npm - @kehto/runtime - Versions diffs - 0.1.0 - Mend

@kehto/runtime 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.js ADDED Viewed

@@ -0,0 +1,1492 @@
+// src/enforce.ts
+import { resolveCapabilitiesNub } from "@kehto/acl";
+function createEnforceGate(config) {
+  const { checkAcl, resolveIdentity, onAclCheck } = config;
+  return function enforce(pubkey, capability, message) {
+    const entry = resolveIdentity(pubkey);
+    const dTag = entry?.dTag ?? "";
+    const aggregateHash = entry?.aggregateHash ?? "";
+    const allowed = checkAcl(pubkey, dTag, aggregateHash, capability);
+    const identity = { pubkey, dTag, hash: aggregateHash };
+    const decision = allowed ? "allow" : "deny";
+    if (onAclCheck) {
+      onAclCheck({ identity, capability, decision, message });
+    }
+    return { allowed, capability };
+  };
+}
+function createNubEnforceGate(config) {
+  const { checkAcl, resolveIdentityByWindowId, onAclCheck } = config;
+  return function enforceNub(windowId, capability, message) {
+    const entry = resolveIdentityByWindowId(windowId);
+    const dTag = entry?.dTag ?? "";
+    const aggregateHash = entry?.aggregateHash ?? "";
+    const allowed = checkAcl("", dTag, aggregateHash, capability);
+    const identity = { pubkey: "", dTag, hash: aggregateHash };
+    const decision = allowed ? "allow" : "deny";
+    if (onAclCheck) {
+      onAclCheck({ identity, capability, decision, message });
+    }
+    return { allowed, capability };
+  };
+}
+function formatDenialReason(capability) {
+  return `denied: ${capability}`;
+}
+// src/session-registry.ts
+function createSessionRegistry(notifier) {
+  const byWindowId = /* @__PURE__ */ new Map();
+  const byPubkey = /* @__PURE__ */ new Map();
+  const byWindowIdEntry = /* @__PURE__ */ new Map();
+  const pendingUpdates = /* @__PURE__ */ new Map();
+  return {
+    register(windowId, entry) {
+      byWindowId.set(windowId, entry.pubkey);
+      byPubkey.set(entry.pubkey, entry);
+      byWindowIdEntry.set(windowId, entry);
+    },
+    unregister(windowId) {
+      const pubkey = byWindowId.get(windowId);
+      if (pubkey) {
+        byPubkey.delete(pubkey);
+        byWindowId.delete(windowId);
+      }
+      byWindowIdEntry.delete(windowId);
+      pendingUpdates.delete(windowId);
+    },
+    getPubkey(windowId) {
+      return byWindowId.get(windowId);
+    },
+    getEntry(pubkey) {
+      return byPubkey.get(pubkey);
+    },
+    getWindowId(pubkey) {
+      return byPubkey.get(pubkey)?.windowId;
+    },
+    isRegistered(windowId) {
+      return byWindowId.has(windowId);
+    },
+    getAllEntries() {
+      return Array.from(byPubkey.values());
+    },
+    getInstanceId(windowId) {
+      const pubkey = byWindowId.get(windowId);
+      if (!pubkey) return void 0;
+      return byPubkey.get(pubkey)?.instanceId;
+    },
+    getEntryByWindowId(windowId) {
+      return byWindowIdEntry.get(windowId);
+    },
+    setPendingUpdate(windowId, update) {
+      pendingUpdates.set(windowId, update);
+      notifier?.(windowId);
+    },
+    getPendingUpdate(windowId) {
+      return pendingUpdates.get(windowId);
+    },
+    clearPendingUpdate(windowId) {
+      pendingUpdates.delete(windowId);
+      notifier?.(windowId);
+    },
+    clear() {
+      byWindowId.clear();
+      byPubkey.clear();
+      byWindowIdEntry.clear();
+      pendingUpdates.clear();
+    }
+  };
+}
+var createNappKeyRegistry = createSessionRegistry;
+// src/acl-state.ts
+import {
+  createState,
+  check,
+  grant,
+  revoke,
+  block,
+  unblock,
+  serialize,
+  deserialize,
+  getQuota,
+  CAP_RELAY_READ,
+  CAP_RELAY_WRITE,
+  CAP_CACHE_READ,
+  CAP_CACHE_WRITE,
+  CAP_HOTKEY_FORWARD,
+  CAP_STATE_READ,
+  CAP_STATE_WRITE,
+  CAP_ALL
+} from "@kehto/acl";
+var CAP_IDENTITY_READ = 1 << 5;
+var CAP_KEYS_BIND = 1 << 6;
+var CAP_KEYS_FORWARD = 1 << 7;
+var CAP_MEDIA_CONTROL = 1 << 10;
+var CAP_NOTIFY_SEND = 1 << 11;
+var CAP_NOTIFY_CHANNEL = 1 << 12;
+var CAP_THEME_READ = 1 << 13;
+var CAP_MAP = {
+  "relay:read": CAP_RELAY_READ,
+  "relay:write": CAP_RELAY_WRITE,
+  "cache:read": CAP_CACHE_READ,
+  "cache:write": CAP_CACHE_WRITE,
+  "hotkey:forward": CAP_HOTKEY_FORWARD,
+  "state:read": CAP_STATE_READ,
+  "state:write": CAP_STATE_WRITE,
+  "identity:read": CAP_IDENTITY_READ,
+  "keys:bind": CAP_KEYS_BIND,
+  "keys:forward": CAP_KEYS_FORWARD,
+  "media:control": CAP_MEDIA_CONTROL,
+  "notify:send": CAP_NOTIFY_SEND,
+  "notify:channel": CAP_NOTIFY_CHANNEL,
+  "theme:read": CAP_THEME_READ
+};
+function capToBit(cap) {
+  return CAP_MAP[cap] ?? 0;
+}
+function bitsToCapabilities(bits) {
+  const result = [];
+  for (const [cap, bit] of Object.entries(CAP_MAP)) {
+    if (bits & bit) result.push(cap);
+  }
+  return result;
+}
+function toIdentity(pubkey, dTag, hash) {
+  return { pubkey, dTag, hash };
+}
+function createAclState(persistence, defaultPolicy = "permissive") {
+  let state = createState(defaultPolicy);
+  return {
+    check(pubkey, dTag, aggregateHash, capability) {
+      const id = toIdentity(pubkey, dTag, aggregateHash);
+      return check(state, id, capToBit(capability));
+    },
+    grant(pubkey, dTag, aggregateHash, capability) {
+      const id = toIdentity(pubkey, dTag, aggregateHash);
+      state = grant(state, id, capToBit(capability));
+    },
+    revoke(pubkey, dTag, aggregateHash, capability) {
+      const id = toIdentity(pubkey, dTag, aggregateHash);
+      state = revoke(state, id, capToBit(capability));
+    },
+    block(pubkey, dTag, aggregateHash) {
+      const id = toIdentity(pubkey, dTag, aggregateHash);
+      state = block(state, id);
+    },
+    unblock(pubkey, dTag, aggregateHash) {
+      const id = toIdentity(pubkey, dTag, aggregateHash);
+      state = unblock(state, id);
+    },
+    isBlocked(pubkey, dTag, aggregateHash) {
+      const id = toIdentity(pubkey, dTag, aggregateHash);
+      return !check(state, id, CAP_ALL) && this.getEntry(pubkey, dTag, aggregateHash)?.blocked === true;
+    },
+    getEntry(pubkey, dTag, aggregateHash) {
+      const id = toIdentity(pubkey, dTag, aggregateHash);
+      const key = `${id.dTag}:${id.hash}`;
+      const entry = state.entries[key];
+      if (!entry) return void 0;
+      return {
+        pubkey: pubkey || "",
+        capabilities: bitsToCapabilities(entry.caps),
+        blocked: entry.blocked,
+        stateQuota: entry.quota
+      };
+    },
+    getAllEntries() {
+      return Object.entries(state.entries).map(([key, entry]) => {
+        const parts = key.split(":");
+        return {
+          pubkey: "",
+          capabilities: bitsToCapabilities(entry.caps),
+          blocked: entry.blocked,
+          stateQuota: entry.quota
+        };
+      });
+    },
+    getStateQuota(pubkey, dTag, aggregateHash) {
+      const id = toIdentity(pubkey, dTag, aggregateHash);
+      return getQuota(state, id);
+    },
+    persist() {
+      try {
+        persistence.persist(serialize(state));
+      } catch {
+      }
+    },
+    load() {
+      try {
+        const raw = persistence.load();
+        if (!raw) return;
+        state = deserialize(raw);
+      } catch {
+        state = createState(defaultPolicy);
+      }
+    },
+    clear() {
+      state = createState(defaultPolicy);
+      try {
+        persistence.persist("");
+      } catch {
+      }
+    }
+  };
+}
+// src/manifest-cache.ts
+function createManifestCache(persistence) {
+  const cache = /* @__PURE__ */ new Map();
+  const verificationCache = /* @__PURE__ */ new Map();
+  function cacheKey(pubkey, dTag) {
+    return `${pubkey}:${dTag}`;
+  }
+  const self = {
+    get(pubkey, dTag) {
+      return cache.get(cacheKey(pubkey, dTag));
+    },
+    set(entry) {
+      cache.set(cacheKey(entry.pubkey, entry.dTag), entry);
+      self.persist();
+    },
+    has(pubkey, dTag, hash) {
+      const entry = cache.get(cacheKey(pubkey, dTag));
+      return !!entry && entry.aggregateHash === hash;
+    },
+    getRequires(pubkey, dTag) {
+      const entry = cache.get(cacheKey(pubkey, dTag));
+      return entry?.requires ?? [];
+    },
+    remove(pubkey, dTag) {
+      cache.delete(cacheKey(pubkey, dTag));
+      self.persist();
+    },
+    load() {
+      try {
+        const raw = persistence.load();
+        if (!raw) return;
+        const entries = JSON.parse(raw);
+        cache.clear();
+        for (const [key, val] of entries) cache.set(key, val);
+      } catch {
+        cache.clear();
+      }
+    },
+    persist() {
+      try {
+        persistence.persist(JSON.stringify(Array.from(cache.entries())));
+      } catch {
+      }
+    },
+    clear() {
+      cache.clear();
+      verificationCache.clear();
+      try {
+        persistence.persist("");
+      } catch {
+      }
+    },
+    getVerification(eventId) {
+      return verificationCache.get(eventId);
+    },
+    setVerification(eventId, result) {
+      verificationCache.set(eventId, result);
+    },
+    hasVerification(eventId) {
+      return verificationCache.has(eventId);
+    },
+    clearVerifications() {
+      verificationCache.clear();
+    }
+  };
+  return self;
+}
+// src/replay.ts
+var REPLAY_WINDOW_SECONDS = 30;
+function createReplayDetector(getReplayWindow) {
+  const seenEventIds = /* @__PURE__ */ new Map();
+  return {
+    check(event) {
+      const replayWindow = getReplayWindow?.() ?? REPLAY_WINDOW_SECONDS;
+      const now = Math.floor(Date.now() / 1e3);
+      if (now - event.created_at > replayWindow) return "invalid: event created_at too old";
+      if (event.created_at - now > 10) return "invalid: event created_at in the future";
+      if (seenEventIds.has(event.id)) return "duplicate: already processed";
+      seenEventIds.set(event.id, now);
+      for (const [id, timestamp] of seenEventIds) {
+        if (now - timestamp > replayWindow) seenEventIds.delete(id);
+      }
+      return null;
+    },
+    clear() {
+      seenEventIds.clear();
+    }
+  };
+}
+// src/event-buffer.ts
+var RING_BUFFER_SIZE = 100;
+function matchesFilter(event, filter) {
+  if (filter.ids !== void 0 && !filter.ids.some((id) => event.id.startsWith(id))) return false;
+  if (filter.authors !== void 0 && !filter.authors.some((a) => event.pubkey.startsWith(a))) return false;
+  if (filter.kinds !== void 0 && !filter.kinds.includes(event.kind)) return false;
+  if (filter.since !== void 0 && event.created_at < filter.since) return false;
+  if (filter.until !== void 0 && event.created_at > filter.until) return false;
+  for (const [key, values] of Object.entries(filter)) {
+    if (!key.startsWith("#") || values === void 0) continue;
+    const tagName = key.slice(1);
+    const tagValues = values;
+    const eventTagValues = event.tags.filter((t) => t[0] === tagName).map((t) => t[1]);
+    if (!tagValues.some((v) => eventTagValues.includes(v))) return false;
+  }
+  return true;
+}
+function matchesAnyFilter(event, filters) {
+  if (filters.length === 0) return true;
+  return filters.some((filter) => matchesFilter(event, filter));
+}
+function createEventBuffer(sendToNapplet, sessionRegistry, enforce, subscriptions, getBufferSize) {
+  const buffer = [];
+  function deliverToSubscriptions(event, senderId) {
+    const pTag = event.tags?.find((t) => t[0] === "p");
+    const targetPubkey = pTag?.[1];
+    for (const [subKey, sub] of subscriptions) {
+      if (senderId !== null && sub.windowId === senderId) continue;
+      const recipientPubkey = sessionRegistry.getPubkey(sub.windowId);
+      if (recipientPubkey) {
+        const recipientResult = enforce(recipientPubkey, "relay:read", ["EVENT", event]);
+        if (!recipientResult.allowed) continue;
+      }
+      if (targetPubkey) {
+        const subPubkey = recipientPubkey;
+        if (subPubkey !== targetPubkey) continue;
+      }
+      if (!matchesAnyFilter(event, sub.filters)) continue;
+      const prefix = `${sub.windowId}:`;
+      if (!subKey.startsWith(prefix)) continue;
+      const subId = subKey.slice(prefix.length);
+      sendToNapplet(sub.windowId, ["EVENT", subId, event]);
+    }
+  }
+  return {
+    bufferAndDeliver(event, senderId) {
+      const maxSize = getBufferSize?.() ?? RING_BUFFER_SIZE;
+      if (buffer.length >= maxSize) buffer.shift();
+      buffer.push(event);
+      deliverToSubscriptions(event, senderId);
+    },
+    deliverToSubscriptions,
+    getSubscriptions() {
+      return subscriptions;
+    },
+    getBufferedEvents() {
+      return buffer;
+    },
+    clear() {
+      buffer.length = 0;
+    }
+  };
+}
+// src/runtime.ts
+import { createDispatch } from "@napplet/core";
+import { ALL_CAPABILITIES } from "@kehto/acl/capabilities";
+// src/service-dispatch.ts
+function routeServiceMessage(windowId, message, services, sendToNapplet) {
+  const send = (msg) => sendToNapplet(windowId, msg);
+  const domain = message.type.split(".")[0];
+  const handler = services[domain];
+  if (handler) {
+    handler.handleMessage(windowId, message, send);
+    return true;
+  }
+  if (message.type === "ifc.emit" && typeof message.topic === "string") {
+    const prefix = message.topic.split(":")[0];
+    const ifcHandler = services[prefix];
+    if (ifcHandler) {
+      ifcHandler.handleMessage(windowId, message, send);
+      return true;
+    }
+  }
+  return false;
+}
+function notifyServiceWindowDestroyed(windowId, services) {
+  for (const handler of Object.values(services)) {
+    try {
+      handler.onWindowDestroyed?.(windowId);
+    } catch {
+    }
+  }
+}
+// src/state-handler.ts
+function scopedKey(dTag, aggregateHash, userKey) {
+  return `napplet-state:${dTag}:${aggregateHash}:${userKey}`;
+}
+function legacyScopedKey(pubkey, dTag, aggregateHash, userKey) {
+  return `napplet-state:${pubkey}:${dTag}:${aggregateHash}:${userKey}`;
+}
+function byteLength(str) {
+  let bytes = 0;
+  for (let i = 0; i < str.length; i++) {
+    const c = str.charCodeAt(i);
+    if (c < 128) bytes += 1;
+    else if (c < 2048) bytes += 2;
+    else if (c < 55296 || c >= 57344) bytes += 3;
+    else {
+      i++;
+      bytes += 4;
+    }
+  }
+  return bytes;
+}
+function handleStorageNub(windowId, msg, sendToNapplet, sessionRegistry, aclState, statePersistence) {
+  const m = msg;
+  const id = m.id ?? "";
+  const action = msg.type.split(".")[1];
+  function sendResult(payload) {
+    sendToNapplet(windowId, { type: `${msg.type}.result`, id, ...payload });
+  }
+  function sendErrorNub(error) {
+    sendToNapplet(windowId, { type: `${msg.type}.error`, id, error });
+  }
+  const entry = sessionRegistry.getEntryByWindowId(windowId);
+  if (!entry) {
+    sendErrorNub("not registered");
+    return;
+  }
+  const { dTag, aggregateHash, pubkey } = entry;
+  const prefix = `napplet-state:${dTag}:${aggregateHash}:`;
+  const legacyPrefix = pubkey ? `napplet-state:${pubkey}:${dTag}:${aggregateHash}:` : "";
+  switch (action) {
+    case "get": {
+      const key = m.key;
+      if (!key) {
+        sendErrorNub("missing key");
+        return;
+      }
+      const newKey = scopedKey(dTag, aggregateHash, key);
+      let result = statePersistence.get(newKey);
+      if (result === null && pubkey) {
+        result = statePersistence.get(legacyScopedKey(pubkey, dTag, aggregateHash, key));
+      }
+      if (result === null && pubkey) {
+        result = statePersistence.get(`napp-state:${pubkey}:${dTag}:${aggregateHash}:${key}`);
+      }
+      sendResult({ value: result });
+      break;
+    }
+    case "set": {
+      const key = m.key;
+      const value = m.value ?? "";
+      if (!key) {
+        sendErrorNub("missing key");
+        return;
+      }
+      const quota = aclState.getStateQuota(pubkey ?? "", dTag, aggregateHash);
+      const sk = scopedKey(dTag, aggregateHash, key);
+      const newWriteBytes = byteLength(sk + value);
+      const existingBytes = statePersistence.calculateBytes(prefix, key);
+      if (existingBytes + newWriteBytes > quota) {
+        sendErrorNub(`quota exceeded: napplet state limit is ${quota} bytes`);
+        return;
+      }
+      const success = statePersistence.set(sk, value);
+      sendResult({ ok: success });
+      break;
+    }
+    case "remove": {
+      const key = m.key;
+      if (!key) {
+        sendErrorNub("missing key");
+        return;
+      }
+      statePersistence.remove(scopedKey(dTag, aggregateHash, key));
+      void legacyPrefix;
+      sendResult({ ok: true });
+      break;
+    }
+    case "clear": {
+      sendErrorNub("storage.clear is not in @napplet/nub-storage; action not supported");
+      break;
+    }
+    case "keys": {
+      const newKeys = statePersistence.keys(prefix);
+      const legacyKeys = legacyPrefix ? statePersistence.keys(legacyPrefix) : [];
+      const userKeySet = /* @__PURE__ */ new Set();
+      for (const k of newKeys) userKeySet.add(k.startsWith(prefix) ? k.slice(prefix.length) : k);
+      for (const k of legacyKeys) userKeySet.add(k.startsWith(legacyPrefix) ? k.slice(legacyPrefix.length) : k);
+      sendResult({ keys: Array.from(userKeySet) });
+      break;
+    }
+    default:
+      sendErrorNub(`unknown storage action: ${action}`);
+      break;
+  }
+}
+function cleanupNappState(pubkey, dTag, aggregateHash, statePersistence) {
+  const prefix = `napplet-state:${dTag}:${aggregateHash}:`;
+  statePersistence.clear(prefix);
+  const legacyPrefix = `napplet-state:${pubkey}:${dTag}:${aggregateHash}:`;
+  statePersistence.clear(legacyPrefix);
+}
+// src/runtime.ts
+function createRuntime(hooks) {
+  const subscriptions = /* @__PURE__ */ new Map();
+  const ifcSubscriptions = /* @__PURE__ */ new Map();
+  const ifcChannels = /* @__PURE__ */ new Map();
+  const ifcChannelsByWindow = /* @__PURE__ */ new Map();
+  let _consentHandler = null;
+  const serviceRegistry = { ...hooks.services ?? {} };
+  const registeredServices = /* @__PURE__ */ new Map();
+  for (const [name, handler] of Object.entries(serviceRegistry)) {
+    registeredServices.set(name, {
+      name: handler.descriptor.name,
+      version: handler.descriptor.version,
+      description: handler.descriptor.description
+    });
+  }
+  const undeclaredServiceConsents = /* @__PURE__ */ new Set();
+  const sessionRegistry = createSessionRegistry(hooks.onPendingUpdate);
+  const aclState = createAclState(hooks.aclPersistence);
+  const manifestCache = createManifestCache(hooks.manifestPersistence);
+  const replayDetector = createReplayDetector(
+    hooks.getConfigOverrides ? () => hooks.getConfigOverrides().replayWindowSeconds : void 0
+  );
+  const enforce = createEnforceGate({
+    checkAcl: (pubkey, dTag, aggregateHash, capability) => aclState.check(pubkey, dTag, aggregateHash, capability),
+    resolveIdentity: (pubkey) => {
+      const entry = sessionRegistry.getEntry(pubkey);
+      return entry ? { dTag: entry.dTag, aggregateHash: entry.aggregateHash } : void 0;
+    },
+    onAclCheck: hooks.onAclCheck
+  });
+  const enforceNub = createNubEnforceGate({
+    checkAcl: (pubkey, dTag, aggregateHash, capability) => aclState.check(pubkey, dTag, aggregateHash, capability),
+    resolveIdentityByWindowId: (windowId) => {
+      const entry = sessionRegistry.getEntryByWindowId(windowId);
+      return entry ? { dTag: entry.dTag, aggregateHash: entry.aggregateHash } : void 0;
+    },
+    onAclCheck: hooks.onAclCheck
+  });
+  const eventBuffer = createEventBuffer(
+    hooks.sendToNapplet,
+    sessionRegistry,
+    enforce,
+    subscriptions,
+    hooks.getConfigOverrides ? () => hooks.getConfigOverrides().ringBufferSize ?? RING_BUFFER_SIZE : void 0
+  );
+  aclState.load();
+  manifestCache.load();
+  function checkCompatibility(requires, windowId, eventId) {
+    if (requires.length === 0) return true;
+    const available = Array.from(registeredServices.values());
+    const registeredNames = new Set(registeredServices.keys());
+    const missing = requires.filter((name) => !registeredNames.has(name));
+    const compatible = missing.length === 0;
+    if (!compatible) {
+      const report = { available, missing, compatible };
+      hooks.onCompatibilityIssue?.(report);
+      if (hooks.strictMode) {
+        hooks.sendToNapplet(windowId, [
+          "OK",
+          eventId,
+          false,
+          `blocked: missing required services: ${missing.join(", ")}`
+        ]);
+        return false;
+      }
+    }
+    return true;
+  }
+  function checkUndeclaredService(windowId, pubkey, serviceName, event, onApproved) {
+    if (!registeredServices.has(serviceName)) return true;
+    const nappletPubkey = sessionRegistry.getPubkey(windowId);
+    if (!nappletPubkey) return true;
+    const nappletEntry = sessionRegistry.getEntry(nappletPubkey);
+    if (!nappletEntry) return true;
+    const requires = manifestCache.getRequires(nappletEntry.pubkey, nappletEntry.dTag);
+    if (requires.includes(serviceName)) return true;
+    const consentKey = `${windowId}:${serviceName}`;
+    if (undeclaredServiceConsents.has(consentKey)) return true;
+    if (_consentHandler) {
+      _consentHandler({
+        type: "undeclared-service",
+        windowId,
+        pubkey,
+        event,
+        serviceName,
+        resolve: (allowed) => {
+          if (allowed) {
+            undeclaredServiceConsents.add(consentKey);
+            onApproved();
+          }
+        }
+      });
+      return false;
+    }
+    return false;
+  }
+  function handleHotkeyForward(event) {
+    const keyData = {
+      key: event.tags?.find((t) => t[0] === "key")?.[1] ?? "",
+      code: event.tags?.find((t) => t[0] === "code")?.[1] ?? "",
+      ctrlKey: event.tags?.find((t) => t[0] === "ctrl")?.[1] === "1",
+      altKey: event.tags?.find((t) => t[0] === "alt")?.[1] === "1",
+      shiftKey: event.tags?.find((t) => t[0] === "shift")?.[1] === "1",
+      metaKey: event.tags?.find((t) => t[0] === "meta")?.[1] === "1"
+    };
+    hooks.hotkeys.executeHotkeyFromForward(keyData);
+  }
+  function handleShellCommand(event, windowId, topic) {
+    function sendOk(success, reason) {
+      hooks.sendToNapplet(windowId, ["OK", event.id, success, reason]);
+    }
+    function sendInterPaneReply(replyTopic, content) {
+      const responseEvent = {
+        kind: 29e3,
+        // IPC_PEER — inlined numeric after Phase 24 shim deletion
+        pubkey: "",
+        created_at: Math.floor(Date.now() / 1e3),
+        tags: [["t", replyTopic]],
+        content,
+        id: "",
+        sig: ""
+      };
+      hooks.sendToNapplet(windowId, ["EVENT", "__shell__", responseEvent]);
+      sendOk(true, "");
+    }
+    switch (topic) {
+      case "shell:acl-get": {
+        const aclEntries = aclState.getAllEntries();
+        const nappletEntries = sessionRegistry.getAllEntries();
+        const nappletInfoMap = {};
+        for (const e of nappletEntries) nappletInfoMap[e.pubkey] = { type: e.type, registeredAt: e.registeredAt };
+        const merged = [...aclEntries];
+        for (const e of nappletEntries) {
+          if (!merged.find((a) => a.pubkey === e.pubkey)) {
+            merged.push({ pubkey: e.pubkey, capabilities: [...ALL_CAPABILITIES], blocked: false });
+          }
+        }
+        const display = merged.map((e) => ({
+          ...e,
+          type: nappletInfoMap[e.pubkey]?.type ?? "unknown",
+          registeredAt: nappletInfoMap[e.pubkey]?.registeredAt ?? 0
+        }));
+        sendInterPaneReply("shell:acl-current", JSON.stringify({ entries: display }));
+        break;
+      }
+      case "shell:acl-revoke":
+      case "shell:acl-grant":
+      case "shell:acl-block":
+      case "shell:acl-unblock": {
+        const pk = event.tags?.find((t) => t[0] === "pubkey")?.[1];
+        const cap = event.tags?.find((t) => t[0] === "cap")?.[1];
+        if (!pk) {
+          sendOk(false, "error: missing pubkey tag");
+          break;
+        }
+        const ne = sessionRegistry.getEntry(pk);
+        if (topic === "shell:acl-revoke" && cap) aclState.revoke(pk, ne?.dTag ?? "", ne?.aggregateHash ?? "", cap);
+        else if (topic === "shell:acl-grant" && cap) aclState.grant(pk, ne?.dTag ?? "", ne?.aggregateHash ?? "", cap);
+        else if (topic === "shell:acl-block") aclState.block(pk, ne?.dTag ?? "", ne?.aggregateHash ?? "");
+        else if (topic === "shell:acl-unblock") aclState.unblock(pk, ne?.dTag ?? "", ne?.aggregateHash ?? "");
+        aclState.persist();
+        const ae = aclState.getEntry(pk, ne?.dTag ?? "", ne?.aggregateHash ?? "");
+        sendInterPaneReply("shell:acl-current", JSON.stringify({ entries: ae ? [ae] : [] }));
+        break;
+      }
+      case "shell:relay-get":
+        sendInterPaneReply("shell:relay-current", JSON.stringify(hooks.relayConfig.getRelayConfig()));
+        break;
+      case "shell:relay-add": {
+        const tier = event.tags?.find((t) => t[0] === "tier")?.[1];
+        const url = event.tags?.find((t) => t[0] === "url")?.[1];
+        if (tier && url) {
+          hooks.relayConfig.addRelay(tier, url);
+          sendInterPaneReply("shell:relay-current", JSON.stringify(hooks.relayConfig.getRelayConfig()));
+        } else sendOk(false, "error: missing tier/url");
+        break;
+      }
+      case "shell:relay-remove": {
+        const tier = event.tags?.find((t) => t[0] === "tier")?.[1];
+        const url = event.tags?.find((t) => t[0] === "url")?.[1];
+        if (tier && url) {
+          hooks.relayConfig.removeRelay(tier, url);
+          sendInterPaneReply("shell:relay-current", JSON.stringify(hooks.relayConfig.getRelayConfig()));
+        } else sendOk(false, "error: missing tier/url");
+        break;
+      }
+      case "shell:relay-nip66":
+        sendInterPaneReply("shell:relay-nip66-data", JSON.stringify(hooks.relayConfig.getNip66Suggestions()));
+        break;
+      case "shell:relay-scoped-connect": {
+        const url = event.tags?.find((t) => t[0] === "url")?.[1];
+        const subId = event.tags?.find((t) => t[0] === "sub-id")?.[1];
+        const filtersTag = event.tags?.find((t) => t[0] === "filters")?.[1];
+        if (!url || !subId || !filtersTag) {
+          sendOk(false, "error: missing tags");
+          break;
+        }
+        try {
+          const filters = JSON.parse(filtersTag);
+          hooks.relayPool?.openScopedRelay(windowId, url, subId, filters, hooks.sendToNapplet);
+          sendOk(true, "");
+        } catch {
+          sendOk(false, "error: invalid filters");
+        }
+        break;
+      }
+      case "shell:relay-scoped-close":
+        hooks.relayPool?.closeScopedRelay(windowId);
+        sendOk(true, "");
+        break;
+      case "shell:relay-scoped-publish": {
+        const et = event.tags?.find((t) => t[0] === "event")?.[1];
+        if (!et) {
+          sendOk(false, "error: missing event tag");
+          break;
+        }
+        try {
+          const signed = JSON.parse(et);
+          const ok = hooks.relayPool?.publishToScopedRelay(windowId, signed) ?? false;
+          sendOk(ok, ok ? "" : "error: no active scoped relay");
+        } catch {
+          sendOk(false, "error: invalid event JSON");
+        }
+        break;
+      }
+      case "shell:create-window": {
+        try {
+          const payload = JSON.parse(event.content);
+          if (!payload.title || !payload.class) {
+            sendOk(false, "error: requires title and class");
+            break;
+          }
+          const id = hooks.windowManager.createWindow({ title: payload.title, class: payload.class, iframeSrc: payload.iframeSrc });
+          sendOk(!!id, id ? "" : "error: window creation failed");
+        } catch {
+          sendOk(false, "error: invalid JSON");
+        }
+        break;
+      }
+      case "shell:send-dm": {
+        if (hooks.dm) {
+          const corrId = event.tags?.find((t) => t[0] === "id")?.[1] ?? "";
+          const recipient = event.tags?.find((t) => t[0] === "p")?.[1];
+          let message;
+          try {
+            message = JSON.parse(event.content).message;
+          } catch {
+          }
+          if (!recipient || !message) {
+            sendOk(false, "error: missing recipient or message");
+            break;
+          }
+          hooks.dm.sendDm(recipient, message).then((result) => {
+            const payload = result.success ? { success: true, ...result.eventId ? { eventId: result.eventId } : {} } : { success: false, error: result.error ?? "unknown error" };
+            const response = {
+              kind: 29e3,
+              // IPC_PEER — inlined numeric after Phase 24 shim deletion
+              pubkey: "",
+              created_at: Math.floor(Date.now() / 1e3),
+              tags: [["t", "shell:send-dm-result"], ["id", corrId]],
+              content: JSON.stringify(payload),
+              id: "",
+              sig: ""
+            };
+            hooks.sendToNapplet(windowId, ["EVENT", "__shell__", response]);
+            sendOk(result.success, result.success ? "" : `error: ${result.error}`);
+          }).catch(() => {
+            sendOk(false, "error: DM send failed");
+          });
+        } else sendOk(false, "error: DM hooks not configured");
+        break;
+      }
+      default:
+        sendOk(true, "");
+        break;
+    }
+  }
+  function handleRelayMessage(windowId, msg) {
+    const m = msg;
+    const dotIdx = msg.type.indexOf(".");
+    const action = msg.type.slice(dotIdx + 1);
+    switch (action) {
+      case "subscribe": {
+        let deliver2 = function(event) {
+          if (seenIds.has(event.id)) return;
+          seenIds.add(event.id);
+          if (subscriptions.has(subKey)) {
+            hooks.sendToNapplet(windowId, { type: "relay.event", subId, event });
+          }
+        };
+        var deliver = deliver2;
+        const subId = m.subId ?? "";
+        const filters = m.filters ?? [];
+        if (!subId) return;
+        const subKey = `${windowId}:${subId}`;
+        subscriptions.set(subKey, { windowId, filters });
+        const seenIds = /* @__PURE__ */ new Set();
+        for (const bufferedEvent of eventBuffer.getBufferedEvents()) {
+          if (matchesAnyFilter(bufferedEvent, filters)) deliver2(bufferedEvent);
+        }
+        const isShellKind = filters.length > 0 && filters.every((f) => f.kinds?.every((k) => k >= 29e3 && k < 3e4));
+        if (!isShellKind) {
+          const relayService = serviceRegistry["relay"] ?? serviceRegistry["relay-pool"];
+          const cacheService = !serviceRegistry["relay"] ? serviceRegistry["cache"] : void 0;
+          if (relayService) {
+            relayService.handleMessage(windowId, msg, (resp) => {
+              if (!subscriptions.has(subKey)) return;
+              hooks.sendToNapplet(windowId, resp);
+            });
+            if (cacheService) cacheService.handleMessage(windowId, msg, (resp) => {
+              if (!subscriptions.has(subKey)) return;
+              hooks.sendToNapplet(windowId, resp);
+            });
+            return;
+          }
+        }
+        const cache = hooks.cache;
+        if (cache?.isAvailable() && !isShellKind) {
+          cache.query(filters).then((cachedEvents) => {
+            for (const event of cachedEvents) deliver2(event);
+          }).catch(() => {
+          });
+        }
+        const pool = hooks.relayPool;
+        if (pool?.isAvailable() && !isShellKind) {
+          const relayUrls = pool.selectRelayTier(filters);
+          let eoseSent = false;
+          const eoseFallbackTimer = setTimeout(() => {
+            if (!eoseSent) {
+              eoseSent = true;
+              hooks.sendToNapplet(windowId, { type: "relay.eose", subId });
+            }
+          }, 15e3);
+          const subscription = pool.subscribe(filters, (item) => {
+            if (item === "EOSE") {
+              clearTimeout(eoseFallbackTimer);
+              if (!eoseSent) {
+                eoseSent = true;
+                hooks.sendToNapplet(windowId, { type: "relay.eose", subId });
+              }
+              return;
+            }
+            deliver2(item);
+            if (cache?.isAvailable() && !isShellKind) {
+              try {
+                cache.store(item);
+              } catch {
+              }
+            }
+          }, relayUrls);
+          pool.trackSubscription(subKey, () => {
+            clearTimeout(eoseFallbackTimer);
+            subscription.unsubscribe();
+          });
+        } else if (!isShellKind) {
+          hooks.sendToNapplet(windowId, { type: "relay.eose", subId });
+        }
+        break;
+      }
+      case "close": {
+        const subId = m.subId ?? "";
+        if (!subId) return;
+        const subKey = `${windowId}:${subId}`;
+        subscriptions.delete(subKey);
+        const relayService = serviceRegistry["relay"] ?? serviceRegistry["relay-pool"];
+        if (relayService) {
+          relayService.handleMessage(windowId, msg, () => {
+          });
+        }
+        hooks.relayPool?.untrackSubscription(subKey);
+        hooks.sendToNapplet(windowId, { type: "relay.closed", subId, message: "" });
+        break;
+      }
+      case "publish": {
+        const event = m.event;
+        const id = m.id ?? "";
+        if (!event || typeof event !== "object") {
+          hooks.sendToNapplet(windowId, { type: "relay.publish.error", id, error: "invalid event" });
+          return;
+        }
+        const replayResult = replayDetector.check(event);
+        if (replayResult !== null) {
+          hooks.sendToNapplet(windowId, { type: "relay.publish.result", id, accepted: false, message: replayResult });
+          return;
+        }
+        const relayService = serviceRegistry["relay"] ?? serviceRegistry["relay-pool"];
+        if (relayService) {
+          relayService.handleMessage(windowId, msg, (resp) => {
+            hooks.sendToNapplet(windowId, resp);
+          });
+        } else if (hooks.relayPool?.isAvailable()) {
+          hooks.relayPool.publish(event);
+          hooks.sendToNapplet(windowId, { type: "relay.publish.result", id, accepted: true });
+        } else {
+          hooks.sendToNapplet(windowId, { type: "relay.publish.result", id, accepted: false, message: "no relay pool available" });
+        }
+        eventBuffer.bufferAndDeliver(event, windowId);
+        break;
+      }
+      // Shell-mediated encryption path (NUB-08 / SH-C03). Napplets hand the
+      // shell a plaintext EventTemplate plus a recipient pubkey; the shell
+      // encrypts via its own signer (nip44 default, nip04 opt-in), signs,
+      // publishes, and returns a relay.publishEncrypted.result. The signer's
+      // nip04/nip44 primitives are SHELL-INTERNAL — no napplet-visible
+      // message surface reaches them (SignerProxy was deleted in Plan 12-01).
+      case "publishEncrypted": {
+        let replyPe2 = function(ok, extra = {}) {
+          hooks.sendToNapplet(windowId, {
+            type: "relay.publishEncrypted.result",
+            id,
+            ok,
+            ...extra
+          });
+        };
+        var replyPe = replyPe2;
+        const id = m.id ?? "";
+        const eventTemplate = m.event;
+        const peMsg = msg;
+        const recipient = peMsg.recipient ?? "";
+        const encryption = peMsg.encryption ?? "nip44";
+        if (!recipient) {
+          replyPe2(false, { error: "missing recipient" });
+          break;
+        }
+        if (encryption !== "nip44" && encryption !== "nip04") {
+          replyPe2(false, { error: `unsupported encryption scheme: ${encryption}` });
+          break;
+        }
+        const peSigner = hooks.auth.getSigner();
+        if (!peSigner) {
+          replyPe2(false, { error: "no signer configured" });
+          break;
+        }
+        if (!eventTemplate || typeof eventTemplate !== "object") {
+          replyPe2(false, { error: "invalid event template" });
+          break;
+        }
+        (async () => {
+          try {
+            const plaintext = String(eventTemplate.content ?? "");
+            const ciphertext = encryption === "nip44" ? await peSigner.nip44?.encrypt(recipient, plaintext) ?? "" : await peSigner.nip04?.encrypt(recipient, plaintext) ?? "";
+            const eventWithCiphertext = { ...eventTemplate, content: ciphertext };
+            const signed = await peSigner.signEvent?.(eventWithCiphertext);
+            if (!signed) {
+              replyPe2(false, { error: "signEvent returned null" });
+              return;
+            }
+            const relayService = serviceRegistry["relay"] ?? serviceRegistry["relay-pool"];
+            if (relayService) {
+              const publishMsg = { type: "relay.publish", id, event: signed };
+              let replied = false;
+              relayService.handleMessage(windowId, publishMsg, (resp) => {
+                if (replied) return;
+                const r = resp;
+                if (typeof r.type === "string" && r.type.startsWith("relay.publish")) {
+                  const okVal = r.ok ?? r.accepted ?? false;
+                  replied = true;
+                  replyPe2(okVal, {
+                    event: signed,
+                    eventId: signed.id,
+                    ...okVal ? {} : { error: r.error ?? r.message ?? "publish failed" }
+                  });
+                }
+              });
+              if (!replied) {
+                replied = true;
+                replyPe2(true, { event: signed, eventId: signed.id });
+              }
+            } else if (hooks.relayPool?.isAvailable()) {
+              hooks.relayPool.publish(signed);
+              replyPe2(true, { event: signed, eventId: signed.id });
+            } else {
+              replyPe2(false, { error: "no relay pool available" });
+            }
+            try {
+              eventBuffer.bufferAndDeliver(signed, windowId);
+            } catch {
+            }
+          } catch (err) {
+            replyPe2(false, { error: err?.message ?? "encryption failed" });
+          }
+        })();
+        break;
+      }
+      case "query": {
+        const id = m.id ?? "";
+        const filters = m.filters ?? [];
+        let count = 0;
+        for (const event of eventBuffer.getBufferedEvents()) {
+          if (matchesAnyFilter(event, filters)) count++;
+        }
+        hooks.sendToNapplet(windowId, { type: "relay.query.result", id, count });
+        break;
+      }
+      default:
+        break;
+    }
+  }
+  function handleIdentityMessage(windowId, msg) {
+    const identityService = serviceRegistry["identity"];
+    if (identityService) {
+      identityService.handleMessage(windowId, msg, (resp) => {
+        hooks.sendToNapplet(windowId, resp);
+      });
+      return;
+    }
+    const id = msg.id ?? "";
+    const action = msg.type.slice("identity.".length);
+    const signer = hooks.auth.getSigner();
+    function sendError(error) {
+      hooks.sendToNapplet(windowId, { type: `${msg.type}.error`, id, error });
+    }
+    function sendResult(payload) {
+      hooks.sendToNapplet(windowId, { type: `${msg.type}.result`, id, ...payload });
+    }
+    switch (action) {
+      case "getPublicKey": {
+        if (!signer) {
+          sendError("no signer configured");
+          return;
+        }
+        Promise.resolve(signer.getPublicKey?.()).then((pubkey) => sendResult({ pubkey })).catch((err) => sendError(err?.message ?? "getPublicKey failed"));
+        return;
+      }
+      case "getRelays": {
+        if (!signer) {
+          sendError("no signer configured");
+          return;
+        }
+        Promise.resolve(signer.getRelays?.() ?? {}).then((relays) => sendResult({ relays })).catch((err) => sendError(err?.message ?? "getRelays failed"));
+        return;
+      }
+      case "getProfile":
+        sendResult({ profile: null });
+        return;
+      case "getFollows":
+        sendResult({ pubkeys: [] });
+        return;
+      case "getList":
+        sendResult({ entries: [] });
+        return;
+      case "getZaps":
+        sendResult({ zaps: [] });
+        return;
+      case "getMutes":
+        sendResult({ pubkeys: [] });
+        return;
+      case "getBlocked":
+        sendResult({ pubkeys: [] });
+        return;
+      case "getBadges":
+        sendResult({ badges: [] });
+        return;
+      default:
+        sendError(`Unknown identity action: ${action}`);
+    }
+  }
+  function handleStorageMessage(windowId, msg) {
+    handleStorageNub(windowId, msg, hooks.sendToNapplet, sessionRegistry, aclState, hooks.statePersistence);
+  }
+  function ifcAddChannel(channelId, peerA, peerB) {
+    ifcChannels.set(channelId, { channelId, peerA, peerB });
+    for (const w of [peerA, peerB]) {
+      let set = ifcChannelsByWindow.get(w);
+      if (!set) {
+        set = /* @__PURE__ */ new Set();
+        ifcChannelsByWindow.set(w, set);
+      }
+      set.add(channelId);
+    }
+  }
+  function ifcRemoveChannel(channelId) {
+    const ch = ifcChannels.get(channelId);
+    if (!ch) return;
+    ifcChannels.delete(channelId);
+    for (const w of [ch.peerA, ch.peerB]) {
+      const set = ifcChannelsByWindow.get(w);
+      if (set) {
+        set.delete(channelId);
+        if (set.size === 0) ifcChannelsByWindow.delete(w);
+      }
+    }
+  }
+  function ifcPeerOf(channelId, self) {
+    const ch = ifcChannels.get(channelId);
+    if (!ch) return null;
+    if (ch.peerA === self) return ch.peerB;
+    if (ch.peerB === self) return ch.peerA;
+    return null;
+  }
+  function ifcGenerateChannelId() {
+    return hooks.crypto.randomUUID().replace(/-/g, "").slice(0, 32);
+  }
+  function ifcResolveTarget(target) {
+    if (sessionRegistry.getEntryByWindowId(target)) return target;
+    const entries = sessionRegistry.getAllEntries();
+    const byPubkey = entries.find((e) => e.pubkey === target);
+    return byPubkey?.windowId ?? null;
+  }
+  function handleIfcMessage(windowId, msg) {
+    const m = msg;
+    const dotIdx = msg.type.indexOf(".");
+    const action = msg.type.slice(dotIdx + 1);
+    switch (action) {
+      case "emit": {
+        const topic = m.topic ?? "";
+        const payload = m.payload;
+        if (!topic) return;
+        const subscribers = ifcSubscriptions.get(topic);
+        if (subscribers) {
+          for (const subscriberWindowId of subscribers) {
+            if (subscriberWindowId === windowId) continue;
+            hooks.sendToNapplet(subscriberWindowId, { type: "ifc.event", topic, payload, sender: windowId });
+          }
+        }
+        return;
+      }
+      case "subscribe": {
+        const id = m.id ?? "";
+        const topic = m.topic ?? "";
+        if (!topic) {
+          hooks.sendToNapplet(windowId, { type: "ifc.subscribe.result", id, error: "missing topic" });
+          return;
+        }
+        let subs = ifcSubscriptions.get(topic);
+        if (!subs) {
+          subs = /* @__PURE__ */ new Set();
+          ifcSubscriptions.set(topic, subs);
+        }
+        subs.add(windowId);
+        hooks.sendToNapplet(windowId, { type: "ifc.subscribe.result", id });
+        return;
+      }
+      case "unsubscribe": {
+        const topic = m.topic ?? "";
+        if (!topic) return;
+        const subs = ifcSubscriptions.get(topic);
+        if (subs) {
+          subs.delete(windowId);
+          if (subs.size === 0) ifcSubscriptions.delete(topic);
+        }
+        return;
+      }
+      case "channel.open": {
+        const id = m.id ?? "";
+        const target = m.target ?? "";
+        const peerWindow = ifcResolveTarget(target);
+        if (!peerWindow) {
+          hooks.sendToNapplet(windowId, { type: "ifc.channel.open.result", id, error: "target not found" });
+          return;
+        }
+        const channelId = ifcGenerateChannelId();
+        ifcAddChannel(channelId, windowId, peerWindow);
+        hooks.sendToNapplet(windowId, { type: "ifc.channel.open.result", id, channelId, peer: peerWindow });
+        return;
+      }
+      case "channel.emit": {
+        const channelId = m.channelId ?? "";
+        const peer = ifcPeerOf(channelId, windowId);
+        if (!peer) return;
+        hooks.sendToNapplet(peer, { type: "ifc.channel.event", channelId, sender: windowId, payload: m.payload });
+        return;
+      }
+      case "channel.broadcast": {
+        const channels = ifcChannelsByWindow.get(windowId);
+        if (!channels) return;
+        for (const channelId of channels) {
+          const peer = ifcPeerOf(channelId, windowId);
+          if (peer) hooks.sendToNapplet(peer, { type: "ifc.channel.event", channelId, sender: windowId, payload: m.payload });
+        }
+        return;
+      }
+      case "channel.list": {
+        const id = m.id ?? "";
+        const channels = [];
+        const set = ifcChannelsByWindow.get(windowId);
+        if (set) {
+          for (const channelId of set) {
+            const peer = ifcPeerOf(channelId, windowId);
+            if (peer) channels.push({ id: channelId, peer });
+          }
+        }
+        hooks.sendToNapplet(windowId, { type: "ifc.channel.list.result", id, channels });
+        return;
+      }
+      case "channel.close": {
+        const channelId = m.channelId ?? "";
+        const peer = ifcPeerOf(channelId, windowId);
+        if (!peer) return;
+        hooks.sendToNapplet(windowId, { type: "ifc.channel.closed", channelId });
+        hooks.sendToNapplet(peer, { type: "ifc.channel.closed", channelId });
+        ifcRemoveChannel(channelId);
+        return;
+      }
+      default:
+        return;
+    }
+  }
+  function handleMediaMessage(windowId, msg) {
+    const mediaService = serviceRegistry["media"];
+    if (mediaService) {
+      mediaService.handleMessage(windowId, msg, (resp) => {
+        hooks.sendToNapplet(windowId, resp);
+      });
+      return;
+    }
+    if (msg.type === "media.session.create") {
+      const m = msg;
+      hooks.sendToNapplet(windowId, {
+        type: "media.session.create.result",
+        id: m.id ?? "",
+        sessionId: m.sessionId ?? ""
+      });
+    }
+  }
+  function handleKeysMessage(windowId, msg) {
+    const keysService = serviceRegistry["keys"];
+    if (keysService) {
+      keysService.handleMessage(windowId, msg, (resp) => {
+        hooks.sendToNapplet(windowId, resp);
+      });
+      return;
+    }
+    if (msg.type === "keys.forward") {
+      const m = msg;
+      hooks.hotkeys.executeHotkeyFromForward({
+        key: m.key ?? "",
+        code: m.code ?? "",
+        ctrlKey: !!m.ctrl,
+        altKey: !!m.alt,
+        shiftKey: !!m.shift,
+        metaKey: !!m.meta
+      });
+      return;
+    }
+    if (msg.type === "keys.registerAction") {
+      const m = msg;
+      hooks.sendToNapplet(windowId, {
+        type: "keys.registerAction.result",
+        id: m.id ?? "",
+        actionId: m.action?.id ?? "",
+        ...m.action?.defaultKey ? { binding: m.action.defaultKey } : {}
+      });
+      return;
+    }
+  }
+  function handleNotifyMessage(windowId, msg) {
+    const notifyService = serviceRegistry["notify"];
+    if (notifyService) {
+      notifyService.handleMessage(windowId, msg, (resp) => {
+        hooks.sendToNapplet(windowId, resp);
+      });
+      return;
+    }
+    if (msg.type === "notify.send") {
+      const m = msg;
+      hooks.sendToNapplet(windowId, {
+        type: "notify.send.result",
+        id: m.id ?? "",
+        notificationId: `shell-${Date.now()}`
+      });
+    } else if (msg.type === "notify.permission.request") {
+      const m = msg;
+      hooks.sendToNapplet(windowId, {
+        type: "notify.permission.result",
+        id: m.id ?? "",
+        granted: true
+      });
+    }
+  }
+  const THEME_FALLBACK_DEFAULT = {
+    colors: { background: "#0a0a0a", text: "#e0e0e0", primary: "#7aa2f7" }
+  };
+  function handleThemeMessage(windowId, msg) {
+    const themeService = serviceRegistry["theme"];
+    if (themeService) {
+      themeService.handleMessage(windowId, msg, (resp) => {
+        hooks.sendToNapplet(windowId, resp);
+      });
+      return;
+    }
+    if (msg.type === "theme.get") {
+      const m = msg;
+      hooks.sendToNapplet(windowId, {
+        type: "theme.get.result",
+        id: m.id ?? "",
+        theme: THEME_FALLBACK_DEFAULT
+      });
+    }
+  }
+  let currentWindowId = null;
+  const nubDispatch = createDispatch();
+  const relayAdapter = (msg) => {
+    if (currentWindowId === null) return;
+    handleRelayMessage(currentWindowId, msg);
+  };
+  const identityAdapter = (msg) => {
+    if (currentWindowId === null) return;
+    handleIdentityMessage(currentWindowId, msg);
+  };
+  const keysAdapter = (msg) => {
+    if (currentWindowId === null) return;
+    handleKeysMessage(currentWindowId, msg);
+  };
+  const mediaAdapter = (msg) => {
+    if (currentWindowId === null) return;
+    handleMediaMessage(currentWindowId, msg);
+  };
+  const notifyAdapter = (msg) => {
+    if (currentWindowId === null) return;
+    handleNotifyMessage(currentWindowId, msg);
+  };
+  const storageAdapter = (msg) => {
+    if (currentWindowId === null) return;
+    handleStorageMessage(currentWindowId, msg);
+  };
+  const ifcAdapter = (msg) => {
+    if (currentWindowId === null) return;
+    handleIfcMessage(currentWindowId, msg);
+  };
+  const themeAdapter = (msg) => {
+    if (currentWindowId === null) return;
+    handleThemeMessage(currentWindowId, msg);
+  };
+  nubDispatch.registerNub("relay", relayAdapter);
+  nubDispatch.registerNub("identity", identityAdapter);
+  nubDispatch.registerNub("keys", keysAdapter);
+  nubDispatch.registerNub("media", mediaAdapter);
+  nubDispatch.registerNub("notify", notifyAdapter);
+  nubDispatch.registerNub("storage", storageAdapter);
+  nubDispatch.registerNub("ifc", ifcAdapter);
+  nubDispatch.registerNub("theme", themeAdapter);
+  function handleMessage(windowId, msg) {
+    if (typeof msg !== "object" || msg === null || !("type" in msg)) return;
+    const envelope = msg;
+    const dotIdx = envelope.type.indexOf(".");
+    if (dotIdx === -1) return;
+    const caps = resolveCapabilitiesNub(envelope);
+    if (caps.senderCap) {
+      const result = enforceNub(windowId, caps.senderCap, envelope);
+      if (!result.allowed) {
+        const id = envelope.id ?? "";
+        hooks.sendToNapplet(windowId, { type: `${envelope.type}.error`, id, error: formatDenialReason(result.capability) });
+        return;
+      }
+    }
+    currentWindowId = windowId;
+    try {
+      nubDispatch.dispatch(envelope);
+    } finally {
+      currentWindowId = null;
+    }
+  }
+  const runtimeInstance = {
+    handleMessage,
+    injectEvent(topic, payload) {
+      const uuid = hooks.crypto.randomUUID().replace(/-/g, "").slice(0, 64).padEnd(64, "0");
+      const event = {
+        id: uuid,
+        pubkey: "0".repeat(64),
+        created_at: Math.floor(Date.now() / 1e3),
+        kind: 29e3,
+        // IPC_PEER — inlined numeric after Phase 24 shim deletion
+        tags: [["t", topic]],
+        content: JSON.stringify(payload),
+        sig: "0".repeat(128)
+      };
+      eventBuffer.bufferAndDeliver(event, null);
+    },
+    destroy() {
+      manifestCache.persist();
+      aclState.persist();
+      replayDetector.clear();
+      subscriptions.clear();
+      ifcSubscriptions.clear();
+      ifcChannels.clear();
+      ifcChannelsByWindow.clear();
+      eventBuffer.clear();
+      registeredServices.clear();
+      undeclaredServiceConsents.clear();
+    },
+    registerConsentHandler(handler) {
+      _consentHandler = handler;
+    },
+    registerService(name, handler) {
+      serviceRegistry[name] = handler;
+      registeredServices.set(name, {
+        name: handler.descriptor.name,
+        version: handler.descriptor.version,
+        description: handler.descriptor.description
+      });
+    },
+    unregisterService(name) {
+      delete serviceRegistry[name];
+      registeredServices.delete(name);
+    },
+    destroyWindow(windowId) {
+      for (const [key] of subscriptions) {
+        if (key.startsWith(`${windowId}:`)) {
+          subscriptions.delete(key);
+          hooks.relayPool?.untrackSubscription(key);
+        }
+      }
+      for (const [topic, subs] of ifcSubscriptions) {
+        subs.delete(windowId);
+        if (subs.size === 0) ifcSubscriptions.delete(topic);
+      }
+      const channelIds = ifcChannelsByWindow.get(windowId);
+      if (channelIds) {
+        for (const channelId of [...channelIds]) {
+          const peer = ifcPeerOf(channelId, windowId);
+          if (peer) {
+            hooks.sendToNapplet(peer, { type: "ifc.channel.closed", channelId });
+          }
+          ifcRemoveChannel(channelId);
+        }
+      }
+      notifyServiceWindowDestroyed(windowId, serviceRegistry);
+    },
+    get sessionRegistry() {
+      return sessionRegistry;
+    },
+    get aclState() {
+      return aclState;
+    },
+    get manifestCache() {
+      return manifestCache;
+    }
+  };
+  return runtimeInstance;
+}
+// src/index.ts
+import { ALL_CAPABILITIES as ALL_CAPABILITIES2 } from "@kehto/acl/capabilities";
+export {
+  ALL_CAPABILITIES2 as ALL_CAPABILITIES,
+  RING_BUFFER_SIZE,
+  cleanupNappState,
+  createAclState,
+  createEnforceGate,
+  createEventBuffer,
+  createManifestCache,
+  createNappKeyRegistry,
+  createNubEnforceGate,
+  createReplayDetector,
+  createRuntime,
+  createSessionRegistry,
+  formatDenialReason,
+  handleStorageNub,
+  matchesAnyFilter,
+  matchesFilter,
+  notifyServiceWindowDestroyed,
+  resolveCapabilitiesNub,
+  routeServiceMessage
+};
+//# sourceMappingURL=index.js.map