@hasna/machines 0.0.32 → 0.0.34

package/dist/mcp/index.js

@@ -40,527 +40,8 @@ function getPackageVersion() {
 import { createServer } from "http";
 import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 
-// node_modules/@hasna/events/dist/index.js
-import { chmod, mkdir, readFile, rename, writeFile } from "fs/promises";
-import { existsSync as existsSync2 } from "fs";
-import { homedir } from "os";
-import { join as join2 } from "path";
-import { createHmac, timingSafeEqual } from "crypto";
-import { randomUUID } from "crypto";
-import { spawn } from "child_process";
-import { randomUUID as randomUUID2 } from "crypto";
-function getPathValue(input, path) {
-  return path.split(".").reduce((value, part) => {
-    if (value && typeof value === "object" && part in value) {
-      return value[part];
-    }
-    return;
-  }, input);
-}
-function wildcardToRegExp(pattern) {
-  const escaped = pattern.replace(/[|\\{}()[\]^$+?.]/g, "\\$&").replace(/\*/g, ".*");
-  return new RegExp(`^${escaped}$`);
-}
-function matchString(value, matcher) {
-  if (matcher === undefined)
-    return true;
-  if (value === undefined)
-    return false;
-  const matchers = Array.isArray(matcher) ? matcher : [matcher];
-  return matchers.some((item) => wildcardToRegExp(item).test(value));
-}
-function matchRecord(input, matcher) {
-  if (!matcher)
-    return true;
-  return Object.entries(matcher).every(([path, expected]) => {
-    const actual = getPathValue(input, path);
-    if (typeof expected === "string" || Array.isArray(expected)) {
-      return matchString(actual === undefined ? undefined : String(actual), expected);
-    }
-    return actual === expected;
-  });
-}
-function eventMatchesFilter(event, filter) {
-  return matchString(event.source, filter.source) && matchString(event.type, filter.type) && matchString(event.subject, filter.subject) && matchString(event.severity, filter.severity) && matchRecord(event.data, filter.data) && matchRecord(event.metadata, filter.metadata);
-}
-function channelMatchesEvent(channel, event) {
-  if (!channel.enabled)
-    return false;
-  if (!channel.filters || channel.filters.length === 0)
-    return true;
-  return channel.filters.some((filter) => eventMatchesFilter(event, filter));
-}
-var HASNA_EVENTS_DIR_ENV = "HASNA_EVENTS_DIR";
-var HASNA_EVENTS_HOME_ENV = "HASNA_EVENTS_HOME";
-function getEventsDataDir(override) {
-  return override || process.env[HASNA_EVENTS_DIR_ENV] || process.env[HASNA_EVENTS_HOME_ENV] || join2(homedir(), ".hasna", "events");
-}
-
-class JsonEventsStore {
-  dataDir;
-  channelsPath;
-  eventsPath;
-  deliveriesPath;
-  constructor(dataDir = getEventsDataDir()) {
-    this.dataDir = dataDir;
-    this.channelsPath = join2(dataDir, "channels.json");
-    this.eventsPath = join2(dataDir, "events.json");
-    this.deliveriesPath = join2(dataDir, "deliveries.json");
-  }
-  async init() {
-    await mkdir(this.dataDir, { recursive: true, mode: 448 });
-    await chmod(this.dataDir, 448).catch(() => {
-      return;
-    });
-    await this.ensureArrayFile(this.channelsPath);
-    await this.ensureArrayFile(this.eventsPath);
-    await this.ensureArrayFile(this.deliveriesPath);
-  }
-  async addChannel(channel) {
-    await this.init();
-    const channels = await this.readJson(this.channelsPath, []);
-    const index = channels.findIndex((item) => item.id === channel.id);
-    if (index >= 0) {
-      channels[index] = { ...channel, createdAt: channels[index].createdAt, updatedAt: new Date().toISOString() };
-    } else {
-      channels.push(channel);
-    }
-    await this.writeJson(this.channelsPath, channels);
-    return index >= 0 ? channels[index] : channel;
-  }
-  async listChannels() {
-    await this.init();
-    return this.readJson(this.channelsPath, []);
-  }
-  async getChannel(id) {
-    const channels = await this.listChannels();
-    return channels.find((channel) => channel.id === id);
-  }
-  async removeChannel(id) {
-    await this.init();
-    const channels = await this.readJson(this.channelsPath, []);
-    const next = channels.filter((channel) => channel.id !== id);
-    await this.writeJson(this.channelsPath, next);
-    return next.length !== channels.length;
-  }
-  async appendEvent(event) {
-    await this.init();
-    const events = await this.readJson(this.eventsPath, []);
-    events.push(event);
-    await this.writeJson(this.eventsPath, events);
-    return event;
-  }
-  async listEvents() {
-    await this.init();
-    return this.readJson(this.eventsPath, []);
-  }
-  async findEventByIdentity(identity) {
-    const events = await this.listEvents();
-    return events.find((event) => identity.id !== undefined && event.id === identity.id || identity.dedupeKey !== undefined && event.dedupeKey === identity.dedupeKey);
-  }
-  async appendDelivery(result) {
-    await this.init();
-    const deliveries = await this.readJson(this.deliveriesPath, []);
-    deliveries.push(result);
-    await this.writeJson(this.deliveriesPath, deliveries);
-    return result;
-  }
-  async listDeliveries() {
-    await this.init();
-    return this.readJson(this.deliveriesPath, []);
-  }
-  async exportData() {
-    return {
-      channels: await this.listChannels(),
-      events: await this.listEvents(),
-      deliveries: await this.listDeliveries()
-    };
-  }
-  async ensureArrayFile(path) {
-    if (!existsSync2(path)) {
-      await writeFile(path, `[]
-`, { encoding: "utf-8", mode: 384 });
-    }
-    await chmod(path, 384).catch(() => {
-      return;
-    });
-  }
-  async readJson(path, fallback) {
-    try {
-      const raw = await readFile(path, "utf-8");
-      if (!raw.trim())
-        return fallback;
-      return JSON.parse(raw);
-    } catch (error) {
-      if (error.code === "ENOENT")
-        return fallback;
-      throw error;
-    }
-  }
-  async writeJson(path, value) {
-    const tempPath = `${path}.${process.pid}.${Date.now()}.tmp`;
-    await writeFile(tempPath, `${JSON.stringify(value, null, 2)}
-`, { encoding: "utf-8", mode: 384 });
-    await rename(tempPath, path);
-    await chmod(path, 384).catch(() => {
-      return;
-    });
-  }
-}
-var DEFAULT_SIGNATURE_TOLERANCE_MS = 5 * 60 * 1000;
-function buildSignatureBase(timestamp, body) {
-  return `${timestamp}.${body}`;
-}
-function signPayload(secret, timestamp, body) {
-  const digest = createHmac("sha256", secret).update(buildSignatureBase(timestamp, body)).digest("hex");
-  return `sha256=${digest}`;
-}
-function now() {
-  return new Date().toISOString();
-}
-function truncate(value, max = 4096) {
-  return value.length > max ? `${value.slice(0, max)}...` : value;
-}
-function buildWebhookRequest(event, channel) {
-  if (!channel.webhook)
-    throw new Error(`Channel ${channel.id} has no webhook config`);
-  const body = JSON.stringify(event);
-  const timestamp = event.time;
-  const headers = {
-    "Content-Type": "application/json",
-    "User-Agent": "@hasna/events",
-    "X-Hasna-Event-Id": event.id,
-    "X-Hasna-Event-Type": event.type,
-    "X-Hasna-Timestamp": timestamp,
-    ...channel.webhook.headers
-  };
-  if (channel.webhook.secret) {
-    headers["X-Hasna-Signature"] = signPayload(channel.webhook.secret, timestamp, body);
-  }
-  return { body, headers };
-}
-async function dispatchWebhook(event, channel, options = {}) {
-  if (!channel.webhook)
-    throw new Error(`Channel ${channel.id} has no webhook config`);
-  const startedAt = now();
-  const { body, headers } = buildWebhookRequest(event, channel);
-  const controller = new AbortController;
-  const timeout = setTimeout(() => controller.abort(), channel.webhook.timeoutMs ?? 15000);
-  try {
-    const response = await (options.fetchImpl ?? fetch)(channel.webhook.url, {
-      method: "POST",
-      headers,
-      body,
-      signal: controller.signal
-    });
-    const responseBody = truncate(await response.text());
-    return {
-      attempt: 1,
-      status: response.ok ? "success" : "failed",
-      startedAt,
-      completedAt: now(),
-      responseStatus: response.status,
-      responseBody,
-      error: response.ok ? undefined : `Webhook returned HTTP ${response.status}`
-    };
-  } catch (error) {
-    return {
-      attempt: 1,
-      status: "failed",
-      startedAt,
-      completedAt: now(),
-      error: error instanceof Error ? error.message : String(error)
-    };
-  } finally {
-    clearTimeout(timeout);
-  }
-}
-async function dispatchCommand(event, channel) {
-  if (!channel.command)
-    throw new Error(`Channel ${channel.id} has no command config`);
-  const startedAt = now();
-  const eventJson = JSON.stringify(event);
-  const env = {
-    ...process.env,
-    ...channel.command.env,
-    HASNA_CHANNEL_ID: channel.id,
-    HASNA_EVENT_ID: event.id,
-    HASNA_EVENT_TYPE: event.type,
-    HASNA_EVENT_SOURCE: event.source,
-    HASNA_EVENT_SUBJECT: event.subject ?? "",
-    HASNA_EVENT_SEVERITY: event.severity,
-    HASNA_EVENT_TIME: event.time,
-    HASNA_EVENT_DEDUPE_KEY: event.dedupeKey ?? "",
-    HASNA_EVENT_SCHEMA_VERSION: event.schemaVersion,
-    HASNA_EVENT_JSON: eventJson
-  };
-  return new Promise((resolve) => {
-    const child = spawn(channel.command.command, channel.command.args ?? [], {
-      cwd: channel.command.cwd,
-      env,
-      stdio: ["pipe", "pipe", "pipe"]
-    });
-    let stdout = "";
-    let stderr = "";
-    const timeout = setTimeout(() => child.kill("SIGTERM"), channel.command.timeoutMs ?? 15000);
-    child.stdin.end(eventJson);
-    child.stdout.on("data", (chunk) => {
-      stdout += chunk.toString();
-    });
-    child.stderr.on("data", (chunk) => {
-      stderr += chunk.toString();
-    });
-    child.on("error", (error) => {
-      clearTimeout(timeout);
-      resolve({
-        attempt: 1,
-        status: "failed",
-        startedAt,
-        completedAt: now(),
-        stdout: truncate(stdout),
-        stderr: truncate(stderr),
-        error: error.message
-      });
-    });
-    child.on("close", (code, signal) => {
-      clearTimeout(timeout);
-      const success = code === 0;
-      resolve({
-        attempt: 1,
-        status: success ? "success" : "failed",
-        startedAt,
-        completedAt: now(),
-        stdout: truncate(stdout),
-        stderr: truncate(stderr),
-        error: success ? undefined : `Command exited with ${signal ? `signal ${signal}` : `code ${code}`}`
-      });
-    });
-  });
-}
-async function dispatchChannel(event, channel, options = {}) {
-  if (channel.transport === "webhook")
-    return dispatchWebhook(event, channel, options);
-  if (channel.transport === "command")
-    return dispatchCommand(event, channel);
-  return {
-    attempt: 1,
-    status: "skipped",
-    startedAt: now(),
-    completedAt: now(),
-    error: `Unsupported transport: ${channel.transport}`
-  };
-}
-function createDeliveryResult(event, channel, attempts) {
-  const status = attempts.some((attempt) => attempt.status === "success") ? "success" : attempts.every((attempt) => attempt.status === "skipped") ? "skipped" : "failed";
-  return {
-    id: randomUUID(),
-    eventId: event.id,
-    channelId: channel.id,
-    transport: channel.transport,
-    status,
-    attempts,
-    createdAt: attempts[0]?.startedAt ?? now(),
-    completedAt: attempts.at(-1)?.completedAt ?? now()
-  };
-}
-function createEvent(input) {
-  return {
-    id: input.id ?? randomUUID2(),
-    source: input.source,
-    type: input.type,
-    time: normalizeTime(input.time),
-    subject: input.subject,
-    severity: input.severity ?? "info",
-    data: input.data ?? {},
-    message: input.message,
-    dedupeKey: input.dedupeKey,
-    schemaVersion: input.schemaVersion ?? "1.0",
-    metadata: input.metadata ?? {}
-  };
-}
-
-class EventsClient {
-  store;
-  redactors;
-  transportOptions;
-  constructor(options = {}) {
-    this.store = options.store ?? new JsonEventsStore(options.dataDir);
-    this.redactors = options.redactors ?? [];
-    this.transportOptions = { fetchImpl: options.fetchImpl };
-  }
-  async addChannel(input) {
-    const timestamp = new Date().toISOString();
-    return this.store.addChannel({
-      ...input,
-      createdAt: input.createdAt ?? timestamp,
-      updatedAt: input.updatedAt ?? timestamp
-    });
-  }
-  async listChannels() {
-    return this.store.listChannels();
-  }
-  async removeChannel(id) {
-    return this.store.removeChannel(id);
-  }
-  async emit(input, options = {}) {
-    const event = options.redactSensitiveData === false ? createEvent(input) : redactSensitiveKeys(createEvent(input));
-    if (options.dedupe !== false) {
-      const existing = await this.store.findEventByIdentity({ id: input.id, dedupeKey: event.dedupeKey });
-      if (existing) {
-        return { event: existing, deliveries: [], deduped: true };
-      }
-    }
-    await this.store.appendEvent(event);
-    const deliveries = options.deliver === false ? [] : await this.deliver(event);
-    return { event, deliveries, deduped: false };
-  }
-  async listEvents() {
-    return this.store.listEvents();
-  }
-  async listDeliveries() {
-    return this.store.listDeliveries();
-  }
-  async deliver(event) {
-    const channels = await this.store.listChannels();
-    const selected = channels.filter((channel) => channelMatchesEvent(channel, event));
-    const deliveries = [];
-    for (const channel of selected) {
-      const eventForChannel = await this.applyRedaction(event, channel);
-      const result = await this.deliverWithRetry(eventForChannel, channel);
-      await this.store.appendDelivery(result);
-      deliveries.push(result);
-    }
-    return deliveries;
-  }
-  async testChannel(id, input = {}) {
-    const channel = await this.store.getChannel(id);
-    if (!channel)
-      throw new Error(`Channel not found: ${id}`);
-    const event = createEvent({
-      source: input.source ?? "hasna.events",
-      type: input.type ?? "events.test",
-      subject: input.subject ?? id,
-      severity: input.severity ?? "info",
-      data: input.data ?? { test: true },
-      message: input.message ?? "Hasna events test delivery",
-      dedupeKey: input.dedupeKey,
-      schemaVersion: input.schemaVersion,
-      metadata: input.metadata,
-      time: input.time,
-      id: input.id
-    });
-    const eventForChannel = await this.applyRedaction(event, channel);
-    const result = await this.deliverWithRetry(eventForChannel, channel);
-    await this.store.appendDelivery(result);
-    return result;
-  }
-  async replay(options = {}) {
-    const events = (await this.store.listEvents()).filter((event) => {
-      if (options.eventId && event.id !== options.eventId)
-        return false;
-      if (options.source && event.source !== options.source)
-        return false;
-      if (options.type && event.type !== options.type)
-        return false;
-      return true;
-    });
-    if (options.dryRun)
-      return { events, deliveries: [] };
-    const deliveries = [];
-    for (const event of events) {
-      deliveries.push(...await this.deliver(event));
-    }
-    return { events, deliveries };
-  }
-  async applyRedaction(event, channel) {
-    let next = redactPaths(event, channel.redact?.paths ?? [], channel.redact?.replacement ?? "[REDACTED]");
-    for (const redactor of this.redactors) {
-      next = await redactor(next, channel);
-    }
-    return next;
-  }
-  async deliverWithRetry(event, channel) {
-    const policy = normalizeRetryPolicy(channel.retry);
-    const attempts = [];
-    for (let index = 0;index < policy.maxAttempts; index += 1) {
-      const attempt = await dispatchChannel(event, channel, this.transportOptions);
-      attempt.attempt = index + 1;
-      if (attempt.status === "failed" && index + 1 < policy.maxAttempts) {
-        attempt.nextBackoffMs = Math.round(policy.backoffMs * policy.multiplier ** index);
-      }
-      attempts.push(attempt);
-      if (attempt.status !== "failed")
-        break;
-      if (attempt.nextBackoffMs)
-        await Bun.sleep(attempt.nextBackoffMs);
-    }
-    return createDeliveryResult(event, channel, attempts);
-  }
-}
-function redactPaths(event, paths, replacement = "[REDACTED]") {
-  if (paths.length === 0)
-    return event;
-  const copy = structuredClone(event);
-  for (const path of paths) {
-    setPath(copy, path, replacement);
-  }
-  return copy;
-}
-function sanitizeChannelForOutput(channel) {
-  const copy = structuredClone(channel);
-  if (copy.webhook?.secret)
-    copy.webhook.secret = "[REDACTED]";
-  if (copy.command?.env) {
-    copy.command.env = Object.fromEntries(Object.entries(copy.command.env).map(([key, value]) => [key, shouldRedactKey(key) ? "[REDACTED]" : value]));
-  }
-  return copy;
-}
-function sanitizeChannelsForOutput(channels) {
-  return channels.map(sanitizeChannelForOutput);
-}
-function redactSensitiveKeys(event, replacement = "[REDACTED]") {
-  return redactValue(event, replacement);
-}
-function shouldRedactKey(key) {
-  return /secret|token|password|api[_-]?key|authorization/i.test(key);
-}
-function redactValue(value, replacement) {
-  if (Array.isArray(value))
-    return value.map((item) => redactValue(item, replacement));
-  if (!value || typeof value !== "object")
-    return value;
-  return Object.fromEntries(Object.entries(value).map(([key, item]) => [
-    key,
-    shouldRedactKey(key) ? replacement : redactValue(item, replacement)
-  ]));
-}
-function setPath(input, path, replacement) {
-  const parts = path.split(".");
-  let cursor = input;
-  for (const part of parts.slice(0, -1)) {
-    const next = cursor[part];
-    if (!next || typeof next !== "object")
-      return;
-    cursor = next;
-  }
-  const last = parts.at(-1);
-  if (last && last in cursor)
-    cursor[last] = replacement;
-}
-function normalizeTime(value) {
-  if (!value)
-    return new Date().toISOString();
-  return value instanceof Date ? value.toISOString() : value;
-}
-function normalizeRetryPolicy(policy) {
-  return {
-    maxAttempts: Math.max(1, policy?.maxAttempts ?? 1),
-    backoffMs: Math.max(0, policy?.backoffMs ?? 250),
-    multiplier: Math.max(1, policy?.multiplier ?? 2)
-  };
-}
-
 // src/mcp/server.ts
+import { EventsClient as EventsClient2, sanitizeChannelForOutput, sanitizeChannelsForOutput as sanitizeChannelsForOutput2 } from "@hasna/events";
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 
 // node_modules/zod/v3/external.js
@@ -4537,8 +4018,8 @@ var coerce = {
 };
 var NEVER = INVALID;
 // src/commands/backup.ts
-import { homedir as homedir2, hostname } from "os";
-import { join as join3 } from "path";
+import { homedir, hostname } from "os";
+import { join as join2 } from "path";
 var MACHINES_BACKUP_BUCKET_ENV = "HASNA_MACHINES_S3_BUCKET";
 var MACHINES_BACKUP_BUCKET_FALLBACK_ENV = "MACHINES_S3_BUCKET";
 var MACHINES_BACKUP_PREFIX_ENV = "HASNA_MACHINES_S3_PREFIX";
@@ -4586,16 +4067,16 @@ function resolveBackupTarget(options = {}) {
   };
 }
 function defaultBackupSources() {
-  const home = homedir2();
+  const home = homedir();
   return [
-    join3(home, ".hasna"),
-    join3(home, ".ssh"),
-    join3(home, ".secrets")
+    join2(home, ".hasna"),
+    join2(home, ".ssh"),
+    join2(home, ".secrets")
   ];
 }
 function buildBackupPlan(bucket, prefix) {
   const target = resolveBackupTarget({ bucket, prefix });
-  const archivePath = join3(homedir2(), ".hasna", "machines", "backup.tgz");
+  const archivePath = join2(homedir(), ".hasna", "machines", "backup.tgz");
   const sources = defaultBackupSources();
   const steps = [
     {
@@ -4646,33 +4127,33 @@ function runBackup(bucket, prefix, options = {}) {
 }
 
 // src/manifests.ts
-import { existsSync as existsSync4, readFileSync as readFileSync2, writeFileSync } from "fs";
-import { arch, homedir as homedir3, hostname as hostname2, platform, userInfo } from "os";
+import { existsSync as existsSync3, readFileSync as readFileSync2, writeFileSync } from "fs";
+import { arch, homedir as homedir2, hostname as hostname2, platform, userInfo } from "os";
 import { dirname as dirname3 } from "path";
 
 // src/paths.ts
-import { existsSync as existsSync3, mkdirSync } from "fs";
-import { dirname as dirname2, join as join4, resolve } from "path";
+import { existsSync as existsSync2, mkdirSync } from "fs";
+import { dirname as dirname2, join as join3, resolve } from "path";
 function homeDir() {
   return process.env["HOME"] || process.env["USERPROFILE"] || "~";
 }
 function getDataDir() {
-  return process.env["HASNA_MACHINES_DIR"] || join4(homeDir(), ".hasna", "machines");
+  return process.env["HASNA_MACHINES_DIR"] || join3(homeDir(), ".hasna", "machines");
 }
 function getDbPath() {
-  return process.env["HASNA_MACHINES_DB_PATH"] || join4(getDataDir(), "machines.db");
+  return process.env["HASNA_MACHINES_DB_PATH"] || join3(getDataDir(), "machines.db");
 }
 function getManifestPath() {
-  return process.env["HASNA_MACHINES_MANIFEST_PATH"] || join4(getDataDir(), "machines.json");
+  return process.env["HASNA_MACHINES_MANIFEST_PATH"] || join3(getDataDir(), "machines.json");
 }
 function getNotificationsPath() {
-  return process.env["HASNA_MACHINES_NOTIFICATIONS_PATH"] || join4(getDataDir(), "notifications.json");
+  return process.env["HASNA_MACHINES_NOTIFICATIONS_PATH"] || join3(getDataDir(), "notifications.json");
 }
 function ensureParentDir(filePath) {
   if (filePath === ":memory:")
     return;
   const dir = dirname2(resolve(filePath));
-  if (!existsSync3(dir)) {
+  if (!existsSync2(dir)) {
     mkdirSync(dir, { recursive: true });
   }
 }
@@ -4714,7 +4195,7 @@ var fleetSchema = exports_external.object({
   machines: exports_external.array(machineSchema)
 });
 function detectWorkspacePath() {
-  const home = homedir3();
+  const home = homedir2();
   if (platform() === "darwin") {
     return `${home}/Workspace`;
   }
@@ -4738,7 +4219,7 @@ function getDefaultManifest() {
   };
 }
 function readManifest(path = getManifestPath()) {
-  if (!existsSync4(path)) {
+  if (!existsSync3(path)) {
     return getDefaultManifest();
   }
   const raw = JSON.parse(readFileSync2(path, "utf8"));
@@ -4874,19 +4355,19 @@ function countRuns(table) {
 }
 function recordSetupRun(machineId, status, details) {
   const db = getDb();
-  const now2 = new Date().toISOString();
+  const now = new Date().toISOString();
   db.query(`INSERT INTO setup_runs (id, machine_id, status, details_json, created_at, updated_at)
-     VALUES (?, ?, ?, ?, ?, ?)`).run(crypto.randomUUID(), machineId, status, JSON.stringify(details), now2, now2);
+     VALUES (?, ?, ?, ?, ?, ?)`).run(crypto.randomUUID(), machineId, status, JSON.stringify(details), now, now);
 }
 function recordSyncRun(machineId, status, actions) {
   const db = getDb();
-  const now2 = new Date().toISOString();
+  const now = new Date().toISOString();
   db.query(`INSERT INTO sync_runs (id, machine_id, status, actions_json, created_at, updated_at)
-     VALUES (?, ?, ?, ?, ?, ?)`).run(crypto.randomUUID(), machineId, status, JSON.stringify(actions), now2, now2);
+     VALUES (?, ?, ?, ?, ?, ?)`).run(crypto.randomUUID(), machineId, status, JSON.stringify(actions), now, now);
 }
 
 // src/topology.ts
-import { existsSync as existsSync5 } from "fs";
+import { existsSync as existsSync4 } from "fs";
 import { arch as arch2, hostname as hostname4, platform as platform2, userInfo as userInfo2 } from "os";
 import { spawnSync } from "child_process";
 var MACHINES_CONSUMER_CONTRACT_VERSION = 1;
@@ -4998,6 +4479,19 @@ function manifestHostReachable(target) {
     return null;
   return overrides.has(target);
 }
+function userFromSshAddress(address) {
+  if (!address)
+    return null;
+  const at = address.indexOf("@");
+  if (at <= 0)
+    return null;
+  return address.slice(0, at);
+}
+function commandTargetForRoute(target, user) {
+  if (target.kind === "local" || target.target.includes("@") || !user)
+    return target.target;
+  return `${user}@${target.target}`;
+}
 function routeHints(input) {
   const hints = [];
   if (input.machineId === input.localMachineId) {
@@ -5048,6 +4542,7 @@ function buildEntry(input) {
   });
   const selectedRoute = selectRouteHint(hints);
   const route = selectedRoute?.kind === "ssh" ? "ssh" : selectedRoute?.kind ?? "unknown";
+  const routeUser = userFromSshAddress(manifest?.sshAddress) ?? (typeof manifest?.metadata?.user === "string" ? manifest.metadata.user : null);
   return {
     machine_id: input.machineId,
     hostname: manifest?.hostname ?? peer?.HostName ?? null,
@@ -5068,7 +4563,7 @@ function buildEntry(input) {
     ssh: {
       address: manifest?.sshAddress ?? null,
       route,
-      command_target: selectedRoute?.target ?? null
+      command_target: selectedRoute ? commandTargetForRoute(selectedRoute, routeUser) : null
     },
     route_hints: hints,
     tags: manifest?.tags ?? [],
@@ -5076,7 +4571,7 @@ function buildEntry(input) {
   };
 }
 function discoverMachineTopology(options = {}) {
-  const now2 = options.now ?? new Date;
+  const now = options.now ?? new Date;
   const runner = options.runner ?? defaultRunner;
   const warnings = [];
   const manifest = readManifest();
@@ -5108,11 +4603,11 @@ function discoverMachineTopology(options = {}) {
       version: getPackageVersion()
     },
     capabilities: getMachinesConsumerCapabilities(),
-    generated_at: now2.toISOString(),
+    generated_at: now.toISOString(),
     local_machine_id: localMachineId,
     local_hostname: hostname4(),
     current_platform: normalizePlatform2(),
-    manifest_path_known: existsSync5(getManifestPath()),
+    manifest_path_known: existsSync4(getManifestPath()),
     machines,
     warnings
   };
@@ -5231,11 +4726,11 @@ function cacheability(input) {
   };
 }
 function resolveMachineRoute(machineId, options = {}) {
-  const now2 = options.now ?? new Date;
+  const now = options.now ?? new Date;
   const topology = options.topology ?? discoverMachineTopology(options);
   const warnings = [...topology.warnings];
   const { machine, matchedBy } = findRouteMachine(topology, machineId);
-  const generatedAt = now2.toISOString();
+  const generatedAt = now.toISOString();
   if (!machine) {
     warnings.push(`machine_not_found:${machineId}`);
     return {
@@ -5261,8 +4756,8 @@ function resolveMachineRoute(machineId, options = {}) {
       },
       cacheability: cacheability({
         ok: false,
-        observedAt: now2,
-        now: now2,
+        observedAt: now,
+        now,
         ttlMs: options.resolverTtlMs,
         authority: "unresolved",
         confidence: "none",
@@ -5276,6 +4771,7 @@ function resolveMachineRoute(machineId, options = {}) {
   const local = route === "local" || machine.machine_id === topology.local_machine_id;
   const confidence = routeConfidence({ machine, hint: selectedHint, matchedBy });
   const ok = Boolean(selectedHint?.target);
+  const commandTarget = selectedHint ? commandTargetForRoute(selectedHint, userFromSshAddress(machine.ssh.address) ?? machine.user) : null;
   return {
     schema_version: MACHINES_CONSUMER_CONTRACT_VERSION,
     package: topology.package,
@@ -5286,7 +4782,7 @@ function resolveMachineRoute(machineId, options = {}) {
     route,
     source: route,
     target: selectedHint?.target ?? null,
-    command_target: selectedHint?.target ?? null,
+    command_target: commandTarget,
     confidence,
     local,
     evidence: {
@@ -5299,8 +4795,8 @@ function resolveMachineRoute(machineId, options = {}) {
     },
     cacheability: cacheability({
       ok,
-      observedAt: now2,
-      now: now2,
+      observedAt: now,
+      now,
       ttlMs: options.resolverTtlMs,
       authority: routeAuthority({ machine, selectedHint, matchedBy }),
       confidence,
@@ -5387,7 +4883,7 @@ function canCheckPathForMachine(machine, localMachineId) {
 function checkedPathExists(path, check) {
   if (!path || !check)
     return null;
-  return existsSync5(path);
+  return existsSync4(path);
 }
 function repairHint(input) {
   const command = [
@@ -5602,11 +5098,11 @@ function metadataKeysForDiagnostics(metadata) {
   return Object.keys(metadata).filter((key) => !/(secret|token|key|password|credential)/i.test(key)).sort();
 }
 function resolveMachineWorkspace(options) {
-  const now2 = options.now ?? new Date;
+  const now = options.now ?? new Date;
   const topology = options.topology ?? discoverMachineTopology(options);
   const warnings = [...topology.warnings];
   const { machine, matchedBy } = findRouteMachine(topology, options.machineId);
-  const generatedAt = now2.toISOString();
+  const generatedAt = now.toISOString();
   const repoName = options.repoName ?? options.projectId;
   const openFilesRepoName = options.openFilesRepoName ?? "open-files";
   if (!machine) {
@@ -5635,8 +5131,8 @@ function resolveMachineWorkspace(options) {
       },
       cacheability: cacheability({
         ok: false,
-        observedAt: now2,
-        now: now2,
+        observedAt: now,
+        now,
         ttlMs: options.resolverTtlMs,
         authority: "unresolved",
         confidence: "none",
@@ -5708,8 +5204,8 @@ function resolveMachineWorkspace(options) {
     },
     cacheability: cacheability({
       ok: workspaceOk,
-      observedAt: now2,
-      now: now2,
+      observedAt: now,
+      now,
       ttlMs: options.resolverTtlMs,
       authority: workspaceAuthority(workspacePaths),
       confidence: workspaceOk ? "medium" : "none",
@@ -5744,7 +5240,7 @@ function resolveSshTarget(machineId, options = {}) {
   }
   return {
     machineId: resolved.machine_id ?? machineId,
-    target: resolved.target,
+    target: resolved.command_target ?? resolved.target,
     route: resolved.route,
     confidence: resolved.confidence,
     warnings: resolved.warnings
@@ -5946,21 +5442,21 @@ function runAppsInstall(machineId, options = {}, runner = runMachineCommand) {
 }
 
 // src/commands/cert.ts
-import { homedir as homedir4, platform as platform3 } from "os";
-import { join as join5 } from "path";
+import { homedir as homedir3, platform as platform3 } from "os";
+import { join as join4 } from "path";
 function quote2(value) {
   return `'${value.replace(/'/g, `'\\''`)}'`;
 }
 function certDir() {
-  return join5(homedir4(), ".hasna", "machines", "certs");
+  return join4(homedir3(), ".hasna", "machines", "certs");
 }
 function buildCertPlan(domains) {
   if (domains.length === 0) {
     throw new Error("At least one domain is required.");
   }
   const primary = domains[0];
-  const certPath = join5(certDir(), `${primary}.pem`);
-  const keyPath = join5(certDir(), `${primary}-key.pem`);
+  const certPath = join4(certDir(), `${primary}.pem`);
+  const keyPath = join4(certDir(), `${primary}-key.pem`);
   const steps = [];
   if (platform3() === "darwin") {
     steps.push({
@@ -6024,14 +5520,14 @@ function runCertPlan(domains, options = {}) {
 }
 
 // src/commands/dns.ts
-import { existsSync as existsSync6, readFileSync as readFileSync3, writeFileSync as writeFileSync2 } from "fs";
-import { join as join6 } from "path";
+import { existsSync as existsSync5, readFileSync as readFileSync3, writeFileSync as writeFileSync2 } from "fs";
+import { join as join5 } from "path";
 function getDnsPath() {
-  return join6(getDataDir(), "dns.json");
+  return join5(getDataDir(), "dns.json");
 }
 function readMappings() {
   const path = getDnsPath();
-  if (!existsSync6(path))
+  if (!existsSync5(path))
     return [];
   return JSON.parse(readFileSync3(path, "utf8"));
 }
@@ -6060,10 +5556,10 @@ function renderDomainMapping(domain) {
     hostsEntry: `${entry.targetHost} ${entry.domain}`,
     caddySnippet: `${entry.domain} {
   reverse_proxy 127.0.0.1:${entry.port}
-  tls ${join6(getDataDir(), "certs", `${entry.domain}.pem`)} ${join6(getDataDir(), "certs", `${entry.domain}-key.pem`)}
+  tls ${join5(getDataDir(), "certs", `${entry.domain}.pem`)} ${join5(getDataDir(), "certs", `${entry.domain}-key.pem`)}
 }`,
-    certPath: join6(getDataDir(), "certs", `${entry.domain}.pem`),
-    keyPath: join6(getDataDir(), "certs", `${entry.domain}-key.pem`)
+    certPath: join5(getDataDir(), "certs", `${entry.domain}.pem`),
+    keyPath: join5(getDataDir(), "certs", `${entry.domain}-key.pem`)
   };
 }
 
@@ -6333,7 +5829,7 @@ function runTailscaleInstall(machineId, options = {}, runner = runMachineCommand
 }
 
 // src/commands/notifications.ts
-import { existsSync as existsSync7, readFileSync as readFileSync4, writeFileSync as writeFileSync3 } from "fs";
+import { existsSync as existsSync6, readFileSync as readFileSync4, writeFileSync as writeFileSync3 } from "fs";
 var notificationChannelSchema = exports_external.object({
   id: exports_external.string(),
   type: exports_external.enum(["email", "webhook", "command"]),
@@ -6415,7 +5911,7 @@ ${message}
   }
   throw new Error("No local email transport available. Install sendmail or mail.");
 }
-async function dispatchWebhook2(channel, event, message) {
+async function dispatchWebhook(channel, event, message) {
   const response = await fetch(channel.target, {
     method: "POST",
     headers: {
@@ -6440,7 +5936,7 @@ async function dispatchWebhook2(channel, event, message) {
     detail: `Webhook accepted with HTTP ${response.status}`
   };
 }
-async function dispatchCommand2(channel, event, message) {
+async function dispatchCommand(channel, event, message) {
   const result = Bun.spawnSync(["bash", "-lc", channel.target], {
     stdout: "pipe",
     stderr: "pipe",
@@ -6463,7 +5959,7 @@ async function dispatchCommand2(channel, event, message) {
     detail: stdout || "Command completed successfully"
   };
 }
-async function dispatchChannel2(channel, event, message) {
+async function dispatchChannel(channel, event, message) {
   if (!channel.enabled) {
     return {
       channelId: channel.id,
@@ -6477,9 +5973,9 @@ async function dispatchChannel2(channel, event, message) {
     return dispatchEmail(channel, event, message);
   }
   if (channel.type === "webhook") {
-    return dispatchWebhook2(channel, event, message);
+    return dispatchWebhook(channel, event, message);
   }
-  return dispatchCommand2(channel, event, message);
+  return dispatchCommand(channel, event, message);
 }
 function getDefaultNotificationConfig() {
   return {
@@ -6489,7 +5985,7 @@ function getDefaultNotificationConfig() {
   };
 }
 function readNotificationConfig(path = getNotificationsPath()) {
-  if (!existsSync7(path)) {
+  if (!existsSync6(path)) {
     return getDefaultNotificationConfig();
   }
   return notificationConfigSchema.parse(JSON.parse(readFileSync4(path, "utf8")));
@@ -6534,7 +6030,7 @@ async function dispatchNotificationEvent(event, message, options = {}) {
   const deliveries = [];
   for (const channel of channels) {
     try {
-      deliveries.push(await dispatchChannel2(channel, event, message));
+      deliveries.push(await dispatchChannel(channel, event, message));
     } catch (error) {
       deliveries.push({
         channelId: channel.id,
@@ -6569,7 +6065,7 @@ async function testNotificationChannel(channelId, event = "manual.test", message
   if (!options.yes) {
     throw new Error("Notification test execution requires --yes.");
   }
-  const delivery = await dispatchChannel2(channel, event, message);
+  const delivery = await dispatchChannel(channel, event, message);
   return {
     channelId,
     mode: "apply",
@@ -6633,6 +6129,9 @@ function listPorts(machineId) {
   };
 }
 
+// src/commands/serve.ts
+import { EventsClient, sanitizeChannelsForOutput } from "@hasna/events";
+
 // src/commands/manifest.ts
 function manifestList() {
   return readManifest();
@@ -6910,7 +6409,7 @@ function renderDashboardHtml() {
 }
 
 // src/commands/setup.ts
-import { homedir as homedir5 } from "os";
+import { homedir as homedir4 } from "os";
 function quote3(value) {
   return `'${value.replace(/'/g, `'\\''`)}'`;
 }
@@ -6983,7 +6482,7 @@ function buildSetupPlan(machineId) {
   const target = selected || {
     id: currentMachineId,
     platform: "linux",
-    workspacePath: `${homedir5()}/workspace`
+    workspacePath: `${homedir4()}/workspace`
   };
   const steps = [...buildBaseSteps(target), ...buildPackageSteps(target)];
   return {
@@ -7028,8 +6527,8 @@ function runSetup(machineId, options = {}, runner = runMachineCommand) {
 }
 
 // src/commands/sync.ts
-import { existsSync as existsSync8, lstatSync, readFileSync as readFileSync5, symlinkSync, copyFileSync } from "fs";
-import { homedir as homedir6 } from "os";
+import { existsSync as existsSync7, lstatSync, readFileSync as readFileSync5, symlinkSync, copyFileSync } from "fs";
+import { homedir as homedir5 } from "os";
 function quote4(value) {
   return `'${value.replace(/'/g, `'\\''`)}'`;
 }
@@ -7081,8 +6580,8 @@ function detectFileActions(machine) {
     throw new Error(`Remote file sync planning is not supported for ${machine.id}; refusing to inspect or apply local paths as remote state.`);
   }
   return (machine.files || []).map((file, index) => {
-    const sourceExists = existsSync8(file.source);
-    const targetExists = existsSync8(file.target);
+    const sourceExists = existsSync7(file.source);
+    const targetExists = existsSync7(file.target);
     let status = "missing";
     if (sourceExists && targetExists) {
       if (file.mode === "symlink") {
@@ -7113,7 +6612,7 @@ function buildSyncPlan(machineId, runner = runMachineCommand) {
   const target = selected || {
     id: currentMachineId,
     platform: "linux",
-    workspacePath: `${homedir6()}/workspace`
+    workspacePath: `${homedir5()}/workspace`
   };
   const actions = [
     ...detectPackageActions(target, runner),
@@ -7704,7 +7203,7 @@ function upsertSqlite(db, table, columns, rows) {
 }
 function recordSyncMeta(db, direction, results) {
   ensureSyncMetaTable(db);
-  const now2 = new Date().toISOString();
+  const now = new Date().toISOString();
   const statement = db.query(`
     INSERT INTO _machines_sync_meta (table_name, last_synced_at, direction)
     VALUES (?, ?, ?)
@@ -7713,7 +7212,7 @@ function recordSyncMeta(db, direction, results) {
   for (const result of results) {
     if (result.errors.length > 0)
       continue;
-    statement.run(result.table, now2, direction);
+    statement.run(result.table, now, direction);
   }
 }
 function ensureSyncMetaTable(db) {
@@ -7763,7 +7262,7 @@ function buildServer(version = getPackageVersion()) {
 }
 function createMcpServer(version) {
   const server = new McpServer({ name: "machines", version });
-  const events = new EventsClient;
+  const events = new EventsClient2;
   server.tool("machines_status", "Return local machine fleet status paths and machine identity.", {}, async () => ({
     content: [{ type: "text", text: JSON.stringify(getStatus(), null, 2) }]
   }));
@@ -7917,7 +7416,7 @@ function createMcpServer(version) {
   }));
   server.tool("machines_notifications_dispatch", "Dispatch an event to matching notification channels.", { event: exports_external.string().describe("Event name"), message: exports_external.string().describe("Message body"), channel_id: exports_external.string().optional().describe("Limit delivery to one channel") }, async ({ event, message, channel_id }) => ({ content: [{ type: "text", text: JSON.stringify(await dispatchNotificationEvent(event, message, { channelId: channel_id }), null, 2) }] }));
   server.tool("machines_notifications_remove", "Remove a notification channel.", { channel_id: exports_external.string().describe("Channel identifier") }, async ({ channel_id }) => ({ content: [{ type: "text", text: JSON.stringify(removeNotificationChannel(channel_id), null, 2) }] }));
-  server.tool("machines_webhooks_add", "Add or replace a shared Hasna event webhook channel.", {
+  server.tool("machines_webhooks_add", "Add or replace a shared event webhook channel.", {
     channel_id: exports_external.string().describe("Channel identifier"),
     url: exports_external.string().url().describe("Webhook URL"),
     event_type: exports_external.string().optional().describe("Optional event type filter, e.g. machines.*"),
@@ -7925,26 +7424,26 @@ function createMcpServer(version) {
     secret: exports_external.string().optional().describe("Optional HMAC secret"),
     enabled: exports_external.boolean().optional().describe("Whether the channel is enabled")
   }, async ({ channel_id, url, event_type, source, secret, enabled }) => {
-    const now2 = new Date().toISOString();
+    const now = new Date().toISOString();
     const channel = await events.addChannel({
       id: channel_id,
       enabled: enabled ?? true,
       transport: "webhook",
       filters: event_type || source ? [{ type: event_type, source }] : undefined,
       webhook: { url, secret },
-      createdAt: now2,
-      updatedAt: now2
+      createdAt: now,
+      updatedAt: now
     });
     return { content: [{ type: "text", text: JSON.stringify(sanitizeChannelForOutput(channel), null, 2) }] };
   });
-  server.tool("machines_webhooks_list", "List shared Hasna event webhook channels.", {}, async () => ({
-    content: [{ type: "text", text: JSON.stringify(sanitizeChannelsForOutput(await events.listChannels()), null, 2) }]
+  server.tool("machines_webhooks_list", "List shared event webhook channels.", {}, async () => ({
+    content: [{ type: "text", text: JSON.stringify(sanitizeChannelsForOutput2(await events.listChannels()), null, 2) }]
   }));
-  server.tool("machines_webhooks_test", "Send a test event to one shared Hasna event channel.", { channel_id: exports_external.string().describe("Channel identifier"), event_type: exports_external.string().optional().describe("Event type"), message: exports_external.string().optional().describe("Message body") }, async ({ channel_id, event_type, message }) => ({
+  server.tool("machines_webhooks_test", "Send a test event to one shared event channel.", { channel_id: exports_external.string().describe("Channel identifier"), event_type: exports_external.string().optional().describe("Event type"), message: exports_external.string().optional().describe("Message body") }, async ({ channel_id, event_type, message }) => ({
     content: [{ type: "text", text: JSON.stringify(await events.testChannel(channel_id, { source: "machines", type: event_type ?? "events.test", message }), null, 2) }]
   }));
-  server.tool("machines_webhooks_remove", "Remove a shared Hasna event channel.", { channel_id: exports_external.string().describe("Channel identifier") }, async ({ channel_id }) => ({ content: [{ type: "text", text: JSON.stringify({ removed: await events.removeChannel(channel_id) }, null, 2) }] }));
-  server.tool("machines_events_emit", "Emit a shared Hasna event from machines.", {
+  server.tool("machines_webhooks_remove", "Remove a shared event channel.", { channel_id: exports_external.string().describe("Channel identifier") }, async ({ channel_id }) => ({ content: [{ type: "text", text: JSON.stringify({ removed: await events.removeChannel(channel_id) }, null, 2) }] }));
+  server.tool("machines_events_emit", "Emit a shared event from machines.", {
     event_type: exports_external.string().describe("Event type"),
     subject: exports_external.string().optional().describe("Event subject"),
     severity: exports_external.enum(["debug", "info", "notice", "warning", "error", "critical"]).optional().describe("Event severity"),
@@ -7965,10 +7464,10 @@ function createMcpServer(version) {
       dedupeKey: dedupe_key
     }, { deliver: deliver !== false }), null, 2) }]
   }));
-  server.tool("machines_events_list", "List shared Hasna events.", {}, async () => ({
+  server.tool("machines_events_list", "List shared events.", {}, async () => ({
     content: [{ type: "text", text: JSON.stringify(await events.listEvents(), null, 2) }]
   }));
-  server.tool("machines_events_replay", "Replay shared Hasna events.", { event_id: exports_external.string().optional().describe("Event id"), source: exports_external.string().optional().describe("Source filter"), event_type: exports_external.string().optional().describe("Event type filter"), dry_run: exports_external.boolean().optional().describe("Preview without delivery") }, async ({ event_id, source, event_type, dry_run }) => ({
+  server.tool("machines_events_replay", "Replay shared events.", { event_id: exports_external.string().optional().describe("Event id"), source: exports_external.string().optional().describe("Source filter"), event_type: exports_external.string().optional().describe("Event type filter"), dry_run: exports_external.boolean().optional().describe("Preview without delivery") }, async ({ event_id, source, event_type, dry_run }) => ({
     content: [{ type: "text", text: JSON.stringify(await events.replay({ eventId: event_id, source, type: event_type, dryRun: dry_run }), null, 2) }]
   }));
   server.tool("machines_serve_info", "Preview the dashboard server bind address and routes.", { host: exports_external.string().optional().describe("Host interface"), port: exports_external.number().optional().describe("Port number") }, async ({ host, port }) => ({ content: [{ type: "text", text: JSON.stringify(getServeInfo({ host, port }), null, 2) }] }));