npm - @tyvm/knowhow - Versions diffs - 0.0.107 → 0.0.108-dev.4a8ba55 - Mend

@tyvm/knowhow 0.0.107 → 0.0.108-dev.4a8ba55

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (193) hide show

package/README.md +45 -0
package/package.json +9 -4
package/scripts/publish.sh +86 -0
package/src/agents/base/base.ts +10 -0
package/src/agents/tools/execCommand.ts +49 -6
package/src/agents/tools/index.ts +0 -1
package/src/agents/tools/list.ts +0 -2
package/src/chat/CliChatService.ts +7 -1
package/src/chat/modules/AgentModule.ts +55 -30
package/src/chat/modules/SessionsModule.ts +7 -2
package/src/chat/renderer/CompactRenderer.ts +20 -0
package/src/chat/renderer/ConsoleRenderer.ts +19 -0
package/src/chat/renderer/FancyRenderer.ts +19 -0
package/src/chat/renderer/types.ts +11 -0
package/src/cli.ts +79 -661
package/src/clients/anthropic.ts +19 -16
package/src/clients/types.ts +23 -4
package/src/cloudWorker.ts +75 -1
package/src/commands/agent.ts +246 -0
package/src/commands/misc.ts +169 -0
package/src/commands/modules.ts +182 -0
package/src/commands/services.ts +72 -0
package/src/commands/workers.ts +160 -0
package/src/config.ts +37 -0
package/src/index.ts +18 -0
package/src/plugins/embedding.ts +11 -6
package/src/plugins/plugins.ts +0 -21
package/src/plugins/vim.ts +5 -16
package/src/processors/JsonCompressor.ts +6 -6
package/src/services/KnowhowClient.ts +22 -2
package/src/services/S3.ts +10 -0
package/src/services/modules/index.ts +58 -49
package/src/services/modules/types.ts +4 -0
package/src/tunnel.ts +216 -0
package/src/types.ts +0 -1
package/src/worker.ts +105 -312
package/src/workers/auth/WsMiddleware.ts +99 -0
package/src/workers/auth/authMiddleware.ts +104 -0
package/src/workers/auth/types.ts +14 -2
package/src/workers/tools/index.ts +2 -0
package/src/workers/tools/reloadConfig.ts +84 -0
package/tests/services/WorkerReloadConfig.test.ts +141 -0
package/tests/unit/modules/moduleLoading.test.ts +0 -25
package/tests/unit/plugins/pluginLoading.test.ts +0 -85
package/ts_build/package.json +9 -4
package/ts_build/src/agents/base/base.js +11 -0
package/ts_build/src/agents/base/base.js.map +1 -1
package/ts_build/src/agents/tools/execCommand.d.ts +1 -1
package/ts_build/src/agents/tools/execCommand.js +39 -5
package/ts_build/src/agents/tools/execCommand.js.map +1 -1
package/ts_build/src/agents/tools/index.d.ts +0 -1
package/ts_build/src/agents/tools/index.js +0 -1
package/ts_build/src/agents/tools/index.js.map +1 -1
package/ts_build/src/agents/tools/list.js +0 -2
package/ts_build/src/agents/tools/list.js.map +1 -1
package/ts_build/src/chat/CliChatService.js +10 -1
package/ts_build/src/chat/CliChatService.js.map +1 -1
package/ts_build/src/chat/modules/AgentModule.d.ts +1 -1
package/ts_build/src/chat/modules/AgentModule.js +39 -19
package/ts_build/src/chat/modules/AgentModule.js.map +1 -1
package/ts_build/src/chat/modules/SessionsModule.js +7 -2
package/ts_build/src/chat/modules/SessionsModule.js.map +1 -1
package/ts_build/src/chat/renderer/CompactRenderer.d.ts +4 -0
package/ts_build/src/chat/renderer/CompactRenderer.js +16 -0
package/ts_build/src/chat/renderer/CompactRenderer.js.map +1 -1
package/ts_build/src/chat/renderer/ConsoleRenderer.d.ts +4 -0
package/ts_build/src/chat/renderer/ConsoleRenderer.js +16 -0
package/ts_build/src/chat/renderer/ConsoleRenderer.js.map +1 -1
package/ts_build/src/chat/renderer/FancyRenderer.d.ts +4 -0
package/ts_build/src/chat/renderer/FancyRenderer.js +16 -0
package/ts_build/src/chat/renderer/FancyRenderer.js.map +1 -1
package/ts_build/src/chat/renderer/types.d.ts +2 -0
package/ts_build/src/cli.js +40 -519
package/ts_build/src/cli.js.map +1 -1
package/ts_build/src/clients/anthropic.d.ts +5 -5
package/ts_build/src/clients/anthropic.js +19 -16
package/ts_build/src/clients/anthropic.js.map +1 -1
package/ts_build/src/clients/types.d.ts +5 -2
package/ts_build/src/cloudWorker.d.ts +9 -0
package/ts_build/src/cloudWorker.js +36 -0
package/ts_build/src/cloudWorker.js.map +1 -1
package/ts_build/src/commands/agent.d.ts +6 -0
package/ts_build/src/commands/agent.js +229 -0
package/ts_build/src/commands/agent.js.map +1 -0
package/ts_build/src/commands/misc.d.ts +10 -0
package/ts_build/src/commands/misc.js +195 -0
package/ts_build/src/commands/misc.js.map +1 -0
package/ts_build/src/commands/modules.d.ts +3 -0
package/ts_build/src/commands/modules.js +160 -0
package/ts_build/src/commands/modules.js.map +1 -0
package/ts_build/src/commands/services.d.ts +5 -0
package/ts_build/src/commands/services.js +86 -0
package/ts_build/src/commands/services.js.map +1 -0
package/ts_build/src/commands/workers.d.ts +6 -0
package/ts_build/src/commands/workers.js +163 -0
package/ts_build/src/commands/workers.js.map +1 -0
package/ts_build/src/config.d.ts +1 -0
package/ts_build/src/config.js +32 -0
package/ts_build/src/config.js.map +1 -1
package/ts_build/src/index.d.ts +1 -0
package/ts_build/src/index.js +17 -1
package/ts_build/src/index.js.map +1 -1
package/ts_build/src/plugins/embedding.js +4 -3
package/ts_build/src/plugins/embedding.js.map +1 -1
package/ts_build/src/plugins/plugins.d.ts +0 -2
package/ts_build/src/plugins/plugins.js +0 -11
package/ts_build/src/plugins/plugins.js.map +1 -1
package/ts_build/src/plugins/vim.js +3 -9
package/ts_build/src/plugins/vim.js.map +1 -1
package/ts_build/src/processors/JsonCompressor.js +4 -4
package/ts_build/src/processors/JsonCompressor.js.map +1 -1
package/ts_build/src/services/KnowhowClient.d.ts +12 -0
package/ts_build/src/services/KnowhowClient.js +11 -0
package/ts_build/src/services/KnowhowClient.js.map +1 -1
package/ts_build/src/services/S3.js +7 -0
package/ts_build/src/services/S3.js.map +1 -1
package/ts_build/src/services/modules/index.d.ts +33 -0
package/ts_build/src/services/modules/index.js +38 -42
package/ts_build/src/services/modules/index.js.map +1 -1
package/ts_build/src/services/modules/types.d.ts +4 -0
package/ts_build/src/tunnel.d.ts +27 -0
package/ts_build/src/tunnel.js +112 -0
package/ts_build/src/tunnel.js.map +1 -0
package/ts_build/src/types.d.ts +0 -1
package/ts_build/src/types.js.map +1 -1
package/ts_build/src/worker.d.ts +1 -4
package/ts_build/src/worker.js +59 -227
package/ts_build/src/worker.js.map +1 -1
package/ts_build/src/workers/auth/WsMiddleware.d.ts +8 -0
package/ts_build/src/workers/auth/WsMiddleware.js +65 -0
package/ts_build/src/workers/auth/WsMiddleware.js.map +1 -0
package/ts_build/src/workers/auth/authMiddleware.d.ts +3 -0
package/ts_build/src/workers/auth/authMiddleware.js +60 -0
package/ts_build/src/workers/auth/authMiddleware.js.map +1 -0
package/ts_build/src/workers/auth/types.d.ts +8 -1
package/ts_build/src/workers/tools/index.d.ts +2 -0
package/ts_build/src/workers/tools/index.js +4 -1
package/ts_build/src/workers/tools/index.js.map +1 -1
package/ts_build/src/workers/tools/reloadConfig.d.ts +14 -0
package/ts_build/src/workers/tools/reloadConfig.js +48 -0
package/ts_build/src/workers/tools/reloadConfig.js.map +1 -0
package/ts_build/tests/services/WorkerReloadConfig.test.d.ts +1 -0
package/ts_build/tests/services/WorkerReloadConfig.test.js +86 -0
package/ts_build/tests/services/WorkerReloadConfig.test.js.map +1 -0
package/ts_build/tests/unit/modules/moduleLoading.test.js +0 -19
package/ts_build/tests/unit/modules/moduleLoading.test.js.map +1 -1
package/ts_build/tests/unit/plugins/pluginLoading.test.js +0 -65
package/ts_build/tests/unit/plugins/pluginLoading.test.js.map +1 -1
package/src/agents/tools/executeScript/README.md +0 -94
package/src/agents/tools/executeScript/definition.ts +0 -79
package/src/agents/tools/executeScript/examples/dependency-injection-validation.ts +0 -272
package/src/agents/tools/executeScript/examples/quick-test.ts +0 -74
package/src/agents/tools/executeScript/examples/serialization-test.ts +0 -321
package/src/agents/tools/executeScript/examples/test-runner.ts +0 -197
package/src/agents/tools/executeScript/index.ts +0 -98
package/src/services/script-execution/SandboxContext.ts +0 -282
package/src/services/script-execution/ScriptExecutor.ts +0 -441
package/src/services/script-execution/ScriptPolicy.ts +0 -194
package/src/services/script-execution/ScriptTracer.ts +0 -249
package/src/services/script-execution/types.ts +0 -134
package/ts_build/src/agents/tools/executeScript/definition.d.ts +0 -2
package/ts_build/src/agents/tools/executeScript/definition.js +0 -76
package/ts_build/src/agents/tools/executeScript/definition.js.map +0 -1
package/ts_build/src/agents/tools/executeScript/examples/dependency-injection-validation.d.ts +0 -18
package/ts_build/src/agents/tools/executeScript/examples/dependency-injection-validation.js +0 -192
package/ts_build/src/agents/tools/executeScript/examples/dependency-injection-validation.js.map +0 -1
package/ts_build/src/agents/tools/executeScript/examples/quick-test.d.ts +0 -3
package/ts_build/src/agents/tools/executeScript/examples/quick-test.js +0 -64
package/ts_build/src/agents/tools/executeScript/examples/quick-test.js.map +0 -1
package/ts_build/src/agents/tools/executeScript/examples/serialization-test.d.ts +0 -15
package/ts_build/src/agents/tools/executeScript/examples/serialization-test.js +0 -266
package/ts_build/src/agents/tools/executeScript/examples/serialization-test.js.map +0 -1
package/ts_build/src/agents/tools/executeScript/examples/test-runner.d.ts +0 -4
package/ts_build/src/agents/tools/executeScript/examples/test-runner.js +0 -208
package/ts_build/src/agents/tools/executeScript/examples/test-runner.js.map +0 -1
package/ts_build/src/agents/tools/executeScript/index.d.ts +0 -28
package/ts_build/src/agents/tools/executeScript/index.js +0 -72
package/ts_build/src/agents/tools/executeScript/index.js.map +0 -1
package/ts_build/src/services/script-execution/SandboxContext.d.ts +0 -34
package/ts_build/src/services/script-execution/SandboxContext.js +0 -189
package/ts_build/src/services/script-execution/SandboxContext.js.map +0 -1
package/ts_build/src/services/script-execution/ScriptExecutor.d.ts +0 -19
package/ts_build/src/services/script-execution/ScriptExecutor.js +0 -269
package/ts_build/src/services/script-execution/ScriptExecutor.js.map +0 -1
package/ts_build/src/services/script-execution/ScriptPolicy.d.ts +0 -28
package/ts_build/src/services/script-execution/ScriptPolicy.js +0 -115
package/ts_build/src/services/script-execution/ScriptPolicy.js.map +0 -1
package/ts_build/src/services/script-execution/ScriptTracer.d.ts +0 -19
package/ts_build/src/services/script-execution/ScriptTracer.js +0 -186
package/ts_build/src/services/script-execution/ScriptTracer.js.map +0 -1
package/ts_build/src/services/script-execution/types.d.ts +0 -108
package/ts_build/src/services/script-execution/types.js +0 -3
package/ts_build/src/services/script-execution/types.js.map +0 -1

package/src/services/S3.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import * as fs from "fs";
 import { createWriteStream, createReadStream } from "fs";
+import * as crypto from "crypto";
 import { pipeline, Readable } from "stream";
 import * as util from "util";
@@ -14,10 +15,19 @@ export class S3Service {
       const fileContent = fs.readFileSync(filePath);
       const fileStats = await fs.promises.stat(filePath);
+      // Compute SHA-256 checksum (base64) — required when presigned URL was
+      // generated with ChecksumAlgorithm: SHA256
+      const sha256Base64 = crypto
+        .createHash("sha256")
+        .update(fileContent)
+        .digest("base64");
       const response = await fetch(presignedUrl, {
         method: "PUT",
         headers: {
           "Content-Length": String(fileStats.size),
+          "x-amz-checksum-sha256": sha256Base64,
+          "x-amz-sdk-checksum-algorithm": "SHA256",
         },
         body: fileContent,
         // @ts-ignore

package/src/services/modules/index.ts CHANGED Viewed

@@ -1,38 +1,28 @@
 import { getConfig, getGlobalConfig } from "../../config";
 import { KnowhowModule, ModuleContext } from "./types";
-import { ToolsService } from "../Tools";
 import { services } from "../";
 import * as path from "path";
 export class ModulesService {
-  async loadModulesFromConfig(context?: ModuleContext) {
-    const config = await getConfig();
+  async getDefaultContext() {
+    return { ...services() };
+  }
+  async overrideDefaultContext(overrides: Partial<ModuleContext>) {
+    const defaultContext = await this.getDefaultContext();
+    return { ...defaultContext, ...overrides };
+  }
+  async loadModulesFrom(
+    config: { modules: string[] } & any,
+    context?: Partial<ModuleContext>
+  ) {
     // If no context provided, fall back to global singletons
     if (!context) {
-      const { Clients, Plugins, Agents, Tools, Embeddings, MediaProcessor } = services();
-      context = {
-        Agents,
-        Embeddings,
-        Plugins,
-        Clients,
-        Tools,
-        MediaProcessor,
-      };
+      context = { ...(await this.getDefaultContext()) };
     }
-    // Use the toolsService from context
-    const toolsService = context.Tools;
-    const agentService = context.Agents;
-    const pluginService = context.Plugins;
-    const clients = context.Clients;
-    // Load from global config (~/.knowhow/knowhow.json) first, then local config
-    const globalConfig = await getGlobalConfig();
-    const allModulePaths = [
-      ...(globalConfig.modules || []),
-      ...(config.modules || []),
-    ];
+    const allModulePaths = config.modules;
     for (const modulePath of allModulePaths) {
       // Resolve relative paths relative to process.cwd() so that paths like
@@ -43,40 +33,59 @@ export class ModulesService {
         : modulePath;
       const rawModule = require(resolvedPath);
       const importedModule = (rawModule.default || rawModule) as KnowhowModule;
-      console.log(`🔌 Loading module: ${modulePath} (resolved: ${resolvedPath})`);
-      await importedModule.init({ config, cwd: process.cwd(), context });
-      console.log(`✅ Module initialized: ${modulePath} (tools: ${importedModule.tools.length}, agents: ${importedModule.agents.length}, plugins: ${importedModule.plugins.length}, clients: ${importedModule.clients.length})`);
+      console.log(
+        `🔌 Loading module: ${modulePath} (resolved: ${resolvedPath})`
+      );
+      await importedModule.init({ config, cwd: process.cwd(), context: context as ModuleContext });
+      console.log(
+        `✅ Module initialized: ${modulePath} (tools: ${importedModule.tools.length}, agents: ${importedModule.agents.length}, plugins: ${importedModule.plugins.length}, clients: ${importedModule.clients.length})`
+      );
-      for (const agent of importedModule.agents) {
-        agentService.registerAgent(agent);
+      // Only register tools/agents/plugins/clients if the relevant services
+      // are available in context (they may not be during early CLI command registration)
+      if (context.Agents) {
+        for (const agent of importedModule.agents) {
+          context.Agents.registerAgent(agent);
+        }
       }
-      for (const tool of importedModule.tools) {
-        toolsService.addTool(tool.definition);
-        toolsService.setFunction(tool.definition.function.name, tool.handler);
+      if (context.Tools) {
+        for (const tool of importedModule.tools) {
+          context.Tools.addTool(tool.definition);
+          context.Tools.setFunction(tool.definition.function.name, tool.handler);
+        }
       }
-      for (const plugin of importedModule.plugins) {
-        const pluginContext = {
-          Agents: agentService,
-          Clients: clients,
-          Tools: toolsService,
-          Plugins: pluginService,
-          ...(context.MediaProcessor ? { MediaProcessor: context.MediaProcessor } : {}),
-        };
-        pluginService.registerPlugin(plugin.name, new plugin.plugin(pluginContext as any));
+      if (context.Plugins) {
+        for (const plugin of importedModule.plugins) {
+          context.Plugins.registerPlugin(
+            plugin.name,
+            new plugin.plugin(context as any)
+          );
+        }
       }
-      for (const client of importedModule.clients) {
-        clients.registerClient(client.provider, client.client);
-        clients.registerModels(client.provider, client.models);
+      if (context.Clients) {
+        for (const client of importedModule.clients) {
+          context.Clients.registerClient(client.provider, client.client);
+          context.Clients.registerModels(client.provider, client.models);
+        }
       }
     }
+  }
-    // Also load plugins directly from config's pluginPackages map
-    if (pluginService) {
-      await pluginService.loadPluginsFromConfig(config);
-      await pluginService.loadPluginsFromConfig(globalConfig);
-    }
+  async loadModulesFromConfig(context?: ModuleContext) {
+    const config = await getConfig();
+    const globalConfig = await getGlobalConfig();
+    const allModulePaths = [
+      ...(globalConfig.modules || []),
+      ...(config.modules || []),
+    ];
+    return this.loadModulesFrom(
+      { ...config, modules: allModulePaths },
+      context
+    );
   }
 }

package/src/services/modules/types.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { Plugin, PluginContext } from "../../plugins/types";
+import { Command } from "commander";
 import { IAgent } from "../../agents/interface";
 import { Tool } from "../../clients/types";
 import { Config } from "../../types";
@@ -9,6 +10,7 @@ import { PluginService } from "../../plugins/plugins";
 import { AIClient } from "../../clients";
 import { ToolsService } from "../Tools";
 import { MediaProcessorService } from "../MediaProcessorService";
+import { TunnelHandler } from "@tyvm/knowhow-tunnel";
 /*
  *
@@ -53,6 +55,8 @@ export interface ModuleContext {
   Clients: AIClient;
   Tools: ToolsService;
   MediaProcessor?: MediaProcessorService;
+  Tunnel?: TunnelHandler;
+  Program?: Command;
 }
 export interface KnowhowModule {

package/src/tunnel.ts ADDED Viewed

@@ -0,0 +1,216 @@
+import os from "os";
+import { WebSocket } from "ws";
+import { createTunnelHandler, TunnelHandler } from "@tyvm/knowhow-tunnel";
+import { loadJwt } from "./login";
+import { wait } from "./utils";
+import { getConfig } from "./config";
+import { KNOWHOW_API_URL } from "./services/KnowhowClient";
+import { ModulesService } from "./services/modules";
+import { WorkerPasskeyAuthService } from "./workers/auth/WorkerPasskeyAuth";
+import { WsMiddlewareStack } from "./workers/auth/WsMiddleware";
+import { makeAuthMiddleware } from "./workers/auth/authMiddleware";
+/**
+ * Extract the tunnel domain and protocol from the API URL.
+ * e.g., "https://api.knowhow.tyvm.ai" -> { domain: "worker.knowhow.tyvm.ai", useHttps: true }
+ * e.g., "http://localhost:4000" -> { domain: "worker.localhost:4000", useHttps: false }
+ */
+export function extractTunnelDomain(apiUrl: string): {
+  domain: string;
+  useHttps: boolean;
+} {
+  try {
+    const url = new URL(apiUrl);
+    const useHttps = url.protocol === "https:";
+    // For localhost, include port; for production, just use hostname
+    if (url.hostname === "localhost" || url.hostname === "127.0.0.1") {
+      return {
+        domain: `worker.${url.hostname}:${url.port || "80"}`,
+        useHttps,
+      };
+    }
+    return { domain: `worker.${url.hostname}`, useHttps };
+  } catch (err) {
+    console.error("Failed to parse API_URL for tunnel domain:", err);
+    return { domain: "worker.localhost:4000", useHttps: false }; // fallback
+  }
+}
+/**
+ * Initialize a tunnel handler and load tunnel modules.
+ */
+export async function initTunnelHandler(
+  tunnelConnection: WebSocket,
+  tunnelConfig: Parameters<typeof createTunnelHandler>[1]
+): Promise<TunnelHandler> {
+  const handler = createTunnelHandler(tunnelConnection, tunnelConfig);
+  console.log("🌐 Tunnel handler initialized");
+  console.log(tunnelConfig);
+  const tunnelModuleService = new ModulesService();
+  const tunnelContext = await tunnelModuleService.overrideDefaultContext({
+    Tunnel: handler,
+  });
+  tunnelModuleService.loadModulesFromConfig(tunnelContext).catch((err) => {
+    console.error("Failed to load tunnel modules:", err);
+  });
+  return handler;
+}
+/**
+ * Resolve tunnel local host, log port mapping, and return shared tunnel setup values.
+ * Extracted to avoid duplication between worker() and tunnel().
+ */
+export function resolveTunnelConfig(
+  config: Awaited<ReturnType<typeof getConfig>>,
+  isInsideDocker: boolean
+): { tunnelLocalHost: string; portMapping: Record<string, number> } {
+  // Determine localHost based on environment
+  let tunnelLocalHost = config.worker?.tunnel?.localHost;
+  if (!tunnelLocalHost) {
+    if (isInsideDocker) {
+      tunnelLocalHost = "host.docker.internal";
+      console.log(
+        "🐳 Docker detected: tunnel will use host.docker.internal to reach host services"
+      );
+    } else {
+      tunnelLocalHost = "127.0.0.1";
+    }
+  }
+  // Check for port mapping configuration
+  const portMapping = (config.worker?.tunnel?.portMapping || {}) as Record<string, number>;
+  if (Object.keys(portMapping).length > 0) {
+    console.log("🔀 Port mapping configured:");
+    for (const [containerPort, hostPort] of Object.entries(portMapping)) {
+      console.log(`   Container port ${containerPort} → Host port ${hostPort}`);
+    }
+  }
+  return { tunnelLocalHost, portMapping };
+}
+/**
+ * Options for connectTunnelWebSocket helper.
+ */
+export interface TunnelWebSocketOptions {
+  /** Already-resolved tunnel domain (hostname only, no protocol) */
+  tunnelDomain: string;
+  /** Whether the tunnel should use HTTPS */
+  tunnelUseHttps: boolean;
+  /** Local host to forward tunnel traffic to */
+  tunnelLocalHost: string;
+  /** Port mapping configuration */
+  portMapping: Record<string, number>;
+  /** Worker config (for tunnel sub-config) */
+  config: Awaited<ReturnType<typeof getConfig>>;
+  /** HTTP headers to attach to the WebSocket upgrade request */
+  headers: Record<string, string>;
+  /** Callback invoked with the TunnelHandler once the connection opens */
+  onOpen?: (handler: TunnelHandler) => void;
+  /** Called when the connection closes; receives code + reason string */
+  onClose?: (code: number, reason: string) => void;
+  /** Called on error */
+  onError?: (error: Error) => void;
+  /** Optional passkey auth service — if provided, applies WS middleware to gate tunnel traffic */
+  authService?: WorkerPasskeyAuthService | null;
+}
+/**
+ * Create a tunnel WebSocket connection, build the tunnelConfig, and
+ * initialize the tunnel handler.  Returns the WebSocket.
+ *
+ * The caller is responsible for storing a reference to the returned TunnelHandler
+ * (via onOpen) and performing any outer-state cleanup (via onClose / onError).
+ */
+export function connectTunnelWebSocket(
+  options: TunnelWebSocketOptions
+): WebSocket {
+  const {
+    tunnelDomain,
+    tunnelUseHttps,
+    tunnelLocalHost,
+    portMapping,
+    config,
+    headers,
+    onOpen,
+    onClose,
+    onError,
+    authService,
+  } = options;
+  const tunnelConnection = new WebSocket(`${KNOWHOW_API_URL}/ws/tunnel`, { headers });
+  tunnelConnection.on("open", async () => {
+    console.log("Tunnel WebSocket connected");
+    // Apply passkey auth middleware FIRST, before tunnel handler registers its
+    // "message" listener. Node.js EventEmitter fires listeners in registration
+    // order, so our middleware runs first. wrapSocket() also redirects future
+    // ws.on("message", ...) calls to an inner emitter, ensuring the tunnel
+    // handler only receives messages that passed the middleware.
+    if (authService) {
+      const stack = new WsMiddlewareStack();
+      stack.use(makeAuthMiddleware(authService));
+      stack.wrapSocket(tunnelConnection);
+    }
+    const allowedPorts = config.worker?.tunnel?.allowedPorts || [];
+    // Create URL rewriter callback that returns the hostname (without protocol).
+    // The tunnel package will add the protocol based on the useHttps config.
+    const urlRewriter = (port: number, metadata?: any) => {
+      const workerId = metadata?.workerId;
+      const secret = metadata?.secret;
+      // Examples: secret-p3000.worker.example.com  /  workerId-p3000.worker.example.com
+      const subdomain = secret
+        ? `${secret}-p${port}`
+        : `${workerId}-p${port}`;
+      return `${subdomain}.${tunnelDomain}`;
+    };
+    const tunnelConfig = {
+      allowedPorts,
+      maxConcurrentStreams: config.worker?.tunnel?.maxConcurrentStreams || 50,
+      tunnelUseHttps,
+      localHost: tunnelLocalHost,
+      urlRewriter,
+      enableUrlRewriting: config.worker?.tunnel?.enableUrlRewriting !== false,
+      portMapping,
+      logLevel: "debug" as const,
+    };
+    const handler = await initTunnelHandler(tunnelConnection, tunnelConfig);
+    onOpen?.(handler);
+  });
+  tunnelConnection.on("close", (code, reason) => {
+    console.log(
+      `Tunnel WebSocket closed. Code: ${code}, Reason: ${reason.toString()}`
+    );
+    onClose?.(code, reason.toString());
+  });
+  tunnelConnection.on("error", (error) => {
+    console.error("Tunnel WebSocket error:", error);
+    onError?.(error);
+  });
+  return tunnelConnection;
+}
+/**
+ * The minimal set of tool names that are always registered when running in
+ * tunnel mode. These are the tools the backend and frontend need to interact
+ * with the tunnel worker (port discovery, passkey auth).
+ *
+ * Additional tools can be added here in the future without changing the CLI.
+ */
+export const TUNNEL_MINIMAL_TOOLS = [
+  "listAllowedPorts",
+  "unlock",
+  "lock",
+  "reloadConfig",
+];

package/src/types.ts CHANGED Viewed

@@ -52,7 +52,6 @@ export type Config = {
     modules?: string[];
   };
   modules: string[];
-  pluginPackages?: Record<string, string>;
   agents: Assistant[];
   mcps: McpConfig[];
   modelProviders: ModelProvider[];