@drisp/cli 0.3.39

package/dist/chunk-3FVULBV4.js

@@ -0,0 +1,839 @@
+// src/gateway/paths.ts
+import os from "os";
+import path from "path";
+var SUN_PATH_MAX = 104;
+function resolveGatewayPaths(env = process.env) {
+  const home = env["HOME"] ?? os.homedir();
+  const xdg = env["XDG_RUNTIME_DIR"]?.trim();
+  const runDir = xdg && xdg.length > 0 ? path.join(xdg, "athena") : path.join(home, ".config", "athena", "run");
+  const configDir = path.join(home, ".config", "athena", "gateway");
+  const socketPath = path.join(runDir, "gateway.sock");
+  const lockPath = path.join(runDir, "gateway.lock");
+  const tokenPath = path.join(configDir, "token");
+  const statePath = path.join(configDir, "state.db");
+  if (Buffer.byteLength(socketPath, "utf-8") > SUN_PATH_MAX) {
+    throw new Error(
+      `Gateway socket path exceeds ${SUN_PATH_MAX} bytes (sun_path limit): ${socketPath}. Set XDG_RUNTIME_DIR to a shorter path or relocate $HOME.`
+    );
+  }
+  return { runDir, configDir, socketPath, lockPath, tokenPath, statePath };
+}
+function resolveListenSpec(opts) {
+  if (!opts.bind) {
+    return { kind: "uds", socketPath: opts.paths.socketPath };
+  }
+  const parsed = parseHostPort(opts.bind);
+  return {
+    kind: "tcp",
+    host: parsed.host,
+    port: parsed.port,
+    insecure: opts.insecure ?? false,
+    ...opts.tls ? { tls: opts.tls } : {}
+  };
+}
+function parseHostPort(bind) {
+  const idx = bind.lastIndexOf(":");
+  if (idx <= 0 || idx === bind.length - 1) {
+    throw new Error(
+      `gateway: invalid --bind value ${bind}; expected host:port`
+    );
+  }
+  const host = bind.slice(0, idx);
+  const portText = bind.slice(idx + 1);
+  const port = Number(portText);
+  if (!Number.isInteger(port) || port < 0 || port > 65535) {
+    throw new Error(`gateway: invalid --bind port ${portText}`);
+  }
+  return { host, port };
+}
+function isLoopbackHost(host) {
+  const normalized = host.toLowerCase();
+  return normalized === "localhost" || normalized === "::1" || normalized === "[::1]" || normalized === "0:0:0:0:0:0:0:1" || normalized.startsWith("127.");
+}
+
+// src/infra/telemetry/client.ts
+import { PostHog } from "posthog-node";
+var POSTHOG_API_KEY = true ? "" : "";
+var POSTHOG_HOST = "https://us.i.posthog.com";
+var client = null;
+var deviceId = null;
+var enabled = false;
+var superProperties = {};
+function initTelemetry(options) {
+  const envDisabled = process.env["ATHENA_TELEMETRY_DISABLED"] === "1";
+  const hasKey = POSTHOG_API_KEY.length > 0;
+  enabled = hasKey && (options.telemetryEnabled ?? true) && !envDisabled;
+  if (!enabled) {
+    return;
+  }
+  deviceId = options.deviceId;
+  superProperties = {};
+  if (options.appVersion) {
+    superProperties["app_version"] = options.appVersion;
+  }
+  if (options.os) {
+    superProperties["os"] = options.os;
+  }
+  client = new PostHog(POSTHOG_API_KEY, {
+    host: POSTHOG_HOST,
+    disableGeoip: true,
+    flushAt: 20,
+    flushInterval: 3e4
+  });
+}
+function isTelemetryEnabled() {
+  return enabled;
+}
+function disableTelemetry() {
+  enabled = false;
+  deviceId = null;
+  superProperties = {};
+  if (!client) {
+    return Promise.resolve();
+  }
+  const currentClient = client;
+  client = null;
+  return currentClient.shutdown();
+}
+function capture(event, properties) {
+  if (!enabled || !client || !deviceId) {
+    return;
+  }
+  client.capture({
+    distinctId: deviceId,
+    event,
+    properties: { ...superProperties, ...properties }
+  });
+}
+async function shutdownTelemetry() {
+  if (client) {
+    await client.shutdown();
+    client = null;
+  }
+  deviceId = null;
+  enabled = false;
+  superProperties = {};
+}
+
+// src/infra/telemetry/events.ts
+import os2 from "os";
+function systemProps() {
+  return {
+    os: `${os2.platform()}-${os2.arch()}`,
+    nodeVersion: process.version
+  };
+}
+function trackAppLaunched(props) {
+  capture("app.launched", { ...props, ...systemProps() });
+}
+function trackSessionStarted(props) {
+  capture("session.started", props);
+}
+function trackSessionEnded(props) {
+  capture("session.ended", props);
+}
+function sanitizeStackTrace(stack) {
+  const home = os2.homedir();
+  return stack.replaceAll(home, "~");
+}
+function trackError(props) {
+  capture("app.error", {
+    errorName: props.errorName,
+    stackTrace: sanitizeStackTrace(props.stackTrace)
+  });
+}
+function trackTelemetryOptedOut() {
+  capture("telemetry.opted_out", {});
+}
+function classifyClaudeStartupFailure(reason) {
+  const normalized = reason.toLowerCase();
+  if (normalized.includes("enoent") || normalized.includes("not found") || normalized.includes("command not found")) {
+    return "binary_not_found";
+  }
+  if (normalized.includes("eacces") || normalized.includes("permission denied")) {
+    return "permission_denied";
+  }
+  if (normalized.includes("timed out") || normalized.includes("timeout") || normalized.includes("etimedout")) {
+    return "timeout";
+  }
+  if (normalized.includes("auth") || normalized.includes("login")) {
+    return "auth_required";
+  }
+  if (normalized.includes("connection refused") || normalized.includes("econnrefused")) {
+    return "connection_refused";
+  }
+  return "other";
+}
+function trackClaudeStartupFailed(props) {
+  const classifiedReason = classifyClaudeStartupFailure(props.message);
+  const resolvedBinary = props.failureStage === "exit_nonzero" || props.failureStage === "startup_timeout" || classifiedReason !== "binary_not_found";
+  capture("claude.startup_failed", {
+    harness: props.harness,
+    platform: `${os2.platform()}-${os2.arch()}`,
+    failure_stage: props.failureStage,
+    resolved_binary: resolvedBinary,
+    exit_code: props.exitCode,
+    classified_reason: classifiedReason
+  });
+}
+function trackGatewayTransportConnect(props) {
+  capture("gateway.transport.connect", props);
+}
+function trackGatewayTransportDisconnect(props) {
+  capture("gateway.transport.disconnect", props);
+}
+function trackGatewayTransportReconnect(props) {
+  capture("gateway.transport.reconnect", props);
+}
+function trackGatewayRuntimeRebind(props) {
+  capture("gateway.runtime.rebind", props);
+}
+function trackGatewayRuntimeExpired(props) {
+  capture("gateway.runtime.expired", props);
+}
+
+// src/infra/gatewayTrace.ts
+import fs from "fs";
+function writeGatewayTrace(message) {
+  if (process.env["ATHENA_GATEWAY_TRACE"] !== "1") return;
+  const line = `athena-gateway: [trace] ${message}
+`;
+  const traceFile = process.env["ATHENA_GATEWAY_TRACE_FILE"];
+  if (traceFile && traceFile.length > 0) {
+    try {
+      fs.appendFileSync(traceFile, line, "utf-8");
+      return;
+    } catch {
+    }
+  }
+  process.stderr.write(line);
+}
+
+// src/gateway/auth.ts
+import crypto from "crypto";
+import fs2 from "fs";
+import path2 from "path";
+var TOKEN_BYTES = 32;
+function loadOrCreateToken(tokenPath) {
+  try {
+    const buf = fs2.readFileSync(tokenPath);
+    const text = buf.toString("utf-8").trim();
+    if (text.length >= 16) return text;
+  } catch (err) {
+    const code = err.code;
+    if (code !== "ENOENT") throw err;
+  }
+  return writeNewToken(tokenPath);
+}
+function rotateGatewayToken(tokenPath) {
+  return writeNewToken(tokenPath);
+}
+function writeNewToken(tokenPath) {
+  const dir = path2.dirname(tokenPath);
+  fs2.mkdirSync(dir, { recursive: true, mode: 448 });
+  const token = crypto.randomBytes(TOKEN_BYTES).toString("base64url");
+  const tmpPath = `${tokenPath}.tmp-${process.pid}-${crypto.randomBytes(4).toString("hex")}`;
+  fs2.writeFileSync(tmpPath, token + "\n", { mode: 384 });
+  try {
+    fs2.renameSync(tmpPath, tokenPath);
+  } catch (err) {
+    try {
+      fs2.unlinkSync(tmpPath);
+    } catch {
+    }
+    throw err;
+  }
+  if (process.platform !== "win32") {
+    fs2.chmodSync(dir, 448);
+    fs2.chmodSync(tokenPath, 384);
+  }
+  return token;
+}
+function timingSafeTokenEqual(a, b) {
+  const ab = Buffer.from(a, "utf-8");
+  const bb = Buffer.from(b, "utf-8");
+  if (ab.length !== bb.length) {
+    const filler = Buffer.alloc(Math.max(ab.length, bb.length));
+    crypto.timingSafeEqual(filler, filler);
+    return false;
+  }
+  return crypto.timingSafeEqual(ab, bb);
+}
+function requireTokenForBind(spec, token) {
+  if (spec.kind === "uds" || isLoopbackHost(spec.host)) return;
+  if (!token || token.length < 16) {
+    throw new Error(
+      `gateway: refusing to bind ${spec.host}:${spec.port} without token configured`
+    );
+  }
+  if (spec.tls) return;
+  if (!spec.insecure) {
+    throw new Error(
+      `gateway: refusing to bind ${spec.host}:${spec.port} without TLS; pass --tls-cert/--tls-key, or --insecure only for trusted reverse-proxy/tunnel deployments`
+    );
+  }
+}
+
+// src/infra/config/dashboardClient.ts
+import crypto2 from "crypto";
+import fs3 from "fs";
+import os3 from "os";
+import path3 from "path";
+function dashboardClientConfigPath(env = process.env) {
+  const home = env["HOME"] ?? os3.homedir();
+  return path3.join(home, ".config", "athena", "dashboard.json");
+}
+function normalizeDashboardUrl(input) {
+  let parsed;
+  try {
+    parsed = new URL(input);
+  } catch {
+    throw new Error("dashboard url must be a valid URL");
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+    throw new Error("dashboard url must use http:// or https://");
+  }
+  return parsed.origin;
+}
+function readDashboardClientConfig(env = process.env) {
+  const configPath = dashboardClientConfigPath(env);
+  let raw;
+  try {
+    raw = fs3.readFileSync(configPath, "utf-8");
+  } catch (err) {
+    if (err.code === "ENOENT") return null;
+    throw err;
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch (err) {
+    throw new Error(
+      `dashboard client config ${configPath} is invalid JSON: ${err instanceof Error ? err.message : String(err)}`
+    );
+  }
+  try {
+    return parseDashboardClientConfig(parsed);
+  } catch (err) {
+    throw new Error(
+      `dashboard client config ${configPath} is invalid: ${err instanceof Error ? err.message : String(err)}`
+    );
+  }
+}
+function writeDashboardClientConfig(config, env = process.env) {
+  const validated = parseDashboardClientConfig(config);
+  const configPath = dashboardClientConfigPath(env);
+  const dir = path3.dirname(configPath);
+  fs3.mkdirSync(dir, { recursive: true, mode: 448 });
+  const tmpPath = `${configPath}.${process.pid}.${crypto2.randomBytes(4).toString("hex")}.tmp`;
+  const fd = fs3.openSync(tmpPath, "w", 384);
+  try {
+    fs3.writeSync(fd, JSON.stringify(validated, null, 2) + "\n");
+    fs3.fsyncSync(fd);
+  } finally {
+    fs3.closeSync(fd);
+  }
+  try {
+    fs3.renameSync(tmpPath, configPath);
+  } catch (err) {
+    try {
+      fs3.unlinkSync(tmpPath);
+    } catch {
+    }
+    throw err;
+  }
+  if (process.platform !== "win32") {
+    try {
+      fs3.chmodSync(dir, 448);
+      fs3.chmodSync(configPath, 384);
+    } catch {
+    }
+  }
+}
+function removeDashboardClientConfig(env = process.env) {
+  const configPath = dashboardClientConfigPath(env);
+  try {
+    fs3.unlinkSync(configPath);
+  } catch (err) {
+    if (err.code !== "ENOENT") throw err;
+  }
+}
+function parseDashboardClientConfig(raw) {
+  if (typeof raw !== "object" || raw === null) {
+    throw new Error("dashboard config root must be an object");
+  }
+  const obj = raw;
+  const stringFields = [
+    "dashboardUrl",
+    "instanceId",
+    "refreshToken",
+    "fingerprint"
+  ];
+  for (const key of stringFields) {
+    const value = obj[key];
+    if (typeof value !== "string" || value.length === 0) {
+      throw new Error(`${key} must be a non-empty string`);
+    }
+  }
+  if (typeof obj["pairedAt"] !== "number") {
+    throw new Error("pairedAt must be a number");
+  }
+  if (obj["lastRefreshAt"] !== void 0 && typeof obj["lastRefreshAt"] !== "number") {
+    throw new Error("lastRefreshAt must be a number");
+  }
+  return {
+    dashboardUrl: obj["dashboardUrl"],
+    instanceId: obj["instanceId"],
+    refreshToken: obj["refreshToken"],
+    fingerprint: obj["fingerprint"],
+    pairedAt: obj["pairedAt"],
+    ...obj["lastRefreshAt"] !== void 0 ? { lastRefreshAt: obj["lastRefreshAt"] } : {}
+  };
+}
+
+// src/infra/config/dashboardAuth.ts
+import fs4 from "fs";
+var DEFAULT_LOCK_TIMEOUT_MS = 3e4;
+var DEFAULT_LOCK_POLL_MS = 50;
+var DEFAULT_STALE_LOCK_MS = 6e4;
+async function refreshDashboardAccessToken(deps = {}) {
+  const env = deps.env ?? process.env;
+  const fetchImpl = deps.fetch ?? fetch;
+  const now = deps.now ?? (() => Date.now());
+  const initial = readDashboardClientConfig(env);
+  if (!initial) {
+    throw new Error(
+      'dashboard not paired. Run "athena dashboard pair <token> --url <origin>" first.'
+    );
+  }
+  return await withLock(env, deps, async () => {
+    const config = readDashboardClientConfig(env);
+    if (!config) {
+      throw new Error(
+        'dashboard not paired. Run "athena dashboard pair <token> --url <origin>" first.'
+      );
+    }
+    let response;
+    try {
+      response = await fetchImpl(
+        `${config.dashboardUrl}/api/instances/refresh`,
+        {
+          method: "POST",
+          headers: { "content-type": "application/json" },
+          body: JSON.stringify({
+            refreshToken: config.refreshToken,
+            fingerprint: config.fingerprint
+          })
+        }
+      );
+    } catch (err) {
+      throw new Error(
+        `dashboard refresh: failed to reach ${config.dashboardUrl}: ${err instanceof Error ? err.message : String(err)}`
+      );
+    }
+    if (!response.ok) {
+      let detail = "";
+      const dropBody = response.status === 401 || response.status === 403;
+      if (!dropBody) {
+        try {
+          detail = await response.text();
+        } catch {
+        }
+      }
+      throw new Error(
+        `dashboard refresh: ${config.dashboardUrl} returned ${response.status}` + (detail ? ` \u2014 ${truncate(detail, 200)}` : "")
+      );
+    }
+    let parsed;
+    try {
+      parsed = parseRefreshResponse(await response.json());
+    } catch (err) {
+      throw new Error(
+        `dashboard refresh: invalid response: ${err instanceof Error ? err.message : String(err)}`
+      );
+    }
+    const updated = {
+      ...config,
+      refreshToken: parsed.refreshToken,
+      lastRefreshAt: now()
+    };
+    writeDashboardClientConfig(updated, env);
+    return {
+      accessToken: parsed.accessToken,
+      instanceId: parsed.instanceId,
+      expiresInSec: parsed.expiresInSec
+    };
+  });
+}
+async function withLock(env, deps, fn) {
+  const configPath = dashboardClientConfigPath(env);
+  const lockPath = `${configPath}.lock`;
+  const timeoutMs = deps.lockTimeoutMs ?? DEFAULT_LOCK_TIMEOUT_MS;
+  const pollMs = deps.lockPollMs ?? DEFAULT_LOCK_POLL_MS;
+  const staleMs = deps.staleLockMs ?? DEFAULT_STALE_LOCK_MS;
+  const deadline = Date.now() + timeoutMs;
+  let fd = null;
+  for (; ; ) {
+    try {
+      fd = fs4.openSync(lockPath, "wx", 384);
+      break;
+    } catch (err) {
+      if (err.code !== "EEXIST") throw err;
+      try {
+        const stat = fs4.statSync(lockPath);
+        if (Date.now() - stat.mtimeMs > staleMs) {
+          fs4.unlinkSync(lockPath);
+          continue;
+        }
+      } catch {
+        continue;
+      }
+      if (Date.now() >= deadline) {
+        throw new Error(
+          `dashboard refresh: timed out waiting for ${lockPath} after ${timeoutMs}ms`
+        );
+      }
+      await new Promise((resolve) => setTimeout(resolve, pollMs));
+    }
+  }
+  try {
+    return await fn();
+  } finally {
+    try {
+      fs4.closeSync(fd);
+    } catch {
+    }
+    try {
+      fs4.unlinkSync(lockPath);
+    } catch {
+    }
+  }
+}
+function parseRefreshResponse(raw) {
+  if (typeof raw !== "object" || raw === null) {
+    throw new Error("expected object");
+  }
+  const obj = raw;
+  const accessToken = obj["accessToken"];
+  const refreshToken = obj["refreshToken"];
+  const instanceId = obj["instanceId"];
+  const expiresInSec = obj["expiresInSec"];
+  if (typeof accessToken !== "string" || accessToken.length === 0) {
+    throw new Error("missing accessToken");
+  }
+  if (typeof refreshToken !== "string" || refreshToken.length === 0) {
+    throw new Error("missing refreshToken");
+  }
+  if (typeof instanceId !== "string" || instanceId.length === 0) {
+    throw new Error("missing instanceId");
+  }
+  if (typeof expiresInSec !== "number") {
+    throw new Error("missing expiresInSec");
+  }
+  return { accessToken, refreshToken, instanceId, expiresInSec };
+}
+function truncate(text, max) {
+  return text.length > max ? text.slice(0, max) + "\u2026" : text;
+}
+
+// src/gateway/transport/types.ts
+var TransportUnreachableError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "TransportUnreachableError";
+  }
+};
+
+// src/gateway/transport/trace.ts
+function traceGatewayFrame(transport, peer, direction, frame) {
+  if (process.env["ATHENA_GATEWAY_TRACE"] !== "1") return;
+  writeGatewayTrace(
+    `${transport} ${direction} ${peer} ${JSON.stringify(redactFrame(frame))}`
+  );
+}
+function redactFrame(value) {
+  if (Array.isArray(value)) return value.map(redactFrame);
+  if (typeof value !== "object" || value === null) return value;
+  const out = {};
+  for (const [key, child] of Object.entries(value)) {
+    if (key === "token") {
+      out[key] = "<redacted>";
+      continue;
+    }
+    out[key] = redactFrame(child);
+  }
+  return out;
+}
+
+// src/gateway/transport/uds.ts
+import fs5 from "fs";
+import net from "net";
+import path4 from "path";
+
+// src/gateway/transport/framing.ts
+var DEFAULT_MAX_LINE_BYTES = 1024 * 1024;
+var LineReaderOverflowError = class extends Error {
+  constructor(limit) {
+    super(`NDJSON line exceeded ${limit} bytes`);
+    this.name = "LineReaderOverflowError";
+  }
+};
+var LineReader = class {
+  buffer = "";
+  maxBytes;
+  constructor(maxBytes = DEFAULT_MAX_LINE_BYTES) {
+    this.maxBytes = maxBytes;
+  }
+  push(chunk) {
+    const incoming = typeof chunk === "string" ? chunk : chunk.toString("utf-8");
+    if (this.buffer.length + incoming.length > this.maxBytes) {
+      this.buffer = "";
+      throw new LineReaderOverflowError(this.maxBytes);
+    }
+    this.buffer += incoming;
+    const lines = [];
+    let idx = this.buffer.indexOf("\n");
+    while (idx !== -1) {
+      let line = this.buffer.slice(0, idx);
+      if (line.endsWith("\r")) line = line.slice(0, -1);
+      if (line.length > 0) lines.push(line);
+      this.buffer = this.buffer.slice(idx + 1);
+      idx = this.buffer.indexOf("\n");
+    }
+    return lines;
+  }
+  flush() {
+    const remainder = this.buffer.trim();
+    this.buffer = "";
+    return remainder.length > 0 ? [remainder] : [];
+  }
+};
+function encodeLine(value) {
+  return JSON.stringify(value) + "\n";
+}
+
+// src/gateway/transport/uds.ts
+function createUdsServerTransport(opts) {
+  return {
+    kind: "uds",
+    listen: (onConnection) => listenUds(opts, onConnection)
+  };
+}
+function createUdsClientTransport(opts) {
+  return {
+    kind: "uds",
+    connect: () => connectUds(opts)
+  };
+}
+async function listenUds(opts, onConnection) {
+  const logError = opts.logError ?? ((m) => process.stderr.write(m + "\n"));
+  await unlinkIfStale(opts.socketPath);
+  fs5.mkdirSync(path4.dirname(opts.socketPath), { recursive: true, mode: 448 });
+  const activeSockets = /* @__PURE__ */ new Set();
+  const server = net.createServer({ pauseOnConnect: false }, (socket) => {
+    activeSockets.add(socket);
+    socket.once("close", () => activeSockets.delete(socket));
+    onConnection(createSocketConnection(socket, "uds", logError));
+  });
+  await new Promise((resolve, reject) => {
+    const onError = (err) => reject(err);
+    server.once("error", onError);
+    server.listen(opts.socketPath, () => {
+      server.off("error", onError);
+      try {
+        if (process.platform !== "win32") {
+          fs5.chmodSync(opts.socketPath, 384);
+        }
+      } catch (err) {
+        logError(
+          `gateway: chmod 0600 on socket failed: ${err instanceof Error ? err.message : String(err)}`
+        );
+      }
+      resolve();
+    });
+  });
+  return {
+    close: () => new Promise((resolve) => {
+      for (const socket of activeSockets) {
+        socket.destroy();
+      }
+      activeSockets.clear();
+      server.close(() => {
+        try {
+          fs5.unlinkSync(opts.socketPath);
+        } catch {
+        }
+        resolve();
+      });
+    })
+  };
+}
+async function connectUds(opts) {
+  const timeoutMs = opts.timeoutMs ?? 5e3;
+  const socket = net.createConnection({ path: opts.socketPath });
+  await new Promise((resolve, reject) => {
+    const timer = setTimeout(() => {
+      socket.destroy();
+      reject(
+        new TransportUnreachableError(`connect timed out after ${timeoutMs}ms`)
+      );
+    }, timeoutMs);
+    socket.once("connect", () => {
+      clearTimeout(timer);
+      resolve();
+    });
+    socket.once("error", (err) => {
+      clearTimeout(timer);
+      const code = err.code;
+      if (code === "ENOENT" || code === "ECONNREFUSED") {
+        reject(
+          new TransportUnreachableError(
+            `gateway not reachable at ${opts.socketPath}: ${err.message}`
+          )
+        );
+      } else {
+        reject(err);
+      }
+    });
+  });
+  return createSocketConnection(socket, "uds");
+}
+async function unlinkIfStale(socketPath) {
+  if (!fs5.existsSync(socketPath)) return;
+  const alive = await new Promise((resolve) => {
+    const probe = net.connect(socketPath);
+    const timer = setTimeout(() => {
+      probe.destroy();
+      resolve(false);
+    }, 250);
+    probe.once("connect", () => {
+      clearTimeout(timer);
+      probe.end();
+      resolve(true);
+    });
+    probe.once("error", () => {
+      clearTimeout(timer);
+      resolve(false);
+    });
+  });
+  if (!alive) {
+    try {
+      fs5.unlinkSync(socketPath);
+    } catch {
+    }
+  }
+}
+function createSocketConnection(socket, peer, logError) {
+  const reader = new LineReader();
+  const frameHandlers = /* @__PURE__ */ new Set();
+  const closeHandlers = /* @__PURE__ */ new Set();
+  const errorHandlers = /* @__PURE__ */ new Set();
+  socket.on("data", (chunk) => {
+    let lines;
+    try {
+      lines = reader.push(chunk);
+    } catch (err) {
+      if (err instanceof LineReaderOverflowError) {
+        logError?.(`gateway: control connection overflow \u2014 closing`);
+        socket.destroy();
+        return;
+      }
+      throw err;
+    }
+    for (const line of lines) {
+      let parsed;
+      try {
+        parsed = JSON.parse(line);
+      } catch {
+        socket.destroy();
+        return;
+      }
+      traceGatewayFrame("uds", peer, "in", parsed);
+      for (const handler of frameHandlers) handler(parsed);
+    }
+  });
+  socket.on("error", (err) => {
+    for (const handler of errorHandlers) handler(err);
+  });
+  socket.on("close", () => {
+    for (const handler of closeHandlers) handler();
+  });
+  return {
+    kind: "uds",
+    peer,
+    send: (frame) => {
+      if (!socket.writable) return;
+      traceGatewayFrame("uds", peer, "out", frame);
+      socket.write(encodeLine(frame));
+    },
+    close: () => socket.destroy(),
+    onFrame: (cb) => {
+      frameHandlers.add(cb);
+      return () => frameHandlers.delete(cb);
+    },
+    onClose: (cb) => {
+      closeHandlers.add(cb);
+      return () => closeHandlers.delete(cb);
+    },
+    onError: (cb) => {
+      errorHandlers.add(cb);
+      return () => errorHandlers.delete(cb);
+    }
+  };
+}
+
+// src/shared/gateway-protocol/channelRequestId.ts
+import { randomInt } from "crypto";
+var ALPHABET = "abcdefghijkmnopqrstuvwxyz";
+var CHANNEL_REQUEST_ID_LENGTH = 5;
+var CHANNEL_REQUEST_ID_REGEX = /^[a-km-z]{5}$/;
+function generateChannelRequestId() {
+  let id = "";
+  for (let i = 0; i < CHANNEL_REQUEST_ID_LENGTH; i++) {
+    id += ALPHABET[randomInt(ALPHABET.length)];
+  }
+  return id;
+}
+function isValidChannelRequestId(value) {
+  return CHANNEL_REQUEST_ID_REGEX.test(value);
+}
+
+export {
+  writeGatewayTrace,
+  TransportUnreachableError,
+  traceGatewayFrame,
+  createUdsServerTransport,
+  createUdsClientTransport,
+  resolveGatewayPaths,
+  resolveListenSpec,
+  isLoopbackHost,
+  CHANNEL_REQUEST_ID_REGEX,
+  generateChannelRequestId,
+  isValidChannelRequestId,
+  initTelemetry,
+  isTelemetryEnabled,
+  disableTelemetry,
+  shutdownTelemetry,
+  trackAppLaunched,
+  trackSessionStarted,
+  trackSessionEnded,
+  trackError,
+  trackTelemetryOptedOut,
+  trackClaudeStartupFailed,
+  trackGatewayTransportConnect,
+  trackGatewayTransportDisconnect,
+  trackGatewayTransportReconnect,
+  trackGatewayRuntimeRebind,
+  trackGatewayRuntimeExpired,
+  loadOrCreateToken,
+  rotateGatewayToken,
+  timingSafeTokenEqual,
+  requireTokenForBind,
+  dashboardClientConfigPath,
+  normalizeDashboardUrl,
+  readDashboardClientConfig,
+  writeDashboardClientConfig,
+  removeDashboardClientConfig,
+  refreshDashboardAccessToken
+};
+//# sourceMappingURL=chunk-3FVULBV4.js.map