@tt-a1i/hive 1.7.0 → 2.0.2

package/dist/src/server/machine-name.d.ts

@@ -0,0 +1,2 @@
+export declare function cleanMachineName(raw: string): string | null;
+export declare function getMachineName(): string | null;

package/dist/src/server/machine-name.js

@@ -0,0 +1,13 @@
+import { hostname } from 'node:os';
+const MAX_LEN = 64;
+// Trim surrounding whitespace, strip a trailing '.local' suffix (common on macOS),
+// and cap at 64 chars. Returns null if the result is empty.
+export function cleanMachineName(raw) {
+    const cleaned = raw.trim().replace(/\.local$/i, '');
+    if (cleaned.length === 0)
+        return null;
+    return cleaned.slice(0, MAX_LEN);
+}
+export function getMachineName() {
+    return cleanMachineName(hostname());
+}

package/dist/src/server/open-target-commands.d.ts

@@ -6,6 +6,7 @@ export declare const resolveOpenTargetPlatform: (platform: NodeJS.Platform) => O
 export interface OpenAttempt {
     command: string;
     args: string[];
+    options?: ExecFileOptions;
 }
 /**
  * Returns the ordered list of commands to try. First success wins; remaining

package/dist/src/server/open-target-commands.js

@@ -58,6 +58,7 @@ const linuxAttempts = (targetId, path) => {
 const cmdExeShimAttempt = (bin, path) => ({
     command: 'cmd.exe',
     args: ['/d', '/s', '/c', buildCmdCallCommand(bin, [path])],
+    options: { windowsHide: true },
 });
 const windowsAttempts = (targetId, path) => {
     switch (targetId) {
@@ -123,6 +124,8 @@ const APP_NOT_INSTALLED_PATTERNS = [
 const classifyFailure = (result) => {
     if (result.spawnError?.code === 'ENOENT')
         return 'command-not-in-path';
+    if (result.status === 9009)
+        return 'app-not-installed';
     const stderr = result.stderr.toLowerCase();
     if (APP_NOT_INSTALLED_PATTERNS.some((re) => re.test(stderr)))
         return 'app-not-installed';
@@ -168,7 +171,7 @@ export const openWorkspace = async (input, options = {}) => {
     const attempts = buildOpenAttempts(input.targetId, input.path, platform);
     let lastFailure = null;
     for (const attempt of attempts) {
-        const result = await run(attempt.command, attempt.args, {});
+        const result = await run(attempt.command, attempt.args, attempt.options ?? {});
         // Windows `explorer.exe` returns exit code 1 even on success — checking
         // exit code here would surface a spurious error to the user on every
         // File Explorer open. spawnError still catches the "explorer not on PATH"

package/dist/src/server/orchestrator-autostart.js

@@ -4,7 +4,7 @@ import { getStartupCommandExecutable } from './startup-command-parser.js';
 // "command not found" then dies with exit 127 (POSIX) or 9009 (Windows)
 // — typically <100ms in practice. 800ms balances reliability vs the perceived
 // workspace-create latency cost.
-const SETTLE_WAIT_MS = 800;
+const SETTLE_WAIT_MS = process.platform === 'win32' ? 2000 : 800;
 const POLL_INTERVAL_MS = 25;
 // Shells emit a "command not found" exit code when the requested binary is
 // missing on PATH. node-pty does NOT raise a synchronous spawn error for that

package/dist/src/server/platform-path.d.ts

@@ -1,3 +1,4 @@
+export declare const expandHomePath: (path: string) => string;
 export declare const arePathsEqual: (left: string, right: string, platform?: NodeJS.Platform) => boolean;
 export declare const containsPathMarker: (haystack: string, marker: string, platform?: NodeJS.Platform) => boolean;
 export declare const indexOfPathMarker: (haystack: string, marker: string, platform?: NodeJS.Platform) => number;

package/dist/src/server/platform-path.js

@@ -1,5 +1,18 @@
+import { homedir } from 'node:os';
+import { join } from 'node:path';
 const toForwardSlashes = (path) => path.replace(/\\/g, '/');
 const normalizeForWin32 = (path) => toForwardSlashes(path).toLowerCase();
+export const expandHomePath = (path) => {
+    if (path === '~')
+        return homedir();
+    const match = /^~[\\/](.*)$/u.exec(path);
+    if (!match)
+        return path;
+    const rest = match[1] ?? '';
+    if (!rest)
+        return homedir();
+    return join(homedir(), ...rest.split(/[\\/]+/u).filter(Boolean));
+};
 export const arePathsEqual = (left, right, platform = process.platform) => {
     if (platform === 'win32')
         return normalizeForWin32(left) === normalizeForWin32(right);
@@ -8,6 +21,6 @@ export const arePathsEqual = (left, right, platform = process.platform) => {
 export const containsPathMarker = (haystack, marker, platform = process.platform) => indexOfPathMarker(haystack, marker, platform) !== -1;
 export const indexOfPathMarker = (haystack, marker, platform = process.platform) => {
     if (platform === 'win32')
-        return toForwardSlashes(haystack).indexOf(marker);
+        return normalizeForWin32(haystack).indexOf(normalizeForWin32(marker));
     return haystack.indexOf(marker);
 };

package/dist/src/server/post-start-input-writer.js

@@ -1,5 +1,5 @@
+import { BUILTIN_INTERACTIVE_COMMANDS } from './command-preset-defaults.js';
 import { normalizeExecutableToken } from './startup-command-parser.js';
-const INTERACTIVE_COMMANDS = new Set(['claude', 'codex', 'gemini', 'hermes', 'opencode']);
 const READY_CHECK_INTERVAL_MS = 50;
 const READY_TIMEOUT_MS = 3000;
 const MIN_SUBMIT_AFTER_PASTE_DELAY_MS = 600;
@@ -19,25 +19,57 @@ const CODEX_PASTE_ACK_TIMEOUT_MS = 10000;
 // timeout before Enter is sent.
 const CODEX_PASTE_ACK_MIN_CHARS = 2000;
 const CODEX_SUBMIT_RETRY_DELAY_MS = 500;
-const COMMANDS_WITH_BRACKETED_PASTE = new Set(['claude', 'codex', 'hermes', 'opencode']);
+const GROK_SUBMIT_AFTER_PASTE_DELAY_MS = 100;
+const COMMANDS_WITH_BRACKETED_PASTE = new Set([
+    'agy',
+    'claude',
+    'codex',
+    'grok',
+    'hermes',
+    'opencode',
+]);
 const COMMANDS_WAITING_FOR_PASTE_ACK = new Set(['claude', 'codex']);
 const BRACKETED_PASTE_END = '\u001b[201~';
 const PASTE_ACK_PATTERN = /(?:^|[\r\n])\s*(?:[❯›]\s*)?\[(?:Pasted text #\d+[^\]]*|Pasted Content [\d,]+ chars)\]/u;
 const PASTE_ACK_ONLY_DELTA_PATTERN = /^[\s\r\n]*(?:[❯›]\s*)?\[(?:Pasted text #\d+[^\]]*|Pasted Content [\d,]+ chars)\]\s*(?:[❯›]\s*)?$/u;
+const ESCAPE = String.fromCharCode(27);
+const BELL = String.fromCharCode(7);
+const TERMINAL_CONTROL_PATTERN = new RegExp(`${ESCAPE}\\[[0-?]*[ -/]*[@-~]|${ESCAPE}\\][^${BELL}${ESCAPE}]*(?:${BELL}|${ESCAPE}\\\\)`, 'gu');
 export const toBracketedPasteSubmission = (text) => `\u001b[200~${text}\u001b[201~`;
 const toError = (error) => (error instanceof Error ? error : new Error(String(error)));
 const createRunInactiveError = (runId) => new Error(`Run became inactive before input was submitted: ${runId}`);
-const getSubmitAfterPasteDelayMs = (text) => Math.min(MAX_SUBMIT_AFTER_PASTE_DELAY_MS, Math.max(MIN_SUBMIT_AFTER_PASTE_DELAY_MS, Math.ceil(text.length / PASTE_CHARS_PER_DELAY_MS)));
+const getSubmitAfterPasteDelayMs = (command, text) => {
+    if (getCommandName(command) === 'grok')
+        return GROK_SUBMIT_AFTER_PASTE_DELAY_MS;
+    return Math.min(MAX_SUBMIT_AFTER_PASTE_DELAY_MS, Math.max(MIN_SUBMIT_AFTER_PASTE_DELAY_MS, Math.ceil(text.length / PASTE_CHARS_PER_DELAY_MS)));
+};
+const getCommandName = (command) => normalizeExecutableToken(command) ?? '';
 export const isInteractiveAgentCommand = (command) => {
     const brand = normalizeExecutableToken(command);
-    return brand !== null && INTERACTIVE_COMMANDS.has(brand);
+    return brand !== null && BUILTIN_INTERACTIVE_COMMANDS.has(brand);
 };
-const getCommandName = (command) => normalizeExecutableToken(command) ?? '';
 const hasGeminiPromptReady = (output) => /\bType your message\b/u.test(output);
+const hasOpencodePromptReady = (output) => /\bAsk anything\.\.\./u.test(output);
+const hasGrokPromptReady = (output) => /\b(?:Enter:send|Composer\s+\S+)/u.test(output);
+const getPlainTerminalOutput = (output) => output.replace(/\r/g, '\n').replace(TERMINAL_CONTROL_PATTERN, '');
+const hasAgyPromptReady = (output) => /(?:^|\n)\s*>\s*\n\s*(?:[─-]{8,}|\?\s*for shortcuts)/u.test(getPlainTerminalOutput(output));
+const getLastNonEmptyTerminalLine = (output) => {
+    const normalized = getPlainTerminalOutput(output);
+    for (const line of normalized.split('\n').reverse()) {
+        if (line.trim().length > 0)
+            return line.trim();
+    }
+    return '';
+};
+const hasBarePromptLine = (output) => /^[❯›]$/u.test(getLastNonEmptyTerminalLine(output));
+const hasCodexChoicePrompt = (output, command) => getCommandName(command) === 'codex' && /^[❯›]\s+\S/u.test(getLastNonEmptyTerminalLine(output));
 export const hasInteractivePromptReady = (output, command = '') => {
     const commandName = getCommandName(command);
-    return (/(?:^|[\r\n])\s*[❯›]\s*/u.test(output) ||
-        (commandName === 'gemini' && hasGeminiPromptReady(output)));
+    return (hasBarePromptLine(output) ||
+        (commandName === 'agy' && hasAgyPromptReady(output)) ||
+        (commandName === 'grok' && hasGrokPromptReady(output)) ||
+        ((commandName === 'gemini' || commandName === 'qwen') && hasGeminiPromptReady(output)) ||
+        (commandName === 'opencode' && hasOpencodePromptReady(output)));
 };
 export const hasBracketedPasteAcknowledgement = (output, baselineLength) => {
     const outputAfterPaste = output.slice(baselineLength);
@@ -58,7 +90,10 @@ const retriesSubmit = (command) => getCommandName(command) === 'codex';
 const getPasteAckSettleDelayMs = (command) => getCommandName(command) === 'codex' ? CODEX_PASTE_ACK_SETTLE_DELAY_MS : PASTE_ACK_SETTLE_DELAY_MS;
 const getPasteAckTimeoutMs = (command) => getCommandName(command) === 'codex' ? CODEX_PASTE_ACK_TIMEOUT_MS : PASTE_ACK_TIMEOUT_MS;
 const usesBracketedPaste = (command) => COMMANDS_WITH_BRACKETED_PASTE.has(getCommandName(command));
-const canTimeoutBeforePromptReady = (command) => getCommandName(command) !== 'gemini';
+const canTimeoutBeforePromptReady = (command) => {
+    const commandName = getCommandName(command);
+    return commandName !== 'agy' && commandName !== 'gemini';
+};
 const isWritableRunStatus = (status) => status === undefined || status === 'starting' || status === 'running';
 const writeIfRunWritable = (agentManager, runId, text) => {
     let run;
@@ -73,9 +108,9 @@ const writeIfRunWritable = (agentManager, runId, text) => {
     agentManager.writeInput(runId, text);
     return true;
 };
-const submitPastedInteractiveInput = (agentManager, runId, text, baselineLength, waitForPasteAck, pasteAckSettleDelayMs, pasteAckTimeoutMs, retrySubmit, onDone, onError) => {
+const submitPastedInteractiveInput = (agentManager, runId, command, text, baselineLength, waitForPasteAck, pasteAckSettleDelayMs, pasteAckTimeoutMs, retrySubmit, onDone, onError) => {
     const pastedAt = Date.now();
-    const minDelay = getSubmitAfterPasteDelayMs(text);
+    const minDelay = getSubmitAfterPasteDelayMs(command, text);
     let acknowledgedAt = null;
     const getWritableOutput = () => {
         try {
@@ -164,7 +199,7 @@ export const createPostStartInputWriter = (agentManager, command) => {
         return (runId, text) => {
             // Synchronous write; an EPIPE/inactive failure still throws synchronously
             // (before the promise is returned), preserving the dispatcher's contract.
-            if (!writeIfRunWritable(agentManager, runId, `${text}\n`)) {
+            if (!writeIfRunWritable(agentManager, runId, `${text}\r`)) {
                 throw createRunInactiveError(runId);
             }
             return Promise.resolve();
@@ -194,7 +229,9 @@ export const createPostStartInputWriter = (agentManager, command) => {
                 return;
             }
             if (hasInteractivePromptReady(output, command) ||
-                (canTimeoutBeforePromptReady(command) && Date.now() - startedAt >= READY_TIMEOUT_MS)) {
+                (!hasCodexChoicePrompt(output, command) &&
+                    canTimeoutBeforePromptReady(command) &&
+                    Date.now() - startedAt >= READY_TIMEOUT_MS)) {
                 const baselineLength = output.length;
                 const input = usesBracketedPaste(command) ? toBracketedPasteSubmission(text) : text;
                 try {
@@ -209,7 +246,7 @@ export const createPostStartInputWriter = (agentManager, command) => {
                     rejectDone(toError(error));
                     return;
                 }
-                submitPastedInteractiveInput(agentManager, runId, text, baselineLength, shouldWaitForPasteAck(command, text), getPasteAckSettleDelayMs(command), getPasteAckTimeoutMs(command), retriesSubmit(command), resolveDone, rejectDone);
+                submitPastedInteractiveInput(agentManager, runId, command, text, baselineLength, shouldWaitForPasteAck(command, text), getPasteAckSettleDelayMs(command), getPasteAckTimeoutMs(command), retriesSubmit(command), resolveDone, rejectDone);
                 return;
             }
             setTimeout(tryWrite, READY_CHECK_INTERVAL_MS);

package/dist/src/server/preset-launch-support.js

@@ -64,6 +64,7 @@ const supportsPresetResume = (capture) => capture?.source === 'claude_project_js
     capture?.source === 'codex_session_jsonl_dir' ||
     capture?.source === 'gemini_session_json_dir' ||
     capture?.source === 'opencode_session_db' ||
+    capture?.source === 'qwen_session_json_dir' ||
     capture?.source === 'stdout_regex';
 export const withPresetResumeArgs = (config, preset, lastSessionId, cwd, discriminator, onInvalidSessionId) => {
     const launchConfig = normalizeCodexNodeEntrypoint(config, preset);

package/dist/src/server/recovery-summary.d.ts

@@ -1,9 +1,10 @@
 import type { AgentSummary, WorkspaceSummary } from '../shared/types.js';
 import { type FeatureFlags } from './feature-flags.js';
 import type { RecoveryMessage } from './message-log-store.js';
-export declare const buildRecoverySummary: ({ agent, allTaskMessages, messages, tasksContent, workers, workspace, flags, }: {
+export declare const buildRecoverySummary: ({ agent, allTaskMessages, memoryDigest, messages, tasksContent, workers, workspace, flags, }: {
     agent: AgentSummary;
     allTaskMessages?: RecoveryMessage[];
+    memoryDigest?: string | null | undefined;
     messages: RecoveryMessage[];
     tasksContent: string;
     workers: AgentSummary[];

package/dist/src/server/recovery-summary.js

@@ -65,7 +65,7 @@ const formatWorkers = (workers) => {
     return workers.map((worker) => `- ${worker.name} (${worker.role}, ${worker.status}, pending_task_count: ${worker.pendingTaskCount})`);
 };
 const getTaskSectionTitle = (agent) => agent.role === 'orchestrator' ? '## Tasks you dispatched' : '## Tasks recently sent to you';
-export const buildRecoverySummary = ({ agent, allTaskMessages, messages, tasksContent, workers, workspace, flags = FEATURE_FLAGS_ALL_OFF, }) => wrapSystemMessage([
+export const buildRecoverySummary = ({ agent, allTaskMessages, memoryDigest, messages, tasksContent, workers, workspace, flags = FEATURE_FLAGS_ALL_OFF, }) => wrapSystemMessage([
     `You are ${agent.name} (${agent.role}) in workspace ${workspace.name}.`,
     'Hive just restarted you and could not recover via native session resume. Here is the handover context.',
     '',
@@ -84,6 +84,7 @@ export const buildRecoverySummary = ({ agent, allTaskMessages, messages, tasksCo
     '## Active workers',
     ...formatWorkers(workers),
     '',
+    ...(memoryDigest ? ['## Hive memory digest', memoryDigest, ''] : []),
     agent.role === 'orchestrator' ? '## Hive worker dispatch rules' : '## Hive worker boundaries',
     ...getHiveTeamRules(agent, flags),
     '',

package/dist/src/server/remote-audit-store.d.ts

@@ -0,0 +1,51 @@
+import type { Database } from 'better-sqlite3';
+export type RemoteAuditResult = 'ok' | 'rejected' | 'error';
+export type RemoteAuditAction = 'http' | 'ws_input' | 'ws_open' | 'session_open' | 'session_close' | 'revoke' | 'reject';
+export interface RemoteAuditEvent {
+    /** M1 session device id. Audit/revocation tag only — never a permission branch. */
+    deviceId?: string | null;
+    /** Coarse category (see RemoteAuditAction). */
+    action: RemoteAuditAction;
+    /** Whitelisted path for http/ws actions (`/api/...`, `/ws/...`); omit otherwise. */
+    endpoint?: string | null;
+    /** Affected workspace, when the action is scoped to one. */
+    workspaceId?: string | null;
+    result: RemoteAuditResult;
+    /** Required-in-spirit on a rejection: the concrete reason (off-whitelist, revoked, …). */
+    rejectReason?: string | null;
+    /** WS-input byte count. The full chunk is NEVER stored. */
+    byteCount?: number | null;
+    /** Short truncated preview of WS input. Bounded here, not by the caller. */
+    preview?: string | null;
+}
+export interface RemoteAuditRecord {
+    id: number;
+    deviceId: string | null;
+    ts: number;
+    workspaceId: string | null;
+    action: string;
+    endpoint: string | null;
+    result: string;
+    rejectReason: string | null;
+    byteCount: number | null;
+    preview: string | null;
+}
+export declare const AUDIT_PREVIEW_MAX = 120;
+export declare const createRemoteAuditStore: (db: Database) => {
+    /**
+     * Record an audit event. Returns immediately; the row is written on a
+     * later microtask. This is the ONLY method the tunnel calls on the hot path.
+     */
+    enqueue(event: RemoteAuditEvent, ts?: number): void;
+    /**
+     * Drain the buffer synchronously and await the pending write. Tests await
+     * this to assert rows deterministically; shutdown calls it to avoid losing
+     * the tail of the buffer. Idempotent when there's nothing pending.
+     */
+    flush(): Promise<void>;
+    /** Newest-first audit rows, capped at `limit`. Backs the Settings stream. */
+    list(limit?: number): RemoteAuditRecord[];
+    /** Newest-first rows for one device. Used by the device-detail view. */
+    listForDevice(deviceId: string, limit?: number): RemoteAuditRecord[];
+};
+export type RemoteAuditStore = ReturnType<typeof createRemoteAuditStore>;

package/dist/src/server/remote-audit-store.js

@@ -0,0 +1,108 @@
+// stdin previews are bounded so a paste of a megabyte of secrets can't end up in
+// the audit table. byte_count carries the real size; preview is just enough to
+// recognise the input in the Settings stream.
+export const AUDIT_PREVIEW_MAX = 120;
+const truncatePreview = (preview) => {
+    if (preview === null || preview === undefined)
+        return null;
+    if (preview.length <= AUDIT_PREVIEW_MAX)
+        return preview;
+    return `${preview.slice(0, AUDIT_PREVIEW_MAX)}…`;
+};
+export const createRemoteAuditStore = (db) => {
+    const insert = db.prepare(`INSERT INTO remote_audit
+       (remote_device_id, ts, workspace_id, action, endpoint, result, reject_reason, byte_count, preview)
+     VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`);
+    const listStmt = db.prepare(`SELECT id, remote_device_id, ts, workspace_id, action, endpoint, result, reject_reason, byte_count, preview
+       FROM remote_audit
+      ORDER BY id DESC
+      LIMIT ?`);
+    const listForDeviceStmt = db.prepare(`SELECT id, remote_device_id, ts, workspace_id, action, endpoint, result, reject_reason, byte_count, preview
+       FROM remote_audit
+      WHERE remote_device_id = ?
+      ORDER BY id DESC
+      LIMIT ?`);
+    // Pending events buffered between flushes. enqueue() never touches SQLite
+    // directly — it appends here and arms a single microtask drain, so a burst of
+    // terminal keystrokes coalesces into one transaction instead of N.
+    const pending = [];
+    let flushScheduled = false;
+    let draining = null;
+    const writePending = () => {
+        if (pending.length === 0)
+            return;
+        const batch = pending.splice(0, pending.length);
+        const tx = db.transaction((events) => {
+            for (const e of events) {
+                insert.run(e.deviceId ?? null, e.ts, e.workspaceId ?? null, e.action, e.endpoint ?? null, e.result, e.rejectReason ?? null, typeof e.byteCount === 'number' ? e.byteCount : null, truncatePreview(e.preview));
+            }
+        });
+        tx(batch);
+    };
+    const scheduleFlush = () => {
+        if (flushScheduled)
+            return;
+        flushScheduled = true;
+        draining = new Promise((resolve) => {
+            // queueMicrotask keeps the write off the forwarding call stack while
+            // still landing before the event loop yields to I/O, so audit rows for a
+            // request are durable well before the response round-trips.
+            queueMicrotask(() => {
+                flushScheduled = false;
+                try {
+                    writePending();
+                }
+                catch {
+                    // A failed audit write must not crash the tunnel. Drop the batch and
+                    // keep forwarding; losing an audit row is strictly better than
+                    // dropping a user's terminal input.
+                }
+                resolve();
+            });
+        });
+    };
+    const mapRow = (row) => ({
+        id: row.id,
+        deviceId: row.remote_device_id,
+        ts: row.ts,
+        workspaceId: row.workspace_id,
+        action: row.action,
+        endpoint: row.endpoint,
+        result: row.result,
+        rejectReason: row.reject_reason,
+        byteCount: row.byte_count,
+        preview: row.preview,
+    });
+    return {
+        /**
+         * Record an audit event. Returns immediately; the row is written on a
+         * later microtask. This is the ONLY method the tunnel calls on the hot path.
+         */
+        enqueue(event, ts = Date.now()) {
+            pending.push({ ...event, ts });
+            scheduleFlush();
+        },
+        /**
+         * Drain the buffer synchronously and await the pending write. Tests await
+         * this to assert rows deterministically; shutdown calls it to avoid losing
+         * the tail of the buffer. Idempotent when there's nothing pending.
+         */
+        async flush() {
+            // Settle any already-scheduled drain first, then force-write whatever the
+            // caller enqueued after it was scheduled (or never scheduled at all).
+            if (draining)
+                await draining;
+            writePending();
+        },
+        /** Newest-first audit rows, capped at `limit`. Backs the Settings stream. */
+        list(limit = 100) {
+            writePending();
+            return listStmt.all(limit).map(mapRow);
+        },
+        /** Newest-first rows for one device. Used by the device-detail view. */
+        listForDevice(deviceId, limit = 100) {
+            writePending();
+            return listForDeviceStmt.all(deviceId, limit).map(mapRow);
+        },
+    };
+};

package/dist/src/server/remote-config-keys.d.ts

@@ -0,0 +1,17 @@
+export declare const REMOTE_GATEWAY_URL_KEY = "remote_gateway_url";
+export declare const REMOTE_DAEMON_TOKEN_KEY = "remote_daemon_token";
+export declare const REMOTE_DAEMON_ID_KEY = "remote_daemon_id";
+export declare const REMOTE_ENABLED_KEY = "remote_enabled";
+export declare const DEFAULT_GATEWAY_URL = "https://app.hivehq.dev";
+export interface RemoteAppStateReader {
+    get(key: string): {
+        value: string | null;
+    } | undefined;
+}
+export interface RemoteConfigSource {
+    isEnabled(): boolean;
+    getGatewayUrl(): string | null;
+    getDaemonToken(): string | null;
+    getDaemonId(): string | null;
+}
+export declare const createRemoteConfigSource: (store: RemoteAppStateReader) => RemoteConfigSource;

package/dist/src/server/remote-config-keys.js

@@ -0,0 +1,27 @@
+// Remote-access config lives in the existing app_state KV. These are the
+// canonical key literals — the single source of truth for BOTH sides of the
+// feature: `hive remote login/logout` (src/cli/hive-remote.ts) writes them, and
+// the daemon-side tunnel reads them. The CLI re-exports these so there is one
+// definition, not two that can drift (a rename on only one side would silently
+// stop login from reaching the tunnel).
+//
+// snake_case to match the existing app_state keys (active_workspace_id, …).
+export const REMOTE_GATEWAY_URL_KEY = 'remote_gateway_url';
+export const REMOTE_DAEMON_TOKEN_KEY = 'remote_daemon_token';
+export const REMOTE_DAEMON_ID_KEY = 'remote_daemon_id';
+export const REMOTE_ENABLED_KEY = 'remote_enabled';
+export const DEFAULT_GATEWAY_URL = 'https://app.hivehq.dev';
+// remote_enabled is ON only when it is exactly the string 'true'. Everything
+// else — absent, '', 'false', '1', 'yes' — is OFF. This is invariant 4 (off ==
+// zero behavior change): a truthy check would let a stray value silently arm
+// the outbound tunnel, so the test pins the exact-string semantics.
+const ENABLED_VALUE = 'true';
+export const createRemoteConfigSource = (store) => {
+    const read = (key) => store.get(key)?.value ?? null;
+    return {
+        isEnabled: () => read(REMOTE_ENABLED_KEY) === ENABLED_VALUE,
+        getGatewayUrl: () => read(REMOTE_GATEWAY_URL_KEY),
+        getDaemonToken: () => read(REMOTE_DAEMON_TOKEN_KEY),
+        getDaemonId: () => read(REMOTE_DAEMON_ID_KEY),
+    };
+};

package/dist/src/server/remote-control-constants.d.ts

@@ -0,0 +1,30 @@
+export declare const GW_CONTROL_PREFIX = "\0gw:";
+export declare const RelayCloseCode: {
+    readonly Normal: 1000;
+    readonly ProtocolError: 4400;
+    readonly Unauthorized: 4401;
+    readonly Forbidden: 4403;
+    readonly DaemonOffline: 4404;
+    readonly Replaced: 4409;
+    readonly Revoked: 4410;
+    readonly InternalError: 4500;
+};
+export type RelayCloseCode = (typeof RelayCloseCode)[keyof typeof RelayCloseCode];
+export type GatewayControl = {
+    t: 'peer-online';
+    role: 'daemon' | 'device' | 'pair';
+    jti?: string;
+} | {
+    t: 'peer-offline';
+    role: 'daemon' | 'device' | 'pair';
+} | {
+    t: 'revoked';
+    reason: string;
+} | {
+    t: 'error';
+    code: number;
+    message: string;
+};
+export declare const HB_PING = "hb:ping";
+export declare const HB_PONG = "hb:pong";
+export declare const isAuthFatalCloseCode: (code: number) => boolean;

package/dist/src/server/remote-control-constants.js

@@ -0,0 +1,29 @@
+// Daemon-side re-declaration of the gateway's control-band wire contract.
+//
+// The gateway lives in gateway/src/relay-do.ts — a separate Cloudflare-Workers package that is NOT
+// import-reachable from src/ (importing it would drag in cloudflare:workers). So the daemon mirrors
+// the few values it has to agree on, and tests/unit/remote-control-constants.test.ts pins each one
+// to the literal gateway value so the wire format can never silently drift between the two sides.
+// Control-frame sentinel. The gateway prefixes every control message (peer presence, revocation)
+// with this so it can never be confused with an opaque binary E2E frame. relay-do.ts:29.
+export const GW_CONTROL_PREFIX = '\x00gw:';
+// WebSocket close codes (4xxx app range). relay-do.ts:32-41.
+export const RelayCloseCode = {
+    Normal: 1000,
+    ProtocolError: 4400,
+    Unauthorized: 4401,
+    Forbidden: 4403,
+    DaemonOffline: 4404,
+    Replaced: 4409,
+    Revoked: 4410,
+    InternalError: 4500,
+};
+// Idle keepalive: the daemon SENDS this app-level string and the DO auto-replies HB_PONG WITHOUT
+// waking (setWebSocketAutoResponse, relay-do.ts:144). A protocol-level ws.ping() would wake the DO
+// and burn duration — the heartbeat MUST be this string, never ws.ping().
+export const HB_PING = 'hb:ping';
+export const HB_PONG = 'hb:pong';
+// Only these two close codes are authoritative credential death: the daemon must LATCH (stop
+// retrying until refresh() re-reads config). Every other close — including 4404 DaemonOffline,
+// 4409 Replaced, and the transport 1006 — is transient and backs off + retries.
+export const isAuthFatalCloseCode = (code) => code === RelayCloseCode.Unauthorized || code === RelayCloseCode.Revoked;

package/dist/src/server/remote-device-session.d.ts

@@ -0,0 +1,40 @@
+import type { Direction } from '../shared/remote-crypto.js';
+export interface DeviceSession {
+    deviceId: string;
+    /**
+     * 32-byte directional ROOT keys from M1 deriveDaemonSession. M6.1: these are ROOTS — the bridge
+     * derives the per-connection AEAD keys from them via deriveConnectionKeys + the bilateral connection
+     * salts, and seals/opens ONLY under those connKeys. These bytes are NEVER passed to sealNext/openNext
+     * directly; that is what makes resetting seq to 0 per connection safe (the AEAD key is fresh per
+     * connection even though the root is persisted/reused).
+     */
+    keys: {
+        d2p: Uint8Array;
+        p2d: Uint8Array;
+    };
+}
+export interface DeviceSessionProvider {
+    /**
+     * null => unknown / revoked / no established session. The tunnel resets the stream and audits
+     * 'no_session'; it never bridges a frame for a device it has no key for.
+     */
+    get(deviceId: string): DeviceSession | null;
+    /**
+     * Every established session. Used ONLY to resolve which device a CHANNEL_STREAM_ID Hello came
+     * from: the relay does not tag the source device, so the daemon trial-opens the Hello against
+     * each candidate's p2d key until one authenticates (AEAD makes a wrong key fail cleanly). After
+     * the Hello opens, the daemon binds (deviceId, streamId)->device and never trial-opens that
+     * stream again. deviceId is therefore only ever the result of a successful open (invariant 5).
+     */
+    candidates(): DeviceSession[];
+}
+export declare const DAEMON_OPEN_DIRECTION: Direction;
+export declare const DAEMON_SEAL_DIRECTION: Direction;
+export declare class InMemoryDeviceSessionProvider implements DeviceSessionProvider {
+    private readonly sessions;
+    set(session: DeviceSession): void;
+    /** Models a revoke: the key is gone, so the next frame for this device fails 'no_session'. */
+    remove(deviceId: string): void;
+    get(deviceId: string): DeviceSession | null;
+    candidates(): DeviceSession[];
+}

package/dist/src/server/remote-device-session.js

@@ -0,0 +1,22 @@
+// Daemon directions — the mirror of the device's. Exported so the tunnel, the bridge and the tests
+// all agree on ONE source of truth for which key opens/seals which way.
+//   - the daemon OPENS inbound phone→daemon frames with p2d
+//   - the daemon SEALS outbound daemon→phone frames with d2p
+export const DAEMON_OPEN_DIRECTION = 'p2d';
+export const DAEMON_SEAL_DIRECTION = 'd2p';
+export class InMemoryDeviceSessionProvider {
+    sessions = new Map();
+    set(session) {
+        this.sessions.set(session.deviceId, session);
+    }
+    /** Models a revoke: the key is gone, so the next frame for this device fails 'no_session'. */
+    remove(deviceId) {
+        this.sessions.delete(deviceId);
+    }
+    get(deviceId) {
+        return this.sessions.get(deviceId) ?? null;
+    }
+    candidates() {
+        return [...this.sessions.values()];
+    }
+}

package/dist/src/server/remote-device-store.d.ts

@@ -0,0 +1,36 @@
+import type { Database } from 'better-sqlite3';
+import type { DeviceSession, DeviceSessionProvider } from './remote-device-session.js';
+export interface RemoteDeviceRecord {
+    id: string;
+    name: string;
+    createdAt: number;
+    lastActive: number | null;
+    revokedAt: number | null;
+}
+export interface PersistDeviceInput {
+    id: string;
+    name: string;
+    /** The M3 DeviceSession.keys — a stored secret. */
+    keys: {
+        d2p: Uint8Array;
+        p2d: Uint8Array;
+    };
+    devicePublicKey: Uint8Array;
+}
+export interface RemoteDeviceStore {
+    /** TRUST-ROOT write. ONLY remote-pairing.confirmPairing calls this, ONLY on desktop confirm. */
+    insert(input: PersistDeviceInput, now?: number): RemoteDeviceRecord;
+    /** Provider read path (returns key material). null if absent OR revoked. INTERNAL. */
+    getLiveSession(deviceId: string): DeviceSession | null;
+    /** Active (non-revoked) sessions only — backs DeviceSessionProvider.candidates(). */
+    liveSessions(): DeviceSession[];
+    /** Device-management read path — metadata ONLY, no keys. Newest first. */
+    list(includeRevoked?: boolean): RemoteDeviceRecord[];
+    get(deviceId: string): RemoteDeviceRecord | null;
+    /** Local half of the revocation closed loop. Idempotent; false if unknown / already revoked. */
+    revoke(deviceId: string, now?: number): boolean;
+    /** Best-effort last_active bump. Never resurrects a revoked row. */
+    touchActive(deviceId: string, now?: number): void;
+}
+export declare const createRemoteDeviceStore: (db: Database) => RemoteDeviceStore;
+export declare const createPersistentDeviceSessionProvider: (store: RemoteDeviceStore) => DeviceSessionProvider;