npm - @nordbyte/nordrelay - Versions diffs - 0.8.0 → 0.8.2 - Mend

@nordbyte/nordrelay 0.8.0 → 0.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (173) hide show

package/dist/peers/peer-discovery-jobs.js ADDED Viewed

@@ -0,0 +1,206 @@
+import { randomUUID } from "node:crypto";
+import os from "node:os";
+import path from "node:path";
+import { readJsonFileWithBackup, writeJsonFileAtomic } from "../state/persistence.js";
+import { countDiscoveryTargets, discoverLanPeers } from "./peer-discovery.js";
+const MAX_JOBS = 25;
+const MAX_LOG_LINES = 300;
+const DEFAULT_HOME = path.join(os.homedir(), ".nordrelay");
+export class PeerDiscoveryJobManager {
+    config;
+    jobs = new Map();
+    filePath;
+    constructor(config, home = process.env.NORDRELAY_HOME || DEFAULT_HOME) {
+        this.config = config;
+        this.filePath = path.join(home, "peer-discovery-jobs.json");
+        this.load();
+    }
+    list() {
+        return [...this.jobs.values()].map((entry) => cloneJob(entry.snapshot))
+            .sort((left, right) => Date.parse(right.createdAt) - Date.parse(left.createdAt));
+    }
+    get(id) {
+        const entry = this.jobs.get(id);
+        return entry ? cloneJob(entry.snapshot) : null;
+    }
+    log(id) {
+        return this.jobs.get(id)?.snapshot.log.join("\n") ?? "";
+    }
+    async start(input = {}) {
+        this.prune();
+        const controller = new AbortController();
+        const options = normalizeInput(this.config, input);
+        const id = randomUUID().replace(/-/g, "").slice(0, 12);
+        const snapshot = {
+            id,
+            status: "queued",
+            createdAt: new Date().toISOString(),
+            scanned: 0,
+            total: await countDiscoveryTargets(this.config, options).catch(() => 0),
+            candidates: [],
+            warnings: [],
+            log: [],
+            options,
+        };
+        const entry = { snapshot, controller };
+        this.jobs.set(id, entry);
+        this.append(entry, `Queued peer discovery job ${id}.`);
+        void this.run(entry).catch((error) => {
+            entry.snapshot.status = controller.signal.aborted ? "cancelled" : "failed";
+            entry.snapshot.error = error instanceof Error ? error.message : String(error);
+            entry.snapshot.completedAt = new Date().toISOString();
+            this.append(entry, entry.snapshot.error);
+        });
+        return cloneJob(snapshot);
+    }
+    cancel(id) {
+        const entry = this.jobs.get(id);
+        if (!entry)
+            return null;
+        if (entry.snapshot.status === "queued" || entry.snapshot.status === "running") {
+            entry.controller.abort();
+            entry.snapshot.status = "cancelled";
+            entry.snapshot.completedAt = new Date().toISOString();
+            this.append(entry, "Cancellation requested.");
+        }
+        return cloneJob(entry.snapshot);
+    }
+    async run(entry) {
+        entry.snapshot.status = "running";
+        entry.snapshot.startedAt = new Date().toISOString();
+        this.append(entry, `Scanning ${entry.snapshot.total} peer endpoint candidate(s).`);
+        const result = await discoverLanPeers(this.config, {
+            ...entry.snapshot.options,
+            signal: entry.controller.signal,
+            onProgress: (progress) => {
+                entry.snapshot.scanned = progress.scanned;
+                if (progress.candidate) {
+                    entry.snapshot.candidates = mergeCandidates(entry.snapshot.candidates, progress.candidate);
+                    this.append(entry, `Found ${progress.candidate.name || progress.candidate.host} at ${progress.candidate.url}.`);
+                }
+                else if (progress.scanned % 25 === 0 || progress.scanned === entry.snapshot.total) {
+                    this.append(entry, `Scanned ${progress.scanned}/${progress.total}.`);
+                }
+            },
+        });
+        entry.snapshot.scanned = result.scanned;
+        entry.snapshot.candidates = result.candidates;
+        entry.snapshot.warnings = result.warnings;
+        entry.snapshot.status = entry.controller.signal.aborted ? "cancelled" : "completed";
+        entry.snapshot.completedAt = new Date().toISOString();
+        this.append(entry, `${entry.snapshot.status === "completed" ? "Completed" : "Cancelled"} with ${result.candidates.length} candidate(s).`);
+        for (const warning of result.warnings) {
+            this.append(entry, `Warning: ${warning}`);
+        }
+    }
+    append(entry, line) {
+        entry.snapshot.log.push(`[${new Date().toLocaleString()}] ${line}`);
+        if (entry.snapshot.log.length > MAX_LOG_LINES) {
+            entry.snapshot.log.splice(0, entry.snapshot.log.length - MAX_LOG_LINES);
+        }
+        this.save();
+    }
+    prune() {
+        const completed = this.list()
+            .filter((job) => job.status !== "running" && job.status !== "queued")
+            .slice(MAX_JOBS);
+        for (const job of completed) {
+            this.jobs.delete(job.id);
+        }
+        this.save();
+    }
+    load() {
+        const result = readJsonFileWithBackup(this.filePath);
+        const jobs = Array.isArray(result.value?.jobs) ? result.value.jobs : [];
+        let changed = false;
+        for (const job of jobs) {
+            const snapshot = normalizePersistedJob(job);
+            if (!snapshot)
+                continue;
+            if (snapshot.status === "queued" || snapshot.status === "running") {
+                snapshot.status = "failed";
+                snapshot.completedAt = new Date().toISOString();
+                snapshot.error = "Discovery job was interrupted by a NordRelay restart.";
+                snapshot.log = [
+                    ...snapshot.log,
+                    `[${new Date().toLocaleString()}] Discovery job was interrupted by a NordRelay restart.`,
+                ].slice(-MAX_LOG_LINES);
+                changed = true;
+            }
+            this.jobs.set(snapshot.id, { snapshot, controller: new AbortController() });
+        }
+        this.prune();
+        if (changed) {
+            this.save();
+        }
+    }
+    save() {
+        const jobs = this.list().slice(0, MAX_JOBS);
+        writeJsonFileAtomic(this.filePath, { version: 1, jobs });
+    }
+}
+function normalizePersistedJob(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value))
+        return null;
+    const record = value;
+    if (typeof record.id !== "string" || typeof record.createdAt !== "string")
+        return null;
+    const status = typeof record.status === "string" && ["queued", "running", "completed", "failed", "cancelled"].includes(record.status)
+        ? record.status
+        : "failed";
+    const optionsRecord = record.options && typeof record.options === "object" && !Array.isArray(record.options)
+        ? record.options
+        : {};
+    return {
+        id: record.id,
+        status,
+        createdAt: record.createdAt,
+        startedAt: typeof record.startedAt === "string" ? record.startedAt : undefined,
+        completedAt: typeof record.completedAt === "string" ? record.completedAt : undefined,
+        scanned: integerField(record.scanned),
+        total: integerField(record.total),
+        candidates: Array.isArray(record.candidates) ? record.candidates : [],
+        warnings: Array.isArray(record.warnings) ? record.warnings.filter((item) => typeof item === "string") : [],
+        log: Array.isArray(record.log) ? record.log.filter((item) => typeof item === "string").slice(-MAX_LOG_LINES) : [],
+        error: typeof record.error === "string" ? record.error : undefined,
+        options: {
+            targets: Array.isArray(optionsRecord.targets) ? optionsRecord.targets.filter((item) => typeof item === "string") : [],
+            timeoutMs: integerField(optionsRecord.timeoutMs),
+            concurrency: integerField(optionsRecord.concurrency),
+            maxHosts: integerField(optionsRecord.maxHosts),
+        },
+    };
+}
+function integerField(value) {
+    const parsed = typeof value === "number" ? value : Number(value);
+    return Number.isInteger(parsed) && parsed >= 0 ? parsed : 0;
+}
+function normalizeInput(config, input) {
+    return {
+        targets: (input.targets ?? []).map((target) => target.trim()).filter(Boolean),
+        timeoutMs: clampInteger(input.timeoutMs, config.peerDiscoveryTimeoutMs, 100, 30_000),
+        concurrency: clampInteger(input.concurrency, 32, 1, 128),
+        maxHosts: clampInteger(input.maxHosts, 512, 1, 65_536),
+    };
+}
+function clampInteger(value, fallback, min, max) {
+    const parsed = Number(value);
+    return Number.isInteger(parsed) ? Math.max(min, Math.min(max, parsed)) : fallback;
+}
+function mergeCandidates(existing, candidate) {
+    const byNode = new Map(existing.map((item) => [item.nodeId, item]));
+    byNode.set(candidate.nodeId, candidate);
+    return [...byNode.values()].sort((left, right) => (left.name || left.host).localeCompare(right.name || right.host));
+}
+function cloneJob(job) {
+    return {
+        ...job,
+        candidates: job.candidates.map((candidate) => ({ ...candidate })),
+        warnings: [...job.warnings],
+        log: [...job.log],
+        options: {
+            ...job.options,
+            targets: [...job.options.targets],
+        },
+    };
+}

package/dist/peers/peer-discovery.js ADDED Viewed

@@ -0,0 +1,223 @@
+import dns from "node:dns/promises";
+import net from "node:net";
+import os from "node:os";
+import { checkPeerIdentityEndpoint } from "./peer-client.js";
+export async function discoverLanPeers(config, options = {}) {
+    const warnings = [];
+    const targets = await buildDiscoveryTargets(config, options.maxHosts ?? 512, warnings, options.targets ?? []);
+    const candidates = [];
+    const concurrency = Math.max(1, Math.min(options.concurrency ?? 32, 128));
+    let index = 0;
+    let scanned = 0;
+    async function worker() {
+        while (index < targets.length) {
+            if (options.signal?.aborted) {
+                return;
+            }
+            const target = targets[index++];
+            const startedAt = Date.now();
+            const probe = await checkPeerIdentityEndpoint(target.url, { timeoutMs: options.timeoutMs ?? config.peerDiscoveryTimeoutMs });
+            scanned += 1;
+            if (!probe.ok || !probe.identity) {
+                options.onProgress?.({ scanned, total: targets.length, target: target.url });
+                continue;
+            }
+            const candidate = {
+                url: target.url,
+                host: target.host,
+                port: target.port,
+                scheme: target.scheme,
+                nodeId: probe.identity.nodeId,
+                name: probe.identity.name,
+                fingerprint: probe.identity.fingerprint,
+                tlsFingerprint: probe.tlsFingerprint,
+                latencyMs: probe.latencyMs ?? Date.now() - startedAt,
+            };
+            candidates.push(candidate);
+            options.onProgress?.({ scanned, total: targets.length, candidate, target: target.url });
+        }
+    }
+    await Promise.all(Array.from({ length: Math.min(concurrency, targets.length) }, () => worker()));
+    return {
+        scanned,
+        candidates: dedupeCandidates(candidates),
+        warnings: options.signal?.aborted ? [...warnings, "Discovery was cancelled."] : warnings,
+    };
+}
+export async function countDiscoveryTargets(config, options = {}) {
+    return (await buildDiscoveryTargets(config, options.maxHosts ?? 512, [], options.targets ?? [])).length;
+}
+async function buildDiscoveryTargets(config, maxHosts, warnings, requestedTargets) {
+    const schemes = config.peerTlsEnabled ? ["https"] : ["http", "https"];
+    const explicitTargets = await customDiscoveryTargets(requestedTargets, config.peerPort, schemes, maxHosts, warnings);
+    if (explicitTargets.length > 0) {
+        return dedupeTargets(explicitTargets);
+    }
+    const targets = [];
+    const hosts = localSubnetHosts(maxHosts, warnings);
+    const mdnsHosts = await mdnsCandidateHosts(warnings);
+    if (hosts.length === 0 && mdnsHosts.length === 0) {
+        warnings.push("No private IPv4 LAN interface was found for peer discovery.");
+    }
+    for (const host of [...hosts, ...mdnsHosts]) {
+        for (const scheme of schemes) {
+            targets.push({ host, scheme, port: config.peerPort, url: formatDiscoveryUrl(scheme, host, config.peerPort) });
+        }
+    }
+    return dedupeTargets(targets);
+}
+async function customDiscoveryTargets(requested, port, schemes, maxHosts, warnings) {
+    const targets = [];
+    for (const raw of requested.flatMap((value) => value.split(/[\n, ]/)).map((value) => value.trim()).filter(Boolean)) {
+        if (/^https?:\/\//i.test(raw)) {
+            try {
+                const url = new URL(raw);
+                const scheme = url.protocol === "http:" ? "http" : "https";
+                const targetPort = Number(url.port || port);
+                targets.push({ host: url.hostname, scheme, port: targetPort, url: formatDiscoveryUrl(scheme, url.hostname, targetPort) });
+            }
+            catch {
+                warnings.push(`Ignored invalid discovery URL: ${raw}`);
+            }
+            continue;
+        }
+        for (const host of expandHostPattern(raw, maxHosts, warnings)) {
+            for (const scheme of schemes) {
+                targets.push({ host, scheme, port, url: formatDiscoveryUrl(scheme, host, port) });
+            }
+        }
+    }
+    return targets;
+}
+function expandHostPattern(raw, maxHosts, warnings) {
+    if (raw.includes("/")) {
+        return expandIpv4Cidr(raw, maxHosts, warnings);
+    }
+    const range = raw.match(/^(\d+\.\d+\.\d+\.)(\d+)-(\d+)$/);
+    if (range) {
+        const start = Number(range[2]);
+        const end = Number(range[3]);
+        if (!Number.isInteger(start) || !Number.isInteger(end) || start < 0 || end > 255 || start > end) {
+            warnings.push(`Ignored invalid IPv4 range: ${raw}`);
+            return [];
+        }
+        return Array.from({ length: Math.min(maxHosts, end - start + 1) }, (_, index) => `${range[1]}${start + index}`);
+    }
+    if (net.isIP(raw) || /^[a-z0-9_.-]+$/i.test(raw)) {
+        return [raw];
+    }
+    warnings.push(`Ignored invalid discovery target: ${raw}`);
+    return [];
+}
+function expandIpv4Cidr(raw, maxHosts, warnings) {
+    const [address, prefixText] = raw.split("/");
+    const prefix = Number(prefixText);
+    if (net.isIP(address) !== 4 || !Number.isInteger(prefix) || prefix < 16 || prefix > 32) {
+        warnings.push(`Ignored unsupported discovery CIDR: ${raw}. Use IPv4 /16 through /32.`);
+        return [];
+    }
+    const base = ipv4ToNumber(address);
+    const hostBits = 32 - prefix;
+    const mask = hostBits === 32 ? 0 : (0xffffffff << hostBits) >>> 0;
+    const network = base & mask;
+    const total = prefix === 32 ? 1 : Math.max(0, (2 ** hostBits) - 2);
+    const count = Math.min(total, maxHosts);
+    if (total > maxHosts) {
+        warnings.push(`CIDR ${raw} was limited to ${maxHosts} host candidates.`);
+    }
+    return Array.from({ length: count }, (_, index) => numberToIpv4(network + (prefix === 32 ? index : index + 1)));
+}
+async function mdnsCandidateHosts(warnings) {
+    const names = [`${os.hostname()}.local`, "nordrelay.local"];
+    const found = [];
+    for (const name of names) {
+        try {
+            await withTimeout(dns.lookup(name), 250);
+            found.push(name);
+        }
+        catch {
+            // mDNS support depends on the host resolver; absence is normal.
+        }
+    }
+    return found;
+}
+async function withTimeout(promise, timeoutMs) {
+    let timeout;
+    try {
+        return await Promise.race([
+            promise,
+            new Promise((_, reject) => {
+                timeout = setTimeout(() => reject(new Error("mDNS lookup timed out.")), timeoutMs);
+                timeout.unref?.();
+            }),
+        ]);
+    }
+    finally {
+        if (timeout)
+            clearTimeout(timeout);
+    }
+}
+function formatDiscoveryUrl(scheme, host, port) {
+    const displayHost = net.isIP(host) === 6 && !host.startsWith("[") ? `[${host}]` : host;
+    return `${scheme}://${displayHost}:${port}`;
+}
+function dedupeTargets(targets) {
+    const seen = new Set();
+    return targets.filter((target) => {
+        const key = target.url.toLowerCase();
+        if (seen.has(key))
+            return false;
+        seen.add(key);
+        return true;
+    });
+}
+function localSubnetHosts(maxHosts, warnings) {
+    const interfaces = os.networkInterfaces();
+    const hosts = new Set();
+    for (const items of Object.values(interfaces)) {
+        for (const item of items ?? []) {
+            if (item.family !== "IPv4" || item.internal || !isPrivateIPv4(item.address)) {
+                continue;
+            }
+            const parts = item.address.split(".").map(Number);
+            if (parts.length !== 4 || parts.some((part) => !Number.isInteger(part))) {
+                continue;
+            }
+            const prefix = parts.slice(0, 3).join(".");
+            for (let last = 1; last <= 254; last += 1) {
+                const host = `${prefix}.${last}`;
+                if (host !== item.address) {
+                    hosts.add(host);
+                }
+                if (hosts.size >= maxHosts) {
+                    warnings.push(`LAN discovery was limited to ${maxHosts} host candidates.`);
+                    return [...hosts];
+                }
+            }
+        }
+    }
+    return [...hosts];
+}
+function isPrivateIPv4(address) {
+    const [a, b] = address.split(".").map(Number);
+    return a === 10 ||
+        (a === 172 && b >= 16 && b <= 31) ||
+        (a === 192 && b === 168) ||
+        (a === 169 && b === 254);
+}
+function ipv4ToNumber(address) {
+    return address.split(".").map(Number).reduce((sum, part) => ((sum << 8) + part) >>> 0, 0);
+}
+function numberToIpv4(value) {
+    return [24, 16, 8, 0].map((shift) => (value >>> shift) & 255).join(".");
+}
+function dedupeCandidates(candidates) {
+    const byNode = new Map();
+    for (const candidate of candidates) {
+        const existing = byNode.get(candidate.nodeId);
+        if (!existing || (candidate.latencyMs ?? Number.MAX_SAFE_INTEGER) < (existing.latencyMs ?? Number.MAX_SAFE_INTEGER)) {
+            byNode.set(candidate.nodeId, candidate);
+        }
+    }
+    return [...byNode.values()].sort((a, b) => (a.name || a.host).localeCompare(b.name || b.host));
+}

package/dist/peers/peer-health-monitor.js ADDED Viewed

@@ -0,0 +1,49 @@
+import { RemoteRelayClient } from "./peer-client.js";
+import { PeerStore } from "./peer-store.js";
+export function startPeerHealthMonitor(options) {
+    const store = new PeerStore(options.home);
+    const client = new RemoteRelayClient(store);
+    let running = false;
+    let timer;
+    async function checkNow() {
+        if (running) {
+            return;
+        }
+        running = true;
+        try {
+            const peers = store.list().filter((peer) => peer.enabled && peer.url);
+            await Promise.all(peers.map(async (peer) => {
+                try {
+                    const startedAt = Date.now();
+                    const result = await client.rpc(peer.id, "peer.ping");
+                    const record = result && typeof result === "object" ? result : {};
+                    store.markSeen(peer.id, {
+                        latencyMs: Date.now() - startedAt,
+                        remoteVersion: typeof record.version === "string" ? record.version : undefined,
+                        remoteStatus: typeof record.status === "string" ? record.status : "online",
+                    });
+                }
+                catch (error) {
+                    store.markError(peer.id, error instanceof Error ? error.message : String(error));
+                }
+            }));
+        }
+        finally {
+            running = false;
+        }
+    }
+    if (options.config.peerHealthCheckMs > 0) {
+        timer = setInterval(() => void checkNow().catch(() => { }), options.config.peerHealthCheckMs);
+        timer.unref?.();
+        setTimeout(() => void checkNow().catch(() => { }), 2_000).unref?.();
+    }
+    return {
+        checkNow,
+        close() {
+            if (timer) {
+                clearInterval(timer);
+                timer = undefined;
+            }
+        },
+    };
+}

package/dist/{peer-identity.js → peers/peer-identity.js} RENAMED Viewed

@@ -3,7 +3,7 @@ import { chmodSync, existsSync, mkdirSync, readFileSync } from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import selfsigned from "selfsigned";
-import { readJsonFileWithBackup, writeJsonFileAtomic, writeTextFileAtomic } from "./persistence.js";
+import { readJsonFileWithBackup, writeJsonFileAtomic, writeTextFileAtomic } from "../state/persistence.js";
 const DEFAULT_HOME = path.join(os.homedir(), ".nordrelay");
 export function loadOrCreatePeerIdentity(home = process.env.NORDRELAY_HOME || DEFAULT_HOME, name) {
     const filePath = path.join(home, "identity.json");
@@ -48,6 +48,55 @@ export function loadOrCreatePeerIdentity(home = process.env.NORDRELAY_HOME || DE
         privateKey: identity.privateKey,
     };
 }
+export function exportPeerIdentityBackup(home = process.env.NORDRELAY_HOME || DEFAULT_HOME, name) {
+    const identity = loadOrCreatePeerIdentity(home, name);
+    const tls = existsSync(path.join(home, "tls", "peer.crt"))
+        ? ensurePeerTlsFiles(home, identity.public)
+        : undefined;
+    return {
+        version: 1,
+        exportedAt: new Date().toISOString(),
+        identity: identity.public,
+        privateKey: identity.privateKey,
+        tlsFingerprint: tls?.fingerprint,
+    };
+}
+export function restorePeerIdentityBackup(backup, home = process.env.NORDRELAY_HOME || DEFAULT_HOME) {
+    if (!backup || backup.version !== 1 || !backup.identity?.publicKey || !backup.privateKey) {
+        throw new Error("Invalid peer identity backup.");
+    }
+    const fingerprint = fingerprintForPublicKey(backup.identity.publicKey);
+    if (fingerprint !== backup.identity.fingerprint) {
+        throw new Error("Peer identity backup fingerprint does not match the public key.");
+    }
+    const probe = `nordrelay-identity-restore:${Date.now()}`;
+    const signature = signPeerPayload(backup.privateKey, probe);
+    if (!verifyPeerPayload(backup.identity.publicKey, probe, signature)) {
+        throw new Error("Peer identity backup private key does not match the public key.");
+    }
+    const payload = {
+        nodeId: backup.identity.nodeId,
+        name: backup.identity.name || defaultNodeName(),
+        publicKey: backup.identity.publicKey,
+        privateKey: backup.privateKey,
+        fingerprint,
+        createdAt: backup.identity.createdAt || new Date().toISOString(),
+    };
+    const filePath = path.join(home, "identity.json");
+    mkdirSync(path.dirname(filePath), { recursive: true });
+    writeJsonFileAtomic(filePath, payload);
+    chmodSync(filePath, 0o600);
+    return {
+        public: {
+            nodeId: payload.nodeId,
+            name: payload.name,
+            publicKey: payload.publicKey,
+            fingerprint: payload.fingerprint,
+            createdAt: payload.createdAt,
+        },
+        privateKey: payload.privateKey,
+    };
+}
 export function ensurePeerTlsFiles(home = process.env.NORDRELAY_HOME || DEFAULT_HOME, identity) {
     const certDir = path.join(home, "tls");
     const certPath = path.join(certDir, "peer.crt");

package/dist/{peer-runtime-service.js → peers/peer-runtime-service.js} RENAMED Viewed

@@ -1,11 +1,12 @@
 import { readFileSync } from "node:fs";
-import { enabledAgents } from "./agent-factory.js";
-import { listAgentAdapterDescriptors } from "./agent-adapter.js";
-import { isAgentId } from "./agent.js";
-import { permissionForWebRequest } from "./access-control.js";
-import { listChannelDescriptors } from "./channel-adapter.js";
-import { friendlyErrorText } from "./error-messages.js";
-import { getPackageVersion } from "./operations.js";
+import { enabledAgents } from "../agents/shared/agent-factory.js";
+import { listAgentAdapterDescriptors } from "../agents/shared/agent-adapter.js";
+import { buildAdapterConformanceMatrix } from "../agents/shared/adapter-conformance.js";
+import { isAgentId } from "../agents/shared/agent.js";
+import { permissionForWebRequest } from "../access/access-control.js";
+import { listChannelDescriptors } from "../channels/shared/channel-adapter.js";
+import { friendlyErrorText } from "../core/error-messages.js";
+import { getPackageVersion } from "../support/operations.js";
 import { checkPeerEndpoint } from "./peer-client.js";
 export class PeerRuntimeService {
     config;
@@ -147,6 +148,12 @@ export class PeerRuntimeService {
         if (method === "GET" && path === "/api/adapters/health") {
             return { adapters: (await runtime.adapterHealth()).filter((adapter) => this.canUseAgent(peer, adapter.id)) };
         }
+        if (method === "GET" && path === "/api/adapters/conformance") {
+            return buildAdapterConformanceMatrix({
+                agents: listAgentAdapterDescriptors().filter((adapter) => this.canUseAgent(peer, adapter.id)),
+                channels: listChannelDescriptors(),
+            });
+        }
         if (method === "GET" && path === "/api/diagnostics")
             return this.scopedDiagnostics(peer, await runtime.diagnostics());
         if (method === "GET" && path === "/api/diagnostics/bundle") {
@@ -163,6 +170,13 @@ export class PeerRuntimeService {
             this.assertAgentScope(peer, agentId);
             return this.scopedControlOptions(peer, await runtime.controlOptions(agentId));
         }
+        if (method === "GET" && path === "/api/locks")
+            return { locks: runtime.locks() };
+        if (method === "POST" && path === "/api/locks") {
+            return { lock: runtime.lockWebSession(stringValue(body.ownerName) || `Peer ${peer.name}`, remoteActor), locks: runtime.locks() };
+        }
+        if (method === "DELETE" && path === "/api/locks")
+            return runtime.unlockWebSession(remoteActor);
         if (method === "GET" && path === "/api/auth/status") {
             const agentId = parseAgentId(query.agent);
             this.assertAgentScope(peer, agentId);
@@ -281,6 +295,14 @@ export class PeerRuntimeService {
             await this.assertCurrentSessionScope(peer, runtime);
             return { messages: await runtime.chatHistory(numberValue(query.limit, 200)) };
         }
+        if (method === "GET" && path === "/api/chat/mirror") {
+            await this.assertCurrentSessionScope(peer, runtime);
+            return runtime.webMirrorPreference("");
+        }
+        if (method === "POST" && path === "/api/chat/mirror") {
+            await this.assertCurrentSessionScope(peer, runtime);
+            return runtime.webMirrorPreference(stringValue(body.argument) || stringValue(body.mode) || "", remoteActor);
+        }
         if (method === "DELETE" && path === "/api/chat/history") {
             await this.assertCurrentSessionScope(peer, runtime);
             return runtime.clearChatHistory(remoteActor);