@tpsdev-ai/cli 0.1.0 → 0.3.0

package/dist/src/utils/identity.js

@@ -1,341 +0,0 @@
-/**
- * TPS Identity Primitives — Ed25519 signing + X25519 encryption.
- *
- * Every entity (host or branch) has TWO keypairs derived from one 32-byte seed:
- *   - Ed25519 for signing/verification (identity proof)
- *   - X25519 for encryption/key exchange (secret delivery, Noise handshake)
- *
- * The private key IS the identity. Lose it → revoke and re-provision.
- * Branch generates its own keys — the host NEVER sees a branch's private key.
- */
-import * as ed from "@noble/ed25519";
-import { x25519 } from "@noble/curves/ed25519.js";
-import { randomBytes, createHash } from "node:crypto";
-import { existsSync, mkdirSync, readFileSync, writeFileSync, chmodSync, statSync, readdirSync, unlinkSync, } from "node:fs";
-import { join } from "node:path";
-import { homedir, hostname } from "node:os";
-// noble/ed25519 v3 needs hashes.sha512 set for sync operations.
-import { hashes } from "@noble/ed25519";
-hashes.sha512 = (message) => {
-    return new Uint8Array(createHash("sha512").update(message).digest());
-};
-/**
- * Compute the fingerprint (SHA-256 hex) of a public key.
- */
-export function fingerprint(publicKey) {
-    return createHash("sha256").update(publicKey).digest("hex");
-}
-/**
- * Derive X25519 private key from Ed25519 seed.
- * Uses SHA-512 of the seed (same as Ed25519 key expansion) and clamps
- * the first 32 bytes for Curve25519 scalar multiplication.
- * This is the same approach as libsodium's crypto_sign_ed25519_sk_to_curve25519.
- */
-export function edSeedToX25519Private(seed) {
-    const h = createHash("sha512").update(seed).digest();
-    const scalar = new Uint8Array(h.slice(0, 32));
-    // Clamp for Curve25519
-    scalar[0] &= 248;
-    scalar[31] &= 127;
-    scalar[31] |= 64;
-    return scalar;
-}
-/**
- * Generate a new identity keypair (Ed25519 signing + X25519 encryption).
- * Both are derived from a single 32-byte seed.
- */
-export function generateKeyPair(options) {
-    const seed = new Uint8Array(randomBytes(32));
-    // Ed25519 signing keypair
-    const edPublic = ed.getPublicKey(seed);
-    // X25519 encryption keypair (derived from same seed)
-    const xPrivate = edSeedToX25519Private(seed);
-    const xPublic = x25519.getPublicKey(xPrivate);
-    const now = new Date();
-    const fp = fingerprint(edPublic);
-    return {
-        signing: { publicKey: edPublic, privateKey: seed },
-        encryption: { publicKey: xPublic, privateKey: xPrivate },
-        seed,
-        fingerprint: fp,
-        createdAt: now.toISOString(),
-        expiresAt: options?.expiresIn
-            ? new Date(now.getTime() + options.expiresIn).toISOString()
-            : undefined,
-        // Backward compat
-        publicKey: edPublic,
-        privateKey: seed,
-    };
-}
-/**
- * Sign a message with a private key.
- * Returns the 64-byte Ed25519 signature.
- */
-export function sign(message, privateKey) {
-    return ed.sign(message, privateKey);
-}
-/**
- * Verify a signature against a message and public key.
- */
-export function verify(message, signature, publicKey) {
-    try {
-        return ed.verify(signature, message, publicKey);
-    }
-    catch {
-        return false;
-    }
-}
-// --- Filesystem storage ---
-function getIdentityDir() {
-    return (process.env.TPS_IDENTITY_DIR ||
-        join(process.env.HOME || homedir(), ".tps", "identity"));
-}
-function getRegistryDir() {
-    return (process.env.TPS_REGISTRY_DIR ||
-        join(process.env.HOME || homedir(), ".tps", "registry"));
-}
-/**
- * Save a keypair to a directory.
- * Private keys get 0600 permissions. Both Ed25519 and X25519 keys stored.
- */
-export function saveKeyPair(keyPair, dir, prefix = "host") {
-    mkdirSync(dir, { recursive: true });
-    // Store the master seed (32 bytes — derives both keypairs)
-    const seedPath = join(dir, `${prefix}.seed`);
-    writeFileSync(seedPath, Buffer.from(keyPair.seed));
-    chmodSync(seedPath, 0o600);
-    // Ed25519 signing keys
-    const keyPath = join(dir, `${prefix}.key`);
-    const pubPath = join(dir, `${prefix}.pub`);
-    writeFileSync(keyPath, Buffer.from(keyPair.signing.privateKey));
-    chmodSync(keyPath, 0o600);
-    writeFileSync(pubPath, Buffer.from(keyPair.signing.publicKey));
-    // X25519 encryption keys
-    const xKeyPath = join(dir, `${prefix}.x25519.key`);
-    const xPubPath = join(dir, `${prefix}.x25519.pub`);
-    writeFileSync(xKeyPath, Buffer.from(keyPair.encryption.privateKey));
-    chmodSync(xKeyPath, 0o600);
-    writeFileSync(xPubPath, Buffer.from(keyPair.encryption.publicKey));
-    // Write metadata
-    const meta = {
-        fingerprint: keyPair.fingerprint,
-        createdAt: keyPair.createdAt,
-        expiresAt: keyPair.expiresAt,
-    };
-    writeFileSync(join(dir, `${prefix}.meta.json`), JSON.stringify(meta, null, 2), "utf-8");
-}
-/**
- * Load a keypair from a directory.
- * Supports both new format (with seed + x25519) and legacy (ed25519 only).
- */
-export function loadKeyPair(dir, prefix = "host") {
-    const keyPath = join(dir, `${prefix}.key`);
-    const pubPath = join(dir, `${prefix}.pub`);
-    const metaPath = join(dir, `${prefix}.meta.json`);
-    const seedPath = join(dir, `${prefix}.seed`);
-    if (!existsSync(keyPath) || !existsSync(pubPath)) {
-        throw new Error(`No keypair found at ${dir}/${prefix}.*`);
-    }
-    const edPrivate = new Uint8Array(readFileSync(keyPath));
-    const edPublic = new Uint8Array(readFileSync(pubPath));
-    let meta = {
-        fingerprint: fingerprint(edPublic),
-        createdAt: new Date().toISOString(),
-    };
-    if (existsSync(metaPath)) {
-        meta = JSON.parse(readFileSync(metaPath, "utf-8"));
-    }
-    // Load or derive X25519 keys
-    const seed = existsSync(seedPath)
-        ? new Uint8Array(readFileSync(seedPath))
-        : edPrivate; // legacy: seed IS the ed25519 private key (32 bytes)
-    const xPrivate = edSeedToX25519Private(seed);
-    const xPubPath = join(dir, `${prefix}.x25519.pub`);
-    const xPublic = existsSync(xPubPath)
-        ? new Uint8Array(readFileSync(xPubPath))
-        : x25519.getPublicKey(xPrivate);
-    return {
-        signing: { publicKey: edPublic, privateKey: edPrivate },
-        encryption: { publicKey: xPublic, privateKey: xPrivate },
-        seed,
-        fingerprint: meta.fingerprint,
-        createdAt: meta.createdAt,
-        expiresAt: meta.expiresAt,
-        publicKey: edPublic,
-        privateKey: edPrivate,
-    };
-}
-/**
- * Check if a private key file has safe permissions (0600).
- * Returns true if permissions are restrictive enough.
- */
-export function checkKeyPermissions(keyPath) {
-    try {
-        const st = statSync(keyPath);
-        const mode = st.mode & 0o777;
-        // Allow 0600 or 0400 (read-only)
-        return mode === 0o600 || mode === 0o400;
-    }
-    catch {
-        return false;
-    }
-}
-// --- Host identity convenience ---
-/**
- * Initialize host identity (generate keypair if not exists).
- * Returns the keypair (existing or newly generated).
- */
-export function initHostIdentity(options) {
-    const dir = getIdentityDir();
-    const keyPath = join(dir, "host.key");
-    if (existsSync(keyPath) && !options?.force) {
-        return loadKeyPair(dir, "host");
-    }
-    const kp = generateKeyPair({ expiresIn: options?.expiresIn });
-    saveKeyPair(kp, dir, "host");
-    return kp;
-}
-/**
- * Load the host identity. Throws if not initialized.
- */
-export function loadHostIdentity() {
-    const dir = getIdentityDir();
-    return loadKeyPair(dir, "host");
-}
-export function loadHostIdentityId() {
-    const safeHostname = () => hostname().split(".")[0];
-    const metaPath = join(getIdentityDir(), "host.meta.json");
-    if (existsSync(metaPath)) {
-        try {
-            const data = JSON.parse(readFileSync(metaPath, "utf-8"));
-            return String(data.id || data.hostId || safeHostname());
-        }
-        catch {
-            return safeHostname();
-        }
-    }
-    return safeHostname();
-}
-/**
- * Register a branch's public keys in the host registry.
- * Branch generates its own keys — only PUBLIC keys are registered here.
- * The host NEVER sees a branch's private key.
- */
-export function registerBranch(branchId, publicKey, meta, encryptionKey) {
-    if (!/^[a-zA-Z0-9_-]+$/.test(branchId)) {
-        throw new Error(`Invalid branch ID: "${branchId}". Use only letters, numbers, hyphens, underscores.`);
-    }
-    const dir = getRegistryDir();
-    mkdirSync(dir, { recursive: true });
-    const fp = fingerprint(publicKey);
-    const fullMeta = {
-        fingerprint: fp,
-        createdAt: meta?.createdAt || new Date().toISOString(),
-        expiresAt: meta?.expiresAt,
-        trust: meta?.trust || "standard",
-    };
-    // Ed25519 signing public key
-    writeFileSync(join(dir, `${branchId}.pub`), Buffer.from(publicKey));
-    // X25519 encryption public key (if provided)
-    if (encryptionKey) {
-        writeFileSync(join(dir, `${branchId}.x25519.pub`), Buffer.from(encryptionKey));
-    }
-    writeFileSync(join(dir, `${branchId}.meta.json`), JSON.stringify(fullMeta, null, 2), "utf-8");
-    return { branchId, publicKey, encryptionKey, meta: fullMeta };
-}
-/**
- * Look up a branch's registered key.
- */
-export function lookupBranch(branchId) {
-    if (!/^[a-zA-Z0-9_-]+$/.test(branchId))
-        return null;
-    const dir = getRegistryDir();
-    const pubPath = join(dir, `${branchId}.pub`);
-    if (!existsSync(pubPath))
-        return null;
-    // Check if revoked
-    const revokedPath = join(dir, "revoked", `${branchId}.meta.json`);
-    if (existsSync(revokedPath))
-        return null;
-    const publicKey = new Uint8Array(readFileSync(pubPath));
-    const metaPath = join(dir, `${branchId}.meta.json`);
-    let meta = {
-        fingerprint: fingerprint(publicKey),
-        createdAt: new Date().toISOString(),
-    };
-    if (existsSync(metaPath)) {
-        meta = JSON.parse(readFileSync(metaPath, "utf-8"));
-    }
-    // Load X25519 encryption public key if available
-    const xPubPath = join(dir, `${branchId}.x25519.pub`);
-    const encryptionKey = existsSync(xPubPath)
-        ? new Uint8Array(readFileSync(xPubPath))
-        : undefined;
-    return { branchId, publicKey, encryptionKey, meta };
-}
-/**
- * Revoke a branch's key. Moves metadata to revoked/ directory.
- */
-export function revokeBranch(branchId, reason) {
-    const dir = getRegistryDir();
-    const pubPath = join(dir, `${branchId}.pub`);
-    const metaPath = join(dir, `${branchId}.meta.json`);
-    if (!existsSync(pubPath)) {
-        throw new Error(`No registered key for branch: ${branchId}`);
-    }
-    const revokedDir = join(dir, "revoked");
-    mkdirSync(revokedDir, { recursive: true });
-    // Read existing meta, add revocation info
-    let meta = {
-        fingerprint: "",
-        createdAt: new Date().toISOString(),
-    };
-    if (existsSync(metaPath)) {
-        meta = JSON.parse(readFileSync(metaPath, "utf-8"));
-    }
-    meta.revokedAt = new Date().toISOString();
-    meta.revokeReason = reason;
-    // Move to revoked
-    writeFileSync(join(revokedDir, `${branchId}.meta.json`), JSON.stringify(meta, null, 2), "utf-8");
-    // Remove from active registry
-    try {
-        unlinkSync(pubPath);
-        if (existsSync(metaPath))
-            unlinkSync(metaPath);
-    }
-    catch {
-        // Best effort cleanup
-    }
-}
-/**
- * Check if a branch key is revoked.
- */
-export function isRevoked(branchId) {
-    const dir = getRegistryDir();
-    return existsSync(join(dir, "revoked", `${branchId}.meta.json`));
-}
-/**
- * Check if a branch key is expired.
- */
-export function isExpired(meta) {
-    if (!meta.expiresAt)
-        return false;
-    return new Date(meta.expiresAt) < new Date();
-}
-/**
- * List all registered (non-revoked) branches.
- */
-export function listBranches() {
-    const dir = getRegistryDir();
-    if (!existsSync(dir))
-        return [];
-    const files = readdirSync(dir);
-    return files
-        .filter((f) => f.endsWith(".pub") && !f.includes(".x25519."))
-        .map((f) => {
-        const branchId = f.replace(/\.pub$/, "");
-        return lookupBranch(branchId);
-    })
-        .filter((r) => r !== null);
-}
-//# sourceMappingURL=identity.js.map

package/dist/src/utils/identity.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../../src/utils/identity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EACL,UAAU,EACV,SAAS,EACT,YAAY,EACZ,aAAa,EACb,SAAS,EACT,QAAQ,EACR,WAAW,EACX,UAAU,GACX,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,IAAI,EAAW,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAE5C,gEAAgE;AAChE,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AACxC,MAAM,CAAC,MAAM,GAAG,CAAC,OAAmB,EAAE,EAAE;IACtC,OAAO,IAAI,UAAU,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AACvE,CAAC,CAAC;AAkCF;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,SAAqB;IAC/C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC9D,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAgB;IACpD,MAAM,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;IACrD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC9C,uBAAuB;IACvB,MAAM,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC;IACjB,MAAM,CAAC,EAAE,CAAC,IAAI,GAAG,CAAC;IAClB,MAAM,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;IACjB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,OAE/B;IACC,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAE7C,0BAA0B;IAC1B,MAAM,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IAEvC,qDAAqD;IACrD,MAAM,QAAQ,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,OAAO,GAAG,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IAE9C,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,EAAE,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IAEjC,OAAO;QACL,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE;QAClD,UAAU,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE;QACxD,IAAI;QACJ,WAAW,EAAE,EAAE;QACf,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE;QAC5B,SAAS,EAAE,OAAO,EAAE,SAAS;YAC3B,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;YAC3D,CAAC,CAAC,SAAS;QACb,kBAAkB;QAClB,SAAS,EAAE,QAAQ;QACnB,UAAU,EAAE,IAAI;KACjB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,IAAI,CAAC,OAAmB,EAAE,UAAsB;IAC9D,OAAO,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,MAAM,CACpB,OAAmB,EACnB,SAAqB,EACrB,SAAqB;IAErB,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,6BAA6B;AAE7B,SAAS,cAAc;IACrB,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,gBAAgB;QAC5B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,CACxD,CAAC;AACJ,CAAC;AAED,SAAS,cAAc;IACrB,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,gBAAgB;QAC5B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,CACxD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW,CACzB,OAAmB,EACnB,GAAW,EACX,SAAiB,MAAM;IAEvB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEpC,2DAA2D;IAC3D,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,OAAO,CAAC,CAAC;IAC7C,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IACnD,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAE3B,uBAAuB;IACvB,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,MAAM,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,MAAM,CAAC,CAAC;IAC3C,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;IAChE,SAAS,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC1B,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;IAE/D,yBAAyB;IACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,aAAa,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,aAAa,CAAC,CAAC;IACnD,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;IACpE,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAC3B,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;IAEnE,iBAAiB;IACjB,MAAM,IAAI,GAAY;QACpB,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;KAC7B,CAAC;IACF,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,YAAY,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;AAC1F,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW,EAAE,SAAiB,MAAM;IAC9D,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,MAAM,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,MAAM,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,YAAY,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,OAAO,CAAC,CAAC;IAE7C,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACjD,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,IAAI,MAAM,IAAI,CAAC,CAAC;IAC5D,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;IACxD,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;IAEvD,IAAI,IAAI,GAAY;QAClB,WAAW,EAAE,WAAW,CAAC,QAAQ,CAAC;QAClC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IACF,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,6BAA6B;IAC7B,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC;QAC/B,CAAC,CAAC,IAAI,UAAU,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QACxC,CAAC,CAAC,SAAS,CAAC,CAAC,qDAAqD;IAEpE,MAAM,QAAQ,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,aAAa,CAAC,CAAC;IACnD,MAAM,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC;QAClC,CAAC,CAAC,IAAI,UAAU,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QACxC,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IAElC,OAAO;QACL,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE;QACvD,UAAU,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE;QACxD,IAAI;QACJ,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,SAAS,EAAE,QAAQ;QACnB,UAAU,EAAE,SAAS;KACtB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAe;IACjD,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,EAAE,CAAC,IAAI,GAAG,KAAK,CAAC;QAC7B,iCAAiC;QACjC,OAAO,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,oCAAoC;AAEpC;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAGhC;IACC,MAAM,GAAG,GAAG,cAAc,EAAE,CAAC;IAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IAEtC,IAAI,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC;QAC3C,OAAO,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAClC,CAAC;IAED,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;IAC9D,WAAW,CAAC,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;IAC7B,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,GAAG,GAAG,cAAc,EAAE,CAAC;IAC7B,OAAO,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,MAAM,YAAY,GAAG,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;IACrD,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,EAAE,EAAE,gBAAgB,CAAC,CAAC;IAC1D,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;YACzD,OAAO,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,MAAM,IAAI,YAAY,EAAE,CAAC,CAAC;QAC1D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,YAAY,EAAE,CAAC;QACxB,CAAC;IACH,CAAC;IACD,OAAO,YAAY,EAAE,CAAC;AACxB,CAAC;AAWD;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAC5B,QAAgB,EAChB,SAAqB,EACrB,IAAuB,EACvB,aAA0B;IAE1B,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CACb,uBAAuB,QAAQ,qDAAqD,CACrF,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,cAAc,EAAE,CAAC;IAC7B,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEpC,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IAClC,MAAM,QAAQ,GAAY;QACxB,WAAW,EAAE,EAAE;QACf,SAAS,EAAE,IAAI,EAAE,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACtD,SAAS,EAAE,IAAI,EAAE,SAAS;QAC1B,KAAK,EAAE,IAAI,EAAE,KAAK,IAAI,UAAU;KACjC,CAAC;IAEF,6BAA6B;IAC7B,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,MAAM,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IAEpE,6CAA6C;IAC7C,IAAI,aAAa,EAAE,CAAC;QAClB,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,aAAa,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;IACjF,CAAC;IAED,aAAa,CACX,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,YAAY,CAAC,EAClC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EACjC,OAAO,CACR,CAAC;IAEF,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IACpD,MAAM,GAAG,GAAG,cAAc,EAAE,CAAC;IAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,MAAM,CAAC,CAAC;IAE7C,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAEtC,mBAAmB;IACnB,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,QAAQ,YAAY,CAAC,CAAC;IAClE,IAAI,UAAU,CAAC,WAAW,CAAC;QAAE,OAAO,IAAI,CAAC;IAEzC,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;IACxD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,YAAY,CAAC,CAAC;IACpD,IAAI,IAAI,GAAY;QAClB,WAAW,EAAE,WAAW,CAAC,SAAS,CAAC;QACnC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IACF,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,iDAAiD;IACjD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,aAAa,CAAC,CAAC;IACrD,MAAM,aAAa,GAAG,UAAU,CAAC,QAAQ,CAAC;QACxC,CAAC,CAAC,IAAI,UAAU,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QACxC,CAAC,CAAC,SAAS,CAAC;IAEd,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;AACtD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,MAAc;IAC3D,MAAM,GAAG,GAAG,cAAc,EAAE,CAAC;IAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,MAAM,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,YAAY,CAAC,CAAC;IAEpD,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IACxC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE3C,0CAA0C;IAC1C,IAAI,IAAI,GAAY;QAClB,WAAW,EAAE,EAAE;QACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IACF,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IACrD,CAAC;IACD,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC1C,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC;IAE3B,kBAAkB;IAClB,aAAa,CACX,IAAI,CAAC,UAAU,EAAE,GAAG,QAAQ,YAAY,CAAC,EACzC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAC7B,OAAO,CACR,CAAC;IAEF,8BAA8B;IAC9B,IAAI,CAAC;QACH,UAAU,CAAC,OAAO,CAAC,CAAC;QACpB,IAAI,UAAU,CAAC,QAAQ,CAAC;YAAE,UAAU,CAAC,QAAQ,CAAC,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,sBAAsB;IACxB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,QAAgB;IACxC,MAAM,GAAG,GAAG,cAAc,EAAE,CAAC;IAC7B,OAAO,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,QAAQ,YAAY,CAAC,CAAC,CAAC;AACnE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,IAAa;IACrC,IAAI,CAAC,IAAI,CAAC,SAAS;QAAE,OAAO,KAAK,CAAC;IAClC,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY;IAC1B,MAAM,GAAG,GAAG,cAAc,EAAE,CAAC;IAC7B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,EAAE,CAAC;IAEhC,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAa,CAAC;IAE3C,OAAO,KAAK;SACT,MAAM,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;SACpE,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE;QACjB,MAAM,QAAQ,GAAG,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACzC,OAAO,YAAY,CAAC,QAAQ,CAAC,CAAC;IAChC,CAAC,CAAC;SACD,MAAM,CAAC,CAAC,CAAuB,EAAsB,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;AACzE,CAAC"}

package/dist/src/utils/internal-mail.d.ts

@@ -1,18 +0,0 @@
-export interface InternalMessage {
-    id: string;
-    from: string;
-    to: string;
-    body: string;
-    timestamp: string;
-    read: boolean;
-}
-export declare function internalMailRoot(officeDir: string): string;
-export declare function getInternalInbox(officeDir: string, agent: string): {
-    root: string;
-    tmp: string;
-    fresh: string;
-    cur: string;
-};
-export declare function sendInternalMessage(officeDir: string, from: string, to: string, body: string): InternalMessage;
-export declare function checkInternalMessages(officeDir: string, agent: string): InternalMessage[];
-//# sourceMappingURL=internal-mail.d.ts.map

package/dist/src/utils/internal-mail.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"internal-mail.d.ts","sourceRoot":"","sources":["../../../src/utils/internal-mail.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,OAAO,CAAC;CACf;AAUD,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAK1D;AAED,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAY5H;AAID,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,eAAe,CAoB9G;AAED,wBAAgB,qBAAqB,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,eAAe,EAAE,CAmBzF"}

package/dist/src/utils/internal-mail.js

@@ -1,75 +0,0 @@
-import { mkdirSync, readFileSync, readdirSync, renameSync, writeFileSync } from "node:fs";
-import { join, resolve, sep } from "node:path";
-import { homedir } from "node:os";
-import { randomUUID } from "node:crypto";
-import { sanitizeIdentifier } from "../schema/sanitizer.js";
-function assertOfficeDir(officeDir) {
-    const resolved = resolve(officeDir);
-    const root = resolve(join(process.env.HOME || homedir(), ".tps", "branch-office"));
-    if (!resolved.startsWith(root + sep) && resolved !== root) {
-        throw new Error(`Office directory out of bounds: ${officeDir}`);
-    }
-}
-export function internalMailRoot(officeDir) {
-    assertOfficeDir(officeDir);
-    const dir = join(officeDir, "mail", "internal");
-    mkdirSync(dir, { recursive: true });
-    return dir;
-}
-export function getInternalInbox(officeDir, agent) {
-    assertOfficeDir(officeDir);
-    const safe = sanitizeIdentifier(agent);
-    if (!agent || safe !== agent)
-        throw new Error(`Invalid agent id: ${agent}`);
-    const root = join(internalMailRoot(officeDir), agent);
-    const tmp = join(root, "tmp");
-    const fresh = join(root, "new");
-    const cur = join(root, "cur");
-    mkdirSync(tmp, { recursive: true });
-    mkdirSync(fresh, { recursive: true });
-    mkdirSync(cur, { recursive: true });
-    return { root, tmp, fresh, cur };
-}
-const MAX_BODY_BYTES = 64 * 1024;
-export function sendInternalMessage(officeDir, from, to, body) {
-    assertOfficeDir(officeDir);
-    const safeFrom = sanitizeIdentifier(from);
-    const safeTo = sanitizeIdentifier(to);
-    if (!from || safeFrom !== from)
-        throw new Error(`Invalid agent id: ${from}`);
-    if (!to || safeTo !== to)
-        throw new Error(`Invalid agent id: ${to}`);
-    if (body.includes("\u0000"))
-        throw new Error("Message body contains invalid null byte.");
-    if (Buffer.byteLength(body, "utf8") > MAX_BODY_BYTES)
-        throw new Error("Message body exceeds maximum size (64KB).");
-    const inbox = getInternalInbox(officeDir, to);
-    const timestamp = new Date().toISOString();
-    const id = randomUUID();
-    const message = { id, from, to, body, timestamp, read: false };
-    const safeTs = timestamp.replace(/[:.]/g, "-");
-    const filename = `${safeTs}-${id}.json`;
-    writeFileSync(join(inbox.tmp, filename), JSON.stringify(message, null, 2), "utf-8");
-    renameSync(join(inbox.tmp, filename), join(inbox.fresh, filename));
-    return message;
-}
-export function checkInternalMessages(officeDir, agent) {
-    assertOfficeDir(officeDir);
-    const safe = sanitizeIdentifier(agent);
-    if (!agent || safe !== agent)
-        throw new Error(`Invalid agent id: ${agent}`);
-    const inbox = getInternalInbox(officeDir, agent);
-    const files = readdirSync(inbox.fresh).filter((f) => f.endsWith(".json"));
-    const messages = [];
-    for (const f of files) {
-        const fromPath = join(inbox.fresh, f);
-        const toPath = join(inbox.cur, f);
-        renameSync(fromPath, toPath);
-        const raw = readFileSync(toPath, "utf-8");
-        const msg = JSON.parse(raw);
-        msg.read = true;
-        messages.push(msg);
-    }
-    return messages.sort((a, b) => (a.timestamp < b.timestamp ? 1 : -1));
-}
-//# sourceMappingURL=internal-mail.js.map

package/dist/src/utils/internal-mail.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"internal-mail.js","sourceRoot":"","sources":["../../../src/utils/internal-mail.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,SAAS,EAAE,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACtG,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AAC/C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAW5D,SAAS,eAAe,CAAC,SAAiB;IACxC,MAAM,QAAQ,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IACpC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,EAAE,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC;IACnF,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,GAAG,GAAG,CAAC,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,mCAAmC,SAAS,EAAE,CAAC,CAAC;IAClE,CAAC;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,SAAiB;IAChD,eAAe,CAAC,SAAS,CAAC,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IAChD,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpC,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,SAAiB,EAAE,KAAa;IAC/D,eAAe,CAAC,SAAS,CAAC,CAAC;IAC3B,MAAM,IAAI,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,KAAK,IAAI,IAAI,KAAK,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,KAAK,EAAE,CAAC,CAAC;IAC5E,MAAM,IAAI,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,EAAE,KAAK,CAAC,CAAC;IACtD,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAChC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC9B,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpC,SAAS,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpC,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;AACnC,CAAC;AAED,MAAM,cAAc,GAAG,EAAE,GAAG,IAAI,CAAC;AAEjC,MAAM,UAAU,mBAAmB,CAAC,SAAiB,EAAE,IAAY,EAAE,EAAU,EAAE,IAAY;IAC3F,eAAe,CAAC,SAAS,CAAC,CAAC;IAC3B,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,kBAAkB,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,CAAC,IAAI,IAAI,QAAQ,KAAK,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC;IAC7E,IAAI,CAAC,EAAE,IAAI,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAC;IACrE,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IACzF,IAAI,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,cAAc;QAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAEnH,MAAM,KAAK,GAAG,gBAAgB,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;IACxB,MAAM,OAAO,GAAoB,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IAEhF,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAC/C,MAAM,QAAQ,GAAG,GAAG,MAAM,IAAI,EAAE,OAAO,CAAC;IACxC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACpF,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;IAEnE,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,SAAiB,EAAE,KAAa;IACpE,eAAe,CAAC,SAAS,CAAC,CAAC;IAC3B,MAAM,IAAI,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,KAAK,IAAI,IAAI,KAAK,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,KAAK,EAAE,CAAC,CAAC;IAC5E,MAAM,KAAK,GAAG,gBAAgB,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1E,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAClC,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC7B,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,CAAC;QAC/C,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;QAChB,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACrB,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACvE,CAAC"}

package/dist/src/utils/loop-detector.d.ts

@@ -1,27 +0,0 @@
-export interface LoopDetectorOptions {
-    /** Max duplicate messages before triggering. Default: 3 */
-    threshold?: number;
-    /** Time window in ms. Default: 300_000 (5 min) */
-    windowMs?: number;
-}
-export declare class LoopDetector {
-    private history;
-    private readonly threshold;
-    private readonly windowMs;
-    constructor(opts?: LoopDetectorOptions);
-    /** Hash a message body (SHA-256, first 16 hex chars) */
-    private hash;
-    /** Prune entries outside the time window */
-    private prune;
-    /**
-     * Check if a message body is a duplicate.
-     * Returns true if this message should be PAUSED (loop detected).
-     * Always records the hash regardless of result.
-     */
-    check(body: string): boolean;
-    /** Reset all history (e.g., after manual intervention) */
-    reset(): void;
-    /** Get current duplicate count for a body */
-    duplicateCount(body: string): number;
-}
-//# sourceMappingURL=loop-detector.d.ts.map

package/dist/src/utils/loop-detector.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"loop-detector.d.ts","sourceRoot":"","sources":["../../../src/utils/loop-detector.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,mBAAmB;IAClC,2DAA2D;IAC3D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,kDAAkD;IAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAOD,qBAAa,YAAY;IACvB,OAAO,CAAC,OAAO,CAAmB;IAClC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;gBAEtB,IAAI,GAAE,mBAAwB;IAK1C,wDAAwD;IACxD,OAAO,CAAC,IAAI;IAIZ,4CAA4C;IAC5C,OAAO,CAAC,KAAK;IAKb;;;;OAIG;IACH,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAQ5B,0DAA0D;IAC1D,KAAK,IAAI,IAAI;IAIb,6CAA6C;IAC7C,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;CAKrC"}

package/dist/src/utils/loop-detector.js

@@ -1,42 +0,0 @@
-import { createHash } from "node:crypto";
-export class LoopDetector {
-    history = [];
-    threshold;
-    windowMs;
-    constructor(opts = {}) {
-        this.threshold = opts.threshold ?? 3;
-        this.windowMs = opts.windowMs ?? 300_000;
-    }
-    /** Hash a message body (SHA-256, first 16 hex chars) */
-    hash(body) {
-        return createHash("sha256").update(body).digest("hex").slice(0, 16);
-    }
-    /** Prune entries outside the time window */
-    prune() {
-        const cutoff = Date.now() - this.windowMs;
-        this.history = this.history.filter((e) => e.timestamp > cutoff);
-    }
-    /**
-     * Check if a message body is a duplicate.
-     * Returns true if this message should be PAUSED (loop detected).
-     * Always records the hash regardless of result.
-     */
-    check(body) {
-        this.prune();
-        const h = this.hash(body);
-        this.history.push({ hash: h, timestamp: Date.now() });
-        const count = this.history.filter((e) => e.hash === h).length;
-        return count >= this.threshold;
-    }
-    /** Reset all history (e.g., after manual intervention) */
-    reset() {
-        this.history = [];
-    }
-    /** Get current duplicate count for a body */
-    duplicateCount(body) {
-        this.prune();
-        const h = this.hash(body);
-        return this.history.filter((e) => e.hash === h).length;
-    }
-}
-//# sourceMappingURL=loop-detector.js.map

package/dist/src/utils/loop-detector.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"loop-detector.js","sourceRoot":"","sources":["../../../src/utils/loop-detector.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAczC,MAAM,OAAO,YAAY;IACf,OAAO,GAAgB,EAAE,CAAC;IACjB,SAAS,CAAS;IAClB,QAAQ,CAAS;IAElC,YAAY,OAA4B,EAAE;QACxC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,CAAC,CAAC;QACrC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC;IAC3C,CAAC;IAED,wDAAwD;IAChD,IAAI,CAAC,IAAY;QACvB,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,4CAA4C;IACpC,KAAK;QACX,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC1C,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,MAAM,CAAC,CAAC;IAClE,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,IAAY;QAChB,IAAI,CAAC,KAAK,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;QAC9D,OAAO,KAAK,IAAI,IAAI,CAAC,SAAS,CAAC;IACjC,CAAC;IAED,0DAA0D;IAC1D,KAAK;QACH,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;IACpB,CAAC;IAED,6CAA6C;IAC7C,cAAc,CAAC,IAAY;QACzB,IAAI,CAAC,KAAK,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;IACzD,CAAC;CACF"}

package/dist/src/utils/mail-handler.d.ts

@@ -1,19 +0,0 @@
-import type { AgentManifest } from "./manifest.js";
-export interface HandlerAction {
-    type: "reply" | "forward" | "drop" | "inbox";
-    body?: string;
-    to?: string;
-}
-export interface MailMessage {
-    id: string;
-    from: string;
-    to: string;
-    body: string;
-    timestamp: string;
-}
-/**
- * Runs the mail handler pipeline for an incoming message.
- * Iterates through manifests in priority order (assumed sorted from discoverManifests).
- */
-export declare function runHandlerPipeline(msg: MailMessage, manifests: AgentManifest[], registeredAgents: string[]): Promise<HandlerAction>;
-//# sourceMappingURL=mail-handler.d.ts.map

package/dist/src/utils/mail-handler.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"mail-handler.d.ts","sourceRoot":"","sources":["../../../src/utils/mail-handler.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAGnD,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,OAAO,CAAC;IAC7C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,EAAE,CAAC,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,WAAW,EAChB,SAAS,EAAE,aAAa,EAAE,EAC1B,gBAAgB,EAAE,MAAM,EAAE,GACzB,OAAO,CAAC,aAAa,CAAC,CA+FxB"}

package/dist/src/utils/mail-handler.js

@@ -1,94 +0,0 @@
-import { spawnSync } from "node:child_process";
-import { matchesFilter } from "./manifest.js";
-/**
- * Runs the mail handler pipeline for an incoming message.
- * Iterates through manifests in priority order (assumed sorted from discoverManifests).
- */
-export async function runHandlerPipeline(msg, manifests, registeredAgents) {
-    const enabledManifests = manifests.filter((m) => m.capabilities?.mail_handler?.enabled !== false);
-    for (const manifest of enabledManifests) {
-        if (!matchesFilter(manifest, msg)) {
-            continue;
-        }
-        const handler = manifest.capabilities?.mail_handler;
-        const bodyToTest = msg.body.trim().slice(0, 1024);
-        // 1. Check routing rules first
-        if (manifest.routing) {
-            for (const rule of manifest.routing) {
-                try {
-                    const re = new RegExp(rule.pattern);
-                    if (re.test(bodyToTest)) {
-                        return { type: "forward", to: rule.to, body: msg.body };
-                    }
-                }
-                catch (err) {
-                    // Skip invalid regex
-                }
-            }
-        }
-        // 2. Run exec handler if it exists
-        if (handler?.exec) {
-            const env = {
-                ...process.env,
-                MAIL_ID: msg.id,
-                MAIL_FROM: msg.from,
-                MAIL_TO: msg.to,
-                MAIL_TIMESTAMP: msg.timestamp,
-                TPS_AGENT_NAME: manifest.name,
-            };
-            if (handler.needs_roster) {
-                env.TPS_REGISTERED_AGENTS = JSON.stringify(registeredAgents);
-            }
-            const timeoutMs = (handler.timeout || 30) * 1000;
-            try {
-                const result = spawnSync(handler.exec, [], {
-                    input: msg.body,
-                    env,
-                    timeout: timeoutMs,
-                    encoding: "utf8",
-                    shell: false,
-                    cwd: manifest.agentDir,
-                });
-                if (result.error) {
-                    console.error("[HANDLER] spawnSync error:", result.error);
-                    continue;
-                }
-                if (result.status === 0) {
-                    const stdout = result.stdout?.trim() || "";
-                    if (!stdout) {
-                        return { type: "drop" };
-                    }
-                    try {
-                        const json = JSON.parse(stdout);
-                        if (json && typeof json === "object" && json.action) {
-                            return {
-                                type: json.action,
-                                body: json.body,
-                                to: json.to,
-                            };
-                        }
-                    }
-                    catch (e) {
-                        // Not JSON, treat as plain text reply
-                    }
-                    return { type: "reply", body: stdout, to: msg.from };
-                }
-                else if (result.status === 1) {
-                    // Exit 1: continue to next manifest
-                    continue;
-                }
-                else {
-                    // Exit 2+: error, log and continue
-                    console.error(`[HANDLER] error: ${manifest.name} exited with ${result.status}`);
-                    continue;
-                }
-            }
-            catch (err) {
-                console.error(`[HANDLER] exception running ${manifest.name}:`, err);
-                continue;
-            }
-        }
-    }
-    return { type: "inbox" };
-}
-//# sourceMappingURL=mail-handler.js.map