@controlflow-ai/daemon 0.1.1 → 0.1.2

package/src/lark/app-registration.ts

@@ -0,0 +1,141 @@
+export type LarkRegistrationTenantBrand = 'feishu' | 'lark';
+
+export interface LarkRegistrationBegin {
+  deviceCode: string;
+  url: string;
+  expiresIn: number;
+  interval: number;
+}
+
+export interface LarkRegistrationComplete {
+  appId: string;
+  appSecret: string;
+  tenantBrand: LarkRegistrationTenantBrand;
+  userOpenId?: string;
+}
+
+export type LarkRegistrationPollResult =
+  | { status: 'pending' }
+  | { status: 'slow_down'; interval: number }
+  | { status: 'complete'; registration: LarkRegistrationComplete }
+  | { status: 'denied' | 'expired' | 'error'; message: string };
+
+export type RegistrationFetchLike = (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
+
+const FEISHU_ACCOUNTS_ORIGIN = 'https://accounts.feishu.cn';
+const LARK_ACCOUNTS_ORIGIN = 'https://accounts.larksuite.com';
+const REGISTRATION_PATH = '/oauth/v1/app/registration';
+
+interface RegistrationBeginBody {
+  device_code?: unknown;
+  verification_uri_complete?: unknown;
+  expires_in?: unknown;
+  interval?: unknown;
+  error?: unknown;
+  error_description?: unknown;
+}
+
+interface RegistrationPollBody {
+  client_id?: unknown;
+  client_secret?: unknown;
+  user_info?: { tenant_brand?: unknown; open_id?: unknown };
+  error?: unknown;
+  error_description?: unknown;
+}
+
+function sanitizeMessage(message: unknown): string {
+  return String(message ?? 'unknown').replace(/[A-Za-z0-9_-]{30,}/g, '***');
+}
+
+async function postRegistration(origin: string, params: Record<string, string>, fetchImpl: RegistrationFetchLike): Promise<unknown> {
+  const response = await fetchImpl(`${origin}${REGISTRATION_PATH}`, {
+    method: 'POST',
+    headers: { 'content-type': 'application/x-www-form-urlencoded' },
+    body: new URLSearchParams(params).toString(),
+  });
+  const body = await response.json().catch(() => ({}));
+  if (!response.ok && !(body && typeof body === 'object' && 'error' in body)) {
+    throw new Error(`registration request failed: HTTP ${response.status}`);
+  }
+  return body;
+}
+
+export async function beginLarkAppRegistration(options: {
+  fetchImpl?: RegistrationFetchLike;
+  source?: string;
+} = {}): Promise<LarkRegistrationBegin> {
+  const fetchImpl = options.fetchImpl ?? fetch;
+  const body = await postRegistration(FEISHU_ACCOUNTS_ORIGIN, {
+    action: 'begin',
+    archetype: 'PersonalAgent',
+    auth_method: 'client_secret',
+    request_user_info: 'open_id',
+  }, fetchImpl) as RegistrationBeginBody;
+
+  if (typeof body.error === 'string') {
+    throw new Error(sanitizeMessage(body.error_description ?? body.error));
+  }
+  if (typeof body.device_code !== 'string' || typeof body.verification_uri_complete !== 'string') {
+    throw new Error('registration begin response did not include device_code and verification_uri_complete');
+  }
+
+  const url = new URL(body.verification_uri_complete);
+  url.searchParams.set('from', 'sdk');
+  url.searchParams.set('source', `node-sdk/${options.source ?? 'pal'}`);
+  url.searchParams.set('tp', 'sdk');
+
+  return {
+    deviceCode: body.device_code,
+    url: url.toString(),
+    expiresIn: typeof body.expires_in === 'number' ? body.expires_in : 600,
+    interval: typeof body.interval === 'number' ? body.interval : 5,
+  };
+}
+
+export async function pollLarkAppRegistration(options: {
+  deviceCode: string;
+  fetchImpl?: RegistrationFetchLike;
+  origin?: 'feishu' | 'lark';
+}): Promise<LarkRegistrationPollResult> {
+  const fetchImpl = options.fetchImpl ?? fetch;
+  const origin = options.origin === 'lark' ? LARK_ACCOUNTS_ORIGIN : FEISHU_ACCOUNTS_ORIGIN;
+  let body: RegistrationPollBody;
+  try {
+    body = await postRegistration(origin, {
+      action: 'poll',
+      device_code: options.deviceCode,
+    }, fetchImpl) as RegistrationPollBody;
+  } catch (error) {
+    return {
+      status: 'error',
+      message: error instanceof Error ? sanitizeMessage(error.message) : sanitizeMessage(error),
+    };
+  }
+
+  if (typeof body.client_id === 'string' && typeof body.client_secret === 'string') {
+    const tenantBrand: LarkRegistrationTenantBrand = body.user_info?.tenant_brand === 'lark' ? 'lark' : 'feishu';
+    const openId = typeof body.user_info?.open_id === 'string' && body.user_info.open_id.startsWith('ou_')
+      ? body.user_info.open_id
+      : undefined;
+    return {
+      status: 'complete',
+      registration: {
+        appId: body.client_id,
+        appSecret: body.client_secret,
+        tenantBrand,
+        userOpenId: openId,
+      },
+    };
+  }
+
+  if (body.user_info?.tenant_brand === 'lark' && options.origin !== 'lark') {
+    return pollLarkAppRegistration({ ...options, origin: 'lark' });
+  }
+
+  const error = typeof body.error === 'string' ? body.error : '';
+  if (error === 'authorization_pending' || !error) return { status: 'pending' };
+  if (error === 'slow_down') return { status: 'slow_down', interval: 10 };
+  if (error === 'access_denied') return { status: 'denied', message: 'user denied app registration' };
+  if (error === 'expired_token') return { status: 'expired', message: 'registration QR code expired' };
+  return { status: 'error', message: sanitizeMessage(body.error_description ?? error) };
+}

package/src/lark/cli.ts

@@ -1,5 +1,5 @@
 import { readFileSync } from 'node:fs';
-import { defaultDbPath, defaultServerUrl } from '../config.js';
+import { defaultDbPath } from '../config.js';
 import { MessageStore } from '../db.js';
 import {
   boundAgents,
@@ -11,12 +11,6 @@ import { countInboundEvents, listRecentInboundEvents } from './inbound-events.js
 import { extractMentionOpenIds, ingestLarkMessage, type LarkMessageEnvelope } from './event-router.js';
 import { ChatDispatcher, chatKeyOf, parseReceivePolicy, PeriodicQueue, shouldAcceptForAgent, type DispatchInput, type ReceivePolicy } from './dispatcher.js';
 import { parseRuntimeSpec } from './agent-runtime.js';
-import {
-  formatLarkSetupNextSteps,
-  persistLarkCredential,
-  resolveLarkBotInfo,
-  runInteractiveLarkSetup,
-} from './setup.js';
 import { createLarkApiClient, sendTextMessage, startLarkDaemon } from './ws-daemon.js';
 
 export interface LarkCliArgs {
@@ -44,69 +38,6 @@ function flagBool(flags: Record<string, unknown>, key: string): boolean {
   return flags[key] === true;
 }
 
-async function postJson(url: string, body: unknown): Promise<{ ok: boolean; status: number; text: string }> {
-  try {
-    const response = await fetch(url, {
-      method: 'POST',
-      headers: { 'content-type': 'application/json' },
-      body: JSON.stringify(body),
-    });
-    return { ok: response.ok, status: response.status, text: await response.text() };
-  } catch (error) {
-    return { ok: false, status: 0, text: error instanceof Error ? error.message : String(error) };
-  }
-}
-
-async function listAgentsForSetup(serverUrl: string): Promise<Array<{ agent_key: string; display_name: string; runtime?: string | null }>> {
-  const response = await fetch(`${serverUrl.replace(/\/$/, '')}/api/agents`);
-  const payload = await response.json() as { ok?: boolean; data?: { agents?: Array<{ agent_key?: unknown; display_name?: unknown; runtime?: unknown }> }; message?: string };
-  if (!response.ok || payload.ok === false) {
-    throw new Error(payload.message ?? `agent list failed: ${response.status}`);
-  }
-  return (payload.data?.agents ?? [])
-    .filter((agent) => typeof agent.agent_key === 'string' && typeof agent.display_name === 'string')
-    .map((agent) => ({
-      agent_key: String(agent.agent_key),
-      display_name: String(agent.display_name),
-      runtime: agent.runtime === null || typeof agent.runtime === 'string' ? agent.runtime : undefined,
-    }));
-}
-
-async function onboardAgentForLark(flags: Record<string, unknown>, log: NonNullable<RunOptions['log']>, agent: string | undefined): Promise<boolean> {
-  if (!flagBool(flags, 'create-agent')) return true;
-  if (!agent) {
-    (log.error ?? console.error)('lark setup --create-agent requires --agent');
-    return false;
-  }
-  const serverUrl = flagString(flags, 'server') ?? defaultServerUrl();
-  const displayName = flagString(flags, 'agent-name') ?? agent;
-  const runtime = flagString(flags, 'runtime') ?? 'codex';
-  const computerId = flagString(flags, 'computer-id');
-  const result = await postJson(`${serverUrl.replace(/\/$/, '')}/api/agents/onboard`, {
-    agent_key: agent,
-    display_name: displayName,
-    runtime,
-    computer_id: computerId,
-  });
-  if (!result.ok) {
-    (log.error ?? console.error)(`agent onboard failed (${result.status || 'network'}): ${result.text}`);
-    return false;
-  }
-  (log.log ?? console.log)(`[lark setup] agent onboarded: ${agent}`);
-  return true;
-}
-
-async function reloadLarkIntegration(flags: Record<string, unknown>, log: NonNullable<RunOptions['log']>): Promise<void> {
-  if (flagBool(flags, 'no-reload')) return;
-  const serverUrl = flagString(flags, 'server') ?? defaultServerUrl();
-  const result = await postJson(`${serverUrl.replace(/\/$/, '')}/api/lark/reload`, {});
-  if (result.ok) {
-    (log.log ?? console.log)('[lark setup] server lark integration reloaded');
-  } else {
-    (log.warn ?? console.warn)(`[lark setup] saved config, but server reload failed (${result.status || 'network'}): ${result.text}`);
-  }
-}
-
 export async function runLarkCli(options: RunOptions): Promise<number> {
   const { argv } = options;
   const log = options.log ?? {};
@@ -118,58 +49,8 @@ export async function runLarkCli(options: RunOptions): Promise<number> {
   }
 
   if (sub === 'setup') {
-    const appId = flagString(argv.flags, 'app-id');
-    const appSecret = flagString(argv.flags, 'app-secret');
-    const label = flagString(argv.flags, 'label');
-    const agent = flagString(argv.flags, 'agent');
-    const path = flagString(argv.flags, 'config') ?? defaultLarkConfigPath();
-    if ('agents' in argv.flags) {
-      (log.error ?? console.error)('lark setup no longer supports --agents; bind one bot to one agent with --agent');
-      return 2;
-    }
-    if (!appId && !appSecret) {
-      const result = await runInteractiveLarkSetup({
-        configPath: path,
-        log: {
-          log: log.log ?? console.log,
-          warn: log.warn ?? console.warn,
-          error: log.error ?? console.error,
-        },
-        ask: options.setupAsk,
-        listAgents: () => listAgentsForSetup(flagString(argv.flags, 'server') ?? defaultServerUrl()),
-      });
-      if (result) await reloadLarkIntegration(argv.flags, log);
-      return result ? 0 : 2;
-    }
-    if (!appId || !appSecret) {
-      (log.error ?? console.error)('lark setup requires --app-id and --app-secret');
-      return 2;
-    }
-    if (!(await onboardAgentForLark(argv.flags, log, agent))) return 2;
-    const botInfo = await resolveLarkBotInfo(appId, appSecret);
-    if (!botInfo.ok) {
-      (log.error ?? console.error)(`lark setup could not resolve bot open_id (${botInfo.error}): ${botInfo.message}`);
-      return 2;
-    }
-    const result = persistLarkCredential({
-      appId,
-      appSecret,
-      label,
-      agent,
-      botOpenId: botInfo.openId,
-      configPath: path,
-    });
-    if (result.replaced) {
-      (log.warn ?? console.warn)(`[lark setup] overwrote existing credential for appId=${appId} in ${path}`);
-    }
-    if (flagBool(argv.flags, 'next-steps')) {
-      (log.log ?? console.log)(formatLarkSetupNextSteps(result));
-      await reloadLarkIntegration(argv.flags, log);
-      return 0;
-    }
-    printJson(result, { log: log.log });
-    await reloadLarkIntegration(argv.flags, log);
-    return 0;
+    (log.error ?? console.error)('lark setup has been removed. Bind or rebind bots with "bun run console -- agents update --key <agent> --lark-app-id <id> --lark-app-secret <secret> [--rebind-lark]".');
+    return 2;
   }
 
   if (sub === 'list') {
@@ -223,17 +104,6 @@ function printLarkUsage(log: NonNullable<RunOptions['log']>): void {
   (log.log ?? console.log)(`pal lark <subcommand> [flags]
 
 Subcommands:
-  setup [--app-id <id> --app-secret <secret>] [--label <name>] [--agent <agent-key>] [--config <path>] [--next-steps]
-        [--create-agent --agent-name <name> --runtime codex --computer-id <machine>] [--server <url>] [--no-reload]
-      Persist a (appId, appSecret) credential pair to ~/.pal/lark.json (0600).
-      With no app-id/app-secret flags, starts an interactive setup wizard that
-      validates credentials before writing the config.
-      Overwrites if appId already present and logs a warning.
-      Setup resolves the bot open_id through Feishu's bot info API before
-      writing config. --agent binds this bot to a logical agent key. --create-agent creates or
-      updates that agent through the Pal server before writing lark.json.
-      By default setup asks the running server to reload Lark integration.
-
   list [--config <path>]
       List configured bots (secrets redacted).
 
@@ -281,7 +151,7 @@ async function runDaemon(argv: LarkCliArgs, log: NonNullable<RunOptions['log']>)
   }
   const store = loadLarkCredentials(configPath);
   if (store.bots.length === 0) {
-    (log.error ?? console.error)(`No bots configured in ${configPath}. Run pal lark setup first.`);
+    (log.error ?? console.error)(`No bots configured in ${configPath}. Bind a bot with "bun run console -- agents update --key <agent> --lark-app-id <id> --lark-app-secret <secret>" first.`);
     return 2;
   }
   let targets = store.bots;

package/src/lark/credentials.ts

@@ -40,18 +40,51 @@ export function saveLarkCredentials(store: LarkCredentialStore, path: string = d
 export interface AddCredentialResult {
   store: LarkCredentialStore;
   replaced: boolean;
+  unbound: LarkCredential[];
 }
 
-export function upsertCredential(store: LarkCredentialStore, credential: LarkCredential): AddCredentialResult {
+export function findCredentialByAgent(store: LarkCredentialStore, agent: string): LarkCredential | undefined {
+  const key = agent.trim();
+  if (!key) return undefined;
+  return store.bots.find((bot) => bot.agent?.trim() === key);
+}
+
+export function unbindCredentialAgent(store: LarkCredentialStore, agent: string): { store: LarkCredentialStore; changed: boolean; unbound?: LarkCredential } {
+  const key = agent.trim();
+  if (!key) throw new Error('agent is required');
+  const index = store.bots.findIndex((bot) => bot.agent?.trim() === key);
+  if (index === -1) return { store: { bots: [...store.bots] }, changed: false };
+  const next: LarkCredentialStore = { bots: [...store.bots] };
+  const existing = next.bots[index]!;
+  const { agent: _agent, ...withoutAgent } = existing;
+  next.bots[index] = withoutAgent;
+  return { store: next, changed: true, unbound: existing };
+}
+
+export function upsertCredential(store: LarkCredentialStore, credential: LarkCredential, options: { rebind?: boolean } = {}): AddCredentialResult {
   validateCredential(credential);
   const existingIndex = store.bots.findIndex((bot) => bot.appId === credential.appId);
   const next: LarkCredentialStore = { bots: [...store.bots] };
+  const unbound: LarkCredential[] = [];
+  const agent = credential.agent?.trim();
+  if (agent) {
+    const existingAgentIndex = next.bots.findIndex((bot, index) => index !== existingIndex && bot.agent?.trim() === agent);
+    if (existingAgentIndex !== -1) {
+      const existing = next.bots[existingAgentIndex]!;
+      if (!options.rebind) {
+        throw new Error(`agent ${agent} is already bound to Lark app ${existing.appId}; pass --rebind-lark to move the binding`);
+      }
+      const { agent: _agent, ...withoutAgent } = existing;
+      next.bots[existingAgentIndex] = withoutAgent;
+      unbound.push(existing);
+    }
+  }
   if (existingIndex === -1) {
     next.bots.push(credential);
-    return { store: next, replaced: false };
+    return { store: next, replaced: false, unbound };
   }
   next.bots[existingIndex] = credential;
-  return { store: next, replaced: true };
+  return { store: next, replaced: true, unbound };
 }
 
 export function findCredential(store: LarkCredentialStore, appId: string): LarkCredential | undefined {

package/src/lark/event-router.ts

@@ -96,7 +96,7 @@ export function mentionsAllAgents(envelope: LarkMessageEnvelope): boolean {
     if (isAllMention(mention)) return true;
   }
   const raw = parseLarkTextContent(envelope.message?.content, envelope.message?.message_type).toLowerCase();
-  return /(^|\s)@(all|所有人)(\s|$)/u.test(raw);
+  return /(^|\s)@(_all|all|所有人)(\s|$)/u.test(raw);
 }
 
 function normalizeMappedMentions(values: Array<string | null>): string[] {

package/src/lark/setup.ts

@@ -1,6 +1,8 @@
 import { createInterface } from 'node:readline';
+import QRCode from 'qrcode';
 import type { LarkCredential } from './credentials.js';
 import { loadLarkCredentials, saveLarkCredentials, upsertCredential } from './credentials.js';
+import { beginLarkAppRegistration, pollLarkAppRegistration, type LarkRegistrationComplete } from './app-registration.js';
 
 export interface CredentialValidationOk {
   ok: true;
@@ -62,6 +64,7 @@ export interface InteractiveSetupOptions {
   listAgents?: () => Promise<LarkSetupAgentOption[]>;
   validateCredentials?: typeof validateLarkCredentials;
   resolveBotInfo?: typeof resolveLarkBotInfo;
+  registerApp?: typeof registerLarkAppFromDeviceFlow;
 }
 
 function clean(value: string | undefined): string | undefined {
@@ -69,6 +72,41 @@ function clean(value: string | undefined): string | undefined {
   return trimmed ? trimmed : undefined;
 }
 
+export async function registerLarkAppFromDeviceFlow(options: {
+  log: Pick<Console, 'log' | 'warn' | 'error'>;
+  qrCode?: (url: string) => Promise<string>;
+  fetchImpl?: FetchLike;
+}): Promise<LarkRegistrationComplete | null> {
+  const begin = await beginLarkAppRegistration({ fetchImpl: options.fetchImpl, source: 'pal' });
+  options.log.log('Create a Feishu app by scanning this QR code or opening the link:');
+  options.log.log('');
+  const terminalQr = options.qrCode
+    ? await options.qrCode(begin.url)
+    : await QRCode.toString(begin.url, { type: 'terminal', small: true });
+  options.log.log(terminalQr);
+  options.log.log(begin.url);
+  options.log.log('');
+  options.log.log(`Waiting for confirmation. The code expires in about ${Math.max(1, Math.round(begin.expiresIn / 60))} minutes.`);
+
+  let intervalMs = Math.max(1, begin.interval) * 1000;
+  const deadline = Date.now() + begin.expiresIn * 1000;
+  while (Date.now() < deadline) {
+    await new Promise((resolve) => setTimeout(resolve, intervalMs));
+    const result = await pollLarkAppRegistration({ deviceCode: begin.deviceCode, fetchImpl: options.fetchImpl });
+    if (result.status === 'pending') continue;
+    if (result.status === 'slow_down') {
+      intervalMs = Math.max(intervalMs + 5000, result.interval * 1000);
+      options.log.warn(`Feishu asked us to slow polling; retrying every ${Math.round(intervalMs / 1000)}s.`);
+      continue;
+    }
+    if (result.status === 'complete') return result.registration;
+    options.log.warn(`App registration did not complete (${result.status}): ${result.message}`);
+    return null;
+  }
+  options.log.warn('App registration expired before it completed.');
+  return null;
+}
+
 async function chooseAgent(options: InteractiveSetupOptions, ask: (question: string) => Promise<string>): Promise<string | null> {
   if (!options.listAgents) {
     return clean(await ask('Bind to agent key [codex]: ')) ?? 'codex';
@@ -79,7 +117,7 @@ async function chooseAgent(options: InteractiveSetupOptions, ask: (question: str
     agents = await options.listAgents();
   } catch (error) {
     options.log.error(`Could not load agent list: ${error instanceof Error ? error.message : String(error)}`);
-    options.log.error('Set up an agent first, then rerun lark setup.');
+    options.log.error('Set up an agent first, then bind the bot from agent settings.');
     return null;
   }
 
@@ -275,9 +313,37 @@ export async function runInteractiveLarkSetup(options: InteractiveSetupOptions):
     const agent = await chooseAgent(options, ask);
     if (!agent) return null;
     options.log.log('');
-    options.log.log('Paste an existing Feishu app credential. Pal will validate it before writing lark.json.');
-    const appId = clean(await ask('App ID (cli_xxx): '));
-    const appSecret = clean(await ask('App Secret: '));
+    options.log.log('Create a Feishu app by scan/link, or paste an existing credential.');
+    options.log.log('  1. Scan or open link to create app');
+    options.log.log('  2. Paste App ID / App Secret');
+    const method = clean(await ask('Setup method [1]: ')) ?? '1';
+    let appId: string | undefined;
+    let appSecret: string | undefined;
+    let scannedUserOpenId: string | undefined;
+    if (method !== '2') {
+      const registerApp = options.registerApp ?? registerLarkAppFromDeviceFlow;
+      const registration = await registerApp({ log: options.log }).catch((error) => {
+        options.log.warn(`App registration failed: ${error instanceof Error ? error.message : String(error)}`);
+        return null;
+      });
+      if (!registration) {
+        options.log.warn('Falling back to manual App ID / App Secret entry.');
+      } else if (registration.tenantBrand === 'lark') {
+        options.log.error('Lark international tenants are not supported yet; Pal currently expects Feishu (feishu.cn) credentials.');
+        options.log.error('No config was written.');
+        return null;
+      } else {
+        appId = registration.appId;
+        appSecret = registration.appSecret;
+        scannedUserOpenId = registration.userOpenId;
+        options.log.log(`App created: ${appId}`);
+        if (scannedUserOpenId) options.log.log(`Scanner open_id: ${scannedUserOpenId}`);
+      }
+    }
+    if (!appId || !appSecret) {
+      appId = clean(await ask('App ID (cli_xxx): '));
+      appSecret = clean(await ask('App Secret: '));
+    }
     if (!appId || !appSecret) {
       options.log.error('App ID and App Secret are required; no config was written.');
       return null;
@@ -315,8 +381,11 @@ export async function runInteractiveLarkSetup(options: InteractiveSetupOptions):
       agent,
       configPath: options.configPath,
     });
+    if (scannedUserOpenId) {
+      options.log.log(`Scanner open_id ${scannedUserOpenId} was detected; add it under Lark authorized users if this user should operate Pal.`);
+    }
     if (result.replaced) {
-      options.log.warn(`[lark setup] overwrote existing credential for appId=${appId} in ${options.configPath}`);
+      options.log.warn(`[lark] overwrote existing credential for appId=${appId} in ${options.configPath}`);
     }
     options.log.log(formatLarkSetupNextSteps(result));
     return result;

package/src/local-api.ts

@@ -1,11 +1,15 @@
 import { LockClient } from './client.js';
 import { assertLocalRequest, assertLoopbackBindHost } from './local-auth.js';
 import { failure, HttpError, json, numberParam, readJson, stringParam } from './http.js';
-import type { RunAction } from './types.js';
+import { readdir, stat } from 'node:fs/promises';
+import { homedir } from 'node:os';
+import { dirname, isAbsolute, join, normalize } from 'node:path';
+import type { RemoteFileEntry, RemoteFileList, RunAction } from './types.js';
 
 interface LocalApiOptions {
   serverUrl: string;
   token?: string;
+  controlToken?: string;
   daemonAuth?: ConstructorParameters<typeof LockClient>[1];
 }
 
@@ -38,9 +42,64 @@ function routeNotFound(): Response {
   return Response.json({ ok: false, code: 'NOT_FOUND', message: 'not found' }, { status: 404 });
 }
 
+async function canReadDirectory(path: string): Promise<boolean> {
+  try {
+    await readdir(path);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+async function listLocalFiles(input: { path?: string; showHidden?: boolean }): Promise<RemoteFileList> {
+  const home = homedir();
+  const rawPath = input.path?.trim() || home;
+  if (!isAbsolute(rawPath)) throw new HttpError(400, 'PATH_NOT_ABSOLUTE', 'path must be absolute');
+  const targetPath = normalize(rawPath);
+  const targetStat = await stat(targetPath).catch(() => null);
+  if (!targetStat) throw new HttpError(404, 'PATH_NOT_FOUND', 'path was not found');
+  if (!targetStat.isDirectory()) throw new HttpError(400, 'PATH_NOT_DIRECTORY', 'path is not a directory');
+
+  let dirents: Array<{ name: string; isDirectory(): boolean; isFile(): boolean }>;
+  try {
+    dirents = await readdir(targetPath, { withFileTypes: true }) as Array<{ name: string; isDirectory(): boolean; isFile(): boolean }>;
+  } catch {
+    throw new HttpError(403, 'PATH_NOT_READABLE', 'directory is not readable');
+  }
+
+  const entries = await Promise.all(dirents
+    .filter((entry) => input.showHidden || !entry.name.startsWith('.'))
+    .map(async (entry): Promise<RemoteFileEntry> => {
+      const entryPath = join(targetPath, entry.name);
+      const type = entry.isDirectory() ? 'directory' : entry.isFile() ? 'file' : 'other';
+      const readable = type === 'directory' ? await canReadDirectory(entryPath) : false;
+      return {
+        name: entry.name,
+        path: entryPath,
+        type,
+        hidden: entry.name.startsWith('.'),
+        readable,
+        selectable: type === 'directory' && readable,
+      };
+    }));
+
+  entries.sort((left, right) => {
+    if (left.type === 'directory' && right.type !== 'directory') return -1;
+    if (left.type !== 'directory' && right.type === 'directory') return 1;
+    return left.name.localeCompare(right.name);
+  });
+
+  return {
+    path: targetPath,
+    parent: targetPath === dirname(targetPath) ? null : dirname(targetPath),
+    home,
+    entries,
+  };
+}
+
 export async function localRoute(request: Request, options: LocalApiOptions): Promise<Response> {
   try {
-    assertLocalRequest(request, options.token);
+    assertLocalRequest(request, [options.token, options.controlToken].filter((item): item is string => Boolean(item)));
     const client = new LockClient(options.serverUrl, options.daemonAuth ?? null);
     const url = new URL(request.url);
     const { pathname } = url;
@@ -49,6 +108,14 @@ export async function localRoute(request: Request, options: LocalApiOptions): Pr
       return json({ status: 'ok', mode: 'daemon' });
     }
 
+    if (request.method === 'GET' && pathname === '/local/files') {
+      const files = await listLocalFiles({
+        path: stringParam(url, 'path'),
+        showHidden: url.searchParams.get('show_hidden') === 'true',
+      });
+      return json(files);
+    }
+
     if (request.method === 'GET' && pathname === '/local/chats') {
       return json({ chats: await client.listChats() });
     }

package/src/local-auth.ts

@@ -9,7 +9,7 @@ function hostName(value: string | null): string {
   return withoutPort.toLowerCase();
 }
 
-export function assertLocalRequest(request: Request, token: string | undefined): void {
+export function assertLocalRequest(request: Request, token: string | string[] | undefined): void {
   const host = hostName(request.headers.get('host'));
   if (!ALLOWED_HOSTS.has(host)) {
     throw new HttpError(403, 'BAD_HOST', 'local daemon host is not allowed');
@@ -24,12 +24,13 @@ export function assertLocalRequest(request: Request, token: string | undefined):
     throw new HttpError(403, 'CORS_DENIED', 'CORS preflight is not allowed');
   }
 
-  if (!token) {
+  const tokens = Array.isArray(token) ? token.filter(Boolean) : token ? [token] : [];
+  if (tokens.length === 0) {
     throw new HttpError(401, 'UNAUTHORIZED', 'local daemon token is required');
   }
 
   const header = request.headers.get('authorization');
-  if (header !== `Bearer ${token}`) {
+  if (!tokens.some((item) => header === `Bearer ${item}`)) {
     throw new HttpError(401, 'UNAUTHORIZED', 'invalid local daemon token');
   }
 }