (g.__cohort_sync__ = {});
-  if (!hot.pendingGatewayRequests) hot.pendingGatewayRequests = /* @__PURE__ */ new Map();
-  return hot.pendingGatewayRequests;
-}
-var authReady = null;
-function openGatewayConnection(port, token, logger) {
-  const ws = new WebSocket(`ws://127.0.0.1:${port}`);
-  let resolveAuth;
-  let rejectAuth;
-  let authSettled = false;
-  authReady = new Promise((res, rej) => {
-    resolveAuth = res;
-    rejectAuth = rej;
-  });
-  ws.addEventListener("open", () => {
-    ws.send(JSON.stringify({
-      minProtocol: 1,
-      maxProtocol: 1,
-      client: {
-        id: "gateway-client",
-        version: "1.0.0",
-        platform: process.platform,
-        mode: "backend"
-      },
-      auth: { token }
-    }));
-    logger.info(`cohort-sync: gateway WS connected to port ${port}, awaiting hello-ok`);
-  });
-  ws.addEventListener("message", (event) => {
-    try {
-      const data = JSON.parse(String(event.data));
-      if (data.type === "hello-ok") {
-        authSettled = true;
-        resolveAuth();
-        logger.info("cohort-sync: gateway WS authenticated");
-        return;
-      }
-      if (data.type === "hello-error" || data.type === "error") {
-        authSettled = true;
-        rejectAuth(new Error(`Gateway auth failed: ${data.message ?? data.error ?? "unknown"}`));
-        ws.close();
-        return;
-      }
-      const pending = getPendingRequests();
-      if (data.type === "res" && data.id && pending.has(data.id)) {
-        const entry = pending.get(data.id);
-        pending.delete(data.id);
-        clearTimeout(entry.timer);
-        if (data.ok) {
-          entry.resolve(data.payload);
-        } else {
-          entry.reject(new Error(`Gateway method failed: ${data.error?.message ?? "unknown"}`));
-        }
-      }
-    } catch {
-    }
-  });
-  ws.addEventListener("close", () => {
-    logger.warn("cohort-sync: gateway WS closed");
-    if (!authSettled) {
-      authSettled = true;
-      rejectAuth(new Error("Gateway WS closed during auth"));
-    }
-    const pending = getPendingRequests();
-    for (const [, { reject, timer }] of pending) {
-      clearTimeout(timer);
-      reject(new Error("Gateway WS closed"));
-    }
-    pending.clear();
-  });
-  ws.addEventListener("error", (err) => {
-    logger.error(`cohort-sync: gateway WS error: ${String(err)}`);
-  });
-  return ws;
-}
-async function callGatewayMethod(ws, method, params, timeoutMs = 1e4) {
-  if (!ws || ws.readyState !== WebSocket.OPEN) {
-    throw new Error("Gateway WS not connected");
-  }
-  if (authReady) await authReady;
-  const id = crypto.randomUUID();
-  const frame = buildRequestFrame(id, method, params);
-  const pending = getPendingRequests();
-  return new Promise((resolve, reject) => {
-    const timer = setTimeout(() => {
-      pending.delete(id);
-      reject(new Error(`Gateway method ${method} timed out after ${timeoutMs}ms`));
-    }, timeoutMs);
-    pending.set(id, {
-      resolve,
-      reject,
-      timer
-    });
-    ws.send(JSON.stringify(frame));
-  });
-}
 // src/cron-mapping.ts
 function formatSchedule(s) {
   switch (s.kind) {
@@ -11745,9 +11641,9 @@ function getHotState() {
       intervals: { heartbeat: null, activityFlush: null },
       activityBuffer: [],
       channelAgentBridge: {},
-      gatewayWs: null,
       gatewayPort: null,
       gatewayToken: null,
+      gatewayProtocolClient: null,
       commandSubscription: null
     };
     globalThis[HOT_KEY] = state;
@@ -11904,92 +11800,111 @@ function initCommandSubscription(cfg, logger, resolveAgentName) {
               return;
             }
             if (cmd.type.startsWith("cron")) {
-              const ws = getHotState().gatewayWs;
-              if (!ws || ws.readyState !== WebSocket.OPEN) {
-                logger.warn(`cohort-sync: gateway WS not connected, cannot execute ${cmd.type}`);
+              const hotState = getHotState();
+              const port = hotState.gatewayPort;
+              const token = hotState.gatewayToken;
+              if (!port || !token) {
+                logger.warn(`cohort-sync: no gateway port/token, cannot execute ${cmd.type}`);
                 continue;
               }
-              const nameMap = cfg.agentNameMap ?? {};
-              if (cmd.type === "cronEnable") {
-                await callGatewayMethod(ws, "cohort-sync/cron-update", {
-                  jobId: cmd.payload?.jobId,
-                  patch: { enabled: true }
-                });
-              } else if (cmd.type === "cronDisable") {
-                await callGatewayMethod(ws, "cohort-sync/cron-update", {
-                  jobId: cmd.payload?.jobId,
-                  patch: { enabled: false }
-                });
-              } else if (cmd.type === "cronDelete") {
-                await callGatewayMethod(ws, "cohort-sync/cron-remove", {
-                  jobId: cmd.payload?.jobId
-                });
-              } else if (cmd.type === "cronRunNow") {
-                const runResult = await callGatewayMethod(
-                  ws,
-                  "cohort-sync/cron-run",
-                  { jobId: cmd.payload?.jobId }
-                );
-                if (runResult?.ok && runResult?.ran) {
-                  const jobId = cmd.payload?.jobId;
-                  let polls = 0;
-                  const pollInterval = setInterval(async () => {
-                    polls++;
-                    if (polls >= 15) {
-                      clearInterval(pollInterval);
-                      return;
+              const gwClient = new GatewayClient(port, token, logger);
+              try {
+                await gwClient.connect();
+                const nameMap = cfg.agentNameMap ?? {};
+                switch (cmd.type) {
+                  case "cronEnable":
+                    await gwClient.request("cron.update", {
+                      jobId: cmd.payload?.jobId,
+                      patch: { enabled: true }
+                    });
+                    break;
+                  case "cronDisable":
+                    await gwClient.request("cron.update", {
+                      jobId: cmd.payload?.jobId,
+                      patch: { enabled: false }
+                    });
+                    break;
+                  case "cronDelete":
+                    await gwClient.request("cron.remove", {
+                      jobId: cmd.payload?.jobId
+                    });
+                    break;
+                  case "cronRunNow": {
+                    const runResult = await gwClient.request(
+                      "cron.run",
+                      { jobId: cmd.payload?.jobId }
+                    );
+                    if (runResult?.ok && runResult?.ran) {
+                      const jobId = cmd.payload?.jobId;
+                      let polls = 0;
+                      const pollInterval = setInterval(async () => {
+                        polls++;
+                        if (polls >= 15) {
+                          clearInterval(pollInterval);
+                          return;
+                        }
+                        try {
+                          const pollClient = getHotState().gatewayProtocolClient;
+                          if (!pollClient || !pollClient.isAlive()) {
+                            clearInterval(pollInterval);
+                            return;
+                          }
+                          const pollResult = await pollClient.request("cron.list");
+                          const freshJobs = Array.isArray(pollResult) ? pollResult : pollResult?.jobs ?? [];
+                          const job = freshJobs.find((j) => j.id === jobId);
+                          if (job && !job.state?.runningAtMs) {
+                            clearInterval(pollInterval);
+                            const mapped = freshJobs.map((j) => mapCronJob(j, resolveAgentName));
+                            await pushCronSnapshot(cfg.apiKey, mapped);
+                          }
+                        } catch {
+                        }
+                      }, 2e3);
                     }
-                    try {
-                      const pollWs = getHotState().gatewayWs;
-                      if (!pollWs || pollWs.readyState !== WebSocket.OPEN) {
-                        clearInterval(pollInterval);
-                        return;
-                      }
-                      const freshJobs = await callGatewayMethod(pollWs, "cohort-sync/cron-list");
-                      const job = freshJobs.find((j) => j.id === jobId);
-                      if (job && !job.state?.runningAtMs) {
-                        clearInterval(pollInterval);
-                        const mapped = freshJobs.map((j) => mapCronJob(j, resolveAgentName));
-                        await pushCronSnapshot(cfg.apiKey, mapped);
+                    break;
+                  }
+                  case "cronCreate": {
+                    const agentId = reverseResolveAgentName(cmd.payload?.agentId ?? "main", nameMap);
+                    await gwClient.request("cron.add", {
+                      job: {
+                        agentId,
+                        name: cmd.payload?.name,
+                        enabled: true,
+                        schedule: cmd.payload?.schedule,
+                        payload: { kind: "agentTurn", message: cmd.payload?.message },
+                        sessionTarget: "isolated",
+                        wakeMode: "now"
                       }
-                    } catch {
-                    }
-                  }, 2e3);
+                    });
+                    break;
+                  }
+                  case "cronUpdate": {
+                    const patch = {};
+                    if (cmd.payload?.name) patch.name = cmd.payload.name;
+                    if (cmd.payload?.schedule) patch.schedule = cmd.payload.schedule;
+                    if (cmd.payload?.message) patch.payload = { kind: "agentTurn", message: cmd.payload.message };
+                    if (cmd.payload?.agentId) patch.agentId = reverseResolveAgentName(cmd.payload.agentId, nameMap);
+                    await gwClient.request("cron.update", {
+                      jobId: cmd.payload?.jobId,
+                      patch
+                    });
+                    break;
+                  }
+                  default:
+                    logger.warn(`cohort-sync: unknown cron command type: ${cmd.type}`);
                 }
-              } else if (cmd.type === "cronCreate") {
-                const agentId = reverseResolveAgentName(cmd.payload?.agentId ?? "main", nameMap);
-                await callGatewayMethod(ws, "cohort-sync/cron-add", {
-                  job: {
-                    agentId,
-                    name: cmd.payload?.name,
-                    enabled: true,
-                    schedule: cmd.payload?.schedule,
-                    payload: { kind: "agentTurn", message: cmd.payload?.message },
-                    sessionTarget: "isolated",
-                    wakeMode: "now"
+                if (gwClient.isAlive()) {
+                  try {
+                    const snapResult = await gwClient.request("cron.list");
+                    const freshJobs = Array.isArray(snapResult) ? snapResult : snapResult?.jobs ?? [];
+                    const mapped = freshJobs.map((j) => mapCronJob(j, resolveAgentName));
+                    await pushCronSnapshot(cfg.apiKey, mapped);
+                  } catch (snapErr) {
+                    logger.warn(`cohort-sync: post-command snapshot push failed: ${String(snapErr)}`);
                   }
-                });
-              } else if (cmd.type === "cronUpdate") {
-                const patch = {};
-                if (cmd.payload?.name) patch.name = cmd.payload.name;
-                if (cmd.payload?.schedule) patch.schedule = cmd.payload.schedule;
-                if (cmd.payload?.message) patch.payload = { kind: "agentTurn", message: cmd.payload.message };
-                if (cmd.payload?.agentId) patch.agentId = reverseResolveAgentName(cmd.payload.agentId, nameMap);
-                await callGatewayMethod(ws, "cohort-sync/cron-update", {
-                  jobId: cmd.payload?.jobId,
-                  patch
-                });
-              } else {
-                logger.warn(`cohort-sync: unknown cron command type: ${cmd.type}`);
-              }
-              if (ws.readyState === WebSocket.OPEN) {
-                try {
-                  const freshJobs = await callGatewayMethod(ws, "cohort-sync/cron-list");
-                  const mapped = freshJobs.map((j) => mapCronJob(j, resolveAgentName));
-                  await pushCronSnapshot(cfg.apiKey, mapped);
-                } catch (snapErr) {
-                  logger.warn(`cohort-sync: post-command snapshot push failed: ${String(snapErr)}`);
                 }
+              } finally {
+                gwClient.close();
               }
             } else {
               logger.warn(`cohort-sync: unknown command type: ${cmd.type}`);
@@ -12044,6 +11959,13 @@ function closeSubscription() {
     }
     state.commandSubscription = null;
   }
+  if (state.gatewayProtocolClient) {
+    try {
+      state.gatewayProtocolClient.close();
+    } catch {
+    }
+    state.gatewayProtocolClient = null;
+  }
   client?.close();
   client = null;
   clearHotState();
@@ -12152,31 +12074,31 @@ var VALID_STATUSES = /* @__PURE__ */ new Set(["idle", "working", "waiting"]);
 function normalizeStatus(status) {
   return VALID_STATUSES.has(status) ? status : "idle";
 }
-async function v1Get(apiUrl, apiKey, path2) {
-  const res = await fetch(`${apiUrl.replace(/\/+$/, "")}${path2}`, {
+async function v1Get(apiUrl, apiKey, path4) {
+  const res = await fetch(`${apiUrl.replace(/\/+$/, "")}${path4}`, {
     headers: { Authorization: `Bearer ${apiKey}` },
     signal: AbortSignal.timeout(1e4)
   });
-  if (!res.ok) throw new Error(`GET ${path2} \u2192 ${res.status}`);
+  if (!res.ok) throw new Error(`GET ${path4} \u2192 ${res.status}`);
   return res.json();
 }
-async function v1Patch(apiUrl, apiKey, path2, body) {
-  const res = await fetch(`${apiUrl.replace(/\/+$/, "")}${path2}`, {
+async function v1Patch(apiUrl, apiKey, path4, body) {
+  const res = await fetch(`${apiUrl.replace(/\/+$/, "")}${path4}`, {
     method: "PATCH",
     headers: { Authorization: `Bearer ${apiKey}`, "Content-Type": "application/json" },
     body: JSON.stringify(body),
     signal: AbortSignal.timeout(1e4)
   });
-  if (!res.ok) throw new Error(`PATCH ${path2} \u2192 ${res.status}`);
+  if (!res.ok) throw new Error(`PATCH ${path4} \u2192 ${res.status}`);
 }
-async function v1Post(apiUrl, apiKey, path2, body) {
-  const res = await fetch(`${apiUrl.replace(/\/+$/, "")}${path2}`, {
+async function v1Post(apiUrl, apiKey, path4, body) {
+  const res = await fetch(`${apiUrl.replace(/\/+$/, "")}${path4}`, {
     method: "POST",
     headers: { Authorization: `Bearer ${apiKey}`, "Content-Type": "application/json" },
     body: JSON.stringify(body),
     signal: AbortSignal.timeout(1e4)
   });
-  if (!res.ok) throw new Error(`POST ${path2} \u2192 ${res.status}`);
+  if (!res.ok) throw new Error(`POST ${path4} \u2192 ${res.status}`);
 }
 async function checkForUpdate(currentVersion, logger) {
   try {
@@ -12344,64 +12266,542 @@ async function fullSync(agentName, model, cfg, logger, openClawAgents) {
   logger.info("cohort-sync: full sync complete");
 }
-// src/gateway-methods.ts
-function registerCronGatewayMethods(api) {
-  api.registerGatewayMethod("cohort-sync/cron-list", async ({ context, respond }) => {
-    try {
-      const jobs = await context.cron.list({ includeDisabled: true });
-      respond(true, jobs);
-    } catch (err) {
-      respond(false, void 0, {
-        code: "INTERNAL_ERROR",
-        message: (err instanceof Error ? err.message : String(err)).slice(0, 200)
-      });
+// src/gateway-client.ts
+import crypto2 from "node:crypto";
+// src/diag.ts
+import fs from "node:fs";
+import path from "node:path";
+import os from "node:os";
+var LOG_DIR = path.join(os.homedir(), ".openclaw", "logs", "cohort-sync");
+var LOG_PATH = path.join(LOG_DIR, "diag.log");
+var LOG_PATH_ROTATED = path.join(LOG_DIR, "diag.log.1");
+var MAX_LOG_SIZE = 5 * 1024 * 1024;
+var isDebug = process.env.COHORT_SYNC_DEBUG === "1";
+try {
+  fs.mkdirSync(LOG_DIR, { recursive: true, mode: 448 });
+} catch {
+}
+var writesSinceCheck = 0;
+function diag(label, data) {
+  if (!isDebug && !label.startsWith("HOOK_") && !label.startsWith("MODULE_") && !label.startsWith("REGISTER_") && !label.startsWith("GW_WS_AUTH") && !label.startsWith("GW_WS_CLOSED") && !label.startsWith("GW_WS_ERROR") && !label.startsWith("GW_CLIENT_") && !label.startsWith("HEARTBEAT_CRON")) {
+    return;
+  }
+  const ts = (/* @__PURE__ */ new Date()).toISOString();
+  const sanitized = data ? " " + JSON.stringify(data, (_k, v2) => {
+    if (typeof v2 === "string" && v2.length > 200) return v2.slice(0, 200) + "\u2026";
+    return v2;
+  }) : "";
+  const line = `[${ts}] ${label}${sanitized}
+`;
+  try {
+    fs.appendFileSync(LOG_PATH, line, { mode: 384 });
+    if (++writesSinceCheck >= 100) {
+      writesSinceCheck = 0;
+      const stat = fs.statSync(LOG_PATH);
+      if (stat.size > MAX_LOG_SIZE) {
+        try {
+          fs.unlinkSync(LOG_PATH_ROTATED);
+        } catch {
+        }
+        fs.renameSync(LOG_PATH, LOG_PATH_ROTATED);
+      }
     }
-  });
-  api.registerGatewayMethod("cohort-sync/cron-run", async ({ context, params, respond }) => {
-    try {
-      const result = await context.cron.run(params.jobId, "force");
-      respond(true, result);
-    } catch (err) {
-      respond(false, void 0, {
-        code: "CRON_RUN_FAILED",
-        message: (err instanceof Error ? err.message : String(err)).slice(0, 200)
-      });
+  } catch {
+  }
+}
+// src/device-identity-crypto.ts
+import crypto from "node:crypto";
+import fs2 from "node:fs";
+import path2 from "node:path";
+import os2 from "node:os";
+var IDENTITY_PATH = path2.join(os2.homedir(), ".openclaw", "extensions", "cohort-sync", ".device-identity.json");
+function loadOrCreateDeviceIdentity() {
+  try {
+    const data = JSON.parse(fs2.readFileSync(IDENTITY_PATH, "utf-8"));
+    if (data.deviceId && data.publicKeyPem && data.privateKeyPem) {
+      diag("GW_CLIENT_DEVICE_IDENTITY_LOADED", { deviceId: data.deviceId });
+      return data;
     }
+  } catch {
+  }
+  const { publicKey, privateKey } = crypto.generateKeyPairSync("ed25519");
+  const publicKeyPem = publicKey.export({ type: "spki", format: "pem" });
+  const privateKeyPem = privateKey.export({ type: "pkcs8", format: "pem" });
+  const publicKeyDer = publicKey.export({ type: "spki", format: "der" });
+  const rawPublicKey = publicKeyDer.subarray(publicKeyDer.length - 32);
+  const deviceId = crypto.createHash("sha256").update(rawPublicKey).digest("hex");
+  const identity = { deviceId, publicKeyPem, privateKeyPem };
+  try {
+    fs2.writeFileSync(IDENTITY_PATH, JSON.stringify(identity, null, 2), { mode: 384 });
+    diag("GW_CLIENT_DEVICE_IDENTITY_CREATED", { deviceId });
+  } catch (err) {
+    diag("GW_CLIENT_DEVICE_IDENTITY_WRITE_FAILED", { error: String(err) });
+  }
+  return identity;
+}
+function normalizeMetadata(value) {
+  if (typeof value !== "string") return "";
+  const trimmed = value.trim();
+  if (!trimmed) return "";
+  return trimmed.replace(/[A-Z]/g, (c) => String.fromCharCode(c.charCodeAt(0) + 32));
+}
+function buildDeviceAuthPayloadV3(params) {
+  return [
+    "v3",
+    params.deviceId,
+    params.clientId,
+    params.clientMode,
+    params.role,
+    params.scopes.join(","),
+    String(params.signedAtMs),
+    params.token ?? "",
+    params.nonce,
+    normalizeMetadata(params.platform),
+    normalizeMetadata(params.deviceFamily)
+  ].join("|");
+}
+function signPayload(privateKeyPem, payload) {
+  const key = crypto.createPrivateKey(privateKeyPem);
+  const signature = crypto.sign(null, Buffer.from(payload, "utf-8"), key);
+  return signature.toString("base64").replaceAll("+", "-").replaceAll("/", "_").replace(/=+$/, "");
+}
+// src/gateway-client.ts
+var ALLOWED_METHODS = /* @__PURE__ */ new Set([
+  "cron.list",
+  "cron.add",
+  "cron.update",
+  "cron.remove",
+  "cron.run",
+  "cron.runs",
+  "cron.status",
+  "channels.status",
+  "sessions.list",
+  "sessions.preview",
+  "agent",
+  "snapshot",
+  "system.presence"
+]);
+function buildConnectFrame(id, token, pluginVersion, identity, nonce) {
+  const signedAtMs = Date.now();
+  const payload = buildDeviceAuthPayloadV3({
+    deviceId: identity.deviceId,
+    clientId: "gateway-client",
+    clientMode: "backend",
+    role: "operator",
+    scopes: ["operator.read", "operator.write"],
+    signedAtMs,
+    token,
+    nonce,
+    platform: process.platform,
+    deviceFamily: null
   });
-  api.registerGatewayMethod("cohort-sync/cron-update", async ({ context, params, respond }) => {
-    try {
-      const result = await context.cron.update(params.jobId, params.patch);
-      respond(true, result);
-    } catch (err) {
-      respond(false, void 0, {
-        code: "CRON_UPDATE_FAILED",
-        message: (err instanceof Error ? err.message : String(err)).slice(0, 200)
+  const signature = signPayload(identity.privateKeyPem, payload);
+  return {
+    type: "req",
+    id,
+    method: "connect",
+    params: {
+      minProtocol: 3,
+      maxProtocol: 3,
+      client: {
+        id: "gateway-client",
+        version: pluginVersion,
+        platform: process.platform,
+        mode: "backend"
+      },
+      role: "operator",
+      scopes: ["operator.read", "operator.write"],
+      auth: { token },
+      device: {
+        id: identity.deviceId,
+        publicKey: identity.publicKeyPem,
+        signature,
+        signedAt: signedAtMs,
+        nonce
+      },
+      locale: "en-US",
+      userAgent: `cohort-sync/${pluginVersion}`
+    }
+  };
+}
+function parseHelloOk(response) {
+  if (!response.ok) {
+    const msg = response.error?.message ?? "unknown error";
+    throw new Error(`Gateway connect error: ${msg}`);
+  }
+  const payload = response.payload;
+  if (payload?.type === "hello-error") {
+    const msg = payload.message ?? "unknown error";
+    throw new Error(`hello-error: ${msg}`);
+  }
+  if (payload?.type !== "hello-ok") {
+    throw new Error(`Unexpected payload type: ${String(payload?.type ?? "missing")}`);
+  }
+  const policy = payload.policy ?? {};
+  const methods = payload.methods ?? [];
+  const events = payload.events ?? [];
+  return {
+    methods: new Set(methods),
+    events: new Set(events),
+    tickIntervalMs: policy.tickIntervalMs ?? 15e3,
+    snapshot: payload.snapshot
+  };
+}
+function getPendingRequests() {
+  const g = globalThis;
+  const hot = g.__cohort_sync__ ?? (g.__cohort_sync__ = {});
+  if (!hot.pendingGatewayRequests) hot.pendingGatewayRequests = /* @__PURE__ */ new Map();
+  return hot.pendingGatewayRequests;
+}
+var GatewayClient2 = class {
+  port;
+  logger;
+  ws = null;
+  alive = false;
+  tickWatchdog = null;
+  reconnectTimer = null;
+  reconnectAttempts = 0;
+  closed = false;
+  eventHandlers = /* @__PURE__ */ new Map();
+  pluginVersion;
+  tickIntervalMs = 15e3;
+  // default; overwritten by hello-ok response
+  deviceIdentity;
+  /** Public Sets populated from hello-ok — consumers can inspect gateway capabilities */
+  availableMethods = /* @__PURE__ */ new Set();
+  availableEvents = /* @__PURE__ */ new Set();
+  /**
+   * @param port - Gateway WebSocket port
+   * @param token - Auth token (stored in closure via constructor param, NOT on this or globalThis)
+   * @param logger - RuntimeLogger from plugin SDK
+   * @param pluginVersion - Version string for the connect frame userAgent
+   */
+  constructor(port, token, logger, pluginVersion = "0.5.0") {
+    this.port = port;
+    this.logger = logger;
+    this.pluginVersion = pluginVersion;
+    this.deviceIdentity = loadOrCreateDeviceIdentity();
+    this._getToken = () => token;
+  }
+  /** Token accessor — closure over constructor param */
+  _getToken;
+  /**
+   * Connect to the gateway, perform the protocol v3 handshake, and start
+   * the tick watchdog.
+   *
+   * Flow:
+   *  1. Open WebSocket to ws://127.0.0.1:{port}
+   *  2. Wait up to 500ms for connect.challenge event (optional)
+   *  3. Send connect request frame
+   *  4. Wait for hello-ok response
+   *  5. Start tick watchdog at 2.5x tickIntervalMs
+   */
+  async connect() {
+    if (this.closed) throw new Error("GatewayClient has been closed");
+    diag("GW_CLIENT_CONNECTING", { port: this.port });
+    return new Promise((resolve, reject) => {
+      const ws = new WebSocket(`ws://127.0.0.1:${this.port}`);
+      this.ws = ws;
+      let settled = false;
+      const settle = (err) => {
+        if (settled) return;
+        settled = true;
+        if (err) {
+          this.alive = false;
+          reject(err);
+        } else {
+          resolve();
+        }
+      };
+      const handshakeTimeout = setTimeout(() => {
+        settle(new Error("Gateway handshake timed out after 10000ms"));
+        ws.close();
+      }, 1e4);
+      ws.addEventListener("open", () => {
+        diag("GW_CLIENT_WS_OPEN", { port: this.port });
+        let challengeReceived = false;
+        let challengeNonce = "";
+        const challengeTimer = setTimeout(() => {
+          if (!challengeReceived) {
+            diag("GW_CLIENT_NO_CHALLENGE", { waited: 500 });
+            sendConnect();
+          }
+        }, 500);
+        const onChallengeMessage = (event) => {
+          try {
+            const data = JSON.parse(String(event.data));
+            if (data.type === "event" && data.event === "connect.challenge") {
+              challengeReceived = true;
+              clearTimeout(challengeTimer);
+              challengeNonce = data.payload?.nonce ?? "";
+              diag("GW_CLIENT_CHALLENGE_RECEIVED", { hasNonce: !!challengeNonce });
+              sendConnect();
+            }
+          } catch {
+          }
+        };
+        ws.addEventListener("message", onChallengeMessage);
+        const sendConnect = () => {
+          ws.removeEventListener("message", onChallengeMessage);
+          const id = crypto2.randomUUID();
+          const frame = buildConnectFrame(
+            id,
+            this._getToken(),
+            this.pluginVersion,
+            this.deviceIdentity,
+            challengeNonce
+          );
+          diag("GW_CLIENT_SENDING_CONNECT", { id, protocol: 3 });
+          ws.send(JSON.stringify(frame));
+          const onHelloMessage = (event) => {
+            try {
+              const data = JSON.parse(String(event.data));
+              if (data.type === "res" && data.id === id) {
+                ws.removeEventListener("message", onHelloMessage);
+                clearTimeout(handshakeTimeout);
+                try {
+                  const result = parseHelloOk(data);
+                  this.availableMethods = result.methods;
+                  this.availableEvents = result.events;
+                  this.tickIntervalMs = result.tickIntervalMs;
+                  this.alive = true;
+                  this.reconnectAttempts = 0;
+                  diag("GW_CLIENT_HELLO_OK", {
+                    methods: result.methods.size,
+                    events: result.events.size,
+                    tickIntervalMs: result.tickIntervalMs
+                  });
+                  this.startTickWatchdog(result.tickIntervalMs);
+                  ws.addEventListener("message", (ev) => this.handleMessage(ev));
+                  if (result.snapshot) {
+                    this.emit("snapshot", result.snapshot);
+                  }
+                  this.logger.info("cohort-sync: gateway client connected (protocol v3)");
+                  settle();
+                } catch (err) {
+                  diag("GW_CLIENT_HELLO_FAILED", { error: String(err) });
+                  settle(err instanceof Error ? err : new Error(String(err)));
+                  ws.close();
+                }
+              }
+            } catch {
+            }
+          };
+          ws.addEventListener("message", onHelloMessage);
+        };
+      });
+      ws.addEventListener("close", () => {
+        clearTimeout(handshakeTimeout);
+        this.alive = false;
+        this.stopTickWatchdog();
+        diag("GW_CLIENT_WS_CLOSED", { port: this.port });
+        this.logger.warn("cohort-sync: gateway client WebSocket closed");
+        const pending = getPendingRequests();
+        for (const [, entry] of pending) {
+          clearTimeout(entry.timer);
+          entry.reject(new Error("Gateway WebSocket closed"));
+        }
+        pending.clear();
+        if (!settled) {
+          settle(new Error("Gateway WebSocket closed during handshake"));
+        }
+        if (!this.closed) {
+          this.scheduleReconnect();
+        }
       });
+      ws.addEventListener("error", (err) => {
+        diag("GW_CLIENT_WS_ERROR", { error: String(err) });
+        this.logger.error(`cohort-sync: gateway client WS error: ${String(err)}`);
+      });
+    });
+  }
+  /**
+   * Whether the WebSocket is open and the handshake completed successfully.
+   */
+  isAlive() {
+    return this.alive && this.ws !== null && this.ws.readyState === WebSocket.OPEN;
+  }
+  /**
+   * Register an event handler for gateway events (tick, cron.changed, etc.).
+   */
+  on(event, handler) {
+    let handlers = this.eventHandlers.get(event);
+    if (!handlers) {
+      handlers = /* @__PURE__ */ new Set();
+      this.eventHandlers.set(event, handlers);
     }
-  });
-  api.registerGatewayMethod("cohort-sync/cron-remove", async ({ context, params, respond }) => {
-    try {
-      const result = await context.cron.remove(params.jobId);
-      respond(true, result);
-    } catch (err) {
-      respond(false, void 0, {
-        code: "CRON_REMOVE_FAILED",
-        message: (err instanceof Error ? err.message : String(err)).slice(0, 200)
+    handlers.add(handler);
+  }
+  /**
+   * Send a request to the gateway and wait for the response.
+   *
+   * Validates the method against ALLOWED_METHODS to prevent accidentally
+   * calling admin or unauthorized methods.
+   */
+  async request(method, params, timeoutMs = 1e4) {
+    if (!ALLOWED_METHODS.has(method)) {
+      throw new Error(`Method "${method}" is not in ALLOWED_METHODS`);
+    }
+    if (!this.isAlive()) {
+      throw new Error("Gateway client is not connected");
+    }
+    const id = crypto2.randomUUID();
+    const frame = {
+      type: "req",
+      id,
+      method,
+      params
+    };
+    const pending = getPendingRequests();
+    return new Promise((resolve, reject) => {
+      const timer = setTimeout(() => {
+        pending.delete(id);
+        reject(new Error(`Gateway method "${method}" timed out after ${timeoutMs}ms`));
+      }, timeoutMs);
+      pending.set(id, {
+        resolve,
+        reject,
+        timer
       });
+      this.ws.send(JSON.stringify(frame));
+    });
+  }
+  /**
+   * Clean shutdown — close WebSocket, clear timers, reject pending requests.
+   */
+  close() {
+    this.closed = true;
+    this.alive = false;
+    this.stopTickWatchdog();
+    if (this.reconnectTimer) {
+      clearTimeout(this.reconnectTimer);
+      this.reconnectTimer = null;
     }
-  });
-  api.registerGatewayMethod("cohort-sync/cron-add", async ({ context, params, respond }) => {
+    const pending = getPendingRequests();
+    for (const [, entry] of pending) {
+      clearTimeout(entry.timer);
+      entry.reject(new Error("Gateway client closed"));
+    }
+    pending.clear();
+    if (this.ws) {
+      this.ws.close();
+      this.ws = null;
+    }
+    diag("GW_CLIENT_CLOSED", { port: this.port });
+    this.logger.info("cohort-sync: gateway client closed");
+  }
+  // -------------------------------------------------------------------------
+  // Private methods
+  // -------------------------------------------------------------------------
+  /**
+   * Route incoming WebSocket messages to the appropriate handler.
+   *
+   * Frame types:
+   *  - "res" → resolve/reject a pending request
+   *  - "event" → dispatch to registered event handlers; reset tick watchdog on tick
+   */
+  handleMessage(event) {
     try {
-      const result = await context.cron.add(params.job);
-      respond(true, result);
-    } catch (err) {
-      respond(false, void 0, {
-        code: "CRON_ADD_FAILED",
-        message: (err instanceof Error ? err.message : String(err)).slice(0, 200)
-      });
+      const data = JSON.parse(String(event.data));
+      if (data.type === "res") {
+        this.handleResponse(data);
+      } else if (data.type === "event") {
+        this.handleEvent(data);
+      }
+    } catch {
     }
-  });
-}
+  }
+  handleResponse(frame) {
+    const pending = getPendingRequests();
+    const entry = pending.get(frame.id);
+    if (!entry) return;
+    pending.delete(frame.id);
+    clearTimeout(entry.timer);
+    if (frame.ok) {
+      entry.resolve(frame.payload);
+    } else {
+      entry.reject(new Error(`Gateway method failed: ${frame.error?.message ?? "unknown error"}`));
+    }
+  }
+  handleEvent(frame) {
+    if (frame.event === "tick") {
+      this.resetTickWatchdog();
+    }
+    this.emit(frame.event, frame.payload);
+  }
+  emit(event, payload) {
+    const handlers = this.eventHandlers.get(event);
+    if (handlers) {
+      for (const handler of handlers) {
+        try {
+          handler(payload);
+        } catch (err) {
+          this.logger.error(`cohort-sync: event handler error for "${event}": ${String(err)}`);
+        }
+      }
+    }
+  }
+  /**
+   * Start the tick watchdog timer.
+   *
+   * The gateway sends tick events at tickIntervalMs. If we don't receive
+   * one within 2.5x that interval, the connection is considered dead.
+   */
+  startTickWatchdog(tickIntervalMs) {
+    this.stopTickWatchdog();
+    const watchdogMs = Math.round(tickIntervalMs * 2.5);
+    this.tickWatchdog = setTimeout(() => {
+      diag("GW_CLIENT_TICK_TIMEOUT", { watchdogMs });
+      this.logger.warn(`cohort-sync: tick watchdog expired after ${watchdogMs}ms \u2014 closing connection`);
+      this.alive = false;
+      this.ws?.close();
+    }, watchdogMs);
+  }
+  resetTickWatchdog() {
+    if (this.tickWatchdog) {
+      this.startTickWatchdog(this.tickIntervalMs);
+    }
+  }
+  stopTickWatchdog() {
+    if (this.tickWatchdog) {
+      clearTimeout(this.tickWatchdog);
+      this.tickWatchdog = null;
+    }
+  }
+  /**
+   * Schedule a reconnection attempt with exponential backoff and jitter.
+   *
+   * Backoff: 1s base, doubles each attempt, capped at 30s.
+   * Jitter: +/- 25% randomization to avoid thundering herd.
+   */
+  scheduleReconnect() {
+    if (this.closed) return;
+    const baseMs = Math.min(1e3 * Math.pow(2, this.reconnectAttempts), 3e4);
+    const jitter = baseMs * 0.25 * (Math.random() * 2 - 1);
+    const delayMs = Math.round(Math.max(baseMs + jitter, 1e3));
+    this.reconnectAttempts++;
+    diag("GW_CLIENT_RECONNECT_SCHEDULED", {
+      attempt: this.reconnectAttempts,
+      delayMs
+    });
+    this.reconnectTimer = setTimeout(async () => {
+      this.reconnectTimer = null;
+      try {
+        diag("GW_CLIENT_RECONNECTING", { attempt: this.reconnectAttempts });
+        await this.connect();
+        diag("GW_CLIENT_RECONNECTED", { attempt: this.reconnectAttempts });
+      } catch (err) {
+        diag("GW_CLIENT_RECONNECT_FAILED", {
+          attempt: this.reconnectAttempts,
+          error: String(err)
+        });
+      }
+    }, delayMs);
+  }
+};
 // src/agent-state.ts
 import { basename } from "node:path";
@@ -12902,20 +13302,6 @@ var POCKET_GUIDE = `# Cohort Agent Guide (Pocket Version)
 // src/hooks.ts
 var BUILD_ID = "B9-ACCOUNTID-20260311";
-var DIAG_LOG_PATH = "/tmp/cohort-sync-diag.log";
-function diag(label, data) {
-  const ts = (/* @__PURE__ */ new Date()).toISOString();
-  const payload = data ? " " + JSON.stringify(data, (_k, v2) => {
-    if (typeof v2 === "string" && v2.length > 200) return v2.slice(0, 200) + "\u2026";
-    return v2;
-  }) : "";
-  const line = `[${ts}] ${label}${payload}
-`;
-  try {
-    fs.appendFileSync(DIAG_LOG_PATH, line);
-  } catch {
-  }
-}
 function dumpCtx(ctx) {
   if (!ctx || typeof ctx !== "object") return { _raw: String(ctx) };
   const out = {};
@@ -12940,16 +13326,64 @@ function dumpEvent(event) {
 }
 var PLUGIN_VERSION = "unknown";
 try {
-  const pkgPath = path.join(path.dirname(new URL(import.meta.url).pathname), "package.json");
-  const pkgJson = JSON.parse(fs.readFileSync(pkgPath, "utf8"));
+  const pkgPath = path3.join(path3.dirname(new URL(import.meta.url).pathname), "package.json");
+  const pkgJson = JSON.parse(fs3.readFileSync(pkgPath, "utf8"));
   PLUGIN_VERSION = pkgJson.version ?? "unknown";
 } catch {
 }
 diag("MODULE_LOADED", { BUILD_ID, PLUGIN_VERSION });
+var lastCronSnapshotJson = "";
+function resolveGatewayToken(api) {
+  const rawToken = api.config?.gateway?.auth?.token;
+  if (typeof rawToken === "string") return rawToken;
+  if (rawToken && typeof rawToken === "object" && rawToken.source === "env") {
+    return process.env[rawToken.id] ?? null;
+  }
+  return null;
+}
+async function quickCronSync(port, token, cfg, resolveAgentName, logger) {
+  const client2 = new GatewayClient2(port, token, logger, PLUGIN_VERSION);
+  try {
+    await client2.connect();
+    const result = await client2.request("cron.list", { includeDisabled: true });
+    diag("GW_CLIENT_CRON_LIST_RESULT", { type: typeof result, isArray: Array.isArray(result), keys: result && typeof result === "object" ? Object.keys(result) : [], length: Array.isArray(result) ? result.length : void 0 });
+    const jobs = Array.isArray(result) ? result : result?.jobs ?? [];
+    const mapped = jobs.map((j) => mapCronJob(j, resolveAgentName));
+    const serialized = JSON.stringify(mapped);
+    if (serialized !== lastCronSnapshotJson) {
+      await pushCronSnapshot(cfg.apiKey, mapped);
+      lastCronSnapshotJson = serialized;
+      diag("HEARTBEAT_CRON_PUSHED", { count: mapped.length });
+    } else {
+      diag("HEARTBEAT_CRON_UNCHANGED", {});
+    }
+  } finally {
+    client2.close();
+  }
+}
+function registerCronEventHandlers(client2, cfg, resolveAgentName) {
+  if (client2.availableEvents.has("cron")) {
+    let debounceTimer = null;
+    client2.on("cron", () => {
+      if (debounceTimer) clearTimeout(debounceTimer);
+      debounceTimer = setTimeout(async () => {
+        try {
+          const cronResult = await client2.request("cron.list", { includeDisabled: true });
+          const jobs = Array.isArray(cronResult) ? cronResult : cronResult?.jobs ?? [];
+          const mapped = jobs.map((j) => mapCronJob(j, resolveAgentName));
+          await pushCronSnapshot(cfg.apiKey, mapped);
+          diag("CRON_EVENT_PUSHED", { count: mapped.length });
+        } catch (err) {
+          diag("CRON_EVENT_PUSH_FAILED", { error: String(err) });
+        }
+      }, 2e3);
+    });
+  }
+}
 function parseIdentityFile(workspaceDir) {
   try {
-    const filePath = path.join(workspaceDir, "IDENTITY.md");
-    const content = fs.readFileSync(filePath, "utf-8");
+    const filePath = path3.join(workspaceDir, "IDENTITY.md");
+    const content = fs3.readFileSync(filePath, "utf-8");
     const identity = {};
     for (const line of content.split(/\r?\n/)) {
       const cleaned = line.trim().replace(/^\s*-\s*/, "");
@@ -12987,8 +13421,8 @@ function getOrCreateTracker() {
   state.tracker = fresh;
   return fresh;
 }
-var STATE_FILE_PATH = path.join(
-  path.dirname(new URL(import.meta.url).pathname),
+var STATE_FILE_PATH = path3.join(
+  path3.dirname(new URL(import.meta.url).pathname),
   ".session-state.json"
 );
 function saveSessionsToDisk(tracker) {
@@ -13005,14 +13439,14 @@ function saveSessionsToDisk(tracker) {
         data.sessions.push({ agentName: name, key });
       }
     }
-    fs.writeFileSync(STATE_FILE_PATH, JSON.stringify(data));
+    fs3.writeFileSync(STATE_FILE_PATH, JSON.stringify(data));
   } catch {
   }
 }
 function loadSessionsFromDisk(tracker, logger) {
   try {
-    if (!fs.existsSync(STATE_FILE_PATH)) return;
-    const data = JSON.parse(fs.readFileSync(STATE_FILE_PATH, "utf8"));
+    if (!fs3.existsSync(STATE_FILE_PATH)) return;
+    const data = JSON.parse(fs3.readFileSync(STATE_FILE_PATH, "utf8"));
     if (Date.now() - new Date(data.savedAt).getTime() > 864e5) {
       logger.info("cohort-sync: disk session state too old (>24h), skipping");
       return;
@@ -13059,7 +13493,6 @@ function registerHooks(api, cfg) {
   const tracker = getOrCreateTracker();
   let heartbeatInterval = null;
   let activityFlushInterval = null;
-  registerCronGatewayMethods(api);
   logger.info(`cohort-sync: registerHooks [${BUILD_ID}]`);
   diag("REGISTER_HOOKS", {
     BUILD_ID,
@@ -13200,6 +13633,19 @@ function registerHooks(api, cfg) {
     const unsub = initCommandSubscription(cfg, logger, resolveAgentName);
     hotState.commandSubscription = unsub;
   }
+  {
+    const port = api.config?.gateway?.port;
+    const token = resolveGatewayToken(api);
+    if (port && token) {
+      const hotState = getHotState();
+      hotState.gatewayPort = port;
+      hotState.gatewayToken = token;
+      diag("REGISTER_HOOKS_CRON_SYNC", { port });
+      quickCronSync(port, token, cfg, resolveAgentName, logger).catch((err) => {
+        diag("REGISTER_HOOKS_CRON_SYNC_FAILED", { error: String(err) });
+      });
+    }
+  }
   api.registerTool((toolCtx) => {
     const agentId = toolCtx.agentId ?? "main";
     const agentName = resolveAgentName(agentId);
@@ -13349,18 +13795,6 @@ Do not attempt to make more comments until ${resetAt}.`
       }
     }
     saveSessionsToDisk(tracker);
-    const ws = getHotState().gatewayWs;
-    if (ws && ws.readyState === WebSocket.OPEN) {
-      try {
-        const jobs = await callGatewayMethod(ws, "cohort-sync/cron-list");
-        const mapped = jobs.map((j) => mapCronJob(j, resolveAgentName));
-        await pushCronSnapshot(cfg.apiKey, mapped);
-      } catch (err) {
-        logger.warn(`cohort-sync: cron list failed: ${String(err)}`);
-      }
-    } else {
-      logger.warn("cohort-sync: gateway WS not connected \u2014 skipping cron snapshot");
-    }
     logger.info(`cohort-sync: heartbeat pushed for ${allAgentIds.length} agents`);
   }
   async function flushActivityBuffer() {
@@ -13400,20 +13834,28 @@ Do not attempt to make more comments until ${resetAt}.`
     diag("GATEWAY_START_BRIDGE_AFTER_SEED", { bridge: { ...getHotState().channelAgentBridge } });
     const hotState = getHotState();
     hotState.gatewayPort = event.port;
-    const rawToken = api.config?.gateway?.auth?.token;
-    if (typeof rawToken === "string") {
-      hotState.gatewayToken = rawToken;
-    } else if (rawToken && typeof rawToken === "object" && rawToken.source === "env") {
-      hotState.gatewayToken = process.env[rawToken.id] ?? null;
-    } else {
-      hotState.gatewayToken = null;
-    }
-    if (!hotState.gatewayWs || hotState.gatewayWs.readyState !== WebSocket.OPEN) {
-      if (hotState.gatewayToken) {
-        hotState.gatewayWs = openGatewayConnection(event.port, hotState.gatewayToken, logger);
-      } else {
-        logger.warn("cohort-sync: no gateway auth token in config \u2014 cron operations disabled");
+    const token = resolveGatewayToken(api);
+    if (token) {
+      diag("GW_CLIENT_CONNECTING", { port: event.port, hasToken: true });
+      try {
+        const client2 = new GatewayClient2(event.port, token, logger, PLUGIN_VERSION);
+        await client2.connect();
+        hotState.gatewayProtocolClient = client2;
+        registerCronEventHandlers(client2, cfg, resolveAgentName);
+        diag("GW_CLIENT_CONNECTED", { methods: client2.availableMethods.size, events: client2.availableEvents.size });
+        const cronResult = await client2.request("cron.list", { includeDisabled: true });
+        const jobs = Array.isArray(cronResult) ? cronResult : cronResult?.jobs ?? [];
+        const mapped = jobs.map((j) => mapCronJob(j, resolveAgentName));
+        await pushCronSnapshot(cfg.apiKey, mapped);
+        lastCronSnapshotJson = JSON.stringify(mapped);
+        diag("GW_CLIENT_INITIAL_CRON_PUSH", { count: mapped.length });
+      } catch (err) {
+        diag("GW_CLIENT_CONNECT_FAILED", { error: String(err) });
+        logger.error(`cohort-sync: gateway client connect failed: ${String(err)}`);
       }
+    } else {
+      diag("GW_CLIENT_NO_TOKEN", {});
+      logger.warn("cohort-sync: no gateway auth token \u2014 cron operations disabled");
     }
     await initSubscription(
       event.port,

package/dist/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cfio/cohort-sync",
-  "version": "0.5.0",
+  "version": "0.6.0",
   "description": "Syncs agent status and skills to Cohort dashboard",
   "type": "module",
   "main": "index.js",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cfio/cohort-sync",
-  "version": "0.5.0",
+  "version": "0.6.0",
   "description": "Syncs agent status and skills to Cohort dashboard",
   "license": "MIT",
   "homepage": "https://docs.cohort.bot/gateway",