@clsh/agent 0.0.1

package/dist/auth.d.ts

@@ -0,0 +1,37 @@
+import { type JWTPayload } from 'jose';
+import type { DbStatements } from './db.js';
+/**
+ * Generates a cryptographically secure bootstrap token (256-bit, base64url encoded).
+ * This token is shown once in the terminal and used for initial authentication.
+ */
+export declare function generateBootstrapToken(): string;
+/**
+ * Returns the SHA-256 hex digest of the given token.
+ * Only the hash is stored in the database -- never the raw token.
+ */
+export declare function hashToken(token: string): string;
+/**
+ * Verifies a bootstrap token candidate against the database.
+ * Tokens expire after 5 minutes — long enough for the user to scan the QR
+ * in Safari, add the PWA to their home screen, and re-authenticate, but
+ * short enough to limit exposure if the QR code is intercepted.
+ */
+export declare function verifyBootstrapToken(statements: DbStatements, candidateToken: string): boolean;
+export interface SessionJWTClaims {
+    email?: string;
+    authMethod: 'bootstrap';
+}
+/**
+ * Creates a signed JWT for an authenticated session.
+ * Uses HS256 with an 8-hour expiry and a random JTI for uniqueness.
+ */
+export declare function createSessionJWT(claims: SessionJWTClaims, secret: string): Promise<string>;
+export interface VerifiedJWT {
+    payload: JWTPayload;
+}
+/**
+ * Verifies a JWT token and returns the decoded payload.
+ * Throws if the token is invalid, expired, or tampered with.
+ */
+export declare function verifyJWT(token: string, secret: string): Promise<VerifiedJWT>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAsB,KAAK,UAAU,EAAE,MAAM,MAAM,CAAC;AAC3D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C;;;GAGG;AACH,wBAAgB,sBAAsB,IAAI,MAAM,CAE/C;AAED;;;GAGG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE/C;AAKD;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAClC,UAAU,EAAE,YAAY,EACxB,cAAc,EAAE,MAAM,GACrB,OAAO,CAQT;AAED,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,WAAW,CAAC;CACzB;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,gBAAgB,EACxB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAYjB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,UAAU,CAAC;CACrB;AAED;;;GAGG;AACH,wBAAsB,SAAS,CAC7B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,WAAW,CAAC,CAStB"}

package/dist/auth.js

@@ -0,0 +1,62 @@
+import { randomBytes, createHash, randomUUID } from 'node:crypto';
+import { SignJWT, jwtVerify } from 'jose';
+/**
+ * Generates a cryptographically secure bootstrap token (256-bit, base64url encoded).
+ * This token is shown once in the terminal and used for initial authentication.
+ */
+export function generateBootstrapToken() {
+    return randomBytes(32).toString('base64url');
+}
+/**
+ * Returns the SHA-256 hex digest of the given token.
+ * Only the hash is stored in the database -- never the raw token.
+ */
+export function hashToken(token) {
+    return createHash('sha256').update(token).digest('hex');
+}
+/** How long a bootstrap token remains valid after creation (5 minutes). */
+const BOOTSTRAP_TOKEN_TTL_MS = 5 * 60 * 1000;
+/**
+ * Verifies a bootstrap token candidate against the database.
+ * Tokens expire after 5 minutes — long enough for the user to scan the QR
+ * in Safari, add the PWA to their home screen, and re-authenticate, but
+ * short enough to limit exposure if the QR code is intercepted.
+ */
+export function verifyBootstrapToken(statements, candidateToken) {
+    const hash = hashToken(candidateToken);
+    const row = statements.getBootstrapToken.get(hash);
+    if (!row)
+        return false;
+    const createdAt = new Date(row.created_at + 'Z').getTime(); // SQLite datetime is UTC without 'Z'
+    const age = Date.now() - createdAt;
+    return age < BOOTSTRAP_TOKEN_TTL_MS;
+}
+/**
+ * Creates a signed JWT for an authenticated session.
+ * Uses HS256 with an 8-hour expiry and a random JTI for uniqueness.
+ */
+export async function createSessionJWT(claims, secret) {
+    const secretKey = new TextEncoder().encode(secret);
+    const jti = randomUUID();
+    return new SignJWT({ ...claims })
+        .setProtectedHeader({ alg: 'HS256' })
+        .setIssuedAt()
+        .setExpirationTime('30d')
+        .setJti(jti)
+        .setIssuer('clsh-agent')
+        .setSubject(claims.email ?? 'local')
+        .sign(secretKey);
+}
+/**
+ * Verifies a JWT token and returns the decoded payload.
+ * Throws if the token is invalid, expired, or tampered with.
+ */
+export async function verifyJWT(token, secret) {
+    const secretKey = new TextEncoder().encode(secret);
+    const { payload } = await jwtVerify(token, secretKey, {
+        issuer: 'clsh-agent',
+        algorithms: ['HS256'],
+    });
+    return { payload };
+}
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAmB,MAAM,MAAM,CAAC;AAG3D;;;GAGG;AACH,MAAM,UAAU,sBAAsB;IACpC,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC1D,CAAC;AAED,2EAA2E;AAC3E,MAAM,sBAAsB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAE7C;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAClC,UAAwB,EACxB,cAAsB;IAEtB,MAAM,IAAI,GAAG,SAAS,CAAC,cAAc,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,UAAU,CAAC,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IAEvB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,qCAAqC;IACjG,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IACnC,OAAO,GAAG,GAAG,sBAAsB,CAAC;AACtC,CAAC;AAOD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,MAAwB,EACxB,MAAc;IAEd,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IAEzB,OAAO,IAAI,OAAO,CAAC,EAAE,GAAG,MAAM,EAAE,CAAC;SAC9B,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;SACpC,WAAW,EAAE;SACb,iBAAiB,CAAC,KAAK,CAAC;SACxB,MAAM,CAAC,GAAG,CAAC;SACX,SAAS,CAAC,YAAY,CAAC;SACvB,UAAU,CAAC,MAAM,CAAC,KAAK,IAAI,OAAO,CAAC;SACnC,IAAI,CAAC,SAAS,CAAC,CAAC;AACrB,CAAC;AAMD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,KAAa,EACb,MAAc;IAEd,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAEnD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,SAAS,EAAE;QACpD,MAAM,EAAE,YAAY;QACpB,UAAU,EAAE,CAAC,OAAO,CAAC;KACtB,CAAC,CAAC;IAEH,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,23 @@
+export interface AgentConfig {
+    port: number;
+    /** Port that the ngrok tunnel should forward to.
+     *  In dev, set WEB_PORT=4031 so the tunnel hits the Vite dev server
+     *  (which proxies /api and /ws to the agent). In production this
+     *  defaults to `port` because the agent serves the built web UI. */
+    webPort: number;
+    jwtSecret: string;
+    ngrokAuthtoken: string | undefined;
+    /** Optional static ngrok domain (e.g. "my-name.ngrok-free.app").
+     *  Free ngrok accounts get one static domain — set NGROK_STATIC_DOMAIN
+     *  in .env to keep the same URL across restarts. */
+    ngrokStaticDomain: string | undefined;
+    /** Force a specific tunnel method: 'ngrok', 'ssh', or 'local'.
+     *  If unset, auto-detects (ngrok → ssh → local). Set TUNNEL=ssh to skip ngrok. */
+    tunnelMethod: 'ngrok' | 'ssh' | 'local' | undefined;
+    resendApiKey: string | undefined;
+    dbPath: string;
+    /** Set CLSH_NO_TMUX=1 to disable tmux session persistence even when tmux is available. */
+    tmuxDisabled: boolean;
+}
+export declare function loadConfig(): AgentConfig;
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb;;;wEAGoE;IACpE,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,GAAG,SAAS,CAAC;IACnC;;wDAEoD;IACpD,iBAAiB,EAAE,MAAM,GAAG,SAAS,CAAC;IACtC;sFACkF;IAClF,YAAY,EAAE,OAAO,GAAG,KAAK,GAAG,OAAO,GAAG,SAAS,CAAC;IACpD,YAAY,EAAE,MAAM,GAAG,SAAS,CAAC;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,0FAA0F;IAC1F,YAAY,EAAE,OAAO,CAAC;CACvB;AAyGD,wBAAgB,UAAU,IAAI,WAAW,CAoBxC"}

package/dist/config.js

@@ -0,0 +1,119 @@
+import { randomBytes } from 'node:crypto';
+import { join, resolve } from 'node:path';
+import { homedir } from 'node:os';
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from 'node:fs';
+/**
+ * Loads variables from a .env file into process.env.
+ * Only sets variables that are not already set (process env takes precedence).
+ * Silently no-ops if the file doesn't exist.
+ *
+ * Handles:
+ *   KEY=value
+ *   KEY="quoted value"
+ *   # comments
+ *   blank lines
+ */
+/**
+ * Parses .env content and sets unset env vars.
+ */
+function parseDotEnvContent(content) {
+    for (const line of content.split('\n')) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith('#'))
+            continue;
+        const eqIdx = trimmed.indexOf('=');
+        if (eqIdx < 0)
+            continue;
+        const key = trimmed.slice(0, eqIdx).trim();
+        if (!key)
+            continue;
+        // Strip optional surrounding quotes from the value
+        const raw = trimmed.slice(eqIdx + 1).trim();
+        const value = raw.replace(/^(['"])(.*)\1$/, '$2');
+        // Don't override values that are already set in the environment
+        if (!(key in process.env)) {
+            process.env[key] = value;
+        }
+    }
+}
+function loadDotEnv() {
+    // Try multiple candidate paths for .env:
+    // 1. Monorepo root (packages/agent/src/ -> repo root)
+    // 2. Current working directory
+    const candidates = [
+        resolve(import.meta.dirname, '..', '..', '..', '.env'),
+        resolve(process.cwd(), '.env'),
+    ];
+    for (const envPath of candidates) {
+        try {
+            const content = readFileSync(envPath, 'utf-8');
+            parseDotEnvContent(content);
+            return; // Use the first .env we find
+        }
+        catch {
+            // Not found at this path, try next
+        }
+    }
+    // No .env found — that's fine, env vars may be set externally or via config.json
+}
+/**
+ * Reads ~/.clsh/config.json if it exists.
+ * Returns parsed config or empty object.
+ */
+function loadConfigFile() {
+    try {
+        const configPath = join(homedir(), '.clsh', 'config.json');
+        const content = readFileSync(configPath, 'utf-8');
+        return JSON.parse(content);
+    }
+    catch {
+        return {};
+    }
+}
+function getEnv(key) {
+    return process.env[key];
+}
+/**
+ * Returns a persistent JWT secret stored at ~/.clsh/jwt_secret.
+ * Generated once on first run; reused on every subsequent restart so
+ * the phone's stored JWT stays valid across `npm run dev` restarts.
+ * Override with JWT_SECRET env var if needed.
+ */
+function getOrCreateJwtSecret(clshDir) {
+    const secretPath = join(clshDir, 'jwt_secret');
+    if (existsSync(secretPath)) {
+        try {
+            const stored = readFileSync(secretPath, 'utf-8').trim();
+            if (stored.length > 10)
+                return stored;
+        }
+        catch { /* fall through */ }
+    }
+    const secret = randomBytes(32).toString('base64url');
+    try {
+        mkdirSync(clshDir, { recursive: true });
+        writeFileSync(secretPath, secret, { mode: 0o600 }); // owner-readable only
+    }
+    catch { /* ignore write errors */ }
+    return secret;
+}
+export function loadConfig() {
+    // Priority: env vars > .env > ~/.clsh/config.json > defaults
+    loadDotEnv();
+    const fileConfig = loadConfigFile();
+    const clshDir = join(homedir(), '.clsh');
+    const defaultDbPath = join(clshDir, 'clsh.db');
+    const port = parseInt(getEnv('PORT') ?? (fileConfig.port != null ? String(fileConfig.port) : '4030'), 10);
+    return {
+        port,
+        webPort: parseInt(getEnv('WEB_PORT') ?? String(port), 10),
+        jwtSecret: getEnv('JWT_SECRET') ?? getOrCreateJwtSecret(clshDir),
+        tunnelMethod: getEnv('TUNNEL'),
+        ngrokAuthtoken: getEnv('NGROK_AUTHTOKEN') ?? fileConfig.ngrokAuthtoken,
+        ngrokStaticDomain: getEnv('NGROK_STATIC_DOMAIN') ?? fileConfig.ngrokStaticDomain,
+        resendApiKey: getEnv('RESEND_API_KEY'),
+        dbPath: getEnv('DB_PATH') ?? defaultDbPath,
+        tmuxDisabled: getEnv('CLSH_NO_TMUX') === '1',
+    };
+}
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AA8B7E;;;;;;;;;;GAUG;AACH;;GAEG;AACH,SAAS,kBAAkB,CAAC,OAAe;IACzC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAElD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,KAAK,GAAG,CAAC;YAAE,SAAS;QAExB,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3C,IAAI,CAAC,GAAG;YAAE,SAAS;QAEnB,mDAAmD;QACnD,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;QAElD,gEAAgE;QAChE,IAAI,CAAC,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC3B,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,UAAU;IACjB,yCAAyC;IACzC,sDAAsD;IACtD,+BAA+B;IAC/B,MAAM,UAAU,GAAG;QACjB,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC;QACtD,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC;KAC/B,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,UAAU,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAC5B,OAAO,CAAC,6BAA6B;QACvC,CAAC;QAAC,MAAM,CAAC;YACP,mCAAmC;QACrC,CAAC;IACH,CAAC;IACD,iFAAiF;AACnF,CAAC;AAED;;;GAGG;AACH,SAAS,cAAc;IACrB,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAmB,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,MAAM,CAAC,GAAW;IACzB,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;GAKG;AACH,SAAS,oBAAoB,CAAC,OAAe;IAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAC/C,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;YACxD,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE;gBAAE,OAAO,MAAM,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC,CAAC,kBAAkB,CAAC,CAAC;IAChC,CAAC;IACD,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACrD,IAAI,CAAC;QACH,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACxC,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,sBAAsB;IAC5E,CAAC;IAAC,MAAM,CAAC,CAAC,yBAAyB,CAAC,CAAC;IACrC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,6DAA6D;IAC7D,UAAU,EAAE,CAAC;IACb,MAAM,UAAU,GAAG,cAAc,EAAE,CAAC;IAEpC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;IACzC,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAC/C,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;IAE1G,OAAO;QACL,IAAI;QACJ,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;QACzD,SAAS,EAAE,MAAM,CAAC,YAAY,CAAC,IAAI,oBAAoB,CAAC,OAAO,CAAC;QAChE,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAgC;QAC7D,cAAc,EAAE,MAAM,CAAC,iBAAiB,CAAC,IAAI,UAAU,CAAC,cAAc;QACtE,iBAAiB,EAAE,MAAM,CAAC,qBAAqB,CAAC,IAAI,UAAU,CAAC,iBAAiB;QAChF,YAAY,EAAE,MAAM,CAAC,gBAAgB,CAAC;QACtC,MAAM,EAAE,MAAM,CAAC,SAAS,CAAC,IAAI,aAAa;QAC1C,YAAY,EAAE,MAAM,CAAC,cAAc,CAAC,KAAK,GAAG;KAC7C,CAAC;AACJ,CAAC"}

package/dist/control-mode-parser.d.ts

@@ -0,0 +1,68 @@
+/**
+ * Parses tmux control mode (-CC) protocol output.
+ *
+ * In control mode, tmux sends structured text notifications instead of screen
+ * redraws. The key notification is %output, which contains the RAW pane output
+ * (octal-encoded), giving us both tmux persistence and proper xterm.js scrollback.
+ *
+ * Protocol format:
+ *   %output %<paneId> <octal-encoded data>
+ *   %begin <timestamp> <cmdNumber> <flags>
+ *   %end <timestamp> <cmdNumber> <flags>
+ *   %error <timestamp> <cmdNumber> <flags>
+ *   %exit
+ *   %session-changed $<id> <name>
+ */
+/** Parsed control mode events. */
+export type ControlModeEvent = {
+    type: 'output';
+    paneId: string;
+    data: string;
+} | {
+    type: 'begin';
+    timestamp: number;
+    cmdNumber: number;
+} | {
+    type: 'end';
+    timestamp: number;
+    cmdNumber: number;
+} | {
+    type: 'error';
+    timestamp: number;
+    cmdNumber: number;
+} | {
+    type: 'exit';
+};
+/**
+ * Decodes tmux octal-encoded string.
+ * tmux encodes characters < ASCII 32 and backslash as \NNN (3 octal digits).
+ * E.g. \033 → ESC (0x1B), \015 → CR, \012 → LF, \134 → backslash.
+ */
+export declare function decodeTmuxOctal(encoded: string): string;
+/**
+ * Encodes raw input bytes as hex for tmux `send-keys -H`.
+ * Each character becomes a 2-digit hex value separated by spaces.
+ */
+export declare function encodeInputAsHex(data: string): string;
+/**
+ * Parses a single line of tmux control mode output.
+ * Returns null for non-event lines (DCS sequences, empty lines, etc).
+ */
+export declare function parseControlLine(line: string): ControlModeEvent | null;
+/**
+ * Builds tmux send-keys -H commands for forwarding user input.
+ * Chunks large inputs to keep command length reasonable.
+ */
+export declare function buildSendKeysCommands(tmuxName: string, data: string): string[];
+/**
+ * Line-buffered parser for tmux control mode PTY output.
+ * Accumulates raw pty.onData() chunks into complete lines, then parses each.
+ */
+export declare class ControlModeLineBuffer {
+    private buffer;
+    private callback;
+    constructor(callback: (event: ControlModeEvent) => void);
+    /** Feed raw data from pty.onData(). Parses complete lines and emits events. */
+    feed(data: string): void;
+}
+//# sourceMappingURL=control-mode-parser.d.ts.map

package/dist/control-mode-parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"control-mode-parser.d.ts","sourceRoot":"","sources":["../src/control-mode-parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,kCAAkC;AAClC,MAAM,MAAM,gBAAgB,GACxB;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAChD;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GACvD;IAAE,IAAI,EAAE,KAAK,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GACrD;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GACvD;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC;AAErB;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAIvD;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAMrD;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,gBAAgB,GAAG,IAAI,CAkCtE;AAKD;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAU9E;AAED;;;GAGG;AACH,qBAAa,qBAAqB;IAChC,OAAO,CAAC,MAAM,CAAM;IACpB,OAAO,CAAC,QAAQ,CAAoC;gBAExC,QAAQ,EAAE,CAAC,KAAK,EAAE,gBAAgB,KAAK,IAAI;IAIvD,+EAA+E;IAC/E,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;CAgBzB"}

package/dist/control-mode-parser.js

@@ -0,0 +1,111 @@
+/**
+ * Parses tmux control mode (-CC) protocol output.
+ *
+ * In control mode, tmux sends structured text notifications instead of screen
+ * redraws. The key notification is %output, which contains the RAW pane output
+ * (octal-encoded), giving us both tmux persistence and proper xterm.js scrollback.
+ *
+ * Protocol format:
+ *   %output %<paneId> <octal-encoded data>
+ *   %begin <timestamp> <cmdNumber> <flags>
+ *   %end <timestamp> <cmdNumber> <flags>
+ *   %error <timestamp> <cmdNumber> <flags>
+ *   %exit
+ *   %session-changed $<id> <name>
+ */
+/**
+ * Decodes tmux octal-encoded string.
+ * tmux encodes characters < ASCII 32 and backslash as \NNN (3 octal digits).
+ * E.g. \033 → ESC (0x1B), \015 → CR, \012 → LF, \134 → backslash.
+ */
+export function decodeTmuxOctal(encoded) {
+    return encoded.replace(/\\(\d{3})/g, (_match, oct) => String.fromCharCode(parseInt(oct, 8)));
+}
+/**
+ * Encodes raw input bytes as hex for tmux `send-keys -H`.
+ * Each character becomes a 2-digit hex value separated by spaces.
+ */
+export function encodeInputAsHex(data) {
+    const parts = [];
+    for (let i = 0; i < data.length; i++) {
+        parts.push(data.charCodeAt(i).toString(16).padStart(2, '0'));
+    }
+    return parts.join(' ');
+}
+/**
+ * Parses a single line of tmux control mode output.
+ * Returns null for non-event lines (DCS sequences, empty lines, etc).
+ */
+export function parseControlLine(line) {
+    if (!line.startsWith('%'))
+        return null;
+    if (line.startsWith('%output ')) {
+        // Format: %output %<paneId> <octal-encoded data>
+        const rest = line.substring(8);
+        const spaceIdx = rest.indexOf(' ');
+        if (spaceIdx === -1)
+            return null;
+        const paneId = rest.substring(0, spaceIdx);
+        const data = decodeTmuxOctal(rest.substring(spaceIdx + 1));
+        return { type: 'output', paneId, data };
+    }
+    if (line.startsWith('%begin ')) {
+        const parts = line.split(' ');
+        return { type: 'begin', timestamp: parseInt(parts[1], 10), cmdNumber: parseInt(parts[2], 10) };
+    }
+    if (line.startsWith('%end ')) {
+        const parts = line.split(' ');
+        return { type: 'end', timestamp: parseInt(parts[1], 10), cmdNumber: parseInt(parts[2], 10) };
+    }
+    if (line.startsWith('%error ')) {
+        const parts = line.split(' ');
+        return { type: 'error', timestamp: parseInt(parts[1], 10), cmdNumber: parseInt(parts[2], 10) };
+    }
+    if (line === '%exit') {
+        return { type: 'exit' };
+    }
+    // Other notifications (%session-changed, %window-add, etc) — ignore
+    return null;
+}
+/** Max input bytes per send-keys -H command to avoid overly long commands. */
+const MAX_HEX_CHUNK = 512;
+/**
+ * Builds tmux send-keys -H commands for forwarding user input.
+ * Chunks large inputs to keep command length reasonable.
+ */
+export function buildSendKeysCommands(tmuxName, data) {
+    const commands = [];
+    for (let offset = 0; offset < data.length; offset += MAX_HEX_CHUNK) {
+        const chunk = data.substring(offset, offset + MAX_HEX_CHUNK);
+        const hex = encodeInputAsHex(chunk);
+        commands.push(`send-keys -t ${tmuxName} -H ${hex}`);
+    }
+    return commands;
+}
+/**
+ * Line-buffered parser for tmux control mode PTY output.
+ * Accumulates raw pty.onData() chunks into complete lines, then parses each.
+ */
+export class ControlModeLineBuffer {
+    buffer = '';
+    callback;
+    constructor(callback) {
+        this.callback = callback;
+    }
+    /** Feed raw data from pty.onData(). Parses complete lines and emits events. */
+    feed(data) {
+        this.buffer += data;
+        let newlineIdx;
+        while ((newlineIdx = this.buffer.indexOf('\n')) !== -1) {
+            const line = this.buffer.substring(0, newlineIdx).replace(/\r$/, '');
+            this.buffer = this.buffer.substring(newlineIdx + 1);
+            if (line === '')
+                continue;
+            const event = parseControlLine(line);
+            if (event) {
+                this.callback(event);
+            }
+        }
+    }
+}
+//# sourceMappingURL=control-mode-parser.js.map

package/dist/control-mode-parser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"control-mode-parser.js","sourceRoot":"","sources":["../src/control-mode-parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAUH;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,OAAO,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,MAAc,EAAE,GAAW,EAAE,EAAE,CACnE,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CACtC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACzB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAEvC,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAChC,iDAAiD;QACjD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,QAAQ,KAAK,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QACjC,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC3C,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC;QAC3D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IAC1C,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IACjG,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IAC/F,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IACjG,CAAC;IAED,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAC1B,CAAC;IAED,oEAAoE;IACpE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,MAAM,aAAa,GAAG,GAAG,CAAC;AAE1B;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAgB,EAAE,IAAY;IAClE,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,IAAI,MAAM,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,aAAa,EAAE,CAAC;QACnE,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa,CAAC,CAAC;QAC7D,MAAM,GAAG,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACpC,QAAQ,CAAC,IAAI,CAAC,gBAAgB,QAAQ,OAAO,GAAG,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,qBAAqB;IACxB,MAAM,GAAG,EAAE,CAAC;IACZ,QAAQ,CAAoC;IAEpD,YAAY,QAA2C;QACrD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED,+EAA+E;IAC/E,IAAI,CAAC,IAAY;QACf,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC;QAEpB,IAAI,UAAkB,CAAC;QACvB,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACvD,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACrE,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;YAEpD,IAAI,IAAI,KAAK,EAAE;gBAAE,SAAS;YAE1B,MAAM,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;YACrC,IAAI,KAAK,EAAE,CAAC;gBACV,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;CACF"}

package/dist/db.d.ts

@@ -0,0 +1,44 @@
+import Database from 'better-sqlite3';
+export interface PtySessionRow {
+    id: string;
+    tmux_name: string;
+    shell: string;
+    name: string;
+    cwd: string;
+    created_at: string;
+}
+export interface DbStatements {
+    insertBootstrapToken: Database.Statement<[string, string]>;
+    getBootstrapToken: Database.Statement<[string], {
+        id: string;
+        hash: string;
+        created_at: string;
+    }>;
+    deleteBootstrapToken: Database.Statement<[string]>;
+    insertSession: Database.Statement<[string, string, string]>;
+    updateSessionLastSeen: Database.Statement<[string]>;
+    getSession: Database.Statement<[string], {
+        id: string;
+        jwt_id: string;
+        email: string;
+        created_at: string;
+        last_seen: string;
+    }>;
+    insertPtySession: Database.Statement<[string, string, string, string, string]>;
+    getPtySession: Database.Statement<[string], PtySessionRow>;
+    listPtySessions: Database.Statement<[], PtySessionRow>;
+    updatePtySession: Database.Statement<[string, string, string]>;
+    deletePtySession: Database.Statement<[string]>;
+    deleteAllPtySessions: Database.Statement<[]>;
+}
+export interface DbContext {
+    db: Database.Database;
+    statements: DbStatements;
+}
+/**
+ * Initializes the SQLite database at the given path.
+ * Creates the directory if needed, enables WAL mode, and creates all tables.
+ * Returns the database instance and prepared statements.
+ */
+export declare function initDatabase(dbPath: string): DbContext;
+//# sourceMappingURL=db.d.ts.map

package/dist/db.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"db.d.ts","sourceRoot":"","sources":["../src/db.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AAItC,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,oBAAoB,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAC3D,iBAAiB,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAClG,oBAAoB,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;IACnD,aAAa,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAC5D,qBAAqB,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;IACpD,UAAU,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/H,gBAAgB,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAC/E,aAAa,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,EAAE,aAAa,CAAC,CAAC;IAC3D,eAAe,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,EAAE,aAAa,CAAC,CAAC;IACvD,gBAAgB,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAC/D,gBAAgB,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;IAC/C,oBAAoB,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;CAC9C;AAED,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,QAAQ,CAAC,QAAQ,CAAC;IACtB,UAAU,EAAE,YAAY,CAAC;CAC1B;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAkFtD"}

package/dist/db.js

@@ -0,0 +1,63 @@
+import Database from 'better-sqlite3';
+import { mkdirSync } from 'node:fs';
+import { dirname } from 'node:path';
+/**
+ * Initializes the SQLite database at the given path.
+ * Creates the directory if needed, enables WAL mode, and creates all tables.
+ * Returns the database instance and prepared statements.
+ */
+export function initDatabase(dbPath) {
+    // Ensure the directory exists
+    mkdirSync(dirname(dbPath), { recursive: true });
+    const db = new Database(dbPath);
+    // Enable WAL mode for better concurrent read performance
+    db.pragma('journal_mode = WAL');
+    db.pragma('foreign_keys = ON');
+    // Create schema
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS bootstrap_tokens (
+      id TEXT PRIMARY KEY,
+      hash TEXT NOT NULL UNIQUE,
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+
+    CREATE TABLE IF NOT EXISTS sessions (
+      id TEXT PRIMARY KEY,
+      jwt_id TEXT NOT NULL,
+      email TEXT NOT NULL DEFAULT '',
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      last_seen TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+
+    CREATE TABLE IF NOT EXISTS allowed_emails (
+      email TEXT PRIMARY KEY,
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+
+    CREATE TABLE IF NOT EXISTS pty_sessions (
+      id TEXT PRIMARY KEY,
+      tmux_name TEXT NOT NULL UNIQUE,
+      shell TEXT NOT NULL DEFAULT 'zsh',
+      name TEXT NOT NULL DEFAULT '',
+      cwd TEXT NOT NULL DEFAULT '',
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+  `);
+    // Prepare statements for repeated use
+    const statements = {
+        insertBootstrapToken: db.prepare('INSERT INTO bootstrap_tokens (id, hash) VALUES (?, ?)'),
+        getBootstrapToken: db.prepare('SELECT id, hash, created_at FROM bootstrap_tokens WHERE hash = ?'),
+        deleteBootstrapToken: db.prepare('DELETE FROM bootstrap_tokens WHERE hash = ?'),
+        insertSession: db.prepare('INSERT INTO sessions (id, jwt_id, email) VALUES (?, ?, ?)'),
+        updateSessionLastSeen: db.prepare("UPDATE sessions SET last_seen = datetime('now') WHERE id = ?"),
+        getSession: db.prepare('SELECT id, jwt_id, email, created_at, last_seen FROM sessions WHERE id = ?'),
+        insertPtySession: db.prepare('INSERT INTO pty_sessions (id, tmux_name, shell, name, cwd) VALUES (?, ?, ?, ?, ?)'),
+        getPtySession: db.prepare('SELECT id, tmux_name, shell, name, cwd, created_at FROM pty_sessions WHERE id = ?'),
+        listPtySessions: db.prepare('SELECT id, tmux_name, shell, name, cwd, created_at FROM pty_sessions'),
+        updatePtySession: db.prepare('UPDATE pty_sessions SET name = ?, cwd = ? WHERE id = ?'),
+        deletePtySession: db.prepare('DELETE FROM pty_sessions WHERE id = ?'),
+        deleteAllPtySessions: db.prepare('DELETE FROM pty_sessions'),
+    };
+    return { db, statements };
+}
+//# sourceMappingURL=db.js.map

package/dist/db.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"db.js","sourceRoot":"","sources":["../src/db.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA+BpC;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,MAAc;IACzC,8BAA8B;IAC9B,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEhD,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;IAEhC,yDAAyD;IACzD,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAChC,EAAE,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;IAE/B,gBAAgB;IAChB,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BP,CAAC,CAAC;IAEH,sCAAsC;IACtC,MAAM,UAAU,GAAiB;QAC/B,oBAAoB,EAAE,EAAE,CAAC,OAAO,CAC9B,uDAAuD,CACxD;QACD,iBAAiB,EAAE,EAAE,CAAC,OAAO,CAC3B,kEAAkE,CACnE;QACD,oBAAoB,EAAE,EAAE,CAAC,OAAO,CAC9B,6CAA6C,CAC9C;QACD,aAAa,EAAE,EAAE,CAAC,OAAO,CACvB,2DAA2D,CAC5D;QACD,qBAAqB,EAAE,EAAE,CAAC,OAAO,CAC/B,8DAA8D,CAC/D;QACD,UAAU,EAAE,EAAE,CAAC,OAAO,CACpB,4EAA4E,CAC7E;QACD,gBAAgB,EAAE,EAAE,CAAC,OAAO,CAC1B,mFAAmF,CACpF;QACD,aAAa,EAAE,EAAE,CAAC,OAAO,CACvB,mFAAmF,CACpF;QACD,eAAe,EAAE,EAAE,CAAC,OAAO,CACzB,sEAAsE,CACvE;QACD,gBAAgB,EAAE,EAAE,CAAC,OAAO,CAC1B,wDAAwD,CACzD;QACD,gBAAgB,EAAE,EAAE,CAAC,OAAO,CAC1B,uCAAuC,CACxC;QACD,oBAAoB,EAAE,EAAE,CAAC,OAAO,CAC9B,0BAA0B,CAC3B;KACF,CAAC;IAEF,OAAO,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC;AAC5B,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export declare function main(): Promise<void>;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAoCA,wBAAsB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAkF1C"}