@ganglion/xacpx-relay 0.1.0

package/dist/cli.js

@@ -0,0 +1,1168 @@
+import { createRequire } from "node:module";
+var __require = /* @__PURE__ */ createRequire(import.meta.url);
+
+// packages/relay/src/cli.ts
+import { randomUUID as randomUUID3 } from "node:crypto";
+import { existsSync } from "node:fs";
+import { homedir } from "node:os";
+import { dirname as dirname2, join, resolve } from "node:path";
+
+// packages/relay/src/server.ts
+import { serve } from "@hono/node-server";
+import { WebSocketServer } from "ws";
+import {
+  MSG as MSG3
+} from "@ganglion/xacpx-relay-protocol";
+
+// packages/relay/src/db.ts
+import { mkdirSync } from "node:fs";
+import { dirname } from "node:path";
+async function createSqlDriver(path) {
+  if (path !== ":memory:") {
+    mkdirSync(dirname(path), { recursive: true });
+  }
+  if (typeof Bun !== "undefined") {
+    const { Database } = await import("bun:sqlite");
+    const db2 = new Database(path);
+    return {
+      exec: (sql) => db2.exec(sql),
+      run: (sql, params = []) => {
+        db2.query(sql).run(...params);
+      },
+      get: (sql, params = []) => db2.query(sql).get(...params) ?? undefined,
+      all: (sql, params = []) => db2.query(sql).all(...params),
+      close: () => db2.close()
+    };
+  }
+  const { DatabaseSync } = await import("node:sqlite");
+  const db = new DatabaseSync(path, { enableForeignKeyConstraints: false });
+  return {
+    exec: (sql) => db.exec(sql),
+    run: (sql, params = []) => {
+      db.prepare(sql).run(...params);
+    },
+    get: (sql, params = []) => db.prepare(sql).get(...params) ?? undefined,
+    all: (sql, params = []) => db.prepare(sql).all(...params),
+    close: () => db.close()
+  };
+}
+function initSchema(db) {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS accounts (
+      id TEXT PRIMARY KEY,
+      username TEXT NOT NULL UNIQUE,
+      created_at TEXT NOT NULL
+    );
+  `);
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS login_tokens (
+      id TEXT PRIMARY KEY,
+      token_hash TEXT NOT NULL UNIQUE,
+      account_id TEXT NOT NULL REFERENCES accounts(id),
+      label TEXT,
+      created_at TEXT NOT NULL,
+      last_used_at TEXT
+    );
+  `);
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS web_sessions (
+      token_hash TEXT PRIMARY KEY,
+      account_id TEXT NOT NULL REFERENCES accounts(id),
+      login_token_id TEXT REFERENCES login_tokens(id),
+      expires_at TEXT NOT NULL
+    );
+  `);
+  db.exec(`
+    CREATE INDEX IF NOT EXISTS idx_web_sessions_login_token ON web_sessions(login_token_id);
+  `);
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS pairing_tokens (
+      token_hash TEXT PRIMARY KEY,
+      account_id TEXT NOT NULL REFERENCES accounts(id),
+      name TEXT,
+      expires_at TEXT NOT NULL,
+      used_at TEXT
+    );
+    CREATE TABLE IF NOT EXISTS instances (
+      id TEXT PRIMARY KEY,
+      account_id TEXT NOT NULL REFERENCES accounts(id),
+      name TEXT NOT NULL,
+      credential_hash TEXT NOT NULL,
+      core_version TEXT,
+      last_seen_at TEXT,
+      created_at TEXT NOT NULL
+    );
+    CREATE TABLE IF NOT EXISTS messages (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      instance_id TEXT NOT NULL REFERENCES instances(id),
+      session_alias TEXT NOT NULL,
+      direction TEXT NOT NULL CHECK (direction IN ('in','out')),
+      text TEXT NOT NULL,
+      created_at TEXT NOT NULL,
+      structured TEXT
+    );
+    CREATE INDEX IF NOT EXISTS idx_messages_session ON messages (instance_id, session_alias, id);
+  `);
+}
+
+// packages/relay/src/stores/accounts.ts
+import { randomUUID } from "node:crypto";
+
+// packages/relay/src/auth.ts
+import { createHash, randomBytes, timingSafeEqual } from "node:crypto";
+function generateToken() {
+  return randomBytes(32).toString("base64url");
+}
+function hashToken(token) {
+  return createHash("sha256").update(token).digest("hex");
+}
+function hashEquals(a, b) {
+  if (a.length !== b.length)
+    return false;
+  return timingSafeEqual(Buffer.from(a), Buffer.from(b));
+}
+
+// packages/relay/src/stores/accounts.ts
+class AccountStore {
+  db;
+  now;
+  constructor(db, options = {}) {
+    this.db = db;
+    this.now = options.now ?? (() => new Date);
+  }
+  createAccount(username) {
+    const id = randomUUID();
+    const createdAt = this.now().toISOString();
+    this.db.run("INSERT INTO accounts (id, username, created_at) VALUES (?, ?, ?)", [id, username, createdAt]);
+    return { id, username, createdAt };
+  }
+  findByUsername(username) {
+    const row = this.db.get("SELECT id, username, created_at FROM accounts WHERE username = ?", [username]);
+    return row ? { id: row.id, username: row.username, createdAt: row.created_at } : null;
+  }
+  findById(id) {
+    const row = this.db.get("SELECT id, username, created_at FROM accounts WHERE id = ?", [id]);
+    return row ? { id: row.id, username: row.username, createdAt: row.created_at } : null;
+  }
+  listAccounts() {
+    return this.db.all(`SELECT a.id, a.username, a.created_at,
+        (SELECT COUNT(*) FROM login_tokens lt WHERE lt.account_id = a.id) AS token_count,
+        (SELECT COUNT(*) FROM instances i WHERE i.account_id = a.id) AS instance_count
+       FROM accounts a
+       ORDER BY a.created_at`).map((row) => ({
+      id: row.id,
+      username: row.username,
+      createdAt: row.created_at,
+      tokenCount: row.token_count,
+      instanceCount: row.instance_count
+    }));
+  }
+  countInstances(accountId) {
+    const row = this.db.get("SELECT COUNT(*) AS n FROM instances WHERE account_id = ?", [accountId]);
+    return row?.n ?? 0;
+  }
+  createLoginToken(accountId, label) {
+    const id = randomUUID();
+    const token = generateToken();
+    const createdAt = this.now().toISOString();
+    this.db.run("INSERT INTO login_tokens (id, token_hash, account_id, label, created_at, last_used_at) VALUES (?, ?, ?, ?, ?, NULL)", [id, hashToken(token), accountId, label ?? null, createdAt]);
+    return { id, token };
+  }
+  _resolveLoginToken(token) {
+    const row = this.db.get("SELECT id, account_id FROM login_tokens WHERE token_hash = ?", [hashToken(token)]);
+    if (!row)
+      return null;
+    const account = this.findById(row.account_id);
+    if (!account)
+      return null;
+    this.db.run("UPDATE login_tokens SET last_used_at = ? WHERE id = ?", [this.now().toISOString(), row.id]);
+    return { account, loginTokenId: row.id };
+  }
+  findAccountByLoginToken(token) {
+    return this._resolveLoginToken(token)?.account ?? null;
+  }
+  resolveLoginToken(token) {
+    return this._resolveLoginToken(token);
+  }
+  listLoginTokens(accountId) {
+    return this.db.all("SELECT id, label, created_at, last_used_at FROM login_tokens WHERE account_id = ? ORDER BY created_at", [accountId]).map((row) => ({
+      id: row.id,
+      label: row.label,
+      createdAt: row.created_at,
+      lastUsedAt: row.last_used_at
+    }));
+  }
+  listTokens() {
+    return this.db.all(`SELECT lt.id, lt.label, lt.created_at, lt.account_id,
+        (SELECT COUNT(*) FROM instances i WHERE i.account_id = lt.account_id) AS instance_count
+       FROM login_tokens lt
+       ORDER BY lt.created_at`).map((row) => ({
+      id: row.id,
+      label: row.label,
+      createdAt: row.created_at,
+      accountId: row.account_id,
+      instanceCount: row.instance_count
+    }));
+  }
+  accountIdForToken(valueOrId) {
+    const byValue = this._resolveLoginToken(valueOrId);
+    if (byValue)
+      return byValue.account.id;
+    const byId = this.db.get("SELECT account_id FROM login_tokens WHERE id = ?", [valueOrId]);
+    if (byId)
+      return byId.account_id;
+    const byPrefix = this.db.all("SELECT account_id FROM login_tokens WHERE id LIKE ? || '%'", [valueOrId]);
+    if (byPrefix.length === 1)
+      return byPrefix[0].account_id;
+    return null;
+  }
+  revokeLoginToken(tokenId) {
+    const existing = this.db.get("SELECT id FROM login_tokens WHERE id = ?", [tokenId]);
+    if (!existing)
+      return false;
+    this.db.run("DELETE FROM web_sessions WHERE login_token_id = ?", [tokenId]);
+    this.db.run("DELETE FROM login_tokens WHERE id = ?", [tokenId]);
+    return true;
+  }
+  createWebSession(accountId, loginTokenId, ttlMs) {
+    const token = generateToken();
+    const expiresAt = new Date(this.now().getTime() + ttlMs).toISOString();
+    this.db.run("INSERT INTO web_sessions (token_hash, account_id, login_token_id, expires_at) VALUES (?, ?, ?, ?)", [hashToken(token), accountId, loginTokenId, expiresAt]);
+    return token;
+  }
+  getSessionAccount(token) {
+    const row = this.db.get("SELECT account_id, expires_at FROM web_sessions WHERE token_hash = ?", [hashToken(token)]);
+    if (!row || new Date(row.expires_at).getTime() <= this.now().getTime())
+      return null;
+    return this.findById(row.account_id);
+  }
+  deleteWebSession(token) {
+    this.db.run("DELETE FROM web_sessions WHERE token_hash = ?", [hashToken(token)]);
+  }
+  deleteAccountCascade(accountId) {
+    this.db.exec("BEGIN");
+    try {
+      this.db.run("DELETE FROM messages WHERE instance_id IN (SELECT id FROM instances WHERE account_id = ?)", [accountId]);
+      this.db.run("DELETE FROM instances WHERE account_id = ?", [accountId]);
+      this.db.run("DELETE FROM pairing_tokens WHERE account_id = ?", [accountId]);
+      this.db.run("DELETE FROM web_sessions WHERE account_id = ?", [accountId]);
+      this.db.run("DELETE FROM login_tokens WHERE account_id = ?", [accountId]);
+      this.db.run("DELETE FROM accounts WHERE id = ?", [accountId]);
+      this.db.exec("COMMIT");
+    } catch (e) {
+      this.db.exec("ROLLBACK");
+      throw e;
+    }
+  }
+  pruneExpired(now) {
+    const iso = now.toISOString();
+    const ws = this.db.get("SELECT COUNT(*) AS n FROM web_sessions WHERE expires_at <= ?", [iso]);
+    this.db.run("DELETE FROM web_sessions WHERE expires_at <= ?", [iso]);
+    return ws?.n ?? 0;
+  }
+}
+
+// packages/relay/src/stores/instances.ts
+import { randomUUID as randomUUID2 } from "node:crypto";
+class InstanceStore {
+  db;
+  now;
+  constructor(db, options = {}) {
+    this.db = db;
+    this.now = options.now ?? (() => new Date);
+  }
+  issuePairingToken(accountId, name, ttlMs) {
+    const token = generateToken();
+    const expiresAt = new Date(this.now().getTime() + ttlMs).toISOString();
+    this.db.run("INSERT INTO pairing_tokens (token_hash, account_id, name, expires_at) VALUES (?, ?, ?, ?)", [hashToken(token), accountId, name ?? null, expiresAt]);
+    return { token, expiresAt };
+  }
+  registerInstanceForAccount(accountId, name, coreVersion) {
+    const instanceId = randomUUID2();
+    const credential = generateToken();
+    const nowIso = this.now().toISOString();
+    const instanceName = name ?? `instance-${instanceId.slice(0, 8)}`;
+    this.db.run("INSERT INTO instances (id, account_id, name, credential_hash, core_version, created_at) VALUES (?, ?, ?, ?, ?, ?)", [instanceId, accountId, instanceName, hashToken(credential), coreVersion ?? null, nowIso]);
+    return { instanceId, credential, accountId, name: instanceName };
+  }
+  redeemPairingToken(token, coreVersion) {
+    const tokenHash = hashToken(token);
+    const row = this.db.get("SELECT account_id, name, expires_at, used_at FROM pairing_tokens WHERE token_hash = ?", [tokenHash]);
+    const nowIso = this.now().toISOString();
+    if (!row || row.used_at !== null || new Date(row.expires_at).getTime() <= this.now().getTime()) {
+      return null;
+    }
+    this.db.run("UPDATE pairing_tokens SET used_at = ? WHERE token_hash = ?", [nowIso, tokenHash]);
+    const instanceId = randomUUID2();
+    const credential = generateToken();
+    const name = row.name ?? `instance-${instanceId.slice(0, 8)}`;
+    this.db.run("INSERT INTO instances (id, account_id, name, credential_hash, core_version, created_at) VALUES (?, ?, ?, ?, ?, ?)", [instanceId, row.account_id, name, hashToken(credential), coreVersion ?? null, nowIso]);
+    return { instanceId, credential, accountId: row.account_id, name };
+  }
+  verifyCredential(instanceId, credential) {
+    const row = this.db.get("SELECT * FROM instances WHERE id = ?", [instanceId]);
+    if (!row || !hashEquals(row.credential_hash, hashToken(credential)))
+      return null;
+    return toInstanceRow(row);
+  }
+  touch(instanceId, coreVersion) {
+    if (coreVersion !== undefined) {
+      this.db.run("UPDATE instances SET last_seen_at = ?, core_version = ? WHERE id = ?", [
+        this.now().toISOString(),
+        coreVersion,
+        instanceId
+      ]);
+      return;
+    }
+    this.db.run("UPDATE instances SET last_seen_at = ? WHERE id = ?", [this.now().toISOString(), instanceId]);
+  }
+  listByAccount(accountId) {
+    return this.db.all("SELECT * FROM instances WHERE account_id = ? ORDER BY created_at", [accountId]).map(toInstanceRow);
+  }
+  getOwned(instanceId, accountId) {
+    const row = this.db.get("SELECT * FROM instances WHERE id = ? AND account_id = ?", [instanceId, accountId]);
+    return row ? toInstanceRow(row) : null;
+  }
+  remove(instanceId, accountId) {
+    if (!this.getOwned(instanceId, accountId))
+      return false;
+    this.db.run("DELETE FROM instances WHERE id = ?", [instanceId]);
+    return true;
+  }
+  prunePairingTokens(now) {
+    const iso = now.toISOString();
+    const row = this.db.get("SELECT COUNT(*) AS n FROM pairing_tokens WHERE expires_at <= ? OR used_at IS NOT NULL", [iso]);
+    this.db.run("DELETE FROM pairing_tokens WHERE expires_at <= ? OR used_at IS NOT NULL", [iso]);
+    return row?.n ?? 0;
+  }
+}
+function toInstanceRow(row) {
+  return {
+    id: row.id,
+    accountId: row.account_id,
+    name: row.name,
+    coreVersion: row.core_version,
+    lastSeenAt: row.last_seen_at,
+    createdAt: row.created_at
+  };
+}
+
+// packages/relay/src/stores/messages.ts
+class MessageStore {
+  db;
+  now;
+  constructor(db, now = () => new Date) {
+    this.db = db;
+    this.now = now;
+  }
+  append(instanceId, sessionAlias, direction, text, structured) {
+    this.db.run("INSERT INTO messages (instance_id, session_alias, direction, text, created_at, structured) VALUES (?,?,?,?,?,?)", [instanceId, sessionAlias, direction, text, this.now().toISOString(), structured ? JSON.stringify(structured) : null]);
+  }
+  listBySession(accountId, instanceId, sessionAlias, opts = {}) {
+    const limit = opts.limit ?? 100;
+    const before = opts.before ?? null;
+    const rows = this.db.all(`SELECT m.id, m.instance_id, m.session_alias, m.direction, m.text, m.created_at, m.structured
+       FROM messages m JOIN instances i ON i.id = m.instance_id
+       WHERE i.account_id = ? AND m.instance_id = ? AND m.session_alias = ?
+         AND (? IS NULL OR m.id < ?)
+       ORDER BY m.id DESC LIMIT ?`, [accountId, instanceId, sessionAlias, before, before, limit + 1]);
+    const hasMore = rows.length > limit;
+    const page = hasMore ? rows.slice(0, limit) : rows;
+    return {
+      hasMore,
+      messages: page.reverse().map((r) => ({
+        id: r.id,
+        instanceId: r.instance_id,
+        sessionAlias: r.session_alias,
+        direction: r.direction,
+        text: r.text,
+        createdAt: r.created_at,
+        ...r.structured ? { structured: JSON.parse(r.structured) } : {}
+      }))
+    };
+  }
+  prune(opts) {
+    let deleted = 0;
+    if (opts.maxAgeMs !== undefined) {
+      const cutoff = new Date(this.now().getTime() - opts.maxAgeMs).toISOString();
+      const before = this.db.get("SELECT COUNT(*) AS n FROM messages WHERE created_at < ?", [cutoff]);
+      this.db.run("DELETE FROM messages WHERE created_at < ?", [cutoff]);
+      deleted += before?.n ?? 0;
+    }
+    if (opts.maxPerSession !== undefined) {
+      const groups = this.db.all("SELECT instance_id, session_alias FROM messages GROUP BY instance_id, session_alias HAVING COUNT(*) > ?", [opts.maxPerSession]);
+      for (const g of groups) {
+        const before = this.db.get("SELECT COUNT(*) AS n FROM messages WHERE instance_id = ? AND session_alias = ?", [g.instance_id, g.session_alias]);
+        this.db.run(`DELETE FROM messages WHERE instance_id = ? AND session_alias = ? AND id NOT IN (
+             SELECT id FROM messages WHERE instance_id = ? AND session_alias = ? ORDER BY id DESC LIMIT ?
+           )`, [g.instance_id, g.session_alias, g.instance_id, g.session_alias, opts.maxPerSession]);
+        deleted += Math.max(0, (before?.n ?? 0) - opts.maxPerSession);
+      }
+    }
+    return deleted;
+  }
+}
+
+// packages/relay/src/gateway/instance-gateway.ts
+import {
+  MSG,
+  RELAY_PROTOCOL_VERSION,
+  decodeEnvelope,
+  encodeEnvelope,
+  errorPayload
+} from "@ganglion/xacpx-relay-protocol";
+var DEFAULT_REQUEST_TIMEOUT_MS = 120000;
+
+class InstanceGateway {
+  deps;
+  connections = new Map;
+  pending = new Map;
+  seq = 0;
+  constructor(deps) {
+    this.deps = deps;
+  }
+  isOnline(instanceId) {
+    return this.connections.has(instanceId);
+  }
+  handleConnection(socket) {
+    let authed = null;
+    socket.on("message", (data) => {
+      const decoded = decodeEnvelope(String(data));
+      if (!decoded.ok) {
+        socket.send(encodeEnvelope({
+          protocolVersion: RELAY_PROTOCOL_VERSION,
+          kind: "event",
+          type: "relay.protocol-error",
+          payload: errorPayload(decoded.error, decoded.detail ?? "invalid envelope")
+        }));
+        if (!authed)
+          socket.close(4400, decoded.error);
+        return;
+      }
+      const envelope = decoded.envelope;
+      if (!authed) {
+        authed = this.handleHandshake(socket, envelope);
+        if (authed) {
+          this.connections.set(authed.instanceId, { socket, accountId: authed.accountId });
+          this.deps.onStatusChange?.(authed.instanceId, authed.accountId, true);
+        }
+        return;
+      }
+      if (envelope.kind === "res" && envelope.id) {
+        const waiting = this.pending.get(envelope.id);
+        if (waiting) {
+          clearTimeout(waiting.timer);
+          this.pending.delete(envelope.id);
+          waiting.resolve(envelope.payload);
+        }
+        return;
+      }
+      if (envelope.kind === "event") {
+        this.deps.instances.touch(authed.instanceId);
+        this.deps.onEvent?.(authed.instanceId, authed.accountId, envelope);
+      }
+    });
+    socket.on("close", () => {
+      if (authed) {
+        this.connections.delete(authed.instanceId);
+        for (const [id, p] of this.pending) {
+          if (p.instanceId === authed.instanceId) {
+            clearTimeout(p.timer);
+            this.pending.delete(id);
+            p.reject(new Error("instance-offline"));
+          }
+        }
+        this.deps.onStatusChange?.(authed.instanceId, authed.accountId, false);
+      }
+    });
+  }
+  handleHandshake(socket, envelope) {
+    const respond = (payload) => {
+      socket.send(encodeEnvelope({
+        protocolVersion: RELAY_PROTOCOL_VERSION,
+        kind: "res",
+        id: envelope.id ?? "handshake",
+        type: envelope.type,
+        payload
+      }));
+    };
+    if (envelope.kind !== "req") {
+      socket.close(4401, "unauthenticated");
+      return null;
+    }
+    if (envelope.type === MSG.instanceRegister) {
+      const payload = envelope.payload;
+      const presented = payload?.pairingToken ?? "";
+      const viaLogin = this.deps.accounts.resolveLoginToken(presented);
+      let result;
+      if (viaLogin) {
+        result = this.deps.instances.registerInstanceForAccount(viaLogin.account.id, payload?.name, payload?.coreVersion);
+      } else {
+        const redeemed = this.deps.instances.redeemPairingToken(presented, payload?.coreVersion);
+        if (!redeemed) {
+          respond(errorPayload("pairing-failed", "token is invalid, expired, or already used"));
+          return null;
+        }
+        result = redeemed;
+      }
+      respond({ instanceId: result.instanceId, credential: result.credential });
+      this.deps.instances.touch(result.instanceId);
+      return { instanceId: result.instanceId, accountId: result.accountId };
+    }
+    if (envelope.type === MSG.instanceAuth) {
+      const payload = envelope.payload;
+      const instance = this.deps.instances.verifyCredential(payload?.instanceId ?? "", payload?.credential ?? "");
+      if (!instance) {
+        respond(errorPayload("auth-failed", "unknown instance or bad credential"));
+        socket.close(4403, "auth-failed");
+        return null;
+      }
+      respond({ ok: true });
+      this.deps.instances.touch(instance.id, payload?.coreVersion);
+      return { instanceId: instance.id, accountId: instance.accountId };
+    }
+    socket.close(4401, "unauthenticated");
+    return null;
+  }
+  async sendRequest(instanceId, type, payload) {
+    const connection = this.connections.get(instanceId);
+    if (!connection) {
+      throw new Error("instance-offline");
+    }
+    const id = `relay-${++this.seq}`;
+    const timeoutMs = this.deps.requestTimeoutMs ?? DEFAULT_REQUEST_TIMEOUT_MS;
+    return await new Promise((resolve, reject) => {
+      const timer = setTimeout(() => {
+        this.pending.delete(id);
+        reject(new Error("timeout"));
+      }, timeoutMs);
+      this.pending.set(id, { resolve, reject, timer, instanceId });
+      connection.socket.send(encodeEnvelope({
+        protocolVersion: RELAY_PROTOCOL_VERSION,
+        kind: "req",
+        id,
+        type,
+        payload
+      }));
+    });
+  }
+}
+
+// packages/relay/src/gateway/web-gateway.ts
+import { encodeEnvelope as encodeEnvelope2, webEventEnvelope } from "@ganglion/xacpx-relay-protocol";
+
+class WebGateway {
+  byAccount = new Map;
+  register(accountId, socket) {
+    const set = this.byAccount.get(accountId) ?? new Set;
+    set.add(socket);
+    this.byAccount.set(accountId, set);
+    socket.on("close", () => {
+      set.delete(socket);
+      if (set.size === 0)
+        this.byAccount.delete(accountId);
+    });
+  }
+  broadcast(accountId, event) {
+    const set = this.byAccount.get(accountId);
+    if (!set)
+      return;
+    const data = encodeEnvelope2(webEventEnvelope(event));
+    for (const socket of set)
+      socket.send(data);
+  }
+}
+
+// packages/relay/src/http/app.ts
+import { Hono } from "hono";
+import { deleteCookie, getCookie, setCookie } from "hono/cookie";
+import { serveStatic } from "@hono/node-server/serve-static";
+import { MSG as MSG2 } from "@ganglion/xacpx-relay-protocol";
+
+// packages/relay/src/http/client-ip.ts
+import { getConnInfo } from "@hono/node-server/conninfo";
+function clientIp(c, trustProxy) {
+  if (trustProxy) {
+    const xff = c.req.header("x-forwarded-for");
+    if (xff)
+      return xff.split(",")[0].trim();
+  }
+  try {
+    return getConnInfo(c).remote.address ?? "unknown";
+  } catch {
+    return "unknown";
+  }
+}
+
+// packages/relay/src/http/app.ts
+var SESSION_COOKIE = "xrelay_session";
+var LOGIN_WINDOW_MS = 10 * 60 * 1000;
+var LOGIN_MAX_FAILURES = 10;
+var LOGIN_FAILURES_SWEEP_AT = 1024;
+var LOGIN_FAILURES_MAX = 4096;
+var GLOBAL_MAX_FAILURES = 200;
+var CHAT_SCOPED_TYPES = new Set([
+  MSG2.prompt,
+  MSG2.promptCancel,
+  MSG2.commandExecute,
+  MSG2.scheduledList,
+  MSG2.scheduledCreate,
+  MSG2.scheduledCancel,
+  MSG2.sessionsList,
+  MSG2.sessionsCreate,
+  MSG2.sessionsNativeList,
+  MSG2.sessionsRemove,
+  MSG2.sessionModelGet,
+  MSG2.sessionModelSet
+]);
+function requireJson(contentType) {
+  return (contentType ?? "").toLowerCase().includes("application/json");
+}
+function createApp(deps) {
+  const sessionTtlMs = deps.sessionTtlMs ?? 7 * 24 * 60 * 60 * 1000;
+  const pairingTtlMs = deps.pairingTtlMs ?? 10 * 60 * 1000;
+  const trustProxy = deps.trustProxy ?? false;
+  const now = deps.now ?? (() => new Date);
+  const loginFailures = new Map;
+  let globalFailures = { count: 0, windowStart: 0 };
+  function sweepPerIpLoginFailures(nowMs) {
+    if (loginFailures.size > LOGIN_FAILURES_SWEEP_AT) {
+      for (const [k, v] of loginFailures) {
+        if (nowMs - v.windowStart >= LOGIN_WINDOW_MS)
+          loginFailures.delete(k);
+      }
+      if (loginFailures.size > LOGIN_FAILURES_MAX) {
+        const sorted = [...loginFailures.entries()].sort((a, b) => a[1].windowStart - b[1].windowStart);
+        for (let i = 0;i < sorted.length && loginFailures.size > LOGIN_FAILURES_MAX; i++) {
+          const entry = sorted[i];
+          if (entry)
+            loginFailures.delete(entry[0]);
+        }
+      }
+    }
+  }
+  function recordFailure(ip, nowMs) {
+    const perIp = loginFailures.get(ip);
+    const ipEntry = perIp && nowMs - perIp.windowStart < LOGIN_WINDOW_MS ? { count: perIp.count + 1, windowStart: perIp.windowStart } : { count: 1, windowStart: nowMs };
+    loginFailures.set(ip, ipEntry);
+    if (nowMs - globalFailures.windowStart >= LOGIN_WINDOW_MS) {
+      globalFailures = { count: 1, windowStart: nowMs };
+    } else {
+      globalFailures = { count: globalFailures.count + 1, windowStart: globalFailures.windowStart };
+    }
+  }
+  function isRateLimited(ip, nowMs) {
+    if (nowMs - globalFailures.windowStart < LOGIN_WINDOW_MS && globalFailures.count >= GLOBAL_MAX_FAILURES) {
+      return true;
+    }
+    const perIp = loginFailures.get(ip);
+    return !!(perIp && nowMs - perIp.windowStart < LOGIN_WINDOW_MS && perIp.count >= LOGIN_MAX_FAILURES);
+  }
+  const app = new Hono;
+  app.post("/api/login", async (c) => {
+    if (!requireJson(c.req.header("content-type")))
+      return c.json({ error: "unsupported-media-type" }, 415);
+    const body = await c.req.json().catch(() => ({}));
+    const nowMs = now().getTime();
+    sweepPerIpLoginFailures(nowMs);
+    const ip = clientIp(c, trustProxy);
+    if (isRateLimited(ip, nowMs)) {
+      return c.json({ error: "too-many-attempts" }, 429);
+    }
+    const r = deps.accounts.resolveLoginToken(body.token ?? "");
+    if (!r) {
+      recordFailure(ip, nowMs);
+      return c.json({ error: "invalid-token" }, 401);
+    }
+    const sess = deps.accounts.createWebSession(r.account.id, r.loginTokenId, sessionTtlMs);
+    setCookie(c, SESSION_COOKIE, sess, {
+      httpOnly: true,
+      sameSite: "Lax",
+      path: "/",
+      maxAge: Math.floor(sessionTtlMs / 1000)
+    });
+    return c.json({ username: r.account.username });
+  });
+  app.post("/api/register", (c) => c.json({ error: "not-found" }, 404));
+  app.post("/api/invites", (c) => c.json({ error: "not-found" }, 404));
+  app.use("/api/*", async (c, next) => {
+    if (c.req.path === "/api/login")
+      return next();
+    const token = getCookie(c, SESSION_COOKIE);
+    const account = token ? deps.accounts.getSessionAccount(token) : null;
+    if (!account)
+      return c.json({ error: "unauthorized" }, 401);
+    c.set("account", account);
+    return next();
+  });
+  app.post("/api/logout", (c) => {
+    const token = getCookie(c, SESSION_COOKIE);
+    if (token)
+      deps.accounts.deleteWebSession(token);
+    deleteCookie(c, SESSION_COOKIE, { path: "/" });
+    return c.json({ ok: true });
+  });
+  app.get("/api/me", (c) => {
+    const account = c.get("account");
+    return c.json({ username: account.username });
+  });
+  app.get("/api/config", (c) => {
+    return c.json({
+      historyRetention: {
+        days: deps.historyRetentionDays ?? 30,
+        maxPerSession: deps.maxMessagesPerSession ?? 2000
+      }
+    });
+  });
+  app.get("/api/instances", (c) => {
+    const account = c.get("account");
+    const rows = deps.instances.listByAccount(account.id).map((row) => ({
+      ...row,
+      online: deps.gateway.isOnline(row.id)
+    }));
+    return c.json({ instances: rows });
+  });
+  app.post("/api/instances/pairing-token", async (c) => {
+    if (!requireJson(c.req.header("content-type")))
+      return c.json({ error: "unsupported-media-type" }, 415);
+    const account = c.get("account");
+    const body = await c.req.json().catch(() => ({}));
+    const issued = deps.instances.issuePairingToken(account.id, body.name, pairingTtlMs);
+    return c.json({ token: issued.token, expiresAt: issued.expiresAt });
+  });
+  app.delete("/api/instances/:id", (c) => {
+    const account = c.get("account");
+    const removed = deps.instances.remove(c.req.param("id"), account.id);
+    return removed ? c.json({ ok: true }) : c.json({ error: "not-found" }, 404);
+  });
+  app.get("/api/active-turns", (c) => {
+    const account = c.get("account");
+    const turns = [];
+    for (const inst of deps.instances.listByAccount(account.id)) {
+      for (const t of deps.activeTurns?.(inst.id) ?? [])
+        turns.push(t);
+    }
+    return c.json({ turns });
+  });
+  app.get("/api/instances/:id/sessions/:alias/messages", (c) => {
+    const account = c.get("account");
+    const instance = deps.instances.getOwned(c.req.param("id"), account.id);
+    if (!instance)
+      return c.json({ error: "not-found" }, 404);
+    const limitRaw = Number(c.req.query("limit"));
+    const beforeRaw = Number(c.req.query("before"));
+    const limit = Number.isFinite(limitRaw) && limitRaw > 0 ? Math.min(Math.floor(limitRaw), 200) : 100;
+    const before = Number.isFinite(beforeRaw) && beforeRaw > 0 ? Math.floor(beforeRaw) : undefined;
+    const page = deps.messages.listBySession(account.id, instance.id, c.req.param("alias"), {
+      limit,
+      ...before !== undefined ? { before } : {}
+    });
+    return c.json(page);
+  });
+  app.post("/api/instances/:id/rpc", async (c) => {
+    if (!requireJson(c.req.header("content-type")))
+      return c.json({ error: "unsupported-media-type" }, 415);
+    const account = c.get("account");
+    const instance = deps.instances.getOwned(c.req.param("id"), account.id);
+    if (!instance)
+      return c.json({ error: "not-found" }, 404);
+    const body = await c.req.json().catch(() => ({}));
+    if (!body.type || !body.type.startsWith("control."))
+      return c.json({ error: "invalid-rpc-type" }, 400);
+    let payload = body.payload ?? {};
+    if (CHAT_SCOPED_TYPES.has(body.type)) {
+      payload = {
+        ...payload,
+        chatKey: `relay:${account.id}`,
+        senderId: account.id,
+        isOwner: true
+      };
+    }
+    try {
+      if (body.type === MSG2.prompt || body.type === MSG2.commandExecute) {
+        const p = payload;
+        if (p.sessionAlias && p.text)
+          deps.messages.append(instance.id, p.sessionAlias, "in", p.text);
+      }
+      const result = await deps.gateway.sendRequest(instance.id, body.type, payload);
+      if (body.type === MSG2.commandExecute) {
+        const p = payload;
+        const output = result?.output;
+        if (p.sessionAlias && typeof output === "string")
+          deps.messages.append(instance.id, p.sessionAlias, "out", output);
+      }
+      return c.json({ result });
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      if (message === "instance-offline")
+        return c.json({ error: message }, 503);
+      if (message === "timeout")
+        return c.json({ error: message }, 504);
+      return c.json({ error: message }, 500);
+    }
+  });
+  if (deps.webRoot) {
+    const root = deps.webRoot;
+    app.use("/*", serveStatic({ root }));
+    app.get("/*", serveStatic({ path: "index.html", root }));
+  }
+  return app;
+}
+
+// packages/relay/src/maintenance.ts
+function runMaintenance(stores, opts) {
+  const now = (opts.now ?? (() => new Date))();
+  const messagesDeleted = stores.messages.prune({
+    maxAgeMs: opts.historyRetentionDays * 24 * 60 * 60 * 1000,
+    maxPerSession: opts.maxPerSession
+  });
+  const sessionsDeleted = stores.accounts.pruneExpired(now);
+  const pairingTokensDeleted = stores.instances.prunePairingTokens(now);
+  return { messagesDeleted, sessionsDeleted, pairingTokensDeleted };
+}
+function startMaintenanceLoop(stores, opts, intervalMs, onError) {
+  const tick = () => {
+    try {
+      runMaintenance(stores, opts);
+    } catch (err) {
+      onError?.(err);
+    }
+  };
+  const timer = setInterval(tick, intervalMs);
+  if (typeof timer === "object" && timer && "unref" in timer)
+    timer.unref();
+  return () => clearInterval(timer);
+}
+
+// packages/relay/src/server.ts
+var MAX_MESSAGES_PER_SESSION = 2000;
+var MAX_TOOL_STEPS = 200;
+var REASONING_CAP = 16000;
+async function createRelayRuntime(dbPath, options = {}) {
+  const db = await createSqlDriver(dbPath);
+  initSchema(db);
+  const accounts = new AccountStore(db);
+  const instances = new InstanceStore(db);
+  const messages = new MessageStore(db);
+  const webGateway = new WebGateway;
+  const turnBuffers = new Map;
+  const key = (instanceId, alias) => `${instanceId}\x00${alias}`;
+  const listActiveTurns = (instanceId) => {
+    const prefix = `${instanceId}\x00`;
+    const out = [];
+    for (const [k, a] of turnBuffers) {
+      if (!k.startsWith(prefix))
+        continue;
+      out.push({
+        instanceId,
+        sessionAlias: k.slice(prefix.length),
+        parts: a.parts,
+        status: a.text ? "streaming" : "working",
+        startedAt: a.startedAt
+      });
+    }
+    return out;
+  };
+  const pushTextPart = (a, chunk) => {
+    const last = a.parts[a.parts.length - 1];
+    if (last?.type === "text")
+      last.text += chunk;
+    else
+      a.parts.push({ type: "text", text: chunk });
+  };
+  const pushReasoningPart = (a, chunk) => {
+    const last = a.parts[a.parts.length - 1];
+    if (last?.type === "reasoning")
+      last.text = (last.text + chunk).slice(0, REASONING_CAP);
+    else
+      a.parts.push({ type: "reasoning", text: chunk.slice(0, REASONING_CAP) });
+  };
+  const pushToolPart = (a, step) => {
+    const i = a.parts.findIndex((p) => p.type === "tool" && p.step.toolCallId === step.toolCallId);
+    if (i >= 0)
+      a.parts[i].step = step;
+    else
+      a.parts.push({ type: "tool", step });
+  };
+  const gateway = new InstanceGateway({
+    instances,
+    accounts,
+    requestTimeoutMs: options.requestTimeoutMs ?? DEFAULT_REQUEST_TIMEOUT_MS,
+    onStatusChange: (instanceId, accountId, online) => {
+      if (!online) {
+        const prefix = `${instanceId}\x00`;
+        for (const k of turnBuffers.keys())
+          if (k.startsWith(prefix))
+            turnBuffers.delete(k);
+      }
+      webGateway.broadcast(accountId, { kind: "instance-status", instanceId, online });
+    },
+    onEvent: (instanceId, accountId, envelope) => {
+      if (envelope.type === MSG3.instanceEvent) {
+        const event = envelope.payload.event;
+        webGateway.broadcast(accountId, { kind: "control-event", instanceId, event });
+        if (event.type === "turn-started") {
+          turnBuffers.set(key(instanceId, event.sessionAlias), { text: "", steps: new Map, reasoning: "", parts: [], startedAt: Date.now() });
+          if (event.prompt)
+            messages.append(instanceId, event.sessionAlias, "in", event.prompt, event.scheduled ? { scheduled: event.scheduled } : undefined);
+        } else if (event.type === "turn-output") {
+          const a = turnBuffers.get(key(instanceId, event.sessionAlias));
+          if (a) {
+            a.text += event.chunk;
+            pushTextPart(a, event.chunk);
+          }
+        } else if (event.type === "tool-event") {
+          const a = turnBuffers.get(key(instanceId, event.sessionAlias));
+          if (a && (a.steps.has(event.step.toolCallId) || a.steps.size < MAX_TOOL_STEPS)) {
+            a.steps.set(event.step.toolCallId, event.step);
+            pushToolPart(a, event.step);
+          }
+        } else if (event.type === "turn-thought") {
+          const a = turnBuffers.get(key(instanceId, event.sessionAlias));
+          if (a) {
+            a.reasoning = (a.reasoning + event.chunk).slice(0, REASONING_CAP);
+            pushReasoningPart(a, event.chunk);
+          }
+        } else if (event.type === "turn-finished") {
+          const k = key(instanceId, event.sessionAlias);
+          const a = turnBuffers.get(k);
+          turnBuffers.delete(k);
+          if (!a)
+            return;
+          const steps = [...a.steps.values()];
+          const hasStructured = steps.length > 0 || a.reasoning.length > 0;
+          if (a.text || hasStructured) {
+            const structured = hasStructured ? { toolSteps: steps, ...a.reasoning ? { reasoning: a.reasoning } : {}, ...a.parts.length ? { parts: a.parts } : {} } : undefined;
+            messages.append(instanceId, event.sessionAlias, "out", a.text, structured);
+          }
+        } else if (event.type === "session-history") {
+          const existing = messages.listBySession(accountId, instanceId, event.sessionAlias, { limit: 1 });
+          if (existing.messages.length === 0) {
+            for (const row of event.messages) {
+              messages.append(instanceId, event.sessionAlias, row.direction, row.text, row.structured);
+            }
+          }
+        }
+      } else if (envelope.type === MSG3.instanceNotice) {
+        webGateway.broadcast(accountId, { kind: "notice", instanceId, notice: envelope.payload });
+      }
+    }
+  });
+  const app = createApp({
+    accounts,
+    instances,
+    messages,
+    gateway,
+    webRoot: options.webRoot,
+    historyRetentionDays: options.historyRetentionDays ?? 30,
+    maxMessagesPerSession: MAX_MESSAGES_PER_SESSION,
+    activeTurns: listActiveTurns,
+    trustProxy: options.trustProxy
+  });
+  return { db, accounts, instances, messages, gateway, webGateway, app, close: () => db.close() };
+}
+async function startRelayServer(options) {
+  const runtime = await createRelayRuntime(options.dbPath, {
+    webRoot: options.webRoot,
+    historyRetentionDays: options.historyRetentionDays,
+    requestTimeoutMs: options.requestTimeoutMs,
+    trustProxy: options.trustProxy
+  });
+  const host = options.host ?? "0.0.0.0";
+  const retention = { historyRetentionDays: options.historyRetentionDays ?? 30, maxPerSession: MAX_MESSAGES_PER_SESSION };
+  const stopMaintenance = startMaintenanceLoop({ accounts: runtime.accounts, instances: runtime.instances, messages: runtime.messages }, retention, 60 * 60 * 1000);
+  const httpServer = await new Promise((resolve, reject) => {
+    let server;
+    try {
+      server = serve({ fetch: runtime.app.fetch, port: options.httpPort, hostname: host }, () => resolve(server));
+    } catch (err) {
+      reject(err);
+    }
+  });
+  const wss = new WebSocketServer({ port: options.wsPort, host });
+  await new Promise((resolve) => wss.on("listening", () => resolve()));
+  wss.on("connection", (socket) => runtime.gateway.handleConnection(socket));
+  const webWss = new WebSocketServer({ noServer: true });
+  httpServer.on("upgrade", (req, socket, head) => {
+    const path = (req.url ?? "").split("?")[0];
+    if (path !== "/ws") {
+      socket.destroy();
+      return;
+    }
+    const token = parseCookie(req.headers.cookie ?? "")["xrelay_session"];
+    const account = token ? runtime.accounts.getSessionAccount(token) : null;
+    if (!account) {
+      socket.destroy();
+      return;
+    }
+    webWss.handleUpgrade(req, socket, head, (ws) => runtime.webGateway.register(account.id, ws));
+  });
+  const httpPort = httpServer.address().port;
+  const wsPort = wss.address().port;
+  return {
+    runtime,
+    httpPort,
+    wsPort,
+    close: async () => {
+      stopMaintenance();
+      await new Promise((resolve) => webWss.close(() => resolve()));
+      await new Promise((resolve) => wss.close(() => resolve()));
+      await new Promise((resolve) => httpServer.close(() => resolve()));
+      runtime.close();
+    }
+  };
+}
+function parseCookie(header) {
+  const out = {};
+  for (const part of header.split(";")) {
+    const idx = part.indexOf("=");
+    if (idx === -1)
+      continue;
+    out[part.slice(0, idx).trim()] = decodeURIComponent(part.slice(idx + 1).trim());
+  }
+  return out;
+}
+
+// packages/relay/src/cli.ts
+function defaultDbPath() {
+  return join(homedir(), ".xacpx-relay", "relay.db");
+}
+function resolveBundledWebRoot() {
+  const argv1 = process.argv[1];
+  if (!argv1)
+    return;
+  if (!argv1.endsWith("cli.js"))
+    return;
+  const here = dirname2(argv1);
+  const embedded = resolve(here, "relay-web");
+  if (existsSync(join(embedded, "index.html")))
+    return embedded;
+  const sibling = resolve(here, "../../relay-web/dist");
+  if (existsSync(join(sibling, "index.html")))
+    return sibling;
+  return;
+}
+var USAGE = [
+  "Usage: xacpx-relay <command>",
+  "  start      [--db <path>] [--web-root <dir>] [--host 0.0.0.0] [--http-port 8787] [--ws-port 8788] [--history-retention-days 30] [--request-timeout-ms 120000] [--trust-proxy]",
+  "  add token  [--label <note>] [--db <path>]",
+  "  ls         [--db <path>]",
+  "  rm token <value-or-id> [--db <path>]",
+  "",
+  "  Defaults: --db ~/.xacpx-relay/relay.db   --web-root auto-detects the bundled dashboard"
+].join(`
+`);
+function flag(args, name) {
+  const index = args.indexOf(name);
+  const value = index >= 0 ? args[index + 1] : undefined;
+  return value && !value.startsWith("--") ? value : undefined;
+}
+function hasFlag(args, name) {
+  return args.includes(name);
+}
+function parseStartOptions(args) {
+  const dbPath = flag(args, "--db") ?? defaultDbPath();
+  const retentionRaw = flag(args, "--history-retention-days");
+  const retentionDays = retentionRaw !== undefined ? Number(retentionRaw) : undefined;
+  const requestTimeoutRaw = flag(args, "--request-timeout-ms");
+  const requestTimeoutMs = requestTimeoutRaw !== undefined ? Number(requestTimeoutRaw) : undefined;
+  return {
+    dbPath,
+    httpPort: Number(flag(args, "--http-port") ?? "8787"),
+    wsPort: Number(flag(args, "--ws-port") ?? "8788"),
+    host: flag(args, "--host"),
+    webRoot: flag(args, "--web-root"),
+    historyRetentionDays: retentionDays !== undefined && !Number.isNaN(retentionDays) ? retentionDays : undefined,
+    requestTimeoutMs: requestTimeoutMs !== undefined && !Number.isNaN(requestTimeoutMs) ? requestTimeoutMs : undefined,
+    trustProxy: hasFlag(args, "--trust-proxy")
+  };
+}
+async function runRelayCli(args, io) {
+  const dbPath = flag(args, "--db") ?? defaultDbPath();
+  if (args[0] === "start") {
+    const startOpts = parseStartOptions(args);
+    if (!startOpts.webRoot) {
+      startOpts.webRoot = resolveBundledWebRoot();
+    }
+    const running = await startRelayServer(startOpts);
+    io.print(`xacpx-relay listening: http :${running.httpPort}, instance ws :${running.wsPort}, db ${startOpts.dbPath}, dashboard: ${startOpts.webRoot ?? "(none)"}`);
+    return await new Promise((resolve2) => {
+      const shutdown = () => {
+        running.close().then(() => resolve2(0));
+      };
+      process.once("SIGINT", shutdown);
+      process.once("SIGTERM", shutdown);
+    });
+  }
+  if (args[0] === "add" && args[1] === "token") {
+    const label = flag(args, "--label");
+    const runtime = await createRelayRuntime(dbPath);
+    try {
+      const username = "u-" + randomUUID3();
+      const acc = runtime.accounts.createAccount(username);
+      const { token } = runtime.accounts.createLoginToken(acc.id, label);
+      io.print(`access token: ${token}`);
+      io.print("(store it now — not shown again)");
+      io.print(`hint: use this token for web login AND: xacpx channel add relay --url ws://<host>:<ws-port> --token ${token}`);
+      return 0;
+    } finally {
+      runtime.close();
+    }
+  }
+  if (args[0] === "ls") {
+    const runtime = await createRelayRuntime(dbPath);
+    try {
+      const tokens = runtime.accounts.listTokens();
+      if (tokens.length === 0) {
+        io.print("(no tokens)");
+        return 0;
+      }
+      io.print("id        label                 created               #instances");
+      io.print("--------  --------------------  --------------------  ----------");
+      for (const t of tokens) {
+        const shortId = t.id.slice(0, 8);
+        const label = (t.label ?? "").slice(0, 20).padEnd(20);
+        const created = t.createdAt.slice(0, 19).replace("T", " ");
+        io.print(`${shortId}  ${label}  ${created}  ${String(t.instanceCount).padStart(10)}`);
+      }
+      return 0;
+    } finally {
+      runtime.close();
+    }
+  }
+  if (args[0] === "rm" && args[1] === "token") {
+    const valueOrId = args[2];
+    if (!valueOrId || valueOrId.startsWith("--")) {
+      io.print(USAGE);
+      return 1;
+    }
+    const runtime = await createRelayRuntime(dbPath);
+    try {
+      const accountId = runtime.accounts.accountIdForToken(valueOrId);
+      if (!accountId) {
+        io.print(`token not found: ${valueOrId}`);
+        return 1;
+      }
+      runtime.accounts.deleteAccountCascade(accountId);
+      io.print("removed");
+      return 0;
+    } finally {
+      runtime.close();
+    }
+  }
+  io.print(USAGE);
+  return 1;
+}
+var isMain = typeof process !== "undefined" && process.argv[1]?.endsWith("cli.js");
+if (isMain) {
+  runRelayCli(process.argv.slice(2), { print: (line) => console.log(line) }).then((code) => process.exit(code), (error) => {
+    console.error(error instanceof Error ? error.message : String(error));
+    process.exit(1);
+  });
+}
+export {
+  runRelayCli,
+  resolveBundledWebRoot,
+  parseStartOptions,
+  defaultDbPath
+};