@rainfall-devkit/sdk 0.1.8 → 0.2.1

package/dist/index.js

@@ -1,7 +1,9 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -15,23 +17,40 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
   AuthenticationError: () => AuthenticationError,
+  EdgeNodeSecurity: () => EdgeNodeSecurity,
   NetworkError: () => NetworkError,
   NotFoundError: () => NotFoundError,
   Rainfall: () => Rainfall,
   RainfallClient: () => RainfallClient,
+  RainfallDaemonContext: () => RainfallDaemonContext,
   RainfallError: () => RainfallError,
+  RainfallListenerRegistry: () => RainfallListenerRegistry,
+  RainfallNetworkedExecutor: () => RainfallNetworkedExecutor,
   RateLimitError: () => RateLimitError,
+  SecureEdgeClient: () => SecureEdgeClient,
   ServerError: () => ServerError,
   TimeoutError: () => TimeoutError,
   ToolNotFoundError: () => ToolNotFoundError,
   VERSION: () => VERSION,
-  ValidationError: () => ValidationError
+  ValidationError: () => ValidationError,
+  createCronWorkflow: () => createCronWorkflow,
+  createEdgeNodeSecurity: () => createEdgeNodeSecurity,
+  createFileWatcherWorkflow: () => createFileWatcherWorkflow,
+  createSecureEdgeClient: () => createSecureEdgeClient
 });
 module.exports = __toCommonJS(index_exports);
 
@@ -348,6 +367,49 @@ var RainfallClient = class {
   sleep(ms) {
     return new Promise((resolve) => setTimeout(resolve, ms));
   }
+  /**
+   * OpenAI-compatible chat completions with tool support
+   */
+  async chatCompletions(params) {
+    const { subscriber_id, ...body } = params;
+    if (body.stream) {
+      const url = `${this.baseUrl}/olympic/subscribers/${subscriber_id}/v1/chat/completions`;
+      const response = await fetch(url, {
+        method: "POST",
+        headers: {
+          "x-api-key": this.apiKey,
+          "Content-Type": "application/json",
+          "Accept": "text/event-stream"
+        },
+        body: JSON.stringify(body)
+      });
+      if (!response.ok) {
+        const error = await response.text();
+        throw new RainfallError(`Chat completions failed: ${error}`, "CHAT_ERROR");
+      }
+      if (!response.body) {
+        throw new RainfallError("No response body", "CHAT_ERROR");
+      }
+      return response.body;
+    }
+    return this.request(
+      `/olympic/subscribers/${subscriber_id}/v1/chat/completions`,
+      {
+        method: "POST",
+        body
+      }
+    );
+  }
+  /**
+   * List available models (OpenAI-compatible format)
+   */
+  async listModels(subscriberId) {
+    const sid = subscriberId || this.subscriberId || await this.ensureSubscriberId();
+    const result = await this.request(
+      `/olympic/subscribers/${sid}/v1/models`
+    );
+    return result.data || [];
+  }
 };
 
 // src/namespaces/integrations.ts
@@ -517,7 +579,12 @@ function createAI(client) {
     chat: (params) => client.executeTool("xai-chat-completions", params),
     complete: (params) => client.executeTool("fim", params),
     classify: (params) => client.executeTool("jina-document-classifier", params),
-    segment: (params) => client.executeTool("jina-text-segmenter", params)
+    segment: (params) => client.executeTool("jina-text-segmenter", params),
+    /**
+     * OpenAI-compatible chat completions with full tool support
+     * This is the recommended method for multi-turn conversations with tools
+     */
+    chatCompletions: (params) => client.chatCompletions(params)
   };
 }
 
@@ -797,22 +864,1199 @@ var Rainfall = class {
   getRateLimitInfo() {
     return this.client.getRateLimitInfo();
   }
+  /**
+   * OpenAI-compatible chat completions with tool support
+   * 
+   * @example
+   * ```typescript
+   * // Simple chat
+   * const response = await rainfall.chatCompletions({
+   *   subscriber_id: 'my-subscriber',
+   *   messages: [{ role: 'user', content: 'Hello!' }],
+   *   model: 'llama-3.3-70b-versatile'
+   * });
+   * 
+   * // With tools
+   * const response = await rainfall.chatCompletions({
+   *   subscriber_id: 'my-subscriber',
+   *   messages: [{ role: 'user', content: 'Search for AI news' }],
+   *   tools: [{ type: 'function', function: { name: 'web-search' } }],
+   *   enable_stacked: true
+   * });
+   * 
+   * // Streaming
+   * const stream = await rainfall.chatCompletions({
+   *   subscriber_id: 'my-subscriber',
+   *   messages: [{ role: 'user', content: 'Tell me a story' }],
+   *   stream: true
+   * });
+   * ```
+   */
+  async chatCompletions(params) {
+    return this.client.chatCompletions(params);
+  }
+  /**
+   * List available models (OpenAI-compatible format)
+   * 
+   * @example
+   * ```typescript
+   * const models = await rainfall.listModels();
+   * console.log(models); // [{ id: 'llama-3.3-70b-versatile', ... }]
+   * ```
+   */
+  async listModels(subscriberId) {
+    return this.client.listModels(subscriberId);
+  }
 };
 
+// src/services/networked.ts
+var RainfallNetworkedExecutor = class {
+  rainfall;
+  options;
+  edgeNodeId;
+  jobCallbacks = /* @__PURE__ */ new Map();
+  resultPollingInterval;
+  constructor(rainfall, options = {}) {
+    this.rainfall = rainfall;
+    this.options = {
+      wsPort: 8765,
+      httpPort: 8787,
+      hostname: process.env.HOSTNAME || "local-daemon",
+      capabilities: {
+        localExec: true,
+        fileWatch: true,
+        passiveListen: true
+      },
+      ...options
+    };
+  }
+  /**
+   * Register this edge node with the Rainfall backend
+   */
+  async registerEdgeNode() {
+    const capabilities = this.buildCapabilitiesList();
+    try {
+      const result = await this.rainfall.executeTool("register-edge-node", {
+        hostname: this.options.hostname,
+        capabilities,
+        wsPort: this.options.wsPort,
+        httpPort: this.options.httpPort,
+        version: "0.1.0"
+      });
+      this.edgeNodeId = result.edgeNodeId;
+      console.log(`\u{1F310} Edge node registered with Rainfall as ${this.edgeNodeId}`);
+      return this.edgeNodeId;
+    } catch (error) {
+      this.edgeNodeId = `edge-${this.options.hostname}-${Date.now()}`;
+      console.log(`\u{1F310} Edge node running in local mode (ID: ${this.edgeNodeId})`);
+      return this.edgeNodeId;
+    }
+  }
+  /**
+   * Unregister this edge node on shutdown
+   */
+  async unregisterEdgeNode() {
+    if (!this.edgeNodeId) return;
+    try {
+      await this.rainfall.executeTool("unregister-edge-node", {
+        edgeNodeId: this.edgeNodeId
+      });
+      console.log(`\u{1F310} Edge node ${this.edgeNodeId} unregistered`);
+    } catch {
+    }
+    if (this.resultPollingInterval) {
+      clearInterval(this.resultPollingInterval);
+    }
+  }
+  /**
+   * Queue a tool execution for distributed processing
+   * Non-blocking - returns immediately with a job ID
+   */
+  async queueToolExecution(toolId, params, options = {}) {
+    const executionMode = options.executionMode || "any";
+    try {
+      const result = await this.rainfall.executeTool("queue-job", {
+        toolId,
+        params,
+        executionMode,
+        requesterEdgeNodeId: this.edgeNodeId
+      });
+      if (options.callback) {
+        this.jobCallbacks.set(result.jobId, options.callback);
+        this.startResultPolling();
+      }
+      return result.jobId;
+    } catch (error) {
+      if (executionMode === "local-only" || executionMode === "any") {
+        try {
+          const result = await this.rainfall.executeTool(toolId, params);
+          if (options.callback) {
+            options.callback(result);
+          }
+          return `local-${Date.now()}`;
+        } catch (execError) {
+          if (options.callback) {
+            options.callback(null, String(execError));
+          }
+          throw execError;
+        }
+      }
+      throw error;
+    }
+  }
+  /**
+   * Get status of a queued job
+   */
+  async getJobStatus(jobId) {
+    try {
+      const result = await this.rainfall.executeTool("get-job-status", {
+        jobId
+      });
+      return result.job;
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Subscribe to job results via polling (WebSocket fallback)
+   * In the future, this will use WebSocket push from ApresMoi
+   */
+  async subscribeToResults(callback) {
+    console.log("\u{1F4E1} Subscribed to job results via Rainfall (polling mode)");
+    this.onResultReceived = callback;
+  }
+  onResultReceived;
+  /**
+   * Start polling for job results (fallback until WebSocket push is ready)
+   */
+  startResultPolling() {
+    if (this.resultPollingInterval) return;
+    this.resultPollingInterval = setInterval(async () => {
+      for (const [jobId, callback] of this.jobCallbacks) {
+        try {
+          const job = await this.getJobStatus(jobId);
+          if (job?.status === "completed" || job?.status === "failed") {
+            callback(job.result, job.error);
+            this.jobCallbacks.delete(jobId);
+            if (this.onResultReceived) {
+              this.onResultReceived(jobId, job.result, job.error);
+            }
+          }
+        } catch {
+        }
+      }
+      if (this.jobCallbacks.size === 0 && this.resultPollingInterval) {
+        clearInterval(this.resultPollingInterval);
+        this.resultPollingInterval = void 0;
+      }
+    }, 2e3);
+  }
+  /**
+   * Claim a job for execution on this edge node
+   */
+  async claimJob() {
+    try {
+      const result = await this.rainfall.executeTool("claim-job", {
+        edgeNodeId: this.edgeNodeId,
+        capabilities: this.buildCapabilitiesList()
+      });
+      return result.job;
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Submit job result after execution
+   */
+  async submitJobResult(jobId, result, error) {
+    try {
+      await this.rainfall.executeTool("submit-job-result", {
+        jobId,
+        edgeNodeId: this.edgeNodeId,
+        result,
+        error
+      });
+    } catch {
+    }
+  }
+  /**
+   * Get this edge node's ID
+   */
+  getEdgeNodeId() {
+    return this.edgeNodeId;
+  }
+  /**
+   * Build capabilities list from options
+   */
+  buildCapabilitiesList() {
+    const caps = this.options.capabilities || {};
+    const list = [];
+    if (caps.localExec) list.push("local-exec");
+    if (caps.fileWatch) list.push("file-watch");
+    if (caps.passiveListen) list.push("passive-listen");
+    if (caps.browser) list.push("browser");
+    if (caps.custom) list.push(...caps.custom);
+    return list;
+  }
+};
+
+// src/services/context.ts
+var RainfallDaemonContext = class {
+  rainfall;
+  options;
+  localMemories = /* @__PURE__ */ new Map();
+  sessions = /* @__PURE__ */ new Map();
+  executionHistory = [];
+  currentSessionId;
+  constructor(rainfall, options = {}) {
+    this.rainfall = rainfall;
+    this.options = {
+      maxLocalMemories: 1e3,
+      maxMessageHistory: 100,
+      maxExecutionHistory: 500,
+      sessionTtl: 24 * 60 * 60 * 1e3,
+      // 24 hours
+      ...options
+    };
+  }
+  /**
+   * Initialize the context - load recent memories from cloud
+   */
+  async initialize() {
+    try {
+      const recentMemories = await this.rainfall.memory.recall({
+        query: "daemon:context",
+        topK: this.options.maxLocalMemories
+      });
+      for (const memory of recentMemories) {
+        this.localMemories.set(memory.id, {
+          id: memory.id,
+          content: memory.content,
+          keywords: memory.keywords || [],
+          timestamp: memory.timestamp,
+          source: memory.source,
+          metadata: memory.metadata
+        });
+      }
+      console.log(`\u{1F9E0} Loaded ${this.localMemories.size} memories into context`);
+    } catch (error) {
+      console.warn("\u26A0\uFE0F  Could not sync memories:", error instanceof Error ? error.message : error);
+    }
+  }
+  /**
+   * Create or get a session
+   */
+  getSession(sessionId) {
+    if (sessionId && this.sessions.has(sessionId)) {
+      const session = this.sessions.get(sessionId);
+      session.lastActivity = (/* @__PURE__ */ new Date()).toISOString();
+      return session;
+    }
+    const newSession = {
+      id: sessionId || `session-${Date.now()}`,
+      startedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      lastActivity: (/* @__PURE__ */ new Date()).toISOString(),
+      variables: {},
+      messageHistory: []
+    };
+    this.sessions.set(newSession.id, newSession);
+    this.currentSessionId = newSession.id;
+    return newSession;
+  }
+  /**
+   * Get the current active session
+   */
+  getCurrentSession() {
+    if (this.currentSessionId) {
+      return this.sessions.get(this.currentSessionId);
+    }
+    return void 0;
+  }
+  /**
+   * Set the current active session
+   */
+  setCurrentSession(sessionId) {
+    if (this.sessions.has(sessionId)) {
+      this.currentSessionId = sessionId;
+    }
+  }
+  /**
+   * Add a message to the current session history
+   */
+  addMessage(role, content) {
+    const session = this.getCurrentSession();
+    if (!session) return;
+    session.messageHistory.push({
+      role,
+      content,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    });
+    if (session.messageHistory.length > this.options.maxMessageHistory) {
+      session.messageHistory = session.messageHistory.slice(-this.options.maxMessageHistory);
+    }
+  }
+  /**
+   * Store a memory (local + cloud sync)
+   */
+  async storeMemory(content, options = {}) {
+    const id = `mem-${Date.now()}-${Math.random().toString(36).slice(2)}`;
+    const entry = {
+      id,
+      content,
+      keywords: options.keywords || [],
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      source: options.source || "daemon",
+      metadata: options.metadata
+    };
+    this.localMemories.set(id, entry);
+    try {
+      await this.rainfall.memory.create({
+        content,
+        keywords: [...options.keywords || [], "daemon:context"],
+        metadata: {
+          ...options.metadata,
+          daemonMemoryId: id,
+          source: options.source || "daemon"
+        }
+      });
+    } catch (error) {
+      console.warn("\u26A0\uFE0F  Could not sync memory to cloud:", error instanceof Error ? error.message : error);
+    }
+    this.trimLocalMemories();
+    return id;
+  }
+  /**
+   * Recall memories by query
+   */
+  async recallMemories(query, topK = 5) {
+    const localResults = Array.from(this.localMemories.values()).filter(
+      (m) => m.content.toLowerCase().includes(query.toLowerCase()) || m.keywords.some((k) => k.toLowerCase().includes(query.toLowerCase()))
+    ).slice(0, topK);
+    try {
+      const cloudResults = await this.rainfall.memory.recall({ query, topK });
+      const seen = new Set(localResults.map((r) => r.id));
+      for (const mem of cloudResults) {
+        if (!seen.has(mem.id)) {
+          localResults.push({
+            id: mem.id,
+            content: mem.content,
+            keywords: mem.keywords || [],
+            timestamp: mem.timestamp,
+            source: mem.source,
+            metadata: mem.metadata
+          });
+        }
+      }
+    } catch {
+    }
+    return localResults.slice(0, topK);
+  }
+  /**
+   * Set a session variable
+   */
+  setVariable(key, value) {
+    const session = this.getCurrentSession();
+    if (session) {
+      session.variables[key] = value;
+    }
+  }
+  /**
+   * Get a session variable
+   */
+  getVariable(key) {
+    const session = this.getCurrentSession();
+    return session?.variables[key];
+  }
+  /**
+   * Record a tool execution
+   */
+  recordExecution(toolId, params, result, options = { duration: 0 }) {
+    const record = {
+      id: `exec-${Date.now()}-${Math.random().toString(36).slice(2)}`,
+      toolId,
+      params,
+      result,
+      error: options.error,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      duration: options.duration,
+      edgeNodeId: options.edgeNodeId
+    };
+    this.executionHistory.push(record);
+    if (this.executionHistory.length > this.options.maxExecutionHistory) {
+      this.executionHistory = this.executionHistory.slice(-this.options.maxExecutionHistory);
+    }
+  }
+  /**
+   * Get recent execution history
+   */
+  getExecutionHistory(limit = 10) {
+    return this.executionHistory.slice(-limit).reverse();
+  }
+  /**
+   * Get execution statistics
+   */
+  getExecutionStats() {
+    const stats = {
+      total: this.executionHistory.length,
+      successful: 0,
+      failed: 0,
+      averageDuration: 0,
+      byTool: {}
+    };
+    let totalDuration = 0;
+    for (const exec of this.executionHistory) {
+      if (exec.error) {
+        stats.failed++;
+      } else {
+        stats.successful++;
+      }
+      totalDuration += exec.duration;
+      stats.byTool[exec.toolId] = (stats.byTool[exec.toolId] || 0) + 1;
+    }
+    stats.averageDuration = stats.total > 0 ? totalDuration / stats.total : 0;
+    return stats;
+  }
+  /**
+   * Clear old sessions based on TTL
+   */
+  cleanupSessions() {
+    const now = Date.now();
+    const ttl = this.options.sessionTtl;
+    for (const [id, session] of this.sessions) {
+      const lastActivity = new Date(session.lastActivity).getTime();
+      if (now - lastActivity > ttl) {
+        this.sessions.delete(id);
+        if (this.currentSessionId === id) {
+          this.currentSessionId = void 0;
+        }
+      }
+    }
+  }
+  /**
+   * Get context summary for debugging
+   */
+  getStatus() {
+    return {
+      memoriesCached: this.localMemories.size,
+      activeSessions: this.sessions.size,
+      currentSession: this.currentSessionId,
+      executionHistorySize: this.executionHistory.length
+    };
+  }
+  trimLocalMemories() {
+    if (this.localMemories.size <= this.options.maxLocalMemories) return;
+    const entries = Array.from(this.localMemories.entries()).sort((a, b) => new Date(a[1].timestamp).getTime() - new Date(b[1].timestamp).getTime());
+    const toRemove = entries.slice(0, entries.length - this.options.maxLocalMemories);
+    for (const [id] of toRemove) {
+      this.localMemories.delete(id);
+    }
+  }
+};
+
+// src/services/listeners.ts
+var RainfallListenerRegistry = class {
+  rainfall;
+  context;
+  executor;
+  watchers = /* @__PURE__ */ new Map();
+  cronIntervals = /* @__PURE__ */ new Map();
+  eventHistory = [];
+  maxEventHistory = 100;
+  constructor(rainfall, context, executor) {
+    this.rainfall = rainfall;
+    this.context = context;
+    this.executor = executor;
+  }
+  /**
+   * Register a file watcher
+   * Note: Actual file watching requires fs.watch or chokidar
+   * This is the registry - actual watching is done by the daemon
+   */
+  async registerFileWatcher(config) {
+    console.log(`\u{1F441}\uFE0F  Registering file watcher: ${config.name} (${config.watchPath})`);
+    const existing = Array.from(this.watchers.keys());
+    if (existing.includes(config.id)) {
+      await this.unregisterFileWatcher(config.id);
+    }
+    this.watchers.set(config.id, {
+      stop: () => {
+        console.log(`\u{1F441}\uFE0F  Stopped file watcher: ${config.name}`);
+      }
+    });
+    await this.context.storeMemory(`File watcher registered: ${config.name}`, {
+      keywords: ["listener", "file-watcher", config.name],
+      metadata: { config }
+    });
+  }
+  /**
+   * Unregister a file watcher
+   */
+  async unregisterFileWatcher(id) {
+    const watcher = this.watchers.get(id);
+    if (watcher) {
+      watcher.stop();
+      this.watchers.delete(id);
+    }
+  }
+  /**
+   * Register a cron trigger
+   */
+  async registerCronTrigger(config) {
+    console.log(`\u23F0 Registering cron trigger: ${config.name} (${config.cron})`);
+    if (this.cronIntervals.has(config.id)) {
+      clearInterval(this.cronIntervals.get(config.id));
+      this.cronIntervals.delete(config.id);
+    }
+    const interval = this.parseCronToMs(config.cron);
+    if (interval) {
+      const intervalId = setInterval(async () => {
+        await this.handleCronTick(config);
+      }, interval);
+      this.cronIntervals.set(config.id, intervalId);
+    }
+    await this.context.storeMemory(`Cron trigger registered: ${config.name}`, {
+      keywords: ["listener", "cron", config.name],
+      metadata: { config }
+    });
+  }
+  /**
+   * Unregister a cron trigger
+   */
+  unregisterCronTrigger(id) {
+    const interval = this.cronIntervals.get(id);
+    if (interval) {
+      clearInterval(interval);
+      this.cronIntervals.delete(id);
+    }
+  }
+  /**
+   * Handle a file event
+   */
+  async handleFileEvent(watcherId, eventType, filePath) {
+    const event = {
+      id: `evt-${Date.now()}`,
+      type: "file",
+      source: watcherId,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      data: { eventType, filePath }
+    };
+    this.recordEvent(event);
+    console.log(`\u{1F4C1} File event: ${eventType} ${filePath}`);
+  }
+  /**
+   * Handle a cron tick
+   */
+  async handleCronTick(config) {
+    const event = {
+      id: `evt-${Date.now()}`,
+      type: "cron",
+      source: config.id,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      data: { cron: config.cron }
+    };
+    this.recordEvent(event);
+    console.log(`\u23F0 Cron tick: ${config.name}`);
+    for (const step of config.workflow) {
+      try {
+        await this.executor.queueToolExecution(step.toolId, {
+          ...step.params,
+          _event: event
+        });
+      } catch (error) {
+        console.error(`\u274C Workflow step failed: ${step.toolId}`, error);
+      }
+    }
+  }
+  /**
+   * Trigger a manual event (for testing or programmatic triggers)
+   */
+  async triggerManual(name, data = {}) {
+    const event = {
+      id: `evt-${Date.now()}`,
+      type: "manual",
+      source: name,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      data
+    };
+    this.recordEvent(event);
+    console.log(`\u{1F446} Manual trigger: ${name}`);
+    await this.context.storeMemory(`Manual trigger fired: ${name}`, {
+      keywords: ["trigger", "manual", name],
+      metadata: { event }
+    });
+  }
+  /**
+   * Get recent events
+   */
+  getRecentEvents(limit = 10) {
+    return this.eventHistory.slice(-limit).reverse();
+  }
+  /**
+   * Get active listeners status
+   */
+  getStatus() {
+    return {
+      fileWatchers: this.watchers.size,
+      cronTriggers: this.cronIntervals.size,
+      recentEvents: this.eventHistory.length
+    };
+  }
+  /**
+   * Stop all listeners
+   */
+  async stopAll() {
+    for (const [id] of this.watchers) {
+      await this.unregisterFileWatcher(id);
+    }
+    for (const [id] of this.cronIntervals) {
+      this.unregisterCronTrigger(id);
+    }
+    console.log("\u{1F6D1} All listeners stopped");
+  }
+  recordEvent(event) {
+    this.eventHistory.push(event);
+    if (this.eventHistory.length > this.maxEventHistory) {
+      this.eventHistory = this.eventHistory.slice(-this.maxEventHistory);
+    }
+  }
+  /**
+   * Simple cron parser - converts basic cron expressions to milliseconds
+   * Supports: @hourly, @daily, @weekly, and simple intervals like every N minutes
+   */
+  parseCronToMs(cron) {
+    switch (cron) {
+      case "@hourly":
+        return 60 * 60 * 1e3;
+      case "@daily":
+        return 24 * 60 * 60 * 1e3;
+      case "@weekly":
+        return 7 * 24 * 60 * 60 * 1e3;
+      case "@minutely":
+        return 60 * 1e3;
+    }
+    const match = cron.match(/^\*\/(\d+)\s/);
+    if (match) {
+      const minutes = parseInt(match[1], 10);
+      if (minutes > 0 && minutes <= 60) {
+        return minutes * 60 * 1e3;
+      }
+    }
+    console.warn(`\u26A0\uFE0F  Unrecognized cron pattern "${cron}", using 1 minute interval`);
+    return 60 * 1e3;
+  }
+};
+function createFileWatcherWorkflow(name, watchPath, options) {
+  return {
+    id: `fw-${Date.now()}-${Math.random().toString(36).slice(2)}`,
+    name,
+    watchPath,
+    pattern: options.pattern,
+    events: options.events || ["create"],
+    workflow: options.workflow
+  };
+}
+function createCronWorkflow(name, cron, workflow) {
+  return {
+    id: `cron-${Date.now()}-${Math.random().toString(36).slice(2)}`,
+    name,
+    cron,
+    workflow
+  };
+}
+
+// src/security/edge-node.ts
+var sodium = __toESM(require("libsodium-wrappers"));
+var EdgeNodeSecurity = class {
+  sodiumReady;
+  backendSecret;
+  keyPair;
+  constructor(options = {}) {
+    this.sodiumReady = sodium.ready;
+    this.backendSecret = options.backendSecret;
+    this.keyPair = options.keyPair;
+  }
+  /**
+   * Initialize libsodium
+   */
+  async initialize() {
+    await this.sodiumReady;
+  }
+  // ============================================================================
+  // JWT Token Management
+  // ============================================================================
+  /**
+   * Generate a JWT token for an edge node
+   * Note: In production, this is done by the backend. This is for testing.
+   */
+  generateJWT(edgeNodeId, subscriberId, expiresInDays = 30) {
+    if (!this.backendSecret) {
+      throw new Error("Backend secret not configured");
+    }
+    const now = Math.floor(Date.now() / 1e3);
+    const exp = now + expiresInDays * 24 * 60 * 60;
+    const jti = this.generateTokenId();
+    const payload = {
+      sub: edgeNodeId,
+      iss: "rainfall-backend",
+      iat: now,
+      exp,
+      jti,
+      scope: ["edge:heartbeat", "edge:claim", "edge:submit", "edge:queue"]
+    };
+    const header = { alg: "HS256", typ: "JWT" };
+    const encodedHeader = this.base64UrlEncode(JSON.stringify(header));
+    const encodedPayload = this.base64UrlEncode(JSON.stringify(payload));
+    const signature = this.hmacSha256(
+      `${encodedHeader}.${encodedPayload}`,
+      this.backendSecret
+    );
+    const encodedSignature = this.base64UrlEncode(signature);
+    return `${encodedHeader}.${encodedPayload}.${encodedSignature}`;
+  }
+  /**
+   * Validate a JWT token
+   */
+  validateJWT(token) {
+    const parts = token.split(".");
+    if (parts.length !== 3) {
+      throw new Error("Invalid JWT format");
+    }
+    const [encodedHeader, encodedPayload, encodedSignature] = parts;
+    if (this.backendSecret) {
+      const expectedSignature = this.hmacSha256(
+        `${encodedHeader}.${encodedPayload}`,
+        this.backendSecret
+      );
+      const expectedEncoded = this.base64UrlEncode(expectedSignature);
+      if (!this.timingSafeEqual(encodedSignature, expectedEncoded)) {
+        throw new Error("Invalid JWT signature");
+      }
+    }
+    const payload = JSON.parse(this.base64UrlDecode(encodedPayload));
+    const now = Math.floor(Date.now() / 1e3);
+    if (payload.exp < now) {
+      throw new Error("JWT token expired");
+    }
+    if (payload.iss !== "rainfall-backend") {
+      throw new Error("Invalid JWT issuer");
+    }
+    return {
+      edgeNodeId: payload.sub,
+      subscriberId: payload.sub,
+      // Same as edge node ID for now
+      scopes: payload.scope,
+      expiresAt: payload.exp
+    };
+  }
+  /**
+   * Extract bearer token from Authorization header
+   */
+  extractBearerToken(authHeader) {
+    if (!authHeader) return null;
+    const match = authHeader.match(/^Bearer\s+(.+)$/i);
+    return match ? match[1] : null;
+  }
+  // ============================================================================
+  // ACL Enforcement
+  // ============================================================================
+  /**
+   * Check if an edge node is allowed to perform an action on a job
+   * Rule: Edge nodes can only access jobs for their own subscriber
+   */
+  checkACL(check) {
+    if (check.subscriberId !== check.jobSubscriberId) {
+      return {
+        allowed: false,
+        reason: `Edge node ${check.edgeNodeId} cannot access jobs from subscriber ${check.jobSubscriberId}`
+      };
+    }
+    const allowedActions = ["heartbeat", "claim", "submit", "queue"];
+    if (!allowedActions.includes(check.action)) {
+      return {
+        allowed: false,
+        reason: `Unknown action: ${check.action}`
+      };
+    }
+    return { allowed: true };
+  }
+  /**
+   * Middleware-style ACL check for job operations
+   */
+  requireSameSubscriber(edgeNodeSubscriberId, jobSubscriberId, operation) {
+    const result = this.checkACL({
+      edgeNodeId: edgeNodeSubscriberId,
+      subscriberId: edgeNodeSubscriberId,
+      jobSubscriberId,
+      action: operation
+    });
+    if (!result.allowed) {
+      throw new Error(result.reason);
+    }
+  }
+  // ============================================================================
+  // Encryption (Libsodium)
+  // ============================================================================
+  /**
+   * Generate a new Ed25519 key pair for an edge node
+   */
+  async generateKeyPair() {
+    await this.sodiumReady;
+    const keyPair = sodium.crypto_box_keypair();
+    return {
+      publicKey: this.bytesToBase64(keyPair.publicKey),
+      privateKey: this.bytesToBase64(keyPair.privateKey)
+    };
+  }
+  /**
+   * Encrypt job parameters for a target edge node using its public key
+   */
+  async encryptForEdgeNode(plaintext, targetPublicKeyBase64) {
+    await this.sodiumReady;
+    if (!this.keyPair) {
+      throw new Error("Local key pair not configured");
+    }
+    const targetPublicKey = this.base64ToBytes(targetPublicKeyBase64);
+    const ephemeralKeyPair = sodium.crypto_box_keypair();
+    const nonce = sodium.randombytes_buf(sodium.crypto_box_NONCEBYTES);
+    const message = new TextEncoder().encode(plaintext);
+    const ciphertext = sodium.crypto_box_easy(
+      message,
+      nonce,
+      targetPublicKey,
+      ephemeralKeyPair.privateKey
+    );
+    return {
+      ciphertext: this.bytesToBase64(ciphertext),
+      nonce: this.bytesToBase64(nonce),
+      ephemeralPublicKey: this.bytesToBase64(ephemeralKeyPair.publicKey)
+    };
+  }
+  /**
+   * Decrypt job parameters received from the backend
+   */
+  async decryptFromBackend(encrypted) {
+    await this.sodiumReady;
+    if (!this.keyPair) {
+      throw new Error("Local key pair not configured");
+    }
+    const privateKey = this.base64ToBytes(this.keyPair.privateKey);
+    const ephemeralPublicKey = this.base64ToBytes(encrypted.ephemeralPublicKey);
+    const nonce = this.base64ToBytes(encrypted.nonce);
+    const ciphertext = this.base64ToBytes(encrypted.ciphertext);
+    const decrypted = sodium.crypto_box_open_easy(
+      ciphertext,
+      nonce,
+      ephemeralPublicKey,
+      privateKey
+    );
+    if (!decrypted) {
+      throw new Error("Decryption failed - invalid ciphertext or keys");
+    }
+    return new TextDecoder().decode(decrypted);
+  }
+  /**
+   * Encrypt job parameters for local storage (using secretbox)
+   */
+  async encryptLocal(plaintext, key) {
+    await this.sodiumReady;
+    const keyBytes = this.deriveKey(key);
+    const nonce = sodium.randombytes_buf(sodium.crypto_secretbox_NONCEBYTES);
+    const message = new TextEncoder().encode(plaintext);
+    const ciphertext = sodium.crypto_secretbox_easy(message, nonce, keyBytes);
+    return {
+      ciphertext: this.bytesToBase64(ciphertext),
+      nonce: this.bytesToBase64(nonce)
+    };
+  }
+  /**
+   * Decrypt locally stored job parameters
+   */
+  async decryptLocal(encrypted, key) {
+    await this.sodiumReady;
+    const keyBytes = this.deriveKey(key);
+    const nonce = this.base64ToBytes(encrypted.nonce);
+    const ciphertext = this.base64ToBytes(encrypted.ciphertext);
+    const decrypted = sodium.crypto_secretbox_open_easy(ciphertext, nonce, keyBytes);
+    if (!decrypted) {
+      throw new Error("Local decryption failed");
+    }
+    return new TextDecoder().decode(decrypted);
+  }
+  // ============================================================================
+  // Utility Methods
+  // ============================================================================
+  generateTokenId() {
+    return `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
+  }
+  base64UrlEncode(str) {
+    return btoa(str).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+  }
+  base64UrlDecode(str) {
+    const padding = "=".repeat((4 - str.length % 4) % 4);
+    const base64 = str.replace(/-/g, "+").replace(/_/g, "/") + padding;
+    return atob(base64);
+  }
+  hmacSha256(message, secret) {
+    const key = new TextEncoder().encode(secret);
+    const msg = new TextEncoder().encode(message);
+    const hash = sodium.crypto_auth(msg, key);
+    return this.bytesToBase64(hash);
+  }
+  timingSafeEqual(a, b) {
+    if (a.length !== b.length) return false;
+    let result = 0;
+    for (let i = 0; i < a.length; i++) {
+      result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    }
+    return result === 0;
+  }
+  bytesToBase64(bytes) {
+    const binString = Array.from(bytes, (b) => String.fromCharCode(b)).join("");
+    return btoa(binString);
+  }
+  base64ToBytes(base64) {
+    const binString = atob(base64);
+    return Uint8Array.from(binString, (m) => m.charCodeAt(0));
+  }
+  deriveKey(password) {
+    const passwordBytes = new TextEncoder().encode(password);
+    return sodium.crypto_generichash(32, passwordBytes, null);
+  }
+};
+async function createEdgeNodeSecurity(options = {}) {
+  const security = new EdgeNodeSecurity(options);
+  await security.initialize();
+  return security;
+}
+
+// src/security/edge-client.ts
+var import_fs = require("fs");
+var import_path = require("path");
+var SecureEdgeClient = class {
+  client;
+  security;
+  edgeNodeId;
+  edgeNodeSecret;
+  keysPath;
+  jwtPayload;
+  keyPair;
+  constructor(config) {
+    this.client = config.client;
+    this.edgeNodeId = config.edgeNodeId;
+    this.edgeNodeSecret = config.edgeNodeSecret;
+    this.keysPath = config.keysPath;
+    this.security = new EdgeNodeSecurity({
+      backendSecret: config.backendSecret
+    });
+  }
+  /**
+   * Initialize the secure client
+   */
+  async initialize() {
+    await this.security.initialize();
+    await this.loadKeyPair();
+    this.jwtPayload = this.security.validateJWT(this.edgeNodeSecret);
+    if (this.jwtPayload.edgeNodeId !== this.edgeNodeId) {
+      throw new Error("JWT edge node ID mismatch");
+    }
+  }
+  /**
+   * Load key pair from disk
+   */
+  async loadKeyPair() {
+    const publicKeyPath = (0, import_path.join)(this.keysPath, "edge-node.pub");
+    const privateKeyPath = (0, import_path.join)(this.keysPath, "edge-node.key");
+    if (!(0, import_fs.existsSync)(publicKeyPath) || !(0, import_fs.existsSync)(privateKeyPath)) {
+      throw new Error("Key pair not found. Run: rainfall edge generate-keys");
+    }
+    this.keyPair = {
+      publicKey: (0, import_fs.readFileSync)(publicKeyPath, "utf-8"),
+      privateKey: (0, import_fs.readFileSync)(privateKeyPath, "utf-8")
+    };
+  }
+  /**
+   * Get public key for sharing with backend
+   */
+  getPublicKey() {
+    if (!this.keyPair) {
+      throw new Error("Key pair not loaded");
+    }
+    return this.keyPair.publicKey;
+  }
+  /**
+   * Send heartbeat with authentication
+   */
+  async heartbeat() {
+    this.requireAuth();
+    return this.client.request("/edge/heartbeat", {
+      method: "POST",
+      body: {
+        edgeNodeId: this.edgeNodeId,
+        timestamp: Date.now()
+      },
+      headers: {
+        "Authorization": `Bearer ${this.edgeNodeSecret}`
+      }
+    });
+  }
+  /**
+   * Claim a job from the queue
+   */
+  async claimJob() {
+    this.requireAuth();
+    const job = await this.client.request("/edge/claim-job", {
+      method: "POST",
+      body: {
+        edgeNodeId: this.edgeNodeId,
+        subscriberId: this.jwtPayload.subscriberId
+      },
+      headers: {
+        "Authorization": `Bearer ${this.edgeNodeSecret}`
+      }
+    });
+    if (job && job.encrypted && job.params) {
+      const decrypted = await this.decryptJobParams(job.params);
+      return { ...job, params: decrypted };
+    }
+    return job;
+  }
+  /**
+   * Submit job result
+   */
+  async submitJobResult(result) {
+    this.requireAuth();
+    let encryptedOutput;
+    if (result.output) {
+      encryptedOutput = await this.encryptJobResult(result.output);
+    }
+    await this.client.request("/edge/submit-job-result", {
+      method: "POST",
+      body: {
+        edgeNodeId: this.edgeNodeId,
+        subscriberId: this.jwtPayload.subscriberId,
+        result: {
+          ...result,
+          output: encryptedOutput,
+          encrypted: !!encryptedOutput
+        }
+      },
+      headers: {
+        "Authorization": `Bearer ${this.edgeNodeSecret}`
+      }
+    });
+  }
+  /**
+   * Queue a job for processing
+   */
+  async queueJob(type, params, targetPublicKey) {
+    this.requireAuth();
+    let encryptedParams;
+    let encrypted = false;
+    if (targetPublicKey) {
+      encryptedParams = await this.encryptJobParamsForTarget(
+        JSON.stringify(params),
+        targetPublicKey
+      );
+      encrypted = true;
+    }
+    return this.client.request("/edge/queue-job", {
+      method: "POST",
+      body: {
+        edgeNodeId: this.edgeNodeId,
+        subscriberId: this.jwtPayload.subscriberId,
+        job: {
+          type,
+          params: encryptedParams || JSON.stringify(params),
+          encrypted
+        }
+      },
+      headers: {
+        "Authorization": `Bearer ${this.edgeNodeSecret}`
+      }
+    });
+  }
+  /**
+   * Decrypt job params received from backend
+   */
+  async decryptJobParams(encryptedParams) {
+    const encrypted = JSON.parse(encryptedParams);
+    return this.security.decryptFromBackend(encrypted);
+  }
+  /**
+   * Encrypt job result for sending to backend
+   */
+  async encryptJobResult(output) {
+    const encrypted = await this.security.encryptLocal(output, this.keyPair.privateKey);
+    return JSON.stringify(encrypted);
+  }
+  /**
+   * Encrypt job params for a specific target edge node
+   */
+  async encryptJobParamsForTarget(params, targetPublicKey) {
+    const encrypted = await this.security.encryptForEdgeNode(params, targetPublicKey);
+    return JSON.stringify(encrypted);
+  }
+  /**
+   * Check if client is authenticated
+   */
+  requireAuth() {
+    if (!this.jwtPayload) {
+      throw new Error("Client not authenticated. Call initialize() first.");
+    }
+    const now = Math.floor(Date.now() / 1e3);
+    if (this.jwtPayload.expiresAt < now) {
+      throw new Error("JWT token expired. Re-register edge node.");
+    }
+  }
+  /**
+   * Get current authentication status
+   */
+  getAuthStatus() {
+    if (!this.jwtPayload) {
+      return { authenticated: false };
+    }
+    const now = Math.floor(Date.now() / 1e3);
+    return {
+      authenticated: this.jwtPayload.expiresAt > now,
+      edgeNodeId: this.jwtPayload.edgeNodeId,
+      subscriberId: this.jwtPayload.subscriberId,
+      expiresAt: this.jwtPayload.expiresAt,
+      scopes: this.jwtPayload.scopes
+    };
+  }
+};
+async function createSecureEdgeClient(client, options) {
+  const secureClient = new SecureEdgeClient({
+    client,
+    ...options
+  });
+  await secureClient.initialize();
+  return secureClient;
+}
+
 // src/index.ts
 var VERSION = "0.1.0";
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   AuthenticationError,
+  EdgeNodeSecurity,
   NetworkError,
   NotFoundError,
   Rainfall,
   RainfallClient,
+  RainfallDaemonContext,
   RainfallError,
+  RainfallListenerRegistry,
+  RainfallNetworkedExecutor,
   RateLimitError,
+  SecureEdgeClient,
   ServerError,
   TimeoutError,
   ToolNotFoundError,
   VERSION,
-  ValidationError
+  ValidationError,
+  createCronWorkflow,
+  createEdgeNodeSecurity,
+  createFileWatcherWorkflow,
+  createSecureEdgeClient
 });