@peekdev/mcp 0.1.0-alpha.1

package/dist/native-host/action-protocol.d.ts

@@ -0,0 +1,49 @@
+import type { Action } from '../mcp/action-schema.js';
+/** SW → host: a verdict + result payload for a previously-issued request. */
+export interface ActionResultMessage {
+    type: 'action.result';
+    requestId: string;
+    /** Mirrored from action.request so the audit log can fold it back together. */
+    tool: 'execute_action' | 'request_authorization';
+    /** What the gate decided + (for Level 3) what the user clicked. */
+    verdict: 'allow' | 'deny';
+    /** Final result of the dispatch (or 'denied' if verdict='deny'). */
+    result: 'ok' | 'denied' | 'error';
+    /** 'user' | 'allow-list-match' | 'level-4-auto'. */
+    approver: 'user' | 'allow-list-match' | 'level-4-auto';
+    /** ms-since-epoch when the user confirmed / denied (Level 3). */
+    approvalMs?: number;
+    /** The destructive term that fired, if applicable (for the audit log). */
+    destructiveTerm?: string;
+    /** Free-form detail (error message / screenshot dataURL / etc.). */
+    details?: unknown;
+    /** Error message when `result === 'error'` or 'denied'. */
+    error?: string;
+}
+/** host → SW: please execute / authorize this action. */
+export interface ActionRequestMessage {
+    type: 'action.request';
+    requestId: string;
+    tool: 'execute_action' | 'request_authorization';
+    sessionId: string;
+    action: Action;
+    /** MCP client name from clientInfo (for audit-log "approver context"). */
+    client: string;
+    /** Destructive-term deltas from ~/.peek/policy.json (forwarded to the dispatcher). */
+    policy: {
+        add: readonly string[];
+        remove: readonly string[];
+    };
+    /** Optional pinning to a specific tab id (SW picks active when omitted). */
+    tabId?: number;
+}
+/** SW → host: the banner is now visible to the user (timing signal). */
+export interface ActionConfirmShownMessage {
+    type: 'action.confirm.shown';
+    requestId: string;
+    /** ms-since-epoch the SW posted the banner. */
+    shownAtMs: number;
+}
+export type HostToSwMessage = ActionRequestMessage;
+export type SwToHostMessage = ActionResultMessage | ActionConfirmShownMessage;
+//# sourceMappingURL=action-protocol.d.ts.map

package/dist/native-host/action-protocol.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"action-protocol.d.ts","sourceRoot":"","sources":["../../src/native-host/action-protocol.ts"],"names":[],"mappings":"AAmCA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AAEtD,6EAA6E;AAC7E,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,eAAe,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,+EAA+E;IAC/E,IAAI,EAAE,gBAAgB,GAAG,uBAAuB,CAAC;IACjD,mEAAmE;IACnE,OAAO,EAAE,OAAO,GAAG,MAAM,CAAC;IAC1B,oEAAoE;IACpE,MAAM,EAAE,IAAI,GAAG,QAAQ,GAAG,OAAO,CAAC;IAClC,oDAAoD;IACpD,QAAQ,EAAE,MAAM,GAAG,kBAAkB,GAAG,cAAc,CAAC;IACvD,iEAAiE;IACjE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,0EAA0E;IAC1E,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,oEAAoE;IACpE,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,2DAA2D;IAC3D,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,yDAAyD;AACzD,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,gBAAgB,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,gBAAgB,GAAG,uBAAuB,CAAC;IACjD,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,0EAA0E;IAC1E,MAAM,EAAE,MAAM,CAAC;IACf,sFAAsF;IACtF,MAAM,EAAE;QACN,GAAG,EAAE,SAAS,MAAM,EAAE,CAAC;QACvB,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;KAC3B,CAAC;IACF,4EAA4E;IAC5E,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wEAAwE;AACxE,MAAM,WAAW,yBAAyB;IACxC,IAAI,EAAE,sBAAsB,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,+CAA+C;IAC/C,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,eAAe,GAAG,oBAAoB,CAAC;AACnD,MAAM,MAAM,eAAe,GAAG,mBAAmB,GAAG,yBAAyB,CAAC"}

package/dist/native-host/action-protocol.js

@@ -0,0 +1,36 @@
+// Native-host ↔ SW action-request wire protocol (Task 3.24).
+//
+// This is a NEW message-type catalog on top of the existing native-port
+// channel. The capture-pipeline messages (`session.append`, `console.append`,
+// `network.append`, `shadow.report`) are fire-and-forget INGEST traffic from
+// the SW; the action messages here are CORRELATED REQUEST/RESPONSE traffic
+// initiated by the host (an MCP tool call) and answered by the SW (after the
+// MAIN-world dispatcher runs + possibly a side-panel banner).
+//
+// Correlation: every request carries a `requestId` (UUID). The SW echoes it on
+// its reply; the host's `RequestRegistry` matches reply → pending tool handler.
+//
+// Three message types:
+//
+//   action.request  (host → SW)
+//     Asks the SW to execute (or seek confirmation for) `action`. The host
+//     attaches:
+//       - `tool` so the SW knows whether this is execute_action or
+//         request_authorization (banner copy / audit shape differ).
+//       - `policy` — the destructive add/remove deltas from ~/.peek/policy.json
+//         so the MAIN-world dispatcher merges them at decision time.
+//       - `tabId` (optional) — when the tool args identify a session whose
+//         active tab the host knows, the SW resolves to that tab; otherwise
+//         the SW picks the active tab in the focused window.
+//
+//   action.confirm  (host ↔ SW)
+//     OPTIONAL intermediate signal. The SW emits it when it surfaces the
+//     side-panel banner so the host (and the audit log) can record the time
+//     the user was prompted. NOT a correlation step — the verdict still
+//     arrives in action.result.
+//
+//   action.result   (SW → host)
+//     Terminal reply: `verdict` + `result` + `details`. The host's pending
+//     RequestRegistry entry resolves with this payload.
+export {};
+//# sourceMappingURL=action-protocol.js.map

package/dist/native-host/action-protocol.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"action-protocol.js","sourceRoot":"","sources":["../../src/native-host/action-protocol.ts"],"names":[],"mappings":"AAAA,6DAA6D;AAC7D,EAAE;AACF,wEAAwE;AACxE,8EAA8E;AAC9E,6EAA6E;AAC7E,2EAA2E;AAC3E,6EAA6E;AAC7E,8DAA8D;AAC9D,EAAE;AACF,+EAA+E;AAC/E,gFAAgF;AAChF,EAAE;AACF,uBAAuB;AACvB,EAAE;AACF,gCAAgC;AAChC,2EAA2E;AAC3E,gBAAgB;AAChB,mEAAmE;AACnE,oEAAoE;AACpE,gFAAgF;AAChF,qEAAqE;AACrE,2EAA2E;AAC3E,4EAA4E;AAC5E,6DAA6D;AAC7D,EAAE;AACF,gCAAgC;AAChC,yEAAyE;AACzE,4EAA4E;AAC5E,wEAAwE;AACxE,gCAAgC;AAChC,EAAE;AACF,gCAAgC;AAChC,2EAA2E;AAC3E,wDAAwD"}

package/dist/native-host/audit.d.ts

@@ -0,0 +1,69 @@
+import { type Action } from '../mcp/action-schema.js';
+/** Default location of the audit log (mirrors peek-cli/src/lib/peek-home.ts). */
+export declare function auditLogPath(): string;
+/** Tool names that produce audit entries — the two Level-3+ MCP write tools. */
+export type AuditTool = 'execute_action' | 'request_authorization';
+/** Approver values, ordered by what the dispatcher will record. */
+export type AuditApprover = 'user' | 'allow-list-match' | 'level-4-auto';
+/** Result values. */
+export type AuditResult = 'ok' | 'denied' | 'error';
+/** A single audit entry shape — matches the CLI's AuditEntry interface. */
+export interface AuditEntry {
+    ts: string;
+    tool: AuditTool;
+    /** The action object, with sensitive fields redacted before this is built. */
+    args: unknown;
+    approvalTs?: string;
+    approver: AuditApprover;
+    client: string;
+    sessionId: string;
+    result: AuditResult;
+    /** Optional: the destructive term that fired (for diagnostics). */
+    destructiveTerm?: string;
+    /** Optional: human-readable error detail when result === 'error' / 'denied'. */
+    error?: string;
+}
+/** Inputs to the writer — the caller supplies the Action; we redact it. */
+export interface BuildAuditEntryInput {
+    readonly tool: AuditTool;
+    readonly action: Action;
+    readonly approver: AuditApprover;
+    readonly client: string;
+    readonly sessionId: string;
+    readonly result: AuditResult;
+    /** ms-since-epoch of the request — omit to use Date.now() at build time. */
+    readonly nowMs?: number;
+    /** ms-since-epoch of the user's confirmation, if applicable. */
+    readonly approvalMs?: number;
+    readonly destructiveTerm?: string;
+    readonly error?: string;
+}
+/**
+ * Build the JSON line for one audit entry. Pure — no filesystem — so it
+ * unit-tests cleanly. The `args` field is the Action with sensitive fields
+ * (`TypeAction.text`, `NavigateAction.url` query-string values) redacted via
+ * {@link redactActionForAudit}.
+ */
+export declare function buildAuditEntry(input: BuildAuditEntryInput): AuditEntry;
+/** Serialize an entry to its single-line JSONL representation (trailing \n). */
+export declare function serializeAuditEntry(entry: AuditEntry): string;
+export interface AuditWriteOptions {
+    /** Override the audit log path (tests + PEEK_HOME). */
+    readonly path?: string;
+}
+/**
+ * Append an entry to the audit log, ensuring `~/.peek` exists first. Throws on
+ * I/O failure — the host's caller catches + downgrades to a console.error so a
+ * write-failure on the audit log can't tear down an action request mid-flight,
+ * but the throw is propagated so tests can assert on it.
+ *
+ * The audit log contains URL paths, DOM selectors, MCP-client identity, and
+ * session IDs. On a multi-user POSIX system we want owner-only access, so on
+ * first write we seed the file with mode `0o600`. If the file already exists
+ * we don't touch its mode — the user may have set their own. Windows ignores
+ * the `mode` argument silently; that's acceptable here.
+ */
+export declare function appendAuditEntry(entry: AuditEntry, options?: AuditWriteOptions): void;
+/** Convenience: build + serialize + append in one call. */
+export declare function recordAuditEntry(input: BuildAuditEntryInput, options?: AuditWriteOptions): AuditEntry;
+//# sourceMappingURL=audit.d.ts.map

package/dist/native-host/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/native-host/audit.ts"],"names":[],"mappings":"AAwBA,OAAO,EAAE,KAAK,MAAM,EAAwB,MAAM,yBAAyB,CAAC;AAE5E,iFAAiF;AACjF,wBAAgB,YAAY,IAAI,MAAM,CAErC;AAED,gFAAgF;AAChF,MAAM,MAAM,SAAS,GAAG,gBAAgB,GAAG,uBAAuB,CAAC;AAEnE,mEAAmE;AACnE,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,kBAAkB,GAAG,cAAc,CAAC;AAEzE,qBAAqB;AACrB,MAAM,MAAM,WAAW,GAAG,IAAI,GAAG,QAAQ,GAAG,OAAO,CAAC;AAEpD,2EAA2E;AAC3E,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,SAAS,CAAC;IAChB,8EAA8E;IAC9E,IAAI,EAAE,OAAO,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,aAAa,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,WAAW,CAAC;IACpB,mEAAmE;IACnE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gFAAgF;IAChF,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,2EAA2E;AAC3E,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC;IACjC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAC7B,4EAA4E;IAC5E,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,gEAAgE;IAChE,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,oBAAoB,GAAG,UAAU,CAiBvE;AAED,gFAAgF;AAChF,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAE7D;AAED,MAAM,WAAW,iBAAiB;IAChC,uDAAuD;IACvD,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,GAAE,iBAAsB,GAAG,IAAI,CAOzF;AAED,2DAA2D;AAC3D,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,oBAAoB,EAC3B,OAAO,GAAE,iBAAsB,GAC9B,UAAU,CAIZ"}

package/dist/native-host/audit.js

@@ -0,0 +1,85 @@
+// Audit log writer (Task 3.25, ADR-0010 / P2 PRD §H.3).
+//
+// Every act-tool call (execute_action AND request_authorization) appends ONE
+// JSON line to ~/.peek/audit.log. The CLI's `peek audit log [--since 1h |
+// --tool execute_action | --client cursor]` reads + filters this file.
+//
+// JSONL fields (P2 PRD §H.3):
+//   ts            ISO timestamp the host received the tool call
+//   tool          'execute_action' | 'request_authorization'
+//   args          the Action object (passwords / token values redacted)
+//   approvalTs    ISO when the user confirmed (Level 3) — omitted on YOLO auto
+//   approver      'user' | 'allow-list-match' | 'level-4-auto'
+//   client        MCP client name from clientInfo (cursor, claude-code, etc.)
+//   sessionId     the recording session id the action targets
+//   result        'ok' | 'denied' | 'error'
+//
+// Append-only: open the file with `flag: 'a'` for every write. We don't keep a
+// long-lived file handle — a single act-tool call writes one line and closes,
+// which is robust against host restarts / crashes mid-write. The line is
+// flushed before the function resolves.
+import { appendFileSync, existsSync, mkdirSync, writeFileSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { peekHomeDir } from '../db/open.js';
+import { redactActionForAudit } from '../mcp/action-schema.js';
+/** Default location of the audit log (mirrors peek-cli/src/lib/peek-home.ts). */
+export function auditLogPath() {
+    return join(peekHomeDir(), 'audit.log');
+}
+/**
+ * Build the JSON line for one audit entry. Pure — no filesystem — so it
+ * unit-tests cleanly. The `args` field is the Action with sensitive fields
+ * (`TypeAction.text`, `NavigateAction.url` query-string values) redacted via
+ * {@link redactActionForAudit}.
+ */
+export function buildAuditEntry(input) {
+    const ts = new Date(input.nowMs ?? Date.now()).toISOString();
+    const entry = {
+        ts,
+        tool: input.tool,
+        args: redactActionForAudit(input.action),
+        approver: input.approver,
+        client: input.client,
+        sessionId: input.sessionId,
+        result: input.result,
+    };
+    if (input.approvalMs !== undefined) {
+        entry.approvalTs = new Date(input.approvalMs).toISOString();
+    }
+    if (input.destructiveTerm !== undefined)
+        entry.destructiveTerm = input.destructiveTerm;
+    if (input.error !== undefined)
+        entry.error = input.error;
+    return entry;
+}
+/** Serialize an entry to its single-line JSONL representation (trailing \n). */
+export function serializeAuditEntry(entry) {
+    return `${JSON.stringify(entry)}\n`;
+}
+/**
+ * Append an entry to the audit log, ensuring `~/.peek` exists first. Throws on
+ * I/O failure — the host's caller catches + downgrades to a console.error so a
+ * write-failure on the audit log can't tear down an action request mid-flight,
+ * but the throw is propagated so tests can assert on it.
+ *
+ * The audit log contains URL paths, DOM selectors, MCP-client identity, and
+ * session IDs. On a multi-user POSIX system we want owner-only access, so on
+ * first write we seed the file with mode `0o600`. If the file already exists
+ * we don't touch its mode — the user may have set their own. Windows ignores
+ * the `mode` argument silently; that's acceptable here.
+ */
+export function appendAuditEntry(entry, options = {}) {
+    const path = options.path ?? auditLogPath();
+    mkdirSync(dirname(path), { recursive: true });
+    if (!existsSync(path)) {
+        writeFileSync(path, '', { mode: 0o600 });
+    }
+    appendFileSync(path, serializeAuditEntry(entry), { encoding: 'utf8' });
+}
+/** Convenience: build + serialize + append in one call. */
+export function recordAuditEntry(input, options = {}) {
+    const entry = buildAuditEntry(input);
+    appendAuditEntry(entry, options);
+    return entry;
+}
+//# sourceMappingURL=audit.js.map

package/dist/native-host/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/native-host/audit.ts"],"names":[],"mappings":"AAAA,wDAAwD;AACxD,EAAE;AACF,6EAA6E;AAC7E,0EAA0E;AAC1E,uEAAuE;AACvE,EAAE;AACF,8BAA8B;AAC9B,gEAAgE;AAChE,6DAA6D;AAC7D,wEAAwE;AACxE,+EAA+E;AAC/E,+DAA+D;AAC/D,8EAA8E;AAC9E,8DAA8D;AAC9D,4CAA4C;AAC5C,EAAE;AACF,+EAA+E;AAC/E,8EAA8E;AAC9E,yEAAyE;AACzE,wCAAwC;AAExC,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC/E,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAe,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAE5E,iFAAiF;AACjF,MAAM,UAAU,YAAY;IAC1B,OAAO,IAAI,CAAC,WAAW,EAAE,EAAE,WAAW,CAAC,CAAC;AAC1C,CAAC;AA4CD;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,KAA2B;IACzD,MAAM,EAAE,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAC7D,MAAM,KAAK,GAAe;QACxB,EAAE;QACF,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,IAAI,EAAE,oBAAoB,CAAC,KAAK,CAAC,MAAM,CAAC;QACxC,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;KACrB,CAAC;IACF,IAAI,KAAK,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACnC,KAAK,CAAC,UAAU,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;IAC9D,CAAC;IACD,IAAI,KAAK,CAAC,eAAe,KAAK,SAAS;QAAE,KAAK,CAAC,eAAe,GAAG,KAAK,CAAC,eAAe,CAAC;IACvF,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS;QAAE,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;IACzD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,gFAAgF;AAChF,MAAM,UAAU,mBAAmB,CAAC,KAAiB;IACnD,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC;AACtC,CAAC;AAOD;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAiB,EAAE,UAA6B,EAAE;IACjF,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,YAAY,EAAE,CAAC;IAC5C,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,aAAa,CAAC,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC3C,CAAC;IACD,cAAc,CAAC,IAAI,EAAE,mBAAmB,CAAC,KAAK,CAAC,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,2DAA2D;AAC3D,MAAM,UAAU,gBAAgB,CAC9B,KAA2B,EAC3B,UAA6B,EAAE;IAE/B,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACrC,gBAAgB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACjC,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/native-host/config.d.ts

@@ -0,0 +1,18 @@
+import type { ExtensionIds } from './manifest.js';
+/**
+ * Path to the published `extension-ids.json`, resolved relative to this module
+ * (the file is shipped both in `src/` and copied next to the built output).
+ */
+export declare function extensionIdsPath(): string;
+/**
+ * Read, parse, and validate the configured extension IDs (Chrome Web Store /
+ * Edge / dev). Throws if the file is missing, not JSON, or has a non-string id.
+ */
+export declare function loadExtensionIds(path?: string): ExtensionIds;
+/**
+ * Absolute path to the installed `peek-mcp` binary the browser spawns as the
+ * native host. The built entry is `dist/index.js`; this module lives at
+ * `dist/native-host/config.js`, so the bin is one directory up.
+ */
+export declare function hostBinaryPath(): string;
+//# sourceMappingURL=config.d.ts.map

package/dist/native-host/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/native-host/config.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAElD;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAcD;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,GAAE,MAA2B,GAAG,YAAY,CAkBhF;AAED;;;;GAIG;AACH,wBAAgB,cAAc,IAAI,MAAM,CAEvC"}

package/dist/native-host/config.js

@@ -0,0 +1,56 @@
+// Load-time helpers shared by the postinstall script and the CLI's
+// `peek status`: where the extension IDs live and which binary the browser
+// should spawn as the native host.
+import { readFileSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { z } from 'zod';
+/**
+ * Path to the published `extension-ids.json`, resolved relative to this module
+ * (the file is shipped both in `src/` and copied next to the built output).
+ */
+export function extensionIdsPath() {
+    return join(dirname(fileURLToPath(import.meta.url)), 'extension-ids.json');
+}
+// Each id, when present, must be a string. Keys may be absent (defaulted to
+// ''), but a non-string value or unparseable file fails loudly rather than
+// being silently masked by a `?? ''` fallback. Unknown keys (e.g. `$comment`)
+// are ignored.
+const ExtensionIdsSchema = z
+    .object({
+    chromeWebStore: z.string().optional(),
+    edgeAddons: z.string().optional(),
+    dev: z.string().optional(),
+})
+    .passthrough();
+/**
+ * Read, parse, and validate the configured extension IDs (Chrome Web Store /
+ * Edge / dev). Throws if the file is missing, not JSON, or has a non-string id.
+ */
+export function loadExtensionIds(path = extensionIdsPath()) {
+    let json;
+    try {
+        json = JSON.parse(readFileSync(path, 'utf8'));
+    }
+    catch (err) {
+        throw new Error(`peek: failed to read extension-ids.json at ${path} — ${err instanceof Error ? err.message : String(err)}`);
+    }
+    const parsed = ExtensionIdsSchema.safeParse(json);
+    if (!parsed.success) {
+        throw new Error(`peek: invalid extension-ids.json at ${path} — ${parsed.error.message}`);
+    }
+    return {
+        chromeWebStore: parsed.data.chromeWebStore ?? '',
+        edgeAddons: parsed.data.edgeAddons ?? '',
+        dev: parsed.data.dev ?? '',
+    };
+}
+/**
+ * Absolute path to the installed `peek-mcp` binary the browser spawns as the
+ * native host. The built entry is `dist/index.js`; this module lives at
+ * `dist/native-host/config.js`, so the bin is one directory up.
+ */
+export function hostBinaryPath() {
+    return join(dirname(dirname(fileURLToPath(import.meta.url))), 'index.js');
+}
+//# sourceMappingURL=config.js.map

package/dist/native-host/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/native-host/config.ts"],"names":[],"mappings":"AAAA,mEAAmE;AACnE,2EAA2E;AAC3E,mCAAmC;AAEnC,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB;;;GAGG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,oBAAoB,CAAC,CAAC;AAC7E,CAAC;AAED,4EAA4E;AAC5E,2EAA2E;AAC3E,8EAA8E;AAC9E,eAAe;AACf,MAAM,kBAAkB,GAAG,CAAC;KACzB,MAAM,CAAC;IACN,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC3B,CAAC;KACD,WAAW,EAAE,CAAC;AAEjB;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAe,gBAAgB,EAAE;IAChE,IAAI,IAAa,CAAC;IAClB,IAAI,CAAC;QACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAChD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,8CAA8C,IAAI,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC3G,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,kBAAkB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAClD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,uCAAuC,IAAI,MAAM,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAC3F,CAAC;IACD,OAAO;QACL,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,IAAI,EAAE;QAChD,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE;QACxC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE;KAC3B,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,cAAc;IAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;AAC5E,CAAC"}

package/dist/native-host/extension-ids.json

@@ -0,0 +1,6 @@
+{
+  "$comment": "Extension IDs whose chrome-extension:// origin is allowed to message the peek native host (ADR-0007). Wildcards are forbidden by Chrome, so every supported store + the dev-mode unpacked-load ID is listed explicitly and all three go into the SAME manifest's allowed_origins (the Edge 'first registry location wins' gotcha — see P2 PRD §A7). Pre-publish, `dev` is the unpacked-load ID printed at chrome://extensions; replace `chromeWebStore` and `edgeAddons` with the assigned IDs once the products land in their stores.",
+  "chromeWebStore": "PLACEHOLDER_CHROME_WEB_STORE_ID",
+  "edgeAddons": "PLACEHOLDER_EDGE_ADDONS_ID",
+  "dev": "PLACEHOLDER_DEV_UNPACKED_ID"
+}

package/dist/native-host/host.d.ts

@@ -0,0 +1,30 @@
+import type { Readable, Writable } from 'node:stream';
+export interface NativeHostHandle {
+    /** Resolves when stdin closes (the browser disconnected the port). */
+    readonly done: Promise<void>;
+    /** Close the SQLite connection. */
+    close(): void;
+}
+export interface NativeHostOptions {
+    /**
+     * The `chrome-extension://<id>/` origin Chrome/Edge passed when spawning the
+     * host — identifies which extension connected. Captured now for the
+     * audit_log in Phase 3d; surfaced in the `host.hello` reply.
+     */
+    readonly callerOrigin?: string;
+    /** Override PEEK_HOME for tests (default: env / homedir). */
+    readonly home?: string;
+    /** Override the database path (e.g. ':memory:' for tests). */
+    readonly dbPath?: string;
+    /** Override the input stream (default: process.stdin). */
+    readonly input?: Readable;
+    /** Override the output stream (default: process.stdout). */
+    readonly output?: Writable;
+}
+/**
+ * Start the native messaging host: open the DB (running migrations) and begin
+ * decoding inbound messages from `process.stdin`. Unknown message types get a
+ * structured error reply rather than crashing the host.
+ */
+export declare function startNativeHost(options?: NativeHostOptions): NativeHostHandle;
+//# sourceMappingURL=host.d.ts.map

package/dist/native-host/host.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"host.d.ts","sourceRoot":"","sources":["../../src/native-host/host.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAKtD,MAAM,WAAW,gBAAgB;IAC/B,sEAAsE;IACtE,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7B,mCAAmC;IACnC,KAAK,IAAI,IAAI,CAAC;CACf;AAED,MAAM,WAAW,iBAAiB;IAChC;;;;OAIG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,6DAA6D;IAC7D,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,8DAA8D;IAC9D,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,0DAA0D;IAC1D,QAAQ,CAAC,KAAK,CAAC,EAAE,QAAQ,CAAC;IAC1B,4DAA4D;IAC5D,QAAQ,CAAC,MAAM,CAAC,EAAE,QAAQ,CAAC;CAC5B;AAUD;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,OAAO,GAAE,iBAAsB,GAAG,gBAAgB,CA4EjF"}

package/dist/native-host/host.js

@@ -0,0 +1,96 @@
+// Native messaging host runner (ADR-0007). Spawned by the browser over stdio
+// (via the manifest's `path`, with the calling extension's origin as an
+// argument) or manually with `--native-host`. It owns ~/.peek/sessions.db and
+// reads length-prefixed JSON messages from the extension.
+//
+// Phase 3a wired the transport + DB open and a minimal handshake so the channel
+// is verifiable end-to-end; Phase 3d chunk 4 closes the loop with the four
+// ingest handlers in `./ingest.ts` (session.append / console.append /
+// network.append / shadow.report). The act-tool action-protocol dispatch
+// (request/result correlation through the SW) lands alongside the IPC bridge.
+import { openDb, peekHomeDir, schemaVersion } from '../db/open.js';
+import { ingest } from './ingest.js';
+import { readMessages, writeMessage } from './transport.js';
+/** Message-type strings the ingest handler claims. */
+const INGEST_TYPES = new Set([
+    'session.append',
+    'console.append',
+    'network.append',
+    'shadow.report',
+]);
+/**
+ * Start the native messaging host: open the DB (running migrations) and begin
+ * decoding inbound messages from `process.stdin`. Unknown message types get a
+ * structured error reply rather than crashing the host.
+ */
+export function startNativeHost(options = {}) {
+    const db = options.dbPath !== undefined ? openDb({ path: options.dbPath }) : openDb();
+    const home = options.home ?? peekHomeDir();
+    const ingestCtx = { db, home };
+    const output = options.output;
+    const readOptions = {
+        onError: (err) => {
+            console.error(`native host: skipped malformed frame — ${err.message}`);
+        },
+    };
+    if (options.input !== undefined)
+        readOptions.input = options.input;
+    const done = readMessages((message) => {
+        // A reply-write failure (e.g. the browser closed the port mid-reply) must
+        // not become an unhandled rejection that tears down the host.
+        handleMessage(message).catch((err) => {
+            console.error(`native host: failed handling message — ${err instanceof Error ? err.message : String(err)}`);
+        });
+    }, readOptions);
+    return {
+        done,
+        close() {
+            db.close();
+        },
+    };
+    async function handleMessage(message) {
+        const type = message && typeof message === 'object' && 'type' in message
+            ? String(message.type)
+            : undefined;
+        if (type === 'host.hello') {
+            await write({
+                type: 'host.hello.ok',
+                schemaVersion: schemaVersion(db),
+                ...(options.callerOrigin !== undefined ? { callerOrigin: options.callerOrigin } : {}),
+            });
+            return;
+        }
+        if (type !== undefined && INGEST_TYPES.has(type)) {
+            // ingest() catches its own throws + returns a structured reply. The
+            // try/catch here is defense in depth: if a future regression introduces
+            // a throw path, the host loop still survives.
+            let reply;
+            try {
+                reply = ingest(message, ingestCtx);
+            }
+            catch (err) {
+                reply = {
+                    type: 'ingest.err',
+                    code: 'handler_threw',
+                    detail: err instanceof Error ? err.message : String(err),
+                };
+            }
+            await write(reply);
+            return;
+        }
+        // Real handlers (act-tool action.request → action.result correlation)
+        // arrive with the IPC bridge in a later chunk.
+        await write({
+            type: 'error',
+            code: 'unhandled_message',
+            detail: `native host: no handler for message type '${type ?? '(none)'}' yet`,
+        });
+    }
+    async function write(value) {
+        if (output !== undefined)
+            await writeMessage(value, output);
+        else
+            await writeMessage(value);
+    }
+}
+//# sourceMappingURL=host.js.map

package/dist/native-host/host.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"host.js","sourceRoot":"","sources":["../../src/native-host/host.ts"],"names":[],"mappings":"AAAA,6EAA6E;AAC7E,wEAAwE;AACxE,8EAA8E;AAC9E,0DAA0D;AAC1D,EAAE;AACF,gFAAgF;AAChF,2EAA2E;AAC3E,sEAAsE;AACtE,yEAAyE;AACzE,8EAA8E;AAG9E,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACnE,OAAO,EAAwB,MAAM,EAAE,MAAM,aAAa,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AA0B5D,sDAAsD;AACtD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;IAC3B,gBAAgB;IAChB,gBAAgB;IAChB,gBAAgB;IAChB,eAAe;CAChB,CAAC,CAAC;AAEH;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,UAA6B,EAAE;IAC7D,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IACtF,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,WAAW,EAAE,CAAC;IAC3C,MAAM,SAAS,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAE9B,MAAM,WAAW,GAAyD;QACxE,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACf,OAAO,CAAC,KAAK,CAAC,0CAA0C,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACzE,CAAC;KACF,CAAC;IACF,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS;QAAE,WAAW,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAEnE,MAAM,IAAI,GAAG,YAAY,CAAC,CAAC,OAAO,EAAE,EAAE;QACpC,0EAA0E;QAC1E,8DAA8D;QAC9D,aAAa,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACnC,OAAO,CAAC,KAAK,CACX,0CAA0C,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC7F,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,EAAE,WAAW,CAAC,CAAC;IAEhB,OAAO;QACL,IAAI;QACJ,KAAK;YACH,EAAE,CAAC,KAAK,EAAE,CAAC;QACb,CAAC;KACF,CAAC;IAEF,KAAK,UAAU,aAAa,CAAC,OAAgB;QAC3C,MAAM,IAAI,GACR,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,MAAM,IAAI,OAAO;YACzD,CAAC,CAAC,MAAM,CAAE,OAA6B,CAAC,IAAI,CAAC;YAC7C,CAAC,CAAC,SAAS,CAAC;QAEhB,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;YAC1B,MAAM,KAAK,CAAC;gBACV,IAAI,EAAE,eAAe;gBACrB,aAAa,EAAE,aAAa,CAAC,EAAE,CAAC;gBAChC,GAAG,CAAC,OAAO,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACtF,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,IAAI,KAAK,SAAS,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACjD,oEAAoE;YACpE,wEAAwE;YACxE,8CAA8C;YAC9C,IAAI,KAAc,CAAC;YACnB,IAAI,CAAC;gBACH,KAAK,GAAG,MAAM,CAAC,OAA0B,EAAE,SAAS,CAAC,CAAC;YACxD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,KAAK,GAAG;oBACN,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,eAAe;oBACrB,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;iBACzD,CAAC;YACJ,CAAC;YACD,MAAM,KAAK,CAAC,KAAK,CAAC,CAAC;YACnB,OAAO;QACT,CAAC;QAED,sEAAsE;QACtE,+CAA+C;QAC/C,MAAM,KAAK,CAAC;YACV,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,mBAAmB;YACzB,MAAM,EAAE,6CAA6C,IAAI,IAAI,QAAQ,OAAO;SAC7E,CAAC,CAAC;IACL,CAAC;IAED,KAAK,UAAU,KAAK,CAAC,KAAc;QACjC,IAAI,MAAM,KAAK,SAAS;YAAE,MAAM,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;;YACvD,MAAM,YAAY,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;AACH,CAAC"}

package/dist/native-host/index.d.ts

@@ -0,0 +1,4 @@
+export { extensionIdsPath, hostBinaryPath, loadExtensionIds, } from './config.js';
+export { buildRealSink, type InstallOptions, type InstallResult, type InstallSink, installManifests, realSink, type RegExecFn, } from './installer.js';
+export { allowedOrigins, buildManifest, type ExtensionIds, type InstallTarget, MANIFEST_FILENAME, NATIVE_HOST_NAME, type NativeHostManifest, resolveInstallTargets, type SupportedPlatform, } from './manifest.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/native-host/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/native-host/index.ts"],"names":[],"mappings":"AAKA,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,gBAAgB,GACjB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,aAAa,EACb,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,WAAW,EAChB,gBAAgB,EAChB,QAAQ,EACR,KAAK,SAAS,GACf,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,cAAc,EACd,aAAa,EACb,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,iBAAiB,EACjB,gBAAgB,EAChB,KAAK,kBAAkB,EACvB,qBAAqB,EACrB,KAAK,iBAAiB,GACvB,MAAM,eAAe,CAAC"}

package/dist/native-host/index.js

@@ -0,0 +1,8 @@
+// Public native-host surface re-exported for the CLI's `peek status` and
+// `peek init` (the consent-gated installer the postinstall defers to). Consumed
+// as the `@peekdev/mcp/native-host` subpath export. Pure manifest/target logic
+// plus the injectable installer sink — no postinstall side effects leak here.
+export { extensionIdsPath, hostBinaryPath, loadExtensionIds, } from './config.js';
+export { buildRealSink, installManifests, realSink, } from './installer.js';
+export { allowedOrigins, buildManifest, MANIFEST_FILENAME, NATIVE_HOST_NAME, resolveInstallTargets, } from './manifest.js';
+//# sourceMappingURL=index.js.map

package/dist/native-host/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/native-host/index.ts"],"names":[],"mappings":"AAAA,yEAAyE;AACzE,gFAAgF;AAChF,+EAA+E;AAC/E,8EAA8E;AAE9E,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,gBAAgB,GACjB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,aAAa,EAIb,gBAAgB,EAChB,QAAQ,GAET,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,cAAc,EACd,aAAa,EAGb,iBAAiB,EACjB,gBAAgB,EAEhB,qBAAqB,GAEtB,MAAM,eAAe,CAAC"}

package/dist/native-host/ingest.d.ts

@@ -0,0 +1,83 @@
+import type { Database } from 'better-sqlite3';
+/** Per-host runtime context (the open DB + the home directory for blobs). */
+export interface IngestContext {
+    readonly db: Database;
+    /** Base for `<home>/rrweb-events/<sessionId>/<seq>.json.gz`. */
+    readonly home: string;
+}
+export interface IncomingSessionAppend {
+    readonly type: 'session.append';
+    readonly sessionId: string;
+    readonly url?: string;
+    readonly title?: string;
+    readonly events: readonly unknown[];
+    /** Optional client-stamped seq for idempotent retries. Server assigns when omitted. */
+    readonly seq?: number;
+}
+export interface IncomingConsoleEvent {
+    readonly ts: number;
+    readonly level: string;
+    readonly args: readonly string[];
+}
+export interface IncomingConsoleAppend {
+    readonly type: 'console.append';
+    readonly sessionId: string;
+    readonly url?: string;
+    readonly title?: string;
+    readonly events: readonly IncomingConsoleEvent[];
+}
+export interface IncomingNetRecord {
+    readonly kind: 'request' | 'response' | 'error';
+    readonly id: string;
+    readonly ts: number;
+    readonly url?: string;
+    readonly method?: string;
+    readonly status?: number;
+    readonly transport?: 'fetch' | 'xhr';
+    readonly error?: string;
+    /**
+     * Deep capture (ADR-0010, PRD §A.8): the relay's `maskNetMessage` runs
+     * `redactBody` in the ISOLATED world and forwards the masked string here.
+     * Shape mirrors `NetMessage.requestBody` / `responseBody` in
+     * peek-extension/src/recorder/messages.ts. Absent for Basic capture,
+     * `request` records that carried no body, and `error` records.
+     */
+    readonly requestBody?: string;
+    readonly responseBody?: string;
+}
+export interface IncomingNetworkAppend {
+    readonly type: 'network.append';
+    readonly sessionId: string;
+    readonly url?: string;
+    readonly title?: string;
+    readonly records: readonly IncomingNetRecord[];
+}
+export interface IncomingShadowReport {
+    readonly type: 'shadow.report';
+    readonly sessionId: string;
+    readonly reports: readonly unknown[];
+}
+export type IncomingMessage = IncomingSessionAppend | IncomingConsoleAppend | IncomingNetworkAppend | IncomingShadowReport;
+export interface OkReply<T extends string> {
+    readonly type: `${T}.ok`;
+    readonly sessionId?: string;
+    readonly seq?: number;
+    readonly count?: number;
+}
+export interface ErrReply<T extends string> {
+    readonly type: `${T}.err`;
+    readonly sessionId?: string;
+    readonly code: string;
+    readonly detail?: string;
+}
+export type IngestReply = OkReply<'session.append'> | ErrReply<'session.append'> | OkReply<'console.append'> | ErrReply<'console.append'> | OkReply<'network.append'> | ErrReply<'network.append'> | OkReply<'shadow.report'> | ErrReply<'shadow.report'> | ErrReply<'ingest'>;
+/** Absolute path to the rrweb-events chunk store under PEEK_HOME. */
+export declare function rrwebEventsDir(home: string): string;
+/**
+ * Dispatch one ingest message to the appropriate handler. Pure with respect to
+ * the network: takes a context, returns a reply. Every error path returns a
+ * structured `.err` reply — never throws.
+ */
+export declare function ingest(message: IncomingMessage, ctx: IngestContext): IngestReply;
+export declare function _chunkFileSize(home: string, sessionId: string, seq: number): number;
+//# sourceMappingURL=ingest.d.ts.map

package/dist/native-host/ingest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ingest.d.ts","sourceRoot":"","sources":["../../src/native-host/ingest.ts"],"names":[],"mappings":"AAwBA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAE/C,6EAA6E;AAC7E,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC;IACtB,gEAAgE;IAChE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAUD,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC;IAChC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,MAAM,EAAE,SAAS,OAAO,EAAE,CAAC;IACpC,uFAAuF;IACvF,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,SAAS,MAAM,EAAE,CAAC;CAClC;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC;IAChC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,MAAM,EAAE,SAAS,oBAAoB,EAAE,CAAC;CAClD;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,IAAI,EAAE,SAAS,GAAG,UAAU,GAAG,OAAO,CAAC;IAChD,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC;IACrC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB;;;;;;OAMG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAChC;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC;IAChC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,OAAO,EAAE,SAAS,iBAAiB,EAAE,CAAC;CAChD;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC;IAC/B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,OAAO,EAAE,SAAS,OAAO,EAAE,CAAC;CACtC;AAED,MAAM,MAAM,eAAe,GACvB,qBAAqB,GACrB,qBAAqB,GACrB,qBAAqB,GACrB,oBAAoB,CAAC;AAOzB,MAAM,WAAW,OAAO,CAAC,CAAC,SAAS,MAAM;IACvC,QAAQ,CAAC,IAAI,EAAE,GAAG,CAAC,KAAK,CAAC;IACzB,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,QAAQ,CAAC,CAAC,SAAS,MAAM;IACxC,QAAQ,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,MAAM,WAAW,GACnB,OAAO,CAAC,gBAAgB,CAAC,GACzB,QAAQ,CAAC,gBAAgB,CAAC,GAC1B,OAAO,CAAC,gBAAgB,CAAC,GACzB,QAAQ,CAAC,gBAAgB,CAAC,GAC1B,OAAO,CAAC,gBAAgB,CAAC,GACzB,QAAQ,CAAC,gBAAgB,CAAC,GAC1B,OAAO,CAAC,eAAe,CAAC,GACxB,QAAQ,CAAC,eAAe,CAAC,GACzB,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAEvB,qEAAqE;AACrE,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEnD;AAED;;;;GAIG;AACH,wBAAgB,MAAM,CAAC,OAAO,EAAE,eAAe,EAAE,GAAG,EAAE,aAAa,GAAG,WAAW,CA6BhF;AAkSD,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAGnF"}