@sentropic/h2a-cli 0.2.5 → 0.2.7

package/dist/index.d.ts

@@ -10,6 +10,7 @@ export { H2A_STORE_SCHEMA_FILE, H2A_STORE_SCHEMA_VERSION, LockTimeoutError, Stor
 export { H2A_CLI_MCP_TOOL_DESCRIPTORS, NotificationDispatcher, SessionRegistry, createMcpServer, runMcpStdio, type CreateMcpServerOptions, type McpErrorResult, type McpPushNotification, type McpServer, type McpToolDescriptor, type McpToolName, type McpToolResult, type NotificationSink, type OpenSessionRequest, type RunMcpStdioOptions, type SessionRegistryOptions } from "./runtime/mcp/index.js";
 export { renderK8sSidecar, type K8sSidecarFragment, type K8sSidecarOptions } from "./runtime/deploy/k8s-sidecar.js";
 export { renderK8sTenant, type K8sTenantManifest, type K8sTenantOptions } from "./runtime/deploy/k8s-tenant.js";
+export { acceptRemoteEnvelope, type AcceptRemoteOptions, type H2AAcceptRejection, type H2AAcceptResult } from "./runtime/remote/index.js";
 export declare const H2A_CLI_HOSTS: readonly [import("./hosts/codex.js").H2AConfigurableHostDescriptor, import("./hosts/codex.js").H2AConfigurableHostDescriptor, import("./hosts/codex.js").H2AConfigurableHostDescriptor];
 export declare const H2A_CLI_ADAPTER: {
     readonly packageName: "@sentropic/h2a-cli";

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,UAAU,CAAC;AAElD,YAAY,EACV,6BAA6B,EAC7B,iBAAiB,EACjB,WAAW,EACX,oBAAoB,EACpB,sBAAsB,EACvB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,eAAe,EACf,cAAc,EACd,eAAe,EACf,sBAAsB,EACtB,aAAa,EACb,MAAM,EACN,WAAW,EACZ,CAAC;AAEF,OAAO,EACL,sBAAsB,EACtB,6BAA6B,EAC7B,KAAK,cAAc,EACnB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACxB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,gBAAgB,EAChB,wBAAwB,EACxB,gBAAgB,EAChB,cAAc,EACd,QAAQ,EACR,YAAY,EACZ,eAAe,EACf,cAAc,EACd,sBAAsB,EACtB,SAAS,EACT,YAAY,EACZ,YAAY,EACZ,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,SAAS,EACT,aAAa,EACb,QAAQ,EACR,YAAY,EACZ,aAAa,EACb,KAAK,uBAAuB,EAC5B,KAAK,qBAAqB,EAC1B,KAAK,iBAAiB,EACtB,KAAK,sBAAsB,EAC3B,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,SAAS,EACd,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACrB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,4BAA4B,EAC5B,sBAAsB,EACtB,eAAe,EACf,eAAe,EACf,WAAW,EACX,KAAK,sBAAsB,EAC3B,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,SAAS,EACd,KAAK,iBAAiB,EACtB,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,sBAAsB,EAC5B,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,gBAAgB,EAChB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACvB,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EACL,eAAe,EACf,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACtB,MAAM,gCAAgC,CAAC;AAExC,eAAO,MAAM,aAAa,yLAIhB,CAAC;AAEX,eAAO,MAAM,eAAe;;;;;;CAMlB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,UAAU,CAAC;AAElD,YAAY,EACV,6BAA6B,EAC7B,iBAAiB,EACjB,WAAW,EACX,oBAAoB,EACpB,sBAAsB,EACvB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,eAAe,EACf,cAAc,EACd,eAAe,EACf,sBAAsB,EACtB,aAAa,EACb,MAAM,EACN,WAAW,EACZ,CAAC;AAEF,OAAO,EACL,sBAAsB,EACtB,6BAA6B,EAC7B,KAAK,cAAc,EACnB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACxB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,gBAAgB,EAChB,wBAAwB,EACxB,gBAAgB,EAChB,cAAc,EACd,QAAQ,EACR,YAAY,EACZ,eAAe,EACf,cAAc,EACd,sBAAsB,EACtB,SAAS,EACT,YAAY,EACZ,YAAY,EACZ,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,SAAS,EACT,aAAa,EACb,QAAQ,EACR,YAAY,EACZ,aAAa,EACb,KAAK,uBAAuB,EAC5B,KAAK,qBAAqB,EAC1B,KAAK,iBAAiB,EACtB,KAAK,sBAAsB,EAC3B,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,SAAS,EACd,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACrB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,4BAA4B,EAC5B,sBAAsB,EACtB,eAAe,EACf,eAAe,EACf,WAAW,EACX,KAAK,sBAAsB,EAC3B,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,SAAS,EACd,KAAK,iBAAiB,EACtB,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,sBAAsB,EAC5B,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,gBAAgB,EAChB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACvB,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EACL,eAAe,EACf,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACtB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,oBAAoB,EACpB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,eAAe,EACrB,MAAM,2BAA2B,CAAC;AAEnC,eAAO,MAAM,aAAa,yLAIhB,CAAC;AAEX,eAAO,MAAM,eAAe;;;;;;CAMlB,CAAC"}

package/dist/index.js

@@ -9,6 +9,7 @@ export { H2A_STORE_SCHEMA_FILE, H2A_STORE_SCHEMA_VERSION, LockTimeoutError, Stor
 export { H2A_CLI_MCP_TOOL_DESCRIPTORS, NotificationDispatcher, SessionRegistry, createMcpServer, runMcpStdio } from "./runtime/mcp/index.js";
 export { renderK8sSidecar } from "./runtime/deploy/k8s-sidecar.js";
 export { renderK8sTenant } from "./runtime/deploy/k8s-tenant.js";
+export { acceptRemoteEnvelope } from "./runtime/remote/index.js";
 export const H2A_CLI_HOSTS = [
     H2A_CODEX_HOST,
     H2A_CLAUDE_HOST,

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,UAAU,CAAC;AAUlD,OAAO,EACL,eAAe,EACf,cAAc,EACd,eAAe,EACf,sBAAsB,EACtB,aAAa,EACb,MAAM,EACN,WAAW,EACZ,CAAC;AAEF,OAAO,EACL,sBAAsB,EACtB,6BAA6B,EAI9B,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,gBAAgB,EAChB,wBAAwB,EACxB,gBAAgB,EAChB,cAAc,EACd,QAAQ,EACR,YAAY,EACZ,eAAe,EACf,cAAc,EACd,sBAAsB,EACtB,SAAS,EACT,YAAY,EACZ,YAAY,EACZ,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,SAAS,EACT,aAAa,EACb,QAAQ,EACR,YAAY,EACZ,aAAa,EAgBd,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,4BAA4B,EAC5B,sBAAsB,EACtB,eAAe,EACf,eAAe,EACf,WAAW,EAYZ,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,gBAAgB,EAGjB,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EACL,eAAe,EAGhB,MAAM,gCAAgC,CAAC;AAExC,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,cAAc;IACd,eAAe;IACf,eAAe;CACP,CAAC;AAEX,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,WAAW,EAAE,oBAAoB;IACjC,eAAe,EAAE,gBAAgB;IACjC,QAAQ,EAAE,eAAe;IACzB,KAAK,EAAE,aAAa;IACpB,YAAY,EAAE,sBAAsB;CAC5B,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,UAAU,CAAC;AAUlD,OAAO,EACL,eAAe,EACf,cAAc,EACd,eAAe,EACf,sBAAsB,EACtB,aAAa,EACb,MAAM,EACN,WAAW,EACZ,CAAC;AAEF,OAAO,EACL,sBAAsB,EACtB,6BAA6B,EAI9B,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,gBAAgB,EAChB,wBAAwB,EACxB,gBAAgB,EAChB,cAAc,EACd,QAAQ,EACR,YAAY,EACZ,eAAe,EACf,cAAc,EACd,sBAAsB,EACtB,SAAS,EACT,YAAY,EACZ,YAAY,EACZ,eAAe,EACf,kBAAkB,EAClB,cAAc,EACd,SAAS,EACT,aAAa,EACb,QAAQ,EACR,YAAY,EACZ,aAAa,EAgBd,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,4BAA4B,EAC5B,sBAAsB,EACtB,eAAe,EACf,eAAe,EACf,WAAW,EAYZ,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,gBAAgB,EAGjB,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EACL,eAAe,EAGhB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,oBAAoB,EAIrB,MAAM,2BAA2B,CAAC;AAEnC,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,cAAc;IACd,eAAe;IACf,eAAe;CACP,CAAC;AAEX,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,WAAW,EAAE,oBAAoB;IACjC,eAAe,EAAE,gBAAgB;IACjC,QAAQ,EAAE,eAAe;IACzB,KAAK,EAAE,aAAa;IACpB,YAAY,EAAE,sBAAsB;CAC5B,CAAC"}

package/dist/runtime/remote/accept.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Remote-receive pipeline (DEC-075), slice 3a of the signed-bearer
+ * transport-auth workstream (DEC-032 / DEC-073 / DEC-074).
+ *
+ * `acceptRemoteEnvelope` is the trust boundary for an envelope arriving from
+ * off-host: it does NOT trust the channel. It verifies, in order:
+ *   1. the payload is a well-formed H2A envelope,
+ *   2. it declares a local delivery target,
+ *   3. it carries a signature by its emitter (`actor.instance`) that verifies
+ *      against that emitter's public key (DEC-073),
+ *   4. it is fresh and not a replay (DEC-074),
+ * and only then delivers it to the target's local inbox.
+ *
+ * The pipeline takes its key lookup, replay guard and delivery as callbacks, so
+ * it is transport-agnostic (the HTTP wiring is slice 3b) and testable without a
+ * network or a real store.
+ */
+import { type H2AEnvelope, type H2AReplayGuard } from "@sentropic/h2a";
+export type H2AAcceptRejection = "malformed" | "no-target" | "no-signature" | "no-public-key" | "bad-signature" | "invalid-timestamp" | "expired" | "future" | "replayed";
+export type H2AAcceptResult = {
+    ok: true;
+    deliveredTo: string;
+    signer: string;
+} | {
+    ok: false;
+    reason: H2AAcceptRejection;
+};
+export interface AcceptRemoteOptions {
+    /**
+     * Resolve a signer instance to its ed25519 public-key PEM (typically from the
+     * local registry's `publicKeys`). Return undefined for an unknown signer.
+     */
+    resolvePublicKey: (signerInstance: string) => string | undefined;
+    /** Replay guard (DEC-074). Its freshness window also enforces timestamp checks. */
+    guard: H2AReplayGuard;
+    /** Deliver the accepted envelope to a local recipient's inbox. */
+    deliver: (recipient: string, envelope: H2AEnvelope) => void;
+    /** Reference time (ms epoch) handed to the guard. Defaults to `Date.now()`. */
+    now?: number;
+}
+/**
+ * Validate and deliver a remotely-received envelope. Returns a structured
+ * result; never throws on a rejection (only the caller-supplied `deliver` may
+ * throw, which propagates).
+ */
+export declare function acceptRemoteEnvelope(payload: unknown, options: AcceptRemoteOptions): H2AAcceptResult;
+//# sourceMappingURL=accept.d.ts.map

package/dist/runtime/remote/accept.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"accept.d.ts","sourceRoot":"","sources":["../../../src/runtime/remote/accept.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAGL,KAAK,WAAW,EAEhB,KAAK,cAAc,EACpB,MAAM,gBAAgB,CAAC;AAExB,MAAM,MAAM,kBAAkB,GAC1B,WAAW,GACX,WAAW,GACX,cAAc,GACd,eAAe,GACf,eAAe,GACf,mBAAmB,GACnB,SAAS,GACT,QAAQ,GACR,UAAU,CAAC;AAEf,MAAM,MAAM,eAAe,GACvB;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,WAAW,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GACjD;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,kBAAkB,CAAA;CAAE,CAAC;AAE9C,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,gBAAgB,EAAE,CAAC,cAAc,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,CAAC;IACjE,mFAAmF;IACnF,KAAK,EAAE,cAAc,CAAC;IACtB,kEAAkE;IAClE,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,KAAK,IAAI,CAAC;IAC5D,+EAA+E;IAC/E,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,mBAAmB,GAC3B,eAAe,CAiCjB"}

package/dist/runtime/remote/accept.js

@@ -0,0 +1,53 @@
+/**
+ * Remote-receive pipeline (DEC-075), slice 3a of the signed-bearer
+ * transport-auth workstream (DEC-032 / DEC-073 / DEC-074).
+ *
+ * `acceptRemoteEnvelope` is the trust boundary for an envelope arriving from
+ * off-host: it does NOT trust the channel. It verifies, in order:
+ *   1. the payload is a well-formed H2A envelope,
+ *   2. it declares a local delivery target,
+ *   3. it carries a signature by its emitter (`actor.instance`) that verifies
+ *      against that emitter's public key (DEC-073),
+ *   4. it is fresh and not a replay (DEC-074),
+ * and only then delivers it to the target's local inbox.
+ *
+ * The pipeline takes its key lookup, replay guard and delivery as callbacks, so
+ * it is transport-agnostic (the HTTP wiring is slice 3b) and testable without a
+ * network or a real store.
+ */
+import { isH2AEnvelope, verifyEnvelopeSignature } from "@sentropic/h2a";
+/**
+ * Validate and deliver a remotely-received envelope. Returns a structured
+ * result; never throws on a rejection (only the caller-supplied `deliver` may
+ * throw, which propagates).
+ */
+export function acceptRemoteEnvelope(payload, options) {
+    if (!isH2AEnvelope(payload)) {
+        return { ok: false, reason: "malformed" };
+    }
+    const envelope = payload;
+    const recipient = envelope.target?.instance;
+    if (!recipient) {
+        return { ok: false, reason: "no-target" };
+    }
+    const signer = envelope.actor.instance;
+    const hasSignerSig = (envelope.signatures ?? []).some((s) => s.by === signer);
+    if (!hasSignerSig) {
+        return { ok: false, reason: "no-signature" };
+    }
+    const publicKeyPem = options.resolvePublicKey(signer);
+    if (!publicKeyPem) {
+        return { ok: false, reason: "no-public-key" };
+    }
+    if (!verifyEnvelopeSignature(envelope, publicKeyPem, { by: signer })) {
+        return { ok: false, reason: "bad-signature" };
+    }
+    const replay = options.guard.accept(envelope, options.now);
+    if (!replay.ok) {
+        // freshness/replay reasons map 1:1 onto our rejection union
+        return { ok: false, reason: replay.reason };
+    }
+    options.deliver(recipient, envelope);
+    return { ok: true, deliveredTo: recipient, signer };
+}
+//# sourceMappingURL=accept.js.map

package/dist/runtime/remote/accept.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"accept.js","sourceRoot":"","sources":["../../../src/runtime/remote/accept.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EACL,aAAa,EACb,uBAAuB,EAIxB,MAAM,gBAAgB,CAAC;AA+BxB;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAClC,OAAgB,EAChB,OAA4B;IAE5B,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAC5C,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC;IAEzB,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC;IAC5C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAC5C,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC;IACvC,MAAM,YAAY,GAAG,CAAC,QAAQ,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;IAC9E,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;IAC/C,CAAC;IAED,MAAM,YAAY,GAAG,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACtD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAChD,CAAC;IACD,IAAI,CAAC,uBAAuB,CAAC,QAAQ,EAAE,YAAY,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;QACrE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAChD,CAAC;IAED,MAAM,MAAM,GAAmB,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAC3E,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,4DAA4D;QAC5D,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,MAA4B,EAAE,CAAC;IACpE,CAAC;IAED,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IACrC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;AACtD,CAAC"}

package/dist/runtime/remote/index.d.ts

@@ -0,0 +1,2 @@
+export { acceptRemoteEnvelope, type AcceptRemoteOptions, type H2AAcceptRejection, type H2AAcceptResult } from "./accept.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/runtime/remote/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/runtime/remote/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EACpB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,eAAe,EACrB,MAAM,aAAa,CAAC"}

package/dist/runtime/remote/index.js

@@ -0,0 +1,2 @@
+export { acceptRemoteEnvelope } from "./accept.js";
+//# sourceMappingURL=index.js.map

package/dist/runtime/remote/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/runtime/remote/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EAIrB,MAAM,aAAa,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sentropic/h2a-cli",
-  "version": "0.2.5",
+  "version": "0.2.7",
   "description": "Unified CLI surface for h2a hosts and MCP-oriented coordination flows.",
   "license": "MIT",
   "type": "module",
@@ -40,7 +40,7 @@
     "skills"
   ],
   "dependencies": {
-    "@sentropic/h2a": "^0.2.5"
+    "@sentropic/h2a": "^0.2.7"
   },
   "publishConfig": {
     "access": "public"