npm - @ekkos/cli - Versions diffs - 1.3.1 → 1.3.2 - Mend

@ekkos/cli 1.3.1 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

package/dist/commands/dashboard.js +147 -57
package/dist/commands/init.d.ts +1 -0
package/dist/commands/init.js +54 -16
package/dist/commands/run.js +163 -44
package/dist/commands/status.d.ts +4 -1
package/dist/commands/status.js +165 -27
package/dist/commands/synk.d.ts +7 -0
package/dist/commands/synk.js +339 -0
package/dist/deploy/settings.d.ts +6 -5
package/dist/deploy/settings.js +27 -17
package/dist/index.js +12 -82
package/dist/lib/usage-parser.d.ts +1 -1
package/dist/lib/usage-parser.js +5 -3
package/dist/local/index.d.ts +14 -0
package/dist/local/index.js +28 -0
package/dist/local/local-embeddings.d.ts +49 -0
package/dist/local/local-embeddings.js +232 -0
package/dist/local/offline-fallback.d.ts +44 -0
package/dist/local/offline-fallback.js +159 -0
package/dist/local/sqlite-store.d.ts +126 -0
package/dist/local/sqlite-store.js +393 -0
package/dist/local/sync-engine.d.ts +42 -0
package/dist/local/sync-engine.js +223 -0
package/dist/synk/api.d.ts +22 -0
package/dist/synk/api.js +133 -0
package/dist/synk/auth.d.ts +7 -0
package/dist/synk/auth.js +30 -0
package/dist/synk/config.d.ts +18 -0
package/dist/synk/config.js +37 -0
package/dist/synk/daemon/control-client.d.ts +11 -0
package/dist/synk/daemon/control-client.js +101 -0
package/dist/synk/daemon/control-server.d.ts +24 -0
package/dist/synk/daemon/control-server.js +91 -0
package/dist/synk/daemon/run.d.ts +14 -0
package/dist/synk/daemon/run.js +338 -0
package/dist/synk/encryption.d.ts +17 -0
package/dist/synk/encryption.js +133 -0
package/dist/synk/index.d.ts +13 -0
package/dist/synk/index.js +36 -0
package/dist/synk/machine-client.d.ts +42 -0
package/dist/synk/machine-client.js +218 -0
package/dist/synk/persistence.d.ts +51 -0
package/dist/synk/persistence.js +211 -0
package/dist/synk/qr.d.ts +5 -0
package/dist/synk/qr.js +33 -0
package/dist/synk/session-bridge.d.ts +58 -0
package/dist/synk/session-bridge.js +171 -0
package/dist/synk/session-client.d.ts +46 -0
package/dist/synk/session-client.js +240 -0
package/dist/synk/types.d.ts +574 -0
package/dist/synk/types.js +74 -0
package/dist/utils/platform.d.ts +5 -1
package/dist/utils/platform.js +24 -4
package/dist/utils/proxy-url.d.ts +10 -0
package/dist/utils/proxy-url.js +19 -0
package/dist/utils/state.d.ts +1 -1
package/dist/utils/state.js +11 -3
package/package.json +13 -4
package/templates/claude-plugins-admin/AGENT_TEAM_PROPOSALS.md +0 -819
package/templates/claude-plugins-admin/README.md +0 -446
package/templates/claude-plugins-admin/autonomous-admin-agent/.claude-plugin/plugin.json +0 -8
package/templates/claude-plugins-admin/autonomous-admin-agent/commands/agent.md +0 -595
package/templates/claude-plugins-admin/backend-agent/.claude-plugin/plugin.json +0 -8
package/templates/claude-plugins-admin/backend-agent/commands/backend.md +0 -798
package/templates/claude-plugins-admin/deploy-guardian/.claude-plugin/plugin.json +0 -8
package/templates/claude-plugins-admin/deploy-guardian/commands/deploy.md +0 -554
package/templates/claude-plugins-admin/frontend-agent/.claude-plugin/plugin.json +0 -8
package/templates/claude-plugins-admin/frontend-agent/commands/frontend.md +0 -881
package/templates/claude-plugins-admin/mcp-server-manager/.claude-plugin/plugin.json +0 -8
package/templates/claude-plugins-admin/mcp-server-manager/commands/mcp.md +0 -85
package/templates/claude-plugins-admin/memory-system-monitor/.claude-plugin/plugin.json +0 -8
package/templates/claude-plugins-admin/memory-system-monitor/commands/memory-health.md +0 -569
package/templates/claude-plugins-admin/qa-agent/.claude-plugin/plugin.json +0 -8
package/templates/claude-plugins-admin/qa-agent/commands/qa.md +0 -863
package/templates/claude-plugins-admin/tech-lead-agent/.claude-plugin/plugin.json +0 -8
package/templates/claude-plugins-admin/tech-lead-agent/commands/lead.md +0 -732
package/templates/hooks-node/lib/state.js +0 -187
package/templates/hooks-node/stop.js +0 -416
package/templates/hooks-node/user-prompt-submit.js +0 -337
package/templates/rules/00-hooks-contract.mdc +0 -89
package/templates/rules/30-ekkos-core.mdc +0 -188
package/templates/rules/31-ekkos-messages.mdc +0 -78

package/dist/synk/daemon/run.js ADDED Viewed

@@ -0,0 +1,338 @@
+"use strict";
+/**
+ * Synk daemon — background process for session management and remote control
+ *
+ * Lifecycle:
+ * 1. Acquire lock file (prevent multiple daemons)
+ * 2. Authenticate with synk-server
+ * 3. Start local HTTP control server
+ * 4. Register machine via REST API
+ * 5. Connect MachineClient WebSocket
+ * 6. Heartbeat loop
+ * 7. Await shutdown signal
+ * 8. Cleanup
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startDaemon = startDaemon;
+const node_os_1 = require("node:os");
+const node_path_1 = require("node:path");
+const node_fs_1 = require("node:fs");
+const node_child_process_1 = require("node:child_process");
+const node_crypto_1 = require("node:crypto");
+const config_1 = require("../config");
+const persistence_1 = require("../persistence");
+const api_1 = require("../api");
+const machine_client_1 = require("../machine-client");
+const control_server_1 = require("./control-server");
+const control_client_1 = require("./control-client");
+const proxy_url_1 = require("../../utils/proxy-url");
+const state_1 = require("../../utils/state");
+const HEARTBEAT_INTERVAL = parseInt(process.env.SYNK_DAEMON_HEARTBEAT_INTERVAL || '60000');
+let logStream = null;
+function getCliVersion() {
+    try {
+        const pkgPath = (0, node_path_1.resolve)(__dirname, '../../../package.json');
+        const pkg = JSON.parse((0, node_fs_1.readFileSync)(pkgPath, 'utf-8'));
+        return pkg.version || '0.0.0';
+    }
+    catch {
+        return '0.0.0';
+    }
+}
+function daemonLog(message, ...args) {
+    const line = `[${new Date().toISOString()}] ${message} ${args.map(a => typeof a === 'string' ? a : JSON.stringify(a)).join(' ')}`;
+    if (logStream)
+        logStream.write(line + '\n');
+    if (!config_1.synkConfig.isDaemonProcess)
+        console.log(line);
+}
+async function startDaemon() {
+    config_1.synkConfig.ensureDirectories();
+    const cliVersion = getCliVersion();
+    // Setup log file
+    const logPath = (0, node_path_1.join)(config_1.synkConfig.logsDir, `${new Date().toISOString().replace(/[:.]/g, '-')}-daemon.log`);
+    if (!(0, node_fs_1.existsSync)(config_1.synkConfig.logsDir))
+        (0, node_fs_1.mkdirSync)(config_1.synkConfig.logsDir, { recursive: true });
+    logStream = (0, node_fs_1.createWriteStream)(logPath, { flags: 'a' });
+    daemonLog(`Starting synk daemon v${cliVersion}`);
+    // Check if daemon already running
+    const existingState = await (0, persistence_1.readDaemonState)();
+    if (existingState) {
+        try {
+            process.kill(existingState.pid, 0);
+            daemonLog('Daemon already running, stopping old instance');
+            await (0, control_client_1.stopDaemon)();
+        }
+        catch {
+            daemonLog('Stale daemon state, cleaning up');
+            await (0, persistence_1.clearDaemonState)();
+        }
+    }
+    // Acquire lock
+    const lockHandle = await (0, persistence_1.acquireDaemonLock)();
+    if (!lockHandle) {
+        daemonLog('Failed to acquire daemon lock — another daemon may be running');
+        process.exit(1);
+    }
+    // Authenticate
+    const credentials = await (0, persistence_1.readCredentials)();
+    if (!credentials) {
+        daemonLog('No credentials found. Run "ekkos synk auth" first.');
+        await (0, persistence_1.releaseDaemonLock)(lockHandle);
+        process.exit(1);
+    }
+    // Get or create machine ID
+    const settings = await (0, persistence_1.readSettings)();
+    let machineId = settings.machineId;
+    if (!machineId) {
+        machineId = (0, node_crypto_1.randomUUID)();
+        await (0, persistence_1.updateSettings)(s => ({ ...s, machineId }));
+        daemonLog('Generated new machine ID:', machineId);
+    }
+    // Session tracking — keyed by sessionId (not PID) to avoid overwrite bugs
+    const trackedSessions = new Map();
+    let sessionCounter = 0;
+    // Shutdown handling
+    let shutdownRequested = false;
+    let resolveShutdown;
+    const shutdownPromise = new Promise(resolve => { resolveShutdown = resolve; });
+    const requestShutdown = () => {
+        if (shutdownRequested)
+            return;
+        shutdownRequested = true;
+        daemonLog('Shutdown requested');
+        resolveShutdown();
+    };
+    process.on('SIGINT', requestShutdown);
+    process.on('SIGTERM', requestShutdown);
+    process.on('uncaughtException', (error) => {
+        daemonLog('Uncaught exception:', error);
+        requestShutdown();
+    });
+    // --- Spawn session implementation ---
+    const spawnSession = async (options) => {
+        const { directory } = options;
+        daemonLog('Spawning session in:', directory);
+        if (!(0, node_fs_1.existsSync)(directory)) {
+            return { type: 'error', errorMessage: `Directory does not exist: ${directory}` };
+        }
+        // Generate session identity
+        const sessionId = options.sessionId || (0, node_crypto_1.randomUUID)();
+        const sessionName = (0, state_1.uuidToWords)(sessionId);
+        // Build proxy env vars (unless disabled)
+        const proxyEnv = {};
+        if (process.env.SYNK_DISABLE_PROXY !== '1') {
+            const ekkosConfig = (0, state_1.getConfig)();
+            let userId = ekkosConfig?.userId || 'anonymous';
+            if (userId === 'anonymous') {
+                const authToken = (0, state_1.getAuthToken)();
+                if (authToken?.startsWith('ekk_')) {
+                    const parts = authToken.split('_');
+                    if (parts.length >= 2)
+                        userId = parts[1];
+                }
+            }
+            proxyEnv.ANTHROPIC_BASE_URL = (0, proxy_url_1.buildProxyUrl)(userId, sessionName, directory, sessionId);
+            proxyEnv.EKKOS_PROXY_MODE = '1';
+            proxyEnv.EKKOS_ULTRA_MINIMAL = '1';
+        }
+        // Merge env vars: process.env + options.environmentVariables + proxy (highest priority)
+        const childEnv = {
+            ...process.env,
+            ...(options.environmentVariables || {}),
+            ...proxyEnv,
+        };
+        try {
+            // Create log file for spawned session
+            const sessionLogPath = (0, node_path_1.join)(config_1.synkConfig.logsDir, `${new Date().toISOString().replace(/[:.]/g, '-')}-session-${sessionName}.log`);
+            const sessionLogFd = (0, node_fs_1.createWriteStream)(sessionLogPath, { flags: 'a' });
+            const child = (0, node_child_process_1.spawn)('ekkos', ['run', '--started-by', 'daemon'], {
+                cwd: directory,
+                env: childEnv,
+                detached: true,
+                stdio: ['ignore', sessionLogFd, sessionLogFd],
+            });
+            child.unref();
+            const trackKey = `spawn-${++sessionCounter}`;
+            const tracked = {
+                pid: child.pid || 0,
+                startedBy: 'daemon',
+                startedAt: Date.now(),
+            };
+            trackedSessions.set(trackKey, tracked);
+            // Wait for session to report itself via webhook (max 15s)
+            const webhookSessionId = await new Promise((resolve) => {
+                const timeout = setTimeout(() => resolve(null), 15000);
+                const checkInterval = setInterval(() => {
+                    if (tracked.synkSessionId) {
+                        clearInterval(checkInterval);
+                        clearTimeout(timeout);
+                        resolve(tracked.synkSessionId);
+                    }
+                }, 200);
+            });
+            if (webhookSessionId) {
+                // Re-key tracked session by its actual session ID
+                trackedSessions.delete(trackKey);
+                trackedSessions.set(webhookSessionId, tracked);
+                daemonLog('Session spawned and registered:', webhookSessionId);
+                return { type: 'success', sessionId: webhookSessionId };
+            }
+            else {
+                daemonLog('Session spawned but webhook timeout — PID:', child.pid);
+                return { type: 'success', sessionId: `pending-${child.pid}` };
+            }
+        }
+        catch (error) {
+            daemonLog('Failed to spawn session:', error);
+            return { type: 'error', errorMessage: error instanceof Error ? error.message : 'Failed to spawn session' };
+        }
+    };
+    // Start HTTP control server
+    const controlServer = await (0, control_server_1.startDaemonControlServer)({
+        getChildren: () => Array.from(trackedSessions.values()),
+        stopSession: (sessionId) => {
+            for (const [key, session] of trackedSessions) {
+                if (session.synkSessionId === sessionId || key === sessionId) {
+                    try {
+                        process.kill(session.pid, 'SIGTERM');
+                    }
+                    catch { }
+                    return true;
+                }
+            }
+            return false;
+        },
+        spawnSession: async (options) => {
+            const result = await spawnSession(options);
+            if (result.type === 'success')
+                return { success: true, sessionId: result.sessionId };
+            return { success: false, error: result.errorMessage };
+        },
+        requestShutdown,
+        onSessionWebhook: (sessionId, metadata) => {
+            daemonLog('Session webhook:', sessionId);
+            // Find tracked session by PID from metadata
+            const hostPid = metadata?.hostPid;
+            let matched = false;
+            if (hostPid) {
+                for (const [, session] of trackedSessions) {
+                    if (session.pid === hostPid && !session.synkSessionId) {
+                        session.synkSessionId = sessionId;
+                        matched = true;
+                        break;
+                    }
+                }
+            }
+            if (!matched) {
+                // Terminal-spawned session reporting itself
+                trackedSessions.set(sessionId, {
+                    pid: hostPid || process.pid,
+                    startedBy: 'terminal',
+                    synkSessionId: sessionId,
+                    startedAt: Date.now(),
+                });
+            }
+        },
+    });
+    // Write daemon state
+    (0, persistence_1.writeDaemonState)({
+        pid: process.pid,
+        httpPort: controlServer.port,
+        startTime: new Date().toLocaleString(),
+        startedWithCliVersion: cliVersion,
+        daemonLogPath: logPath,
+    });
+    daemonLog(`Control server on port ${controlServer.port}`);
+    // Register machine with synk-server via REST
+    const machineMetadata = {
+        host: (0, node_os_1.hostname)(),
+        platform: (0, node_os_1.platform)(),
+        synkCliVersion: cliVersion,
+        homeDir: (0, node_os_1.homedir)(),
+        synkHomeDir: config_1.synkConfig.synkHomeDir,
+    };
+    const initialDaemonState = {
+        status: 'starting',
+        pid: process.pid,
+        httpPort: controlServer.port,
+        startedAt: Date.now(),
+    };
+    const apiClient = await api_1.ApiClient.create(credentials);
+    const machine = await apiClient.getOrCreateMachine({
+        machineId,
+        metadata: machineMetadata,
+        daemonState: initialDaemonState,
+    });
+    daemonLog('Machine registered:', machine.id);
+    // Connect WebSocket via MachineClient
+    const machineClient = new machine_client_1.MachineClient(credentials.token, machine, daemonLog);
+    machineClient.setRPCHandlers({
+        spawnSession,
+        stopSession: (sessionId) => {
+            for (const [key, session] of trackedSessions) {
+                if (session.synkSessionId === sessionId || key === sessionId) {
+                    try {
+                        process.kill(session.pid, 'SIGTERM');
+                    }
+                    catch { }
+                    return true;
+                }
+            }
+            return false;
+        },
+        requestShutdown,
+    });
+    machineClient.connect();
+    // Heartbeat loop
+    const heartbeatInterval = setInterval(async () => {
+        if (shutdownRequested)
+            return;
+        // Update last heartbeat
+        try {
+            const state = await (0, persistence_1.readDaemonState)();
+            if (state) {
+                (0, persistence_1.writeDaemonState)({ ...state, lastHeartbeat: new Date().toLocaleString() });
+            }
+        }
+        catch { }
+        // Prune dead sessions
+        for (const [key, session] of trackedSessions) {
+            if (session.pid === 0 || session.pid === process.pid)
+                continue;
+            try {
+                process.kill(session.pid, 0);
+            }
+            catch {
+                daemonLog('Pruning dead session:', session.synkSessionId || key);
+                trackedSessions.delete(key);
+            }
+        }
+    }, HEARTBEAT_INTERVAL);
+    daemonLog('Daemon ready. Waiting for shutdown signal...');
+    // Wait for shutdown
+    await shutdownPromise;
+    daemonLog('Shutting down...');
+    // Cleanup
+    clearInterval(heartbeatInterval);
+    // Update daemon state on server via MachineClient
+    try {
+        await machineClient.updateDaemonState(() => ({
+            status: 'shutting-down',
+            shutdownRequestedAt: Date.now(),
+        }));
+    }
+    catch { }
+    // Close WebSocket
+    machineClient.shutdown();
+    // Stop control server
+    await controlServer.stop();
+    // Clear daemon state file
+    await (0, persistence_1.clearDaemonState)();
+    // Release lock
+    await (0, persistence_1.releaseDaemonLock)(lockHandle);
+    if (logStream)
+        logStream.end();
+    daemonLog('Daemon stopped cleanly');
+    process.exit(0);
+}

package/dist/synk/encryption.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+export declare function encodeBase64(buffer: Uint8Array, variant?: 'base64' | 'base64url'): string;
+export declare function encodeBase64Url(buffer: Uint8Array): string;
+export declare function decodeBase64(base64: string, variant?: 'base64' | 'base64url'): Uint8Array;
+export declare function getRandomBytes(size: number): Uint8Array;
+export declare function libsodiumPublicKeyFromSecretKey(seed: Uint8Array): Uint8Array;
+export declare function libsodiumEncryptForPublicKey(data: Uint8Array, recipientPublicKey: Uint8Array): Uint8Array;
+export declare function encryptLegacy(data: any, secret: Uint8Array): Uint8Array;
+export declare function decryptLegacy(data: Uint8Array, secret: Uint8Array): any | null;
+export declare function encryptWithDataKey(data: any, dataKey: Uint8Array): Uint8Array;
+export declare function decryptWithDataKey(bundle: Uint8Array, dataKey: Uint8Array): any | null;
+export declare function encrypt(key: Uint8Array, variant: 'legacy' | 'dataKey', data: any): Uint8Array;
+export declare function decrypt(key: Uint8Array, variant: 'legacy' | 'dataKey', data: Uint8Array): any | null;
+export declare function authChallenge(secret: Uint8Array): {
+    challenge: Uint8Array;
+    publicKey: Uint8Array;
+    signature: Uint8Array;
+};

package/dist/synk/encryption.js ADDED Viewed

@@ -0,0 +1,133 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encodeBase64 = encodeBase64;
+exports.encodeBase64Url = encodeBase64Url;
+exports.decodeBase64 = decodeBase64;
+exports.getRandomBytes = getRandomBytes;
+exports.libsodiumPublicKeyFromSecretKey = libsodiumPublicKeyFromSecretKey;
+exports.libsodiumEncryptForPublicKey = libsodiumEncryptForPublicKey;
+exports.encryptLegacy = encryptLegacy;
+exports.decryptLegacy = decryptLegacy;
+exports.encryptWithDataKey = encryptWithDataKey;
+exports.decryptWithDataKey = decryptWithDataKey;
+exports.encrypt = encrypt;
+exports.decrypt = decrypt;
+exports.authChallenge = authChallenge;
+const node_crypto_1 = require("node:crypto");
+const tweetnacl_1 = __importDefault(require("tweetnacl"));
+function encodeBase64(buffer, variant = 'base64') {
+    if (variant === 'base64url') {
+        return encodeBase64Url(buffer);
+    }
+    return Buffer.from(buffer).toString('base64');
+}
+function encodeBase64Url(buffer) {
+    return Buffer.from(buffer)
+        .toString('base64')
+        .replace(/\+/g, '-')
+        .replace(/\//g, '_')
+        .replace(/=/g, '');
+}
+function decodeBase64(base64, variant = 'base64') {
+    if (variant === 'base64url') {
+        const base64Standard = base64
+            .replace(/-/g, '+')
+            .replace(/_/g, '/')
+            + '='.repeat((4 - base64.length % 4) % 4);
+        return new Uint8Array(Buffer.from(base64Standard, 'base64'));
+    }
+    return new Uint8Array(Buffer.from(base64, 'base64'));
+}
+function getRandomBytes(size) {
+    return new Uint8Array((0, node_crypto_1.randomBytes)(size));
+}
+function libsodiumPublicKeyFromSecretKey(seed) {
+    const hashedSeed = new Uint8Array((0, node_crypto_1.createHash)('sha512').update(seed).digest());
+    const secretKey = hashedSeed.slice(0, 32);
+    return new Uint8Array(tweetnacl_1.default.box.keyPair.fromSecretKey(secretKey).publicKey);
+}
+function libsodiumEncryptForPublicKey(data, recipientPublicKey) {
+    const ephemeralKeyPair = tweetnacl_1.default.box.keyPair();
+    const nonce = getRandomBytes(tweetnacl_1.default.box.nonceLength);
+    const encrypted = tweetnacl_1.default.box(data, nonce, recipientPublicKey, ephemeralKeyPair.secretKey);
+    const result = new Uint8Array(ephemeralKeyPair.publicKey.length + nonce.length + encrypted.length);
+    result.set(ephemeralKeyPair.publicKey, 0);
+    result.set(nonce, ephemeralKeyPair.publicKey.length);
+    result.set(encrypted, ephemeralKeyPair.publicKey.length + nonce.length);
+    return result;
+}
+function encryptLegacy(data, secret) {
+    const nonce = getRandomBytes(tweetnacl_1.default.secretbox.nonceLength);
+    const encrypted = tweetnacl_1.default.secretbox(new TextEncoder().encode(JSON.stringify(data)), nonce, secret);
+    const result = new Uint8Array(nonce.length + encrypted.length);
+    result.set(nonce);
+    result.set(encrypted, nonce.length);
+    return result;
+}
+function decryptLegacy(data, secret) {
+    const nonce = data.slice(0, tweetnacl_1.default.secretbox.nonceLength);
+    const encrypted = data.slice(tweetnacl_1.default.secretbox.nonceLength);
+    const decrypted = tweetnacl_1.default.secretbox.open(encrypted, nonce, secret);
+    if (!decrypted) {
+        return null;
+    }
+    return JSON.parse(new TextDecoder().decode(decrypted));
+}
+function encryptWithDataKey(data, dataKey) {
+    const nonce = getRandomBytes(12);
+    const cipher = (0, node_crypto_1.createCipheriv)('aes-256-gcm', dataKey, nonce);
+    const plaintext = new TextEncoder().encode(JSON.stringify(data));
+    const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+    const bundle = new Uint8Array(12 + encrypted.length + 16 + 1);
+    bundle.set([0], 0);
+    bundle.set(nonce, 1);
+    bundle.set(new Uint8Array(encrypted), 13);
+    bundle.set(new Uint8Array(authTag), 13 + encrypted.length);
+    return bundle;
+}
+function decryptWithDataKey(bundle, dataKey) {
+    if (bundle.length < 1)
+        return null;
+    if (bundle[0] !== 0)
+        return null;
+    if (bundle.length < 12 + 16 + 1)
+        return null;
+    const nonce = bundle.slice(1, 13);
+    const authTag = bundle.slice(bundle.length - 16);
+    const ciphertext = bundle.slice(13, bundle.length - 16);
+    try {
+        const decipher = (0, node_crypto_1.createDecipheriv)('aes-256-gcm', dataKey, nonce);
+        decipher.setAuthTag(authTag);
+        const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+        return JSON.parse(new TextDecoder().decode(decrypted));
+    }
+    catch {
+        return null;
+    }
+}
+function encrypt(key, variant, data) {
+    if (variant === 'legacy') {
+        return encryptLegacy(data, key);
+    }
+    else {
+        return encryptWithDataKey(data, key);
+    }
+}
+function decrypt(key, variant, data) {
+    if (variant === 'legacy') {
+        return decryptLegacy(data, key);
+    }
+    else {
+        return decryptWithDataKey(data, key);
+    }
+}
+function authChallenge(secret) {
+    const keypair = tweetnacl_1.default.sign.keyPair.fromSeed(secret);
+    const challenge = getRandomBytes(32);
+    const signature = tweetnacl_1.default.sign.detached(challenge, keypair.secretKey);
+    return { challenge, publicKey: keypair.publicKey, signature };
+}

package/dist/synk/index.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * ekkOS_synk — Remote session sync for Claude Code
+ */
+export { synkConfig } from './config';
+export * from './encryption';
+export * from './auth';
+export * from './persistence';
+export * from './types';
+export { displayQRCode } from './qr';
+export { ApiClient } from './api';
+export { SessionClient } from './session-client';
+export { MachineClient } from './machine-client';
+export { SynkSessionBridge } from './session-bridge';

package/dist/synk/index.js ADDED Viewed

@@ -0,0 +1,36 @@
+"use strict";
+/**
+ * ekkOS_synk — Remote session sync for Claude Code
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SynkSessionBridge = exports.MachineClient = exports.SessionClient = exports.ApiClient = exports.displayQRCode = exports.synkConfig = void 0;
+var config_1 = require("./config");
+Object.defineProperty(exports, "synkConfig", { enumerable: true, get: function () { return config_1.synkConfig; } });
+__exportStar(require("./encryption"), exports);
+__exportStar(require("./auth"), exports);
+__exportStar(require("./persistence"), exports);
+__exportStar(require("./types"), exports);
+var qr_1 = require("./qr");
+Object.defineProperty(exports, "displayQRCode", { enumerable: true, get: function () { return qr_1.displayQRCode; } });
+var api_1 = require("./api");
+Object.defineProperty(exports, "ApiClient", { enumerable: true, get: function () { return api_1.ApiClient; } });
+var session_client_1 = require("./session-client");
+Object.defineProperty(exports, "SessionClient", { enumerable: true, get: function () { return session_client_1.SessionClient; } });
+var machine_client_1 = require("./machine-client");
+Object.defineProperty(exports, "MachineClient", { enumerable: true, get: function () { return machine_client_1.MachineClient; } });
+var session_bridge_1 = require("./session-bridge");
+Object.defineProperty(exports, "SynkSessionBridge", { enumerable: true, get: function () { return session_bridge_1.SynkSessionBridge; } });

package/dist/synk/machine-client.d.ts ADDED Viewed

@@ -0,0 +1,42 @@
+/**
+ * WebSocket client for machine/daemon communication with synk-server
+ * Manages keep-alive heartbeat, daemon state updates, and RPC handler registration
+ *
+ * This is SEPARATE from SessionClient — SessionClient is per-session, MachineClient is per-daemon.
+ */
+import type { MachineMetadata, DaemonState, Machine } from './types';
+export interface SpawnSessionOptions {
+    machineId?: string;
+    directory: string;
+    sessionId?: string;
+    environmentVariables?: Record<string, string>;
+}
+export type SpawnSessionResult = {
+    type: 'success';
+    sessionId: string;
+} | {
+    type: 'error';
+    errorMessage: string;
+};
+interface MachineRpcHandlers {
+    spawnSession: (options: SpawnSessionOptions) => Promise<SpawnSessionResult>;
+    stopSession: (sessionId: string) => boolean;
+    requestShutdown: () => void;
+}
+export declare class MachineClient {
+    private readonly token;
+    private readonly machine;
+    private socket;
+    private keepAliveInterval;
+    private rpcHandlerManager;
+    private log;
+    constructor(token: string, machine: Machine, logger?: (msg: string, ...args: any[]) => void);
+    setRPCHandlers({ spawnSession, stopSession, requestShutdown }: MachineRpcHandlers): void;
+    updateMachineMetadata(handler: (metadata: MachineMetadata | null) => MachineMetadata): Promise<void>;
+    updateDaemonState(handler: (state: DaemonState | null) => DaemonState): Promise<void>;
+    connect(): void;
+    private startKeepAlive;
+    private stopKeepAlive;
+    shutdown(): void;
+}
+export {};