@llui/agent 0.0.34 → 0.0.35

package/dist/server/token.js

@@ -1,117 +1,54 @@
 const PREFIX = 'llui-agent_';
+const TOKEN_BYTES = 32;
 /**
- * Normalize key + payload to `Uint8Array<ArrayBuffer>`, the shape
- * WebCrypto wants. Newer TS lib types parameterize `Uint8Array` over the
- * underlying buffer, and `TextEncoder.encode()` returns
- * `Uint8Array<ArrayBufferLike>` — which `crypto.subtle.*` won't accept
- * directly. A one-shot copy is cheap (HMAC inputs are bytes-small) and
- * keeps the types honest without `as BufferSource` scattered at call sites.
+ * Mint an opaque random bearer token + the SHA-256 hash the server
+ * stores as a lookup key. Tokens are 32 bytes of CSPRNG entropy (256
+ * bits) base64url-encoded with the `llui-agent_` prefix — total
+ * 54–55 chars, vs the previous JWT format's ~250.
+ *
+ * The token itself never persists; only the hash does. A leaked store
+ * therefore does not compromise live tokens, since the bearer secret
+ * isn't recoverable from the hash. This matches the standard "session
+ * cookie / API key" pattern.
+ *
+ * The opaque form is the only token format the server understands as
+ * of 0.0.35. The previous HMAC-signed JWT format is gone; clients
+ * carrying old tokens will fail with `unknown` on first call and need
+ * to remint. See CHANGELOG.
  */
-function toBytes(input) {
-    const raw = typeof input === 'string' ? new TextEncoder().encode(input) : input;
-    const buf = new ArrayBuffer(raw.byteLength);
-    const out = new Uint8Array(buf);
-    out.set(raw);
-    return out;
-}
-function toKeyBytes(key) {
-    if (typeof key === 'string') {
-        if (key.length < 32)
-            throw new Error('signingKey must be at least 32 bytes');
-    }
-    else if (key.byteLength < 32) {
-        throw new Error('signingKey must be at least 32 bytes');
-    }
-    return toBytes(key);
+export async function mintToken() {
+    const bytes = new Uint8Array(TOKEN_BYTES);
+    crypto.getRandomValues(bytes);
+    const token = (PREFIX + toBase64Url(bytes));
+    const tokenHash = await sha256Hex(token);
+    return { token, tokenHash };
 }
 /**
- * Import a signing key as a WebCrypto `CryptoKey`. Done per call so the
- * caller doesn't have to pre-import and pass it around; the cost is a
- * microtask per sign/verify, which is negligible for our call volume
- * (tokens verified once per LAP HTTP request).
+ * Compute the SHA-256 hash of a presented bearer token. Returns `null`
+ * when the prefix is missing — the verify path uses that to fail-fast
+ * on garbage-shaped Authorization headers without a crypto round-trip.
+ * Hash is hex-encoded for portability across stores (Postgres `text`,
+ * KV string, etc.).
  */
-async function importHmacKey(key, usages) {
-    return crypto.subtle.importKey('raw', toKeyBytes(key), { name: 'HMAC', hash: 'SHA-256' }, false, usages);
+export async function tokenHashOf(token) {
+    if (!token.startsWith(PREFIX))
+        return null;
+    return sha256Hex(token);
+}
+async function sha256Hex(s) {
+    const bytes = new TextEncoder().encode(s);
+    const buf = await crypto.subtle.digest('SHA-256', bytes);
+    const arr = new Uint8Array(buf);
+    let out = '';
+    for (let i = 0; i < arr.length; i++) {
+        out += arr[i].toString(16).padStart(2, '0');
+    }
+    return out;
 }
 function toBase64Url(bytes) {
-    // btoa needs a binary string; build it manually to avoid ArrayBuffer/Uint8Array quirks.
     let bin = '';
     for (let i = 0; i < bytes.byteLength; i++)
         bin += String.fromCharCode(bytes[i]);
     return btoa(bin).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
 }
-function fromBase64Url(s) {
-    try {
-        const b64 = s.replace(/-/g, '+').replace(/_/g, '/') + '='.repeat((4 - (s.length % 4)) % 4);
-        const bin = atob(b64);
-        const buf = new ArrayBuffer(bin.length);
-        const bytes = new Uint8Array(buf);
-        for (let i = 0; i < bin.length; i++)
-            bytes[i] = bin.charCodeAt(i);
-        return bytes;
-    }
-    catch {
-        return null;
-    }
-}
-/**
- * Serialize a payload to `llui-agent_<base64url(json)>.<base64url(hmac)>`.
- * See spec §6.1. Async because WebCrypto's HMAC sign/verify is the
- * cross-runtime standard; Node, Cloudflare, Deno, and Bun all expose
- * `crypto.subtle` identically.
- */
-export async function signToken(payload, key) {
-    const cryptoKey = await importHmacKey(key, ['sign']);
-    const jsonBytes = toBytes(JSON.stringify(payload));
-    const payloadPart = toBase64Url(jsonBytes);
-    const macBuf = await crypto.subtle.sign('HMAC', cryptoKey, toBytes(payloadPart));
-    const sigPart = toBase64Url(new Uint8Array(macBuf));
-    return (PREFIX + payloadPart + '.' + sigPart);
-}
-/**
- * Verify the signature, parse the payload, and check expiry.
- * `crypto.subtle.verify` does the constant-time compare internally,
- * so we don't need a separate `timingSafeEqual`.
- */
-export async function verifyToken(token, key, nowSec = Math.floor(Date.now() / 1000)) {
-    if (!token.startsWith(PREFIX))
-        return { kind: 'invalid', reason: 'malformed' };
-    const body = token.slice(PREFIX.length);
-    const dot = body.indexOf('.');
-    if (dot < 0)
-        return { kind: 'invalid', reason: 'malformed' };
-    const payloadPart = body.slice(0, dot);
-    const sigPart = body.slice(dot + 1);
-    const sigBytes = fromBase64Url(sigPart);
-    if (!sigBytes)
-        return { kind: 'invalid', reason: 'malformed' };
-    const cryptoKey = await importHmacKey(key, ['verify']);
-    const ok = await crypto.subtle.verify('HMAC', cryptoKey, sigBytes, toBytes(payloadPart));
-    if (!ok)
-        return { kind: 'invalid', reason: 'bad-signature' };
-    const jsonBytes = fromBase64Url(payloadPart);
-    if (!jsonBytes)
-        return { kind: 'invalid', reason: 'malformed' };
-    let parsed;
-    try {
-        parsed = JSON.parse(new TextDecoder().decode(jsonBytes));
-    }
-    catch {
-        return { kind: 'invalid', reason: 'malformed' };
-    }
-    if (!isTokenPayload(parsed))
-        return { kind: 'invalid', reason: 'malformed' };
-    if (parsed.exp <= nowSec)
-        return { kind: 'invalid', reason: 'expired' };
-    return { kind: 'ok', payload: parsed };
-}
-function isTokenPayload(x) {
-    if (!x || typeof x !== 'object')
-        return false;
-    const o = x;
-    return (typeof o.tid === 'string' &&
-        typeof o.iat === 'number' &&
-        typeof o.exp === 'number' &&
-        o.scope === 'agent');
-}
 //# sourceMappingURL=token.js.map

package/dist/server/token.js.map

@@ -1 +1 @@
-{"version":3,"file":"token.js","sourceRoot":"","sources":["../../src/server/token.ts"],"names":[],"mappings":"AAaA,MAAM,MAAM,GAAG,aAAa,CAAA;AAE5B;;;;;;;GAOG;AACH,SAAS,OAAO,CAAC,KAA0B;IACzC,MAAM,GAAG,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;IAC/E,MAAM,GAAG,GAAG,IAAI,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;IAC3C,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAA;IAC/B,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IACZ,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,SAAS,UAAU,CAAC,GAAwB;IAC1C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,IAAI,GAAG,CAAC,MAAM,GAAG,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;IAC9E,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,GAAG,EAAE,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;IACzD,CAAC;IACD,OAAO,OAAO,CAAC,GAAG,CAAC,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,aAAa,CAAC,GAAwB,EAAE,MAAkB;IACvE,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5B,KAAK,EACL,UAAU,CAAC,GAAG,CAAC,EACf,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,MAAM,CACP,CAAA;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAiB;IACpC,wFAAwF;IACxF,IAAI,GAAG,GAAG,EAAE,CAAA;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,UAAU,EAAE,CAAC,EAAE;QAAE,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAA;IAChF,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;AAC7E,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;QAC1F,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAA;QACrB,MAAM,GAAG,GAAG,IAAI,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACvC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAA;QACjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;QACjE,OAAO,KAAK,CAAA;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,OAAqB,EACrB,GAAwB;IAExB,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC,CAAA;IACpD,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAA;IAClD,MAAM,WAAW,GAAG,WAAW,CAAC,SAAS,CAAC,CAAA;IAC1C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAA;IAChF,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;IACnD,OAAO,CAAC,MAAM,GAAG,WAAW,GAAG,GAAG,GAAG,OAAO,CAAe,CAAA;AAC7D,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,KAAa,EACb,GAAwB,EACxB,SAAiB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;IAE9C,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,CAAA;IAC9E,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACvC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAC7B,IAAI,GAAG,GAAG,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,CAAA;IAE5D,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IACtC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAA;IACnC,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,CAAC,CAAA;IACvC,IAAI,CAAC,QAAQ;QAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,CAAA;IAE9D,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAA;IACtD,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAA;IACxF,IAAI,CAAC,EAAE;QAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,eAAe,EAAE,CAAA;IAE5D,MAAM,SAAS,GAAG,aAAa,CAAC,WAAW,CAAC,CAAA;IAC5C,IAAI,CAAC,SAAS;QAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,CAAA;IAC/D,IAAI,MAAe,CAAA;IACnB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAA;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,CAAA;IACjD,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,CAAA;IAC5E,IAAI,MAAM,CAAC,GAAG,IAAI,MAAM;QAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,CAAA;IACvE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,CAAA;AACxC,CAAC;AAED,SAAS,cAAc,CAAC,CAAU;IAChC,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAA;IAC7C,MAAM,CAAC,GAAG,CAA4B,CAAA;IACtC,OAAO,CACL,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ;QACzB,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ;QACzB,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ;QACzB,CAAC,CAAC,KAAK,KAAK,OAAO,CACpB,CAAA;AACH,CAAC","sourcesContent":["import type { AgentToken } from '../protocol.js'\n\nexport type TokenPayload = {\n  tid: string\n  iat: number\n  exp: number\n  scope: 'agent'\n}\n\nexport type VerifyResult =\n  | { kind: 'ok'; payload: TokenPayload }\n  | { kind: 'invalid'; reason: 'malformed' | 'bad-signature' | 'expired' }\n\nconst PREFIX = 'llui-agent_'\n\n/**\n * Normalize key + payload to `Uint8Array<ArrayBuffer>`, the shape\n * WebCrypto wants. Newer TS lib types parameterize `Uint8Array` over the\n * underlying buffer, and `TextEncoder.encode()` returns\n * `Uint8Array<ArrayBufferLike>` — which `crypto.subtle.*` won't accept\n * directly. A one-shot copy is cheap (HMAC inputs are bytes-small) and\n * keeps the types honest without `as BufferSource` scattered at call sites.\n */\nfunction toBytes(input: string | Uint8Array): Uint8Array<ArrayBuffer> {\n  const raw = typeof input === 'string' ? new TextEncoder().encode(input) : input\n  const buf = new ArrayBuffer(raw.byteLength)\n  const out = new Uint8Array(buf)\n  out.set(raw)\n  return out\n}\n\nfunction toKeyBytes(key: string | Uint8Array): Uint8Array<ArrayBuffer> {\n  if (typeof key === 'string') {\n    if (key.length < 32) throw new Error('signingKey must be at least 32 bytes')\n  } else if (key.byteLength < 32) {\n    throw new Error('signingKey must be at least 32 bytes')\n  }\n  return toBytes(key)\n}\n\n/**\n * Import a signing key as a WebCrypto `CryptoKey`. Done per call so the\n * caller doesn't have to pre-import and pass it around; the cost is a\n * microtask per sign/verify, which is negligible for our call volume\n * (tokens verified once per LAP HTTP request).\n */\nasync function importHmacKey(key: string | Uint8Array, usages: KeyUsage[]): Promise<CryptoKey> {\n  return crypto.subtle.importKey(\n    'raw',\n    toKeyBytes(key),\n    { name: 'HMAC', hash: 'SHA-256' },\n    false,\n    usages,\n  )\n}\n\nfunction toBase64Url(bytes: Uint8Array): string {\n  // btoa needs a binary string; build it manually to avoid ArrayBuffer/Uint8Array quirks.\n  let bin = ''\n  for (let i = 0; i < bytes.byteLength; i++) bin += String.fromCharCode(bytes[i]!)\n  return btoa(bin).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '')\n}\n\nfunction fromBase64Url(s: string): Uint8Array<ArrayBuffer> | null {\n  try {\n    const b64 = s.replace(/-/g, '+').replace(/_/g, '/') + '='.repeat((4 - (s.length % 4)) % 4)\n    const bin = atob(b64)\n    const buf = new ArrayBuffer(bin.length)\n    const bytes = new Uint8Array(buf)\n    for (let i = 0; i < bin.length; i++) bytes[i] = bin.charCodeAt(i)\n    return bytes\n  } catch {\n    return null\n  }\n}\n\n/**\n * Serialize a payload to `llui-agent_<base64url(json)>.<base64url(hmac)>`.\n * See spec §6.1. Async because WebCrypto's HMAC sign/verify is the\n * cross-runtime standard; Node, Cloudflare, Deno, and Bun all expose\n * `crypto.subtle` identically.\n */\nexport async function signToken(\n  payload: TokenPayload,\n  key: string | Uint8Array,\n): Promise<AgentToken> {\n  const cryptoKey = await importHmacKey(key, ['sign'])\n  const jsonBytes = toBytes(JSON.stringify(payload))\n  const payloadPart = toBase64Url(jsonBytes)\n  const macBuf = await crypto.subtle.sign('HMAC', cryptoKey, toBytes(payloadPart))\n  const sigPart = toBase64Url(new Uint8Array(macBuf))\n  return (PREFIX + payloadPart + '.' + sigPart) as AgentToken\n}\n\n/**\n * Verify the signature, parse the payload, and check expiry.\n * `crypto.subtle.verify` does the constant-time compare internally,\n * so we don't need a separate `timingSafeEqual`.\n */\nexport async function verifyToken(\n  token: string,\n  key: string | Uint8Array,\n  nowSec: number = Math.floor(Date.now() / 1000),\n): Promise<VerifyResult> {\n  if (!token.startsWith(PREFIX)) return { kind: 'invalid', reason: 'malformed' }\n  const body = token.slice(PREFIX.length)\n  const dot = body.indexOf('.')\n  if (dot < 0) return { kind: 'invalid', reason: 'malformed' }\n\n  const payloadPart = body.slice(0, dot)\n  const sigPart = body.slice(dot + 1)\n  const sigBytes = fromBase64Url(sigPart)\n  if (!sigBytes) return { kind: 'invalid', reason: 'malformed' }\n\n  const cryptoKey = await importHmacKey(key, ['verify'])\n  const ok = await crypto.subtle.verify('HMAC', cryptoKey, sigBytes, toBytes(payloadPart))\n  if (!ok) return { kind: 'invalid', reason: 'bad-signature' }\n\n  const jsonBytes = fromBase64Url(payloadPart)\n  if (!jsonBytes) return { kind: 'invalid', reason: 'malformed' }\n  let parsed: unknown\n  try {\n    parsed = JSON.parse(new TextDecoder().decode(jsonBytes))\n  } catch {\n    return { kind: 'invalid', reason: 'malformed' }\n  }\n\n  if (!isTokenPayload(parsed)) return { kind: 'invalid', reason: 'malformed' }\n  if (parsed.exp <= nowSec) return { kind: 'invalid', reason: 'expired' }\n  return { kind: 'ok', payload: parsed }\n}\n\nfunction isTokenPayload(x: unknown): x is TokenPayload {\n  if (!x || typeof x !== 'object') return false\n  const o = x as Record<string, unknown>\n  return (\n    typeof o.tid === 'string' &&\n    typeof o.iat === 'number' &&\n    typeof o.exp === 'number' &&\n    o.scope === 'agent'\n  )\n}\n"]}
+{"version":3,"file":"token.js","sourceRoot":"","sources":["../../src/server/token.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,GAAG,aAAa,CAAA;AAC5B,MAAM,WAAW,GAAG,EAAE,CAAA;AAYtB;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,WAAW,CAAC,CAAA;IACzC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;IAC7B,MAAM,KAAK,GAAG,CAAC,MAAM,GAAG,WAAW,CAAC,KAAK,CAAC,CAAe,CAAA;IACzD,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAA;IACxC,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAA;AAC7B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,KAAa;IAC7C,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAA;IAC1C,OAAO,SAAS,CAAC,KAAK,CAAC,CAAA;AACzB,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,CAAS;IAChC,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;IACzC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;IACxD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAI,GAAG,GAAG,EAAE,CAAA;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,GAAG,IAAI,GAAG,CAAC,CAAC,CAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IAC9C,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,SAAS,WAAW,CAAC,KAAiB;IACpC,IAAI,GAAG,GAAG,EAAE,CAAA;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,UAAU,EAAE,CAAC,EAAE;QAAE,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAA;IAChF,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;AAC7E,CAAC","sourcesContent":["import type { AgentToken } from '../protocol.js'\n\nconst PREFIX = 'llui-agent_'\nconst TOKEN_BYTES = 32\n\n/**\n * Result of looking up a presented token. The `expired` reason is\n * returned by the verify path when the token's record exists but its\n * hard-expiry has passed; `unknown` covers both \"no record\" and\n * \"wrong hash\" so a probe-by-hash leak surface is uniform.\n */\nexport type VerifyResult =\n  | { kind: 'ok'; tid: string }\n  | { kind: 'invalid'; reason: 'malformed' | 'unknown' | 'expired' }\n\n/**\n * Mint an opaque random bearer token + the SHA-256 hash the server\n * stores as a lookup key. Tokens are 32 bytes of CSPRNG entropy (256\n * bits) base64url-encoded with the `llui-agent_` prefix — total\n * 54–55 chars, vs the previous JWT format's ~250.\n *\n * The token itself never persists; only the hash does. A leaked store\n * therefore does not compromise live tokens, since the bearer secret\n * isn't recoverable from the hash. This matches the standard \"session\n * cookie / API key\" pattern.\n *\n * The opaque form is the only token format the server understands as\n * of 0.0.35. The previous HMAC-signed JWT format is gone; clients\n * carrying old tokens will fail with `unknown` on first call and need\n * to remint. See CHANGELOG.\n */\nexport async function mintToken(): Promise<{ token: AgentToken; tokenHash: string }> {\n  const bytes = new Uint8Array(TOKEN_BYTES)\n  crypto.getRandomValues(bytes)\n  const token = (PREFIX + toBase64Url(bytes)) as AgentToken\n  const tokenHash = await sha256Hex(token)\n  return { token, tokenHash }\n}\n\n/**\n * Compute the SHA-256 hash of a presented bearer token. Returns `null`\n * when the prefix is missing — the verify path uses that to fail-fast\n * on garbage-shaped Authorization headers without a crypto round-trip.\n * Hash is hex-encoded for portability across stores (Postgres `text`,\n * KV string, etc.).\n */\nexport async function tokenHashOf(token: string): Promise<string | null> {\n  if (!token.startsWith(PREFIX)) return null\n  return sha256Hex(token)\n}\n\nasync function sha256Hex(s: string): Promise<string> {\n  const bytes = new TextEncoder().encode(s)\n  const buf = await crypto.subtle.digest('SHA-256', bytes)\n  const arr = new Uint8Array(buf)\n  let out = ''\n  for (let i = 0; i < arr.length; i++) {\n    out += arr[i]!.toString(16).padStart(2, '0')\n  }\n  return out\n}\n\nfunction toBase64Url(bytes: Uint8Array): string {\n  let bin = ''\n  for (let i = 0; i < bytes.byteLength; i++) bin += String.fromCharCode(bytes[i]!)\n  return btoa(bin).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '')\n}\n"]}

package/dist/server/web/upgrade.d.ts

@@ -13,7 +13,7 @@ export declare function extractToken(req: Request): string | null;
  *
  * Usage:
  * ```ts
- * const agent = createLluiAgentCore({ signingKey: env.AGENT_KEY })
+ * const agent = createLluiAgentCore()
  * export default {
  *   async fetch(req, env) {
  *     const url = new URL(req.url)

package/dist/server/web/upgrade.js

@@ -22,7 +22,7 @@ export function extractToken(req) {
  *
  * Usage:
  * ```ts
- * const agent = createLluiAgentCore({ signingKey: env.AGENT_KEY })
+ * const agent = createLluiAgentCore()
  * export default {
  *   async fetch(req, env) {
  *     const url = new URL(req.url)

package/dist/server/web/upgrade.js.map

@@ -1 +1 @@
-{"version":3,"file":"upgrade.js","sourceRoot":"","sources":["../../../src/server/web/upgrade.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,6BAA6B,EAAE,MAAM,cAAc,CAAA;AAE5D;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,GAAY;IACvC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,CAAC,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IACvC,IAAI,CAAC;QAAE,OAAO,CAAC,CAAA;IACf,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAA;IAC7C,IAAI,IAAI,EAAE,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;IACpE,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,GAAY,EACZ,KAAsB;IAEtB,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,WAAW,EAAE,CAAC;QAC/C,OAAO,IAAI,QAAQ,CAAC,6BAA6B,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IACrE,CAAC;IACD,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,QAAQ,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAEhE,kEAAkE;IAClE,mEAAmE;IACnE,qDAAqD;IACrD,MAAM,IAAI,GACR,UACD,CAAC,aAAa,CAAA;IACf,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,IAAI,QAAQ,CAAC,2CAA2C,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IACnF,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAA;IACvB,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;IACtB,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAE,CAGtB;IAAC,MAA4C,CAAC,MAAM,EAAE,CAAA;IAEvD,MAAM,IAAI,GAAG,6BAA6B,CAAC,MAAM,CAAC,CAAA;IAClD,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;IACxD,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,IAAI,CAAC,KAAK,EAAE,CAAA;QACZ,OAAO,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAA;IAC7D,CAAC;IAED,sEAAsE;IACtE,0BAA0B;IAC1B,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAEzD,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,GAAY,EAAE,KAAsB;IAC1E,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,QAAQ,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAEhE,MAAM,KAAK,GACT,UAKD,CAAC,IAAI,CAAA;IACN,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,QAAQ,CAAC,mDAAmD,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAC3F,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;IACxD,MAAM,IAAI,GAAG,6BAA6B,CAAC,MAAM,CAAC,CAAA;IAElD,kEAAkE;IAClE,mDAAmD;IACnD,MAAM,CAAC,gBAAgB,CACrB,MAAM,EACN,GAAG,EAAE;QACH,KAAK,KAAK,CAAC,gBAAgB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YACvD,IAAI,CAAC,MAAM,CAAC,EAAE;gBAAE,IAAI,CAAC,KAAK,EAAE,CAAA;QAC9B,CAAC,CAAC,CAAA;IACJ,CAAC,EACD,EAAE,IAAI,EAAE,IAAI,EAAE,CACf,CAAA;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC","sourcesContent":["import type { AgentCoreHandle } from '../core.js'\nimport { createWHATWGPairingConnection } from './adapter.js'\n\n/**\n * Extract the bearer token from a LAP WebSocket upgrade request.\n * Accepts the token on either `?token=` or `Authorization: Bearer` —\n * query-string is the common pattern because browsers can't set\n * arbitrary headers on WebSocket construction.\n */\nexport function extractToken(req: Request): string | null {\n  const url = new URL(req.url)\n  const q = url.searchParams.get('token')\n  if (q) return q\n  const auth = req.headers.get('authorization')\n  if (auth?.startsWith('Bearer ')) return auth.slice('Bearer '.length)\n  return null\n}\n\n/**\n * Cloudflare Workers handler. Accepts a WebSocket upgrade using\n * `WebSocketPair`, validates the token via\n * `agent.acceptConnection`, and returns the 101 upgrade Response.\n *\n * Usage:\n * ```ts\n * const agent = createLluiAgentCore({ signingKey: env.AGENT_KEY })\n * export default {\n *   async fetch(req, env) {\n *     const url = new URL(req.url)\n *     if (url.pathname === '/agent/ws') return handleCloudflareUpgrade(req, agent)\n *     return (await agent.router(req)) ?? new Response('Not Found', { status: 404 })\n *   },\n * }\n * ```\n */\nexport async function handleCloudflareUpgrade(\n  req: Request,\n  agent: AgentCoreHandle,\n): Promise<Response> {\n  if (req.headers.get('upgrade') !== 'websocket') {\n    return new Response('Expected upgrade: websocket', { status: 426 })\n  }\n  const token = extractToken(req)\n  if (!token) return new Response('Unauthorized', { status: 401 })\n\n  // `WebSocketPair` is a Cloudflare Workers global. We reference it\n  // through `globalThis` so importing this module in non-CF runtimes\n  // (e.g. during type-checking on Node) doesn't crash.\n  const Pair = (\n    globalThis as unknown as { WebSocketPair?: new () => { 0: WebSocket; 1: WebSocket } }\n  ).WebSocketPair\n  if (!Pair) {\n    return new Response('WebSocketPair unavailable in this runtime', { status: 501 })\n  }\n  const pair = new Pair()\n  const client = pair[0]\n  const server = pair[1]!\n  // `accept()` on the server half is Cloudflare-specific — it tells\n  // the runtime the Worker will handle the WebSocket itself.\n  ;(server as unknown as { accept: () => void }).accept()\n\n  const conn = createWHATWGPairingConnection(server)\n  const result = await agent.acceptConnection(token, conn)\n  if (!result.ok) {\n    conn.close()\n    return new Response(result.code, { status: result.status })\n  }\n\n  // `webSocket` on ResponseInit is Cloudflare-specific; cast to satisfy\n  // the standard lib types.\n  return new Response(null, { status: 101, webSocket: client } as ResponseInit & {\n    webSocket: WebSocket\n  })\n}\n\n/**\n * Deno handler. Uses `Deno.upgradeWebSocket(req)` to produce the\n * response + socket pair, then plugs the socket into the registry.\n *\n * Usage:\n * ```ts\n * Deno.serve(async (req) => {\n *   const url = new URL(req.url)\n *   if (url.pathname === '/agent/ws') return handleDenoUpgrade(req, agent)\n *   return (await agent.router(req)) ?? new Response('Not Found', { status: 404 })\n * })\n * ```\n */\nexport async function handleDenoUpgrade(req: Request, agent: AgentCoreHandle): Promise<Response> {\n  const token = extractToken(req)\n  if (!token) return new Response('Unauthorized', { status: 401 })\n\n  const Deno_ = (\n    globalThis as unknown as {\n      Deno?: {\n        upgradeWebSocket: (req: Request) => { socket: WebSocket; response: Response }\n      }\n    }\n  ).Deno\n  if (!Deno_) {\n    return new Response('Deno.upgradeWebSocket unavailable in this runtime', { status: 501 })\n  }\n\n  const { socket, response } = Deno_.upgradeWebSocket(req)\n  const conn = createWHATWGPairingConnection(socket)\n\n  // Deno opens the socket asynchronously; validate the token first,\n  // then register on `open` so frames aren't missed.\n  socket.addEventListener(\n    'open',\n    () => {\n      void agent.acceptConnection(token, conn).then((result) => {\n        if (!result.ok) conn.close()\n      })\n    },\n    { once: true },\n  )\n\n  return response\n}\n"]}
+{"version":3,"file":"upgrade.js","sourceRoot":"","sources":["../../../src/server/web/upgrade.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,6BAA6B,EAAE,MAAM,cAAc,CAAA;AAE5D;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,GAAY;IACvC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,CAAC,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IACvC,IAAI,CAAC;QAAE,OAAO,CAAC,CAAA;IACf,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAA;IAC7C,IAAI,IAAI,EAAE,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;IACpE,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,GAAY,EACZ,KAAsB;IAEtB,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,WAAW,EAAE,CAAC;QAC/C,OAAO,IAAI,QAAQ,CAAC,6BAA6B,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IACrE,CAAC;IACD,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,QAAQ,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAEhE,kEAAkE;IAClE,mEAAmE;IACnE,qDAAqD;IACrD,MAAM,IAAI,GACR,UACD,CAAC,aAAa,CAAA;IACf,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,IAAI,QAAQ,CAAC,2CAA2C,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IACnF,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAA;IACvB,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;IACtB,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAE,CAGtB;IAAC,MAA4C,CAAC,MAAM,EAAE,CAAA;IAEvD,MAAM,IAAI,GAAG,6BAA6B,CAAC,MAAM,CAAC,CAAA;IAClD,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;IACxD,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,IAAI,CAAC,KAAK,EAAE,CAAA;QACZ,OAAO,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAA;IAC7D,CAAC;IAED,sEAAsE;IACtE,0BAA0B;IAC1B,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAEzD,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,GAAY,EAAE,KAAsB;IAC1E,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,QAAQ,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAEhE,MAAM,KAAK,GACT,UAKD,CAAC,IAAI,CAAA;IACN,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,QAAQ,CAAC,mDAAmD,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAC3F,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;IACxD,MAAM,IAAI,GAAG,6BAA6B,CAAC,MAAM,CAAC,CAAA;IAElD,kEAAkE;IAClE,mDAAmD;IACnD,MAAM,CAAC,gBAAgB,CACrB,MAAM,EACN,GAAG,EAAE;QACH,KAAK,KAAK,CAAC,gBAAgB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YACvD,IAAI,CAAC,MAAM,CAAC,EAAE;gBAAE,IAAI,CAAC,KAAK,EAAE,CAAA;QAC9B,CAAC,CAAC,CAAA;IACJ,CAAC,EACD,EAAE,IAAI,EAAE,IAAI,EAAE,CACf,CAAA;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC","sourcesContent":["import type { AgentCoreHandle } from '../core.js'\nimport { createWHATWGPairingConnection } from './adapter.js'\n\n/**\n * Extract the bearer token from a LAP WebSocket upgrade request.\n * Accepts the token on either `?token=` or `Authorization: Bearer` —\n * query-string is the common pattern because browsers can't set\n * arbitrary headers on WebSocket construction.\n */\nexport function extractToken(req: Request): string | null {\n  const url = new URL(req.url)\n  const q = url.searchParams.get('token')\n  if (q) return q\n  const auth = req.headers.get('authorization')\n  if (auth?.startsWith('Bearer ')) return auth.slice('Bearer '.length)\n  return null\n}\n\n/**\n * Cloudflare Workers handler. Accepts a WebSocket upgrade using\n * `WebSocketPair`, validates the token via\n * `agent.acceptConnection`, and returns the 101 upgrade Response.\n *\n * Usage:\n * ```ts\n * const agent = createLluiAgentCore()\n * export default {\n *   async fetch(req, env) {\n *     const url = new URL(req.url)\n *     if (url.pathname === '/agent/ws') return handleCloudflareUpgrade(req, agent)\n *     return (await agent.router(req)) ?? new Response('Not Found', { status: 404 })\n *   },\n * }\n * ```\n */\nexport async function handleCloudflareUpgrade(\n  req: Request,\n  agent: AgentCoreHandle,\n): Promise<Response> {\n  if (req.headers.get('upgrade') !== 'websocket') {\n    return new Response('Expected upgrade: websocket', { status: 426 })\n  }\n  const token = extractToken(req)\n  if (!token) return new Response('Unauthorized', { status: 401 })\n\n  // `WebSocketPair` is a Cloudflare Workers global. We reference it\n  // through `globalThis` so importing this module in non-CF runtimes\n  // (e.g. during type-checking on Node) doesn't crash.\n  const Pair = (\n    globalThis as unknown as { WebSocketPair?: new () => { 0: WebSocket; 1: WebSocket } }\n  ).WebSocketPair\n  if (!Pair) {\n    return new Response('WebSocketPair unavailable in this runtime', { status: 501 })\n  }\n  const pair = new Pair()\n  const client = pair[0]\n  const server = pair[1]!\n  // `accept()` on the server half is Cloudflare-specific — it tells\n  // the runtime the Worker will handle the WebSocket itself.\n  ;(server as unknown as { accept: () => void }).accept()\n\n  const conn = createWHATWGPairingConnection(server)\n  const result = await agent.acceptConnection(token, conn)\n  if (!result.ok) {\n    conn.close()\n    return new Response(result.code, { status: result.status })\n  }\n\n  // `webSocket` on ResponseInit is Cloudflare-specific; cast to satisfy\n  // the standard lib types.\n  return new Response(null, { status: 101, webSocket: client } as ResponseInit & {\n    webSocket: WebSocket\n  })\n}\n\n/**\n * Deno handler. Uses `Deno.upgradeWebSocket(req)` to produce the\n * response + socket pair, then plugs the socket into the registry.\n *\n * Usage:\n * ```ts\n * Deno.serve(async (req) => {\n *   const url = new URL(req.url)\n *   if (url.pathname === '/agent/ws') return handleDenoUpgrade(req, agent)\n *   return (await agent.router(req)) ?? new Response('Not Found', { status: 404 })\n * })\n * ```\n */\nexport async function handleDenoUpgrade(req: Request, agent: AgentCoreHandle): Promise<Response> {\n  const token = extractToken(req)\n  if (!token) return new Response('Unauthorized', { status: 401 })\n\n  const Deno_ = (\n    globalThis as unknown as {\n      Deno?: {\n        upgradeWebSocket: (req: Request) => { socket: WebSocket; response: Response }\n      }\n    }\n  ).Deno\n  if (!Deno_) {\n    return new Response('Deno.upgradeWebSocket unavailable in this runtime', { status: 501 })\n  }\n\n  const { socket, response } = Deno_.upgradeWebSocket(req)\n  const conn = createWHATWGPairingConnection(socket)\n\n  // Deno opens the socket asynchronously; validate the token first,\n  // then register on `open` so frames aren't missed.\n  socket.addEventListener(\n    'open',\n    () => {\n      void agent.acceptConnection(token, conn).then((result) => {\n        if (!result.ok) conn.close()\n      })\n    },\n    { once: true },\n  )\n\n  return response\n}\n"]}

package/dist/server/ws/upgrade.d.ts

@@ -4,7 +4,6 @@ import type { PairingRegistry } from './pairing-registry.js';
 import type { TokenStore } from '../token-store.js';
 import type { AuditSink } from '../audit.js';
 export type UpgradeDeps = {
-    signingKey: string | Uint8Array;
     tokenStore: TokenStore;
     registry: PairingRegistry;
     auditSink: AuditSink;

package/dist/server/ws/upgrade.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"upgrade.d.ts","sourceRoot":"","sources":["../../../src/server/ws/upgrade.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAChD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,KAAK,EAAE,eAAe,EAAqB,MAAM,uBAAuB,CAAA;AAC/E,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AACnD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAI5C,MAAM,MAAM,WAAW,GAAG;IACxB,UAAU,EAAE,MAAM,GAAG,UAAU,CAAA;IAC/B,UAAU,EAAE,UAAU,CAAA;IACtB,QAAQ,EAAE,eAAe,CAAA;IACzB,SAAS,EAAE,SAAS,CAAA;IACpB,GAAG,CAAC,EAAE,MAAM,MAAM,CAAA;CACnB,CAAA;AAED;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,WAAW,IAIxC,KAAK,eAAe,EAAE,QAAQ,MAAM,EAAE,MAAM,MAAM,KAAG,OAAO,CAAC,IAAI,CAAC,CAoEjF"}
+{"version":3,"file":"upgrade.d.ts","sourceRoot":"","sources":["../../../src/server/ws/upgrade.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAChD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,KAAK,EAAE,eAAe,EAAqB,MAAM,uBAAuB,CAAA;AAC/E,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AACnD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAI5C,MAAM,MAAM,WAAW,GAAG;IACxB,UAAU,EAAE,UAAU,CAAA;IACtB,QAAQ,EAAE,eAAe,CAAA;IACzB,SAAS,EAAE,SAAS,CAAA;IACpB,GAAG,CAAC,EAAE,MAAM,MAAM,CAAA;CACnB,CAAA;AAED;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,WAAW,IAIxC,KAAK,eAAe,EAAE,QAAQ,MAAM,EAAE,MAAM,MAAM,KAAG,OAAO,CAAC,IAAI,CAAC,CA4EjF"}

package/dist/server/ws/upgrade.js

@@ -1,5 +1,5 @@
 import { WebSocketServer } from 'ws';
-import { verifyToken } from '../token.js';
+import { tokenHashOf } from '../token.js';
 /**
  * Returns a handler for `server.on('upgrade', ...)`. Validates the token
  * from the query string, attaches to the registry, wires frame/close
@@ -33,13 +33,21 @@ export function createWsUpgradeHandler(deps) {
             socket.destroy();
             return;
         }
-        const verified = await verifyToken(token, deps.signingKey);
-        if (verified.kind !== 'ok') {
+        // Same hash-lookup verify path as the LAP HTTP handlers — see
+        // describe.ts:verifyAndReadTid for the rationale.
+        const hash = await tokenHashOf(token);
+        if (!hash) {
             socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
             socket.destroy();
             return;
         }
-        const { tid } = verified.payload;
+        const rec = await deps.tokenStore.findByTokenHash(hash);
+        if (!rec || rec.expiresAt <= now()) {
+            socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
+            socket.destroy();
+            return;
+        }
+        const tid = rec.tid;
         // Perform upgrade, wire to registry
         wss.handleUpgrade(req, socket, head, (ws) => {
             const conn = {

package/dist/server/ws/upgrade.js.map

@@ -1 +1 @@
-{"version":3,"file":"upgrade.js","sourceRoot":"","sources":["../../../src/server/ws/upgrade.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,IAAI,CAAA;AAOpC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAWzC;;;;;;;;GAQG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAAiB;IACtD,MAAM,GAAG,GAAG,IAAI,eAAe,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;IACnD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;IAE1C,OAAO,KAAK,EAAE,GAAoB,EAAE,MAAc,EAAE,IAAY,EAAiB,EAAE;QACjF,aAAa;QACb,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,kBAAkB,CAAC,CAAA;QACvD,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YACjC,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAA;YAC9C,MAAM,CAAC,OAAO,EAAE,CAAA;YAChB,OAAM;QACR,CAAC;QAED,4DAA4D;QAC5D,IAAI,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAA;YACzC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC3D,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;YACtC,CAAC;QACH,CAAC;QACD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAA;YACjD,MAAM,CAAC,OAAO,EAAE,CAAA;YAChB,OAAM;QACR,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,CAAA;QAC1D,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YAC3B,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAA;YACjD,MAAM,CAAC,OAAO,EAAE,CAAA;YAChB,OAAM;QACR,CAAC;QACD,MAAM,EAAE,GAAG,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAA;QAEhC,oCAAoC;QACpC,GAAG,CAAC,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAa,EAAE,EAAE;YACrD,MAAM,IAAI,GAAsB;gBAC9B,IAAI,CAAC,KAAkB;oBACrB,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAA;gBAChC,CAAC;gBACD,OAAO,CAAC,OAAO;oBACb,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,IAAqB,EAAE,EAAE;wBACzC,MAAM,GAAG,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;wBACnE,IAAI,CAAC;4BACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAgB,CAAA;4BAC7C,OAAO,CAAC,MAAM,CAAC,CAAA;wBACjB,CAAC;wBAAC,MAAM,CAAC;4BACP,2BAA2B;wBAC7B,CAAC;oBACH,CAAC,CAAC,CAAA;gBACJ,CAAC;gBACD,OAAO,CAAC,OAAO;oBACb,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;gBACzB,CAAC;gBACD,KAAK;oBACH,EAAE,CAAC,KAAK,EAAE,CAAA;gBACZ,CAAC;aACF,CAAA;YACD,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;YAEjC,8EAA8E;YAC9E,KAAK,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;YACnD,KAAK,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;gBACxB,EAAE,EAAE,GAAG,EAAE;gBACT,GAAG;gBACH,GAAG,EAAE,IAAI;gBACT,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;aAC5B,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC","sourcesContent":["import { WebSocketServer } from 'ws'\nimport type { WebSocket } from 'ws'\nimport type { IncomingMessage } from 'node:http'\nimport type { Duplex } from 'node:stream'\nimport type { PairingRegistry, PairingConnection } from './pairing-registry.js'\nimport type { TokenStore } from '../token-store.js'\nimport type { AuditSink } from '../audit.js'\nimport { verifyToken } from '../token.js'\nimport type { ClientFrame, ServerFrame } from '../../protocol.js'\n\nexport type UpgradeDeps = {\n  signingKey: string | Uint8Array\n  tokenStore: TokenStore\n  registry: PairingRegistry\n  auditSink: AuditSink\n  now?: () => number\n}\n\n/**\n * Returns a handler for `server.on('upgrade', ...)`. Validates the token\n * from the query string, attaches to the registry, wires frame/close\n * routing. Unauthorized paths/tokens get a bare HTTP error response on\n * the raw socket (per RFC 6455 the response must be sent before the\n * socket is torn down).\n *\n * Spec §10.2, §10.4.\n */\nexport function createWsUpgradeHandler(deps: UpgradeDeps) {\n  const wss = new WebSocketServer({ noServer: true })\n  const now = deps.now ?? (() => Date.now())\n\n  return async (req: IncomingMessage, socket: Duplex, head: Buffer): Promise<void> => {\n    // Path check\n    const url = new URL(req.url ?? '/', 'http://localhost')\n    if (url.pathname !== '/agent/ws') {\n      socket.write('HTTP/1.1 404 Not Found\\r\\n\\r\\n')\n      socket.destroy()\n      return\n    }\n\n    // Token — try query string first, then Authorization header\n    let token = url.searchParams.get('token')\n    if (!token) {\n      const auth = req.headers['authorization']\n      if (typeof auth === 'string' && auth.startsWith('Bearer ')) {\n        token = auth.slice('Bearer '.length)\n      }\n    }\n    if (!token) {\n      socket.write('HTTP/1.1 401 Unauthorized\\r\\n\\r\\n')\n      socket.destroy()\n      return\n    }\n\n    const verified = await verifyToken(token, deps.signingKey)\n    if (verified.kind !== 'ok') {\n      socket.write('HTTP/1.1 401 Unauthorized\\r\\n\\r\\n')\n      socket.destroy()\n      return\n    }\n    const { tid } = verified.payload\n\n    // Perform upgrade, wire to registry\n    wss.handleUpgrade(req, socket, head, (ws: WebSocket) => {\n      const conn: PairingConnection = {\n        send(frame: ServerFrame) {\n          ws.send(JSON.stringify(frame))\n        },\n        onFrame(handler) {\n          ws.on('message', (data: Buffer | string) => {\n            const raw = typeof data === 'string' ? data : data.toString('utf8')\n            try {\n              const parsed = JSON.parse(raw) as ClientFrame\n              handler(parsed)\n            } catch {\n              // Ignore malformed frames.\n            }\n          })\n        },\n        onClose(handler) {\n          ws.on('close', handler)\n        },\n        close() {\n          ws.close()\n        },\n      }\n      deps.registry.register(tid, conn)\n\n      // Transition status: browser WS is now live, waiting for Claude's first call.\n      void deps.tokenStore.markAwaitingClaude(tid, now())\n      void deps.auditSink.write({\n        at: now(),\n        tid,\n        uid: null,\n        event: 'claim',\n        detail: { transport: 'ws' },\n      })\n    })\n  }\n}\n"]}
+{"version":3,"file":"upgrade.js","sourceRoot":"","sources":["../../../src/server/ws/upgrade.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,IAAI,CAAA;AAOpC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAUzC;;;;;;;;GAQG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAAiB;IACtD,MAAM,GAAG,GAAG,IAAI,eAAe,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;IACnD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;IAE1C,OAAO,KAAK,EAAE,GAAoB,EAAE,MAAc,EAAE,IAAY,EAAiB,EAAE;QACjF,aAAa;QACb,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,kBAAkB,CAAC,CAAA;QACvD,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YACjC,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAA;YAC9C,MAAM,CAAC,OAAO,EAAE,CAAA;YAChB,OAAM;QACR,CAAC;QAED,4DAA4D;QAC5D,IAAI,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAA;YACzC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC3D,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;YACtC,CAAC;QACH,CAAC;QACD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAA;YACjD,MAAM,CAAC,OAAO,EAAE,CAAA;YAChB,OAAM;QACR,CAAC;QAED,8DAA8D;QAC9D,kDAAkD;QAClD,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,CAAA;QACrC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAA;YACjD,MAAM,CAAC,OAAO,EAAE,CAAA;YAChB,OAAM;QACR,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,IAAI,CAAC,CAAA;QACvD,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,SAAS,IAAI,GAAG,EAAE,EAAE,CAAC;YACnC,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAA;YACjD,MAAM,CAAC,OAAO,EAAE,CAAA;YAChB,OAAM;QACR,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAA;QAEnB,oCAAoC;QACpC,GAAG,CAAC,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAa,EAAE,EAAE;YACrD,MAAM,IAAI,GAAsB;gBAC9B,IAAI,CAAC,KAAkB;oBACrB,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAA;gBAChC,CAAC;gBACD,OAAO,CAAC,OAAO;oBACb,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,IAAqB,EAAE,EAAE;wBACzC,MAAM,GAAG,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;wBACnE,IAAI,CAAC;4BACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAgB,CAAA;4BAC7C,OAAO,CAAC,MAAM,CAAC,CAAA;wBACjB,CAAC;wBAAC,MAAM,CAAC;4BACP,2BAA2B;wBAC7B,CAAC;oBACH,CAAC,CAAC,CAAA;gBACJ,CAAC;gBACD,OAAO,CAAC,OAAO;oBACb,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;gBACzB,CAAC;gBACD,KAAK;oBACH,EAAE,CAAC,KAAK,EAAE,CAAA;gBACZ,CAAC;aACF,CAAA;YACD,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;YAEjC,8EAA8E;YAC9E,KAAK,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;YACnD,KAAK,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;gBACxB,EAAE,EAAE,GAAG,EAAE;gBACT,GAAG;gBACH,GAAG,EAAE,IAAI;gBACT,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;aAC5B,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC","sourcesContent":["import { WebSocketServer } from 'ws'\nimport type { WebSocket } from 'ws'\nimport type { IncomingMessage } from 'node:http'\nimport type { Duplex } from 'node:stream'\nimport type { PairingRegistry, PairingConnection } from './pairing-registry.js'\nimport type { TokenStore } from '../token-store.js'\nimport type { AuditSink } from '../audit.js'\nimport { tokenHashOf } from '../token.js'\nimport type { ClientFrame, ServerFrame } from '../../protocol.js'\n\nexport type UpgradeDeps = {\n  tokenStore: TokenStore\n  registry: PairingRegistry\n  auditSink: AuditSink\n  now?: () => number\n}\n\n/**\n * Returns a handler for `server.on('upgrade', ...)`. Validates the token\n * from the query string, attaches to the registry, wires frame/close\n * routing. Unauthorized paths/tokens get a bare HTTP error response on\n * the raw socket (per RFC 6455 the response must be sent before the\n * socket is torn down).\n *\n * Spec §10.2, §10.4.\n */\nexport function createWsUpgradeHandler(deps: UpgradeDeps) {\n  const wss = new WebSocketServer({ noServer: true })\n  const now = deps.now ?? (() => Date.now())\n\n  return async (req: IncomingMessage, socket: Duplex, head: Buffer): Promise<void> => {\n    // Path check\n    const url = new URL(req.url ?? '/', 'http://localhost')\n    if (url.pathname !== '/agent/ws') {\n      socket.write('HTTP/1.1 404 Not Found\\r\\n\\r\\n')\n      socket.destroy()\n      return\n    }\n\n    // Token — try query string first, then Authorization header\n    let token = url.searchParams.get('token')\n    if (!token) {\n      const auth = req.headers['authorization']\n      if (typeof auth === 'string' && auth.startsWith('Bearer ')) {\n        token = auth.slice('Bearer '.length)\n      }\n    }\n    if (!token) {\n      socket.write('HTTP/1.1 401 Unauthorized\\r\\n\\r\\n')\n      socket.destroy()\n      return\n    }\n\n    // Same hash-lookup verify path as the LAP HTTP handlers — see\n    // describe.ts:verifyAndReadTid for the rationale.\n    const hash = await tokenHashOf(token)\n    if (!hash) {\n      socket.write('HTTP/1.1 401 Unauthorized\\r\\n\\r\\n')\n      socket.destroy()\n      return\n    }\n    const rec = await deps.tokenStore.findByTokenHash(hash)\n    if (!rec || rec.expiresAt <= now()) {\n      socket.write('HTTP/1.1 401 Unauthorized\\r\\n\\r\\n')\n      socket.destroy()\n      return\n    }\n    const tid = rec.tid\n\n    // Perform upgrade, wire to registry\n    wss.handleUpgrade(req, socket, head, (ws: WebSocket) => {\n      const conn: PairingConnection = {\n        send(frame: ServerFrame) {\n          ws.send(JSON.stringify(frame))\n        },\n        onFrame(handler) {\n          ws.on('message', (data: Buffer | string) => {\n            const raw = typeof data === 'string' ? data : data.toString('utf8')\n            try {\n              const parsed = JSON.parse(raw) as ClientFrame\n              handler(parsed)\n            } catch {\n              // Ignore malformed frames.\n            }\n          })\n        },\n        onClose(handler) {\n          ws.on('close', handler)\n        },\n        close() {\n          ws.close()\n        },\n      }\n      deps.registry.register(tid, conn)\n\n      // Transition status: browser WS is now live, waiting for Claude's first call.\n      void deps.tokenStore.markAwaitingClaude(tid, now())\n      void deps.auditSink.write({\n        at: now(),\n        tid,\n        uid: null,\n        event: 'claim',\n        detail: { transport: 'ws' },\n      })\n    })\n  }\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@llui/agent",
-  "version": "0.0.34",
+  "version": "0.0.35",
   "type": "module",
   "sideEffects": false,
   "exports": {