npm - @usejarvis/brain - Versions diffs - 0.1.0 - Mend

@usejarvis/brain 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (266) hide show

package/LICENSE +153 -0
package/README.md +278 -0
package/bin/jarvis.ts +413 -0
package/package.json +74 -0
package/scripts/ensure-bun.cjs +8 -0
package/src/actions/README.md +421 -0
package/src/actions/app-control/desktop-controller.test.ts +26 -0
package/src/actions/app-control/desktop-controller.ts +438 -0
package/src/actions/app-control/interface.ts +64 -0
package/src/actions/app-control/linux.ts +273 -0
package/src/actions/app-control/macos.ts +54 -0
package/src/actions/app-control/sidecar-launcher.test.ts +23 -0
package/src/actions/app-control/sidecar-launcher.ts +286 -0
package/src/actions/app-control/windows.ts +44 -0
package/src/actions/browser/cdp.ts +138 -0
package/src/actions/browser/chrome-launcher.ts +252 -0
package/src/actions/browser/session.ts +437 -0
package/src/actions/browser/stealth.ts +49 -0
package/src/actions/index.ts +20 -0
package/src/actions/terminal/executor.ts +157 -0
package/src/actions/terminal/wsl-bridge.ts +126 -0
package/src/actions/test.ts +93 -0
package/src/actions/tools/agents.ts +321 -0
package/src/actions/tools/builtin.ts +846 -0
package/src/actions/tools/commitments.ts +192 -0
package/src/actions/tools/content.ts +217 -0
package/src/actions/tools/delegate.ts +147 -0
package/src/actions/tools/desktop.test.ts +55 -0
package/src/actions/tools/desktop.ts +305 -0
package/src/actions/tools/goals.ts +376 -0
package/src/actions/tools/local-tools-guard.ts +20 -0
package/src/actions/tools/registry.ts +171 -0
package/src/actions/tools/research.ts +111 -0
package/src/actions/tools/sidecar-list.ts +57 -0
package/src/actions/tools/sidecar-route.ts +105 -0
package/src/actions/tools/workflows.ts +216 -0
package/src/agents/agent.ts +132 -0
package/src/agents/delegation.ts +107 -0
package/src/agents/hierarchy.ts +113 -0
package/src/agents/index.ts +19 -0
package/src/agents/messaging.ts +125 -0
package/src/agents/orchestrator.ts +576 -0
package/src/agents/role-discovery.ts +61 -0
package/src/agents/sub-agent-runner.ts +307 -0
package/src/agents/task-manager.ts +151 -0
package/src/authority/approval-delivery.ts +59 -0
package/src/authority/approval.ts +196 -0
package/src/authority/audit.ts +158 -0
package/src/authority/authority.test.ts +519 -0
package/src/authority/deferred-executor.ts +103 -0
package/src/authority/emergency.ts +66 -0
package/src/authority/engine.ts +297 -0
package/src/authority/index.ts +12 -0
package/src/authority/learning.ts +111 -0
package/src/authority/tool-action-map.ts +74 -0
package/src/awareness/analytics.ts +466 -0
package/src/awareness/awareness.test.ts +332 -0
package/src/awareness/capture-engine.ts +305 -0
package/src/awareness/context-graph.ts +130 -0
package/src/awareness/context-tracker.ts +349 -0
package/src/awareness/index.ts +25 -0
package/src/awareness/intelligence.ts +321 -0
package/src/awareness/ocr-engine.ts +88 -0
package/src/awareness/service.ts +528 -0
package/src/awareness/struggle-detector.ts +342 -0
package/src/awareness/suggestion-engine.ts +476 -0
package/src/awareness/types.ts +201 -0
package/src/cli/autostart.ts +241 -0
package/src/cli/deps.ts +449 -0
package/src/cli/doctor.ts +230 -0
package/src/cli/helpers.ts +401 -0
package/src/cli/onboard.ts +580 -0
package/src/comms/README.md +329 -0
package/src/comms/auth-error.html +48 -0
package/src/comms/channels/discord.ts +228 -0
package/src/comms/channels/signal.ts +56 -0
package/src/comms/channels/telegram.ts +316 -0
package/src/comms/channels/whatsapp.ts +60 -0
package/src/comms/channels.test.ts +173 -0
package/src/comms/desktop-notify.ts +114 -0
package/src/comms/example.ts +129 -0
package/src/comms/index.ts +129 -0
package/src/comms/streaming.ts +142 -0
package/src/comms/voice.test.ts +152 -0
package/src/comms/voice.ts +291 -0
package/src/comms/websocket.test.ts +409 -0
package/src/comms/websocket.ts +473 -0
package/src/config/README.md +387 -0
package/src/config/index.ts +6 -0
package/src/config/loader.test.ts +137 -0
package/src/config/loader.ts +142 -0
package/src/config/types.ts +260 -0
package/src/daemon/README.md +232 -0
package/src/daemon/agent-service-interface.ts +9 -0
package/src/daemon/agent-service.ts +600 -0
package/src/daemon/api-routes.ts +2119 -0
package/src/daemon/background-agent-service.ts +396 -0
package/src/daemon/background-agent.test.ts +78 -0
package/src/daemon/channel-service.ts +201 -0
package/src/daemon/commitment-executor.ts +297 -0
package/src/daemon/event-classifier.ts +239 -0
package/src/daemon/event-coalescer.ts +123 -0
package/src/daemon/event-reactor.ts +214 -0
package/src/daemon/health.ts +220 -0
package/src/daemon/index.ts +1004 -0
package/src/daemon/llm-settings.ts +316 -0
package/src/daemon/observer-service.ts +150 -0
package/src/daemon/pid.ts +98 -0
package/src/daemon/research-queue.ts +155 -0
package/src/daemon/services.ts +175 -0
package/src/daemon/ws-service.ts +788 -0
package/src/goals/accountability.ts +240 -0
package/src/goals/awareness-bridge.ts +185 -0
package/src/goals/estimator.ts +185 -0
package/src/goals/events.ts +28 -0
package/src/goals/goals.test.ts +400 -0
package/src/goals/integration.test.ts +329 -0
package/src/goals/nl-builder.test.ts +220 -0
package/src/goals/nl-builder.ts +256 -0
package/src/goals/rhythm.test.ts +177 -0
package/src/goals/rhythm.ts +275 -0
package/src/goals/service.test.ts +135 -0
package/src/goals/service.ts +348 -0
package/src/goals/types.ts +106 -0
package/src/goals/workflow-bridge.ts +96 -0
package/src/integrations/google-api.ts +134 -0
package/src/integrations/google-auth.ts +175 -0
package/src/llm/README.md +291 -0
package/src/llm/anthropic.ts +386 -0
package/src/llm/gemini.ts +371 -0
package/src/llm/index.ts +19 -0
package/src/llm/manager.ts +153 -0
package/src/llm/ollama.ts +307 -0
package/src/llm/openai.ts +350 -0
package/src/llm/provider.test.ts +231 -0
package/src/llm/provider.ts +60 -0
package/src/llm/test.ts +87 -0
package/src/observers/README.md +278 -0
package/src/observers/calendar.ts +113 -0
package/src/observers/clipboard.ts +136 -0
package/src/observers/email.ts +109 -0
package/src/observers/example.ts +58 -0
package/src/observers/file-watcher.ts +124 -0
package/src/observers/index.ts +159 -0
package/src/observers/notifications.ts +197 -0
package/src/observers/observers.test.ts +203 -0
package/src/observers/processes.ts +225 -0
package/src/personality/README.md +61 -0
package/src/personality/adapter.ts +196 -0
package/src/personality/index.ts +20 -0
package/src/personality/learner.ts +209 -0
package/src/personality/model.ts +132 -0
package/src/personality/personality.test.ts +236 -0
package/src/roles/README.md +252 -0
package/src/roles/authority.ts +119 -0
package/src/roles/example-usage.ts +198 -0
package/src/roles/index.ts +42 -0
package/src/roles/loader.ts +143 -0
package/src/roles/prompt-builder.ts +194 -0
package/src/roles/test-multi.ts +102 -0
package/src/roles/test-role.yaml +77 -0
package/src/roles/test-utils.ts +93 -0
package/src/roles/test.ts +106 -0
package/src/roles/tool-guide.ts +190 -0
package/src/roles/types.ts +36 -0
package/src/roles/utils.ts +200 -0
package/src/scripts/google-setup.ts +168 -0
package/src/sidecar/connection.ts +179 -0
package/src/sidecar/index.ts +6 -0
package/src/sidecar/manager.ts +542 -0
package/src/sidecar/protocol.ts +85 -0
package/src/sidecar/rpc.ts +161 -0
package/src/sidecar/scheduler.ts +136 -0
package/src/sidecar/types.ts +112 -0
package/src/sidecar/validator.ts +144 -0
package/src/vault/README.md +110 -0
package/src/vault/awareness.ts +341 -0
package/src/vault/commitments.ts +299 -0
package/src/vault/content-pipeline.ts +260 -0
package/src/vault/conversations.ts +173 -0
package/src/vault/entities.ts +180 -0
package/src/vault/extractor.test.ts +356 -0
package/src/vault/extractor.ts +345 -0
package/src/vault/facts.ts +190 -0
package/src/vault/goals.ts +477 -0
package/src/vault/index.ts +87 -0
package/src/vault/keychain.ts +99 -0
package/src/vault/observations.ts +115 -0
package/src/vault/relationships.ts +178 -0
package/src/vault/retrieval.test.ts +126 -0
package/src/vault/retrieval.ts +227 -0
package/src/vault/schema.ts +658 -0
package/src/vault/settings.ts +38 -0
package/src/vault/vectors.ts +92 -0
package/src/vault/workflows.ts +403 -0
package/src/workflows/auto-suggest.ts +290 -0
package/src/workflows/engine.ts +366 -0
package/src/workflows/events.ts +24 -0
package/src/workflows/executor.ts +207 -0
package/src/workflows/nl-builder.ts +198 -0
package/src/workflows/nodes/actions/agent-task.ts +73 -0
package/src/workflows/nodes/actions/calendar-action.ts +85 -0
package/src/workflows/nodes/actions/code-execution.ts +73 -0
package/src/workflows/nodes/actions/discord.ts +77 -0
package/src/workflows/nodes/actions/file-write.ts +73 -0
package/src/workflows/nodes/actions/gmail.ts +69 -0
package/src/workflows/nodes/actions/http-request.ts +117 -0
package/src/workflows/nodes/actions/notification.ts +85 -0
package/src/workflows/nodes/actions/run-tool.ts +55 -0
package/src/workflows/nodes/actions/send-message.ts +82 -0
package/src/workflows/nodes/actions/shell-command.ts +76 -0
package/src/workflows/nodes/actions/telegram.ts +60 -0
package/src/workflows/nodes/builtin.ts +119 -0
package/src/workflows/nodes/error/error-handler.ts +37 -0
package/src/workflows/nodes/error/fallback.ts +47 -0
package/src/workflows/nodes/error/retry.ts +82 -0
package/src/workflows/nodes/logic/delay.ts +42 -0
package/src/workflows/nodes/logic/if-else.ts +41 -0
package/src/workflows/nodes/logic/loop.ts +90 -0
package/src/workflows/nodes/logic/merge.ts +38 -0
package/src/workflows/nodes/logic/race.ts +40 -0
package/src/workflows/nodes/logic/switch.ts +59 -0
package/src/workflows/nodes/logic/template-render.ts +53 -0
package/src/workflows/nodes/logic/variable-get.ts +37 -0
package/src/workflows/nodes/logic/variable-set.ts +59 -0
package/src/workflows/nodes/registry.ts +99 -0
package/src/workflows/nodes/transform/aggregate.ts +99 -0
package/src/workflows/nodes/transform/csv-parse.ts +70 -0
package/src/workflows/nodes/transform/json-parse.ts +63 -0
package/src/workflows/nodes/transform/map-filter.ts +84 -0
package/src/workflows/nodes/transform/regex-match.ts +89 -0
package/src/workflows/nodes/triggers/calendar.ts +33 -0
package/src/workflows/nodes/triggers/clipboard.ts +32 -0
package/src/workflows/nodes/triggers/cron.ts +40 -0
package/src/workflows/nodes/triggers/email.ts +40 -0
package/src/workflows/nodes/triggers/file-change.ts +45 -0
package/src/workflows/nodes/triggers/git.ts +46 -0
package/src/workflows/nodes/triggers/manual.ts +23 -0
package/src/workflows/nodes/triggers/poll.ts +81 -0
package/src/workflows/nodes/triggers/process.ts +44 -0
package/src/workflows/nodes/triggers/screen-event.ts +37 -0
package/src/workflows/nodes/triggers/webhook.ts +39 -0
package/src/workflows/safe-eval.ts +139 -0
package/src/workflows/template.ts +118 -0
package/src/workflows/triggers/cron.ts +311 -0
package/src/workflows/triggers/manager.ts +285 -0
package/src/workflows/triggers/observer-bridge.ts +172 -0
package/src/workflows/triggers/poller.ts +201 -0
package/src/workflows/triggers/screen-condition.ts +218 -0
package/src/workflows/triggers/triggers.test.ts +740 -0
package/src/workflows/triggers/webhook.ts +191 -0
package/src/workflows/types.ts +133 -0
package/src/workflows/variables.ts +72 -0
package/src/workflows/workflows.test.ts +383 -0
package/src/workflows/yaml.ts +104 -0
package/ui/dist/index-j75njzc1.css +1199 -0
package/ui/dist/index-p2zh407q.js +80603 -0
package/ui/dist/index.html +13 -0
package/ui/public/openwakeword/models/embedding_model.onnx +0 -0
package/ui/public/openwakeword/models/hey_jarvis_v0.1.onnx +0 -0
package/ui/public/openwakeword/models/melspectrogram.onnx +0 -0
package/ui/public/openwakeword/models/silero_vad.onnx +0 -0
package/ui/public/ort/ort-wasm-simd-threaded.jsep.mjs +106 -0
package/ui/public/ort/ort-wasm-simd-threaded.jsep.wasm +0 -0
package/ui/public/ort/ort-wasm-simd-threaded.mjs +59 -0
package/ui/public/ort/ort-wasm-simd-threaded.wasm +0 -0

package/src/sidecar/manager.ts ADDED Viewed

@@ -0,0 +1,542 @@
+/**
+ * Sidecar Manager
+ *
+ * Brain-side service that manages sidecar enrollment, authentication,
+ * and connection tracking. Handles ES256 key pair lifecycle and JWT signing.
+ */
+import { generateKeyPair, exportJWK, exportPKCS8, exportSPKI, importPKCS8, importSPKI, SignJWT, jwtVerify, createRemoteJWKSet, type JWK } from 'jose';
+import { existsSync, mkdirSync } from 'node:fs';
+import path from 'node:path';
+import type { ServerWebSocket } from 'bun';
+import type { Service, ServiceStatus } from '../daemon/services.ts';
+import { getDb, generateId } from '../vault/schema.ts';
+import type {
+  SidecarRecord,
+  SidecarInfo,
+  SidecarTokenClaims,
+  ConnectedSidecar,
+  SidecarCapability,
+  UnavailableCapability,
+} from './types.ts';
+import type { RPCRequest, RPCTimeouts, SidecarEvent, RPCResultPayload, RPCErrorPayload, RPCProgressPayload } from './protocol.ts';
+import { DEFAULT_RPC_TIMEOUTS } from './protocol.ts';
+import { EventScheduler } from './scheduler.ts';
+import { RPCTracker } from './rpc.ts';
+import { SidecarConnection } from './connection.ts';
+const ALG = 'ES256';
+const KEY_DIR_NAME = 'sidecar-keys';
+const PRIVATE_KEY_FILE = 'private.pem';
+const PUBLIC_KEY_FILE = 'public.pem';
+export class SidecarManager implements Service {
+  readonly name = 'sidecar-manager';
+  private privateKey: CryptoKey | null = null;
+  private publicKey: CryptoKey | null = null;
+  private publicJwk: JWK | null = null;
+  private keyId: string = '';
+  private dataDir: string;
+  private brainUrl: string = '';
+  private _status: ServiceStatus = 'stopped';
+  /** Runtime map of connected sidecars (not persisted) */
+  private connected = new Map<string, ConnectedSidecar>();
+  /** Protocol infrastructure */
+  private scheduler: EventScheduler;
+  private rpcTracker: RPCTracker;
+  private sidecarConnections = new Map<string, SidecarConnection>();
+  private progressListeners = new Set<(sidecarId: string, rpcId: string, progress: number, message?: string) => void>();
+  private eventListeners = new Set<(sidecarId: string, event: SidecarEvent) => void>();
+  constructor(dataDir: string) {
+    this.dataDir = dataDir;
+    this.scheduler = new EventScheduler();
+    this.rpcTracker = new RPCTracker();
+  }
+  /**
+   * Set the brain's external URL (used in JWT claims).
+   * Must be called before enrolling sidecars.
+   * Example: "shiny-panda.domain.com" or "localhost:3142"
+   */
+  setBrainUrl(url: string): void {
+    this.brainUrl = url;
+  }
+  // --------------- Service Interface ---------------
+  async start(): Promise<void> {
+    this._status = 'starting';
+    try {
+      await this.loadOrGenerateKeys();
+      // Wire scheduler handlers
+      this.scheduler.on('rpc_result', async (sidecarId, event) => {
+        const payload = event.payload as RPCResultPayload | RPCErrorPayload;
+        if (payload.error) {
+          this.rpcTracker.fail(payload.rpc_id, new Error(`${payload.error.code}: ${payload.error.message}`));
+        } else {
+          // Attach binary data to result when present (e.g. capture_screen returns image in binary)
+          const result = payload.result as Record<string, unknown> | undefined;
+          if (event.binary && result && typeof result === 'object') {
+            (result as Record<string, unknown>)._binary = event.binary;
+          }
+          this.rpcTracker.resolve(payload.rpc_id, result);
+        }
+      });
+      this.scheduler.on('rpc_progress', async (sidecarId, event) => {
+        const payload = event.payload as RPCProgressPayload;
+        for (const listener of this.progressListeners) {
+          listener(sidecarId, payload.rpc_id, payload.progress, payload.message);
+        }
+      });
+      // Register handlers for each sidecar observer event type
+      const sidecarEventTypes = ['screen_capture', 'context_changed', 'idle_detected', 'clipboard_change'];
+      const sidecarEventHandler = async (sidecarId: string, event: SidecarEvent) => {
+        for (const listener of this.eventListeners) {
+          listener(sidecarId, event);
+        }
+      };
+      for (const type of sidecarEventTypes) {
+        this.scheduler.on(type, sidecarEventHandler);
+      }
+      this.rpcTracker.onDetachedComplete((rpcId, result, error) => {
+        if (error) {
+          console.warn(`[SidecarManager] Detached RPC ${rpcId} failed:`, error.message);
+        } else {
+          console.log(`[SidecarManager] Detached RPC ${rpcId} completed`);
+        }
+      });
+      this.scheduler.start();
+      this._status = 'running';
+      console.log('[SidecarManager] Started — keys loaded, scheduler running');
+    } catch (err) {
+      this._status = 'error';
+      throw err;
+    }
+  }
+  async stop(): Promise<void> {
+    this._status = 'stopping';
+    // Stop scheduler
+    this.scheduler.stop();
+    // Close all sidecar connections and fail pending RPCs
+    for (const [id, conn] of this.sidecarConnections) {
+      this.rpcTracker.failAll(id, 'manager stopping');
+      conn.close();
+    }
+    this.sidecarConnections.clear();
+    this.privateKey = null;
+    this.publicKey = null;
+    this.publicJwk = null;
+    this.connected.clear();
+    this._status = 'stopped';
+    console.log('[SidecarManager] Stopped');
+  }
+  status(): ServiceStatus {
+    return this._status;
+  }
+  // --------------- Key Management ---------------
+  private get keysDir(): string {
+    return path.join(this.dataDir, KEY_DIR_NAME);
+  }
+  private get privateKeyPath(): string {
+    return path.join(this.keysDir, PRIVATE_KEY_FILE);
+  }
+  private get publicKeyPath(): string {
+    return path.join(this.keysDir, PUBLIC_KEY_FILE);
+  }
+  private async loadOrGenerateKeys(): Promise<void> {
+    if (existsSync(this.privateKeyPath) && existsSync(this.publicKeyPath)) {
+      await this.loadKeys();
+      console.log('[SidecarManager] Loaded existing ES256 key pair');
+    } else {
+      await this.generateKeys();
+      console.log('[SidecarManager] Generated new ES256 key pair');
+    }
+    // Export public key as JWK for the JWKS endpoint
+    this.publicJwk = await exportJWK(this.publicKey!);
+    this.keyId = this.publicJwk.x ?? 'default'; // use x-coordinate as kid (stable, unique)
+  }
+  private async generateKeys(): Promise<void> {
+    mkdirSync(this.keysDir, { recursive: true });
+    const { privateKey, publicKey } = await generateKeyPair(ALG, { extractable: true });
+    this.privateKey = privateKey;
+    this.publicKey = publicKey;
+    // Export to PEM and write to disk
+    const pkcs8 = await exportPKCS8(privateKey);
+    const spki = await exportSPKI(publicKey);
+    await Bun.write(this.privateKeyPath, pkcs8);
+    await Bun.write(this.publicKeyPath, spki);
+  }
+  private async loadKeys(): Promise<void> {
+    const privatePem = await Bun.file(this.privateKeyPath).text();
+    const publicPem = await Bun.file(this.publicKeyPath).text();
+    this.privateKey = await importPKCS8(privatePem, ALG, { extractable: true });
+    this.publicKey = await importSPKI(publicPem, ALG, { extractable: true });
+  }
+  // --------------- JWKS ---------------
+  /**
+   * Returns the JWKS (JSON Web Key Set) containing the brain's public key.
+   * Served at GET /api/sidecars/.well-known/jwks.json
+   */
+  getJwks(): { keys: JWK[] } {
+    if (!this.publicJwk) {
+      throw new Error('SidecarManager not started');
+    }
+    return {
+      keys: [
+        {
+          ...this.publicJwk,
+          alg: ALG,
+          use: 'sig',
+          kid: this.keyId,
+        },
+      ],
+    };
+  }
+  // --------------- Enrollment ---------------
+  /**
+   * Enroll a new sidecar. Returns the signed JWT enrollment token.
+   */
+  async enrollSidecar(name: string): Promise<{ token: string; sidecar: SidecarRecord }> {
+    if (!this.privateKey) throw new Error('SidecarManager not started');
+    if (!this.brainUrl) throw new Error('Brain URL not configured — call setBrainUrl() first');
+    // Validate name
+    const trimmed = name.trim();
+    if (!trimmed || trimmed.length > 64) {
+      throw new Error('Sidecar name must be 1-64 characters');
+    }
+    if (!/^[a-zA-Z0-9_-]+$/.test(trimmed)) {
+      throw new Error('Sidecar name may only contain letters, numbers, hyphens, and underscores');
+    }
+    // Check uniqueness
+    const db = getDb();
+    const existing = db.query('SELECT id FROM sidecars WHERE name = ? AND status = ?').get(trimmed, 'enrolled') as { id: string } | null;
+    if (existing) {
+      throw new Error(`Sidecar "${trimmed}" is already enrolled`);
+    }
+    const id = generateId();
+    const tokenId = generateId();
+    // Determine protocol based on brain URL
+    const isSecure = !this.brainUrl.includes('localhost') && !this.brainUrl.match(/:\d+$/);
+    const wsProtocol = isSecure ? 'wss' : 'ws';
+    const httpProtocol = isSecure ? 'https' : 'http';
+    const brainWs = `${wsProtocol}://${this.brainUrl}/sidecar/connect`;
+    const jwksUrl = `${httpProtocol}://${this.brainUrl}/api/sidecars/.well-known/jwks.json`;
+    // Sign JWT
+    const token = await new SignJWT({
+      sid: id,
+      name: trimmed,
+      brain: brainWs,
+      jwks: jwksUrl,
+    } satisfies Omit<SidecarTokenClaims, 'sub' | 'jti' | 'iat'>)
+      .setProtectedHeader({ alg: ALG, kid: this.keyId })
+      .setSubject(`sidecar:${id}`)
+      .setJti(tokenId)
+      .setIssuedAt()
+      .sign(this.privateKey);
+    // Store in database
+    db.run(
+      'INSERT INTO sidecars (id, name, token_id) VALUES (?, ?, ?)',
+      [id, trimmed, tokenId],
+    );
+    const sidecar = db.query('SELECT * FROM sidecars WHERE id = ?').get(id) as SidecarRecord;
+    console.log(`[SidecarManager] Enrolled sidecar "${trimmed}" (${id})`);
+    return { token, sidecar };
+  }
+  // --------------- Registry (DB queries) ---------------
+  /** Get all enrolled sidecars with connection state */
+  listSidecars(): SidecarInfo[] {
+    const db = getDb();
+    const records = db.query('SELECT * FROM sidecars WHERE status = ? ORDER BY enrolled_at DESC').all('enrolled') as SidecarRecord[];
+    return records.map((r) => this.toSidecarInfo(r));
+  }
+  /** Get a single sidecar by ID */
+  getSidecar(id: string): SidecarInfo | null {
+    const db = getDb();
+    const record = db.query('SELECT * FROM sidecars WHERE id = ?').get(id) as SidecarRecord | null;
+    return record ? this.toSidecarInfo(record) : null;
+  }
+  /** Revoke a sidecar and remove it from the database. Disconnects if connected. */
+  revokeSidecar(id: string): boolean {
+    const db = getDb();
+    const result = db.run('DELETE FROM sidecars WHERE id = ? AND status = ?', [id, 'enrolled']);
+    if (result.changes > 0) {
+      this.connected.delete(id);
+      console.log(`[SidecarManager] Revoked and removed sidecar ${id}`);
+      return true;
+    }
+    return false;
+  }
+  /** Check if a sidecar ID is enrolled (not revoked) */
+  isEnrolled(id: string): boolean {
+    const db = getDb();
+    const row = db.query('SELECT id FROM sidecars WHERE id = ? AND status = ?').get(id, 'enrolled');
+    return row !== null;
+  }
+  /** Update last_seen_at for a sidecar */
+  touchSidecar(id: string): void {
+    const db = getDb();
+    db.run("UPDATE sidecars SET last_seen_at = datetime('now') WHERE id = ?", [id]);
+  }
+  // --------------- Connection Tracking ---------------
+  /** Register a connected sidecar (called after WS handshake + registration message) */
+  registerConnection(sidecar: ConnectedSidecar): void {
+    this.connected.set(sidecar.id, sidecar);
+    // Persist connection details to DB so they're available even when offline
+    const db = getDb();
+    db.run(
+      `UPDATE sidecars SET last_seen_at = datetime('now'), hostname = ?, os = ?, platform = ?, capabilities = ? WHERE id = ?`,
+      [sidecar.hostname, sidecar.os, sidecar.platform, JSON.stringify(sidecar.capabilities), sidecar.id],
+    );
+    console.log(`[SidecarManager] Sidecar connected: ${sidecar.name} (${sidecar.id})`);
+  }
+  /** Remove a connected sidecar (called on WS close) */
+  removeConnection(id: string): void {
+    const sc = this.connected.get(id);
+    this.connected.delete(id);
+    if (sc) {
+      console.log(`[SidecarManager] Sidecar disconnected: ${sc.name} (${id})`);
+    }
+  }
+  /** Update capabilities for a connected sidecar (called on config reload) */
+  updateCapabilities(sidecarId: string, capabilities: SidecarCapability[], unavailableCapabilities: UnavailableCapability[] = []): void {
+    const conn = this.connected.get(sidecarId);
+    if (conn) {
+      conn.capabilities = capabilities;
+      conn.unavailableCapabilities = unavailableCapabilities;
+    }
+    const db = getDb();
+    db.run('UPDATE sidecars SET capabilities = ? WHERE id = ?', [JSON.stringify(capabilities), sidecarId]);
+    console.log(`[SidecarManager] Capabilities updated for ${sidecarId}: ${capabilities.join(', ')}`);
+    if (unavailableCapabilities.length > 0) {
+      console.log(`[SidecarManager] Unavailable: ${unavailableCapabilities.map(u => u.name).join(', ')}`);
+    }
+  }
+  /** Get all currently connected sidecars */
+  getConnectedSidecars(): ConnectedSidecar[] {
+    return Array.from(this.connected.values());
+  }
+  /** Check if a specific sidecar is connected */
+  isConnected(id: string): boolean {
+    return this.connected.has(id);
+  }
+  // --------------- Protocol: Token Validation ---------------
+  /**
+   * Verify a JWT token and return claims if valid and sidecar is enrolled.
+   */
+  async validateToken(token: string): Promise<SidecarTokenClaims | null> {
+    if (!this.publicKey) return null;
+    try {
+      const { payload } = await jwtVerify(token, this.publicKey, {
+        algorithms: [ALG],
+      });
+      const claims = payload as unknown as SidecarTokenClaims;
+      // Check sidecar is still enrolled
+      if (!claims.sid || !this.isEnrolled(claims.sid)) {
+        return null;
+      }
+      return claims;
+    } catch {
+      return null;
+    }
+  }
+  // --------------- Protocol: WebSocket Handlers ---------------
+  /** Called when a sidecar WebSocket connects (after JWT validation) */
+  handleSidecarConnect(ws: ServerWebSocket<unknown>, sidecarId: string): void {
+    const connection = new SidecarConnection(
+      sidecarId,
+      ws,
+      this.scheduler,
+      () => this.handleSidecarDisconnect(sidecarId),
+    );
+    connection.startHeartbeat();
+    this.sidecarConnections.set(sidecarId, connection);
+    this.touchSidecar(sidecarId);
+    console.log(`[SidecarManager] Sidecar WS connected: ${sidecarId}`);
+  }
+  /** Route inbound messages to the correct SidecarConnection */
+  handleSidecarMessage(ws: ServerWebSocket<unknown>, message: string | Buffer): void {
+    // Find connection by ws — we need the sidecar_id from ws.data
+    const sidecarId = (ws.data as any)?.sidecar_id as string;
+    if (!sidecarId) return;
+    // Intercept registration messages before routing to connection
+    if (typeof message === 'string') {
+      try {
+        const parsed = JSON.parse(message);
+        if (parsed.type === 'register') {
+          const record = this.getSidecar(sidecarId);
+          this.registerConnection({
+            id: sidecarId,
+            name: record?.name ?? parsed.hostname ?? sidecarId,
+            hostname: parsed.hostname ?? 'unknown',
+            os: parsed.os ?? 'unknown',
+            platform: parsed.platform ?? 'unknown',
+            capabilities: parsed.capabilities ?? [],
+            unavailableCapabilities: parsed.unavailable_capabilities ?? [],
+            connectedAt: new Date(),
+          });
+          return;
+        }
+        if (parsed.type === 'capabilities_update') {
+          this.updateCapabilities(sidecarId, parsed.capabilities ?? [], parsed.unavailable_capabilities ?? []);
+          return;
+        }
+      } catch {
+        // Not JSON or not a register message — fall through to connection handler
+      }
+    }
+    const connection = this.sidecarConnections.get(sidecarId);
+    if (!connection) return;
+    if (message instanceof Buffer) {
+      connection.handleBinary(message);
+    } else {
+      connection.handleMessage(message.toString());
+    }
+  }
+  /** Called when a pong is received from a sidecar */
+  handleSidecarPong(sidecarId: string): void {
+    const connection = this.sidecarConnections.get(sidecarId);
+    if (connection) {
+      connection.handlePong();
+    }
+  }
+  /** Called when a sidecar WebSocket disconnects */
+  handleSidecarDisconnect(sidecarId: string): void {
+    const conn = this.sidecarConnections.get(sidecarId);
+    if (conn) {
+      conn.close();
+      this.sidecarConnections.delete(sidecarId);
+    }
+    this.scheduler.removeSidecar(sidecarId);
+    this.rpcTracker.failAll(sidecarId, 'disconnected');
+    this.removeConnection(sidecarId);
+  }
+  // --------------- Protocol: RPC Dispatch ---------------
+  /**
+   * Send an RPC to a connected sidecar.
+   * Returns the result, "detached" if initial timeout expires, or throws on failure.
+   */
+  async dispatchRPC(
+    sidecarId: string,
+    method: string,
+    params: Record<string, unknown> = {},
+    timeouts: RPCTimeouts = DEFAULT_RPC_TIMEOUTS,
+  ): Promise<unknown> {
+    const connection = this.sidecarConnections.get(sidecarId);
+    if (!connection) {
+      throw new Error(`Sidecar ${sidecarId} is not connected`);
+    }
+    const rpcId = generateId();
+    const request: RPCRequest = {
+      type: 'rpc_request',
+      id: rpcId,
+      method,
+      params,
+    };
+    // Send the request over WebSocket
+    connection.sendRPC(request);
+    // Track and await result
+    return this.rpcTracker.dispatch(rpcId, sidecarId, method, timeouts);
+  }
+  /** Register a listener for RPC progress events */
+  onProgress(listener: (sidecarId: string, rpcId: string, progress: number, message?: string) => void): void {
+    this.progressListeners.add(listener);
+  }
+  /** Register a listener for sidecar events */
+  onEvent(listener: (sidecarId: string, event: SidecarEvent) => void): void {
+    this.eventListeners.add(listener);
+  }
+  // --------------- Helpers ---------------
+  private toSidecarInfo(record: SidecarRecord): SidecarInfo {
+    const conn = this.connected.get(record.id);
+    const parsedCapabilities = record.capabilities ? JSON.parse(record.capabilities) : undefined;
+    return {
+      id: record.id,
+      name: record.name,
+      enrolled_at: record.enrolled_at,
+      last_seen_at: record.last_seen_at,
+      status: record.status,
+      connected: !!conn,
+      hostname: conn?.hostname ?? record.hostname ?? undefined,
+      os: conn?.os ?? record.os ?? undefined,
+      platform: conn?.platform ?? record.platform ?? undefined,
+      capabilities: conn?.capabilities ?? parsedCapabilities,
+      unavailable_capabilities: conn?.unavailableCapabilities,
+    };
+  }
+}

package/src/sidecar/protocol.ts ADDED Viewed

@@ -0,0 +1,85 @@
+/**
+ * Sidecar Communication Protocol — Message Types
+ *
+ * Defines the WebSocket protocol between brain and sidecars.
+ */
+/** RPC state machine */
+export type RPCState = 'pending' | 'detached' | 'completed' | 'failed' | 'timed_out' | 'cancelled';
+/** Event priority levels */
+export type EventPriority = 'critical' | 'high' | 'normal' | 'low';
+// ---- Binary data variants ----
+export interface BinaryDataInline {
+  type: 'inline';
+  mime_type: string;
+  /** Base64-encoded data */
+  data: string;
+}
+export interface BinaryDataRef {
+  type: 'ref';
+  ref_id: string;
+  mime_type: string;
+  size: number;
+}
+export type BinaryData = BinaryDataInline | BinaryDataRef;
+// ---- Brain → Sidecar ----
+export interface RPCRequest {
+  type: 'rpc_request';
+  id: string;
+  method: string;
+  params: Record<string, unknown>;
+}
+// ---- Sidecar → Brain ----
+export interface RPCResultPayload {
+  rpc_id: string;
+  result: unknown;
+  error?: undefined;
+}
+export interface RPCErrorPayload {
+  rpc_id: string;
+  result?: undefined;
+  error: { code: string; message: string };
+}
+export interface RPCProgressPayload {
+  rpc_id: string;
+  progress: number;
+  message?: string;
+}
+export interface SidecarEventPayload {
+  [key: string]: unknown;
+}
+export interface SidecarEvent {
+  type: 'rpc_result' | 'rpc_progress' | 'sidecar_event';
+  event_type: string;
+  timestamp: number;
+  payload: RPCResultPayload | RPCErrorPayload | RPCProgressPayload | SidecarEventPayload;
+  priority?: EventPriority;
+  binary?: BinaryData;
+}
+// ---- Timeout configuration ----
+export interface RPCTimeouts {
+  /** Initial timeout before transitioning to DETACHED (ms) */
+  initial: number;
+  /** Max timeout for detached RPCs (ms) */
+  max: number;
+}
+export const DEFAULT_RPC_TIMEOUTS: RPCTimeouts = {
+  initial: 30_000,
+  max: 300_000,
+};