@drop2p/cli 0.1.0

package/dist/cli.js

@@ -0,0 +1,1248 @@
+#!/usr/bin/env node
+
+// src/cli.ts
+import qrcode from "qrcode-terminal";
+
+// ../../packages/protocol/src/index.ts
+var DSTP_VERSION = "DSTP/1";
+var CODE_ALPHABET = "0123456789ABCDEFGHJKMNPQRSTVWXYZ";
+var DEFAULTS = {
+  /** Routing portion of a transfer code, e.g. the "7K" in "7K-Q9MZ4P". */
+  channelLength: 2,
+  /** Secret portion (the PAKE password) — never sent to the server. */
+  secretLength: 6,
+  /** On-wire encrypted frame size (plaintext bytes before AEAD). */
+  frameBytes: 64 * 1024
+};
+var GiB = 1024 ** 3;
+var MINUTE = 60 * 1e3;
+var HOUR = 60 * MINUTE;
+var PLAN_LIMITS = {
+  free: { plan: "free", maxFileBytes: 1 * GiB, maxConcurrent: 1, monthlyTransfers: null, sessionTtlMs: 30 * MINUTE },
+  pro: { plan: "pro", maxFileBytes: 10 * GiB, maxConcurrent: 2, monthlyTransfers: 20, sessionTtlMs: 24 * HOUR },
+  ultimate: { plan: "ultimate", maxFileBytes: 50 * GiB, maxConcurrent: 5, monthlyTransfers: null, sessionTtlMs: 72 * HOUR }
+};
+
+// ../../packages/transfer-core/src/code.ts
+function generateSecret(length = DEFAULTS.secretLength) {
+  const bytes = new Uint8Array(length);
+  crypto.getRandomValues(bytes);
+  let out3 = "";
+  for (const b of bytes) out3 += CODE_ALPHABET.charAt(b % CODE_ALPHABET.length);
+  return out3;
+}
+function formatCode(channel, secret) {
+  return `${channel}-${secret}`;
+}
+function splitCode(code) {
+  const cleaned = code.trim().toUpperCase().replace(/\s+/g, "");
+  const [channel, secret] = cleaned.split("-");
+  return { channel: channel ?? "", secret: secret ?? "" };
+}
+
+// ../../packages/transfer-core/src/dstp.ts
+var TEXT = new TextEncoder();
+var bs = (v) => v;
+async function createPake(mod, secret, channel) {
+  const session = new mod.Spake2Session(
+    TEXT.encode(secret.toUpperCase()),
+    TEXT.encode(`DSTP/1:${channel}`)
+  );
+  const outbound = session.outboundMessage();
+  return { outbound, finish: (inbound) => session.finish(inbound) };
+}
+async function deriveFileKey(master, salt) {
+  const ikm = await crypto.subtle.importKey("raw", bs(master), "HKDF", false, ["deriveKey"]);
+  return crypto.subtle.deriveKey(
+    { name: "HKDF", hash: "SHA-256", salt: bs(salt), info: bs(TEXT.encode("DSTP/1 file")) },
+    ikm,
+    { name: "AES-GCM", length: 256 },
+    false,
+    ["encrypt", "decrypt"]
+  );
+}
+var VAULT_SALT_BYTES = 16;
+var VAULT_VERIFIER_COUNTER = 4294967295;
+var VAULT_MARKER = TEXT.encode("DSTP/1 vault ok");
+function randomSalt() {
+  const salt = new Uint8Array(VAULT_SALT_BYTES);
+  crypto.getRandomValues(salt);
+  return salt;
+}
+async function deriveVaultKey(mod, passphrase, salt) {
+  const raw = mod.argon2idDerive(TEXT.encode(passphrase), salt);
+  return crypto.subtle.importKey("raw", bs(raw), { name: "AES-GCM" }, false, ["encrypt", "decrypt"]);
+}
+async function makeVaultVerifier(vaultKey) {
+  return new Uint8Array(await encryptFrame(vaultKey, VAULT_VERIFIER_COUNTER, VAULT_MARKER));
+}
+async function checkVaultVerifier(vaultKey, verifier) {
+  try {
+    const out3 = new Uint8Array(await decryptFrame(vaultKey, VAULT_VERIFIER_COUNTER, bs(verifier)));
+    return out3.length === VAULT_MARKER.length && out3.every((b, i) => b === VAULT_MARKER[i]);
+  } catch {
+    return false;
+  }
+}
+async function sha256(...parts) {
+  const total = parts.reduce((n, p) => n + p.length, 0);
+  const buf = new Uint8Array(total);
+  let offset = 0;
+  for (const p of parts) {
+    buf.set(p, offset);
+    offset += p.length;
+  }
+  return new Uint8Array(await crypto.subtle.digest("SHA-256", bs(buf)));
+}
+function nonce(counter) {
+  const n = new Uint8Array(12);
+  new DataView(n.buffer).setBigUint64(4, BigInt(counter));
+  return n;
+}
+async function encryptFrame(key, counter, plaintext) {
+  const iv = nonce(counter);
+  const additionalData = new Uint8Array(iv.subarray(4));
+  return crypto.subtle.encrypt(
+    { name: "AES-GCM", iv: bs(iv), additionalData: bs(additionalData), tagLength: 128 },
+    key,
+    bs(plaintext)
+  );
+}
+async function decryptFrame(key, counter, ciphertext) {
+  const iv = nonce(counter);
+  const additionalData = new Uint8Array(iv.subarray(4));
+  return crypto.subtle.decrypt(
+    { name: "AES-GCM", iv: bs(iv), additionalData: bs(additionalData), tagLength: 128 },
+    key,
+    bs(ciphertext)
+  );
+}
+function toB64(u8) {
+  let s = "";
+  for (const b of u8) s += String.fromCharCode(b);
+  return btoa(s);
+}
+function fromB64(s) {
+  const bin = atob(s);
+  const u8 = new Uint8Array(bin.length);
+  for (let i = 0; i < bin.length; i++) u8[i] = bin.charCodeAt(i);
+  return u8;
+}
+
+// ../../packages/transfer-core/src/manager.ts
+var MAX_CHUNK_BYTES = 256 * 1024;
+var FRAME_OVERHEAD = 64;
+var HIGH_WATER = 2 * 1024 * 1024;
+var LOW_WATER = 1 * 1024 * 1024;
+var PROGRESS_INTERVAL_MS = 100;
+var TYPE_META = 1;
+var TYPE_CHUNK = 2;
+var TYPE_DONE = 3;
+var TEXT_ENC = new TextEncoder();
+var TEXT_DEC = new TextDecoder();
+var now = () => typeof performance !== "undefined" ? performance.now() : Date.now();
+var TransferManager = class {
+  constructor(env, update) {
+    this.env = env;
+    this.update = update;
+    this.sig = env.createSignaling(env.signalingUrl);
+  }
+  sig;
+  pc;
+  dc;
+  iceServers = [];
+  role = "sender";
+  channel = "";
+  secret = "";
+  phase = "idle";
+  remoteReady = false;
+  pendingCandidates = [];
+  source;
+  crypto;
+  // crypto / handshake
+  pake;
+  peerPake;
+  fileKey;
+  sendCounter = 0;
+  recvCounter = 0;
+  // Ultimate "double encryption": optional passphrase-derived (Argon2id) layer
+  // applied to file content *inside* the DSTP file key.
+  passphrase;
+  vaultKey;
+  vaultSalt;
+  vaultVerifier;
+  innerSendCounter = 0;
+  innerRecvCounter = 0;
+  keyReadyResolve;
+  keyReady = new Promise((r) => this.keyReadyResolve = r);
+  recvChain = Promise.resolve();
+  // sender waits for the receiver's sink to be ready before sending file bytes
+  peerReadyResolve;
+  peerReady = new Promise((r) => this.peerReadyResolve = r);
+  // sender waits for the receiver to confirm full receipt before tearing down,
+  // so a fast-exiting peer (e.g. the CLI) can't close the channel mid-delivery.
+  peerDoneResolve;
+  /** Resolves when the receiver has confirmed it got the whole file. */
+  peerDone = new Promise((r) => this.peerDoneResolve = r);
+  // progress throttling + speed sampling
+  transferStart = 0;
+  lastEmit = 0;
+  lastEmitBytes = 0;
+  // receiver-side sink
+  sink;
+  recvMeta;
+  recvBytes = 0;
+  closed = false;
+  sentAllData = false;
+  completed = false;
+  // ---------- public API ----------
+  async sendFile(source, opts) {
+    this.role = "sender";
+    this.source = source;
+    this.passphrase = opts?.passphrase?.trim() || void 0;
+    this.patch({
+      phase: "connecting",
+      role: "sender",
+      fileName: source.name,
+      fileSize: source.size,
+      transferred: 0,
+      progress: 0,
+      protected: Boolean(this.passphrase)
+    });
+    if (!await this.openSignalling()) return;
+    this.send({ t: "hello", v: DSTP_VERSION, role: "sender", authToken: this.authToken() });
+  }
+  async receive(rawCode) {
+    const { channel, secret } = splitCode(rawCode);
+    if (!channel || !secret) {
+      this.fail("That code doesn't look right \u2014 it should look like 8QVY-Q9MZ4P.");
+      return;
+    }
+    this.role = "receiver";
+    this.channel = channel;
+    this.secret = secret;
+    this.patch({ phase: "connecting", role: "receiver" });
+    if (!await this.openSignalling()) return;
+    this.send({ t: "hello", v: DSTP_VERSION, role: "receiver", authToken: this.authToken() });
+  }
+  /** Receiver: user entered the passphrase for a protected (double-encrypted) transfer. */
+  async submitPassphrase(passphrase) {
+    const pass = passphrase.trim();
+    if (!this.recvMeta || !this.vaultSalt || !this.vaultVerifier || !pass) return;
+    let key;
+    try {
+      const mod = await this.loadCrypto();
+      key = await deriveVaultKey(mod, pass, this.vaultSalt);
+    } catch {
+      this.patch({ error: "Couldn't process that passphrase. Try again." });
+      return;
+    }
+    if (!await checkVaultVerifier(key, this.vaultVerifier)) {
+      this.patch({ error: "That passphrase doesn't match. Try again." });
+      return;
+    }
+    this.vaultKey = key;
+    this.patch({ error: void 0 });
+    await this.prepareSink(this.recvMeta);
+  }
+  /** Receiver: user clicked "Save" — open the deferred sink (a user gesture) and go. */
+  async confirmSave() {
+    if (!this.recvMeta) return;
+    try {
+      this.sink = await this.env.createDeferredSink(this.recvMeta);
+    } catch {
+      this.fail("Save cancelled \u2014 pick a location to receive the file.");
+      return;
+    }
+    this.sendReady();
+    this.startProgress();
+    this.patch({ phase: "transferring", transferred: 0, progress: 0 });
+  }
+  close() {
+    this.closed = true;
+    try {
+      this.send({ t: "bye" });
+    } catch {
+    }
+    void this.sink?.abort();
+    this.dc?.close();
+    this.pc?.close();
+    this.sig.close();
+  }
+  // ---------- signalling ----------
+  authToken() {
+    return this.env.getAuthToken?.() ?? void 0;
+  }
+  async loadCrypto() {
+    if (!this.crypto) this.crypto = await this.env.loadCrypto();
+    return this.crypto;
+  }
+  async openSignalling() {
+    try {
+      await this.sig.connect();
+    } catch {
+      this.fail("Couldn't reach the server. Is the signalling server running?");
+      return false;
+    }
+    this.sig.onMessage = (m) => this.onServer(m);
+    return true;
+  }
+  send(msg) {
+    this.sig.send(msg);
+  }
+  onServer(m) {
+    switch (m.t) {
+      case "hello_ack":
+        this.iceServers = m.iceServers;
+        if (this.role === "sender") this.send({ t: "create", fileSize: this.source?.size ?? 0 });
+        else this.send({ t: "join", channel: this.channel });
+        return;
+      case "created": {
+        this.channel = m.channel;
+        this.secret = generateSecret();
+        this.setupPeer();
+        this.patch({
+          phase: "awaiting-peer",
+          code: formatCode(m.channel, this.secret),
+          expiresAt: m.expiresAt
+        });
+        return;
+      }
+      case "joined":
+        this.setupPeer();
+        return;
+      case "peer_joined":
+        void this.makeOffer();
+        return;
+      case "peer_left":
+        if (this.completed || this.phase === "done") return;
+        if (this.role === "sender" && this.sentAllData) {
+          this.finishOk(this.source?.size ?? 0);
+          return;
+        }
+        this.fail("The other side disconnected.");
+        return;
+      case "signal":
+        void this.onSignal(m.type, m.payload);
+        return;
+      case "error":
+        this.fail(this.errorText(m.code));
+        return;
+      case "pong":
+        return;
+    }
+  }
+  // ---------- WebRTC ----------
+  setupPeer() {
+    if (this.pc) return;
+    const pc = this.env.createPeerConnection(this.iceServers);
+    this.pc = pc;
+    pc.onicecandidate = (e) => {
+      if (e.candidate) this.send({ t: "signal", type: "candidate", payload: e.candidate.toJSON() });
+    };
+    pc.onconnectionstatechange = () => {
+      if (pc.connectionState === "connected") void this.detectConnectionType();
+      else if (pc.connectionState === "failed" && !this.completed && this.phase !== "done") {
+        this.fail(
+          "Couldn't connect \u2014 a strict network or firewall blocked a direct link between the two devices. If a relay is configured it'll retry through that; otherwise try both devices on the same Wi-Fi."
+        );
+      }
+    };
+    if (this.role === "sender") {
+      this.setupDataChannel(pc.createDataChannel("drop2p", { ordered: true }));
+    } else {
+      pc.ondatachannel = (e) => this.setupDataChannel(e.channel);
+    }
+  }
+  async makeOffer() {
+    if (!this.pc) return;
+    const offer = await this.pc.createOffer();
+    await this.pc.setLocalDescription(offer);
+    this.send({ t: "signal", type: "offer", payload: offer });
+  }
+  async onSignal(type, payload) {
+    if (!this.pc) return;
+    if (type === "offer") {
+      await this.pc.setRemoteDescription(payload);
+      this.remoteReady = true;
+      await this.flushCandidates();
+      const answer = await this.pc.createAnswer();
+      await this.pc.setLocalDescription(answer);
+      this.send({ t: "signal", type: "answer", payload: answer });
+    } else if (type === "answer") {
+      await this.pc.setRemoteDescription(payload);
+      this.remoteReady = true;
+      await this.flushCandidates();
+    } else if (type === "candidate") {
+      const cand = payload;
+      if (this.remoteReady) await this.pc.addIceCandidate(cand).catch(() => {
+      });
+      else this.pendingCandidates.push(cand);
+    }
+  }
+  async flushCandidates() {
+    for (const c of this.pendingCandidates) await this.pc?.addIceCandidate(c).catch(() => {
+    });
+    this.pendingCandidates = [];
+  }
+  // ---------- DataChannel: handshake + encrypted IO ----------
+  setupDataChannel(dc) {
+    this.dc = dc;
+    dc.binaryType = "arraybuffer";
+    dc.bufferedAmountLowThreshold = LOW_WATER;
+    dc.onmessage = (e) => {
+      const data = e.data;
+      this.recvChain = this.recvChain.then(() => this.handleData(data)).catch(() => {
+      });
+    };
+    dc.onopen = () => {
+      this.patch({ phase: "connected" });
+      void this.startHandshake();
+    };
+  }
+  async startHandshake() {
+    try {
+      const mod = await this.loadCrypto();
+      this.pake = await createPake(mod, this.secret, this.channel);
+      if (this.dc?.readyState === "open") {
+        this.dc.send(JSON.stringify({ kind: "pake", data: toB64(this.pake.outbound) }));
+      }
+      await this.maybeCompleteHandshake();
+    } catch {
+      this.fail("Couldn't start the secure handshake.");
+    }
+  }
+  async maybeCompleteHandshake() {
+    if (this.fileKey || !this.pake || !this.peerPake) return;
+    const master = this.pake.finish(this.peerPake);
+    const senderMsg = this.role === "sender" ? this.pake.outbound : this.peerPake;
+    const receiverMsg = this.role === "sender" ? this.peerPake : this.pake.outbound;
+    const salt = await sha256(TEXT_ENC.encode(`DSTP/1:${this.channel}`), senderMsg, receiverMsg);
+    this.fileKey = await deriveFileKey(master, salt);
+    this.keyReadyResolve();
+    if (this.role === "sender" && this.source && this.dc) void this.sendEncrypted(this.source, this.dc);
+  }
+  async handleData(data) {
+    if (typeof data === "string") {
+      const msg = JSON.parse(data);
+      if (msg.kind === "pake" && msg.data) {
+        this.peerPake = fromB64(msg.data);
+        await this.maybeCompleteHandshake();
+      } else if (msg.kind === "ready") {
+        this.peerReadyResolve();
+      } else if (msg.kind === "done-ack") {
+        this.peerDoneResolve();
+      }
+      return;
+    }
+    await this.keyReady;
+    if (!this.fileKey) return;
+    let plain;
+    try {
+      plain = new Uint8Array(await decryptFrame(this.fileKey, this.recvCounter++, data));
+    } catch {
+      this.fail("Decryption failed \u2014 wrong code, or the data was tampered with.");
+      return;
+    }
+    const type = plain[0];
+    const payload = plain.subarray(1);
+    if (type === TYPE_META) {
+      const meta = JSON.parse(TEXT_DEC.decode(payload));
+      this.recvMeta = meta;
+      this.recvBytes = 0;
+      if (meta.protected && meta.salt && meta.verifier) {
+        this.vaultSalt = fromB64(meta.salt);
+        this.vaultVerifier = fromB64(meta.verifier);
+        this.patch({
+          phase: "awaiting-passphrase",
+          fileName: meta.name,
+          fileSize: meta.size,
+          protected: true
+        });
+        return;
+      }
+      await this.prepareSink(meta);
+    } else if (type === TYPE_CHUNK) {
+      let chunk = payload;
+      if (this.vaultKey) {
+        try {
+          chunk = new Uint8Array(await decryptFrame(this.vaultKey, this.innerRecvCounter++, bs(payload)));
+        } catch {
+          this.fail("Decryption failed \u2014 wrong passphrase, or the data was tampered with.");
+          return;
+        }
+      }
+      this.recvBytes += chunk.length;
+      await this.sink?.write(chunk);
+      this.emitProgress(this.recvBytes, this.recvMeta?.size ?? 0);
+    } else if (type === TYPE_DONE) {
+      if (this.recvMeta && this.recvBytes !== this.recvMeta.size) {
+        await this.sink?.abort();
+        this.fail("Transfer ended early \u2014 the file looks incomplete.");
+      } else {
+        await this.sink?.close();
+        if (this.dc?.readyState === "open") this.dc.send(JSON.stringify({ kind: "done-ack" }));
+        this.finishOk(this.recvBytes);
+      }
+    }
+  }
+  /** Receiver: ask the host how to save, then act on its decision. */
+  async prepareSink(meta) {
+    const decision = await this.env.prepareSink(meta);
+    if (decision.kind === "error") {
+      this.fail(decision.message);
+      return;
+    }
+    if (decision.kind === "deferred") {
+      this.patch({ phase: "awaiting-save", fileName: meta.name, fileSize: meta.size });
+      return;
+    }
+    this.sink = decision.sink;
+    this.sendReady();
+    this.startProgress();
+    this.patch({
+      phase: "transferring",
+      fileName: meta.name,
+      fileSize: meta.size,
+      transferred: 0,
+      progress: 0
+    });
+  }
+  sendReady() {
+    if (this.dc?.readyState === "open") this.dc.send(JSON.stringify({ kind: "ready" }));
+  }
+  async sendEncrypted(source, dc) {
+    let salt;
+    let verifier;
+    if (this.passphrase) {
+      const mod = await this.loadCrypto();
+      const saltBytes = randomSalt();
+      this.vaultKey = await deriveVaultKey(mod, this.passphrase, saltBytes);
+      salt = toB64(saltBytes);
+      verifier = toB64(await makeVaultVerifier(this.vaultKey));
+    }
+    const metaBytes = TEXT_ENC.encode(
+      JSON.stringify({
+        name: source.name,
+        size: source.size,
+        mime: source.mime,
+        ...this.passphrase ? { protected: true, salt, verifier } : {}
+      })
+    );
+    await this.sendFrame(dc, TYPE_META, metaBytes);
+    await this.peerReady;
+    const maxMsg = this.pc?.sctp?.maxMessageSize || MAX_CHUNK_BYTES;
+    const chunkSize = Math.max(16 * 1024, Math.min(MAX_CHUNK_BYTES, maxMsg) - FRAME_OVERHEAD);
+    dc.bufferedAmountLowThreshold = LOW_WATER;
+    this.startProgress();
+    this.patch({ phase: "transferring", transferred: 0, progress: 0 });
+    let offset = 0;
+    while (offset < source.size && dc.readyState === "open") {
+      if (dc.bufferedAmount > HIGH_WATER) await this.waitDrain(dc);
+      const end = Math.min(offset + chunkSize, source.size);
+      let chunk = await source.slice(offset, end);
+      if (this.vaultKey) {
+        chunk = new Uint8Array(await encryptFrame(this.vaultKey, this.innerSendCounter++, chunk));
+      }
+      await this.sendFrame(dc, TYPE_CHUNK, chunk);
+      offset = end;
+      this.emitProgress(Math.max(0, offset - dc.bufferedAmount), source.size);
+    }
+    if (dc.readyState === "open") await this.sendFrame(dc, TYPE_DONE, new Uint8Array(0));
+    this.sentAllData = true;
+    while (dc.readyState === "open" && dc.bufferedAmount > 0) {
+      this.emitProgress(Math.max(0, source.size - dc.bufferedAmount), source.size);
+      await new Promise((r) => setTimeout(r, 100));
+    }
+    this.finishOk(source.size);
+  }
+  async sendFrame(dc, type, payload) {
+    if (!this.fileKey) return;
+    const plain = new Uint8Array(payload.length + 1);
+    plain[0] = type;
+    plain.set(payload, 1);
+    const ciphertext = await encryptFrame(this.fileKey, this.sendCounter++, plain);
+    if (dc.readyState !== "open") return;
+    try {
+      dc.send(bs(ciphertext));
+    } catch {
+      this.fail("The connection dropped mid-transfer. Please try again.");
+    }
+  }
+  waitDrain(dc) {
+    return new Promise((res) => {
+      const handler = () => {
+        dc.removeEventListener("bufferedamountlow", handler);
+        res();
+      };
+      dc.addEventListener("bufferedamountlow", handler);
+    });
+  }
+  async detectConnectionType() {
+    for (let attempt = 0; attempt < 6; attempt++) {
+      if (!this.pc || this.closed) return;
+      const type = await this.readConnectionType();
+      if (type !== "unknown") {
+        this.patch({ connectionType: type });
+        return;
+      }
+      await new Promise((r) => setTimeout(r, 200));
+    }
+  }
+  async readConnectionType() {
+    if (!this.pc) return "unknown";
+    try {
+      const stats = await this.pc.getStats();
+      let type = "unknown";
+      stats.forEach((report) => {
+        if (report.type === "candidate-pair" && (report.state === "succeeded" || report.nominated)) {
+          const local = stats.get(report.localCandidateId);
+          if (local?.candidateType) type = /relay/i.test(local.candidateType) ? "relay" : "direct";
+        }
+      });
+      return type;
+    } catch {
+      return "unknown";
+    }
+  }
+  // ---------- helpers ----------
+  /** Idempotently mark the transfer complete (either peer may trigger this). */
+  finishOk(transferred) {
+    if (this.completed) return;
+    this.completed = true;
+    this.patch({ phase: "done", progress: 1, transferred, speedBps: 0 });
+    this.recordHistory();
+  }
+  /** Record this completed transfer to history (paid plans only; metadata only). */
+  recordHistory() {
+    const sizeBytes = this.role === "sender" ? this.source?.size ?? 0 : this.recvMeta?.size ?? 0;
+    this.env.recordTransfer?.({
+      direction: this.role === "sender" ? "sent" : "received",
+      sizeBytes,
+      status: "completed"
+    });
+  }
+  startProgress() {
+    this.transferStart = now();
+    this.lastEmit = this.transferStart;
+    this.lastEmitBytes = 0;
+  }
+  emitProgress(transferred, total) {
+    const t = now();
+    if (t - this.lastEmit < PROGRESS_INTERVAL_MS) return;
+    const dt = (t - this.lastEmit) / 1e3;
+    const speed = dt > 0 ? (transferred - this.lastEmitBytes) / dt : 0;
+    this.lastEmit = t;
+    this.lastEmitBytes = transferred;
+    this.patch({
+      phase: "transferring",
+      transferred,
+      progress: total > 0 ? transferred / total : 0,
+      speedBps: speed
+    });
+  }
+  patch(p) {
+    if (this.closed && p.phase !== "error") return;
+    if (p.phase) this.phase = p.phase;
+    this.update(p);
+  }
+  fail(message) {
+    if (this.phase === "error") return;
+    this.patch({ phase: "error", error: message });
+    this.close();
+  }
+  errorText(code) {
+    switch (code) {
+      case "no_such_channel":
+        return "No transfer found for that code. Double-check it.";
+      case "already_claimed":
+        return "Someone already connected with that code.";
+      case "rate_limited":
+        return "Too many attempts \u2014 please wait a moment.";
+      case "expired":
+        return "That code has expired. Ask for a new one.";
+      case "unauthorized":
+        return "Not authorised.";
+      case "file_too_large":
+        return "This file is larger than your plan allows \u2014 upgrade for bigger transfers.";
+      case "concurrency_limit":
+        return "You've hit your simultaneous-transfer limit. Finish one, or upgrade.";
+      case "quota_exceeded":
+        return "You've used all your transfers this month. Upgrade for more.";
+      default:
+        return "Something went wrong. Please try again.";
+    }
+  }
+};
+
+// src/env-node.ts
+import { createRequire } from "node:module";
+import { createWriteStream } from "node:fs";
+import { open, mkdir } from "node:fs/promises";
+import { basename, join, dirname } from "node:path";
+import { WebSocket } from "ws";
+import { PeerConnection } from "node-datachannel";
+import { RTCPeerConnection as NDCPeerConnection } from "node-datachannel/polyfill";
+var require2 = createRequire(import.meta.url);
+var NodeSignaling = class {
+  constructor(url) {
+    this.url = url;
+  }
+  ws;
+  onMessage;
+  onClose;
+  connect() {
+    return new Promise((resolve, reject) => {
+      const ws = new WebSocket(this.url);
+      this.ws = ws;
+      let opened = false;
+      ws.on("open", () => {
+        opened = true;
+        resolve();
+      });
+      ws.on("error", () => {
+        if (!opened) reject(new Error("signalling connection failed"));
+      });
+      ws.on("close", () => this.onClose?.());
+      ws.on("message", (raw) => {
+        try {
+          this.onMessage?.(JSON.parse(raw.toString()));
+        } catch {
+        }
+      });
+    });
+  }
+  send(msg) {
+    if (this.ws?.readyState === WebSocket.OPEN) this.ws.send(JSON.stringify(msg));
+  }
+  close() {
+    this.ws?.close();
+  }
+};
+function toNativeIceServers(servers) {
+  const out3 = [];
+  for (const s of servers) {
+    const urls = Array.isArray(s.urls) ? s.urls : [s.urls];
+    for (const url of urls) {
+      const turn = /^(turns?):([^:?]+):(\d+)(?:\?transport=(udp|tcp))?/i.exec(url);
+      if (turn && s.username && s.credential) {
+        const scheme = turn[1].toLowerCase();
+        const transport = (turn[4] ?? "udp").toLowerCase();
+        const relayType = scheme === "turns" ? "TurnTls" : transport === "tcp" ? "TurnTcp" : "TurnUdp";
+        out3.push({
+          hostname: turn[2],
+          port: Number(turn[3]),
+          username: s.username,
+          password: s.credential,
+          relayType
+        });
+      } else {
+        out3.push(url);
+      }
+    }
+  }
+  return out3;
+}
+var pcSeq = 0;
+function makePeerFactory(iceTransportPolicy) {
+  return (iceServers) => {
+    const config = { iceServers: toNativeIceServers(iceServers) };
+    if (iceTransportPolicy === "relay") config.iceTransportPolicy = "relay";
+    const native = new PeerConnection(`drop2p-${++pcSeq}`, config);
+    return new NDCPeerConnection({ peerConnection: native });
+  };
+}
+var cryptoMod;
+async function loadCrypto() {
+  if (!cryptoMod) cryptoMod = require2("./wasm/drop2p_crypto_wasm.cjs");
+  return cryptoMod;
+}
+function safeName(name) {
+  const base = basename(name).replace(/\0/g, "").trim();
+  return base && base !== "." && base !== ".." ? base : "drop2p-download";
+}
+function createFsSink(filePath) {
+  const stream = createWriteStream(filePath);
+  return {
+    write: (chunk) => new Promise((res, rej) => {
+      stream.write(chunk, (err3) => err3 ? rej(err3) : res());
+    }),
+    close: () => new Promise((res, rej) => {
+      stream.end((err3) => err3 ? rej(err3) : res());
+    }),
+    abort: async () => {
+      stream.destroy();
+    }
+  };
+}
+async function openFileSource(filePath) {
+  const fh = await open(filePath, "r");
+  const { size } = await fh.stat();
+  return {
+    name: basename(filePath),
+    size,
+    mime: guessMime(filePath),
+    slice: async (start, end) => {
+      const len = end - start;
+      const buf = Buffer.allocUnsafe(len);
+      const { bytesRead } = await fh.read(buf, 0, len, start);
+      return new Uint8Array(buf.buffer, buf.byteOffset, bytesRead);
+    }
+  };
+}
+function guessMime(path) {
+  const ext = path.slice(path.lastIndexOf(".") + 1).toLowerCase();
+  const map = {
+    txt: "text/plain",
+    json: "application/json",
+    pdf: "application/pdf",
+    png: "image/png",
+    jpg: "image/jpeg",
+    jpeg: "image/jpeg",
+    gif: "image/gif",
+    zip: "application/zip",
+    gz: "application/gzip",
+    tar: "application/x-tar",
+    mp4: "video/mp4",
+    mov: "video/quicktime",
+    mp3: "audio/mpeg",
+    csv: "text/csv"
+  };
+  return map[ext] ?? "application/octet-stream";
+}
+function createNodeEnv(opts) {
+  const outDir = opts.outDir ?? process.cwd();
+  const sinkPath = (meta) => join(outDir, safeName(meta.name));
+  const openSink = async (meta) => {
+    const target = sinkPath(meta);
+    await mkdir(dirname(target), { recursive: true });
+    return createFsSink(target);
+  };
+  return {
+    signalingUrl: opts.signalingUrl,
+    createSignaling: (url) => new NodeSignaling(url),
+    createPeerConnection: makePeerFactory(opts.iceTransportPolicy),
+    loadCrypto,
+    // The CLI never needs a user gesture — open the sink immediately.
+    prepareSink: async (meta) => ({ kind: "ready", sink: await openSink(meta) }),
+    createDeferredSink: openSink,
+    getAuthToken: () => opts.authToken ?? void 0,
+    recordTransfer: opts.recordTransfer
+  };
+}
+function resolveOutPath(outDir, name) {
+  return join(outDir, safeName(name));
+}
+
+// src/config.ts
+import { homedir } from "node:os";
+import { join as join2 } from "node:path";
+import { readFile, writeFile, mkdir as mkdir2, chmod } from "node:fs/promises";
+var DIR = join2(homedir(), ".config", "drop2p");
+var CONFIG_PATH = join2(DIR, "config.json");
+async function loadConfig() {
+  try {
+    return JSON.parse(await readFile(CONFIG_PATH, "utf8"));
+  } catch {
+    return {};
+  }
+}
+async function saveConfig(patch) {
+  const next = { ...await loadConfig(), ...patch };
+  await mkdir2(DIR, { recursive: true });
+  await writeFile(CONFIG_PATH, JSON.stringify(next, null, 2));
+  await chmod(CONFIG_PATH, 384).catch(() => {
+  });
+}
+async function clearAuth() {
+  const cur = await loadConfig();
+  delete cur.apiKey;
+  delete cur.accessToken;
+  delete cur.refreshToken;
+  delete cur.email;
+  await mkdir2(DIR, { recursive: true });
+  await writeFile(CONFIG_PATH, JSON.stringify(cur, null, 2));
+}
+var resolveApiUrl = (cfg) => process.env.DROP2P_API_URL ?? cfg.apiUrl ?? "http://localhost:34140";
+var resolveSignalingUrl = (cfg) => process.env.DROP2P_SIGNALING_URL ?? cfg.signalingUrl ?? "ws://localhost:34110/ws";
+var resolveAuthToken = (cfg) => process.env.DROP2P_API_KEY ?? cfg.apiKey ?? cfg.accessToken ?? void 0;
+
+// src/account.ts
+import { createInterface } from "node:readline/promises";
+var out = (s = "") => {
+  process.stdout.write(s + "\n");
+};
+var err = (s = "") => {
+  process.stderr.write(s + "\n");
+};
+var CliError = class extends Error {
+};
+async function prompt(q) {
+  const rl = createInterface({ input: process.stdin, output: process.stderr });
+  try {
+    return (await rl.question(q)).trim();
+  } finally {
+    rl.close();
+  }
+}
+function authHeaders(token, init = {}) {
+  const headers = {
+    ...init.headers,
+    authorization: `Bearer ${token}`
+  };
+  if (init.body != null) headers["content-type"] = "application/json";
+  return { ...init, headers };
+}
+async function jwtCall(path, init = {}) {
+  const cfg = await loadConfig();
+  if (!cfg.accessToken) {
+    throw new CliError("This needs an account login. Run: drop2p login --email <you@example.com> --password <password>");
+  }
+  const url = resolveApiUrl(cfg);
+  let r = await fetch(url + path, authHeaders(cfg.accessToken, init));
+  if (r.status === 401 && cfg.refreshToken) {
+    const rr = await fetch(url + "/auth/refresh", {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({ refreshToken: cfg.refreshToken })
+    });
+    if (rr.ok) {
+      const j = await rr.json();
+      await saveConfig({ accessToken: j.accessToken });
+      r = await fetch(url + path, authHeaders(j.accessToken, init));
+    }
+  }
+  return r;
+}
+async function login(flags) {
+  if (flags.email || flags.password) {
+    const email = flags.email ?? await prompt("Email: ");
+    const password = flags.password ?? await prompt("Password: ");
+    const cfg2 = await loadConfig();
+    const r2 = await fetch(resolveApiUrl(cfg2) + "/auth/login", {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({ email, password })
+    });
+    const j = await r2.json().catch(() => ({}));
+    if (!r2.ok || !j.accessToken) throw new CliError(j.error ?? "Login failed.");
+    await saveConfig({ accessToken: j.accessToken, refreshToken: j.refreshToken, email: j.user?.email });
+    out(`Logged in as ${j.user?.email} (${j.user?.plan}). Config: ${CONFIG_PATH}`);
+    return;
+  }
+  const key = flags.key ?? await prompt("Paste your Drop2p API key (d2p_\u2026): ");
+  if (!key.startsWith("d2p_")) throw new CliError("That doesn't look like a Drop2p API key (expected a d2p_\u2026 value).");
+  const cfg = await loadConfig();
+  const r = await fetch(resolveApiUrl(cfg) + "/v1/me", authHeaders(key));
+  if (!r.ok) throw new CliError("That API key was rejected. Check it (or that it isn't revoked).");
+  const me = await r.json();
+  await saveConfig({ apiKey: key });
+  out(`Logged in as ${me.email} (${me.plan}) via API key. Config: ${CONFIG_PATH}`);
+}
+async function logout() {
+  await clearAuth();
+  out("Logged out (cleared stored credentials).");
+}
+async function whoami(flags) {
+  const cfg = await loadConfig();
+  const token = resolveAuthToken(cfg);
+  if (!token) throw new CliError("Not logged in. Run `drop2p login`.");
+  const r = await fetch(resolveApiUrl(cfg) + "/v1/me", authHeaders(token));
+  if (!r.ok) throw new CliError("Not authenticated (token rejected). Try `drop2p login` again.");
+  const me = await r.json();
+  if (flags.json) return out(JSON.stringify(me));
+  out(`${me.email}  \xB7  plan: ${me.plan}${me.role === "admin" ? "  \xB7  admin" : ""}`);
+}
+async function keys(sub, args, flags) {
+  if (sub === "create") {
+    const name = args[0] ?? "API key";
+    const r2 = await jwtCall("/v1/keys", { method: "POST", body: JSON.stringify({ name }) });
+    const j2 = await r2.json().catch(() => ({}));
+    if (r2.status === 403) throw new CliError(j2.error ?? "API keys are an Ultimate feature.");
+    if (!r2.ok || !j2.key) throw new CliError(j2.error ?? "Couldn't create the key.");
+    if (flags.json) return out(JSON.stringify(j2));
+    out(`
+  New API key (shown once \u2014 store it now):
+
+      ${j2.key}
+`);
+    err("  Use it via DROP2P_API_KEY or `drop2p login --key <key>`.");
+    return;
+  }
+  if (sub === "revoke") {
+    const id = args[0];
+    if (!id) throw new CliError("Usage: drop2p keys revoke <id>");
+    const r2 = await jwtCall(`/v1/keys/${id}`, { method: "DELETE" });
+    if (r2.status === 404) throw new CliError("No such key (already removed?).");
+    if (!r2.ok) throw new CliError(`Couldn't revoke the key (HTTP ${r2.status}).`);
+    const body = await r2.json().catch(() => ({}));
+    out(body.deleted ? `Deleted ${id}.` : `Revoked ${id} (run again to delete it).`);
+    return;
+  }
+  const r = await jwtCall("/v1/keys");
+  if (!r.ok) throw new CliError("Couldn't list keys.");
+  const j = await r.json();
+  if (flags.json) return out(JSON.stringify(j.keys));
+  if (j.keys.length === 0) return out("No API keys yet. Create one with: drop2p keys create <name>");
+  for (const k of j.keys) {
+    const status = k.revokedAt ? "revoked" : "active";
+    const last = k.lastUsedAt ? `last used ${new Date(k.lastUsedAt).toISOString().slice(0, 10)}` : "never used";
+    out(`  ${k.id}  ${k.prefix}\u2026  "${k.name}"  [${status}]  ${last}`);
+  }
+}
+async function history(flags) {
+  const cfg = await loadConfig();
+  const token = resolveAuthToken(cfg);
+  if (!token) throw new CliError("Not logged in. Run `drop2p login`.");
+  const r = await fetch(resolveApiUrl(cfg) + "/v1/history", authHeaders(token));
+  if (!r.ok) throw new CliError("Couldn't fetch history.");
+  const j = await r.json();
+  const rows = typeof flags.limit === "number" ? j.transfers.slice(0, flags.limit) : j.transfers;
+  if (flags.json) return out(JSON.stringify(rows));
+  if (rows.length === 0) return out("No transfers recorded (history is a Pro/Ultimate perk).");
+  for (const t of rows) {
+    const when = new Date(t.createdAt).toISOString().replace("T", " ").slice(0, 16);
+    out(`  ${when}  ${String(t.direction).padEnd(8)} ${String(t.status).padEnd(9)} ${Number(t.sizeBytes).toLocaleString()} bytes`);
+  }
+}
+
+// src/cli.ts
+function parse(argv) {
+  const [cmd, ...rest] = argv;
+  const positional = [];
+  const flags = {};
+  const val = (a, name, i) => a.startsWith(`--${name}=`) ? a.slice(name.length + 3) : rest[++i.v];
+  for (const box = { v: 0 }; box.v < rest.length; box.v++) {
+    const a = rest[box.v];
+    if (a === "--json") flags.json = true;
+    else if (a === "--out-code-only") flags.outCodeOnly = true;
+    else if (a === "--yes" || a === "-y") flags.yes = true;
+    else if (a === "--password" || a.startsWith("--password=")) flags.password = val(a, "password", box);
+    else if (a === "--out" || a.startsWith("--out=")) flags.out = val(a, "out", box);
+    else if (a === "--key" || a.startsWith("--key=")) flags.key = val(a, "key", box);
+    else if (a === "--email" || a.startsWith("--email=")) flags.email = val(a, "email", box);
+    else if (a === "--limit" || a.startsWith("--limit=")) flags.limit = Number(val(a, "limit", box));
+    else positional.push(a);
+  }
+  return { cmd, positional, flags };
+}
+var fmtBytes = (n) => {
+  if (n < 1024) return `${n} B`;
+  const u = ["KB", "MB", "GB", "TB"];
+  let v = n / 1024;
+  let i = 0;
+  while (v >= 1024 && i < u.length - 1) {
+    v /= 1024;
+    i++;
+  }
+  return `${v.toFixed(1)} ${u[i]}`;
+};
+var fmtDur = (secs) => {
+  if (!isFinite(secs) || secs < 0) return "\u2014";
+  const m = Math.floor(secs / 60);
+  const s = Math.floor(secs % 60);
+  return `${m}:${String(s).padStart(2, "0")}`;
+};
+var progressBar = (done, total, progress, speedBps) => {
+  const frac = progress != null ? progress : total > 0 ? done / total : 0;
+  const width = 22;
+  const filled = Math.max(0, Math.min(width, Math.round(frac * width)));
+  const meter = "\u2588".repeat(filled) + "\u2591".repeat(width - filled);
+  const pct = String(Math.round(frac * 100)).padStart(3, " ");
+  const speed = speedBps ? ` \xB7 ${fmtBytes(speedBps)}/s` : "";
+  const eta = speedBps && total > done ? ` \xB7 ETA ${fmtDur((total - done) / speedBps)}` : "";
+  return `  [${meter}] ${pct}%  ${fmtBytes(done)} / ${fmtBytes(total)}${speed}${eta}`;
+};
+var out2 = (s) => {
+  process.stdout.write(s + "\n");
+};
+var err2 = (s) => {
+  process.stderr.write(s + "\n");
+};
+function exit(code) {
+  setTimeout(() => process.exit(code), 150);
+  return void 0;
+}
+var VERSION = true ? "0.1.0" : "dev";
+var USAGE = [
+  "drop2p \u2014 zero-storage, end-to-end-encrypted file transfer in your terminal.",
+  "",
+  "Usage:",
+  "  drop2p send <file> [--password X] [--out-code-only] [--json]",
+  "  drop2p receive <code> [--out DIR] [--password X] [--json]",
+  "  drop2p login [--key d2p_\u2026] | [--email X --password Y]",
+  "  drop2p whoami | logout",
+  "  drop2p keys (create <name> | list | revoke <id>)",
+  "  drop2p history [--limit N] [--json]",
+  "  drop2p --version | --help",
+  "",
+  "Env: DROP2P_API_KEY \xB7 DROP2P_PASSWORD \xB7 DROP2P_SIGNALING_URL \xB7 DROP2P_API_URL"
+].join("\n");
+async function main() {
+  const { cmd, positional, flags } = parse(process.argv.slice(2));
+  const json = Boolean(flags.json);
+  const emit = (event, data = {}) => {
+    if (json) out2(JSON.stringify({ event, ...data }));
+  };
+  if (cmd === "--version" || cmd === "-v" || cmd === "version") return out2(VERSION);
+  if (cmd === "--help" || cmd === "-h" || cmd === "help") return out2(USAGE);
+  if (cmd === "send") return send(positional[0], flags, emit);
+  if (cmd === "receive") return receive(positional[0], flags, emit);
+  if (cmd === "login" || cmd === "logout" || cmd === "whoami" || cmd === "keys" || cmd === "history") {
+    try {
+      if (cmd === "login") await login(flags);
+      else if (cmd === "logout") await logout();
+      else if (cmd === "whoami") await whoami(flags);
+      else if (cmd === "keys") await keys(positional[0], positional.slice(1), flags);
+      else if (cmd === "history") await history(flags);
+    } catch (e) {
+      if (e instanceof CliError) {
+        err2(`  \u274C ${e.message}`);
+        process.exit(1);
+      }
+      throw e;
+    }
+    return;
+  }
+  err2(USAGE);
+  process.exit(2);
+}
+async function send(filePath, flags, emit) {
+  if (!filePath) {
+    err2("error: missing <file>");
+    process.exit(2);
+  }
+  let source;
+  try {
+    source = await openFileSource(filePath);
+  } catch {
+    err2(`error: can't read ${filePath}`);
+    process.exit(2);
+  }
+  const password = flags.password ?? process.env.DROP2P_PASSWORD;
+  const cfg = await loadConfig();
+  const env = createNodeEnv({
+    signalingUrl: resolveSignalingUrl(cfg),
+    authToken: resolveAuthToken(cfg),
+    iceTransportPolicy: process.env.DROP2P_FORCE_RELAY ? "relay" : void 0
+  });
+  let printedCode = false;
+  let finished = false;
+  let lastLine = 0;
+  const mgr = new TransferManager(env, (s) => {
+    if (s.code && !printedCode) {
+      printedCode = true;
+      emit("code", { code: s.code, expiresAt: s.expiresAt });
+      if (flags.outCodeOnly || flags.json) out2(s.code);
+      else {
+        out2(`
+  Share this code with the receiver:
+
+      ${s.code}
+`);
+        if (process.stderr.isTTY && s.code) qrcode.generate(s.code, { small: true }, (qr) => err2(qr));
+        err2("  Waiting for the other side to connect\u2026");
+      }
+    }
+    if (s.connectionType && s.connectionType !== "unknown") {
+      emit("connected", { via: s.connectionType });
+      if (!flags.json) err2(`  Connected (${s.connectionType === "relay" ? "\u{1F6F0}  relay" : "\u26A1 direct"}). Sending\u2026`);
+    }
+    if (s.phase === "transferring" && s.transferred != null && !flags.json) {
+      const now2 = Date.now();
+      if (now2 - lastLine > 200) {
+        lastLine = now2;
+        process.stderr.write("\r" + progressBar(s.transferred, source.size, s.progress, s.speedBps) + "    ");
+      }
+    }
+    if (s.transferred != null && s.phase === "transferring") emit("progress", { transferred: s.transferred, total: source.size, speedBps: s.speedBps });
+    if (s.phase === "done" && !finished) {
+      finished = true;
+      void (async () => {
+        await Promise.race([mgr.peerDone, new Promise((r) => setTimeout(r, 8e3))]);
+        if (!flags.json) err2(`
+  \u2705 Sent ${source.name} (${fmtBytes(source.size)}).`);
+        emit("done", { name: source.name, size: source.size });
+        mgr.close();
+        exit(0);
+      })();
+    }
+    if (s.phase === "error") {
+      if (!flags.json) err2(`
+  \u274C ${s.error}`);
+      emit("error", { message: s.error });
+      exit(1);
+    }
+  });
+  await mgr.sendFile(source, { passphrase: password });
+}
+async function receive(code, flags, emit) {
+  if (!code) {
+    err2("error: missing <code>");
+    process.exit(2);
+  }
+  const outDir = flags.out ?? process.cwd();
+  const password = flags.password ?? process.env.DROP2P_PASSWORD;
+  const cfg = await loadConfig();
+  const env = createNodeEnv({
+    signalingUrl: resolveSignalingUrl(cfg),
+    outDir,
+    authToken: resolveAuthToken(cfg),
+    iceTransportPolicy: process.env.DROP2P_FORCE_RELAY ? "relay" : void 0
+  });
+  let total = 0;
+  let name = "";
+  let lastLine = 0;
+  let askedPassphrase = false;
+  const mgr = new TransferManager(env, (s) => {
+    if (s.fileSize != null) total = s.fileSize;
+    if (s.fileName) name = s.fileName;
+    if (s.connectionType && s.connectionType !== "unknown") {
+      emit("connected", { via: s.connectionType });
+      if (!flags.json) err2(`  Connected (${s.connectionType === "relay" ? "\u{1F6F0}  relay" : "\u26A1 direct"}). Receiving\u2026`);
+    }
+    if (s.error && askedPassphrase && s.phase !== "error") {
+      if (!flags.json) err2(`  \u274C ${s.error}`);
+      emit("error", { message: s.error });
+      mgr.close();
+      exit(1);
+      return;
+    }
+    if (s.phase === "awaiting-passphrase" && !askedPassphrase) {
+      askedPassphrase = true;
+      if (!password) {
+        if (!flags.json) err2("  \u274C This transfer is passphrase-protected. Pass --password or set DROP2P_PASSWORD.");
+        emit("error", { message: "passphrase required" });
+        mgr.close();
+        exit(1);
+        return;
+      }
+      void mgr.submitPassphrase(password);
+    }
+    if (s.phase === "transferring" && s.transferred != null && !flags.json) {
+      const now2 = Date.now();
+      if (now2 - lastLine > 200) {
+        lastLine = now2;
+        process.stderr.write("\r" + progressBar(s.transferred, total, s.progress, s.speedBps) + "    ");
+      }
+    }
+    if (s.transferred != null && s.phase === "transferring") emit("progress", { transferred: s.transferred, total, speedBps: s.speedBps });
+    if (s.phase === "done") {
+      const dest = resolveOutPath(outDir, name || "drop2p-download");
+      if (!flags.json) err2(`
+  \u2705 Received \u2192 ${dest}`);
+      emit("done", { path: dest, size: total });
+      mgr.close();
+      exit(0);
+    }
+    if (s.phase === "error") {
+      if (!flags.json) err2(`
+  \u274C ${s.error}`);
+      emit("error", { message: s.error });
+      exit(1);
+    }
+  });
+  if (!flags.json) err2("  Connecting\u2026");
+  await mgr.receive(code);
+}
+void main();