@rhost/testkit 0.1.0

package/SECURITY.md

@@ -0,0 +1,130 @@
+# Security
+
+## Reporting a vulnerability
+
+Open a private security advisory at:
+**https://github.com/RhostMUSH/rhostmush-docker/security/advisories/new**
+
+Do not open a public issue for security vulnerabilities.
+
+---
+
+## Audit — 2026-03-27
+
+**Scope:** `@rhost/testkit` SDK source (`sdk/src/`), Docker configuration, and shell scripts.
+**Method:** Static analysis — TDD Remediation Auto-Audit (--scan).
+
+---
+
+### Batch A — CRITICAL ✓ FIXED
+
+| ID | Severity | File | Finding |
+|----|----------|------|---------|
+| A1 | CRITICAL | `src/world.ts:26,43,60,67,75,82,90,98` | User-supplied strings interpolated into MUSH commands without sanitization. Special characters or MUSH command delimiters in `name`, `attr`, `value`, `lockstring`, or `args` can inject arbitrary commands. |
+| A2 | CRITICAL | `src/client.ts:79` | `login()` concatenates `username` and `password` directly into the `connect` command. Newlines or spaces in the password string can inject additional commands into the MUSH server command stream. |
+
+**A1 detail — `world.ts` command injection**
+
+```typescript
+// UNFIXED — all of these interpolate user input directly:
+create(name)         → `create(${name},${cost})`
+dig(name)            → `@dig ${name}`
+set(dbref,attr,val)  → `&${attr} ${dbref}=${value}`
+lock(dbref,lock)     → `@lock ${dbref}=${lockstring}`
+trigger(dbref,attr)  → `@trigger ${dbref}/${attr}=${args}`
+```
+
+Fix: validate that `name`, `attr`, and `value` match a safe character allowlist (alphanumerics, hyphens, underscores, spaces). Reject or escape inputs containing `;`, `\n`, `\r`, `[`, `]`, `{`, `}`.
+
+**A2 detail — `client.ts` login injection**
+
+```typescript
+// UNFIXED:
+this.conn.send(`connect ${username} ${password}`);
+```
+
+Fix: strip or reject newlines and carriage returns from both `username` and `password` before sending.
+
+**Status:** FIXED — `guardInput()` added to all `world.ts` methods; `login()` validates credentials. Tests: `a1-world-injection.test.ts`, `a2-login-injection.test.ts` (18 tests, all green).
+
+---
+
+### Batch B — HIGH (fix before production use)
+
+| ID | Severity | File | Finding |
+|----|----------|------|---------|
+| B1 | HIGH | `examples/09-api.ts`, `examples/10-lua.ts` | HTTP Basic Auth sent over plaintext HTTP. Credentials are base64-encoded (not encrypted) and trivially intercepted. Default password `Nyctasia` is hardcoded as fallback. |
+| B2 | HIGH | `docker-compose.yml`, `entrypoint.sh`, `examples/` | Default password `Nyctasia` used as fallback if `RHOST_PASS` is not set. No enforcement to prevent accidental deployment with default credentials. |
+
+**B1/B2 detail**
+
+The default password is intentional for local development. The risks are:
+- Anyone who clones the repo knows the default
+- `RHOST_PASS` env var is opt-in, not enforced
+
+Mitigations already in place:
+- Ports are bound to `127.0.0.1` by default (FIXED — see below)
+- `entrypoint.sh` emits a warning if `RHOST_PASS` is not set
+- API IP ACL defaults to `127.0.0.1`
+
+Remaining fix: examples should refuse to run against non-localhost hosts without explicit opt-in when using the default password.
+
+**Status:** PARTIALLY MITIGATED — ports + IP ACL hardened; default password warning in place. Tests: `h1-cleartext-credentials.test.ts`, `m2-hardcoded-password.test.ts` (8 tests, all green).
+
+---
+
+### Batch C — MEDIUM ✓ FIXED
+
+| ID | Severity | File | Finding |
+|----|----------|------|---------|
+| C1 | MEDIUM | `src/world.ts:28-34,45-52` | Server output parsed with regex; no validation that parsed dbref is a valid MUSH reference. Malformed server responses could cause silent failures. |
+| C2 | MEDIUM | `src/connection.ts:64-79` | No socket connection timeout. If the MUSH server hangs, the SDK waits indefinitely. |
+
+**Status:** FIXED — C1 already throws descriptive errors on bad server output (confirmed with tests). C2 fixed by adding `connectTimeout` option to `RhostClientOptions` and `socket.setTimeout(connectTimeoutMs)` in `MushConnection.connect()`. Tests: `c1-dbref-validation.test.ts`, `c2-connection-timeout.test.ts` (17 tests, all green).
+
+---
+
+### Batch D — LOW / INFORMATIONAL
+
+| ID | Severity | File | Finding |
+|----|----------|------|---------|
+| D1 | LOW | `src/client.ts:95-106` | No built-in rate limiting beyond `paceMs`. Could flood a server if called in a tight loop. `paceMs` option provides manual mitigation. |
+| D2 | LOW | `src/expect.ts`, `src/assertions.ts` | Error messages include the full evaluated expression. Could leak softcode logic if errors are logged externally. |
+| D3 | LOW | `src/world.ts:106-115` | `cleanup()` iterates `dbrefs` while `destroy()` calls could theoretically modify it. No practical exploit path. |
+
+**Status:** INFORMATIONAL — no immediate action required
+
+---
+
+### Fixed (previous audit cycles)
+
+| ID | Severity | File | Finding | Fix |
+|----|----------|------|---------|-----|
+| F1 | HIGH | `docker-compose.yml` | Ports bound to `0.0.0.0`, exposing MUSH to all network interfaces | Bound to `127.0.0.1` |
+| F2 | HIGH | `entrypoint.sh` | HTTP API IP ACL defaulted to all IPs | Defaulted to `127.0.0.1`, overridable via `RHOST_API_ALLOW_IP` |
+| F3 | MEDIUM | `scripts/math.sh` | Integer overflow in `pow` with large exponents | Exponent bounded to 0–62 |
+| F4 | MEDIUM | `entrypoint.sh` | Heredoc used unquoted, allowing shell variable expansion inside Python bootstrap | Quoted heredoc (`'PYEOF'`), env vars passed safely |
+
+---
+
+### Dependency audit
+
+```
+testcontainers ^11.13.0  — no known critical CVEs
+jest ^29.5.0             — no known critical CVEs
+ts-jest ^29.1.0          — no known critical CVEs
+typescript ^5.0.0        — no known critical CVEs
+```
+
+Run `npm audit` before each release. The CI workflow (`security-tests.yml`) gates on `npm audit --audit-level=high`.
+
+---
+
+## Remediation priority
+
+```
+Batch A (CRITICAL) → Batch B (HIGH) → Batch C (MEDIUM) → Batch D (LOW)
+```
+
+Batch A must be resolved before `v1.0.0` publish.
+Batch B should be resolved before any production deployment.

package/dist/assertions.d.ts

@@ -0,0 +1,67 @@
+import { RhostClient } from './client';
+export interface AssertionResult {
+    expression: string;
+    expected: string;
+    actual: string;
+    passed: boolean;
+}
+export declare class RhostAssertionError extends Error {
+    readonly result: AssertionResult;
+    constructor(result: AssertionResult);
+}
+/**
+ * Whether a string is a RhostMUSH error value.
+ * Rhost returns `#-1 <MESSAGE>` for most error cases.
+ */
+export declare function isRhostError(value: string): boolean;
+/**
+ * Assertion helpers for writing RhostMUSH softcode tests.
+ *
+ * Designed to work inside any test framework (Jest, Vitest, Mocha) — failed
+ * assertions throw `RhostAssertionError` which the framework will catch and
+ * report.
+ *
+ * @example
+ *   const assert = new RhostAssert(client);
+ *   await assert.equal('add(2,3)', '5');
+ *   await assert.truthy('strlen(hello)');
+ *   await assert.error('foo(BAD)');        // expects a #-1 error
+ */
+export declare class RhostAssert {
+    private readonly client;
+    constructor(client: RhostClient);
+    /** Evaluate and assert the result equals `expected` (exact string match). */
+    equal(expression: string, expected: string, timeout?: number): Promise<AssertionResult>;
+    /** Evaluate and assert the result matches `pattern`. */
+    matches(expression: string, pattern: RegExp, timeout?: number): Promise<AssertionResult>;
+    /**
+     * Evaluate and assert the result is truthy in MUSH terms:
+     * non-empty, not `0`, and not a `#-1` error.
+     */
+    truthy(expression: string, timeout?: number): Promise<AssertionResult>;
+    /**
+     * Evaluate and assert the result is falsy in MUSH terms:
+     * empty string, `0`, or a `#-1` error.
+     */
+    falsy(expression: string, timeout?: number): Promise<AssertionResult>;
+    /**
+     * Evaluate and assert the result contains `substring`.
+     */
+    contains(expression: string, substring: string, timeout?: number): Promise<AssertionResult>;
+    /**
+     * Evaluate and assert the result is a `#-1` error (any kind).
+     * Useful for testing that invalid arguments are properly rejected.
+     *
+     * @example
+     *   await assert.error('div(1,0)');
+     *   await assert.error('nonexistentfunc()');
+     */
+    error(expression: string, timeout?: number): Promise<AssertionResult>;
+    /**
+     * Run a batch of `[expression, expected]` pairs.
+     * Runs all cases before throwing, returning the full result set.
+     * Throws after all cases if any failed.
+     */
+    batch(cases: Array<[expression: string, expected: string]>, timeout?: number): Promise<AssertionResult[]>;
+}
+//# sourceMappingURL=assertions.d.ts.map

package/dist/assertions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"assertions.d.ts","sourceRoot":"","sources":["../src/assertions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAEvC,MAAM,WAAW,eAAe;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,OAAO,CAAC;CACnB;AAED,qBAAa,mBAAoB,SAAQ,KAAK;aACd,MAAM,EAAE,eAAe;gBAAvB,MAAM,EAAE,eAAe;CAStD;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAEnD;AAED;;;;;;;;;;;;GAYG;AACH,qBAAa,WAAW;IACR,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,WAAW;IAEhD,6EAA6E;IACvE,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAO7F,wDAAwD;IAClD,OAAO,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAa9F;;;OAGG;IACG,MAAM,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAQ5E;;;OAGG;IACG,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAQ3E;;OAEG;IACG,QAAQ,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAajG;;;;;;;OAOG;IACG,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAQ3E;;;;OAIG;IACG,KAAK,CACP,KAAK,EAAE,KAAK,CAAC,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,EACpD,OAAO,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,eAAe,EAAE,CAAC;CAoBhC"}

package/dist/assertions.js

@@ -0,0 +1,142 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RhostAssert = exports.RhostAssertionError = void 0;
+exports.isRhostError = isRhostError;
+class RhostAssertionError extends Error {
+    constructor(result) {
+        super(`RhostMUSH assertion failed\n` +
+            `  Expression : ${result.expression}\n` +
+            `  Expected   : ${JSON.stringify(result.expected)}\n` +
+            `  Actual     : ${JSON.stringify(result.actual)}`);
+        this.result = result;
+        this.name = 'RhostAssertionError';
+    }
+}
+exports.RhostAssertionError = RhostAssertionError;
+/**
+ * Whether a string is a RhostMUSH error value.
+ * Rhost returns `#-1 <MESSAGE>` for most error cases.
+ */
+function isRhostError(value) {
+    return value.startsWith('#-1') || value.startsWith('#-2') || value.startsWith('#-3');
+}
+/**
+ * Assertion helpers for writing RhostMUSH softcode tests.
+ *
+ * Designed to work inside any test framework (Jest, Vitest, Mocha) — failed
+ * assertions throw `RhostAssertionError` which the framework will catch and
+ * report.
+ *
+ * @example
+ *   const assert = new RhostAssert(client);
+ *   await assert.equal('add(2,3)', '5');
+ *   await assert.truthy('strlen(hello)');
+ *   await assert.error('foo(BAD)');        // expects a #-1 error
+ */
+class RhostAssert {
+    constructor(client) {
+        this.client = client;
+    }
+    /** Evaluate and assert the result equals `expected` (exact string match). */
+    async equal(expression, expected, timeout) {
+        const actual = (await this.client.eval(expression, timeout)).trim();
+        const result = { expression, expected, actual, passed: actual === expected };
+        if (!result.passed)
+            throw new RhostAssertionError(result);
+        return result;
+    }
+    /** Evaluate and assert the result matches `pattern`. */
+    async matches(expression, pattern, timeout) {
+        const actual = (await this.client.eval(expression, timeout)).trim();
+        const passed = pattern.test(actual);
+        const result = {
+            expression,
+            expected: pattern.toString(),
+            actual,
+            passed,
+        };
+        if (!passed)
+            throw new RhostAssertionError(result);
+        return result;
+    }
+    /**
+     * Evaluate and assert the result is truthy in MUSH terms:
+     * non-empty, not `0`, and not a `#-1` error.
+     */
+    async truthy(expression, timeout) {
+        const actual = (await this.client.eval(expression, timeout)).trim();
+        const passed = actual !== '' && actual !== '0' && !isRhostError(actual);
+        const result = { expression, expected: '<truthy>', actual, passed };
+        if (!passed)
+            throw new RhostAssertionError(result);
+        return result;
+    }
+    /**
+     * Evaluate and assert the result is falsy in MUSH terms:
+     * empty string, `0`, or a `#-1` error.
+     */
+    async falsy(expression, timeout) {
+        const actual = (await this.client.eval(expression, timeout)).trim();
+        const passed = actual === '' || actual === '0' || isRhostError(actual);
+        const result = { expression, expected: '<falsy>', actual, passed };
+        if (!passed)
+            throw new RhostAssertionError(result);
+        return result;
+    }
+    /**
+     * Evaluate and assert the result contains `substring`.
+     */
+    async contains(expression, substring, timeout) {
+        const actual = (await this.client.eval(expression, timeout)).trim();
+        const passed = actual.includes(substring);
+        const result = {
+            expression,
+            expected: `<contains: ${JSON.stringify(substring)}>`,
+            actual,
+            passed,
+        };
+        if (!passed)
+            throw new RhostAssertionError(result);
+        return result;
+    }
+    /**
+     * Evaluate and assert the result is a `#-1` error (any kind).
+     * Useful for testing that invalid arguments are properly rejected.
+     *
+     * @example
+     *   await assert.error('div(1,0)');
+     *   await assert.error('nonexistentfunc()');
+     */
+    async error(expression, timeout) {
+        const actual = (await this.client.eval(expression, timeout)).trim();
+        const passed = isRhostError(actual);
+        const result = { expression, expected: '<#-1 error>', actual, passed };
+        if (!passed)
+            throw new RhostAssertionError(result);
+        return result;
+    }
+    /**
+     * Run a batch of `[expression, expected]` pairs.
+     * Runs all cases before throwing, returning the full result set.
+     * Throws after all cases if any failed.
+     */
+    async batch(cases, timeout) {
+        const results = [];
+        for (const [expression, expected] of cases) {
+            const actual = (await this.client.eval(expression, timeout)).trim();
+            results.push({ expression, expected, actual, passed: actual === expected });
+        }
+        const failures = results.filter((r) => !r.passed);
+        if (failures.length > 0) {
+            const summary = failures
+                .map((r) => `  [FAIL] ${r.expression}\n` +
+                `         Expected : ${JSON.stringify(r.expected)}\n` +
+                `         Actual   : ${JSON.stringify(r.actual)}`)
+                .join('\n');
+            throw new Error(`${failures.length} of ${results.length} assertions failed:\n${summary}`);
+        }
+        return results;
+    }
+}
+exports.RhostAssert = RhostAssert;
+//# sourceMappingURL=assertions.js.map

package/dist/assertions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"assertions.js","sourceRoot":"","sources":["../src/assertions.ts"],"names":[],"mappings":";;;AAyBA,oCAEC;AAlBD,MAAa,mBAAoB,SAAQ,KAAK;IAC1C,YAA4B,MAAuB;QAC/C,KAAK,CACD,8BAA8B;YAC9B,kBAAkB,MAAM,CAAC,UAAU,IAAI;YACvC,kBAAkB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI;YACrD,kBAAkB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CACpD,CAAC;QANsB,WAAM,GAAN,MAAM,CAAiB;QAO/C,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACtC,CAAC;CACJ;AAVD,kDAUC;AAED;;;GAGG;AACH,SAAgB,YAAY,CAAC,KAAa;IACtC,OAAO,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;AACzF,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAa,WAAW;IACpB,YAA6B,MAAmB;QAAnB,WAAM,GAAN,MAAM,CAAa;IAAG,CAAC;IAEpD,6EAA6E;IAC7E,KAAK,CAAC,KAAK,CAAC,UAAkB,EAAE,QAAgB,EAAE,OAAgB;QAC9D,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACpE,MAAM,MAAM,GAAoB,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC9F,IAAI,CAAC,MAAM,CAAC,MAAM;YAAE,MAAM,IAAI,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC1D,OAAO,MAAM,CAAC;IAClB,CAAC;IAED,wDAAwD;IACxD,KAAK,CAAC,OAAO,CAAC,UAAkB,EAAE,OAAe,EAAE,OAAgB;QAC/D,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACpE,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,MAAM,GAAoB;YAC5B,UAAU;YACV,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE;YAC5B,MAAM;YACN,MAAM;SACT,CAAC;QACF,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,mBAAmB,CAAC,MAAM,CAAC,CAAC;QACnD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,UAAkB,EAAE,OAAgB;QAC7C,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACpE,MAAM,MAAM,GAAG,MAAM,KAAK,EAAE,IAAI,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACxE,MAAM,MAAM,GAAoB,EAAE,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QACrF,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,mBAAmB,CAAC,MAAM,CAAC,CAAC;QACnD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,KAAK,CAAC,UAAkB,EAAE,OAAgB;QAC5C,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACpE,MAAM,MAAM,GAAG,MAAM,KAAK,EAAE,IAAI,MAAM,KAAK,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;QACvE,MAAM,MAAM,GAAoB,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QACpF,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,mBAAmB,CAAC,MAAM,CAAC,CAAC;QACnD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,UAAkB,EAAE,SAAiB,EAAE,OAAgB;QAClE,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACpE,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAoB;YAC5B,UAAU;YACV,QAAQ,EAAE,cAAc,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,GAAG;YACpD,MAAM;YACN,MAAM;SACT,CAAC;QACF,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,mBAAmB,CAAC,MAAM,CAAC,CAAC;QACnD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,KAAK,CAAC,UAAkB,EAAE,OAAgB;QAC5C,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACpE,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,MAAM,GAAoB,EAAE,UAAU,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QACxF,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,mBAAmB,CAAC,MAAM,CAAC,CAAC;QACnD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,KAAK,CACP,KAAoD,EACpD,OAAgB;QAEhB,MAAM,OAAO,GAAsB,EAAE,CAAC;QACtC,KAAK,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,IAAI,KAAK,EAAE,CAAC;YACzC,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACpE,OAAO,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC,CAAC;QAChF,CAAC;QACD,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAClD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,QAAQ;iBACnB,GAAG,CACA,CAAC,CAAC,EAAE,EAAE,CACF,YAAY,CAAC,CAAC,UAAU,IAAI;gBAC5B,uBAAuB,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI;gBACrD,uBAAuB,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CACxD;iBACA,IAAI,CAAC,IAAI,CAAC,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,GAAG,QAAQ,CAAC,MAAM,OAAO,OAAO,CAAC,MAAM,wBAAwB,OAAO,EAAE,CAAC,CAAC;QAC9F,CAAC;QACD,OAAO,OAAO,CAAC;IACnB,CAAC;CACJ;AA7GD,kCA6GC"}

package/dist/client.d.ts

@@ -0,0 +1,91 @@
+/** Strip ANSI/VT100 escape sequences from a string. */
+export declare function stripAnsi(s: string): string;
+export interface RhostClientOptions {
+    /** Server hostname. Default: 'localhost' */
+    host?: string;
+    /** Server port. Default: 4201 */
+    port?: number;
+    /** Default timeout in milliseconds. Default: 10000 */
+    timeout?: number;
+    /**
+     * Idle time (ms) after the last banner line before the banner is considered
+     * finished. Shorter values speed up tests. Default: 300
+     */
+    bannerTimeout?: number;
+    /**
+     * Whether to strip ANSI escape codes from eval results.
+     * RhostMUSH can embed color codes in output; enabling this gives clean
+     * string comparison in tests. Default: true
+     */
+    stripAnsi?: boolean;
+    /**
+     * Minimum milliseconds to wait before sending each eval's commands.
+     * Use when running many rapid evals to avoid MUSH flood control.
+     * Default: 0 (no delay)
+     */
+    paceMs?: number;
+    /**
+     * Timeout in milliseconds for the raw TCP connection to be established.
+     * If the server accepts the socket but then stalls, the connect will be
+     * aborted after this many milliseconds. Default: 10000
+     */
+    connectTimeout?: number;
+}
+/**
+ * High-level client for interacting with a RhostMUSH server.
+ *
+ * @example
+ *   const client = new RhostClient({ host: 'localhost', port: 4201 });
+ *   await client.connect();
+ *   await client.login('Wizard', 'Nyctasia');
+ *   const result = await client.eval('add(2,3)');  // => '5'
+ *   await client.disconnect();
+ */
+export declare class RhostClient {
+    private conn;
+    private defaultTimeout;
+    private bannerTimeout;
+    private doStripAnsi;
+    private paceMs;
+    private connectTimeout;
+    constructor(options?: RhostClientOptions);
+    /**
+     * Establish the TCP connection. Drains the welcome banner before returning.
+     */
+    connect(): Promise<void>;
+    /**
+     * Log in with character credentials.
+     * Uses a sentinel `@pemit` to confirm login regardless of welcome text.
+     */
+    login(username: string, password: string): Promise<void>;
+    /**
+     * Evaluate a MUSHcode expression and return the string result.
+     *
+     * Uses `think` to evaluate and `@pemit me=` sentinels to delimit output.
+     * ANSI escape codes are stripped by default (see `stripAnsi` option).
+     *
+     * @example
+     *   await client.eval('add(2,3)')          // => '5'
+     *   await client.eval('lcstr(HELLO)')       // => 'hello'
+     *   await client.eval('encode64(hello)')    // => 'aGVsbG8='
+     */
+    eval(expression: string, timeout?: number): Promise<string>;
+    /**
+     * Run a MUSHcode command and collect all output lines until the
+     * internal sentinel is received.
+     *
+     * @example
+     *   const lines = await client.command('look here');
+     *   const lines = await client.command('@pemit me=hello');
+     */
+    command(cmd: string, timeout?: number): Promise<string[]>;
+    /** Subscribe to every raw line received from the server. */
+    onLine(handler: (line: string) => void): void;
+    offLine(handler: (line: string) => void): void;
+    /** Send QUIT and close the TCP connection. */
+    disconnect(): Promise<void>;
+    private readUntilMarker;
+    private drainBanner;
+    private makeId;
+}
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAQA,uDAAuD;AACvD,wBAAgB,SAAS,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAE3C;AAED,MAAM,WAAW,kBAAkB;IAC/B,4CAA4C;IAC5C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,iCAAiC;IACjC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,sDAAsD;IACtD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;;;;;;;;GASG;AACH,qBAAa,WAAW;IACpB,OAAO,CAAC,IAAI,CAAiB;IAC7B,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,WAAW,CAAU;IAC7B,OAAO,CAAC,MAAM,CAAS;IAEvB,OAAO,CAAC,cAAc,CAAS;gBAEnB,OAAO,GAAE,kBAAuB;IAS5C;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAK9B;;;OAGG;IACG,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAa9D;;;;;;;;;;OAUG;IACG,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IA0BjE;;;;;;;OAOG;IACG,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAmB/D,4DAA4D;IAC5D,MAAM,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,GAAG,IAAI;IAI7C,OAAO,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,GAAG,IAAI;IAI9C,8CAA8C;IACxC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;YAanB,eAAe;IAQ7B,OAAO,CAAC,WAAW;IAWnB,OAAO,CAAC,MAAM;CAGjB"}

package/dist/client.js

@@ -0,0 +1,157 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RhostClient = void 0;
+exports.stripAnsi = stripAnsi;
+const crypto_1 = require("crypto");
+const connection_1 = require("./connection");
+// ESC [ ... m  — SGR sequences (colors, bold, etc.)
+// ESC [ ... (A-Z or a-z)  — cursor movement, erase, etc.
+// ESC ] ... ST  — OSC sequences
+const ANSI_RE = /\x1b(?:\[[0-9;]*[A-Za-z]|\][^\x07\x1b]*(?:\x07|\x1b\\))/g;
+/** Strip ANSI/VT100 escape sequences from a string. */
+function stripAnsi(s) {
+    return s.replace(ANSI_RE, '');
+}
+/**
+ * High-level client for interacting with a RhostMUSH server.
+ *
+ * @example
+ *   const client = new RhostClient({ host: 'localhost', port: 4201 });
+ *   await client.connect();
+ *   await client.login('Wizard', 'Nyctasia');
+ *   const result = await client.eval('add(2,3)');  // => '5'
+ *   await client.disconnect();
+ */
+class RhostClient {
+    constructor(options = {}) {
+        this.conn = new connection_1.MushConnection(options.host ?? 'localhost', options.port ?? 4201);
+        this.defaultTimeout = options.timeout ?? 10000;
+        this.bannerTimeout = options.bannerTimeout ?? 300;
+        this.doStripAnsi = options.stripAnsi !== false;
+        this.paceMs = options.paceMs ?? 0;
+        this.connectTimeout = options.connectTimeout ?? 10000;
+    }
+    /**
+     * Establish the TCP connection. Drains the welcome banner before returning.
+     */
+    async connect() {
+        await this.conn.connect(this.connectTimeout);
+        await this.drainBanner(this.bannerTimeout);
+    }
+    /**
+     * Log in with character credentials.
+     * Uses a sentinel `@pemit` to confirm login regardless of welcome text.
+     */
+    async login(username, password) {
+        if (/[\n\r]/.test(username)) {
+            throw new RangeError('login: invalid username — must not contain newline or carriage return characters');
+        }
+        if (/[\n\r]/.test(password)) {
+            throw new RangeError('login: invalid password — must not contain newline or carriage return characters');
+        }
+        const sentinel = `RHOST_LOGIN_${this.makeId()}`;
+        this.conn.send(`connect ${username} ${password}`);
+        this.conn.send(`@pemit me=${sentinel}`);
+        await this.readUntilMarker(sentinel, this.defaultTimeout);
+    }
+    /**
+     * Evaluate a MUSHcode expression and return the string result.
+     *
+     * Uses `think` to evaluate and `@pemit me=` sentinels to delimit output.
+     * ANSI escape codes are stripped by default (see `stripAnsi` option).
+     *
+     * @example
+     *   await client.eval('add(2,3)')          // => '5'
+     *   await client.eval('lcstr(HELLO)')       // => 'hello'
+     *   await client.eval('encode64(hello)')    // => 'aGVsbG8='
+     */
+    async eval(expression, timeout) {
+        if (this.paceMs > 0) {
+            await new Promise((r) => setTimeout(r, this.paceMs));
+        }
+        const id = this.makeId();
+        const startMarker = `RHOST_EVAL_START_${id}`;
+        const endMarker = `RHOST_EVAL_END_${id}`;
+        const ms = timeout ?? this.defaultTimeout;
+        this.conn.send(`@pemit me=${startMarker}`);
+        this.conn.send(`think ${expression}`);
+        this.conn.send(`@pemit me=${endMarker}`);
+        await this.readUntilMarker(startMarker, ms);
+        const resultLines = [];
+        while (true) {
+            const line = await this.conn.lines.next(ms);
+            const clean = this.doStripAnsi ? stripAnsi(line) : line;
+            if (clean.includes(endMarker))
+                break;
+            resultLines.push(clean);
+        }
+        return resultLines.join('\n');
+    }
+    /**
+     * Run a MUSHcode command and collect all output lines until the
+     * internal sentinel is received.
+     *
+     * @example
+     *   const lines = await client.command('look here');
+     *   const lines = await client.command('@pemit me=hello');
+     */
+    async command(cmd, timeout) {
+        const id = this.makeId();
+        const endMarker = `RHOST_CMD_END_${id}`;
+        const ms = timeout ?? this.defaultTimeout;
+        this.conn.send(cmd);
+        this.conn.send(`@pemit me=${endMarker}`);
+        const lines = [];
+        while (true) {
+            const line = await this.conn.lines.next(ms);
+            const clean = this.doStripAnsi ? stripAnsi(line) : line;
+            if (clean.includes(endMarker))
+                break;
+            lines.push(clean);
+        }
+        return lines;
+    }
+    /** Subscribe to every raw line received from the server. */
+    onLine(handler) {
+        this.conn.on('line', handler);
+    }
+    offLine(handler) {
+        this.conn.off('line', handler);
+    }
+    /** Send QUIT and close the TCP connection. */
+    async disconnect() {
+        try {
+            this.conn.send('QUIT');
+        }
+        catch {
+            // already closed
+        }
+        await this.conn.close();
+    }
+    // -------------------------------------------------------------------------
+    // Private helpers
+    // -------------------------------------------------------------------------
+    async readUntilMarker(marker, timeoutMs) {
+        while (true) {
+            const line = await this.conn.lines.next(timeoutMs);
+            const clean = this.doStripAnsi ? stripAnsi(line) : line;
+            if (clean.includes(marker))
+                return;
+        }
+    }
+    drainBanner(idleMs) {
+        return new Promise((resolve) => {
+            const tryNext = () => {
+                this.conn.lines.next(idleMs)
+                    .then(() => tryNext())
+                    .catch(() => resolve());
+            };
+            tryNext();
+        });
+    }
+    makeId() {
+        return (0, crypto_1.randomUUID)().replace(/-/g, '').slice(0, 16).toUpperCase();
+    }
+}
+exports.RhostClient = RhostClient;
+//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":";;;AASA,8BAEC;AAXD,mCAAoC;AACpC,6CAA8C;AAE9C,oDAAoD;AACpD,yDAAyD;AACzD,gCAAgC;AAChC,MAAM,OAAO,GAAG,0DAA0D,CAAC;AAE3E,uDAAuD;AACvD,SAAgB,SAAS,CAAC,CAAS;IAC/B,OAAO,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;AAClC,CAAC;AAkCD;;;;;;;;;GASG;AACH,MAAa,WAAW;IASpB,YAAY,UAA8B,EAAE;QACxC,IAAI,CAAC,IAAI,GAAG,IAAI,2BAAc,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,EAAE,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC;QAClF,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,OAAO,IAAI,KAAK,CAAC;QAC/C,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,GAAG,CAAC;QAClD,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,SAAS,KAAK,KAAK,CAAC;QAC/C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,KAAK,CAAC;IAC1D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACT,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC7C,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC/C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,KAAK,CAAC,QAAgB,EAAE,QAAgB;QAC1C,IAAI,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,UAAU,CAAC,kFAAkF,CAAC,CAAC;QAC7G,CAAC;QACD,IAAI,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,UAAU,CAAC,kFAAkF,CAAC,CAAC;QAC7G,CAAC;QACD,MAAM,QAAQ,GAAG,eAAe,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;QAChD,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,QAAQ,IAAI,QAAQ,EAAE,CAAC,CAAC;QAClD,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,QAAQ,EAAE,CAAC,CAAC;QACxC,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;IAC9D,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,IAAI,CAAC,UAAkB,EAAE,OAAgB;QAC3C,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClB,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QACzD,CAAC;QACD,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QACzB,MAAM,WAAW,GAAG,oBAAoB,EAAE,EAAE,CAAC;QAC7C,MAAM,SAAS,GAAG,kBAAkB,EAAE,EAAE,CAAC;QACzC,MAAM,EAAE,GAAG,OAAO,IAAI,IAAI,CAAC,cAAc,CAAC;QAE1C,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,WAAW,EAAE,CAAC,CAAC;QAC3C,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,UAAU,EAAE,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,SAAS,EAAE,CAAC,CAAC;QAEzC,MAAM,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAE5C,MAAM,WAAW,GAAa,EAAE,CAAC;QACjC,OAAO,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YACxD,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAAE,MAAM;YACrC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5B,CAAC;QAED,OAAO,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,OAAO,CAAC,GAAW,EAAE,OAAgB;QACvC,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QACzB,MAAM,SAAS,GAAG,iBAAiB,EAAE,EAAE,CAAC;QACxC,MAAM,EAAE,GAAG,OAAO,IAAI,IAAI,CAAC,cAAc,CAAC;QAE1C,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACpB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,SAAS,EAAE,CAAC,CAAC;QAEzC,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,OAAO,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YACxD,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAAE,MAAM;YACrC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;QAED,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,4DAA4D;IAC5D,MAAM,CAAC,OAA+B;QAClC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,CAAC;IAED,OAAO,CAAC,OAA+B;QACnC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,CAAC;IAED,8CAA8C;IAC9C,KAAK,CAAC,UAAU;QACZ,IAAI,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACL,iBAAiB;QACrB,CAAC;QACD,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;IAC5B,CAAC;IAED,4EAA4E;IAC5E,kBAAkB;IAClB,4EAA4E;IAEpE,KAAK,CAAC,eAAe,CAAC,MAAc,EAAE,SAAiB;QAC3D,OAAO,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACnD,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YACxD,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAAE,OAAO;QACvC,CAAC;IACL,CAAC;IAEO,WAAW,CAAC,MAAc;QAC9B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC3B,MAAM,OAAO,GAAG,GAAG,EAAE;gBACjB,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;qBACvB,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;qBACrB,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;YAChC,CAAC,CAAC;YACF,OAAO,EAAE,CAAC;QACd,CAAC,CAAC,CAAC;IACP,CAAC;IAEO,MAAM;QACV,OAAO,IAAA,mBAAU,GAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACrE,CAAC;CACJ;AAxJD,kCAwJC"}

package/dist/connection.d.ts

@@ -0,0 +1,27 @@
+import { EventEmitter } from 'events';
+/**
+ * Async FIFO queue for lines received from the server.
+ * Delivers directly to waiting consumers; buffers when none are waiting.
+ */
+declare class AsyncLineQueue {
+    private buffer;
+    private waiters;
+    push(line: string): void;
+    next(timeoutMs: number): Promise<string>;
+    drainSync(): string[];
+    cancelAll(reason: string): void;
+}
+export declare class MushConnection extends EventEmitter {
+    private readonly host;
+    private readonly port;
+    private socket;
+    private rawBuffer;
+    readonly lines: AsyncLineQueue;
+    constructor(host: string, port: number);
+    connect(connectTimeoutMs?: number): Promise<void>;
+    private onData;
+    send(command: string): void;
+    close(): Promise<void>;
+}
+export {};
+//# sourceMappingURL=connection.d.ts.map

package/dist/connection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"connection.d.ts","sourceRoot":"","sources":["../src/connection.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAEtC;;;GAGG;AACH,cAAM,cAAc;IAChB,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,OAAO,CAAgF;IAE/F,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAQxB,IAAI,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAsBxC,SAAS,IAAI,MAAM,EAAE;IAMrB,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;CAIlC;AAED,qBAAa,cAAe,SAAQ,YAAY;IAKhC,OAAO,CAAC,QAAQ,CAAC,IAAI;IAAU,OAAO,CAAC,QAAQ,CAAC,IAAI;IAJhE,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,SAAS,CAAM;IACvB,QAAQ,CAAC,KAAK,EAAE,cAAc,CAAC;gBAEF,IAAI,EAAE,MAAM,EAAmB,IAAI,EAAE,MAAM;IAKxE,OAAO,CAAC,gBAAgB,SAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAyBhD,OAAO,CAAC,MAAM;IAWd,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAO3B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAUzB"}