@elizaos/plugin-remote-desktop 2.0.3-beta.6 → 2.0.3-beta.7

package/dist/index.js

@@ -0,0 +1,1056 @@
+// src/actions/remote-desktop.ts
+import {
+  requireConfirmation,
+  resolveActionArgs
+} from "@elizaos/core";
+
+// src/lifeops/remote-desktop.ts
+import { execFile, spawn } from "node:child_process";
+import { randomInt, randomUUID } from "node:crypto";
+import { promisify } from "node:util";
+import { logger } from "@elizaos/core";
+var execFileAsync = promisify(execFile);
+
+class RemoteDesktopError extends Error {
+  backend;
+  constructor(message, backend) {
+    super(message);
+    this.name = "RemoteDesktopError";
+    this.backend = backend;
+  }
+}
+var sessions = new Map;
+var DEFAULT_VNC_PORT = 5900;
+var DEFAULT_SESSION_MINUTES = 60;
+function isMockRemoteDesktopEnabled() {
+  const explicit = process.env.ELIZA_TEST_REMOTE_DESKTOP_BACKEND?.trim();
+  if (explicit) {
+    const normalized = explicit.toLowerCase();
+    return normalized === "1" || normalized === "true" || normalized === "yes" || normalized === "on" || normalized === "fixture";
+  }
+  return false;
+}
+function resolveConfig(config, env = process.env) {
+  return {
+    preferredBackend: config?.preferredBackend,
+    tailscaleNodeName: config?.tailscaleNodeName ?? (env.ELIZA_TAILSCALE_NODE?.trim() || undefined),
+    ngrokAuthToken: config?.ngrokAuthToken ?? (env.ELIZA_NGROK_AUTH_TOKEN?.trim() || undefined),
+    vncPort: config?.vncPort ?? DEFAULT_VNC_PORT,
+    sessionDurationMinutes: config?.sessionDurationMinutes ?? DEFAULT_SESSION_MINUTES
+  };
+}
+async function probeTailscale() {
+  try {
+    const { stdout } = await execFileAsync("tailscale", ["status", "--json"], {
+      timeout: 3000
+    });
+    const parsed = JSON.parse(stdout);
+    const authenticated = parsed.BackendState === "Running";
+    const hostname = parsed.Self?.DNSName?.replace(/\.$/, "") || parsed.Self?.HostName;
+    return { authenticated, hostname };
+  } catch {
+    return { authenticated: false };
+  }
+}
+async function probeLocalVncServer() {
+  if (process.platform === "darwin") {
+    try {
+      const { stdout } = await execFileAsync("launchctl", ["list", "com.apple.screensharing"], { timeout: 2000 });
+      return stdout.includes("com.apple.screensharing");
+    } catch {
+      return false;
+    }
+  }
+  if (process.platform === "linux") {
+    try {
+      await execFileAsync("which", ["x11vnc"], { timeout: 2000 });
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  return false;
+}
+async function probeNgrok(token) {
+  if (!token)
+    return false;
+  try {
+    await execFileAsync("ngrok", ["version"], { timeout: 2000 });
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function detectRemoteDesktopBackend(config) {
+  if (isMockRemoteDesktopEnabled()) {
+    return "tailscale-vnc";
+  }
+  const resolved = resolveConfig(config);
+  if (resolved.preferredBackend === "none")
+    return "none";
+  if (resolved.preferredBackend) {
+    const available = await backendAvailable(resolved.preferredBackend, resolved.ngrokAuthToken);
+    return available ? resolved.preferredBackend : "none";
+  }
+  const tailscale = await probeTailscale();
+  if (tailscale.authenticated) {
+    if (await probeLocalVncServer())
+      return "tailscale-vnc";
+    return "tailscale-ssh";
+  }
+  if (await probeNgrok(resolved.ngrokAuthToken))
+    return "ngrok-vnc";
+  return "none";
+}
+async function backendAvailable(backend, ngrokToken) {
+  if (backend === "none")
+    return true;
+  if (backend === "tailscale-vnc") {
+    const ts = await probeTailscale();
+    return ts.authenticated && await probeLocalVncServer();
+  }
+  if (backend === "tailscale-ssh") {
+    const ts = await probeTailscale();
+    return ts.authenticated;
+  }
+  if (backend === "ngrok-vnc") {
+    return probeNgrok(ngrokToken);
+  }
+  return false;
+}
+function generatePairingCode() {
+  return randomInt(0, 1e6).toString().padStart(6, "0");
+}
+function scheduleExpiry(id, durationMs) {
+  return setTimeout(() => {
+    endRemoteSession(id).catch((error) => {
+      logger.warn({
+        boundary: "lifeops",
+        integration: "remote-desktop",
+        sessionId: id,
+        err: error instanceof Error ? error : undefined
+      }, `[remote-desktop] auto-expire failed: ${error instanceof Error ? error.message : String(error)}`);
+    });
+  }, durationMs);
+}
+async function startTailscaleVncSession(args) {
+  const ts = await probeTailscale();
+  if (!ts.authenticated) {
+    throw new RemoteDesktopError("Tailscale is not authenticated", "tailscale-vnc");
+  }
+  const host = args.tailscaleNodeOverride || ts.hostname;
+  if (!host) {
+    throw new RemoteDesktopError("Tailscale hostname not discoverable", "tailscale-vnc");
+  }
+  if (process.platform === "darwin") {
+    const vncUp = await probeLocalVncServer();
+    if (!vncUp) {
+      throw new RemoteDesktopError("macOS Screen Sharing is not enabled. Enable it in System Settings → General → Sharing → Screen Sharing, then retry.", "tailscale-vnc");
+    }
+  }
+  return {
+    accessUrl: `vnc://${host}:${args.vncPort}`
+  };
+}
+async function startTailscaleSshSession(args) {
+  const ts = await probeTailscale();
+  if (!ts.authenticated) {
+    throw new RemoteDesktopError("Tailscale is not authenticated", "tailscale-ssh");
+  }
+  const host = args.tailscaleNodeOverride || ts.hostname;
+  if (!host) {
+    throw new RemoteDesktopError("Tailscale hostname not discoverable", "tailscale-ssh");
+  }
+  return { accessUrl: `ssh://${host}` };
+}
+async function startNgrokVncSession(args) {
+  const child = spawn("ngrok", ["tcp", String(args.vncPort), "--log=stdout", "--log-format=json"], {
+    env: { ...process.env, NGROK_AUTHTOKEN: args.authToken },
+    stdio: ["ignore", "pipe", "pipe"]
+  });
+  const accessUrl = await new Promise((resolve, reject) => {
+    const timer = setTimeout(() => {
+      reject(new RemoteDesktopError("ngrok did not report a public URL within 10s", "ngrok-vnc"));
+    }, 1e4);
+    const onStdout = (chunk) => {
+      const text = chunk.toString("utf8");
+      for (const line of text.split(`
+`)) {
+        if (!line.trim())
+          continue;
+        try {
+          const evt = JSON.parse(line);
+          if (evt.url?.startsWith("tcp://")) {
+            clearTimeout(timer);
+            child.stdout.off("data", onStdout);
+            resolve(evt.url);
+            return;
+          }
+        } catch {}
+      }
+    };
+    child.stdout.on("data", onStdout);
+    child.once("error", (err) => {
+      clearTimeout(timer);
+      reject(new RemoteDesktopError(`ngrok failed: ${err.message}`, "ngrok-vnc"));
+    });
+    child.once("exit", (code) => {
+      clearTimeout(timer);
+      reject(new RemoteDesktopError(`ngrok exited prematurely with code ${code}`, "ngrok-vnc"));
+    });
+  });
+  return { accessUrl, child };
+}
+async function startRemoteSession(config) {
+  const resolved = resolveConfig(config);
+  const mockEnabled = isMockRemoteDesktopEnabled();
+  const backend = await detectRemoteDesktopBackend(config);
+  const now = new Date;
+  const durationMs = resolved.sessionDurationMinutes * 60000;
+  const id = randomUUID();
+  const pairingCode = generatePairingCode();
+  const initialSession = {
+    id,
+    backend,
+    status: "starting",
+    accessCode: pairingCode,
+    startedAt: now.toISOString(),
+    expiresAt: new Date(now.getTime() + durationMs).toISOString()
+  };
+  sessions.set(id, { session: initialSession });
+  if (backend === "none") {
+    const failed = {
+      ...initialSession,
+      status: "failed",
+      error: "No remote-desktop backend available. Configure Tailscale or ngrok.",
+      endedAt: new Date().toISOString()
+    };
+    sessions.set(id, { session: failed });
+    return failed;
+  }
+  try {
+    if (mockEnabled) {
+      const activeSession2 = {
+        ...initialSession,
+        backend,
+        status: "active",
+        accessUrl: `vnc://127.0.0.1:${resolved.vncPort}/mock/${id}`,
+        mockMode: true
+      };
+      const expiryTimer2 = scheduleExpiry(id, durationMs);
+      sessions.set(id, {
+        session: activeSession2,
+        expiryTimer: expiryTimer2
+      });
+      return activeSession2;
+    }
+    let accessUrl;
+    let ngrokProcess;
+    if (backend === "tailscale-vnc") {
+      const result = await startTailscaleVncSession({
+        id,
+        pairingCode,
+        vncPort: resolved.vncPort,
+        tailscaleNodeOverride: resolved.tailscaleNodeName
+      });
+      accessUrl = result.accessUrl;
+    } else if (backend === "tailscale-ssh") {
+      const result = await startTailscaleSshSession({
+        tailscaleNodeOverride: resolved.tailscaleNodeName
+      });
+      accessUrl = result.accessUrl;
+    } else {
+      if (!resolved.ngrokAuthToken) {
+        throw new RemoteDesktopError("ngrok auth token not configured (ELIZA_NGROK_AUTH_TOKEN)", "ngrok-vnc");
+      }
+      const result = await startNgrokVncSession({
+        vncPort: resolved.vncPort,
+        authToken: resolved.ngrokAuthToken
+      });
+      accessUrl = result.accessUrl;
+      ngrokProcess = result.child;
+    }
+    const activeSession = {
+      ...initialSession,
+      status: "active",
+      accessUrl
+    };
+    const expiryTimer = scheduleExpiry(id, durationMs);
+    sessions.set(id, {
+      session: activeSession,
+      expiryTimer,
+      ngrokProcess
+    });
+    logger.info({
+      boundary: "lifeops",
+      integration: "remote-desktop",
+      sessionId: id,
+      backend
+    }, `[remote-desktop] session ${id} active via ${backend}`);
+    return activeSession;
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    const failed = {
+      ...initialSession,
+      status: "failed",
+      error: message,
+      endedAt: new Date().toISOString()
+    };
+    sessions.set(id, { session: failed });
+    logger.warn({
+      boundary: "lifeops",
+      integration: "remote-desktop",
+      sessionId: id,
+      backend
+    }, `[remote-desktop] session ${id} failed: ${message}`);
+    return failed;
+  }
+}
+async function getSessionStatus(id) {
+  const entry = sessions.get(id);
+  return entry ? entry.session : null;
+}
+async function endRemoteSession(id) {
+  const entry = sessions.get(id);
+  if (!entry)
+    return;
+  if (entry.expiryTimer) {
+    clearTimeout(entry.expiryTimer);
+  }
+  if (entry.ngrokProcess && entry.ngrokProcess.exitCode === null) {
+    entry.ngrokProcess.kill("SIGTERM");
+  }
+  const ended = {
+    ...entry.session,
+    status: "ended",
+    endedAt: new Date().toISOString()
+  };
+  sessions.set(id, { session: ended });
+  logger.info({
+    boundary: "lifeops",
+    integration: "remote-desktop",
+    sessionId: id
+  }, `[remote-desktop] session ${id} ended`);
+}
+async function listActiveSessions() {
+  return Array.from(sessions.values()).map((entry) => entry.session).filter((session) => session.status === "active" || session.status === "starting");
+}
+
+// src/remote/remote-session-service.ts
+import { randomUUID as randomUUID2 } from "node:crypto";
+import fs from "node:fs";
+import path from "node:path";
+import { logger as logger2, resolveStateDir } from "@elizaos/core";
+
+// src/remote/pairing-code.ts
+import { randomInt as randomInt2 } from "node:crypto";
+var PAIRING_CODE_TTL_MS = 5 * 60 * 1000;
+var PAIRING_CODE_LENGTH = 6;
+
+class PairingCodeStore {
+  ttlMs;
+  now;
+  entries = new Map;
+  constructor(options = {}) {
+    this.ttlMs = options.ttlMs ?? PAIRING_CODE_TTL_MS;
+    this.now = options.now ?? Date.now;
+  }
+  issue(subject) {
+    const issuedAt = this.now();
+    const entry = {
+      code: generatePairingCode2(),
+      issuedAt,
+      expiresAt: issuedAt + this.ttlMs
+    };
+    this.entries.set(subject, entry);
+    return entry;
+  }
+  consume(subject, code) {
+    const entry = this.entries.get(subject);
+    if (!entry)
+      return false;
+    const now = this.now();
+    if (entry.expiresAt <= now) {
+      this.entries.delete(subject);
+      return false;
+    }
+    if (entry.code !== code) {
+      return false;
+    }
+    this.entries.delete(subject);
+    return true;
+  }
+  peek(subject) {
+    const entry = this.entries.get(subject);
+    if (!entry)
+      return;
+    if (entry.expiresAt <= this.now()) {
+      this.entries.delete(subject);
+      return;
+    }
+    return entry;
+  }
+  clear(subject) {
+    if (subject) {
+      this.entries.delete(subject);
+    } else {
+      this.entries.clear();
+    }
+  }
+}
+function generatePairingCode2() {
+  return randomInt2(0, 10 ** PAIRING_CODE_LENGTH).toString().padStart(PAIRING_CODE_LENGTH, "0");
+}
+
+// src/remote/remote-session-service.ts
+class RemoteSessionError extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.name = "RemoteSessionError";
+    this.code = code;
+  }
+}
+var PAIRING_SUBJECT = "agent";
+function defaultIsLocalMode() {
+  return process.env.ELIZA_REMOTE_LOCAL_MODE === "1";
+}
+var nullDataPlane = {
+  resolve: () => ({
+    ingressUrl: null,
+    reason: "data-plane-not-configured"
+  })
+};
+function defaultStoragePath() {
+  return path.join(resolveStateDir(), "lifeops", "remote-sessions.json");
+}
+
+class RemoteSessionService {
+  sessions = new Map;
+  pairingCodes;
+  dataPlane;
+  isLocalMode;
+  now;
+  log;
+  storagePath;
+  constructor(options = {}) {
+    this.pairingCodes = options.pairingCodes ?? new PairingCodeStore;
+    this.dataPlane = options.dataPlane ?? nullDataPlane;
+    this.isLocalMode = options.isLocalMode ?? defaultIsLocalMode;
+    this.now = options.now ?? (() => new Date);
+    this.log = options.logger ?? logger2;
+    this.storagePath = options.storagePath ?? defaultStoragePath();
+    this.loadSessions();
+  }
+  issuePairingCode() {
+    const entry = this.pairingCodes.issue(PAIRING_SUBJECT);
+    return {
+      code: entry.code,
+      expiresAt: new Date(entry.expiresAt).toISOString()
+    };
+  }
+  async startSession(params) {
+    if (!params.confirmed) {
+      throw new RemoteSessionError("NOT_CONFIRMED", "Remote sessions require explicit confirmation (confirmed: true).");
+    }
+    const requester = params.requesterIdentity.trim();
+    if (!requester) {
+      throw new RemoteSessionError("MISSING_REQUESTER", "requesterIdentity is required.");
+    }
+    const localMode = this.isLocalMode();
+    let status = "pending";
+    if (!localMode) {
+      const code = params.pairingCode?.trim();
+      if (!code) {
+        throw new RemoteSessionError("PAIRING_CODE_REQUIRED", "Pairing code required for non-local sessions. Issue one with issuePairingCode() first.");
+      }
+      const ok = this.pairingCodes.consume(PAIRING_SUBJECT, code);
+      if (!ok) {
+        const denied = this.recordSession({
+          requesterIdentity: requester,
+          status: "denied",
+          ingressUrl: null,
+          reason: null,
+          localMode
+        });
+        this.log.warn({ boundary: "remote", sessionId: denied.id, requester }, "[RemoteSessionService] pairing-code rejected");
+        return {
+          sessionId: denied.id,
+          status: "denied",
+          ingressUrl: null,
+          reason: null,
+          localMode
+        };
+      }
+      status = "active";
+    } else {
+      status = "active";
+    }
+    const resolved = await this.dataPlane.resolve({
+      sessionId: "pending",
+      requesterIdentity: requester,
+      localMode
+    });
+    const session = this.recordSession({
+      requesterIdentity: requester,
+      status,
+      ingressUrl: resolved.ingressUrl,
+      reason: resolved.reason,
+      localMode
+    });
+    if (resolved.ingressUrl === null) {
+      this.log.info({
+        boundary: "remote",
+        sessionId: session.id,
+        reason: resolved.reason,
+        localMode
+      }, `[RemoteSessionService] session ${session.id} active but no data plane ingress (reason=${resolved.reason ?? "unknown"})`);
+    } else {
+      this.log.info({
+        boundary: "remote",
+        sessionId: session.id,
+        localMode
+      }, `[RemoteSessionService] session ${session.id} active`);
+    }
+    return {
+      sessionId: session.id,
+      status,
+      ingressUrl: session.ingressUrl,
+      reason: session.reason,
+      localMode
+    };
+  }
+  async revokeSession(sessionId) {
+    const session = this.sessions.get(sessionId);
+    if (!session) {
+      throw new RemoteSessionError("SESSION_NOT_FOUND", `No session found with id ${sessionId}.`);
+    }
+    if (session.status === "revoked" || session.status === "denied") {
+      return;
+    }
+    const endedAt = this.now().toISOString();
+    const revoked = {
+      ...session,
+      status: "revoked",
+      updatedAt: endedAt,
+      endedAt
+    };
+    this.sessions.set(sessionId, revoked);
+    this.persistSessions();
+    this.log.info({ boundary: "remote", sessionId }, `[RemoteSessionService] session ${sessionId} revoked`);
+  }
+  async listActiveSessions() {
+    return Array.from(this.sessions.values()).filter((s) => s.status === "active" || s.status === "pending");
+  }
+  async getSession(sessionId) {
+    return this.sessions.get(sessionId);
+  }
+  recordSession(input) {
+    const id = randomUUID2();
+    const nowIso = this.now().toISOString();
+    const session = {
+      id,
+      requesterIdentity: input.requesterIdentity,
+      status: input.status,
+      ingressUrl: input.ingressUrl,
+      reason: input.reason,
+      localMode: input.localMode,
+      createdAt: nowIso,
+      updatedAt: nowIso,
+      endedAt: input.status === "denied" || input.status === "revoked" ? nowIso : null
+    };
+    this.sessions.set(id, session);
+    this.persistSessions();
+    return session;
+  }
+  loadSessions() {
+    if (!fs.existsSync(this.storagePath)) {
+      return;
+    }
+    try {
+      const parsed = JSON.parse(fs.readFileSync(this.storagePath, "utf8"));
+      if (!Array.isArray(parsed)) {
+        return;
+      }
+      for (const entry of parsed) {
+        if (!entry || typeof entry !== "object") {
+          continue;
+        }
+        const session = entry;
+        if (typeof session.id !== "string" || typeof session.requesterIdentity !== "string" || typeof session.status !== "string" || typeof session.localMode !== "boolean" || typeof session.createdAt !== "string" || typeof session.updatedAt !== "string") {
+          continue;
+        }
+        this.sessions.set(session.id, {
+          id: session.id,
+          requesterIdentity: session.requesterIdentity,
+          status: session.status === "active" || session.status === "pending" || session.status === "denied" || session.status === "revoked" ? session.status : "revoked",
+          ingressUrl: typeof session.ingressUrl === "string" ? session.ingressUrl : null,
+          reason: session.reason === "data-plane-not-configured" || session.reason === "local-mode-no-ingress" ? session.reason : null,
+          localMode: session.localMode,
+          createdAt: session.createdAt,
+          updatedAt: session.updatedAt,
+          endedAt: typeof session.endedAt === "string" ? session.endedAt : null
+        });
+      }
+    } catch {}
+  }
+  persistSessions() {
+    fs.mkdirSync(path.dirname(this.storagePath), { recursive: true });
+    fs.writeFileSync(this.storagePath, JSON.stringify(Array.from(this.sessions.values()), null, 2), {
+      encoding: "utf8",
+      mode: 384
+    });
+  }
+}
+var singleton;
+function getRemoteSessionService() {
+  if (!singleton) {
+    singleton = new RemoteSessionService;
+  }
+  return singleton;
+}
+function __resetRemoteSessionServiceForTests() {
+  singleton = undefined;
+}
+
+// src/actions/remote-desktop.ts
+var ACTION_NAME = "REMOTE_DESKTOP";
+var SUBACTIONS = {
+  start: {
+    description: "Open remote-control session via RemoteSessionService. Requires confirmed:true. " + "Local ELIZA_REMOTE_LOCAL_MODE=1 skips pairingCode; cloud requires 6-digit pairingCode.",
+    descriptionCompressed: "open remote session confirmed-true 6-digit-pairing local-mode-skips",
+    required: ["confirmed"],
+    optional: ["pairingCode"]
+  },
+  status: {
+    description: "Lookup remote session by sessionId via stored backend.",
+    descriptionCompressed: "lookup remote session sessionId stored-session-backend",
+    required: ["sessionId"]
+  },
+  end: {
+    description: "Close remote session by sessionId via stored backend.",
+    descriptionCompressed: "close remote session sessionId stored-session-backend",
+    required: ["sessionId"]
+  },
+  list: {
+    description: "List active remote sessions via RemoteSessionService: ids, status, ingress URLs, local-mode hints.",
+    descriptionCompressed: "list active remote sessions ids+status+ingress+local-mode-hint",
+    required: []
+  },
+  revoke: {
+    description: "Revoke active remote session by sessionId via RemoteSessionService.",
+    descriptionCompressed: "revoke active remote session sessionId",
+    required: ["sessionId"]
+  }
+};
+function coerceString(value) {
+  if (typeof value !== "string")
+    return;
+  const trimmed = value.trim();
+  return trimmed.length > 0 ? trimmed : undefined;
+}
+function formatLegacySession(session) {
+  const lines = [
+    `Session ${session.id}`,
+    `  backend: ${session.backend}`,
+    `  status:  ${session.status}`
+  ];
+  if (session.accessUrl)
+    lines.push(`  url:     ${session.accessUrl}`);
+  if (session.accessCode)
+    lines.push(`  code:    ${session.accessCode}`);
+  if (session.expiresAt)
+    lines.push(`  expires: ${session.expiresAt}`);
+  if (session.error)
+    lines.push(`  error:   ${session.error}`);
+  return lines.join(`
+`);
+}
+async function handleStart(runtime, message, params) {
+  const backend = await detectRemoteDesktopBackend();
+  const startPrompt = `Starting a remote desktop session will expose this machine to the network via ${backend}.`;
+  const decision = await requireConfirmation({
+    runtime,
+    message,
+    actionName: ACTION_NAME,
+    pendingKey: `remote-start:${backend}`,
+    prompt: startPrompt
+  });
+  if (decision.status !== "confirmed") {
+    return {
+      text: decision.status === "pending" ? `${startPrompt} Reply yes to confirm or no to cancel.` : "Remote desktop start cancelled.",
+      success: decision.status === "pending",
+      values: {
+        success: false,
+        error: decision.status === "pending" ? "CONFIRMATION_REQUIRED" : "CANCELLED",
+        requiresConfirmation: decision.status === "pending",
+        backend
+      },
+      data: {
+        actionName: ACTION_NAME,
+        subaction: "start",
+        requiresConfirmation: decision.status === "pending",
+        backend,
+        intent: params.intent ?? null
+      }
+    };
+  }
+  const requesterIdentity = coerceString(params.requesterIdentity) ?? String(message.entityId);
+  try {
+    const result = await getRemoteSessionService().startSession({
+      requesterIdentity,
+      pairingCode: coerceString(params.pairingCode),
+      confirmed: true
+    });
+    if (result.status === "denied") {
+      return {
+        text: "Pairing code was invalid or expired. Request a fresh code and retry.",
+        success: false,
+        values: {
+          success: false,
+          error: "PAIRING_DENIED",
+          sessionId: result.sessionId
+        },
+        data: { actionName: ACTION_NAME, subaction: "start", session: result }
+      };
+    }
+    if (result.ingressUrl === null) {
+      return {
+        text: `Remote session ${result.sessionId} is authorized but the data plane is not configured (${result.reason ?? "unknown"}). Configure Tailscale (T9b) or the Eliza Cloud tunnel to complete pixel transport.`,
+        success: false,
+        values: {
+          success: false,
+          error: "DATA_PLANE_NOT_CONFIGURED",
+          requiresConfirmation: true,
+          sessionId: result.sessionId,
+          status: result.status,
+          ingressUrl: null,
+          reason: result.reason,
+          localMode: result.localMode
+        },
+        data: {
+          actionName: ACTION_NAME,
+          subaction: "start",
+          requiresConfirmation: true,
+          session: result
+        }
+      };
+    }
+    return {
+      text: `Remote session ${result.sessionId} active. Connect via ${result.ingressUrl}.`,
+      success: true,
+      values: {
+        success: true,
+        sessionId: result.sessionId,
+        status: result.status,
+        ingressUrl: result.ingressUrl,
+        localMode: result.localMode
+      },
+      data: { actionName: ACTION_NAME, subaction: "start", session: result }
+    };
+  } catch (error) {
+    if (error instanceof RemoteSessionError) {
+      return {
+        text: error.message,
+        success: false,
+        values: { success: false, error: error.code },
+        data: { actionName: ACTION_NAME, subaction: "start" }
+      };
+    }
+    throw error;
+  }
+}
+async function handleStatus(params) {
+  const sessionId = coerceString(params.sessionId);
+  if (!sessionId) {
+    return {
+      text: "Missing sessionId.",
+      success: false,
+      values: { success: false, error: "MISSING_SESSION_ID" },
+      data: { actionName: ACTION_NAME, subaction: "status" }
+    };
+  }
+  const session = await getSessionStatus(sessionId);
+  if (!session) {
+    return {
+      text: `No session found with id ${sessionId}.`,
+      success: false,
+      values: { success: false, error: "SESSION_NOT_FOUND" },
+      data: { actionName: ACTION_NAME, subaction: "status", sessionId }
+    };
+  }
+  return {
+    text: formatLegacySession(session),
+    success: true,
+    values: { success: true, status: session.status },
+    data: { actionName: ACTION_NAME, subaction: "status", session }
+  };
+}
+async function handleEnd(params) {
+  const sessionId = coerceString(params.sessionId);
+  if (!sessionId) {
+    return {
+      text: "Missing sessionId.",
+      success: false,
+      values: { success: false, error: "MISSING_SESSION_ID" },
+      data: { actionName: ACTION_NAME, subaction: "end" }
+    };
+  }
+  const existing = await getSessionStatus(sessionId);
+  if (!existing) {
+    return {
+      text: `No session found with id ${sessionId}.`,
+      success: false,
+      values: { success: false, error: "SESSION_NOT_FOUND" },
+      data: { actionName: ACTION_NAME, subaction: "end", sessionId }
+    };
+  }
+  await endRemoteSession(sessionId);
+  return {
+    text: `Remote session ${sessionId} ended.`,
+    success: true,
+    values: { success: true, sessionId },
+    data: { actionName: ACTION_NAME, subaction: "end", sessionId }
+  };
+}
+async function handleList() {
+  const sessions2 = await getRemoteSessionService().listActiveSessions();
+  if (sessions2.length === 0) {
+    return {
+      text: "No active remote sessions.",
+      success: true,
+      values: { success: true, count: 0 },
+      data: { actionName: ACTION_NAME, subaction: "list", sessions: [] }
+    };
+  }
+  const lines = sessions2.map((s) => `• ${s.id} — status=${s.status}${s.ingressUrl ? ` ingress=${s.ingressUrl}` : ` ingress=<none:${s.reason ?? "unknown"}>`}${s.localMode ? " (local)" : ""}`);
+  return {
+    text: `Active remote sessions (${sessions2.length}):
+${lines.join(`
+`)}`,
+    success: true,
+    values: { success: true, count: sessions2.length },
+    data: { actionName: ACTION_NAME, subaction: "list", sessions: sessions2 }
+  };
+}
+async function handleRevoke(params) {
+  const sessionId = coerceString(params.sessionId);
+  if (!sessionId) {
+    return {
+      text: "Missing sessionId.",
+      success: false,
+      values: { success: false, error: "MISSING_SESSION_ID" },
+      data: { actionName: ACTION_NAME, subaction: "revoke" }
+    };
+  }
+  try {
+    await getRemoteSessionService().revokeSession(sessionId);
+    return {
+      text: `Remote session ${sessionId} revoked.`,
+      success: true,
+      values: { success: true, sessionId },
+      data: { actionName: ACTION_NAME, subaction: "revoke", sessionId }
+    };
+  } catch (error) {
+    if (error instanceof RemoteSessionError) {
+      return {
+        text: error.message,
+        success: false,
+        values: { success: false, error: error.code, sessionId },
+        data: { actionName: ACTION_NAME, subaction: "revoke", sessionId }
+      };
+    }
+    throw error;
+  }
+}
+var remoteDesktopAction = {
+  name: ACTION_NAME,
+  similes: [
+    "REMOTE_SESSION",
+    "VNC_SESSION",
+    "REMOTE_CONTROL",
+    "PHONE_REMOTE_ACCESS",
+    "CONNECT_FROM_PHONE"
+  ],
+  description: "Remote-desktop sessions; owner connects to this machine from another device. " + "Subactions start confirmed:true cloud pairingCode; status|end|revoke sessionId; list active.",
+  descriptionCompressed: "REMOTE_DESKTOP start|status|end|list|revoke; start confirmed:true; cloud pairingCode",
+  tags: [
+    "domain:meta",
+    "capability:read",
+    "capability:write",
+    "capability:execute",
+    "capability:delete",
+    "surface:device",
+    "surface:internal",
+    "risk:irreversible"
+  ],
+  contexts: ["browser", "automation", "settings", "admin", "terminal"],
+  roleGate: { minRole: "OWNER" },
+  suppressPostActionContinuation: true,
+  validate: async () => true,
+  parameters: [
+    {
+      name: "action",
+      description: "start | status | end | list | revoke.",
+      descriptionCompressed: "remote-desktop action: start|status|end|list|revoke",
+      required: false,
+      schema: {
+        type: "string",
+        enum: ["start", "status", "end", "list", "revoke"]
+      },
+      examples: ["start", "list", "revoke"]
+    },
+    {
+      name: "sessionId",
+      description: "Session id. Required status|end|revoke.",
+      descriptionCompressed: "session id (status|end|revoke)",
+      required: false,
+      schema: { type: "string" },
+      examples: ["rs_abc123"]
+    },
+    {
+      name: "confirmed",
+      description: "true required for start; security gate.",
+      descriptionCompressed: "true required for start (security)",
+      required: false,
+      schema: { type: "boolean" }
+    },
+    {
+      name: "pairingCode",
+      description: "6-digit pairingCode for start. Required unless ELIZA_REMOTE_LOCAL_MODE=1.",
+      descriptionCompressed: "6-digit pairing code (start; skipped in local mode)",
+      required: false,
+      schema: { type: "string", pattern: "^[0-9]{6}$" },
+      examples: ["482193"]
+    },
+    {
+      name: "requesterIdentity",
+      description: "Requester id/name/device. Audit start.",
+      descriptionCompressed: "audit: requester id (start)",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "intent",
+      description: "Owner intent/reason. Audit.",
+      descriptionCompressed: "audit: owner reason",
+      required: false,
+      schema: { type: "string" }
+    }
+  ],
+  examples: [
+    [
+      {
+        name: "{{name1}}",
+        content: {
+          text: "Start a remote session with pairing code 482193, confirmed."
+        }
+      },
+      {
+        name: "{{agentName}}",
+        content: {
+          text: "Remote session active. Connect via vnc://host:5900.",
+          action: ACTION_NAME
+        }
+      }
+    ],
+    [
+      {
+        name: "{{name1}}",
+        content: { text: "Are any remote sessions open right now?" }
+      },
+      {
+        name: "{{agentName}}",
+        content: {
+          text: "No active remote sessions.",
+          action: ACTION_NAME
+        }
+      }
+    ],
+    [
+      {
+        name: "{{name1}}",
+        content: { text: "End the remote session rs_abc123." }
+      },
+      {
+        name: "{{agentName}}",
+        content: {
+          text: "Remote session rs_abc123 revoked.",
+          action: ACTION_NAME
+        }
+      }
+    ]
+  ],
+  handler: async (runtime, message, state, options) => {
+    const resolved = await resolveActionArgs({
+      runtime,
+      message,
+      ...state ? { state } : {},
+      ...options ? { options } : {},
+      actionName: ACTION_NAME,
+      subactions: SUBACTIONS
+    });
+    if (!resolved.ok) {
+      return {
+        success: false,
+        text: resolved.clarification,
+        values: {
+          success: false,
+          error: "MISSING_REMOTE_DESKTOP_ARGUMENTS",
+          missing: resolved.missing
+        },
+        data: {
+          actionName: ACTION_NAME,
+          reason: "missing_arguments",
+          missing: resolved.missing
+        }
+      };
+    }
+    const { subaction, params } = resolved;
+    switch (subaction) {
+      case "start":
+        return handleStart(runtime, message, params);
+      case "status":
+        return handleStatus(params);
+      case "end":
+        return handleEnd(params);
+      case "list":
+        return handleList();
+      case "revoke":
+        return handleRevoke(params);
+    }
+  }
+};
+var REMOTE_DESKTOP_ACTION_NAME = ACTION_NAME;
+
+// src/plugin.ts
+var remoteDesktopPlugin = {
+  name: "remote-desktop",
+  description: "Remote desktop session control for Eliza agents. REMOTE_DESKTOP umbrella action (start/status/end/list/revoke) over Tailscale VNC/SSH and ngrok backends with pairing-code confirmation. Extracted from @elizaos/plugin-personal-assistant.",
+  actions: [remoteDesktopAction]
+};
+
+// src/index.ts
+var src_default = remoteDesktopPlugin;
+export {
+  startRemoteSession,
+  remoteDesktopPlugin,
+  remoteDesktopAction,
+  listActiveSessions,
+  getSessionStatus,
+  getRemoteSessionService,
+  generatePairingCode2 as generatePairingCode,
+  endRemoteSession,
+  detectRemoteDesktopBackend,
+  src_default as default,
+  __resetRemoteSessionServiceForTests,
+  RemoteSessionService,
+  RemoteSessionError,
+  RemoteDesktopError,
+  REMOTE_DESKTOP_ACTION_NAME,
+  PairingCodeStore,
+  PAIRING_CODE_TTL_MS,
+  PAIRING_CODE_LENGTH
+};
+
+//# debugId=0352AD5350E719D164756E2164756E21