@h-rig/relay-registry 0.0.6-alpha.92

package/README.md

@@ -0,0 +1 @@
+# @h-rig/relay-registry

package/dist/src/auth.d.ts

@@ -0,0 +1,2 @@
+export declare function deriveOwnerToken(namespaceKey: string, secret: string): string;
+export declare function verifyOwnerBearer(header: string | null | undefined, namespaceKey: string, secret: string): boolean;

package/dist/src/auth.js

@@ -0,0 +1,28 @@
+// @bun
+// packages/relay-registry/src/auth.ts
+import { createHash, createHmac, timingSafeEqual } from "crypto";
+function deriveOwnerToken(namespaceKey, secret) {
+  return createHmac("sha256", secret).update(namespaceKey).digest("base64url");
+}
+function bearerToken(header) {
+  if (!header)
+    return null;
+  const [scheme, token, extra] = header.trim().split(/\s+/);
+  if (extra !== undefined || scheme?.toLowerCase() !== "bearer" || !token)
+    return null;
+  return token;
+}
+function digest(value) {
+  return createHash("sha256").update(value).digest();
+}
+function verifyOwnerBearer(header, namespaceKey, secret) {
+  const token = bearerToken(header);
+  if (!token)
+    return false;
+  const expected = deriveOwnerToken(namespaceKey, secret);
+  return timingSafeEqual(digest(token), digest(expected)) && token.length === expected.length;
+}
+export {
+  verifyOwnerBearer,
+  deriveOwnerToken
+};

package/dist/src/bin/relay.d.ts

@@ -0,0 +1,36 @@
+/**
+ * Standalone content-blind collab relay for where.rig-does.work.
+ *
+ * This is oh-my-pi's relay contract verbatim (from
+ * can1357/oh-my-pi packages/collab-web/scripts/local-relay.ts), so the
+ * @oh-my-pi/pi-coding-agent host/guest clients interoperate unchanged:
+ *   - GET /r/<roomId>?role=host|guest upgrades to a WebSocket.
+ *   - host creates the room; second host -> close 4009; guest to missing -> 4004.
+ *   - host binary frames: peerId 0 broadcasts to all guests, peerId N targets one.
+ *   - guest binary frames: first 4 envelope bytes rewritten to the sender's peerId,
+ *     forwarded to the host.
+ *   - TEXT control to host: {"t":"peer-joined","peer":N} / {"t":"peer-left","peer":N}.
+ *   - host disconnect: {"t":"room-closed"} to guests, close 4001, room GC'd.
+ * Payloads stay sealed end-to-end — the relay never sees plaintext.
+ */
+declare const ENVELOPE_HEADER_LENGTH = 4;
+declare function unpackEnvelope(data: Uint8Array): {
+    peerId: number;
+    payload: Uint8Array;
+} | null;
+declare function rewriteEnvelopePeer(data: Uint8Array, peerId: number): void;
+declare const ROOM_PATH_RE: RegExp;
+interface SocketData {
+    roomId: string;
+    role: "host" | "guest";
+    peerId: number;
+}
+type RelaySocket = Bun.ServerWebSocket<SocketData>;
+interface Room {
+    host: RelaySocket;
+    guests: Map<number, RelaySocket>;
+    nextPeerId: number;
+}
+declare const rooms: Map<string, Room>;
+declare const port: number;
+declare const server: Bun.Server<SocketData>;

package/dist/src/bin/relay.js

@@ -0,0 +1,99 @@
+// @bun
+// packages/relay-registry/src/bin/relay.ts
+var ENVELOPE_HEADER_LENGTH = 4;
+function unpackEnvelope(data) {
+  if (data.byteLength < ENVELOPE_HEADER_LENGTH)
+    return null;
+  const peerId = new DataView(data.buffer, data.byteOffset, ENVELOPE_HEADER_LENGTH).getUint32(0, false);
+  return { peerId, payload: data.subarray(ENVELOPE_HEADER_LENGTH) };
+}
+function rewriteEnvelopePeer(data, peerId) {
+  new DataView(data.buffer, data.byteOffset, ENVELOPE_HEADER_LENGTH).setUint32(0, peerId, false);
+}
+var ROOM_PATH_RE = /^\/r\/([A-Za-z0-9_-]{10,64})$/;
+var rooms = new Map;
+var port = Number(process.env.RELAY_PORT ?? "3774");
+var server = Bun.serve({
+  port,
+  fetch(req, srv) {
+    const url = new URL(req.url);
+    if (url.pathname === "/health")
+      return new Response("ok");
+    const match = ROOM_PATH_RE.exec(url.pathname);
+    const role = url.searchParams.get("role");
+    if (!match || role !== "host" && role !== "guest") {
+      return new Response("not found", { status: 404 });
+    }
+    const data = { roomId: match[1], role, peerId: 0 };
+    if (srv.upgrade(req, { data }))
+      return;
+    return new Response("websocket upgrade required", { status: 426 });
+  },
+  websocket: {
+    open(ws) {
+      const { roomId, role } = ws.data;
+      if (role === "host") {
+        if (rooms.has(roomId)) {
+          ws.close(4009, "a host is already connected for this room");
+          return;
+        }
+        rooms.set(roomId, { host: ws, guests: new Map, nextPeerId: 1 });
+        return;
+      }
+      const room = rooms.get(roomId);
+      if (!room) {
+        ws.close(4004, "no such room");
+        return;
+      }
+      const peerId = room.nextPeerId++;
+      ws.data.peerId = peerId;
+      room.guests.set(peerId, ws);
+      room.host.send(JSON.stringify({ t: "peer-joined", peer: peerId }));
+    },
+    message(ws, message) {
+      if (typeof message === "string")
+        return;
+      const room = rooms.get(ws.data.roomId);
+      if (!room)
+        return;
+      if (ws.data.role === "host") {
+        const envelope = unpackEnvelope(message);
+        if (!envelope)
+          return;
+        if (envelope.peerId === 0) {
+          for (const guest of room.guests.values())
+            guest.send(message);
+        } else {
+          room.guests.get(envelope.peerId)?.send(message);
+        }
+        return;
+      }
+      if (message.byteLength < 4)
+        return;
+      rewriteEnvelopePeer(message, ws.data.peerId);
+      room.host.send(message);
+    },
+    close(ws) {
+      const { roomId, role, peerId } = ws.data;
+      const room = rooms.get(roomId);
+      if (!room)
+        return;
+      if (role === "host") {
+        if (room.host !== ws)
+          return;
+        rooms.delete(roomId);
+        const closure = JSON.stringify({ t: "room-closed" });
+        for (const guest of room.guests.values()) {
+          guest.send(closure);
+          guest.close(4001, "room closed");
+        }
+        room.guests.clear();
+        return;
+      }
+      if (room.guests.delete(peerId)) {
+        room.host.send(JSON.stringify({ t: "peer-left", peer: peerId }));
+      }
+    }
+  }
+});
+console.log(`rig-omp-relay listening on :${server.port}`);

package/dist/src/bin/serve.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env bun
+export {};

package/dist/src/bin/serve.js

@@ -0,0 +1,288 @@
+#!/usr/bin/env bun
+// @bun
+
+// packages/relay-registry/src/server.ts
+import { Schema as Schema2 } from "@rig/contracts";
+
+// packages/relay-registry/src/auth.ts
+import { createHash, createHmac, timingSafeEqual } from "crypto";
+function deriveOwnerToken(namespaceKey, secret) {
+  return createHmac("sha256", secret).update(namespaceKey).digest("base64url");
+}
+function bearerToken(header) {
+  if (!header)
+    return null;
+  const [scheme, token, extra] = header.trim().split(/\s+/);
+  if (extra !== undefined || scheme?.toLowerCase() !== "bearer" || !token)
+    return null;
+  return token;
+}
+function digest(value) {
+  return createHash("sha256").update(value).digest();
+}
+function verifyOwnerBearer(header, namespaceKey, secret) {
+  const token = bearerToken(header);
+  if (!token)
+    return false;
+  const expected = deriveOwnerToken(namespaceKey, secret);
+  return timingSafeEqual(digest(token), digest(expected)) && token.length === expected.length;
+}
+
+// packages/relay-registry/src/schema.ts
+import { Schema } from "@rig/contracts";
+var RegistryOwner = Schema.Struct({
+  githubUserId: Schema.String,
+  login: Schema.String,
+  namespaceKey: Schema.String
+});
+var RegistryStatus = Schema.Literals([
+  "starting",
+  "running",
+  "waiting-approval",
+  "waiting-input",
+  "completed",
+  "failed",
+  "stopped"
+]);
+var RegistryEntry = Schema.Struct({
+  roomId: Schema.String,
+  owner: RegistryOwner,
+  repo: Schema.String,
+  title: Schema.String,
+  status: RegistryStatus,
+  joinLink: Schema.String,
+  webLink: Schema.String,
+  relayUrl: Schema.String,
+  startedAt: Schema.String,
+  heartbeatAt: Schema.String,
+  pid: Schema.optional(Schema.Number)
+});
+var RegisterRequest = Schema.Struct({
+  roomId: Schema.String,
+  owner: RegistryOwner,
+  repo: Schema.String,
+  title: Schema.String,
+  status: RegistryStatus,
+  joinLink: Schema.String,
+  webLink: Schema.String,
+  relayUrl: Schema.String,
+  startedAt: Schema.String,
+  pid: Schema.optional(Schema.Number)
+});
+var HeartbeatRequest = Schema.Struct({
+  roomId: Schema.String,
+  status: RegistryStatus
+});
+var RemoveRequest = Schema.Struct({
+  roomId: Schema.String
+});
+var ListedRegistryEntry = Schema.Struct({
+  roomId: Schema.String,
+  owner: RegistryOwner,
+  repo: Schema.String,
+  title: Schema.String,
+  status: RegistryStatus,
+  joinLink: Schema.String,
+  webLink: Schema.String,
+  relayUrl: Schema.String,
+  startedAt: Schema.String,
+  heartbeatAt: Schema.String,
+  pid: Schema.optional(Schema.Number),
+  stale: Schema.Boolean
+});
+var ListResponse = Schema.Struct({
+  entries: Schema.Array(ListedRegistryEntry)
+});
+var RegisterResponse = Schema.Struct({
+  entry: RegistryEntry
+});
+var HeartbeatResponse = Schema.Struct({
+  entry: RegistryEntry
+});
+var RemoveResponse = Schema.Struct({
+  removed: Schema.Boolean
+});
+
+// packages/relay-registry/src/staleness.ts
+var LIVE_STALE_AFTER_MS = 45000;
+function computeStale(entry, now = Date.now()) {
+  const heartbeat = Date.parse(entry.heartbeatAt);
+  return !(Number.isFinite(heartbeat) && now - heartbeat <= LIVE_STALE_AFTER_MS);
+}
+
+// packages/relay-registry/src/server.ts
+var decodeRegisterRequest = Schema2.decodeUnknownSync(RegisterRequest);
+var decodeHeartbeatRequest = Schema2.decodeUnknownSync(HeartbeatRequest);
+var decodeRemoveRequest = Schema2.decodeUnknownSync(RemoveRequest);
+function json(data, init) {
+  return Response.json(data, init);
+}
+function routePath(request) {
+  return new URL(request.url).pathname.replace(/\/+$/, "") || "/";
+}
+async function decodeJsonBody(request, decode) {
+  return decode(await request.json());
+}
+function unauthorized() {
+  return json({ ok: false, error: "unauthorized" }, { status: 401 });
+}
+function notFound() {
+  return json({ ok: false, error: "not found" }, { status: 404 });
+}
+function badRequest(error) {
+  return json({ ok: false, error: error instanceof Error ? error.message : String(error) }, { status: 400 });
+}
+function startRegistryServer(options) {
+  const entries = new Map;
+  const now = options.now ?? Date.now;
+  const subscribers = new Map;
+  const encoder = new TextEncoder;
+  const publish = (namespaceKey, event) => {
+    const subs = subscribers.get(namespaceKey);
+    if (!subs || subs.size === 0)
+      return;
+    const frame = encoder.encode(`data: ${JSON.stringify(event)}
+
+`);
+    for (const controller of subs) {
+      try {
+        controller.enqueue(frame);
+      } catch {}
+    }
+  };
+  const keepalive = setInterval(() => {
+    const ping = encoder.encode(`: ping
+
+`);
+    for (const subs of subscribers.values()) {
+      for (const controller of subs) {
+        try {
+          controller.enqueue(ping);
+        } catch {}
+      }
+    }
+  }, 25000);
+  if (typeof keepalive.unref === "function")
+    keepalive.unref();
+  const server = Bun.serve({
+    port: options.port ?? 0,
+    async fetch(request) {
+      const url = new URL(request.url);
+      const path = routePath(request);
+      if (request.method === "GET" && path === "/registry/health")
+        return json({ ok: true });
+      try {
+        if (request.method === "POST" && path === "/registry/register") {
+          const body = await decodeJsonBody(request, decodeRegisterRequest);
+          if (!verifyOwnerBearer(request.headers.get("authorization"), body.owner.namespaceKey, options.secret))
+            return unauthorized();
+          const entry = { ...body, heartbeatAt: new Date(now()).toISOString() };
+          entries.set(entry.roomId, entry);
+          publish(entry.owner.namespaceKey, { type: "registered", roomId: entry.roomId });
+          return json({ entry });
+        }
+        if (request.method === "POST" && path === "/registry/heartbeat") {
+          const body = await decodeJsonBody(request, decodeHeartbeatRequest);
+          const entry = entries.get(body.roomId);
+          if (!entry)
+            return notFound();
+          if (!verifyOwnerBearer(request.headers.get("authorization"), entry.owner.namespaceKey, options.secret))
+            return unauthorized();
+          const updated = {
+            ...entry,
+            status: body.status,
+            heartbeatAt: new Date(now()).toISOString()
+          };
+          entries.set(updated.roomId, updated);
+          publish(updated.owner.namespaceKey, { type: "heartbeat", roomId: updated.roomId });
+          return json({ entry: updated });
+        }
+        if (request.method === "GET" && path === "/registry/list") {
+          const namespaceKey = url.searchParams.get("namespaceKey");
+          if (!namespaceKey || !verifyOwnerBearer(request.headers.get("authorization"), namespaceKey, options.secret))
+            return unauthorized();
+          const repo = url.searchParams.get("repo");
+          const listedAt = now();
+          const scoped = Array.from(entries.values()).filter((entry) => entry.owner.namespaceKey === namespaceKey).filter((entry) => repo === null || entry.repo === repo).map((entry) => ({ ...entry, stale: computeStale(entry, listedAt) }));
+          return json({ entries: scoped });
+        }
+        if (request.method === "POST" && path === "/registry/remove") {
+          const body = await decodeJsonBody(request, decodeRemoveRequest);
+          const entry = entries.get(body.roomId);
+          if (!entry)
+            return notFound();
+          if (!verifyOwnerBearer(request.headers.get("authorization"), entry.owner.namespaceKey, options.secret))
+            return unauthorized();
+          entries.delete(body.roomId);
+          publish(entry.owner.namespaceKey, { type: "removed", roomId: entry.roomId });
+          return json({ removed: true });
+        }
+        if (request.method === "GET" && path === "/registry/subscribe") {
+          const namespaceKey = url.searchParams.get("namespaceKey");
+          if (!namespaceKey || !verifyOwnerBearer(request.headers.get("authorization"), namespaceKey, options.secret))
+            return unauthorized();
+          let registered;
+          const body = new ReadableStream({
+            start(controller) {
+              registered = controller;
+              let set = subscribers.get(namespaceKey);
+              if (!set) {
+                set = new Set;
+                subscribers.set(namespaceKey, set);
+              }
+              set.add(controller);
+              controller.enqueue(encoder.encode(`: connected
+
+`));
+            },
+            cancel() {
+              const set = subscribers.get(namespaceKey);
+              if (set && registered) {
+                set.delete(registered);
+                if (set.size === 0)
+                  subscribers.delete(namespaceKey);
+              }
+            }
+          });
+          return new Response(body, {
+            headers: {
+              "content-type": "text/event-stream",
+              "cache-control": "no-cache",
+              connection: "keep-alive"
+            }
+          });
+        }
+        return notFound();
+      } catch (error) {
+        return badRequest(error);
+      }
+    }
+  });
+  const boundPort = Number(server.url.port);
+  return {
+    port: boundPort,
+    stop() {
+      clearInterval(keepalive);
+      for (const subs of subscribers.values()) {
+        for (const controller of subs) {
+          try {
+            controller.close();
+          } catch {}
+        }
+      }
+      subscribers.clear();
+      server.stop(true);
+    }
+  };
+}
+
+// packages/relay-registry/src/bin/serve.ts
+var portText = process.env.REGISTRY_PORT ?? "8788";
+var port = Number.parseInt(portText, 10);
+if (!Number.isInteger(port) || port <= 0)
+  throw new Error(`Invalid REGISTRY_PORT: ${portText}`);
+var secret = process.env.REGISTRY_SHARED_SECRET;
+if (!secret)
+  throw new Error("REGISTRY_SHARED_SECRET is required");
+var server = startRegistryServer({ port, secret });
+console.log(`rig-registry listening on :${server.port}`);

package/dist/src/client.d.ts

@@ -0,0 +1,21 @@
+import type { HeartbeatRequest, ListedRegistryEntry, RegisterRequest, RegistryEntry, RemoveRequest } from "./schema";
+export type CollabRegistryFilter = {
+    readonly cwd?: string;
+    readonly selectedRepo?: string;
+    readonly githubUserId?: string;
+    readonly namespaceKey?: string;
+};
+export type RegistryClientOptions = {
+    readonly baseUrl: string;
+    readonly namespaceKey: string;
+    readonly secret: string;
+    readonly fetch?: typeof fetch;
+};
+export type RegistryClient = {
+    registerRoom(room: RegisterRequest): Promise<RegistryEntry>;
+    heartbeatRoom(roomId: string, status: HeartbeatRequest["status"]): Promise<RegistryEntry>;
+    listRoomsByOwner(filter: CollabRegistryFilter): Promise<readonly ListedRegistryEntry[]>;
+    removeRoom(roomId: string): Promise<boolean>;
+};
+export declare function createRegistryClient(options: RegistryClientOptions): RegistryClient;
+export type { HeartbeatRequest, ListedRegistryEntry, RegisterRequest, RegistryEntry, RemoveRequest };

package/dist/src/client.js

@@ -0,0 +1,63 @@
+// @bun
+// packages/relay-registry/src/auth.ts
+import { createHash, createHmac, timingSafeEqual } from "crypto";
+function deriveOwnerToken(namespaceKey, secret) {
+  return createHmac("sha256", secret).update(namespaceKey).digest("base64url");
+}
+
+// packages/relay-registry/src/client.ts
+function registryUrl(baseUrl, pathname) {
+  const base = baseUrl.endsWith("/") ? baseUrl : `${baseUrl}/`;
+  return new URL(pathname.replace(/^\/+/, ""), base);
+}
+async function parseResponseJson(response) {
+  const text = await response.text();
+  const data = text ? JSON.parse(text) : null;
+  if (!response.ok) {
+    const message = data && typeof data === "object" && "error" in data ? String(data.error) : response.statusText;
+    throw new Error(`registry request failed (${response.status}): ${message}`);
+  }
+  return data;
+}
+function createRegistryClient(options) {
+  const requestFetch = options.fetch ?? fetch;
+  const token = deriveOwnerToken(options.namespaceKey, options.secret);
+  const headers = {
+    authorization: `Bearer ${token}`,
+    "content-type": "application/json"
+  };
+  async function post(pathname, body) {
+    const response = await requestFetch(registryUrl(options.baseUrl, pathname), {
+      method: "POST",
+      headers,
+      body: JSON.stringify(body)
+    });
+    return parseResponseJson(response);
+  }
+  return {
+    async registerRoom(room) {
+      const response = await post("register", room);
+      return response.entry;
+    },
+    async heartbeatRoom(roomId, status) {
+      const response = await post("heartbeat", { roomId, status });
+      return response.entry;
+    },
+    async listRoomsByOwner(filter) {
+      const namespaceKey = filter.namespaceKey ?? options.namespaceKey;
+      const url = registryUrl(options.baseUrl, "list");
+      url.searchParams.set("namespaceKey", namespaceKey);
+      if (filter.selectedRepo)
+        url.searchParams.set("repo", filter.selectedRepo);
+      const response = await requestFetch(url, { headers: { authorization: headers.authorization } });
+      return (await parseResponseJson(response)).entries;
+    },
+    async removeRoom(roomId) {
+      const response = await post("remove", { roomId });
+      return response.removed;
+    }
+  };
+}
+export {
+  createRegistryClient
+};

package/dist/src/schema.d.ts

@@ -0,0 +1,137 @@
+import { Schema } from "@rig/contracts";
+export declare const RegistryOwner: Schema.Struct<{
+    readonly githubUserId: Schema.String;
+    readonly login: Schema.String;
+    readonly namespaceKey: Schema.String;
+}>;
+export type RegistryOwner = typeof RegistryOwner.Type;
+export declare const RegistryStatus: Schema.Literals<readonly ["starting", "running", "waiting-approval", "waiting-input", "completed", "failed", "stopped"]>;
+export type RegistryStatus = typeof RegistryStatus.Type;
+export declare const RegistryEntry: Schema.Struct<{
+    readonly roomId: Schema.String;
+    readonly owner: Schema.Struct<{
+        readonly githubUserId: Schema.String;
+        readonly login: Schema.String;
+        readonly namespaceKey: Schema.String;
+    }>;
+    readonly repo: Schema.String;
+    readonly title: Schema.String;
+    readonly status: Schema.Literals<readonly ["starting", "running", "waiting-approval", "waiting-input", "completed", "failed", "stopped"]>;
+    readonly joinLink: Schema.String;
+    readonly webLink: Schema.String;
+    readonly relayUrl: Schema.String;
+    readonly startedAt: Schema.String;
+    readonly heartbeatAt: Schema.String;
+    readonly pid: Schema.optional<Schema.Number>;
+}>;
+export type RegistryEntry = typeof RegistryEntry.Type;
+export declare const RegisterRequest: Schema.Struct<{
+    readonly roomId: Schema.String;
+    readonly owner: Schema.Struct<{
+        readonly githubUserId: Schema.String;
+        readonly login: Schema.String;
+        readonly namespaceKey: Schema.String;
+    }>;
+    readonly repo: Schema.String;
+    readonly title: Schema.String;
+    readonly status: Schema.Literals<readonly ["starting", "running", "waiting-approval", "waiting-input", "completed", "failed", "stopped"]>;
+    readonly joinLink: Schema.String;
+    readonly webLink: Schema.String;
+    readonly relayUrl: Schema.String;
+    readonly startedAt: Schema.String;
+    readonly pid: Schema.optional<Schema.Number>;
+}>;
+export type RegisterRequest = typeof RegisterRequest.Type;
+export declare const HeartbeatRequest: Schema.Struct<{
+    readonly roomId: Schema.String;
+    readonly status: Schema.Literals<readonly ["starting", "running", "waiting-approval", "waiting-input", "completed", "failed", "stopped"]>;
+}>;
+export type HeartbeatRequest = typeof HeartbeatRequest.Type;
+export declare const RemoveRequest: Schema.Struct<{
+    readonly roomId: Schema.String;
+}>;
+export type RemoveRequest = typeof RemoveRequest.Type;
+export declare const ListedRegistryEntry: Schema.Struct<{
+    readonly roomId: Schema.String;
+    readonly owner: Schema.Struct<{
+        readonly githubUserId: Schema.String;
+        readonly login: Schema.String;
+        readonly namespaceKey: Schema.String;
+    }>;
+    readonly repo: Schema.String;
+    readonly title: Schema.String;
+    readonly status: Schema.Literals<readonly ["starting", "running", "waiting-approval", "waiting-input", "completed", "failed", "stopped"]>;
+    readonly joinLink: Schema.String;
+    readonly webLink: Schema.String;
+    readonly relayUrl: Schema.String;
+    readonly startedAt: Schema.String;
+    readonly heartbeatAt: Schema.String;
+    readonly pid: Schema.optional<Schema.Number>;
+    readonly stale: Schema.Boolean;
+}>;
+export type ListedRegistryEntry = typeof ListedRegistryEntry.Type;
+export declare const ListResponse: Schema.Struct<{
+    readonly entries: Schema.$Array<Schema.Struct<{
+        readonly roomId: Schema.String;
+        readonly owner: Schema.Struct<{
+            readonly githubUserId: Schema.String;
+            readonly login: Schema.String;
+            readonly namespaceKey: Schema.String;
+        }>;
+        readonly repo: Schema.String;
+        readonly title: Schema.String;
+        readonly status: Schema.Literals<readonly ["starting", "running", "waiting-approval", "waiting-input", "completed", "failed", "stopped"]>;
+        readonly joinLink: Schema.String;
+        readonly webLink: Schema.String;
+        readonly relayUrl: Schema.String;
+        readonly startedAt: Schema.String;
+        readonly heartbeatAt: Schema.String;
+        readonly pid: Schema.optional<Schema.Number>;
+        readonly stale: Schema.Boolean;
+    }>>;
+}>;
+export type ListResponse = typeof ListResponse.Type;
+export declare const RegisterResponse: Schema.Struct<{
+    readonly entry: Schema.Struct<{
+        readonly roomId: Schema.String;
+        readonly owner: Schema.Struct<{
+            readonly githubUserId: Schema.String;
+            readonly login: Schema.String;
+            readonly namespaceKey: Schema.String;
+        }>;
+        readonly repo: Schema.String;
+        readonly title: Schema.String;
+        readonly status: Schema.Literals<readonly ["starting", "running", "waiting-approval", "waiting-input", "completed", "failed", "stopped"]>;
+        readonly joinLink: Schema.String;
+        readonly webLink: Schema.String;
+        readonly relayUrl: Schema.String;
+        readonly startedAt: Schema.String;
+        readonly heartbeatAt: Schema.String;
+        readonly pid: Schema.optional<Schema.Number>;
+    }>;
+}>;
+export type RegisterResponse = typeof RegisterResponse.Type;
+export declare const HeartbeatResponse: Schema.Struct<{
+    readonly entry: Schema.Struct<{
+        readonly roomId: Schema.String;
+        readonly owner: Schema.Struct<{
+            readonly githubUserId: Schema.String;
+            readonly login: Schema.String;
+            readonly namespaceKey: Schema.String;
+        }>;
+        readonly repo: Schema.String;
+        readonly title: Schema.String;
+        readonly status: Schema.Literals<readonly ["starting", "running", "waiting-approval", "waiting-input", "completed", "failed", "stopped"]>;
+        readonly joinLink: Schema.String;
+        readonly webLink: Schema.String;
+        readonly relayUrl: Schema.String;
+        readonly startedAt: Schema.String;
+        readonly heartbeatAt: Schema.String;
+        readonly pid: Schema.optional<Schema.Number>;
+    }>;
+}>;
+export type HeartbeatResponse = typeof HeartbeatResponse.Type;
+export declare const RemoveResponse: Schema.Struct<{
+    readonly removed: Schema.Boolean;
+}>;
+export type RemoveResponse = typeof RemoveResponse.Type;

package/dist/src/schema.js

@@ -0,0 +1,88 @@
+// @bun
+// packages/relay-registry/src/schema.ts
+import { Schema } from "@rig/contracts";
+var RegistryOwner = Schema.Struct({
+  githubUserId: Schema.String,
+  login: Schema.String,
+  namespaceKey: Schema.String
+});
+var RegistryStatus = Schema.Literals([
+  "starting",
+  "running",
+  "waiting-approval",
+  "waiting-input",
+  "completed",
+  "failed",
+  "stopped"
+]);
+var RegistryEntry = Schema.Struct({
+  roomId: Schema.String,
+  owner: RegistryOwner,
+  repo: Schema.String,
+  title: Schema.String,
+  status: RegistryStatus,
+  joinLink: Schema.String,
+  webLink: Schema.String,
+  relayUrl: Schema.String,
+  startedAt: Schema.String,
+  heartbeatAt: Schema.String,
+  pid: Schema.optional(Schema.Number)
+});
+var RegisterRequest = Schema.Struct({
+  roomId: Schema.String,
+  owner: RegistryOwner,
+  repo: Schema.String,
+  title: Schema.String,
+  status: RegistryStatus,
+  joinLink: Schema.String,
+  webLink: Schema.String,
+  relayUrl: Schema.String,
+  startedAt: Schema.String,
+  pid: Schema.optional(Schema.Number)
+});
+var HeartbeatRequest = Schema.Struct({
+  roomId: Schema.String,
+  status: RegistryStatus
+});
+var RemoveRequest = Schema.Struct({
+  roomId: Schema.String
+});
+var ListedRegistryEntry = Schema.Struct({
+  roomId: Schema.String,
+  owner: RegistryOwner,
+  repo: Schema.String,
+  title: Schema.String,
+  status: RegistryStatus,
+  joinLink: Schema.String,
+  webLink: Schema.String,
+  relayUrl: Schema.String,
+  startedAt: Schema.String,
+  heartbeatAt: Schema.String,
+  pid: Schema.optional(Schema.Number),
+  stale: Schema.Boolean
+});
+var ListResponse = Schema.Struct({
+  entries: Schema.Array(ListedRegistryEntry)
+});
+var RegisterResponse = Schema.Struct({
+  entry: RegistryEntry
+});
+var HeartbeatResponse = Schema.Struct({
+  entry: RegistryEntry
+});
+var RemoveResponse = Schema.Struct({
+  removed: Schema.Boolean
+});
+export {
+  RemoveResponse,
+  RemoveRequest,
+  RegistryStatus,
+  RegistryOwner,
+  RegistryEntry,
+  RegisterResponse,
+  RegisterRequest,
+  ListedRegistryEntry,
+  ListResponse,
+  HeartbeatResponse,
+  HeartbeatRequest
+};

package/dist/src/server.d.ts

@@ -0,0 +1,11 @@
+type StartRegistryServerOptions = {
+    readonly port?: number;
+    readonly secret: string;
+    readonly now?: () => number;
+};
+export type RegistryServer = {
+    readonly port: number;
+    stop(): void;
+};
+export declare function startRegistryServer(options: StartRegistryServerOptions): RegistryServer;
+export {};

package/dist/src/server.js

@@ -0,0 +1,278 @@
+// @bun
+// packages/relay-registry/src/server.ts
+import { Schema as Schema2 } from "@rig/contracts";
+
+// packages/relay-registry/src/auth.ts
+import { createHash, createHmac, timingSafeEqual } from "crypto";
+function deriveOwnerToken(namespaceKey, secret) {
+  return createHmac("sha256", secret).update(namespaceKey).digest("base64url");
+}
+function bearerToken(header) {
+  if (!header)
+    return null;
+  const [scheme, token, extra] = header.trim().split(/\s+/);
+  if (extra !== undefined || scheme?.toLowerCase() !== "bearer" || !token)
+    return null;
+  return token;
+}
+function digest(value) {
+  return createHash("sha256").update(value).digest();
+}
+function verifyOwnerBearer(header, namespaceKey, secret) {
+  const token = bearerToken(header);
+  if (!token)
+    return false;
+  const expected = deriveOwnerToken(namespaceKey, secret);
+  return timingSafeEqual(digest(token), digest(expected)) && token.length === expected.length;
+}
+
+// packages/relay-registry/src/schema.ts
+import { Schema } from "@rig/contracts";
+var RegistryOwner = Schema.Struct({
+  githubUserId: Schema.String,
+  login: Schema.String,
+  namespaceKey: Schema.String
+});
+var RegistryStatus = Schema.Literals([
+  "starting",
+  "running",
+  "waiting-approval",
+  "waiting-input",
+  "completed",
+  "failed",
+  "stopped"
+]);
+var RegistryEntry = Schema.Struct({
+  roomId: Schema.String,
+  owner: RegistryOwner,
+  repo: Schema.String,
+  title: Schema.String,
+  status: RegistryStatus,
+  joinLink: Schema.String,
+  webLink: Schema.String,
+  relayUrl: Schema.String,
+  startedAt: Schema.String,
+  heartbeatAt: Schema.String,
+  pid: Schema.optional(Schema.Number)
+});
+var RegisterRequest = Schema.Struct({
+  roomId: Schema.String,
+  owner: RegistryOwner,
+  repo: Schema.String,
+  title: Schema.String,
+  status: RegistryStatus,
+  joinLink: Schema.String,
+  webLink: Schema.String,
+  relayUrl: Schema.String,
+  startedAt: Schema.String,
+  pid: Schema.optional(Schema.Number)
+});
+var HeartbeatRequest = Schema.Struct({
+  roomId: Schema.String,
+  status: RegistryStatus
+});
+var RemoveRequest = Schema.Struct({
+  roomId: Schema.String
+});
+var ListedRegistryEntry = Schema.Struct({
+  roomId: Schema.String,
+  owner: RegistryOwner,
+  repo: Schema.String,
+  title: Schema.String,
+  status: RegistryStatus,
+  joinLink: Schema.String,
+  webLink: Schema.String,
+  relayUrl: Schema.String,
+  startedAt: Schema.String,
+  heartbeatAt: Schema.String,
+  pid: Schema.optional(Schema.Number),
+  stale: Schema.Boolean
+});
+var ListResponse = Schema.Struct({
+  entries: Schema.Array(ListedRegistryEntry)
+});
+var RegisterResponse = Schema.Struct({
+  entry: RegistryEntry
+});
+var HeartbeatResponse = Schema.Struct({
+  entry: RegistryEntry
+});
+var RemoveResponse = Schema.Struct({
+  removed: Schema.Boolean
+});
+
+// packages/relay-registry/src/staleness.ts
+var LIVE_STALE_AFTER_MS = 45000;
+function computeStale(entry, now = Date.now()) {
+  const heartbeat = Date.parse(entry.heartbeatAt);
+  return !(Number.isFinite(heartbeat) && now - heartbeat <= LIVE_STALE_AFTER_MS);
+}
+
+// packages/relay-registry/src/server.ts
+var decodeRegisterRequest = Schema2.decodeUnknownSync(RegisterRequest);
+var decodeHeartbeatRequest = Schema2.decodeUnknownSync(HeartbeatRequest);
+var decodeRemoveRequest = Schema2.decodeUnknownSync(RemoveRequest);
+function json(data, init) {
+  return Response.json(data, init);
+}
+function routePath(request) {
+  return new URL(request.url).pathname.replace(/\/+$/, "") || "/";
+}
+async function decodeJsonBody(request, decode) {
+  return decode(await request.json());
+}
+function unauthorized() {
+  return json({ ok: false, error: "unauthorized" }, { status: 401 });
+}
+function notFound() {
+  return json({ ok: false, error: "not found" }, { status: 404 });
+}
+function badRequest(error) {
+  return json({ ok: false, error: error instanceof Error ? error.message : String(error) }, { status: 400 });
+}
+function startRegistryServer(options) {
+  const entries = new Map;
+  const now = options.now ?? Date.now;
+  const subscribers = new Map;
+  const encoder = new TextEncoder;
+  const publish = (namespaceKey, event) => {
+    const subs = subscribers.get(namespaceKey);
+    if (!subs || subs.size === 0)
+      return;
+    const frame = encoder.encode(`data: ${JSON.stringify(event)}
+
+`);
+    for (const controller of subs) {
+      try {
+        controller.enqueue(frame);
+      } catch {}
+    }
+  };
+  const keepalive = setInterval(() => {
+    const ping = encoder.encode(`: ping
+
+`);
+    for (const subs of subscribers.values()) {
+      for (const controller of subs) {
+        try {
+          controller.enqueue(ping);
+        } catch {}
+      }
+    }
+  }, 25000);
+  if (typeof keepalive.unref === "function")
+    keepalive.unref();
+  const server = Bun.serve({
+    port: options.port ?? 0,
+    async fetch(request) {
+      const url = new URL(request.url);
+      const path = routePath(request);
+      if (request.method === "GET" && path === "/registry/health")
+        return json({ ok: true });
+      try {
+        if (request.method === "POST" && path === "/registry/register") {
+          const body = await decodeJsonBody(request, decodeRegisterRequest);
+          if (!verifyOwnerBearer(request.headers.get("authorization"), body.owner.namespaceKey, options.secret))
+            return unauthorized();
+          const entry = { ...body, heartbeatAt: new Date(now()).toISOString() };
+          entries.set(entry.roomId, entry);
+          publish(entry.owner.namespaceKey, { type: "registered", roomId: entry.roomId });
+          return json({ entry });
+        }
+        if (request.method === "POST" && path === "/registry/heartbeat") {
+          const body = await decodeJsonBody(request, decodeHeartbeatRequest);
+          const entry = entries.get(body.roomId);
+          if (!entry)
+            return notFound();
+          if (!verifyOwnerBearer(request.headers.get("authorization"), entry.owner.namespaceKey, options.secret))
+            return unauthorized();
+          const updated = {
+            ...entry,
+            status: body.status,
+            heartbeatAt: new Date(now()).toISOString()
+          };
+          entries.set(updated.roomId, updated);
+          publish(updated.owner.namespaceKey, { type: "heartbeat", roomId: updated.roomId });
+          return json({ entry: updated });
+        }
+        if (request.method === "GET" && path === "/registry/list") {
+          const namespaceKey = url.searchParams.get("namespaceKey");
+          if (!namespaceKey || !verifyOwnerBearer(request.headers.get("authorization"), namespaceKey, options.secret))
+            return unauthorized();
+          const repo = url.searchParams.get("repo");
+          const listedAt = now();
+          const scoped = Array.from(entries.values()).filter((entry) => entry.owner.namespaceKey === namespaceKey).filter((entry) => repo === null || entry.repo === repo).map((entry) => ({ ...entry, stale: computeStale(entry, listedAt) }));
+          return json({ entries: scoped });
+        }
+        if (request.method === "POST" && path === "/registry/remove") {
+          const body = await decodeJsonBody(request, decodeRemoveRequest);
+          const entry = entries.get(body.roomId);
+          if (!entry)
+            return notFound();
+          if (!verifyOwnerBearer(request.headers.get("authorization"), entry.owner.namespaceKey, options.secret))
+            return unauthorized();
+          entries.delete(body.roomId);
+          publish(entry.owner.namespaceKey, { type: "removed", roomId: entry.roomId });
+          return json({ removed: true });
+        }
+        if (request.method === "GET" && path === "/registry/subscribe") {
+          const namespaceKey = url.searchParams.get("namespaceKey");
+          if (!namespaceKey || !verifyOwnerBearer(request.headers.get("authorization"), namespaceKey, options.secret))
+            return unauthorized();
+          let registered;
+          const body = new ReadableStream({
+            start(controller) {
+              registered = controller;
+              let set = subscribers.get(namespaceKey);
+              if (!set) {
+                set = new Set;
+                subscribers.set(namespaceKey, set);
+              }
+              set.add(controller);
+              controller.enqueue(encoder.encode(`: connected
+
+`));
+            },
+            cancel() {
+              const set = subscribers.get(namespaceKey);
+              if (set && registered) {
+                set.delete(registered);
+                if (set.size === 0)
+                  subscribers.delete(namespaceKey);
+              }
+            }
+          });
+          return new Response(body, {
+            headers: {
+              "content-type": "text/event-stream",
+              "cache-control": "no-cache",
+              connection: "keep-alive"
+            }
+          });
+        }
+        return notFound();
+      } catch (error) {
+        return badRequest(error);
+      }
+    }
+  });
+  const boundPort = Number(server.url.port);
+  return {
+    port: boundPort,
+    stop() {
+      clearInterval(keepalive);
+      for (const subs of subscribers.values()) {
+        for (const controller of subs) {
+          try {
+            controller.close();
+          } catch {}
+        }
+      }
+      subscribers.clear();
+      server.stop(true);
+    }
+  };
+}
+export {
+  startRegistryServer
+};

package/dist/src/staleness.d.ts

@@ -0,0 +1,3 @@
+import type { RegistryEntry } from "./schema";
+export declare const LIVE_STALE_AFTER_MS = 45000;
+export declare function computeStale(entry: Pick<RegistryEntry, "heartbeatAt">, now?: number): boolean;

package/dist/src/staleness.js

@@ -0,0 +1,11 @@
+// @bun
+// packages/relay-registry/src/staleness.ts
+var LIVE_STALE_AFTER_MS = 45000;
+function computeStale(entry, now = Date.now()) {
+  const heartbeat = Date.parse(entry.heartbeatAt);
+  return !(Number.isFinite(heartbeat) && now - heartbeat <= LIVE_STALE_AFTER_MS);
+}
+export {
+  computeStale,
+  LIVE_STALE_AFTER_MS
+};

package/package.json

@@ -0,0 +1,45 @@
+{
+  "name": "@h-rig/relay-registry",
+  "version": "0.0.6-alpha.92",
+  "type": "module",
+  "description": "Rig package",
+  "license": "UNLICENSED",
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/src/client.d.ts",
+      "import": "./dist/src/client.js"
+    },
+    "./auth": {
+      "types": "./dist/src/auth.d.ts",
+      "import": "./dist/src/auth.js"
+    },
+    "./client": {
+      "types": "./dist/src/client.d.ts",
+      "import": "./dist/src/client.js"
+    },
+    "./schema": {
+      "types": "./dist/src/schema.d.ts",
+      "import": "./dist/src/schema.js"
+    },
+    "./server": {
+      "types": "./dist/src/server.d.ts",
+      "import": "./dist/src/server.js"
+    },
+    "./staleness": {
+      "types": "./dist/src/staleness.d.ts",
+      "import": "./dist/src/staleness.js"
+    },
+    "./package.json": "./package.json"
+  },
+  "engines": {
+    "bun": ">=1.3.11"
+  },
+  "main": "./dist/src/client.js",
+  "dependencies": {
+    "@rig/contracts": "npm:@h-rig/contracts@0.0.6-alpha.92"
+  }
+}