@getpaseo/server 0.1.88 → 0.1.90

package/dist/server/server/bootstrap.js

@@ -99,7 +99,7 @@ import { loadOrCreateDaemonKeyPair } from "./daemon-keypair.js";
 import { startRelayTransport } from "./relay-transport.js";
 import { getOrCreateServerId } from "./server-id.js";
 import { resolveDaemonVersion } from "./daemon-version.js";
-import { ScriptRouteStore, createScriptProxyMiddleware, createScriptProxyUpgradeHandler, } from "./script-proxy.js";
+import { createServiceProxySubsystem } from "./service-proxy.js";
 import { ScriptHealthMonitor } from "./script-health-monitor.js";
 import { createScriptStatusEmitter } from "./script-status-projection.js";
 import { WorkspaceScriptRuntimeStore } from "./workspace-script-runtime-store.js";
@@ -187,30 +187,42 @@ export async function createPaseoDaemon(config, rootLogger) {
     const app = express();
     let boundListenTarget = null;
     let workspaceRegistry = null;
-    const scriptRouteStore = new ScriptRouteStore();
+    const serviceProxyPublicBaseUrl = config.serviceProxy?.publicBaseUrl
+        ? config.serviceProxy.publicBaseUrl
+        : null;
+    const serviceProxy = createServiceProxySubsystem({
+        logger,
+        publicBaseUrl: serviceProxyPublicBaseUrl,
+    });
     const scriptRuntimeStore = new WorkspaceScriptRuntimeStore();
     const configuredHostnames = config.hostnames ?? config.allowedHosts;
     let wsServer = null;
+    let serviceProxyListenTarget = null;
     const scriptHealthMonitor = new ScriptHealthMonitor({
-        routeStore: scriptRouteStore,
+        serviceProxy,
         onChange: createScriptStatusEmitter({
             sessions: () => wsServer?.listActiveSessions().map((session) => ({
                 emit: (message) => session.emitServerMessage(message),
             })) ?? [],
-            routeStore: scriptRouteStore,
+            serviceProxy,
             runtimeStore: scriptRuntimeStore,
             daemonPort: () => (boundListenTarget?.type === "tcp" ? boundListenTarget.port : null),
             resolveWorkspaceDirectory: async (workspaceId) => (await workspaceRegistry?.get(workspaceId))?.cwd ?? null,
             logger,
+            serviceProxyPublicBaseUrl,
         }),
     });
     const handleBranchChange = createBranchChangeRouteHandler({
-        routeStore: scriptRouteStore,
+        serviceProxy,
         onRoutesChanged: (workspaceId) => {
             scriptHealthMonitor.invalidateWorkspace(workspaceId);
         },
         logger,
     });
+    // Service proxy classifies service hosts before daemon auth/route fallthrough.
+    // Registered service hosts proxy directly; known service namespaces without a
+    // route return 404 and never reach daemon APIs.
+    app.use(serviceProxy.middleware());
     // Host allowlist / DNS rebinding protection (vite-like semantics).
     // For non-TCP (unix sockets), skip host validation.
     if (listenTarget.type === "tcp") {
@@ -254,10 +266,6 @@ export async function createPaseoDaemon(config, rootLogger) {
     app.use(createRequireBearerMiddleware(config.auth, (context) => {
         logger.warn(context, "Rejected HTTP request with invalid daemon password");
     }));
-    // Script proxy — intercepts requests for registered *.localhost hostnames
-    // and forwards them to the corresponding local script port. Placed after
-    // host/CORS/auth checks but before the rest of the routes.
-    app.use(createScriptProxyMiddleware({ routeStore: scriptRouteStore, logger }));
     // Serve static files from public directory
     app.use("/public", express.static(staticDir));
     // Middleware
@@ -331,11 +339,10 @@ export async function createPaseoDaemon(config, rootLogger) {
     // VoiceAssistantWebSocketServer attaches its own "upgrade" listener so that
     // script-bound upgrades are forwarded first. The handler is a no-op for
     // requests that don't match a registered script route.
-    const scriptProxyUpgradeHandler = createScriptProxyUpgradeHandler({
-        routeStore: scriptRouteStore,
-        logger,
-    });
-    httpServer.on("upgrade", scriptProxyUpgradeHandler);
+    httpServer.on("upgrade", serviceProxy.upgradeHandler({ passthroughUnknown: true }));
+    if (config.serviceProxy?.standaloneListen) {
+        serviceProxyListenTarget = parseListenString(config.serviceProxy.standaloneListen);
+    }
     const agentStorage = new AgentStorage(config.agentStoragePath, logger);
     const projectRegistry = new FileBackedProjectRegistry(path.join(config.paseoHome, "projects", "projects.json"), logger);
     workspaceRegistry = new FileBackedWorkspaceRegistry(path.join(config.paseoHome, "projects", "workspaces.json"), logger);
@@ -348,6 +355,7 @@ export async function createPaseoDaemon(config, rootLogger) {
     const workspaceGitService = new WorkspaceGitServiceImpl({
         logger,
         paseoHome: config.paseoHome,
+        worktreesRoot: config.worktreesRoot,
         deps: {
             github,
         },
@@ -410,6 +418,7 @@ export async function createPaseoDaemon(config, rootLogger) {
         paseoHome: config.paseoHome,
         logger,
         agentManager,
+        providerSnapshotManager,
     });
     await loopService.initialize();
     logger.info({ elapsed: elapsed() }, "Loop service initialized");
@@ -418,6 +427,7 @@ export async function createPaseoDaemon(config, rootLogger) {
         logger,
         agentManager,
         agentStorage,
+        providerSnapshotManager,
     });
     await scheduleService.start();
     agentManager.setAgentArchivedCallback(async (agentId) => {
@@ -467,6 +477,7 @@ export async function createPaseoDaemon(config, rootLogger) {
     };
     setupAutoArchiveOnMerge({
         paseoHome: config.paseoHome,
+        worktreesRoot: config.worktreesRoot,
         daemonConfigStore,
         workspaceGitService,
         github,
@@ -501,6 +512,7 @@ export async function createPaseoDaemon(config, rootLogger) {
                 createPaseoWorktree: async (input, serviceOptions) => {
                     return createPaseoWorktreeWorkflow({
                         paseoHome: config.paseoHome,
+                        worktreesRoot: config.worktreesRoot,
                         createPaseoWorktree: async (workflowInput, workflowOptions) => {
                             return createRegisteredPaseoWorktree(workflowInput, {
                                 github,
@@ -530,14 +542,16 @@ export async function createPaseoDaemon(config, rootLogger) {
                         sessionLogger: logger,
                         terminalManager,
                         archiveWorkspaceRecord: archiveWorkspaceRecordExternal,
-                        scriptRouteStore,
+                        serviceProxy,
                         scriptRuntimeStore,
                         getDaemonTcpPort: () => boundListenTarget?.type === "tcp" ? boundListenTarget.port : null,
                         getDaemonTcpHost: () => boundListenTarget?.type === "tcp" ? boundListenTarget.host : null,
+                        serviceProxyPublicBaseUrl,
                         onScriptsChanged: null,
                     }, input, serviceOptions);
                 },
                 paseoHome: config.paseoHome,
+                worktreesRoot: config.worktreesRoot,
                 callerAgentId,
                 enableVoiceTools: false,
                 resolveSpeakHandler: (agentId) => wsServer?.resolveVoiceSpeakHandler(agentId) ?? null,
@@ -652,112 +666,136 @@ export async function createPaseoDaemon(config, rootLogger) {
     logger.info({ elapsed: elapsed() }, "Speech service created");
     logger.info({ elapsed: elapsed() }, "Bootstrap complete, ready to start listening");
     const start = async () => {
-        // Start main HTTP server
-        await new Promise((resolve, reject) => {
-            const onError = (err) => {
-                httpServer.off("listening", onListening);
-                reject(err);
-            };
-            const onListening = () => {
-                httpServer.off("error", onError);
-                const logAndResolve = async () => {
-                    boundListenTarget = resolveBoundListenTarget(listenTarget, httpServer);
-                    const mcpBaseUrl = mcpEnabled ? createAgentMcpBaseUrl(boundListenTarget) : null;
-                    agentMcpBaseUrl = config.mcpInjectIntoAgents === false ? null : mcpBaseUrl;
-                    agentManager.setMcpBaseUrl(agentMcpBaseUrl);
-                    daemonConfigStore.onFieldChange("mcp.injectIntoAgents", (value) => {
-                        agentManager.setMcpBaseUrl(value ? mcpBaseUrl : null);
-                    });
-                    daemonConfigStore.onFieldChange("appendSystemPrompt", (value) => {
-                        agentManager.setAppendSystemPrompt(typeof value === "string" ? value : "");
-                    });
-                    const relayEnabled = config.relayEnabled ?? true;
-                    const relayEndpoint = config.relayEndpoint ?? "relay.paseo.sh:443";
-                    const relayPublicEndpoint = config.relayPublicEndpoint ?? relayEndpoint;
-                    const relayUseTls = config.relayUseTls ?? relayEndpoint === "relay.paseo.sh:443";
-                    const relayPublicUseTls = config.relayPublicUseTls ?? relayUseTls;
-                    const appBaseUrl = config.appBaseUrl ?? "https://app.paseo.sh";
-                    if (boundListenTarget.type === "tcp") {
-                        logger.info({
-                            host: boundListenTarget.host,
-                            port: boundListenTarget.port,
-                            authRequired: !!config.auth?.password,
-                            elapsed: elapsed(),
-                        }, `Server listening on http://${boundListenTarget.host}:${boundListenTarget.port}`);
-                    }
-                    else {
-                        logger.info({
-                            path: boundListenTarget.path,
-                            authRequired: !!config.auth?.password,
-                            elapsed: elapsed(),
-                        }, `Server listening on ${boundListenTarget.path}`);
-                    }
-                    if (config.auth?.password) {
-                        logger.info("Daemon password authentication enabled");
-                    }
-                    wsServer = new VoiceAssistantWebSocketServer(httpServer, logger, serverId, agentManager, agentStorage, downloadTokenStore, config.paseoHome, daemonConfigStore, mcpBaseUrl, { allowedOrigins, hostnames: configuredHostnames }, config.auth, speechService, terminalManager, {
-                        finalTimeoutMs: config.dictationFinalTimeoutMs,
-                    }, daemonVersion, (intent) => {
-                        try {
-                            config.onLifecycleIntent?.(intent);
+        let mainStarted = false;
+        try {
+            if (serviceProxyListenTarget) {
+                const boundServiceProxyTarget = await serviceProxy.startStandalone({
+                    listenTarget: serviceProxyListenTarget,
+                });
+                serviceProxyListenTarget = boundServiceProxyTarget;
+                logger.info({
+                    listen: formatListenTarget(serviceProxyListenTarget),
+                    publicBaseUrl: serviceProxyPublicBaseUrl,
+                    elapsed: elapsed(),
+                }, "Service proxy listening");
+            }
+            // Start main HTTP server
+            await new Promise((resolve, reject) => {
+                const onError = (err) => {
+                    httpServer.off("listening", onListening);
+                    reject(err);
+                };
+                const onListening = () => {
+                    httpServer.off("error", onError);
+                    mainStarted = true;
+                    const logAndResolve = async () => {
+                        boundListenTarget = resolveBoundListenTarget(listenTarget, httpServer);
+                        const mcpBaseUrl = mcpEnabled ? createAgentMcpBaseUrl(boundListenTarget) : null;
+                        agentMcpBaseUrl = config.mcpInjectIntoAgents === false ? null : mcpBaseUrl;
+                        agentManager.setMcpBaseUrl(agentMcpBaseUrl);
+                        daemonConfigStore.onFieldChange("mcp.injectIntoAgents", (value) => {
+                            agentManager.setMcpBaseUrl(value ? mcpBaseUrl : null);
+                        });
+                        daemonConfigStore.onFieldChange("appendSystemPrompt", (value) => {
+                            agentManager.setAppendSystemPrompt(typeof value === "string" ? value : "");
+                        });
+                        const relayEnabled = config.relayEnabled ?? true;
+                        const relayEndpoint = config.relayEndpoint ?? "relay.paseo.sh:443";
+                        const relayPublicEndpoint = config.relayPublicEndpoint ?? relayEndpoint;
+                        const relayUseTls = config.relayUseTls ?? relayEndpoint === "relay.paseo.sh:443";
+                        const relayPublicUseTls = config.relayPublicUseTls ?? relayUseTls;
+                        const appBaseUrl = config.appBaseUrl ?? "https://app.paseo.sh";
+                        if (boundListenTarget.type === "tcp") {
+                            logger.info({
+                                host: boundListenTarget.host,
+                                port: boundListenTarget.port,
+                                authRequired: !!config.auth?.password,
+                                elapsed: elapsed(),
+                            }, `Server listening on http://${boundListenTarget.host}:${boundListenTarget.port}`);
                         }
-                        catch (error) {
-                            logger.error({ err: error, intent }, "Failed to handle daemon lifecycle intent");
+                        else {
+                            logger.info({
+                                path: boundListenTarget.path,
+                                authRequired: !!config.auth?.password,
+                                elapsed: elapsed(),
+                            }, `Server listening on ${boundListenTarget.path}`);
                         }
-                    }, projectRegistry, workspaceRegistry, chatService, loopService, scheduleService, checkoutDiffManager, scriptRouteStore, scriptRuntimeStore, handleBranchChange, () => (boundListenTarget?.type === "tcp" ? boundListenTarget.port : null), () => (boundListenTarget?.type === "tcp" ? boundListenTarget.host : null), (hostname) => scriptHealthMonitor.getHealthForHostname(hostname), workspaceGitService, github, config.pushNotificationSender, providerSnapshotManager, {
-                        listen: formatListenTarget(boundListenTarget ?? listenTarget),
-                        relay: {
-                            enabled: relayEnabled,
-                            endpoint: relayEndpoint,
-                            publicEndpoint: relayPublicEndpoint,
-                            useTls: relayUseTls,
-                            publicUseTls: relayPublicUseTls,
-                        },
-                    });
-                    if (relayEnabled) {
-                        const offer = await createConnectionOfferV2({
-                            serverId,
-                            daemonPublicKeyB64: daemonKeyPair.publicKeyB64,
+                        if (config.auth?.password) {
+                            logger.info("Daemon password authentication enabled");
+                        }
+                        wsServer = new VoiceAssistantWebSocketServer(httpServer, logger, serverId, agentManager, agentStorage, downloadTokenStore, config.paseoHome, daemonConfigStore, mcpBaseUrl, { allowedOrigins, hostnames: configuredHostnames }, config.auth, speechService, terminalManager, {
+                            finalTimeoutMs: config.dictationFinalTimeoutMs,
+                        }, daemonVersion, (intent) => {
+                            try {
+                                config.onLifecycleIntent?.(intent);
+                            }
+                            catch (error) {
+                                logger.error({ err: error, intent }, "Failed to handle daemon lifecycle intent");
+                            }
+                        }, projectRegistry, workspaceRegistry, chatService, loopService, scheduleService, checkoutDiffManager, serviceProxy, scriptRuntimeStore, handleBranchChange, () => (boundListenTarget?.type === "tcp" ? boundListenTarget.port : null), () => (boundListenTarget?.type === "tcp" ? boundListenTarget.host : null), (hostname) => scriptHealthMonitor.getHealthForHostname(hostname), workspaceGitService, github, config.pushNotificationSender, providerSnapshotManager, {
+                            listen: formatListenTarget(boundListenTarget ?? listenTarget),
+                            worktreesRoot: config.worktreesRoot,
                             relay: {
-                                endpoint: relayPublicEndpoint,
-                                useTls: relayPublicUseTls,
+                                enabled: relayEnabled,
+                                endpoint: relayEndpoint,
+                                publicEndpoint: relayPublicEndpoint,
+                                useTls: relayUseTls,
+                                publicUseTls: relayPublicUseTls,
                             },
-                        });
-                        encodeOfferToFragmentUrl({ offer, appBaseUrl });
-                        relayTransport?.stop().catch(() => undefined);
-                        relayTransport = startRelayTransport({
-                            logger,
-                            attachSocket: (ws, metadata) => {
-                                if (!wsServer) {
-                                    throw new Error("WebSocket server not initialized");
-                                }
-                                return wsServer.attachExternalSocket(ws, metadata);
-                            },
-                            relayEndpoint,
-                            relayUseTls,
-                            serverId,
-                            daemonKeyPair: daemonKeyPair.keyPair,
-                        });
-                    }
+                        }, serviceProxyPublicBaseUrl);
+                        if (relayEnabled) {
+                            const offer = await createConnectionOfferV2({
+                                serverId,
+                                daemonPublicKeyB64: daemonKeyPair.publicKeyB64,
+                                relay: {
+                                    endpoint: relayPublicEndpoint,
+                                    useTls: relayPublicUseTls,
+                                },
+                            });
+                            encodeOfferToFragmentUrl({ offer, appBaseUrl });
+                            relayTransport?.stop().catch(() => undefined);
+                            relayTransport = startRelayTransport({
+                                logger,
+                                attachSocket: (ws, metadata) => {
+                                    if (!wsServer) {
+                                        throw new Error("WebSocket server not initialized");
+                                    }
+                                    return wsServer.attachExternalSocket(ws, metadata);
+                                },
+                                relayEndpoint,
+                                relayUseTls,
+                                serverId,
+                                daemonKeyPair: daemonKeyPair.keyPair,
+                            });
+                        }
+                    };
+                    logAndResolve().then(resolve, reject);
                 };
-                logAndResolve().then(resolve, reject);
-            };
-            httpServer.once("error", onError);
-            httpServer.once("listening", onListening);
-            if (listenTarget.type === "tcp") {
-                httpServer.listen(listenTarget.port, listenTarget.host);
-            }
-            else {
-                if (listenTarget.type === "socket" && existsSync(listenTarget.path)) {
-                    unlinkSync(listenTarget.path);
+                httpServer.once("error", onError);
+                httpServer.once("listening", onListening);
+                if (listenTarget.type === "tcp") {
+                    httpServer.listen(listenTarget.port, listenTarget.host);
                 }
-                httpServer.listen(listenTarget.path);
+                else {
+                    if (listenTarget.type === "socket" && existsSync(listenTarget.path)) {
+                        unlinkSync(listenTarget.path);
+                    }
+                    httpServer.listen(listenTarget.path);
+                }
+            });
+            // Start speech service after listening so synchronous Sherpa native
+            // model loading doesn't block the server from accepting connections.
+            speechService.start();
+            scriptHealthMonitor.start();
+        }
+        catch (error) {
+            await serviceProxy.stopStandalone().catch(() => undefined);
+            if (mainStarted) {
+                httpServer.closeAllConnections();
+                await new Promise((resolve) => httpServer.close(() => resolve()));
             }
-        });
-        // Start speech service after listening so synchronous Sherpa native
-        // model loading doesn't block the server from accepting connections.
-        speechService.start();
-        scriptHealthMonitor.start();
+            throw error;
+        }
     };
     const stop = async () => {
         scriptHealthMonitor.stop();
@@ -773,6 +811,7 @@ export async function createPaseoDaemon(config, rootLogger) {
         if (wsServer) {
             await wsServer.close();
         }
+        await serviceProxy.stopStandalone();
         // Force-drop remaining sockets so httpServer.close() resolves promptly.
         // We've already closed wsServer (which sent ws-layer close frames) and
         // stopped every other service, so anything still attached is a TCP
@@ -794,7 +833,7 @@ export async function createPaseoDaemon(config, rootLogger) {
         agentManager,
         agentStorage,
         terminalManager,
-        scriptRouteStore,
+        serviceProxy,
         scriptRuntimeStore,
         start,
         stop,

package/dist/server/server/chat/chat-service.js

@@ -2,6 +2,7 @@ import { randomUUID } from "node:crypto";
 import { promises as fs } from "node:fs";
 import path from "node:path";
 import { z } from "zod";
+import { writeJsonFileAtomic } from "../atomic-file.js";
 import { ChatMessageSchema, ChatRoomDetailSchema, ChatRoomSchema, } from "@getpaseo/protocol/chat/types";
 const ChatStorePayloadSchema = z.object({
     rooms: z.array(ChatRoomSchema),
@@ -246,10 +247,7 @@ export class FileBackedChatService {
                 .flat()
                 .sort((left, right) => left.createdAt.localeCompare(right.createdAt)),
         };
-        await fs.mkdir(path.dirname(this.filePath), { recursive: true });
-        const tempPath = `${this.filePath}.${process.pid}.${Date.now()}.${randomUUID()}.tmp`;
-        await fs.writeFile(tempPath, JSON.stringify(payload, null, 2), "utf8");
-        await fs.rename(tempPath, this.filePath);
+        await writeJsonFileAtomic(this.filePath, payload);
     }
     findRoomByName(name) {
         const normalizedName = normalizeRoomName(name);

package/dist/server/server/config.js

@@ -1,6 +1,7 @@
 import path from "node:path";
 import { resolvePaseoNodeEnv } from "./paseo-env.js";
 import { z } from "zod";
+import { expandTilde } from "../utils/path.js";
 import { loadPersistedConfig, LogFormatSchema, LogLevelSchema, } from "./persisted-config.js";
 import { ProviderOverrideSchema } from "./agent/provider-launch-config.js";
 import { AgentProviderSchema } from "@getpaseo/protocol/provider-manifest";
@@ -109,6 +110,33 @@ function resolveRelayConfig(input) {
     const publicUseTls = resolveTlsFromEnv(input.env.PASEO_RELAY_PUBLIC_USE_TLS, input.persisted.daemon?.relay?.publicUseTls, useTls);
     return { enabled, endpoint, publicEndpoint, useTls, publicUseTls };
 }
+function resolveServiceProxyPublicBaseUrl(value) {
+    if (value === null) {
+        return null;
+    }
+    try {
+        return new URL(value).toString().replace(/\/$/, "");
+    }
+    catch {
+        throw new Error(`Invalid PASEO_SERVICE_PROXY_PUBLIC_BASE_URL: ${value}`);
+    }
+}
+function resolveServiceProxyConfig(env, persisted) {
+    const enabledShim = parseBooleanEnv(env.PASEO_SERVICE_PROXY_ENABLED) ?? persisted.daemon?.serviceProxy?.enabled;
+    // COMPAT(serviceProxyEnabled): added 2026-06-02, remove after 2026-12-02.
+    // `enabled=false` used to disable the separate service proxy listener. Localhost
+    // service proxying is now always enabled; this only suppresses optional layers.
+    const optionalLayersEnabled = enabledShim !== false;
+    const publicBaseUrl = optionalLayersEnabled
+        ? resolveServiceProxyPublicBaseUrl(env.PASEO_SERVICE_PROXY_PUBLIC_BASE_URL ??
+            persisted.daemon?.serviceProxy?.publicBaseUrl ??
+            null)
+        : null;
+    const standaloneListen = optionalLayersEnabled
+        ? (env.PASEO_SERVICE_PROXY_LISTEN ?? persisted.daemon?.serviceProxy?.listen ?? null)
+        : null;
+    return { publicBaseUrl, standaloneListen };
+}
 function resolveVoiceLlmConfig(env, persisted) {
     const envVoiceLlmProvider = parseOptionalVoiceLlmProvider(env.PASEO_VOICE_LLM_PROVIDER);
     const persistedVoiceLlmProvider = parseOptionalVoiceLlmProvider(persisted.features?.voiceMode?.llm?.provider);
@@ -145,6 +173,16 @@ function resolveAuthConfig(env, persisted) {
         ? { password: persisted.daemon.auth.password }
         : undefined;
 }
+function resolveWorktreesRoot(paseoHome, persisted) {
+    const configuredRoot = persisted.worktrees?.root?.trim();
+    if (!configuredRoot) {
+        return undefined;
+    }
+    const expandedRoot = expandTilde(configuredRoot);
+    return path.isAbsolute(expandedRoot)
+        ? path.resolve(expandedRoot)
+        : path.resolve(paseoHome, expandedRoot);
+}
 function resolveAppendSystemPrompt(persisted) {
     return persisted.daemon?.appendSystemPrompt ?? "";
 }
@@ -173,6 +211,7 @@ export function loadConfig(paseoHome, options) {
         cliRelayEnabled: options?.cli?.relayEnabled,
         cliRelayUseTls: options?.cli?.relayUseTls,
     });
+    const serviceProxy = resolveServiceProxyConfig(env, persisted);
     const { openai, speech } = resolveSpeechConfig({
         paseoHome,
         env,
@@ -183,6 +222,7 @@ export function loadConfig(paseoHome, options) {
     return {
         listen,
         paseoHome,
+        worktreesRoot: resolveWorktreesRoot(paseoHome, persisted),
         corsAllowedOrigins: resolveCorsAllowedOrigins(env, persisted),
         hostnames,
         mcpEnabled,
@@ -199,6 +239,7 @@ export function loadConfig(paseoHome, options) {
         relayPublicEndpoint: relay.publicEndpoint,
         relayUseTls: relay.useTls,
         relayPublicUseTls: relay.publicUseTls,
+        serviceProxy,
         appBaseUrl,
         auth: resolveAuthConfig(env, persisted),
         openai,

package/dist/server/server/daemon-keypair.js

@@ -2,7 +2,7 @@ import { existsSync, readFileSync } from "node:fs";
 import path from "node:path";
 import { z } from "zod";
 import { generateKeyPair, exportPublicKey, exportSecretKey, importPublicKey, importSecretKey, } from "@getpaseo/relay/e2ee";
-import { ensurePrivateFile, writePrivateFileSync } from "./private-files.js";
+import { ensurePrivateFile, writePrivateFileAtomicSync } from "./private-files.js";
 const KeyPairSchema = z.object({
     v: z.literal(2),
     publicKeyB64: z.string().min(1),
@@ -35,7 +35,7 @@ export async function loadOrCreateDaemonKeyPair(paseoHome, logger) {
         publicKeyB64,
         secretKeyB64,
     };
-    writePrivateFileSync(filePath, JSON.stringify(payload, null, 2) + "\n");
+    writePrivateFileAtomicSync(filePath, JSON.stringify(payload, null, 2) + "\n");
     log?.info({ filePath }, "Saved daemon keypair");
     return { keyPair, publicKeyB64 };
 }