npm - @dev-anywhere/proxy - Versions diffs - 0.0.1 - Mend

@dev-anywhere/proxy 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (277) hide show

package/dist/serve.js ADDED Viewed

@@ -0,0 +1,4375 @@
+#!/usr/bin/env node
+import {
+  ContentBlockDeltaSchema,
+  IGNORED_EVENT_TYPES,
+  KnownContentBlockSchema,
+  SeqCounter,
+  StreamJsonEventSchema
+} from "./chunk-2Q3Z3ICU.js";
+import {
+  createFSM,
+  defineFSM,
+  extractOscSequences,
+  extractOscSignals,
+  serviceLogger,
+  shouldReleaseApprovalWait,
+  stateAfterApprovalRelease
+} from "./chunk-UGFYGF3Y.js";
+import {
+  spawnScript
+} from "./chunk-ZUWAB67J.js";
+import {
+  CLAUDE_PROVIDER,
+  CODEX_PROVIDER,
+  detectAgentCliStatus
+} from "./chunk-6O6JTF24.js";
+import {
+  CONFIG_PATH,
+  ControlErrorCode,
+  DATA_DIR,
+  PID_PATH,
+  SESSIONS_PATH,
+  SOCK_PATH,
+  STOPPED_PATH,
+  SessionState,
+  buildMessage,
+  createIpcReader,
+  createWorkerReader,
+  serializeIpc,
+  serializeWorkerMsg,
+  sessionPaths,
+  tildify
+} from "./chunk-QJ5CQDK7.js";
+// src/serve.ts
+import { createServer as createServer2 } from "net";
+import { unlinkSync as unlinkSync3, writeFileSync as writeFileSync4, chmodSync, rmSync as rmSync2 } from "fs";
+// src/serve/session-manager.ts
+import { mkdirSync, readFileSync, renameSync, writeFileSync, existsSync } from "fs";
+import { dirname } from "path";
+import { nanoid } from "nanoid";
+var PTY_TRANSITIONS = {
+  [SessionState.IDLE]: [
+    // claude 开始响应用户输入 → handlePtyData 首字节翻 working
+    SessionState.WORKING,
+    // provider hook 是语义事件，可能比 PTY 字节观察更早到达；PermissionRequest 可直接进入审批等待。
+    SessionState.WAITING_APPROVAL,
+    // 终态兜底；现阶段 terminated 走 terminateSession 直接删 map 不经 updateState，本边未被触发
+    SessionState.TERMINATED
+  ],
+  [SessionState.WORKING]: [
+    // 5s 静默且 currentPtyState === "working" → idle timer 推 turn_complete
+    SessionState.IDLE,
+    // claude 发 OSC 9 "needs your permission: <tool>" → handlePtyData 推 approval_wait
+    SessionState.WAITING_APPROVAL,
+    // 终态兜底
+    SessionState.TERMINATED
+  ],
+  [SessionState.WAITING_APPROVAL]: [
+    // 审批解除后 provider 可能继续工作，也可能直接结束本轮。
+    // 真实 Claude 拒绝工具审批后会直接发 turn_complete，因此 WAITING_APPROVAL -> IDLE 是合法边。
+    SessionState.WORKING,
+    SessionState.IDLE,
+    // 终态兜底
+    SessionState.TERMINATED
+  ],
+  // PTY 永不进入 ERROR；本行仅为满足 Record<SessionState,_> 枚举完整性保留
+  [SessionState.ERROR]: [SessionState.TERMINATED],
+  [SessionState.TERMINATED]: []
+};
+var JSON_TRANSITIONS = {
+  [SessionState.IDLE]: [
+    // 用户在 relay/web 端发消息 → onTurnStart，turn 开始
+    SessionState.WORKING,
+    // 空闲期观察通道失联（worker socket 死但 pid 仍在等）→ onChannelBroken
+    SessionState.ERROR,
+    // 终态兜底；同 PTY，当前不经 updateState
+    SessionState.TERMINATED
+  ],
+  [SessionState.WORKING]: [
+    // stream-json result event → onTurnResult，turn 结束
+    SessionState.IDLE,
+    // claude 发 control_request → onApprovalRequested，阻塞等审批
+    SessionState.WAITING_APPROVAL,
+    // turn 进行中通道失联 → onChannelBroken
+    SessionState.ERROR,
+    // 终态兜底
+    SessionState.TERMINATED
+  ],
+  [SessionState.WAITING_APPROVAL]: [
+    // 粒度丢失：审批解除后 claude 继续跑，proxy 观察不到中间的 WORKING 信号，
+    // 直到 result event 才感知 → onTurnResult 一次性从 WAITING_APPROVAL 跳到 IDLE。
+    // 因此不列 WAITING_APPROVAL → WORKING 这条边。
+    SessionState.IDLE,
+    // 审批死锁：control_response 写 worker stdin 失败 → onChannelBroken。
+    // 这是 ERROR 态最明确的落地场景，让 UI 能区分 "正在等用户决定" 和 "审批通道坏了"。
+    SessionState.ERROR,
+    // 终态兜底
+    SessionState.TERMINATED
+  ],
+  [SessionState.ERROR]: [
+    // 观察通道坏了之后只能 terminate，不回 IDLE/WORKING——恢复机制未实现
+    SessionState.TERMINATED
+  ],
+  [SessionState.TERMINATED]: []
+};
+var ptyFSM = defineFSM(PTY_TRANSITIONS);
+var jsonFSM = defineFSM(JSON_TRANSITIONS);
+function fsmForMode(mode) {
+  return mode === "pty" ? ptyFSM : jsonFSM;
+}
+function isProviderId(value) {
+  return value === "claude" || value === "codex";
+}
+var SessionManager = class {
+  sessions = /* @__PURE__ */ new Map();
+  reaperTimer = null;
+  persistPath;
+  reaperIntervalMs;
+  onSessionRemoved;
+  constructor(options) {
+    this.persistPath = options.persistPath;
+    this.reaperIntervalMs = options.reaperIntervalMs ?? 6e4;
+    this.onSessionRemoved = options.onSessionRemoved;
+    this.load();
+  }
+  createSession(mode, cwd, pid, name, id, provider = "claude", ptyOwner) {
+    const now = Date.now();
+    const info = {
+      id: id ?? nanoid(),
+      mode,
+      provider,
+      ...mode === "pty" && ptyOwner !== void 0 ? { ptyOwner } : {},
+      state: SessionState.IDLE,
+      createdAt: now,
+      updatedAt: now,
+      cwd,
+      pid,
+      ...name !== void 0 ? { name } : {}
+    };
+    this.sessions.set(info.id, info);
+    this.save();
+    serviceLogger.info({ sessionId: info.id, mode, provider, ptyOwner, name }, "Session created");
+    return info;
+  }
+  listSessions() {
+    return Array.from(this.sessions.values()).sort((a, b) => b.createdAt - a.createdAt);
+  }
+  getSession(id) {
+    return this.sessions.get(id);
+  }
+  updateState(id, newState) {
+    const session = this.sessions.get(id);
+    if (!session) {
+      throw new Error(`Session not found: ${id}`);
+    }
+    const oldState = session.state;
+    if (oldState === newState) return false;
+    const fsm = fsmForMode(session.mode);
+    if (!fsm.canTransition(oldState, newState)) {
+      const level = fsm.isAbsorbing(oldState) ? "debug" : "warn";
+      serviceLogger[level](
+        { sessionId: id, from: oldState, to: newState, mode: session.mode },
+        level === "debug" ? "State change after absorbing state (residual, likely race)" : "Invalid state transition rejected by FSM"
+      );
+      return false;
+    }
+    session.state = newState;
+    session.updatedAt = Date.now();
+    this.save();
+    serviceLogger.info({ sessionId: id, from: oldState, to: newState }, "Session state changed");
+    return true;
+  }
+  terminateSession(id, context) {
+    const session = this.sessions.get(id);
+    if (!session) {
+      return { success: false };
+    }
+    const pid = session.pid;
+    this.sessions.delete(id);
+    this.save();
+    serviceLogger.info({ sessionId: id, mode: session.mode, pid }, "Session terminated");
+    this.onSessionRemoved?.(id, context);
+    return { success: true, pid };
+  }
+  terminateAll() {
+    const pids = [];
+    const ids = Array.from(this.sessions.keys());
+    for (const id of ids) {
+      const session = this.sessions.get(id);
+      if (session.mode === "json" && session.pid !== void 0) {
+        pids.push(session.pid);
+      }
+      this.sessions.delete(id);
+      this.onSessionRemoved?.(id);
+    }
+    this.save();
+    return pids;
+  }
+  setClaudeSessionId(id, claudeSessionId) {
+    const session = this.sessions.get(id);
+    if (!session) {
+      throw new Error(`Session not found: ${id}`);
+    }
+    session.claudeSessionId = claudeSessionId;
+    this.save();
+  }
+  setPid(id, pid) {
+    const session = this.sessions.get(id);
+    if (!session) {
+      throw new Error(`Session not found: ${id}`);
+    }
+    session.pid = pid;
+    this.save();
+  }
+  startReaper(intervalMs = this.reaperIntervalMs) {
+    this.stopReaper();
+    this.reaperTimer = setInterval(() => this.reap(), intervalMs);
+  }
+  stopReaper() {
+    if (this.reaperTimer) {
+      clearInterval(this.reaperTimer);
+      this.reaperTimer = null;
+    }
+  }
+  reap() {
+    const toRemove = [];
+    for (const session of this.sessions.values()) {
+      if (session.mode === "json" && session.pid !== void 0 && session.state !== SessionState.TERMINATED) {
+        if (!this.isProcessAlive(session.pid)) {
+          toRemove.push({ id: session.id, reason: `JSON worker process ${session.pid} is dead` });
+        }
+      }
+    }
+    for (const { id, reason } of toRemove) {
+      serviceLogger.warn({ sessionId: id, reason }, "Reaping stale session");
+      this.terminateSession(id);
+    }
+  }
+  isProcessAlive(pid) {
+    try {
+      process.kill(pid, 0);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  save() {
+    const dir = dirname(this.persistPath);
+    mkdirSync(dir, { recursive: true });
+    const persisted = Array.from(this.sessions.values()).map((s) => ({
+      id: s.id,
+      mode: s.mode,
+      provider: s.provider,
+      createdAt: s.createdAt,
+      updatedAt: s.updatedAt,
+      cwd: s.cwd,
+      pid: s.pid,
+      ...s.name !== void 0 ? { name: s.name } : {},
+      ...s.claudeSessionId !== void 0 ? { claudeSessionId: s.claudeSessionId } : {}
+    }));
+    const data = JSON.stringify(persisted, null, 2);
+    const tmpPath = this.persistPath + ".tmp";
+    writeFileSync(tmpPath, data, "utf-8");
+    renameSync(tmpPath, this.persistPath);
+  }
+  load() {
+    if (!existsSync(this.persistPath)) {
+      return;
+    }
+    const raw = readFileSync(this.persistPath, "utf-8");
+    let parsed;
+    try {
+      parsed = JSON.parse(raw);
+    } catch (err) {
+      throw new Error(`Failed to parse session persistence file at ${this.persistPath}`, {
+        cause: err
+      });
+    }
+    if (!Array.isArray(parsed)) {
+      throw new Error(
+        `Session persistence file has invalid format at ${this.persistPath}: expected array`
+      );
+    }
+    for (const item of parsed) {
+      if (item && typeof item === "object" && "state" in item) {
+        throw new Error(
+          `Session persistence file has invalid persisted state for session ${String(
+            item.id
+          )}`
+        );
+      }
+      const info = item;
+      if (!isProviderId(info.provider)) {
+        const sessionId = String(info.id);
+        this.onSessionRemoved?.(sessionId);
+        serviceLogger.warn(
+          { sessionId, provider: info.provider },
+          "Session persistence file has invalid provider; cleaning session"
+        );
+        continue;
+      }
+      if (info.mode === "pty") {
+        if (info.pid && this.isProcessAlive(info.pid)) {
+          serviceLogger.info(
+            { sessionId: info.id, pid: info.pid },
+            "PTY session skipped on load, terminal alive"
+          );
+        } else {
+          this.onSessionRemoved?.(info.id);
+          serviceLogger.info(
+            { sessionId: info.id, pid: info.pid },
+            "PTY session cleaned on load, terminal dead"
+          );
+        }
+        continue;
+      }
+      if (info.pid && this.isProcessAlive(info.pid)) {
+        this.sessions.set(info.id, { ...info, state: SessionState.IDLE });
+      } else {
+        this.onSessionRemoved?.(info.id);
+        serviceLogger.info(
+          { sessionId: info.id, pid: info.pid },
+          "JSON session cleaned on load, worker dead"
+        );
+      }
+    }
+    this.save();
+    if (this.sessions.size > 0) {
+      serviceLogger.info({ count: this.sessions.size }, "Sessions restored from persistence");
+    }
+  }
+};
+// src/serve/relay-connection.ts
+import WebSocket from "ws";
+import { readFileSync as readFileSync2, writeFileSync as writeFileSync2, mkdirSync as mkdirSync2, existsSync as existsSync2 } from "fs";
+import { homedir } from "os";
+import { dirname as dirname2, join } from "path";
+import { nanoid as nanoid2 } from "nanoid";
+import { EventEmitter } from "events";
+// src/serve/message-queue.ts
+var MemoryMessageQueue = class {
+  items = [];
+  enqueue(raw) {
+    this.items.push(raw);
+  }
+  drain() {
+    const all = this.items;
+    this.items = [];
+    return all;
+  }
+  size() {
+    return this.items.length;
+  }
+  clear() {
+    this.items = [];
+  }
+  // 丢弃最旧消息，返回被丢弃的 raw 供 caller 做补偿（例如清理对应 pending 审批）
+  dropOldest() {
+    return this.items.shift() ?? null;
+  }
+};
+// src/serve/relay-connection.ts
+var DEFAULT_PROXY_ID_PATH = join(homedir(), ".dev-anywhere", "proxy-id");
+var MAX_BACKOFF_MS = 3e4;
+var BASE_BACKOFF_MS = 1e3;
+var MAX_QUEUE_SIZE = 1e4;
+var RelayConnectionState = {
+  DISCONNECTED: "disconnected",
+  CONNECTING: "connecting",
+  REGISTERING: "registering",
+  SYNCED: "synced",
+  WAITING_RECONNECT: "waiting_reconnect",
+  CLOSED: "closed"
+};
+var RELAY_TRANSITIONS = {
+  [RelayConnectionState.DISCONNECTED]: [
+    RelayConnectionState.CONNECTING,
+    RelayConnectionState.CLOSED
+  ],
+  [RelayConnectionState.CONNECTING]: [
+    RelayConnectionState.REGISTERING,
+    RelayConnectionState.WAITING_RECONNECT,
+    RelayConnectionState.CLOSED
+  ],
+  [RelayConnectionState.REGISTERING]: [
+    RelayConnectionState.SYNCED,
+    RelayConnectionState.WAITING_RECONNECT,
+    RelayConnectionState.CLOSED
+  ],
+  [RelayConnectionState.SYNCED]: [
+    RelayConnectionState.WAITING_RECONNECT,
+    RelayConnectionState.CLOSED
+  ],
+  [RelayConnectionState.WAITING_RECONNECT]: [
+    RelayConnectionState.CONNECTING,
+    RelayConnectionState.CLOSED
+  ],
+  [RelayConnectionState.CLOSED]: []
+};
+var RelayConnection = class extends EventEmitter {
+  ws = null;
+  proxyId;
+  relayUrl;
+  queue = new MemoryMessageQueue();
+  reconnectAttempt = 0;
+  reconnectTimer = null;
+  fsm = createFSM({
+    initial: RelayConnectionState.DISCONNECTED,
+    transitions: RELAY_TRANSITIONS,
+    onTransition: (from, to) => serviceLogger.info({ from, to }, "RelayConnection state transition"),
+    onRejected: (from, to, isAbsorbing) => serviceLogger[isAbsorbing ? "debug" : "warn"](
+      { from, to },
+      isAbsorbing ? "Late event after absorbing state, ignored" : "Invalid relay connection transition rejected"
+    )
+  });
+  name;
+  token;
+  constructor(relayUrl, options) {
+    super();
+    this.relayUrl = relayUrl;
+    this.proxyId = this.loadOrCreateProxyId(options?.proxyIdPath ?? DEFAULT_PROXY_ID_PATH);
+    this.name = options?.name;
+    this.token = options?.token;
+  }
+  // 从文件读取或生成新的 proxyId，生成后持久化到文件
+  loadOrCreateProxyId(idPath) {
+    if (existsSync2(idPath)) {
+      const existing = readFileSync2(idPath, "utf-8").trim();
+      if (existing.length > 0) {
+        return existing;
+      }
+    }
+    const id = nanoid2(21);
+    const dir = dirname2(idPath);
+    if (!existsSync2(dir)) {
+      mkdirSync2(dir, { recursive: true });
+    }
+    writeFileSync2(idPath, id, "utf-8");
+    return id;
+  }
+  // 连接到 relay server
+  connect() {
+    if (!this.fsm.tryTransitionTo(RelayConnectionState.CONNECTING)) return;
+    this.doConnect();
+  }
+  // 实际建立 WebSocket 连接的内部方法
+  doConnect() {
+    try {
+      const base = this.relayUrl.replace(/\/$/, "") + "/proxy";
+      const url = this.token ? `${base}?token=${encodeURIComponent(this.token)}` : base;
+      this.ws = new WebSocket(url);
+      this.ws.on("open", () => {
+        if (!this.fsm.tryTransitionTo(RelayConnectionState.REGISTERING)) return;
+        serviceLogger.info(
+          { proxyId: this.proxyId, url: base, tokenSet: !!this.token },
+          "Connected to relay server"
+        );
+        this.ws.send(
+          JSON.stringify({
+            type: "proxy_register",
+            proxyId: this.proxyId,
+            ...this.name ? { name: this.name } : {}
+          })
+        );
+      });
+      this.ws.on("message", (data) => {
+        const raw = data.toString();
+        let msg;
+        try {
+          msg = JSON.parse(raw);
+        } catch (err) {
+          serviceLogger.warn({ error: String(err) }, "Non-JSON message from relay, dropped");
+          return;
+        }
+        if (msg.type === "proxy_register_response") {
+          serviceLogger.info({ status: msg.status }, "Received register response");
+          if (!this.fsm.tryTransitionTo(RelayConnectionState.SYNCED)) return;
+          this.reconnectAttempt = 0;
+          this.flushQueue();
+          this.emit("connected");
+          return;
+        }
+        this.emit("message", msg);
+      });
+      this.ws.on("close", () => {
+        this.ws = null;
+        if (this.fsm.current() !== RelayConnectionState.CLOSED) {
+          this.fsm.tryTransitionTo(RelayConnectionState.WAITING_RECONNECT);
+          serviceLogger.info("Relay connection closed unexpectedly");
+          this.emit("disconnected");
+          this.scheduleReconnect();
+        } else {
+          serviceLogger.info("Relay connection closed");
+        }
+      });
+      this.ws.on("error", (err) => {
+        serviceLogger.error({ error: String(err) }, "Relay connection error");
+      });
+    } catch (err) {
+      serviceLogger.error({ error: String(err) }, "Failed to create relay connection");
+      if (this.fsm.current() !== RelayConnectionState.CLOSED) {
+        this.fsm.tryTransitionTo(RelayConnectionState.WAITING_RECONNECT);
+        this.scheduleReconnect();
+      }
+    }
+  }
+  // 将队列中缓存的消息依次发送到 relay
+  flushQueue() {
+    for (const raw of this.queue.drain()) {
+      this.ws?.send(raw);
+    }
+  }
+  // 计算全抖动指数退避延迟并调度重连
+  scheduleReconnect() {
+    const backoff = Math.random() * Math.min(MAX_BACKOFF_MS, BASE_BACKOFF_MS * Math.pow(2, this.reconnectAttempt));
+    serviceLogger.info(
+      { attempt: this.reconnectAttempt + 1, backoffMs: Math.round(backoff) },
+      "Scheduling reconnect"
+    );
+    this.reconnectTimer = setTimeout(() => {
+      this.reconnectAttempt++;
+      if (!this.fsm.tryTransitionTo(RelayConnectionState.CONNECTING)) return;
+      this.doConnect();
+    }, backoff);
+  }
+  // 发送 MessageEnvelope 到 relay，离线时自动入队
+  sendEnvelope(envelope) {
+    const raw = JSON.stringify(envelope);
+    this.sendRaw(raw);
+  }
+  // 发送 binary PTY 帧到 relay，断线时直接丢弃不入队
+  sendBinary(data) {
+    if (this.fsm.current() === RelayConnectionState.SYNCED && this.ws?.readyState === WebSocket.OPEN) {
+      this.ws.send(data);
+    }
+  }
+  // 发送原始 JSON 字符串到 relay，根据 connectionState 决定直发、入队或丢弃
+  sendRaw(raw) {
+    if (this.fsm.current() === RelayConnectionState.SYNCED && this.ws?.readyState === WebSocket.OPEN) {
+      this.ws.send(raw);
+    } else if (this.fsm.current() === RelayConnectionState.CLOSED) {
+      serviceLogger.warn("Message discarded: connection is closed");
+    } else {
+      if (this.queue.size() >= MAX_QUEUE_SIZE) {
+        const dropped = this.queue.dropOldest();
+        serviceLogger.warn(
+          { maxSize: MAX_QUEUE_SIZE },
+          "Message queue overflow, oldest message dropped"
+        );
+        if (dropped !== null) this.emit("envelope_dropped", dropped);
+      }
+      this.queue.enqueue(raw);
+      serviceLogger.debug({ queueSize: this.queue.size() }, "Message queued during disconnect");
+    }
+  }
+  // 主动关闭连接，发送 proxy_disconnect 通知 relay 立即清理，不触发重连
+  close() {
+    if (this.fsm.is(RelayConnectionState.CLOSED)) return;
+    this.fsm.tryTransitionTo(RelayConnectionState.CLOSED);
+    if (this.reconnectTimer) {
+      clearTimeout(this.reconnectTimer);
+      this.reconnectTimer = null;
+    }
+    if (this.ws) {
+      if (this.ws.readyState === WebSocket.OPEN) {
+        this.ws.send(JSON.stringify({ type: "proxy_disconnect", proxyId: this.proxyId }));
+      }
+      this.ws.close();
+      this.ws = null;
+    }
+  }
+  // 获取当前 proxyId
+  getProxyId() {
+    return this.proxyId;
+  }
+  // 获取连接状态摘要，用于 CLI status 输出
+  getStatus() {
+    return {
+      connected: this.fsm.current() === RelayConnectionState.SYNCED,
+      connectionState: this.fsm.current(),
+      proxyId: this.proxyId,
+      reconnectAttempt: this.reconnectAttempt,
+      queueDepth: this.queue.size()
+    };
+  }
+};
+// src/common/config.ts
+import { existsSync as existsSync3, mkdirSync as mkdirSync3, readFileSync as readFileSync3, writeFileSync as writeFileSync3 } from "fs";
+import { dirname as dirname3, isAbsolute } from "path";
+function parsePort(value, source) {
+  if (!value) return void 0;
+  const port = Number(value);
+  if (!Number.isInteger(port) || port < 1 || port > 65535) {
+    throw new Error(`Invalid ${source}: expected TCP port 1-65535`);
+  }
+  return port;
+}
+function resolveFileConfig(fromFile, requestedEnv) {
+  if (!fromFile.envs) {
+    return {
+      envName: void 0,
+      envNameSource: fromFile.relayUrl || fromFile.relayToken || fromFile.hookPort ? "single" : "none",
+      config: fromFile
+    };
+  }
+  const envName = requestedEnv ?? fromFile.defaultEnv ?? "local";
+  const config = fromFile.envs[envName];
+  if (!config) {
+    const available = Object.keys(fromFile.envs).sort();
+    throw new Error(
+      `Unknown config env "${envName}". Available envs: ${available.length > 0 ? available.join(", ") : "(none)"}`
+    );
+  }
+  return {
+    envName,
+    envNameSource: requestedEnv ? "cli" : fromFile.defaultEnv ? "file" : "default",
+    config
+  };
+}
+function readConfigFile() {
+  if (!existsSync3(CONFIG_PATH)) return {};
+  return JSON.parse(readFileSync3(CONFIG_PATH, "utf-8"));
+}
+function agentCliField(provider) {
+  return provider === "claude" ? "claudeBin" : "codexBin";
+}
+function agentCliHistoryField(provider) {
+  return provider === "claude" ? "claudeBinHistory" : "codexBinHistory";
+}
+function validateAgentCliPath(path) {
+  const normalized = path.trim();
+  if (!normalized) throw new Error("\u8BF7\u8F93\u5165 CLI \u8DEF\u5F84");
+  if (!isAbsolute(normalized)) throw new Error("CLI \u8DEF\u5F84\u5FC5\u987B\u662F\u7EDD\u5BF9\u8DEF\u5F84");
+  return normalized;
+}
+function uniqueAbsolutePaths(paths) {
+  const seen = /* @__PURE__ */ new Set();
+  const result = [];
+  for (const path of paths) {
+    const normalized = path?.trim();
+    if (!normalized || !isAbsolute(normalized) || seen.has(normalized)) continue;
+    seen.add(normalized);
+    result.push(normalized);
+  }
+  return result;
+}
+function updateAgentCliPathInEnvConfig(config, provider, path) {
+  const field = agentCliField(provider);
+  const historyField = agentCliHistoryField(provider);
+  const history = uniqueAbsolutePaths([path, ...config[historyField] ?? []]).slice(0, 8);
+  return {
+    ...config,
+    [field]: path,
+    [historyField]: history
+  };
+}
+function loadConfig(options) {
+  let fromFile = {};
+  if (existsSync3(CONFIG_PATH)) {
+    try {
+      fromFile = readConfigFile();
+    } catch (err) {
+      serviceLogger.warn(
+        { path: CONFIG_PATH, err: err instanceof Error ? err.message : String(err) },
+        "Failed to parse config file, falling back to env-only"
+      );
+    }
+  } else {
+    serviceLogger.debug({ path: CONFIG_PATH }, "Config file not found, using env-only");
+  }
+  const resolved = resolveFileConfig(fromFile, options?.envName);
+  const hookPortFromFile = resolved.config.hookPort ?? fromFile.hookPort;
+  const claudeBinFromFile = resolved.config.claudeBin ?? fromFile.claudeBin;
+  const codexBinFromFile = resolved.config.codexBin ?? fromFile.codexBin;
+  const claudeBinHistory = [
+    ...resolved.config.claudeBinHistory ?? [],
+    ...fromFile.claudeBinHistory ?? []
+  ];
+  const codexBinHistory = [
+    ...resolved.config.codexBinHistory ?? [],
+    ...fromFile.codexBinHistory ?? []
+  ];
+  const claudeBin = process.env.CLAUDE_BIN ?? claudeBinFromFile;
+  const codexBin = process.env.CODEX_BIN ?? codexBinFromFile;
+  const config = {
+    envName: resolved.envName,
+    relayUrl: process.env.RELAY_URL ?? resolved.config.relayUrl,
+    relayToken: process.env.RELAY_PROXY_TOKEN ?? resolved.config.relayToken,
+    hookPort: parsePort(process.env.DEV_ANYWHERE_HOOK_PORT, "DEV_ANYWHERE_HOOK_PORT") ?? hookPortFromFile ?? 17654,
+    claudeBin,
+    codexBin,
+    agentCliSuggestions: {
+      claude: uniqueAbsolutePaths([process.env.CLAUDE_BIN, claudeBinFromFile, ...claudeBinHistory]),
+      codex: uniqueAbsolutePaths([process.env.CODEX_BIN, codexBinFromFile, ...codexBinHistory])
+    },
+    sources: {
+      envName: resolved.envNameSource,
+      relayUrl: process.env.RELAY_URL ? "env" : resolved.config.relayUrl ? "file" : "none",
+      relayToken: process.env.RELAY_PROXY_TOKEN ? "env" : resolved.config.relayToken ? "file" : "none",
+      hookPort: process.env.DEV_ANYWHERE_HOOK_PORT ? "env" : hookPortFromFile ? "file" : "default",
+      claudeBin: process.env.CLAUDE_BIN ? "env" : claudeBinFromFile ? "file" : "none",
+      codexBin: process.env.CODEX_BIN ? "env" : codexBinFromFile ? "file" : "none"
+    }
+  };
+  serviceLogger.info(
+    {
+      envName: config.envName ?? "(single)",
+      envNameSource: config.sources.envName,
+      relayUrl: config.relayUrl ?? "(unset)",
+      relayUrlSource: config.sources.relayUrl,
+      relayTokenSource: config.sources.relayToken,
+      hookPort: config.hookPort,
+      hookPortSource: config.sources.hookPort,
+      claudeBinSource: config.sources.claudeBin,
+      codexBinSource: config.sources.codexBin
+    },
+    "Config loaded"
+  );
+  return config;
+}
+function buildProviderEnv(config, baseEnv = process.env) {
+  return {
+    ...baseEnv,
+    ...config.claudeBin ? { CLAUDE_BIN: config.claudeBin } : {},
+    ...config.codexBin ? { CODEX_BIN: config.codexBin } : {}
+  };
+}
+function saveAgentCliPath(provider, path, options) {
+  const normalized = validateAgentCliPath(path);
+  const fromFile = readConfigFile();
+  const resolved = resolveFileConfig(fromFile, options?.envName);
+  if (fromFile.envs) {
+    const envName = resolved.envName ?? options?.envName ?? fromFile.defaultEnv ?? "local";
+    fromFile.envs[envName] = updateAgentCliPathInEnvConfig(
+      fromFile.envs[envName] ?? {},
+      provider,
+      normalized
+    );
+  } else {
+    Object.assign(fromFile, updateAgentCliPathInEnvConfig(fromFile, provider, normalized));
+  }
+  mkdirSync3(dirname3(CONFIG_PATH), { recursive: true });
+  writeFileSync3(CONFIG_PATH, `${JSON.stringify(fromFile, null, 2)}
+`, "utf-8");
+}
+// src/serve/handlers/control-messages.ts
+import { readdir as readdir2, mkdir } from "fs/promises";
+import { join as join4, isAbsolute as isAbsolute2, normalize } from "path";
+// src/serve/session-history.ts
+import { readdir, stat, access } from "fs/promises";
+import { createReadStream } from "fs";
+import { join as join2 } from "path";
+import { homedir as homedir2 } from "os";
+import { createInterface } from "readline";
+var claudeProjectsDir = () => join2(homedir2(), ".claude", "projects");
+var codexSessionsDir = () => join2(homedir2(), ".codex", "sessions");
+var UNTITLED_SESSION_TITLE = "\u672A\u547D\u540D\u4F1A\u8BDD";
+var MAX_HISTORY_TITLE_LENGTH = 40;
+var IGNORED_SLASH_COMMANDS = /* @__PURE__ */ new Set([
+  "/clear",
+  "/model",
+  "/compact",
+  "/help",
+  "/config",
+  "/logout"
+]);
+var XMLISH_NOISE_PREFIXES = [
+  "environment",
+  "system",
+  "developer",
+  "assistant",
+  "user",
+  "tool",
+  "context"
+];
+var INTERNAL_TITLE_PATTERNS = [
+  /^the following is the codex agent history\b/i,
+  /^codex agent history\b/i,
+  /^conversation summary\b/i
+];
+async function scanSessionHistory() {
+  const entries = [...await scanClaudeSessionHistory(), ...await scanCodexSessionHistory()];
+  entries.sort((a, b) => b.updatedAt - a.updatedAt);
+  const seen = /* @__PURE__ */ new Set();
+  return entries.filter((e) => {
+    const key = `${e.provider}::${e.projectDir}::${e.title}`;
+    if (seen.has(key)) return false;
+    seen.add(key);
+    return true;
+  });
+}
+async function scanClaudeSessionHistory() {
+  const entries = [];
+  let projectDirs;
+  try {
+    projectDirs = await readdir(claudeProjectsDir());
+  } catch {
+    return [];
+  }
+  for (const encodedDir of projectDirs) {
+    const projectPath = join2(claudeProjectsDir(), encodedDir);
+    let files;
+    try {
+      files = await readdir(projectPath);
+    } catch {
+      continue;
+    }
+    for (const file of files) {
+      if (!file.endsWith(".jsonl")) continue;
+      const filePath = join2(projectPath, file);
+      try {
+        const fileStat = await stat(filePath);
+        const sessionId = file.replace(/\.jsonl$/, "");
+        const { title, cwd } = await extractTitleAndCwd(filePath);
+        entries.push({
+          id: sessionId,
+          title: title || UNTITLED_SESSION_TITLE,
+          projectDir: cwd || "/" + encodedDir.replace(/^-/, "").split("-").join("/"),
+          updatedAt: fileStat.mtimeMs,
+          provider: "claude"
+        });
+      } catch {
+        continue;
+      }
+    }
+  }
+  return entries;
+}
+async function scanCodexSessionHistory() {
+  const files = await collectJsonlFiles(codexSessionsDir());
+  const entries = [];
+  for (const filePath of files) {
+    try {
+      const fileStat = await stat(filePath);
+      const meta = await extractCodexTitleAndCwd(filePath);
+      if (!meta.id) continue;
+      entries.push({
+        id: meta.id,
+        title: meta.title || UNTITLED_SESSION_TITLE,
+        projectDir: meta.cwd || homedir2(),
+        updatedAt: fileStat.mtimeMs,
+        provider: "codex"
+      });
+    } catch {
+      continue;
+    }
+  }
+  return entries;
+}
+async function readSessionMessages(claudeSessionId) {
+  let projectDirs;
+  try {
+    projectDirs = await readdir(claudeProjectsDir());
+  } catch {
+    return [];
+  }
+  for (const encodedDir of projectDirs) {
+    const filePath = join2(claudeProjectsDir(), encodedDir, `${claudeSessionId}.jsonl`);
+    try {
+      await access(filePath);
+    } catch {
+      continue;
+    }
+    const messages = [];
+    return new Promise((resolve) => {
+      const rl = createInterface({
+        input: createReadStream(filePath, { encoding: "utf-8" }),
+        crlfDelay: Infinity
+      });
+      rl.on("line", (line) => {
+        if (!line.trim()) return;
+        try {
+          const obj = JSON.parse(line);
+          if (obj.type === "user") {
+            if (obj.isMeta) return;
+            const text = extractConversationText(obj.message);
+            if (!text) return;
+            const ts = typeof obj.timestamp === "string" ? new Date(obj.timestamp).getTime() : void 0;
+            messages.push({ role: "user", text, timestamp: ts });
+          } else if (obj.type === "assistant") {
+            const text = extractConversationText(obj.message);
+            const ts = typeof obj.timestamp === "string" ? new Date(obj.timestamp).getTime() : void 0;
+            if (text) messages.push({ role: "assistant", text, timestamp: ts });
+          }
+        } catch {
+        }
+      });
+      rl.on("close", () => resolve(messages));
+      rl.on("error", () => resolve(messages));
+    });
+  }
+  return [];
+}
+function collapseWhitespace(text) {
+  return text.replace(/\s+/g, " ").trim();
+}
+function truncateTitle(text) {
+  const chars = Array.from(text);
+  return chars.length > MAX_HISTORY_TITLE_LENGTH ? `${chars.slice(0, MAX_HISTORY_TITLE_LENGTH).join("")}...` : text;
+}
+function isXmlishNoise(text) {
+  const match = text.match(/^<([A-Za-z][\w:-]*)\b/);
+  if (!match) return false;
+  const tag = match[1].toLowerCase();
+  return XMLISH_NOISE_PREFIXES.some((prefix) => tag === prefix || tag.startsWith(`${prefix}_`));
+}
+function normalizeHistoryTitle(raw) {
+  if (!raw) return null;
+  const text = collapseWhitespace(raw);
+  if (text.length < 2) return null;
+  if (text.startsWith("<") || isXmlishNoise(text)) return null;
+  if (INTERNAL_TITLE_PATTERNS.some((pattern) => pattern.test(text))) return null;
+  const slashCommand = text.match(/^\/\S+/)?.[0];
+  if (slashCommand && IGNORED_SLASH_COMMANDS.has(slashCommand)) return null;
+  return truncateTitle(text);
+}
+function extractSlashCommand(text) {
+  const nameMatch = text.match(/<command-name>([^<]+)<\/command-name>/);
+  if (!nameMatch) return null;
+  const argsMatch = text.match(/<command-args>([^<]+)<\/command-args>/);
+  const args = argsMatch ? argsMatch[1].trim() : "";
+  return normalizeHistoryTitle(args ? `${nameMatch[1]} ${args}` : nameMatch[1]);
+}
+function extractMessageText(msg) {
+  if (typeof msg === "string") {
+    const cmd = extractSlashCommand(msg);
+    if (cmd) return cmd;
+    return normalizeHistoryTitle(msg);
+  }
+  if (msg && typeof msg === "object" && "content" in msg) {
+    const content = msg.content;
+    if (typeof content === "string") {
+      const cmd = extractSlashCommand(content);
+      if (cmd) return cmd;
+      return normalizeHistoryTitle(content);
+    }
+    if (Array.isArray(content)) {
+      const texts = content.filter(
+        (b) => b.type === "text" && typeof b.text === "string"
+      ).map((b) => b.text);
+      const joined = texts.join("\n").trim();
+      return normalizeHistoryTitle(joined);
+    }
+  }
+  if (Array.isArray(msg)) {
+    const texts = msg.filter(
+      (b) => b.type === "text" && typeof b.text === "string"
+    ).map((b) => b.text);
+    const joined = texts.join("\n").trim();
+    return normalizeHistoryTitle(joined);
+  }
+  return null;
+}
+function normalizeConversationText(text) {
+  const trimmed = text.trim();
+  if (!trimmed) return null;
+  return trimmed;
+}
+function extractConversationText(msg) {
+  if (typeof msg === "string") {
+    const cmd = extractSlashCommand(msg);
+    if (cmd) return cmd;
+    return normalizeConversationText(msg);
+  }
+  if (msg && typeof msg === "object" && "content" in msg) {
+    const content = msg.content;
+    if (typeof content === "string") {
+      const cmd = extractSlashCommand(content);
+      if (cmd) return cmd;
+      return normalizeConversationText(content);
+    }
+    if (Array.isArray(content)) {
+      const texts = content.filter(
+        (b) => b.type === "text" && typeof b.text === "string"
+      ).map((b) => b.text);
+      return normalizeConversationText(texts.join("\n"));
+    }
+  }
+  if (Array.isArray(msg)) {
+    const texts = msg.filter(
+      (b) => b.type === "text" && typeof b.text === "string"
+    ).map((b) => b.text);
+    return normalizeConversationText(texts.join("\n"));
+  }
+  return null;
+}
+async function extractTitleAndCwd(filePath) {
+  return new Promise((resolve) => {
+    const rl = createInterface({
+      input: createReadStream(filePath, { encoding: "utf-8" }),
+      crlfDelay: Infinity
+    });
+    let resolved = false;
+    let cwd = null;
+    let title = null;
+    rl.on("line", (line) => {
+      if (resolved) return;
+      if (!line.trim()) return;
+      try {
+        const obj = JSON.parse(line);
+        if (!cwd && typeof obj.cwd === "string") {
+          cwd = obj.cwd;
+        }
+        if (!title && obj.type === "user" && !obj.isMeta) {
+          const text = extractMessageText(obj.message);
+          if (text) title = text;
+        }
+        if (cwd && title) {
+          resolved = true;
+          rl.close();
+        }
+      } catch {
+      }
+    });
+    rl.on("close", () => {
+      if (!resolved) resolve({ title, cwd });
+      else resolve({ title, cwd });
+    });
+    rl.on("error", () => resolve({ title, cwd }));
+  });
+}
+async function collectJsonlFiles(root) {
+  let entries;
+  try {
+    entries = await readdir(root, { withFileTypes: true });
+  } catch {
+    return [];
+  }
+  const files = [];
+  for (const entry of entries) {
+    const child = join2(root, entry.name);
+    if (entry.isDirectory()) {
+      files.push(...await collectJsonlFiles(child));
+    } else if (entry.isFile() && entry.name.endsWith(".jsonl")) {
+      files.push(child);
+    }
+  }
+  return files;
+}
+async function extractCodexTitleAndCwd(filePath) {
+  return new Promise((resolve) => {
+    const rl = createInterface({
+      input: createReadStream(filePath, { encoding: "utf-8" }),
+      crlfDelay: Infinity
+    });
+    let id = null;
+    let cwd = null;
+    let title = null;
+    rl.on("line", (line) => {
+      if (!line.trim()) return;
+      try {
+        const obj = JSON.parse(line);
+        if (obj.type === "session_meta" && obj.payload) {
+          if (!id && typeof obj.payload.id === "string") id = obj.payload.id;
+          if (!cwd && typeof obj.payload.cwd === "string") cwd = obj.payload.cwd;
+        }
+        if (!title && obj.type === "response_item") {
+          const text = extractCodexUserText(obj.payload);
+          if (text) title = text;
+        }
+        if (id && cwd && title) rl.close();
+      } catch {
+      }
+    });
+    rl.on("close", () => resolve({ id, title, cwd }));
+    rl.on("error", () => resolve({ id, title, cwd }));
+  });
+}
+function extractCodexUserText(payload) {
+  if (!payload || typeof payload !== "object") return null;
+  const item = payload;
+  if (item.type !== "message" || item.role !== "user") return null;
+  if (typeof item.content === "string") return normalizeHistoryTitle(item.content);
+  if (!Array.isArray(item.content)) return null;
+  const texts = item.content.map((block) => {
+    if (!block || typeof block !== "object") return "";
+    const typed = block;
+    return typed.type === "input_text" && typeof typed.text === "string" ? typed.text : "";
+  }).filter(Boolean);
+  const joined = texts.join("\n").trim();
+  return normalizeHistoryTitle(joined);
+}
+// src/serve/command-discovery.ts
+import { readdirSync, readFileSync as readFileSync4 } from "fs";
+import { homedir as homedir3 } from "os";
+import { join as join3 } from "path";
+var REPL_BUILTINS = [
+  { name: "/compact", description: "Compact conversation history", source: "builtin" },
+  { name: "/status", description: "Show session status", source: "builtin" },
+  { name: "/cost", description: "Show token usage and cost", source: "builtin" },
+  { name: "/clear", description: "Clear conversation history", source: "builtin" },
+  {
+    name: "/model",
+    description: "Switch AI model",
+    argumentHint: "model name (e.g., Haiku, Sonnet)",
+    source: "builtin"
+  },
+  { name: "/help", description: "Show available commands", source: "builtin" },
+  { name: "/memory", description: "Edit CLAUDE.md memory", source: "builtin" },
+  { name: "/review", description: "Review diff of changes", source: "builtin" },
+  { name: "/vim", description: "Enter vim mode", source: "builtin" },
+  { name: "/terminal-setup", description: "Configure terminal integration", source: "builtin" },
+  { name: "/permissions", description: "View and manage permissions", source: "builtin" },
+  { name: "/allowed-tools", description: "View allowed tools", source: "builtin" },
+  {
+    name: "/add-dir",
+    description: "Add working directory",
+    argumentHint: "directory path",
+    source: "builtin"
+  },
+  { name: "/init", description: "Initialize CLAUDE.md in project", source: "builtin" },
+  { name: "/listen", description: "Listen for multi-turn responses", source: "builtin" },
+  { name: "/pr-comments", description: "View PR comments", source: "builtin" },
+  { name: "/release-notes", description: "Generate release notes", source: "builtin" },
+  { name: "/ide", description: "Open IDE integration", source: "builtin" }
+];
+var COMMAND_BLACKLIST = /* @__PURE__ */ new Set([
+  "/login",
+  "/logout",
+  "/config",
+  "/plugin",
+  "/mcp",
+  "/install",
+  "/setup-token",
+  "/doctor",
+  "/update",
+  "/upgrade",
+  "/memory",
+  "/vim",
+  "/terminal-setup",
+  "/permissions",
+  "/allowed-tools",
+  "/ide",
+  "/listen"
+]);
+function parseSkillFrontmatter(content) {
+  const match = content.match(/^---\r?\n([\s\S]*?)\r?\n---/);
+  if (!match) return {};
+  const yaml = match[1];
+  const result = {};
+  const nameMatch = yaml.match(/^name:\s*(.+)$/m);
+  if (nameMatch) result.name = nameMatch[1].trim();
+  const descMatch = yaml.match(/^description:\s*(.+)$/m);
+  if (descMatch) result.description = descMatch[1].trim();
+  const hintMatch = yaml.match(/^argument-hint:\s*(.+)$/m);
+  if (hintMatch) result.argumentHint = hintMatch[1].trim();
+  return result;
+}
+function scanSkillsDir(dirPath, source) {
+  let entries;
+  try {
+    entries = readdirSync(dirPath, { withFileTypes: true }).filter((d) => d.isDirectory()).map((d) => d.name);
+  } catch {
+    return [];
+  }
+  const commands = [];
+  for (const name of entries) {
+    const skillPath = join3(dirPath, name, "SKILL.md");
+    try {
+      const content = readFileSync4(skillPath, "utf-8");
+      const parsed = parseSkillFrontmatter(content);
+      commands.push({
+        name: `/${parsed.name ?? name}`,
+        description: parsed.description ?? "",
+        argumentHint: parsed.argumentHint,
+        source
+      });
+    } catch {
+    }
+  }
+  return commands;
+}
+function scanCommandsDir(dirPath, source) {
+  let entries;
+  try {
+    entries = readdirSync(dirPath).filter((f) => f.endsWith(".md"));
+  } catch {
+    return [];
+  }
+  const commands = [];
+  for (const filename of entries) {
+    const cmdName = filename.replace(/\.md$/, "");
+    try {
+      const content = readFileSync4(join3(dirPath, filename), "utf-8");
+      const firstLine = content.split("\n")[0].trim();
+      commands.push({
+        name: `/${cmdName}`,
+        description: firstLine,
+        source
+      });
+    } catch {
+      commands.push({
+        name: `/${cmdName}`,
+        description: "",
+        source
+      });
+    }
+  }
+  return commands;
+}
+function scanPluginDirs(homeDir) {
+  const pluginCacheDir = join3(homeDir, ".claude", "plugins", "cache");
+  let pluginNames;
+  try {
+    pluginNames = readdirSync(pluginCacheDir, { withFileTypes: true }).filter((d) => d.isDirectory()).map((d) => d.name);
+  } catch {
+    return [];
+  }
+  const commands = [];
+  for (const pluginName of pluginNames) {
+    const pluginDir = join3(pluginCacheDir, pluginName);
+    const skillCmds = scanSkillsDir(join3(pluginDir, "skills"), "plugin-skill");
+    const cmdCmds = scanCommandsDir(join3(pluginDir, "commands"), "plugin-command");
+    commands.push(...skillCmds, ...cmdCmds);
+  }
+  return commands;
+}
+async function discoverCommands(workDir, options) {
+  const homeDir = options?.homeDir ?? homedir3();
+  const builtins = REPL_BUILTINS.filter((c) => !COMMAND_BLACKLIST.has(c.name));
+  const userSkills = scanSkillsDir(join3(homeDir, ".claude", "skills"), "user-skill");
+  const projectSkills = scanSkillsDir(join3(workDir, ".claude", "skills"), "project-skill");
+  const userCommands = scanCommandsDir(join3(homeDir, ".claude", "commands"), "user-command");
+  const projectCommands = scanCommandsDir(join3(workDir, ".claude", "commands"), "project-command");
+  const pluginCommands = scanPluginDirs(homeDir);
+  const commandMap = /* @__PURE__ */ new Map();
+  for (const cmd of builtins) commandMap.set(cmd.name, cmd);
+  for (const cmd of pluginCommands) commandMap.set(cmd.name, cmd);
+  for (const cmd of userSkills) commandMap.set(cmd.name, cmd);
+  for (const cmd of userCommands) commandMap.set(cmd.name, cmd);
+  for (const cmd of projectSkills) commandMap.set(cmd.name, cmd);
+  for (const cmd of projectCommands) commandMap.set(cmd.name, cmd);
+  const result = [];
+  for (const cmd of commandMap.values()) {
+    if (!COMMAND_BLACKLIST.has(cmd.name)) {
+      result.push(cmd);
+    }
+  }
+  return result;
+}
+// src/serve/path-errors.ts
+function getFsErrorCode(err) {
+  return typeof err === "object" && err !== null && "code" in err ? String(err.code) : void 0;
+}
+function classifyPathError(err) {
+  switch (getFsErrorCode(err)) {
+    case "ENOENT":
+      return ControlErrorCode.PATH_NOT_FOUND;
+    case "ENOTDIR":
+      return ControlErrorCode.PATH_NOT_DIRECTORY;
+    case "EACCES":
+    case "EPERM":
+      return ControlErrorCode.PATH_ACCESS_DENIED;
+    default:
+      return ControlErrorCode.UNKNOWN;
+  }
+}
+// src/serve/handlers/control-messages.ts
+var COMMAND_REFRESH_MS = 6 * 60 * 60 * 1e3;
+function isPathSafe(path) {
+  if (!isAbsolute2(path)) return false;
+  const normalized = normalize(path);
+  if (normalized.includes("..")) return false;
+  return true;
+}
+var HIDDEN_ENTRY_NAMES = /* @__PURE__ */ new Set(["node_modules"]);
+function isPickerVisible(name) {
+  return !name.startsWith(".") && !HIDDEN_ENTRY_NAMES.has(name);
+}
+function sortEntries(a, b) {
+  if (a.isDir !== b.isDir) return a.isDir ? -1 : 1;
+  return a.name.localeCompare(b.name);
+}
+async function scanDir(dirPath) {
+  const entries = await readdir2(dirPath, { withFileTypes: true });
+  return entries.filter((e) => isPickerVisible(e.name)).map((e) => ({ name: e.name, isDir: e.isDirectory() })).sort(sortEntries);
+}
+async function getFileTree(rootPath) {
+  const groups = [];
+  let rootEntries;
+  try {
+    rootEntries = await scanDir(rootPath);
+  } catch {
+    return groups;
+  }
+  groups.push({ path: rootPath, entries: rootEntries });
+  for (const sub of rootEntries) {
+    if (!sub.isDir) continue;
+    const subPath = join4(rootPath, sub.name);
+    try {
+      const subEntries = await scanDir(subPath);
+      groups.push({ path: subPath, entries: subEntries });
+    } catch {
+    }
+  }
+  return groups;
+}
+function createControlMessageHandlers(send, sessionManager) {
+  const sessionResources = /* @__PURE__ */ new Map();
+  function getResources(sessionId) {
+    let res = sessionResources.get(sessionId);
+    if (!res) {
+      res = {};
+      sessionResources.set(sessionId, res);
+    }
+    return res;
+  }
+  function scheduleCommandRefresh(sessionId, workDir) {
+    const resources = getResources(sessionId);
+    if (resources.commandRefreshTimer) {
+      clearInterval(resources.commandRefreshTimer);
+    }
+    resources.commandRefreshTimer = setInterval(async () => {
+      try {
+        const commands = await discoverCommands(workDir);
+        send(
+          JSON.stringify({
+            type: "command_list_push",
+            commands
+          })
+        );
+        serviceLogger.debug({ sessionId, count: commands.length }, "Command list refreshed");
+      } catch (err) {
+        serviceLogger.warn({ sessionId, error: String(err) }, "Command refresh failed");
+      }
+    }, COMMAND_REFRESH_MS);
+  }
+  return {
+    async handleDirListRequest(msg) {
+      if (!isPathSafe(msg.path)) {
+        send(
+          JSON.stringify({
+            type: "dir_list_response",
+            requestId: msg.requestId,
+            path: msg.path,
+            entries: [],
+            errorCode: ControlErrorCode.INVALID_PATH,
+            error: "Invalid path: must be absolute and must not contain path traversal"
+          })
+        );
+        serviceLogger.warn({ path: msg.path }, "Rejected dir_list_request: unsafe path");
+        return;
+      }
+      try {
+        const entries = await scanDir(msg.path);
+        send(
+          JSON.stringify({
+            type: "dir_list_response",
+            requestId: msg.requestId,
+            path: msg.path,
+            entries
+          })
+        );
+        serviceLogger.debug({ path: msg.path, count: entries.length }, "Dir list response sent");
+      } catch (err) {
+        send(
+          JSON.stringify({
+            type: "dir_list_response",
+            requestId: msg.requestId,
+            path: msg.path,
+            entries: [],
+            errorCode: classifyPathError(err),
+            error: String(err)
+          })
+        );
+        serviceLogger.warn({ path: msg.path, error: String(err) }, "Dir list request failed");
+      }
+    },
+    async handleDirCreateRequest(msg) {
+      if (!isPathSafe(msg.path)) {
+        send(
+          JSON.stringify({
+            type: "dir_create_response",
+            requestId: msg.requestId,
+            path: msg.path,
+            success: false,
+            errorCode: ControlErrorCode.INVALID_PATH,
+            error: "Invalid path: must be absolute and must not contain path traversal"
+          })
+        );
+        serviceLogger.warn({ path: msg.path }, "Rejected dir_create_request: unsafe path");
+        return;
+      }
+      try {
+        await mkdir(msg.path, { recursive: true });
+        send(
+          JSON.stringify({
+            type: "dir_create_response",
+            requestId: msg.requestId,
+            path: msg.path,
+            success: true
+          })
+        );
+        serviceLogger.info({ path: msg.path }, "Directory created");
+      } catch (err) {
+        send(
+          JSON.stringify({
+            type: "dir_create_response",
+            requestId: msg.requestId,
+            path: msg.path,
+            success: false,
+            errorCode: classifyPathError(err),
+            error: String(err)
+          })
+        );
+        serviceLogger.warn({ path: msg.path, error: String(err) }, "Dir create failed");
+      }
+    },
+    async handleSessionHistoryRequest(msg) {
+      try {
+        const sessions = await scanSessionHistory();
+        send(
+          JSON.stringify({
+            type: "session_history_response",
+            requestId: msg.requestId,
+            sessions
+          })
+        );
+        serviceLogger.debug({ count: sessions.length }, "Session history response sent");
+      } catch (err) {
+        send(
+          JSON.stringify({
+            type: "session_history_response",
+            requestId: msg.requestId,
+            sessions: []
+          })
+        );
+        serviceLogger.warn({ error: String(err) }, "Session history scan failed");
+      }
+    },
+    async handleSessionResourcesRequest(msg) {
+      getResources(msg.sessionId).fileTreeWorkDir = msg.workDir;
+      scheduleCommandRefresh(msg.sessionId, msg.workDir);
+      const [commandsResult, groupsResult] = await Promise.allSettled([
+        discoverCommands(msg.workDir),
+        getFileTree(msg.workDir)
+      ]);
+      const commands = commandsResult.status === "fulfilled" ? commandsResult.value : [];
+      const groups = groupsResult.status === "fulfilled" ? groupsResult.value : [];
+      const failedReason = commandsResult.status === "rejected" ? commandsResult.reason : groupsResult.status === "rejected" ? groupsResult.reason : void 0;
+      send(
+        JSON.stringify({
+          type: "session_resources_response",
+          requestId: msg.requestId,
+          sessionId: msg.sessionId,
+          commands,
+          groups,
+          ...failedReason ? {
+            errorCode: classifyPathError(failedReason),
+            error: String(failedReason)
+          } : {}
+        })
+      );
+      serviceLogger.info(
+        { sessionId: msg.sessionId, commandCount: commands.length, groupCount: groups.length },
+        "Session resources snapshot sent"
+      );
+    },
+    async pushCommandList(sessionId, workDir) {
+      try {
+        const commands = await discoverCommands(workDir);
+        send(
+          JSON.stringify({
+            type: "command_list_push",
+            commands
+          })
+        );
+        serviceLogger.info({ sessionId, count: commands.length, workDir }, "Command list pushed");
+      } catch (err) {
+        serviceLogger.warn({ sessionId, error: String(err) }, "Command discovery failed");
+      }
+      scheduleCommandRefresh(sessionId, workDir);
+    },
+    async pushFileTree(sessionId, workDir) {
+      const resources = getResources(sessionId);
+      resources.fileTreeWorkDir = workDir;
+      try {
+        const groups = await getFileTree(workDir);
+        send(
+          JSON.stringify({
+            type: "file_tree_push",
+            groups
+          })
+        );
+        serviceLogger.debug(
+          { sessionId, path: workDir, groupCount: groups.length },
+          "File tree pushed"
+        );
+      } catch (err) {
+        serviceLogger.warn({ sessionId, error: String(err) }, "File tree push failed");
+      }
+    },
+    // relay 重连时同步 session 列表并重新推送控制数据
+    async reinitializeOnReconnect() {
+      const activeSessions = sessionManager.listSessions().filter((s) => s.state !== "terminated");
+      if (activeSessions.length > 0) {
+        send(
+          JSON.stringify({
+            type: "session_sync",
+            sessions: activeSessions.map((s) => ({
+              id: s.id,
+              mode: s.mode,
+              provider: s.provider,
+              ...s.ptyOwner !== void 0 ? { ptyOwner: s.ptyOwner } : {},
+              state: s.state
+            }))
+          })
+        );
+        serviceLogger.info({ count: activeSessions.length }, "Session list synced to relay");
+      }
+      for (const session of activeSessions) {
+        const resources = sessionResources.get(session.id);
+        const workDir = resources?.fileTreeWorkDir;
+        if (workDir) {
+          try {
+            const commands = await discoverCommands(workDir);
+            send(
+              JSON.stringify({
+                type: "command_list_push",
+                commands
+              })
+            );
+            const groups = await getFileTree(workDir);
+            send(
+              JSON.stringify({
+                type: "file_tree_push",
+                groups
+              })
+            );
+            serviceLogger.info(
+              { sessionId: session.id },
+              "Reinitialized control data after reconnect"
+            );
+          } catch (err) {
+            serviceLogger.warn(
+              { sessionId: session.id, error: String(err) },
+              "Reinitialize failed"
+            );
+          }
+        }
+      }
+    },
+    cleanup(sessionId) {
+      const resources = sessionResources.get(sessionId);
+      if (resources) {
+        if (resources.commandRefreshTimer) {
+          clearInterval(resources.commandRefreshTimer);
+        }
+        sessionResources.delete(sessionId);
+      }
+    }
+  };
+}
+// src/serve/worker-registry.ts
+import { connect } from "net";
+import { unlinkSync, existsSync as existsSync4, readdirSync as readdirSync2 } from "fs";
+var WorkerRegistry = class {
+  constructor(deps) {
+    this.deps = deps;
+    deps.relayConnection.on("envelope_dropped", (raw) => this.onEnvelopeDropped(raw));
+  }
+  deps;
+  sockets = /* @__PURE__ */ new Map();
+  children = /* @__PURE__ */ new Map();
+  // 记录哪些 session 是 spawn 时带 --stream-delta 的；forwardEvent 据此决定是否跳过 aggregated 去重
+  streamDeltaSessions = /* @__PURE__ */ new Set();
+  onEnvelopeDropped(raw) {
+    let parsed;
+    try {
+      parsed = JSON.parse(raw);
+    } catch {
+      return;
+    }
+    if (!parsed || typeof parsed !== "object" || parsed.type !== "tool_use_request") {
+      return;
+    }
+    const envelope = parsed;
+    const sessionId = typeof envelope.sessionId === "string" ? envelope.sessionId : null;
+    const requestId = envelope.payload && typeof envelope.payload.toolId === "string" ? envelope.payload.toolId : null;
+    if (!sessionId || !requestId) return;
+    if (!this.deps.permissionBroker.resolve(requestId, {
+      behavior: "deny",
+      message: "Approval request was dropped due to relay queue overflow."
+    })) {
+      return;
+    }
+    serviceLogger.warn(
+      { sessionId, requestId },
+      "Tool approval request lost to relay queue overflow, denying worker"
+    );
+  }
+  spawn(sessionId, options) {
+    const paths = sessionPaths(sessionId);
+    const args = [sessionId, paths.workerSock];
+    if (options?.cwd) args.push("--cwd", options.cwd);
+    if (options?.resumeSessionId) args.push("--resume", options.resumeSessionId);
+    args.push("--permission-mode", options?.permissionMode ?? "default");
+    if (options?.streamDelta) {
+      args.push("--stream-delta");
+      this.streamDeltaSessions.add(sessionId);
+    }
+    if (options?.hook) {
+      args.push(
+        "--hook-provider",
+        options.hook.provider,
+        "--hook-url",
+        options.hook.hookUrl,
+        "--hook-marker",
+        options.hook.marker
+      );
+    }
+    args.push("--");
+    const providerEnv = this.deps.getProviderEnv();
+    const child = spawnScript(new URL("../session-worker", import.meta.url), args, {
+      logger: serviceLogger,
+      env: options?.hook ? { ...providerEnv, DEV_ANYWHERE_HOOK_TOKEN: options.hook.token } : providerEnv
+    });
+    const workerPid = child.pid;
+    this.children.set(sessionId, child);
+    serviceLogger.info(
+      { sessionId, workerPid, cwd: options?.cwd, resume: options?.resumeSessionId },
+      "Worker process spawned"
+    );
+    return workerPid;
+  }
+  connect(sessionId, sockPath) {
+    return new Promise((resolve) => {
+      const sock = connect(sockPath);
+      sock.on("connect", () => {
+        this.sockets.set(sessionId, sock);
+        createWorkerReader(sock, (msg) => this.handleWorkerMessage(sessionId, msg));
+        sock.on("close", () => this.onDisconnect(sessionId));
+        sock.on("error", () => this.onDisconnect(sessionId));
+        resolve(sock);
+      });
+      sock.on("error", () => resolve(null));
+    });
+  }
+  // 枚举 DATA_DIR 下所有 session 目录，尝试连接存活的 worker.sock；失败则清理 stale socket。
+  async reconnectAll() {
+    if (!existsSync4(DATA_DIR)) return;
+    const dirs = readdirSync2(DATA_DIR, { withFileTypes: true }).filter((d) => d.isDirectory());
+    for (const dir of dirs) {
+      const sessionId = dir.name;
+      const paths = sessionPaths(sessionId);
+      if (!existsSync4(paths.workerSock)) continue;
+      const sock = await this.connect(sessionId, paths.workerSock);
+      if (sock) {
+        if (!this.deps.sessionManager.getSession(sessionId)) {
+          serviceLogger.warn(
+            { sessionId },
+            "Orphaned worker found without session data, terminating"
+          );
+          sock.end();
+          this.sockets.delete(sessionId);
+          continue;
+        }
+        serviceLogger.info({ sessionId }, "Reconnected to existing worker");
+      } else {
+        try {
+          unlinkSync(paths.workerSock);
+        } catch {
+        }
+        serviceLogger.info({ sessionId }, "Cleaned up stale worker socket");
+      }
+    }
+  }
+  has(sessionId) {
+    return this.sockets.has(sessionId);
+  }
+  delete(sessionId) {
+    this.children.delete(sessionId);
+    this.sockets.delete(sessionId);
+    this.streamDeltaSessions.delete(sessionId);
+  }
+  terminateProcess(sessionId, signal = "SIGTERM") {
+    const child = this.children.get(sessionId);
+    const sock = this.sockets.get(sessionId);
+    sock?.destroy();
+    this.sockets.delete(sessionId);
+    this.streamDeltaSessions.delete(sessionId);
+    this.children.delete(sessionId);
+    if (!child || child.killed) return false;
+    return child.kill(signal);
+  }
+  // 向指定 session 的 worker 写 WorkerMessage；socket 缺失或不可写返回 false 由 caller 决定日志。
+  send(sessionId, msg) {
+    const sock = this.sockets.get(sessionId);
+    if (!sock?.writable) return false;
+    sock.write(serializeWorkerMsg(msg));
+    return true;
+  }
+  destroyAll() {
+    for (const [, ws] of this.sockets) {
+      ws.destroy();
+    }
+    this.sockets.clear();
+  }
+  handleWorkerMessage(sessionId, msg) {
+    switch (msg.type) {
+      case "worker_ready":
+        serviceLogger.info({ sessionId, pid: msg.pid }, "Worker ready");
+        break;
+      case "worker_event":
+        try {
+          this.forwardEvent(sessionId, msg.seq, msg.event);
+        } catch (err) {
+          serviceLogger.debug(
+            { sessionId, error: String(err) },
+            "Failed to forward event to relay"
+          );
+        }
+        serviceLogger.debug({ sessionId, eventType: msg.event.type }, "JSON session event");
+        break;
+      case "worker_exit":
+        this.deps.sessionManager.terminateSession(sessionId);
+        this.delete(sessionId);
+        serviceLogger.info({ sessionId, exitCode: msg.code }, "JSON session exited");
+        break;
+      case "worker_approval_request":
+        this.forwardApprovalRequest(sessionId, msg);
+        break;
+      case "worker_claude_session_id":
+        this.deps.sessionManager.setClaudeSessionId(sessionId, msg.sessionId);
+        serviceLogger.info(
+          { sessionId, claudeSessionId: msg.sessionId },
+          "Claude session ID captured"
+        );
+        break;
+    }
+  }
+  // worker 连接断开或异常时的统一清理入口。仅记录一份，不再区分 close vs error 语义。
+  onDisconnect(sessionId) {
+    this.sockets.delete(sessionId);
+    this.deps.permissionBroker.cleanupSession(sessionId, "Worker disconnected");
+  }
+  // 对齐 Claude CLI stream-json 输出，按 type 分发：
+  //   stream_event.content_block_delta → 增量 text/thinking envelope（仅 streamDelta 会话产生）
+  //   assistant.content[].text      → assistant_message envelope（streamDelta 下跳过，避免重复）
+  //   assistant.content[].thinking  → thinking envelope（streamDelta 下跳过）
+  //   assistant.content[].tool_use  → assistant_tool_use envelope
+  //   user.content[].tool_result    → tool_result envelope
+  //   result                        → turn_result control + 会话状态回 IDLE
+  //   system/rate_limit_event/其他  → 静默忽略
+  // schema 未识别的 event/block 以 warn 暴露，作为 Claude CLI 协议变化的 runtime canary。
+  forwardEvent(sessionId, seq, event) {
+    const relay = this.deps.relayConnection;
+    const parsed = StreamJsonEventSchema.safeParse(event);
+    if (!parsed.success) {
+      const rawType = typeof event.type === "string" ? event.type : "<missing>";
+      if (IGNORED_EVENT_TYPES.has(rawType)) {
+        serviceLogger.debug({ sessionId, type: rawType }, "Dropped ignored stream-json event");
+        return;
+      }
+      serviceLogger.warn(
+        { sessionId, type: rawType, issues: parsed.error.issues.slice(0, 3) },
+        "Unknown stream-json event type; Claude CLI schema may have changed"
+      );
+      return;
+    }
+    const ev = parsed.data;
+    const isStreamDeltaSession = this.streamDeltaSessions.has(sessionId);
+    if (ev.type === "stream_event") {
+      const delta = ContentBlockDeltaSchema.safeParse(ev.event);
+      if (!delta.success) return;
+      const d = delta.data.delta;
+      if (d.type === "text_delta" && d.text) {
+        relay.sendEnvelope(
+          buildMessage(
+            "assistant_message",
+            sessionId,
+            seq,
+            { text: d.text, isPartial: true },
+            "proxy"
+          )
+        );
+      } else if (d.type === "thinking_delta" && d.thinking) {
+        relay.sendEnvelope(buildMessage("thinking", sessionId, seq, { text: d.thinking }, "proxy"));
+      }
+      return;
+    }
+    if (ev.type === "assistant") {
+      for (const raw of ev.message.content) {
+        const blockParse = KnownContentBlockSchema.safeParse(raw);
+        if (!blockParse.success) {
+          const rawType = raw && typeof raw === "object" ? raw.type : void 0;
+          serviceLogger.warn(
+            { sessionId, seq, blockType: rawType ?? "<missing>" },
+            "Unknown assistant content block; Claude CLI schema may have changed"
+          );
+          continue;
+        }
+        const block = blockParse.data;
+        if (block.type === "text") {
+          if (!isStreamDeltaSession && block.text) {
+            relay.sendEnvelope(
+              buildMessage(
+                "assistant_message",
+                sessionId,
+                seq,
+                { text: block.text, isPartial: true },
+                "proxy"
+              )
+            );
+          }
+        } else if (block.type === "thinking") {
+          if (!isStreamDeltaSession && block.thinking) {
+            relay.sendEnvelope(
+              buildMessage("thinking", sessionId, seq, { text: block.thinking }, "proxy")
+            );
+          }
+        } else if (block.type === "tool_use") {
+          relay.sendEnvelope(
+            buildMessage(
+              "assistant_tool_use",
+              sessionId,
+              seq,
+              { toolName: block.name, toolId: block.id, parameters: block.input },
+              "proxy"
+            )
+          );
+        }
+      }
+      return;
+    }
+    if (ev.type === "user") {
+      for (const raw of ev.message.content) {
+        const blockParse = KnownContentBlockSchema.safeParse(raw);
+        if (!blockParse.success) continue;
+        const block = blockParse.data;
+        if (block.type !== "tool_result") continue;
+        relay.sendEnvelope(
+          buildMessage(
+            "tool_result",
+            sessionId,
+            seq,
+            { toolId: block.tool_use_id, result: block.content, isError: block.is_error ?? false },
+            "proxy"
+          )
+        );
+      }
+      return;
+    }
+    if (ev.type === "result") {
+      const resultText = typeof ev.result === "string" ? ev.result : void 0;
+      relay.sendRaw(
+        JSON.stringify({
+          type: "turn_result",
+          sessionId,
+          success: ev.subtype === "success",
+          isError: ev.is_error ?? false,
+          ...resultText ? { result: resultText } : {}
+        })
+      );
+      this.deps.jsonObserver.onTurnResult(sessionId);
+    }
+  }
+  forwardApprovalRequest(sessionId, msg) {
+    serviceLogger.info(
+      { sessionId, toolName: msg.toolName, requestId: msg.requestId },
+      "Tool approval forwarding to relay"
+    );
+    this.deps.jsonObserver.onApprovalRequested(sessionId);
+    try {
+      const approvalSeq = this.deps.nextSeq?.(sessionId) ?? new SeqCounter(sessionId).next();
+      const envelope = buildMessage(
+        "tool_use_request",
+        sessionId,
+        approvalSeq,
+        {
+          toolName: msg.toolName,
+          toolId: msg.requestId,
+          parameters: msg.input
+        },
+        "proxy"
+      );
+      const session = this.deps.sessionManager.getSession(sessionId);
+      const registered = this.deps.permissionBroker.registerWorkerRequest(
+        {
+          requestId: msg.requestId,
+          provider: session?.provider ?? "claude",
+          sessionId,
+          toolName: msg.toolName,
+          input: msg.input
+        },
+        (decision) => {
+          this.send(sessionId, {
+            type: "worker_approval_response",
+            requestId: msg.requestId,
+            behavior: decision.behavior,
+            ...decision.message ? { message: decision.message } : {}
+          });
+        }
+      );
+      if (!registered) return;
+      this.deps.relayConnection.sendEnvelope(envelope);
+    } catch (err) {
+      const resolved = this.deps.permissionBroker.resolve(msg.requestId, {
+        behavior: "deny",
+        message: "Failed to forward approval request to relay."
+      });
+      if (!resolved) {
+        this.send(sessionId, {
+          type: "worker_approval_response",
+          requestId: msg.requestId,
+          behavior: "deny",
+          message: "Failed to forward approval request to relay."
+        });
+      }
+      serviceLogger.warn(
+        { sessionId, error: String(err) },
+        "Failed to forward tool approval to relay, denying"
+      );
+    }
+  }
+};
+// src/serve/session-termination.ts
+function terminateSessionByOwnership(deps, sessionId) {
+  const session = deps.sessionManager.getSession(sessionId);
+  if (session?.mode === "pty" && session.ptyOwner === "local-terminal") {
+    const terminalSocket = deps.terminalSockets.get(sessionId);
+    if (terminalSocket?.writable) {
+      terminalSocket.write(serializeIpc({ type: "pty_detach", sessionId }));
+    }
+    deps.terminalSockets.delete(sessionId);
+    const result = deps.sessionManager.terminateSession(sessionId, {
+      preserveProviderHooks: true
+    });
+    deps.controlHandlers.cleanup(sessionId);
+    deps.agentStatusRegistry.delete(sessionId);
+    serviceLogger.info(
+      { sessionId, success: result.success },
+      "Local terminal session detached from remote view"
+    );
+    return { success: result.success, action: "detach_local_terminal" };
+  }
+  if (session?.mode === "pty" && session.ptyOwner === "proxy-hosted") {
+    const success = deps.hostedPtyRegistry.terminate(sessionId);
+    serviceLogger.info({ sessionId, success }, "Hosted PTY termination requested");
+    return { success, action: "terminate_hosted_pty" };
+  }
+  if (session?.mode === "json") {
+    deps.workerRegistry.send(sessionId, { type: "worker_stop" });
+    deps.workerRegistry.delete(sessionId);
+    const result = deps.sessionManager.terminateSession(sessionId);
+    deps.controlHandlers.cleanup(sessionId);
+    deps.agentStatusRegistry.delete(sessionId);
+    serviceLogger.info({ sessionId, success: result.success }, "JSON worker session terminated");
+    return { success: result.success, action: "terminate_json_worker" };
+  }
+  const hostedTerminated = deps.hostedPtyRegistry.terminate(sessionId);
+  if (hostedTerminated) {
+    return { success: true, action: "terminate_hosted_pty" };
+  }
+  return { success: false, action: "not_found" };
+}
+// src/serve/pty-input.ts
+function serializeRawPtyInput(sessionId, data) {
+  return serializeIpc({ type: "pty_input", sessionId, data });
+}
+// src/serve/relay-input-handlers.ts
+var RelayInputHandlers = class {
+  constructor(deps) {
+    this.deps = deps;
+  }
+  deps;
+  onUserInput(msg) {
+    const sessionId = msg.sessionId;
+    if (!sessionId) return;
+    const session = this.deps.sessionManager.getSession(sessionId);
+    if (!session) {
+      serviceLogger.warn({ sessionId }, "Remote input dropped: session not found");
+      return;
+    }
+    const payload = msg.payload;
+    const text = payload?.text ?? "";
+    if (session.mode === "json") {
+      this.deps.jsonObserver.onTurnStart(sessionId);
+      const sent = this.deps.workerRegistry.send(sessionId, {
+        type: "worker_input",
+        content: text
+      });
+      if (!sent) {
+        serviceLogger.warn({ sessionId }, "Remote input dropped: JSON worker socket not available");
+        return;
+      }
+      serviceLogger.info({ sessionId }, "Remote input forwarded to JSON worker");
+      return;
+    }
+    serviceLogger.warn(
+      { sessionId, mode: session.mode },
+      "Remote batch input dropped: PTY sessions require remote_input_raw"
+    );
+  }
+  onRemoteInputRaw(msg) {
+    const sessionId = msg.sessionId;
+    const data = msg.data;
+    if (!sessionId || data === void 0) return;
+    const ts = this.deps.terminalSockets.get(sessionId);
+    if (!ts?.writable && this.deps.hostedPtyRegistry.write(sessionId, data)) {
+      serviceLogger.info(
+        { sessionId, bytes: data.length },
+        "Raw PTY input forwarded to hosted PTY"
+      );
+      return;
+    }
+    if (!ts?.writable) {
+      serviceLogger.warn({ sessionId }, "Raw PTY input dropped: terminal socket unavailable");
+      return;
+    }
+    ts.write(serializeRawPtyInput(sessionId, data));
+    serviceLogger.info({ sessionId, bytes: data.length }, "Raw PTY input forwarded");
+  }
+};
+// src/serve/relay-history-handlers.ts
+var RelayHistoryHandlers = class {
+  constructor(deps) {
+    this.deps = deps;
+  }
+  deps;
+  onSessionMessagesRequest(msg) {
+    const sid = msg.sessionId;
+    if (!sid) return;
+    const requestId = msg.requestId;
+    const session = this.deps.sessionManager.getSession(sid);
+    if (session?.claudeSessionId) {
+      readSessionMessages(session.claudeSessionId).then((messages) => {
+        this.deps.relaySend(
+          JSON.stringify({
+            type: "session_history_messages",
+            requestId,
+            sessionId: sid,
+            messages
+          })
+        );
+        serviceLogger.info(
+          { sessionId: sid, messageCount: messages.length },
+          "History messages sent on request"
+        );
+      }).catch((err) => {
+        serviceLogger.warn(
+          { sessionId: sid, error: String(err) },
+          "Failed to read session history messages on request"
+        );
+        this.deps.relaySend(
+          JSON.stringify({
+            type: "session_history_messages",
+            requestId,
+            sessionId: sid,
+            messages: []
+          })
+        );
+      });
+    } else {
+      this.deps.relaySend(
+        JSON.stringify({
+          type: "session_history_messages",
+          requestId,
+          sessionId: sid,
+          messages: []
+        })
+      );
+    }
+    const approvals = this.deps.permissionBroker.listSession(sid).map((approval) => ({
+      requestId: approval.requestId,
+      toolName: approval.toolName,
+      input: approval.input
+    }));
+    this.deps.relaySend(
+      JSON.stringify({ type: "pending_approvals_push", sessionId: sid, approvals })
+    );
+    serviceLogger.info({ sessionId: sid, count: approvals.length }, "Pending approvals pushed");
+  }
+};
+// src/serve/relay-permission-handlers.ts
+var RelayPermissionHandlers = class {
+  constructor(deps) {
+    this.deps = deps;
+  }
+  deps;
+  onToolApprove(msg) {
+    const sessionId = msg.sessionId;
+    const payload = msg.payload;
+    if (!sessionId || !payload?.toolId) return;
+    const pending = this.deps.permissionBroker.get(payload.toolId);
+    if (!pending) {
+      this.pushPermissionDecisionResult(
+        sessionId,
+        payload.toolId,
+        "allow",
+        false,
+        "Permission request is no longer pending."
+      );
+      return;
+    }
+    if (!this.deps.permissionBroker.resolve(payload.toolId, { behavior: "allow" })) {
+      this.pushPermissionDecisionResult(
+        pending.sessionId,
+        payload.toolId,
+        "allow",
+        false,
+        "Permission request is no longer pending."
+      );
+      return;
+    }
+    this.deps.hookEventRouter.onPermissionResolved(
+      pending.sessionId,
+      pending.provider,
+      payload.toolId,
+      "allow",
+      { toolName: pending.toolName, toolInput: pending.input }
+    );
+    if (pending.source === "worker" && payload.whitelistTool) {
+      const toolName = pending.toolName;
+      if (toolName) {
+        const whitelisted = this.deps.workerRegistry.send(pending.sessionId, {
+          type: "worker_whitelist_add",
+          toolName
+        });
+        if (whitelisted) {
+          serviceLogger.info(
+            { sessionId: pending.sessionId, toolName },
+            "Tool added to session whitelist via relay"
+          );
+        }
+      }
+    }
+    this.pushPermissionDecisionResult(pending.sessionId, payload.toolId, "allow", true);
+    serviceLogger.info(
+      { sessionId, toolId: payload.toolId, whitelistTool: payload.whitelistTool },
+      "Tool approved via relay"
+    );
+  }
+  onToolDeny(msg) {
+    const sessionId = msg.sessionId;
+    const payload = msg.payload;
+    if (!sessionId || !payload?.toolId) return;
+    const reason = payload.reason ?? "Denied by remote user";
+    const pending = this.deps.permissionBroker.get(payload.toolId);
+    if (!pending) {
+      this.pushPermissionDecisionResult(
+        sessionId,
+        payload.toolId,
+        "deny",
+        false,
+        "Permission request is no longer pending."
+      );
+      return;
+    }
+    if (!this.deps.permissionBroker.resolve(payload.toolId, {
+      behavior: "deny",
+      message: reason
+    })) {
+      this.pushPermissionDecisionResult(
+        pending.sessionId,
+        payload.toolId,
+        "deny",
+        false,
+        "Permission request is no longer pending."
+      );
+      return;
+    }
+    this.deps.hookEventRouter.onPermissionResolved(
+      pending.sessionId,
+      pending.provider,
+      payload.toolId,
+      "deny",
+      { toolName: pending.toolName, toolInput: pending.input }
+    );
+    this.pushPermissionDecisionResult(pending.sessionId, payload.toolId, "deny", true, reason);
+    serviceLogger.info({ sessionId, toolId: payload.toolId }, "Tool denied via relay");
+  }
+  onPermissionRequestDelivered(msg) {
+    const sid = msg.sessionId;
+    const requestId = msg.requestId;
+    if (!sid || !requestId) return;
+    const marked = this.deps.permissionBroker.markDelivered(requestId);
+    serviceLogger.info({ sessionId: sid, requestId, marked }, "Permission request delivered");
+  }
+  pushPermissionDecisionResult(sessionId, requestId, outcome, delivered, message) {
+    this.deps.relaySend(
+      JSON.stringify({
+        type: "permission_decision_result",
+        sessionId,
+        requestId,
+        outcome,
+        delivered,
+        ...message ? { message } : {}
+      })
+    );
+  }
+};
+// src/serve/relay-resource-handlers.ts
+import { homedir as homedir4 } from "os";
+import { accessSync, constants, statSync } from "fs";
+function errorMessage(err) {
+  return err instanceof Error ? err.message : String(err);
+}
+function validateExecutablePath(path) {
+  const normalized = path.trim();
+  if (!normalized.startsWith("/")) throw new Error("CLI \u8DEF\u5F84\u5FC5\u987B\u662F\u7EDD\u5BF9\u8DEF\u5F84");
+  const stat2 = statSync(normalized);
+  if (!stat2.isFile()) throw new Error("CLI \u8DEF\u5F84\u4E0D\u662F\u53EF\u6267\u884C\u6587\u4EF6");
+  accessSync(normalized, constants.X_OK);
+  return normalized;
+}
+var RelayResourceHandlers = class {
+  constructor(deps) {
+    this.deps = deps;
+  }
+  deps;
+  onProxyInfoRequest(msg) {
+    this.deps.relaySend(
+      JSON.stringify({
+        type: "proxy_info",
+        requestId: msg.requestId,
+        homePath: homedir4() || "/",
+        agentCli: detectAgentCliStatus(this.deps.getProviderEnv(), {
+          suggestions: this.deps.getAgentCliSuggestions()
+        })
+      })
+    );
+  }
+  onAgentCliConfigUpdate(msg) {
+    const requestId = msg.requestId;
+    const provider = msg.provider;
+    const rawPath = msg.path;
+    if (provider !== "claude" && provider !== "codex") {
+      this.deps.relaySend(
+        JSON.stringify({
+          type: "agent_cli_config_update_response",
+          requestId,
+          provider: "claude",
+          errorCode: ControlErrorCode.PROVIDER_UNSUPPORTED,
+          error: "Unsupported Agent CLI."
+        })
+      );
+      return;
+    }
+    try {
+      const path = validateExecutablePath(rawPath ?? "");
+      saveAgentCliPath(provider, path, { envName: this.deps.envName });
+      this.deps.setAgentCliPath(provider, path);
+      const agentCli = detectAgentCliStatus(this.deps.getProviderEnv(), {
+        suggestions: this.deps.getAgentCliSuggestions()
+      });
+      this.deps.relaySend(
+        JSON.stringify({
+          type: "agent_cli_config_update_response",
+          requestId,
+          provider,
+          agentCli
+        })
+      );
+      serviceLogger.info({ provider, path }, "Agent CLI path updated");
+    } catch (err) {
+      const error = errorMessage(err);
+      this.deps.relaySend(
+        JSON.stringify({
+          type: "agent_cli_config_update_response",
+          requestId,
+          provider,
+          errorCode: ControlErrorCode.INVALID_PATH,
+          error
+        })
+      );
+      serviceLogger.warn({ provider, path: rawPath, error }, "Agent CLI path update rejected");
+    }
+  }
+  onDirListRequest(msg) {
+    this.deps.controlHandlers.handleDirListRequest({
+      path: msg.path ?? "",
+      requestId: msg.requestId
+    });
+  }
+  onDirCreateRequest(msg) {
+    this.deps.controlHandlers.handleDirCreateRequest({
+      path: msg.path ?? "",
+      requestId: msg.requestId
+    });
+  }
+  onSessionResourcesRequest(msg) {
+    const sid = msg.sessionId;
+    if (!sid) return;
+    const session = this.deps.sessionManager.getSession(sid);
+    if (!session?.cwd) {
+      serviceLogger.warn({ sessionId: sid }, "Session resources request: no cwd available");
+      this.deps.relaySend(
+        JSON.stringify({
+          type: "session_resources_response",
+          requestId: msg.requestId,
+          sessionId: sid,
+          commands: [],
+          groups: [],
+          errorCode: ControlErrorCode.SESSION_NOT_FOUND,
+          error: "Session not found or cwd unavailable"
+        })
+      );
+      return;
+    }
+    this.deps.controlHandlers.handleSessionResourcesRequest({
+      sessionId: sid,
+      requestId: msg.requestId,
+      workDir: session.cwd
+    });
+    serviceLogger.info({ sessionId: sid, cwd: session.cwd }, "Session resources requested");
+  }
+};
+// src/serve/relay-session-create-handler.ts
+import { rmSync, statSync as statSync2 } from "fs";
+import { isAbsolute as isAbsolute3 } from "path";
+import { nanoid as nanoid3 } from "nanoid";
+// src/serve/hosted-pty-registry.ts
+import * as pty from "node-pty";
+import pkg from "@xterm/headless";
+import { SerializeAddon } from "@xterm/addon-serialize";
+var { Terminal: HeadlessTerminal } = pkg;
+var DEFAULT_COLS = 80;
+var DEFAULT_ROWS = 24;
+var IDLE_CHECK_INTERVAL_MS = 3e3;
+var IDLE_THRESHOLD_MS = 3e3;
+var PROVIDERS = {
+  claude: CLAUDE_PROVIDER,
+  codex: CODEX_PROVIDER
+};
+var HOSTED_PTY_TERM = "xterm-256color";
+var HOSTED_PTY_COLORTERM = "truecolor";
+function buildHostedPtyArgs(provider, resumeSessionId) {
+  if (!resumeSessionId) return [];
+  return provider === "codex" ? ["resume", resumeSessionId] : ["--resume", resumeSessionId];
+}
+function normalizeHostedPtyEnv(env) {
+  const normalized = {};
+  for (const [key, value] of Object.entries(env)) {
+    if (value === void 0) continue;
+    normalized[key] = value;
+  }
+  delete normalized.NO_COLOR;
+  if (normalized.CLICOLOR === "0") {
+    delete normalized.CLICOLOR;
+  }
+  normalized.TERM = HOSTED_PTY_TERM;
+  normalized.COLORTERM = HOSTED_PTY_COLORTERM;
+  normalized.CLICOLOR = "1";
+  return normalized;
+}
+var HostedPtyRegistry = class {
+  constructor(deps) {
+    this.deps = deps;
+  }
+  deps;
+  sessions = /* @__PURE__ */ new Map();
+  start(options) {
+    const provider = PROVIDERS[options.provider];
+    const cols = options.cols ?? DEFAULT_COLS;
+    const rows = options.rows ?? DEFAULT_ROWS;
+    const command = provider.buildTerminalCommand(
+      { args: options.args, permissionMode: options.permissionMode, hook: options.hook },
+      this.deps.getProviderEnv()
+    );
+    const env = normalizeHostedPtyEnv(command.env);
+    const child = pty.spawn(command.command, command.args, {
+      name: HOSTED_PTY_TERM,
+      cols,
+      rows,
+      cwd: options.cwd,
+      env
+    });
+    const terminal = new HeadlessTerminal({ cols, rows, scrollback: 5e3, allowProposedApi: true });
+    const serializeAddon = new SerializeAddon();
+    terminal.loadAddon(serializeAddon);
+    void import("@xterm/addon-unicode-graphemes").then(({ UnicodeGraphemesAddon }) => terminal.loadAddon(new UnicodeGraphemesAddon())).catch((err) => {
+      serviceLogger.warn(
+        { sessionId: options.sessionId, error: String(err) },
+        "Unicode addon unavailable"
+      );
+    });
+    const hosted = {
+      child,
+      terminal,
+      serializeAddon,
+      idleTimer: setInterval(() => this.checkIdle(options.sessionId), IDLE_CHECK_INTERVAL_MS),
+      lastOutputTime: 0,
+      currentState: "turn_complete",
+      outputSeq: 0
+    };
+    this.sessions.set(options.sessionId, hosted);
+    child.onData((data) => this.handleData(options.sessionId, data));
+    child.onExit(({ exitCode, signal }) => {
+      const code = signal ? 128 + signal : exitCode;
+      serviceLogger.info({ sessionId: options.sessionId, code }, "Hosted PTY exited");
+      this.close(options.sessionId, { kill: false, notify: true });
+    });
+    serviceLogger.info(
+      {
+        sessionId: options.sessionId,
+        provider: options.provider,
+        command: command.command,
+        pid: child.pid,
+        cwd: options.cwd,
+        cols,
+        rows
+      },
+      "Hosted PTY started"
+    );
+    return child.pid;
+  }
+  has(sessionId) {
+    return this.sessions.has(sessionId);
+  }
+  write(sessionId, data) {
+    const hosted = this.sessions.get(sessionId);
+    if (!hosted) return false;
+    hosted.child.write(data);
+    return true;
+  }
+  resize(sessionId, cols, rows) {
+    const hosted = this.sessions.get(sessionId);
+    if (!hosted) return false;
+    hosted.child.resize(cols, rows);
+    hosted.terminal.resize(cols, rows);
+    this.deps.relayConnection.sendRaw(
+      JSON.stringify({ type: "terminal_resize", sessionId, cols, rows })
+    );
+    serviceLogger.info({ sessionId, cols, rows }, "Hosted PTY resized");
+    return true;
+  }
+  snapshot(sessionId, requestId) {
+    const hosted = this.sessions.get(sessionId);
+    if (!hosted) return false;
+    const data = hosted.serializeAddon.serialize();
+    this.deps.relayConnection.sendRaw(
+      JSON.stringify({
+        type: "session_snapshot",
+        sessionId,
+        cols: hosted.terminal.cols,
+        rows: hosted.terminal.rows,
+        data,
+        outputSeq: hosted.outputSeq,
+        requestId
+      })
+    );
+    serviceLogger.info(
+      { sessionId, cols: hosted.terminal.cols, rows: hosted.terminal.rows, bytes: data.length },
+      "Hosted PTY snapshot sent"
+    );
+    return true;
+  }
+  terminate(sessionId) {
+    return this.close(sessionId, { kill: true, notify: true });
+  }
+  destroyAll() {
+    for (const sessionId of Array.from(this.sessions.keys())) {
+      this.close(sessionId, { kill: true, notify: false });
+    }
+  }
+  handleData(sessionId, data) {
+    const hosted = this.sessions.get(sessionId);
+    if (!hosted) return;
+    hosted.lastOutputTime = Date.now();
+    hosted.outputSeq += 1;
+    hosted.terminal.write(data);
+    this.sendBinary(sessionId, Buffer.from(data, "utf-8"), hosted.outputSeq);
+    const oscSequences = extractOscSequences(data);
+    const session = this.deps.sessionManager.getSession(sessionId);
+    const signal = extractOscSignals(data, session?.provider);
+    if (oscSequences.length > 0) {
+      serviceLogger.debug(
+        {
+          sessionId,
+          oscSequences,
+          signal
+        },
+        "Hosted PTY OSC sequences parsed"
+      );
+    }
+    if (signal?.title) {
+      this.sendTerminalTitle(sessionId, signal.title);
+    }
+    if (signal?.state === "approval_wait") {
+      hosted.currentState = "approval_wait";
+      this.deps.changeSessionState(sessionId, SessionState.WAITING_APPROVAL);
+      this.sendPtyState(sessionId, "approval_wait", { title: signal?.title, tool: signal?.tool });
+      return;
+    }
+    if (shouldReleaseApprovalWait({
+      currentState: hosted.currentState,
+      signalState: signal?.state
+    })) {
+      const nextState = stateAfterApprovalRelease(signal?.state);
+      hosted.currentState = nextState;
+      if (nextState === "turn_complete") {
+        this.deps.onTurnComplete(sessionId);
+        this.deps.changeSessionState(sessionId, SessionState.IDLE);
+      } else {
+        this.deps.changeSessionState(sessionId, SessionState.WORKING);
+      }
+      this.sendPtyState(sessionId, nextState, { title: signal?.title, tool: signal?.tool });
+      return;
+    }
+    if ((session?.state === SessionState.WAITING_APPROVAL || hosted.currentState === "approval_wait") && signal?.state !== "turn_complete") {
+      hosted.currentState = "approval_wait";
+      this.sendPtyState(sessionId, "approval_wait", { title: signal?.title, tool: signal?.tool });
+      return;
+    }
+    if (signal && signal.state !== "working") {
+      hosted.currentState = signal.state;
+      if (signal.state === "turn_complete") {
+        this.deps.onTurnComplete(sessionId);
+        this.deps.changeSessionState(sessionId, SessionState.IDLE);
+      }
+      this.sendPtyState(sessionId, signal.state, { title: signal.title, tool: signal.tool });
+      return;
+    }
+    if (hosted.currentState !== "working") {
+      hosted.currentState = "working";
+      this.deps.changeSessionState(sessionId, SessionState.WORKING);
+      this.sendPtyState(sessionId, "working");
+    }
+  }
+  checkIdle(sessionId) {
+    const hosted = this.sessions.get(sessionId);
+    if (!hosted) return;
+    if (hosted.lastOutputTime === 0 || Date.now() - hosted.lastOutputTime <= IDLE_THRESHOLD_MS) {
+      return;
+    }
+    hosted.lastOutputTime = 0;
+    if (hosted.currentState !== "working") return;
+    hosted.currentState = "turn_complete";
+    this.deps.onTurnComplete(sessionId);
+    this.deps.changeSessionState(sessionId, SessionState.IDLE);
+    this.sendPtyState(sessionId, "turn_complete");
+  }
+  sendPtyState(sessionId, state, meta) {
+    const payload = {
+      state,
+      ...meta?.title !== void 0 ? { title: meta.title } : {},
+      ...meta?.tool !== void 0 ? { tool: meta.tool } : {}
+    };
+    this.deps.relayConnection.sendRaw(
+      JSON.stringify({
+        type: "pty_state",
+        sessionId,
+        payload
+      })
+    );
+    const logPayload = { sessionId, ...payload };
+    if (state === "approval_wait" || state === "turn_complete") {
+      serviceLogger.info(logPayload, "Hosted PTY semantic event pushed");
+    } else {
+      serviceLogger.debug(logPayload, "Hosted PTY semantic event pushed");
+    }
+  }
+  sendTerminalTitle(sessionId, title) {
+    this.deps.relayConnection.sendRaw(
+      JSON.stringify({
+        type: "terminal_title",
+        sessionId,
+        title
+      })
+    );
+  }
+  sendBinary(sessionId, data, outputSeq) {
+    const sessionIdBuf = Buffer.from(sessionId, "utf-8");
+    const frame = Buffer.alloc(1 + sessionIdBuf.length + 4 + data.length);
+    frame[0] = sessionIdBuf.length;
+    sessionIdBuf.copy(frame, 1);
+    frame.writeUInt32LE(outputSeq, 1 + sessionIdBuf.length);
+    data.copy(frame, 1 + sessionIdBuf.length + 4);
+    this.deps.relayConnection.sendBinary(frame);
+  }
+  close(sessionId, options) {
+    const hosted = this.sessions.get(sessionId);
+    if (!hosted) return false;
+    this.sessions.delete(sessionId);
+    clearInterval(hosted.idleTimer);
+    if (options.kill) {
+      try {
+        hosted.child.kill();
+      } catch {
+      }
+    }
+    hosted.terminal.dispose();
+    if (options.notify) {
+      this.sendPtyState(sessionId, "turn_complete");
+      this.deps.sessionManager.terminateSession(sessionId);
+      this.deps.onSessionClosed(sessionId);
+    }
+    return true;
+  }
+};
+// src/serve/relay-session-create-handler.ts
+function validateSessionCwd(cwd) {
+  if (typeof cwd !== "string" || !cwd.trim()) {
+    return { message: "\u8BF7\u8F93\u5165\u5DE5\u4F5C\u76EE\u5F55", code: ControlErrorCode.INVALID_PATH };
+  }
+  const trimmed = cwd.trim();
+  if (!isAbsolute3(trimmed)) {
+    return { message: "\u5DE5\u4F5C\u76EE\u5F55\u5FC5\u987B\u662F\u7EDD\u5BF9\u8DEF\u5F84", code: ControlErrorCode.INVALID_PATH };
+  }
+  try {
+    const stat2 = statSync2(trimmed);
+    return stat2.isDirectory() ? null : { message: "\u5DE5\u4F5C\u76EE\u5F55\u4E0D\u662F\u76EE\u5F55", code: ControlErrorCode.PATH_NOT_DIRECTORY };
+  } catch (err) {
+    return {
+      message: `\u5DE5\u4F5C\u76EE\u5F55\u4E0D\u5B58\u5728\u6216\u4E0D\u53EF\u8BBF\u95EE: ${trimmed}`,
+      code: classifyPathError(err)
+    };
+  }
+}
+var RelaySessionCreateHandler = class {
+  constructor(deps) {
+    this.deps = deps;
+  }
+  deps;
+  onSessionCreate(msg) {
+    const requestId = msg.requestId;
+    const cwd = msg.cwd;
+    const cwdError = validateSessionCwd(cwd);
+    if (cwdError) {
+      this.deps.relaySend(
+        JSON.stringify({
+          type: "session_create_response",
+          requestId,
+          sessionId: "",
+          error: cwdError.message,
+          errorCode: cwdError.code
+        })
+      );
+      serviceLogger.warn({ cwd }, "Session create rejected: invalid cwd");
+      return;
+    }
+    const sessionCwd = typeof cwd === "string" ? cwd.trim() : "";
+    const provider = msg.provider;
+    const mode = msg.mode ?? "json";
+    const permissionMode = msg.permissionMode;
+    if (mode === "pty") {
+      this.createHostedPtySession(msg, sessionCwd, provider ?? "claude", permissionMode);
+      return;
+    }
+    if (provider !== "claude") {
+      this.deps.relaySend(
+        JSON.stringify({
+          type: "session_create_response",
+          requestId,
+          sessionId: "",
+          errorCode: ControlErrorCode.PROVIDER_UNSUPPORTED,
+          error: provider === "codex" ? "Codex chat sessions are not supported yet; start a Codex terminal session instead." : "Unsupported provider for JSON session."
+        })
+      );
+      serviceLogger.warn({ provider }, "JSON session create rejected for unsupported provider");
+      return;
+    }
+    const resumeSessionId = msg.resumeSessionId;
+    const streamDelta = msg.streamDelta === true;
+    const name = tildify(sessionCwd);
+    const pendingId = nanoid3();
+    const hook = this.deps.createHookContext(pendingId, provider);
+    const workerPid = this.deps.workerRegistry.spawn(pendingId, {
+      cwd: sessionCwd,
+      resumeSessionId,
+      permissionMode,
+      streamDelta,
+      hook
+    });
+    const paths = sessionPaths(pendingId);
+    let attempt = 0;
+    const maxRetries = 20;
+    const tryConnect = () => {
+      attempt++;
+      this.deps.workerRegistry.connect(pendingId, paths.workerSock).then((sock) => {
+        if (sock) {
+          const session = this.deps.sessionManager.createSession(
+            "json",
+            sessionCwd,
+            workerPid,
+            name,
+            pendingId,
+            provider
+          );
+          if (resumeSessionId) {
+            this.deps.sessionManager.setClaudeSessionId(session.id, resumeSessionId);
+          }
+          this.deps.relaySend(
+            JSON.stringify({ type: "session_create_response", requestId, sessionId: session.id })
+          );
+          if (resumeSessionId) {
+            this.pushHistoryMessages(session.id, resumeSessionId);
+          }
+          serviceLogger.info(
+            { sessionId: session.id, cwd: sessionCwd },
+            "JSON session created via relay"
+          );
+          this.deps.controlHandlers.pushCommandList(session.id, sessionCwd);
+          this.deps.broadcastSessionSync(session);
+          this.deps.broadcastSessionList();
+        } else if (attempt < maxRetries) {
+          setTimeout(tryConnect, Math.min(100 * attempt, 2e3));
+        } else {
+          this.cleanupPendingJsonSession(pendingId);
+          this.deps.relaySend(
+            JSON.stringify({
+              type: "session_create_response",
+              requestId,
+              sessionId: pendingId,
+              errorCode: ControlErrorCode.WORKER_START_FAILED,
+              error: "Worker failed to start"
+            })
+          );
+          serviceLogger.error({ sessionId: pendingId }, "Worker connection timeout via relay");
+        }
+      });
+    };
+    setTimeout(tryConnect, 100);
+  }
+  cleanupPendingJsonSession(sessionId) {
+    const killed = this.deps.workerRegistry.terminateProcess(sessionId);
+    const paths = sessionPaths(sessionId);
+    rmSync(paths.dir, { recursive: true, force: true });
+    this.deps.cleanupHookContext(sessionId);
+    this.deps.permissionBroker.cleanupSession(sessionId, "Worker failed to start");
+    this.deps.agentStatusRegistry.delete(sessionId);
+    serviceLogger.warn(
+      { sessionId, killed },
+      "Cleaned up pending JSON session after startup failure"
+    );
+  }
+  createHostedPtySession(msg, cwd, provider, permissionMode) {
+    if (provider !== "claude" && provider !== "codex") {
+      this.deps.relaySend(
+        JSON.stringify({
+          type: "session_create_response",
+          requestId: msg.requestId,
+          sessionId: "",
+          errorCode: ControlErrorCode.PROVIDER_UNSUPPORTED,
+          error: "Unsupported provider for PTY session."
+        })
+      );
+      return;
+    }
+    const resumeSessionId = msg.resumeSessionId;
+    const pendingId = nanoid3();
+    const name = tildify(cwd);
+    const hook = this.deps.createHookContext(pendingId, provider);
+    try {
+      const pid = this.deps.hostedPtyRegistry.start({
+        sessionId: pendingId,
+        provider,
+        cwd,
+        args: buildHostedPtyArgs(provider, resumeSessionId),
+        permissionMode,
+        hook
+      });
+      const session = this.deps.sessionManager.createSession(
+        "pty",
+        cwd,
+        pid,
+        name,
+        pendingId,
+        provider,
+        "proxy-hosted"
+      );
+      if (resumeSessionId && provider === "claude") {
+        this.deps.sessionManager.setClaudeSessionId(session.id, resumeSessionId);
+      }
+      this.deps.relaySend(
+        JSON.stringify({
+          type: "session_create_response",
+          requestId: msg.requestId,
+          sessionId: session.id,
+          mode: "pty",
+          provider,
+          ptyOwner: "proxy-hosted"
+        })
+      );
+      this.deps.controlHandlers.pushCommandList(session.id, cwd);
+      this.deps.controlHandlers.pushFileTree(session.id, cwd);
+      this.deps.broadcastSessionSync(session);
+      this.deps.broadcastSessionList();
+      serviceLogger.info({ sessionId: session.id, provider, cwd }, "Hosted PTY session created");
+    } catch (err) {
+      const error = err instanceof Error ? err.message : String(err);
+      this.deps.relaySend(
+        JSON.stringify({
+          type: "session_create_response",
+          requestId: msg.requestId,
+          sessionId: "",
+          errorCode: ControlErrorCode.PROCESS_START_FAILED,
+          error
+        })
+      );
+      const providerEnv = this.deps.getProviderEnv();
+      serviceLogger.warn(
+        {
+          provider,
+          cwd,
+          error,
+          claudeBin: providerEnv.CLAUDE_BIN,
+          codexBin: providerEnv.CODEX_BIN,
+          path: providerEnv.PATH
+        },
+        "Hosted PTY session create failed"
+      );
+    }
+  }
+  pushHistoryMessages(sessionId, resumeSessionId) {
+    readSessionMessages(resumeSessionId).then((messages) => {
+      if (messages.length === 0) return;
+      this.deps.relaySend(
+        JSON.stringify({ type: "session_history_messages", sessionId, messages })
+      );
+      serviceLogger.info(
+        { sessionId, resumeSessionId, messageCount: messages.length },
+        "History messages sent for resumed session"
+      );
+    }).catch((err) => {
+      serviceLogger.warn(
+        { sessionId, error: String(err) },
+        "Failed to read session history messages"
+      );
+    });
+  }
+};
+// src/serve/relay-router.ts
+var RelayRouter = class {
+  constructor(deps) {
+    this.deps = deps;
+    this.historyHandlers = new RelayHistoryHandlers({
+      relaySend: deps.relaySend,
+      sessionManager: deps.sessionManager,
+      permissionBroker: deps.permissionBroker
+    });
+    this.inputHandlers = new RelayInputHandlers({
+      sessionManager: deps.sessionManager,
+      workerRegistry: deps.workerRegistry,
+      terminalSockets: deps.terminalSockets,
+      hostedPtyRegistry: deps.hostedPtyRegistry,
+      jsonObserver: deps.jsonObserver
+    });
+    this.resourceHandlers = new RelayResourceHandlers({
+      relaySend: deps.relaySend,
+      controlHandlers: deps.controlHandlers,
+      sessionManager: deps.sessionManager,
+      envName: deps.envName,
+      getProviderEnv: deps.getProviderEnv,
+      getAgentCliSuggestions: deps.getAgentCliSuggestions,
+      setAgentCliPath: deps.setAgentCliPath
+    });
+    this.permissionHandlers = new RelayPermissionHandlers({
+      relaySend: deps.relaySend,
+      permissionBroker: deps.permissionBroker,
+      hookEventRouter: deps.hookEventRouter,
+      workerRegistry: deps.workerRegistry
+    });
+    this.sessionCreateHandler = new RelaySessionCreateHandler({
+      relaySend: deps.relaySend,
+      workerRegistry: deps.workerRegistry,
+      sessionManager: deps.sessionManager,
+      hostedPtyRegistry: deps.hostedPtyRegistry,
+      controlHandlers: deps.controlHandlers,
+      permissionBroker: deps.permissionBroker,
+      agentStatusRegistry: deps.agentStatusRegistry,
+      getProviderEnv: deps.getProviderEnv,
+      createHookContext: deps.createHookContext,
+      cleanupHookContext: deps.cleanupHookContext,
+      broadcastSessionSync: deps.broadcastSessionSync,
+      broadcastSessionList: deps.broadcastSessionList
+    });
+  }
+  deps;
+  historyHandlers;
+  inputHandlers;
+  permissionHandlers;
+  resourceHandlers;
+  sessionCreateHandler;
+  handle(parsed) {
+    const type = parsed.type;
+    if (!type) {
+      serviceLogger.warn("Relay message without type discriminator");
+      return;
+    }
+    const handler = this.handlers[type];
+    if (!handler) {
+      serviceLogger.warn({ type }, "Unhandled relay message type");
+      return;
+    }
+    try {
+      handler.call(this, parsed);
+    } catch (err) {
+      serviceLogger.warn({ type, error: String(err) }, "Relay handler threw");
+    }
+  }
+  handlers = {
+    user_input: (msg) => this.inputHandlers.onUserInput(msg),
+    remote_input_raw: (msg) => this.inputHandlers.onRemoteInputRaw(msg),
+    tool_approve: (msg) => this.permissionHandlers.onToolApprove(msg),
+    tool_deny: (msg) => this.permissionHandlers.onToolDeny(msg),
+    proxy_info_request: (msg) => this.resourceHandlers.onProxyInfoRequest(msg),
+    agent_cli_config_update: (msg) => this.resourceHandlers.onAgentCliConfigUpdate(msg),
+    dir_list_request: (msg) => this.resourceHandlers.onDirListRequest(msg),
+    dir_create_request: (msg) => this.resourceHandlers.onDirCreateRequest(msg),
+    session_create: (msg) => this.sessionCreateHandler.onSessionCreate(msg),
+    session_messages_request: (msg) => this.historyHandlers.onSessionMessagesRequest(msg),
+    session_resources_request: (msg) => this.resourceHandlers.onSessionResourcesRequest(msg),
+    agent_status_request: (msg) => this.onAgentStatusRequest(msg),
+    permission_request_delivered: (msg) => this.permissionHandlers.onPermissionRequestDelivered(msg),
+    session_terminate: (msg) => this.onSessionTerminate(msg),
+    session_worker_abort: (msg) => this.onSessionWorkerAbort(msg),
+    session_history_request: (msg) => this.deps.controlHandlers.handleSessionHistoryRequest({
+      requestId: msg.requestId
+    }),
+    session_list: () => this.onSessionList(),
+    permission_mode_change: (msg) => this.onPermissionModeChange(msg),
+    session_subscribe: (msg) => this.onSessionSubscribe(msg),
+    terminal_resize_request: (msg) => this.onTerminalResizeRequest(msg)
+  };
+  onAgentStatusRequest(msg) {
+    const sid = msg.sessionId;
+    const requestId = msg.requestId;
+    if (sid) {
+      const status = this.deps.agentStatusRegistry.get(sid);
+      const statuses2 = status && this.deps.sessionManager.getSession(sid) ? [{ sessionId: sid, payload: status }] : [];
+      this.deps.relaySend(JSON.stringify({ type: "agent_status_response", requestId, statuses: statuses2 }));
+      serviceLogger.info({ sessionId: sid, count: statuses2.length }, "Agent status snapshot sent");
+      return;
+    }
+    const statuses = [];
+    for (const { sessionId, status } of this.deps.agentStatusRegistry.list()) {
+      if (!this.deps.sessionManager.getSession(sessionId)) continue;
+      statuses.push({ sessionId, payload: status });
+    }
+    this.deps.relaySend(JSON.stringify({ type: "agent_status_response", requestId, statuses }));
+    serviceLogger.info({ count: statuses.length }, "Agent status snapshot sent");
+  }
+  onSessionTerminate(msg) {
+    const sid = msg.sessionId;
+    if (!sid) return;
+    const result = terminateSessionByOwnership(this.deps, sid);
+    serviceLogger.info(
+      { sessionId: sid, success: result.success, action: result.action },
+      "Session termination handled via relay"
+    );
+    if (result.action !== "terminate_hosted_pty") this.deps.broadcastSessionList();
+  }
+  onSessionWorkerAbort(msg) {
+    const sid = msg.sessionId;
+    if (!sid) return;
+    const session = this.deps.sessionManager.getSession(sid);
+    if (!session) {
+      serviceLogger.warn({ sessionId: sid }, "session_worker_abort: session not found");
+      return;
+    }
+    if (session.state === SessionState.TERMINATED) {
+      serviceLogger.info({ sessionId: sid }, "session_worker_abort: already terminated, dropping");
+      return;
+    }
+    if (session.mode === "pty") {
+      const ts = this.deps.terminalSockets.get(sid);
+      if (this.deps.hostedPtyRegistry.write(sid, "")) {
+        serviceLogger.info({ sessionId: sid }, "session_worker_abort: Ctrl+C sent to hosted PTY");
+      } else if (ts?.writable) {
+        ts.write(serializeIpc({ type: "pty_input", sessionId: sid, data: "" }));
+        serviceLogger.info({ sessionId: sid }, "session_worker_abort: Ctrl+C sent to PTY");
+      } else {
+        serviceLogger.warn(
+          { sessionId: sid },
+          "session_worker_abort: PTY terminal socket unavailable"
+        );
+      }
+      return;
+    }
+    try {
+      process.kill(session.pid, "SIGINT");
+      serviceLogger.info(
+        { sessionId: sid, pid: session.pid },
+        "session_worker_abort: SIGINT sent to worker"
+      );
+    } catch (err) {
+      serviceLogger.warn(
+        { sessionId: sid, pid: session.pid, error: String(err) },
+        "session_worker_abort: kill failed"
+      );
+    }
+  }
+  onSessionList() {
+    this.deps.broadcastSessionList();
+    serviceLogger.info("Session list sent via relay");
+  }
+  onPermissionModeChange(msg) {
+    const sid = msg.sessionId;
+    const mode = msg.mode;
+    if (!sid) {
+      serviceLogger.info(
+        { mode },
+        "Permission mode change received via relay (global, no sessionId)"
+      );
+      return;
+    }
+    const session = this.deps.sessionManager.getSession(sid);
+    if (session?.mode !== "pty") {
+      serviceLogger.info(
+        { sessionId: sid, mode },
+        "Permission mode change received for JSON session (no-op, not supported)"
+      );
+      return;
+    }
+    const ts = this.deps.terminalSockets.get(sid);
+    if (this.deps.hostedPtyRegistry.write(sid, "\x1B[Z")) {
+      serviceLogger.info(
+        { sessionId: sid, mode },
+        "Permission mode cycle: Shift+Tab sent to hosted PTY"
+      );
+    } else if (ts?.writable) {
+      ts.write(serializeIpc({ type: "pty_input", sessionId: sid, data: "\x1B[Z" }));
+      serviceLogger.info({ sessionId: sid, mode }, "Permission mode cycle: Shift+Tab sent to PTY");
+    } else {
+      serviceLogger.warn(
+        { sessionId: sid },
+        "Permission mode cycle: PTY terminal socket unavailable"
+      );
+    }
+  }
+  onSessionSubscribe(msg) {
+    const sid = msg.sessionId;
+    const requestId = msg.requestId;
+    if (!sid) return;
+    const ts = this.deps.terminalSockets.get(sid);
+    if (this.deps.hostedPtyRegistry.snapshot(sid, requestId)) {
+      serviceLogger.info({ sessionId: sid, requestId }, "Subscribe handled by hosted PTY");
+    } else if (ts?.writable) {
+      ts.write(serializeIpc({ type: "pty_subscribe", sessionId: sid, requestId }));
+      serviceLogger.info({ sessionId: sid, requestId }, "Subscribe forwarded to terminal");
+    } else {
+      serviceLogger.warn({ sessionId: sid }, "Subscribe failed: terminal socket not available");
+    }
+  }
+  onTerminalResizeRequest(msg) {
+    const sid = msg.sessionId;
+    const cols = msg.cols;
+    const rows = msg.rows;
+    if (!sid || !cols || !rows) return;
+    if (!this.deps.hostedPtyRegistry.resize(sid, cols, rows)) {
+      serviceLogger.debug({ sessionId: sid, cols, rows }, "Resize request ignored: not hosted PTY");
+    }
+  }
+};
+// src/serve/json-observer.ts
+var JsonObserver = class {
+  constructor(deps) {
+    this.deps = deps;
+  }
+  deps;
+  // 用户消息注入 worker（relay-router 收到 user_input）→ 进入 WORKING
+  onTurnStart(sessionId) {
+    this.deps.changeSessionState(sessionId, SessionState.WORKING);
+    this.deps.emitAgentStatus?.(sessionId, "thinking");
+  }
+  // stream-json result event 到达 → turn 结束回 IDLE
+  onTurnResult(sessionId) {
+    this.deps.changeSessionState(sessionId, SessionState.IDLE);
+    this.deps.emitAgentStatus?.(sessionId, "idle");
+  }
+  // control_request event 到达 → worker 阻塞等审批
+  onApprovalRequested(sessionId) {
+    this.deps.changeSessionState(sessionId, SessionState.WAITING_APPROVAL);
+    this.deps.emitAgentStatus?.(sessionId, "waiting_permission");
+  }
+  // 观察通道失联 → ERROR，待人工干预或后续 terminate
+  onChannelBroken(sessionId) {
+    this.deps.changeSessionState(sessionId, SessionState.ERROR);
+  }
+};
+// src/serve/permission-broker.ts
+var PermissionBroker = class {
+  pending = /* @__PURE__ */ new Map();
+  request(request) {
+    const existing = this.pending.get(request.requestId);
+    if (existing) {
+      return Promise.resolve({
+        behavior: "deny",
+        message: "Duplicate permission request id."
+      });
+    }
+    return new Promise((resolve) => {
+      this.pending.set(request.requestId, {
+        ...request,
+        source: "hook",
+        resolve,
+        createdAt: Date.now()
+      });
+    });
+  }
+  registerWorkerRequest(request, onDecision) {
+    const existing = this.pending.get(request.requestId);
+    if (existing) {
+      onDecision({
+        behavior: "deny",
+        message: "Duplicate permission request id."
+      });
+      return false;
+    }
+    this.pending.set(request.requestId, {
+      ...request,
+      source: "worker",
+      resolve: onDecision,
+      createdAt: Date.now()
+    });
+    return true;
+  }
+  resolve(requestId, decision) {
+    const pending = this.pending.get(requestId);
+    if (!pending) return false;
+    this.pending.delete(requestId);
+    pending.resolve(decision);
+    return true;
+  }
+  markDelivered(requestId) {
+    const pending = this.pending.get(requestId);
+    if (!pending) return false;
+    pending.deliveredAt = Date.now();
+    return true;
+  }
+  get(requestId) {
+    const pending = this.pending.get(requestId);
+    if (!pending) return null;
+    return {
+      requestId: pending.requestId,
+      sessionId: pending.sessionId,
+      provider: pending.provider,
+      source: pending.source,
+      toolName: pending.toolName,
+      input: pending.input,
+      createdAt: pending.createdAt,
+      ...pending.deliveredAt !== void 0 ? { deliveredAt: pending.deliveredAt } : {}
+    };
+  }
+  cleanupSession(sessionId, reason) {
+    for (const [requestId, pending] of this.pending) {
+      if (pending.sessionId !== sessionId) continue;
+      this.pending.delete(requestId);
+      pending.resolve({ behavior: "deny", message: reason });
+      serviceLogger.info({ sessionId, requestId, reason }, "Pending hook permission dropped");
+    }
+  }
+  listSession(sessionId) {
+    const out = [];
+    for (const pending of this.pending.values()) {
+      if (pending.sessionId !== sessionId) continue;
+      out.push({
+        requestId: pending.requestId,
+        sessionId: pending.sessionId,
+        provider: pending.provider,
+        source: pending.source,
+        toolName: pending.toolName,
+        input: pending.input,
+        createdAt: pending.createdAt,
+        ...pending.deliveredAt !== void 0 ? { deliveredAt: pending.deliveredAt } : {}
+      });
+    }
+    return out;
+  }
+};
+// src/serve/hook-event-router.ts
+function hookPayloadRecord(value) {
+  return value && typeof value === "object" && !Array.isArray(value) ? value : {};
+}
+function toolNameFromPayload(payload) {
+  return typeof payload.toolName === "string" ? payload.toolName : typeof payload.tool_name === "string" ? payload.tool_name : "unknown";
+}
+function toolInputFromPayload(payload) {
+  return hookPayloadRecord(payload.input ?? payload.tool_input);
+}
+var HookEventRouter = class {
+  constructor(deps) {
+    this.deps = deps;
+  }
+  deps;
+  handle(event) {
+    switch (event.event) {
+      case "SessionStart":
+        this.deps.changeSessionState(event.sessionId, SessionState.IDLE);
+        this.forwardAgentStatus(event, "idle");
+        break;
+      case "UserPromptSubmit":
+        this.deps.changeSessionState(event.sessionId, SessionState.WORKING);
+        this.forwardAgentStatus(event, "thinking");
+        break;
+      case "PostToolUse":
+      case "PostToolUseFailure":
+        this.deps.changeSessionState(event.sessionId, SessionState.WORKING);
+        this.forwardAgentStatus(event, "outputting");
+        break;
+      case "Stop":
+        this.deps.changeSessionState(event.sessionId, SessionState.IDLE);
+        this.forwardAgentStatus(event, "idle");
+        break;
+      case "PermissionRequest":
+        this.forwardPermissionRequest(event);
+        break;
+      case "PreToolUse":
+        this.forwardToolUse(event);
+        break;
+      default:
+        serviceLogger.debug(
+          { sessionId: event.sessionId, provider: event.provider, event: event.event },
+          "Unknown provider hook event ignored"
+        );
+        break;
+    }
+  }
+  onPermissionResolved(sessionId, provider, requestId, outcome, context) {
+    this.deps.changeSessionState(sessionId, SessionState.WORKING);
+    if (outcome === "deny") {
+      this.deps.changeSessionState(sessionId, SessionState.IDLE);
+    }
+    this.forwardAgentStatus(
+      {
+        sessionId,
+        provider,
+        event: "PermissionResolved",
+        requestId,
+        payload: {}
+      },
+      outcome === "allow" ? "tool_use" : "idle",
+      {
+        toolName: context?.toolName,
+        toolInput: context?.toolInput,
+        permissionResolution: { requestId, outcome }
+      }
+    );
+    serviceLogger.info({ sessionId, requestId, outcome }, "Hook permission resolved");
+  }
+  forwardPermissionRequest(event) {
+    const requestId = event.requestId ?? `${event.sessionId}:${Date.now()}`;
+    const toolName = toolNameFromPayload(event.payload);
+    const input = toolInputFromPayload(event.payload);
+    this.deps.changeSessionState(event.sessionId, SessionState.WAITING_APPROVAL);
+    this.forwardAgentStatus(event, "waiting_permission", {
+      toolName,
+      toolInput: input,
+      permissionRequest: {
+        requestId,
+        toolName,
+        input
+      }
+    });
+    const seq = this.deps.nextSeq?.(event.sessionId) ?? new SeqCounter(event.sessionId).next();
+    const envelope = buildMessage(
+      "tool_use_request",
+      event.sessionId,
+      seq,
+      {
+        toolName,
+        toolId: requestId,
+        parameters: input
+      },
+      "proxy"
+    );
+    this.deps.relayConnection.sendEnvelope(envelope);
+  }
+  forwardToolUse(event) {
+    const toolName = toolNameFromPayload(event.payload);
+    const input = toolInputFromPayload(event.payload);
+    this.forwardAgentStatus(event, "tool_use", {
+      toolName,
+      toolInput: input
+    });
+  }
+  forwardAgentStatus(event, phase, extra) {
+    const payload = {
+      provider: event.provider,
+      phase,
+      seq: this.nextSeq(event.sessionId),
+      updatedAt: Date.now(),
+      ...extra
+    };
+    this.deps.agentStatusRegistry.set(event.sessionId, payload);
+    this.deps.relayConnection.sendRaw(
+      JSON.stringify({
+        type: "agent_status",
+        sessionId: event.sessionId,
+        payload
+      })
+    );
+  }
+  nextSeq(sessionId) {
+    return this.deps.nextSeq?.(sessionId) ?? new SeqCounter(sessionId).next();
+  }
+};
+// src/serve/agent-status-registry.ts
+var AgentStatusRegistry = class {
+  statuses = /* @__PURE__ */ new Map();
+  set(sessionId, status) {
+    const current = this.statuses.get(sessionId);
+    if (current && current.seq > status.seq) return;
+    this.statuses.set(sessionId, status);
+  }
+  get(sessionId) {
+    return this.statuses.get(sessionId) ?? null;
+  }
+  list() {
+    return Array.from(this.statuses, ([sessionId, status]) => ({ sessionId, status }));
+  }
+  delete(sessionId) {
+    this.statuses.delete(sessionId);
+  }
+};
+// src/serve/session-broadcast.ts
+function toSessionListPayload(s) {
+  return {
+    sessionId: s.id,
+    mode: s.mode,
+    provider: s.provider,
+    ...s.ptyOwner !== void 0 ? { ptyOwner: s.ptyOwner } : {},
+    state: s.state,
+    lastActive: s.updatedAt,
+    ...s.name !== void 0 ? { name: s.name } : {}
+  };
+}
+function pushSessionStatus(relay, sessionManager, sessionId) {
+  const session = sessionManager.getSession(sessionId);
+  if (!session) return;
+  try {
+    const envelope = buildMessage(
+      "session_status",
+      session.id,
+      Date.now(),
+      { sessionId: session.id, state: session.state, lastActive: session.updatedAt },
+      "proxy"
+    );
+    relay.sendEnvelope(envelope);
+  } catch (err) {
+    serviceLogger.debug({ sessionId, error: String(err) }, "Failed to push session_status");
+  }
+}
+function broadcastSessionList(relay, sessionManager) {
+  relay.sendRaw(
+    JSON.stringify({
+      type: "session_list",
+      sessionId: "",
+      seq: 0,
+      timestamp: Date.now(),
+      source: "proxy",
+      version: "1",
+      payload: { sessions: sessionManager.listSessions().map(toSessionListPayload) }
+    })
+  );
+}
+function broadcastSessionSync(relay, session) {
+  relay.sendRaw(
+    JSON.stringify({
+      type: "session_sync",
+      sessions: [
+        {
+          id: session.id,
+          mode: session.mode,
+          provider: session.provider,
+          ...session.ptyOwner !== void 0 ? { ptyOwner: session.ptyOwner } : {},
+          state: session.state
+        }
+      ]
+    })
+  );
+}
+function changeSessionState(sessionManager, relay, sessionId, next) {
+  if (!sessionManager.getSession(sessionId)) return false;
+  const changed = sessionManager.updateState(sessionId, next);
+  if (changed) pushSessionStatus(relay, sessionManager, sessionId);
+  return changed;
+}
+// src/serve/service-files.ts
+import { execSync } from "child_process";
+import { existsSync as existsSync5, readFileSync as readFileSync5, unlinkSync as unlinkSync2 } from "fs";
+import { hostname } from "os";
+import { connect as connect2 } from "net";
+function tryConnectSocket(sockPath) {
+  return new Promise((resolve) => {
+    const s = connect2(sockPath);
+    s.on("connect", () => resolve(s));
+    s.on("error", () => resolve(null));
+  });
+}
+function isProcessAlive(pid) {
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function cleanupStaleResources() {
+  if (existsSync5(SOCK_PATH)) {
+    const existing = await tryConnectSocket(SOCK_PATH);
+    if (existing) {
+      existing.destroy();
+      const msg = `Another service is already running on ${SOCK_PATH}`;
+      serviceLogger.error(msg);
+      console.error(msg);
+      process.exit(1);
+    }
+    unlinkSync2(SOCK_PATH);
+    serviceLogger.info("Removed stale socket file");
+  }
+  if (existsSync5(PID_PATH)) {
+    const pidStr = readFileSync5(PID_PATH, "utf-8").trim();
+    const pid = parseInt(pidStr, 10);
+    if (!isNaN(pid) && isProcessAlive(pid)) {
+      const msg = `Another service is already running with PID ${pid}`;
+      serviceLogger.error(msg);
+      console.error(msg);
+      process.exit(1);
+    }
+    unlinkSync2(PID_PATH);
+    serviceLogger.info("Removed stale PID file");
+  }
+}
+function getProxyName() {
+  return process.env.DEV_ANYWHERE_PROXY_NAME || getComputerName() || hostname();
+}
+function getComputerName() {
+  try {
+    return execSync("scutil --get ComputerName", { stdio: ["pipe", "pipe", "ignore"] }).toString().trim() || null;
+  } catch {
+    return null;
+  }
+}
+// src/serve/pty-state-guard.ts
+function shouldPromotePtyActivityToWorking(session, pendingApprovalCount) {
+  if (!session || session.mode !== "pty") return false;
+  if (pendingApprovalCount > 0) return false;
+  return session.state === SessionState.IDLE || session.state === SessionState.WAITING_APPROVAL;
+}
+// src/serve/pty-semantic-lifecycle.ts
+function resolvePtySemanticSessionTransitions(currentState, semanticState) {
+  if (semanticState !== "turn_complete") return [];
+  if (currentState === SessionState.WAITING_APPROVAL) {
+    return [SessionState.IDLE];
+  }
+  if (currentState === SessionState.WORKING) {
+    return [SessionState.IDLE];
+  }
+  return [];
+}
+// src/serve/terminal-ipc.ts
+function handleTerminalConnection(socket, deps) {
+  const {
+    sessionManager,
+    workerRegistry,
+    terminalSockets,
+    hostedPtyRegistry,
+    relayConnection,
+    controlHandlers,
+    agentStatusRegistry,
+    permissionBroker,
+    createHookContext,
+    emitAgentStatus,
+    resolveInterruptedApprovals: resolveInterruptedApprovals2,
+    config
+  } = deps;
+  createIpcReader(
+    socket,
+    (msg) => {
+      switch (msg.type) {
+        case "session_create_request": {
+          if (msg.mode !== "pty") {
+            socket.write(
+              serializeIpc({
+                type: "session_create_response",
+                sessionId: "",
+                error: `Unsupported mode via IPC: ${msg.mode}`
+              })
+            );
+            break;
+          }
+          const provider = msg.provider;
+          const existing = msg.sessionId ? sessionManager.getSession(msg.sessionId) : void 0;
+          const session = existing ?? sessionManager.createSession(
+            "pty",
+            msg.cwd,
+            msg.pid,
+            msg.name,
+            msg.sessionId,
+            provider,
+            "local-terminal"
+          );
+          if (existing) {
+            sessionManager.setPid(session.id, msg.pid);
+          }
+          socket.write(
+            serializeIpc({
+              type: "session_create_response",
+              sessionId: session.id,
+              hook: createHookContext(session.id, provider)
+            })
+          );
+          serviceLogger.info(
+            { sessionId: session.id, mode: "pty", provider },
+            "PTY session created"
+          );
+          break;
+        }
+        case "service_status_request": {
+          const relayStatus = relayConnection.getStatus();
+          const sessions = sessionManager.listSessions();
+          socket.write(
+            serializeIpc({
+              type: "service_status_response",
+              config,
+              relay: relayStatus,
+              sessions: sessions.map((s) => ({
+                id: s.id,
+                mode: s.mode,
+                provider: s.provider,
+                state: s.state,
+                createdAt: new Date(s.createdAt).toISOString(),
+                ...s.name !== void 0 ? { name: s.name } : {},
+                hasWorker: workerRegistry.has(s.id)
+              }))
+            })
+          );
+          break;
+        }
+        case "pty_title_change": {
+          if (!sessionManager.getSession(msg.sessionId)) break;
+          relayConnection.sendRaw(
+            JSON.stringify({
+              type: "terminal_title",
+              sessionId: msg.sessionId,
+              title: msg.title
+            })
+          );
+          break;
+        }
+        case "pty_semantic_event": {
+          if (!sessionManager.getSession(msg.sessionId)) break;
+          const logPayload = {
+            sessionId: msg.sessionId,
+            state: msg.state,
+            ...msg.title !== void 0 ? { title: msg.title } : {},
+            ...msg.tool !== void 0 ? { tool: msg.tool } : {}
+          };
+          if (msg.state === "approval_wait" || msg.state === "turn_complete") {
+            serviceLogger.info(logPayload, "PTY semantic event received");
+          } else {
+            serviceLogger.debug(logPayload, "PTY semantic event received");
+          }
+          if (msg.state === "approval_wait") {
+            changeSessionState(
+              sessionManager,
+              relayConnection,
+              msg.sessionId,
+              SessionState.WAITING_APPROVAL
+            );
+          } else if (msg.state === "working" || msg.state === "mid_pause") {
+            const session = sessionManager.getSession(msg.sessionId);
+            const pendingApprovals = permissionBroker.listSession(msg.sessionId);
+            if (shouldPromotePtyActivityToWorking(session, pendingApprovals.length)) {
+              changeSessionState(
+                sessionManager,
+                relayConnection,
+                msg.sessionId,
+                SessionState.WORKING
+              );
+            } else if (session?.state === SessionState.WAITING_APPROVAL) {
+              serviceLogger.debug(
+                {
+                  sessionId: msg.sessionId,
+                  ptyState: msg.state,
+                  pendingApprovals: pendingApprovals.length
+                },
+                "PTY working signal ignored while permission approval is pending"
+              );
+            }
+          }
+          if (msg.state === "turn_complete") {
+            resolveInterruptedApprovals2(msg.sessionId);
+            const session = sessionManager.getSession(msg.sessionId);
+            const transitions = resolvePtySemanticSessionTransitions(session?.state, msg.state);
+            for (const next of transitions) {
+              changeSessionState(sessionManager, relayConnection, msg.sessionId, next);
+            }
+            emitAgentStatus(msg.sessionId, "idle");
+          }
+          relayConnection.sendRaw(
+            JSON.stringify({
+              type: "pty_state",
+              sessionId: msg.sessionId,
+              payload: {
+                state: msg.state,
+                ...msg.title !== void 0 ? { title: msg.title } : {},
+                ...msg.tool !== void 0 ? { tool: msg.tool } : {}
+              }
+            })
+          );
+          break;
+        }
+        case "pty_resize": {
+          if (!sessionManager.getSession(msg.sessionId)) break;
+          relayConnection.sendRaw(
+            JSON.stringify({
+              type: "terminal_resize",
+              sessionId: msg.sessionId,
+              cols: msg.cols,
+              rows: msg.rows
+            })
+          );
+          break;
+        }
+        case "session_terminate_request": {
+          const result = terminateSessionByOwnership(
+            {
+              sessionManager,
+              workerRegistry,
+              controlHandlers,
+              terminalSockets,
+              hostedPtyRegistry,
+              agentStatusRegistry
+            },
+            msg.sessionId
+          );
+          socket.write(
+            serializeIpc({
+              type: "session_terminate_response",
+              sessionId: msg.sessionId,
+              success: result.success
+            })
+          );
+          serviceLogger.info(
+            { sessionId: msg.sessionId, success: result.success, action: result.action },
+            "Session termination request handled"
+          );
+          break;
+        }
+        case "pty_register": {
+          if (!sessionManager.getSession(msg.sessionId)) {
+            serviceLogger.warn(
+              { sessionId: msg.sessionId },
+              "PTY register ignored: session missing"
+            );
+            break;
+          }
+          sessionManager.setPid(msg.sessionId, msg.pid);
+          terminalSockets.set(msg.sessionId, socket);
+          socket.write(
+            serializeIpc({
+              type: "bridge_status",
+              connected: relayConnection.getStatus().connected
+            })
+          );
+          const session = sessionManager.getSession(msg.sessionId);
+          if (session) {
+            broadcastSessionSync(relayConnection, session);
+          }
+          broadcastSessionList(relayConnection, sessionManager);
+          serviceLogger.info({ sessionId: msg.sessionId }, "PTY session registered");
+          break;
+        }
+        case "pty_deregister": {
+          relayConnection.sendRaw(
+            JSON.stringify({
+              type: "pty_state",
+              sessionId: msg.sessionId,
+              payload: { state: "turn_complete" }
+            })
+          );
+          sessionManager.terminateSession(msg.sessionId);
+          terminalSockets.delete(msg.sessionId);
+          controlHandlers.cleanup(msg.sessionId);
+          agentStatusRegistry.delete(msg.sessionId);
+          broadcastSessionList(relayConnection, sessionManager);
+          serviceLogger.info({ sessionId: msg.sessionId }, "PTY session deregistered");
+          break;
+        }
+        case "pty_input": {
+          if (!sessionManager.getSession(msg.sessionId)) break;
+          const targetSocket = terminalSockets.get(msg.sessionId);
+          if (hostedPtyRegistry.write(msg.sessionId, msg.data)) {
+            break;
+          }
+          if (targetSocket?.writable) {
+            targetSocket.write(
+              serializeIpc({
+                type: "pty_input",
+                sessionId: msg.sessionId,
+                data: msg.data
+              })
+            );
+          }
+          break;
+        }
+        case "session_status_update": {
+          changeSessionState(sessionManager, relayConnection, msg.sessionId, msg.state);
+          break;
+        }
+        case "pty_snapshot": {
+          if (!sessionManager.getSession(msg.sessionId)) break;
+          relayConnection.sendRaw(
+            JSON.stringify({
+              type: "session_snapshot",
+              sessionId: msg.sessionId,
+              cols: msg.cols,
+              rows: msg.rows,
+              data: msg.data,
+              outputSeq: msg.outputSeq,
+              requestId: msg.requestId
+            })
+          );
+          serviceLogger.info(
+            { sessionId: msg.sessionId, cols: msg.cols, rows: msg.rows },
+            "Session snapshot forwarded to relay"
+          );
+          break;
+        }
+        default: {
+          serviceLogger.warn({ type: msg.type }, "Unhandled IPC message type");
+        }
+      }
+    },
+    (sessionId, data, outputSeq) => {
+      if (!sessionManager.getSession(sessionId)) return;
+      const sessionIdBuf = Buffer.from(sessionId, "utf-8");
+      const wsFrame = Buffer.alloc(1 + sessionIdBuf.length + 4 + data.length);
+      wsFrame[0] = sessionIdBuf.length;
+      sessionIdBuf.copy(wsFrame, 1);
+      wsFrame.writeUInt32LE(outputSeq, 1 + sessionIdBuf.length);
+      data.copy(wsFrame, 1 + sessionIdBuf.length + 4);
+      relayConnection.sendBinary(wsFrame);
+    }
+  );
+  socket.on("close", () => {
+    for (const [sessionId, terminalSocket] of terminalSockets) {
+      if (terminalSocket === socket) {
+        terminalSockets.delete(sessionId);
+        const session = sessionManager.getSession(sessionId);
+        if (!session) {
+          serviceLogger.info({ sessionId }, "Terminal socket closed, session already cleaned");
+          continue;
+        }
+        if (session.mode === "pty" && session.pid && isProcessAlive(session.pid)) {
+          serviceLogger.info(
+            { sessionId, pid: session.pid },
+            "Terminal socket closed but process alive, skipping cleanup"
+          );
+          continue;
+        }
+        relayConnection.sendRaw(
+          JSON.stringify({
+            type: "pty_state",
+            sessionId,
+            payload: { state: "turn_complete" }
+          })
+        );
+        sessionManager.terminateSession(sessionId);
+        controlHandlers.cleanup(sessionId);
+        agentStatusRegistry.delete(sessionId);
+        broadcastSessionList(relayConnection, sessionManager);
+        serviceLogger.info(
+          { sessionId },
+          "PTY session cleaned up on socket close (crash fallback)"
+        );
+      }
+    }
+  });
+  socket.on("error", (err) => {
+    serviceLogger.warn({ error: String(err) }, "Client socket error");
+  });
+}
+// src/serve/hook-registry.ts
+import { createHash, randomBytes } from "crypto";
+function hashToken(token) {
+  return createHash("sha256").update(token).digest("hex");
+}
+function randomSecret() {
+  return randomBytes(32).toString("base64url");
+}
+var HookRegistry = class {
+  bindingsBySession = /* @__PURE__ */ new Map();
+  registerSession(sessionId, provider, options = {}) {
+    const now = options.now ?? Date.now();
+    const token = randomSecret();
+    const marker = randomSecret();
+    this.bindingsBySession.set(sessionId, {
+      sessionId,
+      provider,
+      marker,
+      tokenHash: hashToken(token),
+      createdAt: now,
+      ...options.ttlMs ? { expiresAt: now + options.ttlMs } : {}
+    });
+    return { sessionId, provider, marker, token };
+  }
+  verify(options) {
+    const binding = this.bindingsBySession.get(options.sessionId);
+    if (!binding) return null;
+    if (options.provider && binding.provider !== options.provider) return null;
+    if (binding.marker !== options.marker) return null;
+    if (binding.tokenHash !== hashToken(options.token)) return null;
+    if (binding.expiresAt && (options.now ?? Date.now()) > binding.expiresAt) return null;
+    return binding;
+  }
+  getSession(sessionId) {
+    return this.bindingsBySession.get(sessionId) ?? null;
+  }
+  unregisterSession(sessionId) {
+    this.bindingsBySession.delete(sessionId);
+  }
+};
+// src/serve/hook-server.ts
+import { createServer } from "http";
+function getBearerToken(req) {
+  const header = req.headers.authorization;
+  if (!header?.startsWith("Bearer ")) return null;
+  return header.slice("Bearer ".length).trim() || null;
+}
+function asProvider(value) {
+  return value === "claude" || value === "codex" ? value : null;
+}
+function asRecord(value) {
+  return value && typeof value === "object" && !Array.isArray(value) ? value : {};
+}
+var HookServer = class {
+  constructor(options) {
+    this.options = options;
+    this.host = options.host ?? "127.0.0.1";
+    this.maxBodyBytes = options.maxBodyBytes ?? 1024 * 1024;
+  }
+  options;
+  server = null;
+  host;
+  maxBodyBytes;
+  start() {
+    if (this.server) return Promise.resolve();
+    this.server = createServer((req, res) => {
+      this.handle(req, res).catch((err) => {
+        serviceLogger.error({ err: String(err) }, "Hook request failed");
+        this.writeJson(res, 500, { error: "internal_error" });
+      });
+    });
+    return new Promise((resolve, reject) => {
+      const onError = (err) => {
+        this.server?.off("listening", onListening);
+        reject(err);
+      };
+      const onListening = () => {
+        this.server?.off("error", onError);
+        serviceLogger.info({ host: this.host, port: this.options.port }, "Hook server listening");
+        resolve();
+      };
+      this.server.once("error", onError);
+      this.server.once("listening", onListening);
+      this.server.listen(this.options.port, this.host);
+    });
+  }
+  close() {
+    if (!this.server) return Promise.resolve();
+    const server = this.server;
+    this.server = null;
+    return new Promise((resolve, reject) => {
+      server.close((err) => err ? reject(err) : resolve());
+    });
+  }
+  getListeningPort() {
+    const address = this.server?.address();
+    if (!address || typeof address === "string") return null;
+    return address.port;
+  }
+  async handle(req, res) {
+    if (req.method !== "POST" || req.url !== "/hook") {
+      this.writeJson(res, 404, { error: "not_found" });
+      return;
+    }
+    const token = getBearerToken(req);
+    if (!token) {
+      this.writeJson(res, 401, { error: "missing_token" });
+      return;
+    }
+    const body = await this.readBody(req);
+    const parsed = JSON.parse(body);
+    const provider = asProvider(parsed.provider);
+    if (typeof parsed.sessionId !== "string" || typeof parsed.marker !== "string" || typeof parsed.event !== "string" || !provider) {
+      this.writeJson(res, 400, { error: "invalid_hook_payload" });
+      return;
+    }
+    const binding = this.options.registry.verify({
+      sessionId: parsed.sessionId,
+      marker: parsed.marker,
+      token,
+      provider
+    });
+    if (!binding) {
+      this.writeJson(res, 403, { error: "invalid_hook_credentials" });
+      return;
+    }
+    if (this.options.isSessionActive && !this.options.isSessionActive(binding.sessionId)) {
+      serviceLogger.info(
+        { sessionId: binding.sessionId, provider: binding.provider, event: parsed.event },
+        "Provider hook ignored for inactive session"
+      );
+      this.writeProviderResponse(res, this.toNeutralProviderResponse(provider, parsed.event));
+      return;
+    }
+    const payload = asRecord(parsed.payload);
+    const requestId = typeof parsed.requestId === "string" ? parsed.requestId : typeof payload.tool_use_id === "string" ? payload.tool_use_id : void 0;
+    const event = {
+      sessionId: binding.sessionId,
+      provider: binding.provider,
+      event: parsed.event,
+      ...requestId !== void 0 ? { requestId } : {},
+      payload
+    };
+    if (event.event === "PermissionRequest") {
+      await this.handlePermissionRequest(event, res);
+      return;
+    }
+    this.options.onEvent?.(event);
+    this.writeProviderResponse(res, this.toNeutralProviderResponse(event.provider, event.event));
+  }
+  async handlePermissionRequest(event, res) {
+    const requestId = event.requestId ?? (typeof event.payload.tool_use_id === "string" ? event.payload.tool_use_id : void 0) ?? `${event.sessionId}:${Date.now()}`;
+    const toolName = typeof event.payload.toolName === "string" ? event.payload.toolName : typeof event.payload.tool_name === "string" ? event.payload.tool_name : "unknown";
+    const input = asRecord(event.payload.input ?? event.payload.tool_input);
+    this.options.onEvent?.({ ...event, requestId });
+    const decision = await this.options.permissionBroker.request({
+      requestId,
+      sessionId: event.sessionId,
+      provider: event.provider,
+      toolName,
+      input
+    });
+    this.writeJson(res, 200, this.toProviderDecision(event.event, decision));
+  }
+  toProviderDecision(eventName, decision) {
+    if (eventName === "PreToolUse") {
+      return {
+        hookSpecificOutput: {
+          hookEventName: "PreToolUse",
+          permissionDecision: decision.behavior,
+          ...decision.message ? { permissionDecisionReason: decision.message } : {}
+        }
+      };
+    }
+    return {
+      hookSpecificOutput: {
+        hookEventName: "PermissionRequest",
+        decision
+      }
+    };
+  }
+  toNeutralProviderResponse(provider, eventName) {
+    if (eventName === "PreToolUse") {
+      if (provider === "codex") {
+        return null;
+      }
+      return {
+        hookSpecificOutput: {
+          hookEventName: "PreToolUse",
+          permissionDecision: "defer"
+        }
+      };
+    }
+    return null;
+  }
+  writeProviderResponse(res, payload) {
+    if (res.headersSent) return;
+    if (payload === null) {
+      res.writeHead(200);
+      res.end();
+      return;
+    }
+    this.writeJson(res, 200, payload);
+  }
+  readBody(req) {
+    return new Promise((resolve, reject) => {
+      let body = "";
+      let size = 0;
+      req.setEncoding("utf8");
+      req.on("data", (chunk) => {
+        size += Buffer.byteLength(chunk);
+        if (size > this.maxBodyBytes) {
+          reject(new Error("hook body too large"));
+          req.destroy();
+          return;
+        }
+        body += chunk;
+      });
+      req.on("end", () => resolve(body));
+      req.on("error", reject);
+    });
+  }
+  writeJson(res, statusCode, payload) {
+    if (res.headersSent) return;
+    res.writeHead(statusCode, { "content-type": "application/json; charset=utf-8" });
+    res.end(JSON.stringify(payload));
+  }
+};
+// src/serve/provider-hook-runtime.ts
+async function createProviderHookRuntime(options) {
+  const hookRegistry = new HookRegistry();
+  const hookEventRouter = new HookEventRouter({
+    relayConnection: options.relayConnection,
+    agentStatusRegistry: options.agentStatusRegistry,
+    changeSessionState: options.changeSessionState
+  });
+  const port = options.hookPort ?? 17654;
+  const hookServer = new HookServer({
+    port,
+    registry: hookRegistry,
+    permissionBroker: options.permissionBroker,
+    isSessionActive: (sessionId) => !!options.sessionManager.getSession(sessionId),
+    onEvent: (event) => {
+      serviceLogger.info(
+        {
+          sessionId: event.sessionId,
+          provider: event.provider,
+          event: event.event,
+          requestId: event.requestId
+        },
+        "Provider hook event received"
+      );
+      hookEventRouter.handle(event);
+    }
+  });
+  try {
+    await hookServer.start();
+  } catch (err) {
+    const msg = `Failed to start hook server on 127.0.0.1:${port}: ${String(err)}`;
+    serviceLogger.error(msg);
+    console.error(msg);
+    process.exit(1);
+  }
+  const hookUrl = `http://127.0.0.1:${hookServer.getListeningPort() ?? port}/hook`;
+  const createHookContext = (sessionId, provider) => {
+    const credentials = hookRegistry.registerSession(sessionId, provider);
+    return {
+      provider,
+      sessionId,
+      hookUrl,
+      marker: credentials.marker,
+      token: credentials.token
+    };
+  };
+  return {
+    hookRegistry,
+    hookEventRouter,
+    hookServer,
+    createHookContext
+  };
+}
+// src/serve.ts
+function resolveInterruptedApprovals(permissionBroker, hookEventRouter, relay, sessionId) {
+  const approvals = permissionBroker.listSession(sessionId);
+  if (approvals.length === 0) return;
+  const message = "Permission request was interrupted in the PTY.";
+  for (const approval of approvals) {
+    if (!permissionBroker.resolve(approval.requestId, { behavior: "deny", message })) continue;
+    hookEventRouter.onPermissionResolved(
+      approval.sessionId,
+      approval.provider,
+      approval.requestId,
+      "deny",
+      { toolName: approval.toolName, toolInput: approval.input }
+    );
+    relay.sendRaw(
+      JSON.stringify({
+        type: "permission_decision_result",
+        sessionId: approval.sessionId,
+        requestId: approval.requestId,
+        outcome: "deny",
+        delivered: true,
+        message
+      })
+    );
+  }
+  serviceLogger.info(
+    { sessionId, count: approvals.length },
+    "Pending approvals cleared after PTY interruption"
+  );
+}
+function parseServiceOptions(argv) {
+  const options = {};
+  for (let i = 0; i < argv.length; i++) {
+    const arg = argv[i];
+    if (arg === "--env") {
+      const envName = argv[i + 1];
+      if (!envName || envName.startsWith("-")) {
+        throw new Error("Missing value for --env");
+      }
+      options.envName = envName;
+      i++;
+      continue;
+    }
+    if (arg.startsWith("--env=")) {
+      const envName = arg.slice("--env=".length);
+      if (!envName) throw new Error("Missing value for --env");
+      options.envName = envName;
+    }
+  }
+  return options;
+}
+async function startService(options) {
+  await cleanupStaleResources();
+  try {
+    unlinkSync3(STOPPED_PATH);
+  } catch {
+  }
+  const permissionBroker = new PermissionBroker();
+  const agentStatusRegistry = new AgentStatusRegistry();
+  let unregisterHookSession = () => {
+  };
+  const sessionManager = new SessionManager({
+    persistPath: SESSIONS_PATH,
+    onSessionRemoved: (id, context) => {
+      if (!context?.preserveProviderHooks) {
+        unregisterHookSession(id);
+      }
+      permissionBroker.cleanupSession(id, "session removed");
+      agentStatusRegistry.delete(id);
+      const paths = sessionPaths(id);
+      try {
+        rmSync2(paths.dir, { recursive: true, force: true });
+      } catch {
+      }
+    }
+  });
+  sessionManager.startReaper();
+  const terminalSockets = /* @__PURE__ */ new Map();
+  const proxyName = getProxyName();
+  let proxyConfig = loadConfig({ envName: options?.envName });
+  const getProviderEnv = () => buildProviderEnv(proxyConfig, process.env);
+  const getAgentCliSuggestions = () => proxyConfig.agentCliSuggestions;
+  const setAgentCliPath = (provider, path) => {
+    const field = provider === "claude" ? "claudeBin" : "codexBin";
+    const existing = proxyConfig.agentCliSuggestions[provider] ?? [];
+    proxyConfig = {
+      ...proxyConfig,
+      [field]: path,
+      agentCliSuggestions: {
+        ...proxyConfig.agentCliSuggestions,
+        [provider]: [path, ...existing.filter((candidate) => candidate !== path)]
+      },
+      sources: {
+        ...proxyConfig.sources,
+        [field]: "file"
+      }
+    };
+  };
+  const relayUrl = options?.relayUrl ?? proxyConfig.relayUrl;
+  const relayToken = proxyConfig.relayToken;
+  const statusConfig = {
+    envName: proxyConfig.envName,
+    envNameSource: proxyConfig.sources.envName,
+    relayUrl,
+    relayUrlSource: proxyConfig.sources.relayUrl,
+    relayTokenSource: proxyConfig.sources.relayToken,
+    hookPort: proxyConfig.hookPort ?? 17654,
+    hookPortSource: proxyConfig.sources.hookPort
+  };
+  if (!relayUrl) {
+    const msg = 'Relay URL is required. Set it via RELAY_URL or ~/.dev-anywhere/config.json {"defaultEnv":"local","envs":{"local":{"relayUrl":"ws://..."}}}.';
+    serviceLogger.error(msg);
+    console.error(msg);
+    process.exit(1);
+  }
+  const relayConnection = new RelayConnection(relayUrl, { name: proxyName, token: relayToken });
+  const relaySend = (data) => relayConnection.sendRaw(data);
+  const controlHandlers = createControlMessageHandlers(relaySend, sessionManager);
+  const observerChangeState = (sessionId, next) => changeSessionState(sessionManager, relayConnection, sessionId, next);
+  const emitAgentStatus = (sessionId, phase) => {
+    const session = sessionManager.getSession(sessionId);
+    if (!session) return;
+    const payload = {
+      provider: session.provider,
+      phase,
+      seq: new SeqCounter(sessionId).next(),
+      updatedAt: Date.now()
+    };
+    agentStatusRegistry.set(sessionId, payload);
+    relayConnection.sendRaw(JSON.stringify({ type: "agent_status", sessionId, payload }));
+  };
+  const jsonObserver = new JsonObserver({
+    changeSessionState: observerChangeState,
+    emitAgentStatus
+  });
+  const hookRuntime = await createProviderHookRuntime({
+    hookPort: proxyConfig.hookPort,
+    permissionBroker,
+    sessionManager,
+    relayConnection,
+    agentStatusRegistry,
+    changeSessionState: observerChangeState
+  });
+  unregisterHookSession = (sessionId) => hookRuntime.hookRegistry.unregisterSession(sessionId);
+  const workerRegistry = new WorkerRegistry({
+    sessionManager,
+    permissionBroker,
+    relayConnection,
+    jsonObserver,
+    getProviderEnv
+  });
+  const hostedPtyRegistry = new HostedPtyRegistry({
+    sessionManager,
+    relayConnection,
+    getProviderEnv,
+    changeSessionState: observerChangeState,
+    onTurnComplete: (sessionId) => {
+      resolveInterruptedApprovals(
+        permissionBroker,
+        hookRuntime.hookEventRouter,
+        relayConnection,
+        sessionId
+      );
+      emitAgentStatus(sessionId, "idle");
+    },
+    onSessionClosed: (sessionId) => {
+      controlHandlers.cleanup(sessionId);
+      agentStatusRegistry.delete(sessionId);
+      broadcastSessionList(relayConnection, sessionManager);
+    }
+  });
+  relayConnection.connect();
+  serviceLogger.info(
+    {
+      envName: proxyConfig.envName ?? "(single)",
+      relayUrl,
+      proxyName,
+      tokenSet: !!relayToken,
+      relayUrlSource: proxyConfig.sources.relayUrl
+    },
+    "Connecting to relay server"
+  );
+  const relayRouter = new RelayRouter({
+    sessionManager,
+    workerRegistry,
+    controlHandlers,
+    relayConnection,
+    relaySend,
+    terminalSockets,
+    hostedPtyRegistry,
+    broadcastSessionList: () => broadcastSessionList(relayConnection, sessionManager),
+    broadcastSessionSync: (session) => broadcastSessionSync(relayConnection, session),
+    jsonObserver,
+    createHookContext: hookRuntime.createHookContext,
+    cleanupHookContext: (sessionId) => hookRuntime.hookRegistry.unregisterSession(sessionId),
+    permissionBroker,
+    hookEventRouter: hookRuntime.hookEventRouter,
+    agentStatusRegistry,
+    envName: proxyConfig.envName,
+    getProviderEnv,
+    getAgentCliSuggestions,
+    setAgentCliPath
+  });
+  relayConnection.on("message", (msg) => relayRouter.handle(msg));
+  relayConnection.on("connected", () => {
+    controlHandlers.reinitializeOnReconnect();
+    broadcastBridgeStatus(true);
+  });
+  relayConnection.on("disconnected", () => {
+    broadcastBridgeStatus(false);
+  });
+  function broadcastBridgeStatus(connected) {
+    const msg = serializeIpc({ type: "bridge_status", connected });
+    for (const [, sock] of terminalSockets) {
+      if (sock.writable) sock.write(msg);
+    }
+  }
+  await workerRegistry.reconnectAll();
+  const server = createServer2((socket) => {
+    handleTerminalConnection(socket, {
+      sessionManager,
+      workerRegistry,
+      terminalSockets,
+      hostedPtyRegistry,
+      relayConnection,
+      controlHandlers,
+      agentStatusRegistry,
+      permissionBroker,
+      hookEventRouter: hookRuntime.hookEventRouter,
+      createHookContext: hookRuntime.createHookContext,
+      emitAgentStatus,
+      config: statusConfig,
+      resolveInterruptedApprovals: (sessionId) => resolveInterruptedApprovals(
+        permissionBroker,
+        hookRuntime.hookEventRouter,
+        relayConnection,
+        sessionId
+      )
+    });
+  });
+  server.listen(SOCK_PATH, () => {
+    writeFileSync4(PID_PATH, String(process.pid));
+    chmodSync(SOCK_PATH, 384);
+    serviceLogger.info({ pid: process.pid, sock: SOCK_PATH }, "Service started");
+  });
+  async function shutdown() {
+    serviceLogger.info("Shutting down service");
+    sessionManager.stopReaper();
+    await hookRuntime.hookServer.close();
+    relayConnection.close();
+    workerRegistry.destroyAll();
+    hostedPtyRegistry.destroyAll();
+    server.close();
+    try {
+      unlinkSync3(SOCK_PATH);
+    } catch {
+    }
+    try {
+      unlinkSync3(PID_PATH);
+    } catch {
+    }
+    process.exit(0);
+  }
+  process.on("SIGTERM", () => {
+    shutdown();
+  });
+  process.on("SIGINT", () => {
+    shutdown();
+  });
+}
+var isMainModule = process.argv[1] && (process.argv[1].endsWith("serve.js") || process.argv[1].endsWith("serve.ts"));
+if (isMainModule) {
+  startService(parseServiceOptions(process.argv.slice(2))).catch((err) => {
+    const message = err instanceof Error ? err.message : String(err);
+    serviceLogger.error({ err: message }, "Service failed to start");
+    console.error(message);
+    process.exit(1);
+  });
+}
+export {
+  startService
+};
+//# sourceMappingURL=serve.js.map