@peekdev/mcp 0.1.0-alpha.1

package/dist/native-host/manifest.js

@@ -0,0 +1,117 @@
+// Native-host manifest construction + install-target resolution (ADR-0007,
+// P2 PRD §A7). Everything here is pure and parameterized over the platform,
+// home directory, host-binary path, and extension IDs so the postinstall
+// side-effects (filesystem / registry writes) can be unit-tested without
+// touching the real OS.
+import { join } from 'node:path';
+/** Reverse-DNS native-host id (ADR-0009 / NAMING.md). */
+export const NATIVE_HOST_NAME = 'com.cubenest.peek';
+/** The manifest filename written into each NativeMessagingHosts directory. */
+export const MANIFEST_FILENAME = `${NATIVE_HOST_NAME}.json`;
+const PLACEHOLDER_PREFIX = 'PLACEHOLDER_';
+/**
+ * Turn the three configured extension IDs into the `allowed_origins` array.
+ * Chrome forbids wildcards, so each id becomes an explicit
+ * `chrome-extension://<id>/` origin. Unconfigured placeholder ids are dropped
+ * (so a pre-publish install doesn't ship dead origins), de-duplicating the
+ * result.
+ */
+export function allowedOrigins(ids) {
+    const candidates = [ids.chromeWebStore, ids.edgeAddons, ids.dev];
+    const seen = new Set();
+    const origins = [];
+    for (const id of candidates) {
+        if (!id || id.startsWith(PLACEHOLDER_PREFIX))
+            continue;
+        const origin = `chrome-extension://${id}/`;
+        if (seen.has(origin))
+            continue;
+        seen.add(origin);
+        origins.push(origin);
+    }
+    return origins;
+}
+/**
+ * Build the native-host manifest. `hostBinaryPath` is the absolute path the
+ * browser will spawn over stdio (the installed `peek-mcp` bin, invoked with
+ * `--native-host`). Both Chrome and Edge ids live in the SAME manifest's
+ * `allowed_origins` per the Edge "first registry location wins" gotcha
+ * (P2 PRD §A7).
+ */
+export function buildManifest(hostBinaryPath, ids) {
+    return {
+        name: NATIVE_HOST_NAME,
+        description: 'peek local bridge — native messaging host for the peek browser companion',
+        path: hostBinaryPath,
+        type: 'stdio',
+        allowed_origins: allowedOrigins(ids),
+    };
+}
+/**
+ * Resolve the per-OS set of native-messaging install targets (P2 PRD §A7).
+ *
+ * - macOS: Chrome, Chromium, Edge `NativeMessagingHosts/` directories under
+ *   `~/Library/Application Support/`.
+ * - Linux: Chrome + Chromium `NativeMessagingHosts/` under `~/.config/`.
+ * - Windows: HKCU registry keys for Chrome + Edge (the default value of each
+ *   key is the on-disk manifest path).
+ *
+ * `homeDir` is injected for testability.
+ */
+export function resolveInstallTargets(platform, homeDir) {
+    switch (platform) {
+        case 'darwin': {
+            const appSupport = join(homeDir, 'Library', 'Application Support');
+            return [
+                {
+                    browser: 'macOS Chrome',
+                    manifestPath: join(appSupport, 'Google', 'Chrome', 'NativeMessagingHosts', MANIFEST_FILENAME),
+                },
+                {
+                    browser: 'macOS Chromium',
+                    manifestPath: join(appSupport, 'Chromium', 'NativeMessagingHosts', MANIFEST_FILENAME),
+                },
+                {
+                    browser: 'macOS Edge',
+                    manifestPath: join(appSupport, 'Microsoft Edge', 'NativeMessagingHosts', MANIFEST_FILENAME),
+                },
+            ];
+        }
+        case 'linux': {
+            const config = join(homeDir, '.config');
+            return [
+                {
+                    browser: 'Linux Chrome',
+                    manifestPath: join(config, 'google-chrome', 'NativeMessagingHosts', MANIFEST_FILENAME),
+                },
+                {
+                    browser: 'Linux Chromium',
+                    manifestPath: join(config, 'chromium', 'NativeMessagingHosts', MANIFEST_FILENAME),
+                },
+            ];
+        }
+        case 'win32': {
+            // Per P2 PRD §A7, the Windows install needs BOTH:
+            //   - the manifest JSON on disk (Chrome/Edge resolve registry values to
+            //     a file path), and
+            //   - the registry key whose default value points at that path.
+            // The conventional location is %LOCALAPPDATA%\<vendor>\<browser>\
+            // NativeMessagingHosts\<host>.json. We derive %LOCALAPPDATA% from the
+            // injected `homeDir` (`C:\Users\<user>`) so tests don't depend on env.
+            const localAppData = join(homeDir, 'AppData', 'Local');
+            return [
+                {
+                    browser: 'Windows Chrome',
+                    manifestPath: join(localAppData, 'Google', 'Chrome', 'NativeMessagingHosts', MANIFEST_FILENAME),
+                    registryKey: `HKCU\\Software\\Google\\Chrome\\NativeMessagingHosts\\${NATIVE_HOST_NAME}`,
+                },
+                {
+                    browser: 'Windows Edge',
+                    manifestPath: join(localAppData, 'Microsoft', 'Edge', 'NativeMessagingHosts', MANIFEST_FILENAME),
+                    registryKey: `HKCU\\Software\\Microsoft\\Edge\\NativeMessagingHosts\\${NATIVE_HOST_NAME}`,
+                },
+            ];
+        }
+    }
+}
+//# sourceMappingURL=manifest.js.map

package/dist/native-host/manifest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest.js","sourceRoot":"","sources":["../../src/native-host/manifest.ts"],"names":[],"mappings":"AAAA,2EAA2E;AAC3E,4EAA4E;AAC5E,yEAAyE;AACzE,yEAAyE;AACzE,wBAAwB;AAExB,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,yDAAyD;AACzD,MAAM,CAAC,MAAM,gBAAgB,GAAG,mBAAmB,CAAC;AAEpD,8EAA8E;AAC9E,MAAM,CAAC,MAAM,iBAAiB,GAAG,GAAG,gBAAgB,OAAO,CAAC;AAkB5D,MAAM,kBAAkB,GAAG,cAAc,CAAC;AAE1C;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAAC,GAAiB;IAC9C,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;IACjE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;QAC5B,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,UAAU,CAAC,kBAAkB,CAAC;YAAE,SAAS;QACvD,MAAM,MAAM,GAAG,sBAAsB,EAAE,GAAG,CAAC;QAC3C,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;YAAE,SAAS;QAC/B,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACvB,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAAC,cAAsB,EAAE,GAAiB;IACrE,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,0EAA0E;QACvF,IAAI,EAAE,cAAc;QACpB,IAAI,EAAE,OAAO;QACb,eAAe,EAAE,cAAc,CAAC,GAAG,CAAC;KACrC,CAAC;AACJ,CAAC;AAqBD;;;;;;;;;;GAUG;AACH,MAAM,UAAU,qBAAqB,CACnC,QAA2B,EAC3B,OAAe;IAEf,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC;YACnE,OAAO;gBACL;oBACE,OAAO,EAAE,cAAc;oBACvB,YAAY,EAAE,IAAI,CAChB,UAAU,EACV,QAAQ,EACR,QAAQ,EACR,sBAAsB,EACtB,iBAAiB,CAClB;iBACF;gBACD;oBACE,OAAO,EAAE,gBAAgB;oBACzB,YAAY,EAAE,IAAI,CAAC,UAAU,EAAE,UAAU,EAAE,sBAAsB,EAAE,iBAAiB,CAAC;iBACtF;gBACD;oBACE,OAAO,EAAE,YAAY;oBACrB,YAAY,EAAE,IAAI,CAChB,UAAU,EACV,gBAAgB,EAChB,sBAAsB,EACtB,iBAAiB,CAClB;iBACF;aACF,CAAC;QACJ,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YACxC,OAAO;gBACL;oBACE,OAAO,EAAE,cAAc;oBACvB,YAAY,EAAE,IAAI,CAAC,MAAM,EAAE,eAAe,EAAE,sBAAsB,EAAE,iBAAiB,CAAC;iBACvF;gBACD;oBACE,OAAO,EAAE,gBAAgB;oBACzB,YAAY,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,sBAAsB,EAAE,iBAAiB,CAAC;iBAClF;aACF,CAAC;QACJ,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,kDAAkD;YAClD,wEAAwE;YACxE,wBAAwB;YACxB,gEAAgE;YAChE,kEAAkE;YAClE,sEAAsE;YACtE,uEAAuE;YACvE,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;YACvD,OAAO;gBACL;oBACE,OAAO,EAAE,gBAAgB;oBACzB,YAAY,EAAE,IAAI,CAChB,YAAY,EACZ,QAAQ,EACR,QAAQ,EACR,sBAAsB,EACtB,iBAAiB,CAClB;oBACD,WAAW,EAAE,yDAAyD,gBAAgB,EAAE;iBACzF;gBACD;oBACE,OAAO,EAAE,cAAc;oBACvB,YAAY,EAAE,IAAI,CAChB,YAAY,EACZ,WAAW,EACX,MAAM,EACN,sBAAsB,EACtB,iBAAiB,CAClB;oBACD,WAAW,EAAE,0DAA0D,gBAAgB,EAAE;iBAC1F;aACF,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/native-host/policy.d.ts

@@ -0,0 +1,60 @@
+import { z } from 'zod';
+/** Default location of the user policy file. */
+export declare function policyJsonPath(): string;
+declare const PolicySchema: z.ZodObject<{
+    destructiveTerms: z.ZodOptional<z.ZodObject<{
+        add: z.ZodOptional<z.ZodArray<z.ZodUnknown, "many">>;
+        remove: z.ZodOptional<z.ZodArray<z.ZodUnknown, "many">>;
+    }, "strip", z.ZodTypeAny, {
+        add?: unknown[] | undefined;
+        remove?: unknown[] | undefined;
+    }, {
+        add?: unknown[] | undefined;
+        remove?: unknown[] | undefined;
+    }>>;
+    allowListBySite: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+}, "strip", z.ZodTypeAny, {
+    destructiveTerms?: {
+        add?: unknown[] | undefined;
+        remove?: unknown[] | undefined;
+    } | undefined;
+    allowListBySite?: Record<string, unknown> | undefined;
+}, {
+    destructiveTerms?: {
+        add?: unknown[] | undefined;
+        remove?: unknown[] | undefined;
+    } | undefined;
+    allowListBySite?: Record<string, unknown> | undefined;
+}>;
+export type PeekPolicy = z.infer<typeof PolicySchema>;
+export interface DestructivePolicyDelta {
+    /** Terms the user wants to ADD to the matcher (lowercased + trimmed). */
+    readonly add: readonly string[];
+    /** Terms the user wants to REMOVE from the matcher. */
+    readonly remove: readonly string[];
+}
+/** A {origin → action types} allow-list (per P2 PRD §E.3 example). */
+export interface AllowListBySite {
+    readonly [originPattern: string]: readonly string[];
+}
+export interface LoadedPolicy {
+    readonly destructiveTerms: DestructivePolicyDelta;
+    readonly allowListBySite: AllowListBySite;
+}
+/** Empty fallback returned when the file is missing / unreadable / malformed. */
+export declare const EMPTY_POLICY: LoadedPolicy;
+/**
+ * Parse a raw JSON string into a normalized {@link LoadedPolicy}. Exported
+ * separately from `loadPolicy` so the unit tests can exercise the parsing
+ * surface without touching the filesystem.
+ */
+export declare function parsePolicy(contents: string): LoadedPolicy;
+/**
+ * Read + parse ~/.peek/policy.json. A missing file / read error / parse error
+ * resolves to {@link EMPTY_POLICY}.
+ *
+ * @param path override the policy path (tests + alternate PEEK_HOME).
+ */
+export declare function loadPolicy(path?: string): LoadedPolicy;
+export {};
+//# sourceMappingURL=policy.d.ts.map

package/dist/native-host/policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../src/native-host/policy.ts"],"names":[],"mappings":"AAsBA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,gDAAgD;AAChD,wBAAgB,cAAc,IAAI,MAAM,CAEvC;AAOD,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;EAQhB,CAAC;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAEtD,MAAM,WAAW,sBAAsB;IACrC,yEAAyE;IACzE,QAAQ,CAAC,GAAG,EAAE,SAAS,MAAM,EAAE,CAAC;IAChC,uDAAuD;IACvD,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;CACpC;AAED,sEAAsE;AAGtE,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,aAAa,EAAE,MAAM,GAAG,SAAS,MAAM,EAAE,CAAC;CACrD;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,gBAAgB,EAAE,sBAAsB,CAAC;IAClD,QAAQ,CAAC,eAAe,EAAE,eAAe,CAAC;CAC3C;AAED,iFAAiF;AACjF,eAAO,MAAM,YAAY,EAAE,YAG1B,CAAC;AA0BF;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,YAAY,CAgB1D;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,IAAI,GAAE,MAAyB,GAAG,YAAY,CAQxE"}

package/dist/native-host/policy.js

@@ -0,0 +1,116 @@
+// User policy file (`~/.peek/policy.json`) reader — ADR-0010 / P2 PRD §E.3.
+//
+// The hardcoded destructive blocklist ships in the extension; this module is
+// the seam where users add / remove terms via a local JSON file. The native
+// host reads this file once at boot (and on each action request — the file is
+// tiny + the read is cheap), and forwards the {add, remove} deltas to the SW
+// on every action.request so the MAIN-world dispatcher merges them at
+// decision time.
+//
+// Schema:
+//   {
+//     "destructiveTerms": { "add": ["yeet", "nuke"], "remove": [] },
+//     "allowListBySite": { "https://example.com/*": ["click", "type"] }
+//   }
+//
+// Failure modes are all soft: a missing / unreadable / malformed file resolves
+// to the empty policy. A loud throw here would lock action execution out
+// entirely for users who haven't created the file. Same posture as
+// activation/storage's `sanitize` (drop garbage, never throw).
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { z } from 'zod';
+import { peekHomeDir } from '../db/open.js';
+/** Default location of the user policy file. */
+export function policyJsonPath() {
+    return join(peekHomeDir(), 'policy.json');
+}
+// Permissive schema: arrays of `unknown` (sanitised post-parse) so a single
+// non-string entry doesn't reject the entire add/remove list. The normaliser
+// functions below filter mixed input down to clean strings — same posture as
+// activation/storage's sanitize() (drop garbage, never throw, never lose the
+// whole file to one bad entry).
+const PolicySchema = z.object({
+    destructiveTerms: z
+        .object({
+        add: z.array(z.unknown()).optional(),
+        remove: z.array(z.unknown()).optional(),
+    })
+        .optional(),
+    allowListBySite: z.record(z.string(), z.unknown()).optional(),
+});
+/** Empty fallback returned when the file is missing / unreadable / malformed. */
+export const EMPTY_POLICY = {
+    destructiveTerms: { add: [], remove: [] },
+    allowListBySite: {},
+};
+function normalizeTerms(value) {
+    if (!value)
+        return [];
+    const out = new Set();
+    for (const t of value) {
+        if (typeof t !== 'string')
+            continue;
+        const trimmed = t.trim().toLowerCase();
+        if (trimmed.length === 0)
+            continue;
+        out.add(trimmed);
+    }
+    return [...out];
+}
+function normalizeAllowList(value) {
+    if (!value)
+        return {};
+    const out = {};
+    for (const [origin, types] of Object.entries(value)) {
+        if (typeof origin !== 'string' || origin.length === 0)
+            continue;
+        if (!Array.isArray(types))
+            continue;
+        const cleaned = types.filter((t) => typeof t === 'string' && t.length > 0);
+        if (cleaned.length > 0)
+            out[origin] = cleaned;
+    }
+    return out;
+}
+/**
+ * Parse a raw JSON string into a normalized {@link LoadedPolicy}. Exported
+ * separately from `loadPolicy` so the unit tests can exercise the parsing
+ * surface without touching the filesystem.
+ */
+export function parsePolicy(contents) {
+    let raw;
+    try {
+        raw = JSON.parse(contents);
+    }
+    catch {
+        return EMPTY_POLICY;
+    }
+    const parsed = PolicySchema.safeParse(raw);
+    if (!parsed.success)
+        return EMPTY_POLICY;
+    return {
+        destructiveTerms: {
+            add: normalizeTerms(parsed.data.destructiveTerms?.add),
+            remove: normalizeTerms(parsed.data.destructiveTerms?.remove),
+        },
+        allowListBySite: normalizeAllowList(parsed.data.allowListBySite),
+    };
+}
+/**
+ * Read + parse ~/.peek/policy.json. A missing file / read error / parse error
+ * resolves to {@link EMPTY_POLICY}.
+ *
+ * @param path override the policy path (tests + alternate PEEK_HOME).
+ */
+export function loadPolicy(path = policyJsonPath()) {
+    let contents;
+    try {
+        contents = readFileSync(path, 'utf8');
+    }
+    catch {
+        return EMPTY_POLICY;
+    }
+    return parsePolicy(contents);
+}
+//# sourceMappingURL=policy.js.map

package/dist/native-host/policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../src/native-host/policy.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,EAAE;AACF,6EAA6E;AAC7E,4EAA4E;AAC5E,8EAA8E;AAC9E,6EAA6E;AAC7E,sEAAsE;AACtE,iBAAiB;AACjB,EAAE;AACF,UAAU;AACV,MAAM;AACN,qEAAqE;AACrE,wEAAwE;AACxE,MAAM;AACN,EAAE;AACF,+EAA+E;AAC/E,yEAAyE;AACzE,mEAAmE;AACnE,+DAA+D;AAE/D,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAE5C,gDAAgD;AAChD,MAAM,UAAU,cAAc;IAC5B,OAAO,IAAI,CAAC,WAAW,EAAE,EAAE,aAAa,CAAC,CAAC;AAC5C,CAAC;AAED,4EAA4E;AAC5E,6EAA6E;AAC7E,6EAA6E;AAC7E,6EAA6E;AAC7E,gCAAgC;AAChC,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5B,gBAAgB,EAAE,CAAC;SAChB,MAAM,CAAC;QACN,GAAG,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;QACpC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;KACxC,CAAC;SACD,QAAQ,EAAE;IACb,eAAe,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC9D,CAAC,CAAC;AAsBH,iFAAiF;AACjF,MAAM,CAAC,MAAM,YAAY,GAAiB;IACxC,gBAAgB,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IACzC,eAAe,EAAE,EAAE;CACpB,CAAC;AAEF,SAAS,cAAc,CAAC,KAAqC;IAC3D,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACtB,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,OAAO,CAAC,KAAK,QAAQ;YAAE,SAAS;QACpC,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACvC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QACnC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACnB,CAAC;IACD,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;AAClB,CAAC;AAED,SAAS,kBAAkB,CAAC,KAA0C;IACpE,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACtB,MAAM,GAAG,GAA6B,EAAE,CAAC;IACzC,KAAK,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACpD,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAChE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;YAAE,SAAS;QACpC,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACxF,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;YAAE,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC;IAChD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW,CAAC,QAAgB;IAC1C,IAAI,GAAY,CAAC;IACjB,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,YAAY,CAAC;IACtB,CAAC;IACD,MAAM,MAAM,GAAG,YAAY,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC3C,IAAI,CAAC,MAAM,CAAC,OAAO;QAAE,OAAO,YAAY,CAAC;IACzC,OAAO;QACL,gBAAgB,EAAE;YAChB,GAAG,EAAE,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,GAAG,CAAC;YACtD,MAAM,EAAE,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,MAAM,CAAC;SAC7D;QACD,eAAe,EAAE,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC;KACjE,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,OAAe,cAAc,EAAE;IACxD,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACxC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,YAAY,CAAC;IACtB,CAAC;IACD,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;AAC/B,CAAC"}

package/dist/native-host/request-registry.d.ts

@@ -0,0 +1,55 @@
+export interface PendingRequest<T> {
+    /** Resolve the awaiting tool handler with the SW's reply payload. */
+    resolve(value: T): void;
+    /** Reject the awaiting tool handler (timeout or transport error). */
+    reject(reason: unknown): void;
+    /** Timer handle so we can cancel on resolve / reject. */
+    timer: unknown;
+}
+export interface RequestRegistryDeps {
+    /** Generate a fresh, unique request id (UUID v4 in production). */
+    generateId(): string;
+    setTimeout(cb: () => void, ms: number): unknown;
+    clearTimeout(handle: unknown): void;
+}
+/** Default deps using node's globals + crypto.randomUUID. */
+export declare const defaultRegistryDeps: RequestRegistryDeps;
+/** Sentinel error thrown when a request times out without a reply. */
+export declare class RequestTimeoutError extends Error {
+    readonly requestId: string;
+    readonly timeoutMs: number;
+    constructor(requestId: string, timeoutMs: number);
+}
+/**
+ * Tracks in-flight host→SW requests by id. The host's tool handler:
+ *
+ *   const { id, response } = registry.create<MyReply>(5 * 60_000);
+ *   await transport.send({ type: 'action.request', requestId: id, ... });
+ *   return await response;          // resolves on action.result, rejects on timeout
+ *
+ * The host's inbound-message handler calls `registry.resolve(id, payload)` or
+ * `registry.reject(id, err)` when the SW replies. Unknown ids are silently
+ * dropped (a stale reply after a timeout shouldn't crash the host).
+ */
+export declare class RequestRegistry {
+    #private;
+    constructor(deps?: RequestRegistryDeps);
+    /**
+     * Allocate a request: returns the `id` and a `response` promise the caller
+     * awaits. The promise rejects with {@link RequestTimeoutError} after
+     * `timeoutMs` if no resolve/reject has arrived.
+     */
+    create<T>(timeoutMs: number): {
+        id: string;
+        response: Promise<T>;
+    };
+    /** Resolve the request with `payload`. Unknown id → no-op (drop stale reply). */
+    resolve(id: string, payload: unknown): boolean;
+    /** Reject the request with `reason`. Unknown id → no-op. */
+    reject(id: string, reason: unknown): boolean;
+    /** Reject every pending request (used on transport teardown). */
+    rejectAll(reason: unknown): number;
+    /** Number of in-flight requests (diagnostics). */
+    get pendingCount(): number;
+}
+//# sourceMappingURL=request-registry.d.ts.map

package/dist/native-host/request-registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-registry.d.ts","sourceRoot":"","sources":["../../src/native-host/request-registry.ts"],"names":[],"mappings":"AAeA,MAAM,WAAW,cAAc,CAAC,CAAC;IAC/B,qEAAqE;IACrE,OAAO,CAAC,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC;IACxB,qEAAqE;IACrE,MAAM,CAAC,MAAM,EAAE,OAAO,GAAG,IAAI,CAAC;IAC9B,yDAAyD;IACzD,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,mEAAmE;IACnE,UAAU,IAAI,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,EAAE,MAAM,IAAI,EAAE,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC;IAChD,YAAY,CAAC,MAAM,EAAE,OAAO,GAAG,IAAI,CAAC;CACrC;AAED,6DAA6D;AAC7D,eAAO,MAAM,mBAAmB,EAAE,mBAIjC,CAAC;AAEF,sEAAsE;AACtE,qBAAa,mBAAoB,SAAQ,KAAK;IAE1C,QAAQ,CAAC,SAAS,EAAE,MAAM;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM;gBADjB,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM;CAK7B;AAED;;;;;;;;;;GAUG;AACH,qBAAa,eAAe;;gBAId,IAAI,GAAE,mBAAyC;IAI3D;;;;OAIG;IACH,MAAM,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,GAAG;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,CAAA;KAAE;IAsBlE,iFAAiF;IACjF,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO;IAS9C,4DAA4D;IAC5D,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,OAAO;IAS5C,iEAAiE;IACjE,SAAS,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM;IAUlC,kDAAkD;IAClD,IAAI,YAAY,IAAI,MAAM,CAEzB;CACF"}

package/dist/native-host/request-registry.js

@@ -0,0 +1,111 @@
+// Correlated-request registry for the MCP host (Task 3.24).
+//
+// `execute_action` and `request_authorization` are inherently asynchronous over
+// the native port: the MCP tool handler sends an `action.request` to the SW,
+// and the SW eventually replies with a `action.verdict` / `action.result`. The
+// reply can take seconds (Level-3 banner waits on user click), and multiple
+// requests can be in flight concurrently across MCP clients.
+//
+// We assign a UUID per request, store `{ resolve, reject, timer }` keyed by
+// that id, and the host's inbound-message handler looks up the id and resolves
+// the pending promise. Time out after `timeoutMs` so a wedged SW never leaves
+// the MCP tool handler waiting forever.
+//
+// Pure JS — no `chrome.*`, no node-native deps — so it unit-tests cleanly.
+/** Default deps using node's globals + crypto.randomUUID. */
+export const defaultRegistryDeps = {
+    generateId: () => globalThis.crypto.randomUUID(),
+    setTimeout: (cb, ms) => setTimeout(cb, ms),
+    clearTimeout: (handle) => clearTimeout(handle),
+};
+/** Sentinel error thrown when a request times out without a reply. */
+export class RequestTimeoutError extends Error {
+    requestId;
+    timeoutMs;
+    constructor(requestId, timeoutMs) {
+        super(`peek: request ${requestId} timed out after ${timeoutMs}ms`);
+        this.requestId = requestId;
+        this.timeoutMs = timeoutMs;
+        this.name = 'RequestTimeoutError';
+    }
+}
+/**
+ * Tracks in-flight host→SW requests by id. The host's tool handler:
+ *
+ *   const { id, response } = registry.create<MyReply>(5 * 60_000);
+ *   await transport.send({ type: 'action.request', requestId: id, ... });
+ *   return await response;          // resolves on action.result, rejects on timeout
+ *
+ * The host's inbound-message handler calls `registry.resolve(id, payload)` or
+ * `registry.reject(id, err)` when the SW replies. Unknown ids are silently
+ * dropped (a stale reply after a timeout shouldn't crash the host).
+ */
+export class RequestRegistry {
+    #deps;
+    #pending = new Map();
+    constructor(deps = defaultRegistryDeps) {
+        this.#deps = deps;
+    }
+    /**
+     * Allocate a request: returns the `id` and a `response` promise the caller
+     * awaits. The promise rejects with {@link RequestTimeoutError} after
+     * `timeoutMs` if no resolve/reject has arrived.
+     */
+    create(timeoutMs) {
+        const id = this.#deps.generateId();
+        let resolveFn;
+        let rejectFn;
+        const response = new Promise((resolve, reject) => {
+            resolveFn = resolve;
+            rejectFn = reject;
+        });
+        const timer = this.#deps.setTimeout(() => {
+            const pending = this.#pending.get(id);
+            if (!pending)
+                return; // already resolved/rejected
+            this.#pending.delete(id);
+            pending.reject(new RequestTimeoutError(id, timeoutMs));
+        }, timeoutMs);
+        this.#pending.set(id, {
+            resolve: resolveFn,
+            reject: rejectFn,
+            timer,
+        });
+        return { id, response };
+    }
+    /** Resolve the request with `payload`. Unknown id → no-op (drop stale reply). */
+    resolve(id, payload) {
+        const pending = this.#pending.get(id);
+        if (!pending)
+            return false;
+        this.#pending.delete(id);
+        this.#deps.clearTimeout(pending.timer);
+        pending.resolve(payload);
+        return true;
+    }
+    /** Reject the request with `reason`. Unknown id → no-op. */
+    reject(id, reason) {
+        const pending = this.#pending.get(id);
+        if (!pending)
+            return false;
+        this.#pending.delete(id);
+        this.#deps.clearTimeout(pending.timer);
+        pending.reject(reason);
+        return true;
+    }
+    /** Reject every pending request (used on transport teardown). */
+    rejectAll(reason) {
+        const count = this.#pending.size;
+        for (const [id, pending] of this.#pending.entries()) {
+            this.#deps.clearTimeout(pending.timer);
+            pending.reject(reason);
+            this.#pending.delete(id);
+        }
+        return count;
+    }
+    /** Number of in-flight requests (diagnostics). */
+    get pendingCount() {
+        return this.#pending.size;
+    }
+}
+//# sourceMappingURL=request-registry.js.map

package/dist/native-host/request-registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-registry.js","sourceRoot":"","sources":["../../src/native-host/request-registry.ts"],"names":[],"mappings":"AAAA,4DAA4D;AAC5D,EAAE;AACF,gFAAgF;AAChF,6EAA6E;AAC7E,+EAA+E;AAC/E,4EAA4E;AAC5E,6DAA6D;AAC7D,EAAE;AACF,4EAA4E;AAC5E,+EAA+E;AAC/E,8EAA8E;AAC9E,wCAAwC;AACxC,EAAE;AACF,2EAA2E;AAkB3E,6DAA6D;AAC7D,MAAM,CAAC,MAAM,mBAAmB,GAAwB;IACtD,UAAU,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,UAAU,EAAE;IAChD,UAAU,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC;IAC1C,YAAY,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,YAAY,CAAC,MAAuC,CAAC;CAChF,CAAC;AAEF,sEAAsE;AACtE,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAEjC;IACA;IAFX,YACW,SAAiB,EACjB,SAAiB;QAE1B,KAAK,CAAC,iBAAiB,SAAS,oBAAoB,SAAS,IAAI,CAAC,CAAC;QAH1D,cAAS,GAAT,SAAS,CAAQ;QACjB,cAAS,GAAT,SAAS,CAAQ;QAG1B,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED;;;;;;;;;;GAUG;AACH,MAAM,OAAO,eAAe;IACjB,KAAK,CAAsB;IAC3B,QAAQ,GAAG,IAAI,GAAG,EAAmC,CAAC;IAE/D,YAAY,OAA4B,mBAAmB;QACzD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;IACpB,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAI,SAAiB;QACzB,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QACnC,IAAI,SAA8B,CAAC;QACnC,IAAI,QAAoC,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,OAAO,CAAI,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClD,SAAS,GAAG,OAAO,CAAC;YACpB,QAAQ,GAAG,MAAM,CAAC;QACpB,CAAC,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,EAAE;YACvC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACtC,IAAI,CAAC,OAAO;gBAAE,OAAO,CAAC,4BAA4B;YAClD,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACzB,OAAO,CAAC,MAAM,CAAC,IAAI,mBAAmB,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC,CAAC;QACzD,CAAC,EAAE,SAAS,CAAC,CAAC;QACd,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,EAAE;YACpB,OAAO,EAAE,SAAqC;YAC9C,MAAM,EAAE,QAAQ;YAChB,KAAK;SACN,CAAC,CAAC;QACH,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC;IAC1B,CAAC;IAED,iFAAiF;IACjF,OAAO,CAAC,EAAU,EAAE,OAAgB;QAClC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACtC,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAC3B,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACzB,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACvC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,4DAA4D;IAC5D,MAAM,CAAC,EAAU,EAAE,MAAe;QAChC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACtC,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAC3B,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACzB,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACvC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,iEAAiE;IACjE,SAAS,CAAC,MAAe;QACvB,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;QACjC,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;YACpD,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACvC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACvB,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC3B,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kDAAkD;IAClD,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC5B,CAAC;CACF"}

package/dist/native-host/transport.d.ts

@@ -0,0 +1,54 @@
+import type { Readable, Writable } from 'node:stream';
+/** Max bytes for a host -> extension message (1 MB), per Chrome/Edge spec. */
+export declare const MAX_HOST_TO_EXT_BYTES: number;
+/** Max bytes for an extension -> host message (4 GB), per Chrome/Edge spec. */
+export declare const MAX_EXT_TO_HOST_BYTES: number;
+/** Width of the little-endian length prefix. */
+export declare const LENGTH_PREFIX_BYTES = 4;
+/**
+ * Encode a value into a framed native-messaging buffer: a 4-byte little-endian
+ * length header followed by the UTF-8 JSON body.
+ *
+ * Throws if the encoded body exceeds the host -> extension 1 MB cap.
+ */
+export declare function encodeMessage(value: unknown): Buffer;
+/**
+ * Write a single framed message to a stream (default `process.stdout`). The
+ * promise resolves once the bytes are flushed to the underlying handle.
+ */
+export declare function writeMessage(value: unknown, out?: Writable): Promise<void>;
+/**
+ * Streaming decoder for the inbound (extension -> host) direction. Feed it raw
+ * chunks as they arrive; it emits each fully-framed JSON message via the
+ * `onMessage` callback. Enforces the 4 GB ext -> host cap on the declared
+ * length before buffering the body.
+ */
+export interface MessageDecoderOptions {
+    /** Max declared frame length before the ext -> host cap guard throws. */
+    readonly maxBytes?: number;
+    /** Invoked when a frame body fails to JSON-parse; the frame is then skipped. */
+    readonly onError?: (error: Error) => void;
+}
+export declare class MessageDecoder {
+    #private;
+    constructor(onMessage: (message: unknown) => void, options?: MessageDecoderOptions);
+    /** Append a chunk and drain any complete messages it now contains. */
+    push(chunk: Buffer): void;
+    /** Number of bytes currently buffered awaiting a complete frame. */
+    get pending(): number;
+}
+export interface ReadMessagesOptions {
+    /** Stream to read from (default `process.stdin`). */
+    readonly input?: Readable;
+    /** Invoked when a malformed frame is skipped (does not reject the promise). */
+    readonly onError?: (error: Error) => void;
+}
+/**
+ * Read framed messages from a stream (default `process.stdin`), invoking
+ * `onMessage` for each. Resolves when the stream ends; rejects on a stream
+ * error or a frame that violates the size cap. A frame whose body fails to
+ * JSON-parse is skipped (reported via `onError`) rather than terminating the
+ * stream — a single malformed message from the extension must not kill the host.
+ */
+export declare function readMessages(onMessage: (message: unknown) => void, options?: ReadMessagesOptions): Promise<void>;
+//# sourceMappingURL=transport.d.ts.map

package/dist/native-host/transport.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"transport.d.ts","sourceRoot":"","sources":["../../src/native-host/transport.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEtD,8EAA8E;AAC9E,eAAO,MAAM,qBAAqB,QAAc,CAAC;AAEjD,+EAA+E;AAC/E,eAAO,MAAM,qBAAqB,QAAyB,CAAC;AAE5D,gDAAgD;AAChD,eAAO,MAAM,mBAAmB,IAAI,CAAC;AAErC;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAUpD;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,GAAE,QAAyB,GAAG,OAAO,CAAC,IAAI,CAAC,CAK1F;AAED;;;;;GAKG;AACH,MAAM,WAAW,qBAAqB;IACpC,yEAAyE;IACzE,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,gFAAgF;IAChF,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;CAC3C;AAED,qBAAa,cAAc;;gBAOb,SAAS,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,IAAI,EAAE,OAAO,GAAE,qBAA0B;IAMtF,sEAAsE;IACtE,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAqCzB,oEAAoE;IACpE,IAAI,OAAO,IAAI,MAAM,CAEpB;CACF;AAED,MAAM,WAAW,mBAAmB;IAClC,qDAAqD;IACrD,QAAQ,CAAC,KAAK,CAAC,EAAE,QAAQ,CAAC;IAC1B,+EAA+E;IAC/E,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;CAC3C;AAED;;;;;;GAMG;AACH,wBAAgB,YAAY,CAC1B,SAAS,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,IAAI,EACrC,OAAO,GAAE,mBAAwB,GAChC,OAAO,CAAC,IAAI,CAAC,CAiBf"}

package/dist/native-host/transport.js

@@ -0,0 +1,113 @@
+// Chrome / Edge native-messaging transport (ADR-0007 action item 4).
+//
+// Framing: a 4-byte little-endian uint32 length header followed by that many
+// bytes of UTF-8 JSON. Size caps come straight from the Microsoft Edge
+// native-messaging docs (echoed for Chrome): a single message *from* the host
+// to the extension may be at most 1 MB; a message *to* the host may be up to
+// 4 GB. We enforce the 1 MB cap on write (host -> ext) and the 4 GB cap on
+// read (ext -> host) so a misbehaving peer can't make us buffer unbounded.
+/** Max bytes for a host -> extension message (1 MB), per Chrome/Edge spec. */
+export const MAX_HOST_TO_EXT_BYTES = 1024 * 1024;
+/** Max bytes for an extension -> host message (4 GB), per Chrome/Edge spec. */
+export const MAX_EXT_TO_HOST_BYTES = 4 * 1024 * 1024 * 1024;
+/** Width of the little-endian length prefix. */
+export const LENGTH_PREFIX_BYTES = 4;
+/**
+ * Encode a value into a framed native-messaging buffer: a 4-byte little-endian
+ * length header followed by the UTF-8 JSON body.
+ *
+ * Throws if the encoded body exceeds the host -> extension 1 MB cap.
+ */
+export function encodeMessage(value) {
+    const body = Buffer.from(JSON.stringify(value), 'utf8');
+    if (body.length > MAX_HOST_TO_EXT_BYTES) {
+        throw new Error(`native-messaging: message of ${body.length} bytes exceeds the ${MAX_HOST_TO_EXT_BYTES}-byte host->ext cap`);
+    }
+    const header = Buffer.allocUnsafe(LENGTH_PREFIX_BYTES);
+    header.writeUInt32LE(body.length, 0);
+    return Buffer.concat([header, body]);
+}
+/**
+ * Write a single framed message to a stream (default `process.stdout`). The
+ * promise resolves once the bytes are flushed to the underlying handle.
+ */
+export function writeMessage(value, out = process.stdout) {
+    const framed = encodeMessage(value);
+    return new Promise((resolve, reject) => {
+        out.write(framed, (err) => (err ? reject(err) : resolve()));
+    });
+}
+export class MessageDecoder {
+    #buffer = Buffer.alloc(0);
+    #expectedLength = null;
+    #onMessage;
+    #maxBytes;
+    #onError;
+    constructor(onMessage, options = {}) {
+        this.#onMessage = onMessage;
+        this.#maxBytes = options.maxBytes ?? MAX_EXT_TO_HOST_BYTES;
+        this.#onError = options.onError;
+    }
+    /** Append a chunk and drain any complete messages it now contains. */
+    push(chunk) {
+        this.#buffer = this.#buffer.length === 0 ? chunk : Buffer.concat([this.#buffer, chunk]);
+        // Loop because one chunk may complete multiple queued messages.
+        for (;;) {
+            if (this.#expectedLength === null) {
+                if (this.#buffer.length < LENGTH_PREFIX_BYTES)
+                    return;
+                const len = this.#buffer.readUInt32LE(0);
+                if (len > this.#maxBytes) {
+                    throw new Error(`native-messaging: declared length ${len} exceeds the ${this.#maxBytes}-byte ext->host cap`);
+                }
+                this.#expectedLength = len;
+                this.#buffer = this.#buffer.subarray(LENGTH_PREFIX_BYTES);
+            }
+            if (this.#buffer.length < this.#expectedLength)
+                return;
+            const body = this.#buffer.subarray(0, this.#expectedLength);
+            this.#buffer = this.#buffer.subarray(this.#expectedLength);
+            this.#expectedLength = null;
+            // A single malformed frame must not kill the host loop: skip it (the
+            // frame was already consumed above, so the stream stays correctly aligned
+            // for the next length-prefixed message) and report it via onError.
+            let parsed;
+            try {
+                parsed = JSON.parse(body.toString('utf8'));
+            }
+            catch (err) {
+                this.#onError?.(err instanceof Error ? err : new Error(String(err)));
+                continue;
+            }
+            this.#onMessage(parsed);
+        }
+    }
+    /** Number of bytes currently buffered awaiting a complete frame. */
+    get pending() {
+        return this.#buffer.length;
+    }
+}
+/**
+ * Read framed messages from a stream (default `process.stdin`), invoking
+ * `onMessage` for each. Resolves when the stream ends; rejects on a stream
+ * error or a frame that violates the size cap. A frame whose body fails to
+ * JSON-parse is skipped (reported via `onError`) rather than terminating the
+ * stream — a single malformed message from the extension must not kill the host.
+ */
+export function readMessages(onMessage, options = {}) {
+    const input = options.input ?? process.stdin;
+    const decoder = new MessageDecoder(onMessage, options.onError !== undefined ? { onError: options.onError } : {});
+    return new Promise((resolve, reject) => {
+        input.on('data', (chunk) => {
+            try {
+                decoder.push(chunk);
+            }
+            catch (err) {
+                reject(err);
+            }
+        });
+        input.on('end', resolve);
+        input.on('error', reject);
+    });
+}
+//# sourceMappingURL=transport.js.map