@implicit-ai/relay 0.0.1

package/dist/cli.js

@@ -0,0 +1,1558 @@
+#!/usr/bin/env node
+
+// src/cli.ts
+import { program } from "commander";
+
+// src/version.ts
+var version = "1.0.0";
+
+// src/commands/connect.ts
+import { createInterface } from "readline";
+import { createClient as createClient2 } from "@supabase/supabase-js";
+
+// src/lib/auth.ts
+import { execaSync } from "execa";
+import fs from "fs";
+import path from "path";
+import os from "os";
+function detectClaudeCodeInstalled() {
+  try {
+    const result = execaSync("claude", ["--version"]);
+    const version2 = result.stdout.trim() || null;
+    return { installed: true, version: version2 };
+  } catch {
+    return { installed: false, version: null };
+  }
+}
+function detectClaudeAuth() {
+  if (process.env.CLAUDE_CODE_OAUTH_TOKEN) {
+    return { method: "oauth" };
+  }
+  if (process.env.ANTHROPIC_API_KEY) {
+    return { method: "api_key" };
+  }
+  if (process.platform === "darwin") {
+    const keychainServices = ["Claude Code-credentials", "claude.ai"];
+    for (const service of keychainServices) {
+      try {
+        const result = execaSync("security", [
+          "find-generic-password",
+          "-s",
+          service
+        ]);
+        if (result.exitCode === 0) {
+          return { method: "oauth" };
+        }
+      } catch {
+      }
+    }
+  }
+  const credentialsPath = path.join(os.homedir(), ".claude", ".credentials.json");
+  try {
+    if (fs.existsSync(credentialsPath)) {
+      const raw = fs.readFileSync(credentialsPath, "utf-8");
+      const parsed = JSON.parse(raw);
+      if (parsed !== null && typeof parsed === "object") {
+        return { method: "oauth" };
+      }
+    }
+  } catch {
+  }
+  return { method: "none" };
+}
+function printAuthGuidance() {
+  console.log("Claude Code auth not found. To set up authentication:");
+  console.log("  1. Run: claude setup-token");
+  console.log("  2. Then try: implicit connect");
+  console.log();
+  console.log(
+    "This uses your existing Claude subscription (Max plan) \u2014 no API key needed."
+  );
+}
+
+// src/lib/config.ts
+import fs2 from "fs";
+import path2 from "path";
+import os2 from "os";
+import crypto from "crypto";
+function implicitDir() {
+  return process.env.IMPLICIT_DIR_OVERRIDE ?? path2.join(os2.homedir(), ".implicit");
+}
+function authFile() {
+  return path2.join(implicitDir(), "auth.json");
+}
+function configFile() {
+  return path2.join(implicitDir(), "config.json");
+}
+function ensureDir() {
+  fs2.mkdirSync(implicitDir(), { recursive: true });
+}
+function ensureRestrictivePermissions() {
+  for (const file of [authFile(), configFile()]) {
+    if (!fs2.existsSync(file)) continue;
+    const mode = fs2.statSync(file).mode & 511;
+    if (mode !== 384) {
+      console.warn(`[implicit] Tightening permissions on ${file} (0${mode.toString(8)} \u2192 0600)`);
+      fs2.chmodSync(file, 384);
+    }
+  }
+}
+function loadConfig() {
+  try {
+    const raw = fs2.readFileSync(configFile(), "utf-8");
+    const parsed = JSON.parse(raw);
+    if (parsed !== null && typeof parsed === "object" && !Array.isArray(parsed)) {
+      return parsed;
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+function saveConfig(config) {
+  ensureDir();
+  fs2.writeFileSync(configFile(), JSON.stringify(config, null, 2) + "\n", "utf-8");
+  fs2.chmodSync(configFile(), 384);
+}
+function loadAuth() {
+  try {
+    const raw = fs2.readFileSync(authFile(), "utf-8");
+    const parsed = JSON.parse(raw);
+    if (parsed !== null && typeof parsed === "object" && !Array.isArray(parsed)) {
+      const obj = parsed;
+      if (obj.schemaVersion === 2 && typeof obj.userId === "string" && typeof obj.email === "string" && typeof obj.accessToken === "string" && typeof obj.refreshToken === "string" && typeof obj.expiresAt === "number") {
+        return {
+          schemaVersion: 2,
+          userId: obj.userId,
+          email: obj.email,
+          authenticatedAt: obj.authenticatedAt ?? "",
+          accessToken: obj.accessToken,
+          refreshToken: obj.refreshToken,
+          expiresAt: obj.expiresAt,
+          env: obj.env === "development" ? "development" : "production"
+        };
+      }
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+function saveAuth(auth) {
+  ensureDir();
+  fs2.writeFileSync(authFile(), JSON.stringify(auth, null, 2) + "\n", "utf-8");
+  fs2.chmodSync(authFile(), 384);
+}
+function clearAuth() {
+  try {
+    fs2.unlinkSync(authFile());
+  } catch {
+  }
+}
+function getOrCreateDeviceId() {
+  const config = loadConfig();
+  if (config && typeof config.deviceId === "string" && config.deviceId.length > 0) {
+    return config.deviceId;
+  }
+  const deviceId = crypto.randomUUID();
+  saveConfig({ ...config, deviceId });
+  return deviceId;
+}
+var RAILWAY_URLS = {
+  production: "https://ably-auth-production.up.railway.app",
+  development: "https://ably-auth-production.up.railway.app"
+};
+function getRailwayUrl(env) {
+  const config = loadConfig();
+  if (config && typeof config.railwayUrl === "string" && config.railwayUrl.length > 0) {
+    return config.railwayUrl;
+  }
+  return RAILWAY_URLS[env];
+}
+
+// src/lib/presenter.ts
+function summarizeToolUse(name, input) {
+  const inp = input;
+  if (inp) {
+    switch (name) {
+      case "Bash": {
+        const cmd = typeof inp.command === "string" ? inp.command.slice(0, 80) : "command";
+        return `Running: ${cmd}`;
+      }
+      case "Read":
+        return `Reading: ${typeof inp.file_path === "string" ? basename(inp.file_path) : "file"}`;
+      case "Write":
+        return `Writing: ${typeof inp.file_path === "string" ? basename(inp.file_path) : "file"}`;
+      case "Edit":
+        return `Editing: ${typeof inp.file_path === "string" ? basename(inp.file_path) : "file"}`;
+      case "Grep":
+        return `Searching: ${typeof inp.pattern === "string" ? inp.pattern : "pattern"}`;
+      case "Glob":
+        return `Finding: ${typeof inp.pattern === "string" ? inp.pattern : "files"}`;
+      case "WebSearch":
+        return `Searching web: ${typeof inp.query === "string" ? inp.query : "query"}`;
+      case "WebFetch":
+        return `Fetching: ${typeof inp.url === "string" ? inp.url : "URL"}`;
+      case "Agent":
+        return `Subagent: ${typeof inp.description === "string" ? inp.description : "task"}`;
+      case "Skill":
+        return `Skill: ${typeof inp.skill === "string" ? inp.skill : "skill"}`;
+      default:
+        break;
+    }
+  }
+  return `Using ${name}`;
+}
+function basename(filePath) {
+  const parts = filePath.split("/");
+  return parts[parts.length - 1] ?? filePath;
+}
+
+// src/lib/sdk-runner.ts
+import { query } from "@anthropic-ai/claude-agent-sdk";
+var PERMISSION_TIMEOUT_MS = 5 * 60 * 1e3;
+function startSession(options, callbacks) {
+  const pendingPermissions = /* @__PURE__ */ new Map();
+  let wasAborted = false;
+  let queryInstance = null;
+  let emittedTerminalEvent = false;
+  const canUseTool = (toolEvent) => {
+    return new Promise((resolve) => {
+      const toolUseId = toolEvent.tool_use_id ?? toolEvent.toolUseId ?? toolEvent.id ?? "unknown";
+      const toolName = toolEvent.tool_name ?? toolEvent.toolName ?? toolEvent.name ?? "unknown";
+      const input = toolEvent.input ?? toolEvent.args ?? {};
+      const reason = toolEvent.reason ?? toolEvent.description ?? "Tool requires permission";
+      const blockedPath = toolEvent.blocked_path ?? toolEvent.blockedPath ?? void 0;
+      const timer = setTimeout(() => {
+        if (pendingPermissions.has(toolUseId)) {
+          pendingPermissions.delete(toolUseId);
+          resolve({
+            behavior: "deny",
+            feedback: "Permission timed out after 5 minutes \u2014 auto-denied."
+          });
+        }
+      }, PERMISSION_TIMEOUT_MS);
+      pendingPermissions.set(toolUseId, {
+        resolve: (result) => {
+          clearTimeout(timer);
+          pendingPermissions.delete(toolUseId);
+          resolve({
+            behavior: result.allow ? "allow" : "deny",
+            ...result.feedback ? { feedback: result.feedback } : {}
+          });
+        },
+        timer
+      });
+      callbacks.onPermissionRequest({
+        toolUseId,
+        toolName,
+        input,
+        reason,
+        blockedPath
+      });
+    });
+  };
+  const queryOptions = {
+    prompt: options.prompt,
+    options: {
+      canUseTool,
+      thinking: { type: "adaptive" },
+      includePartialMessages: true,
+      systemPrompt: { type: "preset", preset: "claude_code" },
+      settingSources: ["user", "project"]
+    }
+  };
+  if (options.sessionId) {
+    queryOptions.options.resume = options.sessionId;
+  }
+  if (options.workingDirectory) {
+    queryOptions.options.cwd = options.workingDirectory;
+  }
+  const isBypass = options.options?.permissionMode === "bypassPermissions";
+  if (options.options?.permissionMode) {
+    queryOptions.options.permissionMode = options.options.permissionMode;
+  }
+  if (isBypass) {
+    queryOptions.options.allowDangerouslySkipPermissions = true;
+  }
+  if (options.options?.model) {
+    queryOptions.options.model = options.options.model;
+  }
+  if (options.options?.maxTurns) {
+    queryOptions.options.maxTurns = options.options.maxTurns;
+  }
+  if (options.options?.allowedTools) {
+    queryOptions.options.allowedTools = options.options.allowedTools;
+  }
+  if (options.options?.disallowedTools) {
+    queryOptions.options.disallowedTools = options.options.disallowedTools;
+  }
+  if (options.options?.effort) {
+    queryOptions.options.effort = options.options.effort;
+  }
+  (async () => {
+    try {
+      queryInstance = query(queryOptions);
+      for await (const message of queryInstance) {
+        if (wasAborted) break;
+        const msg = message;
+        const type = msg.type ?? "";
+        switch (type) {
+          // ---- Session init ----
+          case "system": {
+            const subtype = msg.subtype ?? "";
+            if (subtype === "init") {
+              callbacks.onSessionCreated({
+                sessionId: msg.session_id ?? msg.sessionId ?? "",
+                tools: Array.isArray(msg.tools) ? msg.tools.map((t) => t.name ?? String(t)) : [],
+                model: msg.model ?? "",
+                workingDirectory: msg.cwd ?? options.workingDirectory ?? process.cwd(),
+                permissionMode: msg.permission_mode ?? msg.permissionMode ?? options.options?.permissionMode ?? "default"
+              });
+            }
+            break;
+          }
+          // ---- Streaming deltas ----
+          case "stream_event": {
+            const eventType = msg.event_type ?? msg.eventType ?? msg.subtype ?? "";
+            if (eventType === "text_delta" || eventType === "content_block_delta") {
+              const text = msg.text ?? msg.delta?.text ?? msg.data?.text ?? "";
+              if (text) {
+                callbacks.onText(text);
+              }
+            } else if (eventType === "thinking_delta") {
+              const thinking = msg.thinking ?? msg.delta?.thinking ?? msg.data?.thinking ?? "";
+              if (thinking) {
+                callbacks.onThinking(thinking);
+              }
+            }
+            break;
+          }
+          // ---- Assistant turn (tool_use blocks) ----
+          case "assistant": {
+            const content = msg.content ?? msg.message?.content ?? [];
+            if (Array.isArray(content)) {
+              for (const block of content) {
+                const b = block;
+                if (b.type === "tool_use") {
+                  callbacks.onToolUse(
+                    b.id ?? "",
+                    b.name ?? "",
+                    b.input ?? {},
+                    b.parent_tool_use_id ?? b.parentToolUseId ?? null
+                  );
+                }
+              }
+            }
+            break;
+          }
+          // ---- User turn (tool_result blocks) ----
+          case "user": {
+            const content = msg.content ?? msg.message?.content ?? [];
+            if (Array.isArray(content)) {
+              for (const block of content) {
+                const b = block;
+                if (b.type === "tool_result") {
+                  callbacks.onToolResult(
+                    b.tool_use_id ?? b.toolUseId ?? "",
+                    b.content ?? b.output ?? "",
+                    b.is_error ?? b.isError ?? false
+                  );
+                }
+              }
+            }
+            break;
+          }
+          // ---- Session result ----
+          case "result": {
+            const isError = msg.subtype === "error" || msg.is_error === true || msg.error != null;
+            if (isError) {
+              if (!wasAborted) {
+                emittedTerminalEvent = true;
+                callbacks.onError(
+                  msg.error?.message ?? msg.error ?? msg.message ?? "Unknown SDK error"
+                );
+              }
+            } else {
+              emittedTerminalEvent = true;
+              callbacks.onResult(
+                msg.session_id ?? msg.sessionId ?? "",
+                msg.result ?? msg.text ?? void 0
+              );
+            }
+            break;
+          }
+          default:
+            break;
+        }
+      }
+    } catch (err) {
+      if (wasAborted) {
+        return;
+      }
+      const message = err instanceof Error ? err.message : String(err);
+      if (message.includes("ENOENT") || message.includes("not found") || message.includes("Cannot find module")) {
+        emittedTerminalEvent = true;
+        callbacks.onError(
+          `Claude Code SDK not available. Is Claude Code installed? (${message})`
+        );
+      } else {
+        emittedTerminalEvent = true;
+        callbacks.onError(message);
+      }
+    } finally {
+      for (const [, entry] of pendingPermissions) {
+        clearTimeout(entry.timer);
+      }
+      pendingPermissions.clear();
+      if (!wasAborted && !emittedTerminalEvent) {
+        callbacks.onError("Claude session ended without a result.");
+      }
+      callbacks.onSettled?.();
+    }
+  })();
+  const handle = {
+    /**
+     * Abort the running session. Calls interrupt() then close() on the
+     * query generator to stop Claude mid-execution.
+     */
+    abort: () => {
+      wasAborted = true;
+      for (const [toolUseId, entry] of pendingPermissions) {
+        clearTimeout(entry.timer);
+        entry.resolve({ allow: false, feedback: "Session aborted." });
+        pendingPermissions.delete(toolUseId);
+      }
+      if (queryInstance) {
+        try {
+          if (typeof queryInstance.interrupt === "function") {
+            queryInstance.interrupt();
+          }
+        } catch {
+        }
+        try {
+          if (typeof queryInstance.close === "function") {
+            const result = queryInstance.close();
+            if (result && typeof result.catch === "function") {
+              result.catch(() => {
+              });
+            }
+          } else if (typeof queryInstance.return === "function") {
+            const result = queryInstance.return();
+            if (result && typeof result.catch === "function") {
+              result.catch(() => {
+              });
+            }
+          }
+        } catch {
+        }
+      }
+    },
+    /**
+     * Resolve a pending permission request (called when the phone user
+     * taps Allow or Deny).
+     */
+    resolvePermission: (toolUseId, allow, feedback) => {
+      const entry = pendingPermissions.get(toolUseId);
+      if (!entry) {
+        return;
+      }
+      entry.resolve({ allow, feedback });
+    }
+  };
+  return handle;
+}
+
+// src/lib/device-info.ts
+import os3 from "os";
+import { execFile } from "child_process";
+import { promisify } from "util";
+var execFileAsync = promisify(execFile);
+async function detectClaudeVersion() {
+  try {
+    const { stdout } = await execFileAsync("claude", ["--version"], {
+      timeout: 5e3
+    });
+    const trimmed = stdout.trim();
+    const match = trimmed.match(/(\d+\.\d+\.\d+[\w.-]*)/);
+    return match?.[1] ?? trimmed;
+  } catch {
+    return void 0;
+  }
+}
+async function collectDeviceInfo() {
+  const claudeVersion = await detectClaudeVersion();
+  return {
+    hostname: os3.hostname(),
+    platform: os3.platform(),
+    arch: os3.arch(),
+    claudeVersion,
+    cliVersion: version
+  };
+}
+
+// src/lib/sleep-inhibitor.ts
+import { spawn } from "child_process";
+import os4 from "os";
+function preventIdleSleep() {
+  const platform = os4.platform();
+  let child = null;
+  if (platform === "darwin") {
+    try {
+      child = spawn("caffeinate", ["-di"], {
+        stdio: "ignore",
+        detached: false
+      });
+      child.unref();
+      child.on("error", () => {
+        child = null;
+      });
+    } catch {
+      child = null;
+    }
+  } else if (platform === "linux") {
+    try {
+      child = spawn(
+        "systemd-inhibit",
+        [
+          "--what=idle",
+          "--who=implicit-cli",
+          "--why=Implicit CLI bridge is active",
+          "sleep",
+          "infinity"
+        ],
+        {
+          stdio: "ignore",
+          detached: false
+        }
+      );
+      child.unref();
+      child.on("error", () => {
+        child = null;
+      });
+    } catch {
+      child = null;
+    }
+  }
+  return {
+    release() {
+      if (child) {
+        try {
+          child.kill("SIGTERM");
+        } catch {
+        }
+        child = null;
+      }
+    }
+  };
+}
+
+// src/lib/connection.ts
+var MAX_CONCURRENT_SESSIONS_PER_ACCOUNT = 3;
+var RECENT_CRITICAL_TTL_MS = 10 * 60 * 1e3;
+var MAX_RECENT_CRITICAL_MESSAGES = 50;
+var MAX_RESULT_CHARS = 48e3;
+var MAX_TOOL_RESULT_CHARS = 2e3;
+var ImplicitConnection = class _ImplicitConnection {
+  constructor(opts, transport) {
+    this.opts = opts;
+    this.transport = transport;
+    this.transport.onReconnect(() => {
+      this.opts.onReconnected();
+      void this.sendConnectionStatus("reconnected");
+      this.flushPendingMessages();
+      this.startPresence();
+    });
+    this.transport.onError((message) => {
+      this.opts.onError(message);
+      if (!this.intentionalDisconnect) {
+        this.stopPresence();
+        this.opts.onDisconnected(message);
+      }
+    });
+    this.transport.on("sdk_prompt", (payload) => {
+      this.handlePrompt(payload);
+    });
+    this.transport.on("sdk_permission_response", (payload) => {
+      this.handlePermissionResponse(payload);
+    });
+    this.transport.on("sdk_cancel", (payload) => {
+      this.handleCancel(payload);
+    });
+    this.transport.on("sdk_list_sessions", (payload) => {
+      this.handleListSessions(payload);
+    });
+  }
+  opts;
+  transport;
+  activeSessions = /* @__PURE__ */ new Map();
+  sessionMeta = /* @__PURE__ */ new Map();
+  presenceInterval = null;
+  sleepLock = null;
+  /** Whether we've successfully connected at least once. */
+  hasConnected = false;
+  /** Whether disconnect() was called intentionally. */
+  intentionalDisconnect = false;
+  /**
+   * Critical messages (results, errors, permission requests) that arrived
+   * while the channel was down. Flushed on reconnect.
+   */
+  pendingMessages = [];
+  /** Recent critical messages retained for replay when the phone reconnects. */
+  recentCriticalMessages = [];
+  publishQueue = Promise.resolve();
+  // -------------------------------------------------------------------------
+  // Lifecycle
+  // -------------------------------------------------------------------------
+  connect() {
+    this.intentionalDisconnect = false;
+    void this.transport.connect().then(() => {
+      if (!this.hasConnected) {
+        this.hasConnected = true;
+        this.opts.onConnected();
+        void this.sendConnectionStatus("connected");
+        this.flushPendingMessages();
+        this.startPresence();
+        if (!this.sleepLock) {
+          this.sleepLock = preventIdleSleep();
+        }
+      }
+    }).catch((err) => {
+      const message = err instanceof Error ? err.message : String(err);
+      this.opts.onError(message);
+    });
+  }
+  /**
+   * Intentional disconnect (Ctrl+C / shutdown).
+   * This DOES abort sessions and tear everything down.
+   */
+  disconnect() {
+    this.intentionalDisconnect = true;
+    this.transport.disconnect();
+    this.cleanup();
+  }
+  // -------------------------------------------------------------------------
+  // Outbound: send messages to the phone via transport
+  // -------------------------------------------------------------------------
+  /** Message types that must be delivered even after a reconnect. */
+  static CRITICAL_TYPES = /* @__PURE__ */ new Set([
+    "sdk_result",
+    "sdk_error",
+    "sdk_permission_request",
+    "sdk_session_created"
+  ]);
+  send(message) {
+    this.rememberCriticalMessage(message);
+    if (!this.transport.isConnected) {
+      if (_ImplicitConnection.CRITICAL_TYPES.has(message.type)) {
+        this.pendingMessages.push(message);
+      }
+      return;
+    }
+    this.enqueuePublish(message);
+  }
+  enqueuePublish(message) {
+    this.publishQueue = this.publishQueue.then(() => this.transport.publish(message.type, message)).catch((err) => {
+      const detail = err instanceof Error ? err.message : String(err);
+      const requestId = "requestId" in message && typeof message.requestId === "string" ? message.requestId : void 0;
+      const label = requestId ? `${message.type} for ${requestId.slice(0, 8)}` : message.type;
+      const errorMessage = `Failed to publish ${label}: ${detail}`;
+      this.opts.onError(errorMessage);
+      this.opts.onActivity({ icon: "\u2717", message: errorMessage, sessionId: requestId });
+    });
+  }
+  /** Send connection status to the phone. */
+  async sendConnectionStatus(status2) {
+    try {
+      const msg = {
+        type: "sdk_connection_status",
+        status: status2,
+        activeSessions: this.activeSessionCountForAccount(this.opts.userId),
+        activeSessionIds: this.activeSessionIdsForAccount(this.opts.userId)
+      };
+      await this.transport.publish(msg.type, msg);
+    } catch (err) {
+      console.warn("[Relay] Failed to send connection status:", err);
+    }
+  }
+  /** Flush messages that were buffered while disconnected. */
+  flushPendingMessages() {
+    if (this.pendingMessages.length === 0) return;
+    const messages = this.pendingMessages;
+    this.pendingMessages = [];
+    for (const msg of messages) {
+      this.send(msg);
+    }
+  }
+  rememberCriticalMessage(message) {
+    if (!_ImplicitConnection.CRITICAL_TYPES.has(message.type)) return;
+    this.pruneRecentCriticalMessages();
+    this.recentCriticalMessages.push({ message, timestamp: Date.now() });
+    if (this.recentCriticalMessages.length > MAX_RECENT_CRITICAL_MESSAGES) {
+      this.recentCriticalMessages.splice(
+        0,
+        this.recentCriticalMessages.length - MAX_RECENT_CRITICAL_MESSAGES
+      );
+    }
+  }
+  pruneRecentCriticalMessages() {
+    const cutoff = Date.now() - RECENT_CRITICAL_TTL_MS;
+    this.recentCriticalMessages = this.recentCriticalMessages.filter(
+      ({ timestamp }) => timestamp >= cutoff
+    );
+  }
+  replayRecentCriticalMessages() {
+    this.pruneRecentCriticalMessages();
+    for (const { message } of this.recentCriticalMessages) {
+      this.enqueuePublish(message);
+    }
+  }
+  // -------------------------------------------------------------------------
+  // Presence: let the phone know the CLI is online via Ably Presence
+  // -------------------------------------------------------------------------
+  startPresence() {
+    this.stopPresence();
+    void this.enterPresence();
+  }
+  async enterPresence() {
+    try {
+      const deviceInfo = await collectDeviceInfo();
+      await this.transport.presenceEnter({
+        role: "cli",
+        deviceId: this.opts.deviceId,
+        hostname: deviceInfo.hostname,
+        platform: deviceInfo.platform,
+        claudeVersion: deviceInfo.claudeVersion ?? null,
+        cliVersion: deviceInfo.cliVersion
+      });
+      this.broadcastPresence();
+    } catch (err) {
+      console.warn("[Relay] presenceEnter failed:", err);
+    }
+  }
+  stopPresence() {
+    if (this.presenceInterval) {
+      clearInterval(this.presenceInterval);
+      this.presenceInterval = null;
+    }
+    void this.transport.presenceLeave().catch(() => {
+    });
+  }
+  /** R10 legacy backstop: one-shot sdk_presence broadcast for old phones. */
+  broadcastPresence() {
+    void collectDeviceInfo().then((deviceInfo) => {
+      const msg = {
+        type: "sdk_presence",
+        deviceId: this.opts.deviceId,
+        hostname: deviceInfo.hostname,
+        platform: deviceInfo.platform,
+        claudeVersion: deviceInfo.claudeVersion ?? void 0,
+        cliVersion: deviceInfo.cliVersion,
+        activeSessions: this.activeSessionCountForAccount(this.opts.userId)
+      };
+      this.send(msg);
+    });
+  }
+  // -------------------------------------------------------------------------
+  // Inbound handlers
+  // -------------------------------------------------------------------------
+  handlePrompt(msg) {
+    const { id, prompt: prompt2, sessionId, workingDirectory, options } = msg;
+    const accountSessionCount = this.activeSessionCountForAccount(this.opts.userId);
+    if (accountSessionCount >= MAX_CONCURRENT_SESSIONS_PER_ACCOUNT) {
+      this.send({
+        type: "sdk_error",
+        requestId: id,
+        message: `Max ${MAX_CONCURRENT_SESSIONS_PER_ACCOUNT} concurrent sessions reached for this account. Cancel one first.`
+      });
+      this.opts.onActivity({ icon: "\u2717", message: "Session rejected (max concurrent)", sessionId: id });
+      return;
+    }
+    this.sessionMeta.set(id, {
+      requestId: id,
+      userId: this.opts.userId,
+      prompt: prompt2,
+      workingDirectory,
+      status: "running",
+      startedAt: Date.now()
+    });
+    this.opts.onActivity({
+      icon: "\u25B6",
+      message: `Session started: ${prompt2.slice(0, 60)}${prompt2.length > 60 ? "\u2026" : ""}`,
+      sessionId: id
+    });
+    const resolvedCwd = workingDirectory ?? this.opts.defaultCwd;
+    console.log(
+      `[relay] starting CC session \u2014 cwd=${resolvedCwd} (source: ${workingDirectory ? "iOS prompt" : "defaultCwd"}) requestId=${id}`
+    );
+    let settledBeforeHandleRegistered = false;
+    const complete = (status2 = "done") => {
+      settledBeforeHandleRegistered = true;
+      return this.completeSession(id, status2);
+    };
+    try {
+      const handle = startSession(
+        {
+          prompt: prompt2,
+          sessionId,
+          workingDirectory: resolvedCwd,
+          options
+        },
+        {
+          onSessionCreated: (info) => {
+            const resumed = sessionId != null && sessionId === info.sessionId;
+            this.opts.onActivity({
+              icon: resumed ? "\u21BB" : "\u2726",
+              message: `CC session ${resumed ? "resumed" : "new"}: ${info.sessionId.slice(0, 8)}${sessionId && !resumed ? ` (requested resume of ${sessionId.slice(0, 8)})` : ""}`,
+              sessionId: id
+            });
+            this.send({
+              type: "sdk_session_created",
+              requestId: id,
+              sessionId: info.sessionId,
+              prompt: prompt2,
+              tools: info.tools,
+              model: info.model,
+              workingDirectory: info.workingDirectory,
+              permissionMode: info.permissionMode
+            });
+          },
+          onText: (text) => {
+            this.send({ type: "sdk_text", requestId: id, text });
+          },
+          onThinking: (thinking) => {
+            this.send({ type: "sdk_thinking", requestId: id, thinking });
+          },
+          onToolUse: (toolId, name, input, parentToolUseId) => {
+            const summary = summarizeToolUse(name, input);
+            this.send({
+              type: "sdk_tool_use",
+              requestId: id,
+              toolId,
+              name,
+              input,
+              parentToolUseId,
+              summary
+            });
+            this.opts.onActivity({ icon: "\u25B6", message: summary, sessionId: id });
+          },
+          onToolResult: (toolUseId, content, isError) => {
+            this.send({
+              type: "sdk_tool_result",
+              requestId: id,
+              toolUseId,
+              content: truncatePayload(content, MAX_TOOL_RESULT_CHARS),
+              isError
+            });
+          },
+          onPermissionRequest: (req) => {
+            const meta = this.sessionMeta.get(id);
+            if (meta) meta.status = "waiting";
+            this.opts.onActivity({ icon: "\u25CF", message: `Permission: ${req.toolName}`, sessionId: id });
+            this.send({
+              type: "sdk_permission_request",
+              requestId: id,
+              toolUseId: req.toolUseId,
+              toolName: req.toolName,
+              input: req.input,
+              reason: req.reason,
+              blockedPath: req.blockedPath,
+              summary: summarizeToolUse(req.toolName, req.input)
+            });
+          },
+          onResult: (sid, result) => {
+            const meta = complete();
+            const shortResult = result && result.length > 100 ? result.slice(0, 100) + "\u2026" : result ?? "Done";
+            const safeResult = result ? truncateString(result, MAX_RESULT_CHARS) : result;
+            this.send({
+              type: "sdk_result",
+              requestId: id,
+              sessionId: sid,
+              prompt: meta?.prompt ?? prompt2,
+              workingDirectory: meta?.workingDirectory ?? workingDirectory,
+              result: safeResult,
+              summary: shortResult
+            });
+            this.opts.onActivity({ icon: "\u2713", message: shortResult, sessionId: id });
+          },
+          onError: (message) => {
+            const meta = complete("error");
+            this.send({
+              type: "sdk_error",
+              requestId: id,
+              prompt: meta?.prompt ?? prompt2,
+              workingDirectory: meta?.workingDirectory ?? workingDirectory,
+              message
+            });
+            this.opts.onActivity({ icon: "\u2717", message: `Error: ${message}`, sessionId: id });
+          },
+          onSettled: () => {
+            complete();
+          }
+        }
+      );
+      if (!settledBeforeHandleRegistered) {
+        this.activeSessions.set(id, handle);
+      }
+    } catch (err) {
+      const meta = complete("error");
+      const message = err instanceof Error ? err.message : String(err);
+      this.send({
+        type: "sdk_error",
+        requestId: id,
+        prompt: meta?.prompt ?? prompt2,
+        workingDirectory: meta?.workingDirectory ?? workingDirectory,
+        message
+      });
+      this.opts.onActivity({ icon: "\u2717", message: `Error: ${message}`, sessionId: id });
+    }
+  }
+  completeSession(requestId, status2 = "done") {
+    const meta = this.sessionMeta.get(requestId);
+    if (meta) meta.status = status2;
+    this.activeSessions.delete(requestId);
+    this.sessionMeta.delete(requestId);
+    return meta;
+  }
+  activeSessionCountForAccount(userId) {
+    return this.activeSessionIdsForAccount(userId).length;
+  }
+  activeSessionIdsForAccount(userId) {
+    return Array.from(this.sessionMeta.values()).filter((session) => session.userId.toLowerCase() === userId.toLowerCase()).map((session) => session.requestId);
+  }
+  handlePermissionResponse(msg) {
+    const handle = this.activeSessions.get(msg.requestId);
+    if (handle) {
+      handle.resolvePermission(msg.toolUseId, msg.allow, msg.feedback);
+      const meta = this.sessionMeta.get(msg.requestId);
+      if (meta) meta.status = "running";
+      this.opts.onActivity({
+        icon: msg.allow ? "\u2713" : "\u2717",
+        message: msg.allow ? "Permission allowed" : "Permission denied",
+        sessionId: msg.requestId
+      });
+    }
+  }
+  handleCancel(msg) {
+    const handle = this.activeSessions.get(msg.requestId);
+    if (handle) {
+      handle.abort();
+      this.activeSessions.delete(msg.requestId);
+      this.sessionMeta.delete(msg.requestId);
+      this.opts.onActivity({ icon: "\u2717", message: "Session cancelled", sessionId: msg.requestId });
+    }
+  }
+  handleListSessions(msg) {
+    const sessions = Array.from(this.sessionMeta.values()).filter((session) => session.userId.toLowerCase() === this.opts.userId.toLowerCase()).map(({ userId: _userId, ...session }) => session);
+    this.send({
+      type: "sdk_sessions_list",
+      requestId: msg.id,
+      sessions
+    });
+    this.replayRecentCriticalMessages();
+  }
+  // -------------------------------------------------------------------------
+  // Cleanup — only called on intentional disconnect
+  // -------------------------------------------------------------------------
+  cleanup() {
+    this.stopPresence();
+    this.pendingMessages = [];
+    this.recentCriticalMessages = [];
+    if (this.sleepLock) {
+      this.sleepLock.release();
+      this.sleepLock = null;
+    }
+    for (const handle of this.activeSessions.values()) {
+      handle.abort();
+    }
+    this.activeSessions.clear();
+    this.sessionMeta.clear();
+  }
+};
+function truncatePayload(value, maxChars) {
+  if (typeof value === "string") return truncateString(value, maxChars);
+  if (value == null) return value;
+  try {
+    return truncateString(JSON.stringify(value), maxChars);
+  } catch {
+    return truncateString(String(value), maxChars);
+  }
+}
+function truncateString(value, maxChars) {
+  if (value.length <= maxChars) return value;
+  const omitted = value.length - maxChars;
+  return `${value.slice(0, maxChars)}
+
+[truncated ${omitted} chars for realtime delivery]`;
+}
+
+// src/lib/ably-transport.ts
+import Ably from "ably";
+import pino from "pino";
+
+// src/lib/auth-session.ts
+import { createClient, isAuthRetryableFetchError } from "@supabase/supabase-js";
+var SUPABASE_CONFIGS = {
+  production: {
+    url: "https://fqvwludchxxqfpvjzktf.supabase.co",
+    anonKey: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImZxdndsdWRjaHh4cWZwdmp6a3RmIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NzE5NzAzMzAsImV4cCI6MjA4NzU0NjMzMH0.m7r_vCpWSA5kkQyIl2ABggtEDyx3IB3ml7j3v3ZBGGU"
+  },
+  development: {
+    url: "https://pxmhujfsundhgqgxqrjs.supabase.co",
+    anonKey: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InB4bWh1amZzdW5kaGdxZ3hxcmpzIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NzIxMzY3MDgsImV4cCI6MjA4NzcxMjcwOH0.l4vcbtVN3P8iZnbign-VmSvZ6UcI3mJ896bdO34eo6s"
+  }
+};
+var REFRESH_SAFETY_MARGIN_MS = 6e4;
+var NeedsRePairingError = class extends Error {
+  constructor() {
+    super("Your session has expired. Run `implicit pair` to re-authenticate.");
+    this.name = "NeedsRePairingError";
+  }
+};
+var TransientAuthError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "TransientAuthError";
+  }
+};
+async function getFreshAccessToken() {
+  const auth = loadAuth();
+  if (!auth || !auth.refreshToken) {
+    throw new NeedsRePairingError();
+  }
+  if (Date.now() < auth.expiresAt - REFRESH_SAFETY_MARGIN_MS) {
+    return auth.accessToken;
+  }
+  const { url, anonKey } = SUPABASE_CONFIGS[auth.env ?? "production"];
+  const supabase = createClient(url, anonKey);
+  let result;
+  try {
+    result = await supabase.auth.refreshSession({
+      refresh_token: auth.refreshToken
+    });
+  } catch (err) {
+    if (isAuthRetryableFetchError(err) || isNetworkLikeError(err)) {
+      throw new TransientAuthError(
+        `Network error refreshing session: ${err instanceof Error ? err.message : String(err)}`
+      );
+    }
+    throw err;
+  }
+  const { data, error } = result;
+  if (error) {
+    if (isAuthRetryableFetchError(error) || isNetworkLikeError(error)) {
+      throw new TransientAuthError(`Network error refreshing session: ${error.message}`);
+    }
+    clearAuth();
+    throw new NeedsRePairingError();
+  }
+  if (!data.session) {
+    clearAuth();
+    throw new NeedsRePairingError();
+  }
+  const newAuth = {
+    ...auth,
+    accessToken: data.session.access_token,
+    refreshToken: data.session.refresh_token,
+    expiresAt: (data.session.expires_at ?? Math.floor(Date.now() / 1e3) + 3600) * 1e3
+  };
+  saveAuth(newAuth);
+  return data.session.access_token;
+}
+function isNetworkLikeError(err) {
+  if (!err || typeof err !== "object") return false;
+  const e = err;
+  const cause = e.cause?.code;
+  if (cause === "ENOTFOUND" || cause === "ETIMEDOUT" || cause === "ECONNREFUSED" || cause === "ECONNRESET" || cause === "EAI_AGAIN") {
+    return true;
+  }
+  return typeof e.message === "string" && e.message.toLowerCase().includes("fetch failed");
+}
+
+// src/lib/ably-auth.ts
+async function fetchAblyToken(opts) {
+  const jwt = opts.getAccessToken ? await opts.getAccessToken() : await getFreshAccessToken();
+  const url = `${opts.railwayUrl}/auth/ably-token`;
+  let response;
+  try {
+    response = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${jwt}`,
+        "Content-Type": "application/json"
+      },
+      body: "{}"
+    });
+  } catch (err) {
+    throw new Error(
+      `Network error fetching Ably token from ${url}: ${err instanceof Error ? err.message : String(err)}`
+    );
+  }
+  if (!response.ok) {
+    const body = await response.text().catch(() => "(no body)");
+    throw new Error(
+      `Failed to fetch Ably token: HTTP ${response.status} from ${url} \u2014 ${body}`
+    );
+  }
+  const tokenDetails = await response.json();
+  return tokenDetails;
+}
+
+// src/lib/ably-transport.ts
+var log = pino({ name: "ably-transport" });
+var AblyTransport = class {
+  railwayUrl;
+  userId;
+  channelName;
+  getAccessToken;
+  realtime = null;
+  channel = null;
+  _isConnected = false;
+  firstConnectDone = false;
+  /** Guards against re-registering connection state listeners on reconnect. */
+  connectionListenersWired = false;
+  reconnectHandlers = [];
+  errorHandlers = [];
+  connectionStateHandlers = [];
+  constructor(opts) {
+    this.railwayUrl = opts.railwayUrl;
+    this.userId = opts.userId;
+    this.channelName = `sdk:${opts.userId.toLowerCase()}`;
+    this.getAccessToken = opts.getAccessToken;
+  }
+  get isConnected() {
+    return this._isConnected;
+  }
+  async connect() {
+    const { railwayUrl } = this;
+    if (this.realtime) {
+      this.realtime.close();
+      this.realtime = null;
+      this.channel = null;
+    }
+    this.realtime = new Ably.Realtime({
+      authCallback: async (_tokenParams, callback) => {
+        try {
+          const tokenDetails = await fetchAblyToken({ railwayUrl, getAccessToken: this.getAccessToken });
+          callback(null, tokenDetails);
+        } catch (err) {
+          if (err instanceof NeedsRePairingError) {
+            for (const h of this.errorHandlers) h(err.message);
+          }
+          callback(err instanceof Error ? err.message : String(err), null);
+        }
+      }
+    });
+    if (!this.connectionListenersWired) {
+      this.connectionListenersWired = true;
+      this.realtime.connection.on("connected", () => {
+        log.info("connection state: connected");
+        this._isConnected = true;
+        if (this.firstConnectDone) {
+          log.info({ handlers: this.reconnectHandlers.length }, "reconnected \u2014 firing handlers");
+          for (const h of this.reconnectHandlers) h();
+        }
+        this.firstConnectDone = true;
+        for (const h of this.connectionStateHandlers) h("connected");
+      });
+      this.realtime.connection.on("disconnected", (stateChange) => {
+        log.warn({ reason: stateChange?.reason?.message }, "connection state: disconnected");
+        this._isConnected = false;
+        for (const h of this.connectionStateHandlers) h("disconnected");
+      });
+      this.realtime.connection.on("failed", (stateChange) => {
+        const msg = stateChange?.reason?.message ?? "Ably connection failed";
+        log.error({ reason: msg }, "connection state: failed");
+        this._isConnected = false;
+        for (const h of this.errorHandlers) h(msg);
+        for (const h of this.connectionStateHandlers) h("failed");
+      });
+      this.realtime.connection.on("suspended", (stateChange) => {
+        const msg = stateChange?.reason?.message ?? "Ably connection suspended";
+        log.warn({ reason: msg }, "connection state: suspended");
+        this._isConnected = false;
+        for (const h of this.errorHandlers) h(msg);
+        for (const h of this.connectionStateHandlers) h("suspended");
+      });
+      this.realtime.connection.on("closed", () => {
+        log.info("connection state: closed");
+        this._isConnected = false;
+        for (const h of this.connectionStateHandlers) h("closed");
+      });
+    }
+    this.channel = this.realtime.channels.get(this.channelName);
+    await this.channel.attach();
+    for (const { event, handler } of this.pendingSubscriptions) {
+      this.channel.subscribe(event, (msg) => {
+        handler(msg.data);
+      });
+    }
+    this.pendingSubscriptions = [];
+    for (const handler of this.pendingPresenceEnterHandlers) {
+      this.channel.presence.subscribe("enter", (msg) => {
+        handler({ clientId: msg.clientId ?? "unknown", data: msg.data ?? {} });
+      });
+    }
+    this.pendingPresenceEnterHandlers = [];
+    for (const handler of this.pendingPresenceLeaveHandlers) {
+      this.channel.presence.subscribe("leave", (msg) => {
+        handler({ clientId: msg.clientId ?? "unknown", data: msg.data ?? {} });
+      });
+    }
+    this.pendingPresenceLeaveHandlers = [];
+  }
+  disconnect() {
+    this._isConnected = false;
+    if (this.channel) {
+      this.channel.unsubscribe();
+      this.channel.presence.unsubscribe();
+      this.channel = null;
+    }
+    this.realtime?.close();
+    this.realtime = null;
+    this.firstConnectDone = false;
+  }
+  async publish(event, payload) {
+    if (!this.channel) {
+      throw new Error("AblyTransport: not connected \u2014 call connect() first");
+    }
+    await this.channel.publish(event, payload);
+  }
+  pendingSubscriptions = [];
+  on(event, handler) {
+    if (!this.channel) {
+      this.pendingSubscriptions.push({ event, handler });
+      return;
+    }
+    this.channel.subscribe(event, (msg) => {
+      handler(msg.data);
+    });
+  }
+  onReconnect(handler) {
+    this.reconnectHandlers.push(handler);
+  }
+  onError(handler) {
+    this.errorHandlers.push(handler);
+  }
+  onConnectionStateChange(handler) {
+    this.connectionStateHandlers.push(handler);
+  }
+  // --- Presence ---
+  async presenceEnter(data) {
+    if (!this.channel) throw new Error("AblyTransport: not connected \u2014 call connect() first");
+    log.info({ data }, "entering presence");
+    await this.channel.presence.enter(data);
+  }
+  async presenceLeave() {
+    if (!this.channel) return;
+    await this.channel.presence.leave();
+  }
+  async presenceGet() {
+    if (!this.channel) throw new Error("AblyTransport: not connected");
+    const members = await this.channel.presence.get();
+    return (members ?? []).map((msg) => ({
+      clientId: msg.clientId ?? "unknown",
+      data: msg.data ?? {}
+    }));
+  }
+  pendingPresenceEnterHandlers = [];
+  pendingPresenceLeaveHandlers = [];
+  onPresenceEnter(handler) {
+    if (!this.channel) {
+      this.pendingPresenceEnterHandlers.push(handler);
+      return;
+    }
+    this.channel.presence.subscribe("enter", (msg) => {
+      const clientId = msg.clientId ?? "unknown";
+      log.info({ clientId }, "presence enter");
+      handler({ clientId, data: msg.data ?? {} });
+    });
+  }
+  onPresenceLeave(handler) {
+    if (!this.channel) {
+      this.pendingPresenceLeaveHandlers.push(handler);
+      return;
+    }
+    this.channel.presence.subscribe("leave", (msg) => {
+      const clientId = msg.clientId ?? "unknown";
+      log.info({ clientId }, "presence leave");
+      handler({ clientId, data: msg.data ?? {} });
+    });
+  }
+  // --- History ---
+  async fetchHistory(limit) {
+    if (!this.channel) throw new Error("AblyTransport: not connected");
+    log.info({ limit }, "fetching channel history");
+    const result = await this.channel.history({ limit, direction: "backwards" });
+    const messages = (result.items ?? []).map((msg) => ({
+      event: msg.name ?? "",
+      data: msg.data ?? {},
+      timestamp: msg.timestamp ?? 0
+    }));
+    log.info({ count: messages.length }, "history fetched");
+    return messages;
+  }
+};
+
+// src/commands/connect.ts
+var SUPABASE_CONFIGS2 = {
+  production: {
+    url: "https://fqvwludchxxqfpvjzktf.supabase.co",
+    anonKey: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImZxdndsdWRjaHh4cWZwdmp6a3RmIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NzE5NzAzMzAsImV4cCI6MjA4NzU0NjMzMH0.m7r_vCpWSA5kkQyIl2ABggtEDyx3IB3ml7j3v3ZBGGU"
+  },
+  development: {
+    url: "https://pxmhujfsundhgqgxqrjs.supabase.co",
+    anonKey: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InB4bWh1amZzdW5kaGdxZ3hxcmpzIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NzIxMzY3MDgsImV4cCI6MjA4NzcxMjcwOH0.l4vcbtVN3P8iZnbign-VmSvZ6UcI3mJ896bdO34eo6s"
+  }
+};
+async function connect(options) {
+  const isHeadless = !!options.background;
+  const env = options.env === "production" ? "production" : "development";
+  ensureRestrictivePermissions();
+  if (!isHeadless) console.log("\n  Checking prerequisites...");
+  const claude = detectClaudeCodeInstalled();
+  if (!claude.installed) {
+    console.error(
+      "  \u2717 Claude Code is not installed.\n    Install from: https://docs.anthropic.com/en/docs/claude-code"
+    );
+    process.exit(1);
+  }
+  if (!isHeadless) console.log(`  \u2713 Claude Code ${claude.version ?? ""} installed`);
+  const claudeAuth = detectClaudeAuth();
+  if (claudeAuth.method === "none") {
+    console.error("  \u2717 Claude Code auth not found.\n");
+    printAuthGuidance();
+    process.exit(1);
+  }
+  if (!isHeadless) console.log(`  \u2713 Claude auth detected (${claudeAuth.method})`);
+  let auth = options.token ? authFromAccessToken(options.token, env) : loadAuth();
+  if (!auth) {
+    if (isHeadless) {
+      console.error("Not signed in yet. Run `implicit connect` interactively first.");
+      process.exit(1);
+    }
+    auth = await signInWithOtp(env);
+  } else {
+    if (!isHeadless) console.log(`  \u2713 Signed in as ${auth.email}`);
+  }
+  const deviceId = getOrCreateDeviceId();
+  const cwdFromFlag = options.cwd;
+  const cwdFromConfig = loadConfig()?.defaultCwd;
+  const defaultCwd = cwdFromFlag ?? cwdFromConfig ?? process.env.HOME ?? "/tmp";
+  const railwayUrl = getRailwayUrl(env);
+  if (!isHeadless) {
+    console.log("\n  \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510");
+    console.log("  \u2502  Implicit bridge is running      \u2502");
+    console.log("  \u2502  Send prompts from your phone    \u2502");
+    console.log("  \u2502  Press Ctrl+C to disconnect      \u2502");
+    console.log("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n");
+    console.log(`  \u2937 defaultCwd: ${defaultCwd}`);
+    console.log(
+      `     sources: --cwd=${cwdFromFlag ?? "(none)"}, config=${cwdFromConfig ?? "(none)"}, $HOME=${process.env.HOME ?? "(unset)"}`
+    );
+    console.log(`     process.cwd()=${process.cwd()} (NOT used as default)`);
+  }
+  const transport = new AblyTransport({
+    railwayUrl,
+    userId: auth.userId,
+    getAccessToken: options.token ? async () => options.token : void 0
+  });
+  const connection = new ImplicitConnection(
+    {
+      userId: auth.userId,
+      deviceId,
+      defaultCwd,
+      railwayUrl,
+      onConnected: () => {
+        if (isHeadless) console.log("[connected]");
+        else console.log("  \u25CF Connected to Ably Realtime");
+      },
+      onDisconnected: (reason) => {
+        if (isHeadless) console.log(`[disconnected] ${reason}`);
+        else console.log(`  \u25CB Disconnected: ${reason} \u2014 reconnecting...`);
+      },
+      onReconnected: () => {
+        if (isHeadless) console.log("[reconnected]");
+        else console.log("  \u25CF Reconnected to Ably Realtime");
+      },
+      onError: (msg) => {
+        if (isHeadless) console.error(`[error] ${msg}`);
+        else console.error(`  \u2717 ${msg}`);
+        if (msg.includes("implicit pair")) process.exit(1);
+      },
+      onActivity: (entry) => {
+        if (isHeadless) {
+          console.log(`[${entry.icon}] ${entry.message}${entry.sessionId ? ` (${entry.sessionId.slice(0, 8)})` : ""}`);
+        } else {
+          console.log(`  ${entry.icon} ${entry.message}${entry.sessionId ? ` [${entry.sessionId.slice(0, 8)}]` : ""}`);
+        }
+      }
+    },
+    transport
+  );
+  connection.connect();
+  const shutdown = () => {
+    if (!isHeadless) console.log("\n  Disconnecting...");
+    connection.disconnect();
+    process.exit(0);
+  };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+  await new Promise(() => {
+  });
+}
+async function signInWithOtp(env) {
+  const config = SUPABASE_CONFIGS2[env];
+  const supabase = createClient2(config.url, config.anonKey);
+  console.log("\n  Sign in with your Implicit account (same email as the phone app).\n");
+  const email = await prompt("  Email: ");
+  if (!email || !email.includes("@")) {
+    console.error("  \u2717 Invalid email.");
+    process.exit(1);
+  }
+  const { error: otpError } = await supabase.auth.signInWithOtp({ email });
+  if (otpError) {
+    console.error(`  \u2717 Failed to send code: ${otpError.message}`);
+    process.exit(1);
+  }
+  console.log("  \u2713 Code sent! Check your email.\n");
+  const code = await prompt("  Enter 6-digit code: ");
+  if (!code || code.length < 6) {
+    console.error("  \u2717 Invalid code.");
+    process.exit(1);
+  }
+  const { data, error: verifyError } = await supabase.auth.verifyOtp({
+    email,
+    token: code.trim(),
+    type: "email"
+  });
+  if (verifyError || !data.user) {
+    console.error(`  \u2717 Verification failed: ${verifyError?.message ?? "No user returned"}`);
+    process.exit(1);
+  }
+  const session = data.session;
+  if (!session) {
+    console.error("  \u2717 OTP verified but no session returned. Please try again.");
+    process.exit(1);
+  }
+  const auth = {
+    schemaVersion: 2,
+    userId: data.user.id,
+    email: data.user.email ?? email,
+    authenticatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    accessToken: session.access_token,
+    refreshToken: session.refresh_token,
+    expiresAt: session.expires_at ? session.expires_at * 1e3 : Date.now() + 36e5,
+    env
+  };
+  saveAuth(auth);
+  console.log(`  \u2713 Signed in as ${auth.email}
+`);
+  return auth;
+}
+function authFromAccessToken(token, env) {
+  const claims = decodeJwtPayload(token);
+  const userId = readStringClaim(claims, "sub");
+  if (!userId) {
+    console.error("  \u2717 --token is not a valid Supabase JWT: missing sub claim.");
+    process.exit(1);
+  }
+  const expiresAt = readNumberClaim(claims, "exp") * 1e3;
+  if (!Number.isFinite(expiresAt) || expiresAt <= Date.now()) {
+    console.error("  \u2717 --token is expired.");
+    process.exit(1);
+  }
+  return {
+    schemaVersion: 2,
+    userId,
+    email: readStringClaim(claims, "email") ?? "(token auth)",
+    authenticatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    accessToken: token,
+    refreshToken: "",
+    expiresAt,
+    env
+  };
+}
+function decodeJwtPayload(token) {
+  const parts = token.split(".");
+  if (parts.length < 2) return {};
+  try {
+    const normalized = parts[1].replace(/-/g, "+").replace(/_/g, "/");
+    const padded = normalized.padEnd(Math.ceil(normalized.length / 4) * 4, "=");
+    const raw = Buffer.from(padded, "base64").toString("utf8");
+    const parsed = JSON.parse(raw);
+    return parsed !== null && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+function readStringClaim(claims, key) {
+  const value = claims[key];
+  return typeof value === "string" && value.length > 0 ? value : void 0;
+}
+function readNumberClaim(claims, key) {
+  const value = claims[key];
+  return typeof value === "number" ? value : Number.NaN;
+}
+function prompt(question) {
+  const rl = createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  return new Promise((resolve) => {
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve(answer.trim());
+    });
+  });
+}
+
+// src/commands/login.ts
+async function login(options) {
+  clearAuth();
+  console.log("  Cleared existing session.\n");
+  await connect({ env: options.env });
+}
+
+// src/commands/logout.ts
+async function logout() {
+  clearAuth();
+  console.log("  \u2713 Logged out. Credentials cleared.");
+}
+
+// src/commands/status.ts
+async function status() {
+  console.log("\n  Implicit Status\n");
+  const claude = detectClaudeCodeInstalled();
+  console.log(`  Claude Code: ${claude.installed ? `\u2713 ${claude.version}` : "\u2717 not installed"}`);
+  const claudeAuth = detectClaudeAuth();
+  console.log(`  Claude auth: ${claudeAuth.method === "none" ? "\u2717 not configured" : `\u2713 ${claudeAuth.method}`}`);
+  const auth = loadAuth();
+  console.log(`  Implicit account: ${auth ? `\u2713 ${auth.email}` : "\u2717 not signed in"}`);
+  const config = loadConfig();
+  if (config?.deviceId) console.log(`  Device: ${config.deviceId.slice(0, 8)}...`);
+  console.log("");
+}
+
+// src/cli.ts
+process.on("unhandledRejection", (reason) => {
+  const detail = reason instanceof Error ? reason.stack ?? reason.message : String(reason);
+  console.error(`[unhandledRejection] ${detail}`);
+});
+program.name("implicit").version(version).description("Control Claude Code from your phone with Implicit");
+program.command("connect").description("Connect this machine to Implicit (pairs on first run)").option("-b, --background", "Run without interactive UI (headless mode)").option("-s, --server <url>", "Server URL").option("-t, --token <token>", "Authentication token").option("-n, --name <name>", "Custom device display name").option("--cwd <directory>", "Default working directory for sessions").option("--env <env>", "Environment: production or development", "development").action(connect);
+program.command("login").description("Re-pair with the Implicit app").option("-s, --server <url>", "Server URL").action(login);
+program.command("logout").description("Clear stored credentials").action(logout);
+program.command("status").description("Show connection status").action(status);
+program.action(() => {
+  program.help();
+});
+async function main() {
+  try {
+    await program.parseAsync();
+  } catch (err) {
+    console.error(err instanceof Error ? err.message : String(err));
+    process.exit(1);
+  }
+}
+main();