@pingagent/sdk 0.1.7 → 0.1.9

package/dist/chunk-3OEFISNL.js

@@ -0,0 +1,2433 @@
+// src/client.ts
+import { SCHEMA_TASK, SCHEMA_CONTACT_REQUEST, SCHEMA_RESULT, SCHEMA_TEXT } from "@pingagent/schemas";
+import {
+  buildUnsignedEnvelope,
+  signEnvelope
+} from "@pingagent/protocol";
+
+// src/transport.ts
+import { ErrorCode } from "@pingagent/schemas";
+var HttpTransport = class {
+  serverUrl;
+  accessToken;
+  maxRetries;
+  onTokenRefreshed;
+  constructor(opts) {
+    this.serverUrl = opts.serverUrl.replace(/\/$/, "");
+    this.accessToken = opts.accessToken;
+    this.maxRetries = opts.maxRetries ?? 3;
+    this.onTokenRefreshed = opts.onTokenRefreshed;
+  }
+  setToken(token) {
+    this.accessToken = token;
+  }
+  /** Fetch a URL with Bearer auth (e.g. artifact upload/download). */
+  async fetchWithAuth(url, options = {}) {
+    const headers = { Authorization: `Bearer ${this.accessToken}` };
+    if (options.contentType) headers["Content-Type"] = options.contentType;
+    const res = await fetch(url, {
+      method: options.method ?? "GET",
+      headers,
+      body: options.body ?? void 0
+    });
+    if (!res.ok) {
+      const text = await res.text();
+      throw new Error(`Request failed (${res.status}): ${text.slice(0, 200)}`);
+    }
+    return res.arrayBuffer();
+  }
+  async request(method, path4, body, skipAuth = false) {
+    const url = `${this.serverUrl}${path4}`;
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (!skipAuth) {
+      headers["Authorization"] = `Bearer ${this.accessToken}`;
+    }
+    let lastError = null;
+    const delays = [1e3, 2e3, 4e3];
+    for (let attempt = 0; attempt <= this.maxRetries; attempt++) {
+      try {
+        const res = await fetch(url, {
+          method,
+          headers,
+          body: body ? JSON.stringify(body) : void 0
+        });
+        const text = await res.text();
+        let data;
+        try {
+          data = text ? JSON.parse(text) : {};
+        } catch {
+          throw new Error(`Server returned non-JSON (${res.status}): ${text.slice(0, 200)}`);
+        }
+        if (res.status === 401 && data.error?.code === ErrorCode.TOKEN_EXPIRED && attempt === 0) {
+          const refreshed = await this.refreshToken();
+          if (refreshed) {
+            headers["Authorization"] = `Bearer ${this.accessToken}`;
+            continue;
+          }
+        }
+        if (res.status === 429 && data.error?.retry_after_ms) {
+          await sleep(data.error.retry_after_ms);
+          continue;
+        }
+        if (res.status >= 500 && attempt < this.maxRetries) {
+          await sleep(delays[attempt] ?? 4e3);
+          continue;
+        }
+        return data;
+      } catch (e) {
+        lastError = e;
+        if (attempt < this.maxRetries) {
+          await sleep(delays[attempt] ?? 4e3);
+        }
+      }
+    }
+    throw lastError ?? new Error("Request failed after retries");
+  }
+  async refreshToken() {
+    try {
+      const res = await fetch(`${this.serverUrl}/v1/auth/refresh`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ access_token: this.accessToken })
+      });
+      if (!res.ok) return false;
+      const text = await res.text();
+      let data;
+      try {
+        data = text ? JSON.parse(text) : {};
+      } catch {
+        return false;
+      }
+      if (!data.ok || !data.data) return false;
+      this.accessToken = data.data.access_token;
+      const expiresAt = Date.now() + data.data.expires_ms;
+      this.onTokenRefreshed?.(data.data.access_token, expiresAt);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+};
+function sleep(ms) {
+  return new Promise((resolve2) => setTimeout(resolve2, ms));
+}
+
+// src/contacts.ts
+function rowToContact(row) {
+  return {
+    did: row.did,
+    alias: row.alias ?? void 0,
+    display_name: row.display_name ?? void 0,
+    notes: row.notes ?? void 0,
+    conversation_id: row.conversation_id ?? void 0,
+    trusted: row.trusted === 1,
+    added_at: row.added_at,
+    last_message_at: row.last_message_at ?? void 0,
+    tags: row.tags ? JSON.parse(row.tags) : void 0
+  };
+}
+var ContactManager = class {
+  store;
+  constructor(store) {
+    this.store = store;
+  }
+  add(contact) {
+    const db = this.store.getDb();
+    const now = contact.added_at ?? Date.now();
+    db.prepare(`
+      INSERT INTO contacts (did, alias, display_name, notes, conversation_id, trusted, added_at, last_message_at, tags)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+      ON CONFLICT(did) DO UPDATE SET
+        alias = COALESCE(excluded.alias, contacts.alias),
+        display_name = COALESCE(excluded.display_name, contacts.display_name),
+        notes = COALESCE(excluded.notes, contacts.notes),
+        conversation_id = COALESCE(excluded.conversation_id, contacts.conversation_id),
+        trusted = excluded.trusted,
+        last_message_at = COALESCE(excluded.last_message_at, contacts.last_message_at),
+        tags = COALESCE(excluded.tags, contacts.tags)
+    `).run(
+      contact.did,
+      contact.alias ?? null,
+      contact.display_name ?? null,
+      contact.notes ?? null,
+      contact.conversation_id ?? null,
+      contact.trusted ? 1 : 0,
+      now,
+      contact.last_message_at ?? null,
+      contact.tags ? JSON.stringify(contact.tags) : null
+    );
+    return { ...contact, added_at: now };
+  }
+  remove(did) {
+    const result = this.store.getDb().prepare("DELETE FROM contacts WHERE did = ?").run(did);
+    return result.changes > 0;
+  }
+  get(did) {
+    const row = this.store.getDb().prepare("SELECT * FROM contacts WHERE did = ?").get(did);
+    return row ? rowToContact(row) : null;
+  }
+  update(did, updates) {
+    const existing = this.get(did);
+    if (!existing) return null;
+    const fields = [];
+    const values = [];
+    if (updates.alias !== void 0) {
+      fields.push("alias = ?");
+      values.push(updates.alias);
+    }
+    if (updates.display_name !== void 0) {
+      fields.push("display_name = ?");
+      values.push(updates.display_name);
+    }
+    if (updates.notes !== void 0) {
+      fields.push("notes = ?");
+      values.push(updates.notes);
+    }
+    if (updates.conversation_id !== void 0) {
+      fields.push("conversation_id = ?");
+      values.push(updates.conversation_id);
+    }
+    if (updates.trusted !== void 0) {
+      fields.push("trusted = ?");
+      values.push(updates.trusted ? 1 : 0);
+    }
+    if (updates.last_message_at !== void 0) {
+      fields.push("last_message_at = ?");
+      values.push(updates.last_message_at);
+    }
+    if (updates.tags !== void 0) {
+      fields.push("tags = ?");
+      values.push(JSON.stringify(updates.tags));
+    }
+    if (fields.length === 0) return existing;
+    values.push(did);
+    this.store.getDb().prepare(`UPDATE contacts SET ${fields.join(", ")} WHERE did = ?`).run(...values);
+    return this.get(did);
+  }
+  list(opts) {
+    const conditions = [];
+    const params = [];
+    if (opts?.trusted !== void 0) {
+      conditions.push("trusted = ?");
+      params.push(opts.trusted ? 1 : 0);
+    }
+    if (opts?.tag) {
+      conditions.push("tags LIKE ?");
+      params.push(`%"${opts.tag}"%`);
+    }
+    const where = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
+    const limit = opts?.limit ? `LIMIT ${opts.limit}` : "";
+    const offset = opts?.offset ? `OFFSET ${opts.offset}` : "";
+    const rows = this.store.getDb().prepare(`SELECT * FROM contacts ${where} ORDER BY added_at DESC ${limit} ${offset}`).all(...params);
+    return rows.map(rowToContact);
+  }
+  search(query) {
+    const pattern = `%${query}%`;
+    const rows = this.store.getDb().prepare(`
+        SELECT * FROM contacts
+        WHERE did LIKE ? OR alias LIKE ? OR display_name LIKE ? OR notes LIKE ?
+        ORDER BY added_at DESC
+      `).all(pattern, pattern, pattern, pattern);
+    return rows.map(rowToContact);
+  }
+  export(format = "json") {
+    const contacts = this.list();
+    if (format === "csv") {
+      const header = "did,alias,display_name,notes,conversation_id,trusted,added_at,last_message_at,tags";
+      const rows = contacts.map(
+        (c) => [
+          c.did,
+          c.alias ?? "",
+          c.display_name ?? "",
+          c.notes ?? "",
+          c.conversation_id ?? "",
+          c.trusted,
+          c.added_at,
+          c.last_message_at ?? "",
+          c.tags ? JSON.stringify(c.tags) : ""
+        ].map((v) => `"${String(v).replace(/"/g, '""')}"`).join(",")
+      );
+      return [header, ...rows].join("\n");
+    }
+    return JSON.stringify(contacts, null, 2);
+  }
+  import(data, format = "json") {
+    let imported = 0;
+    let skipped = 0;
+    if (format === "json") {
+      const contacts = JSON.parse(data);
+      for (const c of contacts) {
+        try {
+          this.add(c);
+          imported++;
+        } catch {
+          skipped++;
+        }
+      }
+    } else {
+      const lines = data.split("\n").filter((l) => l.trim());
+      for (let i = 1; i < lines.length; i++) {
+        try {
+          const cols = parseCsvLine(lines[i]);
+          this.add({
+            did: cols[0],
+            alias: cols[1] || void 0,
+            display_name: cols[2] || void 0,
+            notes: cols[3] || void 0,
+            conversation_id: cols[4] || void 0,
+            trusted: cols[5] === "1" || cols[5] === "true",
+            added_at: parseInt(cols[6]) || Date.now(),
+            last_message_at: cols[7] ? parseInt(cols[7]) : void 0,
+            tags: cols[8] ? JSON.parse(cols[8]) : void 0
+          });
+          imported++;
+        } catch {
+          skipped++;
+        }
+      }
+    }
+    return { imported, skipped };
+  }
+};
+function parseCsvLine(line) {
+  const result = [];
+  let current = "";
+  let inQuotes = false;
+  for (let i = 0; i < line.length; i++) {
+    const ch = line[i];
+    if (inQuotes) {
+      if (ch === '"' && line[i + 1] === '"') {
+        current += '"';
+        i++;
+      } else if (ch === '"') {
+        inQuotes = false;
+      } else {
+        current += ch;
+      }
+    } else {
+      if (ch === '"') {
+        inQuotes = true;
+      } else if (ch === ",") {
+        result.push(current);
+        current = "";
+      } else {
+        current += ch;
+      }
+    }
+  }
+  result.push(current);
+  return result;
+}
+
+// src/history.ts
+function rowToMessage(row) {
+  return {
+    conversation_id: row.conversation_id,
+    message_id: row.message_id,
+    seq: row.seq ?? void 0,
+    sender_did: row.sender_did,
+    schema: row.schema,
+    payload: JSON.parse(row.payload),
+    ts_ms: row.ts_ms,
+    direction: row.direction
+  };
+}
+var HistoryManager = class {
+  store;
+  constructor(store) {
+    this.store = store;
+  }
+  save(messages) {
+    const db = this.store.getDb();
+    const stmt = db.prepare(`
+      INSERT INTO messages (conversation_id, message_id, seq, sender_did, schema, payload, ts_ms, direction)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+      ON CONFLICT(message_id) DO UPDATE SET
+        seq = COALESCE(excluded.seq, messages.seq),
+        payload = excluded.payload,
+        ts_ms = excluded.ts_ms
+    `);
+    let count = 0;
+    const tx = db.transaction(() => {
+      for (const msg of messages) {
+        stmt.run(
+          msg.conversation_id,
+          msg.message_id,
+          msg.seq ?? null,
+          msg.sender_did,
+          msg.schema,
+          JSON.stringify(msg.payload),
+          msg.ts_ms,
+          msg.direction
+        );
+        count++;
+      }
+    });
+    tx();
+    return count;
+  }
+  list(conversationId, opts) {
+    const conditions = ["conversation_id = ?"];
+    const params = [conversationId];
+    if (opts?.beforeSeq !== void 0) {
+      conditions.push("seq < ?");
+      params.push(opts.beforeSeq);
+    }
+    if (opts?.afterSeq !== void 0) {
+      conditions.push("seq > ?");
+      params.push(opts.afterSeq);
+    }
+    if (opts?.beforeTsMs !== void 0) {
+      conditions.push("ts_ms < ?");
+      params.push(opts.beforeTsMs);
+    }
+    if (opts?.afterTsMs !== void 0) {
+      conditions.push("ts_ms > ?");
+      params.push(opts.afterTsMs);
+    }
+    const limit = opts?.limit ?? 100;
+    const rows = this.store.getDb().prepare(`SELECT * FROM messages WHERE ${conditions.join(" AND ")} ORDER BY COALESCE(seq, ts_ms) ASC LIMIT ?`).all(...params, limit);
+    return rows.map(rowToMessage);
+  }
+  /**
+   * List the most recent N messages *before* a seq (paging older history).
+   * Only compares rows where seq is not null.
+   */
+  listBeforeSeq(conversationId, beforeSeq, limit) {
+    const rows = this.store.getDb().prepare(
+      `SELECT * FROM messages
+         WHERE conversation_id = ? AND seq IS NOT NULL AND seq < ?
+         ORDER BY seq DESC
+         LIMIT ?`
+    ).all(conversationId, beforeSeq, limit);
+    return rows.map(rowToMessage).reverse();
+  }
+  /**
+   * List the most recent N messages *before* a timestamp (paging older history).
+   */
+  listBeforeTs(conversationId, beforeTsMs, limit) {
+    const rows = this.store.getDb().prepare(
+      `SELECT * FROM messages
+         WHERE conversation_id = ? AND ts_ms < ?
+         ORDER BY ts_ms DESC
+         LIMIT ?`
+    ).all(conversationId, beforeTsMs, limit);
+    return rows.map(rowToMessage).reverse();
+  }
+  /** Returns the N most recent messages (chronological order, oldest to newest of those N). */
+  listRecent(conversationId, limit) {
+    const rows = this.store.getDb().prepare(
+      `SELECT * FROM messages WHERE conversation_id = ? ORDER BY COALESCE(seq, ts_ms) DESC LIMIT ?`
+    ).all(conversationId, limit);
+    return rows.map(rowToMessage).reverse();
+  }
+  search(query, opts) {
+    const conditions = ["payload LIKE ?"];
+    const params = [`%${query}%`];
+    if (opts?.conversationId) {
+      conditions.push("conversation_id = ?");
+      params.push(opts.conversationId);
+    }
+    const limit = opts?.limit ?? 50;
+    const rows = this.store.getDb().prepare(`SELECT * FROM messages WHERE ${conditions.join(" AND ")} ORDER BY ts_ms DESC LIMIT ?`).all(...params, limit);
+    return rows.map(rowToMessage);
+  }
+  delete(conversationId) {
+    const result = this.store.getDb().prepare("DELETE FROM messages WHERE conversation_id = ?").run(conversationId);
+    this.store.getDb().prepare("DELETE FROM sync_state WHERE conversation_id = ?").run(conversationId);
+    return result.changes;
+  }
+  listConversations() {
+    const rows = this.store.getDb().prepare(`
+        SELECT conversation_id, COUNT(*) as message_count, MAX(ts_ms) as last_message_at
+        FROM messages
+        GROUP BY conversation_id
+        ORDER BY last_message_at DESC
+      `).all();
+    return rows;
+  }
+  getLastSyncedSeq(conversationId) {
+    const row = this.store.getDb().prepare("SELECT last_synced_seq FROM sync_state WHERE conversation_id = ?").get(conversationId);
+    return row?.last_synced_seq ?? 0;
+  }
+  setLastSyncedSeq(conversationId, seq) {
+    this.store.getDb().prepare(`
+      INSERT INTO sync_state (conversation_id, last_synced_seq, last_synced_at)
+      VALUES (?, ?, ?)
+      ON CONFLICT(conversation_id) DO UPDATE SET last_synced_seq = excluded.last_synced_seq, last_synced_at = excluded.last_synced_at
+    `).run(conversationId, seq, Date.now());
+  }
+  export(opts) {
+    const format = opts?.format ?? "json";
+    let messages;
+    if (opts?.conversationId) {
+      messages = this.list(opts.conversationId, { limit: 1e5 });
+    } else {
+      const rows = this.store.getDb().prepare("SELECT * FROM messages ORDER BY ts_ms ASC").all();
+      messages = rows.map(rowToMessage);
+    }
+    if (format === "csv") {
+      const header = "conversation_id,message_id,seq,sender_did,schema,payload,ts_ms,direction";
+      const lines = messages.map(
+        (m) => [
+          m.conversation_id,
+          m.message_id,
+          m.seq ?? "",
+          m.sender_did,
+          m.schema,
+          JSON.stringify(m.payload),
+          m.ts_ms,
+          m.direction
+        ].map((v) => `"${String(v).replace(/"/g, '""')}"`).join(",")
+      );
+      return [header, ...lines].join("\n");
+    }
+    return JSON.stringify(messages, null, 2);
+  }
+  async syncFromServer(client, conversationId, opts) {
+    const sinceSeq = opts?.full ? 0 : this.getLastSyncedSeq(conversationId);
+    let totalSynced = 0;
+    let currentSeq = sinceSeq;
+    while (true) {
+      const res = await client.fetchInbox(conversationId, {
+        sinceSeq: currentSeq,
+        limit: 50
+      });
+      if (!res.ok || !res.data || res.data.messages.length === 0) break;
+      const messages = res.data.messages.map((msg) => ({
+        conversation_id: conversationId,
+        message_id: msg.message_id,
+        seq: msg.seq,
+        sender_did: msg.sender_did,
+        schema: msg.schema,
+        payload: msg.payload,
+        ts_ms: msg.ts_ms,
+        direction: "received"
+      }));
+      this.save(messages);
+      totalSynced += messages.length;
+      currentSeq = res.data.next_since_seq;
+      this.setLastSyncedSeq(conversationId, currentSeq);
+      if (!res.data.has_more) break;
+    }
+    return { synced: totalSynced };
+  }
+  async listMergedRecent(client, conversationId, opts) {
+    const limit = opts?.limit ?? 50;
+    const box = opts?.box ?? "ready";
+    const local = this.listRecent(conversationId, limit * 2);
+    const remoteRes = await client.fetchInbox(conversationId, { sinceSeq: 0, limit, box: box === "all" ? "ready" : box });
+    const remote = remoteRes.ok && remoteRes.data ? remoteRes.data.messages.map((msg) => ({
+      conversation_id: conversationId,
+      message_id: msg.message_id,
+      seq: msg.seq,
+      sender_did: msg.sender_did,
+      schema: msg.schema,
+      payload: msg.payload,
+      ts_ms: msg.ts_ms,
+      direction: msg.sender_did === client.getDid() ? "sent" : "received"
+    })) : [];
+    const byId = /* @__PURE__ */ new Map();
+    for (const msg of [...local, ...remote]) byId.set(msg.message_id, msg);
+    return Array.from(byId.values()).sort((a, b) => (a.seq ?? a.ts_ms) - (b.seq ?? b.ts_ms)).slice(-limit);
+  }
+};
+
+// src/session.ts
+function rowToSession(row) {
+  return {
+    session_key: row.session_key,
+    remote_did: row.remote_did ?? void 0,
+    conversation_id: row.conversation_id ?? void 0,
+    trust_state: row.trust_state || "stranger",
+    last_message_preview: row.last_message_preview ?? void 0,
+    last_remote_activity_at: row.last_remote_activity_at ?? void 0,
+    last_read_seq: row.last_read_seq ?? 0,
+    unread_count: row.unread_count ?? 0,
+    active: row.active === 1,
+    updated_at: row.updated_at ?? 0
+  };
+}
+function previewFromPayload(payload) {
+  if (payload == null) return "";
+  if (typeof payload === "string") return payload.slice(0, 280);
+  if (typeof payload !== "object") return String(payload).slice(0, 280);
+  const value = payload;
+  const preferred = value.text ?? value.title ?? value.summary ?? value.message ?? value.description ?? value.error_message;
+  if (typeof preferred === "string") return preferred.slice(0, 280);
+  return JSON.stringify(payload).slice(0, 280);
+}
+function buildSessionKey(opts) {
+  const type = opts.conversationType ?? "";
+  if (type === "channel" || type === "group" || opts.conversationId.startsWith("c_grp_")) {
+    return `hook:im:conv:${opts.conversationId}`;
+  }
+  const remote = (opts.remoteDid ?? "").trim();
+  if (!remote) {
+    return `hook:im:conv:${opts.conversationId}`;
+  }
+  const local = (opts.localDid ?? "").trim();
+  if (!local) {
+    return `hook:im:peer:${remote}:conv:${opts.conversationId}`;
+  }
+  return `hook:im:did:${local}:peer:${remote}`;
+}
+var SessionManager = class {
+  constructor(store) {
+    this.store = store;
+  }
+  upsert(state) {
+    const now = state.updated_at ?? Date.now();
+    const existing = this.get(state.session_key);
+    const next = {
+      session_key: state.session_key,
+      remote_did: state.remote_did ?? existing?.remote_did,
+      conversation_id: state.conversation_id ?? existing?.conversation_id,
+      trust_state: state.trust_state ?? existing?.trust_state ?? "stranger",
+      last_message_preview: state.last_message_preview ?? existing?.last_message_preview,
+      last_remote_activity_at: state.last_remote_activity_at ?? existing?.last_remote_activity_at,
+      last_read_seq: state.last_read_seq ?? existing?.last_read_seq ?? 0,
+      unread_count: state.unread_count ?? existing?.unread_count ?? 0,
+      active: state.active ?? existing?.active ?? false,
+      updated_at: now
+    };
+    if (next.active) {
+      this.store.getDb().prepare("UPDATE session_state SET active = 0 WHERE session_key != ?").run(next.session_key);
+    }
+    this.store.getDb().prepare(`
+      INSERT INTO session_state (
+        session_key, remote_did, conversation_id, trust_state, last_message_preview,
+        last_remote_activity_at, last_read_seq, unread_count, active, updated_at
+      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+      ON CONFLICT(session_key) DO UPDATE SET
+        remote_did = COALESCE(excluded.remote_did, session_state.remote_did),
+        conversation_id = COALESCE(excluded.conversation_id, session_state.conversation_id),
+        trust_state = excluded.trust_state,
+        last_message_preview = COALESCE(excluded.last_message_preview, session_state.last_message_preview),
+        last_remote_activity_at = COALESCE(excluded.last_remote_activity_at, session_state.last_remote_activity_at),
+        last_read_seq = excluded.last_read_seq,
+        unread_count = excluded.unread_count,
+        active = excluded.active,
+        updated_at = excluded.updated_at
+    `).run(
+      next.session_key,
+      next.remote_did ?? null,
+      next.conversation_id ?? null,
+      next.trust_state,
+      next.last_message_preview ?? null,
+      next.last_remote_activity_at ?? null,
+      next.last_read_seq,
+      next.unread_count,
+      next.active ? 1 : 0,
+      next.updated_at
+    );
+    return next;
+  }
+  upsertFromMessage(input) {
+    const sessionKey = input.session_key ?? buildSessionKey({
+      localDid: "",
+      remoteDid: input.remote_did ?? input.sender_did ?? "",
+      conversationId: input.conversation_id
+    });
+    const existing = this.get(sessionKey);
+    const preview = previewFromPayload(input.payload);
+    const isRemote = input.sender_is_self !== true;
+    const seq = input.seq ?? 0;
+    const lastReadSeq = existing?.last_read_seq ?? 0;
+    const unreadCount = isRemote && seq > lastReadSeq ? Math.max(existing?.unread_count ?? 0, seq - lastReadSeq) : existing?.unread_count ?? 0;
+    const activity = isRemote ? input.ts_ms ?? Date.now() : existing?.last_remote_activity_at;
+    return this.upsert({
+      session_key: sessionKey,
+      remote_did: input.remote_did ?? existing?.remote_did ?? (isRemote ? input.sender_did : void 0),
+      conversation_id: input.conversation_id,
+      trust_state: input.trust_state ?? existing?.trust_state ?? "stranger",
+      last_message_preview: preview || existing?.last_message_preview,
+      last_remote_activity_at: activity,
+      last_read_seq: existing?.last_read_seq ?? 0,
+      unread_count: unreadCount,
+      active: existing?.active ?? false,
+      updated_at: input.ts_ms ?? Date.now()
+    });
+  }
+  get(sessionKey) {
+    const row = this.store.getDb().prepare("SELECT * FROM session_state WHERE session_key = ?").get(sessionKey);
+    return row ? rowToSession(row) : null;
+  }
+  getByConversationId(conversationId) {
+    const row = this.store.getDb().prepare("SELECT * FROM session_state WHERE conversation_id = ? ORDER BY updated_at DESC LIMIT 1").get(conversationId);
+    return row ? rowToSession(row) : null;
+  }
+  getActiveSession() {
+    const row = this.store.getDb().prepare("SELECT * FROM session_state WHERE active = 1 ORDER BY updated_at DESC LIMIT 1").get();
+    return row ? rowToSession(row) : null;
+  }
+  listRecentSessions(limit = 20) {
+    const rows = this.store.getDb().prepare("SELECT * FROM session_state ORDER BY COALESCE(last_remote_activity_at, updated_at) DESC, updated_at DESC LIMIT ?").all(limit);
+    return rows.map(rowToSession);
+  }
+  focusSession(sessionKey) {
+    const session = this.get(sessionKey);
+    if (!session) return null;
+    this.store.getDb().prepare("UPDATE session_state SET active = CASE WHEN session_key = ? THEN 1 ELSE 0 END").run(sessionKey);
+    return this.get(sessionKey);
+  }
+  markRead(sessionKey, seq) {
+    const session = this.get(sessionKey);
+    if (!session) return null;
+    const lastReadSeq = Math.max(session.last_read_seq, seq ?? session.last_read_seq);
+    return this.upsert({
+      session_key: sessionKey,
+      last_read_seq: lastReadSeq,
+      unread_count: 0,
+      active: session.active
+    });
+  }
+  nextUnread() {
+    const row = this.store.getDb().prepare("SELECT * FROM session_state WHERE unread_count > 0 ORDER BY last_remote_activity_at DESC, updated_at DESC LIMIT 1").get();
+    return row ? rowToSession(row) : null;
+  }
+  resolveReplyTarget(sessionKey) {
+    const session = sessionKey ? this.get(sessionKey) : this.getActiveSession();
+    if (!session) return null;
+    return {
+      session_key: session.session_key,
+      remote_did: session.remote_did,
+      conversation_id: session.conversation_id,
+      trust_state: session.trust_state
+    };
+  }
+};
+
+// src/task-threads.ts
+function rowToThread(row) {
+  return {
+    task_id: row.task_id,
+    session_key: row.session_key,
+    conversation_id: row.conversation_id,
+    title: row.title ?? void 0,
+    status: row.status,
+    started_at: row.started_at ?? void 0,
+    updated_at: row.updated_at,
+    result_summary: row.result_summary ?? void 0,
+    error_code: row.error_code ?? void 0,
+    error_message: row.error_message ?? void 0
+  };
+}
+var TaskThreadManager = class {
+  constructor(store) {
+    this.store = store;
+  }
+  upsert(thread) {
+    const updatedAt = thread.updated_at ?? Date.now();
+    const existing = this.get(thread.task_id);
+    this.store.getDb().prepare(`
+      INSERT INTO task_threads (
+        task_id, session_key, conversation_id, title, status, started_at, updated_at, result_summary, error_code, error_message
+      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+      ON CONFLICT(task_id) DO UPDATE SET
+        session_key = excluded.session_key,
+        conversation_id = excluded.conversation_id,
+        title = COALESCE(excluded.title, task_threads.title),
+        status = excluded.status,
+        started_at = COALESCE(excluded.started_at, task_threads.started_at),
+        updated_at = excluded.updated_at,
+        result_summary = COALESCE(excluded.result_summary, task_threads.result_summary),
+        error_code = COALESCE(excluded.error_code, task_threads.error_code),
+        error_message = COALESCE(excluded.error_message, task_threads.error_message)
+    `).run(
+      thread.task_id,
+      thread.session_key,
+      thread.conversation_id,
+      thread.title ?? null,
+      thread.status,
+      thread.started_at ?? existing?.started_at ?? updatedAt,
+      updatedAt,
+      thread.result_summary ?? null,
+      thread.error_code ?? null,
+      thread.error_message ?? null
+    );
+    return this.get(thread.task_id);
+  }
+  get(taskId) {
+    const row = this.store.getDb().prepare("SELECT * FROM task_threads WHERE task_id = ?").get(taskId);
+    return row ? rowToThread(row) : null;
+  }
+  listBySession(sessionKey, limit = 20) {
+    const rows = this.store.getDb().prepare("SELECT * FROM task_threads WHERE session_key = ? ORDER BY updated_at DESC LIMIT ?").all(sessionKey, limit);
+    return rows.map(rowToThread);
+  }
+  listByConversation(conversationId, limit = 20) {
+    const rows = this.store.getDb().prepare("SELECT * FROM task_threads WHERE conversation_id = ? ORDER BY updated_at DESC LIMIT ?").all(conversationId, limit);
+    return rows.map(rowToThread);
+  }
+  listRecent(limit = 20) {
+    const rows = this.store.getDb().prepare("SELECT * FROM task_threads ORDER BY updated_at DESC LIMIT ?").all(limit);
+    return rows.map(rowToThread);
+  }
+};
+
+// src/client.ts
+var PingAgentClient = class {
+  constructor(opts) {
+    this.opts = opts;
+    this.identity = opts.identity;
+    this.transport = new HttpTransport({
+      serverUrl: opts.serverUrl,
+      accessToken: opts.accessToken,
+      onTokenRefreshed: opts.onTokenRefreshed
+    });
+    if (opts.store) {
+      this.contactManager = new ContactManager(opts.store);
+      this.historyManager = new HistoryManager(opts.store);
+      this.sessionManager = new SessionManager(opts.store);
+      this.taskThreadManager = new TaskThreadManager(opts.store);
+    }
+  }
+  transport;
+  identity;
+  contactManager;
+  historyManager;
+  sessionManager;
+  taskThreadManager;
+  getContactManager() {
+    return this.contactManager;
+  }
+  getHistoryManager() {
+    return this.historyManager;
+  }
+  getSessionManager() {
+    return this.sessionManager;
+  }
+  getTaskThreadManager() {
+    return this.taskThreadManager;
+  }
+  /** Update the in-memory access token (e.g. after proactive refresh from disk). */
+  setAccessToken(token) {
+    this.transport.setToken(token);
+  }
+  async register(developerToken) {
+    let binary = "";
+    for (const b of this.identity.publicKey) binary += String.fromCharCode(b);
+    const publicKeyBase64 = btoa(binary);
+    return this.transport.request("POST", "/v1/agent/register", {
+      device_id: this.identity.deviceId,
+      public_key: publicKeyBase64,
+      developer_token: developerToken
+    }, true);
+  }
+  async openConversation(targetDid) {
+    return this.transport.request("POST", "/v1/conversations/open", {
+      targets: [targetDid]
+    });
+  }
+  async sendMessage(conversationId, schema, payload) {
+    const ttlMs = schema === SCHEMA_TEXT ? 6048e5 : void 0;
+    const unsigned = buildUnsignedEnvelope({
+      type: "message",
+      conversationId,
+      senderDid: this.identity.did,
+      senderDeviceId: this.identity.deviceId,
+      schema,
+      payload,
+      ttlMs
+    });
+    const signed = signEnvelope(unsigned, this.identity.privateKey);
+    const res = await this.transport.request("POST", "/v1/messages/send", signed);
+    if (res.ok && this.historyManager) {
+      this.historyManager.save([{
+        conversation_id: conversationId,
+        message_id: signed.message_id,
+        seq: res.data?.seq,
+        sender_did: this.identity.did,
+        schema,
+        payload,
+        ts_ms: signed.ts_ms,
+        direction: "sent"
+      }]);
+      this.sessionManager?.upsertFromMessage({
+        session_key: this.sessionManager.getByConversationId(conversationId)?.session_key,
+        remote_did: this.sessionManager.getByConversationId(conversationId)?.remote_did,
+        conversation_id: conversationId,
+        trust_state: this.sessionManager.getByConversationId(conversationId)?.trust_state ?? "trusted",
+        sender_did: this.identity.did,
+        sender_is_self: true,
+        schema,
+        payload,
+        seq: res.data?.seq,
+        ts_ms: signed.ts_ms
+      });
+    }
+    return res;
+  }
+  async sendTask(conversationId, task) {
+    return this.sendMessage(conversationId, SCHEMA_TASK, {
+      ...task,
+      idempotency_key: task.task_id,
+      expected_output_schema: SCHEMA_RESULT
+    });
+  }
+  async sendContactRequest(conversationId, message) {
+    const { v7: uuidv7 } = await import("uuid");
+    return this.sendMessage(conversationId, SCHEMA_CONTACT_REQUEST, {
+      request_id: `r_${uuidv7()}`,
+      from_did: this.identity.did,
+      to_did: "",
+      capabilities: ["task", "result", "files"],
+      message,
+      expires_ms: 864e5
+    });
+  }
+  async fetchInbox(conversationId, opts) {
+    const params = new URLSearchParams({
+      conversation_id: conversationId,
+      since_seq: String(opts?.sinceSeq ?? 0),
+      limit: String(opts?.limit ?? 50),
+      box: opts?.box ?? "ready"
+    });
+    const res = await this.transport.request("GET", `/v1/inbox/fetch?${params}`);
+    if (res.ok && res.data && this.historyManager) {
+      const msgs = res.data.messages.map((msg) => ({
+        conversation_id: conversationId,
+        message_id: msg.message_id,
+        seq: msg.seq,
+        sender_did: msg.sender_did,
+        schema: msg.schema,
+        payload: msg.payload,
+        ts_ms: msg.ts_ms,
+        direction: msg.sender_did === this.identity.did ? "sent" : "received"
+      }));
+      if (msgs.length > 0) {
+        this.historyManager.save(msgs);
+        const maxSeq = Math.max(...msgs.map((m) => m.seq ?? 0));
+        if (maxSeq > 0) this.historyManager.setLastSyncedSeq(conversationId, maxSeq);
+      }
+      for (const msg of res.data.messages) {
+        const existingSession = this.sessionManager?.getByConversationId(conversationId);
+        this.sessionManager?.upsertFromMessage({
+          session_key: existingSession?.session_key,
+          remote_did: existingSession?.remote_did ?? (msg.sender_did !== this.identity.did ? msg.sender_did : void 0),
+          conversation_id: conversationId,
+          trust_state: existingSession?.trust_state ?? (opts?.box === "strangers" ? "pending" : "trusted"),
+          sender_did: msg.sender_did,
+          sender_is_self: msg.sender_did === this.identity.did,
+          schema: msg.schema,
+          payload: msg.payload,
+          seq: msg.seq,
+          ts_ms: msg.ts_ms
+        });
+        if (msg.schema === SCHEMA_RESULT && msg.payload?.task_id) {
+          const session = this.sessionManager?.getByConversationId(conversationId);
+          this.taskThreadManager?.upsert({
+            task_id: msg.payload.task_id,
+            session_key: session?.session_key ?? buildSessionKey({ localDid: this.identity.did, conversationId, remoteDid: session?.remote_did }),
+            conversation_id: conversationId,
+            status: msg.payload.status === "ok" ? "processed" : "failed",
+            updated_at: msg.ts_ms ?? Date.now(),
+            result_summary: msg.payload?.output?.summary,
+            error_code: msg.payload?.error?.code,
+            error_message: msg.payload?.error?.message
+          });
+        }
+      }
+    }
+    return res;
+  }
+  async ack(conversationId, forMessageId, status, opts) {
+    return this.transport.request("POST", "/v1/receipts/ack", {
+      conversation_id: conversationId,
+      for_message_id: forMessageId,
+      for_task_id: opts?.forTaskId,
+      status,
+      reason: opts?.reason,
+      detail: opts?.detail
+    });
+  }
+  async approveContact(conversationId) {
+    const res = await this.transport.request("POST", "/v1/control/approve_contact", {
+      conversation_id: conversationId
+    });
+    if (res.ok && this.contactManager) {
+      const pendingMessages = this.historyManager?.list(conversationId, { limit: 1 });
+      const senderDid = pendingMessages?.[0]?.sender_did;
+      if (senderDid && senderDid !== this.identity.did) {
+        this.contactManager.add({
+          did: senderDid,
+          conversation_id: res.data?.dm_conversation_id ?? conversationId,
+          trusted: true
+        });
+      }
+    }
+    if (res.ok) {
+      const existing = this.sessionManager?.getByConversationId(conversationId);
+      if (existing) {
+        this.sessionManager?.upsert({
+          session_key: existing.session_key,
+          conversation_id: res.data?.dm_conversation_id ?? conversationId,
+          trust_state: "trusted",
+          remote_did: existing.remote_did,
+          active: existing.active
+        });
+      }
+    }
+    return res;
+  }
+  async revokeConversation(conversationId) {
+    return this.transport.request("POST", "/v1/control/revoke_conversation", {
+      conversation_id: conversationId
+    });
+  }
+  async cancelTask(conversationId, taskId) {
+    const res = await this.transport.request("POST", "/v1/control/cancel_task", {
+      conversation_id: conversationId,
+      task_id: taskId
+    });
+    if (res.ok && res.data) {
+      const session = this.sessionManager?.getByConversationId(conversationId);
+      this.taskThreadManager?.upsert({
+        task_id: taskId,
+        session_key: session?.session_key ?? buildSessionKey({ localDid: this.identity.did, conversationId, remoteDid: session?.remote_did }),
+        conversation_id: conversationId,
+        status: normalizeTaskThreadStatus(res.data.task_state),
+        updated_at: Date.now()
+      });
+    }
+    return res;
+  }
+  async blockSender(conversationId, senderDid) {
+    return this.transport.request("POST", "/v1/control/block_sender", {
+      conversation_id: conversationId,
+      sender_did: senderDid
+    });
+  }
+  async acquireLease(conversationId) {
+    return this.transport.request("POST", "/v1/lease/acquire", {
+      conversation_id: conversationId
+    });
+  }
+  async renewLease(conversationId) {
+    return this.transport.request("POST", "/v1/lease/renew", {
+      conversation_id: conversationId
+    });
+  }
+  async releaseLease(conversationId) {
+    return this.transport.request("POST", "/v1/lease/release", {
+      conversation_id: conversationId
+    });
+  }
+  async uploadArtifact(content) {
+    const presignRes = await this.transport.request("POST", "/v1/artifacts/presign_upload", {
+      size: content.length,
+      content_type: "application/octet-stream"
+    });
+    if (!presignRes.ok || !presignRes.data) throw new Error("Failed to presign upload");
+    const { upload_url, artifact_ref } = presignRes.data;
+    await this.transport.fetchWithAuth(upload_url, {
+      method: "PUT",
+      body: content,
+      contentType: "application/octet-stream"
+    });
+    const { createHash } = await import("crypto");
+    const hash = createHash("sha256").update(content).digest("hex");
+    return { artifact_ref, sha256: hash, size: content.length };
+  }
+  async downloadArtifact(artifactRef, expectedSha256, expectedSize) {
+    const presignRes = await this.transport.request("POST", "/v1/artifacts/presign_download", {
+      artifact_ref: artifactRef
+    });
+    if (!presignRes.ok || !presignRes.data) throw new Error("Failed to presign download");
+    const buffer = Buffer.from(await this.transport.fetchWithAuth(presignRes.data.download_url));
+    if (buffer.length !== expectedSize) {
+      throw new Error(`Size mismatch: expected ${expectedSize}, got ${buffer.length}`);
+    }
+    const { createHash } = await import("crypto");
+    const hash = createHash("sha256").update(buffer).digest("hex");
+    if (hash !== expectedSha256) {
+      throw new Error(`SHA256 mismatch: expected ${expectedSha256}, got ${hash}`);
+    }
+    return buffer;
+  }
+  async getSubscription() {
+    return this.transport.request("GET", "/v1/subscription");
+  }
+  async resolveAlias(alias) {
+    return this.transport.request("GET", `/v1/directory/resolve?alias=${encodeURIComponent(alias)}`);
+  }
+  async registerAlias(alias) {
+    return this.transport.request("POST", "/v1/directory/alias", { alias });
+  }
+  async listConversations(opts) {
+    const params = new URLSearchParams();
+    if (opts?.type) params.set("type", opts.type);
+    const qs = params.toString();
+    const res = await this.transport.request("GET", `/v1/conversations/list${qs ? "?" + qs : ""}`);
+    if (res.ok && res.data && this.sessionManager) {
+      for (const conv of res.data.conversations) {
+        const trustState = conv.trusted ? "trusted" : conv.type === "pending_dm" ? "pending" : "stranger";
+        this.sessionManager.upsert({
+          session_key: buildSessionKey({
+            localDid: this.identity.did,
+            remoteDid: conv.target_did,
+            conversationId: conv.conversation_id,
+            conversationType: conv.type
+          }),
+          remote_did: conv.target_did,
+          conversation_id: conv.conversation_id,
+          trust_state: trustState,
+          last_remote_activity_at: conv.last_activity_at ?? void 0,
+          updated_at: conv.last_activity_at ?? conv.created_at
+        });
+      }
+    }
+    return res;
+  }
+  async getTaskStatus(conversationId, taskId) {
+    const params = new URLSearchParams({ conversation_id: conversationId, task_id: taskId });
+    const res = await this.transport.request("GET", `/v1/tasks/status?${params.toString()}`);
+    if (res.ok && res.data) {
+      const session = this.sessionManager?.getByConversationId(conversationId);
+      this.taskThreadManager?.upsert({
+        task_id: taskId,
+        session_key: session?.session_key ?? buildSessionKey({ localDid: this.identity.did, conversationId, remoteDid: session?.remote_did }),
+        conversation_id: conversationId,
+        status: res.data.status,
+        updated_at: res.data.last_update_ts_ms,
+        result_summary: res.data.result_summary,
+        error_code: res.data.error?.code,
+        error_message: res.data.error?.message ?? res.data.reason
+      });
+    }
+    return res;
+  }
+  async listTaskThreads(conversationId) {
+    const params = new URLSearchParams({ conversation_id: conversationId });
+    const res = await this.transport.request("GET", `/v1/tasks/list?${params.toString()}`);
+    if (res.ok && res.data) {
+      const session = this.sessionManager?.getByConversationId(conversationId);
+      for (const task of res.data.tasks) {
+        this.taskThreadManager?.upsert({
+          task_id: task.task_id,
+          session_key: session?.session_key ?? buildSessionKey({ localDid: this.identity.did, conversationId, remoteDid: session?.remote_did }),
+          conversation_id: conversationId,
+          title: task.title,
+          status: task.status,
+          updated_at: task.last_update_ts_ms,
+          result_summary: task.result_summary,
+          error_code: task.error?.code,
+          error_message: task.error?.message ?? task.reason
+        });
+      }
+    }
+    return res;
+  }
+  async getProfile() {
+    return this.transport.request("GET", "/v1/directory/profile");
+  }
+  async updateProfile(profile) {
+    return this.transport.request("POST", "/v1/directory/profile", profile);
+  }
+  async enableDiscovery() {
+    return this.transport.request("POST", "/v1/directory/enable_discovery");
+  }
+  async disableDiscovery() {
+    return this.transport.request("POST", "/v1/directory/disable_discovery");
+  }
+  async browseDirectory(opts) {
+    const params = new URLSearchParams();
+    if (opts?.tag) params.set("tag", opts.tag);
+    if (opts?.query) params.set("q", opts.query);
+    if (opts?.limit != null) params.set("limit", String(opts.limit));
+    if (opts?.offset != null) params.set("offset", String(opts.offset));
+    if (opts?.sort) params.set("sort", opts.sort);
+    const qs = params.toString();
+    return this.transport.request("GET", `/v1/directory/browse${qs ? "?" + qs : ""}`);
+  }
+  async publishPost(opts) {
+    return this.transport.request("POST", "/v1/feed/publish", { text: opts.text, artifact_ref: opts.artifact_ref });
+  }
+  async listFeedPublic(opts) {
+    const params = new URLSearchParams();
+    if (opts?.limit != null) params.set("limit", String(opts.limit));
+    if (opts?.since != null) params.set("since", String(opts.since));
+    const qs = params.toString();
+    return this.transport.request("GET", `/v1/feed/public${qs ? "?" + qs : ""}`, void 0, true);
+  }
+  async listFeedByDid(did, opts) {
+    const params = new URLSearchParams({ did });
+    if (opts?.limit != null) params.set("limit", String(opts.limit));
+    return this.transport.request("GET", `/v1/feed/by_did?${params.toString()}`, void 0, true);
+  }
+  async createChannel(opts) {
+    return this.transport.request("POST", "/v1/channels/create", {
+      name: opts.name,
+      alias: opts.alias,
+      description: opts.description,
+      join_policy: "open",
+      discoverable: opts.discoverable
+    });
+  }
+  async updateChannel(opts) {
+    const alias = opts.alias.replace(/^@ch\//, "");
+    return this.transport.request("PATCH", "/v1/channels/update", {
+      alias,
+      name: opts.name,
+      description: opts.description,
+      discoverable: opts.discoverable
+    });
+  }
+  async deleteChannel(alias) {
+    const a = alias.replace(/^@ch\//, "");
+    return this.transport.request("DELETE", "/v1/channels/delete", { alias: a });
+  }
+  async discoverChannels(opts) {
+    const params = new URLSearchParams();
+    if (opts?.limit != null) params.set("limit", String(opts.limit));
+    if (opts?.query) params.set("q", opts.query);
+    const qs = params.toString();
+    return this.transport.request("GET", `/v1/channels/discover${qs ? "?" + qs : ""}`, void 0, true);
+  }
+  async joinChannel(alias) {
+    return this.transport.request("POST", "/v1/channels/join", { alias });
+  }
+  getDid() {
+    return this.identity.did;
+  }
+  // === Billing: device linking ===
+  async createBillingLinkCode() {
+    return this.transport.request("POST", "/v1/billing/link-code");
+  }
+  async redeemBillingLink(code) {
+    return this.transport.request("POST", "/v1/billing/link", { code });
+  }
+  async unlinkBillingDevice(did) {
+    return this.transport.request("POST", "/v1/billing/unlink", { did });
+  }
+  async getLinkedDevices() {
+    return this.transport.request("GET", "/v1/billing/linked-devices");
+  }
+  // P0: High-level send-task-and-wait
+  async sendTaskAndWait(targetDid, task, opts) {
+    const { v7: uuidv7 } = await import("uuid");
+    const timeout = opts?.timeoutMs ?? 12e4;
+    const pollInterval = opts?.pollIntervalMs ?? 2e3;
+    const taskId = `t_${uuidv7()}`;
+    const startTime = Date.now();
+    const openRes = await this.openConversation(targetDid);
+    if (!openRes.ok || !openRes.data) {
+      return { status: "error", task_id: taskId, error: { code: "E_OPEN_FAILED", message: "Failed to open conversation" }, elapsed_ms: Date.now() - startTime };
+    }
+    let conversationId = openRes.data.conversation_id;
+    if (!openRes.data.trusted) {
+      await this.sendContactRequest(conversationId, task.title);
+      const approvalDeadline = startTime + timeout;
+      while (Date.now() < approvalDeadline) {
+        await sleep2(pollInterval);
+        const reopen = await this.openConversation(targetDid);
+        if (reopen.ok && reopen.data?.trusted) {
+          conversationId = reopen.data.conversation_id;
+          break;
+        }
+      }
+      if (Date.now() >= approvalDeadline) {
+        return { status: "error", task_id: taskId, error: { code: "E_NOT_APPROVED", message: "Contact request not approved within timeout" }, elapsed_ms: Date.now() - startTime };
+      }
+    }
+    const sendRes = await this.sendTask(conversationId, { task_id: taskId, ...task });
+    if (!sendRes.ok) {
+      return { status: "error", task_id: taskId, error: { code: sendRes.error?.code ?? "E_SEND_FAILED", message: sendRes.error?.message ?? "Send failed" }, elapsed_ms: Date.now() - startTime };
+    }
+    const session = this.sessionManager?.getByConversationId(conversationId);
+    this.taskThreadManager?.upsert({
+      task_id: taskId,
+      session_key: session?.session_key ?? buildSessionKey({ localDid: this.identity.did, conversationId, remoteDid: targetDid }),
+      conversation_id: conversationId,
+      title: task.title,
+      status: "queued",
+      started_at: Date.now(),
+      updated_at: Date.now()
+    });
+    const sinceSeq = sendRes.data?.seq ?? 0;
+    const deadline = startTime + timeout;
+    while (Date.now() < deadline) {
+      await sleep2(pollInterval);
+      const statusRes = await this.getTaskStatus(conversationId, taskId);
+      if (statusRes.ok && statusRes.data) {
+        if (statusRes.data.status === "failed" || statusRes.data.status === "cancelled") {
+          return {
+            status: "error",
+            task_id: taskId,
+            error: {
+              code: statusRes.data.error?.code ?? (statusRes.data.status === "cancelled" ? "E_CANCELLED" : "E_TASK_FAILED"),
+              message: statusRes.data.error?.message ?? statusRes.data.reason ?? `Task ${statusRes.data.status}`
+            },
+            elapsed_ms: Date.now() - startTime
+          };
+        }
+      }
+      const fetchRes = await this.fetchInbox(conversationId, { sinceSeq });
+      if (!fetchRes.ok || !fetchRes.data) continue;
+      for (const msg of fetchRes.data.messages) {
+        if (msg.schema === SCHEMA_RESULT && msg.payload?.task_id === taskId) {
+          return {
+            status: msg.payload.status === "ok" ? "ok" : "error",
+            task_id: taskId,
+            result: msg.payload.output,
+            error: msg.payload.error,
+            elapsed_ms: Date.now() - startTime
+          };
+        }
+      }
+    }
+    return { status: "error", task_id: taskId, error: { code: "E_TIMEOUT", message: `No result within ${timeout}ms` }, elapsed_ms: timeout };
+  }
+};
+function normalizeTaskThreadStatus(state) {
+  if (state === "completed") return "processed";
+  if (state === "cancel_requested") return "running";
+  if (state === "cancelled") return "cancelled";
+  if (state === "failed") return "failed";
+  if (state === "running") return "running";
+  return "queued";
+}
+function sleep2(ms) {
+  return new Promise((resolve2) => setTimeout(resolve2, ms));
+}
+
+// src/identity.ts
+import * as fs from "fs";
+import * as path2 from "path";
+import { generateIdentity as genId } from "@pingagent/protocol";
+
+// src/paths.ts
+import * as path from "path";
+import * as os from "os";
+var DEFAULT_ROOT_DIR = path.join(os.homedir(), ".pingagent");
+function getRootDir() {
+  return process.env.PINGAGENT_ROOT_DIR || DEFAULT_ROOT_DIR;
+}
+function getProfile() {
+  const p = process.env.PINGAGENT_PROFILE;
+  if (!p) return void 0;
+  return p.trim() || void 0;
+}
+function getIdentityPath(explicitPath) {
+  const envPath = process.env.PINGAGENT_IDENTITY_PATH?.trim();
+  if (explicitPath) return explicitPath;
+  if (envPath) return path.resolve(envPath.replace(/^~(?=\/|$)/, os.homedir()));
+  const root = getRootDir();
+  const profile = getProfile();
+  if (!profile) {
+    return path.join(root, "identity.json");
+  }
+  return path.join(root, "profiles", profile, "identity.json");
+}
+function getStorePath(explicitPath) {
+  const envPath = process.env.PINGAGENT_STORE_PATH?.trim();
+  if (explicitPath) return explicitPath;
+  if (envPath) return path.resolve(envPath.replace(/^~(?=\/|$)/, os.homedir()));
+  const root = getRootDir();
+  const profile = getProfile();
+  if (!profile) {
+    return path.join(root, "store.db");
+  }
+  return path.join(root, "profiles", profile, "store.db");
+}
+
+// src/identity.ts
+function toBase64(bytes) {
+  let binary = "";
+  for (const b of bytes) binary += String.fromCharCode(b);
+  return btoa(binary);
+}
+function fromBase64(b64) {
+  const binary = atob(b64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+  return bytes;
+}
+function generateIdentity() {
+  return genId();
+}
+function identityExists(identityPath) {
+  return fs.existsSync(getIdentityPath(identityPath));
+}
+function loadIdentity(identityPath) {
+  const p = getIdentityPath(identityPath);
+  const data = JSON.parse(fs.readFileSync(p, "utf-8"));
+  return {
+    publicKey: fromBase64(data.public_key),
+    privateKey: fromBase64(data.private_key),
+    did: data.did,
+    deviceId: data.device_id,
+    serverUrl: data.server_url,
+    accessToken: data.access_token,
+    tokenExpiresAt: data.token_expires_at,
+    mode: data.mode
+  };
+}
+function saveIdentity(identity, opts, identityPath) {
+  const p = getIdentityPath(identityPath);
+  const dir = path2.dirname(p);
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true, mode: 448 });
+  }
+  const stored = {
+    public_key: toBase64(identity.publicKey),
+    private_key: toBase64(identity.privateKey),
+    did: identity.did,
+    device_id: identity.deviceId,
+    server_url: opts?.serverUrl,
+    access_token: opts?.accessToken,
+    token_expires_at: opts?.tokenExpiresAt,
+    mode: opts?.mode,
+    alias: opts?.alias
+  };
+  fs.writeFileSync(p, JSON.stringify(stored, null, 2), { mode: 384 });
+}
+function updateStoredToken(accessToken, expiresAt, identityPath) {
+  const p = getIdentityPath(identityPath);
+  const data = JSON.parse(fs.readFileSync(p, "utf-8"));
+  data.access_token = accessToken;
+  data.token_expires_at = expiresAt;
+  fs.writeFileSync(p, JSON.stringify(data, null, 2), { mode: 384 });
+}
+
+// src/auth.ts
+var REFRESH_GRACE_MS = 5 * 60 * 1e3;
+async function ensureTokenValid(identityPath, serverUrl) {
+  if (!identityExists(identityPath)) return false;
+  const id = loadIdentity(identityPath);
+  const token = id.accessToken;
+  const expiresAt = id.tokenExpiresAt;
+  if (!token || expiresAt == null) return false;
+  const now = Date.now();
+  if (expiresAt > now + REFRESH_GRACE_MS) return false;
+  const baseUrl = (serverUrl ?? id.serverUrl ?? "https://pingagent.chat").replace(/\/$/, "");
+  try {
+    const res = await fetch(`${baseUrl}/v1/auth/refresh`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ access_token: token })
+    });
+    const text = await res.text();
+    let data;
+    try {
+      data = text ? JSON.parse(text) : {};
+    } catch {
+      return false;
+    }
+    if (!res.ok || !data.ok || !data.data?.access_token || data.data.expires_ms == null) return false;
+    const newExpiresAt = now + data.data.expires_ms;
+    updateStoredToken(data.data.access_token, newExpiresAt, identityPath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+// src/store.ts
+import Database from "better-sqlite3";
+import * as fs2 from "fs";
+import * as path3 from "path";
+var SCHEMA_SQL = `
+CREATE TABLE IF NOT EXISTS contacts (
+  did TEXT PRIMARY KEY,
+  alias TEXT,
+  display_name TEXT,
+  notes TEXT,
+  conversation_id TEXT,
+  trusted INTEGER NOT NULL DEFAULT 0,
+  added_at INTEGER NOT NULL,
+  last_message_at INTEGER,
+  tags TEXT
+);
+CREATE INDEX IF NOT EXISTS idx_contacts_alias ON contacts(alias);
+
+CREATE TABLE IF NOT EXISTS messages (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  conversation_id TEXT NOT NULL,
+  message_id TEXT NOT NULL UNIQUE,
+  seq INTEGER,
+  sender_did TEXT NOT NULL,
+  schema TEXT NOT NULL,
+  payload TEXT NOT NULL,
+  ts_ms INTEGER NOT NULL,
+  direction TEXT NOT NULL CHECK(direction IN ('sent', 'received'))
+);
+CREATE INDEX IF NOT EXISTS idx_messages_conv_seq ON messages(conversation_id, seq);
+CREATE INDEX IF NOT EXISTS idx_messages_ts ON messages(ts_ms);
+
+CREATE TABLE IF NOT EXISTS sync_state (
+  conversation_id TEXT PRIMARY KEY,
+  last_synced_seq INTEGER NOT NULL DEFAULT 0,
+  last_synced_at INTEGER
+);
+
+CREATE TABLE IF NOT EXISTS session_state (
+  session_key TEXT PRIMARY KEY,
+  remote_did TEXT,
+  conversation_id TEXT,
+  trust_state TEXT NOT NULL DEFAULT 'stranger',
+  last_message_preview TEXT,
+  last_remote_activity_at INTEGER,
+  last_read_seq INTEGER NOT NULL DEFAULT 0,
+  unread_count INTEGER NOT NULL DEFAULT 0,
+  active INTEGER NOT NULL DEFAULT 0,
+  updated_at INTEGER NOT NULL
+);
+CREATE INDEX IF NOT EXISTS idx_session_state_updated ON session_state(updated_at DESC);
+CREATE INDEX IF NOT EXISTS idx_session_state_conversation ON session_state(conversation_id);
+CREATE INDEX IF NOT EXISTS idx_session_state_remote_did ON session_state(remote_did);
+
+CREATE TABLE IF NOT EXISTS task_threads (
+  task_id TEXT PRIMARY KEY,
+  session_key TEXT NOT NULL,
+  conversation_id TEXT NOT NULL,
+  title TEXT,
+  status TEXT NOT NULL,
+  started_at INTEGER,
+  updated_at INTEGER NOT NULL,
+  result_summary TEXT,
+  error_code TEXT,
+  error_message TEXT
+);
+CREATE INDEX IF NOT EXISTS idx_task_threads_session ON task_threads(session_key, updated_at DESC);
+CREATE INDEX IF NOT EXISTS idx_task_threads_conversation ON task_threads(conversation_id, updated_at DESC);
+
+CREATE TABLE IF NOT EXISTS trust_policy_audit (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  ts_ms INTEGER NOT NULL,
+  event_type TEXT NOT NULL,
+  policy_scope TEXT,
+  remote_did TEXT,
+  sender_alias TEXT,
+  sender_verification_status TEXT,
+  session_key TEXT,
+  conversation_id TEXT,
+  action TEXT,
+  outcome TEXT,
+  explanation TEXT,
+  matched_rule TEXT,
+  detail_json TEXT
+);
+CREATE INDEX IF NOT EXISTS idx_trust_policy_audit_ts ON trust_policy_audit(ts_ms DESC, id DESC);
+CREATE INDEX IF NOT EXISTS idx_trust_policy_audit_session ON trust_policy_audit(session_key, ts_ms DESC);
+CREATE INDEX IF NOT EXISTS idx_trust_policy_audit_remote ON trust_policy_audit(remote_did, ts_ms DESC);
+`;
+var LocalStore = class {
+  db;
+  constructor(dbPath) {
+    const p = getStorePath(dbPath);
+    const dir = path3.dirname(p);
+    if (!fs2.existsSync(dir)) {
+      fs2.mkdirSync(dir, { recursive: true, mode: 448 });
+    }
+    this.db = new Database(p);
+    this.db.pragma("journal_mode = WAL");
+    this.db.exec(SCHEMA_SQL);
+    this.applyMigrations();
+  }
+  getDb() {
+    return this.db;
+  }
+  close() {
+    this.db.close();
+  }
+  applyMigrations() {
+    const alterStatements = [
+      `ALTER TABLE session_state ADD COLUMN remote_did TEXT`,
+      `ALTER TABLE session_state ADD COLUMN conversation_id TEXT`,
+      `ALTER TABLE session_state ADD COLUMN trust_state TEXT NOT NULL DEFAULT 'stranger'`,
+      `ALTER TABLE session_state ADD COLUMN last_message_preview TEXT`,
+      `ALTER TABLE session_state ADD COLUMN last_remote_activity_at INTEGER`,
+      `ALTER TABLE session_state ADD COLUMN last_read_seq INTEGER NOT NULL DEFAULT 0`,
+      `ALTER TABLE session_state ADD COLUMN unread_count INTEGER NOT NULL DEFAULT 0`,
+      `ALTER TABLE session_state ADD COLUMN active INTEGER NOT NULL DEFAULT 0`,
+      `ALTER TABLE session_state ADD COLUMN updated_at INTEGER NOT NULL DEFAULT 0`,
+      `ALTER TABLE task_threads ADD COLUMN title TEXT`,
+      `ALTER TABLE task_threads ADD COLUMN result_summary TEXT`,
+      `ALTER TABLE task_threads ADD COLUMN error_code TEXT`,
+      `ALTER TABLE task_threads ADD COLUMN error_message TEXT`
+    ];
+    for (const sql of alterStatements) {
+      try {
+        this.db.exec(sql);
+      } catch {
+      }
+    }
+  }
+};
+
+// src/trust-policy.ts
+var CONTACT_ACTIONS = /* @__PURE__ */ new Set(["approve", "manual", "reject"]);
+var TASK_ACTIONS = /* @__PURE__ */ new Set(["bridge", "execute", "deny"]);
+function defaultTrustPolicyDoc() {
+  return {
+    version: 1,
+    contact_policy: {
+      enabled: true,
+      default_action: "manual",
+      rules: []
+    },
+    task_policy: {
+      enabled: true,
+      default_action: "bridge",
+      rules: []
+    }
+  };
+}
+function normalizeTrustPolicyDoc(raw) {
+  const base = defaultTrustPolicyDoc();
+  const contactRules = Array.isArray(raw?.contact_policy?.rules) ? raw.contact_policy.rules.filter((rule) => typeof rule?.match === "string" && CONTACT_ACTIONS.has(rule?.action)) : [];
+  const taskRules = Array.isArray(raw?.task_policy?.rules) ? raw.task_policy.rules.filter((rule) => typeof rule?.match === "string" && TASK_ACTIONS.has(rule?.action)) : [];
+  return {
+    version: 1,
+    contact_policy: {
+      enabled: raw?.contact_policy?.enabled !== false,
+      default_action: CONTACT_ACTIONS.has(raw?.contact_policy?.default_action) ? raw.contact_policy.default_action : base.contact_policy.default_action,
+      rules: contactRules
+    },
+    task_policy: {
+      enabled: raw?.task_policy?.enabled !== false,
+      default_action: TASK_ACTIONS.has(raw?.task_policy?.default_action) ? raw.task_policy.default_action : base.task_policy.default_action,
+      rules: taskRules
+    }
+  };
+}
+function matchesTrustPolicyRule(match, context) {
+  if (match === "*") return true;
+  if (match.startsWith("did:agent:")) {
+    return context.sender_did === match;
+  }
+  if (match.startsWith("verification_status:")) {
+    return context.sender_verification_status === match.split(":")[1];
+  }
+  if (match.startsWith("alias:")) {
+    const pattern = match.slice(6);
+    const senderAlias = context.sender_alias ?? "";
+    if (pattern.endsWith("*")) return senderAlias.startsWith(pattern.slice(0, -1));
+    return senderAlias === pattern;
+  }
+  return false;
+}
+function decideContactPolicy(policyDoc, context, opts) {
+  if (policyDoc.contact_policy.enabled) {
+    for (const rule of policyDoc.contact_policy.rules) {
+      if (matchesTrustPolicyRule(rule.match, context)) {
+        return {
+          action: rule.action,
+          source: "rule",
+          matched_rule: rule,
+          explanation: `Matched contact_policy rule ${rule.match} -> ${rule.action}`
+        };
+      }
+    }
+    return {
+      action: policyDoc.contact_policy.default_action,
+      source: "default",
+      explanation: `No contact_policy rule matched; using default_action=${policyDoc.contact_policy.default_action}`
+    };
+  }
+  if (opts?.legacyAutoApproveEnabled) {
+    for (const rule of opts.legacyAutoApproveRules ?? []) {
+      if (rule.action === "approve" && matchesTrustPolicyRule(rule.match, context)) {
+        return {
+          action: "approve",
+          source: "legacy_auto_approve",
+          matched_rule: { match: rule.match, action: "approve" },
+          explanation: `Matched legacy auto_approve rule ${rule.match} -> approve`
+        };
+      }
+    }
+  }
+  return {
+    action: "manual",
+    source: "runtime_default",
+    explanation: "contact_policy disabled and no legacy auto_approve match; defaulting to manual"
+  };
+}
+function decideTaskPolicy(policyDoc, context, opts) {
+  if (policyDoc.task_policy.enabled) {
+    for (const rule of policyDoc.task_policy.rules) {
+      if (matchesTrustPolicyRule(rule.match, context)) {
+        return {
+          action: rule.action,
+          source: "rule",
+          matched_rule: rule,
+          explanation: `Matched task_policy rule ${rule.match} -> ${rule.action}`
+        };
+      }
+    }
+    return {
+      action: policyDoc.task_policy.default_action,
+      source: "default",
+      explanation: `No task_policy rule matched; using default_action=${policyDoc.task_policy.default_action}`
+    };
+  }
+  const runtimeDefault = opts?.runtimeMode === "executor" ? "execute" : "bridge";
+  return {
+    action: runtimeDefault,
+    source: "runtime_default",
+    explanation: `task_policy disabled; defaulting to runtime_mode=${opts?.runtimeMode ?? "bridge"} -> ${runtimeDefault}`
+  };
+}
+
+// src/trust-policy-audit.ts
+function rowToEvent(row) {
+  return {
+    id: row.id,
+    ts_ms: row.ts_ms,
+    event_type: row.event_type,
+    policy_scope: row.policy_scope ?? void 0,
+    remote_did: row.remote_did ?? void 0,
+    sender_alias: row.sender_alias ?? void 0,
+    sender_verification_status: row.sender_verification_status ?? void 0,
+    session_key: row.session_key ?? void 0,
+    conversation_id: row.conversation_id ?? void 0,
+    action: row.action ?? void 0,
+    outcome: row.outcome ?? void 0,
+    explanation: row.explanation ?? void 0,
+    matched_rule: row.matched_rule ?? void 0,
+    detail: row.detail_json ? JSON.parse(row.detail_json) : void 0
+  };
+}
+function buildSummaryFromEvents(events) {
+  const byType = {};
+  const byPolicyScope = {};
+  let latestTsMs = 0;
+  for (const event of events) {
+    byType[event.event_type] = (byType[event.event_type] ?? 0) + 1;
+    if (event.policy_scope) byPolicyScope[event.policy_scope] = (byPolicyScope[event.policy_scope] ?? 0) + 1;
+    latestTsMs = Math.max(latestTsMs, event.ts_ms);
+  }
+  return {
+    total_events: events.length,
+    latest_ts_ms: latestTsMs || void 0,
+    by_type: byType,
+    by_policy_scope: byPolicyScope
+  };
+}
+var TrustPolicyAuditManager = class {
+  constructor(store) {
+    this.store = store;
+  }
+  record(event) {
+    const tsMs = event.ts_ms ?? Date.now();
+    const result = this.store.getDb().prepare(`
+      INSERT INTO trust_policy_audit (
+        ts_ms, event_type, policy_scope, remote_did, sender_alias, sender_verification_status,
+        session_key, conversation_id, action, outcome, explanation, matched_rule, detail_json
+      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `).run(
+      tsMs,
+      event.event_type,
+      event.policy_scope ?? null,
+      event.remote_did ?? null,
+      event.sender_alias ?? null,
+      event.sender_verification_status ?? null,
+      event.session_key ?? null,
+      event.conversation_id ?? null,
+      event.action ?? null,
+      event.outcome ?? null,
+      event.explanation ?? null,
+      event.matched_rule ?? null,
+      event.detail ? JSON.stringify(event.detail) : null
+    );
+    return {
+      id: Number(result.lastInsertRowid),
+      ts_ms: tsMs,
+      event_type: event.event_type,
+      policy_scope: event.policy_scope,
+      remote_did: event.remote_did,
+      sender_alias: event.sender_alias,
+      sender_verification_status: event.sender_verification_status,
+      session_key: event.session_key,
+      conversation_id: event.conversation_id,
+      action: event.action,
+      outcome: event.outcome,
+      explanation: event.explanation,
+      matched_rule: event.matched_rule,
+      detail: event.detail
+    };
+  }
+  listRecent(limit = 50) {
+    const rows = this.store.getDb().prepare("SELECT * FROM trust_policy_audit ORDER BY ts_ms DESC, id DESC LIMIT ?").all(limit);
+    return rows.map(rowToEvent);
+  }
+  listBySession(sessionKey, limit = 50) {
+    const rows = this.store.getDb().prepare("SELECT * FROM trust_policy_audit WHERE session_key = ? ORDER BY ts_ms DESC, id DESC LIMIT ?").all(sessionKey, limit);
+    return rows.map(rowToEvent);
+  }
+  listByRemoteDid(remoteDid, limit = 50) {
+    const rows = this.store.getDb().prepare("SELECT * FROM trust_policy_audit WHERE remote_did = ? ORDER BY ts_ms DESC, id DESC LIMIT ?").all(remoteDid, limit);
+    return rows.map(rowToEvent);
+  }
+  summarize(limit = 200) {
+    return buildSummaryFromEvents(this.listRecent(limit));
+  }
+};
+function aggregateLearning(sessions, tasks, events) {
+  const summaries = /* @__PURE__ */ new Map();
+  function ensure(remoteDid) {
+    if (!remoteDid) return null;
+    const existing = summaries.get(remoteDid);
+    if (existing) return existing;
+    const created = {
+      remote_did: remoteDid,
+      trusted_sessions: 0,
+      pending_sessions: 0,
+      blocked_sessions: 0,
+      revoked_sessions: 0,
+      processed_tasks: 0,
+      failed_tasks: 0,
+      cancelled_tasks: 0,
+      contact_approvals: 0,
+      contact_manual_reviews: 0,
+      contact_rejections: 0,
+      task_bridged: 0,
+      task_executed: 0,
+      task_denied: 0
+    };
+    summaries.set(remoteDid, created);
+    return created;
+  }
+  const remoteBySession = /* @__PURE__ */ new Map();
+  for (const session of sessions) {
+    const summary = ensure(session.remote_did);
+    if (!summary) continue;
+    remoteBySession.set(session.session_key, session.remote_did);
+    summary.last_seen_at = Math.max(summary.last_seen_at ?? 0, session.last_remote_activity_at ?? 0, session.updated_at ?? 0) || summary.last_seen_at;
+    if (session.trust_state === "trusted") summary.trusted_sessions += 1;
+    if (session.trust_state === "pending") summary.pending_sessions += 1;
+    if (session.trust_state === "blocked") summary.blocked_sessions += 1;
+    if (session.trust_state === "revoked") summary.revoked_sessions += 1;
+  }
+  for (const task of tasks) {
+    const remoteDid = remoteBySession.get(task.session_key);
+    const summary = ensure(remoteDid);
+    if (!summary) continue;
+    summary.last_seen_at = Math.max(summary.last_seen_at ?? 0, task.updated_at ?? 0) || summary.last_seen_at;
+    if (task.status === "processed") summary.processed_tasks += 1;
+    if (task.status === "failed") summary.failed_tasks += 1;
+    if (task.status === "cancelled") summary.cancelled_tasks += 1;
+  }
+  for (const event of events) {
+    const summary = ensure(event.remote_did ?? remoteBySession.get(event.session_key ?? ""));
+    if (!summary) continue;
+    summary.last_seen_at = Math.max(summary.last_seen_at ?? 0, event.ts_ms ?? 0) || summary.last_seen_at;
+    if (event.event_type === "contact_auto_approved") summary.contact_approvals += 1;
+    if (event.event_type === "contact_manual_review") summary.contact_manual_reviews += 1;
+    if (event.event_type === "contact_rejected" || event.event_type === "session_blocked") summary.contact_rejections += 1;
+    if (event.event_type === "session_revoked") summary.revoked_sessions += 1;
+    if (event.event_type === "task_bridged") summary.task_bridged += 1;
+    if (event.event_type === "task_executed") summary.task_executed += 1;
+    if (event.event_type === "task_denied") summary.task_denied += 1;
+    if (event.event_type === "task_processed") summary.processed_tasks += 1;
+    if (event.event_type === "task_failed") summary.failed_tasks += 1;
+    if (event.event_type === "task_cancelled") summary.cancelled_tasks += 1;
+  }
+  return [...summaries.values()].sort((a, b) => (b.last_seen_at ?? 0) - (a.last_seen_at ?? 0));
+}
+function recommendationId(policy, remoteDid, action) {
+  return `${policy}:${remoteDid}:${action}`;
+}
+function describePositiveSignals(summary) {
+  const parts = [];
+  if (summary.trusted_sessions > 0) parts.push(`trusted_sessions=${summary.trusted_sessions}`);
+  if (summary.contact_approvals > 0) parts.push(`contact_approvals=${summary.contact_approvals}`);
+  if (summary.processed_tasks > 0) parts.push(`processed_tasks=${summary.processed_tasks}`);
+  return parts.join(", ");
+}
+function describeRiskSignals(summary) {
+  const parts = [];
+  if (summary.blocked_sessions > 0) parts.push(`blocked_sessions=${summary.blocked_sessions}`);
+  if (summary.revoked_sessions > 0) parts.push(`revoked_sessions=${summary.revoked_sessions}`);
+  if (summary.contact_rejections > 0) parts.push(`contact_rejections=${summary.contact_rejections}`);
+  if (summary.task_denied > 0) parts.push(`task_denied=${summary.task_denied}`);
+  if (summary.failed_tasks > 0) parts.push(`failed_tasks=${summary.failed_tasks}`);
+  return parts.join(", ");
+}
+function buildTrustPolicyRecommendations(opts) {
+  const policyDoc = normalizeTrustPolicyDoc(opts.policyDoc);
+  const summaries = aggregateLearning(opts.sessions, opts.tasks, opts.auditEvents);
+  const recommendations = [];
+  for (const summary of summaries) {
+    const contactDecision = decideContactPolicy(policyDoc, { sender_did: summary.remote_did });
+    const taskDecision = decideTaskPolicy(policyDoc, { sender_did: summary.remote_did }, { runtimeMode: opts.runtimeMode });
+    const riskSignals = summary.blocked_sessions + summary.revoked_sessions + summary.contact_rejections + summary.task_denied;
+    const positiveSignals = summary.trusted_sessions + summary.contact_approvals + summary.processed_tasks;
+    if (riskSignals > 0) {
+      if (contactDecision.action !== "reject") {
+        recommendations.push({
+          id: recommendationId("contact", summary.remote_did, "reject"),
+          policy: "contact",
+          remote_did: summary.remote_did,
+          match: summary.remote_did,
+          action: "reject",
+          current_action: contactDecision.action,
+          confidence: riskSignals >= 2 ? "high" : "medium",
+          reason: `Observed repeated negative signals: ${describeRiskSignals(summary)}`,
+          signals: {
+            trusted_sessions: summary.trusted_sessions,
+            blocked_sessions: summary.blocked_sessions,
+            revoked_sessions: summary.revoked_sessions,
+            processed_tasks: summary.processed_tasks,
+            failed_tasks: summary.failed_tasks,
+            cancelled_tasks: summary.cancelled_tasks,
+            contact_approvals: summary.contact_approvals,
+            contact_rejections: summary.contact_rejections,
+            task_denied: summary.task_denied,
+            last_seen_at: summary.last_seen_at
+          }
+        });
+      }
+      if (taskDecision.action !== "deny") {
+        recommendations.push({
+          id: recommendationId("task", summary.remote_did, "deny"),
+          policy: "task",
+          remote_did: summary.remote_did,
+          match: summary.remote_did,
+          action: "deny",
+          current_action: taskDecision.action,
+          confidence: summary.task_denied > 0 || summary.blocked_sessions > 0 || summary.contact_rejections > 0 ? "high" : "medium",
+          reason: `Observed repeated negative task/session signals: ${describeRiskSignals(summary)}`,
+          signals: {
+            trusted_sessions: summary.trusted_sessions,
+            blocked_sessions: summary.blocked_sessions,
+            revoked_sessions: summary.revoked_sessions,
+            processed_tasks: summary.processed_tasks,
+            failed_tasks: summary.failed_tasks,
+            cancelled_tasks: summary.cancelled_tasks,
+            contact_approvals: summary.contact_approvals,
+            contact_rejections: summary.contact_rejections,
+            task_denied: summary.task_denied,
+            last_seen_at: summary.last_seen_at
+          }
+        });
+      }
+      continue;
+    }
+    if (positiveSignals > 0 && contactDecision.action !== "approve" && (summary.trusted_sessions > 0 || summary.contact_approvals > 0 || summary.processed_tasks >= 2)) {
+      recommendations.push({
+        id: recommendationId("contact", summary.remote_did, "approve"),
+        policy: "contact",
+        remote_did: summary.remote_did,
+        match: summary.remote_did,
+        action: "approve",
+        current_action: contactDecision.action,
+        confidence: summary.processed_tasks >= 2 || summary.contact_approvals > 0 ? "high" : "medium",
+        reason: `Observed stable positive collaboration: ${describePositiveSignals(summary)}`,
+        signals: {
+          trusted_sessions: summary.trusted_sessions,
+          blocked_sessions: summary.blocked_sessions,
+          revoked_sessions: summary.revoked_sessions,
+          processed_tasks: summary.processed_tasks,
+          failed_tasks: summary.failed_tasks,
+          cancelled_tasks: summary.cancelled_tasks,
+          contact_approvals: summary.contact_approvals,
+          contact_rejections: summary.contact_rejections,
+          task_denied: summary.task_denied,
+          last_seen_at: summary.last_seen_at
+        }
+      });
+    }
+    const desiredTaskAction = opts.runtimeMode === "executor" ? "execute" : "bridge";
+    if (summary.processed_tasks >= 2 && summary.failed_tasks === 0 && summary.cancelled_tasks === 0 && summary.task_denied === 0 && taskDecision.action !== desiredTaskAction) {
+      recommendations.push({
+        id: recommendationId("task", summary.remote_did, desiredTaskAction),
+        policy: "task",
+        remote_did: summary.remote_did,
+        match: summary.remote_did,
+        action: desiredTaskAction,
+        current_action: taskDecision.action,
+        confidence: "high",
+        reason: `Observed successful task flow without negative outcomes: processed_tasks=${summary.processed_tasks}`,
+        signals: {
+          trusted_sessions: summary.trusted_sessions,
+          blocked_sessions: summary.blocked_sessions,
+          revoked_sessions: summary.revoked_sessions,
+          processed_tasks: summary.processed_tasks,
+          failed_tasks: summary.failed_tasks,
+          cancelled_tasks: summary.cancelled_tasks,
+          contact_approvals: summary.contact_approvals,
+          contact_rejections: summary.contact_rejections,
+          task_denied: summary.task_denied,
+          last_seen_at: summary.last_seen_at
+        }
+      });
+    }
+  }
+  recommendations.sort((a, b) => {
+    const confidenceScore = (value) => value === "high" ? 2 : 1;
+    const delta = confidenceScore(b.confidence) - confidenceScore(a.confidence);
+    if (delta !== 0) return delta;
+    return (b.signals.last_seen_at ?? 0) - (a.signals.last_seen_at ?? 0);
+  });
+  return recommendations.slice(0, opts.limit ?? 20);
+}
+function upsertTrustPolicyRecommendation(policyDoc, recommendation) {
+  const doc = normalizeTrustPolicyDoc(policyDoc);
+  if (recommendation.policy === "contact") {
+    return normalizeTrustPolicyDoc({
+      ...doc,
+      contact_policy: {
+        ...doc.contact_policy,
+        enabled: true,
+        rules: [
+          { match: recommendation.match, action: recommendation.action },
+          ...doc.contact_policy.rules.filter((rule) => rule.match !== recommendation.match)
+        ]
+      }
+    });
+  }
+  return normalizeTrustPolicyDoc({
+    ...doc,
+    task_policy: {
+      ...doc.task_policy,
+      enabled: true,
+      rules: [
+        { match: recommendation.match, action: recommendation.action },
+        ...doc.task_policy.rules.filter((rule) => rule.match !== recommendation.match)
+      ]
+    }
+  });
+}
+function summarizeTrustPolicyAudit(events) {
+  return buildSummaryFromEvents(events);
+}
+
+// src/a2a-adapter.ts
+import {
+  A2AClient
+} from "@pingagent/a2a";
+var A2AAdapter = class {
+  client;
+  cachedCard = null;
+  constructor(opts) {
+    this.client = new A2AClient({
+      agentUrl: opts.agentUrl,
+      authToken: opts.authToken ? `Bearer ${opts.authToken}` : void 0,
+      timeoutMs: opts.timeoutMs
+    });
+  }
+  async getAgentCard() {
+    if (!this.cachedCard) {
+      this.cachedCard = await this.client.fetchAgentCard();
+    }
+    return this.cachedCard;
+  }
+  /**
+   * Send a task to the external A2A agent and optionally wait for completion.
+   */
+  async sendTask(opts) {
+    const parts = [];
+    parts.push({ kind: "text", text: opts.title });
+    if (opts.description) {
+      parts.push({ kind: "text", text: opts.description });
+    }
+    if (opts.input) {
+      parts.push({
+        kind: "data",
+        data: typeof opts.input === "object" ? opts.input : { value: opts.input }
+      });
+    }
+    const messageId = `msg_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
+    const message = {
+      kind: "message",
+      messageId,
+      role: "user",
+      parts
+    };
+    if (opts.wait) {
+      const task = await this.client.sendAndWait(
+        { message, configuration: { blocking: true } },
+        { maxPollMs: opts.timeoutMs ?? 12e4 }
+      );
+      return this.convertTask(task);
+    }
+    const result = await this.client.sendMessage({ message });
+    if (result.kind === "task") {
+      return this.convertTask(result);
+    }
+    return {
+      taskId: result.messageId,
+      state: "completed",
+      summary: this.extractText(result.parts)
+    };
+  }
+  async getTaskStatus(taskId) {
+    const task = await this.client.getTask(taskId);
+    return this.convertTask(task);
+  }
+  async cancelTask(taskId) {
+    const task = await this.client.cancelTask(taskId);
+    return this.convertTask(task);
+  }
+  async sendText(text, opts) {
+    const result = await this.client.sendText(text, { blocking: opts?.blocking });
+    if (result.kind === "task") {
+      return this.convertTask(result);
+    }
+    return {
+      taskId: result.messageId,
+      state: "completed",
+      summary: this.extractText(result.parts)
+    };
+  }
+  convertTask(task) {
+    const summary = task.artifacts?.flatMap((a) => a.parts).filter((p) => p.kind === "text").map((p) => p.text).join("\n");
+    const output = task.artifacts?.flatMap((a) => a.parts).filter((p) => p.kind === "data").map((p) => p.data);
+    return {
+      taskId: task.id,
+      contextId: task.contextId,
+      state: task.status.state,
+      summary: summary || void 0,
+      output: output && output.length > 0 ? output.length === 1 ? output[0] : output : void 0,
+      timestamp: task.status.timestamp
+    };
+  }
+  extractText(parts) {
+    return parts.filter((p) => p.kind === "text").map((p) => p.text).join("\n") || void 0;
+  }
+};
+
+// src/ws-subscription.ts
+import WebSocket from "ws";
+var RECONNECT_BASE_MS = 1e3;
+var RECONNECT_MAX_MS = 3e4;
+var RECONNECT_JITTER = 0.2;
+var LIST_CONVERSATIONS_INTERVAL_MS = 6e4;
+var DEFAULT_HEARTBEAT = {
+  enable: true,
+  idleThresholdMs: 1e4,
+  pingIntervalMs: 15e3,
+  pongTimeoutMs: 1e4,
+  maxMissedPongs: 2,
+  tickMs: 5e3,
+  jitter: 0.2
+};
+var WsSubscription = class {
+  opts;
+  connections = /* @__PURE__ */ new Map();
+  reconnectTimers = /* @__PURE__ */ new Map();
+  reconnectAttempts = /* @__PURE__ */ new Map();
+  listInterval = null;
+  stopped = false;
+  /** Conversation IDs that were explicitly stopped (e.g. revoke); do not reconnect. */
+  stoppedConversations = /* @__PURE__ */ new Set();
+  lastParseErrorAtByConv = /* @__PURE__ */ new Map();
+  lastFrameAtByConv = /* @__PURE__ */ new Map();
+  heartbeatTimer = null;
+  heartbeatStates = /* @__PURE__ */ new Map();
+  constructor(opts) {
+    this.opts = opts;
+  }
+  start() {
+    this.stopped = false;
+    this.connectAll();
+    this.listInterval = setInterval(() => this.syncConnections(), LIST_CONVERSATIONS_INTERVAL_MS);
+    const hb = this.opts.heartbeat ?? {};
+    if (hb.enable ?? DEFAULT_HEARTBEAT.enable) {
+      this.heartbeatTimer = setInterval(() => this.heartbeatTick(), hb.tickMs ?? DEFAULT_HEARTBEAT.tickMs);
+    }
+  }
+  stop() {
+    this.stopped = true;
+    if (this.listInterval) {
+      clearInterval(this.listInterval);
+      this.listInterval = null;
+    }
+    if (this.heartbeatTimer) {
+      clearInterval(this.heartbeatTimer);
+      this.heartbeatTimer = null;
+    }
+    for (const timer of this.reconnectTimers.values()) {
+      clearTimeout(timer);
+    }
+    this.reconnectTimers.clear();
+    for (const [convId, ws] of this.connections) {
+      ws.removeAllListeners();
+      if (ws.readyState === WebSocket.OPEN || ws.readyState === WebSocket.CONNECTING) {
+        ws.close();
+      }
+      this.connections.delete(convId);
+    }
+    this.reconnectAttempts.clear();
+    this.stoppedConversations.clear();
+    this.lastParseErrorAtByConv.clear();
+    this.lastFrameAtByConv.clear();
+    for (const state of this.heartbeatStates.values()) {
+      if (state.pongTimeout) clearTimeout(state.pongTimeout);
+    }
+    this.heartbeatStates.clear();
+  }
+  /**
+   * Stop a single conversation's WebSocket and do not reconnect.
+   * Used when the conversation is revoked or the client no longer wants to subscribe.
+   */
+  stopConversation(conversationId) {
+    this.stoppedConversations.add(conversationId);
+    const timer = this.reconnectTimers.get(conversationId);
+    if (timer) {
+      clearTimeout(timer);
+      this.reconnectTimers.delete(conversationId);
+    }
+    const hbState = this.heartbeatStates.get(conversationId);
+    if (hbState?.pongTimeout) clearTimeout(hbState.pongTimeout);
+    this.heartbeatStates.delete(conversationId);
+    const ws = this.connections.get(conversationId);
+    if (ws) {
+      ws.removeAllListeners();
+      if (ws.readyState === WebSocket.OPEN || ws.readyState === WebSocket.CONNECTING) {
+        ws.close();
+      }
+      this.connections.delete(conversationId);
+    }
+    this.lastParseErrorAtByConv.delete(conversationId);
+    this.lastFrameAtByConv.delete(conversationId);
+  }
+  wsUrl(conversationId) {
+    const base = this.opts.serverUrl.replace(/^http/, "ws").replace(/\/$/, "");
+    return `${base}/v1/ws?conversation_id=${encodeURIComponent(conversationId)}`;
+  }
+  async connectAsync(conversationId) {
+    if (this.stopped || this.stoppedConversations.has(conversationId) || this.connections.has(conversationId)) return;
+    const token = await Promise.resolve(this.opts.getAccessToken());
+    const url = this.wsUrl(conversationId);
+    const ws = new WebSocket(url, {
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    this.connections.set(conversationId, ws);
+    const hb = this.opts.heartbeat ?? {};
+    const hbEnabled = hb.enable ?? DEFAULT_HEARTBEAT.enable;
+    if (hbEnabled) {
+      const now = Date.now();
+      this.heartbeatStates.set(conversationId, {
+        lastRxAt: now,
+        lastPingAt: 0,
+        nextPingAt: now + (hb.idleThresholdMs ?? DEFAULT_HEARTBEAT.idleThresholdMs),
+        missedPongs: 0,
+        pongTimeout: null
+      });
+    }
+    ws.on("open", () => {
+      this.reconnectAttempts.set(conversationId, 0);
+      this.opts.onOpen?.(conversationId);
+    });
+    ws.on("message", (data) => {
+      try {
+        const state = this.heartbeatStates.get(conversationId);
+        if (state) {
+          state.lastRxAt = Date.now();
+          state.missedPongs = 0;
+          if (state.pongTimeout) {
+            clearTimeout(state.pongTimeout);
+            state.pongTimeout = null;
+          }
+        }
+        const rawText = typeof data === "string" ? data : Buffer.isBuffer(data) ? data.toString() : Array.isArray(data) ? Buffer.concat(data).toString() : data instanceof ArrayBuffer ? Buffer.from(new Uint8Array(data)).toString() : (
+          // Fallback: try best-effort stringification
+          String(data)
+        );
+        this.lastFrameAtByConv.set(conversationId, Date.now());
+        const msg = JSON.parse(rawText);
+        if (msg.type === "ws_connected") {
+          this.opts.onDebug?.({
+            event: "ws_connected",
+            conversationId,
+            detail: {
+              your_did: msg.your_did,
+              server_ts_ms: msg.server_ts_ms,
+              conversation_id: msg.conversation_id
+            }
+          });
+        } else if (msg.type === "ws_message" && msg.envelope) {
+          const env = msg.envelope;
+          const ignoreSelf = this.opts.ignoreSelfMessages ?? true;
+          if (!ignoreSelf || env.sender_did !== this.opts.myDid) {
+            this.opts.onMessage(env, conversationId);
+          } else {
+            this.opts.onDebug?.({
+              event: "ws_message_ignored_self",
+              conversationId,
+              detail: { sender_did: env.sender_did, message_id: env.message_id, seq: env.seq }
+            });
+          }
+        } else if (msg.type === "ws_control" && msg.control) {
+          this.opts.onControl?.(msg.control, conversationId);
+          this.opts.onDebug?.({ event: "ws_control", conversationId, detail: msg.control });
+        } else if (msg.type === "ws_receipt" && msg.receipt) {
+          this.opts.onDebug?.({ event: "ws_receipt", conversationId, detail: msg.receipt });
+        } else if (msg?.type) {
+          this.opts.onDebug?.({ event: "ws_unknown_type", conversationId, detail: { type: msg.type } });
+        }
+      } catch (e) {
+        const now = Date.now();
+        const last = this.lastParseErrorAtByConv.get(conversationId) ?? 0;
+        if (now - last > 3e4) {
+          this.lastParseErrorAtByConv.set(conversationId, now);
+          this.opts.onDebug?.({
+            event: "ws_parse_error",
+            conversationId,
+            detail: {
+              message: e?.message ?? String(e),
+              last_frame_at_ms: this.lastFrameAtByConv.get(conversationId) ?? null
+            }
+          });
+        }
+      }
+    });
+    ws.on("pong", () => {
+      const state = this.heartbeatStates.get(conversationId);
+      if (!state) return;
+      state.lastRxAt = Date.now();
+      state.missedPongs = 0;
+      if (state.pongTimeout) {
+        clearTimeout(state.pongTimeout);
+        state.pongTimeout = null;
+      }
+    });
+    ws.on("close", () => {
+      this.connections.delete(conversationId);
+      const state = this.heartbeatStates.get(conversationId);
+      if (state?.pongTimeout) clearTimeout(state.pongTimeout);
+      this.heartbeatStates.delete(conversationId);
+      if (!this.stopped && !this.stoppedConversations.has(conversationId)) {
+        this.scheduleReconnect(conversationId);
+      }
+    });
+    ws.on("error", (err) => {
+      this.opts.onError?.(err);
+    });
+  }
+  heartbeatTick() {
+    const hb = this.opts.heartbeat ?? {};
+    const hbEnabled = hb.enable ?? DEFAULT_HEARTBEAT.enable;
+    if (!hbEnabled) return;
+    const idleThresholdMs = hb.idleThresholdMs ?? DEFAULT_HEARTBEAT.idleThresholdMs;
+    const pingIntervalMs = hb.pingIntervalMs ?? DEFAULT_HEARTBEAT.pingIntervalMs;
+    const pongTimeoutMs = hb.pongTimeoutMs ?? DEFAULT_HEARTBEAT.pongTimeoutMs;
+    const maxMissedPongs = hb.maxMissedPongs ?? DEFAULT_HEARTBEAT.maxMissedPongs;
+    const jitter = hb.jitter ?? DEFAULT_HEARTBEAT.jitter;
+    const now = Date.now();
+    for (const [conversationId, ws] of this.connections) {
+      if (ws.readyState !== WebSocket.OPEN) continue;
+      const state = this.heartbeatStates.get(conversationId);
+      if (!state) continue;
+      if (state.pongTimeout) continue;
+      const idleFor = now - state.lastRxAt;
+      if (idleFor < idleThresholdMs) continue;
+      if (now < state.nextPingAt) continue;
+      if (state.lastPingAt !== 0 && now - state.lastPingAt < pingIntervalMs * 0.5) {
+        continue;
+      }
+      try {
+        ws.send(JSON.stringify({ type: "hb" }));
+      } catch {
+      }
+      ws.ping();
+      state.lastPingAt = now;
+      const jitterFactor = 1 + (Math.random() - 0.5) * 2 * jitter;
+      state.nextPingAt = now + Math.max(1e3, pingIntervalMs * jitterFactor);
+      state.pongTimeout = setTimeout(() => {
+        state.missedPongs += 1;
+        state.pongTimeout = null;
+        if (state.missedPongs >= maxMissedPongs) {
+          try {
+            ws.close(1001, "pong timeout");
+          } catch {
+          }
+        }
+      }, pongTimeoutMs);
+    }
+  }
+  scheduleReconnect(conversationId) {
+    if (this.reconnectTimers.has(conversationId)) return;
+    const attempt = this.reconnectAttempts.get(conversationId) ?? 0;
+    this.reconnectAttempts.set(conversationId, attempt + 1);
+    const tryConnect = () => {
+      this.reconnectTimers.delete(conversationId);
+      if (this.stopped) return;
+      void this.connectAsync(conversationId);
+    };
+    const delay = Math.min(
+      RECONNECT_BASE_MS * Math.pow(2, attempt) + (Math.random() - 0.5) * RECONNECT_JITTER * RECONNECT_BASE_MS,
+      RECONNECT_MAX_MS
+    );
+    const timer = setTimeout(tryConnect, delay);
+    this.reconnectTimers.set(conversationId, timer);
+  }
+  isSubscribableConversationType(type) {
+    return type === "dm" || type === "pending_dm" || type === "channel" || type === "group";
+  }
+  async connectAll() {
+    try {
+      const convos = await this.opts.listConversations();
+      const subscribable = convos.filter((c) => this.isSubscribableConversationType(c.type));
+      for (const c of subscribable) {
+        void this.connectAsync(c.conversation_id);
+      }
+    } catch (err) {
+      this.opts.onError?.(err instanceof Error ? err : new Error(String(err)));
+    }
+  }
+  async syncConnections() {
+    if (this.stopped) return;
+    try {
+      const convos = await this.opts.listConversations();
+      const subscribableIds = new Set(
+        convos.filter((c) => this.isSubscribableConversationType(c.type)).map((c) => c.conversation_id)
+      );
+      for (const convId of subscribableIds) {
+        if (!this.stoppedConversations.has(convId) && !this.connections.has(convId)) {
+          void this.connectAsync(convId);
+        }
+      }
+      for (const convId of this.connections.keys()) {
+        if (!subscribableIds.has(convId) || this.stoppedConversations.has(convId)) {
+          const ws = this.connections.get(convId);
+          if (ws) {
+            ws.removeAllListeners();
+            ws.close();
+            this.connections.delete(convId);
+          }
+        }
+      }
+    } catch {
+    }
+  }
+};
+
+export {
+  HttpTransport,
+  ContactManager,
+  HistoryManager,
+  previewFromPayload,
+  buildSessionKey,
+  SessionManager,
+  TaskThreadManager,
+  PingAgentClient,
+  getRootDir,
+  getProfile,
+  getIdentityPath,
+  getStorePath,
+  generateIdentity,
+  identityExists,
+  loadIdentity,
+  saveIdentity,
+  updateStoredToken,
+  ensureTokenValid,
+  LocalStore,
+  defaultTrustPolicyDoc,
+  normalizeTrustPolicyDoc,
+  matchesTrustPolicyRule,
+  decideContactPolicy,
+  decideTaskPolicy,
+  TrustPolicyAuditManager,
+  buildTrustPolicyRecommendations,
+  upsertTrustPolicyRecommendation,
+  summarizeTrustPolicyAudit,
+  A2AAdapter,
+  WsSubscription
+};